From 4fe852fac8afa447d0311d2e8a7b0b2043534eee Mon Sep 17 00:00:00 2001 From: Allen Ray Date: Thu, 2 Mar 2023 09:15:15 -0500 Subject: [PATCH 01/79] WIP: Adding etcd config to user-facing config --- docs/howto_config.md | 12 ++++++ packaging/microshift/config.yaml | 17 +++++++++ pkg/config/config.go | 63 +++++++++++++++++++++++++++----- pkg/config/config_test.go | 18 ++++++++- 4 files changed, 99 insertions(+), 11 deletions(-) diff --git a/docs/howto_config.md b/docs/howto_config.md index 5d5f63d637..5fb4f11a2b 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -20,6 +20,12 @@ apiServer: - "" debugging: logLevel: "" +etcd: + quotaBackendSize: "" + defragCheckFreq: "" + doStartupDefrag: false + minDefragSize: "" + maxFragmentedPercentage: 0 ``` ## Default Settings @@ -42,6 +48,12 @@ apiServer: subjectAltNames: [] debugging: logLevel: "Normal" +etcd: + quotaBackendSize: "2Gi" + defragCheckFreq: "5m" + doStartupDefrag: true + minDefragSize: "100Mi" + maxFragmentedPercentage: 45 ``` ## Service NodePort range diff --git a/packaging/microshift/config.yaml b/packaging/microshift/config.yaml index a51ce8f498..a74e6c120f 100644 --- a/packaging/microshift/config.yaml +++ b/packaging/microshift/config.yaml @@ -29,3 +29,20 @@ apiServer: debugging: # Log verbosity ('Normal', 'Debug', 'Trace', 'TraceAll'): #logLevel: 'Normal' + +etcd: + # The limit on the size of the etcd database; the etcd server will start failing writes if its size on disk reaches this value. (Default: 2GB) + #quotaBackendSize: '2Gi' + + # How often to check the conditions for defragmenting the etcd database (0 means no defrags, except for a single on startup if `doStartupDefrag` is set). (Default: 5 minutes) + #defragCheckFreq: '5m' + + # Whether or not to defragment the etcd database when the etcd server finishes starting. (Default: true) + #doStartupDefrag: true + + # Defragment conditions: if both of the following are true when the condition check (controlled by the DefragCheckFreq) runs, defragment the etcd database. + # The minimum size of the etcd database, if the database is smaller than this value, defragmenting will not occur. (Default: 100MB) + #minDefragSize: '100Mi' + + # The maximum allowed fragmented percentage, if the database is fragmented less than this value, defragmenting will not occur. (Default: 45) + #maxFragmentedPercentage: 45 diff --git a/pkg/config/config.go b/pkg/config/config.go index cc2c3247fd..4855f3fc02 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -17,6 +17,7 @@ import ( "github.com/mitchellh/go-homedir" "github.com/spf13/pflag" + "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/component-base/logs" "k8s.io/klog/v2" @@ -58,7 +59,7 @@ type IngressConfig struct { ServingKey []byte } -type EtcdConfig struct { +type InternalEtcdConfig struct { // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value QuotaBackendBytes int64 // If the backend is fragmented more than `maxFragmentedPercentage` @@ -71,6 +72,19 @@ type EtcdConfig struct { DoStartupDefrag bool } +type EtcdConfig struct { + // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value + QuotaBackendSize string + // If the backend is fragmented more than `maxFragmentedPercentage` + // and the database size is greater than `minDefragSize`, do a defrag. + MinDefragSize string + MaxFragmentedPercentage float64 + // How often to check the conditions for defragging (0 means no defrags, except for a single on startup if `doStartupDefrag` is set). + DefragCheckFreq string + // Whether or not to do a defrag when the server finishes starting + DoStartupDefrag bool +} + type MicroshiftConfig struct { LogVLevel int `json:"logVLevel"` @@ -89,17 +103,18 @@ type MicroshiftConfig struct { BaseDomain string `json:"baseDomain"` Cluster ClusterConfig `json:"cluster"` - Ingress IngressConfig `json:"-"` - Etcd EtcdConfig `json:"etcd"` + Ingress IngressConfig `json:"-"` + Etcd InternalEtcdConfig `json:"etcd"` } // Top level config file type Config struct { - DNS DNS `json:"dns"` - Network Network `json:"network"` - Node Node `json:"node"` - ApiServer ApiServer `json:"apiServer"` - Debugging Debugging `json:"debugging"` + DNS DNS `json:"dns"` + Network Network `json:"network"` + Node Node `json:"node"` + ApiServer ApiServer `json:"apiServer"` + Debugging Debugging `json:"debugging"` + Etcd EtcdConfig `json:"etcd"` } type Network struct { @@ -238,7 +253,7 @@ func NewMicroshiftConfig() *MicroshiftConfig { ServiceCIDR: "10.43.0.0/16", ServiceNodePortRange: "30000-32767", }, - Etcd: EtcdConfig{ + Etcd: InternalEtcdConfig{ MinDefragBytes: 100 * 1024 * 1024, // 100MB MaxFragmentedPercentage: 45, // percent DefragCheckFreq: 5 * time.Minute, @@ -402,6 +417,36 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { c.KASAdvertiseAddress = config.ApiServer.AdvertiseAddress } + if config.Etcd.DefragCheckFreq != "" { + d, err := time.ParseDuration(config.Etcd.DefragCheckFreq) + if err != nil { + return fmt.Errorf("failed to parse etcd defragCheckFreq: %v", err) + } + c.Etcd.DefragCheckFreq = d + } + if config.Etcd.MinDefragSize != "" { + q, err := resource.ParseQuantity(config.Etcd.MinDefragSize) + if err != nil { + return fmt.Errorf("failed to parse etcd minDefragSize: %v", err) + } + if !q.IsZero() { + c.Etcd.MinDefragBytes = q.Value() + } + } + if config.Etcd.MaxFragmentedPercentage > 0 { + c.Etcd.MaxFragmentedPercentage = config.Etcd.MaxFragmentedPercentage + } + if config.Etcd.QuotaBackendSize != "" { + q, err := resource.ParseQuantity(config.Etcd.QuotaBackendSize) + if err != nil { + return fmt.Errorf("failed to parse etcd quotaBackendSize: %v", err) + } + if !q.IsZero() { + c.Etcd.QuotaBackendBytes = q.Value() + } + } + c.Etcd.DoStartupDefrag = config.Etcd.DoStartupDefrag + return nil } diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 40d14d4ca1..1be50403c6 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -57,6 +57,13 @@ func TestConfigFile(t *testing.T) { Debugging: Debugging{ LogLevel: "Debug", }, + Etcd: EtcdConfig{ + QuotaBackendSize: "2Gi", + MinDefragSize: "100Mi", + MaxFragmentedPercentage: 45, + DefragCheckFreq: "5m", + DoStartupDefrag: true, + }, }, expected: MicroshiftConfig{ LogVLevel: 4, @@ -71,7 +78,7 @@ func TestConfigFile(t *testing.T) { ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", }, - Etcd: EtcdConfig{ + Etcd: InternalEtcdConfig{ QuotaBackendBytes: 2 * 1024 * 1024 * 1024, MinDefragBytes: 100 * 1024 * 1024, MaxFragmentedPercentage: 45, @@ -150,6 +157,13 @@ func TestMicroshiftConfigReadAndValidate(t *testing.T) { Debugging: Debugging{ LogLevel: "Debug", }, + Etcd: EtcdConfig{ + QuotaBackendSize: "2Gi", + MinDefragSize: "100Mi", + MaxFragmentedPercentage: 45, + DefragCheckFreq: "5m", + DoStartupDefrag: true, + }, }, expected: MicroshiftConfig{ LogVLevel: 4, @@ -166,7 +180,7 @@ func TestMicroshiftConfigReadAndValidate(t *testing.T) { ServiceNodePortRange: "1024-32767", DNS: "40.30.0.10", }, - Etcd: EtcdConfig{ + Etcd: InternalEtcdConfig{ QuotaBackendBytes: 2 * 1024 * 1024 * 1024, MinDefragBytes: 100 * 1024 * 1024, MaxFragmentedPercentage: 45, From 2fc688eb98cbf7eb0602188d346dcefa4c9f3425 Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 7 Mar 2023 13:46:24 +0100 Subject: [PATCH 02/79] OCPBUGS-8411: Use lower case node names only While hostnames may have whatever case is desired by the user, resources in kubernetes must be lower case. Node name was directly copied from the hostname, resulting in upper case characters, if any. This prevents creation of the node and many other interactions between kubelet and apiserver. --- pkg/config/config.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index cc2c3247fd..f1af83e8c3 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -229,7 +229,7 @@ func NewMicroshiftConfig() *MicroshiftConfig { return &MicroshiftConfig{ LogVLevel: 2, SubjectAltNames: subjectAltNames, - NodeName: nodeName, + NodeName: strings.ToLower(nodeName), NodeIP: nodeIP, BaseDomain: "example.com", Cluster: ClusterConfig{ @@ -254,7 +254,7 @@ func (c *MicroshiftConfig) isDefaultNodeName() bool { if err != nil { klog.Fatalf("Failed to get hostname %v", err) } - return c.NodeName == hostname + return c.NodeName == strings.ToLower(hostname) } // Read or set the NodeName that will be used for this MicroShift instance @@ -378,7 +378,7 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { // Wire new Config type to existing MicroshiftConfig c.LogVLevel = config.GetVerbosity() if config.Node.HostnameOverride != "" { - c.NodeName = config.Node.HostnameOverride + c.NodeName = strings.ToLower(config.Node.HostnameOverride) } if config.Node.NodeIP != "" { c.NodeIP = config.Node.NodeIP From f784218d64d0b68b43aaa6759e09deaafbbe45d8 Mon Sep 17 00:00:00 2001 From: Patryk Matuszak <305846+pmtk@users.noreply.github.com> Date: Tue, 7 Mar 2023 16:44:41 +0100 Subject: [PATCH 03/79] rebase patches: proper order & log rejected hunks --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 65f91c46ae..047a63da24 100644 --- a/Makefile +++ b/Makefile @@ -231,8 +231,8 @@ bin/lichen: bin vendor/modules.txt vendor: go mod vendor - for p in $(wildcard scripts/auto-rebase/rebase_patches/*.patch); do \ + for p in $(sort $(wildcard scripts/auto-rebase/rebase_patches/*.patch)); do \ echo "Applying patch $$p"; \ - git mailinfo /dev/null /dev/stderr 2<&1- < $$p | git apply || exit 1; \ + git mailinfo /dev/null /dev/stderr 2<&1- < $$p | git apply --reject || exit 1; \ done .PHONY: vendor From 904d833f58acf5e5631ede3c95307ef9710fe0e2 Mon Sep 17 00:00:00 2001 From: Patryk Matuszak <305846+pmtk@users.noreply.github.com> Date: Tue, 7 Mar 2023 17:48:51 +0100 Subject: [PATCH 04/79] change names of rebase image configmaps --- scripts/auto-rebase/rebase_job_entrypoint.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/auto-rebase/rebase_job_entrypoint.sh b/scripts/auto-rebase/rebase_job_entrypoint.sh index 762e4c0ae3..ed1263f140 100755 --- a/scripts/auto-rebase/rebase_job_entrypoint.sh +++ b/scripts/auto-rebase/rebase_job_entrypoint.sh @@ -17,11 +17,11 @@ cp /secrets/ci-pull-secret/.dockercfg "$HOME/.pull-secret.json" || { echo "WARN: Could not copy registry secret file" } -release_amd64="$(oc get configmap/release-release-images-latest -o yaml \ - | yq '.data."release-images-latest.yaml"' \ +release_amd64="$(oc get configmap/release-release-images-nightly-amd64 -o yaml \ + | yq '.data."release-images-nightly-amd64.yaml"' \ | jq -r '.metadata.name')" -release_arm64="$(oc get configmap/release-release-images-arm64-latest -o yaml \ - | yq '.data."release-images-arm64-latest.yaml"' \ +release_arm64="$(oc get configmap/release-release-images-nightly-arm64 -o yaml \ + | yq '.data."release-images-nightly-arm64.yaml"' \ | jq -r '.metadata.name')" # LVMS is not tracked in the OCP release image. Instead, rely on the latest X.Y stream as the release image. # LVMS also does not cut nightly releases where ocp-release does. This means that latest ocp-releases' y-stream From c15038f4fdc4c992ed86c635c70ff5720337248b Mon Sep 17 00:00:00 2001 From: Patryk Matuszak <305846+pmtk@users.noreply.github.com> Date: Wed, 8 Mar 2023 11:03:13 +0100 Subject: [PATCH 05/79] pass version info to microshift-etcd --- Makefile | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 65f91c46ae..e93b827369 100644 --- a/Makefile +++ b/Makefile @@ -160,9 +160,18 @@ _build_local: +@GOOS=$(GOOS) GOARCH=$(GOARCH) $(MAKE) --no-print-directory build \ GO_BUILD_PACKAGES:=./cmd/microshift \ GO_BUILD_BINDIR:=$(CROSS_BUILD_BINDIR)/$(GOOS)_$(GOARCH) - +@GOOS=$(GOOS) GOARCH=$(GOARCH) $(MAKE) -C etcd --no-print-directory build \ - GO_BUILD_PACKAGES:=./cmd/microshift-etcd \ - GO_BUILD_BINDIR:=../$(CROSS_BUILD_BINDIR)/$(GOOS)_$(GOARCH) + +@GOOS=$(GOOS) GOARCH=$(GOARCH) \ + GO_LD_FLAGS="$(GC_FLAGS) -ldflags \"\ + -X main.majorFromGit=$(MAJOR) \ + -X main.minorFromGit=$(MINOR) \ + -X main.versionFromGit=$(EMBEDDED_GIT_TAG) \ + -X main.commitFromGit=$(EMBEDDED_GIT_COMMIT) \ + -X main.gitTreeState=$(EMBEDDED_GIT_TREE_STATE) \ + -X main.buildDate=$(BIN_TIMESTAMP) \ + $(LD_FLAGS)\"" \ + $(MAKE) -C etcd --no-print-directory build \ + GO_BUILD_PACKAGES:=./cmd/microshift-etcd \ + GO_BUILD_BINDIR:=../$(CROSS_BUILD_BINDIR)/$(GOOS)_$(GOARCH) cross-build-linux-amd64: +$(MAKE) _build_local GOOS=linux GOARCH=amd64 From 36e1887b88b919c917c0f587779b7a4ca8f35e0a Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili Date: Mon, 6 Mar 2023 18:32:58 +0000 Subject: [PATCH 06/79] Add user workload health check docs to Greenboot procedures --- docs/config/busybox_running_check.sh | 68 +++++++++ docs/greenboot_dev.md | 68 ++++++++- packaging/greenboot/functions.sh | 134 ++++++++++++++++++ .../greenboot/microshift-pre-rollback.sh | 0 .../greenboot/microshift-running-check.sh | 120 +--------------- packaging/rpm/microshift.spec | 3 + 6 files changed, 275 insertions(+), 118 deletions(-) create mode 100644 docs/config/busybox_running_check.sh create mode 100644 packaging/greenboot/functions.sh mode change 100644 => 100755 packaging/greenboot/microshift-pre-rollback.sh diff --git a/docs/config/busybox_running_check.sh b/docs/config/busybox_running_check.sh new file mode 100644 index 0000000000..87b804fb56 --- /dev/null +++ b/docs/config/busybox_running_check.sh @@ -0,0 +1,68 @@ +#!/bin/bash +set -e + +SCRIPT_NAME=$(basename $0) +PODS_NS_LIST=(busybox) +PODS_CT_LIST=(3 ) + +# Source the MicroShift health check functions library +source /usr/share/microshift/functions/greenboot.sh + +# Set the exit handler to log the exit status +trap 'script_exit' EXIT + +# The script exit handler logging the FAILURE or FINISHED message depending +# on the exit status of the last command +# +# args: None +# return: None +function script_exit() { + [ "$?" -ne 0 ] && status=FAILURE || status=FINISHED + echo $status +} + +# +# Main +# + +# Exit if the current user is not 'root' +if [ $(id -u) -ne 0 ] ; then + echo "The '${SCRIPT_NAME}' script must be run with the 'root' user privileges" + exit 1 +fi + +echo "STARTED" + +# Exit if the MicroShift service is not enabled +if [ $(systemctl is-enabled microshift.service 2>/dev/null) != "enabled" ] ; then + echo "MicroShift service is not enabled. Exiting..." + exit 0 +fi + +# Set the wait timeout for the current check based on the boot counter +WAIT_TIMEOUT_SECS=$(get_wait_timeout) + +# Wait for pod images to be downloaded +for i in ${!PODS_NS_LIST[@]}; do + CHECK_PODS_NS=${PODS_NS_LIST[$i]} + + echo "Waiting ${WAIT_TIMEOUT_SECS}s for pod image(s) from the '${CHECK_PODS_NS}' namespace to be downloaded" + wait_for ${WAIT_TIMEOUT_SECS} namespace_images_downloaded +done + +# Wait for pods to enter ready state +for i in ${!PODS_NS_LIST[@]}; do + CHECK_PODS_NS=${PODS_NS_LIST[$i]} + CHECK_PODS_CT=${PODS_CT_LIST[$i]} + + echo "Waiting ${WAIT_TIMEOUT_SECS}s for ${CHECK_PODS_CT} pod(s) from the '${CHECK_PODS_NS}' namespace to be in 'Ready' state" + wait_for ${WAIT_TIMEOUT_SECS} namespace_pods_ready +done + +# Verify that pods are not restarting +for i in ${!PODS_NS_LIST[@]}; do + CHECK_PODS_NS=${PODS_NS_LIST[$i]} + + echo "Checking pod restart count in the '${CHECK_PODS_NS}' namespace" + namespace_pods_not_restarting ${CHECK_PODS_NS} +done diff --git a/docs/greenboot_dev.md b/docs/greenboot_dev.md index 3eda4dc1ad..7dd01b681a 100644 --- a/docs/greenboot_dev.md +++ b/docs/greenboot_dev.md @@ -3,10 +3,68 @@ ## Motivation [Integrating MicroShift with Greenboot](./greenboot.md) allows for automatic -software upgrade rollbacks in case of a failure. The current document describes -a few techniques for simulating software upgrade failures in a development -environment. These guidelines can be used by developers for implementing CI/CD -pipelines testing MicroShift integration with Greenboot. +software upgrade rollbacks in case of a failure. + +The current document describes a few techniques for: +* Adding user workload health check procedures in a production environment +* Simulating software upgrade failures in a development environment + +These guidelines can be used by developers for implementing user workload +health check using Greenboot facilities, as well as simulating failures for +testing MicroShift integration with Greenboot in CI/CD pipelines. + +## User Workload Health + +### Installation + +Follow the instructions in [Auto-applying Manifests](./howto_config.md#auto-applying-manifests) +section to install a dummy user workload, without restarting the MicroShift service +at this time. + +Proceed by creating a health check script in the `/etc/greenboot/check/required.d` +directory. +> The name prefix of the user script should be chosen to make sure it runs after +> the `40_microshift_running_check.sh` script, which implements the MicroShift +> health check procedure for its core services. + +``` +SCRIPT_FILE=/etc/greenboot/check/required.d/50_busybox_running_check.sh +sudo curl -s https://raw.githubusercontent.com/openshift/microshift/main/docs/config/busybox_running_check.sh \ + -o ${SCRIPT_FILE} && echo SUCCESS || echo ERROR +sudo chmod 755 ${SCRIPT_FILE} +``` + +### Testing + +Reboot the system and run the following command to examine the output of the +Greenboot health checks. Note that the MicroShift core service health checks +are running before the user workload health checks. + +```bash +sudo journalctl -o cat -u greenboot-healthcheck.service +``` + +### Health Check Implementation + +The script utilizes the MicroShift health check functions that are available +in the `/usr/share/microshift/functions/greenboot.sh` file to reuse procedures +already implemented for the MicroShift core services. These functions need a +definition of the user workload namespaces and the expected count of pods. + +```bash +PODS_NS_LIST=(busybox) +PODS_CT_LIST=(3 ) +``` + +The script starts by running sanity checks to verify that it is executed from +the `root` account and that the MicroShift service is enabled. + +Finally, the MicroShift health check functions are called to perform the +following actions: +- Get a wait timeout of the current boot cycle for the `wait_for` function +- Call the `namespace_images_downloaded` function to wait until pod images are available +- Call the `namespace_pods_ready` function to wait until pods are ready +- Call the `namespace_pods_not_restarting` function to verify pods are not restarting ## MicroShift Service Failure @@ -69,7 +127,7 @@ sudo rpm-ostree cleanup -b -r ## MicroShift Pod Failure -To simulate a situation with the MicroShift pod failure after an upgrade, +To simulate a situation with the MicroShift pod failure after an upgrade, one can set the `network.serviceNetwork` MicroShift configuration option to a non-default `10.66.0.0/16` value without resetting the MicroShift data at the `/var/lib/microshift` directory. diff --git a/packaging/greenboot/functions.sh b/packaging/greenboot/functions.sh new file mode 100644 index 0000000000..5fde8d1650 --- /dev/null +++ b/packaging/greenboot/functions.sh @@ -0,0 +1,134 @@ +#!/bin/bash +# +# Functions used by MicroShift in Greenboot health check procedures. +# This library may also be used for user workload health check verification. +# +SCRIPT_PID=$$ + +OCCONFIG_OPT="--kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig" +OCGET_OPT="--no-headers" +OCGET_CMD="oc get ${OCCONFIG_OPT}" + +# Get the recommended wait timeout to be used for running health check operations. +# The returned timeout is a product of a base value and a boot attempt counter, so +# that the timeout increases after every boot attempt. +# +# The base value for the timeout and the maximum boot attempts can be defined in +# the /etc/greenboot/greenboot.conf file using the MICROSHIFT_WAIT_TIMEOUT_SEC +# and GREENBOOT_MAX_BOOTS settings. +# +# args: None +# return: Print the recommended timeout value to stdout +function get_wait_timeout() { + # Source Greenboot configuration file if it exists + local conf_file=/etc/greenboot/greenboot.conf + [ -f "${conf_file}" ] && source ${conf_file} + local base_timeout=${MICROSHIFT_WAIT_TIMEOUT_SEC:-300} + + # Update the wait timeout according to the boot counter. + # The new wait timeout is a product of the timeout base and the number of boot attempts. + local max_boots=${GREENBOOT_MAX_BOOTS:-3} + local boot_counter=$(grub2-editenv - list | grep ^boot_counter= | awk -F= '{print $2}') + [ -z "${boot_counter}" ] && boot_counter=$(( $max_boots - 1 )) + + local wait_timeout=$(( $base_timeout * ( $max_boots - $boot_counter ) )) + [ ${wait_timeout} -le 0 ] && wait_timeout=${base_timeout} + + echo $wait_timeout +} + +# Run a command with a second delay until it returns a zero exit status +# +# arg1: Time in seconds to wait for a command to succeed +# argN: Command to run with optional arguments +# return: 0 if a command ran successfully within the wait period, or 1 otherwise +function wait_for() { + local timeout=$1 + shift 1 + + local start=$(date +%s) + until ("$@"); do + sleep 1 + + local now=$(date +%s) + [ $(( now - start )) -ge $timeout ] && return 1 + done + + return 0 +} + +# Check if all the pod images in a given namespace are downloaded. +# +# args: None +# env1: 'CHECK_PODS_NS' environment variable for the namespace to check +# return: 0 if all the images in a given namespace are downloaded, or 1 otherwise +function namespace_images_downloaded() { + local ns=${CHECK_PODS_NS} + + local images=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o jsonpath="{.items[*].spec.containers[*].image}" 2>/dev/null) + for i in ${images} ; do + # Return an error on the first missing image + local cimage=$(crictl image -q ${i}) + [ -z "${cimage}" ] && return 1 + done + + return 0 +} + +# Check if a given number of pods in a given namespace are in the 'Ready' status, +# terminating the script with the SIGTERM signal if more pods are ready than expected. +# +# args: None +# env1: 'CHECK_PODS_NS' environment variable for the namespace to check +# env2: 'CHECK_PODS_CT' environment variable for the pod count to check +# return: 0 if the expected number of pods are ready, or 1 otherwise +function namespace_pods_ready() { + local ns=${CHECK_PODS_NS} + local ct=${CHECK_PODS_CT} + + local status=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}' 2>/dev/null) + local tcount=$(echo $status | grep -o True | wc -l) + local fcount=$(echo $status | grep -o False | wc -l) + + # Terminate the script in case more pods are ready than expected - nothing to wait for + if [ "${tcount}" -gt "${ct}" ] ; then + echo "The number of ready pods in the '${ns}' namespace is greater than the expected '${ct}' count. Terminating..." + kill -TERM ${SCRIPT_PID} + fi + # Exit with error if any pods are not ready yet + [ "${fcount}" -gt 0 ] && return 1 + # Check the ready pod count + [ "${tcount}" -eq "${ct}" ] && return 0 + return 1 +} + +# Check if MicroShift pods in a given namespace started and verify they are not restarting by sampling +# the pod restart count 10 times every 5 seconds and comparing the current sample with the previous one. +# The pods are considered restarting if the number of 'pod-restarting' samples is greater than the +# number of 'pod-not-restarting' ones. +# +# arg1: Name of the namespace to check +# return: 0 if pods are not restarting, or 1 otherwise +function namespace_pods_not_restarting() { + local ns=$1 + local restarts=0 + + local count1=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.containerStatuses[].restartCount}' 2>/dev/null) + for i in $(seq 10) ; do + sleep 5 + local countS=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.containerStatuses[].started}' 2>/dev/null | grep -vc false) + local count2=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.containerStatuses[].restartCount}' 2>/dev/null) + + # If pods started, a restart is detected by comparing the count string between the checks. + # The number of pod restarts is incremented when a restart is detected, or decremented otherwise. + if [ "${countS}" -ne 0 ] && [ "${count1}" = "${count2}" ] ; then + restarts=$(( restarts - 1 )) + else + restarts=$(( restarts + 1 )) + count1=${count2} + fi + done + + [ "${restarts}" -lt 0 ] && return 0 + return 1 +} diff --git a/packaging/greenboot/microshift-pre-rollback.sh b/packaging/greenboot/microshift-pre-rollback.sh old mode 100644 new mode 100755 diff --git a/packaging/greenboot/microshift-running-check.sh b/packaging/greenboot/microshift-running-check.sh index a0eba76943..1aa1978418 100755 --- a/packaging/greenboot/microshift-running-check.sh +++ b/packaging/greenboot/microshift-running-check.sh @@ -3,15 +3,11 @@ set -e SCRIPT_NAME=$(basename $0) SCRIPT_PID=$$ -OCGET_CMD="oc get --kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig" -OCGET_OPT="--no-headers" PODS_NS_LIST=(openshift-ovn-kubernetes openshift-service-ca openshift-ingress openshift-dns openshift-storage) PODS_CT_LIST=(2 1 1 2 2) -# Source Greenboot configuration file if it exists -GREENBOOT_CONF_FILE=/etc/greenboot/greenboot.conf -[ -f "${GREENBOOT_CONF_FILE}" ] && source ${GREENBOOT_CONF_FILE} -WAIT_TIMEOUT_SECS_BASE=${MICROSHIFT_WAIT_TIMEOUT_SEC:-300} +# Source the MicroShift health check functions library +source /usr/share/microshift/functions/greenboot.sh # Set the exit handler to log the exit status trap 'script_exit' EXIT @@ -26,26 +22,6 @@ function script_exit() { echo $status } -# Run a command with a second delay until it returns a zero exit status -# -# arg1: Time in seconds to wait for a command to succeed -# argN: Command to run with optional arguments -# return: 0 if a command ran successfully within the wait period, or 1 otherwise -function wait_for() { - local timeout=$1 - shift 1 - - local start=$(date +%s) - until ("$@"); do - sleep 1 - - local now=$(date +%s) - [ $(( now - start )) -ge $timeout ] && return 1 - done - - return 0 -} - # Check the microshift.service systemd unit activity, terminating the script # with the SIGTERM signal if the unit reports a failed state # @@ -66,7 +42,7 @@ function microshift_service_active() { } # Check if MicroShift API 'readyz' and 'livez' health endpoints are OK -# +# # args: None # return: 0 if all API health endpoints are OK, or 1 otherwise function microshift_health_endpoints_ok() { @@ -79,7 +55,7 @@ function microshift_health_endpoints_ok() { } # Check if any MicroShift pods are in the 'Running' status -# +# # args: None # return: 0 if any pods are in the 'Running' status, or 1 otherwise function any_pods_running() { @@ -89,82 +65,6 @@ function any_pods_running() { return 1 } -# Check if all the MicroShift pod images in a given namespace are downloaded. -# -# args: None -# env1: 'CHECK_PODS_NS' environment variable for the namespace to check -# return: 0 if all the images in a given namespace are downloaded, or 1 otherwise -function namespace_images_downloaded() { - local ns=${CHECK_PODS_NS} - - local images=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o jsonpath="{.items[*].spec.containers[*].image}" 2>/dev/null) - for i in ${images} ; do - # Return an error on the first missing image - local cimage=$(crictl image -q ${i}) - [ -z "${cimage}" ] && return 1 - done - - return 0 -} - -# Check if a given number of MicroShift pods in a given namespace are in the 'Ready' status, -# terminating the script with the SIGTERM signal if more pods are ready than expected. -# -# args: None -# env1: 'CHECK_PODS_NS' environment variable for the namespace to check -# env2: 'CHECK_PODS_CT' environment variable for the pod count to check -# return: 0 if the expected number of pods are ready, or 1 otherwise -function namespace_pods_ready() { - local ns=${CHECK_PODS_NS} - local ct=${CHECK_PODS_CT} - - local status=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}' 2>/dev/null) - local tcount=$(echo $status | grep -o True | wc -l) - local fcount=$(echo $status | grep -o False | wc -l) - - # Terminate the script in case more pods are ready than expected - nothing to wait for - if [ "${tcount}" -gt "${ct}" ] ; then - echo "The number of ready pods in the '${ns}' namespace is greater than the expected '${ct}' count. Terminating..." - kill -TERM ${SCRIPT_PID} - fi - # Exit with error if any pods are not ready yet - [ "${fcount}" -gt 0 ] && return 1 - # Check the ready pod count - [ "${tcount}" -eq "${ct}" ] && return 0 - return 1 -} - -# Check if MicroShift pods in a given namespace started and verify they are not restarting by sampling -# the pod restart count 10 times every 5 seconds and comparing the current sample with the previous one. -# The pods are considered restarting if the number of 'pod-restarting' samples is greater than the -# number of 'pod-not-restarting' ones. -# -# arg1: Name of the namespace to check -# return: 0 if pods are not restarting, or 1 otherwise -function namespace_pods_not_restarting() { - local ns=$1 - local restarts=0 - - local count1=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.containerStatuses[].restartCount}' 2>/dev/null) - for i in $(seq 10) ; do - sleep 5 - local countS=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.containerStatuses[].started}' 2>/dev/null | grep -vc false) - local count2=$(${OCGET_CMD} pods ${OCGET_OPT} -n ${ns} -o 'jsonpath={..status.containerStatuses[].restartCount}' 2>/dev/null) - - # If pods started, a restart is detected by comparing the count string between the checks. - # The number of pod restarts is incremented when a restart is detected, or decremented otherwise. - if [ "${countS}" -ne 0 ] && [ "${count1}" = "${count2}" ] ; then - restarts=$(( restarts - 1 )) - else - restarts=$(( restarts + 1 )) - count1=${count2} - fi - done - - [ "${restarts}" -lt 0 ] && return 0 - return 1 -} - # # Main # @@ -195,14 +95,8 @@ if [ $(systemctl is-enabled microshift.service 2>/dev/null) != "enabled" ] ; the exit 0 fi -# Update the wait timeout according to the boot counter. -# The new wait timeout is a product of the timeout base and the number of boot attempts. -MAX_BOOT_ATTEMPTS=${GREENBOOT_MAX_BOOT_ATTEMPTS:-3} -BOOT_COUNTER=$(grub2-editenv - list | grep ^boot_counter= | awk -F= '{print $2}') -[ -z "${BOOT_COUNTER}" ] && BOOT_COUNTER=$(( $MAX_BOOT_ATTEMPTS - 1 )) - -WAIT_TIMEOUT_SECS=$(( $WAIT_TIMEOUT_SECS_BASE * ( $MAX_BOOT_ATTEMPTS - $BOOT_COUNTER ) )) -[ ${WAIT_TIMEOUT_SECS} -le 0 ] && WAIT_TIMEOUT_SECS=${WAIT_TIMEOUT_SECS_BASE} +# Set the wait timeout for the current check based on the boot counter +WAIT_TIMEOUT_SECS=$(get_wait_timeout) # Wait for MicroShift service to be active (failed status terminates the script) echo "Waiting ${WAIT_TIMEOUT_SECS}s for MicroShift service to be active and not failed" @@ -218,7 +112,7 @@ wait_for ${WAIT_TIMEOUT_SECS} any_pods_running # Wait for MicroShift core pod images to be downloaded for i in ${!PODS_NS_LIST[@]}; do - CHECK_PODS_NS=${PODS_NS_LIST[$i]} + CHECK_PODS_NS=${PODS_NS_LIST[$i]} echo "Waiting ${WAIT_TIMEOUT_SECS}s for pod image(s) from the '${CHECK_PODS_NS}' namespace to be downloaded" wait_for ${WAIT_TIMEOUT_SECS} namespace_images_downloaded diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index ffd2f32a52..1664bd10ad 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -208,6 +208,8 @@ install -d -m755 %{buildroot}%{_sysconfdir}/greenboot/check/required.d install -d -m755 %{buildroot}%{_sysconfdir}/greenboot/red.d install -p -m755 packaging/greenboot/microshift-running-check.sh %{buildroot}%{_sysconfdir}/greenboot/check/required.d/40_microshift_running_check.sh install -p -m755 packaging/greenboot/microshift-pre-rollback.sh %{buildroot}%{_sysconfdir}/greenboot/red.d/40_microshift_pre_rollback.sh +install -d -m755 %{buildroot}%{_datadir}/microshift/functions +install -p -m644 packaging/greenboot/functions.sh %{buildroot}%{_datadir}/microshift/functions/greenboot.sh %post @@ -289,6 +291,7 @@ systemctl enable --now --quiet openvswitch || true %files greenboot %{_sysconfdir}/greenboot/check/required.d/40_microshift_running_check.sh %{_sysconfdir}/greenboot/red.d/40_microshift_pre_rollback.sh +%{_datadir}/microshift/functions/greenboot.sh # Use Git command to generate the log and replace the VERSION string # LANG=C git log --date="format:%a %b %d %Y" --pretty="tformat:* %cd %an <%ae> VERSION%n- %s%n" packaging/rpm/microshift.spec From 26422ee2db9d089295f888cf3b89274ce7e24b02 Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili Date: Sun, 12 Mar 2023 18:33:42 +0000 Subject: [PATCH 07/79] Fix the kustomization procedure not to exit with fatal error --- pkg/kustomize/apply.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/kustomize/apply.go b/pkg/kustomize/apply.go index a1019f17e1..bfe06de1c6 100644 --- a/pkg/kustomize/apply.go +++ b/pkg/kustomize/apply.go @@ -56,7 +56,7 @@ func (s *Kustomizer) ApplyKustomizationPath(path string) { if _, err := os.Stat(kustomization); !errors.Is(err, os.ErrNotExist) { klog.Infof("Applying kustomization at %v ", kustomization) if err := ApplyKustomizationWithRetries(path, s.kubeconfig); err != nil { - klog.Fatalf("Applying kustomization at %v failed: %s. Giving up.", kustomization, err) + klog.Errorf("Applying kustomization at %v failed: %s. Giving up.", kustomization, err) } else { klog.Infof("Kustomization at %v applied successfully.", kustomization) } @@ -66,7 +66,7 @@ func (s *Kustomizer) ApplyKustomizationPath(path string) { } func ApplyKustomizationWithRetries(kustomization string, kubeconfig string) error { - return wait.Poll(retryInterval, retryTimeout, func() (bool, error) { + return wait.PollImmediate(retryInterval, retryTimeout, func() (bool, error) { if err := ApplyKustomization(kustomization, kubeconfig); err != nil { klog.Infof("Applying kustomization failed: %s. Retrying in %s.", err, retryInterval) return false, nil From 1d387f9789773394e3aab5b83215c7a44376a6ec Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Mon, 13 Mar 2023 04:01:59 -0400 Subject: [PATCH 08/79] rebase-4.13.0-0.nightly-2023-03-09-162945_amd64-2023-03-09_arm64-2023-03-10 (#1482) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update etcd/go.mod * update etcd/vendor * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot --- Makefile.kube_git.var | 2 +- .../node-resolver/daemonset.yaml | 8 +- .../node-resolver/update-node-resolver.sh | 8 +- assets/release/release-aarch64.json | 14 +- assets/release/release-x86_64.json | 14 +- etcd/go.mod | 68 ++-- etcd/go.sum | 76 ++-- .../openshift/microshift/pkg/config/config.go | 69 +++- etcd/vendor/golang.org/x/net/html/parse.go | 2 +- etcd/vendor/golang.org/x/net/html/token.go | 49 ++- etcd/vendor/golang.org/x/net/http2/flow.go | 2 +- etcd/vendor/golang.org/x/net/http2/frame.go | 11 +- .../golang.org/x/net/http2/hpack/hpack.go | 81 ++-- etcd/vendor/golang.org/x/net/http2/server.go | 20 +- .../golang.org/x/net/http2/transport.go | 2 +- .../golang.org/x/net/trace/histogram.go | 2 +- .../vendor/golang.org/x/net/websocket/hybi.go | 2 +- .../golang.org/x/sys/cpu/cpu_gccgo_x86.c | 1 + .../vendor/golang.org/x/sys/cpu/endian_big.go | 11 + .../golang.org/x/sys/cpu/endian_little.go | 11 + etcd/vendor/golang.org/x/sys/unix/gccgo_c.c | 4 +- .../golang.org/x/sys/unix/syscall_darwin.go | 1 + .../x/sys/unix/syscall_freebsd_386.go | 9 +- .../x/sys/unix/syscall_freebsd_amd64.go | 9 +- .../x/sys/unix/syscall_freebsd_arm.go | 9 +- .../x/sys/unix/syscall_freebsd_arm64.go | 9 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 9 +- .../golang.org/x/sys/unix/syscall_linux.go | 3 +- .../golang.org/x/sys/unix/syscall_unix.go | 2 +- .../golang.org/x/sys/unix/timestruct.go | 2 +- .../vendor/golang.org/x/sys/unix/xattr_bsd.go | 9 +- .../golang.org/x/sys/unix/zerrors_linux.go | 30 +- .../x/sys/unix/zerrors_linux_386.go | 1 + .../x/sys/unix/zerrors_linux_amd64.go | 1 + .../x/sys/unix/zerrors_linux_arm.go | 1 + .../x/sys/unix/zerrors_linux_arm64.go | 1 + .../x/sys/unix/zerrors_linux_loong64.go | 1 + .../x/sys/unix/zerrors_linux_mips.go | 1 + .../x/sys/unix/zerrors_linux_mips64.go | 1 + .../x/sys/unix/zerrors_linux_mips64le.go | 1 + .../x/sys/unix/zerrors_linux_mipsle.go | 1 + .../x/sys/unix/zerrors_linux_ppc.go | 1 + .../x/sys/unix/zerrors_linux_ppc64.go | 1 + .../x/sys/unix/zerrors_linux_ppc64le.go | 1 + .../x/sys/unix/zerrors_linux_riscv64.go | 1 + .../x/sys/unix/zerrors_linux_s390x.go | 1 + .../x/sys/unix/zerrors_linux_sparc64.go | 1 + .../golang.org/x/sys/unix/zsyscall_linux.go | 11 + .../golang.org/x/sys/unix/ztypes_linux.go | 217 ++++++++-- .../x/sys/windows/syscall_windows.go | 14 +- .../vendor/k8s.io/api/core/v1/generated.proto | 3 +- etcd/vendor/k8s.io/api/core/v1/types.go | 3 +- .../api/resource/v1alpha1/generated.proto | 3 +- .../k8s.io/api/resource/v1alpha1/types.go | 3 +- .../pkg/util/httpstream/spdy/roundtripper.go | 12 +- .../controller_reconcile.go | 8 +- .../pkg/endpoints/handlers/delete.go | 8 +- .../server/egressselector/egress_selector.go | 5 + .../applyconfigurations/internal/internal.go | 4 + .../client-go/discovery/discovery_client.go | 2 +- etcd/vendor/k8s.io/client-go/rest/request.go | 35 +- .../k8s.io/client-go/rest/with_retry.go | 17 +- .../k8s.io/client-go/transport/cache.go | 2 +- .../component-base/logs/api/v1/pflags.go | 9 + .../metrics/legacyregistry/registry.go | 3 + .../k8s.io/component-base/metrics/metric.go | 20 - .../k8s.io/component-base/metrics/registry.go | 14 + .../k8s.io/kubectl/pkg/scheme/install.go | 4 +- .../pod-security-admission/metrics/metrics.go | 3 +- etcd/vendor/modules.txt | 96 ++--- go.mod | 70 ++-- go.sum | 119 +++--- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 369 ++++++++++++------ scripts/auto-rebase/commits.txt | 22 +- scripts/auto-rebase/last_rebase.sh | 2 +- .../admissiontimeout/timeoutadmission.go | 86 +++- vendor/golang.org/x/net/html/parse.go | 2 +- vendor/golang.org/x/net/html/token.go | 49 ++- vendor/golang.org/x/net/http2/flow.go | 2 +- vendor/golang.org/x/net/http2/frame.go | 11 +- vendor/golang.org/x/net/http2/hpack/hpack.go | 81 ++-- vendor/golang.org/x/net/http2/server.go | 20 +- vendor/golang.org/x/net/http2/transport.go | 2 +- vendor/golang.org/x/net/ipv6/dgramopt.go | 2 +- vendor/golang.org/x/net/trace/histogram.go | 2 +- vendor/golang.org/x/net/websocket/hybi.go | 2 +- vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c | 1 + vendor/golang.org/x/sys/cpu/endian_big.go | 11 + vendor/golang.org/x/sys/cpu/endian_little.go | 11 + vendor/golang.org/x/sys/unix/gccgo_c.c | 4 +- .../golang.org/x/sys/unix/syscall_darwin.go | 1 + .../x/sys/unix/syscall_freebsd_386.go | 9 +- .../x/sys/unix/syscall_freebsd_amd64.go | 9 +- .../x/sys/unix/syscall_freebsd_arm.go | 9 +- .../x/sys/unix/syscall_freebsd_arm64.go | 9 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 9 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 3 +- vendor/golang.org/x/sys/unix/syscall_unix.go | 2 +- vendor/golang.org/x/sys/unix/timestruct.go | 2 +- vendor/golang.org/x/sys/unix/xattr_bsd.go | 9 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 30 +- .../x/sys/unix/zerrors_linux_386.go | 1 + .../x/sys/unix/zerrors_linux_amd64.go | 1 + .../x/sys/unix/zerrors_linux_arm.go | 1 + .../x/sys/unix/zerrors_linux_arm64.go | 1 + .../x/sys/unix/zerrors_linux_loong64.go | 1 + .../x/sys/unix/zerrors_linux_mips.go | 1 + .../x/sys/unix/zerrors_linux_mips64.go | 1 + .../x/sys/unix/zerrors_linux_mips64le.go | 1 + .../x/sys/unix/zerrors_linux_mipsle.go | 1 + .../x/sys/unix/zerrors_linux_ppc.go | 1 + .../x/sys/unix/zerrors_linux_ppc64.go | 1 + .../x/sys/unix/zerrors_linux_ppc64le.go | 1 + .../x/sys/unix/zerrors_linux_riscv64.go | 1 + .../x/sys/unix/zerrors_linux_s390x.go | 1 + .../x/sys/unix/zerrors_linux_sparc64.go | 1 + .../golang.org/x/sys/unix/zsyscall_linux.go | 11 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 217 ++++++++-- .../x/sys/windows/syscall_windows.go | 14 +- vendor/k8s.io/api/core/v1/generated.proto | 3 +- vendor/k8s.io/api/core/v1/types.go | 3 +- .../api/resource/v1alpha1/generated.proto | 3 +- vendor/k8s.io/api/resource/v1alpha1/types.go | 3 +- .../pkg/util/httpstream/spdy/roundtripper.go | 12 +- .../controller_reconcile.go | 8 +- .../pkg/endpoints/handlers/delete.go | 8 +- .../server/egressselector/egress_selector.go | 5 + .../applyconfigurations/internal/internal.go | 4 + .../client-go/discovery/discovery_client.go | 2 +- vendor/k8s.io/client-go/rest/request.go | 35 +- vendor/k8s.io/client-go/rest/with_retry.go | 17 +- vendor/k8s.io/client-go/transport/cache.go | 2 +- .../component-base/logs/api/v1/pflags.go | 9 + .../metrics/legacyregistry/registry.go | 3 + .../k8s.io/component-base/metrics/metric.go | 20 - .../k8s.io/component-base/metrics/registry.go | 14 + .../pkg/apiserver/handler_discovery.go | 3 - .../k8s.io/kubectl/pkg/cmd/delete/delete.go | 15 +- .../k8s.io/kubectl/pkg/describe/describe.go | 32 +- vendor/k8s.io/kubectl/pkg/scheme/install.go | 4 +- .../cmd/kube-apiserver/app/options/options.go | 6 +- .../pkg/apis/core/validation/validation.go | 3 +- .../apis/resource/validation/validation.go | 26 +- .../controller/daemon/daemon_controller.go | 60 ++- .../pkg/controller/job/indexed_job_utils.go | 13 +- .../pkg/controller/job/job_controller.go | 52 ++- .../pkg/controller/podgc/gc_controller.go | 47 +-- .../generated/openapi/zz_generated.openapi.go | 10 +- .../pkg/kubelet/client/kubelet_client.go | 66 ++-- .../kubernetes/pkg/kubelet/pleg/evented.go | 13 + .../kubernetes/pkg/kubelet/stats/provider.go | 5 - .../desired_state_of_world_populator.go | 10 +- .../kubernetes/pkg/probe/dialer_others.go | 42 ++ .../kubernetes/pkg/probe/dialer_windows.go | 42 ++ .../k8s.io/kubernetes/pkg/probe/http/http.go | 4 + vendor/k8s.io/kubernetes/pkg/probe/tcp/tcp.go | 6 +- .../pkg/registry/core/pod/storage/storage.go | 4 +- .../registry/core/service/allocator/bitmap.go | 1 + .../core/service/ipallocator/allocator.go | 10 +- .../framework/plugins/nodevolumelimits/csi.go | 6 +- .../framework/preemption/preemption.go | 5 +- .../scheduler/framework/runtime/framework.go | 5 +- .../pkg/securitycontext/accessors.go | 39 ++ .../pod-security-admission/metrics/metrics.go | 3 +- vendor/modules.txt | 120 +++--- 167 files changed, 2105 insertions(+), 979 deletions(-) create mode 100644 etcd/vendor/golang.org/x/sys/cpu/endian_big.go create mode 100644 etcd/vendor/golang.org/x/sys/cpu/endian_little.go create mode 100644 vendor/golang.org/x/sys/cpu/endian_big.go create mode 100644 vendor/golang.org/x/sys/cpu/endian_little.go create mode 100644 vendor/k8s.io/kubernetes/pkg/probe/dialer_others.go create mode 100644 vendor/k8s.io/kubernetes/pkg/probe/dialer_windows.go diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 567df82f01..3660c1343f 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=89232647de67ea787d339b1bd7c780a0ed97f3f9 +KUBE_GIT_COMMIT=bc894ae6a3e52346a6cfec06c49c6cf78c12b2af KUBE_GIT_TREE_STATE=clean diff --git a/assets/components/openshift-dns/node-resolver/daemonset.yaml b/assets/components/openshift-dns/node-resolver/daemonset.yaml index 4f8ddfa843..6d8a5fbf32 100644 --- a/assets/components/openshift-dns/node-resolver/daemonset.yaml +++ b/assets/components/openshift-dns/node-resolver/daemonset.yaml @@ -71,11 +71,17 @@ spec: fi # Append resolver entries for services + rc=0 for svc in "${!svc_ips[@]}"; do for ip in ${svc_ips[${svc}]}; do - echo "${ip} ${svc} ${svc}.${CLUSTER_DOMAIN} # ${OPENSHIFT_MARKER}" >> "${TEMP_FILE}" + echo "${ip} ${svc} ${svc}.${CLUSTER_DOMAIN} # ${OPENSHIFT_MARKER}" >> "${TEMP_FILE}" || rc=$? done done + if [[ $rc -ne 0 ]]; then + sleep 60 & wait + continue + fi + # TODO: Update /etc/hosts atomically to avoid any inconsistent behavior # Replace /etc/hosts with our modified version if needed diff --git a/assets/components/openshift-dns/node-resolver/update-node-resolver.sh b/assets/components/openshift-dns/node-resolver/update-node-resolver.sh index aedc87198a..327718fef7 100644 --- a/assets/components/openshift-dns/node-resolver/update-node-resolver.sh +++ b/assets/components/openshift-dns/node-resolver/update-node-resolver.sh @@ -48,11 +48,17 @@ while true; do fi # Append resolver entries for services + rc=0 for svc in "${!svc_ips[@]}"; do for ip in ${svc_ips[${svc}]}; do - echo "${ip} ${svc} ${svc}.${CLUSTER_DOMAIN} # ${OPENSHIFT_MARKER}" >> "${TEMP_FILE}" + echo "${ip} ${svc} ${svc}.${CLUSTER_DOMAIN} # ${OPENSHIFT_MARKER}" >> "${TEMP_FILE}" || rc=$? done done + if [[ $rc -ne 0 ]]; then + sleep 60 & wait + continue + fi + # TODO: Update /etc/hosts atomically to avoid any inconsistent behavior # Replace /etc/hosts with our modified version if needed diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 33d8bfd1a7..d2bdaba0a2 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-02-28-171639" + "base": "4.13.0-0.nightly-arm64-2023-03-10-015052" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b1c70aa990218a79493b3807b7d1be7db5270bb7d514b7b124bf3b1680e908", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2b9c82e4386ea324425c877ec0f71ea4716592e2cec4a6e2d8400a8d4d81b5ae", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:919e017776264b4909b0eb390ce95fa8b93e8e9f3932c906b6e013a371a41174", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b0c5d03660ff04bdae29c3616992438fb8d5fcd1a8a52ca870cdeb6265d12f36", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ae6c33506ce9d8774313aa43f2d51081b2d72c8d2954669e609b5a8efe09df1b", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7a25edfcdcfb5169694c9e9f4c32e32133edcea185e63ff16018a710d546d750", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b7e855f833595e8871b140b2b02ec51bf553c2186615b095f2caf34bfec99fc6", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f67aabd2c69a990bcf8ff6565b615ef5c519bedd6ad3f74784bd2ce126cb0540", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0a8792c061b5c99e62960592f77d5f97dcce8606017c18dd6988c9b24939c30f", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f191e9462d8c54bca1951ed188562e4343b3e70f5ac7f15fa64c3a0ec179e3a1", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c6f924a5b5b9808a9767dce206ec7ace9595643d0bde7882342cc36d6849952f", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8dd1449567b0a39e4dd99868caba37a61e212f1865df45538a2030001d9c3ac2", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index fe6d178d09..822b900a28 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-2023-02-27-101545" + "base": "4.13.0-0.nightly-2023-03-09-162945" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9af4bd001d30fd00d89c5f199b970b820240d0959312c2fb8ea82597c8da24bb", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7a3cf3a4e3a19c02b7cb7136fb96466b04f12f7a0176d1b8778e6991ce55e70", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a3883746d3a051fc71aafee3c7b958dd65f8c367fdb127dc398ad912dd802ade", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eef3d1894656818ad393df61d3713115dce777e113b781c1d01bc285ee56ca2c", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2448f5c3de0d96379a8a496adf09a8521e4a117b027b823b25eaff31d922984", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:42bcf8599fe7e55a2fb01cc6009007143619a507fb9e587e1568791cc4a5c8db", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce5e10eef4461c3717d9e0283cb04d592dfa1dcff3f9c27ca71ac908b967a0ea", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:017a208e4b613bd3085a0504a8494eb60763af28ed9906a94affdb884b54a04e", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8863d0268479214bd3835fe0135e94780e13a15ba00afe55e168346da825628a", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:91e31c0e8171d92d991322419c860cde1d4126fa927be2c453fbe14aa22743f7", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6922b6c4c021e6974672165d0a809bdc1c010494cb574a41af3ba0ee868f3554", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c9ee67ac927595049bd3854b5c224269452873bb446115d0cf6fe382f54c94b0", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/etcd/go.mod b/etcd/go.mod index c4a7f7b8fe..3aef1c036d 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -39,7 +39,7 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/selinux v1.10.0 // indirect - github.com/openshift/library-go v0.0.0-20230130232623-47904dd9ff5a // indirect + github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect github.com/robfig/cron/v3 v3.0.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect @@ -142,11 +142,11 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.0 // indirect golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.5.0 // indirect + golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect - golang.org/x/sys v0.4.0 // indirect - golang.org/x/term v0.4.0 // indirect - golang.org/x/text v0.6.0 // indirect + golang.org/x/sys v0.5.0 // indirect + golang.org/x/term v0.5.0 // indirect + golang.org/x/text v0.7.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -174,33 +174,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230223163248-89232647de67 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230223163248-89232647de67 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230223163248-89232647de67 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230223163248-89232647de67 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230306102907-bc894ae6a3e5 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230306102907-bc894ae6a3e5 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230306102907-bc894ae6a3e5 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index c31c3580b3..c714df5d54 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -394,36 +394,36 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:F2zw47 github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:dlpgsW1KSYbbI8pV2T1n38SvXGbxsJwwpHqJ8NHqH4w= github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230223163248-89232647de67 h1:jodZbyQh9GPxPR97CE430QxolCRK0mk7oZ70sulRxgI= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230223163248-89232647de67/go.mod h1:SVFZVmcfr/QnDkKqmBvlVlhurEsml57BUNDH+R/CPqk= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230223163248-89232647de67 h1:kO4mM0qG9nkleOgVM+P8j++CWIigGdBkaiOKAjeHxMs= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230223163248-89232647de67/go.mod h1:fcaZu5DOMCvnjHsoJrKV5iQLvaiOTv50bj8okFxwYFw= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230223163248-89232647de67 h1:g8TIpCLp5/kZi6BBGDnY4Wqaw0Rj49QEX9RINciIeD8= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230223163248-89232647de67/go.mod h1:CO72fYg4kCwaSLKgV6oMT9N1k5jhe8ZfxN1Rv7i9aL0= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230223163248-89232647de67 h1:B9MD7YTmV1H6YCyH/xQMBOt92xUvEUr2AIqSPNBKOW0= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230223163248-89232647de67/go.mod h1:salqUyIbJbHU1a9StwrX18tkxIoZejk8BQB9aYNkIPk= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230223163248-89232647de67 h1:XBWzd4WZ5WWElSF5NQIAc0amOIOPdF/1OLERO1fKwjg= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230223163248-89232647de67/go.mod h1:g5iGehpfJ/sjrrPZotg2ndVBM1qrl/xlKDEC6CJwoRo= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230223163248-89232647de67 h1:oI+hUXmAZs5/DhIfBpD2IRZfR47eiKkjYaibFMja+44= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230223163248-89232647de67/go.mod h1:y/nn+aWz2wp+2mklRHKwQb5C36SqiS4mCgw2/C1HRpM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230223163248-89232647de67 h1:eni4EViEO+I0Kfxyq0NW0C5AxQjGFKfakFsN1TJU1n4= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230223163248-89232647de67/go.mod h1:pfu0i4DFeQXwdlNs9TQpFEUK+8y4I3HSCzqbmQDobJ8= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230223163248-89232647de67 h1:3o/vN/o1/BX0pSXnzxSBFAfs8xO+7YZkfA5x28p1TDI= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230223163248-89232647de67/go.mod h1:+K4RuDOLxtVWiPZfUefwPoYThb9BEmWYp5zId0KFgU0= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230223163248-89232647de67 h1:4RoVjs10TFjwM1hKjMt1mRN/oVInSh6SfAqPLLUG1wM= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230223163248-89232647de67/go.mod h1:IrwH1whPmwqMMBuqU2Gkb2cdmdqTg5zpbYsPC9KF8hY= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230223163248-89232647de67 h1:ClQHFBI/h6g75rl75DYTd87lm3cqkWCcLz7ge5lpTRQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230223163248-89232647de67/go.mod h1:NXsaH8tQ1U2J3w6IW8hNaC4ZQFJvkC2lVoXOXZQ8ii0= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230223163248-89232647de67 h1:bsS++odMO5hvu7njKc3sTt+QqR9mYszQSzvN+uaLLgQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230223163248-89232647de67/go.mod h1:6p383itqHHhUKvZADAr+LDVXOJ4ZWo0tBKVxTjqc9UY= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230223163248-89232647de67 h1:9bgKIabZ59hgFivSWZb+0kPm/MbFcGD3f9JhF7HIbyw= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230223163248-89232647de67/go.mod h1:7VSG6sD9u3yCsNAz3+TYBN6oNXmBmfX32o9piXgdUHQ= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230223163248-89232647de67 h1:vmW1Jb6zsFOuYbCfDsMN5dDS2b6AI+4tjv5wCIaAXvY= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230223163248-89232647de67/go.mod h1:n49VMDfRrPr3RdbpZRjo4yIF65v6ryFoeflGeAFItyc= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230223163248-89232647de67 h1:Bc5AtKJhmjgGUF4Q5NX3LEP2HmU6EnnzvB0o5jnhEA4= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230223163248-89232647de67/go.mod h1:y8fO9+mZJPj9OK26w+MwxW4kUf+bJh1CHsPYvRjwYoA= -github.com/openshift/library-go v0.0.0-20230130232623-47904dd9ff5a h1:OzF7I7mAzO4SBo5eO5CWoCTgMDydN/Tf2/Rq8YbMpT0= -github.com/openshift/library-go v0.0.0-20230130232623-47904dd9ff5a/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230306102907-bc894ae6a3e5 h1:rAvLIrZ8lJdv5YqKgqQgCDLunHv3YLXxLSHiARDeROo= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230306102907-bc894ae6a3e5 h1:PglljQxSf1ASfsC2yHzMys7s/ENze5Ho8LZeKKQQqfo= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230306102907-bc894ae6a3e5 h1:58x58rb0hjLxL0kK+P9HLWemoW4EiE8uO1hB20vpzSE= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230306102907-bc894ae6a3e5 h1:UoCkpgsHarxkHfLuRMDACiA411o06abnvWZJm8KGGXw= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230306102907-bc894ae6a3e5 h1:/cC0MxhTus8J5r1ad6S+Z7Ya1K7zDrRX4y/X/TymT1g= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230306102907-bc894ae6a3e5 h1:e/ogbjB+W0oozpGgQhZSeKPLQOIedUJ0qKP0ZBbpL1w= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230306102907-bc894ae6a3e5 h1:QbyivCIMoGqYVwvOkfm/5rfIEHCJ9GwO2V5D9yypFb8= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230306102907-bc894ae6a3e5 h1:UdoRaRY/q7nxhudTrd3pbksVuoJf3gwSdTWG8KQM3o8= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230306102907-bc894ae6a3e5 h1:ehydjyoZ9gl/pi1CkYsRH8VxynFVZhJhFTpbaqcnZYg= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230306102907-bc894ae6a3e5 h1:RDhyigkVwkC3FsNyngFnp6vbQetHel0IqXzQ70GpbjI= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230306102907-bc894ae6a3e5 h1:YvXgDtJE5kL2UuBgVvd6XwAE7lPUjnqZIflUP4pdPHw= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230306102907-bc894ae6a3e5 h1:ZyMcJr7/bhaG1oQH9idd1jjkDBsiKQxSH3wSxgFScFI= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230306102907-bc894ae6a3e5 h1:csgzn7ukYxCmkM8hedT5BzrAVDCmv2wyde3erAp2jBY= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230306102907-bc894ae6a3e5 h1:gfW2YPbfgMyph0XNDSt2vwDGKGW0DRV6tc1gOdk8jMk= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230306102907-bc894ae6a3e5/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= +github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= +github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -662,8 +662,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= -golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -741,12 +741,12 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= -golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -755,8 +755,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= -golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go index cc2c3247fd..c331890b61 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go @@ -17,6 +17,7 @@ import ( "github.com/mitchellh/go-homedir" "github.com/spf13/pflag" + "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/component-base/logs" "k8s.io/klog/v2" @@ -58,7 +59,7 @@ type IngressConfig struct { ServingKey []byte } -type EtcdConfig struct { +type InternalEtcdConfig struct { // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value QuotaBackendBytes int64 // If the backend is fragmented more than `maxFragmentedPercentage` @@ -71,6 +72,19 @@ type EtcdConfig struct { DoStartupDefrag bool } +type EtcdConfig struct { + // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value + QuotaBackendSize string + // If the backend is fragmented more than `maxFragmentedPercentage` + // and the database size is greater than `minDefragSize`, do a defrag. + MinDefragSize string + MaxFragmentedPercentage float64 + // How often to check the conditions for defragging (0 means no defrags, except for a single on startup if `doStartupDefrag` is set). + DefragCheckFreq string + // Whether or not to do a defrag when the server finishes starting + DoStartupDefrag bool +} + type MicroshiftConfig struct { LogVLevel int `json:"logVLevel"` @@ -89,17 +103,18 @@ type MicroshiftConfig struct { BaseDomain string `json:"baseDomain"` Cluster ClusterConfig `json:"cluster"` - Ingress IngressConfig `json:"-"` - Etcd EtcdConfig `json:"etcd"` + Ingress IngressConfig `json:"-"` + Etcd InternalEtcdConfig `json:"etcd"` } // Top level config file type Config struct { - DNS DNS `json:"dns"` - Network Network `json:"network"` - Node Node `json:"node"` - ApiServer ApiServer `json:"apiServer"` - Debugging Debugging `json:"debugging"` + DNS DNS `json:"dns"` + Network Network `json:"network"` + Node Node `json:"node"` + ApiServer ApiServer `json:"apiServer"` + Debugging Debugging `json:"debugging"` + Etcd EtcdConfig `json:"etcd"` } type Network struct { @@ -229,7 +244,7 @@ func NewMicroshiftConfig() *MicroshiftConfig { return &MicroshiftConfig{ LogVLevel: 2, SubjectAltNames: subjectAltNames, - NodeName: nodeName, + NodeName: strings.ToLower(nodeName), NodeIP: nodeIP, BaseDomain: "example.com", Cluster: ClusterConfig{ @@ -238,7 +253,7 @@ func NewMicroshiftConfig() *MicroshiftConfig { ServiceCIDR: "10.43.0.0/16", ServiceNodePortRange: "30000-32767", }, - Etcd: EtcdConfig{ + Etcd: InternalEtcdConfig{ MinDefragBytes: 100 * 1024 * 1024, // 100MB MaxFragmentedPercentage: 45, // percent DefragCheckFreq: 5 * time.Minute, @@ -254,7 +269,7 @@ func (c *MicroshiftConfig) isDefaultNodeName() bool { if err != nil { klog.Fatalf("Failed to get hostname %v", err) } - return c.NodeName == hostname + return c.NodeName == strings.ToLower(hostname) } // Read or set the NodeName that will be used for this MicroShift instance @@ -378,7 +393,7 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { // Wire new Config type to existing MicroshiftConfig c.LogVLevel = config.GetVerbosity() if config.Node.HostnameOverride != "" { - c.NodeName = config.Node.HostnameOverride + c.NodeName = strings.ToLower(config.Node.HostnameOverride) } if config.Node.NodeIP != "" { c.NodeIP = config.Node.NodeIP @@ -402,6 +417,36 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { c.KASAdvertiseAddress = config.ApiServer.AdvertiseAddress } + if config.Etcd.DefragCheckFreq != "" { + d, err := time.ParseDuration(config.Etcd.DefragCheckFreq) + if err != nil { + return fmt.Errorf("failed to parse etcd defragCheckFreq: %v", err) + } + c.Etcd.DefragCheckFreq = d + } + if config.Etcd.MinDefragSize != "" { + q, err := resource.ParseQuantity(config.Etcd.MinDefragSize) + if err != nil { + return fmt.Errorf("failed to parse etcd minDefragSize: %v", err) + } + if !q.IsZero() { + c.Etcd.MinDefragBytes = q.Value() + } + } + if config.Etcd.MaxFragmentedPercentage > 0 { + c.Etcd.MaxFragmentedPercentage = config.Etcd.MaxFragmentedPercentage + } + if config.Etcd.QuotaBackendSize != "" { + q, err := resource.ParseQuantity(config.Etcd.QuotaBackendSize) + if err != nil { + return fmt.Errorf("failed to parse etcd quotaBackendSize: %v", err) + } + if !q.IsZero() { + c.Etcd.QuotaBackendBytes = q.Value() + } + } + c.Etcd.DoStartupDefrag = config.Etcd.DoStartupDefrag + return nil } diff --git a/etcd/vendor/golang.org/x/net/html/parse.go b/etcd/vendor/golang.org/x/net/html/parse.go index 291c91908d..46a89eda6c 100644 --- a/etcd/vendor/golang.org/x/net/html/parse.go +++ b/etcd/vendor/golang.org/x/net/html/parse.go @@ -184,7 +184,7 @@ func (p *parser) clearStackToContext(s scope) { } } -// parseGenericRawTextElements implements the generic raw text element parsing +// parseGenericRawTextElement implements the generic raw text element parsing // algorithm defined in 12.2.6.2. // https://html.spec.whatwg.org/multipage/parsing.html#parsing-elements-that-contain-only-text // TODO: Since both RAWTEXT and RCDATA states are treated as tokenizer's part diff --git a/etcd/vendor/golang.org/x/net/html/token.go b/etcd/vendor/golang.org/x/net/html/token.go index ae24a6fdf4..50f7c6aac8 100644 --- a/etcd/vendor/golang.org/x/net/html/token.go +++ b/etcd/vendor/golang.org/x/net/html/token.go @@ -598,6 +598,11 @@ scriptDataDoubleEscapeEnd: // readComment reads the next comment token starting with "") return + } else if c == '-' { + dashCount = 1 + beginning = false + continue } } } @@ -645,6 +649,35 @@ func (z *Tokenizer) readComment() { } } +func (z *Tokenizer) calculateAbruptCommentDataEnd() int { + raw := z.Raw() + const prefixLen = len("") return + } else if c == '-' { + dashCount = 1 + beginning = false + continue } } } @@ -645,6 +649,35 @@ func (z *Tokenizer) readComment() { } } +func (z *Tokenizer) calculateAbruptCommentDataEnd() int { + raw := z.Raw() + const prefixLen = len(""); err != nil { - return err - } - return nil - case DoctypeNode: - if _, err := w.WriteString("') - case RawNode: - _, err := w.WriteString(n.Data) - return err - default: - return errors.New("html: unknown node type") - } - - // Render the opening tag. - if err := w.WriteByte('<'); err != nil { - return err - } - if _, err := w.WriteString(n.Data); err != nil { - return err - } - for _, a := range n.Attr { - if err := w.WriteByte(' '); err != nil { - return err - } - if a.Namespace != "" { - if _, err := w.WriteString(a.Namespace); err != nil { - return err - } - if err := w.WriteByte(':'); err != nil { - return err - } - } - if _, err := w.WriteString(a.Key); err != nil { - return err - } - if _, err := w.WriteString(`="`); err != nil { - return err - } - if err := escape(w, a.Val); err != nil { - return err - } - if err := w.WriteByte('"'); err != nil { - return err - } - } - if voidElements[n.Data] { - if n.FirstChild != nil { - return fmt.Errorf("html: void element <%s> has child nodes", n.Data) - } - _, err := w.WriteString("/>") - return err - } - if err := w.WriteByte('>'); err != nil { - return err - } - - // Add initial newline where there is danger of a newline beging ignored. - if c := n.FirstChild; c != nil && c.Type == TextNode && strings.HasPrefix(c.Data, "\n") { - switch n.Data { - case "pre", "listing", "textarea": - if err := w.WriteByte('\n'); err != nil { - return err - } - } - } - - // Render any child nodes. - switch n.Data { - case "iframe", "noembed", "noframes", "noscript", "plaintext", "script", "style", "xmp": - for c := n.FirstChild; c != nil; c = c.NextSibling { - if c.Type == TextNode { - if _, err := w.WriteString(c.Data); err != nil { - return err - } - } else { - if err := render1(w, c); err != nil { - return err - } - } - } - if n.Data == "plaintext" { - // Don't render anything else. must be the - // last element in the file, with no closing tag. - return plaintextAbort - } - default: - for c := n.FirstChild; c != nil; c = c.NextSibling { - if err := render1(w, c); err != nil { - return err - } - } - } - - // Render the </xxx> closing tag. - if _, err := w.WriteString("</"); err != nil { - return err - } - if _, err := w.WriteString(n.Data); err != nil { - return err - } - return w.WriteByte('>') -} - -// writeQuoted writes s to w surrounded by quotes. Normally it will use double -// quotes, but if s contains a double quote, it will use single quotes. -// It is used for writing the identifiers in a doctype declaration. -// In valid HTML, they can't contain both types of quotes. -func writeQuoted(w writer, s string) error { - var q byte = '"' - if strings.Contains(s, `"`) { - q = '\'' - } - if err := w.WriteByte(q); err != nil { - return err - } - if _, err := w.WriteString(s); err != nil { - return err - } - if err := w.WriteByte(q); err != nil { - return err - } - return nil -} - -// Section 12.1.2, "Elements", gives this list of void elements. Void elements -// are those that can't have any contents. -var voidElements = map[string]bool{ - "area": true, - "base": true, - "br": true, - "col": true, - "embed": true, - "hr": true, - "img": true, - "input": true, - "keygen": true, // "keygen" has been removed from the spec, but are kept here for backwards compatibility. - "link": true, - "meta": true, - "param": true, - "source": true, - "track": true, - "wbr": true, -} diff --git a/etcd/vendor/golang.org/x/net/html/token.go b/etcd/vendor/golang.org/x/net/html/token.go deleted file mode 100644 index 50f7c6aac8..0000000000 --- a/etcd/vendor/golang.org/x/net/html/token.go +++ /dev/null @@ -1,1261 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package html - -import ( - "bytes" - "errors" - "io" - "strconv" - "strings" - - "golang.org/x/net/html/atom" -) - -// A TokenType is the type of a Token. -type TokenType uint32 - -const ( - // ErrorToken means that an error occurred during tokenization. - ErrorToken TokenType = iota - // TextToken means a text node. - TextToken - // A StartTagToken looks like <a>. - StartTagToken - // An EndTagToken looks like </a>. - EndTagToken - // A SelfClosingTagToken tag looks like <br/>. - SelfClosingTagToken - // A CommentToken looks like <!--x-->. - CommentToken - // A DoctypeToken looks like <!DOCTYPE x> - DoctypeToken -) - -// ErrBufferExceeded means that the buffering limit was exceeded. -var ErrBufferExceeded = errors.New("max buffer exceeded") - -// String returns a string representation of the TokenType. -func (t TokenType) String() string { - switch t { - case ErrorToken: - return "Error" - case TextToken: - return "Text" - case StartTagToken: - return "StartTag" - case EndTagToken: - return "EndTag" - case SelfClosingTagToken: - return "SelfClosingTag" - case CommentToken: - return "Comment" - case DoctypeToken: - return "Doctype" - } - return "Invalid(" + strconv.Itoa(int(t)) + ")" -} - -// An Attribute is an attribute namespace-key-value triple. Namespace is -// non-empty for foreign attributes like xlink, Key is alphabetic (and hence -// does not contain escapable characters like '&', '<' or '>'), and Val is -// unescaped (it looks like "a<b" rather than "a&lt;b"). -// -// Namespace is only used by the parser, not the tokenizer. -type Attribute struct { - Namespace, Key, Val string -} - -// A Token consists of a TokenType and some Data (tag name for start and end -// tags, content for text, comments and doctypes). A tag Token may also contain -// a slice of Attributes. Data is unescaped for all Tokens (it looks like "a<b" -// rather than "a&lt;b"). For tag Tokens, DataAtom is the atom for Data, or -// zero if Data is not a known tag name. -type Token struct { - Type TokenType - DataAtom atom.Atom - Data string - Attr []Attribute -} - -// tagString returns a string representation of a tag Token's Data and Attr. -func (t Token) tagString() string { - if len(t.Attr) == 0 { - return t.Data - } - buf := bytes.NewBufferString(t.Data) - for _, a := range t.Attr { - buf.WriteByte(' ') - buf.WriteString(a.Key) - buf.WriteString(`="`) - escape(buf, a.Val) - buf.WriteByte('"') - } - return buf.String() -} - -// String returns a string representation of the Token. -func (t Token) String() string { - switch t.Type { - case ErrorToken: - return "" - case TextToken: - return EscapeString(t.Data) - case StartTagToken: - return "<" + t.tagString() + ">" - case EndTagToken: - return "</" + t.tagString() + ">" - case SelfClosingTagToken: - return "<" + t.tagString() + "/>" - case CommentToken: - return "<!--" + EscapeString(t.Data) + "-->" - case DoctypeToken: - return "<!DOCTYPE " + EscapeString(t.Data) + ">" - } - return "Invalid(" + strconv.Itoa(int(t.Type)) + ")" -} - -// span is a range of bytes in a Tokenizer's buffer. The start is inclusive, -// the end is exclusive. -type span struct { - start, end int -} - -// A Tokenizer returns a stream of HTML Tokens. -type Tokenizer struct { - // r is the source of the HTML text. - r io.Reader - // tt is the TokenType of the current token. - tt TokenType - // err is the first error encountered during tokenization. It is possible - // for tt != Error && err != nil to hold: this means that Next returned a - // valid token but the subsequent Next call will return an error token. - // For example, if the HTML text input was just "plain", then the first - // Next call would set z.err to io.EOF but return a TextToken, and all - // subsequent Next calls would return an ErrorToken. - // err is never reset. Once it becomes non-nil, it stays non-nil. - err error - // readErr is the error returned by the io.Reader r. It is separate from - // err because it is valid for an io.Reader to return (n int, err1 error) - // such that n > 0 && err1 != nil, and callers should always process the - // n > 0 bytes before considering the error err1. - readErr error - // buf[raw.start:raw.end] holds the raw bytes of the current token. - // buf[raw.end:] is buffered input that will yield future tokens. - raw span - buf []byte - // maxBuf limits the data buffered in buf. A value of 0 means unlimited. - maxBuf int - // buf[data.start:data.end] holds the raw bytes of the current token's data: - // a text token's text, a tag token's tag name, etc. - data span - // pendingAttr is the attribute key and value currently being tokenized. - // When complete, pendingAttr is pushed onto attr. nAttrReturned is - // incremented on each call to TagAttr. - pendingAttr [2]span - attr [][2]span - nAttrReturned int - // rawTag is the "script" in "</script>" that closes the next token. If - // non-empty, the subsequent call to Next will return a raw or RCDATA text - // token: one that treats "<p>" as text instead of an element. - // rawTag's contents are lower-cased. - rawTag string - // textIsRaw is whether the current text token's data is not escaped. - textIsRaw bool - // convertNUL is whether NUL bytes in the current token's data should - // be converted into \ufffd replacement characters. - convertNUL bool - // allowCDATA is whether CDATA sections are allowed in the current context. - allowCDATA bool -} - -// AllowCDATA sets whether or not the tokenizer recognizes <![CDATA[foo]]> as -// the text "foo". The default value is false, which means to recognize it as -// a bogus comment "<!-- [CDATA[foo]] -->" instead. -// -// Strictly speaking, an HTML5 compliant tokenizer should allow CDATA if and -// only if tokenizing foreign content, such as MathML and SVG. However, -// tracking foreign-contentness is difficult to do purely in the tokenizer, -// as opposed to the parser, due to HTML integration points: an <svg> element -// can contain a <foreignObject> that is foreign-to-SVG but not foreign-to- -// HTML. For strict compliance with the HTML5 tokenization algorithm, it is the -// responsibility of the user of a tokenizer to call AllowCDATA as appropriate. -// In practice, if using the tokenizer without caring whether MathML or SVG -// CDATA is text or comments, such as tokenizing HTML to find all the anchor -// text, it is acceptable to ignore this responsibility. -func (z *Tokenizer) AllowCDATA(allowCDATA bool) { - z.allowCDATA = allowCDATA -} - -// NextIsNotRawText instructs the tokenizer that the next token should not be -// considered as 'raw text'. Some elements, such as script and title elements, -// normally require the next token after the opening tag to be 'raw text' that -// has no child elements. For example, tokenizing "<title>a<b>c</b>d</title>" -// yields a start tag token for "<title>", a text token for "a<b>c</b>d", and -// an end tag token for "</title>". There are no distinct start tag or end tag -// tokens for the "<b>" and "</b>". -// -// This tokenizer implementation will generally look for raw text at the right -// times. Strictly speaking, an HTML5 compliant tokenizer should not look for -// raw text if in foreign content: <title> generally needs raw text, but a -// <title> inside an <svg> does not. Another example is that a <textarea> -// generally needs raw text, but a <textarea> is not allowed as an immediate -// child of a <select>; in normal parsing, a <textarea> implies </select>, but -// one cannot close the implicit element when parsing a <select>'s InnerHTML. -// Similarly to AllowCDATA, tracking the correct moment to override raw-text- -// ness is difficult to do purely in the tokenizer, as opposed to the parser. -// For strict compliance with the HTML5 tokenization algorithm, it is the -// responsibility of the user of a tokenizer to call NextIsNotRawText as -// appropriate. In practice, like AllowCDATA, it is acceptable to ignore this -// responsibility for basic usage. -// -// Note that this 'raw text' concept is different from the one offered by the -// Tokenizer.Raw method. -func (z *Tokenizer) NextIsNotRawText() { - z.rawTag = "" -} - -// Err returns the error associated with the most recent ErrorToken token. -// This is typically io.EOF, meaning the end of tokenization. -func (z *Tokenizer) Err() error { - if z.tt != ErrorToken { - return nil - } - return z.err -} - -// readByte returns the next byte from the input stream, doing a buffered read -// from z.r into z.buf if necessary. z.buf[z.raw.start:z.raw.end] remains a contiguous byte -// slice that holds all the bytes read so far for the current token. -// It sets z.err if the underlying reader returns an error. -// Pre-condition: z.err == nil. -func (z *Tokenizer) readByte() byte { - if z.raw.end >= len(z.buf) { - // Our buffer is exhausted and we have to read from z.r. Check if the - // previous read resulted in an error. - if z.readErr != nil { - z.err = z.readErr - return 0 - } - // We copy z.buf[z.raw.start:z.raw.end] to the beginning of z.buf. If the length - // z.raw.end - z.raw.start is more than half the capacity of z.buf, then we - // allocate a new buffer before the copy. - c := cap(z.buf) - d := z.raw.end - z.raw.start - var buf1 []byte - if 2*d > c { - buf1 = make([]byte, d, 2*c) - } else { - buf1 = z.buf[:d] - } - copy(buf1, z.buf[z.raw.start:z.raw.end]) - if x := z.raw.start; x != 0 { - // Adjust the data/attr spans to refer to the same contents after the copy. - z.data.start -= x - z.data.end -= x - z.pendingAttr[0].start -= x - z.pendingAttr[0].end -= x - z.pendingAttr[1].start -= x - z.pendingAttr[1].end -= x - for i := range z.attr { - z.attr[i][0].start -= x - z.attr[i][0].end -= x - z.attr[i][1].start -= x - z.attr[i][1].end -= x - } - } - z.raw.start, z.raw.end, z.buf = 0, d, buf1[:d] - // Now that we have copied the live bytes to the start of the buffer, - // we read from z.r into the remainder. - var n int - n, z.readErr = readAtLeastOneByte(z.r, buf1[d:cap(buf1)]) - if n == 0 { - z.err = z.readErr - return 0 - } - z.buf = buf1[:d+n] - } - x := z.buf[z.raw.end] - z.raw.end++ - if z.maxBuf > 0 && z.raw.end-z.raw.start >= z.maxBuf { - z.err = ErrBufferExceeded - return 0 - } - return x -} - -// Buffered returns a slice containing data buffered but not yet tokenized. -func (z *Tokenizer) Buffered() []byte { - return z.buf[z.raw.end:] -} - -// readAtLeastOneByte wraps an io.Reader so that reading cannot return (0, nil). -// It returns io.ErrNoProgress if the underlying r.Read method returns (0, nil) -// too many times in succession. -func readAtLeastOneByte(r io.Reader, b []byte) (int, error) { - for i := 0; i < 100; i++ { - if n, err := r.Read(b); n != 0 || err != nil { - return n, err - } - } - return 0, io.ErrNoProgress -} - -// skipWhiteSpace skips past any white space. -func (z *Tokenizer) skipWhiteSpace() { - if z.err != nil { - return - } - for { - c := z.readByte() - if z.err != nil { - return - } - switch c { - case ' ', '\n', '\r', '\t', '\f': - // No-op. - default: - z.raw.end-- - return - } - } -} - -// readRawOrRCDATA reads until the next "</foo>", where "foo" is z.rawTag and -// is typically something like "script" or "textarea". -func (z *Tokenizer) readRawOrRCDATA() { - if z.rawTag == "script" { - z.readScript() - z.textIsRaw = true - z.rawTag = "" - return - } -loop: - for { - c := z.readByte() - if z.err != nil { - break loop - } - if c != '<' { - continue loop - } - c = z.readByte() - if z.err != nil { - break loop - } - if c != '/' { - z.raw.end-- - continue loop - } - if z.readRawEndTag() || z.err != nil { - break loop - } - } - z.data.end = z.raw.end - // A textarea's or title's RCDATA can contain escaped entities. - z.textIsRaw = z.rawTag != "textarea" && z.rawTag != "title" - z.rawTag = "" -} - -// readRawEndTag attempts to read a tag like "</foo>", where "foo" is z.rawTag. -// If it succeeds, it backs up the input position to reconsume the tag and -// returns true. Otherwise it returns false. The opening "</" has already been -// consumed. -func (z *Tokenizer) readRawEndTag() bool { - for i := 0; i < len(z.rawTag); i++ { - c := z.readByte() - if z.err != nil { - return false - } - if c != z.rawTag[i] && c != z.rawTag[i]-('a'-'A') { - z.raw.end-- - return false - } - } - c := z.readByte() - if z.err != nil { - return false - } - switch c { - case ' ', '\n', '\r', '\t', '\f', '/', '>': - // The 3 is 2 for the leading "</" plus 1 for the trailing character c. - z.raw.end -= 3 + len(z.rawTag) - return true - } - z.raw.end-- - return false -} - -// readScript reads until the next </script> tag, following the byzantine -// rules for escaping/hiding the closing tag. -func (z *Tokenizer) readScript() { - defer func() { - z.data.end = z.raw.end - }() - var c byte - -scriptData: - c = z.readByte() - if z.err != nil { - return - } - if c == '<' { - goto scriptDataLessThanSign - } - goto scriptData - -scriptDataLessThanSign: - c = z.readByte() - if z.err != nil { - return - } - switch c { - case '/': - goto scriptDataEndTagOpen - case '!': - goto scriptDataEscapeStart - } - z.raw.end-- - goto scriptData - -scriptDataEndTagOpen: - if z.readRawEndTag() || z.err != nil { - return - } - goto scriptData - -scriptDataEscapeStart: - c = z.readByte() - if z.err != nil { - return - } - if c == '-' { - goto scriptDataEscapeStartDash - } - z.raw.end-- - goto scriptData - -scriptDataEscapeStartDash: - c = z.readByte() - if z.err != nil { - return - } - if c == '-' { - goto scriptDataEscapedDashDash - } - z.raw.end-- - goto scriptData - -scriptDataEscaped: - c = z.readByte() - if z.err != nil { - return - } - switch c { - case '-': - goto scriptDataEscapedDash - case '<': - goto scriptDataEscapedLessThanSign - } - goto scriptDataEscaped - -scriptDataEscapedDash: - c = z.readByte() - if z.err != nil { - return - } - switch c { - case '-': - goto scriptDataEscapedDashDash - case '<': - goto scriptDataEscapedLessThanSign - } - goto scriptDataEscaped - -scriptDataEscapedDashDash: - c = z.readByte() - if z.err != nil { - return - } - switch c { - case '-': - goto scriptDataEscapedDashDash - case '<': - goto scriptDataEscapedLessThanSign - case '>': - goto scriptData - } - goto scriptDataEscaped - -scriptDataEscapedLessThanSign: - c = z.readByte() - if z.err != nil { - return - } - if c == '/' { - goto scriptDataEscapedEndTagOpen - } - if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' { - goto scriptDataDoubleEscapeStart - } - z.raw.end-- - goto scriptData - -scriptDataEscapedEndTagOpen: - if z.readRawEndTag() || z.err != nil { - return - } - goto scriptDataEscaped - -scriptDataDoubleEscapeStart: - z.raw.end-- - for i := 0; i < len("script"); i++ { - c = z.readByte() - if z.err != nil { - return - } - if c != "script"[i] && c != "SCRIPT"[i] { - z.raw.end-- - goto scriptDataEscaped - } - } - c = z.readByte() - if z.err != nil { - return - } - switch c { - case ' ', '\n', '\r', '\t', '\f', '/', '>': - goto scriptDataDoubleEscaped - } - z.raw.end-- - goto scriptDataEscaped - -scriptDataDoubleEscaped: - c = z.readByte() - if z.err != nil { - return - } - switch c { - case '-': - goto scriptDataDoubleEscapedDash - case '<': - goto scriptDataDoubleEscapedLessThanSign - } - goto scriptDataDoubleEscaped - -scriptDataDoubleEscapedDash: - c = z.readByte() - if z.err != nil { - return - } - switch c { - case '-': - goto scriptDataDoubleEscapedDashDash - case '<': - goto scriptDataDoubleEscapedLessThanSign - } - goto scriptDataDoubleEscaped - -scriptDataDoubleEscapedDashDash: - c = z.readByte() - if z.err != nil { - return - } - switch c { - case '-': - goto scriptDataDoubleEscapedDashDash - case '<': - goto scriptDataDoubleEscapedLessThanSign - case '>': - goto scriptData - } - goto scriptDataDoubleEscaped - -scriptDataDoubleEscapedLessThanSign: - c = z.readByte() - if z.err != nil { - return - } - if c == '/' { - goto scriptDataDoubleEscapeEnd - } - z.raw.end-- - goto scriptDataDoubleEscaped - -scriptDataDoubleEscapeEnd: - if z.readRawEndTag() { - z.raw.end += len("</script>") - goto scriptDataEscaped - } - if z.err != nil { - return - } - goto scriptDataDoubleEscaped -} - -// readComment reads the next comment token starting with "<!--". The opening -// "<!--" has already been consumed. -func (z *Tokenizer) readComment() { - // When modifying this function, consider manually increasing the suffixLen - // constant in func TestComments, from 6 to e.g. 9 or more. That increase - // should only be temporary, not committed, as it exponentially affects the - // test running time. - - z.data.start = z.raw.end - defer func() { - if z.data.end < z.data.start { - // It's a comment with no data, like <!-->. - z.data.end = z.data.start - } - }() - - var dashCount int - beginning := true - for { - c := z.readByte() - if z.err != nil { - z.data.end = z.calculateAbruptCommentDataEnd() - return - } - switch c { - case '-': - dashCount++ - continue - case '>': - if dashCount >= 2 || beginning { - z.data.end = z.raw.end - len("-->") - return - } - case '!': - if dashCount >= 2 { - c = z.readByte() - if z.err != nil { - z.data.end = z.calculateAbruptCommentDataEnd() - return - } else if c == '>' { - z.data.end = z.raw.end - len("--!>") - return - } else if c == '-' { - dashCount = 1 - beginning = false - continue - } - } - } - dashCount = 0 - beginning = false - } -} - -func (z *Tokenizer) calculateAbruptCommentDataEnd() int { - raw := z.Raw() - const prefixLen = len("<!--") - if len(raw) >= prefixLen { - raw = raw[prefixLen:] - if hasSuffix(raw, "--!") { - return z.raw.end - 3 - } else if hasSuffix(raw, "--") { - return z.raw.end - 2 - } else if hasSuffix(raw, "-") { - return z.raw.end - 1 - } - } - return z.raw.end -} - -func hasSuffix(b []byte, suffix string) bool { - if len(b) < len(suffix) { - return false - } - b = b[len(b)-len(suffix):] - for i := range b { - if b[i] != suffix[i] { - return false - } - } - return true -} - -// readUntilCloseAngle reads until the next ">". -func (z *Tokenizer) readUntilCloseAngle() { - z.data.start = z.raw.end - for { - c := z.readByte() - if z.err != nil { - z.data.end = z.raw.end - return - } - if c == '>' { - z.data.end = z.raw.end - len(">") - return - } - } -} - -// readMarkupDeclaration reads the next token starting with "<!". It might be -// a "<!--comment-->", a "<!DOCTYPE foo>", a "<![CDATA[section]]>" or -// "<!a bogus comment". The opening "<!" has already been consumed. -func (z *Tokenizer) readMarkupDeclaration() TokenType { - z.data.start = z.raw.end - var c [2]byte - for i := 0; i < 2; i++ { - c[i] = z.readByte() - if z.err != nil { - z.data.end = z.raw.end - return CommentToken - } - } - if c[0] == '-' && c[1] == '-' { - z.readComment() - return CommentToken - } - z.raw.end -= 2 - if z.readDoctype() { - return DoctypeToken - } - if z.allowCDATA && z.readCDATA() { - z.convertNUL = true - return TextToken - } - // It's a bogus comment. - z.readUntilCloseAngle() - return CommentToken -} - -// readDoctype attempts to read a doctype declaration and returns true if -// successful. The opening "<!" has already been consumed. -func (z *Tokenizer) readDoctype() bool { - const s = "DOCTYPE" - for i := 0; i < len(s); i++ { - c := z.readByte() - if z.err != nil { - z.data.end = z.raw.end - return false - } - if c != s[i] && c != s[i]+('a'-'A') { - // Back up to read the fragment of "DOCTYPE" again. - z.raw.end = z.data.start - return false - } - } - if z.skipWhiteSpace(); z.err != nil { - z.data.start = z.raw.end - z.data.end = z.raw.end - return true - } - z.readUntilCloseAngle() - return true -} - -// readCDATA attempts to read a CDATA section and returns true if -// successful. The opening "<!" has already been consumed. -func (z *Tokenizer) readCDATA() bool { - const s = "[CDATA[" - for i := 0; i < len(s); i++ { - c := z.readByte() - if z.err != nil { - z.data.end = z.raw.end - return false - } - if c != s[i] { - // Back up to read the fragment of "[CDATA[" again. - z.raw.end = z.data.start - return false - } - } - z.data.start = z.raw.end - brackets := 0 - for { - c := z.readByte() - if z.err != nil { - z.data.end = z.raw.end - return true - } - switch c { - case ']': - brackets++ - case '>': - if brackets >= 2 { - z.data.end = z.raw.end - len("]]>") - return true - } - brackets = 0 - default: - brackets = 0 - } - } -} - -// startTagIn returns whether the start tag in z.buf[z.data.start:z.data.end] -// case-insensitively matches any element of ss. -func (z *Tokenizer) startTagIn(ss ...string) bool { -loop: - for _, s := range ss { - if z.data.end-z.data.start != len(s) { - continue loop - } - for i := 0; i < len(s); i++ { - c := z.buf[z.data.start+i] - if 'A' <= c && c <= 'Z' { - c += 'a' - 'A' - } - if c != s[i] { - continue loop - } - } - return true - } - return false -} - -// readStartTag reads the next start tag token. The opening "<a" has already -// been consumed, where 'a' means anything in [A-Za-z]. -func (z *Tokenizer) readStartTag() TokenType { - z.readTag(true) - if z.err != nil { - return ErrorToken - } - // Several tags flag the tokenizer's next token as raw. - c, raw := z.buf[z.data.start], false - if 'A' <= c && c <= 'Z' { - c += 'a' - 'A' - } - switch c { - case 'i': - raw = z.startTagIn("iframe") - case 'n': - raw = z.startTagIn("noembed", "noframes", "noscript") - case 'p': - raw = z.startTagIn("plaintext") - case 's': - raw = z.startTagIn("script", "style") - case 't': - raw = z.startTagIn("textarea", "title") - case 'x': - raw = z.startTagIn("xmp") - } - if raw { - z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end])) - } - // Look for a self-closing token like "<br/>". - if z.err == nil && z.buf[z.raw.end-2] == '/' { - return SelfClosingTagToken - } - return StartTagToken -} - -// readTag reads the next tag token and its attributes. If saveAttr, those -// attributes are saved in z.attr, otherwise z.attr is set to an empty slice. -// The opening "<a" or "</a" has already been consumed, where 'a' means anything -// in [A-Za-z]. -func (z *Tokenizer) readTag(saveAttr bool) { - z.attr = z.attr[:0] - z.nAttrReturned = 0 - // Read the tag name and attribute key/value pairs. - z.readTagName() - if z.skipWhiteSpace(); z.err != nil { - return - } - for { - c := z.readByte() - if z.err != nil || c == '>' { - break - } - z.raw.end-- - z.readTagAttrKey() - z.readTagAttrVal() - // Save pendingAttr if saveAttr and that attribute has a non-empty key. - if saveAttr && z.pendingAttr[0].start != z.pendingAttr[0].end { - z.attr = append(z.attr, z.pendingAttr) - } - if z.skipWhiteSpace(); z.err != nil { - break - } - } -} - -// readTagName sets z.data to the "div" in "<div k=v>". The reader (z.raw.end) -// is positioned such that the first byte of the tag name (the "d" in "<div") -// has already been consumed. -func (z *Tokenizer) readTagName() { - z.data.start = z.raw.end - 1 - for { - c := z.readByte() - if z.err != nil { - z.data.end = z.raw.end - return - } - switch c { - case ' ', '\n', '\r', '\t', '\f': - z.data.end = z.raw.end - 1 - return - case '/', '>': - z.raw.end-- - z.data.end = z.raw.end - return - } - } -} - -// readTagAttrKey sets z.pendingAttr[0] to the "k" in "<div k=v>". -// Precondition: z.err == nil. -func (z *Tokenizer) readTagAttrKey() { - z.pendingAttr[0].start = z.raw.end - for { - c := z.readByte() - if z.err != nil { - z.pendingAttr[0].end = z.raw.end - return - } - switch c { - case ' ', '\n', '\r', '\t', '\f', '/': - z.pendingAttr[0].end = z.raw.end - 1 - return - case '=', '>': - z.raw.end-- - z.pendingAttr[0].end = z.raw.end - return - } - } -} - -// readTagAttrVal sets z.pendingAttr[1] to the "v" in "<div k=v>". -func (z *Tokenizer) readTagAttrVal() { - z.pendingAttr[1].start = z.raw.end - z.pendingAttr[1].end = z.raw.end - if z.skipWhiteSpace(); z.err != nil { - return - } - c := z.readByte() - if z.err != nil { - return - } - if c != '=' { - z.raw.end-- - return - } - if z.skipWhiteSpace(); z.err != nil { - return - } - quote := z.readByte() - if z.err != nil { - return - } - switch quote { - case '>': - z.raw.end-- - return - - case '\'', '"': - z.pendingAttr[1].start = z.raw.end - for { - c := z.readByte() - if z.err != nil { - z.pendingAttr[1].end = z.raw.end - return - } - if c == quote { - z.pendingAttr[1].end = z.raw.end - 1 - return - } - } - - default: - z.pendingAttr[1].start = z.raw.end - 1 - for { - c := z.readByte() - if z.err != nil { - z.pendingAttr[1].end = z.raw.end - return - } - switch c { - case ' ', '\n', '\r', '\t', '\f': - z.pendingAttr[1].end = z.raw.end - 1 - return - case '>': - z.raw.end-- - z.pendingAttr[1].end = z.raw.end - return - } - } - } -} - -// Next scans the next token and returns its type. -func (z *Tokenizer) Next() TokenType { - z.raw.start = z.raw.end - z.data.start = z.raw.end - z.data.end = z.raw.end - if z.err != nil { - z.tt = ErrorToken - return z.tt - } - if z.rawTag != "" { - if z.rawTag == "plaintext" { - // Read everything up to EOF. - for z.err == nil { - z.readByte() - } - z.data.end = z.raw.end - z.textIsRaw = true - } else { - z.readRawOrRCDATA() - } - if z.data.end > z.data.start { - z.tt = TextToken - z.convertNUL = true - return z.tt - } - } - z.textIsRaw = false - z.convertNUL = false - -loop: - for { - c := z.readByte() - if z.err != nil { - break loop - } - if c != '<' { - continue loop - } - - // Check if the '<' we have just read is part of a tag, comment - // or doctype. If not, it's part of the accumulated text token. - c = z.readByte() - if z.err != nil { - break loop - } - var tokenType TokenType - switch { - case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z': - tokenType = StartTagToken - case c == '/': - tokenType = EndTagToken - case c == '!' || c == '?': - // We use CommentToken to mean any of "<!--actual comments-->", - // "<!DOCTYPE declarations>" and "<?xml processing instructions?>". - tokenType = CommentToken - default: - // Reconsume the current character. - z.raw.end-- - continue - } - - // We have a non-text token, but we might have accumulated some text - // before that. If so, we return the text first, and return the non- - // text token on the subsequent call to Next. - if x := z.raw.end - len("<a"); z.raw.start < x { - z.raw.end = x - z.data.end = x - z.tt = TextToken - return z.tt - } - switch tokenType { - case StartTagToken: - z.tt = z.readStartTag() - return z.tt - case EndTagToken: - c = z.readByte() - if z.err != nil { - break loop - } - if c == '>' { - // "</>" does not generate a token at all. Generate an empty comment - // to allow passthrough clients to pick up the data using Raw. - // Reset the tokenizer state and start again. - z.tt = CommentToken - return z.tt - } - if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' { - z.readTag(false) - if z.err != nil { - z.tt = ErrorToken - } else { - z.tt = EndTagToken - } - return z.tt - } - z.raw.end-- - z.readUntilCloseAngle() - z.tt = CommentToken - return z.tt - case CommentToken: - if c == '!' { - z.tt = z.readMarkupDeclaration() - return z.tt - } - z.raw.end-- - z.readUntilCloseAngle() - z.tt = CommentToken - return z.tt - } - } - if z.raw.start < z.raw.end { - z.data.end = z.raw.end - z.tt = TextToken - return z.tt - } - z.tt = ErrorToken - return z.tt -} - -// Raw returns the unmodified text of the current token. Calling Next, Token, -// Text, TagName or TagAttr may change the contents of the returned slice. -// -// The token stream's raw bytes partition the byte stream (up until an -// ErrorToken). There are no overlaps or gaps between two consecutive token's -// raw bytes. One implication is that the byte offset of the current token is -// the sum of the lengths of all previous tokens' raw bytes. -func (z *Tokenizer) Raw() []byte { - return z.buf[z.raw.start:z.raw.end] -} - -// convertNewlines converts "\r" and "\r\n" in s to "\n". -// The conversion happens in place, but the resulting slice may be shorter. -func convertNewlines(s []byte) []byte { - for i, c := range s { - if c != '\r' { - continue - } - - src := i + 1 - if src >= len(s) || s[src] != '\n' { - s[i] = '\n' - continue - } - - dst := i - for src < len(s) { - if s[src] == '\r' { - if src+1 < len(s) && s[src+1] == '\n' { - src++ - } - s[dst] = '\n' - } else { - s[dst] = s[src] - } - src++ - dst++ - } - return s[:dst] - } - return s -} - -var ( - nul = []byte("\x00") - replacement = []byte("\ufffd") -) - -// Text returns the unescaped text of a text, comment or doctype token. The -// contents of the returned slice may change on the next call to Next. -func (z *Tokenizer) Text() []byte { - switch z.tt { - case TextToken, CommentToken, DoctypeToken: - s := z.buf[z.data.start:z.data.end] - z.data.start = z.raw.end - z.data.end = z.raw.end - s = convertNewlines(s) - if (z.convertNUL || z.tt == CommentToken) && bytes.Contains(s, nul) { - s = bytes.Replace(s, nul, replacement, -1) - } - if !z.textIsRaw { - s = unescape(s, false) - } - return s - } - return nil -} - -// TagName returns the lower-cased name of a tag token (the `img` out of -// `<IMG SRC="foo">`) and whether the tag has attributes. -// The contents of the returned slice may change on the next call to Next. -func (z *Tokenizer) TagName() (name []byte, hasAttr bool) { - if z.data.start < z.data.end { - switch z.tt { - case StartTagToken, EndTagToken, SelfClosingTagToken: - s := z.buf[z.data.start:z.data.end] - z.data.start = z.raw.end - z.data.end = z.raw.end - return lower(s), z.nAttrReturned < len(z.attr) - } - } - return nil, false -} - -// TagAttr returns the lower-cased key and unescaped value of the next unparsed -// attribute for the current tag token and whether there are more attributes. -// The contents of the returned slices may change on the next call to Next. -func (z *Tokenizer) TagAttr() (key, val []byte, moreAttr bool) { - if z.nAttrReturned < len(z.attr) { - switch z.tt { - case StartTagToken, SelfClosingTagToken: - x := z.attr[z.nAttrReturned] - z.nAttrReturned++ - key = z.buf[x[0].start:x[0].end] - val = z.buf[x[1].start:x[1].end] - return lower(key), unescape(convertNewlines(val), true), z.nAttrReturned < len(z.attr) - } - } - return nil, nil, false -} - -// Token returns the current Token. The result's Data and Attr values remain -// valid after subsequent Next calls. -func (z *Tokenizer) Token() Token { - t := Token{Type: z.tt} - switch z.tt { - case TextToken, CommentToken, DoctypeToken: - t.Data = string(z.Text()) - case StartTagToken, SelfClosingTagToken, EndTagToken: - name, moreAttr := z.TagName() - for moreAttr { - var key, val []byte - key, val, moreAttr = z.TagAttr() - t.Attr = append(t.Attr, Attribute{"", atom.String(key), string(val)}) - } - if a := atom.Lookup(name); a != 0 { - t.DataAtom, t.Data = a, a.String() - } else { - t.DataAtom, t.Data = 0, string(name) - } - } - return t -} - -// SetMaxBuf sets a limit on the amount of data buffered during tokenization. -// A value of 0 means unlimited. -func (z *Tokenizer) SetMaxBuf(n int) { - z.maxBuf = n -} - -// NewTokenizer returns a new HTML Tokenizer for the given Reader. -// The input is assumed to be UTF-8 encoded. -func NewTokenizer(r io.Reader) *Tokenizer { - return NewTokenizerFragment(r, "") -} - -// NewTokenizerFragment returns a new HTML Tokenizer for the given Reader, for -// tokenizing an existing element's InnerHTML fragment. contextTag is that -// element's tag, such as "div" or "iframe". -// -// For example, how the InnerHTML "a<b" is tokenized depends on whether it is -// for a <p> tag or a <script> tag. -// -// The input is assumed to be UTF-8 encoded. -func NewTokenizerFragment(r io.Reader, contextTag string) *Tokenizer { - z := &Tokenizer{ - r: r, - buf: make([]byte, 0, 4096), - } - if contextTag != "" { - switch s := strings.ToLower(contextTag); s { - case "iframe", "noembed", "noframes", "noscript", "plaintext", "script", "style", "title", "textarea", "xmp": - z.rawTag = s - } - } - return z -} diff --git a/etcd/vendor/golang.org/x/net/websocket/client.go b/etcd/vendor/golang.org/x/net/websocket/client.go deleted file mode 100644 index 69a4ac7eef..0000000000 --- a/etcd/vendor/golang.org/x/net/websocket/client.go +++ /dev/null @@ -1,106 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package websocket - -import ( - "bufio" - "io" - "net" - "net/http" - "net/url" -) - -// DialError is an error that occurs while dialling a websocket server. -type DialError struct { - *Config - Err error -} - -func (e *DialError) Error() string { - return "websocket.Dial " + e.Config.Location.String() + ": " + e.Err.Error() -} - -// NewConfig creates a new WebSocket config for client connection. -func NewConfig(server, origin string) (config *Config, err error) { - config = new(Config) - config.Version = ProtocolVersionHybi13 - config.Location, err = url.ParseRequestURI(server) - if err != nil { - return - } - config.Origin, err = url.ParseRequestURI(origin) - if err != nil { - return - } - config.Header = http.Header(make(map[string][]string)) - return -} - -// NewClient creates a new WebSocket client connection over rwc. -func NewClient(config *Config, rwc io.ReadWriteCloser) (ws *Conn, err error) { - br := bufio.NewReader(rwc) - bw := bufio.NewWriter(rwc) - err = hybiClientHandshake(config, br, bw) - if err != nil { - return - } - buf := bufio.NewReadWriter(br, bw) - ws = newHybiClientConn(config, buf, rwc) - return -} - -// Dial opens a new client connection to a WebSocket. -func Dial(url_, protocol, origin string) (ws *Conn, err error) { - config, err := NewConfig(url_, origin) - if err != nil { - return nil, err - } - if protocol != "" { - config.Protocol = []string{protocol} - } - return DialConfig(config) -} - -var portMap = map[string]string{ - "ws": "80", - "wss": "443", -} - -func parseAuthority(location *url.URL) string { - if _, ok := portMap[location.Scheme]; ok { - if _, _, err := net.SplitHostPort(location.Host); err != nil { - return net.JoinHostPort(location.Host, portMap[location.Scheme]) - } - } - return location.Host -} - -// DialConfig opens a new client connection to a WebSocket with a config. -func DialConfig(config *Config) (ws *Conn, err error) { - var client net.Conn - if config.Location == nil { - return nil, &DialError{config, ErrBadWebSocketLocation} - } - if config.Origin == nil { - return nil, &DialError{config, ErrBadWebSocketOrigin} - } - dialer := config.Dialer - if dialer == nil { - dialer = &net.Dialer{} - } - client, err = dialWithDialer(dialer, config) - if err != nil { - goto Error - } - ws, err = NewClient(config, client) - if err != nil { - client.Close() - goto Error - } - return - -Error: - return nil, &DialError{config, err} -} diff --git a/etcd/vendor/golang.org/x/net/websocket/dial.go b/etcd/vendor/golang.org/x/net/websocket/dial.go deleted file mode 100644 index 2dab943a48..0000000000 --- a/etcd/vendor/golang.org/x/net/websocket/dial.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package websocket - -import ( - "crypto/tls" - "net" -) - -func dialWithDialer(dialer *net.Dialer, config *Config) (conn net.Conn, err error) { - switch config.Location.Scheme { - case "ws": - conn, err = dialer.Dial("tcp", parseAuthority(config.Location)) - - case "wss": - conn, err = tls.DialWithDialer(dialer, "tcp", parseAuthority(config.Location), config.TlsConfig) - - default: - err = ErrBadScheme - } - return -} diff --git a/etcd/vendor/golang.org/x/net/websocket/hybi.go b/etcd/vendor/golang.org/x/net/websocket/hybi.go deleted file mode 100644 index 48a069e190..0000000000 --- a/etcd/vendor/golang.org/x/net/websocket/hybi.go +++ /dev/null @@ -1,583 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package websocket - -// This file implements a protocol of hybi draft. -// http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-17 - -import ( - "bufio" - "bytes" - "crypto/rand" - "crypto/sha1" - "encoding/base64" - "encoding/binary" - "fmt" - "io" - "io/ioutil" - "net/http" - "net/url" - "strings" -) - -const ( - websocketGUID = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11" - - closeStatusNormal = 1000 - closeStatusGoingAway = 1001 - closeStatusProtocolError = 1002 - closeStatusUnsupportedData = 1003 - closeStatusFrameTooLarge = 1004 - closeStatusNoStatusRcvd = 1005 - closeStatusAbnormalClosure = 1006 - closeStatusBadMessageData = 1007 - closeStatusPolicyViolation = 1008 - closeStatusTooBigData = 1009 - closeStatusExtensionMismatch = 1010 - - maxControlFramePayloadLength = 125 -) - -var ( - ErrBadMaskingKey = &ProtocolError{"bad masking key"} - ErrBadPongMessage = &ProtocolError{"bad pong message"} - ErrBadClosingStatus = &ProtocolError{"bad closing status"} - ErrUnsupportedExtensions = &ProtocolError{"unsupported extensions"} - ErrNotImplemented = &ProtocolError{"not implemented"} - - handshakeHeader = map[string]bool{ - "Host": true, - "Upgrade": true, - "Connection": true, - "Sec-Websocket-Key": true, - "Sec-Websocket-Origin": true, - "Sec-Websocket-Version": true, - "Sec-Websocket-Protocol": true, - "Sec-Websocket-Accept": true, - } -) - -// A hybiFrameHeader is a frame header as defined in hybi draft. -type hybiFrameHeader struct { - Fin bool - Rsv [3]bool - OpCode byte - Length int64 - MaskingKey []byte - - data *bytes.Buffer -} - -// A hybiFrameReader is a reader for hybi frame. -type hybiFrameReader struct { - reader io.Reader - - header hybiFrameHeader - pos int64 - length int -} - -func (frame *hybiFrameReader) Read(msg []byte) (n int, err error) { - n, err = frame.reader.Read(msg) - if frame.header.MaskingKey != nil { - for i := 0; i < n; i++ { - msg[i] = msg[i] ^ frame.header.MaskingKey[frame.pos%4] - frame.pos++ - } - } - return n, err -} - -func (frame *hybiFrameReader) PayloadType() byte { return frame.header.OpCode } - -func (frame *hybiFrameReader) HeaderReader() io.Reader { - if frame.header.data == nil { - return nil - } - if frame.header.data.Len() == 0 { - return nil - } - return frame.header.data -} - -func (frame *hybiFrameReader) TrailerReader() io.Reader { return nil } - -func (frame *hybiFrameReader) Len() (n int) { return frame.length } - -// A hybiFrameReaderFactory creates new frame reader based on its frame type. -type hybiFrameReaderFactory struct { - *bufio.Reader -} - -// NewFrameReader reads a frame header from the connection, and creates new reader for the frame. -// See Section 5.2 Base Framing protocol for detail. -// http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-17#section-5.2 -func (buf hybiFrameReaderFactory) NewFrameReader() (frame frameReader, err error) { - hybiFrame := new(hybiFrameReader) - frame = hybiFrame - var header []byte - var b byte - // First byte. FIN/RSV1/RSV2/RSV3/OpCode(4bits) - b, err = buf.ReadByte() - if err != nil { - return - } - header = append(header, b) - hybiFrame.header.Fin = ((header[0] >> 7) & 1) != 0 - for i := 0; i < 3; i++ { - j := uint(6 - i) - hybiFrame.header.Rsv[i] = ((header[0] >> j) & 1) != 0 - } - hybiFrame.header.OpCode = header[0] & 0x0f - - // Second byte. Mask/Payload len(7bits) - b, err = buf.ReadByte() - if err != nil { - return - } - header = append(header, b) - mask := (b & 0x80) != 0 - b &= 0x7f - lengthFields := 0 - switch { - case b <= 125: // Payload length 7bits. - hybiFrame.header.Length = int64(b) - case b == 126: // Payload length 7+16bits - lengthFields = 2 - case b == 127: // Payload length 7+64bits - lengthFields = 8 - } - for i := 0; i < lengthFields; i++ { - b, err = buf.ReadByte() - if err != nil { - return - } - if lengthFields == 8 && i == 0 { // MSB must be zero when 7+64 bits - b &= 0x7f - } - header = append(header, b) - hybiFrame.header.Length = hybiFrame.header.Length*256 + int64(b) - } - if mask { - // Masking key. 4 bytes. - for i := 0; i < 4; i++ { - b, err = buf.ReadByte() - if err != nil { - return - } - header = append(header, b) - hybiFrame.header.MaskingKey = append(hybiFrame.header.MaskingKey, b) - } - } - hybiFrame.reader = io.LimitReader(buf.Reader, hybiFrame.header.Length) - hybiFrame.header.data = bytes.NewBuffer(header) - hybiFrame.length = len(header) + int(hybiFrame.header.Length) - return -} - -// A HybiFrameWriter is a writer for hybi frame. -type hybiFrameWriter struct { - writer *bufio.Writer - - header *hybiFrameHeader -} - -func (frame *hybiFrameWriter) Write(msg []byte) (n int, err error) { - var header []byte - var b byte - if frame.header.Fin { - b |= 0x80 - } - for i := 0; i < 3; i++ { - if frame.header.Rsv[i] { - j := uint(6 - i) - b |= 1 << j - } - } - b |= frame.header.OpCode - header = append(header, b) - if frame.header.MaskingKey != nil { - b = 0x80 - } else { - b = 0 - } - lengthFields := 0 - length := len(msg) - switch { - case length <= 125: - b |= byte(length) - case length < 65536: - b |= 126 - lengthFields = 2 - default: - b |= 127 - lengthFields = 8 - } - header = append(header, b) - for i := 0; i < lengthFields; i++ { - j := uint((lengthFields - i - 1) * 8) - b = byte((length >> j) & 0xff) - header = append(header, b) - } - if frame.header.MaskingKey != nil { - if len(frame.header.MaskingKey) != 4 { - return 0, ErrBadMaskingKey - } - header = append(header, frame.header.MaskingKey...) - frame.writer.Write(header) - data := make([]byte, length) - for i := range data { - data[i] = msg[i] ^ frame.header.MaskingKey[i%4] - } - frame.writer.Write(data) - err = frame.writer.Flush() - return length, err - } - frame.writer.Write(header) - frame.writer.Write(msg) - err = frame.writer.Flush() - return length, err -} - -func (frame *hybiFrameWriter) Close() error { return nil } - -type hybiFrameWriterFactory struct { - *bufio.Writer - needMaskingKey bool -} - -func (buf hybiFrameWriterFactory) NewFrameWriter(payloadType byte) (frame frameWriter, err error) { - frameHeader := &hybiFrameHeader{Fin: true, OpCode: payloadType} - if buf.needMaskingKey { - frameHeader.MaskingKey, err = generateMaskingKey() - if err != nil { - return nil, err - } - } - return &hybiFrameWriter{writer: buf.Writer, header: frameHeader}, nil -} - -type hybiFrameHandler struct { - conn *Conn - payloadType byte -} - -func (handler *hybiFrameHandler) HandleFrame(frame frameReader) (frameReader, error) { - if handler.conn.IsServerConn() { - // The client MUST mask all frames sent to the server. - if frame.(*hybiFrameReader).header.MaskingKey == nil { - handler.WriteClose(closeStatusProtocolError) - return nil, io.EOF - } - } else { - // The server MUST NOT mask all frames. - if frame.(*hybiFrameReader).header.MaskingKey != nil { - handler.WriteClose(closeStatusProtocolError) - return nil, io.EOF - } - } - if header := frame.HeaderReader(); header != nil { - io.Copy(ioutil.Discard, header) - } - switch frame.PayloadType() { - case ContinuationFrame: - frame.(*hybiFrameReader).header.OpCode = handler.payloadType - case TextFrame, BinaryFrame: - handler.payloadType = frame.PayloadType() - case CloseFrame: - return nil, io.EOF - case PingFrame, PongFrame: - b := make([]byte, maxControlFramePayloadLength) - n, err := io.ReadFull(frame, b) - if err != nil && err != io.EOF && err != io.ErrUnexpectedEOF { - return nil, err - } - io.Copy(ioutil.Discard, frame) - if frame.PayloadType() == PingFrame { - if _, err := handler.WritePong(b[:n]); err != nil { - return nil, err - } - } - return nil, nil - } - return frame, nil -} - -func (handler *hybiFrameHandler) WriteClose(status int) (err error) { - handler.conn.wio.Lock() - defer handler.conn.wio.Unlock() - w, err := handler.conn.frameWriterFactory.NewFrameWriter(CloseFrame) - if err != nil { - return err - } - msg := make([]byte, 2) - binary.BigEndian.PutUint16(msg, uint16(status)) - _, err = w.Write(msg) - w.Close() - return err -} - -func (handler *hybiFrameHandler) WritePong(msg []byte) (n int, err error) { - handler.conn.wio.Lock() - defer handler.conn.wio.Unlock() - w, err := handler.conn.frameWriterFactory.NewFrameWriter(PongFrame) - if err != nil { - return 0, err - } - n, err = w.Write(msg) - w.Close() - return n, err -} - -// newHybiConn creates a new WebSocket connection speaking hybi draft protocol. -func newHybiConn(config *Config, buf *bufio.ReadWriter, rwc io.ReadWriteCloser, request *http.Request) *Conn { - if buf == nil { - br := bufio.NewReader(rwc) - bw := bufio.NewWriter(rwc) - buf = bufio.NewReadWriter(br, bw) - } - ws := &Conn{config: config, request: request, buf: buf, rwc: rwc, - frameReaderFactory: hybiFrameReaderFactory{buf.Reader}, - frameWriterFactory: hybiFrameWriterFactory{ - buf.Writer, request == nil}, - PayloadType: TextFrame, - defaultCloseStatus: closeStatusNormal} - ws.frameHandler = &hybiFrameHandler{conn: ws} - return ws -} - -// generateMaskingKey generates a masking key for a frame. -func generateMaskingKey() (maskingKey []byte, err error) { - maskingKey = make([]byte, 4) - if _, err = io.ReadFull(rand.Reader, maskingKey); err != nil { - return - } - return -} - -// generateNonce generates a nonce consisting of a randomly selected 16-byte -// value that has been base64-encoded. -func generateNonce() (nonce []byte) { - key := make([]byte, 16) - if _, err := io.ReadFull(rand.Reader, key); err != nil { - panic(err) - } - nonce = make([]byte, 24) - base64.StdEncoding.Encode(nonce, key) - return -} - -// removeZone removes IPv6 zone identifier from host. -// E.g., "[fe80::1%en0]:8080" to "[fe80::1]:8080" -func removeZone(host string) string { - if !strings.HasPrefix(host, "[") { - return host - } - i := strings.LastIndex(host, "]") - if i < 0 { - return host - } - j := strings.LastIndex(host[:i], "%") - if j < 0 { - return host - } - return host[:j] + host[i:] -} - -// getNonceAccept computes the base64-encoded SHA-1 of the concatenation of -// the nonce ("Sec-WebSocket-Key" value) with the websocket GUID string. -func getNonceAccept(nonce []byte) (expected []byte, err error) { - h := sha1.New() - if _, err = h.Write(nonce); err != nil { - return - } - if _, err = h.Write([]byte(websocketGUID)); err != nil { - return - } - expected = make([]byte, 28) - base64.StdEncoding.Encode(expected, h.Sum(nil)) - return -} - -// Client handshake described in draft-ietf-hybi-thewebsocket-protocol-17 -func hybiClientHandshake(config *Config, br *bufio.Reader, bw *bufio.Writer) (err error) { - bw.WriteString("GET " + config.Location.RequestURI() + " HTTP/1.1\r\n") - - // According to RFC 6874, an HTTP client, proxy, or other - // intermediary must remove any IPv6 zone identifier attached - // to an outgoing URI. - bw.WriteString("Host: " + removeZone(config.Location.Host) + "\r\n") - bw.WriteString("Upgrade: websocket\r\n") - bw.WriteString("Connection: Upgrade\r\n") - nonce := generateNonce() - if config.handshakeData != nil { - nonce = []byte(config.handshakeData["key"]) - } - bw.WriteString("Sec-WebSocket-Key: " + string(nonce) + "\r\n") - bw.WriteString("Origin: " + strings.ToLower(config.Origin.String()) + "\r\n") - - if config.Version != ProtocolVersionHybi13 { - return ErrBadProtocolVersion - } - - bw.WriteString("Sec-WebSocket-Version: " + fmt.Sprintf("%d", config.Version) + "\r\n") - if len(config.Protocol) > 0 { - bw.WriteString("Sec-WebSocket-Protocol: " + strings.Join(config.Protocol, ", ") + "\r\n") - } - // TODO(ukai): send Sec-WebSocket-Extensions. - err = config.Header.WriteSubset(bw, handshakeHeader) - if err != nil { - return err - } - - bw.WriteString("\r\n") - if err = bw.Flush(); err != nil { - return err - } - - resp, err := http.ReadResponse(br, &http.Request{Method: "GET"}) - if err != nil { - return err - } - if resp.StatusCode != 101 { - return ErrBadStatus - } - if strings.ToLower(resp.Header.Get("Upgrade")) != "websocket" || - strings.ToLower(resp.Header.Get("Connection")) != "upgrade" { - return ErrBadUpgrade - } - expectedAccept, err := getNonceAccept(nonce) - if err != nil { - return err - } - if resp.Header.Get("Sec-WebSocket-Accept") != string(expectedAccept) { - return ErrChallengeResponse - } - if resp.Header.Get("Sec-WebSocket-Extensions") != "" { - return ErrUnsupportedExtensions - } - offeredProtocol := resp.Header.Get("Sec-WebSocket-Protocol") - if offeredProtocol != "" { - protocolMatched := false - for i := 0; i < len(config.Protocol); i++ { - if config.Protocol[i] == offeredProtocol { - protocolMatched = true - break - } - } - if !protocolMatched { - return ErrBadWebSocketProtocol - } - config.Protocol = []string{offeredProtocol} - } - - return nil -} - -// newHybiClientConn creates a client WebSocket connection after handshake. -func newHybiClientConn(config *Config, buf *bufio.ReadWriter, rwc io.ReadWriteCloser) *Conn { - return newHybiConn(config, buf, rwc, nil) -} - -// A HybiServerHandshaker performs a server handshake using hybi draft protocol. -type hybiServerHandshaker struct { - *Config - accept []byte -} - -func (c *hybiServerHandshaker) ReadHandshake(buf *bufio.Reader, req *http.Request) (code int, err error) { - c.Version = ProtocolVersionHybi13 - if req.Method != "GET" { - return http.StatusMethodNotAllowed, ErrBadRequestMethod - } - // HTTP version can be safely ignored. - - if strings.ToLower(req.Header.Get("Upgrade")) != "websocket" || - !strings.Contains(strings.ToLower(req.Header.Get("Connection")), "upgrade") { - return http.StatusBadRequest, ErrNotWebSocket - } - - key := req.Header.Get("Sec-Websocket-Key") - if key == "" { - return http.StatusBadRequest, ErrChallengeResponse - } - version := req.Header.Get("Sec-Websocket-Version") - switch version { - case "13": - c.Version = ProtocolVersionHybi13 - default: - return http.StatusBadRequest, ErrBadWebSocketVersion - } - var scheme string - if req.TLS != nil { - scheme = "wss" - } else { - scheme = "ws" - } - c.Location, err = url.ParseRequestURI(scheme + "://" + req.Host + req.URL.RequestURI()) - if err != nil { - return http.StatusBadRequest, err - } - protocol := strings.TrimSpace(req.Header.Get("Sec-Websocket-Protocol")) - if protocol != "" { - protocols := strings.Split(protocol, ",") - for i := 0; i < len(protocols); i++ { - c.Protocol = append(c.Protocol, strings.TrimSpace(protocols[i])) - } - } - c.accept, err = getNonceAccept([]byte(key)) - if err != nil { - return http.StatusInternalServerError, err - } - return http.StatusSwitchingProtocols, nil -} - -// Origin parses the Origin header in req. -// If the Origin header is not set, it returns nil and nil. -func Origin(config *Config, req *http.Request) (*url.URL, error) { - var origin string - switch config.Version { - case ProtocolVersionHybi13: - origin = req.Header.Get("Origin") - } - if origin == "" { - return nil, nil - } - return url.ParseRequestURI(origin) -} - -func (c *hybiServerHandshaker) AcceptHandshake(buf *bufio.Writer) (err error) { - if len(c.Protocol) > 0 { - if len(c.Protocol) != 1 { - // You need choose a Protocol in Handshake func in Server. - return ErrBadWebSocketProtocol - } - } - buf.WriteString("HTTP/1.1 101 Switching Protocols\r\n") - buf.WriteString("Upgrade: websocket\r\n") - buf.WriteString("Connection: Upgrade\r\n") - buf.WriteString("Sec-WebSocket-Accept: " + string(c.accept) + "\r\n") - if len(c.Protocol) > 0 { - buf.WriteString("Sec-WebSocket-Protocol: " + c.Protocol[0] + "\r\n") - } - // TODO(ukai): send Sec-WebSocket-Extensions. - if c.Header != nil { - err := c.Header.WriteSubset(buf, handshakeHeader) - if err != nil { - return err - } - } - buf.WriteString("\r\n") - return buf.Flush() -} - -func (c *hybiServerHandshaker) NewServerConn(buf *bufio.ReadWriter, rwc io.ReadWriteCloser, request *http.Request) *Conn { - return newHybiServerConn(c.Config, buf, rwc, request) -} - -// newHybiServerConn returns a new WebSocket connection speaking hybi draft protocol. -func newHybiServerConn(config *Config, buf *bufio.ReadWriter, rwc io.ReadWriteCloser, request *http.Request) *Conn { - return newHybiConn(config, buf, rwc, request) -} diff --git a/etcd/vendor/golang.org/x/net/websocket/server.go b/etcd/vendor/golang.org/x/net/websocket/server.go deleted file mode 100644 index 0895dea190..0000000000 --- a/etcd/vendor/golang.org/x/net/websocket/server.go +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package websocket - -import ( - "bufio" - "fmt" - "io" - "net/http" -) - -func newServerConn(rwc io.ReadWriteCloser, buf *bufio.ReadWriter, req *http.Request, config *Config, handshake func(*Config, *http.Request) error) (conn *Conn, err error) { - var hs serverHandshaker = &hybiServerHandshaker{Config: config} - code, err := hs.ReadHandshake(buf.Reader, req) - if err == ErrBadWebSocketVersion { - fmt.Fprintf(buf, "HTTP/1.1 %03d %s\r\n", code, http.StatusText(code)) - fmt.Fprintf(buf, "Sec-WebSocket-Version: %s\r\n", SupportedProtocolVersion) - buf.WriteString("\r\n") - buf.WriteString(err.Error()) - buf.Flush() - return - } - if err != nil { - fmt.Fprintf(buf, "HTTP/1.1 %03d %s\r\n", code, http.StatusText(code)) - buf.WriteString("\r\n") - buf.WriteString(err.Error()) - buf.Flush() - return - } - if handshake != nil { - err = handshake(config, req) - if err != nil { - code = http.StatusForbidden - fmt.Fprintf(buf, "HTTP/1.1 %03d %s\r\n", code, http.StatusText(code)) - buf.WriteString("\r\n") - buf.Flush() - return - } - } - err = hs.AcceptHandshake(buf.Writer) - if err != nil { - code = http.StatusBadRequest - fmt.Fprintf(buf, "HTTP/1.1 %03d %s\r\n", code, http.StatusText(code)) - buf.WriteString("\r\n") - buf.Flush() - return - } - conn = hs.NewServerConn(buf, rwc, req) - return -} - -// Server represents a server of a WebSocket. -type Server struct { - // Config is a WebSocket configuration for new WebSocket connection. - Config - - // Handshake is an optional function in WebSocket handshake. - // For example, you can check, or don't check Origin header. - // Another example, you can select config.Protocol. - Handshake func(*Config, *http.Request) error - - // Handler handles a WebSocket connection. - Handler -} - -// ServeHTTP implements the http.Handler interface for a WebSocket -func (s Server) ServeHTTP(w http.ResponseWriter, req *http.Request) { - s.serveWebSocket(w, req) -} - -func (s Server) serveWebSocket(w http.ResponseWriter, req *http.Request) { - rwc, buf, err := w.(http.Hijacker).Hijack() - if err != nil { - panic("Hijack failed: " + err.Error()) - } - // The server should abort the WebSocket connection if it finds - // the client did not send a handshake that matches with protocol - // specification. - defer rwc.Close() - conn, err := newServerConn(rwc, buf, req, &s.Config, s.Handshake) - if err != nil { - return - } - if conn == nil { - panic("unexpected nil conn") - } - s.Handler(conn) -} - -// Handler is a simple interface to a WebSocket browser client. -// It checks if Origin header is valid URL by default. -// You might want to verify websocket.Conn.Config().Origin in the func. -// If you use Server instead of Handler, you could call websocket.Origin and -// check the origin in your Handshake func. So, if you want to accept -// non-browser clients, which do not send an Origin header, set a -// Server.Handshake that does not check the origin. -type Handler func(*Conn) - -func checkOrigin(config *Config, req *http.Request) (err error) { - config.Origin, err = Origin(config, req) - if err == nil && config.Origin == nil { - return fmt.Errorf("null origin") - } - return err -} - -// ServeHTTP implements the http.Handler interface for a WebSocket -func (h Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) { - s := Server{Handler: h, Handshake: checkOrigin} - s.serveWebSocket(w, req) -} diff --git a/etcd/vendor/golang.org/x/net/websocket/websocket.go b/etcd/vendor/golang.org/x/net/websocket/websocket.go deleted file mode 100644 index 90a2257cd5..0000000000 --- a/etcd/vendor/golang.org/x/net/websocket/websocket.go +++ /dev/null @@ -1,449 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package websocket implements a client and server for the WebSocket protocol -// as specified in RFC 6455. -// -// This package currently lacks some features found in an alternative -// and more actively maintained WebSocket package: -// -// https://pkg.go.dev/nhooyr.io/websocket -package websocket // import "golang.org/x/net/websocket" - -import ( - "bufio" - "crypto/tls" - "encoding/json" - "errors" - "io" - "io/ioutil" - "net" - "net/http" - "net/url" - "sync" - "time" -) - -const ( - ProtocolVersionHybi13 = 13 - ProtocolVersionHybi = ProtocolVersionHybi13 - SupportedProtocolVersion = "13" - - ContinuationFrame = 0 - TextFrame = 1 - BinaryFrame = 2 - CloseFrame = 8 - PingFrame = 9 - PongFrame = 10 - UnknownFrame = 255 - - DefaultMaxPayloadBytes = 32 << 20 // 32MB -) - -// ProtocolError represents WebSocket protocol errors. -type ProtocolError struct { - ErrorString string -} - -func (err *ProtocolError) Error() string { return err.ErrorString } - -var ( - ErrBadProtocolVersion = &ProtocolError{"bad protocol version"} - ErrBadScheme = &ProtocolError{"bad scheme"} - ErrBadStatus = &ProtocolError{"bad status"} - ErrBadUpgrade = &ProtocolError{"missing or bad upgrade"} - ErrBadWebSocketOrigin = &ProtocolError{"missing or bad WebSocket-Origin"} - ErrBadWebSocketLocation = &ProtocolError{"missing or bad WebSocket-Location"} - ErrBadWebSocketProtocol = &ProtocolError{"missing or bad WebSocket-Protocol"} - ErrBadWebSocketVersion = &ProtocolError{"missing or bad WebSocket Version"} - ErrChallengeResponse = &ProtocolError{"mismatch challenge/response"} - ErrBadFrame = &ProtocolError{"bad frame"} - ErrBadFrameBoundary = &ProtocolError{"not on frame boundary"} - ErrNotWebSocket = &ProtocolError{"not websocket protocol"} - ErrBadRequestMethod = &ProtocolError{"bad method"} - ErrNotSupported = &ProtocolError{"not supported"} -) - -// ErrFrameTooLarge is returned by Codec's Receive method if payload size -// exceeds limit set by Conn.MaxPayloadBytes -var ErrFrameTooLarge = errors.New("websocket: frame payload size exceeds limit") - -// Addr is an implementation of net.Addr for WebSocket. -type Addr struct { - *url.URL -} - -// Network returns the network type for a WebSocket, "websocket". -func (addr *Addr) Network() string { return "websocket" } - -// Config is a WebSocket configuration -type Config struct { - // A WebSocket server address. - Location *url.URL - - // A Websocket client origin. - Origin *url.URL - - // WebSocket subprotocols. - Protocol []string - - // WebSocket protocol version. - Version int - - // TLS config for secure WebSocket (wss). - TlsConfig *tls.Config - - // Additional header fields to be sent in WebSocket opening handshake. - Header http.Header - - // Dialer used when opening websocket connections. - Dialer *net.Dialer - - handshakeData map[string]string -} - -// serverHandshaker is an interface to handle WebSocket server side handshake. -type serverHandshaker interface { - // ReadHandshake reads handshake request message from client. - // Returns http response code and error if any. - ReadHandshake(buf *bufio.Reader, req *http.Request) (code int, err error) - - // AcceptHandshake accepts the client handshake request and sends - // handshake response back to client. - AcceptHandshake(buf *bufio.Writer) (err error) - - // NewServerConn creates a new WebSocket connection. - NewServerConn(buf *bufio.ReadWriter, rwc io.ReadWriteCloser, request *http.Request) (conn *Conn) -} - -// frameReader is an interface to read a WebSocket frame. -type frameReader interface { - // Reader is to read payload of the frame. - io.Reader - - // PayloadType returns payload type. - PayloadType() byte - - // HeaderReader returns a reader to read header of the frame. - HeaderReader() io.Reader - - // TrailerReader returns a reader to read trailer of the frame. - // If it returns nil, there is no trailer in the frame. - TrailerReader() io.Reader - - // Len returns total length of the frame, including header and trailer. - Len() int -} - -// frameReaderFactory is an interface to creates new frame reader. -type frameReaderFactory interface { - NewFrameReader() (r frameReader, err error) -} - -// frameWriter is an interface to write a WebSocket frame. -type frameWriter interface { - // Writer is to write payload of the frame. - io.WriteCloser -} - -// frameWriterFactory is an interface to create new frame writer. -type frameWriterFactory interface { - NewFrameWriter(payloadType byte) (w frameWriter, err error) -} - -type frameHandler interface { - HandleFrame(frame frameReader) (r frameReader, err error) - WriteClose(status int) (err error) -} - -// Conn represents a WebSocket connection. -// -// Multiple goroutines may invoke methods on a Conn simultaneously. -type Conn struct { - config *Config - request *http.Request - - buf *bufio.ReadWriter - rwc io.ReadWriteCloser - - rio sync.Mutex - frameReaderFactory - frameReader - - wio sync.Mutex - frameWriterFactory - - frameHandler - PayloadType byte - defaultCloseStatus int - - // MaxPayloadBytes limits the size of frame payload received over Conn - // by Codec's Receive method. If zero, DefaultMaxPayloadBytes is used. - MaxPayloadBytes int -} - -// Read implements the io.Reader interface: -// it reads data of a frame from the WebSocket connection. -// if msg is not large enough for the frame data, it fills the msg and next Read -// will read the rest of the frame data. -// it reads Text frame or Binary frame. -func (ws *Conn) Read(msg []byte) (n int, err error) { - ws.rio.Lock() - defer ws.rio.Unlock() -again: - if ws.frameReader == nil { - frame, err := ws.frameReaderFactory.NewFrameReader() - if err != nil { - return 0, err - } - ws.frameReader, err = ws.frameHandler.HandleFrame(frame) - if err != nil { - return 0, err - } - if ws.frameReader == nil { - goto again - } - } - n, err = ws.frameReader.Read(msg) - if err == io.EOF { - if trailer := ws.frameReader.TrailerReader(); trailer != nil { - io.Copy(ioutil.Discard, trailer) - } - ws.frameReader = nil - goto again - } - return n, err -} - -// Write implements the io.Writer interface: -// it writes data as a frame to the WebSocket connection. -func (ws *Conn) Write(msg []byte) (n int, err error) { - ws.wio.Lock() - defer ws.wio.Unlock() - w, err := ws.frameWriterFactory.NewFrameWriter(ws.PayloadType) - if err != nil { - return 0, err - } - n, err = w.Write(msg) - w.Close() - return n, err -} - -// Close implements the io.Closer interface. -func (ws *Conn) Close() error { - err := ws.frameHandler.WriteClose(ws.defaultCloseStatus) - err1 := ws.rwc.Close() - if err != nil { - return err - } - return err1 -} - -// IsClientConn reports whether ws is a client-side connection. -func (ws *Conn) IsClientConn() bool { return ws.request == nil } - -// IsServerConn reports whether ws is a server-side connection. -func (ws *Conn) IsServerConn() bool { return ws.request != nil } - -// LocalAddr returns the WebSocket Origin for the connection for client, or -// the WebSocket location for server. -func (ws *Conn) LocalAddr() net.Addr { - if ws.IsClientConn() { - return &Addr{ws.config.Origin} - } - return &Addr{ws.config.Location} -} - -// RemoteAddr returns the WebSocket location for the connection for client, or -// the Websocket Origin for server. -func (ws *Conn) RemoteAddr() net.Addr { - if ws.IsClientConn() { - return &Addr{ws.config.Location} - } - return &Addr{ws.config.Origin} -} - -var errSetDeadline = errors.New("websocket: cannot set deadline: not using a net.Conn") - -// SetDeadline sets the connection's network read & write deadlines. -func (ws *Conn) SetDeadline(t time.Time) error { - if conn, ok := ws.rwc.(net.Conn); ok { - return conn.SetDeadline(t) - } - return errSetDeadline -} - -// SetReadDeadline sets the connection's network read deadline. -func (ws *Conn) SetReadDeadline(t time.Time) error { - if conn, ok := ws.rwc.(net.Conn); ok { - return conn.SetReadDeadline(t) - } - return errSetDeadline -} - -// SetWriteDeadline sets the connection's network write deadline. -func (ws *Conn) SetWriteDeadline(t time.Time) error { - if conn, ok := ws.rwc.(net.Conn); ok { - return conn.SetWriteDeadline(t) - } - return errSetDeadline -} - -// Config returns the WebSocket config. -func (ws *Conn) Config() *Config { return ws.config } - -// Request returns the http request upgraded to the WebSocket. -// It is nil for client side. -func (ws *Conn) Request() *http.Request { return ws.request } - -// Codec represents a symmetric pair of functions that implement a codec. -type Codec struct { - Marshal func(v interface{}) (data []byte, payloadType byte, err error) - Unmarshal func(data []byte, payloadType byte, v interface{}) (err error) -} - -// Send sends v marshaled by cd.Marshal as single frame to ws. -func (cd Codec) Send(ws *Conn, v interface{}) (err error) { - data, payloadType, err := cd.Marshal(v) - if err != nil { - return err - } - ws.wio.Lock() - defer ws.wio.Unlock() - w, err := ws.frameWriterFactory.NewFrameWriter(payloadType) - if err != nil { - return err - } - _, err = w.Write(data) - w.Close() - return err -} - -// Receive receives single frame from ws, unmarshaled by cd.Unmarshal and stores -// in v. The whole frame payload is read to an in-memory buffer; max size of -// payload is defined by ws.MaxPayloadBytes. If frame payload size exceeds -// limit, ErrFrameTooLarge is returned; in this case frame is not read off wire -// completely. The next call to Receive would read and discard leftover data of -// previous oversized frame before processing next frame. -func (cd Codec) Receive(ws *Conn, v interface{}) (err error) { - ws.rio.Lock() - defer ws.rio.Unlock() - if ws.frameReader != nil { - _, err = io.Copy(ioutil.Discard, ws.frameReader) - if err != nil { - return err - } - ws.frameReader = nil - } -again: - frame, err := ws.frameReaderFactory.NewFrameReader() - if err != nil { - return err - } - frame, err = ws.frameHandler.HandleFrame(frame) - if err != nil { - return err - } - if frame == nil { - goto again - } - maxPayloadBytes := ws.MaxPayloadBytes - if maxPayloadBytes == 0 { - maxPayloadBytes = DefaultMaxPayloadBytes - } - if hf, ok := frame.(*hybiFrameReader); ok && hf.header.Length > int64(maxPayloadBytes) { - // payload size exceeds limit, no need to call Unmarshal - // - // set frameReader to current oversized frame so that - // the next call to this function can drain leftover - // data before processing the next frame - ws.frameReader = frame - return ErrFrameTooLarge - } - payloadType := frame.PayloadType() - data, err := ioutil.ReadAll(frame) - if err != nil { - return err - } - return cd.Unmarshal(data, payloadType, v) -} - -func marshal(v interface{}) (msg []byte, payloadType byte, err error) { - switch data := v.(type) { - case string: - return []byte(data), TextFrame, nil - case []byte: - return data, BinaryFrame, nil - } - return nil, UnknownFrame, ErrNotSupported -} - -func unmarshal(msg []byte, payloadType byte, v interface{}) (err error) { - switch data := v.(type) { - case *string: - *data = string(msg) - return nil - case *[]byte: - *data = msg - return nil - } - return ErrNotSupported -} - -/* -Message is a codec to send/receive text/binary data in a frame on WebSocket connection. -To send/receive text frame, use string type. -To send/receive binary frame, use []byte type. - -Trivial usage: - - import "websocket" - - // receive text frame - var message string - websocket.Message.Receive(ws, &message) - - // send text frame - message = "hello" - websocket.Message.Send(ws, message) - - // receive binary frame - var data []byte - websocket.Message.Receive(ws, &data) - - // send binary frame - data = []byte{0, 1, 2} - websocket.Message.Send(ws, data) -*/ -var Message = Codec{marshal, unmarshal} - -func jsonMarshal(v interface{}) (msg []byte, payloadType byte, err error) { - msg, err = json.Marshal(v) - return msg, TextFrame, err -} - -func jsonUnmarshal(msg []byte, payloadType byte, v interface{}) (err error) { - return json.Unmarshal(msg, v) -} - -/* -JSON is a codec to send/receive JSON data in a frame from a WebSocket connection. - -Trivial usage: - - import "websocket" - - type T struct { - Msg string - Count int - } - - // receive JSON type T - var data T - websocket.JSON.Receive(ws, &data) - - // send JSON type T - websocket.JSON.Send(ws, data) -*/ -var JSON = Codec{jsonMarshal, jsonUnmarshal} diff --git a/etcd/vendor/golang.org/x/sync/LICENSE b/etcd/vendor/golang.org/x/sync/LICENSE deleted file mode 100644 index 6a66aea5ea..0000000000 --- a/etcd/vendor/golang.org/x/sync/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/etcd/vendor/golang.org/x/sync/PATENTS b/etcd/vendor/golang.org/x/sync/PATENTS deleted file mode 100644 index 733099041f..0000000000 --- a/etcd/vendor/golang.org/x/sync/PATENTS +++ /dev/null @@ -1,22 +0,0 @@ -Additional IP Rights Grant (Patents) - -"This implementation" means the copyrightable works distributed by -Google as part of the Go project. - -Google hereby grants to You a perpetual, worldwide, non-exclusive, -no-charge, royalty-free, irrevocable (except as stated in this section) -patent license to make, have made, use, offer to sell, sell, import, -transfer and otherwise run, modify and propagate the contents of this -implementation of Go, where such license applies only to those patent -claims, both currently owned or controlled by Google and acquired in -the future, licensable by Google that are necessarily infringed by this -implementation of Go. This grant does not include claims that would be -infringed only as a consequence of further modification of this -implementation. If you or your agent or exclusive licensee institute or -order or agree to the institution of patent litigation against any -entity (including a cross-claim or counterclaim in a lawsuit) alleging -that this implementation of Go or any code incorporated within this -implementation of Go constitutes direct or contributory patent -infringement, or inducement of patent infringement, then any patent -rights granted to you under this License for this implementation of Go -shall terminate as of the date such litigation is filed. diff --git a/etcd/vendor/golang.org/x/sync/singleflight/singleflight.go b/etcd/vendor/golang.org/x/sync/singleflight/singleflight.go deleted file mode 100644 index 690eb85013..0000000000 --- a/etcd/vendor/golang.org/x/sync/singleflight/singleflight.go +++ /dev/null @@ -1,212 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package singleflight provides a duplicate function call suppression -// mechanism. -package singleflight // import "golang.org/x/sync/singleflight" - -import ( - "bytes" - "errors" - "fmt" - "runtime" - "runtime/debug" - "sync" -) - -// errGoexit indicates the runtime.Goexit was called in -// the user given function. -var errGoexit = errors.New("runtime.Goexit was called") - -// A panicError is an arbitrary value recovered from a panic -// with the stack trace during the execution of given function. -type panicError struct { - value interface{} - stack []byte -} - -// Error implements error interface. -func (p *panicError) Error() string { - return fmt.Sprintf("%v\n\n%s", p.value, p.stack) -} - -func newPanicError(v interface{}) error { - stack := debug.Stack() - - // The first line of the stack trace is of the form "goroutine N [status]:" - // but by the time the panic reaches Do the goroutine may no longer exist - // and its status will have changed. Trim out the misleading line. - if line := bytes.IndexByte(stack[:], '\n'); line >= 0 { - stack = stack[line+1:] - } - return &panicError{value: v, stack: stack} -} - -// call is an in-flight or completed singleflight.Do call -type call struct { - wg sync.WaitGroup - - // These fields are written once before the WaitGroup is done - // and are only read after the WaitGroup is done. - val interface{} - err error - - // forgotten indicates whether Forget was called with this call's key - // while the call was still in flight. - forgotten bool - - // These fields are read and written with the singleflight - // mutex held before the WaitGroup is done, and are read but - // not written after the WaitGroup is done. - dups int - chans []chan<- Result -} - -// Group represents a class of work and forms a namespace in -// which units of work can be executed with duplicate suppression. -type Group struct { - mu sync.Mutex // protects m - m map[string]*call // lazily initialized -} - -// Result holds the results of Do, so they can be passed -// on a channel. -type Result struct { - Val interface{} - Err error - Shared bool -} - -// Do executes and returns the results of the given function, making -// sure that only one execution is in-flight for a given key at a -// time. If a duplicate comes in, the duplicate caller waits for the -// original to complete and receives the same results. -// The return value shared indicates whether v was given to multiple callers. -func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, err error, shared bool) { - g.mu.Lock() - if g.m == nil { - g.m = make(map[string]*call) - } - if c, ok := g.m[key]; ok { - c.dups++ - g.mu.Unlock() - c.wg.Wait() - - if e, ok := c.err.(*panicError); ok { - panic(e) - } else if c.err == errGoexit { - runtime.Goexit() - } - return c.val, c.err, true - } - c := new(call) - c.wg.Add(1) - g.m[key] = c - g.mu.Unlock() - - g.doCall(c, key, fn) - return c.val, c.err, c.dups > 0 -} - -// DoChan is like Do but returns a channel that will receive the -// results when they are ready. -// -// The returned channel will not be closed. -func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result { - ch := make(chan Result, 1) - g.mu.Lock() - if g.m == nil { - g.m = make(map[string]*call) - } - if c, ok := g.m[key]; ok { - c.dups++ - c.chans = append(c.chans, ch) - g.mu.Unlock() - return ch - } - c := &call{chans: []chan<- Result{ch}} - c.wg.Add(1) - g.m[key] = c - g.mu.Unlock() - - go g.doCall(c, key, fn) - - return ch -} - -// doCall handles the single call for a key. -func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) { - normalReturn := false - recovered := false - - // use double-defer to distinguish panic from runtime.Goexit, - // more details see https://golang.org/cl/134395 - defer func() { - // the given function invoked runtime.Goexit - if !normalReturn && !recovered { - c.err = errGoexit - } - - c.wg.Done() - g.mu.Lock() - defer g.mu.Unlock() - if !c.forgotten { - delete(g.m, key) - } - - if e, ok := c.err.(*panicError); ok { - // In order to prevent the waiting channels from being blocked forever, - // needs to ensure that this panic cannot be recovered. - if len(c.chans) > 0 { - go panic(e) - select {} // Keep this goroutine around so that it will appear in the crash dump. - } else { - panic(e) - } - } else if c.err == errGoexit { - // Already in the process of goexit, no need to call again - } else { - // Normal return - for _, ch := range c.chans { - ch <- Result{c.val, c.err, c.dups > 0} - } - } - }() - - func() { - defer func() { - if !normalReturn { - // Ideally, we would wait to take a stack trace until we've determined - // whether this is a panic or a runtime.Goexit. - // - // Unfortunately, the only way we can distinguish the two is to see - // whether the recover stopped the goroutine from terminating, and by - // the time we know that, the part of the stack trace relevant to the - // panic has been discarded. - if r := recover(); r != nil { - c.err = newPanicError(r) - } - } - }() - - c.val, c.err = fn() - normalReturn = true - }() - - if !normalReturn { - recovered = true - } -} - -// Forget tells the singleflight to forget about a key. Future calls -// to Do for this key will call the function rather than waiting for -// an earlier call to complete. -func (g *Group) Forget(key string) { - g.mu.Lock() - if c, ok := g.m[key]; ok { - c.forgotten = true - } - delete(g.m, key) - g.mu.Unlock() -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/etcd/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s deleted file mode 100644 index db9171c2e4..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build gc -// +build gc - -#include "textflag.h" - -// -// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go -// - -TEXT ·syscall6(SB),NOSPLIT,$0-88 - JMP syscall·syscall6(SB) - -TEXT ·rawSyscall6(SB),NOSPLIT,$0-88 - JMP syscall·rawSyscall6(SB) diff --git a/etcd/vendor/golang.org/x/sys/cpu/byteorder.go b/etcd/vendor/golang.org/x/sys/cpu/byteorder.go deleted file mode 100644 index 271055be0b..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/byteorder.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import ( - "runtime" -) - -// byteOrder is a subset of encoding/binary.ByteOrder. -type byteOrder interface { - Uint32([]byte) uint32 - Uint64([]byte) uint64 -} - -type littleEndian struct{} -type bigEndian struct{} - -func (littleEndian) Uint32(b []byte) uint32 { - _ = b[3] // bounds check hint to compiler; see golang.org/issue/14808 - return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24 -} - -func (littleEndian) Uint64(b []byte) uint64 { - _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808 - return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | - uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56 -} - -func (bigEndian) Uint32(b []byte) uint32 { - _ = b[3] // bounds check hint to compiler; see golang.org/issue/14808 - return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24 -} - -func (bigEndian) Uint64(b []byte) uint64 { - _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808 - return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | - uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 -} - -// hostByteOrder returns littleEndian on little-endian machines and -// bigEndian on big-endian machines. -func hostByteOrder() byteOrder { - switch runtime.GOARCH { - case "386", "amd64", "amd64p32", - "alpha", - "arm", "arm64", - "loong64", - "mipsle", "mips64le", "mips64p32le", - "nios2", - "ppc64le", - "riscv", "riscv64", - "sh": - return littleEndian{} - case "armbe", "arm64be", - "m68k", - "mips", "mips64", "mips64p32", - "ppc", "ppc64", - "s390", "s390x", - "shbe", - "sparc", "sparc64": - return bigEndian{} - } - panic("unknown architecture") -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu.go b/etcd/vendor/golang.org/x/sys/cpu/cpu.go deleted file mode 100644 index 83f112c4c8..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu.go +++ /dev/null @@ -1,287 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package cpu implements processor feature detection for -// various CPU architectures. -package cpu - -import ( - "os" - "strings" -) - -// Initialized reports whether the CPU features were initialized. -// -// For some GOOS/GOARCH combinations initialization of the CPU features depends -// on reading an operating specific file, e.g. /proc/self/auxv on linux/arm -// Initialized will report false if reading the file fails. -var Initialized bool - -// CacheLinePad is used to pad structs to avoid false sharing. -type CacheLinePad struct{ _ [cacheLineSize]byte } - -// X86 contains the supported CPU features of the -// current X86/AMD64 platform. If the current platform -// is not X86/AMD64 then all feature flags are false. -// -// X86 is padded to avoid false sharing. Further the HasAVX -// and HasAVX2 are only set if the OS supports XMM and YMM -// registers in addition to the CPUID feature bit being set. -var X86 struct { - _ CacheLinePad - HasAES bool // AES hardware implementation (AES NI) - HasADX bool // Multi-precision add-carry instruction extensions - HasAVX bool // Advanced vector extension - HasAVX2 bool // Advanced vector extension 2 - HasAVX512 bool // Advanced vector extension 512 - HasAVX512F bool // Advanced vector extension 512 Foundation Instructions - HasAVX512CD bool // Advanced vector extension 512 Conflict Detection Instructions - HasAVX512ER bool // Advanced vector extension 512 Exponential and Reciprocal Instructions - HasAVX512PF bool // Advanced vector extension 512 Prefetch Instructions Instructions - HasAVX512VL bool // Advanced vector extension 512 Vector Length Extensions - HasAVX512BW bool // Advanced vector extension 512 Byte and Word Instructions - HasAVX512DQ bool // Advanced vector extension 512 Doubleword and Quadword Instructions - HasAVX512IFMA bool // Advanced vector extension 512 Integer Fused Multiply Add - HasAVX512VBMI bool // Advanced vector extension 512 Vector Byte Manipulation Instructions - HasAVX5124VNNIW bool // Advanced vector extension 512 Vector Neural Network Instructions Word variable precision - HasAVX5124FMAPS bool // Advanced vector extension 512 Fused Multiply Accumulation Packed Single precision - HasAVX512VPOPCNTDQ bool // Advanced vector extension 512 Double and quad word population count instructions - HasAVX512VPCLMULQDQ bool // Advanced vector extension 512 Vector carry-less multiply operations - HasAVX512VNNI bool // Advanced vector extension 512 Vector Neural Network Instructions - HasAVX512GFNI bool // Advanced vector extension 512 Galois field New Instructions - HasAVX512VAES bool // Advanced vector extension 512 Vector AES instructions - HasAVX512VBMI2 bool // Advanced vector extension 512 Vector Byte Manipulation Instructions 2 - HasAVX512BITALG bool // Advanced vector extension 512 Bit Algorithms - HasAVX512BF16 bool // Advanced vector extension 512 BFloat16 Instructions - HasBMI1 bool // Bit manipulation instruction set 1 - HasBMI2 bool // Bit manipulation instruction set 2 - HasCX16 bool // Compare and exchange 16 Bytes - HasERMS bool // Enhanced REP for MOVSB and STOSB - HasFMA bool // Fused-multiply-add instructions - HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers. - HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM - HasPOPCNT bool // Hamming weight instruction POPCNT. - HasRDRAND bool // RDRAND instruction (on-chip random number generator) - HasRDSEED bool // RDSEED instruction (on-chip random number generator) - HasSSE2 bool // Streaming SIMD extension 2 (always available on amd64) - HasSSE3 bool // Streaming SIMD extension 3 - HasSSSE3 bool // Supplemental streaming SIMD extension 3 - HasSSE41 bool // Streaming SIMD extension 4 and 4.1 - HasSSE42 bool // Streaming SIMD extension 4 and 4.2 - _ CacheLinePad -} - -// ARM64 contains the supported CPU features of the -// current ARMv8(aarch64) platform. If the current platform -// is not arm64 then all feature flags are false. -var ARM64 struct { - _ CacheLinePad - HasFP bool // Floating-point instruction set (always available) - HasASIMD bool // Advanced SIMD (always available) - HasEVTSTRM bool // Event stream support - HasAES bool // AES hardware implementation - HasPMULL bool // Polynomial multiplication instruction set - HasSHA1 bool // SHA1 hardware implementation - HasSHA2 bool // SHA2 hardware implementation - HasCRC32 bool // CRC32 hardware implementation - HasATOMICS bool // Atomic memory operation instruction set - HasFPHP bool // Half precision floating-point instruction set - HasASIMDHP bool // Advanced SIMD half precision instruction set - HasCPUID bool // CPUID identification scheme registers - HasASIMDRDM bool // Rounding double multiply add/subtract instruction set - HasJSCVT bool // Javascript conversion from floating-point to integer - HasFCMA bool // Floating-point multiplication and addition of complex numbers - HasLRCPC bool // Release Consistent processor consistent support - HasDCPOP bool // Persistent memory support - HasSHA3 bool // SHA3 hardware implementation - HasSM3 bool // SM3 hardware implementation - HasSM4 bool // SM4 hardware implementation - HasASIMDDP bool // Advanced SIMD double precision instruction set - HasSHA512 bool // SHA512 hardware implementation - HasSVE bool // Scalable Vector Extensions - HasASIMDFHM bool // Advanced SIMD multiplication FP16 to FP32 - _ CacheLinePad -} - -// ARM contains the supported CPU features of the current ARM (32-bit) platform. -// All feature flags are false if: -// 1. the current platform is not arm, or -// 2. the current operating system is not Linux. -var ARM struct { - _ CacheLinePad - HasSWP bool // SWP instruction support - HasHALF bool // Half-word load and store support - HasTHUMB bool // ARM Thumb instruction set - Has26BIT bool // Address space limited to 26-bits - HasFASTMUL bool // 32-bit operand, 64-bit result multiplication support - HasFPA bool // Floating point arithmetic support - HasVFP bool // Vector floating point support - HasEDSP bool // DSP Extensions support - HasJAVA bool // Java instruction set - HasIWMMXT bool // Intel Wireless MMX technology support - HasCRUNCH bool // MaverickCrunch context switching and handling - HasTHUMBEE bool // Thumb EE instruction set - HasNEON bool // NEON instruction set - HasVFPv3 bool // Vector floating point version 3 support - HasVFPv3D16 bool // Vector floating point version 3 D8-D15 - HasTLS bool // Thread local storage support - HasVFPv4 bool // Vector floating point version 4 support - HasIDIVA bool // Integer divide instruction support in ARM mode - HasIDIVT bool // Integer divide instruction support in Thumb mode - HasVFPD32 bool // Vector floating point version 3 D15-D31 - HasLPAE bool // Large Physical Address Extensions - HasEVTSTRM bool // Event stream support - HasAES bool // AES hardware implementation - HasPMULL bool // Polynomial multiplication instruction set - HasSHA1 bool // SHA1 hardware implementation - HasSHA2 bool // SHA2 hardware implementation - HasCRC32 bool // CRC32 hardware implementation - _ CacheLinePad -} - -// MIPS64X contains the supported CPU features of the current mips64/mips64le -// platforms. If the current platform is not mips64/mips64le or the current -// operating system is not Linux then all feature flags are false. -var MIPS64X struct { - _ CacheLinePad - HasMSA bool // MIPS SIMD architecture - _ CacheLinePad -} - -// PPC64 contains the supported CPU features of the current ppc64/ppc64le platforms. -// If the current platform is not ppc64/ppc64le then all feature flags are false. -// -// For ppc64/ppc64le, it is safe to check only for ISA level starting on ISA v3.00, -// since there are no optional categories. There are some exceptions that also -// require kernel support to work (DARN, SCV), so there are feature bits for -// those as well. The struct is padded to avoid false sharing. -var PPC64 struct { - _ CacheLinePad - HasDARN bool // Hardware random number generator (requires kernel enablement) - HasSCV bool // Syscall vectored (requires kernel enablement) - IsPOWER8 bool // ISA v2.07 (POWER8) - IsPOWER9 bool // ISA v3.00 (POWER9), implies IsPOWER8 - _ CacheLinePad -} - -// S390X contains the supported CPU features of the current IBM Z -// (s390x) platform. If the current platform is not IBM Z then all -// feature flags are false. -// -// S390X is padded to avoid false sharing. Further HasVX is only set -// if the OS supports vector registers in addition to the STFLE -// feature bit being set. -var S390X struct { - _ CacheLinePad - HasZARCH bool // z/Architecture mode is active [mandatory] - HasSTFLE bool // store facility list extended - HasLDISP bool // long (20-bit) displacements - HasEIMM bool // 32-bit immediates - HasDFP bool // decimal floating point - HasETF3EH bool // ETF-3 enhanced - HasMSA bool // message security assist (CPACF) - HasAES bool // KM-AES{128,192,256} functions - HasAESCBC bool // KMC-AES{128,192,256} functions - HasAESCTR bool // KMCTR-AES{128,192,256} functions - HasAESGCM bool // KMA-GCM-AES{128,192,256} functions - HasGHASH bool // KIMD-GHASH function - HasSHA1 bool // K{I,L}MD-SHA-1 functions - HasSHA256 bool // K{I,L}MD-SHA-256 functions - HasSHA512 bool // K{I,L}MD-SHA-512 functions - HasSHA3 bool // K{I,L}MD-SHA3-{224,256,384,512} and K{I,L}MD-SHAKE-{128,256} functions - HasVX bool // vector facility - HasVXE bool // vector-enhancements facility 1 - _ CacheLinePad -} - -func init() { - archInit() - initOptions() - processOptions() -} - -// options contains the cpu debug options that can be used in GODEBUG. -// Options are arch dependent and are added by the arch specific initOptions functions. -// Features that are mandatory for the specific GOARCH should have the Required field set -// (e.g. SSE2 on amd64). -var options []option - -// Option names should be lower case. e.g. avx instead of AVX. -type option struct { - Name string - Feature *bool - Specified bool // whether feature value was specified in GODEBUG - Enable bool // whether feature should be enabled - Required bool // whether feature is mandatory and can not be disabled -} - -func processOptions() { - env := os.Getenv("GODEBUG") -field: - for env != "" { - field := "" - i := strings.IndexByte(env, ',') - if i < 0 { - field, env = env, "" - } else { - field, env = env[:i], env[i+1:] - } - if len(field) < 4 || field[:4] != "cpu." { - continue - } - i = strings.IndexByte(field, '=') - if i < 0 { - print("GODEBUG sys/cpu: no value specified for \"", field, "\"\n") - continue - } - key, value := field[4:i], field[i+1:] // e.g. "SSE2", "on" - - var enable bool - switch value { - case "on": - enable = true - case "off": - enable = false - default: - print("GODEBUG sys/cpu: value \"", value, "\" not supported for cpu option \"", key, "\"\n") - continue field - } - - if key == "all" { - for i := range options { - options[i].Specified = true - options[i].Enable = enable || options[i].Required - } - continue field - } - - for i := range options { - if options[i].Name == key { - options[i].Specified = true - options[i].Enable = enable - continue field - } - } - - print("GODEBUG sys/cpu: unknown cpu feature \"", key, "\"\n") - } - - for _, o := range options { - if !o.Specified { - continue - } - - if o.Enable && !*o.Feature { - print("GODEBUG sys/cpu: can not enable \"", o.Name, "\", missing CPU support\n") - continue - } - - if !o.Enable && o.Required { - print("GODEBUG sys/cpu: can not disable \"", o.Name, "\", required CPU feature\n") - continue - } - - *o.Feature = o.Enable - } -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_aix.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_aix.go deleted file mode 100644 index 8aaeef545a..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_aix.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build aix -// +build aix - -package cpu - -const ( - // getsystemcfg constants - _SC_IMPL = 2 - _IMPL_POWER8 = 0x10000 - _IMPL_POWER9 = 0x20000 -) - -func archInit() { - impl := getsystemcfg(_SC_IMPL) - if impl&_IMPL_POWER8 != 0 { - PPC64.IsPOWER8 = true - } - if impl&_IMPL_POWER9 != 0 { - PPC64.IsPOWER8 = true - PPC64.IsPOWER9 = true - } - - Initialized = true -} - -func getsystemcfg(label int) (n uint64) { - r0, _ := callgetsystemcfg(label) - n = uint64(r0) - return -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_arm.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_arm.go deleted file mode 100644 index 301b752e9c..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_arm.go +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -const cacheLineSize = 32 - -// HWCAP/HWCAP2 bits. -// These are specific to Linux. -const ( - hwcap_SWP = 1 << 0 - hwcap_HALF = 1 << 1 - hwcap_THUMB = 1 << 2 - hwcap_26BIT = 1 << 3 - hwcap_FAST_MULT = 1 << 4 - hwcap_FPA = 1 << 5 - hwcap_VFP = 1 << 6 - hwcap_EDSP = 1 << 7 - hwcap_JAVA = 1 << 8 - hwcap_IWMMXT = 1 << 9 - hwcap_CRUNCH = 1 << 10 - hwcap_THUMBEE = 1 << 11 - hwcap_NEON = 1 << 12 - hwcap_VFPv3 = 1 << 13 - hwcap_VFPv3D16 = 1 << 14 - hwcap_TLS = 1 << 15 - hwcap_VFPv4 = 1 << 16 - hwcap_IDIVA = 1 << 17 - hwcap_IDIVT = 1 << 18 - hwcap_VFPD32 = 1 << 19 - hwcap_LPAE = 1 << 20 - hwcap_EVTSTRM = 1 << 21 - - hwcap2_AES = 1 << 0 - hwcap2_PMULL = 1 << 1 - hwcap2_SHA1 = 1 << 2 - hwcap2_SHA2 = 1 << 3 - hwcap2_CRC32 = 1 << 4 -) - -func initOptions() { - options = []option{ - {Name: "pmull", Feature: &ARM.HasPMULL}, - {Name: "sha1", Feature: &ARM.HasSHA1}, - {Name: "sha2", Feature: &ARM.HasSHA2}, - {Name: "swp", Feature: &ARM.HasSWP}, - {Name: "thumb", Feature: &ARM.HasTHUMB}, - {Name: "thumbee", Feature: &ARM.HasTHUMBEE}, - {Name: "tls", Feature: &ARM.HasTLS}, - {Name: "vfp", Feature: &ARM.HasVFP}, - {Name: "vfpd32", Feature: &ARM.HasVFPD32}, - {Name: "vfpv3", Feature: &ARM.HasVFPv3}, - {Name: "vfpv3d16", Feature: &ARM.HasVFPv3D16}, - {Name: "vfpv4", Feature: &ARM.HasVFPv4}, - {Name: "half", Feature: &ARM.HasHALF}, - {Name: "26bit", Feature: &ARM.Has26BIT}, - {Name: "fastmul", Feature: &ARM.HasFASTMUL}, - {Name: "fpa", Feature: &ARM.HasFPA}, - {Name: "edsp", Feature: &ARM.HasEDSP}, - {Name: "java", Feature: &ARM.HasJAVA}, - {Name: "iwmmxt", Feature: &ARM.HasIWMMXT}, - {Name: "crunch", Feature: &ARM.HasCRUNCH}, - {Name: "neon", Feature: &ARM.HasNEON}, - {Name: "idivt", Feature: &ARM.HasIDIVT}, - {Name: "idiva", Feature: &ARM.HasIDIVA}, - {Name: "lpae", Feature: &ARM.HasLPAE}, - {Name: "evtstrm", Feature: &ARM.HasEVTSTRM}, - {Name: "aes", Feature: &ARM.HasAES}, - {Name: "crc32", Feature: &ARM.HasCRC32}, - } - -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_arm64.go deleted file mode 100644 index f3eb993bf2..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_arm64.go +++ /dev/null @@ -1,172 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import "runtime" - -// cacheLineSize is used to prevent false sharing of cache lines. -// We choose 128 because Apple Silicon, a.k.a. M1, has 128-byte cache line size. -// It doesn't cost much and is much more future-proof. -const cacheLineSize = 128 - -func initOptions() { - options = []option{ - {Name: "fp", Feature: &ARM64.HasFP}, - {Name: "asimd", Feature: &ARM64.HasASIMD}, - {Name: "evstrm", Feature: &ARM64.HasEVTSTRM}, - {Name: "aes", Feature: &ARM64.HasAES}, - {Name: "fphp", Feature: &ARM64.HasFPHP}, - {Name: "jscvt", Feature: &ARM64.HasJSCVT}, - {Name: "lrcpc", Feature: &ARM64.HasLRCPC}, - {Name: "pmull", Feature: &ARM64.HasPMULL}, - {Name: "sha1", Feature: &ARM64.HasSHA1}, - {Name: "sha2", Feature: &ARM64.HasSHA2}, - {Name: "sha3", Feature: &ARM64.HasSHA3}, - {Name: "sha512", Feature: &ARM64.HasSHA512}, - {Name: "sm3", Feature: &ARM64.HasSM3}, - {Name: "sm4", Feature: &ARM64.HasSM4}, - {Name: "sve", Feature: &ARM64.HasSVE}, - {Name: "crc32", Feature: &ARM64.HasCRC32}, - {Name: "atomics", Feature: &ARM64.HasATOMICS}, - {Name: "asimdhp", Feature: &ARM64.HasASIMDHP}, - {Name: "cpuid", Feature: &ARM64.HasCPUID}, - {Name: "asimrdm", Feature: &ARM64.HasASIMDRDM}, - {Name: "fcma", Feature: &ARM64.HasFCMA}, - {Name: "dcpop", Feature: &ARM64.HasDCPOP}, - {Name: "asimddp", Feature: &ARM64.HasASIMDDP}, - {Name: "asimdfhm", Feature: &ARM64.HasASIMDFHM}, - } -} - -func archInit() { - switch runtime.GOOS { - case "freebsd": - readARM64Registers() - case "linux", "netbsd", "openbsd": - doinit() - default: - // Many platforms don't seem to allow reading these registers. - setMinimalFeatures() - } -} - -// setMinimalFeatures fakes the minimal ARM64 features expected by -// TestARM64minimalFeatures. -func setMinimalFeatures() { - ARM64.HasASIMD = true - ARM64.HasFP = true -} - -func readARM64Registers() { - Initialized = true - - parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0()) -} - -func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) { - // ID_AA64ISAR0_EL1 - switch extractBits(isar0, 4, 7) { - case 1: - ARM64.HasAES = true - case 2: - ARM64.HasAES = true - ARM64.HasPMULL = true - } - - switch extractBits(isar0, 8, 11) { - case 1: - ARM64.HasSHA1 = true - } - - switch extractBits(isar0, 12, 15) { - case 1: - ARM64.HasSHA2 = true - case 2: - ARM64.HasSHA2 = true - ARM64.HasSHA512 = true - } - - switch extractBits(isar0, 16, 19) { - case 1: - ARM64.HasCRC32 = true - } - - switch extractBits(isar0, 20, 23) { - case 2: - ARM64.HasATOMICS = true - } - - switch extractBits(isar0, 28, 31) { - case 1: - ARM64.HasASIMDRDM = true - } - - switch extractBits(isar0, 32, 35) { - case 1: - ARM64.HasSHA3 = true - } - - switch extractBits(isar0, 36, 39) { - case 1: - ARM64.HasSM3 = true - } - - switch extractBits(isar0, 40, 43) { - case 1: - ARM64.HasSM4 = true - } - - switch extractBits(isar0, 44, 47) { - case 1: - ARM64.HasASIMDDP = true - } - - // ID_AA64ISAR1_EL1 - switch extractBits(isar1, 0, 3) { - case 1: - ARM64.HasDCPOP = true - } - - switch extractBits(isar1, 12, 15) { - case 1: - ARM64.HasJSCVT = true - } - - switch extractBits(isar1, 16, 19) { - case 1: - ARM64.HasFCMA = true - } - - switch extractBits(isar1, 20, 23) { - case 1: - ARM64.HasLRCPC = true - } - - // ID_AA64PFR0_EL1 - switch extractBits(pfr0, 16, 19) { - case 0: - ARM64.HasFP = true - case 1: - ARM64.HasFP = true - ARM64.HasFPHP = true - } - - switch extractBits(pfr0, 20, 23) { - case 0: - ARM64.HasASIMD = true - case 1: - ARM64.HasASIMD = true - ARM64.HasASIMDHP = true - } - - switch extractBits(pfr0, 32, 35) { - case 1: - ARM64.HasSVE = true - } -} - -func extractBits(data uint64, start, end uint) uint { - return (uint)(data>>start) & ((1 << (end - start + 1)) - 1) -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/etcd/vendor/golang.org/x/sys/cpu/cpu_arm64.s deleted file mode 100644 index c61f95a05a..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_arm64.s +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build gc -// +build gc - -#include "textflag.h" - -// func getisar0() uint64 -TEXT ·getisar0(SB),NOSPLIT,$0-8 - // get Instruction Set Attributes 0 into x0 - // mrs x0, ID_AA64ISAR0_EL1 = d5380600 - WORD $0xd5380600 - MOVD R0, ret+0(FP) - RET - -// func getisar1() uint64 -TEXT ·getisar1(SB),NOSPLIT,$0-8 - // get Instruction Set Attributes 1 into x0 - // mrs x0, ID_AA64ISAR1_EL1 = d5380620 - WORD $0xd5380620 - MOVD R0, ret+0(FP) - RET - -// func getpfr0() uint64 -TEXT ·getpfr0(SB),NOSPLIT,$0-8 - // get Processor Feature Register 0 into x0 - // mrs x0, ID_AA64PFR0_EL1 = d5380400 - WORD $0xd5380400 - MOVD R0, ret+0(FP) - RET diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go deleted file mode 100644 index ccf542a73d..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build gc -// +build gc - -package cpu - -func getisar0() uint64 -func getisar1() uint64 -func getpfr0() uint64 diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go deleted file mode 100644 index 0af2f24841..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build gc -// +build gc - -package cpu - -// haveAsmFunctions reports whether the other functions in this file can -// be safely called. -func haveAsmFunctions() bool { return true } - -// The following feature detection functions are defined in cpu_s390x.s. -// They are likely to be expensive to call so the results should be cached. -func stfle() facilityList -func kmQuery() queryResult -func kmcQuery() queryResult -func kmctrQuery() queryResult -func kmaQuery() queryResult -func kimdQuery() queryResult -func klmdQuery() queryResult diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go deleted file mode 100644 index fa7cdb9bcd..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (386 || amd64 || amd64p32) && gc -// +build 386 amd64 amd64p32 -// +build gc - -package cpu - -// cpuid is implemented in cpu_x86.s for gc compiler -// and in cpu_gccgo.c for gccgo. -func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) - -// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler -// and in cpu_gccgo.c for gccgo. -func xgetbv() (eax, edx uint32) diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go deleted file mode 100644 index 2aff318911..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build gccgo -// +build gccgo - -package cpu - -func getisar0() uint64 { return 0 } -func getisar1() uint64 { return 0 } -func getpfr0() uint64 { return 0 } diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go deleted file mode 100644 index 4bfbda6199..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build gccgo -// +build gccgo - -package cpu - -// haveAsmFunctions reports whether the other functions in this file can -// be safely called. -func haveAsmFunctions() bool { return false } - -// TODO(mundaym): the following feature detection functions are currently -// stubs. See https://golang.org/cl/162887 for how to fix this. -// They are likely to be expensive to call so the results should be cached. -func stfle() facilityList { panic("not implemented for gccgo") } -func kmQuery() queryResult { panic("not implemented for gccgo") } -func kmcQuery() queryResult { panic("not implemented for gccgo") } -func kmctrQuery() queryResult { panic("not implemented for gccgo") } -func kmaQuery() queryResult { panic("not implemented for gccgo") } -func kimdQuery() queryResult { panic("not implemented for gccgo") } -func klmdQuery() queryResult { panic("not implemented for gccgo") } diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c deleted file mode 100644 index 6cc73109f5..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (386 || amd64 || amd64p32) && gccgo -// +build 386 amd64 amd64p32 -// +build gccgo - -#include <cpuid.h> -#include <stdint.h> -#include <x86intrin.h> - -// Need to wrap __get_cpuid_count because it's declared as static. -int -gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf, - uint32_t *eax, uint32_t *ebx, - uint32_t *ecx, uint32_t *edx) -{ - return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx); -} - -#pragma GCC diagnostic ignored "-Wunknown-pragmas" -#pragma GCC push_options -#pragma GCC target("xsave") -#pragma clang attribute push (__attribute__((target("xsave"))), apply_to=function) - -// xgetbv reads the contents of an XCR (Extended Control Register) -// specified in the ECX register into registers EDX:EAX. -// Currently, the only supported value for XCR is 0. -void -gccgoXgetbv(uint32_t *eax, uint32_t *edx) -{ - uint64_t v = _xgetbv(0); - *eax = v & 0xffffffff; - *edx = v >> 32; -} - -#pragma clang attribute pop -#pragma GCC pop_options diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go deleted file mode 100644 index 863d415ab4..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (386 || amd64 || amd64p32) && gccgo -// +build 386 amd64 amd64p32 -// +build gccgo - -package cpu - -//extern gccgoGetCpuidCount -func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32) - -func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) { - var a, b, c, d uint32 - gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d) - return a, b, c, d -} - -//extern gccgoXgetbv -func gccgoXgetbv(eax, edx *uint32) - -func xgetbv() (eax, edx uint32) { - var a, d uint32 - gccgoXgetbv(&a, &d) - return a, d -} - -// gccgo doesn't build on Darwin, per: -// https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gcc.rb#L76 -func darwinSupportsAVX512() bool { - return false -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_linux.go deleted file mode 100644 index 159a686f6f..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !386 && !amd64 && !amd64p32 && !arm64 -// +build !386,!amd64,!amd64p32,!arm64 - -package cpu - -func archInit() { - if err := readHWCAP(); err != nil { - return - } - doinit() - Initialized = true -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go deleted file mode 100644 index 2057006dce..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -func doinit() { - ARM.HasSWP = isSet(hwCap, hwcap_SWP) - ARM.HasHALF = isSet(hwCap, hwcap_HALF) - ARM.HasTHUMB = isSet(hwCap, hwcap_THUMB) - ARM.Has26BIT = isSet(hwCap, hwcap_26BIT) - ARM.HasFASTMUL = isSet(hwCap, hwcap_FAST_MULT) - ARM.HasFPA = isSet(hwCap, hwcap_FPA) - ARM.HasVFP = isSet(hwCap, hwcap_VFP) - ARM.HasEDSP = isSet(hwCap, hwcap_EDSP) - ARM.HasJAVA = isSet(hwCap, hwcap_JAVA) - ARM.HasIWMMXT = isSet(hwCap, hwcap_IWMMXT) - ARM.HasCRUNCH = isSet(hwCap, hwcap_CRUNCH) - ARM.HasTHUMBEE = isSet(hwCap, hwcap_THUMBEE) - ARM.HasNEON = isSet(hwCap, hwcap_NEON) - ARM.HasVFPv3 = isSet(hwCap, hwcap_VFPv3) - ARM.HasVFPv3D16 = isSet(hwCap, hwcap_VFPv3D16) - ARM.HasTLS = isSet(hwCap, hwcap_TLS) - ARM.HasVFPv4 = isSet(hwCap, hwcap_VFPv4) - ARM.HasIDIVA = isSet(hwCap, hwcap_IDIVA) - ARM.HasIDIVT = isSet(hwCap, hwcap_IDIVT) - ARM.HasVFPD32 = isSet(hwCap, hwcap_VFPD32) - ARM.HasLPAE = isSet(hwCap, hwcap_LPAE) - ARM.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM) - ARM.HasAES = isSet(hwCap2, hwcap2_AES) - ARM.HasPMULL = isSet(hwCap2, hwcap2_PMULL) - ARM.HasSHA1 = isSet(hwCap2, hwcap2_SHA1) - ARM.HasSHA2 = isSet(hwCap2, hwcap2_SHA2) - ARM.HasCRC32 = isSet(hwCap2, hwcap2_CRC32) -} - -func isSet(hwc uint, value uint) bool { - return hwc&value != 0 -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go deleted file mode 100644 index a968b80fa6..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go +++ /dev/null @@ -1,111 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import ( - "strings" - "syscall" -) - -// HWCAP/HWCAP2 bits. These are exposed by Linux. -const ( - hwcap_FP = 1 << 0 - hwcap_ASIMD = 1 << 1 - hwcap_EVTSTRM = 1 << 2 - hwcap_AES = 1 << 3 - hwcap_PMULL = 1 << 4 - hwcap_SHA1 = 1 << 5 - hwcap_SHA2 = 1 << 6 - hwcap_CRC32 = 1 << 7 - hwcap_ATOMICS = 1 << 8 - hwcap_FPHP = 1 << 9 - hwcap_ASIMDHP = 1 << 10 - hwcap_CPUID = 1 << 11 - hwcap_ASIMDRDM = 1 << 12 - hwcap_JSCVT = 1 << 13 - hwcap_FCMA = 1 << 14 - hwcap_LRCPC = 1 << 15 - hwcap_DCPOP = 1 << 16 - hwcap_SHA3 = 1 << 17 - hwcap_SM3 = 1 << 18 - hwcap_SM4 = 1 << 19 - hwcap_ASIMDDP = 1 << 20 - hwcap_SHA512 = 1 << 21 - hwcap_SVE = 1 << 22 - hwcap_ASIMDFHM = 1 << 23 -) - -// linuxKernelCanEmulateCPUID reports whether we're running -// on Linux 4.11+. Ideally we'd like to ask the question about -// whether the current kernel contains -// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77c97b4ee21290f5f083173d957843b615abbff2 -// but the version number will have to do. -func linuxKernelCanEmulateCPUID() bool { - var un syscall.Utsname - syscall.Uname(&un) - var sb strings.Builder - for _, b := range un.Release[:] { - if b == 0 { - break - } - sb.WriteByte(byte(b)) - } - major, minor, _, ok := parseRelease(sb.String()) - return ok && (major > 4 || major == 4 && minor >= 11) -} - -func doinit() { - if err := readHWCAP(); err != nil { - // We failed to read /proc/self/auxv. This can happen if the binary has - // been given extra capabilities(7) with /bin/setcap. - // - // When this happens, we have two options. If the Linux kernel is new - // enough (4.11+), we can read the arm64 registers directly which'll - // trap into the kernel and then return back to userspace. - // - // But on older kernels, such as Linux 4.4.180 as used on many Synology - // devices, calling readARM64Registers (specifically getisar0) will - // cause a SIGILL and we'll die. So for older kernels, parse /proc/cpuinfo - // instead. - // - // See golang/go#57336. - if linuxKernelCanEmulateCPUID() { - readARM64Registers() - } else { - readLinuxProcCPUInfo() - } - return - } - - // HWCAP feature bits - ARM64.HasFP = isSet(hwCap, hwcap_FP) - ARM64.HasASIMD = isSet(hwCap, hwcap_ASIMD) - ARM64.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM) - ARM64.HasAES = isSet(hwCap, hwcap_AES) - ARM64.HasPMULL = isSet(hwCap, hwcap_PMULL) - ARM64.HasSHA1 = isSet(hwCap, hwcap_SHA1) - ARM64.HasSHA2 = isSet(hwCap, hwcap_SHA2) - ARM64.HasCRC32 = isSet(hwCap, hwcap_CRC32) - ARM64.HasATOMICS = isSet(hwCap, hwcap_ATOMICS) - ARM64.HasFPHP = isSet(hwCap, hwcap_FPHP) - ARM64.HasASIMDHP = isSet(hwCap, hwcap_ASIMDHP) - ARM64.HasCPUID = isSet(hwCap, hwcap_CPUID) - ARM64.HasASIMDRDM = isSet(hwCap, hwcap_ASIMDRDM) - ARM64.HasJSCVT = isSet(hwCap, hwcap_JSCVT) - ARM64.HasFCMA = isSet(hwCap, hwcap_FCMA) - ARM64.HasLRCPC = isSet(hwCap, hwcap_LRCPC) - ARM64.HasDCPOP = isSet(hwCap, hwcap_DCPOP) - ARM64.HasSHA3 = isSet(hwCap, hwcap_SHA3) - ARM64.HasSM3 = isSet(hwCap, hwcap_SM3) - ARM64.HasSM4 = isSet(hwCap, hwcap_SM4) - ARM64.HasASIMDDP = isSet(hwCap, hwcap_ASIMDDP) - ARM64.HasSHA512 = isSet(hwCap, hwcap_SHA512) - ARM64.HasSVE = isSet(hwCap, hwcap_SVE) - ARM64.HasASIMDFHM = isSet(hwCap, hwcap_ASIMDFHM) -} - -func isSet(hwc uint, value uint) bool { - return hwc&value != 0 -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go deleted file mode 100644 index 6000db4cdd..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build linux && (mips64 || mips64le) -// +build linux -// +build mips64 mips64le - -package cpu - -// HWCAP bits. These are exposed by the Linux kernel 5.4. -const ( - // CPU features - hwcap_MIPS_MSA = 1 << 1 -) - -func doinit() { - // HWCAP feature bits - MIPS64X.HasMSA = isSet(hwCap, hwcap_MIPS_MSA) -} - -func isSet(hwc uint, value uint) bool { - return hwc&value != 0 -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go deleted file mode 100644 index f4992b1a59..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x -// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x - -package cpu - -func doinit() {} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go deleted file mode 100644 index 021356d6de..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build linux && (ppc64 || ppc64le) -// +build linux -// +build ppc64 ppc64le - -package cpu - -// HWCAP/HWCAP2 bits. These are exposed by the kernel. -const ( - // ISA Level - _PPC_FEATURE2_ARCH_2_07 = 0x80000000 - _PPC_FEATURE2_ARCH_3_00 = 0x00800000 - - // CPU features - _PPC_FEATURE2_DARN = 0x00200000 - _PPC_FEATURE2_SCV = 0x00100000 -) - -func doinit() { - // HWCAP2 feature bits - PPC64.IsPOWER8 = isSet(hwCap2, _PPC_FEATURE2_ARCH_2_07) - PPC64.IsPOWER9 = isSet(hwCap2, _PPC_FEATURE2_ARCH_3_00) - PPC64.HasDARN = isSet(hwCap2, _PPC_FEATURE2_DARN) - PPC64.HasSCV = isSet(hwCap2, _PPC_FEATURE2_SCV) -} - -func isSet(hwc uint, value uint) bool { - return hwc&value != 0 -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go deleted file mode 100644 index 1517ac61d3..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -const ( - // bit mask values from /usr/include/bits/hwcap.h - hwcap_ZARCH = 2 - hwcap_STFLE = 4 - hwcap_MSA = 8 - hwcap_LDISP = 16 - hwcap_EIMM = 32 - hwcap_DFP = 64 - hwcap_ETF3EH = 256 - hwcap_VX = 2048 - hwcap_VXE = 8192 -) - -func initS390Xbase() { - // test HWCAP bit vector - has := func(featureMask uint) bool { - return hwCap&featureMask == featureMask - } - - // mandatory - S390X.HasZARCH = has(hwcap_ZARCH) - - // optional - S390X.HasSTFLE = has(hwcap_STFLE) - S390X.HasLDISP = has(hwcap_LDISP) - S390X.HasEIMM = has(hwcap_EIMM) - S390X.HasETF3EH = has(hwcap_ETF3EH) - S390X.HasDFP = has(hwcap_DFP) - S390X.HasMSA = has(hwcap_MSA) - S390X.HasVX = has(hwcap_VX) - if S390X.HasVX { - S390X.HasVXE = has(hwcap_VXE) - } -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_loong64.go deleted file mode 100644 index 0f57b05bdb..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_loong64.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build loong64 -// +build loong64 - -package cpu - -const cacheLineSize = 64 - -func initOptions() { -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_mips64x.go deleted file mode 100644 index f4063c6642..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_mips64x.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build mips64 || mips64le -// +build mips64 mips64le - -package cpu - -const cacheLineSize = 32 - -func initOptions() { - options = []option{ - {Name: "msa", Feature: &MIPS64X.HasMSA}, - } -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_mipsx.go deleted file mode 100644 index 07c4e36d8f..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_mipsx.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build mips || mipsle -// +build mips mipsle - -package cpu - -const cacheLineSize = 32 - -func initOptions() {} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go deleted file mode 100644 index ebfb3fc8e7..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go +++ /dev/null @@ -1,173 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import ( - "syscall" - "unsafe" -) - -// Minimal copy of functionality from x/sys/unix so the cpu package can call -// sysctl without depending on x/sys/unix. - -const ( - _CTL_QUERY = -2 - - _SYSCTL_VERS_1 = 0x1000000 -) - -var _zero uintptr - -func sysctl(mib []int32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { - _p0 = unsafe.Pointer(&mib[0]) - } else { - _p0 = unsafe.Pointer(&_zero) - } - _, _, errno := syscall.Syscall6( - syscall.SYS___SYSCTL, - uintptr(_p0), - uintptr(len(mib)), - uintptr(unsafe.Pointer(old)), - uintptr(unsafe.Pointer(oldlen)), - uintptr(unsafe.Pointer(new)), - uintptr(newlen)) - if errno != 0 { - return errno - } - return nil -} - -type sysctlNode struct { - Flags uint32 - Num int32 - Name [32]int8 - Ver uint32 - __rsvd uint32 - Un [16]byte - _sysctl_size [8]byte - _sysctl_func [8]byte - _sysctl_parent [8]byte - _sysctl_desc [8]byte -} - -func sysctlNodes(mib []int32) ([]sysctlNode, error) { - var olen uintptr - - // Get a list of all sysctl nodes below the given MIB by performing - // a sysctl for the given MIB with CTL_QUERY appended. - mib = append(mib, _CTL_QUERY) - qnode := sysctlNode{Flags: _SYSCTL_VERS_1} - qp := (*byte)(unsafe.Pointer(&qnode)) - sz := unsafe.Sizeof(qnode) - if err := sysctl(mib, nil, &olen, qp, sz); err != nil { - return nil, err - } - - // Now that we know the size, get the actual nodes. - nodes := make([]sysctlNode, olen/sz) - np := (*byte)(unsafe.Pointer(&nodes[0])) - if err := sysctl(mib, np, &olen, qp, sz); err != nil { - return nil, err - } - - return nodes, nil -} - -func nametomib(name string) ([]int32, error) { - // Split name into components. - var parts []string - last := 0 - for i := 0; i < len(name); i++ { - if name[i] == '.' { - parts = append(parts, name[last:i]) - last = i + 1 - } - } - parts = append(parts, name[last:]) - - mib := []int32{} - // Discover the nodes and construct the MIB OID. - for partno, part := range parts { - nodes, err := sysctlNodes(mib) - if err != nil { - return nil, err - } - for _, node := range nodes { - n := make([]byte, 0) - for i := range node.Name { - if node.Name[i] != 0 { - n = append(n, byte(node.Name[i])) - } - } - if string(n) == part { - mib = append(mib, int32(node.Num)) - break - } - } - if len(mib) != partno+1 { - return nil, err - } - } - - return mib, nil -} - -// aarch64SysctlCPUID is struct aarch64_sysctl_cpu_id from NetBSD's <aarch64/armreg.h> -type aarch64SysctlCPUID struct { - midr uint64 /* Main ID Register */ - revidr uint64 /* Revision ID Register */ - mpidr uint64 /* Multiprocessor Affinity Register */ - aa64dfr0 uint64 /* A64 Debug Feature Register 0 */ - aa64dfr1 uint64 /* A64 Debug Feature Register 1 */ - aa64isar0 uint64 /* A64 Instruction Set Attribute Register 0 */ - aa64isar1 uint64 /* A64 Instruction Set Attribute Register 1 */ - aa64mmfr0 uint64 /* A64 Memory Model Feature Register 0 */ - aa64mmfr1 uint64 /* A64 Memory Model Feature Register 1 */ - aa64mmfr2 uint64 /* A64 Memory Model Feature Register 2 */ - aa64pfr0 uint64 /* A64 Processor Feature Register 0 */ - aa64pfr1 uint64 /* A64 Processor Feature Register 1 */ - aa64zfr0 uint64 /* A64 SVE Feature ID Register 0 */ - mvfr0 uint32 /* Media and VFP Feature Register 0 */ - mvfr1 uint32 /* Media and VFP Feature Register 1 */ - mvfr2 uint32 /* Media and VFP Feature Register 2 */ - pad uint32 - clidr uint64 /* Cache Level ID Register */ - ctr uint64 /* Cache Type Register */ -} - -func sysctlCPUID(name string) (*aarch64SysctlCPUID, error) { - mib, err := nametomib(name) - if err != nil { - return nil, err - } - - out := aarch64SysctlCPUID{} - n := unsafe.Sizeof(out) - _, _, errno := syscall.Syscall6( - syscall.SYS___SYSCTL, - uintptr(unsafe.Pointer(&mib[0])), - uintptr(len(mib)), - uintptr(unsafe.Pointer(&out)), - uintptr(unsafe.Pointer(&n)), - uintptr(0), - uintptr(0)) - if errno != 0 { - return nil, errno - } - return &out, nil -} - -func doinit() { - cpuid, err := sysctlCPUID("machdep.cpu0.cpu_id") - if err != nil { - setMinimalFeatures() - return - } - parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0) - - Initialized = true -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go deleted file mode 100644 index 85b64d5ccb..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import ( - "syscall" - "unsafe" -) - -// Minimal copy of functionality from x/sys/unix so the cpu package can call -// sysctl without depending on x/sys/unix. - -const ( - // From OpenBSD's sys/sysctl.h. - _CTL_MACHDEP = 7 - - // From OpenBSD's machine/cpu.h. - _CPU_ID_AA64ISAR0 = 2 - _CPU_ID_AA64ISAR1 = 3 -) - -// Implemented in the runtime package (runtime/sys_openbsd3.go) -func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno) - -//go:linkname syscall_syscall6 syscall.syscall6 - -func sysctl(mib []uint32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - _, _, errno := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(unsafe.Pointer(&mib[0])), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) - if errno != 0 { - return errno - } - return nil -} - -var libc_sysctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" - -func sysctlUint64(mib []uint32) (uint64, bool) { - var out uint64 - nout := unsafe.Sizeof(out) - if err := sysctl(mib, (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); err != nil { - return 0, false - } - return out, true -} - -func doinit() { - setMinimalFeatures() - - // Get ID_AA64ISAR0 and ID_AA64ISAR1 from sysctl. - isar0, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR0}) - if !ok { - return - } - isar1, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR1}) - if !ok { - return - } - parseARM64SystemRegisters(isar0, isar1, 0) - - Initialized = true -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s b/etcd/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s deleted file mode 100644 index 054ba05d60..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s +++ /dev/null @@ -1,11 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -#include "textflag.h" - -TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_sysctl(SB) - -GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 -DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_other_arm.go deleted file mode 100644 index d7b4fb4ccc..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_arm.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !linux && arm -// +build !linux,arm - -package cpu - -func archInit() {} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go deleted file mode 100644 index f3cde129b6..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !linux && !netbsd && !openbsd && arm64 -// +build !linux,!netbsd,!openbsd,arm64 - -package cpu - -func doinit() {} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go deleted file mode 100644 index 0dafe9644a..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !linux && (mips64 || mips64le) -// +build !linux -// +build mips64 mips64le - -package cpu - -func archInit() { - Initialized = true -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go deleted file mode 100644 index 060d46b6ea..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !aix && !linux && (ppc64 || ppc64le) -// +build !aix -// +build !linux -// +build ppc64 ppc64le - -package cpu - -func archInit() { - PPC64.IsPOWER8 = true - Initialized = true -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go deleted file mode 100644 index dd10eb79fe..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !linux && riscv64 -// +build !linux,riscv64 - -package cpu - -func archInit() { - Initialized = true -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go deleted file mode 100644 index 4e8acd1658..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build ppc64 || ppc64le -// +build ppc64 ppc64le - -package cpu - -const cacheLineSize = 128 - -func initOptions() { - options = []option{ - {Name: "darn", Feature: &PPC64.HasDARN}, - {Name: "scv", Feature: &PPC64.HasSCV}, - } -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_riscv64.go deleted file mode 100644 index bd6c128af9..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_riscv64.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build riscv64 -// +build riscv64 - -package cpu - -const cacheLineSize = 32 - -func initOptions() {} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_s390x.go deleted file mode 100644 index 5881b8833f..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_s390x.go +++ /dev/null @@ -1,172 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -const cacheLineSize = 256 - -func initOptions() { - options = []option{ - {Name: "zarch", Feature: &S390X.HasZARCH, Required: true}, - {Name: "stfle", Feature: &S390X.HasSTFLE, Required: true}, - {Name: "ldisp", Feature: &S390X.HasLDISP, Required: true}, - {Name: "eimm", Feature: &S390X.HasEIMM, Required: true}, - {Name: "dfp", Feature: &S390X.HasDFP}, - {Name: "etf3eh", Feature: &S390X.HasETF3EH}, - {Name: "msa", Feature: &S390X.HasMSA}, - {Name: "aes", Feature: &S390X.HasAES}, - {Name: "aescbc", Feature: &S390X.HasAESCBC}, - {Name: "aesctr", Feature: &S390X.HasAESCTR}, - {Name: "aesgcm", Feature: &S390X.HasAESGCM}, - {Name: "ghash", Feature: &S390X.HasGHASH}, - {Name: "sha1", Feature: &S390X.HasSHA1}, - {Name: "sha256", Feature: &S390X.HasSHA256}, - {Name: "sha3", Feature: &S390X.HasSHA3}, - {Name: "sha512", Feature: &S390X.HasSHA512}, - {Name: "vx", Feature: &S390X.HasVX}, - {Name: "vxe", Feature: &S390X.HasVXE}, - } -} - -// bitIsSet reports whether the bit at index is set. The bit index -// is in big endian order, so bit index 0 is the leftmost bit. -func bitIsSet(bits []uint64, index uint) bool { - return bits[index/64]&((1<<63)>>(index%64)) != 0 -} - -// facility is a bit index for the named facility. -type facility uint8 - -const ( - // mandatory facilities - zarch facility = 1 // z architecture mode is active - stflef facility = 7 // store-facility-list-extended - ldisp facility = 18 // long-displacement - eimm facility = 21 // extended-immediate - - // miscellaneous facilities - dfp facility = 42 // decimal-floating-point - etf3eh facility = 30 // extended-translation 3 enhancement - - // cryptography facilities - msa facility = 17 // message-security-assist - msa3 facility = 76 // message-security-assist extension 3 - msa4 facility = 77 // message-security-assist extension 4 - msa5 facility = 57 // message-security-assist extension 5 - msa8 facility = 146 // message-security-assist extension 8 - msa9 facility = 155 // message-security-assist extension 9 - - // vector facilities - vx facility = 129 // vector facility - vxe facility = 135 // vector-enhancements 1 - vxe2 facility = 148 // vector-enhancements 2 -) - -// facilityList contains the result of an STFLE call. -// Bits are numbered in big endian order so the -// leftmost bit (the MSB) is at index 0. -type facilityList struct { - bits [4]uint64 -} - -// Has reports whether the given facilities are present. -func (s *facilityList) Has(fs ...facility) bool { - if len(fs) == 0 { - panic("no facility bits provided") - } - for _, f := range fs { - if !bitIsSet(s.bits[:], uint(f)) { - return false - } - } - return true -} - -// function is the code for the named cryptographic function. -type function uint8 - -const ( - // KM{,A,C,CTR} function codes - aes128 function = 18 // AES-128 - aes192 function = 19 // AES-192 - aes256 function = 20 // AES-256 - - // K{I,L}MD function codes - sha1 function = 1 // SHA-1 - sha256 function = 2 // SHA-256 - sha512 function = 3 // SHA-512 - sha3_224 function = 32 // SHA3-224 - sha3_256 function = 33 // SHA3-256 - sha3_384 function = 34 // SHA3-384 - sha3_512 function = 35 // SHA3-512 - shake128 function = 36 // SHAKE-128 - shake256 function = 37 // SHAKE-256 - - // KLMD function codes - ghash function = 65 // GHASH -) - -// queryResult contains the result of a Query function -// call. Bits are numbered in big endian order so the -// leftmost bit (the MSB) is at index 0. -type queryResult struct { - bits [2]uint64 -} - -// Has reports whether the given functions are present. -func (q *queryResult) Has(fns ...function) bool { - if len(fns) == 0 { - panic("no function codes provided") - } - for _, f := range fns { - if !bitIsSet(q.bits[:], uint(f)) { - return false - } - } - return true -} - -func doinit() { - initS390Xbase() - - // We need implementations of stfle, km and so on - // to detect cryptographic features. - if !haveAsmFunctions() { - return - } - - // optional cryptographic functions - if S390X.HasMSA { - aes := []function{aes128, aes192, aes256} - - // cipher message - km, kmc := kmQuery(), kmcQuery() - S390X.HasAES = km.Has(aes...) - S390X.HasAESCBC = kmc.Has(aes...) - if S390X.HasSTFLE { - facilities := stfle() - if facilities.Has(msa4) { - kmctr := kmctrQuery() - S390X.HasAESCTR = kmctr.Has(aes...) - } - if facilities.Has(msa8) { - kma := kmaQuery() - S390X.HasAESGCM = kma.Has(aes...) - } - } - - // compute message digest - kimd := kimdQuery() // intermediate (no padding) - klmd := klmdQuery() // last (padding) - S390X.HasSHA1 = kimd.Has(sha1) && klmd.Has(sha1) - S390X.HasSHA256 = kimd.Has(sha256) && klmd.Has(sha256) - S390X.HasSHA512 = kimd.Has(sha512) && klmd.Has(sha512) - S390X.HasGHASH = kimd.Has(ghash) // KLMD-GHASH does not exist - sha3 := []function{ - sha3_224, sha3_256, sha3_384, sha3_512, - shake128, shake256, - } - S390X.HasSHA3 = kimd.Has(sha3...) && klmd.Has(sha3...) - } -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/etcd/vendor/golang.org/x/sys/cpu/cpu_s390x.s deleted file mode 100644 index 96f81e2097..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_s390x.s +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build gc -// +build gc - -#include "textflag.h" - -// func stfle() facilityList -TEXT ·stfle(SB), NOSPLIT|NOFRAME, $0-32 - MOVD $ret+0(FP), R1 - MOVD $3, R0 // last doubleword index to store - XC $32, (R1), (R1) // clear 4 doublewords (32 bytes) - WORD $0xb2b01000 // store facility list extended (STFLE) - RET - -// func kmQuery() queryResult -TEXT ·kmQuery(SB), NOSPLIT|NOFRAME, $0-16 - MOVD $0, R0 // set function code to 0 (KM-Query) - MOVD $ret+0(FP), R1 // address of 16-byte return value - WORD $0xB92E0024 // cipher message (KM) - RET - -// func kmcQuery() queryResult -TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16 - MOVD $0, R0 // set function code to 0 (KMC-Query) - MOVD $ret+0(FP), R1 // address of 16-byte return value - WORD $0xB92F0024 // cipher message with chaining (KMC) - RET - -// func kmctrQuery() queryResult -TEXT ·kmctrQuery(SB), NOSPLIT|NOFRAME, $0-16 - MOVD $0, R0 // set function code to 0 (KMCTR-Query) - MOVD $ret+0(FP), R1 // address of 16-byte return value - WORD $0xB92D4024 // cipher message with counter (KMCTR) - RET - -// func kmaQuery() queryResult -TEXT ·kmaQuery(SB), NOSPLIT|NOFRAME, $0-16 - MOVD $0, R0 // set function code to 0 (KMA-Query) - MOVD $ret+0(FP), R1 // address of 16-byte return value - WORD $0xb9296024 // cipher message with authentication (KMA) - RET - -// func kimdQuery() queryResult -TEXT ·kimdQuery(SB), NOSPLIT|NOFRAME, $0-16 - MOVD $0, R0 // set function code to 0 (KIMD-Query) - MOVD $ret+0(FP), R1 // address of 16-byte return value - WORD $0xB93E0024 // compute intermediate message digest (KIMD) - RET - -// func klmdQuery() queryResult -TEXT ·klmdQuery(SB), NOSPLIT|NOFRAME, $0-16 - MOVD $0, R0 // set function code to 0 (KLMD-Query) - MOVD $ret+0(FP), R1 // address of 16-byte return value - WORD $0xB93F0024 // compute last message digest (KLMD) - RET diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_wasm.go deleted file mode 100644 index 7747d888a6..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_wasm.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build wasm -// +build wasm - -package cpu - -// We're compiling the cpu package for an unknown (software-abstracted) CPU. -// Make CacheLinePad an empty struct and hope that the usual struct alignment -// rules are good enough. - -const cacheLineSize = 0 - -func initOptions() {} - -func archInit() {} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_x86.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_x86.go deleted file mode 100644 index f5aacfc825..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_x86.go +++ /dev/null @@ -1,145 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build 386 || amd64 || amd64p32 -// +build 386 amd64 amd64p32 - -package cpu - -import "runtime" - -const cacheLineSize = 64 - -func initOptions() { - options = []option{ - {Name: "adx", Feature: &X86.HasADX}, - {Name: "aes", Feature: &X86.HasAES}, - {Name: "avx", Feature: &X86.HasAVX}, - {Name: "avx2", Feature: &X86.HasAVX2}, - {Name: "avx512", Feature: &X86.HasAVX512}, - {Name: "avx512f", Feature: &X86.HasAVX512F}, - {Name: "avx512cd", Feature: &X86.HasAVX512CD}, - {Name: "avx512er", Feature: &X86.HasAVX512ER}, - {Name: "avx512pf", Feature: &X86.HasAVX512PF}, - {Name: "avx512vl", Feature: &X86.HasAVX512VL}, - {Name: "avx512bw", Feature: &X86.HasAVX512BW}, - {Name: "avx512dq", Feature: &X86.HasAVX512DQ}, - {Name: "avx512ifma", Feature: &X86.HasAVX512IFMA}, - {Name: "avx512vbmi", Feature: &X86.HasAVX512VBMI}, - {Name: "avx512vnniw", Feature: &X86.HasAVX5124VNNIW}, - {Name: "avx5124fmaps", Feature: &X86.HasAVX5124FMAPS}, - {Name: "avx512vpopcntdq", Feature: &X86.HasAVX512VPOPCNTDQ}, - {Name: "avx512vpclmulqdq", Feature: &X86.HasAVX512VPCLMULQDQ}, - {Name: "avx512vnni", Feature: &X86.HasAVX512VNNI}, - {Name: "avx512gfni", Feature: &X86.HasAVX512GFNI}, - {Name: "avx512vaes", Feature: &X86.HasAVX512VAES}, - {Name: "avx512vbmi2", Feature: &X86.HasAVX512VBMI2}, - {Name: "avx512bitalg", Feature: &X86.HasAVX512BITALG}, - {Name: "avx512bf16", Feature: &X86.HasAVX512BF16}, - {Name: "bmi1", Feature: &X86.HasBMI1}, - {Name: "bmi2", Feature: &X86.HasBMI2}, - {Name: "cx16", Feature: &X86.HasCX16}, - {Name: "erms", Feature: &X86.HasERMS}, - {Name: "fma", Feature: &X86.HasFMA}, - {Name: "osxsave", Feature: &X86.HasOSXSAVE}, - {Name: "pclmulqdq", Feature: &X86.HasPCLMULQDQ}, - {Name: "popcnt", Feature: &X86.HasPOPCNT}, - {Name: "rdrand", Feature: &X86.HasRDRAND}, - {Name: "rdseed", Feature: &X86.HasRDSEED}, - {Name: "sse3", Feature: &X86.HasSSE3}, - {Name: "sse41", Feature: &X86.HasSSE41}, - {Name: "sse42", Feature: &X86.HasSSE42}, - {Name: "ssse3", Feature: &X86.HasSSSE3}, - - // These capabilities should always be enabled on amd64: - {Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"}, - } -} - -func archInit() { - - Initialized = true - - maxID, _, _, _ := cpuid(0, 0) - - if maxID < 1 { - return - } - - _, _, ecx1, edx1 := cpuid(1, 0) - X86.HasSSE2 = isSet(26, edx1) - - X86.HasSSE3 = isSet(0, ecx1) - X86.HasPCLMULQDQ = isSet(1, ecx1) - X86.HasSSSE3 = isSet(9, ecx1) - X86.HasFMA = isSet(12, ecx1) - X86.HasCX16 = isSet(13, ecx1) - X86.HasSSE41 = isSet(19, ecx1) - X86.HasSSE42 = isSet(20, ecx1) - X86.HasPOPCNT = isSet(23, ecx1) - X86.HasAES = isSet(25, ecx1) - X86.HasOSXSAVE = isSet(27, ecx1) - X86.HasRDRAND = isSet(30, ecx1) - - var osSupportsAVX, osSupportsAVX512 bool - // For XGETBV, OSXSAVE bit is required and sufficient. - if X86.HasOSXSAVE { - eax, _ := xgetbv() - // Check if XMM and YMM registers have OS support. - osSupportsAVX = isSet(1, eax) && isSet(2, eax) - - if runtime.GOOS == "darwin" { - // Darwin doesn't save/restore AVX-512 mask registers correctly across signal handlers. - // Since users can't rely on mask register contents, let's not advertise AVX-512 support. - // See issue 49233. - osSupportsAVX512 = false - } else { - // Check if OPMASK and ZMM registers have OS support. - osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax) - } - } - - X86.HasAVX = isSet(28, ecx1) && osSupportsAVX - - if maxID < 7 { - return - } - - _, ebx7, ecx7, edx7 := cpuid(7, 0) - X86.HasBMI1 = isSet(3, ebx7) - X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX - X86.HasBMI2 = isSet(8, ebx7) - X86.HasERMS = isSet(9, ebx7) - X86.HasRDSEED = isSet(18, ebx7) - X86.HasADX = isSet(19, ebx7) - - X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension - if X86.HasAVX512 { - X86.HasAVX512F = true - X86.HasAVX512CD = isSet(28, ebx7) - X86.HasAVX512ER = isSet(27, ebx7) - X86.HasAVX512PF = isSet(26, ebx7) - X86.HasAVX512VL = isSet(31, ebx7) - X86.HasAVX512BW = isSet(30, ebx7) - X86.HasAVX512DQ = isSet(17, ebx7) - X86.HasAVX512IFMA = isSet(21, ebx7) - X86.HasAVX512VBMI = isSet(1, ecx7) - X86.HasAVX5124VNNIW = isSet(2, edx7) - X86.HasAVX5124FMAPS = isSet(3, edx7) - X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7) - X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7) - X86.HasAVX512VNNI = isSet(11, ecx7) - X86.HasAVX512GFNI = isSet(8, ecx7) - X86.HasAVX512VAES = isSet(9, ecx7) - X86.HasAVX512VBMI2 = isSet(6, ecx7) - X86.HasAVX512BITALG = isSet(12, ecx7) - - eax71, _, _, _ := cpuid(7, 1) - X86.HasAVX512BF16 = isSet(5, eax71) - } -} - -func isSet(bitpos uint, value uint32) bool { - return value&(1<<bitpos) != 0 -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_x86.s b/etcd/vendor/golang.org/x/sys/cpu/cpu_x86.s deleted file mode 100644 index 39acab2ff5..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_x86.s +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (386 || amd64 || amd64p32) && gc -// +build 386 amd64 amd64p32 -// +build gc - -#include "textflag.h" - -// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) -TEXT ·cpuid(SB), NOSPLIT, $0-24 - MOVL eaxArg+0(FP), AX - MOVL ecxArg+4(FP), CX - CPUID - MOVL AX, eax+8(FP) - MOVL BX, ebx+12(FP) - MOVL CX, ecx+16(FP) - MOVL DX, edx+20(FP) - RET - -// func xgetbv() (eax, edx uint32) -TEXT ·xgetbv(SB),NOSPLIT,$0-8 - MOVL $0, CX - XGETBV - MOVL AX, eax+0(FP) - MOVL DX, edx+4(FP) - RET diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_zos.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_zos.go deleted file mode 100644 index 5f54683a22..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_zos.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -func archInit() { - doinit() - Initialized = true -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go b/etcd/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go deleted file mode 100644 index ccb1b708ab..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -func initS390Xbase() { - // get the facilities list - facilities := stfle() - - // mandatory - S390X.HasZARCH = facilities.Has(zarch) - S390X.HasSTFLE = facilities.Has(stflef) - S390X.HasLDISP = facilities.Has(ldisp) - S390X.HasEIMM = facilities.Has(eimm) - - // optional - S390X.HasETF3EH = facilities.Has(etf3eh) - S390X.HasDFP = facilities.Has(dfp) - S390X.HasMSA = facilities.Has(msa) - S390X.HasVX = facilities.Has(vx) - if S390X.HasVX { - S390X.HasVXE = facilities.Has(vxe) - } -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/endian_big.go b/etcd/vendor/golang.org/x/sys/cpu/endian_big.go deleted file mode 100644 index 93ce03a346..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/endian_big.go +++ /dev/null @@ -1,11 +0,0 @@ -// Copyright 2023 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64 -// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64 - -package cpu - -// IsBigEndian records whether the GOARCH's byte order is big endian. -const IsBigEndian = true diff --git a/etcd/vendor/golang.org/x/sys/cpu/endian_little.go b/etcd/vendor/golang.org/x/sys/cpu/endian_little.go deleted file mode 100644 index fe545966b6..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/endian_little.go +++ /dev/null @@ -1,11 +0,0 @@ -// Copyright 2023 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh -// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh - -package cpu - -// IsBigEndian records whether the GOARCH's byte order is big endian. -const IsBigEndian = false diff --git a/etcd/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/etcd/vendor/golang.org/x/sys/cpu/hwcap_linux.go deleted file mode 100644 index f3baa37932..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/hwcap_linux.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import ( - "io/ioutil" -) - -const ( - _AT_HWCAP = 16 - _AT_HWCAP2 = 26 - - procAuxv = "/proc/self/auxv" - - uintSize = int(32 << (^uint(0) >> 63)) -) - -// For those platforms don't have a 'cpuid' equivalent we use HWCAP/HWCAP2 -// These are initialized in cpu_$GOARCH.go -// and should not be changed after they are initialized. -var hwCap uint -var hwCap2 uint - -func readHWCAP() error { - buf, err := ioutil.ReadFile(procAuxv) - if err != nil { - // e.g. on android /proc/self/auxv is not accessible, so silently - // ignore the error and leave Initialized = false. On some - // architectures (e.g. arm64) doinit() implements a fallback - // readout and will set Initialized = true again. - return err - } - bo := hostByteOrder() - for len(buf) >= 2*(uintSize/8) { - var tag, val uint - switch uintSize { - case 32: - tag = uint(bo.Uint32(buf[0:])) - val = uint(bo.Uint32(buf[4:])) - buf = buf[8:] - case 64: - tag = uint(bo.Uint64(buf[0:])) - val = uint(bo.Uint64(buf[8:])) - buf = buf[16:] - } - switch tag { - case _AT_HWCAP: - hwCap = val - case _AT_HWCAP2: - hwCap2 = val - } - } - return nil -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/parse.go b/etcd/vendor/golang.org/x/sys/cpu/parse.go deleted file mode 100644 index 762b63d688..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/parse.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import "strconv" - -// parseRelease parses a dot-separated version number. It follows the semver -// syntax, but allows the minor and patch versions to be elided. -// -// This is a copy of the Go runtime's parseRelease from -// https://golang.org/cl/209597. -func parseRelease(rel string) (major, minor, patch int, ok bool) { - // Strip anything after a dash or plus. - for i := 0; i < len(rel); i++ { - if rel[i] == '-' || rel[i] == '+' { - rel = rel[:i] - break - } - } - - next := func() (int, bool) { - for i := 0; i < len(rel); i++ { - if rel[i] == '.' { - ver, err := strconv.Atoi(rel[:i]) - rel = rel[i+1:] - return ver, err == nil - } - } - ver, err := strconv.Atoi(rel) - rel = "" - return ver, err == nil - } - if major, ok = next(); !ok || rel == "" { - return - } - if minor, ok = next(); !ok || rel == "" { - return - } - patch, ok = next() - return -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/etcd/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go deleted file mode 100644 index d87bd6b3eb..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build linux && arm64 -// +build linux,arm64 - -package cpu - -import ( - "errors" - "io" - "os" - "strings" -) - -func readLinuxProcCPUInfo() error { - f, err := os.Open("/proc/cpuinfo") - if err != nil { - return err - } - defer f.Close() - - var buf [1 << 10]byte // enough for first CPU - n, err := io.ReadFull(f, buf[:]) - if err != nil && err != io.ErrUnexpectedEOF { - return err - } - in := string(buf[:n]) - const features = "\nFeatures : " - i := strings.Index(in, features) - if i == -1 { - return errors.New("no CPU features found") - } - in = in[i+len(features):] - if i := strings.Index(in, "\n"); i != -1 { - in = in[:i] - } - m := map[string]*bool{} - - initOptions() // need it early here; it's harmless to call twice - for _, o := range options { - m[o.Name] = o.Feature - } - // The EVTSTRM field has alias "evstrm" in Go, but Linux calls it "evtstrm". - m["evtstrm"] = &ARM64.HasEVTSTRM - - for _, f := range strings.Fields(in) { - if p, ok := m[f]; ok { - *p = true - } - } - return nil -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/etcd/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go deleted file mode 100644 index 96134157a1..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Recreate a getsystemcfg syscall handler instead of -// using the one provided by x/sys/unix to avoid having -// the dependency between them. (See golang.org/issue/32102) -// Moreover, this file will be used during the building of -// gccgo's libgo and thus must not used a CGo method. - -//go:build aix && gccgo -// +build aix,gccgo - -package cpu - -import ( - "syscall" -) - -//extern getsystemcfg -func gccgoGetsystemcfg(label uint32) (r uint64) - -func callgetsystemcfg(label int) (r1 uintptr, e1 syscall.Errno) { - r1 = uintptr(gccgoGetsystemcfg(uint32(label))) - e1 = syscall.GetErrno() - return -} diff --git a/etcd/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/etcd/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go deleted file mode 100644 index 904be42ffd..0000000000 --- a/etcd/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Minimal copy of x/sys/unix so the cpu package can make a -// system call on AIX without depending on x/sys/unix. -// (See golang.org/issue/32102) - -//go:build aix && ppc64 && gc -// +build aix,ppc64,gc - -package cpu - -import ( - "syscall" - "unsafe" -) - -//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o" - -//go:linkname libc_getsystemcfg libc_getsystemcfg - -type syscallFunc uintptr - -var libc_getsystemcfg syscallFunc - -type errno = syscall.Errno - -// Implemented in runtime/syscall_aix.go. -func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno) -func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno) - -func callgetsystemcfg(label int) (r1 uintptr, e1 errno) { - r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0) - return -} diff --git a/etcd/vendor/golang.org/x/text/width/kind_string.go b/etcd/vendor/golang.org/x/text/width/kind_string.go deleted file mode 100644 index dd3febd43b..0000000000 --- a/etcd/vendor/golang.org/x/text/width/kind_string.go +++ /dev/null @@ -1,28 +0,0 @@ -// Code generated by "stringer -type=Kind"; DO NOT EDIT. - -package width - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[Neutral-0] - _ = x[EastAsianAmbiguous-1] - _ = x[EastAsianWide-2] - _ = x[EastAsianNarrow-3] - _ = x[EastAsianFullwidth-4] - _ = x[EastAsianHalfwidth-5] -} - -const _Kind_name = "NeutralEastAsianAmbiguousEastAsianWideEastAsianNarrowEastAsianFullwidthEastAsianHalfwidth" - -var _Kind_index = [...]uint8{0, 7, 25, 38, 53, 71, 89} - -func (i Kind) String() string { - if i < 0 || i >= Kind(len(_Kind_index)-1) { - return "Kind(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _Kind_name[_Kind_index[i]:_Kind_index[i+1]] -} diff --git a/etcd/vendor/golang.org/x/text/width/tables10.0.0.go b/etcd/vendor/golang.org/x/text/width/tables10.0.0.go deleted file mode 100644 index cd9d91cafb..0000000000 --- a/etcd/vendor/golang.org/x/text/width/tables10.0.0.go +++ /dev/null @@ -1,1329 +0,0 @@ -// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - -//go:build go1.10 && !go1.13 -// +build go1.10,!go1.13 - -package width - -// UnicodeVersion is the Unicode version from which the tables in this package are derived. -const UnicodeVersion = "10.0.0" - -// lookup returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookup(s []byte) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupUnsafe(s []byte) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// lookupString returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookupString(s string) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupStringUnsafe(s string) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// widthTrie. Total size: 14336 bytes (14.00 KiB). Checksum: c59df54630d3dc4a. -type widthTrie struct{} - -func newWidthTrie(i int) *widthTrie { - return &widthTrie{} -} - -// lookupValue determines the type of block n and looks up the value for b. -func (t *widthTrie) lookupValue(n uint32, b byte) uint16 { - switch { - default: - return uint16(widthValues[n<<6+uint32(b)]) - } -} - -// widthValues: 101 blocks, 6464 entries, 12928 bytes -// The third block is the zero block. -var widthValues = [6464]uint16{ - // Block 0x0, offset 0x0 - 0x20: 0x6001, 0x21: 0x6002, 0x22: 0x6002, 0x23: 0x6002, - 0x24: 0x6002, 0x25: 0x6002, 0x26: 0x6002, 0x27: 0x6002, 0x28: 0x6002, 0x29: 0x6002, - 0x2a: 0x6002, 0x2b: 0x6002, 0x2c: 0x6002, 0x2d: 0x6002, 0x2e: 0x6002, 0x2f: 0x6002, - 0x30: 0x6002, 0x31: 0x6002, 0x32: 0x6002, 0x33: 0x6002, 0x34: 0x6002, 0x35: 0x6002, - 0x36: 0x6002, 0x37: 0x6002, 0x38: 0x6002, 0x39: 0x6002, 0x3a: 0x6002, 0x3b: 0x6002, - 0x3c: 0x6002, 0x3d: 0x6002, 0x3e: 0x6002, 0x3f: 0x6002, - // Block 0x1, offset 0x40 - 0x40: 0x6003, 0x41: 0x6003, 0x42: 0x6003, 0x43: 0x6003, 0x44: 0x6003, 0x45: 0x6003, - 0x46: 0x6003, 0x47: 0x6003, 0x48: 0x6003, 0x49: 0x6003, 0x4a: 0x6003, 0x4b: 0x6003, - 0x4c: 0x6003, 0x4d: 0x6003, 0x4e: 0x6003, 0x4f: 0x6003, 0x50: 0x6003, 0x51: 0x6003, - 0x52: 0x6003, 0x53: 0x6003, 0x54: 0x6003, 0x55: 0x6003, 0x56: 0x6003, 0x57: 0x6003, - 0x58: 0x6003, 0x59: 0x6003, 0x5a: 0x6003, 0x5b: 0x6003, 0x5c: 0x6003, 0x5d: 0x6003, - 0x5e: 0x6003, 0x5f: 0x6003, 0x60: 0x6004, 0x61: 0x6004, 0x62: 0x6004, 0x63: 0x6004, - 0x64: 0x6004, 0x65: 0x6004, 0x66: 0x6004, 0x67: 0x6004, 0x68: 0x6004, 0x69: 0x6004, - 0x6a: 0x6004, 0x6b: 0x6004, 0x6c: 0x6004, 0x6d: 0x6004, 0x6e: 0x6004, 0x6f: 0x6004, - 0x70: 0x6004, 0x71: 0x6004, 0x72: 0x6004, 0x73: 0x6004, 0x74: 0x6004, 0x75: 0x6004, - 0x76: 0x6004, 0x77: 0x6004, 0x78: 0x6004, 0x79: 0x6004, 0x7a: 0x6004, 0x7b: 0x6004, - 0x7c: 0x6004, 0x7d: 0x6004, 0x7e: 0x6004, - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xe1: 0x2000, 0xe2: 0x6005, 0xe3: 0x6005, - 0xe4: 0x2000, 0xe5: 0x6006, 0xe6: 0x6005, 0xe7: 0x2000, 0xe8: 0x2000, - 0xea: 0x2000, 0xec: 0x6007, 0xed: 0x2000, 0xee: 0x2000, 0xef: 0x6008, - 0xf0: 0x2000, 0xf1: 0x2000, 0xf2: 0x2000, 0xf3: 0x2000, 0xf4: 0x2000, - 0xf6: 0x2000, 0xf7: 0x2000, 0xf8: 0x2000, 0xf9: 0x2000, 0xfa: 0x2000, - 0xfc: 0x2000, 0xfd: 0x2000, 0xfe: 0x2000, 0xff: 0x2000, - // Block 0x4, offset 0x100 - 0x106: 0x2000, - 0x110: 0x2000, - 0x117: 0x2000, - 0x118: 0x2000, - 0x11e: 0x2000, 0x11f: 0x2000, 0x120: 0x2000, 0x121: 0x2000, - 0x126: 0x2000, 0x128: 0x2000, 0x129: 0x2000, - 0x12a: 0x2000, 0x12c: 0x2000, 0x12d: 0x2000, - 0x130: 0x2000, 0x132: 0x2000, 0x133: 0x2000, - 0x137: 0x2000, 0x138: 0x2000, 0x139: 0x2000, 0x13a: 0x2000, - 0x13c: 0x2000, 0x13e: 0x2000, - // Block 0x5, offset 0x140 - 0x141: 0x2000, - 0x151: 0x2000, - 0x153: 0x2000, - 0x15b: 0x2000, - 0x166: 0x2000, 0x167: 0x2000, - 0x16b: 0x2000, - 0x171: 0x2000, 0x172: 0x2000, 0x173: 0x2000, - 0x178: 0x2000, - 0x17f: 0x2000, - // Block 0x6, offset 0x180 - 0x180: 0x2000, 0x181: 0x2000, 0x182: 0x2000, 0x184: 0x2000, - 0x188: 0x2000, 0x189: 0x2000, 0x18a: 0x2000, 0x18b: 0x2000, - 0x18d: 0x2000, - 0x192: 0x2000, 0x193: 0x2000, - 0x1a6: 0x2000, 0x1a7: 0x2000, - 0x1ab: 0x2000, - // Block 0x7, offset 0x1c0 - 0x1ce: 0x2000, 0x1d0: 0x2000, - 0x1d2: 0x2000, 0x1d4: 0x2000, 0x1d6: 0x2000, - 0x1d8: 0x2000, 0x1da: 0x2000, 0x1dc: 0x2000, - // Block 0x8, offset 0x200 - 0x211: 0x2000, - 0x221: 0x2000, - // Block 0x9, offset 0x240 - 0x244: 0x2000, - 0x247: 0x2000, 0x249: 0x2000, 0x24a: 0x2000, 0x24b: 0x2000, - 0x24d: 0x2000, 0x250: 0x2000, - 0x258: 0x2000, 0x259: 0x2000, 0x25a: 0x2000, 0x25b: 0x2000, 0x25d: 0x2000, - 0x25f: 0x2000, - // Block 0xa, offset 0x280 - 0x280: 0x2000, 0x281: 0x2000, 0x282: 0x2000, 0x283: 0x2000, 0x284: 0x2000, 0x285: 0x2000, - 0x286: 0x2000, 0x287: 0x2000, 0x288: 0x2000, 0x289: 0x2000, 0x28a: 0x2000, 0x28b: 0x2000, - 0x28c: 0x2000, 0x28d: 0x2000, 0x28e: 0x2000, 0x28f: 0x2000, 0x290: 0x2000, 0x291: 0x2000, - 0x292: 0x2000, 0x293: 0x2000, 0x294: 0x2000, 0x295: 0x2000, 0x296: 0x2000, 0x297: 0x2000, - 0x298: 0x2000, 0x299: 0x2000, 0x29a: 0x2000, 0x29b: 0x2000, 0x29c: 0x2000, 0x29d: 0x2000, - 0x29e: 0x2000, 0x29f: 0x2000, 0x2a0: 0x2000, 0x2a1: 0x2000, 0x2a2: 0x2000, 0x2a3: 0x2000, - 0x2a4: 0x2000, 0x2a5: 0x2000, 0x2a6: 0x2000, 0x2a7: 0x2000, 0x2a8: 0x2000, 0x2a9: 0x2000, - 0x2aa: 0x2000, 0x2ab: 0x2000, 0x2ac: 0x2000, 0x2ad: 0x2000, 0x2ae: 0x2000, 0x2af: 0x2000, - 0x2b0: 0x2000, 0x2b1: 0x2000, 0x2b2: 0x2000, 0x2b3: 0x2000, 0x2b4: 0x2000, 0x2b5: 0x2000, - 0x2b6: 0x2000, 0x2b7: 0x2000, 0x2b8: 0x2000, 0x2b9: 0x2000, 0x2ba: 0x2000, 0x2bb: 0x2000, - 0x2bc: 0x2000, 0x2bd: 0x2000, 0x2be: 0x2000, 0x2bf: 0x2000, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x2000, 0x2c1: 0x2000, 0x2c2: 0x2000, 0x2c3: 0x2000, 0x2c4: 0x2000, 0x2c5: 0x2000, - 0x2c6: 0x2000, 0x2c7: 0x2000, 0x2c8: 0x2000, 0x2c9: 0x2000, 0x2ca: 0x2000, 0x2cb: 0x2000, - 0x2cc: 0x2000, 0x2cd: 0x2000, 0x2ce: 0x2000, 0x2cf: 0x2000, 0x2d0: 0x2000, 0x2d1: 0x2000, - 0x2d2: 0x2000, 0x2d3: 0x2000, 0x2d4: 0x2000, 0x2d5: 0x2000, 0x2d6: 0x2000, 0x2d7: 0x2000, - 0x2d8: 0x2000, 0x2d9: 0x2000, 0x2da: 0x2000, 0x2db: 0x2000, 0x2dc: 0x2000, 0x2dd: 0x2000, - 0x2de: 0x2000, 0x2df: 0x2000, 0x2e0: 0x2000, 0x2e1: 0x2000, 0x2e2: 0x2000, 0x2e3: 0x2000, - 0x2e4: 0x2000, 0x2e5: 0x2000, 0x2e6: 0x2000, 0x2e7: 0x2000, 0x2e8: 0x2000, 0x2e9: 0x2000, - 0x2ea: 0x2000, 0x2eb: 0x2000, 0x2ec: 0x2000, 0x2ed: 0x2000, 0x2ee: 0x2000, 0x2ef: 0x2000, - // Block 0xc, offset 0x300 - 0x311: 0x2000, - 0x312: 0x2000, 0x313: 0x2000, 0x314: 0x2000, 0x315: 0x2000, 0x316: 0x2000, 0x317: 0x2000, - 0x318: 0x2000, 0x319: 0x2000, 0x31a: 0x2000, 0x31b: 0x2000, 0x31c: 0x2000, 0x31d: 0x2000, - 0x31e: 0x2000, 0x31f: 0x2000, 0x320: 0x2000, 0x321: 0x2000, 0x323: 0x2000, - 0x324: 0x2000, 0x325: 0x2000, 0x326: 0x2000, 0x327: 0x2000, 0x328: 0x2000, 0x329: 0x2000, - 0x331: 0x2000, 0x332: 0x2000, 0x333: 0x2000, 0x334: 0x2000, 0x335: 0x2000, - 0x336: 0x2000, 0x337: 0x2000, 0x338: 0x2000, 0x339: 0x2000, 0x33a: 0x2000, 0x33b: 0x2000, - 0x33c: 0x2000, 0x33d: 0x2000, 0x33e: 0x2000, 0x33f: 0x2000, - // Block 0xd, offset 0x340 - 0x340: 0x2000, 0x341: 0x2000, 0x343: 0x2000, 0x344: 0x2000, 0x345: 0x2000, - 0x346: 0x2000, 0x347: 0x2000, 0x348: 0x2000, 0x349: 0x2000, - // Block 0xe, offset 0x380 - 0x381: 0x2000, - 0x390: 0x2000, 0x391: 0x2000, - 0x392: 0x2000, 0x393: 0x2000, 0x394: 0x2000, 0x395: 0x2000, 0x396: 0x2000, 0x397: 0x2000, - 0x398: 0x2000, 0x399: 0x2000, 0x39a: 0x2000, 0x39b: 0x2000, 0x39c: 0x2000, 0x39d: 0x2000, - 0x39e: 0x2000, 0x39f: 0x2000, 0x3a0: 0x2000, 0x3a1: 0x2000, 0x3a2: 0x2000, 0x3a3: 0x2000, - 0x3a4: 0x2000, 0x3a5: 0x2000, 0x3a6: 0x2000, 0x3a7: 0x2000, 0x3a8: 0x2000, 0x3a9: 0x2000, - 0x3aa: 0x2000, 0x3ab: 0x2000, 0x3ac: 0x2000, 0x3ad: 0x2000, 0x3ae: 0x2000, 0x3af: 0x2000, - 0x3b0: 0x2000, 0x3b1: 0x2000, 0x3b2: 0x2000, 0x3b3: 0x2000, 0x3b4: 0x2000, 0x3b5: 0x2000, - 0x3b6: 0x2000, 0x3b7: 0x2000, 0x3b8: 0x2000, 0x3b9: 0x2000, 0x3ba: 0x2000, 0x3bb: 0x2000, - 0x3bc: 0x2000, 0x3bd: 0x2000, 0x3be: 0x2000, 0x3bf: 0x2000, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x2000, 0x3c1: 0x2000, 0x3c2: 0x2000, 0x3c3: 0x2000, 0x3c4: 0x2000, 0x3c5: 0x2000, - 0x3c6: 0x2000, 0x3c7: 0x2000, 0x3c8: 0x2000, 0x3c9: 0x2000, 0x3ca: 0x2000, 0x3cb: 0x2000, - 0x3cc: 0x2000, 0x3cd: 0x2000, 0x3ce: 0x2000, 0x3cf: 0x2000, 0x3d1: 0x2000, - // Block 0x10, offset 0x400 - 0x400: 0x4000, 0x401: 0x4000, 0x402: 0x4000, 0x403: 0x4000, 0x404: 0x4000, 0x405: 0x4000, - 0x406: 0x4000, 0x407: 0x4000, 0x408: 0x4000, 0x409: 0x4000, 0x40a: 0x4000, 0x40b: 0x4000, - 0x40c: 0x4000, 0x40d: 0x4000, 0x40e: 0x4000, 0x40f: 0x4000, 0x410: 0x4000, 0x411: 0x4000, - 0x412: 0x4000, 0x413: 0x4000, 0x414: 0x4000, 0x415: 0x4000, 0x416: 0x4000, 0x417: 0x4000, - 0x418: 0x4000, 0x419: 0x4000, 0x41a: 0x4000, 0x41b: 0x4000, 0x41c: 0x4000, 0x41d: 0x4000, - 0x41e: 0x4000, 0x41f: 0x4000, 0x420: 0x4000, 0x421: 0x4000, 0x422: 0x4000, 0x423: 0x4000, - 0x424: 0x4000, 0x425: 0x4000, 0x426: 0x4000, 0x427: 0x4000, 0x428: 0x4000, 0x429: 0x4000, - 0x42a: 0x4000, 0x42b: 0x4000, 0x42c: 0x4000, 0x42d: 0x4000, 0x42e: 0x4000, 0x42f: 0x4000, - 0x430: 0x4000, 0x431: 0x4000, 0x432: 0x4000, 0x433: 0x4000, 0x434: 0x4000, 0x435: 0x4000, - 0x436: 0x4000, 0x437: 0x4000, 0x438: 0x4000, 0x439: 0x4000, 0x43a: 0x4000, 0x43b: 0x4000, - 0x43c: 0x4000, 0x43d: 0x4000, 0x43e: 0x4000, 0x43f: 0x4000, - // Block 0x11, offset 0x440 - 0x440: 0x4000, 0x441: 0x4000, 0x442: 0x4000, 0x443: 0x4000, 0x444: 0x4000, 0x445: 0x4000, - 0x446: 0x4000, 0x447: 0x4000, 0x448: 0x4000, 0x449: 0x4000, 0x44a: 0x4000, 0x44b: 0x4000, - 0x44c: 0x4000, 0x44d: 0x4000, 0x44e: 0x4000, 0x44f: 0x4000, 0x450: 0x4000, 0x451: 0x4000, - 0x452: 0x4000, 0x453: 0x4000, 0x454: 0x4000, 0x455: 0x4000, 0x456: 0x4000, 0x457: 0x4000, - 0x458: 0x4000, 0x459: 0x4000, 0x45a: 0x4000, 0x45b: 0x4000, 0x45c: 0x4000, 0x45d: 0x4000, - 0x45e: 0x4000, 0x45f: 0x4000, - // Block 0x12, offset 0x480 - 0x490: 0x2000, - 0x493: 0x2000, 0x494: 0x2000, 0x495: 0x2000, 0x496: 0x2000, - 0x498: 0x2000, 0x499: 0x2000, 0x49c: 0x2000, 0x49d: 0x2000, - 0x4a0: 0x2000, 0x4a1: 0x2000, 0x4a2: 0x2000, - 0x4a4: 0x2000, 0x4a5: 0x2000, 0x4a6: 0x2000, 0x4a7: 0x2000, - 0x4b0: 0x2000, 0x4b2: 0x2000, 0x4b3: 0x2000, 0x4b5: 0x2000, - 0x4bb: 0x2000, - 0x4be: 0x2000, - // Block 0x13, offset 0x4c0 - 0x4f4: 0x2000, - 0x4ff: 0x2000, - // Block 0x14, offset 0x500 - 0x501: 0x2000, 0x502: 0x2000, 0x503: 0x2000, 0x504: 0x2000, - 0x529: 0xa009, - 0x52c: 0x2000, - // Block 0x15, offset 0x540 - 0x543: 0x2000, 0x545: 0x2000, - 0x549: 0x2000, - 0x553: 0x2000, 0x556: 0x2000, - 0x561: 0x2000, 0x562: 0x2000, - 0x566: 0x2000, - 0x56b: 0x2000, - // Block 0x16, offset 0x580 - 0x593: 0x2000, 0x594: 0x2000, - 0x59b: 0x2000, 0x59c: 0x2000, 0x59d: 0x2000, - 0x59e: 0x2000, 0x5a0: 0x2000, 0x5a1: 0x2000, 0x5a2: 0x2000, 0x5a3: 0x2000, - 0x5a4: 0x2000, 0x5a5: 0x2000, 0x5a6: 0x2000, 0x5a7: 0x2000, 0x5a8: 0x2000, 0x5a9: 0x2000, - 0x5aa: 0x2000, 0x5ab: 0x2000, - 0x5b0: 0x2000, 0x5b1: 0x2000, 0x5b2: 0x2000, 0x5b3: 0x2000, 0x5b4: 0x2000, 0x5b5: 0x2000, - 0x5b6: 0x2000, 0x5b7: 0x2000, 0x5b8: 0x2000, 0x5b9: 0x2000, - // Block 0x17, offset 0x5c0 - 0x5c9: 0x2000, - 0x5d0: 0x200a, 0x5d1: 0x200b, - 0x5d2: 0x200a, 0x5d3: 0x200c, 0x5d4: 0x2000, 0x5d5: 0x2000, 0x5d6: 0x2000, 0x5d7: 0x2000, - 0x5d8: 0x2000, 0x5d9: 0x2000, - 0x5f8: 0x2000, 0x5f9: 0x2000, - // Block 0x18, offset 0x600 - 0x612: 0x2000, 0x614: 0x2000, - 0x627: 0x2000, - // Block 0x19, offset 0x640 - 0x640: 0x2000, 0x642: 0x2000, 0x643: 0x2000, - 0x647: 0x2000, 0x648: 0x2000, 0x64b: 0x2000, - 0x64f: 0x2000, 0x651: 0x2000, - 0x655: 0x2000, - 0x65a: 0x2000, 0x65d: 0x2000, - 0x65e: 0x2000, 0x65f: 0x2000, 0x660: 0x2000, 0x663: 0x2000, - 0x665: 0x2000, 0x667: 0x2000, 0x668: 0x2000, 0x669: 0x2000, - 0x66a: 0x2000, 0x66b: 0x2000, 0x66c: 0x2000, 0x66e: 0x2000, - 0x674: 0x2000, 0x675: 0x2000, - 0x676: 0x2000, 0x677: 0x2000, - 0x67c: 0x2000, 0x67d: 0x2000, - // Block 0x1a, offset 0x680 - 0x688: 0x2000, - 0x68c: 0x2000, - 0x692: 0x2000, - 0x6a0: 0x2000, 0x6a1: 0x2000, - 0x6a4: 0x2000, 0x6a5: 0x2000, 0x6a6: 0x2000, 0x6a7: 0x2000, - 0x6aa: 0x2000, 0x6ab: 0x2000, 0x6ae: 0x2000, 0x6af: 0x2000, - // Block 0x1b, offset 0x6c0 - 0x6c2: 0x2000, 0x6c3: 0x2000, - 0x6c6: 0x2000, 0x6c7: 0x2000, - 0x6d5: 0x2000, - 0x6d9: 0x2000, - 0x6e5: 0x2000, - 0x6ff: 0x2000, - // Block 0x1c, offset 0x700 - 0x712: 0x2000, - 0x71a: 0x4000, 0x71b: 0x4000, - 0x729: 0x4000, - 0x72a: 0x4000, - // Block 0x1d, offset 0x740 - 0x769: 0x4000, - 0x76a: 0x4000, 0x76b: 0x4000, 0x76c: 0x4000, - 0x770: 0x4000, 0x773: 0x4000, - // Block 0x1e, offset 0x780 - 0x7a0: 0x2000, 0x7a1: 0x2000, 0x7a2: 0x2000, 0x7a3: 0x2000, - 0x7a4: 0x2000, 0x7a5: 0x2000, 0x7a6: 0x2000, 0x7a7: 0x2000, 0x7a8: 0x2000, 0x7a9: 0x2000, - 0x7aa: 0x2000, 0x7ab: 0x2000, 0x7ac: 0x2000, 0x7ad: 0x2000, 0x7ae: 0x2000, 0x7af: 0x2000, - 0x7b0: 0x2000, 0x7b1: 0x2000, 0x7b2: 0x2000, 0x7b3: 0x2000, 0x7b4: 0x2000, 0x7b5: 0x2000, - 0x7b6: 0x2000, 0x7b7: 0x2000, 0x7b8: 0x2000, 0x7b9: 0x2000, 0x7ba: 0x2000, 0x7bb: 0x2000, - 0x7bc: 0x2000, 0x7bd: 0x2000, 0x7be: 0x2000, 0x7bf: 0x2000, - // Block 0x1f, offset 0x7c0 - 0x7c0: 0x2000, 0x7c1: 0x2000, 0x7c2: 0x2000, 0x7c3: 0x2000, 0x7c4: 0x2000, 0x7c5: 0x2000, - 0x7c6: 0x2000, 0x7c7: 0x2000, 0x7c8: 0x2000, 0x7c9: 0x2000, 0x7ca: 0x2000, 0x7cb: 0x2000, - 0x7cc: 0x2000, 0x7cd: 0x2000, 0x7ce: 0x2000, 0x7cf: 0x2000, 0x7d0: 0x2000, 0x7d1: 0x2000, - 0x7d2: 0x2000, 0x7d3: 0x2000, 0x7d4: 0x2000, 0x7d5: 0x2000, 0x7d6: 0x2000, 0x7d7: 0x2000, - 0x7d8: 0x2000, 0x7d9: 0x2000, 0x7da: 0x2000, 0x7db: 0x2000, 0x7dc: 0x2000, 0x7dd: 0x2000, - 0x7de: 0x2000, 0x7df: 0x2000, 0x7e0: 0x2000, 0x7e1: 0x2000, 0x7e2: 0x2000, 0x7e3: 0x2000, - 0x7e4: 0x2000, 0x7e5: 0x2000, 0x7e6: 0x2000, 0x7e7: 0x2000, 0x7e8: 0x2000, 0x7e9: 0x2000, - 0x7eb: 0x2000, 0x7ec: 0x2000, 0x7ed: 0x2000, 0x7ee: 0x2000, 0x7ef: 0x2000, - 0x7f0: 0x2000, 0x7f1: 0x2000, 0x7f2: 0x2000, 0x7f3: 0x2000, 0x7f4: 0x2000, 0x7f5: 0x2000, - 0x7f6: 0x2000, 0x7f7: 0x2000, 0x7f8: 0x2000, 0x7f9: 0x2000, 0x7fa: 0x2000, 0x7fb: 0x2000, - 0x7fc: 0x2000, 0x7fd: 0x2000, 0x7fe: 0x2000, 0x7ff: 0x2000, - // Block 0x20, offset 0x800 - 0x800: 0x2000, 0x801: 0x2000, 0x802: 0x200d, 0x803: 0x2000, 0x804: 0x2000, 0x805: 0x2000, - 0x806: 0x2000, 0x807: 0x2000, 0x808: 0x2000, 0x809: 0x2000, 0x80a: 0x2000, 0x80b: 0x2000, - 0x80c: 0x2000, 0x80d: 0x2000, 0x80e: 0x2000, 0x80f: 0x2000, 0x810: 0x2000, 0x811: 0x2000, - 0x812: 0x2000, 0x813: 0x2000, 0x814: 0x2000, 0x815: 0x2000, 0x816: 0x2000, 0x817: 0x2000, - 0x818: 0x2000, 0x819: 0x2000, 0x81a: 0x2000, 0x81b: 0x2000, 0x81c: 0x2000, 0x81d: 0x2000, - 0x81e: 0x2000, 0x81f: 0x2000, 0x820: 0x2000, 0x821: 0x2000, 0x822: 0x2000, 0x823: 0x2000, - 0x824: 0x2000, 0x825: 0x2000, 0x826: 0x2000, 0x827: 0x2000, 0x828: 0x2000, 0x829: 0x2000, - 0x82a: 0x2000, 0x82b: 0x2000, 0x82c: 0x2000, 0x82d: 0x2000, 0x82e: 0x2000, 0x82f: 0x2000, - 0x830: 0x2000, 0x831: 0x2000, 0x832: 0x2000, 0x833: 0x2000, 0x834: 0x2000, 0x835: 0x2000, - 0x836: 0x2000, 0x837: 0x2000, 0x838: 0x2000, 0x839: 0x2000, 0x83a: 0x2000, 0x83b: 0x2000, - 0x83c: 0x2000, 0x83d: 0x2000, 0x83e: 0x2000, 0x83f: 0x2000, - // Block 0x21, offset 0x840 - 0x840: 0x2000, 0x841: 0x2000, 0x842: 0x2000, 0x843: 0x2000, 0x844: 0x2000, 0x845: 0x2000, - 0x846: 0x2000, 0x847: 0x2000, 0x848: 0x2000, 0x849: 0x2000, 0x84a: 0x2000, 0x84b: 0x2000, - 0x850: 0x2000, 0x851: 0x2000, - 0x852: 0x2000, 0x853: 0x2000, 0x854: 0x2000, 0x855: 0x2000, 0x856: 0x2000, 0x857: 0x2000, - 0x858: 0x2000, 0x859: 0x2000, 0x85a: 0x2000, 0x85b: 0x2000, 0x85c: 0x2000, 0x85d: 0x2000, - 0x85e: 0x2000, 0x85f: 0x2000, 0x860: 0x2000, 0x861: 0x2000, 0x862: 0x2000, 0x863: 0x2000, - 0x864: 0x2000, 0x865: 0x2000, 0x866: 0x2000, 0x867: 0x2000, 0x868: 0x2000, 0x869: 0x2000, - 0x86a: 0x2000, 0x86b: 0x2000, 0x86c: 0x2000, 0x86d: 0x2000, 0x86e: 0x2000, 0x86f: 0x2000, - 0x870: 0x2000, 0x871: 0x2000, 0x872: 0x2000, 0x873: 0x2000, - // Block 0x22, offset 0x880 - 0x880: 0x2000, 0x881: 0x2000, 0x882: 0x2000, 0x883: 0x2000, 0x884: 0x2000, 0x885: 0x2000, - 0x886: 0x2000, 0x887: 0x2000, 0x888: 0x2000, 0x889: 0x2000, 0x88a: 0x2000, 0x88b: 0x2000, - 0x88c: 0x2000, 0x88d: 0x2000, 0x88e: 0x2000, 0x88f: 0x2000, - 0x892: 0x2000, 0x893: 0x2000, 0x894: 0x2000, 0x895: 0x2000, - 0x8a0: 0x200e, 0x8a1: 0x2000, 0x8a3: 0x2000, - 0x8a4: 0x2000, 0x8a5: 0x2000, 0x8a6: 0x2000, 0x8a7: 0x2000, 0x8a8: 0x2000, 0x8a9: 0x2000, - 0x8b2: 0x2000, 0x8b3: 0x2000, - 0x8b6: 0x2000, 0x8b7: 0x2000, - 0x8bc: 0x2000, 0x8bd: 0x2000, - // Block 0x23, offset 0x8c0 - 0x8c0: 0x2000, 0x8c1: 0x2000, - 0x8c6: 0x2000, 0x8c7: 0x2000, 0x8c8: 0x2000, 0x8cb: 0x200f, - 0x8ce: 0x2000, 0x8cf: 0x2000, 0x8d0: 0x2000, 0x8d1: 0x2000, - 0x8e2: 0x2000, 0x8e3: 0x2000, - 0x8e4: 0x2000, 0x8e5: 0x2000, - 0x8ef: 0x2000, - 0x8fd: 0x4000, 0x8fe: 0x4000, - // Block 0x24, offset 0x900 - 0x905: 0x2000, - 0x906: 0x2000, 0x909: 0x2000, - 0x90e: 0x2000, 0x90f: 0x2000, - 0x914: 0x4000, 0x915: 0x4000, - 0x91c: 0x2000, - 0x91e: 0x2000, - // Block 0x25, offset 0x940 - 0x940: 0x2000, 0x942: 0x2000, - 0x948: 0x4000, 0x949: 0x4000, 0x94a: 0x4000, 0x94b: 0x4000, - 0x94c: 0x4000, 0x94d: 0x4000, 0x94e: 0x4000, 0x94f: 0x4000, 0x950: 0x4000, 0x951: 0x4000, - 0x952: 0x4000, 0x953: 0x4000, - 0x960: 0x2000, 0x961: 0x2000, 0x963: 0x2000, - 0x964: 0x2000, 0x965: 0x2000, 0x967: 0x2000, 0x968: 0x2000, 0x969: 0x2000, - 0x96a: 0x2000, 0x96c: 0x2000, 0x96d: 0x2000, 0x96f: 0x2000, - 0x97f: 0x4000, - // Block 0x26, offset 0x980 - 0x993: 0x4000, - 0x99e: 0x2000, 0x99f: 0x2000, 0x9a1: 0x4000, - 0x9aa: 0x4000, 0x9ab: 0x4000, - 0x9bd: 0x4000, 0x9be: 0x4000, 0x9bf: 0x2000, - // Block 0x27, offset 0x9c0 - 0x9c4: 0x4000, 0x9c5: 0x4000, - 0x9c6: 0x2000, 0x9c7: 0x2000, 0x9c8: 0x2000, 0x9c9: 0x2000, 0x9ca: 0x2000, 0x9cb: 0x2000, - 0x9cc: 0x2000, 0x9cd: 0x2000, 0x9ce: 0x4000, 0x9cf: 0x2000, 0x9d0: 0x2000, 0x9d1: 0x2000, - 0x9d2: 0x2000, 0x9d3: 0x2000, 0x9d4: 0x4000, 0x9d5: 0x2000, 0x9d6: 0x2000, 0x9d7: 0x2000, - 0x9d8: 0x2000, 0x9d9: 0x2000, 0x9da: 0x2000, 0x9db: 0x2000, 0x9dc: 0x2000, 0x9dd: 0x2000, - 0x9de: 0x2000, 0x9df: 0x2000, 0x9e0: 0x2000, 0x9e1: 0x2000, 0x9e3: 0x2000, - 0x9e8: 0x2000, 0x9e9: 0x2000, - 0x9ea: 0x4000, 0x9eb: 0x2000, 0x9ec: 0x2000, 0x9ed: 0x2000, 0x9ee: 0x2000, 0x9ef: 0x2000, - 0x9f0: 0x2000, 0x9f1: 0x2000, 0x9f2: 0x4000, 0x9f3: 0x4000, 0x9f4: 0x2000, 0x9f5: 0x4000, - 0x9f6: 0x2000, 0x9f7: 0x2000, 0x9f8: 0x2000, 0x9f9: 0x2000, 0x9fa: 0x4000, 0x9fb: 0x2000, - 0x9fc: 0x2000, 0x9fd: 0x4000, 0x9fe: 0x2000, 0x9ff: 0x2000, - // Block 0x28, offset 0xa00 - 0xa05: 0x4000, - 0xa0a: 0x4000, 0xa0b: 0x4000, - 0xa28: 0x4000, - 0xa3d: 0x2000, - // Block 0x29, offset 0xa40 - 0xa4c: 0x4000, 0xa4e: 0x4000, - 0xa53: 0x4000, 0xa54: 0x4000, 0xa55: 0x4000, 0xa57: 0x4000, - 0xa76: 0x2000, 0xa77: 0x2000, 0xa78: 0x2000, 0xa79: 0x2000, 0xa7a: 0x2000, 0xa7b: 0x2000, - 0xa7c: 0x2000, 0xa7d: 0x2000, 0xa7e: 0x2000, 0xa7f: 0x2000, - // Block 0x2a, offset 0xa80 - 0xa95: 0x4000, 0xa96: 0x4000, 0xa97: 0x4000, - 0xab0: 0x4000, - 0xabf: 0x4000, - // Block 0x2b, offset 0xac0 - 0xae6: 0x6000, 0xae7: 0x6000, 0xae8: 0x6000, 0xae9: 0x6000, - 0xaea: 0x6000, 0xaeb: 0x6000, 0xaec: 0x6000, 0xaed: 0x6000, - // Block 0x2c, offset 0xb00 - 0xb05: 0x6010, - 0xb06: 0x6011, - // Block 0x2d, offset 0xb40 - 0xb5b: 0x4000, 0xb5c: 0x4000, - // Block 0x2e, offset 0xb80 - 0xb90: 0x4000, - 0xb95: 0x4000, 0xb96: 0x2000, 0xb97: 0x2000, - 0xb98: 0x2000, 0xb99: 0x2000, - // Block 0x2f, offset 0xbc0 - 0xbc0: 0x4000, 0xbc1: 0x4000, 0xbc2: 0x4000, 0xbc3: 0x4000, 0xbc4: 0x4000, 0xbc5: 0x4000, - 0xbc6: 0x4000, 0xbc7: 0x4000, 0xbc8: 0x4000, 0xbc9: 0x4000, 0xbca: 0x4000, 0xbcb: 0x4000, - 0xbcc: 0x4000, 0xbcd: 0x4000, 0xbce: 0x4000, 0xbcf: 0x4000, 0xbd0: 0x4000, 0xbd1: 0x4000, - 0xbd2: 0x4000, 0xbd3: 0x4000, 0xbd4: 0x4000, 0xbd5: 0x4000, 0xbd6: 0x4000, 0xbd7: 0x4000, - 0xbd8: 0x4000, 0xbd9: 0x4000, 0xbdb: 0x4000, 0xbdc: 0x4000, 0xbdd: 0x4000, - 0xbde: 0x4000, 0xbdf: 0x4000, 0xbe0: 0x4000, 0xbe1: 0x4000, 0xbe2: 0x4000, 0xbe3: 0x4000, - 0xbe4: 0x4000, 0xbe5: 0x4000, 0xbe6: 0x4000, 0xbe7: 0x4000, 0xbe8: 0x4000, 0xbe9: 0x4000, - 0xbea: 0x4000, 0xbeb: 0x4000, 0xbec: 0x4000, 0xbed: 0x4000, 0xbee: 0x4000, 0xbef: 0x4000, - 0xbf0: 0x4000, 0xbf1: 0x4000, 0xbf2: 0x4000, 0xbf3: 0x4000, 0xbf4: 0x4000, 0xbf5: 0x4000, - 0xbf6: 0x4000, 0xbf7: 0x4000, 0xbf8: 0x4000, 0xbf9: 0x4000, 0xbfa: 0x4000, 0xbfb: 0x4000, - 0xbfc: 0x4000, 0xbfd: 0x4000, 0xbfe: 0x4000, 0xbff: 0x4000, - // Block 0x30, offset 0xc00 - 0xc00: 0x4000, 0xc01: 0x4000, 0xc02: 0x4000, 0xc03: 0x4000, 0xc04: 0x4000, 0xc05: 0x4000, - 0xc06: 0x4000, 0xc07: 0x4000, 0xc08: 0x4000, 0xc09: 0x4000, 0xc0a: 0x4000, 0xc0b: 0x4000, - 0xc0c: 0x4000, 0xc0d: 0x4000, 0xc0e: 0x4000, 0xc0f: 0x4000, 0xc10: 0x4000, 0xc11: 0x4000, - 0xc12: 0x4000, 0xc13: 0x4000, 0xc14: 0x4000, 0xc15: 0x4000, 0xc16: 0x4000, 0xc17: 0x4000, - 0xc18: 0x4000, 0xc19: 0x4000, 0xc1a: 0x4000, 0xc1b: 0x4000, 0xc1c: 0x4000, 0xc1d: 0x4000, - 0xc1e: 0x4000, 0xc1f: 0x4000, 0xc20: 0x4000, 0xc21: 0x4000, 0xc22: 0x4000, 0xc23: 0x4000, - 0xc24: 0x4000, 0xc25: 0x4000, 0xc26: 0x4000, 0xc27: 0x4000, 0xc28: 0x4000, 0xc29: 0x4000, - 0xc2a: 0x4000, 0xc2b: 0x4000, 0xc2c: 0x4000, 0xc2d: 0x4000, 0xc2e: 0x4000, 0xc2f: 0x4000, - 0xc30: 0x4000, 0xc31: 0x4000, 0xc32: 0x4000, 0xc33: 0x4000, - // Block 0x31, offset 0xc40 - 0xc40: 0x4000, 0xc41: 0x4000, 0xc42: 0x4000, 0xc43: 0x4000, 0xc44: 0x4000, 0xc45: 0x4000, - 0xc46: 0x4000, 0xc47: 0x4000, 0xc48: 0x4000, 0xc49: 0x4000, 0xc4a: 0x4000, 0xc4b: 0x4000, - 0xc4c: 0x4000, 0xc4d: 0x4000, 0xc4e: 0x4000, 0xc4f: 0x4000, 0xc50: 0x4000, 0xc51: 0x4000, - 0xc52: 0x4000, 0xc53: 0x4000, 0xc54: 0x4000, 0xc55: 0x4000, - 0xc70: 0x4000, 0xc71: 0x4000, 0xc72: 0x4000, 0xc73: 0x4000, 0xc74: 0x4000, 0xc75: 0x4000, - 0xc76: 0x4000, 0xc77: 0x4000, 0xc78: 0x4000, 0xc79: 0x4000, 0xc7a: 0x4000, 0xc7b: 0x4000, - // Block 0x32, offset 0xc80 - 0xc80: 0x9012, 0xc81: 0x4013, 0xc82: 0x4014, 0xc83: 0x4000, 0xc84: 0x4000, 0xc85: 0x4000, - 0xc86: 0x4000, 0xc87: 0x4000, 0xc88: 0x4000, 0xc89: 0x4000, 0xc8a: 0x4000, 0xc8b: 0x4000, - 0xc8c: 0x4015, 0xc8d: 0x4015, 0xc8e: 0x4000, 0xc8f: 0x4000, 0xc90: 0x4000, 0xc91: 0x4000, - 0xc92: 0x4000, 0xc93: 0x4000, 0xc94: 0x4000, 0xc95: 0x4000, 0xc96: 0x4000, 0xc97: 0x4000, - 0xc98: 0x4000, 0xc99: 0x4000, 0xc9a: 0x4000, 0xc9b: 0x4000, 0xc9c: 0x4000, 0xc9d: 0x4000, - 0xc9e: 0x4000, 0xc9f: 0x4000, 0xca0: 0x4000, 0xca1: 0x4000, 0xca2: 0x4000, 0xca3: 0x4000, - 0xca4: 0x4000, 0xca5: 0x4000, 0xca6: 0x4000, 0xca7: 0x4000, 0xca8: 0x4000, 0xca9: 0x4000, - 0xcaa: 0x4000, 0xcab: 0x4000, 0xcac: 0x4000, 0xcad: 0x4000, 0xcae: 0x4000, 0xcaf: 0x4000, - 0xcb0: 0x4000, 0xcb1: 0x4000, 0xcb2: 0x4000, 0xcb3: 0x4000, 0xcb4: 0x4000, 0xcb5: 0x4000, - 0xcb6: 0x4000, 0xcb7: 0x4000, 0xcb8: 0x4000, 0xcb9: 0x4000, 0xcba: 0x4000, 0xcbb: 0x4000, - 0xcbc: 0x4000, 0xcbd: 0x4000, 0xcbe: 0x4000, - // Block 0x33, offset 0xcc0 - 0xcc1: 0x4000, 0xcc2: 0x4000, 0xcc3: 0x4000, 0xcc4: 0x4000, 0xcc5: 0x4000, - 0xcc6: 0x4000, 0xcc7: 0x4000, 0xcc8: 0x4000, 0xcc9: 0x4000, 0xcca: 0x4000, 0xccb: 0x4000, - 0xccc: 0x4000, 0xccd: 0x4000, 0xcce: 0x4000, 0xccf: 0x4000, 0xcd0: 0x4000, 0xcd1: 0x4000, - 0xcd2: 0x4000, 0xcd3: 0x4000, 0xcd4: 0x4000, 0xcd5: 0x4000, 0xcd6: 0x4000, 0xcd7: 0x4000, - 0xcd8: 0x4000, 0xcd9: 0x4000, 0xcda: 0x4000, 0xcdb: 0x4000, 0xcdc: 0x4000, 0xcdd: 0x4000, - 0xcde: 0x4000, 0xcdf: 0x4000, 0xce0: 0x4000, 0xce1: 0x4000, 0xce2: 0x4000, 0xce3: 0x4000, - 0xce4: 0x4000, 0xce5: 0x4000, 0xce6: 0x4000, 0xce7: 0x4000, 0xce8: 0x4000, 0xce9: 0x4000, - 0xcea: 0x4000, 0xceb: 0x4000, 0xcec: 0x4000, 0xced: 0x4000, 0xcee: 0x4000, 0xcef: 0x4000, - 0xcf0: 0x4000, 0xcf1: 0x4000, 0xcf2: 0x4000, 0xcf3: 0x4000, 0xcf4: 0x4000, 0xcf5: 0x4000, - 0xcf6: 0x4000, 0xcf7: 0x4000, 0xcf8: 0x4000, 0xcf9: 0x4000, 0xcfa: 0x4000, 0xcfb: 0x4000, - 0xcfc: 0x4000, 0xcfd: 0x4000, 0xcfe: 0x4000, 0xcff: 0x4000, - // Block 0x34, offset 0xd00 - 0xd00: 0x4000, 0xd01: 0x4000, 0xd02: 0x4000, 0xd03: 0x4000, 0xd04: 0x4000, 0xd05: 0x4000, - 0xd06: 0x4000, 0xd07: 0x4000, 0xd08: 0x4000, 0xd09: 0x4000, 0xd0a: 0x4000, 0xd0b: 0x4000, - 0xd0c: 0x4000, 0xd0d: 0x4000, 0xd0e: 0x4000, 0xd0f: 0x4000, 0xd10: 0x4000, 0xd11: 0x4000, - 0xd12: 0x4000, 0xd13: 0x4000, 0xd14: 0x4000, 0xd15: 0x4000, 0xd16: 0x4000, - 0xd19: 0x4016, 0xd1a: 0x4017, 0xd1b: 0x4000, 0xd1c: 0x4000, 0xd1d: 0x4000, - 0xd1e: 0x4000, 0xd1f: 0x4000, 0xd20: 0x4000, 0xd21: 0x4018, 0xd22: 0x4019, 0xd23: 0x401a, - 0xd24: 0x401b, 0xd25: 0x401c, 0xd26: 0x401d, 0xd27: 0x401e, 0xd28: 0x401f, 0xd29: 0x4020, - 0xd2a: 0x4021, 0xd2b: 0x4022, 0xd2c: 0x4000, 0xd2d: 0x4010, 0xd2e: 0x4000, 0xd2f: 0x4023, - 0xd30: 0x4000, 0xd31: 0x4024, 0xd32: 0x4000, 0xd33: 0x4025, 0xd34: 0x4000, 0xd35: 0x4026, - 0xd36: 0x4000, 0xd37: 0x401a, 0xd38: 0x4000, 0xd39: 0x4027, 0xd3a: 0x4000, 0xd3b: 0x4028, - 0xd3c: 0x4000, 0xd3d: 0x4020, 0xd3e: 0x4000, 0xd3f: 0x4029, - // Block 0x35, offset 0xd40 - 0xd40: 0x4000, 0xd41: 0x402a, 0xd42: 0x4000, 0xd43: 0x402b, 0xd44: 0x402c, 0xd45: 0x4000, - 0xd46: 0x4017, 0xd47: 0x4000, 0xd48: 0x402d, 0xd49: 0x4000, 0xd4a: 0x402e, 0xd4b: 0x402f, - 0xd4c: 0x4030, 0xd4d: 0x4017, 0xd4e: 0x4016, 0xd4f: 0x4017, 0xd50: 0x4000, 0xd51: 0x4000, - 0xd52: 0x4031, 0xd53: 0x4000, 0xd54: 0x4000, 0xd55: 0x4031, 0xd56: 0x4000, 0xd57: 0x4000, - 0xd58: 0x4032, 0xd59: 0x4000, 0xd5a: 0x4000, 0xd5b: 0x4032, 0xd5c: 0x4000, 0xd5d: 0x4000, - 0xd5e: 0x4033, 0xd5f: 0x402e, 0xd60: 0x4034, 0xd61: 0x4035, 0xd62: 0x4034, 0xd63: 0x4036, - 0xd64: 0x4037, 0xd65: 0x4024, 0xd66: 0x4035, 0xd67: 0x4025, 0xd68: 0x4038, 0xd69: 0x4038, - 0xd6a: 0x4039, 0xd6b: 0x4039, 0xd6c: 0x403a, 0xd6d: 0x403a, 0xd6e: 0x4000, 0xd6f: 0x4035, - 0xd70: 0x4000, 0xd71: 0x4000, 0xd72: 0x403b, 0xd73: 0x403c, 0xd74: 0x4000, 0xd75: 0x4000, - 0xd76: 0x4000, 0xd77: 0x4000, 0xd78: 0x4000, 0xd79: 0x4000, 0xd7a: 0x4000, 0xd7b: 0x403d, - 0xd7c: 0x401c, 0xd7d: 0x4000, 0xd7e: 0x4000, 0xd7f: 0x4000, - // Block 0x36, offset 0xd80 - 0xd85: 0x4000, - 0xd86: 0x4000, 0xd87: 0x4000, 0xd88: 0x4000, 0xd89: 0x4000, 0xd8a: 0x4000, 0xd8b: 0x4000, - 0xd8c: 0x4000, 0xd8d: 0x4000, 0xd8e: 0x4000, 0xd8f: 0x4000, 0xd90: 0x4000, 0xd91: 0x4000, - 0xd92: 0x4000, 0xd93: 0x4000, 0xd94: 0x4000, 0xd95: 0x4000, 0xd96: 0x4000, 0xd97: 0x4000, - 0xd98: 0x4000, 0xd99: 0x4000, 0xd9a: 0x4000, 0xd9b: 0x4000, 0xd9c: 0x4000, 0xd9d: 0x4000, - 0xd9e: 0x4000, 0xd9f: 0x4000, 0xda0: 0x4000, 0xda1: 0x4000, 0xda2: 0x4000, 0xda3: 0x4000, - 0xda4: 0x4000, 0xda5: 0x4000, 0xda6: 0x4000, 0xda7: 0x4000, 0xda8: 0x4000, 0xda9: 0x4000, - 0xdaa: 0x4000, 0xdab: 0x4000, 0xdac: 0x4000, 0xdad: 0x4000, 0xdae: 0x4000, - 0xdb1: 0x403e, 0xdb2: 0x403e, 0xdb3: 0x403e, 0xdb4: 0x403e, 0xdb5: 0x403e, - 0xdb6: 0x403e, 0xdb7: 0x403e, 0xdb8: 0x403e, 0xdb9: 0x403e, 0xdba: 0x403e, 0xdbb: 0x403e, - 0xdbc: 0x403e, 0xdbd: 0x403e, 0xdbe: 0x403e, 0xdbf: 0x403e, - // Block 0x37, offset 0xdc0 - 0xdc0: 0x4037, 0xdc1: 0x4037, 0xdc2: 0x4037, 0xdc3: 0x4037, 0xdc4: 0x4037, 0xdc5: 0x4037, - 0xdc6: 0x4037, 0xdc7: 0x4037, 0xdc8: 0x4037, 0xdc9: 0x4037, 0xdca: 0x4037, 0xdcb: 0x4037, - 0xdcc: 0x4037, 0xdcd: 0x4037, 0xdce: 0x4037, 0xdcf: 0x400e, 0xdd0: 0x403f, 0xdd1: 0x4040, - 0xdd2: 0x4041, 0xdd3: 0x4040, 0xdd4: 0x403f, 0xdd5: 0x4042, 0xdd6: 0x4043, 0xdd7: 0x4044, - 0xdd8: 0x4040, 0xdd9: 0x4041, 0xdda: 0x4040, 0xddb: 0x4045, 0xddc: 0x4009, 0xddd: 0x4045, - 0xdde: 0x4046, 0xddf: 0x4045, 0xde0: 0x4047, 0xde1: 0x400b, 0xde2: 0x400a, 0xde3: 0x400c, - 0xde4: 0x4048, 0xde5: 0x4000, 0xde6: 0x4000, 0xde7: 0x4000, 0xde8: 0x4000, 0xde9: 0x4000, - 0xdea: 0x4000, 0xdeb: 0x4000, 0xdec: 0x4000, 0xded: 0x4000, 0xdee: 0x4000, 0xdef: 0x4000, - 0xdf0: 0x4000, 0xdf1: 0x4000, 0xdf2: 0x4000, 0xdf3: 0x4000, 0xdf4: 0x4000, 0xdf5: 0x4000, - 0xdf6: 0x4000, 0xdf7: 0x4000, 0xdf8: 0x4000, 0xdf9: 0x4000, 0xdfa: 0x4000, 0xdfb: 0x4000, - 0xdfc: 0x4000, 0xdfd: 0x4000, 0xdfe: 0x4000, 0xdff: 0x4000, - // Block 0x38, offset 0xe00 - 0xe00: 0x4000, 0xe01: 0x4000, 0xe02: 0x4000, 0xe03: 0x4000, 0xe04: 0x4000, 0xe05: 0x4000, - 0xe06: 0x4000, 0xe07: 0x4000, 0xe08: 0x4000, 0xe09: 0x4000, 0xe0a: 0x4000, 0xe0b: 0x4000, - 0xe0c: 0x4000, 0xe0d: 0x4000, 0xe0e: 0x4000, 0xe10: 0x4000, 0xe11: 0x4000, - 0xe12: 0x4000, 0xe13: 0x4000, 0xe14: 0x4000, 0xe15: 0x4000, 0xe16: 0x4000, 0xe17: 0x4000, - 0xe18: 0x4000, 0xe19: 0x4000, 0xe1a: 0x4000, 0xe1b: 0x4000, 0xe1c: 0x4000, 0xe1d: 0x4000, - 0xe1e: 0x4000, 0xe1f: 0x4000, 0xe20: 0x4000, 0xe21: 0x4000, 0xe22: 0x4000, 0xe23: 0x4000, - 0xe24: 0x4000, 0xe25: 0x4000, 0xe26: 0x4000, 0xe27: 0x4000, 0xe28: 0x4000, 0xe29: 0x4000, - 0xe2a: 0x4000, 0xe2b: 0x4000, 0xe2c: 0x4000, 0xe2d: 0x4000, 0xe2e: 0x4000, 0xe2f: 0x4000, - 0xe30: 0x4000, 0xe31: 0x4000, 0xe32: 0x4000, 0xe33: 0x4000, 0xe34: 0x4000, 0xe35: 0x4000, - 0xe36: 0x4000, 0xe37: 0x4000, 0xe38: 0x4000, 0xe39: 0x4000, 0xe3a: 0x4000, - // Block 0x39, offset 0xe40 - 0xe40: 0x4000, 0xe41: 0x4000, 0xe42: 0x4000, 0xe43: 0x4000, 0xe44: 0x4000, 0xe45: 0x4000, - 0xe46: 0x4000, 0xe47: 0x4000, 0xe48: 0x4000, 0xe49: 0x4000, 0xe4a: 0x4000, 0xe4b: 0x4000, - 0xe4c: 0x4000, 0xe4d: 0x4000, 0xe4e: 0x4000, 0xe4f: 0x4000, 0xe50: 0x4000, 0xe51: 0x4000, - 0xe52: 0x4000, 0xe53: 0x4000, 0xe54: 0x4000, 0xe55: 0x4000, 0xe56: 0x4000, 0xe57: 0x4000, - 0xe58: 0x4000, 0xe59: 0x4000, 0xe5a: 0x4000, 0xe5b: 0x4000, 0xe5c: 0x4000, 0xe5d: 0x4000, - 0xe5e: 0x4000, 0xe5f: 0x4000, 0xe60: 0x4000, 0xe61: 0x4000, 0xe62: 0x4000, 0xe63: 0x4000, - 0xe70: 0x4000, 0xe71: 0x4000, 0xe72: 0x4000, 0xe73: 0x4000, 0xe74: 0x4000, 0xe75: 0x4000, - 0xe76: 0x4000, 0xe77: 0x4000, 0xe78: 0x4000, 0xe79: 0x4000, 0xe7a: 0x4000, 0xe7b: 0x4000, - 0xe7c: 0x4000, 0xe7d: 0x4000, 0xe7e: 0x4000, 0xe7f: 0x4000, - // Block 0x3a, offset 0xe80 - 0xe80: 0x4000, 0xe81: 0x4000, 0xe82: 0x4000, 0xe83: 0x4000, 0xe84: 0x4000, 0xe85: 0x4000, - 0xe86: 0x4000, 0xe87: 0x4000, 0xe88: 0x4000, 0xe89: 0x4000, 0xe8a: 0x4000, 0xe8b: 0x4000, - 0xe8c: 0x4000, 0xe8d: 0x4000, 0xe8e: 0x4000, 0xe8f: 0x4000, 0xe90: 0x4000, 0xe91: 0x4000, - 0xe92: 0x4000, 0xe93: 0x4000, 0xe94: 0x4000, 0xe95: 0x4000, 0xe96: 0x4000, 0xe97: 0x4000, - 0xe98: 0x4000, 0xe99: 0x4000, 0xe9a: 0x4000, 0xe9b: 0x4000, 0xe9c: 0x4000, 0xe9d: 0x4000, - 0xe9e: 0x4000, 0xea0: 0x4000, 0xea1: 0x4000, 0xea2: 0x4000, 0xea3: 0x4000, - 0xea4: 0x4000, 0xea5: 0x4000, 0xea6: 0x4000, 0xea7: 0x4000, 0xea8: 0x4000, 0xea9: 0x4000, - 0xeaa: 0x4000, 0xeab: 0x4000, 0xeac: 0x4000, 0xead: 0x4000, 0xeae: 0x4000, 0xeaf: 0x4000, - 0xeb0: 0x4000, 0xeb1: 0x4000, 0xeb2: 0x4000, 0xeb3: 0x4000, 0xeb4: 0x4000, 0xeb5: 0x4000, - 0xeb6: 0x4000, 0xeb7: 0x4000, 0xeb8: 0x4000, 0xeb9: 0x4000, 0xeba: 0x4000, 0xebb: 0x4000, - 0xebc: 0x4000, 0xebd: 0x4000, 0xebe: 0x4000, 0xebf: 0x4000, - // Block 0x3b, offset 0xec0 - 0xec0: 0x4000, 0xec1: 0x4000, 0xec2: 0x4000, 0xec3: 0x4000, 0xec4: 0x4000, 0xec5: 0x4000, - 0xec6: 0x4000, 0xec7: 0x4000, 0xec8: 0x2000, 0xec9: 0x2000, 0xeca: 0x2000, 0xecb: 0x2000, - 0xecc: 0x2000, 0xecd: 0x2000, 0xece: 0x2000, 0xecf: 0x2000, 0xed0: 0x4000, 0xed1: 0x4000, - 0xed2: 0x4000, 0xed3: 0x4000, 0xed4: 0x4000, 0xed5: 0x4000, 0xed6: 0x4000, 0xed7: 0x4000, - 0xed8: 0x4000, 0xed9: 0x4000, 0xeda: 0x4000, 0xedb: 0x4000, 0xedc: 0x4000, 0xedd: 0x4000, - 0xede: 0x4000, 0xedf: 0x4000, 0xee0: 0x4000, 0xee1: 0x4000, 0xee2: 0x4000, 0xee3: 0x4000, - 0xee4: 0x4000, 0xee5: 0x4000, 0xee6: 0x4000, 0xee7: 0x4000, 0xee8: 0x4000, 0xee9: 0x4000, - 0xeea: 0x4000, 0xeeb: 0x4000, 0xeec: 0x4000, 0xeed: 0x4000, 0xeee: 0x4000, 0xeef: 0x4000, - 0xef0: 0x4000, 0xef1: 0x4000, 0xef2: 0x4000, 0xef3: 0x4000, 0xef4: 0x4000, 0xef5: 0x4000, - 0xef6: 0x4000, 0xef7: 0x4000, 0xef8: 0x4000, 0xef9: 0x4000, 0xefa: 0x4000, 0xefb: 0x4000, - 0xefc: 0x4000, 0xefd: 0x4000, 0xefe: 0x4000, 0xeff: 0x4000, - // Block 0x3c, offset 0xf00 - 0xf00: 0x4000, 0xf01: 0x4000, 0xf02: 0x4000, 0xf03: 0x4000, 0xf04: 0x4000, 0xf05: 0x4000, - 0xf06: 0x4000, 0xf07: 0x4000, 0xf08: 0x4000, 0xf09: 0x4000, 0xf0a: 0x4000, 0xf0b: 0x4000, - 0xf0c: 0x4000, 0xf0d: 0x4000, 0xf0e: 0x4000, 0xf0f: 0x4000, 0xf10: 0x4000, 0xf11: 0x4000, - 0xf12: 0x4000, 0xf13: 0x4000, 0xf14: 0x4000, 0xf15: 0x4000, 0xf16: 0x4000, 0xf17: 0x4000, - 0xf18: 0x4000, 0xf19: 0x4000, 0xf1a: 0x4000, 0xf1b: 0x4000, 0xf1c: 0x4000, 0xf1d: 0x4000, - 0xf1e: 0x4000, 0xf1f: 0x4000, 0xf20: 0x4000, 0xf21: 0x4000, 0xf22: 0x4000, 0xf23: 0x4000, - 0xf24: 0x4000, 0xf25: 0x4000, 0xf26: 0x4000, 0xf27: 0x4000, 0xf28: 0x4000, 0xf29: 0x4000, - 0xf2a: 0x4000, 0xf2b: 0x4000, 0xf2c: 0x4000, 0xf2d: 0x4000, 0xf2e: 0x4000, 0xf2f: 0x4000, - 0xf30: 0x4000, 0xf31: 0x4000, 0xf32: 0x4000, 0xf33: 0x4000, 0xf34: 0x4000, 0xf35: 0x4000, - 0xf36: 0x4000, 0xf37: 0x4000, 0xf38: 0x4000, 0xf39: 0x4000, 0xf3a: 0x4000, 0xf3b: 0x4000, - 0xf3c: 0x4000, 0xf3d: 0x4000, 0xf3e: 0x4000, - // Block 0x3d, offset 0xf40 - 0xf40: 0x4000, 0xf41: 0x4000, 0xf42: 0x4000, 0xf43: 0x4000, 0xf44: 0x4000, 0xf45: 0x4000, - 0xf46: 0x4000, 0xf47: 0x4000, 0xf48: 0x4000, 0xf49: 0x4000, 0xf4a: 0x4000, 0xf4b: 0x4000, - 0xf4c: 0x4000, 0xf50: 0x4000, 0xf51: 0x4000, - 0xf52: 0x4000, 0xf53: 0x4000, 0xf54: 0x4000, 0xf55: 0x4000, 0xf56: 0x4000, 0xf57: 0x4000, - 0xf58: 0x4000, 0xf59: 0x4000, 0xf5a: 0x4000, 0xf5b: 0x4000, 0xf5c: 0x4000, 0xf5d: 0x4000, - 0xf5e: 0x4000, 0xf5f: 0x4000, 0xf60: 0x4000, 0xf61: 0x4000, 0xf62: 0x4000, 0xf63: 0x4000, - 0xf64: 0x4000, 0xf65: 0x4000, 0xf66: 0x4000, 0xf67: 0x4000, 0xf68: 0x4000, 0xf69: 0x4000, - 0xf6a: 0x4000, 0xf6b: 0x4000, 0xf6c: 0x4000, 0xf6d: 0x4000, 0xf6e: 0x4000, 0xf6f: 0x4000, - 0xf70: 0x4000, 0xf71: 0x4000, 0xf72: 0x4000, 0xf73: 0x4000, 0xf74: 0x4000, 0xf75: 0x4000, - 0xf76: 0x4000, 0xf77: 0x4000, 0xf78: 0x4000, 0xf79: 0x4000, 0xf7a: 0x4000, 0xf7b: 0x4000, - 0xf7c: 0x4000, 0xf7d: 0x4000, 0xf7e: 0x4000, 0xf7f: 0x4000, - // Block 0x3e, offset 0xf80 - 0xf80: 0x4000, 0xf81: 0x4000, 0xf82: 0x4000, 0xf83: 0x4000, 0xf84: 0x4000, 0xf85: 0x4000, - 0xf86: 0x4000, - // Block 0x3f, offset 0xfc0 - 0xfe0: 0x4000, 0xfe1: 0x4000, 0xfe2: 0x4000, 0xfe3: 0x4000, - 0xfe4: 0x4000, 0xfe5: 0x4000, 0xfe6: 0x4000, 0xfe7: 0x4000, 0xfe8: 0x4000, 0xfe9: 0x4000, - 0xfea: 0x4000, 0xfeb: 0x4000, 0xfec: 0x4000, 0xfed: 0x4000, 0xfee: 0x4000, 0xfef: 0x4000, - 0xff0: 0x4000, 0xff1: 0x4000, 0xff2: 0x4000, 0xff3: 0x4000, 0xff4: 0x4000, 0xff5: 0x4000, - 0xff6: 0x4000, 0xff7: 0x4000, 0xff8: 0x4000, 0xff9: 0x4000, 0xffa: 0x4000, 0xffb: 0x4000, - 0xffc: 0x4000, - // Block 0x40, offset 0x1000 - 0x1000: 0x4000, 0x1001: 0x4000, 0x1002: 0x4000, 0x1003: 0x4000, 0x1004: 0x4000, 0x1005: 0x4000, - 0x1006: 0x4000, 0x1007: 0x4000, 0x1008: 0x4000, 0x1009: 0x4000, 0x100a: 0x4000, 0x100b: 0x4000, - 0x100c: 0x4000, 0x100d: 0x4000, 0x100e: 0x4000, 0x100f: 0x4000, 0x1010: 0x4000, 0x1011: 0x4000, - 0x1012: 0x4000, 0x1013: 0x4000, 0x1014: 0x4000, 0x1015: 0x4000, 0x1016: 0x4000, 0x1017: 0x4000, - 0x1018: 0x4000, 0x1019: 0x4000, 0x101a: 0x4000, 0x101b: 0x4000, 0x101c: 0x4000, 0x101d: 0x4000, - 0x101e: 0x4000, 0x101f: 0x4000, 0x1020: 0x4000, 0x1021: 0x4000, 0x1022: 0x4000, 0x1023: 0x4000, - // Block 0x41, offset 0x1040 - 0x1040: 0x2000, 0x1041: 0x2000, 0x1042: 0x2000, 0x1043: 0x2000, 0x1044: 0x2000, 0x1045: 0x2000, - 0x1046: 0x2000, 0x1047: 0x2000, 0x1048: 0x2000, 0x1049: 0x2000, 0x104a: 0x2000, 0x104b: 0x2000, - 0x104c: 0x2000, 0x104d: 0x2000, 0x104e: 0x2000, 0x104f: 0x2000, 0x1050: 0x4000, 0x1051: 0x4000, - 0x1052: 0x4000, 0x1053: 0x4000, 0x1054: 0x4000, 0x1055: 0x4000, 0x1056: 0x4000, 0x1057: 0x4000, - 0x1058: 0x4000, 0x1059: 0x4000, - 0x1070: 0x4000, 0x1071: 0x4000, 0x1072: 0x4000, 0x1073: 0x4000, 0x1074: 0x4000, 0x1075: 0x4000, - 0x1076: 0x4000, 0x1077: 0x4000, 0x1078: 0x4000, 0x1079: 0x4000, 0x107a: 0x4000, 0x107b: 0x4000, - 0x107c: 0x4000, 0x107d: 0x4000, 0x107e: 0x4000, 0x107f: 0x4000, - // Block 0x42, offset 0x1080 - 0x1080: 0x4000, 0x1081: 0x4000, 0x1082: 0x4000, 0x1083: 0x4000, 0x1084: 0x4000, 0x1085: 0x4000, - 0x1086: 0x4000, 0x1087: 0x4000, 0x1088: 0x4000, 0x1089: 0x4000, 0x108a: 0x4000, 0x108b: 0x4000, - 0x108c: 0x4000, 0x108d: 0x4000, 0x108e: 0x4000, 0x108f: 0x4000, 0x1090: 0x4000, 0x1091: 0x4000, - 0x1092: 0x4000, 0x1094: 0x4000, 0x1095: 0x4000, 0x1096: 0x4000, 0x1097: 0x4000, - 0x1098: 0x4000, 0x1099: 0x4000, 0x109a: 0x4000, 0x109b: 0x4000, 0x109c: 0x4000, 0x109d: 0x4000, - 0x109e: 0x4000, 0x109f: 0x4000, 0x10a0: 0x4000, 0x10a1: 0x4000, 0x10a2: 0x4000, 0x10a3: 0x4000, - 0x10a4: 0x4000, 0x10a5: 0x4000, 0x10a6: 0x4000, 0x10a8: 0x4000, 0x10a9: 0x4000, - 0x10aa: 0x4000, 0x10ab: 0x4000, - // Block 0x43, offset 0x10c0 - 0x10c1: 0x9012, 0x10c2: 0x9012, 0x10c3: 0x9012, 0x10c4: 0x9012, 0x10c5: 0x9012, - 0x10c6: 0x9012, 0x10c7: 0x9012, 0x10c8: 0x9012, 0x10c9: 0x9012, 0x10ca: 0x9012, 0x10cb: 0x9012, - 0x10cc: 0x9012, 0x10cd: 0x9012, 0x10ce: 0x9012, 0x10cf: 0x9012, 0x10d0: 0x9012, 0x10d1: 0x9012, - 0x10d2: 0x9012, 0x10d3: 0x9012, 0x10d4: 0x9012, 0x10d5: 0x9012, 0x10d6: 0x9012, 0x10d7: 0x9012, - 0x10d8: 0x9012, 0x10d9: 0x9012, 0x10da: 0x9012, 0x10db: 0x9012, 0x10dc: 0x9012, 0x10dd: 0x9012, - 0x10de: 0x9012, 0x10df: 0x9012, 0x10e0: 0x9049, 0x10e1: 0x9049, 0x10e2: 0x9049, 0x10e3: 0x9049, - 0x10e4: 0x9049, 0x10e5: 0x9049, 0x10e6: 0x9049, 0x10e7: 0x9049, 0x10e8: 0x9049, 0x10e9: 0x9049, - 0x10ea: 0x9049, 0x10eb: 0x9049, 0x10ec: 0x9049, 0x10ed: 0x9049, 0x10ee: 0x9049, 0x10ef: 0x9049, - 0x10f0: 0x9049, 0x10f1: 0x9049, 0x10f2: 0x9049, 0x10f3: 0x9049, 0x10f4: 0x9049, 0x10f5: 0x9049, - 0x10f6: 0x9049, 0x10f7: 0x9049, 0x10f8: 0x9049, 0x10f9: 0x9049, 0x10fa: 0x9049, 0x10fb: 0x9049, - 0x10fc: 0x9049, 0x10fd: 0x9049, 0x10fe: 0x9049, 0x10ff: 0x9049, - // Block 0x44, offset 0x1100 - 0x1100: 0x9049, 0x1101: 0x9049, 0x1102: 0x9049, 0x1103: 0x9049, 0x1104: 0x9049, 0x1105: 0x9049, - 0x1106: 0x9049, 0x1107: 0x9049, 0x1108: 0x9049, 0x1109: 0x9049, 0x110a: 0x9049, 0x110b: 0x9049, - 0x110c: 0x9049, 0x110d: 0x9049, 0x110e: 0x9049, 0x110f: 0x9049, 0x1110: 0x9049, 0x1111: 0x9049, - 0x1112: 0x9049, 0x1113: 0x9049, 0x1114: 0x9049, 0x1115: 0x9049, 0x1116: 0x9049, 0x1117: 0x9049, - 0x1118: 0x9049, 0x1119: 0x9049, 0x111a: 0x9049, 0x111b: 0x9049, 0x111c: 0x9049, 0x111d: 0x9049, - 0x111e: 0x9049, 0x111f: 0x904a, 0x1120: 0x904b, 0x1121: 0xb04c, 0x1122: 0xb04d, 0x1123: 0xb04d, - 0x1124: 0xb04e, 0x1125: 0xb04f, 0x1126: 0xb050, 0x1127: 0xb051, 0x1128: 0xb052, 0x1129: 0xb053, - 0x112a: 0xb054, 0x112b: 0xb055, 0x112c: 0xb056, 0x112d: 0xb057, 0x112e: 0xb058, 0x112f: 0xb059, - 0x1130: 0xb05a, 0x1131: 0xb05b, 0x1132: 0xb05c, 0x1133: 0xb05d, 0x1134: 0xb05e, 0x1135: 0xb05f, - 0x1136: 0xb060, 0x1137: 0xb061, 0x1138: 0xb062, 0x1139: 0xb063, 0x113a: 0xb064, 0x113b: 0xb065, - 0x113c: 0xb052, 0x113d: 0xb066, 0x113e: 0xb067, 0x113f: 0xb055, - // Block 0x45, offset 0x1140 - 0x1140: 0xb068, 0x1141: 0xb069, 0x1142: 0xb06a, 0x1143: 0xb06b, 0x1144: 0xb05a, 0x1145: 0xb056, - 0x1146: 0xb06c, 0x1147: 0xb06d, 0x1148: 0xb06b, 0x1149: 0xb06e, 0x114a: 0xb06b, 0x114b: 0xb06f, - 0x114c: 0xb06f, 0x114d: 0xb070, 0x114e: 0xb070, 0x114f: 0xb071, 0x1150: 0xb056, 0x1151: 0xb072, - 0x1152: 0xb073, 0x1153: 0xb072, 0x1154: 0xb074, 0x1155: 0xb073, 0x1156: 0xb075, 0x1157: 0xb075, - 0x1158: 0xb076, 0x1159: 0xb076, 0x115a: 0xb077, 0x115b: 0xb077, 0x115c: 0xb073, 0x115d: 0xb078, - 0x115e: 0xb079, 0x115f: 0xb067, 0x1160: 0xb07a, 0x1161: 0xb07b, 0x1162: 0xb07b, 0x1163: 0xb07b, - 0x1164: 0xb07b, 0x1165: 0xb07b, 0x1166: 0xb07b, 0x1167: 0xb07b, 0x1168: 0xb07b, 0x1169: 0xb07b, - 0x116a: 0xb07b, 0x116b: 0xb07b, 0x116c: 0xb07b, 0x116d: 0xb07b, 0x116e: 0xb07b, 0x116f: 0xb07b, - 0x1170: 0xb07c, 0x1171: 0xb07c, 0x1172: 0xb07c, 0x1173: 0xb07c, 0x1174: 0xb07c, 0x1175: 0xb07c, - 0x1176: 0xb07c, 0x1177: 0xb07c, 0x1178: 0xb07c, 0x1179: 0xb07c, 0x117a: 0xb07c, 0x117b: 0xb07c, - 0x117c: 0xb07c, 0x117d: 0xb07c, 0x117e: 0xb07c, - // Block 0x46, offset 0x1180 - 0x1182: 0xb07d, 0x1183: 0xb07e, 0x1184: 0xb07f, 0x1185: 0xb080, - 0x1186: 0xb07f, 0x1187: 0xb07e, 0x118a: 0xb081, 0x118b: 0xb082, - 0x118c: 0xb083, 0x118d: 0xb07f, 0x118e: 0xb080, 0x118f: 0xb07f, - 0x1192: 0xb084, 0x1193: 0xb085, 0x1194: 0xb084, 0x1195: 0xb086, 0x1196: 0xb084, 0x1197: 0xb087, - 0x119a: 0xb088, 0x119b: 0xb089, 0x119c: 0xb08a, - 0x11a0: 0x908b, 0x11a1: 0x908b, 0x11a2: 0x908c, 0x11a3: 0x908d, - 0x11a4: 0x908b, 0x11a5: 0x908e, 0x11a6: 0x908f, 0x11a8: 0xb090, 0x11a9: 0xb091, - 0x11aa: 0xb092, 0x11ab: 0xb091, 0x11ac: 0xb093, 0x11ad: 0xb094, 0x11ae: 0xb095, - 0x11bd: 0x2000, - // Block 0x47, offset 0x11c0 - 0x11e0: 0x4000, 0x11e1: 0x4000, - // Block 0x48, offset 0x1200 - 0x1200: 0x4000, 0x1201: 0x4000, 0x1202: 0x4000, 0x1203: 0x4000, 0x1204: 0x4000, 0x1205: 0x4000, - 0x1206: 0x4000, 0x1207: 0x4000, 0x1208: 0x4000, 0x1209: 0x4000, 0x120a: 0x4000, 0x120b: 0x4000, - 0x120c: 0x4000, 0x120d: 0x4000, 0x120e: 0x4000, 0x120f: 0x4000, 0x1210: 0x4000, 0x1211: 0x4000, - 0x1212: 0x4000, 0x1213: 0x4000, 0x1214: 0x4000, 0x1215: 0x4000, 0x1216: 0x4000, 0x1217: 0x4000, - 0x1218: 0x4000, 0x1219: 0x4000, 0x121a: 0x4000, 0x121b: 0x4000, 0x121c: 0x4000, 0x121d: 0x4000, - 0x121e: 0x4000, 0x121f: 0x4000, 0x1220: 0x4000, 0x1221: 0x4000, 0x1222: 0x4000, 0x1223: 0x4000, - 0x1224: 0x4000, 0x1225: 0x4000, 0x1226: 0x4000, 0x1227: 0x4000, 0x1228: 0x4000, 0x1229: 0x4000, - 0x122a: 0x4000, 0x122b: 0x4000, 0x122c: 0x4000, - // Block 0x49, offset 0x1240 - 0x1240: 0x4000, 0x1241: 0x4000, 0x1242: 0x4000, 0x1243: 0x4000, 0x1244: 0x4000, 0x1245: 0x4000, - 0x1246: 0x4000, 0x1247: 0x4000, 0x1248: 0x4000, 0x1249: 0x4000, 0x124a: 0x4000, 0x124b: 0x4000, - 0x124c: 0x4000, 0x124d: 0x4000, 0x124e: 0x4000, 0x124f: 0x4000, 0x1250: 0x4000, 0x1251: 0x4000, - 0x1252: 0x4000, 0x1253: 0x4000, 0x1254: 0x4000, 0x1255: 0x4000, 0x1256: 0x4000, 0x1257: 0x4000, - 0x1258: 0x4000, 0x1259: 0x4000, 0x125a: 0x4000, 0x125b: 0x4000, 0x125c: 0x4000, 0x125d: 0x4000, - 0x125e: 0x4000, 0x125f: 0x4000, 0x1260: 0x4000, 0x1261: 0x4000, 0x1262: 0x4000, 0x1263: 0x4000, - 0x1264: 0x4000, 0x1265: 0x4000, 0x1266: 0x4000, 0x1267: 0x4000, 0x1268: 0x4000, 0x1269: 0x4000, - 0x126a: 0x4000, 0x126b: 0x4000, 0x126c: 0x4000, 0x126d: 0x4000, 0x126e: 0x4000, 0x126f: 0x4000, - 0x1270: 0x4000, 0x1271: 0x4000, 0x1272: 0x4000, - // Block 0x4a, offset 0x1280 - 0x1280: 0x4000, 0x1281: 0x4000, 0x1282: 0x4000, 0x1283: 0x4000, 0x1284: 0x4000, 0x1285: 0x4000, - 0x1286: 0x4000, 0x1287: 0x4000, 0x1288: 0x4000, 0x1289: 0x4000, 0x128a: 0x4000, 0x128b: 0x4000, - 0x128c: 0x4000, 0x128d: 0x4000, 0x128e: 0x4000, 0x128f: 0x4000, 0x1290: 0x4000, 0x1291: 0x4000, - 0x1292: 0x4000, 0x1293: 0x4000, 0x1294: 0x4000, 0x1295: 0x4000, 0x1296: 0x4000, 0x1297: 0x4000, - 0x1298: 0x4000, 0x1299: 0x4000, 0x129a: 0x4000, 0x129b: 0x4000, 0x129c: 0x4000, 0x129d: 0x4000, - 0x129e: 0x4000, - // Block 0x4b, offset 0x12c0 - 0x12f0: 0x4000, 0x12f1: 0x4000, 0x12f2: 0x4000, 0x12f3: 0x4000, 0x12f4: 0x4000, 0x12f5: 0x4000, - 0x12f6: 0x4000, 0x12f7: 0x4000, 0x12f8: 0x4000, 0x12f9: 0x4000, 0x12fa: 0x4000, 0x12fb: 0x4000, - 0x12fc: 0x4000, 0x12fd: 0x4000, 0x12fe: 0x4000, 0x12ff: 0x4000, - // Block 0x4c, offset 0x1300 - 0x1300: 0x4000, 0x1301: 0x4000, 0x1302: 0x4000, 0x1303: 0x4000, 0x1304: 0x4000, 0x1305: 0x4000, - 0x1306: 0x4000, 0x1307: 0x4000, 0x1308: 0x4000, 0x1309: 0x4000, 0x130a: 0x4000, 0x130b: 0x4000, - 0x130c: 0x4000, 0x130d: 0x4000, 0x130e: 0x4000, 0x130f: 0x4000, 0x1310: 0x4000, 0x1311: 0x4000, - 0x1312: 0x4000, 0x1313: 0x4000, 0x1314: 0x4000, 0x1315: 0x4000, 0x1316: 0x4000, 0x1317: 0x4000, - 0x1318: 0x4000, 0x1319: 0x4000, 0x131a: 0x4000, 0x131b: 0x4000, 0x131c: 0x4000, 0x131d: 0x4000, - 0x131e: 0x4000, 0x131f: 0x4000, 0x1320: 0x4000, 0x1321: 0x4000, 0x1322: 0x4000, 0x1323: 0x4000, - 0x1324: 0x4000, 0x1325: 0x4000, 0x1326: 0x4000, 0x1327: 0x4000, 0x1328: 0x4000, 0x1329: 0x4000, - 0x132a: 0x4000, 0x132b: 0x4000, 0x132c: 0x4000, 0x132d: 0x4000, 0x132e: 0x4000, 0x132f: 0x4000, - 0x1330: 0x4000, 0x1331: 0x4000, 0x1332: 0x4000, 0x1333: 0x4000, 0x1334: 0x4000, 0x1335: 0x4000, - 0x1336: 0x4000, 0x1337: 0x4000, 0x1338: 0x4000, 0x1339: 0x4000, 0x133a: 0x4000, 0x133b: 0x4000, - // Block 0x4d, offset 0x1340 - 0x1344: 0x4000, - // Block 0x4e, offset 0x1380 - 0x138f: 0x4000, - // Block 0x4f, offset 0x13c0 - 0x13c0: 0x2000, 0x13c1: 0x2000, 0x13c2: 0x2000, 0x13c3: 0x2000, 0x13c4: 0x2000, 0x13c5: 0x2000, - 0x13c6: 0x2000, 0x13c7: 0x2000, 0x13c8: 0x2000, 0x13c9: 0x2000, 0x13ca: 0x2000, - 0x13d0: 0x2000, 0x13d1: 0x2000, - 0x13d2: 0x2000, 0x13d3: 0x2000, 0x13d4: 0x2000, 0x13d5: 0x2000, 0x13d6: 0x2000, 0x13d7: 0x2000, - 0x13d8: 0x2000, 0x13d9: 0x2000, 0x13da: 0x2000, 0x13db: 0x2000, 0x13dc: 0x2000, 0x13dd: 0x2000, - 0x13de: 0x2000, 0x13df: 0x2000, 0x13e0: 0x2000, 0x13e1: 0x2000, 0x13e2: 0x2000, 0x13e3: 0x2000, - 0x13e4: 0x2000, 0x13e5: 0x2000, 0x13e6: 0x2000, 0x13e7: 0x2000, 0x13e8: 0x2000, 0x13e9: 0x2000, - 0x13ea: 0x2000, 0x13eb: 0x2000, 0x13ec: 0x2000, 0x13ed: 0x2000, - 0x13f0: 0x2000, 0x13f1: 0x2000, 0x13f2: 0x2000, 0x13f3: 0x2000, 0x13f4: 0x2000, 0x13f5: 0x2000, - 0x13f6: 0x2000, 0x13f7: 0x2000, 0x13f8: 0x2000, 0x13f9: 0x2000, 0x13fa: 0x2000, 0x13fb: 0x2000, - 0x13fc: 0x2000, 0x13fd: 0x2000, 0x13fe: 0x2000, 0x13ff: 0x2000, - // Block 0x50, offset 0x1400 - 0x1400: 0x2000, 0x1401: 0x2000, 0x1402: 0x2000, 0x1403: 0x2000, 0x1404: 0x2000, 0x1405: 0x2000, - 0x1406: 0x2000, 0x1407: 0x2000, 0x1408: 0x2000, 0x1409: 0x2000, 0x140a: 0x2000, 0x140b: 0x2000, - 0x140c: 0x2000, 0x140d: 0x2000, 0x140e: 0x2000, 0x140f: 0x2000, 0x1410: 0x2000, 0x1411: 0x2000, - 0x1412: 0x2000, 0x1413: 0x2000, 0x1414: 0x2000, 0x1415: 0x2000, 0x1416: 0x2000, 0x1417: 0x2000, - 0x1418: 0x2000, 0x1419: 0x2000, 0x141a: 0x2000, 0x141b: 0x2000, 0x141c: 0x2000, 0x141d: 0x2000, - 0x141e: 0x2000, 0x141f: 0x2000, 0x1420: 0x2000, 0x1421: 0x2000, 0x1422: 0x2000, 0x1423: 0x2000, - 0x1424: 0x2000, 0x1425: 0x2000, 0x1426: 0x2000, 0x1427: 0x2000, 0x1428: 0x2000, 0x1429: 0x2000, - 0x1430: 0x2000, 0x1431: 0x2000, 0x1432: 0x2000, 0x1433: 0x2000, 0x1434: 0x2000, 0x1435: 0x2000, - 0x1436: 0x2000, 0x1437: 0x2000, 0x1438: 0x2000, 0x1439: 0x2000, 0x143a: 0x2000, 0x143b: 0x2000, - 0x143c: 0x2000, 0x143d: 0x2000, 0x143e: 0x2000, 0x143f: 0x2000, - // Block 0x51, offset 0x1440 - 0x1440: 0x2000, 0x1441: 0x2000, 0x1442: 0x2000, 0x1443: 0x2000, 0x1444: 0x2000, 0x1445: 0x2000, - 0x1446: 0x2000, 0x1447: 0x2000, 0x1448: 0x2000, 0x1449: 0x2000, 0x144a: 0x2000, 0x144b: 0x2000, - 0x144c: 0x2000, 0x144d: 0x2000, 0x144e: 0x4000, 0x144f: 0x2000, 0x1450: 0x2000, 0x1451: 0x4000, - 0x1452: 0x4000, 0x1453: 0x4000, 0x1454: 0x4000, 0x1455: 0x4000, 0x1456: 0x4000, 0x1457: 0x4000, - 0x1458: 0x4000, 0x1459: 0x4000, 0x145a: 0x4000, 0x145b: 0x2000, 0x145c: 0x2000, 0x145d: 0x2000, - 0x145e: 0x2000, 0x145f: 0x2000, 0x1460: 0x2000, 0x1461: 0x2000, 0x1462: 0x2000, 0x1463: 0x2000, - 0x1464: 0x2000, 0x1465: 0x2000, 0x1466: 0x2000, 0x1467: 0x2000, 0x1468: 0x2000, 0x1469: 0x2000, - 0x146a: 0x2000, 0x146b: 0x2000, 0x146c: 0x2000, - // Block 0x52, offset 0x1480 - 0x1480: 0x4000, 0x1481: 0x4000, 0x1482: 0x4000, - 0x1490: 0x4000, 0x1491: 0x4000, - 0x1492: 0x4000, 0x1493: 0x4000, 0x1494: 0x4000, 0x1495: 0x4000, 0x1496: 0x4000, 0x1497: 0x4000, - 0x1498: 0x4000, 0x1499: 0x4000, 0x149a: 0x4000, 0x149b: 0x4000, 0x149c: 0x4000, 0x149d: 0x4000, - 0x149e: 0x4000, 0x149f: 0x4000, 0x14a0: 0x4000, 0x14a1: 0x4000, 0x14a2: 0x4000, 0x14a3: 0x4000, - 0x14a4: 0x4000, 0x14a5: 0x4000, 0x14a6: 0x4000, 0x14a7: 0x4000, 0x14a8: 0x4000, 0x14a9: 0x4000, - 0x14aa: 0x4000, 0x14ab: 0x4000, 0x14ac: 0x4000, 0x14ad: 0x4000, 0x14ae: 0x4000, 0x14af: 0x4000, - 0x14b0: 0x4000, 0x14b1: 0x4000, 0x14b2: 0x4000, 0x14b3: 0x4000, 0x14b4: 0x4000, 0x14b5: 0x4000, - 0x14b6: 0x4000, 0x14b7: 0x4000, 0x14b8: 0x4000, 0x14b9: 0x4000, 0x14ba: 0x4000, 0x14bb: 0x4000, - // Block 0x53, offset 0x14c0 - 0x14c0: 0x4000, 0x14c1: 0x4000, 0x14c2: 0x4000, 0x14c3: 0x4000, 0x14c4: 0x4000, 0x14c5: 0x4000, - 0x14c6: 0x4000, 0x14c7: 0x4000, 0x14c8: 0x4000, - 0x14d0: 0x4000, 0x14d1: 0x4000, - 0x14e0: 0x4000, 0x14e1: 0x4000, 0x14e2: 0x4000, 0x14e3: 0x4000, - 0x14e4: 0x4000, 0x14e5: 0x4000, - // Block 0x54, offset 0x1500 - 0x1500: 0x4000, 0x1501: 0x4000, 0x1502: 0x4000, 0x1503: 0x4000, 0x1504: 0x4000, 0x1505: 0x4000, - 0x1506: 0x4000, 0x1507: 0x4000, 0x1508: 0x4000, 0x1509: 0x4000, 0x150a: 0x4000, 0x150b: 0x4000, - 0x150c: 0x4000, 0x150d: 0x4000, 0x150e: 0x4000, 0x150f: 0x4000, 0x1510: 0x4000, 0x1511: 0x4000, - 0x1512: 0x4000, 0x1513: 0x4000, 0x1514: 0x4000, 0x1515: 0x4000, 0x1516: 0x4000, 0x1517: 0x4000, - 0x1518: 0x4000, 0x1519: 0x4000, 0x151a: 0x4000, 0x151b: 0x4000, 0x151c: 0x4000, 0x151d: 0x4000, - 0x151e: 0x4000, 0x151f: 0x4000, 0x1520: 0x4000, - 0x152d: 0x4000, 0x152e: 0x4000, 0x152f: 0x4000, - 0x1530: 0x4000, 0x1531: 0x4000, 0x1532: 0x4000, 0x1533: 0x4000, 0x1534: 0x4000, 0x1535: 0x4000, - 0x1537: 0x4000, 0x1538: 0x4000, 0x1539: 0x4000, 0x153a: 0x4000, 0x153b: 0x4000, - 0x153c: 0x4000, 0x153d: 0x4000, 0x153e: 0x4000, 0x153f: 0x4000, - // Block 0x55, offset 0x1540 - 0x1540: 0x4000, 0x1541: 0x4000, 0x1542: 0x4000, 0x1543: 0x4000, 0x1544: 0x4000, 0x1545: 0x4000, - 0x1546: 0x4000, 0x1547: 0x4000, 0x1548: 0x4000, 0x1549: 0x4000, 0x154a: 0x4000, 0x154b: 0x4000, - 0x154c: 0x4000, 0x154d: 0x4000, 0x154e: 0x4000, 0x154f: 0x4000, 0x1550: 0x4000, 0x1551: 0x4000, - 0x1552: 0x4000, 0x1553: 0x4000, 0x1554: 0x4000, 0x1555: 0x4000, 0x1556: 0x4000, 0x1557: 0x4000, - 0x1558: 0x4000, 0x1559: 0x4000, 0x155a: 0x4000, 0x155b: 0x4000, 0x155c: 0x4000, 0x155d: 0x4000, - 0x155e: 0x4000, 0x155f: 0x4000, 0x1560: 0x4000, 0x1561: 0x4000, 0x1562: 0x4000, 0x1563: 0x4000, - 0x1564: 0x4000, 0x1565: 0x4000, 0x1566: 0x4000, 0x1567: 0x4000, 0x1568: 0x4000, 0x1569: 0x4000, - 0x156a: 0x4000, 0x156b: 0x4000, 0x156c: 0x4000, 0x156d: 0x4000, 0x156e: 0x4000, 0x156f: 0x4000, - 0x1570: 0x4000, 0x1571: 0x4000, 0x1572: 0x4000, 0x1573: 0x4000, 0x1574: 0x4000, 0x1575: 0x4000, - 0x1576: 0x4000, 0x1577: 0x4000, 0x1578: 0x4000, 0x1579: 0x4000, 0x157a: 0x4000, 0x157b: 0x4000, - 0x157c: 0x4000, 0x157e: 0x4000, 0x157f: 0x4000, - // Block 0x56, offset 0x1580 - 0x1580: 0x4000, 0x1581: 0x4000, 0x1582: 0x4000, 0x1583: 0x4000, 0x1584: 0x4000, 0x1585: 0x4000, - 0x1586: 0x4000, 0x1587: 0x4000, 0x1588: 0x4000, 0x1589: 0x4000, 0x158a: 0x4000, 0x158b: 0x4000, - 0x158c: 0x4000, 0x158d: 0x4000, 0x158e: 0x4000, 0x158f: 0x4000, 0x1590: 0x4000, 0x1591: 0x4000, - 0x1592: 0x4000, 0x1593: 0x4000, - 0x15a0: 0x4000, 0x15a1: 0x4000, 0x15a2: 0x4000, 0x15a3: 0x4000, - 0x15a4: 0x4000, 0x15a5: 0x4000, 0x15a6: 0x4000, 0x15a7: 0x4000, 0x15a8: 0x4000, 0x15a9: 0x4000, - 0x15aa: 0x4000, 0x15ab: 0x4000, 0x15ac: 0x4000, 0x15ad: 0x4000, 0x15ae: 0x4000, 0x15af: 0x4000, - 0x15b0: 0x4000, 0x15b1: 0x4000, 0x15b2: 0x4000, 0x15b3: 0x4000, 0x15b4: 0x4000, 0x15b5: 0x4000, - 0x15b6: 0x4000, 0x15b7: 0x4000, 0x15b8: 0x4000, 0x15b9: 0x4000, 0x15ba: 0x4000, 0x15bb: 0x4000, - 0x15bc: 0x4000, 0x15bd: 0x4000, 0x15be: 0x4000, 0x15bf: 0x4000, - // Block 0x57, offset 0x15c0 - 0x15c0: 0x4000, 0x15c1: 0x4000, 0x15c2: 0x4000, 0x15c3: 0x4000, 0x15c4: 0x4000, 0x15c5: 0x4000, - 0x15c6: 0x4000, 0x15c7: 0x4000, 0x15c8: 0x4000, 0x15c9: 0x4000, 0x15ca: 0x4000, - 0x15cf: 0x4000, 0x15d0: 0x4000, 0x15d1: 0x4000, - 0x15d2: 0x4000, 0x15d3: 0x4000, - 0x15e0: 0x4000, 0x15e1: 0x4000, 0x15e2: 0x4000, 0x15e3: 0x4000, - 0x15e4: 0x4000, 0x15e5: 0x4000, 0x15e6: 0x4000, 0x15e7: 0x4000, 0x15e8: 0x4000, 0x15e9: 0x4000, - 0x15ea: 0x4000, 0x15eb: 0x4000, 0x15ec: 0x4000, 0x15ed: 0x4000, 0x15ee: 0x4000, 0x15ef: 0x4000, - 0x15f0: 0x4000, 0x15f4: 0x4000, - 0x15f8: 0x4000, 0x15f9: 0x4000, 0x15fa: 0x4000, 0x15fb: 0x4000, - 0x15fc: 0x4000, 0x15fd: 0x4000, 0x15fe: 0x4000, 0x15ff: 0x4000, - // Block 0x58, offset 0x1600 - 0x1600: 0x4000, 0x1602: 0x4000, 0x1603: 0x4000, 0x1604: 0x4000, 0x1605: 0x4000, - 0x1606: 0x4000, 0x1607: 0x4000, 0x1608: 0x4000, 0x1609: 0x4000, 0x160a: 0x4000, 0x160b: 0x4000, - 0x160c: 0x4000, 0x160d: 0x4000, 0x160e: 0x4000, 0x160f: 0x4000, 0x1610: 0x4000, 0x1611: 0x4000, - 0x1612: 0x4000, 0x1613: 0x4000, 0x1614: 0x4000, 0x1615: 0x4000, 0x1616: 0x4000, 0x1617: 0x4000, - 0x1618: 0x4000, 0x1619: 0x4000, 0x161a: 0x4000, 0x161b: 0x4000, 0x161c: 0x4000, 0x161d: 0x4000, - 0x161e: 0x4000, 0x161f: 0x4000, 0x1620: 0x4000, 0x1621: 0x4000, 0x1622: 0x4000, 0x1623: 0x4000, - 0x1624: 0x4000, 0x1625: 0x4000, 0x1626: 0x4000, 0x1627: 0x4000, 0x1628: 0x4000, 0x1629: 0x4000, - 0x162a: 0x4000, 0x162b: 0x4000, 0x162c: 0x4000, 0x162d: 0x4000, 0x162e: 0x4000, 0x162f: 0x4000, - 0x1630: 0x4000, 0x1631: 0x4000, 0x1632: 0x4000, 0x1633: 0x4000, 0x1634: 0x4000, 0x1635: 0x4000, - 0x1636: 0x4000, 0x1637: 0x4000, 0x1638: 0x4000, 0x1639: 0x4000, 0x163a: 0x4000, 0x163b: 0x4000, - 0x163c: 0x4000, 0x163d: 0x4000, 0x163e: 0x4000, 0x163f: 0x4000, - // Block 0x59, offset 0x1640 - 0x1640: 0x4000, 0x1641: 0x4000, 0x1642: 0x4000, 0x1643: 0x4000, 0x1644: 0x4000, 0x1645: 0x4000, - 0x1646: 0x4000, 0x1647: 0x4000, 0x1648: 0x4000, 0x1649: 0x4000, 0x164a: 0x4000, 0x164b: 0x4000, - 0x164c: 0x4000, 0x164d: 0x4000, 0x164e: 0x4000, 0x164f: 0x4000, 0x1650: 0x4000, 0x1651: 0x4000, - 0x1652: 0x4000, 0x1653: 0x4000, 0x1654: 0x4000, 0x1655: 0x4000, 0x1656: 0x4000, 0x1657: 0x4000, - 0x1658: 0x4000, 0x1659: 0x4000, 0x165a: 0x4000, 0x165b: 0x4000, 0x165c: 0x4000, 0x165d: 0x4000, - 0x165e: 0x4000, 0x165f: 0x4000, 0x1660: 0x4000, 0x1661: 0x4000, 0x1662: 0x4000, 0x1663: 0x4000, - 0x1664: 0x4000, 0x1665: 0x4000, 0x1666: 0x4000, 0x1667: 0x4000, 0x1668: 0x4000, 0x1669: 0x4000, - 0x166a: 0x4000, 0x166b: 0x4000, 0x166c: 0x4000, 0x166d: 0x4000, 0x166e: 0x4000, 0x166f: 0x4000, - 0x1670: 0x4000, 0x1671: 0x4000, 0x1672: 0x4000, 0x1673: 0x4000, 0x1674: 0x4000, 0x1675: 0x4000, - 0x1676: 0x4000, 0x1677: 0x4000, 0x1678: 0x4000, 0x1679: 0x4000, 0x167a: 0x4000, 0x167b: 0x4000, - 0x167c: 0x4000, 0x167f: 0x4000, - // Block 0x5a, offset 0x1680 - 0x1680: 0x4000, 0x1681: 0x4000, 0x1682: 0x4000, 0x1683: 0x4000, 0x1684: 0x4000, 0x1685: 0x4000, - 0x1686: 0x4000, 0x1687: 0x4000, 0x1688: 0x4000, 0x1689: 0x4000, 0x168a: 0x4000, 0x168b: 0x4000, - 0x168c: 0x4000, 0x168d: 0x4000, 0x168e: 0x4000, 0x168f: 0x4000, 0x1690: 0x4000, 0x1691: 0x4000, - 0x1692: 0x4000, 0x1693: 0x4000, 0x1694: 0x4000, 0x1695: 0x4000, 0x1696: 0x4000, 0x1697: 0x4000, - 0x1698: 0x4000, 0x1699: 0x4000, 0x169a: 0x4000, 0x169b: 0x4000, 0x169c: 0x4000, 0x169d: 0x4000, - 0x169e: 0x4000, 0x169f: 0x4000, 0x16a0: 0x4000, 0x16a1: 0x4000, 0x16a2: 0x4000, 0x16a3: 0x4000, - 0x16a4: 0x4000, 0x16a5: 0x4000, 0x16a6: 0x4000, 0x16a7: 0x4000, 0x16a8: 0x4000, 0x16a9: 0x4000, - 0x16aa: 0x4000, 0x16ab: 0x4000, 0x16ac: 0x4000, 0x16ad: 0x4000, 0x16ae: 0x4000, 0x16af: 0x4000, - 0x16b0: 0x4000, 0x16b1: 0x4000, 0x16b2: 0x4000, 0x16b3: 0x4000, 0x16b4: 0x4000, 0x16b5: 0x4000, - 0x16b6: 0x4000, 0x16b7: 0x4000, 0x16b8: 0x4000, 0x16b9: 0x4000, 0x16ba: 0x4000, 0x16bb: 0x4000, - 0x16bc: 0x4000, 0x16bd: 0x4000, - // Block 0x5b, offset 0x16c0 - 0x16cb: 0x4000, - 0x16cc: 0x4000, 0x16cd: 0x4000, 0x16ce: 0x4000, 0x16d0: 0x4000, 0x16d1: 0x4000, - 0x16d2: 0x4000, 0x16d3: 0x4000, 0x16d4: 0x4000, 0x16d5: 0x4000, 0x16d6: 0x4000, 0x16d7: 0x4000, - 0x16d8: 0x4000, 0x16d9: 0x4000, 0x16da: 0x4000, 0x16db: 0x4000, 0x16dc: 0x4000, 0x16dd: 0x4000, - 0x16de: 0x4000, 0x16df: 0x4000, 0x16e0: 0x4000, 0x16e1: 0x4000, 0x16e2: 0x4000, 0x16e3: 0x4000, - 0x16e4: 0x4000, 0x16e5: 0x4000, 0x16e6: 0x4000, 0x16e7: 0x4000, - 0x16fa: 0x4000, - // Block 0x5c, offset 0x1700 - 0x1715: 0x4000, 0x1716: 0x4000, - 0x1724: 0x4000, - // Block 0x5d, offset 0x1740 - 0x177b: 0x4000, - 0x177c: 0x4000, 0x177d: 0x4000, 0x177e: 0x4000, 0x177f: 0x4000, - // Block 0x5e, offset 0x1780 - 0x1780: 0x4000, 0x1781: 0x4000, 0x1782: 0x4000, 0x1783: 0x4000, 0x1784: 0x4000, 0x1785: 0x4000, - 0x1786: 0x4000, 0x1787: 0x4000, 0x1788: 0x4000, 0x1789: 0x4000, 0x178a: 0x4000, 0x178b: 0x4000, - 0x178c: 0x4000, 0x178d: 0x4000, 0x178e: 0x4000, 0x178f: 0x4000, - // Block 0x5f, offset 0x17c0 - 0x17c0: 0x4000, 0x17c1: 0x4000, 0x17c2: 0x4000, 0x17c3: 0x4000, 0x17c4: 0x4000, 0x17c5: 0x4000, - 0x17cc: 0x4000, 0x17d0: 0x4000, 0x17d1: 0x4000, - 0x17d2: 0x4000, - 0x17eb: 0x4000, 0x17ec: 0x4000, - 0x17f4: 0x4000, 0x17f5: 0x4000, - 0x17f6: 0x4000, 0x17f7: 0x4000, 0x17f8: 0x4000, - // Block 0x60, offset 0x1800 - 0x1810: 0x4000, 0x1811: 0x4000, - 0x1812: 0x4000, 0x1813: 0x4000, 0x1814: 0x4000, 0x1815: 0x4000, 0x1816: 0x4000, 0x1817: 0x4000, - 0x1818: 0x4000, 0x1819: 0x4000, 0x181a: 0x4000, 0x181b: 0x4000, 0x181c: 0x4000, 0x181d: 0x4000, - 0x181e: 0x4000, 0x181f: 0x4000, 0x1820: 0x4000, 0x1821: 0x4000, 0x1822: 0x4000, 0x1823: 0x4000, - 0x1824: 0x4000, 0x1825: 0x4000, 0x1826: 0x4000, 0x1827: 0x4000, 0x1828: 0x4000, 0x1829: 0x4000, - 0x182a: 0x4000, 0x182b: 0x4000, 0x182c: 0x4000, 0x182d: 0x4000, 0x182e: 0x4000, 0x182f: 0x4000, - 0x1830: 0x4000, 0x1831: 0x4000, 0x1832: 0x4000, 0x1833: 0x4000, 0x1834: 0x4000, 0x1835: 0x4000, - 0x1836: 0x4000, 0x1837: 0x4000, 0x1838: 0x4000, 0x1839: 0x4000, 0x183a: 0x4000, 0x183b: 0x4000, - 0x183c: 0x4000, 0x183d: 0x4000, 0x183e: 0x4000, - // Block 0x61, offset 0x1840 - 0x1840: 0x4000, 0x1841: 0x4000, 0x1842: 0x4000, 0x1843: 0x4000, 0x1844: 0x4000, 0x1845: 0x4000, - 0x1846: 0x4000, 0x1847: 0x4000, 0x1848: 0x4000, 0x1849: 0x4000, 0x184a: 0x4000, 0x184b: 0x4000, - 0x184c: 0x4000, 0x1850: 0x4000, 0x1851: 0x4000, - 0x1852: 0x4000, 0x1853: 0x4000, 0x1854: 0x4000, 0x1855: 0x4000, 0x1856: 0x4000, 0x1857: 0x4000, - 0x1858: 0x4000, 0x1859: 0x4000, 0x185a: 0x4000, 0x185b: 0x4000, 0x185c: 0x4000, 0x185d: 0x4000, - 0x185e: 0x4000, 0x185f: 0x4000, 0x1860: 0x4000, 0x1861: 0x4000, 0x1862: 0x4000, 0x1863: 0x4000, - 0x1864: 0x4000, 0x1865: 0x4000, 0x1866: 0x4000, 0x1867: 0x4000, 0x1868: 0x4000, 0x1869: 0x4000, - 0x186a: 0x4000, 0x186b: 0x4000, - // Block 0x62, offset 0x1880 - 0x1880: 0x4000, 0x1881: 0x4000, 0x1882: 0x4000, 0x1883: 0x4000, 0x1884: 0x4000, 0x1885: 0x4000, - 0x1886: 0x4000, 0x1887: 0x4000, 0x1888: 0x4000, 0x1889: 0x4000, 0x188a: 0x4000, 0x188b: 0x4000, - 0x188c: 0x4000, 0x188d: 0x4000, 0x188e: 0x4000, 0x188f: 0x4000, 0x1890: 0x4000, 0x1891: 0x4000, - 0x1892: 0x4000, 0x1893: 0x4000, 0x1894: 0x4000, 0x1895: 0x4000, 0x1896: 0x4000, 0x1897: 0x4000, - // Block 0x63, offset 0x18c0 - 0x18c0: 0x4000, - 0x18d0: 0x4000, 0x18d1: 0x4000, - 0x18d2: 0x4000, 0x18d3: 0x4000, 0x18d4: 0x4000, 0x18d5: 0x4000, 0x18d6: 0x4000, 0x18d7: 0x4000, - 0x18d8: 0x4000, 0x18d9: 0x4000, 0x18da: 0x4000, 0x18db: 0x4000, 0x18dc: 0x4000, 0x18dd: 0x4000, - 0x18de: 0x4000, 0x18df: 0x4000, 0x18e0: 0x4000, 0x18e1: 0x4000, 0x18e2: 0x4000, 0x18e3: 0x4000, - 0x18e4: 0x4000, 0x18e5: 0x4000, 0x18e6: 0x4000, - // Block 0x64, offset 0x1900 - 0x1900: 0x2000, 0x1901: 0x2000, 0x1902: 0x2000, 0x1903: 0x2000, 0x1904: 0x2000, 0x1905: 0x2000, - 0x1906: 0x2000, 0x1907: 0x2000, 0x1908: 0x2000, 0x1909: 0x2000, 0x190a: 0x2000, 0x190b: 0x2000, - 0x190c: 0x2000, 0x190d: 0x2000, 0x190e: 0x2000, 0x190f: 0x2000, 0x1910: 0x2000, 0x1911: 0x2000, - 0x1912: 0x2000, 0x1913: 0x2000, 0x1914: 0x2000, 0x1915: 0x2000, 0x1916: 0x2000, 0x1917: 0x2000, - 0x1918: 0x2000, 0x1919: 0x2000, 0x191a: 0x2000, 0x191b: 0x2000, 0x191c: 0x2000, 0x191d: 0x2000, - 0x191e: 0x2000, 0x191f: 0x2000, 0x1920: 0x2000, 0x1921: 0x2000, 0x1922: 0x2000, 0x1923: 0x2000, - 0x1924: 0x2000, 0x1925: 0x2000, 0x1926: 0x2000, 0x1927: 0x2000, 0x1928: 0x2000, 0x1929: 0x2000, - 0x192a: 0x2000, 0x192b: 0x2000, 0x192c: 0x2000, 0x192d: 0x2000, 0x192e: 0x2000, 0x192f: 0x2000, - 0x1930: 0x2000, 0x1931: 0x2000, 0x1932: 0x2000, 0x1933: 0x2000, 0x1934: 0x2000, 0x1935: 0x2000, - 0x1936: 0x2000, 0x1937: 0x2000, 0x1938: 0x2000, 0x1939: 0x2000, 0x193a: 0x2000, 0x193b: 0x2000, - 0x193c: 0x2000, 0x193d: 0x2000, -} - -// widthIndex: 22 blocks, 1408 entries, 1408 bytes -// Block 0 is the zero block. -var widthIndex = [1408]uint8{ - // Block 0x0, offset 0x0 - // Block 0x1, offset 0x40 - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xc2: 0x01, 0xc3: 0x02, 0xc4: 0x03, 0xc5: 0x04, 0xc7: 0x05, - 0xc9: 0x06, 0xcb: 0x07, 0xcc: 0x08, 0xcd: 0x09, 0xce: 0x0a, 0xcf: 0x0b, - 0xd0: 0x0c, 0xd1: 0x0d, - 0xe1: 0x02, 0xe2: 0x03, 0xe3: 0x04, 0xe4: 0x05, 0xe5: 0x06, 0xe6: 0x06, 0xe7: 0x06, - 0xe8: 0x06, 0xe9: 0x06, 0xea: 0x07, 0xeb: 0x06, 0xec: 0x06, 0xed: 0x08, 0xee: 0x09, 0xef: 0x0a, - 0xf0: 0x0f, 0xf3: 0x12, 0xf4: 0x13, - // Block 0x4, offset 0x100 - 0x104: 0x0e, 0x105: 0x0f, - // Block 0x5, offset 0x140 - 0x140: 0x10, 0x141: 0x11, 0x142: 0x12, 0x144: 0x13, 0x145: 0x14, 0x146: 0x15, 0x147: 0x16, - 0x148: 0x17, 0x149: 0x18, 0x14a: 0x19, 0x14c: 0x1a, 0x14f: 0x1b, - 0x151: 0x1c, 0x152: 0x08, 0x153: 0x1d, 0x154: 0x1e, 0x155: 0x1f, 0x156: 0x20, 0x157: 0x21, - 0x158: 0x22, 0x159: 0x23, 0x15a: 0x24, 0x15b: 0x25, 0x15c: 0x26, 0x15d: 0x27, 0x15e: 0x28, 0x15f: 0x29, - 0x166: 0x2a, - 0x16c: 0x2b, 0x16d: 0x2c, - 0x17a: 0x2d, 0x17b: 0x2e, 0x17c: 0x0e, 0x17d: 0x0e, 0x17e: 0x0e, 0x17f: 0x2f, - // Block 0x6, offset 0x180 - 0x180: 0x30, 0x181: 0x31, 0x182: 0x32, 0x183: 0x33, 0x184: 0x34, 0x185: 0x35, 0x186: 0x36, 0x187: 0x37, - 0x188: 0x38, 0x189: 0x39, 0x18a: 0x0e, 0x18b: 0x3a, 0x18c: 0x0e, 0x18d: 0x0e, 0x18e: 0x0e, 0x18f: 0x0e, - 0x190: 0x0e, 0x191: 0x0e, 0x192: 0x0e, 0x193: 0x0e, 0x194: 0x0e, 0x195: 0x0e, 0x196: 0x0e, 0x197: 0x0e, - 0x198: 0x0e, 0x199: 0x0e, 0x19a: 0x0e, 0x19b: 0x0e, 0x19c: 0x0e, 0x19d: 0x0e, 0x19e: 0x0e, 0x19f: 0x0e, - 0x1a0: 0x0e, 0x1a1: 0x0e, 0x1a2: 0x0e, 0x1a3: 0x0e, 0x1a4: 0x0e, 0x1a5: 0x0e, 0x1a6: 0x0e, 0x1a7: 0x0e, - 0x1a8: 0x0e, 0x1a9: 0x0e, 0x1aa: 0x0e, 0x1ab: 0x0e, 0x1ac: 0x0e, 0x1ad: 0x0e, 0x1ae: 0x0e, 0x1af: 0x0e, - 0x1b0: 0x0e, 0x1b1: 0x0e, 0x1b2: 0x0e, 0x1b3: 0x0e, 0x1b4: 0x0e, 0x1b5: 0x0e, 0x1b6: 0x0e, 0x1b7: 0x0e, - 0x1b8: 0x0e, 0x1b9: 0x0e, 0x1ba: 0x0e, 0x1bb: 0x0e, 0x1bc: 0x0e, 0x1bd: 0x0e, 0x1be: 0x0e, 0x1bf: 0x0e, - // Block 0x7, offset 0x1c0 - 0x1c0: 0x0e, 0x1c1: 0x0e, 0x1c2: 0x0e, 0x1c3: 0x0e, 0x1c4: 0x0e, 0x1c5: 0x0e, 0x1c6: 0x0e, 0x1c7: 0x0e, - 0x1c8: 0x0e, 0x1c9: 0x0e, 0x1ca: 0x0e, 0x1cb: 0x0e, 0x1cc: 0x0e, 0x1cd: 0x0e, 0x1ce: 0x0e, 0x1cf: 0x0e, - 0x1d0: 0x0e, 0x1d1: 0x0e, 0x1d2: 0x0e, 0x1d3: 0x0e, 0x1d4: 0x0e, 0x1d5: 0x0e, 0x1d6: 0x0e, 0x1d7: 0x0e, - 0x1d8: 0x0e, 0x1d9: 0x0e, 0x1da: 0x0e, 0x1db: 0x0e, 0x1dc: 0x0e, 0x1dd: 0x0e, 0x1de: 0x0e, 0x1df: 0x0e, - 0x1e0: 0x0e, 0x1e1: 0x0e, 0x1e2: 0x0e, 0x1e3: 0x0e, 0x1e4: 0x0e, 0x1e5: 0x0e, 0x1e6: 0x0e, 0x1e7: 0x0e, - 0x1e8: 0x0e, 0x1e9: 0x0e, 0x1ea: 0x0e, 0x1eb: 0x0e, 0x1ec: 0x0e, 0x1ed: 0x0e, 0x1ee: 0x0e, 0x1ef: 0x0e, - 0x1f0: 0x0e, 0x1f1: 0x0e, 0x1f2: 0x0e, 0x1f3: 0x0e, 0x1f4: 0x0e, 0x1f5: 0x0e, 0x1f6: 0x0e, - 0x1f8: 0x0e, 0x1f9: 0x0e, 0x1fa: 0x0e, 0x1fb: 0x0e, 0x1fc: 0x0e, 0x1fd: 0x0e, 0x1fe: 0x0e, 0x1ff: 0x0e, - // Block 0x8, offset 0x200 - 0x200: 0x0e, 0x201: 0x0e, 0x202: 0x0e, 0x203: 0x0e, 0x204: 0x0e, 0x205: 0x0e, 0x206: 0x0e, 0x207: 0x0e, - 0x208: 0x0e, 0x209: 0x0e, 0x20a: 0x0e, 0x20b: 0x0e, 0x20c: 0x0e, 0x20d: 0x0e, 0x20e: 0x0e, 0x20f: 0x0e, - 0x210: 0x0e, 0x211: 0x0e, 0x212: 0x0e, 0x213: 0x0e, 0x214: 0x0e, 0x215: 0x0e, 0x216: 0x0e, 0x217: 0x0e, - 0x218: 0x0e, 0x219: 0x0e, 0x21a: 0x0e, 0x21b: 0x0e, 0x21c: 0x0e, 0x21d: 0x0e, 0x21e: 0x0e, 0x21f: 0x0e, - 0x220: 0x0e, 0x221: 0x0e, 0x222: 0x0e, 0x223: 0x0e, 0x224: 0x0e, 0x225: 0x0e, 0x226: 0x0e, 0x227: 0x0e, - 0x228: 0x0e, 0x229: 0x0e, 0x22a: 0x0e, 0x22b: 0x0e, 0x22c: 0x0e, 0x22d: 0x0e, 0x22e: 0x0e, 0x22f: 0x0e, - 0x230: 0x0e, 0x231: 0x0e, 0x232: 0x0e, 0x233: 0x0e, 0x234: 0x0e, 0x235: 0x0e, 0x236: 0x0e, 0x237: 0x0e, - 0x238: 0x0e, 0x239: 0x0e, 0x23a: 0x0e, 0x23b: 0x0e, 0x23c: 0x0e, 0x23d: 0x0e, 0x23e: 0x0e, 0x23f: 0x0e, - // Block 0x9, offset 0x240 - 0x240: 0x0e, 0x241: 0x0e, 0x242: 0x0e, 0x243: 0x0e, 0x244: 0x0e, 0x245: 0x0e, 0x246: 0x0e, 0x247: 0x0e, - 0x248: 0x0e, 0x249: 0x0e, 0x24a: 0x0e, 0x24b: 0x0e, 0x24c: 0x0e, 0x24d: 0x0e, 0x24e: 0x0e, 0x24f: 0x0e, - 0x250: 0x0e, 0x251: 0x0e, 0x252: 0x3b, 0x253: 0x3c, - 0x265: 0x3d, - 0x270: 0x0e, 0x271: 0x0e, 0x272: 0x0e, 0x273: 0x0e, 0x274: 0x0e, 0x275: 0x0e, 0x276: 0x0e, 0x277: 0x0e, - 0x278: 0x0e, 0x279: 0x0e, 0x27a: 0x0e, 0x27b: 0x0e, 0x27c: 0x0e, 0x27d: 0x0e, 0x27e: 0x0e, 0x27f: 0x0e, - // Block 0xa, offset 0x280 - 0x280: 0x0e, 0x281: 0x0e, 0x282: 0x0e, 0x283: 0x0e, 0x284: 0x0e, 0x285: 0x0e, 0x286: 0x0e, 0x287: 0x0e, - 0x288: 0x0e, 0x289: 0x0e, 0x28a: 0x0e, 0x28b: 0x0e, 0x28c: 0x0e, 0x28d: 0x0e, 0x28e: 0x0e, 0x28f: 0x0e, - 0x290: 0x0e, 0x291: 0x0e, 0x292: 0x0e, 0x293: 0x0e, 0x294: 0x0e, 0x295: 0x0e, 0x296: 0x0e, 0x297: 0x0e, - 0x298: 0x0e, 0x299: 0x0e, 0x29a: 0x0e, 0x29b: 0x0e, 0x29c: 0x0e, 0x29d: 0x0e, 0x29e: 0x3e, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x08, 0x2c1: 0x08, 0x2c2: 0x08, 0x2c3: 0x08, 0x2c4: 0x08, 0x2c5: 0x08, 0x2c6: 0x08, 0x2c7: 0x08, - 0x2c8: 0x08, 0x2c9: 0x08, 0x2ca: 0x08, 0x2cb: 0x08, 0x2cc: 0x08, 0x2cd: 0x08, 0x2ce: 0x08, 0x2cf: 0x08, - 0x2d0: 0x08, 0x2d1: 0x08, 0x2d2: 0x08, 0x2d3: 0x08, 0x2d4: 0x08, 0x2d5: 0x08, 0x2d6: 0x08, 0x2d7: 0x08, - 0x2d8: 0x08, 0x2d9: 0x08, 0x2da: 0x08, 0x2db: 0x08, 0x2dc: 0x08, 0x2dd: 0x08, 0x2de: 0x08, 0x2df: 0x08, - 0x2e0: 0x08, 0x2e1: 0x08, 0x2e2: 0x08, 0x2e3: 0x08, 0x2e4: 0x08, 0x2e5: 0x08, 0x2e6: 0x08, 0x2e7: 0x08, - 0x2e8: 0x08, 0x2e9: 0x08, 0x2ea: 0x08, 0x2eb: 0x08, 0x2ec: 0x08, 0x2ed: 0x08, 0x2ee: 0x08, 0x2ef: 0x08, - 0x2f0: 0x08, 0x2f1: 0x08, 0x2f2: 0x08, 0x2f3: 0x08, 0x2f4: 0x08, 0x2f5: 0x08, 0x2f6: 0x08, 0x2f7: 0x08, - 0x2f8: 0x08, 0x2f9: 0x08, 0x2fa: 0x08, 0x2fb: 0x08, 0x2fc: 0x08, 0x2fd: 0x08, 0x2fe: 0x08, 0x2ff: 0x08, - // Block 0xc, offset 0x300 - 0x300: 0x08, 0x301: 0x08, 0x302: 0x08, 0x303: 0x08, 0x304: 0x08, 0x305: 0x08, 0x306: 0x08, 0x307: 0x08, - 0x308: 0x08, 0x309: 0x08, 0x30a: 0x08, 0x30b: 0x08, 0x30c: 0x08, 0x30d: 0x08, 0x30e: 0x08, 0x30f: 0x08, - 0x310: 0x08, 0x311: 0x08, 0x312: 0x08, 0x313: 0x08, 0x314: 0x08, 0x315: 0x08, 0x316: 0x08, 0x317: 0x08, - 0x318: 0x08, 0x319: 0x08, 0x31a: 0x08, 0x31b: 0x08, 0x31c: 0x08, 0x31d: 0x08, 0x31e: 0x08, 0x31f: 0x08, - 0x320: 0x08, 0x321: 0x08, 0x322: 0x08, 0x323: 0x08, 0x324: 0x0e, 0x325: 0x0e, 0x326: 0x0e, 0x327: 0x0e, - 0x328: 0x0e, 0x329: 0x0e, 0x32a: 0x0e, 0x32b: 0x0e, - 0x338: 0x3f, 0x339: 0x40, 0x33c: 0x41, 0x33d: 0x42, 0x33e: 0x43, 0x33f: 0x44, - // Block 0xd, offset 0x340 - 0x37f: 0x45, - // Block 0xe, offset 0x380 - 0x380: 0x0e, 0x381: 0x0e, 0x382: 0x0e, 0x383: 0x0e, 0x384: 0x0e, 0x385: 0x0e, 0x386: 0x0e, 0x387: 0x0e, - 0x388: 0x0e, 0x389: 0x0e, 0x38a: 0x0e, 0x38b: 0x0e, 0x38c: 0x0e, 0x38d: 0x0e, 0x38e: 0x0e, 0x38f: 0x0e, - 0x390: 0x0e, 0x391: 0x0e, 0x392: 0x0e, 0x393: 0x0e, 0x394: 0x0e, 0x395: 0x0e, 0x396: 0x0e, 0x397: 0x0e, - 0x398: 0x0e, 0x399: 0x0e, 0x39a: 0x0e, 0x39b: 0x0e, 0x39c: 0x0e, 0x39d: 0x0e, 0x39e: 0x0e, 0x39f: 0x46, - 0x3a0: 0x0e, 0x3a1: 0x0e, 0x3a2: 0x0e, 0x3a3: 0x0e, 0x3a4: 0x0e, 0x3a5: 0x0e, 0x3a6: 0x0e, 0x3a7: 0x0e, - 0x3a8: 0x0e, 0x3a9: 0x0e, 0x3aa: 0x0e, 0x3ab: 0x47, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x0e, 0x3c1: 0x0e, 0x3c2: 0x0e, 0x3c3: 0x0e, 0x3c4: 0x48, 0x3c5: 0x49, 0x3c6: 0x0e, 0x3c7: 0x0e, - 0x3c8: 0x0e, 0x3c9: 0x0e, 0x3ca: 0x0e, 0x3cb: 0x4a, - // Block 0x10, offset 0x400 - 0x400: 0x4b, 0x403: 0x4c, 0x404: 0x4d, 0x405: 0x4e, 0x406: 0x4f, - 0x408: 0x50, 0x409: 0x51, 0x40c: 0x52, 0x40d: 0x53, 0x40e: 0x54, 0x40f: 0x55, - 0x410: 0x3a, 0x411: 0x56, 0x412: 0x0e, 0x413: 0x57, 0x414: 0x58, 0x415: 0x59, 0x416: 0x5a, 0x417: 0x5b, - 0x418: 0x0e, 0x419: 0x5c, 0x41a: 0x0e, 0x41b: 0x5d, - 0x424: 0x5e, 0x425: 0x5f, 0x426: 0x60, 0x427: 0x61, - // Block 0x11, offset 0x440 - 0x456: 0x0b, 0x457: 0x06, - 0x458: 0x0c, 0x45b: 0x0d, 0x45f: 0x0e, - 0x460: 0x06, 0x461: 0x06, 0x462: 0x06, 0x463: 0x06, 0x464: 0x06, 0x465: 0x06, 0x466: 0x06, 0x467: 0x06, - 0x468: 0x06, 0x469: 0x06, 0x46a: 0x06, 0x46b: 0x06, 0x46c: 0x06, 0x46d: 0x06, 0x46e: 0x06, 0x46f: 0x06, - 0x470: 0x06, 0x471: 0x06, 0x472: 0x06, 0x473: 0x06, 0x474: 0x06, 0x475: 0x06, 0x476: 0x06, 0x477: 0x06, - 0x478: 0x06, 0x479: 0x06, 0x47a: 0x06, 0x47b: 0x06, 0x47c: 0x06, 0x47d: 0x06, 0x47e: 0x06, 0x47f: 0x06, - // Block 0x12, offset 0x480 - 0x484: 0x08, 0x485: 0x08, 0x486: 0x08, 0x487: 0x09, - // Block 0x13, offset 0x4c0 - 0x4c0: 0x08, 0x4c1: 0x08, 0x4c2: 0x08, 0x4c3: 0x08, 0x4c4: 0x08, 0x4c5: 0x08, 0x4c6: 0x08, 0x4c7: 0x08, - 0x4c8: 0x08, 0x4c9: 0x08, 0x4ca: 0x08, 0x4cb: 0x08, 0x4cc: 0x08, 0x4cd: 0x08, 0x4ce: 0x08, 0x4cf: 0x08, - 0x4d0: 0x08, 0x4d1: 0x08, 0x4d2: 0x08, 0x4d3: 0x08, 0x4d4: 0x08, 0x4d5: 0x08, 0x4d6: 0x08, 0x4d7: 0x08, - 0x4d8: 0x08, 0x4d9: 0x08, 0x4da: 0x08, 0x4db: 0x08, 0x4dc: 0x08, 0x4dd: 0x08, 0x4de: 0x08, 0x4df: 0x08, - 0x4e0: 0x08, 0x4e1: 0x08, 0x4e2: 0x08, 0x4e3: 0x08, 0x4e4: 0x08, 0x4e5: 0x08, 0x4e6: 0x08, 0x4e7: 0x08, - 0x4e8: 0x08, 0x4e9: 0x08, 0x4ea: 0x08, 0x4eb: 0x08, 0x4ec: 0x08, 0x4ed: 0x08, 0x4ee: 0x08, 0x4ef: 0x08, - 0x4f0: 0x08, 0x4f1: 0x08, 0x4f2: 0x08, 0x4f3: 0x08, 0x4f4: 0x08, 0x4f5: 0x08, 0x4f6: 0x08, 0x4f7: 0x08, - 0x4f8: 0x08, 0x4f9: 0x08, 0x4fa: 0x08, 0x4fb: 0x08, 0x4fc: 0x08, 0x4fd: 0x08, 0x4fe: 0x08, 0x4ff: 0x62, - // Block 0x14, offset 0x500 - 0x520: 0x10, - 0x530: 0x09, 0x531: 0x09, 0x532: 0x09, 0x533: 0x09, 0x534: 0x09, 0x535: 0x09, 0x536: 0x09, 0x537: 0x09, - 0x538: 0x09, 0x539: 0x09, 0x53a: 0x09, 0x53b: 0x09, 0x53c: 0x09, 0x53d: 0x09, 0x53e: 0x09, 0x53f: 0x11, - // Block 0x15, offset 0x540 - 0x540: 0x09, 0x541: 0x09, 0x542: 0x09, 0x543: 0x09, 0x544: 0x09, 0x545: 0x09, 0x546: 0x09, 0x547: 0x09, - 0x548: 0x09, 0x549: 0x09, 0x54a: 0x09, 0x54b: 0x09, 0x54c: 0x09, 0x54d: 0x09, 0x54e: 0x09, 0x54f: 0x11, -} - -// inverseData contains 4-byte entries of the following format: -// -// <length> <modified UTF-8-encoded rune> <0 padding> -// -// The last byte of the UTF-8-encoded rune is xor-ed with the last byte of the -// UTF-8 encoding of the original rune. Mappings often have the following -// pattern: -// -// A -> A (U+FF21 -> U+0041) -// ï¼¢ -> B (U+FF22 -> U+0042) -// ... -// -// By xor-ing the last byte the same entry can be shared by many mappings. This -// reduces the total number of distinct entries by about two thirds. -// The resulting entry for the aforementioned mappings is -// -// { 0x01, 0xE0, 0x00, 0x00 } -// -// Using this entry to map U+FF21 (UTF-8 [EF BC A1]), we get -// -// E0 ^ A1 = 41. -// -// Similarly, for U+FF22 (UTF-8 [EF BC A2]), we get -// -// E0 ^ A2 = 42. -// -// Note that because of the xor-ing, the byte sequence stored in the entry is -// not valid UTF-8. -var inverseData = [150][4]byte{ - {0x00, 0x00, 0x00, 0x00}, - {0x03, 0xe3, 0x80, 0xa0}, - {0x03, 0xef, 0xbc, 0xa0}, - {0x03, 0xef, 0xbc, 0xe0}, - {0x03, 0xef, 0xbd, 0xe0}, - {0x03, 0xef, 0xbf, 0x02}, - {0x03, 0xef, 0xbf, 0x00}, - {0x03, 0xef, 0xbf, 0x0e}, - {0x03, 0xef, 0xbf, 0x0c}, - {0x03, 0xef, 0xbf, 0x0f}, - {0x03, 0xef, 0xbf, 0x39}, - {0x03, 0xef, 0xbf, 0x3b}, - {0x03, 0xef, 0xbf, 0x3f}, - {0x03, 0xef, 0xbf, 0x2a}, - {0x03, 0xef, 0xbf, 0x0d}, - {0x03, 0xef, 0xbf, 0x25}, - {0x03, 0xef, 0xbd, 0x1a}, - {0x03, 0xef, 0xbd, 0x26}, - {0x01, 0xa0, 0x00, 0x00}, - {0x03, 0xef, 0xbd, 0x25}, - {0x03, 0xef, 0xbd, 0x23}, - {0x03, 0xef, 0xbd, 0x2e}, - {0x03, 0xef, 0xbe, 0x07}, - {0x03, 0xef, 0xbe, 0x05}, - {0x03, 0xef, 0xbd, 0x06}, - {0x03, 0xef, 0xbd, 0x13}, - {0x03, 0xef, 0xbd, 0x0b}, - {0x03, 0xef, 0xbd, 0x16}, - {0x03, 0xef, 0xbd, 0x0c}, - {0x03, 0xef, 0xbd, 0x15}, - {0x03, 0xef, 0xbd, 0x0d}, - {0x03, 0xef, 0xbd, 0x1c}, - {0x03, 0xef, 0xbd, 0x02}, - {0x03, 0xef, 0xbd, 0x1f}, - {0x03, 0xef, 0xbd, 0x1d}, - {0x03, 0xef, 0xbd, 0x17}, - {0x03, 0xef, 0xbd, 0x08}, - {0x03, 0xef, 0xbd, 0x09}, - {0x03, 0xef, 0xbd, 0x0e}, - {0x03, 0xef, 0xbd, 0x04}, - {0x03, 0xef, 0xbd, 0x05}, - {0x03, 0xef, 0xbe, 0x3f}, - {0x03, 0xef, 0xbe, 0x00}, - {0x03, 0xef, 0xbd, 0x2c}, - {0x03, 0xef, 0xbe, 0x06}, - {0x03, 0xef, 0xbe, 0x0c}, - {0x03, 0xef, 0xbe, 0x0f}, - {0x03, 0xef, 0xbe, 0x0d}, - {0x03, 0xef, 0xbe, 0x0b}, - {0x03, 0xef, 0xbe, 0x19}, - {0x03, 0xef, 0xbe, 0x15}, - {0x03, 0xef, 0xbe, 0x11}, - {0x03, 0xef, 0xbe, 0x31}, - {0x03, 0xef, 0xbe, 0x33}, - {0x03, 0xef, 0xbd, 0x0f}, - {0x03, 0xef, 0xbe, 0x30}, - {0x03, 0xef, 0xbe, 0x3e}, - {0x03, 0xef, 0xbe, 0x32}, - {0x03, 0xef, 0xbe, 0x36}, - {0x03, 0xef, 0xbd, 0x14}, - {0x03, 0xef, 0xbe, 0x2e}, - {0x03, 0xef, 0xbd, 0x1e}, - {0x03, 0xef, 0xbe, 0x10}, - {0x03, 0xef, 0xbf, 0x13}, - {0x03, 0xef, 0xbf, 0x15}, - {0x03, 0xef, 0xbf, 0x17}, - {0x03, 0xef, 0xbf, 0x1f}, - {0x03, 0xef, 0xbf, 0x1d}, - {0x03, 0xef, 0xbf, 0x1b}, - {0x03, 0xef, 0xbf, 0x09}, - {0x03, 0xef, 0xbf, 0x0b}, - {0x03, 0xef, 0xbf, 0x37}, - {0x03, 0xef, 0xbe, 0x04}, - {0x01, 0xe0, 0x00, 0x00}, - {0x03, 0xe2, 0xa6, 0x1a}, - {0x03, 0xe2, 0xa6, 0x26}, - {0x03, 0xe3, 0x80, 0x23}, - {0x03, 0xe3, 0x80, 0x2e}, - {0x03, 0xe3, 0x80, 0x25}, - {0x03, 0xe3, 0x83, 0x1e}, - {0x03, 0xe3, 0x83, 0x14}, - {0x03, 0xe3, 0x82, 0x06}, - {0x03, 0xe3, 0x82, 0x0b}, - {0x03, 0xe3, 0x82, 0x0c}, - {0x03, 0xe3, 0x82, 0x0d}, - {0x03, 0xe3, 0x82, 0x02}, - {0x03, 0xe3, 0x83, 0x0f}, - {0x03, 0xe3, 0x83, 0x08}, - {0x03, 0xe3, 0x83, 0x09}, - {0x03, 0xe3, 0x83, 0x2c}, - {0x03, 0xe3, 0x83, 0x0c}, - {0x03, 0xe3, 0x82, 0x13}, - {0x03, 0xe3, 0x82, 0x16}, - {0x03, 0xe3, 0x82, 0x15}, - {0x03, 0xe3, 0x82, 0x1c}, - {0x03, 0xe3, 0x82, 0x1f}, - {0x03, 0xe3, 0x82, 0x1d}, - {0x03, 0xe3, 0x82, 0x1a}, - {0x03, 0xe3, 0x82, 0x17}, - {0x03, 0xe3, 0x82, 0x08}, - {0x03, 0xe3, 0x82, 0x09}, - {0x03, 0xe3, 0x82, 0x0e}, - {0x03, 0xe3, 0x82, 0x04}, - {0x03, 0xe3, 0x82, 0x05}, - {0x03, 0xe3, 0x82, 0x3f}, - {0x03, 0xe3, 0x83, 0x00}, - {0x03, 0xe3, 0x83, 0x06}, - {0x03, 0xe3, 0x83, 0x05}, - {0x03, 0xe3, 0x83, 0x0d}, - {0x03, 0xe3, 0x83, 0x0b}, - {0x03, 0xe3, 0x83, 0x07}, - {0x03, 0xe3, 0x83, 0x19}, - {0x03, 0xe3, 0x83, 0x15}, - {0x03, 0xe3, 0x83, 0x11}, - {0x03, 0xe3, 0x83, 0x31}, - {0x03, 0xe3, 0x83, 0x33}, - {0x03, 0xe3, 0x83, 0x30}, - {0x03, 0xe3, 0x83, 0x3e}, - {0x03, 0xe3, 0x83, 0x32}, - {0x03, 0xe3, 0x83, 0x36}, - {0x03, 0xe3, 0x83, 0x2e}, - {0x03, 0xe3, 0x82, 0x07}, - {0x03, 0xe3, 0x85, 0x04}, - {0x03, 0xe3, 0x84, 0x10}, - {0x03, 0xe3, 0x85, 0x30}, - {0x03, 0xe3, 0x85, 0x0d}, - {0x03, 0xe3, 0x85, 0x13}, - {0x03, 0xe3, 0x85, 0x15}, - {0x03, 0xe3, 0x85, 0x17}, - {0x03, 0xe3, 0x85, 0x1f}, - {0x03, 0xe3, 0x85, 0x1d}, - {0x03, 0xe3, 0x85, 0x1b}, - {0x03, 0xe3, 0x85, 0x09}, - {0x03, 0xe3, 0x85, 0x0f}, - {0x03, 0xe3, 0x85, 0x0b}, - {0x03, 0xe3, 0x85, 0x37}, - {0x03, 0xe3, 0x85, 0x3b}, - {0x03, 0xe3, 0x85, 0x39}, - {0x03, 0xe3, 0x85, 0x3f}, - {0x02, 0xc2, 0x02, 0x00}, - {0x02, 0xc2, 0x0e, 0x00}, - {0x02, 0xc2, 0x0c, 0x00}, - {0x02, 0xc2, 0x00, 0x00}, - {0x03, 0xe2, 0x82, 0x0f}, - {0x03, 0xe2, 0x94, 0x2a}, - {0x03, 0xe2, 0x86, 0x39}, - {0x03, 0xe2, 0x86, 0x3b}, - {0x03, 0xe2, 0x86, 0x3f}, - {0x03, 0xe2, 0x96, 0x0d}, - {0x03, 0xe2, 0x97, 0x25}, -} - -// Total table size 14936 bytes (14KiB) diff --git a/etcd/vendor/golang.org/x/text/width/tables11.0.0.go b/etcd/vendor/golang.org/x/text/width/tables11.0.0.go deleted file mode 100644 index 327eaef9b7..0000000000 --- a/etcd/vendor/golang.org/x/text/width/tables11.0.0.go +++ /dev/null @@ -1,1341 +0,0 @@ -// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - -//go:build go1.13 && !go1.14 -// +build go1.13,!go1.14 - -package width - -// UnicodeVersion is the Unicode version from which the tables in this package are derived. -const UnicodeVersion = "11.0.0" - -// lookup returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookup(s []byte) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupUnsafe(s []byte) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// lookupString returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookupString(s string) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupStringUnsafe(s string) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// widthTrie. Total size: 14336 bytes (14.00 KiB). Checksum: c0f7712776e71cd4. -type widthTrie struct{} - -func newWidthTrie(i int) *widthTrie { - return &widthTrie{} -} - -// lookupValue determines the type of block n and looks up the value for b. -func (t *widthTrie) lookupValue(n uint32, b byte) uint16 { - switch { - default: - return uint16(widthValues[n<<6+uint32(b)]) - } -} - -// widthValues: 101 blocks, 6464 entries, 12928 bytes -// The third block is the zero block. -var widthValues = [6464]uint16{ - // Block 0x0, offset 0x0 - 0x20: 0x6001, 0x21: 0x6002, 0x22: 0x6002, 0x23: 0x6002, - 0x24: 0x6002, 0x25: 0x6002, 0x26: 0x6002, 0x27: 0x6002, 0x28: 0x6002, 0x29: 0x6002, - 0x2a: 0x6002, 0x2b: 0x6002, 0x2c: 0x6002, 0x2d: 0x6002, 0x2e: 0x6002, 0x2f: 0x6002, - 0x30: 0x6002, 0x31: 0x6002, 0x32: 0x6002, 0x33: 0x6002, 0x34: 0x6002, 0x35: 0x6002, - 0x36: 0x6002, 0x37: 0x6002, 0x38: 0x6002, 0x39: 0x6002, 0x3a: 0x6002, 0x3b: 0x6002, - 0x3c: 0x6002, 0x3d: 0x6002, 0x3e: 0x6002, 0x3f: 0x6002, - // Block 0x1, offset 0x40 - 0x40: 0x6003, 0x41: 0x6003, 0x42: 0x6003, 0x43: 0x6003, 0x44: 0x6003, 0x45: 0x6003, - 0x46: 0x6003, 0x47: 0x6003, 0x48: 0x6003, 0x49: 0x6003, 0x4a: 0x6003, 0x4b: 0x6003, - 0x4c: 0x6003, 0x4d: 0x6003, 0x4e: 0x6003, 0x4f: 0x6003, 0x50: 0x6003, 0x51: 0x6003, - 0x52: 0x6003, 0x53: 0x6003, 0x54: 0x6003, 0x55: 0x6003, 0x56: 0x6003, 0x57: 0x6003, - 0x58: 0x6003, 0x59: 0x6003, 0x5a: 0x6003, 0x5b: 0x6003, 0x5c: 0x6003, 0x5d: 0x6003, - 0x5e: 0x6003, 0x5f: 0x6003, 0x60: 0x6004, 0x61: 0x6004, 0x62: 0x6004, 0x63: 0x6004, - 0x64: 0x6004, 0x65: 0x6004, 0x66: 0x6004, 0x67: 0x6004, 0x68: 0x6004, 0x69: 0x6004, - 0x6a: 0x6004, 0x6b: 0x6004, 0x6c: 0x6004, 0x6d: 0x6004, 0x6e: 0x6004, 0x6f: 0x6004, - 0x70: 0x6004, 0x71: 0x6004, 0x72: 0x6004, 0x73: 0x6004, 0x74: 0x6004, 0x75: 0x6004, - 0x76: 0x6004, 0x77: 0x6004, 0x78: 0x6004, 0x79: 0x6004, 0x7a: 0x6004, 0x7b: 0x6004, - 0x7c: 0x6004, 0x7d: 0x6004, 0x7e: 0x6004, - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xe1: 0x2000, 0xe2: 0x6005, 0xe3: 0x6005, - 0xe4: 0x2000, 0xe5: 0x6006, 0xe6: 0x6005, 0xe7: 0x2000, 0xe8: 0x2000, - 0xea: 0x2000, 0xec: 0x6007, 0xed: 0x2000, 0xee: 0x2000, 0xef: 0x6008, - 0xf0: 0x2000, 0xf1: 0x2000, 0xf2: 0x2000, 0xf3: 0x2000, 0xf4: 0x2000, - 0xf6: 0x2000, 0xf7: 0x2000, 0xf8: 0x2000, 0xf9: 0x2000, 0xfa: 0x2000, - 0xfc: 0x2000, 0xfd: 0x2000, 0xfe: 0x2000, 0xff: 0x2000, - // Block 0x4, offset 0x100 - 0x106: 0x2000, - 0x110: 0x2000, - 0x117: 0x2000, - 0x118: 0x2000, - 0x11e: 0x2000, 0x11f: 0x2000, 0x120: 0x2000, 0x121: 0x2000, - 0x126: 0x2000, 0x128: 0x2000, 0x129: 0x2000, - 0x12a: 0x2000, 0x12c: 0x2000, 0x12d: 0x2000, - 0x130: 0x2000, 0x132: 0x2000, 0x133: 0x2000, - 0x137: 0x2000, 0x138: 0x2000, 0x139: 0x2000, 0x13a: 0x2000, - 0x13c: 0x2000, 0x13e: 0x2000, - // Block 0x5, offset 0x140 - 0x141: 0x2000, - 0x151: 0x2000, - 0x153: 0x2000, - 0x15b: 0x2000, - 0x166: 0x2000, 0x167: 0x2000, - 0x16b: 0x2000, - 0x171: 0x2000, 0x172: 0x2000, 0x173: 0x2000, - 0x178: 0x2000, - 0x17f: 0x2000, - // Block 0x6, offset 0x180 - 0x180: 0x2000, 0x181: 0x2000, 0x182: 0x2000, 0x184: 0x2000, - 0x188: 0x2000, 0x189: 0x2000, 0x18a: 0x2000, 0x18b: 0x2000, - 0x18d: 0x2000, - 0x192: 0x2000, 0x193: 0x2000, - 0x1a6: 0x2000, 0x1a7: 0x2000, - 0x1ab: 0x2000, - // Block 0x7, offset 0x1c0 - 0x1ce: 0x2000, 0x1d0: 0x2000, - 0x1d2: 0x2000, 0x1d4: 0x2000, 0x1d6: 0x2000, - 0x1d8: 0x2000, 0x1da: 0x2000, 0x1dc: 0x2000, - // Block 0x8, offset 0x200 - 0x211: 0x2000, - 0x221: 0x2000, - // Block 0x9, offset 0x240 - 0x244: 0x2000, - 0x247: 0x2000, 0x249: 0x2000, 0x24a: 0x2000, 0x24b: 0x2000, - 0x24d: 0x2000, 0x250: 0x2000, - 0x258: 0x2000, 0x259: 0x2000, 0x25a: 0x2000, 0x25b: 0x2000, 0x25d: 0x2000, - 0x25f: 0x2000, - // Block 0xa, offset 0x280 - 0x280: 0x2000, 0x281: 0x2000, 0x282: 0x2000, 0x283: 0x2000, 0x284: 0x2000, 0x285: 0x2000, - 0x286: 0x2000, 0x287: 0x2000, 0x288: 0x2000, 0x289: 0x2000, 0x28a: 0x2000, 0x28b: 0x2000, - 0x28c: 0x2000, 0x28d: 0x2000, 0x28e: 0x2000, 0x28f: 0x2000, 0x290: 0x2000, 0x291: 0x2000, - 0x292: 0x2000, 0x293: 0x2000, 0x294: 0x2000, 0x295: 0x2000, 0x296: 0x2000, 0x297: 0x2000, - 0x298: 0x2000, 0x299: 0x2000, 0x29a: 0x2000, 0x29b: 0x2000, 0x29c: 0x2000, 0x29d: 0x2000, - 0x29e: 0x2000, 0x29f: 0x2000, 0x2a0: 0x2000, 0x2a1: 0x2000, 0x2a2: 0x2000, 0x2a3: 0x2000, - 0x2a4: 0x2000, 0x2a5: 0x2000, 0x2a6: 0x2000, 0x2a7: 0x2000, 0x2a8: 0x2000, 0x2a9: 0x2000, - 0x2aa: 0x2000, 0x2ab: 0x2000, 0x2ac: 0x2000, 0x2ad: 0x2000, 0x2ae: 0x2000, 0x2af: 0x2000, - 0x2b0: 0x2000, 0x2b1: 0x2000, 0x2b2: 0x2000, 0x2b3: 0x2000, 0x2b4: 0x2000, 0x2b5: 0x2000, - 0x2b6: 0x2000, 0x2b7: 0x2000, 0x2b8: 0x2000, 0x2b9: 0x2000, 0x2ba: 0x2000, 0x2bb: 0x2000, - 0x2bc: 0x2000, 0x2bd: 0x2000, 0x2be: 0x2000, 0x2bf: 0x2000, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x2000, 0x2c1: 0x2000, 0x2c2: 0x2000, 0x2c3: 0x2000, 0x2c4: 0x2000, 0x2c5: 0x2000, - 0x2c6: 0x2000, 0x2c7: 0x2000, 0x2c8: 0x2000, 0x2c9: 0x2000, 0x2ca: 0x2000, 0x2cb: 0x2000, - 0x2cc: 0x2000, 0x2cd: 0x2000, 0x2ce: 0x2000, 0x2cf: 0x2000, 0x2d0: 0x2000, 0x2d1: 0x2000, - 0x2d2: 0x2000, 0x2d3: 0x2000, 0x2d4: 0x2000, 0x2d5: 0x2000, 0x2d6: 0x2000, 0x2d7: 0x2000, - 0x2d8: 0x2000, 0x2d9: 0x2000, 0x2da: 0x2000, 0x2db: 0x2000, 0x2dc: 0x2000, 0x2dd: 0x2000, - 0x2de: 0x2000, 0x2df: 0x2000, 0x2e0: 0x2000, 0x2e1: 0x2000, 0x2e2: 0x2000, 0x2e3: 0x2000, - 0x2e4: 0x2000, 0x2e5: 0x2000, 0x2e6: 0x2000, 0x2e7: 0x2000, 0x2e8: 0x2000, 0x2e9: 0x2000, - 0x2ea: 0x2000, 0x2eb: 0x2000, 0x2ec: 0x2000, 0x2ed: 0x2000, 0x2ee: 0x2000, 0x2ef: 0x2000, - // Block 0xc, offset 0x300 - 0x311: 0x2000, - 0x312: 0x2000, 0x313: 0x2000, 0x314: 0x2000, 0x315: 0x2000, 0x316: 0x2000, 0x317: 0x2000, - 0x318: 0x2000, 0x319: 0x2000, 0x31a: 0x2000, 0x31b: 0x2000, 0x31c: 0x2000, 0x31d: 0x2000, - 0x31e: 0x2000, 0x31f: 0x2000, 0x320: 0x2000, 0x321: 0x2000, 0x323: 0x2000, - 0x324: 0x2000, 0x325: 0x2000, 0x326: 0x2000, 0x327: 0x2000, 0x328: 0x2000, 0x329: 0x2000, - 0x331: 0x2000, 0x332: 0x2000, 0x333: 0x2000, 0x334: 0x2000, 0x335: 0x2000, - 0x336: 0x2000, 0x337: 0x2000, 0x338: 0x2000, 0x339: 0x2000, 0x33a: 0x2000, 0x33b: 0x2000, - 0x33c: 0x2000, 0x33d: 0x2000, 0x33e: 0x2000, 0x33f: 0x2000, - // Block 0xd, offset 0x340 - 0x340: 0x2000, 0x341: 0x2000, 0x343: 0x2000, 0x344: 0x2000, 0x345: 0x2000, - 0x346: 0x2000, 0x347: 0x2000, 0x348: 0x2000, 0x349: 0x2000, - // Block 0xe, offset 0x380 - 0x381: 0x2000, - 0x390: 0x2000, 0x391: 0x2000, - 0x392: 0x2000, 0x393: 0x2000, 0x394: 0x2000, 0x395: 0x2000, 0x396: 0x2000, 0x397: 0x2000, - 0x398: 0x2000, 0x399: 0x2000, 0x39a: 0x2000, 0x39b: 0x2000, 0x39c: 0x2000, 0x39d: 0x2000, - 0x39e: 0x2000, 0x39f: 0x2000, 0x3a0: 0x2000, 0x3a1: 0x2000, 0x3a2: 0x2000, 0x3a3: 0x2000, - 0x3a4: 0x2000, 0x3a5: 0x2000, 0x3a6: 0x2000, 0x3a7: 0x2000, 0x3a8: 0x2000, 0x3a9: 0x2000, - 0x3aa: 0x2000, 0x3ab: 0x2000, 0x3ac: 0x2000, 0x3ad: 0x2000, 0x3ae: 0x2000, 0x3af: 0x2000, - 0x3b0: 0x2000, 0x3b1: 0x2000, 0x3b2: 0x2000, 0x3b3: 0x2000, 0x3b4: 0x2000, 0x3b5: 0x2000, - 0x3b6: 0x2000, 0x3b7: 0x2000, 0x3b8: 0x2000, 0x3b9: 0x2000, 0x3ba: 0x2000, 0x3bb: 0x2000, - 0x3bc: 0x2000, 0x3bd: 0x2000, 0x3be: 0x2000, 0x3bf: 0x2000, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x2000, 0x3c1: 0x2000, 0x3c2: 0x2000, 0x3c3: 0x2000, 0x3c4: 0x2000, 0x3c5: 0x2000, - 0x3c6: 0x2000, 0x3c7: 0x2000, 0x3c8: 0x2000, 0x3c9: 0x2000, 0x3ca: 0x2000, 0x3cb: 0x2000, - 0x3cc: 0x2000, 0x3cd: 0x2000, 0x3ce: 0x2000, 0x3cf: 0x2000, 0x3d1: 0x2000, - // Block 0x10, offset 0x400 - 0x400: 0x4000, 0x401: 0x4000, 0x402: 0x4000, 0x403: 0x4000, 0x404: 0x4000, 0x405: 0x4000, - 0x406: 0x4000, 0x407: 0x4000, 0x408: 0x4000, 0x409: 0x4000, 0x40a: 0x4000, 0x40b: 0x4000, - 0x40c: 0x4000, 0x40d: 0x4000, 0x40e: 0x4000, 0x40f: 0x4000, 0x410: 0x4000, 0x411: 0x4000, - 0x412: 0x4000, 0x413: 0x4000, 0x414: 0x4000, 0x415: 0x4000, 0x416: 0x4000, 0x417: 0x4000, - 0x418: 0x4000, 0x419: 0x4000, 0x41a: 0x4000, 0x41b: 0x4000, 0x41c: 0x4000, 0x41d: 0x4000, - 0x41e: 0x4000, 0x41f: 0x4000, 0x420: 0x4000, 0x421: 0x4000, 0x422: 0x4000, 0x423: 0x4000, - 0x424: 0x4000, 0x425: 0x4000, 0x426: 0x4000, 0x427: 0x4000, 0x428: 0x4000, 0x429: 0x4000, - 0x42a: 0x4000, 0x42b: 0x4000, 0x42c: 0x4000, 0x42d: 0x4000, 0x42e: 0x4000, 0x42f: 0x4000, - 0x430: 0x4000, 0x431: 0x4000, 0x432: 0x4000, 0x433: 0x4000, 0x434: 0x4000, 0x435: 0x4000, - 0x436: 0x4000, 0x437: 0x4000, 0x438: 0x4000, 0x439: 0x4000, 0x43a: 0x4000, 0x43b: 0x4000, - 0x43c: 0x4000, 0x43d: 0x4000, 0x43e: 0x4000, 0x43f: 0x4000, - // Block 0x11, offset 0x440 - 0x440: 0x4000, 0x441: 0x4000, 0x442: 0x4000, 0x443: 0x4000, 0x444: 0x4000, 0x445: 0x4000, - 0x446: 0x4000, 0x447: 0x4000, 0x448: 0x4000, 0x449: 0x4000, 0x44a: 0x4000, 0x44b: 0x4000, - 0x44c: 0x4000, 0x44d: 0x4000, 0x44e: 0x4000, 0x44f: 0x4000, 0x450: 0x4000, 0x451: 0x4000, - 0x452: 0x4000, 0x453: 0x4000, 0x454: 0x4000, 0x455: 0x4000, 0x456: 0x4000, 0x457: 0x4000, - 0x458: 0x4000, 0x459: 0x4000, 0x45a: 0x4000, 0x45b: 0x4000, 0x45c: 0x4000, 0x45d: 0x4000, - 0x45e: 0x4000, 0x45f: 0x4000, - // Block 0x12, offset 0x480 - 0x490: 0x2000, - 0x493: 0x2000, 0x494: 0x2000, 0x495: 0x2000, 0x496: 0x2000, - 0x498: 0x2000, 0x499: 0x2000, 0x49c: 0x2000, 0x49d: 0x2000, - 0x4a0: 0x2000, 0x4a1: 0x2000, 0x4a2: 0x2000, - 0x4a4: 0x2000, 0x4a5: 0x2000, 0x4a6: 0x2000, 0x4a7: 0x2000, - 0x4b0: 0x2000, 0x4b2: 0x2000, 0x4b3: 0x2000, 0x4b5: 0x2000, - 0x4bb: 0x2000, - 0x4be: 0x2000, - // Block 0x13, offset 0x4c0 - 0x4f4: 0x2000, - 0x4ff: 0x2000, - // Block 0x14, offset 0x500 - 0x501: 0x2000, 0x502: 0x2000, 0x503: 0x2000, 0x504: 0x2000, - 0x529: 0xa009, - 0x52c: 0x2000, - // Block 0x15, offset 0x540 - 0x543: 0x2000, 0x545: 0x2000, - 0x549: 0x2000, - 0x553: 0x2000, 0x556: 0x2000, - 0x561: 0x2000, 0x562: 0x2000, - 0x566: 0x2000, - 0x56b: 0x2000, - // Block 0x16, offset 0x580 - 0x593: 0x2000, 0x594: 0x2000, - 0x59b: 0x2000, 0x59c: 0x2000, 0x59d: 0x2000, - 0x59e: 0x2000, 0x5a0: 0x2000, 0x5a1: 0x2000, 0x5a2: 0x2000, 0x5a3: 0x2000, - 0x5a4: 0x2000, 0x5a5: 0x2000, 0x5a6: 0x2000, 0x5a7: 0x2000, 0x5a8: 0x2000, 0x5a9: 0x2000, - 0x5aa: 0x2000, 0x5ab: 0x2000, - 0x5b0: 0x2000, 0x5b1: 0x2000, 0x5b2: 0x2000, 0x5b3: 0x2000, 0x5b4: 0x2000, 0x5b5: 0x2000, - 0x5b6: 0x2000, 0x5b7: 0x2000, 0x5b8: 0x2000, 0x5b9: 0x2000, - // Block 0x17, offset 0x5c0 - 0x5c9: 0x2000, - 0x5d0: 0x200a, 0x5d1: 0x200b, - 0x5d2: 0x200a, 0x5d3: 0x200c, 0x5d4: 0x2000, 0x5d5: 0x2000, 0x5d6: 0x2000, 0x5d7: 0x2000, - 0x5d8: 0x2000, 0x5d9: 0x2000, - 0x5f8: 0x2000, 0x5f9: 0x2000, - // Block 0x18, offset 0x600 - 0x612: 0x2000, 0x614: 0x2000, - 0x627: 0x2000, - // Block 0x19, offset 0x640 - 0x640: 0x2000, 0x642: 0x2000, 0x643: 0x2000, - 0x647: 0x2000, 0x648: 0x2000, 0x64b: 0x2000, - 0x64f: 0x2000, 0x651: 0x2000, - 0x655: 0x2000, - 0x65a: 0x2000, 0x65d: 0x2000, - 0x65e: 0x2000, 0x65f: 0x2000, 0x660: 0x2000, 0x663: 0x2000, - 0x665: 0x2000, 0x667: 0x2000, 0x668: 0x2000, 0x669: 0x2000, - 0x66a: 0x2000, 0x66b: 0x2000, 0x66c: 0x2000, 0x66e: 0x2000, - 0x674: 0x2000, 0x675: 0x2000, - 0x676: 0x2000, 0x677: 0x2000, - 0x67c: 0x2000, 0x67d: 0x2000, - // Block 0x1a, offset 0x680 - 0x688: 0x2000, - 0x68c: 0x2000, - 0x692: 0x2000, - 0x6a0: 0x2000, 0x6a1: 0x2000, - 0x6a4: 0x2000, 0x6a5: 0x2000, 0x6a6: 0x2000, 0x6a7: 0x2000, - 0x6aa: 0x2000, 0x6ab: 0x2000, 0x6ae: 0x2000, 0x6af: 0x2000, - // Block 0x1b, offset 0x6c0 - 0x6c2: 0x2000, 0x6c3: 0x2000, - 0x6c6: 0x2000, 0x6c7: 0x2000, - 0x6d5: 0x2000, - 0x6d9: 0x2000, - 0x6e5: 0x2000, - 0x6ff: 0x2000, - // Block 0x1c, offset 0x700 - 0x712: 0x2000, - 0x71a: 0x4000, 0x71b: 0x4000, - 0x729: 0x4000, - 0x72a: 0x4000, - // Block 0x1d, offset 0x740 - 0x769: 0x4000, - 0x76a: 0x4000, 0x76b: 0x4000, 0x76c: 0x4000, - 0x770: 0x4000, 0x773: 0x4000, - // Block 0x1e, offset 0x780 - 0x7a0: 0x2000, 0x7a1: 0x2000, 0x7a2: 0x2000, 0x7a3: 0x2000, - 0x7a4: 0x2000, 0x7a5: 0x2000, 0x7a6: 0x2000, 0x7a7: 0x2000, 0x7a8: 0x2000, 0x7a9: 0x2000, - 0x7aa: 0x2000, 0x7ab: 0x2000, 0x7ac: 0x2000, 0x7ad: 0x2000, 0x7ae: 0x2000, 0x7af: 0x2000, - 0x7b0: 0x2000, 0x7b1: 0x2000, 0x7b2: 0x2000, 0x7b3: 0x2000, 0x7b4: 0x2000, 0x7b5: 0x2000, - 0x7b6: 0x2000, 0x7b7: 0x2000, 0x7b8: 0x2000, 0x7b9: 0x2000, 0x7ba: 0x2000, 0x7bb: 0x2000, - 0x7bc: 0x2000, 0x7bd: 0x2000, 0x7be: 0x2000, 0x7bf: 0x2000, - // Block 0x1f, offset 0x7c0 - 0x7c0: 0x2000, 0x7c1: 0x2000, 0x7c2: 0x2000, 0x7c3: 0x2000, 0x7c4: 0x2000, 0x7c5: 0x2000, - 0x7c6: 0x2000, 0x7c7: 0x2000, 0x7c8: 0x2000, 0x7c9: 0x2000, 0x7ca: 0x2000, 0x7cb: 0x2000, - 0x7cc: 0x2000, 0x7cd: 0x2000, 0x7ce: 0x2000, 0x7cf: 0x2000, 0x7d0: 0x2000, 0x7d1: 0x2000, - 0x7d2: 0x2000, 0x7d3: 0x2000, 0x7d4: 0x2000, 0x7d5: 0x2000, 0x7d6: 0x2000, 0x7d7: 0x2000, - 0x7d8: 0x2000, 0x7d9: 0x2000, 0x7da: 0x2000, 0x7db: 0x2000, 0x7dc: 0x2000, 0x7dd: 0x2000, - 0x7de: 0x2000, 0x7df: 0x2000, 0x7e0: 0x2000, 0x7e1: 0x2000, 0x7e2: 0x2000, 0x7e3: 0x2000, - 0x7e4: 0x2000, 0x7e5: 0x2000, 0x7e6: 0x2000, 0x7e7: 0x2000, 0x7e8: 0x2000, 0x7e9: 0x2000, - 0x7eb: 0x2000, 0x7ec: 0x2000, 0x7ed: 0x2000, 0x7ee: 0x2000, 0x7ef: 0x2000, - 0x7f0: 0x2000, 0x7f1: 0x2000, 0x7f2: 0x2000, 0x7f3: 0x2000, 0x7f4: 0x2000, 0x7f5: 0x2000, - 0x7f6: 0x2000, 0x7f7: 0x2000, 0x7f8: 0x2000, 0x7f9: 0x2000, 0x7fa: 0x2000, 0x7fb: 0x2000, - 0x7fc: 0x2000, 0x7fd: 0x2000, 0x7fe: 0x2000, 0x7ff: 0x2000, - // Block 0x20, offset 0x800 - 0x800: 0x2000, 0x801: 0x2000, 0x802: 0x200d, 0x803: 0x2000, 0x804: 0x2000, 0x805: 0x2000, - 0x806: 0x2000, 0x807: 0x2000, 0x808: 0x2000, 0x809: 0x2000, 0x80a: 0x2000, 0x80b: 0x2000, - 0x80c: 0x2000, 0x80d: 0x2000, 0x80e: 0x2000, 0x80f: 0x2000, 0x810: 0x2000, 0x811: 0x2000, - 0x812: 0x2000, 0x813: 0x2000, 0x814: 0x2000, 0x815: 0x2000, 0x816: 0x2000, 0x817: 0x2000, - 0x818: 0x2000, 0x819: 0x2000, 0x81a: 0x2000, 0x81b: 0x2000, 0x81c: 0x2000, 0x81d: 0x2000, - 0x81e: 0x2000, 0x81f: 0x2000, 0x820: 0x2000, 0x821: 0x2000, 0x822: 0x2000, 0x823: 0x2000, - 0x824: 0x2000, 0x825: 0x2000, 0x826: 0x2000, 0x827: 0x2000, 0x828: 0x2000, 0x829: 0x2000, - 0x82a: 0x2000, 0x82b: 0x2000, 0x82c: 0x2000, 0x82d: 0x2000, 0x82e: 0x2000, 0x82f: 0x2000, - 0x830: 0x2000, 0x831: 0x2000, 0x832: 0x2000, 0x833: 0x2000, 0x834: 0x2000, 0x835: 0x2000, - 0x836: 0x2000, 0x837: 0x2000, 0x838: 0x2000, 0x839: 0x2000, 0x83a: 0x2000, 0x83b: 0x2000, - 0x83c: 0x2000, 0x83d: 0x2000, 0x83e: 0x2000, 0x83f: 0x2000, - // Block 0x21, offset 0x840 - 0x840: 0x2000, 0x841: 0x2000, 0x842: 0x2000, 0x843: 0x2000, 0x844: 0x2000, 0x845: 0x2000, - 0x846: 0x2000, 0x847: 0x2000, 0x848: 0x2000, 0x849: 0x2000, 0x84a: 0x2000, 0x84b: 0x2000, - 0x850: 0x2000, 0x851: 0x2000, - 0x852: 0x2000, 0x853: 0x2000, 0x854: 0x2000, 0x855: 0x2000, 0x856: 0x2000, 0x857: 0x2000, - 0x858: 0x2000, 0x859: 0x2000, 0x85a: 0x2000, 0x85b: 0x2000, 0x85c: 0x2000, 0x85d: 0x2000, - 0x85e: 0x2000, 0x85f: 0x2000, 0x860: 0x2000, 0x861: 0x2000, 0x862: 0x2000, 0x863: 0x2000, - 0x864: 0x2000, 0x865: 0x2000, 0x866: 0x2000, 0x867: 0x2000, 0x868: 0x2000, 0x869: 0x2000, - 0x86a: 0x2000, 0x86b: 0x2000, 0x86c: 0x2000, 0x86d: 0x2000, 0x86e: 0x2000, 0x86f: 0x2000, - 0x870: 0x2000, 0x871: 0x2000, 0x872: 0x2000, 0x873: 0x2000, - // Block 0x22, offset 0x880 - 0x880: 0x2000, 0x881: 0x2000, 0x882: 0x2000, 0x883: 0x2000, 0x884: 0x2000, 0x885: 0x2000, - 0x886: 0x2000, 0x887: 0x2000, 0x888: 0x2000, 0x889: 0x2000, 0x88a: 0x2000, 0x88b: 0x2000, - 0x88c: 0x2000, 0x88d: 0x2000, 0x88e: 0x2000, 0x88f: 0x2000, - 0x892: 0x2000, 0x893: 0x2000, 0x894: 0x2000, 0x895: 0x2000, - 0x8a0: 0x200e, 0x8a1: 0x2000, 0x8a3: 0x2000, - 0x8a4: 0x2000, 0x8a5: 0x2000, 0x8a6: 0x2000, 0x8a7: 0x2000, 0x8a8: 0x2000, 0x8a9: 0x2000, - 0x8b2: 0x2000, 0x8b3: 0x2000, - 0x8b6: 0x2000, 0x8b7: 0x2000, - 0x8bc: 0x2000, 0x8bd: 0x2000, - // Block 0x23, offset 0x8c0 - 0x8c0: 0x2000, 0x8c1: 0x2000, - 0x8c6: 0x2000, 0x8c7: 0x2000, 0x8c8: 0x2000, 0x8cb: 0x200f, - 0x8ce: 0x2000, 0x8cf: 0x2000, 0x8d0: 0x2000, 0x8d1: 0x2000, - 0x8e2: 0x2000, 0x8e3: 0x2000, - 0x8e4: 0x2000, 0x8e5: 0x2000, - 0x8ef: 0x2000, - 0x8fd: 0x4000, 0x8fe: 0x4000, - // Block 0x24, offset 0x900 - 0x905: 0x2000, - 0x906: 0x2000, 0x909: 0x2000, - 0x90e: 0x2000, 0x90f: 0x2000, - 0x914: 0x4000, 0x915: 0x4000, - 0x91c: 0x2000, - 0x91e: 0x2000, - // Block 0x25, offset 0x940 - 0x940: 0x2000, 0x942: 0x2000, - 0x948: 0x4000, 0x949: 0x4000, 0x94a: 0x4000, 0x94b: 0x4000, - 0x94c: 0x4000, 0x94d: 0x4000, 0x94e: 0x4000, 0x94f: 0x4000, 0x950: 0x4000, 0x951: 0x4000, - 0x952: 0x4000, 0x953: 0x4000, - 0x960: 0x2000, 0x961: 0x2000, 0x963: 0x2000, - 0x964: 0x2000, 0x965: 0x2000, 0x967: 0x2000, 0x968: 0x2000, 0x969: 0x2000, - 0x96a: 0x2000, 0x96c: 0x2000, 0x96d: 0x2000, 0x96f: 0x2000, - 0x97f: 0x4000, - // Block 0x26, offset 0x980 - 0x993: 0x4000, - 0x99e: 0x2000, 0x99f: 0x2000, 0x9a1: 0x4000, - 0x9aa: 0x4000, 0x9ab: 0x4000, - 0x9bd: 0x4000, 0x9be: 0x4000, 0x9bf: 0x2000, - // Block 0x27, offset 0x9c0 - 0x9c4: 0x4000, 0x9c5: 0x4000, - 0x9c6: 0x2000, 0x9c7: 0x2000, 0x9c8: 0x2000, 0x9c9: 0x2000, 0x9ca: 0x2000, 0x9cb: 0x2000, - 0x9cc: 0x2000, 0x9cd: 0x2000, 0x9ce: 0x4000, 0x9cf: 0x2000, 0x9d0: 0x2000, 0x9d1: 0x2000, - 0x9d2: 0x2000, 0x9d3: 0x2000, 0x9d4: 0x4000, 0x9d5: 0x2000, 0x9d6: 0x2000, 0x9d7: 0x2000, - 0x9d8: 0x2000, 0x9d9: 0x2000, 0x9da: 0x2000, 0x9db: 0x2000, 0x9dc: 0x2000, 0x9dd: 0x2000, - 0x9de: 0x2000, 0x9df: 0x2000, 0x9e0: 0x2000, 0x9e1: 0x2000, 0x9e3: 0x2000, - 0x9e8: 0x2000, 0x9e9: 0x2000, - 0x9ea: 0x4000, 0x9eb: 0x2000, 0x9ec: 0x2000, 0x9ed: 0x2000, 0x9ee: 0x2000, 0x9ef: 0x2000, - 0x9f0: 0x2000, 0x9f1: 0x2000, 0x9f2: 0x4000, 0x9f3: 0x4000, 0x9f4: 0x2000, 0x9f5: 0x4000, - 0x9f6: 0x2000, 0x9f7: 0x2000, 0x9f8: 0x2000, 0x9f9: 0x2000, 0x9fa: 0x4000, 0x9fb: 0x2000, - 0x9fc: 0x2000, 0x9fd: 0x4000, 0x9fe: 0x2000, 0x9ff: 0x2000, - // Block 0x28, offset 0xa00 - 0xa05: 0x4000, - 0xa0a: 0x4000, 0xa0b: 0x4000, - 0xa28: 0x4000, - 0xa3d: 0x2000, - // Block 0x29, offset 0xa40 - 0xa4c: 0x4000, 0xa4e: 0x4000, - 0xa53: 0x4000, 0xa54: 0x4000, 0xa55: 0x4000, 0xa57: 0x4000, - 0xa76: 0x2000, 0xa77: 0x2000, 0xa78: 0x2000, 0xa79: 0x2000, 0xa7a: 0x2000, 0xa7b: 0x2000, - 0xa7c: 0x2000, 0xa7d: 0x2000, 0xa7e: 0x2000, 0xa7f: 0x2000, - // Block 0x2a, offset 0xa80 - 0xa95: 0x4000, 0xa96: 0x4000, 0xa97: 0x4000, - 0xab0: 0x4000, - 0xabf: 0x4000, - // Block 0x2b, offset 0xac0 - 0xae6: 0x6000, 0xae7: 0x6000, 0xae8: 0x6000, 0xae9: 0x6000, - 0xaea: 0x6000, 0xaeb: 0x6000, 0xaec: 0x6000, 0xaed: 0x6000, - // Block 0x2c, offset 0xb00 - 0xb05: 0x6010, - 0xb06: 0x6011, - // Block 0x2d, offset 0xb40 - 0xb5b: 0x4000, 0xb5c: 0x4000, - // Block 0x2e, offset 0xb80 - 0xb90: 0x4000, - 0xb95: 0x4000, 0xb96: 0x2000, 0xb97: 0x2000, - 0xb98: 0x2000, 0xb99: 0x2000, - // Block 0x2f, offset 0xbc0 - 0xbc0: 0x4000, 0xbc1: 0x4000, 0xbc2: 0x4000, 0xbc3: 0x4000, 0xbc4: 0x4000, 0xbc5: 0x4000, - 0xbc6: 0x4000, 0xbc7: 0x4000, 0xbc8: 0x4000, 0xbc9: 0x4000, 0xbca: 0x4000, 0xbcb: 0x4000, - 0xbcc: 0x4000, 0xbcd: 0x4000, 0xbce: 0x4000, 0xbcf: 0x4000, 0xbd0: 0x4000, 0xbd1: 0x4000, - 0xbd2: 0x4000, 0xbd3: 0x4000, 0xbd4: 0x4000, 0xbd5: 0x4000, 0xbd6: 0x4000, 0xbd7: 0x4000, - 0xbd8: 0x4000, 0xbd9: 0x4000, 0xbdb: 0x4000, 0xbdc: 0x4000, 0xbdd: 0x4000, - 0xbde: 0x4000, 0xbdf: 0x4000, 0xbe0: 0x4000, 0xbe1: 0x4000, 0xbe2: 0x4000, 0xbe3: 0x4000, - 0xbe4: 0x4000, 0xbe5: 0x4000, 0xbe6: 0x4000, 0xbe7: 0x4000, 0xbe8: 0x4000, 0xbe9: 0x4000, - 0xbea: 0x4000, 0xbeb: 0x4000, 0xbec: 0x4000, 0xbed: 0x4000, 0xbee: 0x4000, 0xbef: 0x4000, - 0xbf0: 0x4000, 0xbf1: 0x4000, 0xbf2: 0x4000, 0xbf3: 0x4000, 0xbf4: 0x4000, 0xbf5: 0x4000, - 0xbf6: 0x4000, 0xbf7: 0x4000, 0xbf8: 0x4000, 0xbf9: 0x4000, 0xbfa: 0x4000, 0xbfb: 0x4000, - 0xbfc: 0x4000, 0xbfd: 0x4000, 0xbfe: 0x4000, 0xbff: 0x4000, - // Block 0x30, offset 0xc00 - 0xc00: 0x4000, 0xc01: 0x4000, 0xc02: 0x4000, 0xc03: 0x4000, 0xc04: 0x4000, 0xc05: 0x4000, - 0xc06: 0x4000, 0xc07: 0x4000, 0xc08: 0x4000, 0xc09: 0x4000, 0xc0a: 0x4000, 0xc0b: 0x4000, - 0xc0c: 0x4000, 0xc0d: 0x4000, 0xc0e: 0x4000, 0xc0f: 0x4000, 0xc10: 0x4000, 0xc11: 0x4000, - 0xc12: 0x4000, 0xc13: 0x4000, 0xc14: 0x4000, 0xc15: 0x4000, 0xc16: 0x4000, 0xc17: 0x4000, - 0xc18: 0x4000, 0xc19: 0x4000, 0xc1a: 0x4000, 0xc1b: 0x4000, 0xc1c: 0x4000, 0xc1d: 0x4000, - 0xc1e: 0x4000, 0xc1f: 0x4000, 0xc20: 0x4000, 0xc21: 0x4000, 0xc22: 0x4000, 0xc23: 0x4000, - 0xc24: 0x4000, 0xc25: 0x4000, 0xc26: 0x4000, 0xc27: 0x4000, 0xc28: 0x4000, 0xc29: 0x4000, - 0xc2a: 0x4000, 0xc2b: 0x4000, 0xc2c: 0x4000, 0xc2d: 0x4000, 0xc2e: 0x4000, 0xc2f: 0x4000, - 0xc30: 0x4000, 0xc31: 0x4000, 0xc32: 0x4000, 0xc33: 0x4000, - // Block 0x31, offset 0xc40 - 0xc40: 0x4000, 0xc41: 0x4000, 0xc42: 0x4000, 0xc43: 0x4000, 0xc44: 0x4000, 0xc45: 0x4000, - 0xc46: 0x4000, 0xc47: 0x4000, 0xc48: 0x4000, 0xc49: 0x4000, 0xc4a: 0x4000, 0xc4b: 0x4000, - 0xc4c: 0x4000, 0xc4d: 0x4000, 0xc4e: 0x4000, 0xc4f: 0x4000, 0xc50: 0x4000, 0xc51: 0x4000, - 0xc52: 0x4000, 0xc53: 0x4000, 0xc54: 0x4000, 0xc55: 0x4000, - 0xc70: 0x4000, 0xc71: 0x4000, 0xc72: 0x4000, 0xc73: 0x4000, 0xc74: 0x4000, 0xc75: 0x4000, - 0xc76: 0x4000, 0xc77: 0x4000, 0xc78: 0x4000, 0xc79: 0x4000, 0xc7a: 0x4000, 0xc7b: 0x4000, - // Block 0x32, offset 0xc80 - 0xc80: 0x9012, 0xc81: 0x4013, 0xc82: 0x4014, 0xc83: 0x4000, 0xc84: 0x4000, 0xc85: 0x4000, - 0xc86: 0x4000, 0xc87: 0x4000, 0xc88: 0x4000, 0xc89: 0x4000, 0xc8a: 0x4000, 0xc8b: 0x4000, - 0xc8c: 0x4015, 0xc8d: 0x4015, 0xc8e: 0x4000, 0xc8f: 0x4000, 0xc90: 0x4000, 0xc91: 0x4000, - 0xc92: 0x4000, 0xc93: 0x4000, 0xc94: 0x4000, 0xc95: 0x4000, 0xc96: 0x4000, 0xc97: 0x4000, - 0xc98: 0x4000, 0xc99: 0x4000, 0xc9a: 0x4000, 0xc9b: 0x4000, 0xc9c: 0x4000, 0xc9d: 0x4000, - 0xc9e: 0x4000, 0xc9f: 0x4000, 0xca0: 0x4000, 0xca1: 0x4000, 0xca2: 0x4000, 0xca3: 0x4000, - 0xca4: 0x4000, 0xca5: 0x4000, 0xca6: 0x4000, 0xca7: 0x4000, 0xca8: 0x4000, 0xca9: 0x4000, - 0xcaa: 0x4000, 0xcab: 0x4000, 0xcac: 0x4000, 0xcad: 0x4000, 0xcae: 0x4000, 0xcaf: 0x4000, - 0xcb0: 0x4000, 0xcb1: 0x4000, 0xcb2: 0x4000, 0xcb3: 0x4000, 0xcb4: 0x4000, 0xcb5: 0x4000, - 0xcb6: 0x4000, 0xcb7: 0x4000, 0xcb8: 0x4000, 0xcb9: 0x4000, 0xcba: 0x4000, 0xcbb: 0x4000, - 0xcbc: 0x4000, 0xcbd: 0x4000, 0xcbe: 0x4000, - // Block 0x33, offset 0xcc0 - 0xcc1: 0x4000, 0xcc2: 0x4000, 0xcc3: 0x4000, 0xcc4: 0x4000, 0xcc5: 0x4000, - 0xcc6: 0x4000, 0xcc7: 0x4000, 0xcc8: 0x4000, 0xcc9: 0x4000, 0xcca: 0x4000, 0xccb: 0x4000, - 0xccc: 0x4000, 0xccd: 0x4000, 0xcce: 0x4000, 0xccf: 0x4000, 0xcd0: 0x4000, 0xcd1: 0x4000, - 0xcd2: 0x4000, 0xcd3: 0x4000, 0xcd4: 0x4000, 0xcd5: 0x4000, 0xcd6: 0x4000, 0xcd7: 0x4000, - 0xcd8: 0x4000, 0xcd9: 0x4000, 0xcda: 0x4000, 0xcdb: 0x4000, 0xcdc: 0x4000, 0xcdd: 0x4000, - 0xcde: 0x4000, 0xcdf: 0x4000, 0xce0: 0x4000, 0xce1: 0x4000, 0xce2: 0x4000, 0xce3: 0x4000, - 0xce4: 0x4000, 0xce5: 0x4000, 0xce6: 0x4000, 0xce7: 0x4000, 0xce8: 0x4000, 0xce9: 0x4000, - 0xcea: 0x4000, 0xceb: 0x4000, 0xcec: 0x4000, 0xced: 0x4000, 0xcee: 0x4000, 0xcef: 0x4000, - 0xcf0: 0x4000, 0xcf1: 0x4000, 0xcf2: 0x4000, 0xcf3: 0x4000, 0xcf4: 0x4000, 0xcf5: 0x4000, - 0xcf6: 0x4000, 0xcf7: 0x4000, 0xcf8: 0x4000, 0xcf9: 0x4000, 0xcfa: 0x4000, 0xcfb: 0x4000, - 0xcfc: 0x4000, 0xcfd: 0x4000, 0xcfe: 0x4000, 0xcff: 0x4000, - // Block 0x34, offset 0xd00 - 0xd00: 0x4000, 0xd01: 0x4000, 0xd02: 0x4000, 0xd03: 0x4000, 0xd04: 0x4000, 0xd05: 0x4000, - 0xd06: 0x4000, 0xd07: 0x4000, 0xd08: 0x4000, 0xd09: 0x4000, 0xd0a: 0x4000, 0xd0b: 0x4000, - 0xd0c: 0x4000, 0xd0d: 0x4000, 0xd0e: 0x4000, 0xd0f: 0x4000, 0xd10: 0x4000, 0xd11: 0x4000, - 0xd12: 0x4000, 0xd13: 0x4000, 0xd14: 0x4000, 0xd15: 0x4000, 0xd16: 0x4000, - 0xd19: 0x4016, 0xd1a: 0x4017, 0xd1b: 0x4000, 0xd1c: 0x4000, 0xd1d: 0x4000, - 0xd1e: 0x4000, 0xd1f: 0x4000, 0xd20: 0x4000, 0xd21: 0x4018, 0xd22: 0x4019, 0xd23: 0x401a, - 0xd24: 0x401b, 0xd25: 0x401c, 0xd26: 0x401d, 0xd27: 0x401e, 0xd28: 0x401f, 0xd29: 0x4020, - 0xd2a: 0x4021, 0xd2b: 0x4022, 0xd2c: 0x4000, 0xd2d: 0x4010, 0xd2e: 0x4000, 0xd2f: 0x4023, - 0xd30: 0x4000, 0xd31: 0x4024, 0xd32: 0x4000, 0xd33: 0x4025, 0xd34: 0x4000, 0xd35: 0x4026, - 0xd36: 0x4000, 0xd37: 0x401a, 0xd38: 0x4000, 0xd39: 0x4027, 0xd3a: 0x4000, 0xd3b: 0x4028, - 0xd3c: 0x4000, 0xd3d: 0x4020, 0xd3e: 0x4000, 0xd3f: 0x4029, - // Block 0x35, offset 0xd40 - 0xd40: 0x4000, 0xd41: 0x402a, 0xd42: 0x4000, 0xd43: 0x402b, 0xd44: 0x402c, 0xd45: 0x4000, - 0xd46: 0x4017, 0xd47: 0x4000, 0xd48: 0x402d, 0xd49: 0x4000, 0xd4a: 0x402e, 0xd4b: 0x402f, - 0xd4c: 0x4030, 0xd4d: 0x4017, 0xd4e: 0x4016, 0xd4f: 0x4017, 0xd50: 0x4000, 0xd51: 0x4000, - 0xd52: 0x4031, 0xd53: 0x4000, 0xd54: 0x4000, 0xd55: 0x4031, 0xd56: 0x4000, 0xd57: 0x4000, - 0xd58: 0x4032, 0xd59: 0x4000, 0xd5a: 0x4000, 0xd5b: 0x4032, 0xd5c: 0x4000, 0xd5d: 0x4000, - 0xd5e: 0x4033, 0xd5f: 0x402e, 0xd60: 0x4034, 0xd61: 0x4035, 0xd62: 0x4034, 0xd63: 0x4036, - 0xd64: 0x4037, 0xd65: 0x4024, 0xd66: 0x4035, 0xd67: 0x4025, 0xd68: 0x4038, 0xd69: 0x4038, - 0xd6a: 0x4039, 0xd6b: 0x4039, 0xd6c: 0x403a, 0xd6d: 0x403a, 0xd6e: 0x4000, 0xd6f: 0x4035, - 0xd70: 0x4000, 0xd71: 0x4000, 0xd72: 0x403b, 0xd73: 0x403c, 0xd74: 0x4000, 0xd75: 0x4000, - 0xd76: 0x4000, 0xd77: 0x4000, 0xd78: 0x4000, 0xd79: 0x4000, 0xd7a: 0x4000, 0xd7b: 0x403d, - 0xd7c: 0x401c, 0xd7d: 0x4000, 0xd7e: 0x4000, 0xd7f: 0x4000, - // Block 0x36, offset 0xd80 - 0xd85: 0x4000, - 0xd86: 0x4000, 0xd87: 0x4000, 0xd88: 0x4000, 0xd89: 0x4000, 0xd8a: 0x4000, 0xd8b: 0x4000, - 0xd8c: 0x4000, 0xd8d: 0x4000, 0xd8e: 0x4000, 0xd8f: 0x4000, 0xd90: 0x4000, 0xd91: 0x4000, - 0xd92: 0x4000, 0xd93: 0x4000, 0xd94: 0x4000, 0xd95: 0x4000, 0xd96: 0x4000, 0xd97: 0x4000, - 0xd98: 0x4000, 0xd99: 0x4000, 0xd9a: 0x4000, 0xd9b: 0x4000, 0xd9c: 0x4000, 0xd9d: 0x4000, - 0xd9e: 0x4000, 0xd9f: 0x4000, 0xda0: 0x4000, 0xda1: 0x4000, 0xda2: 0x4000, 0xda3: 0x4000, - 0xda4: 0x4000, 0xda5: 0x4000, 0xda6: 0x4000, 0xda7: 0x4000, 0xda8: 0x4000, 0xda9: 0x4000, - 0xdaa: 0x4000, 0xdab: 0x4000, 0xdac: 0x4000, 0xdad: 0x4000, 0xdae: 0x4000, 0xdaf: 0x4000, - 0xdb1: 0x403e, 0xdb2: 0x403e, 0xdb3: 0x403e, 0xdb4: 0x403e, 0xdb5: 0x403e, - 0xdb6: 0x403e, 0xdb7: 0x403e, 0xdb8: 0x403e, 0xdb9: 0x403e, 0xdba: 0x403e, 0xdbb: 0x403e, - 0xdbc: 0x403e, 0xdbd: 0x403e, 0xdbe: 0x403e, 0xdbf: 0x403e, - // Block 0x37, offset 0xdc0 - 0xdc0: 0x4037, 0xdc1: 0x4037, 0xdc2: 0x4037, 0xdc3: 0x4037, 0xdc4: 0x4037, 0xdc5: 0x4037, - 0xdc6: 0x4037, 0xdc7: 0x4037, 0xdc8: 0x4037, 0xdc9: 0x4037, 0xdca: 0x4037, 0xdcb: 0x4037, - 0xdcc: 0x4037, 0xdcd: 0x4037, 0xdce: 0x4037, 0xdcf: 0x400e, 0xdd0: 0x403f, 0xdd1: 0x4040, - 0xdd2: 0x4041, 0xdd3: 0x4040, 0xdd4: 0x403f, 0xdd5: 0x4042, 0xdd6: 0x4043, 0xdd7: 0x4044, - 0xdd8: 0x4040, 0xdd9: 0x4041, 0xdda: 0x4040, 0xddb: 0x4045, 0xddc: 0x4009, 0xddd: 0x4045, - 0xdde: 0x4046, 0xddf: 0x4045, 0xde0: 0x4047, 0xde1: 0x400b, 0xde2: 0x400a, 0xde3: 0x400c, - 0xde4: 0x4048, 0xde5: 0x4000, 0xde6: 0x4000, 0xde7: 0x4000, 0xde8: 0x4000, 0xde9: 0x4000, - 0xdea: 0x4000, 0xdeb: 0x4000, 0xdec: 0x4000, 0xded: 0x4000, 0xdee: 0x4000, 0xdef: 0x4000, - 0xdf0: 0x4000, 0xdf1: 0x4000, 0xdf2: 0x4000, 0xdf3: 0x4000, 0xdf4: 0x4000, 0xdf5: 0x4000, - 0xdf6: 0x4000, 0xdf7: 0x4000, 0xdf8: 0x4000, 0xdf9: 0x4000, 0xdfa: 0x4000, 0xdfb: 0x4000, - 0xdfc: 0x4000, 0xdfd: 0x4000, 0xdfe: 0x4000, 0xdff: 0x4000, - // Block 0x38, offset 0xe00 - 0xe00: 0x4000, 0xe01: 0x4000, 0xe02: 0x4000, 0xe03: 0x4000, 0xe04: 0x4000, 0xe05: 0x4000, - 0xe06: 0x4000, 0xe07: 0x4000, 0xe08: 0x4000, 0xe09: 0x4000, 0xe0a: 0x4000, 0xe0b: 0x4000, - 0xe0c: 0x4000, 0xe0d: 0x4000, 0xe0e: 0x4000, 0xe10: 0x4000, 0xe11: 0x4000, - 0xe12: 0x4000, 0xe13: 0x4000, 0xe14: 0x4000, 0xe15: 0x4000, 0xe16: 0x4000, 0xe17: 0x4000, - 0xe18: 0x4000, 0xe19: 0x4000, 0xe1a: 0x4000, 0xe1b: 0x4000, 0xe1c: 0x4000, 0xe1d: 0x4000, - 0xe1e: 0x4000, 0xe1f: 0x4000, 0xe20: 0x4000, 0xe21: 0x4000, 0xe22: 0x4000, 0xe23: 0x4000, - 0xe24: 0x4000, 0xe25: 0x4000, 0xe26: 0x4000, 0xe27: 0x4000, 0xe28: 0x4000, 0xe29: 0x4000, - 0xe2a: 0x4000, 0xe2b: 0x4000, 0xe2c: 0x4000, 0xe2d: 0x4000, 0xe2e: 0x4000, 0xe2f: 0x4000, - 0xe30: 0x4000, 0xe31: 0x4000, 0xe32: 0x4000, 0xe33: 0x4000, 0xe34: 0x4000, 0xe35: 0x4000, - 0xe36: 0x4000, 0xe37: 0x4000, 0xe38: 0x4000, 0xe39: 0x4000, 0xe3a: 0x4000, - // Block 0x39, offset 0xe40 - 0xe40: 0x4000, 0xe41: 0x4000, 0xe42: 0x4000, 0xe43: 0x4000, 0xe44: 0x4000, 0xe45: 0x4000, - 0xe46: 0x4000, 0xe47: 0x4000, 0xe48: 0x4000, 0xe49: 0x4000, 0xe4a: 0x4000, 0xe4b: 0x4000, - 0xe4c: 0x4000, 0xe4d: 0x4000, 0xe4e: 0x4000, 0xe4f: 0x4000, 0xe50: 0x4000, 0xe51: 0x4000, - 0xe52: 0x4000, 0xe53: 0x4000, 0xe54: 0x4000, 0xe55: 0x4000, 0xe56: 0x4000, 0xe57: 0x4000, - 0xe58: 0x4000, 0xe59: 0x4000, 0xe5a: 0x4000, 0xe5b: 0x4000, 0xe5c: 0x4000, 0xe5d: 0x4000, - 0xe5e: 0x4000, 0xe5f: 0x4000, 0xe60: 0x4000, 0xe61: 0x4000, 0xe62: 0x4000, 0xe63: 0x4000, - 0xe70: 0x4000, 0xe71: 0x4000, 0xe72: 0x4000, 0xe73: 0x4000, 0xe74: 0x4000, 0xe75: 0x4000, - 0xe76: 0x4000, 0xe77: 0x4000, 0xe78: 0x4000, 0xe79: 0x4000, 0xe7a: 0x4000, 0xe7b: 0x4000, - 0xe7c: 0x4000, 0xe7d: 0x4000, 0xe7e: 0x4000, 0xe7f: 0x4000, - // Block 0x3a, offset 0xe80 - 0xe80: 0x4000, 0xe81: 0x4000, 0xe82: 0x4000, 0xe83: 0x4000, 0xe84: 0x4000, 0xe85: 0x4000, - 0xe86: 0x4000, 0xe87: 0x4000, 0xe88: 0x4000, 0xe89: 0x4000, 0xe8a: 0x4000, 0xe8b: 0x4000, - 0xe8c: 0x4000, 0xe8d: 0x4000, 0xe8e: 0x4000, 0xe8f: 0x4000, 0xe90: 0x4000, 0xe91: 0x4000, - 0xe92: 0x4000, 0xe93: 0x4000, 0xe94: 0x4000, 0xe95: 0x4000, 0xe96: 0x4000, 0xe97: 0x4000, - 0xe98: 0x4000, 0xe99: 0x4000, 0xe9a: 0x4000, 0xe9b: 0x4000, 0xe9c: 0x4000, 0xe9d: 0x4000, - 0xe9e: 0x4000, 0xea0: 0x4000, 0xea1: 0x4000, 0xea2: 0x4000, 0xea3: 0x4000, - 0xea4: 0x4000, 0xea5: 0x4000, 0xea6: 0x4000, 0xea7: 0x4000, 0xea8: 0x4000, 0xea9: 0x4000, - 0xeaa: 0x4000, 0xeab: 0x4000, 0xeac: 0x4000, 0xead: 0x4000, 0xeae: 0x4000, 0xeaf: 0x4000, - 0xeb0: 0x4000, 0xeb1: 0x4000, 0xeb2: 0x4000, 0xeb3: 0x4000, 0xeb4: 0x4000, 0xeb5: 0x4000, - 0xeb6: 0x4000, 0xeb7: 0x4000, 0xeb8: 0x4000, 0xeb9: 0x4000, 0xeba: 0x4000, 0xebb: 0x4000, - 0xebc: 0x4000, 0xebd: 0x4000, 0xebe: 0x4000, 0xebf: 0x4000, - // Block 0x3b, offset 0xec0 - 0xec0: 0x4000, 0xec1: 0x4000, 0xec2: 0x4000, 0xec3: 0x4000, 0xec4: 0x4000, 0xec5: 0x4000, - 0xec6: 0x4000, 0xec7: 0x4000, 0xec8: 0x2000, 0xec9: 0x2000, 0xeca: 0x2000, 0xecb: 0x2000, - 0xecc: 0x2000, 0xecd: 0x2000, 0xece: 0x2000, 0xecf: 0x2000, 0xed0: 0x4000, 0xed1: 0x4000, - 0xed2: 0x4000, 0xed3: 0x4000, 0xed4: 0x4000, 0xed5: 0x4000, 0xed6: 0x4000, 0xed7: 0x4000, - 0xed8: 0x4000, 0xed9: 0x4000, 0xeda: 0x4000, 0xedb: 0x4000, 0xedc: 0x4000, 0xedd: 0x4000, - 0xede: 0x4000, 0xedf: 0x4000, 0xee0: 0x4000, 0xee1: 0x4000, 0xee2: 0x4000, 0xee3: 0x4000, - 0xee4: 0x4000, 0xee5: 0x4000, 0xee6: 0x4000, 0xee7: 0x4000, 0xee8: 0x4000, 0xee9: 0x4000, - 0xeea: 0x4000, 0xeeb: 0x4000, 0xeec: 0x4000, 0xeed: 0x4000, 0xeee: 0x4000, 0xeef: 0x4000, - 0xef0: 0x4000, 0xef1: 0x4000, 0xef2: 0x4000, 0xef3: 0x4000, 0xef4: 0x4000, 0xef5: 0x4000, - 0xef6: 0x4000, 0xef7: 0x4000, 0xef8: 0x4000, 0xef9: 0x4000, 0xefa: 0x4000, 0xefb: 0x4000, - 0xefc: 0x4000, 0xefd: 0x4000, 0xefe: 0x4000, 0xeff: 0x4000, - // Block 0x3c, offset 0xf00 - 0xf00: 0x4000, 0xf01: 0x4000, 0xf02: 0x4000, 0xf03: 0x4000, 0xf04: 0x4000, 0xf05: 0x4000, - 0xf06: 0x4000, 0xf07: 0x4000, 0xf08: 0x4000, 0xf09: 0x4000, 0xf0a: 0x4000, 0xf0b: 0x4000, - 0xf0c: 0x4000, 0xf0d: 0x4000, 0xf0e: 0x4000, 0xf0f: 0x4000, 0xf10: 0x4000, 0xf11: 0x4000, - 0xf12: 0x4000, 0xf13: 0x4000, 0xf14: 0x4000, 0xf15: 0x4000, 0xf16: 0x4000, 0xf17: 0x4000, - 0xf18: 0x4000, 0xf19: 0x4000, 0xf1a: 0x4000, 0xf1b: 0x4000, 0xf1c: 0x4000, 0xf1d: 0x4000, - 0xf1e: 0x4000, 0xf1f: 0x4000, 0xf20: 0x4000, 0xf21: 0x4000, 0xf22: 0x4000, 0xf23: 0x4000, - 0xf24: 0x4000, 0xf25: 0x4000, 0xf26: 0x4000, 0xf27: 0x4000, 0xf28: 0x4000, 0xf29: 0x4000, - 0xf2a: 0x4000, 0xf2b: 0x4000, 0xf2c: 0x4000, 0xf2d: 0x4000, 0xf2e: 0x4000, 0xf2f: 0x4000, - 0xf30: 0x4000, 0xf31: 0x4000, 0xf32: 0x4000, 0xf33: 0x4000, 0xf34: 0x4000, 0xf35: 0x4000, - 0xf36: 0x4000, 0xf37: 0x4000, 0xf38: 0x4000, 0xf39: 0x4000, 0xf3a: 0x4000, 0xf3b: 0x4000, - 0xf3c: 0x4000, 0xf3d: 0x4000, 0xf3e: 0x4000, - // Block 0x3d, offset 0xf40 - 0xf40: 0x4000, 0xf41: 0x4000, 0xf42: 0x4000, 0xf43: 0x4000, 0xf44: 0x4000, 0xf45: 0x4000, - 0xf46: 0x4000, 0xf47: 0x4000, 0xf48: 0x4000, 0xf49: 0x4000, 0xf4a: 0x4000, 0xf4b: 0x4000, - 0xf4c: 0x4000, 0xf50: 0x4000, 0xf51: 0x4000, - 0xf52: 0x4000, 0xf53: 0x4000, 0xf54: 0x4000, 0xf55: 0x4000, 0xf56: 0x4000, 0xf57: 0x4000, - 0xf58: 0x4000, 0xf59: 0x4000, 0xf5a: 0x4000, 0xf5b: 0x4000, 0xf5c: 0x4000, 0xf5d: 0x4000, - 0xf5e: 0x4000, 0xf5f: 0x4000, 0xf60: 0x4000, 0xf61: 0x4000, 0xf62: 0x4000, 0xf63: 0x4000, - 0xf64: 0x4000, 0xf65: 0x4000, 0xf66: 0x4000, 0xf67: 0x4000, 0xf68: 0x4000, 0xf69: 0x4000, - 0xf6a: 0x4000, 0xf6b: 0x4000, 0xf6c: 0x4000, 0xf6d: 0x4000, 0xf6e: 0x4000, 0xf6f: 0x4000, - 0xf70: 0x4000, 0xf71: 0x4000, 0xf72: 0x4000, 0xf73: 0x4000, 0xf74: 0x4000, 0xf75: 0x4000, - 0xf76: 0x4000, 0xf77: 0x4000, 0xf78: 0x4000, 0xf79: 0x4000, 0xf7a: 0x4000, 0xf7b: 0x4000, - 0xf7c: 0x4000, 0xf7d: 0x4000, 0xf7e: 0x4000, 0xf7f: 0x4000, - // Block 0x3e, offset 0xf80 - 0xf80: 0x4000, 0xf81: 0x4000, 0xf82: 0x4000, 0xf83: 0x4000, 0xf84: 0x4000, 0xf85: 0x4000, - 0xf86: 0x4000, - // Block 0x3f, offset 0xfc0 - 0xfe0: 0x4000, 0xfe1: 0x4000, 0xfe2: 0x4000, 0xfe3: 0x4000, - 0xfe4: 0x4000, 0xfe5: 0x4000, 0xfe6: 0x4000, 0xfe7: 0x4000, 0xfe8: 0x4000, 0xfe9: 0x4000, - 0xfea: 0x4000, 0xfeb: 0x4000, 0xfec: 0x4000, 0xfed: 0x4000, 0xfee: 0x4000, 0xfef: 0x4000, - 0xff0: 0x4000, 0xff1: 0x4000, 0xff2: 0x4000, 0xff3: 0x4000, 0xff4: 0x4000, 0xff5: 0x4000, - 0xff6: 0x4000, 0xff7: 0x4000, 0xff8: 0x4000, 0xff9: 0x4000, 0xffa: 0x4000, 0xffb: 0x4000, - 0xffc: 0x4000, - // Block 0x40, offset 0x1000 - 0x1000: 0x4000, 0x1001: 0x4000, 0x1002: 0x4000, 0x1003: 0x4000, 0x1004: 0x4000, 0x1005: 0x4000, - 0x1006: 0x4000, 0x1007: 0x4000, 0x1008: 0x4000, 0x1009: 0x4000, 0x100a: 0x4000, 0x100b: 0x4000, - 0x100c: 0x4000, 0x100d: 0x4000, 0x100e: 0x4000, 0x100f: 0x4000, 0x1010: 0x4000, 0x1011: 0x4000, - 0x1012: 0x4000, 0x1013: 0x4000, 0x1014: 0x4000, 0x1015: 0x4000, 0x1016: 0x4000, 0x1017: 0x4000, - 0x1018: 0x4000, 0x1019: 0x4000, 0x101a: 0x4000, 0x101b: 0x4000, 0x101c: 0x4000, 0x101d: 0x4000, - 0x101e: 0x4000, 0x101f: 0x4000, 0x1020: 0x4000, 0x1021: 0x4000, 0x1022: 0x4000, 0x1023: 0x4000, - // Block 0x41, offset 0x1040 - 0x1040: 0x2000, 0x1041: 0x2000, 0x1042: 0x2000, 0x1043: 0x2000, 0x1044: 0x2000, 0x1045: 0x2000, - 0x1046: 0x2000, 0x1047: 0x2000, 0x1048: 0x2000, 0x1049: 0x2000, 0x104a: 0x2000, 0x104b: 0x2000, - 0x104c: 0x2000, 0x104d: 0x2000, 0x104e: 0x2000, 0x104f: 0x2000, 0x1050: 0x4000, 0x1051: 0x4000, - 0x1052: 0x4000, 0x1053: 0x4000, 0x1054: 0x4000, 0x1055: 0x4000, 0x1056: 0x4000, 0x1057: 0x4000, - 0x1058: 0x4000, 0x1059: 0x4000, - 0x1070: 0x4000, 0x1071: 0x4000, 0x1072: 0x4000, 0x1073: 0x4000, 0x1074: 0x4000, 0x1075: 0x4000, - 0x1076: 0x4000, 0x1077: 0x4000, 0x1078: 0x4000, 0x1079: 0x4000, 0x107a: 0x4000, 0x107b: 0x4000, - 0x107c: 0x4000, 0x107d: 0x4000, 0x107e: 0x4000, 0x107f: 0x4000, - // Block 0x42, offset 0x1080 - 0x1080: 0x4000, 0x1081: 0x4000, 0x1082: 0x4000, 0x1083: 0x4000, 0x1084: 0x4000, 0x1085: 0x4000, - 0x1086: 0x4000, 0x1087: 0x4000, 0x1088: 0x4000, 0x1089: 0x4000, 0x108a: 0x4000, 0x108b: 0x4000, - 0x108c: 0x4000, 0x108d: 0x4000, 0x108e: 0x4000, 0x108f: 0x4000, 0x1090: 0x4000, 0x1091: 0x4000, - 0x1092: 0x4000, 0x1094: 0x4000, 0x1095: 0x4000, 0x1096: 0x4000, 0x1097: 0x4000, - 0x1098: 0x4000, 0x1099: 0x4000, 0x109a: 0x4000, 0x109b: 0x4000, 0x109c: 0x4000, 0x109d: 0x4000, - 0x109e: 0x4000, 0x109f: 0x4000, 0x10a0: 0x4000, 0x10a1: 0x4000, 0x10a2: 0x4000, 0x10a3: 0x4000, - 0x10a4: 0x4000, 0x10a5: 0x4000, 0x10a6: 0x4000, 0x10a8: 0x4000, 0x10a9: 0x4000, - 0x10aa: 0x4000, 0x10ab: 0x4000, - // Block 0x43, offset 0x10c0 - 0x10c1: 0x9012, 0x10c2: 0x9012, 0x10c3: 0x9012, 0x10c4: 0x9012, 0x10c5: 0x9012, - 0x10c6: 0x9012, 0x10c7: 0x9012, 0x10c8: 0x9012, 0x10c9: 0x9012, 0x10ca: 0x9012, 0x10cb: 0x9012, - 0x10cc: 0x9012, 0x10cd: 0x9012, 0x10ce: 0x9012, 0x10cf: 0x9012, 0x10d0: 0x9012, 0x10d1: 0x9012, - 0x10d2: 0x9012, 0x10d3: 0x9012, 0x10d4: 0x9012, 0x10d5: 0x9012, 0x10d6: 0x9012, 0x10d7: 0x9012, - 0x10d8: 0x9012, 0x10d9: 0x9012, 0x10da: 0x9012, 0x10db: 0x9012, 0x10dc: 0x9012, 0x10dd: 0x9012, - 0x10de: 0x9012, 0x10df: 0x9012, 0x10e0: 0x9049, 0x10e1: 0x9049, 0x10e2: 0x9049, 0x10e3: 0x9049, - 0x10e4: 0x9049, 0x10e5: 0x9049, 0x10e6: 0x9049, 0x10e7: 0x9049, 0x10e8: 0x9049, 0x10e9: 0x9049, - 0x10ea: 0x9049, 0x10eb: 0x9049, 0x10ec: 0x9049, 0x10ed: 0x9049, 0x10ee: 0x9049, 0x10ef: 0x9049, - 0x10f0: 0x9049, 0x10f1: 0x9049, 0x10f2: 0x9049, 0x10f3: 0x9049, 0x10f4: 0x9049, 0x10f5: 0x9049, - 0x10f6: 0x9049, 0x10f7: 0x9049, 0x10f8: 0x9049, 0x10f9: 0x9049, 0x10fa: 0x9049, 0x10fb: 0x9049, - 0x10fc: 0x9049, 0x10fd: 0x9049, 0x10fe: 0x9049, 0x10ff: 0x9049, - // Block 0x44, offset 0x1100 - 0x1100: 0x9049, 0x1101: 0x9049, 0x1102: 0x9049, 0x1103: 0x9049, 0x1104: 0x9049, 0x1105: 0x9049, - 0x1106: 0x9049, 0x1107: 0x9049, 0x1108: 0x9049, 0x1109: 0x9049, 0x110a: 0x9049, 0x110b: 0x9049, - 0x110c: 0x9049, 0x110d: 0x9049, 0x110e: 0x9049, 0x110f: 0x9049, 0x1110: 0x9049, 0x1111: 0x9049, - 0x1112: 0x9049, 0x1113: 0x9049, 0x1114: 0x9049, 0x1115: 0x9049, 0x1116: 0x9049, 0x1117: 0x9049, - 0x1118: 0x9049, 0x1119: 0x9049, 0x111a: 0x9049, 0x111b: 0x9049, 0x111c: 0x9049, 0x111d: 0x9049, - 0x111e: 0x9049, 0x111f: 0x904a, 0x1120: 0x904b, 0x1121: 0xb04c, 0x1122: 0xb04d, 0x1123: 0xb04d, - 0x1124: 0xb04e, 0x1125: 0xb04f, 0x1126: 0xb050, 0x1127: 0xb051, 0x1128: 0xb052, 0x1129: 0xb053, - 0x112a: 0xb054, 0x112b: 0xb055, 0x112c: 0xb056, 0x112d: 0xb057, 0x112e: 0xb058, 0x112f: 0xb059, - 0x1130: 0xb05a, 0x1131: 0xb05b, 0x1132: 0xb05c, 0x1133: 0xb05d, 0x1134: 0xb05e, 0x1135: 0xb05f, - 0x1136: 0xb060, 0x1137: 0xb061, 0x1138: 0xb062, 0x1139: 0xb063, 0x113a: 0xb064, 0x113b: 0xb065, - 0x113c: 0xb052, 0x113d: 0xb066, 0x113e: 0xb067, 0x113f: 0xb055, - // Block 0x45, offset 0x1140 - 0x1140: 0xb068, 0x1141: 0xb069, 0x1142: 0xb06a, 0x1143: 0xb06b, 0x1144: 0xb05a, 0x1145: 0xb056, - 0x1146: 0xb06c, 0x1147: 0xb06d, 0x1148: 0xb06b, 0x1149: 0xb06e, 0x114a: 0xb06b, 0x114b: 0xb06f, - 0x114c: 0xb06f, 0x114d: 0xb070, 0x114e: 0xb070, 0x114f: 0xb071, 0x1150: 0xb056, 0x1151: 0xb072, - 0x1152: 0xb073, 0x1153: 0xb072, 0x1154: 0xb074, 0x1155: 0xb073, 0x1156: 0xb075, 0x1157: 0xb075, - 0x1158: 0xb076, 0x1159: 0xb076, 0x115a: 0xb077, 0x115b: 0xb077, 0x115c: 0xb073, 0x115d: 0xb078, - 0x115e: 0xb079, 0x115f: 0xb067, 0x1160: 0xb07a, 0x1161: 0xb07b, 0x1162: 0xb07b, 0x1163: 0xb07b, - 0x1164: 0xb07b, 0x1165: 0xb07b, 0x1166: 0xb07b, 0x1167: 0xb07b, 0x1168: 0xb07b, 0x1169: 0xb07b, - 0x116a: 0xb07b, 0x116b: 0xb07b, 0x116c: 0xb07b, 0x116d: 0xb07b, 0x116e: 0xb07b, 0x116f: 0xb07b, - 0x1170: 0xb07c, 0x1171: 0xb07c, 0x1172: 0xb07c, 0x1173: 0xb07c, 0x1174: 0xb07c, 0x1175: 0xb07c, - 0x1176: 0xb07c, 0x1177: 0xb07c, 0x1178: 0xb07c, 0x1179: 0xb07c, 0x117a: 0xb07c, 0x117b: 0xb07c, - 0x117c: 0xb07c, 0x117d: 0xb07c, 0x117e: 0xb07c, - // Block 0x46, offset 0x1180 - 0x1182: 0xb07d, 0x1183: 0xb07e, 0x1184: 0xb07f, 0x1185: 0xb080, - 0x1186: 0xb07f, 0x1187: 0xb07e, 0x118a: 0xb081, 0x118b: 0xb082, - 0x118c: 0xb083, 0x118d: 0xb07f, 0x118e: 0xb080, 0x118f: 0xb07f, - 0x1192: 0xb084, 0x1193: 0xb085, 0x1194: 0xb084, 0x1195: 0xb086, 0x1196: 0xb084, 0x1197: 0xb087, - 0x119a: 0xb088, 0x119b: 0xb089, 0x119c: 0xb08a, - 0x11a0: 0x908b, 0x11a1: 0x908b, 0x11a2: 0x908c, 0x11a3: 0x908d, - 0x11a4: 0x908b, 0x11a5: 0x908e, 0x11a6: 0x908f, 0x11a8: 0xb090, 0x11a9: 0xb091, - 0x11aa: 0xb092, 0x11ab: 0xb091, 0x11ac: 0xb093, 0x11ad: 0xb094, 0x11ae: 0xb095, - 0x11bd: 0x2000, - // Block 0x47, offset 0x11c0 - 0x11e0: 0x4000, 0x11e1: 0x4000, - // Block 0x48, offset 0x1200 - 0x1200: 0x4000, 0x1201: 0x4000, 0x1202: 0x4000, 0x1203: 0x4000, 0x1204: 0x4000, 0x1205: 0x4000, - 0x1206: 0x4000, 0x1207: 0x4000, 0x1208: 0x4000, 0x1209: 0x4000, 0x120a: 0x4000, 0x120b: 0x4000, - 0x120c: 0x4000, 0x120d: 0x4000, 0x120e: 0x4000, 0x120f: 0x4000, 0x1210: 0x4000, 0x1211: 0x4000, - 0x1212: 0x4000, 0x1213: 0x4000, 0x1214: 0x4000, 0x1215: 0x4000, 0x1216: 0x4000, 0x1217: 0x4000, - 0x1218: 0x4000, 0x1219: 0x4000, 0x121a: 0x4000, 0x121b: 0x4000, 0x121c: 0x4000, 0x121d: 0x4000, - 0x121e: 0x4000, 0x121f: 0x4000, 0x1220: 0x4000, 0x1221: 0x4000, 0x1222: 0x4000, 0x1223: 0x4000, - 0x1224: 0x4000, 0x1225: 0x4000, 0x1226: 0x4000, 0x1227: 0x4000, 0x1228: 0x4000, 0x1229: 0x4000, - 0x122a: 0x4000, 0x122b: 0x4000, 0x122c: 0x4000, 0x122d: 0x4000, 0x122e: 0x4000, 0x122f: 0x4000, - 0x1230: 0x4000, 0x1231: 0x4000, - // Block 0x49, offset 0x1240 - 0x1240: 0x4000, 0x1241: 0x4000, 0x1242: 0x4000, 0x1243: 0x4000, 0x1244: 0x4000, 0x1245: 0x4000, - 0x1246: 0x4000, 0x1247: 0x4000, 0x1248: 0x4000, 0x1249: 0x4000, 0x124a: 0x4000, 0x124b: 0x4000, - 0x124c: 0x4000, 0x124d: 0x4000, 0x124e: 0x4000, 0x124f: 0x4000, 0x1250: 0x4000, 0x1251: 0x4000, - 0x1252: 0x4000, 0x1253: 0x4000, 0x1254: 0x4000, 0x1255: 0x4000, 0x1256: 0x4000, 0x1257: 0x4000, - 0x1258: 0x4000, 0x1259: 0x4000, 0x125a: 0x4000, 0x125b: 0x4000, 0x125c: 0x4000, 0x125d: 0x4000, - 0x125e: 0x4000, 0x125f: 0x4000, 0x1260: 0x4000, 0x1261: 0x4000, 0x1262: 0x4000, 0x1263: 0x4000, - 0x1264: 0x4000, 0x1265: 0x4000, 0x1266: 0x4000, 0x1267: 0x4000, 0x1268: 0x4000, 0x1269: 0x4000, - 0x126a: 0x4000, 0x126b: 0x4000, 0x126c: 0x4000, 0x126d: 0x4000, 0x126e: 0x4000, 0x126f: 0x4000, - 0x1270: 0x4000, 0x1271: 0x4000, 0x1272: 0x4000, - // Block 0x4a, offset 0x1280 - 0x1280: 0x4000, 0x1281: 0x4000, 0x1282: 0x4000, 0x1283: 0x4000, 0x1284: 0x4000, 0x1285: 0x4000, - 0x1286: 0x4000, 0x1287: 0x4000, 0x1288: 0x4000, 0x1289: 0x4000, 0x128a: 0x4000, 0x128b: 0x4000, - 0x128c: 0x4000, 0x128d: 0x4000, 0x128e: 0x4000, 0x128f: 0x4000, 0x1290: 0x4000, 0x1291: 0x4000, - 0x1292: 0x4000, 0x1293: 0x4000, 0x1294: 0x4000, 0x1295: 0x4000, 0x1296: 0x4000, 0x1297: 0x4000, - 0x1298: 0x4000, 0x1299: 0x4000, 0x129a: 0x4000, 0x129b: 0x4000, 0x129c: 0x4000, 0x129d: 0x4000, - 0x129e: 0x4000, - // Block 0x4b, offset 0x12c0 - 0x12f0: 0x4000, 0x12f1: 0x4000, 0x12f2: 0x4000, 0x12f3: 0x4000, 0x12f4: 0x4000, 0x12f5: 0x4000, - 0x12f6: 0x4000, 0x12f7: 0x4000, 0x12f8: 0x4000, 0x12f9: 0x4000, 0x12fa: 0x4000, 0x12fb: 0x4000, - 0x12fc: 0x4000, 0x12fd: 0x4000, 0x12fe: 0x4000, 0x12ff: 0x4000, - // Block 0x4c, offset 0x1300 - 0x1300: 0x4000, 0x1301: 0x4000, 0x1302: 0x4000, 0x1303: 0x4000, 0x1304: 0x4000, 0x1305: 0x4000, - 0x1306: 0x4000, 0x1307: 0x4000, 0x1308: 0x4000, 0x1309: 0x4000, 0x130a: 0x4000, 0x130b: 0x4000, - 0x130c: 0x4000, 0x130d: 0x4000, 0x130e: 0x4000, 0x130f: 0x4000, 0x1310: 0x4000, 0x1311: 0x4000, - 0x1312: 0x4000, 0x1313: 0x4000, 0x1314: 0x4000, 0x1315: 0x4000, 0x1316: 0x4000, 0x1317: 0x4000, - 0x1318: 0x4000, 0x1319: 0x4000, 0x131a: 0x4000, 0x131b: 0x4000, 0x131c: 0x4000, 0x131d: 0x4000, - 0x131e: 0x4000, 0x131f: 0x4000, 0x1320: 0x4000, 0x1321: 0x4000, 0x1322: 0x4000, 0x1323: 0x4000, - 0x1324: 0x4000, 0x1325: 0x4000, 0x1326: 0x4000, 0x1327: 0x4000, 0x1328: 0x4000, 0x1329: 0x4000, - 0x132a: 0x4000, 0x132b: 0x4000, 0x132c: 0x4000, 0x132d: 0x4000, 0x132e: 0x4000, 0x132f: 0x4000, - 0x1330: 0x4000, 0x1331: 0x4000, 0x1332: 0x4000, 0x1333: 0x4000, 0x1334: 0x4000, 0x1335: 0x4000, - 0x1336: 0x4000, 0x1337: 0x4000, 0x1338: 0x4000, 0x1339: 0x4000, 0x133a: 0x4000, 0x133b: 0x4000, - // Block 0x4d, offset 0x1340 - 0x1344: 0x4000, - // Block 0x4e, offset 0x1380 - 0x138f: 0x4000, - // Block 0x4f, offset 0x13c0 - 0x13c0: 0x2000, 0x13c1: 0x2000, 0x13c2: 0x2000, 0x13c3: 0x2000, 0x13c4: 0x2000, 0x13c5: 0x2000, - 0x13c6: 0x2000, 0x13c7: 0x2000, 0x13c8: 0x2000, 0x13c9: 0x2000, 0x13ca: 0x2000, - 0x13d0: 0x2000, 0x13d1: 0x2000, - 0x13d2: 0x2000, 0x13d3: 0x2000, 0x13d4: 0x2000, 0x13d5: 0x2000, 0x13d6: 0x2000, 0x13d7: 0x2000, - 0x13d8: 0x2000, 0x13d9: 0x2000, 0x13da: 0x2000, 0x13db: 0x2000, 0x13dc: 0x2000, 0x13dd: 0x2000, - 0x13de: 0x2000, 0x13df: 0x2000, 0x13e0: 0x2000, 0x13e1: 0x2000, 0x13e2: 0x2000, 0x13e3: 0x2000, - 0x13e4: 0x2000, 0x13e5: 0x2000, 0x13e6: 0x2000, 0x13e7: 0x2000, 0x13e8: 0x2000, 0x13e9: 0x2000, - 0x13ea: 0x2000, 0x13eb: 0x2000, 0x13ec: 0x2000, 0x13ed: 0x2000, - 0x13f0: 0x2000, 0x13f1: 0x2000, 0x13f2: 0x2000, 0x13f3: 0x2000, 0x13f4: 0x2000, 0x13f5: 0x2000, - 0x13f6: 0x2000, 0x13f7: 0x2000, 0x13f8: 0x2000, 0x13f9: 0x2000, 0x13fa: 0x2000, 0x13fb: 0x2000, - 0x13fc: 0x2000, 0x13fd: 0x2000, 0x13fe: 0x2000, 0x13ff: 0x2000, - // Block 0x50, offset 0x1400 - 0x1400: 0x2000, 0x1401: 0x2000, 0x1402: 0x2000, 0x1403: 0x2000, 0x1404: 0x2000, 0x1405: 0x2000, - 0x1406: 0x2000, 0x1407: 0x2000, 0x1408: 0x2000, 0x1409: 0x2000, 0x140a: 0x2000, 0x140b: 0x2000, - 0x140c: 0x2000, 0x140d: 0x2000, 0x140e: 0x2000, 0x140f: 0x2000, 0x1410: 0x2000, 0x1411: 0x2000, - 0x1412: 0x2000, 0x1413: 0x2000, 0x1414: 0x2000, 0x1415: 0x2000, 0x1416: 0x2000, 0x1417: 0x2000, - 0x1418: 0x2000, 0x1419: 0x2000, 0x141a: 0x2000, 0x141b: 0x2000, 0x141c: 0x2000, 0x141d: 0x2000, - 0x141e: 0x2000, 0x141f: 0x2000, 0x1420: 0x2000, 0x1421: 0x2000, 0x1422: 0x2000, 0x1423: 0x2000, - 0x1424: 0x2000, 0x1425: 0x2000, 0x1426: 0x2000, 0x1427: 0x2000, 0x1428: 0x2000, 0x1429: 0x2000, - 0x1430: 0x2000, 0x1431: 0x2000, 0x1432: 0x2000, 0x1433: 0x2000, 0x1434: 0x2000, 0x1435: 0x2000, - 0x1436: 0x2000, 0x1437: 0x2000, 0x1438: 0x2000, 0x1439: 0x2000, 0x143a: 0x2000, 0x143b: 0x2000, - 0x143c: 0x2000, 0x143d: 0x2000, 0x143e: 0x2000, 0x143f: 0x2000, - // Block 0x51, offset 0x1440 - 0x1440: 0x2000, 0x1441: 0x2000, 0x1442: 0x2000, 0x1443: 0x2000, 0x1444: 0x2000, 0x1445: 0x2000, - 0x1446: 0x2000, 0x1447: 0x2000, 0x1448: 0x2000, 0x1449: 0x2000, 0x144a: 0x2000, 0x144b: 0x2000, - 0x144c: 0x2000, 0x144d: 0x2000, 0x144e: 0x4000, 0x144f: 0x2000, 0x1450: 0x2000, 0x1451: 0x4000, - 0x1452: 0x4000, 0x1453: 0x4000, 0x1454: 0x4000, 0x1455: 0x4000, 0x1456: 0x4000, 0x1457: 0x4000, - 0x1458: 0x4000, 0x1459: 0x4000, 0x145a: 0x4000, 0x145b: 0x2000, 0x145c: 0x2000, 0x145d: 0x2000, - 0x145e: 0x2000, 0x145f: 0x2000, 0x1460: 0x2000, 0x1461: 0x2000, 0x1462: 0x2000, 0x1463: 0x2000, - 0x1464: 0x2000, 0x1465: 0x2000, 0x1466: 0x2000, 0x1467: 0x2000, 0x1468: 0x2000, 0x1469: 0x2000, - 0x146a: 0x2000, 0x146b: 0x2000, 0x146c: 0x2000, - // Block 0x52, offset 0x1480 - 0x1480: 0x4000, 0x1481: 0x4000, 0x1482: 0x4000, - 0x1490: 0x4000, 0x1491: 0x4000, - 0x1492: 0x4000, 0x1493: 0x4000, 0x1494: 0x4000, 0x1495: 0x4000, 0x1496: 0x4000, 0x1497: 0x4000, - 0x1498: 0x4000, 0x1499: 0x4000, 0x149a: 0x4000, 0x149b: 0x4000, 0x149c: 0x4000, 0x149d: 0x4000, - 0x149e: 0x4000, 0x149f: 0x4000, 0x14a0: 0x4000, 0x14a1: 0x4000, 0x14a2: 0x4000, 0x14a3: 0x4000, - 0x14a4: 0x4000, 0x14a5: 0x4000, 0x14a6: 0x4000, 0x14a7: 0x4000, 0x14a8: 0x4000, 0x14a9: 0x4000, - 0x14aa: 0x4000, 0x14ab: 0x4000, 0x14ac: 0x4000, 0x14ad: 0x4000, 0x14ae: 0x4000, 0x14af: 0x4000, - 0x14b0: 0x4000, 0x14b1: 0x4000, 0x14b2: 0x4000, 0x14b3: 0x4000, 0x14b4: 0x4000, 0x14b5: 0x4000, - 0x14b6: 0x4000, 0x14b7: 0x4000, 0x14b8: 0x4000, 0x14b9: 0x4000, 0x14ba: 0x4000, 0x14bb: 0x4000, - // Block 0x53, offset 0x14c0 - 0x14c0: 0x4000, 0x14c1: 0x4000, 0x14c2: 0x4000, 0x14c3: 0x4000, 0x14c4: 0x4000, 0x14c5: 0x4000, - 0x14c6: 0x4000, 0x14c7: 0x4000, 0x14c8: 0x4000, - 0x14d0: 0x4000, 0x14d1: 0x4000, - 0x14e0: 0x4000, 0x14e1: 0x4000, 0x14e2: 0x4000, 0x14e3: 0x4000, - 0x14e4: 0x4000, 0x14e5: 0x4000, - // Block 0x54, offset 0x1500 - 0x1500: 0x4000, 0x1501: 0x4000, 0x1502: 0x4000, 0x1503: 0x4000, 0x1504: 0x4000, 0x1505: 0x4000, - 0x1506: 0x4000, 0x1507: 0x4000, 0x1508: 0x4000, 0x1509: 0x4000, 0x150a: 0x4000, 0x150b: 0x4000, - 0x150c: 0x4000, 0x150d: 0x4000, 0x150e: 0x4000, 0x150f: 0x4000, 0x1510: 0x4000, 0x1511: 0x4000, - 0x1512: 0x4000, 0x1513: 0x4000, 0x1514: 0x4000, 0x1515: 0x4000, 0x1516: 0x4000, 0x1517: 0x4000, - 0x1518: 0x4000, 0x1519: 0x4000, 0x151a: 0x4000, 0x151b: 0x4000, 0x151c: 0x4000, 0x151d: 0x4000, - 0x151e: 0x4000, 0x151f: 0x4000, 0x1520: 0x4000, - 0x152d: 0x4000, 0x152e: 0x4000, 0x152f: 0x4000, - 0x1530: 0x4000, 0x1531: 0x4000, 0x1532: 0x4000, 0x1533: 0x4000, 0x1534: 0x4000, 0x1535: 0x4000, - 0x1537: 0x4000, 0x1538: 0x4000, 0x1539: 0x4000, 0x153a: 0x4000, 0x153b: 0x4000, - 0x153c: 0x4000, 0x153d: 0x4000, 0x153e: 0x4000, 0x153f: 0x4000, - // Block 0x55, offset 0x1540 - 0x1540: 0x4000, 0x1541: 0x4000, 0x1542: 0x4000, 0x1543: 0x4000, 0x1544: 0x4000, 0x1545: 0x4000, - 0x1546: 0x4000, 0x1547: 0x4000, 0x1548: 0x4000, 0x1549: 0x4000, 0x154a: 0x4000, 0x154b: 0x4000, - 0x154c: 0x4000, 0x154d: 0x4000, 0x154e: 0x4000, 0x154f: 0x4000, 0x1550: 0x4000, 0x1551: 0x4000, - 0x1552: 0x4000, 0x1553: 0x4000, 0x1554: 0x4000, 0x1555: 0x4000, 0x1556: 0x4000, 0x1557: 0x4000, - 0x1558: 0x4000, 0x1559: 0x4000, 0x155a: 0x4000, 0x155b: 0x4000, 0x155c: 0x4000, 0x155d: 0x4000, - 0x155e: 0x4000, 0x155f: 0x4000, 0x1560: 0x4000, 0x1561: 0x4000, 0x1562: 0x4000, 0x1563: 0x4000, - 0x1564: 0x4000, 0x1565: 0x4000, 0x1566: 0x4000, 0x1567: 0x4000, 0x1568: 0x4000, 0x1569: 0x4000, - 0x156a: 0x4000, 0x156b: 0x4000, 0x156c: 0x4000, 0x156d: 0x4000, 0x156e: 0x4000, 0x156f: 0x4000, - 0x1570: 0x4000, 0x1571: 0x4000, 0x1572: 0x4000, 0x1573: 0x4000, 0x1574: 0x4000, 0x1575: 0x4000, - 0x1576: 0x4000, 0x1577: 0x4000, 0x1578: 0x4000, 0x1579: 0x4000, 0x157a: 0x4000, 0x157b: 0x4000, - 0x157c: 0x4000, 0x157e: 0x4000, 0x157f: 0x4000, - // Block 0x56, offset 0x1580 - 0x1580: 0x4000, 0x1581: 0x4000, 0x1582: 0x4000, 0x1583: 0x4000, 0x1584: 0x4000, 0x1585: 0x4000, - 0x1586: 0x4000, 0x1587: 0x4000, 0x1588: 0x4000, 0x1589: 0x4000, 0x158a: 0x4000, 0x158b: 0x4000, - 0x158c: 0x4000, 0x158d: 0x4000, 0x158e: 0x4000, 0x158f: 0x4000, 0x1590: 0x4000, 0x1591: 0x4000, - 0x1592: 0x4000, 0x1593: 0x4000, - 0x15a0: 0x4000, 0x15a1: 0x4000, 0x15a2: 0x4000, 0x15a3: 0x4000, - 0x15a4: 0x4000, 0x15a5: 0x4000, 0x15a6: 0x4000, 0x15a7: 0x4000, 0x15a8: 0x4000, 0x15a9: 0x4000, - 0x15aa: 0x4000, 0x15ab: 0x4000, 0x15ac: 0x4000, 0x15ad: 0x4000, 0x15ae: 0x4000, 0x15af: 0x4000, - 0x15b0: 0x4000, 0x15b1: 0x4000, 0x15b2: 0x4000, 0x15b3: 0x4000, 0x15b4: 0x4000, 0x15b5: 0x4000, - 0x15b6: 0x4000, 0x15b7: 0x4000, 0x15b8: 0x4000, 0x15b9: 0x4000, 0x15ba: 0x4000, 0x15bb: 0x4000, - 0x15bc: 0x4000, 0x15bd: 0x4000, 0x15be: 0x4000, 0x15bf: 0x4000, - // Block 0x57, offset 0x15c0 - 0x15c0: 0x4000, 0x15c1: 0x4000, 0x15c2: 0x4000, 0x15c3: 0x4000, 0x15c4: 0x4000, 0x15c5: 0x4000, - 0x15c6: 0x4000, 0x15c7: 0x4000, 0x15c8: 0x4000, 0x15c9: 0x4000, 0x15ca: 0x4000, - 0x15cf: 0x4000, 0x15d0: 0x4000, 0x15d1: 0x4000, - 0x15d2: 0x4000, 0x15d3: 0x4000, - 0x15e0: 0x4000, 0x15e1: 0x4000, 0x15e2: 0x4000, 0x15e3: 0x4000, - 0x15e4: 0x4000, 0x15e5: 0x4000, 0x15e6: 0x4000, 0x15e7: 0x4000, 0x15e8: 0x4000, 0x15e9: 0x4000, - 0x15ea: 0x4000, 0x15eb: 0x4000, 0x15ec: 0x4000, 0x15ed: 0x4000, 0x15ee: 0x4000, 0x15ef: 0x4000, - 0x15f0: 0x4000, 0x15f4: 0x4000, - 0x15f8: 0x4000, 0x15f9: 0x4000, 0x15fa: 0x4000, 0x15fb: 0x4000, - 0x15fc: 0x4000, 0x15fd: 0x4000, 0x15fe: 0x4000, 0x15ff: 0x4000, - // Block 0x58, offset 0x1600 - 0x1600: 0x4000, 0x1602: 0x4000, 0x1603: 0x4000, 0x1604: 0x4000, 0x1605: 0x4000, - 0x1606: 0x4000, 0x1607: 0x4000, 0x1608: 0x4000, 0x1609: 0x4000, 0x160a: 0x4000, 0x160b: 0x4000, - 0x160c: 0x4000, 0x160d: 0x4000, 0x160e: 0x4000, 0x160f: 0x4000, 0x1610: 0x4000, 0x1611: 0x4000, - 0x1612: 0x4000, 0x1613: 0x4000, 0x1614: 0x4000, 0x1615: 0x4000, 0x1616: 0x4000, 0x1617: 0x4000, - 0x1618: 0x4000, 0x1619: 0x4000, 0x161a: 0x4000, 0x161b: 0x4000, 0x161c: 0x4000, 0x161d: 0x4000, - 0x161e: 0x4000, 0x161f: 0x4000, 0x1620: 0x4000, 0x1621: 0x4000, 0x1622: 0x4000, 0x1623: 0x4000, - 0x1624: 0x4000, 0x1625: 0x4000, 0x1626: 0x4000, 0x1627: 0x4000, 0x1628: 0x4000, 0x1629: 0x4000, - 0x162a: 0x4000, 0x162b: 0x4000, 0x162c: 0x4000, 0x162d: 0x4000, 0x162e: 0x4000, 0x162f: 0x4000, - 0x1630: 0x4000, 0x1631: 0x4000, 0x1632: 0x4000, 0x1633: 0x4000, 0x1634: 0x4000, 0x1635: 0x4000, - 0x1636: 0x4000, 0x1637: 0x4000, 0x1638: 0x4000, 0x1639: 0x4000, 0x163a: 0x4000, 0x163b: 0x4000, - 0x163c: 0x4000, 0x163d: 0x4000, 0x163e: 0x4000, 0x163f: 0x4000, - // Block 0x59, offset 0x1640 - 0x1640: 0x4000, 0x1641: 0x4000, 0x1642: 0x4000, 0x1643: 0x4000, 0x1644: 0x4000, 0x1645: 0x4000, - 0x1646: 0x4000, 0x1647: 0x4000, 0x1648: 0x4000, 0x1649: 0x4000, 0x164a: 0x4000, 0x164b: 0x4000, - 0x164c: 0x4000, 0x164d: 0x4000, 0x164e: 0x4000, 0x164f: 0x4000, 0x1650: 0x4000, 0x1651: 0x4000, - 0x1652: 0x4000, 0x1653: 0x4000, 0x1654: 0x4000, 0x1655: 0x4000, 0x1656: 0x4000, 0x1657: 0x4000, - 0x1658: 0x4000, 0x1659: 0x4000, 0x165a: 0x4000, 0x165b: 0x4000, 0x165c: 0x4000, 0x165d: 0x4000, - 0x165e: 0x4000, 0x165f: 0x4000, 0x1660: 0x4000, 0x1661: 0x4000, 0x1662: 0x4000, 0x1663: 0x4000, - 0x1664: 0x4000, 0x1665: 0x4000, 0x1666: 0x4000, 0x1667: 0x4000, 0x1668: 0x4000, 0x1669: 0x4000, - 0x166a: 0x4000, 0x166b: 0x4000, 0x166c: 0x4000, 0x166d: 0x4000, 0x166e: 0x4000, 0x166f: 0x4000, - 0x1670: 0x4000, 0x1671: 0x4000, 0x1672: 0x4000, 0x1673: 0x4000, 0x1674: 0x4000, 0x1675: 0x4000, - 0x1676: 0x4000, 0x1677: 0x4000, 0x1678: 0x4000, 0x1679: 0x4000, 0x167a: 0x4000, 0x167b: 0x4000, - 0x167c: 0x4000, 0x167f: 0x4000, - // Block 0x5a, offset 0x1680 - 0x1680: 0x4000, 0x1681: 0x4000, 0x1682: 0x4000, 0x1683: 0x4000, 0x1684: 0x4000, 0x1685: 0x4000, - 0x1686: 0x4000, 0x1687: 0x4000, 0x1688: 0x4000, 0x1689: 0x4000, 0x168a: 0x4000, 0x168b: 0x4000, - 0x168c: 0x4000, 0x168d: 0x4000, 0x168e: 0x4000, 0x168f: 0x4000, 0x1690: 0x4000, 0x1691: 0x4000, - 0x1692: 0x4000, 0x1693: 0x4000, 0x1694: 0x4000, 0x1695: 0x4000, 0x1696: 0x4000, 0x1697: 0x4000, - 0x1698: 0x4000, 0x1699: 0x4000, 0x169a: 0x4000, 0x169b: 0x4000, 0x169c: 0x4000, 0x169d: 0x4000, - 0x169e: 0x4000, 0x169f: 0x4000, 0x16a0: 0x4000, 0x16a1: 0x4000, 0x16a2: 0x4000, 0x16a3: 0x4000, - 0x16a4: 0x4000, 0x16a5: 0x4000, 0x16a6: 0x4000, 0x16a7: 0x4000, 0x16a8: 0x4000, 0x16a9: 0x4000, - 0x16aa: 0x4000, 0x16ab: 0x4000, 0x16ac: 0x4000, 0x16ad: 0x4000, 0x16ae: 0x4000, 0x16af: 0x4000, - 0x16b0: 0x4000, 0x16b1: 0x4000, 0x16b2: 0x4000, 0x16b3: 0x4000, 0x16b4: 0x4000, 0x16b5: 0x4000, - 0x16b6: 0x4000, 0x16b7: 0x4000, 0x16b8: 0x4000, 0x16b9: 0x4000, 0x16ba: 0x4000, 0x16bb: 0x4000, - 0x16bc: 0x4000, 0x16bd: 0x4000, - // Block 0x5b, offset 0x16c0 - 0x16cb: 0x4000, - 0x16cc: 0x4000, 0x16cd: 0x4000, 0x16ce: 0x4000, 0x16d0: 0x4000, 0x16d1: 0x4000, - 0x16d2: 0x4000, 0x16d3: 0x4000, 0x16d4: 0x4000, 0x16d5: 0x4000, 0x16d6: 0x4000, 0x16d7: 0x4000, - 0x16d8: 0x4000, 0x16d9: 0x4000, 0x16da: 0x4000, 0x16db: 0x4000, 0x16dc: 0x4000, 0x16dd: 0x4000, - 0x16de: 0x4000, 0x16df: 0x4000, 0x16e0: 0x4000, 0x16e1: 0x4000, 0x16e2: 0x4000, 0x16e3: 0x4000, - 0x16e4: 0x4000, 0x16e5: 0x4000, 0x16e6: 0x4000, 0x16e7: 0x4000, - 0x16fa: 0x4000, - // Block 0x5c, offset 0x1700 - 0x1715: 0x4000, 0x1716: 0x4000, - 0x1724: 0x4000, - // Block 0x5d, offset 0x1740 - 0x177b: 0x4000, - 0x177c: 0x4000, 0x177d: 0x4000, 0x177e: 0x4000, 0x177f: 0x4000, - // Block 0x5e, offset 0x1780 - 0x1780: 0x4000, 0x1781: 0x4000, 0x1782: 0x4000, 0x1783: 0x4000, 0x1784: 0x4000, 0x1785: 0x4000, - 0x1786: 0x4000, 0x1787: 0x4000, 0x1788: 0x4000, 0x1789: 0x4000, 0x178a: 0x4000, 0x178b: 0x4000, - 0x178c: 0x4000, 0x178d: 0x4000, 0x178e: 0x4000, 0x178f: 0x4000, - // Block 0x5f, offset 0x17c0 - 0x17c0: 0x4000, 0x17c1: 0x4000, 0x17c2: 0x4000, 0x17c3: 0x4000, 0x17c4: 0x4000, 0x17c5: 0x4000, - 0x17cc: 0x4000, 0x17d0: 0x4000, 0x17d1: 0x4000, - 0x17d2: 0x4000, - 0x17eb: 0x4000, 0x17ec: 0x4000, - 0x17f4: 0x4000, 0x17f5: 0x4000, - 0x17f6: 0x4000, 0x17f7: 0x4000, 0x17f8: 0x4000, 0x17f9: 0x4000, - // Block 0x60, offset 0x1800 - 0x1810: 0x4000, 0x1811: 0x4000, - 0x1812: 0x4000, 0x1813: 0x4000, 0x1814: 0x4000, 0x1815: 0x4000, 0x1816: 0x4000, 0x1817: 0x4000, - 0x1818: 0x4000, 0x1819: 0x4000, 0x181a: 0x4000, 0x181b: 0x4000, 0x181c: 0x4000, 0x181d: 0x4000, - 0x181e: 0x4000, 0x181f: 0x4000, 0x1820: 0x4000, 0x1821: 0x4000, 0x1822: 0x4000, 0x1823: 0x4000, - 0x1824: 0x4000, 0x1825: 0x4000, 0x1826: 0x4000, 0x1827: 0x4000, 0x1828: 0x4000, 0x1829: 0x4000, - 0x182a: 0x4000, 0x182b: 0x4000, 0x182c: 0x4000, 0x182d: 0x4000, 0x182e: 0x4000, 0x182f: 0x4000, - 0x1830: 0x4000, 0x1831: 0x4000, 0x1832: 0x4000, 0x1833: 0x4000, 0x1834: 0x4000, 0x1835: 0x4000, - 0x1836: 0x4000, 0x1837: 0x4000, 0x1838: 0x4000, 0x1839: 0x4000, 0x183a: 0x4000, 0x183b: 0x4000, - 0x183c: 0x4000, 0x183d: 0x4000, 0x183e: 0x4000, - // Block 0x61, offset 0x1840 - 0x1840: 0x4000, 0x1841: 0x4000, 0x1842: 0x4000, 0x1843: 0x4000, 0x1844: 0x4000, 0x1845: 0x4000, - 0x1846: 0x4000, 0x1847: 0x4000, 0x1848: 0x4000, 0x1849: 0x4000, 0x184a: 0x4000, 0x184b: 0x4000, - 0x184c: 0x4000, 0x184d: 0x4000, 0x184e: 0x4000, 0x184f: 0x4000, 0x1850: 0x4000, 0x1851: 0x4000, - 0x1852: 0x4000, 0x1853: 0x4000, 0x1854: 0x4000, 0x1855: 0x4000, 0x1856: 0x4000, 0x1857: 0x4000, - 0x1858: 0x4000, 0x1859: 0x4000, 0x185a: 0x4000, 0x185b: 0x4000, 0x185c: 0x4000, 0x185d: 0x4000, - 0x185e: 0x4000, 0x185f: 0x4000, 0x1860: 0x4000, 0x1861: 0x4000, 0x1862: 0x4000, 0x1863: 0x4000, - 0x1864: 0x4000, 0x1865: 0x4000, 0x1866: 0x4000, 0x1867: 0x4000, 0x1868: 0x4000, 0x1869: 0x4000, - 0x186a: 0x4000, 0x186b: 0x4000, 0x186c: 0x4000, 0x186d: 0x4000, 0x186e: 0x4000, 0x186f: 0x4000, - 0x1870: 0x4000, 0x1873: 0x4000, 0x1874: 0x4000, 0x1875: 0x4000, - 0x1876: 0x4000, 0x187a: 0x4000, - 0x187c: 0x4000, 0x187d: 0x4000, 0x187e: 0x4000, 0x187f: 0x4000, - // Block 0x62, offset 0x1880 - 0x1880: 0x4000, 0x1881: 0x4000, 0x1882: 0x4000, 0x1883: 0x4000, 0x1884: 0x4000, 0x1885: 0x4000, - 0x1886: 0x4000, 0x1887: 0x4000, 0x1888: 0x4000, 0x1889: 0x4000, 0x188a: 0x4000, 0x188b: 0x4000, - 0x188c: 0x4000, 0x188d: 0x4000, 0x188e: 0x4000, 0x188f: 0x4000, 0x1890: 0x4000, 0x1891: 0x4000, - 0x1892: 0x4000, 0x1893: 0x4000, 0x1894: 0x4000, 0x1895: 0x4000, 0x1896: 0x4000, 0x1897: 0x4000, - 0x1898: 0x4000, 0x1899: 0x4000, 0x189a: 0x4000, 0x189b: 0x4000, 0x189c: 0x4000, 0x189d: 0x4000, - 0x189e: 0x4000, 0x189f: 0x4000, 0x18a0: 0x4000, 0x18a1: 0x4000, 0x18a2: 0x4000, - 0x18b0: 0x4000, 0x18b1: 0x4000, 0x18b2: 0x4000, 0x18b3: 0x4000, 0x18b4: 0x4000, 0x18b5: 0x4000, - 0x18b6: 0x4000, 0x18b7: 0x4000, 0x18b8: 0x4000, 0x18b9: 0x4000, - // Block 0x63, offset 0x18c0 - 0x18c0: 0x4000, 0x18c1: 0x4000, 0x18c2: 0x4000, - 0x18d0: 0x4000, 0x18d1: 0x4000, - 0x18d2: 0x4000, 0x18d3: 0x4000, 0x18d4: 0x4000, 0x18d5: 0x4000, 0x18d6: 0x4000, 0x18d7: 0x4000, - 0x18d8: 0x4000, 0x18d9: 0x4000, 0x18da: 0x4000, 0x18db: 0x4000, 0x18dc: 0x4000, 0x18dd: 0x4000, - 0x18de: 0x4000, 0x18df: 0x4000, 0x18e0: 0x4000, 0x18e1: 0x4000, 0x18e2: 0x4000, 0x18e3: 0x4000, - 0x18e4: 0x4000, 0x18e5: 0x4000, 0x18e6: 0x4000, 0x18e7: 0x4000, 0x18e8: 0x4000, 0x18e9: 0x4000, - 0x18ea: 0x4000, 0x18eb: 0x4000, 0x18ec: 0x4000, 0x18ed: 0x4000, 0x18ee: 0x4000, 0x18ef: 0x4000, - 0x18f0: 0x4000, 0x18f1: 0x4000, 0x18f2: 0x4000, 0x18f3: 0x4000, 0x18f4: 0x4000, 0x18f5: 0x4000, - 0x18f6: 0x4000, 0x18f7: 0x4000, 0x18f8: 0x4000, 0x18f9: 0x4000, 0x18fa: 0x4000, 0x18fb: 0x4000, - 0x18fc: 0x4000, 0x18fd: 0x4000, 0x18fe: 0x4000, 0x18ff: 0x4000, - // Block 0x64, offset 0x1900 - 0x1900: 0x2000, 0x1901: 0x2000, 0x1902: 0x2000, 0x1903: 0x2000, 0x1904: 0x2000, 0x1905: 0x2000, - 0x1906: 0x2000, 0x1907: 0x2000, 0x1908: 0x2000, 0x1909: 0x2000, 0x190a: 0x2000, 0x190b: 0x2000, - 0x190c: 0x2000, 0x190d: 0x2000, 0x190e: 0x2000, 0x190f: 0x2000, 0x1910: 0x2000, 0x1911: 0x2000, - 0x1912: 0x2000, 0x1913: 0x2000, 0x1914: 0x2000, 0x1915: 0x2000, 0x1916: 0x2000, 0x1917: 0x2000, - 0x1918: 0x2000, 0x1919: 0x2000, 0x191a: 0x2000, 0x191b: 0x2000, 0x191c: 0x2000, 0x191d: 0x2000, - 0x191e: 0x2000, 0x191f: 0x2000, 0x1920: 0x2000, 0x1921: 0x2000, 0x1922: 0x2000, 0x1923: 0x2000, - 0x1924: 0x2000, 0x1925: 0x2000, 0x1926: 0x2000, 0x1927: 0x2000, 0x1928: 0x2000, 0x1929: 0x2000, - 0x192a: 0x2000, 0x192b: 0x2000, 0x192c: 0x2000, 0x192d: 0x2000, 0x192e: 0x2000, 0x192f: 0x2000, - 0x1930: 0x2000, 0x1931: 0x2000, 0x1932: 0x2000, 0x1933: 0x2000, 0x1934: 0x2000, 0x1935: 0x2000, - 0x1936: 0x2000, 0x1937: 0x2000, 0x1938: 0x2000, 0x1939: 0x2000, 0x193a: 0x2000, 0x193b: 0x2000, - 0x193c: 0x2000, 0x193d: 0x2000, -} - -// widthIndex: 22 blocks, 1408 entries, 1408 bytes -// Block 0 is the zero block. -var widthIndex = [1408]uint8{ - // Block 0x0, offset 0x0 - // Block 0x1, offset 0x40 - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xc2: 0x01, 0xc3: 0x02, 0xc4: 0x03, 0xc5: 0x04, 0xc7: 0x05, - 0xc9: 0x06, 0xcb: 0x07, 0xcc: 0x08, 0xcd: 0x09, 0xce: 0x0a, 0xcf: 0x0b, - 0xd0: 0x0c, 0xd1: 0x0d, - 0xe1: 0x02, 0xe2: 0x03, 0xe3: 0x04, 0xe4: 0x05, 0xe5: 0x06, 0xe6: 0x06, 0xe7: 0x06, - 0xe8: 0x06, 0xe9: 0x06, 0xea: 0x07, 0xeb: 0x06, 0xec: 0x06, 0xed: 0x08, 0xee: 0x09, 0xef: 0x0a, - 0xf0: 0x0f, 0xf3: 0x12, 0xf4: 0x13, - // Block 0x4, offset 0x100 - 0x104: 0x0e, 0x105: 0x0f, - // Block 0x5, offset 0x140 - 0x140: 0x10, 0x141: 0x11, 0x142: 0x12, 0x144: 0x13, 0x145: 0x14, 0x146: 0x15, 0x147: 0x16, - 0x148: 0x17, 0x149: 0x18, 0x14a: 0x19, 0x14c: 0x1a, 0x14f: 0x1b, - 0x151: 0x1c, 0x152: 0x08, 0x153: 0x1d, 0x154: 0x1e, 0x155: 0x1f, 0x156: 0x20, 0x157: 0x21, - 0x158: 0x22, 0x159: 0x23, 0x15a: 0x24, 0x15b: 0x25, 0x15c: 0x26, 0x15d: 0x27, 0x15e: 0x28, 0x15f: 0x29, - 0x166: 0x2a, - 0x16c: 0x2b, 0x16d: 0x2c, - 0x17a: 0x2d, 0x17b: 0x2e, 0x17c: 0x0e, 0x17d: 0x0e, 0x17e: 0x0e, 0x17f: 0x2f, - // Block 0x6, offset 0x180 - 0x180: 0x30, 0x181: 0x31, 0x182: 0x32, 0x183: 0x33, 0x184: 0x34, 0x185: 0x35, 0x186: 0x36, 0x187: 0x37, - 0x188: 0x38, 0x189: 0x39, 0x18a: 0x0e, 0x18b: 0x3a, 0x18c: 0x0e, 0x18d: 0x0e, 0x18e: 0x0e, 0x18f: 0x0e, - 0x190: 0x0e, 0x191: 0x0e, 0x192: 0x0e, 0x193: 0x0e, 0x194: 0x0e, 0x195: 0x0e, 0x196: 0x0e, 0x197: 0x0e, - 0x198: 0x0e, 0x199: 0x0e, 0x19a: 0x0e, 0x19b: 0x0e, 0x19c: 0x0e, 0x19d: 0x0e, 0x19e: 0x0e, 0x19f: 0x0e, - 0x1a0: 0x0e, 0x1a1: 0x0e, 0x1a2: 0x0e, 0x1a3: 0x0e, 0x1a4: 0x0e, 0x1a5: 0x0e, 0x1a6: 0x0e, 0x1a7: 0x0e, - 0x1a8: 0x0e, 0x1a9: 0x0e, 0x1aa: 0x0e, 0x1ab: 0x0e, 0x1ac: 0x0e, 0x1ad: 0x0e, 0x1ae: 0x0e, 0x1af: 0x0e, - 0x1b0: 0x0e, 0x1b1: 0x0e, 0x1b2: 0x0e, 0x1b3: 0x0e, 0x1b4: 0x0e, 0x1b5: 0x0e, 0x1b6: 0x0e, 0x1b7: 0x0e, - 0x1b8: 0x0e, 0x1b9: 0x0e, 0x1ba: 0x0e, 0x1bb: 0x0e, 0x1bc: 0x0e, 0x1bd: 0x0e, 0x1be: 0x0e, 0x1bf: 0x0e, - // Block 0x7, offset 0x1c0 - 0x1c0: 0x0e, 0x1c1: 0x0e, 0x1c2: 0x0e, 0x1c3: 0x0e, 0x1c4: 0x0e, 0x1c5: 0x0e, 0x1c6: 0x0e, 0x1c7: 0x0e, - 0x1c8: 0x0e, 0x1c9: 0x0e, 0x1ca: 0x0e, 0x1cb: 0x0e, 0x1cc: 0x0e, 0x1cd: 0x0e, 0x1ce: 0x0e, 0x1cf: 0x0e, - 0x1d0: 0x0e, 0x1d1: 0x0e, 0x1d2: 0x0e, 0x1d3: 0x0e, 0x1d4: 0x0e, 0x1d5: 0x0e, 0x1d6: 0x0e, 0x1d7: 0x0e, - 0x1d8: 0x0e, 0x1d9: 0x0e, 0x1da: 0x0e, 0x1db: 0x0e, 0x1dc: 0x0e, 0x1dd: 0x0e, 0x1de: 0x0e, 0x1df: 0x0e, - 0x1e0: 0x0e, 0x1e1: 0x0e, 0x1e2: 0x0e, 0x1e3: 0x0e, 0x1e4: 0x0e, 0x1e5: 0x0e, 0x1e6: 0x0e, 0x1e7: 0x0e, - 0x1e8: 0x0e, 0x1e9: 0x0e, 0x1ea: 0x0e, 0x1eb: 0x0e, 0x1ec: 0x0e, 0x1ed: 0x0e, 0x1ee: 0x0e, 0x1ef: 0x0e, - 0x1f0: 0x0e, 0x1f1: 0x0e, 0x1f2: 0x0e, 0x1f3: 0x0e, 0x1f4: 0x0e, 0x1f5: 0x0e, 0x1f6: 0x0e, - 0x1f8: 0x0e, 0x1f9: 0x0e, 0x1fa: 0x0e, 0x1fb: 0x0e, 0x1fc: 0x0e, 0x1fd: 0x0e, 0x1fe: 0x0e, 0x1ff: 0x0e, - // Block 0x8, offset 0x200 - 0x200: 0x0e, 0x201: 0x0e, 0x202: 0x0e, 0x203: 0x0e, 0x204: 0x0e, 0x205: 0x0e, 0x206: 0x0e, 0x207: 0x0e, - 0x208: 0x0e, 0x209: 0x0e, 0x20a: 0x0e, 0x20b: 0x0e, 0x20c: 0x0e, 0x20d: 0x0e, 0x20e: 0x0e, 0x20f: 0x0e, - 0x210: 0x0e, 0x211: 0x0e, 0x212: 0x0e, 0x213: 0x0e, 0x214: 0x0e, 0x215: 0x0e, 0x216: 0x0e, 0x217: 0x0e, - 0x218: 0x0e, 0x219: 0x0e, 0x21a: 0x0e, 0x21b: 0x0e, 0x21c: 0x0e, 0x21d: 0x0e, 0x21e: 0x0e, 0x21f: 0x0e, - 0x220: 0x0e, 0x221: 0x0e, 0x222: 0x0e, 0x223: 0x0e, 0x224: 0x0e, 0x225: 0x0e, 0x226: 0x0e, 0x227: 0x0e, - 0x228: 0x0e, 0x229: 0x0e, 0x22a: 0x0e, 0x22b: 0x0e, 0x22c: 0x0e, 0x22d: 0x0e, 0x22e: 0x0e, 0x22f: 0x0e, - 0x230: 0x0e, 0x231: 0x0e, 0x232: 0x0e, 0x233: 0x0e, 0x234: 0x0e, 0x235: 0x0e, 0x236: 0x0e, 0x237: 0x0e, - 0x238: 0x0e, 0x239: 0x0e, 0x23a: 0x0e, 0x23b: 0x0e, 0x23c: 0x0e, 0x23d: 0x0e, 0x23e: 0x0e, 0x23f: 0x0e, - // Block 0x9, offset 0x240 - 0x240: 0x0e, 0x241: 0x0e, 0x242: 0x0e, 0x243: 0x0e, 0x244: 0x0e, 0x245: 0x0e, 0x246: 0x0e, 0x247: 0x0e, - 0x248: 0x0e, 0x249: 0x0e, 0x24a: 0x0e, 0x24b: 0x0e, 0x24c: 0x0e, 0x24d: 0x0e, 0x24e: 0x0e, 0x24f: 0x0e, - 0x250: 0x0e, 0x251: 0x0e, 0x252: 0x3b, 0x253: 0x3c, - 0x265: 0x3d, - 0x270: 0x0e, 0x271: 0x0e, 0x272: 0x0e, 0x273: 0x0e, 0x274: 0x0e, 0x275: 0x0e, 0x276: 0x0e, 0x277: 0x0e, - 0x278: 0x0e, 0x279: 0x0e, 0x27a: 0x0e, 0x27b: 0x0e, 0x27c: 0x0e, 0x27d: 0x0e, 0x27e: 0x0e, 0x27f: 0x0e, - // Block 0xa, offset 0x280 - 0x280: 0x0e, 0x281: 0x0e, 0x282: 0x0e, 0x283: 0x0e, 0x284: 0x0e, 0x285: 0x0e, 0x286: 0x0e, 0x287: 0x0e, - 0x288: 0x0e, 0x289: 0x0e, 0x28a: 0x0e, 0x28b: 0x0e, 0x28c: 0x0e, 0x28d: 0x0e, 0x28e: 0x0e, 0x28f: 0x0e, - 0x290: 0x0e, 0x291: 0x0e, 0x292: 0x0e, 0x293: 0x0e, 0x294: 0x0e, 0x295: 0x0e, 0x296: 0x0e, 0x297: 0x0e, - 0x298: 0x0e, 0x299: 0x0e, 0x29a: 0x0e, 0x29b: 0x0e, 0x29c: 0x0e, 0x29d: 0x0e, 0x29e: 0x3e, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x08, 0x2c1: 0x08, 0x2c2: 0x08, 0x2c3: 0x08, 0x2c4: 0x08, 0x2c5: 0x08, 0x2c6: 0x08, 0x2c7: 0x08, - 0x2c8: 0x08, 0x2c9: 0x08, 0x2ca: 0x08, 0x2cb: 0x08, 0x2cc: 0x08, 0x2cd: 0x08, 0x2ce: 0x08, 0x2cf: 0x08, - 0x2d0: 0x08, 0x2d1: 0x08, 0x2d2: 0x08, 0x2d3: 0x08, 0x2d4: 0x08, 0x2d5: 0x08, 0x2d6: 0x08, 0x2d7: 0x08, - 0x2d8: 0x08, 0x2d9: 0x08, 0x2da: 0x08, 0x2db: 0x08, 0x2dc: 0x08, 0x2dd: 0x08, 0x2de: 0x08, 0x2df: 0x08, - 0x2e0: 0x08, 0x2e1: 0x08, 0x2e2: 0x08, 0x2e3: 0x08, 0x2e4: 0x08, 0x2e5: 0x08, 0x2e6: 0x08, 0x2e7: 0x08, - 0x2e8: 0x08, 0x2e9: 0x08, 0x2ea: 0x08, 0x2eb: 0x08, 0x2ec: 0x08, 0x2ed: 0x08, 0x2ee: 0x08, 0x2ef: 0x08, - 0x2f0: 0x08, 0x2f1: 0x08, 0x2f2: 0x08, 0x2f3: 0x08, 0x2f4: 0x08, 0x2f5: 0x08, 0x2f6: 0x08, 0x2f7: 0x08, - 0x2f8: 0x08, 0x2f9: 0x08, 0x2fa: 0x08, 0x2fb: 0x08, 0x2fc: 0x08, 0x2fd: 0x08, 0x2fe: 0x08, 0x2ff: 0x08, - // Block 0xc, offset 0x300 - 0x300: 0x08, 0x301: 0x08, 0x302: 0x08, 0x303: 0x08, 0x304: 0x08, 0x305: 0x08, 0x306: 0x08, 0x307: 0x08, - 0x308: 0x08, 0x309: 0x08, 0x30a: 0x08, 0x30b: 0x08, 0x30c: 0x08, 0x30d: 0x08, 0x30e: 0x08, 0x30f: 0x08, - 0x310: 0x08, 0x311: 0x08, 0x312: 0x08, 0x313: 0x08, 0x314: 0x08, 0x315: 0x08, 0x316: 0x08, 0x317: 0x08, - 0x318: 0x08, 0x319: 0x08, 0x31a: 0x08, 0x31b: 0x08, 0x31c: 0x08, 0x31d: 0x08, 0x31e: 0x08, 0x31f: 0x08, - 0x320: 0x08, 0x321: 0x08, 0x322: 0x08, 0x323: 0x08, 0x324: 0x0e, 0x325: 0x0e, 0x326: 0x0e, 0x327: 0x0e, - 0x328: 0x0e, 0x329: 0x0e, 0x32a: 0x0e, 0x32b: 0x0e, - 0x338: 0x3f, 0x339: 0x40, 0x33c: 0x41, 0x33d: 0x42, 0x33e: 0x43, 0x33f: 0x44, - // Block 0xd, offset 0x340 - 0x37f: 0x45, - // Block 0xe, offset 0x380 - 0x380: 0x0e, 0x381: 0x0e, 0x382: 0x0e, 0x383: 0x0e, 0x384: 0x0e, 0x385: 0x0e, 0x386: 0x0e, 0x387: 0x0e, - 0x388: 0x0e, 0x389: 0x0e, 0x38a: 0x0e, 0x38b: 0x0e, 0x38c: 0x0e, 0x38d: 0x0e, 0x38e: 0x0e, 0x38f: 0x0e, - 0x390: 0x0e, 0x391: 0x0e, 0x392: 0x0e, 0x393: 0x0e, 0x394: 0x0e, 0x395: 0x0e, 0x396: 0x0e, 0x397: 0x0e, - 0x398: 0x0e, 0x399: 0x0e, 0x39a: 0x0e, 0x39b: 0x0e, 0x39c: 0x0e, 0x39d: 0x0e, 0x39e: 0x0e, 0x39f: 0x46, - 0x3a0: 0x0e, 0x3a1: 0x0e, 0x3a2: 0x0e, 0x3a3: 0x0e, 0x3a4: 0x0e, 0x3a5: 0x0e, 0x3a6: 0x0e, 0x3a7: 0x0e, - 0x3a8: 0x0e, 0x3a9: 0x0e, 0x3aa: 0x0e, 0x3ab: 0x47, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x0e, 0x3c1: 0x0e, 0x3c2: 0x0e, 0x3c3: 0x0e, 0x3c4: 0x48, 0x3c5: 0x49, 0x3c6: 0x0e, 0x3c7: 0x0e, - 0x3c8: 0x0e, 0x3c9: 0x0e, 0x3ca: 0x0e, 0x3cb: 0x4a, - // Block 0x10, offset 0x400 - 0x400: 0x4b, 0x403: 0x4c, 0x404: 0x4d, 0x405: 0x4e, 0x406: 0x4f, - 0x408: 0x50, 0x409: 0x51, 0x40c: 0x52, 0x40d: 0x53, 0x40e: 0x54, 0x40f: 0x55, - 0x410: 0x3a, 0x411: 0x56, 0x412: 0x0e, 0x413: 0x57, 0x414: 0x58, 0x415: 0x59, 0x416: 0x5a, 0x417: 0x5b, - 0x418: 0x0e, 0x419: 0x5c, 0x41a: 0x0e, 0x41b: 0x5d, - 0x424: 0x5e, 0x425: 0x5f, 0x426: 0x60, 0x427: 0x61, - // Block 0x11, offset 0x440 - 0x456: 0x0b, 0x457: 0x06, - 0x458: 0x0c, 0x45b: 0x0d, 0x45f: 0x0e, - 0x460: 0x06, 0x461: 0x06, 0x462: 0x06, 0x463: 0x06, 0x464: 0x06, 0x465: 0x06, 0x466: 0x06, 0x467: 0x06, - 0x468: 0x06, 0x469: 0x06, 0x46a: 0x06, 0x46b: 0x06, 0x46c: 0x06, 0x46d: 0x06, 0x46e: 0x06, 0x46f: 0x06, - 0x470: 0x06, 0x471: 0x06, 0x472: 0x06, 0x473: 0x06, 0x474: 0x06, 0x475: 0x06, 0x476: 0x06, 0x477: 0x06, - 0x478: 0x06, 0x479: 0x06, 0x47a: 0x06, 0x47b: 0x06, 0x47c: 0x06, 0x47d: 0x06, 0x47e: 0x06, 0x47f: 0x06, - // Block 0x12, offset 0x480 - 0x484: 0x08, 0x485: 0x08, 0x486: 0x08, 0x487: 0x09, - // Block 0x13, offset 0x4c0 - 0x4c0: 0x08, 0x4c1: 0x08, 0x4c2: 0x08, 0x4c3: 0x08, 0x4c4: 0x08, 0x4c5: 0x08, 0x4c6: 0x08, 0x4c7: 0x08, - 0x4c8: 0x08, 0x4c9: 0x08, 0x4ca: 0x08, 0x4cb: 0x08, 0x4cc: 0x08, 0x4cd: 0x08, 0x4ce: 0x08, 0x4cf: 0x08, - 0x4d0: 0x08, 0x4d1: 0x08, 0x4d2: 0x08, 0x4d3: 0x08, 0x4d4: 0x08, 0x4d5: 0x08, 0x4d6: 0x08, 0x4d7: 0x08, - 0x4d8: 0x08, 0x4d9: 0x08, 0x4da: 0x08, 0x4db: 0x08, 0x4dc: 0x08, 0x4dd: 0x08, 0x4de: 0x08, 0x4df: 0x08, - 0x4e0: 0x08, 0x4e1: 0x08, 0x4e2: 0x08, 0x4e3: 0x08, 0x4e4: 0x08, 0x4e5: 0x08, 0x4e6: 0x08, 0x4e7: 0x08, - 0x4e8: 0x08, 0x4e9: 0x08, 0x4ea: 0x08, 0x4eb: 0x08, 0x4ec: 0x08, 0x4ed: 0x08, 0x4ee: 0x08, 0x4ef: 0x08, - 0x4f0: 0x08, 0x4f1: 0x08, 0x4f2: 0x08, 0x4f3: 0x08, 0x4f4: 0x08, 0x4f5: 0x08, 0x4f6: 0x08, 0x4f7: 0x08, - 0x4f8: 0x08, 0x4f9: 0x08, 0x4fa: 0x08, 0x4fb: 0x08, 0x4fc: 0x08, 0x4fd: 0x08, 0x4fe: 0x08, 0x4ff: 0x62, - // Block 0x14, offset 0x500 - 0x520: 0x10, - 0x530: 0x09, 0x531: 0x09, 0x532: 0x09, 0x533: 0x09, 0x534: 0x09, 0x535: 0x09, 0x536: 0x09, 0x537: 0x09, - 0x538: 0x09, 0x539: 0x09, 0x53a: 0x09, 0x53b: 0x09, 0x53c: 0x09, 0x53d: 0x09, 0x53e: 0x09, 0x53f: 0x11, - // Block 0x15, offset 0x540 - 0x540: 0x09, 0x541: 0x09, 0x542: 0x09, 0x543: 0x09, 0x544: 0x09, 0x545: 0x09, 0x546: 0x09, 0x547: 0x09, - 0x548: 0x09, 0x549: 0x09, 0x54a: 0x09, 0x54b: 0x09, 0x54c: 0x09, 0x54d: 0x09, 0x54e: 0x09, 0x54f: 0x11, -} - -// inverseData contains 4-byte entries of the following format: -// -// <length> <modified UTF-8-encoded rune> <0 padding> -// -// The last byte of the UTF-8-encoded rune is xor-ed with the last byte of the -// UTF-8 encoding of the original rune. Mappings often have the following -// pattern: -// -// A -> A (U+FF21 -> U+0041) -// ï¼¢ -> B (U+FF22 -> U+0042) -// ... -// -// By xor-ing the last byte the same entry can be shared by many mappings. This -// reduces the total number of distinct entries by about two thirds. -// The resulting entry for the aforementioned mappings is -// -// { 0x01, 0xE0, 0x00, 0x00 } -// -// Using this entry to map U+FF21 (UTF-8 [EF BC A1]), we get -// -// E0 ^ A1 = 41. -// -// Similarly, for U+FF22 (UTF-8 [EF BC A2]), we get -// -// E0 ^ A2 = 42. -// -// Note that because of the xor-ing, the byte sequence stored in the entry is -// not valid UTF-8. -var inverseData = [150][4]byte{ - {0x00, 0x00, 0x00, 0x00}, - {0x03, 0xe3, 0x80, 0xa0}, - {0x03, 0xef, 0xbc, 0xa0}, - {0x03, 0xef, 0xbc, 0xe0}, - {0x03, 0xef, 0xbd, 0xe0}, - {0x03, 0xef, 0xbf, 0x02}, - {0x03, 0xef, 0xbf, 0x00}, - {0x03, 0xef, 0xbf, 0x0e}, - {0x03, 0xef, 0xbf, 0x0c}, - {0x03, 0xef, 0xbf, 0x0f}, - {0x03, 0xef, 0xbf, 0x39}, - {0x03, 0xef, 0xbf, 0x3b}, - {0x03, 0xef, 0xbf, 0x3f}, - {0x03, 0xef, 0xbf, 0x2a}, - {0x03, 0xef, 0xbf, 0x0d}, - {0x03, 0xef, 0xbf, 0x25}, - {0x03, 0xef, 0xbd, 0x1a}, - {0x03, 0xef, 0xbd, 0x26}, - {0x01, 0xa0, 0x00, 0x00}, - {0x03, 0xef, 0xbd, 0x25}, - {0x03, 0xef, 0xbd, 0x23}, - {0x03, 0xef, 0xbd, 0x2e}, - {0x03, 0xef, 0xbe, 0x07}, - {0x03, 0xef, 0xbe, 0x05}, - {0x03, 0xef, 0xbd, 0x06}, - {0x03, 0xef, 0xbd, 0x13}, - {0x03, 0xef, 0xbd, 0x0b}, - {0x03, 0xef, 0xbd, 0x16}, - {0x03, 0xef, 0xbd, 0x0c}, - {0x03, 0xef, 0xbd, 0x15}, - {0x03, 0xef, 0xbd, 0x0d}, - {0x03, 0xef, 0xbd, 0x1c}, - {0x03, 0xef, 0xbd, 0x02}, - {0x03, 0xef, 0xbd, 0x1f}, - {0x03, 0xef, 0xbd, 0x1d}, - {0x03, 0xef, 0xbd, 0x17}, - {0x03, 0xef, 0xbd, 0x08}, - {0x03, 0xef, 0xbd, 0x09}, - {0x03, 0xef, 0xbd, 0x0e}, - {0x03, 0xef, 0xbd, 0x04}, - {0x03, 0xef, 0xbd, 0x05}, - {0x03, 0xef, 0xbe, 0x3f}, - {0x03, 0xef, 0xbe, 0x00}, - {0x03, 0xef, 0xbd, 0x2c}, - {0x03, 0xef, 0xbe, 0x06}, - {0x03, 0xef, 0xbe, 0x0c}, - {0x03, 0xef, 0xbe, 0x0f}, - {0x03, 0xef, 0xbe, 0x0d}, - {0x03, 0xef, 0xbe, 0x0b}, - {0x03, 0xef, 0xbe, 0x19}, - {0x03, 0xef, 0xbe, 0x15}, - {0x03, 0xef, 0xbe, 0x11}, - {0x03, 0xef, 0xbe, 0x31}, - {0x03, 0xef, 0xbe, 0x33}, - {0x03, 0xef, 0xbd, 0x0f}, - {0x03, 0xef, 0xbe, 0x30}, - {0x03, 0xef, 0xbe, 0x3e}, - {0x03, 0xef, 0xbe, 0x32}, - {0x03, 0xef, 0xbe, 0x36}, - {0x03, 0xef, 0xbd, 0x14}, - {0x03, 0xef, 0xbe, 0x2e}, - {0x03, 0xef, 0xbd, 0x1e}, - {0x03, 0xef, 0xbe, 0x10}, - {0x03, 0xef, 0xbf, 0x13}, - {0x03, 0xef, 0xbf, 0x15}, - {0x03, 0xef, 0xbf, 0x17}, - {0x03, 0xef, 0xbf, 0x1f}, - {0x03, 0xef, 0xbf, 0x1d}, - {0x03, 0xef, 0xbf, 0x1b}, - {0x03, 0xef, 0xbf, 0x09}, - {0x03, 0xef, 0xbf, 0x0b}, - {0x03, 0xef, 0xbf, 0x37}, - {0x03, 0xef, 0xbe, 0x04}, - {0x01, 0xe0, 0x00, 0x00}, - {0x03, 0xe2, 0xa6, 0x1a}, - {0x03, 0xe2, 0xa6, 0x26}, - {0x03, 0xe3, 0x80, 0x23}, - {0x03, 0xe3, 0x80, 0x2e}, - {0x03, 0xe3, 0x80, 0x25}, - {0x03, 0xe3, 0x83, 0x1e}, - {0x03, 0xe3, 0x83, 0x14}, - {0x03, 0xe3, 0x82, 0x06}, - {0x03, 0xe3, 0x82, 0x0b}, - {0x03, 0xe3, 0x82, 0x0c}, - {0x03, 0xe3, 0x82, 0x0d}, - {0x03, 0xe3, 0x82, 0x02}, - {0x03, 0xe3, 0x83, 0x0f}, - {0x03, 0xe3, 0x83, 0x08}, - {0x03, 0xe3, 0x83, 0x09}, - {0x03, 0xe3, 0x83, 0x2c}, - {0x03, 0xe3, 0x83, 0x0c}, - {0x03, 0xe3, 0x82, 0x13}, - {0x03, 0xe3, 0x82, 0x16}, - {0x03, 0xe3, 0x82, 0x15}, - {0x03, 0xe3, 0x82, 0x1c}, - {0x03, 0xe3, 0x82, 0x1f}, - {0x03, 0xe3, 0x82, 0x1d}, - {0x03, 0xe3, 0x82, 0x1a}, - {0x03, 0xe3, 0x82, 0x17}, - {0x03, 0xe3, 0x82, 0x08}, - {0x03, 0xe3, 0x82, 0x09}, - {0x03, 0xe3, 0x82, 0x0e}, - {0x03, 0xe3, 0x82, 0x04}, - {0x03, 0xe3, 0x82, 0x05}, - {0x03, 0xe3, 0x82, 0x3f}, - {0x03, 0xe3, 0x83, 0x00}, - {0x03, 0xe3, 0x83, 0x06}, - {0x03, 0xe3, 0x83, 0x05}, - {0x03, 0xe3, 0x83, 0x0d}, - {0x03, 0xe3, 0x83, 0x0b}, - {0x03, 0xe3, 0x83, 0x07}, - {0x03, 0xe3, 0x83, 0x19}, - {0x03, 0xe3, 0x83, 0x15}, - {0x03, 0xe3, 0x83, 0x11}, - {0x03, 0xe3, 0x83, 0x31}, - {0x03, 0xe3, 0x83, 0x33}, - {0x03, 0xe3, 0x83, 0x30}, - {0x03, 0xe3, 0x83, 0x3e}, - {0x03, 0xe3, 0x83, 0x32}, - {0x03, 0xe3, 0x83, 0x36}, - {0x03, 0xe3, 0x83, 0x2e}, - {0x03, 0xe3, 0x82, 0x07}, - {0x03, 0xe3, 0x85, 0x04}, - {0x03, 0xe3, 0x84, 0x10}, - {0x03, 0xe3, 0x85, 0x30}, - {0x03, 0xe3, 0x85, 0x0d}, - {0x03, 0xe3, 0x85, 0x13}, - {0x03, 0xe3, 0x85, 0x15}, - {0x03, 0xe3, 0x85, 0x17}, - {0x03, 0xe3, 0x85, 0x1f}, - {0x03, 0xe3, 0x85, 0x1d}, - {0x03, 0xe3, 0x85, 0x1b}, - {0x03, 0xe3, 0x85, 0x09}, - {0x03, 0xe3, 0x85, 0x0f}, - {0x03, 0xe3, 0x85, 0x0b}, - {0x03, 0xe3, 0x85, 0x37}, - {0x03, 0xe3, 0x85, 0x3b}, - {0x03, 0xe3, 0x85, 0x39}, - {0x03, 0xe3, 0x85, 0x3f}, - {0x02, 0xc2, 0x02, 0x00}, - {0x02, 0xc2, 0x0e, 0x00}, - {0x02, 0xc2, 0x0c, 0x00}, - {0x02, 0xc2, 0x00, 0x00}, - {0x03, 0xe2, 0x82, 0x0f}, - {0x03, 0xe2, 0x94, 0x2a}, - {0x03, 0xe2, 0x86, 0x39}, - {0x03, 0xe2, 0x86, 0x3b}, - {0x03, 0xe2, 0x86, 0x3f}, - {0x03, 0xe2, 0x96, 0x0d}, - {0x03, 0xe2, 0x97, 0x25}, -} - -// Total table size 14936 bytes (14KiB) diff --git a/etcd/vendor/golang.org/x/text/width/tables12.0.0.go b/etcd/vendor/golang.org/x/text/width/tables12.0.0.go deleted file mode 100644 index 5c14ade6d9..0000000000 --- a/etcd/vendor/golang.org/x/text/width/tables12.0.0.go +++ /dev/null @@ -1,1361 +0,0 @@ -// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - -//go:build go1.14 && !go1.16 -// +build go1.14,!go1.16 - -package width - -// UnicodeVersion is the Unicode version from which the tables in this package are derived. -const UnicodeVersion = "12.0.0" - -// lookup returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookup(s []byte) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupUnsafe(s []byte) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// lookupString returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookupString(s string) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupStringUnsafe(s string) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// widthTrie. Total size: 14720 bytes (14.38 KiB). Checksum: 3f4f2516ded5489b. -type widthTrie struct{} - -func newWidthTrie(i int) *widthTrie { - return &widthTrie{} -} - -// lookupValue determines the type of block n and looks up the value for b. -func (t *widthTrie) lookupValue(n uint32, b byte) uint16 { - switch { - default: - return uint16(widthValues[n<<6+uint32(b)]) - } -} - -// widthValues: 104 blocks, 6656 entries, 13312 bytes -// The third block is the zero block. -var widthValues = [6656]uint16{ - // Block 0x0, offset 0x0 - 0x20: 0x6001, 0x21: 0x6002, 0x22: 0x6002, 0x23: 0x6002, - 0x24: 0x6002, 0x25: 0x6002, 0x26: 0x6002, 0x27: 0x6002, 0x28: 0x6002, 0x29: 0x6002, - 0x2a: 0x6002, 0x2b: 0x6002, 0x2c: 0x6002, 0x2d: 0x6002, 0x2e: 0x6002, 0x2f: 0x6002, - 0x30: 0x6002, 0x31: 0x6002, 0x32: 0x6002, 0x33: 0x6002, 0x34: 0x6002, 0x35: 0x6002, - 0x36: 0x6002, 0x37: 0x6002, 0x38: 0x6002, 0x39: 0x6002, 0x3a: 0x6002, 0x3b: 0x6002, - 0x3c: 0x6002, 0x3d: 0x6002, 0x3e: 0x6002, 0x3f: 0x6002, - // Block 0x1, offset 0x40 - 0x40: 0x6003, 0x41: 0x6003, 0x42: 0x6003, 0x43: 0x6003, 0x44: 0x6003, 0x45: 0x6003, - 0x46: 0x6003, 0x47: 0x6003, 0x48: 0x6003, 0x49: 0x6003, 0x4a: 0x6003, 0x4b: 0x6003, - 0x4c: 0x6003, 0x4d: 0x6003, 0x4e: 0x6003, 0x4f: 0x6003, 0x50: 0x6003, 0x51: 0x6003, - 0x52: 0x6003, 0x53: 0x6003, 0x54: 0x6003, 0x55: 0x6003, 0x56: 0x6003, 0x57: 0x6003, - 0x58: 0x6003, 0x59: 0x6003, 0x5a: 0x6003, 0x5b: 0x6003, 0x5c: 0x6003, 0x5d: 0x6003, - 0x5e: 0x6003, 0x5f: 0x6003, 0x60: 0x6004, 0x61: 0x6004, 0x62: 0x6004, 0x63: 0x6004, - 0x64: 0x6004, 0x65: 0x6004, 0x66: 0x6004, 0x67: 0x6004, 0x68: 0x6004, 0x69: 0x6004, - 0x6a: 0x6004, 0x6b: 0x6004, 0x6c: 0x6004, 0x6d: 0x6004, 0x6e: 0x6004, 0x6f: 0x6004, - 0x70: 0x6004, 0x71: 0x6004, 0x72: 0x6004, 0x73: 0x6004, 0x74: 0x6004, 0x75: 0x6004, - 0x76: 0x6004, 0x77: 0x6004, 0x78: 0x6004, 0x79: 0x6004, 0x7a: 0x6004, 0x7b: 0x6004, - 0x7c: 0x6004, 0x7d: 0x6004, 0x7e: 0x6004, - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xe1: 0x2000, 0xe2: 0x6005, 0xe3: 0x6005, - 0xe4: 0x2000, 0xe5: 0x6006, 0xe6: 0x6005, 0xe7: 0x2000, 0xe8: 0x2000, - 0xea: 0x2000, 0xec: 0x6007, 0xed: 0x2000, 0xee: 0x2000, 0xef: 0x6008, - 0xf0: 0x2000, 0xf1: 0x2000, 0xf2: 0x2000, 0xf3: 0x2000, 0xf4: 0x2000, - 0xf6: 0x2000, 0xf7: 0x2000, 0xf8: 0x2000, 0xf9: 0x2000, 0xfa: 0x2000, - 0xfc: 0x2000, 0xfd: 0x2000, 0xfe: 0x2000, 0xff: 0x2000, - // Block 0x4, offset 0x100 - 0x106: 0x2000, - 0x110: 0x2000, - 0x117: 0x2000, - 0x118: 0x2000, - 0x11e: 0x2000, 0x11f: 0x2000, 0x120: 0x2000, 0x121: 0x2000, - 0x126: 0x2000, 0x128: 0x2000, 0x129: 0x2000, - 0x12a: 0x2000, 0x12c: 0x2000, 0x12d: 0x2000, - 0x130: 0x2000, 0x132: 0x2000, 0x133: 0x2000, - 0x137: 0x2000, 0x138: 0x2000, 0x139: 0x2000, 0x13a: 0x2000, - 0x13c: 0x2000, 0x13e: 0x2000, - // Block 0x5, offset 0x140 - 0x141: 0x2000, - 0x151: 0x2000, - 0x153: 0x2000, - 0x15b: 0x2000, - 0x166: 0x2000, 0x167: 0x2000, - 0x16b: 0x2000, - 0x171: 0x2000, 0x172: 0x2000, 0x173: 0x2000, - 0x178: 0x2000, - 0x17f: 0x2000, - // Block 0x6, offset 0x180 - 0x180: 0x2000, 0x181: 0x2000, 0x182: 0x2000, 0x184: 0x2000, - 0x188: 0x2000, 0x189: 0x2000, 0x18a: 0x2000, 0x18b: 0x2000, - 0x18d: 0x2000, - 0x192: 0x2000, 0x193: 0x2000, - 0x1a6: 0x2000, 0x1a7: 0x2000, - 0x1ab: 0x2000, - // Block 0x7, offset 0x1c0 - 0x1ce: 0x2000, 0x1d0: 0x2000, - 0x1d2: 0x2000, 0x1d4: 0x2000, 0x1d6: 0x2000, - 0x1d8: 0x2000, 0x1da: 0x2000, 0x1dc: 0x2000, - // Block 0x8, offset 0x200 - 0x211: 0x2000, - 0x221: 0x2000, - // Block 0x9, offset 0x240 - 0x244: 0x2000, - 0x247: 0x2000, 0x249: 0x2000, 0x24a: 0x2000, 0x24b: 0x2000, - 0x24d: 0x2000, 0x250: 0x2000, - 0x258: 0x2000, 0x259: 0x2000, 0x25a: 0x2000, 0x25b: 0x2000, 0x25d: 0x2000, - 0x25f: 0x2000, - // Block 0xa, offset 0x280 - 0x280: 0x2000, 0x281: 0x2000, 0x282: 0x2000, 0x283: 0x2000, 0x284: 0x2000, 0x285: 0x2000, - 0x286: 0x2000, 0x287: 0x2000, 0x288: 0x2000, 0x289: 0x2000, 0x28a: 0x2000, 0x28b: 0x2000, - 0x28c: 0x2000, 0x28d: 0x2000, 0x28e: 0x2000, 0x28f: 0x2000, 0x290: 0x2000, 0x291: 0x2000, - 0x292: 0x2000, 0x293: 0x2000, 0x294: 0x2000, 0x295: 0x2000, 0x296: 0x2000, 0x297: 0x2000, - 0x298: 0x2000, 0x299: 0x2000, 0x29a: 0x2000, 0x29b: 0x2000, 0x29c: 0x2000, 0x29d: 0x2000, - 0x29e: 0x2000, 0x29f: 0x2000, 0x2a0: 0x2000, 0x2a1: 0x2000, 0x2a2: 0x2000, 0x2a3: 0x2000, - 0x2a4: 0x2000, 0x2a5: 0x2000, 0x2a6: 0x2000, 0x2a7: 0x2000, 0x2a8: 0x2000, 0x2a9: 0x2000, - 0x2aa: 0x2000, 0x2ab: 0x2000, 0x2ac: 0x2000, 0x2ad: 0x2000, 0x2ae: 0x2000, 0x2af: 0x2000, - 0x2b0: 0x2000, 0x2b1: 0x2000, 0x2b2: 0x2000, 0x2b3: 0x2000, 0x2b4: 0x2000, 0x2b5: 0x2000, - 0x2b6: 0x2000, 0x2b7: 0x2000, 0x2b8: 0x2000, 0x2b9: 0x2000, 0x2ba: 0x2000, 0x2bb: 0x2000, - 0x2bc: 0x2000, 0x2bd: 0x2000, 0x2be: 0x2000, 0x2bf: 0x2000, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x2000, 0x2c1: 0x2000, 0x2c2: 0x2000, 0x2c3: 0x2000, 0x2c4: 0x2000, 0x2c5: 0x2000, - 0x2c6: 0x2000, 0x2c7: 0x2000, 0x2c8: 0x2000, 0x2c9: 0x2000, 0x2ca: 0x2000, 0x2cb: 0x2000, - 0x2cc: 0x2000, 0x2cd: 0x2000, 0x2ce: 0x2000, 0x2cf: 0x2000, 0x2d0: 0x2000, 0x2d1: 0x2000, - 0x2d2: 0x2000, 0x2d3: 0x2000, 0x2d4: 0x2000, 0x2d5: 0x2000, 0x2d6: 0x2000, 0x2d7: 0x2000, - 0x2d8: 0x2000, 0x2d9: 0x2000, 0x2da: 0x2000, 0x2db: 0x2000, 0x2dc: 0x2000, 0x2dd: 0x2000, - 0x2de: 0x2000, 0x2df: 0x2000, 0x2e0: 0x2000, 0x2e1: 0x2000, 0x2e2: 0x2000, 0x2e3: 0x2000, - 0x2e4: 0x2000, 0x2e5: 0x2000, 0x2e6: 0x2000, 0x2e7: 0x2000, 0x2e8: 0x2000, 0x2e9: 0x2000, - 0x2ea: 0x2000, 0x2eb: 0x2000, 0x2ec: 0x2000, 0x2ed: 0x2000, 0x2ee: 0x2000, 0x2ef: 0x2000, - // Block 0xc, offset 0x300 - 0x311: 0x2000, - 0x312: 0x2000, 0x313: 0x2000, 0x314: 0x2000, 0x315: 0x2000, 0x316: 0x2000, 0x317: 0x2000, - 0x318: 0x2000, 0x319: 0x2000, 0x31a: 0x2000, 0x31b: 0x2000, 0x31c: 0x2000, 0x31d: 0x2000, - 0x31e: 0x2000, 0x31f: 0x2000, 0x320: 0x2000, 0x321: 0x2000, 0x323: 0x2000, - 0x324: 0x2000, 0x325: 0x2000, 0x326: 0x2000, 0x327: 0x2000, 0x328: 0x2000, 0x329: 0x2000, - 0x331: 0x2000, 0x332: 0x2000, 0x333: 0x2000, 0x334: 0x2000, 0x335: 0x2000, - 0x336: 0x2000, 0x337: 0x2000, 0x338: 0x2000, 0x339: 0x2000, 0x33a: 0x2000, 0x33b: 0x2000, - 0x33c: 0x2000, 0x33d: 0x2000, 0x33e: 0x2000, 0x33f: 0x2000, - // Block 0xd, offset 0x340 - 0x340: 0x2000, 0x341: 0x2000, 0x343: 0x2000, 0x344: 0x2000, 0x345: 0x2000, - 0x346: 0x2000, 0x347: 0x2000, 0x348: 0x2000, 0x349: 0x2000, - // Block 0xe, offset 0x380 - 0x381: 0x2000, - 0x390: 0x2000, 0x391: 0x2000, - 0x392: 0x2000, 0x393: 0x2000, 0x394: 0x2000, 0x395: 0x2000, 0x396: 0x2000, 0x397: 0x2000, - 0x398: 0x2000, 0x399: 0x2000, 0x39a: 0x2000, 0x39b: 0x2000, 0x39c: 0x2000, 0x39d: 0x2000, - 0x39e: 0x2000, 0x39f: 0x2000, 0x3a0: 0x2000, 0x3a1: 0x2000, 0x3a2: 0x2000, 0x3a3: 0x2000, - 0x3a4: 0x2000, 0x3a5: 0x2000, 0x3a6: 0x2000, 0x3a7: 0x2000, 0x3a8: 0x2000, 0x3a9: 0x2000, - 0x3aa: 0x2000, 0x3ab: 0x2000, 0x3ac: 0x2000, 0x3ad: 0x2000, 0x3ae: 0x2000, 0x3af: 0x2000, - 0x3b0: 0x2000, 0x3b1: 0x2000, 0x3b2: 0x2000, 0x3b3: 0x2000, 0x3b4: 0x2000, 0x3b5: 0x2000, - 0x3b6: 0x2000, 0x3b7: 0x2000, 0x3b8: 0x2000, 0x3b9: 0x2000, 0x3ba: 0x2000, 0x3bb: 0x2000, - 0x3bc: 0x2000, 0x3bd: 0x2000, 0x3be: 0x2000, 0x3bf: 0x2000, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x2000, 0x3c1: 0x2000, 0x3c2: 0x2000, 0x3c3: 0x2000, 0x3c4: 0x2000, 0x3c5: 0x2000, - 0x3c6: 0x2000, 0x3c7: 0x2000, 0x3c8: 0x2000, 0x3c9: 0x2000, 0x3ca: 0x2000, 0x3cb: 0x2000, - 0x3cc: 0x2000, 0x3cd: 0x2000, 0x3ce: 0x2000, 0x3cf: 0x2000, 0x3d1: 0x2000, - // Block 0x10, offset 0x400 - 0x400: 0x4000, 0x401: 0x4000, 0x402: 0x4000, 0x403: 0x4000, 0x404: 0x4000, 0x405: 0x4000, - 0x406: 0x4000, 0x407: 0x4000, 0x408: 0x4000, 0x409: 0x4000, 0x40a: 0x4000, 0x40b: 0x4000, - 0x40c: 0x4000, 0x40d: 0x4000, 0x40e: 0x4000, 0x40f: 0x4000, 0x410: 0x4000, 0x411: 0x4000, - 0x412: 0x4000, 0x413: 0x4000, 0x414: 0x4000, 0x415: 0x4000, 0x416: 0x4000, 0x417: 0x4000, - 0x418: 0x4000, 0x419: 0x4000, 0x41a: 0x4000, 0x41b: 0x4000, 0x41c: 0x4000, 0x41d: 0x4000, - 0x41e: 0x4000, 0x41f: 0x4000, 0x420: 0x4000, 0x421: 0x4000, 0x422: 0x4000, 0x423: 0x4000, - 0x424: 0x4000, 0x425: 0x4000, 0x426: 0x4000, 0x427: 0x4000, 0x428: 0x4000, 0x429: 0x4000, - 0x42a: 0x4000, 0x42b: 0x4000, 0x42c: 0x4000, 0x42d: 0x4000, 0x42e: 0x4000, 0x42f: 0x4000, - 0x430: 0x4000, 0x431: 0x4000, 0x432: 0x4000, 0x433: 0x4000, 0x434: 0x4000, 0x435: 0x4000, - 0x436: 0x4000, 0x437: 0x4000, 0x438: 0x4000, 0x439: 0x4000, 0x43a: 0x4000, 0x43b: 0x4000, - 0x43c: 0x4000, 0x43d: 0x4000, 0x43e: 0x4000, 0x43f: 0x4000, - // Block 0x11, offset 0x440 - 0x440: 0x4000, 0x441: 0x4000, 0x442: 0x4000, 0x443: 0x4000, 0x444: 0x4000, 0x445: 0x4000, - 0x446: 0x4000, 0x447: 0x4000, 0x448: 0x4000, 0x449: 0x4000, 0x44a: 0x4000, 0x44b: 0x4000, - 0x44c: 0x4000, 0x44d: 0x4000, 0x44e: 0x4000, 0x44f: 0x4000, 0x450: 0x4000, 0x451: 0x4000, - 0x452: 0x4000, 0x453: 0x4000, 0x454: 0x4000, 0x455: 0x4000, 0x456: 0x4000, 0x457: 0x4000, - 0x458: 0x4000, 0x459: 0x4000, 0x45a: 0x4000, 0x45b: 0x4000, 0x45c: 0x4000, 0x45d: 0x4000, - 0x45e: 0x4000, 0x45f: 0x4000, - // Block 0x12, offset 0x480 - 0x490: 0x2000, - 0x493: 0x2000, 0x494: 0x2000, 0x495: 0x2000, 0x496: 0x2000, - 0x498: 0x2000, 0x499: 0x2000, 0x49c: 0x2000, 0x49d: 0x2000, - 0x4a0: 0x2000, 0x4a1: 0x2000, 0x4a2: 0x2000, - 0x4a4: 0x2000, 0x4a5: 0x2000, 0x4a6: 0x2000, 0x4a7: 0x2000, - 0x4b0: 0x2000, 0x4b2: 0x2000, 0x4b3: 0x2000, 0x4b5: 0x2000, - 0x4bb: 0x2000, - 0x4be: 0x2000, - // Block 0x13, offset 0x4c0 - 0x4f4: 0x2000, - 0x4ff: 0x2000, - // Block 0x14, offset 0x500 - 0x501: 0x2000, 0x502: 0x2000, 0x503: 0x2000, 0x504: 0x2000, - 0x529: 0xa009, - 0x52c: 0x2000, - // Block 0x15, offset 0x540 - 0x543: 0x2000, 0x545: 0x2000, - 0x549: 0x2000, - 0x553: 0x2000, 0x556: 0x2000, - 0x561: 0x2000, 0x562: 0x2000, - 0x566: 0x2000, - 0x56b: 0x2000, - // Block 0x16, offset 0x580 - 0x593: 0x2000, 0x594: 0x2000, - 0x59b: 0x2000, 0x59c: 0x2000, 0x59d: 0x2000, - 0x59e: 0x2000, 0x5a0: 0x2000, 0x5a1: 0x2000, 0x5a2: 0x2000, 0x5a3: 0x2000, - 0x5a4: 0x2000, 0x5a5: 0x2000, 0x5a6: 0x2000, 0x5a7: 0x2000, 0x5a8: 0x2000, 0x5a9: 0x2000, - 0x5aa: 0x2000, 0x5ab: 0x2000, - 0x5b0: 0x2000, 0x5b1: 0x2000, 0x5b2: 0x2000, 0x5b3: 0x2000, 0x5b4: 0x2000, 0x5b5: 0x2000, - 0x5b6: 0x2000, 0x5b7: 0x2000, 0x5b8: 0x2000, 0x5b9: 0x2000, - // Block 0x17, offset 0x5c0 - 0x5c9: 0x2000, - 0x5d0: 0x200a, 0x5d1: 0x200b, - 0x5d2: 0x200a, 0x5d3: 0x200c, 0x5d4: 0x2000, 0x5d5: 0x2000, 0x5d6: 0x2000, 0x5d7: 0x2000, - 0x5d8: 0x2000, 0x5d9: 0x2000, - 0x5f8: 0x2000, 0x5f9: 0x2000, - // Block 0x18, offset 0x600 - 0x612: 0x2000, 0x614: 0x2000, - 0x627: 0x2000, - // Block 0x19, offset 0x640 - 0x640: 0x2000, 0x642: 0x2000, 0x643: 0x2000, - 0x647: 0x2000, 0x648: 0x2000, 0x64b: 0x2000, - 0x64f: 0x2000, 0x651: 0x2000, - 0x655: 0x2000, - 0x65a: 0x2000, 0x65d: 0x2000, - 0x65e: 0x2000, 0x65f: 0x2000, 0x660: 0x2000, 0x663: 0x2000, - 0x665: 0x2000, 0x667: 0x2000, 0x668: 0x2000, 0x669: 0x2000, - 0x66a: 0x2000, 0x66b: 0x2000, 0x66c: 0x2000, 0x66e: 0x2000, - 0x674: 0x2000, 0x675: 0x2000, - 0x676: 0x2000, 0x677: 0x2000, - 0x67c: 0x2000, 0x67d: 0x2000, - // Block 0x1a, offset 0x680 - 0x688: 0x2000, - 0x68c: 0x2000, - 0x692: 0x2000, - 0x6a0: 0x2000, 0x6a1: 0x2000, - 0x6a4: 0x2000, 0x6a5: 0x2000, 0x6a6: 0x2000, 0x6a7: 0x2000, - 0x6aa: 0x2000, 0x6ab: 0x2000, 0x6ae: 0x2000, 0x6af: 0x2000, - // Block 0x1b, offset 0x6c0 - 0x6c2: 0x2000, 0x6c3: 0x2000, - 0x6c6: 0x2000, 0x6c7: 0x2000, - 0x6d5: 0x2000, - 0x6d9: 0x2000, - 0x6e5: 0x2000, - 0x6ff: 0x2000, - // Block 0x1c, offset 0x700 - 0x712: 0x2000, - 0x71a: 0x4000, 0x71b: 0x4000, - 0x729: 0x4000, - 0x72a: 0x4000, - // Block 0x1d, offset 0x740 - 0x769: 0x4000, - 0x76a: 0x4000, 0x76b: 0x4000, 0x76c: 0x4000, - 0x770: 0x4000, 0x773: 0x4000, - // Block 0x1e, offset 0x780 - 0x7a0: 0x2000, 0x7a1: 0x2000, 0x7a2: 0x2000, 0x7a3: 0x2000, - 0x7a4: 0x2000, 0x7a5: 0x2000, 0x7a6: 0x2000, 0x7a7: 0x2000, 0x7a8: 0x2000, 0x7a9: 0x2000, - 0x7aa: 0x2000, 0x7ab: 0x2000, 0x7ac: 0x2000, 0x7ad: 0x2000, 0x7ae: 0x2000, 0x7af: 0x2000, - 0x7b0: 0x2000, 0x7b1: 0x2000, 0x7b2: 0x2000, 0x7b3: 0x2000, 0x7b4: 0x2000, 0x7b5: 0x2000, - 0x7b6: 0x2000, 0x7b7: 0x2000, 0x7b8: 0x2000, 0x7b9: 0x2000, 0x7ba: 0x2000, 0x7bb: 0x2000, - 0x7bc: 0x2000, 0x7bd: 0x2000, 0x7be: 0x2000, 0x7bf: 0x2000, - // Block 0x1f, offset 0x7c0 - 0x7c0: 0x2000, 0x7c1: 0x2000, 0x7c2: 0x2000, 0x7c3: 0x2000, 0x7c4: 0x2000, 0x7c5: 0x2000, - 0x7c6: 0x2000, 0x7c7: 0x2000, 0x7c8: 0x2000, 0x7c9: 0x2000, 0x7ca: 0x2000, 0x7cb: 0x2000, - 0x7cc: 0x2000, 0x7cd: 0x2000, 0x7ce: 0x2000, 0x7cf: 0x2000, 0x7d0: 0x2000, 0x7d1: 0x2000, - 0x7d2: 0x2000, 0x7d3: 0x2000, 0x7d4: 0x2000, 0x7d5: 0x2000, 0x7d6: 0x2000, 0x7d7: 0x2000, - 0x7d8: 0x2000, 0x7d9: 0x2000, 0x7da: 0x2000, 0x7db: 0x2000, 0x7dc: 0x2000, 0x7dd: 0x2000, - 0x7de: 0x2000, 0x7df: 0x2000, 0x7e0: 0x2000, 0x7e1: 0x2000, 0x7e2: 0x2000, 0x7e3: 0x2000, - 0x7e4: 0x2000, 0x7e5: 0x2000, 0x7e6: 0x2000, 0x7e7: 0x2000, 0x7e8: 0x2000, 0x7e9: 0x2000, - 0x7eb: 0x2000, 0x7ec: 0x2000, 0x7ed: 0x2000, 0x7ee: 0x2000, 0x7ef: 0x2000, - 0x7f0: 0x2000, 0x7f1: 0x2000, 0x7f2: 0x2000, 0x7f3: 0x2000, 0x7f4: 0x2000, 0x7f5: 0x2000, - 0x7f6: 0x2000, 0x7f7: 0x2000, 0x7f8: 0x2000, 0x7f9: 0x2000, 0x7fa: 0x2000, 0x7fb: 0x2000, - 0x7fc: 0x2000, 0x7fd: 0x2000, 0x7fe: 0x2000, 0x7ff: 0x2000, - // Block 0x20, offset 0x800 - 0x800: 0x2000, 0x801: 0x2000, 0x802: 0x200d, 0x803: 0x2000, 0x804: 0x2000, 0x805: 0x2000, - 0x806: 0x2000, 0x807: 0x2000, 0x808: 0x2000, 0x809: 0x2000, 0x80a: 0x2000, 0x80b: 0x2000, - 0x80c: 0x2000, 0x80d: 0x2000, 0x80e: 0x2000, 0x80f: 0x2000, 0x810: 0x2000, 0x811: 0x2000, - 0x812: 0x2000, 0x813: 0x2000, 0x814: 0x2000, 0x815: 0x2000, 0x816: 0x2000, 0x817: 0x2000, - 0x818: 0x2000, 0x819: 0x2000, 0x81a: 0x2000, 0x81b: 0x2000, 0x81c: 0x2000, 0x81d: 0x2000, - 0x81e: 0x2000, 0x81f: 0x2000, 0x820: 0x2000, 0x821: 0x2000, 0x822: 0x2000, 0x823: 0x2000, - 0x824: 0x2000, 0x825: 0x2000, 0x826: 0x2000, 0x827: 0x2000, 0x828: 0x2000, 0x829: 0x2000, - 0x82a: 0x2000, 0x82b: 0x2000, 0x82c: 0x2000, 0x82d: 0x2000, 0x82e: 0x2000, 0x82f: 0x2000, - 0x830: 0x2000, 0x831: 0x2000, 0x832: 0x2000, 0x833: 0x2000, 0x834: 0x2000, 0x835: 0x2000, - 0x836: 0x2000, 0x837: 0x2000, 0x838: 0x2000, 0x839: 0x2000, 0x83a: 0x2000, 0x83b: 0x2000, - 0x83c: 0x2000, 0x83d: 0x2000, 0x83e: 0x2000, 0x83f: 0x2000, - // Block 0x21, offset 0x840 - 0x840: 0x2000, 0x841: 0x2000, 0x842: 0x2000, 0x843: 0x2000, 0x844: 0x2000, 0x845: 0x2000, - 0x846: 0x2000, 0x847: 0x2000, 0x848: 0x2000, 0x849: 0x2000, 0x84a: 0x2000, 0x84b: 0x2000, - 0x850: 0x2000, 0x851: 0x2000, - 0x852: 0x2000, 0x853: 0x2000, 0x854: 0x2000, 0x855: 0x2000, 0x856: 0x2000, 0x857: 0x2000, - 0x858: 0x2000, 0x859: 0x2000, 0x85a: 0x2000, 0x85b: 0x2000, 0x85c: 0x2000, 0x85d: 0x2000, - 0x85e: 0x2000, 0x85f: 0x2000, 0x860: 0x2000, 0x861: 0x2000, 0x862: 0x2000, 0x863: 0x2000, - 0x864: 0x2000, 0x865: 0x2000, 0x866: 0x2000, 0x867: 0x2000, 0x868: 0x2000, 0x869: 0x2000, - 0x86a: 0x2000, 0x86b: 0x2000, 0x86c: 0x2000, 0x86d: 0x2000, 0x86e: 0x2000, 0x86f: 0x2000, - 0x870: 0x2000, 0x871: 0x2000, 0x872: 0x2000, 0x873: 0x2000, - // Block 0x22, offset 0x880 - 0x880: 0x2000, 0x881: 0x2000, 0x882: 0x2000, 0x883: 0x2000, 0x884: 0x2000, 0x885: 0x2000, - 0x886: 0x2000, 0x887: 0x2000, 0x888: 0x2000, 0x889: 0x2000, 0x88a: 0x2000, 0x88b: 0x2000, - 0x88c: 0x2000, 0x88d: 0x2000, 0x88e: 0x2000, 0x88f: 0x2000, - 0x892: 0x2000, 0x893: 0x2000, 0x894: 0x2000, 0x895: 0x2000, - 0x8a0: 0x200e, 0x8a1: 0x2000, 0x8a3: 0x2000, - 0x8a4: 0x2000, 0x8a5: 0x2000, 0x8a6: 0x2000, 0x8a7: 0x2000, 0x8a8: 0x2000, 0x8a9: 0x2000, - 0x8b2: 0x2000, 0x8b3: 0x2000, - 0x8b6: 0x2000, 0x8b7: 0x2000, - 0x8bc: 0x2000, 0x8bd: 0x2000, - // Block 0x23, offset 0x8c0 - 0x8c0: 0x2000, 0x8c1: 0x2000, - 0x8c6: 0x2000, 0x8c7: 0x2000, 0x8c8: 0x2000, 0x8cb: 0x200f, - 0x8ce: 0x2000, 0x8cf: 0x2000, 0x8d0: 0x2000, 0x8d1: 0x2000, - 0x8e2: 0x2000, 0x8e3: 0x2000, - 0x8e4: 0x2000, 0x8e5: 0x2000, - 0x8ef: 0x2000, - 0x8fd: 0x4000, 0x8fe: 0x4000, - // Block 0x24, offset 0x900 - 0x905: 0x2000, - 0x906: 0x2000, 0x909: 0x2000, - 0x90e: 0x2000, 0x90f: 0x2000, - 0x914: 0x4000, 0x915: 0x4000, - 0x91c: 0x2000, - 0x91e: 0x2000, - // Block 0x25, offset 0x940 - 0x940: 0x2000, 0x942: 0x2000, - 0x948: 0x4000, 0x949: 0x4000, 0x94a: 0x4000, 0x94b: 0x4000, - 0x94c: 0x4000, 0x94d: 0x4000, 0x94e: 0x4000, 0x94f: 0x4000, 0x950: 0x4000, 0x951: 0x4000, - 0x952: 0x4000, 0x953: 0x4000, - 0x960: 0x2000, 0x961: 0x2000, 0x963: 0x2000, - 0x964: 0x2000, 0x965: 0x2000, 0x967: 0x2000, 0x968: 0x2000, 0x969: 0x2000, - 0x96a: 0x2000, 0x96c: 0x2000, 0x96d: 0x2000, 0x96f: 0x2000, - 0x97f: 0x4000, - // Block 0x26, offset 0x980 - 0x993: 0x4000, - 0x99e: 0x2000, 0x99f: 0x2000, 0x9a1: 0x4000, - 0x9aa: 0x4000, 0x9ab: 0x4000, - 0x9bd: 0x4000, 0x9be: 0x4000, 0x9bf: 0x2000, - // Block 0x27, offset 0x9c0 - 0x9c4: 0x4000, 0x9c5: 0x4000, - 0x9c6: 0x2000, 0x9c7: 0x2000, 0x9c8: 0x2000, 0x9c9: 0x2000, 0x9ca: 0x2000, 0x9cb: 0x2000, - 0x9cc: 0x2000, 0x9cd: 0x2000, 0x9ce: 0x4000, 0x9cf: 0x2000, 0x9d0: 0x2000, 0x9d1: 0x2000, - 0x9d2: 0x2000, 0x9d3: 0x2000, 0x9d4: 0x4000, 0x9d5: 0x2000, 0x9d6: 0x2000, 0x9d7: 0x2000, - 0x9d8: 0x2000, 0x9d9: 0x2000, 0x9da: 0x2000, 0x9db: 0x2000, 0x9dc: 0x2000, 0x9dd: 0x2000, - 0x9de: 0x2000, 0x9df: 0x2000, 0x9e0: 0x2000, 0x9e1: 0x2000, 0x9e3: 0x2000, - 0x9e8: 0x2000, 0x9e9: 0x2000, - 0x9ea: 0x4000, 0x9eb: 0x2000, 0x9ec: 0x2000, 0x9ed: 0x2000, 0x9ee: 0x2000, 0x9ef: 0x2000, - 0x9f0: 0x2000, 0x9f1: 0x2000, 0x9f2: 0x4000, 0x9f3: 0x4000, 0x9f4: 0x2000, 0x9f5: 0x4000, - 0x9f6: 0x2000, 0x9f7: 0x2000, 0x9f8: 0x2000, 0x9f9: 0x2000, 0x9fa: 0x4000, 0x9fb: 0x2000, - 0x9fc: 0x2000, 0x9fd: 0x4000, 0x9fe: 0x2000, 0x9ff: 0x2000, - // Block 0x28, offset 0xa00 - 0xa05: 0x4000, - 0xa0a: 0x4000, 0xa0b: 0x4000, - 0xa28: 0x4000, - 0xa3d: 0x2000, - // Block 0x29, offset 0xa40 - 0xa4c: 0x4000, 0xa4e: 0x4000, - 0xa53: 0x4000, 0xa54: 0x4000, 0xa55: 0x4000, 0xa57: 0x4000, - 0xa76: 0x2000, 0xa77: 0x2000, 0xa78: 0x2000, 0xa79: 0x2000, 0xa7a: 0x2000, 0xa7b: 0x2000, - 0xa7c: 0x2000, 0xa7d: 0x2000, 0xa7e: 0x2000, 0xa7f: 0x2000, - // Block 0x2a, offset 0xa80 - 0xa95: 0x4000, 0xa96: 0x4000, 0xa97: 0x4000, - 0xab0: 0x4000, - 0xabf: 0x4000, - // Block 0x2b, offset 0xac0 - 0xae6: 0x6000, 0xae7: 0x6000, 0xae8: 0x6000, 0xae9: 0x6000, - 0xaea: 0x6000, 0xaeb: 0x6000, 0xaec: 0x6000, 0xaed: 0x6000, - // Block 0x2c, offset 0xb00 - 0xb05: 0x6010, - 0xb06: 0x6011, - // Block 0x2d, offset 0xb40 - 0xb5b: 0x4000, 0xb5c: 0x4000, - // Block 0x2e, offset 0xb80 - 0xb90: 0x4000, - 0xb95: 0x4000, 0xb96: 0x2000, 0xb97: 0x2000, - 0xb98: 0x2000, 0xb99: 0x2000, - // Block 0x2f, offset 0xbc0 - 0xbc0: 0x4000, 0xbc1: 0x4000, 0xbc2: 0x4000, 0xbc3: 0x4000, 0xbc4: 0x4000, 0xbc5: 0x4000, - 0xbc6: 0x4000, 0xbc7: 0x4000, 0xbc8: 0x4000, 0xbc9: 0x4000, 0xbca: 0x4000, 0xbcb: 0x4000, - 0xbcc: 0x4000, 0xbcd: 0x4000, 0xbce: 0x4000, 0xbcf: 0x4000, 0xbd0: 0x4000, 0xbd1: 0x4000, - 0xbd2: 0x4000, 0xbd3: 0x4000, 0xbd4: 0x4000, 0xbd5: 0x4000, 0xbd6: 0x4000, 0xbd7: 0x4000, - 0xbd8: 0x4000, 0xbd9: 0x4000, 0xbdb: 0x4000, 0xbdc: 0x4000, 0xbdd: 0x4000, - 0xbde: 0x4000, 0xbdf: 0x4000, 0xbe0: 0x4000, 0xbe1: 0x4000, 0xbe2: 0x4000, 0xbe3: 0x4000, - 0xbe4: 0x4000, 0xbe5: 0x4000, 0xbe6: 0x4000, 0xbe7: 0x4000, 0xbe8: 0x4000, 0xbe9: 0x4000, - 0xbea: 0x4000, 0xbeb: 0x4000, 0xbec: 0x4000, 0xbed: 0x4000, 0xbee: 0x4000, 0xbef: 0x4000, - 0xbf0: 0x4000, 0xbf1: 0x4000, 0xbf2: 0x4000, 0xbf3: 0x4000, 0xbf4: 0x4000, 0xbf5: 0x4000, - 0xbf6: 0x4000, 0xbf7: 0x4000, 0xbf8: 0x4000, 0xbf9: 0x4000, 0xbfa: 0x4000, 0xbfb: 0x4000, - 0xbfc: 0x4000, 0xbfd: 0x4000, 0xbfe: 0x4000, 0xbff: 0x4000, - // Block 0x30, offset 0xc00 - 0xc00: 0x4000, 0xc01: 0x4000, 0xc02: 0x4000, 0xc03: 0x4000, 0xc04: 0x4000, 0xc05: 0x4000, - 0xc06: 0x4000, 0xc07: 0x4000, 0xc08: 0x4000, 0xc09: 0x4000, 0xc0a: 0x4000, 0xc0b: 0x4000, - 0xc0c: 0x4000, 0xc0d: 0x4000, 0xc0e: 0x4000, 0xc0f: 0x4000, 0xc10: 0x4000, 0xc11: 0x4000, - 0xc12: 0x4000, 0xc13: 0x4000, 0xc14: 0x4000, 0xc15: 0x4000, 0xc16: 0x4000, 0xc17: 0x4000, - 0xc18: 0x4000, 0xc19: 0x4000, 0xc1a: 0x4000, 0xc1b: 0x4000, 0xc1c: 0x4000, 0xc1d: 0x4000, - 0xc1e: 0x4000, 0xc1f: 0x4000, 0xc20: 0x4000, 0xc21: 0x4000, 0xc22: 0x4000, 0xc23: 0x4000, - 0xc24: 0x4000, 0xc25: 0x4000, 0xc26: 0x4000, 0xc27: 0x4000, 0xc28: 0x4000, 0xc29: 0x4000, - 0xc2a: 0x4000, 0xc2b: 0x4000, 0xc2c: 0x4000, 0xc2d: 0x4000, 0xc2e: 0x4000, 0xc2f: 0x4000, - 0xc30: 0x4000, 0xc31: 0x4000, 0xc32: 0x4000, 0xc33: 0x4000, - // Block 0x31, offset 0xc40 - 0xc40: 0x4000, 0xc41: 0x4000, 0xc42: 0x4000, 0xc43: 0x4000, 0xc44: 0x4000, 0xc45: 0x4000, - 0xc46: 0x4000, 0xc47: 0x4000, 0xc48: 0x4000, 0xc49: 0x4000, 0xc4a: 0x4000, 0xc4b: 0x4000, - 0xc4c: 0x4000, 0xc4d: 0x4000, 0xc4e: 0x4000, 0xc4f: 0x4000, 0xc50: 0x4000, 0xc51: 0x4000, - 0xc52: 0x4000, 0xc53: 0x4000, 0xc54: 0x4000, 0xc55: 0x4000, - 0xc70: 0x4000, 0xc71: 0x4000, 0xc72: 0x4000, 0xc73: 0x4000, 0xc74: 0x4000, 0xc75: 0x4000, - 0xc76: 0x4000, 0xc77: 0x4000, 0xc78: 0x4000, 0xc79: 0x4000, 0xc7a: 0x4000, 0xc7b: 0x4000, - // Block 0x32, offset 0xc80 - 0xc80: 0x9012, 0xc81: 0x4013, 0xc82: 0x4014, 0xc83: 0x4000, 0xc84: 0x4000, 0xc85: 0x4000, - 0xc86: 0x4000, 0xc87: 0x4000, 0xc88: 0x4000, 0xc89: 0x4000, 0xc8a: 0x4000, 0xc8b: 0x4000, - 0xc8c: 0x4015, 0xc8d: 0x4015, 0xc8e: 0x4000, 0xc8f: 0x4000, 0xc90: 0x4000, 0xc91: 0x4000, - 0xc92: 0x4000, 0xc93: 0x4000, 0xc94: 0x4000, 0xc95: 0x4000, 0xc96: 0x4000, 0xc97: 0x4000, - 0xc98: 0x4000, 0xc99: 0x4000, 0xc9a: 0x4000, 0xc9b: 0x4000, 0xc9c: 0x4000, 0xc9d: 0x4000, - 0xc9e: 0x4000, 0xc9f: 0x4000, 0xca0: 0x4000, 0xca1: 0x4000, 0xca2: 0x4000, 0xca3: 0x4000, - 0xca4: 0x4000, 0xca5: 0x4000, 0xca6: 0x4000, 0xca7: 0x4000, 0xca8: 0x4000, 0xca9: 0x4000, - 0xcaa: 0x4000, 0xcab: 0x4000, 0xcac: 0x4000, 0xcad: 0x4000, 0xcae: 0x4000, 0xcaf: 0x4000, - 0xcb0: 0x4000, 0xcb1: 0x4000, 0xcb2: 0x4000, 0xcb3: 0x4000, 0xcb4: 0x4000, 0xcb5: 0x4000, - 0xcb6: 0x4000, 0xcb7: 0x4000, 0xcb8: 0x4000, 0xcb9: 0x4000, 0xcba: 0x4000, 0xcbb: 0x4000, - 0xcbc: 0x4000, 0xcbd: 0x4000, 0xcbe: 0x4000, - // Block 0x33, offset 0xcc0 - 0xcc1: 0x4000, 0xcc2: 0x4000, 0xcc3: 0x4000, 0xcc4: 0x4000, 0xcc5: 0x4000, - 0xcc6: 0x4000, 0xcc7: 0x4000, 0xcc8: 0x4000, 0xcc9: 0x4000, 0xcca: 0x4000, 0xccb: 0x4000, - 0xccc: 0x4000, 0xccd: 0x4000, 0xcce: 0x4000, 0xccf: 0x4000, 0xcd0: 0x4000, 0xcd1: 0x4000, - 0xcd2: 0x4000, 0xcd3: 0x4000, 0xcd4: 0x4000, 0xcd5: 0x4000, 0xcd6: 0x4000, 0xcd7: 0x4000, - 0xcd8: 0x4000, 0xcd9: 0x4000, 0xcda: 0x4000, 0xcdb: 0x4000, 0xcdc: 0x4000, 0xcdd: 0x4000, - 0xcde: 0x4000, 0xcdf: 0x4000, 0xce0: 0x4000, 0xce1: 0x4000, 0xce2: 0x4000, 0xce3: 0x4000, - 0xce4: 0x4000, 0xce5: 0x4000, 0xce6: 0x4000, 0xce7: 0x4000, 0xce8: 0x4000, 0xce9: 0x4000, - 0xcea: 0x4000, 0xceb: 0x4000, 0xcec: 0x4000, 0xced: 0x4000, 0xcee: 0x4000, 0xcef: 0x4000, - 0xcf0: 0x4000, 0xcf1: 0x4000, 0xcf2: 0x4000, 0xcf3: 0x4000, 0xcf4: 0x4000, 0xcf5: 0x4000, - 0xcf6: 0x4000, 0xcf7: 0x4000, 0xcf8: 0x4000, 0xcf9: 0x4000, 0xcfa: 0x4000, 0xcfb: 0x4000, - 0xcfc: 0x4000, 0xcfd: 0x4000, 0xcfe: 0x4000, 0xcff: 0x4000, - // Block 0x34, offset 0xd00 - 0xd00: 0x4000, 0xd01: 0x4000, 0xd02: 0x4000, 0xd03: 0x4000, 0xd04: 0x4000, 0xd05: 0x4000, - 0xd06: 0x4000, 0xd07: 0x4000, 0xd08: 0x4000, 0xd09: 0x4000, 0xd0a: 0x4000, 0xd0b: 0x4000, - 0xd0c: 0x4000, 0xd0d: 0x4000, 0xd0e: 0x4000, 0xd0f: 0x4000, 0xd10: 0x4000, 0xd11: 0x4000, - 0xd12: 0x4000, 0xd13: 0x4000, 0xd14: 0x4000, 0xd15: 0x4000, 0xd16: 0x4000, - 0xd19: 0x4016, 0xd1a: 0x4017, 0xd1b: 0x4000, 0xd1c: 0x4000, 0xd1d: 0x4000, - 0xd1e: 0x4000, 0xd1f: 0x4000, 0xd20: 0x4000, 0xd21: 0x4018, 0xd22: 0x4019, 0xd23: 0x401a, - 0xd24: 0x401b, 0xd25: 0x401c, 0xd26: 0x401d, 0xd27: 0x401e, 0xd28: 0x401f, 0xd29: 0x4020, - 0xd2a: 0x4021, 0xd2b: 0x4022, 0xd2c: 0x4000, 0xd2d: 0x4010, 0xd2e: 0x4000, 0xd2f: 0x4023, - 0xd30: 0x4000, 0xd31: 0x4024, 0xd32: 0x4000, 0xd33: 0x4025, 0xd34: 0x4000, 0xd35: 0x4026, - 0xd36: 0x4000, 0xd37: 0x401a, 0xd38: 0x4000, 0xd39: 0x4027, 0xd3a: 0x4000, 0xd3b: 0x4028, - 0xd3c: 0x4000, 0xd3d: 0x4020, 0xd3e: 0x4000, 0xd3f: 0x4029, - // Block 0x35, offset 0xd40 - 0xd40: 0x4000, 0xd41: 0x402a, 0xd42: 0x4000, 0xd43: 0x402b, 0xd44: 0x402c, 0xd45: 0x4000, - 0xd46: 0x4017, 0xd47: 0x4000, 0xd48: 0x402d, 0xd49: 0x4000, 0xd4a: 0x402e, 0xd4b: 0x402f, - 0xd4c: 0x4030, 0xd4d: 0x4017, 0xd4e: 0x4016, 0xd4f: 0x4017, 0xd50: 0x4000, 0xd51: 0x4000, - 0xd52: 0x4031, 0xd53: 0x4000, 0xd54: 0x4000, 0xd55: 0x4031, 0xd56: 0x4000, 0xd57: 0x4000, - 0xd58: 0x4032, 0xd59: 0x4000, 0xd5a: 0x4000, 0xd5b: 0x4032, 0xd5c: 0x4000, 0xd5d: 0x4000, - 0xd5e: 0x4033, 0xd5f: 0x402e, 0xd60: 0x4034, 0xd61: 0x4035, 0xd62: 0x4034, 0xd63: 0x4036, - 0xd64: 0x4037, 0xd65: 0x4024, 0xd66: 0x4035, 0xd67: 0x4025, 0xd68: 0x4038, 0xd69: 0x4038, - 0xd6a: 0x4039, 0xd6b: 0x4039, 0xd6c: 0x403a, 0xd6d: 0x403a, 0xd6e: 0x4000, 0xd6f: 0x4035, - 0xd70: 0x4000, 0xd71: 0x4000, 0xd72: 0x403b, 0xd73: 0x403c, 0xd74: 0x4000, 0xd75: 0x4000, - 0xd76: 0x4000, 0xd77: 0x4000, 0xd78: 0x4000, 0xd79: 0x4000, 0xd7a: 0x4000, 0xd7b: 0x403d, - 0xd7c: 0x401c, 0xd7d: 0x4000, 0xd7e: 0x4000, 0xd7f: 0x4000, - // Block 0x36, offset 0xd80 - 0xd85: 0x4000, - 0xd86: 0x4000, 0xd87: 0x4000, 0xd88: 0x4000, 0xd89: 0x4000, 0xd8a: 0x4000, 0xd8b: 0x4000, - 0xd8c: 0x4000, 0xd8d: 0x4000, 0xd8e: 0x4000, 0xd8f: 0x4000, 0xd90: 0x4000, 0xd91: 0x4000, - 0xd92: 0x4000, 0xd93: 0x4000, 0xd94: 0x4000, 0xd95: 0x4000, 0xd96: 0x4000, 0xd97: 0x4000, - 0xd98: 0x4000, 0xd99: 0x4000, 0xd9a: 0x4000, 0xd9b: 0x4000, 0xd9c: 0x4000, 0xd9d: 0x4000, - 0xd9e: 0x4000, 0xd9f: 0x4000, 0xda0: 0x4000, 0xda1: 0x4000, 0xda2: 0x4000, 0xda3: 0x4000, - 0xda4: 0x4000, 0xda5: 0x4000, 0xda6: 0x4000, 0xda7: 0x4000, 0xda8: 0x4000, 0xda9: 0x4000, - 0xdaa: 0x4000, 0xdab: 0x4000, 0xdac: 0x4000, 0xdad: 0x4000, 0xdae: 0x4000, 0xdaf: 0x4000, - 0xdb1: 0x403e, 0xdb2: 0x403e, 0xdb3: 0x403e, 0xdb4: 0x403e, 0xdb5: 0x403e, - 0xdb6: 0x403e, 0xdb7: 0x403e, 0xdb8: 0x403e, 0xdb9: 0x403e, 0xdba: 0x403e, 0xdbb: 0x403e, - 0xdbc: 0x403e, 0xdbd: 0x403e, 0xdbe: 0x403e, 0xdbf: 0x403e, - // Block 0x37, offset 0xdc0 - 0xdc0: 0x4037, 0xdc1: 0x4037, 0xdc2: 0x4037, 0xdc3: 0x4037, 0xdc4: 0x4037, 0xdc5: 0x4037, - 0xdc6: 0x4037, 0xdc7: 0x4037, 0xdc8: 0x4037, 0xdc9: 0x4037, 0xdca: 0x4037, 0xdcb: 0x4037, - 0xdcc: 0x4037, 0xdcd: 0x4037, 0xdce: 0x4037, 0xdcf: 0x400e, 0xdd0: 0x403f, 0xdd1: 0x4040, - 0xdd2: 0x4041, 0xdd3: 0x4040, 0xdd4: 0x403f, 0xdd5: 0x4042, 0xdd6: 0x4043, 0xdd7: 0x4044, - 0xdd8: 0x4040, 0xdd9: 0x4041, 0xdda: 0x4040, 0xddb: 0x4045, 0xddc: 0x4009, 0xddd: 0x4045, - 0xdde: 0x4046, 0xddf: 0x4045, 0xde0: 0x4047, 0xde1: 0x400b, 0xde2: 0x400a, 0xde3: 0x400c, - 0xde4: 0x4048, 0xde5: 0x4000, 0xde6: 0x4000, 0xde7: 0x4000, 0xde8: 0x4000, 0xde9: 0x4000, - 0xdea: 0x4000, 0xdeb: 0x4000, 0xdec: 0x4000, 0xded: 0x4000, 0xdee: 0x4000, 0xdef: 0x4000, - 0xdf0: 0x4000, 0xdf1: 0x4000, 0xdf2: 0x4000, 0xdf3: 0x4000, 0xdf4: 0x4000, 0xdf5: 0x4000, - 0xdf6: 0x4000, 0xdf7: 0x4000, 0xdf8: 0x4000, 0xdf9: 0x4000, 0xdfa: 0x4000, 0xdfb: 0x4000, - 0xdfc: 0x4000, 0xdfd: 0x4000, 0xdfe: 0x4000, 0xdff: 0x4000, - // Block 0x38, offset 0xe00 - 0xe00: 0x4000, 0xe01: 0x4000, 0xe02: 0x4000, 0xe03: 0x4000, 0xe04: 0x4000, 0xe05: 0x4000, - 0xe06: 0x4000, 0xe07: 0x4000, 0xe08: 0x4000, 0xe09: 0x4000, 0xe0a: 0x4000, 0xe0b: 0x4000, - 0xe0c: 0x4000, 0xe0d: 0x4000, 0xe0e: 0x4000, 0xe10: 0x4000, 0xe11: 0x4000, - 0xe12: 0x4000, 0xe13: 0x4000, 0xe14: 0x4000, 0xe15: 0x4000, 0xe16: 0x4000, 0xe17: 0x4000, - 0xe18: 0x4000, 0xe19: 0x4000, 0xe1a: 0x4000, 0xe1b: 0x4000, 0xe1c: 0x4000, 0xe1d: 0x4000, - 0xe1e: 0x4000, 0xe1f: 0x4000, 0xe20: 0x4000, 0xe21: 0x4000, 0xe22: 0x4000, 0xe23: 0x4000, - 0xe24: 0x4000, 0xe25: 0x4000, 0xe26: 0x4000, 0xe27: 0x4000, 0xe28: 0x4000, 0xe29: 0x4000, - 0xe2a: 0x4000, 0xe2b: 0x4000, 0xe2c: 0x4000, 0xe2d: 0x4000, 0xe2e: 0x4000, 0xe2f: 0x4000, - 0xe30: 0x4000, 0xe31: 0x4000, 0xe32: 0x4000, 0xe33: 0x4000, 0xe34: 0x4000, 0xe35: 0x4000, - 0xe36: 0x4000, 0xe37: 0x4000, 0xe38: 0x4000, 0xe39: 0x4000, 0xe3a: 0x4000, - // Block 0x39, offset 0xe40 - 0xe40: 0x4000, 0xe41: 0x4000, 0xe42: 0x4000, 0xe43: 0x4000, 0xe44: 0x4000, 0xe45: 0x4000, - 0xe46: 0x4000, 0xe47: 0x4000, 0xe48: 0x4000, 0xe49: 0x4000, 0xe4a: 0x4000, 0xe4b: 0x4000, - 0xe4c: 0x4000, 0xe4d: 0x4000, 0xe4e: 0x4000, 0xe4f: 0x4000, 0xe50: 0x4000, 0xe51: 0x4000, - 0xe52: 0x4000, 0xe53: 0x4000, 0xe54: 0x4000, 0xe55: 0x4000, 0xe56: 0x4000, 0xe57: 0x4000, - 0xe58: 0x4000, 0xe59: 0x4000, 0xe5a: 0x4000, 0xe5b: 0x4000, 0xe5c: 0x4000, 0xe5d: 0x4000, - 0xe5e: 0x4000, 0xe5f: 0x4000, 0xe60: 0x4000, 0xe61: 0x4000, 0xe62: 0x4000, 0xe63: 0x4000, - 0xe70: 0x4000, 0xe71: 0x4000, 0xe72: 0x4000, 0xe73: 0x4000, 0xe74: 0x4000, 0xe75: 0x4000, - 0xe76: 0x4000, 0xe77: 0x4000, 0xe78: 0x4000, 0xe79: 0x4000, 0xe7a: 0x4000, 0xe7b: 0x4000, - 0xe7c: 0x4000, 0xe7d: 0x4000, 0xe7e: 0x4000, 0xe7f: 0x4000, - // Block 0x3a, offset 0xe80 - 0xe80: 0x4000, 0xe81: 0x4000, 0xe82: 0x4000, 0xe83: 0x4000, 0xe84: 0x4000, 0xe85: 0x4000, - 0xe86: 0x4000, 0xe87: 0x4000, 0xe88: 0x4000, 0xe89: 0x4000, 0xe8a: 0x4000, 0xe8b: 0x4000, - 0xe8c: 0x4000, 0xe8d: 0x4000, 0xe8e: 0x4000, 0xe8f: 0x4000, 0xe90: 0x4000, 0xe91: 0x4000, - 0xe92: 0x4000, 0xe93: 0x4000, 0xe94: 0x4000, 0xe95: 0x4000, 0xe96: 0x4000, 0xe97: 0x4000, - 0xe98: 0x4000, 0xe99: 0x4000, 0xe9a: 0x4000, 0xe9b: 0x4000, 0xe9c: 0x4000, 0xe9d: 0x4000, - 0xe9e: 0x4000, 0xea0: 0x4000, 0xea1: 0x4000, 0xea2: 0x4000, 0xea3: 0x4000, - 0xea4: 0x4000, 0xea5: 0x4000, 0xea6: 0x4000, 0xea7: 0x4000, 0xea8: 0x4000, 0xea9: 0x4000, - 0xeaa: 0x4000, 0xeab: 0x4000, 0xeac: 0x4000, 0xead: 0x4000, 0xeae: 0x4000, 0xeaf: 0x4000, - 0xeb0: 0x4000, 0xeb1: 0x4000, 0xeb2: 0x4000, 0xeb3: 0x4000, 0xeb4: 0x4000, 0xeb5: 0x4000, - 0xeb6: 0x4000, 0xeb7: 0x4000, 0xeb8: 0x4000, 0xeb9: 0x4000, 0xeba: 0x4000, 0xebb: 0x4000, - 0xebc: 0x4000, 0xebd: 0x4000, 0xebe: 0x4000, 0xebf: 0x4000, - // Block 0x3b, offset 0xec0 - 0xec0: 0x4000, 0xec1: 0x4000, 0xec2: 0x4000, 0xec3: 0x4000, 0xec4: 0x4000, 0xec5: 0x4000, - 0xec6: 0x4000, 0xec7: 0x4000, 0xec8: 0x2000, 0xec9: 0x2000, 0xeca: 0x2000, 0xecb: 0x2000, - 0xecc: 0x2000, 0xecd: 0x2000, 0xece: 0x2000, 0xecf: 0x2000, 0xed0: 0x4000, 0xed1: 0x4000, - 0xed2: 0x4000, 0xed3: 0x4000, 0xed4: 0x4000, 0xed5: 0x4000, 0xed6: 0x4000, 0xed7: 0x4000, - 0xed8: 0x4000, 0xed9: 0x4000, 0xeda: 0x4000, 0xedb: 0x4000, 0xedc: 0x4000, 0xedd: 0x4000, - 0xede: 0x4000, 0xedf: 0x4000, 0xee0: 0x4000, 0xee1: 0x4000, 0xee2: 0x4000, 0xee3: 0x4000, - 0xee4: 0x4000, 0xee5: 0x4000, 0xee6: 0x4000, 0xee7: 0x4000, 0xee8: 0x4000, 0xee9: 0x4000, - 0xeea: 0x4000, 0xeeb: 0x4000, 0xeec: 0x4000, 0xeed: 0x4000, 0xeee: 0x4000, 0xeef: 0x4000, - 0xef0: 0x4000, 0xef1: 0x4000, 0xef2: 0x4000, 0xef3: 0x4000, 0xef4: 0x4000, 0xef5: 0x4000, - 0xef6: 0x4000, 0xef7: 0x4000, 0xef8: 0x4000, 0xef9: 0x4000, 0xefa: 0x4000, 0xefb: 0x4000, - 0xefc: 0x4000, 0xefd: 0x4000, 0xefe: 0x4000, 0xeff: 0x4000, - // Block 0x3c, offset 0xf00 - 0xf00: 0x4000, 0xf01: 0x4000, 0xf02: 0x4000, 0xf03: 0x4000, 0xf04: 0x4000, 0xf05: 0x4000, - 0xf06: 0x4000, 0xf07: 0x4000, 0xf08: 0x4000, 0xf09: 0x4000, 0xf0a: 0x4000, 0xf0b: 0x4000, - 0xf0c: 0x4000, 0xf0d: 0x4000, 0xf0e: 0x4000, 0xf0f: 0x4000, 0xf10: 0x4000, 0xf11: 0x4000, - 0xf12: 0x4000, 0xf13: 0x4000, 0xf14: 0x4000, 0xf15: 0x4000, 0xf16: 0x4000, 0xf17: 0x4000, - 0xf18: 0x4000, 0xf19: 0x4000, 0xf1a: 0x4000, 0xf1b: 0x4000, 0xf1c: 0x4000, 0xf1d: 0x4000, - 0xf1e: 0x4000, 0xf1f: 0x4000, 0xf20: 0x4000, 0xf21: 0x4000, 0xf22: 0x4000, 0xf23: 0x4000, - 0xf24: 0x4000, 0xf25: 0x4000, 0xf26: 0x4000, 0xf27: 0x4000, 0xf28: 0x4000, 0xf29: 0x4000, - 0xf2a: 0x4000, 0xf2b: 0x4000, 0xf2c: 0x4000, 0xf2d: 0x4000, 0xf2e: 0x4000, 0xf2f: 0x4000, - 0xf30: 0x4000, 0xf31: 0x4000, 0xf32: 0x4000, 0xf33: 0x4000, 0xf34: 0x4000, 0xf35: 0x4000, - 0xf36: 0x4000, 0xf37: 0x4000, 0xf38: 0x4000, 0xf39: 0x4000, 0xf3a: 0x4000, 0xf3b: 0x4000, - 0xf3c: 0x4000, 0xf3d: 0x4000, 0xf3e: 0x4000, - // Block 0x3d, offset 0xf40 - 0xf40: 0x4000, 0xf41: 0x4000, 0xf42: 0x4000, 0xf43: 0x4000, 0xf44: 0x4000, 0xf45: 0x4000, - 0xf46: 0x4000, 0xf47: 0x4000, 0xf48: 0x4000, 0xf49: 0x4000, 0xf4a: 0x4000, 0xf4b: 0x4000, - 0xf4c: 0x4000, 0xf50: 0x4000, 0xf51: 0x4000, - 0xf52: 0x4000, 0xf53: 0x4000, 0xf54: 0x4000, 0xf55: 0x4000, 0xf56: 0x4000, 0xf57: 0x4000, - 0xf58: 0x4000, 0xf59: 0x4000, 0xf5a: 0x4000, 0xf5b: 0x4000, 0xf5c: 0x4000, 0xf5d: 0x4000, - 0xf5e: 0x4000, 0xf5f: 0x4000, 0xf60: 0x4000, 0xf61: 0x4000, 0xf62: 0x4000, 0xf63: 0x4000, - 0xf64: 0x4000, 0xf65: 0x4000, 0xf66: 0x4000, 0xf67: 0x4000, 0xf68: 0x4000, 0xf69: 0x4000, - 0xf6a: 0x4000, 0xf6b: 0x4000, 0xf6c: 0x4000, 0xf6d: 0x4000, 0xf6e: 0x4000, 0xf6f: 0x4000, - 0xf70: 0x4000, 0xf71: 0x4000, 0xf72: 0x4000, 0xf73: 0x4000, 0xf74: 0x4000, 0xf75: 0x4000, - 0xf76: 0x4000, 0xf77: 0x4000, 0xf78: 0x4000, 0xf79: 0x4000, 0xf7a: 0x4000, 0xf7b: 0x4000, - 0xf7c: 0x4000, 0xf7d: 0x4000, 0xf7e: 0x4000, 0xf7f: 0x4000, - // Block 0x3e, offset 0xf80 - 0xf80: 0x4000, 0xf81: 0x4000, 0xf82: 0x4000, 0xf83: 0x4000, 0xf84: 0x4000, 0xf85: 0x4000, - 0xf86: 0x4000, - // Block 0x3f, offset 0xfc0 - 0xfe0: 0x4000, 0xfe1: 0x4000, 0xfe2: 0x4000, 0xfe3: 0x4000, - 0xfe4: 0x4000, 0xfe5: 0x4000, 0xfe6: 0x4000, 0xfe7: 0x4000, 0xfe8: 0x4000, 0xfe9: 0x4000, - 0xfea: 0x4000, 0xfeb: 0x4000, 0xfec: 0x4000, 0xfed: 0x4000, 0xfee: 0x4000, 0xfef: 0x4000, - 0xff0: 0x4000, 0xff1: 0x4000, 0xff2: 0x4000, 0xff3: 0x4000, 0xff4: 0x4000, 0xff5: 0x4000, - 0xff6: 0x4000, 0xff7: 0x4000, 0xff8: 0x4000, 0xff9: 0x4000, 0xffa: 0x4000, 0xffb: 0x4000, - 0xffc: 0x4000, - // Block 0x40, offset 0x1000 - 0x1000: 0x4000, 0x1001: 0x4000, 0x1002: 0x4000, 0x1003: 0x4000, 0x1004: 0x4000, 0x1005: 0x4000, - 0x1006: 0x4000, 0x1007: 0x4000, 0x1008: 0x4000, 0x1009: 0x4000, 0x100a: 0x4000, 0x100b: 0x4000, - 0x100c: 0x4000, 0x100d: 0x4000, 0x100e: 0x4000, 0x100f: 0x4000, 0x1010: 0x4000, 0x1011: 0x4000, - 0x1012: 0x4000, 0x1013: 0x4000, 0x1014: 0x4000, 0x1015: 0x4000, 0x1016: 0x4000, 0x1017: 0x4000, - 0x1018: 0x4000, 0x1019: 0x4000, 0x101a: 0x4000, 0x101b: 0x4000, 0x101c: 0x4000, 0x101d: 0x4000, - 0x101e: 0x4000, 0x101f: 0x4000, 0x1020: 0x4000, 0x1021: 0x4000, 0x1022: 0x4000, 0x1023: 0x4000, - // Block 0x41, offset 0x1040 - 0x1040: 0x2000, 0x1041: 0x2000, 0x1042: 0x2000, 0x1043: 0x2000, 0x1044: 0x2000, 0x1045: 0x2000, - 0x1046: 0x2000, 0x1047: 0x2000, 0x1048: 0x2000, 0x1049: 0x2000, 0x104a: 0x2000, 0x104b: 0x2000, - 0x104c: 0x2000, 0x104d: 0x2000, 0x104e: 0x2000, 0x104f: 0x2000, 0x1050: 0x4000, 0x1051: 0x4000, - 0x1052: 0x4000, 0x1053: 0x4000, 0x1054: 0x4000, 0x1055: 0x4000, 0x1056: 0x4000, 0x1057: 0x4000, - 0x1058: 0x4000, 0x1059: 0x4000, - 0x1070: 0x4000, 0x1071: 0x4000, 0x1072: 0x4000, 0x1073: 0x4000, 0x1074: 0x4000, 0x1075: 0x4000, - 0x1076: 0x4000, 0x1077: 0x4000, 0x1078: 0x4000, 0x1079: 0x4000, 0x107a: 0x4000, 0x107b: 0x4000, - 0x107c: 0x4000, 0x107d: 0x4000, 0x107e: 0x4000, 0x107f: 0x4000, - // Block 0x42, offset 0x1080 - 0x1080: 0x4000, 0x1081: 0x4000, 0x1082: 0x4000, 0x1083: 0x4000, 0x1084: 0x4000, 0x1085: 0x4000, - 0x1086: 0x4000, 0x1087: 0x4000, 0x1088: 0x4000, 0x1089: 0x4000, 0x108a: 0x4000, 0x108b: 0x4000, - 0x108c: 0x4000, 0x108d: 0x4000, 0x108e: 0x4000, 0x108f: 0x4000, 0x1090: 0x4000, 0x1091: 0x4000, - 0x1092: 0x4000, 0x1094: 0x4000, 0x1095: 0x4000, 0x1096: 0x4000, 0x1097: 0x4000, - 0x1098: 0x4000, 0x1099: 0x4000, 0x109a: 0x4000, 0x109b: 0x4000, 0x109c: 0x4000, 0x109d: 0x4000, - 0x109e: 0x4000, 0x109f: 0x4000, 0x10a0: 0x4000, 0x10a1: 0x4000, 0x10a2: 0x4000, 0x10a3: 0x4000, - 0x10a4: 0x4000, 0x10a5: 0x4000, 0x10a6: 0x4000, 0x10a8: 0x4000, 0x10a9: 0x4000, - 0x10aa: 0x4000, 0x10ab: 0x4000, - // Block 0x43, offset 0x10c0 - 0x10c1: 0x9012, 0x10c2: 0x9012, 0x10c3: 0x9012, 0x10c4: 0x9012, 0x10c5: 0x9012, - 0x10c6: 0x9012, 0x10c7: 0x9012, 0x10c8: 0x9012, 0x10c9: 0x9012, 0x10ca: 0x9012, 0x10cb: 0x9012, - 0x10cc: 0x9012, 0x10cd: 0x9012, 0x10ce: 0x9012, 0x10cf: 0x9012, 0x10d0: 0x9012, 0x10d1: 0x9012, - 0x10d2: 0x9012, 0x10d3: 0x9012, 0x10d4: 0x9012, 0x10d5: 0x9012, 0x10d6: 0x9012, 0x10d7: 0x9012, - 0x10d8: 0x9012, 0x10d9: 0x9012, 0x10da: 0x9012, 0x10db: 0x9012, 0x10dc: 0x9012, 0x10dd: 0x9012, - 0x10de: 0x9012, 0x10df: 0x9012, 0x10e0: 0x9049, 0x10e1: 0x9049, 0x10e2: 0x9049, 0x10e3: 0x9049, - 0x10e4: 0x9049, 0x10e5: 0x9049, 0x10e6: 0x9049, 0x10e7: 0x9049, 0x10e8: 0x9049, 0x10e9: 0x9049, - 0x10ea: 0x9049, 0x10eb: 0x9049, 0x10ec: 0x9049, 0x10ed: 0x9049, 0x10ee: 0x9049, 0x10ef: 0x9049, - 0x10f0: 0x9049, 0x10f1: 0x9049, 0x10f2: 0x9049, 0x10f3: 0x9049, 0x10f4: 0x9049, 0x10f5: 0x9049, - 0x10f6: 0x9049, 0x10f7: 0x9049, 0x10f8: 0x9049, 0x10f9: 0x9049, 0x10fa: 0x9049, 0x10fb: 0x9049, - 0x10fc: 0x9049, 0x10fd: 0x9049, 0x10fe: 0x9049, 0x10ff: 0x9049, - // Block 0x44, offset 0x1100 - 0x1100: 0x9049, 0x1101: 0x9049, 0x1102: 0x9049, 0x1103: 0x9049, 0x1104: 0x9049, 0x1105: 0x9049, - 0x1106: 0x9049, 0x1107: 0x9049, 0x1108: 0x9049, 0x1109: 0x9049, 0x110a: 0x9049, 0x110b: 0x9049, - 0x110c: 0x9049, 0x110d: 0x9049, 0x110e: 0x9049, 0x110f: 0x9049, 0x1110: 0x9049, 0x1111: 0x9049, - 0x1112: 0x9049, 0x1113: 0x9049, 0x1114: 0x9049, 0x1115: 0x9049, 0x1116: 0x9049, 0x1117: 0x9049, - 0x1118: 0x9049, 0x1119: 0x9049, 0x111a: 0x9049, 0x111b: 0x9049, 0x111c: 0x9049, 0x111d: 0x9049, - 0x111e: 0x9049, 0x111f: 0x904a, 0x1120: 0x904b, 0x1121: 0xb04c, 0x1122: 0xb04d, 0x1123: 0xb04d, - 0x1124: 0xb04e, 0x1125: 0xb04f, 0x1126: 0xb050, 0x1127: 0xb051, 0x1128: 0xb052, 0x1129: 0xb053, - 0x112a: 0xb054, 0x112b: 0xb055, 0x112c: 0xb056, 0x112d: 0xb057, 0x112e: 0xb058, 0x112f: 0xb059, - 0x1130: 0xb05a, 0x1131: 0xb05b, 0x1132: 0xb05c, 0x1133: 0xb05d, 0x1134: 0xb05e, 0x1135: 0xb05f, - 0x1136: 0xb060, 0x1137: 0xb061, 0x1138: 0xb062, 0x1139: 0xb063, 0x113a: 0xb064, 0x113b: 0xb065, - 0x113c: 0xb052, 0x113d: 0xb066, 0x113e: 0xb067, 0x113f: 0xb055, - // Block 0x45, offset 0x1140 - 0x1140: 0xb068, 0x1141: 0xb069, 0x1142: 0xb06a, 0x1143: 0xb06b, 0x1144: 0xb05a, 0x1145: 0xb056, - 0x1146: 0xb06c, 0x1147: 0xb06d, 0x1148: 0xb06b, 0x1149: 0xb06e, 0x114a: 0xb06b, 0x114b: 0xb06f, - 0x114c: 0xb06f, 0x114d: 0xb070, 0x114e: 0xb070, 0x114f: 0xb071, 0x1150: 0xb056, 0x1151: 0xb072, - 0x1152: 0xb073, 0x1153: 0xb072, 0x1154: 0xb074, 0x1155: 0xb073, 0x1156: 0xb075, 0x1157: 0xb075, - 0x1158: 0xb076, 0x1159: 0xb076, 0x115a: 0xb077, 0x115b: 0xb077, 0x115c: 0xb073, 0x115d: 0xb078, - 0x115e: 0xb079, 0x115f: 0xb067, 0x1160: 0xb07a, 0x1161: 0xb07b, 0x1162: 0xb07b, 0x1163: 0xb07b, - 0x1164: 0xb07b, 0x1165: 0xb07b, 0x1166: 0xb07b, 0x1167: 0xb07b, 0x1168: 0xb07b, 0x1169: 0xb07b, - 0x116a: 0xb07b, 0x116b: 0xb07b, 0x116c: 0xb07b, 0x116d: 0xb07b, 0x116e: 0xb07b, 0x116f: 0xb07b, - 0x1170: 0xb07c, 0x1171: 0xb07c, 0x1172: 0xb07c, 0x1173: 0xb07c, 0x1174: 0xb07c, 0x1175: 0xb07c, - 0x1176: 0xb07c, 0x1177: 0xb07c, 0x1178: 0xb07c, 0x1179: 0xb07c, 0x117a: 0xb07c, 0x117b: 0xb07c, - 0x117c: 0xb07c, 0x117d: 0xb07c, 0x117e: 0xb07c, - // Block 0x46, offset 0x1180 - 0x1182: 0xb07d, 0x1183: 0xb07e, 0x1184: 0xb07f, 0x1185: 0xb080, - 0x1186: 0xb07f, 0x1187: 0xb07e, 0x118a: 0xb081, 0x118b: 0xb082, - 0x118c: 0xb083, 0x118d: 0xb07f, 0x118e: 0xb080, 0x118f: 0xb07f, - 0x1192: 0xb084, 0x1193: 0xb085, 0x1194: 0xb084, 0x1195: 0xb086, 0x1196: 0xb084, 0x1197: 0xb087, - 0x119a: 0xb088, 0x119b: 0xb089, 0x119c: 0xb08a, - 0x11a0: 0x908b, 0x11a1: 0x908b, 0x11a2: 0x908c, 0x11a3: 0x908d, - 0x11a4: 0x908b, 0x11a5: 0x908e, 0x11a6: 0x908f, 0x11a8: 0xb090, 0x11a9: 0xb091, - 0x11aa: 0xb092, 0x11ab: 0xb091, 0x11ac: 0xb093, 0x11ad: 0xb094, 0x11ae: 0xb095, - 0x11bd: 0x2000, - // Block 0x47, offset 0x11c0 - 0x11e0: 0x4000, 0x11e1: 0x4000, 0x11e2: 0x4000, 0x11e3: 0x4000, - // Block 0x48, offset 0x1200 - 0x1200: 0x4000, 0x1201: 0x4000, 0x1202: 0x4000, 0x1203: 0x4000, 0x1204: 0x4000, 0x1205: 0x4000, - 0x1206: 0x4000, 0x1207: 0x4000, 0x1208: 0x4000, 0x1209: 0x4000, 0x120a: 0x4000, 0x120b: 0x4000, - 0x120c: 0x4000, 0x120d: 0x4000, 0x120e: 0x4000, 0x120f: 0x4000, 0x1210: 0x4000, 0x1211: 0x4000, - 0x1212: 0x4000, 0x1213: 0x4000, 0x1214: 0x4000, 0x1215: 0x4000, 0x1216: 0x4000, 0x1217: 0x4000, - 0x1218: 0x4000, 0x1219: 0x4000, 0x121a: 0x4000, 0x121b: 0x4000, 0x121c: 0x4000, 0x121d: 0x4000, - 0x121e: 0x4000, 0x121f: 0x4000, 0x1220: 0x4000, 0x1221: 0x4000, 0x1222: 0x4000, 0x1223: 0x4000, - 0x1224: 0x4000, 0x1225: 0x4000, 0x1226: 0x4000, 0x1227: 0x4000, 0x1228: 0x4000, 0x1229: 0x4000, - 0x122a: 0x4000, 0x122b: 0x4000, 0x122c: 0x4000, 0x122d: 0x4000, 0x122e: 0x4000, 0x122f: 0x4000, - 0x1230: 0x4000, 0x1231: 0x4000, 0x1232: 0x4000, 0x1233: 0x4000, 0x1234: 0x4000, 0x1235: 0x4000, - 0x1236: 0x4000, 0x1237: 0x4000, - // Block 0x49, offset 0x1240 - 0x1240: 0x4000, 0x1241: 0x4000, 0x1242: 0x4000, 0x1243: 0x4000, 0x1244: 0x4000, 0x1245: 0x4000, - 0x1246: 0x4000, 0x1247: 0x4000, 0x1248: 0x4000, 0x1249: 0x4000, 0x124a: 0x4000, 0x124b: 0x4000, - 0x124c: 0x4000, 0x124d: 0x4000, 0x124e: 0x4000, 0x124f: 0x4000, 0x1250: 0x4000, 0x1251: 0x4000, - 0x1252: 0x4000, 0x1253: 0x4000, 0x1254: 0x4000, 0x1255: 0x4000, 0x1256: 0x4000, 0x1257: 0x4000, - 0x1258: 0x4000, 0x1259: 0x4000, 0x125a: 0x4000, 0x125b: 0x4000, 0x125c: 0x4000, 0x125d: 0x4000, - 0x125e: 0x4000, 0x125f: 0x4000, 0x1260: 0x4000, 0x1261: 0x4000, 0x1262: 0x4000, 0x1263: 0x4000, - 0x1264: 0x4000, 0x1265: 0x4000, 0x1266: 0x4000, 0x1267: 0x4000, 0x1268: 0x4000, 0x1269: 0x4000, - 0x126a: 0x4000, 0x126b: 0x4000, 0x126c: 0x4000, 0x126d: 0x4000, 0x126e: 0x4000, 0x126f: 0x4000, - 0x1270: 0x4000, 0x1271: 0x4000, 0x1272: 0x4000, - // Block 0x4a, offset 0x1280 - 0x1280: 0x4000, 0x1281: 0x4000, 0x1282: 0x4000, 0x1283: 0x4000, 0x1284: 0x4000, 0x1285: 0x4000, - 0x1286: 0x4000, 0x1287: 0x4000, 0x1288: 0x4000, 0x1289: 0x4000, 0x128a: 0x4000, 0x128b: 0x4000, - 0x128c: 0x4000, 0x128d: 0x4000, 0x128e: 0x4000, 0x128f: 0x4000, 0x1290: 0x4000, 0x1291: 0x4000, - 0x1292: 0x4000, 0x1293: 0x4000, 0x1294: 0x4000, 0x1295: 0x4000, 0x1296: 0x4000, 0x1297: 0x4000, - 0x1298: 0x4000, 0x1299: 0x4000, 0x129a: 0x4000, 0x129b: 0x4000, 0x129c: 0x4000, 0x129d: 0x4000, - 0x129e: 0x4000, - // Block 0x4b, offset 0x12c0 - 0x12d0: 0x4000, 0x12d1: 0x4000, - 0x12d2: 0x4000, - 0x12e4: 0x4000, 0x12e5: 0x4000, 0x12e6: 0x4000, 0x12e7: 0x4000, - 0x12f0: 0x4000, 0x12f1: 0x4000, 0x12f2: 0x4000, 0x12f3: 0x4000, 0x12f4: 0x4000, 0x12f5: 0x4000, - 0x12f6: 0x4000, 0x12f7: 0x4000, 0x12f8: 0x4000, 0x12f9: 0x4000, 0x12fa: 0x4000, 0x12fb: 0x4000, - 0x12fc: 0x4000, 0x12fd: 0x4000, 0x12fe: 0x4000, 0x12ff: 0x4000, - // Block 0x4c, offset 0x1300 - 0x1300: 0x4000, 0x1301: 0x4000, 0x1302: 0x4000, 0x1303: 0x4000, 0x1304: 0x4000, 0x1305: 0x4000, - 0x1306: 0x4000, 0x1307: 0x4000, 0x1308: 0x4000, 0x1309: 0x4000, 0x130a: 0x4000, 0x130b: 0x4000, - 0x130c: 0x4000, 0x130d: 0x4000, 0x130e: 0x4000, 0x130f: 0x4000, 0x1310: 0x4000, 0x1311: 0x4000, - 0x1312: 0x4000, 0x1313: 0x4000, 0x1314: 0x4000, 0x1315: 0x4000, 0x1316: 0x4000, 0x1317: 0x4000, - 0x1318: 0x4000, 0x1319: 0x4000, 0x131a: 0x4000, 0x131b: 0x4000, 0x131c: 0x4000, 0x131d: 0x4000, - 0x131e: 0x4000, 0x131f: 0x4000, 0x1320: 0x4000, 0x1321: 0x4000, 0x1322: 0x4000, 0x1323: 0x4000, - 0x1324: 0x4000, 0x1325: 0x4000, 0x1326: 0x4000, 0x1327: 0x4000, 0x1328: 0x4000, 0x1329: 0x4000, - 0x132a: 0x4000, 0x132b: 0x4000, 0x132c: 0x4000, 0x132d: 0x4000, 0x132e: 0x4000, 0x132f: 0x4000, - 0x1330: 0x4000, 0x1331: 0x4000, 0x1332: 0x4000, 0x1333: 0x4000, 0x1334: 0x4000, 0x1335: 0x4000, - 0x1336: 0x4000, 0x1337: 0x4000, 0x1338: 0x4000, 0x1339: 0x4000, 0x133a: 0x4000, 0x133b: 0x4000, - // Block 0x4d, offset 0x1340 - 0x1344: 0x4000, - // Block 0x4e, offset 0x1380 - 0x138f: 0x4000, - // Block 0x4f, offset 0x13c0 - 0x13c0: 0x2000, 0x13c1: 0x2000, 0x13c2: 0x2000, 0x13c3: 0x2000, 0x13c4: 0x2000, 0x13c5: 0x2000, - 0x13c6: 0x2000, 0x13c7: 0x2000, 0x13c8: 0x2000, 0x13c9: 0x2000, 0x13ca: 0x2000, - 0x13d0: 0x2000, 0x13d1: 0x2000, - 0x13d2: 0x2000, 0x13d3: 0x2000, 0x13d4: 0x2000, 0x13d5: 0x2000, 0x13d6: 0x2000, 0x13d7: 0x2000, - 0x13d8: 0x2000, 0x13d9: 0x2000, 0x13da: 0x2000, 0x13db: 0x2000, 0x13dc: 0x2000, 0x13dd: 0x2000, - 0x13de: 0x2000, 0x13df: 0x2000, 0x13e0: 0x2000, 0x13e1: 0x2000, 0x13e2: 0x2000, 0x13e3: 0x2000, - 0x13e4: 0x2000, 0x13e5: 0x2000, 0x13e6: 0x2000, 0x13e7: 0x2000, 0x13e8: 0x2000, 0x13e9: 0x2000, - 0x13ea: 0x2000, 0x13eb: 0x2000, 0x13ec: 0x2000, 0x13ed: 0x2000, - 0x13f0: 0x2000, 0x13f1: 0x2000, 0x13f2: 0x2000, 0x13f3: 0x2000, 0x13f4: 0x2000, 0x13f5: 0x2000, - 0x13f6: 0x2000, 0x13f7: 0x2000, 0x13f8: 0x2000, 0x13f9: 0x2000, 0x13fa: 0x2000, 0x13fb: 0x2000, - 0x13fc: 0x2000, 0x13fd: 0x2000, 0x13fe: 0x2000, 0x13ff: 0x2000, - // Block 0x50, offset 0x1400 - 0x1400: 0x2000, 0x1401: 0x2000, 0x1402: 0x2000, 0x1403: 0x2000, 0x1404: 0x2000, 0x1405: 0x2000, - 0x1406: 0x2000, 0x1407: 0x2000, 0x1408: 0x2000, 0x1409: 0x2000, 0x140a: 0x2000, 0x140b: 0x2000, - 0x140c: 0x2000, 0x140d: 0x2000, 0x140e: 0x2000, 0x140f: 0x2000, 0x1410: 0x2000, 0x1411: 0x2000, - 0x1412: 0x2000, 0x1413: 0x2000, 0x1414: 0x2000, 0x1415: 0x2000, 0x1416: 0x2000, 0x1417: 0x2000, - 0x1418: 0x2000, 0x1419: 0x2000, 0x141a: 0x2000, 0x141b: 0x2000, 0x141c: 0x2000, 0x141d: 0x2000, - 0x141e: 0x2000, 0x141f: 0x2000, 0x1420: 0x2000, 0x1421: 0x2000, 0x1422: 0x2000, 0x1423: 0x2000, - 0x1424: 0x2000, 0x1425: 0x2000, 0x1426: 0x2000, 0x1427: 0x2000, 0x1428: 0x2000, 0x1429: 0x2000, - 0x1430: 0x2000, 0x1431: 0x2000, 0x1432: 0x2000, 0x1433: 0x2000, 0x1434: 0x2000, 0x1435: 0x2000, - 0x1436: 0x2000, 0x1437: 0x2000, 0x1438: 0x2000, 0x1439: 0x2000, 0x143a: 0x2000, 0x143b: 0x2000, - 0x143c: 0x2000, 0x143d: 0x2000, 0x143e: 0x2000, 0x143f: 0x2000, - // Block 0x51, offset 0x1440 - 0x1440: 0x2000, 0x1441: 0x2000, 0x1442: 0x2000, 0x1443: 0x2000, 0x1444: 0x2000, 0x1445: 0x2000, - 0x1446: 0x2000, 0x1447: 0x2000, 0x1448: 0x2000, 0x1449: 0x2000, 0x144a: 0x2000, 0x144b: 0x2000, - 0x144c: 0x2000, 0x144d: 0x2000, 0x144e: 0x4000, 0x144f: 0x2000, 0x1450: 0x2000, 0x1451: 0x4000, - 0x1452: 0x4000, 0x1453: 0x4000, 0x1454: 0x4000, 0x1455: 0x4000, 0x1456: 0x4000, 0x1457: 0x4000, - 0x1458: 0x4000, 0x1459: 0x4000, 0x145a: 0x4000, 0x145b: 0x2000, 0x145c: 0x2000, 0x145d: 0x2000, - 0x145e: 0x2000, 0x145f: 0x2000, 0x1460: 0x2000, 0x1461: 0x2000, 0x1462: 0x2000, 0x1463: 0x2000, - 0x1464: 0x2000, 0x1465: 0x2000, 0x1466: 0x2000, 0x1467: 0x2000, 0x1468: 0x2000, 0x1469: 0x2000, - 0x146a: 0x2000, 0x146b: 0x2000, 0x146c: 0x2000, - // Block 0x52, offset 0x1480 - 0x1480: 0x4000, 0x1481: 0x4000, 0x1482: 0x4000, - 0x1490: 0x4000, 0x1491: 0x4000, - 0x1492: 0x4000, 0x1493: 0x4000, 0x1494: 0x4000, 0x1495: 0x4000, 0x1496: 0x4000, 0x1497: 0x4000, - 0x1498: 0x4000, 0x1499: 0x4000, 0x149a: 0x4000, 0x149b: 0x4000, 0x149c: 0x4000, 0x149d: 0x4000, - 0x149e: 0x4000, 0x149f: 0x4000, 0x14a0: 0x4000, 0x14a1: 0x4000, 0x14a2: 0x4000, 0x14a3: 0x4000, - 0x14a4: 0x4000, 0x14a5: 0x4000, 0x14a6: 0x4000, 0x14a7: 0x4000, 0x14a8: 0x4000, 0x14a9: 0x4000, - 0x14aa: 0x4000, 0x14ab: 0x4000, 0x14ac: 0x4000, 0x14ad: 0x4000, 0x14ae: 0x4000, 0x14af: 0x4000, - 0x14b0: 0x4000, 0x14b1: 0x4000, 0x14b2: 0x4000, 0x14b3: 0x4000, 0x14b4: 0x4000, 0x14b5: 0x4000, - 0x14b6: 0x4000, 0x14b7: 0x4000, 0x14b8: 0x4000, 0x14b9: 0x4000, 0x14ba: 0x4000, 0x14bb: 0x4000, - // Block 0x53, offset 0x14c0 - 0x14c0: 0x4000, 0x14c1: 0x4000, 0x14c2: 0x4000, 0x14c3: 0x4000, 0x14c4: 0x4000, 0x14c5: 0x4000, - 0x14c6: 0x4000, 0x14c7: 0x4000, 0x14c8: 0x4000, - 0x14d0: 0x4000, 0x14d1: 0x4000, - 0x14e0: 0x4000, 0x14e1: 0x4000, 0x14e2: 0x4000, 0x14e3: 0x4000, - 0x14e4: 0x4000, 0x14e5: 0x4000, - // Block 0x54, offset 0x1500 - 0x1500: 0x4000, 0x1501: 0x4000, 0x1502: 0x4000, 0x1503: 0x4000, 0x1504: 0x4000, 0x1505: 0x4000, - 0x1506: 0x4000, 0x1507: 0x4000, 0x1508: 0x4000, 0x1509: 0x4000, 0x150a: 0x4000, 0x150b: 0x4000, - 0x150c: 0x4000, 0x150d: 0x4000, 0x150e: 0x4000, 0x150f: 0x4000, 0x1510: 0x4000, 0x1511: 0x4000, - 0x1512: 0x4000, 0x1513: 0x4000, 0x1514: 0x4000, 0x1515: 0x4000, 0x1516: 0x4000, 0x1517: 0x4000, - 0x1518: 0x4000, 0x1519: 0x4000, 0x151a: 0x4000, 0x151b: 0x4000, 0x151c: 0x4000, 0x151d: 0x4000, - 0x151e: 0x4000, 0x151f: 0x4000, 0x1520: 0x4000, - 0x152d: 0x4000, 0x152e: 0x4000, 0x152f: 0x4000, - 0x1530: 0x4000, 0x1531: 0x4000, 0x1532: 0x4000, 0x1533: 0x4000, 0x1534: 0x4000, 0x1535: 0x4000, - 0x1537: 0x4000, 0x1538: 0x4000, 0x1539: 0x4000, 0x153a: 0x4000, 0x153b: 0x4000, - 0x153c: 0x4000, 0x153d: 0x4000, 0x153e: 0x4000, 0x153f: 0x4000, - // Block 0x55, offset 0x1540 - 0x1540: 0x4000, 0x1541: 0x4000, 0x1542: 0x4000, 0x1543: 0x4000, 0x1544: 0x4000, 0x1545: 0x4000, - 0x1546: 0x4000, 0x1547: 0x4000, 0x1548: 0x4000, 0x1549: 0x4000, 0x154a: 0x4000, 0x154b: 0x4000, - 0x154c: 0x4000, 0x154d: 0x4000, 0x154e: 0x4000, 0x154f: 0x4000, 0x1550: 0x4000, 0x1551: 0x4000, - 0x1552: 0x4000, 0x1553: 0x4000, 0x1554: 0x4000, 0x1555: 0x4000, 0x1556: 0x4000, 0x1557: 0x4000, - 0x1558: 0x4000, 0x1559: 0x4000, 0x155a: 0x4000, 0x155b: 0x4000, 0x155c: 0x4000, 0x155d: 0x4000, - 0x155e: 0x4000, 0x155f: 0x4000, 0x1560: 0x4000, 0x1561: 0x4000, 0x1562: 0x4000, 0x1563: 0x4000, - 0x1564: 0x4000, 0x1565: 0x4000, 0x1566: 0x4000, 0x1567: 0x4000, 0x1568: 0x4000, 0x1569: 0x4000, - 0x156a: 0x4000, 0x156b: 0x4000, 0x156c: 0x4000, 0x156d: 0x4000, 0x156e: 0x4000, 0x156f: 0x4000, - 0x1570: 0x4000, 0x1571: 0x4000, 0x1572: 0x4000, 0x1573: 0x4000, 0x1574: 0x4000, 0x1575: 0x4000, - 0x1576: 0x4000, 0x1577: 0x4000, 0x1578: 0x4000, 0x1579: 0x4000, 0x157a: 0x4000, 0x157b: 0x4000, - 0x157c: 0x4000, 0x157e: 0x4000, 0x157f: 0x4000, - // Block 0x56, offset 0x1580 - 0x1580: 0x4000, 0x1581: 0x4000, 0x1582: 0x4000, 0x1583: 0x4000, 0x1584: 0x4000, 0x1585: 0x4000, - 0x1586: 0x4000, 0x1587: 0x4000, 0x1588: 0x4000, 0x1589: 0x4000, 0x158a: 0x4000, 0x158b: 0x4000, - 0x158c: 0x4000, 0x158d: 0x4000, 0x158e: 0x4000, 0x158f: 0x4000, 0x1590: 0x4000, 0x1591: 0x4000, - 0x1592: 0x4000, 0x1593: 0x4000, - 0x15a0: 0x4000, 0x15a1: 0x4000, 0x15a2: 0x4000, 0x15a3: 0x4000, - 0x15a4: 0x4000, 0x15a5: 0x4000, 0x15a6: 0x4000, 0x15a7: 0x4000, 0x15a8: 0x4000, 0x15a9: 0x4000, - 0x15aa: 0x4000, 0x15ab: 0x4000, 0x15ac: 0x4000, 0x15ad: 0x4000, 0x15ae: 0x4000, 0x15af: 0x4000, - 0x15b0: 0x4000, 0x15b1: 0x4000, 0x15b2: 0x4000, 0x15b3: 0x4000, 0x15b4: 0x4000, 0x15b5: 0x4000, - 0x15b6: 0x4000, 0x15b7: 0x4000, 0x15b8: 0x4000, 0x15b9: 0x4000, 0x15ba: 0x4000, 0x15bb: 0x4000, - 0x15bc: 0x4000, 0x15bd: 0x4000, 0x15be: 0x4000, 0x15bf: 0x4000, - // Block 0x57, offset 0x15c0 - 0x15c0: 0x4000, 0x15c1: 0x4000, 0x15c2: 0x4000, 0x15c3: 0x4000, 0x15c4: 0x4000, 0x15c5: 0x4000, - 0x15c6: 0x4000, 0x15c7: 0x4000, 0x15c8: 0x4000, 0x15c9: 0x4000, 0x15ca: 0x4000, - 0x15cf: 0x4000, 0x15d0: 0x4000, 0x15d1: 0x4000, - 0x15d2: 0x4000, 0x15d3: 0x4000, - 0x15e0: 0x4000, 0x15e1: 0x4000, 0x15e2: 0x4000, 0x15e3: 0x4000, - 0x15e4: 0x4000, 0x15e5: 0x4000, 0x15e6: 0x4000, 0x15e7: 0x4000, 0x15e8: 0x4000, 0x15e9: 0x4000, - 0x15ea: 0x4000, 0x15eb: 0x4000, 0x15ec: 0x4000, 0x15ed: 0x4000, 0x15ee: 0x4000, 0x15ef: 0x4000, - 0x15f0: 0x4000, 0x15f4: 0x4000, - 0x15f8: 0x4000, 0x15f9: 0x4000, 0x15fa: 0x4000, 0x15fb: 0x4000, - 0x15fc: 0x4000, 0x15fd: 0x4000, 0x15fe: 0x4000, 0x15ff: 0x4000, - // Block 0x58, offset 0x1600 - 0x1600: 0x4000, 0x1602: 0x4000, 0x1603: 0x4000, 0x1604: 0x4000, 0x1605: 0x4000, - 0x1606: 0x4000, 0x1607: 0x4000, 0x1608: 0x4000, 0x1609: 0x4000, 0x160a: 0x4000, 0x160b: 0x4000, - 0x160c: 0x4000, 0x160d: 0x4000, 0x160e: 0x4000, 0x160f: 0x4000, 0x1610: 0x4000, 0x1611: 0x4000, - 0x1612: 0x4000, 0x1613: 0x4000, 0x1614: 0x4000, 0x1615: 0x4000, 0x1616: 0x4000, 0x1617: 0x4000, - 0x1618: 0x4000, 0x1619: 0x4000, 0x161a: 0x4000, 0x161b: 0x4000, 0x161c: 0x4000, 0x161d: 0x4000, - 0x161e: 0x4000, 0x161f: 0x4000, 0x1620: 0x4000, 0x1621: 0x4000, 0x1622: 0x4000, 0x1623: 0x4000, - 0x1624: 0x4000, 0x1625: 0x4000, 0x1626: 0x4000, 0x1627: 0x4000, 0x1628: 0x4000, 0x1629: 0x4000, - 0x162a: 0x4000, 0x162b: 0x4000, 0x162c: 0x4000, 0x162d: 0x4000, 0x162e: 0x4000, 0x162f: 0x4000, - 0x1630: 0x4000, 0x1631: 0x4000, 0x1632: 0x4000, 0x1633: 0x4000, 0x1634: 0x4000, 0x1635: 0x4000, - 0x1636: 0x4000, 0x1637: 0x4000, 0x1638: 0x4000, 0x1639: 0x4000, 0x163a: 0x4000, 0x163b: 0x4000, - 0x163c: 0x4000, 0x163d: 0x4000, 0x163e: 0x4000, 0x163f: 0x4000, - // Block 0x59, offset 0x1640 - 0x1640: 0x4000, 0x1641: 0x4000, 0x1642: 0x4000, 0x1643: 0x4000, 0x1644: 0x4000, 0x1645: 0x4000, - 0x1646: 0x4000, 0x1647: 0x4000, 0x1648: 0x4000, 0x1649: 0x4000, 0x164a: 0x4000, 0x164b: 0x4000, - 0x164c: 0x4000, 0x164d: 0x4000, 0x164e: 0x4000, 0x164f: 0x4000, 0x1650: 0x4000, 0x1651: 0x4000, - 0x1652: 0x4000, 0x1653: 0x4000, 0x1654: 0x4000, 0x1655: 0x4000, 0x1656: 0x4000, 0x1657: 0x4000, - 0x1658: 0x4000, 0x1659: 0x4000, 0x165a: 0x4000, 0x165b: 0x4000, 0x165c: 0x4000, 0x165d: 0x4000, - 0x165e: 0x4000, 0x165f: 0x4000, 0x1660: 0x4000, 0x1661: 0x4000, 0x1662: 0x4000, 0x1663: 0x4000, - 0x1664: 0x4000, 0x1665: 0x4000, 0x1666: 0x4000, 0x1667: 0x4000, 0x1668: 0x4000, 0x1669: 0x4000, - 0x166a: 0x4000, 0x166b: 0x4000, 0x166c: 0x4000, 0x166d: 0x4000, 0x166e: 0x4000, 0x166f: 0x4000, - 0x1670: 0x4000, 0x1671: 0x4000, 0x1672: 0x4000, 0x1673: 0x4000, 0x1674: 0x4000, 0x1675: 0x4000, - 0x1676: 0x4000, 0x1677: 0x4000, 0x1678: 0x4000, 0x1679: 0x4000, 0x167a: 0x4000, 0x167b: 0x4000, - 0x167c: 0x4000, 0x167f: 0x4000, - // Block 0x5a, offset 0x1680 - 0x1680: 0x4000, 0x1681: 0x4000, 0x1682: 0x4000, 0x1683: 0x4000, 0x1684: 0x4000, 0x1685: 0x4000, - 0x1686: 0x4000, 0x1687: 0x4000, 0x1688: 0x4000, 0x1689: 0x4000, 0x168a: 0x4000, 0x168b: 0x4000, - 0x168c: 0x4000, 0x168d: 0x4000, 0x168e: 0x4000, 0x168f: 0x4000, 0x1690: 0x4000, 0x1691: 0x4000, - 0x1692: 0x4000, 0x1693: 0x4000, 0x1694: 0x4000, 0x1695: 0x4000, 0x1696: 0x4000, 0x1697: 0x4000, - 0x1698: 0x4000, 0x1699: 0x4000, 0x169a: 0x4000, 0x169b: 0x4000, 0x169c: 0x4000, 0x169d: 0x4000, - 0x169e: 0x4000, 0x169f: 0x4000, 0x16a0: 0x4000, 0x16a1: 0x4000, 0x16a2: 0x4000, 0x16a3: 0x4000, - 0x16a4: 0x4000, 0x16a5: 0x4000, 0x16a6: 0x4000, 0x16a7: 0x4000, 0x16a8: 0x4000, 0x16a9: 0x4000, - 0x16aa: 0x4000, 0x16ab: 0x4000, 0x16ac: 0x4000, 0x16ad: 0x4000, 0x16ae: 0x4000, 0x16af: 0x4000, - 0x16b0: 0x4000, 0x16b1: 0x4000, 0x16b2: 0x4000, 0x16b3: 0x4000, 0x16b4: 0x4000, 0x16b5: 0x4000, - 0x16b6: 0x4000, 0x16b7: 0x4000, 0x16b8: 0x4000, 0x16b9: 0x4000, 0x16ba: 0x4000, 0x16bb: 0x4000, - 0x16bc: 0x4000, 0x16bd: 0x4000, - // Block 0x5b, offset 0x16c0 - 0x16cb: 0x4000, - 0x16cc: 0x4000, 0x16cd: 0x4000, 0x16ce: 0x4000, 0x16d0: 0x4000, 0x16d1: 0x4000, - 0x16d2: 0x4000, 0x16d3: 0x4000, 0x16d4: 0x4000, 0x16d5: 0x4000, 0x16d6: 0x4000, 0x16d7: 0x4000, - 0x16d8: 0x4000, 0x16d9: 0x4000, 0x16da: 0x4000, 0x16db: 0x4000, 0x16dc: 0x4000, 0x16dd: 0x4000, - 0x16de: 0x4000, 0x16df: 0x4000, 0x16e0: 0x4000, 0x16e1: 0x4000, 0x16e2: 0x4000, 0x16e3: 0x4000, - 0x16e4: 0x4000, 0x16e5: 0x4000, 0x16e6: 0x4000, 0x16e7: 0x4000, - 0x16fa: 0x4000, - // Block 0x5c, offset 0x1700 - 0x1715: 0x4000, 0x1716: 0x4000, - 0x1724: 0x4000, - // Block 0x5d, offset 0x1740 - 0x177b: 0x4000, - 0x177c: 0x4000, 0x177d: 0x4000, 0x177e: 0x4000, 0x177f: 0x4000, - // Block 0x5e, offset 0x1780 - 0x1780: 0x4000, 0x1781: 0x4000, 0x1782: 0x4000, 0x1783: 0x4000, 0x1784: 0x4000, 0x1785: 0x4000, - 0x1786: 0x4000, 0x1787: 0x4000, 0x1788: 0x4000, 0x1789: 0x4000, 0x178a: 0x4000, 0x178b: 0x4000, - 0x178c: 0x4000, 0x178d: 0x4000, 0x178e: 0x4000, 0x178f: 0x4000, - // Block 0x5f, offset 0x17c0 - 0x17c0: 0x4000, 0x17c1: 0x4000, 0x17c2: 0x4000, 0x17c3: 0x4000, 0x17c4: 0x4000, 0x17c5: 0x4000, - 0x17cc: 0x4000, 0x17d0: 0x4000, 0x17d1: 0x4000, - 0x17d2: 0x4000, 0x17d5: 0x4000, - 0x17eb: 0x4000, 0x17ec: 0x4000, - 0x17f4: 0x4000, 0x17f5: 0x4000, - 0x17f6: 0x4000, 0x17f7: 0x4000, 0x17f8: 0x4000, 0x17f9: 0x4000, 0x17fa: 0x4000, - // Block 0x60, offset 0x1800 - 0x1820: 0x4000, 0x1821: 0x4000, 0x1822: 0x4000, 0x1823: 0x4000, - 0x1824: 0x4000, 0x1825: 0x4000, 0x1826: 0x4000, 0x1827: 0x4000, 0x1828: 0x4000, 0x1829: 0x4000, - 0x182a: 0x4000, 0x182b: 0x4000, - // Block 0x61, offset 0x1840 - 0x184d: 0x4000, 0x184e: 0x4000, 0x184f: 0x4000, 0x1850: 0x4000, 0x1851: 0x4000, - 0x1852: 0x4000, 0x1853: 0x4000, 0x1854: 0x4000, 0x1855: 0x4000, 0x1856: 0x4000, 0x1857: 0x4000, - 0x1858: 0x4000, 0x1859: 0x4000, 0x185a: 0x4000, 0x185b: 0x4000, 0x185c: 0x4000, 0x185d: 0x4000, - 0x185e: 0x4000, 0x185f: 0x4000, 0x1860: 0x4000, 0x1861: 0x4000, 0x1862: 0x4000, 0x1863: 0x4000, - 0x1864: 0x4000, 0x1865: 0x4000, 0x1866: 0x4000, 0x1867: 0x4000, 0x1868: 0x4000, 0x1869: 0x4000, - 0x186a: 0x4000, 0x186b: 0x4000, 0x186c: 0x4000, 0x186d: 0x4000, 0x186e: 0x4000, 0x186f: 0x4000, - 0x1870: 0x4000, 0x1871: 0x4000, 0x1872: 0x4000, 0x1873: 0x4000, 0x1874: 0x4000, 0x1875: 0x4000, - 0x1876: 0x4000, 0x1877: 0x4000, 0x1878: 0x4000, 0x1879: 0x4000, 0x187a: 0x4000, 0x187b: 0x4000, - 0x187c: 0x4000, 0x187d: 0x4000, 0x187e: 0x4000, 0x187f: 0x4000, - // Block 0x62, offset 0x1880 - 0x1880: 0x4000, 0x1881: 0x4000, 0x1882: 0x4000, 0x1883: 0x4000, 0x1884: 0x4000, 0x1885: 0x4000, - 0x1886: 0x4000, 0x1887: 0x4000, 0x1888: 0x4000, 0x1889: 0x4000, 0x188a: 0x4000, 0x188b: 0x4000, - 0x188c: 0x4000, 0x188d: 0x4000, 0x188e: 0x4000, 0x188f: 0x4000, 0x1890: 0x4000, 0x1891: 0x4000, - 0x1892: 0x4000, 0x1893: 0x4000, 0x1894: 0x4000, 0x1895: 0x4000, 0x1896: 0x4000, 0x1897: 0x4000, - 0x1898: 0x4000, 0x1899: 0x4000, 0x189a: 0x4000, 0x189b: 0x4000, 0x189c: 0x4000, 0x189d: 0x4000, - 0x189e: 0x4000, 0x189f: 0x4000, 0x18a0: 0x4000, 0x18a1: 0x4000, 0x18a2: 0x4000, 0x18a3: 0x4000, - 0x18a4: 0x4000, 0x18a5: 0x4000, 0x18a6: 0x4000, 0x18a7: 0x4000, 0x18a8: 0x4000, 0x18a9: 0x4000, - 0x18aa: 0x4000, 0x18ab: 0x4000, 0x18ac: 0x4000, 0x18ad: 0x4000, 0x18ae: 0x4000, 0x18af: 0x4000, - 0x18b0: 0x4000, 0x18b1: 0x4000, 0x18b3: 0x4000, 0x18b4: 0x4000, 0x18b5: 0x4000, - 0x18b6: 0x4000, 0x18ba: 0x4000, 0x18bb: 0x4000, - 0x18bc: 0x4000, 0x18bd: 0x4000, 0x18be: 0x4000, 0x18bf: 0x4000, - // Block 0x63, offset 0x18c0 - 0x18c0: 0x4000, 0x18c1: 0x4000, 0x18c2: 0x4000, 0x18c3: 0x4000, 0x18c4: 0x4000, 0x18c5: 0x4000, - 0x18c6: 0x4000, 0x18c7: 0x4000, 0x18c8: 0x4000, 0x18c9: 0x4000, 0x18ca: 0x4000, 0x18cb: 0x4000, - 0x18cc: 0x4000, 0x18cd: 0x4000, 0x18ce: 0x4000, 0x18cf: 0x4000, 0x18d0: 0x4000, 0x18d1: 0x4000, - 0x18d2: 0x4000, 0x18d3: 0x4000, 0x18d4: 0x4000, 0x18d5: 0x4000, 0x18d6: 0x4000, 0x18d7: 0x4000, - 0x18d8: 0x4000, 0x18d9: 0x4000, 0x18da: 0x4000, 0x18db: 0x4000, 0x18dc: 0x4000, 0x18dd: 0x4000, - 0x18de: 0x4000, 0x18df: 0x4000, 0x18e0: 0x4000, 0x18e1: 0x4000, 0x18e2: 0x4000, - 0x18e5: 0x4000, 0x18e6: 0x4000, 0x18e7: 0x4000, 0x18e8: 0x4000, 0x18e9: 0x4000, - 0x18ea: 0x4000, 0x18ee: 0x4000, 0x18ef: 0x4000, - 0x18f0: 0x4000, 0x18f1: 0x4000, 0x18f2: 0x4000, 0x18f3: 0x4000, 0x18f4: 0x4000, 0x18f5: 0x4000, - 0x18f6: 0x4000, 0x18f7: 0x4000, 0x18f8: 0x4000, 0x18f9: 0x4000, 0x18fa: 0x4000, 0x18fb: 0x4000, - 0x18fc: 0x4000, 0x18fd: 0x4000, 0x18fe: 0x4000, 0x18ff: 0x4000, - // Block 0x64, offset 0x1900 - 0x1900: 0x4000, 0x1901: 0x4000, 0x1902: 0x4000, 0x1903: 0x4000, 0x1904: 0x4000, 0x1905: 0x4000, - 0x1906: 0x4000, 0x1907: 0x4000, 0x1908: 0x4000, 0x1909: 0x4000, 0x190a: 0x4000, - 0x190d: 0x4000, 0x190e: 0x4000, 0x190f: 0x4000, 0x1910: 0x4000, 0x1911: 0x4000, - 0x1912: 0x4000, 0x1913: 0x4000, 0x1914: 0x4000, 0x1915: 0x4000, 0x1916: 0x4000, 0x1917: 0x4000, - 0x1918: 0x4000, 0x1919: 0x4000, 0x191a: 0x4000, 0x191b: 0x4000, 0x191c: 0x4000, 0x191d: 0x4000, - 0x191e: 0x4000, 0x191f: 0x4000, 0x1920: 0x4000, 0x1921: 0x4000, 0x1922: 0x4000, 0x1923: 0x4000, - 0x1924: 0x4000, 0x1925: 0x4000, 0x1926: 0x4000, 0x1927: 0x4000, 0x1928: 0x4000, 0x1929: 0x4000, - 0x192a: 0x4000, 0x192b: 0x4000, 0x192c: 0x4000, 0x192d: 0x4000, 0x192e: 0x4000, 0x192f: 0x4000, - 0x1930: 0x4000, 0x1931: 0x4000, 0x1932: 0x4000, 0x1933: 0x4000, 0x1934: 0x4000, 0x1935: 0x4000, - 0x1936: 0x4000, 0x1937: 0x4000, 0x1938: 0x4000, 0x1939: 0x4000, 0x193a: 0x4000, 0x193b: 0x4000, - 0x193c: 0x4000, 0x193d: 0x4000, 0x193e: 0x4000, 0x193f: 0x4000, - // Block 0x65, offset 0x1940 - 0x1970: 0x4000, 0x1971: 0x4000, 0x1972: 0x4000, 0x1973: 0x4000, - 0x1978: 0x4000, 0x1979: 0x4000, 0x197a: 0x4000, - // Block 0x66, offset 0x1980 - 0x1980: 0x4000, 0x1981: 0x4000, 0x1982: 0x4000, - 0x1990: 0x4000, 0x1991: 0x4000, - 0x1992: 0x4000, 0x1993: 0x4000, 0x1994: 0x4000, 0x1995: 0x4000, - // Block 0x67, offset 0x19c0 - 0x19c0: 0x2000, 0x19c1: 0x2000, 0x19c2: 0x2000, 0x19c3: 0x2000, 0x19c4: 0x2000, 0x19c5: 0x2000, - 0x19c6: 0x2000, 0x19c7: 0x2000, 0x19c8: 0x2000, 0x19c9: 0x2000, 0x19ca: 0x2000, 0x19cb: 0x2000, - 0x19cc: 0x2000, 0x19cd: 0x2000, 0x19ce: 0x2000, 0x19cf: 0x2000, 0x19d0: 0x2000, 0x19d1: 0x2000, - 0x19d2: 0x2000, 0x19d3: 0x2000, 0x19d4: 0x2000, 0x19d5: 0x2000, 0x19d6: 0x2000, 0x19d7: 0x2000, - 0x19d8: 0x2000, 0x19d9: 0x2000, 0x19da: 0x2000, 0x19db: 0x2000, 0x19dc: 0x2000, 0x19dd: 0x2000, - 0x19de: 0x2000, 0x19df: 0x2000, 0x19e0: 0x2000, 0x19e1: 0x2000, 0x19e2: 0x2000, 0x19e3: 0x2000, - 0x19e4: 0x2000, 0x19e5: 0x2000, 0x19e6: 0x2000, 0x19e7: 0x2000, 0x19e8: 0x2000, 0x19e9: 0x2000, - 0x19ea: 0x2000, 0x19eb: 0x2000, 0x19ec: 0x2000, 0x19ed: 0x2000, 0x19ee: 0x2000, 0x19ef: 0x2000, - 0x19f0: 0x2000, 0x19f1: 0x2000, 0x19f2: 0x2000, 0x19f3: 0x2000, 0x19f4: 0x2000, 0x19f5: 0x2000, - 0x19f6: 0x2000, 0x19f7: 0x2000, 0x19f8: 0x2000, 0x19f9: 0x2000, 0x19fa: 0x2000, 0x19fb: 0x2000, - 0x19fc: 0x2000, 0x19fd: 0x2000, -} - -// widthIndex: 22 blocks, 1408 entries, 1408 bytes -// Block 0 is the zero block. -var widthIndex = [1408]uint8{ - // Block 0x0, offset 0x0 - // Block 0x1, offset 0x40 - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xc2: 0x01, 0xc3: 0x02, 0xc4: 0x03, 0xc5: 0x04, 0xc7: 0x05, - 0xc9: 0x06, 0xcb: 0x07, 0xcc: 0x08, 0xcd: 0x09, 0xce: 0x0a, 0xcf: 0x0b, - 0xd0: 0x0c, 0xd1: 0x0d, - 0xe1: 0x02, 0xe2: 0x03, 0xe3: 0x04, 0xe4: 0x05, 0xe5: 0x06, 0xe6: 0x06, 0xe7: 0x06, - 0xe8: 0x06, 0xe9: 0x06, 0xea: 0x07, 0xeb: 0x06, 0xec: 0x06, 0xed: 0x08, 0xee: 0x09, 0xef: 0x0a, - 0xf0: 0x0f, 0xf3: 0x12, 0xf4: 0x13, - // Block 0x4, offset 0x100 - 0x104: 0x0e, 0x105: 0x0f, - // Block 0x5, offset 0x140 - 0x140: 0x10, 0x141: 0x11, 0x142: 0x12, 0x144: 0x13, 0x145: 0x14, 0x146: 0x15, 0x147: 0x16, - 0x148: 0x17, 0x149: 0x18, 0x14a: 0x19, 0x14c: 0x1a, 0x14f: 0x1b, - 0x151: 0x1c, 0x152: 0x08, 0x153: 0x1d, 0x154: 0x1e, 0x155: 0x1f, 0x156: 0x20, 0x157: 0x21, - 0x158: 0x22, 0x159: 0x23, 0x15a: 0x24, 0x15b: 0x25, 0x15c: 0x26, 0x15d: 0x27, 0x15e: 0x28, 0x15f: 0x29, - 0x166: 0x2a, - 0x16c: 0x2b, 0x16d: 0x2c, - 0x17a: 0x2d, 0x17b: 0x2e, 0x17c: 0x0e, 0x17d: 0x0e, 0x17e: 0x0e, 0x17f: 0x2f, - // Block 0x6, offset 0x180 - 0x180: 0x30, 0x181: 0x31, 0x182: 0x32, 0x183: 0x33, 0x184: 0x34, 0x185: 0x35, 0x186: 0x36, 0x187: 0x37, - 0x188: 0x38, 0x189: 0x39, 0x18a: 0x0e, 0x18b: 0x3a, 0x18c: 0x0e, 0x18d: 0x0e, 0x18e: 0x0e, 0x18f: 0x0e, - 0x190: 0x0e, 0x191: 0x0e, 0x192: 0x0e, 0x193: 0x0e, 0x194: 0x0e, 0x195: 0x0e, 0x196: 0x0e, 0x197: 0x0e, - 0x198: 0x0e, 0x199: 0x0e, 0x19a: 0x0e, 0x19b: 0x0e, 0x19c: 0x0e, 0x19d: 0x0e, 0x19e: 0x0e, 0x19f: 0x0e, - 0x1a0: 0x0e, 0x1a1: 0x0e, 0x1a2: 0x0e, 0x1a3: 0x0e, 0x1a4: 0x0e, 0x1a5: 0x0e, 0x1a6: 0x0e, 0x1a7: 0x0e, - 0x1a8: 0x0e, 0x1a9: 0x0e, 0x1aa: 0x0e, 0x1ab: 0x0e, 0x1ac: 0x0e, 0x1ad: 0x0e, 0x1ae: 0x0e, 0x1af: 0x0e, - 0x1b0: 0x0e, 0x1b1: 0x0e, 0x1b2: 0x0e, 0x1b3: 0x0e, 0x1b4: 0x0e, 0x1b5: 0x0e, 0x1b6: 0x0e, 0x1b7: 0x0e, - 0x1b8: 0x0e, 0x1b9: 0x0e, 0x1ba: 0x0e, 0x1bb: 0x0e, 0x1bc: 0x0e, 0x1bd: 0x0e, 0x1be: 0x0e, 0x1bf: 0x0e, - // Block 0x7, offset 0x1c0 - 0x1c0: 0x0e, 0x1c1: 0x0e, 0x1c2: 0x0e, 0x1c3: 0x0e, 0x1c4: 0x0e, 0x1c5: 0x0e, 0x1c6: 0x0e, 0x1c7: 0x0e, - 0x1c8: 0x0e, 0x1c9: 0x0e, 0x1ca: 0x0e, 0x1cb: 0x0e, 0x1cc: 0x0e, 0x1cd: 0x0e, 0x1ce: 0x0e, 0x1cf: 0x0e, - 0x1d0: 0x0e, 0x1d1: 0x0e, 0x1d2: 0x0e, 0x1d3: 0x0e, 0x1d4: 0x0e, 0x1d5: 0x0e, 0x1d6: 0x0e, 0x1d7: 0x0e, - 0x1d8: 0x0e, 0x1d9: 0x0e, 0x1da: 0x0e, 0x1db: 0x0e, 0x1dc: 0x0e, 0x1dd: 0x0e, 0x1de: 0x0e, 0x1df: 0x0e, - 0x1e0: 0x0e, 0x1e1: 0x0e, 0x1e2: 0x0e, 0x1e3: 0x0e, 0x1e4: 0x0e, 0x1e5: 0x0e, 0x1e6: 0x0e, 0x1e7: 0x0e, - 0x1e8: 0x0e, 0x1e9: 0x0e, 0x1ea: 0x0e, 0x1eb: 0x0e, 0x1ec: 0x0e, 0x1ed: 0x0e, 0x1ee: 0x0e, 0x1ef: 0x0e, - 0x1f0: 0x0e, 0x1f1: 0x0e, 0x1f2: 0x0e, 0x1f3: 0x0e, 0x1f4: 0x0e, 0x1f5: 0x0e, 0x1f6: 0x0e, - 0x1f8: 0x0e, 0x1f9: 0x0e, 0x1fa: 0x0e, 0x1fb: 0x0e, 0x1fc: 0x0e, 0x1fd: 0x0e, 0x1fe: 0x0e, 0x1ff: 0x0e, - // Block 0x8, offset 0x200 - 0x200: 0x0e, 0x201: 0x0e, 0x202: 0x0e, 0x203: 0x0e, 0x204: 0x0e, 0x205: 0x0e, 0x206: 0x0e, 0x207: 0x0e, - 0x208: 0x0e, 0x209: 0x0e, 0x20a: 0x0e, 0x20b: 0x0e, 0x20c: 0x0e, 0x20d: 0x0e, 0x20e: 0x0e, 0x20f: 0x0e, - 0x210: 0x0e, 0x211: 0x0e, 0x212: 0x0e, 0x213: 0x0e, 0x214: 0x0e, 0x215: 0x0e, 0x216: 0x0e, 0x217: 0x0e, - 0x218: 0x0e, 0x219: 0x0e, 0x21a: 0x0e, 0x21b: 0x0e, 0x21c: 0x0e, 0x21d: 0x0e, 0x21e: 0x0e, 0x21f: 0x0e, - 0x220: 0x0e, 0x221: 0x0e, 0x222: 0x0e, 0x223: 0x0e, 0x224: 0x0e, 0x225: 0x0e, 0x226: 0x0e, 0x227: 0x0e, - 0x228: 0x0e, 0x229: 0x0e, 0x22a: 0x0e, 0x22b: 0x0e, 0x22c: 0x0e, 0x22d: 0x0e, 0x22e: 0x0e, 0x22f: 0x0e, - 0x230: 0x0e, 0x231: 0x0e, 0x232: 0x0e, 0x233: 0x0e, 0x234: 0x0e, 0x235: 0x0e, 0x236: 0x0e, 0x237: 0x0e, - 0x238: 0x0e, 0x239: 0x0e, 0x23a: 0x0e, 0x23b: 0x0e, 0x23c: 0x0e, 0x23d: 0x0e, 0x23e: 0x0e, 0x23f: 0x0e, - // Block 0x9, offset 0x240 - 0x240: 0x0e, 0x241: 0x0e, 0x242: 0x0e, 0x243: 0x0e, 0x244: 0x0e, 0x245: 0x0e, 0x246: 0x0e, 0x247: 0x0e, - 0x248: 0x0e, 0x249: 0x0e, 0x24a: 0x0e, 0x24b: 0x0e, 0x24c: 0x0e, 0x24d: 0x0e, 0x24e: 0x0e, 0x24f: 0x0e, - 0x250: 0x0e, 0x251: 0x0e, 0x252: 0x3b, 0x253: 0x3c, - 0x265: 0x3d, - 0x270: 0x0e, 0x271: 0x0e, 0x272: 0x0e, 0x273: 0x0e, 0x274: 0x0e, 0x275: 0x0e, 0x276: 0x0e, 0x277: 0x0e, - 0x278: 0x0e, 0x279: 0x0e, 0x27a: 0x0e, 0x27b: 0x0e, 0x27c: 0x0e, 0x27d: 0x0e, 0x27e: 0x0e, 0x27f: 0x0e, - // Block 0xa, offset 0x280 - 0x280: 0x0e, 0x281: 0x0e, 0x282: 0x0e, 0x283: 0x0e, 0x284: 0x0e, 0x285: 0x0e, 0x286: 0x0e, 0x287: 0x0e, - 0x288: 0x0e, 0x289: 0x0e, 0x28a: 0x0e, 0x28b: 0x0e, 0x28c: 0x0e, 0x28d: 0x0e, 0x28e: 0x0e, 0x28f: 0x0e, - 0x290: 0x0e, 0x291: 0x0e, 0x292: 0x0e, 0x293: 0x0e, 0x294: 0x0e, 0x295: 0x0e, 0x296: 0x0e, 0x297: 0x0e, - 0x298: 0x0e, 0x299: 0x0e, 0x29a: 0x0e, 0x29b: 0x0e, 0x29c: 0x0e, 0x29d: 0x0e, 0x29e: 0x3e, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x08, 0x2c1: 0x08, 0x2c2: 0x08, 0x2c3: 0x08, 0x2c4: 0x08, 0x2c5: 0x08, 0x2c6: 0x08, 0x2c7: 0x08, - 0x2c8: 0x08, 0x2c9: 0x08, 0x2ca: 0x08, 0x2cb: 0x08, 0x2cc: 0x08, 0x2cd: 0x08, 0x2ce: 0x08, 0x2cf: 0x08, - 0x2d0: 0x08, 0x2d1: 0x08, 0x2d2: 0x08, 0x2d3: 0x08, 0x2d4: 0x08, 0x2d5: 0x08, 0x2d6: 0x08, 0x2d7: 0x08, - 0x2d8: 0x08, 0x2d9: 0x08, 0x2da: 0x08, 0x2db: 0x08, 0x2dc: 0x08, 0x2dd: 0x08, 0x2de: 0x08, 0x2df: 0x08, - 0x2e0: 0x08, 0x2e1: 0x08, 0x2e2: 0x08, 0x2e3: 0x08, 0x2e4: 0x08, 0x2e5: 0x08, 0x2e6: 0x08, 0x2e7: 0x08, - 0x2e8: 0x08, 0x2e9: 0x08, 0x2ea: 0x08, 0x2eb: 0x08, 0x2ec: 0x08, 0x2ed: 0x08, 0x2ee: 0x08, 0x2ef: 0x08, - 0x2f0: 0x08, 0x2f1: 0x08, 0x2f2: 0x08, 0x2f3: 0x08, 0x2f4: 0x08, 0x2f5: 0x08, 0x2f6: 0x08, 0x2f7: 0x08, - 0x2f8: 0x08, 0x2f9: 0x08, 0x2fa: 0x08, 0x2fb: 0x08, 0x2fc: 0x08, 0x2fd: 0x08, 0x2fe: 0x08, 0x2ff: 0x08, - // Block 0xc, offset 0x300 - 0x300: 0x08, 0x301: 0x08, 0x302: 0x08, 0x303: 0x08, 0x304: 0x08, 0x305: 0x08, 0x306: 0x08, 0x307: 0x08, - 0x308: 0x08, 0x309: 0x08, 0x30a: 0x08, 0x30b: 0x08, 0x30c: 0x08, 0x30d: 0x08, 0x30e: 0x08, 0x30f: 0x08, - 0x310: 0x08, 0x311: 0x08, 0x312: 0x08, 0x313: 0x08, 0x314: 0x08, 0x315: 0x08, 0x316: 0x08, 0x317: 0x08, - 0x318: 0x08, 0x319: 0x08, 0x31a: 0x08, 0x31b: 0x08, 0x31c: 0x08, 0x31d: 0x08, 0x31e: 0x08, 0x31f: 0x08, - 0x320: 0x08, 0x321: 0x08, 0x322: 0x08, 0x323: 0x08, 0x324: 0x0e, 0x325: 0x0e, 0x326: 0x0e, 0x327: 0x0e, - 0x328: 0x0e, 0x329: 0x0e, 0x32a: 0x0e, 0x32b: 0x0e, - 0x338: 0x3f, 0x339: 0x40, 0x33c: 0x41, 0x33d: 0x42, 0x33e: 0x43, 0x33f: 0x44, - // Block 0xd, offset 0x340 - 0x37f: 0x45, - // Block 0xe, offset 0x380 - 0x380: 0x0e, 0x381: 0x0e, 0x382: 0x0e, 0x383: 0x0e, 0x384: 0x0e, 0x385: 0x0e, 0x386: 0x0e, 0x387: 0x0e, - 0x388: 0x0e, 0x389: 0x0e, 0x38a: 0x0e, 0x38b: 0x0e, 0x38c: 0x0e, 0x38d: 0x0e, 0x38e: 0x0e, 0x38f: 0x0e, - 0x390: 0x0e, 0x391: 0x0e, 0x392: 0x0e, 0x393: 0x0e, 0x394: 0x0e, 0x395: 0x0e, 0x396: 0x0e, 0x397: 0x0e, - 0x398: 0x0e, 0x399: 0x0e, 0x39a: 0x0e, 0x39b: 0x0e, 0x39c: 0x0e, 0x39d: 0x0e, 0x39e: 0x0e, 0x39f: 0x46, - 0x3a0: 0x0e, 0x3a1: 0x0e, 0x3a2: 0x0e, 0x3a3: 0x0e, 0x3a4: 0x0e, 0x3a5: 0x0e, 0x3a6: 0x0e, 0x3a7: 0x0e, - 0x3a8: 0x0e, 0x3a9: 0x0e, 0x3aa: 0x0e, 0x3ab: 0x47, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x0e, 0x3c1: 0x0e, 0x3c2: 0x0e, 0x3c3: 0x0e, 0x3c4: 0x48, 0x3c5: 0x49, 0x3c6: 0x0e, 0x3c7: 0x0e, - 0x3c8: 0x0e, 0x3c9: 0x0e, 0x3ca: 0x0e, 0x3cb: 0x4a, - // Block 0x10, offset 0x400 - 0x400: 0x4b, 0x403: 0x4c, 0x404: 0x4d, 0x405: 0x4e, 0x406: 0x4f, - 0x408: 0x50, 0x409: 0x51, 0x40c: 0x52, 0x40d: 0x53, 0x40e: 0x54, 0x40f: 0x55, - 0x410: 0x3a, 0x411: 0x56, 0x412: 0x0e, 0x413: 0x57, 0x414: 0x58, 0x415: 0x59, 0x416: 0x5a, 0x417: 0x5b, - 0x418: 0x0e, 0x419: 0x5c, 0x41a: 0x0e, 0x41b: 0x5d, 0x41f: 0x5e, - 0x424: 0x5f, 0x425: 0x60, 0x426: 0x61, 0x427: 0x62, - 0x429: 0x63, 0x42a: 0x64, - // Block 0x11, offset 0x440 - 0x456: 0x0b, 0x457: 0x06, - 0x458: 0x0c, 0x45b: 0x0d, 0x45f: 0x0e, - 0x460: 0x06, 0x461: 0x06, 0x462: 0x06, 0x463: 0x06, 0x464: 0x06, 0x465: 0x06, 0x466: 0x06, 0x467: 0x06, - 0x468: 0x06, 0x469: 0x06, 0x46a: 0x06, 0x46b: 0x06, 0x46c: 0x06, 0x46d: 0x06, 0x46e: 0x06, 0x46f: 0x06, - 0x470: 0x06, 0x471: 0x06, 0x472: 0x06, 0x473: 0x06, 0x474: 0x06, 0x475: 0x06, 0x476: 0x06, 0x477: 0x06, - 0x478: 0x06, 0x479: 0x06, 0x47a: 0x06, 0x47b: 0x06, 0x47c: 0x06, 0x47d: 0x06, 0x47e: 0x06, 0x47f: 0x06, - // Block 0x12, offset 0x480 - 0x484: 0x08, 0x485: 0x08, 0x486: 0x08, 0x487: 0x09, - // Block 0x13, offset 0x4c0 - 0x4c0: 0x08, 0x4c1: 0x08, 0x4c2: 0x08, 0x4c3: 0x08, 0x4c4: 0x08, 0x4c5: 0x08, 0x4c6: 0x08, 0x4c7: 0x08, - 0x4c8: 0x08, 0x4c9: 0x08, 0x4ca: 0x08, 0x4cb: 0x08, 0x4cc: 0x08, 0x4cd: 0x08, 0x4ce: 0x08, 0x4cf: 0x08, - 0x4d0: 0x08, 0x4d1: 0x08, 0x4d2: 0x08, 0x4d3: 0x08, 0x4d4: 0x08, 0x4d5: 0x08, 0x4d6: 0x08, 0x4d7: 0x08, - 0x4d8: 0x08, 0x4d9: 0x08, 0x4da: 0x08, 0x4db: 0x08, 0x4dc: 0x08, 0x4dd: 0x08, 0x4de: 0x08, 0x4df: 0x08, - 0x4e0: 0x08, 0x4e1: 0x08, 0x4e2: 0x08, 0x4e3: 0x08, 0x4e4: 0x08, 0x4e5: 0x08, 0x4e6: 0x08, 0x4e7: 0x08, - 0x4e8: 0x08, 0x4e9: 0x08, 0x4ea: 0x08, 0x4eb: 0x08, 0x4ec: 0x08, 0x4ed: 0x08, 0x4ee: 0x08, 0x4ef: 0x08, - 0x4f0: 0x08, 0x4f1: 0x08, 0x4f2: 0x08, 0x4f3: 0x08, 0x4f4: 0x08, 0x4f5: 0x08, 0x4f6: 0x08, 0x4f7: 0x08, - 0x4f8: 0x08, 0x4f9: 0x08, 0x4fa: 0x08, 0x4fb: 0x08, 0x4fc: 0x08, 0x4fd: 0x08, 0x4fe: 0x08, 0x4ff: 0x65, - // Block 0x14, offset 0x500 - 0x520: 0x10, - 0x530: 0x09, 0x531: 0x09, 0x532: 0x09, 0x533: 0x09, 0x534: 0x09, 0x535: 0x09, 0x536: 0x09, 0x537: 0x09, - 0x538: 0x09, 0x539: 0x09, 0x53a: 0x09, 0x53b: 0x09, 0x53c: 0x09, 0x53d: 0x09, 0x53e: 0x09, 0x53f: 0x11, - // Block 0x15, offset 0x540 - 0x540: 0x09, 0x541: 0x09, 0x542: 0x09, 0x543: 0x09, 0x544: 0x09, 0x545: 0x09, 0x546: 0x09, 0x547: 0x09, - 0x548: 0x09, 0x549: 0x09, 0x54a: 0x09, 0x54b: 0x09, 0x54c: 0x09, 0x54d: 0x09, 0x54e: 0x09, 0x54f: 0x11, -} - -// inverseData contains 4-byte entries of the following format: -// -// <length> <modified UTF-8-encoded rune> <0 padding> -// -// The last byte of the UTF-8-encoded rune is xor-ed with the last byte of the -// UTF-8 encoding of the original rune. Mappings often have the following -// pattern: -// -// A -> A (U+FF21 -> U+0041) -// ï¼¢ -> B (U+FF22 -> U+0042) -// ... -// -// By xor-ing the last byte the same entry can be shared by many mappings. This -// reduces the total number of distinct entries by about two thirds. -// The resulting entry for the aforementioned mappings is -// -// { 0x01, 0xE0, 0x00, 0x00 } -// -// Using this entry to map U+FF21 (UTF-8 [EF BC A1]), we get -// -// E0 ^ A1 = 41. -// -// Similarly, for U+FF22 (UTF-8 [EF BC A2]), we get -// -// E0 ^ A2 = 42. -// -// Note that because of the xor-ing, the byte sequence stored in the entry is -// not valid UTF-8. -var inverseData = [150][4]byte{ - {0x00, 0x00, 0x00, 0x00}, - {0x03, 0xe3, 0x80, 0xa0}, - {0x03, 0xef, 0xbc, 0xa0}, - {0x03, 0xef, 0xbc, 0xe0}, - {0x03, 0xef, 0xbd, 0xe0}, - {0x03, 0xef, 0xbf, 0x02}, - {0x03, 0xef, 0xbf, 0x00}, - {0x03, 0xef, 0xbf, 0x0e}, - {0x03, 0xef, 0xbf, 0x0c}, - {0x03, 0xef, 0xbf, 0x0f}, - {0x03, 0xef, 0xbf, 0x39}, - {0x03, 0xef, 0xbf, 0x3b}, - {0x03, 0xef, 0xbf, 0x3f}, - {0x03, 0xef, 0xbf, 0x2a}, - {0x03, 0xef, 0xbf, 0x0d}, - {0x03, 0xef, 0xbf, 0x25}, - {0x03, 0xef, 0xbd, 0x1a}, - {0x03, 0xef, 0xbd, 0x26}, - {0x01, 0xa0, 0x00, 0x00}, - {0x03, 0xef, 0xbd, 0x25}, - {0x03, 0xef, 0xbd, 0x23}, - {0x03, 0xef, 0xbd, 0x2e}, - {0x03, 0xef, 0xbe, 0x07}, - {0x03, 0xef, 0xbe, 0x05}, - {0x03, 0xef, 0xbd, 0x06}, - {0x03, 0xef, 0xbd, 0x13}, - {0x03, 0xef, 0xbd, 0x0b}, - {0x03, 0xef, 0xbd, 0x16}, - {0x03, 0xef, 0xbd, 0x0c}, - {0x03, 0xef, 0xbd, 0x15}, - {0x03, 0xef, 0xbd, 0x0d}, - {0x03, 0xef, 0xbd, 0x1c}, - {0x03, 0xef, 0xbd, 0x02}, - {0x03, 0xef, 0xbd, 0x1f}, - {0x03, 0xef, 0xbd, 0x1d}, - {0x03, 0xef, 0xbd, 0x17}, - {0x03, 0xef, 0xbd, 0x08}, - {0x03, 0xef, 0xbd, 0x09}, - {0x03, 0xef, 0xbd, 0x0e}, - {0x03, 0xef, 0xbd, 0x04}, - {0x03, 0xef, 0xbd, 0x05}, - {0x03, 0xef, 0xbe, 0x3f}, - {0x03, 0xef, 0xbe, 0x00}, - {0x03, 0xef, 0xbd, 0x2c}, - {0x03, 0xef, 0xbe, 0x06}, - {0x03, 0xef, 0xbe, 0x0c}, - {0x03, 0xef, 0xbe, 0x0f}, - {0x03, 0xef, 0xbe, 0x0d}, - {0x03, 0xef, 0xbe, 0x0b}, - {0x03, 0xef, 0xbe, 0x19}, - {0x03, 0xef, 0xbe, 0x15}, - {0x03, 0xef, 0xbe, 0x11}, - {0x03, 0xef, 0xbe, 0x31}, - {0x03, 0xef, 0xbe, 0x33}, - {0x03, 0xef, 0xbd, 0x0f}, - {0x03, 0xef, 0xbe, 0x30}, - {0x03, 0xef, 0xbe, 0x3e}, - {0x03, 0xef, 0xbe, 0x32}, - {0x03, 0xef, 0xbe, 0x36}, - {0x03, 0xef, 0xbd, 0x14}, - {0x03, 0xef, 0xbe, 0x2e}, - {0x03, 0xef, 0xbd, 0x1e}, - {0x03, 0xef, 0xbe, 0x10}, - {0x03, 0xef, 0xbf, 0x13}, - {0x03, 0xef, 0xbf, 0x15}, - {0x03, 0xef, 0xbf, 0x17}, - {0x03, 0xef, 0xbf, 0x1f}, - {0x03, 0xef, 0xbf, 0x1d}, - {0x03, 0xef, 0xbf, 0x1b}, - {0x03, 0xef, 0xbf, 0x09}, - {0x03, 0xef, 0xbf, 0x0b}, - {0x03, 0xef, 0xbf, 0x37}, - {0x03, 0xef, 0xbe, 0x04}, - {0x01, 0xe0, 0x00, 0x00}, - {0x03, 0xe2, 0xa6, 0x1a}, - {0x03, 0xe2, 0xa6, 0x26}, - {0x03, 0xe3, 0x80, 0x23}, - {0x03, 0xe3, 0x80, 0x2e}, - {0x03, 0xe3, 0x80, 0x25}, - {0x03, 0xe3, 0x83, 0x1e}, - {0x03, 0xe3, 0x83, 0x14}, - {0x03, 0xe3, 0x82, 0x06}, - {0x03, 0xe3, 0x82, 0x0b}, - {0x03, 0xe3, 0x82, 0x0c}, - {0x03, 0xe3, 0x82, 0x0d}, - {0x03, 0xe3, 0x82, 0x02}, - {0x03, 0xe3, 0x83, 0x0f}, - {0x03, 0xe3, 0x83, 0x08}, - {0x03, 0xe3, 0x83, 0x09}, - {0x03, 0xe3, 0x83, 0x2c}, - {0x03, 0xe3, 0x83, 0x0c}, - {0x03, 0xe3, 0x82, 0x13}, - {0x03, 0xe3, 0x82, 0x16}, - {0x03, 0xe3, 0x82, 0x15}, - {0x03, 0xe3, 0x82, 0x1c}, - {0x03, 0xe3, 0x82, 0x1f}, - {0x03, 0xe3, 0x82, 0x1d}, - {0x03, 0xe3, 0x82, 0x1a}, - {0x03, 0xe3, 0x82, 0x17}, - {0x03, 0xe3, 0x82, 0x08}, - {0x03, 0xe3, 0x82, 0x09}, - {0x03, 0xe3, 0x82, 0x0e}, - {0x03, 0xe3, 0x82, 0x04}, - {0x03, 0xe3, 0x82, 0x05}, - {0x03, 0xe3, 0x82, 0x3f}, - {0x03, 0xe3, 0x83, 0x00}, - {0x03, 0xe3, 0x83, 0x06}, - {0x03, 0xe3, 0x83, 0x05}, - {0x03, 0xe3, 0x83, 0x0d}, - {0x03, 0xe3, 0x83, 0x0b}, - {0x03, 0xe3, 0x83, 0x07}, - {0x03, 0xe3, 0x83, 0x19}, - {0x03, 0xe3, 0x83, 0x15}, - {0x03, 0xe3, 0x83, 0x11}, - {0x03, 0xe3, 0x83, 0x31}, - {0x03, 0xe3, 0x83, 0x33}, - {0x03, 0xe3, 0x83, 0x30}, - {0x03, 0xe3, 0x83, 0x3e}, - {0x03, 0xe3, 0x83, 0x32}, - {0x03, 0xe3, 0x83, 0x36}, - {0x03, 0xe3, 0x83, 0x2e}, - {0x03, 0xe3, 0x82, 0x07}, - {0x03, 0xe3, 0x85, 0x04}, - {0x03, 0xe3, 0x84, 0x10}, - {0x03, 0xe3, 0x85, 0x30}, - {0x03, 0xe3, 0x85, 0x0d}, - {0x03, 0xe3, 0x85, 0x13}, - {0x03, 0xe3, 0x85, 0x15}, - {0x03, 0xe3, 0x85, 0x17}, - {0x03, 0xe3, 0x85, 0x1f}, - {0x03, 0xe3, 0x85, 0x1d}, - {0x03, 0xe3, 0x85, 0x1b}, - {0x03, 0xe3, 0x85, 0x09}, - {0x03, 0xe3, 0x85, 0x0f}, - {0x03, 0xe3, 0x85, 0x0b}, - {0x03, 0xe3, 0x85, 0x37}, - {0x03, 0xe3, 0x85, 0x3b}, - {0x03, 0xe3, 0x85, 0x39}, - {0x03, 0xe3, 0x85, 0x3f}, - {0x02, 0xc2, 0x02, 0x00}, - {0x02, 0xc2, 0x0e, 0x00}, - {0x02, 0xc2, 0x0c, 0x00}, - {0x02, 0xc2, 0x00, 0x00}, - {0x03, 0xe2, 0x82, 0x0f}, - {0x03, 0xe2, 0x94, 0x2a}, - {0x03, 0xe2, 0x86, 0x39}, - {0x03, 0xe2, 0x86, 0x3b}, - {0x03, 0xe2, 0x86, 0x3f}, - {0x03, 0xe2, 0x96, 0x0d}, - {0x03, 0xe2, 0x97, 0x25}, -} - -// Total table size 15320 bytes (14KiB) diff --git a/etcd/vendor/golang.org/x/text/width/tables13.0.0.go b/etcd/vendor/golang.org/x/text/width/tables13.0.0.go deleted file mode 100644 index ab258e3848..0000000000 --- a/etcd/vendor/golang.org/x/text/width/tables13.0.0.go +++ /dev/null @@ -1,1362 +0,0 @@ -// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - -//go:build go1.16 -// +build go1.16 - -package width - -// UnicodeVersion is the Unicode version from which the tables in this package are derived. -const UnicodeVersion = "13.0.0" - -// lookup returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookup(s []byte) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupUnsafe(s []byte) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// lookupString returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookupString(s string) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupStringUnsafe(s string) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// widthTrie. Total size: 14848 bytes (14.50 KiB). Checksum: 17e24343536472f6. -type widthTrie struct{} - -func newWidthTrie(i int) *widthTrie { - return &widthTrie{} -} - -// lookupValue determines the type of block n and looks up the value for b. -func (t *widthTrie) lookupValue(n uint32, b byte) uint16 { - switch { - default: - return uint16(widthValues[n<<6+uint32(b)]) - } -} - -// widthValues: 105 blocks, 6720 entries, 13440 bytes -// The third block is the zero block. -var widthValues = [6720]uint16{ - // Block 0x0, offset 0x0 - 0x20: 0x6001, 0x21: 0x6002, 0x22: 0x6002, 0x23: 0x6002, - 0x24: 0x6002, 0x25: 0x6002, 0x26: 0x6002, 0x27: 0x6002, 0x28: 0x6002, 0x29: 0x6002, - 0x2a: 0x6002, 0x2b: 0x6002, 0x2c: 0x6002, 0x2d: 0x6002, 0x2e: 0x6002, 0x2f: 0x6002, - 0x30: 0x6002, 0x31: 0x6002, 0x32: 0x6002, 0x33: 0x6002, 0x34: 0x6002, 0x35: 0x6002, - 0x36: 0x6002, 0x37: 0x6002, 0x38: 0x6002, 0x39: 0x6002, 0x3a: 0x6002, 0x3b: 0x6002, - 0x3c: 0x6002, 0x3d: 0x6002, 0x3e: 0x6002, 0x3f: 0x6002, - // Block 0x1, offset 0x40 - 0x40: 0x6003, 0x41: 0x6003, 0x42: 0x6003, 0x43: 0x6003, 0x44: 0x6003, 0x45: 0x6003, - 0x46: 0x6003, 0x47: 0x6003, 0x48: 0x6003, 0x49: 0x6003, 0x4a: 0x6003, 0x4b: 0x6003, - 0x4c: 0x6003, 0x4d: 0x6003, 0x4e: 0x6003, 0x4f: 0x6003, 0x50: 0x6003, 0x51: 0x6003, - 0x52: 0x6003, 0x53: 0x6003, 0x54: 0x6003, 0x55: 0x6003, 0x56: 0x6003, 0x57: 0x6003, - 0x58: 0x6003, 0x59: 0x6003, 0x5a: 0x6003, 0x5b: 0x6003, 0x5c: 0x6003, 0x5d: 0x6003, - 0x5e: 0x6003, 0x5f: 0x6003, 0x60: 0x6004, 0x61: 0x6004, 0x62: 0x6004, 0x63: 0x6004, - 0x64: 0x6004, 0x65: 0x6004, 0x66: 0x6004, 0x67: 0x6004, 0x68: 0x6004, 0x69: 0x6004, - 0x6a: 0x6004, 0x6b: 0x6004, 0x6c: 0x6004, 0x6d: 0x6004, 0x6e: 0x6004, 0x6f: 0x6004, - 0x70: 0x6004, 0x71: 0x6004, 0x72: 0x6004, 0x73: 0x6004, 0x74: 0x6004, 0x75: 0x6004, - 0x76: 0x6004, 0x77: 0x6004, 0x78: 0x6004, 0x79: 0x6004, 0x7a: 0x6004, 0x7b: 0x6004, - 0x7c: 0x6004, 0x7d: 0x6004, 0x7e: 0x6004, - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xe1: 0x2000, 0xe2: 0x6005, 0xe3: 0x6005, - 0xe4: 0x2000, 0xe5: 0x6006, 0xe6: 0x6005, 0xe7: 0x2000, 0xe8: 0x2000, - 0xea: 0x2000, 0xec: 0x6007, 0xed: 0x2000, 0xee: 0x2000, 0xef: 0x6008, - 0xf0: 0x2000, 0xf1: 0x2000, 0xf2: 0x2000, 0xf3: 0x2000, 0xf4: 0x2000, - 0xf6: 0x2000, 0xf7: 0x2000, 0xf8: 0x2000, 0xf9: 0x2000, 0xfa: 0x2000, - 0xfc: 0x2000, 0xfd: 0x2000, 0xfe: 0x2000, 0xff: 0x2000, - // Block 0x4, offset 0x100 - 0x106: 0x2000, - 0x110: 0x2000, - 0x117: 0x2000, - 0x118: 0x2000, - 0x11e: 0x2000, 0x11f: 0x2000, 0x120: 0x2000, 0x121: 0x2000, - 0x126: 0x2000, 0x128: 0x2000, 0x129: 0x2000, - 0x12a: 0x2000, 0x12c: 0x2000, 0x12d: 0x2000, - 0x130: 0x2000, 0x132: 0x2000, 0x133: 0x2000, - 0x137: 0x2000, 0x138: 0x2000, 0x139: 0x2000, 0x13a: 0x2000, - 0x13c: 0x2000, 0x13e: 0x2000, - // Block 0x5, offset 0x140 - 0x141: 0x2000, - 0x151: 0x2000, - 0x153: 0x2000, - 0x15b: 0x2000, - 0x166: 0x2000, 0x167: 0x2000, - 0x16b: 0x2000, - 0x171: 0x2000, 0x172: 0x2000, 0x173: 0x2000, - 0x178: 0x2000, - 0x17f: 0x2000, - // Block 0x6, offset 0x180 - 0x180: 0x2000, 0x181: 0x2000, 0x182: 0x2000, 0x184: 0x2000, - 0x188: 0x2000, 0x189: 0x2000, 0x18a: 0x2000, 0x18b: 0x2000, - 0x18d: 0x2000, - 0x192: 0x2000, 0x193: 0x2000, - 0x1a6: 0x2000, 0x1a7: 0x2000, - 0x1ab: 0x2000, - // Block 0x7, offset 0x1c0 - 0x1ce: 0x2000, 0x1d0: 0x2000, - 0x1d2: 0x2000, 0x1d4: 0x2000, 0x1d6: 0x2000, - 0x1d8: 0x2000, 0x1da: 0x2000, 0x1dc: 0x2000, - // Block 0x8, offset 0x200 - 0x211: 0x2000, - 0x221: 0x2000, - // Block 0x9, offset 0x240 - 0x244: 0x2000, - 0x247: 0x2000, 0x249: 0x2000, 0x24a: 0x2000, 0x24b: 0x2000, - 0x24d: 0x2000, 0x250: 0x2000, - 0x258: 0x2000, 0x259: 0x2000, 0x25a: 0x2000, 0x25b: 0x2000, 0x25d: 0x2000, - 0x25f: 0x2000, - // Block 0xa, offset 0x280 - 0x280: 0x2000, 0x281: 0x2000, 0x282: 0x2000, 0x283: 0x2000, 0x284: 0x2000, 0x285: 0x2000, - 0x286: 0x2000, 0x287: 0x2000, 0x288: 0x2000, 0x289: 0x2000, 0x28a: 0x2000, 0x28b: 0x2000, - 0x28c: 0x2000, 0x28d: 0x2000, 0x28e: 0x2000, 0x28f: 0x2000, 0x290: 0x2000, 0x291: 0x2000, - 0x292: 0x2000, 0x293: 0x2000, 0x294: 0x2000, 0x295: 0x2000, 0x296: 0x2000, 0x297: 0x2000, - 0x298: 0x2000, 0x299: 0x2000, 0x29a: 0x2000, 0x29b: 0x2000, 0x29c: 0x2000, 0x29d: 0x2000, - 0x29e: 0x2000, 0x29f: 0x2000, 0x2a0: 0x2000, 0x2a1: 0x2000, 0x2a2: 0x2000, 0x2a3: 0x2000, - 0x2a4: 0x2000, 0x2a5: 0x2000, 0x2a6: 0x2000, 0x2a7: 0x2000, 0x2a8: 0x2000, 0x2a9: 0x2000, - 0x2aa: 0x2000, 0x2ab: 0x2000, 0x2ac: 0x2000, 0x2ad: 0x2000, 0x2ae: 0x2000, 0x2af: 0x2000, - 0x2b0: 0x2000, 0x2b1: 0x2000, 0x2b2: 0x2000, 0x2b3: 0x2000, 0x2b4: 0x2000, 0x2b5: 0x2000, - 0x2b6: 0x2000, 0x2b7: 0x2000, 0x2b8: 0x2000, 0x2b9: 0x2000, 0x2ba: 0x2000, 0x2bb: 0x2000, - 0x2bc: 0x2000, 0x2bd: 0x2000, 0x2be: 0x2000, 0x2bf: 0x2000, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x2000, 0x2c1: 0x2000, 0x2c2: 0x2000, 0x2c3: 0x2000, 0x2c4: 0x2000, 0x2c5: 0x2000, - 0x2c6: 0x2000, 0x2c7: 0x2000, 0x2c8: 0x2000, 0x2c9: 0x2000, 0x2ca: 0x2000, 0x2cb: 0x2000, - 0x2cc: 0x2000, 0x2cd: 0x2000, 0x2ce: 0x2000, 0x2cf: 0x2000, 0x2d0: 0x2000, 0x2d1: 0x2000, - 0x2d2: 0x2000, 0x2d3: 0x2000, 0x2d4: 0x2000, 0x2d5: 0x2000, 0x2d6: 0x2000, 0x2d7: 0x2000, - 0x2d8: 0x2000, 0x2d9: 0x2000, 0x2da: 0x2000, 0x2db: 0x2000, 0x2dc: 0x2000, 0x2dd: 0x2000, - 0x2de: 0x2000, 0x2df: 0x2000, 0x2e0: 0x2000, 0x2e1: 0x2000, 0x2e2: 0x2000, 0x2e3: 0x2000, - 0x2e4: 0x2000, 0x2e5: 0x2000, 0x2e6: 0x2000, 0x2e7: 0x2000, 0x2e8: 0x2000, 0x2e9: 0x2000, - 0x2ea: 0x2000, 0x2eb: 0x2000, 0x2ec: 0x2000, 0x2ed: 0x2000, 0x2ee: 0x2000, 0x2ef: 0x2000, - // Block 0xc, offset 0x300 - 0x311: 0x2000, - 0x312: 0x2000, 0x313: 0x2000, 0x314: 0x2000, 0x315: 0x2000, 0x316: 0x2000, 0x317: 0x2000, - 0x318: 0x2000, 0x319: 0x2000, 0x31a: 0x2000, 0x31b: 0x2000, 0x31c: 0x2000, 0x31d: 0x2000, - 0x31e: 0x2000, 0x31f: 0x2000, 0x320: 0x2000, 0x321: 0x2000, 0x323: 0x2000, - 0x324: 0x2000, 0x325: 0x2000, 0x326: 0x2000, 0x327: 0x2000, 0x328: 0x2000, 0x329: 0x2000, - 0x331: 0x2000, 0x332: 0x2000, 0x333: 0x2000, 0x334: 0x2000, 0x335: 0x2000, - 0x336: 0x2000, 0x337: 0x2000, 0x338: 0x2000, 0x339: 0x2000, 0x33a: 0x2000, 0x33b: 0x2000, - 0x33c: 0x2000, 0x33d: 0x2000, 0x33e: 0x2000, 0x33f: 0x2000, - // Block 0xd, offset 0x340 - 0x340: 0x2000, 0x341: 0x2000, 0x343: 0x2000, 0x344: 0x2000, 0x345: 0x2000, - 0x346: 0x2000, 0x347: 0x2000, 0x348: 0x2000, 0x349: 0x2000, - // Block 0xe, offset 0x380 - 0x381: 0x2000, - 0x390: 0x2000, 0x391: 0x2000, - 0x392: 0x2000, 0x393: 0x2000, 0x394: 0x2000, 0x395: 0x2000, 0x396: 0x2000, 0x397: 0x2000, - 0x398: 0x2000, 0x399: 0x2000, 0x39a: 0x2000, 0x39b: 0x2000, 0x39c: 0x2000, 0x39d: 0x2000, - 0x39e: 0x2000, 0x39f: 0x2000, 0x3a0: 0x2000, 0x3a1: 0x2000, 0x3a2: 0x2000, 0x3a3: 0x2000, - 0x3a4: 0x2000, 0x3a5: 0x2000, 0x3a6: 0x2000, 0x3a7: 0x2000, 0x3a8: 0x2000, 0x3a9: 0x2000, - 0x3aa: 0x2000, 0x3ab: 0x2000, 0x3ac: 0x2000, 0x3ad: 0x2000, 0x3ae: 0x2000, 0x3af: 0x2000, - 0x3b0: 0x2000, 0x3b1: 0x2000, 0x3b2: 0x2000, 0x3b3: 0x2000, 0x3b4: 0x2000, 0x3b5: 0x2000, - 0x3b6: 0x2000, 0x3b7: 0x2000, 0x3b8: 0x2000, 0x3b9: 0x2000, 0x3ba: 0x2000, 0x3bb: 0x2000, - 0x3bc: 0x2000, 0x3bd: 0x2000, 0x3be: 0x2000, 0x3bf: 0x2000, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x2000, 0x3c1: 0x2000, 0x3c2: 0x2000, 0x3c3: 0x2000, 0x3c4: 0x2000, 0x3c5: 0x2000, - 0x3c6: 0x2000, 0x3c7: 0x2000, 0x3c8: 0x2000, 0x3c9: 0x2000, 0x3ca: 0x2000, 0x3cb: 0x2000, - 0x3cc: 0x2000, 0x3cd: 0x2000, 0x3ce: 0x2000, 0x3cf: 0x2000, 0x3d1: 0x2000, - // Block 0x10, offset 0x400 - 0x400: 0x4000, 0x401: 0x4000, 0x402: 0x4000, 0x403: 0x4000, 0x404: 0x4000, 0x405: 0x4000, - 0x406: 0x4000, 0x407: 0x4000, 0x408: 0x4000, 0x409: 0x4000, 0x40a: 0x4000, 0x40b: 0x4000, - 0x40c: 0x4000, 0x40d: 0x4000, 0x40e: 0x4000, 0x40f: 0x4000, 0x410: 0x4000, 0x411: 0x4000, - 0x412: 0x4000, 0x413: 0x4000, 0x414: 0x4000, 0x415: 0x4000, 0x416: 0x4000, 0x417: 0x4000, - 0x418: 0x4000, 0x419: 0x4000, 0x41a: 0x4000, 0x41b: 0x4000, 0x41c: 0x4000, 0x41d: 0x4000, - 0x41e: 0x4000, 0x41f: 0x4000, 0x420: 0x4000, 0x421: 0x4000, 0x422: 0x4000, 0x423: 0x4000, - 0x424: 0x4000, 0x425: 0x4000, 0x426: 0x4000, 0x427: 0x4000, 0x428: 0x4000, 0x429: 0x4000, - 0x42a: 0x4000, 0x42b: 0x4000, 0x42c: 0x4000, 0x42d: 0x4000, 0x42e: 0x4000, 0x42f: 0x4000, - 0x430: 0x4000, 0x431: 0x4000, 0x432: 0x4000, 0x433: 0x4000, 0x434: 0x4000, 0x435: 0x4000, - 0x436: 0x4000, 0x437: 0x4000, 0x438: 0x4000, 0x439: 0x4000, 0x43a: 0x4000, 0x43b: 0x4000, - 0x43c: 0x4000, 0x43d: 0x4000, 0x43e: 0x4000, 0x43f: 0x4000, - // Block 0x11, offset 0x440 - 0x440: 0x4000, 0x441: 0x4000, 0x442: 0x4000, 0x443: 0x4000, 0x444: 0x4000, 0x445: 0x4000, - 0x446: 0x4000, 0x447: 0x4000, 0x448: 0x4000, 0x449: 0x4000, 0x44a: 0x4000, 0x44b: 0x4000, - 0x44c: 0x4000, 0x44d: 0x4000, 0x44e: 0x4000, 0x44f: 0x4000, 0x450: 0x4000, 0x451: 0x4000, - 0x452: 0x4000, 0x453: 0x4000, 0x454: 0x4000, 0x455: 0x4000, 0x456: 0x4000, 0x457: 0x4000, - 0x458: 0x4000, 0x459: 0x4000, 0x45a: 0x4000, 0x45b: 0x4000, 0x45c: 0x4000, 0x45d: 0x4000, - 0x45e: 0x4000, 0x45f: 0x4000, - // Block 0x12, offset 0x480 - 0x490: 0x2000, - 0x493: 0x2000, 0x494: 0x2000, 0x495: 0x2000, 0x496: 0x2000, - 0x498: 0x2000, 0x499: 0x2000, 0x49c: 0x2000, 0x49d: 0x2000, - 0x4a0: 0x2000, 0x4a1: 0x2000, 0x4a2: 0x2000, - 0x4a4: 0x2000, 0x4a5: 0x2000, 0x4a6: 0x2000, 0x4a7: 0x2000, - 0x4b0: 0x2000, 0x4b2: 0x2000, 0x4b3: 0x2000, 0x4b5: 0x2000, - 0x4bb: 0x2000, - 0x4be: 0x2000, - // Block 0x13, offset 0x4c0 - 0x4f4: 0x2000, - 0x4ff: 0x2000, - // Block 0x14, offset 0x500 - 0x501: 0x2000, 0x502: 0x2000, 0x503: 0x2000, 0x504: 0x2000, - 0x529: 0xa009, - 0x52c: 0x2000, - // Block 0x15, offset 0x540 - 0x543: 0x2000, 0x545: 0x2000, - 0x549: 0x2000, - 0x553: 0x2000, 0x556: 0x2000, - 0x561: 0x2000, 0x562: 0x2000, - 0x566: 0x2000, - 0x56b: 0x2000, - // Block 0x16, offset 0x580 - 0x593: 0x2000, 0x594: 0x2000, - 0x59b: 0x2000, 0x59c: 0x2000, 0x59d: 0x2000, - 0x59e: 0x2000, 0x5a0: 0x2000, 0x5a1: 0x2000, 0x5a2: 0x2000, 0x5a3: 0x2000, - 0x5a4: 0x2000, 0x5a5: 0x2000, 0x5a6: 0x2000, 0x5a7: 0x2000, 0x5a8: 0x2000, 0x5a9: 0x2000, - 0x5aa: 0x2000, 0x5ab: 0x2000, - 0x5b0: 0x2000, 0x5b1: 0x2000, 0x5b2: 0x2000, 0x5b3: 0x2000, 0x5b4: 0x2000, 0x5b5: 0x2000, - 0x5b6: 0x2000, 0x5b7: 0x2000, 0x5b8: 0x2000, 0x5b9: 0x2000, - // Block 0x17, offset 0x5c0 - 0x5c9: 0x2000, - 0x5d0: 0x200a, 0x5d1: 0x200b, - 0x5d2: 0x200a, 0x5d3: 0x200c, 0x5d4: 0x2000, 0x5d5: 0x2000, 0x5d6: 0x2000, 0x5d7: 0x2000, - 0x5d8: 0x2000, 0x5d9: 0x2000, - 0x5f8: 0x2000, 0x5f9: 0x2000, - // Block 0x18, offset 0x600 - 0x612: 0x2000, 0x614: 0x2000, - 0x627: 0x2000, - // Block 0x19, offset 0x640 - 0x640: 0x2000, 0x642: 0x2000, 0x643: 0x2000, - 0x647: 0x2000, 0x648: 0x2000, 0x64b: 0x2000, - 0x64f: 0x2000, 0x651: 0x2000, - 0x655: 0x2000, - 0x65a: 0x2000, 0x65d: 0x2000, - 0x65e: 0x2000, 0x65f: 0x2000, 0x660: 0x2000, 0x663: 0x2000, - 0x665: 0x2000, 0x667: 0x2000, 0x668: 0x2000, 0x669: 0x2000, - 0x66a: 0x2000, 0x66b: 0x2000, 0x66c: 0x2000, 0x66e: 0x2000, - 0x674: 0x2000, 0x675: 0x2000, - 0x676: 0x2000, 0x677: 0x2000, - 0x67c: 0x2000, 0x67d: 0x2000, - // Block 0x1a, offset 0x680 - 0x688: 0x2000, - 0x68c: 0x2000, - 0x692: 0x2000, - 0x6a0: 0x2000, 0x6a1: 0x2000, - 0x6a4: 0x2000, 0x6a5: 0x2000, 0x6a6: 0x2000, 0x6a7: 0x2000, - 0x6aa: 0x2000, 0x6ab: 0x2000, 0x6ae: 0x2000, 0x6af: 0x2000, - // Block 0x1b, offset 0x6c0 - 0x6c2: 0x2000, 0x6c3: 0x2000, - 0x6c6: 0x2000, 0x6c7: 0x2000, - 0x6d5: 0x2000, - 0x6d9: 0x2000, - 0x6e5: 0x2000, - 0x6ff: 0x2000, - // Block 0x1c, offset 0x700 - 0x712: 0x2000, - 0x71a: 0x4000, 0x71b: 0x4000, - 0x729: 0x4000, - 0x72a: 0x4000, - // Block 0x1d, offset 0x740 - 0x769: 0x4000, - 0x76a: 0x4000, 0x76b: 0x4000, 0x76c: 0x4000, - 0x770: 0x4000, 0x773: 0x4000, - // Block 0x1e, offset 0x780 - 0x7a0: 0x2000, 0x7a1: 0x2000, 0x7a2: 0x2000, 0x7a3: 0x2000, - 0x7a4: 0x2000, 0x7a5: 0x2000, 0x7a6: 0x2000, 0x7a7: 0x2000, 0x7a8: 0x2000, 0x7a9: 0x2000, - 0x7aa: 0x2000, 0x7ab: 0x2000, 0x7ac: 0x2000, 0x7ad: 0x2000, 0x7ae: 0x2000, 0x7af: 0x2000, - 0x7b0: 0x2000, 0x7b1: 0x2000, 0x7b2: 0x2000, 0x7b3: 0x2000, 0x7b4: 0x2000, 0x7b5: 0x2000, - 0x7b6: 0x2000, 0x7b7: 0x2000, 0x7b8: 0x2000, 0x7b9: 0x2000, 0x7ba: 0x2000, 0x7bb: 0x2000, - 0x7bc: 0x2000, 0x7bd: 0x2000, 0x7be: 0x2000, 0x7bf: 0x2000, - // Block 0x1f, offset 0x7c0 - 0x7c0: 0x2000, 0x7c1: 0x2000, 0x7c2: 0x2000, 0x7c3: 0x2000, 0x7c4: 0x2000, 0x7c5: 0x2000, - 0x7c6: 0x2000, 0x7c7: 0x2000, 0x7c8: 0x2000, 0x7c9: 0x2000, 0x7ca: 0x2000, 0x7cb: 0x2000, - 0x7cc: 0x2000, 0x7cd: 0x2000, 0x7ce: 0x2000, 0x7cf: 0x2000, 0x7d0: 0x2000, 0x7d1: 0x2000, - 0x7d2: 0x2000, 0x7d3: 0x2000, 0x7d4: 0x2000, 0x7d5: 0x2000, 0x7d6: 0x2000, 0x7d7: 0x2000, - 0x7d8: 0x2000, 0x7d9: 0x2000, 0x7da: 0x2000, 0x7db: 0x2000, 0x7dc: 0x2000, 0x7dd: 0x2000, - 0x7de: 0x2000, 0x7df: 0x2000, 0x7e0: 0x2000, 0x7e1: 0x2000, 0x7e2: 0x2000, 0x7e3: 0x2000, - 0x7e4: 0x2000, 0x7e5: 0x2000, 0x7e6: 0x2000, 0x7e7: 0x2000, 0x7e8: 0x2000, 0x7e9: 0x2000, - 0x7eb: 0x2000, 0x7ec: 0x2000, 0x7ed: 0x2000, 0x7ee: 0x2000, 0x7ef: 0x2000, - 0x7f0: 0x2000, 0x7f1: 0x2000, 0x7f2: 0x2000, 0x7f3: 0x2000, 0x7f4: 0x2000, 0x7f5: 0x2000, - 0x7f6: 0x2000, 0x7f7: 0x2000, 0x7f8: 0x2000, 0x7f9: 0x2000, 0x7fa: 0x2000, 0x7fb: 0x2000, - 0x7fc: 0x2000, 0x7fd: 0x2000, 0x7fe: 0x2000, 0x7ff: 0x2000, - // Block 0x20, offset 0x800 - 0x800: 0x2000, 0x801: 0x2000, 0x802: 0x200d, 0x803: 0x2000, 0x804: 0x2000, 0x805: 0x2000, - 0x806: 0x2000, 0x807: 0x2000, 0x808: 0x2000, 0x809: 0x2000, 0x80a: 0x2000, 0x80b: 0x2000, - 0x80c: 0x2000, 0x80d: 0x2000, 0x80e: 0x2000, 0x80f: 0x2000, 0x810: 0x2000, 0x811: 0x2000, - 0x812: 0x2000, 0x813: 0x2000, 0x814: 0x2000, 0x815: 0x2000, 0x816: 0x2000, 0x817: 0x2000, - 0x818: 0x2000, 0x819: 0x2000, 0x81a: 0x2000, 0x81b: 0x2000, 0x81c: 0x2000, 0x81d: 0x2000, - 0x81e: 0x2000, 0x81f: 0x2000, 0x820: 0x2000, 0x821: 0x2000, 0x822: 0x2000, 0x823: 0x2000, - 0x824: 0x2000, 0x825: 0x2000, 0x826: 0x2000, 0x827: 0x2000, 0x828: 0x2000, 0x829: 0x2000, - 0x82a: 0x2000, 0x82b: 0x2000, 0x82c: 0x2000, 0x82d: 0x2000, 0x82e: 0x2000, 0x82f: 0x2000, - 0x830: 0x2000, 0x831: 0x2000, 0x832: 0x2000, 0x833: 0x2000, 0x834: 0x2000, 0x835: 0x2000, - 0x836: 0x2000, 0x837: 0x2000, 0x838: 0x2000, 0x839: 0x2000, 0x83a: 0x2000, 0x83b: 0x2000, - 0x83c: 0x2000, 0x83d: 0x2000, 0x83e: 0x2000, 0x83f: 0x2000, - // Block 0x21, offset 0x840 - 0x840: 0x2000, 0x841: 0x2000, 0x842: 0x2000, 0x843: 0x2000, 0x844: 0x2000, 0x845: 0x2000, - 0x846: 0x2000, 0x847: 0x2000, 0x848: 0x2000, 0x849: 0x2000, 0x84a: 0x2000, 0x84b: 0x2000, - 0x850: 0x2000, 0x851: 0x2000, - 0x852: 0x2000, 0x853: 0x2000, 0x854: 0x2000, 0x855: 0x2000, 0x856: 0x2000, 0x857: 0x2000, - 0x858: 0x2000, 0x859: 0x2000, 0x85a: 0x2000, 0x85b: 0x2000, 0x85c: 0x2000, 0x85d: 0x2000, - 0x85e: 0x2000, 0x85f: 0x2000, 0x860: 0x2000, 0x861: 0x2000, 0x862: 0x2000, 0x863: 0x2000, - 0x864: 0x2000, 0x865: 0x2000, 0x866: 0x2000, 0x867: 0x2000, 0x868: 0x2000, 0x869: 0x2000, - 0x86a: 0x2000, 0x86b: 0x2000, 0x86c: 0x2000, 0x86d: 0x2000, 0x86e: 0x2000, 0x86f: 0x2000, - 0x870: 0x2000, 0x871: 0x2000, 0x872: 0x2000, 0x873: 0x2000, - // Block 0x22, offset 0x880 - 0x880: 0x2000, 0x881: 0x2000, 0x882: 0x2000, 0x883: 0x2000, 0x884: 0x2000, 0x885: 0x2000, - 0x886: 0x2000, 0x887: 0x2000, 0x888: 0x2000, 0x889: 0x2000, 0x88a: 0x2000, 0x88b: 0x2000, - 0x88c: 0x2000, 0x88d: 0x2000, 0x88e: 0x2000, 0x88f: 0x2000, - 0x892: 0x2000, 0x893: 0x2000, 0x894: 0x2000, 0x895: 0x2000, - 0x8a0: 0x200e, 0x8a1: 0x2000, 0x8a3: 0x2000, - 0x8a4: 0x2000, 0x8a5: 0x2000, 0x8a6: 0x2000, 0x8a7: 0x2000, 0x8a8: 0x2000, 0x8a9: 0x2000, - 0x8b2: 0x2000, 0x8b3: 0x2000, - 0x8b6: 0x2000, 0x8b7: 0x2000, - 0x8bc: 0x2000, 0x8bd: 0x2000, - // Block 0x23, offset 0x8c0 - 0x8c0: 0x2000, 0x8c1: 0x2000, - 0x8c6: 0x2000, 0x8c7: 0x2000, 0x8c8: 0x2000, 0x8cb: 0x200f, - 0x8ce: 0x2000, 0x8cf: 0x2000, 0x8d0: 0x2000, 0x8d1: 0x2000, - 0x8e2: 0x2000, 0x8e3: 0x2000, - 0x8e4: 0x2000, 0x8e5: 0x2000, - 0x8ef: 0x2000, - 0x8fd: 0x4000, 0x8fe: 0x4000, - // Block 0x24, offset 0x900 - 0x905: 0x2000, - 0x906: 0x2000, 0x909: 0x2000, - 0x90e: 0x2000, 0x90f: 0x2000, - 0x914: 0x4000, 0x915: 0x4000, - 0x91c: 0x2000, - 0x91e: 0x2000, - // Block 0x25, offset 0x940 - 0x940: 0x2000, 0x942: 0x2000, - 0x948: 0x4000, 0x949: 0x4000, 0x94a: 0x4000, 0x94b: 0x4000, - 0x94c: 0x4000, 0x94d: 0x4000, 0x94e: 0x4000, 0x94f: 0x4000, 0x950: 0x4000, 0x951: 0x4000, - 0x952: 0x4000, 0x953: 0x4000, - 0x960: 0x2000, 0x961: 0x2000, 0x963: 0x2000, - 0x964: 0x2000, 0x965: 0x2000, 0x967: 0x2000, 0x968: 0x2000, 0x969: 0x2000, - 0x96a: 0x2000, 0x96c: 0x2000, 0x96d: 0x2000, 0x96f: 0x2000, - 0x97f: 0x4000, - // Block 0x26, offset 0x980 - 0x993: 0x4000, - 0x99e: 0x2000, 0x99f: 0x2000, 0x9a1: 0x4000, - 0x9aa: 0x4000, 0x9ab: 0x4000, - 0x9bd: 0x4000, 0x9be: 0x4000, 0x9bf: 0x2000, - // Block 0x27, offset 0x9c0 - 0x9c4: 0x4000, 0x9c5: 0x4000, - 0x9c6: 0x2000, 0x9c7: 0x2000, 0x9c8: 0x2000, 0x9c9: 0x2000, 0x9ca: 0x2000, 0x9cb: 0x2000, - 0x9cc: 0x2000, 0x9cd: 0x2000, 0x9ce: 0x4000, 0x9cf: 0x2000, 0x9d0: 0x2000, 0x9d1: 0x2000, - 0x9d2: 0x2000, 0x9d3: 0x2000, 0x9d4: 0x4000, 0x9d5: 0x2000, 0x9d6: 0x2000, 0x9d7: 0x2000, - 0x9d8: 0x2000, 0x9d9: 0x2000, 0x9da: 0x2000, 0x9db: 0x2000, 0x9dc: 0x2000, 0x9dd: 0x2000, - 0x9de: 0x2000, 0x9df: 0x2000, 0x9e0: 0x2000, 0x9e1: 0x2000, 0x9e3: 0x2000, - 0x9e8: 0x2000, 0x9e9: 0x2000, - 0x9ea: 0x4000, 0x9eb: 0x2000, 0x9ec: 0x2000, 0x9ed: 0x2000, 0x9ee: 0x2000, 0x9ef: 0x2000, - 0x9f0: 0x2000, 0x9f1: 0x2000, 0x9f2: 0x4000, 0x9f3: 0x4000, 0x9f4: 0x2000, 0x9f5: 0x4000, - 0x9f6: 0x2000, 0x9f7: 0x2000, 0x9f8: 0x2000, 0x9f9: 0x2000, 0x9fa: 0x4000, 0x9fb: 0x2000, - 0x9fc: 0x2000, 0x9fd: 0x4000, 0x9fe: 0x2000, 0x9ff: 0x2000, - // Block 0x28, offset 0xa00 - 0xa05: 0x4000, - 0xa0a: 0x4000, 0xa0b: 0x4000, - 0xa28: 0x4000, - 0xa3d: 0x2000, - // Block 0x29, offset 0xa40 - 0xa4c: 0x4000, 0xa4e: 0x4000, - 0xa53: 0x4000, 0xa54: 0x4000, 0xa55: 0x4000, 0xa57: 0x4000, - 0xa76: 0x2000, 0xa77: 0x2000, 0xa78: 0x2000, 0xa79: 0x2000, 0xa7a: 0x2000, 0xa7b: 0x2000, - 0xa7c: 0x2000, 0xa7d: 0x2000, 0xa7e: 0x2000, 0xa7f: 0x2000, - // Block 0x2a, offset 0xa80 - 0xa95: 0x4000, 0xa96: 0x4000, 0xa97: 0x4000, - 0xab0: 0x4000, - 0xabf: 0x4000, - // Block 0x2b, offset 0xac0 - 0xae6: 0x6000, 0xae7: 0x6000, 0xae8: 0x6000, 0xae9: 0x6000, - 0xaea: 0x6000, 0xaeb: 0x6000, 0xaec: 0x6000, 0xaed: 0x6000, - // Block 0x2c, offset 0xb00 - 0xb05: 0x6010, - 0xb06: 0x6011, - // Block 0x2d, offset 0xb40 - 0xb5b: 0x4000, 0xb5c: 0x4000, - // Block 0x2e, offset 0xb80 - 0xb90: 0x4000, - 0xb95: 0x4000, 0xb96: 0x2000, 0xb97: 0x2000, - 0xb98: 0x2000, 0xb99: 0x2000, - // Block 0x2f, offset 0xbc0 - 0xbc0: 0x4000, 0xbc1: 0x4000, 0xbc2: 0x4000, 0xbc3: 0x4000, 0xbc4: 0x4000, 0xbc5: 0x4000, - 0xbc6: 0x4000, 0xbc7: 0x4000, 0xbc8: 0x4000, 0xbc9: 0x4000, 0xbca: 0x4000, 0xbcb: 0x4000, - 0xbcc: 0x4000, 0xbcd: 0x4000, 0xbce: 0x4000, 0xbcf: 0x4000, 0xbd0: 0x4000, 0xbd1: 0x4000, - 0xbd2: 0x4000, 0xbd3: 0x4000, 0xbd4: 0x4000, 0xbd5: 0x4000, 0xbd6: 0x4000, 0xbd7: 0x4000, - 0xbd8: 0x4000, 0xbd9: 0x4000, 0xbdb: 0x4000, 0xbdc: 0x4000, 0xbdd: 0x4000, - 0xbde: 0x4000, 0xbdf: 0x4000, 0xbe0: 0x4000, 0xbe1: 0x4000, 0xbe2: 0x4000, 0xbe3: 0x4000, - 0xbe4: 0x4000, 0xbe5: 0x4000, 0xbe6: 0x4000, 0xbe7: 0x4000, 0xbe8: 0x4000, 0xbe9: 0x4000, - 0xbea: 0x4000, 0xbeb: 0x4000, 0xbec: 0x4000, 0xbed: 0x4000, 0xbee: 0x4000, 0xbef: 0x4000, - 0xbf0: 0x4000, 0xbf1: 0x4000, 0xbf2: 0x4000, 0xbf3: 0x4000, 0xbf4: 0x4000, 0xbf5: 0x4000, - 0xbf6: 0x4000, 0xbf7: 0x4000, 0xbf8: 0x4000, 0xbf9: 0x4000, 0xbfa: 0x4000, 0xbfb: 0x4000, - 0xbfc: 0x4000, 0xbfd: 0x4000, 0xbfe: 0x4000, 0xbff: 0x4000, - // Block 0x30, offset 0xc00 - 0xc00: 0x4000, 0xc01: 0x4000, 0xc02: 0x4000, 0xc03: 0x4000, 0xc04: 0x4000, 0xc05: 0x4000, - 0xc06: 0x4000, 0xc07: 0x4000, 0xc08: 0x4000, 0xc09: 0x4000, 0xc0a: 0x4000, 0xc0b: 0x4000, - 0xc0c: 0x4000, 0xc0d: 0x4000, 0xc0e: 0x4000, 0xc0f: 0x4000, 0xc10: 0x4000, 0xc11: 0x4000, - 0xc12: 0x4000, 0xc13: 0x4000, 0xc14: 0x4000, 0xc15: 0x4000, 0xc16: 0x4000, 0xc17: 0x4000, - 0xc18: 0x4000, 0xc19: 0x4000, 0xc1a: 0x4000, 0xc1b: 0x4000, 0xc1c: 0x4000, 0xc1d: 0x4000, - 0xc1e: 0x4000, 0xc1f: 0x4000, 0xc20: 0x4000, 0xc21: 0x4000, 0xc22: 0x4000, 0xc23: 0x4000, - 0xc24: 0x4000, 0xc25: 0x4000, 0xc26: 0x4000, 0xc27: 0x4000, 0xc28: 0x4000, 0xc29: 0x4000, - 0xc2a: 0x4000, 0xc2b: 0x4000, 0xc2c: 0x4000, 0xc2d: 0x4000, 0xc2e: 0x4000, 0xc2f: 0x4000, - 0xc30: 0x4000, 0xc31: 0x4000, 0xc32: 0x4000, 0xc33: 0x4000, - // Block 0x31, offset 0xc40 - 0xc40: 0x4000, 0xc41: 0x4000, 0xc42: 0x4000, 0xc43: 0x4000, 0xc44: 0x4000, 0xc45: 0x4000, - 0xc46: 0x4000, 0xc47: 0x4000, 0xc48: 0x4000, 0xc49: 0x4000, 0xc4a: 0x4000, 0xc4b: 0x4000, - 0xc4c: 0x4000, 0xc4d: 0x4000, 0xc4e: 0x4000, 0xc4f: 0x4000, 0xc50: 0x4000, 0xc51: 0x4000, - 0xc52: 0x4000, 0xc53: 0x4000, 0xc54: 0x4000, 0xc55: 0x4000, - 0xc70: 0x4000, 0xc71: 0x4000, 0xc72: 0x4000, 0xc73: 0x4000, 0xc74: 0x4000, 0xc75: 0x4000, - 0xc76: 0x4000, 0xc77: 0x4000, 0xc78: 0x4000, 0xc79: 0x4000, 0xc7a: 0x4000, 0xc7b: 0x4000, - // Block 0x32, offset 0xc80 - 0xc80: 0x9012, 0xc81: 0x4013, 0xc82: 0x4014, 0xc83: 0x4000, 0xc84: 0x4000, 0xc85: 0x4000, - 0xc86: 0x4000, 0xc87: 0x4000, 0xc88: 0x4000, 0xc89: 0x4000, 0xc8a: 0x4000, 0xc8b: 0x4000, - 0xc8c: 0x4015, 0xc8d: 0x4015, 0xc8e: 0x4000, 0xc8f: 0x4000, 0xc90: 0x4000, 0xc91: 0x4000, - 0xc92: 0x4000, 0xc93: 0x4000, 0xc94: 0x4000, 0xc95: 0x4000, 0xc96: 0x4000, 0xc97: 0x4000, - 0xc98: 0x4000, 0xc99: 0x4000, 0xc9a: 0x4000, 0xc9b: 0x4000, 0xc9c: 0x4000, 0xc9d: 0x4000, - 0xc9e: 0x4000, 0xc9f: 0x4000, 0xca0: 0x4000, 0xca1: 0x4000, 0xca2: 0x4000, 0xca3: 0x4000, - 0xca4: 0x4000, 0xca5: 0x4000, 0xca6: 0x4000, 0xca7: 0x4000, 0xca8: 0x4000, 0xca9: 0x4000, - 0xcaa: 0x4000, 0xcab: 0x4000, 0xcac: 0x4000, 0xcad: 0x4000, 0xcae: 0x4000, 0xcaf: 0x4000, - 0xcb0: 0x4000, 0xcb1: 0x4000, 0xcb2: 0x4000, 0xcb3: 0x4000, 0xcb4: 0x4000, 0xcb5: 0x4000, - 0xcb6: 0x4000, 0xcb7: 0x4000, 0xcb8: 0x4000, 0xcb9: 0x4000, 0xcba: 0x4000, 0xcbb: 0x4000, - 0xcbc: 0x4000, 0xcbd: 0x4000, 0xcbe: 0x4000, - // Block 0x33, offset 0xcc0 - 0xcc1: 0x4000, 0xcc2: 0x4000, 0xcc3: 0x4000, 0xcc4: 0x4000, 0xcc5: 0x4000, - 0xcc6: 0x4000, 0xcc7: 0x4000, 0xcc8: 0x4000, 0xcc9: 0x4000, 0xcca: 0x4000, 0xccb: 0x4000, - 0xccc: 0x4000, 0xccd: 0x4000, 0xcce: 0x4000, 0xccf: 0x4000, 0xcd0: 0x4000, 0xcd1: 0x4000, - 0xcd2: 0x4000, 0xcd3: 0x4000, 0xcd4: 0x4000, 0xcd5: 0x4000, 0xcd6: 0x4000, 0xcd7: 0x4000, - 0xcd8: 0x4000, 0xcd9: 0x4000, 0xcda: 0x4000, 0xcdb: 0x4000, 0xcdc: 0x4000, 0xcdd: 0x4000, - 0xcde: 0x4000, 0xcdf: 0x4000, 0xce0: 0x4000, 0xce1: 0x4000, 0xce2: 0x4000, 0xce3: 0x4000, - 0xce4: 0x4000, 0xce5: 0x4000, 0xce6: 0x4000, 0xce7: 0x4000, 0xce8: 0x4000, 0xce9: 0x4000, - 0xcea: 0x4000, 0xceb: 0x4000, 0xcec: 0x4000, 0xced: 0x4000, 0xcee: 0x4000, 0xcef: 0x4000, - 0xcf0: 0x4000, 0xcf1: 0x4000, 0xcf2: 0x4000, 0xcf3: 0x4000, 0xcf4: 0x4000, 0xcf5: 0x4000, - 0xcf6: 0x4000, 0xcf7: 0x4000, 0xcf8: 0x4000, 0xcf9: 0x4000, 0xcfa: 0x4000, 0xcfb: 0x4000, - 0xcfc: 0x4000, 0xcfd: 0x4000, 0xcfe: 0x4000, 0xcff: 0x4000, - // Block 0x34, offset 0xd00 - 0xd00: 0x4000, 0xd01: 0x4000, 0xd02: 0x4000, 0xd03: 0x4000, 0xd04: 0x4000, 0xd05: 0x4000, - 0xd06: 0x4000, 0xd07: 0x4000, 0xd08: 0x4000, 0xd09: 0x4000, 0xd0a: 0x4000, 0xd0b: 0x4000, - 0xd0c: 0x4000, 0xd0d: 0x4000, 0xd0e: 0x4000, 0xd0f: 0x4000, 0xd10: 0x4000, 0xd11: 0x4000, - 0xd12: 0x4000, 0xd13: 0x4000, 0xd14: 0x4000, 0xd15: 0x4000, 0xd16: 0x4000, - 0xd19: 0x4016, 0xd1a: 0x4017, 0xd1b: 0x4000, 0xd1c: 0x4000, 0xd1d: 0x4000, - 0xd1e: 0x4000, 0xd1f: 0x4000, 0xd20: 0x4000, 0xd21: 0x4018, 0xd22: 0x4019, 0xd23: 0x401a, - 0xd24: 0x401b, 0xd25: 0x401c, 0xd26: 0x401d, 0xd27: 0x401e, 0xd28: 0x401f, 0xd29: 0x4020, - 0xd2a: 0x4021, 0xd2b: 0x4022, 0xd2c: 0x4000, 0xd2d: 0x4010, 0xd2e: 0x4000, 0xd2f: 0x4023, - 0xd30: 0x4000, 0xd31: 0x4024, 0xd32: 0x4000, 0xd33: 0x4025, 0xd34: 0x4000, 0xd35: 0x4026, - 0xd36: 0x4000, 0xd37: 0x401a, 0xd38: 0x4000, 0xd39: 0x4027, 0xd3a: 0x4000, 0xd3b: 0x4028, - 0xd3c: 0x4000, 0xd3d: 0x4020, 0xd3e: 0x4000, 0xd3f: 0x4029, - // Block 0x35, offset 0xd40 - 0xd40: 0x4000, 0xd41: 0x402a, 0xd42: 0x4000, 0xd43: 0x402b, 0xd44: 0x402c, 0xd45: 0x4000, - 0xd46: 0x4017, 0xd47: 0x4000, 0xd48: 0x402d, 0xd49: 0x4000, 0xd4a: 0x402e, 0xd4b: 0x402f, - 0xd4c: 0x4030, 0xd4d: 0x4017, 0xd4e: 0x4016, 0xd4f: 0x4017, 0xd50: 0x4000, 0xd51: 0x4000, - 0xd52: 0x4031, 0xd53: 0x4000, 0xd54: 0x4000, 0xd55: 0x4031, 0xd56: 0x4000, 0xd57: 0x4000, - 0xd58: 0x4032, 0xd59: 0x4000, 0xd5a: 0x4000, 0xd5b: 0x4032, 0xd5c: 0x4000, 0xd5d: 0x4000, - 0xd5e: 0x4033, 0xd5f: 0x402e, 0xd60: 0x4034, 0xd61: 0x4035, 0xd62: 0x4034, 0xd63: 0x4036, - 0xd64: 0x4037, 0xd65: 0x4024, 0xd66: 0x4035, 0xd67: 0x4025, 0xd68: 0x4038, 0xd69: 0x4038, - 0xd6a: 0x4039, 0xd6b: 0x4039, 0xd6c: 0x403a, 0xd6d: 0x403a, 0xd6e: 0x4000, 0xd6f: 0x4035, - 0xd70: 0x4000, 0xd71: 0x4000, 0xd72: 0x403b, 0xd73: 0x403c, 0xd74: 0x4000, 0xd75: 0x4000, - 0xd76: 0x4000, 0xd77: 0x4000, 0xd78: 0x4000, 0xd79: 0x4000, 0xd7a: 0x4000, 0xd7b: 0x403d, - 0xd7c: 0x401c, 0xd7d: 0x4000, 0xd7e: 0x4000, 0xd7f: 0x4000, - // Block 0x36, offset 0xd80 - 0xd85: 0x4000, - 0xd86: 0x4000, 0xd87: 0x4000, 0xd88: 0x4000, 0xd89: 0x4000, 0xd8a: 0x4000, 0xd8b: 0x4000, - 0xd8c: 0x4000, 0xd8d: 0x4000, 0xd8e: 0x4000, 0xd8f: 0x4000, 0xd90: 0x4000, 0xd91: 0x4000, - 0xd92: 0x4000, 0xd93: 0x4000, 0xd94: 0x4000, 0xd95: 0x4000, 0xd96: 0x4000, 0xd97: 0x4000, - 0xd98: 0x4000, 0xd99: 0x4000, 0xd9a: 0x4000, 0xd9b: 0x4000, 0xd9c: 0x4000, 0xd9d: 0x4000, - 0xd9e: 0x4000, 0xd9f: 0x4000, 0xda0: 0x4000, 0xda1: 0x4000, 0xda2: 0x4000, 0xda3: 0x4000, - 0xda4: 0x4000, 0xda5: 0x4000, 0xda6: 0x4000, 0xda7: 0x4000, 0xda8: 0x4000, 0xda9: 0x4000, - 0xdaa: 0x4000, 0xdab: 0x4000, 0xdac: 0x4000, 0xdad: 0x4000, 0xdae: 0x4000, 0xdaf: 0x4000, - 0xdb1: 0x403e, 0xdb2: 0x403e, 0xdb3: 0x403e, 0xdb4: 0x403e, 0xdb5: 0x403e, - 0xdb6: 0x403e, 0xdb7: 0x403e, 0xdb8: 0x403e, 0xdb9: 0x403e, 0xdba: 0x403e, 0xdbb: 0x403e, - 0xdbc: 0x403e, 0xdbd: 0x403e, 0xdbe: 0x403e, 0xdbf: 0x403e, - // Block 0x37, offset 0xdc0 - 0xdc0: 0x4037, 0xdc1: 0x4037, 0xdc2: 0x4037, 0xdc3: 0x4037, 0xdc4: 0x4037, 0xdc5: 0x4037, - 0xdc6: 0x4037, 0xdc7: 0x4037, 0xdc8: 0x4037, 0xdc9: 0x4037, 0xdca: 0x4037, 0xdcb: 0x4037, - 0xdcc: 0x4037, 0xdcd: 0x4037, 0xdce: 0x4037, 0xdcf: 0x400e, 0xdd0: 0x403f, 0xdd1: 0x4040, - 0xdd2: 0x4041, 0xdd3: 0x4040, 0xdd4: 0x403f, 0xdd5: 0x4042, 0xdd6: 0x4043, 0xdd7: 0x4044, - 0xdd8: 0x4040, 0xdd9: 0x4041, 0xdda: 0x4040, 0xddb: 0x4045, 0xddc: 0x4009, 0xddd: 0x4045, - 0xdde: 0x4046, 0xddf: 0x4045, 0xde0: 0x4047, 0xde1: 0x400b, 0xde2: 0x400a, 0xde3: 0x400c, - 0xde4: 0x4048, 0xde5: 0x4000, 0xde6: 0x4000, 0xde7: 0x4000, 0xde8: 0x4000, 0xde9: 0x4000, - 0xdea: 0x4000, 0xdeb: 0x4000, 0xdec: 0x4000, 0xded: 0x4000, 0xdee: 0x4000, 0xdef: 0x4000, - 0xdf0: 0x4000, 0xdf1: 0x4000, 0xdf2: 0x4000, 0xdf3: 0x4000, 0xdf4: 0x4000, 0xdf5: 0x4000, - 0xdf6: 0x4000, 0xdf7: 0x4000, 0xdf8: 0x4000, 0xdf9: 0x4000, 0xdfa: 0x4000, 0xdfb: 0x4000, - 0xdfc: 0x4000, 0xdfd: 0x4000, 0xdfe: 0x4000, 0xdff: 0x4000, - // Block 0x38, offset 0xe00 - 0xe00: 0x4000, 0xe01: 0x4000, 0xe02: 0x4000, 0xe03: 0x4000, 0xe04: 0x4000, 0xe05: 0x4000, - 0xe06: 0x4000, 0xe07: 0x4000, 0xe08: 0x4000, 0xe09: 0x4000, 0xe0a: 0x4000, 0xe0b: 0x4000, - 0xe0c: 0x4000, 0xe0d: 0x4000, 0xe0e: 0x4000, 0xe10: 0x4000, 0xe11: 0x4000, - 0xe12: 0x4000, 0xe13: 0x4000, 0xe14: 0x4000, 0xe15: 0x4000, 0xe16: 0x4000, 0xe17: 0x4000, - 0xe18: 0x4000, 0xe19: 0x4000, 0xe1a: 0x4000, 0xe1b: 0x4000, 0xe1c: 0x4000, 0xe1d: 0x4000, - 0xe1e: 0x4000, 0xe1f: 0x4000, 0xe20: 0x4000, 0xe21: 0x4000, 0xe22: 0x4000, 0xe23: 0x4000, - 0xe24: 0x4000, 0xe25: 0x4000, 0xe26: 0x4000, 0xe27: 0x4000, 0xe28: 0x4000, 0xe29: 0x4000, - 0xe2a: 0x4000, 0xe2b: 0x4000, 0xe2c: 0x4000, 0xe2d: 0x4000, 0xe2e: 0x4000, 0xe2f: 0x4000, - 0xe30: 0x4000, 0xe31: 0x4000, 0xe32: 0x4000, 0xe33: 0x4000, 0xe34: 0x4000, 0xe35: 0x4000, - 0xe36: 0x4000, 0xe37: 0x4000, 0xe38: 0x4000, 0xe39: 0x4000, 0xe3a: 0x4000, 0xe3b: 0x4000, - 0xe3c: 0x4000, 0xe3d: 0x4000, 0xe3e: 0x4000, 0xe3f: 0x4000, - // Block 0x39, offset 0xe40 - 0xe40: 0x4000, 0xe41: 0x4000, 0xe42: 0x4000, 0xe43: 0x4000, 0xe44: 0x4000, 0xe45: 0x4000, - 0xe46: 0x4000, 0xe47: 0x4000, 0xe48: 0x4000, 0xe49: 0x4000, 0xe4a: 0x4000, 0xe4b: 0x4000, - 0xe4c: 0x4000, 0xe4d: 0x4000, 0xe4e: 0x4000, 0xe4f: 0x4000, 0xe50: 0x4000, 0xe51: 0x4000, - 0xe52: 0x4000, 0xe53: 0x4000, 0xe54: 0x4000, 0xe55: 0x4000, 0xe56: 0x4000, 0xe57: 0x4000, - 0xe58: 0x4000, 0xe59: 0x4000, 0xe5a: 0x4000, 0xe5b: 0x4000, 0xe5c: 0x4000, 0xe5d: 0x4000, - 0xe5e: 0x4000, 0xe5f: 0x4000, 0xe60: 0x4000, 0xe61: 0x4000, 0xe62: 0x4000, 0xe63: 0x4000, - 0xe70: 0x4000, 0xe71: 0x4000, 0xe72: 0x4000, 0xe73: 0x4000, 0xe74: 0x4000, 0xe75: 0x4000, - 0xe76: 0x4000, 0xe77: 0x4000, 0xe78: 0x4000, 0xe79: 0x4000, 0xe7a: 0x4000, 0xe7b: 0x4000, - 0xe7c: 0x4000, 0xe7d: 0x4000, 0xe7e: 0x4000, 0xe7f: 0x4000, - // Block 0x3a, offset 0xe80 - 0xe80: 0x4000, 0xe81: 0x4000, 0xe82: 0x4000, 0xe83: 0x4000, 0xe84: 0x4000, 0xe85: 0x4000, - 0xe86: 0x4000, 0xe87: 0x4000, 0xe88: 0x4000, 0xe89: 0x4000, 0xe8a: 0x4000, 0xe8b: 0x4000, - 0xe8c: 0x4000, 0xe8d: 0x4000, 0xe8e: 0x4000, 0xe8f: 0x4000, 0xe90: 0x4000, 0xe91: 0x4000, - 0xe92: 0x4000, 0xe93: 0x4000, 0xe94: 0x4000, 0xe95: 0x4000, 0xe96: 0x4000, 0xe97: 0x4000, - 0xe98: 0x4000, 0xe99: 0x4000, 0xe9a: 0x4000, 0xe9b: 0x4000, 0xe9c: 0x4000, 0xe9d: 0x4000, - 0xe9e: 0x4000, 0xea0: 0x4000, 0xea1: 0x4000, 0xea2: 0x4000, 0xea3: 0x4000, - 0xea4: 0x4000, 0xea5: 0x4000, 0xea6: 0x4000, 0xea7: 0x4000, 0xea8: 0x4000, 0xea9: 0x4000, - 0xeaa: 0x4000, 0xeab: 0x4000, 0xeac: 0x4000, 0xead: 0x4000, 0xeae: 0x4000, 0xeaf: 0x4000, - 0xeb0: 0x4000, 0xeb1: 0x4000, 0xeb2: 0x4000, 0xeb3: 0x4000, 0xeb4: 0x4000, 0xeb5: 0x4000, - 0xeb6: 0x4000, 0xeb7: 0x4000, 0xeb8: 0x4000, 0xeb9: 0x4000, 0xeba: 0x4000, 0xebb: 0x4000, - 0xebc: 0x4000, 0xebd: 0x4000, 0xebe: 0x4000, 0xebf: 0x4000, - // Block 0x3b, offset 0xec0 - 0xec0: 0x4000, 0xec1: 0x4000, 0xec2: 0x4000, 0xec3: 0x4000, 0xec4: 0x4000, 0xec5: 0x4000, - 0xec6: 0x4000, 0xec7: 0x4000, 0xec8: 0x2000, 0xec9: 0x2000, 0xeca: 0x2000, 0xecb: 0x2000, - 0xecc: 0x2000, 0xecd: 0x2000, 0xece: 0x2000, 0xecf: 0x2000, 0xed0: 0x4000, 0xed1: 0x4000, - 0xed2: 0x4000, 0xed3: 0x4000, 0xed4: 0x4000, 0xed5: 0x4000, 0xed6: 0x4000, 0xed7: 0x4000, - 0xed8: 0x4000, 0xed9: 0x4000, 0xeda: 0x4000, 0xedb: 0x4000, 0xedc: 0x4000, 0xedd: 0x4000, - 0xede: 0x4000, 0xedf: 0x4000, 0xee0: 0x4000, 0xee1: 0x4000, 0xee2: 0x4000, 0xee3: 0x4000, - 0xee4: 0x4000, 0xee5: 0x4000, 0xee6: 0x4000, 0xee7: 0x4000, 0xee8: 0x4000, 0xee9: 0x4000, - 0xeea: 0x4000, 0xeeb: 0x4000, 0xeec: 0x4000, 0xeed: 0x4000, 0xeee: 0x4000, 0xeef: 0x4000, - 0xef0: 0x4000, 0xef1: 0x4000, 0xef2: 0x4000, 0xef3: 0x4000, 0xef4: 0x4000, 0xef5: 0x4000, - 0xef6: 0x4000, 0xef7: 0x4000, 0xef8: 0x4000, 0xef9: 0x4000, 0xefa: 0x4000, 0xefb: 0x4000, - 0xefc: 0x4000, 0xefd: 0x4000, 0xefe: 0x4000, 0xeff: 0x4000, - // Block 0x3c, offset 0xf00 - 0xf00: 0x4000, 0xf01: 0x4000, 0xf02: 0x4000, 0xf03: 0x4000, 0xf04: 0x4000, 0xf05: 0x4000, - 0xf06: 0x4000, 0xf07: 0x4000, 0xf08: 0x4000, 0xf09: 0x4000, 0xf0a: 0x4000, 0xf0b: 0x4000, - 0xf0c: 0x4000, 0xf10: 0x4000, 0xf11: 0x4000, - 0xf12: 0x4000, 0xf13: 0x4000, 0xf14: 0x4000, 0xf15: 0x4000, 0xf16: 0x4000, 0xf17: 0x4000, - 0xf18: 0x4000, 0xf19: 0x4000, 0xf1a: 0x4000, 0xf1b: 0x4000, 0xf1c: 0x4000, 0xf1d: 0x4000, - 0xf1e: 0x4000, 0xf1f: 0x4000, 0xf20: 0x4000, 0xf21: 0x4000, 0xf22: 0x4000, 0xf23: 0x4000, - 0xf24: 0x4000, 0xf25: 0x4000, 0xf26: 0x4000, 0xf27: 0x4000, 0xf28: 0x4000, 0xf29: 0x4000, - 0xf2a: 0x4000, 0xf2b: 0x4000, 0xf2c: 0x4000, 0xf2d: 0x4000, 0xf2e: 0x4000, 0xf2f: 0x4000, - 0xf30: 0x4000, 0xf31: 0x4000, 0xf32: 0x4000, 0xf33: 0x4000, 0xf34: 0x4000, 0xf35: 0x4000, - 0xf36: 0x4000, 0xf37: 0x4000, 0xf38: 0x4000, 0xf39: 0x4000, 0xf3a: 0x4000, 0xf3b: 0x4000, - 0xf3c: 0x4000, 0xf3d: 0x4000, 0xf3e: 0x4000, 0xf3f: 0x4000, - // Block 0x3d, offset 0xf40 - 0xf40: 0x4000, 0xf41: 0x4000, 0xf42: 0x4000, 0xf43: 0x4000, 0xf44: 0x4000, 0xf45: 0x4000, - 0xf46: 0x4000, - // Block 0x3e, offset 0xf80 - 0xfa0: 0x4000, 0xfa1: 0x4000, 0xfa2: 0x4000, 0xfa3: 0x4000, - 0xfa4: 0x4000, 0xfa5: 0x4000, 0xfa6: 0x4000, 0xfa7: 0x4000, 0xfa8: 0x4000, 0xfa9: 0x4000, - 0xfaa: 0x4000, 0xfab: 0x4000, 0xfac: 0x4000, 0xfad: 0x4000, 0xfae: 0x4000, 0xfaf: 0x4000, - 0xfb0: 0x4000, 0xfb1: 0x4000, 0xfb2: 0x4000, 0xfb3: 0x4000, 0xfb4: 0x4000, 0xfb5: 0x4000, - 0xfb6: 0x4000, 0xfb7: 0x4000, 0xfb8: 0x4000, 0xfb9: 0x4000, 0xfba: 0x4000, 0xfbb: 0x4000, - 0xfbc: 0x4000, - // Block 0x3f, offset 0xfc0 - 0xfc0: 0x4000, 0xfc1: 0x4000, 0xfc2: 0x4000, 0xfc3: 0x4000, 0xfc4: 0x4000, 0xfc5: 0x4000, - 0xfc6: 0x4000, 0xfc7: 0x4000, 0xfc8: 0x4000, 0xfc9: 0x4000, 0xfca: 0x4000, 0xfcb: 0x4000, - 0xfcc: 0x4000, 0xfcd: 0x4000, 0xfce: 0x4000, 0xfcf: 0x4000, 0xfd0: 0x4000, 0xfd1: 0x4000, - 0xfd2: 0x4000, 0xfd3: 0x4000, 0xfd4: 0x4000, 0xfd5: 0x4000, 0xfd6: 0x4000, 0xfd7: 0x4000, - 0xfd8: 0x4000, 0xfd9: 0x4000, 0xfda: 0x4000, 0xfdb: 0x4000, 0xfdc: 0x4000, 0xfdd: 0x4000, - 0xfde: 0x4000, 0xfdf: 0x4000, 0xfe0: 0x4000, 0xfe1: 0x4000, 0xfe2: 0x4000, 0xfe3: 0x4000, - // Block 0x40, offset 0x1000 - 0x1000: 0x2000, 0x1001: 0x2000, 0x1002: 0x2000, 0x1003: 0x2000, 0x1004: 0x2000, 0x1005: 0x2000, - 0x1006: 0x2000, 0x1007: 0x2000, 0x1008: 0x2000, 0x1009: 0x2000, 0x100a: 0x2000, 0x100b: 0x2000, - 0x100c: 0x2000, 0x100d: 0x2000, 0x100e: 0x2000, 0x100f: 0x2000, 0x1010: 0x4000, 0x1011: 0x4000, - 0x1012: 0x4000, 0x1013: 0x4000, 0x1014: 0x4000, 0x1015: 0x4000, 0x1016: 0x4000, 0x1017: 0x4000, - 0x1018: 0x4000, 0x1019: 0x4000, - 0x1030: 0x4000, 0x1031: 0x4000, 0x1032: 0x4000, 0x1033: 0x4000, 0x1034: 0x4000, 0x1035: 0x4000, - 0x1036: 0x4000, 0x1037: 0x4000, 0x1038: 0x4000, 0x1039: 0x4000, 0x103a: 0x4000, 0x103b: 0x4000, - 0x103c: 0x4000, 0x103d: 0x4000, 0x103e: 0x4000, 0x103f: 0x4000, - // Block 0x41, offset 0x1040 - 0x1040: 0x4000, 0x1041: 0x4000, 0x1042: 0x4000, 0x1043: 0x4000, 0x1044: 0x4000, 0x1045: 0x4000, - 0x1046: 0x4000, 0x1047: 0x4000, 0x1048: 0x4000, 0x1049: 0x4000, 0x104a: 0x4000, 0x104b: 0x4000, - 0x104c: 0x4000, 0x104d: 0x4000, 0x104e: 0x4000, 0x104f: 0x4000, 0x1050: 0x4000, 0x1051: 0x4000, - 0x1052: 0x4000, 0x1054: 0x4000, 0x1055: 0x4000, 0x1056: 0x4000, 0x1057: 0x4000, - 0x1058: 0x4000, 0x1059: 0x4000, 0x105a: 0x4000, 0x105b: 0x4000, 0x105c: 0x4000, 0x105d: 0x4000, - 0x105e: 0x4000, 0x105f: 0x4000, 0x1060: 0x4000, 0x1061: 0x4000, 0x1062: 0x4000, 0x1063: 0x4000, - 0x1064: 0x4000, 0x1065: 0x4000, 0x1066: 0x4000, 0x1068: 0x4000, 0x1069: 0x4000, - 0x106a: 0x4000, 0x106b: 0x4000, - // Block 0x42, offset 0x1080 - 0x1081: 0x9012, 0x1082: 0x9012, 0x1083: 0x9012, 0x1084: 0x9012, 0x1085: 0x9012, - 0x1086: 0x9012, 0x1087: 0x9012, 0x1088: 0x9012, 0x1089: 0x9012, 0x108a: 0x9012, 0x108b: 0x9012, - 0x108c: 0x9012, 0x108d: 0x9012, 0x108e: 0x9012, 0x108f: 0x9012, 0x1090: 0x9012, 0x1091: 0x9012, - 0x1092: 0x9012, 0x1093: 0x9012, 0x1094: 0x9012, 0x1095: 0x9012, 0x1096: 0x9012, 0x1097: 0x9012, - 0x1098: 0x9012, 0x1099: 0x9012, 0x109a: 0x9012, 0x109b: 0x9012, 0x109c: 0x9012, 0x109d: 0x9012, - 0x109e: 0x9012, 0x109f: 0x9012, 0x10a0: 0x9049, 0x10a1: 0x9049, 0x10a2: 0x9049, 0x10a3: 0x9049, - 0x10a4: 0x9049, 0x10a5: 0x9049, 0x10a6: 0x9049, 0x10a7: 0x9049, 0x10a8: 0x9049, 0x10a9: 0x9049, - 0x10aa: 0x9049, 0x10ab: 0x9049, 0x10ac: 0x9049, 0x10ad: 0x9049, 0x10ae: 0x9049, 0x10af: 0x9049, - 0x10b0: 0x9049, 0x10b1: 0x9049, 0x10b2: 0x9049, 0x10b3: 0x9049, 0x10b4: 0x9049, 0x10b5: 0x9049, - 0x10b6: 0x9049, 0x10b7: 0x9049, 0x10b8: 0x9049, 0x10b9: 0x9049, 0x10ba: 0x9049, 0x10bb: 0x9049, - 0x10bc: 0x9049, 0x10bd: 0x9049, 0x10be: 0x9049, 0x10bf: 0x9049, - // Block 0x43, offset 0x10c0 - 0x10c0: 0x9049, 0x10c1: 0x9049, 0x10c2: 0x9049, 0x10c3: 0x9049, 0x10c4: 0x9049, 0x10c5: 0x9049, - 0x10c6: 0x9049, 0x10c7: 0x9049, 0x10c8: 0x9049, 0x10c9: 0x9049, 0x10ca: 0x9049, 0x10cb: 0x9049, - 0x10cc: 0x9049, 0x10cd: 0x9049, 0x10ce: 0x9049, 0x10cf: 0x9049, 0x10d0: 0x9049, 0x10d1: 0x9049, - 0x10d2: 0x9049, 0x10d3: 0x9049, 0x10d4: 0x9049, 0x10d5: 0x9049, 0x10d6: 0x9049, 0x10d7: 0x9049, - 0x10d8: 0x9049, 0x10d9: 0x9049, 0x10da: 0x9049, 0x10db: 0x9049, 0x10dc: 0x9049, 0x10dd: 0x9049, - 0x10de: 0x9049, 0x10df: 0x904a, 0x10e0: 0x904b, 0x10e1: 0xb04c, 0x10e2: 0xb04d, 0x10e3: 0xb04d, - 0x10e4: 0xb04e, 0x10e5: 0xb04f, 0x10e6: 0xb050, 0x10e7: 0xb051, 0x10e8: 0xb052, 0x10e9: 0xb053, - 0x10ea: 0xb054, 0x10eb: 0xb055, 0x10ec: 0xb056, 0x10ed: 0xb057, 0x10ee: 0xb058, 0x10ef: 0xb059, - 0x10f0: 0xb05a, 0x10f1: 0xb05b, 0x10f2: 0xb05c, 0x10f3: 0xb05d, 0x10f4: 0xb05e, 0x10f5: 0xb05f, - 0x10f6: 0xb060, 0x10f7: 0xb061, 0x10f8: 0xb062, 0x10f9: 0xb063, 0x10fa: 0xb064, 0x10fb: 0xb065, - 0x10fc: 0xb052, 0x10fd: 0xb066, 0x10fe: 0xb067, 0x10ff: 0xb055, - // Block 0x44, offset 0x1100 - 0x1100: 0xb068, 0x1101: 0xb069, 0x1102: 0xb06a, 0x1103: 0xb06b, 0x1104: 0xb05a, 0x1105: 0xb056, - 0x1106: 0xb06c, 0x1107: 0xb06d, 0x1108: 0xb06b, 0x1109: 0xb06e, 0x110a: 0xb06b, 0x110b: 0xb06f, - 0x110c: 0xb06f, 0x110d: 0xb070, 0x110e: 0xb070, 0x110f: 0xb071, 0x1110: 0xb056, 0x1111: 0xb072, - 0x1112: 0xb073, 0x1113: 0xb072, 0x1114: 0xb074, 0x1115: 0xb073, 0x1116: 0xb075, 0x1117: 0xb075, - 0x1118: 0xb076, 0x1119: 0xb076, 0x111a: 0xb077, 0x111b: 0xb077, 0x111c: 0xb073, 0x111d: 0xb078, - 0x111e: 0xb079, 0x111f: 0xb067, 0x1120: 0xb07a, 0x1121: 0xb07b, 0x1122: 0xb07b, 0x1123: 0xb07b, - 0x1124: 0xb07b, 0x1125: 0xb07b, 0x1126: 0xb07b, 0x1127: 0xb07b, 0x1128: 0xb07b, 0x1129: 0xb07b, - 0x112a: 0xb07b, 0x112b: 0xb07b, 0x112c: 0xb07b, 0x112d: 0xb07b, 0x112e: 0xb07b, 0x112f: 0xb07b, - 0x1130: 0xb07c, 0x1131: 0xb07c, 0x1132: 0xb07c, 0x1133: 0xb07c, 0x1134: 0xb07c, 0x1135: 0xb07c, - 0x1136: 0xb07c, 0x1137: 0xb07c, 0x1138: 0xb07c, 0x1139: 0xb07c, 0x113a: 0xb07c, 0x113b: 0xb07c, - 0x113c: 0xb07c, 0x113d: 0xb07c, 0x113e: 0xb07c, - // Block 0x45, offset 0x1140 - 0x1142: 0xb07d, 0x1143: 0xb07e, 0x1144: 0xb07f, 0x1145: 0xb080, - 0x1146: 0xb07f, 0x1147: 0xb07e, 0x114a: 0xb081, 0x114b: 0xb082, - 0x114c: 0xb083, 0x114d: 0xb07f, 0x114e: 0xb080, 0x114f: 0xb07f, - 0x1152: 0xb084, 0x1153: 0xb085, 0x1154: 0xb084, 0x1155: 0xb086, 0x1156: 0xb084, 0x1157: 0xb087, - 0x115a: 0xb088, 0x115b: 0xb089, 0x115c: 0xb08a, - 0x1160: 0x908b, 0x1161: 0x908b, 0x1162: 0x908c, 0x1163: 0x908d, - 0x1164: 0x908b, 0x1165: 0x908e, 0x1166: 0x908f, 0x1168: 0xb090, 0x1169: 0xb091, - 0x116a: 0xb092, 0x116b: 0xb091, 0x116c: 0xb093, 0x116d: 0xb094, 0x116e: 0xb095, - 0x117d: 0x2000, - // Block 0x46, offset 0x1180 - 0x11a0: 0x4000, 0x11a1: 0x4000, 0x11a2: 0x4000, 0x11a3: 0x4000, - 0x11a4: 0x4000, - 0x11b0: 0x4000, 0x11b1: 0x4000, - // Block 0x47, offset 0x11c0 - 0x11c0: 0x4000, 0x11c1: 0x4000, 0x11c2: 0x4000, 0x11c3: 0x4000, 0x11c4: 0x4000, 0x11c5: 0x4000, - 0x11c6: 0x4000, 0x11c7: 0x4000, 0x11c8: 0x4000, 0x11c9: 0x4000, 0x11ca: 0x4000, 0x11cb: 0x4000, - 0x11cc: 0x4000, 0x11cd: 0x4000, 0x11ce: 0x4000, 0x11cf: 0x4000, 0x11d0: 0x4000, 0x11d1: 0x4000, - 0x11d2: 0x4000, 0x11d3: 0x4000, 0x11d4: 0x4000, 0x11d5: 0x4000, 0x11d6: 0x4000, 0x11d7: 0x4000, - 0x11d8: 0x4000, 0x11d9: 0x4000, 0x11da: 0x4000, 0x11db: 0x4000, 0x11dc: 0x4000, 0x11dd: 0x4000, - 0x11de: 0x4000, 0x11df: 0x4000, 0x11e0: 0x4000, 0x11e1: 0x4000, 0x11e2: 0x4000, 0x11e3: 0x4000, - 0x11e4: 0x4000, 0x11e5: 0x4000, 0x11e6: 0x4000, 0x11e7: 0x4000, 0x11e8: 0x4000, 0x11e9: 0x4000, - 0x11ea: 0x4000, 0x11eb: 0x4000, 0x11ec: 0x4000, 0x11ed: 0x4000, 0x11ee: 0x4000, 0x11ef: 0x4000, - 0x11f0: 0x4000, 0x11f1: 0x4000, 0x11f2: 0x4000, 0x11f3: 0x4000, 0x11f4: 0x4000, 0x11f5: 0x4000, - 0x11f6: 0x4000, 0x11f7: 0x4000, - // Block 0x48, offset 0x1200 - 0x1200: 0x4000, 0x1201: 0x4000, 0x1202: 0x4000, 0x1203: 0x4000, 0x1204: 0x4000, 0x1205: 0x4000, - 0x1206: 0x4000, 0x1207: 0x4000, 0x1208: 0x4000, 0x1209: 0x4000, 0x120a: 0x4000, 0x120b: 0x4000, - 0x120c: 0x4000, 0x120d: 0x4000, 0x120e: 0x4000, 0x120f: 0x4000, 0x1210: 0x4000, 0x1211: 0x4000, - 0x1212: 0x4000, 0x1213: 0x4000, 0x1214: 0x4000, 0x1215: 0x4000, - // Block 0x49, offset 0x1240 - 0x1240: 0x4000, 0x1241: 0x4000, 0x1242: 0x4000, 0x1243: 0x4000, 0x1244: 0x4000, 0x1245: 0x4000, - 0x1246: 0x4000, 0x1247: 0x4000, 0x1248: 0x4000, - // Block 0x4a, offset 0x1280 - 0x1280: 0x4000, 0x1281: 0x4000, 0x1282: 0x4000, 0x1283: 0x4000, 0x1284: 0x4000, 0x1285: 0x4000, - 0x1286: 0x4000, 0x1287: 0x4000, 0x1288: 0x4000, 0x1289: 0x4000, 0x128a: 0x4000, 0x128b: 0x4000, - 0x128c: 0x4000, 0x128d: 0x4000, 0x128e: 0x4000, 0x128f: 0x4000, 0x1290: 0x4000, 0x1291: 0x4000, - 0x1292: 0x4000, 0x1293: 0x4000, 0x1294: 0x4000, 0x1295: 0x4000, 0x1296: 0x4000, 0x1297: 0x4000, - 0x1298: 0x4000, 0x1299: 0x4000, 0x129a: 0x4000, 0x129b: 0x4000, 0x129c: 0x4000, 0x129d: 0x4000, - 0x129e: 0x4000, - // Block 0x4b, offset 0x12c0 - 0x12d0: 0x4000, 0x12d1: 0x4000, - 0x12d2: 0x4000, - 0x12e4: 0x4000, 0x12e5: 0x4000, 0x12e6: 0x4000, 0x12e7: 0x4000, - 0x12f0: 0x4000, 0x12f1: 0x4000, 0x12f2: 0x4000, 0x12f3: 0x4000, 0x12f4: 0x4000, 0x12f5: 0x4000, - 0x12f6: 0x4000, 0x12f7: 0x4000, 0x12f8: 0x4000, 0x12f9: 0x4000, 0x12fa: 0x4000, 0x12fb: 0x4000, - 0x12fc: 0x4000, 0x12fd: 0x4000, 0x12fe: 0x4000, 0x12ff: 0x4000, - // Block 0x4c, offset 0x1300 - 0x1300: 0x4000, 0x1301: 0x4000, 0x1302: 0x4000, 0x1303: 0x4000, 0x1304: 0x4000, 0x1305: 0x4000, - 0x1306: 0x4000, 0x1307: 0x4000, 0x1308: 0x4000, 0x1309: 0x4000, 0x130a: 0x4000, 0x130b: 0x4000, - 0x130c: 0x4000, 0x130d: 0x4000, 0x130e: 0x4000, 0x130f: 0x4000, 0x1310: 0x4000, 0x1311: 0x4000, - 0x1312: 0x4000, 0x1313: 0x4000, 0x1314: 0x4000, 0x1315: 0x4000, 0x1316: 0x4000, 0x1317: 0x4000, - 0x1318: 0x4000, 0x1319: 0x4000, 0x131a: 0x4000, 0x131b: 0x4000, 0x131c: 0x4000, 0x131d: 0x4000, - 0x131e: 0x4000, 0x131f: 0x4000, 0x1320: 0x4000, 0x1321: 0x4000, 0x1322: 0x4000, 0x1323: 0x4000, - 0x1324: 0x4000, 0x1325: 0x4000, 0x1326: 0x4000, 0x1327: 0x4000, 0x1328: 0x4000, 0x1329: 0x4000, - 0x132a: 0x4000, 0x132b: 0x4000, 0x132c: 0x4000, 0x132d: 0x4000, 0x132e: 0x4000, 0x132f: 0x4000, - 0x1330: 0x4000, 0x1331: 0x4000, 0x1332: 0x4000, 0x1333: 0x4000, 0x1334: 0x4000, 0x1335: 0x4000, - 0x1336: 0x4000, 0x1337: 0x4000, 0x1338: 0x4000, 0x1339: 0x4000, 0x133a: 0x4000, 0x133b: 0x4000, - // Block 0x4d, offset 0x1340 - 0x1344: 0x4000, - // Block 0x4e, offset 0x1380 - 0x138f: 0x4000, - // Block 0x4f, offset 0x13c0 - 0x13c0: 0x2000, 0x13c1: 0x2000, 0x13c2: 0x2000, 0x13c3: 0x2000, 0x13c4: 0x2000, 0x13c5: 0x2000, - 0x13c6: 0x2000, 0x13c7: 0x2000, 0x13c8: 0x2000, 0x13c9: 0x2000, 0x13ca: 0x2000, - 0x13d0: 0x2000, 0x13d1: 0x2000, - 0x13d2: 0x2000, 0x13d3: 0x2000, 0x13d4: 0x2000, 0x13d5: 0x2000, 0x13d6: 0x2000, 0x13d7: 0x2000, - 0x13d8: 0x2000, 0x13d9: 0x2000, 0x13da: 0x2000, 0x13db: 0x2000, 0x13dc: 0x2000, 0x13dd: 0x2000, - 0x13de: 0x2000, 0x13df: 0x2000, 0x13e0: 0x2000, 0x13e1: 0x2000, 0x13e2: 0x2000, 0x13e3: 0x2000, - 0x13e4: 0x2000, 0x13e5: 0x2000, 0x13e6: 0x2000, 0x13e7: 0x2000, 0x13e8: 0x2000, 0x13e9: 0x2000, - 0x13ea: 0x2000, 0x13eb: 0x2000, 0x13ec: 0x2000, 0x13ed: 0x2000, - 0x13f0: 0x2000, 0x13f1: 0x2000, 0x13f2: 0x2000, 0x13f3: 0x2000, 0x13f4: 0x2000, 0x13f5: 0x2000, - 0x13f6: 0x2000, 0x13f7: 0x2000, 0x13f8: 0x2000, 0x13f9: 0x2000, 0x13fa: 0x2000, 0x13fb: 0x2000, - 0x13fc: 0x2000, 0x13fd: 0x2000, 0x13fe: 0x2000, 0x13ff: 0x2000, - // Block 0x50, offset 0x1400 - 0x1400: 0x2000, 0x1401: 0x2000, 0x1402: 0x2000, 0x1403: 0x2000, 0x1404: 0x2000, 0x1405: 0x2000, - 0x1406: 0x2000, 0x1407: 0x2000, 0x1408: 0x2000, 0x1409: 0x2000, 0x140a: 0x2000, 0x140b: 0x2000, - 0x140c: 0x2000, 0x140d: 0x2000, 0x140e: 0x2000, 0x140f: 0x2000, 0x1410: 0x2000, 0x1411: 0x2000, - 0x1412: 0x2000, 0x1413: 0x2000, 0x1414: 0x2000, 0x1415: 0x2000, 0x1416: 0x2000, 0x1417: 0x2000, - 0x1418: 0x2000, 0x1419: 0x2000, 0x141a: 0x2000, 0x141b: 0x2000, 0x141c: 0x2000, 0x141d: 0x2000, - 0x141e: 0x2000, 0x141f: 0x2000, 0x1420: 0x2000, 0x1421: 0x2000, 0x1422: 0x2000, 0x1423: 0x2000, - 0x1424: 0x2000, 0x1425: 0x2000, 0x1426: 0x2000, 0x1427: 0x2000, 0x1428: 0x2000, 0x1429: 0x2000, - 0x1430: 0x2000, 0x1431: 0x2000, 0x1432: 0x2000, 0x1433: 0x2000, 0x1434: 0x2000, 0x1435: 0x2000, - 0x1436: 0x2000, 0x1437: 0x2000, 0x1438: 0x2000, 0x1439: 0x2000, 0x143a: 0x2000, 0x143b: 0x2000, - 0x143c: 0x2000, 0x143d: 0x2000, 0x143e: 0x2000, 0x143f: 0x2000, - // Block 0x51, offset 0x1440 - 0x1440: 0x2000, 0x1441: 0x2000, 0x1442: 0x2000, 0x1443: 0x2000, 0x1444: 0x2000, 0x1445: 0x2000, - 0x1446: 0x2000, 0x1447: 0x2000, 0x1448: 0x2000, 0x1449: 0x2000, 0x144a: 0x2000, 0x144b: 0x2000, - 0x144c: 0x2000, 0x144d: 0x2000, 0x144e: 0x4000, 0x144f: 0x2000, 0x1450: 0x2000, 0x1451: 0x4000, - 0x1452: 0x4000, 0x1453: 0x4000, 0x1454: 0x4000, 0x1455: 0x4000, 0x1456: 0x4000, 0x1457: 0x4000, - 0x1458: 0x4000, 0x1459: 0x4000, 0x145a: 0x4000, 0x145b: 0x2000, 0x145c: 0x2000, 0x145d: 0x2000, - 0x145e: 0x2000, 0x145f: 0x2000, 0x1460: 0x2000, 0x1461: 0x2000, 0x1462: 0x2000, 0x1463: 0x2000, - 0x1464: 0x2000, 0x1465: 0x2000, 0x1466: 0x2000, 0x1467: 0x2000, 0x1468: 0x2000, 0x1469: 0x2000, - 0x146a: 0x2000, 0x146b: 0x2000, 0x146c: 0x2000, - // Block 0x52, offset 0x1480 - 0x1480: 0x4000, 0x1481: 0x4000, 0x1482: 0x4000, - 0x1490: 0x4000, 0x1491: 0x4000, - 0x1492: 0x4000, 0x1493: 0x4000, 0x1494: 0x4000, 0x1495: 0x4000, 0x1496: 0x4000, 0x1497: 0x4000, - 0x1498: 0x4000, 0x1499: 0x4000, 0x149a: 0x4000, 0x149b: 0x4000, 0x149c: 0x4000, 0x149d: 0x4000, - 0x149e: 0x4000, 0x149f: 0x4000, 0x14a0: 0x4000, 0x14a1: 0x4000, 0x14a2: 0x4000, 0x14a3: 0x4000, - 0x14a4: 0x4000, 0x14a5: 0x4000, 0x14a6: 0x4000, 0x14a7: 0x4000, 0x14a8: 0x4000, 0x14a9: 0x4000, - 0x14aa: 0x4000, 0x14ab: 0x4000, 0x14ac: 0x4000, 0x14ad: 0x4000, 0x14ae: 0x4000, 0x14af: 0x4000, - 0x14b0: 0x4000, 0x14b1: 0x4000, 0x14b2: 0x4000, 0x14b3: 0x4000, 0x14b4: 0x4000, 0x14b5: 0x4000, - 0x14b6: 0x4000, 0x14b7: 0x4000, 0x14b8: 0x4000, 0x14b9: 0x4000, 0x14ba: 0x4000, 0x14bb: 0x4000, - // Block 0x53, offset 0x14c0 - 0x14c0: 0x4000, 0x14c1: 0x4000, 0x14c2: 0x4000, 0x14c3: 0x4000, 0x14c4: 0x4000, 0x14c5: 0x4000, - 0x14c6: 0x4000, 0x14c7: 0x4000, 0x14c8: 0x4000, - 0x14d0: 0x4000, 0x14d1: 0x4000, - 0x14e0: 0x4000, 0x14e1: 0x4000, 0x14e2: 0x4000, 0x14e3: 0x4000, - 0x14e4: 0x4000, 0x14e5: 0x4000, - // Block 0x54, offset 0x1500 - 0x1500: 0x4000, 0x1501: 0x4000, 0x1502: 0x4000, 0x1503: 0x4000, 0x1504: 0x4000, 0x1505: 0x4000, - 0x1506: 0x4000, 0x1507: 0x4000, 0x1508: 0x4000, 0x1509: 0x4000, 0x150a: 0x4000, 0x150b: 0x4000, - 0x150c: 0x4000, 0x150d: 0x4000, 0x150e: 0x4000, 0x150f: 0x4000, 0x1510: 0x4000, 0x1511: 0x4000, - 0x1512: 0x4000, 0x1513: 0x4000, 0x1514: 0x4000, 0x1515: 0x4000, 0x1516: 0x4000, 0x1517: 0x4000, - 0x1518: 0x4000, 0x1519: 0x4000, 0x151a: 0x4000, 0x151b: 0x4000, 0x151c: 0x4000, 0x151d: 0x4000, - 0x151e: 0x4000, 0x151f: 0x4000, 0x1520: 0x4000, - 0x152d: 0x4000, 0x152e: 0x4000, 0x152f: 0x4000, - 0x1530: 0x4000, 0x1531: 0x4000, 0x1532: 0x4000, 0x1533: 0x4000, 0x1534: 0x4000, 0x1535: 0x4000, - 0x1537: 0x4000, 0x1538: 0x4000, 0x1539: 0x4000, 0x153a: 0x4000, 0x153b: 0x4000, - 0x153c: 0x4000, 0x153d: 0x4000, 0x153e: 0x4000, 0x153f: 0x4000, - // Block 0x55, offset 0x1540 - 0x1540: 0x4000, 0x1541: 0x4000, 0x1542: 0x4000, 0x1543: 0x4000, 0x1544: 0x4000, 0x1545: 0x4000, - 0x1546: 0x4000, 0x1547: 0x4000, 0x1548: 0x4000, 0x1549: 0x4000, 0x154a: 0x4000, 0x154b: 0x4000, - 0x154c: 0x4000, 0x154d: 0x4000, 0x154e: 0x4000, 0x154f: 0x4000, 0x1550: 0x4000, 0x1551: 0x4000, - 0x1552: 0x4000, 0x1553: 0x4000, 0x1554: 0x4000, 0x1555: 0x4000, 0x1556: 0x4000, 0x1557: 0x4000, - 0x1558: 0x4000, 0x1559: 0x4000, 0x155a: 0x4000, 0x155b: 0x4000, 0x155c: 0x4000, 0x155d: 0x4000, - 0x155e: 0x4000, 0x155f: 0x4000, 0x1560: 0x4000, 0x1561: 0x4000, 0x1562: 0x4000, 0x1563: 0x4000, - 0x1564: 0x4000, 0x1565: 0x4000, 0x1566: 0x4000, 0x1567: 0x4000, 0x1568: 0x4000, 0x1569: 0x4000, - 0x156a: 0x4000, 0x156b: 0x4000, 0x156c: 0x4000, 0x156d: 0x4000, 0x156e: 0x4000, 0x156f: 0x4000, - 0x1570: 0x4000, 0x1571: 0x4000, 0x1572: 0x4000, 0x1573: 0x4000, 0x1574: 0x4000, 0x1575: 0x4000, - 0x1576: 0x4000, 0x1577: 0x4000, 0x1578: 0x4000, 0x1579: 0x4000, 0x157a: 0x4000, 0x157b: 0x4000, - 0x157c: 0x4000, 0x157e: 0x4000, 0x157f: 0x4000, - // Block 0x56, offset 0x1580 - 0x1580: 0x4000, 0x1581: 0x4000, 0x1582: 0x4000, 0x1583: 0x4000, 0x1584: 0x4000, 0x1585: 0x4000, - 0x1586: 0x4000, 0x1587: 0x4000, 0x1588: 0x4000, 0x1589: 0x4000, 0x158a: 0x4000, 0x158b: 0x4000, - 0x158c: 0x4000, 0x158d: 0x4000, 0x158e: 0x4000, 0x158f: 0x4000, 0x1590: 0x4000, 0x1591: 0x4000, - 0x1592: 0x4000, 0x1593: 0x4000, - 0x15a0: 0x4000, 0x15a1: 0x4000, 0x15a2: 0x4000, 0x15a3: 0x4000, - 0x15a4: 0x4000, 0x15a5: 0x4000, 0x15a6: 0x4000, 0x15a7: 0x4000, 0x15a8: 0x4000, 0x15a9: 0x4000, - 0x15aa: 0x4000, 0x15ab: 0x4000, 0x15ac: 0x4000, 0x15ad: 0x4000, 0x15ae: 0x4000, 0x15af: 0x4000, - 0x15b0: 0x4000, 0x15b1: 0x4000, 0x15b2: 0x4000, 0x15b3: 0x4000, 0x15b4: 0x4000, 0x15b5: 0x4000, - 0x15b6: 0x4000, 0x15b7: 0x4000, 0x15b8: 0x4000, 0x15b9: 0x4000, 0x15ba: 0x4000, 0x15bb: 0x4000, - 0x15bc: 0x4000, 0x15bd: 0x4000, 0x15be: 0x4000, 0x15bf: 0x4000, - // Block 0x57, offset 0x15c0 - 0x15c0: 0x4000, 0x15c1: 0x4000, 0x15c2: 0x4000, 0x15c3: 0x4000, 0x15c4: 0x4000, 0x15c5: 0x4000, - 0x15c6: 0x4000, 0x15c7: 0x4000, 0x15c8: 0x4000, 0x15c9: 0x4000, 0x15ca: 0x4000, - 0x15cf: 0x4000, 0x15d0: 0x4000, 0x15d1: 0x4000, - 0x15d2: 0x4000, 0x15d3: 0x4000, - 0x15e0: 0x4000, 0x15e1: 0x4000, 0x15e2: 0x4000, 0x15e3: 0x4000, - 0x15e4: 0x4000, 0x15e5: 0x4000, 0x15e6: 0x4000, 0x15e7: 0x4000, 0x15e8: 0x4000, 0x15e9: 0x4000, - 0x15ea: 0x4000, 0x15eb: 0x4000, 0x15ec: 0x4000, 0x15ed: 0x4000, 0x15ee: 0x4000, 0x15ef: 0x4000, - 0x15f0: 0x4000, 0x15f4: 0x4000, - 0x15f8: 0x4000, 0x15f9: 0x4000, 0x15fa: 0x4000, 0x15fb: 0x4000, - 0x15fc: 0x4000, 0x15fd: 0x4000, 0x15fe: 0x4000, 0x15ff: 0x4000, - // Block 0x58, offset 0x1600 - 0x1600: 0x4000, 0x1601: 0x4000, 0x1602: 0x4000, 0x1603: 0x4000, 0x1604: 0x4000, 0x1605: 0x4000, - 0x1606: 0x4000, 0x1607: 0x4000, 0x1608: 0x4000, 0x1609: 0x4000, 0x160a: 0x4000, 0x160b: 0x4000, - 0x160c: 0x4000, 0x160d: 0x4000, 0x160e: 0x4000, 0x160f: 0x4000, 0x1610: 0x4000, 0x1611: 0x4000, - 0x1612: 0x4000, 0x1613: 0x4000, 0x1614: 0x4000, 0x1615: 0x4000, 0x1616: 0x4000, 0x1617: 0x4000, - 0x1618: 0x4000, 0x1619: 0x4000, 0x161a: 0x4000, 0x161b: 0x4000, 0x161c: 0x4000, 0x161d: 0x4000, - 0x161e: 0x4000, 0x161f: 0x4000, 0x1620: 0x4000, 0x1621: 0x4000, 0x1622: 0x4000, 0x1623: 0x4000, - 0x1624: 0x4000, 0x1625: 0x4000, 0x1626: 0x4000, 0x1627: 0x4000, 0x1628: 0x4000, 0x1629: 0x4000, - 0x162a: 0x4000, 0x162b: 0x4000, 0x162c: 0x4000, 0x162d: 0x4000, 0x162e: 0x4000, 0x162f: 0x4000, - 0x1630: 0x4000, 0x1631: 0x4000, 0x1632: 0x4000, 0x1633: 0x4000, 0x1634: 0x4000, 0x1635: 0x4000, - 0x1636: 0x4000, 0x1637: 0x4000, 0x1638: 0x4000, 0x1639: 0x4000, 0x163a: 0x4000, 0x163b: 0x4000, - 0x163c: 0x4000, 0x163d: 0x4000, 0x163e: 0x4000, - // Block 0x59, offset 0x1640 - 0x1640: 0x4000, 0x1642: 0x4000, 0x1643: 0x4000, 0x1644: 0x4000, 0x1645: 0x4000, - 0x1646: 0x4000, 0x1647: 0x4000, 0x1648: 0x4000, 0x1649: 0x4000, 0x164a: 0x4000, 0x164b: 0x4000, - 0x164c: 0x4000, 0x164d: 0x4000, 0x164e: 0x4000, 0x164f: 0x4000, 0x1650: 0x4000, 0x1651: 0x4000, - 0x1652: 0x4000, 0x1653: 0x4000, 0x1654: 0x4000, 0x1655: 0x4000, 0x1656: 0x4000, 0x1657: 0x4000, - 0x1658: 0x4000, 0x1659: 0x4000, 0x165a: 0x4000, 0x165b: 0x4000, 0x165c: 0x4000, 0x165d: 0x4000, - 0x165e: 0x4000, 0x165f: 0x4000, 0x1660: 0x4000, 0x1661: 0x4000, 0x1662: 0x4000, 0x1663: 0x4000, - 0x1664: 0x4000, 0x1665: 0x4000, 0x1666: 0x4000, 0x1667: 0x4000, 0x1668: 0x4000, 0x1669: 0x4000, - 0x166a: 0x4000, 0x166b: 0x4000, 0x166c: 0x4000, 0x166d: 0x4000, 0x166e: 0x4000, 0x166f: 0x4000, - 0x1670: 0x4000, 0x1671: 0x4000, 0x1672: 0x4000, 0x1673: 0x4000, 0x1674: 0x4000, 0x1675: 0x4000, - 0x1676: 0x4000, 0x1677: 0x4000, 0x1678: 0x4000, 0x1679: 0x4000, 0x167a: 0x4000, 0x167b: 0x4000, - 0x167c: 0x4000, 0x167d: 0x4000, 0x167e: 0x4000, 0x167f: 0x4000, - // Block 0x5a, offset 0x1680 - 0x1680: 0x4000, 0x1681: 0x4000, 0x1682: 0x4000, 0x1683: 0x4000, 0x1684: 0x4000, 0x1685: 0x4000, - 0x1686: 0x4000, 0x1687: 0x4000, 0x1688: 0x4000, 0x1689: 0x4000, 0x168a: 0x4000, 0x168b: 0x4000, - 0x168c: 0x4000, 0x168d: 0x4000, 0x168e: 0x4000, 0x168f: 0x4000, 0x1690: 0x4000, 0x1691: 0x4000, - 0x1692: 0x4000, 0x1693: 0x4000, 0x1694: 0x4000, 0x1695: 0x4000, 0x1696: 0x4000, 0x1697: 0x4000, - 0x1698: 0x4000, 0x1699: 0x4000, 0x169a: 0x4000, 0x169b: 0x4000, 0x169c: 0x4000, 0x169d: 0x4000, - 0x169e: 0x4000, 0x169f: 0x4000, 0x16a0: 0x4000, 0x16a1: 0x4000, 0x16a2: 0x4000, 0x16a3: 0x4000, - 0x16a4: 0x4000, 0x16a5: 0x4000, 0x16a6: 0x4000, 0x16a7: 0x4000, 0x16a8: 0x4000, 0x16a9: 0x4000, - 0x16aa: 0x4000, 0x16ab: 0x4000, 0x16ac: 0x4000, 0x16ad: 0x4000, 0x16ae: 0x4000, 0x16af: 0x4000, - 0x16b0: 0x4000, 0x16b1: 0x4000, 0x16b2: 0x4000, 0x16b3: 0x4000, 0x16b4: 0x4000, 0x16b5: 0x4000, - 0x16b6: 0x4000, 0x16b7: 0x4000, 0x16b8: 0x4000, 0x16b9: 0x4000, 0x16ba: 0x4000, 0x16bb: 0x4000, - 0x16bc: 0x4000, 0x16bf: 0x4000, - // Block 0x5b, offset 0x16c0 - 0x16c0: 0x4000, 0x16c1: 0x4000, 0x16c2: 0x4000, 0x16c3: 0x4000, 0x16c4: 0x4000, 0x16c5: 0x4000, - 0x16c6: 0x4000, 0x16c7: 0x4000, 0x16c8: 0x4000, 0x16c9: 0x4000, 0x16ca: 0x4000, 0x16cb: 0x4000, - 0x16cc: 0x4000, 0x16cd: 0x4000, 0x16ce: 0x4000, 0x16cf: 0x4000, 0x16d0: 0x4000, 0x16d1: 0x4000, - 0x16d2: 0x4000, 0x16d3: 0x4000, 0x16d4: 0x4000, 0x16d5: 0x4000, 0x16d6: 0x4000, 0x16d7: 0x4000, - 0x16d8: 0x4000, 0x16d9: 0x4000, 0x16da: 0x4000, 0x16db: 0x4000, 0x16dc: 0x4000, 0x16dd: 0x4000, - 0x16de: 0x4000, 0x16df: 0x4000, 0x16e0: 0x4000, 0x16e1: 0x4000, 0x16e2: 0x4000, 0x16e3: 0x4000, - 0x16e4: 0x4000, 0x16e5: 0x4000, 0x16e6: 0x4000, 0x16e7: 0x4000, 0x16e8: 0x4000, 0x16e9: 0x4000, - 0x16ea: 0x4000, 0x16eb: 0x4000, 0x16ec: 0x4000, 0x16ed: 0x4000, 0x16ee: 0x4000, 0x16ef: 0x4000, - 0x16f0: 0x4000, 0x16f1: 0x4000, 0x16f2: 0x4000, 0x16f3: 0x4000, 0x16f4: 0x4000, 0x16f5: 0x4000, - 0x16f6: 0x4000, 0x16f7: 0x4000, 0x16f8: 0x4000, 0x16f9: 0x4000, 0x16fa: 0x4000, 0x16fb: 0x4000, - 0x16fc: 0x4000, 0x16fd: 0x4000, - // Block 0x5c, offset 0x1700 - 0x170b: 0x4000, - 0x170c: 0x4000, 0x170d: 0x4000, 0x170e: 0x4000, 0x1710: 0x4000, 0x1711: 0x4000, - 0x1712: 0x4000, 0x1713: 0x4000, 0x1714: 0x4000, 0x1715: 0x4000, 0x1716: 0x4000, 0x1717: 0x4000, - 0x1718: 0x4000, 0x1719: 0x4000, 0x171a: 0x4000, 0x171b: 0x4000, 0x171c: 0x4000, 0x171d: 0x4000, - 0x171e: 0x4000, 0x171f: 0x4000, 0x1720: 0x4000, 0x1721: 0x4000, 0x1722: 0x4000, 0x1723: 0x4000, - 0x1724: 0x4000, 0x1725: 0x4000, 0x1726: 0x4000, 0x1727: 0x4000, - 0x173a: 0x4000, - // Block 0x5d, offset 0x1740 - 0x1755: 0x4000, 0x1756: 0x4000, - 0x1764: 0x4000, - // Block 0x5e, offset 0x1780 - 0x17bb: 0x4000, - 0x17bc: 0x4000, 0x17bd: 0x4000, 0x17be: 0x4000, 0x17bf: 0x4000, - // Block 0x5f, offset 0x17c0 - 0x17c0: 0x4000, 0x17c1: 0x4000, 0x17c2: 0x4000, 0x17c3: 0x4000, 0x17c4: 0x4000, 0x17c5: 0x4000, - 0x17c6: 0x4000, 0x17c7: 0x4000, 0x17c8: 0x4000, 0x17c9: 0x4000, 0x17ca: 0x4000, 0x17cb: 0x4000, - 0x17cc: 0x4000, 0x17cd: 0x4000, 0x17ce: 0x4000, 0x17cf: 0x4000, - // Block 0x60, offset 0x1800 - 0x1800: 0x4000, 0x1801: 0x4000, 0x1802: 0x4000, 0x1803: 0x4000, 0x1804: 0x4000, 0x1805: 0x4000, - 0x180c: 0x4000, 0x1810: 0x4000, 0x1811: 0x4000, - 0x1812: 0x4000, 0x1815: 0x4000, 0x1816: 0x4000, 0x1817: 0x4000, - 0x182b: 0x4000, 0x182c: 0x4000, - 0x1834: 0x4000, 0x1835: 0x4000, - 0x1836: 0x4000, 0x1837: 0x4000, 0x1838: 0x4000, 0x1839: 0x4000, 0x183a: 0x4000, 0x183b: 0x4000, - 0x183c: 0x4000, - // Block 0x61, offset 0x1840 - 0x1860: 0x4000, 0x1861: 0x4000, 0x1862: 0x4000, 0x1863: 0x4000, - 0x1864: 0x4000, 0x1865: 0x4000, 0x1866: 0x4000, 0x1867: 0x4000, 0x1868: 0x4000, 0x1869: 0x4000, - 0x186a: 0x4000, 0x186b: 0x4000, - // Block 0x62, offset 0x1880 - 0x188c: 0x4000, 0x188d: 0x4000, 0x188e: 0x4000, 0x188f: 0x4000, 0x1890: 0x4000, 0x1891: 0x4000, - 0x1892: 0x4000, 0x1893: 0x4000, 0x1894: 0x4000, 0x1895: 0x4000, 0x1896: 0x4000, 0x1897: 0x4000, - 0x1898: 0x4000, 0x1899: 0x4000, 0x189a: 0x4000, 0x189b: 0x4000, 0x189c: 0x4000, 0x189d: 0x4000, - 0x189e: 0x4000, 0x189f: 0x4000, 0x18a0: 0x4000, 0x18a1: 0x4000, 0x18a2: 0x4000, 0x18a3: 0x4000, - 0x18a4: 0x4000, 0x18a5: 0x4000, 0x18a6: 0x4000, 0x18a7: 0x4000, 0x18a8: 0x4000, 0x18a9: 0x4000, - 0x18aa: 0x4000, 0x18ab: 0x4000, 0x18ac: 0x4000, 0x18ad: 0x4000, 0x18ae: 0x4000, 0x18af: 0x4000, - 0x18b0: 0x4000, 0x18b1: 0x4000, 0x18b2: 0x4000, 0x18b3: 0x4000, 0x18b4: 0x4000, 0x18b5: 0x4000, - 0x18b6: 0x4000, 0x18b7: 0x4000, 0x18b8: 0x4000, 0x18b9: 0x4000, 0x18ba: 0x4000, - 0x18bc: 0x4000, 0x18bd: 0x4000, 0x18be: 0x4000, 0x18bf: 0x4000, - // Block 0x63, offset 0x18c0 - 0x18c0: 0x4000, 0x18c1: 0x4000, 0x18c2: 0x4000, 0x18c3: 0x4000, 0x18c4: 0x4000, 0x18c5: 0x4000, - 0x18c7: 0x4000, 0x18c8: 0x4000, 0x18c9: 0x4000, 0x18ca: 0x4000, 0x18cb: 0x4000, - 0x18cc: 0x4000, 0x18cd: 0x4000, 0x18ce: 0x4000, 0x18cf: 0x4000, 0x18d0: 0x4000, 0x18d1: 0x4000, - 0x18d2: 0x4000, 0x18d3: 0x4000, 0x18d4: 0x4000, 0x18d5: 0x4000, 0x18d6: 0x4000, 0x18d7: 0x4000, - 0x18d8: 0x4000, 0x18d9: 0x4000, 0x18da: 0x4000, 0x18db: 0x4000, 0x18dc: 0x4000, 0x18dd: 0x4000, - 0x18de: 0x4000, 0x18df: 0x4000, 0x18e0: 0x4000, 0x18e1: 0x4000, 0x18e2: 0x4000, 0x18e3: 0x4000, - 0x18e4: 0x4000, 0x18e5: 0x4000, 0x18e6: 0x4000, 0x18e7: 0x4000, 0x18e8: 0x4000, 0x18e9: 0x4000, - 0x18ea: 0x4000, 0x18eb: 0x4000, 0x18ec: 0x4000, 0x18ed: 0x4000, 0x18ee: 0x4000, 0x18ef: 0x4000, - 0x18f0: 0x4000, 0x18f1: 0x4000, 0x18f2: 0x4000, 0x18f3: 0x4000, 0x18f4: 0x4000, 0x18f5: 0x4000, - 0x18f6: 0x4000, 0x18f7: 0x4000, 0x18f8: 0x4000, 0x18fa: 0x4000, 0x18fb: 0x4000, - 0x18fc: 0x4000, 0x18fd: 0x4000, 0x18fe: 0x4000, 0x18ff: 0x4000, - // Block 0x64, offset 0x1900 - 0x1900: 0x4000, 0x1901: 0x4000, 0x1902: 0x4000, 0x1903: 0x4000, 0x1904: 0x4000, 0x1905: 0x4000, - 0x1906: 0x4000, 0x1907: 0x4000, 0x1908: 0x4000, 0x1909: 0x4000, 0x190a: 0x4000, 0x190b: 0x4000, - 0x190d: 0x4000, 0x190e: 0x4000, 0x190f: 0x4000, 0x1910: 0x4000, 0x1911: 0x4000, - 0x1912: 0x4000, 0x1913: 0x4000, 0x1914: 0x4000, 0x1915: 0x4000, 0x1916: 0x4000, 0x1917: 0x4000, - 0x1918: 0x4000, 0x1919: 0x4000, 0x191a: 0x4000, 0x191b: 0x4000, 0x191c: 0x4000, 0x191d: 0x4000, - 0x191e: 0x4000, 0x191f: 0x4000, 0x1920: 0x4000, 0x1921: 0x4000, 0x1922: 0x4000, 0x1923: 0x4000, - 0x1924: 0x4000, 0x1925: 0x4000, 0x1926: 0x4000, 0x1927: 0x4000, 0x1928: 0x4000, 0x1929: 0x4000, - 0x192a: 0x4000, 0x192b: 0x4000, 0x192c: 0x4000, 0x192d: 0x4000, 0x192e: 0x4000, 0x192f: 0x4000, - 0x1930: 0x4000, 0x1931: 0x4000, 0x1932: 0x4000, 0x1933: 0x4000, 0x1934: 0x4000, 0x1935: 0x4000, - 0x1936: 0x4000, 0x1937: 0x4000, 0x1938: 0x4000, 0x1939: 0x4000, 0x193a: 0x4000, 0x193b: 0x4000, - 0x193c: 0x4000, 0x193d: 0x4000, 0x193e: 0x4000, 0x193f: 0x4000, - // Block 0x65, offset 0x1940 - 0x1970: 0x4000, 0x1971: 0x4000, 0x1972: 0x4000, 0x1973: 0x4000, 0x1974: 0x4000, - 0x1978: 0x4000, 0x1979: 0x4000, 0x197a: 0x4000, - // Block 0x66, offset 0x1980 - 0x1980: 0x4000, 0x1981: 0x4000, 0x1982: 0x4000, 0x1983: 0x4000, 0x1984: 0x4000, 0x1985: 0x4000, - 0x1986: 0x4000, - 0x1990: 0x4000, 0x1991: 0x4000, - 0x1992: 0x4000, 0x1993: 0x4000, 0x1994: 0x4000, 0x1995: 0x4000, 0x1996: 0x4000, 0x1997: 0x4000, - 0x1998: 0x4000, 0x1999: 0x4000, 0x199a: 0x4000, 0x199b: 0x4000, 0x199c: 0x4000, 0x199d: 0x4000, - 0x199e: 0x4000, 0x199f: 0x4000, 0x19a0: 0x4000, 0x19a1: 0x4000, 0x19a2: 0x4000, 0x19a3: 0x4000, - 0x19a4: 0x4000, 0x19a5: 0x4000, 0x19a6: 0x4000, 0x19a7: 0x4000, 0x19a8: 0x4000, - 0x19b0: 0x4000, 0x19b1: 0x4000, 0x19b2: 0x4000, 0x19b3: 0x4000, 0x19b4: 0x4000, 0x19b5: 0x4000, - 0x19b6: 0x4000, - // Block 0x67, offset 0x19c0 - 0x19c0: 0x4000, 0x19c1: 0x4000, 0x19c2: 0x4000, - 0x19d0: 0x4000, 0x19d1: 0x4000, - 0x19d2: 0x4000, 0x19d3: 0x4000, 0x19d4: 0x4000, 0x19d5: 0x4000, 0x19d6: 0x4000, - // Block 0x68, offset 0x1a00 - 0x1a00: 0x2000, 0x1a01: 0x2000, 0x1a02: 0x2000, 0x1a03: 0x2000, 0x1a04: 0x2000, 0x1a05: 0x2000, - 0x1a06: 0x2000, 0x1a07: 0x2000, 0x1a08: 0x2000, 0x1a09: 0x2000, 0x1a0a: 0x2000, 0x1a0b: 0x2000, - 0x1a0c: 0x2000, 0x1a0d: 0x2000, 0x1a0e: 0x2000, 0x1a0f: 0x2000, 0x1a10: 0x2000, 0x1a11: 0x2000, - 0x1a12: 0x2000, 0x1a13: 0x2000, 0x1a14: 0x2000, 0x1a15: 0x2000, 0x1a16: 0x2000, 0x1a17: 0x2000, - 0x1a18: 0x2000, 0x1a19: 0x2000, 0x1a1a: 0x2000, 0x1a1b: 0x2000, 0x1a1c: 0x2000, 0x1a1d: 0x2000, - 0x1a1e: 0x2000, 0x1a1f: 0x2000, 0x1a20: 0x2000, 0x1a21: 0x2000, 0x1a22: 0x2000, 0x1a23: 0x2000, - 0x1a24: 0x2000, 0x1a25: 0x2000, 0x1a26: 0x2000, 0x1a27: 0x2000, 0x1a28: 0x2000, 0x1a29: 0x2000, - 0x1a2a: 0x2000, 0x1a2b: 0x2000, 0x1a2c: 0x2000, 0x1a2d: 0x2000, 0x1a2e: 0x2000, 0x1a2f: 0x2000, - 0x1a30: 0x2000, 0x1a31: 0x2000, 0x1a32: 0x2000, 0x1a33: 0x2000, 0x1a34: 0x2000, 0x1a35: 0x2000, - 0x1a36: 0x2000, 0x1a37: 0x2000, 0x1a38: 0x2000, 0x1a39: 0x2000, 0x1a3a: 0x2000, 0x1a3b: 0x2000, - 0x1a3c: 0x2000, 0x1a3d: 0x2000, -} - -// widthIndex: 22 blocks, 1408 entries, 1408 bytes -// Block 0 is the zero block. -var widthIndex = [1408]uint8{ - // Block 0x0, offset 0x0 - // Block 0x1, offset 0x40 - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xc2: 0x01, 0xc3: 0x02, 0xc4: 0x03, 0xc5: 0x04, 0xc7: 0x05, - 0xc9: 0x06, 0xcb: 0x07, 0xcc: 0x08, 0xcd: 0x09, 0xce: 0x0a, 0xcf: 0x0b, - 0xd0: 0x0c, 0xd1: 0x0d, - 0xe1: 0x02, 0xe2: 0x03, 0xe3: 0x04, 0xe4: 0x05, 0xe5: 0x06, 0xe6: 0x06, 0xe7: 0x06, - 0xe8: 0x06, 0xe9: 0x06, 0xea: 0x07, 0xeb: 0x06, 0xec: 0x06, 0xed: 0x08, 0xee: 0x09, 0xef: 0x0a, - 0xf0: 0x0f, 0xf3: 0x12, 0xf4: 0x13, - // Block 0x4, offset 0x100 - 0x104: 0x0e, 0x105: 0x0f, - // Block 0x5, offset 0x140 - 0x140: 0x10, 0x141: 0x11, 0x142: 0x12, 0x144: 0x13, 0x145: 0x14, 0x146: 0x15, 0x147: 0x16, - 0x148: 0x17, 0x149: 0x18, 0x14a: 0x19, 0x14c: 0x1a, 0x14f: 0x1b, - 0x151: 0x1c, 0x152: 0x08, 0x153: 0x1d, 0x154: 0x1e, 0x155: 0x1f, 0x156: 0x20, 0x157: 0x21, - 0x158: 0x22, 0x159: 0x23, 0x15a: 0x24, 0x15b: 0x25, 0x15c: 0x26, 0x15d: 0x27, 0x15e: 0x28, 0x15f: 0x29, - 0x166: 0x2a, - 0x16c: 0x2b, 0x16d: 0x2c, - 0x17a: 0x2d, 0x17b: 0x2e, 0x17c: 0x0e, 0x17d: 0x0e, 0x17e: 0x0e, 0x17f: 0x2f, - // Block 0x6, offset 0x180 - 0x180: 0x30, 0x181: 0x31, 0x182: 0x32, 0x183: 0x33, 0x184: 0x34, 0x185: 0x35, 0x186: 0x36, 0x187: 0x37, - 0x188: 0x38, 0x189: 0x39, 0x18a: 0x0e, 0x18b: 0x0e, 0x18c: 0x0e, 0x18d: 0x0e, 0x18e: 0x0e, 0x18f: 0x0e, - 0x190: 0x0e, 0x191: 0x0e, 0x192: 0x0e, 0x193: 0x0e, 0x194: 0x0e, 0x195: 0x0e, 0x196: 0x0e, 0x197: 0x0e, - 0x198: 0x0e, 0x199: 0x0e, 0x19a: 0x0e, 0x19b: 0x0e, 0x19c: 0x0e, 0x19d: 0x0e, 0x19e: 0x0e, 0x19f: 0x0e, - 0x1a0: 0x0e, 0x1a1: 0x0e, 0x1a2: 0x0e, 0x1a3: 0x0e, 0x1a4: 0x0e, 0x1a5: 0x0e, 0x1a6: 0x0e, 0x1a7: 0x0e, - 0x1a8: 0x0e, 0x1a9: 0x0e, 0x1aa: 0x0e, 0x1ab: 0x0e, 0x1ac: 0x0e, 0x1ad: 0x0e, 0x1ae: 0x0e, 0x1af: 0x0e, - 0x1b0: 0x0e, 0x1b1: 0x0e, 0x1b2: 0x0e, 0x1b3: 0x0e, 0x1b4: 0x0e, 0x1b5: 0x0e, 0x1b6: 0x0e, 0x1b7: 0x0e, - 0x1b8: 0x0e, 0x1b9: 0x0e, 0x1ba: 0x0e, 0x1bb: 0x0e, 0x1bc: 0x0e, 0x1bd: 0x0e, 0x1be: 0x0e, 0x1bf: 0x0e, - // Block 0x7, offset 0x1c0 - 0x1c0: 0x0e, 0x1c1: 0x0e, 0x1c2: 0x0e, 0x1c3: 0x0e, 0x1c4: 0x0e, 0x1c5: 0x0e, 0x1c6: 0x0e, 0x1c7: 0x0e, - 0x1c8: 0x0e, 0x1c9: 0x0e, 0x1ca: 0x0e, 0x1cb: 0x0e, 0x1cc: 0x0e, 0x1cd: 0x0e, 0x1ce: 0x0e, 0x1cf: 0x0e, - 0x1d0: 0x0e, 0x1d1: 0x0e, 0x1d2: 0x0e, 0x1d3: 0x0e, 0x1d4: 0x0e, 0x1d5: 0x0e, 0x1d6: 0x0e, 0x1d7: 0x0e, - 0x1d8: 0x0e, 0x1d9: 0x0e, 0x1da: 0x0e, 0x1db: 0x0e, 0x1dc: 0x0e, 0x1dd: 0x0e, 0x1de: 0x0e, 0x1df: 0x0e, - 0x1e0: 0x0e, 0x1e1: 0x0e, 0x1e2: 0x0e, 0x1e3: 0x0e, 0x1e4: 0x0e, 0x1e5: 0x0e, 0x1e6: 0x0e, 0x1e7: 0x0e, - 0x1e8: 0x0e, 0x1e9: 0x0e, 0x1ea: 0x0e, 0x1eb: 0x0e, 0x1ec: 0x0e, 0x1ed: 0x0e, 0x1ee: 0x0e, 0x1ef: 0x0e, - 0x1f0: 0x0e, 0x1f1: 0x0e, 0x1f2: 0x0e, 0x1f3: 0x0e, 0x1f4: 0x0e, 0x1f5: 0x0e, 0x1f6: 0x0e, - 0x1f8: 0x0e, 0x1f9: 0x0e, 0x1fa: 0x0e, 0x1fb: 0x0e, 0x1fc: 0x0e, 0x1fd: 0x0e, 0x1fe: 0x0e, 0x1ff: 0x0e, - // Block 0x8, offset 0x200 - 0x200: 0x0e, 0x201: 0x0e, 0x202: 0x0e, 0x203: 0x0e, 0x204: 0x0e, 0x205: 0x0e, 0x206: 0x0e, 0x207: 0x0e, - 0x208: 0x0e, 0x209: 0x0e, 0x20a: 0x0e, 0x20b: 0x0e, 0x20c: 0x0e, 0x20d: 0x0e, 0x20e: 0x0e, 0x20f: 0x0e, - 0x210: 0x0e, 0x211: 0x0e, 0x212: 0x0e, 0x213: 0x0e, 0x214: 0x0e, 0x215: 0x0e, 0x216: 0x0e, 0x217: 0x0e, - 0x218: 0x0e, 0x219: 0x0e, 0x21a: 0x0e, 0x21b: 0x0e, 0x21c: 0x0e, 0x21d: 0x0e, 0x21e: 0x0e, 0x21f: 0x0e, - 0x220: 0x0e, 0x221: 0x0e, 0x222: 0x0e, 0x223: 0x0e, 0x224: 0x0e, 0x225: 0x0e, 0x226: 0x0e, 0x227: 0x0e, - 0x228: 0x0e, 0x229: 0x0e, 0x22a: 0x0e, 0x22b: 0x0e, 0x22c: 0x0e, 0x22d: 0x0e, 0x22e: 0x0e, 0x22f: 0x0e, - 0x230: 0x0e, 0x231: 0x0e, 0x232: 0x0e, 0x233: 0x0e, 0x234: 0x0e, 0x235: 0x0e, 0x236: 0x0e, 0x237: 0x0e, - 0x238: 0x0e, 0x239: 0x0e, 0x23a: 0x0e, 0x23b: 0x0e, 0x23c: 0x0e, 0x23d: 0x0e, 0x23e: 0x0e, 0x23f: 0x0e, - // Block 0x9, offset 0x240 - 0x240: 0x0e, 0x241: 0x0e, 0x242: 0x0e, 0x243: 0x0e, 0x244: 0x0e, 0x245: 0x0e, 0x246: 0x0e, 0x247: 0x0e, - 0x248: 0x0e, 0x249: 0x0e, 0x24a: 0x0e, 0x24b: 0x0e, 0x24c: 0x0e, 0x24d: 0x0e, 0x24e: 0x0e, 0x24f: 0x0e, - 0x250: 0x0e, 0x251: 0x0e, 0x252: 0x3a, 0x253: 0x3b, - 0x265: 0x3c, - 0x270: 0x0e, 0x271: 0x0e, 0x272: 0x0e, 0x273: 0x0e, 0x274: 0x0e, 0x275: 0x0e, 0x276: 0x0e, 0x277: 0x0e, - 0x278: 0x0e, 0x279: 0x0e, 0x27a: 0x0e, 0x27b: 0x0e, 0x27c: 0x0e, 0x27d: 0x0e, 0x27e: 0x0e, 0x27f: 0x0e, - // Block 0xa, offset 0x280 - 0x280: 0x0e, 0x281: 0x0e, 0x282: 0x0e, 0x283: 0x0e, 0x284: 0x0e, 0x285: 0x0e, 0x286: 0x0e, 0x287: 0x0e, - 0x288: 0x0e, 0x289: 0x0e, 0x28a: 0x0e, 0x28b: 0x0e, 0x28c: 0x0e, 0x28d: 0x0e, 0x28e: 0x0e, 0x28f: 0x0e, - 0x290: 0x0e, 0x291: 0x0e, 0x292: 0x0e, 0x293: 0x0e, 0x294: 0x0e, 0x295: 0x0e, 0x296: 0x0e, 0x297: 0x0e, - 0x298: 0x0e, 0x299: 0x0e, 0x29a: 0x0e, 0x29b: 0x0e, 0x29c: 0x0e, 0x29d: 0x0e, 0x29e: 0x3d, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x08, 0x2c1: 0x08, 0x2c2: 0x08, 0x2c3: 0x08, 0x2c4: 0x08, 0x2c5: 0x08, 0x2c6: 0x08, 0x2c7: 0x08, - 0x2c8: 0x08, 0x2c9: 0x08, 0x2ca: 0x08, 0x2cb: 0x08, 0x2cc: 0x08, 0x2cd: 0x08, 0x2ce: 0x08, 0x2cf: 0x08, - 0x2d0: 0x08, 0x2d1: 0x08, 0x2d2: 0x08, 0x2d3: 0x08, 0x2d4: 0x08, 0x2d5: 0x08, 0x2d6: 0x08, 0x2d7: 0x08, - 0x2d8: 0x08, 0x2d9: 0x08, 0x2da: 0x08, 0x2db: 0x08, 0x2dc: 0x08, 0x2dd: 0x08, 0x2de: 0x08, 0x2df: 0x08, - 0x2e0: 0x08, 0x2e1: 0x08, 0x2e2: 0x08, 0x2e3: 0x08, 0x2e4: 0x08, 0x2e5: 0x08, 0x2e6: 0x08, 0x2e7: 0x08, - 0x2e8: 0x08, 0x2e9: 0x08, 0x2ea: 0x08, 0x2eb: 0x08, 0x2ec: 0x08, 0x2ed: 0x08, 0x2ee: 0x08, 0x2ef: 0x08, - 0x2f0: 0x08, 0x2f1: 0x08, 0x2f2: 0x08, 0x2f3: 0x08, 0x2f4: 0x08, 0x2f5: 0x08, 0x2f6: 0x08, 0x2f7: 0x08, - 0x2f8: 0x08, 0x2f9: 0x08, 0x2fa: 0x08, 0x2fb: 0x08, 0x2fc: 0x08, 0x2fd: 0x08, 0x2fe: 0x08, 0x2ff: 0x08, - // Block 0xc, offset 0x300 - 0x300: 0x08, 0x301: 0x08, 0x302: 0x08, 0x303: 0x08, 0x304: 0x08, 0x305: 0x08, 0x306: 0x08, 0x307: 0x08, - 0x308: 0x08, 0x309: 0x08, 0x30a: 0x08, 0x30b: 0x08, 0x30c: 0x08, 0x30d: 0x08, 0x30e: 0x08, 0x30f: 0x08, - 0x310: 0x08, 0x311: 0x08, 0x312: 0x08, 0x313: 0x08, 0x314: 0x08, 0x315: 0x08, 0x316: 0x08, 0x317: 0x08, - 0x318: 0x08, 0x319: 0x08, 0x31a: 0x08, 0x31b: 0x08, 0x31c: 0x08, 0x31d: 0x08, 0x31e: 0x08, 0x31f: 0x08, - 0x320: 0x08, 0x321: 0x08, 0x322: 0x08, 0x323: 0x08, 0x324: 0x0e, 0x325: 0x0e, 0x326: 0x0e, 0x327: 0x0e, - 0x328: 0x0e, 0x329: 0x0e, 0x32a: 0x0e, 0x32b: 0x0e, - 0x338: 0x3e, 0x339: 0x3f, 0x33c: 0x40, 0x33d: 0x41, 0x33e: 0x42, 0x33f: 0x43, - // Block 0xd, offset 0x340 - 0x37f: 0x44, - // Block 0xe, offset 0x380 - 0x380: 0x0e, 0x381: 0x0e, 0x382: 0x0e, 0x383: 0x0e, 0x384: 0x0e, 0x385: 0x0e, 0x386: 0x0e, 0x387: 0x0e, - 0x388: 0x0e, 0x389: 0x0e, 0x38a: 0x0e, 0x38b: 0x0e, 0x38c: 0x0e, 0x38d: 0x0e, 0x38e: 0x0e, 0x38f: 0x0e, - 0x390: 0x0e, 0x391: 0x0e, 0x392: 0x0e, 0x393: 0x0e, 0x394: 0x0e, 0x395: 0x0e, 0x396: 0x0e, 0x397: 0x0e, - 0x398: 0x0e, 0x399: 0x0e, 0x39a: 0x0e, 0x39b: 0x0e, 0x39c: 0x0e, 0x39d: 0x0e, 0x39e: 0x0e, 0x39f: 0x45, - 0x3a0: 0x0e, 0x3a1: 0x0e, 0x3a2: 0x0e, 0x3a3: 0x0e, 0x3a4: 0x0e, 0x3a5: 0x0e, 0x3a6: 0x0e, 0x3a7: 0x0e, - 0x3a8: 0x0e, 0x3a9: 0x0e, 0x3aa: 0x0e, 0x3ab: 0x0e, 0x3ac: 0x0e, 0x3ad: 0x0e, 0x3ae: 0x0e, 0x3af: 0x0e, - 0x3b0: 0x0e, 0x3b1: 0x0e, 0x3b2: 0x0e, 0x3b3: 0x46, 0x3b4: 0x47, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x0e, 0x3c1: 0x0e, 0x3c2: 0x0e, 0x3c3: 0x0e, 0x3c4: 0x48, 0x3c5: 0x49, 0x3c6: 0x0e, 0x3c7: 0x0e, - 0x3c8: 0x0e, 0x3c9: 0x0e, 0x3ca: 0x0e, 0x3cb: 0x4a, - // Block 0x10, offset 0x400 - 0x400: 0x4b, 0x403: 0x4c, 0x404: 0x4d, 0x405: 0x4e, 0x406: 0x4f, - 0x408: 0x50, 0x409: 0x51, 0x40c: 0x52, 0x40d: 0x53, 0x40e: 0x54, 0x40f: 0x55, - 0x410: 0x56, 0x411: 0x57, 0x412: 0x0e, 0x413: 0x58, 0x414: 0x59, 0x415: 0x5a, 0x416: 0x5b, 0x417: 0x5c, - 0x418: 0x0e, 0x419: 0x5d, 0x41a: 0x0e, 0x41b: 0x5e, 0x41f: 0x5f, - 0x424: 0x60, 0x425: 0x61, 0x426: 0x0e, 0x427: 0x62, - 0x429: 0x63, 0x42a: 0x64, 0x42b: 0x65, - // Block 0x11, offset 0x440 - 0x456: 0x0b, 0x457: 0x06, - 0x458: 0x0c, 0x45b: 0x0d, 0x45f: 0x0e, - 0x460: 0x06, 0x461: 0x06, 0x462: 0x06, 0x463: 0x06, 0x464: 0x06, 0x465: 0x06, 0x466: 0x06, 0x467: 0x06, - 0x468: 0x06, 0x469: 0x06, 0x46a: 0x06, 0x46b: 0x06, 0x46c: 0x06, 0x46d: 0x06, 0x46e: 0x06, 0x46f: 0x06, - 0x470: 0x06, 0x471: 0x06, 0x472: 0x06, 0x473: 0x06, 0x474: 0x06, 0x475: 0x06, 0x476: 0x06, 0x477: 0x06, - 0x478: 0x06, 0x479: 0x06, 0x47a: 0x06, 0x47b: 0x06, 0x47c: 0x06, 0x47d: 0x06, 0x47e: 0x06, 0x47f: 0x06, - // Block 0x12, offset 0x480 - 0x484: 0x08, 0x485: 0x08, 0x486: 0x08, 0x487: 0x09, - // Block 0x13, offset 0x4c0 - 0x4c0: 0x08, 0x4c1: 0x08, 0x4c2: 0x08, 0x4c3: 0x08, 0x4c4: 0x08, 0x4c5: 0x08, 0x4c6: 0x08, 0x4c7: 0x08, - 0x4c8: 0x08, 0x4c9: 0x08, 0x4ca: 0x08, 0x4cb: 0x08, 0x4cc: 0x08, 0x4cd: 0x08, 0x4ce: 0x08, 0x4cf: 0x08, - 0x4d0: 0x08, 0x4d1: 0x08, 0x4d2: 0x08, 0x4d3: 0x08, 0x4d4: 0x08, 0x4d5: 0x08, 0x4d6: 0x08, 0x4d7: 0x08, - 0x4d8: 0x08, 0x4d9: 0x08, 0x4da: 0x08, 0x4db: 0x08, 0x4dc: 0x08, 0x4dd: 0x08, 0x4de: 0x08, 0x4df: 0x08, - 0x4e0: 0x08, 0x4e1: 0x08, 0x4e2: 0x08, 0x4e3: 0x08, 0x4e4: 0x08, 0x4e5: 0x08, 0x4e6: 0x08, 0x4e7: 0x08, - 0x4e8: 0x08, 0x4e9: 0x08, 0x4ea: 0x08, 0x4eb: 0x08, 0x4ec: 0x08, 0x4ed: 0x08, 0x4ee: 0x08, 0x4ef: 0x08, - 0x4f0: 0x08, 0x4f1: 0x08, 0x4f2: 0x08, 0x4f3: 0x08, 0x4f4: 0x08, 0x4f5: 0x08, 0x4f6: 0x08, 0x4f7: 0x08, - 0x4f8: 0x08, 0x4f9: 0x08, 0x4fa: 0x08, 0x4fb: 0x08, 0x4fc: 0x08, 0x4fd: 0x08, 0x4fe: 0x08, 0x4ff: 0x66, - // Block 0x14, offset 0x500 - 0x520: 0x10, - 0x530: 0x09, 0x531: 0x09, 0x532: 0x09, 0x533: 0x09, 0x534: 0x09, 0x535: 0x09, 0x536: 0x09, 0x537: 0x09, - 0x538: 0x09, 0x539: 0x09, 0x53a: 0x09, 0x53b: 0x09, 0x53c: 0x09, 0x53d: 0x09, 0x53e: 0x09, 0x53f: 0x11, - // Block 0x15, offset 0x540 - 0x540: 0x09, 0x541: 0x09, 0x542: 0x09, 0x543: 0x09, 0x544: 0x09, 0x545: 0x09, 0x546: 0x09, 0x547: 0x09, - 0x548: 0x09, 0x549: 0x09, 0x54a: 0x09, 0x54b: 0x09, 0x54c: 0x09, 0x54d: 0x09, 0x54e: 0x09, 0x54f: 0x11, -} - -// inverseData contains 4-byte entries of the following format: -// -// <length> <modified UTF-8-encoded rune> <0 padding> -// -// The last byte of the UTF-8-encoded rune is xor-ed with the last byte of the -// UTF-8 encoding of the original rune. Mappings often have the following -// pattern: -// -// A -> A (U+FF21 -> U+0041) -// ï¼¢ -> B (U+FF22 -> U+0042) -// ... -// -// By xor-ing the last byte the same entry can be shared by many mappings. This -// reduces the total number of distinct entries by about two thirds. -// The resulting entry for the aforementioned mappings is -// -// { 0x01, 0xE0, 0x00, 0x00 } -// -// Using this entry to map U+FF21 (UTF-8 [EF BC A1]), we get -// -// E0 ^ A1 = 41. -// -// Similarly, for U+FF22 (UTF-8 [EF BC A2]), we get -// -// E0 ^ A2 = 42. -// -// Note that because of the xor-ing, the byte sequence stored in the entry is -// not valid UTF-8. -var inverseData = [150][4]byte{ - {0x00, 0x00, 0x00, 0x00}, - {0x03, 0xe3, 0x80, 0xa0}, - {0x03, 0xef, 0xbc, 0xa0}, - {0x03, 0xef, 0xbc, 0xe0}, - {0x03, 0xef, 0xbd, 0xe0}, - {0x03, 0xef, 0xbf, 0x02}, - {0x03, 0xef, 0xbf, 0x00}, - {0x03, 0xef, 0xbf, 0x0e}, - {0x03, 0xef, 0xbf, 0x0c}, - {0x03, 0xef, 0xbf, 0x0f}, - {0x03, 0xef, 0xbf, 0x39}, - {0x03, 0xef, 0xbf, 0x3b}, - {0x03, 0xef, 0xbf, 0x3f}, - {0x03, 0xef, 0xbf, 0x2a}, - {0x03, 0xef, 0xbf, 0x0d}, - {0x03, 0xef, 0xbf, 0x25}, - {0x03, 0xef, 0xbd, 0x1a}, - {0x03, 0xef, 0xbd, 0x26}, - {0x01, 0xa0, 0x00, 0x00}, - {0x03, 0xef, 0xbd, 0x25}, - {0x03, 0xef, 0xbd, 0x23}, - {0x03, 0xef, 0xbd, 0x2e}, - {0x03, 0xef, 0xbe, 0x07}, - {0x03, 0xef, 0xbe, 0x05}, - {0x03, 0xef, 0xbd, 0x06}, - {0x03, 0xef, 0xbd, 0x13}, - {0x03, 0xef, 0xbd, 0x0b}, - {0x03, 0xef, 0xbd, 0x16}, - {0x03, 0xef, 0xbd, 0x0c}, - {0x03, 0xef, 0xbd, 0x15}, - {0x03, 0xef, 0xbd, 0x0d}, - {0x03, 0xef, 0xbd, 0x1c}, - {0x03, 0xef, 0xbd, 0x02}, - {0x03, 0xef, 0xbd, 0x1f}, - {0x03, 0xef, 0xbd, 0x1d}, - {0x03, 0xef, 0xbd, 0x17}, - {0x03, 0xef, 0xbd, 0x08}, - {0x03, 0xef, 0xbd, 0x09}, - {0x03, 0xef, 0xbd, 0x0e}, - {0x03, 0xef, 0xbd, 0x04}, - {0x03, 0xef, 0xbd, 0x05}, - {0x03, 0xef, 0xbe, 0x3f}, - {0x03, 0xef, 0xbe, 0x00}, - {0x03, 0xef, 0xbd, 0x2c}, - {0x03, 0xef, 0xbe, 0x06}, - {0x03, 0xef, 0xbe, 0x0c}, - {0x03, 0xef, 0xbe, 0x0f}, - {0x03, 0xef, 0xbe, 0x0d}, - {0x03, 0xef, 0xbe, 0x0b}, - {0x03, 0xef, 0xbe, 0x19}, - {0x03, 0xef, 0xbe, 0x15}, - {0x03, 0xef, 0xbe, 0x11}, - {0x03, 0xef, 0xbe, 0x31}, - {0x03, 0xef, 0xbe, 0x33}, - {0x03, 0xef, 0xbd, 0x0f}, - {0x03, 0xef, 0xbe, 0x30}, - {0x03, 0xef, 0xbe, 0x3e}, - {0x03, 0xef, 0xbe, 0x32}, - {0x03, 0xef, 0xbe, 0x36}, - {0x03, 0xef, 0xbd, 0x14}, - {0x03, 0xef, 0xbe, 0x2e}, - {0x03, 0xef, 0xbd, 0x1e}, - {0x03, 0xef, 0xbe, 0x10}, - {0x03, 0xef, 0xbf, 0x13}, - {0x03, 0xef, 0xbf, 0x15}, - {0x03, 0xef, 0xbf, 0x17}, - {0x03, 0xef, 0xbf, 0x1f}, - {0x03, 0xef, 0xbf, 0x1d}, - {0x03, 0xef, 0xbf, 0x1b}, - {0x03, 0xef, 0xbf, 0x09}, - {0x03, 0xef, 0xbf, 0x0b}, - {0x03, 0xef, 0xbf, 0x37}, - {0x03, 0xef, 0xbe, 0x04}, - {0x01, 0xe0, 0x00, 0x00}, - {0x03, 0xe2, 0xa6, 0x1a}, - {0x03, 0xe2, 0xa6, 0x26}, - {0x03, 0xe3, 0x80, 0x23}, - {0x03, 0xe3, 0x80, 0x2e}, - {0x03, 0xe3, 0x80, 0x25}, - {0x03, 0xe3, 0x83, 0x1e}, - {0x03, 0xe3, 0x83, 0x14}, - {0x03, 0xe3, 0x82, 0x06}, - {0x03, 0xe3, 0x82, 0x0b}, - {0x03, 0xe3, 0x82, 0x0c}, - {0x03, 0xe3, 0x82, 0x0d}, - {0x03, 0xe3, 0x82, 0x02}, - {0x03, 0xe3, 0x83, 0x0f}, - {0x03, 0xe3, 0x83, 0x08}, - {0x03, 0xe3, 0x83, 0x09}, - {0x03, 0xe3, 0x83, 0x2c}, - {0x03, 0xe3, 0x83, 0x0c}, - {0x03, 0xe3, 0x82, 0x13}, - {0x03, 0xe3, 0x82, 0x16}, - {0x03, 0xe3, 0x82, 0x15}, - {0x03, 0xe3, 0x82, 0x1c}, - {0x03, 0xe3, 0x82, 0x1f}, - {0x03, 0xe3, 0x82, 0x1d}, - {0x03, 0xe3, 0x82, 0x1a}, - {0x03, 0xe3, 0x82, 0x17}, - {0x03, 0xe3, 0x82, 0x08}, - {0x03, 0xe3, 0x82, 0x09}, - {0x03, 0xe3, 0x82, 0x0e}, - {0x03, 0xe3, 0x82, 0x04}, - {0x03, 0xe3, 0x82, 0x05}, - {0x03, 0xe3, 0x82, 0x3f}, - {0x03, 0xe3, 0x83, 0x00}, - {0x03, 0xe3, 0x83, 0x06}, - {0x03, 0xe3, 0x83, 0x05}, - {0x03, 0xe3, 0x83, 0x0d}, - {0x03, 0xe3, 0x83, 0x0b}, - {0x03, 0xe3, 0x83, 0x07}, - {0x03, 0xe3, 0x83, 0x19}, - {0x03, 0xe3, 0x83, 0x15}, - {0x03, 0xe3, 0x83, 0x11}, - {0x03, 0xe3, 0x83, 0x31}, - {0x03, 0xe3, 0x83, 0x33}, - {0x03, 0xe3, 0x83, 0x30}, - {0x03, 0xe3, 0x83, 0x3e}, - {0x03, 0xe3, 0x83, 0x32}, - {0x03, 0xe3, 0x83, 0x36}, - {0x03, 0xe3, 0x83, 0x2e}, - {0x03, 0xe3, 0x82, 0x07}, - {0x03, 0xe3, 0x85, 0x04}, - {0x03, 0xe3, 0x84, 0x10}, - {0x03, 0xe3, 0x85, 0x30}, - {0x03, 0xe3, 0x85, 0x0d}, - {0x03, 0xe3, 0x85, 0x13}, - {0x03, 0xe3, 0x85, 0x15}, - {0x03, 0xe3, 0x85, 0x17}, - {0x03, 0xe3, 0x85, 0x1f}, - {0x03, 0xe3, 0x85, 0x1d}, - {0x03, 0xe3, 0x85, 0x1b}, - {0x03, 0xe3, 0x85, 0x09}, - {0x03, 0xe3, 0x85, 0x0f}, - {0x03, 0xe3, 0x85, 0x0b}, - {0x03, 0xe3, 0x85, 0x37}, - {0x03, 0xe3, 0x85, 0x3b}, - {0x03, 0xe3, 0x85, 0x39}, - {0x03, 0xe3, 0x85, 0x3f}, - {0x02, 0xc2, 0x02, 0x00}, - {0x02, 0xc2, 0x0e, 0x00}, - {0x02, 0xc2, 0x0c, 0x00}, - {0x02, 0xc2, 0x00, 0x00}, - {0x03, 0xe2, 0x82, 0x0f}, - {0x03, 0xe2, 0x94, 0x2a}, - {0x03, 0xe2, 0x86, 0x39}, - {0x03, 0xe2, 0x86, 0x3b}, - {0x03, 0xe2, 0x86, 0x3f}, - {0x03, 0xe2, 0x96, 0x0d}, - {0x03, 0xe2, 0x97, 0x25}, -} - -// Total table size 15448 bytes (15KiB) diff --git a/etcd/vendor/golang.org/x/text/width/tables9.0.0.go b/etcd/vendor/golang.org/x/text/width/tables9.0.0.go deleted file mode 100644 index 6781f3d960..0000000000 --- a/etcd/vendor/golang.org/x/text/width/tables9.0.0.go +++ /dev/null @@ -1,1297 +0,0 @@ -// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - -//go:build !go1.10 -// +build !go1.10 - -package width - -// UnicodeVersion is the Unicode version from which the tables in this package are derived. -const UnicodeVersion = "9.0.0" - -// lookup returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookup(s []byte) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupUnsafe(s []byte) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// lookupString returns the trie value for the first UTF-8 encoding in s and -// the width in bytes of this encoding. The size will be 0 if s does not -// hold enough bytes to complete the encoding. len(s) must be greater than 0. -func (t *widthTrie) lookupString(s string) (v uint16, sz int) { - c0 := s[0] - switch { - case c0 < 0x80: // is ASCII - return widthValues[c0], 1 - case c0 < 0xC2: - return 0, 1 // Illegal UTF-8: not a starter, not ASCII. - case c0 < 0xE0: // 2-byte UTF-8 - if len(s) < 2 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c1), 2 - case c0 < 0xF0: // 3-byte UTF-8 - if len(s) < 3 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c2), 3 - case c0 < 0xF8: // 4-byte UTF-8 - if len(s) < 4 { - return 0, 0 - } - i := widthIndex[c0] - c1 := s[1] - if c1 < 0x80 || 0xC0 <= c1 { - return 0, 1 // Illegal UTF-8: not a continuation byte. - } - o := uint32(i)<<6 + uint32(c1) - i = widthIndex[o] - c2 := s[2] - if c2 < 0x80 || 0xC0 <= c2 { - return 0, 2 // Illegal UTF-8: not a continuation byte. - } - o = uint32(i)<<6 + uint32(c2) - i = widthIndex[o] - c3 := s[3] - if c3 < 0x80 || 0xC0 <= c3 { - return 0, 3 // Illegal UTF-8: not a continuation byte. - } - return t.lookupValue(uint32(i), c3), 4 - } - // Illegal rune - return 0, 1 -} - -// lookupStringUnsafe returns the trie value for the first UTF-8 encoding in s. -// s must start with a full and valid UTF-8 encoded rune. -func (t *widthTrie) lookupStringUnsafe(s string) uint16 { - c0 := s[0] - if c0 < 0x80 { // is ASCII - return widthValues[c0] - } - i := widthIndex[c0] - if c0 < 0xE0 { // 2-byte UTF-8 - return t.lookupValue(uint32(i), s[1]) - } - i = widthIndex[uint32(i)<<6+uint32(s[1])] - if c0 < 0xF0 { // 3-byte UTF-8 - return t.lookupValue(uint32(i), s[2]) - } - i = widthIndex[uint32(i)<<6+uint32(s[2])] - if c0 < 0xF8 { // 4-byte UTF-8 - return t.lookupValue(uint32(i), s[3]) - } - return 0 -} - -// widthTrie. Total size: 14080 bytes (13.75 KiB). Checksum: 3b8aeb3dc03667a3. -type widthTrie struct{} - -func newWidthTrie(i int) *widthTrie { - return &widthTrie{} -} - -// lookupValue determines the type of block n and looks up the value for b. -func (t *widthTrie) lookupValue(n uint32, b byte) uint16 { - switch { - default: - return uint16(widthValues[n<<6+uint32(b)]) - } -} - -// widthValues: 99 blocks, 6336 entries, 12672 bytes -// The third block is the zero block. -var widthValues = [6336]uint16{ - // Block 0x0, offset 0x0 - 0x20: 0x6001, 0x21: 0x6002, 0x22: 0x6002, 0x23: 0x6002, - 0x24: 0x6002, 0x25: 0x6002, 0x26: 0x6002, 0x27: 0x6002, 0x28: 0x6002, 0x29: 0x6002, - 0x2a: 0x6002, 0x2b: 0x6002, 0x2c: 0x6002, 0x2d: 0x6002, 0x2e: 0x6002, 0x2f: 0x6002, - 0x30: 0x6002, 0x31: 0x6002, 0x32: 0x6002, 0x33: 0x6002, 0x34: 0x6002, 0x35: 0x6002, - 0x36: 0x6002, 0x37: 0x6002, 0x38: 0x6002, 0x39: 0x6002, 0x3a: 0x6002, 0x3b: 0x6002, - 0x3c: 0x6002, 0x3d: 0x6002, 0x3e: 0x6002, 0x3f: 0x6002, - // Block 0x1, offset 0x40 - 0x40: 0x6003, 0x41: 0x6003, 0x42: 0x6003, 0x43: 0x6003, 0x44: 0x6003, 0x45: 0x6003, - 0x46: 0x6003, 0x47: 0x6003, 0x48: 0x6003, 0x49: 0x6003, 0x4a: 0x6003, 0x4b: 0x6003, - 0x4c: 0x6003, 0x4d: 0x6003, 0x4e: 0x6003, 0x4f: 0x6003, 0x50: 0x6003, 0x51: 0x6003, - 0x52: 0x6003, 0x53: 0x6003, 0x54: 0x6003, 0x55: 0x6003, 0x56: 0x6003, 0x57: 0x6003, - 0x58: 0x6003, 0x59: 0x6003, 0x5a: 0x6003, 0x5b: 0x6003, 0x5c: 0x6003, 0x5d: 0x6003, - 0x5e: 0x6003, 0x5f: 0x6003, 0x60: 0x6004, 0x61: 0x6004, 0x62: 0x6004, 0x63: 0x6004, - 0x64: 0x6004, 0x65: 0x6004, 0x66: 0x6004, 0x67: 0x6004, 0x68: 0x6004, 0x69: 0x6004, - 0x6a: 0x6004, 0x6b: 0x6004, 0x6c: 0x6004, 0x6d: 0x6004, 0x6e: 0x6004, 0x6f: 0x6004, - 0x70: 0x6004, 0x71: 0x6004, 0x72: 0x6004, 0x73: 0x6004, 0x74: 0x6004, 0x75: 0x6004, - 0x76: 0x6004, 0x77: 0x6004, 0x78: 0x6004, 0x79: 0x6004, 0x7a: 0x6004, 0x7b: 0x6004, - 0x7c: 0x6004, 0x7d: 0x6004, 0x7e: 0x6004, - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xe1: 0x2000, 0xe2: 0x6005, 0xe3: 0x6005, - 0xe4: 0x2000, 0xe5: 0x6006, 0xe6: 0x6005, 0xe7: 0x2000, 0xe8: 0x2000, - 0xea: 0x2000, 0xec: 0x6007, 0xed: 0x2000, 0xee: 0x2000, 0xef: 0x6008, - 0xf0: 0x2000, 0xf1: 0x2000, 0xf2: 0x2000, 0xf3: 0x2000, 0xf4: 0x2000, - 0xf6: 0x2000, 0xf7: 0x2000, 0xf8: 0x2000, 0xf9: 0x2000, 0xfa: 0x2000, - 0xfc: 0x2000, 0xfd: 0x2000, 0xfe: 0x2000, 0xff: 0x2000, - // Block 0x4, offset 0x100 - 0x106: 0x2000, - 0x110: 0x2000, - 0x117: 0x2000, - 0x118: 0x2000, - 0x11e: 0x2000, 0x11f: 0x2000, 0x120: 0x2000, 0x121: 0x2000, - 0x126: 0x2000, 0x128: 0x2000, 0x129: 0x2000, - 0x12a: 0x2000, 0x12c: 0x2000, 0x12d: 0x2000, - 0x130: 0x2000, 0x132: 0x2000, 0x133: 0x2000, - 0x137: 0x2000, 0x138: 0x2000, 0x139: 0x2000, 0x13a: 0x2000, - 0x13c: 0x2000, 0x13e: 0x2000, - // Block 0x5, offset 0x140 - 0x141: 0x2000, - 0x151: 0x2000, - 0x153: 0x2000, - 0x15b: 0x2000, - 0x166: 0x2000, 0x167: 0x2000, - 0x16b: 0x2000, - 0x171: 0x2000, 0x172: 0x2000, 0x173: 0x2000, - 0x178: 0x2000, - 0x17f: 0x2000, - // Block 0x6, offset 0x180 - 0x180: 0x2000, 0x181: 0x2000, 0x182: 0x2000, 0x184: 0x2000, - 0x188: 0x2000, 0x189: 0x2000, 0x18a: 0x2000, 0x18b: 0x2000, - 0x18d: 0x2000, - 0x192: 0x2000, 0x193: 0x2000, - 0x1a6: 0x2000, 0x1a7: 0x2000, - 0x1ab: 0x2000, - // Block 0x7, offset 0x1c0 - 0x1ce: 0x2000, 0x1d0: 0x2000, - 0x1d2: 0x2000, 0x1d4: 0x2000, 0x1d6: 0x2000, - 0x1d8: 0x2000, 0x1da: 0x2000, 0x1dc: 0x2000, - // Block 0x8, offset 0x200 - 0x211: 0x2000, - 0x221: 0x2000, - // Block 0x9, offset 0x240 - 0x244: 0x2000, - 0x247: 0x2000, 0x249: 0x2000, 0x24a: 0x2000, 0x24b: 0x2000, - 0x24d: 0x2000, 0x250: 0x2000, - 0x258: 0x2000, 0x259: 0x2000, 0x25a: 0x2000, 0x25b: 0x2000, 0x25d: 0x2000, - 0x25f: 0x2000, - // Block 0xa, offset 0x280 - 0x280: 0x2000, 0x281: 0x2000, 0x282: 0x2000, 0x283: 0x2000, 0x284: 0x2000, 0x285: 0x2000, - 0x286: 0x2000, 0x287: 0x2000, 0x288: 0x2000, 0x289: 0x2000, 0x28a: 0x2000, 0x28b: 0x2000, - 0x28c: 0x2000, 0x28d: 0x2000, 0x28e: 0x2000, 0x28f: 0x2000, 0x290: 0x2000, 0x291: 0x2000, - 0x292: 0x2000, 0x293: 0x2000, 0x294: 0x2000, 0x295: 0x2000, 0x296: 0x2000, 0x297: 0x2000, - 0x298: 0x2000, 0x299: 0x2000, 0x29a: 0x2000, 0x29b: 0x2000, 0x29c: 0x2000, 0x29d: 0x2000, - 0x29e: 0x2000, 0x29f: 0x2000, 0x2a0: 0x2000, 0x2a1: 0x2000, 0x2a2: 0x2000, 0x2a3: 0x2000, - 0x2a4: 0x2000, 0x2a5: 0x2000, 0x2a6: 0x2000, 0x2a7: 0x2000, 0x2a8: 0x2000, 0x2a9: 0x2000, - 0x2aa: 0x2000, 0x2ab: 0x2000, 0x2ac: 0x2000, 0x2ad: 0x2000, 0x2ae: 0x2000, 0x2af: 0x2000, - 0x2b0: 0x2000, 0x2b1: 0x2000, 0x2b2: 0x2000, 0x2b3: 0x2000, 0x2b4: 0x2000, 0x2b5: 0x2000, - 0x2b6: 0x2000, 0x2b7: 0x2000, 0x2b8: 0x2000, 0x2b9: 0x2000, 0x2ba: 0x2000, 0x2bb: 0x2000, - 0x2bc: 0x2000, 0x2bd: 0x2000, 0x2be: 0x2000, 0x2bf: 0x2000, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x2000, 0x2c1: 0x2000, 0x2c2: 0x2000, 0x2c3: 0x2000, 0x2c4: 0x2000, 0x2c5: 0x2000, - 0x2c6: 0x2000, 0x2c7: 0x2000, 0x2c8: 0x2000, 0x2c9: 0x2000, 0x2ca: 0x2000, 0x2cb: 0x2000, - 0x2cc: 0x2000, 0x2cd: 0x2000, 0x2ce: 0x2000, 0x2cf: 0x2000, 0x2d0: 0x2000, 0x2d1: 0x2000, - 0x2d2: 0x2000, 0x2d3: 0x2000, 0x2d4: 0x2000, 0x2d5: 0x2000, 0x2d6: 0x2000, 0x2d7: 0x2000, - 0x2d8: 0x2000, 0x2d9: 0x2000, 0x2da: 0x2000, 0x2db: 0x2000, 0x2dc: 0x2000, 0x2dd: 0x2000, - 0x2de: 0x2000, 0x2df: 0x2000, 0x2e0: 0x2000, 0x2e1: 0x2000, 0x2e2: 0x2000, 0x2e3: 0x2000, - 0x2e4: 0x2000, 0x2e5: 0x2000, 0x2e6: 0x2000, 0x2e7: 0x2000, 0x2e8: 0x2000, 0x2e9: 0x2000, - 0x2ea: 0x2000, 0x2eb: 0x2000, 0x2ec: 0x2000, 0x2ed: 0x2000, 0x2ee: 0x2000, 0x2ef: 0x2000, - // Block 0xc, offset 0x300 - 0x311: 0x2000, - 0x312: 0x2000, 0x313: 0x2000, 0x314: 0x2000, 0x315: 0x2000, 0x316: 0x2000, 0x317: 0x2000, - 0x318: 0x2000, 0x319: 0x2000, 0x31a: 0x2000, 0x31b: 0x2000, 0x31c: 0x2000, 0x31d: 0x2000, - 0x31e: 0x2000, 0x31f: 0x2000, 0x320: 0x2000, 0x321: 0x2000, 0x323: 0x2000, - 0x324: 0x2000, 0x325: 0x2000, 0x326: 0x2000, 0x327: 0x2000, 0x328: 0x2000, 0x329: 0x2000, - 0x331: 0x2000, 0x332: 0x2000, 0x333: 0x2000, 0x334: 0x2000, 0x335: 0x2000, - 0x336: 0x2000, 0x337: 0x2000, 0x338: 0x2000, 0x339: 0x2000, 0x33a: 0x2000, 0x33b: 0x2000, - 0x33c: 0x2000, 0x33d: 0x2000, 0x33e: 0x2000, 0x33f: 0x2000, - // Block 0xd, offset 0x340 - 0x340: 0x2000, 0x341: 0x2000, 0x343: 0x2000, 0x344: 0x2000, 0x345: 0x2000, - 0x346: 0x2000, 0x347: 0x2000, 0x348: 0x2000, 0x349: 0x2000, - // Block 0xe, offset 0x380 - 0x381: 0x2000, - 0x390: 0x2000, 0x391: 0x2000, - 0x392: 0x2000, 0x393: 0x2000, 0x394: 0x2000, 0x395: 0x2000, 0x396: 0x2000, 0x397: 0x2000, - 0x398: 0x2000, 0x399: 0x2000, 0x39a: 0x2000, 0x39b: 0x2000, 0x39c: 0x2000, 0x39d: 0x2000, - 0x39e: 0x2000, 0x39f: 0x2000, 0x3a0: 0x2000, 0x3a1: 0x2000, 0x3a2: 0x2000, 0x3a3: 0x2000, - 0x3a4: 0x2000, 0x3a5: 0x2000, 0x3a6: 0x2000, 0x3a7: 0x2000, 0x3a8: 0x2000, 0x3a9: 0x2000, - 0x3aa: 0x2000, 0x3ab: 0x2000, 0x3ac: 0x2000, 0x3ad: 0x2000, 0x3ae: 0x2000, 0x3af: 0x2000, - 0x3b0: 0x2000, 0x3b1: 0x2000, 0x3b2: 0x2000, 0x3b3: 0x2000, 0x3b4: 0x2000, 0x3b5: 0x2000, - 0x3b6: 0x2000, 0x3b7: 0x2000, 0x3b8: 0x2000, 0x3b9: 0x2000, 0x3ba: 0x2000, 0x3bb: 0x2000, - 0x3bc: 0x2000, 0x3bd: 0x2000, 0x3be: 0x2000, 0x3bf: 0x2000, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x2000, 0x3c1: 0x2000, 0x3c2: 0x2000, 0x3c3: 0x2000, 0x3c4: 0x2000, 0x3c5: 0x2000, - 0x3c6: 0x2000, 0x3c7: 0x2000, 0x3c8: 0x2000, 0x3c9: 0x2000, 0x3ca: 0x2000, 0x3cb: 0x2000, - 0x3cc: 0x2000, 0x3cd: 0x2000, 0x3ce: 0x2000, 0x3cf: 0x2000, 0x3d1: 0x2000, - // Block 0x10, offset 0x400 - 0x400: 0x4000, 0x401: 0x4000, 0x402: 0x4000, 0x403: 0x4000, 0x404: 0x4000, 0x405: 0x4000, - 0x406: 0x4000, 0x407: 0x4000, 0x408: 0x4000, 0x409: 0x4000, 0x40a: 0x4000, 0x40b: 0x4000, - 0x40c: 0x4000, 0x40d: 0x4000, 0x40e: 0x4000, 0x40f: 0x4000, 0x410: 0x4000, 0x411: 0x4000, - 0x412: 0x4000, 0x413: 0x4000, 0x414: 0x4000, 0x415: 0x4000, 0x416: 0x4000, 0x417: 0x4000, - 0x418: 0x4000, 0x419: 0x4000, 0x41a: 0x4000, 0x41b: 0x4000, 0x41c: 0x4000, 0x41d: 0x4000, - 0x41e: 0x4000, 0x41f: 0x4000, 0x420: 0x4000, 0x421: 0x4000, 0x422: 0x4000, 0x423: 0x4000, - 0x424: 0x4000, 0x425: 0x4000, 0x426: 0x4000, 0x427: 0x4000, 0x428: 0x4000, 0x429: 0x4000, - 0x42a: 0x4000, 0x42b: 0x4000, 0x42c: 0x4000, 0x42d: 0x4000, 0x42e: 0x4000, 0x42f: 0x4000, - 0x430: 0x4000, 0x431: 0x4000, 0x432: 0x4000, 0x433: 0x4000, 0x434: 0x4000, 0x435: 0x4000, - 0x436: 0x4000, 0x437: 0x4000, 0x438: 0x4000, 0x439: 0x4000, 0x43a: 0x4000, 0x43b: 0x4000, - 0x43c: 0x4000, 0x43d: 0x4000, 0x43e: 0x4000, 0x43f: 0x4000, - // Block 0x11, offset 0x440 - 0x440: 0x4000, 0x441: 0x4000, 0x442: 0x4000, 0x443: 0x4000, 0x444: 0x4000, 0x445: 0x4000, - 0x446: 0x4000, 0x447: 0x4000, 0x448: 0x4000, 0x449: 0x4000, 0x44a: 0x4000, 0x44b: 0x4000, - 0x44c: 0x4000, 0x44d: 0x4000, 0x44e: 0x4000, 0x44f: 0x4000, 0x450: 0x4000, 0x451: 0x4000, - 0x452: 0x4000, 0x453: 0x4000, 0x454: 0x4000, 0x455: 0x4000, 0x456: 0x4000, 0x457: 0x4000, - 0x458: 0x4000, 0x459: 0x4000, 0x45a: 0x4000, 0x45b: 0x4000, 0x45c: 0x4000, 0x45d: 0x4000, - 0x45e: 0x4000, 0x45f: 0x4000, - // Block 0x12, offset 0x480 - 0x490: 0x2000, - 0x493: 0x2000, 0x494: 0x2000, 0x495: 0x2000, 0x496: 0x2000, - 0x498: 0x2000, 0x499: 0x2000, 0x49c: 0x2000, 0x49d: 0x2000, - 0x4a0: 0x2000, 0x4a1: 0x2000, 0x4a2: 0x2000, - 0x4a4: 0x2000, 0x4a5: 0x2000, 0x4a6: 0x2000, 0x4a7: 0x2000, - 0x4b0: 0x2000, 0x4b2: 0x2000, 0x4b3: 0x2000, 0x4b5: 0x2000, - 0x4bb: 0x2000, - 0x4be: 0x2000, - // Block 0x13, offset 0x4c0 - 0x4f4: 0x2000, - 0x4ff: 0x2000, - // Block 0x14, offset 0x500 - 0x501: 0x2000, 0x502: 0x2000, 0x503: 0x2000, 0x504: 0x2000, - 0x529: 0xa009, - 0x52c: 0x2000, - // Block 0x15, offset 0x540 - 0x543: 0x2000, 0x545: 0x2000, - 0x549: 0x2000, - 0x553: 0x2000, 0x556: 0x2000, - 0x561: 0x2000, 0x562: 0x2000, - 0x566: 0x2000, - 0x56b: 0x2000, - // Block 0x16, offset 0x580 - 0x593: 0x2000, 0x594: 0x2000, - 0x59b: 0x2000, 0x59c: 0x2000, 0x59d: 0x2000, - 0x59e: 0x2000, 0x5a0: 0x2000, 0x5a1: 0x2000, 0x5a2: 0x2000, 0x5a3: 0x2000, - 0x5a4: 0x2000, 0x5a5: 0x2000, 0x5a6: 0x2000, 0x5a7: 0x2000, 0x5a8: 0x2000, 0x5a9: 0x2000, - 0x5aa: 0x2000, 0x5ab: 0x2000, - 0x5b0: 0x2000, 0x5b1: 0x2000, 0x5b2: 0x2000, 0x5b3: 0x2000, 0x5b4: 0x2000, 0x5b5: 0x2000, - 0x5b6: 0x2000, 0x5b7: 0x2000, 0x5b8: 0x2000, 0x5b9: 0x2000, - // Block 0x17, offset 0x5c0 - 0x5c9: 0x2000, - 0x5d0: 0x200a, 0x5d1: 0x200b, - 0x5d2: 0x200a, 0x5d3: 0x200c, 0x5d4: 0x2000, 0x5d5: 0x2000, 0x5d6: 0x2000, 0x5d7: 0x2000, - 0x5d8: 0x2000, 0x5d9: 0x2000, - 0x5f8: 0x2000, 0x5f9: 0x2000, - // Block 0x18, offset 0x600 - 0x612: 0x2000, 0x614: 0x2000, - 0x627: 0x2000, - // Block 0x19, offset 0x640 - 0x640: 0x2000, 0x642: 0x2000, 0x643: 0x2000, - 0x647: 0x2000, 0x648: 0x2000, 0x64b: 0x2000, - 0x64f: 0x2000, 0x651: 0x2000, - 0x655: 0x2000, - 0x65a: 0x2000, 0x65d: 0x2000, - 0x65e: 0x2000, 0x65f: 0x2000, 0x660: 0x2000, 0x663: 0x2000, - 0x665: 0x2000, 0x667: 0x2000, 0x668: 0x2000, 0x669: 0x2000, - 0x66a: 0x2000, 0x66b: 0x2000, 0x66c: 0x2000, 0x66e: 0x2000, - 0x674: 0x2000, 0x675: 0x2000, - 0x676: 0x2000, 0x677: 0x2000, - 0x67c: 0x2000, 0x67d: 0x2000, - // Block 0x1a, offset 0x680 - 0x688: 0x2000, - 0x68c: 0x2000, - 0x692: 0x2000, - 0x6a0: 0x2000, 0x6a1: 0x2000, - 0x6a4: 0x2000, 0x6a5: 0x2000, 0x6a6: 0x2000, 0x6a7: 0x2000, - 0x6aa: 0x2000, 0x6ab: 0x2000, 0x6ae: 0x2000, 0x6af: 0x2000, - // Block 0x1b, offset 0x6c0 - 0x6c2: 0x2000, 0x6c3: 0x2000, - 0x6c6: 0x2000, 0x6c7: 0x2000, - 0x6d5: 0x2000, - 0x6d9: 0x2000, - 0x6e5: 0x2000, - 0x6ff: 0x2000, - // Block 0x1c, offset 0x700 - 0x712: 0x2000, - 0x71a: 0x4000, 0x71b: 0x4000, - 0x729: 0x4000, - 0x72a: 0x4000, - // Block 0x1d, offset 0x740 - 0x769: 0x4000, - 0x76a: 0x4000, 0x76b: 0x4000, 0x76c: 0x4000, - 0x770: 0x4000, 0x773: 0x4000, - // Block 0x1e, offset 0x780 - 0x7a0: 0x2000, 0x7a1: 0x2000, 0x7a2: 0x2000, 0x7a3: 0x2000, - 0x7a4: 0x2000, 0x7a5: 0x2000, 0x7a6: 0x2000, 0x7a7: 0x2000, 0x7a8: 0x2000, 0x7a9: 0x2000, - 0x7aa: 0x2000, 0x7ab: 0x2000, 0x7ac: 0x2000, 0x7ad: 0x2000, 0x7ae: 0x2000, 0x7af: 0x2000, - 0x7b0: 0x2000, 0x7b1: 0x2000, 0x7b2: 0x2000, 0x7b3: 0x2000, 0x7b4: 0x2000, 0x7b5: 0x2000, - 0x7b6: 0x2000, 0x7b7: 0x2000, 0x7b8: 0x2000, 0x7b9: 0x2000, 0x7ba: 0x2000, 0x7bb: 0x2000, - 0x7bc: 0x2000, 0x7bd: 0x2000, 0x7be: 0x2000, 0x7bf: 0x2000, - // Block 0x1f, offset 0x7c0 - 0x7c0: 0x2000, 0x7c1: 0x2000, 0x7c2: 0x2000, 0x7c3: 0x2000, 0x7c4: 0x2000, 0x7c5: 0x2000, - 0x7c6: 0x2000, 0x7c7: 0x2000, 0x7c8: 0x2000, 0x7c9: 0x2000, 0x7ca: 0x2000, 0x7cb: 0x2000, - 0x7cc: 0x2000, 0x7cd: 0x2000, 0x7ce: 0x2000, 0x7cf: 0x2000, 0x7d0: 0x2000, 0x7d1: 0x2000, - 0x7d2: 0x2000, 0x7d3: 0x2000, 0x7d4: 0x2000, 0x7d5: 0x2000, 0x7d6: 0x2000, 0x7d7: 0x2000, - 0x7d8: 0x2000, 0x7d9: 0x2000, 0x7da: 0x2000, 0x7db: 0x2000, 0x7dc: 0x2000, 0x7dd: 0x2000, - 0x7de: 0x2000, 0x7df: 0x2000, 0x7e0: 0x2000, 0x7e1: 0x2000, 0x7e2: 0x2000, 0x7e3: 0x2000, - 0x7e4: 0x2000, 0x7e5: 0x2000, 0x7e6: 0x2000, 0x7e7: 0x2000, 0x7e8: 0x2000, 0x7e9: 0x2000, - 0x7eb: 0x2000, 0x7ec: 0x2000, 0x7ed: 0x2000, 0x7ee: 0x2000, 0x7ef: 0x2000, - 0x7f0: 0x2000, 0x7f1: 0x2000, 0x7f2: 0x2000, 0x7f3: 0x2000, 0x7f4: 0x2000, 0x7f5: 0x2000, - 0x7f6: 0x2000, 0x7f7: 0x2000, 0x7f8: 0x2000, 0x7f9: 0x2000, 0x7fa: 0x2000, 0x7fb: 0x2000, - 0x7fc: 0x2000, 0x7fd: 0x2000, 0x7fe: 0x2000, 0x7ff: 0x2000, - // Block 0x20, offset 0x800 - 0x800: 0x2000, 0x801: 0x2000, 0x802: 0x200d, 0x803: 0x2000, 0x804: 0x2000, 0x805: 0x2000, - 0x806: 0x2000, 0x807: 0x2000, 0x808: 0x2000, 0x809: 0x2000, 0x80a: 0x2000, 0x80b: 0x2000, - 0x80c: 0x2000, 0x80d: 0x2000, 0x80e: 0x2000, 0x80f: 0x2000, 0x810: 0x2000, 0x811: 0x2000, - 0x812: 0x2000, 0x813: 0x2000, 0x814: 0x2000, 0x815: 0x2000, 0x816: 0x2000, 0x817: 0x2000, - 0x818: 0x2000, 0x819: 0x2000, 0x81a: 0x2000, 0x81b: 0x2000, 0x81c: 0x2000, 0x81d: 0x2000, - 0x81e: 0x2000, 0x81f: 0x2000, 0x820: 0x2000, 0x821: 0x2000, 0x822: 0x2000, 0x823: 0x2000, - 0x824: 0x2000, 0x825: 0x2000, 0x826: 0x2000, 0x827: 0x2000, 0x828: 0x2000, 0x829: 0x2000, - 0x82a: 0x2000, 0x82b: 0x2000, 0x82c: 0x2000, 0x82d: 0x2000, 0x82e: 0x2000, 0x82f: 0x2000, - 0x830: 0x2000, 0x831: 0x2000, 0x832: 0x2000, 0x833: 0x2000, 0x834: 0x2000, 0x835: 0x2000, - 0x836: 0x2000, 0x837: 0x2000, 0x838: 0x2000, 0x839: 0x2000, 0x83a: 0x2000, 0x83b: 0x2000, - 0x83c: 0x2000, 0x83d: 0x2000, 0x83e: 0x2000, 0x83f: 0x2000, - // Block 0x21, offset 0x840 - 0x840: 0x2000, 0x841: 0x2000, 0x842: 0x2000, 0x843: 0x2000, 0x844: 0x2000, 0x845: 0x2000, - 0x846: 0x2000, 0x847: 0x2000, 0x848: 0x2000, 0x849: 0x2000, 0x84a: 0x2000, 0x84b: 0x2000, - 0x850: 0x2000, 0x851: 0x2000, - 0x852: 0x2000, 0x853: 0x2000, 0x854: 0x2000, 0x855: 0x2000, 0x856: 0x2000, 0x857: 0x2000, - 0x858: 0x2000, 0x859: 0x2000, 0x85a: 0x2000, 0x85b: 0x2000, 0x85c: 0x2000, 0x85d: 0x2000, - 0x85e: 0x2000, 0x85f: 0x2000, 0x860: 0x2000, 0x861: 0x2000, 0x862: 0x2000, 0x863: 0x2000, - 0x864: 0x2000, 0x865: 0x2000, 0x866: 0x2000, 0x867: 0x2000, 0x868: 0x2000, 0x869: 0x2000, - 0x86a: 0x2000, 0x86b: 0x2000, 0x86c: 0x2000, 0x86d: 0x2000, 0x86e: 0x2000, 0x86f: 0x2000, - 0x870: 0x2000, 0x871: 0x2000, 0x872: 0x2000, 0x873: 0x2000, - // Block 0x22, offset 0x880 - 0x880: 0x2000, 0x881: 0x2000, 0x882: 0x2000, 0x883: 0x2000, 0x884: 0x2000, 0x885: 0x2000, - 0x886: 0x2000, 0x887: 0x2000, 0x888: 0x2000, 0x889: 0x2000, 0x88a: 0x2000, 0x88b: 0x2000, - 0x88c: 0x2000, 0x88d: 0x2000, 0x88e: 0x2000, 0x88f: 0x2000, - 0x892: 0x2000, 0x893: 0x2000, 0x894: 0x2000, 0x895: 0x2000, - 0x8a0: 0x200e, 0x8a1: 0x2000, 0x8a3: 0x2000, - 0x8a4: 0x2000, 0x8a5: 0x2000, 0x8a6: 0x2000, 0x8a7: 0x2000, 0x8a8: 0x2000, 0x8a9: 0x2000, - 0x8b2: 0x2000, 0x8b3: 0x2000, - 0x8b6: 0x2000, 0x8b7: 0x2000, - 0x8bc: 0x2000, 0x8bd: 0x2000, - // Block 0x23, offset 0x8c0 - 0x8c0: 0x2000, 0x8c1: 0x2000, - 0x8c6: 0x2000, 0x8c7: 0x2000, 0x8c8: 0x2000, 0x8cb: 0x200f, - 0x8ce: 0x2000, 0x8cf: 0x2000, 0x8d0: 0x2000, 0x8d1: 0x2000, - 0x8e2: 0x2000, 0x8e3: 0x2000, - 0x8e4: 0x2000, 0x8e5: 0x2000, - 0x8ef: 0x2000, - 0x8fd: 0x4000, 0x8fe: 0x4000, - // Block 0x24, offset 0x900 - 0x905: 0x2000, - 0x906: 0x2000, 0x909: 0x2000, - 0x90e: 0x2000, 0x90f: 0x2000, - 0x914: 0x4000, 0x915: 0x4000, - 0x91c: 0x2000, - 0x91e: 0x2000, - // Block 0x25, offset 0x940 - 0x940: 0x2000, 0x942: 0x2000, - 0x948: 0x4000, 0x949: 0x4000, 0x94a: 0x4000, 0x94b: 0x4000, - 0x94c: 0x4000, 0x94d: 0x4000, 0x94e: 0x4000, 0x94f: 0x4000, 0x950: 0x4000, 0x951: 0x4000, - 0x952: 0x4000, 0x953: 0x4000, - 0x960: 0x2000, 0x961: 0x2000, 0x963: 0x2000, - 0x964: 0x2000, 0x965: 0x2000, 0x967: 0x2000, 0x968: 0x2000, 0x969: 0x2000, - 0x96a: 0x2000, 0x96c: 0x2000, 0x96d: 0x2000, 0x96f: 0x2000, - 0x97f: 0x4000, - // Block 0x26, offset 0x980 - 0x993: 0x4000, - 0x99e: 0x2000, 0x99f: 0x2000, 0x9a1: 0x4000, - 0x9aa: 0x4000, 0x9ab: 0x4000, - 0x9bd: 0x4000, 0x9be: 0x4000, 0x9bf: 0x2000, - // Block 0x27, offset 0x9c0 - 0x9c4: 0x4000, 0x9c5: 0x4000, - 0x9c6: 0x2000, 0x9c7: 0x2000, 0x9c8: 0x2000, 0x9c9: 0x2000, 0x9ca: 0x2000, 0x9cb: 0x2000, - 0x9cc: 0x2000, 0x9cd: 0x2000, 0x9ce: 0x4000, 0x9cf: 0x2000, 0x9d0: 0x2000, 0x9d1: 0x2000, - 0x9d2: 0x2000, 0x9d3: 0x2000, 0x9d4: 0x4000, 0x9d5: 0x2000, 0x9d6: 0x2000, 0x9d7: 0x2000, - 0x9d8: 0x2000, 0x9d9: 0x2000, 0x9da: 0x2000, 0x9db: 0x2000, 0x9dc: 0x2000, 0x9dd: 0x2000, - 0x9de: 0x2000, 0x9df: 0x2000, 0x9e0: 0x2000, 0x9e1: 0x2000, 0x9e3: 0x2000, - 0x9e8: 0x2000, 0x9e9: 0x2000, - 0x9ea: 0x4000, 0x9eb: 0x2000, 0x9ec: 0x2000, 0x9ed: 0x2000, 0x9ee: 0x2000, 0x9ef: 0x2000, - 0x9f0: 0x2000, 0x9f1: 0x2000, 0x9f2: 0x4000, 0x9f3: 0x4000, 0x9f4: 0x2000, 0x9f5: 0x4000, - 0x9f6: 0x2000, 0x9f7: 0x2000, 0x9f8: 0x2000, 0x9f9: 0x2000, 0x9fa: 0x4000, 0x9fb: 0x2000, - 0x9fc: 0x2000, 0x9fd: 0x4000, 0x9fe: 0x2000, 0x9ff: 0x2000, - // Block 0x28, offset 0xa00 - 0xa05: 0x4000, - 0xa0a: 0x4000, 0xa0b: 0x4000, - 0xa28: 0x4000, - 0xa3d: 0x2000, - // Block 0x29, offset 0xa40 - 0xa4c: 0x4000, 0xa4e: 0x4000, - 0xa53: 0x4000, 0xa54: 0x4000, 0xa55: 0x4000, 0xa57: 0x4000, - 0xa76: 0x2000, 0xa77: 0x2000, 0xa78: 0x2000, 0xa79: 0x2000, 0xa7a: 0x2000, 0xa7b: 0x2000, - 0xa7c: 0x2000, 0xa7d: 0x2000, 0xa7e: 0x2000, 0xa7f: 0x2000, - // Block 0x2a, offset 0xa80 - 0xa95: 0x4000, 0xa96: 0x4000, 0xa97: 0x4000, - 0xab0: 0x4000, - 0xabf: 0x4000, - // Block 0x2b, offset 0xac0 - 0xae6: 0x6000, 0xae7: 0x6000, 0xae8: 0x6000, 0xae9: 0x6000, - 0xaea: 0x6000, 0xaeb: 0x6000, 0xaec: 0x6000, 0xaed: 0x6000, - // Block 0x2c, offset 0xb00 - 0xb05: 0x6010, - 0xb06: 0x6011, - // Block 0x2d, offset 0xb40 - 0xb5b: 0x4000, 0xb5c: 0x4000, - // Block 0x2e, offset 0xb80 - 0xb90: 0x4000, - 0xb95: 0x4000, 0xb96: 0x2000, 0xb97: 0x2000, - 0xb98: 0x2000, 0xb99: 0x2000, - // Block 0x2f, offset 0xbc0 - 0xbc0: 0x4000, 0xbc1: 0x4000, 0xbc2: 0x4000, 0xbc3: 0x4000, 0xbc4: 0x4000, 0xbc5: 0x4000, - 0xbc6: 0x4000, 0xbc7: 0x4000, 0xbc8: 0x4000, 0xbc9: 0x4000, 0xbca: 0x4000, 0xbcb: 0x4000, - 0xbcc: 0x4000, 0xbcd: 0x4000, 0xbce: 0x4000, 0xbcf: 0x4000, 0xbd0: 0x4000, 0xbd1: 0x4000, - 0xbd2: 0x4000, 0xbd3: 0x4000, 0xbd4: 0x4000, 0xbd5: 0x4000, 0xbd6: 0x4000, 0xbd7: 0x4000, - 0xbd8: 0x4000, 0xbd9: 0x4000, 0xbdb: 0x4000, 0xbdc: 0x4000, 0xbdd: 0x4000, - 0xbde: 0x4000, 0xbdf: 0x4000, 0xbe0: 0x4000, 0xbe1: 0x4000, 0xbe2: 0x4000, 0xbe3: 0x4000, - 0xbe4: 0x4000, 0xbe5: 0x4000, 0xbe6: 0x4000, 0xbe7: 0x4000, 0xbe8: 0x4000, 0xbe9: 0x4000, - 0xbea: 0x4000, 0xbeb: 0x4000, 0xbec: 0x4000, 0xbed: 0x4000, 0xbee: 0x4000, 0xbef: 0x4000, - 0xbf0: 0x4000, 0xbf1: 0x4000, 0xbf2: 0x4000, 0xbf3: 0x4000, 0xbf4: 0x4000, 0xbf5: 0x4000, - 0xbf6: 0x4000, 0xbf7: 0x4000, 0xbf8: 0x4000, 0xbf9: 0x4000, 0xbfa: 0x4000, 0xbfb: 0x4000, - 0xbfc: 0x4000, 0xbfd: 0x4000, 0xbfe: 0x4000, 0xbff: 0x4000, - // Block 0x30, offset 0xc00 - 0xc00: 0x4000, 0xc01: 0x4000, 0xc02: 0x4000, 0xc03: 0x4000, 0xc04: 0x4000, 0xc05: 0x4000, - 0xc06: 0x4000, 0xc07: 0x4000, 0xc08: 0x4000, 0xc09: 0x4000, 0xc0a: 0x4000, 0xc0b: 0x4000, - 0xc0c: 0x4000, 0xc0d: 0x4000, 0xc0e: 0x4000, 0xc0f: 0x4000, 0xc10: 0x4000, 0xc11: 0x4000, - 0xc12: 0x4000, 0xc13: 0x4000, 0xc14: 0x4000, 0xc15: 0x4000, 0xc16: 0x4000, 0xc17: 0x4000, - 0xc18: 0x4000, 0xc19: 0x4000, 0xc1a: 0x4000, 0xc1b: 0x4000, 0xc1c: 0x4000, 0xc1d: 0x4000, - 0xc1e: 0x4000, 0xc1f: 0x4000, 0xc20: 0x4000, 0xc21: 0x4000, 0xc22: 0x4000, 0xc23: 0x4000, - 0xc24: 0x4000, 0xc25: 0x4000, 0xc26: 0x4000, 0xc27: 0x4000, 0xc28: 0x4000, 0xc29: 0x4000, - 0xc2a: 0x4000, 0xc2b: 0x4000, 0xc2c: 0x4000, 0xc2d: 0x4000, 0xc2e: 0x4000, 0xc2f: 0x4000, - 0xc30: 0x4000, 0xc31: 0x4000, 0xc32: 0x4000, 0xc33: 0x4000, - // Block 0x31, offset 0xc40 - 0xc40: 0x4000, 0xc41: 0x4000, 0xc42: 0x4000, 0xc43: 0x4000, 0xc44: 0x4000, 0xc45: 0x4000, - 0xc46: 0x4000, 0xc47: 0x4000, 0xc48: 0x4000, 0xc49: 0x4000, 0xc4a: 0x4000, 0xc4b: 0x4000, - 0xc4c: 0x4000, 0xc4d: 0x4000, 0xc4e: 0x4000, 0xc4f: 0x4000, 0xc50: 0x4000, 0xc51: 0x4000, - 0xc52: 0x4000, 0xc53: 0x4000, 0xc54: 0x4000, 0xc55: 0x4000, - 0xc70: 0x4000, 0xc71: 0x4000, 0xc72: 0x4000, 0xc73: 0x4000, 0xc74: 0x4000, 0xc75: 0x4000, - 0xc76: 0x4000, 0xc77: 0x4000, 0xc78: 0x4000, 0xc79: 0x4000, 0xc7a: 0x4000, 0xc7b: 0x4000, - // Block 0x32, offset 0xc80 - 0xc80: 0x9012, 0xc81: 0x4013, 0xc82: 0x4014, 0xc83: 0x4000, 0xc84: 0x4000, 0xc85: 0x4000, - 0xc86: 0x4000, 0xc87: 0x4000, 0xc88: 0x4000, 0xc89: 0x4000, 0xc8a: 0x4000, 0xc8b: 0x4000, - 0xc8c: 0x4015, 0xc8d: 0x4015, 0xc8e: 0x4000, 0xc8f: 0x4000, 0xc90: 0x4000, 0xc91: 0x4000, - 0xc92: 0x4000, 0xc93: 0x4000, 0xc94: 0x4000, 0xc95: 0x4000, 0xc96: 0x4000, 0xc97: 0x4000, - 0xc98: 0x4000, 0xc99: 0x4000, 0xc9a: 0x4000, 0xc9b: 0x4000, 0xc9c: 0x4000, 0xc9d: 0x4000, - 0xc9e: 0x4000, 0xc9f: 0x4000, 0xca0: 0x4000, 0xca1: 0x4000, 0xca2: 0x4000, 0xca3: 0x4000, - 0xca4: 0x4000, 0xca5: 0x4000, 0xca6: 0x4000, 0xca7: 0x4000, 0xca8: 0x4000, 0xca9: 0x4000, - 0xcaa: 0x4000, 0xcab: 0x4000, 0xcac: 0x4000, 0xcad: 0x4000, 0xcae: 0x4000, 0xcaf: 0x4000, - 0xcb0: 0x4000, 0xcb1: 0x4000, 0xcb2: 0x4000, 0xcb3: 0x4000, 0xcb4: 0x4000, 0xcb5: 0x4000, - 0xcb6: 0x4000, 0xcb7: 0x4000, 0xcb8: 0x4000, 0xcb9: 0x4000, 0xcba: 0x4000, 0xcbb: 0x4000, - 0xcbc: 0x4000, 0xcbd: 0x4000, 0xcbe: 0x4000, - // Block 0x33, offset 0xcc0 - 0xcc1: 0x4000, 0xcc2: 0x4000, 0xcc3: 0x4000, 0xcc4: 0x4000, 0xcc5: 0x4000, - 0xcc6: 0x4000, 0xcc7: 0x4000, 0xcc8: 0x4000, 0xcc9: 0x4000, 0xcca: 0x4000, 0xccb: 0x4000, - 0xccc: 0x4000, 0xccd: 0x4000, 0xcce: 0x4000, 0xccf: 0x4000, 0xcd0: 0x4000, 0xcd1: 0x4000, - 0xcd2: 0x4000, 0xcd3: 0x4000, 0xcd4: 0x4000, 0xcd5: 0x4000, 0xcd6: 0x4000, 0xcd7: 0x4000, - 0xcd8: 0x4000, 0xcd9: 0x4000, 0xcda: 0x4000, 0xcdb: 0x4000, 0xcdc: 0x4000, 0xcdd: 0x4000, - 0xcde: 0x4000, 0xcdf: 0x4000, 0xce0: 0x4000, 0xce1: 0x4000, 0xce2: 0x4000, 0xce3: 0x4000, - 0xce4: 0x4000, 0xce5: 0x4000, 0xce6: 0x4000, 0xce7: 0x4000, 0xce8: 0x4000, 0xce9: 0x4000, - 0xcea: 0x4000, 0xceb: 0x4000, 0xcec: 0x4000, 0xced: 0x4000, 0xcee: 0x4000, 0xcef: 0x4000, - 0xcf0: 0x4000, 0xcf1: 0x4000, 0xcf2: 0x4000, 0xcf3: 0x4000, 0xcf4: 0x4000, 0xcf5: 0x4000, - 0xcf6: 0x4000, 0xcf7: 0x4000, 0xcf8: 0x4000, 0xcf9: 0x4000, 0xcfa: 0x4000, 0xcfb: 0x4000, - 0xcfc: 0x4000, 0xcfd: 0x4000, 0xcfe: 0x4000, 0xcff: 0x4000, - // Block 0x34, offset 0xd00 - 0xd00: 0x4000, 0xd01: 0x4000, 0xd02: 0x4000, 0xd03: 0x4000, 0xd04: 0x4000, 0xd05: 0x4000, - 0xd06: 0x4000, 0xd07: 0x4000, 0xd08: 0x4000, 0xd09: 0x4000, 0xd0a: 0x4000, 0xd0b: 0x4000, - 0xd0c: 0x4000, 0xd0d: 0x4000, 0xd0e: 0x4000, 0xd0f: 0x4000, 0xd10: 0x4000, 0xd11: 0x4000, - 0xd12: 0x4000, 0xd13: 0x4000, 0xd14: 0x4000, 0xd15: 0x4000, 0xd16: 0x4000, - 0xd19: 0x4016, 0xd1a: 0x4017, 0xd1b: 0x4000, 0xd1c: 0x4000, 0xd1d: 0x4000, - 0xd1e: 0x4000, 0xd1f: 0x4000, 0xd20: 0x4000, 0xd21: 0x4018, 0xd22: 0x4019, 0xd23: 0x401a, - 0xd24: 0x401b, 0xd25: 0x401c, 0xd26: 0x401d, 0xd27: 0x401e, 0xd28: 0x401f, 0xd29: 0x4020, - 0xd2a: 0x4021, 0xd2b: 0x4022, 0xd2c: 0x4000, 0xd2d: 0x4010, 0xd2e: 0x4000, 0xd2f: 0x4023, - 0xd30: 0x4000, 0xd31: 0x4024, 0xd32: 0x4000, 0xd33: 0x4025, 0xd34: 0x4000, 0xd35: 0x4026, - 0xd36: 0x4000, 0xd37: 0x401a, 0xd38: 0x4000, 0xd39: 0x4027, 0xd3a: 0x4000, 0xd3b: 0x4028, - 0xd3c: 0x4000, 0xd3d: 0x4020, 0xd3e: 0x4000, 0xd3f: 0x4029, - // Block 0x35, offset 0xd40 - 0xd40: 0x4000, 0xd41: 0x402a, 0xd42: 0x4000, 0xd43: 0x402b, 0xd44: 0x402c, 0xd45: 0x4000, - 0xd46: 0x4017, 0xd47: 0x4000, 0xd48: 0x402d, 0xd49: 0x4000, 0xd4a: 0x402e, 0xd4b: 0x402f, - 0xd4c: 0x4030, 0xd4d: 0x4017, 0xd4e: 0x4016, 0xd4f: 0x4017, 0xd50: 0x4000, 0xd51: 0x4000, - 0xd52: 0x4031, 0xd53: 0x4000, 0xd54: 0x4000, 0xd55: 0x4031, 0xd56: 0x4000, 0xd57: 0x4000, - 0xd58: 0x4032, 0xd59: 0x4000, 0xd5a: 0x4000, 0xd5b: 0x4032, 0xd5c: 0x4000, 0xd5d: 0x4000, - 0xd5e: 0x4033, 0xd5f: 0x402e, 0xd60: 0x4034, 0xd61: 0x4035, 0xd62: 0x4034, 0xd63: 0x4036, - 0xd64: 0x4037, 0xd65: 0x4024, 0xd66: 0x4035, 0xd67: 0x4025, 0xd68: 0x4038, 0xd69: 0x4038, - 0xd6a: 0x4039, 0xd6b: 0x4039, 0xd6c: 0x403a, 0xd6d: 0x403a, 0xd6e: 0x4000, 0xd6f: 0x4035, - 0xd70: 0x4000, 0xd71: 0x4000, 0xd72: 0x403b, 0xd73: 0x403c, 0xd74: 0x4000, 0xd75: 0x4000, - 0xd76: 0x4000, 0xd77: 0x4000, 0xd78: 0x4000, 0xd79: 0x4000, 0xd7a: 0x4000, 0xd7b: 0x403d, - 0xd7c: 0x401c, 0xd7d: 0x4000, 0xd7e: 0x4000, 0xd7f: 0x4000, - // Block 0x36, offset 0xd80 - 0xd85: 0x4000, - 0xd86: 0x4000, 0xd87: 0x4000, 0xd88: 0x4000, 0xd89: 0x4000, 0xd8a: 0x4000, 0xd8b: 0x4000, - 0xd8c: 0x4000, 0xd8d: 0x4000, 0xd8e: 0x4000, 0xd8f: 0x4000, 0xd90: 0x4000, 0xd91: 0x4000, - 0xd92: 0x4000, 0xd93: 0x4000, 0xd94: 0x4000, 0xd95: 0x4000, 0xd96: 0x4000, 0xd97: 0x4000, - 0xd98: 0x4000, 0xd99: 0x4000, 0xd9a: 0x4000, 0xd9b: 0x4000, 0xd9c: 0x4000, 0xd9d: 0x4000, - 0xd9e: 0x4000, 0xd9f: 0x4000, 0xda0: 0x4000, 0xda1: 0x4000, 0xda2: 0x4000, 0xda3: 0x4000, - 0xda4: 0x4000, 0xda5: 0x4000, 0xda6: 0x4000, 0xda7: 0x4000, 0xda8: 0x4000, 0xda9: 0x4000, - 0xdaa: 0x4000, 0xdab: 0x4000, 0xdac: 0x4000, 0xdad: 0x4000, - 0xdb1: 0x403e, 0xdb2: 0x403e, 0xdb3: 0x403e, 0xdb4: 0x403e, 0xdb5: 0x403e, - 0xdb6: 0x403e, 0xdb7: 0x403e, 0xdb8: 0x403e, 0xdb9: 0x403e, 0xdba: 0x403e, 0xdbb: 0x403e, - 0xdbc: 0x403e, 0xdbd: 0x403e, 0xdbe: 0x403e, 0xdbf: 0x403e, - // Block 0x37, offset 0xdc0 - 0xdc0: 0x4037, 0xdc1: 0x4037, 0xdc2: 0x4037, 0xdc3: 0x4037, 0xdc4: 0x4037, 0xdc5: 0x4037, - 0xdc6: 0x4037, 0xdc7: 0x4037, 0xdc8: 0x4037, 0xdc9: 0x4037, 0xdca: 0x4037, 0xdcb: 0x4037, - 0xdcc: 0x4037, 0xdcd: 0x4037, 0xdce: 0x4037, 0xdcf: 0x400e, 0xdd0: 0x403f, 0xdd1: 0x4040, - 0xdd2: 0x4041, 0xdd3: 0x4040, 0xdd4: 0x403f, 0xdd5: 0x4042, 0xdd6: 0x4043, 0xdd7: 0x4044, - 0xdd8: 0x4040, 0xdd9: 0x4041, 0xdda: 0x4040, 0xddb: 0x4045, 0xddc: 0x4009, 0xddd: 0x4045, - 0xdde: 0x4046, 0xddf: 0x4045, 0xde0: 0x4047, 0xde1: 0x400b, 0xde2: 0x400a, 0xde3: 0x400c, - 0xde4: 0x4048, 0xde5: 0x4000, 0xde6: 0x4000, 0xde7: 0x4000, 0xde8: 0x4000, 0xde9: 0x4000, - 0xdea: 0x4000, 0xdeb: 0x4000, 0xdec: 0x4000, 0xded: 0x4000, 0xdee: 0x4000, 0xdef: 0x4000, - 0xdf0: 0x4000, 0xdf1: 0x4000, 0xdf2: 0x4000, 0xdf3: 0x4000, 0xdf4: 0x4000, 0xdf5: 0x4000, - 0xdf6: 0x4000, 0xdf7: 0x4000, 0xdf8: 0x4000, 0xdf9: 0x4000, 0xdfa: 0x4000, 0xdfb: 0x4000, - 0xdfc: 0x4000, 0xdfd: 0x4000, 0xdfe: 0x4000, 0xdff: 0x4000, - // Block 0x38, offset 0xe00 - 0xe00: 0x4000, 0xe01: 0x4000, 0xe02: 0x4000, 0xe03: 0x4000, 0xe04: 0x4000, 0xe05: 0x4000, - 0xe06: 0x4000, 0xe07: 0x4000, 0xe08: 0x4000, 0xe09: 0x4000, 0xe0a: 0x4000, 0xe0b: 0x4000, - 0xe0c: 0x4000, 0xe0d: 0x4000, 0xe0e: 0x4000, 0xe10: 0x4000, 0xe11: 0x4000, - 0xe12: 0x4000, 0xe13: 0x4000, 0xe14: 0x4000, 0xe15: 0x4000, 0xe16: 0x4000, 0xe17: 0x4000, - 0xe18: 0x4000, 0xe19: 0x4000, 0xe1a: 0x4000, 0xe1b: 0x4000, 0xe1c: 0x4000, 0xe1d: 0x4000, - 0xe1e: 0x4000, 0xe1f: 0x4000, 0xe20: 0x4000, 0xe21: 0x4000, 0xe22: 0x4000, 0xe23: 0x4000, - 0xe24: 0x4000, 0xe25: 0x4000, 0xe26: 0x4000, 0xe27: 0x4000, 0xe28: 0x4000, 0xe29: 0x4000, - 0xe2a: 0x4000, 0xe2b: 0x4000, 0xe2c: 0x4000, 0xe2d: 0x4000, 0xe2e: 0x4000, 0xe2f: 0x4000, - 0xe30: 0x4000, 0xe31: 0x4000, 0xe32: 0x4000, 0xe33: 0x4000, 0xe34: 0x4000, 0xe35: 0x4000, - 0xe36: 0x4000, 0xe37: 0x4000, 0xe38: 0x4000, 0xe39: 0x4000, 0xe3a: 0x4000, - // Block 0x39, offset 0xe40 - 0xe40: 0x4000, 0xe41: 0x4000, 0xe42: 0x4000, 0xe43: 0x4000, 0xe44: 0x4000, 0xe45: 0x4000, - 0xe46: 0x4000, 0xe47: 0x4000, 0xe48: 0x4000, 0xe49: 0x4000, 0xe4a: 0x4000, 0xe4b: 0x4000, - 0xe4c: 0x4000, 0xe4d: 0x4000, 0xe4e: 0x4000, 0xe4f: 0x4000, 0xe50: 0x4000, 0xe51: 0x4000, - 0xe52: 0x4000, 0xe53: 0x4000, 0xe54: 0x4000, 0xe55: 0x4000, 0xe56: 0x4000, 0xe57: 0x4000, - 0xe58: 0x4000, 0xe59: 0x4000, 0xe5a: 0x4000, 0xe5b: 0x4000, 0xe5c: 0x4000, 0xe5d: 0x4000, - 0xe5e: 0x4000, 0xe5f: 0x4000, 0xe60: 0x4000, 0xe61: 0x4000, 0xe62: 0x4000, 0xe63: 0x4000, - 0xe70: 0x4000, 0xe71: 0x4000, 0xe72: 0x4000, 0xe73: 0x4000, 0xe74: 0x4000, 0xe75: 0x4000, - 0xe76: 0x4000, 0xe77: 0x4000, 0xe78: 0x4000, 0xe79: 0x4000, 0xe7a: 0x4000, 0xe7b: 0x4000, - 0xe7c: 0x4000, 0xe7d: 0x4000, 0xe7e: 0x4000, 0xe7f: 0x4000, - // Block 0x3a, offset 0xe80 - 0xe80: 0x4000, 0xe81: 0x4000, 0xe82: 0x4000, 0xe83: 0x4000, 0xe84: 0x4000, 0xe85: 0x4000, - 0xe86: 0x4000, 0xe87: 0x4000, 0xe88: 0x4000, 0xe89: 0x4000, 0xe8a: 0x4000, 0xe8b: 0x4000, - 0xe8c: 0x4000, 0xe8d: 0x4000, 0xe8e: 0x4000, 0xe8f: 0x4000, 0xe90: 0x4000, 0xe91: 0x4000, - 0xe92: 0x4000, 0xe93: 0x4000, 0xe94: 0x4000, 0xe95: 0x4000, 0xe96: 0x4000, 0xe97: 0x4000, - 0xe98: 0x4000, 0xe99: 0x4000, 0xe9a: 0x4000, 0xe9b: 0x4000, 0xe9c: 0x4000, 0xe9d: 0x4000, - 0xe9e: 0x4000, 0xea0: 0x4000, 0xea1: 0x4000, 0xea2: 0x4000, 0xea3: 0x4000, - 0xea4: 0x4000, 0xea5: 0x4000, 0xea6: 0x4000, 0xea7: 0x4000, 0xea8: 0x4000, 0xea9: 0x4000, - 0xeaa: 0x4000, 0xeab: 0x4000, 0xeac: 0x4000, 0xead: 0x4000, 0xeae: 0x4000, 0xeaf: 0x4000, - 0xeb0: 0x4000, 0xeb1: 0x4000, 0xeb2: 0x4000, 0xeb3: 0x4000, 0xeb4: 0x4000, 0xeb5: 0x4000, - 0xeb6: 0x4000, 0xeb7: 0x4000, 0xeb8: 0x4000, 0xeb9: 0x4000, 0xeba: 0x4000, 0xebb: 0x4000, - 0xebc: 0x4000, 0xebd: 0x4000, 0xebe: 0x4000, 0xebf: 0x4000, - // Block 0x3b, offset 0xec0 - 0xec0: 0x4000, 0xec1: 0x4000, 0xec2: 0x4000, 0xec3: 0x4000, 0xec4: 0x4000, 0xec5: 0x4000, - 0xec6: 0x4000, 0xec7: 0x4000, 0xec8: 0x2000, 0xec9: 0x2000, 0xeca: 0x2000, 0xecb: 0x2000, - 0xecc: 0x2000, 0xecd: 0x2000, 0xece: 0x2000, 0xecf: 0x2000, 0xed0: 0x4000, 0xed1: 0x4000, - 0xed2: 0x4000, 0xed3: 0x4000, 0xed4: 0x4000, 0xed5: 0x4000, 0xed6: 0x4000, 0xed7: 0x4000, - 0xed8: 0x4000, 0xed9: 0x4000, 0xeda: 0x4000, 0xedb: 0x4000, 0xedc: 0x4000, 0xedd: 0x4000, - 0xede: 0x4000, 0xedf: 0x4000, 0xee0: 0x4000, 0xee1: 0x4000, 0xee2: 0x4000, 0xee3: 0x4000, - 0xee4: 0x4000, 0xee5: 0x4000, 0xee6: 0x4000, 0xee7: 0x4000, 0xee8: 0x4000, 0xee9: 0x4000, - 0xeea: 0x4000, 0xeeb: 0x4000, 0xeec: 0x4000, 0xeed: 0x4000, 0xeee: 0x4000, 0xeef: 0x4000, - 0xef0: 0x4000, 0xef1: 0x4000, 0xef2: 0x4000, 0xef3: 0x4000, 0xef4: 0x4000, 0xef5: 0x4000, - 0xef6: 0x4000, 0xef7: 0x4000, 0xef8: 0x4000, 0xef9: 0x4000, 0xefa: 0x4000, 0xefb: 0x4000, - 0xefc: 0x4000, 0xefd: 0x4000, 0xefe: 0x4000, 0xeff: 0x4000, - // Block 0x3c, offset 0xf00 - 0xf00: 0x4000, 0xf01: 0x4000, 0xf02: 0x4000, 0xf03: 0x4000, 0xf04: 0x4000, 0xf05: 0x4000, - 0xf06: 0x4000, 0xf07: 0x4000, 0xf08: 0x4000, 0xf09: 0x4000, 0xf0a: 0x4000, 0xf0b: 0x4000, - 0xf0c: 0x4000, 0xf0d: 0x4000, 0xf0e: 0x4000, 0xf0f: 0x4000, 0xf10: 0x4000, 0xf11: 0x4000, - 0xf12: 0x4000, 0xf13: 0x4000, 0xf14: 0x4000, 0xf15: 0x4000, 0xf16: 0x4000, 0xf17: 0x4000, - 0xf18: 0x4000, 0xf19: 0x4000, 0xf1a: 0x4000, 0xf1b: 0x4000, 0xf1c: 0x4000, 0xf1d: 0x4000, - 0xf1e: 0x4000, 0xf1f: 0x4000, 0xf20: 0x4000, 0xf21: 0x4000, 0xf22: 0x4000, 0xf23: 0x4000, - 0xf24: 0x4000, 0xf25: 0x4000, 0xf26: 0x4000, 0xf27: 0x4000, 0xf28: 0x4000, 0xf29: 0x4000, - 0xf2a: 0x4000, 0xf2b: 0x4000, 0xf2c: 0x4000, 0xf2d: 0x4000, 0xf2e: 0x4000, 0xf2f: 0x4000, - 0xf30: 0x4000, 0xf31: 0x4000, 0xf32: 0x4000, 0xf33: 0x4000, 0xf34: 0x4000, 0xf35: 0x4000, - 0xf36: 0x4000, 0xf37: 0x4000, 0xf38: 0x4000, 0xf39: 0x4000, 0xf3a: 0x4000, 0xf3b: 0x4000, - 0xf3c: 0x4000, 0xf3d: 0x4000, 0xf3e: 0x4000, - // Block 0x3d, offset 0xf40 - 0xf40: 0x4000, 0xf41: 0x4000, 0xf42: 0x4000, 0xf43: 0x4000, 0xf44: 0x4000, 0xf45: 0x4000, - 0xf46: 0x4000, 0xf47: 0x4000, 0xf48: 0x4000, 0xf49: 0x4000, 0xf4a: 0x4000, 0xf4b: 0x4000, - 0xf4c: 0x4000, 0xf50: 0x4000, 0xf51: 0x4000, - 0xf52: 0x4000, 0xf53: 0x4000, 0xf54: 0x4000, 0xf55: 0x4000, 0xf56: 0x4000, 0xf57: 0x4000, - 0xf58: 0x4000, 0xf59: 0x4000, 0xf5a: 0x4000, 0xf5b: 0x4000, 0xf5c: 0x4000, 0xf5d: 0x4000, - 0xf5e: 0x4000, 0xf5f: 0x4000, 0xf60: 0x4000, 0xf61: 0x4000, 0xf62: 0x4000, 0xf63: 0x4000, - 0xf64: 0x4000, 0xf65: 0x4000, 0xf66: 0x4000, 0xf67: 0x4000, 0xf68: 0x4000, 0xf69: 0x4000, - 0xf6a: 0x4000, 0xf6b: 0x4000, 0xf6c: 0x4000, 0xf6d: 0x4000, 0xf6e: 0x4000, 0xf6f: 0x4000, - 0xf70: 0x4000, 0xf71: 0x4000, 0xf72: 0x4000, 0xf73: 0x4000, 0xf74: 0x4000, 0xf75: 0x4000, - 0xf76: 0x4000, 0xf77: 0x4000, 0xf78: 0x4000, 0xf79: 0x4000, 0xf7a: 0x4000, 0xf7b: 0x4000, - 0xf7c: 0x4000, 0xf7d: 0x4000, 0xf7e: 0x4000, 0xf7f: 0x4000, - // Block 0x3e, offset 0xf80 - 0xf80: 0x4000, 0xf81: 0x4000, 0xf82: 0x4000, 0xf83: 0x4000, 0xf84: 0x4000, 0xf85: 0x4000, - 0xf86: 0x4000, - // Block 0x3f, offset 0xfc0 - 0xfe0: 0x4000, 0xfe1: 0x4000, 0xfe2: 0x4000, 0xfe3: 0x4000, - 0xfe4: 0x4000, 0xfe5: 0x4000, 0xfe6: 0x4000, 0xfe7: 0x4000, 0xfe8: 0x4000, 0xfe9: 0x4000, - 0xfea: 0x4000, 0xfeb: 0x4000, 0xfec: 0x4000, 0xfed: 0x4000, 0xfee: 0x4000, 0xfef: 0x4000, - 0xff0: 0x4000, 0xff1: 0x4000, 0xff2: 0x4000, 0xff3: 0x4000, 0xff4: 0x4000, 0xff5: 0x4000, - 0xff6: 0x4000, 0xff7: 0x4000, 0xff8: 0x4000, 0xff9: 0x4000, 0xffa: 0x4000, 0xffb: 0x4000, - 0xffc: 0x4000, - // Block 0x40, offset 0x1000 - 0x1000: 0x4000, 0x1001: 0x4000, 0x1002: 0x4000, 0x1003: 0x4000, 0x1004: 0x4000, 0x1005: 0x4000, - 0x1006: 0x4000, 0x1007: 0x4000, 0x1008: 0x4000, 0x1009: 0x4000, 0x100a: 0x4000, 0x100b: 0x4000, - 0x100c: 0x4000, 0x100d: 0x4000, 0x100e: 0x4000, 0x100f: 0x4000, 0x1010: 0x4000, 0x1011: 0x4000, - 0x1012: 0x4000, 0x1013: 0x4000, 0x1014: 0x4000, 0x1015: 0x4000, 0x1016: 0x4000, 0x1017: 0x4000, - 0x1018: 0x4000, 0x1019: 0x4000, 0x101a: 0x4000, 0x101b: 0x4000, 0x101c: 0x4000, 0x101d: 0x4000, - 0x101e: 0x4000, 0x101f: 0x4000, 0x1020: 0x4000, 0x1021: 0x4000, 0x1022: 0x4000, 0x1023: 0x4000, - // Block 0x41, offset 0x1040 - 0x1040: 0x2000, 0x1041: 0x2000, 0x1042: 0x2000, 0x1043: 0x2000, 0x1044: 0x2000, 0x1045: 0x2000, - 0x1046: 0x2000, 0x1047: 0x2000, 0x1048: 0x2000, 0x1049: 0x2000, 0x104a: 0x2000, 0x104b: 0x2000, - 0x104c: 0x2000, 0x104d: 0x2000, 0x104e: 0x2000, 0x104f: 0x2000, 0x1050: 0x4000, 0x1051: 0x4000, - 0x1052: 0x4000, 0x1053: 0x4000, 0x1054: 0x4000, 0x1055: 0x4000, 0x1056: 0x4000, 0x1057: 0x4000, - 0x1058: 0x4000, 0x1059: 0x4000, - 0x1070: 0x4000, 0x1071: 0x4000, 0x1072: 0x4000, 0x1073: 0x4000, 0x1074: 0x4000, 0x1075: 0x4000, - 0x1076: 0x4000, 0x1077: 0x4000, 0x1078: 0x4000, 0x1079: 0x4000, 0x107a: 0x4000, 0x107b: 0x4000, - 0x107c: 0x4000, 0x107d: 0x4000, 0x107e: 0x4000, 0x107f: 0x4000, - // Block 0x42, offset 0x1080 - 0x1080: 0x4000, 0x1081: 0x4000, 0x1082: 0x4000, 0x1083: 0x4000, 0x1084: 0x4000, 0x1085: 0x4000, - 0x1086: 0x4000, 0x1087: 0x4000, 0x1088: 0x4000, 0x1089: 0x4000, 0x108a: 0x4000, 0x108b: 0x4000, - 0x108c: 0x4000, 0x108d: 0x4000, 0x108e: 0x4000, 0x108f: 0x4000, 0x1090: 0x4000, 0x1091: 0x4000, - 0x1092: 0x4000, 0x1094: 0x4000, 0x1095: 0x4000, 0x1096: 0x4000, 0x1097: 0x4000, - 0x1098: 0x4000, 0x1099: 0x4000, 0x109a: 0x4000, 0x109b: 0x4000, 0x109c: 0x4000, 0x109d: 0x4000, - 0x109e: 0x4000, 0x109f: 0x4000, 0x10a0: 0x4000, 0x10a1: 0x4000, 0x10a2: 0x4000, 0x10a3: 0x4000, - 0x10a4: 0x4000, 0x10a5: 0x4000, 0x10a6: 0x4000, 0x10a8: 0x4000, 0x10a9: 0x4000, - 0x10aa: 0x4000, 0x10ab: 0x4000, - // Block 0x43, offset 0x10c0 - 0x10c1: 0x9012, 0x10c2: 0x9012, 0x10c3: 0x9012, 0x10c4: 0x9012, 0x10c5: 0x9012, - 0x10c6: 0x9012, 0x10c7: 0x9012, 0x10c8: 0x9012, 0x10c9: 0x9012, 0x10ca: 0x9012, 0x10cb: 0x9012, - 0x10cc: 0x9012, 0x10cd: 0x9012, 0x10ce: 0x9012, 0x10cf: 0x9012, 0x10d0: 0x9012, 0x10d1: 0x9012, - 0x10d2: 0x9012, 0x10d3: 0x9012, 0x10d4: 0x9012, 0x10d5: 0x9012, 0x10d6: 0x9012, 0x10d7: 0x9012, - 0x10d8: 0x9012, 0x10d9: 0x9012, 0x10da: 0x9012, 0x10db: 0x9012, 0x10dc: 0x9012, 0x10dd: 0x9012, - 0x10de: 0x9012, 0x10df: 0x9012, 0x10e0: 0x9049, 0x10e1: 0x9049, 0x10e2: 0x9049, 0x10e3: 0x9049, - 0x10e4: 0x9049, 0x10e5: 0x9049, 0x10e6: 0x9049, 0x10e7: 0x9049, 0x10e8: 0x9049, 0x10e9: 0x9049, - 0x10ea: 0x9049, 0x10eb: 0x9049, 0x10ec: 0x9049, 0x10ed: 0x9049, 0x10ee: 0x9049, 0x10ef: 0x9049, - 0x10f0: 0x9049, 0x10f1: 0x9049, 0x10f2: 0x9049, 0x10f3: 0x9049, 0x10f4: 0x9049, 0x10f5: 0x9049, - 0x10f6: 0x9049, 0x10f7: 0x9049, 0x10f8: 0x9049, 0x10f9: 0x9049, 0x10fa: 0x9049, 0x10fb: 0x9049, - 0x10fc: 0x9049, 0x10fd: 0x9049, 0x10fe: 0x9049, 0x10ff: 0x9049, - // Block 0x44, offset 0x1100 - 0x1100: 0x9049, 0x1101: 0x9049, 0x1102: 0x9049, 0x1103: 0x9049, 0x1104: 0x9049, 0x1105: 0x9049, - 0x1106: 0x9049, 0x1107: 0x9049, 0x1108: 0x9049, 0x1109: 0x9049, 0x110a: 0x9049, 0x110b: 0x9049, - 0x110c: 0x9049, 0x110d: 0x9049, 0x110e: 0x9049, 0x110f: 0x9049, 0x1110: 0x9049, 0x1111: 0x9049, - 0x1112: 0x9049, 0x1113: 0x9049, 0x1114: 0x9049, 0x1115: 0x9049, 0x1116: 0x9049, 0x1117: 0x9049, - 0x1118: 0x9049, 0x1119: 0x9049, 0x111a: 0x9049, 0x111b: 0x9049, 0x111c: 0x9049, 0x111d: 0x9049, - 0x111e: 0x9049, 0x111f: 0x904a, 0x1120: 0x904b, 0x1121: 0xb04c, 0x1122: 0xb04d, 0x1123: 0xb04d, - 0x1124: 0xb04e, 0x1125: 0xb04f, 0x1126: 0xb050, 0x1127: 0xb051, 0x1128: 0xb052, 0x1129: 0xb053, - 0x112a: 0xb054, 0x112b: 0xb055, 0x112c: 0xb056, 0x112d: 0xb057, 0x112e: 0xb058, 0x112f: 0xb059, - 0x1130: 0xb05a, 0x1131: 0xb05b, 0x1132: 0xb05c, 0x1133: 0xb05d, 0x1134: 0xb05e, 0x1135: 0xb05f, - 0x1136: 0xb060, 0x1137: 0xb061, 0x1138: 0xb062, 0x1139: 0xb063, 0x113a: 0xb064, 0x113b: 0xb065, - 0x113c: 0xb052, 0x113d: 0xb066, 0x113e: 0xb067, 0x113f: 0xb055, - // Block 0x45, offset 0x1140 - 0x1140: 0xb068, 0x1141: 0xb069, 0x1142: 0xb06a, 0x1143: 0xb06b, 0x1144: 0xb05a, 0x1145: 0xb056, - 0x1146: 0xb06c, 0x1147: 0xb06d, 0x1148: 0xb06b, 0x1149: 0xb06e, 0x114a: 0xb06b, 0x114b: 0xb06f, - 0x114c: 0xb06f, 0x114d: 0xb070, 0x114e: 0xb070, 0x114f: 0xb071, 0x1150: 0xb056, 0x1151: 0xb072, - 0x1152: 0xb073, 0x1153: 0xb072, 0x1154: 0xb074, 0x1155: 0xb073, 0x1156: 0xb075, 0x1157: 0xb075, - 0x1158: 0xb076, 0x1159: 0xb076, 0x115a: 0xb077, 0x115b: 0xb077, 0x115c: 0xb073, 0x115d: 0xb078, - 0x115e: 0xb079, 0x115f: 0xb067, 0x1160: 0xb07a, 0x1161: 0xb07b, 0x1162: 0xb07b, 0x1163: 0xb07b, - 0x1164: 0xb07b, 0x1165: 0xb07b, 0x1166: 0xb07b, 0x1167: 0xb07b, 0x1168: 0xb07b, 0x1169: 0xb07b, - 0x116a: 0xb07b, 0x116b: 0xb07b, 0x116c: 0xb07b, 0x116d: 0xb07b, 0x116e: 0xb07b, 0x116f: 0xb07b, - 0x1170: 0xb07c, 0x1171: 0xb07c, 0x1172: 0xb07c, 0x1173: 0xb07c, 0x1174: 0xb07c, 0x1175: 0xb07c, - 0x1176: 0xb07c, 0x1177: 0xb07c, 0x1178: 0xb07c, 0x1179: 0xb07c, 0x117a: 0xb07c, 0x117b: 0xb07c, - 0x117c: 0xb07c, 0x117d: 0xb07c, 0x117e: 0xb07c, - // Block 0x46, offset 0x1180 - 0x1182: 0xb07d, 0x1183: 0xb07e, 0x1184: 0xb07f, 0x1185: 0xb080, - 0x1186: 0xb07f, 0x1187: 0xb07e, 0x118a: 0xb081, 0x118b: 0xb082, - 0x118c: 0xb083, 0x118d: 0xb07f, 0x118e: 0xb080, 0x118f: 0xb07f, - 0x1192: 0xb084, 0x1193: 0xb085, 0x1194: 0xb084, 0x1195: 0xb086, 0x1196: 0xb084, 0x1197: 0xb087, - 0x119a: 0xb088, 0x119b: 0xb089, 0x119c: 0xb08a, - 0x11a0: 0x908b, 0x11a1: 0x908b, 0x11a2: 0x908c, 0x11a3: 0x908d, - 0x11a4: 0x908b, 0x11a5: 0x908e, 0x11a6: 0x908f, 0x11a8: 0xb090, 0x11a9: 0xb091, - 0x11aa: 0xb092, 0x11ab: 0xb091, 0x11ac: 0xb093, 0x11ad: 0xb094, 0x11ae: 0xb095, - 0x11bd: 0x2000, - // Block 0x47, offset 0x11c0 - 0x11e0: 0x4000, - // Block 0x48, offset 0x1200 - 0x1200: 0x4000, 0x1201: 0x4000, 0x1202: 0x4000, 0x1203: 0x4000, 0x1204: 0x4000, 0x1205: 0x4000, - 0x1206: 0x4000, 0x1207: 0x4000, 0x1208: 0x4000, 0x1209: 0x4000, 0x120a: 0x4000, 0x120b: 0x4000, - 0x120c: 0x4000, 0x120d: 0x4000, 0x120e: 0x4000, 0x120f: 0x4000, 0x1210: 0x4000, 0x1211: 0x4000, - 0x1212: 0x4000, 0x1213: 0x4000, 0x1214: 0x4000, 0x1215: 0x4000, 0x1216: 0x4000, 0x1217: 0x4000, - 0x1218: 0x4000, 0x1219: 0x4000, 0x121a: 0x4000, 0x121b: 0x4000, 0x121c: 0x4000, 0x121d: 0x4000, - 0x121e: 0x4000, 0x121f: 0x4000, 0x1220: 0x4000, 0x1221: 0x4000, 0x1222: 0x4000, 0x1223: 0x4000, - 0x1224: 0x4000, 0x1225: 0x4000, 0x1226: 0x4000, 0x1227: 0x4000, 0x1228: 0x4000, 0x1229: 0x4000, - 0x122a: 0x4000, 0x122b: 0x4000, 0x122c: 0x4000, - // Block 0x49, offset 0x1240 - 0x1240: 0x4000, 0x1241: 0x4000, 0x1242: 0x4000, 0x1243: 0x4000, 0x1244: 0x4000, 0x1245: 0x4000, - 0x1246: 0x4000, 0x1247: 0x4000, 0x1248: 0x4000, 0x1249: 0x4000, 0x124a: 0x4000, 0x124b: 0x4000, - 0x124c: 0x4000, 0x124d: 0x4000, 0x124e: 0x4000, 0x124f: 0x4000, 0x1250: 0x4000, 0x1251: 0x4000, - 0x1252: 0x4000, 0x1253: 0x4000, 0x1254: 0x4000, 0x1255: 0x4000, 0x1256: 0x4000, 0x1257: 0x4000, - 0x1258: 0x4000, 0x1259: 0x4000, 0x125a: 0x4000, 0x125b: 0x4000, 0x125c: 0x4000, 0x125d: 0x4000, - 0x125e: 0x4000, 0x125f: 0x4000, 0x1260: 0x4000, 0x1261: 0x4000, 0x1262: 0x4000, 0x1263: 0x4000, - 0x1264: 0x4000, 0x1265: 0x4000, 0x1266: 0x4000, 0x1267: 0x4000, 0x1268: 0x4000, 0x1269: 0x4000, - 0x126a: 0x4000, 0x126b: 0x4000, 0x126c: 0x4000, 0x126d: 0x4000, 0x126e: 0x4000, 0x126f: 0x4000, - 0x1270: 0x4000, 0x1271: 0x4000, 0x1272: 0x4000, - // Block 0x4a, offset 0x1280 - 0x1280: 0x4000, 0x1281: 0x4000, - // Block 0x4b, offset 0x12c0 - 0x12c4: 0x4000, - // Block 0x4c, offset 0x1300 - 0x130f: 0x4000, - // Block 0x4d, offset 0x1340 - 0x1340: 0x2000, 0x1341: 0x2000, 0x1342: 0x2000, 0x1343: 0x2000, 0x1344: 0x2000, 0x1345: 0x2000, - 0x1346: 0x2000, 0x1347: 0x2000, 0x1348: 0x2000, 0x1349: 0x2000, 0x134a: 0x2000, - 0x1350: 0x2000, 0x1351: 0x2000, - 0x1352: 0x2000, 0x1353: 0x2000, 0x1354: 0x2000, 0x1355: 0x2000, 0x1356: 0x2000, 0x1357: 0x2000, - 0x1358: 0x2000, 0x1359: 0x2000, 0x135a: 0x2000, 0x135b: 0x2000, 0x135c: 0x2000, 0x135d: 0x2000, - 0x135e: 0x2000, 0x135f: 0x2000, 0x1360: 0x2000, 0x1361: 0x2000, 0x1362: 0x2000, 0x1363: 0x2000, - 0x1364: 0x2000, 0x1365: 0x2000, 0x1366: 0x2000, 0x1367: 0x2000, 0x1368: 0x2000, 0x1369: 0x2000, - 0x136a: 0x2000, 0x136b: 0x2000, 0x136c: 0x2000, 0x136d: 0x2000, - 0x1370: 0x2000, 0x1371: 0x2000, 0x1372: 0x2000, 0x1373: 0x2000, 0x1374: 0x2000, 0x1375: 0x2000, - 0x1376: 0x2000, 0x1377: 0x2000, 0x1378: 0x2000, 0x1379: 0x2000, 0x137a: 0x2000, 0x137b: 0x2000, - 0x137c: 0x2000, 0x137d: 0x2000, 0x137e: 0x2000, 0x137f: 0x2000, - // Block 0x4e, offset 0x1380 - 0x1380: 0x2000, 0x1381: 0x2000, 0x1382: 0x2000, 0x1383: 0x2000, 0x1384: 0x2000, 0x1385: 0x2000, - 0x1386: 0x2000, 0x1387: 0x2000, 0x1388: 0x2000, 0x1389: 0x2000, 0x138a: 0x2000, 0x138b: 0x2000, - 0x138c: 0x2000, 0x138d: 0x2000, 0x138e: 0x2000, 0x138f: 0x2000, 0x1390: 0x2000, 0x1391: 0x2000, - 0x1392: 0x2000, 0x1393: 0x2000, 0x1394: 0x2000, 0x1395: 0x2000, 0x1396: 0x2000, 0x1397: 0x2000, - 0x1398: 0x2000, 0x1399: 0x2000, 0x139a: 0x2000, 0x139b: 0x2000, 0x139c: 0x2000, 0x139d: 0x2000, - 0x139e: 0x2000, 0x139f: 0x2000, 0x13a0: 0x2000, 0x13a1: 0x2000, 0x13a2: 0x2000, 0x13a3: 0x2000, - 0x13a4: 0x2000, 0x13a5: 0x2000, 0x13a6: 0x2000, 0x13a7: 0x2000, 0x13a8: 0x2000, 0x13a9: 0x2000, - 0x13b0: 0x2000, 0x13b1: 0x2000, 0x13b2: 0x2000, 0x13b3: 0x2000, 0x13b4: 0x2000, 0x13b5: 0x2000, - 0x13b6: 0x2000, 0x13b7: 0x2000, 0x13b8: 0x2000, 0x13b9: 0x2000, 0x13ba: 0x2000, 0x13bb: 0x2000, - 0x13bc: 0x2000, 0x13bd: 0x2000, 0x13be: 0x2000, 0x13bf: 0x2000, - // Block 0x4f, offset 0x13c0 - 0x13c0: 0x2000, 0x13c1: 0x2000, 0x13c2: 0x2000, 0x13c3: 0x2000, 0x13c4: 0x2000, 0x13c5: 0x2000, - 0x13c6: 0x2000, 0x13c7: 0x2000, 0x13c8: 0x2000, 0x13c9: 0x2000, 0x13ca: 0x2000, 0x13cb: 0x2000, - 0x13cc: 0x2000, 0x13cd: 0x2000, 0x13ce: 0x4000, 0x13cf: 0x2000, 0x13d0: 0x2000, 0x13d1: 0x4000, - 0x13d2: 0x4000, 0x13d3: 0x4000, 0x13d4: 0x4000, 0x13d5: 0x4000, 0x13d6: 0x4000, 0x13d7: 0x4000, - 0x13d8: 0x4000, 0x13d9: 0x4000, 0x13da: 0x4000, 0x13db: 0x2000, 0x13dc: 0x2000, 0x13dd: 0x2000, - 0x13de: 0x2000, 0x13df: 0x2000, 0x13e0: 0x2000, 0x13e1: 0x2000, 0x13e2: 0x2000, 0x13e3: 0x2000, - 0x13e4: 0x2000, 0x13e5: 0x2000, 0x13e6: 0x2000, 0x13e7: 0x2000, 0x13e8: 0x2000, 0x13e9: 0x2000, - 0x13ea: 0x2000, 0x13eb: 0x2000, 0x13ec: 0x2000, - // Block 0x50, offset 0x1400 - 0x1400: 0x4000, 0x1401: 0x4000, 0x1402: 0x4000, - 0x1410: 0x4000, 0x1411: 0x4000, - 0x1412: 0x4000, 0x1413: 0x4000, 0x1414: 0x4000, 0x1415: 0x4000, 0x1416: 0x4000, 0x1417: 0x4000, - 0x1418: 0x4000, 0x1419: 0x4000, 0x141a: 0x4000, 0x141b: 0x4000, 0x141c: 0x4000, 0x141d: 0x4000, - 0x141e: 0x4000, 0x141f: 0x4000, 0x1420: 0x4000, 0x1421: 0x4000, 0x1422: 0x4000, 0x1423: 0x4000, - 0x1424: 0x4000, 0x1425: 0x4000, 0x1426: 0x4000, 0x1427: 0x4000, 0x1428: 0x4000, 0x1429: 0x4000, - 0x142a: 0x4000, 0x142b: 0x4000, 0x142c: 0x4000, 0x142d: 0x4000, 0x142e: 0x4000, 0x142f: 0x4000, - 0x1430: 0x4000, 0x1431: 0x4000, 0x1432: 0x4000, 0x1433: 0x4000, 0x1434: 0x4000, 0x1435: 0x4000, - 0x1436: 0x4000, 0x1437: 0x4000, 0x1438: 0x4000, 0x1439: 0x4000, 0x143a: 0x4000, 0x143b: 0x4000, - // Block 0x51, offset 0x1440 - 0x1440: 0x4000, 0x1441: 0x4000, 0x1442: 0x4000, 0x1443: 0x4000, 0x1444: 0x4000, 0x1445: 0x4000, - 0x1446: 0x4000, 0x1447: 0x4000, 0x1448: 0x4000, - 0x1450: 0x4000, 0x1451: 0x4000, - // Block 0x52, offset 0x1480 - 0x1480: 0x4000, 0x1481: 0x4000, 0x1482: 0x4000, 0x1483: 0x4000, 0x1484: 0x4000, 0x1485: 0x4000, - 0x1486: 0x4000, 0x1487: 0x4000, 0x1488: 0x4000, 0x1489: 0x4000, 0x148a: 0x4000, 0x148b: 0x4000, - 0x148c: 0x4000, 0x148d: 0x4000, 0x148e: 0x4000, 0x148f: 0x4000, 0x1490: 0x4000, 0x1491: 0x4000, - 0x1492: 0x4000, 0x1493: 0x4000, 0x1494: 0x4000, 0x1495: 0x4000, 0x1496: 0x4000, 0x1497: 0x4000, - 0x1498: 0x4000, 0x1499: 0x4000, 0x149a: 0x4000, 0x149b: 0x4000, 0x149c: 0x4000, 0x149d: 0x4000, - 0x149e: 0x4000, 0x149f: 0x4000, 0x14a0: 0x4000, - 0x14ad: 0x4000, 0x14ae: 0x4000, 0x14af: 0x4000, - 0x14b0: 0x4000, 0x14b1: 0x4000, 0x14b2: 0x4000, 0x14b3: 0x4000, 0x14b4: 0x4000, 0x14b5: 0x4000, - 0x14b7: 0x4000, 0x14b8: 0x4000, 0x14b9: 0x4000, 0x14ba: 0x4000, 0x14bb: 0x4000, - 0x14bc: 0x4000, 0x14bd: 0x4000, 0x14be: 0x4000, 0x14bf: 0x4000, - // Block 0x53, offset 0x14c0 - 0x14c0: 0x4000, 0x14c1: 0x4000, 0x14c2: 0x4000, 0x14c3: 0x4000, 0x14c4: 0x4000, 0x14c5: 0x4000, - 0x14c6: 0x4000, 0x14c7: 0x4000, 0x14c8: 0x4000, 0x14c9: 0x4000, 0x14ca: 0x4000, 0x14cb: 0x4000, - 0x14cc: 0x4000, 0x14cd: 0x4000, 0x14ce: 0x4000, 0x14cf: 0x4000, 0x14d0: 0x4000, 0x14d1: 0x4000, - 0x14d2: 0x4000, 0x14d3: 0x4000, 0x14d4: 0x4000, 0x14d5: 0x4000, 0x14d6: 0x4000, 0x14d7: 0x4000, - 0x14d8: 0x4000, 0x14d9: 0x4000, 0x14da: 0x4000, 0x14db: 0x4000, 0x14dc: 0x4000, 0x14dd: 0x4000, - 0x14de: 0x4000, 0x14df: 0x4000, 0x14e0: 0x4000, 0x14e1: 0x4000, 0x14e2: 0x4000, 0x14e3: 0x4000, - 0x14e4: 0x4000, 0x14e5: 0x4000, 0x14e6: 0x4000, 0x14e7: 0x4000, 0x14e8: 0x4000, 0x14e9: 0x4000, - 0x14ea: 0x4000, 0x14eb: 0x4000, 0x14ec: 0x4000, 0x14ed: 0x4000, 0x14ee: 0x4000, 0x14ef: 0x4000, - 0x14f0: 0x4000, 0x14f1: 0x4000, 0x14f2: 0x4000, 0x14f3: 0x4000, 0x14f4: 0x4000, 0x14f5: 0x4000, - 0x14f6: 0x4000, 0x14f7: 0x4000, 0x14f8: 0x4000, 0x14f9: 0x4000, 0x14fa: 0x4000, 0x14fb: 0x4000, - 0x14fc: 0x4000, 0x14fe: 0x4000, 0x14ff: 0x4000, - // Block 0x54, offset 0x1500 - 0x1500: 0x4000, 0x1501: 0x4000, 0x1502: 0x4000, 0x1503: 0x4000, 0x1504: 0x4000, 0x1505: 0x4000, - 0x1506: 0x4000, 0x1507: 0x4000, 0x1508: 0x4000, 0x1509: 0x4000, 0x150a: 0x4000, 0x150b: 0x4000, - 0x150c: 0x4000, 0x150d: 0x4000, 0x150e: 0x4000, 0x150f: 0x4000, 0x1510: 0x4000, 0x1511: 0x4000, - 0x1512: 0x4000, 0x1513: 0x4000, - 0x1520: 0x4000, 0x1521: 0x4000, 0x1522: 0x4000, 0x1523: 0x4000, - 0x1524: 0x4000, 0x1525: 0x4000, 0x1526: 0x4000, 0x1527: 0x4000, 0x1528: 0x4000, 0x1529: 0x4000, - 0x152a: 0x4000, 0x152b: 0x4000, 0x152c: 0x4000, 0x152d: 0x4000, 0x152e: 0x4000, 0x152f: 0x4000, - 0x1530: 0x4000, 0x1531: 0x4000, 0x1532: 0x4000, 0x1533: 0x4000, 0x1534: 0x4000, 0x1535: 0x4000, - 0x1536: 0x4000, 0x1537: 0x4000, 0x1538: 0x4000, 0x1539: 0x4000, 0x153a: 0x4000, 0x153b: 0x4000, - 0x153c: 0x4000, 0x153d: 0x4000, 0x153e: 0x4000, 0x153f: 0x4000, - // Block 0x55, offset 0x1540 - 0x1540: 0x4000, 0x1541: 0x4000, 0x1542: 0x4000, 0x1543: 0x4000, 0x1544: 0x4000, 0x1545: 0x4000, - 0x1546: 0x4000, 0x1547: 0x4000, 0x1548: 0x4000, 0x1549: 0x4000, 0x154a: 0x4000, - 0x154f: 0x4000, 0x1550: 0x4000, 0x1551: 0x4000, - 0x1552: 0x4000, 0x1553: 0x4000, - 0x1560: 0x4000, 0x1561: 0x4000, 0x1562: 0x4000, 0x1563: 0x4000, - 0x1564: 0x4000, 0x1565: 0x4000, 0x1566: 0x4000, 0x1567: 0x4000, 0x1568: 0x4000, 0x1569: 0x4000, - 0x156a: 0x4000, 0x156b: 0x4000, 0x156c: 0x4000, 0x156d: 0x4000, 0x156e: 0x4000, 0x156f: 0x4000, - 0x1570: 0x4000, 0x1574: 0x4000, - 0x1578: 0x4000, 0x1579: 0x4000, 0x157a: 0x4000, 0x157b: 0x4000, - 0x157c: 0x4000, 0x157d: 0x4000, 0x157e: 0x4000, 0x157f: 0x4000, - // Block 0x56, offset 0x1580 - 0x1580: 0x4000, 0x1582: 0x4000, 0x1583: 0x4000, 0x1584: 0x4000, 0x1585: 0x4000, - 0x1586: 0x4000, 0x1587: 0x4000, 0x1588: 0x4000, 0x1589: 0x4000, 0x158a: 0x4000, 0x158b: 0x4000, - 0x158c: 0x4000, 0x158d: 0x4000, 0x158e: 0x4000, 0x158f: 0x4000, 0x1590: 0x4000, 0x1591: 0x4000, - 0x1592: 0x4000, 0x1593: 0x4000, 0x1594: 0x4000, 0x1595: 0x4000, 0x1596: 0x4000, 0x1597: 0x4000, - 0x1598: 0x4000, 0x1599: 0x4000, 0x159a: 0x4000, 0x159b: 0x4000, 0x159c: 0x4000, 0x159d: 0x4000, - 0x159e: 0x4000, 0x159f: 0x4000, 0x15a0: 0x4000, 0x15a1: 0x4000, 0x15a2: 0x4000, 0x15a3: 0x4000, - 0x15a4: 0x4000, 0x15a5: 0x4000, 0x15a6: 0x4000, 0x15a7: 0x4000, 0x15a8: 0x4000, 0x15a9: 0x4000, - 0x15aa: 0x4000, 0x15ab: 0x4000, 0x15ac: 0x4000, 0x15ad: 0x4000, 0x15ae: 0x4000, 0x15af: 0x4000, - 0x15b0: 0x4000, 0x15b1: 0x4000, 0x15b2: 0x4000, 0x15b3: 0x4000, 0x15b4: 0x4000, 0x15b5: 0x4000, - 0x15b6: 0x4000, 0x15b7: 0x4000, 0x15b8: 0x4000, 0x15b9: 0x4000, 0x15ba: 0x4000, 0x15bb: 0x4000, - 0x15bc: 0x4000, 0x15bd: 0x4000, 0x15be: 0x4000, 0x15bf: 0x4000, - // Block 0x57, offset 0x15c0 - 0x15c0: 0x4000, 0x15c1: 0x4000, 0x15c2: 0x4000, 0x15c3: 0x4000, 0x15c4: 0x4000, 0x15c5: 0x4000, - 0x15c6: 0x4000, 0x15c7: 0x4000, 0x15c8: 0x4000, 0x15c9: 0x4000, 0x15ca: 0x4000, 0x15cb: 0x4000, - 0x15cc: 0x4000, 0x15cd: 0x4000, 0x15ce: 0x4000, 0x15cf: 0x4000, 0x15d0: 0x4000, 0x15d1: 0x4000, - 0x15d2: 0x4000, 0x15d3: 0x4000, 0x15d4: 0x4000, 0x15d5: 0x4000, 0x15d6: 0x4000, 0x15d7: 0x4000, - 0x15d8: 0x4000, 0x15d9: 0x4000, 0x15da: 0x4000, 0x15db: 0x4000, 0x15dc: 0x4000, 0x15dd: 0x4000, - 0x15de: 0x4000, 0x15df: 0x4000, 0x15e0: 0x4000, 0x15e1: 0x4000, 0x15e2: 0x4000, 0x15e3: 0x4000, - 0x15e4: 0x4000, 0x15e5: 0x4000, 0x15e6: 0x4000, 0x15e7: 0x4000, 0x15e8: 0x4000, 0x15e9: 0x4000, - 0x15ea: 0x4000, 0x15eb: 0x4000, 0x15ec: 0x4000, 0x15ed: 0x4000, 0x15ee: 0x4000, 0x15ef: 0x4000, - 0x15f0: 0x4000, 0x15f1: 0x4000, 0x15f2: 0x4000, 0x15f3: 0x4000, 0x15f4: 0x4000, 0x15f5: 0x4000, - 0x15f6: 0x4000, 0x15f7: 0x4000, 0x15f8: 0x4000, 0x15f9: 0x4000, 0x15fa: 0x4000, 0x15fb: 0x4000, - 0x15fc: 0x4000, 0x15ff: 0x4000, - // Block 0x58, offset 0x1600 - 0x1600: 0x4000, 0x1601: 0x4000, 0x1602: 0x4000, 0x1603: 0x4000, 0x1604: 0x4000, 0x1605: 0x4000, - 0x1606: 0x4000, 0x1607: 0x4000, 0x1608: 0x4000, 0x1609: 0x4000, 0x160a: 0x4000, 0x160b: 0x4000, - 0x160c: 0x4000, 0x160d: 0x4000, 0x160e: 0x4000, 0x160f: 0x4000, 0x1610: 0x4000, 0x1611: 0x4000, - 0x1612: 0x4000, 0x1613: 0x4000, 0x1614: 0x4000, 0x1615: 0x4000, 0x1616: 0x4000, 0x1617: 0x4000, - 0x1618: 0x4000, 0x1619: 0x4000, 0x161a: 0x4000, 0x161b: 0x4000, 0x161c: 0x4000, 0x161d: 0x4000, - 0x161e: 0x4000, 0x161f: 0x4000, 0x1620: 0x4000, 0x1621: 0x4000, 0x1622: 0x4000, 0x1623: 0x4000, - 0x1624: 0x4000, 0x1625: 0x4000, 0x1626: 0x4000, 0x1627: 0x4000, 0x1628: 0x4000, 0x1629: 0x4000, - 0x162a: 0x4000, 0x162b: 0x4000, 0x162c: 0x4000, 0x162d: 0x4000, 0x162e: 0x4000, 0x162f: 0x4000, - 0x1630: 0x4000, 0x1631: 0x4000, 0x1632: 0x4000, 0x1633: 0x4000, 0x1634: 0x4000, 0x1635: 0x4000, - 0x1636: 0x4000, 0x1637: 0x4000, 0x1638: 0x4000, 0x1639: 0x4000, 0x163a: 0x4000, 0x163b: 0x4000, - 0x163c: 0x4000, 0x163d: 0x4000, - // Block 0x59, offset 0x1640 - 0x164b: 0x4000, - 0x164c: 0x4000, 0x164d: 0x4000, 0x164e: 0x4000, 0x1650: 0x4000, 0x1651: 0x4000, - 0x1652: 0x4000, 0x1653: 0x4000, 0x1654: 0x4000, 0x1655: 0x4000, 0x1656: 0x4000, 0x1657: 0x4000, - 0x1658: 0x4000, 0x1659: 0x4000, 0x165a: 0x4000, 0x165b: 0x4000, 0x165c: 0x4000, 0x165d: 0x4000, - 0x165e: 0x4000, 0x165f: 0x4000, 0x1660: 0x4000, 0x1661: 0x4000, 0x1662: 0x4000, 0x1663: 0x4000, - 0x1664: 0x4000, 0x1665: 0x4000, 0x1666: 0x4000, 0x1667: 0x4000, - 0x167a: 0x4000, - // Block 0x5a, offset 0x1680 - 0x1695: 0x4000, 0x1696: 0x4000, - 0x16a4: 0x4000, - // Block 0x5b, offset 0x16c0 - 0x16fb: 0x4000, - 0x16fc: 0x4000, 0x16fd: 0x4000, 0x16fe: 0x4000, 0x16ff: 0x4000, - // Block 0x5c, offset 0x1700 - 0x1700: 0x4000, 0x1701: 0x4000, 0x1702: 0x4000, 0x1703: 0x4000, 0x1704: 0x4000, 0x1705: 0x4000, - 0x1706: 0x4000, 0x1707: 0x4000, 0x1708: 0x4000, 0x1709: 0x4000, 0x170a: 0x4000, 0x170b: 0x4000, - 0x170c: 0x4000, 0x170d: 0x4000, 0x170e: 0x4000, 0x170f: 0x4000, - // Block 0x5d, offset 0x1740 - 0x1740: 0x4000, 0x1741: 0x4000, 0x1742: 0x4000, 0x1743: 0x4000, 0x1744: 0x4000, 0x1745: 0x4000, - 0x174c: 0x4000, 0x1750: 0x4000, 0x1751: 0x4000, - 0x1752: 0x4000, - 0x176b: 0x4000, 0x176c: 0x4000, - 0x1774: 0x4000, 0x1775: 0x4000, - 0x1776: 0x4000, - // Block 0x5e, offset 0x1780 - 0x1790: 0x4000, 0x1791: 0x4000, - 0x1792: 0x4000, 0x1793: 0x4000, 0x1794: 0x4000, 0x1795: 0x4000, 0x1796: 0x4000, 0x1797: 0x4000, - 0x1798: 0x4000, 0x1799: 0x4000, 0x179a: 0x4000, 0x179b: 0x4000, 0x179c: 0x4000, 0x179d: 0x4000, - 0x179e: 0x4000, 0x17a0: 0x4000, 0x17a1: 0x4000, 0x17a2: 0x4000, 0x17a3: 0x4000, - 0x17a4: 0x4000, 0x17a5: 0x4000, 0x17a6: 0x4000, 0x17a7: 0x4000, - 0x17b0: 0x4000, 0x17b3: 0x4000, 0x17b4: 0x4000, 0x17b5: 0x4000, - 0x17b6: 0x4000, 0x17b7: 0x4000, 0x17b8: 0x4000, 0x17b9: 0x4000, 0x17ba: 0x4000, 0x17bb: 0x4000, - 0x17bc: 0x4000, 0x17bd: 0x4000, 0x17be: 0x4000, - // Block 0x5f, offset 0x17c0 - 0x17c0: 0x4000, 0x17c1: 0x4000, 0x17c2: 0x4000, 0x17c3: 0x4000, 0x17c4: 0x4000, 0x17c5: 0x4000, - 0x17c6: 0x4000, 0x17c7: 0x4000, 0x17c8: 0x4000, 0x17c9: 0x4000, 0x17ca: 0x4000, 0x17cb: 0x4000, - 0x17d0: 0x4000, 0x17d1: 0x4000, - 0x17d2: 0x4000, 0x17d3: 0x4000, 0x17d4: 0x4000, 0x17d5: 0x4000, 0x17d6: 0x4000, 0x17d7: 0x4000, - 0x17d8: 0x4000, 0x17d9: 0x4000, 0x17da: 0x4000, 0x17db: 0x4000, 0x17dc: 0x4000, 0x17dd: 0x4000, - 0x17de: 0x4000, - // Block 0x60, offset 0x1800 - 0x1800: 0x4000, 0x1801: 0x4000, 0x1802: 0x4000, 0x1803: 0x4000, 0x1804: 0x4000, 0x1805: 0x4000, - 0x1806: 0x4000, 0x1807: 0x4000, 0x1808: 0x4000, 0x1809: 0x4000, 0x180a: 0x4000, 0x180b: 0x4000, - 0x180c: 0x4000, 0x180d: 0x4000, 0x180e: 0x4000, 0x180f: 0x4000, 0x1810: 0x4000, 0x1811: 0x4000, - // Block 0x61, offset 0x1840 - 0x1840: 0x4000, - // Block 0x62, offset 0x1880 - 0x1880: 0x2000, 0x1881: 0x2000, 0x1882: 0x2000, 0x1883: 0x2000, 0x1884: 0x2000, 0x1885: 0x2000, - 0x1886: 0x2000, 0x1887: 0x2000, 0x1888: 0x2000, 0x1889: 0x2000, 0x188a: 0x2000, 0x188b: 0x2000, - 0x188c: 0x2000, 0x188d: 0x2000, 0x188e: 0x2000, 0x188f: 0x2000, 0x1890: 0x2000, 0x1891: 0x2000, - 0x1892: 0x2000, 0x1893: 0x2000, 0x1894: 0x2000, 0x1895: 0x2000, 0x1896: 0x2000, 0x1897: 0x2000, - 0x1898: 0x2000, 0x1899: 0x2000, 0x189a: 0x2000, 0x189b: 0x2000, 0x189c: 0x2000, 0x189d: 0x2000, - 0x189e: 0x2000, 0x189f: 0x2000, 0x18a0: 0x2000, 0x18a1: 0x2000, 0x18a2: 0x2000, 0x18a3: 0x2000, - 0x18a4: 0x2000, 0x18a5: 0x2000, 0x18a6: 0x2000, 0x18a7: 0x2000, 0x18a8: 0x2000, 0x18a9: 0x2000, - 0x18aa: 0x2000, 0x18ab: 0x2000, 0x18ac: 0x2000, 0x18ad: 0x2000, 0x18ae: 0x2000, 0x18af: 0x2000, - 0x18b0: 0x2000, 0x18b1: 0x2000, 0x18b2: 0x2000, 0x18b3: 0x2000, 0x18b4: 0x2000, 0x18b5: 0x2000, - 0x18b6: 0x2000, 0x18b7: 0x2000, 0x18b8: 0x2000, 0x18b9: 0x2000, 0x18ba: 0x2000, 0x18bb: 0x2000, - 0x18bc: 0x2000, 0x18bd: 0x2000, -} - -// widthIndex: 22 blocks, 1408 entries, 1408 bytes -// Block 0 is the zero block. -var widthIndex = [1408]uint8{ - // Block 0x0, offset 0x0 - // Block 0x1, offset 0x40 - // Block 0x2, offset 0x80 - // Block 0x3, offset 0xc0 - 0xc2: 0x01, 0xc3: 0x02, 0xc4: 0x03, 0xc5: 0x04, 0xc7: 0x05, - 0xc9: 0x06, 0xcb: 0x07, 0xcc: 0x08, 0xcd: 0x09, 0xce: 0x0a, 0xcf: 0x0b, - 0xd0: 0x0c, 0xd1: 0x0d, - 0xe1: 0x02, 0xe2: 0x03, 0xe3: 0x04, 0xe4: 0x05, 0xe5: 0x06, 0xe6: 0x06, 0xe7: 0x06, - 0xe8: 0x06, 0xe9: 0x06, 0xea: 0x07, 0xeb: 0x06, 0xec: 0x06, 0xed: 0x08, 0xee: 0x09, 0xef: 0x0a, - 0xf0: 0x0f, 0xf3: 0x12, 0xf4: 0x13, - // Block 0x4, offset 0x100 - 0x104: 0x0e, 0x105: 0x0f, - // Block 0x5, offset 0x140 - 0x140: 0x10, 0x141: 0x11, 0x142: 0x12, 0x144: 0x13, 0x145: 0x14, 0x146: 0x15, 0x147: 0x16, - 0x148: 0x17, 0x149: 0x18, 0x14a: 0x19, 0x14c: 0x1a, 0x14f: 0x1b, - 0x151: 0x1c, 0x152: 0x08, 0x153: 0x1d, 0x154: 0x1e, 0x155: 0x1f, 0x156: 0x20, 0x157: 0x21, - 0x158: 0x22, 0x159: 0x23, 0x15a: 0x24, 0x15b: 0x25, 0x15c: 0x26, 0x15d: 0x27, 0x15e: 0x28, 0x15f: 0x29, - 0x166: 0x2a, - 0x16c: 0x2b, 0x16d: 0x2c, - 0x17a: 0x2d, 0x17b: 0x2e, 0x17c: 0x0e, 0x17d: 0x0e, 0x17e: 0x0e, 0x17f: 0x2f, - // Block 0x6, offset 0x180 - 0x180: 0x30, 0x181: 0x31, 0x182: 0x32, 0x183: 0x33, 0x184: 0x34, 0x185: 0x35, 0x186: 0x36, 0x187: 0x37, - 0x188: 0x38, 0x189: 0x39, 0x18a: 0x0e, 0x18b: 0x3a, 0x18c: 0x0e, 0x18d: 0x0e, 0x18e: 0x0e, 0x18f: 0x0e, - 0x190: 0x0e, 0x191: 0x0e, 0x192: 0x0e, 0x193: 0x0e, 0x194: 0x0e, 0x195: 0x0e, 0x196: 0x0e, 0x197: 0x0e, - 0x198: 0x0e, 0x199: 0x0e, 0x19a: 0x0e, 0x19b: 0x0e, 0x19c: 0x0e, 0x19d: 0x0e, 0x19e: 0x0e, 0x19f: 0x0e, - 0x1a0: 0x0e, 0x1a1: 0x0e, 0x1a2: 0x0e, 0x1a3: 0x0e, 0x1a4: 0x0e, 0x1a5: 0x0e, 0x1a6: 0x0e, 0x1a7: 0x0e, - 0x1a8: 0x0e, 0x1a9: 0x0e, 0x1aa: 0x0e, 0x1ab: 0x0e, 0x1ac: 0x0e, 0x1ad: 0x0e, 0x1ae: 0x0e, 0x1af: 0x0e, - 0x1b0: 0x0e, 0x1b1: 0x0e, 0x1b2: 0x0e, 0x1b3: 0x0e, 0x1b4: 0x0e, 0x1b5: 0x0e, 0x1b6: 0x0e, 0x1b7: 0x0e, - 0x1b8: 0x0e, 0x1b9: 0x0e, 0x1ba: 0x0e, 0x1bb: 0x0e, 0x1bc: 0x0e, 0x1bd: 0x0e, 0x1be: 0x0e, 0x1bf: 0x0e, - // Block 0x7, offset 0x1c0 - 0x1c0: 0x0e, 0x1c1: 0x0e, 0x1c2: 0x0e, 0x1c3: 0x0e, 0x1c4: 0x0e, 0x1c5: 0x0e, 0x1c6: 0x0e, 0x1c7: 0x0e, - 0x1c8: 0x0e, 0x1c9: 0x0e, 0x1ca: 0x0e, 0x1cb: 0x0e, 0x1cc: 0x0e, 0x1cd: 0x0e, 0x1ce: 0x0e, 0x1cf: 0x0e, - 0x1d0: 0x0e, 0x1d1: 0x0e, 0x1d2: 0x0e, 0x1d3: 0x0e, 0x1d4: 0x0e, 0x1d5: 0x0e, 0x1d6: 0x0e, 0x1d7: 0x0e, - 0x1d8: 0x0e, 0x1d9: 0x0e, 0x1da: 0x0e, 0x1db: 0x0e, 0x1dc: 0x0e, 0x1dd: 0x0e, 0x1de: 0x0e, 0x1df: 0x0e, - 0x1e0: 0x0e, 0x1e1: 0x0e, 0x1e2: 0x0e, 0x1e3: 0x0e, 0x1e4: 0x0e, 0x1e5: 0x0e, 0x1e6: 0x0e, 0x1e7: 0x0e, - 0x1e8: 0x0e, 0x1e9: 0x0e, 0x1ea: 0x0e, 0x1eb: 0x0e, 0x1ec: 0x0e, 0x1ed: 0x0e, 0x1ee: 0x0e, 0x1ef: 0x0e, - 0x1f0: 0x0e, 0x1f1: 0x0e, 0x1f2: 0x0e, 0x1f3: 0x0e, 0x1f4: 0x0e, 0x1f5: 0x0e, 0x1f6: 0x0e, - 0x1f8: 0x0e, 0x1f9: 0x0e, 0x1fa: 0x0e, 0x1fb: 0x0e, 0x1fc: 0x0e, 0x1fd: 0x0e, 0x1fe: 0x0e, 0x1ff: 0x0e, - // Block 0x8, offset 0x200 - 0x200: 0x0e, 0x201: 0x0e, 0x202: 0x0e, 0x203: 0x0e, 0x204: 0x0e, 0x205: 0x0e, 0x206: 0x0e, 0x207: 0x0e, - 0x208: 0x0e, 0x209: 0x0e, 0x20a: 0x0e, 0x20b: 0x0e, 0x20c: 0x0e, 0x20d: 0x0e, 0x20e: 0x0e, 0x20f: 0x0e, - 0x210: 0x0e, 0x211: 0x0e, 0x212: 0x0e, 0x213: 0x0e, 0x214: 0x0e, 0x215: 0x0e, 0x216: 0x0e, 0x217: 0x0e, - 0x218: 0x0e, 0x219: 0x0e, 0x21a: 0x0e, 0x21b: 0x0e, 0x21c: 0x0e, 0x21d: 0x0e, 0x21e: 0x0e, 0x21f: 0x0e, - 0x220: 0x0e, 0x221: 0x0e, 0x222: 0x0e, 0x223: 0x0e, 0x224: 0x0e, 0x225: 0x0e, 0x226: 0x0e, 0x227: 0x0e, - 0x228: 0x0e, 0x229: 0x0e, 0x22a: 0x0e, 0x22b: 0x0e, 0x22c: 0x0e, 0x22d: 0x0e, 0x22e: 0x0e, 0x22f: 0x0e, - 0x230: 0x0e, 0x231: 0x0e, 0x232: 0x0e, 0x233: 0x0e, 0x234: 0x0e, 0x235: 0x0e, 0x236: 0x0e, 0x237: 0x0e, - 0x238: 0x0e, 0x239: 0x0e, 0x23a: 0x0e, 0x23b: 0x0e, 0x23c: 0x0e, 0x23d: 0x0e, 0x23e: 0x0e, 0x23f: 0x0e, - // Block 0x9, offset 0x240 - 0x240: 0x0e, 0x241: 0x0e, 0x242: 0x0e, 0x243: 0x0e, 0x244: 0x0e, 0x245: 0x0e, 0x246: 0x0e, 0x247: 0x0e, - 0x248: 0x0e, 0x249: 0x0e, 0x24a: 0x0e, 0x24b: 0x0e, 0x24c: 0x0e, 0x24d: 0x0e, 0x24e: 0x0e, 0x24f: 0x0e, - 0x250: 0x0e, 0x251: 0x0e, 0x252: 0x3b, 0x253: 0x3c, - 0x265: 0x3d, - 0x270: 0x0e, 0x271: 0x0e, 0x272: 0x0e, 0x273: 0x0e, 0x274: 0x0e, 0x275: 0x0e, 0x276: 0x0e, 0x277: 0x0e, - 0x278: 0x0e, 0x279: 0x0e, 0x27a: 0x0e, 0x27b: 0x0e, 0x27c: 0x0e, 0x27d: 0x0e, 0x27e: 0x0e, 0x27f: 0x0e, - // Block 0xa, offset 0x280 - 0x280: 0x0e, 0x281: 0x0e, 0x282: 0x0e, 0x283: 0x0e, 0x284: 0x0e, 0x285: 0x0e, 0x286: 0x0e, 0x287: 0x0e, - 0x288: 0x0e, 0x289: 0x0e, 0x28a: 0x0e, 0x28b: 0x0e, 0x28c: 0x0e, 0x28d: 0x0e, 0x28e: 0x0e, 0x28f: 0x0e, - 0x290: 0x0e, 0x291: 0x0e, 0x292: 0x0e, 0x293: 0x0e, 0x294: 0x0e, 0x295: 0x0e, 0x296: 0x0e, 0x297: 0x0e, - 0x298: 0x0e, 0x299: 0x0e, 0x29a: 0x0e, 0x29b: 0x0e, 0x29c: 0x0e, 0x29d: 0x0e, 0x29e: 0x3e, - // Block 0xb, offset 0x2c0 - 0x2c0: 0x08, 0x2c1: 0x08, 0x2c2: 0x08, 0x2c3: 0x08, 0x2c4: 0x08, 0x2c5: 0x08, 0x2c6: 0x08, 0x2c7: 0x08, - 0x2c8: 0x08, 0x2c9: 0x08, 0x2ca: 0x08, 0x2cb: 0x08, 0x2cc: 0x08, 0x2cd: 0x08, 0x2ce: 0x08, 0x2cf: 0x08, - 0x2d0: 0x08, 0x2d1: 0x08, 0x2d2: 0x08, 0x2d3: 0x08, 0x2d4: 0x08, 0x2d5: 0x08, 0x2d6: 0x08, 0x2d7: 0x08, - 0x2d8: 0x08, 0x2d9: 0x08, 0x2da: 0x08, 0x2db: 0x08, 0x2dc: 0x08, 0x2dd: 0x08, 0x2de: 0x08, 0x2df: 0x08, - 0x2e0: 0x08, 0x2e1: 0x08, 0x2e2: 0x08, 0x2e3: 0x08, 0x2e4: 0x08, 0x2e5: 0x08, 0x2e6: 0x08, 0x2e7: 0x08, - 0x2e8: 0x08, 0x2e9: 0x08, 0x2ea: 0x08, 0x2eb: 0x08, 0x2ec: 0x08, 0x2ed: 0x08, 0x2ee: 0x08, 0x2ef: 0x08, - 0x2f0: 0x08, 0x2f1: 0x08, 0x2f2: 0x08, 0x2f3: 0x08, 0x2f4: 0x08, 0x2f5: 0x08, 0x2f6: 0x08, 0x2f7: 0x08, - 0x2f8: 0x08, 0x2f9: 0x08, 0x2fa: 0x08, 0x2fb: 0x08, 0x2fc: 0x08, 0x2fd: 0x08, 0x2fe: 0x08, 0x2ff: 0x08, - // Block 0xc, offset 0x300 - 0x300: 0x08, 0x301: 0x08, 0x302: 0x08, 0x303: 0x08, 0x304: 0x08, 0x305: 0x08, 0x306: 0x08, 0x307: 0x08, - 0x308: 0x08, 0x309: 0x08, 0x30a: 0x08, 0x30b: 0x08, 0x30c: 0x08, 0x30d: 0x08, 0x30e: 0x08, 0x30f: 0x08, - 0x310: 0x08, 0x311: 0x08, 0x312: 0x08, 0x313: 0x08, 0x314: 0x08, 0x315: 0x08, 0x316: 0x08, 0x317: 0x08, - 0x318: 0x08, 0x319: 0x08, 0x31a: 0x08, 0x31b: 0x08, 0x31c: 0x08, 0x31d: 0x08, 0x31e: 0x08, 0x31f: 0x08, - 0x320: 0x08, 0x321: 0x08, 0x322: 0x08, 0x323: 0x08, 0x324: 0x0e, 0x325: 0x0e, 0x326: 0x0e, 0x327: 0x0e, - 0x328: 0x0e, 0x329: 0x0e, 0x32a: 0x0e, 0x32b: 0x0e, - 0x338: 0x3f, 0x339: 0x40, 0x33c: 0x41, 0x33d: 0x42, 0x33e: 0x43, 0x33f: 0x44, - // Block 0xd, offset 0x340 - 0x37f: 0x45, - // Block 0xe, offset 0x380 - 0x380: 0x0e, 0x381: 0x0e, 0x382: 0x0e, 0x383: 0x0e, 0x384: 0x0e, 0x385: 0x0e, 0x386: 0x0e, 0x387: 0x0e, - 0x388: 0x0e, 0x389: 0x0e, 0x38a: 0x0e, 0x38b: 0x0e, 0x38c: 0x0e, 0x38d: 0x0e, 0x38e: 0x0e, 0x38f: 0x0e, - 0x390: 0x0e, 0x391: 0x0e, 0x392: 0x0e, 0x393: 0x0e, 0x394: 0x0e, 0x395: 0x0e, 0x396: 0x0e, 0x397: 0x0e, - 0x398: 0x0e, 0x399: 0x0e, 0x39a: 0x0e, 0x39b: 0x0e, 0x39c: 0x0e, 0x39d: 0x0e, 0x39e: 0x0e, 0x39f: 0x46, - 0x3a0: 0x0e, 0x3a1: 0x0e, 0x3a2: 0x0e, 0x3a3: 0x0e, 0x3a4: 0x0e, 0x3a5: 0x0e, 0x3a6: 0x0e, 0x3a7: 0x0e, - 0x3a8: 0x0e, 0x3a9: 0x0e, 0x3aa: 0x0e, 0x3ab: 0x47, - // Block 0xf, offset 0x3c0 - 0x3c0: 0x48, - // Block 0x10, offset 0x400 - 0x400: 0x49, 0x403: 0x4a, 0x404: 0x4b, 0x405: 0x4c, 0x406: 0x4d, - 0x408: 0x4e, 0x409: 0x4f, 0x40c: 0x50, 0x40d: 0x51, 0x40e: 0x52, 0x40f: 0x53, - 0x410: 0x3a, 0x411: 0x54, 0x412: 0x0e, 0x413: 0x55, 0x414: 0x56, 0x415: 0x57, 0x416: 0x58, 0x417: 0x59, - 0x418: 0x0e, 0x419: 0x5a, 0x41a: 0x0e, 0x41b: 0x5b, - 0x424: 0x5c, 0x425: 0x5d, 0x426: 0x5e, 0x427: 0x5f, - // Block 0x11, offset 0x440 - 0x456: 0x0b, 0x457: 0x06, - 0x458: 0x0c, 0x45b: 0x0d, 0x45f: 0x0e, - 0x460: 0x06, 0x461: 0x06, 0x462: 0x06, 0x463: 0x06, 0x464: 0x06, 0x465: 0x06, 0x466: 0x06, 0x467: 0x06, - 0x468: 0x06, 0x469: 0x06, 0x46a: 0x06, 0x46b: 0x06, 0x46c: 0x06, 0x46d: 0x06, 0x46e: 0x06, 0x46f: 0x06, - 0x470: 0x06, 0x471: 0x06, 0x472: 0x06, 0x473: 0x06, 0x474: 0x06, 0x475: 0x06, 0x476: 0x06, 0x477: 0x06, - 0x478: 0x06, 0x479: 0x06, 0x47a: 0x06, 0x47b: 0x06, 0x47c: 0x06, 0x47d: 0x06, 0x47e: 0x06, 0x47f: 0x06, - // Block 0x12, offset 0x480 - 0x484: 0x08, 0x485: 0x08, 0x486: 0x08, 0x487: 0x09, - // Block 0x13, offset 0x4c0 - 0x4c0: 0x08, 0x4c1: 0x08, 0x4c2: 0x08, 0x4c3: 0x08, 0x4c4: 0x08, 0x4c5: 0x08, 0x4c6: 0x08, 0x4c7: 0x08, - 0x4c8: 0x08, 0x4c9: 0x08, 0x4ca: 0x08, 0x4cb: 0x08, 0x4cc: 0x08, 0x4cd: 0x08, 0x4ce: 0x08, 0x4cf: 0x08, - 0x4d0: 0x08, 0x4d1: 0x08, 0x4d2: 0x08, 0x4d3: 0x08, 0x4d4: 0x08, 0x4d5: 0x08, 0x4d6: 0x08, 0x4d7: 0x08, - 0x4d8: 0x08, 0x4d9: 0x08, 0x4da: 0x08, 0x4db: 0x08, 0x4dc: 0x08, 0x4dd: 0x08, 0x4de: 0x08, 0x4df: 0x08, - 0x4e0: 0x08, 0x4e1: 0x08, 0x4e2: 0x08, 0x4e3: 0x08, 0x4e4: 0x08, 0x4e5: 0x08, 0x4e6: 0x08, 0x4e7: 0x08, - 0x4e8: 0x08, 0x4e9: 0x08, 0x4ea: 0x08, 0x4eb: 0x08, 0x4ec: 0x08, 0x4ed: 0x08, 0x4ee: 0x08, 0x4ef: 0x08, - 0x4f0: 0x08, 0x4f1: 0x08, 0x4f2: 0x08, 0x4f3: 0x08, 0x4f4: 0x08, 0x4f5: 0x08, 0x4f6: 0x08, 0x4f7: 0x08, - 0x4f8: 0x08, 0x4f9: 0x08, 0x4fa: 0x08, 0x4fb: 0x08, 0x4fc: 0x08, 0x4fd: 0x08, 0x4fe: 0x08, 0x4ff: 0x60, - // Block 0x14, offset 0x500 - 0x520: 0x10, - 0x530: 0x09, 0x531: 0x09, 0x532: 0x09, 0x533: 0x09, 0x534: 0x09, 0x535: 0x09, 0x536: 0x09, 0x537: 0x09, - 0x538: 0x09, 0x539: 0x09, 0x53a: 0x09, 0x53b: 0x09, 0x53c: 0x09, 0x53d: 0x09, 0x53e: 0x09, 0x53f: 0x11, - // Block 0x15, offset 0x540 - 0x540: 0x09, 0x541: 0x09, 0x542: 0x09, 0x543: 0x09, 0x544: 0x09, 0x545: 0x09, 0x546: 0x09, 0x547: 0x09, - 0x548: 0x09, 0x549: 0x09, 0x54a: 0x09, 0x54b: 0x09, 0x54c: 0x09, 0x54d: 0x09, 0x54e: 0x09, 0x54f: 0x11, -} - -// inverseData contains 4-byte entries of the following format: -// -// <length> <modified UTF-8-encoded rune> <0 padding> -// -// The last byte of the UTF-8-encoded rune is xor-ed with the last byte of the -// UTF-8 encoding of the original rune. Mappings often have the following -// pattern: -// -// A -> A (U+FF21 -> U+0041) -// ï¼¢ -> B (U+FF22 -> U+0042) -// ... -// -// By xor-ing the last byte the same entry can be shared by many mappings. This -// reduces the total number of distinct entries by about two thirds. -// The resulting entry for the aforementioned mappings is -// -// { 0x01, 0xE0, 0x00, 0x00 } -// -// Using this entry to map U+FF21 (UTF-8 [EF BC A1]), we get -// -// E0 ^ A1 = 41. -// -// Similarly, for U+FF22 (UTF-8 [EF BC A2]), we get -// -// E0 ^ A2 = 42. -// -// Note that because of the xor-ing, the byte sequence stored in the entry is -// not valid UTF-8. -var inverseData = [150][4]byte{ - {0x00, 0x00, 0x00, 0x00}, - {0x03, 0xe3, 0x80, 0xa0}, - {0x03, 0xef, 0xbc, 0xa0}, - {0x03, 0xef, 0xbc, 0xe0}, - {0x03, 0xef, 0xbd, 0xe0}, - {0x03, 0xef, 0xbf, 0x02}, - {0x03, 0xef, 0xbf, 0x00}, - {0x03, 0xef, 0xbf, 0x0e}, - {0x03, 0xef, 0xbf, 0x0c}, - {0x03, 0xef, 0xbf, 0x0f}, - {0x03, 0xef, 0xbf, 0x39}, - {0x03, 0xef, 0xbf, 0x3b}, - {0x03, 0xef, 0xbf, 0x3f}, - {0x03, 0xef, 0xbf, 0x2a}, - {0x03, 0xef, 0xbf, 0x0d}, - {0x03, 0xef, 0xbf, 0x25}, - {0x03, 0xef, 0xbd, 0x1a}, - {0x03, 0xef, 0xbd, 0x26}, - {0x01, 0xa0, 0x00, 0x00}, - {0x03, 0xef, 0xbd, 0x25}, - {0x03, 0xef, 0xbd, 0x23}, - {0x03, 0xef, 0xbd, 0x2e}, - {0x03, 0xef, 0xbe, 0x07}, - {0x03, 0xef, 0xbe, 0x05}, - {0x03, 0xef, 0xbd, 0x06}, - {0x03, 0xef, 0xbd, 0x13}, - {0x03, 0xef, 0xbd, 0x0b}, - {0x03, 0xef, 0xbd, 0x16}, - {0x03, 0xef, 0xbd, 0x0c}, - {0x03, 0xef, 0xbd, 0x15}, - {0x03, 0xef, 0xbd, 0x0d}, - {0x03, 0xef, 0xbd, 0x1c}, - {0x03, 0xef, 0xbd, 0x02}, - {0x03, 0xef, 0xbd, 0x1f}, - {0x03, 0xef, 0xbd, 0x1d}, - {0x03, 0xef, 0xbd, 0x17}, - {0x03, 0xef, 0xbd, 0x08}, - {0x03, 0xef, 0xbd, 0x09}, - {0x03, 0xef, 0xbd, 0x0e}, - {0x03, 0xef, 0xbd, 0x04}, - {0x03, 0xef, 0xbd, 0x05}, - {0x03, 0xef, 0xbe, 0x3f}, - {0x03, 0xef, 0xbe, 0x00}, - {0x03, 0xef, 0xbd, 0x2c}, - {0x03, 0xef, 0xbe, 0x06}, - {0x03, 0xef, 0xbe, 0x0c}, - {0x03, 0xef, 0xbe, 0x0f}, - {0x03, 0xef, 0xbe, 0x0d}, - {0x03, 0xef, 0xbe, 0x0b}, - {0x03, 0xef, 0xbe, 0x19}, - {0x03, 0xef, 0xbe, 0x15}, - {0x03, 0xef, 0xbe, 0x11}, - {0x03, 0xef, 0xbe, 0x31}, - {0x03, 0xef, 0xbe, 0x33}, - {0x03, 0xef, 0xbd, 0x0f}, - {0x03, 0xef, 0xbe, 0x30}, - {0x03, 0xef, 0xbe, 0x3e}, - {0x03, 0xef, 0xbe, 0x32}, - {0x03, 0xef, 0xbe, 0x36}, - {0x03, 0xef, 0xbd, 0x14}, - {0x03, 0xef, 0xbe, 0x2e}, - {0x03, 0xef, 0xbd, 0x1e}, - {0x03, 0xef, 0xbe, 0x10}, - {0x03, 0xef, 0xbf, 0x13}, - {0x03, 0xef, 0xbf, 0x15}, - {0x03, 0xef, 0xbf, 0x17}, - {0x03, 0xef, 0xbf, 0x1f}, - {0x03, 0xef, 0xbf, 0x1d}, - {0x03, 0xef, 0xbf, 0x1b}, - {0x03, 0xef, 0xbf, 0x09}, - {0x03, 0xef, 0xbf, 0x0b}, - {0x03, 0xef, 0xbf, 0x37}, - {0x03, 0xef, 0xbe, 0x04}, - {0x01, 0xe0, 0x00, 0x00}, - {0x03, 0xe2, 0xa6, 0x1a}, - {0x03, 0xe2, 0xa6, 0x26}, - {0x03, 0xe3, 0x80, 0x23}, - {0x03, 0xe3, 0x80, 0x2e}, - {0x03, 0xe3, 0x80, 0x25}, - {0x03, 0xe3, 0x83, 0x1e}, - {0x03, 0xe3, 0x83, 0x14}, - {0x03, 0xe3, 0x82, 0x06}, - {0x03, 0xe3, 0x82, 0x0b}, - {0x03, 0xe3, 0x82, 0x0c}, - {0x03, 0xe3, 0x82, 0x0d}, - {0x03, 0xe3, 0x82, 0x02}, - {0x03, 0xe3, 0x83, 0x0f}, - {0x03, 0xe3, 0x83, 0x08}, - {0x03, 0xe3, 0x83, 0x09}, - {0x03, 0xe3, 0x83, 0x2c}, - {0x03, 0xe3, 0x83, 0x0c}, - {0x03, 0xe3, 0x82, 0x13}, - {0x03, 0xe3, 0x82, 0x16}, - {0x03, 0xe3, 0x82, 0x15}, - {0x03, 0xe3, 0x82, 0x1c}, - {0x03, 0xe3, 0x82, 0x1f}, - {0x03, 0xe3, 0x82, 0x1d}, - {0x03, 0xe3, 0x82, 0x1a}, - {0x03, 0xe3, 0x82, 0x17}, - {0x03, 0xe3, 0x82, 0x08}, - {0x03, 0xe3, 0x82, 0x09}, - {0x03, 0xe3, 0x82, 0x0e}, - {0x03, 0xe3, 0x82, 0x04}, - {0x03, 0xe3, 0x82, 0x05}, - {0x03, 0xe3, 0x82, 0x3f}, - {0x03, 0xe3, 0x83, 0x00}, - {0x03, 0xe3, 0x83, 0x06}, - {0x03, 0xe3, 0x83, 0x05}, - {0x03, 0xe3, 0x83, 0x0d}, - {0x03, 0xe3, 0x83, 0x0b}, - {0x03, 0xe3, 0x83, 0x07}, - {0x03, 0xe3, 0x83, 0x19}, - {0x03, 0xe3, 0x83, 0x15}, - {0x03, 0xe3, 0x83, 0x11}, - {0x03, 0xe3, 0x83, 0x31}, - {0x03, 0xe3, 0x83, 0x33}, - {0x03, 0xe3, 0x83, 0x30}, - {0x03, 0xe3, 0x83, 0x3e}, - {0x03, 0xe3, 0x83, 0x32}, - {0x03, 0xe3, 0x83, 0x36}, - {0x03, 0xe3, 0x83, 0x2e}, - {0x03, 0xe3, 0x82, 0x07}, - {0x03, 0xe3, 0x85, 0x04}, - {0x03, 0xe3, 0x84, 0x10}, - {0x03, 0xe3, 0x85, 0x30}, - {0x03, 0xe3, 0x85, 0x0d}, - {0x03, 0xe3, 0x85, 0x13}, - {0x03, 0xe3, 0x85, 0x15}, - {0x03, 0xe3, 0x85, 0x17}, - {0x03, 0xe3, 0x85, 0x1f}, - {0x03, 0xe3, 0x85, 0x1d}, - {0x03, 0xe3, 0x85, 0x1b}, - {0x03, 0xe3, 0x85, 0x09}, - {0x03, 0xe3, 0x85, 0x0f}, - {0x03, 0xe3, 0x85, 0x0b}, - {0x03, 0xe3, 0x85, 0x37}, - {0x03, 0xe3, 0x85, 0x3b}, - {0x03, 0xe3, 0x85, 0x39}, - {0x03, 0xe3, 0x85, 0x3f}, - {0x02, 0xc2, 0x02, 0x00}, - {0x02, 0xc2, 0x0e, 0x00}, - {0x02, 0xc2, 0x0c, 0x00}, - {0x02, 0xc2, 0x00, 0x00}, - {0x03, 0xe2, 0x82, 0x0f}, - {0x03, 0xe2, 0x94, 0x2a}, - {0x03, 0xe2, 0x86, 0x39}, - {0x03, 0xe2, 0x86, 0x3b}, - {0x03, 0xe2, 0x86, 0x3f}, - {0x03, 0xe2, 0x96, 0x0d}, - {0x03, 0xe2, 0x97, 0x25}, -} - -// Total table size 14680 bytes (14KiB) diff --git a/etcd/vendor/golang.org/x/text/width/transform.go b/etcd/vendor/golang.org/x/text/width/transform.go deleted file mode 100644 index 0049f700a2..0000000000 --- a/etcd/vendor/golang.org/x/text/width/transform.go +++ /dev/null @@ -1,239 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package width - -import ( - "unicode/utf8" - - "golang.org/x/text/transform" -) - -type foldTransform struct { - transform.NopResetter -} - -func (foldTransform) Span(src []byte, atEOF bool) (n int, err error) { - for n < len(src) { - if src[n] < utf8.RuneSelf { - // ASCII fast path. - for n++; n < len(src) && src[n] < utf8.RuneSelf; n++ { - } - continue - } - v, size := trie.lookup(src[n:]) - if size == 0 { // incomplete UTF-8 encoding - if !atEOF { - err = transform.ErrShortSrc - } else { - n = len(src) - } - break - } - if elem(v)&tagNeedsFold != 0 { - err = transform.ErrEndOfSpan - break - } - n += size - } - return n, err -} - -func (foldTransform) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) { - for nSrc < len(src) { - if src[nSrc] < utf8.RuneSelf { - // ASCII fast path. - start, end := nSrc, len(src) - if d := len(dst) - nDst; d < end-start { - end = nSrc + d - } - for nSrc++; nSrc < end && src[nSrc] < utf8.RuneSelf; nSrc++ { - } - n := copy(dst[nDst:], src[start:nSrc]) - if nDst += n; nDst == len(dst) { - nSrc = start + n - if nSrc == len(src) { - return nDst, nSrc, nil - } - if src[nSrc] < utf8.RuneSelf { - return nDst, nSrc, transform.ErrShortDst - } - } - continue - } - v, size := trie.lookup(src[nSrc:]) - if size == 0 { // incomplete UTF-8 encoding - if !atEOF { - return nDst, nSrc, transform.ErrShortSrc - } - size = 1 // gobble 1 byte - } - if elem(v)&tagNeedsFold == 0 { - if size != copy(dst[nDst:], src[nSrc:nSrc+size]) { - return nDst, nSrc, transform.ErrShortDst - } - nDst += size - } else { - data := inverseData[byte(v)] - if len(dst)-nDst < int(data[0]) { - return nDst, nSrc, transform.ErrShortDst - } - i := 1 - for end := int(data[0]); i < end; i++ { - dst[nDst] = data[i] - nDst++ - } - dst[nDst] = data[i] ^ src[nSrc+size-1] - nDst++ - } - nSrc += size - } - return nDst, nSrc, nil -} - -type narrowTransform struct { - transform.NopResetter -} - -func (narrowTransform) Span(src []byte, atEOF bool) (n int, err error) { - for n < len(src) { - if src[n] < utf8.RuneSelf { - // ASCII fast path. - for n++; n < len(src) && src[n] < utf8.RuneSelf; n++ { - } - continue - } - v, size := trie.lookup(src[n:]) - if size == 0 { // incomplete UTF-8 encoding - if !atEOF { - err = transform.ErrShortSrc - } else { - n = len(src) - } - break - } - if k := elem(v).kind(); byte(v) == 0 || k != EastAsianFullwidth && k != EastAsianWide && k != EastAsianAmbiguous { - } else { - err = transform.ErrEndOfSpan - break - } - n += size - } - return n, err -} - -func (narrowTransform) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) { - for nSrc < len(src) { - if src[nSrc] < utf8.RuneSelf { - // ASCII fast path. - start, end := nSrc, len(src) - if d := len(dst) - nDst; d < end-start { - end = nSrc + d - } - for nSrc++; nSrc < end && src[nSrc] < utf8.RuneSelf; nSrc++ { - } - n := copy(dst[nDst:], src[start:nSrc]) - if nDst += n; nDst == len(dst) { - nSrc = start + n - if nSrc == len(src) { - return nDst, nSrc, nil - } - if src[nSrc] < utf8.RuneSelf { - return nDst, nSrc, transform.ErrShortDst - } - } - continue - } - v, size := trie.lookup(src[nSrc:]) - if size == 0 { // incomplete UTF-8 encoding - if !atEOF { - return nDst, nSrc, transform.ErrShortSrc - } - size = 1 // gobble 1 byte - } - if k := elem(v).kind(); byte(v) == 0 || k != EastAsianFullwidth && k != EastAsianWide && k != EastAsianAmbiguous { - if size != copy(dst[nDst:], src[nSrc:nSrc+size]) { - return nDst, nSrc, transform.ErrShortDst - } - nDst += size - } else { - data := inverseData[byte(v)] - if len(dst)-nDst < int(data[0]) { - return nDst, nSrc, transform.ErrShortDst - } - i := 1 - for end := int(data[0]); i < end; i++ { - dst[nDst] = data[i] - nDst++ - } - dst[nDst] = data[i] ^ src[nSrc+size-1] - nDst++ - } - nSrc += size - } - return nDst, nSrc, nil -} - -type wideTransform struct { - transform.NopResetter -} - -func (wideTransform) Span(src []byte, atEOF bool) (n int, err error) { - for n < len(src) { - // TODO: Consider ASCII fast path. Special-casing ASCII handling can - // reduce the ns/op of BenchmarkWideASCII by about 30%. This is probably - // not enough to warrant the extra code and complexity. - v, size := trie.lookup(src[n:]) - if size == 0 { // incomplete UTF-8 encoding - if !atEOF { - err = transform.ErrShortSrc - } else { - n = len(src) - } - break - } - if k := elem(v).kind(); byte(v) == 0 || k != EastAsianHalfwidth && k != EastAsianNarrow { - } else { - err = transform.ErrEndOfSpan - break - } - n += size - } - return n, err -} - -func (wideTransform) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) { - for nSrc < len(src) { - // TODO: Consider ASCII fast path. Special-casing ASCII handling can - // reduce the ns/op of BenchmarkWideASCII by about 30%. This is probably - // not enough to warrant the extra code and complexity. - v, size := trie.lookup(src[nSrc:]) - if size == 0 { // incomplete UTF-8 encoding - if !atEOF { - return nDst, nSrc, transform.ErrShortSrc - } - size = 1 // gobble 1 byte - } - if k := elem(v).kind(); byte(v) == 0 || k != EastAsianHalfwidth && k != EastAsianNarrow { - if size != copy(dst[nDst:], src[nSrc:nSrc+size]) { - return nDst, nSrc, transform.ErrShortDst - } - nDst += size - } else { - data := inverseData[byte(v)] - if len(dst)-nDst < int(data[0]) { - return nDst, nSrc, transform.ErrShortDst - } - i := 1 - for end := int(data[0]); i < end; i++ { - dst[nDst] = data[i] - nDst++ - } - dst[nDst] = data[i] ^ src[nSrc+size-1] - nDst++ - } - nSrc += size - } - return nDst, nSrc, nil -} diff --git a/etcd/vendor/golang.org/x/text/width/trieval.go b/etcd/vendor/golang.org/x/text/width/trieval.go deleted file mode 100644 index ca8e45fd19..0000000000 --- a/etcd/vendor/golang.org/x/text/width/trieval.go +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. - -package width - -// elem is an entry of the width trie. The high byte is used to encode the type -// of the rune. The low byte is used to store the index to a mapping entry in -// the inverseData array. -type elem uint16 - -const ( - tagNeutral elem = iota << typeShift - tagAmbiguous - tagWide - tagNarrow - tagFullwidth - tagHalfwidth -) - -const ( - numTypeBits = 3 - typeShift = 16 - numTypeBits - - // tagNeedsFold is true for all fullwidth and halfwidth runes except for - // the Won sign U+20A9. - tagNeedsFold = 0x1000 - - // The Korean Won sign is halfwidth, but SHOULD NOT be mapped to a wide - // variant. - wonSign rune = 0x20A9 -) diff --git a/etcd/vendor/golang.org/x/text/width/width.go b/etcd/vendor/golang.org/x/text/width/width.go deleted file mode 100644 index 29c7509be7..0000000000 --- a/etcd/vendor/golang.org/x/text/width/width.go +++ /dev/null @@ -1,206 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:generate stringer -type=Kind -//go:generate go run gen.go gen_common.go gen_trieval.go - -// Package width provides functionality for handling different widths in text. -// -// Wide characters behave like ideographs; they tend to allow line breaks after -// each character and remain upright in vertical text layout. Narrow characters -// are kept together in words or runs that are rotated sideways in vertical text -// layout. -// -// For more information, see https://unicode.org/reports/tr11/. -package width // import "golang.org/x/text/width" - -import ( - "unicode/utf8" - - "golang.org/x/text/transform" -) - -// TODO -// 1) Reduce table size by compressing blocks. -// 2) API proposition for computing display length -// (approximation, fixed pitch only). -// 3) Implement display length. - -// Kind indicates the type of width property as defined in https://unicode.org/reports/tr11/. -type Kind int - -const ( - // Neutral characters do not occur in legacy East Asian character sets. - Neutral Kind = iota - - // EastAsianAmbiguous characters that can be sometimes wide and sometimes - // narrow and require additional information not contained in the character - // code to further resolve their width. - EastAsianAmbiguous - - // EastAsianWide characters are wide in its usual form. They occur only in - // the context of East Asian typography. These runes may have explicit - // halfwidth counterparts. - EastAsianWide - - // EastAsianNarrow characters are narrow in its usual form. They often have - // fullwidth counterparts. - EastAsianNarrow - - // Note: there exist Narrow runes that do not have fullwidth or wide - // counterparts, despite what the definition says (e.g. U+27E6). - - // EastAsianFullwidth characters have a compatibility decompositions of type - // wide that map to a narrow counterpart. - EastAsianFullwidth - - // EastAsianHalfwidth characters have a compatibility decomposition of type - // narrow that map to a wide or ambiguous counterpart, plus U+20A9 â‚© WON - // SIGN. - EastAsianHalfwidth - - // Note: there exist runes that have a halfwidth counterparts but that are - // classified as Ambiguous, rather than wide (e.g. U+2190). -) - -// TODO: the generated tries need to return size 1 for invalid runes for the -// width to be computed correctly (each byte should render width 1) - -var trie = newWidthTrie(0) - -// Lookup reports the Properties of the first rune in b and the number of bytes -// of its UTF-8 encoding. -func Lookup(b []byte) (p Properties, size int) { - v, sz := trie.lookup(b) - return Properties{elem(v), b[sz-1]}, sz -} - -// LookupString reports the Properties of the first rune in s and the number of -// bytes of its UTF-8 encoding. -func LookupString(s string) (p Properties, size int) { - v, sz := trie.lookupString(s) - return Properties{elem(v), s[sz-1]}, sz -} - -// LookupRune reports the Properties of rune r. -func LookupRune(r rune) Properties { - var buf [4]byte - n := utf8.EncodeRune(buf[:], r) - v, _ := trie.lookup(buf[:n]) - last := byte(r) - if r >= utf8.RuneSelf { - last = 0x80 + byte(r&0x3f) - } - return Properties{elem(v), last} -} - -// Properties provides access to width properties of a rune. -type Properties struct { - elem elem - last byte -} - -func (e elem) kind() Kind { - return Kind(e >> typeShift) -} - -// Kind returns the Kind of a rune as defined in Unicode TR #11. -// See https://unicode.org/reports/tr11/ for more details. -func (p Properties) Kind() Kind { - return p.elem.kind() -} - -// Folded returns the folded variant of a rune or 0 if the rune is canonical. -func (p Properties) Folded() rune { - if p.elem&tagNeedsFold != 0 { - buf := inverseData[byte(p.elem)] - buf[buf[0]] ^= p.last - r, _ := utf8.DecodeRune(buf[1 : 1+buf[0]]) - return r - } - return 0 -} - -// Narrow returns the narrow variant of a rune or 0 if the rune is already -// narrow or doesn't have a narrow variant. -func (p Properties) Narrow() rune { - if k := p.elem.kind(); byte(p.elem) != 0 && (k == EastAsianFullwidth || k == EastAsianWide || k == EastAsianAmbiguous) { - buf := inverseData[byte(p.elem)] - buf[buf[0]] ^= p.last - r, _ := utf8.DecodeRune(buf[1 : 1+buf[0]]) - return r - } - return 0 -} - -// Wide returns the wide variant of a rune or 0 if the rune is already -// wide or doesn't have a wide variant. -func (p Properties) Wide() rune { - if k := p.elem.kind(); byte(p.elem) != 0 && (k == EastAsianHalfwidth || k == EastAsianNarrow) { - buf := inverseData[byte(p.elem)] - buf[buf[0]] ^= p.last - r, _ := utf8.DecodeRune(buf[1 : 1+buf[0]]) - return r - } - return 0 -} - -// TODO for Properties: -// - Add Fullwidth/Halfwidth or Inverted methods for computing variants -// mapping. -// - Add width information (including information on non-spacing runes). - -// Transformer implements the transform.Transformer interface. -type Transformer struct { - t transform.SpanningTransformer -} - -// Reset implements the transform.Transformer interface. -func (t Transformer) Reset() { t.t.Reset() } - -// Transform implements the transform.Transformer interface. -func (t Transformer) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) { - return t.t.Transform(dst, src, atEOF) -} - -// Span implements the transform.SpanningTransformer interface. -func (t Transformer) Span(src []byte, atEOF bool) (n int, err error) { - return t.t.Span(src, atEOF) -} - -// Bytes returns a new byte slice with the result of applying t to b. -func (t Transformer) Bytes(b []byte) []byte { - b, _, _ = transform.Bytes(t, b) - return b -} - -// String returns a string with the result of applying t to s. -func (t Transformer) String(s string) string { - s, _, _ = transform.String(t, s) - return s -} - -var ( - // Fold is a transform that maps all runes to their canonical width. - // - // Note that the NFKC and NFKD transforms in golang.org/x/text/unicode/norm - // provide a more generic folding mechanism. - Fold Transformer = Transformer{foldTransform{}} - - // Widen is a transform that maps runes to their wide variant, if - // available. - Widen Transformer = Transformer{wideTransform{}} - - // Narrow is a transform that maps runes to their narrow variant, if - // available. - Narrow Transformer = Transformer{narrowTransform{}} -) - -// TODO: Consider the following options: -// - Treat Ambiguous runes that have a halfwidth counterpart as wide, or some -// generalized variant of this. -// - Consider a wide Won character to be the default width (or some generalized -// variant of this). -// - Filter the set of characters that gets converted (the preferred approach is -// to allow applying filters to transforms). diff --git a/etcd/vendor/golang.org/x/tools/LICENSE b/etcd/vendor/golang.org/x/tools/LICENSE deleted file mode 100644 index 6a66aea5ea..0000000000 --- a/etcd/vendor/golang.org/x/tools/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/etcd/vendor/golang.org/x/tools/PATENTS b/etcd/vendor/golang.org/x/tools/PATENTS deleted file mode 100644 index 733099041f..0000000000 --- a/etcd/vendor/golang.org/x/tools/PATENTS +++ /dev/null @@ -1,22 +0,0 @@ -Additional IP Rights Grant (Patents) - -"This implementation" means the copyrightable works distributed by -Google as part of the Go project. - -Google hereby grants to You a perpetual, worldwide, non-exclusive, -no-charge, royalty-free, irrevocable (except as stated in this section) -patent license to make, have made, use, offer to sell, sell, import, -transfer and otherwise run, modify and propagate the contents of this -implementation of Go, where such license applies only to those patent -claims, both currently owned or controlled by Google and acquired in -the future, licensable by Google that are necessarily infringed by this -implementation of Go. This grant does not include claims that would be -infringed only as a consequence of further modification of this -implementation. If you or your agent or exclusive licensee institute or -order or agree to the institution of patent litigation against any -entity (including a cross-claim or counterclaim in a lawsuit) alleging -that this implementation of Go or any code incorporated within this -implementation of Go constitutes direct or contributory patent -infringement, or inducement of patent infringement, then any patent -rights granted to you under this License for this implementation of Go -shall terminate as of the date such litigation is filed. diff --git a/etcd/vendor/golang.org/x/tools/container/intsets/sparse.go b/etcd/vendor/golang.org/x/tools/container/intsets/sparse.go deleted file mode 100644 index d5fe156ed3..0000000000 --- a/etcd/vendor/golang.org/x/tools/container/intsets/sparse.go +++ /dev/null @@ -1,1114 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package intsets provides Sparse, a compact and fast representation -// for sparse sets of int values. -// -// The time complexity of the operations Len, Insert, Remove and Has -// is in O(n) but in practice those methods are faster and more -// space-efficient than equivalent operations on sets based on the Go -// map type. The IsEmpty, Min, Max, Clear and TakeMin operations -// require constant time. -package intsets // import "golang.org/x/tools/container/intsets" - -// TODO(adonovan): -// - Add InsertAll(...int), RemoveAll(...int) -// - Add 'bool changed' results for {Intersection,Difference}With too. -// -// TODO(adonovan): implement Dense, a dense bit vector with a similar API. -// The space usage would be proportional to Max(), not Len(), and the -// implementation would be based upon big.Int. -// -// TODO(adonovan): opt: make UnionWith and Difference faster. -// These are the hot-spots for go/pointer. - -import ( - "bytes" - "fmt" - "math/bits" -) - -// A Sparse is a set of int values. -// Sparse operations (even queries) are not concurrency-safe. -// -// The zero value for Sparse is a valid empty set. -// -// Sparse sets must be copied using the Copy method, not by assigning -// a Sparse value. -type Sparse struct { - // An uninitialized Sparse represents an empty set. - // An empty set may also be represented by - // root.next == root.prev == &root. - // - // The root is always the block with the smallest offset. - // It can be empty, but only if it is the only block; in that case, offset is - // MaxInt (which is not a valid offset). - root block -} - -type word uintptr - -const ( - _m = ^word(0) - bitsPerWord = 8 << (_m>>8&1 + _m>>16&1 + _m>>32&1) - bitsPerBlock = 256 // optimal value for go/pointer solver performance - wordsPerBlock = bitsPerBlock / bitsPerWord -) - -// Limit values of implementation-specific int type. -const ( - MaxInt = int(^uint(0) >> 1) - MinInt = -MaxInt - 1 -) - -// popcount returns the number of set bits in w. -func popcount(x word) int { - // Avoid OnesCount(uint): don't assume uint = uintptr. - if bitsPerWord == 32 { - return bits.OnesCount32(uint32(x)) - } else { - return bits.OnesCount64(uint64(x)) - } -} - -// nlz returns the number of leading zeros of x. -func nlz(x word) int { - // Avoid LeadingZeros(uint): don't assume uint = uintptr. - if bitsPerWord == 32 { - return bits.LeadingZeros32(uint32(x)) - } else { - return bits.LeadingZeros64(uint64(x)) - } -} - -// ntz returns the number of trailing zeros of x. -func ntz(x word) int { - // Avoid TrailingZeros(uint): don't assume uint = uintptr. - if bitsPerWord == 32 { - return bits.TrailingZeros32(uint32(x)) - } else { - return bits.TrailingZeros64(uint64(x)) - } -} - -// -- block ------------------------------------------------------------ - -// A set is represented as a circular doubly-linked list of blocks, -// each containing an offset and a bit array of fixed size -// bitsPerBlock; the blocks are ordered by increasing offset. -// -// The set contains an element x iff the block whose offset is x - (x -// mod bitsPerBlock) has the bit (x mod bitsPerBlock) set, where mod -// is the Euclidean remainder. -// -// A block may only be empty transiently. -type block struct { - offset int // offset mod bitsPerBlock == 0 - bits [wordsPerBlock]word // contains at least one set bit - next, prev *block // doubly-linked list of blocks -} - -// wordMask returns the word index (in block.bits) -// and single-bit mask for the block's ith bit. -func wordMask(i uint) (w uint, mask word) { - w = i / bitsPerWord - mask = 1 << (i % bitsPerWord) - return -} - -// insert sets the block b's ith bit and -// returns true if it was not already set. -func (b *block) insert(i uint) bool { - w, mask := wordMask(i) - if b.bits[w]&mask == 0 { - b.bits[w] |= mask - return true - } - return false -} - -// remove clears the block's ith bit and -// returns true if the bit was previously set. -// NB: may leave the block empty. -func (b *block) remove(i uint) bool { - w, mask := wordMask(i) - if b.bits[w]&mask != 0 { - b.bits[w] &^= mask - return true - } - return false -} - -// has reports whether the block's ith bit is set. -func (b *block) has(i uint) bool { - w, mask := wordMask(i) - return b.bits[w]&mask != 0 -} - -// empty reports whether b.len()==0, but more efficiently. -func (b *block) empty() bool { - for _, w := range b.bits { - if w != 0 { - return false - } - } - return true -} - -// len returns the number of set bits in block b. -func (b *block) len() int { - var l int - for _, w := range b.bits { - l += popcount(w) - } - return l -} - -// max returns the maximum element of the block. -// The block must not be empty. -func (b *block) max() int { - bi := b.offset + bitsPerBlock - // Decrement bi by number of high zeros in last.bits. - for i := len(b.bits) - 1; i >= 0; i-- { - if w := b.bits[i]; w != 0 { - return bi - nlz(w) - 1 - } - bi -= bitsPerWord - } - panic("BUG: empty block") -} - -// min returns the minimum element of the block, -// and also removes it if take is set. -// The block must not be initially empty. -// NB: may leave the block empty. -func (b *block) min(take bool) int { - for i, w := range b.bits { - if w != 0 { - tz := ntz(w) - if take { - b.bits[i] = w &^ (1 << uint(tz)) - } - return b.offset + i*bitsPerWord + tz - } - } - panic("BUG: empty block") -} - -// lowerBound returns the smallest element of the block that is greater than or -// equal to the element corresponding to the ith bit. If there is no such -// element, the second return value is false. -func (b *block) lowerBound(i uint) (int, bool) { - w := i / bitsPerWord - bit := i % bitsPerWord - - if val := b.bits[w] >> bit; val != 0 { - return b.offset + int(i) + ntz(val), true - } - - for w++; w < wordsPerBlock; w++ { - if val := b.bits[w]; val != 0 { - return b.offset + int(w*bitsPerWord) + ntz(val), true - } - } - - return 0, false -} - -// forEach calls f for each element of block b. -// f must not mutate b's enclosing Sparse. -func (b *block) forEach(f func(int)) { - for i, w := range b.bits { - offset := b.offset + i*bitsPerWord - for bi := 0; w != 0 && bi < bitsPerWord; bi++ { - if w&1 != 0 { - f(offset) - } - offset++ - w >>= 1 - } - } -} - -// offsetAndBitIndex returns the offset of the block that would -// contain x and the bit index of x within that block. -func offsetAndBitIndex(x int) (int, uint) { - mod := x % bitsPerBlock - if mod < 0 { - // Euclidean (non-negative) remainder - mod += bitsPerBlock - } - return x - mod, uint(mod) -} - -// -- Sparse -------------------------------------------------------------- - -// none is a shared, empty, sentinel block that indicates the end of a block -// list. -var none block - -// Dummy type used to generate an implicit panic. This must be defined at the -// package level; if it is defined inside a function, it prevents the inlining -// of that function. -type to_copy_a_sparse_you_must_call_its_Copy_method struct{} - -// init ensures s is properly initialized. -func (s *Sparse) init() { - root := &s.root - if root.next == nil { - root.offset = MaxInt - root.next = root - root.prev = root - } else if root.next.prev != root { - // Copying a Sparse x leads to pernicious corruption: the - // new Sparse y shares the old linked list, but iteration - // on y will never encounter &y.root so it goes into a - // loop. Fail fast before this occurs. - // We don't want to call panic here because it prevents the - // inlining of this function. - _ = (interface{}(nil)).(to_copy_a_sparse_you_must_call_its_Copy_method) - } -} - -func (s *Sparse) first() *block { - s.init() - if s.root.offset == MaxInt { - return &none - } - return &s.root -} - -// next returns the next block in the list, or end if b is the last block. -func (s *Sparse) next(b *block) *block { - if b.next == &s.root { - return &none - } - return b.next -} - -// prev returns the previous block in the list, or end if b is the first block. -func (s *Sparse) prev(b *block) *block { - if b.prev == &s.root { - return &none - } - return b.prev -} - -// IsEmpty reports whether the set s is empty. -func (s *Sparse) IsEmpty() bool { - return s.root.next == nil || s.root.offset == MaxInt -} - -// Len returns the number of elements in the set s. -func (s *Sparse) Len() int { - var l int - for b := s.first(); b != &none; b = s.next(b) { - l += b.len() - } - return l -} - -// Max returns the maximum element of the set s, or MinInt if s is empty. -func (s *Sparse) Max() int { - if s.IsEmpty() { - return MinInt - } - return s.root.prev.max() -} - -// Min returns the minimum element of the set s, or MaxInt if s is empty. -func (s *Sparse) Min() int { - if s.IsEmpty() { - return MaxInt - } - return s.root.min(false) -} - -// LowerBound returns the smallest element >= x, or MaxInt if there is no such -// element. -func (s *Sparse) LowerBound(x int) int { - offset, i := offsetAndBitIndex(x) - for b := s.first(); b != &none; b = s.next(b) { - if b.offset > offset { - return b.min(false) - } - if b.offset == offset { - if y, ok := b.lowerBound(i); ok { - return y - } - } - } - return MaxInt -} - -// block returns the block that would contain offset, -// or nil if s contains no such block. -// Precondition: offset is a multiple of bitsPerBlock. -func (s *Sparse) block(offset int) *block { - for b := s.first(); b != &none && b.offset <= offset; b = s.next(b) { - if b.offset == offset { - return b - } - } - return nil -} - -// Insert adds x to the set s, and reports whether the set grew. -func (s *Sparse) Insert(x int) bool { - offset, i := offsetAndBitIndex(x) - - b := s.first() - for ; b != &none && b.offset <= offset; b = s.next(b) { - if b.offset == offset { - return b.insert(i) - } - } - - // Insert new block before b. - new := s.insertBlockBefore(b) - new.offset = offset - return new.insert(i) -} - -// removeBlock removes a block and returns the block that followed it (or end if -// it was the last block). -func (s *Sparse) removeBlock(b *block) *block { - if b != &s.root { - b.prev.next = b.next - b.next.prev = b.prev - if b.next == &s.root { - return &none - } - return b.next - } - - first := s.root.next - if first == &s.root { - // This was the only block. - s.Clear() - return &none - } - s.root.offset = first.offset - s.root.bits = first.bits - if first.next == &s.root { - // Single block remaining. - s.root.next = &s.root - s.root.prev = &s.root - } else { - s.root.next = first.next - first.next.prev = &s.root - } - return &s.root -} - -// Remove removes x from the set s, and reports whether the set shrank. -func (s *Sparse) Remove(x int) bool { - offset, i := offsetAndBitIndex(x) - if b := s.block(offset); b != nil { - if !b.remove(i) { - return false - } - if b.empty() { - s.removeBlock(b) - } - return true - } - return false -} - -// Clear removes all elements from the set s. -func (s *Sparse) Clear() { - s.root = block{ - offset: MaxInt, - next: &s.root, - prev: &s.root, - } -} - -// If set s is non-empty, TakeMin sets *p to the minimum element of -// the set s, removes that element from the set and returns true. -// Otherwise, it returns false and *p is undefined. -// -// This method may be used for iteration over a worklist like so: -// -// var x int -// for worklist.TakeMin(&x) { use(x) } -func (s *Sparse) TakeMin(p *int) bool { - if s.IsEmpty() { - return false - } - *p = s.root.min(true) - if s.root.empty() { - s.removeBlock(&s.root) - } - return true -} - -// Has reports whether x is an element of the set s. -func (s *Sparse) Has(x int) bool { - offset, i := offsetAndBitIndex(x) - if b := s.block(offset); b != nil { - return b.has(i) - } - return false -} - -// forEach applies function f to each element of the set s in order. -// -// f must not mutate s. Consequently, forEach is not safe to expose -// to clients. In any case, using "range s.AppendTo()" allows more -// natural control flow with continue/break/return. -func (s *Sparse) forEach(f func(int)) { - for b := s.first(); b != &none; b = s.next(b) { - b.forEach(f) - } -} - -// Copy sets s to the value of x. -func (s *Sparse) Copy(x *Sparse) { - if s == x { - return - } - - xb := x.first() - sb := s.first() - for xb != &none { - if sb == &none { - sb = s.insertBlockBefore(sb) - } - sb.offset = xb.offset - sb.bits = xb.bits - xb = x.next(xb) - sb = s.next(sb) - } - s.discardTail(sb) -} - -// insertBlockBefore returns a new block, inserting it before next. -// If next is the root, the root is replaced. If next is end, the block is -// inserted at the end. -func (s *Sparse) insertBlockBefore(next *block) *block { - if s.IsEmpty() { - if next != &none { - panic("BUG: passed block with empty set") - } - return &s.root - } - - if next == &s.root { - // Special case: we need to create a new block that will become the root - // block.The old root block becomes the second block. - second := s.root - s.root = block{ - next: &second, - } - if second.next == &s.root { - s.root.prev = &second - } else { - s.root.prev = second.prev - second.next.prev = &second - second.prev = &s.root - } - return &s.root - } - if next == &none { - // Insert before root. - next = &s.root - } - b := new(block) - b.next = next - b.prev = next.prev - b.prev.next = b - next.prev = b - return b -} - -// discardTail removes block b and all its successors from s. -func (s *Sparse) discardTail(b *block) { - if b != &none { - if b == &s.root { - s.Clear() - } else { - b.prev.next = &s.root - s.root.prev = b.prev - } - } -} - -// IntersectionWith sets s to the intersection s ∩ x. -func (s *Sparse) IntersectionWith(x *Sparse) { - if s == x { - return - } - - xb := x.first() - sb := s.first() - for xb != &none && sb != &none { - switch { - case xb.offset < sb.offset: - xb = x.next(xb) - - case xb.offset > sb.offset: - sb = s.removeBlock(sb) - - default: - var sum word - for i := range sb.bits { - r := xb.bits[i] & sb.bits[i] - sb.bits[i] = r - sum |= r - } - if sum != 0 { - sb = s.next(sb) - } else { - // sb will be overwritten or removed - } - - xb = x.next(xb) - } - } - - s.discardTail(sb) -} - -// Intersection sets s to the intersection x ∩ y. -func (s *Sparse) Intersection(x, y *Sparse) { - switch { - case s == x: - s.IntersectionWith(y) - return - case s == y: - s.IntersectionWith(x) - return - case x == y: - s.Copy(x) - return - } - - xb := x.first() - yb := y.first() - sb := s.first() - for xb != &none && yb != &none { - switch { - case xb.offset < yb.offset: - xb = x.next(xb) - continue - case xb.offset > yb.offset: - yb = y.next(yb) - continue - } - - if sb == &none { - sb = s.insertBlockBefore(sb) - } - sb.offset = xb.offset - - var sum word - for i := range sb.bits { - r := xb.bits[i] & yb.bits[i] - sb.bits[i] = r - sum |= r - } - if sum != 0 { - sb = s.next(sb) - } else { - // sb will be overwritten or removed - } - - xb = x.next(xb) - yb = y.next(yb) - } - - s.discardTail(sb) -} - -// Intersects reports whether s ∩ x ≠ ∅. -func (s *Sparse) Intersects(x *Sparse) bool { - sb := s.first() - xb := x.first() - for sb != &none && xb != &none { - switch { - case xb.offset < sb.offset: - xb = x.next(xb) - case xb.offset > sb.offset: - sb = s.next(sb) - default: - for i := range sb.bits { - if sb.bits[i]&xb.bits[i] != 0 { - return true - } - } - sb = s.next(sb) - xb = x.next(xb) - } - } - return false -} - -// UnionWith sets s to the union s ∪ x, and reports whether s grew. -func (s *Sparse) UnionWith(x *Sparse) bool { - if s == x { - return false - } - - var changed bool - xb := x.first() - sb := s.first() - for xb != &none { - if sb != &none && sb.offset == xb.offset { - for i := range xb.bits { - union := sb.bits[i] | xb.bits[i] - if sb.bits[i] != union { - sb.bits[i] = union - changed = true - } - } - xb = x.next(xb) - } else if sb == &none || sb.offset > xb.offset { - sb = s.insertBlockBefore(sb) - sb.offset = xb.offset - sb.bits = xb.bits - changed = true - - xb = x.next(xb) - } - sb = s.next(sb) - } - return changed -} - -// Union sets s to the union x ∪ y. -func (s *Sparse) Union(x, y *Sparse) { - switch { - case x == y: - s.Copy(x) - return - case s == x: - s.UnionWith(y) - return - case s == y: - s.UnionWith(x) - return - } - - xb := x.first() - yb := y.first() - sb := s.first() - for xb != &none || yb != &none { - if sb == &none { - sb = s.insertBlockBefore(sb) - } - switch { - case yb == &none || (xb != &none && xb.offset < yb.offset): - sb.offset = xb.offset - sb.bits = xb.bits - xb = x.next(xb) - - case xb == &none || (yb != &none && yb.offset < xb.offset): - sb.offset = yb.offset - sb.bits = yb.bits - yb = y.next(yb) - - default: - sb.offset = xb.offset - for i := range xb.bits { - sb.bits[i] = xb.bits[i] | yb.bits[i] - } - xb = x.next(xb) - yb = y.next(yb) - } - sb = s.next(sb) - } - - s.discardTail(sb) -} - -// DifferenceWith sets s to the difference s ∖ x. -func (s *Sparse) DifferenceWith(x *Sparse) { - if s == x { - s.Clear() - return - } - - xb := x.first() - sb := s.first() - for xb != &none && sb != &none { - switch { - case xb.offset > sb.offset: - sb = s.next(sb) - - case xb.offset < sb.offset: - xb = x.next(xb) - - default: - var sum word - for i := range sb.bits { - r := sb.bits[i] & ^xb.bits[i] - sb.bits[i] = r - sum |= r - } - if sum == 0 { - sb = s.removeBlock(sb) - } else { - sb = s.next(sb) - } - xb = x.next(xb) - } - } -} - -// Difference sets s to the difference x ∖ y. -func (s *Sparse) Difference(x, y *Sparse) { - switch { - case x == y: - s.Clear() - return - case s == x: - s.DifferenceWith(y) - return - case s == y: - var y2 Sparse - y2.Copy(y) - s.Difference(x, &y2) - return - } - - xb := x.first() - yb := y.first() - sb := s.first() - for xb != &none && yb != &none { - if xb.offset > yb.offset { - // y has block, x has &none - yb = y.next(yb) - continue - } - - if sb == &none { - sb = s.insertBlockBefore(sb) - } - sb.offset = xb.offset - - switch { - case xb.offset < yb.offset: - // x has block, y has &none - sb.bits = xb.bits - - sb = s.next(sb) - - default: - // x and y have corresponding blocks - var sum word - for i := range sb.bits { - r := xb.bits[i] & ^yb.bits[i] - sb.bits[i] = r - sum |= r - } - if sum != 0 { - sb = s.next(sb) - } else { - // sb will be overwritten or removed - } - - yb = y.next(yb) - } - xb = x.next(xb) - } - - for xb != &none { - if sb == &none { - sb = s.insertBlockBefore(sb) - } - sb.offset = xb.offset - sb.bits = xb.bits - sb = s.next(sb) - - xb = x.next(xb) - } - - s.discardTail(sb) -} - -// SymmetricDifferenceWith sets s to the symmetric difference s ∆ x. -func (s *Sparse) SymmetricDifferenceWith(x *Sparse) { - if s == x { - s.Clear() - return - } - - sb := s.first() - xb := x.first() - for xb != &none && sb != &none { - switch { - case sb.offset < xb.offset: - sb = s.next(sb) - case xb.offset < sb.offset: - nb := s.insertBlockBefore(sb) - nb.offset = xb.offset - nb.bits = xb.bits - xb = x.next(xb) - default: - var sum word - for i := range sb.bits { - r := sb.bits[i] ^ xb.bits[i] - sb.bits[i] = r - sum |= r - } - if sum == 0 { - sb = s.removeBlock(sb) - } else { - sb = s.next(sb) - } - xb = x.next(xb) - } - } - - for xb != &none { // append the tail of x to s - sb = s.insertBlockBefore(sb) - sb.offset = xb.offset - sb.bits = xb.bits - sb = s.next(sb) - xb = x.next(xb) - } -} - -// SymmetricDifference sets s to the symmetric difference x ∆ y. -func (s *Sparse) SymmetricDifference(x, y *Sparse) { - switch { - case x == y: - s.Clear() - return - case s == x: - s.SymmetricDifferenceWith(y) - return - case s == y: - s.SymmetricDifferenceWith(x) - return - } - - sb := s.first() - xb := x.first() - yb := y.first() - for xb != &none && yb != &none { - if sb == &none { - sb = s.insertBlockBefore(sb) - } - switch { - case yb.offset < xb.offset: - sb.offset = yb.offset - sb.bits = yb.bits - sb = s.next(sb) - yb = y.next(yb) - case xb.offset < yb.offset: - sb.offset = xb.offset - sb.bits = xb.bits - sb = s.next(sb) - xb = x.next(xb) - default: - var sum word - for i := range sb.bits { - r := xb.bits[i] ^ yb.bits[i] - sb.bits[i] = r - sum |= r - } - if sum != 0 { - sb.offset = xb.offset - sb = s.next(sb) - } - xb = x.next(xb) - yb = y.next(yb) - } - } - - for xb != &none { // append the tail of x to s - if sb == &none { - sb = s.insertBlockBefore(sb) - } - sb.offset = xb.offset - sb.bits = xb.bits - sb = s.next(sb) - xb = x.next(xb) - } - - for yb != &none { // append the tail of y to s - if sb == &none { - sb = s.insertBlockBefore(sb) - } - sb.offset = yb.offset - sb.bits = yb.bits - sb = s.next(sb) - yb = y.next(yb) - } - - s.discardTail(sb) -} - -// SubsetOf reports whether s ∖ x = ∅. -func (s *Sparse) SubsetOf(x *Sparse) bool { - if s == x { - return true - } - - sb := s.first() - xb := x.first() - for sb != &none { - switch { - case xb == &none || xb.offset > sb.offset: - return false - case xb.offset < sb.offset: - xb = x.next(xb) - default: - for i := range sb.bits { - if sb.bits[i]&^xb.bits[i] != 0 { - return false - } - } - sb = s.next(sb) - xb = x.next(xb) - } - } - return true -} - -// Equals reports whether the sets s and t have the same elements. -func (s *Sparse) Equals(t *Sparse) bool { - if s == t { - return true - } - sb := s.first() - tb := t.first() - for { - switch { - case sb == &none && tb == &none: - return true - case sb == &none || tb == &none: - return false - case sb.offset != tb.offset: - return false - case sb.bits != tb.bits: - return false - } - - sb = s.next(sb) - tb = t.next(tb) - } -} - -// String returns a human-readable description of the set s. -func (s *Sparse) String() string { - var buf bytes.Buffer - buf.WriteByte('{') - s.forEach(func(x int) { - if buf.Len() > 1 { - buf.WriteByte(' ') - } - fmt.Fprintf(&buf, "%d", x) - }) - buf.WriteByte('}') - return buf.String() -} - -// BitString returns the set as a string of 1s and 0s denoting the sum -// of the i'th powers of 2, for each i in s. A radix point, always -// preceded by a digit, appears if the sum is non-integral. -// -// Examples: -// -// {}.BitString() = "0" -// {4,5}.BitString() = "110000" -// {-3}.BitString() = "0.001" -// {-3,0,4,5}.BitString() = "110001.001" -func (s *Sparse) BitString() string { - if s.IsEmpty() { - return "0" - } - - min, max := s.Min(), s.Max() - var nbytes int - if max > 0 { - nbytes = max - } - nbytes++ // zero bit - radix := nbytes - if min < 0 { - nbytes += len(".") - min - } - - b := make([]byte, nbytes) - for i := range b { - b[i] = '0' - } - if radix < nbytes { - b[radix] = '.' - } - s.forEach(func(x int) { - if x >= 0 { - x += len(".") - } - b[radix-x] = '1' - }) - return string(b) -} - -// GoString returns a string showing the internal representation of -// the set s. -func (s *Sparse) GoString() string { - var buf bytes.Buffer - for b := s.first(); b != &none; b = s.next(b) { - fmt.Fprintf(&buf, "block %p {offset=%d next=%p prev=%p", - b, b.offset, b.next, b.prev) - for _, w := range b.bits { - fmt.Fprintf(&buf, " 0%016x", w) - } - fmt.Fprintf(&buf, "}\n") - } - return buf.String() -} - -// AppendTo returns the result of appending the elements of s to slice -// in order. -func (s *Sparse) AppendTo(slice []int) []int { - s.forEach(func(x int) { - slice = append(slice, x) - }) - return slice -} - -// -- Testing/debugging ------------------------------------------------ - -// check returns an error if the representation invariants of s are violated. -func (s *Sparse) check() error { - s.init() - if s.root.empty() { - // An empty set must have only the root block with offset MaxInt. - if s.root.next != &s.root { - return fmt.Errorf("multiple blocks with empty root block") - } - if s.root.offset != MaxInt { - return fmt.Errorf("empty set has offset %d, should be MaxInt", s.root.offset) - } - return nil - } - for b := s.first(); ; b = s.next(b) { - if b.offset%bitsPerBlock != 0 { - return fmt.Errorf("bad offset modulo: %d", b.offset) - } - if b.empty() { - return fmt.Errorf("empty block") - } - if b.prev.next != b { - return fmt.Errorf("bad prev.next link") - } - if b.next.prev != b { - return fmt.Errorf("bad next.prev link") - } - if b.next == &s.root { - break - } - if b.offset >= b.next.offset { - return fmt.Errorf("bad offset order: b.offset=%d, b.next.offset=%d", - b.offset, b.next.offset) - } - } - return nil -} diff --git a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/checked.pb.go b/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/checked.pb.go deleted file mode 100644 index bad8af1497..0000000000 --- a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/checked.pb.go +++ /dev/null @@ -1,1657 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.26.0 -// protoc v3.12.2 -// source: google/api/expr/v1alpha1/checked.proto - -package expr - -import ( - reflect "reflect" - sync "sync" - - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - emptypb "google.golang.org/protobuf/types/known/emptypb" - structpb "google.golang.org/protobuf/types/known/structpb" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// CEL primitive types. -type Type_PrimitiveType int32 - -const ( - // Unspecified type. - Type_PRIMITIVE_TYPE_UNSPECIFIED Type_PrimitiveType = 0 - // Boolean type. - Type_BOOL Type_PrimitiveType = 1 - // Int64 type. - // - // Proto-based integer values are widened to int64. - Type_INT64 Type_PrimitiveType = 2 - // Uint64 type. - // - // Proto-based unsigned integer values are widened to uint64. - Type_UINT64 Type_PrimitiveType = 3 - // Double type. - // - // Proto-based float values are widened to double values. - Type_DOUBLE Type_PrimitiveType = 4 - // String type. - Type_STRING Type_PrimitiveType = 5 - // Bytes type. - Type_BYTES Type_PrimitiveType = 6 -) - -// Enum value maps for Type_PrimitiveType. -var ( - Type_PrimitiveType_name = map[int32]string{ - 0: "PRIMITIVE_TYPE_UNSPECIFIED", - 1: "BOOL", - 2: "INT64", - 3: "UINT64", - 4: "DOUBLE", - 5: "STRING", - 6: "BYTES", - } - Type_PrimitiveType_value = map[string]int32{ - "PRIMITIVE_TYPE_UNSPECIFIED": 0, - "BOOL": 1, - "INT64": 2, - "UINT64": 3, - "DOUBLE": 4, - "STRING": 5, - "BYTES": 6, - } -) - -func (x Type_PrimitiveType) Enum() *Type_PrimitiveType { - p := new(Type_PrimitiveType) - *p = x - return p -} - -func (x Type_PrimitiveType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (Type_PrimitiveType) Descriptor() protoreflect.EnumDescriptor { - return file_google_api_expr_v1alpha1_checked_proto_enumTypes[0].Descriptor() -} - -func (Type_PrimitiveType) Type() protoreflect.EnumType { - return &file_google_api_expr_v1alpha1_checked_proto_enumTypes[0] -} - -func (x Type_PrimitiveType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use Type_PrimitiveType.Descriptor instead. -func (Type_PrimitiveType) EnumDescriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{1, 0} -} - -// Well-known protobuf types treated with first-class support in CEL. -type Type_WellKnownType int32 - -const ( - // Unspecified type. - Type_WELL_KNOWN_TYPE_UNSPECIFIED Type_WellKnownType = 0 - // Well-known protobuf.Any type. - // - // Any types are a polymorphic message type. During type-checking they are - // treated like `DYN` types, but at runtime they are resolved to a specific - // message type specified at evaluation time. - Type_ANY Type_WellKnownType = 1 - // Well-known protobuf.Timestamp type, internally referenced as `timestamp`. - Type_TIMESTAMP Type_WellKnownType = 2 - // Well-known protobuf.Duration type, internally referenced as `duration`. - Type_DURATION Type_WellKnownType = 3 -) - -// Enum value maps for Type_WellKnownType. -var ( - Type_WellKnownType_name = map[int32]string{ - 0: "WELL_KNOWN_TYPE_UNSPECIFIED", - 1: "ANY", - 2: "TIMESTAMP", - 3: "DURATION", - } - Type_WellKnownType_value = map[string]int32{ - "WELL_KNOWN_TYPE_UNSPECIFIED": 0, - "ANY": 1, - "TIMESTAMP": 2, - "DURATION": 3, - } -) - -func (x Type_WellKnownType) Enum() *Type_WellKnownType { - p := new(Type_WellKnownType) - *p = x - return p -} - -func (x Type_WellKnownType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (Type_WellKnownType) Descriptor() protoreflect.EnumDescriptor { - return file_google_api_expr_v1alpha1_checked_proto_enumTypes[1].Descriptor() -} - -func (Type_WellKnownType) Type() protoreflect.EnumType { - return &file_google_api_expr_v1alpha1_checked_proto_enumTypes[1] -} - -func (x Type_WellKnownType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use Type_WellKnownType.Descriptor instead. -func (Type_WellKnownType) EnumDescriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{1, 1} -} - -// A CEL expression which has been successfully type checked. -type CheckedExpr struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A map from expression ids to resolved references. - // - // The following entries are in this table: - // - // - An Ident or Select expression is represented here if it resolves to a - // declaration. For instance, if `a.b.c` is represented by - // `select(select(id(a), b), c)`, and `a.b` resolves to a declaration, - // while `c` is a field selection, then the reference is attached to the - // nested select expression (but not to the id or or the outer select). - // In turn, if `a` resolves to a declaration and `b.c` are field selections, - // the reference is attached to the ident expression. - // - Every Call expression has an entry here, identifying the function being - // called. - // - Every CreateStruct expression for a message has an entry, identifying - // the message. - ReferenceMap map[int64]*Reference `protobuf:"bytes,2,rep,name=reference_map,json=referenceMap,proto3" json:"reference_map,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // A map from expression ids to types. - // - // Every expression node which has a type different than DYN has a mapping - // here. If an expression has type DYN, it is omitted from this map to save - // space. - TypeMap map[int64]*Type `protobuf:"bytes,3,rep,name=type_map,json=typeMap,proto3" json:"type_map,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // The source info derived from input that generated the parsed `expr` and - // any optimizations made during the type-checking pass. - SourceInfo *SourceInfo `protobuf:"bytes,5,opt,name=source_info,json=sourceInfo,proto3" json:"source_info,omitempty"` - // The expr version indicates the major / minor version number of the `expr` - // representation. - // - // The most common reason for a version change will be to indicate to the CEL - // runtimes that transformations have been performed on the expr during static - // analysis. In some cases, this will save the runtime the work of applying - // the same or similar transformations prior to evaluation. - ExprVersion string `protobuf:"bytes,6,opt,name=expr_version,json=exprVersion,proto3" json:"expr_version,omitempty"` - // The checked expression. Semantically equivalent to the parsed `expr`, but - // may have structural differences. - Expr *Expr `protobuf:"bytes,4,opt,name=expr,proto3" json:"expr,omitempty"` -} - -func (x *CheckedExpr) Reset() { - *x = CheckedExpr{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CheckedExpr) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CheckedExpr) ProtoMessage() {} - -func (x *CheckedExpr) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CheckedExpr.ProtoReflect.Descriptor instead. -func (*CheckedExpr) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{0} -} - -func (x *CheckedExpr) GetReferenceMap() map[int64]*Reference { - if x != nil { - return x.ReferenceMap - } - return nil -} - -func (x *CheckedExpr) GetTypeMap() map[int64]*Type { - if x != nil { - return x.TypeMap - } - return nil -} - -func (x *CheckedExpr) GetSourceInfo() *SourceInfo { - if x != nil { - return x.SourceInfo - } - return nil -} - -func (x *CheckedExpr) GetExprVersion() string { - if x != nil { - return x.ExprVersion - } - return "" -} - -func (x *CheckedExpr) GetExpr() *Expr { - if x != nil { - return x.Expr - } - return nil -} - -// Represents a CEL type. -type Type struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The kind of type. - // - // Types that are assignable to TypeKind: - // *Type_Dyn - // *Type_Null - // *Type_Primitive - // *Type_Wrapper - // *Type_WellKnown - // *Type_ListType_ - // *Type_MapType_ - // *Type_Function - // *Type_MessageType - // *Type_TypeParam - // *Type_Type - // *Type_Error - // *Type_AbstractType_ - TypeKind isType_TypeKind `protobuf_oneof:"type_kind"` -} - -func (x *Type) Reset() { - *x = Type{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Type) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Type) ProtoMessage() {} - -func (x *Type) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Type.ProtoReflect.Descriptor instead. -func (*Type) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{1} -} - -func (m *Type) GetTypeKind() isType_TypeKind { - if m != nil { - return m.TypeKind - } - return nil -} - -func (x *Type) GetDyn() *emptypb.Empty { - if x, ok := x.GetTypeKind().(*Type_Dyn); ok { - return x.Dyn - } - return nil -} - -func (x *Type) GetNull() structpb.NullValue { - if x, ok := x.GetTypeKind().(*Type_Null); ok { - return x.Null - } - return structpb.NullValue_NULL_VALUE -} - -func (x *Type) GetPrimitive() Type_PrimitiveType { - if x, ok := x.GetTypeKind().(*Type_Primitive); ok { - return x.Primitive - } - return Type_PRIMITIVE_TYPE_UNSPECIFIED -} - -func (x *Type) GetWrapper() Type_PrimitiveType { - if x, ok := x.GetTypeKind().(*Type_Wrapper); ok { - return x.Wrapper - } - return Type_PRIMITIVE_TYPE_UNSPECIFIED -} - -func (x *Type) GetWellKnown() Type_WellKnownType { - if x, ok := x.GetTypeKind().(*Type_WellKnown); ok { - return x.WellKnown - } - return Type_WELL_KNOWN_TYPE_UNSPECIFIED -} - -func (x *Type) GetListType() *Type_ListType { - if x, ok := x.GetTypeKind().(*Type_ListType_); ok { - return x.ListType - } - return nil -} - -func (x *Type) GetMapType() *Type_MapType { - if x, ok := x.GetTypeKind().(*Type_MapType_); ok { - return x.MapType - } - return nil -} - -func (x *Type) GetFunction() *Type_FunctionType { - if x, ok := x.GetTypeKind().(*Type_Function); ok { - return x.Function - } - return nil -} - -func (x *Type) GetMessageType() string { - if x, ok := x.GetTypeKind().(*Type_MessageType); ok { - return x.MessageType - } - return "" -} - -func (x *Type) GetTypeParam() string { - if x, ok := x.GetTypeKind().(*Type_TypeParam); ok { - return x.TypeParam - } - return "" -} - -func (x *Type) GetType() *Type { - if x, ok := x.GetTypeKind().(*Type_Type); ok { - return x.Type - } - return nil -} - -func (x *Type) GetError() *emptypb.Empty { - if x, ok := x.GetTypeKind().(*Type_Error); ok { - return x.Error - } - return nil -} - -func (x *Type) GetAbstractType() *Type_AbstractType { - if x, ok := x.GetTypeKind().(*Type_AbstractType_); ok { - return x.AbstractType - } - return nil -} - -type isType_TypeKind interface { - isType_TypeKind() -} - -type Type_Dyn struct { - // Dynamic type. - Dyn *emptypb.Empty `protobuf:"bytes,1,opt,name=dyn,proto3,oneof"` -} - -type Type_Null struct { - // Null value. - Null structpb.NullValue `protobuf:"varint,2,opt,name=null,proto3,enum=google.protobuf.NullValue,oneof"` -} - -type Type_Primitive struct { - // Primitive types: `true`, `1u`, `-2.0`, `'string'`, `b'bytes'`. - Primitive Type_PrimitiveType `protobuf:"varint,3,opt,name=primitive,proto3,enum=google.api.expr.v1alpha1.Type_PrimitiveType,oneof"` -} - -type Type_Wrapper struct { - // Wrapper of a primitive type, e.g. `google.protobuf.Int64Value`. - Wrapper Type_PrimitiveType `protobuf:"varint,4,opt,name=wrapper,proto3,enum=google.api.expr.v1alpha1.Type_PrimitiveType,oneof"` -} - -type Type_WellKnown struct { - // Well-known protobuf type such as `google.protobuf.Timestamp`. - WellKnown Type_WellKnownType `protobuf:"varint,5,opt,name=well_known,json=wellKnown,proto3,enum=google.api.expr.v1alpha1.Type_WellKnownType,oneof"` -} - -type Type_ListType_ struct { - // Parameterized list with elements of `list_type`, e.g. `list<timestamp>`. - ListType *Type_ListType `protobuf:"bytes,6,opt,name=list_type,json=listType,proto3,oneof"` -} - -type Type_MapType_ struct { - // Parameterized map with typed keys and values. - MapType *Type_MapType `protobuf:"bytes,7,opt,name=map_type,json=mapType,proto3,oneof"` -} - -type Type_Function struct { - // Function type. - Function *Type_FunctionType `protobuf:"bytes,8,opt,name=function,proto3,oneof"` -} - -type Type_MessageType struct { - // Protocol buffer message type. - // - // The `message_type` string specifies the qualified message type name. For - // example, `google.plus.Profile`. - MessageType string `protobuf:"bytes,9,opt,name=message_type,json=messageType,proto3,oneof"` -} - -type Type_TypeParam struct { - // Type param type. - // - // The `type_param` string specifies the type parameter name, e.g. `list<E>` - // would be a `list_type` whose element type was a `type_param` type - // named `E`. - TypeParam string `protobuf:"bytes,10,opt,name=type_param,json=typeParam,proto3,oneof"` -} - -type Type_Type struct { - // Type type. - // - // The `type` value specifies the target type. e.g. int is type with a - // target type of `Primitive.INT`. - Type *Type `protobuf:"bytes,11,opt,name=type,proto3,oneof"` -} - -type Type_Error struct { - // Error type. - // - // During type-checking if an expression is an error, its type is propagated - // as the `ERROR` type. This permits the type-checker to discover other - // errors present in the expression. - Error *emptypb.Empty `protobuf:"bytes,12,opt,name=error,proto3,oneof"` -} - -type Type_AbstractType_ struct { - // Abstract, application defined type. - AbstractType *Type_AbstractType `protobuf:"bytes,14,opt,name=abstract_type,json=abstractType,proto3,oneof"` -} - -func (*Type_Dyn) isType_TypeKind() {} - -func (*Type_Null) isType_TypeKind() {} - -func (*Type_Primitive) isType_TypeKind() {} - -func (*Type_Wrapper) isType_TypeKind() {} - -func (*Type_WellKnown) isType_TypeKind() {} - -func (*Type_ListType_) isType_TypeKind() {} - -func (*Type_MapType_) isType_TypeKind() {} - -func (*Type_Function) isType_TypeKind() {} - -func (*Type_MessageType) isType_TypeKind() {} - -func (*Type_TypeParam) isType_TypeKind() {} - -func (*Type_Type) isType_TypeKind() {} - -func (*Type_Error) isType_TypeKind() {} - -func (*Type_AbstractType_) isType_TypeKind() {} - -// Represents a declaration of a named value or function. -// -// A declaration is part of the contract between the expression, the agent -// evaluating that expression, and the caller requesting evaluation. -type Decl struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The fully qualified name of the declaration. - // - // Declarations are organized in containers and this represents the full path - // to the declaration in its container, as in `google.api.expr.Decl`. - // - // Declarations used as [FunctionDecl.Overload][google.api.expr.v1alpha1.Decl.FunctionDecl.Overload] parameters may or may not - // have a name depending on whether the overload is function declaration or a - // function definition containing a result [Expr][google.api.expr.v1alpha1.Expr]. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Required. The declaration kind. - // - // Types that are assignable to DeclKind: - // *Decl_Ident - // *Decl_Function - DeclKind isDecl_DeclKind `protobuf_oneof:"decl_kind"` -} - -func (x *Decl) Reset() { - *x = Decl{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Decl) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Decl) ProtoMessage() {} - -func (x *Decl) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Decl.ProtoReflect.Descriptor instead. -func (*Decl) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{2} -} - -func (x *Decl) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (m *Decl) GetDeclKind() isDecl_DeclKind { - if m != nil { - return m.DeclKind - } - return nil -} - -func (x *Decl) GetIdent() *Decl_IdentDecl { - if x, ok := x.GetDeclKind().(*Decl_Ident); ok { - return x.Ident - } - return nil -} - -func (x *Decl) GetFunction() *Decl_FunctionDecl { - if x, ok := x.GetDeclKind().(*Decl_Function); ok { - return x.Function - } - return nil -} - -type isDecl_DeclKind interface { - isDecl_DeclKind() -} - -type Decl_Ident struct { - // Identifier declaration. - Ident *Decl_IdentDecl `protobuf:"bytes,2,opt,name=ident,proto3,oneof"` -} - -type Decl_Function struct { - // Function declaration. - Function *Decl_FunctionDecl `protobuf:"bytes,3,opt,name=function,proto3,oneof"` -} - -func (*Decl_Ident) isDecl_DeclKind() {} - -func (*Decl_Function) isDecl_DeclKind() {} - -// Describes a resolved reference to a declaration. -type Reference struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The fully qualified name of the declaration. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // For references to functions, this is a list of `Overload.overload_id` - // values which match according to typing rules. - // - // If the list has more than one element, overload resolution among the - // presented candidates must happen at runtime because of dynamic types. The - // type checker attempts to narrow down this list as much as possible. - // - // Empty if this is not a reference to a [Decl.FunctionDecl][google.api.expr.v1alpha1.Decl.FunctionDecl]. - OverloadId []string `protobuf:"bytes,3,rep,name=overload_id,json=overloadId,proto3" json:"overload_id,omitempty"` - // For references to constants, this may contain the value of the - // constant if known at compile time. - Value *Constant `protobuf:"bytes,4,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *Reference) Reset() { - *x = Reference{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Reference) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Reference) ProtoMessage() {} - -func (x *Reference) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Reference.ProtoReflect.Descriptor instead. -func (*Reference) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{3} -} - -func (x *Reference) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Reference) GetOverloadId() []string { - if x != nil { - return x.OverloadId - } - return nil -} - -func (x *Reference) GetValue() *Constant { - if x != nil { - return x.Value - } - return nil -} - -// List type with typed elements, e.g. `list<example.proto.MyMessage>`. -type Type_ListType struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The element type. - ElemType *Type `protobuf:"bytes,1,opt,name=elem_type,json=elemType,proto3" json:"elem_type,omitempty"` -} - -func (x *Type_ListType) Reset() { - *x = Type_ListType{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Type_ListType) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Type_ListType) ProtoMessage() {} - -func (x *Type_ListType) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Type_ListType.ProtoReflect.Descriptor instead. -func (*Type_ListType) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{1, 0} -} - -func (x *Type_ListType) GetElemType() *Type { - if x != nil { - return x.ElemType - } - return nil -} - -// Map type with parameterized key and value types, e.g. `map<string, int>`. -type Type_MapType struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The type of the key. - KeyType *Type `protobuf:"bytes,1,opt,name=key_type,json=keyType,proto3" json:"key_type,omitempty"` - // The type of the value. - ValueType *Type `protobuf:"bytes,2,opt,name=value_type,json=valueType,proto3" json:"value_type,omitempty"` -} - -func (x *Type_MapType) Reset() { - *x = Type_MapType{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Type_MapType) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Type_MapType) ProtoMessage() {} - -func (x *Type_MapType) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Type_MapType.ProtoReflect.Descriptor instead. -func (*Type_MapType) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{1, 1} -} - -func (x *Type_MapType) GetKeyType() *Type { - if x != nil { - return x.KeyType - } - return nil -} - -func (x *Type_MapType) GetValueType() *Type { - if x != nil { - return x.ValueType - } - return nil -} - -// Function type with result and arg types. -type Type_FunctionType struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Result type of the function. - ResultType *Type `protobuf:"bytes,1,opt,name=result_type,json=resultType,proto3" json:"result_type,omitempty"` - // Argument types of the function. - ArgTypes []*Type `protobuf:"bytes,2,rep,name=arg_types,json=argTypes,proto3" json:"arg_types,omitempty"` -} - -func (x *Type_FunctionType) Reset() { - *x = Type_FunctionType{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Type_FunctionType) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Type_FunctionType) ProtoMessage() {} - -func (x *Type_FunctionType) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Type_FunctionType.ProtoReflect.Descriptor instead. -func (*Type_FunctionType) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{1, 2} -} - -func (x *Type_FunctionType) GetResultType() *Type { - if x != nil { - return x.ResultType - } - return nil -} - -func (x *Type_FunctionType) GetArgTypes() []*Type { - if x != nil { - return x.ArgTypes - } - return nil -} - -// Application defined abstract type. -type Type_AbstractType struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The fully qualified name of this abstract type. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Parameter types for this abstract type. - ParameterTypes []*Type `protobuf:"bytes,2,rep,name=parameter_types,json=parameterTypes,proto3" json:"parameter_types,omitempty"` -} - -func (x *Type_AbstractType) Reset() { - *x = Type_AbstractType{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Type_AbstractType) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Type_AbstractType) ProtoMessage() {} - -func (x *Type_AbstractType) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Type_AbstractType.ProtoReflect.Descriptor instead. -func (*Type_AbstractType) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{1, 3} -} - -func (x *Type_AbstractType) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Type_AbstractType) GetParameterTypes() []*Type { - if x != nil { - return x.ParameterTypes - } - return nil -} - -// Identifier declaration which specifies its type and optional `Expr` value. -// -// An identifier without a value is a declaration that must be provided at -// evaluation time. An identifier with a value should resolve to a constant, -// but may be used in conjunction with other identifiers bound at evaluation -// time. -type Decl_IdentDecl struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. The type of the identifier. - Type *Type `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - // The constant value of the identifier. If not specified, the identifier - // must be supplied at evaluation time. - Value *Constant `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` - // Documentation string for the identifier. - Doc string `protobuf:"bytes,3,opt,name=doc,proto3" json:"doc,omitempty"` -} - -func (x *Decl_IdentDecl) Reset() { - *x = Decl_IdentDecl{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Decl_IdentDecl) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Decl_IdentDecl) ProtoMessage() {} - -func (x *Decl_IdentDecl) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Decl_IdentDecl.ProtoReflect.Descriptor instead. -func (*Decl_IdentDecl) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{2, 0} -} - -func (x *Decl_IdentDecl) GetType() *Type { - if x != nil { - return x.Type - } - return nil -} - -func (x *Decl_IdentDecl) GetValue() *Constant { - if x != nil { - return x.Value - } - return nil -} - -func (x *Decl_IdentDecl) GetDoc() string { - if x != nil { - return x.Doc - } - return "" -} - -// Function declaration specifies one or more overloads which indicate the -// function's parameter types and return type. -// -// Functions have no observable side-effects (there may be side-effects like -// logging which are not observable from CEL). -type Decl_FunctionDecl struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. List of function overloads, must contain at least one overload. - Overloads []*Decl_FunctionDecl_Overload `protobuf:"bytes,1,rep,name=overloads,proto3" json:"overloads,omitempty"` -} - -func (x *Decl_FunctionDecl) Reset() { - *x = Decl_FunctionDecl{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Decl_FunctionDecl) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Decl_FunctionDecl) ProtoMessage() {} - -func (x *Decl_FunctionDecl) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Decl_FunctionDecl.ProtoReflect.Descriptor instead. -func (*Decl_FunctionDecl) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{2, 1} -} - -func (x *Decl_FunctionDecl) GetOverloads() []*Decl_FunctionDecl_Overload { - if x != nil { - return x.Overloads - } - return nil -} - -// An overload indicates a function's parameter types and return type, and -// may optionally include a function body described in terms of [Expr][google.api.expr.v1alpha1.Expr] -// values. -// -// Functions overloads are declared in either a function or method -// call-style. For methods, the `params[0]` is the expected type of the -// target receiver. -// -// Overloads must have non-overlapping argument types after erasure of all -// parameterized type variables (similar as type erasure in Java). -type Decl_FunctionDecl_Overload struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. Globally unique overload name of the function which reflects - // the function name and argument types. - // - // This will be used by a [Reference][google.api.expr.v1alpha1.Reference] to indicate the `overload_id` that - // was resolved for the function `name`. - OverloadId string `protobuf:"bytes,1,opt,name=overload_id,json=overloadId,proto3" json:"overload_id,omitempty"` - // List of function parameter [Type][google.api.expr.v1alpha1.Type] values. - // - // Param types are disjoint after generic type parameters have been - // replaced with the type `DYN`. Since the `DYN` type is compatible with - // any other type, this means that if `A` is a type parameter, the - // function types `int<A>` and `int<int>` are not disjoint. Likewise, - // `map<string, string>` is not disjoint from `map<K, V>`. - // - // When the `result_type` of a function is a generic type param, the - // type param name also appears as the `type` of on at least one params. - Params []*Type `protobuf:"bytes,2,rep,name=params,proto3" json:"params,omitempty"` - // The type param names associated with the function declaration. - // - // For example, `function ex<K,V>(K key, map<K, V> map) : V` would yield - // the type params of `K, V`. - TypeParams []string `protobuf:"bytes,3,rep,name=type_params,json=typeParams,proto3" json:"type_params,omitempty"` - // Required. The result type of the function. For example, the operator - // `string.isEmpty()` would have `result_type` of `kind: BOOL`. - ResultType *Type `protobuf:"bytes,4,opt,name=result_type,json=resultType,proto3" json:"result_type,omitempty"` - // Whether the function is to be used in a method call-style `x.f(...)` - // of a function call-style `f(x, ...)`. - // - // For methods, the first parameter declaration, `params[0]` is the - // expected type of the target receiver. - IsInstanceFunction bool `protobuf:"varint,5,opt,name=is_instance_function,json=isInstanceFunction,proto3" json:"is_instance_function,omitempty"` - // Documentation string for the overload. - Doc string `protobuf:"bytes,6,opt,name=doc,proto3" json:"doc,omitempty"` -} - -func (x *Decl_FunctionDecl_Overload) Reset() { - *x = Decl_FunctionDecl_Overload{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Decl_FunctionDecl_Overload) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Decl_FunctionDecl_Overload) ProtoMessage() {} - -func (x *Decl_FunctionDecl_Overload) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_checked_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Decl_FunctionDecl_Overload.ProtoReflect.Descriptor instead. -func (*Decl_FunctionDecl_Overload) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP(), []int{2, 1, 0} -} - -func (x *Decl_FunctionDecl_Overload) GetOverloadId() string { - if x != nil { - return x.OverloadId - } - return "" -} - -func (x *Decl_FunctionDecl_Overload) GetParams() []*Type { - if x != nil { - return x.Params - } - return nil -} - -func (x *Decl_FunctionDecl_Overload) GetTypeParams() []string { - if x != nil { - return x.TypeParams - } - return nil -} - -func (x *Decl_FunctionDecl_Overload) GetResultType() *Type { - if x != nil { - return x.ResultType - } - return nil -} - -func (x *Decl_FunctionDecl_Overload) GetIsInstanceFunction() bool { - if x != nil { - return x.IsInstanceFunction - } - return false -} - -func (x *Decl_FunctionDecl_Overload) GetDoc() string { - if x != nil { - return x.Doc - } - return "" -} - -var File_google_api_expr_v1alpha1_checked_proto protoreflect.FileDescriptor - -var file_google_api_expr_v1alpha1_checked_proto_rawDesc = []byte{ - 0x0a, 0x26, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, - 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x63, 0x68, 0x65, 0x63, 0x6b, - 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x1a, 0x25, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, - 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x79, 0x6e, - 0x74, 0x61, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9a, 0x04, 0x0a, 0x0b, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x65, 0x64, - 0x45, 0x78, 0x70, 0x72, 0x12, 0x5c, 0x0a, 0x0d, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, - 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x65, 0x64, 0x45, 0x78, - 0x70, 0x72, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x4d, - 0x61, 0x70, 0x12, 0x4d, 0x0a, 0x08, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x65, 0x64, 0x45, 0x78, 0x70, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, - 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x79, 0x70, 0x65, 0x4d, 0x61, - 0x70, 0x12, 0x45, 0x0a, 0x0b, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0a, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x78, 0x70, 0x72, - 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x65, 0x78, 0x70, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x04, 0x65, - 0x78, 0x70, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x04, 0x65, 0x78, 0x70, 0x72, 0x1a, - 0x64, 0x0a, 0x11, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x03, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x5a, 0x0a, 0x0c, 0x54, 0x79, 0x70, 0x65, 0x4d, 0x61, 0x70, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x03, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x34, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x22, 0xc8, 0x0b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2a, 0x0a, 0x03, 0x64, 0x79, - 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x48, - 0x00, 0x52, 0x03, 0x64, 0x79, 0x6e, 0x12, 0x30, 0x0a, 0x04, 0x6e, 0x75, 0x6c, 0x6c, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x48, 0x00, 0x52, 0x04, 0x6e, 0x75, 0x6c, 0x6c, 0x12, 0x4c, 0x0a, 0x09, 0x70, 0x72, 0x69, 0x6d, - 0x69, 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x50, 0x72, 0x69, 0x6d, - 0x69, 0x74, 0x69, 0x76, 0x65, 0x54, 0x79, 0x70, 0x65, 0x48, 0x00, 0x52, 0x09, 0x70, 0x72, 0x69, - 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x12, 0x48, 0x0a, 0x07, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, - 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, - 0x65, 0x54, 0x79, 0x70, 0x65, 0x48, 0x00, 0x52, 0x07, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, - 0x12, 0x4d, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, 0x5f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x54, 0x79, 0x70, 0x65, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79, - 0x70, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x12, - 0x46, 0x0a, 0x09, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, - 0x70, 0x65, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x54, 0x79, 0x70, 0x65, 0x48, 0x00, 0x52, 0x08, 0x6c, - 0x69, 0x73, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x43, 0x0a, 0x08, 0x6d, 0x61, 0x70, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x4d, 0x61, 0x70, 0x54, 0x79, 0x70, - 0x65, 0x48, 0x00, 0x52, 0x07, 0x6d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x12, 0x49, 0x0a, 0x08, - 0x66, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x46, - 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x48, 0x00, 0x52, 0x08, 0x66, - 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, - 0x0b, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0a, - 0x74, 0x79, 0x70, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, - 0x48, 0x00, 0x52, 0x09, 0x74, 0x79, 0x70, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x12, 0x34, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x48, 0x00, 0x52, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x12, 0x2e, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x0c, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x72, - 0x72, 0x6f, 0x72, 0x12, 0x52, 0x0a, 0x0d, 0x61, 0x62, 0x73, 0x74, 0x72, 0x61, 0x63, 0x74, 0x5f, - 0x74, 0x79, 0x70, 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x2e, 0x41, 0x62, 0x73, 0x74, 0x72, - 0x61, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x48, 0x00, 0x52, 0x0c, 0x61, 0x62, 0x73, 0x74, 0x72, - 0x61, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x1a, 0x47, 0x0a, 0x08, 0x4c, 0x69, 0x73, 0x74, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x3b, 0x0a, 0x09, 0x65, 0x6c, 0x65, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, 0x6c, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, - 0x1a, 0x83, 0x01, 0x0a, 0x07, 0x4d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x12, 0x39, 0x0a, 0x08, - 0x6b, 0x65, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, - 0x6b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x3d, 0x0a, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x09, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x54, 0x79, 0x70, 0x65, 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x46, 0x75, 0x6e, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x3f, 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x75, 0x6c, - 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x72, 0x65, - 0x73, 0x75, 0x6c, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x3b, 0x0a, 0x09, 0x61, 0x72, 0x67, 0x5f, - 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x61, 0x72, 0x67, - 0x54, 0x79, 0x70, 0x65, 0x73, 0x1a, 0x6b, 0x0a, 0x0c, 0x41, 0x62, 0x73, 0x74, 0x72, 0x61, 0x63, - 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x47, 0x0a, 0x0f, 0x70, 0x61, 0x72, - 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, - 0x70, 0x65, 0x52, 0x0e, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x54, 0x79, 0x70, - 0x65, 0x73, 0x22, 0x73, 0x0a, 0x0d, 0x50, 0x72, 0x69, 0x6d, 0x69, 0x74, 0x69, 0x76, 0x65, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x1a, 0x50, 0x52, 0x49, 0x4d, 0x49, 0x54, 0x49, 0x56, 0x45, - 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, - 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x01, 0x12, 0x09, 0x0a, - 0x05, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x49, 0x4e, 0x54, - 0x36, 0x34, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x04, - 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x09, 0x0a, 0x05, - 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x06, 0x22, 0x56, 0x0a, 0x0d, 0x57, 0x65, 0x6c, 0x6c, 0x4b, - 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x1b, 0x57, 0x45, 0x4c, 0x4c, - 0x5f, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, - 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, - 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x49, 0x4d, 0x45, 0x53, 0x54, 0x41, 0x4d, 0x50, 0x10, - 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x03, 0x42, - 0x0b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x6b, 0x69, 0x6e, 0x64, 0x22, 0xb3, 0x05, 0x0a, - 0x04, 0x44, 0x65, 0x63, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x05, 0x69, 0x64, 0x65, - 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x63, 0x6c, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x44, 0x65, - 0x63, 0x6c, 0x48, 0x00, 0x52, 0x05, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x12, 0x49, 0x0a, 0x08, 0x66, - 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x63, 0x6c, 0x2e, 0x46, 0x75, - 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x63, 0x6c, 0x48, 0x00, 0x52, 0x08, 0x66, 0x75, - 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x8b, 0x01, 0x0a, 0x09, 0x49, 0x64, 0x65, 0x6e, 0x74, - 0x44, 0x65, 0x63, 0x6c, 0x12, 0x32, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x79, - 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x6f, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x64, 0x6f, 0x63, 0x1a, 0xee, 0x02, 0x0a, 0x0c, 0x46, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x44, 0x65, 0x63, 0x6c, 0x12, 0x52, 0x0a, 0x09, 0x6f, 0x76, 0x65, 0x72, 0x6c, 0x6f, 0x61, - 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x63, 0x6c, 0x2e, 0x46, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x44, 0x65, 0x63, 0x6c, 0x2e, 0x4f, 0x76, 0x65, 0x72, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x09, - 0x6f, 0x76, 0x65, 0x72, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x1a, 0x89, 0x02, 0x0a, 0x08, 0x4f, 0x76, - 0x65, 0x72, 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x76, 0x65, 0x72, 0x6c, 0x6f, - 0x61, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x76, 0x65, - 0x72, 0x6c, 0x6f, 0x61, 0x64, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, - 0x1f, 0x0a, 0x0b, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x79, 0x70, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, - 0x12, 0x3f, 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x54, 0x79, 0x70, - 0x65, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, - 0x5f, 0x66, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x12, 0x69, 0x73, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x46, 0x75, 0x6e, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x6f, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x64, 0x6f, 0x63, 0x42, 0x0b, 0x0a, 0x09, 0x64, 0x65, 0x63, 0x6c, 0x5f, 0x6b, 0x69, - 0x6e, 0x64, 0x22, 0x7a, 0x0a, 0x09, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, - 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x76, 0x65, 0x72, 0x6c, 0x6f, 0x61, 0x64, 0x5f, - 0x69, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x76, 0x65, 0x72, 0x6c, 0x6f, - 0x61, 0x64, 0x49, 0x64, 0x12, 0x38, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, - 0x6f, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x6c, - 0x0a, 0x1c, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x09, - 0x44, 0x65, 0x63, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, - 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, - 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x3b, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_google_api_expr_v1alpha1_checked_proto_rawDescOnce sync.Once - file_google_api_expr_v1alpha1_checked_proto_rawDescData = file_google_api_expr_v1alpha1_checked_proto_rawDesc -) - -func file_google_api_expr_v1alpha1_checked_proto_rawDescGZIP() []byte { - file_google_api_expr_v1alpha1_checked_proto_rawDescOnce.Do(func() { - file_google_api_expr_v1alpha1_checked_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_expr_v1alpha1_checked_proto_rawDescData) - }) - return file_google_api_expr_v1alpha1_checked_proto_rawDescData -} - -var file_google_api_expr_v1alpha1_checked_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_google_api_expr_v1alpha1_checked_proto_msgTypes = make([]protoimpl.MessageInfo, 13) -var file_google_api_expr_v1alpha1_checked_proto_goTypes = []interface{}{ - (Type_PrimitiveType)(0), // 0: google.api.expr.v1alpha1.Type.PrimitiveType - (Type_WellKnownType)(0), // 1: google.api.expr.v1alpha1.Type.WellKnownType - (*CheckedExpr)(nil), // 2: google.api.expr.v1alpha1.CheckedExpr - (*Type)(nil), // 3: google.api.expr.v1alpha1.Type - (*Decl)(nil), // 4: google.api.expr.v1alpha1.Decl - (*Reference)(nil), // 5: google.api.expr.v1alpha1.Reference - nil, // 6: google.api.expr.v1alpha1.CheckedExpr.ReferenceMapEntry - nil, // 7: google.api.expr.v1alpha1.CheckedExpr.TypeMapEntry - (*Type_ListType)(nil), // 8: google.api.expr.v1alpha1.Type.ListType - (*Type_MapType)(nil), // 9: google.api.expr.v1alpha1.Type.MapType - (*Type_FunctionType)(nil), // 10: google.api.expr.v1alpha1.Type.FunctionType - (*Type_AbstractType)(nil), // 11: google.api.expr.v1alpha1.Type.AbstractType - (*Decl_IdentDecl)(nil), // 12: google.api.expr.v1alpha1.Decl.IdentDecl - (*Decl_FunctionDecl)(nil), // 13: google.api.expr.v1alpha1.Decl.FunctionDecl - (*Decl_FunctionDecl_Overload)(nil), // 14: google.api.expr.v1alpha1.Decl.FunctionDecl.Overload - (*SourceInfo)(nil), // 15: google.api.expr.v1alpha1.SourceInfo - (*Expr)(nil), // 16: google.api.expr.v1alpha1.Expr - (*emptypb.Empty)(nil), // 17: google.protobuf.Empty - (structpb.NullValue)(0), // 18: google.protobuf.NullValue - (*Constant)(nil), // 19: google.api.expr.v1alpha1.Constant -} -var file_google_api_expr_v1alpha1_checked_proto_depIdxs = []int32{ - 6, // 0: google.api.expr.v1alpha1.CheckedExpr.reference_map:type_name -> google.api.expr.v1alpha1.CheckedExpr.ReferenceMapEntry - 7, // 1: google.api.expr.v1alpha1.CheckedExpr.type_map:type_name -> google.api.expr.v1alpha1.CheckedExpr.TypeMapEntry - 15, // 2: google.api.expr.v1alpha1.CheckedExpr.source_info:type_name -> google.api.expr.v1alpha1.SourceInfo - 16, // 3: google.api.expr.v1alpha1.CheckedExpr.expr:type_name -> google.api.expr.v1alpha1.Expr - 17, // 4: google.api.expr.v1alpha1.Type.dyn:type_name -> google.protobuf.Empty - 18, // 5: google.api.expr.v1alpha1.Type.null:type_name -> google.protobuf.NullValue - 0, // 6: google.api.expr.v1alpha1.Type.primitive:type_name -> google.api.expr.v1alpha1.Type.PrimitiveType - 0, // 7: google.api.expr.v1alpha1.Type.wrapper:type_name -> google.api.expr.v1alpha1.Type.PrimitiveType - 1, // 8: google.api.expr.v1alpha1.Type.well_known:type_name -> google.api.expr.v1alpha1.Type.WellKnownType - 8, // 9: google.api.expr.v1alpha1.Type.list_type:type_name -> google.api.expr.v1alpha1.Type.ListType - 9, // 10: google.api.expr.v1alpha1.Type.map_type:type_name -> google.api.expr.v1alpha1.Type.MapType - 10, // 11: google.api.expr.v1alpha1.Type.function:type_name -> google.api.expr.v1alpha1.Type.FunctionType - 3, // 12: google.api.expr.v1alpha1.Type.type:type_name -> google.api.expr.v1alpha1.Type - 17, // 13: google.api.expr.v1alpha1.Type.error:type_name -> google.protobuf.Empty - 11, // 14: google.api.expr.v1alpha1.Type.abstract_type:type_name -> google.api.expr.v1alpha1.Type.AbstractType - 12, // 15: google.api.expr.v1alpha1.Decl.ident:type_name -> google.api.expr.v1alpha1.Decl.IdentDecl - 13, // 16: google.api.expr.v1alpha1.Decl.function:type_name -> google.api.expr.v1alpha1.Decl.FunctionDecl - 19, // 17: google.api.expr.v1alpha1.Reference.value:type_name -> google.api.expr.v1alpha1.Constant - 5, // 18: google.api.expr.v1alpha1.CheckedExpr.ReferenceMapEntry.value:type_name -> google.api.expr.v1alpha1.Reference - 3, // 19: google.api.expr.v1alpha1.CheckedExpr.TypeMapEntry.value:type_name -> google.api.expr.v1alpha1.Type - 3, // 20: google.api.expr.v1alpha1.Type.ListType.elem_type:type_name -> google.api.expr.v1alpha1.Type - 3, // 21: google.api.expr.v1alpha1.Type.MapType.key_type:type_name -> google.api.expr.v1alpha1.Type - 3, // 22: google.api.expr.v1alpha1.Type.MapType.value_type:type_name -> google.api.expr.v1alpha1.Type - 3, // 23: google.api.expr.v1alpha1.Type.FunctionType.result_type:type_name -> google.api.expr.v1alpha1.Type - 3, // 24: google.api.expr.v1alpha1.Type.FunctionType.arg_types:type_name -> google.api.expr.v1alpha1.Type - 3, // 25: google.api.expr.v1alpha1.Type.AbstractType.parameter_types:type_name -> google.api.expr.v1alpha1.Type - 3, // 26: google.api.expr.v1alpha1.Decl.IdentDecl.type:type_name -> google.api.expr.v1alpha1.Type - 19, // 27: google.api.expr.v1alpha1.Decl.IdentDecl.value:type_name -> google.api.expr.v1alpha1.Constant - 14, // 28: google.api.expr.v1alpha1.Decl.FunctionDecl.overloads:type_name -> google.api.expr.v1alpha1.Decl.FunctionDecl.Overload - 3, // 29: google.api.expr.v1alpha1.Decl.FunctionDecl.Overload.params:type_name -> google.api.expr.v1alpha1.Type - 3, // 30: google.api.expr.v1alpha1.Decl.FunctionDecl.Overload.result_type:type_name -> google.api.expr.v1alpha1.Type - 31, // [31:31] is the sub-list for method output_type - 31, // [31:31] is the sub-list for method input_type - 31, // [31:31] is the sub-list for extension type_name - 31, // [31:31] is the sub-list for extension extendee - 0, // [0:31] is the sub-list for field type_name -} - -func init() { file_google_api_expr_v1alpha1_checked_proto_init() } -func file_google_api_expr_v1alpha1_checked_proto_init() { - if File_google_api_expr_v1alpha1_checked_proto != nil { - return - } - file_google_api_expr_v1alpha1_syntax_proto_init() - if !protoimpl.UnsafeEnabled { - file_google_api_expr_v1alpha1_checked_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CheckedExpr); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Type); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Decl); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Reference); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Type_ListType); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Type_MapType); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Type_FunctionType); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Type_AbstractType); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Decl_IdentDecl); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Decl_FunctionDecl); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Decl_FunctionDecl_Overload); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[1].OneofWrappers = []interface{}{ - (*Type_Dyn)(nil), - (*Type_Null)(nil), - (*Type_Primitive)(nil), - (*Type_Wrapper)(nil), - (*Type_WellKnown)(nil), - (*Type_ListType_)(nil), - (*Type_MapType_)(nil), - (*Type_Function)(nil), - (*Type_MessageType)(nil), - (*Type_TypeParam)(nil), - (*Type_Type)(nil), - (*Type_Error)(nil), - (*Type_AbstractType_)(nil), - } - file_google_api_expr_v1alpha1_checked_proto_msgTypes[2].OneofWrappers = []interface{}{ - (*Decl_Ident)(nil), - (*Decl_Function)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_api_expr_v1alpha1_checked_proto_rawDesc, - NumEnums: 2, - NumMessages: 13, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_api_expr_v1alpha1_checked_proto_goTypes, - DependencyIndexes: file_google_api_expr_v1alpha1_checked_proto_depIdxs, - EnumInfos: file_google_api_expr_v1alpha1_checked_proto_enumTypes, - MessageInfos: file_google_api_expr_v1alpha1_checked_proto_msgTypes, - }.Build() - File_google_api_expr_v1alpha1_checked_proto = out.File - file_google_api_expr_v1alpha1_checked_proto_rawDesc = nil - file_google_api_expr_v1alpha1_checked_proto_goTypes = nil - file_google_api_expr_v1alpha1_checked_proto_depIdxs = nil -} diff --git a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/eval.pb.go b/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/eval.pb.go deleted file mode 100644 index 678e65dfda..0000000000 --- a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/eval.pb.go +++ /dev/null @@ -1,579 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.26.0 -// protoc v3.12.2 -// source: google/api/expr/v1alpha1/eval.proto - -package expr - -import ( - reflect "reflect" - sync "sync" - - status "google.golang.org/genproto/googleapis/rpc/status" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// The state of an evaluation. -// -// Can represent an inital, partial, or completed state of evaluation. -type EvalState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The unique values referenced in this message. - Values []*ExprValue `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"` - // An ordered list of results. - // - // Tracks the flow of evaluation through the expression. - // May be sparse. - Results []*EvalState_Result `protobuf:"bytes,3,rep,name=results,proto3" json:"results,omitempty"` -} - -func (x *EvalState) Reset() { - *x = EvalState{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EvalState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EvalState) ProtoMessage() {} - -func (x *EvalState) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EvalState.ProtoReflect.Descriptor instead. -func (*EvalState) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_eval_proto_rawDescGZIP(), []int{0} -} - -func (x *EvalState) GetValues() []*ExprValue { - if x != nil { - return x.Values - } - return nil -} - -func (x *EvalState) GetResults() []*EvalState_Result { - if x != nil { - return x.Results - } - return nil -} - -// The value of an evaluated expression. -type ExprValue struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // An expression can resolve to a value, error or unknown. - // - // Types that are assignable to Kind: - // *ExprValue_Value - // *ExprValue_Error - // *ExprValue_Unknown - Kind isExprValue_Kind `protobuf_oneof:"kind"` -} - -func (x *ExprValue) Reset() { - *x = ExprValue{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExprValue) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExprValue) ProtoMessage() {} - -func (x *ExprValue) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExprValue.ProtoReflect.Descriptor instead. -func (*ExprValue) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_eval_proto_rawDescGZIP(), []int{1} -} - -func (m *ExprValue) GetKind() isExprValue_Kind { - if m != nil { - return m.Kind - } - return nil -} - -func (x *ExprValue) GetValue() *Value { - if x, ok := x.GetKind().(*ExprValue_Value); ok { - return x.Value - } - return nil -} - -func (x *ExprValue) GetError() *ErrorSet { - if x, ok := x.GetKind().(*ExprValue_Error); ok { - return x.Error - } - return nil -} - -func (x *ExprValue) GetUnknown() *UnknownSet { - if x, ok := x.GetKind().(*ExprValue_Unknown); ok { - return x.Unknown - } - return nil -} - -type isExprValue_Kind interface { - isExprValue_Kind() -} - -type ExprValue_Value struct { - // A concrete value. - Value *Value `protobuf:"bytes,1,opt,name=value,proto3,oneof"` -} - -type ExprValue_Error struct { - // The set of errors in the critical path of evalution. - // - // Only errors in the critical path are included. For example, - // `(<error1> || true) && <error2>` will only result in `<error2>`, - // while `<error1> || <error2>` will result in both `<error1>` and - // `<error2>`. - // - // Errors cause by the presence of other errors are not included in the - // set. For example `<error1>.foo`, `foo(<error1>)`, and `<error1> + 1` will - // only result in `<error1>`. - // - // Multiple errors *might* be included when evaluation could result - // in different errors. For example `<error1> + <error2>` and - // `foo(<error1>, <error2>)` may result in `<error1>`, `<error2>` or both. - // The exact subset of errors included for this case is unspecified and - // depends on the implementation details of the evaluator. - Error *ErrorSet `protobuf:"bytes,2,opt,name=error,proto3,oneof"` -} - -type ExprValue_Unknown struct { - // The set of unknowns in the critical path of evaluation. - // - // Unknown behaves identically to Error with regards to propagation. - // Specifically, only unknowns in the critical path are included, unknowns - // caused by the presence of other unknowns are not included, and multiple - // unknowns *might* be included included when evaluation could result in - // different unknowns. For example: - // - // (<unknown[1]> || true) && <unknown[2]> -> <unknown[2]> - // <unknown[1]> || <unknown[2]> -> <unknown[1,2]> - // <unknown[1]>.foo -> <unknown[1]> - // foo(<unknown[1]>) -> <unknown[1]> - // <unknown[1]> + <unknown[2]> -> <unknown[1]> or <unknown[2[> - // - // Unknown takes precidence over Error in cases where a `Value` can short - // circuit the result: - // - // <error> || <unknown> -> <unknown> - // <error> && <unknown> -> <unknown> - // - // Errors take precidence in all other cases: - // - // <unknown> + <error> -> <error> - // foo(<unknown>, <error>) -> <error> - Unknown *UnknownSet `protobuf:"bytes,3,opt,name=unknown,proto3,oneof"` -} - -func (*ExprValue_Value) isExprValue_Kind() {} - -func (*ExprValue_Error) isExprValue_Kind() {} - -func (*ExprValue_Unknown) isExprValue_Kind() {} - -// A set of errors. -// -// The errors included depend on the context. See `ExprValue.error`. -type ErrorSet struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The errors in the set. - Errors []*status.Status `protobuf:"bytes,1,rep,name=errors,proto3" json:"errors,omitempty"` -} - -func (x *ErrorSet) Reset() { - *x = ErrorSet{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ErrorSet) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ErrorSet) ProtoMessage() {} - -func (x *ErrorSet) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ErrorSet.ProtoReflect.Descriptor instead. -func (*ErrorSet) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_eval_proto_rawDescGZIP(), []int{2} -} - -func (x *ErrorSet) GetErrors() []*status.Status { - if x != nil { - return x.Errors - } - return nil -} - -// A set of expressions for which the value is unknown. -// -// The unknowns included depend on the context. See `ExprValue.unknown`. -type UnknownSet struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The ids of the expressions with unknown values. - Exprs []int64 `protobuf:"varint,1,rep,packed,name=exprs,proto3" json:"exprs,omitempty"` -} - -func (x *UnknownSet) Reset() { - *x = UnknownSet{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UnknownSet) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UnknownSet) ProtoMessage() {} - -func (x *UnknownSet) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UnknownSet.ProtoReflect.Descriptor instead. -func (*UnknownSet) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_eval_proto_rawDescGZIP(), []int{3} -} - -func (x *UnknownSet) GetExprs() []int64 { - if x != nil { - return x.Exprs - } - return nil -} - -// A single evalution result. -type EvalState_Result struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The id of the expression this result if for. - Expr int64 `protobuf:"varint,1,opt,name=expr,proto3" json:"expr,omitempty"` - // The index in `values` of the resulting value. - Value int64 `protobuf:"varint,2,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *EvalState_Result) Reset() { - *x = EvalState_Result{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EvalState_Result) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EvalState_Result) ProtoMessage() {} - -func (x *EvalState_Result) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_eval_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EvalState_Result.ProtoReflect.Descriptor instead. -func (*EvalState_Result) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_eval_proto_rawDescGZIP(), []int{0, 0} -} - -func (x *EvalState_Result) GetExpr() int64 { - if x != nil { - return x.Expr - } - return 0 -} - -func (x *EvalState_Result) GetValue() int64 { - if x != nil { - return x.Value - } - return 0 -} - -var File_google_api_expr_v1alpha1_eval_proto protoreflect.FileDescriptor - -var file_google_api_expr_v1alpha1_eval_proto_rawDesc = []byte{ - 0x0a, 0x23, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, - 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x65, 0x76, 0x61, 0x6c, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, - 0x24, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, - 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, - 0x63, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc2, - 0x01, 0x0a, 0x09, 0x45, 0x76, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3b, 0x0a, 0x06, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x07, 0x72, 0x65, 0x73, - 0x75, 0x6c, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x76, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, - 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x1a, - 0x32, 0x0a, 0x06, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x78, 0x70, - 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x65, 0x78, 0x70, 0x72, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x22, 0xca, 0x01, 0x0a, 0x09, 0x45, 0x78, 0x70, 0x72, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x12, 0x37, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, - 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3a, 0x0a, 0x05, 0x65, 0x72, - 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, - 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x40, 0x0a, 0x07, 0x75, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, - 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52, - 0x07, 0x75, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x42, 0x06, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, - 0x22, 0x36, 0x0a, 0x08, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x12, 0x2a, 0x0a, 0x06, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x22, 0x22, 0x0a, 0x0a, 0x55, 0x6e, 0x6b, 0x6e, - 0x6f, 0x77, 0x6e, 0x53, 0x65, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, 0x70, 0x72, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x03, 0x52, 0x05, 0x65, 0x78, 0x70, 0x72, 0x73, 0x42, 0x6c, 0x0a, 0x1c, - 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, - 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x09, 0x45, 0x76, - 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x3b, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var ( - file_google_api_expr_v1alpha1_eval_proto_rawDescOnce sync.Once - file_google_api_expr_v1alpha1_eval_proto_rawDescData = file_google_api_expr_v1alpha1_eval_proto_rawDesc -) - -func file_google_api_expr_v1alpha1_eval_proto_rawDescGZIP() []byte { - file_google_api_expr_v1alpha1_eval_proto_rawDescOnce.Do(func() { - file_google_api_expr_v1alpha1_eval_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_expr_v1alpha1_eval_proto_rawDescData) - }) - return file_google_api_expr_v1alpha1_eval_proto_rawDescData -} - -var file_google_api_expr_v1alpha1_eval_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_google_api_expr_v1alpha1_eval_proto_goTypes = []interface{}{ - (*EvalState)(nil), // 0: google.api.expr.v1alpha1.EvalState - (*ExprValue)(nil), // 1: google.api.expr.v1alpha1.ExprValue - (*ErrorSet)(nil), // 2: google.api.expr.v1alpha1.ErrorSet - (*UnknownSet)(nil), // 3: google.api.expr.v1alpha1.UnknownSet - (*EvalState_Result)(nil), // 4: google.api.expr.v1alpha1.EvalState.Result - (*Value)(nil), // 5: google.api.expr.v1alpha1.Value - (*status.Status)(nil), // 6: google.rpc.Status -} -var file_google_api_expr_v1alpha1_eval_proto_depIdxs = []int32{ - 1, // 0: google.api.expr.v1alpha1.EvalState.values:type_name -> google.api.expr.v1alpha1.ExprValue - 4, // 1: google.api.expr.v1alpha1.EvalState.results:type_name -> google.api.expr.v1alpha1.EvalState.Result - 5, // 2: google.api.expr.v1alpha1.ExprValue.value:type_name -> google.api.expr.v1alpha1.Value - 2, // 3: google.api.expr.v1alpha1.ExprValue.error:type_name -> google.api.expr.v1alpha1.ErrorSet - 3, // 4: google.api.expr.v1alpha1.ExprValue.unknown:type_name -> google.api.expr.v1alpha1.UnknownSet - 6, // 5: google.api.expr.v1alpha1.ErrorSet.errors:type_name -> google.rpc.Status - 6, // [6:6] is the sub-list for method output_type - 6, // [6:6] is the sub-list for method input_type - 6, // [6:6] is the sub-list for extension type_name - 6, // [6:6] is the sub-list for extension extendee - 0, // [0:6] is the sub-list for field type_name -} - -func init() { file_google_api_expr_v1alpha1_eval_proto_init() } -func file_google_api_expr_v1alpha1_eval_proto_init() { - if File_google_api_expr_v1alpha1_eval_proto != nil { - return - } - file_google_api_expr_v1alpha1_value_proto_init() - if !protoimpl.UnsafeEnabled { - file_google_api_expr_v1alpha1_eval_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EvalState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_eval_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExprValue); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_eval_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ErrorSet); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_eval_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UnknownSet); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_eval_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EvalState_Result); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_google_api_expr_v1alpha1_eval_proto_msgTypes[1].OneofWrappers = []interface{}{ - (*ExprValue_Value)(nil), - (*ExprValue_Error)(nil), - (*ExprValue_Unknown)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_api_expr_v1alpha1_eval_proto_rawDesc, - NumEnums: 0, - NumMessages: 5, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_api_expr_v1alpha1_eval_proto_goTypes, - DependencyIndexes: file_google_api_expr_v1alpha1_eval_proto_depIdxs, - MessageInfos: file_google_api_expr_v1alpha1_eval_proto_msgTypes, - }.Build() - File_google_api_expr_v1alpha1_eval_proto = out.File - file_google_api_expr_v1alpha1_eval_proto_rawDesc = nil - file_google_api_expr_v1alpha1_eval_proto_goTypes = nil - file_google_api_expr_v1alpha1_eval_proto_depIdxs = nil -} diff --git a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/explain.pb.go b/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/explain.pb.go deleted file mode 100644 index 65be0a031f..0000000000 --- a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/explain.pb.go +++ /dev/null @@ -1,275 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.26.0 -// protoc v3.12.2 -// source: google/api/expr/v1alpha1/explain.proto - -package expr - -import ( - reflect "reflect" - sync "sync" - - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Values of intermediate expressions produced when evaluating expression. -// Deprecated, use `EvalState` instead. -// -// Deprecated: Do not use. -type Explain struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // All of the observed values. - // - // The field value_index is an index in the values list. - // Separating values from steps is needed to remove redundant values. - Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"` - // List of steps. - // - // Repeated evaluations of the same expression generate new ExprStep - // instances. The order of such ExprStep instances matches the order of - // elements returned by Comprehension.iter_range. - ExprSteps []*Explain_ExprStep `protobuf:"bytes,2,rep,name=expr_steps,json=exprSteps,proto3" json:"expr_steps,omitempty"` -} - -func (x *Explain) Reset() { - *x = Explain{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_explain_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Explain) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Explain) ProtoMessage() {} - -func (x *Explain) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_explain_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Explain.ProtoReflect.Descriptor instead. -func (*Explain) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_explain_proto_rawDescGZIP(), []int{0} -} - -func (x *Explain) GetValues() []*Value { - if x != nil { - return x.Values - } - return nil -} - -func (x *Explain) GetExprSteps() []*Explain_ExprStep { - if x != nil { - return x.ExprSteps - } - return nil -} - -// ID and value index of one step. -type Explain_ExprStep struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // ID of corresponding Expr node. - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` - // Index of the value in the values list. - ValueIndex int32 `protobuf:"varint,2,opt,name=value_index,json=valueIndex,proto3" json:"value_index,omitempty"` -} - -func (x *Explain_ExprStep) Reset() { - *x = Explain_ExprStep{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_explain_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Explain_ExprStep) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Explain_ExprStep) ProtoMessage() {} - -func (x *Explain_ExprStep) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_explain_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Explain_ExprStep.ProtoReflect.Descriptor instead. -func (*Explain_ExprStep) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_explain_proto_rawDescGZIP(), []int{0, 0} -} - -func (x *Explain_ExprStep) GetId() int64 { - if x != nil { - return x.Id - } - return 0 -} - -func (x *Explain_ExprStep) GetValueIndex() int32 { - if x != nil { - return x.ValueIndex - } - return 0 -} - -var File_google_api_expr_v1alpha1_explain_proto protoreflect.FileDescriptor - -var file_google_api_expr_v1alpha1_explain_proto_rawDesc = []byte{ - 0x0a, 0x26, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, - 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x65, 0x78, 0x70, 0x6c, 0x61, - 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x1a, 0x24, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, - 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xce, 0x01, 0x0a, 0x07, 0x45, 0x78, 0x70, - 0x6c, 0x61, 0x69, 0x6e, 0x12, 0x37, 0x0a, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x49, 0x0a, - 0x0a, 0x65, 0x78, 0x70, 0x72, 0x5f, 0x73, 0x74, 0x65, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, - 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, - 0x6c, 0x61, 0x69, 0x6e, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x53, 0x74, 0x65, 0x70, 0x52, 0x09, 0x65, - 0x78, 0x70, 0x72, 0x53, 0x74, 0x65, 0x70, 0x73, 0x1a, 0x3b, 0x0a, 0x08, 0x45, 0x78, 0x70, 0x72, - 0x53, 0x74, 0x65, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, - 0x52, 0x02, 0x69, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x69, 0x6e, - 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x49, 0x6e, 0x64, 0x65, 0x78, 0x3a, 0x02, 0x18, 0x01, 0x42, 0x6f, 0x0a, 0x1c, 0x63, 0x6f, 0x6d, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0c, 0x45, 0x78, 0x70, 0x6c, 0x61, - 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x3b, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var ( - file_google_api_expr_v1alpha1_explain_proto_rawDescOnce sync.Once - file_google_api_expr_v1alpha1_explain_proto_rawDescData = file_google_api_expr_v1alpha1_explain_proto_rawDesc -) - -func file_google_api_expr_v1alpha1_explain_proto_rawDescGZIP() []byte { - file_google_api_expr_v1alpha1_explain_proto_rawDescOnce.Do(func() { - file_google_api_expr_v1alpha1_explain_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_expr_v1alpha1_explain_proto_rawDescData) - }) - return file_google_api_expr_v1alpha1_explain_proto_rawDescData -} - -var file_google_api_expr_v1alpha1_explain_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_google_api_expr_v1alpha1_explain_proto_goTypes = []interface{}{ - (*Explain)(nil), // 0: google.api.expr.v1alpha1.Explain - (*Explain_ExprStep)(nil), // 1: google.api.expr.v1alpha1.Explain.ExprStep - (*Value)(nil), // 2: google.api.expr.v1alpha1.Value -} -var file_google_api_expr_v1alpha1_explain_proto_depIdxs = []int32{ - 2, // 0: google.api.expr.v1alpha1.Explain.values:type_name -> google.api.expr.v1alpha1.Value - 1, // 1: google.api.expr.v1alpha1.Explain.expr_steps:type_name -> google.api.expr.v1alpha1.Explain.ExprStep - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_google_api_expr_v1alpha1_explain_proto_init() } -func file_google_api_expr_v1alpha1_explain_proto_init() { - if File_google_api_expr_v1alpha1_explain_proto != nil { - return - } - file_google_api_expr_v1alpha1_value_proto_init() - if !protoimpl.UnsafeEnabled { - file_google_api_expr_v1alpha1_explain_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Explain); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_explain_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Explain_ExprStep); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_api_expr_v1alpha1_explain_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_api_expr_v1alpha1_explain_proto_goTypes, - DependencyIndexes: file_google_api_expr_v1alpha1_explain_proto_depIdxs, - MessageInfos: file_google_api_expr_v1alpha1_explain_proto_msgTypes, - }.Build() - File_google_api_expr_v1alpha1_explain_proto = out.File - file_google_api_expr_v1alpha1_explain_proto_rawDesc = nil - file_google_api_expr_v1alpha1_explain_proto_goTypes = nil - file_google_api_expr_v1alpha1_explain_proto_depIdxs = nil -} diff --git a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/syntax.pb.go b/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/syntax.pb.go deleted file mode 100644 index 175dec53c3..0000000000 --- a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/syntax.pb.go +++ /dev/null @@ -1,1685 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.26.0 -// protoc v3.12.2 -// source: google/api/expr/v1alpha1/syntax.proto - -package expr - -import ( - reflect "reflect" - sync "sync" - - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - durationpb "google.golang.org/protobuf/types/known/durationpb" - structpb "google.golang.org/protobuf/types/known/structpb" - timestamppb "google.golang.org/protobuf/types/known/timestamppb" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// An expression together with source information as returned by the parser. -type ParsedExpr struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The parsed expression. - Expr *Expr `protobuf:"bytes,2,opt,name=expr,proto3" json:"expr,omitempty"` - // The source info derived from input that generated the parsed `expr`. - SourceInfo *SourceInfo `protobuf:"bytes,3,opt,name=source_info,json=sourceInfo,proto3" json:"source_info,omitempty"` -} - -func (x *ParsedExpr) Reset() { - *x = ParsedExpr{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ParsedExpr) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ParsedExpr) ProtoMessage() {} - -func (x *ParsedExpr) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ParsedExpr.ProtoReflect.Descriptor instead. -func (*ParsedExpr) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{0} -} - -func (x *ParsedExpr) GetExpr() *Expr { - if x != nil { - return x.Expr - } - return nil -} - -func (x *ParsedExpr) GetSourceInfo() *SourceInfo { - if x != nil { - return x.SourceInfo - } - return nil -} - -// An abstract representation of a common expression. -// -// Expressions are abstractly represented as a collection of identifiers, -// select statements, function calls, literals, and comprehensions. All -// operators with the exception of the '.' operator are modelled as function -// calls. This makes it easy to represent new operators into the existing AST. -// -// All references within expressions must resolve to a [Decl][google.api.expr.v1alpha1.Decl] provided at -// type-check for an expression to be valid. A reference may either be a bare -// identifier `name` or a qualified identifier `google.api.name`. References -// may either refer to a value or a function declaration. -// -// For example, the expression `google.api.name.startsWith('expr')` references -// the declaration `google.api.name` within a [Expr.Select][google.api.expr.v1alpha1.Expr.Select] expression, and -// the function declaration `startsWith`. -type Expr struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. An id assigned to this node by the parser which is unique in a - // given expression tree. This is used to associate type information and other - // attributes to a node in the parse tree. - Id int64 `protobuf:"varint,2,opt,name=id,proto3" json:"id,omitempty"` - // Required. Variants of expressions. - // - // Types that are assignable to ExprKind: - // *Expr_ConstExpr - // *Expr_IdentExpr - // *Expr_SelectExpr - // *Expr_CallExpr - // *Expr_ListExpr - // *Expr_StructExpr - // *Expr_ComprehensionExpr - ExprKind isExpr_ExprKind `protobuf_oneof:"expr_kind"` -} - -func (x *Expr) Reset() { - *x = Expr{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr) ProtoMessage() {} - -func (x *Expr) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr.ProtoReflect.Descriptor instead. -func (*Expr) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1} -} - -func (x *Expr) GetId() int64 { - if x != nil { - return x.Id - } - return 0 -} - -func (m *Expr) GetExprKind() isExpr_ExprKind { - if m != nil { - return m.ExprKind - } - return nil -} - -func (x *Expr) GetConstExpr() *Constant { - if x, ok := x.GetExprKind().(*Expr_ConstExpr); ok { - return x.ConstExpr - } - return nil -} - -func (x *Expr) GetIdentExpr() *Expr_Ident { - if x, ok := x.GetExprKind().(*Expr_IdentExpr); ok { - return x.IdentExpr - } - return nil -} - -func (x *Expr) GetSelectExpr() *Expr_Select { - if x, ok := x.GetExprKind().(*Expr_SelectExpr); ok { - return x.SelectExpr - } - return nil -} - -func (x *Expr) GetCallExpr() *Expr_Call { - if x, ok := x.GetExprKind().(*Expr_CallExpr); ok { - return x.CallExpr - } - return nil -} - -func (x *Expr) GetListExpr() *Expr_CreateList { - if x, ok := x.GetExprKind().(*Expr_ListExpr); ok { - return x.ListExpr - } - return nil -} - -func (x *Expr) GetStructExpr() *Expr_CreateStruct { - if x, ok := x.GetExprKind().(*Expr_StructExpr); ok { - return x.StructExpr - } - return nil -} - -func (x *Expr) GetComprehensionExpr() *Expr_Comprehension { - if x, ok := x.GetExprKind().(*Expr_ComprehensionExpr); ok { - return x.ComprehensionExpr - } - return nil -} - -type isExpr_ExprKind interface { - isExpr_ExprKind() -} - -type Expr_ConstExpr struct { - // A literal expression. - ConstExpr *Constant `protobuf:"bytes,3,opt,name=const_expr,json=constExpr,proto3,oneof"` -} - -type Expr_IdentExpr struct { - // An identifier expression. - IdentExpr *Expr_Ident `protobuf:"bytes,4,opt,name=ident_expr,json=identExpr,proto3,oneof"` -} - -type Expr_SelectExpr struct { - // A field selection expression, e.g. `request.auth`. - SelectExpr *Expr_Select `protobuf:"bytes,5,opt,name=select_expr,json=selectExpr,proto3,oneof"` -} - -type Expr_CallExpr struct { - // A call expression, including calls to predefined functions and operators. - CallExpr *Expr_Call `protobuf:"bytes,6,opt,name=call_expr,json=callExpr,proto3,oneof"` -} - -type Expr_ListExpr struct { - // A list creation expression. - ListExpr *Expr_CreateList `protobuf:"bytes,7,opt,name=list_expr,json=listExpr,proto3,oneof"` -} - -type Expr_StructExpr struct { - // A map or message creation expression. - StructExpr *Expr_CreateStruct `protobuf:"bytes,8,opt,name=struct_expr,json=structExpr,proto3,oneof"` -} - -type Expr_ComprehensionExpr struct { - // A comprehension expression. - ComprehensionExpr *Expr_Comprehension `protobuf:"bytes,9,opt,name=comprehension_expr,json=comprehensionExpr,proto3,oneof"` -} - -func (*Expr_ConstExpr) isExpr_ExprKind() {} - -func (*Expr_IdentExpr) isExpr_ExprKind() {} - -func (*Expr_SelectExpr) isExpr_ExprKind() {} - -func (*Expr_CallExpr) isExpr_ExprKind() {} - -func (*Expr_ListExpr) isExpr_ExprKind() {} - -func (*Expr_StructExpr) isExpr_ExprKind() {} - -func (*Expr_ComprehensionExpr) isExpr_ExprKind() {} - -// Represents a primitive literal. -// -// Named 'Constant' here for backwards compatibility. -// -// This is similar as the primitives supported in the well-known type -// `google.protobuf.Value`, but richer so it can represent CEL's full range of -// primitives. -// -// Lists and structs are not included as constants as these aggregate types may -// contain [Expr][google.api.expr.v1alpha1.Expr] elements which require evaluation and are thus not constant. -// -// Examples of literals include: `"hello"`, `b'bytes'`, `1u`, `4.2`, `-2`, -// `true`, `null`. -type Constant struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. The valid constant kinds. - // - // Types that are assignable to ConstantKind: - // *Constant_NullValue - // *Constant_BoolValue - // *Constant_Int64Value - // *Constant_Uint64Value - // *Constant_DoubleValue - // *Constant_StringValue - // *Constant_BytesValue - // *Constant_DurationValue - // *Constant_TimestampValue - ConstantKind isConstant_ConstantKind `protobuf_oneof:"constant_kind"` -} - -func (x *Constant) Reset() { - *x = Constant{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Constant) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Constant) ProtoMessage() {} - -func (x *Constant) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Constant.ProtoReflect.Descriptor instead. -func (*Constant) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{2} -} - -func (m *Constant) GetConstantKind() isConstant_ConstantKind { - if m != nil { - return m.ConstantKind - } - return nil -} - -func (x *Constant) GetNullValue() structpb.NullValue { - if x, ok := x.GetConstantKind().(*Constant_NullValue); ok { - return x.NullValue - } - return structpb.NullValue_NULL_VALUE -} - -func (x *Constant) GetBoolValue() bool { - if x, ok := x.GetConstantKind().(*Constant_BoolValue); ok { - return x.BoolValue - } - return false -} - -func (x *Constant) GetInt64Value() int64 { - if x, ok := x.GetConstantKind().(*Constant_Int64Value); ok { - return x.Int64Value - } - return 0 -} - -func (x *Constant) GetUint64Value() uint64 { - if x, ok := x.GetConstantKind().(*Constant_Uint64Value); ok { - return x.Uint64Value - } - return 0 -} - -func (x *Constant) GetDoubleValue() float64 { - if x, ok := x.GetConstantKind().(*Constant_DoubleValue); ok { - return x.DoubleValue - } - return 0 -} - -func (x *Constant) GetStringValue() string { - if x, ok := x.GetConstantKind().(*Constant_StringValue); ok { - return x.StringValue - } - return "" -} - -func (x *Constant) GetBytesValue() []byte { - if x, ok := x.GetConstantKind().(*Constant_BytesValue); ok { - return x.BytesValue - } - return nil -} - -// Deprecated: Do not use. -func (x *Constant) GetDurationValue() *durationpb.Duration { - if x, ok := x.GetConstantKind().(*Constant_DurationValue); ok { - return x.DurationValue - } - return nil -} - -// Deprecated: Do not use. -func (x *Constant) GetTimestampValue() *timestamppb.Timestamp { - if x, ok := x.GetConstantKind().(*Constant_TimestampValue); ok { - return x.TimestampValue - } - return nil -} - -type isConstant_ConstantKind interface { - isConstant_ConstantKind() -} - -type Constant_NullValue struct { - // null value. - NullValue structpb.NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof"` -} - -type Constant_BoolValue struct { - // boolean value. - BoolValue bool `protobuf:"varint,2,opt,name=bool_value,json=boolValue,proto3,oneof"` -} - -type Constant_Int64Value struct { - // int64 value. - Int64Value int64 `protobuf:"varint,3,opt,name=int64_value,json=int64Value,proto3,oneof"` -} - -type Constant_Uint64Value struct { - // uint64 value. - Uint64Value uint64 `protobuf:"varint,4,opt,name=uint64_value,json=uint64Value,proto3,oneof"` -} - -type Constant_DoubleValue struct { - // double value. - DoubleValue float64 `protobuf:"fixed64,5,opt,name=double_value,json=doubleValue,proto3,oneof"` -} - -type Constant_StringValue struct { - // string value. - StringValue string `protobuf:"bytes,6,opt,name=string_value,json=stringValue,proto3,oneof"` -} - -type Constant_BytesValue struct { - // bytes value. - BytesValue []byte `protobuf:"bytes,7,opt,name=bytes_value,json=bytesValue,proto3,oneof"` -} - -type Constant_DurationValue struct { - // protobuf.Duration value. - // - // Deprecated: duration is no longer considered a builtin cel type. - // - // Deprecated: Do not use. - DurationValue *durationpb.Duration `protobuf:"bytes,8,opt,name=duration_value,json=durationValue,proto3,oneof"` -} - -type Constant_TimestampValue struct { - // protobuf.Timestamp value. - // - // Deprecated: timestamp is no longer considered a builtin cel type. - // - // Deprecated: Do not use. - TimestampValue *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=timestamp_value,json=timestampValue,proto3,oneof"` -} - -func (*Constant_NullValue) isConstant_ConstantKind() {} - -func (*Constant_BoolValue) isConstant_ConstantKind() {} - -func (*Constant_Int64Value) isConstant_ConstantKind() {} - -func (*Constant_Uint64Value) isConstant_ConstantKind() {} - -func (*Constant_DoubleValue) isConstant_ConstantKind() {} - -func (*Constant_StringValue) isConstant_ConstantKind() {} - -func (*Constant_BytesValue) isConstant_ConstantKind() {} - -func (*Constant_DurationValue) isConstant_ConstantKind() {} - -func (*Constant_TimestampValue) isConstant_ConstantKind() {} - -// Source information collected at parse time. -type SourceInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The syntax version of the source, e.g. `cel1`. - SyntaxVersion string `protobuf:"bytes,1,opt,name=syntax_version,json=syntaxVersion,proto3" json:"syntax_version,omitempty"` - // The location name. All position information attached to an expression is - // relative to this location. - // - // The location could be a file, UI element, or similar. For example, - // `acme/app/AnvilPolicy.cel`. - Location string `protobuf:"bytes,2,opt,name=location,proto3" json:"location,omitempty"` - // Monotonically increasing list of code point offsets where newlines - // `\n` appear. - // - // The line number of a given position is the index `i` where for a given - // `id` the `line_offsets[i] < id_positions[id] < line_offsets[i+1]`. The - // column may be derivd from `id_positions[id] - line_offsets[i]`. - LineOffsets []int32 `protobuf:"varint,3,rep,packed,name=line_offsets,json=lineOffsets,proto3" json:"line_offsets,omitempty"` - // A map from the parse node id (e.g. `Expr.id`) to the code point offset - // within the source. - Positions map[int64]int32 `protobuf:"bytes,4,rep,name=positions,proto3" json:"positions,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - // A map from the parse node id where a macro replacement was made to the - // call `Expr` that resulted in a macro expansion. - // - // For example, `has(value.field)` is a function call that is replaced by a - // `test_only` field selection in the AST. Likewise, the call - // `list.exists(e, e > 10)` translates to a comprehension expression. The key - // in the map corresponds to the expression id of the expanded macro, and the - // value is the call `Expr` that was replaced. - MacroCalls map[int64]*Expr `protobuf:"bytes,5,rep,name=macro_calls,json=macroCalls,proto3" json:"macro_calls,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *SourceInfo) Reset() { - *x = SourceInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SourceInfo) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SourceInfo) ProtoMessage() {} - -func (x *SourceInfo) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SourceInfo.ProtoReflect.Descriptor instead. -func (*SourceInfo) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{3} -} - -func (x *SourceInfo) GetSyntaxVersion() string { - if x != nil { - return x.SyntaxVersion - } - return "" -} - -func (x *SourceInfo) GetLocation() string { - if x != nil { - return x.Location - } - return "" -} - -func (x *SourceInfo) GetLineOffsets() []int32 { - if x != nil { - return x.LineOffsets - } - return nil -} - -func (x *SourceInfo) GetPositions() map[int64]int32 { - if x != nil { - return x.Positions - } - return nil -} - -func (x *SourceInfo) GetMacroCalls() map[int64]*Expr { - if x != nil { - return x.MacroCalls - } - return nil -} - -// A specific position in source. -type SourcePosition struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The soucre location name (e.g. file name). - Location string `protobuf:"bytes,1,opt,name=location,proto3" json:"location,omitempty"` - // The UTF-8 code unit offset. - Offset int32 `protobuf:"varint,2,opt,name=offset,proto3" json:"offset,omitempty"` - // The 1-based index of the starting line in the source text - // where the issue occurs, or 0 if unknown. - Line int32 `protobuf:"varint,3,opt,name=line,proto3" json:"line,omitempty"` - // The 0-based index of the starting position within the line of source text - // where the issue occurs. Only meaningful if line is nonzero. - Column int32 `protobuf:"varint,4,opt,name=column,proto3" json:"column,omitempty"` -} - -func (x *SourcePosition) Reset() { - *x = SourcePosition{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SourcePosition) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SourcePosition) ProtoMessage() {} - -func (x *SourcePosition) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SourcePosition.ProtoReflect.Descriptor instead. -func (*SourcePosition) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{4} -} - -func (x *SourcePosition) GetLocation() string { - if x != nil { - return x.Location - } - return "" -} - -func (x *SourcePosition) GetOffset() int32 { - if x != nil { - return x.Offset - } - return 0 -} - -func (x *SourcePosition) GetLine() int32 { - if x != nil { - return x.Line - } - return 0 -} - -func (x *SourcePosition) GetColumn() int32 { - if x != nil { - return x.Column - } - return 0 -} - -// An identifier expression. e.g. `request`. -type Expr_Ident struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. Holds a single, unqualified identifier, possibly preceded by a - // '.'. - // - // Qualified names are represented by the [Expr.Select][google.api.expr.v1alpha1.Expr.Select] expression. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` -} - -func (x *Expr_Ident) Reset() { - *x = Expr_Ident{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr_Ident) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr_Ident) ProtoMessage() {} - -func (x *Expr_Ident) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr_Ident.ProtoReflect.Descriptor instead. -func (*Expr_Ident) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1, 0} -} - -func (x *Expr_Ident) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// A field selection expression. e.g. `request.auth`. -type Expr_Select struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. The target of the selection expression. - // - // For example, in the select expression `request.auth`, the `request` - // portion of the expression is the `operand`. - Operand *Expr `protobuf:"bytes,1,opt,name=operand,proto3" json:"operand,omitempty"` - // Required. The name of the field to select. - // - // For example, in the select expression `request.auth`, the `auth` portion - // of the expression would be the `field`. - Field string `protobuf:"bytes,2,opt,name=field,proto3" json:"field,omitempty"` - // Whether the select is to be interpreted as a field presence test. - // - // This results from the macro `has(request.auth)`. - TestOnly bool `protobuf:"varint,3,opt,name=test_only,json=testOnly,proto3" json:"test_only,omitempty"` -} - -func (x *Expr_Select) Reset() { - *x = Expr_Select{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr_Select) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr_Select) ProtoMessage() {} - -func (x *Expr_Select) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr_Select.ProtoReflect.Descriptor instead. -func (*Expr_Select) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1, 1} -} - -func (x *Expr_Select) GetOperand() *Expr { - if x != nil { - return x.Operand - } - return nil -} - -func (x *Expr_Select) GetField() string { - if x != nil { - return x.Field - } - return "" -} - -func (x *Expr_Select) GetTestOnly() bool { - if x != nil { - return x.TestOnly - } - return false -} - -// A call expression, including calls to predefined functions and operators. -// -// For example, `value == 10`, `size(map_value)`. -type Expr_Call struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The target of an method call-style expression. For example, `x` in - // `x.f()`. - Target *Expr `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"` - // Required. The name of the function or method being called. - Function string `protobuf:"bytes,2,opt,name=function,proto3" json:"function,omitempty"` - // The arguments. - Args []*Expr `protobuf:"bytes,3,rep,name=args,proto3" json:"args,omitempty"` -} - -func (x *Expr_Call) Reset() { - *x = Expr_Call{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr_Call) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr_Call) ProtoMessage() {} - -func (x *Expr_Call) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr_Call.ProtoReflect.Descriptor instead. -func (*Expr_Call) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1, 2} -} - -func (x *Expr_Call) GetTarget() *Expr { - if x != nil { - return x.Target - } - return nil -} - -func (x *Expr_Call) GetFunction() string { - if x != nil { - return x.Function - } - return "" -} - -func (x *Expr_Call) GetArgs() []*Expr { - if x != nil { - return x.Args - } - return nil -} - -// A list creation expression. -// -// Lists may either be homogenous, e.g. `[1, 2, 3]`, or heterogeneous, e.g. -// `dyn([1, 'hello', 2.0])` -type Expr_CreateList struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The elements part of the list. - Elements []*Expr `protobuf:"bytes,1,rep,name=elements,proto3" json:"elements,omitempty"` -} - -func (x *Expr_CreateList) Reset() { - *x = Expr_CreateList{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr_CreateList) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr_CreateList) ProtoMessage() {} - -func (x *Expr_CreateList) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr_CreateList.ProtoReflect.Descriptor instead. -func (*Expr_CreateList) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1, 3} -} - -func (x *Expr_CreateList) GetElements() []*Expr { - if x != nil { - return x.Elements - } - return nil -} - -// A map or message creation expression. -// -// Maps are constructed as `{'key_name': 'value'}`. Message construction is -// similar, but prefixed with a type name and composed of field ids: -// `types.MyType{field_id: 'value'}`. -type Expr_CreateStruct struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The type name of the message to be created, empty when creating map - // literals. - MessageName string `protobuf:"bytes,1,opt,name=message_name,json=messageName,proto3" json:"message_name,omitempty"` - // The entries in the creation expression. - Entries []*Expr_CreateStruct_Entry `protobuf:"bytes,2,rep,name=entries,proto3" json:"entries,omitempty"` -} - -func (x *Expr_CreateStruct) Reset() { - *x = Expr_CreateStruct{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr_CreateStruct) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr_CreateStruct) ProtoMessage() {} - -func (x *Expr_CreateStruct) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr_CreateStruct.ProtoReflect.Descriptor instead. -func (*Expr_CreateStruct) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1, 4} -} - -func (x *Expr_CreateStruct) GetMessageName() string { - if x != nil { - return x.MessageName - } - return "" -} - -func (x *Expr_CreateStruct) GetEntries() []*Expr_CreateStruct_Entry { - if x != nil { - return x.Entries - } - return nil -} - -// A comprehension expression applied to a list or map. -// -// Comprehensions are not part of the core syntax, but enabled with macros. -// A macro matches a specific call signature within a parsed AST and replaces -// the call with an alternate AST block. Macro expansion happens at parse -// time. -// -// The following macros are supported within CEL: -// -// Aggregate type macros may be applied to all elements in a list or all keys -// in a map: -// -// * `all`, `exists`, `exists_one` - test a predicate expression against -// the inputs and return `true` if the predicate is satisfied for all, -// any, or only one value `list.all(x, x < 10)`. -// * `filter` - test a predicate expression against the inputs and return -// the subset of elements which satisfy the predicate: -// `payments.filter(p, p > 1000)`. -// * `map` - apply an expression to all elements in the input and return the -// output aggregate type: `[1, 2, 3].map(i, i * i)`. -// -// The `has(m.x)` macro tests whether the property `x` is present in struct -// `m`. The semantics of this macro depend on the type of `m`. For proto2 -// messages `has(m.x)` is defined as 'defined, but not set`. For proto3, the -// macro tests whether the property is set to its default. For map and struct -// types, the macro tests whether the property `x` is defined on `m`. -type Expr_Comprehension struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of the iteration variable. - IterVar string `protobuf:"bytes,1,opt,name=iter_var,json=iterVar,proto3" json:"iter_var,omitempty"` - // The range over which var iterates. - IterRange *Expr `protobuf:"bytes,2,opt,name=iter_range,json=iterRange,proto3" json:"iter_range,omitempty"` - // The name of the variable used for accumulation of the result. - AccuVar string `protobuf:"bytes,3,opt,name=accu_var,json=accuVar,proto3" json:"accu_var,omitempty"` - // The initial value of the accumulator. - AccuInit *Expr `protobuf:"bytes,4,opt,name=accu_init,json=accuInit,proto3" json:"accu_init,omitempty"` - // An expression which can contain iter_var and accu_var. - // - // Returns false when the result has been computed and may be used as - // a hint to short-circuit the remainder of the comprehension. - LoopCondition *Expr `protobuf:"bytes,5,opt,name=loop_condition,json=loopCondition,proto3" json:"loop_condition,omitempty"` - // An expression which can contain iter_var and accu_var. - // - // Computes the next value of accu_var. - LoopStep *Expr `protobuf:"bytes,6,opt,name=loop_step,json=loopStep,proto3" json:"loop_step,omitempty"` - // An expression which can contain accu_var. - // - // Computes the result. - Result *Expr `protobuf:"bytes,7,opt,name=result,proto3" json:"result,omitempty"` -} - -func (x *Expr_Comprehension) Reset() { - *x = Expr_Comprehension{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr_Comprehension) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr_Comprehension) ProtoMessage() {} - -func (x *Expr_Comprehension) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr_Comprehension.ProtoReflect.Descriptor instead. -func (*Expr_Comprehension) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1, 5} -} - -func (x *Expr_Comprehension) GetIterVar() string { - if x != nil { - return x.IterVar - } - return "" -} - -func (x *Expr_Comprehension) GetIterRange() *Expr { - if x != nil { - return x.IterRange - } - return nil -} - -func (x *Expr_Comprehension) GetAccuVar() string { - if x != nil { - return x.AccuVar - } - return "" -} - -func (x *Expr_Comprehension) GetAccuInit() *Expr { - if x != nil { - return x.AccuInit - } - return nil -} - -func (x *Expr_Comprehension) GetLoopCondition() *Expr { - if x != nil { - return x.LoopCondition - } - return nil -} - -func (x *Expr_Comprehension) GetLoopStep() *Expr { - if x != nil { - return x.LoopStep - } - return nil -} - -func (x *Expr_Comprehension) GetResult() *Expr { - if x != nil { - return x.Result - } - return nil -} - -// Represents an entry. -type Expr_CreateStruct_Entry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. An id assigned to this node by the parser which is unique - // in a given expression tree. This is used to associate type - // information and other attributes to the node. - Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` - // The `Entry` key kinds. - // - // Types that are assignable to KeyKind: - // *Expr_CreateStruct_Entry_FieldKey - // *Expr_CreateStruct_Entry_MapKey - KeyKind isExpr_CreateStruct_Entry_KeyKind `protobuf_oneof:"key_kind"` - // Required. The value assigned to the key. - Value *Expr `protobuf:"bytes,4,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *Expr_CreateStruct_Entry) Reset() { - *x = Expr_CreateStruct_Entry{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Expr_CreateStruct_Entry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Expr_CreateStruct_Entry) ProtoMessage() {} - -func (x *Expr_CreateStruct_Entry) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_syntax_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Expr_CreateStruct_Entry.ProtoReflect.Descriptor instead. -func (*Expr_CreateStruct_Entry) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP(), []int{1, 4, 0} -} - -func (x *Expr_CreateStruct_Entry) GetId() int64 { - if x != nil { - return x.Id - } - return 0 -} - -func (m *Expr_CreateStruct_Entry) GetKeyKind() isExpr_CreateStruct_Entry_KeyKind { - if m != nil { - return m.KeyKind - } - return nil -} - -func (x *Expr_CreateStruct_Entry) GetFieldKey() string { - if x, ok := x.GetKeyKind().(*Expr_CreateStruct_Entry_FieldKey); ok { - return x.FieldKey - } - return "" -} - -func (x *Expr_CreateStruct_Entry) GetMapKey() *Expr { - if x, ok := x.GetKeyKind().(*Expr_CreateStruct_Entry_MapKey); ok { - return x.MapKey - } - return nil -} - -func (x *Expr_CreateStruct_Entry) GetValue() *Expr { - if x != nil { - return x.Value - } - return nil -} - -type isExpr_CreateStruct_Entry_KeyKind interface { - isExpr_CreateStruct_Entry_KeyKind() -} - -type Expr_CreateStruct_Entry_FieldKey struct { - // The field key for a message creator statement. - FieldKey string `protobuf:"bytes,2,opt,name=field_key,json=fieldKey,proto3,oneof"` -} - -type Expr_CreateStruct_Entry_MapKey struct { - // The key expression for a map creation statement. - MapKey *Expr `protobuf:"bytes,3,opt,name=map_key,json=mapKey,proto3,oneof"` -} - -func (*Expr_CreateStruct_Entry_FieldKey) isExpr_CreateStruct_Entry_KeyKind() {} - -func (*Expr_CreateStruct_Entry_MapKey) isExpr_CreateStruct_Entry_KeyKind() {} - -var File_google_api_expr_v1alpha1_syntax_proto protoreflect.FileDescriptor - -var file_google_api_expr_v1alpha1_syntax_proto_rawDesc = []byte{ - 0x0a, 0x25, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, - 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x73, 0x79, 0x6e, 0x74, 0x61, - 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x87, 0x01, 0x0a, 0x0a, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x45, 0x78, 0x70, 0x72, 0x12, - 0x32, 0x0a, 0x04, 0x65, 0x78, 0x70, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x04, 0x65, - 0x78, 0x70, 0x72, 0x12, 0x45, 0x0a, 0x0b, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x6e, - 0x66, 0x6f, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0a, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0xdc, 0x0c, 0x0a, 0x04, 0x45, - 0x78, 0x70, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x43, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x5f, 0x65, 0x78, 0x70, - 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x09, 0x63, - 0x6f, 0x6e, 0x73, 0x74, 0x45, 0x78, 0x70, 0x72, 0x12, 0x45, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, - 0x74, 0x5f, 0x65, 0x78, 0x70, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x2e, 0x49, 0x64, 0x65, - 0x6e, 0x74, 0x48, 0x00, 0x52, 0x09, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x45, 0x78, 0x70, 0x72, 0x12, - 0x48, 0x0a, 0x0b, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x5f, 0x65, 0x78, 0x70, 0x72, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x45, 0x78, 0x70, 0x72, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x45, 0x78, 0x70, 0x72, 0x12, 0x42, 0x0a, 0x09, 0x63, 0x61, 0x6c, - 0x6c, 0x5f, 0x65, 0x78, 0x70, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x2e, 0x43, 0x61, 0x6c, - 0x6c, 0x48, 0x00, 0x52, 0x08, 0x63, 0x61, 0x6c, 0x6c, 0x45, 0x78, 0x70, 0x72, 0x12, 0x48, 0x0a, - 0x09, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x65, 0x78, 0x70, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, - 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, - 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x48, 0x00, 0x52, 0x08, 0x6c, - 0x69, 0x73, 0x74, 0x45, 0x78, 0x70, 0x72, 0x12, 0x4e, 0x0a, 0x0b, 0x73, 0x74, 0x72, 0x75, 0x63, - 0x74, 0x5f, 0x65, 0x78, 0x70, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x2e, 0x43, 0x72, 0x65, - 0x61, 0x74, 0x65, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x73, 0x74, 0x72, - 0x75, 0x63, 0x74, 0x45, 0x78, 0x70, 0x72, 0x12, 0x5d, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x70, 0x72, - 0x65, 0x68, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x72, 0x18, 0x09, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, - 0x78, 0x70, 0x72, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x68, 0x65, 0x6e, 0x73, 0x69, 0x6f, - 0x6e, 0x48, 0x00, 0x52, 0x11, 0x63, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x68, 0x65, 0x6e, 0x73, 0x69, - 0x6f, 0x6e, 0x45, 0x78, 0x70, 0x72, 0x1a, 0x1b, 0x0a, 0x05, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x12, - 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x1a, 0x75, 0x0a, 0x06, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x12, 0x38, 0x0a, - 0x07, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x07, - 0x6f, 0x70, 0x65, 0x72, 0x61, 0x6e, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x1b, 0x0a, - 0x09, 0x74, 0x65, 0x73, 0x74, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x08, 0x74, 0x65, 0x73, 0x74, 0x4f, 0x6e, 0x6c, 0x79, 0x1a, 0x8e, 0x01, 0x0a, 0x04, 0x43, - 0x61, 0x6c, 0x6c, 0x12, 0x36, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, - 0x78, 0x70, 0x72, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x66, - 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, - 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x1a, 0x48, 0x0a, 0x0a, 0x43, - 0x72, 0x65, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x6c, 0x65, - 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x08, 0x65, 0x6c, 0x65, - 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x1a, 0xb4, 0x02, 0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6d, 0x65, - 0x73, 0x73, 0x61, 0x67, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x4b, 0x0a, 0x07, 0x65, 0x6e, 0x74, - 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x65, - 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x1a, 0xb3, 0x01, 0x0a, 0x05, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, - 0x12, 0x1d, 0x0a, 0x09, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x08, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x4b, 0x65, 0x79, 0x12, - 0x39, 0x0a, 0x07, 0x6d, 0x61, 0x70, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, - 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, - 0x48, 0x00, 0x52, 0x06, 0x6d, 0x61, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x34, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x42, 0x0a, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x6b, 0x69, 0x6e, 0x64, 0x1a, 0xfd, 0x02, 0x0a, - 0x0d, 0x43, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x68, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x19, - 0x0a, 0x08, 0x69, 0x74, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x07, 0x69, 0x74, 0x65, 0x72, 0x56, 0x61, 0x72, 0x12, 0x3d, 0x0a, 0x0a, 0x69, 0x74, 0x65, - 0x72, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x09, 0x69, - 0x74, 0x65, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x63, 0x63, 0x75, - 0x5f, 0x76, 0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x63, 0x63, 0x75, - 0x56, 0x61, 0x72, 0x12, 0x3b, 0x0a, 0x09, 0x61, 0x63, 0x63, 0x75, 0x5f, 0x69, 0x6e, 0x69, 0x74, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x08, 0x61, 0x63, 0x63, 0x75, 0x49, 0x6e, 0x69, 0x74, - 0x12, 0x45, 0x0a, 0x0e, 0x6c, 0x6f, 0x6f, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x0d, 0x6c, 0x6f, 0x6f, 0x70, 0x43, 0x6f, - 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3b, 0x0a, 0x09, 0x6c, 0x6f, 0x6f, 0x70, 0x5f, - 0x73, 0x74, 0x65, 0x70, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x08, 0x6c, 0x6f, 0x6f, 0x70, - 0x53, 0x74, 0x65, 0x70, 0x12, 0x36, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x45, 0x78, 0x70, 0x72, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x42, 0x0b, 0x0a, 0x09, - 0x65, 0x78, 0x70, 0x72, 0x5f, 0x6b, 0x69, 0x6e, 0x64, 0x22, 0xc1, 0x03, 0x0a, 0x08, 0x43, 0x6f, - 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x74, 0x12, 0x3b, 0x0a, 0x0a, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4e, 0x75, 0x6c, - 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6e, 0x75, 0x6c, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0a, 0x62, 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x09, 0x62, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0b, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x48, 0x00, 0x52, 0x0a, 0x69, 0x6e, 0x74, - 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x75, 0x69, 0x6e, 0x74, 0x36, - 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, - 0x0b, 0x75, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, - 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x01, 0x48, 0x00, 0x52, 0x0b, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, - 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0b, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0a, 0x62, - 0x79, 0x74, 0x65, 0x73, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x46, 0x0a, 0x0e, 0x64, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x02, 0x18, 0x01, - 0x48, 0x00, 0x52, 0x0d, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x12, 0x49, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x02, 0x18, 0x01, 0x48, 0x00, 0x52, 0x0e, 0x74, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x0f, 0x0a, 0x0d, - 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x74, 0x5f, 0x6b, 0x69, 0x6e, 0x64, 0x22, 0xb9, 0x03, - 0x0a, 0x0a, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x25, 0x0a, 0x0e, - 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x21, 0x0a, 0x0c, 0x6c, 0x69, 0x6e, 0x65, 0x5f, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x73, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x05, 0x52, 0x0b, 0x6c, 0x69, 0x6e, 0x65, 0x4f, 0x66, 0x66, 0x73, 0x65, - 0x74, 0x73, 0x12, 0x51, 0x0a, 0x09, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x50, 0x6f, 0x73, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x70, 0x6f, 0x73, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55, 0x0a, 0x0b, 0x6d, 0x61, 0x63, 0x72, 0x6f, 0x5f, 0x63, - 0x61, 0x6c, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, - 0x2e, 0x4d, 0x61, 0x63, 0x72, 0x6f, 0x43, 0x61, 0x6c, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x0a, 0x6d, 0x61, 0x63, 0x72, 0x6f, 0x43, 0x61, 0x6c, 0x6c, 0x73, 0x1a, 0x3c, 0x0a, 0x0e, - 0x50, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x5d, 0x0a, 0x0f, 0x4d, 0x61, - 0x63, 0x72, 0x6f, 0x43, 0x61, 0x6c, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x34, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x70, 0x0a, 0x0e, 0x53, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x50, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x6c, - 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6c, - 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, - 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6c, - 0x69, 0x6e, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6f, 0x6c, 0x75, 0x6d, 0x6e, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x06, 0x63, 0x6f, 0x6c, 0x75, 0x6d, 0x6e, 0x42, 0x6e, 0x0a, 0x1c, 0x63, - 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, - 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0b, 0x53, 0x79, 0x6e, - 0x74, 0x61, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, - 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, - 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x3b, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} - -var ( - file_google_api_expr_v1alpha1_syntax_proto_rawDescOnce sync.Once - file_google_api_expr_v1alpha1_syntax_proto_rawDescData = file_google_api_expr_v1alpha1_syntax_proto_rawDesc -) - -func file_google_api_expr_v1alpha1_syntax_proto_rawDescGZIP() []byte { - file_google_api_expr_v1alpha1_syntax_proto_rawDescOnce.Do(func() { - file_google_api_expr_v1alpha1_syntax_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_expr_v1alpha1_syntax_proto_rawDescData) - }) - return file_google_api_expr_v1alpha1_syntax_proto_rawDescData -} - -var file_google_api_expr_v1alpha1_syntax_proto_msgTypes = make([]protoimpl.MessageInfo, 14) -var file_google_api_expr_v1alpha1_syntax_proto_goTypes = []interface{}{ - (*ParsedExpr)(nil), // 0: google.api.expr.v1alpha1.ParsedExpr - (*Expr)(nil), // 1: google.api.expr.v1alpha1.Expr - (*Constant)(nil), // 2: google.api.expr.v1alpha1.Constant - (*SourceInfo)(nil), // 3: google.api.expr.v1alpha1.SourceInfo - (*SourcePosition)(nil), // 4: google.api.expr.v1alpha1.SourcePosition - (*Expr_Ident)(nil), // 5: google.api.expr.v1alpha1.Expr.Ident - (*Expr_Select)(nil), // 6: google.api.expr.v1alpha1.Expr.Select - (*Expr_Call)(nil), // 7: google.api.expr.v1alpha1.Expr.Call - (*Expr_CreateList)(nil), // 8: google.api.expr.v1alpha1.Expr.CreateList - (*Expr_CreateStruct)(nil), // 9: google.api.expr.v1alpha1.Expr.CreateStruct - (*Expr_Comprehension)(nil), // 10: google.api.expr.v1alpha1.Expr.Comprehension - (*Expr_CreateStruct_Entry)(nil), // 11: google.api.expr.v1alpha1.Expr.CreateStruct.Entry - nil, // 12: google.api.expr.v1alpha1.SourceInfo.PositionsEntry - nil, // 13: google.api.expr.v1alpha1.SourceInfo.MacroCallsEntry - (structpb.NullValue)(0), // 14: google.protobuf.NullValue - (*durationpb.Duration)(nil), // 15: google.protobuf.Duration - (*timestamppb.Timestamp)(nil), // 16: google.protobuf.Timestamp -} -var file_google_api_expr_v1alpha1_syntax_proto_depIdxs = []int32{ - 1, // 0: google.api.expr.v1alpha1.ParsedExpr.expr:type_name -> google.api.expr.v1alpha1.Expr - 3, // 1: google.api.expr.v1alpha1.ParsedExpr.source_info:type_name -> google.api.expr.v1alpha1.SourceInfo - 2, // 2: google.api.expr.v1alpha1.Expr.const_expr:type_name -> google.api.expr.v1alpha1.Constant - 5, // 3: google.api.expr.v1alpha1.Expr.ident_expr:type_name -> google.api.expr.v1alpha1.Expr.Ident - 6, // 4: google.api.expr.v1alpha1.Expr.select_expr:type_name -> google.api.expr.v1alpha1.Expr.Select - 7, // 5: google.api.expr.v1alpha1.Expr.call_expr:type_name -> google.api.expr.v1alpha1.Expr.Call - 8, // 6: google.api.expr.v1alpha1.Expr.list_expr:type_name -> google.api.expr.v1alpha1.Expr.CreateList - 9, // 7: google.api.expr.v1alpha1.Expr.struct_expr:type_name -> google.api.expr.v1alpha1.Expr.CreateStruct - 10, // 8: google.api.expr.v1alpha1.Expr.comprehension_expr:type_name -> google.api.expr.v1alpha1.Expr.Comprehension - 14, // 9: google.api.expr.v1alpha1.Constant.null_value:type_name -> google.protobuf.NullValue - 15, // 10: google.api.expr.v1alpha1.Constant.duration_value:type_name -> google.protobuf.Duration - 16, // 11: google.api.expr.v1alpha1.Constant.timestamp_value:type_name -> google.protobuf.Timestamp - 12, // 12: google.api.expr.v1alpha1.SourceInfo.positions:type_name -> google.api.expr.v1alpha1.SourceInfo.PositionsEntry - 13, // 13: google.api.expr.v1alpha1.SourceInfo.macro_calls:type_name -> google.api.expr.v1alpha1.SourceInfo.MacroCallsEntry - 1, // 14: google.api.expr.v1alpha1.Expr.Select.operand:type_name -> google.api.expr.v1alpha1.Expr - 1, // 15: google.api.expr.v1alpha1.Expr.Call.target:type_name -> google.api.expr.v1alpha1.Expr - 1, // 16: google.api.expr.v1alpha1.Expr.Call.args:type_name -> google.api.expr.v1alpha1.Expr - 1, // 17: google.api.expr.v1alpha1.Expr.CreateList.elements:type_name -> google.api.expr.v1alpha1.Expr - 11, // 18: google.api.expr.v1alpha1.Expr.CreateStruct.entries:type_name -> google.api.expr.v1alpha1.Expr.CreateStruct.Entry - 1, // 19: google.api.expr.v1alpha1.Expr.Comprehension.iter_range:type_name -> google.api.expr.v1alpha1.Expr - 1, // 20: google.api.expr.v1alpha1.Expr.Comprehension.accu_init:type_name -> google.api.expr.v1alpha1.Expr - 1, // 21: google.api.expr.v1alpha1.Expr.Comprehension.loop_condition:type_name -> google.api.expr.v1alpha1.Expr - 1, // 22: google.api.expr.v1alpha1.Expr.Comprehension.loop_step:type_name -> google.api.expr.v1alpha1.Expr - 1, // 23: google.api.expr.v1alpha1.Expr.Comprehension.result:type_name -> google.api.expr.v1alpha1.Expr - 1, // 24: google.api.expr.v1alpha1.Expr.CreateStruct.Entry.map_key:type_name -> google.api.expr.v1alpha1.Expr - 1, // 25: google.api.expr.v1alpha1.Expr.CreateStruct.Entry.value:type_name -> google.api.expr.v1alpha1.Expr - 1, // 26: google.api.expr.v1alpha1.SourceInfo.MacroCallsEntry.value:type_name -> google.api.expr.v1alpha1.Expr - 27, // [27:27] is the sub-list for method output_type - 27, // [27:27] is the sub-list for method input_type - 27, // [27:27] is the sub-list for extension type_name - 27, // [27:27] is the sub-list for extension extendee - 0, // [0:27] is the sub-list for field type_name -} - -func init() { file_google_api_expr_v1alpha1_syntax_proto_init() } -func file_google_api_expr_v1alpha1_syntax_proto_init() { - if File_google_api_expr_v1alpha1_syntax_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ParsedExpr); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Constant); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SourceInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SourcePosition); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr_Ident); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr_Select); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr_Call); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr_CreateList); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr_CreateStruct); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr_Comprehension); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Expr_CreateStruct_Entry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[1].OneofWrappers = []interface{}{ - (*Expr_ConstExpr)(nil), - (*Expr_IdentExpr)(nil), - (*Expr_SelectExpr)(nil), - (*Expr_CallExpr)(nil), - (*Expr_ListExpr)(nil), - (*Expr_StructExpr)(nil), - (*Expr_ComprehensionExpr)(nil), - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[2].OneofWrappers = []interface{}{ - (*Constant_NullValue)(nil), - (*Constant_BoolValue)(nil), - (*Constant_Int64Value)(nil), - (*Constant_Uint64Value)(nil), - (*Constant_DoubleValue)(nil), - (*Constant_StringValue)(nil), - (*Constant_BytesValue)(nil), - (*Constant_DurationValue)(nil), - (*Constant_TimestampValue)(nil), - } - file_google_api_expr_v1alpha1_syntax_proto_msgTypes[11].OneofWrappers = []interface{}{ - (*Expr_CreateStruct_Entry_FieldKey)(nil), - (*Expr_CreateStruct_Entry_MapKey)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_api_expr_v1alpha1_syntax_proto_rawDesc, - NumEnums: 0, - NumMessages: 14, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_api_expr_v1alpha1_syntax_proto_goTypes, - DependencyIndexes: file_google_api_expr_v1alpha1_syntax_proto_depIdxs, - MessageInfos: file_google_api_expr_v1alpha1_syntax_proto_msgTypes, - }.Build() - File_google_api_expr_v1alpha1_syntax_proto = out.File - file_google_api_expr_v1alpha1_syntax_proto_rawDesc = nil - file_google_api_expr_v1alpha1_syntax_proto_goTypes = nil - file_google_api_expr_v1alpha1_syntax_proto_depIdxs = nil -} diff --git a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/value.pb.go b/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/value.pb.go deleted file mode 100644 index d41296fe96..0000000000 --- a/etcd/vendor/google.golang.org/genproto/googleapis/api/expr/v1alpha1/value.pb.go +++ /dev/null @@ -1,720 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.26.0 -// protoc v3.12.2 -// source: google/api/expr/v1alpha1/value.proto - -package expr - -import ( - reflect "reflect" - sync "sync" - - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - anypb "google.golang.org/protobuf/types/known/anypb" - structpb "google.golang.org/protobuf/types/known/structpb" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Represents a CEL value. -// -// This is similar to `google.protobuf.Value`, but can represent CEL's full -// range of values. -type Value struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. The valid kinds of values. - // - // Types that are assignable to Kind: - // *Value_NullValue - // *Value_BoolValue - // *Value_Int64Value - // *Value_Uint64Value - // *Value_DoubleValue - // *Value_StringValue - // *Value_BytesValue - // *Value_EnumValue - // *Value_ObjectValue - // *Value_MapValue - // *Value_ListValue - // *Value_TypeValue - Kind isValue_Kind `protobuf_oneof:"kind"` -} - -func (x *Value) Reset() { - *x = Value{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Value) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Value) ProtoMessage() {} - -func (x *Value) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Value.ProtoReflect.Descriptor instead. -func (*Value) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_value_proto_rawDescGZIP(), []int{0} -} - -func (m *Value) GetKind() isValue_Kind { - if m != nil { - return m.Kind - } - return nil -} - -func (x *Value) GetNullValue() structpb.NullValue { - if x, ok := x.GetKind().(*Value_NullValue); ok { - return x.NullValue - } - return structpb.NullValue_NULL_VALUE -} - -func (x *Value) GetBoolValue() bool { - if x, ok := x.GetKind().(*Value_BoolValue); ok { - return x.BoolValue - } - return false -} - -func (x *Value) GetInt64Value() int64 { - if x, ok := x.GetKind().(*Value_Int64Value); ok { - return x.Int64Value - } - return 0 -} - -func (x *Value) GetUint64Value() uint64 { - if x, ok := x.GetKind().(*Value_Uint64Value); ok { - return x.Uint64Value - } - return 0 -} - -func (x *Value) GetDoubleValue() float64 { - if x, ok := x.GetKind().(*Value_DoubleValue); ok { - return x.DoubleValue - } - return 0 -} - -func (x *Value) GetStringValue() string { - if x, ok := x.GetKind().(*Value_StringValue); ok { - return x.StringValue - } - return "" -} - -func (x *Value) GetBytesValue() []byte { - if x, ok := x.GetKind().(*Value_BytesValue); ok { - return x.BytesValue - } - return nil -} - -func (x *Value) GetEnumValue() *EnumValue { - if x, ok := x.GetKind().(*Value_EnumValue); ok { - return x.EnumValue - } - return nil -} - -func (x *Value) GetObjectValue() *anypb.Any { - if x, ok := x.GetKind().(*Value_ObjectValue); ok { - return x.ObjectValue - } - return nil -} - -func (x *Value) GetMapValue() *MapValue { - if x, ok := x.GetKind().(*Value_MapValue); ok { - return x.MapValue - } - return nil -} - -func (x *Value) GetListValue() *ListValue { - if x, ok := x.GetKind().(*Value_ListValue); ok { - return x.ListValue - } - return nil -} - -func (x *Value) GetTypeValue() string { - if x, ok := x.GetKind().(*Value_TypeValue); ok { - return x.TypeValue - } - return "" -} - -type isValue_Kind interface { - isValue_Kind() -} - -type Value_NullValue struct { - // Null value. - NullValue structpb.NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof"` -} - -type Value_BoolValue struct { - // Boolean value. - BoolValue bool `protobuf:"varint,2,opt,name=bool_value,json=boolValue,proto3,oneof"` -} - -type Value_Int64Value struct { - // Signed integer value. - Int64Value int64 `protobuf:"varint,3,opt,name=int64_value,json=int64Value,proto3,oneof"` -} - -type Value_Uint64Value struct { - // Unsigned integer value. - Uint64Value uint64 `protobuf:"varint,4,opt,name=uint64_value,json=uint64Value,proto3,oneof"` -} - -type Value_DoubleValue struct { - // Floating point value. - DoubleValue float64 `protobuf:"fixed64,5,opt,name=double_value,json=doubleValue,proto3,oneof"` -} - -type Value_StringValue struct { - // UTF-8 string value. - StringValue string `protobuf:"bytes,6,opt,name=string_value,json=stringValue,proto3,oneof"` -} - -type Value_BytesValue struct { - // Byte string value. - BytesValue []byte `protobuf:"bytes,7,opt,name=bytes_value,json=bytesValue,proto3,oneof"` -} - -type Value_EnumValue struct { - // An enum value. - EnumValue *EnumValue `protobuf:"bytes,9,opt,name=enum_value,json=enumValue,proto3,oneof"` -} - -type Value_ObjectValue struct { - // The proto message backing an object value. - ObjectValue *anypb.Any `protobuf:"bytes,10,opt,name=object_value,json=objectValue,proto3,oneof"` -} - -type Value_MapValue struct { - // Map value. - MapValue *MapValue `protobuf:"bytes,11,opt,name=map_value,json=mapValue,proto3,oneof"` -} - -type Value_ListValue struct { - // List value. - ListValue *ListValue `protobuf:"bytes,12,opt,name=list_value,json=listValue,proto3,oneof"` -} - -type Value_TypeValue struct { - // Type value. - TypeValue string `protobuf:"bytes,15,opt,name=type_value,json=typeValue,proto3,oneof"` -} - -func (*Value_NullValue) isValue_Kind() {} - -func (*Value_BoolValue) isValue_Kind() {} - -func (*Value_Int64Value) isValue_Kind() {} - -func (*Value_Uint64Value) isValue_Kind() {} - -func (*Value_DoubleValue) isValue_Kind() {} - -func (*Value_StringValue) isValue_Kind() {} - -func (*Value_BytesValue) isValue_Kind() {} - -func (*Value_EnumValue) isValue_Kind() {} - -func (*Value_ObjectValue) isValue_Kind() {} - -func (*Value_MapValue) isValue_Kind() {} - -func (*Value_ListValue) isValue_Kind() {} - -func (*Value_TypeValue) isValue_Kind() {} - -// An enum value. -type EnumValue struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The fully qualified name of the enum type. - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - // The value of the enum. - Value int32 `protobuf:"varint,2,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *EnumValue) Reset() { - *x = EnumValue{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EnumValue) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EnumValue) ProtoMessage() {} - -func (x *EnumValue) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EnumValue.ProtoReflect.Descriptor instead. -func (*EnumValue) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_value_proto_rawDescGZIP(), []int{1} -} - -func (x *EnumValue) GetType() string { - if x != nil { - return x.Type - } - return "" -} - -func (x *EnumValue) GetValue() int32 { - if x != nil { - return x.Value - } - return 0 -} - -// A list. -// -// Wrapped in a message so 'not set' and empty can be differentiated, which is -// required for use in a 'oneof'. -type ListValue struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The ordered values in the list. - Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"` -} - -func (x *ListValue) Reset() { - *x = ListValue{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ListValue) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ListValue) ProtoMessage() {} - -func (x *ListValue) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ListValue.ProtoReflect.Descriptor instead. -func (*ListValue) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_value_proto_rawDescGZIP(), []int{2} -} - -func (x *ListValue) GetValues() []*Value { - if x != nil { - return x.Values - } - return nil -} - -// A map. -// -// Wrapped in a message so 'not set' and empty can be differentiated, which is -// required for use in a 'oneof'. -type MapValue struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The set of map entries. - // - // CEL has fewer restrictions on keys, so a protobuf map represenation - // cannot be used. - Entries []*MapValue_Entry `protobuf:"bytes,1,rep,name=entries,proto3" json:"entries,omitempty"` -} - -func (x *MapValue) Reset() { - *x = MapValue{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MapValue) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MapValue) ProtoMessage() {} - -func (x *MapValue) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MapValue.ProtoReflect.Descriptor instead. -func (*MapValue) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_value_proto_rawDescGZIP(), []int{3} -} - -func (x *MapValue) GetEntries() []*MapValue_Entry { - if x != nil { - return x.Entries - } - return nil -} - -// An entry in the map. -type MapValue_Entry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The key. - // - // Must be unique with in the map. - // Currently only boolean, int, uint, and string values can be keys. - Key *Value `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - // The value. - Value *Value `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *MapValue_Entry) Reset() { - *x = MapValue_Entry{} - if protoimpl.UnsafeEnabled { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MapValue_Entry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MapValue_Entry) ProtoMessage() {} - -func (x *MapValue_Entry) ProtoReflect() protoreflect.Message { - mi := &file_google_api_expr_v1alpha1_value_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MapValue_Entry.ProtoReflect.Descriptor instead. -func (*MapValue_Entry) Descriptor() ([]byte, []int) { - return file_google_api_expr_v1alpha1_value_proto_rawDescGZIP(), []int{3, 0} -} - -func (x *MapValue_Entry) GetKey() *Value { - if x != nil { - return x.Key - } - return nil -} - -func (x *MapValue_Entry) GetValue() *Value { - if x != nil { - return x.Value - } - return nil -} - -var File_google_api_expr_v1alpha1_value_proto protoreflect.FileDescriptor - -var file_google_api_expr_v1alpha1_value_proto_rawDesc = []byte{ - 0x0a, 0x24, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, - 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, - 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, - 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcd, 0x04, 0x0a, 0x05, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4e, 0x75, 0x6c, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x12, 0x1f, 0x0a, 0x0a, 0x62, 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x09, 0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x12, 0x21, 0x0a, 0x0b, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x48, 0x00, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x75, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x75, 0x69, - 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x64, 0x6f, 0x75, - 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x01, 0x48, - 0x00, 0x52, 0x0b, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, - 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0b, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0a, 0x62, 0x79, 0x74, 0x65, - 0x73, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x44, 0x0a, 0x0a, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48, - 0x00, 0x52, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x39, 0x0a, 0x0c, - 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x0a, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x48, 0x00, 0x52, 0x0b, 0x6f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x61, 0x70, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, - 0x52, 0x08, 0x6d, 0x61, 0x70, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x44, 0x0a, 0x0a, 0x6c, 0x69, - 0x73, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x12, 0x1f, 0x0a, 0x0a, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x0f, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x74, 0x79, 0x70, 0x65, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x42, 0x06, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x22, 0x35, 0x0a, 0x09, 0x45, 0x6e, 0x75, - 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x22, 0x44, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x37, 0x0a, - 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x22, 0xc1, 0x01, 0x0a, 0x08, 0x4d, 0x61, 0x70, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x12, 0x42, 0x0a, 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x4d, 0x61, 0x70, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x2e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, - 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x1a, 0x71, 0x0a, 0x05, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x31, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x35, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x65, 0x78, 0x70, 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x6d, 0x0a, 0x1c, 0x63, 0x6f, - 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x65, 0x78, 0x70, - 0x72, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0a, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, - 0x61, 0x70, 0x69, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x3b, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_google_api_expr_v1alpha1_value_proto_rawDescOnce sync.Once - file_google_api_expr_v1alpha1_value_proto_rawDescData = file_google_api_expr_v1alpha1_value_proto_rawDesc -) - -func file_google_api_expr_v1alpha1_value_proto_rawDescGZIP() []byte { - file_google_api_expr_v1alpha1_value_proto_rawDescOnce.Do(func() { - file_google_api_expr_v1alpha1_value_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_expr_v1alpha1_value_proto_rawDescData) - }) - return file_google_api_expr_v1alpha1_value_proto_rawDescData -} - -var file_google_api_expr_v1alpha1_value_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_google_api_expr_v1alpha1_value_proto_goTypes = []interface{}{ - (*Value)(nil), // 0: google.api.expr.v1alpha1.Value - (*EnumValue)(nil), // 1: google.api.expr.v1alpha1.EnumValue - (*ListValue)(nil), // 2: google.api.expr.v1alpha1.ListValue - (*MapValue)(nil), // 3: google.api.expr.v1alpha1.MapValue - (*MapValue_Entry)(nil), // 4: google.api.expr.v1alpha1.MapValue.Entry - (structpb.NullValue)(0), // 5: google.protobuf.NullValue - (*anypb.Any)(nil), // 6: google.protobuf.Any -} -var file_google_api_expr_v1alpha1_value_proto_depIdxs = []int32{ - 5, // 0: google.api.expr.v1alpha1.Value.null_value:type_name -> google.protobuf.NullValue - 1, // 1: google.api.expr.v1alpha1.Value.enum_value:type_name -> google.api.expr.v1alpha1.EnumValue - 6, // 2: google.api.expr.v1alpha1.Value.object_value:type_name -> google.protobuf.Any - 3, // 3: google.api.expr.v1alpha1.Value.map_value:type_name -> google.api.expr.v1alpha1.MapValue - 2, // 4: google.api.expr.v1alpha1.Value.list_value:type_name -> google.api.expr.v1alpha1.ListValue - 0, // 5: google.api.expr.v1alpha1.ListValue.values:type_name -> google.api.expr.v1alpha1.Value - 4, // 6: google.api.expr.v1alpha1.MapValue.entries:type_name -> google.api.expr.v1alpha1.MapValue.Entry - 0, // 7: google.api.expr.v1alpha1.MapValue.Entry.key:type_name -> google.api.expr.v1alpha1.Value - 0, // 8: google.api.expr.v1alpha1.MapValue.Entry.value:type_name -> google.api.expr.v1alpha1.Value - 9, // [9:9] is the sub-list for method output_type - 9, // [9:9] is the sub-list for method input_type - 9, // [9:9] is the sub-list for extension type_name - 9, // [9:9] is the sub-list for extension extendee - 0, // [0:9] is the sub-list for field type_name -} - -func init() { file_google_api_expr_v1alpha1_value_proto_init() } -func file_google_api_expr_v1alpha1_value_proto_init() { - if File_google_api_expr_v1alpha1_value_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_google_api_expr_v1alpha1_value_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Value); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_value_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnumValue); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_value_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListValue); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_value_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MapValue); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_api_expr_v1alpha1_value_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MapValue_Entry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_google_api_expr_v1alpha1_value_proto_msgTypes[0].OneofWrappers = []interface{}{ - (*Value_NullValue)(nil), - (*Value_BoolValue)(nil), - (*Value_Int64Value)(nil), - (*Value_Uint64Value)(nil), - (*Value_DoubleValue)(nil), - (*Value_StringValue)(nil), - (*Value_BytesValue)(nil), - (*Value_EnumValue)(nil), - (*Value_ObjectValue)(nil), - (*Value_MapValue)(nil), - (*Value_ListValue)(nil), - (*Value_TypeValue)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_api_expr_v1alpha1_value_proto_rawDesc, - NumEnums: 0, - NumMessages: 5, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_api_expr_v1alpha1_value_proto_goTypes, - DependencyIndexes: file_google_api_expr_v1alpha1_value_proto_depIdxs, - MessageInfos: file_google_api_expr_v1alpha1_value_proto_msgTypes, - }.Build() - File_google_api_expr_v1alpha1_value_proto = out.File - file_google_api_expr_v1alpha1_value_proto_rawDesc = nil - file_google_api_expr_v1alpha1_value_proto_goTypes = nil - file_google_api_expr_v1alpha1_value_proto_depIdxs = nil -} diff --git a/etcd/vendor/google.golang.org/protobuf/types/dynamicpb/dynamic.go b/etcd/vendor/google.golang.org/protobuf/types/dynamicpb/dynamic.go deleted file mode 100644 index f77ef0de15..0000000000 --- a/etcd/vendor/google.golang.org/protobuf/types/dynamicpb/dynamic.go +++ /dev/null @@ -1,717 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package dynamicpb creates protocol buffer messages using runtime type information. -package dynamicpb - -import ( - "math" - - "google.golang.org/protobuf/internal/errors" - "google.golang.org/protobuf/reflect/protoreflect" - "google.golang.org/protobuf/runtime/protoiface" - "google.golang.org/protobuf/runtime/protoimpl" -) - -// enum is a dynamic protoreflect.Enum. -type enum struct { - num protoreflect.EnumNumber - typ protoreflect.EnumType -} - -func (e enum) Descriptor() protoreflect.EnumDescriptor { return e.typ.Descriptor() } -func (e enum) Type() protoreflect.EnumType { return e.typ } -func (e enum) Number() protoreflect.EnumNumber { return e.num } - -// enumType is a dynamic protoreflect.EnumType. -type enumType struct { - desc protoreflect.EnumDescriptor -} - -// NewEnumType creates a new EnumType with the provided descriptor. -// -// EnumTypes created by this package are equal if their descriptors are equal. -// That is, if ed1 == ed2, then NewEnumType(ed1) == NewEnumType(ed2). -// -// Enum values created by the EnumType are equal if their numbers are equal. -func NewEnumType(desc protoreflect.EnumDescriptor) protoreflect.EnumType { - return enumType{desc} -} - -func (et enumType) New(n protoreflect.EnumNumber) protoreflect.Enum { return enum{n, et} } -func (et enumType) Descriptor() protoreflect.EnumDescriptor { return et.desc } - -// extensionType is a dynamic protoreflect.ExtensionType. -type extensionType struct { - desc extensionTypeDescriptor -} - -// A Message is a dynamically constructed protocol buffer message. -// -// Message implements the proto.Message interface, and may be used with all -// standard proto package functions such as Marshal, Unmarshal, and so forth. -// -// Message also implements the protoreflect.Message interface. See the protoreflect -// package documentation for that interface for how to get and set fields and -// otherwise interact with the contents of a Message. -// -// Reflection API functions which construct messages, such as NewField, -// return new dynamic messages of the appropriate type. Functions which take -// messages, such as Set for a message-value field, will accept any message -// with a compatible type. -// -// Operations which modify a Message are not safe for concurrent use. -type Message struct { - typ messageType - known map[protoreflect.FieldNumber]protoreflect.Value - ext map[protoreflect.FieldNumber]protoreflect.FieldDescriptor - unknown protoreflect.RawFields -} - -var ( - _ protoreflect.Message = (*Message)(nil) - _ protoreflect.ProtoMessage = (*Message)(nil) - _ protoiface.MessageV1 = (*Message)(nil) -) - -// NewMessage creates a new message with the provided descriptor. -func NewMessage(desc protoreflect.MessageDescriptor) *Message { - return &Message{ - typ: messageType{desc}, - known: make(map[protoreflect.FieldNumber]protoreflect.Value), - ext: make(map[protoreflect.FieldNumber]protoreflect.FieldDescriptor), - } -} - -// ProtoMessage implements the legacy message interface. -func (m *Message) ProtoMessage() {} - -// ProtoReflect implements the protoreflect.ProtoMessage interface. -func (m *Message) ProtoReflect() protoreflect.Message { - return m -} - -// String returns a string representation of a message. -func (m *Message) String() string { - return protoimpl.X.MessageStringOf(m) -} - -// Reset clears the message to be empty, but preserves the dynamic message type. -func (m *Message) Reset() { - m.known = make(map[protoreflect.FieldNumber]protoreflect.Value) - m.ext = make(map[protoreflect.FieldNumber]protoreflect.FieldDescriptor) - m.unknown = nil -} - -// Descriptor returns the message descriptor. -func (m *Message) Descriptor() protoreflect.MessageDescriptor { - return m.typ.desc -} - -// Type returns the message type. -func (m *Message) Type() protoreflect.MessageType { - return m.typ -} - -// New returns a newly allocated empty message with the same descriptor. -// See protoreflect.Message for details. -func (m *Message) New() protoreflect.Message { - return m.Type().New() -} - -// Interface returns the message. -// See protoreflect.Message for details. -func (m *Message) Interface() protoreflect.ProtoMessage { - return m -} - -// ProtoMethods is an internal detail of the protoreflect.Message interface. -// Users should never call this directly. -func (m *Message) ProtoMethods() *protoiface.Methods { - return nil -} - -// Range visits every populated field in undefined order. -// See protoreflect.Message for details. -func (m *Message) Range(f func(protoreflect.FieldDescriptor, protoreflect.Value) bool) { - for num, v := range m.known { - fd := m.ext[num] - if fd == nil { - fd = m.Descriptor().Fields().ByNumber(num) - } - if !isSet(fd, v) { - continue - } - if !f(fd, v) { - return - } - } -} - -// Has reports whether a field is populated. -// See protoreflect.Message for details. -func (m *Message) Has(fd protoreflect.FieldDescriptor) bool { - m.checkField(fd) - if fd.IsExtension() && m.ext[fd.Number()] != fd { - return false - } - v, ok := m.known[fd.Number()] - if !ok { - return false - } - return isSet(fd, v) -} - -// Clear clears a field. -// See protoreflect.Message for details. -func (m *Message) Clear(fd protoreflect.FieldDescriptor) { - m.checkField(fd) - num := fd.Number() - delete(m.known, num) - delete(m.ext, num) -} - -// Get returns the value of a field. -// See protoreflect.Message for details. -func (m *Message) Get(fd protoreflect.FieldDescriptor) protoreflect.Value { - m.checkField(fd) - num := fd.Number() - if fd.IsExtension() { - if fd != m.ext[num] { - return fd.(protoreflect.ExtensionTypeDescriptor).Type().Zero() - } - return m.known[num] - } - if v, ok := m.known[num]; ok { - switch { - case fd.IsMap(): - if v.Map().Len() > 0 { - return v - } - case fd.IsList(): - if v.List().Len() > 0 { - return v - } - default: - return v - } - } - switch { - case fd.IsMap(): - return protoreflect.ValueOfMap(&dynamicMap{desc: fd}) - case fd.IsList(): - return protoreflect.ValueOfList(emptyList{desc: fd}) - case fd.Message() != nil: - return protoreflect.ValueOfMessage(&Message{typ: messageType{fd.Message()}}) - case fd.Kind() == protoreflect.BytesKind: - return protoreflect.ValueOfBytes(append([]byte(nil), fd.Default().Bytes()...)) - default: - return fd.Default() - } -} - -// Mutable returns a mutable reference to a repeated, map, or message field. -// See protoreflect.Message for details. -func (m *Message) Mutable(fd protoreflect.FieldDescriptor) protoreflect.Value { - m.checkField(fd) - if !fd.IsMap() && !fd.IsList() && fd.Message() == nil { - panic(errors.New("%v: getting mutable reference to non-composite type", fd.FullName())) - } - if m.known == nil { - panic(errors.New("%v: modification of read-only message", fd.FullName())) - } - num := fd.Number() - if fd.IsExtension() { - if fd != m.ext[num] { - m.ext[num] = fd - m.known[num] = fd.(protoreflect.ExtensionTypeDescriptor).Type().New() - } - return m.known[num] - } - if v, ok := m.known[num]; ok { - return v - } - m.clearOtherOneofFields(fd) - m.known[num] = m.NewField(fd) - if fd.IsExtension() { - m.ext[num] = fd - } - return m.known[num] -} - -// Set stores a value in a field. -// See protoreflect.Message for details. -func (m *Message) Set(fd protoreflect.FieldDescriptor, v protoreflect.Value) { - m.checkField(fd) - if m.known == nil { - panic(errors.New("%v: modification of read-only message", fd.FullName())) - } - if fd.IsExtension() { - isValid := true - switch { - case !fd.(protoreflect.ExtensionTypeDescriptor).Type().IsValidValue(v): - isValid = false - case fd.IsList(): - isValid = v.List().IsValid() - case fd.IsMap(): - isValid = v.Map().IsValid() - case fd.Message() != nil: - isValid = v.Message().IsValid() - } - if !isValid { - panic(errors.New("%v: assigning invalid type %T", fd.FullName(), v.Interface())) - } - m.ext[fd.Number()] = fd - } else { - typecheck(fd, v) - } - m.clearOtherOneofFields(fd) - m.known[fd.Number()] = v -} - -func (m *Message) clearOtherOneofFields(fd protoreflect.FieldDescriptor) { - od := fd.ContainingOneof() - if od == nil { - return - } - num := fd.Number() - for i := 0; i < od.Fields().Len(); i++ { - if n := od.Fields().Get(i).Number(); n != num { - delete(m.known, n) - } - } -} - -// NewField returns a new value for assignable to the field of a given descriptor. -// See protoreflect.Message for details. -func (m *Message) NewField(fd protoreflect.FieldDescriptor) protoreflect.Value { - m.checkField(fd) - switch { - case fd.IsExtension(): - return fd.(protoreflect.ExtensionTypeDescriptor).Type().New() - case fd.IsMap(): - return protoreflect.ValueOfMap(&dynamicMap{ - desc: fd, - mapv: make(map[interface{}]protoreflect.Value), - }) - case fd.IsList(): - return protoreflect.ValueOfList(&dynamicList{desc: fd}) - case fd.Message() != nil: - return protoreflect.ValueOfMessage(NewMessage(fd.Message()).ProtoReflect()) - default: - return fd.Default() - } -} - -// WhichOneof reports which field in a oneof is populated, returning nil if none are populated. -// See protoreflect.Message for details. -func (m *Message) WhichOneof(od protoreflect.OneofDescriptor) protoreflect.FieldDescriptor { - for i := 0; i < od.Fields().Len(); i++ { - fd := od.Fields().Get(i) - if m.Has(fd) { - return fd - } - } - return nil -} - -// GetUnknown returns the raw unknown fields. -// See protoreflect.Message for details. -func (m *Message) GetUnknown() protoreflect.RawFields { - return m.unknown -} - -// SetUnknown sets the raw unknown fields. -// See protoreflect.Message for details. -func (m *Message) SetUnknown(r protoreflect.RawFields) { - if m.known == nil { - panic(errors.New("%v: modification of read-only message", m.typ.desc.FullName())) - } - m.unknown = r -} - -// IsValid reports whether the message is valid. -// See protoreflect.Message for details. -func (m *Message) IsValid() bool { - return m.known != nil -} - -func (m *Message) checkField(fd protoreflect.FieldDescriptor) { - if fd.IsExtension() && fd.ContainingMessage().FullName() == m.Descriptor().FullName() { - if _, ok := fd.(protoreflect.ExtensionTypeDescriptor); !ok { - panic(errors.New("%v: extension field descriptor does not implement ExtensionTypeDescriptor", fd.FullName())) - } - return - } - if fd.Parent() == m.Descriptor() { - return - } - fields := m.Descriptor().Fields() - index := fd.Index() - if index >= fields.Len() || fields.Get(index) != fd { - panic(errors.New("%v: field descriptor does not belong to this message", fd.FullName())) - } -} - -type messageType struct { - desc protoreflect.MessageDescriptor -} - -// NewMessageType creates a new MessageType with the provided descriptor. -// -// MessageTypes created by this package are equal if their descriptors are equal. -// That is, if md1 == md2, then NewMessageType(md1) == NewMessageType(md2). -func NewMessageType(desc protoreflect.MessageDescriptor) protoreflect.MessageType { - return messageType{desc} -} - -func (mt messageType) New() protoreflect.Message { return NewMessage(mt.desc) } -func (mt messageType) Zero() protoreflect.Message { return &Message{typ: messageType{mt.desc}} } -func (mt messageType) Descriptor() protoreflect.MessageDescriptor { return mt.desc } -func (mt messageType) Enum(i int) protoreflect.EnumType { - if ed := mt.desc.Fields().Get(i).Enum(); ed != nil { - return NewEnumType(ed) - } - return nil -} -func (mt messageType) Message(i int) protoreflect.MessageType { - if md := mt.desc.Fields().Get(i).Message(); md != nil { - return NewMessageType(md) - } - return nil -} - -type emptyList struct { - desc protoreflect.FieldDescriptor -} - -func (x emptyList) Len() int { return 0 } -func (x emptyList) Get(n int) protoreflect.Value { panic(errors.New("out of range")) } -func (x emptyList) Set(n int, v protoreflect.Value) { - panic(errors.New("modification of immutable list")) -} -func (x emptyList) Append(v protoreflect.Value) { panic(errors.New("modification of immutable list")) } -func (x emptyList) AppendMutable() protoreflect.Value { - panic(errors.New("modification of immutable list")) -} -func (x emptyList) Truncate(n int) { panic(errors.New("modification of immutable list")) } -func (x emptyList) NewElement() protoreflect.Value { return newListEntry(x.desc) } -func (x emptyList) IsValid() bool { return false } - -type dynamicList struct { - desc protoreflect.FieldDescriptor - list []protoreflect.Value -} - -func (x *dynamicList) Len() int { - return len(x.list) -} - -func (x *dynamicList) Get(n int) protoreflect.Value { - return x.list[n] -} - -func (x *dynamicList) Set(n int, v protoreflect.Value) { - typecheckSingular(x.desc, v) - x.list[n] = v -} - -func (x *dynamicList) Append(v protoreflect.Value) { - typecheckSingular(x.desc, v) - x.list = append(x.list, v) -} - -func (x *dynamicList) AppendMutable() protoreflect.Value { - if x.desc.Message() == nil { - panic(errors.New("%v: invalid AppendMutable on list with non-message type", x.desc.FullName())) - } - v := x.NewElement() - x.Append(v) - return v -} - -func (x *dynamicList) Truncate(n int) { - // Zero truncated elements to avoid keeping data live. - for i := n; i < len(x.list); i++ { - x.list[i] = protoreflect.Value{} - } - x.list = x.list[:n] -} - -func (x *dynamicList) NewElement() protoreflect.Value { - return newListEntry(x.desc) -} - -func (x *dynamicList) IsValid() bool { - return true -} - -type dynamicMap struct { - desc protoreflect.FieldDescriptor - mapv map[interface{}]protoreflect.Value -} - -func (x *dynamicMap) Get(k protoreflect.MapKey) protoreflect.Value { return x.mapv[k.Interface()] } -func (x *dynamicMap) Set(k protoreflect.MapKey, v protoreflect.Value) { - typecheckSingular(x.desc.MapKey(), k.Value()) - typecheckSingular(x.desc.MapValue(), v) - x.mapv[k.Interface()] = v -} -func (x *dynamicMap) Has(k protoreflect.MapKey) bool { return x.Get(k).IsValid() } -func (x *dynamicMap) Clear(k protoreflect.MapKey) { delete(x.mapv, k.Interface()) } -func (x *dynamicMap) Mutable(k protoreflect.MapKey) protoreflect.Value { - if x.desc.MapValue().Message() == nil { - panic(errors.New("%v: invalid Mutable on map with non-message value type", x.desc.FullName())) - } - v := x.Get(k) - if !v.IsValid() { - v = x.NewValue() - x.Set(k, v) - } - return v -} -func (x *dynamicMap) Len() int { return len(x.mapv) } -func (x *dynamicMap) NewValue() protoreflect.Value { - if md := x.desc.MapValue().Message(); md != nil { - return protoreflect.ValueOfMessage(NewMessage(md).ProtoReflect()) - } - return x.desc.MapValue().Default() -} -func (x *dynamicMap) IsValid() bool { - return x.mapv != nil -} - -func (x *dynamicMap) Range(f func(protoreflect.MapKey, protoreflect.Value) bool) { - for k, v := range x.mapv { - if !f(protoreflect.ValueOf(k).MapKey(), v) { - return - } - } -} - -func isSet(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool { - switch { - case fd.IsMap(): - return v.Map().Len() > 0 - case fd.IsList(): - return v.List().Len() > 0 - case fd.ContainingOneof() != nil: - return true - case fd.Syntax() == protoreflect.Proto3 && !fd.IsExtension(): - switch fd.Kind() { - case protoreflect.BoolKind: - return v.Bool() - case protoreflect.EnumKind: - return v.Enum() != 0 - case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed32Kind, protoreflect.Sfixed64Kind: - return v.Int() != 0 - case protoreflect.Uint32Kind, protoreflect.Uint64Kind, protoreflect.Fixed32Kind, protoreflect.Fixed64Kind: - return v.Uint() != 0 - case protoreflect.FloatKind, protoreflect.DoubleKind: - return v.Float() != 0 || math.Signbit(v.Float()) - case protoreflect.StringKind: - return v.String() != "" - case protoreflect.BytesKind: - return len(v.Bytes()) > 0 - } - } - return true -} - -func typecheck(fd protoreflect.FieldDescriptor, v protoreflect.Value) { - if err := typeIsValid(fd, v); err != nil { - panic(err) - } -} - -func typeIsValid(fd protoreflect.FieldDescriptor, v protoreflect.Value) error { - switch { - case !v.IsValid(): - return errors.New("%v: assigning invalid value", fd.FullName()) - case fd.IsMap(): - if mapv, ok := v.Interface().(*dynamicMap); !ok || mapv.desc != fd || !mapv.IsValid() { - return errors.New("%v: assigning invalid type %T", fd.FullName(), v.Interface()) - } - return nil - case fd.IsList(): - switch list := v.Interface().(type) { - case *dynamicList: - if list.desc == fd && list.IsValid() { - return nil - } - case emptyList: - if list.desc == fd && list.IsValid() { - return nil - } - } - return errors.New("%v: assigning invalid type %T", fd.FullName(), v.Interface()) - default: - return singularTypeIsValid(fd, v) - } -} - -func typecheckSingular(fd protoreflect.FieldDescriptor, v protoreflect.Value) { - if err := singularTypeIsValid(fd, v); err != nil { - panic(err) - } -} - -func singularTypeIsValid(fd protoreflect.FieldDescriptor, v protoreflect.Value) error { - vi := v.Interface() - var ok bool - switch fd.Kind() { - case protoreflect.BoolKind: - _, ok = vi.(bool) - case protoreflect.EnumKind: - // We could check against the valid set of enum values, but do not. - _, ok = vi.(protoreflect.EnumNumber) - case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind: - _, ok = vi.(int32) - case protoreflect.Uint32Kind, protoreflect.Fixed32Kind: - _, ok = vi.(uint32) - case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: - _, ok = vi.(int64) - case protoreflect.Uint64Kind, protoreflect.Fixed64Kind: - _, ok = vi.(uint64) - case protoreflect.FloatKind: - _, ok = vi.(float32) - case protoreflect.DoubleKind: - _, ok = vi.(float64) - case protoreflect.StringKind: - _, ok = vi.(string) - case protoreflect.BytesKind: - _, ok = vi.([]byte) - case protoreflect.MessageKind, protoreflect.GroupKind: - var m protoreflect.Message - m, ok = vi.(protoreflect.Message) - if ok && m.Descriptor().FullName() != fd.Message().FullName() { - return errors.New("%v: assigning invalid message type %v", fd.FullName(), m.Descriptor().FullName()) - } - if dm, ok := vi.(*Message); ok && dm.known == nil { - return errors.New("%v: assigning invalid zero-value message", fd.FullName()) - } - } - if !ok { - return errors.New("%v: assigning invalid type %T", fd.FullName(), v.Interface()) - } - return nil -} - -func newListEntry(fd protoreflect.FieldDescriptor) protoreflect.Value { - switch fd.Kind() { - case protoreflect.BoolKind: - return protoreflect.ValueOfBool(false) - case protoreflect.EnumKind: - return protoreflect.ValueOfEnum(fd.Enum().Values().Get(0).Number()) - case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind: - return protoreflect.ValueOfInt32(0) - case protoreflect.Uint32Kind, protoreflect.Fixed32Kind: - return protoreflect.ValueOfUint32(0) - case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: - return protoreflect.ValueOfInt64(0) - case protoreflect.Uint64Kind, protoreflect.Fixed64Kind: - return protoreflect.ValueOfUint64(0) - case protoreflect.FloatKind: - return protoreflect.ValueOfFloat32(0) - case protoreflect.DoubleKind: - return protoreflect.ValueOfFloat64(0) - case protoreflect.StringKind: - return protoreflect.ValueOfString("") - case protoreflect.BytesKind: - return protoreflect.ValueOfBytes(nil) - case protoreflect.MessageKind, protoreflect.GroupKind: - return protoreflect.ValueOfMessage(NewMessage(fd.Message()).ProtoReflect()) - } - panic(errors.New("%v: unknown kind %v", fd.FullName(), fd.Kind())) -} - -// NewExtensionType creates a new ExtensionType with the provided descriptor. -// -// Dynamic ExtensionTypes with the same descriptor compare as equal. That is, -// if xd1 == xd2, then NewExtensionType(xd1) == NewExtensionType(xd2). -// -// The InterfaceOf and ValueOf methods of the extension type are defined as: -// -// func (xt extensionType) ValueOf(iv interface{}) protoreflect.Value { -// return protoreflect.ValueOf(iv) -// } -// -// func (xt extensionType) InterfaceOf(v protoreflect.Value) interface{} { -// return v.Interface() -// } -// -// The Go type used by the proto.GetExtension and proto.SetExtension functions -// is determined by these methods, and is therefore equivalent to the Go type -// used to represent a protoreflect.Value. See the protoreflect.Value -// documentation for more details. -func NewExtensionType(desc protoreflect.ExtensionDescriptor) protoreflect.ExtensionType { - if xt, ok := desc.(protoreflect.ExtensionTypeDescriptor); ok { - desc = xt.Descriptor() - } - return extensionType{extensionTypeDescriptor{desc}} -} - -func (xt extensionType) New() protoreflect.Value { - switch { - case xt.desc.IsMap(): - return protoreflect.ValueOfMap(&dynamicMap{ - desc: xt.desc, - mapv: make(map[interface{}]protoreflect.Value), - }) - case xt.desc.IsList(): - return protoreflect.ValueOfList(&dynamicList{desc: xt.desc}) - case xt.desc.Message() != nil: - return protoreflect.ValueOfMessage(NewMessage(xt.desc.Message())) - default: - return xt.desc.Default() - } -} - -func (xt extensionType) Zero() protoreflect.Value { - switch { - case xt.desc.IsMap(): - return protoreflect.ValueOfMap(&dynamicMap{desc: xt.desc}) - case xt.desc.Cardinality() == protoreflect.Repeated: - return protoreflect.ValueOfList(emptyList{desc: xt.desc}) - case xt.desc.Message() != nil: - return protoreflect.ValueOfMessage(&Message{typ: messageType{xt.desc.Message()}}) - default: - return xt.desc.Default() - } -} - -func (xt extensionType) TypeDescriptor() protoreflect.ExtensionTypeDescriptor { - return xt.desc -} - -func (xt extensionType) ValueOf(iv interface{}) protoreflect.Value { - v := protoreflect.ValueOf(iv) - typecheck(xt.desc, v) - return v -} - -func (xt extensionType) InterfaceOf(v protoreflect.Value) interface{} { - typecheck(xt.desc, v) - return v.Interface() -} - -func (xt extensionType) IsValidInterface(iv interface{}) bool { - return typeIsValid(xt.desc, protoreflect.ValueOf(iv)) == nil -} - -func (xt extensionType) IsValidValue(v protoreflect.Value) bool { - return typeIsValid(xt.desc, v) == nil -} - -type extensionTypeDescriptor struct { - protoreflect.ExtensionDescriptor -} - -func (xt extensionTypeDescriptor) Type() protoreflect.ExtensionType { - return extensionType{xt} -} - -func (xt extensionTypeDescriptor) Descriptor() protoreflect.ExtensionDescriptor { - return xt.ExtensionDescriptor -} diff --git a/etcd/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go b/etcd/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go deleted file mode 100644 index e7fcea31f6..0000000000 --- a/etcd/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go +++ /dev/null @@ -1,168 +0,0 @@ -// Protocol Buffers - Google's data interchange format -// Copyright 2008 Google Inc. All rights reserved. -// https://developers.google.com/protocol-buffers/ -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: google/protobuf/empty.proto - -package emptypb - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -// A generic empty message that you can re-use to avoid defining duplicated -// empty messages in your APIs. A typical example is to use it as the request -// or the response type of an API method. For instance: -// -// service Foo { -// rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); -// } -// -// The JSON representation for `Empty` is empty JSON object `{}`. -type Empty struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *Empty) Reset() { - *x = Empty{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_empty_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Empty) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Empty) ProtoMessage() {} - -func (x *Empty) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_empty_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Empty.ProtoReflect.Descriptor instead. -func (*Empty) Descriptor() ([]byte, []int) { - return file_google_protobuf_empty_proto_rawDescGZIP(), []int{0} -} - -var File_google_protobuf_empty_proto protoreflect.FileDescriptor - -var file_google_protobuf_empty_proto_rawDesc = []byte{ - 0x0a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x22, 0x07, - 0x0a, 0x05, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x7d, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x0a, - 0x45, 0x6d, 0x70, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6b, - 0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, - 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, - 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_google_protobuf_empty_proto_rawDescOnce sync.Once - file_google_protobuf_empty_proto_rawDescData = file_google_protobuf_empty_proto_rawDesc -) - -func file_google_protobuf_empty_proto_rawDescGZIP() []byte { - file_google_protobuf_empty_proto_rawDescOnce.Do(func() { - file_google_protobuf_empty_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_empty_proto_rawDescData) - }) - return file_google_protobuf_empty_proto_rawDescData -} - -var file_google_protobuf_empty_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_google_protobuf_empty_proto_goTypes = []interface{}{ - (*Empty)(nil), // 0: google.protobuf.Empty -} -var file_google_protobuf_empty_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_google_protobuf_empty_proto_init() } -func file_google_protobuf_empty_proto_init() { - if File_google_protobuf_empty_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_google_protobuf_empty_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Empty); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_protobuf_empty_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_protobuf_empty_proto_goTypes, - DependencyIndexes: file_google_protobuf_empty_proto_depIdxs, - MessageInfos: file_google_protobuf_empty_proto_msgTypes, - }.Build() - File_google_protobuf_empty_proto = out.File - file_google_protobuf_empty_proto_rawDesc = nil - file_google_protobuf_empty_proto_goTypes = nil - file_google_protobuf_empty_proto_depIdxs = nil -} diff --git a/etcd/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go b/etcd/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go deleted file mode 100644 index 586690522a..0000000000 --- a/etcd/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go +++ /dev/null @@ -1,810 +0,0 @@ -// Protocol Buffers - Google's data interchange format -// Copyright 2008 Google Inc. All rights reserved. -// https://developers.google.com/protocol-buffers/ -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: google/protobuf/struct.proto - -// Package structpb contains generated types for google/protobuf/struct.proto. -// -// The messages (i.e., Value, Struct, and ListValue) defined in struct.proto are -// used to represent arbitrary JSON. The Value message represents a JSON value, -// the Struct message represents a JSON object, and the ListValue message -// represents a JSON array. See https://json.org for more information. -// -// The Value, Struct, and ListValue types have generated MarshalJSON and -// UnmarshalJSON methods such that they serialize JSON equivalent to what the -// messages themselves represent. Use of these types with the -// "google.golang.org/protobuf/encoding/protojson" package -// ensures that they will be serialized as their JSON equivalent. -// -// -// Conversion to and from a Go interface -// -// The standard Go "encoding/json" package has functionality to serialize -// arbitrary types to a large degree. The Value.AsInterface, Struct.AsMap, and -// ListValue.AsSlice methods can convert the protobuf message representation into -// a form represented by interface{}, map[string]interface{}, and []interface{}. -// This form can be used with other packages that operate on such data structures -// and also directly with the standard json package. -// -// In order to convert the interface{}, map[string]interface{}, and []interface{} -// forms back as Value, Struct, and ListValue messages, use the NewStruct, -// NewList, and NewValue constructor functions. -// -// -// Example usage -// -// Consider the following example JSON object: -// -// { -// "firstName": "John", -// "lastName": "Smith", -// "isAlive": true, -// "age": 27, -// "address": { -// "streetAddress": "21 2nd Street", -// "city": "New York", -// "state": "NY", -// "postalCode": "10021-3100" -// }, -// "phoneNumbers": [ -// { -// "type": "home", -// "number": "212 555-1234" -// }, -// { -// "type": "office", -// "number": "646 555-4567" -// } -// ], -// "children": [], -// "spouse": null -// } -// -// To construct a Value message representing the above JSON object: -// -// m, err := structpb.NewValue(map[string]interface{}{ -// "firstName": "John", -// "lastName": "Smith", -// "isAlive": true, -// "age": 27, -// "address": map[string]interface{}{ -// "streetAddress": "21 2nd Street", -// "city": "New York", -// "state": "NY", -// "postalCode": "10021-3100", -// }, -// "phoneNumbers": []interface{}{ -// map[string]interface{}{ -// "type": "home", -// "number": "212 555-1234", -// }, -// map[string]interface{}{ -// "type": "office", -// "number": "646 555-4567", -// }, -// }, -// "children": []interface{}{}, -// "spouse": nil, -// }) -// if err != nil { -// ... // handle error -// } -// ... // make use of m as a *structpb.Value -// -package structpb - -import ( - base64 "encoding/base64" - protojson "google.golang.org/protobuf/encoding/protojson" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - math "math" - reflect "reflect" - sync "sync" - utf8 "unicode/utf8" -) - -// `NullValue` is a singleton enumeration to represent the null value for the -// `Value` type union. -// -// The JSON representation for `NullValue` is JSON `null`. -type NullValue int32 - -const ( - // Null value. - NullValue_NULL_VALUE NullValue = 0 -) - -// Enum value maps for NullValue. -var ( - NullValue_name = map[int32]string{ - 0: "NULL_VALUE", - } - NullValue_value = map[string]int32{ - "NULL_VALUE": 0, - } -) - -func (x NullValue) Enum() *NullValue { - p := new(NullValue) - *p = x - return p -} - -func (x NullValue) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (NullValue) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_struct_proto_enumTypes[0].Descriptor() -} - -func (NullValue) Type() protoreflect.EnumType { - return &file_google_protobuf_struct_proto_enumTypes[0] -} - -func (x NullValue) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use NullValue.Descriptor instead. -func (NullValue) EnumDescriptor() ([]byte, []int) { - return file_google_protobuf_struct_proto_rawDescGZIP(), []int{0} -} - -// `Struct` represents a structured data value, consisting of fields -// which map to dynamically typed values. In some languages, `Struct` -// might be supported by a native representation. For example, in -// scripting languages like JS a struct is represented as an -// object. The details of that representation are described together -// with the proto support for the language. -// -// The JSON representation for `Struct` is JSON object. -type Struct struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Unordered map of dynamically typed values. - Fields map[string]*Value `protobuf:"bytes,1,rep,name=fields,proto3" json:"fields,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -// NewStruct constructs a Struct from a general-purpose Go map. -// The map keys must be valid UTF-8. -// The map values are converted using NewValue. -func NewStruct(v map[string]interface{}) (*Struct, error) { - x := &Struct{Fields: make(map[string]*Value, len(v))} - for k, v := range v { - if !utf8.ValidString(k) { - return nil, protoimpl.X.NewError("invalid UTF-8 in string: %q", k) - } - var err error - x.Fields[k], err = NewValue(v) - if err != nil { - return nil, err - } - } - return x, nil -} - -// AsMap converts x to a general-purpose Go map. -// The map values are converted by calling Value.AsInterface. -func (x *Struct) AsMap() map[string]interface{} { - vs := make(map[string]interface{}) - for k, v := range x.GetFields() { - vs[k] = v.AsInterface() - } - return vs -} - -func (x *Struct) MarshalJSON() ([]byte, error) { - return protojson.Marshal(x) -} - -func (x *Struct) UnmarshalJSON(b []byte) error { - return protojson.Unmarshal(b, x) -} - -func (x *Struct) Reset() { - *x = Struct{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_struct_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Struct) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Struct) ProtoMessage() {} - -func (x *Struct) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_struct_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Struct.ProtoReflect.Descriptor instead. -func (*Struct) Descriptor() ([]byte, []int) { - return file_google_protobuf_struct_proto_rawDescGZIP(), []int{0} -} - -func (x *Struct) GetFields() map[string]*Value { - if x != nil { - return x.Fields - } - return nil -} - -// `Value` represents a dynamically typed value which can be either -// null, a number, a string, a boolean, a recursive struct value, or a -// list of values. A producer of value is expected to set one of that -// variants, absence of any variant indicates an error. -// -// The JSON representation for `Value` is JSON value. -type Value struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The kind of value. - // - // Types that are assignable to Kind: - // *Value_NullValue - // *Value_NumberValue - // *Value_StringValue - // *Value_BoolValue - // *Value_StructValue - // *Value_ListValue - Kind isValue_Kind `protobuf_oneof:"kind"` -} - -// NewValue constructs a Value from a general-purpose Go interface. -// -// â•”â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•¤â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•— -// â•‘ Go type │ Conversion â•‘ -// â• â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•ªâ•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•£ -// â•‘ nil │ stored as NullValue â•‘ -// â•‘ bool │ stored as BoolValue â•‘ -// â•‘ int, int32, int64 │ stored as NumberValue â•‘ -// â•‘ uint, uint32, uint64 │ stored as NumberValue â•‘ -// â•‘ float32, float64 │ stored as NumberValue â•‘ -// â•‘ string │ stored as StringValue; must be valid UTF-8 â•‘ -// â•‘ []byte │ stored as StringValue; base64-encoded â•‘ -// â•‘ map[string]interface{} │ stored as StructValue â•‘ -// â•‘ []interface{} │ stored as ListValue â•‘ -// â•šâ•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•§â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â• -// -// When converting an int64 or uint64 to a NumberValue, numeric precision loss -// is possible since they are stored as a float64. -func NewValue(v interface{}) (*Value, error) { - switch v := v.(type) { - case nil: - return NewNullValue(), nil - case bool: - return NewBoolValue(v), nil - case int: - return NewNumberValue(float64(v)), nil - case int32: - return NewNumberValue(float64(v)), nil - case int64: - return NewNumberValue(float64(v)), nil - case uint: - return NewNumberValue(float64(v)), nil - case uint32: - return NewNumberValue(float64(v)), nil - case uint64: - return NewNumberValue(float64(v)), nil - case float32: - return NewNumberValue(float64(v)), nil - case float64: - return NewNumberValue(float64(v)), nil - case string: - if !utf8.ValidString(v) { - return nil, protoimpl.X.NewError("invalid UTF-8 in string: %q", v) - } - return NewStringValue(v), nil - case []byte: - s := base64.StdEncoding.EncodeToString(v) - return NewStringValue(s), nil - case map[string]interface{}: - v2, err := NewStruct(v) - if err != nil { - return nil, err - } - return NewStructValue(v2), nil - case []interface{}: - v2, err := NewList(v) - if err != nil { - return nil, err - } - return NewListValue(v2), nil - default: - return nil, protoimpl.X.NewError("invalid type: %T", v) - } -} - -// NewNullValue constructs a new null Value. -func NewNullValue() *Value { - return &Value{Kind: &Value_NullValue{NullValue: NullValue_NULL_VALUE}} -} - -// NewBoolValue constructs a new boolean Value. -func NewBoolValue(v bool) *Value { - return &Value{Kind: &Value_BoolValue{BoolValue: v}} -} - -// NewNumberValue constructs a new number Value. -func NewNumberValue(v float64) *Value { - return &Value{Kind: &Value_NumberValue{NumberValue: v}} -} - -// NewStringValue constructs a new string Value. -func NewStringValue(v string) *Value { - return &Value{Kind: &Value_StringValue{StringValue: v}} -} - -// NewStructValue constructs a new struct Value. -func NewStructValue(v *Struct) *Value { - return &Value{Kind: &Value_StructValue{StructValue: v}} -} - -// NewListValue constructs a new list Value. -func NewListValue(v *ListValue) *Value { - return &Value{Kind: &Value_ListValue{ListValue: v}} -} - -// AsInterface converts x to a general-purpose Go interface. -// -// Calling Value.MarshalJSON and "encoding/json".Marshal on this output produce -// semantically equivalent JSON (assuming no errors occur). -// -// Floating-point values (i.e., "NaN", "Infinity", and "-Infinity") are -// converted as strings to remain compatible with MarshalJSON. -func (x *Value) AsInterface() interface{} { - switch v := x.GetKind().(type) { - case *Value_NumberValue: - if v != nil { - switch { - case math.IsNaN(v.NumberValue): - return "NaN" - case math.IsInf(v.NumberValue, +1): - return "Infinity" - case math.IsInf(v.NumberValue, -1): - return "-Infinity" - default: - return v.NumberValue - } - } - case *Value_StringValue: - if v != nil { - return v.StringValue - } - case *Value_BoolValue: - if v != nil { - return v.BoolValue - } - case *Value_StructValue: - if v != nil { - return v.StructValue.AsMap() - } - case *Value_ListValue: - if v != nil { - return v.ListValue.AsSlice() - } - } - return nil -} - -func (x *Value) MarshalJSON() ([]byte, error) { - return protojson.Marshal(x) -} - -func (x *Value) UnmarshalJSON(b []byte) error { - return protojson.Unmarshal(b, x) -} - -func (x *Value) Reset() { - *x = Value{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_struct_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Value) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Value) ProtoMessage() {} - -func (x *Value) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_struct_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Value.ProtoReflect.Descriptor instead. -func (*Value) Descriptor() ([]byte, []int) { - return file_google_protobuf_struct_proto_rawDescGZIP(), []int{1} -} - -func (m *Value) GetKind() isValue_Kind { - if m != nil { - return m.Kind - } - return nil -} - -func (x *Value) GetNullValue() NullValue { - if x, ok := x.GetKind().(*Value_NullValue); ok { - return x.NullValue - } - return NullValue_NULL_VALUE -} - -func (x *Value) GetNumberValue() float64 { - if x, ok := x.GetKind().(*Value_NumberValue); ok { - return x.NumberValue - } - return 0 -} - -func (x *Value) GetStringValue() string { - if x, ok := x.GetKind().(*Value_StringValue); ok { - return x.StringValue - } - return "" -} - -func (x *Value) GetBoolValue() bool { - if x, ok := x.GetKind().(*Value_BoolValue); ok { - return x.BoolValue - } - return false -} - -func (x *Value) GetStructValue() *Struct { - if x, ok := x.GetKind().(*Value_StructValue); ok { - return x.StructValue - } - return nil -} - -func (x *Value) GetListValue() *ListValue { - if x, ok := x.GetKind().(*Value_ListValue); ok { - return x.ListValue - } - return nil -} - -type isValue_Kind interface { - isValue_Kind() -} - -type Value_NullValue struct { - // Represents a null value. - NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof"` -} - -type Value_NumberValue struct { - // Represents a double value. - NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,proto3,oneof"` -} - -type Value_StringValue struct { - // Represents a string value. - StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof"` -} - -type Value_BoolValue struct { - // Represents a boolean value. - BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof"` -} - -type Value_StructValue struct { - // Represents a structured value. - StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,proto3,oneof"` -} - -type Value_ListValue struct { - // Represents a repeated `Value`. - ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,proto3,oneof"` -} - -func (*Value_NullValue) isValue_Kind() {} - -func (*Value_NumberValue) isValue_Kind() {} - -func (*Value_StringValue) isValue_Kind() {} - -func (*Value_BoolValue) isValue_Kind() {} - -func (*Value_StructValue) isValue_Kind() {} - -func (*Value_ListValue) isValue_Kind() {} - -// `ListValue` is a wrapper around a repeated field of values. -// -// The JSON representation for `ListValue` is JSON array. -type ListValue struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Repeated field of dynamically typed values. - Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"` -} - -// NewList constructs a ListValue from a general-purpose Go slice. -// The slice elements are converted using NewValue. -func NewList(v []interface{}) (*ListValue, error) { - x := &ListValue{Values: make([]*Value, len(v))} - for i, v := range v { - var err error - x.Values[i], err = NewValue(v) - if err != nil { - return nil, err - } - } - return x, nil -} - -// AsSlice converts x to a general-purpose Go slice. -// The slice elements are converted by calling Value.AsInterface. -func (x *ListValue) AsSlice() []interface{} { - vs := make([]interface{}, len(x.GetValues())) - for i, v := range x.GetValues() { - vs[i] = v.AsInterface() - } - return vs -} - -func (x *ListValue) MarshalJSON() ([]byte, error) { - return protojson.Marshal(x) -} - -func (x *ListValue) UnmarshalJSON(b []byte) error { - return protojson.Unmarshal(b, x) -} - -func (x *ListValue) Reset() { - *x = ListValue{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_struct_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ListValue) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ListValue) ProtoMessage() {} - -func (x *ListValue) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_struct_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ListValue.ProtoReflect.Descriptor instead. -func (*ListValue) Descriptor() ([]byte, []int) { - return file_google_protobuf_struct_proto_rawDescGZIP(), []int{2} -} - -func (x *ListValue) GetValues() []*Value { - if x != nil { - return x.Values - } - return nil -} - -var File_google_protobuf_struct_proto protoreflect.FileDescriptor - -var file_google_protobuf_struct_proto_rawDesc = []byte{ - 0x0a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x22, - 0x98, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x69, - 0x65, 0x6c, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, - 0x75, 0x63, 0x74, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x06, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x1a, 0x51, 0x0a, 0x0b, 0x46, 0x69, 0x65, 0x6c, 0x64, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb2, 0x02, 0x0a, 0x05, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4e, 0x75, 0x6c, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x48, 0x00, 0x52, 0x0b, 0x6e, 0x75, 0x6d, 0x62, 0x65, - 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, - 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, - 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0a, 0x62, - 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x48, - 0x00, 0x52, 0x09, 0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3c, 0x0a, 0x0c, - 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x48, 0x00, 0x52, 0x0b, 0x73, - 0x74, 0x72, 0x75, 0x63, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6c, 0x69, - 0x73, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6c, 0x69, - 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x06, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x22, - 0x3b, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2e, 0x0a, 0x06, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x2a, 0x1b, 0x0a, 0x09, - 0x4e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x0e, 0x0a, 0x0a, 0x4e, 0x55, 0x4c, - 0x4c, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x10, 0x00, 0x42, 0x7f, 0x0a, 0x13, 0x63, 0x6f, 0x6d, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x42, 0x0b, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, - 0x72, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, - 0x73, 0x2f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x70, 0x62, - 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1e, 0x47, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x57, 0x65, 0x6c, 0x6c, - 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var ( - file_google_protobuf_struct_proto_rawDescOnce sync.Once - file_google_protobuf_struct_proto_rawDescData = file_google_protobuf_struct_proto_rawDesc -) - -func file_google_protobuf_struct_proto_rawDescGZIP() []byte { - file_google_protobuf_struct_proto_rawDescOnce.Do(func() { - file_google_protobuf_struct_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_struct_proto_rawDescData) - }) - return file_google_protobuf_struct_proto_rawDescData -} - -var file_google_protobuf_struct_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_google_protobuf_struct_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_google_protobuf_struct_proto_goTypes = []interface{}{ - (NullValue)(0), // 0: google.protobuf.NullValue - (*Struct)(nil), // 1: google.protobuf.Struct - (*Value)(nil), // 2: google.protobuf.Value - (*ListValue)(nil), // 3: google.protobuf.ListValue - nil, // 4: google.protobuf.Struct.FieldsEntry -} -var file_google_protobuf_struct_proto_depIdxs = []int32{ - 4, // 0: google.protobuf.Struct.fields:type_name -> google.protobuf.Struct.FieldsEntry - 0, // 1: google.protobuf.Value.null_value:type_name -> google.protobuf.NullValue - 1, // 2: google.protobuf.Value.struct_value:type_name -> google.protobuf.Struct - 3, // 3: google.protobuf.Value.list_value:type_name -> google.protobuf.ListValue - 2, // 4: google.protobuf.ListValue.values:type_name -> google.protobuf.Value - 2, // 5: google.protobuf.Struct.FieldsEntry.value:type_name -> google.protobuf.Value - 6, // [6:6] is the sub-list for method output_type - 6, // [6:6] is the sub-list for method input_type - 6, // [6:6] is the sub-list for extension type_name - 6, // [6:6] is the sub-list for extension extendee - 0, // [0:6] is the sub-list for field type_name -} - -func init() { file_google_protobuf_struct_proto_init() } -func file_google_protobuf_struct_proto_init() { - if File_google_protobuf_struct_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_google_protobuf_struct_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Struct); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_struct_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Value); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_struct_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListValue); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_google_protobuf_struct_proto_msgTypes[1].OneofWrappers = []interface{}{ - (*Value_NullValue)(nil), - (*Value_NumberValue)(nil), - (*Value_StringValue)(nil), - (*Value_BoolValue)(nil), - (*Value_StructValue)(nil), - (*Value_ListValue)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_protobuf_struct_proto_rawDesc, - NumEnums: 1, - NumMessages: 4, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_protobuf_struct_proto_goTypes, - DependencyIndexes: file_google_protobuf_struct_proto_depIdxs, - EnumInfos: file_google_protobuf_struct_proto_enumTypes, - MessageInfos: file_google_protobuf_struct_proto_msgTypes, - }.Build() - File_google_protobuf_struct_proto = out.File - file_google_protobuf_struct_proto_rawDesc = nil - file_google_protobuf_struct_proto_goTypes = nil - file_google_protobuf_struct_proto_depIdxs = nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/.gitcookies.sh.enc b/etcd/vendor/gopkg.in/square/go-jose.v2/.gitcookies.sh.enc deleted file mode 100644 index 730e569b06..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/.gitcookies.sh.enc +++ /dev/null @@ -1 +0,0 @@ -'|Ê&{tÄU|gGê(ìCy=+¨œòcû:u:/pœ#~žü["±4¤!­nÙAªDK<ŠufÿhÅa¿Â:ºü¸¡´B/£Ø¤¹¤ò_hÎÛSãT*wÌx¼¯¹-ç|àÀÓƒÑÄäóÌ㣗A$$â6£ÁâG)8nÏpûÆË¡3ÌšœoïÏvŽB–3¿­]xÝ“Ó2l§G•|qRÞ¯ ö2 5R–Ó×Ç$´ñ½Yè¡ÞÝ™l‘Ë«yAI"ÛŒ˜®íû¹¼kÄ|Kåþ[9ÆâÒå=°úÿŸñ|@S•3 ó#æx?¾V„,¾‚SÆÝõœwPíogÒ6&V6 ©D.dBŠ 7 \ No newline at end of file diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/.gitignore b/etcd/vendor/gopkg.in/square/go-jose.v2/.gitignore deleted file mode 100644 index 5b4d73b681..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -*~ -.*.swp -*.out -*.test -*.pem -*.cov -jose-util/jose-util diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/.travis.yml b/etcd/vendor/gopkg.in/square/go-jose.v2/.travis.yml deleted file mode 100644 index a84e99f7da..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/.travis.yml +++ /dev/null @@ -1,47 +0,0 @@ -language: go - -sudo: false - -matrix: - fast_finish: true - allow_failures: - - go: tip - -go: -- '1.5.x' -- '1.6.x' -- '1.7.x' -- '1.8.x' -- '1.9.x' -- '1.10.x' - -go_import_path: gopkg.in/square/go-jose.v2 - -before_script: -- export PATH=$HOME/.local/bin:$PATH - -before_install: -# Install encrypted gitcookies to get around bandwidth-limits -# that is causing Travis-CI builds to fail. For more info, see -# https://github.com/golang/go/issues/12933 -- openssl aes-256-cbc -K $encrypted_1528c3c2cafd_key -iv $encrypted_1528c3c2cafd_iv -in .gitcookies.sh.enc -out .gitcookies.sh -d || true -- bash .gitcookies.sh || true -- go get github.com/wadey/gocovmerge -- go get github.com/mattn/goveralls -- go get github.com/stretchr/testify/assert -- go get golang.org/x/tools/cmd/cover || true -- go get code.google.com/p/go.tools/cmd/cover || true -- pip install cram --user - -script: -- go test . -v -covermode=count -coverprofile=profile.cov -- go test ./cipher -v -covermode=count -coverprofile=cipher/profile.cov -- go test ./jwt -v -covermode=count -coverprofile=jwt/profile.cov -- go test ./json -v # no coverage for forked encoding/json package -- cd jose-util && go build && PATH=$PWD:$PATH cram -v jose-util.t -- cd .. - -after_success: -- gocovmerge *.cov */*.cov > merged.coverprofile -- $HOME/gopath/bin/goveralls -coverprofile merged.coverprofile -service=travis-ci - diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/BUG-BOUNTY.md b/etcd/vendor/gopkg.in/square/go-jose.v2/BUG-BOUNTY.md deleted file mode 100644 index 3305db0f65..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/BUG-BOUNTY.md +++ /dev/null @@ -1,10 +0,0 @@ -Serious about security -====================== - -Square recognizes the important contributions the security research community -can make. We therefore encourage reporting security issues with the code -contained in this repository. - -If you believe you have discovered a security vulnerability, please follow the -guidelines at <https://bugcrowd.com/squareopensource>. - diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/CONTRIBUTING.md b/etcd/vendor/gopkg.in/square/go-jose.v2/CONTRIBUTING.md deleted file mode 100644 index 61b183651c..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/CONTRIBUTING.md +++ /dev/null @@ -1,14 +0,0 @@ -# Contributing - -If you would like to contribute code to go-jose you can do so through GitHub by -forking the repository and sending a pull request. - -When submitting code, please make every effort to follow existing conventions -and style in order to keep the code as readable as possible. Please also make -sure all tests pass by running `go test`, and format your code with `go fmt`. -We also recommend using `golint` and `errcheck`. - -Before your code can be accepted into the project you must also sign the -[Individual Contributor License Agreement][1]. - - [1]: https://spreadsheets.google.com/spreadsheet/viewform?formkey=dDViT2xzUHAwRkI3X3k5Z0lQM091OGc6MQ&ndplr=1 diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/LICENSE b/etcd/vendor/gopkg.in/square/go-jose.v2/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/README.md b/etcd/vendor/gopkg.in/square/go-jose.v2/README.md deleted file mode 100644 index 1791bfa8f6..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/README.md +++ /dev/null @@ -1,118 +0,0 @@ -# Go JOSE - -[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/square/go-jose.v1) -[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/square/go-jose.v2) -[![license](http://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/square/go-jose/master/LICENSE) -[![build](https://travis-ci.org/square/go-jose.svg?branch=v2)](https://travis-ci.org/square/go-jose) -[![coverage](https://coveralls.io/repos/github/square/go-jose/badge.svg?branch=v2)](https://coveralls.io/r/square/go-jose) - -Package jose aims to provide an implementation of the Javascript Object Signing -and Encryption set of standards. This includes support for JSON Web Encryption, -JSON Web Signature, and JSON Web Token standards. - -**Disclaimer**: This library contains encryption software that is subject to -the U.S. Export Administration Regulations. You may not export, re-export, -transfer or download this code or any part of it in violation of any United -States law, directive or regulation. In particular this software may not be -exported or re-exported in any form or on any media to Iran, North Sudan, -Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any -US maintained blocked list. - -## Overview - -The implementation follows the -[JSON Web Encryption](http://dx.doi.org/10.17487/RFC7516) (RFC 7516), -[JSON Web Signature](http://dx.doi.org/10.17487/RFC7515) (RFC 7515), and -[JSON Web Token](http://dx.doi.org/10.17487/RFC7519) (RFC 7519). -Tables of supported algorithms are shown below. The library supports both -the compact and full serialization formats, and has optional support for -multiple recipients. It also comes with a small command-line utility -([`jose-util`](https://github.com/square/go-jose/tree/v2/jose-util)) -for dealing with JOSE messages in a shell. - -**Note**: We use a forked version of the `encoding/json` package from the Go -standard library which uses case-sensitive matching for member names (instead -of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)). -This is to avoid differences in interpretation of messages between go-jose and -libraries in other languages. - -### Versions - -We use [gopkg.in](https://gopkg.in) for versioning. - -[Version 2](https://gopkg.in/square/go-jose.v2) -([branch](https://github.com/square/go-jose/tree/v2), -[doc](https://godoc.org/gopkg.in/square/go-jose.v2)) is the current version: - - import "gopkg.in/square/go-jose.v2" - -The old `v1` branch ([go-jose.v1](https://gopkg.in/square/go-jose.v1)) will -still receive backported bug fixes and security fixes, but otherwise -development is frozen. All new feature development takes place on the `v2` -branch. Version 2 also contains additional sub-packages such as the -[jwt](https://godoc.org/gopkg.in/square/go-jose.v2/jwt) implementation -contributed by [@shaxbee](https://github.com/shaxbee). - -### Supported algorithms - -See below for a table of supported algorithms. Algorithm identifiers match -the names in the [JSON Web Algorithms](http://dx.doi.org/10.17487/RFC7518) -standard where possible. The Godoc reference has a list of constants. - - Key encryption | Algorithm identifier(s) - :------------------------- | :------------------------------ - RSA-PKCS#1v1.5 | RSA1_5 - RSA-OAEP | RSA-OAEP, RSA-OAEP-256 - AES key wrap | A128KW, A192KW, A256KW - AES-GCM key wrap | A128GCMKW, A192GCMKW, A256GCMKW - ECDH-ES + AES key wrap | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW - ECDH-ES (direct) | ECDH-ES<sup>1</sup> - Direct encryption | dir<sup>1</sup> - -<sup>1. Not supported in multi-recipient mode</sup> - - Signing / MAC | Algorithm identifier(s) - :------------------------- | :------------------------------ - RSASSA-PKCS#1v1.5 | RS256, RS384, RS512 - RSASSA-PSS | PS256, PS384, PS512 - HMAC | HS256, HS384, HS512 - ECDSA | ES256, ES384, ES512 - Ed25519 | EdDSA<sup>2</sup> - -<sup>2. Only available in version 2 of the package</sup> - - Content encryption | Algorithm identifier(s) - :------------------------- | :------------------------------ - AES-CBC+HMAC | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 - AES-GCM | A128GCM, A192GCM, A256GCM - - Compression | Algorithm identifiers(s) - :------------------------- | ------------------------------- - DEFLATE (RFC 1951) | DEF - -### Supported key types - -See below for a table of supported key types. These are understood by the -library, and can be passed to corresponding functions such as `NewEncrypter` or -`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which -allows attaching a key id. - - Algorithm(s) | Corresponding types - :------------------------- | ------------------------------- - RSA | *[rsa.PublicKey](http://golang.org/pkg/crypto/rsa/#PublicKey), *[rsa.PrivateKey](http://golang.org/pkg/crypto/rsa/#PrivateKey) - ECDH, ECDSA | *[ecdsa.PublicKey](http://golang.org/pkg/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](http://golang.org/pkg/crypto/ecdsa/#PrivateKey) - EdDSA<sup>1</sup> | [ed25519.PublicKey](https://godoc.org/golang.org/x/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://godoc.org/golang.org/x/crypto/ed25519#PrivateKey) - AES, HMAC | []byte - -<sup>1. Only available in version 2 of the package</sup> - -## Examples - -[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/square/go-jose.v1) -[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/square/go-jose.v2) - -Examples can be found in the Godoc -reference for this package. The -[`jose-util`](https://github.com/square/go-jose/tree/v2/jose-util) -subdirectory also contains a small command-line utility which might be useful -as an example. diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/asymmetric.go b/etcd/vendor/gopkg.in/square/go-jose.v2/asymmetric.go deleted file mode 100644 index 67935561bc..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/asymmetric.go +++ /dev/null @@ -1,592 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto" - "crypto/aes" - "crypto/ecdsa" - "crypto/rand" - "crypto/rsa" - "crypto/sha1" - "crypto/sha256" - "errors" - "fmt" - "math/big" - - "golang.org/x/crypto/ed25519" - "gopkg.in/square/go-jose.v2/cipher" - "gopkg.in/square/go-jose.v2/json" -) - -// A generic RSA-based encrypter/verifier -type rsaEncrypterVerifier struct { - publicKey *rsa.PublicKey -} - -// A generic RSA-based decrypter/signer -type rsaDecrypterSigner struct { - privateKey *rsa.PrivateKey -} - -// A generic EC-based encrypter/verifier -type ecEncrypterVerifier struct { - publicKey *ecdsa.PublicKey -} - -type edEncrypterVerifier struct { - publicKey ed25519.PublicKey -} - -// A key generator for ECDH-ES -type ecKeyGenerator struct { - size int - algID string - publicKey *ecdsa.PublicKey -} - -// A generic EC-based decrypter/signer -type ecDecrypterSigner struct { - privateKey *ecdsa.PrivateKey -} - -type edDecrypterSigner struct { - privateKey ed25519.PrivateKey -} - -// newRSARecipient creates recipientKeyInfo based on the given key. -func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch keyAlg { - case RSA1_5, RSA_OAEP, RSA_OAEP_256: - default: - return recipientKeyInfo{}, ErrUnsupportedAlgorithm - } - - if publicKey == nil { - return recipientKeyInfo{}, errors.New("invalid public key") - } - - return recipientKeyInfo{ - keyAlg: keyAlg, - keyEncrypter: &rsaEncrypterVerifier{ - publicKey: publicKey, - }, - }, nil -} - -// newRSASigner creates a recipientSigInfo based on the given key. -func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipientSigInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch sigAlg { - case RS256, RS384, RS512, PS256, PS384, PS512: - default: - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - if privateKey == nil { - return recipientSigInfo{}, errors.New("invalid private key") - } - - return recipientSigInfo{ - sigAlg: sigAlg, - publicKey: staticPublicKey(&JSONWebKey{ - Key: privateKey.Public(), - }), - signer: &rsaDecrypterSigner{ - privateKey: privateKey, - }, - }, nil -} - -func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) { - if sigAlg != EdDSA { - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - if privateKey == nil { - return recipientSigInfo{}, errors.New("invalid private key") - } - return recipientSigInfo{ - sigAlg: sigAlg, - publicKey: staticPublicKey(&JSONWebKey{ - Key: privateKey.Public(), - }), - signer: &edDecrypterSigner{ - privateKey: privateKey, - }, - }, nil -} - -// newECDHRecipient creates recipientKeyInfo based on the given key. -func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch keyAlg { - case ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: - default: - return recipientKeyInfo{}, ErrUnsupportedAlgorithm - } - - if publicKey == nil || !publicKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { - return recipientKeyInfo{}, errors.New("invalid public key") - } - - return recipientKeyInfo{ - keyAlg: keyAlg, - keyEncrypter: &ecEncrypterVerifier{ - publicKey: publicKey, - }, - }, nil -} - -// newECDSASigner creates a recipientSigInfo based on the given key. -func newECDSASigner(sigAlg SignatureAlgorithm, privateKey *ecdsa.PrivateKey) (recipientSigInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch sigAlg { - case ES256, ES384, ES512: - default: - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - if privateKey == nil { - return recipientSigInfo{}, errors.New("invalid private key") - } - - return recipientSigInfo{ - sigAlg: sigAlg, - publicKey: staticPublicKey(&JSONWebKey{ - Key: privateKey.Public(), - }), - signer: &ecDecrypterSigner{ - privateKey: privateKey, - }, - }, nil -} - -// Encrypt the given payload and update the object. -func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { - encryptedKey, err := ctx.encrypt(cek, alg) - if err != nil { - return recipientInfo{}, err - } - - return recipientInfo{ - encryptedKey: encryptedKey, - header: &rawHeader{}, - }, nil -} - -// Encrypt the given payload. Based on the key encryption algorithm, -// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). -func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) { - switch alg { - case RSA1_5: - return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek) - case RSA_OAEP: - return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{}) - case RSA_OAEP_256: - return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{}) - } - - return nil, ErrUnsupportedAlgorithm -} - -// Decrypt the given payload and return the content encryption key. -func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - return ctx.decrypt(recipient.encryptedKey, headers.getAlgorithm(), generator) -} - -// Decrypt the given payload. Based on the key encryption algorithm, -// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). -func (ctx rsaDecrypterSigner) decrypt(jek []byte, alg KeyAlgorithm, generator keyGenerator) ([]byte, error) { - // Note: The random reader on decrypt operations is only used for blinding, - // so stubbing is meanlingless (hence the direct use of rand.Reader). - switch alg { - case RSA1_5: - defer func() { - // DecryptPKCS1v15SessionKey sometimes panics on an invalid payload - // because of an index out of bounds error, which we want to ignore. - // This has been fixed in Go 1.3.1 (released 2014/08/13), the recover() - // only exists for preventing crashes with unpatched versions. - // See: https://groups.google.com/forum/#!topic/golang-dev/7ihX6Y6kx9k - // See: https://code.google.com/p/go/source/detail?r=58ee390ff31602edb66af41ed10901ec95904d33 - _ = recover() - }() - - // Perform some input validation. - keyBytes := ctx.privateKey.PublicKey.N.BitLen() / 8 - if keyBytes != len(jek) { - // Input size is incorrect, the encrypted payload should always match - // the size of the public modulus (e.g. using a 2048 bit key will - // produce 256 bytes of output). Reject this since it's invalid input. - return nil, ErrCryptoFailure - } - - cek, _, err := generator.genKey() - if err != nil { - return nil, ErrCryptoFailure - } - - // When decrypting an RSA-PKCS1v1.5 payload, we must take precautions to - // prevent chosen-ciphertext attacks as described in RFC 3218, "Preventing - // the Million Message Attack on Cryptographic Message Syntax". We are - // therefore deliberately ignoring errors here. - _ = rsa.DecryptPKCS1v15SessionKey(rand.Reader, ctx.privateKey, jek, cek) - - return cek, nil - case RSA_OAEP: - // Use rand.Reader for RSA blinding - return rsa.DecryptOAEP(sha1.New(), rand.Reader, ctx.privateKey, jek, []byte{}) - case RSA_OAEP_256: - // Use rand.Reader for RSA blinding - return rsa.DecryptOAEP(sha256.New(), rand.Reader, ctx.privateKey, jek, []byte{}) - } - - return nil, ErrUnsupportedAlgorithm -} - -// Sign the given payload -func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - var hash crypto.Hash - - switch alg { - case RS256, PS256: - hash = crypto.SHA256 - case RS384, PS384: - hash = crypto.SHA384 - case RS512, PS512: - hash = crypto.SHA512 - default: - return Signature{}, ErrUnsupportedAlgorithm - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - var out []byte - var err error - - switch alg { - case RS256, RS384, RS512: - out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed) - case PS256, PS384, PS512: - out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{ - SaltLength: rsa.PSSSaltLengthAuto, - }) - } - - if err != nil { - return Signature{}, err - } - - return Signature{ - Signature: out, - protected: &rawHeader{}, - }, nil -} - -// Verify the given payload -func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { - var hash crypto.Hash - - switch alg { - case RS256, PS256: - hash = crypto.SHA256 - case RS384, PS384: - hash = crypto.SHA384 - case RS512, PS512: - hash = crypto.SHA512 - default: - return ErrUnsupportedAlgorithm - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - switch alg { - case RS256, RS384, RS512: - return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature) - case PS256, PS384, PS512: - return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil) - } - - return ErrUnsupportedAlgorithm -} - -// Encrypt the given payload and update the object. -func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { - switch alg { - case ECDH_ES: - // ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key. - return recipientInfo{ - header: &rawHeader{}, - }, nil - case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: - default: - return recipientInfo{}, ErrUnsupportedAlgorithm - } - - generator := ecKeyGenerator{ - algID: string(alg), - publicKey: ctx.publicKey, - } - - switch alg { - case ECDH_ES_A128KW: - generator.size = 16 - case ECDH_ES_A192KW: - generator.size = 24 - case ECDH_ES_A256KW: - generator.size = 32 - } - - kek, header, err := generator.genKey() - if err != nil { - return recipientInfo{}, err - } - - block, err := aes.NewCipher(kek) - if err != nil { - return recipientInfo{}, err - } - - jek, err := josecipher.KeyWrap(block, cek) - if err != nil { - return recipientInfo{}, err - } - - return recipientInfo{ - encryptedKey: jek, - header: &header, - }, nil -} - -// Get key size for EC key generator -func (ctx ecKeyGenerator) keySize() int { - return ctx.size -} - -// Get a content encryption key for ECDH-ES -func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) { - priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader) - if err != nil { - return nil, rawHeader{}, err - } - - out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size) - - b, err := json.Marshal(&JSONWebKey{ - Key: &priv.PublicKey, - }) - if err != nil { - return nil, nil, err - } - - headers := rawHeader{ - headerEPK: makeRawMessage(b), - } - - return out, headers, nil -} - -// Decrypt the given payload and return the content encryption key. -func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - epk, err := headers.getEPK() - if err != nil { - return nil, errors.New("square/go-jose: invalid epk header") - } - if epk == nil { - return nil, errors.New("square/go-jose: missing epk header") - } - - publicKey, ok := epk.Key.(*ecdsa.PublicKey) - if publicKey == nil || !ok { - return nil, errors.New("square/go-jose: invalid epk header") - } - - if !ctx.privateKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { - return nil, errors.New("square/go-jose: invalid public key in epk header") - } - - apuData, err := headers.getAPU() - if err != nil { - return nil, errors.New("square/go-jose: invalid apu header") - } - apvData, err := headers.getAPV() - if err != nil { - return nil, errors.New("square/go-jose: invalid apv header") - } - - deriveKey := func(algID string, size int) []byte { - return josecipher.DeriveECDHES(algID, apuData.bytes(), apvData.bytes(), ctx.privateKey, publicKey, size) - } - - var keySize int - - algorithm := headers.getAlgorithm() - switch algorithm { - case ECDH_ES: - // ECDH-ES uses direct key agreement, no key unwrapping necessary. - return deriveKey(string(headers.getEncryption()), generator.keySize()), nil - case ECDH_ES_A128KW: - keySize = 16 - case ECDH_ES_A192KW: - keySize = 24 - case ECDH_ES_A256KW: - keySize = 32 - default: - return nil, ErrUnsupportedAlgorithm - } - - key := deriveKey(string(algorithm), keySize) - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - - return josecipher.KeyUnwrap(block, recipient.encryptedKey) -} - -func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - if alg != EdDSA { - return Signature{}, ErrUnsupportedAlgorithm - } - - sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0)) - if err != nil { - return Signature{}, err - } - - return Signature{ - Signature: sig, - protected: &rawHeader{}, - }, nil -} - -func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { - if alg != EdDSA { - return ErrUnsupportedAlgorithm - } - ok := ed25519.Verify(ctx.publicKey, payload, signature) - if !ok { - return errors.New("square/go-jose: ed25519 signature failed to verify") - } - return nil -} - -// Sign the given payload -func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - var expectedBitSize int - var hash crypto.Hash - - switch alg { - case ES256: - expectedBitSize = 256 - hash = crypto.SHA256 - case ES384: - expectedBitSize = 384 - hash = crypto.SHA384 - case ES512: - expectedBitSize = 521 - hash = crypto.SHA512 - } - - curveBits := ctx.privateKey.Curve.Params().BitSize - if expectedBitSize != curveBits { - return Signature{}, fmt.Errorf("square/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits) - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed) - if err != nil { - return Signature{}, err - } - - keyBytes := curveBits / 8 - if curveBits%8 > 0 { - keyBytes++ - } - - // We serialize the outputs (r and s) into big-endian byte arrays and pad - // them with zeros on the left to make sure the sizes work out. Both arrays - // must be keyBytes long, and the output must be 2*keyBytes long. - rBytes := r.Bytes() - rBytesPadded := make([]byte, keyBytes) - copy(rBytesPadded[keyBytes-len(rBytes):], rBytes) - - sBytes := s.Bytes() - sBytesPadded := make([]byte, keyBytes) - copy(sBytesPadded[keyBytes-len(sBytes):], sBytes) - - out := append(rBytesPadded, sBytesPadded...) - - return Signature{ - Signature: out, - protected: &rawHeader{}, - }, nil -} - -// Verify the given payload -func (ctx ecEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { - var keySize int - var hash crypto.Hash - - switch alg { - case ES256: - keySize = 32 - hash = crypto.SHA256 - case ES384: - keySize = 48 - hash = crypto.SHA384 - case ES512: - keySize = 66 - hash = crypto.SHA512 - default: - return ErrUnsupportedAlgorithm - } - - if len(signature) != 2*keySize { - return fmt.Errorf("square/go-jose: invalid signature size, have %d bytes, wanted %d", len(signature), 2*keySize) - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - r := big.NewInt(0).SetBytes(signature[:keySize]) - s := big.NewInt(0).SetBytes(signature[keySize:]) - - match := ecdsa.Verify(ctx.publicKey, hashed, r, s) - if !match { - return errors.New("square/go-jose: ecdsa signature failed to verify") - } - - return nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/cbc_hmac.go b/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/cbc_hmac.go deleted file mode 100644 index 126b85ce25..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/cbc_hmac.go +++ /dev/null @@ -1,196 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "bytes" - "crypto/cipher" - "crypto/hmac" - "crypto/sha256" - "crypto/sha512" - "crypto/subtle" - "encoding/binary" - "errors" - "hash" -) - -const ( - nonceBytes = 16 -) - -// NewCBCHMAC instantiates a new AEAD based on CBC+HMAC. -func NewCBCHMAC(key []byte, newBlockCipher func([]byte) (cipher.Block, error)) (cipher.AEAD, error) { - keySize := len(key) / 2 - integrityKey := key[:keySize] - encryptionKey := key[keySize:] - - blockCipher, err := newBlockCipher(encryptionKey) - if err != nil { - return nil, err - } - - var hash func() hash.Hash - switch keySize { - case 16: - hash = sha256.New - case 24: - hash = sha512.New384 - case 32: - hash = sha512.New - } - - return &cbcAEAD{ - hash: hash, - blockCipher: blockCipher, - authtagBytes: keySize, - integrityKey: integrityKey, - }, nil -} - -// An AEAD based on CBC+HMAC -type cbcAEAD struct { - hash func() hash.Hash - authtagBytes int - integrityKey []byte - blockCipher cipher.Block -} - -func (ctx *cbcAEAD) NonceSize() int { - return nonceBytes -} - -func (ctx *cbcAEAD) Overhead() int { - // Maximum overhead is block size (for padding) plus auth tag length, where - // the length of the auth tag is equivalent to the key size. - return ctx.blockCipher.BlockSize() + ctx.authtagBytes -} - -// Seal encrypts and authenticates the plaintext. -func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte { - // Output buffer -- must take care not to mangle plaintext input. - ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)] - copy(ciphertext, plaintext) - ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize()) - - cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce) - - cbc.CryptBlocks(ciphertext, ciphertext) - authtag := ctx.computeAuthTag(data, nonce, ciphertext) - - ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag))) - copy(out, ciphertext) - copy(out[len(ciphertext):], authtag) - - return ret -} - -// Open decrypts and authenticates the ciphertext. -func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - if len(ciphertext) < ctx.authtagBytes { - return nil, errors.New("square/go-jose: invalid ciphertext (too short)") - } - - offset := len(ciphertext) - ctx.authtagBytes - expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset]) - match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:]) - if match != 1 { - return nil, errors.New("square/go-jose: invalid ciphertext (auth tag mismatch)") - } - - cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce) - - // Make copy of ciphertext buffer, don't want to modify in place - buffer := append([]byte{}, []byte(ciphertext[:offset])...) - - if len(buffer)%ctx.blockCipher.BlockSize() > 0 { - return nil, errors.New("square/go-jose: invalid ciphertext (invalid length)") - } - - cbc.CryptBlocks(buffer, buffer) - - // Remove padding - plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize()) - if err != nil { - return nil, err - } - - ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext))) - copy(out, plaintext) - - return ret, nil -} - -// Compute an authentication tag -func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte { - buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8) - n := 0 - n += copy(buffer, aad) - n += copy(buffer[n:], nonce) - n += copy(buffer[n:], ciphertext) - binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8) - - // According to documentation, Write() on hash.Hash never fails. - hmac := hmac.New(ctx.hash, ctx.integrityKey) - _, _ = hmac.Write(buffer) - - return hmac.Sum(nil)[:ctx.authtagBytes] -} - -// resize ensures the the given slice has a capacity of at least n bytes. -// If the capacity of the slice is less than n, a new slice is allocated -// and the existing data will be copied. -func resize(in []byte, n uint64) (head, tail []byte) { - if uint64(cap(in)) >= n { - head = in[:n] - } else { - head = make([]byte, n) - copy(head, in) - } - - tail = head[len(in):] - return -} - -// Apply padding -func padBuffer(buffer []byte, blockSize int) []byte { - missing := blockSize - (len(buffer) % blockSize) - ret, out := resize(buffer, uint64(len(buffer))+uint64(missing)) - padding := bytes.Repeat([]byte{byte(missing)}, missing) - copy(out, padding) - return ret -} - -// Remove padding -func unpadBuffer(buffer []byte, blockSize int) ([]byte, error) { - if len(buffer)%blockSize != 0 { - return nil, errors.New("square/go-jose: invalid padding") - } - - last := buffer[len(buffer)-1] - count := int(last) - - if count == 0 || count > blockSize || count > len(buffer) { - return nil, errors.New("square/go-jose: invalid padding") - } - - padding := bytes.Repeat([]byte{last}, count) - if !bytes.HasSuffix(buffer, padding) { - return nil, errors.New("square/go-jose: invalid padding") - } - - return buffer[:len(buffer)-count], nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/concat_kdf.go b/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/concat_kdf.go deleted file mode 100644 index f62c3bdba5..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/concat_kdf.go +++ /dev/null @@ -1,75 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "crypto" - "encoding/binary" - "hash" - "io" -) - -type concatKDF struct { - z, info []byte - i uint32 - cache []byte - hasher hash.Hash -} - -// NewConcatKDF builds a KDF reader based on the given inputs. -func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader { - buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo))) - n := 0 - n += copy(buffer, algID) - n += copy(buffer[n:], ptyUInfo) - n += copy(buffer[n:], ptyVInfo) - n += copy(buffer[n:], supPubInfo) - copy(buffer[n:], supPrivInfo) - - hasher := hash.New() - - return &concatKDF{ - z: z, - info: buffer, - hasher: hasher, - cache: []byte{}, - i: 1, - } -} - -func (ctx *concatKDF) Read(out []byte) (int, error) { - copied := copy(out, ctx.cache) - ctx.cache = ctx.cache[copied:] - - for copied < len(out) { - ctx.hasher.Reset() - - // Write on a hash.Hash never fails - _ = binary.Write(ctx.hasher, binary.BigEndian, ctx.i) - _, _ = ctx.hasher.Write(ctx.z) - _, _ = ctx.hasher.Write(ctx.info) - - hash := ctx.hasher.Sum(nil) - chunkCopied := copy(out[copied:], hash) - copied += chunkCopied - ctx.cache = hash[chunkCopied:] - - ctx.i++ - } - - return copied, nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go b/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go deleted file mode 100644 index c128e327f3..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go +++ /dev/null @@ -1,62 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "crypto" - "crypto/ecdsa" - "encoding/binary" -) - -// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA. -// It is an error to call this function with a private/public key that are not on the same -// curve. Callers must ensure that the keys are valid before calling this function. Output -// size may be at most 1<<16 bytes (64 KiB). -func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte { - if size > 1<<16 { - panic("ECDH-ES output size too large, must be less than or equal to 1<<16") - } - - // algId, partyUInfo, partyVInfo inputs must be prefixed with the length - algID := lengthPrefixed([]byte(alg)) - ptyUInfo := lengthPrefixed(apuData) - ptyVInfo := lengthPrefixed(apvData) - - // suppPubInfo is the encoded length of the output size in bits - supPubInfo := make([]byte, 4) - binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8) - - if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) { - panic("public key not on same curve as private key") - } - - z, _ := priv.PublicKey.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes()) - reader := NewConcatKDF(crypto.SHA256, z.Bytes(), algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{}) - - key := make([]byte, size) - - // Read on the KDF will never fail - _, _ = reader.Read(key) - return key -} - -func lengthPrefixed(data []byte) []byte { - out := make([]byte, len(data)+4) - binary.BigEndian.PutUint32(out, uint32(len(data))) - copy(out[4:], data) - return out -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/key_wrap.go b/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/key_wrap.go deleted file mode 100644 index 1d36d50151..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/cipher/key_wrap.go +++ /dev/null @@ -1,109 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "crypto/cipher" - "crypto/subtle" - "encoding/binary" - "errors" -) - -var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6} - -// KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher. -func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) { - if len(cek)%8 != 0 { - return nil, errors.New("square/go-jose: key wrap input must be 8 byte blocks") - } - - n := len(cek) / 8 - r := make([][]byte, n) - - for i := range r { - r[i] = make([]byte, 8) - copy(r[i], cek[i*8:]) - } - - buffer := make([]byte, 16) - tBytes := make([]byte, 8) - copy(buffer, defaultIV) - - for t := 0; t < 6*n; t++ { - copy(buffer[8:], r[t%n]) - - block.Encrypt(buffer, buffer) - - binary.BigEndian.PutUint64(tBytes, uint64(t+1)) - - for i := 0; i < 8; i++ { - buffer[i] = buffer[i] ^ tBytes[i] - } - copy(r[t%n], buffer[8:]) - } - - out := make([]byte, (n+1)*8) - copy(out, buffer[:8]) - for i := range r { - copy(out[(i+1)*8:], r[i]) - } - - return out, nil -} - -// KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher. -func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) { - if len(ciphertext)%8 != 0 { - return nil, errors.New("square/go-jose: key wrap input must be 8 byte blocks") - } - - n := (len(ciphertext) / 8) - 1 - r := make([][]byte, n) - - for i := range r { - r[i] = make([]byte, 8) - copy(r[i], ciphertext[(i+1)*8:]) - } - - buffer := make([]byte, 16) - tBytes := make([]byte, 8) - copy(buffer[:8], ciphertext[:8]) - - for t := 6*n - 1; t >= 0; t-- { - binary.BigEndian.PutUint64(tBytes, uint64(t+1)) - - for i := 0; i < 8; i++ { - buffer[i] = buffer[i] ^ tBytes[i] - } - copy(buffer[8:], r[t%n]) - - block.Decrypt(buffer, buffer) - - copy(r[t%n], buffer[8:]) - } - - if subtle.ConstantTimeCompare(buffer[:8], defaultIV) == 0 { - return nil, errors.New("square/go-jose: failed to unwrap key") - } - - out := make([]byte, n*8) - for i := range r { - copy(out[i*8:], r[i]) - } - - return out, nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/crypter.go b/etcd/vendor/gopkg.in/square/go-jose.v2/crypter.go deleted file mode 100644 index c45c71206b..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/crypter.go +++ /dev/null @@ -1,535 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto/ecdsa" - "crypto/rsa" - "errors" - "fmt" - "reflect" - - "gopkg.in/square/go-jose.v2/json" -) - -// Encrypter represents an encrypter which produces an encrypted JWE object. -type Encrypter interface { - Encrypt(plaintext []byte) (*JSONWebEncryption, error) - EncryptWithAuthData(plaintext []byte, aad []byte) (*JSONWebEncryption, error) - Options() EncrypterOptions -} - -// A generic content cipher -type contentCipher interface { - keySize() int - encrypt(cek []byte, aad, plaintext []byte) (*aeadParts, error) - decrypt(cek []byte, aad []byte, parts *aeadParts) ([]byte, error) -} - -// A key generator (for generating/getting a CEK) -type keyGenerator interface { - keySize() int - genKey() ([]byte, rawHeader, error) -} - -// A generic key encrypter -type keyEncrypter interface { - encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) // Encrypt a key -} - -// A generic key decrypter -type keyDecrypter interface { - decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key -} - -// A generic encrypter based on the given key encrypter and content cipher. -type genericEncrypter struct { - contentAlg ContentEncryption - compressionAlg CompressionAlgorithm - cipher contentCipher - recipients []recipientKeyInfo - keyGenerator keyGenerator - extraHeaders map[HeaderKey]interface{} -} - -type recipientKeyInfo struct { - keyID string - keyAlg KeyAlgorithm - keyEncrypter keyEncrypter -} - -// EncrypterOptions represents options that can be set on new encrypters. -type EncrypterOptions struct { - Compression CompressionAlgorithm - - // Optional map of additional keys to be inserted into the protected header - // of a JWS object. Some specifications which make use of JWS like to insert - // additional values here. All values must be JSON-serializable. - ExtraHeaders map[HeaderKey]interface{} -} - -// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it -// if necessary. It returns itself and so can be used in a fluent style. -func (eo *EncrypterOptions) WithHeader(k HeaderKey, v interface{}) *EncrypterOptions { - if eo.ExtraHeaders == nil { - eo.ExtraHeaders = map[HeaderKey]interface{}{} - } - eo.ExtraHeaders[k] = v - return eo -} - -// WithContentType adds a content type ("cty") header and returns the updated -// EncrypterOptions. -func (eo *EncrypterOptions) WithContentType(contentType ContentType) *EncrypterOptions { - return eo.WithHeader(HeaderContentType, contentType) -} - -// WithType adds a type ("typ") header and returns the updated EncrypterOptions. -func (eo *EncrypterOptions) WithType(typ ContentType) *EncrypterOptions { - return eo.WithHeader(HeaderType, typ) -} - -// Recipient represents an algorithm/key to encrypt messages to. -// -// PBES2Count and PBES2Salt correspond with the "p2c" and "p2s" headers used -// on the password-based encryption algorithms PBES2-HS256+A128KW, -// PBES2-HS384+A192KW, and PBES2-HS512+A256KW. If they are not provided a safe -// default of 100000 will be used for the count and a 128-bit random salt will -// be generated. -type Recipient struct { - Algorithm KeyAlgorithm - Key interface{} - KeyID string - PBES2Count int - PBES2Salt []byte -} - -// NewEncrypter creates an appropriate encrypter based on the key type -func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions) (Encrypter, error) { - encrypter := &genericEncrypter{ - contentAlg: enc, - recipients: []recipientKeyInfo{}, - cipher: getContentCipher(enc), - } - if opts != nil { - encrypter.compressionAlg = opts.Compression - encrypter.extraHeaders = opts.ExtraHeaders - } - - if encrypter.cipher == nil { - return nil, ErrUnsupportedAlgorithm - } - - var keyID string - var rawKey interface{} - switch encryptionKey := rcpt.Key.(type) { - case JSONWebKey: - keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key - case *JSONWebKey: - keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key - default: - rawKey = encryptionKey - } - - switch rcpt.Algorithm { - case DIRECT: - // Direct encryption mode must be treated differently - if reflect.TypeOf(rawKey) != reflect.TypeOf([]byte{}) { - return nil, ErrUnsupportedKeyType - } - if encrypter.cipher.keySize() != len(rawKey.([]byte)) { - return nil, ErrInvalidKeySize - } - encrypter.keyGenerator = staticKeyGenerator{ - key: rawKey.([]byte), - } - recipientInfo, _ := newSymmetricRecipient(rcpt.Algorithm, rawKey.([]byte)) - recipientInfo.keyID = keyID - if rcpt.KeyID != "" { - recipientInfo.keyID = rcpt.KeyID - } - encrypter.recipients = []recipientKeyInfo{recipientInfo} - return encrypter, nil - case ECDH_ES: - // ECDH-ES (w/o key wrapping) is similar to DIRECT mode - typeOf := reflect.TypeOf(rawKey) - if typeOf != reflect.TypeOf(&ecdsa.PublicKey{}) { - return nil, ErrUnsupportedKeyType - } - encrypter.keyGenerator = ecKeyGenerator{ - size: encrypter.cipher.keySize(), - algID: string(enc), - publicKey: rawKey.(*ecdsa.PublicKey), - } - recipientInfo, _ := newECDHRecipient(rcpt.Algorithm, rawKey.(*ecdsa.PublicKey)) - recipientInfo.keyID = keyID - if rcpt.KeyID != "" { - recipientInfo.keyID = rcpt.KeyID - } - encrypter.recipients = []recipientKeyInfo{recipientInfo} - return encrypter, nil - default: - // Can just add a standard recipient - encrypter.keyGenerator = randomKeyGenerator{ - size: encrypter.cipher.keySize(), - } - err := encrypter.addRecipient(rcpt) - return encrypter, err - } -} - -// NewMultiEncrypter creates a multi-encrypter based on the given parameters -func NewMultiEncrypter(enc ContentEncryption, rcpts []Recipient, opts *EncrypterOptions) (Encrypter, error) { - cipher := getContentCipher(enc) - - if cipher == nil { - return nil, ErrUnsupportedAlgorithm - } - if rcpts == nil || len(rcpts) == 0 { - return nil, fmt.Errorf("square/go-jose: recipients is nil or empty") - } - - encrypter := &genericEncrypter{ - contentAlg: enc, - recipients: []recipientKeyInfo{}, - cipher: cipher, - keyGenerator: randomKeyGenerator{ - size: cipher.keySize(), - }, - } - - if opts != nil { - encrypter.compressionAlg = opts.Compression - } - - for _, recipient := range rcpts { - err := encrypter.addRecipient(recipient) - if err != nil { - return nil, err - } - } - - return encrypter, nil -} - -func (ctx *genericEncrypter) addRecipient(recipient Recipient) (err error) { - var recipientInfo recipientKeyInfo - - switch recipient.Algorithm { - case DIRECT, ECDH_ES: - return fmt.Errorf("square/go-jose: key algorithm '%s' not supported in multi-recipient mode", recipient.Algorithm) - } - - recipientInfo, err = makeJWERecipient(recipient.Algorithm, recipient.Key) - if recipient.KeyID != "" { - recipientInfo.keyID = recipient.KeyID - } - - switch recipient.Algorithm { - case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW: - if sr, ok := recipientInfo.keyEncrypter.(*symmetricKeyCipher); ok { - sr.p2c = recipient.PBES2Count - sr.p2s = recipient.PBES2Salt - } - } - - if err == nil { - ctx.recipients = append(ctx.recipients, recipientInfo) - } - return err -} - -func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKeyInfo, error) { - switch encryptionKey := encryptionKey.(type) { - case *rsa.PublicKey: - return newRSARecipient(alg, encryptionKey) - case *ecdsa.PublicKey: - return newECDHRecipient(alg, encryptionKey) - case []byte: - return newSymmetricRecipient(alg, encryptionKey) - case string: - return newSymmetricRecipient(alg, []byte(encryptionKey)) - case *JSONWebKey: - recipient, err := makeJWERecipient(alg, encryptionKey.Key) - recipient.keyID = encryptionKey.KeyID - return recipient, err - default: - return recipientKeyInfo{}, ErrUnsupportedKeyType - } -} - -// newDecrypter creates an appropriate decrypter based on the key type -func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) { - switch decryptionKey := decryptionKey.(type) { - case *rsa.PrivateKey: - return &rsaDecrypterSigner{ - privateKey: decryptionKey, - }, nil - case *ecdsa.PrivateKey: - return &ecDecrypterSigner{ - privateKey: decryptionKey, - }, nil - case []byte: - return &symmetricKeyCipher{ - key: decryptionKey, - }, nil - case string: - return &symmetricKeyCipher{ - key: []byte(decryptionKey), - }, nil - case JSONWebKey: - return newDecrypter(decryptionKey.Key) - case *JSONWebKey: - return newDecrypter(decryptionKey.Key) - default: - return nil, ErrUnsupportedKeyType - } -} - -// Implementation of encrypt method producing a JWE object. -func (ctx *genericEncrypter) Encrypt(plaintext []byte) (*JSONWebEncryption, error) { - return ctx.EncryptWithAuthData(plaintext, nil) -} - -// Implementation of encrypt method producing a JWE object. -func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JSONWebEncryption, error) { - obj := &JSONWebEncryption{} - obj.aad = aad - - obj.protected = &rawHeader{} - err := obj.protected.set(headerEncryption, ctx.contentAlg) - if err != nil { - return nil, err - } - - obj.recipients = make([]recipientInfo, len(ctx.recipients)) - - if len(ctx.recipients) == 0 { - return nil, fmt.Errorf("square/go-jose: no recipients to encrypt to") - } - - cek, headers, err := ctx.keyGenerator.genKey() - if err != nil { - return nil, err - } - - obj.protected.merge(&headers) - - for i, info := range ctx.recipients { - recipient, err := info.keyEncrypter.encryptKey(cek, info.keyAlg) - if err != nil { - return nil, err - } - - err = recipient.header.set(headerAlgorithm, info.keyAlg) - if err != nil { - return nil, err - } - - if info.keyID != "" { - err = recipient.header.set(headerKeyID, info.keyID) - if err != nil { - return nil, err - } - } - obj.recipients[i] = recipient - } - - if len(ctx.recipients) == 1 { - // Move per-recipient headers into main protected header if there's - // only a single recipient. - obj.protected.merge(obj.recipients[0].header) - obj.recipients[0].header = nil - } - - if ctx.compressionAlg != NONE { - plaintext, err = compress(ctx.compressionAlg, plaintext) - if err != nil { - return nil, err - } - - err = obj.protected.set(headerCompression, ctx.compressionAlg) - if err != nil { - return nil, err - } - } - - for k, v := range ctx.extraHeaders { - b, err := json.Marshal(v) - if err != nil { - return nil, err - } - (*obj.protected)[k] = makeRawMessage(b) - } - - authData := obj.computeAuthData() - parts, err := ctx.cipher.encrypt(cek, authData, plaintext) - if err != nil { - return nil, err - } - - obj.iv = parts.iv - obj.ciphertext = parts.ciphertext - obj.tag = parts.tag - - return obj, nil -} - -func (ctx *genericEncrypter) Options() EncrypterOptions { - return EncrypterOptions{ - Compression: ctx.compressionAlg, - ExtraHeaders: ctx.extraHeaders, - } -} - -// Decrypt and validate the object and return the plaintext. Note that this -// function does not support multi-recipient, if you desire multi-recipient -// decryption use DecryptMulti instead. -func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) { - headers := obj.mergedHeaders(nil) - - if len(obj.recipients) > 1 { - return nil, errors.New("square/go-jose: too many recipients in payload; expecting only one") - } - - critical, err := headers.getCritical() - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid crit header") - } - - if len(critical) > 0 { - return nil, fmt.Errorf("square/go-jose: unsupported crit header") - } - - decrypter, err := newDecrypter(decryptionKey) - if err != nil { - return nil, err - } - - cipher := getContentCipher(headers.getEncryption()) - if cipher == nil { - return nil, fmt.Errorf("square/go-jose: unsupported enc value '%s'", string(headers.getEncryption())) - } - - generator := randomKeyGenerator{ - size: cipher.keySize(), - } - - parts := &aeadParts{ - iv: obj.iv, - ciphertext: obj.ciphertext, - tag: obj.tag, - } - - authData := obj.computeAuthData() - - var plaintext []byte - recipient := obj.recipients[0] - recipientHeaders := obj.mergedHeaders(&recipient) - - cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) - if err == nil { - // Found a valid CEK -- let's try to decrypt. - plaintext, err = cipher.decrypt(cek, authData, parts) - } - - if plaintext == nil { - return nil, ErrCryptoFailure - } - - // The "zip" header parameter may only be present in the protected header. - if comp := obj.protected.getCompression(); comp != "" { - plaintext, err = decompress(comp, plaintext) - } - - return plaintext, err -} - -// DecryptMulti decrypts and validates the object and returns the plaintexts, -// with support for multiple recipients. It returns the index of the recipient -// for which the decryption was successful, the merged headers for that recipient, -// and the plaintext. -func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) { - globalHeaders := obj.mergedHeaders(nil) - - critical, err := globalHeaders.getCritical() - if err != nil { - return -1, Header{}, nil, fmt.Errorf("square/go-jose: invalid crit header") - } - - if len(critical) > 0 { - return -1, Header{}, nil, fmt.Errorf("square/go-jose: unsupported crit header") - } - - decrypter, err := newDecrypter(decryptionKey) - if err != nil { - return -1, Header{}, nil, err - } - - encryption := globalHeaders.getEncryption() - cipher := getContentCipher(encryption) - if cipher == nil { - return -1, Header{}, nil, fmt.Errorf("square/go-jose: unsupported enc value '%s'", string(encryption)) - } - - generator := randomKeyGenerator{ - size: cipher.keySize(), - } - - parts := &aeadParts{ - iv: obj.iv, - ciphertext: obj.ciphertext, - tag: obj.tag, - } - - authData := obj.computeAuthData() - - index := -1 - var plaintext []byte - var headers rawHeader - - for i, recipient := range obj.recipients { - recipientHeaders := obj.mergedHeaders(&recipient) - - cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) - if err == nil { - // Found a valid CEK -- let's try to decrypt. - plaintext, err = cipher.decrypt(cek, authData, parts) - if err == nil { - index = i - headers = recipientHeaders - break - } - } - } - - if plaintext == nil || err != nil { - return -1, Header{}, nil, ErrCryptoFailure - } - - // The "zip" header parameter may only be present in the protected header. - if comp := obj.protected.getCompression(); comp != "" { - plaintext, err = decompress(comp, plaintext) - } - - sanitized, err := headers.sanitized() - if err != nil { - return -1, Header{}, nil, fmt.Errorf("square/go-jose: failed to sanitize header: %v", err) - } - - return index, sanitized, plaintext, err -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/doc.go b/etcd/vendor/gopkg.in/square/go-jose.v2/doc.go deleted file mode 100644 index dd1387f3f0..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/doc.go +++ /dev/null @@ -1,27 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - -Package jose aims to provide an implementation of the Javascript Object Signing -and Encryption set of standards. It implements encryption and signing based on -the JSON Web Encryption and JSON Web Signature standards, with optional JSON -Web Token support available in a sub-package. The library supports both the -compact and full serialization formats, and has optional support for multiple -recipients. - -*/ -package jose diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/encoding.go b/etcd/vendor/gopkg.in/square/go-jose.v2/encoding.go deleted file mode 100644 index b9687c647d..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/encoding.go +++ /dev/null @@ -1,179 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "bytes" - "compress/flate" - "encoding/base64" - "encoding/binary" - "io" - "math/big" - "regexp" - - "gopkg.in/square/go-jose.v2/json" -) - -var stripWhitespaceRegex = regexp.MustCompile("\\s") - -// Helper function to serialize known-good objects. -// Precondition: value is not a nil pointer. -func mustSerializeJSON(value interface{}) []byte { - out, err := json.Marshal(value) - if err != nil { - panic(err) - } - // We never want to serialize the top-level value "null," since it's not a - // valid JOSE message. But if a caller passes in a nil pointer to this method, - // MarshalJSON will happily serialize it as the top-level value "null". If - // that value is then embedded in another operation, for instance by being - // base64-encoded and fed as input to a signing algorithm - // (https://github.com/square/go-jose/issues/22), the result will be - // incorrect. Because this method is intended for known-good objects, and a nil - // pointer is not a known-good object, we are free to panic in this case. - // Note: It's not possible to directly check whether the data pointed at by an - // interface is a nil pointer, so we do this hacky workaround. - // https://groups.google.com/forum/#!topic/golang-nuts/wnH302gBa4I - if string(out) == "null" { - panic("Tried to serialize a nil pointer.") - } - return out -} - -// Strip all newlines and whitespace -func stripWhitespace(data string) string { - return stripWhitespaceRegex.ReplaceAllString(data, "") -} - -// Perform compression based on algorithm -func compress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { - switch algorithm { - case DEFLATE: - return deflate(input) - default: - return nil, ErrUnsupportedAlgorithm - } -} - -// Perform decompression based on algorithm -func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { - switch algorithm { - case DEFLATE: - return inflate(input) - default: - return nil, ErrUnsupportedAlgorithm - } -} - -// Compress with DEFLATE -func deflate(input []byte) ([]byte, error) { - output := new(bytes.Buffer) - - // Writing to byte buffer, err is always nil - writer, _ := flate.NewWriter(output, 1) - _, _ = io.Copy(writer, bytes.NewBuffer(input)) - - err := writer.Close() - return output.Bytes(), err -} - -// Decompress with DEFLATE -func inflate(input []byte) ([]byte, error) { - output := new(bytes.Buffer) - reader := flate.NewReader(bytes.NewBuffer(input)) - - _, err := io.Copy(output, reader) - if err != nil { - return nil, err - } - - err = reader.Close() - return output.Bytes(), err -} - -// byteBuffer represents a slice of bytes that can be serialized to url-safe base64. -type byteBuffer struct { - data []byte -} - -func newBuffer(data []byte) *byteBuffer { - if data == nil { - return nil - } - return &byteBuffer{ - data: data, - } -} - -func newFixedSizeBuffer(data []byte, length int) *byteBuffer { - if len(data) > length { - panic("square/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)") - } - pad := make([]byte, length-len(data)) - return newBuffer(append(pad, data...)) -} - -func newBufferFromInt(num uint64) *byteBuffer { - data := make([]byte, 8) - binary.BigEndian.PutUint64(data, num) - return newBuffer(bytes.TrimLeft(data, "\x00")) -} - -func (b *byteBuffer) MarshalJSON() ([]byte, error) { - return json.Marshal(b.base64()) -} - -func (b *byteBuffer) UnmarshalJSON(data []byte) error { - var encoded string - err := json.Unmarshal(data, &encoded) - if err != nil { - return err - } - - if encoded == "" { - return nil - } - - decoded, err := base64.RawURLEncoding.DecodeString(encoded) - if err != nil { - return err - } - - *b = *newBuffer(decoded) - - return nil -} - -func (b *byteBuffer) base64() string { - return base64.RawURLEncoding.EncodeToString(b.data) -} - -func (b *byteBuffer) bytes() []byte { - // Handling nil here allows us to transparently handle nil slices when serializing. - if b == nil { - return nil - } - return b.data -} - -func (b byteBuffer) bigInt() *big.Int { - return new(big.Int).SetBytes(b.data) -} - -func (b byteBuffer) toInt() int { - return int(b.bigInt().Int64()) -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/LICENSE b/etcd/vendor/gopkg.in/square/go-jose.v2/json/LICENSE deleted file mode 100644 index 7448756763..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/README.md b/etcd/vendor/gopkg.in/square/go-jose.v2/json/README.md deleted file mode 100644 index 86de5e5581..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Safe JSON - -This repository contains a fork of the `encoding/json` package from Go 1.6. - -The following changes were made: - -* Object deserialization uses case-sensitive member name matching instead of - [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html). - This is to avoid differences in the interpretation of JOSE messages between - go-jose and libraries written in other languages. -* When deserializing a JSON object, we check for duplicate keys and reject the - input whenever we detect a duplicate. Rather than trying to work with malformed - data, we prefer to reject it right away. diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/decode.go b/etcd/vendor/gopkg.in/square/go-jose.v2/json/decode.go deleted file mode 100644 index 37457e5a83..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/decode.go +++ /dev/null @@ -1,1183 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Represents JSON data structure using native Go types: booleans, floats, -// strings, arrays, and maps. - -package json - -import ( - "bytes" - "encoding" - "encoding/base64" - "errors" - "fmt" - "reflect" - "runtime" - "strconv" - "unicode" - "unicode/utf16" - "unicode/utf8" -) - -// Unmarshal parses the JSON-encoded data and stores the result -// in the value pointed to by v. -// -// Unmarshal uses the inverse of the encodings that -// Marshal uses, allocating maps, slices, and pointers as necessary, -// with the following additional rules: -// -// To unmarshal JSON into a pointer, Unmarshal first handles the case of -// the JSON being the JSON literal null. In that case, Unmarshal sets -// the pointer to nil. Otherwise, Unmarshal unmarshals the JSON into -// the value pointed at by the pointer. If the pointer is nil, Unmarshal -// allocates a new value for it to point to. -// -// To unmarshal JSON into a struct, Unmarshal matches incoming object -// keys to the keys used by Marshal (either the struct field name or its tag), -// preferring an exact match but also accepting a case-insensitive match. -// Unmarshal will only set exported fields of the struct. -// -// To unmarshal JSON into an interface value, -// Unmarshal stores one of these in the interface value: -// -// bool, for JSON booleans -// float64, for JSON numbers -// string, for JSON strings -// []interface{}, for JSON arrays -// map[string]interface{}, for JSON objects -// nil for JSON null -// -// To unmarshal a JSON array into a slice, Unmarshal resets the slice length -// to zero and then appends each element to the slice. -// As a special case, to unmarshal an empty JSON array into a slice, -// Unmarshal replaces the slice with a new empty slice. -// -// To unmarshal a JSON array into a Go array, Unmarshal decodes -// JSON array elements into corresponding Go array elements. -// If the Go array is smaller than the JSON array, -// the additional JSON array elements are discarded. -// If the JSON array is smaller than the Go array, -// the additional Go array elements are set to zero values. -// -// To unmarshal a JSON object into a string-keyed map, Unmarshal first -// establishes a map to use, If the map is nil, Unmarshal allocates a new map. -// Otherwise Unmarshal reuses the existing map, keeping existing entries. -// Unmarshal then stores key-value pairs from the JSON object into the map. -// -// If a JSON value is not appropriate for a given target type, -// or if a JSON number overflows the target type, Unmarshal -// skips that field and completes the unmarshaling as best it can. -// If no more serious errors are encountered, Unmarshal returns -// an UnmarshalTypeError describing the earliest such error. -// -// The JSON null value unmarshals into an interface, map, pointer, or slice -// by setting that Go value to nil. Because null is often used in JSON to mean -// ``not present,'' unmarshaling a JSON null into any other Go type has no effect -// on the value and produces no error. -// -// When unmarshaling quoted strings, invalid UTF-8 or -// invalid UTF-16 surrogate pairs are not treated as an error. -// Instead, they are replaced by the Unicode replacement -// character U+FFFD. -// -func Unmarshal(data []byte, v interface{}) error { - // Check for well-formedness. - // Avoids filling out half a data structure - // before discovering a JSON syntax error. - var d decodeState - err := checkValid(data, &d.scan) - if err != nil { - return err - } - - d.init(data) - return d.unmarshal(v) -} - -// Unmarshaler is the interface implemented by objects -// that can unmarshal a JSON description of themselves. -// The input can be assumed to be a valid encoding of -// a JSON value. UnmarshalJSON must copy the JSON data -// if it wishes to retain the data after returning. -type Unmarshaler interface { - UnmarshalJSON([]byte) error -} - -// An UnmarshalTypeError describes a JSON value that was -// not appropriate for a value of a specific Go type. -type UnmarshalTypeError struct { - Value string // description of JSON value - "bool", "array", "number -5" - Type reflect.Type // type of Go value it could not be assigned to - Offset int64 // error occurred after reading Offset bytes -} - -func (e *UnmarshalTypeError) Error() string { - return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String() -} - -// An UnmarshalFieldError describes a JSON object key that -// led to an unexported (and therefore unwritable) struct field. -// (No longer used; kept for compatibility.) -type UnmarshalFieldError struct { - Key string - Type reflect.Type - Field reflect.StructField -} - -func (e *UnmarshalFieldError) Error() string { - return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String() -} - -// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal. -// (The argument to Unmarshal must be a non-nil pointer.) -type InvalidUnmarshalError struct { - Type reflect.Type -} - -func (e *InvalidUnmarshalError) Error() string { - if e.Type == nil { - return "json: Unmarshal(nil)" - } - - if e.Type.Kind() != reflect.Ptr { - return "json: Unmarshal(non-pointer " + e.Type.String() + ")" - } - return "json: Unmarshal(nil " + e.Type.String() + ")" -} - -func (d *decodeState) unmarshal(v interface{}) (err error) { - defer func() { - if r := recover(); r != nil { - if _, ok := r.(runtime.Error); ok { - panic(r) - } - err = r.(error) - } - }() - - rv := reflect.ValueOf(v) - if rv.Kind() != reflect.Ptr || rv.IsNil() { - return &InvalidUnmarshalError{reflect.TypeOf(v)} - } - - d.scan.reset() - // We decode rv not rv.Elem because the Unmarshaler interface - // test must be applied at the top level of the value. - d.value(rv) - return d.savedError -} - -// A Number represents a JSON number literal. -type Number string - -// String returns the literal text of the number. -func (n Number) String() string { return string(n) } - -// Float64 returns the number as a float64. -func (n Number) Float64() (float64, error) { - return strconv.ParseFloat(string(n), 64) -} - -// Int64 returns the number as an int64. -func (n Number) Int64() (int64, error) { - return strconv.ParseInt(string(n), 10, 64) -} - -// isValidNumber reports whether s is a valid JSON number literal. -func isValidNumber(s string) bool { - // This function implements the JSON numbers grammar. - // See https://tools.ietf.org/html/rfc7159#section-6 - // and http://json.org/number.gif - - if s == "" { - return false - } - - // Optional - - if s[0] == '-' { - s = s[1:] - if s == "" { - return false - } - } - - // Digits - switch { - default: - return false - - case s[0] == '0': - s = s[1:] - - case '1' <= s[0] && s[0] <= '9': - s = s[1:] - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // . followed by 1 or more digits. - if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' { - s = s[2:] - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // e or E followed by an optional - or + and - // 1 or more digits. - if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') { - s = s[1:] - if s[0] == '+' || s[0] == '-' { - s = s[1:] - if s == "" { - return false - } - } - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // Make sure we are at the end. - return s == "" -} - -// decodeState represents the state while decoding a JSON value. -type decodeState struct { - data []byte - off int // read offset in data - scan scanner - nextscan scanner // for calls to nextValue - savedError error - useNumber bool -} - -// errPhase is used for errors that should not happen unless -// there is a bug in the JSON decoder or something is editing -// the data slice while the decoder executes. -var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?") - -func (d *decodeState) init(data []byte) *decodeState { - d.data = data - d.off = 0 - d.savedError = nil - return d -} - -// error aborts the decoding by panicking with err. -func (d *decodeState) error(err error) { - panic(err) -} - -// saveError saves the first err it is called with, -// for reporting at the end of the unmarshal. -func (d *decodeState) saveError(err error) { - if d.savedError == nil { - d.savedError = err - } -} - -// next cuts off and returns the next full JSON value in d.data[d.off:]. -// The next value is known to be an object or array, not a literal. -func (d *decodeState) next() []byte { - c := d.data[d.off] - item, rest, err := nextValue(d.data[d.off:], &d.nextscan) - if err != nil { - d.error(err) - } - d.off = len(d.data) - len(rest) - - // Our scanner has seen the opening brace/bracket - // and thinks we're still in the middle of the object. - // invent a closing brace/bracket to get it out. - if c == '{' { - d.scan.step(&d.scan, '}') - } else { - d.scan.step(&d.scan, ']') - } - - return item -} - -// scanWhile processes bytes in d.data[d.off:] until it -// receives a scan code not equal to op. -// It updates d.off and returns the new scan code. -func (d *decodeState) scanWhile(op int) int { - var newOp int - for { - if d.off >= len(d.data) { - newOp = d.scan.eof() - d.off = len(d.data) + 1 // mark processed EOF with len+1 - } else { - c := d.data[d.off] - d.off++ - newOp = d.scan.step(&d.scan, c) - } - if newOp != op { - break - } - } - return newOp -} - -// value decodes a JSON value from d.data[d.off:] into the value. -// it updates d.off to point past the decoded value. -func (d *decodeState) value(v reflect.Value) { - if !v.IsValid() { - _, rest, err := nextValue(d.data[d.off:], &d.nextscan) - if err != nil { - d.error(err) - } - d.off = len(d.data) - len(rest) - - // d.scan thinks we're still at the beginning of the item. - // Feed in an empty string - the shortest, simplest value - - // so that it knows we got to the end of the value. - if d.scan.redo { - // rewind. - d.scan.redo = false - d.scan.step = stateBeginValue - } - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '"') - - n := len(d.scan.parseState) - if n > 0 && d.scan.parseState[n-1] == parseObjectKey { - // d.scan thinks we just read an object key; finish the object - d.scan.step(&d.scan, ':') - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '}') - } - - return - } - - switch op := d.scanWhile(scanSkipSpace); op { - default: - d.error(errPhase) - - case scanBeginArray: - d.array(v) - - case scanBeginObject: - d.object(v) - - case scanBeginLiteral: - d.literal(v) - } -} - -type unquotedValue struct{} - -// valueQuoted is like value but decodes a -// quoted string literal or literal null into an interface value. -// If it finds anything other than a quoted string literal or null, -// valueQuoted returns unquotedValue{}. -func (d *decodeState) valueQuoted() interface{} { - switch op := d.scanWhile(scanSkipSpace); op { - default: - d.error(errPhase) - - case scanBeginArray: - d.array(reflect.Value{}) - - case scanBeginObject: - d.object(reflect.Value{}) - - case scanBeginLiteral: - switch v := d.literalInterface().(type) { - case nil, string: - return v - } - } - return unquotedValue{} -} - -// indirect walks down v allocating pointers as needed, -// until it gets to a non-pointer. -// if it encounters an Unmarshaler, indirect stops and returns that. -// if decodingNull is true, indirect stops at the last pointer so it can be set to nil. -func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) { - // If v is a named type and is addressable, - // start with its address, so that if the type has pointer methods, - // we find them. - if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() { - v = v.Addr() - } - for { - // Load value from interface, but only if the result will be - // usefully addressable. - if v.Kind() == reflect.Interface && !v.IsNil() { - e := v.Elem() - if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) { - v = e - continue - } - } - - if v.Kind() != reflect.Ptr { - break - } - - if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() { - break - } - if v.IsNil() { - v.Set(reflect.New(v.Type().Elem())) - } - if v.Type().NumMethod() > 0 { - if u, ok := v.Interface().(Unmarshaler); ok { - return u, nil, reflect.Value{} - } - if u, ok := v.Interface().(encoding.TextUnmarshaler); ok { - return nil, u, reflect.Value{} - } - } - v = v.Elem() - } - return nil, nil, v -} - -// array consumes an array from d.data[d.off-1:], decoding into the value v. -// the first byte of the array ('[') has been read already. -func (d *decodeState) array(v reflect.Value) { - // Check for unmarshaler. - u, ut, pv := d.indirect(v, false) - if u != nil { - d.off-- - err := u.UnmarshalJSON(d.next()) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) - d.off-- - d.next() - return - } - - v = pv - - // Check type of target. - switch v.Kind() { - case reflect.Interface: - if v.NumMethod() == 0 { - // Decoding into nil interface? Switch to non-reflect code. - v.Set(reflect.ValueOf(d.arrayInterface())) - return - } - // Otherwise it's invalid. - fallthrough - default: - d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) - d.off-- - d.next() - return - case reflect.Array: - case reflect.Slice: - break - } - - i := 0 - for { - // Look ahead for ] - can only happen on first iteration. - op := d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - - // Back up so d.value can have the byte we just read. - d.off-- - d.scan.undo(op) - - // Get element of array, growing if necessary. - if v.Kind() == reflect.Slice { - // Grow slice if necessary - if i >= v.Cap() { - newcap := v.Cap() + v.Cap()/2 - if newcap < 4 { - newcap = 4 - } - newv := reflect.MakeSlice(v.Type(), v.Len(), newcap) - reflect.Copy(newv, v) - v.Set(newv) - } - if i >= v.Len() { - v.SetLen(i + 1) - } - } - - if i < v.Len() { - // Decode into element. - d.value(v.Index(i)) - } else { - // Ran out of fixed array: skip. - d.value(reflect.Value{}) - } - i++ - - // Next token must be , or ]. - op = d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - if op != scanArrayValue { - d.error(errPhase) - } - } - - if i < v.Len() { - if v.Kind() == reflect.Array { - // Array. Zero the rest. - z := reflect.Zero(v.Type().Elem()) - for ; i < v.Len(); i++ { - v.Index(i).Set(z) - } - } else { - v.SetLen(i) - } - } - if i == 0 && v.Kind() == reflect.Slice { - v.Set(reflect.MakeSlice(v.Type(), 0, 0)) - } -} - -var nullLiteral = []byte("null") - -// object consumes an object from d.data[d.off-1:], decoding into the value v. -// the first byte ('{') of the object has been read already. -func (d *decodeState) object(v reflect.Value) { - // Check for unmarshaler. - u, ut, pv := d.indirect(v, false) - if u != nil { - d.off-- - err := u.UnmarshalJSON(d.next()) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - v = pv - - // Decoding into nil interface? Switch to non-reflect code. - if v.Kind() == reflect.Interface && v.NumMethod() == 0 { - v.Set(reflect.ValueOf(d.objectInterface())) - return - } - - // Check type of target: struct or map[string]T - switch v.Kind() { - case reflect.Map: - // map must have string kind - t := v.Type() - if t.Key().Kind() != reflect.String { - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - if v.IsNil() { - v.Set(reflect.MakeMap(t)) - } - case reflect.Struct: - - default: - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - - var mapElem reflect.Value - keys := map[string]bool{} - - for { - // Read opening " of string key or closing }. - op := d.scanWhile(scanSkipSpace) - if op == scanEndObject { - // closing } - can only happen on first iteration. - break - } - if op != scanBeginLiteral { - d.error(errPhase) - } - - // Read key. - start := d.off - 1 - op = d.scanWhile(scanContinue) - item := d.data[start : d.off-1] - key, ok := unquote(item) - if !ok { - d.error(errPhase) - } - - // Check for duplicate keys. - _, ok = keys[key] - if !ok { - keys[key] = true - } else { - d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) - } - - // Figure out field corresponding to key. - var subv reflect.Value - destring := false // whether the value is wrapped in a string to be decoded first - - if v.Kind() == reflect.Map { - elemType := v.Type().Elem() - if !mapElem.IsValid() { - mapElem = reflect.New(elemType).Elem() - } else { - mapElem.Set(reflect.Zero(elemType)) - } - subv = mapElem - } else { - var f *field - fields := cachedTypeFields(v.Type()) - for i := range fields { - ff := &fields[i] - if bytes.Equal(ff.nameBytes, []byte(key)) { - f = ff - break - } - } - if f != nil { - subv = v - destring = f.quoted - for _, i := range f.index { - if subv.Kind() == reflect.Ptr { - if subv.IsNil() { - subv.Set(reflect.New(subv.Type().Elem())) - } - subv = subv.Elem() - } - subv = subv.Field(i) - } - } - } - - // Read : before value. - if op == scanSkipSpace { - op = d.scanWhile(scanSkipSpace) - } - if op != scanObjectKey { - d.error(errPhase) - } - - // Read value. - if destring { - switch qv := d.valueQuoted().(type) { - case nil: - d.literalStore(nullLiteral, subv, false) - case string: - d.literalStore([]byte(qv), subv, true) - default: - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type())) - } - } else { - d.value(subv) - } - - // Write value back to map; - // if using struct, subv points into struct already. - if v.Kind() == reflect.Map { - kv := reflect.ValueOf(key).Convert(v.Type().Key()) - v.SetMapIndex(kv, subv) - } - - // Next token must be , or }. - op = d.scanWhile(scanSkipSpace) - if op == scanEndObject { - break - } - if op != scanObjectValue { - d.error(errPhase) - } - } -} - -// literal consumes a literal from d.data[d.off-1:], decoding into the value v. -// The first byte of the literal has been read already -// (that's how the caller knows it's a literal). -func (d *decodeState) literal(v reflect.Value) { - // All bytes inside literal return scanContinue op code. - start := d.off - 1 - op := d.scanWhile(scanContinue) - - // Scan read one byte too far; back up. - d.off-- - d.scan.undo(op) - - d.literalStore(d.data[start:d.off], v, false) -} - -// convertNumber converts the number literal s to a float64 or a Number -// depending on the setting of d.useNumber. -func (d *decodeState) convertNumber(s string) (interface{}, error) { - if d.useNumber { - return Number(s), nil - } - f, err := strconv.ParseFloat(s, 64) - if err != nil { - return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} - } - return f, nil -} - -var numberType = reflect.TypeOf(Number("")) - -// literalStore decodes a literal stored in item into v. -// -// fromQuoted indicates whether this literal came from unwrapping a -// string from the ",string" struct tag option. this is used only to -// produce more helpful error messages. -func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) { - // Check for unmarshaler. - if len(item) == 0 { - //Empty string given - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - return - } - wantptr := item[0] == 'n' // null - u, ut, pv := d.indirect(v, wantptr) - if u != nil { - err := u.UnmarshalJSON(item) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - if item[0] != '"' { - if fromQuoted { - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - } - return - } - s, ok := unquoteBytes(item) - if !ok { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - err := ut.UnmarshalText(s) - if err != nil { - d.error(err) - } - return - } - - v = pv - - switch c := item[0]; c { - case 'n': // null - switch v.Kind() { - case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice: - v.Set(reflect.Zero(v.Type())) - // otherwise, ignore null for primitives/string - } - case 't', 'f': // true, false - value := c == 't' - switch v.Kind() { - default: - if fromQuoted { - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) - } - case reflect.Bool: - v.SetBool(value) - case reflect.Interface: - if v.NumMethod() == 0 { - v.Set(reflect.ValueOf(value)) - } else { - d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) - } - } - - case '"': // string - s, ok := unquoteBytes(item) - if !ok { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - switch v.Kind() { - default: - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - case reflect.Slice: - if v.Type().Elem().Kind() != reflect.Uint8 { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - break - } - b := make([]byte, base64.StdEncoding.DecodedLen(len(s))) - n, err := base64.StdEncoding.Decode(b, s) - if err != nil { - d.saveError(err) - break - } - v.SetBytes(b[:n]) - case reflect.String: - v.SetString(string(s)) - case reflect.Interface: - if v.NumMethod() == 0 { - v.Set(reflect.ValueOf(string(s))) - } else { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - } - } - - default: // number - if c != '-' && (c < '0' || c > '9') { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - s := string(item) - switch v.Kind() { - default: - if v.Kind() == reflect.String && v.Type() == numberType { - v.SetString(s) - if !isValidNumber(s) { - d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)) - } - break - } - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) - } - case reflect.Interface: - n, err := d.convertNumber(s) - if err != nil { - d.saveError(err) - break - } - if v.NumMethod() != 0 { - d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) - break - } - v.Set(reflect.ValueOf(n)) - - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - n, err := strconv.ParseInt(s, 10, 64) - if err != nil || v.OverflowInt(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetInt(n) - - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - n, err := strconv.ParseUint(s, 10, 64) - if err != nil || v.OverflowUint(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetUint(n) - - case reflect.Float32, reflect.Float64: - n, err := strconv.ParseFloat(s, v.Type().Bits()) - if err != nil || v.OverflowFloat(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetFloat(n) - } - } -} - -// The xxxInterface routines build up a value to be stored -// in an empty interface. They are not strictly necessary, -// but they avoid the weight of reflection in this common case. - -// valueInterface is like value but returns interface{} -func (d *decodeState) valueInterface() interface{} { - switch d.scanWhile(scanSkipSpace) { - default: - d.error(errPhase) - panic("unreachable") - case scanBeginArray: - return d.arrayInterface() - case scanBeginObject: - return d.objectInterface() - case scanBeginLiteral: - return d.literalInterface() - } -} - -// arrayInterface is like array but returns []interface{}. -func (d *decodeState) arrayInterface() []interface{} { - var v = make([]interface{}, 0) - for { - // Look ahead for ] - can only happen on first iteration. - op := d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - - // Back up so d.value can have the byte we just read. - d.off-- - d.scan.undo(op) - - v = append(v, d.valueInterface()) - - // Next token must be , or ]. - op = d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - if op != scanArrayValue { - d.error(errPhase) - } - } - return v -} - -// objectInterface is like object but returns map[string]interface{}. -func (d *decodeState) objectInterface() map[string]interface{} { - m := make(map[string]interface{}) - keys := map[string]bool{} - - for { - // Read opening " of string key or closing }. - op := d.scanWhile(scanSkipSpace) - if op == scanEndObject { - // closing } - can only happen on first iteration. - break - } - if op != scanBeginLiteral { - d.error(errPhase) - } - - // Read string key. - start := d.off - 1 - op = d.scanWhile(scanContinue) - item := d.data[start : d.off-1] - key, ok := unquote(item) - if !ok { - d.error(errPhase) - } - - // Check for duplicate keys. - _, ok = keys[key] - if !ok { - keys[key] = true - } else { - d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) - } - - // Read : before value. - if op == scanSkipSpace { - op = d.scanWhile(scanSkipSpace) - } - if op != scanObjectKey { - d.error(errPhase) - } - - // Read value. - m[key] = d.valueInterface() - - // Next token must be , or }. - op = d.scanWhile(scanSkipSpace) - if op == scanEndObject { - break - } - if op != scanObjectValue { - d.error(errPhase) - } - } - return m -} - -// literalInterface is like literal but returns an interface value. -func (d *decodeState) literalInterface() interface{} { - // All bytes inside literal return scanContinue op code. - start := d.off - 1 - op := d.scanWhile(scanContinue) - - // Scan read one byte too far; back up. - d.off-- - d.scan.undo(op) - item := d.data[start:d.off] - - switch c := item[0]; c { - case 'n': // null - return nil - - case 't', 'f': // true, false - return c == 't' - - case '"': // string - s, ok := unquote(item) - if !ok { - d.error(errPhase) - } - return s - - default: // number - if c != '-' && (c < '0' || c > '9') { - d.error(errPhase) - } - n, err := d.convertNumber(string(item)) - if err != nil { - d.saveError(err) - } - return n - } -} - -// getu4 decodes \uXXXX from the beginning of s, returning the hex value, -// or it returns -1. -func getu4(s []byte) rune { - if len(s) < 6 || s[0] != '\\' || s[1] != 'u' { - return -1 - } - r, err := strconv.ParseUint(string(s[2:6]), 16, 64) - if err != nil { - return -1 - } - return rune(r) -} - -// unquote converts a quoted JSON string literal s into an actual string t. -// The rules are different than for Go, so cannot use strconv.Unquote. -func unquote(s []byte) (t string, ok bool) { - s, ok = unquoteBytes(s) - t = string(s) - return -} - -func unquoteBytes(s []byte) (t []byte, ok bool) { - if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' { - return - } - s = s[1 : len(s)-1] - - // Check for unusual characters. If there are none, - // then no unquoting is needed, so return a slice of the - // original bytes. - r := 0 - for r < len(s) { - c := s[r] - if c == '\\' || c == '"' || c < ' ' { - break - } - if c < utf8.RuneSelf { - r++ - continue - } - rr, size := utf8.DecodeRune(s[r:]) - if rr == utf8.RuneError && size == 1 { - break - } - r += size - } - if r == len(s) { - return s, true - } - - b := make([]byte, len(s)+2*utf8.UTFMax) - w := copy(b, s[0:r]) - for r < len(s) { - // Out of room? Can only happen if s is full of - // malformed UTF-8 and we're replacing each - // byte with RuneError. - if w >= len(b)-2*utf8.UTFMax { - nb := make([]byte, (len(b)+utf8.UTFMax)*2) - copy(nb, b[0:w]) - b = nb - } - switch c := s[r]; { - case c == '\\': - r++ - if r >= len(s) { - return - } - switch s[r] { - default: - return - case '"', '\\', '/', '\'': - b[w] = s[r] - r++ - w++ - case 'b': - b[w] = '\b' - r++ - w++ - case 'f': - b[w] = '\f' - r++ - w++ - case 'n': - b[w] = '\n' - r++ - w++ - case 'r': - b[w] = '\r' - r++ - w++ - case 't': - b[w] = '\t' - r++ - w++ - case 'u': - r-- - rr := getu4(s[r:]) - if rr < 0 { - return - } - r += 6 - if utf16.IsSurrogate(rr) { - rr1 := getu4(s[r:]) - if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar { - // A valid pair; consume. - r += 6 - w += utf8.EncodeRune(b[w:], dec) - break - } - // Invalid surrogate; fall back to replacement rune. - rr = unicode.ReplacementChar - } - w += utf8.EncodeRune(b[w:], rr) - } - - // Quote, control characters are invalid. - case c == '"', c < ' ': - return - - // ASCII - case c < utf8.RuneSelf: - b[w] = c - r++ - w++ - - // Coerce to well-formed UTF-8. - default: - rr, size := utf8.DecodeRune(s[r:]) - r += size - w += utf8.EncodeRune(b[w:], rr) - } - } - return b[0:w], true -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/encode.go b/etcd/vendor/gopkg.in/square/go-jose.v2/json/encode.go deleted file mode 100644 index 1dae8bb7cd..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/encode.go +++ /dev/null @@ -1,1197 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package json implements encoding and decoding of JSON objects as defined in -// RFC 4627. The mapping between JSON objects and Go values is described -// in the documentation for the Marshal and Unmarshal functions. -// -// See "JSON and Go" for an introduction to this package: -// https://golang.org/doc/articles/json_and_go.html -package json - -import ( - "bytes" - "encoding" - "encoding/base64" - "fmt" - "math" - "reflect" - "runtime" - "sort" - "strconv" - "strings" - "sync" - "unicode" - "unicode/utf8" -) - -// Marshal returns the JSON encoding of v. -// -// Marshal traverses the value v recursively. -// If an encountered value implements the Marshaler interface -// and is not a nil pointer, Marshal calls its MarshalJSON method -// to produce JSON. If no MarshalJSON method is present but the -// value implements encoding.TextMarshaler instead, Marshal calls -// its MarshalText method. -// The nil pointer exception is not strictly necessary -// but mimics a similar, necessary exception in the behavior of -// UnmarshalJSON. -// -// Otherwise, Marshal uses the following type-dependent default encodings: -// -// Boolean values encode as JSON booleans. -// -// Floating point, integer, and Number values encode as JSON numbers. -// -// String values encode as JSON strings coerced to valid UTF-8, -// replacing invalid bytes with the Unicode replacement rune. -// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e" -// to keep some browsers from misinterpreting JSON output as HTML. -// Ampersand "&" is also escaped to "\u0026" for the same reason. -// -// Array and slice values encode as JSON arrays, except that -// []byte encodes as a base64-encoded string, and a nil slice -// encodes as the null JSON object. -// -// Struct values encode as JSON objects. Each exported struct field -// becomes a member of the object unless -// - the field's tag is "-", or -// - the field is empty and its tag specifies the "omitempty" option. -// The empty values are false, 0, any -// nil pointer or interface value, and any array, slice, map, or string of -// length zero. The object's default key string is the struct field name -// but can be specified in the struct field's tag value. The "json" key in -// the struct field's tag value is the key name, followed by an optional comma -// and options. Examples: -// -// // Field is ignored by this package. -// Field int `json:"-"` -// -// // Field appears in JSON as key "myName". -// Field int `json:"myName"` -// -// // Field appears in JSON as key "myName" and -// // the field is omitted from the object if its value is empty, -// // as defined above. -// Field int `json:"myName,omitempty"` -// -// // Field appears in JSON as key "Field" (the default), but -// // the field is skipped if empty. -// // Note the leading comma. -// Field int `json:",omitempty"` -// -// The "string" option signals that a field is stored as JSON inside a -// JSON-encoded string. It applies only to fields of string, floating point, -// integer, or boolean types. This extra level of encoding is sometimes used -// when communicating with JavaScript programs: -// -// Int64String int64 `json:",string"` -// -// The key name will be used if it's a non-empty string consisting of -// only Unicode letters, digits, dollar signs, percent signs, hyphens, -// underscores and slashes. -// -// Anonymous struct fields are usually marshaled as if their inner exported fields -// were fields in the outer struct, subject to the usual Go visibility rules amended -// as described in the next paragraph. -// An anonymous struct field with a name given in its JSON tag is treated as -// having that name, rather than being anonymous. -// An anonymous struct field of interface type is treated the same as having -// that type as its name, rather than being anonymous. -// -// The Go visibility rules for struct fields are amended for JSON when -// deciding which field to marshal or unmarshal. If there are -// multiple fields at the same level, and that level is the least -// nested (and would therefore be the nesting level selected by the -// usual Go rules), the following extra rules apply: -// -// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered, -// even if there are multiple untagged fields that would otherwise conflict. -// 2) If there is exactly one field (tagged or not according to the first rule), that is selected. -// 3) Otherwise there are multiple fields, and all are ignored; no error occurs. -// -// Handling of anonymous struct fields is new in Go 1.1. -// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of -// an anonymous struct field in both current and earlier versions, give the field -// a JSON tag of "-". -// -// Map values encode as JSON objects. -// The map's key type must be string; the map keys are used as JSON object -// keys, subject to the UTF-8 coercion described for string values above. -// -// Pointer values encode as the value pointed to. -// A nil pointer encodes as the null JSON object. -// -// Interface values encode as the value contained in the interface. -// A nil interface value encodes as the null JSON object. -// -// Channel, complex, and function values cannot be encoded in JSON. -// Attempting to encode such a value causes Marshal to return -// an UnsupportedTypeError. -// -// JSON cannot represent cyclic data structures and Marshal does not -// handle them. Passing cyclic structures to Marshal will result in -// an infinite recursion. -// -func Marshal(v interface{}) ([]byte, error) { - e := &encodeState{} - err := e.marshal(v) - if err != nil { - return nil, err - } - return e.Bytes(), nil -} - -// MarshalIndent is like Marshal but applies Indent to format the output. -func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) { - b, err := Marshal(v) - if err != nil { - return nil, err - } - var buf bytes.Buffer - err = Indent(&buf, b, prefix, indent) - if err != nil { - return nil, err - } - return buf.Bytes(), nil -} - -// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029 -// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029 -// so that the JSON will be safe to embed inside HTML <script> tags. -// For historical reasons, web browsers don't honor standard HTML -// escaping within <script> tags, so an alternative JSON encoding must -// be used. -func HTMLEscape(dst *bytes.Buffer, src []byte) { - // The characters can only appear in string literals, - // so just scan the string one byte at a time. - start := 0 - for i, c := range src { - if c == '<' || c == '>' || c == '&' { - if start < i { - dst.Write(src[start:i]) - } - dst.WriteString(`\u00`) - dst.WriteByte(hex[c>>4]) - dst.WriteByte(hex[c&0xF]) - start = i + 1 - } - // Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9). - if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 { - if start < i { - dst.Write(src[start:i]) - } - dst.WriteString(`\u202`) - dst.WriteByte(hex[src[i+2]&0xF]) - start = i + 3 - } - } - if start < len(src) { - dst.Write(src[start:]) - } -} - -// Marshaler is the interface implemented by objects that -// can marshal themselves into valid JSON. -type Marshaler interface { - MarshalJSON() ([]byte, error) -} - -// An UnsupportedTypeError is returned by Marshal when attempting -// to encode an unsupported value type. -type UnsupportedTypeError struct { - Type reflect.Type -} - -func (e *UnsupportedTypeError) Error() string { - return "json: unsupported type: " + e.Type.String() -} - -type UnsupportedValueError struct { - Value reflect.Value - Str string -} - -func (e *UnsupportedValueError) Error() string { - return "json: unsupported value: " + e.Str -} - -// Before Go 1.2, an InvalidUTF8Error was returned by Marshal when -// attempting to encode a string value with invalid UTF-8 sequences. -// As of Go 1.2, Marshal instead coerces the string to valid UTF-8 by -// replacing invalid bytes with the Unicode replacement rune U+FFFD. -// This error is no longer generated but is kept for backwards compatibility -// with programs that might mention it. -type InvalidUTF8Error struct { - S string // the whole string value that caused the error -} - -func (e *InvalidUTF8Error) Error() string { - return "json: invalid UTF-8 in string: " + strconv.Quote(e.S) -} - -type MarshalerError struct { - Type reflect.Type - Err error -} - -func (e *MarshalerError) Error() string { - return "json: error calling MarshalJSON for type " + e.Type.String() + ": " + e.Err.Error() -} - -var hex = "0123456789abcdef" - -// An encodeState encodes JSON into a bytes.Buffer. -type encodeState struct { - bytes.Buffer // accumulated output - scratch [64]byte -} - -var encodeStatePool sync.Pool - -func newEncodeState() *encodeState { - if v := encodeStatePool.Get(); v != nil { - e := v.(*encodeState) - e.Reset() - return e - } - return new(encodeState) -} - -func (e *encodeState) marshal(v interface{}) (err error) { - defer func() { - if r := recover(); r != nil { - if _, ok := r.(runtime.Error); ok { - panic(r) - } - if s, ok := r.(string); ok { - panic(s) - } - err = r.(error) - } - }() - e.reflectValue(reflect.ValueOf(v)) - return nil -} - -func (e *encodeState) error(err error) { - panic(err) -} - -func isEmptyValue(v reflect.Value) bool { - switch v.Kind() { - case reflect.Array, reflect.Map, reflect.Slice, reflect.String: - return v.Len() == 0 - case reflect.Bool: - return !v.Bool() - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return v.Int() == 0 - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return v.Uint() == 0 - case reflect.Float32, reflect.Float64: - return v.Float() == 0 - case reflect.Interface, reflect.Ptr: - return v.IsNil() - } - return false -} - -func (e *encodeState) reflectValue(v reflect.Value) { - valueEncoder(v)(e, v, false) -} - -type encoderFunc func(e *encodeState, v reflect.Value, quoted bool) - -var encoderCache struct { - sync.RWMutex - m map[reflect.Type]encoderFunc -} - -func valueEncoder(v reflect.Value) encoderFunc { - if !v.IsValid() { - return invalidValueEncoder - } - return typeEncoder(v.Type()) -} - -func typeEncoder(t reflect.Type) encoderFunc { - encoderCache.RLock() - f := encoderCache.m[t] - encoderCache.RUnlock() - if f != nil { - return f - } - - // To deal with recursive types, populate the map with an - // indirect func before we build it. This type waits on the - // real func (f) to be ready and then calls it. This indirect - // func is only used for recursive types. - encoderCache.Lock() - if encoderCache.m == nil { - encoderCache.m = make(map[reflect.Type]encoderFunc) - } - var wg sync.WaitGroup - wg.Add(1) - encoderCache.m[t] = func(e *encodeState, v reflect.Value, quoted bool) { - wg.Wait() - f(e, v, quoted) - } - encoderCache.Unlock() - - // Compute fields without lock. - // Might duplicate effort but won't hold other computations back. - f = newTypeEncoder(t, true) - wg.Done() - encoderCache.Lock() - encoderCache.m[t] = f - encoderCache.Unlock() - return f -} - -var ( - marshalerType = reflect.TypeOf(new(Marshaler)).Elem() - textMarshalerType = reflect.TypeOf(new(encoding.TextMarshaler)).Elem() -) - -// newTypeEncoder constructs an encoderFunc for a type. -// The returned encoder only checks CanAddr when allowAddr is true. -func newTypeEncoder(t reflect.Type, allowAddr bool) encoderFunc { - if t.Implements(marshalerType) { - return marshalerEncoder - } - if t.Kind() != reflect.Ptr && allowAddr { - if reflect.PtrTo(t).Implements(marshalerType) { - return newCondAddrEncoder(addrMarshalerEncoder, newTypeEncoder(t, false)) - } - } - - if t.Implements(textMarshalerType) { - return textMarshalerEncoder - } - if t.Kind() != reflect.Ptr && allowAddr { - if reflect.PtrTo(t).Implements(textMarshalerType) { - return newCondAddrEncoder(addrTextMarshalerEncoder, newTypeEncoder(t, false)) - } - } - - switch t.Kind() { - case reflect.Bool: - return boolEncoder - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return intEncoder - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return uintEncoder - case reflect.Float32: - return float32Encoder - case reflect.Float64: - return float64Encoder - case reflect.String: - return stringEncoder - case reflect.Interface: - return interfaceEncoder - case reflect.Struct: - return newStructEncoder(t) - case reflect.Map: - return newMapEncoder(t) - case reflect.Slice: - return newSliceEncoder(t) - case reflect.Array: - return newArrayEncoder(t) - case reflect.Ptr: - return newPtrEncoder(t) - default: - return unsupportedTypeEncoder - } -} - -func invalidValueEncoder(e *encodeState, v reflect.Value, quoted bool) { - e.WriteString("null") -} - -func marshalerEncoder(e *encodeState, v reflect.Value, quoted bool) { - if v.Kind() == reflect.Ptr && v.IsNil() { - e.WriteString("null") - return - } - m := v.Interface().(Marshaler) - b, err := m.MarshalJSON() - if err == nil { - // copy JSON into buffer, checking validity. - err = compact(&e.Buffer, b, true) - } - if err != nil { - e.error(&MarshalerError{v.Type(), err}) - } -} - -func addrMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) { - va := v.Addr() - if va.IsNil() { - e.WriteString("null") - return - } - m := va.Interface().(Marshaler) - b, err := m.MarshalJSON() - if err == nil { - // copy JSON into buffer, checking validity. - err = compact(&e.Buffer, b, true) - } - if err != nil { - e.error(&MarshalerError{v.Type(), err}) - } -} - -func textMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) { - if v.Kind() == reflect.Ptr && v.IsNil() { - e.WriteString("null") - return - } - m := v.Interface().(encoding.TextMarshaler) - b, err := m.MarshalText() - if err != nil { - e.error(&MarshalerError{v.Type(), err}) - } - e.stringBytes(b) -} - -func addrTextMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) { - va := v.Addr() - if va.IsNil() { - e.WriteString("null") - return - } - m := va.Interface().(encoding.TextMarshaler) - b, err := m.MarshalText() - if err != nil { - e.error(&MarshalerError{v.Type(), err}) - } - e.stringBytes(b) -} - -func boolEncoder(e *encodeState, v reflect.Value, quoted bool) { - if quoted { - e.WriteByte('"') - } - if v.Bool() { - e.WriteString("true") - } else { - e.WriteString("false") - } - if quoted { - e.WriteByte('"') - } -} - -func intEncoder(e *encodeState, v reflect.Value, quoted bool) { - b := strconv.AppendInt(e.scratch[:0], v.Int(), 10) - if quoted { - e.WriteByte('"') - } - e.Write(b) - if quoted { - e.WriteByte('"') - } -} - -func uintEncoder(e *encodeState, v reflect.Value, quoted bool) { - b := strconv.AppendUint(e.scratch[:0], v.Uint(), 10) - if quoted { - e.WriteByte('"') - } - e.Write(b) - if quoted { - e.WriteByte('"') - } -} - -type floatEncoder int // number of bits - -func (bits floatEncoder) encode(e *encodeState, v reflect.Value, quoted bool) { - f := v.Float() - if math.IsInf(f, 0) || math.IsNaN(f) { - e.error(&UnsupportedValueError{v, strconv.FormatFloat(f, 'g', -1, int(bits))}) - } - b := strconv.AppendFloat(e.scratch[:0], f, 'g', -1, int(bits)) - if quoted { - e.WriteByte('"') - } - e.Write(b) - if quoted { - e.WriteByte('"') - } -} - -var ( - float32Encoder = (floatEncoder(32)).encode - float64Encoder = (floatEncoder(64)).encode -) - -func stringEncoder(e *encodeState, v reflect.Value, quoted bool) { - if v.Type() == numberType { - numStr := v.String() - // In Go1.5 the empty string encodes to "0", while this is not a valid number literal - // we keep compatibility so check validity after this. - if numStr == "" { - numStr = "0" // Number's zero-val - } - if !isValidNumber(numStr) { - e.error(fmt.Errorf("json: invalid number literal %q", numStr)) - } - e.WriteString(numStr) - return - } - if quoted { - sb, err := Marshal(v.String()) - if err != nil { - e.error(err) - } - e.string(string(sb)) - } else { - e.string(v.String()) - } -} - -func interfaceEncoder(e *encodeState, v reflect.Value, quoted bool) { - if v.IsNil() { - e.WriteString("null") - return - } - e.reflectValue(v.Elem()) -} - -func unsupportedTypeEncoder(e *encodeState, v reflect.Value, quoted bool) { - e.error(&UnsupportedTypeError{v.Type()}) -} - -type structEncoder struct { - fields []field - fieldEncs []encoderFunc -} - -func (se *structEncoder) encode(e *encodeState, v reflect.Value, quoted bool) { - e.WriteByte('{') - first := true - for i, f := range se.fields { - fv := fieldByIndex(v, f.index) - if !fv.IsValid() || f.omitEmpty && isEmptyValue(fv) { - continue - } - if first { - first = false - } else { - e.WriteByte(',') - } - e.string(f.name) - e.WriteByte(':') - se.fieldEncs[i](e, fv, f.quoted) - } - e.WriteByte('}') -} - -func newStructEncoder(t reflect.Type) encoderFunc { - fields := cachedTypeFields(t) - se := &structEncoder{ - fields: fields, - fieldEncs: make([]encoderFunc, len(fields)), - } - for i, f := range fields { - se.fieldEncs[i] = typeEncoder(typeByIndex(t, f.index)) - } - return se.encode -} - -type mapEncoder struct { - elemEnc encoderFunc -} - -func (me *mapEncoder) encode(e *encodeState, v reflect.Value, _ bool) { - if v.IsNil() { - e.WriteString("null") - return - } - e.WriteByte('{') - var sv stringValues = v.MapKeys() - sort.Sort(sv) - for i, k := range sv { - if i > 0 { - e.WriteByte(',') - } - e.string(k.String()) - e.WriteByte(':') - me.elemEnc(e, v.MapIndex(k), false) - } - e.WriteByte('}') -} - -func newMapEncoder(t reflect.Type) encoderFunc { - if t.Key().Kind() != reflect.String { - return unsupportedTypeEncoder - } - me := &mapEncoder{typeEncoder(t.Elem())} - return me.encode -} - -func encodeByteSlice(e *encodeState, v reflect.Value, _ bool) { - if v.IsNil() { - e.WriteString("null") - return - } - s := v.Bytes() - e.WriteByte('"') - if len(s) < 1024 { - // for small buffers, using Encode directly is much faster. - dst := make([]byte, base64.StdEncoding.EncodedLen(len(s))) - base64.StdEncoding.Encode(dst, s) - e.Write(dst) - } else { - // for large buffers, avoid unnecessary extra temporary - // buffer space. - enc := base64.NewEncoder(base64.StdEncoding, e) - enc.Write(s) - enc.Close() - } - e.WriteByte('"') -} - -// sliceEncoder just wraps an arrayEncoder, checking to make sure the value isn't nil. -type sliceEncoder struct { - arrayEnc encoderFunc -} - -func (se *sliceEncoder) encode(e *encodeState, v reflect.Value, _ bool) { - if v.IsNil() { - e.WriteString("null") - return - } - se.arrayEnc(e, v, false) -} - -func newSliceEncoder(t reflect.Type) encoderFunc { - // Byte slices get special treatment; arrays don't. - if t.Elem().Kind() == reflect.Uint8 { - return encodeByteSlice - } - enc := &sliceEncoder{newArrayEncoder(t)} - return enc.encode -} - -type arrayEncoder struct { - elemEnc encoderFunc -} - -func (ae *arrayEncoder) encode(e *encodeState, v reflect.Value, _ bool) { - e.WriteByte('[') - n := v.Len() - for i := 0; i < n; i++ { - if i > 0 { - e.WriteByte(',') - } - ae.elemEnc(e, v.Index(i), false) - } - e.WriteByte(']') -} - -func newArrayEncoder(t reflect.Type) encoderFunc { - enc := &arrayEncoder{typeEncoder(t.Elem())} - return enc.encode -} - -type ptrEncoder struct { - elemEnc encoderFunc -} - -func (pe *ptrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) { - if v.IsNil() { - e.WriteString("null") - return - } - pe.elemEnc(e, v.Elem(), quoted) -} - -func newPtrEncoder(t reflect.Type) encoderFunc { - enc := &ptrEncoder{typeEncoder(t.Elem())} - return enc.encode -} - -type condAddrEncoder struct { - canAddrEnc, elseEnc encoderFunc -} - -func (ce *condAddrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) { - if v.CanAddr() { - ce.canAddrEnc(e, v, quoted) - } else { - ce.elseEnc(e, v, quoted) - } -} - -// newCondAddrEncoder returns an encoder that checks whether its value -// CanAddr and delegates to canAddrEnc if so, else to elseEnc. -func newCondAddrEncoder(canAddrEnc, elseEnc encoderFunc) encoderFunc { - enc := &condAddrEncoder{canAddrEnc: canAddrEnc, elseEnc: elseEnc} - return enc.encode -} - -func isValidTag(s string) bool { - if s == "" { - return false - } - for _, c := range s { - switch { - case strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~ ", c): - // Backslash and quote chars are reserved, but - // otherwise any punctuation chars are allowed - // in a tag name. - default: - if !unicode.IsLetter(c) && !unicode.IsDigit(c) { - return false - } - } - } - return true -} - -func fieldByIndex(v reflect.Value, index []int) reflect.Value { - for _, i := range index { - if v.Kind() == reflect.Ptr { - if v.IsNil() { - return reflect.Value{} - } - v = v.Elem() - } - v = v.Field(i) - } - return v -} - -func typeByIndex(t reflect.Type, index []int) reflect.Type { - for _, i := range index { - if t.Kind() == reflect.Ptr { - t = t.Elem() - } - t = t.Field(i).Type - } - return t -} - -// stringValues is a slice of reflect.Value holding *reflect.StringValue. -// It implements the methods to sort by string. -type stringValues []reflect.Value - -func (sv stringValues) Len() int { return len(sv) } -func (sv stringValues) Swap(i, j int) { sv[i], sv[j] = sv[j], sv[i] } -func (sv stringValues) Less(i, j int) bool { return sv.get(i) < sv.get(j) } -func (sv stringValues) get(i int) string { return sv[i].String() } - -// NOTE: keep in sync with stringBytes below. -func (e *encodeState) string(s string) int { - len0 := e.Len() - e.WriteByte('"') - start := 0 - for i := 0; i < len(s); { - if b := s[i]; b < utf8.RuneSelf { - if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' { - i++ - continue - } - if start < i { - e.WriteString(s[start:i]) - } - switch b { - case '\\', '"': - e.WriteByte('\\') - e.WriteByte(b) - case '\n': - e.WriteByte('\\') - e.WriteByte('n') - case '\r': - e.WriteByte('\\') - e.WriteByte('r') - case '\t': - e.WriteByte('\\') - e.WriteByte('t') - default: - // This encodes bytes < 0x20 except for \n and \r, - // as well as <, > and &. The latter are escaped because they - // can lead to security holes when user-controlled strings - // are rendered into JSON and served to some browsers. - e.WriteString(`\u00`) - e.WriteByte(hex[b>>4]) - e.WriteByte(hex[b&0xF]) - } - i++ - start = i - continue - } - c, size := utf8.DecodeRuneInString(s[i:]) - if c == utf8.RuneError && size == 1 { - if start < i { - e.WriteString(s[start:i]) - } - e.WriteString(`\ufffd`) - i += size - start = i - continue - } - // U+2028 is LINE SEPARATOR. - // U+2029 is PARAGRAPH SEPARATOR. - // They are both technically valid characters in JSON strings, - // but don't work in JSONP, which has to be evaluated as JavaScript, - // and can lead to security holes there. It is valid JSON to - // escape them, so we do so unconditionally. - // See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion. - if c == '\u2028' || c == '\u2029' { - if start < i { - e.WriteString(s[start:i]) - } - e.WriteString(`\u202`) - e.WriteByte(hex[c&0xF]) - i += size - start = i - continue - } - i += size - } - if start < len(s) { - e.WriteString(s[start:]) - } - e.WriteByte('"') - return e.Len() - len0 -} - -// NOTE: keep in sync with string above. -func (e *encodeState) stringBytes(s []byte) int { - len0 := e.Len() - e.WriteByte('"') - start := 0 - for i := 0; i < len(s); { - if b := s[i]; b < utf8.RuneSelf { - if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' { - i++ - continue - } - if start < i { - e.Write(s[start:i]) - } - switch b { - case '\\', '"': - e.WriteByte('\\') - e.WriteByte(b) - case '\n': - e.WriteByte('\\') - e.WriteByte('n') - case '\r': - e.WriteByte('\\') - e.WriteByte('r') - case '\t': - e.WriteByte('\\') - e.WriteByte('t') - default: - // This encodes bytes < 0x20 except for \n and \r, - // as well as <, >, and &. The latter are escaped because they - // can lead to security holes when user-controlled strings - // are rendered into JSON and served to some browsers. - e.WriteString(`\u00`) - e.WriteByte(hex[b>>4]) - e.WriteByte(hex[b&0xF]) - } - i++ - start = i - continue - } - c, size := utf8.DecodeRune(s[i:]) - if c == utf8.RuneError && size == 1 { - if start < i { - e.Write(s[start:i]) - } - e.WriteString(`\ufffd`) - i += size - start = i - continue - } - // U+2028 is LINE SEPARATOR. - // U+2029 is PARAGRAPH SEPARATOR. - // They are both technically valid characters in JSON strings, - // but don't work in JSONP, which has to be evaluated as JavaScript, - // and can lead to security holes there. It is valid JSON to - // escape them, so we do so unconditionally. - // See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion. - if c == '\u2028' || c == '\u2029' { - if start < i { - e.Write(s[start:i]) - } - e.WriteString(`\u202`) - e.WriteByte(hex[c&0xF]) - i += size - start = i - continue - } - i += size - } - if start < len(s) { - e.Write(s[start:]) - } - e.WriteByte('"') - return e.Len() - len0 -} - -// A field represents a single field found in a struct. -type field struct { - name string - nameBytes []byte // []byte(name) - - tag bool - index []int - typ reflect.Type - omitEmpty bool - quoted bool -} - -func fillField(f field) field { - f.nameBytes = []byte(f.name) - return f -} - -// byName sorts field by name, breaking ties with depth, -// then breaking ties with "name came from json tag", then -// breaking ties with index sequence. -type byName []field - -func (x byName) Len() int { return len(x) } - -func (x byName) Swap(i, j int) { x[i], x[j] = x[j], x[i] } - -func (x byName) Less(i, j int) bool { - if x[i].name != x[j].name { - return x[i].name < x[j].name - } - if len(x[i].index) != len(x[j].index) { - return len(x[i].index) < len(x[j].index) - } - if x[i].tag != x[j].tag { - return x[i].tag - } - return byIndex(x).Less(i, j) -} - -// byIndex sorts field by index sequence. -type byIndex []field - -func (x byIndex) Len() int { return len(x) } - -func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] } - -func (x byIndex) Less(i, j int) bool { - for k, xik := range x[i].index { - if k >= len(x[j].index) { - return false - } - if xik != x[j].index[k] { - return xik < x[j].index[k] - } - } - return len(x[i].index) < len(x[j].index) -} - -// typeFields returns a list of fields that JSON should recognize for the given type. -// The algorithm is breadth-first search over the set of structs to include - the top struct -// and then any reachable anonymous structs. -func typeFields(t reflect.Type) []field { - // Anonymous fields to explore at the current level and the next. - current := []field{} - next := []field{{typ: t}} - - // Count of queued names for current level and the next. - count := map[reflect.Type]int{} - nextCount := map[reflect.Type]int{} - - // Types already visited at an earlier level. - visited := map[reflect.Type]bool{} - - // Fields found. - var fields []field - - for len(next) > 0 { - current, next = next, current[:0] - count, nextCount = nextCount, map[reflect.Type]int{} - - for _, f := range current { - if visited[f.typ] { - continue - } - visited[f.typ] = true - - // Scan f.typ for fields to include. - for i := 0; i < f.typ.NumField(); i++ { - sf := f.typ.Field(i) - if sf.PkgPath != "" && !sf.Anonymous { // unexported - continue - } - tag := sf.Tag.Get("json") - if tag == "-" { - continue - } - name, opts := parseTag(tag) - if !isValidTag(name) { - name = "" - } - index := make([]int, len(f.index)+1) - copy(index, f.index) - index[len(f.index)] = i - - ft := sf.Type - if ft.Name() == "" && ft.Kind() == reflect.Ptr { - // Follow pointer. - ft = ft.Elem() - } - - // Only strings, floats, integers, and booleans can be quoted. - quoted := false - if opts.Contains("string") { - switch ft.Kind() { - case reflect.Bool, - reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, - reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, - reflect.Float32, reflect.Float64, - reflect.String: - quoted = true - } - } - - // Record found field and index sequence. - if name != "" || !sf.Anonymous || ft.Kind() != reflect.Struct { - tagged := name != "" - if name == "" { - name = sf.Name - } - fields = append(fields, fillField(field{ - name: name, - tag: tagged, - index: index, - typ: ft, - omitEmpty: opts.Contains("omitempty"), - quoted: quoted, - })) - if count[f.typ] > 1 { - // If there were multiple instances, add a second, - // so that the annihilation code will see a duplicate. - // It only cares about the distinction between 1 or 2, - // so don't bother generating any more copies. - fields = append(fields, fields[len(fields)-1]) - } - continue - } - - // Record new anonymous struct to explore in next round. - nextCount[ft]++ - if nextCount[ft] == 1 { - next = append(next, fillField(field{name: ft.Name(), index: index, typ: ft})) - } - } - } - } - - sort.Sort(byName(fields)) - - // Delete all fields that are hidden by the Go rules for embedded fields, - // except that fields with JSON tags are promoted. - - // The fields are sorted in primary order of name, secondary order - // of field index length. Loop over names; for each name, delete - // hidden fields by choosing the one dominant field that survives. - out := fields[:0] - for advance, i := 0, 0; i < len(fields); i += advance { - // One iteration per name. - // Find the sequence of fields with the name of this first field. - fi := fields[i] - name := fi.name - for advance = 1; i+advance < len(fields); advance++ { - fj := fields[i+advance] - if fj.name != name { - break - } - } - if advance == 1 { // Only one field with this name - out = append(out, fi) - continue - } - dominant, ok := dominantField(fields[i : i+advance]) - if ok { - out = append(out, dominant) - } - } - - fields = out - sort.Sort(byIndex(fields)) - - return fields -} - -// dominantField looks through the fields, all of which are known to -// have the same name, to find the single field that dominates the -// others using Go's embedding rules, modified by the presence of -// JSON tags. If there are multiple top-level fields, the boolean -// will be false: This condition is an error in Go and we skip all -// the fields. -func dominantField(fields []field) (field, bool) { - // The fields are sorted in increasing index-length order. The winner - // must therefore be one with the shortest index length. Drop all - // longer entries, which is easy: just truncate the slice. - length := len(fields[0].index) - tagged := -1 // Index of first tagged field. - for i, f := range fields { - if len(f.index) > length { - fields = fields[:i] - break - } - if f.tag { - if tagged >= 0 { - // Multiple tagged fields at the same level: conflict. - // Return no field. - return field{}, false - } - tagged = i - } - } - if tagged >= 0 { - return fields[tagged], true - } - // All remaining fields have the same length. If there's more than one, - // we have a conflict (two fields named "X" at the same level) and we - // return no field. - if len(fields) > 1 { - return field{}, false - } - return fields[0], true -} - -var fieldCache struct { - sync.RWMutex - m map[reflect.Type][]field -} - -// cachedTypeFields is like typeFields but uses a cache to avoid repeated work. -func cachedTypeFields(t reflect.Type) []field { - fieldCache.RLock() - f := fieldCache.m[t] - fieldCache.RUnlock() - if f != nil { - return f - } - - // Compute fields without lock. - // Might duplicate effort but won't hold other computations back. - f = typeFields(t) - if f == nil { - f = []field{} - } - - fieldCache.Lock() - if fieldCache.m == nil { - fieldCache.m = map[reflect.Type][]field{} - } - fieldCache.m[t] = f - fieldCache.Unlock() - return f -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/indent.go b/etcd/vendor/gopkg.in/square/go-jose.v2/json/indent.go deleted file mode 100644 index 7cd9f4db18..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/indent.go +++ /dev/null @@ -1,141 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package json - -import "bytes" - -// Compact appends to dst the JSON-encoded src with -// insignificant space characters elided. -func Compact(dst *bytes.Buffer, src []byte) error { - return compact(dst, src, false) -} - -func compact(dst *bytes.Buffer, src []byte, escape bool) error { - origLen := dst.Len() - var scan scanner - scan.reset() - start := 0 - for i, c := range src { - if escape && (c == '<' || c == '>' || c == '&') { - if start < i { - dst.Write(src[start:i]) - } - dst.WriteString(`\u00`) - dst.WriteByte(hex[c>>4]) - dst.WriteByte(hex[c&0xF]) - start = i + 1 - } - // Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9). - if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 { - if start < i { - dst.Write(src[start:i]) - } - dst.WriteString(`\u202`) - dst.WriteByte(hex[src[i+2]&0xF]) - start = i + 3 - } - v := scan.step(&scan, c) - if v >= scanSkipSpace { - if v == scanError { - break - } - if start < i { - dst.Write(src[start:i]) - } - start = i + 1 - } - } - if scan.eof() == scanError { - dst.Truncate(origLen) - return scan.err - } - if start < len(src) { - dst.Write(src[start:]) - } - return nil -} - -func newline(dst *bytes.Buffer, prefix, indent string, depth int) { - dst.WriteByte('\n') - dst.WriteString(prefix) - for i := 0; i < depth; i++ { - dst.WriteString(indent) - } -} - -// Indent appends to dst an indented form of the JSON-encoded src. -// Each element in a JSON object or array begins on a new, -// indented line beginning with prefix followed by one or more -// copies of indent according to the indentation nesting. -// The data appended to dst does not begin with the prefix nor -// any indentation, to make it easier to embed inside other formatted JSON data. -// Although leading space characters (space, tab, carriage return, newline) -// at the beginning of src are dropped, trailing space characters -// at the end of src are preserved and copied to dst. -// For example, if src has no trailing spaces, neither will dst; -// if src ends in a trailing newline, so will dst. -func Indent(dst *bytes.Buffer, src []byte, prefix, indent string) error { - origLen := dst.Len() - var scan scanner - scan.reset() - needIndent := false - depth := 0 - for _, c := range src { - scan.bytes++ - v := scan.step(&scan, c) - if v == scanSkipSpace { - continue - } - if v == scanError { - break - } - if needIndent && v != scanEndObject && v != scanEndArray { - needIndent = false - depth++ - newline(dst, prefix, indent, depth) - } - - // Emit semantically uninteresting bytes - // (in particular, punctuation in strings) unmodified. - if v == scanContinue { - dst.WriteByte(c) - continue - } - - // Add spacing around real punctuation. - switch c { - case '{', '[': - // delay indent so that empty object and array are formatted as {} and []. - needIndent = true - dst.WriteByte(c) - - case ',': - dst.WriteByte(c) - newline(dst, prefix, indent, depth) - - case ':': - dst.WriteByte(c) - dst.WriteByte(' ') - - case '}', ']': - if needIndent { - // suppress indent in empty object/array - needIndent = false - } else { - depth-- - newline(dst, prefix, indent, depth) - } - dst.WriteByte(c) - - default: - dst.WriteByte(c) - } - } - if scan.eof() == scanError { - dst.Truncate(origLen) - return scan.err - } - return nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/scanner.go b/etcd/vendor/gopkg.in/square/go-jose.v2/json/scanner.go deleted file mode 100644 index ee6622e8cf..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/scanner.go +++ /dev/null @@ -1,623 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package json - -// JSON value parser state machine. -// Just about at the limit of what is reasonable to write by hand. -// Some parts are a bit tedious, but overall it nicely factors out the -// otherwise common code from the multiple scanning functions -// in this package (Compact, Indent, checkValid, nextValue, etc). -// -// This file starts with two simple examples using the scanner -// before diving into the scanner itself. - -import "strconv" - -// checkValid verifies that data is valid JSON-encoded data. -// scan is passed in for use by checkValid to avoid an allocation. -func checkValid(data []byte, scan *scanner) error { - scan.reset() - for _, c := range data { - scan.bytes++ - if scan.step(scan, c) == scanError { - return scan.err - } - } - if scan.eof() == scanError { - return scan.err - } - return nil -} - -// nextValue splits data after the next whole JSON value, -// returning that value and the bytes that follow it as separate slices. -// scan is passed in for use by nextValue to avoid an allocation. -func nextValue(data []byte, scan *scanner) (value, rest []byte, err error) { - scan.reset() - for i, c := range data { - v := scan.step(scan, c) - if v >= scanEndObject { - switch v { - // probe the scanner with a space to determine whether we will - // get scanEnd on the next character. Otherwise, if the next character - // is not a space, scanEndTop allocates a needless error. - case scanEndObject, scanEndArray: - if scan.step(scan, ' ') == scanEnd { - return data[:i+1], data[i+1:], nil - } - case scanError: - return nil, nil, scan.err - case scanEnd: - return data[:i], data[i:], nil - } - } - } - if scan.eof() == scanError { - return nil, nil, scan.err - } - return data, nil, nil -} - -// A SyntaxError is a description of a JSON syntax error. -type SyntaxError struct { - msg string // description of error - Offset int64 // error occurred after reading Offset bytes -} - -func (e *SyntaxError) Error() string { return e.msg } - -// A scanner is a JSON scanning state machine. -// Callers call scan.reset() and then pass bytes in one at a time -// by calling scan.step(&scan, c) for each byte. -// The return value, referred to as an opcode, tells the -// caller about significant parsing events like beginning -// and ending literals, objects, and arrays, so that the -// caller can follow along if it wishes. -// The return value scanEnd indicates that a single top-level -// JSON value has been completed, *before* the byte that -// just got passed in. (The indication must be delayed in order -// to recognize the end of numbers: is 123 a whole value or -// the beginning of 12345e+6?). -type scanner struct { - // The step is a func to be called to execute the next transition. - // Also tried using an integer constant and a single func - // with a switch, but using the func directly was 10% faster - // on a 64-bit Mac Mini, and it's nicer to read. - step func(*scanner, byte) int - - // Reached end of top-level value. - endTop bool - - // Stack of what we're in the middle of - array values, object keys, object values. - parseState []int - - // Error that happened, if any. - err error - - // 1-byte redo (see undo method) - redo bool - redoCode int - redoState func(*scanner, byte) int - - // total bytes consumed, updated by decoder.Decode - bytes int64 -} - -// These values are returned by the state transition functions -// assigned to scanner.state and the method scanner.eof. -// They give details about the current state of the scan that -// callers might be interested to know about. -// It is okay to ignore the return value of any particular -// call to scanner.state: if one call returns scanError, -// every subsequent call will return scanError too. -const ( - // Continue. - scanContinue = iota // uninteresting byte - scanBeginLiteral // end implied by next result != scanContinue - scanBeginObject // begin object - scanObjectKey // just finished object key (string) - scanObjectValue // just finished non-last object value - scanEndObject // end object (implies scanObjectValue if possible) - scanBeginArray // begin array - scanArrayValue // just finished array value - scanEndArray // end array (implies scanArrayValue if possible) - scanSkipSpace // space byte; can skip; known to be last "continue" result - - // Stop. - scanEnd // top-level value ended *before* this byte; known to be first "stop" result - scanError // hit an error, scanner.err. -) - -// These values are stored in the parseState stack. -// They give the current state of a composite value -// being scanned. If the parser is inside a nested value -// the parseState describes the nested state, outermost at entry 0. -const ( - parseObjectKey = iota // parsing object key (before colon) - parseObjectValue // parsing object value (after colon) - parseArrayValue // parsing array value -) - -// reset prepares the scanner for use. -// It must be called before calling s.step. -func (s *scanner) reset() { - s.step = stateBeginValue - s.parseState = s.parseState[0:0] - s.err = nil - s.redo = false - s.endTop = false -} - -// eof tells the scanner that the end of input has been reached. -// It returns a scan status just as s.step does. -func (s *scanner) eof() int { - if s.err != nil { - return scanError - } - if s.endTop { - return scanEnd - } - s.step(s, ' ') - if s.endTop { - return scanEnd - } - if s.err == nil { - s.err = &SyntaxError{"unexpected end of JSON input", s.bytes} - } - return scanError -} - -// pushParseState pushes a new parse state p onto the parse stack. -func (s *scanner) pushParseState(p int) { - s.parseState = append(s.parseState, p) -} - -// popParseState pops a parse state (already obtained) off the stack -// and updates s.step accordingly. -func (s *scanner) popParseState() { - n := len(s.parseState) - 1 - s.parseState = s.parseState[0:n] - s.redo = false - if n == 0 { - s.step = stateEndTop - s.endTop = true - } else { - s.step = stateEndValue - } -} - -func isSpace(c byte) bool { - return c == ' ' || c == '\t' || c == '\r' || c == '\n' -} - -// stateBeginValueOrEmpty is the state after reading `[`. -func stateBeginValueOrEmpty(s *scanner, c byte) int { - if c <= ' ' && isSpace(c) { - return scanSkipSpace - } - if c == ']' { - return stateEndValue(s, c) - } - return stateBeginValue(s, c) -} - -// stateBeginValue is the state at the beginning of the input. -func stateBeginValue(s *scanner, c byte) int { - if c <= ' ' && isSpace(c) { - return scanSkipSpace - } - switch c { - case '{': - s.step = stateBeginStringOrEmpty - s.pushParseState(parseObjectKey) - return scanBeginObject - case '[': - s.step = stateBeginValueOrEmpty - s.pushParseState(parseArrayValue) - return scanBeginArray - case '"': - s.step = stateInString - return scanBeginLiteral - case '-': - s.step = stateNeg - return scanBeginLiteral - case '0': // beginning of 0.123 - s.step = state0 - return scanBeginLiteral - case 't': // beginning of true - s.step = stateT - return scanBeginLiteral - case 'f': // beginning of false - s.step = stateF - return scanBeginLiteral - case 'n': // beginning of null - s.step = stateN - return scanBeginLiteral - } - if '1' <= c && c <= '9' { // beginning of 1234.5 - s.step = state1 - return scanBeginLiteral - } - return s.error(c, "looking for beginning of value") -} - -// stateBeginStringOrEmpty is the state after reading `{`. -func stateBeginStringOrEmpty(s *scanner, c byte) int { - if c <= ' ' && isSpace(c) { - return scanSkipSpace - } - if c == '}' { - n := len(s.parseState) - s.parseState[n-1] = parseObjectValue - return stateEndValue(s, c) - } - return stateBeginString(s, c) -} - -// stateBeginString is the state after reading `{"key": value,`. -func stateBeginString(s *scanner, c byte) int { - if c <= ' ' && isSpace(c) { - return scanSkipSpace - } - if c == '"' { - s.step = stateInString - return scanBeginLiteral - } - return s.error(c, "looking for beginning of object key string") -} - -// stateEndValue is the state after completing a value, -// such as after reading `{}` or `true` or `["x"`. -func stateEndValue(s *scanner, c byte) int { - n := len(s.parseState) - if n == 0 { - // Completed top-level before the current byte. - s.step = stateEndTop - s.endTop = true - return stateEndTop(s, c) - } - if c <= ' ' && isSpace(c) { - s.step = stateEndValue - return scanSkipSpace - } - ps := s.parseState[n-1] - switch ps { - case parseObjectKey: - if c == ':' { - s.parseState[n-1] = parseObjectValue - s.step = stateBeginValue - return scanObjectKey - } - return s.error(c, "after object key") - case parseObjectValue: - if c == ',' { - s.parseState[n-1] = parseObjectKey - s.step = stateBeginString - return scanObjectValue - } - if c == '}' { - s.popParseState() - return scanEndObject - } - return s.error(c, "after object key:value pair") - case parseArrayValue: - if c == ',' { - s.step = stateBeginValue - return scanArrayValue - } - if c == ']' { - s.popParseState() - return scanEndArray - } - return s.error(c, "after array element") - } - return s.error(c, "") -} - -// stateEndTop is the state after finishing the top-level value, -// such as after reading `{}` or `[1,2,3]`. -// Only space characters should be seen now. -func stateEndTop(s *scanner, c byte) int { - if c != ' ' && c != '\t' && c != '\r' && c != '\n' { - // Complain about non-space byte on next call. - s.error(c, "after top-level value") - } - return scanEnd -} - -// stateInString is the state after reading `"`. -func stateInString(s *scanner, c byte) int { - if c == '"' { - s.step = stateEndValue - return scanContinue - } - if c == '\\' { - s.step = stateInStringEsc - return scanContinue - } - if c < 0x20 { - return s.error(c, "in string literal") - } - return scanContinue -} - -// stateInStringEsc is the state after reading `"\` during a quoted string. -func stateInStringEsc(s *scanner, c byte) int { - switch c { - case 'b', 'f', 'n', 'r', 't', '\\', '/', '"': - s.step = stateInString - return scanContinue - case 'u': - s.step = stateInStringEscU - return scanContinue - } - return s.error(c, "in string escape code") -} - -// stateInStringEscU is the state after reading `"\u` during a quoted string. -func stateInStringEscU(s *scanner, c byte) int { - if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { - s.step = stateInStringEscU1 - return scanContinue - } - // numbers - return s.error(c, "in \\u hexadecimal character escape") -} - -// stateInStringEscU1 is the state after reading `"\u1` during a quoted string. -func stateInStringEscU1(s *scanner, c byte) int { - if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { - s.step = stateInStringEscU12 - return scanContinue - } - // numbers - return s.error(c, "in \\u hexadecimal character escape") -} - -// stateInStringEscU12 is the state after reading `"\u12` during a quoted string. -func stateInStringEscU12(s *scanner, c byte) int { - if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { - s.step = stateInStringEscU123 - return scanContinue - } - // numbers - return s.error(c, "in \\u hexadecimal character escape") -} - -// stateInStringEscU123 is the state after reading `"\u123` during a quoted string. -func stateInStringEscU123(s *scanner, c byte) int { - if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { - s.step = stateInString - return scanContinue - } - // numbers - return s.error(c, "in \\u hexadecimal character escape") -} - -// stateNeg is the state after reading `-` during a number. -func stateNeg(s *scanner, c byte) int { - if c == '0' { - s.step = state0 - return scanContinue - } - if '1' <= c && c <= '9' { - s.step = state1 - return scanContinue - } - return s.error(c, "in numeric literal") -} - -// state1 is the state after reading a non-zero integer during a number, -// such as after reading `1` or `100` but not `0`. -func state1(s *scanner, c byte) int { - if '0' <= c && c <= '9' { - s.step = state1 - return scanContinue - } - return state0(s, c) -} - -// state0 is the state after reading `0` during a number. -func state0(s *scanner, c byte) int { - if c == '.' { - s.step = stateDot - return scanContinue - } - if c == 'e' || c == 'E' { - s.step = stateE - return scanContinue - } - return stateEndValue(s, c) -} - -// stateDot is the state after reading the integer and decimal point in a number, -// such as after reading `1.`. -func stateDot(s *scanner, c byte) int { - if '0' <= c && c <= '9' { - s.step = stateDot0 - return scanContinue - } - return s.error(c, "after decimal point in numeric literal") -} - -// stateDot0 is the state after reading the integer, decimal point, and subsequent -// digits of a number, such as after reading `3.14`. -func stateDot0(s *scanner, c byte) int { - if '0' <= c && c <= '9' { - return scanContinue - } - if c == 'e' || c == 'E' { - s.step = stateE - return scanContinue - } - return stateEndValue(s, c) -} - -// stateE is the state after reading the mantissa and e in a number, -// such as after reading `314e` or `0.314e`. -func stateE(s *scanner, c byte) int { - if c == '+' || c == '-' { - s.step = stateESign - return scanContinue - } - return stateESign(s, c) -} - -// stateESign is the state after reading the mantissa, e, and sign in a number, -// such as after reading `314e-` or `0.314e+`. -func stateESign(s *scanner, c byte) int { - if '0' <= c && c <= '9' { - s.step = stateE0 - return scanContinue - } - return s.error(c, "in exponent of numeric literal") -} - -// stateE0 is the state after reading the mantissa, e, optional sign, -// and at least one digit of the exponent in a number, -// such as after reading `314e-2` or `0.314e+1` or `3.14e0`. -func stateE0(s *scanner, c byte) int { - if '0' <= c && c <= '9' { - return scanContinue - } - return stateEndValue(s, c) -} - -// stateT is the state after reading `t`. -func stateT(s *scanner, c byte) int { - if c == 'r' { - s.step = stateTr - return scanContinue - } - return s.error(c, "in literal true (expecting 'r')") -} - -// stateTr is the state after reading `tr`. -func stateTr(s *scanner, c byte) int { - if c == 'u' { - s.step = stateTru - return scanContinue - } - return s.error(c, "in literal true (expecting 'u')") -} - -// stateTru is the state after reading `tru`. -func stateTru(s *scanner, c byte) int { - if c == 'e' { - s.step = stateEndValue - return scanContinue - } - return s.error(c, "in literal true (expecting 'e')") -} - -// stateF is the state after reading `f`. -func stateF(s *scanner, c byte) int { - if c == 'a' { - s.step = stateFa - return scanContinue - } - return s.error(c, "in literal false (expecting 'a')") -} - -// stateFa is the state after reading `fa`. -func stateFa(s *scanner, c byte) int { - if c == 'l' { - s.step = stateFal - return scanContinue - } - return s.error(c, "in literal false (expecting 'l')") -} - -// stateFal is the state after reading `fal`. -func stateFal(s *scanner, c byte) int { - if c == 's' { - s.step = stateFals - return scanContinue - } - return s.error(c, "in literal false (expecting 's')") -} - -// stateFals is the state after reading `fals`. -func stateFals(s *scanner, c byte) int { - if c == 'e' { - s.step = stateEndValue - return scanContinue - } - return s.error(c, "in literal false (expecting 'e')") -} - -// stateN is the state after reading `n`. -func stateN(s *scanner, c byte) int { - if c == 'u' { - s.step = stateNu - return scanContinue - } - return s.error(c, "in literal null (expecting 'u')") -} - -// stateNu is the state after reading `nu`. -func stateNu(s *scanner, c byte) int { - if c == 'l' { - s.step = stateNul - return scanContinue - } - return s.error(c, "in literal null (expecting 'l')") -} - -// stateNul is the state after reading `nul`. -func stateNul(s *scanner, c byte) int { - if c == 'l' { - s.step = stateEndValue - return scanContinue - } - return s.error(c, "in literal null (expecting 'l')") -} - -// stateError is the state after reaching a syntax error, -// such as after reading `[1}` or `5.1.2`. -func stateError(s *scanner, c byte) int { - return scanError -} - -// error records an error and switches to the error state. -func (s *scanner) error(c byte, context string) int { - s.step = stateError - s.err = &SyntaxError{"invalid character " + quoteChar(c) + " " + context, s.bytes} - return scanError -} - -// quoteChar formats c as a quoted character literal -func quoteChar(c byte) string { - // special cases - different from quoted strings - if c == '\'' { - return `'\''` - } - if c == '"' { - return `'"'` - } - - // use quoted string with different quotation marks - s := strconv.Quote(string(c)) - return "'" + s[1:len(s)-1] + "'" -} - -// undo causes the scanner to return scanCode from the next state transition. -// This gives callers a simple 1-byte undo mechanism. -func (s *scanner) undo(scanCode int) { - if s.redo { - panic("json: invalid use of scanner") - } - s.redoCode = scanCode - s.redoState = s.step - s.step = stateRedo - s.redo = true -} - -// stateRedo helps implement the scanner's 1-byte undo. -func stateRedo(s *scanner, c byte) int { - s.redo = false - s.step = s.redoState - return s.redoCode -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/stream.go b/etcd/vendor/gopkg.in/square/go-jose.v2/json/stream.go deleted file mode 100644 index 8ddcf4d279..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/stream.go +++ /dev/null @@ -1,480 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package json - -import ( - "bytes" - "errors" - "io" -) - -// A Decoder reads and decodes JSON objects from an input stream. -type Decoder struct { - r io.Reader - buf []byte - d decodeState - scanp int // start of unread data in buf - scan scanner - err error - - tokenState int - tokenStack []int -} - -// NewDecoder returns a new decoder that reads from r. -// -// The decoder introduces its own buffering and may -// read data from r beyond the JSON values requested. -func NewDecoder(r io.Reader) *Decoder { - return &Decoder{r: r} -} - -// UseNumber causes the Decoder to unmarshal a number into an interface{} as a -// Number instead of as a float64. -func (dec *Decoder) UseNumber() { dec.d.useNumber = true } - -// Decode reads the next JSON-encoded value from its -// input and stores it in the value pointed to by v. -// -// See the documentation for Unmarshal for details about -// the conversion of JSON into a Go value. -func (dec *Decoder) Decode(v interface{}) error { - if dec.err != nil { - return dec.err - } - - if err := dec.tokenPrepareForDecode(); err != nil { - return err - } - - if !dec.tokenValueAllowed() { - return &SyntaxError{msg: "not at beginning of value"} - } - - // Read whole value into buffer. - n, err := dec.readValue() - if err != nil { - return err - } - dec.d.init(dec.buf[dec.scanp : dec.scanp+n]) - dec.scanp += n - - // Don't save err from unmarshal into dec.err: - // the connection is still usable since we read a complete JSON - // object from it before the error happened. - err = dec.d.unmarshal(v) - - // fixup token streaming state - dec.tokenValueEnd() - - return err -} - -// Buffered returns a reader of the data remaining in the Decoder's -// buffer. The reader is valid until the next call to Decode. -func (dec *Decoder) Buffered() io.Reader { - return bytes.NewReader(dec.buf[dec.scanp:]) -} - -// readValue reads a JSON value into dec.buf. -// It returns the length of the encoding. -func (dec *Decoder) readValue() (int, error) { - dec.scan.reset() - - scanp := dec.scanp - var err error -Input: - for { - // Look in the buffer for a new value. - for i, c := range dec.buf[scanp:] { - dec.scan.bytes++ - v := dec.scan.step(&dec.scan, c) - if v == scanEnd { - scanp += i - break Input - } - // scanEnd is delayed one byte. - // We might block trying to get that byte from src, - // so instead invent a space byte. - if (v == scanEndObject || v == scanEndArray) && dec.scan.step(&dec.scan, ' ') == scanEnd { - scanp += i + 1 - break Input - } - if v == scanError { - dec.err = dec.scan.err - return 0, dec.scan.err - } - } - scanp = len(dec.buf) - - // Did the last read have an error? - // Delayed until now to allow buffer scan. - if err != nil { - if err == io.EOF { - if dec.scan.step(&dec.scan, ' ') == scanEnd { - break Input - } - if nonSpace(dec.buf) { - err = io.ErrUnexpectedEOF - } - } - dec.err = err - return 0, err - } - - n := scanp - dec.scanp - err = dec.refill() - scanp = dec.scanp + n - } - return scanp - dec.scanp, nil -} - -func (dec *Decoder) refill() error { - // Make room to read more into the buffer. - // First slide down data already consumed. - if dec.scanp > 0 { - n := copy(dec.buf, dec.buf[dec.scanp:]) - dec.buf = dec.buf[:n] - dec.scanp = 0 - } - - // Grow buffer if not large enough. - const minRead = 512 - if cap(dec.buf)-len(dec.buf) < minRead { - newBuf := make([]byte, len(dec.buf), 2*cap(dec.buf)+minRead) - copy(newBuf, dec.buf) - dec.buf = newBuf - } - - // Read. Delay error for next iteration (after scan). - n, err := dec.r.Read(dec.buf[len(dec.buf):cap(dec.buf)]) - dec.buf = dec.buf[0 : len(dec.buf)+n] - - return err -} - -func nonSpace(b []byte) bool { - for _, c := range b { - if !isSpace(c) { - return true - } - } - return false -} - -// An Encoder writes JSON objects to an output stream. -type Encoder struct { - w io.Writer - err error -} - -// NewEncoder returns a new encoder that writes to w. -func NewEncoder(w io.Writer) *Encoder { - return &Encoder{w: w} -} - -// Encode writes the JSON encoding of v to the stream, -// followed by a newline character. -// -// See the documentation for Marshal for details about the -// conversion of Go values to JSON. -func (enc *Encoder) Encode(v interface{}) error { - if enc.err != nil { - return enc.err - } - e := newEncodeState() - err := e.marshal(v) - if err != nil { - return err - } - - // Terminate each value with a newline. - // This makes the output look a little nicer - // when debugging, and some kind of space - // is required if the encoded value was a number, - // so that the reader knows there aren't more - // digits coming. - e.WriteByte('\n') - - if _, err = enc.w.Write(e.Bytes()); err != nil { - enc.err = err - } - encodeStatePool.Put(e) - return err -} - -// RawMessage is a raw encoded JSON object. -// It implements Marshaler and Unmarshaler and can -// be used to delay JSON decoding or precompute a JSON encoding. -type RawMessage []byte - -// MarshalJSON returns *m as the JSON encoding of m. -func (m *RawMessage) MarshalJSON() ([]byte, error) { - return *m, nil -} - -// UnmarshalJSON sets *m to a copy of data. -func (m *RawMessage) UnmarshalJSON(data []byte) error { - if m == nil { - return errors.New("json.RawMessage: UnmarshalJSON on nil pointer") - } - *m = append((*m)[0:0], data...) - return nil -} - -var _ Marshaler = (*RawMessage)(nil) -var _ Unmarshaler = (*RawMessage)(nil) - -// A Token holds a value of one of these types: -// -// Delim, for the four JSON delimiters [ ] { } -// bool, for JSON booleans -// float64, for JSON numbers -// Number, for JSON numbers -// string, for JSON string literals -// nil, for JSON null -// -type Token interface{} - -const ( - tokenTopValue = iota - tokenArrayStart - tokenArrayValue - tokenArrayComma - tokenObjectStart - tokenObjectKey - tokenObjectColon - tokenObjectValue - tokenObjectComma -) - -// advance tokenstate from a separator state to a value state -func (dec *Decoder) tokenPrepareForDecode() error { - // Note: Not calling peek before switch, to avoid - // putting peek into the standard Decode path. - // peek is only called when using the Token API. - switch dec.tokenState { - case tokenArrayComma: - c, err := dec.peek() - if err != nil { - return err - } - if c != ',' { - return &SyntaxError{"expected comma after array element", 0} - } - dec.scanp++ - dec.tokenState = tokenArrayValue - case tokenObjectColon: - c, err := dec.peek() - if err != nil { - return err - } - if c != ':' { - return &SyntaxError{"expected colon after object key", 0} - } - dec.scanp++ - dec.tokenState = tokenObjectValue - } - return nil -} - -func (dec *Decoder) tokenValueAllowed() bool { - switch dec.tokenState { - case tokenTopValue, tokenArrayStart, tokenArrayValue, tokenObjectValue: - return true - } - return false -} - -func (dec *Decoder) tokenValueEnd() { - switch dec.tokenState { - case tokenArrayStart, tokenArrayValue: - dec.tokenState = tokenArrayComma - case tokenObjectValue: - dec.tokenState = tokenObjectComma - } -} - -// A Delim is a JSON array or object delimiter, one of [ ] { or }. -type Delim rune - -func (d Delim) String() string { - return string(d) -} - -// Token returns the next JSON token in the input stream. -// At the end of the input stream, Token returns nil, io.EOF. -// -// Token guarantees that the delimiters [ ] { } it returns are -// properly nested and matched: if Token encounters an unexpected -// delimiter in the input, it will return an error. -// -// The input stream consists of basic JSON values—bool, string, -// number, and null—along with delimiters [ ] { } of type Delim -// to mark the start and end of arrays and objects. -// Commas and colons are elided. -func (dec *Decoder) Token() (Token, error) { - for { - c, err := dec.peek() - if err != nil { - return nil, err - } - switch c { - case '[': - if !dec.tokenValueAllowed() { - return dec.tokenError(c) - } - dec.scanp++ - dec.tokenStack = append(dec.tokenStack, dec.tokenState) - dec.tokenState = tokenArrayStart - return Delim('['), nil - - case ']': - if dec.tokenState != tokenArrayStart && dec.tokenState != tokenArrayComma { - return dec.tokenError(c) - } - dec.scanp++ - dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1] - dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1] - dec.tokenValueEnd() - return Delim(']'), nil - - case '{': - if !dec.tokenValueAllowed() { - return dec.tokenError(c) - } - dec.scanp++ - dec.tokenStack = append(dec.tokenStack, dec.tokenState) - dec.tokenState = tokenObjectStart - return Delim('{'), nil - - case '}': - if dec.tokenState != tokenObjectStart && dec.tokenState != tokenObjectComma { - return dec.tokenError(c) - } - dec.scanp++ - dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1] - dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1] - dec.tokenValueEnd() - return Delim('}'), nil - - case ':': - if dec.tokenState != tokenObjectColon { - return dec.tokenError(c) - } - dec.scanp++ - dec.tokenState = tokenObjectValue - continue - - case ',': - if dec.tokenState == tokenArrayComma { - dec.scanp++ - dec.tokenState = tokenArrayValue - continue - } - if dec.tokenState == tokenObjectComma { - dec.scanp++ - dec.tokenState = tokenObjectKey - continue - } - return dec.tokenError(c) - - case '"': - if dec.tokenState == tokenObjectStart || dec.tokenState == tokenObjectKey { - var x string - old := dec.tokenState - dec.tokenState = tokenTopValue - err := dec.Decode(&x) - dec.tokenState = old - if err != nil { - clearOffset(err) - return nil, err - } - dec.tokenState = tokenObjectColon - return x, nil - } - fallthrough - - default: - if !dec.tokenValueAllowed() { - return dec.tokenError(c) - } - var x interface{} - if err := dec.Decode(&x); err != nil { - clearOffset(err) - return nil, err - } - return x, nil - } - } -} - -func clearOffset(err error) { - if s, ok := err.(*SyntaxError); ok { - s.Offset = 0 - } -} - -func (dec *Decoder) tokenError(c byte) (Token, error) { - var context string - switch dec.tokenState { - case tokenTopValue: - context = " looking for beginning of value" - case tokenArrayStart, tokenArrayValue, tokenObjectValue: - context = " looking for beginning of value" - case tokenArrayComma: - context = " after array element" - case tokenObjectKey: - context = " looking for beginning of object key string" - case tokenObjectColon: - context = " after object key" - case tokenObjectComma: - context = " after object key:value pair" - } - return nil, &SyntaxError{"invalid character " + quoteChar(c) + " " + context, 0} -} - -// More reports whether there is another element in the -// current array or object being parsed. -func (dec *Decoder) More() bool { - c, err := dec.peek() - return err == nil && c != ']' && c != '}' -} - -func (dec *Decoder) peek() (byte, error) { - var err error - for { - for i := dec.scanp; i < len(dec.buf); i++ { - c := dec.buf[i] - if isSpace(c) { - continue - } - dec.scanp = i - return c, nil - } - // buffer has been scanned, now report any error - if err != nil { - return 0, err - } - err = dec.refill() - } -} - -/* -TODO - -// EncodeToken writes the given JSON token to the stream. -// It returns an error if the delimiters [ ] { } are not properly used. -// -// EncodeToken does not call Flush, because usually it is part of -// a larger operation such as Encode, and those will call Flush when finished. -// Callers that create an Encoder and then invoke EncodeToken directly, -// without using Encode, need to call Flush when finished to ensure that -// the JSON is written to the underlying writer. -func (e *Encoder) EncodeToken(t Token) error { - ... -} - -*/ diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/json/tags.go b/etcd/vendor/gopkg.in/square/go-jose.v2/json/tags.go deleted file mode 100644 index c38fd5102f..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/json/tags.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package json - -import ( - "strings" -) - -// tagOptions is the string following a comma in a struct field's "json" -// tag, or the empty string. It does not include the leading comma. -type tagOptions string - -// parseTag splits a struct field's json tag into its name and -// comma-separated options. -func parseTag(tag string) (string, tagOptions) { - if idx := strings.Index(tag, ","); idx != -1 { - return tag[:idx], tagOptions(tag[idx+1:]) - } - return tag, tagOptions("") -} - -// Contains reports whether a comma-separated list of options -// contains a particular substr flag. substr must be surrounded by a -// string boundary or commas. -func (o tagOptions) Contains(optionName string) bool { - if len(o) == 0 { - return false - } - s := string(o) - for s != "" { - var next string - i := strings.Index(s, ",") - if i >= 0 { - s, next = s[:i], s[i+1:] - } - if s == optionName { - return true - } - s = next - } - return false -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwe.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwe.go deleted file mode 100644 index b5a6dcdf4d..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwe.go +++ /dev/null @@ -1,294 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "encoding/base64" - "fmt" - "strings" - - "gopkg.in/square/go-jose.v2/json" -) - -// rawJSONWebEncryption represents a raw JWE JSON object. Used for parsing/serializing. -type rawJSONWebEncryption struct { - Protected *byteBuffer `json:"protected,omitempty"` - Unprotected *rawHeader `json:"unprotected,omitempty"` - Header *rawHeader `json:"header,omitempty"` - Recipients []rawRecipientInfo `json:"recipients,omitempty"` - Aad *byteBuffer `json:"aad,omitempty"` - EncryptedKey *byteBuffer `json:"encrypted_key,omitempty"` - Iv *byteBuffer `json:"iv,omitempty"` - Ciphertext *byteBuffer `json:"ciphertext,omitempty"` - Tag *byteBuffer `json:"tag,omitempty"` -} - -// rawRecipientInfo represents a raw JWE Per-Recipient header JSON object. Used for parsing/serializing. -type rawRecipientInfo struct { - Header *rawHeader `json:"header,omitempty"` - EncryptedKey string `json:"encrypted_key,omitempty"` -} - -// JSONWebEncryption represents an encrypted JWE object after parsing. -type JSONWebEncryption struct { - Header Header - protected, unprotected *rawHeader - recipients []recipientInfo - aad, iv, ciphertext, tag []byte - original *rawJSONWebEncryption -} - -// recipientInfo represents a raw JWE Per-Recipient header JSON object after parsing. -type recipientInfo struct { - header *rawHeader - encryptedKey []byte -} - -// GetAuthData retrieves the (optional) authenticated data attached to the object. -func (obj JSONWebEncryption) GetAuthData() []byte { - if obj.aad != nil { - out := make([]byte, len(obj.aad)) - copy(out, obj.aad) - return out - } - - return nil -} - -// Get the merged header values -func (obj JSONWebEncryption) mergedHeaders(recipient *recipientInfo) rawHeader { - out := rawHeader{} - out.merge(obj.protected) - out.merge(obj.unprotected) - - if recipient != nil { - out.merge(recipient.header) - } - - return out -} - -// Get the additional authenticated data from a JWE object. -func (obj JSONWebEncryption) computeAuthData() []byte { - var protected string - - if obj.original != nil && obj.original.Protected != nil { - protected = obj.original.Protected.base64() - } else if obj.protected != nil { - protected = base64.RawURLEncoding.EncodeToString(mustSerializeJSON((obj.protected))) - } else { - protected = "" - } - - output := []byte(protected) - if obj.aad != nil { - output = append(output, '.') - output = append(output, []byte(base64.RawURLEncoding.EncodeToString(obj.aad))...) - } - - return output -} - -// ParseEncrypted parses an encrypted message in compact or full serialization format. -func ParseEncrypted(input string) (*JSONWebEncryption, error) { - input = stripWhitespace(input) - if strings.HasPrefix(input, "{") { - return parseEncryptedFull(input) - } - - return parseEncryptedCompact(input) -} - -// parseEncryptedFull parses a message in compact format. -func parseEncryptedFull(input string) (*JSONWebEncryption, error) { - var parsed rawJSONWebEncryption - err := json.Unmarshal([]byte(input), &parsed) - if err != nil { - return nil, err - } - - return parsed.sanitized() -} - -// sanitized produces a cleaned-up JWE object from the raw JSON. -func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) { - obj := &JSONWebEncryption{ - original: parsed, - unprotected: parsed.Unprotected, - } - - // Check that there is not a nonce in the unprotected headers - if parsed.Unprotected != nil { - if nonce := parsed.Unprotected.getNonce(); nonce != "" { - return nil, ErrUnprotectedNonce - } - } - if parsed.Header != nil { - if nonce := parsed.Header.getNonce(); nonce != "" { - return nil, ErrUnprotectedNonce - } - } - - if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 { - err := json.Unmarshal(parsed.Protected.bytes(), &obj.protected) - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid protected header: %s, %s", err, parsed.Protected.base64()) - } - } - - // Note: this must be called _after_ we parse the protected header, - // otherwise fields from the protected header will not get picked up. - var err error - mergedHeaders := obj.mergedHeaders(nil) - obj.Header, err = mergedHeaders.sanitized() - if err != nil { - return nil, fmt.Errorf("square/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders) - } - - if len(parsed.Recipients) == 0 { - obj.recipients = []recipientInfo{ - { - header: parsed.Header, - encryptedKey: parsed.EncryptedKey.bytes(), - }, - } - } else { - obj.recipients = make([]recipientInfo, len(parsed.Recipients)) - for r := range parsed.Recipients { - encryptedKey, err := base64.RawURLEncoding.DecodeString(parsed.Recipients[r].EncryptedKey) - if err != nil { - return nil, err - } - - // Check that there is not a nonce in the unprotected header - if parsed.Recipients[r].Header != nil && parsed.Recipients[r].Header.getNonce() != "" { - return nil, ErrUnprotectedNonce - } - - obj.recipients[r].header = parsed.Recipients[r].Header - obj.recipients[r].encryptedKey = encryptedKey - } - } - - for _, recipient := range obj.recipients { - headers := obj.mergedHeaders(&recipient) - if headers.getAlgorithm() == "" || headers.getEncryption() == "" { - return nil, fmt.Errorf("square/go-jose: message is missing alg/enc headers") - } - } - - obj.iv = parsed.Iv.bytes() - obj.ciphertext = parsed.Ciphertext.bytes() - obj.tag = parsed.Tag.bytes() - obj.aad = parsed.Aad.bytes() - - return obj, nil -} - -// parseEncryptedCompact parses a message in compact format. -func parseEncryptedCompact(input string) (*JSONWebEncryption, error) { - parts := strings.Split(input, ".") - if len(parts) != 5 { - return nil, fmt.Errorf("square/go-jose: compact JWE format must have five parts") - } - - rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0]) - if err != nil { - return nil, err - } - - encryptedKey, err := base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return nil, err - } - - iv, err := base64.RawURLEncoding.DecodeString(parts[2]) - if err != nil { - return nil, err - } - - ciphertext, err := base64.RawURLEncoding.DecodeString(parts[3]) - if err != nil { - return nil, err - } - - tag, err := base64.RawURLEncoding.DecodeString(parts[4]) - if err != nil { - return nil, err - } - - raw := &rawJSONWebEncryption{ - Protected: newBuffer(rawProtected), - EncryptedKey: newBuffer(encryptedKey), - Iv: newBuffer(iv), - Ciphertext: newBuffer(ciphertext), - Tag: newBuffer(tag), - } - - return raw.sanitized() -} - -// CompactSerialize serializes an object using the compact serialization format. -func (obj JSONWebEncryption) CompactSerialize() (string, error) { - if len(obj.recipients) != 1 || obj.unprotected != nil || - obj.protected == nil || obj.recipients[0].header != nil { - return "", ErrNotSupported - } - - serializedProtected := mustSerializeJSON(obj.protected) - - return fmt.Sprintf( - "%s.%s.%s.%s.%s", - base64.RawURLEncoding.EncodeToString(serializedProtected), - base64.RawURLEncoding.EncodeToString(obj.recipients[0].encryptedKey), - base64.RawURLEncoding.EncodeToString(obj.iv), - base64.RawURLEncoding.EncodeToString(obj.ciphertext), - base64.RawURLEncoding.EncodeToString(obj.tag)), nil -} - -// FullSerialize serializes an object using the full JSON serialization format. -func (obj JSONWebEncryption) FullSerialize() string { - raw := rawJSONWebEncryption{ - Unprotected: obj.unprotected, - Iv: newBuffer(obj.iv), - Ciphertext: newBuffer(obj.ciphertext), - EncryptedKey: newBuffer(obj.recipients[0].encryptedKey), - Tag: newBuffer(obj.tag), - Aad: newBuffer(obj.aad), - Recipients: []rawRecipientInfo{}, - } - - if len(obj.recipients) > 1 { - for _, recipient := range obj.recipients { - info := rawRecipientInfo{ - Header: recipient.header, - EncryptedKey: base64.RawURLEncoding.EncodeToString(recipient.encryptedKey), - } - raw.Recipients = append(raw.Recipients, info) - } - } else { - // Use flattened serialization - raw.Header = obj.recipients[0].header - raw.EncryptedKey = newBuffer(obj.recipients[0].encryptedKey) - } - - if obj.protected != nil { - raw.Protected = newBuffer(mustSerializeJSON(obj.protected)) - } - - return string(mustSerializeJSON(raw)) -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwk.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwk.go deleted file mode 100644 index fb585b1151..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwk.go +++ /dev/null @@ -1,608 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rsa" - "crypto/x509" - "encoding/base64" - "errors" - "fmt" - "math/big" - "reflect" - "strings" - - "golang.org/x/crypto/ed25519" - - "gopkg.in/square/go-jose.v2/json" -) - -// rawJSONWebKey represents a public or private key in JWK format, used for parsing/serializing. -type rawJSONWebKey struct { - Use string `json:"use,omitempty"` - Kty string `json:"kty,omitempty"` - Kid string `json:"kid,omitempty"` - Crv string `json:"crv,omitempty"` - Alg string `json:"alg,omitempty"` - K *byteBuffer `json:"k,omitempty"` - X *byteBuffer `json:"x,omitempty"` - Y *byteBuffer `json:"y,omitempty"` - N *byteBuffer `json:"n,omitempty"` - E *byteBuffer `json:"e,omitempty"` - // -- Following fields are only used for private keys -- - // RSA uses D, P and Q, while ECDSA uses only D. Fields Dp, Dq, and Qi are - // completely optional. Therefore for RSA/ECDSA, D != nil is a contract that - // we have a private key whereas D == nil means we have only a public key. - D *byteBuffer `json:"d,omitempty"` - P *byteBuffer `json:"p,omitempty"` - Q *byteBuffer `json:"q,omitempty"` - Dp *byteBuffer `json:"dp,omitempty"` - Dq *byteBuffer `json:"dq,omitempty"` - Qi *byteBuffer `json:"qi,omitempty"` - // Certificates - X5c []string `json:"x5c,omitempty"` -} - -// JSONWebKey represents a public or private key in JWK format. -type JSONWebKey struct { - Key interface{} - Certificates []*x509.Certificate - KeyID string - Algorithm string - Use string -} - -// MarshalJSON serializes the given key to its JSON representation. -func (k JSONWebKey) MarshalJSON() ([]byte, error) { - var raw *rawJSONWebKey - var err error - - switch key := k.Key.(type) { - case ed25519.PublicKey: - raw = fromEdPublicKey(key) - case *ecdsa.PublicKey: - raw, err = fromEcPublicKey(key) - case *rsa.PublicKey: - raw = fromRsaPublicKey(key) - case ed25519.PrivateKey: - raw, err = fromEdPrivateKey(key) - case *ecdsa.PrivateKey: - raw, err = fromEcPrivateKey(key) - case *rsa.PrivateKey: - raw, err = fromRsaPrivateKey(key) - case []byte: - raw, err = fromSymmetricKey(key) - default: - return nil, fmt.Errorf("square/go-jose: unknown key type '%s'", reflect.TypeOf(key)) - } - - if err != nil { - return nil, err - } - - raw.Kid = k.KeyID - raw.Alg = k.Algorithm - raw.Use = k.Use - - for _, cert := range k.Certificates { - raw.X5c = append(raw.X5c, base64.StdEncoding.EncodeToString(cert.Raw)) - } - - return json.Marshal(raw) -} - -// UnmarshalJSON reads a key from its JSON representation. -func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) { - var raw rawJSONWebKey - err = json.Unmarshal(data, &raw) - if err != nil { - return err - } - - var key interface{} - switch raw.Kty { - case "EC": - if raw.D != nil { - key, err = raw.ecPrivateKey() - } else { - key, err = raw.ecPublicKey() - } - case "RSA": - if raw.D != nil { - key, err = raw.rsaPrivateKey() - } else { - key, err = raw.rsaPublicKey() - } - case "oct": - key, err = raw.symmetricKey() - case "OKP": - if raw.Crv == "Ed25519" && raw.X != nil { - if raw.D != nil { - key, err = raw.edPrivateKey() - } else { - key, err = raw.edPublicKey() - } - } else { - err = fmt.Errorf("square/go-jose: unknown curve %s'", raw.Crv) - } - default: - err = fmt.Errorf("square/go-jose: unknown json web key type '%s'", raw.Kty) - } - - if err == nil { - *k = JSONWebKey{Key: key, KeyID: raw.Kid, Algorithm: raw.Alg, Use: raw.Use} - - k.Certificates, err = parseCertificateChain(raw.X5c) - if err != nil { - return fmt.Errorf("failed to unmarshal x5c field: %s", err) - } - } - - return -} - -// JSONWebKeySet represents a JWK Set object. -type JSONWebKeySet struct { - Keys []JSONWebKey `json:"keys"` -} - -// Key convenience method returns keys by key ID. Specification states -// that a JWK Set "SHOULD" use distinct key IDs, but allows for some -// cases where they are not distinct. Hence method returns a slice -// of JSONWebKeys. -func (s *JSONWebKeySet) Key(kid string) []JSONWebKey { - var keys []JSONWebKey - for _, key := range s.Keys { - if key.KeyID == kid { - keys = append(keys, key) - } - } - - return keys -} - -const rsaThumbprintTemplate = `{"e":"%s","kty":"RSA","n":"%s"}` -const ecThumbprintTemplate = `{"crv":"%s","kty":"EC","x":"%s","y":"%s"}` -const edThumbprintTemplate = `{"crv":"%s","kty":"OKP",x":"%s"}` - -func ecThumbprintInput(curve elliptic.Curve, x, y *big.Int) (string, error) { - coordLength := curveSize(curve) - crv, err := curveName(curve) - if err != nil { - return "", err - } - - if len(x.Bytes()) > coordLength || len(y.Bytes()) > coordLength { - return "", errors.New("square/go-jose: invalid elliptic key (too large)") - } - - return fmt.Sprintf(ecThumbprintTemplate, crv, - newFixedSizeBuffer(x.Bytes(), coordLength).base64(), - newFixedSizeBuffer(y.Bytes(), coordLength).base64()), nil -} - -func rsaThumbprintInput(n *big.Int, e int) (string, error) { - return fmt.Sprintf(rsaThumbprintTemplate, - newBufferFromInt(uint64(e)).base64(), - newBuffer(n.Bytes()).base64()), nil -} - -func edThumbprintInput(ed ed25519.PublicKey) (string, error) { - crv := "Ed25519" - if len(ed) > 32 { - return "", errors.New("square/go-jose: invalid elliptic key (too large)") - } - return fmt.Sprintf(edThumbprintTemplate, crv, - newFixedSizeBuffer(ed, 32).base64()), nil -} - -// Thumbprint computes the JWK Thumbprint of a key using the -// indicated hash algorithm. -func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) { - var input string - var err error - switch key := k.Key.(type) { - case ed25519.PublicKey: - input, err = edThumbprintInput(key) - case *ecdsa.PublicKey: - input, err = ecThumbprintInput(key.Curve, key.X, key.Y) - case *ecdsa.PrivateKey: - input, err = ecThumbprintInput(key.Curve, key.X, key.Y) - case *rsa.PublicKey: - input, err = rsaThumbprintInput(key.N, key.E) - case *rsa.PrivateKey: - input, err = rsaThumbprintInput(key.N, key.E) - case ed25519.PrivateKey: - input, err = edThumbprintInput(ed25519.PublicKey(key[0:32])) - default: - return nil, fmt.Errorf("square/go-jose: unknown key type '%s'", reflect.TypeOf(key)) - } - - if err != nil { - return nil, err - } - - h := hash.New() - h.Write([]byte(input)) - return h.Sum(nil), nil -} - -// IsPublic returns true if the JWK represents a public key (not symmetric, not private). -func (k *JSONWebKey) IsPublic() bool { - switch k.Key.(type) { - case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey: - return true - default: - return false - } -} - -// Public creates JSONWebKey with corresponding publik key if JWK represents asymmetric private key. -func (k *JSONWebKey) Public() JSONWebKey { - if k.IsPublic() { - return *k - } - ret := *k - switch key := k.Key.(type) { - case *ecdsa.PrivateKey: - ret.Key = key.Public() - case *rsa.PrivateKey: - ret.Key = key.Public() - case ed25519.PrivateKey: - ret.Key = key.Public() - default: - return JSONWebKey{} // returning invalid key - } - return ret -} - -// Valid checks that the key contains the expected parameters. -func (k *JSONWebKey) Valid() bool { - if k.Key == nil { - return false - } - switch key := k.Key.(type) { - case *ecdsa.PublicKey: - if key.Curve == nil || key.X == nil || key.Y == nil { - return false - } - case *ecdsa.PrivateKey: - if key.Curve == nil || key.X == nil || key.Y == nil || key.D == nil { - return false - } - case *rsa.PublicKey: - if key.N == nil || key.E == 0 { - return false - } - case *rsa.PrivateKey: - if key.N == nil || key.E == 0 || key.D == nil || len(key.Primes) < 2 { - return false - } - case ed25519.PublicKey: - if len(key) != 32 { - return false - } - case ed25519.PrivateKey: - if len(key) != 64 { - return false - } - default: - return false - } - return true -} - -func (key rawJSONWebKey) rsaPublicKey() (*rsa.PublicKey, error) { - if key.N == nil || key.E == nil { - return nil, fmt.Errorf("square/go-jose: invalid RSA key, missing n/e values") - } - - return &rsa.PublicKey{ - N: key.N.bigInt(), - E: key.E.toInt(), - }, nil -} - -func fromEdPublicKey(pub ed25519.PublicKey) *rawJSONWebKey { - return &rawJSONWebKey{ - Kty: "OKP", - Crv: "Ed25519", - X: newBuffer(pub), - } -} - -func fromRsaPublicKey(pub *rsa.PublicKey) *rawJSONWebKey { - return &rawJSONWebKey{ - Kty: "RSA", - N: newBuffer(pub.N.Bytes()), - E: newBufferFromInt(uint64(pub.E)), - } -} - -func (key rawJSONWebKey) ecPublicKey() (*ecdsa.PublicKey, error) { - var curve elliptic.Curve - switch key.Crv { - case "P-256": - curve = elliptic.P256() - case "P-384": - curve = elliptic.P384() - case "P-521": - curve = elliptic.P521() - default: - return nil, fmt.Errorf("square/go-jose: unsupported elliptic curve '%s'", key.Crv) - } - - if key.X == nil || key.Y == nil { - return nil, errors.New("square/go-jose: invalid EC key, missing x/y values") - } - - // The length of this octet string MUST be the full size of a coordinate for - // the curve specified in the "crv" parameter. - // https://tools.ietf.org/html/rfc7518#section-6.2.1.2 - if curveSize(curve) != len(key.X.data) { - return nil, fmt.Errorf("square/go-jose: invalid EC private key, wrong length for x") - } - - if curveSize(curve) != len(key.Y.data) { - return nil, fmt.Errorf("square/go-jose: invalid EC private key, wrong length for y") - } - - x := key.X.bigInt() - y := key.Y.bigInt() - - if !curve.IsOnCurve(x, y) { - return nil, errors.New("square/go-jose: invalid EC key, X/Y are not on declared curve") - } - - return &ecdsa.PublicKey{ - Curve: curve, - X: x, - Y: y, - }, nil -} - -func fromEcPublicKey(pub *ecdsa.PublicKey) (*rawJSONWebKey, error) { - if pub == nil || pub.X == nil || pub.Y == nil { - return nil, fmt.Errorf("square/go-jose: invalid EC key (nil, or X/Y missing)") - } - - name, err := curveName(pub.Curve) - if err != nil { - return nil, err - } - - size := curveSize(pub.Curve) - - xBytes := pub.X.Bytes() - yBytes := pub.Y.Bytes() - - if len(xBytes) > size || len(yBytes) > size { - return nil, fmt.Errorf("square/go-jose: invalid EC key (X/Y too large)") - } - - key := &rawJSONWebKey{ - Kty: "EC", - Crv: name, - X: newFixedSizeBuffer(xBytes, size), - Y: newFixedSizeBuffer(yBytes, size), - } - - return key, nil -} - -func (key rawJSONWebKey) edPrivateKey() (ed25519.PrivateKey, error) { - var missing []string - switch { - case key.D == nil: - missing = append(missing, "D") - case key.X == nil: - missing = append(missing, "X") - } - - if len(missing) > 0 { - return nil, fmt.Errorf("square/go-jose: invalid Ed25519 private key, missing %s value(s)", strings.Join(missing, ", ")) - } - - privateKey := make([]byte, ed25519.PrivateKeySize) - copy(privateKey[0:32], key.X.bytes()) - copy(privateKey[32:], key.D.bytes()) - rv := ed25519.PrivateKey(privateKey) - return rv, nil -} - -func (key rawJSONWebKey) edPublicKey() (ed25519.PublicKey, error) { - if key.X == nil { - return nil, fmt.Errorf("square/go-jose: invalid Ed key, missing x value") - } - publicKey := make([]byte, ed25519.PublicKeySize) - copy(publicKey[0:32], key.X.bytes()) - rv := ed25519.PublicKey(publicKey) - return rv, nil -} - -func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) { - var missing []string - switch { - case key.N == nil: - missing = append(missing, "N") - case key.E == nil: - missing = append(missing, "E") - case key.D == nil: - missing = append(missing, "D") - case key.P == nil: - missing = append(missing, "P") - case key.Q == nil: - missing = append(missing, "Q") - } - - if len(missing) > 0 { - return nil, fmt.Errorf("square/go-jose: invalid RSA private key, missing %s value(s)", strings.Join(missing, ", ")) - } - - rv := &rsa.PrivateKey{ - PublicKey: rsa.PublicKey{ - N: key.N.bigInt(), - E: key.E.toInt(), - }, - D: key.D.bigInt(), - Primes: []*big.Int{ - key.P.bigInt(), - key.Q.bigInt(), - }, - } - - if key.Dp != nil { - rv.Precomputed.Dp = key.Dp.bigInt() - } - if key.Dq != nil { - rv.Precomputed.Dq = key.Dq.bigInt() - } - if key.Qi != nil { - rv.Precomputed.Qinv = key.Qi.bigInt() - } - - err := rv.Validate() - return rv, err -} - -func fromEdPrivateKey(ed ed25519.PrivateKey) (*rawJSONWebKey, error) { - raw := fromEdPublicKey(ed25519.PublicKey(ed[0:32])) - - raw.D = newBuffer(ed[32:]) - return raw, nil -} - -func fromRsaPrivateKey(rsa *rsa.PrivateKey) (*rawJSONWebKey, error) { - if len(rsa.Primes) != 2 { - return nil, ErrUnsupportedKeyType - } - - raw := fromRsaPublicKey(&rsa.PublicKey) - - raw.D = newBuffer(rsa.D.Bytes()) - raw.P = newBuffer(rsa.Primes[0].Bytes()) - raw.Q = newBuffer(rsa.Primes[1].Bytes()) - - if rsa.Precomputed.Dp != nil { - raw.Dp = newBuffer(rsa.Precomputed.Dp.Bytes()) - } - if rsa.Precomputed.Dq != nil { - raw.Dq = newBuffer(rsa.Precomputed.Dq.Bytes()) - } - if rsa.Precomputed.Qinv != nil { - raw.Qi = newBuffer(rsa.Precomputed.Qinv.Bytes()) - } - - return raw, nil -} - -func (key rawJSONWebKey) ecPrivateKey() (*ecdsa.PrivateKey, error) { - var curve elliptic.Curve - switch key.Crv { - case "P-256": - curve = elliptic.P256() - case "P-384": - curve = elliptic.P384() - case "P-521": - curve = elliptic.P521() - default: - return nil, fmt.Errorf("square/go-jose: unsupported elliptic curve '%s'", key.Crv) - } - - if key.X == nil || key.Y == nil || key.D == nil { - return nil, fmt.Errorf("square/go-jose: invalid EC private key, missing x/y/d values") - } - - // The length of this octet string MUST be the full size of a coordinate for - // the curve specified in the "crv" parameter. - // https://tools.ietf.org/html/rfc7518#section-6.2.1.2 - if curveSize(curve) != len(key.X.data) { - return nil, fmt.Errorf("square/go-jose: invalid EC private key, wrong length for x") - } - - if curveSize(curve) != len(key.Y.data) { - return nil, fmt.Errorf("square/go-jose: invalid EC private key, wrong length for y") - } - - // https://tools.ietf.org/html/rfc7518#section-6.2.2.1 - if dSize(curve) != len(key.D.data) { - return nil, fmt.Errorf("square/go-jose: invalid EC private key, wrong length for d") - } - - x := key.X.bigInt() - y := key.Y.bigInt() - - if !curve.IsOnCurve(x, y) { - return nil, errors.New("square/go-jose: invalid EC key, X/Y are not on declared curve") - } - - return &ecdsa.PrivateKey{ - PublicKey: ecdsa.PublicKey{ - Curve: curve, - X: x, - Y: y, - }, - D: key.D.bigInt(), - }, nil -} - -func fromEcPrivateKey(ec *ecdsa.PrivateKey) (*rawJSONWebKey, error) { - raw, err := fromEcPublicKey(&ec.PublicKey) - if err != nil { - return nil, err - } - - if ec.D == nil { - return nil, fmt.Errorf("square/go-jose: invalid EC private key") - } - - raw.D = newFixedSizeBuffer(ec.D.Bytes(), dSize(ec.PublicKey.Curve)) - - return raw, nil -} - -// dSize returns the size in octets for the "d" member of an elliptic curve -// private key. -// The length of this octet string MUST be ceiling(log-base-2(n)/8) -// octets (where n is the order of the curve). -// https://tools.ietf.org/html/rfc7518#section-6.2.2.1 -func dSize(curve elliptic.Curve) int { - order := curve.Params().P - bitLen := order.BitLen() - size := bitLen / 8 - if bitLen%8 != 0 { - size = size + 1 - } - return size -} - -func fromSymmetricKey(key []byte) (*rawJSONWebKey, error) { - return &rawJSONWebKey{ - Kty: "oct", - K: newBuffer(key), - }, nil -} - -func (key rawJSONWebKey) symmetricKey() ([]byte, error) { - if key.K == nil { - return nil, fmt.Errorf("square/go-jose: invalid OCT (symmetric) key, missing k value") - } - return key.K.bytes(), nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jws.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jws.go deleted file mode 100644 index 8b59b6ab23..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jws.go +++ /dev/null @@ -1,321 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "encoding/base64" - "errors" - "fmt" - "strings" - - "gopkg.in/square/go-jose.v2/json" -) - -// rawJSONWebSignature represents a raw JWS JSON object. Used for parsing/serializing. -type rawJSONWebSignature struct { - Payload *byteBuffer `json:"payload,omitempty"` - Signatures []rawSignatureInfo `json:"signatures,omitempty"` - Protected *byteBuffer `json:"protected,omitempty"` - Header *rawHeader `json:"header,omitempty"` - Signature *byteBuffer `json:"signature,omitempty"` -} - -// rawSignatureInfo represents a single JWS signature over the JWS payload and protected header. -type rawSignatureInfo struct { - Protected *byteBuffer `json:"protected,omitempty"` - Header *rawHeader `json:"header,omitempty"` - Signature *byteBuffer `json:"signature,omitempty"` -} - -// JSONWebSignature represents a signed JWS object after parsing. -type JSONWebSignature struct { - payload []byte - // Signatures attached to this object (may be more than one for multi-sig). - // Be careful about accessing these directly, prefer to use Verify() or - // VerifyMulti() to ensure that the data you're getting is verified. - Signatures []Signature -} - -// Signature represents a single signature over the JWS payload and protected header. -type Signature struct { - // Merged header fields. Contains both protected and unprotected header - // values. Prefer using Protected and Unprotected fields instead of this. - // Values in this header may or may not have been signed and in general - // should not be trusted. - Header Header - - // Protected header. Values in this header were signed and - // will be verified as part of the signature verification process. - Protected Header - - // Unprotected header. Values in this header were not signed - // and in general should not be trusted. - Unprotected Header - - // The actual signature value - Signature []byte - - protected *rawHeader - header *rawHeader - original *rawSignatureInfo -} - -// ParseSigned parses a signed message in compact or full serialization format. -func ParseSigned(input string) (*JSONWebSignature, error) { - input = stripWhitespace(input) - if strings.HasPrefix(input, "{") { - return parseSignedFull(input) - } - - return parseSignedCompact(input) -} - -// Get a header value -func (sig Signature) mergedHeaders() rawHeader { - out := rawHeader{} - out.merge(sig.protected) - out.merge(sig.header) - return out -} - -// Compute data to be signed -func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) []byte { - var serializedProtected string - - if signature.original != nil && signature.original.Protected != nil { - serializedProtected = signature.original.Protected.base64() - } else if signature.protected != nil { - serializedProtected = base64.RawURLEncoding.EncodeToString(mustSerializeJSON(signature.protected)) - } else { - serializedProtected = "" - } - - return []byte(fmt.Sprintf("%s.%s", - serializedProtected, - base64.RawURLEncoding.EncodeToString(payload))) -} - -// parseSignedFull parses a message in full format. -func parseSignedFull(input string) (*JSONWebSignature, error) { - var parsed rawJSONWebSignature - err := json.Unmarshal([]byte(input), &parsed) - if err != nil { - return nil, err - } - - return parsed.sanitized() -} - -// sanitized produces a cleaned-up JWS object from the raw JSON. -func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) { - if parsed.Payload == nil { - return nil, fmt.Errorf("square/go-jose: missing payload in JWS message") - } - - obj := &JSONWebSignature{ - payload: parsed.Payload.bytes(), - Signatures: make([]Signature, len(parsed.Signatures)), - } - - if len(parsed.Signatures) == 0 { - // No signatures array, must be flattened serialization - signature := Signature{} - if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 { - signature.protected = &rawHeader{} - err := json.Unmarshal(parsed.Protected.bytes(), signature.protected) - if err != nil { - return nil, err - } - } - - // Check that there is not a nonce in the unprotected header - if parsed.Header != nil && parsed.Header.getNonce() != "" { - return nil, ErrUnprotectedNonce - } - - signature.header = parsed.Header - signature.Signature = parsed.Signature.bytes() - // Make a fake "original" rawSignatureInfo to store the unprocessed - // Protected header. This is necessary because the Protected header can - // contain arbitrary fields not registered as part of the spec. See - // https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4 - // If we unmarshal Protected into a rawHeader with its explicit list of fields, - // we cannot marshal losslessly. So we have to keep around the original bytes. - // This is used in computeAuthData, which will first attempt to use - // the original bytes of a protected header, and fall back on marshaling the - // header struct only if those bytes are not available. - signature.original = &rawSignatureInfo{ - Protected: parsed.Protected, - Header: parsed.Header, - Signature: parsed.Signature, - } - - var err error - signature.Header, err = signature.mergedHeaders().sanitized() - if err != nil { - return nil, err - } - - if signature.header != nil { - signature.Unprotected, err = signature.header.sanitized() - if err != nil { - return nil, err - } - } - - if signature.protected != nil { - signature.Protected, err = signature.protected.sanitized() - if err != nil { - return nil, err - } - } - - // As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded. - jwk := signature.Header.JSONWebKey - if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) { - return nil, errors.New("square/go-jose: invalid embedded jwk, must be public key") - } - - obj.Signatures = append(obj.Signatures, signature) - } - - for i, sig := range parsed.Signatures { - if sig.Protected != nil && len(sig.Protected.bytes()) > 0 { - obj.Signatures[i].protected = &rawHeader{} - err := json.Unmarshal(sig.Protected.bytes(), obj.Signatures[i].protected) - if err != nil { - return nil, err - } - } - - // Check that there is not a nonce in the unprotected header - if sig.Header != nil && sig.Header.getNonce() != "" { - return nil, ErrUnprotectedNonce - } - - var err error - obj.Signatures[i].Header, err = obj.Signatures[i].mergedHeaders().sanitized() - if err != nil { - return nil, err - } - - if obj.Signatures[i].header != nil { - obj.Signatures[i].Unprotected, err = obj.Signatures[i].header.sanitized() - if err != nil { - return nil, err - } - } - - if obj.Signatures[i].protected != nil { - obj.Signatures[i].Protected, err = obj.Signatures[i].protected.sanitized() - if err != nil { - return nil, err - } - } - - obj.Signatures[i].Signature = sig.Signature.bytes() - - // As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded. - jwk := obj.Signatures[i].Header.JSONWebKey - if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) { - return nil, errors.New("square/go-jose: invalid embedded jwk, must be public key") - } - - // Copy value of sig - original := sig - - obj.Signatures[i].header = sig.Header - obj.Signatures[i].original = &original - } - - return obj, nil -} - -// parseSignedCompact parses a message in compact format. -func parseSignedCompact(input string) (*JSONWebSignature, error) { - parts := strings.Split(input, ".") - if len(parts) != 3 { - return nil, fmt.Errorf("square/go-jose: compact JWS format must have three parts") - } - - rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0]) - if err != nil { - return nil, err - } - - payload, err := base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return nil, err - } - - signature, err := base64.RawURLEncoding.DecodeString(parts[2]) - if err != nil { - return nil, err - } - - raw := &rawJSONWebSignature{ - Payload: newBuffer(payload), - Protected: newBuffer(rawProtected), - Signature: newBuffer(signature), - } - return raw.sanitized() -} - -// CompactSerialize serializes an object using the compact serialization format. -func (obj JSONWebSignature) CompactSerialize() (string, error) { - if len(obj.Signatures) != 1 || obj.Signatures[0].header != nil || obj.Signatures[0].protected == nil { - return "", ErrNotSupported - } - - serializedProtected := mustSerializeJSON(obj.Signatures[0].protected) - - return fmt.Sprintf( - "%s.%s.%s", - base64.RawURLEncoding.EncodeToString(serializedProtected), - base64.RawURLEncoding.EncodeToString(obj.payload), - base64.RawURLEncoding.EncodeToString(obj.Signatures[0].Signature)), nil -} - -// FullSerialize serializes an object using the full JSON serialization format. -func (obj JSONWebSignature) FullSerialize() string { - raw := rawJSONWebSignature{ - Payload: newBuffer(obj.payload), - } - - if len(obj.Signatures) == 1 { - if obj.Signatures[0].protected != nil { - serializedProtected := mustSerializeJSON(obj.Signatures[0].protected) - raw.Protected = newBuffer(serializedProtected) - } - raw.Header = obj.Signatures[0].header - raw.Signature = newBuffer(obj.Signatures[0].Signature) - } else { - raw.Signatures = make([]rawSignatureInfo, len(obj.Signatures)) - for i, signature := range obj.Signatures { - raw.Signatures[i] = rawSignatureInfo{ - Header: signature.header, - Signature: newBuffer(signature.Signature), - } - - if signature.protected != nil { - raw.Signatures[i].Protected = newBuffer(mustSerializeJSON(signature.protected)) - } - } - } - - return string(mustSerializeJSON(raw)) -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/builder.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/builder.go deleted file mode 100644 index 686ec80a4b..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/builder.go +++ /dev/null @@ -1,334 +0,0 @@ -/*- - * Copyright 2016 Zbigniew Mandziejewicz - * Copyright 2016 Square, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jwt - -import ( - "bytes" - "reflect" - - "gopkg.in/square/go-jose.v2/json" - - "gopkg.in/square/go-jose.v2" -) - -// Builder is a utility for making JSON Web Tokens. Calls can be chained, and -// errors are accumulated until the final call to CompactSerialize/FullSerialize. -type Builder interface { - // Claims encodes claims into JWE/JWS form. Multiple calls will merge claims - // into single JSON object. If you are passing private claims, make sure to set - // struct field tags to specify the name for the JSON key to be used when - // serializing. - Claims(i interface{}) Builder - // Token builds a JSONWebToken from provided data. - Token() (*JSONWebToken, error) - // FullSerialize serializes a token using the full serialization format. - FullSerialize() (string, error) - // CompactSerialize serializes a token using the compact serialization format. - CompactSerialize() (string, error) -} - -// NestedBuilder is a utility for making Signed-Then-Encrypted JSON Web Tokens. -// Calls can be chained, and errors are accumulated until final call to -// CompactSerialize/FullSerialize. -type NestedBuilder interface { - // Claims encodes claims into JWE/JWS form. Multiple calls will merge claims - // into single JSON object. If you are passing private claims, make sure to set - // struct field tags to specify the name for the JSON key to be used when - // serializing. - Claims(i interface{}) NestedBuilder - // Token builds a NestedJSONWebToken from provided data. - Token() (*NestedJSONWebToken, error) - // FullSerialize serializes a token using the full serialization format. - FullSerialize() (string, error) - // CompactSerialize serializes a token using the compact serialization format. - CompactSerialize() (string, error) -} - -type builder struct { - payload map[string]interface{} - err error -} - -type signedBuilder struct { - builder - sig jose.Signer -} - -type encryptedBuilder struct { - builder - enc jose.Encrypter -} - -type nestedBuilder struct { - builder - sig jose.Signer - enc jose.Encrypter -} - -// Signed creates builder for signed tokens. -func Signed(sig jose.Signer) Builder { - return &signedBuilder{ - sig: sig, - } -} - -// Encrypted creates builder for encrypted tokens. -func Encrypted(enc jose.Encrypter) Builder { - return &encryptedBuilder{ - enc: enc, - } -} - -// SignedAndEncrypted creates builder for signed-then-encrypted tokens. -// ErrInvalidContentType will be returned if encrypter doesn't have JWT content type. -func SignedAndEncrypted(sig jose.Signer, enc jose.Encrypter) NestedBuilder { - if contentType, _ := enc.Options().ExtraHeaders[jose.HeaderContentType].(jose.ContentType); contentType != "JWT" { - return &nestedBuilder{ - builder: builder{ - err: ErrInvalidContentType, - }, - } - } - return &nestedBuilder{ - sig: sig, - enc: enc, - } -} - -func (b builder) claims(i interface{}) builder { - if b.err != nil { - return b - } - - m, ok := i.(map[string]interface{}) - switch { - case ok: - return b.merge(m) - case reflect.Indirect(reflect.ValueOf(i)).Kind() == reflect.Struct: - m, err := normalize(i) - if err != nil { - return builder{ - err: err, - } - } - return b.merge(m) - default: - return builder{ - err: ErrInvalidClaims, - } - } -} - -func normalize(i interface{}) (map[string]interface{}, error) { - m := make(map[string]interface{}) - - raw, err := json.Marshal(i) - if err != nil { - return nil, err - } - - d := json.NewDecoder(bytes.NewReader(raw)) - d.UseNumber() - - if err := d.Decode(&m); err != nil { - return nil, err - } - - return m, nil -} - -func (b *builder) merge(m map[string]interface{}) builder { - p := make(map[string]interface{}) - for k, v := range b.payload { - p[k] = v - } - for k, v := range m { - p[k] = v - } - - return builder{ - payload: p, - } -} - -func (b *builder) token(p func(interface{}) ([]byte, error), h []jose.Header) (*JSONWebToken, error) { - return &JSONWebToken{ - payload: p, - Headers: h, - }, nil -} - -func (b *signedBuilder) Claims(i interface{}) Builder { - return &signedBuilder{ - builder: b.builder.claims(i), - sig: b.sig, - } -} - -func (b *signedBuilder) Token() (*JSONWebToken, error) { - sig, err := b.sign() - if err != nil { - return nil, err - } - - h := make([]jose.Header, len(sig.Signatures)) - for i, v := range sig.Signatures { - h[i] = v.Header - } - - return b.builder.token(sig.Verify, h) -} - -func (b *signedBuilder) CompactSerialize() (string, error) { - sig, err := b.sign() - if err != nil { - return "", err - } - - return sig.CompactSerialize() -} - -func (b *signedBuilder) FullSerialize() (string, error) { - sig, err := b.sign() - if err != nil { - return "", err - } - - return sig.FullSerialize(), nil -} - -func (b *signedBuilder) sign() (*jose.JSONWebSignature, error) { - if b.err != nil { - return nil, b.err - } - - p, err := json.Marshal(b.payload) - if err != nil { - return nil, err - } - - return b.sig.Sign(p) -} - -func (b *encryptedBuilder) Claims(i interface{}) Builder { - return &encryptedBuilder{ - builder: b.builder.claims(i), - enc: b.enc, - } -} - -func (b *encryptedBuilder) CompactSerialize() (string, error) { - enc, err := b.encrypt() - if err != nil { - return "", err - } - - return enc.CompactSerialize() -} - -func (b *encryptedBuilder) FullSerialize() (string, error) { - enc, err := b.encrypt() - if err != nil { - return "", err - } - - return enc.FullSerialize(), nil -} - -func (b *encryptedBuilder) Token() (*JSONWebToken, error) { - enc, err := b.encrypt() - if err != nil { - return nil, err - } - - return b.builder.token(enc.Decrypt, []jose.Header{enc.Header}) -} - -func (b *encryptedBuilder) encrypt() (*jose.JSONWebEncryption, error) { - if b.err != nil { - return nil, b.err - } - - p, err := json.Marshal(b.payload) - if err != nil { - return nil, err - } - - return b.enc.Encrypt(p) -} - -func (b *nestedBuilder) Claims(i interface{}) NestedBuilder { - return &nestedBuilder{ - builder: b.builder.claims(i), - sig: b.sig, - enc: b.enc, - } -} - -func (b *nestedBuilder) Token() (*NestedJSONWebToken, error) { - enc, err := b.signAndEncrypt() - if err != nil { - return nil, err - } - - return &NestedJSONWebToken{ - enc: enc, - Headers: []jose.Header{enc.Header}, - }, nil -} - -func (b *nestedBuilder) CompactSerialize() (string, error) { - enc, err := b.signAndEncrypt() - if err != nil { - return "", err - } - - return enc.CompactSerialize() -} - -func (b *nestedBuilder) FullSerialize() (string, error) { - enc, err := b.signAndEncrypt() - if err != nil { - return "", err - } - - return enc.FullSerialize(), nil -} - -func (b *nestedBuilder) signAndEncrypt() (*jose.JSONWebEncryption, error) { - if b.err != nil { - return nil, b.err - } - - p, err := json.Marshal(b.payload) - if err != nil { - return nil, err - } - - sig, err := b.sig.Sign(p) - if err != nil { - return nil, err - } - - p2, err := sig.CompactSerialize() - if err != nil { - return nil, err - } - - return b.enc.Encrypt([]byte(p2)) -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/claims.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/claims.go deleted file mode 100644 index 31274b0060..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/claims.go +++ /dev/null @@ -1,116 +0,0 @@ -/*- - * Copyright 2016 Zbigniew Mandziejewicz - * Copyright 2016 Square, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jwt - -import ( - "strconv" - "time" - - "gopkg.in/square/go-jose.v2/json" -) - -// Claims represents public claim values (as specified in RFC 7519). -type Claims struct { - Issuer string `json:"iss,omitempty"` - Subject string `json:"sub,omitempty"` - Audience Audience `json:"aud,omitempty"` - Expiry NumericDate `json:"exp,omitempty"` - NotBefore NumericDate `json:"nbf,omitempty"` - IssuedAt NumericDate `json:"iat,omitempty"` - ID string `json:"jti,omitempty"` -} - -// NumericDate represents date and time as the number of seconds since the -// epoch, including leap seconds. Non-integer values can be represented -// in the serialized format, but we round to the nearest second. -type NumericDate int64 - -// NewNumericDate constructs NumericDate from time.Time value. -func NewNumericDate(t time.Time) NumericDate { - if t.IsZero() { - return NumericDate(0) - } - - // While RFC 7519 technically states that NumericDate values may be - // non-integer values, we don't bother serializing timestamps in - // claims with sub-second accurancy and just round to the nearest - // second instead. Not convined sub-second accuracy is useful here. - return NumericDate(t.Unix()) -} - -// MarshalJSON serializes the given NumericDate into its JSON representation. -func (n NumericDate) MarshalJSON() ([]byte, error) { - return []byte(strconv.FormatInt(int64(n), 10)), nil -} - -// UnmarshalJSON reads a date from its JSON representation. -func (n *NumericDate) UnmarshalJSON(b []byte) error { - s := string(b) - - f, err := strconv.ParseFloat(s, 64) - if err != nil { - return ErrUnmarshalNumericDate - } - - *n = NumericDate(f) - return nil -} - -// Time returns time.Time representation of NumericDate. -func (n NumericDate) Time() time.Time { - return time.Unix(int64(n), 0) -} - -// Audience represents the recipents that the token is intended for. -type Audience []string - -// UnmarshalJSON reads an audience from its JSON representation. -func (s *Audience) UnmarshalJSON(b []byte) error { - var v interface{} - if err := json.Unmarshal(b, &v); err != nil { - return err - } - - switch v := v.(type) { - case string: - *s = []string{v} - case []interface{}: - a := make([]string, len(v)) - for i, e := range v { - s, ok := e.(string) - if !ok { - return ErrUnmarshalAudience - } - a[i] = s - } - *s = a - default: - return ErrUnmarshalAudience - } - - return nil -} - -func (s Audience) Contains(v string) bool { - for _, a := range s { - if a == v { - return true - } - } - return false -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/doc.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/doc.go deleted file mode 100644 index 4cf97b54e7..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/*- - * Copyright 2017 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - -Package jwt provides an implementation of the JSON Web Token standard. - -*/ -package jwt diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/errors.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/errors.go deleted file mode 100644 index 6507dfb28e..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/errors.go +++ /dev/null @@ -1,50 +0,0 @@ -/*- - * Copyright 2016 Zbigniew Mandziejewicz - * Copyright 2016 Square, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jwt - -import "errors" - -// ErrUnmarshalAudience indicates that aud claim could not be unmarshalled. -var ErrUnmarshalAudience = errors.New("square/go-jose/jwt: expected string or array value to unmarshal to Audience") - -// ErrUnmarshalNumericDate indicates that JWT NumericDate could not be unmarshalled. -var ErrUnmarshalNumericDate = errors.New("square/go-jose/jwt: expected number value to unmarshal NumericDate") - -// ErrInvalidClaims indicates that given claims have invalid type. -var ErrInvalidClaims = errors.New("square/go-jose/jwt: expected claims to be value convertible into JSON object") - -// ErrInvalidIssuer indicates invalid iss claim. -var ErrInvalidIssuer = errors.New("square/go-jose/jwt: validation failed, invalid issuer claim (iss)") - -// ErrInvalidSubject indicates invalid sub claim. -var ErrInvalidSubject = errors.New("square/go-jose/jwt: validation failed, invalid subject claim (sub)") - -// ErrInvalidAudience indicated invalid aud claim. -var ErrInvalidAudience = errors.New("square/go-jose/jwt: validation failed, invalid audience claim (aud)") - -// ErrInvalidID indicates invalid jti claim. -var ErrInvalidID = errors.New("square/go-jose/jwt: validation failed, invalid ID claim (jti)") - -// ErrNotValidYet indicates that token is used before time indicated in nbf claim. -var ErrNotValidYet = errors.New("square/go-jose/jwt: validation failed, token not valid yet (nbf)") - -// ErrExpired indicates that token is used after expiry time indicated in exp claim. -var ErrExpired = errors.New("square/go-jose/jwt: validation failed, token is expired (exp)") - -// ErrInvalidContentType indicated that token requires JWT cty header. -var ErrInvalidContentType = errors.New("square/go-jose/jwt: expected content type to be JWT (cty header)") diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/jwt.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/jwt.go deleted file mode 100644 index 4ce9779a70..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/jwt.go +++ /dev/null @@ -1,132 +0,0 @@ -/*- - * Copyright 2016 Zbigniew Mandziejewicz - * Copyright 2016 Square, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jwt - -import ( - "fmt" - "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/json" - "strings" -) - -// JSONWebToken represents a JSON Web Token (as specified in RFC7519). -type JSONWebToken struct { - payload func(k interface{}) ([]byte, error) - unverifiedPayload func() []byte - Headers []jose.Header -} - -type NestedJSONWebToken struct { - enc *jose.JSONWebEncryption - Headers []jose.Header -} - -// Claims deserializes a JSONWebToken into dest using the provided key. -func (t *JSONWebToken) Claims(key interface{}, dest ...interface{}) error { - b, err := t.payload(key) - if err != nil { - return err - } - - for _, d := range dest { - if err := json.Unmarshal(b, d); err != nil { - return err - } - } - - return nil -} - -// UnsafeClaimsWithoutVerification deserializes the claims of a -// JSONWebToken into the dests. For signed JWTs, the claims are not -// verified. This function won't work for encrypted JWTs. -func (t *JSONWebToken) UnsafeClaimsWithoutVerification(dest ...interface{}) error { - if t.unverifiedPayload == nil { - return fmt.Errorf("square/go-jose: Cannot get unverified claims") - } - claims := t.unverifiedPayload() - for _, d := range dest { - if err := json.Unmarshal(claims, d); err != nil { - return err - } - } - return nil -} - -func (t *NestedJSONWebToken) Decrypt(decryptionKey interface{}) (*JSONWebToken, error) { - b, err := t.enc.Decrypt(decryptionKey) - if err != nil { - return nil, err - } - - sig, err := ParseSigned(string(b)) - if err != nil { - return nil, err - } - - return sig, nil -} - -// ParseSigned parses token from JWS form. -func ParseSigned(s string) (*JSONWebToken, error) { - sig, err := jose.ParseSigned(s) - if err != nil { - return nil, err - } - headers := make([]jose.Header, len(sig.Signatures)) - for i, signature := range sig.Signatures { - headers[i] = signature.Header - } - - return &JSONWebToken{ - payload: sig.Verify, - unverifiedPayload: sig.UnsafePayloadWithoutVerification, - Headers: headers, - }, nil -} - -// ParseEncrypted parses token from JWE form. -func ParseEncrypted(s string) (*JSONWebToken, error) { - enc, err := jose.ParseEncrypted(s) - if err != nil { - return nil, err - } - - return &JSONWebToken{ - payload: enc.Decrypt, - Headers: []jose.Header{enc.Header}, - }, nil -} - -// ParseSignedAndEncrypted parses signed-then-encrypted token from JWE form. -func ParseSignedAndEncrypted(s string) (*NestedJSONWebToken, error) { - enc, err := jose.ParseEncrypted(s) - if err != nil { - return nil, err - } - - contentType, _ := enc.Header.ExtraHeaders[jose.HeaderContentType].(string) - if strings.ToUpper(contentType) != "JWT" { - return nil, ErrInvalidContentType - } - - return &NestedJSONWebToken{ - enc: enc, - Headers: []jose.Header{enc.Header}, - }, nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/validation.go b/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/validation.go deleted file mode 100644 index d638811d3d..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/jwt/validation.go +++ /dev/null @@ -1,106 +0,0 @@ -/*- - * Copyright 2016 Zbigniew Mandziejewicz - * Copyright 2016 Square, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jwt - -import "time" - -const ( - // DefaultLeeway defines the default leeway for matching NotBefore/Expiry claims. - DefaultLeeway = 1.0 * time.Minute -) - -// Expected defines values used for protected claims validation. -// If field has zero value then validation is skipped. -type Expected struct { - // Issuer matches the "iss" claim exactly. - Issuer string - // Subject matches the "sub" claim exactly. - Subject string - // Audience matches the values in "aud" claim, regardless of their order. - Audience Audience - // ID matches the "jti" claim exactly. - ID string - // Time matches the "exp" and "nbf" claims with leeway. - Time time.Time -} - -// WithTime copies expectations with new time. -func (e Expected) WithTime(t time.Time) Expected { - e.Time = t - return e -} - -// Validate checks claims in a token against expected values. -// A default leeway value of one minute is used to compare time values. -// -// The default leeway will cause the token to be deemed valid until one -// minute after the expiration time. If you're a server application that -// wants to give an extra minute to client tokens, use this -// function. If you're a client application wondering if the server -// will accept your token, use ValidateWithLeeway with a leeway <=0, -// otherwise this function might make you think a token is valid when -// it is not. -func (c Claims) Validate(e Expected) error { - return c.ValidateWithLeeway(e, DefaultLeeway) -} - -// ValidateWithLeeway checks claims in a token against expected values. A -// custom leeway may be specified for comparing time values. You may pass a -// zero value to check time values with no leeway, but you should not that -// numeric date values are rounded to the nearest second and sub-second -// precision is not supported. -// -// The leeway gives some extra time to the token from the server's -// point of view. That is, if the token is expired, ValidateWithLeeway -// will still accept the token for 'leeway' amount of time. This fails -// if you're using this function to check if a server will accept your -// token, because it will think the token is valid even after it -// expires. So if you're a client validating if the token is valid to -// be submitted to a server, use leeway <=0, if you're a server -// validation a token, use leeway >=0. -func (c Claims) ValidateWithLeeway(e Expected, leeway time.Duration) error { - if e.Issuer != "" && e.Issuer != c.Issuer { - return ErrInvalidIssuer - } - - if e.Subject != "" && e.Subject != c.Subject { - return ErrInvalidSubject - } - - if e.ID != "" && e.ID != c.ID { - return ErrInvalidID - } - - if len(e.Audience) != 0 { - for _, v := range e.Audience { - if !c.Audience.Contains(v) { - return ErrInvalidAudience - } - } - } - - if !e.Time.IsZero() && e.Time.Add(leeway).Before(c.NotBefore.Time()) { - return ErrNotValidYet - } - - if !e.Time.IsZero() && e.Time.Add(-leeway).After(c.Expiry.Time()) { - return ErrExpired - } - - return nil -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/opaque.go b/etcd/vendor/gopkg.in/square/go-jose.v2/opaque.go deleted file mode 100644 index 4a8bd8f323..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/opaque.go +++ /dev/null @@ -1,83 +0,0 @@ -/*- - * Copyright 2018 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -// OpaqueSigner is an interface that supports signing payloads with opaque -// private key(s). Private key operations preformed by implementors may, for -// example, occur in a hardware module. An OpaqueSigner may rotate signing keys -// transparently to the user of this interface. -type OpaqueSigner interface { - // Public returns the public key of the current signing key. - Public() *JSONWebKey - // Algs returns a list of supported signing algorithms. - Algs() []SignatureAlgorithm - // SignPayload signs a payload with the current signing key using the given - // algorithm. - SignPayload(payload []byte, alg SignatureAlgorithm) ([]byte, error) -} - -type opaqueSigner struct { - signer OpaqueSigner -} - -func newOpaqueSigner(alg SignatureAlgorithm, signer OpaqueSigner) (recipientSigInfo, error) { - var algSupported bool - for _, salg := range signer.Algs() { - if alg == salg { - algSupported = true - break - } - } - if !algSupported { - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - return recipientSigInfo{ - sigAlg: alg, - publicKey: signer.Public, - signer: &opaqueSigner{ - signer: signer, - }, - }, nil -} - -func (o *opaqueSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - out, err := o.signer.SignPayload(payload, alg) - if err != nil { - return Signature{}, err - } - - return Signature{ - Signature: out, - protected: &rawHeader{}, - }, nil -} - -// OpaqueVerifier is an interface that supports verifying payloads with opaque -// public key(s). An OpaqueSigner may rotate signing keys transparently to the -// user of this interface. -type OpaqueVerifier interface { - VerifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error -} - -type opaqueVerifier struct { - verifier OpaqueVerifier -} - -func (o *opaqueVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { - return o.verifier.VerifyPayload(payload, signature, alg) -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/shared.go b/etcd/vendor/gopkg.in/square/go-jose.v2/shared.go deleted file mode 100644 index b0a6255eca..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/shared.go +++ /dev/null @@ -1,499 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto/elliptic" - "crypto/x509" - "encoding/base64" - "errors" - "fmt" - - "gopkg.in/square/go-jose.v2/json" -) - -// KeyAlgorithm represents a key management algorithm. -type KeyAlgorithm string - -// SignatureAlgorithm represents a signature (or MAC) algorithm. -type SignatureAlgorithm string - -// ContentEncryption represents a content encryption algorithm. -type ContentEncryption string - -// CompressionAlgorithm represents an algorithm used for plaintext compression. -type CompressionAlgorithm string - -// ContentType represents type of the contained data. -type ContentType string - -var ( - // ErrCryptoFailure represents an error in cryptographic primitive. This - // occurs when, for example, a message had an invalid authentication tag or - // could not be decrypted. - ErrCryptoFailure = errors.New("square/go-jose: error in cryptographic primitive") - - // ErrUnsupportedAlgorithm indicates that a selected algorithm is not - // supported. This occurs when trying to instantiate an encrypter for an - // algorithm that is not yet implemented. - ErrUnsupportedAlgorithm = errors.New("square/go-jose: unknown/unsupported algorithm") - - // ErrUnsupportedKeyType indicates that the given key type/format is not - // supported. This occurs when trying to instantiate an encrypter and passing - // it a key of an unrecognized type or with unsupported parameters, such as - // an RSA private key with more than two primes. - ErrUnsupportedKeyType = errors.New("square/go-jose: unsupported key type/format") - - // ErrInvalidKeySize indicates that the given key is not the correct size - // for the selected algorithm. This can occur, for example, when trying to - // encrypt with AES-256 but passing only a 128-bit key as input. - ErrInvalidKeySize = errors.New("square/go-jose: invalid key size for algorithm") - - // ErrNotSupported serialization of object is not supported. This occurs when - // trying to compact-serialize an object which can't be represented in - // compact form. - ErrNotSupported = errors.New("square/go-jose: compact serialization not supported for object") - - // ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a - // nonce header parameter was included in an unprotected header object. - ErrUnprotectedNonce = errors.New("square/go-jose: Nonce parameter included in unprotected header") -) - -// Key management algorithms -const ( - ED25519 = KeyAlgorithm("ED25519") - RSA1_5 = KeyAlgorithm("RSA1_5") // RSA-PKCS1v1.5 - RSA_OAEP = KeyAlgorithm("RSA-OAEP") // RSA-OAEP-SHA1 - RSA_OAEP_256 = KeyAlgorithm("RSA-OAEP-256") // RSA-OAEP-SHA256 - A128KW = KeyAlgorithm("A128KW") // AES key wrap (128) - A192KW = KeyAlgorithm("A192KW") // AES key wrap (192) - A256KW = KeyAlgorithm("A256KW") // AES key wrap (256) - DIRECT = KeyAlgorithm("dir") // Direct encryption - ECDH_ES = KeyAlgorithm("ECDH-ES") // ECDH-ES - ECDH_ES_A128KW = KeyAlgorithm("ECDH-ES+A128KW") // ECDH-ES + AES key wrap (128) - ECDH_ES_A192KW = KeyAlgorithm("ECDH-ES+A192KW") // ECDH-ES + AES key wrap (192) - ECDH_ES_A256KW = KeyAlgorithm("ECDH-ES+A256KW") // ECDH-ES + AES key wrap (256) - A128GCMKW = KeyAlgorithm("A128GCMKW") // AES-GCM key wrap (128) - A192GCMKW = KeyAlgorithm("A192GCMKW") // AES-GCM key wrap (192) - A256GCMKW = KeyAlgorithm("A256GCMKW") // AES-GCM key wrap (256) - PBES2_HS256_A128KW = KeyAlgorithm("PBES2-HS256+A128KW") // PBES2 + HMAC-SHA256 + AES key wrap (128) - PBES2_HS384_A192KW = KeyAlgorithm("PBES2-HS384+A192KW") // PBES2 + HMAC-SHA384 + AES key wrap (192) - PBES2_HS512_A256KW = KeyAlgorithm("PBES2-HS512+A256KW") // PBES2 + HMAC-SHA512 + AES key wrap (256) -) - -// Signature algorithms -const ( - EdDSA = SignatureAlgorithm("EdDSA") - HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256 - HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384 - HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512 - RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256 - RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384 - RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512 - ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256 - ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384 - ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512 - PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256 - PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384 - PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512 -) - -// Content encryption algorithms -const ( - A128CBC_HS256 = ContentEncryption("A128CBC-HS256") // AES-CBC + HMAC-SHA256 (128) - A192CBC_HS384 = ContentEncryption("A192CBC-HS384") // AES-CBC + HMAC-SHA384 (192) - A256CBC_HS512 = ContentEncryption("A256CBC-HS512") // AES-CBC + HMAC-SHA512 (256) - A128GCM = ContentEncryption("A128GCM") // AES-GCM (128) - A192GCM = ContentEncryption("A192GCM") // AES-GCM (192) - A256GCM = ContentEncryption("A256GCM") // AES-GCM (256) -) - -// Compression algorithms -const ( - NONE = CompressionAlgorithm("") // No compression - DEFLATE = CompressionAlgorithm("DEF") // DEFLATE (RFC 1951) -) - -// A key in the protected header of a JWS object. Use of the Header... -// constants is preferred to enhance type safety. -type HeaderKey string - -const ( - HeaderType HeaderKey = "typ" // string - HeaderContentType = "cty" // string - - // These are set by go-jose and shouldn't need to be set by consumers of the - // library. - headerAlgorithm = "alg" // string - headerEncryption = "enc" // ContentEncryption - headerCompression = "zip" // CompressionAlgorithm - headerCritical = "crit" // []string - - headerAPU = "apu" // *byteBuffer - headerAPV = "apv" // *byteBuffer - headerEPK = "epk" // *JSONWebKey - headerIV = "iv" // *byteBuffer - headerTag = "tag" // *byteBuffer - headerX5c = "x5c" // []*x509.Certificate - - headerJWK = "jwk" // *JSONWebKey - headerKeyID = "kid" // string - headerNonce = "nonce" // string - - headerP2C = "p2c" // *byteBuffer (int) - headerP2S = "p2s" // *byteBuffer ([]byte) - -) - -// rawHeader represents the JOSE header for JWE/JWS objects (used for parsing). -// -// The decoding of the constituent items is deferred because we want to marshal -// some members into particular structs rather than generic maps, but at the -// same time we need to receive any extra fields unhandled by this library to -// pass through to consuming code in case it wants to examine them. -type rawHeader map[HeaderKey]*json.RawMessage - -// Header represents the read-only JOSE header for JWE/JWS objects. -type Header struct { - KeyID string - JSONWebKey *JSONWebKey - Algorithm string - Nonce string - - // Unverified certificate chain parsed from x5c header. - certificates []*x509.Certificate - - // Any headers not recognised above get unmarshaled - // from JSON in a generic manner and placed in this map. - ExtraHeaders map[HeaderKey]interface{} -} - -// Certificates verifies & returns the certificate chain present -// in the x5c header field of a message, if one was present. Returns -// an error if there was no x5c header present or the chain could -// not be validated with the given verify options. -func (h Header) Certificates(opts x509.VerifyOptions) ([][]*x509.Certificate, error) { - if len(h.certificates) == 0 { - return nil, errors.New("square/go-jose: no x5c header present in message") - } - - leaf := h.certificates[0] - if opts.Intermediates == nil { - opts.Intermediates = x509.NewCertPool() - for _, intermediate := range h.certificates[1:] { - opts.Intermediates.AddCert(intermediate) - } - } - - return leaf.Verify(opts) -} - -func (parsed rawHeader) set(k HeaderKey, v interface{}) error { - b, err := json.Marshal(v) - if err != nil { - return err - } - - parsed[k] = makeRawMessage(b) - return nil -} - -// getString gets a string from the raw JSON, defaulting to "". -func (parsed rawHeader) getString(k HeaderKey) string { - v, ok := parsed[k] - if !ok || v == nil { - return "" - } - var s string - err := json.Unmarshal(*v, &s) - if err != nil { - return "" - } - return s -} - -// getByteBuffer gets a byte buffer from the raw JSON. Returns (nil, nil) if -// not specified. -func (parsed rawHeader) getByteBuffer(k HeaderKey) (*byteBuffer, error) { - v := parsed[k] - if v == nil { - return nil, nil - } - var bb *byteBuffer - err := json.Unmarshal(*v, &bb) - if err != nil { - return nil, err - } - return bb, nil -} - -// getAlgorithm extracts parsed "alg" from the raw JSON as a KeyAlgorithm. -func (parsed rawHeader) getAlgorithm() KeyAlgorithm { - return KeyAlgorithm(parsed.getString(headerAlgorithm)) -} - -// getSignatureAlgorithm extracts parsed "alg" from the raw JSON as a SignatureAlgorithm. -func (parsed rawHeader) getSignatureAlgorithm() SignatureAlgorithm { - return SignatureAlgorithm(parsed.getString(headerAlgorithm)) -} - -// getEncryption extracts parsed "enc" from the raw JSON. -func (parsed rawHeader) getEncryption() ContentEncryption { - return ContentEncryption(parsed.getString(headerEncryption)) -} - -// getCompression extracts parsed "zip" from the raw JSON. -func (parsed rawHeader) getCompression() CompressionAlgorithm { - return CompressionAlgorithm(parsed.getString(headerCompression)) -} - -func (parsed rawHeader) getNonce() string { - return parsed.getString(headerNonce) -} - -// getEPK extracts parsed "epk" from the raw JSON. -func (parsed rawHeader) getEPK() (*JSONWebKey, error) { - v := parsed[headerEPK] - if v == nil { - return nil, nil - } - var epk *JSONWebKey - err := json.Unmarshal(*v, &epk) - if err != nil { - return nil, err - } - return epk, nil -} - -// getAPU extracts parsed "apu" from the raw JSON. -func (parsed rawHeader) getAPU() (*byteBuffer, error) { - return parsed.getByteBuffer(headerAPU) -} - -// getAPV extracts parsed "apv" from the raw JSON. -func (parsed rawHeader) getAPV() (*byteBuffer, error) { - return parsed.getByteBuffer(headerAPV) -} - -// getIV extracts parsed "iv" frpom the raw JSON. -func (parsed rawHeader) getIV() (*byteBuffer, error) { - return parsed.getByteBuffer(headerIV) -} - -// getTag extracts parsed "tag" frpom the raw JSON. -func (parsed rawHeader) getTag() (*byteBuffer, error) { - return parsed.getByteBuffer(headerTag) -} - -// getJWK extracts parsed "jwk" from the raw JSON. -func (parsed rawHeader) getJWK() (*JSONWebKey, error) { - v := parsed[headerJWK] - if v == nil { - return nil, nil - } - var jwk *JSONWebKey - err := json.Unmarshal(*v, &jwk) - if err != nil { - return nil, err - } - return jwk, nil -} - -// getCritical extracts parsed "crit" from the raw JSON. If omitted, it -// returns an empty slice. -func (parsed rawHeader) getCritical() ([]string, error) { - v := parsed[headerCritical] - if v == nil { - return nil, nil - } - - var q []string - err := json.Unmarshal(*v, &q) - if err != nil { - return nil, err - } - return q, nil -} - -// getS2C extracts parsed "p2c" from the raw JSON. -func (parsed rawHeader) getP2C() (int, error) { - v := parsed[headerP2C] - if v == nil { - return 0, nil - } - - var p2c int - err := json.Unmarshal(*v, &p2c) - if err != nil { - return 0, err - } - return p2c, nil -} - -// getS2S extracts parsed "p2s" from the raw JSON. -func (parsed rawHeader) getP2S() (*byteBuffer, error) { - return parsed.getByteBuffer(headerP2S) -} - -// sanitized produces a cleaned-up header object from the raw JSON. -func (parsed rawHeader) sanitized() (h Header, err error) { - for k, v := range parsed { - if v == nil { - continue - } - switch k { - case headerJWK: - var jwk *JSONWebKey - err = json.Unmarshal(*v, &jwk) - if err != nil { - err = fmt.Errorf("failed to unmarshal JWK: %v: %#v", err, string(*v)) - return - } - h.JSONWebKey = jwk - case headerKeyID: - var s string - err = json.Unmarshal(*v, &s) - if err != nil { - err = fmt.Errorf("failed to unmarshal key ID: %v: %#v", err, string(*v)) - return - } - h.KeyID = s - case headerAlgorithm: - var s string - err = json.Unmarshal(*v, &s) - if err != nil { - err = fmt.Errorf("failed to unmarshal algorithm: %v: %#v", err, string(*v)) - return - } - h.Algorithm = s - case headerNonce: - var s string - err = json.Unmarshal(*v, &s) - if err != nil { - err = fmt.Errorf("failed to unmarshal nonce: %v: %#v", err, string(*v)) - return - } - h.Nonce = s - case headerX5c: - c := []string{} - err = json.Unmarshal(*v, &c) - if err != nil { - err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v)) - return - } - h.certificates, err = parseCertificateChain(c) - if err != nil { - err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v)) - return - } - default: - if h.ExtraHeaders == nil { - h.ExtraHeaders = map[HeaderKey]interface{}{} - } - var v2 interface{} - err = json.Unmarshal(*v, &v2) - if err != nil { - err = fmt.Errorf("failed to unmarshal value: %v: %#v", err, string(*v)) - return - } - h.ExtraHeaders[k] = v2 - } - } - return -} - -func parseCertificateChain(chain []string) ([]*x509.Certificate, error) { - out := make([]*x509.Certificate, len(chain)) - for i, cert := range chain { - raw, err := base64.StdEncoding.DecodeString(cert) - if err != nil { - return nil, err - } - out[i], err = x509.ParseCertificate(raw) - if err != nil { - return nil, err - } - } - return out, nil -} - -func (dst rawHeader) isSet(k HeaderKey) bool { - dvr := dst[k] - if dvr == nil { - return false - } - - var dv interface{} - err := json.Unmarshal(*dvr, &dv) - if err != nil { - return true - } - - if dvStr, ok := dv.(string); ok { - return dvStr != "" - } - - return true -} - -// Merge headers from src into dst, giving precedence to headers from l. -func (dst rawHeader) merge(src *rawHeader) { - if src == nil { - return - } - - for k, v := range *src { - if dst.isSet(k) { - continue - } - - dst[k] = v - } -} - -// Get JOSE name of curve -func curveName(crv elliptic.Curve) (string, error) { - switch crv { - case elliptic.P256(): - return "P-256", nil - case elliptic.P384(): - return "P-384", nil - case elliptic.P521(): - return "P-521", nil - default: - return "", fmt.Errorf("square/go-jose: unsupported/unknown elliptic curve") - } -} - -// Get size of curve in bytes -func curveSize(crv elliptic.Curve) int { - bits := crv.Params().BitSize - - div := bits / 8 - mod := bits % 8 - - if mod == 0 { - return div - } - - return div + 1 -} - -func makeRawMessage(b []byte) *json.RawMessage { - rm := json.RawMessage(b) - return &rm -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/signing.go b/etcd/vendor/gopkg.in/square/go-jose.v2/signing.go deleted file mode 100644 index be6cf04815..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/signing.go +++ /dev/null @@ -1,389 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto/ecdsa" - "crypto/rsa" - "encoding/base64" - "errors" - "fmt" - - "golang.org/x/crypto/ed25519" - - "gopkg.in/square/go-jose.v2/json" -) - -// NonceSource represents a source of random nonces to go into JWS objects -type NonceSource interface { - Nonce() (string, error) -} - -// Signer represents a signer which takes a payload and produces a signed JWS object. -type Signer interface { - Sign(payload []byte) (*JSONWebSignature, error) - Options() SignerOptions -} - -// SigningKey represents an algorithm/key used to sign a message. -type SigningKey struct { - Algorithm SignatureAlgorithm - Key interface{} -} - -// SignerOptions represents options that can be set when creating signers. -type SignerOptions struct { - NonceSource NonceSource - EmbedJWK bool - - // Optional map of additional keys to be inserted into the protected header - // of a JWS object. Some specifications which make use of JWS like to insert - // additional values here. All values must be JSON-serializable. - ExtraHeaders map[HeaderKey]interface{} -} - -// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it -// if necessary. It returns itself and so can be used in a fluent style. -func (so *SignerOptions) WithHeader(k HeaderKey, v interface{}) *SignerOptions { - if so.ExtraHeaders == nil { - so.ExtraHeaders = map[HeaderKey]interface{}{} - } - so.ExtraHeaders[k] = v - return so -} - -// WithContentType adds a content type ("cty") header and returns the updated -// SignerOptions. -func (so *SignerOptions) WithContentType(contentType ContentType) *SignerOptions { - return so.WithHeader(HeaderContentType, contentType) -} - -// WithType adds a type ("typ") header and returns the updated SignerOptions. -func (so *SignerOptions) WithType(typ ContentType) *SignerOptions { - return so.WithHeader(HeaderType, typ) -} - -type payloadSigner interface { - signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) -} - -type payloadVerifier interface { - verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error -} - -type genericSigner struct { - recipients []recipientSigInfo - nonceSource NonceSource - embedJWK bool - extraHeaders map[HeaderKey]interface{} -} - -type recipientSigInfo struct { - sigAlg SignatureAlgorithm - publicKey func() *JSONWebKey - signer payloadSigner -} - -func staticPublicKey(jwk *JSONWebKey) func() *JSONWebKey { - return func() *JSONWebKey { - return jwk - } -} - -// NewSigner creates an appropriate signer based on the key type -func NewSigner(sig SigningKey, opts *SignerOptions) (Signer, error) { - return NewMultiSigner([]SigningKey{sig}, opts) -} - -// NewMultiSigner creates a signer for multiple recipients -func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) { - signer := &genericSigner{recipients: []recipientSigInfo{}} - - if opts != nil { - signer.nonceSource = opts.NonceSource - signer.embedJWK = opts.EmbedJWK - signer.extraHeaders = opts.ExtraHeaders - } - - for _, sig := range sigs { - err := signer.addRecipient(sig.Algorithm, sig.Key) - if err != nil { - return nil, err - } - } - - return signer, nil -} - -// newVerifier creates a verifier based on the key type -func newVerifier(verificationKey interface{}) (payloadVerifier, error) { - switch verificationKey := verificationKey.(type) { - case ed25519.PublicKey: - return &edEncrypterVerifier{ - publicKey: verificationKey, - }, nil - case *rsa.PublicKey: - return &rsaEncrypterVerifier{ - publicKey: verificationKey, - }, nil - case *ecdsa.PublicKey: - return &ecEncrypterVerifier{ - publicKey: verificationKey, - }, nil - case []byte: - return &symmetricMac{ - key: verificationKey, - }, nil - case JSONWebKey: - return newVerifier(verificationKey.Key) - case *JSONWebKey: - return newVerifier(verificationKey.Key) - } - if ov, ok := verificationKey.(OpaqueVerifier); ok { - return &opaqueVerifier{verifier: ov}, nil - } - return nil, ErrUnsupportedKeyType -} - -func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interface{}) error { - recipient, err := makeJWSRecipient(alg, signingKey) - if err != nil { - return err - } - - ctx.recipients = append(ctx.recipients, recipient) - return nil -} - -func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipientSigInfo, error) { - switch signingKey := signingKey.(type) { - case ed25519.PrivateKey: - return newEd25519Signer(alg, signingKey) - case *rsa.PrivateKey: - return newRSASigner(alg, signingKey) - case *ecdsa.PrivateKey: - return newECDSASigner(alg, signingKey) - case []byte: - return newSymmetricSigner(alg, signingKey) - case JSONWebKey: - return newJWKSigner(alg, signingKey) - case *JSONWebKey: - return newJWKSigner(alg, *signingKey) - } - if signer, ok := signingKey.(OpaqueSigner); ok { - return newOpaqueSigner(alg, signer) - } - return recipientSigInfo{}, ErrUnsupportedKeyType -} - -func newJWKSigner(alg SignatureAlgorithm, signingKey JSONWebKey) (recipientSigInfo, error) { - recipient, err := makeJWSRecipient(alg, signingKey.Key) - if err != nil { - return recipientSigInfo{}, err - } - if recipient.publicKey != nil && recipient.publicKey() != nil { - // recipient.publicKey is a JWK synthesized for embedding when recipientSigInfo - // was created for the inner key (such as a RSA or ECDSA public key). It contains - // the pub key for embedding, but doesn't have extra params like key id. - publicKey := signingKey - publicKey.Key = recipient.publicKey().Key - recipient.publicKey = staticPublicKey(&publicKey) - - // This should be impossible, but let's check anyway. - if !recipient.publicKey().IsPublic() { - return recipientSigInfo{}, errors.New("square/go-jose: public key was unexpectedly not public") - } - } - return recipient, nil -} - -func (ctx *genericSigner) Sign(payload []byte) (*JSONWebSignature, error) { - obj := &JSONWebSignature{} - obj.payload = payload - obj.Signatures = make([]Signature, len(ctx.recipients)) - - for i, recipient := range ctx.recipients { - protected := map[HeaderKey]interface{}{ - headerAlgorithm: string(recipient.sigAlg), - } - - if recipient.publicKey != nil && recipient.publicKey() != nil { - // We want to embed the JWK or set the kid header, but not both. Having a protected - // header that contains an embedded JWK while also simultaneously containing the kid - // header is confusing, and at least in ACME the two are considered to be mutually - // exclusive. The fact that both can exist at the same time is a somewhat unfortunate - // result of the JOSE spec. We've decided that this library will only include one or - // the other to avoid this confusion. - // - // See https://github.com/square/go-jose/issues/157 for more context. - if ctx.embedJWK { - protected[headerJWK] = recipient.publicKey() - } else { - protected[headerKeyID] = recipient.publicKey().KeyID - } - } - - if ctx.nonceSource != nil { - nonce, err := ctx.nonceSource.Nonce() - if err != nil { - return nil, fmt.Errorf("square/go-jose: Error generating nonce: %v", err) - } - protected[headerNonce] = nonce - } - - for k, v := range ctx.extraHeaders { - protected[k] = v - } - - serializedProtected := mustSerializeJSON(protected) - - input := []byte(fmt.Sprintf("%s.%s", - base64.RawURLEncoding.EncodeToString(serializedProtected), - base64.RawURLEncoding.EncodeToString(payload))) - - signatureInfo, err := recipient.signer.signPayload(input, recipient.sigAlg) - if err != nil { - return nil, err - } - - signatureInfo.protected = &rawHeader{} - for k, v := range protected { - b, err := json.Marshal(v) - if err != nil { - return nil, fmt.Errorf("square/go-jose: Error marshalling item %#v: %v", k, err) - } - (*signatureInfo.protected)[k] = makeRawMessage(b) - } - obj.Signatures[i] = signatureInfo - } - - return obj, nil -} - -func (ctx *genericSigner) Options() SignerOptions { - return SignerOptions{ - NonceSource: ctx.nonceSource, - EmbedJWK: ctx.embedJWK, - ExtraHeaders: ctx.extraHeaders, - } -} - -// Verify validates the signature on the object and returns the payload. -// This function does not support multi-signature, if you desire multi-sig -// verification use VerifyMulti instead. -// -// Be careful when verifying signatures based on embedded JWKs inside the -// payload header. You cannot assume that the key received in a payload is -// trusted. -func (obj JSONWebSignature) Verify(verificationKey interface{}) ([]byte, error) { - err := obj.DetachedVerify(obj.payload, verificationKey) - if err != nil { - return nil, err - } - return obj.payload, nil -} - -// UnsafePayloadWithoutVerification returns the payload without -// verifying it. The content returned from this function cannot be -// trusted. -func (obj JSONWebSignature) UnsafePayloadWithoutVerification() []byte { - return obj.payload -} - -// DetachedVerify validates a detached signature on the given payload. In -// most cases, you will probably want to use Verify instead. DetachedVerify -// is only useful if you have a payload and signature that are separated from -// each other. -func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey interface{}) error { - verifier, err := newVerifier(verificationKey) - if err != nil { - return err - } - - if len(obj.Signatures) > 1 { - return errors.New("square/go-jose: too many signatures in payload; expecting only one") - } - - signature := obj.Signatures[0] - headers := signature.mergedHeaders() - critical, err := headers.getCritical() - if err != nil { - return err - } - if len(critical) > 0 { - // Unsupported crit header - return ErrCryptoFailure - } - - input := obj.computeAuthData(payload, &signature) - alg := headers.getSignatureAlgorithm() - err = verifier.verifyPayload(input, signature.Signature, alg) - if err == nil { - return nil - } - - return ErrCryptoFailure -} - -// VerifyMulti validates (one of the multiple) signatures on the object and -// returns the index of the signature that was verified, along with the signature -// object and the payload. We return the signature and index to guarantee that -// callers are getting the verified value. -func (obj JSONWebSignature) VerifyMulti(verificationKey interface{}) (int, Signature, []byte, error) { - idx, sig, err := obj.DetachedVerifyMulti(obj.payload, verificationKey) - if err != nil { - return -1, Signature{}, nil, err - } - return idx, sig, obj.payload, nil -} - -// DetachedVerifyMulti validates a detached signature on the given payload with -// a signature/object that has potentially multiple signers. This returns the index -// of the signature that was verified, along with the signature object. We return -// the signature and index to guarantee that callers are getting the verified value. -// -// In most cases, you will probably want to use Verify or VerifyMulti instead. -// DetachedVerifyMulti is only useful if you have a payload and signature that are -// separated from each other, and the signature can have multiple signers at the -// same time. -func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey interface{}) (int, Signature, error) { - verifier, err := newVerifier(verificationKey) - if err != nil { - return -1, Signature{}, err - } - - for i, signature := range obj.Signatures { - headers := signature.mergedHeaders() - critical, err := headers.getCritical() - if err != nil { - continue - } - if len(critical) > 0 { - // Unsupported crit header - continue - } - - input := obj.computeAuthData(payload, &signature) - alg := headers.getSignatureAlgorithm() - err = verifier.verifyPayload(input, signature.Signature, alg) - if err == nil { - return i, signature, nil - } - } - - return -1, Signature{}, ErrCryptoFailure -} diff --git a/etcd/vendor/gopkg.in/square/go-jose.v2/symmetric.go b/etcd/vendor/gopkg.in/square/go-jose.v2/symmetric.go deleted file mode 100644 index 264a0fe37c..0000000000 --- a/etcd/vendor/gopkg.in/square/go-jose.v2/symmetric.go +++ /dev/null @@ -1,482 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "bytes" - "crypto/aes" - "crypto/cipher" - "crypto/hmac" - "crypto/rand" - "crypto/sha256" - "crypto/sha512" - "crypto/subtle" - "errors" - "fmt" - "hash" - "io" - - "golang.org/x/crypto/pbkdf2" - "gopkg.in/square/go-jose.v2/cipher" -) - -// Random reader (stubbed out in tests) -var RandReader = rand.Reader - -const ( - // RFC7518 recommends a minimum of 1,000 iterations: - // https://tools.ietf.org/html/rfc7518#section-4.8.1.2 - // NIST recommends a minimum of 10,000: - // https://pages.nist.gov/800-63-3/sp800-63b.html - // 1Password uses 100,000: - // https://support.1password.com/pbkdf2/ - defaultP2C = 100000 - // Default salt size: 128 bits - defaultP2SSize = 16 -) - -// Dummy key cipher for shared symmetric key mode -type symmetricKeyCipher struct { - key []byte // Pre-shared content-encryption key - p2c int // PBES2 Count - p2s []byte // PBES2 Salt Input -} - -// Signer/verifier for MAC modes -type symmetricMac struct { - key []byte -} - -// Input/output from an AEAD operation -type aeadParts struct { - iv, ciphertext, tag []byte -} - -// A content cipher based on an AEAD construction -type aeadContentCipher struct { - keyBytes int - authtagBytes int - getAead func(key []byte) (cipher.AEAD, error) -} - -// Random key generator -type randomKeyGenerator struct { - size int -} - -// Static key generator -type staticKeyGenerator struct { - key []byte -} - -// Create a new content cipher based on AES-GCM -func newAESGCM(keySize int) contentCipher { - return &aeadContentCipher{ - keyBytes: keySize, - authtagBytes: 16, - getAead: func(key []byte) (cipher.AEAD, error) { - aes, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - - return cipher.NewGCM(aes) - }, - } -} - -// Create a new content cipher based on AES-CBC+HMAC -func newAESCBC(keySize int) contentCipher { - return &aeadContentCipher{ - keyBytes: keySize * 2, - authtagBytes: keySize, - getAead: func(key []byte) (cipher.AEAD, error) { - return josecipher.NewCBCHMAC(key, aes.NewCipher) - }, - } -} - -// Get an AEAD cipher object for the given content encryption algorithm -func getContentCipher(alg ContentEncryption) contentCipher { - switch alg { - case A128GCM: - return newAESGCM(16) - case A192GCM: - return newAESGCM(24) - case A256GCM: - return newAESGCM(32) - case A128CBC_HS256: - return newAESCBC(16) - case A192CBC_HS384: - return newAESCBC(24) - case A256CBC_HS512: - return newAESCBC(32) - default: - return nil - } -} - -// getPbkdf2Params returns the key length and hash function used in -// pbkdf2.Key. -func getPbkdf2Params(alg KeyAlgorithm) (int, func() hash.Hash) { - switch alg { - case PBES2_HS256_A128KW: - return 16, sha256.New - case PBES2_HS384_A192KW: - return 24, sha512.New384 - case PBES2_HS512_A256KW: - return 32, sha512.New - default: - panic("invalid algorithm") - } -} - -// getRandomSalt generates a new salt of the given size. -func getRandomSalt(size int) ([]byte, error) { - salt := make([]byte, size) - _, err := io.ReadFull(RandReader, salt) - if err != nil { - return nil, err - } - - return salt, nil -} - -// newSymmetricRecipient creates a JWE encrypter based on AES-GCM key wrap. -func newSymmetricRecipient(keyAlg KeyAlgorithm, key []byte) (recipientKeyInfo, error) { - switch keyAlg { - case DIRECT, A128GCMKW, A192GCMKW, A256GCMKW, A128KW, A192KW, A256KW: - case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW: - default: - return recipientKeyInfo{}, ErrUnsupportedAlgorithm - } - - return recipientKeyInfo{ - keyAlg: keyAlg, - keyEncrypter: &symmetricKeyCipher{ - key: key, - }, - }, nil -} - -// newSymmetricSigner creates a recipientSigInfo based on the given key. -func newSymmetricSigner(sigAlg SignatureAlgorithm, key []byte) (recipientSigInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch sigAlg { - case HS256, HS384, HS512: - default: - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - return recipientSigInfo{ - sigAlg: sigAlg, - signer: &symmetricMac{ - key: key, - }, - }, nil -} - -// Generate a random key for the given content cipher -func (ctx randomKeyGenerator) genKey() ([]byte, rawHeader, error) { - key := make([]byte, ctx.size) - _, err := io.ReadFull(RandReader, key) - if err != nil { - return nil, rawHeader{}, err - } - - return key, rawHeader{}, nil -} - -// Key size for random generator -func (ctx randomKeyGenerator) keySize() int { - return ctx.size -} - -// Generate a static key (for direct mode) -func (ctx staticKeyGenerator) genKey() ([]byte, rawHeader, error) { - cek := make([]byte, len(ctx.key)) - copy(cek, ctx.key) - return cek, rawHeader{}, nil -} - -// Key size for static generator -func (ctx staticKeyGenerator) keySize() int { - return len(ctx.key) -} - -// Get key size for this cipher -func (ctx aeadContentCipher) keySize() int { - return ctx.keyBytes -} - -// Encrypt some data -func (ctx aeadContentCipher) encrypt(key, aad, pt []byte) (*aeadParts, error) { - // Get a new AEAD instance - aead, err := ctx.getAead(key) - if err != nil { - return nil, err - } - - // Initialize a new nonce - iv := make([]byte, aead.NonceSize()) - _, err = io.ReadFull(RandReader, iv) - if err != nil { - return nil, err - } - - ciphertextAndTag := aead.Seal(nil, iv, pt, aad) - offset := len(ciphertextAndTag) - ctx.authtagBytes - - return &aeadParts{ - iv: iv, - ciphertext: ciphertextAndTag[:offset], - tag: ciphertextAndTag[offset:], - }, nil -} - -// Decrypt some data -func (ctx aeadContentCipher) decrypt(key, aad []byte, parts *aeadParts) ([]byte, error) { - aead, err := ctx.getAead(key) - if err != nil { - return nil, err - } - - if len(parts.iv) != aead.NonceSize() || len(parts.tag) < ctx.authtagBytes { - return nil, ErrCryptoFailure - } - - return aead.Open(nil, parts.iv, append(parts.ciphertext, parts.tag...), aad) -} - -// Encrypt the content encryption key. -func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { - switch alg { - case DIRECT: - return recipientInfo{ - header: &rawHeader{}, - }, nil - case A128GCMKW, A192GCMKW, A256GCMKW: - aead := newAESGCM(len(ctx.key)) - - parts, err := aead.encrypt(ctx.key, []byte{}, cek) - if err != nil { - return recipientInfo{}, err - } - - header := &rawHeader{} - header.set(headerIV, newBuffer(parts.iv)) - header.set(headerTag, newBuffer(parts.tag)) - - return recipientInfo{ - header: header, - encryptedKey: parts.ciphertext, - }, nil - case A128KW, A192KW, A256KW: - block, err := aes.NewCipher(ctx.key) - if err != nil { - return recipientInfo{}, err - } - - jek, err := josecipher.KeyWrap(block, cek) - if err != nil { - return recipientInfo{}, err - } - - return recipientInfo{ - encryptedKey: jek, - header: &rawHeader{}, - }, nil - case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW: - if len(ctx.p2s) == 0 { - salt, err := getRandomSalt(defaultP2SSize) - if err != nil { - return recipientInfo{}, err - } - ctx.p2s = salt - } - - if ctx.p2c <= 0 { - ctx.p2c = defaultP2C - } - - // salt is UTF8(Alg) || 0x00 || Salt Input - salt := bytes.Join([][]byte{[]byte(alg), ctx.p2s}, []byte{0x00}) - - // derive key - keyLen, h := getPbkdf2Params(alg) - key := pbkdf2.Key(ctx.key, salt, ctx.p2c, keyLen, h) - - // use AES cipher with derived key - block, err := aes.NewCipher(key) - if err != nil { - return recipientInfo{}, err - } - - jek, err := josecipher.KeyWrap(block, cek) - if err != nil { - return recipientInfo{}, err - } - - header := &rawHeader{} - header.set(headerP2C, ctx.p2c) - header.set(headerP2S, newBuffer(ctx.p2s)) - - return recipientInfo{ - encryptedKey: jek, - header: header, - }, nil - } - - return recipientInfo{}, ErrUnsupportedAlgorithm -} - -// Decrypt the content encryption key. -func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - switch headers.getAlgorithm() { - case DIRECT: - cek := make([]byte, len(ctx.key)) - copy(cek, ctx.key) - return cek, nil - case A128GCMKW, A192GCMKW, A256GCMKW: - aead := newAESGCM(len(ctx.key)) - - iv, err := headers.getIV() - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid IV: %v", err) - } - tag, err := headers.getTag() - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid tag: %v", err) - } - - parts := &aeadParts{ - iv: iv.bytes(), - ciphertext: recipient.encryptedKey, - tag: tag.bytes(), - } - - cek, err := aead.decrypt(ctx.key, []byte{}, parts) - if err != nil { - return nil, err - } - - return cek, nil - case A128KW, A192KW, A256KW: - block, err := aes.NewCipher(ctx.key) - if err != nil { - return nil, err - } - - cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey) - if err != nil { - return nil, err - } - return cek, nil - case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW: - p2s, err := headers.getP2S() - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid P2S: %v", err) - } - if p2s == nil || len(p2s.data) == 0 { - return nil, fmt.Errorf("square/go-jose: invalid P2S: must be present") - } - - p2c, err := headers.getP2C() - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid P2C: %v", err) - } - if p2c <= 0 { - return nil, fmt.Errorf("square/go-jose: invalid P2C: must be a positive integer") - } - - // salt is UTF8(Alg) || 0x00 || Salt Input - alg := headers.getAlgorithm() - salt := bytes.Join([][]byte{[]byte(alg), p2s.bytes()}, []byte{0x00}) - - // derive key - keyLen, h := getPbkdf2Params(alg) - key := pbkdf2.Key(ctx.key, salt, p2c, keyLen, h) - - // use AES cipher with derived key - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - - cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey) - if err != nil { - return nil, err - } - return cek, nil - } - - return nil, ErrUnsupportedAlgorithm -} - -// Sign the given payload -func (ctx symmetricMac) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - mac, err := ctx.hmac(payload, alg) - if err != nil { - return Signature{}, errors.New("square/go-jose: failed to compute hmac") - } - - return Signature{ - Signature: mac, - protected: &rawHeader{}, - }, nil -} - -// Verify the given payload -func (ctx symmetricMac) verifyPayload(payload []byte, mac []byte, alg SignatureAlgorithm) error { - expected, err := ctx.hmac(payload, alg) - if err != nil { - return errors.New("square/go-jose: failed to compute hmac") - } - - if len(mac) != len(expected) { - return errors.New("square/go-jose: invalid hmac") - } - - match := subtle.ConstantTimeCompare(mac, expected) - if match != 1 { - return errors.New("square/go-jose: invalid hmac") - } - - return nil -} - -// Compute the HMAC based on the given alg value -func (ctx symmetricMac) hmac(payload []byte, alg SignatureAlgorithm) ([]byte, error) { - var hash func() hash.Hash - - switch alg { - case HS256: - hash = sha256.New - case HS384: - hash = sha512.New384 - case HS512: - hash = sha512.New - default: - return nil, ErrUnsupportedAlgorithm - } - - hmac := hmac.New(hash, ctx.key) - - // According to documentation, Write() on hash never fails - _, _ = hmac.Write(payload) - return hmac.Sum(nil), nil -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/api/equality/semantic.go b/etcd/vendor/k8s.io/apimachinery/pkg/api/equality/semantic.go deleted file mode 100644 index f02fa8e434..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/api/equality/semantic.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package equality - -import ( - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" -) - -// Semantic can do semantic deep equality checks for api objects. -// Example: apiequality.Semantic.DeepEqual(aPod, aPodWithNonNilButEmptyMaps) == true -var Semantic = conversion.EqualitiesOrDie( - func(a, b resource.Quantity) bool { - // Ignore formatting, only care that numeric value stayed the same. - // TODO: if we decide it's important, it should be safe to start comparing the format. - // - // Uninitialized quantities are equivalent to 0 quantities. - return a.Cmp(b) == 0 - }, - func(a, b metav1.MicroTime) bool { - return a.UTC() == b.UTC() - }, - func(a, b metav1.Time) bool { - return a.UTC() == b.UTC() - }, - func(a, b labels.Selector) bool { - return a.String() == b.String() - }, - func(a, b fields.Selector) bool { - return a.String() == b.String() - }, -) diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/doc.go b/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/doc.go deleted file mode 100644 index 9f20152e45..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package validation contains generic api type validation functions. -package validation // import "k8s.io/apimachinery/pkg/api/validation" diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/generic.go b/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/generic.go deleted file mode 100644 index e0b5b14900..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/generic.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "strings" - - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// IsNegativeErrorMsg is a error message for value must be greater than or equal to 0. -const IsNegativeErrorMsg string = `must be greater than or equal to 0` - -// ValidateNameFunc validates that the provided name is valid for a given resource type. -// Not all resources have the same validation rules for names. Prefix is true -// if the name will have a value appended to it. If the name is not valid, -// this returns a list of descriptions of individual characteristics of the -// value that were not valid. Otherwise this returns an empty list or nil. -type ValidateNameFunc func(name string, prefix bool) []string - -// NameIsDNSSubdomain is a ValidateNameFunc for names that must be a DNS subdomain. -func NameIsDNSSubdomain(name string, prefix bool) []string { - if prefix { - name = maskTrailingDash(name) - } - return validation.IsDNS1123Subdomain(name) -} - -// NameIsDNSLabel is a ValidateNameFunc for names that must be a DNS 1123 label. -func NameIsDNSLabel(name string, prefix bool) []string { - if prefix { - name = maskTrailingDash(name) - } - return validation.IsDNS1123Label(name) -} - -// NameIsDNS1035Label is a ValidateNameFunc for names that must be a DNS 952 label. -func NameIsDNS1035Label(name string, prefix bool) []string { - if prefix { - name = maskTrailingDash(name) - } - return validation.IsDNS1035Label(name) -} - -// ValidateNamespaceName can be used to check whether the given namespace name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateNamespaceName = NameIsDNSLabel - -// ValidateServiceAccountName can be used to check whether the given service account name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateServiceAccountName = NameIsDNSSubdomain - -// maskTrailingDash replaces the final character of a string with a subdomain safe -// value if it is a dash and if the length of this string is greater than 1. Note that -// this is used when a value could be appended to the string, see ValidateNameFunc -// for more info. -func maskTrailingDash(name string) string { - if len(name) > 1 && strings.HasSuffix(name, "-") { - return name[:len(name)-2] + "a" - } - return name -} - -// ValidateNonnegativeField validates that given value is not negative. -func ValidateNonnegativeField(value int64, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if value < 0 { - allErrs = append(allErrs, field.Invalid(fldPath, value, IsNegativeErrorMsg)) - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/objectmeta.go b/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/objectmeta.go deleted file mode 100644 index 593d7ba8cf..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/objectmeta.go +++ /dev/null @@ -1,265 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strings" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// FieldImmutableErrorMsg is a error message for field is immutable. -const FieldImmutableErrorMsg string = `field is immutable` - -const TotalAnnotationSizeLimitB int = 256 * (1 << 10) // 256 kB - -// BannedOwners is a black list of object that are not allowed to be owners. -var BannedOwners = map[schema.GroupVersionKind]struct{}{ - {Group: "", Version: "v1", Kind: "Event"}: {}, -} - -// ValidateAnnotations validates that a set of annotations are correctly defined. -func ValidateAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for k := range annotations { - // The rule is QualifiedName except that case doesn't matter, so convert to lowercase before checking. - for _, msg := range validation.IsQualifiedName(strings.ToLower(k)) { - allErrs = append(allErrs, field.Invalid(fldPath, k, msg)) - } - } - if err := ValidateAnnotationsSize(annotations); err != nil { - allErrs = append(allErrs, field.TooLong(fldPath, "", TotalAnnotationSizeLimitB)) - } - return allErrs -} - -func ValidateAnnotationsSize(annotations map[string]string) error { - var totalSize int64 - for k, v := range annotations { - totalSize += (int64)(len(k)) + (int64)(len(v)) - } - if totalSize > (int64)(TotalAnnotationSizeLimitB) { - return fmt.Errorf("annotations size %d is larger than limit %d", totalSize, TotalAnnotationSizeLimitB) - } - return nil -} - -func validateOwnerReference(ownerReference metav1.OwnerReference, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - gvk := schema.FromAPIVersionAndKind(ownerReference.APIVersion, ownerReference.Kind) - // gvk.Group is empty for the legacy group. - if len(gvk.Version) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("apiVersion"), ownerReference.APIVersion, "version must not be empty")) - } - if len(gvk.Kind) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("kind"), ownerReference.Kind, "kind must not be empty")) - } - if len(ownerReference.Name) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), ownerReference.Name, "name must not be empty")) - } - if len(ownerReference.UID) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("uid"), ownerReference.UID, "uid must not be empty")) - } - if _, ok := BannedOwners[gvk]; ok { - allErrs = append(allErrs, field.Invalid(fldPath, ownerReference, fmt.Sprintf("%s is disallowed from being an owner", gvk))) - } - return allErrs -} - -// ValidateOwnerReferences validates that a set of owner references are correctly defined. -func ValidateOwnerReferences(ownerReferences []metav1.OwnerReference, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - firstControllerName := "" - for _, ref := range ownerReferences { - allErrs = append(allErrs, validateOwnerReference(ref, fldPath)...) - if ref.Controller != nil && *ref.Controller { - curControllerName := ref.Kind + "/" + ref.Name - if firstControllerName != "" { - allErrs = append(allErrs, field.Invalid(fldPath, ownerReferences, - fmt.Sprintf("Only one reference can have Controller set to true. Found \"true\" in references for %v and %v", firstControllerName, curControllerName))) - } else { - firstControllerName = curControllerName - } - } - } - return allErrs -} - -// ValidateFinalizerName validates finalizer names. -func ValidateFinalizerName(stringValue string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsQualifiedName(stringValue) { - allErrs = append(allErrs, field.Invalid(fldPath, stringValue, msg)) - } - - return allErrs -} - -// ValidateNoNewFinalizers validates the new finalizers has no new finalizers compare to old finalizers. -func ValidateNoNewFinalizers(newFinalizers []string, oldFinalizers []string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - extra := sets.NewString(newFinalizers...).Difference(sets.NewString(oldFinalizers...)) - if len(extra) != 0 { - allErrs = append(allErrs, field.Forbidden(fldPath, fmt.Sprintf("no new finalizers can be added if the object is being deleted, found new finalizers %#v", extra.List()))) - } - return allErrs -} - -// ValidateImmutableField validates the new value and the old value are deeply equal. -func ValidateImmutableField(newVal, oldVal interface{}, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if !apiequality.Semantic.DeepEqual(oldVal, newVal) { - allErrs = append(allErrs, field.Invalid(fldPath, newVal, FieldImmutableErrorMsg)) - } - return allErrs -} - -// ValidateObjectMeta validates an object's metadata on creation. It expects that name generation has already -// been performed. -// It doesn't return an error for rootscoped resources with namespace, because namespace should already be cleared before. -func ValidateObjectMeta(objMeta *metav1.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc, fldPath *field.Path) field.ErrorList { - metadata, err := meta.Accessor(objMeta) - if err != nil { - var allErrs field.ErrorList - allErrs = append(allErrs, field.Invalid(fldPath, objMeta, err.Error())) - return allErrs - } - return ValidateObjectMetaAccessor(metadata, requiresNamespace, nameFn, fldPath) -} - -// ValidateObjectMetaAccessor validates an object's metadata on creation. It expects that name generation has already -// been performed. -// It doesn't return an error for rootscoped resources with namespace, because namespace should already be cleared before. -func ValidateObjectMetaAccessor(meta metav1.Object, requiresNamespace bool, nameFn ValidateNameFunc, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - if len(meta.GetGenerateName()) != 0 { - for _, msg := range nameFn(meta.GetGenerateName(), true) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("generateName"), meta.GetGenerateName(), msg)) - } - } - // If the generated name validates, but the calculated value does not, it's a problem with generation, and we - // report it here. This may confuse users, but indicates a programming bug and still must be validated. - // If there are multiple fields out of which one is required then add an or as a separator - if len(meta.GetName()) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "name or generateName is required")) - } else { - for _, msg := range nameFn(meta.GetName(), false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), meta.GetName(), msg)) - } - } - if requiresNamespace { - if len(meta.GetNamespace()) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), "")) - } else { - for _, msg := range ValidateNamespaceName(meta.GetNamespace(), false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), meta.GetNamespace(), msg)) - } - } - } else { - if len(meta.GetNamespace()) != 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("namespace"), "not allowed on this type")) - } - } - - allErrs = append(allErrs, ValidateNonnegativeField(meta.GetGeneration(), fldPath.Child("generation"))...) - allErrs = append(allErrs, v1validation.ValidateLabels(meta.GetLabels(), fldPath.Child("labels"))...) - allErrs = append(allErrs, ValidateAnnotations(meta.GetAnnotations(), fldPath.Child("annotations"))...) - allErrs = append(allErrs, ValidateOwnerReferences(meta.GetOwnerReferences(), fldPath.Child("ownerReferences"))...) - allErrs = append(allErrs, ValidateFinalizers(meta.GetFinalizers(), fldPath.Child("finalizers"))...) - allErrs = append(allErrs, v1validation.ValidateManagedFields(meta.GetManagedFields(), fldPath.Child("managedFields"))...) - return allErrs -} - -// ValidateFinalizers tests if the finalizers name are valid, and if there are conflicting finalizers. -func ValidateFinalizers(finalizers []string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - hasFinalizerOrphanDependents := false - hasFinalizerDeleteDependents := false - for _, finalizer := range finalizers { - allErrs = append(allErrs, ValidateFinalizerName(finalizer, fldPath)...) - if finalizer == metav1.FinalizerOrphanDependents { - hasFinalizerOrphanDependents = true - } - if finalizer == metav1.FinalizerDeleteDependents { - hasFinalizerDeleteDependents = true - } - } - if hasFinalizerDeleteDependents && hasFinalizerOrphanDependents { - allErrs = append(allErrs, field.Invalid(fldPath, finalizers, fmt.Sprintf("finalizer %s and %s cannot be both set", metav1.FinalizerOrphanDependents, metav1.FinalizerDeleteDependents))) - } - return allErrs -} - -// ValidateObjectMetaUpdate validates an object's metadata when updated. -func ValidateObjectMetaUpdate(newMeta, oldMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList { - newMetadata, err := meta.Accessor(newMeta) - if err != nil { - allErrs := field.ErrorList{} - allErrs = append(allErrs, field.Invalid(fldPath, newMeta, err.Error())) - return allErrs - } - oldMetadata, err := meta.Accessor(oldMeta) - if err != nil { - allErrs := field.ErrorList{} - allErrs = append(allErrs, field.Invalid(fldPath, oldMeta, err.Error())) - return allErrs - } - return ValidateObjectMetaAccessorUpdate(newMetadata, oldMetadata, fldPath) -} - -// ValidateObjectMetaAccessorUpdate validates an object's metadata when updated. -func ValidateObjectMetaAccessorUpdate(newMeta, oldMeta metav1.Object, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - // Finalizers cannot be added if the object is already being deleted. - if oldMeta.GetDeletionTimestamp() != nil { - allErrs = append(allErrs, ValidateNoNewFinalizers(newMeta.GetFinalizers(), oldMeta.GetFinalizers(), fldPath.Child("finalizers"))...) - } - - // Reject updates that don't specify a resource version - if len(newMeta.GetResourceVersion()) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceVersion"), newMeta.GetResourceVersion(), "must be specified for an update")) - } - - // Generation shouldn't be decremented - if newMeta.GetGeneration() < oldMeta.GetGeneration() { - allErrs = append(allErrs, field.Invalid(fldPath.Child("generation"), newMeta.GetGeneration(), "must not be decremented")) - } - - allErrs = append(allErrs, ValidateImmutableField(newMeta.GetName(), oldMeta.GetName(), fldPath.Child("name"))...) - allErrs = append(allErrs, ValidateImmutableField(newMeta.GetNamespace(), oldMeta.GetNamespace(), fldPath.Child("namespace"))...) - allErrs = append(allErrs, ValidateImmutableField(newMeta.GetUID(), oldMeta.GetUID(), fldPath.Child("uid"))...) - allErrs = append(allErrs, ValidateImmutableField(newMeta.GetCreationTimestamp(), oldMeta.GetCreationTimestamp(), fldPath.Child("creationTimestamp"))...) - allErrs = append(allErrs, ValidateImmutableField(newMeta.GetDeletionTimestamp(), oldMeta.GetDeletionTimestamp(), fldPath.Child("deletionTimestamp"))...) - allErrs = append(allErrs, ValidateImmutableField(newMeta.GetDeletionGracePeriodSeconds(), oldMeta.GetDeletionGracePeriodSeconds(), fldPath.Child("deletionGracePeriodSeconds"))...) - - allErrs = append(allErrs, v1validation.ValidateLabels(newMeta.GetLabels(), fldPath.Child("labels"))...) - allErrs = append(allErrs, ValidateAnnotations(newMeta.GetAnnotations(), fldPath.Child("annotations"))...) - allErrs = append(allErrs, ValidateOwnerReferences(newMeta.GetOwnerReferences(), fldPath.Child("ownerReferences"))...) - allErrs = append(allErrs, v1validation.ValidateManagedFields(newMeta.GetManagedFields(), fldPath.Child("managedFields"))...) - - return allErrs -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/path/name.go b/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/path/name.go deleted file mode 100644 index ffb9f56d80..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/api/validation/path/name.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package path - -import ( - "fmt" - "strings" -) - -// NameMayNotBe specifies strings that cannot be used as names specified as path segments (like the REST API or etcd store) -var NameMayNotBe = []string{".", ".."} - -// NameMayNotContain specifies substrings that cannot be used in names specified as path segments (like the REST API or etcd store) -var NameMayNotContain = []string{"/", "%"} - -// IsValidPathSegmentName validates the name can be safely encoded as a path segment -func IsValidPathSegmentName(name string) []string { - for _, illegalName := range NameMayNotBe { - if name == illegalName { - return []string{fmt.Sprintf(`may not be '%s'`, illegalName)} - } - } - - var errors []string - for _, illegalContent := range NameMayNotContain { - if strings.Contains(name, illegalContent) { - errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent)) - } - } - - return errors -} - -// IsValidPathSegmentPrefix validates the name can be used as a prefix for a name which will be encoded as a path segment -// It does not check for exact matches with disallowed names, since an arbitrary suffix might make the name valid -func IsValidPathSegmentPrefix(name string) []string { - var errors []string - for _, illegalContent := range NameMayNotContain { - if strings.Contains(name, illegalContent) { - errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent)) - } - } - - return errors -} - -// ValidatePathSegmentName validates the name can be safely encoded as a path segment -func ValidatePathSegmentName(name string, prefix bool) []string { - if prefix { - return IsValidPathSegmentPrefix(name) - } - - return IsValidPathSegmentName(name) -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/doc.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/doc.go deleted file mode 100644 index 2741ee2c80..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apimachinery/pkg/apis/meta/v1 - -package internalversion // import "k8s.io/apimachinery/pkg/apis/meta/internalversion" diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/register.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/register.go deleted file mode 100644 index a59ac71268..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/register.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internalversion - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name for this API. -const GroupName = "meta.k8s.io" - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// addToGroupVersion registers common meta types into schemas. -func addToGroupVersion(scheme *runtime.Scheme) error { - if err := scheme.AddIgnoredConversionType(&metav1.TypeMeta{}, &metav1.TypeMeta{}); err != nil { - return err - } - // ListOptions is the only options struct which needs conversion (it exposes labels and fields - // as selectors for convenience). The other types have only a single representation today. - scheme.AddKnownTypes(SchemeGroupVersion, - &ListOptions{}, - &metav1.GetOptions{}, - &metav1.DeleteOptions{}, - &metav1.CreateOptions{}, - &metav1.UpdateOptions{}, - ) - scheme.AddKnownTypes(SchemeGroupVersion, - &metav1.Table{}, - &metav1.TableOptions{}, - &metav1beta1.PartialObjectMetadata{}, - &metav1beta1.PartialObjectMetadataList{}, - ) - if err := metav1beta1.AddMetaToScheme(scheme); err != nil { - return err - } - if err := metav1.AddMetaToScheme(scheme); err != nil { - return err - } - // Allow delete options to be decoded across all version in this scheme (we may want to be more clever than this) - scheme.AddUnversionedTypes(SchemeGroupVersion, - &metav1.DeleteOptions{}, - &metav1.CreateOptions{}, - &metav1.UpdateOptions{}) - - metav1.AddToGroupVersion(scheme, metav1.SchemeGroupVersion) - if err := metav1beta1.RegisterConversions(scheme); err != nil { - return err - } - return nil -} - -// Unlike other API groups, meta internal knows about all meta external versions, but keeps -// the logic for conversion private. -func init() { - localSchemeBuilder.Register(addToGroupVersion) -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme/doc.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme/doc.go deleted file mode 100644 index a45fa2a8a5..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package scheme // import "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme/register.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme/register.go deleted file mode 100644 index 472a9aeb23..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme/register.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package scheme - -import ( - "k8s.io/apimachinery/pkg/apis/meta/internalversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -// Scheme is the registry for any type that adheres to the meta API spec. -var scheme = runtime.NewScheme() - -// Codecs provides access to encoding and decoding for the scheme. -var Codecs = serializer.NewCodecFactory(scheme) - -// ParameterCodec handles versioning of objects that are converted to query parameters. -var ParameterCodec = runtime.NewParameterCodec(scheme) - -// Unlike other API groups, meta internal knows about all meta external versions, but keeps -// the logic for conversion private. -func init() { - utilruntime.Must(internalversion.AddToScheme(scheme)) -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/types.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/types.go deleted file mode 100644 index a49b5f2bef..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/types.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internalversion - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ListOptions is the query options to a standard REST list call. -type ListOptions struct { - metav1.TypeMeta - - // A selector based on labels - LabelSelector labels.Selector - // A selector based on fields - FieldSelector fields.Selector - // If true, watch for changes to this list - Watch bool - // allowWatchBookmarks requests watch events with type "BOOKMARK". - // Servers that do not implement bookmarks may ignore this flag and - // bookmarks are sent at the server's discretion. Clients should not - // assume bookmarks are returned at any specific interval, nor may they - // assume the server will send any BOOKMARK event during a session. - // If this is not a watch, this field is ignored. - // If the feature gate WatchBookmarks is not enabled in apiserver, - // this field is ignored. - AllowWatchBookmarks bool - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - ResourceVersion string - // resourceVersionMatch determines how resourceVersion is applied to list calls. - // It is highly recommended that resourceVersionMatch be set for list calls where - // resourceVersion is set. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - ResourceVersionMatch metav1.ResourceVersionMatch - - // Timeout for the list/watch call. - TimeoutSeconds *int64 - // Limit specifies the maximum number of results to return from the server. The server may - // not support this field on all resource types, but if it does and more results remain it - // will set the continue field on the returned list object. - Limit int64 - // Continue is a token returned by the server that lets a client retrieve chunks of results - // from the server by specifying limit. The server may reject requests for continuation tokens - // it does not recognize and will return a 410 error if the token can no longer be used because - // it has expired. - Continue string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// List holds a list of objects, which may not be known by the server. -type List struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []runtime.Object -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/validation/validation.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/validation/validation.go deleted file mode 100644 index 8403d1a861..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/validation/validation.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// ValidateListOptions returns all validation errors found while validating the ListOptions. -func ValidateListOptions(options *internalversion.ListOptions) field.ErrorList { - allErrs := field.ErrorList{} - if match := options.ResourceVersionMatch; len(match) > 0 { - if options.Watch { - allErrs = append(allErrs, field.Forbidden(field.NewPath("resourceVersionMatch"), "resourceVersionMatch is forbidden for watch")) - } - if len(options.ResourceVersion) == 0 { - allErrs = append(allErrs, field.Forbidden(field.NewPath("resourceVersionMatch"), "resourceVersionMatch is forbidden unless resourceVersion is provided")) - } - if len(options.Continue) > 0 { - allErrs = append(allErrs, field.Forbidden(field.NewPath("resourceVersionMatch"), "resourceVersionMatch is forbidden when continue is provided")) - } - if match != metav1.ResourceVersionMatchExact && match != metav1.ResourceVersionMatchNotOlderThan { - allErrs = append(allErrs, field.NotSupported(field.NewPath("resourceVersionMatch"), match, []string{string(metav1.ResourceVersionMatchExact), string(metav1.ResourceVersionMatchNotOlderThan), ""})) - } - if match == metav1.ResourceVersionMatchExact && options.ResourceVersion == "0" { - allErrs = append(allErrs, field.Forbidden(field.NewPath("resourceVersionMatch"), "resourceVersionMatch \"exact\" is forbidden for resourceVersion \"0\"")) - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/zz_generated.conversion.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/zz_generated.conversion.go deleted file mode 100644 index 6d212b846a..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/zz_generated.conversion.go +++ /dev/null @@ -1,146 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package internalversion - -import ( - unsafe "unsafe" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*List)(nil), (*v1.List)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_internalversion_List_To_v1_List(a.(*List), b.(*v1.List), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.List)(nil), (*List)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_List_To_internalversion_List(a.(*v1.List), b.(*List), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ListOptions)(nil), (*v1.ListOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_internalversion_ListOptions_To_v1_ListOptions(a.(*ListOptions), b.(*v1.ListOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ListOptions)(nil), (*ListOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ListOptions_To_internalversion_ListOptions(a.(*v1.ListOptions), b.(*ListOptions), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_internalversion_List_To_v1_List(in *List, out *v1.List, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]runtime.RawExtension, len(*in)) - for i := range *in { - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_internalversion_List_To_v1_List is an autogenerated conversion function. -func Convert_internalversion_List_To_v1_List(in *List, out *v1.List, s conversion.Scope) error { - return autoConvert_internalversion_List_To_v1_List(in, out, s) -} - -func autoConvert_v1_List_To_internalversion_List(in *v1.List, out *List, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]runtime.Object, len(*in)) - for i := range *in { - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_List_To_internalversion_List is an autogenerated conversion function. -func Convert_v1_List_To_internalversion_List(in *v1.List, out *List, s conversion.Scope) error { - return autoConvert_v1_List_To_internalversion_List(in, out, s) -} - -func autoConvert_internalversion_ListOptions_To_v1_ListOptions(in *ListOptions, out *v1.ListOptions, s conversion.Scope) error { - if err := v1.Convert_labels_Selector_To_string(&in.LabelSelector, &out.LabelSelector, s); err != nil { - return err - } - if err := v1.Convert_fields_Selector_To_string(&in.FieldSelector, &out.FieldSelector, s); err != nil { - return err - } - out.Watch = in.Watch - out.AllowWatchBookmarks = in.AllowWatchBookmarks - out.ResourceVersion = in.ResourceVersion - out.ResourceVersionMatch = v1.ResourceVersionMatch(in.ResourceVersionMatch) - out.TimeoutSeconds = (*int64)(unsafe.Pointer(in.TimeoutSeconds)) - out.Limit = in.Limit - out.Continue = in.Continue - return nil -} - -// Convert_internalversion_ListOptions_To_v1_ListOptions is an autogenerated conversion function. -func Convert_internalversion_ListOptions_To_v1_ListOptions(in *ListOptions, out *v1.ListOptions, s conversion.Scope) error { - return autoConvert_internalversion_ListOptions_To_v1_ListOptions(in, out, s) -} - -func autoConvert_v1_ListOptions_To_internalversion_ListOptions(in *v1.ListOptions, out *ListOptions, s conversion.Scope) error { - if err := v1.Convert_string_To_labels_Selector(&in.LabelSelector, &out.LabelSelector, s); err != nil { - return err - } - if err := v1.Convert_string_To_fields_Selector(&in.FieldSelector, &out.FieldSelector, s); err != nil { - return err - } - out.Watch = in.Watch - out.AllowWatchBookmarks = in.AllowWatchBookmarks - out.ResourceVersion = in.ResourceVersion - out.ResourceVersionMatch = v1.ResourceVersionMatch(in.ResourceVersionMatch) - out.TimeoutSeconds = (*int64)(unsafe.Pointer(in.TimeoutSeconds)) - out.Limit = in.Limit - out.Continue = in.Continue - return nil -} - -// Convert_v1_ListOptions_To_internalversion_ListOptions is an autogenerated conversion function. -func Convert_v1_ListOptions_To_internalversion_ListOptions(in *v1.ListOptions, out *ListOptions, s conversion.Scope) error { - return autoConvert_v1_ListOptions_To_internalversion_ListOptions(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/zz_generated.deepcopy.go deleted file mode 100644 index 6e1eac5c75..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/zz_generated.deepcopy.go +++ /dev/null @@ -1,97 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package internalversion - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *List) DeepCopyInto(out *List) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]runtime.Object, len(*in)) - for i := range *in { - if (*in)[i] != nil { - (*out)[i] = (*in)[i].DeepCopyObject() - } - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new List. -func (in *List) DeepCopy() *List { - if in == nil { - return nil - } - out := new(List) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *List) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ListOptions) DeepCopyInto(out *ListOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.LabelSelector != nil { - out.LabelSelector = in.LabelSelector.DeepCopySelector() - } - if in.FieldSelector != nil { - out.FieldSelector = in.FieldSelector.DeepCopySelector() - } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(int64) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListOptions. -func (in *ListOptions) DeepCopy() *ListOptions { - if in == nil { - return nil - } - out := new(ListOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ListOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/validation/validation.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/validation/validation.go deleted file mode 100644 index a0f709ad86..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/validation/validation.go +++ /dev/null @@ -1,320 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "regexp" - "unicode" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// LabelSelectorValidationOptions is a struct that can be passed to ValidateLabelSelector to record the validate options -type LabelSelectorValidationOptions struct { - // Allow invalid label value in selector - AllowInvalidLabelValueInSelector bool -} - -// LabelSelectorHasInvalidLabelValue returns true if the given selector contains an invalid label value in a match expression. -// This is useful for determining whether AllowInvalidLabelValueInSelector should be set to true when validating an update -// based on existing persisted invalid values. -func LabelSelectorHasInvalidLabelValue(ps *metav1.LabelSelector) bool { - if ps == nil { - return false - } - for _, e := range ps.MatchExpressions { - for _, v := range e.Values { - if len(validation.IsValidLabelValue(v)) > 0 { - return true - } - } - } - return false -} - -// ValidateLabelSelector validate the LabelSelector according to the opts and returns any validation errors. -// opts.AllowInvalidLabelValueInSelector is only expected to be set to true when required for backwards compatibility with existing invalid data. -func ValidateLabelSelector(ps *metav1.LabelSelector, opts LabelSelectorValidationOptions, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if ps == nil { - return allErrs - } - allErrs = append(allErrs, ValidateLabels(ps.MatchLabels, fldPath.Child("matchLabels"))...) - for i, expr := range ps.MatchExpressions { - allErrs = append(allErrs, ValidateLabelSelectorRequirement(expr, opts, fldPath.Child("matchExpressions").Index(i))...) - } - return allErrs -} - -// ValidateLabelSelectorRequirement validate the requirement according to the opts and returns any validation errors. -// opts.AllowInvalidLabelValueInSelector is only expected to be set to true when required for backwards compatibility with existing invalid data. -func ValidateLabelSelectorRequirement(sr metav1.LabelSelectorRequirement, opts LabelSelectorValidationOptions, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - switch sr.Operator { - case metav1.LabelSelectorOpIn, metav1.LabelSelectorOpNotIn: - if len(sr.Values) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("values"), "must be specified when `operator` is 'In' or 'NotIn'")) - } - case metav1.LabelSelectorOpExists, metav1.LabelSelectorOpDoesNotExist: - if len(sr.Values) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("values"), "may not be specified when `operator` is 'Exists' or 'DoesNotExist'")) - } - default: - allErrs = append(allErrs, field.Invalid(fldPath.Child("operator"), sr.Operator, "not a valid selector operator")) - } - allErrs = append(allErrs, ValidateLabelName(sr.Key, fldPath.Child("key"))...) - if !opts.AllowInvalidLabelValueInSelector { - for valueIndex, value := range sr.Values { - for _, msg := range validation.IsValidLabelValue(value) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("values").Index(valueIndex), value, msg)) - } - } - } - return allErrs -} - -// ValidateLabelName validates that the label name is correctly defined. -func ValidateLabelName(labelName string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsQualifiedName(labelName) { - allErrs = append(allErrs, field.Invalid(fldPath, labelName, msg)) - } - return allErrs -} - -// ValidateLabels validates that a set of labels are correctly defined. -func ValidateLabels(labels map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for k, v := range labels { - allErrs = append(allErrs, ValidateLabelName(k, fldPath)...) - for _, msg := range validation.IsValidLabelValue(v) { - allErrs = append(allErrs, field.Invalid(fldPath, v, msg)) - } - } - return allErrs -} - -func ValidateDeleteOptions(options *metav1.DeleteOptions) field.ErrorList { - allErrs := field.ErrorList{} - //lint:file-ignore SA1019 Keep validation for deprecated OrphanDependents option until it's being removed - if options.OrphanDependents != nil && options.PropagationPolicy != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("propagationPolicy"), options.PropagationPolicy, "orphanDependents and deletionPropagation cannot be both set")) - } - if options.PropagationPolicy != nil && - *options.PropagationPolicy != metav1.DeletePropagationForeground && - *options.PropagationPolicy != metav1.DeletePropagationBackground && - *options.PropagationPolicy != metav1.DeletePropagationOrphan { - allErrs = append(allErrs, field.NotSupported(field.NewPath("propagationPolicy"), options.PropagationPolicy, []string{string(metav1.DeletePropagationForeground), string(metav1.DeletePropagationBackground), string(metav1.DeletePropagationOrphan), "nil"})) - } - allErrs = append(allErrs, ValidateDryRun(field.NewPath("dryRun"), options.DryRun)...) - return allErrs -} - -func ValidateCreateOptions(options *metav1.CreateOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateFieldManager(options.FieldManager, field.NewPath("fieldManager"))...) - allErrs = append(allErrs, ValidateDryRun(field.NewPath("dryRun"), options.DryRun)...) - allErrs = append(allErrs, ValidateFieldValidation(field.NewPath("fieldValidation"), options.FieldValidation)...) - return allErrs -} - -func ValidateUpdateOptions(options *metav1.UpdateOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateFieldManager(options.FieldManager, field.NewPath("fieldManager"))...) - allErrs = append(allErrs, ValidateDryRun(field.NewPath("dryRun"), options.DryRun)...) - allErrs = append(allErrs, ValidateFieldValidation(field.NewPath("fieldValidation"), options.FieldValidation)...) - return allErrs -} - -func ValidatePatchOptions(options *metav1.PatchOptions, patchType types.PatchType) field.ErrorList { - allErrs := field.ErrorList{} - if patchType != types.ApplyPatchType { - if options.Force != nil { - allErrs = append(allErrs, field.Forbidden(field.NewPath("force"), "may not be specified for non-apply patch")) - } - } else { - if options.FieldManager == "" { - // This field is defaulted to "kubectl" by kubectl, but HAS TO be explicitly set by controllers. - allErrs = append(allErrs, field.Required(field.NewPath("fieldManager"), "is required for apply patch")) - } - } - allErrs = append(allErrs, ValidateFieldManager(options.FieldManager, field.NewPath("fieldManager"))...) - allErrs = append(allErrs, ValidateDryRun(field.NewPath("dryRun"), options.DryRun)...) - allErrs = append(allErrs, ValidateFieldValidation(field.NewPath("fieldValidation"), options.FieldValidation)...) - return allErrs -} - -var FieldManagerMaxLength = 128 - -// ValidateFieldManager valides that the fieldManager is the proper length and -// only has printable characters. -func ValidateFieldManager(fieldManager string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // the field can not be set as a `*string`, so a empty string ("") is - // considered as not set and is defaulted by the rest of the process - // (unless apply is used, in which case it is required). - if len(fieldManager) > FieldManagerMaxLength { - allErrs = append(allErrs, field.TooLong(fldPath, fieldManager, FieldManagerMaxLength)) - } - // Verify that all characters are printable. - for i, r := range fieldManager { - if !unicode.IsPrint(r) { - allErrs = append(allErrs, field.Invalid(fldPath, fieldManager, fmt.Sprintf("invalid character %#U (at position %d)", r, i))) - } - } - - return allErrs -} - -var allowedDryRunValues = sets.NewString(metav1.DryRunAll) - -// ValidateDryRun validates that a dryRun query param only contains allowed values. -func ValidateDryRun(fldPath *field.Path, dryRun []string) field.ErrorList { - allErrs := field.ErrorList{} - if !allowedDryRunValues.HasAll(dryRun...) { - allErrs = append(allErrs, field.NotSupported(fldPath, dryRun, allowedDryRunValues.List())) - } - return allErrs -} - -var allowedFieldValidationValues = sets.NewString("", metav1.FieldValidationIgnore, metav1.FieldValidationWarn, metav1.FieldValidationStrict) - -// ValidateFieldValidation validates that a fieldValidation query param only contains allowed values. -func ValidateFieldValidation(fldPath *field.Path, fieldValidation string) field.ErrorList { - allErrs := field.ErrorList{} - if !allowedFieldValidationValues.Has(fieldValidation) { - allErrs = append(allErrs, field.NotSupported(fldPath, fieldValidation, allowedFieldValidationValues.List())) - } - return allErrs - -} - -const UninitializedStatusUpdateErrorMsg string = `must not update status when the object is uninitialized` - -// ValidateTableOptions returns any invalid flags on TableOptions. -func ValidateTableOptions(opts *metav1.TableOptions) field.ErrorList { - var allErrs field.ErrorList - switch opts.IncludeObject { - case metav1.IncludeMetadata, metav1.IncludeNone, metav1.IncludeObject, "": - default: - allErrs = append(allErrs, field.Invalid(field.NewPath("includeObject"), opts.IncludeObject, "must be 'Metadata', 'Object', 'None', or empty")) - } - return allErrs -} - -const MaxSubresourceNameLength = 256 - -func ValidateManagedFields(fieldsList []metav1.ManagedFieldsEntry, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - for i, fields := range fieldsList { - fldPath := fldPath.Index(i) - switch fields.Operation { - case metav1.ManagedFieldsOperationApply, metav1.ManagedFieldsOperationUpdate: - default: - allErrs = append(allErrs, field.Invalid(fldPath.Child("operation"), fields.Operation, "must be `Apply` or `Update`")) - } - if len(fields.FieldsType) > 0 && fields.FieldsType != "FieldsV1" { - allErrs = append(allErrs, field.Invalid(fldPath.Child("fieldsType"), fields.FieldsType, "must be `FieldsV1`")) - } - allErrs = append(allErrs, ValidateFieldManager(fields.Manager, fldPath.Child("manager"))...) - - if len(fields.Subresource) > MaxSubresourceNameLength { - allErrs = append(allErrs, field.TooLong(fldPath.Child("subresource"), fields.Subresource, MaxSubresourceNameLength)) - } - } - return allErrs -} - -func ValidateConditions(conditions []metav1.Condition, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - conditionTypeToFirstIndex := map[string]int{} - for i, condition := range conditions { - if _, ok := conditionTypeToFirstIndex[condition.Type]; ok { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i).Child("type"), condition.Type)) - } else { - conditionTypeToFirstIndex[condition.Type] = i - } - - allErrs = append(allErrs, ValidateCondition(condition, fldPath.Index(i))...) - } - - return allErrs -} - -// validConditionStatuses is used internally to check validity and provide a good message -var validConditionStatuses = sets.NewString(string(metav1.ConditionTrue), string(metav1.ConditionFalse), string(metav1.ConditionUnknown)) - -const ( - maxReasonLen = 1 * 1024 - maxMessageLen = 32 * 1024 -) - -func ValidateCondition(condition metav1.Condition, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - // type is set and is a valid format - allErrs = append(allErrs, ValidateLabelName(condition.Type, fldPath.Child("type"))...) - - // status is set and is an accepted value - if !validConditionStatuses.Has(string(condition.Status)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("status"), condition.Status, validConditionStatuses.List())) - } - - if condition.ObservedGeneration < 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("observedGeneration"), condition.ObservedGeneration, "must be greater than or equal to zero")) - } - - if condition.LastTransitionTime.IsZero() { - allErrs = append(allErrs, field.Required(fldPath.Child("lastTransitionTime"), "must be set")) - } - - if len(condition.Reason) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("reason"), "must be set")) - } else { - for _, currErr := range isValidConditionReason(condition.Reason) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("reason"), condition.Reason, currErr)) - } - if len(condition.Reason) > maxReasonLen { - allErrs = append(allErrs, field.TooLong(fldPath.Child("reason"), condition.Reason, maxReasonLen)) - } - } - - if len(condition.Message) > maxMessageLen { - allErrs = append(allErrs, field.TooLong(fldPath.Child("message"), condition.Message, maxMessageLen)) - } - - return allErrs -} - -const conditionReasonFmt string = "[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?" -const conditionReasonErrMsg string = "a condition reason must start with alphabetic character, optionally followed by a string of alphanumeric characters or '_,:', and must end with an alphanumeric character or '_'" - -var conditionReasonRegexp = regexp.MustCompile("^" + conditionReasonFmt + "$") - -// isValidConditionReason tests for a string that conforms to rules for condition reasons. This checks the format, but not the length. -func isValidConditionReason(value string) []string { - if !conditionReasonRegexp.MatchString(value) { - return []string{validation.RegexError(conditionReasonErrMsg, conditionReasonFmt, "my_name", "MY_NAME", "MyName", "ReasonA,ReasonB", "ReasonA:ReasonB")} - } - return nil -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation/validation.go b/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation/validation.go deleted file mode 100644 index 563b62efa5..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation/validation.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// ValidateTableOptions returns any invalid flags on TableOptions. -func ValidateTableOptions(opts *metav1.TableOptions) field.ErrorList { - var allErrs field.ErrorList - switch opts.IncludeObject { - case metav1.IncludeMetadata, metav1.IncludeNone, metav1.IncludeObject, "": - default: - allErrs = append(allErrs, field.Invalid(field.NewPath("includeObject"), opts.IncludeObject, "must be 'Metadata', 'Object', 'None', or empty")) - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go deleted file mode 100644 index 0d2f153bf9..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go +++ /dev/null @@ -1,192 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "container/heap" - "sync" - "time" - - "k8s.io/utils/clock" -) - -// NewExpiring returns an initialized expiring cache. -func NewExpiring() *Expiring { - return NewExpiringWithClock(clock.RealClock{}) -} - -// NewExpiringWithClock is like NewExpiring but allows passing in a custom -// clock for testing. -func NewExpiringWithClock(clock clock.Clock) *Expiring { - return &Expiring{ - clock: clock, - cache: make(map[interface{}]entry), - } -} - -// Expiring is a map whose entries expire after a per-entry timeout. -type Expiring struct { - clock clock.Clock - - // mu protects the below fields - mu sync.RWMutex - // cache is the internal map that backs the cache. - cache map[interface{}]entry - // generation is used as a cheap resource version for cache entries. Cleanups - // are scheduled with a key and generation. When the cleanup runs, it first - // compares its generation with the current generation of the entry. It - // deletes the entry iff the generation matches. This prevents cleanups - // scheduled for earlier versions of an entry from deleting later versions of - // an entry when Set() is called multiple times with the same key. - // - // The integer value of the generation of an entry is meaningless. - generation uint64 - - heap expiringHeap -} - -type entry struct { - val interface{} - expiry time.Time - generation uint64 -} - -// Get looks up an entry in the cache. -func (c *Expiring) Get(key interface{}) (val interface{}, ok bool) { - c.mu.RLock() - defer c.mu.RUnlock() - e, ok := c.cache[key] - if !ok || !c.clock.Now().Before(e.expiry) { - return nil, false - } - return e.val, true -} - -// Set sets a key/value/expiry entry in the map, overwriting any previous entry -// with the same key. The entry expires at the given expiry time, but its TTL -// may be lengthened or shortened by additional calls to Set(). Garbage -// collection of expired entries occurs during calls to Set(), however calls to -// Get() will not return expired entries that have not yet been garbage -// collected. -func (c *Expiring) Set(key interface{}, val interface{}, ttl time.Duration) { - now := c.clock.Now() - expiry := now.Add(ttl) - - c.mu.Lock() - defer c.mu.Unlock() - - c.generation++ - - c.cache[key] = entry{ - val: val, - expiry: expiry, - generation: c.generation, - } - - // Run GC inline before pushing the new entry. - c.gc(now) - - heap.Push(&c.heap, &expiringHeapEntry{ - key: key, - expiry: expiry, - generation: c.generation, - }) -} - -// Delete deletes an entry in the map. -func (c *Expiring) Delete(key interface{}) { - c.mu.Lock() - defer c.mu.Unlock() - c.del(key, 0) -} - -// del deletes the entry for the given key. The generation argument is the -// generation of the entry that should be deleted. If the generation has been -// changed (e.g. if a set has occurred on an existing element but the old -// cleanup still runs), this is a noop. If the generation argument is 0, the -// entry's generation is ignored and the entry is deleted. -// -// del must be called under the write lock. -func (c *Expiring) del(key interface{}, generation uint64) { - e, ok := c.cache[key] - if !ok { - return - } - if generation != 0 && generation != e.generation { - return - } - delete(c.cache, key) -} - -// Len returns the number of items in the cache. -func (c *Expiring) Len() int { - c.mu.RLock() - defer c.mu.RUnlock() - return len(c.cache) -} - -func (c *Expiring) gc(now time.Time) { - for { - // Return from gc if the heap is empty or the next element is not yet - // expired. - // - // heap[0] is a peek at the next element in the heap, which is not obvious - // from looking at the (*expiringHeap).Pop() implementation below. - // heap.Pop() swaps the first entry with the last entry of the heap, then - // calls (*expiringHeap).Pop() which returns the last element. - if len(c.heap) == 0 || now.Before(c.heap[0].expiry) { - return - } - cleanup := heap.Pop(&c.heap).(*expiringHeapEntry) - c.del(cleanup.key, cleanup.generation) - } -} - -type expiringHeapEntry struct { - key interface{} - expiry time.Time - generation uint64 -} - -// expiringHeap is a min-heap ordered by expiration time of its entries. The -// expiring cache uses this as a priority queue to efficiently organize entries -// which will be garbage collected once they expire. -type expiringHeap []*expiringHeapEntry - -var _ heap.Interface = &expiringHeap{} - -func (cq expiringHeap) Len() int { - return len(cq) -} - -func (cq expiringHeap) Less(i, j int) bool { - return cq[i].expiry.Before(cq[j].expiry) -} - -func (cq expiringHeap) Swap(i, j int) { - cq[i], cq[j] = cq[j], cq[i] -} - -func (cq *expiringHeap) Push(c interface{}) { - *cq = append(*cq, c.(*expiringHeapEntry)) -} - -func (cq *expiringHeap) Pop() interface{} { - c := (*cq)[cq.Len()-1] - *cq = (*cq)[:cq.Len()-1] - return c -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/cache/lruexpirecache.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/cache/lruexpirecache.go deleted file mode 100644 index 1328dd6120..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/cache/lruexpirecache.go +++ /dev/null @@ -1,160 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "container/list" - "sync" - "time" -) - -// Clock defines an interface for obtaining the current time -type Clock interface { - Now() time.Time -} - -// realClock implements the Clock interface by calling time.Now() -type realClock struct{} - -func (realClock) Now() time.Time { return time.Now() } - -// LRUExpireCache is a cache that ensures the mostly recently accessed keys are returned with -// a ttl beyond which keys are forcibly expired. -type LRUExpireCache struct { - // clock is used to obtain the current time - clock Clock - - lock sync.Mutex - - maxSize int - evictionList list.List - entries map[interface{}]*list.Element -} - -// NewLRUExpireCache creates an expiring cache with the given size -func NewLRUExpireCache(maxSize int) *LRUExpireCache { - return NewLRUExpireCacheWithClock(maxSize, realClock{}) -} - -// NewLRUExpireCacheWithClock creates an expiring cache with the given size, using the specified clock to obtain the current time. -func NewLRUExpireCacheWithClock(maxSize int, clock Clock) *LRUExpireCache { - if maxSize <= 0 { - panic("maxSize must be > 0") - } - - return &LRUExpireCache{ - clock: clock, - maxSize: maxSize, - entries: map[interface{}]*list.Element{}, - } -} - -type cacheEntry struct { - key interface{} - value interface{} - expireTime time.Time -} - -// Add adds the value to the cache at key with the specified maximum duration. -func (c *LRUExpireCache) Add(key interface{}, value interface{}, ttl time.Duration) { - c.lock.Lock() - defer c.lock.Unlock() - - // Key already exists - oldElement, ok := c.entries[key] - if ok { - c.evictionList.MoveToFront(oldElement) - oldElement.Value.(*cacheEntry).value = value - oldElement.Value.(*cacheEntry).expireTime = c.clock.Now().Add(ttl) - return - } - - // Make space if necessary - if c.evictionList.Len() >= c.maxSize { - toEvict := c.evictionList.Back() - c.evictionList.Remove(toEvict) - delete(c.entries, toEvict.Value.(*cacheEntry).key) - } - - // Add new entry - entry := &cacheEntry{ - key: key, - value: value, - expireTime: c.clock.Now().Add(ttl), - } - element := c.evictionList.PushFront(entry) - c.entries[key] = element -} - -// Get returns the value at the specified key from the cache if it exists and is not -// expired, or returns false. -func (c *LRUExpireCache) Get(key interface{}) (interface{}, bool) { - c.lock.Lock() - defer c.lock.Unlock() - - element, ok := c.entries[key] - if !ok { - return nil, false - } - - if c.clock.Now().After(element.Value.(*cacheEntry).expireTime) { - c.evictionList.Remove(element) - delete(c.entries, key) - return nil, false - } - - c.evictionList.MoveToFront(element) - - return element.Value.(*cacheEntry).value, true -} - -// Remove removes the specified key from the cache if it exists -func (c *LRUExpireCache) Remove(key interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - - element, ok := c.entries[key] - if !ok { - return - } - - c.evictionList.Remove(element) - delete(c.entries, key) -} - -// Keys returns all unexpired keys in the cache. -// -// Keep in mind that subsequent calls to Get() for any of the returned keys -// might return "not found". -// -// Keys are returned ordered from least recently used to most recently used. -func (c *LRUExpireCache) Keys() []interface{} { - c.lock.Lock() - defer c.lock.Unlock() - - now := c.clock.Now() - - val := make([]interface{}, 0, c.evictionList.Len()) - for element := c.evictionList.Back(); element != nil; element = element.Prev() { - // Only return unexpired keys - if !now.After(element.Value.(*cacheEntry).expireTime) { - val = append(val, element.Value.(*cacheEntry).key) - } - } - - return val -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go deleted file mode 100644 index ec4002e38a..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package diff - -import ( - "bytes" - "fmt" - "reflect" - "strings" - "text/tabwriter" - - "github.com/davecgh/go-spew/spew" - "github.com/google/go-cmp/cmp" -) - -// StringDiff diffs a and b and returns a human readable diff. -func StringDiff(a, b string) string { - ba := []byte(a) - bb := []byte(b) - out := []byte{} - i := 0 - for ; i < len(ba) && i < len(bb); i++ { - if ba[i] != bb[i] { - break - } - out = append(out, ba[i]) - } - out = append(out, []byte("\n\nA: ")...) - out = append(out, ba[i:]...) - out = append(out, []byte("\n\nB: ")...) - out = append(out, bb[i:]...) - out = append(out, []byte("\n\n")...) - return string(out) -} - -func legacyDiff(a, b interface{}) string { - return cmp.Diff(a, b) -} - -// ObjectDiff prints the diff of two go objects and fails if the objects -// contain unhandled unexported fields. -// DEPRECATED: use github.com/google/go-cmp/cmp.Diff -func ObjectDiff(a, b interface{}) string { - return legacyDiff(a, b) -} - -// ObjectGoPrintDiff prints the diff of two go objects and fails if the objects -// contain unhandled unexported fields. -// DEPRECATED: use github.com/google/go-cmp/cmp.Diff -func ObjectGoPrintDiff(a, b interface{}) string { - return legacyDiff(a, b) -} - -// ObjectReflectDiff prints the diff of two go objects and fails if the objects -// contain unhandled unexported fields. -// DEPRECATED: use github.com/google/go-cmp/cmp.Diff -func ObjectReflectDiff(a, b interface{}) string { - return legacyDiff(a, b) -} - -// ObjectGoPrintSideBySide prints a and b as textual dumps side by side, -// enabling easy visual scanning for mismatches. -func ObjectGoPrintSideBySide(a, b interface{}) string { - s := spew.ConfigState{ - Indent: " ", - // Extra deep spew. - DisableMethods: true, - } - sA := s.Sdump(a) - sB := s.Sdump(b) - - linesA := strings.Split(sA, "\n") - linesB := strings.Split(sB, "\n") - width := 0 - for _, s := range linesA { - l := len(s) - if l > width { - width = l - } - } - for _, s := range linesB { - l := len(s) - if l > width { - width = l - } - } - buf := &bytes.Buffer{} - w := tabwriter.NewWriter(buf, width, 0, 1, ' ', 0) - max := len(linesA) - if len(linesB) > max { - max = len(linesB) - } - for i := 0; i < max; i++ { - var a, b string - if i < len(linesA) { - a = linesA[i] - } - if i < len(linesB) { - b = linesB[i] - } - fmt.Fprintf(w, "%s\t%s\n", a, b) - } - w.Flush() - return buf.String() -} - -// IgnoreUnset is an option that ignores fields that are unset on the right -// hand side of a comparison. This is useful in testing to assert that an -// object is a derivative. -func IgnoreUnset() cmp.Option { - return cmp.Options{ - // ignore unset fields in v2 - cmp.FilterPath(func(path cmp.Path) bool { - _, v2 := path.Last().Values() - switch v2.Kind() { - case reflect.Slice, reflect.Map: - if v2.IsNil() || v2.Len() == 0 { - return true - } - case reflect.String: - if v2.Len() == 0 { - return true - } - case reflect.Interface, reflect.Pointer: - if v2.IsNil() { - return true - } - } - return false - }, cmp.Ignore()), - // ignore map entries that aren't set in v2 - cmp.FilterPath(func(path cmp.Path) bool { - switch i := path.Last().(type) { - case cmp.MapIndex: - if _, v2 := i.Values(); !v2.IsValid() { - fmt.Println("E") - return true - } - } - return false - }, cmp.Ignore()), - } -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/dial.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/dial.go deleted file mode 100644 index 4ceb2e06ea..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/dial.go +++ /dev/null @@ -1,122 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package proxy - -import ( - "context" - "crypto/tls" - "fmt" - "net" - "net/http" - "net/url" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/third_party/forked/golang/netutil" - "k8s.io/klog/v2" -) - -// dialURL will dial the specified URL using the underlying dialer held by the passed -// RoundTripper. The primary use of this method is to support proxying upgradable connections. -// For this reason this method will prefer to negotiate http/1.1 if the URL scheme is https. -// If you wish to ensure ALPN negotiates http2 then set NextProto=[]string{"http2"} in the -// TLSConfig of the http.Transport -func dialURL(ctx context.Context, url *url.URL, transport http.RoundTripper) (net.Conn, error) { - dialAddr := netutil.CanonicalAddr(url) - - dialer, err := utilnet.DialerFor(transport) - if err != nil { - klog.V(5).Infof("Unable to unwrap transport %T to get dialer: %v", transport, err) - } - - switch url.Scheme { - case "http": - if dialer != nil { - return dialer(ctx, "tcp", dialAddr) - } - var d net.Dialer - return d.DialContext(ctx, "tcp", dialAddr) - case "https": - // Get the tls config from the transport if we recognize it - tlsConfig, err := utilnet.TLSClientConfig(transport) - if err != nil { - klog.V(5).Infof("Unable to unwrap transport %T to get at TLS config: %v", transport, err) - } - - if dialer != nil { - // We have a dialer; use it to open the connection, then - // create a tls client using the connection. - netConn, err := dialer(ctx, "tcp", dialAddr) - if err != nil { - return nil, err - } - if tlsConfig == nil { - // tls.Client requires non-nil config - klog.Warning("using custom dialer with no TLSClientConfig. Defaulting to InsecureSkipVerify") - // tls.Handshake() requires ServerName or InsecureSkipVerify - tlsConfig = &tls.Config{ - InsecureSkipVerify: true, - } - } else if len(tlsConfig.ServerName) == 0 && !tlsConfig.InsecureSkipVerify { - // tls.HandshakeContext() requires ServerName or InsecureSkipVerify - // infer the ServerName from the hostname we're connecting to. - inferredHost := dialAddr - if host, _, err := net.SplitHostPort(dialAddr); err == nil { - inferredHost = host - } - // Make a copy to avoid polluting the provided config - tlsConfigCopy := tlsConfig.Clone() - tlsConfigCopy.ServerName = inferredHost - tlsConfig = tlsConfigCopy - } - - // Since this method is primarily used within a "Connection: Upgrade" call we assume the caller is - // going to write HTTP/1.1 request to the wire. http2 should not be allowed in the TLSConfig.NextProtos, - // so we explicitly set that here. We only do this check if the TLSConfig support http/1.1. - if supportsHTTP11(tlsConfig.NextProtos) { - tlsConfig = tlsConfig.Clone() - tlsConfig.NextProtos = []string{"http/1.1"} - } - - tlsConn := tls.Client(netConn, tlsConfig) - if err := tlsConn.HandshakeContext(ctx); err != nil { - netConn.Close() - return nil, err - } - return tlsConn, nil - } else { - // Dial. - tlsDialer := tls.Dialer{ - Config: tlsConfig, - } - return tlsDialer.DialContext(ctx, "tcp", dialAddr) - } - default: - return nil, fmt.Errorf("unknown scheme: %s", url.Scheme) - } -} - -func supportsHTTP11(nextProtos []string) bool { - if len(nextProtos) == 0 { - return true - } - for _, proto := range nextProtos { - if proto == "http/1.1" { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/doc.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/doc.go deleted file mode 100644 index d14ecfad54..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package proxy provides transport and upgrade support for proxies. -package proxy // import "k8s.io/apimachinery/pkg/util/proxy" diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/transport.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/transport.go deleted file mode 100644 index 489d9b0426..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/transport.go +++ /dev/null @@ -1,273 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package proxy - -import ( - "bytes" - "compress/flate" - "compress/gzip" - "fmt" - "io" - "io/ioutil" - "net/http" - "net/url" - "path" - "strings" - - "golang.org/x/net/html" - "golang.org/x/net/html/atom" - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/sets" -) - -// atomsToAttrs states which attributes of which tags require URL substitution. -// Sources: http://www.w3.org/TR/REC-html40/index/attributes.html -// -// http://www.w3.org/html/wg/drafts/html/master/index.html#attributes-1 -var atomsToAttrs = map[atom.Atom]sets.String{ - atom.A: sets.NewString("href"), - atom.Applet: sets.NewString("codebase"), - atom.Area: sets.NewString("href"), - atom.Audio: sets.NewString("src"), - atom.Base: sets.NewString("href"), - atom.Blockquote: sets.NewString("cite"), - atom.Body: sets.NewString("background"), - atom.Button: sets.NewString("formaction"), - atom.Command: sets.NewString("icon"), - atom.Del: sets.NewString("cite"), - atom.Embed: sets.NewString("src"), - atom.Form: sets.NewString("action"), - atom.Frame: sets.NewString("longdesc", "src"), - atom.Head: sets.NewString("profile"), - atom.Html: sets.NewString("manifest"), - atom.Iframe: sets.NewString("longdesc", "src"), - atom.Img: sets.NewString("longdesc", "src", "usemap"), - atom.Input: sets.NewString("src", "usemap", "formaction"), - atom.Ins: sets.NewString("cite"), - atom.Link: sets.NewString("href"), - atom.Object: sets.NewString("classid", "codebase", "data", "usemap"), - atom.Q: sets.NewString("cite"), - atom.Script: sets.NewString("src"), - atom.Source: sets.NewString("src"), - atom.Video: sets.NewString("poster", "src"), - - // TODO: css URLs hidden in style elements. -} - -// Transport is a transport for text/html content that replaces URLs in html -// content with the prefix of the proxy server -type Transport struct { - Scheme string - Host string - PathPrepend string - - http.RoundTripper -} - -// RoundTrip implements the http.RoundTripper interface -func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) { - // Add reverse proxy headers. - forwardedURI := path.Join(t.PathPrepend, req.URL.EscapedPath()) - if strings.HasSuffix(req.URL.Path, "/") { - forwardedURI = forwardedURI + "/" - } - req.Header.Set("X-Forwarded-Uri", forwardedURI) - if len(t.Host) > 0 { - req.Header.Set("X-Forwarded-Host", t.Host) - } - if len(t.Scheme) > 0 { - req.Header.Set("X-Forwarded-Proto", t.Scheme) - } - - rt := t.RoundTripper - if rt == nil { - rt = http.DefaultTransport - } - resp, err := rt.RoundTrip(req) - - if err != nil { - return nil, errors.NewServiceUnavailable(fmt.Sprintf("error trying to reach service: %v", err)) - } - - if redirect := resp.Header.Get("Location"); redirect != "" { - targetURL, err := url.Parse(redirect) - if err != nil { - return nil, errors.NewInternalError(fmt.Errorf("error trying to parse Location header: %v", err)) - } - resp.Header.Set("Location", t.rewriteURL(targetURL, req.URL, req.Host)) - return resp, nil - } - - cType := resp.Header.Get("Content-Type") - cType = strings.TrimSpace(strings.SplitN(cType, ";", 2)[0]) - if cType != "text/html" { - // Do nothing, simply pass through - return resp, nil - } - - return t.rewriteResponse(req, resp) -} - -var _ = net.RoundTripperWrapper(&Transport{}) - -func (rt *Transport) WrappedRoundTripper() http.RoundTripper { - return rt.RoundTripper -} - -// rewriteURL rewrites a single URL to go through the proxy, if the URL refers -// to the same host as sourceURL, which is the page on which the target URL -// occurred, or if the URL matches the sourceRequestHost. -func (t *Transport) rewriteURL(url *url.URL, sourceURL *url.URL, sourceRequestHost string) string { - // Example: - // When API server processes a proxy request to a service (e.g. /api/v1/namespace/foo/service/bar/proxy/), - // the sourceURL.Host (i.e. req.URL.Host) is the endpoint IP address of the service. The - // sourceRequestHost (i.e. req.Host) is the Host header that specifies the host on which the - // URL is sought, which can be different from sourceURL.Host. For example, if user sends the - // request through "kubectl proxy" locally (i.e. localhost:8001/api/v1/namespace/foo/service/bar/proxy/), - // sourceRequestHost is "localhost:8001". - // - // If the service's response URL contains non-empty host, and url.Host is equal to either sourceURL.Host - // or sourceRequestHost, we should not consider the returned URL to be a completely different host. - // It's the API server's responsibility to rewrite a same-host-and-absolute-path URL and append the - // necessary URL prefix (i.e. /api/v1/namespace/foo/service/bar/proxy/). - isDifferentHost := url.Host != "" && url.Host != sourceURL.Host && url.Host != sourceRequestHost - isRelative := !strings.HasPrefix(url.Path, "/") - if isDifferentHost || isRelative { - return url.String() - } - - // Do not rewrite scheme and host if the Transport has empty scheme and host - // when targetURL already contains the sourceRequestHost - if !(url.Host == sourceRequestHost && t.Scheme == "" && t.Host == "") { - url.Scheme = t.Scheme - url.Host = t.Host - } - - origPath := url.Path - // Do not rewrite URL if the sourceURL already contains the necessary prefix. - if strings.HasPrefix(url.Path, t.PathPrepend) { - return url.String() - } - url.Path = path.Join(t.PathPrepend, url.Path) - if strings.HasSuffix(origPath, "/") { - // Add back the trailing slash, which was stripped by path.Join(). - url.Path += "/" - } - - return url.String() -} - -// rewriteHTML scans the HTML for tags with url-valued attributes, and updates -// those values with the urlRewriter function. The updated HTML is output to the -// writer. -func rewriteHTML(reader io.Reader, writer io.Writer, urlRewriter func(*url.URL) string) error { - // Note: This assumes the content is UTF-8. - tokenizer := html.NewTokenizer(reader) - - var err error - for err == nil { - tokenType := tokenizer.Next() - switch tokenType { - case html.ErrorToken: - err = tokenizer.Err() - case html.StartTagToken, html.SelfClosingTagToken: - token := tokenizer.Token() - if urlAttrs, ok := atomsToAttrs[token.DataAtom]; ok { - for i, attr := range token.Attr { - if urlAttrs.Has(attr.Key) { - url, err := url.Parse(attr.Val) - if err != nil { - // Do not rewrite the URL if it isn't valid. It is intended not - // to error here to prevent the inability to understand the - // content of the body to cause a fatal error. - continue - } - token.Attr[i].Val = urlRewriter(url) - } - } - } - _, err = writer.Write([]byte(token.String())) - default: - _, err = writer.Write(tokenizer.Raw()) - } - } - if err != io.EOF { - return err - } - return nil -} - -// rewriteResponse modifies an HTML response by updating absolute links referring -// to the original host to instead refer to the proxy transport. -func (t *Transport) rewriteResponse(req *http.Request, resp *http.Response) (*http.Response, error) { - origBody := resp.Body - defer origBody.Close() - - newContent := &bytes.Buffer{} - var reader io.Reader = origBody - var writer io.Writer = newContent - encoding := resp.Header.Get("Content-Encoding") - switch encoding { - case "gzip": - var err error - reader, err = gzip.NewReader(reader) - if err != nil { - return nil, fmt.Errorf("errorf making gzip reader: %v", err) - } - gzw := gzip.NewWriter(writer) - defer gzw.Close() - writer = gzw - case "deflate": - var err error - reader = flate.NewReader(reader) - flw, err := flate.NewWriter(writer, flate.BestCompression) - if err != nil { - return nil, fmt.Errorf("errorf making flate writer: %v", err) - } - defer func() { - flw.Close() - flw.Flush() - }() - writer = flw - case "": - // This is fine - default: - // Some encoding we don't understand-- don't try to parse this - klog.Errorf("Proxy encountered encoding %v for text/html; can't understand this so not fixing links.", encoding) - return resp, nil - } - - urlRewriter := func(targetUrl *url.URL) string { - return t.rewriteURL(targetUrl, req.URL, req.Host) - } - err := rewriteHTML(reader, writer, urlRewriter) - if err != nil { - klog.Errorf("Failed to rewrite URLs: %v", err) - return resp, err - } - - resp.Body = ioutil.NopCloser(newContent) - // Update header node with new content-length - // TODO: Remove any hash/signature headers here? - resp.Header.Del("Content-Length") - resp.ContentLength = int64(newContent.Len()) - - return resp, err -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go deleted file mode 100644 index a5bb585758..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go +++ /dev/null @@ -1,557 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package proxy - -import ( - "bufio" - "bytes" - "fmt" - "io" - "io/ioutil" - "log" - "net" - "net/http" - "net/http/httputil" - "net/url" - "os" - "strings" - "time" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/util/httpstream" - utilnet "k8s.io/apimachinery/pkg/util/net" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - - "github.com/mxk/go-flowrate/flowrate" - "k8s.io/klog/v2" -) - -// UpgradeRequestRoundTripper provides an additional method to decorate a request -// with any authentication or other protocol level information prior to performing -// an upgrade on the server. Any response will be handled by the intercepting -// proxy. -type UpgradeRequestRoundTripper interface { - http.RoundTripper - // WrapRequest takes a valid HTTP request and returns a suitably altered version - // of request with any HTTP level values required to complete the request half of - // an upgrade on the server. It does not get a chance to see the response and - // should bypass any request side logic that expects to see the response. - WrapRequest(*http.Request) (*http.Request, error) -} - -// UpgradeAwareHandler is a handler for proxy requests that may require an upgrade -type UpgradeAwareHandler struct { - // UpgradeRequired will reject non-upgrade connections if true. - UpgradeRequired bool - // Location is the location of the upstream proxy. It is used as the location to Dial on the upstream server - // for upgrade requests unless UseRequestLocationOnUpgrade is true. - Location *url.URL - // AppendLocationPath determines if the original path of the Location should be appended to the upstream proxy request path - AppendLocationPath bool - // Transport provides an optional round tripper to use to proxy. If nil, the default proxy transport is used - Transport http.RoundTripper - // UpgradeTransport, if specified, will be used as the backend transport when upgrade requests are provided. - // This allows clients to disable HTTP/2. - UpgradeTransport UpgradeRequestRoundTripper - // WrapTransport indicates whether the provided Transport should be wrapped with default proxy transport behavior (URL rewriting, X-Forwarded-* header setting) - WrapTransport bool - // UseRequestLocation will use the incoming request URL when talking to the backend server. - UseRequestLocation bool - // UseLocationHost overrides the HTTP host header in requests to the backend server to use the Host from Location. - // This will override the req.Host field of a request, while UseRequestLocation will override the req.URL field - // of a request. The req.URL.Host specifies the server to connect to, while the req.Host field - // specifies the Host header value to send in the HTTP request. If this is false, the incoming req.Host header will - // just be forwarded to the backend server. - UseLocationHost bool - // FlushInterval controls how often the standard HTTP proxy will flush content from the upstream. - FlushInterval time.Duration - // MaxBytesPerSec controls the maximum rate for an upstream connection. No rate is imposed if the value is zero. - MaxBytesPerSec int64 - // Responder is passed errors that occur while setting up proxying. - Responder ErrorResponder - // Reject to forward redirect response - RejectForwardingRedirects bool -} - -const defaultFlushInterval = 200 * time.Millisecond - -// ErrorResponder abstracts error reporting to the proxy handler to remove the need to hardcode a particular -// error format. -type ErrorResponder interface { - Error(w http.ResponseWriter, req *http.Request, err error) -} - -// SimpleErrorResponder is the legacy implementation of ErrorResponder for callers that only -// service a single request/response per proxy. -type SimpleErrorResponder interface { - Error(err error) -} - -func NewErrorResponder(r SimpleErrorResponder) ErrorResponder { - return simpleResponder{r} -} - -type simpleResponder struct { - responder SimpleErrorResponder -} - -func (r simpleResponder) Error(w http.ResponseWriter, req *http.Request, err error) { - r.responder.Error(err) -} - -// upgradeRequestRoundTripper implements proxy.UpgradeRequestRoundTripper. -type upgradeRequestRoundTripper struct { - http.RoundTripper - upgrader http.RoundTripper -} - -var ( - _ UpgradeRequestRoundTripper = &upgradeRequestRoundTripper{} - _ utilnet.RoundTripperWrapper = &upgradeRequestRoundTripper{} -) - -// WrappedRoundTripper returns the round tripper that a caller would use. -func (rt *upgradeRequestRoundTripper) WrappedRoundTripper() http.RoundTripper { - return rt.RoundTripper -} - -// WriteToRequest calls the nested upgrader and then copies the returned request -// fields onto the passed request. -func (rt *upgradeRequestRoundTripper) WrapRequest(req *http.Request) (*http.Request, error) { - resp, err := rt.upgrader.RoundTrip(req) - if err != nil { - return nil, err - } - return resp.Request, nil -} - -// onewayRoundTripper captures the provided request - which is assumed to have -// been modified by other round trippers - and then returns a fake response. -type onewayRoundTripper struct{} - -// RoundTrip returns a simple 200 OK response that captures the provided request. -func (onewayRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - return &http.Response{ - Status: "200 OK", - StatusCode: http.StatusOK, - Body: ioutil.NopCloser(&bytes.Buffer{}), - Request: req, - }, nil -} - -// MirrorRequest is a round tripper that can be called to get back the calling request as -// the core round tripper in a chain. -var MirrorRequest http.RoundTripper = onewayRoundTripper{} - -// NewUpgradeRequestRoundTripper takes two round trippers - one for the underlying TCP connection, and -// one that is able to write headers to an HTTP request. The request rt is used to set the request headers -// and that is written to the underlying connection rt. -func NewUpgradeRequestRoundTripper(connection, request http.RoundTripper) UpgradeRequestRoundTripper { - return &upgradeRequestRoundTripper{ - RoundTripper: connection, - upgrader: request, - } -} - -// normalizeLocation returns the result of parsing the full URL, with scheme set to http if missing -func normalizeLocation(location *url.URL) *url.URL { - normalized, _ := url.Parse(location.String()) - if len(normalized.Scheme) == 0 { - normalized.Scheme = "http" - } - return normalized -} - -// NewUpgradeAwareHandler creates a new proxy handler with a default flush interval. Responder is required for returning -// errors to the caller. -func NewUpgradeAwareHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder ErrorResponder) *UpgradeAwareHandler { - return &UpgradeAwareHandler{ - Location: normalizeLocation(location), - Transport: transport, - WrapTransport: wrapTransport, - UpgradeRequired: upgradeRequired, - FlushInterval: defaultFlushInterval, - Responder: responder, - } -} - -func proxyRedirectsforRootPath(path string, w http.ResponseWriter, req *http.Request) bool { - redirect := false - method := req.Method - - // From pkg/genericapiserver/endpoints/handlers/proxy.go#ServeHTTP: - // Redirect requests with an empty path to a location that ends with a '/' - // This is essentially a hack for https://issue.k8s.io/4958. - // Note: Keep this code after tryUpgrade to not break that flow. - if len(path) == 0 && (method == http.MethodGet || method == http.MethodHead) { - var queryPart string - if len(req.URL.RawQuery) > 0 { - queryPart = "?" + req.URL.RawQuery - } - w.Header().Set("Location", req.URL.Path+"/"+queryPart) - w.WriteHeader(http.StatusMovedPermanently) - redirect = true - } - return redirect -} - -// ServeHTTP handles the proxy request -func (h *UpgradeAwareHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { - if h.tryUpgrade(w, req) { - return - } - if h.UpgradeRequired { - h.Responder.Error(w, req, errors.NewBadRequest("Upgrade request required")) - return - } - - loc := *h.Location - loc.RawQuery = req.URL.RawQuery - - // If original request URL ended in '/', append a '/' at the end of the - // of the proxy URL - if !strings.HasSuffix(loc.Path, "/") && strings.HasSuffix(req.URL.Path, "/") { - loc.Path += "/" - } - - proxyRedirect := proxyRedirectsforRootPath(loc.Path, w, req) - if proxyRedirect { - return - } - - if h.Transport == nil || h.WrapTransport { - h.Transport = h.defaultProxyTransport(req.URL, h.Transport) - } - - // WithContext creates a shallow clone of the request with the same context. - newReq := req.WithContext(req.Context()) - newReq.Header = utilnet.CloneHeader(req.Header) - if !h.UseRequestLocation { - newReq.URL = &loc - } - if h.UseLocationHost { - // exchanging req.Host with the backend location is necessary for backends that act on the HTTP host header (e.g. API gateways), - // because req.Host has preference over req.URL.Host in filling this header field - newReq.Host = h.Location.Host - } - - // create the target location to use for the reverse proxy - reverseProxyLocation := &url.URL{Scheme: h.Location.Scheme, Host: h.Location.Host} - if h.AppendLocationPath { - reverseProxyLocation.Path = h.Location.Path - } - - proxy := httputil.NewSingleHostReverseProxy(reverseProxyLocation) - proxy.Transport = h.Transport - proxy.FlushInterval = h.FlushInterval - proxy.ErrorLog = log.New(noSuppressPanicError{}, "", log.LstdFlags) - if h.RejectForwardingRedirects { - oldModifyResponse := proxy.ModifyResponse - proxy.ModifyResponse = func(response *http.Response) error { - code := response.StatusCode - if code >= 300 && code <= 399 && len(response.Header.Get("Location")) > 0 { - // close the original response - response.Body.Close() - msg := "the backend attempted to redirect this request, which is not permitted" - // replace the response - *response = http.Response{ - StatusCode: http.StatusBadGateway, - Status: fmt.Sprintf("%d %s", response.StatusCode, http.StatusText(response.StatusCode)), - Body: io.NopCloser(strings.NewReader(msg)), - ContentLength: int64(len(msg)), - } - } else { - if oldModifyResponse != nil { - if err := oldModifyResponse(response); err != nil { - return err - } - } - } - return nil - } - } - if h.Responder != nil { - // if an optional error interceptor/responder was provided wire it - // the custom responder might be used for providing a unified error reporting - // or supporting retry mechanisms by not sending non-fatal errors to the clients - proxy.ErrorHandler = h.Responder.Error - } - proxy.ServeHTTP(w, newReq) -} - -type noSuppressPanicError struct{} - -func (noSuppressPanicError) Write(p []byte) (n int, err error) { - // skip "suppressing panic for copyResponse error in test; copy error" error message - // that ends up in CI tests on each kube-apiserver termination as noise and - // everybody thinks this is fatal. - if strings.Contains(string(p), "suppressing panic") { - return len(p), nil - } - return os.Stderr.Write(p) -} - -// tryUpgrade returns true if the request was handled. -func (h *UpgradeAwareHandler) tryUpgrade(w http.ResponseWriter, req *http.Request) bool { - if !httpstream.IsUpgradeRequest(req) { - klog.V(6).Infof("Request was not an upgrade") - return false - } - - var ( - backendConn net.Conn - rawResponse []byte - err error - ) - - location := *h.Location - if h.UseRequestLocation { - location = *req.URL - location.Scheme = h.Location.Scheme - location.Host = h.Location.Host - if h.AppendLocationPath { - location.Path = singleJoiningSlash(h.Location.Path, location.Path) - } - } - - clone := utilnet.CloneRequest(req) - // Only append X-Forwarded-For in the upgrade path, since httputil.NewSingleHostReverseProxy - // handles this in the non-upgrade path. - utilnet.AppendForwardedForHeader(clone) - klog.V(6).Infof("Connecting to backend proxy (direct dial) %s\n Headers: %v", &location, clone.Header) - if h.UseLocationHost { - clone.Host = h.Location.Host - } - clone.URL = &location - backendConn, err = h.DialForUpgrade(clone) - if err != nil { - klog.V(6).Infof("Proxy connection error: %v", err) - h.Responder.Error(w, req, err) - return true - } - defer backendConn.Close() - - // determine the http response code from the backend by reading from rawResponse+backendConn - backendHTTPResponse, headerBytes, err := getResponse(io.MultiReader(bytes.NewReader(rawResponse), backendConn)) - if err != nil { - klog.V(6).Infof("Proxy connection error: %v", err) - h.Responder.Error(w, req, err) - return true - } - if len(headerBytes) > len(rawResponse) { - // we read beyond the bytes stored in rawResponse, update rawResponse to the full set of bytes read from the backend - rawResponse = headerBytes - } - - // If the backend did not upgrade the request, return an error to the client. If the response was - // an error, the error is forwarded directly after the connection is hijacked. Otherwise, just - // return a generic error here. - if backendHTTPResponse.StatusCode != http.StatusSwitchingProtocols && backendHTTPResponse.StatusCode < 400 { - err := fmt.Errorf("invalid upgrade response: status code %d", backendHTTPResponse.StatusCode) - klog.Errorf("Proxy upgrade error: %v", err) - h.Responder.Error(w, req, err) - return true - } - - // Once the connection is hijacked, the ErrorResponder will no longer work, so - // hijacking should be the last step in the upgrade. - requestHijacker, ok := w.(http.Hijacker) - if !ok { - klog.V(6).Infof("Unable to hijack response writer: %T", w) - h.Responder.Error(w, req, fmt.Errorf("request connection cannot be hijacked: %T", w)) - return true - } - requestHijackedConn, _, err := requestHijacker.Hijack() - if err != nil { - klog.V(6).Infof("Unable to hijack response: %v", err) - h.Responder.Error(w, req, fmt.Errorf("error hijacking connection: %v", err)) - return true - } - defer requestHijackedConn.Close() - - if backendHTTPResponse.StatusCode != http.StatusSwitchingProtocols { - // If the backend did not upgrade the request, echo the response from the backend to the client and return, closing the connection. - klog.V(6).Infof("Proxy upgrade error, status code %d", backendHTTPResponse.StatusCode) - // set read/write deadlines - deadline := time.Now().Add(10 * time.Second) - backendConn.SetReadDeadline(deadline) - requestHijackedConn.SetWriteDeadline(deadline) - // write the response to the client - err := backendHTTPResponse.Write(requestHijackedConn) - if err != nil && !strings.Contains(err.Error(), "use of closed network connection") { - klog.Errorf("Error proxying data from backend to client: %v", err) - } - // Indicate we handled the request - return true - } - - // Forward raw response bytes back to client. - if len(rawResponse) > 0 { - klog.V(6).Infof("Writing %d bytes to hijacked connection", len(rawResponse)) - if _, err = requestHijackedConn.Write(rawResponse); err != nil { - utilruntime.HandleError(fmt.Errorf("Error proxying response from backend to client: %v", err)) - } - } - - // Proxy the connection. This is bidirectional, so we need a goroutine - // to copy in each direction. Once one side of the connection exits, we - // exit the function which performs cleanup and in the process closes - // the other half of the connection in the defer. - writerComplete := make(chan struct{}) - readerComplete := make(chan struct{}) - - go func() { - var writer io.WriteCloser - if h.MaxBytesPerSec > 0 { - writer = flowrate.NewWriter(backendConn, h.MaxBytesPerSec) - } else { - writer = backendConn - } - _, err := io.Copy(writer, requestHijackedConn) - if err != nil && !strings.Contains(err.Error(), "use of closed network connection") { - klog.Errorf("Error proxying data from client to backend: %v", err) - } - close(writerComplete) - }() - - go func() { - var reader io.ReadCloser - if h.MaxBytesPerSec > 0 { - reader = flowrate.NewReader(backendConn, h.MaxBytesPerSec) - } else { - reader = backendConn - } - _, err := io.Copy(requestHijackedConn, reader) - if err != nil && !strings.Contains(err.Error(), "use of closed network connection") { - klog.Errorf("Error proxying data from backend to client: %v", err) - } - close(readerComplete) - }() - - // Wait for one half the connection to exit. Once it does the defer will - // clean up the other half of the connection. - select { - case <-writerComplete: - case <-readerComplete: - } - klog.V(6).Infof("Disconnecting from backend proxy %s\n Headers: %v", &location, clone.Header) - - return true -} - -// FIXME: Taken from net/http/httputil/reverseproxy.go as singleJoiningSlash is not exported to be re-used. -// See-also: https://github.com/golang/go/issues/44290 -func singleJoiningSlash(a, b string) string { - aslash := strings.HasSuffix(a, "/") - bslash := strings.HasPrefix(b, "/") - switch { - case aslash && bslash: - return a + b[1:] - case !aslash && !bslash: - return a + "/" + b - } - return a + b -} - -func (h *UpgradeAwareHandler) DialForUpgrade(req *http.Request) (net.Conn, error) { - if h.UpgradeTransport == nil { - return dial(req, h.Transport) - } - updatedReq, err := h.UpgradeTransport.WrapRequest(req) - if err != nil { - return nil, err - } - return dial(updatedReq, h.UpgradeTransport) -} - -// getResponseCode reads a http response from the given reader, returns the response, -// the bytes read from the reader, and any error encountered -func getResponse(r io.Reader) (*http.Response, []byte, error) { - rawResponse := bytes.NewBuffer(make([]byte, 0, 256)) - // Save the bytes read while reading the response headers into the rawResponse buffer - resp, err := http.ReadResponse(bufio.NewReader(io.TeeReader(r, rawResponse)), nil) - if err != nil { - return nil, nil, err - } - // return the http response and the raw bytes consumed from the reader in the process - return resp, rawResponse.Bytes(), nil -} - -// dial dials the backend at req.URL and writes req to it. -func dial(req *http.Request, transport http.RoundTripper) (net.Conn, error) { - conn, err := dialURL(req.Context(), req.URL, transport) - if err != nil { - return nil, fmt.Errorf("error dialing backend: %v", err) - } - - if err = req.Write(conn); err != nil { - conn.Close() - return nil, fmt.Errorf("error sending request: %v", err) - } - - return conn, err -} - -func (h *UpgradeAwareHandler) defaultProxyTransport(url *url.URL, internalTransport http.RoundTripper) http.RoundTripper { - scheme := url.Scheme - host := url.Host - suffix := h.Location.Path - if strings.HasSuffix(url.Path, "/") && !strings.HasSuffix(suffix, "/") { - suffix += "/" - } - pathPrepend := strings.TrimSuffix(url.Path, suffix) - rewritingTransport := &Transport{ - Scheme: scheme, - Host: host, - PathPrepend: pathPrepend, - RoundTripper: internalTransport, - } - return &corsRemovingTransport{ - RoundTripper: rewritingTransport, - } -} - -// corsRemovingTransport is a wrapper for an internal transport. It removes CORS headers -// from the internal response. -// Implements pkg/util/net.RoundTripperWrapper -type corsRemovingTransport struct { - http.RoundTripper -} - -var _ = utilnet.RoundTripperWrapper(&corsRemovingTransport{}) - -func (rt *corsRemovingTransport) RoundTrip(req *http.Request) (*http.Response, error) { - resp, err := rt.RoundTripper.RoundTrip(req) - if err != nil { - return nil, err - } - removeCORSHeaders(resp) - return resp, nil -} - -func (rt *corsRemovingTransport) WrappedRoundTripper() http.RoundTripper { - return rt.RoundTripper -} - -// removeCORSHeaders strip CORS headers sent from the backend -// This should be called on all responses before returning -func removeCORSHeaders(resp *http.Response) { - resp.Header.Del("Access-Control-Allow-Credentials") - resp.Header.Del("Access-Control-Allow-Headers") - resp.Header.Del("Access-Control-Allow-Methods") - resp.Header.Del("Access-Control-Allow-Origin") -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/rand/rand.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/rand/rand.go deleted file mode 100644 index 82a473bb14..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/rand/rand.go +++ /dev/null @@ -1,127 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package rand provides utilities related to randomization. -package rand - -import ( - "math/rand" - "sync" - "time" -) - -var rng = struct { - sync.Mutex - rand *rand.Rand -}{ - rand: rand.New(rand.NewSource(time.Now().UnixNano())), -} - -// Int returns a non-negative pseudo-random int. -func Int() int { - rng.Lock() - defer rng.Unlock() - return rng.rand.Int() -} - -// Intn generates an integer in range [0,max). -// By design this should panic if input is invalid, <= 0. -func Intn(max int) int { - rng.Lock() - defer rng.Unlock() - return rng.rand.Intn(max) -} - -// IntnRange generates an integer in range [min,max). -// By design this should panic if input is invalid, <= 0. -func IntnRange(min, max int) int { - rng.Lock() - defer rng.Unlock() - return rng.rand.Intn(max-min) + min -} - -// IntnRange generates an int64 integer in range [min,max). -// By design this should panic if input is invalid, <= 0. -func Int63nRange(min, max int64) int64 { - rng.Lock() - defer rng.Unlock() - return rng.rand.Int63n(max-min) + min -} - -// Seed seeds the rng with the provided seed. -func Seed(seed int64) { - rng.Lock() - defer rng.Unlock() - - rng.rand = rand.New(rand.NewSource(seed)) -} - -// Perm returns, as a slice of n ints, a pseudo-random permutation of the integers [0,n) -// from the default Source. -func Perm(n int) []int { - rng.Lock() - defer rng.Unlock() - return rng.rand.Perm(n) -} - -const ( - // We omit vowels from the set of available characters to reduce the chances - // of "bad words" being formed. - alphanums = "bcdfghjklmnpqrstvwxz2456789" - // No. of bits required to index into alphanums string. - alphanumsIdxBits = 5 - // Mask used to extract last alphanumsIdxBits of an int. - alphanumsIdxMask = 1<<alphanumsIdxBits - 1 - // No. of random letters we can extract from a single int63. - maxAlphanumsPerInt = 63 / alphanumsIdxBits -) - -// String generates a random alphanumeric string, without vowels, which is n -// characters long. This will panic if n is less than zero. -// How the random string is created: -// - we generate random int63's -// - from each int63, we are extracting multiple random letters by bit-shifting and masking -// - if some index is out of range of alphanums we neglect it (unlikely to happen multiple times in a row) -func String(n int) string { - b := make([]byte, n) - rng.Lock() - defer rng.Unlock() - - randomInt63 := rng.rand.Int63() - remaining := maxAlphanumsPerInt - for i := 0; i < n; { - if remaining == 0 { - randomInt63, remaining = rng.rand.Int63(), maxAlphanumsPerInt - } - if idx := int(randomInt63 & alphanumsIdxMask); idx < len(alphanums) { - b[i] = alphanums[idx] - i++ - } - randomInt63 >>= alphanumsIdxBits - remaining-- - } - return string(b) -} - -// SafeEncodeString encodes s using the same characters as rand.String. This reduces the chances of bad words and -// ensures that strings generated from hash functions appear consistent throughout the API. -func SafeEncodeString(s string) string { - r := make([]byte, len(s)) - for i, b := range []rune(s) { - r[i] = alphanums[(int(b) % len(alphanums))] - } - return string(r) -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/uuid/uuid.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/uuid/uuid.go deleted file mode 100644 index 1fa351aab6..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/uuid/uuid.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package uuid - -import ( - "github.com/google/uuid" - - "k8s.io/apimachinery/pkg/types" -) - -func NewUUID() types.UID { - return types.UID(uuid.New().String()) -} diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/waitgroup/doc.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/waitgroup/doc.go deleted file mode 100644 index a6f29cd7c4..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/waitgroup/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package waitgroup implements SafeWaitGroup wrap of sync.WaitGroup. -// Add with positive delta when waiting will fail, to prevent sync.WaitGroup race issue. -package waitgroup // import "k8s.io/apimachinery/pkg/util/waitgroup" diff --git a/etcd/vendor/k8s.io/apimachinery/pkg/util/waitgroup/waitgroup.go b/etcd/vendor/k8s.io/apimachinery/pkg/util/waitgroup/waitgroup.go deleted file mode 100644 index e080a5e92f..0000000000 --- a/etcd/vendor/k8s.io/apimachinery/pkg/util/waitgroup/waitgroup.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package waitgroup - -import ( - "fmt" - "sync" -) - -// SafeWaitGroup must not be copied after first use. -type SafeWaitGroup struct { - wg sync.WaitGroup - mu sync.RWMutex - // wait indicate whether Wait is called, if true, - // then any Add with positive delta will return error. - wait bool -} - -// Add adds delta, which may be negative, similar to sync.WaitGroup. -// If Add with a positive delta happens after Wait, it will return error, -// which prevent unsafe Add. -func (wg *SafeWaitGroup) Add(delta int) error { - wg.mu.RLock() - defer wg.mu.RUnlock() - if wg.wait && delta > 0 { - return fmt.Errorf("add with positive delta after Wait is forbidden") - } - wg.wg.Add(delta) - return nil -} - -// Done decrements the WaitGroup counter. -func (wg *SafeWaitGroup) Done() { - wg.wg.Done() -} - -// Wait blocks until the WaitGroup counter is zero. -func (wg *SafeWaitGroup) Wait() { - wg.mu.Lock() - wg.wait = true - wg.mu.Unlock() - wg.wg.Wait() -} diff --git a/etcd/vendor/k8s.io/apiserver/LICENSE b/etcd/vendor/k8s.io/apiserver/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/etcd/vendor/k8s.io/apiserver/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/attributes.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/attributes.go deleted file mode 100644 index 1d291f6b22..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/attributes.go +++ /dev/null @@ -1,211 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "fmt" - "strings" - "sync" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/authentication/user" -) - -type attributesRecord struct { - kind schema.GroupVersionKind - namespace string - name string - resource schema.GroupVersionResource - subresource string - operation Operation - options runtime.Object - dryRun bool - object runtime.Object - oldObject runtime.Object - userInfo user.Info - - // other elements are always accessed in single goroutine. - // But ValidatingAdmissionWebhook add annotations concurrently. - annotations map[string]annotation - annotationsLock sync.RWMutex - - reinvocationContext ReinvocationContext -} - -type annotation struct { - level auditinternal.Level - value string -} - -func NewAttributesRecord(object runtime.Object, oldObject runtime.Object, kind schema.GroupVersionKind, namespace, name string, resource schema.GroupVersionResource, subresource string, operation Operation, operationOptions runtime.Object, dryRun bool, userInfo user.Info) Attributes { - return &attributesRecord{ - kind: kind, - namespace: namespace, - name: name, - resource: resource, - subresource: subresource, - operation: operation, - options: operationOptions, - dryRun: dryRun, - object: object, - oldObject: oldObject, - userInfo: userInfo, - reinvocationContext: &reinvocationContext{}, - } -} - -func (record *attributesRecord) GetKind() schema.GroupVersionKind { - return record.kind -} - -func (record *attributesRecord) GetNamespace() string { - return record.namespace -} - -func (record *attributesRecord) GetName() string { - return record.name -} - -func (record *attributesRecord) GetResource() schema.GroupVersionResource { - return record.resource -} - -func (record *attributesRecord) GetSubresource() string { - return record.subresource -} - -func (record *attributesRecord) GetOperation() Operation { - return record.operation -} - -func (record *attributesRecord) GetOperationOptions() runtime.Object { - return record.options -} - -func (record *attributesRecord) IsDryRun() bool { - return record.dryRun -} - -func (record *attributesRecord) GetObject() runtime.Object { - return record.object -} - -func (record *attributesRecord) GetOldObject() runtime.Object { - return record.oldObject -} - -func (record *attributesRecord) GetUserInfo() user.Info { - return record.userInfo -} - -// getAnnotations implements privateAnnotationsGetter.It's a private method used -// by WithAudit decorator. -func (record *attributesRecord) getAnnotations(maxLevel auditinternal.Level) map[string]string { - record.annotationsLock.RLock() - defer record.annotationsLock.RUnlock() - - if record.annotations == nil { - return nil - } - cp := make(map[string]string, len(record.annotations)) - for key, value := range record.annotations { - if value.level.Less(maxLevel) || value.level == maxLevel { - cp[key] = value.value - } - } - return cp -} - -// AddAnnotation adds an annotation to attributesRecord with Metadata audit level -func (record *attributesRecord) AddAnnotation(key, value string) error { - return record.AddAnnotationWithLevel(key, value, auditinternal.LevelMetadata) -} - -func (record *attributesRecord) AddAnnotationWithLevel(key, value string, level auditinternal.Level) error { - if err := checkKeyFormat(key); err != nil { - return err - } - if level.Less(auditinternal.LevelMetadata) { - return fmt.Errorf("admission annotations are not allowed to be set at audit level lower than Metadata, key: %q, level: %s", key, level) - } - record.annotationsLock.Lock() - defer record.annotationsLock.Unlock() - - if record.annotations == nil { - record.annotations = make(map[string]annotation) - } - annotation := annotation{level: level, value: value} - if v, ok := record.annotations[key]; ok && v != annotation { - return fmt.Errorf("admission annotations are not allowd to be overwritten, key:%q, old value: %v, new value: %v", key, record.annotations[key], annotation) - } - record.annotations[key] = annotation - return nil -} - -func (record *attributesRecord) GetReinvocationContext() ReinvocationContext { - return record.reinvocationContext -} - -type reinvocationContext struct { - // isReinvoke is true when admission plugins are being reinvoked - isReinvoke bool - // reinvokeRequested is true when an admission plugin requested a re-invocation of the chain - reinvokeRequested bool - // values stores reinvoke context values per plugin. - values map[string]interface{} -} - -func (rc *reinvocationContext) IsReinvoke() bool { - return rc.isReinvoke -} - -func (rc *reinvocationContext) SetIsReinvoke() { - rc.isReinvoke = true -} - -func (rc *reinvocationContext) ShouldReinvoke() bool { - return rc.reinvokeRequested -} - -func (rc *reinvocationContext) SetShouldReinvoke() { - rc.reinvokeRequested = true -} - -func (rc *reinvocationContext) SetValue(plugin string, v interface{}) { - if rc.values == nil { - rc.values = map[string]interface{}{} - } - rc.values[plugin] = v -} - -func (rc *reinvocationContext) Value(plugin string) interface{} { - return rc.values[plugin] -} - -func checkKeyFormat(key string) error { - parts := strings.Split(key, "/") - if len(parts) != 2 { - return fmt.Errorf("annotation key has invalid format, the right format is a DNS subdomain prefix and '/' and key name. (e.g. 'podsecuritypolicy.admission.k8s.io/admit-policy')") - } - if msgs := validation.IsQualifiedName(key); len(msgs) != 0 { - return fmt.Errorf("annotation key has invalid format %s. A qualified name like 'podsecuritypolicy.admission.k8s.io/admit-policy' is required.", strings.Join(msgs, ",")) - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/audit.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/audit.go deleted file mode 100644 index 7c0993f090..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/audit.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "context" - "fmt" - - "k8s.io/apiserver/pkg/audit" -) - -// auditHandler logs annotations set by other admission handlers -type auditHandler struct { - Interface -} - -var _ Interface = &auditHandler{} -var _ MutationInterface = &auditHandler{} -var _ ValidationInterface = &auditHandler{} - -// WithAudit is a decorator for a admission phase. It saves annotations -// of attribute into the audit event. Attributes passed to the Admit and -// Validate function must be instance of privateAnnotationsGetter or -// AnnotationsGetter, otherwise an error is returned. -func WithAudit(i Interface) Interface { - if i == nil { - return i - } - return &auditHandler{Interface: i} -} - -func (handler *auditHandler) Admit(ctx context.Context, a Attributes, o ObjectInterfaces) error { - if !handler.Interface.Handles(a.GetOperation()) { - return nil - } - if err := ensureAnnotationGetter(a); err != nil { - return err - } - var err error - if mutator, ok := handler.Interface.(MutationInterface); ok { - err = mutator.Admit(ctx, a, o) - handler.logAnnotations(ctx, a) - } - return err -} - -func (handler *auditHandler) Validate(ctx context.Context, a Attributes, o ObjectInterfaces) error { - if !handler.Interface.Handles(a.GetOperation()) { - return nil - } - if err := ensureAnnotationGetter(a); err != nil { - return err - } - var err error - if validator, ok := handler.Interface.(ValidationInterface); ok { - err = validator.Validate(ctx, a, o) - handler.logAnnotations(ctx, a) - } - return err -} - -func ensureAnnotationGetter(a Attributes) error { - _, okPrivate := a.(privateAnnotationsGetter) - _, okPublic := a.(AnnotationsGetter) - if okPrivate || okPublic { - return nil - } - return fmt.Errorf("attributes must be an instance of privateAnnotationsGetter or AnnotationsGetter") -} - -func (handler *auditHandler) logAnnotations(ctx context.Context, a Attributes) { - ae := audit.AuditEventFrom(ctx) - if ae == nil { - return - } - - var annotations map[string]string - switch a := a.(type) { - case privateAnnotationsGetter: - annotations = a.getAnnotations(ae.Level) - case AnnotationsGetter: - annotations = a.GetAnnotations(ae.Level) - default: - // this will never happen, because we have already checked it in ensureAnnotationGetter - } - - audit.AddAuditAnnotationsMap(ctx, annotations) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/cel/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/cel/metrics.go deleted file mode 100644 index 77d2210c20..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/cel/metrics.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -import ( - "context" - "time" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const ( - metricsNamespace = "apiserver" - metricsSubsystem = "validating_admission_policy" -) - -var ( - // Metrics provides access to validation admission metrics. - Metrics = newValidationAdmissionMetrics() -) - -// ValidatingAdmissionPolicyMetrics aggregates Prometheus metrics related to validation admission control. -type ValidatingAdmissionPolicyMetrics struct { - policyCheck *metrics.CounterVec - policyDefinition *metrics.CounterVec - policyLatency *metrics.HistogramVec -} - -func newValidationAdmissionMetrics() *ValidatingAdmissionPolicyMetrics { - check := metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: metricsNamespace, - Subsystem: metricsSubsystem, - Name: "check_total", - Help: "Validation admission policy check total, labeled by policy and further identified by binding, enforcement action taken, and state.", - StabilityLevel: metrics.ALPHA, - }, - []string{"policy", "policy_binding", "enforcement_action", "state"}, - ) - definition := metrics.NewCounterVec(&metrics.CounterOpts{ - Namespace: metricsNamespace, - Subsystem: metricsSubsystem, - Name: "definition_total", - Help: "Validation admission policy count total, labeled by state and enforcement action.", - StabilityLevel: metrics.ALPHA, - }, - []string{"state", "enforcement_action"}, - ) - latency := metrics.NewHistogramVec(&metrics.HistogramOpts{ - Namespace: metricsNamespace, - Subsystem: metricsSubsystem, - Name: "check_duration_seconds", - Help: "Validation admission latency for individual validation expressions in seconds, labeled by policy and further including binding, state and enforcement action taken.", - // the bucket distribution here is based oo the benchmark suite at - // github.com/DangerOnTheRanger/cel-benchmark performed on 16-core Intel Xeon - // the lowest bucket was based around the 180ns/op figure for BenchmarkAccess, - // plus some additional leeway to account for the apiserver doing other things - // the largest bucket was chosen based on the fact that benchmarks indicate the - // same Xeon running a CEL expression close to the estimated cost limit takes - // around 760ms, so that bucket should only ever have the slowest CEL expressions - // in it - Buckets: []float64{0.0000005, 0.001, 0.01, 0.1, 1.0}, - StabilityLevel: metrics.ALPHA, - }, - []string{"policy", "policy_binding", "enforcement_action", "state"}, - ) - - legacyregistry.MustRegister(check) - legacyregistry.MustRegister(definition) - legacyregistry.MustRegister(latency) - return &ValidatingAdmissionPolicyMetrics{policyCheck: check, policyDefinition: definition, policyLatency: latency} -} - -// Reset resets all validation admission-related Prometheus metrics. -func (m *ValidatingAdmissionPolicyMetrics) Reset() { - m.policyCheck.Reset() - m.policyDefinition.Reset() - m.policyLatency.Reset() -} - -// ObserveDefinition observes a policy definition. -func (m *ValidatingAdmissionPolicyMetrics) ObserveDefinition(ctx context.Context, state, enforcementAction string) { - m.policyDefinition.WithContext(ctx).WithLabelValues(state, enforcementAction).Inc() -} - -// ObserveAdmissionWithError observes a policy validation error that was ignored due to failure policy. -func (m *ValidatingAdmissionPolicyMetrics) ObserveAdmissionWithError(ctx context.Context, elapsed time.Duration, policy, binding, state string) { - m.policyCheck.WithContext(ctx).WithLabelValues(policy, binding, "allow", state).Inc() - m.policyLatency.WithContext(ctx).WithLabelValues(policy, binding, "allow", state).Observe(elapsed.Seconds()) -} - -// ObserveRejection observes a policy validation error that was at least one of the reasons for a deny. -func (m *ValidatingAdmissionPolicyMetrics) ObserveRejection(ctx context.Context, elapsed time.Duration, policy, binding, state string) { - m.policyCheck.WithContext(ctx).WithLabelValues(policy, binding, "deny", state).Inc() - m.policyLatency.WithContext(ctx).WithLabelValues(policy, binding, "deny", state).Observe(elapsed.Seconds()) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/chain.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/chain.go deleted file mode 100644 index f2af01ef3c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/chain.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import "context" - -// chainAdmissionHandler is an instance of admission.NamedHandler that performs admission control using -// a chain of admission handlers -type chainAdmissionHandler []Interface - -// NewChainHandler creates a new chain handler from an array of handlers. Used for testing. -func NewChainHandler(handlers ...Interface) chainAdmissionHandler { - return chainAdmissionHandler(handlers) -} - -// Admit performs an admission control check using a chain of handlers, and returns immediately on first error -func (admissionHandler chainAdmissionHandler) Admit(ctx context.Context, a Attributes, o ObjectInterfaces) error { - for _, handler := range admissionHandler { - if !handler.Handles(a.GetOperation()) { - continue - } - if mutator, ok := handler.(MutationInterface); ok { - err := mutator.Admit(ctx, a, o) - if err != nil { - return err - } - } - } - return nil -} - -// Validate performs an admission control check using a chain of handlers, and returns immediately on first error -func (admissionHandler chainAdmissionHandler) Validate(ctx context.Context, a Attributes, o ObjectInterfaces) error { - for _, handler := range admissionHandler { - if !handler.Handles(a.GetOperation()) { - continue - } - if validator, ok := handler.(ValidationInterface); ok { - err := validator.Validate(ctx, a, o) - if err != nil { - return err - } - } - } - return nil -} - -// Handles will return true if any of the handlers handles the given operation -func (admissionHandler chainAdmissionHandler) Handles(operation Operation) bool { - for _, handler := range admissionHandler { - if handler.Handles(operation) { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/config.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/config.go deleted file mode 100644 index 43613321b9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/config.go +++ /dev/null @@ -1,175 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "bytes" - "fmt" - "io" - "io/ioutil" - "os" - "path" - "path/filepath" - - "k8s.io/klog/v2" - "sigs.k8s.io/yaml" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/apis/apiserver" - apiserverv1 "k8s.io/apiserver/pkg/apis/apiserver/v1" -) - -func makeAbs(path, base string) (string, error) { - if filepath.IsAbs(path) { - return path, nil - } - if len(base) == 0 || base == "." { - cwd, err := os.Getwd() - if err != nil { - return "", err - } - base = cwd - } - return filepath.Join(base, path), nil -} - -// ReadAdmissionConfiguration reads the admission configuration at the specified path. -// It returns the loaded admission configuration if the input file aligns with the required syntax. -// If it does not align with the provided syntax, it returns a default configuration for the enumerated -// set of pluginNames whose config location references the specified configFilePath. -// It does this to preserve backward compatibility when admission control files were opaque. -// It returns an error if the file did not exist. -func ReadAdmissionConfiguration(pluginNames []string, configFilePath string, configScheme *runtime.Scheme) (ConfigProvider, error) { - if configFilePath == "" { - return configProvider{config: &apiserver.AdmissionConfiguration{}}, nil - } - // a file was provided, so we just read it. - data, err := ioutil.ReadFile(configFilePath) - if err != nil { - return nil, fmt.Errorf("unable to read admission control configuration from %q [%v]", configFilePath, err) - } - codecs := serializer.NewCodecFactory(configScheme) - decoder := codecs.UniversalDecoder() - decodedObj, err := runtime.Decode(decoder, data) - // we were able to decode the file successfully - if err == nil { - decodedConfig, ok := decodedObj.(*apiserver.AdmissionConfiguration) - if !ok { - return nil, fmt.Errorf("unexpected type: %T", decodedObj) - } - baseDir := path.Dir(configFilePath) - for i := range decodedConfig.Plugins { - if decodedConfig.Plugins[i].Path == "" { - continue - } - // we update relative file paths to absolute paths - absPath, err := makeAbs(decodedConfig.Plugins[i].Path, baseDir) - if err != nil { - return nil, err - } - decodedConfig.Plugins[i].Path = absPath - } - return configProvider{ - config: decodedConfig, - }, nil - } - // we got an error where the decode wasn't related to a missing type - if !(runtime.IsMissingVersion(err) || runtime.IsMissingKind(err) || runtime.IsNotRegisteredError(err)) { - return nil, err - } - - // Only tolerate load errors if the file appears to be one of the two legacy plugin configs - unstructuredData := map[string]interface{}{} - if err2 := yaml.Unmarshal(data, &unstructuredData); err2 != nil { - return nil, err - } - _, isLegacyImagePolicy := unstructuredData["imagePolicy"] - _, isLegacyPodNodeSelector := unstructuredData["podNodeSelectorPluginConfig"] - if !isLegacyImagePolicy && !isLegacyPodNodeSelector { - return nil, err - } - - // convert the legacy format to the new admission control format - // in order to preserve backwards compatibility, we set plugins that - // previously read input from a non-versioned file configuration to the - // current input file. - legacyPluginsWithUnversionedConfig := sets.NewString("ImagePolicyWebhook", "PodNodeSelector") - externalConfig := &apiserverv1.AdmissionConfiguration{} - for _, pluginName := range pluginNames { - if legacyPluginsWithUnversionedConfig.Has(pluginName) { - externalConfig.Plugins = append(externalConfig.Plugins, - apiserverv1.AdmissionPluginConfiguration{ - Name: pluginName, - Path: configFilePath}) - } - } - configScheme.Default(externalConfig) - internalConfig := &apiserver.AdmissionConfiguration{} - if err := configScheme.Convert(externalConfig, internalConfig, nil); err != nil { - return nil, err - } - return configProvider{ - config: internalConfig, - }, nil -} - -type configProvider struct { - config *apiserver.AdmissionConfiguration -} - -// GetAdmissionPluginConfigurationFor returns a reader that holds the admission plugin configuration. -func GetAdmissionPluginConfigurationFor(pluginCfg apiserver.AdmissionPluginConfiguration) (io.Reader, error) { - // if there is a nest object, return it directly - if pluginCfg.Configuration != nil { - return bytes.NewBuffer(pluginCfg.Configuration.Raw), nil - } - // there is nothing nested, so we delegate to path - if pluginCfg.Path != "" { - content, err := ioutil.ReadFile(pluginCfg.Path) - if err != nil { - klog.Fatalf("Couldn't open admission plugin configuration %s: %#v", pluginCfg.Path, err) - return nil, err - } - return bytes.NewBuffer(content), nil - } - // there is no special config at all - return nil, nil -} - -// ConfigFor returns a reader for the specified plugin. -// If no specific configuration is present, we return a nil reader. -func (p configProvider) ConfigFor(pluginName string) (io.Reader, error) { - // there is no config, so there is no potential config - if p.config == nil { - return nil, nil - } - // look for matching plugin and get configuration - for _, pluginCfg := range p.config.Plugins { - if pluginName != pluginCfg.Name { - continue - } - pluginConfig, err := GetAdmissionPluginConfigurationFor(pluginCfg) - if err != nil { - return nil, err - } - return pluginConfig, nil - } - // there is no registered config that matches on plugin name. - return nil, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/configuration_manager.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/configuration_manager.go deleted file mode 100644 index 4c4bf74c92..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/configuration_manager.go +++ /dev/null @@ -1,166 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package configuration - -import ( - "fmt" - "sync" - "time" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/wait" -) - -const ( - defaultInterval = 1 * time.Second - defaultFailureThreshold = 5 - defaultBootstrapRetries = 5 - defaultBootstrapGraceperiod = 5 * time.Second -) - -var ( - ErrNotReady = fmt.Errorf("configuration is not ready") - ErrDisabled = fmt.Errorf("disabled") -) - -type getFunc func() (runtime.Object, error) - -// When running, poller calls `get` every `interval`. If `get` is -// successful, `Ready()` returns ready and `configuration()` returns the -// `mergedConfiguration`; if `get` has failed more than `failureThreshold ` times, -// `Ready()` returns not ready and `configuration()` returns nil configuration. -// In an HA setup, the poller is consistent only if the `get` is -// doing consistent read. -type poller struct { - // a function to consistently read the latest configuration - get getFunc - // consistent read interval - // read-only - interval time.Duration - // if the number of consecutive read failure equals or exceeds the failureThreshold , the - // configuration is regarded as not ready. - // read-only - failureThreshold int - // number of consecutive failures so far. - failures int - // If the poller has passed the bootstrap phase. The poller is considered - // bootstrapped either bootstrapGracePeriod after the first call of - // configuration(), or when setConfigurationAndReady() is called, whichever - // comes first. - bootstrapped bool - // configuration() retries bootstrapRetries times if poller is not bootstrapped - // read-only - bootstrapRetries int - // Grace period for bootstrapping - // read-only - bootstrapGracePeriod time.Duration - once sync.Once - // if the configuration is regarded as ready. - ready bool - mergedConfiguration runtime.Object - lastErr error - // lock must be hold when reading/writing the data fields of poller. - lock sync.RWMutex -} - -func newPoller(get getFunc) *poller { - p := poller{ - get: get, - interval: defaultInterval, - failureThreshold: defaultFailureThreshold, - bootstrapRetries: defaultBootstrapRetries, - bootstrapGracePeriod: defaultBootstrapGraceperiod, - } - return &p -} - -func (a *poller) lastError(err error) { - a.lock.Lock() - defer a.lock.Unlock() - a.lastErr = err -} - -func (a *poller) notReady() { - a.lock.Lock() - defer a.lock.Unlock() - a.ready = false -} - -func (a *poller) bootstrapping() { - // bootstrapGracePeriod is read-only, so no lock is required - timer := time.NewTimer(a.bootstrapGracePeriod) - go func() { - defer timer.Stop() - <-timer.C - a.lock.Lock() - defer a.lock.Unlock() - a.bootstrapped = true - }() -} - -// If the poller is not bootstrapped yet, the configuration() gets a few chances -// to retry. This hides transient failures during system startup. -func (a *poller) configuration() (runtime.Object, error) { - a.once.Do(a.bootstrapping) - a.lock.RLock() - defer a.lock.RUnlock() - retries := 1 - if !a.bootstrapped { - retries = a.bootstrapRetries - } - for count := 0; count < retries; count++ { - if count > 0 { - a.lock.RUnlock() - time.Sleep(a.interval) - a.lock.RLock() - } - if a.ready { - return a.mergedConfiguration, nil - } - } - if a.lastErr != nil { - return nil, a.lastErr - } - return nil, ErrNotReady -} - -func (a *poller) setConfigurationAndReady(value runtime.Object) { - a.lock.Lock() - defer a.lock.Unlock() - a.bootstrapped = true - a.mergedConfiguration = value - a.ready = true - a.lastErr = nil -} - -func (a *poller) Run(stopCh <-chan struct{}) { - go wait.Until(a.sync, a.interval, stopCh) -} - -func (a *poller) sync() { - configuration, err := a.get() - if err != nil { - a.failures++ - a.lastError(err) - if a.failures >= a.failureThreshold { - a.notReady() - } - return - } - a.failures = 0 - a.setConfigurationAndReady(configuration) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager.go deleted file mode 100644 index ea58e6c326..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package configuration - -import ( - "fmt" - "sort" - "sync/atomic" - - "k8s.io/api/admissionregistration/v1" - "k8s.io/apimachinery/pkg/labels" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/admission/plugin/webhook" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" - "k8s.io/client-go/informers" - admissionregistrationlisters "k8s.io/client-go/listers/admissionregistration/v1" - "k8s.io/client-go/tools/cache" -) - -// mutatingWebhookConfigurationManager collects the mutating webhook objects so that they can be called. -type mutatingWebhookConfigurationManager struct { - configuration *atomic.Value - lister admissionregistrationlisters.MutatingWebhookConfigurationLister - hasSynced func() bool - // initialConfigurationSynced tracks if - // the existing webhook configs have been synced (honored) by the - // manager at startup-- the informer has synced and either has no items - // or has finished executing updateConfiguration() once. - initialConfigurationSynced *atomic.Bool -} - -var _ generic.Source = &mutatingWebhookConfigurationManager{} - -func NewMutatingWebhookConfigurationManager(f informers.SharedInformerFactory) generic.Source { - informer := f.Admissionregistration().V1().MutatingWebhookConfigurations() - manager := &mutatingWebhookConfigurationManager{ - configuration: &atomic.Value{}, - lister: informer.Lister(), - hasSynced: informer.Informer().HasSynced, - initialConfigurationSynced: &atomic.Bool{}, - } - - // Start with an empty list - manager.configuration.Store([]webhook.WebhookAccessor{}) - manager.initialConfigurationSynced.Store(false) - - // On any change, rebuild the config - informer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(_ interface{}) { manager.updateConfiguration() }, - UpdateFunc: func(_, _ interface{}) { manager.updateConfiguration() }, - DeleteFunc: func(_ interface{}) { manager.updateConfiguration() }, - }) - - return manager -} - -// Webhooks returns the merged MutatingWebhookConfiguration. -func (m *mutatingWebhookConfigurationManager) Webhooks() []webhook.WebhookAccessor { - return m.configuration.Load().([]webhook.WebhookAccessor) -} - -// HasSynced returns true when the manager is synced with existing webhookconfig -// objects at startup-- which means the informer is synced and either has no items -// or updateConfiguration() has completed. -func (m *mutatingWebhookConfigurationManager) HasSynced() bool { - if !m.hasSynced() { - return false - } - if m.initialConfigurationSynced.Load() { - // the informer has synced and configuration has been updated - return true - } - if configurations, err := m.lister.List(labels.Everything()); err == nil && len(configurations) == 0 { - // the empty list we initially stored is valid to use. - // Setting initialConfigurationSynced to true, so subsequent checks - // would be able to take the fast path on the atomic boolean in a - // cluster without any admission webhooks configured. - m.initialConfigurationSynced.Store(true) - // the informer has synced and we don't have any items - return true - } - return false -} - -func (m *mutatingWebhookConfigurationManager) updateConfiguration() { - configurations, err := m.lister.List(labels.Everything()) - if err != nil { - utilruntime.HandleError(fmt.Errorf("error updating configuration: %v", err)) - return - } - m.configuration.Store(mergeMutatingWebhookConfigurations(configurations)) - m.initialConfigurationSynced.Store(true) -} - -func mergeMutatingWebhookConfigurations(configurations []*v1.MutatingWebhookConfiguration) []webhook.WebhookAccessor { - // The internal order of webhooks for each configuration is provided by the user - // but configurations themselves can be in any order. As we are going to run these - // webhooks in serial, they are sorted here to have a deterministic order. - sort.SliceStable(configurations, MutatingWebhookConfigurationSorter(configurations).ByName) - accessors := []webhook.WebhookAccessor{} - for _, c := range configurations { - // webhook names are not validated for uniqueness, so we check for duplicates and - // add a int suffix to distinguish between them - names := map[string]int{} - for i := range c.Webhooks { - n := c.Webhooks[i].Name - uid := fmt.Sprintf("%s/%s/%d", c.Name, n, names[n]) - names[n]++ - accessors = append(accessors, webhook.NewMutatingWebhookAccessor(uid, c.Name, &c.Webhooks[i])) - } - } - return accessors -} - -type MutatingWebhookConfigurationSorter []*v1.MutatingWebhookConfiguration - -func (a MutatingWebhookConfigurationSorter) ByName(i, j int) bool { - return a[i].Name < a[j].Name -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager.go deleted file mode 100644 index 00f954251f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager.go +++ /dev/null @@ -1,131 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package configuration - -import ( - "fmt" - "sort" - "sync/atomic" - - "k8s.io/api/admissionregistration/v1" - "k8s.io/apimachinery/pkg/labels" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/admission/plugin/webhook" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" - "k8s.io/client-go/informers" - admissionregistrationlisters "k8s.io/client-go/listers/admissionregistration/v1" - "k8s.io/client-go/tools/cache" -) - -// validatingWebhookConfigurationManager collects the validating webhook objects so that they can be called. -type validatingWebhookConfigurationManager struct { - configuration *atomic.Value - lister admissionregistrationlisters.ValidatingWebhookConfigurationLister - hasSynced func() bool - // initialConfigurationSynced tracks if - // the existing webhook configs have been synced (honored) by the - // manager at startup-- the informer has synced and either has no items - // or has finished executing updateConfiguration() once. - initialConfigurationSynced *atomic.Bool -} - -var _ generic.Source = &validatingWebhookConfigurationManager{} - -func NewValidatingWebhookConfigurationManager(f informers.SharedInformerFactory) generic.Source { - informer := f.Admissionregistration().V1().ValidatingWebhookConfigurations() - manager := &validatingWebhookConfigurationManager{ - configuration: &atomic.Value{}, - lister: informer.Lister(), - hasSynced: informer.Informer().HasSynced, - initialConfigurationSynced: &atomic.Bool{}, - } - - // Start with an empty list - manager.configuration.Store([]webhook.WebhookAccessor{}) - manager.initialConfigurationSynced.Store(false) - - // On any change, rebuild the config - informer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(_ interface{}) { manager.updateConfiguration() }, - UpdateFunc: func(_, _ interface{}) { manager.updateConfiguration() }, - DeleteFunc: func(_ interface{}) { manager.updateConfiguration() }, - }) - - return manager -} - -// Webhooks returns the merged ValidatingWebhookConfiguration. -func (v *validatingWebhookConfigurationManager) Webhooks() []webhook.WebhookAccessor { - return v.configuration.Load().([]webhook.WebhookAccessor) -} - -// HasSynced returns true when the manager is synced with existing webhookconfig -// objects at startup-- which means the informer is synced and either has no items -// or updateConfiguration() has completed. -func (v *validatingWebhookConfigurationManager) HasSynced() bool { - if !v.hasSynced() { - return false - } - if v.initialConfigurationSynced.Load() { - // the informer has synced and configuration has been updated - return true - } - if configurations, err := v.lister.List(labels.Everything()); err == nil && len(configurations) == 0 { - // the empty list we initially stored is valid to use. - // Setting initialConfigurationSynced to true, so subsequent checks - // would be able to take the fast path on the atomic boolean in a - // cluster without any admission webhooks configured. - v.initialConfigurationSynced.Store(true) - // the informer has synced and we don't have any items - return true - } - return false - -} - -func (v *validatingWebhookConfigurationManager) updateConfiguration() { - configurations, err := v.lister.List(labels.Everything()) - if err != nil { - utilruntime.HandleError(fmt.Errorf("error updating configuration: %v", err)) - return - } - v.configuration.Store(mergeValidatingWebhookConfigurations(configurations)) - v.initialConfigurationSynced.Store(true) -} - -func mergeValidatingWebhookConfigurations(configurations []*v1.ValidatingWebhookConfiguration) []webhook.WebhookAccessor { - sort.SliceStable(configurations, ValidatingWebhookConfigurationSorter(configurations).ByName) - accessors := []webhook.WebhookAccessor{} - for _, c := range configurations { - // webhook names are not validated for uniqueness, so we check for duplicates and - // add a int suffix to distinguish between them - names := map[string]int{} - for i := range c.Webhooks { - n := c.Webhooks[i].Name - uid := fmt.Sprintf("%s/%s/%d", c.Name, n, names[n]) - names[n]++ - accessors = append(accessors, webhook.NewValidatingWebhookAccessor(uid, c.Name, &c.Webhooks[i])) - } - } - return accessors -} - -type ValidatingWebhookConfigurationSorter []*v1.ValidatingWebhookConfiguration - -func (a ValidatingWebhookConfigurationSorter) ByName(i, j int) bool { - return a[i].Name < a[j].Name -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/decorator.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/decorator.go deleted file mode 100644 index a4b0b28b55..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/decorator.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -type Decorator interface { - Decorate(handler Interface, name string) Interface -} - -type DecoratorFunc func(handler Interface, name string) Interface - -func (d DecoratorFunc) Decorate(handler Interface, name string) Interface { - return d(handler, name) -} - -type Decorators []Decorator - -// Decorate applies the decorator in inside-out order, i.e. the first decorator in the slice is first applied to the given handler. -func (d Decorators) Decorate(handler Interface, name string) Interface { - result := handler - for _, d := range d { - result = d.Decorate(result, name) - } - - return result -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/errors.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/errors.go deleted file mode 100644 index 9a069a2c99..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/errors.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime/schema" - utilerrors "k8s.io/apimachinery/pkg/util/errors" -) - -func extractResourceName(a Attributes) (name string, resource schema.GroupResource, err error) { - resource = a.GetResource().GroupResource() - - if len(a.GetName()) > 0 { - return a.GetName(), resource, nil - } - - name = "Unknown" - obj := a.GetObject() - if obj != nil { - accessor, err := meta.Accessor(obj) - if err != nil { - // not all object have ObjectMeta. If we don't, return a name with a slash (always illegal) - return "Unknown/errorGettingName", resource, nil - } - - // this is necessary because name object name generation has not occurred yet - if len(accessor.GetName()) > 0 { - name = accessor.GetName() - } else if len(accessor.GetGenerateName()) > 0 { - name = accessor.GetGenerateName() - } - } - return name, resource, nil -} - -// NewForbidden is a utility function to return a well-formatted admission control error response -func NewForbidden(a Attributes, internalError error) error { - // do not double wrap an error of same type - if apierrors.IsForbidden(internalError) { - return internalError - } - name, resource, err := extractResourceName(a) - if err != nil { - return apierrors.NewInternalError(utilerrors.NewAggregate([]error{internalError, err})) - } - return apierrors.NewForbidden(resource, name, internalError) -} - -// NewNotFound is a utility function to return a well-formatted admission control error response -func NewNotFound(a Attributes) error { - name, resource, err := extractResourceName(a) - if err != nil { - return apierrors.NewInternalError(err) - } - return apierrors.NewNotFound(resource, name) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/handler.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/handler.go deleted file mode 100644 index d2a9e7d4cf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/handler.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "time" - - "k8s.io/apimachinery/pkg/util/sets" -) - -const ( - // timeToWaitForReady is the amount of time to wait to let an admission controller to be ready to satisfy a request. - // this is useful when admission controllers need to warm their caches before letting requests through. - timeToWaitForReady = 10 * time.Second -) - -// ReadyFunc is a function that returns true if the admission controller is ready to handle requests. -type ReadyFunc func() bool - -// Handler is a base for admission control handlers that -// support a predefined set of operations -type Handler struct { - operations sets.String - readyFunc ReadyFunc -} - -// Handles returns true for methods that this handler supports -func (h *Handler) Handles(operation Operation) bool { - return h.operations.Has(string(operation)) -} - -// NewHandler creates a new base handler that handles the passed -// in operations -func NewHandler(ops ...Operation) *Handler { - operations := sets.NewString() - for _, op := range ops { - operations.Insert(string(op)) - } - return &Handler{ - operations: operations, - } -} - -// SetReadyFunc allows late registration of a ReadyFunc to know if the handler is ready to process requests. -func (h *Handler) SetReadyFunc(readyFunc ReadyFunc) { - h.readyFunc = readyFunc -} - -// WaitForReady will wait for the readyFunc (if registered) to return ready, and in case of timeout, will return false. -func (h *Handler) WaitForReady() bool { - // there is no ready func configured, so we return immediately - if h.readyFunc == nil { - return true - } - - timeout := time.After(timeToWaitForReady) - for !h.readyFunc() { - select { - case <-time.After(100 * time.Millisecond): - case <-timeout: - return h.readyFunc() - } - } - return true -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/initializer/initializer.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/initializer/initializer.go deleted file mode 100644 index 2d293d79ac..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/initializer/initializer.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package initializer - -import ( - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - "k8s.io/component-base/featuregate" -) - -type pluginInitializer struct { - externalClient kubernetes.Interface - dynamicClient dynamic.Interface - externalInformers informers.SharedInformerFactory - authorizer authorizer.Authorizer - featureGates featuregate.FeatureGate - stopCh <-chan struct{} -} - -// New creates an instance of admission plugins initializer. -// This constructor is public with a long param list so that callers immediately know that new information can be expected -// during compilation when they update a level. -func New( - extClientset kubernetes.Interface, - dynamicClient dynamic.Interface, - extInformers informers.SharedInformerFactory, - authz authorizer.Authorizer, - featureGates featuregate.FeatureGate, - stopCh <-chan struct{}, -) pluginInitializer { - return pluginInitializer{ - externalClient: extClientset, - dynamicClient: dynamicClient, - externalInformers: extInformers, - authorizer: authz, - featureGates: featureGates, - stopCh: stopCh, - } -} - -// Initialize checks the initialization interfaces implemented by a plugin -// and provide the appropriate initialization data -func (i pluginInitializer) Initialize(plugin admission.Interface) { - // First tell the plugin about drained notification, so it can pass it to further initializations. - if wants, ok := plugin.(WantsDrainedNotification); ok { - wants.SetDrainedNotification(i.stopCh) - } - - // Second tell the plugin about enabled features, so it can decide whether to start informers or not - if wants, ok := plugin.(WantsFeatures); ok { - wants.InspectFeatureGates(i.featureGates) - } - - if wants, ok := plugin.(WantsExternalKubeClientSet); ok { - wants.SetExternalKubeClientSet(i.externalClient) - } - - if wants, ok := plugin.(WantsDynamicClient); ok { - wants.SetDynamicClient(i.dynamicClient) - } - - if wants, ok := plugin.(WantsExternalKubeInformerFactory); ok { - wants.SetExternalKubeInformerFactory(i.externalInformers) - } - - if wants, ok := plugin.(WantsAuthorizer); ok { - wants.SetAuthorizer(i.authorizer) - } -} - -var _ admission.PluginInitializer = pluginInitializer{} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/initializer/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/initializer/interfaces.go deleted file mode 100644 index 2a6632c3ed..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/initializer/interfaces.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package initializer - -import ( - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/authorization/authorizer" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - "k8s.io/component-base/featuregate" -) - -// WantsExternalKubeClientSet defines a function which sets external ClientSet for admission plugins that need it -type WantsExternalKubeClientSet interface { - SetExternalKubeClientSet(kubernetes.Interface) - admission.InitializationValidator -} - -// WantsExternalKubeInformerFactory defines a function which sets InformerFactory for admission plugins that need it -type WantsExternalKubeInformerFactory interface { - SetExternalKubeInformerFactory(informers.SharedInformerFactory) - admission.InitializationValidator -} - -// WantsAuthorizer defines a function which sets Authorizer for admission plugins that need it. -type WantsAuthorizer interface { - SetAuthorizer(authorizer.Authorizer) - admission.InitializationValidator -} - -// WantsQuotaConfiguration defines a function which sets quota configuration for admission plugins that need it. -type WantsQuotaConfiguration interface { - SetQuotaConfiguration(quota.Configuration) - admission.InitializationValidator -} - -// WantsDrainedNotification defines a function which sets the notification of where the apiserver -// has already been drained for admission plugins that need it. -// After receiving that notification, Admit/Validate calls won't be called anymore. -type WantsDrainedNotification interface { - SetDrainedNotification(<-chan struct{}) - admission.InitializationValidator -} - -// WantsFeatureGate defines a function which passes the featureGates for inspection by an admission plugin. -// Admission plugins should not hold a reference to the featureGates. Instead, they should query a particular one -// and assign it to a simple bool in the admission plugin struct. -// -// func (a *admissionPlugin) InspectFeatureGates(features featuregate.FeatureGate){ -// a.myFeatureIsOn = features.Enabled("my-feature") -// } -type WantsFeatures interface { - InspectFeatureGates(featuregate.FeatureGate) - admission.InitializationValidator -} - -type WantsDynamicClient interface { - SetDynamicClient(dynamic.Interface) - admission.InitializationValidator -} - -// WantsRESTMapper defines a function which sets RESTMapper for admission plugins that need it. -type WantsRESTMapper interface { - SetRESTMapper(meta.RESTMapper) - admission.InitializationValidator -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/interfaces.go deleted file mode 100644 index ba979c973f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/interfaces.go +++ /dev/null @@ -1,172 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "context" - "io" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/authentication/user" -) - -// Attributes is an interface used by AdmissionController to get information about a request -// that is used to make an admission decision. -type Attributes interface { - // GetName returns the name of the object as presented in the request. On a CREATE operation, the client - // may omit name and rely on the server to generate the name. If that is the case, this method will return - // the empty string - GetName() string - // GetNamespace is the namespace associated with the request (if any) - GetNamespace() string - // GetResource is the name of the resource being requested. This is not the kind. For example: pods - GetResource() schema.GroupVersionResource - // GetSubresource is the name of the subresource being requested. This is a different resource, scoped to the parent resource, but it may have a different kind. - // For instance, /pods has the resource "pods" and the kind "Pod", while /pods/foo/status has the resource "pods", the sub resource "status", and the kind "Pod" - // (because status operates on pods). The binding resource for a pod though may be /pods/foo/binding, which has resource "pods", subresource "binding", and kind "Binding". - GetSubresource() string - // GetOperation is the operation being performed - GetOperation() Operation - // GetOperationOptions is the options for the operation being performed - GetOperationOptions() runtime.Object - // IsDryRun indicates that modifications will definitely not be persisted for this request. This is to prevent - // admission controllers with side effects and a method of reconciliation from being overwhelmed. - // However, a value of false for this does not mean that the modification will be persisted, because it - // could still be rejected by a subsequent validation step. - IsDryRun() bool - // GetObject is the object from the incoming request prior to default values being applied - GetObject() runtime.Object - // GetOldObject is the existing object. Only populated for UPDATE and DELETE requests. - GetOldObject() runtime.Object - // GetKind is the type of object being manipulated. For example: Pod - GetKind() schema.GroupVersionKind - // GetUserInfo is information about the requesting user - GetUserInfo() user.Info - - // AddAnnotation sets annotation according to key-value pair. The key should be qualified, e.g., podsecuritypolicy.admission.k8s.io/admit-policy, where - // "podsecuritypolicy" is the name of the plugin, "admission.k8s.io" is the name of the organization, "admit-policy" is the key name. - // An error is returned if the format of key is invalid. When trying to overwrite annotation with a new value, an error is returned. - // Both ValidationInterface and MutationInterface are allowed to add Annotations. - // By default, an annotation gets logged into audit event if the request's audit level is greater or - // equal to Metadata. - AddAnnotation(key, value string) error - - // AddAnnotationWithLevel sets annotation according to key-value pair with additional intended audit level. - // An Annotation gets logged into audit event if the request's audit level is greater or equal to the - // intended audit level. - AddAnnotationWithLevel(key, value string, level auditinternal.Level) error - - // GetReinvocationContext tracks the admission request information relevant to the re-invocation policy. - GetReinvocationContext() ReinvocationContext -} - -// ObjectInterfaces is an interface used by AdmissionController to get object interfaces -// such as Converter or Defaulter. These interfaces are normally coming from Request Scope -// to handle special cases like CRDs. -type ObjectInterfaces interface { - // GetObjectCreater is the ObjectCreator appropriate for the requested object. - GetObjectCreater() runtime.ObjectCreater - // GetObjectTyper is the ObjectTyper appropriate for the requested object. - GetObjectTyper() runtime.ObjectTyper - // GetObjectDefaulter is the ObjectDefaulter appropriate for the requested object. - GetObjectDefaulter() runtime.ObjectDefaulter - // GetObjectConvertor is the ObjectConvertor appropriate for the requested object. - GetObjectConvertor() runtime.ObjectConvertor - // GetEquivalentResourceMapper is the EquivalentResourceMapper appropriate for finding equivalent resources and expected kind for the requested object. - GetEquivalentResourceMapper() runtime.EquivalentResourceMapper -} - -// privateAnnotationsGetter is a private interface which allows users to get annotations from Attributes. -type privateAnnotationsGetter interface { - getAnnotations(maxLevel auditinternal.Level) map[string]string -} - -// AnnotationsGetter allows users to get annotations from Attributes. An alternate Attribute should implement -// this interface. -type AnnotationsGetter interface { - GetAnnotations(maxLevel auditinternal.Level) map[string]string -} - -// ReinvocationContext provides access to the admission related state required to implement the re-invocation policy. -type ReinvocationContext interface { - // IsReinvoke returns true if the current admission check is a re-invocation. - IsReinvoke() bool - // SetIsReinvoke sets the current admission check as a re-invocation. - SetIsReinvoke() - // ShouldReinvoke returns true if any plugin has requested a re-invocation. - ShouldReinvoke() bool - // SetShouldReinvoke signals that a re-invocation is desired. - SetShouldReinvoke() - // AddValue set a value for a plugin name, possibly overriding a previous value. - SetValue(plugin string, v interface{}) - // Value reads a value for a webhook. - Value(plugin string) interface{} -} - -// Interface is an abstract, pluggable interface for Admission Control decisions. -type Interface interface { - // Handles returns true if this admission controller can handle the given operation - // where operation can be one of CREATE, UPDATE, DELETE, or CONNECT - Handles(operation Operation) bool -} - -type MutationInterface interface { - Interface - - // Admit makes an admission decision based on the request attributes. - // Context is used only for timeout/deadline/cancellation and tracing information. - Admit(ctx context.Context, a Attributes, o ObjectInterfaces) (err error) -} - -// ValidationInterface is an abstract, pluggable interface for Admission Control decisions. -type ValidationInterface interface { - Interface - - // Validate makes an admission decision based on the request attributes. It is NOT allowed to mutate - // Context is used only for timeout/deadline/cancellation and tracing information. - Validate(ctx context.Context, a Attributes, o ObjectInterfaces) (err error) -} - -// Operation is the type of resource operation being checked for admission control -type Operation string - -// Operation constants -const ( - Create Operation = "CREATE" - Update Operation = "UPDATE" - Delete Operation = "DELETE" - Connect Operation = "CONNECT" -) - -// PluginInitializer is used for initialization of shareable resources between admission plugins. -// After initialization the resources have to be set separately -type PluginInitializer interface { - Initialize(plugin Interface) -} - -// InitializationValidator holds ValidateInitialization functions, which are responsible for validation of initialized -// shared resources and should be implemented on admission plugins -type InitializationValidator interface { - ValidateInitialization() error -} - -// ConfigProvider provides a way to get configuration for an admission plugin based on its name -type ConfigProvider interface { - ConfigFor(pluginName string) (io.Reader, error) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/metrics/metrics.go deleted file mode 100644 index 8482aea880..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/metrics/metrics.go +++ /dev/null @@ -1,298 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "context" - "strconv" - "time" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -// WebhookRejectionErrorType defines different error types that happen in a webhook rejection. -type WebhookRejectionErrorType string - -const ( - namespace = "apiserver" - subsystem = "admission" - - // WebhookRejectionCallingWebhookError identifies a calling webhook error which causes - // a webhook admission to reject a request - WebhookRejectionCallingWebhookError WebhookRejectionErrorType = "calling_webhook_error" - // WebhookRejectionAPIServerInternalError identifies an apiserver internal error which - // causes a webhook admission to reject a request - WebhookRejectionAPIServerInternalError WebhookRejectionErrorType = "apiserver_internal_error" - // WebhookRejectionNoError identifies a webhook properly rejected a request - WebhookRejectionNoError WebhookRejectionErrorType = "no_error" -) - -var ( - latencySummaryMaxAge = 5 * time.Hour - - // Metrics provides access to all admission metrics. - Metrics = newAdmissionMetrics() -) - -// ObserverFunc is a func that emits metrics. -type ObserverFunc func(ctx context.Context, elapsed time.Duration, rejected bool, attr admission.Attributes, stepType string, extraLabels ...string) - -const ( - stepValidate = "validate" - stepAdmit = "admit" -) - -// WithControllerMetrics is a decorator for named admission handlers. -func WithControllerMetrics(i admission.Interface, name string) admission.Interface { - return WithMetrics(i, Metrics.ObserveAdmissionController, name) -} - -// WithStepMetrics is a decorator for a whole admission phase, i.e. admit or validation.admission step. -func WithStepMetrics(i admission.Interface) admission.Interface { - return WithMetrics(i, Metrics.ObserveAdmissionStep) -} - -// WithMetrics is a decorator for admission handlers with a generic observer func. -func WithMetrics(i admission.Interface, observer ObserverFunc, extraLabels ...string) admission.Interface { - return &pluginHandlerWithMetrics{ - Interface: i, - observer: observer, - extraLabels: extraLabels, - } -} - -// pluginHandlerWithMetrics decorates a admission handler with metrics. -type pluginHandlerWithMetrics struct { - admission.Interface - observer ObserverFunc - extraLabels []string -} - -// Admit performs a mutating admission control check and emit metrics. -func (p pluginHandlerWithMetrics) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - mutatingHandler, ok := p.Interface.(admission.MutationInterface) - if !ok { - return nil - } - - start := time.Now() - err := mutatingHandler.Admit(ctx, a, o) - p.observer(ctx, time.Since(start), err != nil, a, stepAdmit, p.extraLabels...) - return err -} - -// Validate performs a non-mutating admission control check and emits metrics. -func (p pluginHandlerWithMetrics) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - validatingHandler, ok := p.Interface.(admission.ValidationInterface) - if !ok { - return nil - } - - start := time.Now() - err := validatingHandler.Validate(ctx, a, o) - p.observer(ctx, time.Since(start), err != nil, a, stepValidate, p.extraLabels...) - return err -} - -// AdmissionMetrics instruments admission with prometheus metrics. -type AdmissionMetrics struct { - step *metricSet - controller *metricSet - webhook *metricSet - webhookRejection *metrics.CounterVec - webhookFailOpen *metrics.CounterVec - webhookRequest *metrics.CounterVec -} - -// newAdmissionMetrics create a new AdmissionMetrics, configured with default metric names. -func newAdmissionMetrics() *AdmissionMetrics { - // Admission metrics for a step of the admission flow. The entire admission flow is broken down into a series of steps - // Each step is identified by a distinct type label value. - // Use buckets ranging from 5 ms to 2.5 seconds. - step := &metricSet{ - latencies: metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "step_admission_duration_seconds", - Help: "Admission sub-step latency histogram in seconds, broken out for each operation and API resource and step type (validate or admit).", - Buckets: []float64{0.005, 0.025, 0.1, 0.5, 1.0, 2.5}, - StabilityLevel: metrics.STABLE, - }, - []string{"type", "operation", "rejected"}, - ), - - latenciesSummary: metrics.NewSummaryVec( - &metrics.SummaryOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "step_admission_duration_seconds_summary", - Help: "Admission sub-step latency summary in seconds, broken out for each operation and API resource and step type (validate or admit).", - MaxAge: latencySummaryMaxAge, - StabilityLevel: metrics.ALPHA, - }, - []string{"type", "operation", "rejected"}, - ), - } - - // Built-in admission controller metrics. Each admission controller is identified by name. - // Use buckets ranging from 5 ms to 2.5 seconds. - controller := &metricSet{ - latencies: metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "controller_admission_duration_seconds", - Help: "Admission controller latency histogram in seconds, identified by name and broken out for each operation and API resource and type (validate or admit).", - Buckets: []float64{0.005, 0.025, 0.1, 0.5, 1.0, 2.5}, - StabilityLevel: metrics.STABLE, - }, - []string{"name", "type", "operation", "rejected"}, - ), - - latenciesSummary: nil, - } - - // Admission webhook metrics. Each webhook is identified by name. - // Use buckets ranging from 5 ms to 2.5 seconds (admission webhooks timeout at 30 seconds by default). - webhook := &metricSet{ - latencies: metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "webhook_admission_duration_seconds", - Help: "Admission webhook latency histogram in seconds, identified by name and broken out for each operation and API resource and type (validate or admit).", - Buckets: []float64{0.005, 0.025, 0.1, 0.5, 1.0, 2.5}, - StabilityLevel: metrics.STABLE, - }, - []string{"name", "type", "operation", "rejected"}, - ), - - latenciesSummary: nil, - } - - webhookRejection := metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "webhook_rejection_count", - Help: "Admission webhook rejection count, identified by name and broken out for each admission type (validating or admit) and operation. Additional labels specify an error type (calling_webhook_error or apiserver_internal_error if an error occurred; no_error otherwise) and optionally a non-zero rejection code if the webhook rejects the request with an HTTP status code (honored by the apiserver when the code is greater or equal to 400). Codes greater than 600 are truncated to 600, to keep the metrics cardinality bounded.", - StabilityLevel: metrics.ALPHA, - }, - []string{"name", "type", "operation", "error_type", "rejection_code"}) - - webhookFailOpen := metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "webhook_fail_open_count", - Help: "Admission webhook fail open count, identified by name and broken out for each admission type (validating or mutating).", - StabilityLevel: metrics.ALPHA, - }, - []string{"name", "type"}) - - webhookRequest := metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "webhook_request_total", - Help: "Admission webhook request total, identified by name and broken out for each admission type (validating or mutating) and operation. Additional labels specify whether the request was rejected or not and an HTTP status code. Codes greater than 600 are truncated to 600, to keep the metrics cardinality bounded.", - StabilityLevel: metrics.ALPHA, - }, - []string{"name", "type", "operation", "code", "rejected"}) - - step.mustRegister() - controller.mustRegister() - webhook.mustRegister() - legacyregistry.MustRegister(webhookRejection) - legacyregistry.MustRegister(webhookFailOpen) - legacyregistry.MustRegister(webhookRequest) - return &AdmissionMetrics{step: step, controller: controller, webhook: webhook, webhookRejection: webhookRejection, webhookFailOpen: webhookFailOpen, webhookRequest: webhookRequest} -} - -func (m *AdmissionMetrics) reset() { - m.step.reset() - m.controller.reset() - m.webhook.reset() -} - -// ObserveAdmissionStep records admission related metrics for a admission step, identified by step type. -func (m *AdmissionMetrics) ObserveAdmissionStep(ctx context.Context, elapsed time.Duration, rejected bool, attr admission.Attributes, stepType string, extraLabels ...string) { - m.step.observe(ctx, elapsed, append(extraLabels, stepType, string(attr.GetOperation()), strconv.FormatBool(rejected))...) -} - -// ObserveAdmissionController records admission related metrics for a built-in admission controller, identified by it's plugin handler name. -func (m *AdmissionMetrics) ObserveAdmissionController(ctx context.Context, elapsed time.Duration, rejected bool, attr admission.Attributes, stepType string, extraLabels ...string) { - m.controller.observe(ctx, elapsed, append(extraLabels, stepType, string(attr.GetOperation()), strconv.FormatBool(rejected))...) -} - -// ObserveWebhook records admission related metrics for a admission webhook. -func (m *AdmissionMetrics) ObserveWebhook(ctx context.Context, name string, elapsed time.Duration, rejected bool, attr admission.Attributes, stepType string, code int) { - // We truncate codes greater than 600 to keep the cardinality bounded. - if code > 600 { - code = 600 - } - m.webhookRequest.WithContext(ctx).WithLabelValues(name, stepType, string(attr.GetOperation()), strconv.Itoa(code), strconv.FormatBool(rejected)).Inc() - m.webhook.observe(ctx, elapsed, name, stepType, string(attr.GetOperation()), strconv.FormatBool(rejected)) -} - -// ObserveWebhookRejection records admission related metrics for an admission webhook rejection. -func (m *AdmissionMetrics) ObserveWebhookRejection(ctx context.Context, name, stepType, operation string, errorType WebhookRejectionErrorType, rejectionCode int) { - // We truncate codes greater than 600 to keep the cardinality bounded. - // This should be rarely done by a malfunctioning webhook server. - if rejectionCode > 600 { - rejectionCode = 600 - } - m.webhookRejection.WithContext(ctx).WithLabelValues(name, stepType, operation, string(errorType), strconv.Itoa(rejectionCode)).Inc() -} - -// ObserveWebhookFailOpen records validating or mutating webhook that fail open. -func (m *AdmissionMetrics) ObserveWebhookFailOpen(ctx context.Context, name, stepType string) { - m.webhookFailOpen.WithContext(ctx).WithLabelValues(name, stepType).Inc() -} - -type metricSet struct { - latencies *metrics.HistogramVec - latenciesSummary *metrics.SummaryVec -} - -// MustRegister registers all the prometheus metrics in the metricSet. -func (m *metricSet) mustRegister() { - legacyregistry.MustRegister(m.latencies) - if m.latenciesSummary != nil { - legacyregistry.MustRegister(m.latenciesSummary) - } -} - -// Reset resets all the prometheus metrics in the metricSet. -func (m *metricSet) reset() { - m.latencies.Reset() - if m.latenciesSummary != nil { - m.latenciesSummary.Reset() - } -} - -// Observe records an observed admission event to all metrics in the metricSet. -func (m *metricSet) observe(ctx context.Context, elapsed time.Duration, labels ...string) { - elapsedSeconds := elapsed.Seconds() - m.latencies.WithContext(ctx).WithLabelValues(labels...).Observe(elapsedSeconds) - if m.latenciesSummary != nil { - m.latenciesSummary.WithContext(ctx).WithLabelValues(labels...).Observe(elapsedSeconds) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission.go deleted file mode 100644 index cec6769c65..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission.go +++ /dev/null @@ -1,242 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package lifecycle - -import ( - "context" - "fmt" - "io" - "time" - - "k8s.io/klog/v2" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - utilcache "k8s.io/apimachinery/pkg/util/cache" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corelisters "k8s.io/client-go/listers/core/v1" - "k8s.io/utils/clock" -) - -const ( - // PluginName indicates the name of admission plug-in - PluginName = "NamespaceLifecycle" - // how long a namespace stays in the force live lookup cache before expiration. - forceLiveLookupTTL = 30 * time.Second - // how long to wait for a missing namespace before re-checking the cache (and then doing a live lookup) - // this accomplishes two things: - // 1. It allows a watch-fed cache time to observe a namespace creation event - // 2. It allows time for a namespace creation to distribute to members of a storage cluster, - // so the live lookup has a better chance of succeeding even if it isn't performed against the leader. - missingNamespaceWait = 50 * time.Millisecond -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewLifecycle(sets.NewString(metav1.NamespaceDefault, metav1.NamespaceSystem, metav1.NamespacePublic, - // user specified configuration that cannot be rebuilt - "openshift-config", - // cluster generated configuration that cannot be rebuilt (etcd encryption keys) - "openshift-config-managed", - // the CVO which is the root we use to rebuild all the rest - "openshift-cluster-version", - // contains a namespaced list of all nodes in the cluster (yeah, weird. they do it for multi-tenant management I think?) - "openshift-machine-api", - )) - }) -} - -// Lifecycle is an implementation of admission.Interface. -// It enforces life-cycle constraints around a Namespace depending on its Phase -type Lifecycle struct { - *admission.Handler - client kubernetes.Interface - immortalNamespaces sets.String - namespaceLister corelisters.NamespaceLister - // forceLiveLookupCache holds a list of entries for namespaces that we have a strong reason to believe are stale in our local cache. - // if a namespace is in this cache, then we will ignore our local state and always fetch latest from api server. - forceLiveLookupCache *utilcache.LRUExpireCache -} - -var _ = initializer.WantsExternalKubeInformerFactory(&Lifecycle{}) -var _ = initializer.WantsExternalKubeClientSet(&Lifecycle{}) - -// Admit makes an admission decision based on the request attributes -func (l *Lifecycle) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - // prevent deletion of immortal namespaces - if a.GetOperation() == admission.Delete && a.GetKind().GroupKind() == v1.SchemeGroupVersion.WithKind("Namespace").GroupKind() && l.immortalNamespaces.Has(a.GetName()) { - return errors.NewForbidden(a.GetResource().GroupResource(), a.GetName(), fmt.Errorf("this namespace may not be deleted")) - } - - // always allow non-namespaced resources - if len(a.GetNamespace()) == 0 && a.GetKind().GroupKind() != v1.SchemeGroupVersion.WithKind("Namespace").GroupKind() { - return nil - } - - if a.GetKind().GroupKind() == v1.SchemeGroupVersion.WithKind("Namespace").GroupKind() { - // if a namespace is deleted, we want to prevent all further creates into it - // while it is undergoing termination. to reduce incidences where the cache - // is slow to update, we add the namespace into a force live lookup list to ensure - // we are not looking at stale state. - if a.GetOperation() == admission.Delete { - l.forceLiveLookupCache.Add(a.GetName(), true, forceLiveLookupTTL) - } - // allow all operations to namespaces - return nil - } - - // always allow deletion of other resources - if a.GetOperation() == admission.Delete { - return nil - } - - // always allow access review checks. Returning status about the namespace would be leaking information - if isAccessReview(a) { - return nil - } - - // we need to wait for our caches to warm - if !l.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - - var ( - exists bool - err error - ) - - namespace, err := l.namespaceLister.Get(a.GetNamespace()) - if err != nil { - if !errors.IsNotFound(err) { - return errors.NewInternalError(err) - } - } else { - exists = true - } - - if !exists && a.GetOperation() == admission.Create { - // give the cache time to observe the namespace before rejecting a create. - // this helps when creating a namespace and immediately creating objects within it. - time.Sleep(missingNamespaceWait) - namespace, err = l.namespaceLister.Get(a.GetNamespace()) - switch { - case errors.IsNotFound(err): - // no-op - case err != nil: - return errors.NewInternalError(err) - default: - exists = true - } - if exists { - klog.V(4).InfoS("Namespace existed in cache after waiting", "namespace", klog.KRef("", a.GetNamespace())) - } - } - - // forceLiveLookup if true will skip looking at local cache state and instead always make a live call to server. - forceLiveLookup := false - if _, ok := l.forceLiveLookupCache.Get(a.GetNamespace()); ok { - // we think the namespace was marked for deletion, but our current local cache says otherwise, we will force a live lookup. - forceLiveLookup = exists && namespace.Status.Phase == v1.NamespaceActive - } - - // refuse to operate on non-existent namespaces - if !exists || forceLiveLookup { - // as a last resort, make a call directly to storage - namespace, err = l.client.CoreV1().Namespaces().Get(context.TODO(), a.GetNamespace(), metav1.GetOptions{}) - switch { - case errors.IsNotFound(err): - return err - case err != nil: - return errors.NewInternalError(err) - } - - klog.V(4).InfoS("Found namespace via storage lookup", "namespace", klog.KRef("", a.GetNamespace())) - } - - // ensure that we're not trying to create objects in terminating namespaces - if a.GetOperation() == admission.Create { - if namespace.Status.Phase != v1.NamespaceTerminating { - return nil - } - - err := admission.NewForbidden(a, fmt.Errorf("unable to create new content in namespace %s because it is being terminated", a.GetNamespace())) - if apierr, ok := err.(*errors.StatusError); ok { - apierr.ErrStatus.Details.Causes = append(apierr.ErrStatus.Details.Causes, metav1.StatusCause{ - Type: v1.NamespaceTerminatingCause, - Message: fmt.Sprintf("namespace %s is being terminated", a.GetNamespace()), - Field: "metadata.namespace", - }) - } - return err - } - - return nil -} - -// NewLifecycle creates a new namespace Lifecycle admission control handler -func NewLifecycle(immortalNamespaces sets.String) (*Lifecycle, error) { - return newLifecycleWithClock(immortalNamespaces, clock.RealClock{}) -} - -func newLifecycleWithClock(immortalNamespaces sets.String, clock utilcache.Clock) (*Lifecycle, error) { - forceLiveLookupCache := utilcache.NewLRUExpireCacheWithClock(100, clock) - return &Lifecycle{ - Handler: admission.NewHandler(admission.Create, admission.Update, admission.Delete), - immortalNamespaces: immortalNamespaces, - forceLiveLookupCache: forceLiveLookupCache, - }, nil -} - -// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface. -func (l *Lifecycle) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - namespaceInformer := f.Core().V1().Namespaces() - l.namespaceLister = namespaceInformer.Lister() - l.SetReadyFunc(namespaceInformer.Informer().HasSynced) -} - -// SetExternalKubeClientSet implements the WantsExternalKubeClientSet interface. -func (l *Lifecycle) SetExternalKubeClientSet(client kubernetes.Interface) { - l.client = client -} - -// ValidateInitialization implements the InitializationValidator interface. -func (l *Lifecycle) ValidateInitialization() error { - if l.namespaceLister == nil { - return fmt.Errorf("missing namespaceLister") - } - if l.client == nil { - return fmt.Errorf("missing client") - } - return nil -} - -// accessReviewResources are resources which give a view into permissions in a namespace. Users must be allowed to create these -// resources because returning "not found" errors allows someone to search for the "people I'm going to fire in 2017" namespace. -var accessReviewResources = map[schema.GroupResource]bool{ - {Group: "authorization.k8s.io", Resource: "localsubjectaccessreviews"}: true, -} - -func isAccessReview(a admission.Attributes) bool { - return accessReviewResources[a.GetResource().GroupResource()] -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/admission.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/admission.go deleted file mode 100644 index 25c266479d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/admission.go +++ /dev/null @@ -1,171 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcequota - -import ( - "context" - "fmt" - "io" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - resourcequotaapi "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" - v1 "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1" - "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/validation" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/apiserver/pkg/quota/v1/generic" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" -) - -// PluginName is a string with the name of the plugin -const PluginName = "ResourceQuota" - -var ( - namespaceGVK = v1.SchemeGroupVersion.WithKind("Namespace").GroupKind() - stopChUnconfiguredErr = fmt.Errorf("quota configuration configured between stop channel") -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, - func(config io.Reader) (admission.Interface, error) { - // load the configuration provided (if any) - configuration, err := LoadConfiguration(config) - if err != nil { - return nil, err - } - // validate the configuration (if any) - if configuration != nil { - if errs := validation.ValidateConfiguration(configuration); len(errs) != 0 { - return nil, errs.ToAggregate() - } - } - return NewResourceQuota(configuration, 5) - }) -} - -// QuotaAdmission implements an admission controller that can enforce quota constraints -type QuotaAdmission struct { - *admission.Handler - config *resourcequotaapi.Configuration - stopCh <-chan struct{} - quotaConfiguration quota.Configuration - numEvaluators int - quotaAccessor *quotaAccessor - evaluator Evaluator - initializationErr error -} - -var _ admission.ValidationInterface = &QuotaAdmission{} -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&QuotaAdmission{}) -var _ = genericadmissioninitializer.WantsExternalKubeClientSet(&QuotaAdmission{}) -var _ = genericadmissioninitializer.WantsQuotaConfiguration(&QuotaAdmission{}) -var _ = genericadmissioninitializer.WantsDrainedNotification(&QuotaAdmission{}) - -type liveLookupEntry struct { - expiry time.Time - items []*corev1.ResourceQuota -} - -// NewResourceQuota configures an admission controller that can enforce quota constraints -// using the provided registry. The registry must have the capability to handle group/kinds that -// are persisted by the server this admission controller is intercepting -func NewResourceQuota(config *resourcequotaapi.Configuration, numEvaluators int) (*QuotaAdmission, error) { - quotaAccessor, err := newQuotaAccessor() - if err != nil { - return nil, err - } - - return &QuotaAdmission{ - Handler: admission.NewHandler(admission.Create, admission.Update), - stopCh: nil, - numEvaluators: numEvaluators, - config: config, - quotaAccessor: quotaAccessor, - }, nil -} - -// SetDrainedNotification sets the stop channel into QuotaAdmission. -func (a *QuotaAdmission) SetDrainedNotification(stopCh <-chan struct{}) { - a.stopCh = stopCh -} - -// SetExternalKubeClientSet registers the client into QuotaAdmission -func (a *QuotaAdmission) SetExternalKubeClientSet(client kubernetes.Interface) { - a.quotaAccessor.client = client -} - -// SetExternalKubeInformerFactory registers an informer factory into QuotaAdmission -func (a *QuotaAdmission) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - a.quotaAccessor.lister = f.Core().V1().ResourceQuotas().Lister() -} - -// SetQuotaConfiguration assigns and initializes configuration and evaluator for QuotaAdmission -func (a *QuotaAdmission) SetQuotaConfiguration(c quota.Configuration) { - a.quotaConfiguration = c - if a.stopCh == nil { - a.initializationErr = stopChUnconfiguredErr - return - } - a.evaluator = NewQuotaEvaluator(a.quotaAccessor, a.quotaConfiguration.IgnoredResources(), generic.NewRegistry(a.quotaConfiguration.Evaluators()), nil, a.config, a.numEvaluators, a.stopCh) -} - -// ValidateInitialization ensures an authorizer is set. -func (a *QuotaAdmission) ValidateInitialization() error { - if a.initializationErr != nil { - return a.initializationErr - } - if a.stopCh == nil { - return fmt.Errorf("missing stopCh") - } - if a.quotaAccessor == nil { - return fmt.Errorf("missing quotaAccessor") - } - if a.quotaAccessor.client == nil { - return fmt.Errorf("missing quotaAccessor.client") - } - if a.quotaAccessor.lister == nil { - return fmt.Errorf("missing quotaAccessor.lister") - } - if a.quotaConfiguration == nil { - return fmt.Errorf("missing quotaConfiguration") - } - if a.evaluator == nil { - return fmt.Errorf("missing evaluator") - } - return nil -} - -// Validate makes admission decisions while enforcing quota -func (a *QuotaAdmission) Validate(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) (err error) { - // ignore all operations that correspond to sub-resource actions - if attr.GetSubresource() != "" { - return nil - } - // ignore all operations that are not namespaced or creation of namespaces - if attr.GetNamespace() == "" || isNamespaceCreation(attr) { - return nil - } - return a.evaluator.Evaluate(attr) -} - -func isNamespaceCreation(attr admission.Attributes) bool { - return attr.GetOperation() == admission.Create && attr.GetKind().GroupKind() == namespaceGVK -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/OWNERS deleted file mode 100644 index bbc16c84ed..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - deads2k - - derekwaynecarr -approvers: - - deads2k - - derekwaynecarr - - smarterclayton diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/doc.go deleted file mode 100644 index b8c0ea047c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package resourcequota // import "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/install/install.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/install/install.go deleted file mode 100644 index 6eabe1809b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - resourcequotaapi "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" - resourcequotav1 "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1" - resourcequotav1alpha1 "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1" - resourcequotav1beta1 "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1" -) - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(resourcequotaapi.AddToScheme(scheme)) - - // v1beta1 and v1alpha1 are in the k8s.io-suffixed group - utilruntime.Must(resourcequotav1beta1.AddToScheme(scheme)) - utilruntime.Must(resourcequotav1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(resourcequotav1beta1.SchemeGroupVersion, resourcequotav1alpha1.SchemeGroupVersion)) - - // v1 is in the config.k8s.io-suffixed group - utilruntime.Must(resourcequotav1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(resourcequotav1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/register.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/register.go deleted file mode 100644 index 4d9735d49d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/register.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcequota - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = SchemeBuilder.AddToScheme -) - -// LegacyGroupName is the group name use in this package -const LegacyGroupName = "resourcequota.admission.k8s.io" - -// LegacySchemeGroupVersion is group version used to register these objects -var LegacySchemeGroupVersion = schema.GroupVersion{Group: LegacyGroupName, Version: runtime.APIVersionInternal} - -// GroupName is the group name use in this package -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(LegacySchemeGroupVersion, - &Configuration{}, - ) - scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("ResourceQuotaConfiguration"), - &Configuration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/types.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/types.go deleted file mode 100644 index b8ffc10421..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/types.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcequota - -import ( - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the ResourceQuota admission controller. -type Configuration struct { - metav1.TypeMeta - - // LimitedResources whose consumption is limited by default. - // +optional - LimitedResources []LimitedResource -} - -// LimitedResource matches a resource whose consumption is limited by default. -// To consume the resource, there must exist an associated quota that limits -// its consumption. -type LimitedResource struct { - - // APIGroup is the name of the APIGroup that contains the limited resource. - // +optional - APIGroup string `json:"apiGroup,omitempty"` - - // Resource is the name of the resource this rule applies to. - // For example, if the administrator wants to limit consumption - // of a storage resource associated with persistent volume claims, - // the value would be "persistentvolumeclaims". - Resource string `json:"resource"` - - // For each intercepted request, the quota system will evaluate - // its resource usage. It will iterate through each resource consumed - // and if the resource contains any substring in this listing, the - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // that a quota must exist to consume persistent volume claims associated - // with any storage class, the list would include - // ".storageclass.storage.k8s.io/requests.storage" - MatchContains []string - - // For each intercepted request, the quota system will figure out if the input object - // satisfies a scope which is present in this listing, then - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // a quota must exist to create a pod with "cluster-services" priorityclass - // the list would include - // "PriorityClassNameIn=cluster-services" - // +optional - // MatchScopes []string `json:"matchScopes,omitempty"` - MatchScopes []corev1.ScopedResourceSelectorRequirement `json:"matchScopes,omitempty"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/defaults.go deleted file mode 100644 index 1a2f1b4440..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import kruntime "k8s.io/apimachinery/pkg/runtime" - -func addDefaultingFuncs(scheme *kruntime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_Configuration(obj *Configuration) {} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/doc.go deleted file mode 100644 index 4eaeff77ad..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota -// +k8s:defaulter-gen=TypeMeta -// +groupName=resourcequota.admission.k8s.io - -// Package v1 is the v1 version of the API. -package v1 // import "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/register.go deleted file mode 100644 index 04969a1629..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/register.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("ResourceQuotaConfiguration"), &Configuration{}) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/types.go deleted file mode 100644 index e703724c65..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/types.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the ResourceQuota admission controller. -type Configuration struct { - metav1.TypeMeta `json:",inline"` - - // LimitedResources whose consumption is limited by default. - // +optional - LimitedResources []LimitedResource `json:"limitedResources"` -} - -// LimitedResource matches a resource whose consumption is limited by default. -// To consume the resource, there must exist an associated quota that limits -// its consumption. -type LimitedResource struct { - - // APIGroup is the name of the APIGroup that contains the limited resource. - // +optional - APIGroup string `json:"apiGroup,omitempty"` - - // Resource is the name of the resource this rule applies to. - // For example, if the administrator wants to limit consumption - // of a storage resource associated with persistent volume claims, - // the value would be "persistentvolumeclaims". - Resource string `json:"resource"` - - // For each intercepted request, the quota system will evaluate - // its resource usage. It will iterate through each resource consumed - // and if the resource contains any substring in this listing, the - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // that a quota must exist to consume persistent volume claims associated - // with any storage class, the list would include - // ".storageclass.storage.k8s.io/requests.storage" - MatchContains []string `json:"matchContains,omitempty"` - // For each intercepted request, the quota system will figure out if the input object - // satisfies a scope which is present in this listing, then - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // a quota must exist to create a pod with "cluster-services" priorityclass - // the list would include "scopeName=PriorityClass, Operator=In, Value=cluster-services" - // +optional - MatchScopes []v1.ScopedResourceSelectorRequirement `json:"matchScopes,omitempty"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.conversion.go deleted file mode 100644 index c10258d4c4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.conversion.go +++ /dev/null @@ -1,107 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - resourcequota "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*Configuration)(nil), (*resourcequota.Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Configuration_To_resourcequota_Configuration(a.(*Configuration), b.(*resourcequota.Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resourcequota.Configuration)(nil), (*Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resourcequota_Configuration_To_v1_Configuration(a.(*resourcequota.Configuration), b.(*Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*LimitedResource)(nil), (*resourcequota.LimitedResource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LimitedResource_To_resourcequota_LimitedResource(a.(*LimitedResource), b.(*resourcequota.LimitedResource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resourcequota.LimitedResource)(nil), (*LimitedResource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resourcequota_LimitedResource_To_v1_LimitedResource(a.(*resourcequota.LimitedResource), b.(*LimitedResource), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_Configuration_To_resourcequota_Configuration(in *Configuration, out *resourcequota.Configuration, s conversion.Scope) error { - out.LimitedResources = *(*[]resourcequota.LimitedResource)(unsafe.Pointer(&in.LimitedResources)) - return nil -} - -// Convert_v1_Configuration_To_resourcequota_Configuration is an autogenerated conversion function. -func Convert_v1_Configuration_To_resourcequota_Configuration(in *Configuration, out *resourcequota.Configuration, s conversion.Scope) error { - return autoConvert_v1_Configuration_To_resourcequota_Configuration(in, out, s) -} - -func autoConvert_resourcequota_Configuration_To_v1_Configuration(in *resourcequota.Configuration, out *Configuration, s conversion.Scope) error { - out.LimitedResources = *(*[]LimitedResource)(unsafe.Pointer(&in.LimitedResources)) - return nil -} - -// Convert_resourcequota_Configuration_To_v1_Configuration is an autogenerated conversion function. -func Convert_resourcequota_Configuration_To_v1_Configuration(in *resourcequota.Configuration, out *Configuration, s conversion.Scope) error { - return autoConvert_resourcequota_Configuration_To_v1_Configuration(in, out, s) -} - -func autoConvert_v1_LimitedResource_To_resourcequota_LimitedResource(in *LimitedResource, out *resourcequota.LimitedResource, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.MatchContains = *(*[]string)(unsafe.Pointer(&in.MatchContains)) - out.MatchScopes = *(*[]corev1.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchScopes)) - return nil -} - -// Convert_v1_LimitedResource_To_resourcequota_LimitedResource is an autogenerated conversion function. -func Convert_v1_LimitedResource_To_resourcequota_LimitedResource(in *LimitedResource, out *resourcequota.LimitedResource, s conversion.Scope) error { - return autoConvert_v1_LimitedResource_To_resourcequota_LimitedResource(in, out, s) -} - -func autoConvert_resourcequota_LimitedResource_To_v1_LimitedResource(in *resourcequota.LimitedResource, out *LimitedResource, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.MatchContains = *(*[]string)(unsafe.Pointer(&in.MatchContains)) - out.MatchScopes = *(*[]corev1.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchScopes)) - return nil -} - -// Convert_resourcequota_LimitedResource_To_v1_LimitedResource is an autogenerated conversion function. -func Convert_resourcequota_LimitedResource_To_v1_LimitedResource(in *resourcequota.LimitedResource, out *LimitedResource, s conversion.Scope) error { - return autoConvert_resourcequota_LimitedResource_To_v1_LimitedResource(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.deepcopy.go deleted file mode 100644 index 78b750d9a4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,87 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - corev1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.LimitedResources != nil { - in, out := &in.LimitedResources, &out.LimitedResources - *out = make([]LimitedResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitedResource) DeepCopyInto(out *LimitedResource) { - *out = *in - if in.MatchContains != nil { - in, out := &in.MatchContains, &out.MatchContains - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.MatchScopes != nil { - in, out := &in.MatchScopes, &out.MatchScopes - *out = make([]corev1.ScopedResourceSelectorRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitedResource. -func (in *LimitedResource) DeepCopy() *LimitedResource { - if in == nil { - return nil - } - out := new(LimitedResource) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.defaults.go deleted file mode 100644 index 3d3fbb6d8e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1/zz_generated.defaults.go +++ /dev/null @@ -1,38 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&Configuration{}, func(obj interface{}) { SetObjectDefaults_Configuration(obj.(*Configuration)) }) - return nil -} - -func SetObjectDefaults_Configuration(in *Configuration) { - SetDefaults_Configuration(in) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/defaults.go deleted file mode 100644 index ebade2de23..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import kruntime "k8s.io/apimachinery/pkg/runtime" - -func addDefaultingFuncs(scheme *kruntime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_Configuration(obj *Configuration) {} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/doc.go deleted file mode 100644 index b1c83e40df..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota -// +k8s:defaulter-gen=TypeMeta -// +groupName=resourcequota.admission.k8s.io - -// Package v1alpha1 is the v1alpha1 version of the API. -package v1alpha1 // import "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/register.go deleted file mode 100644 index df604f689f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "resourcequota.admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Configuration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/types.go deleted file mode 100644 index 9ea8fe5adb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/types.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the ResourceQuota admission controller. -type Configuration struct { - metav1.TypeMeta `json:",inline"` - - // LimitedResources whose consumption is limited by default. - // +optional - LimitedResources []LimitedResource `json:"limitedResources"` -} - -// LimitedResource matches a resource whose consumption is limited by default. -// To consume the resource, there must exist an associated quota that limits -// its consumption. -type LimitedResource struct { - - // APIGroup is the name of the APIGroup that contains the limited resource. - // +optional - APIGroup string `json:"apiGroup,omitempty"` - - // Resource is the name of the resource this rule applies to. - // For example, if the administrator wants to limit consumption - // of a storage resource associated with persistent volume claims, - // the value would be "persistentvolumeclaims". - Resource string `json:"resource"` - - // For each intercepted request, the quota system will evaluate - // its resource usage. It will iterate through each resource consumed - // and if the resource contains any substring in this listing, the - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // that a quota must exist to consume persistent volume claims associated - // with any storage class, the list would include - // ".storageclass.storage.k8s.io/requests.storage" - MatchContains []string `json:"matchContains,omitempty"` - // For each intercepted request, the quota system will figure out if the input object - // satisfies a scope which is present in this listing, then - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // a quota must exist to create a pod with "cluster-services" priorityclass - // the list would include "scopeName=PriorityClass, Operator=In, Value=cluster-services" - // +optional - MatchScopes []v1.ScopedResourceSelectorRequirement `json:"matchScopes,omitempty"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index af5d59a9aa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,107 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - resourcequota "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*Configuration)(nil), (*resourcequota.Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Configuration_To_resourcequota_Configuration(a.(*Configuration), b.(*resourcequota.Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resourcequota.Configuration)(nil), (*Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resourcequota_Configuration_To_v1alpha1_Configuration(a.(*resourcequota.Configuration), b.(*Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*LimitedResource)(nil), (*resourcequota.LimitedResource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_LimitedResource_To_resourcequota_LimitedResource(a.(*LimitedResource), b.(*resourcequota.LimitedResource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resourcequota.LimitedResource)(nil), (*LimitedResource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resourcequota_LimitedResource_To_v1alpha1_LimitedResource(a.(*resourcequota.LimitedResource), b.(*LimitedResource), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_Configuration_To_resourcequota_Configuration(in *Configuration, out *resourcequota.Configuration, s conversion.Scope) error { - out.LimitedResources = *(*[]resourcequota.LimitedResource)(unsafe.Pointer(&in.LimitedResources)) - return nil -} - -// Convert_v1alpha1_Configuration_To_resourcequota_Configuration is an autogenerated conversion function. -func Convert_v1alpha1_Configuration_To_resourcequota_Configuration(in *Configuration, out *resourcequota.Configuration, s conversion.Scope) error { - return autoConvert_v1alpha1_Configuration_To_resourcequota_Configuration(in, out, s) -} - -func autoConvert_resourcequota_Configuration_To_v1alpha1_Configuration(in *resourcequota.Configuration, out *Configuration, s conversion.Scope) error { - out.LimitedResources = *(*[]LimitedResource)(unsafe.Pointer(&in.LimitedResources)) - return nil -} - -// Convert_resourcequota_Configuration_To_v1alpha1_Configuration is an autogenerated conversion function. -func Convert_resourcequota_Configuration_To_v1alpha1_Configuration(in *resourcequota.Configuration, out *Configuration, s conversion.Scope) error { - return autoConvert_resourcequota_Configuration_To_v1alpha1_Configuration(in, out, s) -} - -func autoConvert_v1alpha1_LimitedResource_To_resourcequota_LimitedResource(in *LimitedResource, out *resourcequota.LimitedResource, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.MatchContains = *(*[]string)(unsafe.Pointer(&in.MatchContains)) - out.MatchScopes = *(*[]v1.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchScopes)) - return nil -} - -// Convert_v1alpha1_LimitedResource_To_resourcequota_LimitedResource is an autogenerated conversion function. -func Convert_v1alpha1_LimitedResource_To_resourcequota_LimitedResource(in *LimitedResource, out *resourcequota.LimitedResource, s conversion.Scope) error { - return autoConvert_v1alpha1_LimitedResource_To_resourcequota_LimitedResource(in, out, s) -} - -func autoConvert_resourcequota_LimitedResource_To_v1alpha1_LimitedResource(in *resourcequota.LimitedResource, out *LimitedResource, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.MatchContains = *(*[]string)(unsafe.Pointer(&in.MatchContains)) - out.MatchScopes = *(*[]v1.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchScopes)) - return nil -} - -// Convert_resourcequota_LimitedResource_To_v1alpha1_LimitedResource is an autogenerated conversion function. -func Convert_resourcequota_LimitedResource_To_v1alpha1_LimitedResource(in *resourcequota.LimitedResource, out *LimitedResource, s conversion.Scope) error { - return autoConvert_resourcequota_LimitedResource_To_v1alpha1_LimitedResource(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index 570901f5d0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,87 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.LimitedResources != nil { - in, out := &in.LimitedResources, &out.LimitedResources - *out = make([]LimitedResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitedResource) DeepCopyInto(out *LimitedResource) { - *out = *in - if in.MatchContains != nil { - in, out := &in.MatchContains, &out.MatchContains - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.MatchScopes != nil { - in, out := &in.MatchScopes, &out.MatchScopes - *out = make([]v1.ScopedResourceSelectorRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitedResource. -func (in *LimitedResource) DeepCopy() *LimitedResource { - if in == nil { - return nil - } - out := new(LimitedResource) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index cc845eda04..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,38 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&Configuration{}, func(obj interface{}) { SetObjectDefaults_Configuration(obj.(*Configuration)) }) - return nil -} - -func SetObjectDefaults_Configuration(in *Configuration) { - SetDefaults_Configuration(in) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/defaults.go deleted file mode 100644 index c56915a588..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import kruntime "k8s.io/apimachinery/pkg/runtime" - -func addDefaultingFuncs(scheme *kruntime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_Configuration(obj *Configuration) {} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/doc.go deleted file mode 100644 index 6d94d774c7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota -// +k8s:defaulter-gen=TypeMeta -// +groupName=resourcequota.admission.k8s.io - -// Package v1beta1 is the v1beta1 version of the API. -package v1beta1 // import "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/register.go deleted file mode 100644 index 0bdbc14f05..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "resourcequota.admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Configuration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/types.go deleted file mode 100644 index 2caf645f75..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/types.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the ResourceQuota admission controller. -type Configuration struct { - metav1.TypeMeta `json:",inline"` - - // LimitedResources whose consumption is limited by default. - // +optional - LimitedResources []LimitedResource `json:"limitedResources"` -} - -// LimitedResource matches a resource whose consumption is limited by default. -// To consume the resource, there must exist an associated quota that limits -// its consumption. -type LimitedResource struct { - - // APIGroup is the name of the APIGroup that contains the limited resource. - // +optional - APIGroup string `json:"apiGroup,omitempty"` - - // Resource is the name of the resource this rule applies to. - // For example, if the administrator wants to limit consumption - // of a storage resource associated with persistent volume claims, - // the value would be "persistentvolumeclaims". - Resource string `json:"resource"` - - // For each intercepted request, the quota system will evaluate - // its resource usage. It will iterate through each resource consumed - // and if the resource contains any substring in this listing, the - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // that a quota must exist to consume persistent volume claims associated - // with any storage class, the list would include - // ".storageclass.storage.k8s.io/requests.storage" - MatchContains []string `json:"matchContains,omitempty"` - // For each intercepted request, the quota system will figure out if the input object - // satisfies a scope which is present in this listing, then - // quota system will ensure that there is a covering quota. In the - // absence of a covering quota, the quota system will deny the request. - // For example, if an administrator wants to globally enforce that - // a quota must exist to create a pod with "cluster-services" priorityclass - // the list would include "scopeName=PriorityClass, Operator=In, Value=cluster-services" - // +optional - MatchScopes []v1.ScopedResourceSelectorRequirement `json:"matchScopes,omitempty"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.conversion.go deleted file mode 100644 index f9ccbf6efb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,107 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - resourcequota "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*Configuration)(nil), (*resourcequota.Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Configuration_To_resourcequota_Configuration(a.(*Configuration), b.(*resourcequota.Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resourcequota.Configuration)(nil), (*Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resourcequota_Configuration_To_v1beta1_Configuration(a.(*resourcequota.Configuration), b.(*Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*LimitedResource)(nil), (*resourcequota.LimitedResource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_LimitedResource_To_resourcequota_LimitedResource(a.(*LimitedResource), b.(*resourcequota.LimitedResource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resourcequota.LimitedResource)(nil), (*LimitedResource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resourcequota_LimitedResource_To_v1beta1_LimitedResource(a.(*resourcequota.LimitedResource), b.(*LimitedResource), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_Configuration_To_resourcequota_Configuration(in *Configuration, out *resourcequota.Configuration, s conversion.Scope) error { - out.LimitedResources = *(*[]resourcequota.LimitedResource)(unsafe.Pointer(&in.LimitedResources)) - return nil -} - -// Convert_v1beta1_Configuration_To_resourcequota_Configuration is an autogenerated conversion function. -func Convert_v1beta1_Configuration_To_resourcequota_Configuration(in *Configuration, out *resourcequota.Configuration, s conversion.Scope) error { - return autoConvert_v1beta1_Configuration_To_resourcequota_Configuration(in, out, s) -} - -func autoConvert_resourcequota_Configuration_To_v1beta1_Configuration(in *resourcequota.Configuration, out *Configuration, s conversion.Scope) error { - out.LimitedResources = *(*[]LimitedResource)(unsafe.Pointer(&in.LimitedResources)) - return nil -} - -// Convert_resourcequota_Configuration_To_v1beta1_Configuration is an autogenerated conversion function. -func Convert_resourcequota_Configuration_To_v1beta1_Configuration(in *resourcequota.Configuration, out *Configuration, s conversion.Scope) error { - return autoConvert_resourcequota_Configuration_To_v1beta1_Configuration(in, out, s) -} - -func autoConvert_v1beta1_LimitedResource_To_resourcequota_LimitedResource(in *LimitedResource, out *resourcequota.LimitedResource, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.MatchContains = *(*[]string)(unsafe.Pointer(&in.MatchContains)) - out.MatchScopes = *(*[]v1.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchScopes)) - return nil -} - -// Convert_v1beta1_LimitedResource_To_resourcequota_LimitedResource is an autogenerated conversion function. -func Convert_v1beta1_LimitedResource_To_resourcequota_LimitedResource(in *LimitedResource, out *resourcequota.LimitedResource, s conversion.Scope) error { - return autoConvert_v1beta1_LimitedResource_To_resourcequota_LimitedResource(in, out, s) -} - -func autoConvert_resourcequota_LimitedResource_To_v1beta1_LimitedResource(in *resourcequota.LimitedResource, out *LimitedResource, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.MatchContains = *(*[]string)(unsafe.Pointer(&in.MatchContains)) - out.MatchScopes = *(*[]v1.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchScopes)) - return nil -} - -// Convert_resourcequota_LimitedResource_To_v1beta1_LimitedResource is an autogenerated conversion function. -func Convert_resourcequota_LimitedResource_To_v1beta1_LimitedResource(in *resourcequota.LimitedResource, out *LimitedResource, s conversion.Scope) error { - return autoConvert_resourcequota_LimitedResource_To_v1beta1_LimitedResource(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 5993495246..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,87 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.LimitedResources != nil { - in, out := &in.LimitedResources, &out.LimitedResources - *out = make([]LimitedResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitedResource) DeepCopyInto(out *LimitedResource) { - *out = *in - if in.MatchContains != nil { - in, out := &in.MatchContains, &out.MatchContains - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.MatchScopes != nil { - in, out := &in.MatchScopes, &out.MatchScopes - *out = make([]v1.ScopedResourceSelectorRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitedResource. -func (in *LimitedResource) DeepCopy() *LimitedResource { - if in == nil { - return nil - } - out := new(LimitedResource) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 3df0f16131..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,38 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&Configuration{}, func(obj interface{}) { SetObjectDefaults_Configuration(obj.(*Configuration)) }) - return nil -} - -func SetObjectDefaults_Configuration(in *Configuration) { - SetDefaults_Configuration(in) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/validation/validation.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/validation/validation.go deleted file mode 100644 index 4b23f0bcaf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/validation/validation.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - resourcequotaapi "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" - - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// ValidateConfiguration validates the configuration. -func ValidateConfiguration(config *resourcequotaapi.Configuration) field.ErrorList { - allErrs := field.ErrorList{} - fldPath := field.NewPath("limitedResources") - for i, limitedResource := range config.LimitedResources { - idxPath := fldPath.Index(i) - if len(limitedResource.Resource) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("resource"), "")) - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/zz_generated.deepcopy.go deleted file mode 100644 index 53e90926b4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/zz_generated.deepcopy.go +++ /dev/null @@ -1,87 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package resourcequota - -import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.LimitedResources != nil { - in, out := &in.LimitedResources, &out.LimitedResources - *out = make([]LimitedResource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitedResource) DeepCopyInto(out *LimitedResource) { - *out = *in - if in.MatchContains != nil { - in, out := &in.MatchContains, &out.MatchContains - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.MatchScopes != nil { - in, out := &in.MatchScopes, &out.MatchScopes - *out = make([]v1.ScopedResourceSelectorRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitedResource. -func (in *LimitedResource) DeepCopy() *LimitedResource { - if in == nil { - return nil - } - out := new(LimitedResource) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/config.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/config.go deleted file mode 100644 index 84f03be255..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/config.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcequota - -import ( - "fmt" - "io" - "io/ioutil" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - resourcequotaapi "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" - "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/install" - resourcequotav1 "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1" -) - -var ( - scheme = runtime.NewScheme() - codecs = serializer.NewCodecFactory(scheme) -) - -func init() { - install.Install(scheme) -} - -// LoadConfiguration loads the provided configuration. -func LoadConfiguration(config io.Reader) (*resourcequotaapi.Configuration, error) { - // if no config is provided, return a default configuration - if config == nil { - externalConfig := &resourcequotav1.Configuration{} - scheme.Default(externalConfig) - internalConfig := &resourcequotaapi.Configuration{} - if err := scheme.Convert(externalConfig, internalConfig, nil); err != nil { - return nil, err - } - return internalConfig, nil - } - // we have a config so parse it. - data, err := ioutil.ReadAll(config) - if err != nil { - return nil, err - } - decoder := codecs.UniversalDecoder() - decodedObj, err := runtime.Decode(decoder, data) - if err != nil { - return nil, err - } - resourceQuotaConfiguration, ok := decodedObj.(*resourcequotaapi.Configuration) - if !ok { - return nil, fmt.Errorf("unexpected type: %T", decodedObj) - } - return resourceQuotaConfiguration, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/controller.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/controller.go deleted file mode 100644 index be6e75fcdb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/controller.go +++ /dev/null @@ -1,726 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcequota - -import ( - "fmt" - "sort" - "strings" - "sync" - "time" - - "k8s.io/klog/v2" - - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/admission" - resourcequotaapi "k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/apiserver/pkg/quota/v1/generic" - "k8s.io/client-go/util/workqueue" -) - -// Evaluator is used to see if quota constraints are satisfied. -type Evaluator interface { - // Evaluate takes an operation and checks to see if quota constraints are satisfied. It returns an error if they are not. - // The default implementation processes related operations in chunks when possible. - Evaluate(a admission.Attributes) error -} - -type quotaEvaluator struct { - quotaAccessor QuotaAccessor - // lockAcquisitionFunc acquires any required locks and returns a cleanup method to defer - lockAcquisitionFunc func([]corev1.ResourceQuota) func() - - ignoredResources map[schema.GroupResource]struct{} - - // registry that knows how to measure usage for objects - registry quota.Registry - - // TODO these are used together to bucket items by namespace and then batch them up for processing. - // The technique is valuable for rollup activities to avoid fanout and reduce resource contention. - // We could move this into a library if another component needed it. - // queue is indexed by namespace, so that we bundle up on a per-namespace basis - queue *workqueue.Type - workLock sync.Mutex - work map[string][]*admissionWaiter - dirtyWork map[string][]*admissionWaiter - inProgress sets.String - - // controls the run method so that we can cleanly conform to the Evaluator interface - workers int - stopCh <-chan struct{} - init sync.Once - - // lets us know what resources are limited by default - config *resourcequotaapi.Configuration -} - -type admissionWaiter struct { - attributes admission.Attributes - finished chan struct{} - result error -} - -type defaultDeny struct{} - -func (defaultDeny) Error() string { - return "DEFAULT DENY" -} - -// IsDefaultDeny returns true if the error is defaultDeny -func IsDefaultDeny(err error) bool { - if err == nil { - return false - } - - _, ok := err.(defaultDeny) - return ok -} - -func newAdmissionWaiter(a admission.Attributes) *admissionWaiter { - return &admissionWaiter{ - attributes: a, - finished: make(chan struct{}), - result: defaultDeny{}, - } -} - -// NewQuotaEvaluator configures an admission controller that can enforce quota constraints -// using the provided registry. The registry must have the capability to handle group/kinds that -// are persisted by the server this admission controller is intercepting -func NewQuotaEvaluator(quotaAccessor QuotaAccessor, ignoredResources map[schema.GroupResource]struct{}, quotaRegistry quota.Registry, lockAcquisitionFunc func([]corev1.ResourceQuota) func(), config *resourcequotaapi.Configuration, workers int, stopCh <-chan struct{}) Evaluator { - // if we get a nil config, just create an empty default. - if config == nil { - config = &resourcequotaapi.Configuration{} - } - - evaluator := &quotaEvaluator{ - quotaAccessor: quotaAccessor, - lockAcquisitionFunc: lockAcquisitionFunc, - - ignoredResources: ignoredResources, - registry: quotaRegistry, - - queue: workqueue.NewNamed("admission_quota_controller"), - work: map[string][]*admissionWaiter{}, - dirtyWork: map[string][]*admissionWaiter{}, - inProgress: sets.String{}, - - workers: workers, - stopCh: stopCh, - config: config, - } - - // The queue underneath is starting a goroutine for metrics - // exportint that is only stopped on calling ShutDown. - // Given that QuotaEvaluator is created for each layer of apiserver - // and often not started for some of those (e.g. aggregated apiserver) - // we explicitly shut it down on stopCh signal even if it wasn't - // effectively started. - go evaluator.shutdownOnStop() - - return evaluator -} - -// start begins watching and syncing. -func (e *quotaEvaluator) start() { - defer utilruntime.HandleCrash() - - for i := 0; i < e.workers; i++ { - go wait.Until(e.doWork, time.Second, e.stopCh) - } -} - -func (e *quotaEvaluator) shutdownOnStop() { - <-e.stopCh - klog.Infof("Shutting down quota evaluator") - e.queue.ShutDown() -} - -func (e *quotaEvaluator) doWork() { - workFunc := func() bool { - ns, admissionAttributes, quit := e.getWork() - if quit { - return true - } - defer e.completeWork(ns) - if len(admissionAttributes) == 0 { - return false - } - e.checkAttributes(ns, admissionAttributes) - return false - } - for { - if quit := workFunc(); quit { - klog.Infof("quota evaluator worker shutdown") - return - } - } -} - -// checkAttributes iterates evaluates all the waiting admissionAttributes. It will always notify all waiters -// before returning. The default is to deny. -func (e *quotaEvaluator) checkAttributes(ns string, admissionAttributes []*admissionWaiter) { - // notify all on exit - defer func() { - for _, admissionAttribute := range admissionAttributes { - close(admissionAttribute.finished) - } - }() - - quotas, err := e.quotaAccessor.GetQuotas(ns) - if err != nil { - for _, admissionAttribute := range admissionAttributes { - admissionAttribute.result = err - } - return - } - // if limited resources are disabled, we can just return safely when there are no quotas. - limitedResourcesDisabled := len(e.config.LimitedResources) == 0 - if len(quotas) == 0 && limitedResourcesDisabled { - for _, admissionAttribute := range admissionAttributes { - admissionAttribute.result = nil - } - return - } - - if e.lockAcquisitionFunc != nil { - releaseLocks := e.lockAcquisitionFunc(quotas) - defer releaseLocks() - } - - e.checkQuotas(quotas, admissionAttributes, 3) -} - -// checkQuotas checks the admission attributes against the passed quotas. If a quota applies, it will attempt to update it -// AFTER it has checked all the admissionAttributes. The method breaks down into phase like this: -// 0. make a copy of the quotas to act as a "running" quota so we know what we need to update and can still compare against the -// originals -// 1. check each admission attribute to see if it fits within *all* the quotas. If it doesn't fit, mark the waiter as failed -// and the running quota don't change. If it did fit, check to see if any quota was changed. It there was no quota change -// mark the waiter as succeeded. If some quota did change, update the running quotas -// 2. If no running quota was changed, return now since no updates are needed. -// 3. for each quota that has changed, attempt an update. If all updates succeeded, update all unset waiters to success status and return. If the some -// updates failed on conflict errors and we have retries left, re-get the failed quota from our cache for the latest version -// and recurse into this method with the subset. It's safe for us to evaluate ONLY the subset, because the other quota -// documents for these waiters have already been evaluated. Step 1, will mark all the ones that should already have succeeded. -func (e *quotaEvaluator) checkQuotas(quotas []corev1.ResourceQuota, admissionAttributes []*admissionWaiter, remainingRetries int) { - // yet another copy to compare against originals to see if we actually have deltas - originalQuotas, err := copyQuotas(quotas) - if err != nil { - utilruntime.HandleError(err) - return - } - - atLeastOneChanged := false - for i := range admissionAttributes { - admissionAttribute := admissionAttributes[i] - newQuotas, err := e.checkRequest(quotas, admissionAttribute.attributes) - if err != nil { - admissionAttribute.result = err - continue - } - - // Don't update quota for admissionAttributes that correspond to dry-run requests - if admissionAttribute.attributes.IsDryRun() { - admissionAttribute.result = nil - continue - } - - // if the new quotas are the same as the old quotas, then this particular one doesn't issue any updates - // that means that no quota docs applied, so it can get a pass - atLeastOneChangeForThisWaiter := false - for j := range newQuotas { - if !quota.Equals(quotas[j].Status.Used, newQuotas[j].Status.Used) { - atLeastOneChanged = true - atLeastOneChangeForThisWaiter = true - break - } - } - - if !atLeastOneChangeForThisWaiter { - admissionAttribute.result = nil - } - - quotas = newQuotas - } - - // if none of the requests changed anything, there's no reason to issue an update, just fail them all now - if !atLeastOneChanged { - return - } - - // now go through and try to issue updates. Things get a little weird here: - // 1. check to see if the quota changed. If not, skip. - // 2. if the quota changed and the update passes, be happy - // 3. if the quota changed and the update fails, add the original to a retry list - var updatedFailedQuotas []corev1.ResourceQuota - var lastErr error - for i := range quotas { - newQuota := quotas[i] - - // if this quota didn't have its status changed, skip it - if quota.Equals(originalQuotas[i].Status.Used, newQuota.Status.Used) { - continue - } - - if err := e.quotaAccessor.UpdateQuotaStatus(&newQuota); err != nil { - updatedFailedQuotas = append(updatedFailedQuotas, newQuota) - lastErr = err - } - } - - if len(updatedFailedQuotas) == 0 { - // all the updates succeeded. At this point, anything with the default deny error was just waiting to - // get a successful update, so we can mark and notify - for _, admissionAttribute := range admissionAttributes { - if IsDefaultDeny(admissionAttribute.result) { - admissionAttribute.result = nil - } - } - return - } - - // at this point, errors are fatal. Update all waiters without status to failed and return - if remainingRetries <= 0 { - for _, admissionAttribute := range admissionAttributes { - if IsDefaultDeny(admissionAttribute.result) { - admissionAttribute.result = lastErr - } - } - return - } - - // this retry logic has the same bug that its possible to be checking against quota in a state that never actually exists where - // you've added a new documented, then updated an old one, your resource matches both and you're only checking one - // updates for these quota names failed. Get the current quotas in the namespace, compare by name, check to see if the - // resource versions have changed. If not, we're going to fall through an fail everything. If they all have, then we can try again - newQuotas, err := e.quotaAccessor.GetQuotas(quotas[0].Namespace) - if err != nil { - // this means that updates failed. Anything with a default deny error has failed and we need to let them know - for _, admissionAttribute := range admissionAttributes { - if IsDefaultDeny(admissionAttribute.result) { - admissionAttribute.result = lastErr - } - } - return - } - - // this logic goes through our cache to find the new version of all quotas that failed update. If something has been removed - // it is skipped on this retry. After all, you removed it. - quotasToCheck := []corev1.ResourceQuota{} - for _, newQuota := range newQuotas { - for _, oldQuota := range updatedFailedQuotas { - if newQuota.Name == oldQuota.Name { - quotasToCheck = append(quotasToCheck, newQuota) - break - } - } - } - e.checkQuotas(quotasToCheck, admissionAttributes, remainingRetries-1) -} - -func copyQuotas(in []corev1.ResourceQuota) ([]corev1.ResourceQuota, error) { - out := make([]corev1.ResourceQuota, 0, len(in)) - for _, quota := range in { - out = append(out, *quota.DeepCopy()) - } - - return out, nil -} - -// filterLimitedResourcesByGroupResource filters the input that match the specified groupResource -func filterLimitedResourcesByGroupResource(input []resourcequotaapi.LimitedResource, groupResource schema.GroupResource) []resourcequotaapi.LimitedResource { - result := []resourcequotaapi.LimitedResource{} - for i := range input { - limitedResource := input[i] - limitedGroupResource := schema.GroupResource{Group: limitedResource.APIGroup, Resource: limitedResource.Resource} - if limitedGroupResource == groupResource { - result = append(result, limitedResource) - } - } - return result -} - -// limitedByDefault determines from the specified usage and limitedResources the set of resources names -// that must be present in a covering quota. It returns empty set if it was unable to determine if -// a resource was not limited by default. -func limitedByDefault(usage corev1.ResourceList, limitedResources []resourcequotaapi.LimitedResource) []corev1.ResourceName { - result := []corev1.ResourceName{} - for _, limitedResource := range limitedResources { - for k, v := range usage { - // if a resource is consumed, we need to check if it matches on the limited resource list. - if v.Sign() == 1 { - // if we get a match, we add it to limited set - for _, matchContain := range limitedResource.MatchContains { - if strings.Contains(string(k), matchContain) { - result = append(result, k) - break - } - } - } - } - } - return result -} - -func getMatchedLimitedScopes(evaluator quota.Evaluator, inputObject runtime.Object, limitedResources []resourcequotaapi.LimitedResource) ([]corev1.ScopedResourceSelectorRequirement, error) { - scopes := []corev1.ScopedResourceSelectorRequirement{} - for _, limitedResource := range limitedResources { - matched, err := evaluator.MatchingScopes(inputObject, limitedResource.MatchScopes) - if err != nil { - klog.ErrorS(err, "Error while matching limited Scopes") - return []corev1.ScopedResourceSelectorRequirement{}, err - } - scopes = append(scopes, matched...) - } - return scopes, nil -} - -// checkRequest verifies that the request does not exceed any quota constraint. it returns a copy of quotas not yet persisted -// that capture what the usage would be if the request succeeded. It return an error if there is insufficient quota to satisfy the request -func (e *quotaEvaluator) checkRequest(quotas []corev1.ResourceQuota, a admission.Attributes) ([]corev1.ResourceQuota, error) { - evaluator := e.registry.Get(a.GetResource().GroupResource()) - if evaluator == nil { - return quotas, nil - } - return CheckRequest(quotas, a, evaluator, e.config.LimitedResources) -} - -// CheckRequest is a static version of quotaEvaluator.checkRequest, possible to be called from outside. -func CheckRequest(quotas []corev1.ResourceQuota, a admission.Attributes, evaluator quota.Evaluator, - limited []resourcequotaapi.LimitedResource) ([]corev1.ResourceQuota, error) { - if !evaluator.Handles(a) { - return quotas, nil - } - - // if we have limited resources enabled for this resource, always calculate usage - inputObject := a.GetObject() - - // Check if object matches AdmissionConfiguration matchScopes - limitedScopes, err := getMatchedLimitedScopes(evaluator, inputObject, limited) - if err != nil { - return quotas, nil - } - - // determine the set of resource names that must exist in a covering quota - limitedResourceNames := []corev1.ResourceName{} - limitedResources := filterLimitedResourcesByGroupResource(limited, a.GetResource().GroupResource()) - if len(limitedResources) > 0 { - deltaUsage, err := evaluator.Usage(inputObject) - if err != nil { - return quotas, err - } - limitedResourceNames = limitedByDefault(deltaUsage, limitedResources) - } - limitedResourceNamesSet := quota.ToSet(limitedResourceNames) - - // find the set of quotas that are pertinent to this request - // reject if we match the quota, but usage is not calculated yet - // reject if the input object does not satisfy quota constraints - // if there are no pertinent quotas, we can just return - interestingQuotaIndexes := []int{} - // track the cumulative set of resources that were required across all quotas - // this is needed to know if we have satisfied any constraints where consumption - // was limited by default. - restrictedResourcesSet := sets.String{} - restrictedScopes := []corev1.ScopedResourceSelectorRequirement{} - for i := range quotas { - resourceQuota := quotas[i] - scopeSelectors := getScopeSelectorsFromQuota(resourceQuota) - localRestrictedScopes, err := evaluator.MatchingScopes(inputObject, scopeSelectors) - if err != nil { - return nil, fmt.Errorf("error matching scopes of quota %s, err: %v", resourceQuota.Name, err) - } - restrictedScopes = append(restrictedScopes, localRestrictedScopes...) - - match, err := evaluator.Matches(&resourceQuota, inputObject) - if err != nil { - klog.ErrorS(err, "Error occurred while matching resource quota against input object", - "resourceQuota", resourceQuota) - return quotas, err - } - if !match { - continue - } - - hardResources := quota.ResourceNames(resourceQuota.Status.Hard) - restrictedResources := evaluator.MatchingResources(hardResources) - if err := evaluator.Constraints(restrictedResources, inputObject); err != nil { - return nil, admission.NewForbidden(a, fmt.Errorf("failed quota: %s: %v", resourceQuota.Name, err)) - } - if !hasUsageStats(&resourceQuota, restrictedResources) { - return nil, admission.NewForbidden(a, fmt.Errorf("status unknown for quota: %s, resources: %s", resourceQuota.Name, prettyPrintResourceNames(restrictedResources))) - } - interestingQuotaIndexes = append(interestingQuotaIndexes, i) - localRestrictedResourcesSet := quota.ToSet(restrictedResources) - restrictedResourcesSet.Insert(localRestrictedResourcesSet.List()...) - } - - // Usage of some resources cannot be counted in isolation. For example, when - // the resource represents a number of unique references to external - // resource. In such a case an evaluator needs to process other objects in - // the same namespace which needs to be known. - namespace := a.GetNamespace() - if accessor, err := meta.Accessor(inputObject); namespace != "" && err == nil { - if accessor.GetNamespace() == "" { - accessor.SetNamespace(namespace) - } - } - // there is at least one quota that definitely matches our object - // as a result, we need to measure the usage of this object for quota - // on updates, we need to subtract the previous measured usage - // if usage shows no change, just return since it has no impact on quota - deltaUsage, err := evaluator.Usage(inputObject) - if err != nil { - return quotas, err - } - - // ensure that usage for input object is never negative (this would mean a resource made a negative resource requirement) - if negativeUsage := quota.IsNegative(deltaUsage); len(negativeUsage) > 0 { - return nil, admission.NewForbidden(a, fmt.Errorf("quota usage is negative for resource(s): %s", prettyPrintResourceNames(negativeUsage))) - } - - if admission.Update == a.GetOperation() { - prevItem := a.GetOldObject() - if prevItem == nil { - return nil, admission.NewForbidden(a, fmt.Errorf("unable to get previous usage since prior version of object was not found")) - } - - // if we can definitively determine that this is not a case of "create on update", - // then charge based on the delta. Otherwise, bill the maximum - metadata, err := meta.Accessor(prevItem) - if err == nil && len(metadata.GetResourceVersion()) > 0 { - prevUsage, innerErr := evaluator.Usage(prevItem) - if innerErr != nil { - return quotas, innerErr - } - deltaUsage = quota.SubtractWithNonNegativeResult(deltaUsage, prevUsage) - } - } - - // ignore items in deltaUsage with zero usage - deltaUsage = quota.RemoveZeros(deltaUsage) - // if there is no remaining non-zero usage, short-circuit and return - if len(deltaUsage) == 0 { - return quotas, nil - } - - // verify that for every resource that had limited by default consumption - // enabled that there was a corresponding quota that covered its use. - // if not, we reject the request. - hasNoCoveringQuota := limitedResourceNamesSet.Difference(restrictedResourcesSet) - if len(hasNoCoveringQuota) > 0 { - return quotas, admission.NewForbidden(a, fmt.Errorf("insufficient quota to consume: %v", strings.Join(hasNoCoveringQuota.List(), ","))) - } - - // verify that for every scope that had limited access enabled - // that there was a corresponding quota that covered it. - // if not, we reject the request. - scopesHasNoCoveringQuota, err := evaluator.UncoveredQuotaScopes(limitedScopes, restrictedScopes) - if err != nil { - return quotas, err - } - if len(scopesHasNoCoveringQuota) > 0 { - return quotas, fmt.Errorf("insufficient quota to match these scopes: %v", scopesHasNoCoveringQuota) - } - - if len(interestingQuotaIndexes) == 0 { - return quotas, nil - } - - outQuotas, err := copyQuotas(quotas) - if err != nil { - return nil, err - } - - for _, index := range interestingQuotaIndexes { - resourceQuota := outQuotas[index] - - hardResources := quota.ResourceNames(resourceQuota.Status.Hard) - requestedUsage := quota.Mask(deltaUsage, hardResources) - newUsage := quota.Add(resourceQuota.Status.Used, requestedUsage) - maskedNewUsage := quota.Mask(newUsage, quota.ResourceNames(requestedUsage)) - - if allowed, exceeded := quota.LessThanOrEqual(maskedNewUsage, resourceQuota.Status.Hard); !allowed { - failedRequestedUsage := quota.Mask(requestedUsage, exceeded) - failedUsed := quota.Mask(resourceQuota.Status.Used, exceeded) - failedHard := quota.Mask(resourceQuota.Status.Hard, exceeded) - return nil, admission.NewForbidden(a, - fmt.Errorf("exceeded quota: %s, requested: %s, used: %s, limited: %s", - resourceQuota.Name, - prettyPrint(failedRequestedUsage), - prettyPrint(failedUsed), - prettyPrint(failedHard))) - } - - // update to the new usage number - outQuotas[index].Status.Used = newUsage - } - - return outQuotas, nil -} - -func getScopeSelectorsFromQuota(quota corev1.ResourceQuota) []corev1.ScopedResourceSelectorRequirement { - selectors := []corev1.ScopedResourceSelectorRequirement{} - for _, scope := range quota.Spec.Scopes { - selectors = append(selectors, corev1.ScopedResourceSelectorRequirement{ - ScopeName: scope, - Operator: corev1.ScopeSelectorOpExists}) - } - if quota.Spec.ScopeSelector != nil { - selectors = append(selectors, quota.Spec.ScopeSelector.MatchExpressions...) - } - return selectors -} - -func (e *quotaEvaluator) Evaluate(a admission.Attributes) error { - e.init.Do(e.start) - - // is this resource ignored? - gvr := a.GetResource() - gr := gvr.GroupResource() - if _, ok := e.ignoredResources[gr]; ok { - return nil - } - - // if we do not know how to evaluate use for this resource, create an evaluator - evaluator := e.registry.Get(gr) - if evaluator == nil { - // create an object count evaluator if no evaluator previously registered - // note, we do not need aggregate usage here, so we pass a nil informer func - evaluator = generic.NewObjectCountEvaluator(gr, nil, "") - e.registry.Add(evaluator) - klog.Infof("quota admission added evaluator for: %s", gr) - } - // for this kind, check if the operation could mutate any quota resources - // if no resources tracked by quota are impacted, then just return - if !evaluator.Handles(a) { - return nil - } - waiter := newAdmissionWaiter(a) - - e.addWork(waiter) - - // wait for completion or timeout - select { - case <-waiter.finished: - case <-time.After(10 * time.Second): - return apierrors.NewInternalError(fmt.Errorf("resource quota evaluation timed out")) - } - - return waiter.result -} - -func (e *quotaEvaluator) addWork(a *admissionWaiter) { - e.workLock.Lock() - defer e.workLock.Unlock() - - ns := a.attributes.GetNamespace() - // this Add can trigger a Get BEFORE the work is added to a list, but this is ok because the getWork routine - // waits the worklock before retrieving the work to do, so the writes in this method will be observed - e.queue.Add(ns) - - if e.inProgress.Has(ns) { - e.dirtyWork[ns] = append(e.dirtyWork[ns], a) - return - } - - e.work[ns] = append(e.work[ns], a) -} - -func (e *quotaEvaluator) completeWork(ns string) { - e.workLock.Lock() - defer e.workLock.Unlock() - - e.queue.Done(ns) - e.work[ns] = e.dirtyWork[ns] - delete(e.dirtyWork, ns) - e.inProgress.Delete(ns) -} - -// getWork returns a namespace, a list of work items in that -// namespace, and a shutdown boolean. If not shutdown then the return -// must eventually be followed by a call on completeWork for the -// returned namespace (regardless of whether the work item list is -// empty). -func (e *quotaEvaluator) getWork() (string, []*admissionWaiter, bool) { - uncastNS, shutdown := e.queue.Get() - if shutdown { - return "", []*admissionWaiter{}, shutdown - } - ns := uncastNS.(string) - - e.workLock.Lock() - defer e.workLock.Unlock() - // at this point, we know we have a coherent view of e.work. It is entirely possible - // that our workqueue has another item requeued to it, but we'll pick it up early. This ok - // because the next time will go into our dirty list - - work := e.work[ns] - delete(e.work, ns) - delete(e.dirtyWork, ns) - e.inProgress.Insert(ns) - return ns, work, false -} - -// prettyPrint formats a resource list for usage in errors -// it outputs resources sorted in increasing order -func prettyPrint(item corev1.ResourceList) string { - parts := []string{} - keys := []string{} - for key := range item { - keys = append(keys, string(key)) - } - sort.Strings(keys) - for _, key := range keys { - value := item[corev1.ResourceName(key)] - constraint := key + "=" + value.String() - parts = append(parts, constraint) - } - return strings.Join(parts, ",") -} - -func prettyPrintResourceNames(a []corev1.ResourceName) string { - values := []string{} - for _, value := range a { - values = append(values, string(value)) - } - sort.Strings(values) - return strings.Join(values, ",") -} - -// hasUsageStats returns true if for each hard constraint in interestingResources there is a value for its current usage -func hasUsageStats(resourceQuota *corev1.ResourceQuota, interestingResources []corev1.ResourceName) bool { - interestingSet := quota.ToSet(interestingResources) - for resourceName := range resourceQuota.Status.Hard { - if !interestingSet.Has(string(resourceName)) { - continue - } - if _, found := resourceQuota.Status.Used[resourceName]; !found { - return false - } - } - return true -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/doc.go deleted file mode 100644 index 4436e33035..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package resourcequota enforces all incoming requests against any applied quota -// in the namespace context of the request -package resourcequota // import "k8s.io/apiserver/pkg/admission/plugin/resourcequota" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/resource_access.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/resource_access.go deleted file mode 100644 index f09b46268c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/resource_access.go +++ /dev/null @@ -1,148 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcequota - -import ( - "context" - "fmt" - "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apiserver/pkg/storage" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/utils/lru" -) - -// QuotaAccessor abstracts the get/set logic from the rest of the Evaluator. This could be a test stub, a straight passthrough, -// or most commonly a series of deconflicting caches. -type QuotaAccessor interface { - // UpdateQuotaStatus is called to persist final status. This method should write to persistent storage. - // An error indicates that write didn't complete successfully. - UpdateQuotaStatus(newQuota *corev1.ResourceQuota) error - - // GetQuotas gets all possible quotas for a given namespace - GetQuotas(namespace string) ([]corev1.ResourceQuota, error) -} - -type quotaAccessor struct { - client kubernetes.Interface - - // lister can list/get quota objects from a shared informer's cache - lister corev1listers.ResourceQuotaLister - - // liveLookups holds the last few live lookups we've done to help ammortize cost on repeated lookup failures. - // This lets us handle the case of latent caches, by looking up actual results for a namespace on cache miss/no results. - // We track the lookup result here so that for repeated requests, we don't look it up very often. - liveLookupCache *lru.Cache - liveTTL time.Duration - // updatedQuotas holds a cache of quotas that we've updated. This is used to pull the "really latest" during back to - // back quota evaluations that touch the same quota doc. This only works because we can compare etcd resourceVersions - // for the same resource as integers. Before this change: 22 updates with 12 conflicts. after this change: 15 updates with 0 conflicts - updatedQuotas *lru.Cache -} - -// newQuotaAccessor creates an object that conforms to the QuotaAccessor interface to be used to retrieve quota objects. -func newQuotaAccessor() (*quotaAccessor, error) { - liveLookupCache := lru.New(100) - updatedCache := lru.New(100) - - // client and lister will be set when SetInternalKubeClientSet and SetInternalKubeInformerFactory are invoked - return &quotaAccessor{ - liveLookupCache: liveLookupCache, - liveTTL: time.Duration(30 * time.Second), - updatedQuotas: updatedCache, - }, nil -} - -func (e *quotaAccessor) UpdateQuotaStatus(newQuota *corev1.ResourceQuota) error { - updatedQuota, err := e.client.CoreV1().ResourceQuotas(newQuota.Namespace).UpdateStatus(context.TODO(), newQuota, metav1.UpdateOptions{}) - if err != nil { - return err - } - - key := newQuota.Namespace + "/" + newQuota.Name - e.updatedQuotas.Add(key, updatedQuota) - return nil -} - -var etcdVersioner = storage.APIObjectVersioner{} - -// checkCache compares the passed quota against the value in the look-aside cache and returns the newer -// if the cache is out of date, it deletes the stale entry. This only works because of etcd resourceVersions -// being monotonically increasing integers -func (e *quotaAccessor) checkCache(quota *corev1.ResourceQuota) *corev1.ResourceQuota { - key := quota.Namespace + "/" + quota.Name - uncastCachedQuota, ok := e.updatedQuotas.Get(key) - if !ok { - return quota - } - cachedQuota := uncastCachedQuota.(*corev1.ResourceQuota) - - if etcdVersioner.CompareResourceVersion(quota, cachedQuota) >= 0 { - e.updatedQuotas.Remove(key) - return quota - } - return cachedQuota -} - -func (e *quotaAccessor) GetQuotas(namespace string) ([]corev1.ResourceQuota, error) { - // determine if there are any quotas in this namespace - // if there are no quotas, we don't need to do anything - items, err := e.lister.ResourceQuotas(namespace).List(labels.Everything()) - if err != nil { - return nil, fmt.Errorf("error resolving quota: %v", err) - } - - // if there are no items held in our indexer, check our live-lookup LRU, if that misses, do the live lookup to prime it. - if len(items) == 0 { - lruItemObj, ok := e.liveLookupCache.Get(namespace) - if !ok || lruItemObj.(liveLookupEntry).expiry.Before(time.Now()) { - // TODO: If there are multiple operations at the same time and cache has just expired, - // this may cause multiple List operations being issued at the same time. - // If there is already in-flight List() for a given namespace, we should wait until - // it is finished and cache is updated instead of doing the same, also to avoid - // throttling - see #22422 for details. - liveList, err := e.client.CoreV1().ResourceQuotas(namespace).List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return nil, err - } - newEntry := liveLookupEntry{expiry: time.Now().Add(e.liveTTL)} - for i := range liveList.Items { - newEntry.items = append(newEntry.items, &liveList.Items[i]) - } - e.liveLookupCache.Add(namespace, newEntry) - lruItemObj = newEntry - } - lruEntry := lruItemObj.(liveLookupEntry) - for i := range lruEntry.items { - items = append(items, lruEntry.items[i]) - } - } - - resourceQuotas := []corev1.ResourceQuota{} - for i := range items { - quota := items[i] - quota = e.checkCache(quota) - // always make a copy. We're going to muck around with this and we should never mutate the originals - resourceQuotas = append(resourceQuotas, *quota) - } - - return resourceQuotas, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/OWNERS deleted file mode 100644 index 6a637d28d5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - jpbetz - - cici37 - - alexzielenski -reviewers: - - jpbetz - - cici37 - - alexzielenski diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/admission.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/admission.go deleted file mode 100644 index acc307630f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/admission.go +++ /dev/null @@ -1,189 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "context" - "errors" - "fmt" - "io" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apiserver/pkg/features" - "k8s.io/client-go/dynamic" - "k8s.io/component-base/featuregate" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" -) - -//////////////////////////////////////////////////////////////////////////////// -// Plugin Definition -//////////////////////////////////////////////////////////////////////////////// - -// Definition for CEL admission plugin. This is the entry point into the -// CEL admission control system. -// -// Each plugin is asked to validate every object update. - -const ( - // PluginName indicates the name of admission plug-in - PluginName = "ValidatingAdmissionPolicy" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewPlugin() - }) -} - -//////////////////////////////////////////////////////////////////////////////// -// Plugin Initialization & Dependency Injection -//////////////////////////////////////////////////////////////////////////////// - -type celAdmissionPlugin struct { - *admission.Handler - evaluator CELPolicyEvaluator - - inspectedFeatureGates bool - enabled bool - - // Injected Dependencies - informerFactory informers.SharedInformerFactory - client kubernetes.Interface - restMapper meta.RESTMapper - dynamicClient dynamic.Interface - stopCh <-chan struct{} -} - -var _ initializer.WantsExternalKubeInformerFactory = &celAdmissionPlugin{} -var _ initializer.WantsExternalKubeClientSet = &celAdmissionPlugin{} -var _ initializer.WantsRESTMapper = &celAdmissionPlugin{} -var _ initializer.WantsDynamicClient = &celAdmissionPlugin{} -var _ initializer.WantsDrainedNotification = &celAdmissionPlugin{} - -var _ admission.InitializationValidator = &celAdmissionPlugin{} -var _ admission.ValidationInterface = &celAdmissionPlugin{} - -func NewPlugin() (admission.Interface, error) { - return &celAdmissionPlugin{ - Handler: admission.NewHandler(admission.Connect, admission.Create, admission.Delete, admission.Update), - }, nil -} - -func (c *celAdmissionPlugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - c.informerFactory = f -} - -func (c *celAdmissionPlugin) SetExternalKubeClientSet(client kubernetes.Interface) { - c.client = client -} - -func (c *celAdmissionPlugin) SetRESTMapper(mapper meta.RESTMapper) { - c.restMapper = mapper -} - -func (c *celAdmissionPlugin) SetDynamicClient(client dynamic.Interface) { - c.dynamicClient = client -} - -func (c *celAdmissionPlugin) SetDrainedNotification(stopCh <-chan struct{}) { - c.stopCh = stopCh -} - -func (c *celAdmissionPlugin) InspectFeatureGates(featureGates featuregate.FeatureGate) { - if featureGates.Enabled(features.ValidatingAdmissionPolicy) { - c.enabled = true - } - c.inspectedFeatureGates = true -} - -// ValidateInitialization - once clientset and informer factory are provided, creates and starts the admission controller -func (c *celAdmissionPlugin) ValidateInitialization() error { - if !c.inspectedFeatureGates { - return fmt.Errorf("%s did not see feature gates", PluginName) - } - if !c.enabled { - return nil - } - if c.informerFactory == nil { - return errors.New("missing informer factory") - } - if c.client == nil { - return errors.New("missing kubernetes client") - } - if c.restMapper == nil { - return errors.New("missing rest mapper") - } - if c.dynamicClient == nil { - return errors.New("missing dynamic client") - } - if c.stopCh == nil { - return errors.New("missing stop channel") - } - c.evaluator = NewAdmissionController(c.informerFactory, c.client, c.restMapper, c.dynamicClient) - if err := c.evaluator.ValidateInitialization(); err != nil { - return err - } - - c.SetReadyFunc(c.evaluator.HasSynced) - go c.evaluator.Run(c.stopCh) - return nil -} - -//////////////////////////////////////////////////////////////////////////////// -// admission.ValidationInterface -//////////////////////////////////////////////////////////////////////////////// - -func (c *celAdmissionPlugin) Handles(operation admission.Operation) bool { - return true -} - -func (c *celAdmissionPlugin) Validate( - ctx context.Context, - a admission.Attributes, - o admission.ObjectInterfaces, -) (err error) { - if !c.enabled { - return nil - } - - // isPolicyResource determines if an admission.Attributes object is describing - // the admission of a ValidatingAdmissionPolicy or a ValidatingAdmissionPolicyBinding - if isPolicyResource(a) { - return - } - - if !c.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - - return c.evaluator.Validate(ctx, a, o) -} - -func isPolicyResource(attr admission.Attributes) bool { - gvk := attr.GetResource() - if gvk.Group == "admissionregistration.k8s.io" { - if gvk.Resource == "validatingadmissionpolicies" || gvk.Resource == "validatingadmissionpolicybindings" { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/compiler.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/compiler.go deleted file mode 100644 index 3767c0d9d1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/compiler.go +++ /dev/null @@ -1,231 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "sync" - - "github.com/google/cel-go/cel" - - apiservercel "k8s.io/apiserver/pkg/cel" - "k8s.io/apiserver/pkg/cel/library" -) - -const ( - ObjectVarName = "object" - OldObjectVarName = "oldObject" - ParamsVarName = "params" - RequestVarName = "request" - - checkFrequency = 100 -) - -type envs struct { - noParams *cel.Env - withParams *cel.Env -} - -var ( - initEnvsOnce sync.Once - initEnvs *envs - initEnvsErr error -) - -func getEnvs() (*envs, error) { - initEnvsOnce.Do(func() { - base, err := buildBaseEnv() - if err != nil { - initEnvsErr = err - return - } - noParams, err := buildNoParamsEnv(base) - if err != nil { - initEnvsErr = err - return - } - withParams, err := buildWithParamsEnv(noParams) - if err != nil { - initEnvsErr = err - return - } - initEnvs = &envs{noParams: noParams, withParams: withParams} - }) - return initEnvs, initEnvsErr -} - -// This is a similar code as in k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/compilation.go -// If any changes are made here, consider to make the same changes there as well. -func buildBaseEnv() (*cel.Env, error) { - var opts []cel.EnvOption - opts = append(opts, cel.HomogeneousAggregateLiterals()) - // Validate function declarations once during base env initialization, - // so they don't need to be evaluated each time a CEL rule is compiled. - // This is a relatively expensive operation. - opts = append(opts, cel.EagerlyValidateDeclarations(true), cel.DefaultUTCTimeZone(true)) - opts = append(opts, library.ExtensionLibs...) - - return cel.NewEnv(opts...) -} - -func buildNoParamsEnv(baseEnv *cel.Env) (*cel.Env, error) { - var propDecls []cel.EnvOption - reg := apiservercel.NewRegistry(baseEnv) - - requestType := buildRequestType() - rt, err := apiservercel.NewRuleTypes(requestType.TypeName(), requestType, reg) - if err != nil { - return nil, err - } - if rt == nil { - return nil, nil - } - opts, err := rt.EnvOptions(baseEnv.TypeProvider()) - if err != nil { - return nil, err - } - propDecls = append(propDecls, cel.Variable(ObjectVarName, cel.DynType)) - propDecls = append(propDecls, cel.Variable(OldObjectVarName, cel.DynType)) - propDecls = append(propDecls, cel.Variable(RequestVarName, requestType.CelType())) - - opts = append(opts, propDecls...) - env, err := baseEnv.Extend(opts...) - if err != nil { - return nil, err - } - return env, nil -} - -func buildWithParamsEnv(noParams *cel.Env) (*cel.Env, error) { - return noParams.Extend(cel.Variable(ParamsVarName, cel.DynType)) -} - -// buildRequestType generates a DeclType for AdmissionRequest. This may be replaced with a utility that -// converts the native type definition to apiservercel.DeclType once such a utility becomes available. -// The 'uid' field is omitted since it is not needed for in-process admission review. -// The 'object' and 'oldObject' fields are omitted since they are exposed as root level CEL variables. -func buildRequestType() *apiservercel.DeclType { - field := func(name string, declType *apiservercel.DeclType, required bool) *apiservercel.DeclField { - return apiservercel.NewDeclField(name, declType, required, nil, nil) - } - fields := func(fields ...*apiservercel.DeclField) map[string]*apiservercel.DeclField { - result := make(map[string]*apiservercel.DeclField, len(fields)) - for _, f := range fields { - result[f.Name] = f - } - return result - } - gvkType := apiservercel.NewObjectType("kubernetes.GroupVersionKind", fields( - field("group", apiservercel.StringType, true), - field("version", apiservercel.StringType, true), - field("kind", apiservercel.StringType, true), - )) - gvrType := apiservercel.NewObjectType("kubernetes.GroupVersionResource", fields( - field("group", apiservercel.StringType, true), - field("version", apiservercel.StringType, true), - field("resource", apiservercel.StringType, true), - )) - userInfoType := apiservercel.NewObjectType("kubernetes.UserInfo", fields( - field("username", apiservercel.StringType, false), - field("uid", apiservercel.StringType, false), - field("groups", apiservercel.NewListType(apiservercel.StringType, -1), false), - field("extra", apiservercel.NewMapType(apiservercel.StringType, apiservercel.NewListType(apiservercel.StringType, -1), -1), false), - )) - return apiservercel.NewObjectType("kubernetes.AdmissionRequest", fields( - field("kind", gvkType, true), - field("resource", gvrType, true), - field("subResource", apiservercel.StringType, false), - field("requestKind", gvkType, true), - field("requestResource", gvrType, true), - field("requestSubResource", apiservercel.StringType, false), - field("name", apiservercel.StringType, true), - field("namespace", apiservercel.StringType, false), - field("operation", apiservercel.StringType, true), - field("userInfo", userInfoType, true), - field("dryRun", apiservercel.BoolType, false), - field("options", apiservercel.DynType, false), - )) -} - -// CompilationResult represents a compiled ValidatingAdmissionPolicy validation expression. -type CompilationResult struct { - Program cel.Program - Error *apiservercel.Error -} - -// CompileValidatingPolicyExpression returns a compiled vaalidating policy CEL expression. -func CompileValidatingPolicyExpression(validationExpression string, hasParams bool) CompilationResult { - var env *cel.Env - envs, err := getEnvs() - if err != nil { - return CompilationResult{ - Error: &apiservercel.Error{ - Type: apiservercel.ErrorTypeInternal, - Detail: "compiler initialization failed: " + err.Error(), - }, - } - } - if hasParams { - env = envs.withParams - } else { - env = envs.noParams - } - - ast, issues := env.Compile(validationExpression) - if issues != nil { - return CompilationResult{ - Error: &apiservercel.Error{ - Type: apiservercel.ErrorTypeInvalid, - Detail: "compilation failed: " + issues.String(), - }, - } - } - if ast.OutputType() != cel.BoolType { - return CompilationResult{ - Error: &apiservercel.Error{ - Type: apiservercel.ErrorTypeInvalid, - Detail: "cel expression must evaluate to a bool", - }, - } - } - - _, err = cel.AstToCheckedExpr(ast) - if err != nil { - // should be impossible since env.Compile returned no issues - return CompilationResult{ - Error: &apiservercel.Error{ - Type: apiservercel.ErrorTypeInternal, - Detail: "unexpected compilation error: " + err.Error(), - }, - } - } - prog, err := env.Program(ast, - cel.EvalOptions(cel.OptOptimize), - cel.OptimizeRegex(library.ExtensionLibRegexOptimizations...), - cel.InterruptCheckFrequency(checkFrequency), - ) - if err != nil { - return CompilationResult{ - Error: &apiservercel.Error{ - Type: apiservercel.ErrorTypeInvalid, - Detail: "program instantiation failed: " + err.Error(), - }, - } - } - return CompilationResult{ - Program: prog, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/controller.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/controller.go deleted file mode 100644 index 4398aa6b13..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/controller.go +++ /dev/null @@ -1,406 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "context" - "errors" - "fmt" - "sync" - "sync/atomic" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching" - - "k8s.io/api/admissionregistration/v1alpha1" - k8serrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - celmetrics "k8s.io/apiserver/pkg/admission/cel" - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" -) - -var _ CELPolicyEvaluator = &celAdmissionController{} - -// celAdmissionController is the top-level controller for admission control using CEL -// it is responsible for watching policy definitions, bindings, and config param CRDs -type celAdmissionController struct { - // Context under which the controller runs - runningContext context.Context - - policyDefinitionsController generic.Controller[*v1alpha1.ValidatingAdmissionPolicy] - policyBindingController generic.Controller[*v1alpha1.ValidatingAdmissionPolicyBinding] - - // dynamicclient used to create informers to watch the param crd types - dynamicClient dynamic.Interface - restMapper meta.RESTMapper - - // Provided to the policy's Compile function as an injected dependency to - // assist with compiling its expressions to CEL - validatorCompiler ValidatorCompiler - - // Lock which protects: - // - definitionInfo - // - bindingInfos - // - paramCRDControllers - // - definitionsToBindings - // All other fields should be assumed constant - mutex sync.RWMutex - - // controller and metadata - paramsCRDControllers map[v1alpha1.ParamKind]*paramInfo - - // Index for each definition namespace/name, contains all binding - // namespace/names known to exist for that definition - definitionInfo map[namespacedName]*definitionInfo - - // Index for each bindings namespace/name. Contains compiled templates - // for the binding depending on the policy/param combination. - bindingInfos map[namespacedName]*bindingInfo - - // Map from namespace/name of a definition to a set of namespace/name - // of bindings which depend on it. - // All keys must have at least one dependent binding - // All binding names MUST exist as a key bindingInfos - definitionsToBindings map[namespacedName]sets.Set[namespacedName] -} - -// namespaceName is used as a key in definitionInfo and bindingInfos -type namespacedName struct { - namespace, name string -} - -type definitionInfo struct { - // Error about the state of the definition's configuration and the cluster - // preventing its enforcement or compilation. - // Reset every reconciliation - configurationError error - - // Last value seen by this controller to be used in policy enforcement - // May not be nil - lastReconciledValue *v1alpha1.ValidatingAdmissionPolicy -} - -type bindingInfo struct { - // Compiled CEL expression turned into an validator - validator atomic.Pointer[Validator] - - // Last value seen by this controller to be used in policy enforcement - // May not be nil - lastReconciledValue *v1alpha1.ValidatingAdmissionPolicyBinding -} - -type paramInfo struct { - // Controller which is watching this param CRD - controller generic.Controller[*unstructured.Unstructured] - - // Function to call to stop the informer and clean up the controller - stop func() - - // Policy Definitions which refer to this param CRD - dependentDefinitions sets.Set[namespacedName] -} - -func NewAdmissionController( - // Injected Dependencies - informerFactory informers.SharedInformerFactory, - client kubernetes.Interface, - restMapper meta.RESTMapper, - dynamicClient dynamic.Interface, -) CELPolicyEvaluator { - matcher := matching.NewMatcher(informerFactory.Core().V1().Namespaces().Lister(), client) - validatorCompiler := &CELValidatorCompiler{ - Matcher: matcher, - } - c := &celAdmissionController{ - definitionInfo: make(map[namespacedName]*definitionInfo), - bindingInfos: make(map[namespacedName]*bindingInfo), - paramsCRDControllers: make(map[v1alpha1.ParamKind]*paramInfo), - definitionsToBindings: make(map[namespacedName]sets.Set[namespacedName]), - dynamicClient: dynamicClient, - validatorCompiler: validatorCompiler, - restMapper: restMapper, - } - - c.policyDefinitionsController = generic.NewController( - generic.NewInformer[*v1alpha1.ValidatingAdmissionPolicy]( - informerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies().Informer()), - c.reconcilePolicyDefinition, - generic.ControllerOptions{ - Workers: 1, - Name: "cel-policy-definitions", - }, - ) - c.policyBindingController = generic.NewController( - generic.NewInformer[*v1alpha1.ValidatingAdmissionPolicyBinding]( - informerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings().Informer()), - c.reconcilePolicyBinding, - generic.ControllerOptions{ - Workers: 1, - Name: "cel-policy-bindings", - }, - ) - return c -} - -func (c *celAdmissionController) Run(stopCh <-chan struct{}) { - if c.runningContext != nil { - return - } - - ctx, cancel := context.WithCancel(context.Background()) - - c.runningContext = ctx - defer func() { - c.runningContext = nil - }() - - wg := sync.WaitGroup{} - - wg.Add(1) - go func() { - defer wg.Done() - c.policyDefinitionsController.Run(ctx) - }() - - wg.Add(1) - go func() { - defer wg.Done() - c.policyBindingController.Run(ctx) - }() - - <-stopCh - cancel() - wg.Wait() -} - -func (c *celAdmissionController) Validate( - ctx context.Context, - a admission.Attributes, - o admission.ObjectInterfaces, -) (err error) { - c.mutex.RLock() - defer c.mutex.RUnlock() - - var deniedDecisions []policyDecisionWithMetadata - - addConfigError := func(err error, definition *v1alpha1.ValidatingAdmissionPolicy, binding *v1alpha1.ValidatingAdmissionPolicyBinding) { - // we always default the FailurePolicy if it is unset and validate it in API level - var policy v1alpha1.FailurePolicyType - if definition.Spec.FailurePolicy == nil { - policy = v1alpha1.Fail - } else { - policy = *definition.Spec.FailurePolicy - } - - // apply FailurePolicy specified in ValidatingAdmissionPolicy, the default would be Fail - switch policy { - case v1alpha1.Ignore: - // TODO: add metrics for ignored error here - return - case v1alpha1.Fail: - var message string - if binding == nil { - message = fmt.Errorf("failed to configure policy: %w", err).Error() - } else { - message = fmt.Errorf("failed to configure binding: %w", err).Error() - } - deniedDecisions = append(deniedDecisions, policyDecisionWithMetadata{ - policyDecision: policyDecision{ - action: actionDeny, - message: message, - }, - definition: definition, - binding: binding, - }) - default: - deniedDecisions = append(deniedDecisions, policyDecisionWithMetadata{ - policyDecision: policyDecision{ - action: actionDeny, - message: fmt.Errorf("unrecognized failure policy: '%v'", policy).Error(), - }, - definition: definition, - binding: binding, - }) - } - } - for definitionNamespacedName, definitionInfo := range c.definitionInfo { - definition := definitionInfo.lastReconciledValue - matches, matchKind, err := c.validatorCompiler.DefinitionMatches(a, o, definition) - if err != nil { - // Configuration error. - addConfigError(err, definition, nil) - continue - } - if !matches { - // Policy definition does not match request - continue - } else if definitionInfo.configurationError != nil { - // Configuration error. - addConfigError(definitionInfo.configurationError, definition, nil) - continue - } - - dependentBindings := c.definitionsToBindings[definitionNamespacedName] - if len(dependentBindings) == 0 { - continue - } - - for namespacedBindingName := range dependentBindings { - // If the key is inside dependentBindings, there is guaranteed to - // be a bindingInfo for it - bindingInfo := c.bindingInfos[namespacedBindingName] - binding := bindingInfo.lastReconciledValue - matches, err := c.validatorCompiler.BindingMatches(a, o, binding) - if err != nil { - // Configuration error. - addConfigError(err, definition, binding) - continue - } - if !matches { - continue - } - - var param *unstructured.Unstructured - - // If definition has paramKind, paramRef is required in binding. - // If definition has no paramKind, paramRef set in binding will be ignored. - paramKind := definition.Spec.ParamKind - paramRef := binding.Spec.ParamRef - if paramKind != nil && paramRef != nil { - - // Find the params referred by the binding by looking its name up - // in our informer for its CRD - paramInfo, ok := c.paramsCRDControllers[*paramKind] - if !ok { - addConfigError(fmt.Errorf("paramKind kind `%v` not known", - paramKind.String()), definition, binding) - continue - } - - // If the param informer for this admission policy has not yet - // had time to perform an initial listing, don't attempt to use - // it. - //!TOOD(alexzielenski): add a wait for a very short amount of - // time for the cache to sync - if !paramInfo.controller.HasSynced() { - addConfigError(fmt.Errorf("paramKind kind `%v` not yet synced to use for admission", - paramKind.String()), definition, binding) - continue - } - - if len(paramRef.Namespace) == 0 { - param, err = paramInfo.controller.Informer().Get(paramRef.Name) - } else { - param, err = paramInfo.controller.Informer().Namespaced(paramRef.Namespace).Get(paramRef.Name) - } - - if err != nil { - // Apply failure policy - addConfigError(err, definition, binding) - - if k8serrors.IsInvalid(err) { - // Param mis-configured - // require to set paramRef.namespace for namespaced resource and unset paramRef.namespace for cluster scoped resource - continue - } else if k8serrors.IsNotFound(err) { - // Param not yet available. User may need to wait a bit - // before being able to use it for validation. - continue - } - - // There was a bad internal error - utilruntime.HandleError(err) - continue - } - } - - validator := bindingInfo.validator.Load() - if validator == nil { - // Compile policy definition using binding - newValidator := c.validatorCompiler.Compile(definition) - validator = &newValidator - - bindingInfo.validator.Store(validator) - } - - decisions, err := (*validator).Validate(a, o, param, matchKind) - if err != nil { - // runtime error. Apply failure policy - wrappedError := fmt.Errorf("failed to evaluate CEL expression: %w", err) - addConfigError(wrappedError, definition, binding) - continue - } - - for _, decision := range decisions { - switch decision.action { - case actionAdmit: - if decision.evaluation == evalError { - celmetrics.Metrics.ObserveAdmissionWithError(ctx, decision.elapsed, definition.Name, binding.Name, "active") - } - case actionDeny: - deniedDecisions = append(deniedDecisions, policyDecisionWithMetadata{ - definition: definition, - binding: binding, - policyDecision: decision, - }) - celmetrics.Metrics.ObserveRejection(ctx, decision.elapsed, definition.Name, binding.Name, "active") - default: - return fmt.Errorf("unrecognized evaluation decision '%s' for ValidatingAdmissionPolicyBinding '%s' with ValidatingAdmissionPolicy '%s'", - decision.action, binding.Name, definition.Name) - } - } - } - } - - if len(deniedDecisions) > 0 { - // TODO: refactor admission.NewForbidden so the name extraction is reusable but the code/reason is customizable - var message string - deniedDecision := deniedDecisions[0] - if deniedDecision.binding != nil { - message = fmt.Sprintf("ValidatingAdmissionPolicy '%s' with binding '%s' denied request: %s", deniedDecision.definition.Name, deniedDecision.binding.Name, deniedDecision.message) - } else { - message = fmt.Sprintf("ValidatingAdmissionPolicy '%s' denied request: %s", deniedDecision.definition.Name, deniedDecision.message) - } - err := admission.NewForbidden(a, errors.New(message)).(*k8serrors.StatusError) - reason := deniedDecision.reason - if len(reason) == 0 { - reason = metav1.StatusReasonInvalid - } - err.ErrStatus.Reason = reason - err.ErrStatus.Code = reasonToCode(reason) - err.ErrStatus.Details.Causes = append(err.ErrStatus.Details.Causes, metav1.StatusCause{Message: message}) - return err - } - return nil -} - -func (c *celAdmissionController) HasSynced() bool { - return c.policyBindingController.HasSynced() && - c.policyDefinitionsController.HasSynced() -} - -func (c *celAdmissionController) ValidateInitialization() error { - return c.validatorCompiler.ValidateInitialization() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/controller_reconcile.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/controller_reconcile.go deleted file mode 100644 index eaf37b471c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/controller_reconcile.go +++ /dev/null @@ -1,233 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "context" - "fmt" - "time" - - "k8s.io/api/admissionregistration/v1alpha1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - celmetrics "k8s.io/apiserver/pkg/admission/cel" - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic" - "k8s.io/client-go/dynamic/dynamicinformer" - "k8s.io/client-go/tools/cache" -) - -func (c *celAdmissionController) reconcilePolicyDefinition(namespace, name string, definition *v1alpha1.ValidatingAdmissionPolicy) error { - c.mutex.Lock() - defer c.mutex.Unlock() - - // Namespace for policydefinition is empty. - nn := getNamespaceName(namespace, name) - info, ok := c.definitionInfo[nn] - if !ok { - info = &definitionInfo{} - c.definitionInfo[nn] = info - // TODO(DangerOnTheRanger): add support for "warn" being a valid enforcementAction - celmetrics.Metrics.ObserveDefinition(context.TODO(), "active", "deny") - } - - var paramSource *v1alpha1.ParamKind - if definition != nil { - paramSource = definition.Spec.ParamKind - } - - // If param source has changed, remove definition as dependent of old params - // If there are no more dependents of old param, stop and clean up controller - if info.lastReconciledValue != nil && info.lastReconciledValue.Spec.ParamKind != nil { - oldParamSource := *info.lastReconciledValue.Spec.ParamKind - - // If we are: - // - switching from having a param to not having a param (includes deletion) - // - or from having a param to a different one - // we remove dependency on the controller. - if paramSource == nil || *paramSource != oldParamSource { - if oldParamInfo, ok := c.paramsCRDControllers[oldParamSource]; ok { - oldParamInfo.dependentDefinitions.Delete(nn) - if len(oldParamInfo.dependentDefinitions) == 0 { - oldParamInfo.stop() - delete(c.paramsCRDControllers, oldParamSource) - } - } - } - } - - // Reset all previously compiled evaluators in case something relevant in - // definition has changed. - for key := range c.definitionsToBindings[nn] { - bindingInfo := c.bindingInfos[key] - bindingInfo.validator.Store(nil) - c.bindingInfos[key] = bindingInfo - } - - if definition == nil { - delete(c.definitionInfo, nn) - return nil - } - - // Update definition info - info.lastReconciledValue = definition - info.configurationError = nil - - if paramSource == nil { - // Skip setting up controller for empty param type - return nil - } - - // find GVR for params - // Parse param source into a GVK - - paramSourceGV, err := schema.ParseGroupVersion(paramSource.APIVersion) - if err != nil { - // Failed to resolve. Return error so we retry again (rate limited) - // Save a record of this definition with an evaluator that unconditionally - info.configurationError = fmt.Errorf("failed to parse apiVersion of paramKind '%v' with error: %w", paramSource.String(), err) - - // Return nil, since this error cannot be resolved by waiting more time - return nil - } - - paramsGVR, err := c.restMapper.RESTMapping(schema.GroupKind{ - Group: paramSourceGV.Group, - Kind: paramSource.Kind, - }, paramSourceGV.Version) - - if err != nil { - // Failed to resolve. Return error so we retry again (rate limited) - // Save a record of this definition with an evaluator that unconditionally - // - info.configurationError = fmt.Errorf("failed to find resource referenced by paramKind: '%v'", paramSourceGV.WithKind(paramSource.Kind)) - return info.configurationError - } - - if info, ok := c.paramsCRDControllers[*paramSource]; ok { - // If a param controller is already active for this paramsource, make - // sure it is tracking this policy's dependency upon it - info.dependentDefinitions.Insert(nn) - - } else { - instanceContext, instanceCancel := context.WithCancel(c.runningContext) - - // Watch for new instances of this policy - informer := dynamicinformer.NewFilteredDynamicInformer( - c.dynamicClient, - paramsGVR.Resource, - corev1.NamespaceAll, - 30*time.Second, - cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, - nil, - ) - - controller := generic.NewController( - generic.NewInformer[*unstructured.Unstructured](informer.Informer()), - c.reconcileParams, - generic.ControllerOptions{ - Workers: 1, - Name: paramSource.String() + "-controller", - }, - ) - - c.paramsCRDControllers[*paramSource] = &paramInfo{ - controller: controller, - stop: instanceCancel, - dependentDefinitions: sets.New(nn), - } - - go informer.Informer().Run(instanceContext.Done()) - go controller.Run(instanceContext) - } - - return nil -} - -func (c *celAdmissionController) reconcilePolicyBinding(namespace, name string, binding *v1alpha1.ValidatingAdmissionPolicyBinding) error { - c.mutex.Lock() - defer c.mutex.Unlock() - - // Namespace for PolicyBinding is empty. In the future a namespaced binding - // may be added - // https://github.com/kubernetes/enhancements/blob/bf5c3c81ea2081d60c1dc7c832faa98479e06209/keps/sig-api-machinery/3488-cel-admission-control/README.md?plain=1#L1042 - nn := getNamespaceName(namespace, name) - info, ok := c.bindingInfos[nn] - if !ok { - info = &bindingInfo{} - c.bindingInfos[nn] = info - } - - var oldNamespacedDefinitionName namespacedName - if info.lastReconciledValue != nil { - // All validating policies are cluster-scoped so have empty namespace - oldNamespacedDefinitionName = getNamespaceName("", info.lastReconciledValue.Spec.PolicyName) - } - - var namespacedDefinitionName namespacedName - if binding != nil { - // All validating policies are cluster-scoped so have empty namespace - namespacedDefinitionName = getNamespaceName("", binding.Spec.PolicyName) - } - - // Remove record of binding from old definition if the referred policy - // has changed - if oldNamespacedDefinitionName != namespacedDefinitionName { - if dependentBindings, ok := c.definitionsToBindings[oldNamespacedDefinitionName]; ok { - dependentBindings.Delete(nn) - - // if there are no more dependent bindings, remove knowledge of the - // definition altogether - if len(dependentBindings) == 0 { - delete(c.definitionsToBindings, oldNamespacedDefinitionName) - } - } - } - - if binding == nil { - delete(c.bindingInfos, nn) - return nil - } - - // Add record of binding to new definition - if dependentBindings, ok := c.definitionsToBindings[namespacedDefinitionName]; ok { - dependentBindings.Insert(nn) - } else { - c.definitionsToBindings[namespacedDefinitionName] = sets.New(nn) - } - - // Remove compiled template for old binding - info.validator.Store(nil) - info.lastReconciledValue = binding - return nil -} - -func (c *celAdmissionController) reconcileParams(namespace, name string, params *unstructured.Unstructured) error { - // Do nothing. - // When we add informational type checking we will need to compile in the - // reconcile loops instead of lazily so we can add compiler errors / type - // checker errors to the status of the resources. - return nil -} - -func getNamespaceName(namespace, name string) namespacedName { - return namespacedName{ - namespace: namespace, - name: name, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/initializer.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/initializer.go deleted file mode 100644 index 563bb69de1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/initializer.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "context" - "k8s.io/apiserver/pkg/admission" -) - -type CELPolicyEvaluator interface { - admission.InitializationValidator - - Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error - HasSynced() bool - Run(stopCh <-chan struct{}) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/interface.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/interface.go deleted file mode 100644 index 217d6bfc47..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/interface.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "k8s.io/api/admissionregistration/v1alpha1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" -) - -// Validator defines the func used to validate the cel expressions -// matchKind provides the GroupVersionKind that the object should be -// validated by CEL expressions as. -type Validator interface { - Validate(a admission.Attributes, o admission.ObjectInterfaces, versionedParams runtime.Object, matchKind schema.GroupVersionKind) ([]policyDecision, error) -} - -// ValidatorCompiler is Dependency Injected into the PolicyDefinition's `Compile` -// function to assist with converting types and values to/from CEL-typed values. -type ValidatorCompiler interface { - admission.InitializationValidator - - // Matches says whether this policy definition matches the provided admission - // resource request - DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicy) (bool, schema.GroupVersionKind, error) - - // Matches says whether this policy definition matches the provided admission - // resource request - BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicyBinding) (bool, error) - - // Compile is used for the cel expression compilation - Compile( - policy *v1alpha1.ValidatingAdmissionPolicy, - ) Validator -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/controller.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/controller.go deleted file mode 100644 index bd5ea818d6..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/controller.go +++ /dev/null @@ -1,272 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "context" - "errors" - "fmt" - "sync" - "time" - - kerrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -var _ Controller[runtime.Object] = &controller[runtime.Object]{} - -type controller[T runtime.Object] struct { - informer Informer[T] - queue workqueue.RateLimitingInterface - - // Returns an error if there was a transient error during reconciliation - // and the object should be tried again later. - reconciler func(namespace, name string, newObj T) error - - options ControllerOptions -} - -type ControllerOptions struct { - Name string - Workers uint -} - -func (c *controller[T]) Informer() Informer[T] { - return c.informer -} - -func NewController[T runtime.Object]( - informer Informer[T], - reconciler func(namepace, name string, newObj T) error, - options ControllerOptions, -) Controller[T] { - if options.Workers == 0 { - options.Workers = 2 - } - - if len(options.Name) == 0 { - options.Name = fmt.Sprintf("%T-controller", *new(T)) - } - - return &controller[T]{ - options: options, - informer: informer, - reconciler: reconciler, - queue: nil, - } -} - -// Runs the controller and returns an error explaining why running was stopped. -// Reconciliation ends as soon as the context completes. If there are events -// waiting to be processed at that itme, they will be dropped. -func (c *controller[T]) Run(ctx context.Context) error { - klog.Infof("starting %s", c.options.Name) - defer klog.Infof("stopping %s", c.options.Name) - - c.queue = workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), c.options.Name) - - // Forcefully shutdown workqueue. Drop any enqueued items. - // Important to do this in a `defer` at the start of `Run`. - // Otherwise, if there are any early returns without calling this, we - // would never shut down the workqueue - defer c.queue.ShutDown() - - enqueue := func(obj interface{}) { - var key string - var err error - if key, err = cache.DeletionHandlingMetaNamespaceKeyFunc(obj); err != nil { - utilruntime.HandleError(err) - return - } - c.queue.Add(key) - } - - registration, err := c.informer.AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { - enqueue(obj) - }, - UpdateFunc: func(oldObj, newObj interface{}) { - oldMeta, err1 := meta.Accessor(oldObj) - newMeta, err2 := meta.Accessor(newObj) - - if err1 != nil || err2 != nil { - if err1 != nil { - utilruntime.HandleError(err1) - } - - if err2 != nil { - utilruntime.HandleError(err2) - } - return - } else if oldMeta.GetResourceVersion() == newMeta.GetResourceVersion() { - if len(oldMeta.GetResourceVersion()) == 0 { - klog.Warningf("%v throwing out update with empty RV. this is likely to happen if a test did not supply a resource version on an updated object", c.options.Name) - } - return - } - - enqueue(newObj) - }, - DeleteFunc: func(obj interface{}) { - // Enqueue - enqueue(obj) - }, - }) - - // Error might be raised if informer was started and stopped already - if err != nil { - return err - } - - // Make sure event handler is removed from informer in case return early from - // an error - defer func() { - // Remove event handler and Handle Error here. Error should only be raised - // for improper usage of event handler API. - if err := c.informer.RemoveEventHandler(registration); err != nil { - utilruntime.HandleError(err) - } - }() - - // Wait for initial cache list to complete before beginning to reconcile - // objects. - if !cache.WaitForNamedCacheSync(c.options.Name, ctx.Done(), c.informer.HasSynced) { - // ctx cancelled during cache sync. return early - err := ctx.Err() - if err == nil { - // if context wasnt cancelled then the sync failed for another reason - err = errors.New("cache sync failed") - } - return err - } - - waitGroup := sync.WaitGroup{} - - for i := uint(0); i < c.options.Workers; i++ { - waitGroup.Add(1) - go func() { - wait.Until(c.runWorker, time.Second, ctx.Done()) - waitGroup.Done() - }() - } - - klog.Infof("Started %v workers for %v", c.options.Workers, c.options.Name) - - // Wait for context cancel. - <-ctx.Done() - - // Forcefully shutdown workqueue. Drop any enqueued items. - c.queue.ShutDown() - - // Workqueue shutdown signals for workers to stop. Wait for all workers to - // clean up - waitGroup.Wait() - - // Only way for workers to ever stop is for caller to cancel the context - return ctx.Err() -} - -func (c *controller[T]) HasSynced() bool { - return c.informer.HasSynced() -} - -func (c *controller[T]) runWorker() { - for { - key, shutdown := c.queue.Get() - if shutdown { - return - } - - // We wrap this block in a func so we can defer c.workqueue.Done. - err := func(obj interface{}) error { - // We call Done here so the workqueue knows we have finished - // processing this item. We also must remember to call Forget if we - // do not want this work item being re-queued. For example, we do - // not call Forget if a transient error occurs, instead the item is - // put back on the workqueue and attempted again after a back-off - // period. - defer c.queue.Done(obj) - var key string - var ok bool - // We expect strings to come off the workqueue. These are of the - // form namespace/name. We do this as the delayed nature of the - // workqueue means the items in the informer cache may actually be - // more up to date that when the item was initially put onto the - // workqueue. - if key, ok = obj.(string); !ok { - // How did an incorrectly formatted key get in the workqueue? - // Done is sufficient. (Forget resets rate limiter for the key, - // but the key is invalid so there is no point in doing that) - return fmt.Errorf("expected string in workqueue but got %#v", obj) - } - - if err := c.reconcile(key); err != nil { - // Put the item back on the workqueue to handle any transient errors. - c.queue.AddRateLimited(key) - return fmt.Errorf("error syncing '%s': %s, requeuing", key, err.Error()) - } - // Finally, if no error occurs we Forget this item so it is allowed - // to be re-enqueued without a long rate limit - c.queue.Forget(obj) - klog.V(4).Infof("syncAdmissionPolicy(%q)", key) - return nil - }(key) - - if err != nil { - utilruntime.HandleError(err) - } - } -} - -func (c *controller[T]) reconcile(key string) error { - var newObj T - var err error - var namespace string - var name string - var lister NamespacedLister[T] - - // Convert the namespace/name string into a distinct namespace and name - namespace, name, err = cache.SplitMetaNamespaceKey(key) - if err != nil { - utilruntime.HandleError(fmt.Errorf("invalid resource key: %s", key)) - return nil - } - - if len(namespace) > 0 { - lister = c.informer.Namespaced(namespace) - } else { - lister = c.informer - } - - newObj, err = lister.Get(name) - if err != nil { - if !kerrors.IsNotFound(err) { - return err - } - - // Deleted object. Inform reconciler with empty - } - - return c.reconciler(namespace, name, newObj) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/doc.go deleted file mode 100644 index 2acfad989f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/doc.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package generic contains a typed wrapper over cache SharedIndexInformer -// and Lister (maybe eventually should have a home there?) -// -// This interface is being experimented with as an easier way to write controllers -// with a bit less boilerplate. -// -// Informer/Lister classes are thin wrappers providing a type-safe interface -// over regular interface{}-based Informers/Listers -// -// Controller[T] provides a reusable way to reconcile objects out of an informer -// using the tried and true controller design pattern found all over k8s -// codebase based upon syncFunc/reconcile -package generic diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/informer.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/informer.go deleted file mode 100644 index 3025aa1953..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/informer.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/cache" -) - -var _ Informer[runtime.Object] = informer[runtime.Object]{} - -type informer[T runtime.Object] struct { - cache.SharedIndexInformer - lister[T] -} - -func NewInformer[T runtime.Object](informe cache.SharedIndexInformer) Informer[T] { - return informer[T]{ - SharedIndexInformer: informe, - lister: NewLister[T](informe.GetIndexer()), - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/interface.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/interface.go deleted file mode 100644 index a17821e777..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "context" - - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/cache" -) - -type Controller[T runtime.Object] interface { - // Meant to be run inside a goroutine - // Waits for and reacts to changes in whatever type the controller - // is concerned with. - // - // Returns an error always non-nil explaining why the worker stopped - Run(ctx context.Context) error - - // Retrieves the informer used to back this controller - Informer() Informer[T] - - // Returns true if the informer cache has synced, and all the objects from - // the initial list have been reconciled at least once. - HasSynced() bool -} - -type NamespacedLister[T any] interface { - // List lists all ValidationRuleSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []T, err error) - // Get retrieves the ValidationRuleSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (T, error) -} - -type Informer[T any] interface { - cache.SharedIndexInformer - Lister[T] -} - -// Lister[T] helps list Ts. -// All objects returned here must be treated as read-only. -type Lister[T any] interface { - NamespacedLister[T] - Namespaced(namespace string) NamespacedLister[T] -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/lister.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/lister.go deleted file mode 100644 index aa6b090324..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic/lister.go +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "fmt" - "net/http" - - kerrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/cache" -) - -var _ Lister[runtime.Object] = lister[runtime.Object]{} - -type namespacedLister[T runtime.Object] struct { - indexer cache.Indexer - namespace string -} - -func (w namespacedLister[T]) List(selector labels.Selector) (ret []T, err error) { - err = cache.ListAllByNamespace(w.indexer, w.namespace, selector, func(m interface{}) { - ret = append(ret, m.(T)) - }) - return ret, err -} - -func (w namespacedLister[T]) Get(name string) (T, error) { - var result T - - obj, exists, err := w.indexer.GetByKey(w.namespace + "/" + name) - if err != nil { - return result, err - } - if !exists { - return result, &kerrors.StatusError{ErrStatus: metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusNotFound, - Reason: metav1.StatusReasonNotFound, - Message: fmt.Sprintf("%s not found", name), - }} - } - result = obj.(T) - return result, nil -} - -type lister[T runtime.Object] struct { - indexer cache.Indexer -} - -func (w lister[T]) List(selector labels.Selector) (ret []T, err error) { - err = cache.ListAll(w.indexer, selector, func(m interface{}) { - ret = append(ret, m.(T)) - }) - return ret, err -} - -func (w lister[T]) Get(name string) (T, error) { - var result T - - obj, exists, err := w.indexer.GetByKey(name) - if err != nil { - return result, err - } - if !exists { - // kerrors.StatusNotFound requires a GroupResource we cannot provide - return result, &kerrors.StatusError{ErrStatus: metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusNotFound, - Reason: metav1.StatusReasonNotFound, - Message: fmt.Sprintf("%s not found", name), - }} - } - result = obj.(T) - return result, nil -} - -func (w lister[T]) Namespaced(namespace string) NamespacedLister[T] { - return namespacedLister[T]{namespace: namespace, indexer: w.indexer} -} - -func NewLister[T runtime.Object](indexer cache.Indexer) lister[T] { - return lister[T]{indexer: indexer} -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching.go deleted file mode 100644 index c4f7e64af2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching/matching.go +++ /dev/null @@ -1,192 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package matching - -import ( - "fmt" - - v1 "k8s.io/api/admissionregistration/v1" - "k8s.io/api/admissionregistration/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - "k8s.io/client-go/kubernetes" - listersv1 "k8s.io/client-go/listers/core/v1" - - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace" - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object" - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules" -) - -type MatchCriteria interface { - namespace.NamespaceSelectorProvider - object.ObjectSelectorProvider - - GetMatchResources() v1alpha1.MatchResources -} - -// Matcher decides if a request matches against matchCriteria -type Matcher struct { - namespaceMatcher *namespace.Matcher - objectMatcher *object.Matcher -} - -// NewMatcher initialize the matcher with dependencies requires -func NewMatcher( - namespaceLister listersv1.NamespaceLister, - client kubernetes.Interface, -) *Matcher { - return &Matcher{ - namespaceMatcher: &namespace.Matcher{ - NamespaceLister: namespaceLister, - Client: client, - }, - objectMatcher: &object.Matcher{}, - } -} - -// ValidateInitialization verify if the matcher is ready before use -func (m *Matcher) ValidateInitialization() error { - if err := m.namespaceMatcher.Validate(); err != nil { - return fmt.Errorf("namespaceMatcher is not properly setup: %v", err) - } - return nil -} - -func (m *Matcher) Matches(attr admission.Attributes, o admission.ObjectInterfaces, criteria MatchCriteria) (bool, schema.GroupVersionKind, error) { - matches, matchNsErr := m.namespaceMatcher.MatchNamespaceSelector(criteria, attr) - // Should not return an error here for policy which do not apply to the request, even if err is an unexpected scenario. - if !matches && matchNsErr == nil { - return false, schema.GroupVersionKind{}, nil - } - - matches, matchObjErr := m.objectMatcher.MatchObjectSelector(criteria, attr) - // Should not return an error here for policy which do not apply to the request, even if err is an unexpected scenario. - if !matches && matchObjErr == nil { - return false, schema.GroupVersionKind{}, nil - } - - matchResources := criteria.GetMatchResources() - matchPolicy := matchResources.MatchPolicy - if isExcluded, _, err := matchesResourceRules(matchResources.ExcludeResourceRules, matchPolicy, attr, o); isExcluded || err != nil { - return false, schema.GroupVersionKind{}, err - } - - var ( - isMatch bool - matchKind schema.GroupVersionKind - matchErr error - ) - if len(matchResources.ResourceRules) == 0 { - isMatch = true - matchKind = attr.GetKind() - } else { - isMatch, matchKind, matchErr = matchesResourceRules(matchResources.ResourceRules, matchPolicy, attr, o) - } - if matchErr != nil { - return false, schema.GroupVersionKind{}, matchErr - } - if !isMatch { - return false, schema.GroupVersionKind{}, nil - } - - // now that we know this applies to this request otherwise, if there were selector errors, return them - if matchNsErr != nil { - return false, schema.GroupVersionKind{}, matchNsErr - } - if matchObjErr != nil { - return false, schema.GroupVersionKind{}, matchObjErr - } - - return true, matchKind, nil -} - -func matchesResourceRules(namedRules []v1alpha1.NamedRuleWithOperations, matchPolicy *v1alpha1.MatchPolicyType, attr admission.Attributes, o admission.ObjectInterfaces) (bool, schema.GroupVersionKind, error) { - matchKind := attr.GetKind() - for _, namedRule := range namedRules { - rule := v1.RuleWithOperations(namedRule.RuleWithOperations) - ruleMatcher := rules.Matcher{ - Rule: rule, - Attr: attr, - } - if !ruleMatcher.Matches() { - continue - } - // an empty name list always matches - if len(namedRule.ResourceNames) == 0 { - return true, matchKind, nil - } - // TODO: GetName() can return an empty string if the user is relying on - // the API server to generate the name... figure out what to do for this edge case - name := attr.GetName() - for _, matchedName := range namedRule.ResourceNames { - if name == matchedName { - return true, matchKind, nil - } - } - } - - // if match policy is undefined or exact, don't perform fuzzy matching - // note that defaulting to fuzzy matching is set by the API - if matchPolicy == nil || *matchPolicy == v1alpha1.Exact { - return false, schema.GroupVersionKind{}, nil - } - - attrWithOverride := &attrWithResourceOverride{Attributes: attr} - equivalents := o.GetEquivalentResourceMapper().EquivalentResourcesFor(attr.GetResource(), attr.GetSubresource()) - for _, namedRule := range namedRules { - for _, equivalent := range equivalents { - if equivalent == attr.GetResource() { - // we have already checked the original resource - continue - } - attrWithOverride.resource = equivalent - rule := v1.RuleWithOperations(namedRule.RuleWithOperations) - m := rules.Matcher{ - Rule: rule, - Attr: attrWithOverride, - } - if !m.Matches() { - continue - } - matchKind = o.GetEquivalentResourceMapper().KindFor(equivalent, attr.GetSubresource()) - if matchKind.Empty() { - return false, schema.GroupVersionKind{}, fmt.Errorf("unable to convert to %v: unknown kind", equivalent) - } - // an empty name list always matches - if len(namedRule.ResourceNames) == 0 { - return true, matchKind, nil - } - - // TODO: GetName() can return an empty string if the user is relying on - // the API server to generate the name... figure out what to do for this edge case - name := attr.GetName() - for _, matchedName := range namedRule.ResourceNames { - if name == matchedName { - return true, matchKind, nil - } - } - } - } - return false, schema.GroupVersionKind{}, nil -} - -type attrWithResourceOverride struct { - admission.Attributes - resource schema.GroupVersionResource -} - -func (a *attrWithResourceOverride) GetResource() schema.GroupVersionResource { return a.resource } diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/policy_decision.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/policy_decision.go deleted file mode 100644 index 1018743705..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/policy_decision.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "net/http" - "time" - - "k8s.io/api/admissionregistration/v1alpha1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -type policyDecisionAction string - -const ( - actionAdmit policyDecisionAction = "admit" - actionDeny policyDecisionAction = "deny" -) - -type policyDecisionEvaluation string - -const ( - evalAdmit policyDecisionEvaluation = "admit" - evalError policyDecisionEvaluation = "error" - evalDeny policyDecisionEvaluation = "deny" -) - -type policyDecision struct { - action policyDecisionAction - evaluation policyDecisionEvaluation - message string - reason metav1.StatusReason - elapsed time.Duration -} - -type policyDecisionWithMetadata struct { - policyDecision - definition *v1alpha1.ValidatingAdmissionPolicy - binding *v1alpha1.ValidatingAdmissionPolicyBinding -} - -func reasonToCode(r metav1.StatusReason) int32 { - switch r { - case metav1.StatusReasonForbidden: - return http.StatusForbidden - case metav1.StatusReasonUnauthorized: - return http.StatusUnauthorized - case metav1.StatusReasonRequestEntityTooLarge: - return http.StatusRequestEntityTooLarge - case metav1.StatusReasonInvalid: - return http.StatusUnprocessableEntity - default: - // It should not reach here since we only allow above reason to be set from API level - return http.StatusUnprocessableEntity - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/validator.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/validator.go deleted file mode 100644 index 033d2e48e1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/validator.go +++ /dev/null @@ -1,318 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "fmt" - "reflect" - "strings" - "time" - - celtypes "github.com/google/cel-go/common/types" - "github.com/google/cel-go/interpreter" - - admissionv1 "k8s.io/api/admission/v1" - "k8s.io/api/admissionregistration/v1alpha1" - authenticationv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" -) - -var _ ValidatorCompiler = &CELValidatorCompiler{} -var _ matching.MatchCriteria = &matchCriteria{} - -type matchCriteria struct { - constraints *v1alpha1.MatchResources -} - -// GetParsedNamespaceSelector returns the converted LabelSelector which implements labels.Selector -func (m *matchCriteria) GetParsedNamespaceSelector() (labels.Selector, error) { - return metav1.LabelSelectorAsSelector(m.constraints.NamespaceSelector) -} - -// GetParsedObjectSelector returns the converted LabelSelector which implements labels.Selector -func (m *matchCriteria) GetParsedObjectSelector() (labels.Selector, error) { - return metav1.LabelSelectorAsSelector(m.constraints.ObjectSelector) -} - -// GetMatchResources returns the matchConstraints -func (m *matchCriteria) GetMatchResources() v1alpha1.MatchResources { - return *m.constraints -} - -// CELValidatorCompiler implement the interface ValidatorCompiler. -type CELValidatorCompiler struct { - Matcher *matching.Matcher -} - -// DefinitionMatches returns whether this ValidatingAdmissionPolicy matches the provided admission resource request -func (c *CELValidatorCompiler) DefinitionMatches(a admission.Attributes, o admission.ObjectInterfaces, definition *v1alpha1.ValidatingAdmissionPolicy) (bool, schema.GroupVersionKind, error) { - criteria := matchCriteria{constraints: definition.Spec.MatchConstraints} - return c.Matcher.Matches(a, o, &criteria) -} - -// BindingMatches returns whether this ValidatingAdmissionPolicyBinding matches the provided admission resource request -func (c *CELValidatorCompiler) BindingMatches(a admission.Attributes, o admission.ObjectInterfaces, binding *v1alpha1.ValidatingAdmissionPolicyBinding) (bool, error) { - if binding.Spec.MatchResources == nil { - return true, nil - } - criteria := matchCriteria{constraints: binding.Spec.MatchResources} - isMatch, _, err := c.Matcher.Matches(a, o, &criteria) - return isMatch, err -} - -// ValidateInitialization checks if Matcher is initialized. -func (c *CELValidatorCompiler) ValidateInitialization() error { - return c.Matcher.ValidateInitialization() -} - -type validationActivation struct { - object, oldObject, params, request interface{} -} - -// ResolveName returns a value from the activation by qualified name, or false if the name -// could not be found. -func (a *validationActivation) ResolveName(name string) (interface{}, bool) { - switch name { - case ObjectVarName: - return a.object, true - case OldObjectVarName: - return a.oldObject, true - case ParamsVarName: - return a.params, true - case RequestVarName: - return a.request, true - default: - return nil, false - } -} - -// Parent returns the parent of the current activation, may be nil. -// If non-nil, the parent will be searched during resolve calls. -func (a *validationActivation) Parent() interpreter.Activation { - return nil -} - -// Compile compiles the cel expression defined in ValidatingAdmissionPolicy -func (c *CELValidatorCompiler) Compile(p *v1alpha1.ValidatingAdmissionPolicy) Validator { - if len(p.Spec.Validations) == 0 { - return nil - } - hasParam := false - if p.Spec.ParamKind != nil { - hasParam = true - } - compilationResults := make([]CompilationResult, len(p.Spec.Validations)) - for i, validation := range p.Spec.Validations { - compilationResults[i] = CompileValidatingPolicyExpression(validation.Expression, hasParam) - } - return &CELValidator{policy: p, compilationResults: compilationResults} -} - -// CELValidator implements the Validator interface -type CELValidator struct { - policy *v1alpha1.ValidatingAdmissionPolicy - compilationResults []CompilationResult -} - -func convertObjectToUnstructured(obj interface{}) (*unstructured.Unstructured, error) { - if obj == nil || reflect.ValueOf(obj).IsNil() { - return &unstructured.Unstructured{Object: nil}, nil - } - ret, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) - if err != nil { - return nil, err - } - return &unstructured.Unstructured{Object: ret}, nil -} - -func objectToResolveVal(r runtime.Object) (interface{}, error) { - if r == nil || reflect.ValueOf(r).IsNil() { - return nil, nil - } - v, err := convertObjectToUnstructured(r) - if err != nil { - return nil, err - } - return v.Object, nil -} - -func policyDecisionActionForError(f v1alpha1.FailurePolicyType) policyDecisionAction { - if f == v1alpha1.Ignore { - return actionAdmit - } - return actionDeny -} - -// Validate validates all cel expressions in Validator and returns a PolicyDecision for each CEL expression or returns an error. -// An error will be returned if failed to convert the object/oldObject/params/request to unstructured. -// Each PolicyDecision will have a decision and a message. -// policyDecision.message will be empty if the decision is allowed and no error met. -func (v *CELValidator) Validate(a admission.Attributes, o admission.ObjectInterfaces, versionedParams runtime.Object, matchKind schema.GroupVersionKind) ([]policyDecision, error) { - // TODO: replace unstructured with ref.Val for CEL variables when native type support is available - - decisions := make([]policyDecision, len(v.compilationResults)) - var err error - versionedAttr, err := generic.NewVersionedAttributes(a, matchKind, o) - if err != nil { - return nil, err - } - oldObjectVal, err := objectToResolveVal(versionedAttr.VersionedOldObject) - if err != nil { - return nil, err - } - objectVal, err := objectToResolveVal(versionedAttr.VersionedObject) - if err != nil { - return nil, err - } - paramsVal, err := objectToResolveVal(versionedParams) - if err != nil { - return nil, err - } - request := createAdmissionRequest(versionedAttr.Attributes) - requestVal, err := convertObjectToUnstructured(request) - if err != nil { - return nil, err - } - va := &validationActivation{ - object: objectVal, - oldObject: oldObjectVal, - params: paramsVal, - request: requestVal.Object, - } - - var f v1alpha1.FailurePolicyType - if v.policy.Spec.FailurePolicy == nil { - f = v1alpha1.Fail - } else { - f = *v.policy.Spec.FailurePolicy - } - - for i, compilationResult := range v.compilationResults { - validation := v.policy.Spec.Validations[i] - - var policyDecision = &decisions[i] - - if compilationResult.Error != nil { - policyDecision.action = policyDecisionActionForError(f) - policyDecision.evaluation = evalError - policyDecision.message = fmt.Sprintf("compilation error: %v", compilationResult.Error) - continue - } - if compilationResult.Program == nil { - policyDecision.action = policyDecisionActionForError(f) - policyDecision.evaluation = evalError - policyDecision.message = "unexpected internal error compiling expression" - continue - } - t1 := time.Now() - evalResult, _, err := compilationResult.Program.Eval(va) - elapsed := time.Since(t1) - policyDecision.elapsed = elapsed - if err != nil { - policyDecision.action = policyDecisionActionForError(f) - policyDecision.evaluation = evalError - policyDecision.message = fmt.Sprintf("expression '%v' resulted in error: %v", v.policy.Spec.Validations[i].Expression, err) - } else if evalResult != celtypes.True { - policyDecision.action = actionDeny - if validation.Reason == nil { - policyDecision.reason = metav1.StatusReasonInvalid - } else { - policyDecision.reason = *validation.Reason - } - if len(validation.Message) > 0 { - policyDecision.message = strings.TrimSpace(validation.Message) - } else { - policyDecision.message = fmt.Sprintf("failed expression: %v", strings.TrimSpace(validation.Expression)) - } - - } else { - policyDecision.action = actionAdmit - policyDecision.evaluation = evalAdmit - } - } - - return decisions, nil -} - -func createAdmissionRequest(attr admission.Attributes) *admissionv1.AdmissionRequest { - // FIXME: how to get resource GVK, GVR and subresource? - gvk := attr.GetKind() - gvr := attr.GetResource() - subresource := attr.GetSubresource() - - requestGVK := attr.GetKind() - requestGVR := attr.GetResource() - requestSubResource := attr.GetSubresource() - - aUserInfo := attr.GetUserInfo() - var userInfo authenticationv1.UserInfo - if aUserInfo != nil { - userInfo = authenticationv1.UserInfo{ - Extra: make(map[string]authenticationv1.ExtraValue), - Groups: aUserInfo.GetGroups(), - UID: aUserInfo.GetUID(), - Username: aUserInfo.GetName(), - } - // Convert the extra information in the user object - for key, val := range aUserInfo.GetExtra() { - userInfo.Extra[key] = authenticationv1.ExtraValue(val) - } - } - - dryRun := attr.IsDryRun() - - return &admissionv1.AdmissionRequest{ - Kind: metav1.GroupVersionKind{ - Group: gvk.Group, - Kind: gvk.Kind, - Version: gvk.Version, - }, - Resource: metav1.GroupVersionResource{ - Group: gvr.Group, - Resource: gvr.Resource, - Version: gvr.Version, - }, - SubResource: subresource, - RequestKind: &metav1.GroupVersionKind{ - Group: requestGVK.Group, - Kind: requestGVK.Kind, - Version: requestGVK.Version, - }, - RequestResource: &metav1.GroupVersionResource{ - Group: requestGVR.Group, - Resource: requestGVR.Resource, - Version: requestGVR.Version, - }, - RequestSubResource: requestSubResource, - Name: attr.GetName(), - Namespace: attr.GetNamespace(), - Operation: admissionv1.Operation(attr.GetOperation()), - UserInfo: userInfo, - // Leave Object and OldObject unset since we don't provide access to them via request - DryRun: &dryRun, - Options: runtime.RawExtension{ - Object: attr.GetOperationOptions(), - }, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go deleted file mode 100644 index bbe355f318..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go +++ /dev/null @@ -1,300 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "sync" - - "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace" - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object" - webhookutil "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/client-go/rest" -) - -// WebhookAccessor provides a common interface to both mutating and validating webhook types. -type WebhookAccessor interface { - // This accessor provides the methods needed to support matching against webhook - // predicates - namespace.NamespaceSelectorProvider - object.ObjectSelectorProvider - - // GetUID gets a string that uniquely identifies the webhook. - GetUID() string - - // GetConfigurationName gets the name of the webhook configuration that owns this webhook. - GetConfigurationName() string - - // GetRESTClient gets the webhook client - GetRESTClient(clientManager *webhookutil.ClientManager) (*rest.RESTClient, error) - - // GetName gets the webhook Name field. Note that the name is scoped to the webhook - // configuration and does not provide a globally unique identity, if a unique identity is - // needed, use GetUID. - GetName() string - // GetClientConfig gets the webhook ClientConfig field. - GetClientConfig() v1.WebhookClientConfig - // GetRules gets the webhook Rules field. - GetRules() []v1.RuleWithOperations - // GetFailurePolicy gets the webhook FailurePolicy field. - GetFailurePolicy() *v1.FailurePolicyType - // GetMatchPolicy gets the webhook MatchPolicy field. - GetMatchPolicy() *v1.MatchPolicyType - // GetNamespaceSelector gets the webhook NamespaceSelector field. - GetNamespaceSelector() *metav1.LabelSelector - // GetObjectSelector gets the webhook ObjectSelector field. - GetObjectSelector() *metav1.LabelSelector - // GetSideEffects gets the webhook SideEffects field. - GetSideEffects() *v1.SideEffectClass - // GetTimeoutSeconds gets the webhook TimeoutSeconds field. - GetTimeoutSeconds() *int32 - // GetAdmissionReviewVersions gets the webhook AdmissionReviewVersions field. - GetAdmissionReviewVersions() []string - - // GetMutatingWebhook if the accessor contains a MutatingWebhook, returns it and true, else returns false. - GetMutatingWebhook() (*v1.MutatingWebhook, bool) - // GetValidatingWebhook if the accessor contains a ValidatingWebhook, returns it and true, else returns false. - GetValidatingWebhook() (*v1.ValidatingWebhook, bool) -} - -// NewMutatingWebhookAccessor creates an accessor for a MutatingWebhook. -func NewMutatingWebhookAccessor(uid, configurationName string, h *v1.MutatingWebhook) WebhookAccessor { - return &mutatingWebhookAccessor{uid: uid, configurationName: configurationName, MutatingWebhook: h} -} - -type mutatingWebhookAccessor struct { - *v1.MutatingWebhook - uid string - configurationName string - - initObjectSelector sync.Once - objectSelector labels.Selector - objectSelectorErr error - - initNamespaceSelector sync.Once - namespaceSelector labels.Selector - namespaceSelectorErr error - - initClient sync.Once - client *rest.RESTClient - clientErr error -} - -func (m *mutatingWebhookAccessor) GetUID() string { - return m.uid -} - -func (m *mutatingWebhookAccessor) GetConfigurationName() string { - return m.configurationName -} - -func (m *mutatingWebhookAccessor) GetRESTClient(clientManager *webhookutil.ClientManager) (*rest.RESTClient, error) { - m.initClient.Do(func() { - m.client, m.clientErr = clientManager.HookClient(hookClientConfigForWebhook(m)) - }) - return m.client, m.clientErr -} - -func (m *mutatingWebhookAccessor) GetParsedNamespaceSelector() (labels.Selector, error) { - m.initNamespaceSelector.Do(func() { - m.namespaceSelector, m.namespaceSelectorErr = metav1.LabelSelectorAsSelector(m.NamespaceSelector) - }) - return m.namespaceSelector, m.namespaceSelectorErr -} - -func (m *mutatingWebhookAccessor) GetParsedObjectSelector() (labels.Selector, error) { - m.initObjectSelector.Do(func() { - m.objectSelector, m.objectSelectorErr = metav1.LabelSelectorAsSelector(m.ObjectSelector) - }) - return m.objectSelector, m.objectSelectorErr -} - -func (m *mutatingWebhookAccessor) GetName() string { - return m.Name -} - -func (m *mutatingWebhookAccessor) GetClientConfig() v1.WebhookClientConfig { - return m.ClientConfig -} - -func (m *mutatingWebhookAccessor) GetRules() []v1.RuleWithOperations { - return m.Rules -} - -func (m *mutatingWebhookAccessor) GetFailurePolicy() *v1.FailurePolicyType { - return m.FailurePolicy -} - -func (m *mutatingWebhookAccessor) GetMatchPolicy() *v1.MatchPolicyType { - return m.MatchPolicy -} - -func (m *mutatingWebhookAccessor) GetNamespaceSelector() *metav1.LabelSelector { - return m.NamespaceSelector -} - -func (m *mutatingWebhookAccessor) GetObjectSelector() *metav1.LabelSelector { - return m.ObjectSelector -} - -func (m *mutatingWebhookAccessor) GetSideEffects() *v1.SideEffectClass { - return m.SideEffects -} - -func (m *mutatingWebhookAccessor) GetTimeoutSeconds() *int32 { - return m.TimeoutSeconds -} - -func (m *mutatingWebhookAccessor) GetAdmissionReviewVersions() []string { - return m.AdmissionReviewVersions -} - -func (m *mutatingWebhookAccessor) GetMutatingWebhook() (*v1.MutatingWebhook, bool) { - return m.MutatingWebhook, true -} - -func (m *mutatingWebhookAccessor) GetValidatingWebhook() (*v1.ValidatingWebhook, bool) { - return nil, false -} - -// NewValidatingWebhookAccessor creates an accessor for a ValidatingWebhook. -func NewValidatingWebhookAccessor(uid, configurationName string, h *v1.ValidatingWebhook) WebhookAccessor { - return &validatingWebhookAccessor{uid: uid, configurationName: configurationName, ValidatingWebhook: h} -} - -type validatingWebhookAccessor struct { - *v1.ValidatingWebhook - uid string - configurationName string - - initObjectSelector sync.Once - objectSelector labels.Selector - objectSelectorErr error - - initNamespaceSelector sync.Once - namespaceSelector labels.Selector - namespaceSelectorErr error - - initClient sync.Once - client *rest.RESTClient - clientErr error -} - -func (v *validatingWebhookAccessor) GetUID() string { - return v.uid -} - -func (v *validatingWebhookAccessor) GetConfigurationName() string { - return v.configurationName -} - -func (v *validatingWebhookAccessor) GetRESTClient(clientManager *webhookutil.ClientManager) (*rest.RESTClient, error) { - v.initClient.Do(func() { - v.client, v.clientErr = clientManager.HookClient(hookClientConfigForWebhook(v)) - }) - return v.client, v.clientErr -} - -func (v *validatingWebhookAccessor) GetParsedNamespaceSelector() (labels.Selector, error) { - v.initNamespaceSelector.Do(func() { - v.namespaceSelector, v.namespaceSelectorErr = metav1.LabelSelectorAsSelector(v.NamespaceSelector) - }) - return v.namespaceSelector, v.namespaceSelectorErr -} - -func (v *validatingWebhookAccessor) GetParsedObjectSelector() (labels.Selector, error) { - v.initObjectSelector.Do(func() { - v.objectSelector, v.objectSelectorErr = metav1.LabelSelectorAsSelector(v.ObjectSelector) - }) - return v.objectSelector, v.objectSelectorErr -} - -func (v *validatingWebhookAccessor) GetName() string { - return v.Name -} - -func (v *validatingWebhookAccessor) GetClientConfig() v1.WebhookClientConfig { - return v.ClientConfig -} - -func (v *validatingWebhookAccessor) GetRules() []v1.RuleWithOperations { - return v.Rules -} - -func (v *validatingWebhookAccessor) GetFailurePolicy() *v1.FailurePolicyType { - return v.FailurePolicy -} - -func (v *validatingWebhookAccessor) GetMatchPolicy() *v1.MatchPolicyType { - return v.MatchPolicy -} - -func (v *validatingWebhookAccessor) GetNamespaceSelector() *metav1.LabelSelector { - return v.NamespaceSelector -} - -func (v *validatingWebhookAccessor) GetObjectSelector() *metav1.LabelSelector { - return v.ObjectSelector -} - -func (v *validatingWebhookAccessor) GetSideEffects() *v1.SideEffectClass { - return v.SideEffects -} - -func (v *validatingWebhookAccessor) GetTimeoutSeconds() *int32 { - return v.TimeoutSeconds -} - -func (v *validatingWebhookAccessor) GetAdmissionReviewVersions() []string { - return v.AdmissionReviewVersions -} - -func (v *validatingWebhookAccessor) GetMutatingWebhook() (*v1.MutatingWebhook, bool) { - return nil, false -} - -func (v *validatingWebhookAccessor) GetValidatingWebhook() (*v1.ValidatingWebhook, bool) { - return v.ValidatingWebhook, true -} - -// hookClientConfigForWebhook construct a webhookutil.ClientConfig using a WebhookAccessor to access -// v1beta1.MutatingWebhook and v1beta1.ValidatingWebhook API objects. webhookutil.ClientConfig is used -// to create a HookClient and the purpose of the config struct is to share that with other packages -// that need to create a HookClient. -func hookClientConfigForWebhook(w WebhookAccessor) webhookutil.ClientConfig { - ret := webhookutil.ClientConfig{Name: w.GetName(), CABundle: w.GetClientConfig().CABundle} - if w.GetClientConfig().URL != nil { - ret.URL = *w.GetClientConfig().URL - } - if w.GetClientConfig().Service != nil { - ret.Service = &webhookutil.ClientConfigService{ - Name: w.GetClientConfig().Service.Name, - Namespace: w.GetClientConfig().Service.Namespace, - } - if w.GetClientConfig().Service.Port != nil { - ret.Service.Port = *w.GetClientConfig().Service.Port - } else { - ret.Service.Port = 443 - } - if w.GetClientConfig().Service.Path != nil { - ret.Service.Path = *w.GetClientConfig().Service.Path - } - } - return ret -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/doc.go deleted file mode 100644 index 63ab310393..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package webhookadmission diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/register.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/register.go deleted file mode 100644 index 2f49b89761..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhookadmission - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -// GroupName is the group name use in this package -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &WebhookAdmission{}, - ) - scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("WebhookAdmissionConfiguration"), - &WebhookAdmission{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/types.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/types.go deleted file mode 100644 index 71ce47b1f4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/types.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhookadmission - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// WebhookAdmission provides configuration for the webhook admission controller. -type WebhookAdmission struct { - metav1.TypeMeta - - // KubeConfigFile is the path to the kubeconfig file. - KubeConfigFile string -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/doc.go deleted file mode 100644 index 92cfed1074..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission -// +k8s:defaulter-gen=TypeMeta -// +groupName=apiserver.config.k8s.io - -// Package v1 is the v1 version of the API. -package v1 diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/register.go deleted file mode 100644 index 4a9c0a689b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypeWithName(SchemeGroupVersion.WithKind("WebhookAdmissionConfiguration"), - &WebhookAdmission{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/types.go deleted file mode 100644 index 632427d7df..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/types.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// WebhookAdmission provides configuration for the webhook admission controller. -type WebhookAdmission struct { - metav1.TypeMeta `json:",inline"` - - // KubeConfigFile is the path to the kubeconfig file. - KubeConfigFile string `json:"kubeConfigFile"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.conversion.go deleted file mode 100644 index 4cf69291b3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.conversion.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - webhookadmission "k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*WebhookAdmission)(nil), (*webhookadmission.WebhookAdmission)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_WebhookAdmission_To_webhookadmission_WebhookAdmission(a.(*WebhookAdmission), b.(*webhookadmission.WebhookAdmission), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*webhookadmission.WebhookAdmission)(nil), (*WebhookAdmission)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_webhookadmission_WebhookAdmission_To_v1_WebhookAdmission(a.(*webhookadmission.WebhookAdmission), b.(*WebhookAdmission), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_WebhookAdmission_To_webhookadmission_WebhookAdmission(in *WebhookAdmission, out *webhookadmission.WebhookAdmission, s conversion.Scope) error { - out.KubeConfigFile = in.KubeConfigFile - return nil -} - -// Convert_v1_WebhookAdmission_To_webhookadmission_WebhookAdmission is an autogenerated conversion function. -func Convert_v1_WebhookAdmission_To_webhookadmission_WebhookAdmission(in *WebhookAdmission, out *webhookadmission.WebhookAdmission, s conversion.Scope) error { - return autoConvert_v1_WebhookAdmission_To_webhookadmission_WebhookAdmission(in, out, s) -} - -func autoConvert_webhookadmission_WebhookAdmission_To_v1_WebhookAdmission(in *webhookadmission.WebhookAdmission, out *WebhookAdmission, s conversion.Scope) error { - out.KubeConfigFile = in.KubeConfigFile - return nil -} - -// Convert_webhookadmission_WebhookAdmission_To_v1_WebhookAdmission is an autogenerated conversion function. -func Convert_webhookadmission_WebhookAdmission_To_v1_WebhookAdmission(in *webhookadmission.WebhookAdmission, out *WebhookAdmission, s conversion.Scope) error { - return autoConvert_webhookadmission_WebhookAdmission_To_v1_WebhookAdmission(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.deepcopy.go deleted file mode 100644 index 839c1fc7ac..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,51 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WebhookAdmission) DeepCopyInto(out *WebhookAdmission) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAdmission. -func (in *WebhookAdmission) DeepCopy() *WebhookAdmission { - if in == nil { - return nil - } - out := new(WebhookAdmission) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *WebhookAdmission) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/doc.go deleted file mode 100644 index 703f467f9f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission -// +k8s:defaulter-gen=TypeMeta -// +groupName=apiserver.config.k8s.io - -// Package v1alpha1 is the v1alpha1 version of the API. -package v1alpha1 diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/register.go deleted file mode 100644 index 56489f7804..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &WebhookAdmission{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/types.go deleted file mode 100644 index a49a6a813e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/types.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// WebhookAdmission provides configuration for the webhook admission controller. -type WebhookAdmission struct { - metav1.TypeMeta `json:",inline"` - - // KubeConfigFile is the path to the kubeconfig file. - KubeConfigFile string `json:"kubeConfigFile"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 66aaecbd86..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - webhookadmission "k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*WebhookAdmission)(nil), (*webhookadmission.WebhookAdmission)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission(a.(*WebhookAdmission), b.(*webhookadmission.WebhookAdmission), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*webhookadmission.WebhookAdmission)(nil), (*WebhookAdmission)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_webhookadmission_WebhookAdmission_To_v1alpha1_WebhookAdmission(a.(*webhookadmission.WebhookAdmission), b.(*WebhookAdmission), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission(in *WebhookAdmission, out *webhookadmission.WebhookAdmission, s conversion.Scope) error { - out.KubeConfigFile = in.KubeConfigFile - return nil -} - -// Convert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission is an autogenerated conversion function. -func Convert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission(in *WebhookAdmission, out *webhookadmission.WebhookAdmission, s conversion.Scope) error { - return autoConvert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission(in, out, s) -} - -func autoConvert_webhookadmission_WebhookAdmission_To_v1alpha1_WebhookAdmission(in *webhookadmission.WebhookAdmission, out *WebhookAdmission, s conversion.Scope) error { - out.KubeConfigFile = in.KubeConfigFile - return nil -} - -// Convert_webhookadmission_WebhookAdmission_To_v1alpha1_WebhookAdmission is an autogenerated conversion function. -func Convert_webhookadmission_WebhookAdmission_To_v1alpha1_WebhookAdmission(in *webhookadmission.WebhookAdmission, out *WebhookAdmission, s conversion.Scope) error { - return autoConvert_webhookadmission_WebhookAdmission_To_v1alpha1_WebhookAdmission(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index f997f4abaf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,51 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WebhookAdmission) DeepCopyInto(out *WebhookAdmission) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAdmission. -func (in *WebhookAdmission) DeepCopy() *WebhookAdmission { - if in == nil { - return nil - } - out := new(WebhookAdmission) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *WebhookAdmission) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/zz_generated.deepcopy.go deleted file mode 100644 index 27c3ede0da..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/zz_generated.deepcopy.go +++ /dev/null @@ -1,51 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package webhookadmission - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WebhookAdmission) DeepCopyInto(out *WebhookAdmission) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAdmission. -func (in *WebhookAdmission) DeepCopy() *WebhookAdmission { - if in == nil { - return nil - } - out := new(WebhookAdmission) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *WebhookAdmission) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/kubeconfig.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/kubeconfig.go deleted file mode 100644 index 78f5312a47..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/kubeconfig.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - "fmt" - "io" - "io/ioutil" - "path" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission" - "k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1" - "k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1" -) - -var ( - scheme = runtime.NewScheme() - codecs = serializer.NewCodecFactory(scheme) -) - -func init() { - utilruntime.Must(webhookadmission.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) -} - -// LoadConfig extract the KubeConfigFile from configFile -func LoadConfig(configFile io.Reader) (string, error) { - var kubeconfigFile string - if configFile != nil { - // we have a config so parse it. - data, err := ioutil.ReadAll(configFile) - if err != nil { - return "", err - } - decoder := codecs.UniversalDecoder() - decodedObj, err := runtime.Decode(decoder, data) - if err != nil { - return "", err - } - config, ok := decodedObj.(*webhookadmission.WebhookAdmission) - if !ok { - return "", fmt.Errorf("unexpected type: %T", decodedObj) - } - - if !path.IsAbs(config.KubeConfigFile) { - return "", field.Invalid(field.NewPath("kubeConfigFile"), config.KubeConfigFile, "must be an absolute file path") - } - - kubeconfigFile = config.KubeConfigFile - } - return kubeconfigFile, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors/doc.go deleted file mode 100644 index 6e86a1b5f2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package errors contains utilities for admission webhook specific errors -package errors // import "k8s.io/apiserver/pkg/admission/plugin/webhook/errors" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors/statuserror.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors/statuserror.go deleted file mode 100644 index 00bbf54d2c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/errors/statuserror.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package errors - -import ( - "fmt" - "net/http" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// ToStatusErr returns a StatusError with information about the webhook plugin -func ToStatusErr(webhookName string, result *metav1.Status) *apierrors.StatusError { - deniedBy := fmt.Sprintf("admission webhook %q denied the request", webhookName) - const noExp = "without explanation" - - if result == nil { - result = &metav1.Status{Status: metav1.StatusFailure} - } - - // Make sure we don't return < 400 status codes along with a rejection - if result.Code < http.StatusBadRequest { - result.Code = http.StatusBadRequest - } - // Make sure we don't return "" or "Success" status along with a rejection - if result.Status == "" || result.Status == metav1.StatusSuccess { - result.Status = metav1.StatusFailure - } - - switch { - case len(result.Message) > 0: - result.Message = fmt.Sprintf("%s: %s", deniedBy, result.Message) - case len(result.Reason) > 0: - result.Message = fmt.Sprintf("%s: %s", deniedBy, result.Reason) - default: - result.Message = fmt.Sprintf("%s %s", deniedBy, noExp) - } - - return &apierrors.StatusError{ - ErrStatus: *result, - } -} - -// NewDryRunUnsupportedErr returns a StatusError with information about the webhook plugin -func NewDryRunUnsupportedErr(webhookName string) *apierrors.StatusError { - reason := fmt.Sprintf("admission webhook %q does not support dry run", webhookName) - return apierrors.NewBadRequest(reason) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/conversion.go deleted file mode 100644 index f0e0ed79c1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/conversion.go +++ /dev/null @@ -1,112 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" -) - -// ConvertToGVK converts object to the desired gvk. -func ConvertToGVK(obj runtime.Object, gvk schema.GroupVersionKind, o admission.ObjectInterfaces) (runtime.Object, error) { - // Unlike other resources, custom resources do not have internal version, so - // if obj is a custom resource, it should not need conversion. - if obj.GetObjectKind().GroupVersionKind() == gvk { - return obj, nil - } - out, err := o.GetObjectCreater().New(gvk) - if err != nil { - return nil, err - } - err = o.GetObjectConvertor().Convert(obj, out, nil) - if err != nil { - return nil, err - } - // Explicitly set the GVK - out.GetObjectKind().SetGroupVersionKind(gvk) - return out, nil -} - -// NewVersionedAttributes returns versioned attributes with the old and new object (if non-nil) converted to the requested kind -func NewVersionedAttributes(attr admission.Attributes, gvk schema.GroupVersionKind, o admission.ObjectInterfaces) (*VersionedAttributes, error) { - // convert the old and new objects to the requested version - versionedAttr := &VersionedAttributes{ - Attributes: attr, - VersionedKind: gvk, - } - if oldObj := attr.GetOldObject(); oldObj != nil { - out, err := ConvertToGVK(oldObj, gvk, o) - if err != nil { - return nil, err - } - versionedAttr.VersionedOldObject = out - } - if obj := attr.GetObject(); obj != nil { - out, err := ConvertToGVK(obj, gvk, o) - if err != nil { - return nil, err - } - versionedAttr.VersionedObject = out - } - return versionedAttr, nil -} - -// ConvertVersionedAttributes converts VersionedObject and VersionedOldObject to the specified kind, if needed. -// If attr.VersionedKind already matches the requested kind, no conversion is performed. -// If conversion is required: -// * attr.VersionedObject is used as the source for the new object if Dirty=true (and is round-tripped through attr.Attributes.Object, clearing Dirty in the process) -// * attr.Attributes.Object is used as the source for the new object if Dirty=false -// * attr.Attributes.OldObject is used as the source for the old object -func ConvertVersionedAttributes(attr *VersionedAttributes, gvk schema.GroupVersionKind, o admission.ObjectInterfaces) error { - // we already have the desired kind, we're done - if attr.VersionedKind == gvk { - return nil - } - - // convert the original old object to the desired GVK - if oldObj := attr.Attributes.GetOldObject(); oldObj != nil { - out, err := ConvertToGVK(oldObj, gvk, o) - if err != nil { - return err - } - attr.VersionedOldObject = out - } - - if attr.VersionedObject != nil { - // convert the existing versioned object to internal - if attr.Dirty { - err := o.GetObjectConvertor().Convert(attr.VersionedObject, attr.Attributes.GetObject(), nil) - if err != nil { - return err - } - } - - // and back to external - out, err := ConvertToGVK(attr.Attributes.GetObject(), gvk, o) - if err != nil { - return err - } - attr.VersionedObject = out - } - - // Remember we converted to this version - attr.VersionedKind = gvk - attr.Dirty = false - - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/interfaces.go deleted file mode 100644 index 4381691ef8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/interfaces.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/plugin/webhook" -) - -// Source can list dynamic webhook plugins. -type Source interface { - Webhooks() []webhook.WebhookAccessor - HasSynced() bool -} - -// VersionedAttributes is a wrapper around the original admission attributes, adding versioned -// variants of the object and old object. -type VersionedAttributes struct { - // Attributes holds the original admission attributes - admission.Attributes - // VersionedOldObject holds Attributes.OldObject (if non-nil), converted to VersionedKind. - // It must never be mutated. - VersionedOldObject runtime.Object - // VersionedObject holds Attributes.Object (if non-nil), converted to VersionedKind. - // If mutated, Dirty must be set to true by the mutator. - VersionedObject runtime.Object - // VersionedKind holds the fully qualified kind - VersionedKind schema.GroupVersionKind - // Dirty indicates VersionedObject has been modified since being converted from Attributes.Object - Dirty bool -} - -// GetObject overrides the Attributes.GetObject() -func (v *VersionedAttributes) GetObject() runtime.Object { - if v.VersionedObject != nil { - return v.VersionedObject - } - return v.Attributes.GetObject() -} - -// WebhookInvocation describes how to call a webhook, including the resource and subresource the webhook registered for, -// and the kind that should be sent to the webhook. -type WebhookInvocation struct { - Webhook webhook.WebhookAccessor - Resource schema.GroupVersionResource - Subresource string - Kind schema.GroupVersionKind -} - -// Dispatcher dispatches webhook call to a list of webhooks with admission attributes as argument. -type Dispatcher interface { - // Dispatch a request to the webhooks. Dispatcher may choose not to - // call a hook, either because the rules of the hook does not match, or - // the namespaceSelector or the objectSelector of the hook does not - // match. A non-nil error means the request is rejected. - Dispatch(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces, hooks []webhook.WebhookAccessor) error -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go deleted file mode 100644 index 52df53af82..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go +++ /dev/null @@ -1,230 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "context" - "fmt" - "io" - - admissionv1 "k8s.io/api/admission/v1" - admissionv1beta1 "k8s.io/api/admission/v1beta1" - "k8s.io/api/admissionregistration/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - genericadmissioninit "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/apiserver/pkg/admission/plugin/webhook" - "k8s.io/apiserver/pkg/admission/plugin/webhook/config" - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace" - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object" - "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules" - webhookutil "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/client-go/informers" - clientset "k8s.io/client-go/kubernetes" -) - -// Webhook is an abstract admission plugin with all the infrastructure to define Admit or Validate on-top. -type Webhook struct { - *admission.Handler - - sourceFactory sourceFactory - - hookSource Source - clientManager *webhookutil.ClientManager - namespaceMatcher *namespace.Matcher - objectMatcher *object.Matcher - dispatcher Dispatcher -} - -var ( - _ genericadmissioninit.WantsExternalKubeClientSet = &Webhook{} - _ admission.Interface = &Webhook{} -) - -type sourceFactory func(f informers.SharedInformerFactory) Source -type dispatcherFactory func(cm *webhookutil.ClientManager) Dispatcher - -// NewWebhook creates a new generic admission webhook. -func NewWebhook(handler *admission.Handler, configFile io.Reader, sourceFactory sourceFactory, dispatcherFactory dispatcherFactory) (*Webhook, error) { - kubeconfigFile, err := config.LoadConfig(configFile) - if err != nil { - return nil, err - } - - cm, err := webhookutil.NewClientManager( - []schema.GroupVersion{ - admissionv1beta1.SchemeGroupVersion, - admissionv1.SchemeGroupVersion, - }, - admissionv1beta1.AddToScheme, - admissionv1.AddToScheme, - ) - if err != nil { - return nil, err - } - authInfoResolver, err := webhookutil.NewDefaultAuthenticationInfoResolver(kubeconfigFile) - if err != nil { - return nil, err - } - // Set defaults which may be overridden later. - cm.SetAuthenticationInfoResolver(authInfoResolver) - cm.SetServiceResolver(webhookutil.NewDefaultServiceResolver()) - - return &Webhook{ - Handler: handler, - sourceFactory: sourceFactory, - clientManager: &cm, - namespaceMatcher: &namespace.Matcher{}, - objectMatcher: &object.Matcher{}, - dispatcher: dispatcherFactory(&cm), - }, nil -} - -// SetAuthenticationInfoResolverWrapper sets the -// AuthenticationInfoResolverWrapper. -// TODO find a better way wire this, but keep this pull small for now. -func (a *Webhook) SetAuthenticationInfoResolverWrapper(wrapper webhookutil.AuthenticationInfoResolverWrapper) { - a.clientManager.SetAuthenticationInfoResolverWrapper(wrapper) -} - -// SetServiceResolver sets a service resolver for the webhook admission plugin. -// Passing a nil resolver does not have an effect, instead a default one will be used. -func (a *Webhook) SetServiceResolver(sr webhookutil.ServiceResolver) { - a.clientManager.SetServiceResolver(sr) -} - -// SetExternalKubeClientSet implements the WantsExternalKubeInformerFactory interface. -// It sets external ClientSet for admission plugins that need it -func (a *Webhook) SetExternalKubeClientSet(client clientset.Interface) { - a.namespaceMatcher.Client = client -} - -// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface. -func (a *Webhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - namespaceInformer := f.Core().V1().Namespaces() - a.namespaceMatcher.NamespaceLister = namespaceInformer.Lister() - a.hookSource = a.sourceFactory(f) - a.SetReadyFunc(func() bool { - return namespaceInformer.Informer().HasSynced() && a.hookSource.HasSynced() - }) -} - -// ValidateInitialization implements the InitializationValidator interface. -func (a *Webhook) ValidateInitialization() error { - if a.hookSource == nil { - return fmt.Errorf("kubernetes client is not properly setup") - } - if err := a.namespaceMatcher.Validate(); err != nil { - return fmt.Errorf("namespaceMatcher is not properly setup: %v", err) - } - if err := a.clientManager.Validate(); err != nil { - return fmt.Errorf("clientManager is not properly setup: %v", err) - } - return nil -} - -// ShouldCallHook returns invocation details if the webhook should be called, nil if the webhook should not be called, -// or an error if an error was encountered during evaluation. -func (a *Webhook) ShouldCallHook(h webhook.WebhookAccessor, attr admission.Attributes, o admission.ObjectInterfaces) (*WebhookInvocation, *apierrors.StatusError) { - matches, matchNsErr := a.namespaceMatcher.MatchNamespaceSelector(h, attr) - // Should not return an error here for webhooks which do not apply to the request, even if err is an unexpected scenario. - if !matches && matchNsErr == nil { - return nil, nil - } - - // Should not return an error here for webhooks which do not apply to the request, even if err is an unexpected scenario. - matches, matchObjErr := a.objectMatcher.MatchObjectSelector(h, attr) - if !matches && matchObjErr == nil { - return nil, nil - } - - var invocation *WebhookInvocation - for _, r := range h.GetRules() { - m := rules.Matcher{Rule: r, Attr: attr} - if m.Matches() { - invocation = &WebhookInvocation{ - Webhook: h, - Resource: attr.GetResource(), - Subresource: attr.GetSubresource(), - Kind: attr.GetKind(), - } - break - } - } - if invocation == nil && h.GetMatchPolicy() != nil && *h.GetMatchPolicy() == v1.Equivalent { - attrWithOverride := &attrWithResourceOverride{Attributes: attr} - equivalents := o.GetEquivalentResourceMapper().EquivalentResourcesFor(attr.GetResource(), attr.GetSubresource()) - // honor earlier rules first - OuterLoop: - for _, r := range h.GetRules() { - // see if the rule matches any of the equivalent resources - for _, equivalent := range equivalents { - if equivalent == attr.GetResource() { - // exclude attr.GetResource(), which we already checked - continue - } - attrWithOverride.resource = equivalent - m := rules.Matcher{Rule: r, Attr: attrWithOverride} - if m.Matches() { - kind := o.GetEquivalentResourceMapper().KindFor(equivalent, attr.GetSubresource()) - if kind.Empty() { - return nil, apierrors.NewInternalError(fmt.Errorf("unable to convert to %v: unknown kind", equivalent)) - } - invocation = &WebhookInvocation{ - Webhook: h, - Resource: equivalent, - Subresource: attr.GetSubresource(), - Kind: kind, - } - break OuterLoop - } - } - } - } - - if invocation == nil { - return nil, nil - } - if matchNsErr != nil { - return nil, matchNsErr - } - if matchObjErr != nil { - return nil, matchObjErr - } - - return invocation, nil -} - -type attrWithResourceOverride struct { - admission.Attributes - resource schema.GroupVersionResource -} - -func (a *attrWithResourceOverride) GetResource() schema.GroupVersionResource { return a.resource } - -// Dispatch is called by the downstream Validate or Admit methods. -func (a *Webhook) Dispatch(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error { - if rules.IsExemptAdmissionConfigurationResource(attr) { - return nil - } - if !a.WaitForReady() { - return admission.NewForbidden(attr, fmt.Errorf("not yet ready to handle request")) - } - hooks := a.hookSource.Webhooks() - return a.dispatcher.Dispatch(ctx, attr, o, hooks) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/initializer/initializer.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/initializer/initializer.go deleted file mode 100644 index 2e821aad21..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/initializer/initializer.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package initializer - -import ( - "net/url" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/util/webhook" -) - -// WantsServiceResolver defines a function that accepts a ServiceResolver for -// admission plugins that need to make calls to services. -type WantsServiceResolver interface { - SetServiceResolver(webhook.ServiceResolver) -} - -// ServiceResolver knows how to convert a service reference into an actual -// location. -type ServiceResolver interface { - ResolveEndpoint(namespace, name string, port int32) (*url.URL, error) -} - -// WantsAuthenticationInfoResolverWrapper defines a function that wraps the standard AuthenticationInfoResolver -// to allow the apiserver to control what is returned as auth info -type WantsAuthenticationInfoResolverWrapper interface { - SetAuthenticationInfoResolverWrapper(wrapper webhook.AuthenticationInfoResolverWrapper) - admission.InitializationValidator -} - -// PluginInitializer is used for initialization of the webhook admission plugin. -type PluginInitializer struct { - serviceResolver webhook.ServiceResolver - authenticationInfoResolverWrapper webhook.AuthenticationInfoResolverWrapper -} - -var _ admission.PluginInitializer = &PluginInitializer{} - -// NewPluginInitializer constructs new instance of PluginInitializer -func NewPluginInitializer( - authenticationInfoResolverWrapper webhook.AuthenticationInfoResolverWrapper, - serviceResolver webhook.ServiceResolver, -) *PluginInitializer { - return &PluginInitializer{ - authenticationInfoResolverWrapper: authenticationInfoResolverWrapper, - serviceResolver: serviceResolver, - } -} - -// Initialize checks the initialization interfaces implemented by each plugin -// and provide the appropriate initialization data -func (i *PluginInitializer) Initialize(plugin admission.Interface) { - if wants, ok := plugin.(WantsServiceResolver); ok { - wants.SetServiceResolver(i.serviceResolver) - } - - if wants, ok := plugin.(WantsAuthenticationInfoResolverWrapper); ok { - if i.authenticationInfoResolverWrapper != nil { - wants.SetAuthenticationInfoResolverWrapper(i.authenticationInfoResolverWrapper) - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go deleted file mode 100644 index cadf753e3c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go +++ /dev/null @@ -1,467 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package mutating delegates admission checks to dynamically configured -// mutating webhooks. -package mutating - -import ( - "context" - "fmt" - "time" - - jsonpatch "github.com/evanphx/json-patch" - "go.opentelemetry.io/otel/attribute" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/klog/v2" - - admissionv1 "k8s.io/api/admission/v1" - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer/json" - utiljson "k8s.io/apimachinery/pkg/util/json" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/admission" - admissionmetrics "k8s.io/apiserver/pkg/admission/metrics" - "k8s.io/apiserver/pkg/admission/plugin/webhook" - webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" - webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - endpointsrequest "k8s.io/apiserver/pkg/endpoints/request" - webhookutil "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/apiserver/pkg/warning" - "k8s.io/component-base/tracing" -) - -const ( - // PatchAuditAnnotationPrefix is a prefix for persisting webhook patch in audit annotation. - // Audit handler decides whether annotation with this prefix should be logged based on audit level. - // Since mutating webhook patches the request body, audit level must be greater or equal to Request - // for the annotation to be logged - PatchAuditAnnotationPrefix = "patch.webhook.admission.k8s.io/" - // MutationAuditAnnotationPrefix is a prefix for presisting webhook mutation existence in audit annotation. - MutationAuditAnnotationPrefix = "mutation.webhook.admission.k8s.io/" - // MutationAnnotationFailedOpenKeyPrefix in an annotation indicates - // the mutating webhook failed open when the webhook backend connection - // failed or returned an internal server error. - MutationAuditAnnotationFailedOpenKeyPrefix string = "failed-open." + MutationAuditAnnotationPrefix -) - -type mutatingDispatcher struct { - cm *webhookutil.ClientManager - plugin *Plugin -} - -func newMutatingDispatcher(p *Plugin) func(cm *webhookutil.ClientManager) generic.Dispatcher { - return func(cm *webhookutil.ClientManager) generic.Dispatcher { - return &mutatingDispatcher{cm, p} - } -} - -var _ generic.Dispatcher = &mutatingDispatcher{} - -func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces, hooks []webhook.WebhookAccessor) error { - reinvokeCtx := attr.GetReinvocationContext() - var webhookReinvokeCtx *webhookReinvokeContext - if v := reinvokeCtx.Value(PluginName); v != nil { - webhookReinvokeCtx = v.(*webhookReinvokeContext) - } else { - webhookReinvokeCtx = &webhookReinvokeContext{} - reinvokeCtx.SetValue(PluginName, webhookReinvokeCtx) - } - - if reinvokeCtx.IsReinvoke() && webhookReinvokeCtx.IsOutputChangedSinceLastWebhookInvocation(attr.GetObject()) { - // If the object has changed, we know the in-tree plugin re-invocations have mutated the object, - // and we need to reinvoke all eligible webhooks. - webhookReinvokeCtx.RequireReinvokingPreviouslyInvokedPlugins() - } - defer func() { - webhookReinvokeCtx.SetLastWebhookInvocationOutput(attr.GetObject()) - }() - var versionedAttr *generic.VersionedAttributes - for i, hook := range hooks { - attrForCheck := attr - if versionedAttr != nil { - attrForCheck = versionedAttr - } - invocation, statusErr := a.plugin.ShouldCallHook(hook, attrForCheck, o) - if statusErr != nil { - return statusErr - } - if invocation == nil { - continue - } - hook, ok := invocation.Webhook.GetMutatingWebhook() - if !ok { - return fmt.Errorf("mutating webhook dispatch requires v1.MutatingWebhook, but got %T", hook) - } - // This means that during reinvocation, a webhook will not be - // called for the first time. For example, if the webhook is - // skipped in the first round because of mismatching labels, - // even if the labels become matching, the webhook does not - // get called during reinvocation. - if reinvokeCtx.IsReinvoke() && !webhookReinvokeCtx.ShouldReinvokeWebhook(invocation.Webhook.GetUID()) { - continue - } - - if versionedAttr == nil { - // First webhook, create versioned attributes - var err error - if versionedAttr, err = generic.NewVersionedAttributes(attr, invocation.Kind, o); err != nil { - return apierrors.NewInternalError(err) - } - } else { - // Subsequent webhook, convert existing versioned attributes to this webhook's version - if err := generic.ConvertVersionedAttributes(versionedAttr, invocation.Kind, o); err != nil { - return apierrors.NewInternalError(err) - } - } - - t := time.Now() - round := 0 - if reinvokeCtx.IsReinvoke() { - round = 1 - } - - annotator := newWebhookAnnotator(versionedAttr, round, i, hook.Name, invocation.Webhook.GetConfigurationName()) - changed, err := a.callAttrMutatingHook(ctx, hook, invocation, versionedAttr, annotator, o, round, i) - ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == admissionregistrationv1.Ignore - rejected := false - if err != nil { - switch err := err.(type) { - case *webhookutil.ErrCallingWebhook: - if !ignoreClientCallFailures { - rejected = true - admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionCallingWebhookError, int(err.Status.ErrStatus.Code)) - } - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", int(err.Status.ErrStatus.Code)) - case *webhookutil.ErrWebhookRejection: - rejected = true - admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionNoError, int(err.Status.ErrStatus.Code)) - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", int(err.Status.ErrStatus.Code)) - default: - rejected = true - admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "admit", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionAPIServerInternalError, 0) - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", 0) - } - } else { - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "admit", 200) - } - if changed { - // Patch had changed the object. Prepare to reinvoke all previous webhooks that are eligible for re-invocation. - webhookReinvokeCtx.RequireReinvokingPreviouslyInvokedPlugins() - reinvokeCtx.SetShouldReinvoke() - } - if hook.ReinvocationPolicy != nil && *hook.ReinvocationPolicy == admissionregistrationv1.IfNeededReinvocationPolicy { - webhookReinvokeCtx.AddReinvocableWebhookToPreviouslyInvoked(invocation.Webhook.GetUID()) - } - if err == nil { - continue - } - - if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok { - if ignoreClientCallFailures { - klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr) - admissionmetrics.Metrics.ObserveWebhookFailOpen(ctx, hook.Name, "admit") - annotator.addFailedOpenAnnotation() - - utilruntime.HandleError(callErr) - - select { - case <-ctx.Done(): - // parent context is canceled or timed out, no point in continuing - return apierrors.NewTimeoutError("request did not complete within requested timeout", 0) - default: - // individual webhook timed out, but parent context did not, continue - continue - } - } - klog.Warningf("Failed calling webhook, failing closed %v: %v", hook.Name, err) - return apierrors.NewInternalError(err) - } - if rejectionErr, ok := err.(*webhookutil.ErrWebhookRejection); ok { - return rejectionErr.Status - } - return err - } - - // convert versionedAttr.VersionedObject to the internal version in the underlying admission.Attributes - if versionedAttr != nil && versionedAttr.VersionedObject != nil && versionedAttr.Dirty { - return o.GetObjectConvertor().Convert(versionedAttr.VersionedObject, versionedAttr.Attributes.GetObject(), nil) - } - - return nil -} - -// note that callAttrMutatingHook updates attr - -func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admissionregistrationv1.MutatingWebhook, invocation *generic.WebhookInvocation, attr *generic.VersionedAttributes, annotator *webhookAnnotator, o admission.ObjectInterfaces, round, idx int) (bool, error) { - configurationName := invocation.Webhook.GetConfigurationName() - changed := false - defer func() { annotator.addMutationAnnotation(changed) }() - if attr.Attributes.IsDryRun() { - if h.SideEffects == nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Webhook SideEffects is nil"), Status: apierrors.NewBadRequest("Webhook SideEffects is nil")} - } - if !(*h.SideEffects == admissionregistrationv1.SideEffectClassNone || *h.SideEffects == admissionregistrationv1.SideEffectClassNoneOnDryRun) { - return false, webhookerrors.NewDryRunUnsupportedErr(h.Name) - } - } - - uid, request, response, err := webhookrequest.CreateAdmissionObjects(attr, invocation) - if err != nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not create admission objects: %w", err), Status: apierrors.NewBadRequest("error creating admission objects")} - } - // Make the webhook request - client, err := invocation.Webhook.GetRESTClient(a.cm) - if err != nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not get REST client: %w", err), Status: apierrors.NewBadRequest("error getting REST client")} - } - ctx, span := tracing.Start(ctx, "Call mutating webhook", - attribute.String("configuration", configurationName), - attribute.String("webhook", h.Name), - attribute.Stringer("resource", attr.GetResource()), - attribute.String("subresource", attr.GetSubresource()), - attribute.String("operation", string(attr.GetOperation())), - attribute.String("UID", string(uid))) - defer span.End(500 * time.Millisecond) - - // if the webhook has a specific timeout, wrap the context to apply it - if h.TimeoutSeconds != nil { - var cancel context.CancelFunc - ctx, cancel = context.WithTimeout(ctx, time.Duration(*h.TimeoutSeconds)*time.Second) - defer cancel() - } - - r := client.Post().Body(request) - - // if the context has a deadline, set it as a parameter to inform the backend - if deadline, hasDeadline := ctx.Deadline(); hasDeadline { - // compute the timeout - if timeout := time.Until(deadline); timeout > 0 { - // if it's not an even number of seconds, round up to the nearest second - if truncated := timeout.Truncate(time.Second); truncated != timeout { - timeout = truncated + time.Second - } - // set the timeout - r.Timeout(timeout) - } - } - - do := func() { err = r.Do(ctx).Into(response) } - if wd, ok := endpointsrequest.LatencyTrackersFrom(ctx); ok { - tmp := do - do = func() { wd.MutatingWebhookTracker.Track(tmp) } - } - do() - if err != nil { - var status *apierrors.StatusError - if se, ok := err.(*apierrors.StatusError); ok { - status = se - } else { - status = apierrors.NewBadRequest("error calling webhook") - } - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("failed to call webhook: %w", err), Status: status} - } - span.AddEvent("Request completed") - - result, err := webhookrequest.VerifyAdmissionResponse(uid, true, response) - if err != nil { - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("received invalid webhook response: %w", err), Status: apierrors.NewServiceUnavailable("error validating webhook response")} - } - - for k, v := range result.AuditAnnotations { - key := h.Name + "/" + k - if err := attr.Attributes.AddAnnotation(key, v); err != nil { - klog.Warningf("Failed to set admission audit annotation %s to %s for mutating webhook %s: %v", key, v, h.Name, err) - } - } - for _, w := range result.Warnings { - warning.AddWarning(ctx, "", w) - } - - if !result.Allowed { - return false, &webhookutil.ErrWebhookRejection{Status: webhookerrors.ToStatusErr(h.Name, result.Result)} - } - - if len(result.Patch) == 0 { - return false, nil - } - patchObj, err := jsonpatch.DecodePatch(result.Patch) - if err != nil { - return false, apierrors.NewInternalError(err) - } - - if len(patchObj) == 0 { - return false, nil - } - - // if a non-empty patch was provided, and we have no object we can apply it to (e.g. a DELETE admission operation), error - if attr.VersionedObject == nil { - return false, apierrors.NewInternalError(fmt.Errorf("admission webhook %q attempted to modify the object, which is not supported for this operation", h.Name)) - } - - var patchedJS []byte - jsonSerializer := json.NewSerializer(json.DefaultMetaFactory, o.GetObjectCreater(), o.GetObjectTyper(), false) - switch result.PatchType { - // VerifyAdmissionResponse normalizes to v1 patch types, regardless of the AdmissionReview version used - case admissionv1.PatchTypeJSONPatch: - objJS, err := runtime.Encode(jsonSerializer, attr.VersionedObject) - if err != nil { - return false, apierrors.NewInternalError(err) - } - patchedJS, err = patchObj.Apply(objJS) - if err != nil { - return false, apierrors.NewInternalError(err) - } - default: - return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("unsupported patch type %q", result.PatchType), Status: webhookerrors.ToStatusErr(h.Name, result.Result)} - } - - var newVersionedObject runtime.Object - if _, ok := attr.VersionedObject.(*unstructured.Unstructured); ok { - // Custom Resources don't have corresponding Go struct's. - // They are represented as Unstructured. - newVersionedObject = &unstructured.Unstructured{} - } else { - newVersionedObject, err = o.GetObjectCreater().New(attr.VersionedKind) - if err != nil { - return false, apierrors.NewInternalError(err) - } - } - - // TODO: if we have multiple mutating webhooks, we can remember the json - // instead of encoding and decoding for each one. - if newVersionedObject, _, err = jsonSerializer.Decode(patchedJS, nil, newVersionedObject); err != nil { - return false, apierrors.NewInternalError(err) - } - - changed = !apiequality.Semantic.DeepEqual(attr.VersionedObject, newVersionedObject) - span.AddEvent("Patch applied") - annotator.addPatchAnnotation(patchObj, result.PatchType) - attr.Dirty = true - attr.VersionedObject = newVersionedObject - o.GetObjectDefaulter().Default(attr.VersionedObject) - return changed, nil -} - -type webhookAnnotator struct { - attr *generic.VersionedAttributes - failedOpenAnnotationKey string - patchAnnotationKey string - mutationAnnotationKey string - webhook string - configuration string -} - -func newWebhookAnnotator(attr *generic.VersionedAttributes, round, idx int, webhook, configuration string) *webhookAnnotator { - return &webhookAnnotator{ - attr: attr, - failedOpenAnnotationKey: fmt.Sprintf("%sround_%d_index_%d", MutationAuditAnnotationFailedOpenKeyPrefix, round, idx), - patchAnnotationKey: fmt.Sprintf("%sround_%d_index_%d", PatchAuditAnnotationPrefix, round, idx), - mutationAnnotationKey: fmt.Sprintf("%sround_%d_index_%d", MutationAuditAnnotationPrefix, round, idx), - webhook: webhook, - configuration: configuration, - } -} - -func (w *webhookAnnotator) addFailedOpenAnnotation() { - if w.attr == nil || w.attr.Attributes == nil { - return - } - value := w.webhook - if err := w.attr.Attributes.AddAnnotation(w.failedOpenAnnotationKey, value); err != nil { - klog.Warningf("failed to set failed open annotation for mutating webhook key %s to %s: %v", w.failedOpenAnnotationKey, value, err) - } -} - -func (w *webhookAnnotator) addMutationAnnotation(mutated bool) { - if w.attr == nil || w.attr.Attributes == nil { - return - } - value, err := mutationAnnotationValue(w.configuration, w.webhook, mutated) - if err != nil { - klog.Warningf("unexpected error composing mutating webhook annotation: %v", err) - return - } - if err := w.attr.Attributes.AddAnnotation(w.mutationAnnotationKey, value); err != nil { - klog.Warningf("failed to set mutation annotation for mutating webhook key %s to %s: %v", w.mutationAnnotationKey, value, err) - } -} - -func (w *webhookAnnotator) addPatchAnnotation(patch interface{}, patchType admissionv1.PatchType) { - if w.attr == nil || w.attr.Attributes == nil { - return - } - var value string - var err error - switch patchType { - case admissionv1.PatchTypeJSONPatch: - value, err = jsonPatchAnnotationValue(w.configuration, w.webhook, patch) - if err != nil { - klog.Warningf("unexpected error composing mutating webhook JSON patch annotation: %v", err) - return - } - default: - klog.Warningf("unsupported patch type for mutating webhook annotation: %v", patchType) - return - } - if err := w.attr.Attributes.AddAnnotationWithLevel(w.patchAnnotationKey, value, auditinternal.LevelRequest); err != nil { - // NOTE: we don't log actual patch in kube-apiserver log to avoid potentially - // leaking information - klog.Warningf("failed to set patch annotation for mutating webhook key %s; confugiration name: %s, webhook name: %s", w.patchAnnotationKey, w.configuration, w.webhook) - } -} - -// MutationAuditAnnotation logs if a webhook invocation mutated the request object -type MutationAuditAnnotation struct { - Configuration string `json:"configuration"` - Webhook string `json:"webhook"` - Mutated bool `json:"mutated"` -} - -// PatchAuditAnnotation logs a patch from a mutating webhook -type PatchAuditAnnotation struct { - Configuration string `json:"configuration"` - Webhook string `json:"webhook"` - Patch interface{} `json:"patch,omitempty"` - PatchType string `json:"patchType,omitempty"` -} - -func mutationAnnotationValue(configuration, webhook string, mutated bool) (string, error) { - m := MutationAuditAnnotation{ - Configuration: configuration, - Webhook: webhook, - Mutated: mutated, - } - bytes, err := utiljson.Marshal(m) - return string(bytes), err -} - -func jsonPatchAnnotationValue(configuration, webhook string, patch interface{}) (string, error) { - p := PatchAuditAnnotation{ - Configuration: configuration, - Webhook: webhook, - Patch: patch, - PatchType: string(admissionv1.PatchTypeJSONPatch), - } - bytes, err := utiljson.Marshal(p) - return string(bytes), err -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/doc.go deleted file mode 100644 index d804aca1cf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package mutating makes calls to mutating webhooks during the admission -// process. -package mutating // import "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin.go deleted file mode 100644 index fb07a61c1b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/plugin.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mutating - -import ( - "context" - "io" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/configuration" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" -) - -const ( - // PluginName indicates the name of admission plug-in - PluginName = "MutatingAdmissionWebhook" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(configFile io.Reader) (admission.Interface, error) { - plugin, err := NewMutatingWebhook(configFile) - if err != nil { - return nil, err - } - - return plugin, nil - }) -} - -// Plugin is an implementation of admission.Interface. -type Plugin struct { - *generic.Webhook -} - -var _ admission.MutationInterface = &Plugin{} - -// NewMutatingWebhook returns a generic admission webhook plugin. -func NewMutatingWebhook(configFile io.Reader) (*Plugin, error) { - handler := admission.NewHandler(admission.Connect, admission.Create, admission.Delete, admission.Update) - p := &Plugin{} - var err error - p.Webhook, err = generic.NewWebhook(handler, configFile, configuration.NewMutatingWebhookConfigurationManager, newMutatingDispatcher(p)) - if err != nil { - return nil, err - } - - return p, nil -} - -// ValidateInitialization implements the InitializationValidator interface. -func (a *Plugin) ValidateInitialization() error { - if err := a.Webhook.ValidateInitialization(); err != nil { - return err - } - return nil -} - -// Admit makes an admission decision based on the request attributes. -func (a *Plugin) Admit(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error { - return a.Webhook.Dispatch(ctx, attr, o) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/reinvocationcontext.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/reinvocationcontext.go deleted file mode 100644 index de0af221e1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/reinvocationcontext.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mutating - -import ( - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" -) - -type webhookReinvokeContext struct { - // lastWebhookOutput holds the result of the last webhook admission plugin call - lastWebhookOutput runtime.Object - // previouslyInvokedReinvocableWebhooks holds the set of webhooks that have been invoked and - // should be reinvoked if a later mutation occurs - previouslyInvokedReinvocableWebhooks sets.String - // reinvokeWebhooks holds the set of webhooks that should be reinvoked - reinvokeWebhooks sets.String -} - -func (rc *webhookReinvokeContext) ShouldReinvokeWebhook(webhook string) bool { - return rc.reinvokeWebhooks.Has(webhook) -} - -func (rc *webhookReinvokeContext) IsOutputChangedSinceLastWebhookInvocation(object runtime.Object) bool { - return !apiequality.Semantic.DeepEqual(rc.lastWebhookOutput, object) -} - -func (rc *webhookReinvokeContext) SetLastWebhookInvocationOutput(object runtime.Object) { - if object == nil { - rc.lastWebhookOutput = nil - return - } - rc.lastWebhookOutput = object.DeepCopyObject() -} - -func (rc *webhookReinvokeContext) AddReinvocableWebhookToPreviouslyInvoked(webhook string) { - if rc.previouslyInvokedReinvocableWebhooks == nil { - rc.previouslyInvokedReinvocableWebhooks = sets.NewString() - } - rc.previouslyInvokedReinvocableWebhooks.Insert(webhook) -} - -func (rc *webhookReinvokeContext) RequireReinvokingPreviouslyInvokedPlugins() { - if len(rc.previouslyInvokedReinvocableWebhooks) > 0 { - if rc.reinvokeWebhooks == nil { - rc.reinvokeWebhooks = sets.NewString() - } - for s := range rc.previouslyInvokedReinvocableWebhooks { - rc.reinvokeWebhooks.Insert(s) - } - rc.previouslyInvokedReinvocableWebhooks = sets.NewString() - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/doc.go deleted file mode 100644 index 660001dff7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package namespace defines the utilities that are used by the webhook -// plugin to decide if a webhook should be applied to an object based on its -// namespace. -package namespace // import "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go deleted file mode 100644 index bb7948973b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace/matcher.go +++ /dev/null @@ -1,125 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package namespace - -import ( - "context" - "fmt" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/admission" - clientset "k8s.io/client-go/kubernetes" - corelisters "k8s.io/client-go/listers/core/v1" -) - -type NamespaceSelectorProvider interface { - // GetNamespaceSelector gets the webhook NamespaceSelector field. - GetParsedNamespaceSelector() (labels.Selector, error) -} - -// Matcher decides if a request is exempted by the NamespaceSelector of a -// webhook configuration. -type Matcher struct { - NamespaceLister corelisters.NamespaceLister - Client clientset.Interface -} - -// Validate checks if the Matcher has a NamespaceLister and Client. -func (m *Matcher) Validate() error { - var errs []error - if m.NamespaceLister == nil { - errs = append(errs, fmt.Errorf("the namespace matcher requires a namespaceLister")) - } - if m.Client == nil { - errs = append(errs, fmt.Errorf("the namespace matcher requires a client")) - } - return utilerrors.NewAggregate(errs) -} - -// GetNamespaceLabels gets the labels of the namespace related to the attr. -func (m *Matcher) GetNamespaceLabels(attr admission.Attributes) (map[string]string, error) { - // If the request itself is creating or updating a namespace, then get the - // labels from attr.Object, because namespaceLister doesn't have the latest - // namespace yet. - // - // However, if the request is deleting a namespace, then get the label from - // the namespace in the namespaceLister, because a delete request is not - // going to change the object, and attr.Object will be a DeleteOptions - // rather than a namespace object. - if attr.GetResource().Resource == "namespaces" && - len(attr.GetSubresource()) == 0 && - (attr.GetOperation() == admission.Create || attr.GetOperation() == admission.Update) { - accessor, err := meta.Accessor(attr.GetObject()) - if err != nil { - return nil, err - } - return accessor.GetLabels(), nil - } - - namespaceName := attr.GetNamespace() - namespace, err := m.NamespaceLister.Get(namespaceName) - if err != nil && !apierrors.IsNotFound(err) { - return nil, err - } - if apierrors.IsNotFound(err) { - // in case of latency in our caches, make a call direct to storage to verify that it truly exists or not - namespace, err = m.Client.CoreV1().Namespaces().Get(context.TODO(), namespaceName, metav1.GetOptions{}) - if err != nil { - return nil, err - } - } - return namespace.Labels, nil -} - -// MatchNamespaceSelector decideds whether the request matches the -// namespaceSelctor of the webhook. Only when they match, the webhook is called. -func (m *Matcher) MatchNamespaceSelector(p NamespaceSelectorProvider, attr admission.Attributes) (bool, *apierrors.StatusError) { - namespaceName := attr.GetNamespace() - if len(namespaceName) == 0 && attr.GetResource().Resource != "namespaces" { - // If the request is about a cluster scoped resource, and it is not a - // namespace, it is never exempted. - // TODO: figure out a way selective exempt cluster scoped resources. - // Also update the comment in types.go - return true, nil - } - selector, err := p.GetParsedNamespaceSelector() - if err != nil { - return false, apierrors.NewInternalError(err) - } - if selector.Empty() { - return true, nil - } - - namespaceLabels, err := m.GetNamespaceLabels(attr) - // this means the namespace is not found, for backwards compatibility, - // return a 404 - if apierrors.IsNotFound(err) { - status, ok := err.(apierrors.APIStatus) - if !ok { - return false, apierrors.NewInternalError(err) - } - return false, &apierrors.StatusError{status.Status()} - } - if err != nil { - return false, apierrors.NewInternalError(err) - } - return selector.Matches(labels.Set(namespaceLabels)), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object/doc.go deleted file mode 100644 index 8964afa6c5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package object defines the utilities that are used by the webhook plugin to -// decide if a webhook should run, as long as either the old object or the new -// object has labels matching the webhook config's objectSelector. -package object // import "k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object/matcher.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object/matcher.go deleted file mode 100644 index aadf907327..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object/matcher.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package object - -import ( - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/admission" - "k8s.io/klog/v2" -) - -type ObjectSelectorProvider interface { - // GetObjectSelector gets the webhook ObjectSelector field. - GetParsedObjectSelector() (labels.Selector, error) -} - -// Matcher decides if a request selected by the ObjectSelector. -type Matcher struct { -} - -func matchObject(obj runtime.Object, selector labels.Selector) bool { - if obj == nil { - return false - } - accessor, err := meta.Accessor(obj) - if err != nil { - klog.V(5).InfoS("Accessing metadata failed", "object", obj, "err", err) - return false - } - return selector.Matches(labels.Set(accessor.GetLabels())) - -} - -// MatchObjectSelector decideds whether the request matches the ObjectSelector -// of the webhook. Only when they match, the webhook is called. -func (m *Matcher) MatchObjectSelector(p ObjectSelectorProvider, attr admission.Attributes) (bool, *apierrors.StatusError) { - selector, err := p.GetParsedObjectSelector() - if err != nil { - return false, apierrors.NewInternalError(err) - } - if selector.Empty() { - return true, nil - } - return matchObject(attr.GetObject(), selector) || matchObject(attr.GetOldObject(), selector), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules/rules.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules/rules.go deleted file mode 100644 index b926f65dc1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules/rules.go +++ /dev/null @@ -1,129 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rules - -import ( - "strings" - - "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" -) - -// Matcher determines if the Attr matches the Rule. -type Matcher struct { - Rule v1.RuleWithOperations - Attr admission.Attributes -} - -// Matches returns if the Attr matches the Rule. -func (r *Matcher) Matches() bool { - return r.scope() && - r.operation() && - r.group() && - r.version() && - r.resource() -} - -func exactOrWildcard(items []string, requested string) bool { - for _, item := range items { - if item == "*" { - return true - } - if item == requested { - return true - } - } - - return false -} - -var namespaceResource = schema.GroupVersionResource{Group: "", Version: "v1", Resource: "namespaces"} - -func (r *Matcher) scope() bool { - if r.Rule.Scope == nil || *r.Rule.Scope == v1.AllScopes { - return true - } - // attr.GetNamespace() is set to the name of the namespace for requests of the namespace object itself. - switch *r.Rule.Scope { - case v1.NamespacedScope: - // first make sure that we are not requesting a namespace object (namespace objects are cluster-scoped) - return r.Attr.GetResource() != namespaceResource && r.Attr.GetNamespace() != metav1.NamespaceNone - case v1.ClusterScope: - // also return true if the request is for a namespace object (namespace objects are cluster-scoped) - return r.Attr.GetResource() == namespaceResource || r.Attr.GetNamespace() == metav1.NamespaceNone - default: - return false - } -} - -func (r *Matcher) group() bool { - return exactOrWildcard(r.Rule.APIGroups, r.Attr.GetResource().Group) -} - -func (r *Matcher) version() bool { - return exactOrWildcard(r.Rule.APIVersions, r.Attr.GetResource().Version) -} - -func (r *Matcher) operation() bool { - attrOp := r.Attr.GetOperation() - for _, op := range r.Rule.Operations { - if op == v1.OperationAll { - return true - } - // The constants are the same such that this is a valid cast (and this - // is tested). - if op == v1.OperationType(attrOp) { - return true - } - } - return false -} - -func splitResource(resSub string) (res, sub string) { - parts := strings.SplitN(resSub, "/", 2) - if len(parts) == 2 { - return parts[0], parts[1] - } - return parts[0], "" -} - -func (r *Matcher) resource() bool { - opRes, opSub := r.Attr.GetResource().Resource, r.Attr.GetSubresource() - for _, res := range r.Rule.Resources { - res, sub := splitResource(res) - resMatch := res == "*" || res == opRes - subMatch := sub == "*" || sub == opSub - if resMatch && subMatch { - return true - } - } - return false -} - -// IsExemptAdmissionConfigurationResource determines if an admission.Attributes object is describing -// the admission of a ValidatingWebhookConfiguration or a MutatingWebhookConfiguration or a ValidatingAdmissionPolicy or a ValidatingAdmissionPolicyBinding -func IsExemptAdmissionConfigurationResource(attr admission.Attributes) bool { - gvk := attr.GetKind() - if gvk.Group == "admissionregistration.k8s.io" { - if gvk.Kind == "ValidatingWebhookConfiguration" || gvk.Kind == "MutatingWebhookConfiguration" || gvk.Kind == "ValidatingAdmissionPolicy" || gvk.Kind == "ValidatingAdmissionPolicyBinding" { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go deleted file mode 100644 index c60d0fb9e7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go +++ /dev/null @@ -1,283 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "fmt" - - admissionv1 "k8s.io/api/admission/v1" - admissionv1beta1 "k8s.io/api/admission/v1beta1" - authenticationv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/uuid" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" -) - -// AdmissionResponse contains the fields extracted from an AdmissionReview response -type AdmissionResponse struct { - AuditAnnotations map[string]string - Allowed bool - Patch []byte - PatchType admissionv1.PatchType - Result *metav1.Status - Warnings []string -} - -// VerifyAdmissionResponse checks the validity of the provided admission review object, and returns the -// audit annotations, whether the response allowed the request, any provided patch/patchType/status, -// or an error if the provided admission review was not valid. -func VerifyAdmissionResponse(uid types.UID, mutating bool, review runtime.Object) (*AdmissionResponse, error) { - switch r := review.(type) { - case *admissionv1.AdmissionReview: - if r.Response == nil { - return nil, fmt.Errorf("webhook response was absent") - } - - // Verify UID matches - if r.Response.UID != uid { - return nil, fmt.Errorf("expected response.uid=%q, got %q", uid, r.Response.UID) - } - - // Verify GVK - v1GVK := admissionv1.SchemeGroupVersion.WithKind("AdmissionReview") - if r.GroupVersionKind() != v1GVK { - return nil, fmt.Errorf("expected webhook response of %v, got %v", v1GVK.String(), r.GroupVersionKind().String()) - } - - patch := []byte(nil) - patchType := admissionv1.PatchType("") - - if mutating { - // Ensure a mutating webhook provides both patch and patchType together - if len(r.Response.Patch) > 0 && r.Response.PatchType == nil { - return nil, fmt.Errorf("webhook returned response.patch but not response.patchType") - } - if len(r.Response.Patch) == 0 && r.Response.PatchType != nil { - return nil, fmt.Errorf("webhook returned response.patchType but not response.patch") - } - patch = r.Response.Patch - if r.Response.PatchType != nil { - patchType = *r.Response.PatchType - if len(patchType) == 0 { - return nil, fmt.Errorf("webhook returned invalid response.patchType of %q", patchType) - } - } - } else { - // Ensure a validating webhook doesn't return patch or patchType - if len(r.Response.Patch) > 0 { - return nil, fmt.Errorf("validating webhook may not return response.patch") - } - if r.Response.PatchType != nil { - return nil, fmt.Errorf("validating webhook may not return response.patchType") - } - } - - return &AdmissionResponse{ - AuditAnnotations: r.Response.AuditAnnotations, - Allowed: r.Response.Allowed, - Patch: patch, - PatchType: patchType, - Result: r.Response.Result, - Warnings: r.Response.Warnings, - }, nil - - case *admissionv1beta1.AdmissionReview: - if r.Response == nil { - return nil, fmt.Errorf("webhook response was absent") - } - - // Response GVK and response.uid were not verified in v1beta1 handling, allow any - - patch := []byte(nil) - patchType := admissionv1.PatchType("") - if mutating { - patch = r.Response.Patch - if len(r.Response.Patch) > 0 { - // patch type was not verified in v1beta1 admissionreview handling. pin to only supported version if a patch is provided. - patchType = admissionv1.PatchTypeJSONPatch - } - } - - return &AdmissionResponse{ - AuditAnnotations: r.Response.AuditAnnotations, - Allowed: r.Response.Allowed, - Patch: patch, - PatchType: patchType, - Result: r.Response.Result, - Warnings: r.Response.Warnings, - }, nil - - default: - return nil, fmt.Errorf("unexpected response type %T", review) - } -} - -// CreateAdmissionObjects returns the unique request uid, the AdmissionReview object to send the webhook and to decode the response into, -// or an error if the webhook does not support receiving any of the admission review versions we know to send -func CreateAdmissionObjects(versionedAttributes *generic.VersionedAttributes, invocation *generic.WebhookInvocation) (uid types.UID, request, response runtime.Object, err error) { - for _, version := range invocation.Webhook.GetAdmissionReviewVersions() { - switch version { - case admissionv1.SchemeGroupVersion.Version: - uid := types.UID(uuid.NewUUID()) - request := CreateV1AdmissionReview(uid, versionedAttributes, invocation) - response := &admissionv1.AdmissionReview{} - return uid, request, response, nil - - case admissionv1beta1.SchemeGroupVersion.Version: - uid := types.UID(uuid.NewUUID()) - request := CreateV1beta1AdmissionReview(uid, versionedAttributes, invocation) - response := &admissionv1beta1.AdmissionReview{} - return uid, request, response, nil - - } - } - return "", nil, nil, fmt.Errorf("webhook does not accept known AdmissionReview versions (v1, v1beta1)") -} - -// CreateV1AdmissionReview creates an AdmissionReview for the provided admission.Attributes -func CreateV1AdmissionReview(uid types.UID, versionedAttributes *generic.VersionedAttributes, invocation *generic.WebhookInvocation) *admissionv1.AdmissionReview { - attr := versionedAttributes.Attributes - gvk := invocation.Kind - gvr := invocation.Resource - subresource := invocation.Subresource - requestGVK := attr.GetKind() - requestGVR := attr.GetResource() - requestSubResource := attr.GetSubresource() - aUserInfo := attr.GetUserInfo() - userInfo := authenticationv1.UserInfo{ - Extra: make(map[string]authenticationv1.ExtraValue), - Groups: aUserInfo.GetGroups(), - UID: aUserInfo.GetUID(), - Username: aUserInfo.GetName(), - } - dryRun := attr.IsDryRun() - - // Convert the extra information in the user object - for key, val := range aUserInfo.GetExtra() { - userInfo.Extra[key] = authenticationv1.ExtraValue(val) - } - - return &admissionv1.AdmissionReview{ - Request: &admissionv1.AdmissionRequest{ - UID: uid, - Kind: metav1.GroupVersionKind{ - Group: gvk.Group, - Kind: gvk.Kind, - Version: gvk.Version, - }, - Resource: metav1.GroupVersionResource{ - Group: gvr.Group, - Resource: gvr.Resource, - Version: gvr.Version, - }, - SubResource: subresource, - RequestKind: &metav1.GroupVersionKind{ - Group: requestGVK.Group, - Kind: requestGVK.Kind, - Version: requestGVK.Version, - }, - RequestResource: &metav1.GroupVersionResource{ - Group: requestGVR.Group, - Resource: requestGVR.Resource, - Version: requestGVR.Version, - }, - RequestSubResource: requestSubResource, - Name: attr.GetName(), - Namespace: attr.GetNamespace(), - Operation: admissionv1.Operation(attr.GetOperation()), - UserInfo: userInfo, - Object: runtime.RawExtension{ - Object: versionedAttributes.VersionedObject, - }, - OldObject: runtime.RawExtension{ - Object: versionedAttributes.VersionedOldObject, - }, - DryRun: &dryRun, - Options: runtime.RawExtension{ - Object: attr.GetOperationOptions(), - }, - }, - } -} - -// CreateV1beta1AdmissionReview creates an AdmissionReview for the provided admission.Attributes -func CreateV1beta1AdmissionReview(uid types.UID, versionedAttributes *generic.VersionedAttributes, invocation *generic.WebhookInvocation) *admissionv1beta1.AdmissionReview { - attr := versionedAttributes.Attributes - gvk := invocation.Kind - gvr := invocation.Resource - subresource := invocation.Subresource - requestGVK := attr.GetKind() - requestGVR := attr.GetResource() - requestSubResource := attr.GetSubresource() - aUserInfo := attr.GetUserInfo() - userInfo := authenticationv1.UserInfo{ - Extra: make(map[string]authenticationv1.ExtraValue), - Groups: aUserInfo.GetGroups(), - UID: aUserInfo.GetUID(), - Username: aUserInfo.GetName(), - } - dryRun := attr.IsDryRun() - - // Convert the extra information in the user object - for key, val := range aUserInfo.GetExtra() { - userInfo.Extra[key] = authenticationv1.ExtraValue(val) - } - - return &admissionv1beta1.AdmissionReview{ - Request: &admissionv1beta1.AdmissionRequest{ - UID: uid, - Kind: metav1.GroupVersionKind{ - Group: gvk.Group, - Kind: gvk.Kind, - Version: gvk.Version, - }, - Resource: metav1.GroupVersionResource{ - Group: gvr.Group, - Resource: gvr.Resource, - Version: gvr.Version, - }, - SubResource: subresource, - RequestKind: &metav1.GroupVersionKind{ - Group: requestGVK.Group, - Kind: requestGVK.Kind, - Version: requestGVK.Version, - }, - RequestResource: &metav1.GroupVersionResource{ - Group: requestGVR.Group, - Resource: requestGVR.Resource, - Version: requestGVR.Version, - }, - RequestSubResource: requestSubResource, - Name: attr.GetName(), - Namespace: attr.GetNamespace(), - Operation: admissionv1beta1.Operation(attr.GetOperation()), - UserInfo: userInfo, - Object: runtime.RawExtension{ - Object: versionedAttributes.VersionedObject, - }, - OldObject: runtime.RawExtension{ - Object: versionedAttributes.VersionedOldObject, - }, - DryRun: &dryRun, - Options: runtime.RawExtension{ - Object: attr.GetOperationOptions(), - }, - }, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/request/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/request/doc.go deleted file mode 100644 index fbacf33717..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/request/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package request creates admissionReview request based on admission attributes. -package request // import "k8s.io/apiserver/pkg/admission/plugin/webhook/request" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go deleted file mode 100644 index 025e4fe388..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go +++ /dev/null @@ -1,303 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validating - -import ( - "context" - "fmt" - "sync" - "time" - - "go.opentelemetry.io/otel/attribute" - - v1 "k8s.io/api/admissionregistration/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/admission" - admissionmetrics "k8s.io/apiserver/pkg/admission/metrics" - "k8s.io/apiserver/pkg/admission/plugin/webhook" - webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" - webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request" - endpointsrequest "k8s.io/apiserver/pkg/endpoints/request" - webhookutil "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/apiserver/pkg/warning" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" -) - -const ( - // ValidatingAuditAnnotationPrefix is a prefix for keeping noteworthy - // validating audit annotations. - ValidatingAuditAnnotationPrefix = "validating.webhook.admission.k8s.io/" - // ValidatingAuditAnnotationFailedOpenKeyPrefix in an annotation indicates - // the validating webhook failed open when the webhook backend connection - // failed or returned an internal server error. - ValidatingAuditAnnotationFailedOpenKeyPrefix = "failed-open." + ValidatingAuditAnnotationPrefix -) - -type validatingDispatcher struct { - cm *webhookutil.ClientManager - plugin *Plugin -} - -func newValidatingDispatcher(p *Plugin) func(cm *webhookutil.ClientManager) generic.Dispatcher { - return func(cm *webhookutil.ClientManager) generic.Dispatcher { - return &validatingDispatcher{cm, p} - } -} - -var _ generic.Dispatcher = &validatingDispatcher{} - -func (d *validatingDispatcher) Dispatch(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces, hooks []webhook.WebhookAccessor) error { - var relevantHooks []*generic.WebhookInvocation - // Construct all the versions we need to call our webhooks - versionedAttrs := map[schema.GroupVersionKind]*generic.VersionedAttributes{} - for _, hook := range hooks { - invocation, statusError := d.plugin.ShouldCallHook(hook, attr, o) - if statusError != nil { - return statusError - } - if invocation == nil { - continue - } - relevantHooks = append(relevantHooks, invocation) - // If we already have this version, continue - if _, ok := versionedAttrs[invocation.Kind]; ok { - continue - } - versionedAttr, err := generic.NewVersionedAttributes(attr, invocation.Kind, o) - if err != nil { - return apierrors.NewInternalError(err) - } - versionedAttrs[invocation.Kind] = versionedAttr - } - - if len(relevantHooks) == 0 { - // no matching hooks - return nil - } - - // Check if the request has already timed out before spawning remote calls - select { - case <-ctx.Done(): - // parent context is canceled or timed out, no point in continuing - return apierrors.NewTimeoutError("request did not complete within requested timeout", 0) - default: - } - - wg := sync.WaitGroup{} - errCh := make(chan error, 2*len(relevantHooks)) // double the length to handle extra errors for panics in the gofunc - wg.Add(len(relevantHooks)) - for i := range relevantHooks { - go func(invocation *generic.WebhookInvocation, idx int) { - ignoreClientCallFailures := false - hookName := "unknown" - versionedAttr := versionedAttrs[invocation.Kind] - // The ordering of these two defers is critical. The wg.Done will release the parent go func to close the errCh - // that is used by the second defer to report errors. The recovery and error reporting must be done first. - defer wg.Done() - defer func() { - // HandleCrash has already called the crash handlers and it has been configured to utilruntime.ReallyCrash - // This block prevents the second panic from failing our process. - // This failure mode for the handler functions properly using the channel below. - recover() - }() - defer utilruntime.HandleCrash( - func(r interface{}) { - if r == nil { - return - } - if ignoreClientCallFailures { - // if failures are supposed to ignored, ignore it - klog.Warningf("Panic calling webhook, failing open %v: %v", hookName, r) - admissionmetrics.Metrics.ObserveWebhookFailOpen(ctx, hookName, "validating") - key := fmt.Sprintf("%sround_0_index_%d", ValidatingAuditAnnotationFailedOpenKeyPrefix, idx) - value := hookName - if err := versionedAttr.Attributes.AddAnnotation(key, value); err != nil { - klog.Warningf("Failed to set admission audit annotation %s to %s for validating webhook %s: %v", key, value, hookName, err) - } - return - } - // this ensures that the admission request fails and a message is provided. - errCh <- apierrors.NewInternalError(fmt.Errorf("ValidatingAdmissionWebhook/%v has panicked: %v", hookName, r)) - }, - ) - - hook, ok := invocation.Webhook.GetValidatingWebhook() - if !ok { - utilruntime.HandleError(fmt.Errorf("validating webhook dispatch requires v1.ValidatingWebhook, but got %T", hook)) - return - } - hookName = hook.Name - ignoreClientCallFailures = hook.FailurePolicy != nil && *hook.FailurePolicy == v1.Ignore - t := time.Now() - err := d.callHook(ctx, hook, invocation, versionedAttr) - rejected := false - if err != nil { - switch err := err.(type) { - case *webhookutil.ErrCallingWebhook: - if !ignoreClientCallFailures { - rejected = true - admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "validating", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionCallingWebhookError, int(err.Status.ErrStatus.Code)) - } - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "validating", int(err.Status.ErrStatus.Code)) - case *webhookutil.ErrWebhookRejection: - rejected = true - admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "validating", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionNoError, int(err.Status.ErrStatus.Code)) - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "validating", int(err.Status.ErrStatus.Code)) - default: - rejected = true - admissionmetrics.Metrics.ObserveWebhookRejection(ctx, hook.Name, "validating", string(versionedAttr.Attributes.GetOperation()), admissionmetrics.WebhookRejectionAPIServerInternalError, 0) - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "validating", 0) - } - } else { - admissionmetrics.Metrics.ObserveWebhook(ctx, hook.Name, time.Since(t), rejected, versionedAttr.Attributes, "validating", 200) - return - } - - if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok { - if ignoreClientCallFailures { - klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr) - admissionmetrics.Metrics.ObserveWebhookFailOpen(ctx, hook.Name, "validating") - key := fmt.Sprintf("%sround_0_index_%d", ValidatingAuditAnnotationFailedOpenKeyPrefix, idx) - value := hook.Name - if err := versionedAttr.Attributes.AddAnnotation(key, value); err != nil { - klog.Warningf("Failed to set admission audit annotation %s to %s for validating webhook %s: %v", key, value, hook.Name, err) - } - utilruntime.HandleError(callErr) - return - } - - klog.Warningf("Failed calling webhook, failing closed %v: %v", hook.Name, err) - errCh <- apierrors.NewInternalError(err) - return - } - - if rejectionErr, ok := err.(*webhookutil.ErrWebhookRejection); ok { - err = rejectionErr.Status - } - klog.Warningf("rejected by webhook %q: %#v", hook.Name, err) - errCh <- err - }(relevantHooks[i], i) - } - wg.Wait() - close(errCh) - - var errs []error - for e := range errCh { - errs = append(errs, e) - } - if len(errs) == 0 { - return nil - } - if len(errs) > 1 { - for i := 1; i < len(errs); i++ { - // TODO: merge status errors; until then, just return the first one. - utilruntime.HandleError(errs[i]) - } - } - return errs[0] -} - -func (d *validatingDispatcher) callHook(ctx context.Context, h *v1.ValidatingWebhook, invocation *generic.WebhookInvocation, attr *generic.VersionedAttributes) error { - if attr.Attributes.IsDryRun() { - if h.SideEffects == nil { - return &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Webhook SideEffects is nil"), Status: apierrors.NewBadRequest("Webhook SideEffects is nil")} - } - if !(*h.SideEffects == v1.SideEffectClassNone || *h.SideEffects == v1.SideEffectClassNoneOnDryRun) { - return webhookerrors.NewDryRunUnsupportedErr(h.Name) - } - } - - uid, request, response, err := webhookrequest.CreateAdmissionObjects(attr, invocation) - if err != nil { - return &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not create admission objects: %w", err), Status: apierrors.NewBadRequest("error creating admission objects")} - } - // Make the webhook request - client, err := invocation.Webhook.GetRESTClient(d.cm) - if err != nil { - return &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("could not get REST client: %w", err), Status: apierrors.NewBadRequest("error getting REST client")} - } - ctx, span := tracing.Start(ctx, "Call validating webhook", - attribute.String("configuration", invocation.Webhook.GetConfigurationName()), - attribute.String("webhook", h.Name), - attribute.Stringer("resource", attr.GetResource()), - attribute.String("subresource", attr.GetSubresource()), - attribute.String("operation", string(attr.GetOperation())), - attribute.String("UID", string(uid))) - defer span.End(500 * time.Millisecond) - - // if the webhook has a specific timeout, wrap the context to apply it - if h.TimeoutSeconds != nil { - var cancel context.CancelFunc - ctx, cancel = context.WithTimeout(ctx, time.Duration(*h.TimeoutSeconds)*time.Second) - defer cancel() - } - - r := client.Post().Body(request) - - // if the context has a deadline, set it as a parameter to inform the backend - if deadline, hasDeadline := ctx.Deadline(); hasDeadline { - // compute the timeout - if timeout := time.Until(deadline); timeout > 0 { - // if it's not an even number of seconds, round up to the nearest second - if truncated := timeout.Truncate(time.Second); truncated != timeout { - timeout = truncated + time.Second - } - // set the timeout - r.Timeout(timeout) - } - } - - do := func() { err = r.Do(ctx).Into(response) } - if wd, ok := endpointsrequest.LatencyTrackersFrom(ctx); ok { - tmp := do - do = func() { wd.ValidatingWebhookTracker.Track(tmp) } - } - do() - if err != nil { - var status *apierrors.StatusError - if se, ok := err.(*apierrors.StatusError); ok { - status = se - } else { - status = apierrors.NewBadRequest("error calling webhook") - } - return &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("failed to call webhook: %w", err), Status: status} - } - span.AddEvent("Request completed") - - result, err := webhookrequest.VerifyAdmissionResponse(uid, false, response) - if err != nil { - return &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("received invalid webhook response: %w", err), Status: apierrors.NewServiceUnavailable("error validating webhook response")} - } - - for k, v := range result.AuditAnnotations { - key := h.Name + "/" + k - if err := attr.Attributes.AddAnnotation(key, v); err != nil { - klog.Warningf("Failed to set admission audit annotation %s to %s for validating webhook %s: %v", key, v, h.Name, err) - } - } - for _, w := range result.Warnings { - warning.AddWarning(ctx, "", w) - } - if result.Allowed { - return nil - } - return &webhookutil.ErrWebhookRejection{Status: webhookerrors.ToStatusErr(h.Name, result.Result)} -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/doc.go deleted file mode 100644 index ede53c668f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package validating makes calls to validating (i.e., non-mutating) webhooks -// during the admission process. -package validating // import "k8s.io/apiserver/pkg/admission/plugin/webhook/validating" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/plugin.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/plugin.go deleted file mode 100644 index 6972877b18..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/plugin.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validating - -import ( - "context" - "io" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/configuration" - "k8s.io/apiserver/pkg/admission/plugin/webhook/generic" -) - -const ( - // PluginName indicates the name of admission plug-in - PluginName = "ValidatingAdmissionWebhook" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(configFile io.Reader) (admission.Interface, error) { - plugin, err := NewValidatingAdmissionWebhook(configFile) - if err != nil { - return nil, err - } - - return plugin, nil - }) -} - -// Plugin is an implementation of admission.Interface. -type Plugin struct { - *generic.Webhook -} - -var _ admission.ValidationInterface = &Plugin{} - -// NewValidatingAdmissionWebhook returns a generic admission webhook plugin. -func NewValidatingAdmissionWebhook(configFile io.Reader) (*Plugin, error) { - handler := admission.NewHandler(admission.Connect, admission.Create, admission.Delete, admission.Update) - p := &Plugin{} - var err error - p.Webhook, err = generic.NewWebhook(handler, configFile, configuration.NewValidatingWebhookConfigurationManager, newValidatingDispatcher(p)) - if err != nil { - return nil, err - } - return p, nil -} - -// Validate makes an admission decision based on the request attributes. -func (a *Plugin) Validate(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error { - return a.Webhook.Dispatch(ctx, attr, o) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugins.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/plugins.go deleted file mode 100644 index 1afb480dd7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/plugins.go +++ /dev/null @@ -1,208 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "bytes" - "fmt" - "io" - "io/ioutil" - "reflect" - "sort" - "strings" - "sync" - - "k8s.io/klog/v2" -) - -// Factory is a function that returns an Interface for admission decisions. -// The config parameter provides an io.Reader handler to the factory in -// order to load specific configurations. If no configuration is provided -// the parameter is nil. -type Factory func(config io.Reader) (Interface, error) - -type Plugins struct { - lock sync.Mutex - registry map[string]Factory -} - -func NewPlugins() *Plugins { - return &Plugins{} -} - -// All registered admission options. -var ( - // PluginEnabledFn checks whether a plugin is enabled. By default, if you ask about it, it's enabled. - PluginEnabledFn = func(name string, config io.Reader) bool { - return true - } -) - -// PluginEnabledFunc is a function type that can provide an external check on whether an admission plugin may be enabled -type PluginEnabledFunc func(name string, config io.Reader) bool - -// Registered enumerates the names of all registered plugins. -func (ps *Plugins) Registered() []string { - ps.lock.Lock() - defer ps.lock.Unlock() - keys := []string{} - for k := range ps.registry { - keys = append(keys, k) - } - sort.Strings(keys) - return keys -} - -// Register registers a plugin Factory by name. This -// is expected to happen during app startup. -func (ps *Plugins) Register(name string, plugin Factory) { - ps.lock.Lock() - defer ps.lock.Unlock() - if ps.registry != nil { - _, found := ps.registry[name] - if found { - klog.Fatalf("Admission plugin %q was registered twice", name) - } - } else { - ps.registry = map[string]Factory{} - } - - klog.V(1).InfoS("Registered admission plugin", "plugin", name) - ps.registry[name] = plugin -} - -// getPlugin creates an instance of the named plugin. It returns `false` if -// the name is not known. The error is returned only when the named provider was -// known but failed to initialize. The config parameter specifies the io.Reader -// handler of the configuration file for the cloud provider, or nil for no configuration. -func (ps *Plugins) getPlugin(name string, config io.Reader) (Interface, bool, error) { - ps.lock.Lock() - defer ps.lock.Unlock() - f, found := ps.registry[name] - if !found { - return nil, false, nil - } - - config1, config2, err := splitStream(config) - if err != nil { - return nil, true, err - } - if !PluginEnabledFn(name, config1) { - return nil, true, nil - } - - ret, err := f(config2) - return ret, true, err -} - -// splitStream reads the stream bytes and constructs two copies of it. -func splitStream(config io.Reader) (io.Reader, io.Reader, error) { - if config == nil || reflect.ValueOf(config).IsNil() { - return nil, nil, nil - } - - configBytes, err := ioutil.ReadAll(config) - if err != nil { - return nil, nil, err - } - - return bytes.NewBuffer(configBytes), bytes.NewBuffer(configBytes), nil -} - -// NewFromPlugins returns an admission.Interface that will enforce admission control decisions of all -// the given plugins. -func (ps *Plugins) NewFromPlugins(pluginNames []string, configProvider ConfigProvider, pluginInitializer PluginInitializer, decorator Decorator) (Interface, error) { - handlers := []Interface{} - mutationPlugins := []string{} - validationPlugins := []string{} - for _, pluginName := range pluginNames { - pluginConfig, err := configProvider.ConfigFor(pluginName) - if err != nil { - return nil, err - } - - plugin, err := ps.InitPlugin(pluginName, pluginConfig, pluginInitializer) - if err != nil { - return nil, err - } - if plugin != nil { - if decorator != nil { - handlers = append(handlers, decorator.Decorate(plugin, pluginName)) - } else { - handlers = append(handlers, plugin) - } - - if _, ok := plugin.(MutationInterface); ok { - mutationPlugins = append(mutationPlugins, pluginName) - } - if _, ok := plugin.(ValidationInterface); ok { - validationPlugins = append(validationPlugins, pluginName) - } - } - } - if len(mutationPlugins) != 0 { - klog.Infof("Loaded %d mutating admission controller(s) successfully in the following order: %s.", len(mutationPlugins), strings.Join(mutationPlugins, ",")) - } - if len(validationPlugins) != 0 { - klog.Infof("Loaded %d validating admission controller(s) successfully in the following order: %s.", len(validationPlugins), strings.Join(validationPlugins, ",")) - } - return newReinvocationHandler(chainAdmissionHandler(handlers)), nil -} - -// InitPlugin creates an instance of the named interface. -func (ps *Plugins) InitPlugin(name string, config io.Reader, pluginInitializer PluginInitializer) (Interface, error) { - if name == "" { - klog.Info("No admission plugin specified.") - return nil, nil - } - - plugin, found, err := ps.getPlugin(name, config) - if err != nil { - return nil, fmt.Errorf("couldn't init admission plugin %q: %v", name, err) - } - if !found { - return nil, fmt.Errorf("unknown admission plugin: %s", name) - } - - pluginInitializer.Initialize(plugin) - // ensure that plugins have been properly initialized - if err := ValidateInitialization(plugin); err != nil { - return nil, fmt.Errorf("failed to initialize admission plugin %q: %v", name, err) - } - - return plugin, nil -} - -// ValidateInitialization will call the InitializationValidate function in each plugin if they implement -// the InitializationValidator interface. -func ValidateInitialization(plugin Interface) error { - if validater, ok := plugin.(InitializationValidator); ok { - err := validater.ValidateInitialization() - if err != nil { - return err - } - } - return nil -} - -type PluginInitializers []PluginInitializer - -func (pp PluginInitializers) Initialize(plugin Interface) { - for _, p := range pp { - p.Initialize(plugin) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/reinvocation.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/reinvocation.go deleted file mode 100644 index f93c703a11..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/reinvocation.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import "context" - -// newReinvocationHandler creates a handler that wraps the provided admission chain and reinvokes it -// if needed according to re-invocation policy of the webhooks. -func newReinvocationHandler(admissionChain Interface) Interface { - return &reinvoker{admissionChain} -} - -type reinvoker struct { - admissionChain Interface -} - -// Admit performs an admission control check using the wrapped admission chain, reinvoking the -// admission chain if needed according to the reinvocation policy. Plugins are expected to check -// the admission attributes' reinvocation context against their reinvocation policy to decide if -// they should re-run, and to update the reinvocation context if they perform any mutations. -func (r *reinvoker) Admit(ctx context.Context, a Attributes, o ObjectInterfaces) error { - if mutator, ok := r.admissionChain.(MutationInterface); ok { - err := mutator.Admit(ctx, a, o) - if err != nil { - return err - } - s := a.GetReinvocationContext() - if s.ShouldReinvoke() { - s.SetIsReinvoke() - // Calling admit a second time will reinvoke all in-tree plugins - // as well as any webhook plugins that need to be reinvoked based on the - // reinvocation policy. - return mutator.Admit(ctx, a, o) - } - } - return nil -} - -// Validate performs an admission control check using the wrapped admission chain, and returns immediately on first error. -func (r *reinvoker) Validate(ctx context.Context, a Attributes, o ObjectInterfaces) error { - if validator, ok := r.admissionChain.(ValidationInterface); ok { - return validator.Validate(ctx, a, o) - } - return nil -} - -// Handles will return true if any of the admission chain handlers handle the given operation. -func (r *reinvoker) Handles(operation Operation) bool { - return r.admissionChain.Handles(operation) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/admission/util.go b/etcd/vendor/k8s.io/apiserver/pkg/admission/util.go deleted file mode 100644 index 842932f73e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/admission/util.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import "k8s.io/apimachinery/pkg/runtime" - -type RuntimeObjectInterfaces struct { - runtime.ObjectCreater - runtime.ObjectTyper - runtime.ObjectDefaulter - runtime.ObjectConvertor - runtime.EquivalentResourceMapper -} - -func NewObjectInterfacesFromScheme(scheme *runtime.Scheme) ObjectInterfaces { - return &RuntimeObjectInterfaces{scheme, scheme, scheme, scheme, runtime.NewEquivalentResourceRegistry()} -} - -func (r *RuntimeObjectInterfaces) GetObjectCreater() runtime.ObjectCreater { - return r.ObjectCreater -} -func (r *RuntimeObjectInterfaces) GetObjectTyper() runtime.ObjectTyper { - return r.ObjectTyper -} -func (r *RuntimeObjectInterfaces) GetObjectDefaulter() runtime.ObjectDefaulter { - return r.ObjectDefaulter -} -func (r *RuntimeObjectInterfaces) GetObjectConvertor() runtime.ObjectConvertor { - return r.ObjectConvertor -} -func (r *RuntimeObjectInterfaces) GetEquivalentResourceMapper() runtime.EquivalentResourceMapper { - return r.EquivalentResourceMapper -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/doc.go deleted file mode 100644 index 88db1ffa67..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=apiserver.k8s.io - -// Package apiserver is the internal version of the API. -package apiserver // import "k8s.io/apiserver/pkg/apis/apiserver" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/install/install.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/install/install.go deleted file mode 100644 index 8a8202cb5b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/install/install.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/apis/apiserver" - v1 "k8s.io/apiserver/pkg/apis/apiserver/v1" - "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1" - "k8s.io/apiserver/pkg/apis/apiserver/v1beta1" -) - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(apiserver.AddToScheme(scheme)) - - // v1alpha is in the k8s.io-suffixed API group - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) - - // v1alpha is in the k8s.io-suffixed API group - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion)) - - // v1 is in the config.k8s.io-suffixed API group - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/register.go deleted file mode 100644 index 14ba08482a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apiserver - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const LegacyGroupName = "apiserver.k8s.io" -const GroupName = "apiserver.config.k8s.io" - -// LegacySchemeGroupVersion is group version used to register these objects -var LegacySchemeGroupVersion = schema.GroupVersion{Group: LegacyGroupName, Version: runtime.APIVersionInternal} - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(LegacySchemeGroupVersion, - &AdmissionConfiguration{}, - &EgressSelectorConfiguration{}, - ) - scheme.AddKnownTypes(SchemeGroupVersion, - &AdmissionConfiguration{}, - &EgressSelectorConfiguration{}, - &TracingConfiguration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/types.go deleted file mode 100644 index 1d723d5e36..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/types.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apiserver - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// AdmissionConfiguration provides versioned configuration for admission controllers. -type AdmissionConfiguration struct { - metav1.TypeMeta - - // Plugins allows specifying a configuration per admission control plugin. - // +optional - Plugins []AdmissionPluginConfiguration -} - -// AdmissionPluginConfiguration provides the configuration for a single plug-in. -type AdmissionPluginConfiguration struct { - // Name is the name of the admission controller. - // It must match the registered admission plugin name. - Name string - - // Path is the path to a configuration file that contains the plugin's - // configuration - // +optional - Path string - - // Configuration is an embedded configuration object to be used as the plugin's - // configuration. If present, it will be used instead of the path to the configuration file. - // +optional - Configuration *runtime.Unknown -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EgressSelectorConfiguration provides versioned configuration for egress selector clients. -type EgressSelectorConfiguration struct { - metav1.TypeMeta - - // EgressSelections contains a list of egress selection client configurations - EgressSelections []EgressSelection -} - -// EgressSelection provides the configuration for a single egress selection client. -type EgressSelection struct { - // Name is the name of the egress selection. - // Currently supported values are "controlplane", "etcd" and "cluster" - Name string - - // Connection is the exact information used to configure the egress selection - Connection Connection -} - -// Connection provides the configuration for a single egress selection client. -type Connection struct { - // Protocol is the protocol used to connect from client to the konnectivity server. - ProxyProtocol ProtocolType - - // Transport defines the transport configurations we use to dial to the konnectivity server. - // This is required if ProxyProtocol is HTTPConnect or GRPC. - // +optional - Transport *Transport -} - -// ProtocolType is a set of valid values for Connection.ProtocolType -type ProtocolType string - -// Valid types for ProtocolType for konnectivity server -const ( - // Use HTTPConnect to connect to konnectivity server - ProtocolHTTPConnect ProtocolType = "HTTPConnect" - // Use grpc to connect to konnectivity server - ProtocolGRPC ProtocolType = "GRPC" - // Connect directly (skip konnectivity server) - ProtocolDirect ProtocolType = "Direct" -) - -// Transport defines the transport configurations we use to dial to the konnectivity server -type Transport struct { - // TCP is the TCP configuration for communicating with the konnectivity server via TCP - // ProxyProtocol of GRPC is not supported with TCP transport at the moment - // Requires at least one of TCP or UDS to be set - // +optional - TCP *TCPTransport - - // UDS is the UDS configuration for communicating with the konnectivity server via UDS - // Requires at least one of TCP or UDS to be set - // +optional - UDS *UDSTransport -} - -// TCPTransport provides the information to connect to konnectivity server via TCP -type TCPTransport struct { - // URL is the location of the konnectivity server to connect to. - // As an example it might be "https://127.0.0.1:8131" - URL string - - // TLSConfig is the config needed to use TLS when connecting to konnectivity server - // +optional - TLSConfig *TLSConfig -} - -// UDSTransport provides the information to connect to konnectivity server via UDS -type UDSTransport struct { - // UDSName is the name of the unix domain socket to connect to konnectivity server - // This does not use a unix:// prefix. (Eg: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket) - UDSName string -} - -// TLSConfig provides the authentication information to connect to konnectivity server -// Only used with TCPTransport -type TLSConfig struct { - // caBundle is the file location of the CA to be used to determine trust with the konnectivity server. - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // If absent while TCPTransport.URL is prefixed with https://, default to system trust roots. - // +optional - CABundle string - - // clientKey is the file location of the client key to authenticate with the konnectivity server - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // Must be configured if TCPTransport.URL is prefixed with https:// - // +optional - ClientKey string - - // clientCert is the file location of the client certificate to authenticate with the konnectivity server - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // Must be configured if TCPTransport.URL is prefixed with https:// - // +optional - ClientCert string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// TracingConfiguration provides versioned configuration for tracing clients. -type TracingConfiguration struct { - metav1.TypeMeta - - // +optional - // Endpoint of the collector that's running on the control-plane node. - // The APIServer uses the egressType ControlPlane when sending data to the collector. - // The syntax is defined in https://github.com/grpc/grpc/blob/master/doc/naming.md. - // Defaults to the otlp grpc default, localhost:4317 - // The connection is insecure, and does not currently support TLS. - Endpoint *string - - // +optional - // SamplingRatePerMillion is the number of samples to collect per million spans. - // Defaults to 0. - SamplingRatePerMillion *int32 -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/doc.go deleted file mode 100644 index 91458aee4e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/apis/apiserver -// +k8s:defaulter-gen=TypeMeta -// +groupName=apiserver.config.k8s.io - -// Package v1 is the v1 version of the API. -package v1 // import "k8s.io/apiserver/pkg/apis/apiserver/v1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/register.go deleted file mode 100644 index 8d3bf987f9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/register.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &AdmissionConfiguration{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/types.go deleted file mode 100644 index e139dceb9d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/types.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// AdmissionConfiguration provides versioned configuration for admission controllers. -type AdmissionConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // Plugins allows specifying a configuration per admission control plugin. - // +optional - Plugins []AdmissionPluginConfiguration `json:"plugins"` -} - -// AdmissionPluginConfiguration provides the configuration for a single plug-in. -type AdmissionPluginConfiguration struct { - // Name is the name of the admission controller. - // It must match the registered admission plugin name. - Name string `json:"name"` - - // Path is the path to a configuration file that contains the plugin's - // configuration - // +optional - Path string `json:"path"` - - // Configuration is an embedded configuration object to be used as the plugin's - // configuration. If present, it will be used instead of the path to the configuration file. - // +optional - Configuration *runtime.Unknown `json:"configuration"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.conversion.go deleted file mode 100644 index 22562c87a0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.conversion.go +++ /dev/null @@ -1,104 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - apiserver "k8s.io/apiserver/pkg/apis/apiserver" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*AdmissionConfiguration)(nil), (*apiserver.AdmissionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(a.(*AdmissionConfiguration), b.(*apiserver.AdmissionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.AdmissionConfiguration)(nil), (*AdmissionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_AdmissionConfiguration_To_v1_AdmissionConfiguration(a.(*apiserver.AdmissionConfiguration), b.(*AdmissionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*AdmissionPluginConfiguration)(nil), (*apiserver.AdmissionPluginConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(a.(*AdmissionPluginConfiguration), b.(*apiserver.AdmissionPluginConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.AdmissionPluginConfiguration)(nil), (*AdmissionPluginConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_AdmissionPluginConfiguration_To_v1_AdmissionPluginConfiguration(a.(*apiserver.AdmissionPluginConfiguration), b.(*AdmissionPluginConfiguration), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(in *AdmissionConfiguration, out *apiserver.AdmissionConfiguration, s conversion.Scope) error { - out.Plugins = *(*[]apiserver.AdmissionPluginConfiguration)(unsafe.Pointer(&in.Plugins)) - return nil -} - -// Convert_v1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration is an autogenerated conversion function. -func Convert_v1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(in *AdmissionConfiguration, out *apiserver.AdmissionConfiguration, s conversion.Scope) error { - return autoConvert_v1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(in, out, s) -} - -func autoConvert_apiserver_AdmissionConfiguration_To_v1_AdmissionConfiguration(in *apiserver.AdmissionConfiguration, out *AdmissionConfiguration, s conversion.Scope) error { - out.Plugins = *(*[]AdmissionPluginConfiguration)(unsafe.Pointer(&in.Plugins)) - return nil -} - -// Convert_apiserver_AdmissionConfiguration_To_v1_AdmissionConfiguration is an autogenerated conversion function. -func Convert_apiserver_AdmissionConfiguration_To_v1_AdmissionConfiguration(in *apiserver.AdmissionConfiguration, out *AdmissionConfiguration, s conversion.Scope) error { - return autoConvert_apiserver_AdmissionConfiguration_To_v1_AdmissionConfiguration(in, out, s) -} - -func autoConvert_v1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(in *AdmissionPluginConfiguration, out *apiserver.AdmissionPluginConfiguration, s conversion.Scope) error { - out.Name = in.Name - out.Path = in.Path - out.Configuration = (*runtime.Unknown)(unsafe.Pointer(in.Configuration)) - return nil -} - -// Convert_v1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration is an autogenerated conversion function. -func Convert_v1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(in *AdmissionPluginConfiguration, out *apiserver.AdmissionPluginConfiguration, s conversion.Scope) error { - return autoConvert_v1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(in, out, s) -} - -func autoConvert_apiserver_AdmissionPluginConfiguration_To_v1_AdmissionPluginConfiguration(in *apiserver.AdmissionPluginConfiguration, out *AdmissionPluginConfiguration, s conversion.Scope) error { - out.Name = in.Name - out.Path = in.Path - out.Configuration = (*runtime.Unknown)(unsafe.Pointer(in.Configuration)) - return nil -} - -// Convert_apiserver_AdmissionPluginConfiguration_To_v1_AdmissionPluginConfiguration is an autogenerated conversion function. -func Convert_apiserver_AdmissionPluginConfiguration_To_v1_AdmissionPluginConfiguration(in *apiserver.AdmissionPluginConfiguration, out *AdmissionPluginConfiguration, s conversion.Scope) error { - return autoConvert_apiserver_AdmissionPluginConfiguration_To_v1_AdmissionPluginConfiguration(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.deepcopy.go deleted file mode 100644 index d1bc5e01f5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,79 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionConfiguration) DeepCopyInto(out *AdmissionConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Plugins != nil { - in, out := &in.Plugins, &out.Plugins - *out = make([]AdmissionPluginConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionConfiguration. -func (in *AdmissionConfiguration) DeepCopy() *AdmissionConfiguration { - if in == nil { - return nil - } - out := new(AdmissionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionPluginConfiguration) DeepCopyInto(out *AdmissionPluginConfiguration) { - *out = *in - if in.Configuration != nil { - in, out := &in.Configuration, &out.Configuration - *out = new(runtime.Unknown) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionPluginConfiguration. -func (in *AdmissionPluginConfiguration) DeepCopy() *AdmissionPluginConfiguration { - if in == nil { - return nil - } - out := new(AdmissionPluginConfiguration) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/conversion.go deleted file mode 100644 index 31b8b7064b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/conversion.go +++ /dev/null @@ -1,32 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" - apiserver "k8s.io/apiserver/pkg/apis/apiserver" -) - -func Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error { - if err := autoConvert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in, out, s); err != nil { - return err - } - if out.Name == "master" { - out.Name = "controlplane" - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/doc.go deleted file mode 100644 index c9b658b22a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/apis/apiserver -// +k8s:defaulter-gen=TypeMeta -// +groupName=apiserver.k8s.io -// +groupName=apiserver.config.k8s.io - -// Package v1alpha1 is the v1alpha1 version of the API. -package v1alpha1 // import "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/register.go deleted file mode 100644 index e4e16c01ce..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/register.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const GroupName = "apiserver.k8s.io" -const ConfigGroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// ConfigSchemeGroupVersion is group version used to register these objects -var ConfigSchemeGroupVersion = schema.GroupVersion{Group: ConfigGroupName, Version: "v1alpha1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &AdmissionConfiguration{}, - &EgressSelectorConfiguration{}, - ) - scheme.AddKnownTypes(ConfigSchemeGroupVersion, - &TracingConfiguration{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - metav1.AddToGroupVersion(scheme, ConfigSchemeGroupVersion) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go deleted file mode 100644 index cd937f1c7f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go +++ /dev/null @@ -1,169 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// AdmissionConfiguration provides versioned configuration for admission controllers. -type AdmissionConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // Plugins allows specifying a configuration per admission control plugin. - // +optional - Plugins []AdmissionPluginConfiguration `json:"plugins"` -} - -// AdmissionPluginConfiguration provides the configuration for a single plug-in. -type AdmissionPluginConfiguration struct { - // Name is the name of the admission controller. - // It must match the registered admission plugin name. - Name string `json:"name"` - - // Path is the path to a configuration file that contains the plugin's - // configuration - // +optional - Path string `json:"path"` - - // Configuration is an embedded configuration object to be used as the plugin's - // configuration. If present, it will be used instead of the path to the configuration file. - // +optional - Configuration *runtime.Unknown `json:"configuration"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EgressSelectorConfiguration provides versioned configuration for egress selector clients. -type EgressSelectorConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // connectionServices contains a list of egress selection client configurations - EgressSelections []EgressSelection `json:"egressSelections"` -} - -// EgressSelection provides the configuration for a single egress selection client. -type EgressSelection struct { - // name is the name of the egress selection. - // Currently supported values are "controlplane", "master", "etcd" and "cluster" - // The "master" egress selector is deprecated in favor of "controlplane" - Name string `json:"name"` - - // connection is the exact information used to configure the egress selection - Connection Connection `json:"connection"` -} - -// Connection provides the configuration for a single egress selection client. -type Connection struct { - // Protocol is the protocol used to connect from client to the konnectivity server. - ProxyProtocol ProtocolType `json:"proxyProtocol,omitempty"` - - // Transport defines the transport configurations we use to dial to the konnectivity server. - // This is required if ProxyProtocol is HTTPConnect or GRPC. - // +optional - Transport *Transport `json:"transport,omitempty"` -} - -// ProtocolType is a set of valid values for Connection.ProtocolType -type ProtocolType string - -// Valid types for ProtocolType for konnectivity server -const ( - // Use HTTPConnect to connect to konnectivity server - ProtocolHTTPConnect ProtocolType = "HTTPConnect" - // Use grpc to connect to konnectivity server - ProtocolGRPC ProtocolType = "GRPC" - // Connect directly (skip konnectivity server) - ProtocolDirect ProtocolType = "Direct" -) - -// Transport defines the transport configurations we use to dial to the konnectivity server -type Transport struct { - // TCP is the TCP configuration for communicating with the konnectivity server via TCP - // ProxyProtocol of GRPC is not supported with TCP transport at the moment - // Requires at least one of TCP or UDS to be set - // +optional - TCP *TCPTransport `json:"tcp,omitempty"` - - // UDS is the UDS configuration for communicating with the konnectivity server via UDS - // Requires at least one of TCP or UDS to be set - // +optional - UDS *UDSTransport `json:"uds,omitempty"` -} - -// TCPTransport provides the information to connect to konnectivity server via TCP -type TCPTransport struct { - // URL is the location of the konnectivity server to connect to. - // As an example it might be "https://127.0.0.1:8131" - URL string `json:"url,omitempty"` - - // TLSConfig is the config needed to use TLS when connecting to konnectivity server - // +optional - TLSConfig *TLSConfig `json:"tlsConfig,omitempty"` -} - -// UDSTransport provides the information to connect to konnectivity server via UDS -type UDSTransport struct { - // UDSName is the name of the unix domain socket to connect to konnectivity server - // This does not use a unix:// prefix. (Eg: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket) - UDSName string `json:"udsName,omitempty"` -} - -// TLSConfig provides the authentication information to connect to konnectivity server -// Only used with TCPTransport -type TLSConfig struct { - // caBundle is the file location of the CA to be used to determine trust with the konnectivity server. - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // If absent while TCPTransport.URL is prefixed with https://, default to system trust roots. - // +optional - CABundle string `json:"caBundle,omitempty"` - - // clientKey is the file location of the client key to be used in mtls handshakes with the konnectivity server. - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // Must be configured if TCPTransport.URL is prefixed with https:// - // +optional - ClientKey string `json:"clientKey,omitempty"` - - // clientCert is the file location of the client certificate to be used in mtls handshakes with the konnectivity server. - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // Must be configured if TCPTransport.URL is prefixed with https:// - // +optional - ClientCert string `json:"clientCert,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// TracingConfiguration provides versioned configuration for tracing clients. -type TracingConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // +optional - // Endpoint of the collector that's running on the control-plane node. - // The APIServer uses the egressType ControlPlane when sending data to the collector. - // The syntax is defined in https://github.com/grpc/grpc/blob/master/doc/naming.md. - // Defaults to the otlpgrpc default, localhost:4317 - // The connection is insecure, and does not support TLS. - Endpoint *string `json:"endpoint,omitempty" protobuf:"bytes,1,opt,name=endpoint"` - - // +optional - // SamplingRatePerMillion is the number of samples to collect per million spans. - // Defaults to 0. - SamplingRatePerMillion *int32 `json:"samplingRatePerMillion,omitempty" protobuf:"varint,2,opt,name=samplingRatePerMillion"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index e60f2f3b70..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,377 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - apiserver "k8s.io/apiserver/pkg/apis/apiserver" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*AdmissionConfiguration)(nil), (*apiserver.AdmissionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(a.(*AdmissionConfiguration), b.(*apiserver.AdmissionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.AdmissionConfiguration)(nil), (*AdmissionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_AdmissionConfiguration_To_v1alpha1_AdmissionConfiguration(a.(*apiserver.AdmissionConfiguration), b.(*AdmissionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*AdmissionPluginConfiguration)(nil), (*apiserver.AdmissionPluginConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(a.(*AdmissionPluginConfiguration), b.(*apiserver.AdmissionPluginConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.AdmissionPluginConfiguration)(nil), (*AdmissionPluginConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_AdmissionPluginConfiguration_To_v1alpha1_AdmissionPluginConfiguration(a.(*apiserver.AdmissionPluginConfiguration), b.(*AdmissionPluginConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Connection)(nil), (*apiserver.Connection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Connection_To_apiserver_Connection(a.(*Connection), b.(*apiserver.Connection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.Connection)(nil), (*Connection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_Connection_To_v1alpha1_Connection(a.(*apiserver.Connection), b.(*Connection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.EgressSelection)(nil), (*EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(a.(*apiserver.EgressSelection), b.(*EgressSelection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*EgressSelectorConfiguration)(nil), (*apiserver.EgressSelectorConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(a.(*EgressSelectorConfiguration), b.(*apiserver.EgressSelectorConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.EgressSelectorConfiguration)(nil), (*EgressSelectorConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_EgressSelectorConfiguration_To_v1alpha1_EgressSelectorConfiguration(a.(*apiserver.EgressSelectorConfiguration), b.(*EgressSelectorConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*TCPTransport)(nil), (*apiserver.TCPTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_TCPTransport_To_apiserver_TCPTransport(a.(*TCPTransport), b.(*apiserver.TCPTransport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.TCPTransport)(nil), (*TCPTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_TCPTransport_To_v1alpha1_TCPTransport(a.(*apiserver.TCPTransport), b.(*TCPTransport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*TLSConfig)(nil), (*apiserver.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_TLSConfig_To_apiserver_TLSConfig(a.(*TLSConfig), b.(*apiserver.TLSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.TLSConfig)(nil), (*TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_TLSConfig_To_v1alpha1_TLSConfig(a.(*apiserver.TLSConfig), b.(*TLSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*TracingConfiguration)(nil), (*apiserver.TracingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_TracingConfiguration_To_apiserver_TracingConfiguration(a.(*TracingConfiguration), b.(*apiserver.TracingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.TracingConfiguration)(nil), (*TracingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_TracingConfiguration_To_v1alpha1_TracingConfiguration(a.(*apiserver.TracingConfiguration), b.(*TracingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Transport)(nil), (*apiserver.Transport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Transport_To_apiserver_Transport(a.(*Transport), b.(*apiserver.Transport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.Transport)(nil), (*Transport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_Transport_To_v1alpha1_Transport(a.(*apiserver.Transport), b.(*Transport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*UDSTransport)(nil), (*apiserver.UDSTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_UDSTransport_To_apiserver_UDSTransport(a.(*UDSTransport), b.(*apiserver.UDSTransport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.UDSTransport)(nil), (*UDSTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_UDSTransport_To_v1alpha1_UDSTransport(a.(*apiserver.UDSTransport), b.(*UDSTransport), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*EgressSelection)(nil), (*apiserver.EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(a.(*EgressSelection), b.(*apiserver.EgressSelection), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(in *AdmissionConfiguration, out *apiserver.AdmissionConfiguration, s conversion.Scope) error { - out.Plugins = *(*[]apiserver.AdmissionPluginConfiguration)(unsafe.Pointer(&in.Plugins)) - return nil -} - -// Convert_v1alpha1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(in *AdmissionConfiguration, out *apiserver.AdmissionConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_AdmissionConfiguration_To_apiserver_AdmissionConfiguration(in, out, s) -} - -func autoConvert_apiserver_AdmissionConfiguration_To_v1alpha1_AdmissionConfiguration(in *apiserver.AdmissionConfiguration, out *AdmissionConfiguration, s conversion.Scope) error { - out.Plugins = *(*[]AdmissionPluginConfiguration)(unsafe.Pointer(&in.Plugins)) - return nil -} - -// Convert_apiserver_AdmissionConfiguration_To_v1alpha1_AdmissionConfiguration is an autogenerated conversion function. -func Convert_apiserver_AdmissionConfiguration_To_v1alpha1_AdmissionConfiguration(in *apiserver.AdmissionConfiguration, out *AdmissionConfiguration, s conversion.Scope) error { - return autoConvert_apiserver_AdmissionConfiguration_To_v1alpha1_AdmissionConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(in *AdmissionPluginConfiguration, out *apiserver.AdmissionPluginConfiguration, s conversion.Scope) error { - out.Name = in.Name - out.Path = in.Path - out.Configuration = (*runtime.Unknown)(unsafe.Pointer(in.Configuration)) - return nil -} - -// Convert_v1alpha1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(in *AdmissionPluginConfiguration, out *apiserver.AdmissionPluginConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_AdmissionPluginConfiguration_To_apiserver_AdmissionPluginConfiguration(in, out, s) -} - -func autoConvert_apiserver_AdmissionPluginConfiguration_To_v1alpha1_AdmissionPluginConfiguration(in *apiserver.AdmissionPluginConfiguration, out *AdmissionPluginConfiguration, s conversion.Scope) error { - out.Name = in.Name - out.Path = in.Path - out.Configuration = (*runtime.Unknown)(unsafe.Pointer(in.Configuration)) - return nil -} - -// Convert_apiserver_AdmissionPluginConfiguration_To_v1alpha1_AdmissionPluginConfiguration is an autogenerated conversion function. -func Convert_apiserver_AdmissionPluginConfiguration_To_v1alpha1_AdmissionPluginConfiguration(in *apiserver.AdmissionPluginConfiguration, out *AdmissionPluginConfiguration, s conversion.Scope) error { - return autoConvert_apiserver_AdmissionPluginConfiguration_To_v1alpha1_AdmissionPluginConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_Connection_To_apiserver_Connection(in *Connection, out *apiserver.Connection, s conversion.Scope) error { - out.ProxyProtocol = apiserver.ProtocolType(in.ProxyProtocol) - out.Transport = (*apiserver.Transport)(unsafe.Pointer(in.Transport)) - return nil -} - -// Convert_v1alpha1_Connection_To_apiserver_Connection is an autogenerated conversion function. -func Convert_v1alpha1_Connection_To_apiserver_Connection(in *Connection, out *apiserver.Connection, s conversion.Scope) error { - return autoConvert_v1alpha1_Connection_To_apiserver_Connection(in, out, s) -} - -func autoConvert_apiserver_Connection_To_v1alpha1_Connection(in *apiserver.Connection, out *Connection, s conversion.Scope) error { - out.ProxyProtocol = ProtocolType(in.ProxyProtocol) - out.Transport = (*Transport)(unsafe.Pointer(in.Transport)) - return nil -} - -// Convert_apiserver_Connection_To_v1alpha1_Connection is an autogenerated conversion function. -func Convert_apiserver_Connection_To_v1alpha1_Connection(in *apiserver.Connection, out *Connection, s conversion.Scope) error { - return autoConvert_apiserver_Connection_To_v1alpha1_Connection(in, out, s) -} - -func autoConvert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1alpha1_Connection_To_apiserver_Connection(&in.Connection, &out.Connection, s); err != nil { - return err - } - return nil -} - -func autoConvert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_apiserver_Connection_To_v1alpha1_Connection(&in.Connection, &out.Connection, s); err != nil { - return err - } - return nil -} - -// Convert_apiserver_EgressSelection_To_v1alpha1_EgressSelection is an autogenerated conversion function. -func Convert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error { - return autoConvert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(in, out, s) -} - -func autoConvert_v1alpha1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, s conversion.Scope) error { - if in.EgressSelections != nil { - in, out := &in.EgressSelections, &out.EgressSelections - *out = make([]apiserver.EgressSelection, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_EgressSelection_To_apiserver_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.EgressSelections = nil - } - return nil -} - -// Convert_v1alpha1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in, out, s) -} - -func autoConvert_apiserver_EgressSelectorConfiguration_To_v1alpha1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, s conversion.Scope) error { - if in.EgressSelections != nil { - in, out := &in.EgressSelections, &out.EgressSelections - *out = make([]EgressSelection, len(*in)) - for i := range *in { - if err := Convert_apiserver_EgressSelection_To_v1alpha1_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.EgressSelections = nil - } - return nil -} - -// Convert_apiserver_EgressSelectorConfiguration_To_v1alpha1_EgressSelectorConfiguration is an autogenerated conversion function. -func Convert_apiserver_EgressSelectorConfiguration_To_v1alpha1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, s conversion.Scope) error { - return autoConvert_apiserver_EgressSelectorConfiguration_To_v1alpha1_EgressSelectorConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_TCPTransport_To_apiserver_TCPTransport(in *TCPTransport, out *apiserver.TCPTransport, s conversion.Scope) error { - out.URL = in.URL - out.TLSConfig = (*apiserver.TLSConfig)(unsafe.Pointer(in.TLSConfig)) - return nil -} - -// Convert_v1alpha1_TCPTransport_To_apiserver_TCPTransport is an autogenerated conversion function. -func Convert_v1alpha1_TCPTransport_To_apiserver_TCPTransport(in *TCPTransport, out *apiserver.TCPTransport, s conversion.Scope) error { - return autoConvert_v1alpha1_TCPTransport_To_apiserver_TCPTransport(in, out, s) -} - -func autoConvert_apiserver_TCPTransport_To_v1alpha1_TCPTransport(in *apiserver.TCPTransport, out *TCPTransport, s conversion.Scope) error { - out.URL = in.URL - out.TLSConfig = (*TLSConfig)(unsafe.Pointer(in.TLSConfig)) - return nil -} - -// Convert_apiserver_TCPTransport_To_v1alpha1_TCPTransport is an autogenerated conversion function. -func Convert_apiserver_TCPTransport_To_v1alpha1_TCPTransport(in *apiserver.TCPTransport, out *TCPTransport, s conversion.Scope) error { - return autoConvert_apiserver_TCPTransport_To_v1alpha1_TCPTransport(in, out, s) -} - -func autoConvert_v1alpha1_TLSConfig_To_apiserver_TLSConfig(in *TLSConfig, out *apiserver.TLSConfig, s conversion.Scope) error { - out.CABundle = in.CABundle - out.ClientKey = in.ClientKey - out.ClientCert = in.ClientCert - return nil -} - -// Convert_v1alpha1_TLSConfig_To_apiserver_TLSConfig is an autogenerated conversion function. -func Convert_v1alpha1_TLSConfig_To_apiserver_TLSConfig(in *TLSConfig, out *apiserver.TLSConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_TLSConfig_To_apiserver_TLSConfig(in, out, s) -} - -func autoConvert_apiserver_TLSConfig_To_v1alpha1_TLSConfig(in *apiserver.TLSConfig, out *TLSConfig, s conversion.Scope) error { - out.CABundle = in.CABundle - out.ClientKey = in.ClientKey - out.ClientCert = in.ClientCert - return nil -} - -// Convert_apiserver_TLSConfig_To_v1alpha1_TLSConfig is an autogenerated conversion function. -func Convert_apiserver_TLSConfig_To_v1alpha1_TLSConfig(in *apiserver.TLSConfig, out *TLSConfig, s conversion.Scope) error { - return autoConvert_apiserver_TLSConfig_To_v1alpha1_TLSConfig(in, out, s) -} - -func autoConvert_v1alpha1_TracingConfiguration_To_apiserver_TracingConfiguration(in *TracingConfiguration, out *apiserver.TracingConfiguration, s conversion.Scope) error { - out.Endpoint = (*string)(unsafe.Pointer(in.Endpoint)) - out.SamplingRatePerMillion = (*int32)(unsafe.Pointer(in.SamplingRatePerMillion)) - return nil -} - -// Convert_v1alpha1_TracingConfiguration_To_apiserver_TracingConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_TracingConfiguration_To_apiserver_TracingConfiguration(in *TracingConfiguration, out *apiserver.TracingConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_TracingConfiguration_To_apiserver_TracingConfiguration(in, out, s) -} - -func autoConvert_apiserver_TracingConfiguration_To_v1alpha1_TracingConfiguration(in *apiserver.TracingConfiguration, out *TracingConfiguration, s conversion.Scope) error { - out.Endpoint = (*string)(unsafe.Pointer(in.Endpoint)) - out.SamplingRatePerMillion = (*int32)(unsafe.Pointer(in.SamplingRatePerMillion)) - return nil -} - -// Convert_apiserver_TracingConfiguration_To_v1alpha1_TracingConfiguration is an autogenerated conversion function. -func Convert_apiserver_TracingConfiguration_To_v1alpha1_TracingConfiguration(in *apiserver.TracingConfiguration, out *TracingConfiguration, s conversion.Scope) error { - return autoConvert_apiserver_TracingConfiguration_To_v1alpha1_TracingConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_Transport_To_apiserver_Transport(in *Transport, out *apiserver.Transport, s conversion.Scope) error { - out.TCP = (*apiserver.TCPTransport)(unsafe.Pointer(in.TCP)) - out.UDS = (*apiserver.UDSTransport)(unsafe.Pointer(in.UDS)) - return nil -} - -// Convert_v1alpha1_Transport_To_apiserver_Transport is an autogenerated conversion function. -func Convert_v1alpha1_Transport_To_apiserver_Transport(in *Transport, out *apiserver.Transport, s conversion.Scope) error { - return autoConvert_v1alpha1_Transport_To_apiserver_Transport(in, out, s) -} - -func autoConvert_apiserver_Transport_To_v1alpha1_Transport(in *apiserver.Transport, out *Transport, s conversion.Scope) error { - out.TCP = (*TCPTransport)(unsafe.Pointer(in.TCP)) - out.UDS = (*UDSTransport)(unsafe.Pointer(in.UDS)) - return nil -} - -// Convert_apiserver_Transport_To_v1alpha1_Transport is an autogenerated conversion function. -func Convert_apiserver_Transport_To_v1alpha1_Transport(in *apiserver.Transport, out *Transport, s conversion.Scope) error { - return autoConvert_apiserver_Transport_To_v1alpha1_Transport(in, out, s) -} - -func autoConvert_v1alpha1_UDSTransport_To_apiserver_UDSTransport(in *UDSTransport, out *apiserver.UDSTransport, s conversion.Scope) error { - out.UDSName = in.UDSName - return nil -} - -// Convert_v1alpha1_UDSTransport_To_apiserver_UDSTransport is an autogenerated conversion function. -func Convert_v1alpha1_UDSTransport_To_apiserver_UDSTransport(in *UDSTransport, out *apiserver.UDSTransport, s conversion.Scope) error { - return autoConvert_v1alpha1_UDSTransport_To_apiserver_UDSTransport(in, out, s) -} - -func autoConvert_apiserver_UDSTransport_To_v1alpha1_UDSTransport(in *apiserver.UDSTransport, out *UDSTransport, s conversion.Scope) error { - out.UDSName = in.UDSName - return nil -} - -// Convert_apiserver_UDSTransport_To_v1alpha1_UDSTransport is an autogenerated conversion function. -func Convert_apiserver_UDSTransport_To_v1alpha1_UDSTransport(in *apiserver.UDSTransport, out *UDSTransport, s conversion.Scope) error { - return autoConvert_apiserver_UDSTransport_To_v1alpha1_UDSTransport(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index 0e95103e01..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,263 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionConfiguration) DeepCopyInto(out *AdmissionConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Plugins != nil { - in, out := &in.Plugins, &out.Plugins - *out = make([]AdmissionPluginConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionConfiguration. -func (in *AdmissionConfiguration) DeepCopy() *AdmissionConfiguration { - if in == nil { - return nil - } - out := new(AdmissionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionPluginConfiguration) DeepCopyInto(out *AdmissionPluginConfiguration) { - *out = *in - if in.Configuration != nil { - in, out := &in.Configuration, &out.Configuration - *out = new(runtime.Unknown) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionPluginConfiguration. -func (in *AdmissionPluginConfiguration) DeepCopy() *AdmissionPluginConfiguration { - if in == nil { - return nil - } - out := new(AdmissionPluginConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Connection) DeepCopyInto(out *Connection) { - *out = *in - if in.Transport != nil { - in, out := &in.Transport, &out.Transport - *out = new(Transport) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection. -func (in *Connection) DeepCopy() *Connection { - if in == nil { - return nil - } - out := new(Connection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EgressSelection) DeepCopyInto(out *EgressSelection) { - *out = *in - in.Connection.DeepCopyInto(&out.Connection) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelection. -func (in *EgressSelection) DeepCopy() *EgressSelection { - if in == nil { - return nil - } - out := new(EgressSelection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EgressSelectorConfiguration) DeepCopyInto(out *EgressSelectorConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.EgressSelections != nil { - in, out := &in.EgressSelections, &out.EgressSelections - *out = make([]EgressSelection, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelectorConfiguration. -func (in *EgressSelectorConfiguration) DeepCopy() *EgressSelectorConfiguration { - if in == nil { - return nil - } - out := new(EgressSelectorConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EgressSelectorConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPTransport) DeepCopyInto(out *TCPTransport) { - *out = *in - if in.TLSConfig != nil { - in, out := &in.TLSConfig, &out.TLSConfig - *out = new(TLSConfig) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTransport. -func (in *TCPTransport) DeepCopy() *TCPTransport { - if in == nil { - return nil - } - out := new(TCPTransport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. -func (in *TLSConfig) DeepCopy() *TLSConfig { - if in == nil { - return nil - } - out := new(TLSConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TracingConfiguration) DeepCopyInto(out *TracingConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Endpoint != nil { - in, out := &in.Endpoint, &out.Endpoint - *out = new(string) - **out = **in - } - if in.SamplingRatePerMillion != nil { - in, out := &in.SamplingRatePerMillion, &out.SamplingRatePerMillion - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfiguration. -func (in *TracingConfiguration) DeepCopy() *TracingConfiguration { - if in == nil { - return nil - } - out := new(TracingConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *TracingConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Transport) DeepCopyInto(out *Transport) { - *out = *in - if in.TCP != nil { - in, out := &in.TCP, &out.TCP - *out = new(TCPTransport) - (*in).DeepCopyInto(*out) - } - if in.UDS != nil { - in, out := &in.UDS, &out.UDS - *out = new(UDSTransport) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Transport. -func (in *Transport) DeepCopy() *Transport { - if in == nil { - return nil - } - out := new(Transport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UDSTransport) DeepCopyInto(out *UDSTransport) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDSTransport. -func (in *UDSTransport) DeepCopy() *UDSTransport { - if in == nil { - return nil - } - out := new(UDSTransport) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/conversion.go deleted file mode 100644 index d7110eff1b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/conversion.go +++ /dev/null @@ -1,32 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" - apiserver "k8s.io/apiserver/pkg/apis/apiserver" -) - -func Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error { - if err := autoConvert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in, out, s); err != nil { - return err - } - if out.Name == "master" { - out.Name = "controlplane" - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/doc.go deleted file mode 100644 index 07321e775d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/apis/apiserver -// +k8s:defaulter-gen=TypeMeta -// +groupName=apiserver.k8s.io - -// Package v1beta1 is the v1beta1 version of the API. -package v1beta1 // import "k8s.io/apiserver/pkg/apis/apiserver/v1beta1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/register.go deleted file mode 100644 index 9ea529472f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/register.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const GroupName = "apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &EgressSelectorConfiguration{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go deleted file mode 100644 index ea22b403a3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EgressSelectorConfiguration provides versioned configuration for egress selector clients. -type EgressSelectorConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // connectionServices contains a list of egress selection client configurations - EgressSelections []EgressSelection `json:"egressSelections"` -} - -// EgressSelection provides the configuration for a single egress selection client. -type EgressSelection struct { - // name is the name of the egress selection. - // Currently supported values are "controlplane", "master", "etcd" and "cluster" - // The "master" egress selector is deprecated in favor of "controlplane" - Name string `json:"name"` - - // connection is the exact information used to configure the egress selection - Connection Connection `json:"connection"` -} - -// Connection provides the configuration for a single egress selection client. -type Connection struct { - // Protocol is the protocol used to connect from client to the konnectivity server. - ProxyProtocol ProtocolType `json:"proxyProtocol,omitempty"` - - // Transport defines the transport configurations we use to dial to the konnectivity server. - // This is required if ProxyProtocol is HTTPConnect or GRPC. - // +optional - Transport *Transport `json:"transport,omitempty"` -} - -// ProtocolType is a set of valid values for Connection.ProtocolType -type ProtocolType string - -// Valid types for ProtocolType for konnectivity server -const ( - // Use HTTPConnect to connect to konnectivity server - ProtocolHTTPConnect ProtocolType = "HTTPConnect" - // Use grpc to connect to konnectivity server - ProtocolGRPC ProtocolType = "GRPC" - // Connect directly (skip konnectivity server) - ProtocolDirect ProtocolType = "Direct" -) - -// Transport defines the transport configurations we use to dial to the konnectivity server -type Transport struct { - // TCP is the TCP configuration for communicating with the konnectivity server via TCP - // ProxyProtocol of GRPC is not supported with TCP transport at the moment - // Requires at least one of TCP or UDS to be set - // +optional - TCP *TCPTransport `json:"tcp,omitempty"` - - // UDS is the UDS configuration for communicating with the konnectivity server via UDS - // Requires at least one of TCP or UDS to be set - // +optional - UDS *UDSTransport `json:"uds,omitempty"` -} - -// TCPTransport provides the information to connect to konnectivity server via TCP -type TCPTransport struct { - // URL is the location of the konnectivity server to connect to. - // As an example it might be "https://127.0.0.1:8131" - URL string `json:"url,omitempty"` - - // TLSConfig is the config needed to use TLS when connecting to konnectivity server - // +optional - TLSConfig *TLSConfig `json:"tlsConfig,omitempty"` -} - -// UDSTransport provides the information to connect to konnectivity server via UDS -type UDSTransport struct { - // UDSName is the name of the unix domain socket to connect to konnectivity server - // This does not use a unix:// prefix. (Eg: /etc/srv/kubernetes/konnectivity-server/konnectivity-server.socket) - UDSName string `json:"udsName,omitempty"` -} - -// TLSConfig provides the authentication information to connect to konnectivity server -// Only used with TCPTransport -type TLSConfig struct { - // caBundle is the file location of the CA to be used to determine trust with the konnectivity server. - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // If absent while TCPTransport.URL is prefixed with https://, default to system trust roots. - // +optional - CABundle string `json:"caBundle,omitempty"` - - // clientKey is the file location of the client key to be used in mtls handshakes with the konnectivity server. - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // Must be configured if TCPTransport.URL is prefixed with https:// - // +optional - ClientKey string `json:"clientKey,omitempty"` - - // clientCert is the file location of the client certificate to be used in mtls handshakes with the konnectivity server. - // Must be absent/empty if TCPTransport.URL is prefixed with http:// - // Must be configured if TCPTransport.URL is prefixed with https:// - // +optional - ClientCert string `json:"clientCert,omitempty"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 37b0f2f7b7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,281 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - apiserver "k8s.io/apiserver/pkg/apis/apiserver" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*Connection)(nil), (*apiserver.Connection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Connection_To_apiserver_Connection(a.(*Connection), b.(*apiserver.Connection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.Connection)(nil), (*Connection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_Connection_To_v1beta1_Connection(a.(*apiserver.Connection), b.(*Connection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.EgressSelection)(nil), (*EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(a.(*apiserver.EgressSelection), b.(*EgressSelection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*EgressSelectorConfiguration)(nil), (*apiserver.EgressSelectorConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(a.(*EgressSelectorConfiguration), b.(*apiserver.EgressSelectorConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.EgressSelectorConfiguration)(nil), (*EgressSelectorConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(a.(*apiserver.EgressSelectorConfiguration), b.(*EgressSelectorConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*TCPTransport)(nil), (*apiserver.TCPTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport(a.(*TCPTransport), b.(*apiserver.TCPTransport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.TCPTransport)(nil), (*TCPTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_TCPTransport_To_v1beta1_TCPTransport(a.(*apiserver.TCPTransport), b.(*TCPTransport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*TLSConfig)(nil), (*apiserver.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_TLSConfig_To_apiserver_TLSConfig(a.(*TLSConfig), b.(*apiserver.TLSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.TLSConfig)(nil), (*TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_TLSConfig_To_v1beta1_TLSConfig(a.(*apiserver.TLSConfig), b.(*TLSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Transport)(nil), (*apiserver.Transport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Transport_To_apiserver_Transport(a.(*Transport), b.(*apiserver.Transport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.Transport)(nil), (*Transport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_Transport_To_v1beta1_Transport(a.(*apiserver.Transport), b.(*Transport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*UDSTransport)(nil), (*apiserver.UDSTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_UDSTransport_To_apiserver_UDSTransport(a.(*UDSTransport), b.(*apiserver.UDSTransport), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserver.UDSTransport)(nil), (*UDSTransport)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport(a.(*apiserver.UDSTransport), b.(*UDSTransport), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*EgressSelection)(nil), (*apiserver.EgressSelection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(a.(*EgressSelection), b.(*apiserver.EgressSelection), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_Connection_To_apiserver_Connection(in *Connection, out *apiserver.Connection, s conversion.Scope) error { - out.ProxyProtocol = apiserver.ProtocolType(in.ProxyProtocol) - out.Transport = (*apiserver.Transport)(unsafe.Pointer(in.Transport)) - return nil -} - -// Convert_v1beta1_Connection_To_apiserver_Connection is an autogenerated conversion function. -func Convert_v1beta1_Connection_To_apiserver_Connection(in *Connection, out *apiserver.Connection, s conversion.Scope) error { - return autoConvert_v1beta1_Connection_To_apiserver_Connection(in, out, s) -} - -func autoConvert_apiserver_Connection_To_v1beta1_Connection(in *apiserver.Connection, out *Connection, s conversion.Scope) error { - out.ProxyProtocol = ProtocolType(in.ProxyProtocol) - out.Transport = (*Transport)(unsafe.Pointer(in.Transport)) - return nil -} - -// Convert_apiserver_Connection_To_v1beta1_Connection is an autogenerated conversion function. -func Convert_apiserver_Connection_To_v1beta1_Connection(in *apiserver.Connection, out *Connection, s conversion.Scope) error { - return autoConvert_apiserver_Connection_To_v1beta1_Connection(in, out, s) -} - -func autoConvert_v1beta1_EgressSelection_To_apiserver_EgressSelection(in *EgressSelection, out *apiserver.EgressSelection, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1beta1_Connection_To_apiserver_Connection(&in.Connection, &out.Connection, s); err != nil { - return err - } - return nil -} - -func autoConvert_apiserver_EgressSelection_To_v1beta1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_apiserver_Connection_To_v1beta1_Connection(&in.Connection, &out.Connection, s); err != nil { - return err - } - return nil -} - -// Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection is an autogenerated conversion function. -func Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(in *apiserver.EgressSelection, out *EgressSelection, s conversion.Scope) error { - return autoConvert_apiserver_EgressSelection_To_v1beta1_EgressSelection(in, out, s) -} - -func autoConvert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, s conversion.Scope) error { - if in.EgressSelections != nil { - in, out := &in.EgressSelections, &out.EgressSelections - *out = make([]apiserver.EgressSelection, len(*in)) - for i := range *in { - if err := Convert_v1beta1_EgressSelection_To_apiserver_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.EgressSelections = nil - } - return nil -} - -// Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration is an autogenerated conversion function. -func Convert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in *EgressSelectorConfiguration, out *apiserver.EgressSelectorConfiguration, s conversion.Scope) error { - return autoConvert_v1beta1_EgressSelectorConfiguration_To_apiserver_EgressSelectorConfiguration(in, out, s) -} - -func autoConvert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, s conversion.Scope) error { - if in.EgressSelections != nil { - in, out := &in.EgressSelections, &out.EgressSelections - *out = make([]EgressSelection, len(*in)) - for i := range *in { - if err := Convert_apiserver_EgressSelection_To_v1beta1_EgressSelection(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.EgressSelections = nil - } - return nil -} - -// Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration is an autogenerated conversion function. -func Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(in *apiserver.EgressSelectorConfiguration, out *EgressSelectorConfiguration, s conversion.Scope) error { - return autoConvert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(in, out, s) -} - -func autoConvert_v1beta1_TCPTransport_To_apiserver_TCPTransport(in *TCPTransport, out *apiserver.TCPTransport, s conversion.Scope) error { - out.URL = in.URL - out.TLSConfig = (*apiserver.TLSConfig)(unsafe.Pointer(in.TLSConfig)) - return nil -} - -// Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport is an autogenerated conversion function. -func Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport(in *TCPTransport, out *apiserver.TCPTransport, s conversion.Scope) error { - return autoConvert_v1beta1_TCPTransport_To_apiserver_TCPTransport(in, out, s) -} - -func autoConvert_apiserver_TCPTransport_To_v1beta1_TCPTransport(in *apiserver.TCPTransport, out *TCPTransport, s conversion.Scope) error { - out.URL = in.URL - out.TLSConfig = (*TLSConfig)(unsafe.Pointer(in.TLSConfig)) - return nil -} - -// Convert_apiserver_TCPTransport_To_v1beta1_TCPTransport is an autogenerated conversion function. -func Convert_apiserver_TCPTransport_To_v1beta1_TCPTransport(in *apiserver.TCPTransport, out *TCPTransport, s conversion.Scope) error { - return autoConvert_apiserver_TCPTransport_To_v1beta1_TCPTransport(in, out, s) -} - -func autoConvert_v1beta1_TLSConfig_To_apiserver_TLSConfig(in *TLSConfig, out *apiserver.TLSConfig, s conversion.Scope) error { - out.CABundle = in.CABundle - out.ClientKey = in.ClientKey - out.ClientCert = in.ClientCert - return nil -} - -// Convert_v1beta1_TLSConfig_To_apiserver_TLSConfig is an autogenerated conversion function. -func Convert_v1beta1_TLSConfig_To_apiserver_TLSConfig(in *TLSConfig, out *apiserver.TLSConfig, s conversion.Scope) error { - return autoConvert_v1beta1_TLSConfig_To_apiserver_TLSConfig(in, out, s) -} - -func autoConvert_apiserver_TLSConfig_To_v1beta1_TLSConfig(in *apiserver.TLSConfig, out *TLSConfig, s conversion.Scope) error { - out.CABundle = in.CABundle - out.ClientKey = in.ClientKey - out.ClientCert = in.ClientCert - return nil -} - -// Convert_apiserver_TLSConfig_To_v1beta1_TLSConfig is an autogenerated conversion function. -func Convert_apiserver_TLSConfig_To_v1beta1_TLSConfig(in *apiserver.TLSConfig, out *TLSConfig, s conversion.Scope) error { - return autoConvert_apiserver_TLSConfig_To_v1beta1_TLSConfig(in, out, s) -} - -func autoConvert_v1beta1_Transport_To_apiserver_Transport(in *Transport, out *apiserver.Transport, s conversion.Scope) error { - out.TCP = (*apiserver.TCPTransport)(unsafe.Pointer(in.TCP)) - out.UDS = (*apiserver.UDSTransport)(unsafe.Pointer(in.UDS)) - return nil -} - -// Convert_v1beta1_Transport_To_apiserver_Transport is an autogenerated conversion function. -func Convert_v1beta1_Transport_To_apiserver_Transport(in *Transport, out *apiserver.Transport, s conversion.Scope) error { - return autoConvert_v1beta1_Transport_To_apiserver_Transport(in, out, s) -} - -func autoConvert_apiserver_Transport_To_v1beta1_Transport(in *apiserver.Transport, out *Transport, s conversion.Scope) error { - out.TCP = (*TCPTransport)(unsafe.Pointer(in.TCP)) - out.UDS = (*UDSTransport)(unsafe.Pointer(in.UDS)) - return nil -} - -// Convert_apiserver_Transport_To_v1beta1_Transport is an autogenerated conversion function. -func Convert_apiserver_Transport_To_v1beta1_Transport(in *apiserver.Transport, out *Transport, s conversion.Scope) error { - return autoConvert_apiserver_Transport_To_v1beta1_Transport(in, out, s) -} - -func autoConvert_v1beta1_UDSTransport_To_apiserver_UDSTransport(in *UDSTransport, out *apiserver.UDSTransport, s conversion.Scope) error { - out.UDSName = in.UDSName - return nil -} - -// Convert_v1beta1_UDSTransport_To_apiserver_UDSTransport is an autogenerated conversion function. -func Convert_v1beta1_UDSTransport_To_apiserver_UDSTransport(in *UDSTransport, out *apiserver.UDSTransport, s conversion.Scope) error { - return autoConvert_v1beta1_UDSTransport_To_apiserver_UDSTransport(in, out, s) -} - -func autoConvert_apiserver_UDSTransport_To_v1beta1_UDSTransport(in *apiserver.UDSTransport, out *UDSTransport, s conversion.Scope) error { - out.UDSName = in.UDSName - return nil -} - -// Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport is an autogenerated conversion function. -func Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport(in *apiserver.UDSTransport, out *UDSTransport, s conversion.Scope) error { - return autoConvert_apiserver_UDSTransport_To_v1beta1_UDSTransport(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index bb1819cac6..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,175 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Connection) DeepCopyInto(out *Connection) { - *out = *in - if in.Transport != nil { - in, out := &in.Transport, &out.Transport - *out = new(Transport) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection. -func (in *Connection) DeepCopy() *Connection { - if in == nil { - return nil - } - out := new(Connection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EgressSelection) DeepCopyInto(out *EgressSelection) { - *out = *in - in.Connection.DeepCopyInto(&out.Connection) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelection. -func (in *EgressSelection) DeepCopy() *EgressSelection { - if in == nil { - return nil - } - out := new(EgressSelection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EgressSelectorConfiguration) DeepCopyInto(out *EgressSelectorConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.EgressSelections != nil { - in, out := &in.EgressSelections, &out.EgressSelections - *out = make([]EgressSelection, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelectorConfiguration. -func (in *EgressSelectorConfiguration) DeepCopy() *EgressSelectorConfiguration { - if in == nil { - return nil - } - out := new(EgressSelectorConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EgressSelectorConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPTransport) DeepCopyInto(out *TCPTransport) { - *out = *in - if in.TLSConfig != nil { - in, out := &in.TLSConfig, &out.TLSConfig - *out = new(TLSConfig) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTransport. -func (in *TCPTransport) DeepCopy() *TCPTransport { - if in == nil { - return nil - } - out := new(TCPTransport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. -func (in *TLSConfig) DeepCopy() *TLSConfig { - if in == nil { - return nil - } - out := new(TLSConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Transport) DeepCopyInto(out *Transport) { - *out = *in - if in.TCP != nil { - in, out := &in.TCP, &out.TCP - *out = new(TCPTransport) - (*in).DeepCopyInto(*out) - } - if in.UDS != nil { - in, out := &in.UDS, &out.UDS - *out = new(UDSTransport) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Transport. -func (in *Transport) DeepCopy() *Transport { - if in == nil { - return nil - } - out := new(Transport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UDSTransport) DeepCopyInto(out *UDSTransport) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDSTransport. -func (in *UDSTransport) DeepCopy() *UDSTransport { - if in == nil { - return nil - } - out := new(UDSTransport) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 198b5be4af..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/zz_generated.deepcopy.go deleted file mode 100644 index 86acce65f8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/apiserver/zz_generated.deepcopy.go +++ /dev/null @@ -1,263 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package apiserver - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionConfiguration) DeepCopyInto(out *AdmissionConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Plugins != nil { - in, out := &in.Plugins, &out.Plugins - *out = make([]AdmissionPluginConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionConfiguration. -func (in *AdmissionConfiguration) DeepCopy() *AdmissionConfiguration { - if in == nil { - return nil - } - out := new(AdmissionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionPluginConfiguration) DeepCopyInto(out *AdmissionPluginConfiguration) { - *out = *in - if in.Configuration != nil { - in, out := &in.Configuration, &out.Configuration - *out = new(runtime.Unknown) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionPluginConfiguration. -func (in *AdmissionPluginConfiguration) DeepCopy() *AdmissionPluginConfiguration { - if in == nil { - return nil - } - out := new(AdmissionPluginConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Connection) DeepCopyInto(out *Connection) { - *out = *in - if in.Transport != nil { - in, out := &in.Transport, &out.Transport - *out = new(Transport) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection. -func (in *Connection) DeepCopy() *Connection { - if in == nil { - return nil - } - out := new(Connection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EgressSelection) DeepCopyInto(out *EgressSelection) { - *out = *in - in.Connection.DeepCopyInto(&out.Connection) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelection. -func (in *EgressSelection) DeepCopy() *EgressSelection { - if in == nil { - return nil - } - out := new(EgressSelection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EgressSelectorConfiguration) DeepCopyInto(out *EgressSelectorConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.EgressSelections != nil { - in, out := &in.EgressSelections, &out.EgressSelections - *out = make([]EgressSelection, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressSelectorConfiguration. -func (in *EgressSelectorConfiguration) DeepCopy() *EgressSelectorConfiguration { - if in == nil { - return nil - } - out := new(EgressSelectorConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EgressSelectorConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPTransport) DeepCopyInto(out *TCPTransport) { - *out = *in - if in.TLSConfig != nil { - in, out := &in.TLSConfig, &out.TLSConfig - *out = new(TLSConfig) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTransport. -func (in *TCPTransport) DeepCopy() *TCPTransport { - if in == nil { - return nil - } - out := new(TCPTransport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. -func (in *TLSConfig) DeepCopy() *TLSConfig { - if in == nil { - return nil - } - out := new(TLSConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TracingConfiguration) DeepCopyInto(out *TracingConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Endpoint != nil { - in, out := &in.Endpoint, &out.Endpoint - *out = new(string) - **out = **in - } - if in.SamplingRatePerMillion != nil { - in, out := &in.SamplingRatePerMillion, &out.SamplingRatePerMillion - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfiguration. -func (in *TracingConfiguration) DeepCopy() *TracingConfiguration { - if in == nil { - return nil - } - out := new(TracingConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *TracingConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Transport) DeepCopyInto(out *Transport) { - *out = *in - if in.TCP != nil { - in, out := &in.TCP, &out.TCP - *out = new(TCPTransport) - (*in).DeepCopyInto(*out) - } - if in.UDS != nil { - in, out := &in.UDS, &out.UDS - *out = new(UDSTransport) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Transport. -func (in *Transport) DeepCopy() *Transport { - if in == nil { - return nil - } - out := new(Transport) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UDSTransport) DeepCopyInto(out *UDSTransport) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDSTransport. -func (in *UDSTransport) DeepCopy() *UDSTransport { - if in == nil { - return nil - } - out := new(UDSTransport) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS deleted file mode 100644 index 72f9f9c690..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-audit-approvers - - sig-auth-audit-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go deleted file mode 100644 index deda9cbd63..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=audit.k8s.io - -package audit // import "k8s.io/apiserver/pkg/apis/audit" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go deleted file mode 100644 index 05fe72c0ff..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -func ordLevel(l Level) int { - switch l { - case LevelMetadata: - return 1 - case LevelRequest: - return 2 - case LevelRequestResponse: - return 3 - default: - return 0 - } -} - -func (a Level) Less(b Level) bool { - return ordLevel(a) < ordLevel(b) -} - -func (a Level) GreaterOrEqual(b Level) bool { - return ordLevel(a) >= ordLevel(b) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/install/install.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/install/install.go deleted file mode 100644 index 6911f12701..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/install/install.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/apis/audit/v1" -) - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(audit.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go deleted file mode 100644 index 9abf739ae0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "audit.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Event{}, - &EventList{}, - &Policy{}, - &PolicyList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go deleted file mode 100644 index f369b2229b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go +++ /dev/null @@ -1,312 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - authnv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" -) - -// Header keys used by the audit system. -const ( - // Header to hold the audit ID as the request is propagated through the serving hierarchy. The - // Audit-ID header should be set by the first server to receive the request (e.g. the federation - // server or kube-aggregator). - // - // Audit ID is also returned to client by http response header. - // It's not guaranteed Audit-Id http header is sent for all requests. When kube-apiserver didn't - // audit the events according to the audit policy, no Audit-ID is returned. Also, for request to - // pods/exec, pods/attach, pods/proxy, kube-apiserver works like a proxy and redirect the request - // to kubelet node, users will only get http headers sent from kubelet node, so no Audit-ID is - // sent when users run command like "kubectl exec" or "kubectl attach". - HeaderAuditID = "Audit-ID" -) - -// Level defines the amount of information logged during auditing -type Level string - -// Valid audit levels -const ( - // LevelNone disables auditing - LevelNone Level = "None" - // LevelMetadata provides the basic level of auditing. - LevelMetadata Level = "Metadata" - // LevelRequest provides Metadata level of auditing, and additionally - // logs the request object (does not apply for non-resource requests). - LevelRequest Level = "Request" - // LevelRequestResponse provides Request level of auditing, and additionally - // logs the response object (does not apply for non-resource requests). - LevelRequestResponse Level = "RequestResponse" -) - -// Stage defines the stages in request handling that audit events may be generated. -type Stage string - -// Valid audit stages. -const ( - // The stage for events generated as soon as the audit handler receives the request, and before it - // is delegated down the handler chain. - StageRequestReceived Stage = "RequestReceived" - // The stage for events generated once the response headers are sent, but before the response body - // is sent. This stage is only generated for long-running requests (e.g. watch). - StageResponseStarted Stage = "ResponseStarted" - // The stage for events generated once the response body has been completed, and no more bytes - // will be sent. - StageResponseComplete Stage = "ResponseComplete" - // The stage for events generated when a panic occurred. - StagePanic Stage = "Panic" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Event captures all the information that can be included in an API audit log. -type Event struct { - metav1.TypeMeta - - // AuditLevel at which event was generated - Level Level - - // Unique audit ID, generated for each request. - AuditID types.UID - // Stage of the request handling when this event instance was generated. - Stage Stage - - // RequestURI is the request URI as sent by the client to a server. - RequestURI string - // Verb is the kubernetes verb associated with the request. - // For non-resource requests, this is the lower-cased HTTP method. - Verb string - // Authenticated user information. - User authnv1.UserInfo - // Impersonated user information. - // +optional - ImpersonatedUser *authnv1.UserInfo - // Source IPs, from where the request originated and intermediate proxies. - // The source IPs are listed from (in order): - // 1. X-Forwarded-For request header IPs - // 2. X-Real-Ip header, if not present in the X-Forwarded-For list - // 3. The remote address for the connection, if it doesn't match the last - // IP in the list up to here (X-Forwarded-For or X-Real-Ip). - // Note: All but the last IP can be arbitrarily set by the client. - // +optional - SourceIPs []string - // UserAgent records the user agent string reported by the client. - // Note that the UserAgent is provided by the client, and must not be trusted. - // +optional - UserAgent string - // Object reference this request is targeted at. - // Does not apply for List-type requests, or non-resource requests. - // +optional - ObjectRef *ObjectReference - // The response status, populated even when the ResponseObject is not a Status type. - // For successful responses, this will only include the Code. For non-status type - // error responses, this will be auto-populated with the error Message. - // +optional - ResponseStatus *metav1.Status - - // API object from the request, in JSON format. The RequestObject is recorded as-is in the request - // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or - // merging. It is an external versioned object type, and may not be a valid object on its own. - // Omitted for non-resource requests. Only logged at Request Level and higher. - // +optional - RequestObject *runtime.Unknown - // API object returned in the response, in JSON. The ResponseObject is recorded after conversion - // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged - // at Response Level. - // +optional - ResponseObject *runtime.Unknown - - // Time the request reached the apiserver. - RequestReceivedTimestamp metav1.MicroTime - // Time the request reached current audit stage. - StageTimestamp metav1.MicroTime - - // Annotations is an unstructured key value map stored with an audit event that may be set by - // plugins invoked in the request serving chain, including authentication, authorization and - // admission plugins. Note that these annotations are for the audit event, and do not correspond - // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing - // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values - // should be short. Annotations are included in the Metadata level. - // +optional - Annotations map[string]string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EventList is a list of audit Events. -type EventList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Event -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Policy defines the configuration of audit logging, and the rules for how different request -// categories are logged. -type Policy struct { - metav1.TypeMeta - // ObjectMeta is included for interoperability with API infrastructure. - // +optional - metav1.ObjectMeta - - // Rules specify the audit Level a request should be recorded at. - // A request may match multiple rules, in which case the FIRST matching rule is used. - // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. - // PolicyRules are strictly ordered. - Rules []PolicyRule - - // OmitStages is a list of stages for which no events are created. Note that this can also - // be specified per rule in which case the union of both are omitted. - // +optional - OmitStages []Stage - - // OmitManagedFields indicates whether to omit the managed fields of the request - // and response bodies from being written to the API audit log. - // This is used as a global default - a value of 'true' will omit the managed fileds, - // otherwise the managed fields will be included in the API audit log. - // Note that this can also be specified per rule in which case the value specified - // in a rule will override the global default. - // +optional - OmitManagedFields bool -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PolicyList is a list of audit Policies. -type PolicyList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Policy -} - -// PolicyRule maps requests based off metadata to an audit Level. -// Requests must match the rules of every field (an intersection of rules). -type PolicyRule struct { - // The Level that requests matching this rule are recorded at. - Level Level - - // The users (by authenticated user name) this rule applies to. - // An empty list implies every user. - // +optional - Users []string - // The user groups this rule applies to. A user is considered matching - // if it is a member of any of the UserGroups. - // An empty list implies every user group. - // +optional - UserGroups []string - - // The verbs that match this rule. - // An empty list implies every verb. - // +optional - Verbs []string - - // Rules can apply to API resources (such as "pods" or "secrets"), - // non-resource URL paths (such as "/api"), or neither, but not both. - // If neither is specified, the rule is treated as a default for all URLs. - - // Resources that this rule matches. An empty list implies all kinds in all API groups. - // +optional - Resources []GroupResources - // Namespaces that this rule matches. - // The empty string "" matches non-namespaced resources. - // An empty list implies every namespace. - // +optional - Namespaces []string - - // NonResourceURLs is a set of URL paths that should be audited. - // *s are allowed, but only as the full, final step in the path. - // Examples: - // "/metrics" - Log requests for apiserver metrics - // "/healthz*" - Log all health checks - // +optional - NonResourceURLs []string - - // OmitStages is a list of stages for which no events are created. Note that this can also - // be specified policy wide in which case the union of both are omitted. - // An empty list means no restrictions will apply. - // +optional - OmitStages []Stage - - // OmitManagedFields indicates whether to omit the managed fields of the request - // and response bodies from being written to the API audit log. - // - a value of 'true' will drop the managed fields from the API audit log - // - a value of 'false' indicates that the managed fileds should be included - // in the API audit log - // Note that the value, if specified, in this rule will override the global default - // If a value is not specified then the global default specified in - // Policy.OmitManagedFields will stand. - // +optional - OmitManagedFields *bool -} - -// GroupResources represents resource kinds in an API group. -type GroupResources struct { - // Group is the name of the API group that contains the resources. - // The empty string represents the core API group. - // +optional - Group string - // Resources is a list of resources this rule applies to. - // - // For example: - // 'pods' matches pods. - // 'pods/log' matches the log subresource of pods. - // '*' matches all resources and their subresources. - // 'pods/*' matches all subresources of pods. - // '*/scale' matches all scale subresources. - // - // If wildcard is present, the validation rule will ensure resources do not - // overlap with each other. - // - // An empty list implies all resources and subresources in this API groups apply. - // +optional - Resources []string - // ResourceNames is a list of resource instance names that the policy matches. - // Using this field requires Resources to be specified. - // An empty list implies that every instance of the resource is matched. - // +optional - ResourceNames []string -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -type ObjectReference struct { - // +optional - Resource string - // +optional - Namespace string - // +optional - Name string - // +optional - UID types.UID - // APIGroup is the name of the API group that contains the referred object. - // The empty string represents the core API group. - // +optional - APIGroup string - // APIVersion is the version of the API group that contains the referred object. - // +optional - APIVersion string - // +optional - ResourceVersion string - // +optional - Subresource string -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go deleted file mode 100644 index d1f180c942..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:protobuf-gen=package -// +k8s:conversion-gen=k8s.io/apiserver/pkg/apis/audit -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta - -// +groupName=audit.k8s.io - -package v1 // import "k8s.io/apiserver/pkg/apis/audit/v1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go deleted file mode 100644 index d7454c7a55..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go +++ /dev/null @@ -1,3231 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto - -package v1 - -import ( - fmt "fmt" - - io "io" - - proto "github.com/gogo/protobuf/proto" - github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" - v1 "k8s.io/api/authentication/v1" - v11 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - - math "math" - math_bits "math/bits" - reflect "reflect" - strings "strings" - - k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -func (m *Event) Reset() { *m = Event{} } -func (*Event) ProtoMessage() {} -func (*Event) Descriptor() ([]byte, []int) { - return fileDescriptor_4982ac40a460d730, []int{0} -} -func (m *Event) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *Event) XXX_Merge(src proto.Message) { - xxx_messageInfo_Event.Merge(m, src) -} -func (m *Event) XXX_Size() int { - return m.Size() -} -func (m *Event) XXX_DiscardUnknown() { - xxx_messageInfo_Event.DiscardUnknown(m) -} - -var xxx_messageInfo_Event proto.InternalMessageInfo - -func (m *EventList) Reset() { *m = EventList{} } -func (*EventList) ProtoMessage() {} -func (*EventList) Descriptor() ([]byte, []int) { - return fileDescriptor_4982ac40a460d730, []int{1} -} -func (m *EventList) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *EventList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *EventList) XXX_Merge(src proto.Message) { - xxx_messageInfo_EventList.Merge(m, src) -} -func (m *EventList) XXX_Size() int { - return m.Size() -} -func (m *EventList) XXX_DiscardUnknown() { - xxx_messageInfo_EventList.DiscardUnknown(m) -} - -var xxx_messageInfo_EventList proto.InternalMessageInfo - -func (m *GroupResources) Reset() { *m = GroupResources{} } -func (*GroupResources) ProtoMessage() {} -func (*GroupResources) Descriptor() ([]byte, []int) { - return fileDescriptor_4982ac40a460d730, []int{2} -} -func (m *GroupResources) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *GroupResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *GroupResources) XXX_Merge(src proto.Message) { - xxx_messageInfo_GroupResources.Merge(m, src) -} -func (m *GroupResources) XXX_Size() int { - return m.Size() -} -func (m *GroupResources) XXX_DiscardUnknown() { - xxx_messageInfo_GroupResources.DiscardUnknown(m) -} - -var xxx_messageInfo_GroupResources proto.InternalMessageInfo - -func (m *ObjectReference) Reset() { *m = ObjectReference{} } -func (*ObjectReference) ProtoMessage() {} -func (*ObjectReference) Descriptor() ([]byte, []int) { - return fileDescriptor_4982ac40a460d730, []int{3} -} -func (m *ObjectReference) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *ObjectReference) XXX_Merge(src proto.Message) { - xxx_messageInfo_ObjectReference.Merge(m, src) -} -func (m *ObjectReference) XXX_Size() int { - return m.Size() -} -func (m *ObjectReference) XXX_DiscardUnknown() { - xxx_messageInfo_ObjectReference.DiscardUnknown(m) -} - -var xxx_messageInfo_ObjectReference proto.InternalMessageInfo - -func (m *Policy) Reset() { *m = Policy{} } -func (*Policy) ProtoMessage() {} -func (*Policy) Descriptor() ([]byte, []int) { - return fileDescriptor_4982ac40a460d730, []int{4} -} -func (m *Policy) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *Policy) XXX_Merge(src proto.Message) { - xxx_messageInfo_Policy.Merge(m, src) -} -func (m *Policy) XXX_Size() int { - return m.Size() -} -func (m *Policy) XXX_DiscardUnknown() { - xxx_messageInfo_Policy.DiscardUnknown(m) -} - -var xxx_messageInfo_Policy proto.InternalMessageInfo - -func (m *PolicyList) Reset() { *m = PolicyList{} } -func (*PolicyList) ProtoMessage() {} -func (*PolicyList) Descriptor() ([]byte, []int) { - return fileDescriptor_4982ac40a460d730, []int{5} -} -func (m *PolicyList) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *PolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *PolicyList) XXX_Merge(src proto.Message) { - xxx_messageInfo_PolicyList.Merge(m, src) -} -func (m *PolicyList) XXX_Size() int { - return m.Size() -} -func (m *PolicyList) XXX_DiscardUnknown() { - xxx_messageInfo_PolicyList.DiscardUnknown(m) -} - -var xxx_messageInfo_PolicyList proto.InternalMessageInfo - -func (m *PolicyRule) Reset() { *m = PolicyRule{} } -func (*PolicyRule) ProtoMessage() {} -func (*PolicyRule) Descriptor() ([]byte, []int) { - return fileDescriptor_4982ac40a460d730, []int{6} -} -func (m *PolicyRule) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *PolicyRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *PolicyRule) XXX_Merge(src proto.Message) { - xxx_messageInfo_PolicyRule.Merge(m, src) -} -func (m *PolicyRule) XXX_Size() int { - return m.Size() -} -func (m *PolicyRule) XXX_DiscardUnknown() { - xxx_messageInfo_PolicyRule.DiscardUnknown(m) -} - -var xxx_messageInfo_PolicyRule proto.InternalMessageInfo - -func init() { - proto.RegisterType((*Event)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.Event") - proto.RegisterMapType((map[string]string)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.Event.AnnotationsEntry") - proto.RegisterType((*EventList)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.EventList") - proto.RegisterType((*GroupResources)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.GroupResources") - proto.RegisterType((*ObjectReference)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.ObjectReference") - proto.RegisterType((*Policy)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.Policy") - proto.RegisterType((*PolicyList)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.PolicyList") - proto.RegisterType((*PolicyRule)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.PolicyRule") -} - -func init() { - proto.RegisterFile("k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto", fileDescriptor_4982ac40a460d730) -} - -var fileDescriptor_4982ac40a460d730 = []byte{ - // 1288 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xcf, 0xc6, 0x71, 0x63, 0x8f, 0x1b, 0xc7, 0x99, 0x16, 0xba, 0xe4, 0x60, 0x1b, 0x23, 0xa1, - 0x00, 0x61, 0xb7, 0x0d, 0x85, 0x56, 0x95, 0x40, 0xb2, 0x69, 0x69, 0x2d, 0x9a, 0x3f, 0x1a, 0xe3, - 0x1e, 0x10, 0x87, 0xae, 0xd7, 0x2f, 0xf6, 0x62, 0x7b, 0x76, 0xbb, 0x33, 0x6b, 0x94, 0x1b, 0x5f, - 0x00, 0x89, 0x3b, 0xdf, 0x82, 0x1b, 0xe2, 0xc4, 0x2d, 0xc7, 0x1e, 0x7b, 0xb2, 0x88, 0xe1, 0x53, - 0xe4, 0x80, 0xd0, 0xcc, 0xce, 0xfe, 0xb1, 0x13, 0x2b, 0x0e, 0x07, 0x6e, 0x9e, 0xf7, 0x7e, 0xbf, - 0xdf, 0x7b, 0xfb, 0xf6, 0xbd, 0x37, 0x6b, 0xf4, 0xf5, 0xe0, 0x21, 0x33, 0x1c, 0xd7, 0x1c, 0x04, - 0x1d, 0xf0, 0x29, 0x70, 0x60, 0xe6, 0x18, 0x68, 0xd7, 0xf5, 0x4d, 0xe5, 0xb0, 0x3c, 0x87, 0x81, - 0x3f, 0x06, 0xdf, 0xf4, 0x06, 0x3d, 0x79, 0x32, 0xad, 0xa0, 0xeb, 0x70, 0x73, 0x7c, 0xcf, 0xec, - 0x01, 0x05, 0xdf, 0xe2, 0xd0, 0x35, 0x3c, 0xdf, 0xe5, 0x2e, 0xae, 0x85, 0x1c, 0x23, 0xe6, 0x18, - 0xde, 0xa0, 0x27, 0x4f, 0x86, 0xe4, 0x18, 0xe3, 0x7b, 0xdb, 0x1f, 0xf7, 0x1c, 0xde, 0x0f, 0x3a, - 0x86, 0xed, 0x8e, 0xcc, 0x9e, 0xdb, 0x73, 0x4d, 0x49, 0xed, 0x04, 0xc7, 0xf2, 0x24, 0x0f, 0xf2, - 0x57, 0x28, 0xb9, 0xbd, 0x9b, 0xa4, 0x61, 0x5a, 0x01, 0xef, 0x03, 0xe5, 0x8e, 0x6d, 0x71, 0xc7, - 0xa5, 0x97, 0x24, 0xb0, 0x7d, 0x3f, 0x41, 0x8f, 0x2c, 0xbb, 0xef, 0x50, 0xf0, 0x4f, 0x92, 0xbc, - 0x47, 0xc0, 0xad, 0xcb, 0x58, 0xe6, 0x22, 0x96, 0x1f, 0x50, 0xee, 0x8c, 0xe0, 0x02, 0xe1, 0xb3, - 0xab, 0x08, 0xcc, 0xee, 0xc3, 0xc8, 0x9a, 0xe7, 0xd5, 0xfe, 0x46, 0x28, 0xfb, 0x64, 0x0c, 0x94, - 0xe3, 0x5d, 0x94, 0x1d, 0xc2, 0x18, 0x86, 0xba, 0x56, 0xd5, 0x76, 0xf2, 0x8d, 0xb7, 0x4f, 0x27, - 0x95, 0x95, 0xe9, 0xa4, 0x92, 0x7d, 0x2e, 0x8c, 0xe7, 0xd1, 0x0f, 0x12, 0x82, 0xf0, 0x01, 0x5a, - 0x97, 0xf5, 0x6b, 0x3e, 0xd6, 0x57, 0x25, 0xfe, 0xbe, 0xc2, 0xaf, 0xd7, 0x43, 0xf3, 0xf9, 0xa4, - 0xf2, 0xee, 0xa2, 0x9c, 0xf8, 0x89, 0x07, 0xcc, 0x68, 0x37, 0x1f, 0x93, 0x48, 0x44, 0x44, 0x67, - 0xdc, 0xea, 0x81, 0x9e, 0x99, 0x8d, 0xde, 0x12, 0xc6, 0xf3, 0xe8, 0x07, 0x09, 0x41, 0x78, 0x0f, - 0x21, 0x1f, 0x5e, 0x05, 0xc0, 0x78, 0x9b, 0x34, 0xf5, 0x35, 0x49, 0xc1, 0x8a, 0x82, 0x48, 0xec, - 0x21, 0x29, 0x14, 0xae, 0xa2, 0xb5, 0x31, 0xf8, 0x1d, 0x3d, 0x2b, 0xd1, 0x37, 0x15, 0x7a, 0xed, - 0x05, 0xf8, 0x1d, 0x22, 0x3d, 0xf8, 0x19, 0x5a, 0x0b, 0x18, 0xf8, 0xfa, 0x8d, 0xaa, 0xb6, 0x53, - 0xd8, 0x7b, 0xdf, 0x48, 0x5a, 0xc7, 0x98, 0x7d, 0xcf, 0xc6, 0xf8, 0x9e, 0xd1, 0x66, 0xe0, 0x37, - 0xe9, 0xb1, 0x9b, 0x28, 0x09, 0x0b, 0x91, 0x0a, 0xb8, 0x8f, 0x4a, 0xce, 0xc8, 0x03, 0x9f, 0xb9, - 0x54, 0xd4, 0x5a, 0x78, 0xf4, 0xf5, 0x6b, 0xa9, 0xde, 0x9e, 0x4e, 0x2a, 0xa5, 0xe6, 0x9c, 0x06, - 0xb9, 0xa0, 0x8a, 0x3f, 0x42, 0x79, 0xe6, 0x06, 0xbe, 0x0d, 0xcd, 0x23, 0xa6, 0xe7, 0xaa, 0x99, - 0x9d, 0x7c, 0x63, 0x63, 0x3a, 0xa9, 0xe4, 0x5b, 0x91, 0x91, 0x24, 0x7e, 0x6c, 0xa2, 0xbc, 0x48, - 0xaf, 0xde, 0x03, 0xca, 0xf5, 0x92, 0xac, 0xc3, 0x96, 0xca, 0x3e, 0xdf, 0x8e, 0x1c, 0x24, 0xc1, - 0xe0, 0x97, 0x28, 0xef, 0x76, 0xbe, 0x07, 0x9b, 0x13, 0x38, 0xd6, 0xf3, 0xf2, 0x01, 0x3e, 0x31, - 0xae, 0x9e, 0x28, 0xe3, 0x30, 0x22, 0x81, 0x0f, 0xd4, 0x86, 0x30, 0xa5, 0xd8, 0x48, 0x12, 0x51, - 0xdc, 0x47, 0x45, 0x1f, 0x98, 0xe7, 0x52, 0x06, 0x2d, 0x6e, 0xf1, 0x80, 0xe9, 0x48, 0x86, 0xd9, - 0x4d, 0x85, 0x89, 0x9b, 0x27, 0x89, 0x24, 0xe6, 0x46, 0x04, 0x0a, 0x39, 0x0d, 0x3c, 0x9d, 0x54, - 0x8a, 0x64, 0x46, 0x87, 0xcc, 0xe9, 0x62, 0x0b, 0x6d, 0xa8, 0x6e, 0x08, 0x13, 0xd1, 0x0b, 0x32, - 0xd0, 0xce, 0xc2, 0x40, 0x6a, 0x72, 0x8c, 0x36, 0x1d, 0x50, 0xf7, 0x07, 0xda, 0xd8, 0x9a, 0x4e, - 0x2a, 0x1b, 0x24, 0x2d, 0x41, 0x66, 0x15, 0x71, 0x37, 0x79, 0x18, 0x15, 0xe3, 0xe6, 0x35, 0x63, - 0xcc, 0x3c, 0x88, 0x0a, 0x32, 0xa7, 0x89, 0x7f, 0xd2, 0x90, 0xae, 0xe2, 0x12, 0xb0, 0xc1, 0x19, - 0x43, 0xf7, 0x1b, 0x67, 0x04, 0x8c, 0x5b, 0x23, 0x4f, 0xdf, 0x90, 0x01, 0xcd, 0xe5, 0xaa, 0xb7, - 0xef, 0xd8, 0xbe, 0x2b, 0xb8, 0x8d, 0xaa, 0x6a, 0x03, 0x9d, 0x2c, 0x10, 0x26, 0x0b, 0x43, 0x62, - 0x17, 0x15, 0xe5, 0x54, 0x26, 0x49, 0x14, 0xff, 0x5b, 0x12, 0xd1, 0xd0, 0x17, 0x5b, 0x33, 0x72, - 0x64, 0x4e, 0x1e, 0xbf, 0x42, 0x05, 0x8b, 0x52, 0x97, 0xcb, 0xa9, 0x61, 0xfa, 0x66, 0x35, 0xb3, - 0x53, 0xd8, 0x7b, 0xb4, 0x4c, 0x5f, 0xca, 0x4d, 0x67, 0xd4, 0x13, 0xf2, 0x13, 0xca, 0xfd, 0x93, - 0xc6, 0x2d, 0x15, 0xb8, 0x90, 0xf2, 0x90, 0x74, 0x8c, 0xed, 0x2f, 0x50, 0x69, 0x9e, 0x85, 0x4b, - 0x28, 0x33, 0x80, 0x93, 0x70, 0x5d, 0x12, 0xf1, 0x13, 0xdf, 0x46, 0xd9, 0xb1, 0x35, 0x0c, 0x20, - 0x5c, 0x89, 0x24, 0x3c, 0x3c, 0x5a, 0x7d, 0xa8, 0xd5, 0x7e, 0xd3, 0x50, 0x5e, 0x06, 0x7f, 0xee, - 0x30, 0x8e, 0xbf, 0x43, 0x39, 0xf1, 0xf4, 0x5d, 0x8b, 0x5b, 0x92, 0x5e, 0xd8, 0x33, 0x96, 0xab, - 0x95, 0x60, 0xef, 0x03, 0xb7, 0x1a, 0x25, 0x95, 0x71, 0x2e, 0xb2, 0x90, 0x58, 0x11, 0x1f, 0xa0, - 0xac, 0xc3, 0x61, 0xc4, 0xf4, 0x55, 0x59, 0x98, 0x0f, 0x96, 0x2e, 0x4c, 0x63, 0x23, 0xda, 0xba, - 0x4d, 0xc1, 0x27, 0xa1, 0x4c, 0xed, 0x17, 0x0d, 0x15, 0x9f, 0xfa, 0x6e, 0xe0, 0x11, 0x08, 0x57, - 0x09, 0xc3, 0xef, 0xa1, 0x6c, 0x4f, 0x58, 0xd4, 0x5d, 0x11, 0xf3, 0x42, 0x58, 0xe8, 0x13, 0xab, - 0xc9, 0x8f, 0x18, 0x32, 0x17, 0xb5, 0x9a, 0x62, 0x19, 0x92, 0xf8, 0xf1, 0x03, 0x31, 0x9d, 0xe1, - 0xe1, 0xc0, 0x1a, 0x01, 0xd3, 0x33, 0x92, 0xa0, 0x66, 0x2e, 0xe5, 0x20, 0xb3, 0xb8, 0xda, 0xaf, - 0x19, 0xb4, 0x39, 0xb7, 0x6e, 0xf0, 0x2e, 0xca, 0x45, 0x20, 0x95, 0x61, 0x5c, 0xaf, 0x48, 0x8b, - 0xc4, 0x08, 0xb1, 0x15, 0xa9, 0x90, 0xf2, 0x2c, 0x5b, 0xbd, 0xb9, 0x64, 0x2b, 0x1e, 0x44, 0x0e, - 0x92, 0x60, 0xc4, 0x4d, 0x22, 0x0e, 0xea, 0xaa, 0x8a, 0xf7, 0xbf, 0xc0, 0x12, 0xe9, 0xc1, 0x0d, - 0x94, 0x09, 0x9c, 0xae, 0xba, 0x98, 0xee, 0x2a, 0x40, 0xa6, 0xbd, 0xec, 0xad, 0x28, 0xc8, 0xe2, - 0x21, 0x2c, 0xcf, 0x91, 0x15, 0x55, 0x77, 0x56, 0xfc, 0x10, 0xf5, 0xa3, 0x66, 0x58, 0xe9, 0x18, - 0x21, 0x6e, 0x44, 0xcb, 0x73, 0x5e, 0x80, 0xcf, 0x1c, 0x97, 0xca, 0x1b, 0x2c, 0x75, 0x23, 0xd6, - 0x8f, 0x9a, 0xca, 0x43, 0x52, 0x28, 0x5c, 0x47, 0x9b, 0x51, 0x11, 0x22, 0xe2, 0xba, 0x24, 0xde, - 0x51, 0xc4, 0x4d, 0x32, 0xeb, 0x26, 0xf3, 0x78, 0xfc, 0x29, 0x2a, 0xb0, 0xa0, 0x13, 0x17, 0x3b, - 0x27, 0xe9, 0xf1, 0x38, 0xb5, 0x12, 0x17, 0x49, 0xe3, 0x6a, 0x7f, 0xac, 0xa2, 0x1b, 0x47, 0xee, - 0xd0, 0xb1, 0x4f, 0xf0, 0xcb, 0x0b, 0xb3, 0x70, 0x77, 0xb9, 0x59, 0x08, 0x5f, 0xba, 0x9c, 0x86, - 0xf8, 0x41, 0x13, 0x5b, 0x6a, 0x1e, 0x5a, 0x28, 0xeb, 0x07, 0x43, 0x88, 0xe6, 0xc1, 0x58, 0x66, - 0x1e, 0xc2, 0xe4, 0x48, 0x30, 0x84, 0xa4, 0xb9, 0xc5, 0x89, 0x91, 0x50, 0x0b, 0x3f, 0x40, 0xc8, - 0x1d, 0x39, 0x5c, 0x6e, 0xaa, 0xa8, 0x59, 0xef, 0xc8, 0x14, 0x62, 0x6b, 0xf2, 0xd5, 0x92, 0x82, - 0xe2, 0xa7, 0x68, 0x4b, 0x9c, 0xf6, 0x2d, 0x6a, 0xf5, 0xa0, 0xfb, 0x95, 0x03, 0xc3, 0x2e, 0x93, - 0x8d, 0x92, 0x6b, 0xbc, 0xa3, 0x22, 0x6d, 0x1d, 0xce, 0x03, 0xc8, 0x45, 0x4e, 0xed, 0x77, 0x0d, - 0xa1, 0x30, 0xcd, 0xff, 0x61, 0xa7, 0x1c, 0xce, 0xee, 0x94, 0x0f, 0x97, 0xaf, 0xe1, 0x82, 0xa5, - 0xf2, 0x4f, 0x26, 0xca, 0x5e, 0x94, 0xf5, 0x9a, 0x1f, 0x9f, 0x15, 0x94, 0x15, 0xdf, 0x28, 0xd1, - 0x56, 0xc9, 0x0b, 0xa4, 0xf8, 0x7e, 0x61, 0x24, 0xb4, 0x63, 0x03, 0x21, 0xf1, 0x43, 0x8e, 0x46, - 0xf4, 0x76, 0x8a, 0xe2, 0xed, 0xb4, 0x63, 0x2b, 0x49, 0x21, 0x84, 0xa0, 0xf8, 0x02, 0x14, 0x2f, - 0x22, 0x16, 0x14, 0x1f, 0x86, 0x8c, 0x84, 0x76, 0x6c, 0xa7, 0x77, 0x59, 0x56, 0xd6, 0x60, 0x6f, - 0x99, 0x1a, 0xcc, 0xee, 0xcd, 0x64, 0xaf, 0x5c, 0xba, 0x03, 0x0d, 0x84, 0xe2, 0x25, 0xc3, 0xf4, - 0x1b, 0x49, 0xd6, 0xf1, 0x16, 0x62, 0x24, 0x85, 0xc0, 0x9f, 0xa3, 0x4d, 0xea, 0xd2, 0x48, 0xaa, - 0x4d, 0x9e, 0x33, 0x7d, 0x5d, 0x92, 0x6e, 0x89, 0xd9, 0x3d, 0x98, 0x75, 0x91, 0x79, 0xec, 0x5c, - 0x0b, 0xe7, 0x96, 0x6f, 0xe1, 0x2f, 0x2f, 0x6b, 0xe1, 0xbc, 0x6c, 0xe1, 0xb7, 0x96, 0x6d, 0xdf, - 0xc6, 0xb3, 0xd3, 0xb3, 0xf2, 0xca, 0xeb, 0xb3, 0xf2, 0xca, 0x9b, 0xb3, 0xf2, 0xca, 0x8f, 0xd3, - 0xb2, 0x76, 0x3a, 0x2d, 0x6b, 0xaf, 0xa7, 0x65, 0xed, 0xcd, 0xb4, 0xac, 0xfd, 0x39, 0x2d, 0x6b, - 0x3f, 0xff, 0x55, 0x5e, 0xf9, 0xb6, 0x76, 0xf5, 0x5f, 0xbe, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, - 0xef, 0x9b, 0x7d, 0x75, 0x30, 0x0e, 0x00, 0x00, -} - -func (m *Event) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Event) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Event) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - i -= len(m.UserAgent) - copy(dAtA[i:], m.UserAgent) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.UserAgent))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0x82 - if len(m.Annotations) > 0 { - keysForAnnotations := make([]string, 0, len(m.Annotations)) - for k := range m.Annotations { - keysForAnnotations = append(keysForAnnotations, string(k)) - } - github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations) - for iNdEx := len(keysForAnnotations) - 1; iNdEx >= 0; iNdEx-- { - v := m.Annotations[string(keysForAnnotations[iNdEx])] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintGenerated(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(keysForAnnotations[iNdEx]) - copy(dAtA[i:], keysForAnnotations[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(keysForAnnotations[iNdEx]))) - i-- - dAtA[i] = 0xa - i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x7a - } - } - { - size, err := m.StageTimestamp.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x72 - { - size, err := m.RequestReceivedTimestamp.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x6a - if m.ResponseObject != nil { - { - size, err := m.ResponseObject.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x62 - } - if m.RequestObject != nil { - { - size, err := m.RequestObject.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x5a - } - if m.ResponseStatus != nil { - { - size, err := m.ResponseStatus.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - } - if m.ObjectRef != nil { - { - size, err := m.ObjectRef.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x4a - } - if len(m.SourceIPs) > 0 { - for iNdEx := len(m.SourceIPs) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.SourceIPs[iNdEx]) - copy(dAtA[i:], m.SourceIPs[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.SourceIPs[iNdEx]))) - i-- - dAtA[i] = 0x42 - } - } - if m.ImpersonatedUser != nil { - { - size, err := m.ImpersonatedUser.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x3a - } - { - size, err := m.User.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x32 - i -= len(m.Verb) - copy(dAtA[i:], m.Verb) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Verb))) - i-- - dAtA[i] = 0x2a - i -= len(m.RequestURI) - copy(dAtA[i:], m.RequestURI) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.RequestURI))) - i-- - dAtA[i] = 0x22 - i -= len(m.Stage) - copy(dAtA[i:], m.Stage) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Stage))) - i-- - dAtA[i] = 0x1a - i -= len(m.AuditID) - copy(dAtA[i:], m.AuditID) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.AuditID))) - i-- - dAtA[i] = 0x12 - i -= len(m.Level) - copy(dAtA[i:], m.Level) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Level))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *EventList) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *EventList) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *EventList) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Items) > 0 { - for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - } - { - size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *GroupResources) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GroupResources) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *GroupResources) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.ResourceNames) > 0 { - for iNdEx := len(m.ResourceNames) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ResourceNames[iNdEx]) - copy(dAtA[i:], m.ResourceNames[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.ResourceNames[iNdEx]))) - i-- - dAtA[i] = 0x1a - } - } - if len(m.Resources) > 0 { - for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Resources[iNdEx]) - copy(dAtA[i:], m.Resources[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Resources[iNdEx]))) - i-- - dAtA[i] = 0x12 - } - } - i -= len(m.Group) - copy(dAtA[i:], m.Group) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Group))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *ObjectReference) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ObjectReference) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ObjectReference) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - i -= len(m.Subresource) - copy(dAtA[i:], m.Subresource) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subresource))) - i-- - dAtA[i] = 0x42 - i -= len(m.ResourceVersion) - copy(dAtA[i:], m.ResourceVersion) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.ResourceVersion))) - i-- - dAtA[i] = 0x3a - i -= len(m.APIVersion) - copy(dAtA[i:], m.APIVersion) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIVersion))) - i-- - dAtA[i] = 0x32 - i -= len(m.APIGroup) - copy(dAtA[i:], m.APIGroup) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIGroup))) - i-- - dAtA[i] = 0x2a - i -= len(m.UID) - copy(dAtA[i:], m.UID) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) - i-- - dAtA[i] = 0x22 - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x1a - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0x12 - i -= len(m.Resource) - copy(dAtA[i:], m.Resource) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Resource))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *Policy) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Policy) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - i-- - if m.OmitManagedFields { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x20 - if len(m.OmitStages) > 0 { - for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.OmitStages[iNdEx]) - copy(dAtA[i:], m.OmitStages[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.OmitStages[iNdEx]))) - i-- - dAtA[i] = 0x1a - } - } - if len(m.Rules) > 0 { - for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - } - { - size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *PolicyList) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *PolicyList) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *PolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Items) > 0 { - for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - } - { - size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *PolicyRule) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *PolicyRule) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.OmitManagedFields != nil { - i-- - if *m.OmitManagedFields { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x48 - } - if len(m.OmitStages) > 0 { - for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.OmitStages[iNdEx]) - copy(dAtA[i:], m.OmitStages[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.OmitStages[iNdEx]))) - i-- - dAtA[i] = 0x42 - } - } - if len(m.NonResourceURLs) > 0 { - for iNdEx := len(m.NonResourceURLs) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.NonResourceURLs[iNdEx]) - copy(dAtA[i:], m.NonResourceURLs[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.NonResourceURLs[iNdEx]))) - i-- - dAtA[i] = 0x3a - } - } - if len(m.Namespaces) > 0 { - for iNdEx := len(m.Namespaces) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Namespaces[iNdEx]) - copy(dAtA[i:], m.Namespaces[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespaces[iNdEx]))) - i-- - dAtA[i] = 0x32 - } - } - if len(m.Resources) > 0 { - for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x2a - } - } - if len(m.Verbs) > 0 { - for iNdEx := len(m.Verbs) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Verbs[iNdEx]) - copy(dAtA[i:], m.Verbs[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Verbs[iNdEx]))) - i-- - dAtA[i] = 0x22 - } - } - if len(m.UserGroups) > 0 { - for iNdEx := len(m.UserGroups) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.UserGroups[iNdEx]) - copy(dAtA[i:], m.UserGroups[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.UserGroups[iNdEx]))) - i-- - dAtA[i] = 0x1a - } - } - if len(m.Users) > 0 { - for iNdEx := len(m.Users) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Users[iNdEx]) - copy(dAtA[i:], m.Users[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Users[iNdEx]))) - i-- - dAtA[i] = 0x12 - } - } - i -= len(m.Level) - copy(dAtA[i:], m.Level) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Level))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { - offset -= sovGenerated(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *Event) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Level) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.AuditID) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Stage) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.RequestURI) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Verb) - n += 1 + l + sovGenerated(uint64(l)) - l = m.User.Size() - n += 1 + l + sovGenerated(uint64(l)) - if m.ImpersonatedUser != nil { - l = m.ImpersonatedUser.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if len(m.SourceIPs) > 0 { - for _, s := range m.SourceIPs { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if m.ObjectRef != nil { - l = m.ObjectRef.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.ResponseStatus != nil { - l = m.ResponseStatus.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.RequestObject != nil { - l = m.RequestObject.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.ResponseObject != nil { - l = m.ResponseObject.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - l = m.RequestReceivedTimestamp.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.StageTimestamp.Size() - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Annotations) > 0 { - for k, v := range m.Annotations { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) - n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) - } - } - l = len(m.UserAgent) - n += 2 + l + sovGenerated(uint64(l)) - return n -} - -func (m *EventList) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = m.ListMeta.Size() - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Items) > 0 { - for _, e := range m.Items { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - -func (m *GroupResources) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Group) - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Resources) > 0 { - for _, s := range m.Resources { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.ResourceNames) > 0 { - for _, s := range m.ResourceNames { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - -func (m *ObjectReference) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Resource) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Namespace) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Name) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.UID) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.APIGroup) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.APIVersion) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.ResourceVersion) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Subresource) - n += 1 + l + sovGenerated(uint64(l)) - return n -} - -func (m *Policy) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = m.ObjectMeta.Size() - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Rules) > 0 { - for _, e := range m.Rules { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.OmitStages) > 0 { - for _, s := range m.OmitStages { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - n += 2 - return n -} - -func (m *PolicyList) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = m.ListMeta.Size() - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Items) > 0 { - for _, e := range m.Items { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - -func (m *PolicyRule) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Level) - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Users) > 0 { - for _, s := range m.Users { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.UserGroups) > 0 { - for _, s := range m.UserGroups { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.Verbs) > 0 { - for _, s := range m.Verbs { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.Resources) > 0 { - for _, e := range m.Resources { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.Namespaces) > 0 { - for _, s := range m.Namespaces { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.NonResourceURLs) > 0 { - for _, s := range m.NonResourceURLs { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if len(m.OmitStages) > 0 { - for _, s := range m.OmitStages { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - if m.OmitManagedFields != nil { - n += 2 - } - return n -} - -func sovGenerated(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozGenerated(x uint64) (n int) { - return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (this *Event) String() string { - if this == nil { - return "nil" - } - keysForAnnotations := make([]string, 0, len(this.Annotations)) - for k := range this.Annotations { - keysForAnnotations = append(keysForAnnotations, k) - } - github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations) - mapStringForAnnotations := "map[string]string{" - for _, k := range keysForAnnotations { - mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k]) - } - mapStringForAnnotations += "}" - s := strings.Join([]string{`&Event{`, - `Level:` + fmt.Sprintf("%v", this.Level) + `,`, - `AuditID:` + fmt.Sprintf("%v", this.AuditID) + `,`, - `Stage:` + fmt.Sprintf("%v", this.Stage) + `,`, - `RequestURI:` + fmt.Sprintf("%v", this.RequestURI) + `,`, - `Verb:` + fmt.Sprintf("%v", this.Verb) + `,`, - `User:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.User), "UserInfo", "v1.UserInfo", 1), `&`, ``, 1) + `,`, - `ImpersonatedUser:` + strings.Replace(fmt.Sprintf("%v", this.ImpersonatedUser), "UserInfo", "v1.UserInfo", 1) + `,`, - `SourceIPs:` + fmt.Sprintf("%v", this.SourceIPs) + `,`, - `ObjectRef:` + strings.Replace(this.ObjectRef.String(), "ObjectReference", "ObjectReference", 1) + `,`, - `ResponseStatus:` + strings.Replace(fmt.Sprintf("%v", this.ResponseStatus), "Status", "v11.Status", 1) + `,`, - `RequestObject:` + strings.Replace(fmt.Sprintf("%v", this.RequestObject), "Unknown", "runtime.Unknown", 1) + `,`, - `ResponseObject:` + strings.Replace(fmt.Sprintf("%v", this.ResponseObject), "Unknown", "runtime.Unknown", 1) + `,`, - `RequestReceivedTimestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.RequestReceivedTimestamp), "MicroTime", "v11.MicroTime", 1), `&`, ``, 1) + `,`, - `StageTimestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.StageTimestamp), "MicroTime", "v11.MicroTime", 1), `&`, ``, 1) + `,`, - `Annotations:` + mapStringForAnnotations + `,`, - `UserAgent:` + fmt.Sprintf("%v", this.UserAgent) + `,`, - `}`, - }, "") - return s -} -func (this *EventList) String() string { - if this == nil { - return "nil" - } - repeatedStringForItems := "[]Event{" - for _, f := range this.Items { - repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "Event", "Event", 1), `&`, ``, 1) + "," - } - repeatedStringForItems += "}" - s := strings.Join([]string{`&EventList{`, - `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`, - `Items:` + repeatedStringForItems + `,`, - `}`, - }, "") - return s -} -func (this *GroupResources) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&GroupResources{`, - `Group:` + fmt.Sprintf("%v", this.Group) + `,`, - `Resources:` + fmt.Sprintf("%v", this.Resources) + `,`, - `ResourceNames:` + fmt.Sprintf("%v", this.ResourceNames) + `,`, - `}`, - }, "") - return s -} -func (this *ObjectReference) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&ObjectReference{`, - `Resource:` + fmt.Sprintf("%v", this.Resource) + `,`, - `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, - `Name:` + fmt.Sprintf("%v", this.Name) + `,`, - `UID:` + fmt.Sprintf("%v", this.UID) + `,`, - `APIGroup:` + fmt.Sprintf("%v", this.APIGroup) + `,`, - `APIVersion:` + fmt.Sprintf("%v", this.APIVersion) + `,`, - `ResourceVersion:` + fmt.Sprintf("%v", this.ResourceVersion) + `,`, - `Subresource:` + fmt.Sprintf("%v", this.Subresource) + `,`, - `}`, - }, "") - return s -} -func (this *Policy) String() string { - if this == nil { - return "nil" - } - repeatedStringForRules := "[]PolicyRule{" - for _, f := range this.Rules { - repeatedStringForRules += strings.Replace(strings.Replace(f.String(), "PolicyRule", "PolicyRule", 1), `&`, ``, 1) + "," - } - repeatedStringForRules += "}" - s := strings.Join([]string{`&Policy{`, - `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`, - `Rules:` + repeatedStringForRules + `,`, - `OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`, - `OmitManagedFields:` + fmt.Sprintf("%v", this.OmitManagedFields) + `,`, - `}`, - }, "") - return s -} -func (this *PolicyList) String() string { - if this == nil { - return "nil" - } - repeatedStringForItems := "[]Policy{" - for _, f := range this.Items { - repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "Policy", "Policy", 1), `&`, ``, 1) + "," - } - repeatedStringForItems += "}" - s := strings.Join([]string{`&PolicyList{`, - `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`, - `Items:` + repeatedStringForItems + `,`, - `}`, - }, "") - return s -} -func (this *PolicyRule) String() string { - if this == nil { - return "nil" - } - repeatedStringForResources := "[]GroupResources{" - for _, f := range this.Resources { - repeatedStringForResources += strings.Replace(strings.Replace(f.String(), "GroupResources", "GroupResources", 1), `&`, ``, 1) + "," - } - repeatedStringForResources += "}" - s := strings.Join([]string{`&PolicyRule{`, - `Level:` + fmt.Sprintf("%v", this.Level) + `,`, - `Users:` + fmt.Sprintf("%v", this.Users) + `,`, - `UserGroups:` + fmt.Sprintf("%v", this.UserGroups) + `,`, - `Verbs:` + fmt.Sprintf("%v", this.Verbs) + `,`, - `Resources:` + repeatedStringForResources + `,`, - `Namespaces:` + fmt.Sprintf("%v", this.Namespaces) + `,`, - `NonResourceURLs:` + fmt.Sprintf("%v", this.NonResourceURLs) + `,`, - `OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`, - `OmitManagedFields:` + valueToStringGenerated(this.OmitManagedFields) + `,`, - `}`, - }, "") - return s -} -func valueToStringGenerated(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" - } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) -} -func (m *Event) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Event: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Event: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Level", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Level = Level(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuditID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AuditID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Stage", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Stage = Stage(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestURI", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RequestURI = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Verb", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Verb = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.User.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ImpersonatedUser", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ImpersonatedUser == nil { - m.ImpersonatedUser = &v1.UserInfo{} - } - if err := m.ImpersonatedUser.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SourceIPs", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SourceIPs = append(m.SourceIPs, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ObjectRef", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ObjectRef == nil { - m.ObjectRef = &ObjectReference{} - } - if err := m.ObjectRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResponseStatus", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ResponseStatus == nil { - m.ResponseStatus = &v11.Status{} - } - if err := m.ResponseStatus.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestObject", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RequestObject == nil { - m.RequestObject = &runtime.Unknown{} - } - if err := m.RequestObject.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResponseObject", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.ResponseObject == nil { - m.ResponseObject = &runtime.Unknown{} - } - if err := m.ResponseObject.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestReceivedTimestamp", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.RequestReceivedTimestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field StageTimestamp", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.StageTimestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Annotations == nil { - m.Annotations = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthGenerated - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthGenerated - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthGenerated - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthGenerated - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.Annotations[mapkey] = mapvalue - iNdEx = postIndex - case 16: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserAgent", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UserAgent = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *EventList) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: EventList: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: EventList: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Items = append(m.Items, Event{}) - if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GroupResources) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GroupResources: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GroupResources: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Group", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Group = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Resources = append(m.Resources, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceNames", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ResourceNames = append(m.ResourceNames, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ObjectReference) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ObjectReference: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ObjectReference: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Resource = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field APIGroup", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.APIGroup = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field APIVersion", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.APIVersion = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceVersion", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ResourceVersion = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Subresource", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Subresource = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Policy) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Policy: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Policy: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Rules = append(m.Rules, PolicyRule{}) - if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field OmitStages", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.OmitManagedFields = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *PolicyList) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: PolicyList: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: PolicyList: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Items = append(m.Items, Policy{}) - if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *PolicyRule) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: PolicyRule: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: PolicyRule: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Level", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Level = Level(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Users", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Users = append(m.Users, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserGroups", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UserGroups = append(m.UserGroups, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Verbs", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Verbs = append(m.Verbs, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Resources = append(m.Resources, GroupResources{}) - if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespaces", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespaces = append(m.Namespaces, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NonResourceURLs", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.NonResourceURLs = append(m.NonResourceURLs, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field OmitStages", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 9: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - b := bool(v != 0) - m.OmitManagedFields = &b - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipGenerated(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthGenerated - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupGenerated - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") -) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto deleted file mode 100644 index 8cdb12cdf9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto +++ /dev/null @@ -1,275 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - - -// This file was autogenerated by go-to-protobuf. Do not edit it manually! - -syntax = "proto2"; - -package k8s.io.apiserver.pkg.apis.audit.v1; - -import "k8s.io/api/authentication/v1/generated.proto"; -import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; - -// Package-wide variables from generator "generated". -option go_package = "k8s.io/apiserver/pkg/apis/audit/v1"; - -// Event captures all the information that can be included in an API audit log. -message Event { - // AuditLevel at which event was generated - optional string level = 1; - - // Unique audit ID, generated for each request. - optional string auditID = 2; - - // Stage of the request handling when this event instance was generated. - optional string stage = 3; - - // RequestURI is the request URI as sent by the client to a server. - optional string requestURI = 4; - - // Verb is the kubernetes verb associated with the request. - // For non-resource requests, this is the lower-cased HTTP method. - optional string verb = 5; - - // Authenticated user information. - optional k8s.io.api.authentication.v1.UserInfo user = 6; - - // Impersonated user information. - // +optional - optional k8s.io.api.authentication.v1.UserInfo impersonatedUser = 7; - - // Source IPs, from where the request originated and intermediate proxies. - // The source IPs are listed from (in order): - // 1. X-Forwarded-For request header IPs - // 2. X-Real-Ip header, if not present in the X-Forwarded-For list - // 3. The remote address for the connection, if it doesn't match the last - // IP in the list up to here (X-Forwarded-For or X-Real-Ip). - // Note: All but the last IP can be arbitrarily set by the client. - // +optional - repeated string sourceIPs = 8; - - // UserAgent records the user agent string reported by the client. - // Note that the UserAgent is provided by the client, and must not be trusted. - // +optional - optional string userAgent = 16; - - // Object reference this request is targeted at. - // Does not apply for List-type requests, or non-resource requests. - // +optional - optional ObjectReference objectRef = 9; - - // The response status, populated even when the ResponseObject is not a Status type. - // For successful responses, this will only include the Code and StatusSuccess. - // For non-status type error responses, this will be auto-populated with the error Message. - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.Status responseStatus = 10; - - // API object from the request, in JSON format. The RequestObject is recorded as-is in the request - // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or - // merging. It is an external versioned object type, and may not be a valid object on its own. - // Omitted for non-resource requests. Only logged at Request Level and higher. - // +optional - optional k8s.io.apimachinery.pkg.runtime.Unknown requestObject = 11; - - // API object returned in the response, in JSON. The ResponseObject is recorded after conversion - // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged - // at Response Level. - // +optional - optional k8s.io.apimachinery.pkg.runtime.Unknown responseObject = 12; - - // Time the request reached the apiserver. - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime requestReceivedTimestamp = 13; - - // Time the request reached current audit stage. - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime stageTimestamp = 14; - - // Annotations is an unstructured key value map stored with an audit event that may be set by - // plugins invoked in the request serving chain, including authentication, authorization and - // admission plugins. Note that these annotations are for the audit event, and do not correspond - // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing - // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values - // should be short. Annotations are included in the Metadata level. - // +optional - map<string, string> annotations = 15; -} - -// EventList is a list of audit Events. -message EventList { - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; - - repeated Event items = 2; -} - -// GroupResources represents resource kinds in an API group. -message GroupResources { - // Group is the name of the API group that contains the resources. - // The empty string represents the core API group. - // +optional - optional string group = 1; - - // Resources is a list of resources this rule applies to. - // - // For example: - // 'pods' matches pods. - // 'pods/log' matches the log subresource of pods. - // '*' matches all resources and their subresources. - // 'pods/*' matches all subresources of pods. - // '*/scale' matches all scale subresources. - // - // If wildcard is present, the validation rule will ensure resources do not - // overlap with each other. - // - // An empty list implies all resources and subresources in this API groups apply. - // +optional - repeated string resources = 2; - - // ResourceNames is a list of resource instance names that the policy matches. - // Using this field requires Resources to be specified. - // An empty list implies that every instance of the resource is matched. - // +optional - repeated string resourceNames = 3; -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -message ObjectReference { - // +optional - optional string resource = 1; - - // +optional - optional string namespace = 2; - - // +optional - optional string name = 3; - - // +optional - optional string uid = 4; - - // APIGroup is the name of the API group that contains the referred object. - // The empty string represents the core API group. - // +optional - optional string apiGroup = 5; - - // APIVersion is the version of the API group that contains the referred object. - // +optional - optional string apiVersion = 6; - - // +optional - optional string resourceVersion = 7; - - // +optional - optional string subresource = 8; -} - -// Policy defines the configuration of audit logging, and the rules for how different request -// categories are logged. -message Policy { - // ObjectMeta is included for interoperability with API infrastructure. - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; - - // Rules specify the audit Level a request should be recorded at. - // A request may match multiple rules, in which case the FIRST matching rule is used. - // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. - // PolicyRules are strictly ordered. - repeated PolicyRule rules = 2; - - // OmitStages is a list of stages for which no events are created. Note that this can also - // be specified per rule in which case the union of both are omitted. - // +optional - repeated string omitStages = 3; - - // OmitManagedFields indicates whether to omit the managed fields of the request - // and response bodies from being written to the API audit log. - // This is used as a global default - a value of 'true' will omit the managed fileds, - // otherwise the managed fields will be included in the API audit log. - // Note that this can also be specified per rule in which case the value specified - // in a rule will override the global default. - // +optional - optional bool omitManagedFields = 4; -} - -// PolicyList is a list of audit Policies. -message PolicyList { - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; - - repeated Policy items = 2; -} - -// PolicyRule maps requests based off metadata to an audit Level. -// Requests must match the rules of every field (an intersection of rules). -message PolicyRule { - // The Level that requests matching this rule are recorded at. - optional string level = 1; - - // The users (by authenticated user name) this rule applies to. - // An empty list implies every user. - // +optional - repeated string users = 2; - - // The user groups this rule applies to. A user is considered matching - // if it is a member of any of the UserGroups. - // An empty list implies every user group. - // +optional - repeated string userGroups = 3; - - // The verbs that match this rule. - // An empty list implies every verb. - // +optional - repeated string verbs = 4; - - // Resources that this rule matches. An empty list implies all kinds in all API groups. - // +optional - repeated GroupResources resources = 5; - - // Namespaces that this rule matches. - // The empty string "" matches non-namespaced resources. - // An empty list implies every namespace. - // +optional - repeated string namespaces = 6; - - // NonResourceURLs is a set of URL paths that should be audited. - // *s are allowed, but only as the full, final step in the path. - // Examples: - // "/metrics" - Log requests for apiserver metrics - // "/healthz*" - Log all health checks - // +optional - repeated string nonResourceURLs = 7; - - // OmitStages is a list of stages for which no events are created. Note that this can also - // be specified policy wide in which case the union of both are omitted. - // An empty list means no restrictions will apply. - // +optional - repeated string omitStages = 8; - - // OmitManagedFields indicates whether to omit the managed fields of the request - // and response bodies from being written to the API audit log. - // - a value of 'true' will drop the managed fields from the API audit log - // - a value of 'false' indicates that the managed fileds should be included - // in the API audit log - // Note that the value, if specified, in this rule will override the global default - // If a value is not specified then the global default specified in - // Policy.OmitManagedFields will stand. - // +optional - optional bool omitManagedFields = 9; -} - diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go deleted file mode 100644 index 46e3e47bc6..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "audit.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Event{}, - &EventList{}, - &Policy{}, - &PolicyList{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go deleted file mode 100644 index 27f4729eaa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go +++ /dev/null @@ -1,306 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - authnv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" -) - -// Header keys used by the audit system. -const ( - // Header to hold the audit ID as the request is propagated through the serving hierarchy. The - // Audit-ID header should be set by the first server to receive the request (e.g. the federation - // server or kube-aggregator). - HeaderAuditID = "Audit-ID" -) - -// Level defines the amount of information logged during auditing -type Level string - -// Valid audit levels -const ( - // LevelNone disables auditing - LevelNone Level = "None" - // LevelMetadata provides the basic level of auditing. - LevelMetadata Level = "Metadata" - // LevelRequest provides Metadata level of auditing, and additionally - // logs the request object (does not apply for non-resource requests). - LevelRequest Level = "Request" - // LevelRequestResponse provides Request level of auditing, and additionally - // logs the response object (does not apply for non-resource requests). - LevelRequestResponse Level = "RequestResponse" -) - -// Stage defines the stages in request handling that audit events may be generated. -type Stage string - -// Valid audit stages. -const ( - // The stage for events generated as soon as the audit handler receives the request, and before it - // is delegated down the handler chain. - StageRequestReceived Stage = "RequestReceived" - // The stage for events generated once the response headers are sent, but before the response body - // is sent. This stage is only generated for long-running requests (e.g. watch). - StageResponseStarted Stage = "ResponseStarted" - // The stage for events generated once the response body has been completed, and no more bytes - // will be sent. - StageResponseComplete Stage = "ResponseComplete" - // The stage for events generated when a panic occurred. - StagePanic Stage = "Panic" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Event captures all the information that can be included in an API audit log. -type Event struct { - metav1.TypeMeta `json:",inline"` - - // AuditLevel at which event was generated - Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"` - - // Unique audit ID, generated for each request. - AuditID types.UID `json:"auditID" protobuf:"bytes,2,opt,name=auditID,casttype=k8s.io/apimachinery/pkg/types.UID"` - // Stage of the request handling when this event instance was generated. - Stage Stage `json:"stage" protobuf:"bytes,3,opt,name=stage,casttype=Stage"` - - // RequestURI is the request URI as sent by the client to a server. - RequestURI string `json:"requestURI" protobuf:"bytes,4,opt,name=requestURI"` - // Verb is the kubernetes verb associated with the request. - // For non-resource requests, this is the lower-cased HTTP method. - Verb string `json:"verb" protobuf:"bytes,5,opt,name=verb"` - // Authenticated user information. - User authnv1.UserInfo `json:"user" protobuf:"bytes,6,opt,name=user"` - // Impersonated user information. - // +optional - ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,7,opt,name=impersonatedUser"` - // Source IPs, from where the request originated and intermediate proxies. - // The source IPs are listed from (in order): - // 1. X-Forwarded-For request header IPs - // 2. X-Real-Ip header, if not present in the X-Forwarded-For list - // 3. The remote address for the connection, if it doesn't match the last - // IP in the list up to here (X-Forwarded-For or X-Real-Ip). - // Note: All but the last IP can be arbitrarily set by the client. - // +optional - SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,8,rep,name=sourceIPs"` - // UserAgent records the user agent string reported by the client. - // Note that the UserAgent is provided by the client, and must not be trusted. - // +optional - UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,16,opt,name=userAgent"` - // Object reference this request is targeted at. - // Does not apply for List-type requests, or non-resource requests. - // +optional - ObjectRef *ObjectReference `json:"objectRef,omitempty" protobuf:"bytes,9,opt,name=objectRef"` - // The response status, populated even when the ResponseObject is not a Status type. - // For successful responses, this will only include the Code and StatusSuccess. - // For non-status type error responses, this will be auto-populated with the error Message. - // +optional - ResponseStatus *metav1.Status `json:"responseStatus,omitempty" protobuf:"bytes,10,opt,name=responseStatus"` - - // API object from the request, in JSON format. The RequestObject is recorded as-is in the request - // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or - // merging. It is an external versioned object type, and may not be a valid object on its own. - // Omitted for non-resource requests. Only logged at Request Level and higher. - // +optional - RequestObject *runtime.Unknown `json:"requestObject,omitempty" protobuf:"bytes,11,opt,name=requestObject"` - // API object returned in the response, in JSON. The ResponseObject is recorded after conversion - // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged - // at Response Level. - // +optional - ResponseObject *runtime.Unknown `json:"responseObject,omitempty" protobuf:"bytes,12,opt,name=responseObject"` - // Time the request reached the apiserver. - // +optional - RequestReceivedTimestamp metav1.MicroTime `json:"requestReceivedTimestamp" protobuf:"bytes,13,opt,name=requestReceivedTimestamp"` - // Time the request reached current audit stage. - // +optional - StageTimestamp metav1.MicroTime `json:"stageTimestamp" protobuf:"bytes,14,opt,name=stageTimestamp"` - - // Annotations is an unstructured key value map stored with an audit event that may be set by - // plugins invoked in the request serving chain, including authentication, authorization and - // admission plugins. Note that these annotations are for the audit event, and do not correspond - // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing - // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values - // should be short. Annotations are included in the Metadata level. - // +optional - Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,15,rep,name=annotations"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EventList is a list of audit Events. -type EventList struct { - metav1.TypeMeta `json:",inline"` - // +optional - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - Items []Event `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Policy defines the configuration of audit logging, and the rules for how different request -// categories are logged. -type Policy struct { - metav1.TypeMeta `json:",inline"` - // ObjectMeta is included for interoperability with API infrastructure. - // +optional - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Rules specify the audit Level a request should be recorded at. - // A request may match multiple rules, in which case the FIRST matching rule is used. - // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. - // PolicyRules are strictly ordered. - Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"` - - // OmitStages is a list of stages for which no events are created. Note that this can also - // be specified per rule in which case the union of both are omitted. - // +optional - OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"` - - // OmitManagedFields indicates whether to omit the managed fields of the request - // and response bodies from being written to the API audit log. - // This is used as a global default - a value of 'true' will omit the managed fileds, - // otherwise the managed fields will be included in the API audit log. - // Note that this can also be specified per rule in which case the value specified - // in a rule will override the global default. - // +optional - OmitManagedFields bool `json:"omitManagedFields,omitempty" protobuf:"varint,4,opt,name=omitManagedFields"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PolicyList is a list of audit Policies. -type PolicyList struct { - metav1.TypeMeta `json:",inline"` - // +optional - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - Items []Policy `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -// PolicyRule maps requests based off metadata to an audit Level. -// Requests must match the rules of every field (an intersection of rules). -type PolicyRule struct { - // The Level that requests matching this rule are recorded at. - Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"` - - // The users (by authenticated user name) this rule applies to. - // An empty list implies every user. - // +optional - Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"` - // The user groups this rule applies to. A user is considered matching - // if it is a member of any of the UserGroups. - // An empty list implies every user group. - // +optional - UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"` - - // The verbs that match this rule. - // An empty list implies every verb. - // +optional - Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"` - - // Rules can apply to API resources (such as "pods" or "secrets"), - // non-resource URL paths (such as "/api"), or neither, but not both. - // If neither is specified, the rule is treated as a default for all URLs. - - // Resources that this rule matches. An empty list implies all kinds in all API groups. - // +optional - Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"` - // Namespaces that this rule matches. - // The empty string "" matches non-namespaced resources. - // An empty list implies every namespace. - // +optional - Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"` - - // NonResourceURLs is a set of URL paths that should be audited. - // *s are allowed, but only as the full, final step in the path. - // Examples: - // "/metrics" - Log requests for apiserver metrics - // "/healthz*" - Log all health checks - // +optional - NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"` - - // OmitStages is a list of stages for which no events are created. Note that this can also - // be specified policy wide in which case the union of both are omitted. - // An empty list means no restrictions will apply. - // +optional - OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"` - - // OmitManagedFields indicates whether to omit the managed fields of the request - // and response bodies from being written to the API audit log. - // - a value of 'true' will drop the managed fields from the API audit log - // - a value of 'false' indicates that the managed fileds should be included - // in the API audit log - // Note that the value, if specified, in this rule will override the global default - // If a value is not specified then the global default specified in - // Policy.OmitManagedFields will stand. - // +optional - OmitManagedFields *bool `json:"omitManagedFields,omitempty" protobuf:"varint,9,opt,name=omitManagedFields"` -} - -// GroupResources represents resource kinds in an API group. -type GroupResources struct { - // Group is the name of the API group that contains the resources. - // The empty string represents the core API group. - // +optional - Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"` - // Resources is a list of resources this rule applies to. - // - // For example: - // 'pods' matches pods. - // 'pods/log' matches the log subresource of pods. - // '*' matches all resources and their subresources. - // 'pods/*' matches all subresources of pods. - // '*/scale' matches all scale subresources. - // - // If wildcard is present, the validation rule will ensure resources do not - // overlap with each other. - // - // An empty list implies all resources and subresources in this API groups apply. - // +optional - Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"` - // ResourceNames is a list of resource instance names that the policy matches. - // Using this field requires Resources to be specified. - // An empty list implies that every instance of the resource is matched. - // +optional - ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"` -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -type ObjectReference struct { - // +optional - Resource string `json:"resource,omitempty" protobuf:"bytes,1,opt,name=resource"` - // +optional - Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"` - // +optional - Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"` - // +optional - UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"` - // APIGroup is the name of the API group that contains the referred object. - // The empty string represents the core API group. - // +optional - APIGroup string `json:"apiGroup,omitempty" protobuf:"bytes,5,opt,name=apiGroup"` - // APIVersion is the version of the API group that contains the referred object. - // +optional - APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,6,opt,name=apiVersion"` - // +optional - ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,7,opt,name=resourceVersion"` - // +optional - Subresource string `json:"subresource,omitempty" protobuf:"bytes,8,opt,name=subresource"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go deleted file mode 100644 index 53cbb02084..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go +++ /dev/null @@ -1,327 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - authenticationv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - audit "k8s.io/apiserver/pkg/apis/audit" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*Event)(nil), (*audit.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Event_To_audit_Event(a.(*Event), b.(*audit.Event), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*audit.Event)(nil), (*Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_audit_Event_To_v1_Event(a.(*audit.Event), b.(*Event), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*EventList)(nil), (*audit.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EventList_To_audit_EventList(a.(*EventList), b.(*audit.EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*audit.EventList)(nil), (*EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_audit_EventList_To_v1_EventList(a.(*audit.EventList), b.(*EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*GroupResources)(nil), (*audit.GroupResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_GroupResources_To_audit_GroupResources(a.(*GroupResources), b.(*audit.GroupResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*audit.GroupResources)(nil), (*GroupResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_audit_GroupResources_To_v1_GroupResources(a.(*audit.GroupResources), b.(*GroupResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ObjectReference)(nil), (*audit.ObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ObjectReference_To_audit_ObjectReference(a.(*ObjectReference), b.(*audit.ObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*audit.ObjectReference)(nil), (*ObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_audit_ObjectReference_To_v1_ObjectReference(a.(*audit.ObjectReference), b.(*ObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Policy)(nil), (*audit.Policy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Policy_To_audit_Policy(a.(*Policy), b.(*audit.Policy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*audit.Policy)(nil), (*Policy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_audit_Policy_To_v1_Policy(a.(*audit.Policy), b.(*Policy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PolicyList)(nil), (*audit.PolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PolicyList_To_audit_PolicyList(a.(*PolicyList), b.(*audit.PolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*audit.PolicyList)(nil), (*PolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_audit_PolicyList_To_v1_PolicyList(a.(*audit.PolicyList), b.(*PolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PolicyRule)(nil), (*audit.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PolicyRule_To_audit_PolicyRule(a.(*PolicyRule), b.(*audit.PolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*audit.PolicyRule)(nil), (*PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_audit_PolicyRule_To_v1_PolicyRule(a.(*audit.PolicyRule), b.(*PolicyRule), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error { - out.Level = audit.Level(in.Level) - out.AuditID = types.UID(in.AuditID) - out.Stage = audit.Stage(in.Stage) - out.RequestURI = in.RequestURI - out.Verb = in.Verb - out.User = in.User - out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser)) - out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs)) - out.UserAgent = in.UserAgent - out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef)) - out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus)) - out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject)) - out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject)) - out.RequestReceivedTimestamp = in.RequestReceivedTimestamp - out.StageTimestamp = in.StageTimestamp - out.Annotations = *(*map[string]string)(unsafe.Pointer(&in.Annotations)) - return nil -} - -// Convert_v1_Event_To_audit_Event is an autogenerated conversion function. -func Convert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error { - return autoConvert_v1_Event_To_audit_Event(in, out, s) -} - -func autoConvert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversion.Scope) error { - out.Level = Level(in.Level) - out.AuditID = types.UID(in.AuditID) - out.Stage = Stage(in.Stage) - out.RequestURI = in.RequestURI - out.Verb = in.Verb - out.User = in.User - out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser)) - out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs)) - out.UserAgent = in.UserAgent - out.ObjectRef = (*ObjectReference)(unsafe.Pointer(in.ObjectRef)) - out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus)) - out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject)) - out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject)) - out.RequestReceivedTimestamp = in.RequestReceivedTimestamp - out.StageTimestamp = in.StageTimestamp - out.Annotations = *(*map[string]string)(unsafe.Pointer(&in.Annotations)) - return nil -} - -// Convert_audit_Event_To_v1_Event is an autogenerated conversion function. -func Convert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversion.Scope) error { - return autoConvert_audit_Event_To_v1_Event(in, out, s) -} - -func autoConvert_v1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]audit.Event)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_EventList_To_audit_EventList is an autogenerated conversion function. -func Convert_v1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error { - return autoConvert_v1_EventList_To_audit_EventList(in, out, s) -} - -func autoConvert_audit_EventList_To_v1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]Event)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_audit_EventList_To_v1_EventList is an autogenerated conversion function. -func Convert_audit_EventList_To_v1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error { - return autoConvert_audit_EventList_To_v1_EventList(in, out, s) -} - -func autoConvert_v1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error { - out.Group = in.Group - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - return nil -} - -// Convert_v1_GroupResources_To_audit_GroupResources is an autogenerated conversion function. -func Convert_v1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error { - return autoConvert_v1_GroupResources_To_audit_GroupResources(in, out, s) -} - -func autoConvert_audit_GroupResources_To_v1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error { - out.Group = in.Group - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - return nil -} - -// Convert_audit_GroupResources_To_v1_GroupResources is an autogenerated conversion function. -func Convert_audit_GroupResources_To_v1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error { - return autoConvert_audit_GroupResources_To_v1_GroupResources(in, out, s) -} - -func autoConvert_v1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error { - out.Resource = in.Resource - out.Namespace = in.Namespace - out.Name = in.Name - out.UID = types.UID(in.UID) - out.APIGroup = in.APIGroup - out.APIVersion = in.APIVersion - out.ResourceVersion = in.ResourceVersion - out.Subresource = in.Subresource - return nil -} - -// Convert_v1_ObjectReference_To_audit_ObjectReference is an autogenerated conversion function. -func Convert_v1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error { - return autoConvert_v1_ObjectReference_To_audit_ObjectReference(in, out, s) -} - -func autoConvert_audit_ObjectReference_To_v1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error { - out.Resource = in.Resource - out.Namespace = in.Namespace - out.Name = in.Name - out.UID = types.UID(in.UID) - out.APIGroup = in.APIGroup - out.APIVersion = in.APIVersion - out.ResourceVersion = in.ResourceVersion - out.Subresource = in.Subresource - return nil -} - -// Convert_audit_ObjectReference_To_v1_ObjectReference is an autogenerated conversion function. -func Convert_audit_ObjectReference_To_v1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error { - return autoConvert_audit_ObjectReference_To_v1_ObjectReference(in, out, s) -} - -func autoConvert_v1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]audit.PolicyRule)(unsafe.Pointer(&in.Rules)) - out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages)) - out.OmitManagedFields = in.OmitManagedFields - return nil -} - -// Convert_v1_Policy_To_audit_Policy is an autogenerated conversion function. -func Convert_v1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error { - return autoConvert_v1_Policy_To_audit_Policy(in, out, s) -} - -func autoConvert_audit_Policy_To_v1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules)) - out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages)) - out.OmitManagedFields = in.OmitManagedFields - return nil -} - -// Convert_audit_Policy_To_v1_Policy is an autogenerated conversion function. -func Convert_audit_Policy_To_v1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error { - return autoConvert_audit_Policy_To_v1_Policy(in, out, s) -} - -func autoConvert_v1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]audit.Policy)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_PolicyList_To_audit_PolicyList is an autogenerated conversion function. -func Convert_v1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error { - return autoConvert_v1_PolicyList_To_audit_PolicyList(in, out, s) -} - -func autoConvert_audit_PolicyList_To_v1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]Policy)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_audit_PolicyList_To_v1_PolicyList is an autogenerated conversion function. -func Convert_audit_PolicyList_To_v1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error { - return autoConvert_audit_PolicyList_To_v1_PolicyList(in, out, s) -} - -func autoConvert_v1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error { - out.Level = audit.Level(in.Level) - out.Users = *(*[]string)(unsafe.Pointer(&in.Users)) - out.UserGroups = *(*[]string)(unsafe.Pointer(&in.UserGroups)) - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.Resources = *(*[]audit.GroupResources)(unsafe.Pointer(&in.Resources)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages)) - out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields)) - return nil -} - -// Convert_v1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function. -func Convert_v1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error { - return autoConvert_v1_PolicyRule_To_audit_PolicyRule(in, out, s) -} - -func autoConvert_audit_PolicyRule_To_v1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error { - out.Level = Level(in.Level) - out.Users = *(*[]string)(unsafe.Pointer(&in.Users)) - out.UserGroups = *(*[]string)(unsafe.Pointer(&in.UserGroups)) - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.Resources = *(*[]GroupResources)(unsafe.Pointer(&in.Resources)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages)) - out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields)) - return nil -} - -// Convert_audit_PolicyRule_To_v1_PolicyRule is an autogenerated conversion function. -func Convert_audit_PolicyRule_To_v1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error { - return autoConvert_audit_PolicyRule_To_v1_PolicyRule(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go deleted file mode 100644 index 0b1b0052d5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,297 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - authenticationv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Event) DeepCopyInto(out *Event) { - *out = *in - out.TypeMeta = in.TypeMeta - in.User.DeepCopyInto(&out.User) - if in.ImpersonatedUser != nil { - in, out := &in.ImpersonatedUser, &out.ImpersonatedUser - *out = new(authenticationv1.UserInfo) - (*in).DeepCopyInto(*out) - } - if in.SourceIPs != nil { - in, out := &in.SourceIPs, &out.SourceIPs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ObjectRef != nil { - in, out := &in.ObjectRef, &out.ObjectRef - *out = new(ObjectReference) - **out = **in - } - if in.ResponseStatus != nil { - in, out := &in.ResponseStatus, &out.ResponseStatus - *out = new(metav1.Status) - (*in).DeepCopyInto(*out) - } - if in.RequestObject != nil { - in, out := &in.RequestObject, &out.RequestObject - *out = new(runtime.Unknown) - (*in).DeepCopyInto(*out) - } - if in.ResponseObject != nil { - in, out := &in.ResponseObject, &out.ResponseObject - *out = new(runtime.Unknown) - (*in).DeepCopyInto(*out) - } - in.RequestReceivedTimestamp.DeepCopyInto(&out.RequestReceivedTimestamp) - in.StageTimestamp.DeepCopyInto(&out.StageTimestamp) - if in.Annotations != nil { - in, out := &in.Annotations, &out.Annotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event. -func (in *Event) DeepCopy() *Event { - if in == nil { - return nil - } - out := new(Event) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Event) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventList) DeepCopyInto(out *EventList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Event, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList. -func (in *EventList) DeepCopy() *EventList { - if in == nil { - return nil - } - out := new(EventList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EventList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GroupResources) DeepCopyInto(out *GroupResources) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ResourceNames != nil { - in, out := &in.ResourceNames, &out.ResourceNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources. -func (in *GroupResources) DeepCopy() *GroupResources { - if in == nil { - return nil - } - out := new(GroupResources) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. -func (in *ObjectReference) DeepCopy() *ObjectReference { - if in == nil { - return nil - } - out := new(ObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]PolicyRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.OmitStages != nil { - in, out := &in.OmitStages, &out.OmitStages - *out = make([]Stage, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Policy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyList) DeepCopyInto(out *PolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Policy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList. -func (in *PolicyList) DeepCopy() *PolicyList { - if in == nil { - return nil - } - out := new(PolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyRule) DeepCopyInto(out *PolicyRule) { - *out = *in - if in.Users != nil { - in, out := &in.Users, &out.Users - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.UserGroups != nil { - in, out := &in.UserGroups, &out.UserGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Verbs != nil { - in, out := &in.Verbs, &out.Verbs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]GroupResources, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.NonResourceURLs != nil { - in, out := &in.NonResourceURLs, &out.NonResourceURLs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.OmitStages != nil { - in, out := &in.OmitStages, &out.OmitStages - *out = make([]Stage, len(*in)) - copy(*out, *in) - } - if in.OmitManagedFields != nil { - in, out := &in.OmitManagedFields, &out.OmitManagedFields - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule. -func (in *PolicyRule) DeepCopy() *PolicyRule { - if in == nil { - return nil - } - out := new(PolicyRule) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/validation/validation.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/validation/validation.go deleted file mode 100644 index 0611c1ae5f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/validation/validation.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "strings" - - "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/apis/audit" -) - -// ValidatePolicy validates the audit policy -func ValidatePolicy(policy *audit.Policy) field.ErrorList { - var allErrs field.ErrorList - allErrs = append(allErrs, validateOmitStages(policy.OmitStages, field.NewPath("omitStages"))...) - rulePath := field.NewPath("rules") - for i, rule := range policy.Rules { - allErrs = append(allErrs, validatePolicyRule(rule, rulePath.Index(i))...) - } - return allErrs -} - -func validatePolicyRule(rule audit.PolicyRule, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - allErrs = append(allErrs, validateLevel(rule.Level, fldPath.Child("level"))...) - allErrs = append(allErrs, validateNonResourceURLs(rule.NonResourceURLs, fldPath.Child("nonResourceURLs"))...) - allErrs = append(allErrs, validateResources(rule.Resources, fldPath.Child("resources"))...) - allErrs = append(allErrs, validateOmitStages(rule.OmitStages, fldPath.Child("omitStages"))...) - - if len(rule.NonResourceURLs) > 0 { - if len(rule.Resources) > 0 || len(rule.Namespaces) > 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceURLs"), rule.NonResourceURLs, "rules cannot apply to both regular resources and non-resource URLs")) - } - } - - return allErrs -} - -var validLevels = []string{ - string(audit.LevelNone), - string(audit.LevelMetadata), - string(audit.LevelRequest), - string(audit.LevelRequestResponse), -} - -var validOmitStages = []string{ - string(audit.StageRequestReceived), - string(audit.StageResponseStarted), - string(audit.StageResponseComplete), - string(audit.StagePanic), -} - -func validateLevel(level audit.Level, fldPath *field.Path) field.ErrorList { - switch level { - case audit.LevelNone, audit.LevelMetadata, audit.LevelRequest, audit.LevelRequestResponse: - return nil - case "": - return field.ErrorList{field.Required(fldPath, "")} - default: - return field.ErrorList{field.NotSupported(fldPath, level, validLevels)} - } -} - -func validateNonResourceURLs(urls []string, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - for i, url := range urls { - if url == "*" { - continue - } - - if !strings.HasPrefix(url, "/") { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i), url, "non-resource URL rules must begin with a '/' character")) - } - - if url != "" && strings.ContainsRune(url[:len(url)-1], '*') { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i), url, "non-resource URL wildcards '*' must be the final character of the rule")) - } - } - return allErrs -} - -func validateResources(groupResources []audit.GroupResources, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - for _, groupResource := range groupResources { - // The empty string represents the core API group. - if len(groupResource.Group) != 0 { - // Group names must be lower case and be valid DNS subdomains. - // reference: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md - // an error is returned for group name like rbac.authorization.k8s.io/v1beta1 - // rbac.authorization.k8s.io is the valid one - if msgs := validation.NameIsDNSSubdomain(groupResource.Group, false); len(msgs) != 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("group"), groupResource.Group, strings.Join(msgs, ","))) - } - } - - if len(groupResource.ResourceNames) > 0 && len(groupResource.Resources) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceNames"), groupResource.ResourceNames, "using resourceNames requires at least one resource")) - } - } - return allErrs -} - -func validateOmitStages(omitStages []audit.Stage, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - for i, stage := range omitStages { - valid := false - for _, validOmitStage := range validOmitStages { - if string(stage) == validOmitStage { - valid = true - break - } - } - if !valid { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i), string(stage), "allowed stages are "+strings.Join(validOmitStages, ","))) - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go deleted file mode 100644 index 81d5add47d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go +++ /dev/null @@ -1,297 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package audit - -import ( - v1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Event) DeepCopyInto(out *Event) { - *out = *in - out.TypeMeta = in.TypeMeta - in.User.DeepCopyInto(&out.User) - if in.ImpersonatedUser != nil { - in, out := &in.ImpersonatedUser, &out.ImpersonatedUser - *out = new(v1.UserInfo) - (*in).DeepCopyInto(*out) - } - if in.SourceIPs != nil { - in, out := &in.SourceIPs, &out.SourceIPs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ObjectRef != nil { - in, out := &in.ObjectRef, &out.ObjectRef - *out = new(ObjectReference) - **out = **in - } - if in.ResponseStatus != nil { - in, out := &in.ResponseStatus, &out.ResponseStatus - *out = new(metav1.Status) - (*in).DeepCopyInto(*out) - } - if in.RequestObject != nil { - in, out := &in.RequestObject, &out.RequestObject - *out = new(runtime.Unknown) - (*in).DeepCopyInto(*out) - } - if in.ResponseObject != nil { - in, out := &in.ResponseObject, &out.ResponseObject - *out = new(runtime.Unknown) - (*in).DeepCopyInto(*out) - } - in.RequestReceivedTimestamp.DeepCopyInto(&out.RequestReceivedTimestamp) - in.StageTimestamp.DeepCopyInto(&out.StageTimestamp) - if in.Annotations != nil { - in, out := &in.Annotations, &out.Annotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event. -func (in *Event) DeepCopy() *Event { - if in == nil { - return nil - } - out := new(Event) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Event) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventList) DeepCopyInto(out *EventList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Event, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList. -func (in *EventList) DeepCopy() *EventList { - if in == nil { - return nil - } - out := new(EventList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EventList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GroupResources) DeepCopyInto(out *GroupResources) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ResourceNames != nil { - in, out := &in.ResourceNames, &out.ResourceNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources. -func (in *GroupResources) DeepCopy() *GroupResources { - if in == nil { - return nil - } - out := new(GroupResources) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. -func (in *ObjectReference) DeepCopy() *ObjectReference { - if in == nil { - return nil - } - out := new(ObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]PolicyRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.OmitStages != nil { - in, out := &in.OmitStages, &out.OmitStages - *out = make([]Stage, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Policy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyList) DeepCopyInto(out *PolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Policy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList. -func (in *PolicyList) DeepCopy() *PolicyList { - if in == nil { - return nil - } - out := new(PolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyRule) DeepCopyInto(out *PolicyRule) { - *out = *in - if in.Users != nil { - in, out := &in.Users, &out.Users - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.UserGroups != nil { - in, out := &in.UserGroups, &out.UserGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Verbs != nil { - in, out := &in.Verbs, &out.Verbs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]GroupResources, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.NonResourceURLs != nil { - in, out := &in.NonResourceURLs, &out.NonResourceURLs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.OmitStages != nil { - in, out := &in.OmitStages, &out.OmitStages - *out = make([]Stage, len(*in)) - copy(*out, *in) - } - if in.OmitManagedFields != nil { - in, out := &in.OmitManagedFields, &out.OmitManagedFields - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule. -func (in *PolicyRule) DeepCopy() *PolicyRule { - if in == nil { - return nil - } - out := new(PolicyRule) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/doc.go deleted file mode 100644 index 338d4cebfa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package config // import "k8s.io/apiserver/pkg/apis/config" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/register.go deleted file mode 100644 index 6a0aae8e56..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme adds this group to a scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -// GroupName is the group name use in this package. -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects. -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind. -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource. -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -func addKnownTypes(scheme *runtime.Scheme) error { - // TODO this will get cleaned up with the scheme types are fixed - scheme.AddKnownTypes(SchemeGroupVersion, - &EncryptionConfiguration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/types.go deleted file mode 100644 index 72107fe663..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/types.go +++ /dev/null @@ -1,103 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EncryptionConfiguration stores the complete configuration for encryption providers. -type EncryptionConfiguration struct { - metav1.TypeMeta - // resources is a list containing resources, and their corresponding encryption providers. - Resources []ResourceConfiguration -} - -// ResourceConfiguration stores per resource configuration. -type ResourceConfiguration struct { - // resources is a list of kubernetes resources which have to be encrypted. - Resources []string - // providers is a list of transformers to be used for reading and writing the resources to disk. - // eg: aesgcm, aescbc, secretbox, identity. - Providers []ProviderConfiguration -} - -// ProviderConfiguration stores the provided configuration for an encryption provider. -type ProviderConfiguration struct { - // aesgcm is the configuration for the AES-GCM transformer. - AESGCM *AESConfiguration - // aescbc is the configuration for the AES-CBC transformer. - AESCBC *AESConfiguration - // secretbox is the configuration for the Secretbox based transformer. - Secretbox *SecretboxConfiguration - // identity is the (empty) configuration for the identity transformer. - Identity *IdentityConfiguration - // kms contains the name, cache size and path to configuration file for a KMS based envelope transformer. - KMS *KMSConfiguration -} - -// AESConfiguration contains the API configuration for an AES transformer. -type AESConfiguration struct { - // keys is a list of keys to be used for creating the AES transformer. - // Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM. - Keys []Key -} - -// SecretboxConfiguration contains the API configuration for an Secretbox transformer. -type SecretboxConfiguration struct { - // keys is a list of keys to be used for creating the Secretbox transformer. - // Each key has to be 32 bytes long. - Keys []Key -} - -// Key contains name and secret of the provided key for a transformer. -type Key struct { - // name is the name of the key to be used while storing data to disk. - Name string - // secret is the actual key, encoded in base64. - Secret string -} - -// String implements Stringer interface in a log safe way. -func (k Key) String() string { - return fmt.Sprintf("Name: %s, Secret: [REDACTED]", k.Name) -} - -// IdentityConfiguration is an empty struct to allow identity transformer in provider configuration. -type IdentityConfiguration struct{} - -// KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer. -type KMSConfiguration struct { - // apiVersion of KeyManagementService - // +optional - APIVersion string - // name is the name of the KMS plugin to be used. - Name string - // cachesize is the maximum number of secrets which are cached in memory. The default value is 1000. - // Set to a negative value to disable caching. - // +optional - CacheSize *int32 - // endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock". - Endpoint string - // timeout for gRPC calls to kms-plugin (ex. 5s). The default is 3 seconds. - // +optional - Timeout *metav1.Duration -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/defaults.go deleted file mode 100644 index 8666022a95..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/defaults.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -var ( - defaultTimeout = &metav1.Duration{Duration: 3 * time.Second} - defaultCacheSize int32 = 1000 - defaultAPIVersion = "v1" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_KMSConfiguration applies defaults to KMSConfiguration. -func SetDefaults_KMSConfiguration(obj *KMSConfiguration) { - if obj.Timeout == nil { - obj.Timeout = defaultTimeout - } - - if obj.CacheSize == nil { - obj.CacheSize = &defaultCacheSize - } - - if obj.APIVersion == "" { - obj.APIVersion = defaultAPIVersion - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/doc.go deleted file mode 100644 index b1a18ccab5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/apiserver/pkg/apis/config -// +k8s:deepcopy-gen=package -// +k8s:defaulter-gen=TypeMeta -// +groupName=apiserver.config.k8s.io - -// Package v1 is the v1 version of the API. -package v1 diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/register.go deleted file mode 100644 index 32b5634c44..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package. -const GroupName = "apiserver.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects. -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme adds this group to a scheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) - localSchemeBuilder.Register(addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &EncryptionConfiguration{}, - ) - // also register into the v1 group as EncryptionConfig (due to a docs bug) - scheme.AddKnownTypeWithName(schema.GroupVersionKind{Group: "", Version: "v1", Kind: "EncryptionConfig"}, &EncryptionConfiguration{}) - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/types.go deleted file mode 100644 index 23dab942ea..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/types.go +++ /dev/null @@ -1,103 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EncryptionConfiguration stores the complete configuration for encryption providers. -type EncryptionConfiguration struct { - metav1.TypeMeta - // resources is a list containing resources, and their corresponding encryption providers. - Resources []ResourceConfiguration `json:"resources"` -} - -// ResourceConfiguration stores per resource configuration. -type ResourceConfiguration struct { - // resources is a list of kubernetes resources which have to be encrypted. - Resources []string `json:"resources"` - // providers is a list of transformers to be used for reading and writing the resources to disk. - // eg: aesgcm, aescbc, secretbox, identity. - Providers []ProviderConfiguration `json:"providers"` -} - -// ProviderConfiguration stores the provided configuration for an encryption provider. -type ProviderConfiguration struct { - // aesgcm is the configuration for the AES-GCM transformer. - AESGCM *AESConfiguration `json:"aesgcm,omitempty"` - // aescbc is the configuration for the AES-CBC transformer. - AESCBC *AESConfiguration `json:"aescbc,omitempty"` - // secretbox is the configuration for the Secretbox based transformer. - Secretbox *SecretboxConfiguration `json:"secretbox,omitempty"` - // identity is the (empty) configuration for the identity transformer. - Identity *IdentityConfiguration `json:"identity,omitempty"` - // kms contains the name, cache size and path to configuration file for a KMS based envelope transformer. - KMS *KMSConfiguration `json:"kms,omitempty"` -} - -// AESConfiguration contains the API configuration for an AES transformer. -type AESConfiguration struct { - // keys is a list of keys to be used for creating the AES transformer. - // Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM. - Keys []Key `json:"keys"` -} - -// SecretboxConfiguration contains the API configuration for an Secretbox transformer. -type SecretboxConfiguration struct { - // keys is a list of keys to be used for creating the Secretbox transformer. - // Each key has to be 32 bytes long. - Keys []Key `json:"keys"` -} - -// Key contains name and secret of the provided key for a transformer. -type Key struct { - // name is the name of the key to be used while storing data to disk. - Name string `json:"name"` - // secret is the actual key, encoded in base64. - Secret string `json:"secret"` -} - -// String implements Stringer interface in a log safe way. -func (k Key) String() string { - return fmt.Sprintf("Name: %s, Secret: [REDACTED]", k.Name) -} - -// IdentityConfiguration is an empty struct to allow identity transformer in provider configuration. -type IdentityConfiguration struct{} - -// KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer. -type KMSConfiguration struct { - // apiVersion of KeyManagementService - // +optional - APIVersion string `json:"apiVersion"` - // name is the name of the KMS plugin to be used. - Name string `json:"name"` - // cachesize is the maximum number of secrets which are cached in memory. The default value is 1000. - // Set to a negative value to disable caching. - // +optional - CacheSize *int32 `json:"cachesize,omitempty"` - // endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock". - Endpoint string `json:"endpoint"` - // timeout for gRPC calls to kms-plugin (ex. 5s). The default is 3 seconds. - // +optional - Timeout *metav1.Duration `json:"timeout,omitempty"` -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.conversion.go deleted file mode 100644 index 8585428632..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.conversion.go +++ /dev/null @@ -1,299 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - config "k8s.io/apiserver/pkg/apis/config" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*AESConfiguration)(nil), (*config.AESConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AESConfiguration_To_config_AESConfiguration(a.(*AESConfiguration), b.(*config.AESConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.AESConfiguration)(nil), (*AESConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_AESConfiguration_To_v1_AESConfiguration(a.(*config.AESConfiguration), b.(*AESConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*EncryptionConfiguration)(nil), (*config.EncryptionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(a.(*EncryptionConfiguration), b.(*config.EncryptionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.EncryptionConfiguration)(nil), (*EncryptionConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(a.(*config.EncryptionConfiguration), b.(*EncryptionConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*IdentityConfiguration)(nil), (*config.IdentityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IdentityConfiguration_To_config_IdentityConfiguration(a.(*IdentityConfiguration), b.(*config.IdentityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.IdentityConfiguration)(nil), (*IdentityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_IdentityConfiguration_To_v1_IdentityConfiguration(a.(*config.IdentityConfiguration), b.(*IdentityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*KMSConfiguration)(nil), (*config.KMSConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_KMSConfiguration_To_config_KMSConfiguration(a.(*KMSConfiguration), b.(*config.KMSConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.KMSConfiguration)(nil), (*KMSConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_KMSConfiguration_To_v1_KMSConfiguration(a.(*config.KMSConfiguration), b.(*KMSConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Key)(nil), (*config.Key)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Key_To_config_Key(a.(*Key), b.(*config.Key), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.Key)(nil), (*Key)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_Key_To_v1_Key(a.(*config.Key), b.(*Key), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ProviderConfiguration)(nil), (*config.ProviderConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ProviderConfiguration_To_config_ProviderConfiguration(a.(*ProviderConfiguration), b.(*config.ProviderConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ProviderConfiguration)(nil), (*ProviderConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ProviderConfiguration_To_v1_ProviderConfiguration(a.(*config.ProviderConfiguration), b.(*ProviderConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ResourceConfiguration)(nil), (*config.ResourceConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceConfiguration_To_config_ResourceConfiguration(a.(*ResourceConfiguration), b.(*config.ResourceConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.ResourceConfiguration)(nil), (*ResourceConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_ResourceConfiguration_To_v1_ResourceConfiguration(a.(*config.ResourceConfiguration), b.(*ResourceConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*SecretboxConfiguration)(nil), (*config.SecretboxConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(a.(*SecretboxConfiguration), b.(*config.SecretboxConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*config.SecretboxConfiguration)(nil), (*SecretboxConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(a.(*config.SecretboxConfiguration), b.(*SecretboxConfiguration), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_AESConfiguration_To_config_AESConfiguration(in *AESConfiguration, out *config.AESConfiguration, s conversion.Scope) error { - out.Keys = *(*[]config.Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_v1_AESConfiguration_To_config_AESConfiguration is an autogenerated conversion function. -func Convert_v1_AESConfiguration_To_config_AESConfiguration(in *AESConfiguration, out *config.AESConfiguration, s conversion.Scope) error { - return autoConvert_v1_AESConfiguration_To_config_AESConfiguration(in, out, s) -} - -func autoConvert_config_AESConfiguration_To_v1_AESConfiguration(in *config.AESConfiguration, out *AESConfiguration, s conversion.Scope) error { - out.Keys = *(*[]Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_config_AESConfiguration_To_v1_AESConfiguration is an autogenerated conversion function. -func Convert_config_AESConfiguration_To_v1_AESConfiguration(in *config.AESConfiguration, out *AESConfiguration, s conversion.Scope) error { - return autoConvert_config_AESConfiguration_To_v1_AESConfiguration(in, out, s) -} - -func autoConvert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(in *EncryptionConfiguration, out *config.EncryptionConfiguration, s conversion.Scope) error { - out.Resources = *(*[]config.ResourceConfiguration)(unsafe.Pointer(&in.Resources)) - return nil -} - -// Convert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration is an autogenerated conversion function. -func Convert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(in *EncryptionConfiguration, out *config.EncryptionConfiguration, s conversion.Scope) error { - return autoConvert_v1_EncryptionConfiguration_To_config_EncryptionConfiguration(in, out, s) -} - -func autoConvert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(in *config.EncryptionConfiguration, out *EncryptionConfiguration, s conversion.Scope) error { - out.Resources = *(*[]ResourceConfiguration)(unsafe.Pointer(&in.Resources)) - return nil -} - -// Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration is an autogenerated conversion function. -func Convert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(in *config.EncryptionConfiguration, out *EncryptionConfiguration, s conversion.Scope) error { - return autoConvert_config_EncryptionConfiguration_To_v1_EncryptionConfiguration(in, out, s) -} - -func autoConvert_v1_IdentityConfiguration_To_config_IdentityConfiguration(in *IdentityConfiguration, out *config.IdentityConfiguration, s conversion.Scope) error { - return nil -} - -// Convert_v1_IdentityConfiguration_To_config_IdentityConfiguration is an autogenerated conversion function. -func Convert_v1_IdentityConfiguration_To_config_IdentityConfiguration(in *IdentityConfiguration, out *config.IdentityConfiguration, s conversion.Scope) error { - return autoConvert_v1_IdentityConfiguration_To_config_IdentityConfiguration(in, out, s) -} - -func autoConvert_config_IdentityConfiguration_To_v1_IdentityConfiguration(in *config.IdentityConfiguration, out *IdentityConfiguration, s conversion.Scope) error { - return nil -} - -// Convert_config_IdentityConfiguration_To_v1_IdentityConfiguration is an autogenerated conversion function. -func Convert_config_IdentityConfiguration_To_v1_IdentityConfiguration(in *config.IdentityConfiguration, out *IdentityConfiguration, s conversion.Scope) error { - return autoConvert_config_IdentityConfiguration_To_v1_IdentityConfiguration(in, out, s) -} - -func autoConvert_v1_KMSConfiguration_To_config_KMSConfiguration(in *KMSConfiguration, out *config.KMSConfiguration, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.Name = in.Name - out.CacheSize = (*int32)(unsafe.Pointer(in.CacheSize)) - out.Endpoint = in.Endpoint - out.Timeout = (*metav1.Duration)(unsafe.Pointer(in.Timeout)) - return nil -} - -// Convert_v1_KMSConfiguration_To_config_KMSConfiguration is an autogenerated conversion function. -func Convert_v1_KMSConfiguration_To_config_KMSConfiguration(in *KMSConfiguration, out *config.KMSConfiguration, s conversion.Scope) error { - return autoConvert_v1_KMSConfiguration_To_config_KMSConfiguration(in, out, s) -} - -func autoConvert_config_KMSConfiguration_To_v1_KMSConfiguration(in *config.KMSConfiguration, out *KMSConfiguration, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.Name = in.Name - out.CacheSize = (*int32)(unsafe.Pointer(in.CacheSize)) - out.Endpoint = in.Endpoint - out.Timeout = (*metav1.Duration)(unsafe.Pointer(in.Timeout)) - return nil -} - -// Convert_config_KMSConfiguration_To_v1_KMSConfiguration is an autogenerated conversion function. -func Convert_config_KMSConfiguration_To_v1_KMSConfiguration(in *config.KMSConfiguration, out *KMSConfiguration, s conversion.Scope) error { - return autoConvert_config_KMSConfiguration_To_v1_KMSConfiguration(in, out, s) -} - -func autoConvert_v1_Key_To_config_Key(in *Key, out *config.Key, s conversion.Scope) error { - out.Name = in.Name - out.Secret = in.Secret - return nil -} - -// Convert_v1_Key_To_config_Key is an autogenerated conversion function. -func Convert_v1_Key_To_config_Key(in *Key, out *config.Key, s conversion.Scope) error { - return autoConvert_v1_Key_To_config_Key(in, out, s) -} - -func autoConvert_config_Key_To_v1_Key(in *config.Key, out *Key, s conversion.Scope) error { - out.Name = in.Name - out.Secret = in.Secret - return nil -} - -// Convert_config_Key_To_v1_Key is an autogenerated conversion function. -func Convert_config_Key_To_v1_Key(in *config.Key, out *Key, s conversion.Scope) error { - return autoConvert_config_Key_To_v1_Key(in, out, s) -} - -func autoConvert_v1_ProviderConfiguration_To_config_ProviderConfiguration(in *ProviderConfiguration, out *config.ProviderConfiguration, s conversion.Scope) error { - out.AESGCM = (*config.AESConfiguration)(unsafe.Pointer(in.AESGCM)) - out.AESCBC = (*config.AESConfiguration)(unsafe.Pointer(in.AESCBC)) - out.Secretbox = (*config.SecretboxConfiguration)(unsafe.Pointer(in.Secretbox)) - out.Identity = (*config.IdentityConfiguration)(unsafe.Pointer(in.Identity)) - out.KMS = (*config.KMSConfiguration)(unsafe.Pointer(in.KMS)) - return nil -} - -// Convert_v1_ProviderConfiguration_To_config_ProviderConfiguration is an autogenerated conversion function. -func Convert_v1_ProviderConfiguration_To_config_ProviderConfiguration(in *ProviderConfiguration, out *config.ProviderConfiguration, s conversion.Scope) error { - return autoConvert_v1_ProviderConfiguration_To_config_ProviderConfiguration(in, out, s) -} - -func autoConvert_config_ProviderConfiguration_To_v1_ProviderConfiguration(in *config.ProviderConfiguration, out *ProviderConfiguration, s conversion.Scope) error { - out.AESGCM = (*AESConfiguration)(unsafe.Pointer(in.AESGCM)) - out.AESCBC = (*AESConfiguration)(unsafe.Pointer(in.AESCBC)) - out.Secretbox = (*SecretboxConfiguration)(unsafe.Pointer(in.Secretbox)) - out.Identity = (*IdentityConfiguration)(unsafe.Pointer(in.Identity)) - out.KMS = (*KMSConfiguration)(unsafe.Pointer(in.KMS)) - return nil -} - -// Convert_config_ProviderConfiguration_To_v1_ProviderConfiguration is an autogenerated conversion function. -func Convert_config_ProviderConfiguration_To_v1_ProviderConfiguration(in *config.ProviderConfiguration, out *ProviderConfiguration, s conversion.Scope) error { - return autoConvert_config_ProviderConfiguration_To_v1_ProviderConfiguration(in, out, s) -} - -func autoConvert_v1_ResourceConfiguration_To_config_ResourceConfiguration(in *ResourceConfiguration, out *config.ResourceConfiguration, s conversion.Scope) error { - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.Providers = *(*[]config.ProviderConfiguration)(unsafe.Pointer(&in.Providers)) - return nil -} - -// Convert_v1_ResourceConfiguration_To_config_ResourceConfiguration is an autogenerated conversion function. -func Convert_v1_ResourceConfiguration_To_config_ResourceConfiguration(in *ResourceConfiguration, out *config.ResourceConfiguration, s conversion.Scope) error { - return autoConvert_v1_ResourceConfiguration_To_config_ResourceConfiguration(in, out, s) -} - -func autoConvert_config_ResourceConfiguration_To_v1_ResourceConfiguration(in *config.ResourceConfiguration, out *ResourceConfiguration, s conversion.Scope) error { - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.Providers = *(*[]ProviderConfiguration)(unsafe.Pointer(&in.Providers)) - return nil -} - -// Convert_config_ResourceConfiguration_To_v1_ResourceConfiguration is an autogenerated conversion function. -func Convert_config_ResourceConfiguration_To_v1_ResourceConfiguration(in *config.ResourceConfiguration, out *ResourceConfiguration, s conversion.Scope) error { - return autoConvert_config_ResourceConfiguration_To_v1_ResourceConfiguration(in, out, s) -} - -func autoConvert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(in *SecretboxConfiguration, out *config.SecretboxConfiguration, s conversion.Scope) error { - out.Keys = *(*[]config.Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration is an autogenerated conversion function. -func Convert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(in *SecretboxConfiguration, out *config.SecretboxConfiguration, s conversion.Scope) error { - return autoConvert_v1_SecretboxConfiguration_To_config_SecretboxConfiguration(in, out, s) -} - -func autoConvert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(in *config.SecretboxConfiguration, out *SecretboxConfiguration, s conversion.Scope) error { - out.Keys = *(*[]Key)(unsafe.Pointer(&in.Keys)) - return nil -} - -// Convert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration is an autogenerated conversion function. -func Convert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(in *config.SecretboxConfiguration, out *SecretboxConfiguration, s conversion.Scope) error { - return autoConvert_config_SecretboxConfiguration_To_v1_SecretboxConfiguration(in, out, s) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.deepcopy.go deleted file mode 100644 index 3d2ac484b0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,228 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AESConfiguration) DeepCopyInto(out *AESConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AESConfiguration. -func (in *AESConfiguration) DeepCopy() *AESConfiguration { - if in == nil { - return nil - } - out := new(AESConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EncryptionConfiguration) DeepCopyInto(out *EncryptionConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfiguration. -func (in *EncryptionConfiguration) DeepCopy() *EncryptionConfiguration { - if in == nil { - return nil - } - out := new(EncryptionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EncryptionConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IdentityConfiguration) DeepCopyInto(out *IdentityConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityConfiguration. -func (in *IdentityConfiguration) DeepCopy() *IdentityConfiguration { - if in == nil { - return nil - } - out := new(IdentityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KMSConfiguration) DeepCopyInto(out *KMSConfiguration) { - *out = *in - if in.CacheSize != nil { - in, out := &in.CacheSize, &out.CacheSize - *out = new(int32) - **out = **in - } - if in.Timeout != nil { - in, out := &in.Timeout, &out.Timeout - *out = new(metav1.Duration) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfiguration. -func (in *KMSConfiguration) DeepCopy() *KMSConfiguration { - if in == nil { - return nil - } - out := new(KMSConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Key) DeepCopyInto(out *Key) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key. -func (in *Key) DeepCopy() *Key { - if in == nil { - return nil - } - out := new(Key) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProviderConfiguration) DeepCopyInto(out *ProviderConfiguration) { - *out = *in - if in.AESGCM != nil { - in, out := &in.AESGCM, &out.AESGCM - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.AESCBC != nil { - in, out := &in.AESCBC, &out.AESCBC - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Secretbox != nil { - in, out := &in.Secretbox, &out.Secretbox - *out = new(SecretboxConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Identity != nil { - in, out := &in.Identity, &out.Identity - *out = new(IdentityConfiguration) - **out = **in - } - if in.KMS != nil { - in, out := &in.KMS, &out.KMS - *out = new(KMSConfiguration) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfiguration. -func (in *ProviderConfiguration) DeepCopy() *ProviderConfiguration { - if in == nil { - return nil - } - out := new(ProviderConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceConfiguration) DeepCopyInto(out *ResourceConfiguration) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Providers != nil { - in, out := &in.Providers, &out.Providers - *out = make([]ProviderConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceConfiguration. -func (in *ResourceConfiguration) DeepCopy() *ResourceConfiguration { - if in == nil { - return nil - } - out := new(ResourceConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretboxConfiguration) DeepCopyInto(out *SecretboxConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretboxConfiguration. -func (in *SecretboxConfiguration) DeepCopy() *SecretboxConfiguration { - if in == nil { - return nil - } - out := new(SecretboxConfiguration) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.defaults.go deleted file mode 100644 index 82fec01110..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/v1/zz_generated.defaults.go +++ /dev/null @@ -1,46 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&EncryptionConfiguration{}, func(obj interface{}) { SetObjectDefaults_EncryptionConfiguration(obj.(*EncryptionConfiguration)) }) - return nil -} - -func SetObjectDefaults_EncryptionConfiguration(in *EncryptionConfiguration) { - for i := range in.Resources { - a := &in.Resources[i] - for j := range a.Providers { - b := &a.Providers[j] - if b.KMS != nil { - SetDefaults_KMSConfiguration(b.KMS) - } - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/validation/validation.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/validation/validation.go deleted file mode 100644 index 84b2764df2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/validation/validation.go +++ /dev/null @@ -1,261 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package validation validates EncryptionConfiguration. -package validation - -import ( - "encoding/base64" - "fmt" - "net/url" - "strings" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/apis/config" -) - -const ( - moreThanOneElementErr = "more than one provider specified in a single element, should split into different list elements" - keyLenErrFmt = "secret is not of the expected length, got %d, expected one of %v" - unsupportedSchemeErrFmt = "unsupported scheme %q for KMS provider, only unix is supported" - unsupportedKMSAPIVersionErrFmt = "unsupported apiVersion %s for KMS provider, only v1 and v2 are supported" - atLeastOneRequiredErrFmt = "at least one %s is required" - invalidURLErrFmt = "invalid endpoint for kms provider, error: parse %s: net/url: invalid control character in URL" - mandatoryFieldErrFmt = "%s is a mandatory field for a %s" - base64EncodingErr = "secrets must be base64 encoded" - zeroOrNegativeErrFmt = "%s should be a positive value" - nonZeroErrFmt = "%s should be a positive value, or negative to disable" - encryptionConfigNilErr = "EncryptionConfiguration can't be nil" - invalidKMSConfigNameErrFmt = "invalid KMS provider name %s, must not contain ':'" - duplicateKMSConfigNameErrFmt = "duplicate KMS provider name %s, names must be unique" -) - -var ( - // See https://golang.org/pkg/crypto/aes/#NewCipher for details on supported key sizes for AES. - aesKeySizes = []int{16, 24, 32} - - // See https://godoc.org/golang.org/x/crypto/nacl/secretbox#Open for details on the supported key sizes for Secretbox. - secretBoxKeySizes = []int{32} - - root = field.NewPath("resources") -) - -// ValidateEncryptionConfiguration validates a v1.EncryptionConfiguration. -func ValidateEncryptionConfiguration(c *config.EncryptionConfiguration, reload bool) field.ErrorList { - allErrs := field.ErrorList{} - - if c == nil { - allErrs = append(allErrs, field.Required(root, "EncryptionConfiguration can't be nil")) - return allErrs - } - - if len(c.Resources) == 0 { - allErrs = append(allErrs, field.Required(root, fmt.Sprintf(atLeastOneRequiredErrFmt, root))) - return allErrs - } - - // kmsProviderNames is used to track config names to ensure they are unique. - kmsProviderNames := sets.NewString() - for i, conf := range c.Resources { - r := root.Index(i).Child("resources") - p := root.Index(i).Child("providers") - - if len(conf.Resources) == 0 { - allErrs = append(allErrs, field.Required(r, fmt.Sprintf(atLeastOneRequiredErrFmt, r))) - } - - if len(conf.Providers) == 0 { - allErrs = append(allErrs, field.Required(p, fmt.Sprintf(atLeastOneRequiredErrFmt, p))) - } - - for j, provider := range conf.Providers { - path := p.Index(j) - allErrs = append(allErrs, validateSingleProvider(provider, path)...) - - switch { - case provider.KMS != nil: - allErrs = append(allErrs, validateKMSConfiguration(provider.KMS, path.Child("kms"), kmsProviderNames, reload)...) - kmsProviderNames.Insert(provider.KMS.Name) - case provider.AESGCM != nil: - allErrs = append(allErrs, validateKeys(provider.AESGCM.Keys, path.Child("aesgcm").Child("keys"), aesKeySizes)...) - case provider.AESCBC != nil: - allErrs = append(allErrs, validateKeys(provider.AESCBC.Keys, path.Child("aescbc").Child("keys"), aesKeySizes)...) - case provider.Secretbox != nil: - allErrs = append(allErrs, validateKeys(provider.Secretbox.Keys, path.Child("secretbox").Child("keys"), secretBoxKeySizes)...) - } - } - } - - return allErrs -} - -func validateSingleProvider(provider config.ProviderConfiguration, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - found := 0 - - if provider.KMS != nil { - found++ - } - if provider.AESGCM != nil { - found++ - } - if provider.AESCBC != nil { - found++ - } - if provider.Secretbox != nil { - found++ - } - if provider.Identity != nil { - found++ - } - - if found == 0 { - return append(allErrs, field.Invalid(fieldPath, provider, "provider does not contain any of the expected providers: KMS, AESGCM, AESCBC, Secretbox, Identity")) - } - - if found > 1 { - return append(allErrs, field.Invalid(fieldPath, provider, moreThanOneElementErr)) - } - - return allErrs -} - -func validateKeys(keys []config.Key, fieldPath *field.Path, expectedLen []int) field.ErrorList { - allErrs := field.ErrorList{} - - if len(keys) == 0 { - allErrs = append(allErrs, field.Required(fieldPath, fmt.Sprintf(atLeastOneRequiredErrFmt, "keys"))) - return allErrs - } - - for i, key := range keys { - allErrs = append(allErrs, validateKey(key, fieldPath.Index(i), expectedLen)...) - } - - return allErrs -} - -func validateKey(key config.Key, fieldPath *field.Path, expectedLen []int) field.ErrorList { - allErrs := field.ErrorList{} - - if key.Name == "" { - allErrs = append(allErrs, field.Required(fieldPath.Child("name"), fmt.Sprintf(mandatoryFieldErrFmt, "name", "key"))) - } - - if key.Secret == "" { - allErrs = append(allErrs, field.Required(fieldPath.Child("secret"), fmt.Sprintf(mandatoryFieldErrFmt, "secret", "key"))) - return allErrs - } - - secret, err := base64.StdEncoding.DecodeString(key.Secret) - if err != nil { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("secret"), "REDACTED", base64EncodingErr)) - return allErrs - } - - lenMatched := false - for _, l := range expectedLen { - if len(secret) == l { - lenMatched = true - break - } - } - - if !lenMatched { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("secret"), "REDACTED", fmt.Sprintf(keyLenErrFmt, len(secret), expectedLen))) - } - - return allErrs -} - -func validateKMSConfiguration(c *config.KMSConfiguration, fieldPath *field.Path, kmsProviderNames sets.String, reload bool) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, validateKMSConfigName(c, fieldPath.Child("name"), kmsProviderNames, reload)...) - allErrs = append(allErrs, validateKMSTimeout(c, fieldPath.Child("timeout"))...) - allErrs = append(allErrs, validateKMSEndpoint(c, fieldPath.Child("endpoint"))...) - allErrs = append(allErrs, validateKMSCacheSize(c, fieldPath.Child("cachesize"))...) - allErrs = append(allErrs, validateKMSAPIVersion(c, fieldPath.Child("apiVersion"))...) - return allErrs -} - -func validateKMSCacheSize(c *config.KMSConfiguration, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if *c.CacheSize == 0 { - allErrs = append(allErrs, field.Invalid(fieldPath, *c.CacheSize, fmt.Sprintf(nonZeroErrFmt, "cachesize"))) - } - - return allErrs -} - -func validateKMSTimeout(c *config.KMSConfiguration, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if c.Timeout.Duration <= 0 { - allErrs = append(allErrs, field.Invalid(fieldPath, c.Timeout, fmt.Sprintf(zeroOrNegativeErrFmt, "timeout"))) - } - - return allErrs -} - -func validateKMSEndpoint(c *config.KMSConfiguration, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(c.Endpoint) == 0 { - return append(allErrs, field.Invalid(fieldPath, "", fmt.Sprintf(mandatoryFieldErrFmt, "endpoint", "kms"))) - } - - u, err := url.Parse(c.Endpoint) - if err != nil { - return append(allErrs, field.Invalid(fieldPath, c.Endpoint, fmt.Sprintf("invalid endpoint for kms provider, error: %v", err))) - } - - if u.Scheme != "unix" { - return append(allErrs, field.Invalid(fieldPath, c.Endpoint, fmt.Sprintf(unsupportedSchemeErrFmt, u.Scheme))) - } - - return allErrs -} - -func validateKMSAPIVersion(c *config.KMSConfiguration, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if c.APIVersion != "v1" && c.APIVersion != "v2" { - allErrs = append(allErrs, field.Invalid(fieldPath, c.APIVersion, fmt.Sprintf(unsupportedKMSAPIVersionErrFmt, "apiVersion"))) - } - - return allErrs -} - -func validateKMSConfigName(c *config.KMSConfiguration, fieldPath *field.Path, kmsProviderNames sets.String, reload bool) field.ErrorList { - allErrs := field.ErrorList{} - if c.Name == "" { - allErrs = append(allErrs, field.Required(fieldPath, fmt.Sprintf(mandatoryFieldErrFmt, "name", "provider"))) - } - - // kms v2 providers are not allowed to have a ":" in their name - if c.APIVersion != "v1" && strings.Contains(c.Name, ":") { - allErrs = append(allErrs, field.Invalid(fieldPath, c.Name, fmt.Sprintf(invalidKMSConfigNameErrFmt, c.Name))) - } - - // kms v2 providers name must always be unique across all kms providers (v1 and v2) - // kms v1 provider names must be unique across all kms providers (v1 and v2) when hot reloading of encryption configuration is enabled (reload=true) - if reload || c.APIVersion != "v1" { - if kmsProviderNames.Has(c.Name) { - allErrs = append(allErrs, field.Invalid(fieldPath, c.Name, fmt.Sprintf(duplicateKMSConfigNameErrFmt, c.Name))) - } - } - - return allErrs -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/config/zz_generated.deepcopy.go deleted file mode 100644 index 13e5cffca8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/config/zz_generated.deepcopy.go +++ /dev/null @@ -1,228 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package config - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AESConfiguration) DeepCopyInto(out *AESConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AESConfiguration. -func (in *AESConfiguration) DeepCopy() *AESConfiguration { - if in == nil { - return nil - } - out := new(AESConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EncryptionConfiguration) DeepCopyInto(out *EncryptionConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfiguration. -func (in *EncryptionConfiguration) DeepCopy() *EncryptionConfiguration { - if in == nil { - return nil - } - out := new(EncryptionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EncryptionConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IdentityConfiguration) DeepCopyInto(out *IdentityConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityConfiguration. -func (in *IdentityConfiguration) DeepCopy() *IdentityConfiguration { - if in == nil { - return nil - } - out := new(IdentityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KMSConfiguration) DeepCopyInto(out *KMSConfiguration) { - *out = *in - if in.CacheSize != nil { - in, out := &in.CacheSize, &out.CacheSize - *out = new(int32) - **out = **in - } - if in.Timeout != nil { - in, out := &in.Timeout, &out.Timeout - *out = new(v1.Duration) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfiguration. -func (in *KMSConfiguration) DeepCopy() *KMSConfiguration { - if in == nil { - return nil - } - out := new(KMSConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Key) DeepCopyInto(out *Key) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key. -func (in *Key) DeepCopy() *Key { - if in == nil { - return nil - } - out := new(Key) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProviderConfiguration) DeepCopyInto(out *ProviderConfiguration) { - *out = *in - if in.AESGCM != nil { - in, out := &in.AESGCM, &out.AESGCM - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.AESCBC != nil { - in, out := &in.AESCBC, &out.AESCBC - *out = new(AESConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Secretbox != nil { - in, out := &in.Secretbox, &out.Secretbox - *out = new(SecretboxConfiguration) - (*in).DeepCopyInto(*out) - } - if in.Identity != nil { - in, out := &in.Identity, &out.Identity - *out = new(IdentityConfiguration) - **out = **in - } - if in.KMS != nil { - in, out := &in.KMS, &out.KMS - *out = new(KMSConfiguration) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfiguration. -func (in *ProviderConfiguration) DeepCopy() *ProviderConfiguration { - if in == nil { - return nil - } - out := new(ProviderConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceConfiguration) DeepCopyInto(out *ResourceConfiguration) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Providers != nil { - in, out := &in.Providers, &out.Providers - *out = make([]ProviderConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceConfiguration. -func (in *ResourceConfiguration) DeepCopy() *ResourceConfiguration { - if in == nil { - return nil - } - out := new(ResourceConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretboxConfiguration) DeepCopyInto(out *SecretboxConfiguration) { - *out = *in - if in.Keys != nil { - in, out := &in.Keys, &out.Keys - *out = make([]Key, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretboxConfiguration. -func (in *SecretboxConfiguration) DeepCopy() *SecretboxConfiguration { - if in == nil { - return nil - } - out := new(SecretboxConfiguration) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap/default.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap/default.go deleted file mode 100644 index 3859a54d1f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap/default.go +++ /dev/null @@ -1,573 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bootstrap - -import ( - coordinationv1 "k8s.io/api/coordination/v1" - corev1 "k8s.io/api/core/v1" - flowcontrol "k8s.io/api/flowcontrol/v1beta3" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/authentication/serviceaccount" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/utils/pointer" -) - -// The objects that define an apiserver's initial behavior. The -// registered defaulting procedures make no changes to these -// particular objects (this is verified in the unit tests of the -// internalbootstrap package; it can not be verified in this package -// because that would require importing k8s.io/kubernetes). -var ( - MandatoryPriorityLevelConfigurations = []*flowcontrol.PriorityLevelConfiguration{ - MandatoryPriorityLevelConfigurationCatchAll, - MandatoryPriorityLevelConfigurationExempt, - } - MandatoryFlowSchemas = []*flowcontrol.FlowSchema{ - MandatoryFlowSchemaExempt, - MandatoryFlowSchemaCatchAll, - } -) - -// The objects that define the current suggested additional configuration -var ( - SuggestedPriorityLevelConfigurations = []*flowcontrol.PriorityLevelConfiguration{ - // "system" priority-level is for the system components that affects self-maintenance of the - // cluster and the availability of those running pods in the cluster, including kubelet and - // kube-proxy. - SuggestedPriorityLevelConfigurationSystem, - // "node-high" priority-level is for the node health reporting. It is separated from "system" - // to make sure that nodes are able to report their health even if kube-apiserver is not capable of - // handling load caused by pod startup (fetching secrets, events etc). - // NOTE: In large clusters 50% - 90% of all API calls use this priority-level. - SuggestedPriorityLevelConfigurationNodeHigh, - // "leader-election" is dedicated for controllers' leader-election, which majorly affects the - // availability of any controller runs in the cluster. - SuggestedPriorityLevelConfigurationLeaderElection, - // "workload-high" is used by those workloads with higher priority but their failure won't directly - // impact the existing running pods in the cluster, which includes kube-scheduler, and those well-known - // built-in workloads such as "deployments", "replicasets" and other low-level custom workload which - // is important for the cluster. - SuggestedPriorityLevelConfigurationWorkloadHigh, - // "workload-low" is used by those workloads with lower priority which availability only has a - // minor impact on the cluster. - SuggestedPriorityLevelConfigurationWorkloadLow, - // "global-default" serves the rest traffic not handled by the other suggested flow-schemas above. - SuggestedPriorityLevelConfigurationGlobalDefault, - } - SuggestedFlowSchemas = []*flowcontrol.FlowSchema{ - SuggestedFlowSchemaSystemNodes, // references "system" priority-level - SuggestedFlowSchemaSystemNodeHigh, // references "node-high" priority-level - SuggestedFlowSchemaProbes, // references "exempt" priority-level - SuggestedFlowSchemaSystemLeaderElection, // references "leader-election" priority-level - SuggestedFlowSchemaWorkloadLeaderElection, // references "leader-election" priority-level - SuggestedFlowSchemaEndpointsController, // references "workload-high" priority-level - SuggestedFlowSchemaKubeControllerManager, // references "workload-high" priority-level - SuggestedFlowSchemaKubeScheduler, // references "workload-high" priority-level - SuggestedFlowSchemaKubeSystemServiceAccounts, // references "workload-high" priority-level - SuggestedFlowSchemaServiceAccounts, // references "workload-low" priority-level - SuggestedFlowSchemaGlobalDefault, // references "global-default" priority-level - } -) - -// Mandatory PriorityLevelConfiguration objects -var ( - MandatoryPriorityLevelConfigurationExempt = newPriorityLevelConfiguration( - flowcontrol.PriorityLevelConfigurationNameExempt, - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementExempt, - }, - ) - MandatoryPriorityLevelConfigurationCatchAll = newPriorityLevelConfiguration( - flowcontrol.PriorityLevelConfigurationNameCatchAll, - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementLimited, - Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ - NominalConcurrencyShares: 5, - LendablePercent: pointer.Int32(0), - LimitResponse: flowcontrol.LimitResponse{ - Type: flowcontrol.LimitResponseTypeReject, - }, - }, - }) -) - -// Mandatory FlowSchema objects -var ( - // "exempt" priority-level is used for preventing priority inversion and ensuring that sysadmin - // requests are always possible. - MandatoryFlowSchemaExempt = newFlowSchema( - "exempt", - flowcontrol.PriorityLevelConfigurationNameExempt, - 1, // matchingPrecedence - "", // distinguisherMethodType - flowcontrol.PolicyRulesWithSubjects{ - Subjects: groups(user.SystemPrivilegedGroup), - ResourceRules: []flowcontrol.ResourcePolicyRule{ - resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true, - ), - }, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}, - ), - }, - }, - ) - // "catch-all" priority-level only gets a minimal positive share of concurrency and won't be reaching - // ideally unless you intentionally deleted the suggested "global-default". - MandatoryFlowSchemaCatchAll = newFlowSchema( - flowcontrol.FlowSchemaNameCatchAll, - flowcontrol.PriorityLevelConfigurationNameCatchAll, - 10000, // matchingPrecedence - flowcontrol.FlowDistinguisherMethodByUserType, // distinguisherMethodType - flowcontrol.PolicyRulesWithSubjects{ - Subjects: groups(user.AllUnauthenticated, user.AllAuthenticated), - ResourceRules: []flowcontrol.ResourcePolicyRule{ - resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true, - ), - }, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}, - ), - }, - }, - ) -) - -// Suggested PriorityLevelConfiguration objects -var ( - // system priority-level - SuggestedPriorityLevelConfigurationSystem = newPriorityLevelConfiguration( - "system", - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementLimited, - Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ - NominalConcurrencyShares: 30, - LendablePercent: pointer.Int32(33), - LimitResponse: flowcontrol.LimitResponse{ - Type: flowcontrol.LimitResponseTypeQueue, - Queuing: &flowcontrol.QueuingConfiguration{ - Queues: 64, - HandSize: 6, - QueueLengthLimit: 50, - }, - }, - }, - }) - SuggestedPriorityLevelConfigurationNodeHigh = newPriorityLevelConfiguration( - "node-high", - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementLimited, - Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ - NominalConcurrencyShares: 40, - LendablePercent: pointer.Int32(25), - LimitResponse: flowcontrol.LimitResponse{ - Type: flowcontrol.LimitResponseTypeQueue, - Queuing: &flowcontrol.QueuingConfiguration{ - Queues: 64, - HandSize: 6, - QueueLengthLimit: 50, - }, - }, - }, - }) - // leader-election priority-level - SuggestedPriorityLevelConfigurationLeaderElection = newPriorityLevelConfiguration( - "leader-election", - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementLimited, - Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ - NominalConcurrencyShares: 10, - LendablePercent: pointer.Int32(0), - LimitResponse: flowcontrol.LimitResponse{ - Type: flowcontrol.LimitResponseTypeQueue, - Queuing: &flowcontrol.QueuingConfiguration{ - Queues: 16, - HandSize: 4, - QueueLengthLimit: 50, - }, - }, - }, - }) - // workload-high priority-level - SuggestedPriorityLevelConfigurationWorkloadHigh = newPriorityLevelConfiguration( - "workload-high", - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementLimited, - Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ - NominalConcurrencyShares: 40, - LendablePercent: pointer.Int32(50), - LimitResponse: flowcontrol.LimitResponse{ - Type: flowcontrol.LimitResponseTypeQueue, - Queuing: &flowcontrol.QueuingConfiguration{ - Queues: 128, - HandSize: 6, - QueueLengthLimit: 50, - }, - }, - }, - }) - // workload-low priority-level - SuggestedPriorityLevelConfigurationWorkloadLow = newPriorityLevelConfiguration( - "workload-low", - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementLimited, - Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ - NominalConcurrencyShares: 100, - LendablePercent: pointer.Int32(90), - LimitResponse: flowcontrol.LimitResponse{ - Type: flowcontrol.LimitResponseTypeQueue, - Queuing: &flowcontrol.QueuingConfiguration{ - Queues: 128, - HandSize: 6, - QueueLengthLimit: 50, - }, - }, - }, - }) - // global-default priority-level - SuggestedPriorityLevelConfigurationGlobalDefault = newPriorityLevelConfiguration( - "global-default", - flowcontrol.PriorityLevelConfigurationSpec{ - Type: flowcontrol.PriorityLevelEnablementLimited, - Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ - NominalConcurrencyShares: 20, - LendablePercent: pointer.Int32(50), - LimitResponse: flowcontrol.LimitResponse{ - Type: flowcontrol.LimitResponseTypeQueue, - Queuing: &flowcontrol.QueuingConfiguration{ - Queues: 128, - HandSize: 6, - QueueLengthLimit: 50, - }, - }, - }, - }) -) - -// Suggested FlowSchema objects. -// Ordered by matching precedence, so that their interactions are easier -// to follow while reading this source. -var ( - // the following flow schema exempts probes - SuggestedFlowSchemaProbes = newFlowSchema( - "probes", "exempt", 2, - "", // distinguisherMethodType - flowcontrol.PolicyRulesWithSubjects{ - Subjects: groups(user.AllUnauthenticated, user.AllAuthenticated), - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{"get"}, - []string{"/healthz", "/readyz", "/livez"}), - }, - }, - ) - SuggestedFlowSchemaSystemLeaderElection = newFlowSchema( - "system-leader-election", "leader-election", 100, - flowcontrol.FlowDistinguisherMethodByUserType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: append( - users(user.KubeControllerManager, user.KubeScheduler), - kubeSystemServiceAccount(flowcontrol.NameAll)...), - ResourceRules: []flowcontrol.ResourcePolicyRule{ - resourceRule( - []string{"get", "create", "update"}, - []string{coordinationv1.GroupName}, - []string{"leases"}, - []string{flowcontrol.NamespaceEvery}, - false), - }, - }, - ) - // We add an explicit rule for endpoint-controller with high precedence - // to ensure that those calls won't get caught by the following - // <workload-leader-election> flow-schema. - // - // TODO(#80289): Get rid of this rule once we get rid of support for - // using endpoints and configmaps objects for leader election. - SuggestedFlowSchemaEndpointsController = newFlowSchema( - "endpoint-controller", "workload-high", 150, - flowcontrol.FlowDistinguisherMethodByUserType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: append( - users(user.KubeControllerManager), - kubeSystemServiceAccount("endpoint-controller", "endpointslicemirroring-controller")...), - ResourceRules: []flowcontrol.ResourcePolicyRule{ - resourceRule( - []string{"get", "create", "update"}, - []string{corev1.GroupName}, - []string{"endpoints"}, - []string{flowcontrol.NamespaceEvery}, - false), - }, - }, - ) - // TODO(#80289): Get rid of this rule once we get rid of support for - // using endpoints and configmaps objects for leader election. - SuggestedFlowSchemaWorkloadLeaderElection = newFlowSchema( - "workload-leader-election", "leader-election", 200, - flowcontrol.FlowDistinguisherMethodByUserType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: kubeSystemServiceAccount(flowcontrol.NameAll), - ResourceRules: []flowcontrol.ResourcePolicyRule{ - resourceRule( - []string{"get", "create", "update"}, - []string{corev1.GroupName}, - []string{"endpoints", "configmaps"}, - []string{flowcontrol.NamespaceEvery}, - false), - resourceRule( - []string{"get", "create", "update"}, - []string{coordinationv1.GroupName}, - []string{"leases"}, - []string{flowcontrol.NamespaceEvery}, - false), - }, - }, - ) - SuggestedFlowSchemaSystemNodeHigh = newFlowSchema( - "system-node-high", "node-high", 400, - flowcontrol.FlowDistinguisherMethodByUserType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: groups(user.NodesGroup), // the nodes group - ResourceRules: []flowcontrol.ResourcePolicyRule{ - resourceRule( - []string{flowcontrol.VerbAll}, - []string{corev1.GroupName}, - []string{"nodes", "nodes/status"}, - []string{flowcontrol.NamespaceEvery}, - true), - resourceRule( - []string{flowcontrol.VerbAll}, - []string{coordinationv1.GroupName}, - []string{"leases"}, - []string{flowcontrol.NamespaceEvery}, - false), - }, - }, - ) - SuggestedFlowSchemaSystemNodes = newFlowSchema( - "system-nodes", "system", 500, - flowcontrol.FlowDistinguisherMethodByUserType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: groups(user.NodesGroup), // the nodes group - ResourceRules: []flowcontrol.ResourcePolicyRule{resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true)}, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}), - }, - }, - ) - SuggestedFlowSchemaKubeControllerManager = newFlowSchema( - "kube-controller-manager", "workload-high", 800, - flowcontrol.FlowDistinguisherMethodByNamespaceType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: users(user.KubeControllerManager), - ResourceRules: []flowcontrol.ResourcePolicyRule{resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true)}, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}), - }, - }, - ) - SuggestedFlowSchemaKubeScheduler = newFlowSchema( - "kube-scheduler", "workload-high", 800, - flowcontrol.FlowDistinguisherMethodByNamespaceType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: users(user.KubeScheduler), - ResourceRules: []flowcontrol.ResourcePolicyRule{resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true)}, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}), - }, - }, - ) - SuggestedFlowSchemaKubeSystemServiceAccounts = newFlowSchema( - "kube-system-service-accounts", "workload-high", 900, - flowcontrol.FlowDistinguisherMethodByNamespaceType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: kubeSystemServiceAccount(flowcontrol.NameAll), - ResourceRules: []flowcontrol.ResourcePolicyRule{resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true)}, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}), - }, - }, - ) - SuggestedFlowSchemaServiceAccounts = newFlowSchema( - "service-accounts", "workload-low", 9000, - flowcontrol.FlowDistinguisherMethodByUserType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: groups(serviceaccount.AllServiceAccountsGroup), - ResourceRules: []flowcontrol.ResourcePolicyRule{resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true)}, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}), - }, - }, - ) - SuggestedFlowSchemaGlobalDefault = newFlowSchema( - "global-default", "global-default", 9900, - flowcontrol.FlowDistinguisherMethodByUserType, - flowcontrol.PolicyRulesWithSubjects{ - Subjects: groups(user.AllUnauthenticated, user.AllAuthenticated), - ResourceRules: []flowcontrol.ResourcePolicyRule{resourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.APIGroupAll}, - []string{flowcontrol.ResourceAll}, - []string{flowcontrol.NamespaceEvery}, - true)}, - NonResourceRules: []flowcontrol.NonResourcePolicyRule{ - nonResourceRule( - []string{flowcontrol.VerbAll}, - []string{flowcontrol.NonResourceAll}), - }, - }, - ) -) - -func newPriorityLevelConfiguration(name string, spec flowcontrol.PriorityLevelConfigurationSpec) *flowcontrol.PriorityLevelConfiguration { - return &flowcontrol.PriorityLevelConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Annotations: map[string]string{ - flowcontrol.AutoUpdateAnnotationKey: "true", - }, - }, - Spec: spec, - } -} - -func newFlowSchema(name, plName string, matchingPrecedence int32, dmType flowcontrol.FlowDistinguisherMethodType, rules ...flowcontrol.PolicyRulesWithSubjects) *flowcontrol.FlowSchema { - var dm *flowcontrol.FlowDistinguisherMethod - if dmType != "" { - dm = &flowcontrol.FlowDistinguisherMethod{Type: dmType} - } - return &flowcontrol.FlowSchema{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Annotations: map[string]string{ - flowcontrol.AutoUpdateAnnotationKey: "true", - }, - }, - Spec: flowcontrol.FlowSchemaSpec{ - PriorityLevelConfiguration: flowcontrol.PriorityLevelConfigurationReference{ - Name: plName, - }, - MatchingPrecedence: matchingPrecedence, - DistinguisherMethod: dm, - Rules: rules}, - } - -} - -func groups(names ...string) []flowcontrol.Subject { - ans := make([]flowcontrol.Subject, len(names)) - for idx, name := range names { - ans[idx] = flowcontrol.Subject{ - Kind: flowcontrol.SubjectKindGroup, - Group: &flowcontrol.GroupSubject{ - Name: name, - }, - } - } - return ans -} - -func users(names ...string) []flowcontrol.Subject { - ans := make([]flowcontrol.Subject, len(names)) - for idx, name := range names { - ans[idx] = flowcontrol.Subject{ - Kind: flowcontrol.SubjectKindUser, - User: &flowcontrol.UserSubject{ - Name: name, - }, - } - } - return ans -} - -func kubeSystemServiceAccount(names ...string) []flowcontrol.Subject { - subjects := []flowcontrol.Subject{} - for _, name := range names { - subjects = append(subjects, flowcontrol.Subject{ - Kind: flowcontrol.SubjectKindServiceAccount, - ServiceAccount: &flowcontrol.ServiceAccountSubject{ - Name: name, - Namespace: metav1.NamespaceSystem, - }, - }) - } - return subjects -} - -func resourceRule(verbs []string, groups []string, resources []string, namespaces []string, clusterScoped bool) flowcontrol.ResourcePolicyRule { - return flowcontrol.ResourcePolicyRule{ - Verbs: verbs, - APIGroups: groups, - Resources: resources, - Namespaces: namespaces, - ClusterScope: clusterScoped, - } -} - -func nonResourceRule(verbs []string, nonResourceURLs []string) flowcontrol.NonResourcePolicyRule { - return flowcontrol.NonResourcePolicyRule{Verbs: verbs, NonResourceURLs: nonResourceURLs} -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/audit/OWNERS deleted file mode 100644 index 60f38f133f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-audit-approvers -reviewers: - - sig-auth-audit-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/context.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/context.go deleted file mode 100644 index 95a18bcd5c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/context.go +++ /dev/null @@ -1,226 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - "context" - "sync" - - "k8s.io/apimachinery/pkg/types" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/klog/v2" -) - -// The key type is unexported to prevent collisions -type key int - -// auditKey is the context key for storing the audit context that is being -// captured and the evaluated policy that applies to the given request. -const auditKey key = iota - -// AuditContext holds the information for constructing the audit events for the current request. -type AuditContext struct { - // RequestAuditConfig is the audit configuration that applies to the request - RequestAuditConfig RequestAuditConfig - - // Event is the audit Event object that is being captured to be written in - // the API audit log. It is set to nil when the request is not being audited. - Event *auditinternal.Event - - // annotations holds audit annotations that are recorded before the event has been initialized. - // This is represented as a slice rather than a map to preserve order. - annotations []annotation - // annotationMutex guards annotations AND event.Annotations - annotationMutex sync.Mutex - - // auditID is the Audit ID associated with this request. - auditID types.UID -} - -type annotation struct { - key, value string -} - -// AddAuditAnnotation sets the audit annotation for the given key, value pair. -// It is safe to call at most parts of request flow that come after WithAuditAnnotations. -// The notable exception being that this function must not be called via a -// defer statement (i.e. after ServeHTTP) in a handler that runs before WithAudit -// as at that point the audit event has already been sent to the audit sink. -// Handlers that are unaware of their position in the overall request flow should -// prefer AddAuditAnnotation over LogAnnotation to avoid dropping annotations. -func AddAuditAnnotation(ctx context.Context, key, value string) { - ac := AuditContextFrom(ctx) - if ac == nil { - // auditing is not enabled - return - } - - ac.annotationMutex.Lock() - defer ac.annotationMutex.Unlock() - - addAuditAnnotationLocked(ac, key, value) -} - -// AddAuditAnnotations is a bulk version of AddAuditAnnotation. Refer to AddAuditAnnotation for -// restrictions on when this can be called. -// keysAndValues are the key-value pairs to add, and must have an even number of items. -func AddAuditAnnotations(ctx context.Context, keysAndValues ...string) { - ac := AuditContextFrom(ctx) - if ac == nil { - // auditing is not enabled - return - } - - ac.annotationMutex.Lock() - defer ac.annotationMutex.Unlock() - - if len(keysAndValues)%2 != 0 { - klog.Errorf("Dropping mismatched audit annotation %q", keysAndValues[len(keysAndValues)-1]) - } - for i := 0; i < len(keysAndValues); i += 2 { - addAuditAnnotationLocked(ac, keysAndValues[i], keysAndValues[i+1]) - } -} - -// AddAuditAnnotationsMap is a bulk version of AddAuditAnnotation. Refer to AddAuditAnnotation for -// restrictions on when this can be called. -func AddAuditAnnotationsMap(ctx context.Context, annotations map[string]string) { - ac := AuditContextFrom(ctx) - if ac == nil { - // auditing is not enabled - return - } - - ac.annotationMutex.Lock() - defer ac.annotationMutex.Unlock() - - for k, v := range annotations { - addAuditAnnotationLocked(ac, k, v) - } -} - -// addAuditAnnotationLocked is the shared code for recording an audit annotation. This method should -// only be called while the auditAnnotationsMutex is locked. -func addAuditAnnotationLocked(ac *AuditContext, key, value string) { - if ac.Event != nil { - logAnnotation(ac.Event, key, value) - } else { - ac.annotations = append(ac.annotations, annotation{key: key, value: value}) - } -} - -// This is private to prevent reads/write to the slice from outside of this package. -// The audit event should be directly read to get access to the annotations. -func addAuditAnnotationsFrom(ctx context.Context, ev *auditinternal.Event) { - ac := AuditContextFrom(ctx) - if ac == nil { - // auditing is not enabled - return - } - - ac.annotationMutex.Lock() - defer ac.annotationMutex.Unlock() - - for _, kv := range ac.annotations { - logAnnotation(ev, kv.key, kv.value) - } -} - -// LogAnnotation fills in the Annotations according to the key value pair. -func logAnnotation(ae *auditinternal.Event, key, value string) { - if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) { - return - } - if ae.Annotations == nil { - ae.Annotations = make(map[string]string) - } - if v, ok := ae.Annotations[key]; ok && v != value { - klog.Warningf("Failed to set annotations[%q] to %q for audit:%q, it has already been set to %q", key, value, ae.AuditID, ae.Annotations[key]) - return - } - ae.Annotations[key] = value -} - -// WithAuditContext returns a new context that stores the AuditContext. -func WithAuditContext(parent context.Context) context.Context { - if AuditContextFrom(parent) != nil { - return parent // Avoid double registering. - } - - return genericapirequest.WithValue(parent, auditKey, &AuditContext{}) -} - -// AuditEventFrom returns the audit event struct on the ctx -func AuditEventFrom(ctx context.Context) *auditinternal.Event { - if o := AuditContextFrom(ctx); o != nil { - return o.Event - } - return nil -} - -// AuditContextFrom returns the pair of the audit configuration object -// that applies to the given request and the audit event that is going to -// be written to the API audit log. -func AuditContextFrom(ctx context.Context) *AuditContext { - ev, _ := ctx.Value(auditKey).(*AuditContext) - return ev -} - -// WithAuditID sets the AuditID on the AuditContext. The AuditContext must already be present in the -// request context. If the specified auditID is empty, no value is set. -func WithAuditID(ctx context.Context, auditID types.UID) { - if auditID == "" { - return - } - ac := AuditContextFrom(ctx) - if ac == nil { - return - } - ac.auditID = auditID - if ac.Event != nil { - ac.Event.AuditID = auditID - } -} - -// AuditIDFrom returns the value of the audit ID from the request context. -func AuditIDFrom(ctx context.Context) (types.UID, bool) { - if ac := AuditContextFrom(ctx); ac != nil { - return ac.auditID, ac.auditID != "" - } - return "", false -} - -// GetAuditIDTruncated returns the audit ID (truncated) from the request context. -// If the length of the Audit-ID value exceeds the limit, we truncate it to keep -// the first N (maxAuditIDLength) characters. -// This is intended to be used in logging only. -func GetAuditIDTruncated(ctx context.Context) string { - auditID, ok := AuditIDFrom(ctx) - if !ok { - return "" - } - - // if the user has specified a very long audit ID then we will use the first N characters - // Note: assuming Audit-ID header is in ASCII - const maxAuditIDLength = 64 - if len(auditID) > maxAuditIDLength { - auditID = auditID[:maxAuditIDLength] - } - - return string(auditID) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/evaluator.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/evaluator.go deleted file mode 100644 index 93907dc5f3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/evaluator.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/authorization/authorizer" -) - -// RequestAuditConfig is the evaluated audit configuration that is applicable to -// a given request. PolicyRuleEvaluator evaluates the audit policy against the -// authorizer attributes and returns a RequestAuditConfig that applies to the request. -type RequestAuditConfig struct { - // OmitStages is the stages that need to be omitted from being audited. - OmitStages []audit.Stage - - // OmitManagedFields indicates whether to omit the managed fields of the request - // and response bodies from being written to the API audit log. - OmitManagedFields bool -} - -// RequestAuditConfigWithLevel includes Level at which the request is being audited. -// PolicyRuleEvaluator evaluates the audit configuration for a request -// against the authorizer attributes and returns an RequestAuditConfigWithLevel -// that applies to the request. -type RequestAuditConfigWithLevel struct { - RequestAuditConfig - - // Level at which the request is being audited at - Level audit.Level -} - -// PolicyRuleEvaluator exposes methods for evaluating the policy rules. -type PolicyRuleEvaluator interface { - // EvaluatePolicyRule evaluates the audit policy of the apiserver against - // the given authorizer attributes and returns the audit configuration that - // is applicable to the given equest. - EvaluatePolicyRule(authorizer.Attributes) RequestAuditConfigWithLevel -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/format.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/format.go deleted file mode 100644 index 9c0784a316..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/format.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - "fmt" - "strconv" - "strings" - "time" - - auditinternal "k8s.io/apiserver/pkg/apis/audit" -) - -// EventString creates a 1-line text representation of an audit event, using a subset of the -// information in the event struct. -func EventString(ev *auditinternal.Event) string { - username := "<none>" - groups := "<none>" - if len(ev.User.Username) > 0 { - username = ev.User.Username - if len(ev.User.Groups) > 0 { - groups = auditStringSlice(ev.User.Groups) - } - } - asuser := "<self>" - asgroups := "<lookup>" - if ev.ImpersonatedUser != nil { - asuser = ev.ImpersonatedUser.Username - if ev.ImpersonatedUser.Groups != nil { - asgroups = auditStringSlice(ev.ImpersonatedUser.Groups) - } - } - - namespace := "<none>" - if ev.ObjectRef != nil && len(ev.ObjectRef.Namespace) != 0 { - namespace = ev.ObjectRef.Namespace - } - - response := "<deferred>" - if ev.ResponseStatus != nil { - response = strconv.Itoa(int(ev.ResponseStatus.Code)) - } - - ip := "<unknown>" - if len(ev.SourceIPs) > 0 { - ip = ev.SourceIPs[0] - } - - return fmt.Sprintf("%s AUDIT: id=%q stage=%q ip=%q method=%q user=%q groups=%q as=%q asgroups=%q user-agent=%q namespace=%q uri=%q response=\"%s\"", - ev.RequestReceivedTimestamp.Format(time.RFC3339Nano), ev.AuditID, ev.Stage, ip, ev.Verb, username, groups, asuser, asgroups, ev.UserAgent, namespace, ev.RequestURI, response) -} - -func auditStringSlice(inList []string) string { - quotedElements := make([]string, len(inList)) - for i, in := range inList { - quotedElements[i] = fmt.Sprintf("%q", in) - } - return strings.Join(quotedElements, ",") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/metrics.go deleted file mode 100644 index 729a16eeca..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/metrics.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - "context" - "fmt" - - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" - "k8s.io/klog/v2" -) - -const ( - subsystem = "apiserver_audit" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -var ( - eventCounter = metrics.NewCounter( - &metrics.CounterOpts{ - Subsystem: subsystem, - Name: "event_total", - Help: "Counter of audit events generated and sent to the audit backend.", - StabilityLevel: metrics.ALPHA, - }) - errorCounter = metrics.NewCounterVec( - &metrics.CounterOpts{ - Subsystem: subsystem, - Name: "error_total", - Help: "Counter of audit events that failed to be audited properly. " + - "Plugin identifies the plugin affected by the error.", - StabilityLevel: metrics.ALPHA, - }, - []string{"plugin"}, - ) - levelCounter = metrics.NewCounterVec( - &metrics.CounterOpts{ - Subsystem: subsystem, - Name: "level_total", - Help: "Counter of policy levels for audit events (1 per request).", - StabilityLevel: metrics.ALPHA, - }, - []string{"level"}, - ) - - ApiserverAuditDroppedCounter = metrics.NewCounter( - &metrics.CounterOpts{ - Subsystem: subsystem, - Name: "requests_rejected_total", - Help: "Counter of apiserver requests rejected due to an error " + - "in audit logging backend.", - StabilityLevel: metrics.ALPHA, - }, - ) -) - -func init() { - legacyregistry.MustRegister(eventCounter) - legacyregistry.MustRegister(errorCounter) - legacyregistry.MustRegister(levelCounter) - legacyregistry.MustRegister(ApiserverAuditDroppedCounter) -} - -// ObserveEvent updates the relevant prometheus metrics for the generated audit event. -func ObserveEvent(ctx context.Context) { - eventCounter.WithContext(ctx).Inc() -} - -// ObservePolicyLevel updates the relevant prometheus metrics with the audit level for a request. -func ObservePolicyLevel(ctx context.Context, level auditinternal.Level) { - levelCounter.WithContext(ctx).WithLabelValues(string(level)).Inc() -} - -// HandlePluginError handles an error that occurred in an audit plugin. This method should only be -// used if the error may have prevented the audit event from being properly recorded. The events are -// logged to the debug log. -func HandlePluginError(plugin string, err error, impacted ...*auditinternal.Event) { - // Count the error. - errorCounter.WithLabelValues(plugin).Add(float64(len(impacted))) - - // Log the audit events to the debug log. - msg := fmt.Sprintf("Error in audit plugin '%s' affecting %d audit events: %v\nImpacted events:\n", - plugin, len(impacted), err) - for _, ev := range impacted { - msg = msg + EventString(ev) + "\n" - } - klog.Error(msg) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/checker.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/checker.go deleted file mode 100644 index 6a98ff4ac0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/checker.go +++ /dev/null @@ -1,245 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "strings" - - "k8s.io/apiserver/pkg/apis/audit" - auditinternal "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authorization/authorizer" -) - -const ( - // DefaultAuditLevel is the default level to audit at, if no policy rules are matched. - DefaultAuditLevel = audit.LevelNone -) - -// NewPolicyRuleEvaluator creates a new policy rule evaluator. -func NewPolicyRuleEvaluator(policy *audit.Policy) auditinternal.PolicyRuleEvaluator { - for i, rule := range policy.Rules { - policy.Rules[i].OmitStages = unionStages(policy.OmitStages, rule.OmitStages) - } - return &policyRuleEvaluator{*policy} -} - -func unionStages(stageLists ...[]audit.Stage) []audit.Stage { - m := make(map[audit.Stage]bool) - for _, sl := range stageLists { - for _, s := range sl { - m[s] = true - } - } - result := make([]audit.Stage, 0, len(m)) - for key := range m { - result = append(result, key) - } - return result -} - -// NewFakePolicyRuleEvaluator creates a fake policy rule evaluator that returns -// a constant level for all requests (for testing). -func NewFakePolicyRuleEvaluator(level audit.Level, stage []audit.Stage) auditinternal.PolicyRuleEvaluator { - return &fakePolicyRuleEvaluator{level, stage} -} - -type policyRuleEvaluator struct { - audit.Policy -} - -func (p *policyRuleEvaluator) EvaluatePolicyRule(attrs authorizer.Attributes) auditinternal.RequestAuditConfigWithLevel { - for _, rule := range p.Rules { - if ruleMatches(&rule, attrs) { - return auditinternal.RequestAuditConfigWithLevel{ - Level: rule.Level, - RequestAuditConfig: auditinternal.RequestAuditConfig{ - OmitStages: rule.OmitStages, - OmitManagedFields: isOmitManagedFields(&rule, p.OmitManagedFields), - }, - } - } - } - - return auditinternal.RequestAuditConfigWithLevel{ - Level: DefaultAuditLevel, - RequestAuditConfig: auditinternal.RequestAuditConfig{ - OmitStages: p.OmitStages, - OmitManagedFields: p.OmitManagedFields, - }, - } -} - -// isOmitManagedFields returns whether to omit managed fields from the request -// and response bodies from being written to the API audit log. -// If a user specifies OmitManagedFields inside a policy rule, that overrides -// the global policy default in Policy.OmitManagedFields. -func isOmitManagedFields(policyRule *audit.PolicyRule, policyDefault bool) bool { - if policyRule.OmitManagedFields == nil { - return policyDefault - } - - return *policyRule.OmitManagedFields -} - -// Check whether the rule matches the request attrs. -func ruleMatches(r *audit.PolicyRule, attrs authorizer.Attributes) bool { - user := attrs.GetUser() - if len(r.Users) > 0 { - if user == nil || !hasString(r.Users, user.GetName()) { - return false - } - } - if len(r.UserGroups) > 0 { - if user == nil { - return false - } - matched := false - for _, group := range user.GetGroups() { - if hasString(r.UserGroups, group) { - matched = true - break - } - } - if !matched { - return false - } - } - if len(r.Verbs) > 0 { - if !hasString(r.Verbs, attrs.GetVerb()) { - return false - } - } - - if len(r.Namespaces) > 0 || len(r.Resources) > 0 { - return ruleMatchesResource(r, attrs) - } - - if len(r.NonResourceURLs) > 0 { - return ruleMatchesNonResource(r, attrs) - } - - return true -} - -// Check whether the rule's non-resource URLs match the request attrs. -func ruleMatchesNonResource(r *audit.PolicyRule, attrs authorizer.Attributes) bool { - if attrs.IsResourceRequest() { - return false - } - - path := attrs.GetPath() - for _, spec := range r.NonResourceURLs { - if pathMatches(path, spec) { - return true - } - } - - return false -} - -// Check whether the path matches the path specification. -func pathMatches(path, spec string) bool { - // Allow wildcard match - if spec == "*" { - return true - } - // Allow exact match - if spec == path { - return true - } - // Allow a trailing * subpath match - if strings.HasSuffix(spec, "*") && strings.HasPrefix(path, strings.TrimRight(spec, "*")) { - return true - } - return false -} - -// Check whether the rule's resource fields match the request attrs. -func ruleMatchesResource(r *audit.PolicyRule, attrs authorizer.Attributes) bool { - if !attrs.IsResourceRequest() { - return false - } - - if len(r.Namespaces) > 0 { - if !hasString(r.Namespaces, attrs.GetNamespace()) { // Non-namespaced resources use the empty string. - return false - } - } - if len(r.Resources) == 0 { - return true - } - - apiGroup := attrs.GetAPIGroup() - resource := attrs.GetResource() - subresource := attrs.GetSubresource() - combinedResource := resource - // If subresource, the resource in the policy must match "(resource)/(subresource)" - if subresource != "" { - combinedResource = resource + "/" + subresource - } - - name := attrs.GetName() - - for _, gr := range r.Resources { - if gr.Group == apiGroup { - if len(gr.Resources) == 0 { - return true - } - for _, res := range gr.Resources { - if len(gr.ResourceNames) == 0 || hasString(gr.ResourceNames, name) { - // match "*" - if res == combinedResource || res == "*" { - return true - } - // match "*/subresource" - if len(subresource) > 0 && strings.HasPrefix(res, "*/") && subresource == strings.TrimPrefix(res, "*/") { - return true - } - // match "resource/*" - if strings.HasSuffix(res, "/*") && resource == strings.TrimSuffix(res, "/*") { - return true - } - } - } - } - } - return false -} - -// Utility function to check whether a string slice contains a string. -func hasString(slice []string, value string) bool { - for _, s := range slice { - if s == value { - return true - } - } - return false -} - -type fakePolicyRuleEvaluator struct { - level audit.Level - stage []audit.Stage -} - -func (f *fakePolicyRuleEvaluator) EvaluatePolicyRule(_ authorizer.Attributes) auditinternal.RequestAuditConfigWithLevel { - return auditinternal.RequestAuditConfigWithLevel{ - Level: f.level, - RequestAuditConfig: auditinternal.RequestAuditConfig{ - OmitStages: f.stage, - }, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/reader.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/reader.go deleted file mode 100644 index 5383d479d1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/reader.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "io/ioutil" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" - "k8s.io/apiserver/pkg/apis/audit/validation" - "k8s.io/apiserver/pkg/audit" - "k8s.io/klog/v2" -) - -var ( - apiGroupVersions = []schema.GroupVersion{ - auditv1.SchemeGroupVersion, - } - apiGroupVersionSet = map[schema.GroupVersion]bool{} -) - -func init() { - for _, gv := range apiGroupVersions { - apiGroupVersionSet[gv] = true - } -} - -func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error) { - if filePath == "" { - return nil, fmt.Errorf("file path not specified") - } - policyDef, err := ioutil.ReadFile(filePath) - if err != nil { - return nil, fmt.Errorf("failed to read file path %q: %+v", filePath, err) - } - - ret, err := LoadPolicyFromBytes(policyDef) - if err != nil { - return nil, fmt.Errorf("%v: from file %v", err.Error(), filePath) - } - - return ret, nil -} - -func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error) { - policy := &auditinternal.Policy{} - strictDecoder := serializer.NewCodecFactory(audit.Scheme, serializer.EnableStrict).UniversalDecoder() - - // Try strict decoding first. - _, gvk, err := strictDecoder.Decode(policyDef, nil, policy) - if err != nil { - if !runtime.IsStrictDecodingError(err) { - return nil, fmt.Errorf("failed decoding: %w", err) - } - var ( - lenientDecoder = audit.Codecs.UniversalDecoder(apiGroupVersions...) - lenientErr error - ) - _, gvk, lenientErr = lenientDecoder.Decode(policyDef, nil, policy) - if lenientErr != nil { - return nil, fmt.Errorf("failed lenient decoding: %w", lenientErr) - } - klog.Warningf("Audit policy contains errors, falling back to lenient decoding: %v", err) - } - - // Ensure the policy file contained an apiVersion and kind. - gv := schema.GroupVersion{Group: gvk.Group, Version: gvk.Version} - if !apiGroupVersionSet[gv] { - return nil, fmt.Errorf("unknown group version field %v in policy", gvk) - } - - if err := validation.ValidatePolicy(policy); err != nil { - return nil, err.ToAggregate() - } - - policyCnt := len(policy.Rules) - if policyCnt == 0 { - return nil, fmt.Errorf("loaded illegal policy with 0 rules") - } - - klog.V(4).InfoS("Load audit policy rules success", "policyCnt", policyCnt) - return policy, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/util.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/util.go deleted file mode 100644 index 555386756d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/policy/util.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/apis/audit" -) - -// AllStages returns all possible stages -func AllStages() sets.String { - return sets.NewString( - string(audit.StageRequestReceived), - string(audit.StageResponseStarted), - string(audit.StageResponseComplete), - string(audit.StagePanic), - ) -} - -// AllLevels returns all possible levels -func AllLevels() sets.String { - return sets.NewString( - string(audit.LevelNone), - string(audit.LevelMetadata), - string(audit.LevelRequest), - string(audit.LevelRequestResponse), - ) -} - -// InvertStages subtracts the given array of stages from all stages -func InvertStages(stages []audit.Stage) []audit.Stage { - s := ConvertStagesToStrings(stages) - a := AllStages() - a.Delete(s...) - return ConvertStringSetToStages(a) -} - -// ConvertStagesToStrings converts an array of stages to a string array -func ConvertStagesToStrings(stages []audit.Stage) []string { - s := make([]string, len(stages)) - for i, stage := range stages { - s[i] = string(stage) - } - return s -} - -// ConvertStringSetToStages converts a string set to an array of stages -func ConvertStringSetToStages(set sets.String) []audit.Stage { - stages := make([]audit.Stage, len(set)) - for i, stage := range set.List() { - stages[i] = audit.Stage(stage) - } - return stages -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/request.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/request.go deleted file mode 100644 index 972669536e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/request.go +++ /dev/null @@ -1,321 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - "bytes" - "context" - "fmt" - "net/http" - "time" - - authnv1 "k8s.io/api/authentication/v1" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - utilnet "k8s.io/apimachinery/pkg/util/net" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/klog/v2" - - "github.com/google/uuid" -) - -const ( - maxUserAgentLength = 1024 - userAgentTruncateSuffix = "...TRUNCATED" -) - -func NewEventFromRequest(req *http.Request, requestReceivedTimestamp time.Time, level auditinternal.Level, attribs authorizer.Attributes) (*auditinternal.Event, error) { - ev := &auditinternal.Event{ - RequestReceivedTimestamp: metav1.NewMicroTime(requestReceivedTimestamp), - Verb: attribs.GetVerb(), - RequestURI: req.URL.RequestURI(), - UserAgent: maybeTruncateUserAgent(req), - Level: level, - } - - auditID, found := AuditIDFrom(req.Context()) - if !found { - auditID = types.UID(uuid.New().String()) - } - ev.AuditID = auditID - - ips := utilnet.SourceIPs(req) - ev.SourceIPs = make([]string, len(ips)) - for i := range ips { - ev.SourceIPs[i] = ips[i].String() - } - - if user := attribs.GetUser(); user != nil { - ev.User.Username = user.GetName() - ev.User.Extra = map[string]authnv1.ExtraValue{} - for k, v := range user.GetExtra() { - ev.User.Extra[k] = authnv1.ExtraValue(v) - } - ev.User.Groups = user.GetGroups() - ev.User.UID = user.GetUID() - } - - if attribs.IsResourceRequest() { - ev.ObjectRef = &auditinternal.ObjectReference{ - Namespace: attribs.GetNamespace(), - Name: attribs.GetName(), - Resource: attribs.GetResource(), - Subresource: attribs.GetSubresource(), - APIGroup: attribs.GetAPIGroup(), - APIVersion: attribs.GetAPIVersion(), - } - } - - addAuditAnnotationsFrom(req.Context(), ev) - - return ev, nil -} - -// LogImpersonatedUser fills in the impersonated user attributes into an audit event. -func LogImpersonatedUser(ae *auditinternal.Event, user user.Info) { - if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) { - return - } - ae.ImpersonatedUser = &authnv1.UserInfo{ - Username: user.GetName(), - } - ae.ImpersonatedUser.Groups = user.GetGroups() - ae.ImpersonatedUser.UID = user.GetUID() - ae.ImpersonatedUser.Extra = map[string]authnv1.ExtraValue{} - for k, v := range user.GetExtra() { - ae.ImpersonatedUser.Extra[k] = authnv1.ExtraValue(v) - } -} - -// LogRequestObject fills in the request object into an audit event. The passed runtime.Object -// will be converted to the given gv. -func LogRequestObject(ctx context.Context, obj runtime.Object, objGV schema.GroupVersion, gvr schema.GroupVersionResource, subresource string, s runtime.NegotiatedSerializer) { - ae := AuditEventFrom(ctx) - if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) { - return - } - - // complete ObjectRef - if ae.ObjectRef == nil { - ae.ObjectRef = &auditinternal.ObjectReference{} - } - - // meta.Accessor is more general than ObjectMetaAccessor, but if it fails, we can just skip setting these bits - if meta, err := meta.Accessor(obj); err == nil { - if len(ae.ObjectRef.Namespace) == 0 { - ae.ObjectRef.Namespace = meta.GetNamespace() - } - if len(ae.ObjectRef.Name) == 0 { - ae.ObjectRef.Name = meta.GetName() - } - if len(ae.ObjectRef.UID) == 0 { - ae.ObjectRef.UID = meta.GetUID() - } - if len(ae.ObjectRef.ResourceVersion) == 0 { - ae.ObjectRef.ResourceVersion = meta.GetResourceVersion() - } - } - if len(ae.ObjectRef.APIVersion) == 0 { - ae.ObjectRef.APIGroup = gvr.Group - ae.ObjectRef.APIVersion = gvr.Version - } - if len(ae.ObjectRef.Resource) == 0 { - ae.ObjectRef.Resource = gvr.Resource - } - if len(ae.ObjectRef.Subresource) == 0 { - ae.ObjectRef.Subresource = subresource - } - - if ae.Level.Less(auditinternal.LevelRequest) { - return - } - - if shouldOmitManagedFields(ctx) { - copy, ok, err := copyWithoutManagedFields(obj) - if err != nil { - klog.ErrorS(err, "Error while dropping managed fields from the request", "auditID", ae.AuditID) - } - if ok { - obj = copy - } - } - - // TODO(audit): hook into the serializer to avoid double conversion - var err error - ae.RequestObject, err = encodeObject(obj, objGV, s) - if err != nil { - // TODO(audit): add error slice to audit event struct - klog.ErrorS(err, "Encoding failed of request object", "auditID", ae.AuditID, "gvr", gvr.String(), "obj", obj) - return - } -} - -// LogRequestPatch fills in the given patch as the request object into an audit event. -func LogRequestPatch(ctx context.Context, patch []byte) { - ae := AuditEventFrom(ctx) - if ae == nil || ae.Level.Less(auditinternal.LevelRequest) { - return - } - - ae.RequestObject = &runtime.Unknown{ - Raw: patch, - ContentType: runtime.ContentTypeJSON, - } -} - -// LogResponseObject fills in the response object into an audit event. The passed runtime.Object -// will be converted to the given gv. -func LogResponseObject(ctx context.Context, obj runtime.Object, gv schema.GroupVersion, s runtime.NegotiatedSerializer) { - ae := AuditEventFrom(ctx) - if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) { - return - } - if status, ok := obj.(*metav1.Status); ok { - // selectively copy the bounded fields. - ae.ResponseStatus = &metav1.Status{ - Status: status.Status, - Message: status.Message, - Reason: status.Reason, - Details: status.Details, - Code: status.Code, - } - } - - if ae.Level.Less(auditinternal.LevelRequestResponse) { - return - } - - if shouldOmitManagedFields(ctx) { - copy, ok, err := copyWithoutManagedFields(obj) - if err != nil { - klog.ErrorS(err, "Error while dropping managed fields from the response", "auditID", ae.AuditID) - } - if ok { - obj = copy - } - } - - // TODO(audit): hook into the serializer to avoid double conversion - var err error - ae.ResponseObject, err = encodeObject(obj, gv, s) - if err != nil { - klog.ErrorS(err, "Encoding failed of response object", "auditID", ae.AuditID, "obj", obj) - } -} - -func encodeObject(obj runtime.Object, gv schema.GroupVersion, serializer runtime.NegotiatedSerializer) (*runtime.Unknown, error) { - const mediaType = runtime.ContentTypeJSON - info, ok := runtime.SerializerInfoForMediaType(serializer.SupportedMediaTypes(), mediaType) - if !ok { - return nil, fmt.Errorf("unable to locate encoder -- %q is not a supported media type", mediaType) - } - - enc := serializer.EncoderForVersion(info.Serializer, gv) - var buf bytes.Buffer - if err := enc.Encode(obj, &buf); err != nil { - return nil, fmt.Errorf("encoding failed: %v", err) - } - - return &runtime.Unknown{ - Raw: buf.Bytes(), - ContentType: mediaType, - }, nil -} - -// truncate User-Agent if too long, otherwise return it directly. -func maybeTruncateUserAgent(req *http.Request) string { - ua := req.UserAgent() - if len(ua) > maxUserAgentLength { - ua = ua[:maxUserAgentLength] + userAgentTruncateSuffix - } - - return ua -} - -// copyWithoutManagedFields will make a deep copy of the specified object and -// will discard the managed fields from the copy. -// The specified object is expected to be a meta.Object or a "list". -// The specified object obj is treated as readonly and hence not mutated. -// On return, an error is set if the function runs into any error while -// removing the managed fields, the boolean value is true if the copy has -// been made successfully, otherwise false. -func copyWithoutManagedFields(obj runtime.Object) (runtime.Object, bool, error) { - isAccessor := true - if _, err := meta.Accessor(obj); err != nil { - isAccessor = false - } - isList := meta.IsListType(obj) - _, isTable := obj.(*metav1.Table) - if !isAccessor && !isList && !isTable { - return nil, false, nil - } - - // TODO a deep copy isn't really needed here, figure out how we can reliably - // use shallow copy here to omit the manageFields. - copy := obj.DeepCopyObject() - - if isAccessor { - if err := removeManagedFields(copy); err != nil { - return nil, false, err - } - } - - if isList { - if err := meta.EachListItem(copy, removeManagedFields); err != nil { - return nil, false, err - } - } - - if isTable { - table := copy.(*metav1.Table) - for i := range table.Rows { - rowObj := table.Rows[i].Object - if err := removeManagedFields(rowObj.Object); err != nil { - return nil, false, err - } - } - } - - return copy, true, nil -} - -func removeManagedFields(obj runtime.Object) error { - if obj == nil { - return nil - } - accessor, err := meta.Accessor(obj) - if err != nil { - return err - } - accessor.SetManagedFields(nil) - return nil -} - -func shouldOmitManagedFields(ctx context.Context) bool { - if auditContext := AuditContextFrom(ctx); auditContext != nil { - return auditContext.RequestAuditConfig.OmitManagedFields - } - - // If we can't decide, return false to maintain current behavior which is - // to retain the manage fields in the audit. - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/scheme.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/scheme.go deleted file mode 100644 index 1ebbc64be4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/scheme.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// TODO: Delete this file if we generate a clientset. -package audit - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/apis/audit/v1" -) - -var Scheme = runtime.NewScheme() -var Codecs = serializer.NewCodecFactory(Scheme) - -func init() { - metav1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) - utilruntime.Must(v1.AddToScheme(Scheme)) - utilruntime.Must(auditinternal.AddToScheme(Scheme)) - utilruntime.Must(Scheme.SetVersionPriority(v1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/types.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/types.go deleted file mode 100644 index b78bd086b0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/types.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - auditinternal "k8s.io/apiserver/pkg/apis/audit" -) - -type Sink interface { - // ProcessEvents handles events. Per audit ID it might be that ProcessEvents is called up to three times. - // Errors might be logged by the sink itself. If an error should be fatal, leading to an internal - // error, ProcessEvents is supposed to panic. The event must not be mutated and is reused by the caller - // after the call returns, i.e. the sink has to make a deepcopy to keep a copy around if necessary. - // Returns true on success, may return false on error. - ProcessEvents(events ...*auditinternal.Event) bool -} - -type Backend interface { - Sink - - // Run will initialize the backend. It must not block, but may run go routines in the background. If - // stopCh is closed, it is supposed to stop them. Run will be called before the first call to ProcessEvents. - Run(stopCh <-chan struct{}) error - - // Shutdown will synchronously shut down the backend while making sure that all pending - // events are delivered. It can be assumed that this method is called after - // the stopCh channel passed to the Run method has been closed. - Shutdown() - - // Returns the backend PluginName. - String() string -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/audit/union.go b/etcd/vendor/k8s.io/apiserver/pkg/audit/union.go deleted file mode 100644 index 0766a9207b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/audit/union.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package audit - -import ( - "fmt" - "strings" - - "k8s.io/apimachinery/pkg/util/errors" - auditinternal "k8s.io/apiserver/pkg/apis/audit" -) - -// Union returns an audit Backend which logs events to a set of backends. The returned -// Sink implementation blocks in turn for each call to ProcessEvents. -func Union(backends ...Backend) Backend { - if len(backends) == 1 { - return backends[0] - } - return union{backends} -} - -type union struct { - backends []Backend -} - -func (u union) ProcessEvents(events ...*auditinternal.Event) bool { - success := true - for _, backend := range u.backends { - success = backend.ProcessEvents(events...) && success - } - return success -} - -func (u union) Run(stopCh <-chan struct{}) error { - var funcs []func() error - for _, backend := range u.backends { - backend := backend - funcs = append(funcs, func() error { - return backend.Run(stopCh) - }) - } - return errors.AggregateGoroutines(funcs...) -} - -func (u union) Shutdown() { - for _, backend := range u.backends { - backend.Shutdown() - } -} - -func (u union) String() string { - var backendStrings []string - for _, backend := range u.backends { - backendStrings = append(backendStrings, fmt.Sprintf("%s", backend)) - } - return fmt.Sprintf("union[%s]", strings.Join(backendStrings, ",")) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/audagnostic.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/audagnostic.go deleted file mode 100644 index bcf7eb4bc9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/audagnostic.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticator - -import ( - "context" - "fmt" - "net/http" -) - -func authenticate(ctx context.Context, implicitAuds Audiences, authenticate func() (*Response, bool, error)) (*Response, bool, error) { - targetAuds, ok := AudiencesFrom(ctx) - // We can remove this once api audiences is never empty. That will probably - // be N releases after TokenRequest is GA. - if !ok { - return authenticate() - } - auds := implicitAuds.Intersect(targetAuds) - if len(auds) == 0 { - return nil, false, nil - } - resp, ok, err := authenticate() - if err != nil || !ok { - return nil, false, err - } - if len(resp.Audiences) > 0 { - // maybe the authenticator was audience aware after all. - return nil, false, fmt.Errorf("audience agnostic authenticator wrapped an authenticator that returned audiences: %q", resp.Audiences) - } - resp.Audiences = auds - return resp, true, nil -} - -type audAgnosticRequestAuthenticator struct { - implicit Audiences - delegate Request -} - -var _ = Request(&audAgnosticRequestAuthenticator{}) - -func (a *audAgnosticRequestAuthenticator) AuthenticateRequest(req *http.Request) (*Response, bool, error) { - return authenticate(req.Context(), a.implicit, func() (*Response, bool, error) { - return a.delegate.AuthenticateRequest(req) - }) -} - -// WrapAudienceAgnosticRequest wraps an audience agnostic request authenticator -// to restrict its accepted audiences to a set of implicit audiences. -func WrapAudienceAgnosticRequest(implicit Audiences, delegate Request) Request { - return &audAgnosticRequestAuthenticator{ - implicit: implicit, - delegate: delegate, - } -} - -type audAgnosticTokenAuthenticator struct { - implicit Audiences - delegate Token -} - -var _ = Token(&audAgnosticTokenAuthenticator{}) - -func (a *audAgnosticTokenAuthenticator) AuthenticateToken(ctx context.Context, tok string) (*Response, bool, error) { - return authenticate(ctx, a.implicit, func() (*Response, bool, error) { - return a.delegate.AuthenticateToken(ctx, tok) - }) -} - -// WrapAudienceAgnosticToken wraps an audience agnostic token authenticator to -// restrict its accepted audiences to a set of implicit audiences. -func WrapAudienceAgnosticToken(implicit Audiences, delegate Token) Token { - return &audAgnosticTokenAuthenticator{ - implicit: implicit, - delegate: delegate, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go deleted file mode 100644 index 2a3a918896..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticator - -import "context" - -// Audiences is a container for the Audiences of a token. -type Audiences []string - -// The key type is unexported to prevent collisions -type key int - -const ( - // audiencesKey is the context key for request audiences. - audiencesKey key = iota -) - -// WithAudiences returns a context that stores a request's expected audiences. -func WithAudiences(ctx context.Context, auds Audiences) context.Context { - return context.WithValue(ctx, audiencesKey, auds) -} - -// AudiencesFrom returns a request's expected audiences stored in the request context. -func AudiencesFrom(ctx context.Context) (Audiences, bool) { - auds, ok := ctx.Value(audiencesKey).(Audiences) - return auds, ok -} - -// Has checks if Audiences contains a specific audiences. -func (a Audiences) Has(taud string) bool { - for _, aud := range a { - if aud == taud { - return true - } - } - return false -} - -// Intersect intersects Audiences with a target Audiences and returns all -// elements in both. -func (a Audiences) Intersect(tauds Audiences) Audiences { - selected := Audiences{} - for _, taud := range tauds { - if a.Has(taud) { - selected = append(selected, taud) - } - } - return selected -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go deleted file mode 100644 index 8ff979b807..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticator - -import ( - "context" - "net/http" - - "k8s.io/apiserver/pkg/authentication/user" -) - -// Token checks a string value against a backing authentication store and -// returns a Response or an error if the token could not be checked. -type Token interface { - AuthenticateToken(ctx context.Context, token string) (*Response, bool, error) -} - -// Request attempts to extract authentication information from a request and -// returns a Response or an error if the request could not be checked. -type Request interface { - AuthenticateRequest(req *http.Request) (*Response, bool, error) -} - -// TokenFunc is a function that implements the Token interface. -type TokenFunc func(ctx context.Context, token string) (*Response, bool, error) - -// AuthenticateToken implements authenticator.Token. -func (f TokenFunc) AuthenticateToken(ctx context.Context, token string) (*Response, bool, error) { - return f(ctx, token) -} - -// RequestFunc is a function that implements the Request interface. -type RequestFunc func(req *http.Request) (*Response, bool, error) - -// AuthenticateRequest implements authenticator.Request. -func (f RequestFunc) AuthenticateRequest(req *http.Request) (*Response, bool, error) { - return f(req) -} - -// Response is the struct returned by authenticator interfaces upon successful -// authentication. It contains information about whether the authenticator -// authenticated the request, information about the context of the -// authentication, and information about the authenticated user. -type Response struct { - // Audiences is the set of audiences the authenticator was able to validate - // the token against. If the authenticator is not audience aware, this field - // will be empty. - Audiences Audiences - // User is the UserInfo associated with the authentication context. - User user.Info -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go deleted file mode 100644 index 8e568c7e4d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticatorfactory - -import ( - "errors" - "time" - - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/group" - "k8s.io/apiserver/pkg/authentication/request/anonymous" - "k8s.io/apiserver/pkg/authentication/request/bearertoken" - "k8s.io/apiserver/pkg/authentication/request/headerrequest" - unionauth "k8s.io/apiserver/pkg/authentication/request/union" - "k8s.io/apiserver/pkg/authentication/request/websocket" - "k8s.io/apiserver/pkg/authentication/request/x509" - "k8s.io/apiserver/pkg/authentication/token/cache" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - webhooktoken "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook" - authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -// DelegatingAuthenticatorConfig is the minimal configuration needed to create an authenticator -// built to delegate authentication to a kube API server -type DelegatingAuthenticatorConfig struct { - Anonymous bool - - // TokenAccessReviewClient is a client to do token review. It can be nil. Then every token is ignored. - TokenAccessReviewClient authenticationclient.AuthenticationV1Interface - - // TokenAccessReviewTimeout specifies a time limit for requests made by the authorization webhook client. - TokenAccessReviewTimeout time.Duration - - // WebhookRetryBackoff specifies the backoff parameters for the authentication webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - WebhookRetryBackoff *wait.Backoff - - // CacheTTL is the length of time that a token authentication answer will be cached. - CacheTTL time.Duration - - // CAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. - // Generally this is the CA bundle file used to authenticate client certificates - // If this is nil, then mTLS will not be used. - ClientCertificateCAContentProvider dynamiccertificates.CAContentProvider - - APIAudiences authenticator.Audiences - - RequestHeaderConfig *RequestHeaderConfig -} - -func (c DelegatingAuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error) { - authenticators := []authenticator.Request{} - securityDefinitions := spec.SecurityDefinitions{} - - // front-proxy first, then remote - // Add the front proxy authenticator if requested - if c.RequestHeaderConfig != nil { - requestHeaderAuthenticator := headerrequest.NewDynamicVerifyOptionsSecure( - c.RequestHeaderConfig.CAContentProvider.VerifyOptions, - c.RequestHeaderConfig.AllowedClientNames, - c.RequestHeaderConfig.UsernameHeaders, - c.RequestHeaderConfig.GroupHeaders, - c.RequestHeaderConfig.ExtraHeaderPrefixes, - ) - authenticators = append(authenticators, requestHeaderAuthenticator) - } - - // x509 client cert auth - if c.ClientCertificateCAContentProvider != nil { - authenticators = append(authenticators, x509.NewDynamic(c.ClientCertificateCAContentProvider.VerifyOptions, x509.CommonNameUserConversion)) - } - - if c.TokenAccessReviewClient != nil { - if c.WebhookRetryBackoff == nil { - return nil, nil, errors.New("retry backoff parameters for delegating authentication webhook has not been specified") - } - tokenAuth, err := webhooktoken.NewFromInterface(c.TokenAccessReviewClient, c.APIAudiences, *c.WebhookRetryBackoff, c.TokenAccessReviewTimeout, webhooktoken.AuthenticatorMetrics{ - RecordRequestTotal: RecordRequestTotal, - RecordRequestLatency: RecordRequestLatency, - }) - if err != nil { - return nil, nil, err - } - cachingTokenAuth := cache.New(tokenAuth, false, c.CacheTTL, c.CacheTTL) - authenticators = append(authenticators, bearertoken.New(cachingTokenAuth), websocket.NewProtocolAuthenticator(cachingTokenAuth)) - - securityDefinitions["BearerToken"] = &spec.SecurityScheme{ - SecuritySchemeProps: spec.SecuritySchemeProps{ - Type: "apiKey", - Name: "authorization", - In: "header", - Description: "Bearer Token authentication", - }, - } - } - - if len(authenticators) == 0 { - if c.Anonymous { - return anonymous.NewAuthenticator(), &securityDefinitions, nil - } - return nil, nil, errors.New("No authentication method configured") - } - - authenticator := group.NewAuthenticatedGroupAdder(unionauth.New(authenticators...)) - if c.Anonymous { - authenticator = unionauth.NewFailOnError(authenticator, anonymous.NewAuthenticator()) - } - return authenticator, &securityDefinitions, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/loopback.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/loopback.go deleted file mode 100644 index fe51afcbc2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/loopback.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticatorfactory - -import ( - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/request/bearertoken" - "k8s.io/apiserver/pkg/authentication/token/tokenfile" - "k8s.io/apiserver/pkg/authentication/user" -) - -// NewFromTokens returns an authenticator.Request or an error -func NewFromTokens(tokens map[string]*user.DefaultInfo, audiences authenticator.Audiences) authenticator.Request { - return bearertoken.New(authenticator.WrapAudienceAgnosticToken(audiences, tokenfile.New(tokens))) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/metrics.go deleted file mode 100644 index 23e650ef58..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/metrics.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticatorfactory - -import ( - "context" - - compbasemetrics "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -type registerables []compbasemetrics.Registerable - -// init registers all metrics. -func init() { - for _, metric := range metrics { - legacyregistry.MustRegister(metric) - } -} - -var ( - requestTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Name: "apiserver_delegated_authn_request_total", - Help: "Number of HTTP requests partitioned by status code.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"code"}, - ) - - requestLatency = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Name: "apiserver_delegated_authn_request_duration_seconds", - Help: "Request latency in seconds. Broken down by status code.", - Buckets: []float64{0.25, 0.5, 0.7, 1, 1.5, 3, 5, 10}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"code"}, - ) - - metrics = registerables{ - requestTotal, - requestLatency, - } -) - -// RecordRequestTotal increments the total number of requests for the delegated authentication. -func RecordRequestTotal(ctx context.Context, code string) { - requestTotal.WithContext(ctx).WithLabelValues(code).Inc() -} - -// RecordRequestLatency measures request latency in seconds for the delegated authentication. Broken down by status code. -func RecordRequestLatency(ctx context.Context, code string, latency float64) { - requestLatency.WithContext(ctx).WithLabelValues(code).Observe(latency) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/requestheader.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/requestheader.go deleted file mode 100644 index 766bde5172..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/requestheader.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticatorfactory - -import ( - "k8s.io/apiserver/pkg/authentication/request/headerrequest" - "k8s.io/apiserver/pkg/server/dynamiccertificates" -) - -type RequestHeaderConfig struct { - // UsernameHeaders are the headers to check (in order, case-insensitively) for an identity. The first header with a value wins. - UsernameHeaders headerrequest.StringSliceProvider - // GroupHeaders are the headers to check (case-insensitively) for a group names. All values will be used. - GroupHeaders headerrequest.StringSliceProvider - // ExtraHeaderPrefixes are the head prefixes to check (case-insentively) for filling in - // the user.Info.Extra. All values of all matching headers will be added. - ExtraHeaderPrefixes headerrequest.StringSliceProvider - // CAContentProvider the options for verifying incoming connections using mTLS. Generally this points to CA bundle file which is used verify the identity of the front proxy. - // It may produce different options at will. - CAContentProvider dynamiccertificates.CAContentProvider - // AllowedClientNames is a list of common names that may be presented by the authenticating front proxy. Empty means: accept any. - AllowedClientNames headerrequest.StringSliceProvider -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go deleted file mode 100644 index 2f2cc6ec5a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package group - -import ( - "net/http" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" -) - -// AuthenticatedGroupAdder adds system:authenticated group when appropriate -type AuthenticatedGroupAdder struct { - // Authenticator is delegated to make the authentication decision - Authenticator authenticator.Request -} - -// NewAuthenticatedGroupAdder wraps a request authenticator, and adds the system:authenticated group when appropriate. -// Authentication must succeed, the user must not be system:anonymous, the groups system:authenticated or system:unauthenticated must -// not be present -func NewAuthenticatedGroupAdder(auth authenticator.Request) authenticator.Request { - return &AuthenticatedGroupAdder{auth} -} - -func (g *AuthenticatedGroupAdder) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - r, ok, err := g.Authenticator.AuthenticateRequest(req) - if err != nil || !ok { - return nil, ok, err - } - - if r.User.GetName() == user.Anonymous { - return r, true, nil - } - for _, group := range r.User.GetGroups() { - if group == user.AllAuthenticated || group == user.AllUnauthenticated { - return r, true, nil - } - } - - newGroups := make([]string, 0, len(r.User.GetGroups())+1) - newGroups = append(newGroups, r.User.GetGroups()...) - newGroups = append(newGroups, user.AllAuthenticated) - - ret := *r // shallow copy - ret.User = &user.DefaultInfo{ - Name: r.User.GetName(), - UID: r.User.GetUID(), - Groups: newGroups, - Extra: r.User.GetExtra(), - } - return &ret, true, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go deleted file mode 100644 index 1234c595aa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package group - -import ( - "net/http" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" -) - -// GroupAdder adds groups to an authenticated user.Info -type GroupAdder struct { - // Authenticator is delegated to make the authentication decision - Authenticator authenticator.Request - // Groups are additional groups to add to the user.Info from a successful authentication - Groups []string -} - -// NewGroupAdder wraps a request authenticator, and adds the specified groups to the returned user when authentication succeeds -func NewGroupAdder(auth authenticator.Request, groups []string) authenticator.Request { - return &GroupAdder{auth, groups} -} - -func (g *GroupAdder) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - r, ok, err := g.Authenticator.AuthenticateRequest(req) - if err != nil || !ok { - return nil, ok, err - } - - newGroups := make([]string, 0, len(r.User.GetGroups())+len(g.Groups)) - newGroups = append(newGroups, r.User.GetGroups()...) - newGroups = append(newGroups, g.Groups...) - - ret := *r // shallow copy - ret.User = &user.DefaultInfo{ - Name: r.User.GetName(), - UID: r.User.GetUID(), - Groups: newGroups, - Extra: r.User.GetExtra(), - } - return &ret, true, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go deleted file mode 100644 index 51e27a67d9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package group - -import ( - "context" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" -) - -// TokenGroupAdder adds groups to an authenticated user.Info -type TokenGroupAdder struct { - // Authenticator is delegated to make the authentication decision - Authenticator authenticator.Token - // Groups are additional groups to add to the user.Info from a successful authentication - Groups []string -} - -// NewTokenGroupAdder wraps a token authenticator, and adds the specified groups to the returned user when authentication succeeds -func NewTokenGroupAdder(auth authenticator.Token, groups []string) authenticator.Token { - return &TokenGroupAdder{auth, groups} -} - -func (g *TokenGroupAdder) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { - r, ok, err := g.Authenticator.AuthenticateToken(ctx, token) - if err != nil || !ok { - return nil, ok, err - } - - newGroups := make([]string, 0, len(r.User.GetGroups())+len(g.Groups)) - newGroups = append(newGroups, r.User.GetGroups()...) - newGroups = append(newGroups, g.Groups...) - - ret := *r // shallow copy - ret.User = &user.DefaultInfo{ - Name: r.User.GetName(), - UID: r.User.GetUID(), - Groups: newGroups, - Extra: r.User.GetExtra(), - } - return &ret, true, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/anonymous/anonymous.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/anonymous/anonymous.go deleted file mode 100644 index f9177d1513..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/anonymous/anonymous.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package anonymous - -import ( - "net/http" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" -) - -const ( - anonymousUser = user.Anonymous - - unauthenticatedGroup = user.AllUnauthenticated -) - -func NewAuthenticator() authenticator.Request { - return authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) { - auds, _ := authenticator.AudiencesFrom(req.Context()) - return &authenticator.Response{ - User: &user.DefaultInfo{ - Name: anonymousUser, - Groups: []string{unauthenticatedGroup}, - }, - Audiences: auds, - }, true, nil - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/bearertoken/bearertoken.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/bearertoken/bearertoken.go deleted file mode 100644 index 68c6ad918a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/bearertoken/bearertoken.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bearertoken - -import ( - "errors" - "net/http" - "strings" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/warning" -) - -const ( - invalidTokenWithSpaceWarning = "the provided Authorization header contains extra space before the bearer token, and is ignored" -) - -type Authenticator struct { - auth authenticator.Token -} - -func New(auth authenticator.Token) *Authenticator { - return &Authenticator{auth} -} - -var invalidToken = errors.New("invalid bearer token") - -func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - auth := strings.TrimSpace(req.Header.Get("Authorization")) - if auth == "" { - return nil, false, nil - } - parts := strings.SplitN(auth, " ", 3) - if len(parts) < 2 || strings.ToLower(parts[0]) != "bearer" { - return nil, false, nil - } - - token := parts[1] - - // Empty bearer tokens aren't valid - if len(token) == 0 { - // The space before the token case - if len(parts) == 3 { - warning.AddWarning(req.Context(), "", invalidTokenWithSpaceWarning) - } - return nil, false, nil - } - - resp, ok, err := a.auth.AuthenticateToken(req.Context(), token) - // if we authenticated successfully, go ahead and remove the bearer token so that no one - // is ever tempted to use it inside of the API server - if ok { - req.Header.Del("Authorization") - } - - // If the token authenticator didn't error, provide a default error - if !ok && err == nil { - err = invalidToken - } - - return resp, ok, err -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go deleted file mode 100644 index abf509a97d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go +++ /dev/null @@ -1,239 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package headerrequest - -import ( - "crypto/x509" - "fmt" - "io/ioutil" - "net/http" - "net/url" - "strings" - - "k8s.io/apiserver/pkg/authentication/authenticator" - x509request "k8s.io/apiserver/pkg/authentication/request/x509" - "k8s.io/apiserver/pkg/authentication/user" - utilcert "k8s.io/client-go/util/cert" -) - -// StringSliceProvider is a way to get a string slice value. It is heavily used for authentication headers among other places. -type StringSliceProvider interface { - // Value returns the current string slice. Callers should never mutate the returned value. - Value() []string -} - -// StringSliceProviderFunc is a function that matches the StringSliceProvider interface -type StringSliceProviderFunc func() []string - -// Value returns the current string slice. Callers should never mutate the returned value. -func (d StringSliceProviderFunc) Value() []string { - return d() -} - -// StaticStringSlice a StringSliceProvider that returns a fixed value -type StaticStringSlice []string - -// Value returns the current string slice. Callers should never mutate the returned value. -func (s StaticStringSlice) Value() []string { - return s -} - -type requestHeaderAuthRequestHandler struct { - // nameHeaders are the headers to check (in order, case-insensitively) for an identity. The first header with a value wins. - nameHeaders StringSliceProvider - - // groupHeaders are the headers to check (case-insensitively) for group membership. All values of all headers will be added. - groupHeaders StringSliceProvider - - // extraHeaderPrefixes are the head prefixes to check (case-insensitively) for filling in - // the user.Info.Extra. All values of all matching headers will be added. - extraHeaderPrefixes StringSliceProvider -} - -func New(nameHeaders, groupHeaders, extraHeaderPrefixes []string) (authenticator.Request, error) { - trimmedNameHeaders, err := trimHeaders(nameHeaders...) - if err != nil { - return nil, err - } - trimmedGroupHeaders, err := trimHeaders(groupHeaders...) - if err != nil { - return nil, err - } - trimmedExtraHeaderPrefixes, err := trimHeaders(extraHeaderPrefixes...) - if err != nil { - return nil, err - } - - return NewDynamic( - StaticStringSlice(trimmedNameHeaders), - StaticStringSlice(trimmedGroupHeaders), - StaticStringSlice(trimmedExtraHeaderPrefixes), - ), nil -} - -func NewDynamic(nameHeaders, groupHeaders, extraHeaderPrefixes StringSliceProvider) authenticator.Request { - return &requestHeaderAuthRequestHandler{ - nameHeaders: nameHeaders, - groupHeaders: groupHeaders, - extraHeaderPrefixes: extraHeaderPrefixes, - } -} - -func trimHeaders(headerNames ...string) ([]string, error) { - ret := []string{} - for _, headerName := range headerNames { - trimmedHeader := strings.TrimSpace(headerName) - if len(trimmedHeader) == 0 { - return nil, fmt.Errorf("empty header %q", headerName) - } - ret = append(ret, trimmedHeader) - } - - return ret, nil -} - -func NewSecure(clientCA string, proxyClientNames []string, nameHeaders []string, groupHeaders []string, extraHeaderPrefixes []string) (authenticator.Request, error) { - if len(clientCA) == 0 { - return nil, fmt.Errorf("missing clientCA file") - } - - // Wrap with an x509 verifier - caData, err := ioutil.ReadFile(clientCA) - if err != nil { - return nil, fmt.Errorf("error reading %s: %v", clientCA, err) - } - opts := x509request.DefaultVerifyOptions() - opts.Roots = x509.NewCertPool() - certs, err := utilcert.ParseCertsPEM(caData) - if err != nil { - return nil, fmt.Errorf("error loading certs from %s: %v", clientCA, err) - } - for _, cert := range certs { - opts.Roots.AddCert(cert) - } - - trimmedNameHeaders, err := trimHeaders(nameHeaders...) - if err != nil { - return nil, err - } - trimmedGroupHeaders, err := trimHeaders(groupHeaders...) - if err != nil { - return nil, err - } - trimmedExtraHeaderPrefixes, err := trimHeaders(extraHeaderPrefixes...) - if err != nil { - return nil, err - } - - return NewDynamicVerifyOptionsSecure( - x509request.StaticVerifierFn(opts), - StaticStringSlice(proxyClientNames), - StaticStringSlice(trimmedNameHeaders), - StaticStringSlice(trimmedGroupHeaders), - StaticStringSlice(trimmedExtraHeaderPrefixes), - ), nil -} - -func NewDynamicVerifyOptionsSecure(verifyOptionFn x509request.VerifyOptionFunc, proxyClientNames, nameHeaders, groupHeaders, extraHeaderPrefixes StringSliceProvider) authenticator.Request { - headerAuthenticator := NewDynamic(nameHeaders, groupHeaders, extraHeaderPrefixes) - - return x509request.NewDynamicCAVerifier(verifyOptionFn, headerAuthenticator, proxyClientNames) -} - -func (a *requestHeaderAuthRequestHandler) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - name := headerValue(req.Header, a.nameHeaders.Value()) - if len(name) == 0 { - return nil, false, nil - } - groups := allHeaderValues(req.Header, a.groupHeaders.Value()) - extra := newExtra(req.Header, a.extraHeaderPrefixes.Value()) - - // clear headers used for authentication - for _, headerName := range a.nameHeaders.Value() { - req.Header.Del(headerName) - } - for _, headerName := range a.groupHeaders.Value() { - req.Header.Del(headerName) - } - for k := range extra { - for _, prefix := range a.extraHeaderPrefixes.Value() { - req.Header.Del(prefix + k) - } - } - - return &authenticator.Response{ - User: &user.DefaultInfo{ - Name: name, - Groups: groups, - Extra: extra, - }, - }, true, nil -} - -func headerValue(h http.Header, headerNames []string) string { - for _, headerName := range headerNames { - headerValue := h.Get(headerName) - if len(headerValue) > 0 { - return headerValue - } - } - return "" -} - -func allHeaderValues(h http.Header, headerNames []string) []string { - ret := []string{} - for _, headerName := range headerNames { - headerKey := http.CanonicalHeaderKey(headerName) - values, ok := h[headerKey] - if !ok { - continue - } - - for _, headerValue := range values { - if len(headerValue) > 0 { - ret = append(ret, headerValue) - } - } - } - return ret -} - -func unescapeExtraKey(encodedKey string) string { - key, err := url.PathUnescape(encodedKey) // Decode %-encoded bytes. - if err != nil { - return encodedKey // Always record extra strings, even if malformed/unencoded. - } - return key -} - -func newExtra(h http.Header, headerPrefixes []string) map[string][]string { - ret := map[string][]string{} - - // we have to iterate over prefixes first in order to have proper ordering inside the value slices - for _, prefix := range headerPrefixes { - for headerName, vv := range h { - if !strings.HasPrefix(strings.ToLower(headerName), strings.ToLower(prefix)) { - continue - } - - extraKey := unescapeExtraKey(strings.ToLower(headerName[len(prefix):])) - ret[extraKey] = append(ret[extraKey], vv...) - } - } - - return ret -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader_controller.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader_controller.go deleted file mode 100644 index d8c4090b12..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader_controller.go +++ /dev/null @@ -1,337 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package headerrequest - -import ( - "context" - "encoding/json" - "fmt" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - coreinformers "k8s.io/client-go/informers/core/v1" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" - "sync/atomic" -) - -const ( - authenticationRoleName = "extension-apiserver-authentication-reader" -) - -// RequestHeaderAuthRequestProvider a provider that knows how to dynamically fill parts of RequestHeaderConfig struct -type RequestHeaderAuthRequestProvider interface { - UsernameHeaders() []string - GroupHeaders() []string - ExtraHeaderPrefixes() []string - AllowedClientNames() []string -} - -var _ RequestHeaderAuthRequestProvider = &RequestHeaderAuthRequestController{} - -type requestHeaderBundle struct { - UsernameHeaders []string - GroupHeaders []string - ExtraHeaderPrefixes []string - AllowedClientNames []string -} - -// RequestHeaderAuthRequestController a controller that exposes a set of methods for dynamically filling parts of RequestHeaderConfig struct. -// The methods are sourced from the config map which is being monitored by this controller. -// The controller is primed from the server at the construction time for components that don't want to dynamically react to changes -// in the config map. -type RequestHeaderAuthRequestController struct { - name string - - configmapName string - configmapNamespace string - - client kubernetes.Interface - configmapLister corev1listers.ConfigMapNamespaceLister - configmapInformer cache.SharedIndexInformer - configmapInformerSynced cache.InformerSynced - - queue workqueue.RateLimitingInterface - - // exportedRequestHeaderBundle is a requestHeaderBundle that contains the last read, non-zero length content of the configmap - exportedRequestHeaderBundle atomic.Value - - usernameHeadersKey string - groupHeadersKey string - extraHeaderPrefixesKey string - allowedClientNamesKey string -} - -// NewRequestHeaderAuthRequestController creates a new controller that implements RequestHeaderAuthRequestController -func NewRequestHeaderAuthRequestController( - cmName string, - cmNamespace string, - client kubernetes.Interface, - usernameHeadersKey, groupHeadersKey, extraHeaderPrefixesKey, allowedClientNamesKey string) *RequestHeaderAuthRequestController { - c := &RequestHeaderAuthRequestController{ - name: "RequestHeaderAuthRequestController", - - client: client, - - configmapName: cmName, - configmapNamespace: cmNamespace, - - usernameHeadersKey: usernameHeadersKey, - groupHeadersKey: groupHeadersKey, - extraHeaderPrefixesKey: extraHeaderPrefixesKey, - allowedClientNamesKey: allowedClientNamesKey, - - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "RequestHeaderAuthRequestController"), - } - - // we construct our own informer because we need such a small subset of the information available. Just one namespace. - c.configmapInformer = coreinformers.NewFilteredConfigMapInformer(client, c.configmapNamespace, 12*time.Hour, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, func(listOptions *metav1.ListOptions) { - listOptions.FieldSelector = fields.OneTermEqualSelector("metadata.name", c.configmapName).String() - }) - - c.configmapInformer.AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: func(obj interface{}) bool { - if cast, ok := obj.(*corev1.ConfigMap); ok { - return cast.Name == c.configmapName && cast.Namespace == c.configmapNamespace - } - if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok { - if cast, ok := tombstone.Obj.(*corev1.ConfigMap); ok { - return cast.Name == c.configmapName && cast.Namespace == c.configmapNamespace - } - } - return true // always return true just in case. The checks are fairly cheap - }, - Handler: cache.ResourceEventHandlerFuncs{ - // we have a filter, so any time we're called, we may as well queue. We only ever check one configmap - // so we don't have to be choosy about our key. - AddFunc: func(obj interface{}) { - c.queue.Add(c.keyFn()) - }, - UpdateFunc: func(oldObj, newObj interface{}) { - c.queue.Add(c.keyFn()) - }, - DeleteFunc: func(obj interface{}) { - c.queue.Add(c.keyFn()) - }, - }, - }) - - c.configmapLister = corev1listers.NewConfigMapLister(c.configmapInformer.GetIndexer()).ConfigMaps(c.configmapNamespace) - c.configmapInformerSynced = c.configmapInformer.HasSynced - - return c -} - -func (c *RequestHeaderAuthRequestController) UsernameHeaders() []string { - return c.loadRequestHeaderFor(c.usernameHeadersKey) -} - -func (c *RequestHeaderAuthRequestController) GroupHeaders() []string { - return c.loadRequestHeaderFor(c.groupHeadersKey) -} - -func (c *RequestHeaderAuthRequestController) ExtraHeaderPrefixes() []string { - return c.loadRequestHeaderFor(c.extraHeaderPrefixesKey) -} - -func (c *RequestHeaderAuthRequestController) AllowedClientNames() []string { - return c.loadRequestHeaderFor(c.allowedClientNamesKey) -} - -// Run starts RequestHeaderAuthRequestController controller and blocks until stopCh is closed. -func (c *RequestHeaderAuthRequestController) Run(ctx context.Context, workers int) { - defer utilruntime.HandleCrash() - defer c.queue.ShutDown() - - klog.Infof("Starting %s", c.name) - defer klog.Infof("Shutting down %s", c.name) - - go c.configmapInformer.Run(ctx.Done()) - - // wait for caches to fill before starting your work - if !cache.WaitForNamedCacheSync(c.name, ctx.Done(), c.configmapInformerSynced) { - return - } - - // doesn't matter what workers say, only start one. - go wait.Until(c.runWorker, time.Second, ctx.Done()) - - <-ctx.Done() -} - -// // RunOnce runs a single sync loop -func (c *RequestHeaderAuthRequestController) RunOnce(ctx context.Context) error { - configMap, err := c.client.CoreV1().ConfigMaps(c.configmapNamespace).Get(ctx, c.configmapName, metav1.GetOptions{}) - switch { - case errors.IsNotFound(err): - // ignore, authConfigMap is nil now - return nil - case errors.IsForbidden(err): - klog.Warningf("Unable to get configmap/%s in %s. Usually fixed by "+ - "'kubectl create rolebinding -n %s ROLEBINDING_NAME --role=%s --serviceaccount=YOUR_NS:YOUR_SA'", - c.configmapName, c.configmapNamespace, c.configmapNamespace, authenticationRoleName) - return err - case err != nil: - return err - } - return c.syncConfigMap(configMap) -} - -func (c *RequestHeaderAuthRequestController) runWorker() { - for c.processNextWorkItem() { - } -} - -func (c *RequestHeaderAuthRequestController) processNextWorkItem() bool { - dsKey, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(dsKey) - - err := c.sync() - if err == nil { - c.queue.Forget(dsKey) - return true - } - - utilruntime.HandleError(fmt.Errorf("%v failed with : %v", dsKey, err)) - c.queue.AddRateLimited(dsKey) - - return true -} - -// sync reads the config and propagates the changes to exportedRequestHeaderBundle -// which is exposed by the set of methods that are used to fill RequestHeaderConfig struct -func (c *RequestHeaderAuthRequestController) sync() error { - configMap, err := c.configmapLister.Get(c.configmapName) - if err != nil { - return err - } - return c.syncConfigMap(configMap) -} - -func (c *RequestHeaderAuthRequestController) syncConfigMap(configMap *corev1.ConfigMap) error { - hasChanged, newRequestHeaderBundle, err := c.hasRequestHeaderBundleChanged(configMap) - if err != nil { - return err - } - if hasChanged { - c.exportedRequestHeaderBundle.Store(newRequestHeaderBundle) - klog.V(2).Infof("Loaded a new request header values for %v", c.name) - } - return nil -} - -func (c *RequestHeaderAuthRequestController) hasRequestHeaderBundleChanged(cm *corev1.ConfigMap) (bool, *requestHeaderBundle, error) { - currentHeadersBundle, err := c.getRequestHeaderBundleFromConfigMap(cm) - if err != nil { - return false, nil, err - } - - rawHeaderBundle := c.exportedRequestHeaderBundle.Load() - if rawHeaderBundle == nil { - return true, currentHeadersBundle, nil - } - - // check to see if we have a change. If the values are the same, do nothing. - loadedHeadersBundle, ok := rawHeaderBundle.(*requestHeaderBundle) - if !ok { - return true, currentHeadersBundle, nil - } - - if !equality.Semantic.DeepEqual(loadedHeadersBundle, currentHeadersBundle) { - return true, currentHeadersBundle, nil - } - return false, nil, nil -} - -func (c *RequestHeaderAuthRequestController) getRequestHeaderBundleFromConfigMap(cm *corev1.ConfigMap) (*requestHeaderBundle, error) { - usernameHeaderCurrentValue, err := deserializeStrings(cm.Data[c.usernameHeadersKey]) - if err != nil { - return nil, err - } - - groupHeadersCurrentValue, err := deserializeStrings(cm.Data[c.groupHeadersKey]) - if err != nil { - return nil, err - } - - extraHeaderPrefixesCurrentValue, err := deserializeStrings(cm.Data[c.extraHeaderPrefixesKey]) - if err != nil { - return nil, err - - } - - allowedClientNamesCurrentValue, err := deserializeStrings(cm.Data[c.allowedClientNamesKey]) - if err != nil { - return nil, err - } - - return &requestHeaderBundle{ - UsernameHeaders: usernameHeaderCurrentValue, - GroupHeaders: groupHeadersCurrentValue, - ExtraHeaderPrefixes: extraHeaderPrefixesCurrentValue, - AllowedClientNames: allowedClientNamesCurrentValue, - }, nil -} - -func (c *RequestHeaderAuthRequestController) loadRequestHeaderFor(key string) []string { - rawHeaderBundle := c.exportedRequestHeaderBundle.Load() - if rawHeaderBundle == nil { - return nil // this can happen if we've been unable load data from the apiserver for some reason - } - headerBundle := rawHeaderBundle.(*requestHeaderBundle) - - switch key { - case c.usernameHeadersKey: - return headerBundle.UsernameHeaders - case c.groupHeadersKey: - return headerBundle.GroupHeaders - case c.extraHeaderPrefixesKey: - return headerBundle.ExtraHeaderPrefixes - case c.allowedClientNamesKey: - return headerBundle.AllowedClientNames - default: - return nil - } -} - -func (c *RequestHeaderAuthRequestController) keyFn() string { - // this format matches DeletionHandlingMetaNamespaceKeyFunc for our single key - return c.configmapNamespace + "/" + c.configmapName -} - -func deserializeStrings(in string) ([]string, error) { - if len(in) == 0 { - return nil, nil - } - var ret []string - if err := json.Unmarshal([]byte(in), &ret); err != nil { - return nil, err - } - return ret, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/union/union.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/union/union.go deleted file mode 100644 index 512063beea..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/union/union.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package union - -import ( - "net/http" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/authentication/authenticator" -) - -// unionAuthRequestHandler authenticates requests using a chain of authenticator.Requests -type unionAuthRequestHandler struct { - // Handlers is a chain of request authenticators to delegate to - Handlers []authenticator.Request - // FailOnError determines whether an error returns short-circuits the chain - FailOnError bool -} - -// New returns a request authenticator that validates credentials using a chain of authenticator.Request objects. -// The entire chain is tried until one succeeds. If all fail, an aggregate error is returned. -func New(authRequestHandlers ...authenticator.Request) authenticator.Request { - if len(authRequestHandlers) == 1 { - return authRequestHandlers[0] - } - return &unionAuthRequestHandler{Handlers: authRequestHandlers, FailOnError: false} -} - -// NewFailOnError returns a request authenticator that validates credentials using a chain of authenticator.Request objects. -// The first error short-circuits the chain. -func NewFailOnError(authRequestHandlers ...authenticator.Request) authenticator.Request { - if len(authRequestHandlers) == 1 { - return authRequestHandlers[0] - } - return &unionAuthRequestHandler{Handlers: authRequestHandlers, FailOnError: true} -} - -// AuthenticateRequest authenticates the request using a chain of authenticator.Request objects. -func (authHandler *unionAuthRequestHandler) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - var errlist []error - for _, currAuthRequestHandler := range authHandler.Handlers { - resp, ok, err := currAuthRequestHandler.AuthenticateRequest(req) - if err != nil { - if authHandler.FailOnError { - return resp, ok, err - } - errlist = append(errlist, err) - continue - } - - if ok { - return resp, ok, err - } - } - - return nil, false, utilerrors.NewAggregate(errlist) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/websocket/protocol.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/websocket/protocol.go deleted file mode 100644 index 11afa84cbd..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/websocket/protocol.go +++ /dev/null @@ -1,108 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package websocket - -import ( - "encoding/base64" - "errors" - "net/http" - "net/textproto" - "strings" - "unicode/utf8" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/util/wsstream" -) - -const bearerProtocolPrefix = "base64url.bearer.authorization.k8s.io." - -var protocolHeader = textproto.CanonicalMIMEHeaderKey("Sec-WebSocket-Protocol") - -var errInvalidToken = errors.New("invalid bearer token") - -// ProtocolAuthenticator allows a websocket connection to provide a bearer token as a subprotocol -// in the format "base64url.bearer.authorization.<base64url-without-padding(bearer-token)>" -type ProtocolAuthenticator struct { - // auth is the token authenticator to use to validate the token - auth authenticator.Token -} - -func NewProtocolAuthenticator(auth authenticator.Token) *ProtocolAuthenticator { - return &ProtocolAuthenticator{auth} -} - -func (a *ProtocolAuthenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - // Only accept websocket connections - if !wsstream.IsWebSocketRequest(req) { - return nil, false, nil - } - - token := "" - sawTokenProtocol := false - filteredProtocols := []string{} - for _, protocolHeader := range req.Header[protocolHeader] { - for _, protocol := range strings.Split(protocolHeader, ",") { - protocol = strings.TrimSpace(protocol) - - if !strings.HasPrefix(protocol, bearerProtocolPrefix) { - filteredProtocols = append(filteredProtocols, protocol) - continue - } - - if sawTokenProtocol { - return nil, false, errors.New("multiple base64.bearer.authorization tokens specified") - } - sawTokenProtocol = true - - encodedToken := strings.TrimPrefix(protocol, bearerProtocolPrefix) - decodedToken, err := base64.RawURLEncoding.DecodeString(encodedToken) - if err != nil { - return nil, false, errors.New("invalid base64.bearer.authorization token encoding") - } - if !utf8.Valid(decodedToken) { - return nil, false, errors.New("invalid base64.bearer.authorization token") - } - token = string(decodedToken) - } - } - - // Must pass at least one other subprotocol so that we can remove the one containing the bearer token, - // and there is at least one to echo back to the client - if len(token) > 0 && len(filteredProtocols) == 0 { - return nil, false, errors.New("missing additional subprotocol") - } - - if len(token) == 0 { - return nil, false, nil - } - - resp, ok, err := a.auth.AuthenticateToken(req.Context(), token) - - // on success, remove the protocol with the token - if ok { - // https://tools.ietf.org/html/rfc6455#section-11.3.4 indicates the Sec-WebSocket-Protocol header may appear multiple times - // in a request, and is logically the same as a single Sec-WebSocket-Protocol header field that contains all values - req.Header.Set(protocolHeader, strings.Join(filteredProtocols, ",")) - } - - // If the token authenticator didn't error, provide a default error - if !ok && err == nil { - err = errInvalidToken - } - - return resp, ok, err -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/OWNERS deleted file mode 100644 index 3c3b94c58c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-certificates-approvers -reviewers: - - sig-auth-certificates-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/doc.go deleted file mode 100644 index 8f3d36b66d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package x509 provides a request authenticator that validates and -// extracts user information from client certificates -package x509 // import "k8s.io/apiserver/pkg/authentication/request/x509" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/verify_options.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/verify_options.go deleted file mode 100644 index 462eb4cc95..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/verify_options.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package x509 - -import ( - "crypto/x509" - "fmt" - - "k8s.io/client-go/util/cert" -) - -// StaticVerifierFn is a VerifyOptionFunc that always returns the same value. This allows verify options that cannot change. -func StaticVerifierFn(opts x509.VerifyOptions) VerifyOptionFunc { - return func() (x509.VerifyOptions, bool) { - return opts, true - } -} - -// NewStaticVerifierFromFile creates a new verification func from a file. It reads the content and then fails. -// It will return a nil function if you pass an empty CA file. -func NewStaticVerifierFromFile(clientCA string) (VerifyOptionFunc, error) { - if len(clientCA) == 0 { - return nil, nil - } - - // Wrap with an x509 verifier - var err error - opts := DefaultVerifyOptions() - opts.Roots, err = cert.NewPool(clientCA) - if err != nil { - return nil, fmt.Errorf("error loading certs from %s: %v", clientCA, err) - } - - return StaticVerifierFn(opts), nil -} - -// StringSliceProvider is a way to get a string slice value. It is heavily used for authentication headers among other places. -type StringSliceProvider interface { - // Value returns the current string slice. Callers should never mutate the returned value. - Value() []string -} - -// StringSliceProviderFunc is a function that matches the StringSliceProvider interface -type StringSliceProviderFunc func() []string - -// Value returns the current string slice. Callers should never mutate the returned value. -func (d StringSliceProviderFunc) Value() []string { - return d() -} - -// StaticStringSlice a StringSliceProvider that returns a fixed value -type StaticStringSlice []string - -// Value returns the current string slice. Callers should never mutate the returned value. -func (s StaticStringSlice) Value() []string { - return s -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/x509.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/x509.go deleted file mode 100644 index 63010aadc2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/request/x509/x509.go +++ /dev/null @@ -1,258 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package x509 - -import ( - "crypto/x509" - "crypto/x509/pkix" - "encoding/hex" - "fmt" - "net/http" - "strings" - "time" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -/* - * By default, the following metric is defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -var clientCertificateExpirationHistogram = metrics.NewHistogram( - &metrics.HistogramOpts{ - Namespace: "apiserver", - Subsystem: "client", - Name: "certificate_expiration_seconds", - Help: "Distribution of the remaining lifetime on the certificate used to authenticate a request.", - Buckets: []float64{ - 0, - 1800, // 30 minutes - 3600, // 1 hour - 7200, // 2 hours - 21600, // 6 hours - 43200, // 12 hours - 86400, // 1 day - 172800, // 2 days - 345600, // 4 days - 604800, // 1 week - 2592000, // 1 month - 7776000, // 3 months - 15552000, // 6 months - 31104000, // 1 year - }, - StabilityLevel: metrics.ALPHA, - }, -) - -func init() { - legacyregistry.MustRegister(clientCertificateExpirationHistogram) -} - -// UserConversion defines an interface for extracting user info from a client certificate chain -type UserConversion interface { - User(chain []*x509.Certificate) (*authenticator.Response, bool, error) -} - -// UserConversionFunc is a function that implements the UserConversion interface. -type UserConversionFunc func(chain []*x509.Certificate) (*authenticator.Response, bool, error) - -// User implements x509.UserConversion -func (f UserConversionFunc) User(chain []*x509.Certificate) (*authenticator.Response, bool, error) { - return f(chain) -} - -func columnSeparatedHex(d []byte) string { - h := strings.ToUpper(hex.EncodeToString(d)) - var sb strings.Builder - for i, r := range h { - sb.WriteRune(r) - if i%2 == 1 && i != len(h)-1 { - sb.WriteRune(':') - } - } - return sb.String() -} - -func certificateIdentifier(c *x509.Certificate) string { - return fmt.Sprintf( - "SN=%d, SKID=%s, AKID=%s", - c.SerialNumber, - columnSeparatedHex(c.SubjectKeyId), - columnSeparatedHex(c.AuthorityKeyId), - ) -} - -// VerifyOptionFunc is function which provides a shallow copy of the VerifyOptions to the authenticator. This allows -// for cases where the options (particularly the CAs) can change. If the bool is false, then the returned VerifyOptions -// are ignored and the authenticator will express "no opinion". This allows a clear signal for cases where a CertPool -// is eventually expected, but not currently present. -type VerifyOptionFunc func() (x509.VerifyOptions, bool) - -// Authenticator implements request.Authenticator by extracting user info from verified client certificates -type Authenticator struct { - verifyOptionsFn VerifyOptionFunc - user UserConversion -} - -// New returns a request.Authenticator that verifies client certificates using the provided -// VerifyOptions, and converts valid certificate chains into user.Info using the provided UserConversion -func New(opts x509.VerifyOptions, user UserConversion) *Authenticator { - return NewDynamic(StaticVerifierFn(opts), user) -} - -// NewDynamic returns a request.Authenticator that verifies client certificates using the provided -// VerifyOptionFunc (which may be dynamic), and converts valid certificate chains into user.Info using the provided UserConversion -func NewDynamic(verifyOptionsFn VerifyOptionFunc, user UserConversion) *Authenticator { - return &Authenticator{verifyOptionsFn, user} -} - -// AuthenticateRequest authenticates the request using presented client certificates -func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - if req.TLS == nil || len(req.TLS.PeerCertificates) == 0 { - return nil, false, nil - } - - // Use intermediates, if provided - optsCopy, ok := a.verifyOptionsFn() - // if there are intentionally no verify options, then we cannot authenticate this request - if !ok { - return nil, false, nil - } - if optsCopy.Intermediates == nil && len(req.TLS.PeerCertificates) > 1 { - optsCopy.Intermediates = x509.NewCertPool() - for _, intermediate := range req.TLS.PeerCertificates[1:] { - optsCopy.Intermediates.AddCert(intermediate) - } - } - - remaining := req.TLS.PeerCertificates[0].NotAfter.Sub(time.Now()) - clientCertificateExpirationHistogram.WithContext(req.Context()).Observe(remaining.Seconds()) - chains, err := req.TLS.PeerCertificates[0].Verify(optsCopy) - if err != nil { - return nil, false, fmt.Errorf( - "verifying certificate %s failed: %w", - certificateIdentifier(req.TLS.PeerCertificates[0]), - err, - ) - } - - var errlist []error - for _, chain := range chains { - user, ok, err := a.user.User(chain) - if err != nil { - errlist = append(errlist, err) - continue - } - - if ok { - return user, ok, err - } - } - return nil, false, utilerrors.NewAggregate(errlist) -} - -// Verifier implements request.Authenticator by verifying a client cert on the request, then delegating to the wrapped auth -type Verifier struct { - verifyOptionsFn VerifyOptionFunc - auth authenticator.Request - - // allowedCommonNames contains the common names which a verified certificate is allowed to have. - // If empty, all verified certificates are allowed. - allowedCommonNames StringSliceProvider -} - -// NewVerifier create a request.Authenticator by verifying a client cert on the request, then delegating to the wrapped auth -func NewVerifier(opts x509.VerifyOptions, auth authenticator.Request, allowedCommonNames sets.String) authenticator.Request { - return NewDynamicCAVerifier(StaticVerifierFn(opts), auth, StaticStringSlice(allowedCommonNames.List())) -} - -// NewDynamicCAVerifier create a request.Authenticator by verifying a client cert on the request, then delegating to the wrapped auth -func NewDynamicCAVerifier(verifyOptionsFn VerifyOptionFunc, auth authenticator.Request, allowedCommonNames StringSliceProvider) authenticator.Request { - return &Verifier{verifyOptionsFn, auth, allowedCommonNames} -} - -// AuthenticateRequest verifies the presented client certificate, then delegates to the wrapped auth -func (a *Verifier) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - if req.TLS == nil || len(req.TLS.PeerCertificates) == 0 { - return nil, false, nil - } - - // Use intermediates, if provided - optsCopy, ok := a.verifyOptionsFn() - // if there are intentionally no verify options, then we cannot authenticate this request - if !ok { - return nil, false, nil - } - if optsCopy.Intermediates == nil && len(req.TLS.PeerCertificates) > 1 { - optsCopy.Intermediates = x509.NewCertPool() - for _, intermediate := range req.TLS.PeerCertificates[1:] { - optsCopy.Intermediates.AddCert(intermediate) - } - } - - if _, err := req.TLS.PeerCertificates[0].Verify(optsCopy); err != nil { - return nil, false, err - } - if err := a.verifySubject(req.TLS.PeerCertificates[0].Subject); err != nil { - return nil, false, err - } - return a.auth.AuthenticateRequest(req) -} - -func (a *Verifier) verifySubject(subject pkix.Name) error { - // No CN restrictions - if len(a.allowedCommonNames.Value()) == 0 { - return nil - } - // Enforce CN restrictions - for _, allowedCommonName := range a.allowedCommonNames.Value() { - if allowedCommonName == subject.CommonName { - return nil - } - } - return fmt.Errorf("x509: subject with cn=%s is not in the allowed list", subject.CommonName) -} - -// DefaultVerifyOptions returns VerifyOptions that use the system root certificates, current time, -// and requires certificates to be valid for client auth (x509.ExtKeyUsageClientAuth) -func DefaultVerifyOptions() x509.VerifyOptions { - return x509.VerifyOptions{ - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, - } -} - -// CommonNameUserConversion builds user info from a certificate chain using the subject's CommonName -var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (*authenticator.Response, bool, error) { - if len(chain[0].Subject.CommonName) == 0 { - return nil, false, nil - } - return &authenticator.Response{ - User: &user.DefaultInfo{ - Name: chain[0].Subject.CommonName, - Groups: chain[0].Subject.Organization, - }, - }, true, nil -}) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go deleted file mode 100644 index f0dc076763..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go +++ /dev/null @@ -1,183 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "context" - "fmt" - "strings" - - v1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/authentication/user" - v1core "k8s.io/client-go/kubernetes/typed/core/v1" - - "k8s.io/klog/v2" -) - -const ( - ServiceAccountUsernamePrefix = "system:serviceaccount:" - ServiceAccountUsernameSeparator = ":" - ServiceAccountGroupPrefix = "system:serviceaccounts:" - AllServiceAccountsGroup = "system:serviceaccounts" - // PodNameKey is the key used in a user's "extra" to specify the pod name of - // the authenticating request. - PodNameKey = "authentication.kubernetes.io/pod-name" - // PodUIDKey is the key used in a user's "extra" to specify the pod UID of - // the authenticating request. - PodUIDKey = "authentication.kubernetes.io/pod-uid" -) - -// MakeUsername generates a username from the given namespace and ServiceAccount name. -// The resulting username can be passed to SplitUsername to extract the original namespace and ServiceAccount name. -func MakeUsername(namespace, name string) string { - return ServiceAccountUsernamePrefix + namespace + ServiceAccountUsernameSeparator + name -} - -// MatchesUsername checks whether the provided username matches the namespace and name without -// allocating. Use this when checking a service account namespace and name against a known string. -func MatchesUsername(namespace, name string, username string) bool { - if !strings.HasPrefix(username, ServiceAccountUsernamePrefix) { - return false - } - username = username[len(ServiceAccountUsernamePrefix):] - - if !strings.HasPrefix(username, namespace) { - return false - } - username = username[len(namespace):] - - if !strings.HasPrefix(username, ServiceAccountUsernameSeparator) { - return false - } - username = username[len(ServiceAccountUsernameSeparator):] - - return username == name -} - -var invalidUsernameErr = fmt.Errorf("Username must be in the form %s", MakeUsername("namespace", "name")) - -// SplitUsername returns the namespace and ServiceAccount name embedded in the given username, -// or an error if the username is not a valid name produced by MakeUsername -func SplitUsername(username string) (string, string, error) { - if !strings.HasPrefix(username, ServiceAccountUsernamePrefix) { - return "", "", invalidUsernameErr - } - trimmed := strings.TrimPrefix(username, ServiceAccountUsernamePrefix) - parts := strings.Split(trimmed, ServiceAccountUsernameSeparator) - if len(parts) != 2 { - return "", "", invalidUsernameErr - } - namespace, name := parts[0], parts[1] - if len(apimachineryvalidation.ValidateNamespaceName(namespace, false)) != 0 { - return "", "", invalidUsernameErr - } - if len(apimachineryvalidation.ValidateServiceAccountName(name, false)) != 0 { - return "", "", invalidUsernameErr - } - return namespace, name, nil -} - -// MakeGroupNames generates service account group names for the given namespace -func MakeGroupNames(namespace string) []string { - return []string{ - AllServiceAccountsGroup, - MakeNamespaceGroupName(namespace), - } -} - -// MakeNamespaceGroupName returns the name of the group all service accounts in the namespace are included in -func MakeNamespaceGroupName(namespace string) string { - return ServiceAccountGroupPrefix + namespace -} - -// UserInfo returns a user.Info interface for the given namespace, service account name and UID -func UserInfo(namespace, name, uid string) user.Info { - return (&ServiceAccountInfo{ - Name: name, - Namespace: namespace, - UID: uid, - }).UserInfo() -} - -type ServiceAccountInfo struct { - Name, Namespace, UID string - PodName, PodUID string -} - -func (sa *ServiceAccountInfo) UserInfo() user.Info { - info := &user.DefaultInfo{ - Name: MakeUsername(sa.Namespace, sa.Name), - UID: sa.UID, - Groups: MakeGroupNames(sa.Namespace), - } - if sa.PodName != "" && sa.PodUID != "" { - info.Extra = map[string][]string{ - PodNameKey: {sa.PodName}, - PodUIDKey: {sa.PodUID}, - } - } - return info -} - -// IsServiceAccountToken returns true if the secret is a valid api token for the service account -func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool { - if secret.Type != v1.SecretTypeServiceAccountToken { - return false - } - - name := secret.Annotations[v1.ServiceAccountNameKey] - uid := secret.Annotations[v1.ServiceAccountUIDKey] - if name != sa.Name { - // Name must match - return false - } - if len(uid) > 0 && uid != string(sa.UID) { - // If UID is specified, it must match - return false - } - - return true -} - -func GetOrCreateServiceAccount(coreClient v1core.CoreV1Interface, namespace, name string) (*v1.ServiceAccount, error) { - sa, err := coreClient.ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{}) - if err == nil { - return sa, nil - } - if !apierrors.IsNotFound(err) { - return nil, err - } - - // Create the namespace if we can't verify it exists. - // Tolerate errors, since we don't know whether this component has namespace creation permissions. - if _, err := coreClient.Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{}); apierrors.IsNotFound(err) { - if _, err = coreClient.Namespaces().Create(context.TODO(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}}, metav1.CreateOptions{}); err != nil && !apierrors.IsAlreadyExists(err) { - klog.Warningf("create non-exist namespace %s failed:%v", namespace, err) - } - } - - // Create the service account - sa, err = coreClient.ServiceAccounts(namespace).Create(context.TODO(), &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: name}}, metav1.CreateOptions{}) - if apierrors.IsAlreadyExists(err) { - // If we're racing to init and someone else already created it, re-fetch - return coreClient.ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{}) - } - return sa, err -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_simple.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_simple.go deleted file mode 100644 index a2c5ce680b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_simple.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "time" - - utilcache "k8s.io/apimachinery/pkg/util/cache" - "k8s.io/utils/clock" -) - -type simpleCache struct { - cache *utilcache.Expiring -} - -func newSimpleCache(clock clock.Clock) cache { - return &simpleCache{cache: utilcache.NewExpiringWithClock(clock)} -} - -func (c *simpleCache) get(key string) (*cacheRecord, bool) { - record, ok := c.cache.Get(key) - if !ok { - return nil, false - } - value, ok := record.(*cacheRecord) - return value, ok -} - -func (c *simpleCache) set(key string, value *cacheRecord, ttl time.Duration) { - c.cache.Set(key, value, ttl) -} - -func (c *simpleCache) remove(key string) { - c.cache.Delete(key) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_striped.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_striped.go deleted file mode 100644 index e5b7afe4e7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_striped.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "hash/fnv" - "time" -) - -// split cache lookups across N striped caches -type stripedCache struct { - stripeCount uint32 - hashFunc func(string) uint32 - caches []cache -} - -type hashFunc func(string) uint32 -type newCacheFunc func() cache - -func newStripedCache(stripeCount int, hash hashFunc, newCacheFunc newCacheFunc) cache { - caches := []cache{} - for i := 0; i < stripeCount; i++ { - caches = append(caches, newCacheFunc()) - } - return &stripedCache{ - stripeCount: uint32(stripeCount), - hashFunc: hash, - caches: caches, - } -} - -func (c *stripedCache) get(key string) (*cacheRecord, bool) { - return c.caches[c.hashFunc(key)%c.stripeCount].get(key) -} -func (c *stripedCache) set(key string, value *cacheRecord, ttl time.Duration) { - c.caches[c.hashFunc(key)%c.stripeCount].set(key, value, ttl) -} -func (c *stripedCache) remove(key string) { - c.caches[c.hashFunc(key)%c.stripeCount].remove(key) -} - -func fnvHashFunc(key string) uint32 { - f := fnv.New32() - f.Write([]byte(key)) - return f.Sum32() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go deleted file mode 100644 index ae388b9379..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go +++ /dev/null @@ -1,307 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "context" - "crypto/hmac" - "crypto/rand" - "crypto/sha256" - "encoding/binary" - "errors" - "hash" - "io" - "runtime" - "sync" - "time" - "unsafe" - - "golang.org/x/sync/singleflight" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/warning" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -var errAuthnCrash = apierrors.NewInternalError(errors.New("authentication failed unexpectedly")) - -const sharedLookupTimeout = 30 * time.Second - -// cacheRecord holds the three return values of the authenticator.Token AuthenticateToken method -type cacheRecord struct { - resp *authenticator.Response - ok bool - err error - - // this cache assumes token authn has no side-effects or temporal dependence. - // neither of these are true for audit annotations set via AddAuditAnnotation. - // - // for audit annotations, the assumption is that for some period of time (cache TTL), - // all requests with the same API audiences and the same bearer token result in the - // same annotations. This may not be true if the authenticator sets an annotation - // based on the current time, but that may be okay since cache TTLs are generally - // small (seconds). - annotations map[string]string - warnings []*cacheWarning -} - -type cacheWarning struct { - agent string - text string -} - -type cachedTokenAuthenticator struct { - authenticator authenticator.Token - - cacheErrs bool - successTTL time.Duration - failureTTL time.Duration - - cache cache - group singleflight.Group - - // hashPool is a per authenticator pool of hash.Hash (to avoid allocations from building the Hash) - // HMAC with SHA-256 and a random key is used to prevent precomputation and length extension attacks - // It also mitigates hash map DOS attacks via collisions (the inputs are supplied by untrusted users) - hashPool *sync.Pool -} - -type cache interface { - // given a key, return the record, and whether or not it existed - get(key string) (value *cacheRecord, exists bool) - // caches the record for the key - set(key string, value *cacheRecord, ttl time.Duration) - // removes the record for the key - remove(key string) -} - -// New returns a token authenticator that caches the results of the specified authenticator. A ttl of 0 bypasses the cache. -func New(authenticator authenticator.Token, cacheErrs bool, successTTL, failureTTL time.Duration) authenticator.Token { - return newWithClock(authenticator, cacheErrs, successTTL, failureTTL, clock.RealClock{}) -} - -func newWithClock(authenticator authenticator.Token, cacheErrs bool, successTTL, failureTTL time.Duration, clock clock.Clock) authenticator.Token { - randomCacheKey := make([]byte, 32) - if _, err := rand.Read(randomCacheKey); err != nil { - panic(err) // rand should never fail - } - - return &cachedTokenAuthenticator{ - authenticator: authenticator, - cacheErrs: cacheErrs, - successTTL: successTTL, - failureTTL: failureTTL, - // Cache performance degrades noticeably when the number of - // tokens in operation exceeds the size of the cache. It is - // cheap to make the cache big in the second dimension below, - // the memory is only consumed when that many tokens are being - // used. Currently we advertise support 5k nodes and 10k - // namespaces; a 32k entry cache is therefore a 2x safety - // margin. - cache: newStripedCache(32, fnvHashFunc, func() cache { return newSimpleCache(clock) }), - - hashPool: &sync.Pool{ - New: func() interface{} { - return hmac.New(sha256.New, randomCacheKey) - }, - }, - } -} - -// AuthenticateToken implements authenticator.Token -func (a *cachedTokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { - record := a.doAuthenticateToken(ctx, token) - if !record.ok || record.err != nil { - return nil, false, record.err - } - for key, value := range record.annotations { - audit.AddAuditAnnotation(ctx, key, value) - } - for _, w := range record.warnings { - warning.AddWarning(ctx, w.agent, w.text) - } - return record.resp, true, nil -} - -func (a *cachedTokenAuthenticator) doAuthenticateToken(ctx context.Context, token string) *cacheRecord { - doneAuthenticating := stats.authenticating(ctx) - - auds, audsOk := authenticator.AudiencesFrom(ctx) - - key := keyFunc(a.hashPool, auds, token) - if record, ok := a.cache.get(key); ok { - // Record cache hit - doneAuthenticating(true) - return record - } - - // Record cache miss - doneBlocking := stats.blocking(ctx) - defer doneBlocking() - defer doneAuthenticating(false) - - c := a.group.DoChan(key, func() (val interface{}, _ error) { - // always use one place to read and write the output of AuthenticateToken - record := &cacheRecord{} - - doneFetching := stats.fetching(ctx) - // We're leaving the request handling stack so we need to handle crashes - // ourselves. Log a stack trace and return a 500 if something panics. - defer func() { - if r := recover(); r != nil { - // make sure to always return a record - record.err = errAuthnCrash - val = record - - // Same as stdlib http server code. Manually allocate stack - // trace buffer size to prevent excessively large logs - const size = 64 << 10 - buf := make([]byte, size) - buf = buf[:runtime.Stack(buf, false)] - klog.Errorf("%v\n%s", r, buf) - } - doneFetching(record.err == nil) - }() - - // Check again for a cached record. We may have raced with a fetch. - if record, ok := a.cache.get(key); ok { - return record, nil - } - - // Detach the context because the lookup may be shared by multiple callers, - // however propagate the audience. - ctx, cancel := context.WithTimeout(context.Background(), sharedLookupTimeout) - defer cancel() - - if audsOk { - ctx = authenticator.WithAudiences(ctx, auds) - } - recorder := &recorder{} - ctx = warning.WithWarningRecorder(ctx, recorder) - - // since this is shared work between multiple requests, we have no way of knowing if any - // particular request supports audit annotations. thus we always attempt to record them. - ev := &auditinternal.Event{Level: auditinternal.LevelMetadata} - ctx = audit.WithAuditContext(ctx) - ac := audit.AuditContextFrom(ctx) - ac.Event = ev - - record.resp, record.ok, record.err = a.authenticator.AuthenticateToken(ctx, token) - record.annotations = ev.Annotations - record.warnings = recorder.extractWarnings() - - if !a.cacheErrs && record.err != nil { - return record, nil - } - - switch { - case record.ok && a.successTTL > 0: - a.cache.set(key, record, a.successTTL) - case !record.ok && a.failureTTL > 0: - a.cache.set(key, record, a.failureTTL) - } - - return record, nil - }) - - select { - case result := <-c: - // we always set Val and never set Err - return result.Val.(*cacheRecord) - case <-ctx.Done(): - // fake a record on context cancel - return &cacheRecord{err: ctx.Err()} - } -} - -// keyFunc generates a string key by hashing the inputs. -// This lowers the memory requirement of the cache and keeps tokens out of memory. -func keyFunc(hashPool *sync.Pool, auds []string, token string) string { - h := hashPool.Get().(hash.Hash) - - h.Reset() - - // try to force stack allocation - var a [4]byte - b := a[:] - - writeLengthPrefixedString(h, b, token) - // encode the length of audiences to avoid ambiguities - writeLength(h, b, len(auds)) - for _, aud := range auds { - writeLengthPrefixedString(h, b, aud) - } - - key := toString(h.Sum(nil)) // skip base64 encoding to save an allocation - - hashPool.Put(h) - - return key -} - -// writeLengthPrefixedString writes s with a length prefix to prevent ambiguities, i.e. "xy" + "z" == "x" + "yz" -// the length of b is assumed to be 4 (b is mutated by this function to store the length of s) -func writeLengthPrefixedString(w io.Writer, b []byte, s string) { - writeLength(w, b, len(s)) - if _, err := w.Write(toBytes(s)); err != nil { - panic(err) // Write() on hash never fails - } -} - -// writeLength encodes length into b and then writes it via the given writer -// the length of b is assumed to be 4 -func writeLength(w io.Writer, b []byte, length int) { - binary.BigEndian.PutUint32(b, uint32(length)) - if _, err := w.Write(b); err != nil { - panic(err) // Write() on hash never fails - } -} - -// toBytes performs unholy acts to avoid allocations -func toBytes(s string) []byte { - return *(*[]byte)(unsafe.Pointer(&s)) -} - -// toString performs unholy acts to avoid allocations -func toString(b []byte) string { - return *(*string)(unsafe.Pointer(&b)) -} - -// simple recorder that only appends warning -type recorder struct { - mu sync.Mutex - warnings []*cacheWarning -} - -// AddWarning adds a warning to recorder. -func (r *recorder) AddWarning(agent, text string) { - r.mu.Lock() - defer r.mu.Unlock() - r.warnings = append(r.warnings, &cacheWarning{agent: agent, text: text}) -} - -func (r *recorder) extractWarnings() []*cacheWarning { - r.mu.Lock() - defer r.mu.Unlock() - warnings := r.warnings - r.warnings = nil - return warnings -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/stats.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/stats.go deleted file mode 100644 index d1b959aa5e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/cache/stats.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "context" - "time" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -var ( - requestLatency = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Namespace: "authentication", - Subsystem: "token_cache", - Name: "request_duration_seconds", - StabilityLevel: metrics.ALPHA, - }, - []string{"status"}, - ) - requestCount = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: "authentication", - Subsystem: "token_cache", - Name: "request_total", - StabilityLevel: metrics.ALPHA, - }, - []string{"status"}, - ) - fetchCount = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: "authentication", - Subsystem: "token_cache", - Name: "fetch_total", - StabilityLevel: metrics.ALPHA, - }, - []string{"status"}, - ) - activeFetchCount = metrics.NewGaugeVec( - &metrics.GaugeOpts{ - Namespace: "authentication", - Subsystem: "token_cache", - Name: "active_fetch_count", - StabilityLevel: metrics.ALPHA, - }, - []string{"status"}, - ) -) - -func init() { - legacyregistry.MustRegister( - requestLatency, - requestCount, - fetchCount, - activeFetchCount, - ) -} - -const ( - hitTag = "hit" - missTag = "miss" - - fetchFailedTag = "error" - fetchOkTag = "ok" - - fetchInFlightTag = "in_flight" - fetchBlockedTag = "blocked" -) - -type statsCollector struct{} - -var stats = statsCollector{} - -func (statsCollector) authenticating(ctx context.Context) func(hit bool) { - start := time.Now() - return func(hit bool) { - var tag string - if hit { - tag = hitTag - } else { - tag = missTag - } - - latency := time.Since(start) - - requestCount.WithContext(ctx).WithLabelValues(tag).Inc() - requestLatency.WithContext(ctx).WithLabelValues(tag).Observe(float64(latency.Milliseconds()) / 1000) - } -} - -func (statsCollector) blocking(ctx context.Context) func() { - activeFetchCount.WithContext(ctx).WithLabelValues(fetchBlockedTag).Inc() - return activeFetchCount.WithContext(ctx).WithLabelValues(fetchBlockedTag).Dec -} - -func (statsCollector) fetching(ctx context.Context) func(ok bool) { - activeFetchCount.WithContext(ctx).WithLabelValues(fetchInFlightTag).Inc() - return func(ok bool) { - var tag string - if ok { - tag = fetchOkTag - } else { - tag = fetchFailedTag - } - - fetchCount.WithContext(ctx).WithLabelValues(tag).Inc() - - activeFetchCount.WithContext(ctx).WithLabelValues(fetchInFlightTag).Dec() - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/tokenfile/tokenfile.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/tokenfile/tokenfile.go deleted file mode 100644 index bd7fccbdca..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/tokenfile/tokenfile.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package tokenfile - -import ( - "context" - "encoding/csv" - "fmt" - "io" - "os" - "strings" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/klog/v2" -) - -type TokenAuthenticator struct { - tokens map[string]*user.DefaultInfo -} - -// New returns a TokenAuthenticator for a single token -func New(tokens map[string]*user.DefaultInfo) *TokenAuthenticator { - return &TokenAuthenticator{ - tokens: tokens, - } -} - -// NewCSV returns a TokenAuthenticator, populated from a CSV file. -// The CSV file must contain records in the format "token,username,useruid" -func NewCSV(path string) (*TokenAuthenticator, error) { - file, err := os.Open(path) - if err != nil { - return nil, err - } - defer file.Close() - - recordNum := 0 - tokens := make(map[string]*user.DefaultInfo) - reader := csv.NewReader(file) - reader.FieldsPerRecord = -1 - for { - record, err := reader.Read() - if err == io.EOF { - break - } - if err != nil { - return nil, err - } - if len(record) < 3 { - return nil, fmt.Errorf("token file '%s' must have at least 3 columns (token, user name, user uid), found %d", path, len(record)) - } - - recordNum++ - if record[0] == "" { - klog.Warningf("empty token has been found in token file '%s', record number '%d'", path, recordNum) - continue - } - - obj := &user.DefaultInfo{ - Name: record[1], - UID: record[2], - } - if _, exist := tokens[record[0]]; exist { - klog.Warningf("duplicate token has been found in token file '%s', record number '%d'", path, recordNum) - } - tokens[record[0]] = obj - - if len(record) >= 4 { - obj.Groups = strings.Split(record[3], ",") - } - } - - return &TokenAuthenticator{ - tokens: tokens, - }, nil -} - -func (a *TokenAuthenticator) AuthenticateToken(ctx context.Context, value string) (*authenticator.Response, bool, error) { - user, ok := a.tokens[value] - if !ok { - return nil, false, nil - } - return &authenticator.Response{User: user}, true, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/union/union.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/union/union.go deleted file mode 100644 index 80fdd89b2e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/token/union/union.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package union - -import ( - "context" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/authentication/authenticator" -) - -// unionAuthTokenHandler authenticates tokens using a chain of authenticator.Token objects -type unionAuthTokenHandler struct { - // Handlers is a chain of request authenticators to delegate to - Handlers []authenticator.Token - // FailOnError determines whether an error returns short-circuits the chain - FailOnError bool -} - -// New returns a token authenticator that validates credentials using a chain of authenticator.Token objects. -// The entire chain is tried until one succeeds. If all fail, an aggregate error is returned. -func New(authTokenHandlers ...authenticator.Token) authenticator.Token { - if len(authTokenHandlers) == 1 { - return authTokenHandlers[0] - } - return &unionAuthTokenHandler{Handlers: authTokenHandlers, FailOnError: false} -} - -// NewFailOnError returns a token authenticator that validates credentials using a chain of authenticator.Token objects. -// The first error short-circuits the chain. -func NewFailOnError(authTokenHandlers ...authenticator.Token) authenticator.Token { - if len(authTokenHandlers) == 1 { - return authTokenHandlers[0] - } - return &unionAuthTokenHandler{Handlers: authTokenHandlers, FailOnError: true} -} - -// AuthenticateToken authenticates the token using a chain of authenticator.Token objects. -func (authHandler *unionAuthTokenHandler) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { - var errlist []error - for _, currAuthRequestHandler := range authHandler.Handlers { - info, ok, err := currAuthRequestHandler.AuthenticateToken(ctx, token) - if err != nil { - if authHandler.FailOnError { - return info, ok, err - } - errlist = append(errlist, err) - continue - } - - if ok { - return info, ok, err - } - } - - return nil, false, utilerrors.NewAggregate(errlist) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go deleted file mode 100644 index 3d87fd72ca..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package user contains utilities for dealing with simple user exchange in the auth -// packages. The user.Info interface defines an interface for exchanging that info. -package user // import "k8s.io/apiserver/pkg/authentication/user" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authentication/user/user.go b/etcd/vendor/k8s.io/apiserver/pkg/authentication/user/user.go deleted file mode 100644 index 4d6ec09800..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authentication/user/user.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package user - -// Info describes a user that has been authenticated to the system. -type Info interface { - // GetName returns the name that uniquely identifies this user among all - // other active users. - GetName() string - // GetUID returns a unique value for a particular user that will change - // if the user is removed from the system and another user is added with - // the same name. - GetUID() string - // GetGroups returns the names of the groups the user is a member of - GetGroups() []string - - // GetExtra can contain any additional information that the authenticator - // thought was interesting. One example would be scopes on a token. - // Keys in this map should be namespaced to the authenticator or - // authenticator/authorizer pair making use of them. - // For instance: "example.org/foo" instead of "foo" - // This is a map[string][]string because it needs to be serializeable into - // a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization - // delegation flows - // In order to faithfully round-trip through an impersonation flow, these keys - // MUST be lowercase. - GetExtra() map[string][]string -} - -// DefaultInfo provides a simple user information exchange object -// for components that implement the UserInfo interface. -type DefaultInfo struct { - Name string - UID string - Groups []string - Extra map[string][]string -} - -func (i *DefaultInfo) GetName() string { - return i.Name -} - -func (i *DefaultInfo) GetUID() string { - return i.UID -} - -func (i *DefaultInfo) GetGroups() []string { - return i.Groups -} - -func (i *DefaultInfo) GetExtra() map[string][]string { - return i.Extra -} - -// well-known user and group names -const ( - SystemPrivilegedGroup = "system:masters" - NodesGroup = "system:nodes" - MonitoringGroup = "system:monitoring" - AllUnauthenticated = "system:unauthenticated" - AllAuthenticated = "system:authenticated" - - Anonymous = "system:anonymous" - APIServerUser = "system:apiserver" - - // core kubernetes process identities - KubeProxy = "system:kube-proxy" - KubeControllerManager = "system:kube-controller-manager" - KubeScheduler = "system:kube-scheduler" -) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizer/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizer/interfaces.go deleted file mode 100644 index 2a826981cf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizer/interfaces.go +++ /dev/null @@ -1,159 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorizer - -import ( - "context" - "net/http" - - "k8s.io/apiserver/pkg/authentication/user" -) - -// Attributes is an interface used by an Authorizer to get information about a request -// that is used to make an authorization decision. -type Attributes interface { - // GetUser returns the user.Info object to authorize - GetUser() user.Info - - // GetVerb returns the kube verb associated with API requests (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy), - // or the lowercased HTTP verb associated with non-API requests (this includes get, put, post, patch, and delete) - GetVerb() string - - // When IsReadOnly() == true, the request has no side effects, other than - // caching, logging, and other incidentals. - IsReadOnly() bool - - // The namespace of the object, if a request is for a REST object. - GetNamespace() string - - // The kind of object, if a request is for a REST object. - GetResource() string - - // GetSubresource returns the subresource being requested, if present - GetSubresource() string - - // GetName returns the name of the object as parsed off the request. This will not be present for all request types, but - // will be present for: get, update, delete - GetName() string - - // The group of the resource, if a request is for a REST object. - GetAPIGroup() string - - // GetAPIVersion returns the version of the group requested, if a request is for a REST object. - GetAPIVersion() string - - // IsResourceRequest returns true for requests to API resources, like /api/v1/nodes, - // and false for non-resource endpoints like /api, /healthz - IsResourceRequest() bool - - // GetPath returns the path of the request - GetPath() string -} - -// Authorizer makes an authorization decision based on information gained by making -// zero or more calls to methods of the Attributes interface. It returns nil when an action is -// authorized, otherwise it returns an error. -type Authorizer interface { - Authorize(ctx context.Context, a Attributes) (authorized Decision, reason string, err error) -} - -type AuthorizerFunc func(ctx context.Context, a Attributes) (Decision, string, error) - -func (f AuthorizerFunc) Authorize(ctx context.Context, a Attributes) (Decision, string, error) { - return f(ctx, a) -} - -// RuleResolver provides a mechanism for resolving the list of rules that apply to a given user within a namespace. -type RuleResolver interface { - // RulesFor get the list of cluster wide rules, the list of rules in the specific namespace, incomplete status and errors. - RulesFor(user user.Info, namespace string) ([]ResourceRuleInfo, []NonResourceRuleInfo, bool, error) -} - -// RequestAttributesGetter provides a function that extracts Attributes from an http.Request -type RequestAttributesGetter interface { - GetRequestAttributes(user.Info, *http.Request) Attributes -} - -// AttributesRecord implements Attributes interface. -type AttributesRecord struct { - User user.Info - Verb string - Namespace string - APIGroup string - APIVersion string - Resource string - Subresource string - Name string - ResourceRequest bool - Path string -} - -func (a AttributesRecord) GetUser() user.Info { - return a.User -} - -func (a AttributesRecord) GetVerb() string { - return a.Verb -} - -func (a AttributesRecord) IsReadOnly() bool { - return a.Verb == "get" || a.Verb == "list" || a.Verb == "watch" -} - -func (a AttributesRecord) GetNamespace() string { - return a.Namespace -} - -func (a AttributesRecord) GetResource() string { - return a.Resource -} - -func (a AttributesRecord) GetSubresource() string { - return a.Subresource -} - -func (a AttributesRecord) GetName() string { - return a.Name -} - -func (a AttributesRecord) GetAPIGroup() string { - return a.APIGroup -} - -func (a AttributesRecord) GetAPIVersion() string { - return a.APIVersion -} - -func (a AttributesRecord) IsResourceRequest() bool { - return a.ResourceRequest -} - -func (a AttributesRecord) GetPath() string { - return a.Path -} - -type Decision int - -const ( - // DecisionDeny means that an authorizer decided to deny the action. - DecisionDeny Decision = iota - // DecisionAllow means that an authorizer decided to allow the action. - DecisionAllow - // DecisionNoOpionion means that an authorizer has no opinion on whether - // to allow or deny an action. - DecisionNoOpinion -) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizer/rule.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizer/rule.go deleted file mode 100644 index 8f7d9d9eff..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizer/rule.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorizer - -type ResourceRuleInfo interface { - // GetVerbs returns a list of kubernetes resource API verbs. - GetVerbs() []string - // GetAPIGroups return the names of the APIGroup that contains the resources. - GetAPIGroups() []string - // GetResources return a list of resources the rule applies to. - GetResources() []string - // GetResourceNames return a white list of names that the rule applies to. - GetResourceNames() []string -} - -// DefaultResourceRuleInfo holds information that describes a rule for the resource -type DefaultResourceRuleInfo struct { - Verbs []string - APIGroups []string - Resources []string - ResourceNames []string -} - -func (i *DefaultResourceRuleInfo) GetVerbs() []string { - return i.Verbs -} - -func (i *DefaultResourceRuleInfo) GetAPIGroups() []string { - return i.APIGroups -} - -func (i *DefaultResourceRuleInfo) GetResources() []string { - return i.Resources -} - -func (i *DefaultResourceRuleInfo) GetResourceNames() []string { - return i.ResourceNames -} - -type NonResourceRuleInfo interface { - // GetVerbs returns a list of kubernetes resource API verbs. - GetVerbs() []string - // GetNonResourceURLs return a set of partial urls that a user should have access to. - GetNonResourceURLs() []string -} - -// DefaultNonResourceRuleInfo holds information that describes a rule for the non-resource -type DefaultNonResourceRuleInfo struct { - Verbs []string - NonResourceURLs []string -} - -func (i *DefaultNonResourceRuleInfo) GetVerbs() []string { - return i.Verbs -} - -func (i *DefaultNonResourceRuleInfo) GetNonResourceURLs() []string { - return i.NonResourceURLs -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/builtin.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/builtin.go deleted file mode 100644 index 6fe3fa96ed..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/builtin.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorizerfactory - -import ( - "context" - "errors" - - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" -) - -// alwaysAllowAuthorizer is an implementation of authorizer.Attributes -// which always says yes to an authorization request. -// It is useful in tests and when using kubernetes in an open manner. -type alwaysAllowAuthorizer struct{} - -func (alwaysAllowAuthorizer) Authorize(ctx context.Context, a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error) { - return authorizer.DecisionAllow, "", nil -} - -func (alwaysAllowAuthorizer) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { - return []authorizer.ResourceRuleInfo{ - &authorizer.DefaultResourceRuleInfo{ - Verbs: []string{"*"}, - APIGroups: []string{"*"}, - Resources: []string{"*"}, - }, - }, []authorizer.NonResourceRuleInfo{ - &authorizer.DefaultNonResourceRuleInfo{ - Verbs: []string{"*"}, - NonResourceURLs: []string{"*"}, - }, - }, false, nil -} - -func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer { - return new(alwaysAllowAuthorizer) -} - -// alwaysDenyAuthorizer is an implementation of authorizer.Attributes -// which always says no to an authorization request. -// It is useful in unit tests to force an operation to be forbidden. -type alwaysDenyAuthorizer struct{} - -func (alwaysDenyAuthorizer) Authorize(ctx context.Context, a authorizer.Attributes) (decision authorizer.Decision, reason string, err error) { - return authorizer.DecisionNoOpinion, "Everything is forbidden.", nil -} - -func (alwaysDenyAuthorizer) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { - return []authorizer.ResourceRuleInfo{}, []authorizer.NonResourceRuleInfo{}, false, nil -} - -func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer { - return new(alwaysDenyAuthorizer) -} - -type privilegedGroupAuthorizer struct { - groups []string -} - -func (r *privilegedGroupAuthorizer) Authorize(ctx context.Context, attr authorizer.Attributes) (authorizer.Decision, string, error) { - if attr.GetUser() == nil { - return authorizer.DecisionNoOpinion, "Error", errors.New("no user on request.") - } - for _, attr_group := range attr.GetUser().GetGroups() { - for _, priv_group := range r.groups { - if priv_group == attr_group { - return authorizer.DecisionAllow, "", nil - } - } - } - return authorizer.DecisionNoOpinion, "", nil -} - -// NewPrivilegedGroups is for use in loopback scenarios -func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer { - return &privilegedGroupAuthorizer{ - groups: groups, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/delegating.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/delegating.go deleted file mode 100644 index d1ead25dbb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/delegating.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorizerfactory - -import ( - "errors" - "time" - - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/plugin/pkg/authorizer/webhook" - authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1" -) - -// DelegatingAuthorizerConfig is the minimal configuration needed to create an authenticator -// built to delegate authorization to a kube API server -type DelegatingAuthorizerConfig struct { - SubjectAccessReviewClient authorizationclient.AuthorizationV1Interface - - // AllowCacheTTL is the length of time that a successful authorization response will be cached - AllowCacheTTL time.Duration - - // DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached. - // You generally want more responsive, "deny, try again" flows. - DenyCacheTTL time.Duration - - // WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - WebhookRetryBackoff *wait.Backoff -} - -func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error) { - if c.WebhookRetryBackoff == nil { - return nil, errors.New("retry backoff parameters for delegating authorization webhook has not been specified") - } - - return webhook.NewFromInterface( - c.SubjectAccessReviewClient, - c.AllowCacheTTL, - c.DenyCacheTTL, - *c.WebhookRetryBackoff, - webhook.AuthorizerMetrics{ - RecordRequestTotal: RecordRequestTotal, - RecordRequestLatency: RecordRequestLatency, - }, - ) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/metrics.go deleted file mode 100644 index 08b3d54ab9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/metrics.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorizerfactory - -import ( - "context" - - compbasemetrics "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -type registerables []compbasemetrics.Registerable - -// init registers all metrics -func init() { - for _, metric := range metrics { - legacyregistry.MustRegister(metric) - } -} - -var ( - requestTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Name: "apiserver_delegated_authz_request_total", - Help: "Number of HTTP requests partitioned by status code.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"code"}, - ) - - requestLatency = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Name: "apiserver_delegated_authz_request_duration_seconds", - Help: "Request latency in seconds. Broken down by status code.", - Buckets: []float64{0.25, 0.5, 0.7, 1, 1.5, 3, 5, 10}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"code"}, - ) - - metrics = registerables{ - requestTotal, - requestLatency, - } -) - -// RecordRequestTotal increments the total number of requests for the delegated authorization. -func RecordRequestTotal(ctx context.Context, code string) { - requestTotal.WithContext(ctx).WithLabelValues(code).Add(1) -} - -// RecordRequestLatency measures request latency in seconds for the delegated authorization. Broken down by status code. -func RecordRequestLatency(ctx context.Context, code string, latency float64) { - requestLatency.WithContext(ctx).WithLabelValues(code).Observe(latency) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/path/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/path/doc.go deleted file mode 100644 index 654aaeb742..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/path/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package path contains an authorizer that allows certain paths and path prefixes. -package path // import "k8s.io/apiserver/pkg/authorization/path" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/path/path.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/path/path.go deleted file mode 100644 index 0e1ec23387..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/path/path.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package path - -import ( - "context" - "fmt" - "strings" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/authorization/authorizer" -) - -// NewAuthorizer returns an authorizer which accepts a given set of paths. -// Each path is either a fully matching path or it ends in * in case a prefix match is done. A leading / is optional. -func NewAuthorizer(alwaysAllowPaths []string) (authorizer.Authorizer, error) { - var prefixes []string - paths := sets.NewString() - for _, p := range alwaysAllowPaths { - p = strings.TrimPrefix(p, "/") - if len(p) == 0 { - // matches "/" - paths.Insert(p) - continue - } - if strings.ContainsRune(p[:len(p)-1], '*') { - return nil, fmt.Errorf("only trailing * allowed in %q", p) - } - if strings.HasSuffix(p, "*") { - prefixes = append(prefixes, p[:len(p)-1]) - } else { - paths.Insert(p) - } - } - - return authorizer.AuthorizerFunc(func(ctx context.Context, a authorizer.Attributes) (authorizer.Decision, string, error) { - if a.IsResourceRequest() { - return authorizer.DecisionNoOpinion, "", nil - } - - pth := strings.TrimPrefix(a.GetPath(), "/") - if paths.Has(pth) { - return authorizer.DecisionAllow, "", nil - } - - for _, prefix := range prefixes { - if strings.HasPrefix(pth, prefix) { - return authorizer.DecisionAllow, "", nil - } - } - - return authorizer.DecisionNoOpinion, "", nil - }), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/authorization/union/union.go b/etcd/vendor/k8s.io/apiserver/pkg/authorization/union/union.go deleted file mode 100644 index 460d9a4ab5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/authorization/union/union.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package union implements an authorizer that combines multiple subauthorizer. -// The union authorizer iterates over each subauthorizer and returns the first -// decision that is either an Allow decision or a Deny decision. If a -// subauthorizer returns a NoOpinion, then the union authorizer moves onto the -// next authorizer or, if the subauthorizer was the last authorizer, returns -// NoOpinion as the aggregate decision. I.e. union authorizer creates an -// aggregate decision and supports short-circuit allows and denies from -// subauthorizers. -package union - -import ( - "context" - "strings" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" -) - -// unionAuthzHandler authorizer against a chain of authorizer.Authorizer -type unionAuthzHandler []authorizer.Authorizer - -// New returns an authorizer that authorizes against a chain of authorizer.Authorizer objects -func New(authorizationHandlers ...authorizer.Authorizer) authorizer.Authorizer { - return unionAuthzHandler(authorizationHandlers) -} - -// Authorizes against a chain of authorizer.Authorizer objects and returns nil if successful and returns error if unsuccessful -func (authzHandler unionAuthzHandler) Authorize(ctx context.Context, a authorizer.Attributes) (authorizer.Decision, string, error) { - var ( - errlist []error - reasonlist []string - ) - - for _, currAuthzHandler := range authzHandler { - decision, reason, err := currAuthzHandler.Authorize(ctx, a) - - if err != nil { - errlist = append(errlist, err) - } - if len(reason) != 0 { - reasonlist = append(reasonlist, reason) - } - switch decision { - case authorizer.DecisionAllow, authorizer.DecisionDeny: - return decision, reason, err - case authorizer.DecisionNoOpinion: - // continue to the next authorizer - } - } - - return authorizer.DecisionNoOpinion, strings.Join(reasonlist, "\n"), utilerrors.NewAggregate(errlist) -} - -// unionAuthzRulesHandler authorizer against a chain of authorizer.RuleResolver -type unionAuthzRulesHandler []authorizer.RuleResolver - -// NewRuleResolvers returns an authorizer that authorizes against a chain of authorizer.Authorizer objects -func NewRuleResolvers(authorizationHandlers ...authorizer.RuleResolver) authorizer.RuleResolver { - return unionAuthzRulesHandler(authorizationHandlers) -} - -// RulesFor against a chain of authorizer.RuleResolver objects and returns nil if successful and returns error if unsuccessful -func (authzHandler unionAuthzRulesHandler) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { - var ( - errList []error - resourceRulesList []authorizer.ResourceRuleInfo - nonResourceRulesList []authorizer.NonResourceRuleInfo - ) - incompleteStatus := false - - for _, currAuthzHandler := range authzHandler { - resourceRules, nonResourceRules, incomplete, err := currAuthzHandler.RulesFor(user, namespace) - - if incomplete { - incompleteStatus = true - } - if err != nil { - errList = append(errList, err) - } - if len(resourceRules) > 0 { - resourceRulesList = append(resourceRulesList, resourceRules...) - } - if len(nonResourceRules) > 0 { - nonResourceRulesList = append(nonResourceRulesList, nonResourceRules...) - } - } - - return resourceRulesList, nonResourceRulesList, incompleteStatus, utilerrors.NewAggregate(errList) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/errors.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/errors.go deleted file mode 100644 index 907ca6ec8f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/errors.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -// Error is an implementation of the 'error' interface, which represents a -// XValidation error. -type Error struct { - Type ErrorType - Detail string -} - -var _ error = &Error{} - -// Error implements the error interface. -func (v *Error) Error() string { - return v.Detail -} - -// ErrorType is a machine readable value providing more detail about why -// a XValidation is invalid. -type ErrorType string - -const ( - // ErrorTypeRequired is used to report withNullable values that are not - // provided (e.g. empty strings, null values, or empty arrays). See - // Required(). - ErrorTypeRequired ErrorType = "RuleRequired" - // ErrorTypeInvalid is used to report malformed values - ErrorTypeInvalid ErrorType = "RuleInvalid" - // ErrorTypeInternal is used to report other errors that are not related - // to user input. See InternalError(). - ErrorTypeInternal ErrorType = "InternalError" -) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/escaping.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/escaping.go deleted file mode 100644 index 705c353a2b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/escaping.go +++ /dev/null @@ -1,170 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -import ( - "regexp" - - "k8s.io/apimachinery/pkg/util/sets" -) - -// celReservedSymbols is a list of RESERVED symbols defined in the CEL lexer. -// No identifiers are allowed to collide with these symbols. -// https://github.com/google/cel-spec/blob/master/doc/langdef.md#syntax -var celReservedSymbols = sets.NewString( - "true", "false", "null", "in", - "as", "break", "const", "continue", "else", - "for", "function", "if", "import", "let", - "loop", "package", "namespace", "return", // !! 'namespace' is used heavily in Kubernetes - "var", "void", "while", -) - -// expandMatcher matches the escape sequence, characters that are escaped, and characters that are unsupported -var expandMatcher = regexp.MustCompile(`(__|[-./]|[^a-zA-Z0-9-./_])`) - -// newCharacterFilter returns a boolean array to indicate the allowed characters -func newCharacterFilter(characters string) []bool { - maxChar := 0 - for _, c := range characters { - if maxChar < int(c) { - maxChar = int(c) - } - } - filter := make([]bool, maxChar+1) - - for _, c := range characters { - filter[int(c)] = true - } - - return filter -} - -type escapeCheck struct { - canSkipRegex bool - invalidCharFound bool -} - -// skipRegexCheck checks if escape would be skipped. -// if invalidCharFound is true, it must have invalid character; if invalidCharFound is false, not sure if it has invalid character or not -func skipRegexCheck(ident string) escapeCheck { - escapeCheck := escapeCheck{canSkipRegex: true, invalidCharFound: false} - // skip escape if possible - previous_underscore := false - for _, c := range ident { - if c == '/' || c == '-' || c == '.' { - escapeCheck.canSkipRegex = false - return escapeCheck - } - intc := int(c) - if intc < 0 || intc >= len(validCharacterFilter) || !validCharacterFilter[intc] { - escapeCheck.invalidCharFound = true - return escapeCheck - } - if c == '_' && previous_underscore { - escapeCheck.canSkipRegex = false - return escapeCheck - } - - previous_underscore = c == '_' - } - return escapeCheck -} - -// validCharacterFilter indicates the allowed characters. -var validCharacterFilter = newCharacterFilter("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_") - -// Escape escapes ident and returns a CEL identifier (of the form '[a-zA-Z_][a-zA-Z0-9_]*'), or returns -// false if the ident does not match the supported input format of `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`. -// Escaping Rules: -// - '__' escapes to '__underscores__' -// - '.' escapes to '__dot__' -// - '-' escapes to '__dash__' -// - '/' escapes to '__slash__' -// - Identifiers that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: "true", "false", -// "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", "import", "let", loop", "package", -// "namespace", "return". -func Escape(ident string) (string, bool) { - if len(ident) == 0 || ('0' <= ident[0] && ident[0] <= '9') { - return "", false - } - if celReservedSymbols.Has(ident) { - return "__" + ident + "__", true - } - - escapeCheck := skipRegexCheck(ident) - if escapeCheck.invalidCharFound { - return "", false - } - if escapeCheck.canSkipRegex { - return ident, true - } - - ok := true - ident = expandMatcher.ReplaceAllStringFunc(ident, func(s string) string { - switch s { - case "__": - return "__underscores__" - case ".": - return "__dot__" - case "-": - return "__dash__" - case "/": - return "__slash__" - default: // matched a unsupported supported - ok = false - return "" - } - }) - if !ok { - return "", false - } - return ident, true -} - -var unexpandMatcher = regexp.MustCompile(`(_{2}[^_]+_{2})`) - -// Unescape unescapes an CEL identifier containing the escape sequences described in Escape, or return false if the -// string contains invalid escape sequences. The escaped input is expected to be a valid CEL identifier, but is -// not checked. -func Unescape(escaped string) (string, bool) { - ok := true - escaped = unexpandMatcher.ReplaceAllStringFunc(escaped, func(s string) string { - contents := s[2 : len(s)-2] - switch contents { - case "underscores": - return "__" - case "dot": - return "." - case "dash": - return "-" - case "slash": - return "/" - } - if celReservedSymbols.Has(contents) { - if len(s) != len(escaped) { - ok = false - } - return contents - } - ok = false - return "" - }) - if !ok { - return "", false - } - return escaped, true -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/cost.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/library/cost.go deleted file mode 100644 index 39098e3f60..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/cost.go +++ /dev/null @@ -1,268 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package library - -import ( - "math" - - "github.com/google/cel-go/checker" - "github.com/google/cel-go/common" - "github.com/google/cel-go/common/types" - "github.com/google/cel-go/common/types/ref" - "github.com/google/cel-go/common/types/traits" - exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" -) - -// CostEstimator implements CEL's interpretable.ActualCostEstimator and checker.CostEstimator. -type CostEstimator struct { - // SizeEstimator provides a CostEstimator.EstimateSize that this CostEstimator will delegate size estimation - // calculations to if the size is not well known (i.e. a constant). - SizeEstimator checker.CostEstimator -} - -func (l *CostEstimator) CallCost(function, overloadId string, args []ref.Val, result ref.Val) *uint64 { - switch function { - case "isSorted", "sum", "max", "min", "indexOf", "lastIndexOf": - var cost uint64 - if len(args) > 0 { - cost += traversalCost(args[0]) // these O(n) operations all cost roughly the cost of a single traversal - } - return &cost - case "url", "lowerAscii", "upperAscii", "substring", "trim": - if len(args) >= 1 { - cost := uint64(math.Ceil(float64(actualSize(args[0])) * common.StringTraversalCostFactor)) - return &cost - } - case "replace", "split": - if len(args) >= 1 { - // cost is the traversal plus the construction of the result - cost := uint64(math.Ceil(float64(actualSize(args[0])) * 2 * common.StringTraversalCostFactor)) - return &cost - } - case "join": - if len(args) >= 1 { - cost := uint64(math.Ceil(float64(actualSize(result)) * 2 * common.StringTraversalCostFactor)) - return &cost - } - case "find", "findAll": - if len(args) >= 2 { - strCost := uint64(math.Ceil((1.0 + float64(actualSize(args[0]))) * common.StringTraversalCostFactor)) - // We don't know how many expressions are in the regex, just the string length (a huge - // improvement here would be to somehow get a count the number of expressions in the regex or - // how many states are in the regex state machine and use that to measure regex cost). - // For now, we're making a guess that each expression in a regex is typically at least 4 chars - // in length. - regexCost := uint64(math.Ceil(float64(actualSize(args[1])) * common.RegexStringLengthCostFactor)) - cost := strCost * regexCost - return &cost - } - } - return nil -} - -func (l *CostEstimator) EstimateCallCost(function, overloadId string, target *checker.AstNode, args []checker.AstNode) *checker.CallEstimate { - // WARNING: Any changes to this code impact API compatibility! The estimated cost is used to determine which CEL rules may be written to a - // CRD and any change (cost increases and cost decreases) are breaking. - switch function { - case "isSorted", "sum", "max", "min", "indexOf", "lastIndexOf": - if target != nil { - // Charge 1 cost for comparing each element in the list - elCost := checker.CostEstimate{Min: 1, Max: 1} - // If the list contains strings or bytes, add the cost of traversing all the strings/bytes as a way - // of estimating the additional comparison cost. - if elNode := l.listElementNode(*target); elNode != nil { - t := elNode.Type().GetPrimitive() - if t == exprpb.Type_STRING || t == exprpb.Type_BYTES { - sz := l.sizeEstimate(elNode) - elCost = elCost.Add(sz.MultiplyByCostFactor(common.StringTraversalCostFactor)) - } - return &checker.CallEstimate{CostEstimate: l.sizeEstimate(*target).MultiplyByCost(elCost)} - } else { // the target is a string, which is supported by indexOf and lastIndexOf - return &checker.CallEstimate{CostEstimate: l.sizeEstimate(*target).MultiplyByCostFactor(common.StringTraversalCostFactor)} - } - - } - case "url": - if len(args) == 1 { - sz := l.sizeEstimate(args[0]) - return &checker.CallEstimate{CostEstimate: sz.MultiplyByCostFactor(common.StringTraversalCostFactor)} - } - case "lowerAscii", "upperAscii", "substring", "trim": - if target != nil { - sz := l.sizeEstimate(*target) - return &checker.CallEstimate{CostEstimate: sz.MultiplyByCostFactor(common.StringTraversalCostFactor), ResultSize: &sz} - } - case "replace": - if target != nil && len(args) >= 2 { - sz := l.sizeEstimate(*target) - toReplaceSz := l.sizeEstimate(args[0]) - replaceWithSz := l.sizeEstimate(args[1]) - // smallest possible result: smallest input size composed of the largest possible substrings being replaced by smallest possible replacement - minSz := uint64(math.Ceil(float64(sz.Min)/float64(toReplaceSz.Max))) * replaceWithSz.Min - // largest possible result: largest input size composed of the smallest possible substrings being replaced by largest possible replacement - maxSz := uint64(math.Ceil(float64(sz.Max)/float64(toReplaceSz.Min))) * replaceWithSz.Max - - // cost is the traversal plus the construction of the result - return &checker.CallEstimate{CostEstimate: sz.MultiplyByCostFactor(2 * common.StringTraversalCostFactor), ResultSize: &checker.SizeEstimate{Min: minSz, Max: maxSz}} - } - case "split": - if target != nil { - sz := l.sizeEstimate(*target) - - // Worst case size is where is that a separator of "" is used, and each char is returned as a list element. - max := sz.Max - if len(args) > 1 { - if c := args[1].Expr().GetConstExpr(); c != nil { - max = uint64(c.GetInt64Value()) - } - } - // Cost is the traversal plus the construction of the result. - return &checker.CallEstimate{CostEstimate: sz.MultiplyByCostFactor(2 * common.StringTraversalCostFactor), ResultSize: &checker.SizeEstimate{Min: 0, Max: max}} - } - case "join": - if target != nil { - var sz checker.SizeEstimate - listSize := l.sizeEstimate(*target) - if elNode := l.listElementNode(*target); elNode != nil { - elemSize := l.sizeEstimate(elNode) - sz = listSize.Multiply(elemSize) - } - - if len(args) > 0 { - sepSize := l.sizeEstimate(args[0]) - minSeparators := uint64(0) - maxSeparators := uint64(0) - if listSize.Min > 0 { - minSeparators = listSize.Min - 1 - } - if listSize.Max > 0 { - maxSeparators = listSize.Max - 1 - } - sz = sz.Add(sepSize.Multiply(checker.SizeEstimate{Min: minSeparators, Max: maxSeparators})) - } - - return &checker.CallEstimate{CostEstimate: sz.MultiplyByCostFactor(common.StringTraversalCostFactor), ResultSize: &sz} - } - case "find", "findAll": - if target != nil && len(args) >= 1 { - sz := l.sizeEstimate(*target) - // Add one to string length for purposes of cost calculation to prevent product of string and regex to be 0 - // in case where string is empty but regex is still expensive. - strCost := sz.Add(checker.SizeEstimate{Min: 1, Max: 1}).MultiplyByCostFactor(common.StringTraversalCostFactor) - // We don't know how many expressions are in the regex, just the string length (a huge - // improvement here would be to somehow get a count the number of expressions in the regex or - // how many states are in the regex state machine and use that to measure regex cost). - // For now, we're making a guess that each expression in a regex is typically at least 4 chars - // in length. - regexCost := l.sizeEstimate(args[0]).MultiplyByCostFactor(common.RegexStringLengthCostFactor) - // worst case size of result is that every char is returned as separate find result. - return &checker.CallEstimate{CostEstimate: strCost.Multiply(regexCost), ResultSize: &checker.SizeEstimate{Min: 0, Max: sz.Max}} - } - } - return nil -} - -func actualSize(value ref.Val) uint64 { - if sz, ok := value.(traits.Sizer); ok { - return uint64(sz.Size().(types.Int)) - } - return 1 -} - -func (l *CostEstimator) sizeEstimate(t checker.AstNode) checker.SizeEstimate { - if sz := t.ComputedSize(); sz != nil { - return *sz - } - if sz := l.EstimateSize(t); sz != nil { - return *sz - } - return checker.SizeEstimate{Min: 0, Max: math.MaxUint64} -} - -func (l *CostEstimator) listElementNode(list checker.AstNode) checker.AstNode { - if lt := list.Type().GetListType(); lt != nil { - nodePath := list.Path() - if nodePath != nil { - // Provide path if we have it so that a OpenAPIv3 maxLength validation can be looked up, if it exists - // for this node. - path := make([]string, len(nodePath)+1) - copy(path, nodePath) - path[len(nodePath)] = "@items" - return &itemsNode{path: path, t: lt.GetElemType(), expr: nil} - } else { - // Provide just the type if no path is available so that worst case size can be looked up based on type. - return &itemsNode{t: lt.GetElemType(), expr: nil} - } - } - return nil -} - -func (l *CostEstimator) EstimateSize(element checker.AstNode) *checker.SizeEstimate { - if l.SizeEstimator != nil { - return l.SizeEstimator.EstimateSize(element) - } - return nil -} - -type itemsNode struct { - path []string - t *exprpb.Type - expr *exprpb.Expr -} - -func (i *itemsNode) Path() []string { - return i.path -} - -func (i *itemsNode) Type() *exprpb.Type { - return i.t -} - -func (i *itemsNode) Expr() *exprpb.Expr { - return i.expr -} - -func (i *itemsNode) ComputedSize() *checker.SizeEstimate { - return nil -} - -// traversalCost computes the cost of traversing a ref.Val as a data tree. -func traversalCost(v ref.Val) uint64 { - // TODO: This could potentially be optimized by sampling maps and lists instead of traversing. - switch vt := v.(type) { - case types.String: - return uint64(float64(len(string(vt))) * common.StringTraversalCostFactor) - case types.Bytes: - return uint64(float64(len([]byte(vt))) * common.StringTraversalCostFactor) - case traits.Lister: - cost := uint64(0) - for it := vt.Iterator(); it.HasNext() == types.True; { - i := it.Next() - cost += traversalCost(i) - } - return cost - case traits.Mapper: // maps and objects - cost := uint64(0) - for it := vt.Iterator(); it.HasNext() == types.True; { - k := it.Next() - cost += traversalCost(k) + traversalCost(vt.Get(k)) - } - return cost - default: - return 1 - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/libraries.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/library/libraries.go deleted file mode 100644 index 18f6d7a7c2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/libraries.go +++ /dev/null @@ -1,34 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package library - -import ( - "github.com/google/cel-go/cel" - "github.com/google/cel-go/ext" - "github.com/google/cel-go/interpreter" -) - -// ExtensionLibs declares the set of CEL extension libraries available everywhere CEL is used in Kubernetes. -var ExtensionLibs = append(k8sExtensionLibs, ext.Strings()) - -var k8sExtensionLibs = []cel.EnvOption{ - URLs(), - Regex(), - Lists(), -} - -var ExtensionLibRegexOptimizations = []*interpreter.RegexOptimization{FindRegexOptimization, FindAllRegexOptimization} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/lists.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/library/lists.go deleted file mode 100644 index fe51dc87fd..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/lists.go +++ /dev/null @@ -1,312 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package library - -import ( - "fmt" - - "github.com/google/cel-go/cel" - "github.com/google/cel-go/common/types" - "github.com/google/cel-go/common/types/ref" - "github.com/google/cel-go/common/types/traits" - "github.com/google/cel-go/interpreter/functions" -) - -// Lists provides a CEL function library extension of list utility functions. -// -// isSorted -// -// Returns true if the provided list of comparable elements is sorted, else returns false. -// -// <list<T>>.isSorted() <bool>, T must be a comparable type -// -// Examples: -// -// [1, 2, 3].isSorted() // return true -// ['a', 'b', 'b', 'c'].isSorted() // return true -// [2.0, 1.0].isSorted() // return false -// [1].isSorted() // return true -// [].isSorted() // return true -// -// sum -// -// Returns the sum of the elements of the provided list. Supports CEL number (int, uint, double) and duration types. -// -// <list<T>>.sum() <T>, T must be a numeric type or a duration -// -// Examples: -// -// [1, 3].sum() // returns 4 -// [1.0, 3.0].sum() // returns 4.0 -// ['1m', '1s'].sum() // returns '1m1s' -// emptyIntList.sum() // returns 0 -// emptyDoubleList.sum() // returns 0.0 -// [].sum() // returns 0 -// -// min / max -// -// Returns the minimum/maximum valued element of the provided list. Supports all comparable types. -// If the list is empty, an error is returned. -// -// <list<T>>.min() <T>, T must be a comparable type -// <list<T>>.max() <T>, T must be a comparable type -// -// Examples: -// -// [1, 3].min() // returns 1 -// [1, 3].max() // returns 3 -// [].min() // error -// [1].min() // returns 1 -// ([0] + emptyList).min() // returns 0 -// -// indexOf / lastIndexOf -// -// Returns either the first or last positional index of the provided element in the list. -// If the element is not found, -1 is returned. Supports all equatable types. -// -// <list<T>>.indexOf(<T>) <int>, T must be an equatable type -// <list<T>>.lastIndexOf(<T>) <int>, T must be an equatable type -// -// Examples: -// -// [1, 2, 2, 3].indexOf(2) // returns 1 -// ['a', 'b', 'b', 'c'].lastIndexOf('b') // returns 2 -// [1.0].indexOf(1.1) // returns -1 -// [].indexOf('string') // returns -1 -func Lists() cel.EnvOption { - return cel.Lib(listsLib) -} - -var listsLib = &lists{} - -type lists struct{} - -var paramA = cel.TypeParamType("A") - -// CEL typeParams can be used to constraint to a specific trait (e.g. traits.ComparableType) if the 1st operand is the type to constrain. -// But the functions we need to constrain are <list<paramType>>, not just <paramType>. -// Make sure the order of overload set is deterministic -type namedCELType struct { - typeName string - celType *cel.Type -} - -var summableTypes = []namedCELType{ - {typeName: "int", celType: cel.IntType}, - {typeName: "uint", celType: cel.UintType}, - {typeName: "double", celType: cel.DoubleType}, - {typeName: "duration", celType: cel.DurationType}, -} - -var zeroValuesOfSummableTypes = map[string]ref.Val{ - "int": types.Int(0), - "uint": types.Uint(0), - "double": types.Double(0.0), - "duration": types.Duration{Duration: 0}, -} -var comparableTypes = []namedCELType{ - {typeName: "int", celType: cel.IntType}, - {typeName: "uint", celType: cel.UintType}, - {typeName: "double", celType: cel.DoubleType}, - {typeName: "bool", celType: cel.BoolType}, - {typeName: "duration", celType: cel.DurationType}, - {typeName: "timestamp", celType: cel.TimestampType}, - {typeName: "string", celType: cel.StringType}, - {typeName: "bytes", celType: cel.BytesType}, -} - -// WARNING: All library additions or modifications must follow -// https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/2876-crd-validation-expression-language#function-library-updates -var listsLibraryDecls = map[string][]cel.FunctionOpt{ - "isSorted": templatedOverloads(comparableTypes, func(name string, paramType *cel.Type) cel.FunctionOpt { - return cel.MemberOverload(fmt.Sprintf("list_%s_is_sorted_bool", name), - []*cel.Type{cel.ListType(paramType)}, cel.BoolType, cel.UnaryBinding(isSorted)) - }), - "sum": templatedOverloads(summableTypes, func(name string, paramType *cel.Type) cel.FunctionOpt { - return cel.MemberOverload(fmt.Sprintf("list_%s_sum_%s", name, name), - []*cel.Type{cel.ListType(paramType)}, paramType, cel.UnaryBinding(func(list ref.Val) ref.Val { - return sum( - func() ref.Val { - return zeroValuesOfSummableTypes[name] - })(list) - })) - }), - "max": templatedOverloads(comparableTypes, func(name string, paramType *cel.Type) cel.FunctionOpt { - return cel.MemberOverload(fmt.Sprintf("list_%s_max_%s", name, name), - []*cel.Type{cel.ListType(paramType)}, paramType, cel.UnaryBinding(max())) - }), - "min": templatedOverloads(comparableTypes, func(name string, paramType *cel.Type) cel.FunctionOpt { - return cel.MemberOverload(fmt.Sprintf("list_%s_min_%s", name, name), - []*cel.Type{cel.ListType(paramType)}, paramType, cel.UnaryBinding(min())) - }), - "indexOf": { - cel.MemberOverload("list_a_index_of_int", []*cel.Type{cel.ListType(paramA), paramA}, cel.IntType, - cel.BinaryBinding(indexOf)), - }, - "lastIndexOf": { - cel.MemberOverload("list_a_last_index_of_int", []*cel.Type{cel.ListType(paramA), paramA}, cel.IntType, - cel.BinaryBinding(lastIndexOf)), - }, -} - -func (*lists) CompileOptions() []cel.EnvOption { - options := []cel.EnvOption{} - for name, overloads := range listsLibraryDecls { - options = append(options, cel.Function(name, overloads...)) - } - return options -} - -func (*lists) ProgramOptions() []cel.ProgramOption { - return []cel.ProgramOption{} -} - -func isSorted(val ref.Val) ref.Val { - var prev traits.Comparer - iterable, ok := val.(traits.Iterable) - if !ok { - return types.MaybeNoSuchOverloadErr(val) - } - for it := iterable.Iterator(); it.HasNext() == types.True; { - next := it.Next() - nextCmp, ok := next.(traits.Comparer) - if !ok { - return types.MaybeNoSuchOverloadErr(next) - } - if prev != nil { - cmp := prev.Compare(next) - if cmp == types.IntOne { - return types.False - } - } - prev = nextCmp - } - return types.True -} - -func sum(init func() ref.Val) functions.UnaryOp { - return func(val ref.Val) ref.Val { - i := init() - acc, ok := i.(traits.Adder) - if !ok { - // Should never happen since all passed in init values are valid - return types.MaybeNoSuchOverloadErr(i) - } - iterable, ok := val.(traits.Iterable) - if !ok { - return types.MaybeNoSuchOverloadErr(val) - } - for it := iterable.Iterator(); it.HasNext() == types.True; { - next := it.Next() - nextAdder, ok := next.(traits.Adder) - if !ok { - // Should never happen for type checked CEL programs - return types.MaybeNoSuchOverloadErr(next) - } - if acc != nil { - s := acc.Add(next) - sum, ok := s.(traits.Adder) - if !ok { - // Should never happen for type checked CEL programs - return types.MaybeNoSuchOverloadErr(s) - } - acc = sum - } else { - acc = nextAdder - } - } - return acc.(ref.Val) - } -} - -func min() functions.UnaryOp { - return cmp("min", types.IntOne) -} - -func max() functions.UnaryOp { - return cmp("max", types.IntNegOne) -} - -func cmp(opName string, opPreferCmpResult ref.Val) functions.UnaryOp { - return func(val ref.Val) ref.Val { - var result traits.Comparer - iterable, ok := val.(traits.Iterable) - if !ok { - return types.MaybeNoSuchOverloadErr(val) - } - for it := iterable.Iterator(); it.HasNext() == types.True; { - next := it.Next() - nextCmp, ok := next.(traits.Comparer) - if !ok { - // Should never happen for type checked CEL programs - return types.MaybeNoSuchOverloadErr(next) - } - if result == nil { - result = nextCmp - } else { - cmp := result.Compare(next) - if cmp == opPreferCmpResult { - result = nextCmp - } - } - } - if result == nil { - return types.NewErr("%s called on empty list", opName) - } - return result.(ref.Val) - } -} - -func indexOf(list ref.Val, item ref.Val) ref.Val { - lister, ok := list.(traits.Lister) - if !ok { - return types.MaybeNoSuchOverloadErr(list) - } - sz := lister.Size().(types.Int) - for i := types.Int(0); i < sz; i++ { - if lister.Get(types.Int(i)).Equal(item) == types.True { - return types.Int(i) - } - } - return types.Int(-1) -} - -func lastIndexOf(list ref.Val, item ref.Val) ref.Val { - lister, ok := list.(traits.Lister) - if !ok { - return types.MaybeNoSuchOverloadErr(list) - } - sz := lister.Size().(types.Int) - for i := sz - 1; i >= 0; i-- { - if lister.Get(types.Int(i)).Equal(item) == types.True { - return types.Int(i) - } - } - return types.Int(-1) -} - -// templatedOverloads returns overloads for each of the provided types. The template function is called with each type -// name (map key) and type to construct the overloads. -func templatedOverloads(types []namedCELType, template func(name string, t *cel.Type) cel.FunctionOpt) []cel.FunctionOpt { - overloads := make([]cel.FunctionOpt, len(types)) - i := 0 - for _, t := range types { - overloads[i] = template(t.typeName, t.celType) - i++ - } - return overloads -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/regex.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/library/regex.go deleted file mode 100644 index 6db5ef1957..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/regex.go +++ /dev/null @@ -1,187 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package library - -import ( - "regexp" - - "github.com/google/cel-go/cel" - "github.com/google/cel-go/common/types" - "github.com/google/cel-go/common/types/ref" - "github.com/google/cel-go/interpreter" -) - -// Regex provides a CEL function library extension of regex utility functions. -// -// find / findAll -// -// Returns substrings that match the provided regular expression. find returns the first match. findAll may optionally -// be provided a limit. If the limit is set and >= 0, no more than the limit number of matches are returned. -// -// <string>.find(<string>) <string> -// <string>.findAll(<string>) <list <string>> -// <string>.findAll(<string>, <int>) <list <string>> -// -// Examples: -// -// "abc 123".find('[0-9]*') // returns '123' -// "abc 123".find('xyz') // returns '' -// "123 abc 456".findAll('[0-9]*') // returns ['123', '456'] -// "123 abc 456".findAll('[0-9]*', 1) // returns ['123'] -// "123 abc 456".findAll('xyz') // returns [] -func Regex() cel.EnvOption { - return cel.Lib(regexLib) -} - -var regexLib = &regex{} - -type regex struct{} - -var regexLibraryDecls = map[string][]cel.FunctionOpt{ - "find": { - cel.MemberOverload("string_find_string", []*cel.Type{cel.StringType, cel.StringType}, cel.StringType, - cel.BinaryBinding(find))}, - "findAll": { - cel.MemberOverload("string_find_all_string", []*cel.Type{cel.StringType, cel.StringType}, - cel.ListType(cel.StringType), - cel.BinaryBinding(func(str, regex ref.Val) ref.Val { - return findAll(str, regex, types.Int(-1)) - })), - cel.MemberOverload("string_find_all_string_int", - []*cel.Type{cel.StringType, cel.StringType, cel.IntType}, - cel.ListType(cel.StringType), - cel.FunctionBinding(findAll)), - }, -} - -func (*regex) CompileOptions() []cel.EnvOption { - options := []cel.EnvOption{} - for name, overloads := range regexLibraryDecls { - options = append(options, cel.Function(name, overloads...)) - } - return options -} - -func (*regex) ProgramOptions() []cel.ProgramOption { - return []cel.ProgramOption{} -} - -func find(strVal ref.Val, regexVal ref.Val) ref.Val { - str, ok := strVal.Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(strVal) - } - regex, ok := regexVal.Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(regexVal) - } - re, err := regexp.Compile(regex) - if err != nil { - return types.NewErr("Illegal regex: %v", err.Error()) - } - result := re.FindString(str) - return types.String(result) -} - -func findAll(args ...ref.Val) ref.Val { - argn := len(args) - if argn < 2 || argn > 3 { - return types.NoSuchOverloadErr() - } - str, ok := args[0].Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(args[0]) - } - regex, ok := args[1].Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(args[1]) - } - n := int64(-1) - if argn == 3 { - n, ok = args[2].Value().(int64) - if !ok { - return types.MaybeNoSuchOverloadErr(args[2]) - } - } - - re, err := regexp.Compile(regex) - if err != nil { - return types.NewErr("Illegal regex: %v", err.Error()) - } - - result := re.FindAllString(str, int(n)) - - return types.NewStringList(types.DefaultTypeAdapter, result) -} - -// FindRegexOptimization optimizes the 'find' function by compiling the regex pattern and -// reporting any compilation errors at program creation time, and using the compiled regex pattern for all function -// call invocations. -var FindRegexOptimization = &interpreter.RegexOptimization{ - Function: "find", - RegexIndex: 1, - Factory: func(call interpreter.InterpretableCall, regexPattern string) (interpreter.InterpretableCall, error) { - compiledRegex, err := regexp.Compile(regexPattern) - if err != nil { - return nil, err - } - return interpreter.NewCall(call.ID(), call.Function(), call.OverloadID(), call.Args(), func(args ...ref.Val) ref.Val { - if len(args) != 2 { - return types.NoSuchOverloadErr() - } - in, ok := args[0].Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(args[0]) - } - return types.String(compiledRegex.FindString(in)) - }), nil - }, -} - -// FindAllRegexOptimization optimizes the 'findAll' function by compiling the regex pattern and -// reporting any compilation errors at program creation time, and using the compiled regex pattern for all function -// call invocations. -var FindAllRegexOptimization = &interpreter.RegexOptimization{ - Function: "findAll", - RegexIndex: 1, - Factory: func(call interpreter.InterpretableCall, regexPattern string) (interpreter.InterpretableCall, error) { - compiledRegex, err := regexp.Compile(regexPattern) - if err != nil { - return nil, err - } - return interpreter.NewCall(call.ID(), call.Function(), call.OverloadID(), call.Args(), func(args ...ref.Val) ref.Val { - argn := len(args) - if argn < 2 || argn > 3 { - return types.NoSuchOverloadErr() - } - str, ok := args[0].Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(args[0]) - } - n := int64(-1) - if argn == 3 { - n, ok = args[2].Value().(int64) - if !ok { - return types.MaybeNoSuchOverloadErr(args[2]) - } - } - - result := compiledRegex.FindAllString(str, int(n)) - return types.NewStringList(types.DefaultTypeAdapter, result) - }), nil - }, -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/urls.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/library/urls.go deleted file mode 100644 index afe80f4936..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/library/urls.go +++ /dev/null @@ -1,236 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package library - -import ( - "net/url" - - "github.com/google/cel-go/cel" - "github.com/google/cel-go/common/types" - "github.com/google/cel-go/common/types/ref" - - apiservercel "k8s.io/apiserver/pkg/cel" -) - -// URLs provides a CEL function library extension of URL parsing functions. -// -// url -// -// Converts a string to a URL or results in an error if the string is not a valid URL. The URL must be an absolute URI -// or an absolute path. -// -// url(<string>) <URL> -// -// Examples: -// -// url('https://user:pass@example.com:80/path?query=val#fragment') // returns a URL -// url('/absolute-path') // returns a URL -// url('https://a:b:c/') // error -// url('../relative-path') // error -// -// isURL -// -// Returns true if a string is a valid URL. The URL must be an absolute URI or an absolute path. -// -// isURL( <string>) <bool> -// -// Examples: -// -// isURL('https://user:pass@example.com:80/path?query=val#fragment') // returns true -// isURL('/absolute-path') // returns true -// isURL('https://a:b:c/') // returns false -// isURL('../relative-path') // returns false -// -// getScheme / getHost / getHostname / getPort / getEscapedPath / getQuery -// -// Return the parsed components of a URL. -// -// - getScheme: If absent in the URL, returns an empty string. -// -// - getHostname: IPv6 addresses are returned with braces, e.g. "[::1]". If absent in the URL, returns an empty string. -// -// - getHost: IPv6 addresses are returned without braces, e.g. "::1". If absent in the URL, returns an empty string. -// -// - getEscapedPath: The string returned by getEscapedPath is URL escaped, e.g. "with space" becomes "with%20space". -// If absent in the URL, returns an empty string. -// -// - getPort: If absent in the URL, returns an empty string. -// -// - getQuery: Returns the query parameters in "matrix" form where a repeated query key is interpreted to -// mean that there are multiple values for that key. The keys and values are returned unescaped. -// If absent in the URL, returns an empty map. -// -// <URL>.getScheme() <string> -// <URL>.getHost() <string> -// <URL>.getHostname() <string> -// <URL>.getPort() <string> -// <URL>.getEscapedPath() <string> -// <URL>.getQuery() <map <string>, <list <string>> -// -// Examples: -// -// url('/path').getScheme() // returns '' -// url('https://example.com/').getScheme() // returns 'https' -// url('https://example.com:80/').getHost() // returns 'example.com:80' -// url('https://example.com/').getHost() // returns 'example.com' -// url('https://[::1]:80/').getHost() // returns '[::1]:80' -// url('https://[::1]/').getHost() // returns '[::1]' -// url('/path').getHost() // returns '' -// url('https://example.com:80/').getHostname() // returns 'example.com' -// url('https://127.0.0.1:80/').getHostname() // returns '127.0.0.1' -// url('https://[::1]:80/').getHostname() // returns '::1' -// url('/path').getHostname() // returns '' -// url('https://example.com:80/').getPort() // returns '80' -// url('https://example.com/').getPort() // returns '' -// url('/path').getPort() // returns '' -// url('https://example.com/path').getEscapedPath() // returns '/path' -// url('https://example.com/path with spaces/').getEscapedPath() // returns '/path%20with%20spaces/' -// url('https://example.com').getEscapedPath() // returns '' -// url('https://example.com/path?k1=a&k2=b&k2=c').getQuery() // returns { 'k1': ['a'], 'k2': ['b', 'c']} -// url('https://example.com/path?key with spaces=value with spaces').getQuery() // returns { 'key with spaces': ['value with spaces']} -// url('https://example.com/path?').getQuery() // returns {} -// url('https://example.com/path').getQuery() // returns {} -func URLs() cel.EnvOption { - return cel.Lib(urlsLib) -} - -var urlsLib = &urls{} - -type urls struct{} - -var urlLibraryDecls = map[string][]cel.FunctionOpt{ - "url": { - cel.Overload("string_to_url", []*cel.Type{cel.StringType}, apiservercel.URLType, - cel.UnaryBinding(stringToUrl))}, - "getScheme": { - cel.MemberOverload("url_get_scheme", []*cel.Type{apiservercel.URLType}, cel.StringType, - cel.UnaryBinding(getScheme))}, - "getHost": { - cel.MemberOverload("url_get_host", []*cel.Type{apiservercel.URLType}, cel.StringType, - cel.UnaryBinding(getHost))}, - "getHostname": { - cel.MemberOverload("url_get_hostname", []*cel.Type{apiservercel.URLType}, cel.StringType, - cel.UnaryBinding(getHostname))}, - "getPort": { - cel.MemberOverload("url_get_port", []*cel.Type{apiservercel.URLType}, cel.StringType, - cel.UnaryBinding(getPort))}, - "getEscapedPath": { - cel.MemberOverload("url_get_escaped_path", []*cel.Type{apiservercel.URLType}, cel.StringType, - cel.UnaryBinding(getEscapedPath))}, - "getQuery": { - cel.MemberOverload("url_get_query", []*cel.Type{apiservercel.URLType}, - cel.MapType(cel.StringType, cel.ListType(cel.StringType)), - cel.UnaryBinding(getQuery))}, - "isURL": { - cel.Overload("is_url_string", []*cel.Type{cel.StringType}, cel.BoolType, - cel.UnaryBinding(isURL))}, -} - -func (*urls) CompileOptions() []cel.EnvOption { - options := []cel.EnvOption{} - for name, overloads := range urlLibraryDecls { - options = append(options, cel.Function(name, overloads...)) - } - return options -} - -func (*urls) ProgramOptions() []cel.ProgramOption { - return []cel.ProgramOption{} -} - -func stringToUrl(arg ref.Val) ref.Val { - s, ok := arg.Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - // Use ParseRequestURI to check the URL before conversion. - // ParseRequestURI requires absolute URLs and is used by the OpenAPIv3 'uri' format. - _, err := url.ParseRequestURI(s) - if err != nil { - return types.NewErr("URL parse error during conversion from string: %v", err) - } - // We must parse again with Parse since ParseRequestURI incorrectly parses URLs that contain a fragment - // part and will incorrectly append the fragment to either the path or the query, depending on which it was adjacent to. - u, err := url.Parse(s) - if err != nil { - // Errors are not expected here since Parse is a more lenient parser than ParseRequestURI. - return types.NewErr("URL parse error during conversion from string: %v", err) - } - return apiservercel.URL{URL: u} -} - -func getScheme(arg ref.Val) ref.Val { - u, ok := arg.Value().(*url.URL) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - return types.String(u.Scheme) -} - -func getHost(arg ref.Val) ref.Val { - u, ok := arg.Value().(*url.URL) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - return types.String(u.Host) -} - -func getHostname(arg ref.Val) ref.Val { - u, ok := arg.Value().(*url.URL) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - return types.String(u.Hostname()) -} - -func getPort(arg ref.Val) ref.Val { - u, ok := arg.Value().(*url.URL) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - return types.String(u.Port()) -} - -func getEscapedPath(arg ref.Val) ref.Val { - u, ok := arg.Value().(*url.URL) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - return types.String(u.EscapedPath()) -} - -func getQuery(arg ref.Val) ref.Val { - u, ok := arg.Value().(*url.URL) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - - result := map[ref.Val]ref.Val{} - for k, v := range u.Query() { - result[types.String(k)] = types.NewStringList(types.DefaultTypeAdapter, v) - } - return types.NewRefValMap(types.DefaultTypeAdapter, result) -} - -func isURL(arg ref.Val) ref.Val { - s, ok := arg.Value().(string) - if !ok { - return types.MaybeNoSuchOverloadErr(arg) - } - _, err := url.ParseRequestURI(s) - return types.Bool(err == nil) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/limits.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/limits.go deleted file mode 100644 index 7bdb958d05..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/limits.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -const ( - // DefaultMaxRequestSizeBytes is the size of the largest request that will be accepted - DefaultMaxRequestSizeBytes = int64(3 * 1024 * 1024) - - // MaxDurationSizeJSON - // OpenAPI duration strings follow RFC 3339, section 5.6 - see the comment on maxDatetimeSizeJSON - MaxDurationSizeJSON = 32 - // MaxDatetimeSizeJSON - // OpenAPI datetime strings follow RFC 3339, section 5.6, and the longest possible - // such string is 9999-12-31T23:59:59.999999999Z, which has length 30 - we add 2 - // to allow for quotation marks - MaxDatetimeSizeJSON = 32 - // MinDurationSizeJSON - // Golang allows a string of 0 to be parsed as a duration, so that plus 2 to account for - // quotation marks makes 3 - MinDurationSizeJSON = 3 - // JSONDateSize is the size of a date serialized as part of a JSON object - // RFC 3339 dates require YYYY-MM-DD, and then we add 2 to allow for quotation marks - JSONDateSize = 12 - // MinDatetimeSizeJSON is the minimal length of a datetime formatted as RFC 3339 - // RFC 3339 datetimes require a full date (YYYY-MM-DD) and full time (HH:MM:SS), and we add 3 for - // quotation marks like always in addition to the capital T that separates the date and time - MinDatetimeSizeJSON = 21 - // MinStringSize is the size of literal "" - MinStringSize = 2 - // MinBoolSize is the length of literal true - MinBoolSize = 4 - // MinNumberSize is the length of literal 0 - MinNumberSize = 1 -) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/registry.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/registry.go deleted file mode 100644 index 1aee3a127d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/registry.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -import ( - "sync" - - "github.com/google/cel-go/cel" -) - -// Resolver declares methods to find policy templates and related configuration objects. -type Resolver interface { - // FindType returns a DeclType instance corresponding to the given fully-qualified name, if - // present. - FindType(name string) (*DeclType, bool) -} - -// NewRegistry create a registry for keeping track of environments and types -// from a base cel.Env expression environment. -func NewRegistry(stdExprEnv *cel.Env) *Registry { - return &Registry{ - exprEnvs: map[string]*cel.Env{"": stdExprEnv}, - types: map[string]*DeclType{ - BoolType.TypeName(): BoolType, - BytesType.TypeName(): BytesType, - DoubleType.TypeName(): DoubleType, - DurationType.TypeName(): DurationType, - IntType.TypeName(): IntType, - NullType.TypeName(): NullType, - StringType.TypeName(): StringType, - TimestampType.TypeName(): TimestampType, - UintType.TypeName(): UintType, - ListType.TypeName(): ListType, - MapType.TypeName(): MapType, - }, - } -} - -// Registry defines a repository of environment, schema, template, and type definitions. -// -// Registry instances are concurrency-safe. -type Registry struct { - rwMux sync.RWMutex - exprEnvs map[string]*cel.Env - types map[string]*DeclType -} - -// FindType implements the Resolver interface method. -func (r *Registry) FindType(name string) (*DeclType, bool) { - r.rwMux.RLock() - defer r.rwMux.RUnlock() - typ, found := r.types[name] - if found { - return typ, true - } - return typ, found -} - -// SetType registers a DeclType descriptor by its fully qualified name. -func (r *Registry) SetType(name string, declType *DeclType) error { - r.rwMux.Lock() - defer r.rwMux.Unlock() - r.types[name] = declType - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/types.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/types.go deleted file mode 100644 index 13171ad212..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/types.go +++ /dev/null @@ -1,552 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -import ( - "fmt" - "math" - "time" - - "github.com/google/cel-go/cel" - "github.com/google/cel-go/common/types" - "github.com/google/cel-go/common/types/ref" - "github.com/google/cel-go/common/types/traits" - - exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" - "google.golang.org/protobuf/proto" -) - -const ( - noMaxLength = math.MaxInt -) - -// NewListType returns a parameterized list type with a specified element type. -func NewListType(elem *DeclType, maxItems int64) *DeclType { - return &DeclType{ - name: "list", - ElemType: elem, - MaxElements: maxItems, - celType: cel.ListType(elem.CelType()), - defaultValue: NewListValue(), - // a list can always be represented as [] in JSON, so hardcode the min size - // to 2 - MinSerializedSize: 2, - } -} - -// NewMapType returns a parameterized map type with the given key and element types. -func NewMapType(key, elem *DeclType, maxProperties int64) *DeclType { - return &DeclType{ - name: "map", - KeyType: key, - ElemType: elem, - MaxElements: maxProperties, - celType: cel.MapType(key.CelType(), elem.CelType()), - defaultValue: NewMapValue(), - // a map can always be represented as {} in JSON, so hardcode the min size - // to 2 - MinSerializedSize: 2, - } -} - -// NewObjectType creates an object type with a qualified name and a set of field declarations. -func NewObjectType(name string, fields map[string]*DeclField) *DeclType { - t := &DeclType{ - name: name, - Fields: fields, - celType: cel.ObjectType(name), - traitMask: traits.FieldTesterType | traits.IndexerType, - // an object could potentially be larger than the min size we default to here ({}), - // but we rely upon the caller to change MinSerializedSize accordingly if they add - // properties to the object - MinSerializedSize: 2, - } - t.defaultValue = NewObjectValue(t) - return t -} - -func NewSimpleTypeWithMinSize(name string, celType *cel.Type, zeroVal ref.Val, minSize int64) *DeclType { - return &DeclType{ - name: name, - celType: celType, - defaultValue: zeroVal, - MinSerializedSize: minSize, - } -} - -// DeclType represents the universal type descriptor for OpenAPIv3 types. -type DeclType struct { - fmt.Stringer - - name string - // Fields contains a map of escaped CEL identifier field names to field declarations. - Fields map[string]*DeclField - KeyType *DeclType - ElemType *DeclType - TypeParam bool - Metadata map[string]string - MaxElements int64 - // MinSerializedSize represents the smallest possible size in bytes that - // the DeclType could be serialized to in JSON. - MinSerializedSize int64 - - celType *cel.Type - traitMask int - defaultValue ref.Val -} - -// MaybeAssignTypeName attempts to set the DeclType name to a fully qualified name, if the type -// is of `object` type. -// -// The DeclType must return true for `IsObject` or this assignment will error. -func (t *DeclType) MaybeAssignTypeName(name string) *DeclType { - if t.IsObject() { - objUpdated := false - if t.name != "object" { - name = t.name - } else { - objUpdated = true - } - fieldMap := make(map[string]*DeclField, len(t.Fields)) - for fieldName, field := range t.Fields { - fieldType := field.Type - fieldTypeName := fmt.Sprintf("%s.%s", name, fieldName) - updated := fieldType.MaybeAssignTypeName(fieldTypeName) - if updated == fieldType { - fieldMap[fieldName] = field - continue - } - objUpdated = true - fieldMap[fieldName] = &DeclField{ - Name: fieldName, - Type: updated, - Required: field.Required, - enumValues: field.enumValues, - defaultValue: field.defaultValue, - } - } - if !objUpdated { - return t - } - return &DeclType{ - name: name, - Fields: fieldMap, - KeyType: t.KeyType, - ElemType: t.ElemType, - TypeParam: t.TypeParam, - Metadata: t.Metadata, - celType: cel.ObjectType(name), - traitMask: t.traitMask, - defaultValue: t.defaultValue, - MinSerializedSize: t.MinSerializedSize, - } - } - if t.IsMap() { - elemTypeName := fmt.Sprintf("%s.@elem", name) - updated := t.ElemType.MaybeAssignTypeName(elemTypeName) - if updated == t.ElemType { - return t - } - return NewMapType(t.KeyType, updated, t.MaxElements) - } - if t.IsList() { - elemTypeName := fmt.Sprintf("%s.@idx", name) - updated := t.ElemType.MaybeAssignTypeName(elemTypeName) - if updated == t.ElemType { - return t - } - return NewListType(updated, t.MaxElements) - } - return t -} - -// ExprType returns the CEL expression type of this declaration. -func (t *DeclType) ExprType() (*exprpb.Type, error) { - return cel.TypeToExprType(t.celType) -} - -// CelType returns the CEL type of this declaration. -func (t *DeclType) CelType() *cel.Type { - return t.celType -} - -// FindField returns the DeclField with the given name if present. -func (t *DeclType) FindField(name string) (*DeclField, bool) { - f, found := t.Fields[name] - return f, found -} - -// HasTrait implements the CEL ref.Type interface making this type declaration suitable for use -// within the CEL evaluator. -func (t *DeclType) HasTrait(trait int) bool { - if t.traitMask&trait == trait { - return true - } - if t.defaultValue == nil { - return false - } - _, isDecl := t.defaultValue.Type().(*DeclType) - if isDecl { - return false - } - return t.defaultValue.Type().HasTrait(trait) -} - -// IsList returns whether the declaration is a `list` type which defines a parameterized element -// type, but not a parameterized key type or fields. -func (t *DeclType) IsList() bool { - return t.KeyType == nil && t.ElemType != nil && t.Fields == nil -} - -// IsMap returns whether the declaration is a 'map' type which defines parameterized key and -// element types, but not fields. -func (t *DeclType) IsMap() bool { - return t.KeyType != nil && t.ElemType != nil && t.Fields == nil -} - -// IsObject returns whether the declartion is an 'object' type which defined a set of typed fields. -func (t *DeclType) IsObject() bool { - return t.KeyType == nil && t.ElemType == nil && t.Fields != nil -} - -// String implements the fmt.Stringer interface method. -func (t *DeclType) String() string { - return t.name -} - -// TypeName returns the fully qualified type name for the DeclType. -func (t *DeclType) TypeName() string { - return t.name -} - -// DefaultValue returns the CEL ref.Val representing the default value for this object type, -// if one exists. -func (t *DeclType) DefaultValue() ref.Val { - return t.defaultValue -} - -// FieldTypeMap constructs a map of the field and object types nested within a given type. -func FieldTypeMap(path string, t *DeclType) map[string]*DeclType { - if t.IsObject() && t.TypeName() != "object" { - path = t.TypeName() - } - types := make(map[string]*DeclType) - buildDeclTypes(path, t, types) - return types -} - -func buildDeclTypes(path string, t *DeclType, types map[string]*DeclType) { - // Ensure object types are properly named according to where they appear in the schema. - if t.IsObject() { - // Hack to ensure that names are uniquely qualified and work well with the type - // resolution steps which require fully qualified type names for field resolution - // to function properly. - types[t.TypeName()] = t - for name, field := range t.Fields { - fieldPath := fmt.Sprintf("%s.%s", path, name) - buildDeclTypes(fieldPath, field.Type, types) - } - } - // Map element properties to type names if needed. - if t.IsMap() { - mapElemPath := fmt.Sprintf("%s.@elem", path) - buildDeclTypes(mapElemPath, t.ElemType, types) - types[path] = t - } - // List element properties. - if t.IsList() { - listIdxPath := fmt.Sprintf("%s.@idx", path) - buildDeclTypes(listIdxPath, t.ElemType, types) - types[path] = t - } -} - -// DeclField describes the name, ordinal, and optionality of a field declaration within a type. -type DeclField struct { - Name string - Type *DeclType - Required bool - enumValues []interface{} - defaultValue interface{} -} - -func NewDeclField(name string, declType *DeclType, required bool, enumValues []interface{}, defaultValue interface{}) *DeclField { - return &DeclField{ - Name: name, - Type: declType, - Required: required, - enumValues: enumValues, - defaultValue: defaultValue, - } -} - -// TypeName returns the string type name of the field. -func (f *DeclField) TypeName() string { - return f.Type.TypeName() -} - -// DefaultValue returns the zero value associated with the field. -func (f *DeclField) DefaultValue() ref.Val { - if f.defaultValue != nil { - return types.DefaultTypeAdapter.NativeToValue(f.defaultValue) - } - return f.Type.DefaultValue() -} - -// EnumValues returns the set of values that this field may take. -func (f *DeclField) EnumValues() []ref.Val { - if f.enumValues == nil || len(f.enumValues) == 0 { - return []ref.Val{} - } - ev := make([]ref.Val, len(f.enumValues)) - for i, e := range f.enumValues { - ev[i] = types.DefaultTypeAdapter.NativeToValue(e) - } - return ev -} - -// NewRuleTypes returns an Open API Schema-based type-system which is CEL compatible. -func NewRuleTypes(kind string, - declType *DeclType, - res Resolver) (*RuleTypes, error) { - // Note, if the schema indicates that it's actually based on another proto - // then prefer the proto definition. For expressions in the proto, a new field - // annotation will be needed to indicate the expected environment and type of - // the expression. - schemaTypes, err := newSchemaTypeProvider(kind, declType) - if err != nil { - return nil, err - } - if schemaTypes == nil { - return nil, nil - } - return &RuleTypes{ - ruleSchemaDeclTypes: schemaTypes, - resolver: res, - }, nil -} - -// RuleTypes extends the CEL ref.TypeProvider interface and provides an Open API Schema-based -// type-system. -type RuleTypes struct { - ref.TypeProvider - ruleSchemaDeclTypes *schemaTypeProvider - typeAdapter ref.TypeAdapter - resolver Resolver -} - -// EnvOptions returns a set of cel.EnvOption values which includes the declaration set -// as well as a custom ref.TypeProvider. -// -// Note, the standard declaration set includes 'rule' which is defined as the top-level rule-schema -// type if one is configured. -// -// If the RuleTypes value is nil, an empty []cel.EnvOption set is returned. -func (rt *RuleTypes) EnvOptions(tp ref.TypeProvider) ([]cel.EnvOption, error) { - if rt == nil { - return []cel.EnvOption{}, nil - } - var ta ref.TypeAdapter = types.DefaultTypeAdapter - tpa, ok := tp.(ref.TypeAdapter) - if ok { - ta = tpa - } - rtWithTypes := &RuleTypes{ - TypeProvider: tp, - typeAdapter: ta, - ruleSchemaDeclTypes: rt.ruleSchemaDeclTypes, - resolver: rt.resolver, - } - for name, declType := range rt.ruleSchemaDeclTypes.types { - tpType, found := tp.FindType(name) - expT, err := declType.ExprType() - if err != nil { - return nil, fmt.Errorf("fail to get cel type: %s", err) - } - if found && !proto.Equal(tpType, expT) { - return nil, fmt.Errorf( - "type %s definition differs between CEL environment and rule", name) - } - } - return []cel.EnvOption{ - cel.CustomTypeProvider(rtWithTypes), - cel.CustomTypeAdapter(rtWithTypes), - cel.Variable("rule", rt.ruleSchemaDeclTypes.root.CelType()), - }, nil -} - -// FindType attempts to resolve the typeName provided from the rule's rule-schema, or if not -// from the embedded ref.TypeProvider. -// -// FindType overrides the default type-finding behavior of the embedded TypeProvider. -// -// Note, when the type name is based on the Open API Schema, the name will reflect the object path -// where the type definition appears. -func (rt *RuleTypes) FindType(typeName string) (*exprpb.Type, bool) { - if rt == nil { - return nil, false - } - declType, found := rt.findDeclType(typeName) - if found { - expT, err := declType.ExprType() - if err != nil { - return expT, false - } - return expT, found - } - return rt.TypeProvider.FindType(typeName) -} - -// FindDeclType returns the CPT type description which can be mapped to a CEL type. -func (rt *RuleTypes) FindDeclType(typeName string) (*DeclType, bool) { - if rt == nil { - return nil, false - } - return rt.findDeclType(typeName) -} - -// FindFieldType returns a field type given a type name and field name, if found. -// -// Note, the type name for an Open API Schema type is likely to be its qualified object path. -// If, in the future an object instance rather than a type name were provided, the field -// resolution might more accurately reflect the expected type model. However, in this case -// concessions were made to align with the existing CEL interfaces. -func (rt *RuleTypes) FindFieldType(typeName, fieldName string) (*ref.FieldType, bool) { - st, found := rt.findDeclType(typeName) - if !found { - return rt.TypeProvider.FindFieldType(typeName, fieldName) - } - - f, found := st.Fields[fieldName] - if found { - ft := f.Type - expT, err := ft.ExprType() - if err != nil { - return nil, false - } - return &ref.FieldType{ - Type: expT, - }, true - } - // This could be a dynamic map. - if st.IsMap() { - et := st.ElemType - expT, err := et.ExprType() - if err != nil { - return nil, false - } - return &ref.FieldType{ - Type: expT, - }, true - } - return nil, false -} - -// NativeToValue is an implementation of the ref.TypeAdapater interface which supports conversion -// of rule values to CEL ref.Val instances. -func (rt *RuleTypes) NativeToValue(val interface{}) ref.Val { - return rt.typeAdapter.NativeToValue(val) -} - -// TypeNames returns the list of type names declared within the RuleTypes object. -func (rt *RuleTypes) TypeNames() []string { - typeNames := make([]string, len(rt.ruleSchemaDeclTypes.types)) - i := 0 - for name := range rt.ruleSchemaDeclTypes.types { - typeNames[i] = name - i++ - } - return typeNames -} - -func (rt *RuleTypes) findDeclType(typeName string) (*DeclType, bool) { - declType, found := rt.ruleSchemaDeclTypes.types[typeName] - if found { - return declType, true - } - declType, found = rt.resolver.FindType(typeName) - if found { - return declType, true - } - return nil, false -} - -func newSchemaTypeProvider(kind string, declType *DeclType) (*schemaTypeProvider, error) { - if declType == nil { - return nil, nil - } - root := declType.MaybeAssignTypeName(kind) - types := FieldTypeMap(kind, root) - return &schemaTypeProvider{ - root: root, - types: types, - }, nil -} - -type schemaTypeProvider struct { - root *DeclType - types map[string]*DeclType -} - -var ( - // AnyType is equivalent to the CEL 'protobuf.Any' type in that the value may have any of the - // types supported. - AnyType = NewSimpleTypeWithMinSize("any", cel.AnyType, nil, 1) - - // BoolType is equivalent to the CEL 'bool' type. - BoolType = NewSimpleTypeWithMinSize("bool", cel.BoolType, types.False, MinBoolSize) - - // BytesType is equivalent to the CEL 'bytes' type. - BytesType = NewSimpleTypeWithMinSize("bytes", cel.BytesType, types.Bytes([]byte{}), MinStringSize) - - // DoubleType is equivalent to the CEL 'double' type which is a 64-bit floating point value. - DoubleType = NewSimpleTypeWithMinSize("double", cel.DoubleType, types.Double(0), MinNumberSize) - - // DurationType is equivalent to the CEL 'duration' type. - DurationType = NewSimpleTypeWithMinSize("duration", cel.DurationType, types.Duration{Duration: time.Duration(0)}, MinDurationSizeJSON) - - // DateType is equivalent to the CEL 'date' type. - DateType = NewSimpleTypeWithMinSize("date", cel.TimestampType, types.Timestamp{Time: time.Time{}}, JSONDateSize) - - // DynType is the equivalent of the CEL 'dyn' concept which indicates that the type will be - // determined at runtime rather than compile time. - DynType = NewSimpleTypeWithMinSize("dyn", cel.DynType, nil, 1) - - // IntType is equivalent to the CEL 'int' type which is a 64-bit signed int. - IntType = NewSimpleTypeWithMinSize("int", cel.IntType, types.IntZero, MinNumberSize) - - // NullType is equivalent to the CEL 'null_type'. - NullType = NewSimpleTypeWithMinSize("null_type", cel.NullType, types.NullValue, 4) - - // StringType is equivalent to the CEL 'string' type which is expected to be a UTF-8 string. - // StringType values may either be string literals or expression strings. - StringType = NewSimpleTypeWithMinSize("string", cel.StringType, types.String(""), MinStringSize) - - // TimestampType corresponds to the well-known protobuf.Timestamp type supported within CEL. - // Note that both the OpenAPI date and date-time types map onto TimestampType, so not all types - // labeled as Timestamp will necessarily have the same MinSerializedSize. - TimestampType = NewSimpleTypeWithMinSize("timestamp", cel.TimestampType, types.Timestamp{Time: time.Time{}}, JSONDateSize) - - // UintType is equivalent to the CEL 'uint' type. - UintType = NewSimpleTypeWithMinSize("uint", cel.UintType, types.Uint(0), 1) - - // ListType is equivalent to the CEL 'list' type. - ListType = NewListType(AnyType, noMaxLength) - - // MapType is equivalent to the CEL 'map' type. - MapType = NewMapType(AnyType, AnyType, noMaxLength) -) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/url.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/url.go deleted file mode 100644 index 6800205c9a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/url.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -import ( - "fmt" - "net/url" - "reflect" - - "github.com/google/cel-go/cel" - "github.com/google/cel-go/checker/decls" - "github.com/google/cel-go/common/types" - "github.com/google/cel-go/common/types/ref" -) - -// URL provides a CEL representation of a URL. -type URL struct { - *url.URL -} - -var ( - URLObject = decls.NewObjectType("kubernetes.URL") - typeValue = types.NewTypeValue("kubernetes.URL") - URLType = cel.ObjectType("kubernetes.URL") -) - -// ConvertToNative implements ref.Val.ConvertToNative. -func (d URL) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { - if reflect.TypeOf(d.URL).AssignableTo(typeDesc) { - return d.URL, nil - } - if reflect.TypeOf("").AssignableTo(typeDesc) { - return d.URL.String(), nil - } - return nil, fmt.Errorf("type conversion error from 'URL' to '%v'", typeDesc) -} - -// ConvertToType implements ref.Val.ConvertToType. -func (d URL) ConvertToType(typeVal ref.Type) ref.Val { - switch typeVal { - case typeValue: - return d - case types.TypeType: - return typeValue - } - return types.NewErr("type conversion error from '%s' to '%s'", typeValue, typeVal) -} - -// Equal implements ref.Val.Equal. -func (d URL) Equal(other ref.Val) ref.Val { - otherDur, ok := other.(URL) - if !ok { - return types.MaybeNoSuchOverloadErr(other) - } - return types.Bool(d.URL.String() == otherDur.URL.String()) -} - -// Type implements ref.Val.Type. -func (d URL) Type() ref.Type { - return typeValue -} - -// Value implements ref.Val.Value. -func (d URL) Value() interface{} { - return d.URL -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/cel/value.go b/etcd/vendor/k8s.io/apiserver/pkg/cel/value.go deleted file mode 100644 index 01c7f20acc..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/cel/value.go +++ /dev/null @@ -1,769 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cel - -import ( - "fmt" - "reflect" - "sync" - "time" - - "github.com/google/cel-go/common/types" - "github.com/google/cel-go/common/types/ref" - "github.com/google/cel-go/common/types/traits" -) - -// EncodeStyle is a hint for string encoding of parsed values. -type EncodeStyle int - -const ( - // BlockValueStyle is the default string encoding which preserves whitespace and newlines. - BlockValueStyle EncodeStyle = iota - - // FlowValueStyle indicates that the string is an inline representation of complex types. - FlowValueStyle - - // FoldedValueStyle is a multiline string with whitespace and newlines trimmed to a single - // a whitespace. Repeated newlines are replaced with a single newline rather than a single - // whitespace. - FoldedValueStyle - - // LiteralStyle is a multiline string that preserves newlines, but trims all other whitespace - // to a single character. - LiteralStyle -) - -// NewEmptyDynValue returns the zero-valued DynValue. -func NewEmptyDynValue() *DynValue { - // note: 0 is not a valid parse node identifier. - dv, _ := NewDynValue(0, nil) - return dv -} - -// NewDynValue returns a DynValue that corresponds to a parse node id and value. -func NewDynValue(id int64, val interface{}) (*DynValue, error) { - dv := &DynValue{ID: id} - err := dv.SetValue(val) - return dv, err -} - -// DynValue is a dynamically typed value used to describe unstructured content. -// Whether the value has the desired type is determined by where it is used within the Instance or -// Template, and whether there are schemas which might enforce a more rigid type definition. -type DynValue struct { - ID int64 - EncodeStyle EncodeStyle - value interface{} - exprValue ref.Val - declType *DeclType -} - -// DeclType returns the policy model type of the dyn value. -func (dv *DynValue) DeclType() *DeclType { - return dv.declType -} - -// ConvertToNative is an implementation of the CEL ref.Val method used to adapt between CEL types -// and Go-native types. -// -// The default behavior of this method is to first convert to a CEL type which has a well-defined -// set of conversion behaviors and proxy to the CEL ConvertToNative method for the type. -func (dv *DynValue) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { - ev := dv.ExprValue() - if types.IsError(ev) { - return nil, ev.(*types.Err) - } - return ev.ConvertToNative(typeDesc) -} - -// Equal returns whether the dyn value is equal to a given CEL value. -func (dv *DynValue) Equal(other ref.Val) ref.Val { - dvType := dv.Type() - otherType := other.Type() - // Preserve CEL's homogeneous equality constraint. - if dvType.TypeName() != otherType.TypeName() { - return types.MaybeNoSuchOverloadErr(other) - } - switch v := dv.value.(type) { - case ref.Val: - return v.Equal(other) - case PlainTextValue: - return celBool(string(v) == other.Value().(string)) - case *MultilineStringValue: - return celBool(v.Value == other.Value().(string)) - case time.Duration: - otherDuration := other.Value().(time.Duration) - return celBool(v == otherDuration) - case time.Time: - otherTimestamp := other.Value().(time.Time) - return celBool(v.Equal(otherTimestamp)) - default: - return celBool(reflect.DeepEqual(v, other.Value())) - } -} - -// ExprValue converts the DynValue into a CEL value. -func (dv *DynValue) ExprValue() ref.Val { - return dv.exprValue -} - -// Value returns the underlying value held by this reference. -func (dv *DynValue) Value() interface{} { - return dv.value -} - -// SetValue updates the underlying value held by this reference. -func (dv *DynValue) SetValue(value interface{}) error { - dv.value = value - var err error - dv.exprValue, dv.declType, err = exprValue(value) - return err -} - -// Type returns the CEL type for the given value. -func (dv *DynValue) Type() ref.Type { - return dv.ExprValue().Type() -} - -func exprValue(value interface{}) (ref.Val, *DeclType, error) { - switch v := value.(type) { - case bool: - return types.Bool(v), BoolType, nil - case []byte: - return types.Bytes(v), BytesType, nil - case float64: - return types.Double(v), DoubleType, nil - case int64: - return types.Int(v), IntType, nil - case string: - return types.String(v), StringType, nil - case uint64: - return types.Uint(v), UintType, nil - case time.Duration: - return types.Duration{Duration: v}, DurationType, nil - case time.Time: - return types.Timestamp{Time: v}, TimestampType, nil - case types.Null: - return v, NullType, nil - case *ListValue: - return v, ListType, nil - case *MapValue: - return v, MapType, nil - case *ObjectValue: - return v, v.objectType, nil - default: - return nil, unknownType, fmt.Errorf("unsupported type: (%T)%v", v, v) - } -} - -// PlainTextValue is a text string literal which must not be treated as an expression. -type PlainTextValue string - -// MultilineStringValue is a multiline string value which has been parsed in a way which omits -// whitespace as well as a raw form which preserves whitespace. -type MultilineStringValue struct { - Value string - Raw string -} - -func newStructValue() *structValue { - return &structValue{ - Fields: []*Field{}, - fieldMap: map[string]*Field{}, - } -} - -type structValue struct { - Fields []*Field - fieldMap map[string]*Field -} - -// AddField appends a MapField to the MapValue and indexes the field by name. -func (sv *structValue) AddField(field *Field) { - sv.Fields = append(sv.Fields, field) - sv.fieldMap[field.Name] = field -} - -// ConvertToNative converts the MapValue type to a native go types. -func (sv *structValue) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { - if typeDesc.Kind() != reflect.Map && - typeDesc.Kind() != reflect.Struct && - typeDesc.Kind() != reflect.Pointer && - typeDesc.Kind() != reflect.Interface { - return nil, fmt.Errorf("type conversion error from object to '%v'", typeDesc) - } - - // Unwrap pointers, but track their use. - isPtr := false - if typeDesc.Kind() == reflect.Pointer { - tk := typeDesc - typeDesc = typeDesc.Elem() - if typeDesc.Kind() == reflect.Pointer { - return nil, fmt.Errorf("unsupported type conversion to '%v'", tk) - } - isPtr = true - } - - if typeDesc.Kind() == reflect.Map { - keyType := typeDesc.Key() - if keyType.Kind() != reflect.String && keyType.Kind() != reflect.Interface { - return nil, fmt.Errorf("object fields cannot be converted to type '%v'", keyType) - } - elemType := typeDesc.Elem() - sz := len(sv.fieldMap) - ntvMap := reflect.MakeMapWithSize(typeDesc, sz) - for name, val := range sv.fieldMap { - refVal, err := val.Ref.ConvertToNative(elemType) - if err != nil { - return nil, err - } - ntvMap.SetMapIndex(reflect.ValueOf(name), reflect.ValueOf(refVal)) - } - return ntvMap.Interface(), nil - } - - if typeDesc.Kind() == reflect.Struct { - ntvObjPtr := reflect.New(typeDesc) - ntvObj := ntvObjPtr.Elem() - for name, val := range sv.fieldMap { - f := ntvObj.FieldByName(name) - if !f.IsValid() { - return nil, fmt.Errorf("type conversion error, no such field %s in type %v", - name, typeDesc) - } - fv, err := val.Ref.ConvertToNative(f.Type()) - if err != nil { - return nil, err - } - f.Set(reflect.ValueOf(fv)) - } - if isPtr { - return ntvObjPtr.Interface(), nil - } - return ntvObj.Interface(), nil - } - return nil, fmt.Errorf("type conversion error from object to '%v'", typeDesc) -} - -// GetField returns a MapField by name if one exists. -func (sv *structValue) GetField(name string) (*Field, bool) { - field, found := sv.fieldMap[name] - return field, found -} - -// IsSet returns whether the given field, which is defined, has also been set. -func (sv *structValue) IsSet(key ref.Val) ref.Val { - k, ok := key.(types.String) - if !ok { - return types.MaybeNoSuchOverloadErr(key) - } - name := string(k) - _, found := sv.fieldMap[name] - return celBool(found) -} - -// NewObjectValue creates a struct value with a schema type and returns the empty ObjectValue. -func NewObjectValue(sType *DeclType) *ObjectValue { - return &ObjectValue{ - structValue: newStructValue(), - objectType: sType, - } -} - -// ObjectValue is a struct with a custom schema type which indicates the fields and types -// associated with the structure. -type ObjectValue struct { - *structValue - objectType *DeclType -} - -// ConvertToType is an implementation of the CEL ref.Val interface method. -func (o *ObjectValue) ConvertToType(t ref.Type) ref.Val { - if t == types.TypeType { - return types.NewObjectTypeValue(o.objectType.TypeName()) - } - if t.TypeName() == o.objectType.TypeName() { - return o - } - return types.NewErr("type conversion error from '%s' to '%s'", o.Type(), t) -} - -// Equal returns true if the two object types are equal and their field values are equal. -func (o *ObjectValue) Equal(other ref.Val) ref.Val { - // Preserve CEL's homogeneous equality semantics. - if o.objectType.TypeName() != other.Type().TypeName() { - return types.MaybeNoSuchOverloadErr(other) - } - o2 := other.(traits.Indexer) - for name := range o.objectType.Fields { - k := types.String(name) - v := o.Get(k) - ov := o2.Get(k) - vEq := v.Equal(ov) - if vEq != types.True { - return vEq - } - } - return types.True -} - -// Get returns the value of the specified field. -// -// If the field is set, its value is returned. If the field is not set, the default value for the -// field is returned thus allowing for safe-traversal and preserving proto-like field traversal -// semantics for Open API Schema backed types. -func (o *ObjectValue) Get(name ref.Val) ref.Val { - n, ok := name.(types.String) - if !ok { - return types.MaybeNoSuchOverloadErr(n) - } - nameStr := string(n) - field, found := o.fieldMap[nameStr] - if found { - return field.Ref.ExprValue() - } - fieldDef, found := o.objectType.Fields[nameStr] - if !found { - return types.NewErr("no such field: %s", nameStr) - } - defValue := fieldDef.DefaultValue() - if defValue != nil { - return defValue - } - return types.NewErr("no default for type: %s", fieldDef.TypeName()) -} - -// Type returns the CEL type value of the object. -func (o *ObjectValue) Type() ref.Type { - return o.objectType -} - -// Value returns the Go-native representation of the object. -func (o *ObjectValue) Value() interface{} { - return o -} - -// NewMapValue returns an empty MapValue. -func NewMapValue() *MapValue { - return &MapValue{ - structValue: newStructValue(), - } -} - -// MapValue declares an object with a set of named fields whose values are dynamically typed. -type MapValue struct { - *structValue -} - -// ConvertToObject produces an ObjectValue from the MapValue with the associated schema type. -// -// The conversion is shallow and the memory shared between the Object and Map as all references -// to the map are expected to be replaced with the Object reference. -func (m *MapValue) ConvertToObject(declType *DeclType) *ObjectValue { - return &ObjectValue{ - structValue: m.structValue, - objectType: declType, - } -} - -// Contains returns whether the given key is contained in the MapValue. -func (m *MapValue) Contains(key ref.Val) ref.Val { - v, found := m.Find(key) - if v != nil && types.IsUnknownOrError(v) { - return v - } - return celBool(found) -} - -// ConvertToType converts the MapValue to another CEL type, if possible. -func (m *MapValue) ConvertToType(t ref.Type) ref.Val { - switch t { - case types.MapType: - return m - case types.TypeType: - return types.MapType - } - return types.NewErr("type conversion error from '%s' to '%s'", m.Type(), t) -} - -// Equal returns true if the maps are of the same size, have the same keys, and the key-values -// from each map are equal. -func (m *MapValue) Equal(other ref.Val) ref.Val { - oMap, isMap := other.(traits.Mapper) - if !isMap { - return types.MaybeNoSuchOverloadErr(other) - } - if m.Size() != oMap.Size() { - return types.False - } - for name, field := range m.fieldMap { - k := types.String(name) - ov, found := oMap.Find(k) - if !found { - return types.False - } - v := field.Ref.ExprValue() - vEq := v.Equal(ov) - if vEq != types.True { - return vEq - } - } - return types.True -} - -// Find returns the value for the key in the map, if found. -func (m *MapValue) Find(name ref.Val) (ref.Val, bool) { - // Currently only maps with string keys are supported as this is best aligned with JSON, - // and also much simpler to support. - n, ok := name.(types.String) - if !ok { - return types.MaybeNoSuchOverloadErr(n), true - } - nameStr := string(n) - field, found := m.fieldMap[nameStr] - if found { - return field.Ref.ExprValue(), true - } - return nil, false -} - -// Get returns the value for the key in the map, or error if not found. -func (m *MapValue) Get(key ref.Val) ref.Val { - v, found := m.Find(key) - if found { - return v - } - return types.ValOrErr(key, "no such key: %v", key) -} - -// Iterator produces a traits.Iterator which walks over the map keys. -// -// The Iterator is frequently used within comprehensions. -func (m *MapValue) Iterator() traits.Iterator { - keys := make([]ref.Val, len(m.fieldMap)) - i := 0 - for k := range m.fieldMap { - keys[i] = types.String(k) - i++ - } - return &baseMapIterator{ - baseVal: &baseVal{}, - keys: keys, - } -} - -// Size returns the number of keys in the map. -func (m *MapValue) Size() ref.Val { - return types.Int(len(m.Fields)) -} - -// Type returns the CEL ref.Type for the map. -func (m *MapValue) Type() ref.Type { - return types.MapType -} - -// Value returns the Go-native representation of the MapValue. -func (m *MapValue) Value() interface{} { - return m -} - -type baseMapIterator struct { - *baseVal - keys []ref.Val - idx int -} - -// HasNext implements the traits.Iterator interface method. -func (it *baseMapIterator) HasNext() ref.Val { - if it.idx < len(it.keys) { - return types.True - } - return types.False -} - -// Next implements the traits.Iterator interface method. -func (it *baseMapIterator) Next() ref.Val { - key := it.keys[it.idx] - it.idx++ - return key -} - -// Type implements the CEL ref.Val interface metohd. -func (it *baseMapIterator) Type() ref.Type { - return types.IteratorType -} - -// NewField returns a MapField instance with an empty DynValue that refers to the -// specified parse node id and field name. -func NewField(id int64, name string) *Field { - return &Field{ - ID: id, - Name: name, - Ref: NewEmptyDynValue(), - } -} - -// Field specifies a field name and a reference to a dynamic value. -type Field struct { - ID int64 - Name string - Ref *DynValue -} - -// NewListValue returns an empty ListValue instance. -func NewListValue() *ListValue { - return &ListValue{ - Entries: []*DynValue{}, - } -} - -// ListValue contains a list of dynamically typed entries. -type ListValue struct { - Entries []*DynValue - initValueSet sync.Once - valueSet map[ref.Val]struct{} -} - -// Add concatenates two lists together to produce a new CEL list value. -func (lv *ListValue) Add(other ref.Val) ref.Val { - oArr, isArr := other.(traits.Lister) - if !isArr { - return types.MaybeNoSuchOverloadErr(other) - } - szRight := len(lv.Entries) - szLeft := int(oArr.Size().(types.Int)) - sz := szRight + szLeft - combo := make([]ref.Val, sz) - for i := 0; i < szRight; i++ { - combo[i] = lv.Entries[i].ExprValue() - } - for i := 0; i < szLeft; i++ { - combo[i+szRight] = oArr.Get(types.Int(i)) - } - return types.DefaultTypeAdapter.NativeToValue(combo) -} - -// Append adds another entry into the ListValue. -func (lv *ListValue) Append(entry *DynValue) { - lv.Entries = append(lv.Entries, entry) - // The append resets all previously built indices. - lv.initValueSet = sync.Once{} -} - -// Contains returns whether the input `val` is equal to an element in the list. -// -// If any pair-wise comparison between the input value and the list element is an error, the -// operation will return an error. -func (lv *ListValue) Contains(val ref.Val) ref.Val { - if types.IsUnknownOrError(val) { - return val - } - lv.initValueSet.Do(lv.finalizeValueSet) - if lv.valueSet != nil { - _, found := lv.valueSet[val] - if found { - return types.True - } - // Instead of returning false, ensure that CEL's heterogeneous equality constraint - // is satisfied by allowing pair-wise equality behavior to determine the outcome. - } - var err ref.Val - sz := len(lv.Entries) - for i := 0; i < sz; i++ { - elem := lv.Entries[i] - cmp := elem.Equal(val) - b, ok := cmp.(types.Bool) - if !ok && err == nil { - err = types.MaybeNoSuchOverloadErr(cmp) - } - if b == types.True { - return types.True - } - } - if err != nil { - return err - } - return types.False -} - -// ConvertToNative is an implementation of the CEL ref.Val method used to adapt between CEL types -// and Go-native array-like types. -func (lv *ListValue) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { - // Non-list conversion. - if typeDesc.Kind() != reflect.Slice && - typeDesc.Kind() != reflect.Array && - typeDesc.Kind() != reflect.Interface { - return nil, fmt.Errorf("type conversion error from list to '%v'", typeDesc) - } - - // If the list is already assignable to the desired type return it. - if reflect.TypeOf(lv).AssignableTo(typeDesc) { - return lv, nil - } - - // List conversion. - otherElem := typeDesc.Elem() - - // Allow the element ConvertToNative() function to determine whether conversion is possible. - sz := len(lv.Entries) - nativeList := reflect.MakeSlice(typeDesc, int(sz), int(sz)) - for i := 0; i < sz; i++ { - elem := lv.Entries[i] - nativeElemVal, err := elem.ConvertToNative(otherElem) - if err != nil { - return nil, err - } - nativeList.Index(int(i)).Set(reflect.ValueOf(nativeElemVal)) - } - return nativeList.Interface(), nil -} - -// ConvertToType converts the ListValue to another CEL type. -func (lv *ListValue) ConvertToType(t ref.Type) ref.Val { - switch t { - case types.ListType: - return lv - case types.TypeType: - return types.ListType - } - return types.NewErr("type conversion error from '%s' to '%s'", ListType, t) -} - -// Equal returns true if two lists are of the same size, and the values at each index are also -// equal. -func (lv *ListValue) Equal(other ref.Val) ref.Val { - oArr, isArr := other.(traits.Lister) - if !isArr { - return types.MaybeNoSuchOverloadErr(other) - } - sz := types.Int(len(lv.Entries)) - if sz != oArr.Size() { - return types.False - } - for i := types.Int(0); i < sz; i++ { - cmp := lv.Get(i).Equal(oArr.Get(i)) - if cmp != types.True { - return cmp - } - } - return types.True -} - -// Get returns the value at the given index. -// -// If the index is negative or greater than the size of the list, an error is returned. -func (lv *ListValue) Get(idx ref.Val) ref.Val { - iv, isInt := idx.(types.Int) - if !isInt { - return types.ValOrErr(idx, "unsupported index: %v", idx) - } - i := int(iv) - if i < 0 || i >= len(lv.Entries) { - return types.NewErr("index out of bounds: %v", idx) - } - return lv.Entries[i].ExprValue() -} - -// Iterator produces a traits.Iterator suitable for use in CEL comprehension macros. -func (lv *ListValue) Iterator() traits.Iterator { - return &baseListIterator{ - getter: lv.Get, - sz: len(lv.Entries), - } -} - -// Size returns the number of elements in the list. -func (lv *ListValue) Size() ref.Val { - return types.Int(len(lv.Entries)) -} - -// Type returns the CEL ref.Type for the list. -func (lv *ListValue) Type() ref.Type { - return types.ListType -} - -// Value returns the Go-native value. -func (lv *ListValue) Value() interface{} { - return lv -} - -// finalizeValueSet inspects the ListValue entries in order to make internal optimizations once all list -// entries are known. -func (lv *ListValue) finalizeValueSet() { - valueSet := make(map[ref.Val]struct{}) - for _, e := range lv.Entries { - switch e.value.(type) { - case bool, float64, int64, string, uint64, types.Null, PlainTextValue: - valueSet[e.ExprValue()] = struct{}{} - default: - lv.valueSet = nil - return - } - } - lv.valueSet = valueSet -} - -type baseVal struct{} - -func (*baseVal) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { - return nil, fmt.Errorf("unsupported native conversion to: %v", typeDesc) -} - -func (*baseVal) ConvertToType(t ref.Type) ref.Val { - return types.NewErr("unsupported type conversion to: %v", t) -} - -func (*baseVal) Equal(other ref.Val) ref.Val { - return types.NewErr("unsupported equality test between instances") -} - -func (v *baseVal) Value() interface{} { - return nil -} - -type baseListIterator struct { - *baseVal - getter func(idx ref.Val) ref.Val - sz int - idx int -} - -func (it *baseListIterator) HasNext() ref.Val { - if it.idx < it.sz { - return types.True - } - return types.False -} - -func (it *baseListIterator) Next() ref.Val { - v := it.getter(types.Int(it.idx)) - it.idx++ - return v -} - -func (it *baseListIterator) Type() ref.Type { - return types.IteratorType -} - -func celBool(pred bool) ref.Val { - if pred { - return types.True - } - return types.False -} - -var unknownType = &DeclType{name: "unknown", MinSerializedSize: 1} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/deprecation/deprecation.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/deprecation/deprecation.go deleted file mode 100644 index 7f8986faea..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/deprecation/deprecation.go +++ /dev/null @@ -1,134 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package deprecation - -import ( - "fmt" - "regexp" - "strconv" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/version" -) - -type apiLifecycleDeprecated interface { - APILifecycleDeprecated() (major, minor int) -} - -type apiLifecycleRemoved interface { - APILifecycleRemoved() (major, minor int) -} - -type apiLifecycleReplacement interface { - APILifecycleReplacement() schema.GroupVersionKind -} - -// extract all digits at the beginning of the string -var leadingDigits = regexp.MustCompile(`^(\d+)`) - -// MajorMinor parses a numeric major/minor version from the provided version info. -// The minor version drops all characters after the first non-digit character: -// -// version.Info{Major:"1", Minor:"2+"} -> 1,2 -// version.Info{Major:"1", Minor:"2.3-build4"} -> 1,2 -func MajorMinor(v version.Info) (int, int, error) { - major, err := strconv.Atoi(v.Major) - if err != nil { - return 0, 0, err - } - minor, err := strconv.Atoi(leadingDigits.FindString(v.Minor)) - if err != nil { - return 0, 0, err - } - return major, minor, nil -} - -// IsDeprecated returns true if obj implements APILifecycleDeprecated() and returns -// a major/minor version that is non-zero and is <= the specified current major/minor version. -func IsDeprecated(obj runtime.Object, currentMajor, currentMinor int) bool { - deprecated, isDeprecated := obj.(apiLifecycleDeprecated) - if !isDeprecated { - return false - } - - deprecatedMajor, deprecatedMinor := deprecated.APILifecycleDeprecated() - // no deprecation version expressed - if deprecatedMajor == 0 && deprecatedMinor == 0 { - return false - } - // no current version info available - if currentMajor == 0 && currentMinor == 0 { - return true - } - // compare deprecation version to current version - if deprecatedMajor > currentMajor { - return false - } - if deprecatedMajor == currentMajor && deprecatedMinor > currentMinor { - return false - } - return true -} - -// RemovedRelease returns the major/minor version in which the given object is unavailable (in the form "<major>.<minor>") -// if the object implements APILifecycleRemoved() to indicate a non-zero removal version, and returns an empty string otherwise. -func RemovedRelease(obj runtime.Object) string { - if removed, hasRemovalInfo := obj.(apiLifecycleRemoved); hasRemovalInfo { - removedMajor, removedMinor := removed.APILifecycleRemoved() - if removedMajor != 0 || removedMinor != 0 { - return fmt.Sprintf("%d.%d", removedMajor, removedMinor) - } - } - return "" -} - -// WarningMessage returns a human-readable deprecation warning if the object implements APILifecycleDeprecated() -// to indicate a non-zero deprecated major/minor version and has a populated GetObjectKind().GroupVersionKind(). -func WarningMessage(obj runtime.Object) string { - deprecated, isDeprecated := obj.(apiLifecycleDeprecated) - if !isDeprecated { - return "" - } - - deprecatedMajor, deprecatedMinor := deprecated.APILifecycleDeprecated() - if deprecatedMajor == 0 && deprecatedMinor == 0 { - return "" - } - - gvk := obj.GetObjectKind().GroupVersionKind() - if gvk.Empty() { - return "" - } - deprecationWarning := fmt.Sprintf("%s %s is deprecated in v%d.%d+", gvk.GroupVersion().String(), gvk.Kind, deprecatedMajor, deprecatedMinor) - - if removed, hasRemovalInfo := obj.(apiLifecycleRemoved); hasRemovalInfo { - removedMajor, removedMinor := removed.APILifecycleRemoved() - if removedMajor != 0 || removedMinor != 0 { - deprecationWarning = deprecationWarning + fmt.Sprintf(", unavailable in v%d.%d+", removedMajor, removedMinor) - } - } - - if replaced, hasReplacement := obj.(apiLifecycleReplacement); hasReplacement { - replacement := replaced.APILifecycleReplacement() - if !replacement.Empty() { - deprecationWarning = deprecationWarning + fmt.Sprintf("; use %s %s", replacement.GroupVersion().String(), replacement.Kind) - } - } - - return deprecationWarning -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/addresses.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/addresses.go deleted file mode 100644 index d175d15fe0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/addresses.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "net" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -type Addresses interface { - ServerAddressByClientCIDRs(net.IP) []metav1.ServerAddressByClientCIDR -} - -// DefaultAddresses is a default implementation of Addresses that will work in most cases -type DefaultAddresses struct { - // CIDRRules is a list of CIDRs and Addresses to use if a client is in the range - CIDRRules []CIDRRule - - // DefaultAddress is the address (hostname or IP and port) that should be used in - // if no CIDR matches more specifically. - DefaultAddress string -} - -// CIDRRule is a rule for adding an alternate path to the master based on matching CIDR -type CIDRRule struct { - IPRange net.IPNet - - // Address is the address (hostname or IP and port) that should be used in - // if this CIDR matches - Address string -} - -func (d DefaultAddresses) ServerAddressByClientCIDRs(clientIP net.IP) []metav1.ServerAddressByClientCIDR { - addressCIDRMap := []metav1.ServerAddressByClientCIDR{ - { - ClientCIDR: "0.0.0.0/0", - ServerAddress: d.DefaultAddress, - }, - } - - for _, rule := range d.CIDRRules { - addressCIDRMap = append(addressCIDRMap, rule.ServerAddressByClientCIDRs(clientIP)...) - } - return addressCIDRMap -} - -func (d CIDRRule) ServerAddressByClientCIDRs(clientIP net.IP) []metav1.ServerAddressByClientCIDR { - addressCIDRMap := []metav1.ServerAddressByClientCIDR{} - - if d.IPRange.Contains(clientIP) { - addressCIDRMap = append(addressCIDRMap, metav1.ServerAddressByClientCIDR{ - ClientCIDR: d.IPRange.String(), - ServerAddress: d.Address, - }) - } - return addressCIDRMap -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/etag.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/etag.go deleted file mode 100644 index d74e376c7d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/etag.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package aggregated - -import ( - "crypto/sha512" - "encoding/json" - "fmt" - "net/http" - "strconv" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" -) - -// This file exposes helper functions used for calculating the E-Tag header -// used in discovery endpoint responses - -// Attaches Cache-Busting functionality to an endpoint -// - Sets ETag header to provided hash -// - Replies with 304 Not Modified, if If-None-Match header matches hash -// -// hash should be the value of calculateETag on object. If hash is empty, then -// -// the object is simply serialized without E-Tag functionality -func ServeHTTPWithETag( - object runtime.Object, - hash string, - serializer runtime.NegotiatedSerializer, - w http.ResponseWriter, - req *http.Request, -) { - // ETag must be enclosed in double quotes: - // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag - quotedHash := strconv.Quote(hash) - w.Header().Set("ETag", quotedHash) - w.Header().Set("Vary", "Accept") - w.Header().Set("Cache-Control", "public") - - // If Request includes If-None-Match and matches hash, reply with 304 - // Otherwise, we delegate to the handler for actual content - // - // According to documentation, An Etag within an If-None-Match - // header will be enclosed within doule quotes: - // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match#directives - if clientCachedHash := req.Header.Get("If-None-Match"); quotedHash == clientCachedHash { - w.WriteHeader(http.StatusNotModified) - return - } - - responsewriters.WriteObjectNegotiated( - serializer, - DiscoveryEndpointRestrictions, - AggregatedDiscoveryGV, - w, - req, - http.StatusOK, - object, - true, - ) -} - -func calculateETag(resources interface{}) (string, error) { - serialized, err := json.Marshal(resources) - if err != nil { - return "", err - } - - return fmt.Sprintf("%X", sha512.Sum512(serialized)), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/fake.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/fake.go deleted file mode 100644 index ea5039c7c3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/fake.go +++ /dev/null @@ -1,171 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package aggregated - -import ( - "context" - "errors" - "net/http" - "reflect" - "sync" - "time" - - "github.com/emicklei/go-restful/v3" - "github.com/google/go-cmp/cmp" - apidiscoveryv2beta1 "k8s.io/api/apidiscovery/v2beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" -) - -type FakeResourceManager interface { - ResourceManager - Expect() ResourceManager - - HasExpectedNumberActions() bool - Validate() error - WaitForActions(ctx context.Context, timeout time.Duration) error -} - -func NewFakeResourceManager() FakeResourceManager { - return &fakeResourceManager{} -} - -// a resource manager with helper functions for checking the actions -// match expected. For Use in tests -type fakeResourceManager struct { - recorderResourceManager - expect recorderResourceManager -} - -// a resource manager which instead of managing a discovery document, -// simply records the calls to its interface functoins for testing -type recorderResourceManager struct { - lock sync.RWMutex - Actions []recorderResourceManagerAction -} - -var _ ResourceManager = &fakeResourceManager{} -var _ ResourceManager = &recorderResourceManager{} - -// Storage type for a call to the resource manager -type recorderResourceManagerAction struct { - Type string - Group string - Version string - Value interface{} -} - -func (f *fakeResourceManager) Expect() ResourceManager { - return &f.expect -} - -func (f *fakeResourceManager) HasExpectedNumberActions() bool { - f.lock.RLock() - defer f.lock.RUnlock() - - f.expect.lock.RLock() - defer f.expect.lock.RUnlock() - - return len(f.Actions) >= len(f.expect.Actions) -} - -func (f *fakeResourceManager) Validate() error { - f.lock.RLock() - defer f.lock.RUnlock() - - f.expect.lock.RLock() - defer f.expect.lock.RUnlock() - - if !reflect.DeepEqual(f.expect.Actions, f.Actions) { - return errors.New(cmp.Diff(f.expect.Actions, f.Actions)) - } - return nil -} - -func (f *fakeResourceManager) WaitForActions(ctx context.Context, timeout time.Duration) error { - err := wait.PollImmediateWithContext( - ctx, - 100*time.Millisecond, // try every 100ms - timeout, // timeout after timeout - func(ctx context.Context) (done bool, err error) { - if f.HasExpectedNumberActions() { - return true, f.Validate() - } - return false, nil - }) - return err -} - -func (f *recorderResourceManager) SetGroupVersionPriority(gv metav1.GroupVersion, grouppriority, versionpriority int) { - f.lock.Lock() - defer f.lock.Unlock() - - f.Actions = append(f.Actions, recorderResourceManagerAction{ - Type: "SetGroupVersionPriority", - Group: gv.Group, - Version: gv.Version, - Value: versionpriority, - }) -} - -func (f *recorderResourceManager) AddGroupVersion(groupName string, value apidiscoveryv2beta1.APIVersionDiscovery) { - f.lock.Lock() - defer f.lock.Unlock() - - f.Actions = append(f.Actions, recorderResourceManagerAction{ - Type: "AddGroupVersion", - Group: groupName, - Value: value, - }) -} -func (f *recorderResourceManager) RemoveGroup(groupName string) { - f.lock.Lock() - defer f.lock.Unlock() - - f.Actions = append(f.Actions, recorderResourceManagerAction{ - Type: "RemoveGroup", - Group: groupName, - }) - -} -func (f *recorderResourceManager) RemoveGroupVersion(gv metav1.GroupVersion) { - f.lock.Lock() - defer f.lock.Unlock() - - f.Actions = append(f.Actions, recorderResourceManagerAction{ - Type: "RemoveGroupVersion", - Group: gv.Group, - Version: gv.Version, - }) - -} -func (f *recorderResourceManager) SetGroups(values []apidiscoveryv2beta1.APIGroupDiscovery) { - f.lock.Lock() - defer f.lock.Unlock() - - f.Actions = append(f.Actions, recorderResourceManagerAction{ - Type: "SetGroups", - Value: values, - }) -} -func (f *recorderResourceManager) WebService() *restful.WebService { - panic("unimplemented") -} - -func (f *recorderResourceManager) ServeHTTP(http.ResponseWriter, *http.Request) { - panic("unimplemented") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/handler.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/handler.go deleted file mode 100644 index 14497baad7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/handler.go +++ /dev/null @@ -1,368 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package aggregated - -import ( - "net/http" - "reflect" - "sort" - "sync" - - apidiscoveryv2beta1 "k8s.io/api/apidiscovery/v2beta1" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/version" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - - "sync/atomic" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/klog/v2" -) - -// This handler serves the /apis endpoint for an aggregated list of -// api resources indexed by their group version. -type ResourceManager interface { - // Adds knowledge of the given groupversion to the discovery document - // If it was already being tracked, updates the stored APIVersionDiscovery - // Thread-safe - AddGroupVersion(groupName string, value apidiscoveryv2beta1.APIVersionDiscovery) - - // Sets a priority to be used while sorting a specific group and - // group-version. If two versions report different priorities for - // the group, the higher one will be used. If the group is not - // known, the priority is ignored. The priority for this version - // is forgotten once the group-version is forgotten - SetGroupVersionPriority(gv metav1.GroupVersion, grouppriority, versionpriority int) - - // Removes all group versions for a given group - // Thread-safe - RemoveGroup(groupName string) - - // Removes a specific groupversion. If all versions of a group have been - // removed, then the entire group is unlisted. - // Thread-safe - RemoveGroupVersion(gv metav1.GroupVersion) - - // Resets the manager's known list of group-versions and replaces them - // with the given groups - // Thread-Safe - SetGroups([]apidiscoveryv2beta1.APIGroupDiscovery) - - http.Handler -} - -type resourceDiscoveryManager struct { - serializer runtime.NegotiatedSerializer - // cache is an atomic pointer to avoid the use of locks - cache atomic.Pointer[cachedGroupList] - - // Writes protected by the lock. - // List of all apigroups & resources indexed by the resource manager - lock sync.RWMutex - apiGroups map[string]*apidiscoveryv2beta1.APIGroupDiscovery - versionPriorities map[metav1.GroupVersion]priorityInfo -} - -type priorityInfo struct { - GroupPriorityMinimum int - VersionPriority int -} - -func NewResourceManager() ResourceManager { - scheme := runtime.NewScheme() - codecs := serializer.NewCodecFactory(scheme) - utilruntime.Must(apidiscoveryv2beta1.AddToScheme(scheme)) - return &resourceDiscoveryManager{serializer: codecs, versionPriorities: make(map[metav1.GroupVersion]priorityInfo)} -} - -func (rdm *resourceDiscoveryManager) SetGroupVersionPriority(gv metav1.GroupVersion, groupPriorityMinimum, versionPriority int) { - rdm.lock.Lock() - defer rdm.lock.Unlock() - - rdm.versionPriorities[gv] = priorityInfo{ - GroupPriorityMinimum: groupPriorityMinimum, - VersionPriority: versionPriority, - } - rdm.cache.Store(nil) -} - -func (rdm *resourceDiscoveryManager) SetGroups(groups []apidiscoveryv2beta1.APIGroupDiscovery) { - rdm.lock.Lock() - defer rdm.lock.Unlock() - - rdm.apiGroups = nil - rdm.cache.Store(nil) - - for _, group := range groups { - for _, version := range group.Versions { - rdm.addGroupVersionLocked(group.Name, version) - } - } - - // Filter unused out priority entries - for gv := range rdm.versionPriorities { - entry, exists := rdm.apiGroups[gv.Group] - if !exists { - delete(rdm.versionPriorities, gv) - continue - } - - containsVersion := false - - for _, v := range entry.Versions { - if v.Version == gv.Version { - containsVersion = true - break - } - } - - if !containsVersion { - delete(rdm.versionPriorities, gv) - } - } -} - -func (rdm *resourceDiscoveryManager) AddGroupVersion(groupName string, value apidiscoveryv2beta1.APIVersionDiscovery) { - rdm.lock.Lock() - defer rdm.lock.Unlock() - - rdm.addGroupVersionLocked(groupName, value) -} - -func (rdm *resourceDiscoveryManager) addGroupVersionLocked(groupName string, value apidiscoveryv2beta1.APIVersionDiscovery) { - klog.Infof("Adding GroupVersion %s %s to ResourceManager", groupName, value.Version) - - if rdm.apiGroups == nil { - rdm.apiGroups = make(map[string]*apidiscoveryv2beta1.APIGroupDiscovery) - } - - if existing, groupExists := rdm.apiGroups[groupName]; groupExists { - // If this version already exists, replace it - versionExists := false - - // Not very efficient, but in practice there are generally not many versions - for i := range existing.Versions { - if existing.Versions[i].Version == value.Version { - // The new gv is the exact same as what is already in - // the map. This is a noop and cache should not be - // invalidated. - if reflect.DeepEqual(existing.Versions[i], value) { - return - } - existing.Versions[i] = value - versionExists = true - break - } - } - - if !versionExists { - existing.Versions = append(existing.Versions, value) - } - - } else { - group := &apidiscoveryv2beta1.APIGroupDiscovery{ - ObjectMeta: metav1.ObjectMeta{ - Name: groupName, - }, - Versions: []apidiscoveryv2beta1.APIVersionDiscovery{value}, - } - rdm.apiGroups[groupName] = group - } - - gv := metav1.GroupVersion{Group: groupName, Version: value.Version} - if _, ok := rdm.versionPriorities[gv]; !ok { - rdm.versionPriorities[gv] = priorityInfo{ - GroupPriorityMinimum: 1000, - VersionPriority: 15, - } - } - - // Reset response document so it is recreated lazily - rdm.cache.Store(nil) -} - -func (rdm *resourceDiscoveryManager) RemoveGroupVersion(apiGroup metav1.GroupVersion) { - rdm.lock.Lock() - defer rdm.lock.Unlock() - group, exists := rdm.apiGroups[apiGroup.Group] - if !exists { - return - } - - modified := false - for i := range group.Versions { - if group.Versions[i].Version == apiGroup.Version { - group.Versions = append(group.Versions[:i], group.Versions[i+1:]...) - modified = true - break - } - } - // If no modification was done, cache does not need to be cleared - if !modified { - return - } - - delete(rdm.versionPriorities, apiGroup) - if len(group.Versions) == 0 { - delete(rdm.apiGroups, group.Name) - } - - // Reset response document so it is recreated lazily - rdm.cache.Store(nil) -} - -func (rdm *resourceDiscoveryManager) RemoveGroup(groupName string) { - rdm.lock.Lock() - defer rdm.lock.Unlock() - - delete(rdm.apiGroups, groupName) - - for k := range rdm.versionPriorities { - if k.Group == groupName { - delete(rdm.versionPriorities, k) - } - } - - // Reset response document so it is recreated lazily - rdm.cache.Store(nil) -} - -// Prepares the api group list for serving by converting them from map into -// list and sorting them according to insertion order -func (rdm *resourceDiscoveryManager) calculateAPIGroupsLocked() []apidiscoveryv2beta1.APIGroupDiscovery { - // Re-order the apiGroups by their priority. - groups := []apidiscoveryv2beta1.APIGroupDiscovery{} - for _, group := range rdm.apiGroups { - copied := *group.DeepCopy() - - // Re-order versions based on their priority. Use kube-aware string - // comparison as a tie breaker - sort.SliceStable(copied.Versions, func(i, j int) bool { - iVersion := copied.Versions[i].Version - jVersion := copied.Versions[j].Version - - iPriority := rdm.versionPriorities[metav1.GroupVersion{Group: group.Name, Version: iVersion}].VersionPriority - jPriority := rdm.versionPriorities[metav1.GroupVersion{Group: group.Name, Version: jVersion}].VersionPriority - - // Sort by version string comparator if priority is equal - if iPriority == jPriority { - return version.CompareKubeAwareVersionStrings(iVersion, jVersion) > 0 - } - - // i sorts before j if it has a higher priority - return iPriority > jPriority - }) - - groups = append(groups, *copied.DeepCopy()) - - } - - // For each group, determine the highest minimum group priority and use that - priorities := map[string]int{} - for gv, info := range rdm.versionPriorities { - if existing, exists := priorities[gv.Group]; exists { - if existing < info.GroupPriorityMinimum { - priorities[gv.Group] = info.GroupPriorityMinimum - } - } else { - priorities[gv.Group] = info.GroupPriorityMinimum - } - } - - sort.SliceStable(groups, func(i, j int) bool { - iName := groups[i].Name - jName := groups[j].Name - - // Default to 0 priority by default - iPriority := priorities[iName] - jPriority := priorities[jName] - - // Sort discovery based on apiservice priority. - // Duplicated from staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/helpers.go - if iPriority == jPriority { - // Equal priority uses name to break ties - return iName < jName - } - - // i sorts before j if it has a higher priority - return iPriority > jPriority - }) - - return groups -} - -// Fetches from cache if it exists. If cache is empty, create it. -func (rdm *resourceDiscoveryManager) fetchFromCache() *cachedGroupList { - rdm.lock.RLock() - defer rdm.lock.RUnlock() - - cacheLoad := rdm.cache.Load() - if cacheLoad != nil { - return cacheLoad - } - response := apidiscoveryv2beta1.APIGroupDiscoveryList{ - Items: rdm.calculateAPIGroupsLocked(), - } - etag, err := calculateETag(response) - if err != nil { - klog.Errorf("failed to calculate etag for discovery document: %s", etag) - etag = "" - } - cached := &cachedGroupList{ - cachedResponse: response, - cachedResponseETag: etag, - } - rdm.cache.Store(cached) - return cached -} - -type cachedGroupList struct { - cachedResponse apidiscoveryv2beta1.APIGroupDiscoveryList - cachedResponseETag string -} - -func (rdm *resourceDiscoveryManager) ServeHTTP(resp http.ResponseWriter, req *http.Request) { - cache := rdm.fetchFromCache() - response := cache.cachedResponse - etag := cache.cachedResponseETag - - if len(etag) > 0 { - // Use proper e-tag headers if one is available - ServeHTTPWithETag( - &response, - etag, - rdm.serializer, - resp, - req, - ) - } else { - // Default to normal response in rare case etag is - // not cached with the object for some reason. - responsewriters.WriteObjectNegotiated( - rdm.serializer, - DiscoveryEndpointRestrictions, - AggregatedDiscoveryGV, - resp, - req, - http.StatusOK, - &response, - true, - ) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/negotiation.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/negotiation.go deleted file mode 100644 index 9e58dad854..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/negotiation.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package aggregated - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var AggregatedDiscoveryGV = schema.GroupVersion{Group: "apidiscovery.k8s.io", Version: "v2beta1"} - -// Interface is from "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - -// DiscoveryEndpointRestrictions allows requests to /apis to provide a Content Negotiation GVK for aggregated discovery. -var DiscoveryEndpointRestrictions = discoveryEndpointRestrictions{} - -type discoveryEndpointRestrictions struct{} - -func (discoveryEndpointRestrictions) AllowsMediaTypeTransform(mimeType string, mimeSubType string, gvk *schema.GroupVersionKind) bool { - return IsAggregatedDiscoveryGVK(gvk) -} - -func (discoveryEndpointRestrictions) AllowsServerVersion(string) bool { return false } -func (discoveryEndpointRestrictions) AllowsStreamSchema(s string) bool { return s == "watch" } - -// IsAggregatedDiscoveryGVK checks if a provided GVK is the GVK for serving aggregated discovery. -func IsAggregatedDiscoveryGVK(gvk *schema.GroupVersionKind) bool { - if gvk != nil { - return gvk.Group == "apidiscovery.k8s.io" && gvk.Version == "v2beta1" && gvk.Kind == "APIGroupDiscoveryList" - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/wrapper.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/wrapper.go deleted file mode 100644 index 8516c154c8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/aggregated/wrapper.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package aggregated - -import ( - "net/http" - - apidiscoveryv2beta1 "k8s.io/api/apidiscovery/v2beta1" - "k8s.io/apimachinery/pkg/runtime/serializer" - - "github.com/emicklei/go-restful/v3" - "k8s.io/apimachinery/pkg/runtime" - - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - genericfeatures "k8s.io/apiserver/pkg/features" - utilfeature "k8s.io/apiserver/pkg/util/feature" -) - -type WrappedHandler struct { - s runtime.NegotiatedSerializer - handler http.Handler - aggHandler http.Handler -} - -func (wrapped *WrappedHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) { - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.AggregatedDiscoveryEndpoint) { - mediaType, _ := negotiation.NegotiateMediaTypeOptions(req.Header.Get("Accept"), wrapped.s.SupportedMediaTypes(), DiscoveryEndpointRestrictions) - // mediaType.Convert looks at the request accept headers and is used to control whether the discovery document will be aggregated. - if IsAggregatedDiscoveryGVK(mediaType.Convert) { - wrapped.aggHandler.ServeHTTP(resp, req) - return - } - } - wrapped.handler.ServeHTTP(resp, req) -} - -func (wrapped *WrappedHandler) restfulHandle(req *restful.Request, resp *restful.Response) { - wrapped.ServeHTTP(resp.ResponseWriter, req.Request) -} - -func (wrapped *WrappedHandler) GenerateWebService(prefix string, returnType interface{}) *restful.WebService { - mediaTypes, _ := negotiation.MediaTypesForSerializer(wrapped.s) - ws := new(restful.WebService) - ws.Path(prefix) - ws.Doc("get available API versions") - ws.Route(ws.GET("/").To(wrapped.restfulHandle). - Doc("get available API versions"). - Operation("getAPIVersions"). - Produces(mediaTypes...). - Consumes(mediaTypes...). - Writes(returnType)) - return ws -} - -// WrapAggregatedDiscoveryToHandler wraps a handler with an option to -// emit the aggregated discovery by passing in the aggregated -// discovery type in content negotiation headers: eg: (Accept: -// application/json;v=v2beta1;g=apidiscovery.k8s.io;as=APIGroupDiscoveryList) -func WrapAggregatedDiscoveryToHandler(handler http.Handler, aggHandler http.Handler) *WrappedHandler { - scheme := runtime.NewScheme() - apidiscoveryv2beta1.AddToScheme(scheme) - codecs := serializer.NewCodecFactory(scheme) - return &WrappedHandler{codecs, handler, aggHandler} -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/group.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/group.go deleted file mode 100644 index 3f1b2a1412..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/group.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "net/http" - - "github.com/emicklei/go-restful/v3" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" -) - -// APIGroupHandler creates a webservice serving the supported versions, preferred version, and name -// of a group. E.g., such a web service will be registered at /apis/extensions. -type APIGroupHandler struct { - serializer runtime.NegotiatedSerializer - group metav1.APIGroup -} - -func NewAPIGroupHandler(serializer runtime.NegotiatedSerializer, group metav1.APIGroup) *APIGroupHandler { - if keepUnversioned(group.Name) { - // Because in release 1.1, /apis/extensions returns response with empty - // APIVersion, we use stripVersionNegotiatedSerializer to keep the - // response backwards compatible. - serializer = stripVersionNegotiatedSerializer{serializer} - } - - return &APIGroupHandler{ - serializer: serializer, - group: group, - } -} - -func (s *APIGroupHandler) WebService() *restful.WebService { - mediaTypes, _ := negotiation.MediaTypesForSerializer(s.serializer) - ws := new(restful.WebService) - ws.Path(APIGroupPrefix + "/" + s.group.Name) - ws.Doc("get information of a group") - ws.Route(ws.GET("/").To(s.handle). - Doc("get information of a group"). - Operation("getAPIGroup"). - Produces(mediaTypes...). - Consumes(mediaTypes...). - Writes(metav1.APIGroup{})) - return ws -} - -// handle returns a handler which will return the api.GroupAndVersion of the group. -func (s *APIGroupHandler) handle(req *restful.Request, resp *restful.Response) { - s.ServeHTTP(resp.ResponseWriter, req.Request) -} - -func (s *APIGroupHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { - responsewriters.WriteObjectNegotiated(s.serializer, negotiation.DefaultEndpointRestrictions, schema.GroupVersion{}, w, req, http.StatusOK, &s.group, false) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/legacy.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/legacy.go deleted file mode 100644 index dae0d714b9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/legacy.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "net/http" - - "github.com/emicklei/go-restful/v3" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" -) - -// legacyRootAPIHandler creates a webservice serving api group discovery. -type legacyRootAPIHandler struct { - // addresses is used to build cluster IPs for discovery. - addresses Addresses - apiPrefix string - serializer runtime.NegotiatedSerializer -} - -func NewLegacyRootAPIHandler(addresses Addresses, serializer runtime.NegotiatedSerializer, apiPrefix string) *legacyRootAPIHandler { - // Because in release 1.1, /apis returns response with empty APIVersion, we - // use stripVersionNegotiatedSerializer to keep the response backwards - // compatible. - serializer = stripVersionNegotiatedSerializer{serializer} - - return &legacyRootAPIHandler{ - addresses: addresses, - apiPrefix: apiPrefix, - serializer: serializer, - } -} - -// AddApiWebService adds a service to return the supported api versions at the legacy /api. -func (s *legacyRootAPIHandler) WebService() *restful.WebService { - mediaTypes, _ := negotiation.MediaTypesForSerializer(s.serializer) - ws := new(restful.WebService) - ws.Path(s.apiPrefix) - ws.Doc("get available API versions") - ws.Route(ws.GET("/").To(s.restfulHandle). - Doc("get available API versions"). - Operation("getAPIVersions"). - Produces(mediaTypes...). - Consumes(mediaTypes...). - Writes(metav1.APIVersions{})) - return ws -} - -func (s *legacyRootAPIHandler) restfulHandle(req *restful.Request, resp *restful.Response) { - s.ServeHTTP(resp.ResponseWriter, req.Request) -} - -func (s *legacyRootAPIHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) { - clientIP := utilnet.GetClientIP(req) - apiVersions := &metav1.APIVersions{ - ServerAddressByClientCIDRs: s.addresses.ServerAddressByClientCIDRs(clientIP), - Versions: []string{"v1"}, - } - - responsewriters.WriteObjectNegotiated(s.serializer, negotiation.DefaultEndpointRestrictions, schema.GroupVersion{}, resp, req, http.StatusOK, apiVersions, false) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/root.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/root.go deleted file mode 100644 index 24f0a34526..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/root.go +++ /dev/null @@ -1,135 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "net/http" - "sync" - - restful "github.com/emicklei/go-restful/v3" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" -) - -// GroupManager is an interface that allows dynamic mutation of the existing webservice to handle -// API groups being added or removed. -type GroupManager interface { - AddGroup(apiGroup metav1.APIGroup) - RemoveGroup(groupName string) - ServeHTTP(resp http.ResponseWriter, req *http.Request) - WebService() *restful.WebService -} - -// rootAPIsHandler creates a webservice serving api group discovery. -// The list of APIGroups may change while the server is running because additional resources -// are registered or removed. It is not safe to cache the values. -type rootAPIsHandler struct { - // addresses is used to build cluster IPs for discovery. - addresses Addresses - - serializer runtime.NegotiatedSerializer - - // Map storing information about all groups to be exposed in discovery response. - // The map is from name to the group. - lock sync.RWMutex - apiGroups map[string]metav1.APIGroup - // apiGroupNames preserves insertion order - apiGroupNames []string -} - -func NewRootAPIsHandler(addresses Addresses, serializer runtime.NegotiatedSerializer) *rootAPIsHandler { - // Because in release 1.1, /apis returns response with empty APIVersion, we - // use stripVersionNegotiatedSerializer to keep the response backwards - // compatible. - serializer = stripVersionNegotiatedSerializer{serializer} - - return &rootAPIsHandler{ - addresses: addresses, - serializer: serializer, - apiGroups: map[string]metav1.APIGroup{}, - } -} - -func (s *rootAPIsHandler) AddGroup(apiGroup metav1.APIGroup) { - s.lock.Lock() - defer s.lock.Unlock() - - _, alreadyExists := s.apiGroups[apiGroup.Name] - - s.apiGroups[apiGroup.Name] = apiGroup - if !alreadyExists { - s.apiGroupNames = append(s.apiGroupNames, apiGroup.Name) - } -} - -func (s *rootAPIsHandler) RemoveGroup(groupName string) { - s.lock.Lock() - defer s.lock.Unlock() - - delete(s.apiGroups, groupName) - for i := range s.apiGroupNames { - if s.apiGroupNames[i] == groupName { - s.apiGroupNames = append(s.apiGroupNames[:i], s.apiGroupNames[i+1:]...) - break - } - } -} - -func (s *rootAPIsHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) { - s.lock.RLock() - defer s.lock.RUnlock() - - orderedGroups := []metav1.APIGroup{} - for _, groupName := range s.apiGroupNames { - orderedGroups = append(orderedGroups, s.apiGroups[groupName]) - } - - clientIP := utilnet.GetClientIP(req) - serverCIDR := s.addresses.ServerAddressByClientCIDRs(clientIP) - groups := make([]metav1.APIGroup, len(orderedGroups)) - for i := range orderedGroups { - groups[i] = orderedGroups[i] - groups[i].ServerAddressByClientCIDRs = serverCIDR - } - - responsewriters.WriteObjectNegotiated(s.serializer, negotiation.DefaultEndpointRestrictions, schema.GroupVersion{}, resp, req, http.StatusOK, &metav1.APIGroupList{Groups: groups}, false) -} - -func (s *rootAPIsHandler) restfulHandle(req *restful.Request, resp *restful.Response) { - s.ServeHTTP(resp.ResponseWriter, req.Request) -} - -// WebService returns a webservice serving api group discovery. -// Note: during the server runtime apiGroups might change. -func (s *rootAPIsHandler) WebService() *restful.WebService { - mediaTypes, _ := negotiation.MediaTypesForSerializer(s.serializer) - ws := new(restful.WebService) - ws.Path(APIGroupPrefix) - ws.Doc("get available API versions") - ws.Route(ws.GET("/").To(s.restfulHandle). - Doc("get available API versions"). - Operation("getAPIVersions"). - Produces(mediaTypes...). - Consumes(mediaTypes...). - Writes(metav1.APIGroupList{})) - return ws -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/storageversionhash.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/storageversionhash.go deleted file mode 100644 index d72d4ba207..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/storageversionhash.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "crypto/sha256" - "encoding/base64" -) - -// StorageVersionHash calculates the storage version hash for a -// <group/version/kind> tuple. -// WARNING: this function is subject to change. Clients shouldn't depend on -// this function. -func StorageVersionHash(group, version, kind string) string { - gvk := group + "/" + version + "/" + kind - if gvk == "" { - return "" - } - bytes := sha256.Sum256([]byte(gvk)) - // Assuming there are N kinds in the cluster, and the hash is X-byte long, - // the chance of colliding hash P(N,X) approximates to 1-e^(-(N^2)/2^(8X+1)). - // P(10,000, 8) ~= 2.7*10^(-12), which is low enough. - // See https://en.wikipedia.org/wiki/Birthday_problem#Approximations. - return base64.StdEncoding.EncodeToString(bytes[:8]) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/util.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/util.go deleted file mode 100644 index 7487ffc18a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/util.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "bytes" - "encoding/json" - "fmt" - "io" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/klog/v2" -) - -const APIGroupPrefix = "/apis" - -func keepUnversioned(group string) bool { - return group == "" || group == "extensions" -} - -// stripVersionEncoder strips APIVersion field from the encoding output. It's -// used to keep the responses at the discovery endpoints backward compatible -// with release-1.1, when the responses have empty APIVersion. -type stripVersionEncoder struct { - encoder runtime.Encoder - serializer runtime.Serializer - identifier runtime.Identifier -} - -func newStripVersionEncoder(e runtime.Encoder, s runtime.Serializer) runtime.Encoder { - return stripVersionEncoder{ - encoder: e, - serializer: s, - identifier: identifier(e), - } -} - -func identifier(e runtime.Encoder) runtime.Identifier { - result := map[string]string{ - "name": "stripVersion", - } - if e != nil { - result["encoder"] = string(e.Identifier()) - } - identifier, err := json.Marshal(result) - if err != nil { - klog.Fatalf("Failed marshaling identifier for stripVersionEncoder: %v", err) - } - return runtime.Identifier(identifier) -} - -func (c stripVersionEncoder) Encode(obj runtime.Object, w io.Writer) error { - if co, ok := obj.(runtime.CacheableObject); ok { - return co.CacheEncode(c.Identifier(), c.doEncode, w) - } - return c.doEncode(obj, w) -} - -func (c stripVersionEncoder) doEncode(obj runtime.Object, w io.Writer) error { - buf := bytes.NewBuffer([]byte{}) - err := c.encoder.Encode(obj, buf) - if err != nil { - return err - } - roundTrippedObj, gvk, err := c.serializer.Decode(buf.Bytes(), nil, nil) - if err != nil { - return err - } - gvk.Group = "" - gvk.Version = "" - roundTrippedObj.GetObjectKind().SetGroupVersionKind(*gvk) - return c.serializer.Encode(roundTrippedObj, w) -} - -// Identifier implements runtime.Encoder interface. -func (c stripVersionEncoder) Identifier() runtime.Identifier { - return c.identifier -} - -// stripVersionNegotiatedSerializer will return stripVersionEncoder when -// EncoderForVersion is called. See comments for stripVersionEncoder. -type stripVersionNegotiatedSerializer struct { - runtime.NegotiatedSerializer -} - -func (n stripVersionNegotiatedSerializer) EncoderForVersion(encoder runtime.Encoder, gv runtime.GroupVersioner) runtime.Encoder { - serializer, ok := encoder.(runtime.Serializer) - if !ok { - // The stripVersionEncoder needs both an encoder and decoder, but is called from a context that doesn't have access to the - // decoder. We do a best effort cast here (since this code path is only for backwards compatibility) to get access to the caller's - // decoder. - panic(fmt.Sprintf("Unable to extract serializer from %#v", encoder)) - } - versioned := n.NegotiatedSerializer.EncoderForVersion(encoder, gv) - return newStripVersionEncoder(versioned, serializer) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/version.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/version.go deleted file mode 100644 index ee5307c501..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/discovery/version.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "net/http" - - restful "github.com/emicklei/go-restful/v3" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" -) - -type APIResourceLister interface { - ListAPIResources() []metav1.APIResource -} - -type APIResourceListerFunc func() []metav1.APIResource - -func (f APIResourceListerFunc) ListAPIResources() []metav1.APIResource { - return f() -} - -// APIVersionHandler creates a webservice serving the supported resources for the version -// E.g., such a web service will be registered at /apis/extensions/v1beta1. -type APIVersionHandler struct { - serializer runtime.NegotiatedSerializer - - groupVersion schema.GroupVersion - apiResourceLister APIResourceLister -} - -func NewAPIVersionHandler(serializer runtime.NegotiatedSerializer, groupVersion schema.GroupVersion, apiResourceLister APIResourceLister) *APIVersionHandler { - if keepUnversioned(groupVersion.Group) { - // Because in release 1.1, /apis/extensions returns response with empty - // APIVersion, we use stripVersionNegotiatedSerializer to keep the - // response backwards compatible. - serializer = stripVersionNegotiatedSerializer{serializer} - } - - return &APIVersionHandler{ - serializer: serializer, - groupVersion: groupVersion, - apiResourceLister: apiResourceLister, - } -} - -func (s *APIVersionHandler) AddToWebService(ws *restful.WebService) { - mediaTypes, _ := negotiation.MediaTypesForSerializer(s.serializer) - ws.Route(ws.GET("/").To(s.handle). - Doc("get available resources"). - Operation("getAPIResources"). - Produces(mediaTypes...). - Consumes(mediaTypes...). - Writes(metav1.APIResourceList{})) -} - -// handle returns a handler which will return the api.VersionAndVersion of the group. -func (s *APIVersionHandler) handle(req *restful.Request, resp *restful.Response) { - s.ServeHTTP(resp.ResponseWriter, req.Request) -} - -func (s *APIVersionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { - responsewriters.WriteObjectNegotiated(s.serializer, negotiation.DefaultEndpointRestrictions, schema.GroupVersion{}, w, req, http.StatusOK, - &metav1.APIResourceList{GroupVersion: s.groupVersion.String(), APIResources: s.apiResourceLister.ListAPIResources()}, false) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/doc.go deleted file mode 100644 index ef99114b61..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package endpoints contains the generic code that provides a RESTful Kubernetes-style API service. -package endpoints // import "k8s.io/apiserver/pkg/endpoints" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filterlatency/filterlatency.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filterlatency/filterlatency.go deleted file mode 100644 index f2bbfe5437..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filterlatency/filterlatency.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filterlatency - -import ( - "context" - "fmt" - "net/http" - "time" - - "go.opentelemetry.io/otel/trace" - - "k8s.io/apiserver/pkg/endpoints/metrics" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/server/httplog" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -type requestFilterRecordKeyType int - -// requestFilterRecordKey is the context key for a request filter record struct. -const requestFilterRecordKey requestFilterRecordKeyType = iota - -const minFilterLatencyToLog = 100 * time.Millisecond - -type requestFilterRecord struct { - name string - startedTimestamp time.Time -} - -// withRequestFilterRecord attaches the given request filter record to the parent context. -func withRequestFilterRecord(parent context.Context, fr *requestFilterRecord) context.Context { - return apirequest.WithValue(parent, requestFilterRecordKey, fr) -} - -// requestFilterRecordFrom returns the request filter record from the given context. -func requestFilterRecordFrom(ctx context.Context) *requestFilterRecord { - fr, _ := ctx.Value(requestFilterRecordKey).(*requestFilterRecord) - return fr -} - -// TrackStarted measures the timestamp the given handler has started execution -// by attaching a handler to the chain. -func TrackStarted(handler http.Handler, tp trace.TracerProvider, name string) http.Handler { - return trackStarted(handler, tp, name, clock.RealClock{}) -} - -// TrackCompleted measures the timestamp the given handler has completed execution and then -// it updates the corresponding metric with the filter latency duration. -func TrackCompleted(handler http.Handler) http.Handler { - return trackCompleted(handler, clock.RealClock{}, func(ctx context.Context, fr *requestFilterRecord, completedAt time.Time) { - latency := completedAt.Sub(fr.startedTimestamp) - metrics.RecordFilterLatency(ctx, fr.name, latency) - if klog.V(3).Enabled() && latency > minFilterLatencyToLog { - httplog.AddKeyValue(ctx, fmt.Sprintf("fl_%s", fr.name), latency.String()) - } - }) -} - -func trackStarted(handler http.Handler, tp trace.TracerProvider, name string, clock clock.PassiveClock) http.Handler { - // This is a noop if the tracing is disabled, since tp will be a NoopTracerProvider - tracer := tp.Tracer("k8s.op/apiserver/pkg/endpoints/filterlatency") - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx := r.Context() - if fr := requestFilterRecordFrom(ctx); fr != nil { - fr.name = name - fr.startedTimestamp = clock.Now() - - handler.ServeHTTP(w, r) - return - } - - fr := &requestFilterRecord{ - name: name, - startedTimestamp: clock.Now(), - } - ctx, _ = tracer.Start(ctx, name) - r = r.WithContext(withRequestFilterRecord(ctx, fr)) - handler.ServeHTTP(w, r) - }) -} - -func trackCompleted(handler http.Handler, clock clock.PassiveClock, action func(context.Context, *requestFilterRecord, time.Time)) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // The previous filter has just completed. - completedAt := clock.Now() - - defer handler.ServeHTTP(w, r) - - ctx := r.Context() - if fr := requestFilterRecordFrom(ctx); fr != nil { - action(ctx, fr, completedAt) - } - trace.SpanFromContext(ctx).End() - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/OWNERS deleted file mode 100644 index 3e4862a50e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - deads2k - - sttts - - soltysh diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/audit.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/audit.go deleted file mode 100644 index b310c94ee2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/audit.go +++ /dev/null @@ -1,268 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "bufio" - "context" - "errors" - "fmt" - "net" - "net/http" - "sync" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/endpoints/responsewriter" -) - -// WithAudit decorates a http.Handler with audit logging information for all the -// requests coming to the server. Audit level is decided according to requests' -// attributes and audit policy. Logs are emitted to the audit sink to -// process events. If sink or audit policy is nil, no decoration takes place. -func WithAudit(handler http.Handler, sink audit.Sink, policy audit.PolicyRuleEvaluator, longRunningCheck request.LongRunningRequestCheck) http.Handler { - if sink == nil || policy == nil { - return handler - } - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ac, err := evaluatePolicyAndCreateAuditEvent(req, policy) - if err != nil { - utilruntime.HandleError(fmt.Errorf("failed to create audit event: %v", err)) - responsewriters.InternalError(w, req, errors.New("failed to create audit event")) - return - } - - if ac == nil || ac.Event == nil { - handler.ServeHTTP(w, req) - return - } - ev := ac.Event - - ctx := req.Context() - omitStages := ac.RequestAuditConfig.OmitStages - - ev.Stage = auditinternal.StageRequestReceived - if processed := processAuditEvent(ctx, sink, ev, omitStages); !processed { - audit.ApiserverAuditDroppedCounter.WithContext(ctx).Inc() - responsewriters.InternalError(w, req, errors.New("failed to store audit event")) - return - } - - // intercept the status code - var longRunningSink audit.Sink - if longRunningCheck != nil { - ri, _ := request.RequestInfoFrom(ctx) - if longRunningCheck(req, ri) { - longRunningSink = sink - } - } - respWriter := decorateResponseWriter(ctx, w, ev, longRunningSink, omitStages) - - // send audit event when we leave this func, either via a panic or cleanly. In the case of long - // running requests, this will be the second audit event. - defer func() { - if r := recover(); r != nil { - defer panic(r) - ev.Stage = auditinternal.StagePanic - ev.ResponseStatus = &metav1.Status{ - Code: http.StatusInternalServerError, - Status: metav1.StatusFailure, - Reason: metav1.StatusReasonInternalError, - Message: fmt.Sprintf("APIServer panic'd: %v", r), - } - processAuditEvent(ctx, sink, ev, omitStages) - return - } - - // if no StageResponseStarted event was sent b/c neither a status code nor a body was sent, fake it here - // But Audit-Id http header will only be sent when http.ResponseWriter.WriteHeader is called. - fakedSuccessStatus := &metav1.Status{ - Code: http.StatusOK, - Status: metav1.StatusSuccess, - Message: "Connection closed early", - } - if ev.ResponseStatus == nil && longRunningSink != nil { - ev.ResponseStatus = fakedSuccessStatus - ev.Stage = auditinternal.StageResponseStarted - processAuditEvent(ctx, longRunningSink, ev, omitStages) - } - - ev.Stage = auditinternal.StageResponseComplete - if ev.ResponseStatus == nil { - ev.ResponseStatus = fakedSuccessStatus - } - processAuditEvent(ctx, sink, ev, omitStages) - }() - handler.ServeHTTP(respWriter, req) - }) -} - -// evaluatePolicyAndCreateAuditEvent is responsible for evaluating the audit -// policy configuration applicable to the request and create a new audit -// event that will be written to the API audit log. -// - error if anything bad happened -func evaluatePolicyAndCreateAuditEvent(req *http.Request, policy audit.PolicyRuleEvaluator) (*audit.AuditContext, error) { - ctx := req.Context() - ac := audit.AuditContextFrom(ctx) - if ac == nil { - // Auditing not enabled. - return nil, nil - } - - attribs, err := GetAuthorizerAttributes(ctx) - if err != nil { - return ac, fmt.Errorf("failed to GetAuthorizerAttributes: %v", err) - } - - ls := policy.EvaluatePolicyRule(attribs) - audit.ObservePolicyLevel(ctx, ls.Level) - ac.RequestAuditConfig = ls.RequestAuditConfig - if ls.Level == auditinternal.LevelNone { - // Don't audit. - return ac, nil - } - - requestReceivedTimestamp, ok := request.ReceivedTimestampFrom(ctx) - if !ok { - requestReceivedTimestamp = time.Now() - } - ev, err := audit.NewEventFromRequest(req, requestReceivedTimestamp, ls.Level, attribs) - if err != nil { - return nil, fmt.Errorf("failed to complete audit event from request: %v", err) - } - - ac.Event = ev - - return ac, nil -} - -// writeLatencyToAnnotation writes the latency incurred in different -// layers of the apiserver to the annotations of the audit object. -// it should be invoked after ev.StageTimestamp has been set appropriately. -func writeLatencyToAnnotation(ctx context.Context, ev *auditinternal.Event) { - // we will track latency in annotation only when the total latency - // of the given request exceeds 500ms, this is in keeping with the - // traces in rest/handlers for create, delete, update, - // get, list, and deletecollection. - const threshold = 500 * time.Millisecond - latency := ev.StageTimestamp.Time.Sub(ev.RequestReceivedTimestamp.Time) - if latency <= threshold { - return - } - - // if we are tracking latency incurred inside different layers within - // the apiserver, add these as annotation to the audit event object. - layerLatencies := request.AuditAnnotationsFromLatencyTrackers(ctx) - if len(layerLatencies) == 0 { - // latency tracking is not enabled for this request - return - } - - // record the total latency for this request, for convenience. - layerLatencies["apiserver.latency.k8s.io/total"] = latency.String() - audit.AddAuditAnnotationsMap(ctx, layerLatencies) -} - -func processAuditEvent(ctx context.Context, sink audit.Sink, ev *auditinternal.Event, omitStages []auditinternal.Stage) bool { - for _, stage := range omitStages { - if ev.Stage == stage { - return true - } - } - - switch { - case ev.Stage == auditinternal.StageRequestReceived: - ev.StageTimestamp = metav1.NewMicroTime(ev.RequestReceivedTimestamp.Time) - case ev.Stage == auditinternal.StageResponseComplete: - ev.StageTimestamp = metav1.NewMicroTime(time.Now()) - writeLatencyToAnnotation(ctx, ev) - default: - ev.StageTimestamp = metav1.NewMicroTime(time.Now()) - } - - audit.ObserveEvent(ctx) - return sink.ProcessEvents(ev) -} - -func decorateResponseWriter(ctx context.Context, responseWriter http.ResponseWriter, ev *auditinternal.Event, sink audit.Sink, omitStages []auditinternal.Stage) http.ResponseWriter { - delegate := &auditResponseWriter{ - ctx: ctx, - ResponseWriter: responseWriter, - event: ev, - sink: sink, - omitStages: omitStages, - } - - return responsewriter.WrapForHTTP1Or2(delegate) -} - -var _ http.ResponseWriter = &auditResponseWriter{} -var _ responsewriter.UserProvidedDecorator = &auditResponseWriter{} - -// auditResponseWriter intercepts WriteHeader, sets it in the event. If the sink is set, it will -// create immediately an event (for long running requests). -type auditResponseWriter struct { - http.ResponseWriter - ctx context.Context - event *auditinternal.Event - once sync.Once - sink audit.Sink - omitStages []auditinternal.Stage -} - -func (a *auditResponseWriter) Unwrap() http.ResponseWriter { - return a.ResponseWriter -} - -func (a *auditResponseWriter) processCode(code int) { - a.once.Do(func() { - if a.event.ResponseStatus == nil { - a.event.ResponseStatus = &metav1.Status{} - } - a.event.ResponseStatus.Code = int32(code) - a.event.Stage = auditinternal.StageResponseStarted - - if a.sink != nil { - processAuditEvent(a.ctx, a.sink, a.event, a.omitStages) - } - }) -} - -func (a *auditResponseWriter) Write(bs []byte) (int, error) { - // the Go library calls WriteHeader internally if no code was written yet. But this will go unnoticed for us - a.processCode(http.StatusOK) - return a.ResponseWriter.Write(bs) -} - -func (a *auditResponseWriter) WriteHeader(code int) { - a.processCode(code) - a.ResponseWriter.WriteHeader(code) -} - -func (a *auditResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { - // fake a response status before protocol switch happens - a.processCode(http.StatusSwitchingProtocols) - - // the outer ResponseWriter object returned by WrapForHTTP1Or2 implements - // http.Hijacker if the inner object (a.ResponseWriter) implements http.Hijacker. - return a.ResponseWriter.(http.Hijacker).Hijack() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/audit_init.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/audit_init.go deleted file mode 100644 index 7c9ca8e926..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/audit_init.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" - - "k8s.io/apimachinery/pkg/types" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" - - "github.com/google/uuid" -) - -// WithAuditInit initializes the audit context and attaches the Audit-ID associated with a request. -// -// a. If the caller does not specify a value for Audit-ID in the request header, we generate a new audit ID -// b. We echo the Audit-ID value to the caller via the response Header 'Audit-ID'. -func WithAuditInit(handler http.Handler) http.Handler { - return withAuditInit(handler, func() string { - return uuid.New().String() - }) -} - -func withAuditInit(handler http.Handler, newAuditIDFunc func() string) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx := audit.WithAuditContext(r.Context()) - r = r.WithContext(ctx) - - auditID := r.Header.Get(auditinternal.HeaderAuditID) - if len(auditID) == 0 { - auditID = newAuditIDFunc() - } - - // Note: we save the user specified value of the Audit-ID header as is, no truncation is performed. - audit.WithAuditID(ctx, types.UID(auditID)) - - // We echo the Audit-ID in to the response header. - // It's not guaranteed Audit-ID http header is sent for all requests. - // For example, when user run "kubectl exec", apiserver uses a proxy handler - // to deal with the request, users can only get http headers returned by kubelet node. - // - // This filter will also be used by other aggregated api server(s). For an aggregated API - // we don't want to see the same audit ID appearing more than once. - if value := w.Header().Get(auditinternal.HeaderAuditID); len(value) == 0 { - w.Header().Set(auditinternal.HeaderAuditID, auditID) - } - - handler.ServeHTTP(w, r) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go deleted file mode 100644 index d69cfef32d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authentication.go +++ /dev/null @@ -1,104 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "context" - "errors" - "fmt" - "net/http" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/klog/v2" -) - -type recordMetrics func(context.Context, *authenticator.Response, bool, error, authenticator.Audiences, time.Time, time.Time) - -// WithAuthentication creates an http handler that tries to authenticate the given request as a user, and then -// stores any such user found onto the provided context for the request. If authentication fails or returns an error -// the failed handler is used. On success, "Authorization" header is removed from the request and handler -// is invoked to serve the request. -func WithAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences) http.Handler { - return withAuthentication(handler, auth, failed, apiAuds, recordAuthMetrics) -} - -func withAuthentication(handler http.Handler, auth authenticator.Request, failed http.Handler, apiAuds authenticator.Audiences, metrics recordMetrics) http.Handler { - if auth == nil { - klog.Warning("Authentication is disabled") - return handler - } - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - authenticationStart := time.Now() - - if len(apiAuds) > 0 { - req = req.WithContext(authenticator.WithAudiences(req.Context(), apiAuds)) - } - resp, ok, err := auth.AuthenticateRequest(req) - authenticationFinish := time.Now() - defer func() { - metrics(req.Context(), resp, ok, err, apiAuds, authenticationStart, authenticationFinish) - }() - if err != nil || !ok { - if err != nil { - klog.ErrorS(err, "Unable to authenticate the request") - } - failed.ServeHTTP(w, req) - return - } - - if !audiencesAreAcceptable(apiAuds, resp.Audiences) { - err = fmt.Errorf("unable to match the audience: %v , accepted: %v", resp.Audiences, apiAuds) - klog.Error(err) - failed.ServeHTTP(w, req) - return - } - - // authorization header is not required anymore in case of a successful authentication. - req.Header.Del("Authorization") - - req = req.WithContext(genericapirequest.WithUser(req.Context(), resp.User)) - handler.ServeHTTP(w, req) - }) -} - -func Unauthorized(s runtime.NegotiatedSerializer) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - requestInfo, found := genericapirequest.RequestInfoFrom(ctx) - if !found { - responsewriters.InternalError(w, req, errors.New("no RequestInfo found in the context")) - return - } - - gv := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - responsewriters.ErrorNegotiated(apierrors.NewUnauthorized("Unauthorized"), s, gv, w, req) - }) -} - -func audiencesAreAcceptable(apiAuds, responseAudiences authenticator.Audiences) bool { - if len(apiAuds) == 0 || len(responseAudiences) == 0 { - return true - } - - return len(apiAuds.Intersect(responseAudiences)) > 0 -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authn_audit.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authn_audit.go deleted file mode 100644 index 092a9dd032..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authn_audit.go +++ /dev/null @@ -1,87 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "errors" - "fmt" - "net/http" - "strings" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" -) - -// WithFailedAuthenticationAudit decorates a failed http.Handler used in WithAuthentication handler. -// It is meant to log only failed authentication requests. -func WithFailedAuthenticationAudit(failedHandler http.Handler, sink audit.Sink, policy audit.PolicyRuleEvaluator) http.Handler { - if sink == nil || policy == nil { - return failedHandler - } - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ac, err := evaluatePolicyAndCreateAuditEvent(req, policy) - if err != nil { - utilruntime.HandleError(fmt.Errorf("failed to create audit event: %v", err)) - responsewriters.InternalError(w, req, errors.New("failed to create audit event")) - return - } - - if ac == nil || ac.Event == nil { - failedHandler.ServeHTTP(w, req) - return - } - ev := ac.Event - - ev.ResponseStatus = &metav1.Status{} - ev.ResponseStatus.Message = getAuthMethods(req) - ev.Stage = auditinternal.StageResponseStarted - - rw := decorateResponseWriter(req.Context(), w, ev, sink, ac.RequestAuditConfig.OmitStages) - failedHandler.ServeHTTP(rw, req) - }) -} - -func getAuthMethods(req *http.Request) string { - authMethods := []string{} - - if _, _, ok := req.BasicAuth(); ok { - authMethods = append(authMethods, "basic") - } - - auth := strings.TrimSpace(req.Header.Get("Authorization")) - parts := strings.Split(auth, " ") - if len(parts) > 1 && strings.ToLower(parts[0]) == "bearer" { - authMethods = append(authMethods, "bearer") - } - - token := strings.TrimSpace(req.URL.Query().Get("access_token")) - if len(token) > 0 { - authMethods = append(authMethods, "access_token") - } - - if req.TLS != nil && len(req.TLS.PeerCertificates) > 0 { - authMethods = append(authMethods, "x509") - } - - if len(authMethods) > 0 { - return fmt.Sprintf("Authentication failed, attempted: %s", strings.Join(authMethods, ", ")) - } - return "Authentication failed, no credentials provided" -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authorization.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authorization.go deleted file mode 100644 index fba5882839..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/authorization.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "context" - "errors" - "net/http" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/request" -) - -const ( - // Annotation key names set in advanced audit - decisionAnnotationKey = "authorization.k8s.io/decision" - reasonAnnotationKey = "authorization.k8s.io/reason" - - // Annotation values set in advanced audit - decisionAllow = "allow" - decisionForbid = "forbid" - reasonError = "internal error" -) - -// WithAuthorizationCheck passes all authorized requests on to handler, and returns a forbidden error otherwise. -func WithAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler { - if a == nil { - klog.Warning("Authorization is disabled") - return handler - } - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - - attributes, err := GetAuthorizerAttributes(ctx) - if err != nil { - responsewriters.InternalError(w, req, err) - return - } - authorized, reason, err := a.Authorize(ctx, attributes) - // an authorizer like RBAC could encounter evaluation errors and still allow the request, so authorizer decision is checked before error here. - if authorized == authorizer.DecisionAllow { - audit.AddAuditAnnotations(ctx, - decisionAnnotationKey, decisionAllow, - reasonAnnotationKey, reason) - handler.ServeHTTP(w, req) - return - } - if err != nil { - audit.AddAuditAnnotation(ctx, reasonAnnotationKey, reasonError) - responsewriters.InternalError(w, req, err) - return - } - - klog.V(4).InfoS("Forbidden", "URI", req.RequestURI, "Reason", reason) - audit.AddAuditAnnotations(ctx, - decisionAnnotationKey, decisionForbid, - reasonAnnotationKey, reason) - responsewriters.Forbidden(ctx, attributes, w, req, reason, s) - }) -} - -func GetAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error) { - attribs := authorizer.AttributesRecord{} - - user, ok := request.UserFrom(ctx) - if ok { - attribs.User = user - } - - requestInfo, found := request.RequestInfoFrom(ctx) - if !found { - return nil, errors.New("no RequestInfo found in the context") - } - - // Start with common attributes that apply to resource and non-resource requests - attribs.ResourceRequest = requestInfo.IsResourceRequest - attribs.Path = requestInfo.Path - attribs.Verb = requestInfo.Verb - - attribs.APIGroup = requestInfo.APIGroup - attribs.APIVersion = requestInfo.APIVersion - attribs.Resource = requestInfo.Resource - attribs.Subresource = requestInfo.Subresource - attribs.Namespace = requestInfo.Namespace - attribs.Name = requestInfo.Name - - return &attribs, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/cachecontrol.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/cachecontrol.go deleted file mode 100644 index e19f9d055f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/cachecontrol.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" -) - -// WithCacheControl sets the Cache-Control header to "no-cache, private" because all servers are protected by authn/authz. -// see https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching#defining_optimal_cache-control_policy -func WithCacheControl(handler http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - // Set the cache-control header if it is not already set - if _, ok := w.Header()["Cache-Control"]; !ok { - w.Header().Set("Cache-Control", "no-cache, private") - } - handler.ServeHTTP(w, req) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/doc.go deleted file mode 100644 index a13125a25a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package filters contains all the http handler chain filters which -// _are_ api related, i.e. which are prerequisite for the API services -// to work (in contrast to the filters in the server package which are -// not part of the API contract). -package filters // import "k8s.io/apiserver/pkg/endpoints/filters" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go deleted file mode 100644 index 1dc1fe4a50..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go +++ /dev/null @@ -1,256 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "errors" - "fmt" - "net/http" - "net/url" - "strings" - - "k8s.io/klog/v2" - - authenticationv1 "k8s.io/api/authentication/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authentication/serviceaccount" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/server/httplog" -) - -// WithImpersonation is a filter that will inspect and check requests that attempt to change the user.Info for their requests -func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - impersonationRequests, err := buildImpersonationRequests(req.Header) - if err != nil { - klog.V(4).Infof("%v", err) - responsewriters.InternalError(w, req, err) - return - } - if len(impersonationRequests) == 0 { - handler.ServeHTTP(w, req) - return - } - - ctx := req.Context() - requestor, exists := request.UserFrom(ctx) - if !exists { - responsewriters.InternalError(w, req, errors.New("no user found for request")) - return - } - - // if groups are not specified, then we need to look them up differently depending on the type of user - // if they are specified, then they are the authority (including the inclusion of system:authenticated/system:unauthenticated groups) - groupsSpecified := len(req.Header[authenticationv1.ImpersonateGroupHeader]) > 0 - - // make sure we're allowed to impersonate each thing we're requesting. While we're iterating through, start building username - // and group information - username := "" - groups := []string{} - userExtra := map[string][]string{} - uid := "" - for _, impersonationRequest := range impersonationRequests { - gvk := impersonationRequest.GetObjectKind().GroupVersionKind() - actingAsAttributes := &authorizer.AttributesRecord{ - User: requestor, - Verb: "impersonate", - APIGroup: gvk.Group, - APIVersion: gvk.Version, - Namespace: impersonationRequest.Namespace, - Name: impersonationRequest.Name, - ResourceRequest: true, - } - - switch gvk.GroupKind() { - case v1.SchemeGroupVersion.WithKind("ServiceAccount").GroupKind(): - actingAsAttributes.Resource = "serviceaccounts" - username = serviceaccount.MakeUsername(impersonationRequest.Namespace, impersonationRequest.Name) - if !groupsSpecified { - // if groups aren't specified for a service account, we know the groups because its a fixed mapping. Add them - groups = serviceaccount.MakeGroupNames(impersonationRequest.Namespace) - } - - case v1.SchemeGroupVersion.WithKind("User").GroupKind(): - actingAsAttributes.Resource = "users" - username = impersonationRequest.Name - - case v1.SchemeGroupVersion.WithKind("Group").GroupKind(): - actingAsAttributes.Resource = "groups" - groups = append(groups, impersonationRequest.Name) - - case authenticationv1.SchemeGroupVersion.WithKind("UserExtra").GroupKind(): - extraKey := impersonationRequest.FieldPath - extraValue := impersonationRequest.Name - actingAsAttributes.Resource = "userextras" - actingAsAttributes.Subresource = extraKey - userExtra[extraKey] = append(userExtra[extraKey], extraValue) - - case authenticationv1.SchemeGroupVersion.WithKind("UID").GroupKind(): - uid = string(impersonationRequest.Name) - actingAsAttributes.Resource = "uids" - - default: - klog.V(4).InfoS("unknown impersonation request type", "Request", impersonationRequest) - responsewriters.Forbidden(ctx, actingAsAttributes, w, req, fmt.Sprintf("unknown impersonation request type: %v", impersonationRequest), s) - return - } - - decision, reason, err := a.Authorize(ctx, actingAsAttributes) - if err != nil || decision != authorizer.DecisionAllow { - klog.V(4).InfoS("Forbidden", "URI", req.RequestURI, "Reason", reason, "Error", err) - responsewriters.Forbidden(ctx, actingAsAttributes, w, req, reason, s) - return - } - } - - if username != user.Anonymous { - // When impersonating a non-anonymous user, include the 'system:authenticated' group - // in the impersonated user info: - // - if no groups were specified - // - if a group has been specified other than 'system:authenticated' - // - // If 'system:unauthenticated' group has been specified we should not include - // the 'system:authenticated' group. - addAuthenticated := true - for _, group := range groups { - if group == user.AllAuthenticated || group == user.AllUnauthenticated { - addAuthenticated = false - break - } - } - - if addAuthenticated { - groups = append(groups, user.AllAuthenticated) - } - } else { - addUnauthenticated := true - for _, group := range groups { - if group == user.AllUnauthenticated { - addUnauthenticated = false - break - } - } - - if addUnauthenticated { - groups = append(groups, user.AllUnauthenticated) - } - } - - newUser := &user.DefaultInfo{ - Name: username, - Groups: groups, - Extra: userExtra, - UID: uid, - } - req = req.WithContext(request.WithUser(ctx, newUser)) - - oldUser, _ := request.UserFrom(ctx) - httplog.LogOf(req, w).Addf("%v is acting as %v", oldUser, newUser) - - ae := audit.AuditEventFrom(ctx) - audit.LogImpersonatedUser(ae, newUser) - - // clear all the impersonation headers from the request - req.Header.Del(authenticationv1.ImpersonateUserHeader) - req.Header.Del(authenticationv1.ImpersonateGroupHeader) - req.Header.Del(authenticationv1.ImpersonateUIDHeader) - for headerName := range req.Header { - if strings.HasPrefix(headerName, authenticationv1.ImpersonateUserExtraHeaderPrefix) { - req.Header.Del(headerName) - } - } - - handler.ServeHTTP(w, req) - }) -} - -func unescapeExtraKey(encodedKey string) string { - key, err := url.PathUnescape(encodedKey) // Decode %-encoded bytes. - if err != nil { - return encodedKey // Always record extra strings, even if malformed/unencoded. - } - return key -} - -// buildImpersonationRequests returns a list of objectreferences that represent the different things we're requesting to impersonate. -// Also includes a map[string][]string representing user.Info.Extra -// Each request must be authorized against the current user before switching contexts. -func buildImpersonationRequests(headers http.Header) ([]v1.ObjectReference, error) { - impersonationRequests := []v1.ObjectReference{} - - requestedUser := headers.Get(authenticationv1.ImpersonateUserHeader) - hasUser := len(requestedUser) > 0 - if hasUser { - if namespace, name, err := serviceaccount.SplitUsername(requestedUser); err == nil { - impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "ServiceAccount", Namespace: namespace, Name: name}) - } else { - impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "User", Name: requestedUser}) - } - } - - hasGroups := false - for _, group := range headers[authenticationv1.ImpersonateGroupHeader] { - hasGroups = true - impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "Group", Name: group}) - } - - hasUserExtra := false - for headerName, values := range headers { - if !strings.HasPrefix(headerName, authenticationv1.ImpersonateUserExtraHeaderPrefix) { - continue - } - - hasUserExtra = true - extraKey := unescapeExtraKey(strings.ToLower(headerName[len(authenticationv1.ImpersonateUserExtraHeaderPrefix):])) - - // make a separate request for each extra value they're trying to set - for _, value := range values { - impersonationRequests = append(impersonationRequests, - v1.ObjectReference{ - Kind: "UserExtra", - // we only parse out a group above, but the parsing will fail if there isn't SOME version - // using the internal version will help us fail if anyone starts using it - APIVersion: authenticationv1.SchemeGroupVersion.String(), - Name: value, - // ObjectReference doesn't have a subresource field. FieldPath is close and available, so we'll use that - // TODO fight the good fight for ObjectReference to refer to resources and subresources - FieldPath: extraKey, - }) - } - } - - requestedUID := headers.Get(authenticationv1.ImpersonateUIDHeader) - hasUID := len(requestedUID) > 0 - if hasUID { - impersonationRequests = append(impersonationRequests, v1.ObjectReference{ - Kind: "UID", - Name: requestedUID, - APIVersion: authenticationv1.SchemeGroupVersion.String(), - }) - } - - if (hasGroups || hasUserExtra || hasUID) && !hasUser { - return nil, fmt.Errorf("requested %v without impersonating a user", impersonationRequests) - } - - return impersonationRequests, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/metrics.go deleted file mode 100644 index 47e1be847c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/metrics.go +++ /dev/null @@ -1,116 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "context" - "strings" - "time" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -const ( - successLabel = "success" - failureLabel = "failure" - errorLabel = "error" -) - -var ( - authenticatedUserCounter = metrics.NewCounterVec( - &metrics.CounterOpts{ - Name: "authenticated_user_requests", - Help: "Counter of authenticated requests broken out by username.", - StabilityLevel: metrics.ALPHA, - }, - []string{"username"}, - ) - - authenticatedAttemptsCounter = metrics.NewCounterVec( - &metrics.CounterOpts{ - Name: "authentication_attempts", - Help: "Counter of authenticated attempts.", - StabilityLevel: metrics.ALPHA, - }, - []string{"result"}, - ) - - authenticationLatency = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Name: "authentication_duration_seconds", - Help: "Authentication duration in seconds broken out by result.", - Buckets: metrics.ExponentialBuckets(0.001, 2, 15), - StabilityLevel: metrics.ALPHA, - }, - []string{"result"}, - ) -) - -func init() { - legacyregistry.MustRegister(authenticatedUserCounter) - legacyregistry.MustRegister(authenticatedAttemptsCounter) - legacyregistry.MustRegister(authenticationLatency) -} - -func recordAuthMetrics(ctx context.Context, resp *authenticator.Response, ok bool, err error, apiAudiences authenticator.Audiences, authStart time.Time, authFinish time.Time) { - var resultLabel string - - switch { - case err != nil || (resp != nil && !audiencesAreAcceptable(apiAudiences, resp.Audiences)): - resultLabel = errorLabel - case !ok: - resultLabel = failureLabel - default: - resultLabel = successLabel - authenticatedUserCounter.WithContext(ctx).WithLabelValues(compressUsername(resp.User.GetName())).Inc() - } - - authenticatedAttemptsCounter.WithContext(ctx).WithLabelValues(resultLabel).Inc() - authenticationLatency.WithContext(ctx).WithLabelValues(resultLabel).Observe(authFinish.Sub(authStart).Seconds()) -} - -// compressUsername maps all possible usernames onto a small set of categories -// of usernames. This is done both to limit the cardinality of the -// authorized_user_requests metric, and to avoid pushing actual usernames in the -// metric. -func compressUsername(username string) string { - switch { - // Known internal identities. - case username == "admin" || - username == "client" || - username == "kube_proxy" || - username == "kubelet" || - username == "system:serviceaccount:kube-system:default": - return username - // Probably an email address. - case strings.Contains(username, "@"): - return "email_id" - // Anything else (custom service accounts, custom external identities, etc.) - default: - return "other" - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/mux_discovery_complete.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/mux_discovery_complete.go deleted file mode 100644 index d2fee3b158..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/mux_discovery_complete.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "context" - "net/http" -) - -type muxAndDiscoveryIncompleteKeyType int - -const ( - // muxAndDiscoveryIncompleteKey is a key under which a protection signal for all requests made before the server have installed all known HTTP paths is stored in the request's context - muxAndDiscoveryIncompleteKey muxAndDiscoveryIncompleteKeyType = iota -) - -// NoMuxAndDiscoveryIncompleteKey checks if the context contains muxAndDiscoveryIncompleteKey. -// The presence of the key indicates the request has been made when the HTTP paths weren't installed. -func NoMuxAndDiscoveryIncompleteKey(ctx context.Context) bool { - muxAndDiscoveryCompleteProtectionKeyValue, _ := ctx.Value(muxAndDiscoveryIncompleteKey).(string) - return len(muxAndDiscoveryCompleteProtectionKeyValue) == 0 -} - -// WithMuxAndDiscoveryComplete puts the muxAndDiscoveryIncompleteKey in the context if a request has been made before muxAndDiscoveryCompleteSignal has been ready. -// Putting the key protect us from returning a 404 response instead of a 503. -// It is especially important for controllers like GC and NS since they act on 404s. -// -// The presence of the key is checked in the NotFoundHandler (staging/src/k8s.io/apiserver/pkg/util/notfoundhandler/not_found_handler.go) -// -// The primary reason this filter exists is to protect from a potential race between the client's requests reaching the NotFoundHandler and the server becoming ready. -// Without the protection key a request could still get a 404 response when the registered signals changed their status just slightly before reaching the new handler. -// In that case, the presence of the key will make the handler return a 503 instead of a 404. -func WithMuxAndDiscoveryComplete(handler http.Handler, muxAndDiscoveryCompleteSignal <-chan struct{}) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - if muxAndDiscoveryCompleteSignal != nil && !isClosed(muxAndDiscoveryCompleteSignal) { - req = req.WithContext(context.WithValue(req.Context(), muxAndDiscoveryIncompleteKey, "MuxAndDiscoveryInstallationNotComplete")) - } - handler.ServeHTTP(w, req) - }) -} - -// isClosed is a convenience function that simply check if the given chan has been closed -func isClosed(ch <-chan struct{}) bool { - select { - case <-ch: - return true - default: - return false - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/request_deadline.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/request_deadline.go deleted file mode 100644 index 66b569e891..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/request_deadline.go +++ /dev/null @@ -1,173 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "context" - "errors" - "fmt" - "net/http" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -const ( - // The 'timeout' query parameter in the request URL has an invalid duration specifier - invalidTimeoutInURL = "invalid timeout specified in the request URL" -) - -// WithRequestDeadline determines the timeout duration applicable to the given request and sets a new context -// with the appropriate deadline. -// auditWrapper provides an http.Handler that audits a failed request. -// longRunning returns true if he given request is a long running request. -// requestTimeoutMaximum specifies the default request timeout value. -func WithRequestDeadline(handler http.Handler, sink audit.Sink, policy audit.PolicyRuleEvaluator, longRunning request.LongRunningRequestCheck, - negotiatedSerializer runtime.NegotiatedSerializer, requestTimeoutMaximum time.Duration) http.Handler { - return withRequestDeadline(handler, sink, policy, longRunning, negotiatedSerializer, requestTimeoutMaximum, clock.RealClock{}) -} - -func withRequestDeadline(handler http.Handler, sink audit.Sink, policy audit.PolicyRuleEvaluator, longRunning request.LongRunningRequestCheck, - negotiatedSerializer runtime.NegotiatedSerializer, requestTimeoutMaximum time.Duration, clock clock.PassiveClock) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - - requestInfo, ok := request.RequestInfoFrom(ctx) - if !ok { - handleError(w, req, http.StatusInternalServerError, fmt.Errorf("no RequestInfo found in context, handler chain must be wrong")) - return - } - if longRunning(req, requestInfo) { - handler.ServeHTTP(w, req) - return - } - - userSpecifiedTimeout, ok, err := parseTimeout(req) - if err != nil { - statusErr := apierrors.NewBadRequest(err.Error()) - - klog.Errorf("Error - %s: %#v", err.Error(), req.RequestURI) - - failed := failedErrorHandler(negotiatedSerializer, statusErr) - failWithAudit := withFailedRequestAudit(failed, statusErr, sink, policy) - failWithAudit.ServeHTTP(w, req) - return - } - - timeout := requestTimeoutMaximum - if ok { - // we use the default timeout enforced by the apiserver: - // - if the user has specified a timeout of 0s, this implies no timeout on the user's part. - // - if the user has specified a timeout that exceeds the maximum deadline allowed by the apiserver. - if userSpecifiedTimeout > 0 && userSpecifiedTimeout < requestTimeoutMaximum { - timeout = userSpecifiedTimeout - } - } - - started := clock.Now() - if requestStartedTimestamp, ok := request.ReceivedTimestampFrom(ctx); ok { - started = requestStartedTimestamp - } - - ctx, cancel := context.WithDeadline(ctx, started.Add(timeout)) - defer cancel() - - req = req.WithContext(ctx) - handler.ServeHTTP(w, req) - }) -} - -// withFailedRequestAudit decorates a failed http.Handler and is used to audit a failed request. -// statusErr is used to populate the Message property of ResponseStatus. -func withFailedRequestAudit(failedHandler http.Handler, statusErr *apierrors.StatusError, sink audit.Sink, policy audit.PolicyRuleEvaluator) http.Handler { - if sink == nil || policy == nil { - return failedHandler - } - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ac, err := evaluatePolicyAndCreateAuditEvent(req, policy) - if err != nil { - utilruntime.HandleError(fmt.Errorf("failed to create audit event: %v", err)) - responsewriters.InternalError(w, req, errors.New("failed to create audit event")) - return - } - - if ac == nil || ac.Event == nil { - failedHandler.ServeHTTP(w, req) - return - } - ev := ac.Event - - ev.ResponseStatus = &metav1.Status{} - ev.Stage = auditinternal.StageResponseStarted - if statusErr != nil { - ev.ResponseStatus.Message = statusErr.Error() - } - - rw := decorateResponseWriter(req.Context(), w, ev, sink, ac.RequestAuditConfig.OmitStages) - failedHandler.ServeHTTP(rw, req) - }) -} - -// failedErrorHandler returns an http.Handler that uses the specified StatusError object -// to render an error response to the request. -func failedErrorHandler(s runtime.NegotiatedSerializer, statusError *apierrors.StatusError) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - requestInfo, found := request.RequestInfoFrom(ctx) - if !found { - responsewriters.InternalError(w, req, errors.New("no RequestInfo found in the context")) - return - } - - gv := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - responsewriters.ErrorNegotiated(statusError, s, gv, w, req) - }) -} - -// parseTimeout parses the given HTTP request URL and extracts the timeout query parameter -// value if specified by the user. -// If a timeout is not specified the function returns false and err is set to nil -// If the value specified is malformed then the function returns false and err is set -func parseTimeout(req *http.Request) (time.Duration, bool, error) { - value := req.URL.Query().Get("timeout") - if value == "" { - return 0, false, nil - } - - timeout, err := time.ParseDuration(value) - if err != nil { - return 0, false, fmt.Errorf("%s - %s", invalidTimeoutInURL, err.Error()) - } - - return timeout, true, nil -} - -func handleError(w http.ResponseWriter, r *http.Request, code int, err error) { - errorMsg := fmt.Sprintf("Error - %s: %#v", err.Error(), r.RequestURI) - http.Error(w, errorMsg, code) - klog.Errorf(errorMsg) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/request_received_time.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/request_received_time.go deleted file mode 100644 index 576bb3e7a2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/request_received_time.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" - - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/utils/clock" -) - -// WithRequestReceivedTimestamp attaches the ReceivedTimestamp (the time the request reached -// the apiserver) to the context. -func WithRequestReceivedTimestamp(handler http.Handler) http.Handler { - return withRequestReceivedTimestampWithClock(handler, clock.RealClock{}) -} - -// The clock is passed as a parameter, handy for unit testing. -func withRequestReceivedTimestampWithClock(handler http.Handler, clock clock.PassiveClock) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - req = req.WithContext(request.WithReceivedTimestamp(ctx, clock.Now())) - - handler.ServeHTTP(w, req) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/requestinfo.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/requestinfo.go deleted file mode 100644 index 9cc524d4e2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/requestinfo.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "fmt" - "net/http" - - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/request" -) - -// WithRequestInfo attaches a RequestInfo to the context. -func WithRequestInfo(handler http.Handler, resolver request.RequestInfoResolver) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - info, err := resolver.NewRequestInfo(req) - if err != nil { - responsewriters.InternalError(w, req, fmt.Errorf("failed to create RequestInfo: %v", err)) - return - } - - req = req.WithContext(request.WithRequestInfo(ctx, info)) - - handler.ServeHTTP(w, req) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/storageversion.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/storageversion.go deleted file mode 100644 index 414fc194ef..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/storageversion.go +++ /dev/null @@ -1,121 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "errors" - "fmt" - "net/http" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/storageversion" - _ "k8s.io/component-base/metrics/prometheus/workqueue" // for workqueue metric registration - "k8s.io/klog/v2" -) - -// WithStorageVersionPrecondition checks if the storage version barrier has -// completed, if not, it only passes the following API requests: -// 1. non-resource requests, -// 2. read requests, -// 3. write requests to the storageversion API, -// 4. create requests to the namespace API sent by apiserver itself, -// 5. write requests to the lease API in kube-system namespace, -// 6. resources whose StorageVersion is not pending update, including non-persisted resources. -func WithStorageVersionPrecondition(handler http.Handler, svm storageversion.Manager, s runtime.NegotiatedSerializer) http.Handler { - if svm == nil { - // TODO(roycaihw): switch to warning after the feature graduate to beta/GA - klog.V(2).Infof("Storage Version barrier is disabled") - return handler - } - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - if svm.Completed() { - handler.ServeHTTP(w, req) - return - } - ctx := req.Context() - requestInfo, found := request.RequestInfoFrom(ctx) - if !found { - responsewriters.InternalError(w, req, errors.New("no RequestInfo found in the context")) - return - } - // Allow non-resource requests - if !requestInfo.IsResourceRequest { - handler.ServeHTTP(w, req) - return - } - // Allow read requests - if requestInfo.Verb == "get" || requestInfo.Verb == "list" || requestInfo.Verb == "watch" { - handler.ServeHTTP(w, req) - return - } - // Allow writes to the storage version API - if requestInfo.APIGroup == "internal.apiserver.k8s.io" && requestInfo.Resource == "storageversions" { - handler.ServeHTTP(w, req) - return - } - // The system namespace is required for apiserver-identity lease to exist. Allow the apiserver - // itself to create namespaces. - // NOTE: with this exception, if the bootstrap client writes namespaces with a new version, - // and the upgraded apiserver dies before updating the StorageVersion for namespaces, the - // storage migrator won't be able to tell these namespaces are stored in a different version in etcd. - // Because the bootstrap client only creates system namespace and doesn't update them, this can - // only happen if the upgraded apiserver is the first apiserver that kicks off namespace creation, - // or if an upgraded server that joins an existing cluster has new system namespaces (other - // than kube-system, kube-public, kube-node-lease) that need to be created. - u, hasUser := request.UserFrom(ctx) - if requestInfo.APIGroup == "" && requestInfo.Resource == "namespaces" && - requestInfo.Verb == "create" && hasUser && - u.GetName() == user.APIServerUser && contains(u.GetGroups(), user.SystemPrivilegedGroup) { - handler.ServeHTTP(w, req) - return - } - // Allow writes to the lease API in kube-system. The storage version API depends on the - // apiserver-identity leases to operate. Leases in kube-system are either apiserver-identity - // lease (which gets garbage collected when stale) or leader-election leases (which gets - // periodically updated by system components). Both types of leases won't be stale in etcd. - if requestInfo.APIGroup == "coordination.k8s.io" && requestInfo.Resource == "leases" && - requestInfo.Namespace == metav1.NamespaceSystem { - handler.ServeHTTP(w, req) - return - } - // If the resource's StorageVersion is not in the to-be-updated list, let it pass. - // Non-persisted resources are not in the to-be-updated list, so they will pass. - gr := schema.GroupResource{requestInfo.APIGroup, requestInfo.Resource} - if !svm.PendingUpdate(gr) { - handler.ServeHTTP(w, req) - return - } - - gv := schema.GroupVersion{requestInfo.APIGroup, requestInfo.APIVersion} - responsewriters.ErrorNegotiated(apierrors.NewServiceUnavailable(fmt.Sprintf("wait for storage version registration to complete for resource: %v, last seen error: %v", gr, svm.LastUpdateError(gr))), s, gv, w, req) - }) -} - -func contains(s []string, e string) bool { - for _, a := range s { - if a == e { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/traces.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/traces.go deleted file mode 100644 index 67a1790c56..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/traces.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" - - "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" - "go.opentelemetry.io/otel/trace" - - tracing "k8s.io/component-base/tracing" -) - -// WithTracing adds tracing to requests if the incoming request is sampled -func WithTracing(handler http.Handler, tp trace.TracerProvider) http.Handler { - opts := []otelhttp.Option{ - otelhttp.WithPropagators(tracing.Propagators()), - otelhttp.WithPublicEndpoint(), - otelhttp.WithTracerProvider(tp), - } - // With Noop TracerProvider, the otelhttp still handles context propagation. - // See https://github.com/open-telemetry/opentelemetry-go/tree/main/example/passthrough - return otelhttp.NewHandler(handler, "KubernetesAPI", opts...) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/warning.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/warning.go deleted file mode 100644 index 55e85f0b73..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/warning.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "fmt" - "net/http" - "sync" - "unicode/utf8" - - "k8s.io/apimachinery/pkg/util/net" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/warning" -) - -// WithWarningRecorder attaches a deduplicating k8s.io/apiserver/pkg/warning#WarningRecorder to the request context. -func WithWarningRecorder(handler http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - recorder := &recorder{writer: w} - req = req.WithContext(warning.WithWarningRecorder(req.Context(), recorder)) - handler.ServeHTTP(w, req) - }) -} - -var ( - truncateAtTotalRunes = 4 * 1024 - truncateItemRunes = 256 -) - -type recordedWarning struct { - agent string - text string -} - -type recorder struct { - // lock guards calls to AddWarning from multiple threads - lock sync.Mutex - - // recorded tracks whether AddWarning was already called with a given text - recorded map[string]bool - - // ordered tracks warnings added so they can be replayed and truncated if needed - ordered []recordedWarning - - // written tracks how many runes of text have been added as warning headers - written int - - // truncating tracks if we have already exceeded truncateAtTotalRunes and are now truncating warning messages as we add them - truncating bool - - // writer is the response writer to add warning headers to - writer http.ResponseWriter -} - -func (r *recorder) AddWarning(agent, text string) { - if len(text) == 0 { - return - } - - r.lock.Lock() - defer r.lock.Unlock() - - // if we've already exceeded our limit and are already truncating, return early - if r.written >= truncateAtTotalRunes && r.truncating { - return - } - - // init if needed - if r.recorded == nil { - r.recorded = map[string]bool{} - } - - // dedupe if already warned - if r.recorded[text] { - return - } - r.recorded[text] = true - r.ordered = append(r.ordered, recordedWarning{agent: agent, text: text}) - - // truncate on a rune boundary, if needed - textRuneLength := utf8.RuneCountInString(text) - if r.truncating && textRuneLength > truncateItemRunes { - text = string([]rune(text)[:truncateItemRunes]) - textRuneLength = truncateItemRunes - } - - // compute the header - header, err := net.NewWarningHeader(299, agent, text) - if err != nil { - return - } - - // if this fits within our limit, or we're already truncating, write and return - if r.written+textRuneLength <= truncateAtTotalRunes || r.truncating { - r.written += textRuneLength - r.writer.Header().Add("Warning", header) - return - } - - // otherwise, enable truncation, reset, and replay the existing items as truncated warnings - r.truncating = true - r.written = 0 - r.writer.Header().Del("Warning") - utilruntime.HandleError(fmt.Errorf("exceeded max warning header size, truncating")) - for _, w := range r.ordered { - agent := w.agent - text := w.text - - textRuneLength := utf8.RuneCountInString(text) - if textRuneLength > truncateItemRunes { - text = string([]rune(text)[:truncateItemRunes]) - textRuneLength = truncateItemRunes - } - if header, err := net.NewWarningHeader(299, agent, text); err == nil { - r.written += textRuneLength - r.writer.Header().Add("Warning", header) - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/webhook_duration.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/webhook_duration.go deleted file mode 100644 index 8ac47422a4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/filters/webhook_duration.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "context" - "fmt" - "net/http" - "time" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/endpoints/responsewriter" -) - -var ( - watchVerbs = sets.NewString("watch") -) - -// WithLatencyTrackers adds a LatencyTrackers instance to the -// context associated with a request so that we can measure latency -// incurred in various components within the apiserver. -func WithLatencyTrackers(handler http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - requestInfo, ok := request.RequestInfoFrom(ctx) - if !ok { - handleError(w, req, http.StatusInternalServerError, fmt.Errorf("no RequestInfo found in context, handler chain must be wrong")) - return - } - - if watchVerbs.Has(requestInfo.Verb) { - handler.ServeHTTP(w, req) - return - } - - req = req.WithContext(request.WithLatencyTrackers(ctx)) - w = responsewriter.WrapForHTTP1Or2(&writeLatencyTracker{ - ResponseWriter: w, - ctx: req.Context(), - }) - - handler.ServeHTTP(w, req) - }) -} - -var _ http.ResponseWriter = &writeLatencyTracker{} -var _ responsewriter.UserProvidedDecorator = &writeLatencyTracker{} - -type writeLatencyTracker struct { - http.ResponseWriter - ctx context.Context -} - -func (wt *writeLatencyTracker) Unwrap() http.ResponseWriter { - return wt.ResponseWriter -} - -func (wt *writeLatencyTracker) Write(bs []byte) (int, error) { - startedAt := time.Now() - defer func() { - request.TrackResponseWriteLatency(wt.ctx, time.Since(startedAt)) - }() - - return wt.ResponseWriter.Write(bs) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/groupversion.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/groupversion.go deleted file mode 100644 index 34b80b4499..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/groupversion.go +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package endpoints - -import ( - "path" - "time" - - restful "github.com/emicklei/go-restful/v3" - - apidiscoveryv2beta1 "k8s.io/api/apidiscovery/v2beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/endpoints/discovery" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storageversion" - openapiproto "k8s.io/kube-openapi/pkg/util/proto" -) - -// ConvertabilityChecker indicates what versions a GroupKind is available in. -type ConvertabilityChecker interface { - // VersionsForGroupKind indicates what versions are available to convert a group kind. This determines - // what our decoding abilities are. - VersionsForGroupKind(gk schema.GroupKind) []schema.GroupVersion -} - -// APIGroupVersion is a helper for exposing rest.Storage objects as http.Handlers via go-restful -// It handles URLs of the form: -// /${storage_key}[/${object_name}] -// Where 'storage_key' points to a rest.Storage object stored in storage. -// This object should contain all parameterization necessary for running a particular API version -type APIGroupVersion struct { - Storage map[string]rest.Storage - - Root string - - // GroupVersion is the external group version - GroupVersion schema.GroupVersion - - // OptionsExternalVersion controls the Kubernetes APIVersion used for common objects in the apiserver - // schema like api.Status, api.DeleteOptions, and metav1.ListOptions. Other implementors may - // define a version "v1beta1" but want to use the Kubernetes "v1" internal objects. If - // empty, defaults to GroupVersion. - OptionsExternalVersion *schema.GroupVersion - // MetaGroupVersion defaults to "meta.k8s.io/v1" and is the scheme group version used to decode - // common API implementations like ListOptions. Future changes will allow this to vary by group - // version (for when the inevitable meta/v2 group emerges). - MetaGroupVersion *schema.GroupVersion - - // RootScopedKinds are the root scoped kinds for the primary GroupVersion - RootScopedKinds sets.String - - // Serializer is used to determine how to convert responses from API methods into bytes to send over - // the wire. - Serializer runtime.NegotiatedSerializer - ParameterCodec runtime.ParameterCodec - - Typer runtime.ObjectTyper - Creater runtime.ObjectCreater - Convertor runtime.ObjectConvertor - ConvertabilityChecker ConvertabilityChecker - Defaulter runtime.ObjectDefaulter - Namer runtime.Namer - UnsafeConvertor runtime.ObjectConvertor - TypeConverter fieldmanager.TypeConverter - - EquivalentResourceRegistry runtime.EquivalentResourceRegistry - - // Authorizer determines whether a user is allowed to make a certain request. The Handler does a preliminary - // authorization check using the request URI but it may be necessary to make additional checks, such as in - // the create-on-update case - Authorizer authorizer.Authorizer - - Admit admission.Interface - - MinRequestTimeout time.Duration - - // OpenAPIModels exposes the OpenAPI models to each individual handler. - OpenAPIModels openapiproto.Models - - // The limit on the request body size that would be accepted and decoded in a write request. - // 0 means no limit. - MaxRequestBodyBytes int64 -} - -// InstallREST registers the REST handlers (storage, watch, proxy and redirect) into a restful Container. -// It is expected that the provided path root prefix will serve all operations. Root MUST NOT end -// in a slash. -func (g *APIGroupVersion) InstallREST(container *restful.Container) ([]apidiscoveryv2beta1.APIResourceDiscovery, []*storageversion.ResourceInfo, error) { - prefix := path.Join(g.Root, g.GroupVersion.Group, g.GroupVersion.Version) - installer := &APIInstaller{ - group: g, - prefix: prefix, - minRequestTimeout: g.MinRequestTimeout, - } - - apiResources, resourceInfos, ws, registrationErrors := installer.Install() - versionDiscoveryHandler := discovery.NewAPIVersionHandler(g.Serializer, g.GroupVersion, staticLister{apiResources}) - versionDiscoveryHandler.AddToWebService(ws) - container.Add(ws) - aggregatedDiscoveryResources, err := ConvertGroupVersionIntoToDiscovery(apiResources) - if err != nil { - registrationErrors = append(registrationErrors, err) - } - return aggregatedDiscoveryResources, removeNonPersistedResources(resourceInfos), utilerrors.NewAggregate(registrationErrors) -} - -func removeNonPersistedResources(infos []*storageversion.ResourceInfo) []*storageversion.ResourceInfo { - var filtered []*storageversion.ResourceInfo - for _, info := range infos { - // if EncodingVersion is empty, then the apiserver does not - // need to register this resource via the storage version API, - // thus we can remove it. - if info != nil && len(info.EncodingVersion) > 0 { - filtered = append(filtered, info) - } - } - return filtered -} - -// staticLister implements the APIResourceLister interface -type staticLister struct { - list []metav1.APIResource -} - -func (s staticLister) ListAPIResources() []metav1.APIResource { - return s.list -} - -var _ discovery.APIResourceLister = &staticLister{} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go deleted file mode 100644 index 71f4990a02..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/create.go +++ /dev/null @@ -1,279 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "bytes" - "context" - "fmt" - "net/http" - "strings" - "time" - "unicode" - "unicode/utf8" - - "go.opentelemetry.io/otel/attribute" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metainternalversionscheme "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - "k8s.io/apiserver/pkg/endpoints/handlers/finisher" - requestmetrics "k8s.io/apiserver/pkg/endpoints/handlers/metrics" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" -) - -var namespaceGVR = schema.GroupVersionResource{Group: "", Version: "v1", Resource: "namespaces"} - -func createHandler(r rest.NamedCreater, scope *RequestScope, admit admission.Interface, includeName bool) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - // For performance tracking purposes. - ctx, span := tracing.Start(ctx, "Create", traceFields(req)...) - defer span.End(500 * time.Millisecond) - - namespace, name, err := scope.Namer.Name(req) - if err != nil { - if includeName { - // name was required, return - scope.err(err, w, req) - return - } - - // otherwise attempt to look up the namespace - namespace, err = scope.Namer.Namespace(req) - if err != nil { - scope.err(err, w, req) - return - } - } - - // enforce a timeout of at most requestTimeoutUpperBound (34s) or less if the user-provided - // timeout inside the parent context is lower than requestTimeoutUpperBound. - ctx, cancel := context.WithTimeout(ctx, requestTimeoutUpperBound) - defer cancel() - outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - - gv := scope.Kind.GroupVersion() - s, err := negotiation.NegotiateInputSerializer(req, false, scope.Serializer) - if err != nil { - scope.err(err, w, req) - return - } - - body, err := limitedReadBodyWithRecordMetric(ctx, req, scope.MaxRequestBodyBytes, scope.Resource.GroupResource().String(), requestmetrics.Create) - if err != nil { - span.AddEvent("limitedReadBody failed", attribute.Int("len", len(body)), attribute.String("err", err.Error())) - scope.err(err, w, req) - return - } - span.AddEvent("limitedReadBody succeeded", attribute.Int("len", len(body))) - - options := &metav1.CreateOptions{} - values := req.URL.Query() - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(values, scope.MetaGroupVersion, options); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - if errs := validation.ValidateCreateOptions(options); len(errs) > 0 { - err := errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "CreateOptions"}, "", errs) - scope.err(err, w, req) - return - } - options.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("CreateOptions")) - - defaultGVK := scope.Kind - original := r.New() - - validationDirective := fieldValidation(options.FieldValidation) - decodeSerializer := s.Serializer - if validationDirective == metav1.FieldValidationWarn || validationDirective == metav1.FieldValidationStrict { - decodeSerializer = s.StrictSerializer - } - - decoder := scope.Serializer.DecoderToVersion(decodeSerializer, scope.HubGroupVersion) - span.AddEvent("About to convert to expected version") - obj, gvk, err := decoder.Decode(body, &defaultGVK, original) - if err != nil { - strictError, isStrictError := runtime.AsStrictDecodingError(err) - switch { - case isStrictError && obj != nil && validationDirective == metav1.FieldValidationWarn: - addStrictDecodingWarnings(req.Context(), strictError.Errors()) - case isStrictError && validationDirective == metav1.FieldValidationIgnore: - klog.Warningf("unexpected strict error when field validation is set to ignore") - fallthrough - default: - err = transformDecodeError(scope.Typer, err, original, gvk, body) - scope.err(err, w, req) - return - } - } - - objGV := gvk.GroupVersion() - if !scope.AcceptsGroupVersion(objGV) { - err = errors.NewBadRequest(fmt.Sprintf("the API version in the data (%s) does not match the expected API version (%v)", objGV.String(), gv.String())) - scope.err(err, w, req) - return - } - span.AddEvent("Conversion done") - - // On create, get name from new object if unset - if len(name) == 0 { - _, name, _ = scope.Namer.ObjectName(obj) - } - if len(namespace) == 0 && scope.Resource == namespaceGVR { - namespace = name - } - ctx = request.WithNamespace(ctx, namespace) - - admit = admission.WithAudit(admit) - audit.LogRequestObject(req.Context(), obj, objGV, scope.Resource, scope.Subresource, scope.Serializer) - - userInfo, _ := request.UserFrom(ctx) - - if objectMeta, err := meta.Accessor(obj); err == nil { - // Wipe fields which cannot take user-provided values - rest.WipeObjectMetaSystemFields(objectMeta) - - // ensure namespace on the object is correct, or error if a conflicting namespace was set in the object - if err := rest.EnsureObjectNamespaceMatchesRequestNamespace(rest.ExpectedNamespaceForResource(namespace, scope.Resource), objectMeta); err != nil { - scope.err(err, w, req) - return - } - } - - span.AddEvent("About to store object in database") - admissionAttributes := admission.NewAttributesRecord(obj, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, options, dryrun.IsDryRun(options.DryRun), userInfo) - requestFunc := func() (runtime.Object, error) { - return r.Create( - ctx, - name, - obj, - rest.AdmissionToValidateObjectFunc(admit, admissionAttributes, scope), - options, - ) - } - // Dedup owner references before updating managed fields - dedupOwnerReferencesAndAddWarning(obj, req.Context(), false) - result, err := finisher.FinishRequest(ctx, func() (runtime.Object, error) { - if scope.FieldManager != nil { - liveObj, err := scope.Creater.New(scope.Kind) - if err != nil { - return nil, fmt.Errorf("failed to create new object (Create for %v): %v", scope.Kind, err) - } - obj = scope.FieldManager.UpdateNoErrors(liveObj, obj, managerOrUserAgent(options.FieldManager, req.UserAgent())) - admit = fieldmanager.NewManagedFieldsValidatingAdmissionController(admit) - } - if mutatingAdmission, ok := admit.(admission.MutationInterface); ok && mutatingAdmission.Handles(admission.Create) { - if err := mutatingAdmission.Admit(ctx, admissionAttributes, scope); err != nil { - return nil, err - } - } - // Dedup owner references again after mutating admission happens - dedupOwnerReferencesAndAddWarning(obj, req.Context(), true) - result, err := requestFunc() - // If the object wasn't committed to storage because it's serialized size was too large, - // it is safe to remove managedFields (which can be large) and try again. - if isTooLargeError(err) { - if accessor, accessorErr := meta.Accessor(obj); accessorErr == nil { - accessor.SetManagedFields(nil) - result, err = requestFunc() - } - } - return result, err - }) - if err != nil { - span.AddEvent("Write to database call failed", attribute.Int("len", len(body)), attribute.String("err", err.Error())) - scope.err(err, w, req) - return - } - span.AddEvent("Write to database call succeeded", attribute.Int("len", len(body))) - - code := http.StatusCreated - status, ok := result.(*metav1.Status) - if ok && status.Code == 0 { - status.Code = int32(code) - } - - span.AddEvent("About to write a response") - defer span.AddEvent("Writing http response done") - transformResponseObject(ctx, scope, req, w, code, outputMediaType, result) - } -} - -// CreateNamedResource returns a function that will handle a resource creation with name. -func CreateNamedResource(r rest.NamedCreater, scope *RequestScope, admission admission.Interface) http.HandlerFunc { - return createHandler(r, scope, admission, true) -} - -// CreateResource returns a function that will handle a resource creation. -func CreateResource(r rest.Creater, scope *RequestScope, admission admission.Interface) http.HandlerFunc { - return createHandler(&namedCreaterAdapter{r}, scope, admission, false) -} - -type namedCreaterAdapter struct { - rest.Creater -} - -func (c *namedCreaterAdapter) Create(ctx context.Context, name string, obj runtime.Object, createValidatingAdmission rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - return c.Creater.Create(ctx, obj, createValidatingAdmission, options) -} - -// manager is assumed to be already a valid value, we need to make -// userAgent into a valid value too. -func managerOrUserAgent(manager, userAgent string) string { - if manager != "" { - return manager - } - return prefixFromUserAgent(userAgent) -} - -// prefixFromUserAgent takes the characters preceding the first /, quote -// unprintable character and then trim what's beyond the -// FieldManagerMaxLength limit. -func prefixFromUserAgent(u string) string { - m := strings.Split(u, "/")[0] - buf := bytes.NewBuffer(nil) - for _, r := range m { - // Ignore non-printable characters - if !unicode.IsPrint(r) { - continue - } - // Only append if we have room for it - if buf.Len()+utf8.RuneLen(r) > validation.FieldManagerMaxLength { - break - } - buf.WriteRune(r) - } - return buf.String() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/delete.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/delete.go deleted file mode 100644 index f9aae3fbd2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/delete.go +++ /dev/null @@ -1,291 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "context" - "fmt" - "net/http" - "time" - - "go.opentelemetry.io/otel/attribute" - - "k8s.io/apimachinery/pkg/api/errors" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metainternalversionscheme "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metainternalversionvalidation "k8s.io/apimachinery/pkg/apis/meta/internalversion/validation" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/handlers/finisher" - requestmetrics "k8s.io/apiserver/pkg/endpoints/handlers/metrics" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/component-base/tracing" -) - -// DeleteResource returns a function that will handle a resource deletion -// TODO admission here becomes solely validating admission -func DeleteResource(r rest.GracefulDeleter, allowsOptions bool, scope *RequestScope, admit admission.Interface) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - // For performance tracking purposes. - ctx, span := tracing.Start(ctx, "Delete", traceFields(req)...) - defer span.End(500 * time.Millisecond) - - namespace, name, err := scope.Namer.Name(req) - if err != nil { - scope.err(err, w, req) - return - } - - // enforce a timeout of at most requestTimeoutUpperBound (34s) or less if the user-provided - // timeout inside the parent context is lower than requestTimeoutUpperBound. - ctx, cancel := context.WithTimeout(ctx, requestTimeoutUpperBound) - defer cancel() - - ctx = request.WithNamespace(ctx, namespace) - admit = admission.WithAudit(admit) - - outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - - options := &metav1.DeleteOptions{} - if allowsOptions { - body, err := limitedReadBodyWithRecordMetric(ctx, req, scope.MaxRequestBodyBytes, scope.Resource.GroupResource().String(), requestmetrics.Delete) - if err != nil { - span.AddEvent("limitedReadBody failed", attribute.Int("len", len(body)), attribute.String("err", err.Error())) - scope.err(err, w, req) - return - } - span.AddEvent("limitedReadBody succeeded", attribute.Int("len", len(body))) - if len(body) > 0 { - s, err := negotiation.NegotiateInputSerializer(req, false, metainternalversionscheme.Codecs) - if err != nil { - scope.err(err, w, req) - return - } - // For backwards compatibility, we need to allow existing clients to submit per group DeleteOptions - // It is also allowed to pass a body with meta.k8s.io/v1.DeleteOptions - defaultGVK := scope.MetaGroupVersion.WithKind("DeleteOptions") - obj, gvk, err := metainternalversionscheme.Codecs.DecoderToVersion(s.Serializer, defaultGVK.GroupVersion()).Decode(body, &defaultGVK, options) - if err != nil { - scope.err(err, w, req) - return - } - if obj != options { - scope.err(fmt.Errorf("decoded object cannot be converted to DeleteOptions"), w, req) - return - } - span.AddEvent("Decoded delete options") - - objGV := gvk.GroupVersion() - audit.LogRequestObject(req.Context(), obj, objGV, scope.Resource, scope.Subresource, metainternalversionscheme.Codecs) - span.AddEvent("Recorded the audit event") - } else { - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, options); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - } - } - if errs := validation.ValidateDeleteOptions(options); len(errs) > 0 { - err := errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "DeleteOptions"}, "", errs) - scope.err(err, w, req) - return - } - options.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("DeleteOptions")) - - span.AddEvent("About to delete object from database") - wasDeleted := true - userInfo, _ := request.UserFrom(ctx) - staticAdmissionAttrs := admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Delete, options, dryrun.IsDryRun(options.DryRun), userInfo) - result, err := finisher.FinishRequest(ctx, func() (runtime.Object, error) { - obj, deleted, err := r.Delete(ctx, name, rest.AdmissionToValidateObjectDeleteFunc(admit, staticAdmissionAttrs, scope), options) - wasDeleted = deleted - return obj, err - }) - if err != nil { - scope.err(err, w, req) - return - } - span.AddEvent("Object deleted from database") - - status := http.StatusOK - // Return http.StatusAccepted if the resource was not deleted immediately and - // user requested cascading deletion by setting OrphanDependents=false. - // Note: We want to do this always if resource was not deleted immediately, but - // that will break existing clients. - // Other cases where resource is not instantly deleted are: namespace deletion - // and pod graceful deletion. - //nolint:staticcheck // SA1019 backwards compatibility - //nolint: staticcheck - if !wasDeleted && options.OrphanDependents != nil && !*options.OrphanDependents { - status = http.StatusAccepted - } - // if the rest.Deleter returns a nil object, fill out a status. Callers may return a valid - // object with the response. - if result == nil { - result = &metav1.Status{ - Status: metav1.StatusSuccess, - Code: int32(status), - Details: &metav1.StatusDetails{ - Name: name, - Kind: scope.Kind.Kind, - }, - } - } - - span.AddEvent("About to write a response") - defer span.AddEvent("Writing http response done") - transformResponseObject(ctx, scope, req, w, status, outputMediaType, result) - } -} - -// DeleteCollection returns a function that will handle a collection deletion -func DeleteCollection(r rest.CollectionDeleter, checkBody bool, scope *RequestScope, admit admission.Interface) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - ctx, span := tracing.Start(ctx, "Delete", traceFields(req)...) - defer span.End(500 * time.Millisecond) - - namespace, err := scope.Namer.Namespace(req) - if err != nil { - scope.err(err, w, req) - return - } - - // DELETECOLLECTION can be a lengthy operation, - // we should not impose any 34s timeout here. - // NOTE: This is similar to LIST which does not enforce a 34s timeout. - ctx = request.WithNamespace(ctx, namespace) - - outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - - listOptions := metainternalversion.ListOptions{} - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, &listOptions); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - - if errs := metainternalversionvalidation.ValidateListOptions(&listOptions); len(errs) > 0 { - err := errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "ListOptions"}, "", errs) - scope.err(err, w, req) - return - } - - // transform fields - // TODO: DecodeParametersInto should do this. - if listOptions.FieldSelector != nil { - fn := func(label, value string) (newLabel, newValue string, err error) { - return scope.Convertor.ConvertFieldLabel(scope.Kind, label, value) - } - if listOptions.FieldSelector, err = listOptions.FieldSelector.Transform(fn); err != nil { - // TODO: allow bad request to set field causes based on query parameters - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - } - - options := &metav1.DeleteOptions{} - if checkBody { - body, err := limitedReadBodyWithRecordMetric(ctx, req, scope.MaxRequestBodyBytes, scope.Resource.GroupResource().String(), requestmetrics.DeleteCollection) - if err != nil { - span.AddEvent("limitedReadBody failed", attribute.Int("len", len(body)), attribute.String("err", err.Error())) - scope.err(err, w, req) - return - } - span.AddEvent("limitedReadBody succeeded", attribute.Int("len", len(body))) - if len(body) > 0 { - s, err := negotiation.NegotiateInputSerializer(req, false, metainternalversionscheme.Codecs) - if err != nil { - scope.err(err, w, req) - return - } - // For backwards compatibility, we need to allow existing clients to submit per group DeleteOptions - // It is also allowed to pass a body with meta.k8s.io/v1.DeleteOptions - defaultGVK := scope.MetaGroupVersion.WithKind("DeleteOptions") - obj, gvk, err := metainternalversionscheme.Codecs.DecoderToVersion(s.Serializer, defaultGVK.GroupVersion()).Decode(body, &defaultGVK, options) - if err != nil { - scope.err(err, w, req) - return - } - if obj != options { - scope.err(fmt.Errorf("decoded object cannot be converted to DeleteOptions"), w, req) - return - } - - objGV := gvk.GroupVersion() - audit.LogRequestObject(req.Context(), obj, objGV, scope.Resource, scope.Subresource, metainternalversionscheme.Codecs) - } else { - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, options); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - } - } - if errs := validation.ValidateDeleteOptions(options); len(errs) > 0 { - err := errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "DeleteOptions"}, "", errs) - scope.err(err, w, req) - return - } - options.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("DeleteOptions")) - - admit = admission.WithAudit(admit) - userInfo, _ := request.UserFrom(ctx) - staticAdmissionAttrs := admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, "", scope.Resource, scope.Subresource, admission.Delete, options, dryrun.IsDryRun(options.DryRun), userInfo) - result, err := finisher.FinishRequest(ctx, func() (runtime.Object, error) { - return r.DeleteCollection(ctx, rest.AdmissionToValidateObjectDeleteFunc(admit, staticAdmissionAttrs, scope), options, &listOptions) - }) - if err != nil { - scope.err(err, w, req) - return - } - - // if the rest.Deleter returns a nil object, fill out a status. Callers may return a valid - // object with the response. - if result == nil { - result = &metav1.Status{ - Status: metav1.StatusSuccess, - Code: http.StatusOK, - Details: &metav1.StatusDetails{ - Kind: scope.Kind.Kind, - }, - } - } - - span.AddEvent("About to write a response") - defer span.AddEvent("Writing http response done") - transformResponseObject(ctx, scope, req, w, http.StatusOK, outputMediaType, result) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/doc.go deleted file mode 100644 index d39833814e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package handlers contains HTTP handlers to implement the apiserver APIs. -package handlers // import "k8s.io/apiserver/pkg/endpoints/handlers" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/OWNERS deleted file mode 100644 index 6fa55f81ce..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: - - apelisse -reviewers: - - kwiesmueller -emeritus_approvers: - - jennybuckley diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/admission.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/admission.go deleted file mode 100644 index 26d264fe83..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/admission.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/warning" -) - -// InvalidManagedFieldsAfterMutatingAdmissionWarningFormat is the warning that a client receives -// when a create/update/patch request results in invalid managedFields after going through the admission chain. -const InvalidManagedFieldsAfterMutatingAdmissionWarningFormat = ".metadata.managedFields was in an invalid state after admission; this could be caused by an outdated mutating admission controller; please fix your requests: %v" - -// NewManagedFieldsValidatingAdmissionController validates the managedFields after calling -// the provided admission and resets them to their original state if they got changed to an invalid value -func NewManagedFieldsValidatingAdmissionController(wrap admission.Interface) admission.Interface { - if wrap == nil { - return nil - } - return &managedFieldsValidatingAdmissionController{wrap: wrap} -} - -type managedFieldsValidatingAdmissionController struct { - wrap admission.Interface -} - -var _ admission.Interface = &managedFieldsValidatingAdmissionController{} -var _ admission.MutationInterface = &managedFieldsValidatingAdmissionController{} -var _ admission.ValidationInterface = &managedFieldsValidatingAdmissionController{} - -// Handles calls the wrapped admission.Interface if applicable -func (admit *managedFieldsValidatingAdmissionController) Handles(operation admission.Operation) bool { - return admit.wrap.Handles(operation) -} - -// Admit calls the wrapped admission.Interface if applicable and resets the managedFields to their state before admission if they -// got modified in an invalid way -func (admit *managedFieldsValidatingAdmissionController) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - mutationInterface, isMutationInterface := admit.wrap.(admission.MutationInterface) - if !isMutationInterface { - return nil - } - objectMeta, err := meta.Accessor(a.GetObject()) - if err != nil { - // the object we are dealing with doesn't have object metadata defined - // in that case we don't have to keep track of the managedField - // just call the wrapped admission - return mutationInterface.Admit(ctx, a, o) - } - managedFieldsBeforeAdmission := objectMeta.GetManagedFields() - if err := mutationInterface.Admit(ctx, a, o); err != nil { - return err - } - managedFieldsAfterAdmission := objectMeta.GetManagedFields() - if _, err := DecodeManagedFields(managedFieldsAfterAdmission); err != nil { - objectMeta.SetManagedFields(managedFieldsBeforeAdmission) - warning.AddWarning(ctx, "", - fmt.Sprintf(InvalidManagedFieldsAfterMutatingAdmissionWarningFormat, - err.Error()), - ) - } - return nil -} - -// Validate calls the wrapped admission.Interface if aplicable -func (admit *managedFieldsValidatingAdmissionController) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - if validationInterface, isValidationInterface := admit.wrap.(admission.ValidationInterface); isValidationInterface { - return validationInterface.Validate(ctx, a, o) - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/buildmanagerinfo.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/buildmanagerinfo.go deleted file mode 100644 index 58b87eb388..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/buildmanagerinfo.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" -) - -type buildManagerInfoManager struct { - fieldManager Manager - groupVersion schema.GroupVersion - subresource string -} - -var _ Manager = &buildManagerInfoManager{} - -// NewBuildManagerInfoManager creates a new Manager that converts the manager name into a unique identifier -// combining operation and version for update requests, and just operation for apply requests. -func NewBuildManagerInfoManager(f Manager, gv schema.GroupVersion, subresource string) Manager { - return &buildManagerInfoManager{ - fieldManager: f, - groupVersion: gv, - subresource: subresource, - } -} - -// Update implements Manager. -func (f *buildManagerInfoManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - manager, err := f.buildManagerInfo(manager, metav1.ManagedFieldsOperationUpdate) - if err != nil { - return nil, nil, fmt.Errorf("failed to build manager identifier: %v", err) - } - return f.fieldManager.Update(liveObj, newObj, managed, manager) -} - -// Apply implements Manager. -func (f *buildManagerInfoManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, manager string, force bool) (runtime.Object, Managed, error) { - manager, err := f.buildManagerInfo(manager, metav1.ManagedFieldsOperationApply) - if err != nil { - return nil, nil, fmt.Errorf("failed to build manager identifier: %v", err) - } - return f.fieldManager.Apply(liveObj, appliedObj, managed, manager, force) -} - -func (f *buildManagerInfoManager) buildManagerInfo(prefix string, operation metav1.ManagedFieldsOperationType) (string, error) { - managerInfo := metav1.ManagedFieldsEntry{ - Manager: prefix, - Operation: operation, - APIVersion: f.groupVersion.String(), - Subresource: f.subresource, - } - if managerInfo.Manager == "" { - managerInfo.Manager = "unknown" - } - return internal.BuildManagerIdentifier(&managerInfo) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/capmanagers.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/capmanagers.go deleted file mode 100644 index c3184e2415..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/capmanagers.go +++ /dev/null @@ -1,134 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - "sort" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -type capManagersManager struct { - fieldManager Manager - maxUpdateManagers int - oldUpdatesManagerName string -} - -var _ Manager = &capManagersManager{} - -// NewCapManagersManager creates a new wrapped FieldManager which ensures that the number of managers from updates -// does not exceed maxUpdateManagers, by merging some of the oldest entries on each update. -func NewCapManagersManager(fieldManager Manager, maxUpdateManagers int) Manager { - return &capManagersManager{ - fieldManager: fieldManager, - maxUpdateManagers: maxUpdateManagers, - oldUpdatesManagerName: "ancient-changes", - } -} - -// Update implements Manager. -func (f *capManagersManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - object, managed, err := f.fieldManager.Update(liveObj, newObj, managed, manager) - if err != nil { - return object, managed, err - } - if managed, err = f.capUpdateManagers(managed); err != nil { - return nil, nil, fmt.Errorf("failed to cap update managers: %v", err) - } - return object, managed, nil -} - -// Apply implements Manager. -func (f *capManagersManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) { - return f.fieldManager.Apply(liveObj, appliedObj, managed, fieldManager, force) -} - -// capUpdateManagers merges a number of the oldest update entries into versioned buckets, -// such that the number of entries from updates does not exceed f.maxUpdateManagers. -func (f *capManagersManager) capUpdateManagers(managed Managed) (newManaged Managed, err error) { - // Gather all entries from updates - updaters := []string{} - for manager, fields := range managed.Fields() { - if !fields.Applied() { - updaters = append(updaters, manager) - } - } - if len(updaters) <= f.maxUpdateManagers { - return managed, nil - } - - // If we have more than the maximum, sort the update entries by time, oldest first. - sort.Slice(updaters, func(i, j int) bool { - iTime, jTime, iSeconds, jSeconds := managed.Times()[updaters[i]], managed.Times()[updaters[j]], int64(0), int64(0) - if iTime != nil { - iSeconds = iTime.Unix() - } - if jTime != nil { - jSeconds = jTime.Unix() - } - if iSeconds != jSeconds { - return iSeconds < jSeconds - } - return updaters[i] < updaters[j] - }) - - // Merge the oldest updaters with versioned bucket managers until the number of updaters is under the cap - versionToFirstManager := map[string]string{} - for i, length := 0, len(updaters); i < len(updaters) && length > f.maxUpdateManagers; i++ { - manager := updaters[i] - vs := managed.Fields()[manager] - time := managed.Times()[manager] - version := string(vs.APIVersion()) - - // Create a new manager identifier for the versioned bucket entry. - // The version for this manager comes from the version of the update being merged into the bucket. - bucket, err := internal.BuildManagerIdentifier(&metav1.ManagedFieldsEntry{ - Manager: f.oldUpdatesManagerName, - Operation: metav1.ManagedFieldsOperationUpdate, - APIVersion: version, - }) - if err != nil { - return managed, fmt.Errorf("failed to create bucket manager for version %v: %v", version, err) - } - - // Merge the fieldets if this is not the first time the version was seen. - // Otherwise just record the manager name in versionToFirstManager - if first, ok := versionToFirstManager[version]; ok { - // If the bucket doesn't exists yet, create one. - if _, ok := managed.Fields()[bucket]; !ok { - s := managed.Fields()[first] - delete(managed.Fields(), first) - managed.Fields()[bucket] = s - } - - managed.Fields()[bucket] = fieldpath.NewVersionedSet(vs.Set().Union(managed.Fields()[bucket].Set()), vs.APIVersion(), vs.Applied()) - delete(managed.Fields(), manager) - length-- - - // Use the time from the update being merged into the bucket, since it is more recent. - managed.Times()[bucket] = time - } else { - versionToFirstManager[version] = manager - } - } - - return managed, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/endpoints.yaml b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/endpoints.yaml deleted file mode 100644 index a667e98342..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/endpoints.yaml +++ /dev/null @@ -1,7018 +0,0 @@ -apiVersion: v1 -kind: Endpoints -metadata: - creationTimestamp: '2016-10-04T17:45:58Z' - labels: - app: my-app - name: app-server - namespace: default - resourceVersion: '184597135' - selfLink: /self/link - uid: 6826f086-8a5a-11e6-8d09-42010a800005 -subsets: -- addresses: - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0000 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0001 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0002 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0003 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0004 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0005 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0006 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0007 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0008 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0009 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0010 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0011 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0012 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0013 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0014 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0015 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0016 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0017 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0018 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0019 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0020 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0021 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0022 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0023 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0024 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0025 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0026 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0027 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0028 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0029 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0030 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0031 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0032 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0033 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0034 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0035 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0036 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0037 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0038 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0039 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0040 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0041 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0042 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0043 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0044 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0045 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0046 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0047 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0048 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0049 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0050 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0051 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0052 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0053 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0054 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0055 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0056 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0057 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0058 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0059 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0060 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0061 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0062 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0063 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0064 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0065 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0066 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0067 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0068 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0069 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0070 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0071 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0072 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0073 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0074 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0075 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0076 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0077 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0078 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0079 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0080 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0081 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0082 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0083 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0084 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0085 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0086 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0087 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0088 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0089 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0090 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0091 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0092 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0093 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0094 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0095 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0096 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0097 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0098 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0099 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0100 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0101 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0102 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0103 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0104 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0105 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0106 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0107 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0108 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0109 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0110 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0111 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0112 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0113 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0114 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0115 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0116 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0117 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0118 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0119 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0120 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0121 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0122 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0123 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0124 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0125 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0126 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0127 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0128 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0129 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0130 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0131 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0132 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0133 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0134 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0135 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0136 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0137 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0138 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0139 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0140 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0141 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0142 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0143 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0144 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0145 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0146 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0147 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0148 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0149 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0150 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0151 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0152 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0153 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0154 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0155 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0156 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0157 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0158 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0159 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0160 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0161 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0162 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0163 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0164 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0165 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0166 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0167 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0168 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0169 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0170 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0171 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0172 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0173 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0174 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0175 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0176 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0177 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0178 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0179 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0180 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0181 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0182 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0183 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0184 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0185 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0186 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0187 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0188 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0189 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0190 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0191 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0192 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0193 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0194 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0195 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0196 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0197 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0198 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0199 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0200 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0201 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0202 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0203 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0204 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0205 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0206 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0207 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0208 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0209 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0210 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0211 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0212 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0213 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0214 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0215 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0216 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0217 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0218 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0219 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0220 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0221 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0222 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0223 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0224 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0225 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0226 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0227 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0228 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0229 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0230 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0231 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0232 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0233 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0234 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0235 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0236 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0237 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0238 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0239 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0240 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0241 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0242 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0243 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0244 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0245 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0246 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0247 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0248 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0249 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0250 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0251 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0252 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0253 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0254 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0255 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0256 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0257 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0258 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0259 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0260 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0261 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0262 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0263 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0264 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0265 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0266 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0267 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0268 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0269 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0270 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0271 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0272 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0273 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0274 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0275 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0276 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0277 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0278 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0279 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0280 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0281 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0282 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0283 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0284 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0285 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0286 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0287 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0288 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0289 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0290 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0291 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0292 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0293 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0294 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0295 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0296 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0297 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0298 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0299 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0300 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0301 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0302 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0303 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0304 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0305 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0306 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0307 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0308 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0309 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0310 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0311 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0312 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0313 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0314 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0315 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0316 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0317 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0318 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0319 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0320 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0321 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0322 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0323 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0324 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0325 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0326 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0327 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0328 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0329 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0330 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0331 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0332 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0333 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0334 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0335 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0336 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0337 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0338 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0339 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0340 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0341 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0342 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0343 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0344 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0345 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0346 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0347 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0348 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0349 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0350 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0351 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0352 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0353 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0354 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0355 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0356 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0357 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0358 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0359 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0360 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0361 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0362 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0363 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0364 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0365 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0366 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0367 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0368 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0369 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0370 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0371 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0372 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0373 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0374 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0375 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0376 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0377 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0378 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0379 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0380 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0381 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0382 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0383 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0384 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0385 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0386 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0387 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0388 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0389 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0390 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0391 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0392 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0393 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0394 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0395 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0396 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0397 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0398 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0399 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0400 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0401 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0402 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0403 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0404 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0405 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0406 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0407 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0408 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0409 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0410 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0411 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0412 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0413 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0414 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0415 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0416 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0417 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0418 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0419 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0420 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0421 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0422 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0423 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0424 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0425 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0426 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0427 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0428 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0429 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0430 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0431 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0432 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0433 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0434 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0435 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0436 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0437 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0438 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0439 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0440 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0441 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0442 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0443 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0444 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0445 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0446 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0447 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0448 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0449 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0450 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0451 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0452 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0453 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0454 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0455 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0456 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0457 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0458 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0459 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0460 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0461 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0462 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0463 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0464 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0465 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0466 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0467 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0468 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0469 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0470 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0471 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0472 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0473 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0474 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0475 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0476 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0477 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0478 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0479 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0480 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0481 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0482 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0483 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0484 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0485 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0486 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0487 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0488 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0489 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0490 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0491 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0492 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0493 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0494 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0495 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0496 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0497 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0498 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0499 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0500 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0501 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0502 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0503 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0504 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0505 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0506 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0507 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0508 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0509 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0510 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0511 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0512 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0513 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0514 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0515 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0516 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0517 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0518 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0519 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0520 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0521 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0522 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0523 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0524 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0525 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0526 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0527 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0528 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0529 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0530 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0531 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0532 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0533 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0534 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0535 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0536 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0537 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0538 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0539 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0540 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0541 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0542 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0543 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0544 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0545 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0546 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0547 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0548 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0549 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0550 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0551 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0552 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0553 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0554 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0555 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0556 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0557 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0558 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0559 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0560 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0561 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0562 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0563 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0564 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0565 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0566 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0567 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0568 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0569 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0570 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0571 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0572 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0573 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0574 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0575 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0576 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0577 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0578 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0579 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0580 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0581 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0582 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0583 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0584 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0585 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0586 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0587 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0588 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0589 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0590 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0591 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0592 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0593 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0594 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0595 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0596 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0597 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0598 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0599 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0600 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0601 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0602 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0603 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0604 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0605 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0606 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0607 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0608 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0609 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0610 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0611 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0612 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0613 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0614 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0615 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0616 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0617 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0618 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0619 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0620 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0621 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0622 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0623 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0624 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0625 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0626 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0627 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0628 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0629 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0630 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0631 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0632 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0633 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0634 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0635 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0636 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0637 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0638 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0639 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0640 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0641 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0642 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0643 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0644 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0645 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0646 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0647 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0648 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0649 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0650 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0651 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0652 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0653 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0654 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0655 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0656 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0657 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0658 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0659 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0660 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0661 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0662 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0663 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0664 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0665 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0666 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0667 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0668 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0669 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0670 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0671 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0672 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0673 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0674 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0675 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0676 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0677 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0678 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0679 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0680 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0681 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0682 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0683 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0684 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0685 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0686 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0687 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0688 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0689 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0690 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0691 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0692 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0693 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0694 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0695 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0696 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0697 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0698 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0699 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0700 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0701 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0702 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0703 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0704 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0705 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0706 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0707 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0708 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0709 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0710 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0711 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0712 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0713 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0714 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0715 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0716 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0717 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0718 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0719 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0720 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0721 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0722 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0723 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0724 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0725 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0726 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0727 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0728 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0729 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0730 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0731 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0732 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0733 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0734 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0735 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0736 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0737 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0738 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0739 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0740 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0741 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0742 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0743 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0744 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0745 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0746 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0747 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0748 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0749 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0750 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0751 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0752 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0753 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0754 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0755 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0756 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0757 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0758 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0759 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0760 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0761 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0762 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0763 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0764 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0765 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0766 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0767 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0768 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0769 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0770 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0771 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0772 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0773 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0774 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0775 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0776 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0777 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0778 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0779 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0780 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0781 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0782 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0783 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0784 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0785 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0786 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0787 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0788 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0789 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0790 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0791 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0792 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0793 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0794 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0795 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0796 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0797 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0798 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0799 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0800 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0801 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0802 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0803 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0804 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0805 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0806 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0807 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0808 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0809 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0810 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0811 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0812 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0813 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0814 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0815 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0816 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0817 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0818 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0819 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0820 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0821 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0822 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0823 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0824 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0825 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0826 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0827 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0828 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0829 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0830 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0831 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0832 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0833 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0834 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0835 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0836 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0837 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0838 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0839 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0840 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0841 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0842 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0843 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0844 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0845 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0846 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0847 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0848 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0849 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0850 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0851 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0852 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0853 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0854 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0855 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0856 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0857 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0858 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0859 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0860 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0861 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0862 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0863 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0864 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0865 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0866 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0867 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0868 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0869 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0870 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0871 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0872 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0873 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0874 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0875 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0876 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0877 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0878 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0879 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0880 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0881 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0882 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0883 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0884 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0885 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0886 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0887 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0888 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0889 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0890 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0891 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0892 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0893 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0894 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0895 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0896 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0897 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0898 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0899 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0900 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0901 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0902 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0903 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0904 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0905 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0906 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0907 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0908 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0909 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0910 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0911 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0912 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0913 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0914 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0915 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0916 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0917 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0918 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0919 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0920 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0921 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0922 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0923 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0924 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0925 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0926 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0927 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0928 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0929 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0930 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0931 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0932 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0933 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0934 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0935 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0936 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0937 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0938 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0939 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0940 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0941 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0942 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0943 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0944 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0945 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0946 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0947 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0948 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0949 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0950 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0951 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0952 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0953 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0954 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0955 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0956 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0957 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0958 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0959 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0960 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0961 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0962 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0963 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0964 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0965 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0966 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0967 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0968 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0969 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0970 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0971 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0972 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0973 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0974 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0975 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0976 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0977 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0978 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0979 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0980 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0981 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0982 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0983 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0984 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0985 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0986 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0987 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0988 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0989 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0990 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0991 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0992 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0993 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0994 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0995 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0996 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0997 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0998 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - - ip: 10.0.0.1 - targetRef: - kind: Pod - name: pod-name-1234-0999 - namespace: default - resourceVersion: '1234567890' - uid: 11111111-2222-3333-4444-555555555555 - ports: - - name: port-name - port: 8080 - protocol: TCP - diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/equality.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/equality.go deleted file mode 100644 index a1f27f1d10..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/equality.go +++ /dev/null @@ -1,181 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "context" - "fmt" - "os" - "reflect" - "strconv" - "sync" - "time" - - "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/klog/v2" -) - -var ( - avoidTimestampEqualities conversion.Equalities - initAvoidTimestampEqualities sync.Once -) - -func getAvoidTimestampEqualities() conversion.Equalities { - initAvoidTimestampEqualities.Do(func() { - if avoidNoopTimestampUpdatesString, exists := os.LookupEnv("KUBE_APISERVER_AVOID_NOOP_SSA_TIMESTAMP_UPDATES"); exists { - if ret, err := strconv.ParseBool(avoidNoopTimestampUpdatesString); err == nil && !ret { - // leave avoidTimestampEqualities empty. - return - } else { - klog.Errorf("failed to parse envar KUBE_APISERVER_AVOID_NOOP_SSA_TIMESTAMP_UPDATES: %v", err) - } - } - - var eqs = equality.Semantic.Copy() - err := eqs.AddFunc( - func(a, b metav1.ManagedFieldsEntry) bool { - // Two objects' managed fields are equivalent if, ignoring timestamp, - // the objects are deeply equal. - a.Time = nil - b.Time = nil - return reflect.DeepEqual(a, b) - }, - ) - - if err != nil { - panic(fmt.Errorf("failed to instantiate semantic equalities: %w", err)) - } - - avoidTimestampEqualities = eqs - }) - return avoidTimestampEqualities -} - -// IgnoreManagedFieldsTimestampsTransformer reverts timestamp updates -// if the non-managed parts of the object are equivalent -func IgnoreManagedFieldsTimestampsTransformer( - _ context.Context, - newObj runtime.Object, - oldObj runtime.Object, -) (res runtime.Object, err error) { - equalities := getAvoidTimestampEqualities() - if len(equalities.Equalities) == 0 { - return newObj, nil - } - - outcome := "unequal_objects_fast" - start := time.Now() - err = nil - res = nil - - defer func() { - if err != nil { - outcome = "error" - } - - metrics.RecordTimestampComparisonLatency(outcome, time.Since(start)) - }() - - // If managedFields modulo timestamps are unchanged - // and - // rest of object is unchanged - // then - // revert any changes to timestamps in managed fields - // (to prevent spurious ResourceVersion bump) - // - // Procecure: - // Do a quicker check to see if just managed fields modulo timestamps are - // unchanged. If so, then do the full, slower check. - // - // In most cases which actually update the object, the managed fields modulo - // timestamp check will fail, and we will be able to return early. - // - // In other cases, the managed fields may be exactly the same, - // except for timestamp, but the objects are the different. This is the - // slow path which checks the full object. - oldAccessor, err := meta.Accessor(oldObj) - if err != nil { - return nil, fmt.Errorf("failed to acquire accessor for oldObj: %v", err) - } - - accessor, err := meta.Accessor(newObj) - if err != nil { - return nil, fmt.Errorf("failed to acquire accessor for newObj: %v", err) - } - - oldManagedFields := oldAccessor.GetManagedFields() - newManagedFields := accessor.GetManagedFields() - - if len(oldManagedFields) != len(newManagedFields) { - // Return early if any managed fields entry was added/removed. - // We want to retain user expectation that even if they write to a field - // whose value did not change, they will still result as the field - // manager at the end. - return newObj, nil - } else if len(newManagedFields) == 0 { - // This transformation only makes sense when managedFields are - // non-empty - return newObj, nil - } - - // This transformation only makes sense if the managed fields has at least one - // changed timestamp; and are otherwise equal. Return early if there are no - // changed timestamps. - allTimesUnchanged := true - for i, e := range newManagedFields { - if !e.Time.Equal(oldManagedFields[i].Time) { - allTimesUnchanged = false - break - } - } - - if allTimesUnchanged { - return newObj, nil - } - - // This condition ensures the managed fields are always compared first. If - // this check fails, the if statement will short circuit. If the check - // succeeds the slow path is taken which compares entire objects. - if !equalities.DeepEqualWithNilDifferentFromEmpty(oldManagedFields, newManagedFields) { - return newObj, nil - } - - if equalities.DeepEqualWithNilDifferentFromEmpty(newObj, oldObj) { - // Remove any changed timestamps, so that timestamp is not the only - // change seen by etcd. - // - // newManagedFields is known to be exactly pairwise equal to - // oldManagedFields except for timestamps. - // - // Simply replace possibly changed new timestamps with their old values. - for idx := 0; idx < len(oldManagedFields); idx++ { - newManagedFields[idx].Time = oldManagedFields[idx].Time - } - - accessor.SetManagedFields(newManagedFields) - outcome = "equal_objects" - return newObj, nil - } - - outcome = "unequal_objects_slow" - return newObj, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/fieldmanager.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/fieldmanager.go deleted file mode 100644 index 6c3d2ce832..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/fieldmanager.go +++ /dev/null @@ -1,264 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - "reflect" - "time" - - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "k8s.io/klog/v2" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - "sigs.k8s.io/structured-merge-diff/v4/merge" -) - -// DefaultMaxUpdateManagers defines the default maximum retained number of managedFields entries from updates -// if the number of update managers exceeds this, the oldest entries will be merged until the number is below the maximum. -// TODO(jennybuckley): Determine if this is really the best value. Ideally we wouldn't unnecessarily merge too many entries. -const DefaultMaxUpdateManagers int = 10 - -// DefaultTrackOnCreateProbability defines the default probability that the field management of an object -// starts being tracked from the object's creation, instead of from the first time the object is applied to. -const DefaultTrackOnCreateProbability float32 = 1 - -var atMostEverySecond = internal.NewAtMostEvery(time.Second) - -// Managed groups a fieldpath.ManagedFields together with the timestamps associated with each operation. -type Managed interface { - // Fields gets the fieldpath.ManagedFields. - Fields() fieldpath.ManagedFields - - // Times gets the timestamps associated with each operation. - Times() map[string]*metav1.Time -} - -// Manager updates the managed fields and merges applied configurations. -type Manager interface { - // Update is used when the object has already been merged (non-apply - // use-case), and simply updates the managed fields in the output - // object. - // * `liveObj` is not mutated by this function - // * `newObj` may be mutated by this function - // Returns the new object with managedFields removed, and the object's new - // proposed managedFields separately. - Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) - - // Apply is used when server-side apply is called, as it merges the - // object and updates the managed fields. - // * `liveObj` is not mutated by this function - // * `newObj` may be mutated by this function - // Returns the new object with managedFields removed, and the object's new - // proposed managedFields separately. - Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) -} - -// FieldManager updates the managed fields and merge applied -// configurations. -type FieldManager struct { - fieldManager Manager - subresource string -} - -// NewFieldManager creates a new FieldManager that decodes, manages, then re-encodes managedFields -// on update and apply requests. -func NewFieldManager(f Manager, subresource string) *FieldManager { - return &FieldManager{fieldManager: f, subresource: subresource} -} - -// NewDefaultFieldManager creates a new FieldManager that merges apply requests -// and update managed fields for other types of requests. -func NewDefaultFieldManager(typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectDefaulter runtime.ObjectDefaulter, objectCreater runtime.ObjectCreater, kind schema.GroupVersionKind, hub schema.GroupVersion, subresource string, resetFields map[fieldpath.APIVersion]*fieldpath.Set) (*FieldManager, error) { - f, err := NewStructuredMergeManager(typeConverter, objectConverter, objectDefaulter, kind.GroupVersion(), hub, resetFields) - if err != nil { - return nil, fmt.Errorf("failed to create field manager: %v", err) - } - return newDefaultFieldManager(f, typeConverter, objectConverter, objectCreater, kind, subresource), nil -} - -// NewDefaultCRDFieldManager creates a new FieldManager specifically for -// CRDs. This allows for the possibility of fields which are not defined -// in models, as well as having no models defined at all. -func NewDefaultCRDFieldManager(typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectDefaulter runtime.ObjectDefaulter, objectCreater runtime.ObjectCreater, kind schema.GroupVersionKind, hub schema.GroupVersion, subresource string, resetFields map[fieldpath.APIVersion]*fieldpath.Set) (_ *FieldManager, err error) { - f, err := NewCRDStructuredMergeManager(typeConverter, objectConverter, objectDefaulter, kind.GroupVersion(), hub, resetFields) - if err != nil { - return nil, fmt.Errorf("failed to create field manager: %v", err) - } - return newDefaultFieldManager(f, typeConverter, objectConverter, objectCreater, kind, subresource), nil -} - -// newDefaultFieldManager is a helper function which wraps a Manager with certain default logic. -func newDefaultFieldManager(f Manager, typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectCreater runtime.ObjectCreater, kind schema.GroupVersionKind, subresource string) *FieldManager { - return NewFieldManager( - NewLastAppliedUpdater( - NewLastAppliedManager( - NewProbabilisticSkipNonAppliedManager( - NewCapManagersManager( - NewBuildManagerInfoManager( - NewManagedFieldsUpdater( - NewStripMetaManager(f), - ), kind.GroupVersion(), subresource, - ), DefaultMaxUpdateManagers, - ), objectCreater, kind, DefaultTrackOnCreateProbability, - ), typeConverter, objectConverter, kind.GroupVersion()), - ), subresource, - ) -} - -// DecodeManagedFields converts ManagedFields from the wire format (api format) -// to the format used by sigs.k8s.io/structured-merge-diff -func DecodeManagedFields(encodedManagedFields []metav1.ManagedFieldsEntry) (Managed, error) { - return internal.DecodeManagedFields(encodedManagedFields) -} - -func decodeLiveOrNew(liveObj, newObj runtime.Object, ignoreManagedFieldsFromRequestObject bool) (Managed, error) { - liveAccessor, err := meta.Accessor(liveObj) - if err != nil { - return nil, err - } - - // We take the managedFields of the live object in case the request tries to - // manually set managedFields via a subresource. - if ignoreManagedFieldsFromRequestObject { - return emptyManagedFieldsOnErr(DecodeManagedFields(liveAccessor.GetManagedFields())) - } - - // If the object doesn't have metadata, we should just return without trying to - // set the managedFields at all, so creates/updates/patches will work normally. - newAccessor, err := meta.Accessor(newObj) - if err != nil { - return nil, err - } - - if isResetManagedFields(newAccessor.GetManagedFields()) { - return internal.NewEmptyManaged(), nil - } - - // If the managed field is empty or we failed to decode it, - // let's try the live object. This is to prevent clients who - // don't understand managedFields from deleting it accidentally. - managed, err := DecodeManagedFields(newAccessor.GetManagedFields()) - if err != nil || len(managed.Fields()) == 0 { - return emptyManagedFieldsOnErr(DecodeManagedFields(liveAccessor.GetManagedFields())) - } - return managed, nil -} - -func emptyManagedFieldsOnErr(managed Managed, err error) (Managed, error) { - if err != nil { - return internal.NewEmptyManaged(), nil - } - return managed, nil -} - -// Update is used when the object has already been merged (non-apply -// use-case), and simply updates the managed fields in the output -// object. -func (f *FieldManager) Update(liveObj, newObj runtime.Object, manager string) (object runtime.Object, err error) { - // First try to decode the managed fields provided in the update, - // This is necessary to allow directly updating managed fields. - isSubresource := f.subresource != "" - managed, err := decodeLiveOrNew(liveObj, newObj, isSubresource) - if err != nil { - return newObj, nil - } - - internal.RemoveObjectManagedFields(newObj) - - if object, managed, err = f.fieldManager.Update(liveObj, newObj, managed, manager); err != nil { - return nil, err - } - - if err = internal.EncodeObjectManagedFields(object, managed); err != nil { - return nil, fmt.Errorf("failed to encode managed fields: %v", err) - } - - return object, nil -} - -// UpdateNoErrors is the same as Update, but it will not return -// errors. If an error happens, the object is returned with -// managedFields cleared. -func (f *FieldManager) UpdateNoErrors(liveObj, newObj runtime.Object, manager string) runtime.Object { - obj, err := f.Update(liveObj, newObj, manager) - if err != nil { - atMostEverySecond.Do(func() { - ns, name := "unknown", "unknown" - if accessor, err := meta.Accessor(newObj); err == nil { - ns = accessor.GetNamespace() - name = accessor.GetName() - } - - klog.ErrorS(err, "[SHOULD NOT HAPPEN] failed to update managedFields", "VersionKind", - newObj.GetObjectKind().GroupVersionKind(), "namespace", ns, "name", name) - }) - // Explicitly remove managedFields on failure, so that - // we can't have garbage in it. - internal.RemoveObjectManagedFields(newObj) - return newObj - } - return obj -} - -// Returns true if the managedFields indicate that the user is trying to -// reset the managedFields, i.e. if the list is non-nil but empty, or if -// the list has one empty item. -func isResetManagedFields(managedFields []metav1.ManagedFieldsEntry) bool { - if len(managedFields) == 0 { - return managedFields != nil - } - - if len(managedFields) == 1 { - return reflect.DeepEqual(managedFields[0], metav1.ManagedFieldsEntry{}) - } - - return false -} - -// Apply is used when server-side apply is called, as it merges the -// object and updates the managed fields. -func (f *FieldManager) Apply(liveObj, appliedObj runtime.Object, manager string, force bool) (object runtime.Object, err error) { - // If the object doesn't have metadata, apply isn't allowed. - accessor, err := meta.Accessor(liveObj) - if err != nil { - return nil, fmt.Errorf("couldn't get accessor: %v", err) - } - - // Decode the managed fields in the live object, since it isn't allowed in the patch. - managed, err := DecodeManagedFields(accessor.GetManagedFields()) - if err != nil { - return nil, fmt.Errorf("failed to decode managed fields: %v", err) - } - - object, managed, err = f.fieldManager.Apply(liveObj, appliedObj, managed, manager, force) - if err != nil { - if conflicts, ok := err.(merge.Conflicts); ok { - return nil, internal.NewConflictError(conflicts) - } - return nil, err - } - - if err = internal.EncodeObjectManagedFields(object, managed); err != nil { - return nil, fmt.Errorf("failed to encode managed fields: %v", err) - } - - return object, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/atmostevery.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/atmostevery.go deleted file mode 100644 index b75ef7416e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/atmostevery.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internal - -import ( - "sync" - "time" -) - -// AtMostEvery will never run the method more than once every specified -// duration. -type AtMostEvery struct { - delay time.Duration - lastCall time.Time - mutex sync.Mutex -} - -// NewAtMostEvery creates a new AtMostEvery, that will run the method at -// most every given duration. -func NewAtMostEvery(delay time.Duration) *AtMostEvery { - return &AtMostEvery{ - delay: delay, - } -} - -// updateLastCall returns true if the lastCall time has been updated, -// false if it was too early. -func (s *AtMostEvery) updateLastCall() bool { - s.mutex.Lock() - defer s.mutex.Unlock() - if time.Since(s.lastCall) < s.delay { - return false - } - s.lastCall = time.Now() - return true -} - -// Do will run the method if enough time has passed, and return true. -// Otherwise, it does nothing and returns false. -func (s *AtMostEvery) Do(fn func()) bool { - if !s.updateLastCall() { - return false - } - fn() - return true -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/conflict.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/conflict.go deleted file mode 100644 index 8c044c9157..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/conflict.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internal - -import ( - "encoding/json" - "fmt" - "sort" - "strings" - "time" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - "sigs.k8s.io/structured-merge-diff/v4/merge" -) - -// NewConflictError returns an error including details on the requests apply conflicts -func NewConflictError(conflicts merge.Conflicts) *errors.StatusError { - causes := []metav1.StatusCause{} - for _, conflict := range conflicts { - causes = append(causes, metav1.StatusCause{ - Type: metav1.CauseTypeFieldManagerConflict, - Message: fmt.Sprintf("conflict with %v", printManager(conflict.Manager)), - Field: conflict.Path.String(), - }) - } - return errors.NewApplyConflict(causes, getConflictMessage(conflicts)) -} - -func getConflictMessage(conflicts merge.Conflicts) string { - if len(conflicts) == 1 { - return fmt.Sprintf("Apply failed with 1 conflict: conflict with %v: %v", printManager(conflicts[0].Manager), conflicts[0].Path) - } - - m := map[string][]fieldpath.Path{} - for _, conflict := range conflicts { - m[conflict.Manager] = append(m[conflict.Manager], conflict.Path) - } - - uniqueManagers := []string{} - for manager := range m { - uniqueManagers = append(uniqueManagers, manager) - } - - // Print conflicts by sorted managers. - sort.Strings(uniqueManagers) - - messages := []string{} - for _, manager := range uniqueManagers { - messages = append(messages, fmt.Sprintf("conflicts with %v:", printManager(manager))) - for _, path := range m[manager] { - messages = append(messages, fmt.Sprintf("- %v", path)) - } - } - return fmt.Sprintf("Apply failed with %d conflicts: %s", len(conflicts), strings.Join(messages, "\n")) -} - -func printManager(manager string) string { - encodedManager := &metav1.ManagedFieldsEntry{} - if err := json.Unmarshal([]byte(manager), encodedManager); err != nil { - return fmt.Sprintf("%q", manager) - } - managerStr := fmt.Sprintf("%q", encodedManager.Manager) - if encodedManager.Subresource != "" { - managerStr = fmt.Sprintf("%s with subresource %q", managerStr, encodedManager.Subresource) - } - if encodedManager.Operation == metav1.ManagedFieldsOperationUpdate { - if encodedManager.Time == nil { - return fmt.Sprintf("%s using %v", managerStr, encodedManager.APIVersion) - } - return fmt.Sprintf("%s using %v at %v", managerStr, encodedManager.APIVersion, encodedManager.Time.UTC().Format(time.RFC3339)) - } - return managerStr -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/fields.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/fields.go deleted file mode 100644 index 08186191a7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/fields.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internal - -import ( - "bytes" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// EmptyFields represents a set with no paths -// It looks like metav1.Fields{Raw: []byte("{}")} -var EmptyFields = func() metav1.FieldsV1 { - f, err := SetToFields(*fieldpath.NewSet()) - if err != nil { - panic("should never happen") - } - return f -}() - -// FieldsToSet creates a set paths from an input trie of fields -func FieldsToSet(f metav1.FieldsV1) (s fieldpath.Set, err error) { - err = s.FromJSON(bytes.NewReader(f.Raw)) - return s, err -} - -// SetToFields creates a trie of fields from an input set of paths -func SetToFields(s fieldpath.Set) (f metav1.FieldsV1, err error) { - f.Raw, err = s.ToJSON() - return f, err -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/managedfields.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/managedfields.go deleted file mode 100644 index 9b4c203262..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/managedfields.go +++ /dev/null @@ -1,248 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internal - -import ( - "encoding/json" - "fmt" - "sort" - - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// ManagedInterface groups a fieldpath.ManagedFields together with the timestamps associated with each operation. -type ManagedInterface interface { - // Fields gets the fieldpath.ManagedFields. - Fields() fieldpath.ManagedFields - - // Times gets the timestamps associated with each operation. - Times() map[string]*metav1.Time -} - -type managedStruct struct { - fields fieldpath.ManagedFields - times map[string]*metav1.Time -} - -var _ ManagedInterface = &managedStruct{} - -// Fields implements ManagedInterface. -func (m *managedStruct) Fields() fieldpath.ManagedFields { - return m.fields -} - -// Times implements ManagedInterface. -func (m *managedStruct) Times() map[string]*metav1.Time { - return m.times -} - -// NewEmptyManaged creates an empty ManagedInterface. -func NewEmptyManaged() ManagedInterface { - return NewManaged(fieldpath.ManagedFields{}, map[string]*metav1.Time{}) -} - -// NewManaged creates a ManagedInterface from a fieldpath.ManagedFields and the timestamps associated with each operation. -func NewManaged(f fieldpath.ManagedFields, t map[string]*metav1.Time) ManagedInterface { - return &managedStruct{ - fields: f, - times: t, - } -} - -// RemoveObjectManagedFields removes the ManagedFields from the object -// before we merge so that it doesn't appear in the ManagedFields -// recursively. -func RemoveObjectManagedFields(obj runtime.Object) { - accessor, err := meta.Accessor(obj) - if err != nil { - panic(fmt.Sprintf("couldn't get accessor: %v", err)) - } - accessor.SetManagedFields(nil) -} - -// EncodeObjectManagedFields converts and stores the fieldpathManagedFields into the objects ManagedFields -func EncodeObjectManagedFields(obj runtime.Object, managed ManagedInterface) error { - accessor, err := meta.Accessor(obj) - if err != nil { - panic(fmt.Sprintf("couldn't get accessor: %v", err)) - } - - encodedManagedFields, err := encodeManagedFields(managed) - if err != nil { - return fmt.Errorf("failed to convert back managed fields to API: %v", err) - } - accessor.SetManagedFields(encodedManagedFields) - - return nil -} - -// DecodeManagedFields converts ManagedFields from the wire format (api format) -// to the format used by sigs.k8s.io/structured-merge-diff -func DecodeManagedFields(encodedManagedFields []metav1.ManagedFieldsEntry) (ManagedInterface, error) { - managed := managedStruct{} - managed.fields = make(fieldpath.ManagedFields, len(encodedManagedFields)) - managed.times = make(map[string]*metav1.Time, len(encodedManagedFields)) - - for i, encodedVersionedSet := range encodedManagedFields { - switch encodedVersionedSet.Operation { - case metav1.ManagedFieldsOperationApply, metav1.ManagedFieldsOperationUpdate: - default: - return nil, fmt.Errorf("operation must be `Apply` or `Update`") - } - if len(encodedVersionedSet.APIVersion) < 1 { - return nil, fmt.Errorf("apiVersion must not be empty") - } - switch encodedVersionedSet.FieldsType { - case "FieldsV1": - // Valid case. - case "": - return nil, fmt.Errorf("missing fieldsType in managed fields entry %d", i) - default: - return nil, fmt.Errorf("invalid fieldsType %q in managed fields entry %d", encodedVersionedSet.FieldsType, i) - } - manager, err := BuildManagerIdentifier(&encodedVersionedSet) - if err != nil { - return nil, fmt.Errorf("error decoding manager from %v: %v", encodedVersionedSet, err) - } - managed.fields[manager], err = decodeVersionedSet(&encodedVersionedSet) - if err != nil { - return nil, fmt.Errorf("error decoding versioned set from %v: %v", encodedVersionedSet, err) - } - managed.times[manager] = encodedVersionedSet.Time - } - return &managed, nil -} - -// BuildManagerIdentifier creates a manager identifier string from a ManagedFieldsEntry -func BuildManagerIdentifier(encodedManager *metav1.ManagedFieldsEntry) (manager string, err error) { - encodedManagerCopy := *encodedManager - - // Never include fields type in the manager identifier - encodedManagerCopy.FieldsType = "" - - // Never include the fields in the manager identifier - encodedManagerCopy.FieldsV1 = nil - - // Never include the time in the manager identifier - encodedManagerCopy.Time = nil - - // For appliers, don't include the APIVersion in the manager identifier, - // so it will always have the same manager identifier each time it applied. - if encodedManager.Operation == metav1.ManagedFieldsOperationApply { - encodedManagerCopy.APIVersion = "" - } - - // Use the remaining fields to build the manager identifier - b, err := json.Marshal(&encodedManagerCopy) - if err != nil { - return "", fmt.Errorf("error marshalling manager identifier: %v", err) - } - - return string(b), nil -} - -func decodeVersionedSet(encodedVersionedSet *metav1.ManagedFieldsEntry) (versionedSet fieldpath.VersionedSet, err error) { - fields := EmptyFields - if encodedVersionedSet.FieldsV1 != nil { - fields = *encodedVersionedSet.FieldsV1 - } - set, err := FieldsToSet(fields) - if err != nil { - return nil, fmt.Errorf("error decoding set: %v", err) - } - return fieldpath.NewVersionedSet(&set, fieldpath.APIVersion(encodedVersionedSet.APIVersion), encodedVersionedSet.Operation == metav1.ManagedFieldsOperationApply), nil -} - -// encodeManagedFields converts ManagedFields from the format used by -// sigs.k8s.io/structured-merge-diff to the wire format (api format) -func encodeManagedFields(managed ManagedInterface) (encodedManagedFields []metav1.ManagedFieldsEntry, err error) { - if len(managed.Fields()) == 0 { - return nil, nil - } - encodedManagedFields = []metav1.ManagedFieldsEntry{} - for manager := range managed.Fields() { - versionedSet := managed.Fields()[manager] - v, err := encodeManagerVersionedSet(manager, versionedSet) - if err != nil { - return nil, fmt.Errorf("error encoding versioned set for %v: %v", manager, err) - } - if t, ok := managed.Times()[manager]; ok { - v.Time = t - } - encodedManagedFields = append(encodedManagedFields, *v) - } - return sortEncodedManagedFields(encodedManagedFields) -} - -func sortEncodedManagedFields(encodedManagedFields []metav1.ManagedFieldsEntry) (sortedManagedFields []metav1.ManagedFieldsEntry, err error) { - sort.Slice(encodedManagedFields, func(i, j int) bool { - p, q := encodedManagedFields[i], encodedManagedFields[j] - - if p.Operation != q.Operation { - return p.Operation < q.Operation - } - - pSeconds, qSeconds := int64(0), int64(0) - if p.Time != nil { - pSeconds = p.Time.Unix() - } - if q.Time != nil { - qSeconds = q.Time.Unix() - } - if pSeconds != qSeconds { - return pSeconds < qSeconds - } - - if p.Manager != q.Manager { - return p.Manager < q.Manager - } - - if p.APIVersion != q.APIVersion { - return p.APIVersion < q.APIVersion - } - return p.Subresource < q.Subresource - }) - - return encodedManagedFields, nil -} - -func encodeManagerVersionedSet(manager string, versionedSet fieldpath.VersionedSet) (encodedVersionedSet *metav1.ManagedFieldsEntry, err error) { - encodedVersionedSet = &metav1.ManagedFieldsEntry{} - - // Get as many fields as we can from the manager identifier - err = json.Unmarshal([]byte(manager), encodedVersionedSet) - if err != nil { - return nil, fmt.Errorf("error unmarshalling manager identifier %v: %v", manager, err) - } - - // Get the APIVersion, Operation, and Fields from the VersionedSet - encodedVersionedSet.APIVersion = string(versionedSet.APIVersion()) - if versionedSet.Applied() { - encodedVersionedSet.Operation = metav1.ManagedFieldsOperationApply - } - encodedVersionedSet.FieldsType = "FieldsV1" - fields, err := SetToFields(*versionedSet.Set()) - if err != nil { - return nil, fmt.Errorf("error encoding set: %v", err) - } - encodedVersionedSet.FieldsV1 = &fields - - return encodedVersionedSet, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/pathelement.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/pathelement.go deleted file mode 100644 index 1954d65d32..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/pathelement.go +++ /dev/null @@ -1,140 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internal - -import ( - "encoding/json" - "errors" - "fmt" - "strconv" - "strings" - - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - "sigs.k8s.io/structured-merge-diff/v4/value" -) - -const ( - // Field indicates that the content of this path element is a field's name - Field = "f" - - // Value indicates that the content of this path element is a field's value - Value = "v" - - // Index indicates that the content of this path element is an index in an array - Index = "i" - - // Key indicates that the content of this path element is a key value map - Key = "k" - - // Separator separates the type of a path element from the contents - Separator = ":" -) - -// NewPathElement parses a serialized path element -func NewPathElement(s string) (fieldpath.PathElement, error) { - split := strings.SplitN(s, Separator, 2) - if len(split) < 2 { - return fieldpath.PathElement{}, fmt.Errorf("missing colon: %v", s) - } - switch split[0] { - case Field: - return fieldpath.PathElement{ - FieldName: &split[1], - }, nil - case Value: - val, err := value.FromJSON([]byte(split[1])) - if err != nil { - return fieldpath.PathElement{}, err - } - return fieldpath.PathElement{ - Value: &val, - }, nil - case Index: - i, err := strconv.Atoi(split[1]) - if err != nil { - return fieldpath.PathElement{}, err - } - return fieldpath.PathElement{ - Index: &i, - }, nil - case Key: - kv := map[string]json.RawMessage{} - err := json.Unmarshal([]byte(split[1]), &kv) - if err != nil { - return fieldpath.PathElement{}, err - } - fields := value.FieldList{} - for k, v := range kv { - b, err := json.Marshal(v) - if err != nil { - return fieldpath.PathElement{}, err - } - val, err := value.FromJSON(b) - if err != nil { - return fieldpath.PathElement{}, err - } - - fields = append(fields, value.Field{ - Name: k, - Value: val, - }) - } - return fieldpath.PathElement{ - Key: &fields, - }, nil - default: - // Ignore unknown key types - return fieldpath.PathElement{}, nil - } -} - -// PathElementString serializes a path element -func PathElementString(pe fieldpath.PathElement) (string, error) { - switch { - case pe.FieldName != nil: - return Field + Separator + *pe.FieldName, nil - case pe.Key != nil: - kv := map[string]json.RawMessage{} - for _, k := range *pe.Key { - b, err := value.ToJSON(k.Value) - if err != nil { - return "", err - } - m := json.RawMessage{} - err = json.Unmarshal(b, &m) - if err != nil { - return "", err - } - kv[k.Name] = m - } - b, err := json.Marshal(kv) - if err != nil { - return "", err - } - return Key + ":" + string(b), nil - case pe.Value != nil: - b, err := value.ToJSON(*pe.Value) - if err != nil { - return "", err - } - return Value + ":" + string(b), nil - case pe.Index != nil: - return Index + ":" + strconv.Itoa(*pe.Index), nil - default: - return "", errors.New("Invalid type of path element") - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedmanager.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedmanager.go deleted file mode 100644 index 4b07d462a2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedmanager.go +++ /dev/null @@ -1,172 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "encoding/json" - "fmt" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - "sigs.k8s.io/structured-merge-diff/v4/merge" -) - -type lastAppliedManager struct { - fieldManager Manager - typeConverter TypeConverter - objectConverter runtime.ObjectConvertor - groupVersion schema.GroupVersion -} - -var _ Manager = &lastAppliedManager{} - -// NewLastAppliedManager converts the client-side apply annotation to -// server-side apply managed fields -func NewLastAppliedManager(fieldManager Manager, typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, groupVersion schema.GroupVersion) Manager { - return &lastAppliedManager{ - fieldManager: fieldManager, - typeConverter: typeConverter, - objectConverter: objectConverter, - groupVersion: groupVersion, - } -} - -// Update implements Manager. -func (f *lastAppliedManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - return f.fieldManager.Update(liveObj, newObj, managed, manager) -} - -// Apply will consider the last-applied annotation -// for upgrading an object managed by client-side apply to server-side apply -// without conflicts. -func (f *lastAppliedManager) Apply(liveObj, newObj runtime.Object, managed Managed, manager string, force bool) (runtime.Object, Managed, error) { - newLiveObj, newManaged, newErr := f.fieldManager.Apply(liveObj, newObj, managed, manager, force) - // Upgrade the client-side apply annotation only from kubectl server-side-apply. - // To opt-out of this behavior, users may specify a different field manager. - if manager != "kubectl" { - return newLiveObj, newManaged, newErr - } - - // Check if we have conflicts - if newErr == nil { - return newLiveObj, newManaged, newErr - } - conflicts, ok := newErr.(merge.Conflicts) - if !ok { - return newLiveObj, newManaged, newErr - } - conflictSet := conflictsToSet(conflicts) - - // Check if conflicts are allowed due to client-side apply, - // and if so, then force apply - allowedConflictSet, err := f.allowedConflictsFromLastApplied(liveObj) - if err != nil { - return newLiveObj, newManaged, newErr - } - if !conflictSet.Difference(allowedConflictSet).Empty() { - newConflicts := conflictsDifference(conflicts, allowedConflictSet) - return newLiveObj, newManaged, newConflicts - } - - return f.fieldManager.Apply(liveObj, newObj, managed, manager, true) -} - -func (f *lastAppliedManager) allowedConflictsFromLastApplied(liveObj runtime.Object) (*fieldpath.Set, error) { - var accessor, err = meta.Accessor(liveObj) - if err != nil { - panic(fmt.Sprintf("couldn't get accessor: %v", err)) - } - - // If there is no client-side apply annotation, then there is nothing to do - var annotations = accessor.GetAnnotations() - if annotations == nil { - return nil, fmt.Errorf("no last applied annotation") - } - var lastApplied, ok = annotations[corev1.LastAppliedConfigAnnotation] - if !ok || lastApplied == "" { - return nil, fmt.Errorf("no last applied annotation") - } - - liveObjVersioned, err := f.objectConverter.ConvertToVersion(liveObj, f.groupVersion) - if err != nil { - return nil, fmt.Errorf("failed to convert live obj to versioned: %v", err) - } - - liveObjTyped, err := f.typeConverter.ObjectToTyped(liveObjVersioned) - if err != nil { - return nil, fmt.Errorf("failed to convert live obj to typed: %v", err) - } - - var lastAppliedObj = &unstructured.Unstructured{Object: map[string]interface{}{}} - err = json.Unmarshal([]byte(lastApplied), lastAppliedObj) - if err != nil { - return nil, fmt.Errorf("failed to decode last applied obj: %v in '%s'", err, lastApplied) - } - - if lastAppliedObj.GetAPIVersion() != f.groupVersion.String() { - return nil, fmt.Errorf("expected version of last applied to match live object '%s', but got '%s': %v", f.groupVersion.String(), lastAppliedObj.GetAPIVersion(), err) - } - - lastAppliedObjTyped, err := f.typeConverter.ObjectToTyped(lastAppliedObj) - if err != nil { - return nil, fmt.Errorf("failed to convert last applied to typed: %v", err) - } - - lastAppliedObjFieldSet, err := lastAppliedObjTyped.ToFieldSet() - if err != nil { - return nil, fmt.Errorf("failed to create fieldset for last applied object: %v", err) - } - - comparison, err := lastAppliedObjTyped.Compare(liveObjTyped) - if err != nil { - return nil, fmt.Errorf("failed to compare last applied object and live object: %v", err) - } - - // Remove fields in last applied that are different, added, or missing in - // the live object. - // Because last-applied fields don't match the live object fields, - // then we don't own these fields. - lastAppliedObjFieldSet = lastAppliedObjFieldSet. - Difference(comparison.Modified). - Difference(comparison.Added). - Difference(comparison.Removed) - - return lastAppliedObjFieldSet, nil -} - -// TODO: replace with merge.Conflicts.ToSet() -func conflictsToSet(conflicts merge.Conflicts) *fieldpath.Set { - conflictSet := fieldpath.NewSet() - for _, conflict := range []merge.Conflict(conflicts) { - conflictSet.Insert(conflict.Path) - } - return conflictSet -} - -func conflictsDifference(conflicts merge.Conflicts, s *fieldpath.Set) merge.Conflicts { - newConflicts := []merge.Conflict{} - for _, conflict := range []merge.Conflict(conflicts) { - if !s.Has(conflict.Path) { - newConflicts = append(newConflicts, conflict) - } - } - return newConflicts -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedupdater.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedupdater.go deleted file mode 100644 index 7cd4eb1289..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedupdater.go +++ /dev/null @@ -1,121 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/meta" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" -) - -type lastAppliedUpdater struct { - fieldManager Manager -} - -var _ Manager = &lastAppliedUpdater{} - -// NewLastAppliedUpdater sets the client-side apply annotation up to date with -// server-side apply managed fields -func NewLastAppliedUpdater(fieldManager Manager) Manager { - return &lastAppliedUpdater{ - fieldManager: fieldManager, - } -} - -// Update implements Manager. -func (f *lastAppliedUpdater) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - return f.fieldManager.Update(liveObj, newObj, managed, manager) -} - -// server-side apply managed fields -func (f *lastAppliedUpdater) Apply(liveObj, newObj runtime.Object, managed Managed, manager string, force bool) (runtime.Object, Managed, error) { - liveObj, managed, err := f.fieldManager.Apply(liveObj, newObj, managed, manager, force) - if err != nil { - return liveObj, managed, err - } - - // Sync the client-side apply annotation only from kubectl server-side apply. - // To opt-out of this behavior, users may specify a different field manager. - // - // If the client-side apply annotation doesn't exist, - // then continue because we have no annotation to update - if manager == "kubectl" && hasLastApplied(liveObj) { - lastAppliedValue, err := buildLastApplied(newObj) - if err != nil { - return nil, nil, fmt.Errorf("failed to build last-applied annotation: %v", err) - } - err = setLastApplied(liveObj, lastAppliedValue) - if err != nil { - return nil, nil, fmt.Errorf("failed to set last-applied annotation: %v", err) - } - } - return liveObj, managed, err -} - -func hasLastApplied(obj runtime.Object) bool { - var accessor, err = meta.Accessor(obj) - if err != nil { - panic(fmt.Sprintf("couldn't get accessor: %v", err)) - } - var annotations = accessor.GetAnnotations() - if annotations == nil { - return false - } - lastApplied, ok := annotations[corev1.LastAppliedConfigAnnotation] - return ok && len(lastApplied) > 0 -} - -func setLastApplied(obj runtime.Object, value string) error { - accessor, err := meta.Accessor(obj) - if err != nil { - panic(fmt.Sprintf("couldn't get accessor: %v", err)) - } - var annotations = accessor.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - annotations[corev1.LastAppliedConfigAnnotation] = value - if err := apimachineryvalidation.ValidateAnnotationsSize(annotations); err != nil { - delete(annotations, corev1.LastAppliedConfigAnnotation) - } - accessor.SetAnnotations(annotations) - return nil -} - -func buildLastApplied(obj runtime.Object) (string, error) { - obj = obj.DeepCopyObject() - - var accessor, err = meta.Accessor(obj) - if err != nil { - panic(fmt.Sprintf("couldn't get accessor: %v", err)) - } - - // Remove the annotation from the object before encoding the object - var annotations = accessor.GetAnnotations() - delete(annotations, corev1.LastAppliedConfigAnnotation) - accessor.SetAnnotations(annotations) - - lastApplied, err := runtime.Encode(unstructured.UnstructuredJSONScheme, obj) - if err != nil { - return "", fmt.Errorf("couldn't encode object into last applied annotation: %v", err) - } - return string(lastApplied), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/managedfieldsupdater.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/managedfieldsupdater.go deleted file mode 100644 index 412443a6c4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/managedfieldsupdater.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -type managedFieldsUpdater struct { - fieldManager Manager -} - -var _ Manager = &managedFieldsUpdater{} - -// NewManagedFieldsUpdater is responsible for updating the managedfields -// in the object, updating the time of the operation as necessary. For -// updates, it uses a hard-coded manager to detect if things have -// changed, and swaps back the correct manager after the operation is -// done. -func NewManagedFieldsUpdater(fieldManager Manager) Manager { - return &managedFieldsUpdater{ - fieldManager: fieldManager, - } -} - -// Update implements Manager. -func (f *managedFieldsUpdater) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - self := "current-operation" - object, managed, err := f.fieldManager.Update(liveObj, newObj, managed, self) - if err != nil { - return object, managed, err - } - - // If the current operation took any fields from anything, it means the object changed, - // so update the timestamp of the managedFieldsEntry and merge with any previous updates from the same manager - if vs, ok := managed.Fields()[self]; ok { - delete(managed.Fields(), self) - - if previous, ok := managed.Fields()[manager]; ok { - managed.Fields()[manager] = fieldpath.NewVersionedSet(vs.Set().Union(previous.Set()), vs.APIVersion(), vs.Applied()) - } else { - managed.Fields()[manager] = vs - } - - managed.Times()[manager] = &metav1.Time{Time: time.Now().UTC()} - } - - return object, managed, nil -} - -// Apply implements Manager. -func (f *managedFieldsUpdater) Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) { - object, managed, err := f.fieldManager.Apply(liveObj, appliedObj, managed, fieldManager, force) - if err != nil { - return object, managed, err - } - if object != nil { - managed.Times()[fieldManager] = &metav1.Time{Time: time.Now().UTC()} - } else { - object = liveObj.DeepCopyObject() - internal.RemoveObjectManagedFields(object) - } - return object, managed, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/node.yaml b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/node.yaml deleted file mode 100644 index 66e849f23f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/node.yaml +++ /dev/null @@ -1,261 +0,0 @@ -apiVersion: v1 -kind: Node -metadata: - annotations: - container.googleapis.com/instance_id: "123456789321654789" - node.alpha.kubernetes.io/ttl: "0" - volumes.kubernetes.io/controller-managed-attach-detach: "true" - creationTimestamp: "2019-07-09T16:17:29Z" - labels: - kubernetes.io/arch: amd64 - beta.kubernetes.io/fluentd-ds-ready: "true" - beta.kubernetes.io/instance-type: n1-standard-4 - kubernetes.io/os: linux - cloud.google.com/gke-nodepool: default-pool - cloud.google.com/gke-os-distribution: cos - failure-domain.beta.kubernetes.io/region: us-central1 - failure-domain.beta.kubernetes.io/zone: us-central1-b - topology.kubernetes.io/region: us-central1 - topology.kubernetes.io/zone: us-central1-b - kubernetes.io/hostname: node-default-pool-something - name: node-default-pool-something - resourceVersion: "211582541" - selfLink: /api/v1/nodes/node-default-pool-something - uid: 0c24d0e1-a265-11e9-abe4-42010a80026b -spec: - podCIDR: 10.0.0.1/24 - providerID: some-provider-id-of-some-sort -status: - addresses: - - address: 10.0.0.1 - type: InternalIP - - address: 192.168.0.1 - type: ExternalIP - - address: node-default-pool-something - type: Hostname - allocatable: - cpu: 3920m - ephemeral-storage: "104638878617" - hugepages-2Mi: "0" - memory: 12700100Ki - pods: "110" - capacity: - cpu: "4" - ephemeral-storage: 202086868Ki - hugepages-2Mi: "0" - memory: 15399364Ki - pods: "110" - conditions: - - lastHeartbeatTime: "2019-09-20T19:32:08Z" - lastTransitionTime: "2019-07-09T16:22:08Z" - message: containerd is functioning properly - reason: FrequentContainerdRestart - status: "False" - type: FrequentContainerdRestart - - lastHeartbeatTime: "2019-09-20T19:32:08Z" - lastTransitionTime: "2019-07-09T16:22:06Z" - message: docker overlay2 is functioning properly - reason: CorruptDockerOverlay2 - status: "False" - type: CorruptDockerOverlay2 - - lastHeartbeatTime: "2019-09-20T19:32:08Z" - lastTransitionTime: "2019-07-09T16:22:06Z" - message: node is functioning properly - reason: UnregisterNetDevice - status: "False" - type: FrequentUnregisterNetDevice - - lastHeartbeatTime: "2019-09-20T19:32:08Z" - lastTransitionTime: "2019-07-09T16:17:04Z" - message: kernel has no deadlock - reason: KernelHasNoDeadlock - status: "False" - type: KernelDeadlock - - lastHeartbeatTime: "2019-09-20T19:32:08Z" - lastTransitionTime: "2019-07-09T16:17:04Z" - message: Filesystem is not read-only - reason: FilesystemIsNotReadOnly - status: "False" - type: ReadonlyFilesystem - - lastHeartbeatTime: "2019-09-20T19:32:08Z" - lastTransitionTime: "2019-07-09T16:22:05Z" - message: kubelet is functioning properly - reason: FrequentKubeletRestart - status: "False" - type: FrequentKubeletRestart - - lastHeartbeatTime: "2019-09-20T19:32:08Z" - lastTransitionTime: "2019-07-09T16:22:06Z" - message: docker is functioning properly - reason: FrequentDockerRestart - status: "False" - type: FrequentDockerRestart - - lastHeartbeatTime: "2019-07-09T16:17:47Z" - lastTransitionTime: "2019-07-09T16:17:47Z" - message: RouteController created a route - reason: RouteCreated - status: "False" - type: NetworkUnavailable - - lastHeartbeatTime: "2019-09-20T19:32:50Z" - lastTransitionTime: "2019-07-09T16:17:29Z" - message: kubelet has sufficient disk space available - reason: KubeletHasSufficientDisk - status: "False" - type: OutOfDisk - - lastHeartbeatTime: "2019-09-20T19:32:50Z" - lastTransitionTime: "2019-07-09T16:17:29Z" - message: kubelet has sufficient memory available - reason: KubeletHasSufficientMemory - status: "False" - type: MemoryPressure - - lastHeartbeatTime: "2019-09-20T19:32:50Z" - lastTransitionTime: "2019-07-09T16:17:29Z" - message: kubelet has no disk pressure - reason: KubeletHasNoDiskPressure - status: "False" - type: DiskPressure - - lastHeartbeatTime: "2019-09-20T19:32:50Z" - lastTransitionTime: "2019-07-09T16:17:29Z" - message: kubelet has sufficient PID available - reason: KubeletHasSufficientPID - status: "False" - type: PIDPressure - - lastHeartbeatTime: "2019-09-20T19:32:50Z" - lastTransitionTime: "2019-07-09T16:17:49Z" - message: kubelet is posting ready status. AppArmor enabled - reason: KubeletReady - status: "True" - type: Ready - daemonEndpoints: - kubeletEndpoint: - Port: 10250 - images: - - names: - - grafana/grafana@sha256:80e5e113a984d74836aa16f5b4524012099436b1a50df293f00ac6377fb512c8 - - grafana/grafana:4.4.2 - sizeBytes: 287008013 - - names: - - registry.k8s.io/node-problem-detector@sha256:f95cab985c26b2f46e9bd43283e0bfa88860c14e0fb0649266babe8b65e9eb2b - - registry.k8s.io/node-problem-detector:v0.4.1 - sizeBytes: 286572743 - - names: - - grafana/grafana@sha256:7ff7f9b2501a5d55b55ce3f58d21771b1c5af1f2a4ab7dbf11bef7142aae7033 - - grafana/grafana:4.2.0 - sizeBytes: 277940263 - - names: - - influxdb@sha256:7dddf03376348876ed4bdf33d6dfa3326f45a2bae0930dbd80781a374eb519bc - - influxdb:1.2.2 - sizeBytes: 223948571 - - names: - - gcr.io/stackdriver-agents/stackdriver-logging-agent@sha256:f8d5231b67b9c53f60068b535a11811d29d1b3efd53d2b79f2a2591ea338e4f2 - - gcr.io/stackdriver-agents/stackdriver-logging-agent:0.6-1.6.0-1 - sizeBytes: 223242132 - - names: - - nginx@sha256:35779791c05d119df4fe476db8f47c0bee5943c83eba5656a15fc046db48178b - - nginx:1.10.1 - sizeBytes: 180708613 - - names: - - registry.k8s.io/fluentd-elasticsearch@sha256:b8c94527b489fb61d3d81ce5ad7f3ddbb7be71e9620a3a36e2bede2f2e487d73 - - registry.k8s.io/fluentd-elasticsearch:v2.0.4 - sizeBytes: 135716379 - - names: - - nginx@sha256:00be67d6ba53d5318cd91c57771530f5251cfbe028b7be2c4b70526f988cfc9f - - nginx:latest - sizeBytes: 109357355 - - names: - - registry.k8s.io/kubernetes-dashboard-amd64@sha256:dc4026c1b595435ef5527ca598e1e9c4343076926d7d62b365c44831395adbd0 - - registry.k8s.io/kubernetes-dashboard-amd64:v1.8.3 - sizeBytes: 102319441 - - names: - - gcr.io/google_containers/kube-proxy:v1.11.10-gke.5 - - registry.k8s.io/kube-proxy:v1.11.10-gke.5 - sizeBytes: 102279340 - - names: - - registry.k8s.io/event-exporter@sha256:7f9cd7cb04d6959b0aa960727d04fa86759008048c785397b7b0d9dff0007516 - - registry.k8s.io/event-exporter:v0.2.3 - sizeBytes: 94171943 - - names: - - registry.k8s.io/prometheus-to-sd@sha256:6c0c742475363d537ff059136e5d5e4ab1f512ee0fd9b7ca42ea48bc309d1662 - - registry.k8s.io/prometheus-to-sd:v0.3.1 - sizeBytes: 88077694 - - names: - - registry.k8s.io/fluentd-gcp-scaler@sha256:a5ace7506d393c4ed65eb2cbb6312c64ab357fcea16dff76b9055bc6e498e5ff - - registry.k8s.io/fluentd-gcp-scaler:0.5.1 - sizeBytes: 86637208 - - names: - - registry.k8s.io/heapster-amd64@sha256:9fae0af136ce0cf4f88393b3670f7139ffc464692060c374d2ae748e13144521 - - registry.k8s.io/heapster-amd64:v1.6.0-beta.1 - sizeBytes: 76016169 - - names: - - registry.k8s.io/ingress-glbc-amd64@sha256:31d36bbd9c44caffa135fc78cf0737266fcf25e3cf0cd1c2fcbfbc4f7309cc52 - - registry.k8s.io/ingress-glbc-amd64:v1.1.1 - sizeBytes: 67801919 - - names: - - registry.k8s.io/kube-addon-manager@sha256:d53486c3a0b49ebee019932878dc44232735d5622a51dbbdcec7124199020d09 - - registry.k8s.io/kube-addon-manager:v8.7 - sizeBytes: 63322109 - - names: - - nginx@sha256:4aacdcf186934dcb02f642579314075910f1855590fd3039d8fa4c9f96e48315 - - nginx:1.10-alpine - sizeBytes: 54042627 - - names: - - registry.k8s.io/cpvpa-amd64@sha256:cfe7b0a11c9c8e18c87b1eb34fef9a7cbb8480a8da11fc2657f78dbf4739f869 - - registry.k8s.io/cpvpa-amd64:v0.6.0 - sizeBytes: 51785854 - - names: - - registry.k8s.io/cluster-proportional-autoscaler-amd64@sha256:003f98d9f411ddfa6ff6d539196355e03ddd69fa4ed38c7ffb8fec6f729afe2d - - registry.k8s.io/cluster-proportional-autoscaler-amd64:1.1.2-r2 - sizeBytes: 49648481 - - names: - - registry.k8s.io/ip-masq-agent-amd64@sha256:1ffda57d87901bc01324c82ceb2145fe6a0448d3f0dd9cb65aa76a867cd62103 - - registry.k8s.io/ip-masq-agent-amd64:v2.1.1 - sizeBytes: 49612505 - - names: - - registry.k8s.io/k8s-dns-kube-dns-amd64@sha256:b99fc3eee2a9f052f7eb4cc00f15eb12fc405fa41019baa2d6b79847ae7284a8 - - registry.k8s.io/k8s-dns-kube-dns-amd64:1.14.10 - sizeBytes: 49549457 - - names: - - registry.k8s.io/rescheduler@sha256:156cfbfd05a5a815206fd2eeb6cbdaf1596d71ea4b415d3a6c43071dd7b99450 - - registry.k8s.io/rescheduler:v0.4.0 - sizeBytes: 48973149 - - names: - - registry.k8s.io/event-exporter@sha256:16ca66e2b5dc7a1ce6a5aafcb21d0885828b75cdfc08135430480f7ad2364adc - - registry.k8s.io/event-exporter:v0.2.4 - sizeBytes: 47261019 - - names: - - registry.k8s.io/coredns@sha256:db2bf53126ed1c761d5a41f24a1b82a461c85f736ff6e90542e9522be4757848 - - registry.k8s.io/coredns:1.1.3 - sizeBytes: 45587362 - - names: - - prom/prometheus@sha256:483f4c9d7733699ba79facca9f8bcce1cef1af43dfc3e7c5a1882aa85f53cb74 - - prom/prometheus:v1.1.3 - sizeBytes: 45493941 - nodeInfo: - architecture: amd64 - bootID: a32eca78-4ad4-4b76-9252-f143d6c2ae61 - containerRuntimeVersion: docker://17.3.2 - kernelVersion: 4.14.127+ - kubeProxyVersion: v1.11.10-gke.5 - kubeletVersion: v1.11.10-gke.5 - machineID: 1739555e5b231057f0f9a0b5fa29511b - operatingSystem: linux - osImage: Container-Optimized OS from Google - systemUUID: 1739555E-5B23-1057-F0F9-A0B5FA29511B - volumesAttached: - - devicePath: /dev/disk/by-id/b9772-pvc-c787c67d-14d7-11e7-9baf-42010a800049 - name: kubernetes.io/pd/some-random-clusterb9772-pvc-c787c67d-14d7-11e7-9baf-42010a800049 - - devicePath: /dev/disk/by-id/b9772-pvc-8895a852-fd42-11e6-94d4-42010a800049 - name: kubernetes.io/pd/some-random-clusterb9772-pvc-8895a852-fd42-11e6-94d4-42010a800049 - - devicePath: /dev/disk/by-id/some-random-clusterb9772-pvc-72e1c7f1-fd41-11e6-94d4-42010a800049 - name: kubernetes.io/pd/some-random-clusterb9772-pvc-72e1c7f1-fd41-11e6-94d4-42010a800049 - - devicePath: /dev/disk/by-id/some-random-clusterb9772-pvc-c2435a06-14d7-11e7-9baf-42010a800049 - name: kubernetes.io/pd/some-random-clusterb9772-pvc-c2435a06-14d7-11e7-9baf-42010a800049 - - devicePath: /dev/disk/by-id/some-random-clusterb9772-pvc-8bf50554-fd42-11e6-94d4-42010a800049 - name: kubernetes.io/pd/some-random-clusterb9772-pvc-8bf50554-fd42-11e6-94d4-42010a800049 - - devicePath: /dev/disk/by-id/some-random-clusterb9772-pvc-8fb5e386-4641-11e7-a490-42010a800283 - name: kubernetes.io/pd/some-random-clusterb9772-pvc-8fb5e386-4641-11e7-a490-42010a800283 - volumesInUse: - - kubernetes.io/pd/some-random-clusterb9772-pvc-72e1c7f1-fd41-11e6-94d4-42010a800049 - - kubernetes.io/pd/some-random-clusterb9772-pvc-8895a852-fd42-11e6-94d4-42010a800049 - - kubernetes.io/pd/some-random-clusterb9772-pvc-8bf50554-fd42-11e6-94d4-42010a800049 - - kubernetes.io/pd/some-random-clusterb9772-pvc-8fb5e386-4641-11e7-a490-42010a800283 - - kubernetes.io/pd/some-random-clusterb9772-pvc-c2435a06-14d7-11e7-9baf-42010a800049 - - kubernetes.io/pd/some-random-clusterb9772-pvc-c787c67d-14d7-11e7-9baf-42010a800049 diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/pod.yaml b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/pod.yaml deleted file mode 100644 index 3fb0877d67..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/pod.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - labels: - app: some-app - plugin1: some-value - plugin2: some-value - plugin3: some-value - plugin4: some-value - name: some-name - namespace: default - ownerReferences: - - apiVersion: apps/v1 - blockOwnerDeletion: true - controller: true - kind: ReplicaSet - name: some-name - uid: 0a9d2b9e-779e-11e7-b422-42010a8001be -spec: - containers: - - args: - - one - - two - - three - - four - - five - - six - - seven - - eight - - nine - env: - - name: VAR_3 - valueFrom: - secretKeyRef: - key: some-other-key - name: some-oher-name - - name: VAR_2 - valueFrom: - secretKeyRef: - key: other-key - name: other-name - - name: VAR_1 - valueFrom: - secretKeyRef: - key: some-key - name: some-name - image: some-image-name - imagePullPolicy: IfNotPresent - name: some-name - resources: - requests: - cpu: '0' - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: default-token-hu5jz - readOnly: true - dnsPolicy: ClusterFirst - nodeName: node-name - priority: 0 - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: default - serviceAccountName: default - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 300 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 300 - volumes: - - name: default-token-hu5jz - secret: - defaultMode: 420 - secretName: default-token-hu5jz -status: - conditions: - - lastProbeTime: null - lastTransitionTime: '2019-07-08T09:31:18Z' - status: 'True' - type: Initialized - - lastProbeTime: null - lastTransitionTime: '2019-07-08T09:41:59Z' - status: 'True' - type: Ready - - lastProbeTime: null - lastTransitionTime: null - status: 'True' - type: ContainersReady - - lastProbeTime: null - lastTransitionTime: '2019-07-08T09:31:18Z' - status: 'True' - type: PodScheduled - containerStatuses: - - containerID: docker://885e82a1ed0b7356541bb410a0126921ac42439607c09875cd8097dd5d7b5376 - image: some-image-name - imageID: docker-pullable://some-image-id - lastState: - terminated: - containerID: docker://d57290f9e00fad626b20d2dd87a3cf69bbc22edae07985374f86a8b2b4e39565 - exitCode: 255 - finishedAt: '2019-07-08T09:39:09Z' - reason: Error - startedAt: '2019-07-08T09:38:54Z' - name: name - ready: true - restartCount: 6 - state: - running: - startedAt: '2019-07-08T09:41:59Z' - hostIP: 10.0.0.1 - phase: Running - podIP: 10.0.0.1 - qosClass: BestEffort - startTime: '2019-07-08T09:31:18Z' diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/scalehandler.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/scalehandler.go deleted file mode 100644 index d9844990c2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/scalehandler.go +++ /dev/null @@ -1,174 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -var ( - scaleGroupVersion = schema.GroupVersion{Group: "autoscaling", Version: "v1"} - replicasPathInScale = fieldpath.MakePathOrDie("spec", "replicas") -) - -// ResourcePathMappings maps a group/version to its replicas path. The -// assumption is that all the paths correspond to leaf fields. -type ResourcePathMappings map[string]fieldpath.Path - -// ScaleHandler manages the conversion of managed fields between a main -// resource and the scale subresource -type ScaleHandler struct { - parentEntries []metav1.ManagedFieldsEntry - groupVersion schema.GroupVersion - mappings ResourcePathMappings -} - -// NewScaleHandler creates a new ScaleHandler -func NewScaleHandler(parentEntries []metav1.ManagedFieldsEntry, groupVersion schema.GroupVersion, mappings ResourcePathMappings) *ScaleHandler { - return &ScaleHandler{ - parentEntries: parentEntries, - groupVersion: groupVersion, - mappings: mappings, - } -} - -// ToSubresource filter the managed fields of the main resource and convert -// them so that they can be handled by scale. -// For the managed fields that have a replicas path it performs two changes: -// 1. APIVersion is changed to the APIVersion of the scale subresource -// 2. Replicas path of the main resource is transformed to the replicas path of -// the scale subresource -func (h *ScaleHandler) ToSubresource() ([]metav1.ManagedFieldsEntry, error) { - managed, err := DecodeManagedFields(h.parentEntries) - if err != nil { - return nil, err - } - - f := fieldpath.ManagedFields{} - t := map[string]*metav1.Time{} - for manager, versionedSet := range managed.Fields() { - path, ok := h.mappings[string(versionedSet.APIVersion())] - // Skip the entry if the APIVersion is unknown - if !ok || path == nil { - continue - } - - if versionedSet.Set().Has(path) { - newVersionedSet := fieldpath.NewVersionedSet( - fieldpath.NewSet(replicasPathInScale), - fieldpath.APIVersion(scaleGroupVersion.String()), - versionedSet.Applied(), - ) - - f[manager] = newVersionedSet - t[manager] = managed.Times()[manager] - } - } - - return managedFieldsEntries(internal.NewManaged(f, t)) -} - -// ToParent merges `scaleEntries` with the entries of the main resource and -// transforms them accordingly -func (h *ScaleHandler) ToParent(scaleEntries []metav1.ManagedFieldsEntry) ([]metav1.ManagedFieldsEntry, error) { - decodedParentEntries, err := DecodeManagedFields(h.parentEntries) - if err != nil { - return nil, err - } - parentFields := decodedParentEntries.Fields() - - decodedScaleEntries, err := DecodeManagedFields(scaleEntries) - if err != nil { - return nil, err - } - scaleFields := decodedScaleEntries.Fields() - - f := fieldpath.ManagedFields{} - t := map[string]*metav1.Time{} - - for manager, versionedSet := range parentFields { - // Get the main resource "replicas" path - path, ok := h.mappings[string(versionedSet.APIVersion())] - // Drop the entry if the APIVersion is unknown. - if !ok { - continue - } - - // If the parent entry does not have the replicas path or it is nil, just - // keep it as it is. The path is nil for Custom Resources without scale - // subresource. - if path == nil || !versionedSet.Set().Has(path) { - f[manager] = versionedSet - t[manager] = decodedParentEntries.Times()[manager] - continue - } - - if _, ok := scaleFields[manager]; !ok { - // "Steal" the replicas path from the main resource entry - newSet := versionedSet.Set().Difference(fieldpath.NewSet(path)) - - if !newSet.Empty() { - newVersionedSet := fieldpath.NewVersionedSet( - newSet, - versionedSet.APIVersion(), - versionedSet.Applied(), - ) - f[manager] = newVersionedSet - t[manager] = decodedParentEntries.Times()[manager] - } - } else { - // Field wasn't stolen, let's keep the entry as it is. - f[manager] = versionedSet - t[manager] = decodedParentEntries.Times()[manager] - delete(scaleFields, manager) - } - } - - for manager, versionedSet := range scaleFields { - if !versionedSet.Set().Has(replicasPathInScale) { - continue - } - newVersionedSet := fieldpath.NewVersionedSet( - fieldpath.NewSet(h.mappings[h.groupVersion.String()]), - fieldpath.APIVersion(h.groupVersion.String()), - versionedSet.Applied(), - ) - f[manager] = newVersionedSet - t[manager] = decodedParentEntries.Times()[manager] - } - - return managedFieldsEntries(internal.NewManaged(f, t)) -} - -func managedFieldsEntries(entries internal.ManagedInterface) ([]metav1.ManagedFieldsEntry, error) { - obj := &unstructured.Unstructured{Object: map[string]interface{}{}} - if err := internal.EncodeObjectManagedFields(obj, entries); err != nil { - return nil, err - } - accessor, err := meta.Accessor(obj) - if err != nil { - panic(fmt.Sprintf("couldn't get accessor: %v", err)) - } - return accessor.GetManagedFields(), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/skipnonapplied.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/skipnonapplied.go deleted file mode 100644 index a8c34ad652..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/skipnonapplied.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - "math/rand" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -type skipNonAppliedManager struct { - fieldManager Manager - objectCreater runtime.ObjectCreater - gvk schema.GroupVersionKind - beforeApplyManagerName string - probability float32 -} - -var _ Manager = &skipNonAppliedManager{} - -// NewSkipNonAppliedManager creates a new wrapped FieldManager that only starts tracking managers after the first apply. -func NewSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, gvk schema.GroupVersionKind) Manager { - return NewProbabilisticSkipNonAppliedManager(fieldManager, objectCreater, gvk, 0.0) -} - -// NewProbabilisticSkipNonAppliedManager creates a new wrapped FieldManager that starts tracking managers after the first apply, -// or starts tracking on create with p probability. -func NewProbabilisticSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, gvk schema.GroupVersionKind, p float32) Manager { - return &skipNonAppliedManager{ - fieldManager: fieldManager, - objectCreater: objectCreater, - gvk: gvk, - beforeApplyManagerName: "before-first-apply", - probability: p, - } -} - -// Update implements Manager. -func (f *skipNonAppliedManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - accessor, err := meta.Accessor(liveObj) - if err != nil { - return newObj, managed, nil - } - - // If managed fields is empty, we need to determine whether to skip tracking managed fields. - if len(managed.Fields()) == 0 { - // Check if the operation is a create, by checking whether lastObj's UID is empty. - // If the operation is create, P(tracking managed fields) = f.probability - // If the operation is update, skip tracking managed fields, since we already know managed fields is empty. - if len(accessor.GetUID()) == 0 { - if f.probability <= rand.Float32() { - return newObj, managed, nil - } - } else { - return newObj, managed, nil - } - } - return f.fieldManager.Update(liveObj, newObj, managed, manager) -} - -// Apply implements Manager. -func (f *skipNonAppliedManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) { - if len(managed.Fields()) == 0 { - emptyObj, err := f.objectCreater.New(f.gvk) - if err != nil { - return nil, nil, fmt.Errorf("failed to create empty object of type %v: %v", f.gvk, err) - } - liveObj, managed, err = f.fieldManager.Update(emptyObj, liveObj, managed, f.beforeApplyManagerName) - if err != nil { - return nil, nil, fmt.Errorf("failed to create manager for existing fields: %v", err) - } - } - return f.fieldManager.Apply(liveObj, appliedObj, managed, fieldManager, force) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/stripmeta.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/stripmeta.go deleted file mode 100644 index 1460d9c802..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/stripmeta.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -type stripMetaManager struct { - fieldManager Manager - - // stripSet is the list of fields that should never be part of a mangedFields. - stripSet *fieldpath.Set -} - -var _ Manager = &stripMetaManager{} - -// NewStripMetaManager creates a new Manager that strips metadata and typemeta fields from the manager's fieldset. -func NewStripMetaManager(fieldManager Manager) Manager { - return &stripMetaManager{ - fieldManager: fieldManager, - stripSet: fieldpath.NewSet( - fieldpath.MakePathOrDie("apiVersion"), - fieldpath.MakePathOrDie("kind"), - fieldpath.MakePathOrDie("metadata"), - fieldpath.MakePathOrDie("metadata", "name"), - fieldpath.MakePathOrDie("metadata", "namespace"), - fieldpath.MakePathOrDie("metadata", "creationTimestamp"), - fieldpath.MakePathOrDie("metadata", "selfLink"), - fieldpath.MakePathOrDie("metadata", "uid"), - fieldpath.MakePathOrDie("metadata", "clusterName"), - fieldpath.MakePathOrDie("metadata", "generation"), - fieldpath.MakePathOrDie("metadata", "managedFields"), - fieldpath.MakePathOrDie("metadata", "resourceVersion"), - ), - } -} - -// Update implements Manager. -func (f *stripMetaManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - newObj, managed, err := f.fieldManager.Update(liveObj, newObj, managed, manager) - if err != nil { - return nil, nil, err - } - f.stripFields(managed.Fields(), manager) - return newObj, managed, nil -} - -// Apply implements Manager. -func (f *stripMetaManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, manager string, force bool) (runtime.Object, Managed, error) { - newObj, managed, err := f.fieldManager.Apply(liveObj, appliedObj, managed, manager, force) - if err != nil { - return nil, nil, err - } - f.stripFields(managed.Fields(), manager) - return newObj, managed, nil -} - -// stripFields removes a predefined set of paths found in typed from managed -func (f *stripMetaManager) stripFields(managed fieldpath.ManagedFields, manager string) { - vs, ok := managed[manager] - if ok { - if vs == nil { - panic(fmt.Sprintf("Found unexpected nil manager which should never happen: %s", manager)) - } - newSet := vs.Set().Difference(f.stripSet) - if newSet.Empty() { - delete(managed, manager) - } else { - managed[manager] = fieldpath.NewVersionedSet(newSet, vs.APIVersion(), vs.Applied()) - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go deleted file mode 100644 index 213988e23c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - "sigs.k8s.io/structured-merge-diff/v4/merge" -) - -type structuredMergeManager struct { - typeConverter TypeConverter - objectConverter runtime.ObjectConvertor - objectDefaulter runtime.ObjectDefaulter - groupVersion schema.GroupVersion - hubVersion schema.GroupVersion - updater merge.Updater -} - -var _ Manager = &structuredMergeManager{} - -// NewStructuredMergeManager creates a new Manager that merges apply requests -// and update managed fields for other types of requests. -func NewStructuredMergeManager(typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectDefaulter runtime.ObjectDefaulter, gv schema.GroupVersion, hub schema.GroupVersion, resetFields map[fieldpath.APIVersion]*fieldpath.Set) (Manager, error) { - return &structuredMergeManager{ - typeConverter: typeConverter, - objectConverter: objectConverter, - objectDefaulter: objectDefaulter, - groupVersion: gv, - hubVersion: hub, - updater: merge.Updater{ - Converter: newVersionConverter(typeConverter, objectConverter, hub), // This is the converter provided to SMD from k8s - IgnoredFields: resetFields, - }, - }, nil -} - -// NewCRDStructuredMergeManager creates a new Manager specifically for -// CRDs. This allows for the possibility of fields which are not defined -// in models, as well as having no models defined at all. -func NewCRDStructuredMergeManager(typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectDefaulter runtime.ObjectDefaulter, gv schema.GroupVersion, hub schema.GroupVersion, resetFields map[fieldpath.APIVersion]*fieldpath.Set) (_ Manager, err error) { - return &structuredMergeManager{ - typeConverter: typeConverter, - objectConverter: objectConverter, - objectDefaulter: objectDefaulter, - groupVersion: gv, - hubVersion: hub, - updater: merge.Updater{ - Converter: newCRDVersionConverter(typeConverter, objectConverter, hub), - IgnoredFields: resetFields, - }, - }, nil -} - -func objectGVKNN(obj runtime.Object) string { - name := "<unknown>" - namespace := "<unknown>" - if accessor, err := meta.Accessor(obj); err == nil { - name = accessor.GetName() - namespace = accessor.GetNamespace() - } - - return fmt.Sprintf("%v/%v; %v", namespace, name, obj.GetObjectKind().GroupVersionKind()) -} - -// Update implements Manager. -func (f *structuredMergeManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) { - newObjVersioned, err := f.toVersioned(newObj) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert new object (%v) to proper version (%v): %v", objectGVKNN(newObj), f.groupVersion, err) - } - liveObjVersioned, err := f.toVersioned(liveObj) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert live object (%v) to proper version: %v", objectGVKNN(liveObj), err) - } - newObjTyped, err := f.typeConverter.ObjectToTyped(newObjVersioned) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert new object (%v) to smd typed: %v", objectGVKNN(newObjVersioned), err) - } - liveObjTyped, err := f.typeConverter.ObjectToTyped(liveObjVersioned) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert live object (%v) to smd typed: %v", objectGVKNN(liveObjVersioned), err) - } - apiVersion := fieldpath.APIVersion(f.groupVersion.String()) - - // TODO(apelisse) use the first return value when unions are implemented - _, managedFields, err := f.updater.Update(liveObjTyped, newObjTyped, apiVersion, managed.Fields(), manager) - if err != nil { - return nil, nil, fmt.Errorf("failed to update ManagedFields (%v): %v", objectGVKNN(newObjVersioned), err) - } - managed = internal.NewManaged(managedFields, managed.Times()) - - return newObj, managed, nil -} - -// Apply implements Manager. -func (f *structuredMergeManager) Apply(liveObj, patchObj runtime.Object, managed Managed, manager string, force bool) (runtime.Object, Managed, error) { - // Check that the patch object has the same version as the live object - if patchVersion := patchObj.GetObjectKind().GroupVersionKind().GroupVersion(); patchVersion != f.groupVersion { - return nil, nil, - errors.NewBadRequest( - fmt.Sprintf("Incorrect version specified in apply patch. "+ - "Specified patch version: %s, expected: %s", - patchVersion, f.groupVersion)) - } - - patchObjMeta, err := meta.Accessor(patchObj) - if err != nil { - return nil, nil, fmt.Errorf("couldn't get accessor: %v", err) - } - if patchObjMeta.GetManagedFields() != nil { - return nil, nil, errors.NewBadRequest("metadata.managedFields must be nil") - } - - liveObjVersioned, err := f.toVersioned(liveObj) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert live object (%v) to proper version: %v", objectGVKNN(liveObj), err) - } - - patchObjTyped, err := f.typeConverter.ObjectToTyped(patchObj) - if err != nil { - return nil, nil, fmt.Errorf("failed to create typed patch object (%v): %v", objectGVKNN(patchObj), err) - } - liveObjTyped, err := f.typeConverter.ObjectToTyped(liveObjVersioned) - if err != nil { - return nil, nil, fmt.Errorf("failed to create typed live object (%v): %v", objectGVKNN(liveObjVersioned), err) - } - - apiVersion := fieldpath.APIVersion(f.groupVersion.String()) - newObjTyped, managedFields, err := f.updater.Apply(liveObjTyped, patchObjTyped, apiVersion, managed.Fields(), manager, force) - if err != nil { - return nil, nil, err - } - managed = internal.NewManaged(managedFields, managed.Times()) - - if newObjTyped == nil { - return nil, managed, nil - } - - newObj, err := f.typeConverter.TypedToObject(newObjTyped) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert new typed object (%v) to object: %v", objectGVKNN(patchObj), err) - } - - newObjVersioned, err := f.toVersioned(newObj) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert new object (%v) to proper version: %v", objectGVKNN(patchObj), err) - } - f.objectDefaulter.Default(newObjVersioned) - - newObjUnversioned, err := f.toUnversioned(newObjVersioned) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert to unversioned (%v): %v", objectGVKNN(patchObj), err) - } - return newObjUnversioned, managed, nil -} - -func (f *structuredMergeManager) toVersioned(obj runtime.Object) (runtime.Object, error) { - return f.objectConverter.ConvertToVersion(obj, f.groupVersion) -} - -func (f *structuredMergeManager) toUnversioned(obj runtime.Object) (runtime.Object, error) { - return f.objectConverter.ConvertToVersion(obj, f.hubVersion) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/typeconverter.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/typeconverter.go deleted file mode 100644 index fc40546f10..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/typeconverter.go +++ /dev/null @@ -1,130 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/managedfields" - "k8s.io/kube-openapi/pkg/util/proto" - "sigs.k8s.io/structured-merge-diff/v4/typed" - "sigs.k8s.io/structured-merge-diff/v4/value" -) - -// TypeConverter allows you to convert from runtime.Object to -// typed.TypedValue and the other way around. -type TypeConverter interface { - ObjectToTyped(runtime.Object) (*typed.TypedValue, error) - TypedToObject(*typed.TypedValue) (runtime.Object, error) -} - -// DeducedTypeConverter is a TypeConverter for CRDs that don't have a -// schema. It does implement the same interface though (and create the -// same types of objects), so that everything can still work the same. -// CRDs are merged with all their fields being "atomic" (lists -// included). -// -// Note that this is not going to be sufficient for converting to/from -// CRDs that have a schema defined (we don't support that schema yet). -// TODO(jennybuckley): Use the schema provided by a CRD if it exists. -type DeducedTypeConverter struct{} - -var _ TypeConverter = DeducedTypeConverter{} - -// ObjectToTyped converts an object into a TypedValue with a "deduced type". -func (DeducedTypeConverter) ObjectToTyped(obj runtime.Object) (*typed.TypedValue, error) { - switch o := obj.(type) { - case *unstructured.Unstructured: - return typed.DeducedParseableType.FromUnstructured(o.UnstructuredContent()) - default: - return typed.DeducedParseableType.FromStructured(obj) - } -} - -// TypedToObject transforms the typed value into a runtime.Object. That -// is not specific to deduced type. -func (DeducedTypeConverter) TypedToObject(value *typed.TypedValue) (runtime.Object, error) { - return valueToObject(value.AsValue()) -} - -type typeConverter struct { - parser *managedfields.GvkParser -} - -var _ TypeConverter = &typeConverter{} - -// NewTypeConverter builds a TypeConverter from a proto.Models. This -// will automatically find the proper version of the object, and the -// corresponding schema information. -func NewTypeConverter(models proto.Models, preserveUnknownFields bool) (TypeConverter, error) { - parser, err := managedfields.NewGVKParser(models, preserveUnknownFields) - if err != nil { - return nil, err - } - return &typeConverter{parser: parser}, nil -} - -func (c *typeConverter) ObjectToTyped(obj runtime.Object) (*typed.TypedValue, error) { - gvk := obj.GetObjectKind().GroupVersionKind() - t := c.parser.Type(gvk) - if t == nil { - return nil, newNoCorrespondingTypeError(gvk) - } - switch o := obj.(type) { - case *unstructured.Unstructured: - return t.FromUnstructured(o.UnstructuredContent()) - default: - return t.FromStructured(obj) - } -} - -func (c *typeConverter) TypedToObject(value *typed.TypedValue) (runtime.Object, error) { - return valueToObject(value.AsValue()) -} - -func valueToObject(val value.Value) (runtime.Object, error) { - vu := val.Unstructured() - switch o := vu.(type) { - case map[string]interface{}: - return &unstructured.Unstructured{Object: o}, nil - default: - return nil, fmt.Errorf("failed to convert value to unstructured for type %T", vu) - } -} - -type noCorrespondingTypeErr struct { - gvk schema.GroupVersionKind -} - -func newNoCorrespondingTypeError(gvk schema.GroupVersionKind) error { - return &noCorrespondingTypeErr{gvk: gvk} -} - -func (k *noCorrespondingTypeErr) Error() string { - return fmt.Sprintf("no corresponding type for %v", k.gvk) -} - -func isNoCorrespondingTypeError(err error) bool { - if err == nil { - return false - } - _, ok := err.(*noCorrespondingTypeErr) - return ok -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/versionconverter.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/versionconverter.go deleted file mode 100644 index 477e92f796..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/versionconverter.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldmanager - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - "sigs.k8s.io/structured-merge-diff/v4/merge" - "sigs.k8s.io/structured-merge-diff/v4/typed" -) - -// versionConverter is an implementation of -// sigs.k8s.io/structured-merge-diff/merge.Converter -type versionConverter struct { - typeConverter TypeConverter - objectConvertor runtime.ObjectConvertor - hubGetter func(from schema.GroupVersion) schema.GroupVersion -} - -var _ merge.Converter = &versionConverter{} - -// NewVersionConverter builds a VersionConverter from a TypeConverter and an ObjectConvertor. -func newVersionConverter(t TypeConverter, o runtime.ObjectConvertor, h schema.GroupVersion) merge.Converter { - return &versionConverter{ - typeConverter: t, - objectConvertor: o, - hubGetter: func(from schema.GroupVersion) schema.GroupVersion { - return schema.GroupVersion{ - Group: from.Group, - Version: h.Version, - } - }, - } -} - -// NewCRDVersionConverter builds a VersionConverter for CRDs from a TypeConverter and an ObjectConvertor. -func newCRDVersionConverter(t TypeConverter, o runtime.ObjectConvertor, h schema.GroupVersion) merge.Converter { - return &versionConverter{ - typeConverter: t, - objectConvertor: o, - hubGetter: func(from schema.GroupVersion) schema.GroupVersion { - return h - }, - } -} - -// Convert implements sigs.k8s.io/structured-merge-diff/merge.Converter -func (v *versionConverter) Convert(object *typed.TypedValue, version fieldpath.APIVersion) (*typed.TypedValue, error) { - // Convert the smd typed value to a kubernetes object. - objectToConvert, err := v.typeConverter.TypedToObject(object) - if err != nil { - return object, err - } - - // Parse the target groupVersion. - groupVersion, err := schema.ParseGroupVersion(string(version)) - if err != nil { - return object, err - } - - // If attempting to convert to the same version as we already have, just return it. - fromVersion := objectToConvert.GetObjectKind().GroupVersionKind().GroupVersion() - if fromVersion == groupVersion { - return object, nil - } - - // Convert to internal - internalObject, err := v.objectConvertor.ConvertToVersion(objectToConvert, v.hubGetter(fromVersion)) - if err != nil { - return object, err - } - - // Convert the object into the target version - convertedObject, err := v.objectConvertor.ConvertToVersion(internalObject, groupVersion) - if err != nil { - return object, err - } - - // Convert the object back to a smd typed value and return it. - return v.typeConverter.ObjectToTyped(convertedObject) -} - -// IsMissingVersionError -func (v *versionConverter) IsMissingVersionError(err error) bool { - return runtime.IsNotRegisteredError(err) || isNoCorrespondingTypeError(err) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/finisher/finisher.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/finisher/finisher.go deleted file mode 100644 index dd7651718b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/finisher/finisher.go +++ /dev/null @@ -1,176 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package finisher - -import ( - "context" - "fmt" - "net/http" - goruntime "runtime" - "time" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/klog/v2" -) - -// ResultFunc is a function that returns a rest result and can be run in a goroutine -type ResultFunc func() (runtime.Object, error) - -// result stores the return values or panic from a ResultFunc function -type result struct { - // object stores the response returned by the ResultFunc function - object runtime.Object - // err stores the error returned by the ResultFunc function - err error - // reason stores the reason from a panic thrown by the ResultFunc function - reason interface{} -} - -// Return processes the result returned by a ResultFunc function -func (r *result) Return() (runtime.Object, error) { - switch { - case r.reason != nil: - // panic has higher precedence, the goroutine executing ResultFunc has panic'd, - // so propagate a panic to the caller. - panic(r.reason) - case r.err != nil: - return nil, r.err - default: - // if we are here, it means neither a panic, nor an error - if status, ok := r.object.(*metav1.Status); ok { - // An api.Status object with status != success is considered an "error", - // which interrupts the normal response flow. - if status.Status != metav1.StatusSuccess { - return nil, errors.FromObject(status) - } - } - return r.object, nil - } -} - -// PostTimeoutLoggerFunc is a function that can be used to log the result returned -// by a ResultFunc after the request had timed out. -// timedOutAt is the time the request had been timed out. -// r is the result returned by the child goroutine. -type PostTimeoutLoggerFunc func(timedOutAt time.Time, r *result) - -const ( - // how much time the post-timeout receiver goroutine will wait for the sender - // (child goroutine executing ResultFunc) to send a result after the request. - // had timed out. - postTimeoutLoggerWait = 5 * time.Minute -) - -// FinishRequest makes a given ResultFunc asynchronous and handles errors returned by the response. -func FinishRequest(ctx context.Context, fn ResultFunc) (runtime.Object, error) { - return finishRequest(ctx, fn, postTimeoutLoggerWait, logPostTimeoutResult) -} - -func finishRequest(ctx context.Context, fn ResultFunc, postTimeoutWait time.Duration, postTimeoutLogger PostTimeoutLoggerFunc) (runtime.Object, error) { - // the channel needs to be buffered since the post-timeout receiver goroutine - // waits up to 5 minutes for the child goroutine to return. - resultCh := make(chan *result, 1) - - go func() { - result := &result{} - - // panics don't cross goroutine boundaries, so we have to handle ourselves - defer func() { - reason := recover() - if reason != nil { - // do not wrap the sentinel ErrAbortHandler panic value - if reason != http.ErrAbortHandler { - // Same as stdlib http server code. Manually allocate stack - // trace buffer size to prevent excessively large logs - const size = 64 << 10 - buf := make([]byte, size) - buf = buf[:goruntime.Stack(buf, false)] - reason = fmt.Sprintf("%v\n%s", reason, buf) - } - - // store the panic reason into the result. - result.reason = reason - } - - // Propagate the result to the parent goroutine - resultCh <- result - }() - - if object, err := fn(); err != nil { - result.err = err - } else { - result.object = object - } - }() - - select { - case result := <-resultCh: - return result.Return() - case <-ctx.Done(): - // we are going to send a timeout response to the caller, but the asynchronous goroutine - // (sender) is still executing the ResultFunc function. - // kick off a goroutine (receiver) here to wait for the sender (goroutine executing ResultFunc) - // to send the result and then log details of the result. - defer func() { - go func() { - timedOutAt := time.Now() - - var result *result - select { - case result = <-resultCh: - case <-time.After(postTimeoutWait): - // we will not wait forever, if we are here then we know that some sender - // goroutines are taking longer than postTimeoutWait. - } - postTimeoutLogger(timedOutAt, result) - }() - }() - return nil, errors.NewTimeoutError(fmt.Sprintf("request did not complete within requested timeout - %s", ctx.Err()), 0) - } -} - -// logPostTimeoutResult logs a panic or an error from the result that the sender (goroutine that is -// executing the ResultFunc function) has sent to the receiver after the request had timed out. -// timedOutAt is the time the request had been timed out -func logPostTimeoutResult(timedOutAt time.Time, r *result) { - if r == nil { - // we are using r == nil to indicate that the child goroutine never returned a result. - metrics.RecordRequestPostTimeout(metrics.PostTimeoutSourceRestHandler, metrics.PostTimeoutHandlerPending) - klog.Errorf("FinishRequest: post-timeout activity, waited for %s, child goroutine has not returned yet", time.Since(timedOutAt)) - return - } - - var status string - switch { - case r.reason != nil: - // a non empty reason inside a result object indicates that there was a panic. - status = metrics.PostTimeoutHandlerPanic - case r.err != nil: - status = metrics.PostTimeoutHandlerError - default: - status = metrics.PostTimeoutHandlerOK - } - - metrics.RecordRequestPostTimeout(metrics.PostTimeoutSourceRestHandler, status) - err := fmt.Errorf("FinishRequest: post-timeout activity - time-elapsed: %s, panicked: %t, err: %v, panic-reason: %v", - time.Since(timedOutAt), r.reason != nil, r.err, r.reason) - utilruntime.HandleError(err) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/get.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/get.go deleted file mode 100644 index 2f8c6fbc24..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/get.go +++ /dev/null @@ -1,284 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "context" - "fmt" - "math/rand" - "net/http" - "net/url" - "strings" - "time" - - "go.opentelemetry.io/otel/attribute" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metainternalversionscheme "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metainternalversionvalidation "k8s.io/apimachinery/pkg/apis/meta/internalversion/validation" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" -) - -// getterFunc performs a get request with the given context and object name. The request -// may be used to deserialize an options object to pass to the getter. -type getterFunc func(ctx context.Context, name string, req *http.Request) (runtime.Object, error) - -// getResourceHandler is an HTTP handler function for get requests. It delegates to the -// passed-in getterFunc to perform the actual get. -func getResourceHandler(scope *RequestScope, getter getterFunc) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - ctx, span := tracing.Start(ctx, "Get", traceFields(req)...) - defer span.End(500 * time.Millisecond) - - namespace, name, err := scope.Namer.Name(req) - if err != nil { - scope.err(err, w, req) - return - } - ctx = request.WithNamespace(ctx, namespace) - - outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - - result, err := getter(ctx, name, req) - if err != nil { - scope.err(err, w, req) - return - } - - span.AddEvent("About to write a response") - defer span.AddEvent("Writing http response done") - transformResponseObject(ctx, scope, req, w, http.StatusOK, outputMediaType, result) - } -} - -// GetResource returns a function that handles retrieving a single resource from a rest.Storage object. -func GetResource(r rest.Getter, scope *RequestScope) http.HandlerFunc { - return getResourceHandler(scope, - func(ctx context.Context, name string, req *http.Request) (runtime.Object, error) { - // check for export - options := metav1.GetOptions{} - if values := req.URL.Query(); len(values) > 0 { - if len(values["export"]) > 0 { - exportBool := true - exportStrings := values["export"] - err := runtime.Convert_Slice_string_To_bool(&exportStrings, &exportBool, nil) - if err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("the export parameter cannot be parsed: %v", err)) - } - if exportBool { - return nil, errors.NewBadRequest("the export parameter, deprecated since v1.14, is no longer supported") - } - } - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(values, scope.MetaGroupVersion, &options); err != nil { - err = errors.NewBadRequest(err.Error()) - return nil, err - } - } - tracing.SpanFromContext(ctx).AddEvent("About to Get from storage") - return r.Get(ctx, name, &options) - }) -} - -// GetResourceWithOptions returns a function that handles retrieving a single resource from a rest.Storage object. -func GetResourceWithOptions(r rest.GetterWithOptions, scope *RequestScope, isSubresource bool) http.HandlerFunc { - return getResourceHandler(scope, - func(ctx context.Context, name string, req *http.Request) (runtime.Object, error) { - opts, subpath, subpathKey := r.NewGetOptions() - span := tracing.SpanFromContext(ctx) - span.AddEvent("About to process Get options") - if err := getRequestOptions(req, scope, opts, subpath, subpathKey, isSubresource); err != nil { - err = errors.NewBadRequest(err.Error()) - return nil, err - } - span.AddEvent("About to Get from storage") - return r.Get(ctx, name, opts) - }) -} - -// getRequestOptions parses out options and can include path information. The path information shouldn't include the subresource. -func getRequestOptions(req *http.Request, scope *RequestScope, into runtime.Object, subpath bool, subpathKey string, isSubresource bool) error { - if into == nil { - return nil - } - - query := req.URL.Query() - if subpath { - newQuery := make(url.Values) - for k, v := range query { - newQuery[k] = v - } - - ctx := req.Context() - requestInfo, _ := request.RequestInfoFrom(ctx) - startingIndex := 2 - if isSubresource { - startingIndex = 3 - } - - p := strings.Join(requestInfo.Parts[startingIndex:], "/") - - // ensure non-empty subpaths correctly reflect a leading slash - if len(p) > 0 && !strings.HasPrefix(p, "/") { - p = "/" + p - } - - // ensure subpaths correctly reflect the presence of a trailing slash on the original request - if strings.HasSuffix(requestInfo.Path, "/") && !strings.HasSuffix(p, "/") { - p += "/" - } - - newQuery[subpathKey] = []string{p} - query = newQuery - } - return scope.ParameterCodec.DecodeParameters(query, scope.Kind.GroupVersion(), into) -} - -func ListResource(r rest.Lister, rw rest.Watcher, scope *RequestScope, forceWatch bool, minRequestTimeout time.Duration) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - // For performance tracking purposes. - ctx, span := tracing.Start(ctx, "List", traceFields(req)...) - - namespace, err := scope.Namer.Namespace(req) - if err != nil { - scope.err(err, w, req) - return - } - - // Watches for single objects are routed to this function. - // Treat a name parameter the same as a field selector entry. - hasName := true - _, name, err := scope.Namer.Name(req) - if err != nil { - hasName = false - } - - ctx = request.WithNamespace(ctx, namespace) - - outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - - opts := metainternalversion.ListOptions{} - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, &opts); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - - if errs := metainternalversionvalidation.ValidateListOptions(&opts); len(errs) > 0 { - err := errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "ListOptions"}, "", errs) - scope.err(err, w, req) - return - } - - // transform fields - // TODO: DecodeParametersInto should do this. - if opts.FieldSelector != nil { - fn := func(label, value string) (newLabel, newValue string, err error) { - return scope.Convertor.ConvertFieldLabel(scope.Kind, label, value) - } - if opts.FieldSelector, err = opts.FieldSelector.Transform(fn); err != nil { - // TODO: allow bad request to set field causes based on query parameters - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - } - - if hasName { - // metadata.name is the canonical internal name. - // SelectionPredicate will notice that this is a request for - // a single object and optimize the storage query accordingly. - nameSelector := fields.OneTermEqualSelector("metadata.name", name) - - // Note that fieldSelector setting explicitly the "metadata.name" - // will result in reaching this branch (as the value of that field - // is propagated to requestInfo as the name parameter. - // That said, the allowed field selectors in this branch are: - // nil, fields.Everything and field selector matching metadata.name - // for our name. - if opts.FieldSelector != nil && !opts.FieldSelector.Empty() { - selectedName, ok := opts.FieldSelector.RequiresExactMatch("metadata.name") - if !ok || name != selectedName { - scope.err(errors.NewBadRequest("fieldSelector metadata.name doesn't match requested name"), w, req) - return - } - } else { - opts.FieldSelector = nameSelector - } - } - - if opts.Watch || forceWatch { - if rw == nil { - scope.err(errors.NewMethodNotSupported(scope.Resource.GroupResource(), "watch"), w, req) - return - } - // TODO: Currently we explicitly ignore ?timeout= and use only ?timeoutSeconds=. - timeout := time.Duration(0) - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - if timeout == 0 && minRequestTimeout > 0 { - timeout = time.Duration(float64(minRequestTimeout) * (rand.Float64() + 1.0)) - } - klog.V(3).InfoS("Starting watch", "path", req.URL.Path, "resourceVersion", opts.ResourceVersion, "labels", opts.LabelSelector, "fields", opts.FieldSelector, "timeout", timeout) - ctx, cancel := context.WithTimeout(ctx, timeout) - defer cancel() - watcher, err := rw.Watch(ctx, &opts) - if err != nil { - scope.err(err, w, req) - return - } - requestInfo, _ := request.RequestInfoFrom(ctx) - metrics.RecordLongRunning(req, requestInfo, metrics.APIServerComponent, func() { - serveWatch(watcher, scope, outputMediaType, req, w, timeout) - }) - return - } - - // Log only long List requests (ignore Watch). - defer span.End(500 * time.Millisecond) - span.AddEvent("About to List from storage") - result, err := r.List(ctx, &opts) - if err != nil { - scope.err(err, w, req) - return - } - span.AddEvent("Listing from storage done") - defer span.AddEvent("Writing http response done", attribute.Int("count", meta.LenList(result))) - transformResponseObject(ctx, scope, req, w, http.StatusOK, outputMediaType, result) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/helpers.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/helpers.go deleted file mode 100644 index 7f85563699..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/helpers.go +++ /dev/null @@ -1,141 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "net/http" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/metrics" - apirequest "k8s.io/apiserver/pkg/endpoints/request" -) - -const ( - maxUserAgentLength = 1024 - userAgentTruncateSuffix = "...TRUNCATED" -) - -// lazyTruncatedUserAgent implements String() string and it will -// return user-agent which may be truncated. -type lazyTruncatedUserAgent struct { - req *http.Request -} - -func (lazy *lazyTruncatedUserAgent) String() string { - ua := "unknown" - if lazy.req != nil { - ua = utilnet.GetHTTPClient(lazy.req) - if len(ua) > maxUserAgentLength { - ua = ua[:maxUserAgentLength] + userAgentTruncateSuffix - } - } - return ua -} - -// LazyClientIP implements String() string and it will -// calls GetClientIP() lazily only when required. -type lazyClientIP struct { - req *http.Request -} - -func (lazy *lazyClientIP) String() string { - if lazy.req != nil { - if ip := utilnet.GetClientIP(lazy.req); ip != nil { - return ip.String() - } - } - return "unknown" -} - -// lazyAccept implements String() string and it will -// calls http.Request Header.Get() lazily only when required. -type lazyAccept struct { - req *http.Request -} - -func (lazy *lazyAccept) String() string { - if lazy.req != nil { - accept := lazy.req.Header.Get("Accept") - return accept - } - - return "unknown" -} - -// lazyAuditID implements Stringer interface to lazily retrieve -// the audit ID associated with the request. -type lazyAuditID struct { - req *http.Request -} - -func (lazy *lazyAuditID) String() string { - if lazy.req != nil { - return audit.GetAuditIDTruncated(lazy.req.Context()) - } - - return "unknown" -} - -// lazyVerb implements String() string and it will -// lazily get normalized Verb -type lazyVerb struct { - req *http.Request -} - -func (lazy *lazyVerb) String() string { - if lazy.req == nil { - return "unknown" - } - return metrics.NormalizedVerb(lazy.req) -} - -// lazyResource implements String() string and it will -// lazily get Resource from request info -type lazyResource struct { - req *http.Request -} - -func (lazy *lazyResource) String() string { - if lazy.req != nil { - ctx := lazy.req.Context() - requestInfo, ok := apirequest.RequestInfoFrom(ctx) - if ok { - return requestInfo.Resource - } - } - - return "unknown" -} - -// lazyScope implements String() string and it will -// lazily get Scope from request info -type lazyScope struct { - req *http.Request -} - -func (lazy *lazyScope) String() string { - if lazy.req != nil { - ctx := lazy.req.Context() - requestInfo, ok := apirequest.RequestInfoFrom(ctx) - if ok { - return metrics.CleanScope(requestInfo) - } - } - - return "unknown" -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/metrics/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/metrics/OWNERS deleted file mode 100644 index 433e84aa3e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/metrics/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - logicalhan diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/metrics/metrics.go deleted file mode 100644 index cf3205a9a9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/metrics/metrics.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "context" - "k8s.io/component-base/metrics" -) - -type RequestBodyVerb string - -const ( - Patch RequestBodyVerb = "patch" - Delete RequestBodyVerb = "delete" - Update RequestBodyVerb = "update" - Create RequestBodyVerb = "create" - DeleteCollection RequestBodyVerb = "delete_collection" -) - -var ( - RequestBodySizes = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Subsystem: "apiserver", - Name: "request_body_sizes", - Help: "Apiserver request body sizes broken out by size.", - // we use 0.05 KB as the smallest bucket with 0.1 KB increments up to the - // apiserver limit. - Buckets: metrics.LinearBuckets(50000, 100000, 31), - StabilityLevel: metrics.ALPHA, - }, - []string{"resource", "verb"}, - ) -) - -func RecordRequestBodySize(ctx context.Context, resource string, verb RequestBodyVerb, size int) { - RequestBodySizes.WithContext(ctx).WithLabelValues(resource, string(verb)).Observe(float64(size)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/namer.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/namer.go deleted file mode 100644 index a9fe8fe218..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/namer.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "fmt" - "net/http" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/endpoints/request" -) - -// ScopeNamer handles accessing names from requests and objects -type ScopeNamer interface { - // Namespace returns the appropriate namespace value from the request (may be empty) or an - // error. - Namespace(req *http.Request) (namespace string, err error) - // Name returns the name from the request, and an optional namespace value if this is a namespace - // scoped call. An error is returned if the name is not available. - Name(req *http.Request) (namespace, name string, err error) - // ObjectName returns the namespace and name from an object if they exist, or an error if the object - // does not support names. - ObjectName(obj runtime.Object) (namespace, name string, err error) -} - -type ContextBasedNaming struct { - Namer runtime.Namer - ClusterScoped bool -} - -// ContextBasedNaming implements ScopeNamer -var _ ScopeNamer = ContextBasedNaming{} - -func (n ContextBasedNaming) Namespace(req *http.Request) (namespace string, err error) { - requestInfo, ok := request.RequestInfoFrom(req.Context()) - if !ok { - return "", fmt.Errorf("missing requestInfo") - } - return requestInfo.Namespace, nil -} - -func (n ContextBasedNaming) Name(req *http.Request) (namespace, name string, err error) { - requestInfo, ok := request.RequestInfoFrom(req.Context()) - if !ok { - return "", "", fmt.Errorf("missing requestInfo") - } - - if len(requestInfo.Name) == 0 { - return "", "", errEmptyName - } - return requestInfo.Namespace, requestInfo.Name, nil -} - -func (n ContextBasedNaming) ObjectName(obj runtime.Object) (namespace, name string, err error) { - name, err = n.Namer.Name(obj) - if err != nil { - return "", "", err - } - if len(name) == 0 { - return "", "", errEmptyName - } - namespace, err = n.Namer.Namespace(obj) - if err != nil { - return "", "", err - } - return namespace, name, err -} - -// errEmptyName is returned when API requests do not fill the name section of the path. -var errEmptyName = errors.NewBadRequest("name must be provided") diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/doc.go deleted file mode 100644 index 80f4feb727..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package negotiation contains media type negotiation logic. -package negotiation // import "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/errors.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/errors.go deleted file mode 100644 index 86faf525df..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/errors.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package negotiation - -import ( - "fmt" - "net/http" - "strings" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// errNotAcceptable indicates Accept negotiation has failed -type errNotAcceptable struct { - accepted []string -} - -// NewNotAcceptableError returns an error of NotAcceptable which contains specified string -func NewNotAcceptableError(accepted []string) error { - return errNotAcceptable{accepted} -} - -func (e errNotAcceptable) Error() string { - return fmt.Sprintf("only the following media types are accepted: %v", strings.Join(e.accepted, ", ")) -} - -func (e errNotAcceptable) Status() metav1.Status { - return metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusNotAcceptable, - Reason: metav1.StatusReasonNotAcceptable, - Message: e.Error(), - } -} - -// errNotAcceptableConversion indicates Accept negotiation has failed specifically -// for a conversion to a known type. -type errNotAcceptableConversion struct { - target string - accepted []string -} - -// NewNotAcceptableConversionError returns an error indicating that the desired -// API transformation to the target group version kind string is not accepted and -// only the listed mime types are allowed. This is temporary while Table does not -// yet support protobuf encoding. -func NewNotAcceptableConversionError(target string, accepted []string) error { - return errNotAcceptableConversion{target, accepted} -} - -func (e errNotAcceptableConversion) Error() string { - return fmt.Sprintf("only the following media types are accepted when converting to %s: %v", e.target, strings.Join(e.accepted, ", ")) -} - -func (e errNotAcceptableConversion) Status() metav1.Status { - return metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusNotAcceptable, - Reason: metav1.StatusReasonNotAcceptable, - Message: e.Error(), - } -} - -// errUnsupportedMediaType indicates Content-Type is not recognized -type errUnsupportedMediaType struct { - accepted []string -} - -// NewUnsupportedMediaTypeError returns an error of UnsupportedMediaType which contains specified string -func NewUnsupportedMediaTypeError(accepted []string) error { - return errUnsupportedMediaType{accepted} -} - -func (e errUnsupportedMediaType) Error() string { - return fmt.Sprintf("the body of the request was in an unknown format - accepted media types include: %v", strings.Join(e.accepted, ", ")) -} - -func (e errUnsupportedMediaType) Status() metav1.Status { - return metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusUnsupportedMediaType, - Reason: metav1.StatusReasonUnsupportedMediaType, - Message: e.Error(), - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/negotiate.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/negotiate.go deleted file mode 100644 index 9dbad1ea65..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/negotiation/negotiate.go +++ /dev/null @@ -1,263 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package negotiation - -import ( - "mime" - "net/http" - "strconv" - "strings" - - "github.com/munnerz/goautoneg" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// MediaTypesForSerializer returns a list of media and stream media types for the server. -func MediaTypesForSerializer(ns runtime.NegotiatedSerializer) (mediaTypes, streamMediaTypes []string) { - for _, info := range ns.SupportedMediaTypes() { - mediaTypes = append(mediaTypes, info.MediaType) - if info.StreamSerializer != nil { - // stream=watch is the existing mime-type parameter for watch - streamMediaTypes = append(streamMediaTypes, info.MediaType+";stream=watch") - } - } - return mediaTypes, streamMediaTypes -} - -// NegotiateOutputMediaType negotiates the output structured media type and a serializer, or -// returns an error. -func NegotiateOutputMediaType(req *http.Request, ns runtime.NegotiatedSerializer, restrictions EndpointRestrictions) (MediaTypeOptions, runtime.SerializerInfo, error) { - mediaType, ok := NegotiateMediaTypeOptions(req.Header.Get("Accept"), ns.SupportedMediaTypes(), restrictions) - if !ok { - supported, _ := MediaTypesForSerializer(ns) - return mediaType, runtime.SerializerInfo{}, NewNotAcceptableError(supported) - } - // TODO: move into resthandler - info := mediaType.Accepted - if (mediaType.Pretty || isPrettyPrint(req)) && info.PrettySerializer != nil { - info.Serializer = info.PrettySerializer - } - return mediaType, info, nil -} - -// NegotiateOutputMediaTypeStream returns a stream serializer for the given request. -func NegotiateOutputMediaTypeStream(req *http.Request, ns runtime.NegotiatedSerializer, restrictions EndpointRestrictions) (runtime.SerializerInfo, error) { - mediaType, ok := NegotiateMediaTypeOptions(req.Header.Get("Accept"), ns.SupportedMediaTypes(), restrictions) - if !ok || mediaType.Accepted.StreamSerializer == nil { - _, supported := MediaTypesForSerializer(ns) - return runtime.SerializerInfo{}, NewNotAcceptableError(supported) - } - return mediaType.Accepted, nil -} - -// NegotiateInputSerializer returns the input serializer for the provided request. -func NegotiateInputSerializer(req *http.Request, streaming bool, ns runtime.NegotiatedSerializer) (runtime.SerializerInfo, error) { - mediaType := req.Header.Get("Content-Type") - return NegotiateInputSerializerForMediaType(mediaType, streaming, ns) -} - -// NegotiateInputSerializerForMediaType returns the appropriate serializer for the given media type or an error. -func NegotiateInputSerializerForMediaType(mediaType string, streaming bool, ns runtime.NegotiatedSerializer) (runtime.SerializerInfo, error) { - mediaTypes := ns.SupportedMediaTypes() - if len(mediaType) == 0 { - mediaType = mediaTypes[0].MediaType - } - if mediaType, _, err := mime.ParseMediaType(mediaType); err == nil { - if info, ok := runtime.SerializerInfoForMediaType(mediaTypes, mediaType); ok { - return info, nil - } - } - - supported, streamingSupported := MediaTypesForSerializer(ns) - if streaming { - return runtime.SerializerInfo{}, NewUnsupportedMediaTypeError(streamingSupported) - } - return runtime.SerializerInfo{}, NewUnsupportedMediaTypeError(supported) -} - -// isPrettyPrint returns true if the "pretty" query parameter is true or if the User-Agent -// matches known "human" clients. -func isPrettyPrint(req *http.Request) bool { - // DEPRECATED: should be part of the content type - if req.URL != nil { - // avoid an allocation caused by parsing the URL query - if strings.Contains(req.URL.RawQuery, "pretty") { - pp := req.URL.Query().Get("pretty") - if len(pp) > 0 { - pretty, _ := strconv.ParseBool(pp) - return pretty - } - } - } - userAgent := req.UserAgent() - // This covers basic all browsers and cli http tools - if strings.HasPrefix(userAgent, "curl") || strings.HasPrefix(userAgent, "Wget") || strings.HasPrefix(userAgent, "Mozilla/5.0") { - return true - } - return false -} - -// EndpointRestrictions is an interface that allows content-type negotiation -// to verify server support for specific options -type EndpointRestrictions interface { - // AllowsMediaTypeTransform returns true if the endpoint allows either the requested mime type - // or the requested transformation. If false, the caller should ignore this mime type. If the - // target is nil, the client is not requesting a transformation. - AllowsMediaTypeTransform(mimeType, mimeSubType string, target *schema.GroupVersionKind) bool - // AllowsServerVersion should return true if the specified version is valid - // for the server group. - AllowsServerVersion(version string) bool - // AllowsStreamSchema should return true if the specified stream schema is - // valid for the server group. - AllowsStreamSchema(schema string) bool -} - -// DefaultEndpointRestrictions is the default EndpointRestrictions which allows -// content-type negotiation to verify server support for specific options -var DefaultEndpointRestrictions = emptyEndpointRestrictions{} - -type emptyEndpointRestrictions struct{} - -func (emptyEndpointRestrictions) AllowsMediaTypeTransform(mimeType string, mimeSubType string, gvk *schema.GroupVersionKind) bool { - return gvk == nil -} -func (emptyEndpointRestrictions) AllowsServerVersion(string) bool { return false } -func (emptyEndpointRestrictions) AllowsStreamSchema(s string) bool { return s == "watch" } - -// MediaTypeOptions describes information for a given media type that may alter -// the server response -type MediaTypeOptions struct { - // pretty is true if the requested representation should be formatted for human - // viewing - Pretty bool - - // stream, if set, indicates that a streaming protocol variant of this encoding - // is desired. The only currently supported value is watch which returns versioned - // events. In the future, this may refer to other stream protocols. - Stream string - - // convert is a request to alter the type of object returned by the server from the - // normal response - Convert *schema.GroupVersionKind - // useServerVersion is an optional version for the server group - UseServerVersion string - - // export is true if the representation requested should exclude fields the server - // has set - Export bool - - // unrecognized is a list of all unrecognized keys - Unrecognized []string - - // the accepted media type from the client - Accepted runtime.SerializerInfo -} - -// acceptMediaTypeOptions returns an options object that matches the provided media type params. If -// it returns false, the provided options are not allowed and the media type must be skipped. These -// parameters are unversioned and may not be changed. -func acceptMediaTypeOptions(params map[string]string, accepts *runtime.SerializerInfo, endpoint EndpointRestrictions) (MediaTypeOptions, bool) { - var options MediaTypeOptions - - // extract all known parameters - for k, v := range params { - switch k { - - // controls transformation of the object when returned - case "as": - if options.Convert == nil { - options.Convert = &schema.GroupVersionKind{} - } - options.Convert.Kind = v - case "g": - if options.Convert == nil { - options.Convert = &schema.GroupVersionKind{} - } - options.Convert.Group = v - case "v": - if options.Convert == nil { - options.Convert = &schema.GroupVersionKind{} - } - options.Convert.Version = v - - // controls the streaming schema - case "stream": - if len(v) > 0 && (accepts.StreamSerializer == nil || !endpoint.AllowsStreamSchema(v)) { - return MediaTypeOptions{}, false - } - options.Stream = v - - // controls the version of the server API group used - // for generic output - case "sv": - if len(v) > 0 && !endpoint.AllowsServerVersion(v) { - return MediaTypeOptions{}, false - } - options.UseServerVersion = v - - // if specified, the server should transform the returned - // output and remove fields that are always server specified, - // or which fit the default behavior. - case "export": - options.Export = v == "1" - - // if specified, the pretty serializer will be used - case "pretty": - options.Pretty = v == "1" - - default: - options.Unrecognized = append(options.Unrecognized, k) - } - } - - if !endpoint.AllowsMediaTypeTransform(accepts.MediaTypeType, accepts.MediaTypeSubType, options.Convert) { - return MediaTypeOptions{}, false - } - - options.Accepted = *accepts - return options, true -} - -// NegotiateMediaTypeOptions returns the most appropriate content type given the accept header and -// a list of alternatives along with the accepted media type parameters. -func NegotiateMediaTypeOptions(header string, accepted []runtime.SerializerInfo, endpoint EndpointRestrictions) (MediaTypeOptions, bool) { - if len(header) == 0 && len(accepted) > 0 { - return MediaTypeOptions{ - Accepted: accepted[0], - }, true - } - - clauses := goautoneg.ParseAccept(header) - for i := range clauses { - clause := &clauses[i] - for i := range accepted { - accepts := &accepted[i] - switch { - case clause.Type == accepts.MediaTypeType && clause.SubType == accepts.MediaTypeSubType, - clause.Type == accepts.MediaTypeType && clause.SubType == "*", - clause.Type == "*" && clause.SubType == "*": - if retVal, ret := acceptMediaTypeOptions(clause.Params, accepts, endpoint); ret { - return retVal, true - } - } - } - } - - return MediaTypeOptions{}, false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/patch.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/patch.go deleted file mode 100644 index 8f396b0574..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/patch.go +++ /dev/null @@ -1,788 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "context" - "fmt" - "net/http" - "strings" - "time" - - jsonpatch "github.com/evanphx/json-patch" - "go.opentelemetry.io/otel/attribute" - kjson "sigs.k8s.io/json" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metainternalversionscheme "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/mergepatch" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/strategicpatch" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apimachinery/pkg/util/yaml" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - "k8s.io/apiserver/pkg/endpoints/handlers/finisher" - requestmetrics "k8s.io/apiserver/pkg/endpoints/handlers/metrics" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/component-base/tracing" -) - -const ( - // maximum number of operations a single json patch may contain. - maxJSONPatchOperations = 10000 -) - -// PatchResource returns a function that will handle a resource patch. -func PatchResource(r rest.Patcher, scope *RequestScope, admit admission.Interface, patchTypes []string) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - // For performance tracking purposes. - ctx, span := tracing.Start(ctx, "Patch", traceFields(req)...) - defer span.End(500 * time.Millisecond) - - // Do this first, otherwise name extraction can fail for unrecognized content types - // TODO: handle this in negotiation - contentType := req.Header.Get("Content-Type") - // Remove "; charset=" if included in header. - if idx := strings.Index(contentType, ";"); idx > 0 { - contentType = contentType[:idx] - } - patchType := types.PatchType(contentType) - - // Ensure the patchType is one we support - if !sets.NewString(patchTypes...).Has(contentType) { - scope.err(negotiation.NewUnsupportedMediaTypeError(patchTypes), w, req) - return - } - - namespace, name, err := scope.Namer.Name(req) - if err != nil { - scope.err(err, w, req) - return - } - - // enforce a timeout of at most requestTimeoutUpperBound (34s) or less if the user-provided - // timeout inside the parent context is lower than requestTimeoutUpperBound. - ctx, cancel := context.WithTimeout(ctx, requestTimeoutUpperBound) - defer cancel() - - ctx = request.WithNamespace(ctx, namespace) - - outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - - patchBytes, err := limitedReadBodyWithRecordMetric(ctx, req, scope.MaxRequestBodyBytes, scope.Resource.GroupResource().String(), requestmetrics.Patch) - if err != nil { - span.AddEvent("limitedReadBody failed", attribute.Int("len", len(patchBytes)), attribute.String("err", err.Error())) - scope.err(err, w, req) - return - } - span.AddEvent("limitedReadBody succeeded", attribute.Int("len", len(patchBytes))) - - options := &metav1.PatchOptions{} - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, options); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - if errs := validation.ValidatePatchOptions(options, patchType); len(errs) > 0 { - err := errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "PatchOptions"}, "", errs) - scope.err(err, w, req) - return - } - options.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("PatchOptions")) - - admit = admission.WithAudit(admit) - - audit.LogRequestPatch(req.Context(), patchBytes) - span.AddEvent("Recorded the audit event") - - baseContentType := runtime.ContentTypeJSON - if patchType == types.ApplyPatchType { - baseContentType = runtime.ContentTypeYAML - } - s, ok := runtime.SerializerInfoForMediaType(scope.Serializer.SupportedMediaTypes(), baseContentType) - if !ok { - scope.err(fmt.Errorf("no serializer defined for %v", baseContentType), w, req) - return - } - gv := scope.Kind.GroupVersion() - - validationDirective := fieldValidation(options.FieldValidation) - decodeSerializer := s.Serializer - if validationDirective == metav1.FieldValidationWarn || validationDirective == metav1.FieldValidationStrict { - decodeSerializer = s.StrictSerializer - } - - codec := runtime.NewCodec( - scope.Serializer.EncoderForVersion(s.Serializer, gv), - scope.Serializer.DecoderToVersion(decodeSerializer, scope.HubGroupVersion), - ) - - userInfo, _ := request.UserFrom(ctx) - staticCreateAttributes := admission.NewAttributesRecord( - nil, - nil, - scope.Kind, - namespace, - name, - scope.Resource, - scope.Subresource, - admission.Create, - patchToCreateOptions(options), - dryrun.IsDryRun(options.DryRun), - userInfo) - staticUpdateAttributes := admission.NewAttributesRecord( - nil, - nil, - scope.Kind, - namespace, - name, - scope.Resource, - scope.Subresource, - admission.Update, - patchToUpdateOptions(options), - dryrun.IsDryRun(options.DryRun), - userInfo, - ) - - if scope.FieldManager != nil { - admit = fieldmanager.NewManagedFieldsValidatingAdmissionController(admit) - } - mutatingAdmission, _ := admit.(admission.MutationInterface) - createAuthorizerAttributes := authorizer.AttributesRecord{ - User: userInfo, - ResourceRequest: true, - Path: req.URL.Path, - Verb: "create", - APIGroup: scope.Resource.Group, - APIVersion: scope.Resource.Version, - Resource: scope.Resource.Resource, - Subresource: scope.Subresource, - Namespace: namespace, - Name: name, - } - - p := patcher{ - namer: scope.Namer, - creater: scope.Creater, - defaulter: scope.Defaulter, - typer: scope.Typer, - unsafeConvertor: scope.UnsafeConvertor, - kind: scope.Kind, - resource: scope.Resource, - subresource: scope.Subresource, - dryRun: dryrun.IsDryRun(options.DryRun), - validationDirective: validationDirective, - - objectInterfaces: scope, - - hubGroupVersion: scope.HubGroupVersion, - - createValidation: withAuthorization(rest.AdmissionToValidateObjectFunc(admit, staticCreateAttributes, scope), scope.Authorizer, createAuthorizerAttributes), - updateValidation: rest.AdmissionToValidateObjectUpdateFunc(admit, staticUpdateAttributes, scope), - admissionCheck: mutatingAdmission, - - codec: codec, - - options: options, - - restPatcher: r, - name: name, - patchType: patchType, - patchBytes: patchBytes, - userAgent: req.UserAgent(), - } - - result, wasCreated, err := p.patchResource(ctx, scope) - if err != nil { - scope.err(err, w, req) - return - } - span.AddEvent("Object stored in database") - - status := http.StatusOK - if wasCreated { - status = http.StatusCreated - } - - span.AddEvent("About to write a response") - defer span.AddEvent("Writing http response done") - transformResponseObject(ctx, scope, req, w, status, outputMediaType, result) - } -} - -type mutateObjectUpdateFunc func(ctx context.Context, obj, old runtime.Object) error - -// patcher breaks the process of patch application and retries into smaller -// pieces of functionality. -// TODO: Use builder pattern to construct this object? -// TODO: As part of that effort, some aspects of PatchResource above could be -// moved into this type. -type patcher struct { - // Pieces of RequestScope - namer ScopeNamer - creater runtime.ObjectCreater - defaulter runtime.ObjectDefaulter - typer runtime.ObjectTyper - unsafeConvertor runtime.ObjectConvertor - resource schema.GroupVersionResource - kind schema.GroupVersionKind - subresource string - dryRun bool - validationDirective string - - objectInterfaces admission.ObjectInterfaces - - hubGroupVersion schema.GroupVersion - - // Validation functions - createValidation rest.ValidateObjectFunc - updateValidation rest.ValidateObjectUpdateFunc - admissionCheck admission.MutationInterface - - codec runtime.Codec - - options *metav1.PatchOptions - - // Operation information - restPatcher rest.Patcher - name string - patchType types.PatchType - patchBytes []byte - userAgent string - - // Set at invocation-time (by applyPatch) and immutable thereafter - namespace string - updatedObjectInfo rest.UpdatedObjectInfo - mechanism patchMechanism - forceAllowCreate bool -} - -type patchMechanism interface { - applyPatchToCurrentObject(requextContext context.Context, currentObject runtime.Object) (runtime.Object, error) - createNewObject(requestContext context.Context) (runtime.Object, error) -} - -type jsonPatcher struct { - *patcher - - fieldManager *fieldmanager.FieldManager -} - -func (p *jsonPatcher) applyPatchToCurrentObject(requestContext context.Context, currentObject runtime.Object) (runtime.Object, error) { - // Encode will convert & return a versioned object in JSON. - currentObjJS, err := runtime.Encode(p.codec, currentObject) - if err != nil { - return nil, err - } - - // Apply the patch. - patchedObjJS, appliedStrictErrs, err := p.applyJSPatch(currentObjJS) - if err != nil { - return nil, err - } - - // Construct the resulting typed, unversioned object. - objToUpdate := p.restPatcher.New() - if err := runtime.DecodeInto(p.codec, patchedObjJS, objToUpdate); err != nil { - strictError, isStrictError := runtime.AsStrictDecodingError(err) - switch { - case !isStrictError: - // disregard any appliedStrictErrs, because it's an incomplete - // list of strict errors given that we don't know what fields were - // unknown because DecodeInto failed. Non-strict errors trump in this case. - return nil, errors.NewInvalid(schema.GroupKind{}, "", field.ErrorList{ - field.Invalid(field.NewPath("patch"), string(patchedObjJS), err.Error()), - }) - case p.validationDirective == metav1.FieldValidationWarn: - addStrictDecodingWarnings(requestContext, append(appliedStrictErrs, strictError.Errors()...)) - default: - strictDecodingError := runtime.NewStrictDecodingError(append(appliedStrictErrs, strictError.Errors()...)) - return nil, errors.NewInvalid(schema.GroupKind{}, "", field.ErrorList{ - field.Invalid(field.NewPath("patch"), string(patchedObjJS), strictDecodingError.Error()), - }) - } - } else if len(appliedStrictErrs) > 0 { - switch { - case p.validationDirective == metav1.FieldValidationWarn: - addStrictDecodingWarnings(requestContext, appliedStrictErrs) - default: - return nil, errors.NewInvalid(schema.GroupKind{}, "", field.ErrorList{ - field.Invalid(field.NewPath("patch"), string(patchedObjJS), runtime.NewStrictDecodingError(appliedStrictErrs).Error()), - }) - } - } - - if p.fieldManager != nil { - objToUpdate = p.fieldManager.UpdateNoErrors(currentObject, objToUpdate, managerOrUserAgent(p.options.FieldManager, p.userAgent)) - } - return objToUpdate, nil -} - -func (p *jsonPatcher) createNewObject(_ context.Context) (runtime.Object, error) { - return nil, errors.NewNotFound(p.resource.GroupResource(), p.name) -} - -type jsonPatchOp struct { - Op string `json:"op"` - Path string `json:"path"` - From string `json:"from"` - Value interface{} `json:"value"` -} - -// applyJSPatch applies the patch. Input and output objects must both have -// the external version, since that is what the patch must have been constructed against. -func (p *jsonPatcher) applyJSPatch(versionedJS []byte) (patchedJS []byte, strictErrors []error, retErr error) { - switch p.patchType { - case types.JSONPatchType: - if p.validationDirective == metav1.FieldValidationStrict || p.validationDirective == metav1.FieldValidationWarn { - var v []jsonPatchOp - var err error - if strictErrors, err = kjson.UnmarshalStrict(p.patchBytes, &v); err != nil { - return nil, nil, errors.NewBadRequest(fmt.Sprintf("error decoding patch: %v", err)) - } - for i, e := range strictErrors { - strictErrors[i] = fmt.Errorf("json patch %v", e) - } - } - - patchObj, err := jsonpatch.DecodePatch(p.patchBytes) - if err != nil { - return nil, nil, errors.NewBadRequest(err.Error()) - } - if len(patchObj) > maxJSONPatchOperations { - return nil, nil, errors.NewRequestEntityTooLargeError( - fmt.Sprintf("The allowed maximum operations in a JSON patch is %d, got %d", - maxJSONPatchOperations, len(patchObj))) - } - patchedJS, err := patchObj.Apply(versionedJS) - if err != nil { - return nil, nil, errors.NewGenericServerResponse(http.StatusUnprocessableEntity, "", schema.GroupResource{}, "", err.Error(), 0, false) - } - return patchedJS, strictErrors, nil - case types.MergePatchType: - if p.validationDirective == metav1.FieldValidationStrict || p.validationDirective == metav1.FieldValidationWarn { - v := map[string]interface{}{} - var err error - strictErrors, err = kjson.UnmarshalStrict(p.patchBytes, &v) - if err != nil { - return nil, nil, errors.NewBadRequest(fmt.Sprintf("error decoding patch: %v", err)) - } - } - - patchedJS, retErr = jsonpatch.MergePatch(versionedJS, p.patchBytes) - if retErr == jsonpatch.ErrBadJSONPatch { - return nil, nil, errors.NewBadRequest(retErr.Error()) - } - return patchedJS, strictErrors, retErr - default: - // only here as a safety net - go-restful filters content-type - return nil, nil, fmt.Errorf("unknown Content-Type header for patch: %v", p.patchType) - } -} - -type smpPatcher struct { - *patcher - - // Schema - schemaReferenceObj runtime.Object - fieldManager *fieldmanager.FieldManager -} - -func (p *smpPatcher) applyPatchToCurrentObject(requestContext context.Context, currentObject runtime.Object) (runtime.Object, error) { - // Since the patch is applied on versioned objects, we need to convert the - // current object to versioned representation first. - currentVersionedObject, err := p.unsafeConvertor.ConvertToVersion(currentObject, p.kind.GroupVersion()) - if err != nil { - return nil, err - } - versionedObjToUpdate, err := p.creater.New(p.kind) - if err != nil { - return nil, err - } - if err := strategicPatchObject(requestContext, p.defaulter, currentVersionedObject, p.patchBytes, versionedObjToUpdate, p.schemaReferenceObj, p.validationDirective); err != nil { - return nil, err - } - // Convert the object back to the hub version - newObj, err := p.unsafeConvertor.ConvertToVersion(versionedObjToUpdate, p.hubGroupVersion) - if err != nil { - return nil, err - } - - if p.fieldManager != nil { - newObj = p.fieldManager.UpdateNoErrors(currentObject, newObj, managerOrUserAgent(p.options.FieldManager, p.userAgent)) - } - return newObj, nil -} - -func (p *smpPatcher) createNewObject(_ context.Context) (runtime.Object, error) { - return nil, errors.NewNotFound(p.resource.GroupResource(), p.name) -} - -type applyPatcher struct { - patch []byte - options *metav1.PatchOptions - creater runtime.ObjectCreater - kind schema.GroupVersionKind - fieldManager *fieldmanager.FieldManager - userAgent string - validationDirective string -} - -func (p *applyPatcher) applyPatchToCurrentObject(requestContext context.Context, obj runtime.Object) (runtime.Object, error) { - force := false - if p.options.Force != nil { - force = *p.options.Force - } - if p.fieldManager == nil { - panic("FieldManager must be installed to run apply") - } - - patchObj := &unstructured.Unstructured{Object: map[string]interface{}{}} - if err := yaml.Unmarshal(p.patch, &patchObj.Object); err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("error decoding YAML: %v", err)) - } - - obj, err := p.fieldManager.Apply(obj, patchObj, p.options.FieldManager, force) - if err != nil { - return obj, err - } - - // TODO: spawn something to track deciding whether a fieldValidation=Strict - // fatal error should return before an error from the apply operation - if p.validationDirective == metav1.FieldValidationStrict || p.validationDirective == metav1.FieldValidationWarn { - if err := yaml.UnmarshalStrict(p.patch, &map[string]interface{}{}); err != nil { - if p.validationDirective == metav1.FieldValidationStrict { - return nil, errors.NewBadRequest(fmt.Sprintf("error strict decoding YAML: %v", err)) - } - addStrictDecodingWarnings(requestContext, []error{err}) - } - } - return obj, nil -} - -func (p *applyPatcher) createNewObject(requestContext context.Context) (runtime.Object, error) { - obj, err := p.creater.New(p.kind) - if err != nil { - return nil, fmt.Errorf("failed to create new object: %v", err) - } - return p.applyPatchToCurrentObject(requestContext, obj) -} - -// strategicPatchObject applies a strategic merge patch of `patchBytes` to -// `originalObject` and stores the result in `objToUpdate`. -// It additionally returns the map[string]interface{} representation of the -// `originalObject` and `patchBytes`. -// NOTE: Both `originalObject` and `objToUpdate` are supposed to be versioned. -func strategicPatchObject( - requestContext context.Context, - defaulter runtime.ObjectDefaulter, - originalObject runtime.Object, - patchBytes []byte, - objToUpdate runtime.Object, - schemaReferenceObj runtime.Object, - validationDirective string, -) error { - originalObjMap, err := runtime.DefaultUnstructuredConverter.ToUnstructured(originalObject) - if err != nil { - return err - } - - patchMap := make(map[string]interface{}) - var strictErrs []error - if validationDirective == metav1.FieldValidationWarn || validationDirective == metav1.FieldValidationStrict { - strictErrs, err = kjson.UnmarshalStrict(patchBytes, &patchMap) - if err != nil { - return errors.NewBadRequest(err.Error()) - } - } else { - if err = kjson.UnmarshalCaseSensitivePreserveInts(patchBytes, &patchMap); err != nil { - return errors.NewBadRequest(err.Error()) - } - } - - if err := applyPatchToObject(requestContext, defaulter, originalObjMap, patchMap, objToUpdate, schemaReferenceObj, strictErrs, validationDirective); err != nil { - return err - } - return nil -} - -// applyPatch is called every time GuaranteedUpdate asks for the updated object, -// and is given the currently persisted object as input. -// TODO: rename this function because the name implies it is related to applyPatcher -func (p *patcher) applyPatch(ctx context.Context, _, currentObject runtime.Object) (objToUpdate runtime.Object, patchErr error) { - // Make sure we actually have a persisted currentObject - tracing.SpanFromContext(ctx).AddEvent("About to apply patch") - currentObjectHasUID, err := hasUID(currentObject) - if err != nil { - return nil, err - } else if !currentObjectHasUID { - objToUpdate, patchErr = p.mechanism.createNewObject(ctx) - } else { - objToUpdate, patchErr = p.mechanism.applyPatchToCurrentObject(ctx, currentObject) - } - - if patchErr != nil { - return nil, patchErr - } - - objToUpdateHasUID, err := hasUID(objToUpdate) - if err != nil { - return nil, err - } - if objToUpdateHasUID && !currentObjectHasUID { - accessor, err := meta.Accessor(objToUpdate) - if err != nil { - return nil, err - } - return nil, errors.NewConflict(p.resource.GroupResource(), p.name, fmt.Errorf("uid mismatch: the provided object specified uid %s, and no existing object was found", accessor.GetUID())) - } - - // if this object supports namespace info - if objectMeta, err := meta.Accessor(objToUpdate); err == nil { - // ensure namespace on the object is correct, or error if a conflicting namespace was set in the object - if err := rest.EnsureObjectNamespaceMatchesRequestNamespace(rest.ExpectedNamespaceForResource(p.namespace, p.resource), objectMeta); err != nil { - return nil, err - } - } - - if err := checkName(objToUpdate, p.name, p.namespace, p.namer); err != nil { - return nil, err - } - return objToUpdate, nil -} - -func (p *patcher) admissionAttributes(ctx context.Context, updatedObject runtime.Object, currentObject runtime.Object, operation admission.Operation, operationOptions runtime.Object) admission.Attributes { - userInfo, _ := request.UserFrom(ctx) - return admission.NewAttributesRecord(updatedObject, currentObject, p.kind, p.namespace, p.name, p.resource, p.subresource, operation, operationOptions, p.dryRun, userInfo) -} - -// applyAdmission is called every time GuaranteedUpdate asks for the updated object, -// and is given the currently persisted object and the patched object as input. -// TODO: rename this function because the name implies it is related to applyPatcher -func (p *patcher) applyAdmission(ctx context.Context, patchedObject runtime.Object, currentObject runtime.Object) (runtime.Object, error) { - tracing.SpanFromContext(ctx).AddEvent("About to check admission control") - var operation admission.Operation - var options runtime.Object - if hasUID, err := hasUID(currentObject); err != nil { - return nil, err - } else if !hasUID { - operation = admission.Create - currentObject = nil - options = patchToCreateOptions(p.options) - } else { - operation = admission.Update - options = patchToUpdateOptions(p.options) - } - if p.admissionCheck != nil && p.admissionCheck.Handles(operation) { - attributes := p.admissionAttributes(ctx, patchedObject, currentObject, operation, options) - return patchedObject, p.admissionCheck.Admit(ctx, attributes, p.objectInterfaces) - } - return patchedObject, nil -} - -// patchResource divides PatchResource for easier unit testing -func (p *patcher) patchResource(ctx context.Context, scope *RequestScope) (runtime.Object, bool, error) { - p.namespace = request.NamespaceValue(ctx) - switch p.patchType { - case types.JSONPatchType, types.MergePatchType: - p.mechanism = &jsonPatcher{ - patcher: p, - fieldManager: scope.FieldManager, - } - case types.StrategicMergePatchType: - schemaReferenceObj, err := p.unsafeConvertor.ConvertToVersion(p.restPatcher.New(), p.kind.GroupVersion()) - if err != nil { - return nil, false, err - } - p.mechanism = &smpPatcher{ - patcher: p, - schemaReferenceObj: schemaReferenceObj, - fieldManager: scope.FieldManager, - } - // this case is unreachable if ServerSideApply is not enabled because we will have already rejected the content type - case types.ApplyPatchType: - p.mechanism = &applyPatcher{ - fieldManager: scope.FieldManager, - patch: p.patchBytes, - options: p.options, - creater: p.creater, - kind: p.kind, - userAgent: p.userAgent, - validationDirective: p.validationDirective, - } - p.forceAllowCreate = true - default: - return nil, false, fmt.Errorf("%v: unimplemented patch type", p.patchType) - } - dedupOwnerReferencesTransformer := func(_ context.Context, obj, _ runtime.Object) (runtime.Object, error) { - // Dedup owner references after mutating admission happens - dedupOwnerReferencesAndAddWarning(obj, ctx, true) - return obj, nil - } - - transformers := []rest.TransformFunc{p.applyPatch, p.applyAdmission, dedupOwnerReferencesTransformer} - if scope.FieldManager != nil { - transformers = append(transformers, fieldmanager.IgnoreManagedFieldsTimestampsTransformer) - } - - wasCreated := false - p.updatedObjectInfo = rest.DefaultUpdatedObjectInfo(nil, transformers...) - requestFunc := func() (runtime.Object, error) { - // Pass in UpdateOptions to override UpdateStrategy.AllowUpdateOnCreate - options := patchToUpdateOptions(p.options) - updateObject, created, updateErr := p.restPatcher.Update(ctx, p.name, p.updatedObjectInfo, p.createValidation, p.updateValidation, p.forceAllowCreate, options) - wasCreated = created - return updateObject, updateErr - } - result, err := finisher.FinishRequest(ctx, func() (runtime.Object, error) { - - result, err := requestFunc() - // If the object wasn't committed to storage because it's serialized size was too large, - // it is safe to remove managedFields (which can be large) and try again. - if isTooLargeError(err) && p.patchType != types.ApplyPatchType { - if _, accessorErr := meta.Accessor(p.restPatcher.New()); accessorErr == nil { - p.updatedObjectInfo = rest.DefaultUpdatedObjectInfo(nil, - p.applyPatch, - p.applyAdmission, - dedupOwnerReferencesTransformer, - func(_ context.Context, obj, _ runtime.Object) (runtime.Object, error) { - accessor, _ := meta.Accessor(obj) - accessor.SetManagedFields(nil) - return obj, nil - }) - result, err = requestFunc() - } - } - return result, err - }) - return result, wasCreated, err -} - -// applyPatchToObject applies a strategic merge patch of <patchMap> to -// <originalMap> and stores the result in <objToUpdate>. -// NOTE: <objToUpdate> must be a versioned object. -func applyPatchToObject( - requestContext context.Context, - defaulter runtime.ObjectDefaulter, - originalMap map[string]interface{}, - patchMap map[string]interface{}, - objToUpdate runtime.Object, - schemaReferenceObj runtime.Object, - strictErrs []error, - validationDirective string, -) error { - patchedObjMap, err := strategicpatch.StrategicMergeMapPatch(originalMap, patchMap, schemaReferenceObj) - if err != nil { - return interpretStrategicMergePatchError(err) - } - - // Rather than serialize the patched map to JSON, then decode it to an object, we go directly from a map to an object - converter := runtime.DefaultUnstructuredConverter - returnUnknownFields := validationDirective == metav1.FieldValidationWarn || validationDirective == metav1.FieldValidationStrict - if err := converter.FromUnstructuredWithValidation(patchedObjMap, objToUpdate, returnUnknownFields); err != nil { - strictError, isStrictError := runtime.AsStrictDecodingError(err) - switch { - case !isStrictError: - // disregard any sttrictErrs, because it's an incomplete - // list of strict errors given that we don't know what fields were - // unknown because StrategicMergeMapPatch failed. - // Non-strict errors trump in this case. - return errors.NewInvalid(schema.GroupKind{}, "", field.ErrorList{ - field.Invalid(field.NewPath("patch"), fmt.Sprintf("%+v", patchMap), err.Error()), - }) - case validationDirective == metav1.FieldValidationWarn: - addStrictDecodingWarnings(requestContext, append(strictErrs, strictError.Errors()...)) - default: - strictDecodingError := runtime.NewStrictDecodingError(append(strictErrs, strictError.Errors()...)) - return errors.NewInvalid(schema.GroupKind{}, "", field.ErrorList{ - field.Invalid(field.NewPath("patch"), fmt.Sprintf("%+v", patchMap), strictDecodingError.Error()), - }) - } - } else if len(strictErrs) > 0 { - switch { - case validationDirective == metav1.FieldValidationWarn: - addStrictDecodingWarnings(requestContext, strictErrs) - default: - return errors.NewInvalid(schema.GroupKind{}, "", field.ErrorList{ - field.Invalid(field.NewPath("patch"), fmt.Sprintf("%+v", patchMap), runtime.NewStrictDecodingError(strictErrs).Error()), - }) - } - } - - // Decoding from JSON to a versioned object would apply defaults, so we do the same here - defaulter.Default(objToUpdate) - - return nil -} - -// interpretStrategicMergePatchError interprets the error type and returns an error with appropriate HTTP code. -func interpretStrategicMergePatchError(err error) error { - switch err { - case mergepatch.ErrBadJSONDoc, mergepatch.ErrBadPatchFormatForPrimitiveList, mergepatch.ErrBadPatchFormatForRetainKeys, mergepatch.ErrBadPatchFormatForSetElementOrderList, mergepatch.ErrUnsupportedStrategicMergePatchFormat: - return errors.NewBadRequest(err.Error()) - case mergepatch.ErrNoListOfLists, mergepatch.ErrPatchContentNotMatchRetainKeys: - return errors.NewGenericServerResponse(http.StatusUnprocessableEntity, "", schema.GroupResource{}, "", err.Error(), 0, false) - default: - return err - } -} - -// patchToUpdateOptions creates an UpdateOptions with the same field values as the provided PatchOptions. -func patchToUpdateOptions(po *metav1.PatchOptions) *metav1.UpdateOptions { - if po == nil { - return nil - } - uo := &metav1.UpdateOptions{ - DryRun: po.DryRun, - FieldManager: po.FieldManager, - FieldValidation: po.FieldValidation, - } - uo.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("UpdateOptions")) - return uo -} - -// patchToCreateOptions creates an CreateOptions with the same field values as the provided PatchOptions. -func patchToCreateOptions(po *metav1.PatchOptions) *metav1.CreateOptions { - if po == nil { - return nil - } - co := &metav1.CreateOptions{ - DryRun: po.DryRun, - FieldManager: po.FieldManager, - FieldValidation: po.FieldValidation, - } - co.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("CreateOptions")) - return co -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/response.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/response.go deleted file mode 100644 index 4780c59fd4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/response.go +++ /dev/null @@ -1,287 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "context" - "fmt" - "net/http" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metainternalversionscheme "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1" - "k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - endpointsrequest "k8s.io/apiserver/pkg/endpoints/request" -) - -// transformObject takes the object as returned by storage and ensures it is in -// the client's desired form, as well as ensuring any API level fields like self-link -// are properly set. -func transformObject(ctx context.Context, obj runtime.Object, opts interface{}, mediaType negotiation.MediaTypeOptions, scope *RequestScope, req *http.Request) (runtime.Object, error) { - if co, ok := obj.(runtime.CacheableObject); ok { - if mediaType.Convert != nil { - // Non-nil mediaType.Convert means that some conversion of the object - // has to happen. Currently conversion may potentially modify the - // object or assume something about it (e.g. asTable operates on - // reflection, which won't work for any wrapper). - // To ensure it will work correctly, let's operate on base objects - // and not cache it for now. - // - // TODO: Long-term, transformObject should be changed so that it - // implements runtime.Encoder interface. - return doTransformObject(ctx, co.GetObject(), opts, mediaType, scope, req) - } - } - return doTransformObject(ctx, obj, opts, mediaType, scope, req) -} - -func doTransformObject(ctx context.Context, obj runtime.Object, opts interface{}, mediaType negotiation.MediaTypeOptions, scope *RequestScope, req *http.Request) (runtime.Object, error) { - if _, ok := obj.(*metav1.Status); ok { - return obj, nil - } - - // ensure that for empty lists we don't return <nil> items. - // This is safe to modify without deep-copying the object, as - // List objects themselves are never cached. - if meta.IsListType(obj) && meta.LenList(obj) == 0 { - if err := meta.SetList(obj, []runtime.Object{}); err != nil { - return nil, err - } - } - - switch target := mediaType.Convert; { - case target == nil: - return obj, nil - - case target.Kind == "PartialObjectMetadata": - return asPartialObjectMetadata(obj, target.GroupVersion()) - - case target.Kind == "PartialObjectMetadataList": - return asPartialObjectMetadataList(obj, target.GroupVersion()) - - case target.Kind == "Table": - options, ok := opts.(*metav1.TableOptions) - if !ok { - return nil, fmt.Errorf("unexpected TableOptions, got %T", opts) - } - return asTable(ctx, obj, options, scope, target.GroupVersion()) - - default: - accepted, _ := negotiation.MediaTypesForSerializer(metainternalversionscheme.Codecs) - err := negotiation.NewNotAcceptableError(accepted) - return nil, err - } -} - -// optionsForTransform will load and validate any additional query parameter options for -// a conversion or return an error. -func optionsForTransform(mediaType negotiation.MediaTypeOptions, req *http.Request) (interface{}, error) { - switch target := mediaType.Convert; { - case target == nil: - case target.Kind == "Table" && (target.GroupVersion() == metav1beta1.SchemeGroupVersion || target.GroupVersion() == metav1.SchemeGroupVersion): - opts := &metav1.TableOptions{} - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), metav1.SchemeGroupVersion, opts); err != nil { - return nil, err - } - switch errs := validation.ValidateTableOptions(opts); len(errs) { - case 0: - return opts, nil - case 1: - return nil, errors.NewBadRequest(fmt.Sprintf("Unable to convert to Table as requested: %v", errs[0].Error())) - default: - return nil, errors.NewBadRequest(fmt.Sprintf("Unable to convert to Table as requested: %v", errs)) - } - } - return nil, nil -} - -// targetEncodingForTransform returns the appropriate serializer for the input media type -func targetEncodingForTransform(scope *RequestScope, mediaType negotiation.MediaTypeOptions, req *http.Request) (schema.GroupVersionKind, runtime.NegotiatedSerializer, bool) { - switch target := mediaType.Convert; { - case target == nil: - case (target.Kind == "PartialObjectMetadata" || target.Kind == "PartialObjectMetadataList" || target.Kind == "Table") && - (target.GroupVersion() == metav1beta1.SchemeGroupVersion || target.GroupVersion() == metav1.SchemeGroupVersion): - return *target, metainternalversionscheme.Codecs, true - } - return scope.Kind, scope.Serializer, false -} - -// transformResponseObject takes an object loaded from storage and performs any necessary transformations. -// Will write the complete response object. -func transformResponseObject(ctx context.Context, scope *RequestScope, req *http.Request, w http.ResponseWriter, statusCode int, mediaType negotiation.MediaTypeOptions, result runtime.Object) { - options, err := optionsForTransform(mediaType, req) - if err != nil { - scope.err(err, w, req) - return - } - - var obj runtime.Object - do := func() { - obj, err = transformObject(ctx, result, options, mediaType, scope, req) - } - endpointsrequest.TrackTransformResponseObjectLatency(ctx, do) - - if err != nil { - scope.err(err, w, req) - return - } - kind, serializer, _ := targetEncodingForTransform(scope, mediaType, req) - responsewriters.WriteObjectNegotiated(serializer, scope, kind.GroupVersion(), w, req, statusCode, obj, false) -} - -// errNotAcceptable indicates Accept negotiation has failed -type errNotAcceptable struct { - message string -} - -func newNotAcceptableError(message string) error { - return errNotAcceptable{message} -} - -func (e errNotAcceptable) Error() string { - return e.message -} - -func (e errNotAcceptable) Status() metav1.Status { - return metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusNotAcceptable, - Reason: metav1.StatusReason("NotAcceptable"), - Message: e.Error(), - } -} - -func asTable(ctx context.Context, result runtime.Object, opts *metav1.TableOptions, scope *RequestScope, groupVersion schema.GroupVersion) (runtime.Object, error) { - switch groupVersion { - case metav1beta1.SchemeGroupVersion, metav1.SchemeGroupVersion: - default: - return nil, newNotAcceptableError(fmt.Sprintf("no Table exists in group version %s", groupVersion)) - } - - obj, err := scope.TableConvertor.ConvertToTable(ctx, result, opts) - if err != nil { - return nil, err - } - - table := (*metav1.Table)(obj) - - for i := range table.Rows { - item := &table.Rows[i] - switch opts.IncludeObject { - case metav1.IncludeObject: - item.Object.Object, err = scope.Convertor.ConvertToVersion(item.Object.Object, scope.Kind.GroupVersion()) - if err != nil { - return nil, err - } - // TODO: rely on defaulting for the value here? - case metav1.IncludeMetadata, "": - m, err := meta.Accessor(item.Object.Object) - if err != nil { - return nil, err - } - // TODO: turn this into an internal type and do conversion in order to get object kind automatically set? - partial := meta.AsPartialObjectMetadata(m) - partial.GetObjectKind().SetGroupVersionKind(groupVersion.WithKind("PartialObjectMetadata")) - item.Object.Object = partial - case metav1.IncludeNone: - item.Object.Object = nil - default: - err = errors.NewBadRequest(fmt.Sprintf("unrecognized includeObject value: %q", opts.IncludeObject)) - return nil, err - } - } - - return table, nil -} - -func asPartialObjectMetadata(result runtime.Object, groupVersion schema.GroupVersion) (runtime.Object, error) { - if meta.IsListType(result) { - err := newNotAcceptableError(fmt.Sprintf("you requested PartialObjectMetadata, but the requested object is a list (%T)", result)) - return nil, err - } - switch groupVersion { - case metav1beta1.SchemeGroupVersion, metav1.SchemeGroupVersion: - default: - return nil, newNotAcceptableError(fmt.Sprintf("no PartialObjectMetadataList exists in group version %s", groupVersion)) - } - m, err := meta.Accessor(result) - if err != nil { - return nil, err - } - partial := meta.AsPartialObjectMetadata(m) - partial.GetObjectKind().SetGroupVersionKind(groupVersion.WithKind("PartialObjectMetadata")) - return partial, nil -} - -func asPartialObjectMetadataList(result runtime.Object, groupVersion schema.GroupVersion) (runtime.Object, error) { - li, ok := result.(metav1.ListInterface) - if !ok { - return nil, newNotAcceptableError(fmt.Sprintf("you requested PartialObjectMetadataList, but the requested object is not a list (%T)", result)) - } - - gvk := groupVersion.WithKind("PartialObjectMetadata") - switch { - case groupVersion == metav1beta1.SchemeGroupVersion: - list := &metav1beta1.PartialObjectMetadataList{} - err := meta.EachListItem(result, func(obj runtime.Object) error { - m, err := meta.Accessor(obj) - if err != nil { - return err - } - partial := meta.AsPartialObjectMetadata(m) - partial.GetObjectKind().SetGroupVersionKind(gvk) - list.Items = append(list.Items, *partial) - return nil - }) - if err != nil { - return nil, err - } - list.ResourceVersion = li.GetResourceVersion() - list.Continue = li.GetContinue() - list.RemainingItemCount = li.GetRemainingItemCount() - return list, nil - - case groupVersion == metav1.SchemeGroupVersion: - list := &metav1.PartialObjectMetadataList{} - err := meta.EachListItem(result, func(obj runtime.Object) error { - m, err := meta.Accessor(obj) - if err != nil { - return err - } - partial := meta.AsPartialObjectMetadata(m) - partial.GetObjectKind().SetGroupVersionKind(gvk) - list.Items = append(list.Items, *partial) - return nil - }) - if err != nil { - return nil, err - } - list.ResourceVersion = li.GetResourceVersion() - list.Continue = li.GetContinue() - list.RemainingItemCount = li.GetRemainingItemCount() - return list, nil - - default: - return nil, newNotAcceptableError(fmt.Sprintf("no PartialObjectMetadataList exists in group version %s", groupVersion)) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/doc.go deleted file mode 100644 index b76758b793..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package responsewriters containers helpers to write responses in HTTP handlers. -package responsewriters // import "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/errors.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/errors.go deleted file mode 100644 index d13bee4d22..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/errors.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package responsewriters - -import ( - "context" - "fmt" - "net/http" - "strings" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" -) - -// Avoid emitting errors that look like valid HTML. Quotes are okay. -var sanitizer = strings.NewReplacer(`&`, "&amp;", `<`, "&lt;", `>`, "&gt;") - -// Forbidden renders a simple forbidden error -func Forbidden(ctx context.Context, attributes authorizer.Attributes, w http.ResponseWriter, req *http.Request, reason string, s runtime.NegotiatedSerializer) { - msg := sanitizer.Replace(forbiddenMessage(attributes)) - w.Header().Set("X-Content-Type-Options", "nosniff") - - var errMsg string - if len(reason) == 0 { - errMsg = fmt.Sprintf("%s", msg) - } else { - errMsg = fmt.Sprintf("%s: %s", msg, reason) - } - gv := schema.GroupVersion{Group: attributes.GetAPIGroup(), Version: attributes.GetAPIVersion()} - gr := schema.GroupResource{Group: attributes.GetAPIGroup(), Resource: attributes.GetResource()} - ErrorNegotiated(apierrors.NewForbidden(gr, attributes.GetName(), fmt.Errorf(errMsg)), s, gv, w, req) -} - -func forbiddenMessage(attributes authorizer.Attributes) string { - username := "" - if user := attributes.GetUser(); user != nil { - username = user.GetName() - } - - if !attributes.IsResourceRequest() { - return fmt.Sprintf("User %q cannot %s path %q", username, attributes.GetVerb(), attributes.GetPath()) - } - - resource := attributes.GetResource() - if subresource := attributes.GetSubresource(); len(subresource) > 0 { - resource = resource + "/" + subresource - } - - if ns := attributes.GetNamespace(); len(ns) > 0 { - return fmt.Sprintf("User %q cannot %s resource %q in API group %q in the namespace %q", username, attributes.GetVerb(), resource, attributes.GetAPIGroup(), ns) - } - - return fmt.Sprintf("User %q cannot %s resource %q in API group %q at the cluster scope", username, attributes.GetVerb(), resource, attributes.GetAPIGroup()) -} - -// InternalError renders a simple internal error -func InternalError(w http.ResponseWriter, req *http.Request, err error) { - http.Error(w, sanitizer.Replace(fmt.Sprintf("Internal Server Error: %q: %v", req.RequestURI, err)), - http.StatusInternalServerError) - utilruntime.HandleError(err) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/status.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/status.go deleted file mode 100644 index bb14a15be8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/status.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package responsewriters - -import ( - "fmt" - "net/http" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/storage" -) - -// statusError is an object that can be converted into an metav1.Status -type statusError interface { - Status() metav1.Status -} - -// ErrorToAPIStatus converts an error to an metav1.Status object. -func ErrorToAPIStatus(err error) *metav1.Status { - switch t := err.(type) { - case statusError: - status := t.Status() - if len(status.Status) == 0 { - status.Status = metav1.StatusFailure - } - switch status.Status { - case metav1.StatusSuccess: - if status.Code == 0 { - status.Code = http.StatusOK - } - case metav1.StatusFailure: - if status.Code == 0 { - status.Code = http.StatusInternalServerError - } - default: - runtime.HandleError(fmt.Errorf("apiserver received an error with wrong status field : %#+v", err)) - if status.Code == 0 { - status.Code = http.StatusInternalServerError - } - } - status.Kind = "Status" - status.APIVersion = "v1" - //TODO: check for invalid responses - return &status - default: - status := http.StatusInternalServerError - switch { - //TODO: replace me with NewConflictErr - case storage.IsConflict(err): - status = http.StatusConflict - } - // Log errors that were not converted to an error status - // by REST storage - these typically indicate programmer - // error by not using pkg/api/errors, or unexpected failure - // cases. - runtime.HandleError(fmt.Errorf("apiserver received an error that is not an metav1.Status: %#+v: %v", err, err)) - return &metav1.Status{ - TypeMeta: metav1.TypeMeta{ - Kind: "Status", - APIVersion: "v1", - }, - Status: metav1.StatusFailure, - Code: int32(status), - Reason: metav1.StatusReasonUnknown, - Message: err.Error(), - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/writers.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/writers.go deleted file mode 100644 index cf84e8e290..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/writers.go +++ /dev/null @@ -1,343 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package responsewriters - -import ( - "compress/gzip" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strconv" - "strings" - "sync" - "time" - - "go.opentelemetry.io/otel/attribute" - - "k8s.io/apiserver/pkg/features" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/apiserver/pkg/util/flushwriter" - "k8s.io/apiserver/pkg/util/wsstream" - "k8s.io/component-base/tracing" -) - -// StreamObject performs input stream negotiation from a ResourceStreamer and writes that to the response. -// If the client requests a websocket upgrade, negotiate for a websocket reader protocol (because many -// browser clients cannot easily handle binary streaming protocols). -func StreamObject(statusCode int, gv schema.GroupVersion, s runtime.NegotiatedSerializer, stream rest.ResourceStreamer, w http.ResponseWriter, req *http.Request) { - out, flush, contentType, err := stream.InputStream(req.Context(), gv.String(), req.Header.Get("Accept")) - if err != nil { - ErrorNegotiated(err, s, gv, w, req) - return - } - if out == nil { - // No output provided - return StatusNoContent - w.WriteHeader(http.StatusNoContent) - return - } - defer out.Close() - - if wsstream.IsWebSocketRequest(req) { - r := wsstream.NewReader(out, true, wsstream.NewDefaultReaderProtocols()) - if err := r.Copy(w, req); err != nil { - utilruntime.HandleError(fmt.Errorf("error encountered while streaming results via websocket: %v", err)) - } - return - } - - if len(contentType) == 0 { - contentType = "application/octet-stream" - } - w.Header().Set("Content-Type", contentType) - w.WriteHeader(statusCode) - // Flush headers, if possible - if flusher, ok := w.(http.Flusher); ok { - flusher.Flush() - } - writer := w.(io.Writer) - if flush { - writer = flushwriter.Wrap(w) - } - io.Copy(writer, out) -} - -// SerializeObject renders an object in the content type negotiated by the client using the provided encoder. -// The context is optional and can be nil. This method will perform optional content compression if requested by -// a client and the feature gate for APIResponseCompression is enabled. -func SerializeObject(mediaType string, encoder runtime.Encoder, hw http.ResponseWriter, req *http.Request, statusCode int, object runtime.Object) { - ctx := req.Context() - ctx, span := tracing.Start(ctx, "SerializeObject", - attribute.String("audit-id", audit.GetAuditIDTruncated(ctx)), - attribute.String("method", req.Method), - attribute.String("url", req.URL.Path), - attribute.String("protocol", req.Proto), - attribute.String("mediaType", mediaType), - attribute.String("encoder", string(encoder.Identifier()))) - defer span.End(5 * time.Second) - - w := &deferredResponseWriter{ - mediaType: mediaType, - statusCode: statusCode, - contentEncoding: negotiateContentEncoding(req), - hw: hw, - ctx: ctx, - } - - err := encoder.Encode(object, w) - if err == nil { - err = w.Close() - if err != nil { - // we cannot write an error to the writer anymore as the Encode call was successful. - utilruntime.HandleError(fmt.Errorf("apiserver was unable to close cleanly the response writer: %v", err)) - } - return - } - - // make a best effort to write the object if a failure is detected - utilruntime.HandleError(fmt.Errorf("apiserver was unable to write a JSON response: %v", err)) - status := ErrorToAPIStatus(err) - candidateStatusCode := int(status.Code) - // if the current status code is successful, allow the error's status code to overwrite it - if statusCode >= http.StatusOK && statusCode < http.StatusBadRequest { - w.statusCode = candidateStatusCode - } - output, err := runtime.Encode(encoder, status) - if err != nil { - w.mediaType = "text/plain" - output = []byte(fmt.Sprintf("%s: %s", status.Reason, status.Message)) - } - if _, err := w.Write(output); err != nil { - utilruntime.HandleError(fmt.Errorf("apiserver was unable to write a fallback JSON response: %v", err)) - } - w.Close() -} - -var gzipPool = &sync.Pool{ - New: func() interface{} { - gw, err := gzip.NewWriterLevel(nil, defaultGzipContentEncodingLevel) - if err != nil { - panic(err) - } - return gw - }, -} - -const ( - // defaultGzipContentEncodingLevel is set to 1 which uses least CPU compared to higher levels, yet offers - // similar compression ratios (off by at most 1.5x, but typically within 1.1x-1.3x). For further details see - - // https://github.com/kubernetes/kubernetes/issues/112296 - defaultGzipContentEncodingLevel = 1 - // defaultGzipThresholdBytes is compared to the size of the first write from the stream - // (usually the entire object), and if the size is smaller no gzipping will be performed - // if the client requests it. - defaultGzipThresholdBytes = 128 * 1024 -) - -// negotiateContentEncoding returns a supported client-requested content encoding for the -// provided request. It will return the empty string if no supported content encoding was -// found or if response compression is disabled. -func negotiateContentEncoding(req *http.Request) string { - encoding := req.Header.Get("Accept-Encoding") - if len(encoding) == 0 { - return "" - } - if !utilfeature.DefaultFeatureGate.Enabled(features.APIResponseCompression) { - return "" - } - for len(encoding) > 0 { - var token string - if next := strings.Index(encoding, ","); next != -1 { - token = encoding[:next] - encoding = encoding[next+1:] - } else { - token = encoding - encoding = "" - } - switch strings.TrimSpace(token) { - case "gzip": - return "gzip" - } - } - return "" -} - -type deferredResponseWriter struct { - mediaType string - statusCode int - contentEncoding string - - hasWritten bool - hw http.ResponseWriter - w io.Writer - - ctx context.Context -} - -func (w *deferredResponseWriter) Write(p []byte) (n int, err error) { - ctx := w.ctx - span := tracing.SpanFromContext(ctx) - // This Step usually wraps in-memory object serialization. - span.AddEvent("About to start writing response", attribute.Int("size", len(p))) - - firstWrite := !w.hasWritten - defer func() { - if err != nil { - span.AddEvent("Write call failed", - attribute.String("writer", fmt.Sprintf("%T", w.w)), - attribute.Int("size", len(p)), - attribute.Bool("firstWrite", firstWrite), - attribute.String("err", err.Error())) - } else { - span.AddEvent("Write call succeeded", - attribute.String("writer", fmt.Sprintf("%T", w.w)), - attribute.Int("size", len(p)), - attribute.Bool("firstWrite", firstWrite)) - } - }() - if w.hasWritten { - return w.w.Write(p) - } - w.hasWritten = true - - hw := w.hw - header := hw.Header() - switch { - case w.contentEncoding == "gzip" && len(p) > defaultGzipThresholdBytes: - header.Set("Content-Encoding", "gzip") - header.Add("Vary", "Accept-Encoding") - - gw := gzipPool.Get().(*gzip.Writer) - gw.Reset(hw) - - w.w = gw - default: - w.w = hw - } - - header.Set("Content-Type", w.mediaType) - hw.WriteHeader(w.statusCode) - return w.w.Write(p) -} - -func (w *deferredResponseWriter) Close() error { - if !w.hasWritten { - return nil - } - var err error - switch t := w.w.(type) { - case *gzip.Writer: - err = t.Close() - t.Reset(nil) - gzipPool.Put(t) - } - return err -} - -// WriteObjectNegotiated renders an object in the content type negotiated by the client. -func WriteObjectNegotiated(s runtime.NegotiatedSerializer, restrictions negotiation.EndpointRestrictions, gv schema.GroupVersion, w http.ResponseWriter, req *http.Request, statusCode int, object runtime.Object, listGVKInContentType bool) { - stream, ok := object.(rest.ResourceStreamer) - if ok { - requestInfo, _ := request.RequestInfoFrom(req.Context()) - metrics.RecordLongRunning(req, requestInfo, metrics.APIServerComponent, func() { - StreamObject(statusCode, gv, s, stream, w, req) - }) - return - } - - mediaType, serializer, err := negotiation.NegotiateOutputMediaType(req, s, restrictions) - if err != nil { - // if original statusCode was not successful we need to return the original error - // we cannot hide it behind negotiation problems - if statusCode < http.StatusOK || statusCode >= http.StatusBadRequest { - WriteRawJSON(int(statusCode), object, w) - return - } - status := ErrorToAPIStatus(err) - WriteRawJSON(int(status.Code), status, w) - return - } - - audit.LogResponseObject(req.Context(), object, gv, s) - - encoder := s.EncoderForVersion(serializer.Serializer, gv) - request.TrackSerializeResponseObjectLatency(req.Context(), func() { - if listGVKInContentType { - SerializeObject(generateMediaTypeWithGVK(serializer.MediaType, mediaType.Convert), encoder, w, req, statusCode, object) - } else { - SerializeObject(serializer.MediaType, encoder, w, req, statusCode, object) - } - }) -} - -func generateMediaTypeWithGVK(mediaType string, gvk *schema.GroupVersionKind) string { - if gvk == nil { - return mediaType - } - if gvk.Group != "" { - mediaType += ";g=" + gvk.Group - } - if gvk.Version != "" { - mediaType += ";v=" + gvk.Version - } - if gvk.Kind != "" { - mediaType += ";as=" + gvk.Kind - } - return mediaType -} - -// ErrorNegotiated renders an error to the response. Returns the HTTP status code of the error. -// The context is optional and may be nil. -func ErrorNegotiated(err error, s runtime.NegotiatedSerializer, gv schema.GroupVersion, w http.ResponseWriter, req *http.Request) int { - status := ErrorToAPIStatus(err) - code := int(status.Code) - // when writing an error, check to see if the status indicates a retry after period - if status.Details != nil && status.Details.RetryAfterSeconds > 0 { - delay := strconv.Itoa(int(status.Details.RetryAfterSeconds)) - w.Header().Set("Retry-After", delay) - } - - if code == http.StatusNoContent { - w.WriteHeader(code) - return code - } - - WriteObjectNegotiated(s, negotiation.DefaultEndpointRestrictions, gv, w, req, code, status, false) - return code -} - -// WriteRawJSON writes a non-API object in JSON. -func WriteRawJSON(statusCode int, object interface{}, w http.ResponseWriter) { - output, err := json.MarshalIndent(object, "", " ") - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(statusCode) - w.Write(output) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/rest.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/rest.go deleted file mode 100644 index f582c668ff..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/rest.go +++ /dev/null @@ -1,477 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "context" - "encoding/hex" - "fmt" - "io" - "io/ioutil" - "net/http" - "net/url" - "strings" - "time" - - grpccodes "google.golang.org/grpc/codes" - grpcstatus "google.golang.org/grpc/status" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - requestmetrics "k8s.io/apiserver/pkg/endpoints/handlers/metrics" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/registry/rest" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/apiserver/pkg/warning" -) - -const ( - // 34 chose as a number close to 30 that is likely to be unique enough to jump out at me the next time I see a timeout. - // Everyone chooses 30. - requestTimeoutUpperBound = 34 * time.Second - // DuplicateOwnerReferencesWarningFormat is the warning that a client receives when a create/update request contains - // duplicate owner reference entries. - DuplicateOwnerReferencesWarningFormat = ".metadata.ownerReferences contains duplicate entries; API server dedups owner references in 1.20+, and may reject such requests as early as 1.24; please fix your requests; duplicate UID(s) observed: %v" - // DuplicateOwnerReferencesAfterMutatingAdmissionWarningFormat indicates the duplication was observed - // after mutating admission. - // NOTE: For CREATE and UPDATE requests the API server dedups both before and after mutating admission. - // For PATCH request the API server only dedups after mutating admission. - DuplicateOwnerReferencesAfterMutatingAdmissionWarningFormat = ".metadata.ownerReferences contains duplicate entries after mutating admission happens; API server dedups owner references in 1.20+, and may reject such requests as early as 1.24; please fix your requests; duplicate UID(s) observed: %v" - // shortPrefix is one possible beginning of yaml unmarshal strict errors. - shortPrefix = "yaml: unmarshal errors:\n" - // longPrefix is the other possible beginning of yaml unmarshal strict errors. - longPrefix = "error converting YAML to JSON: yaml: unmarshal errors:\n" -) - -// RequestScope encapsulates common fields across all RESTful handler methods. -type RequestScope struct { - Namer ScopeNamer - - Serializer runtime.NegotiatedSerializer - runtime.ParameterCodec - - // StandardSerializers, if set, restricts which serializers can be used when - // we aren't transforming the output (into Table or PartialObjectMetadata). - // Used only by CRDs which do not yet support Protobuf. - StandardSerializers []runtime.SerializerInfo - - Creater runtime.ObjectCreater - Convertor runtime.ObjectConvertor - Defaulter runtime.ObjectDefaulter - Typer runtime.ObjectTyper - UnsafeConvertor runtime.ObjectConvertor - Authorizer authorizer.Authorizer - - EquivalentResourceMapper runtime.EquivalentResourceMapper - - TableConvertor rest.TableConvertor - FieldManager *fieldmanager.FieldManager - - Resource schema.GroupVersionResource - Kind schema.GroupVersionKind - - // AcceptsGroupVersionDelegate is an optional delegate that can be queried about whether a given GVK - // can be accepted in create or update requests. If nil, only scope.Kind is accepted. - // Note that this does not enable multi-version support for reads from a single endpoint. - AcceptsGroupVersionDelegate rest.GroupVersionAcceptor - - Subresource string - - MetaGroupVersion schema.GroupVersion - - // HubGroupVersion indicates what version objects read from etcd or incoming requests should be converted to for in-memory handling. - HubGroupVersion schema.GroupVersion - - MaxRequestBodyBytes int64 -} - -func (scope *RequestScope) err(err error, w http.ResponseWriter, req *http.Request) { - responsewriters.ErrorNegotiated(err, scope.Serializer, scope.Kind.GroupVersion(), w, req) -} - -// AcceptsGroupVersion returns true if the specified GroupVersion is allowed -// in create and update requests. -func (scope *RequestScope) AcceptsGroupVersion(gv schema.GroupVersion) bool { - // If there's a custom acceptor, delegate to it. This is extremely rare. - if scope.AcceptsGroupVersionDelegate != nil { - return scope.AcceptsGroupVersionDelegate.AcceptsGroupVersion(gv) - } - // Fall back to only allowing the singular Kind. This is the typical behavior. - return gv == scope.Kind.GroupVersion() -} - -func (scope *RequestScope) AllowsMediaTypeTransform(mimeType, mimeSubType string, gvk *schema.GroupVersionKind) bool { - // some handlers like CRDs can't serve all the mime types that PartialObjectMetadata or Table can - if - // gvk is nil (no conversion) allow StandardSerializers to further restrict the set of mime types. - if gvk == nil { - if len(scope.StandardSerializers) == 0 { - return true - } - for _, info := range scope.StandardSerializers { - if info.MediaTypeType == mimeType && info.MediaTypeSubType == mimeSubType { - return true - } - } - return false - } - - // TODO: this is temporary, replace with an abstraction calculated at endpoint installation time - if gvk.GroupVersion() == metav1beta1.SchemeGroupVersion || gvk.GroupVersion() == metav1.SchemeGroupVersion { - switch gvk.Kind { - case "Table": - return scope.TableConvertor != nil && - mimeType == "application" && - (mimeSubType == "json" || mimeSubType == "yaml") - case "PartialObjectMetadata", "PartialObjectMetadataList": - // TODO: should delineate between lists and non-list endpoints - return true - default: - return false - } - } - return false -} - -func (scope *RequestScope) AllowsServerVersion(version string) bool { - return version == scope.MetaGroupVersion.Version -} - -func (scope *RequestScope) AllowsStreamSchema(s string) bool { - return s == "watch" -} - -var _ admission.ObjectInterfaces = &RequestScope{} - -func (r *RequestScope) GetObjectCreater() runtime.ObjectCreater { return r.Creater } -func (r *RequestScope) GetObjectTyper() runtime.ObjectTyper { return r.Typer } -func (r *RequestScope) GetObjectDefaulter() runtime.ObjectDefaulter { return r.Defaulter } -func (r *RequestScope) GetObjectConvertor() runtime.ObjectConvertor { return r.Convertor } -func (r *RequestScope) GetEquivalentResourceMapper() runtime.EquivalentResourceMapper { - return r.EquivalentResourceMapper -} - -// ConnectResource returns a function that handles a connect request on a rest.Storage object. -func ConnectResource(connecter rest.Connecter, scope *RequestScope, admit admission.Interface, restPath string, isSubresource bool) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - if isDryRun(req.URL) { - scope.err(errors.NewBadRequest("dryRun is not supported"), w, req) - return - } - - namespace, name, err := scope.Namer.Name(req) - if err != nil { - scope.err(err, w, req) - return - } - ctx := req.Context() - ctx = request.WithNamespace(ctx, namespace) - admit = admission.WithAudit(admit) - - opts, subpath, subpathKey := connecter.NewConnectOptions() - if err := getRequestOptions(req, scope, opts, subpath, subpathKey, isSubresource); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - if admit != nil && admit.Handles(admission.Connect) { - userInfo, _ := request.UserFrom(ctx) - // TODO: remove the mutating admission here as soon as we have ported all plugin that handle CONNECT - if mutatingAdmission, ok := admit.(admission.MutationInterface); ok { - err = mutatingAdmission.Admit(ctx, admission.NewAttributesRecord(opts, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Connect, nil, false, userInfo), scope) - if err != nil { - scope.err(err, w, req) - return - } - } - if validatingAdmission, ok := admit.(admission.ValidationInterface); ok { - err = validatingAdmission.Validate(ctx, admission.NewAttributesRecord(opts, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Connect, nil, false, userInfo), scope) - if err != nil { - scope.err(err, w, req) - return - } - } - } - requestInfo, _ := request.RequestInfoFrom(ctx) - metrics.RecordLongRunning(req, requestInfo, metrics.APIServerComponent, func() { - handler, err := connecter.Connect(ctx, name, opts, &responder{scope: scope, req: req, w: w}) - if err != nil { - scope.err(err, w, req) - return - } - handler.ServeHTTP(w, req) - }) - } -} - -// responder implements rest.Responder for assisting a connector in writing objects or errors. -type responder struct { - scope *RequestScope - req *http.Request - w http.ResponseWriter -} - -func (r *responder) Object(statusCode int, obj runtime.Object) { - responsewriters.WriteObjectNegotiated(r.scope.Serializer, r.scope, r.scope.Kind.GroupVersion(), r.w, r.req, statusCode, obj, false) -} - -func (r *responder) Error(err error) { - r.scope.err(err, r.w, r.req) -} - -// transformDecodeError adds additional information into a bad-request api error when a decode fails. -func transformDecodeError(typer runtime.ObjectTyper, baseErr error, into runtime.Object, gvk *schema.GroupVersionKind, body []byte) error { - objGVKs, _, err := typer.ObjectKinds(into) - if err != nil { - return errors.NewBadRequest(err.Error()) - } - objGVK := objGVKs[0] - if gvk != nil && len(gvk.Kind) > 0 { - return errors.NewBadRequest(fmt.Sprintf("%s in version %q cannot be handled as a %s: %v", gvk.Kind, gvk.Version, objGVK.Kind, baseErr)) - } - summary := summarizeData(body, 30) - return errors.NewBadRequest(fmt.Sprintf("the object provided is unrecognized (must be of type %s): %v (%s)", objGVK.Kind, baseErr, summary)) -} - -func hasUID(obj runtime.Object) (bool, error) { - if obj == nil { - return false, nil - } - accessor, err := meta.Accessor(obj) - if err != nil { - return false, errors.NewInternalError(err) - } - if len(accessor.GetUID()) == 0 { - return false, nil - } - return true, nil -} - -// checkName checks the provided name against the request -func checkName(obj runtime.Object, name, namespace string, namer ScopeNamer) error { - objNamespace, objName, err := namer.ObjectName(obj) - if err != nil { - return errors.NewBadRequest(fmt.Sprintf( - "the name of the object (%s based on URL) was undeterminable: %v", name, err)) - } - if objName != name { - return errors.NewBadRequest(fmt.Sprintf( - "the name of the object (%s) does not match the name on the URL (%s)", objName, name)) - } - if len(namespace) > 0 { - if len(objNamespace) > 0 && objNamespace != namespace { - return errors.NewBadRequest(fmt.Sprintf( - "the namespace of the object (%s) does not match the namespace on the request (%s)", objNamespace, namespace)) - } - } - - return nil -} - -// dedupOwnerReferences dedups owner references over the entire entry. -// NOTE: We don't know enough about the existing cases of owner references -// sharing the same UID but different fields. Nor do we know what might break. -// In the future we may just dedup/reject owner references with the same UID. -func dedupOwnerReferences(refs []metav1.OwnerReference) ([]metav1.OwnerReference, []string) { - var result []metav1.OwnerReference - var duplicates []string - seen := make(map[types.UID]struct{}) - for _, ref := range refs { - _, ok := seen[ref.UID] - // Short-circuit if we haven't seen the UID before. Otherwise - // check the entire list we have so far. - if !ok || !hasOwnerReference(result, ref) { - seen[ref.UID] = struct{}{} - result = append(result, ref) - } else { - duplicates = append(duplicates, string(ref.UID)) - } - } - return result, duplicates -} - -// hasOwnerReference returns true if refs has an item equal to ref. The function -// focuses on semantic equality instead of memory equality, to catch duplicates -// with different pointer addresses. The function uses apiequality.Semantic -// instead of implementing its own comparison, to tolerate API changes to -// metav1.OwnerReference. -// NOTE: This is expensive, but we accept it because we've made sure it only -// happens to owner references containing duplicate UIDs, plus typically the -// number of items in the list should be small. -func hasOwnerReference(refs []metav1.OwnerReference, ref metav1.OwnerReference) bool { - for _, r := range refs { - if apiequality.Semantic.DeepEqual(r, ref) { - return true - } - } - return false -} - -// dedupOwnerReferencesAndAddWarning dedups owner references in the object metadata. -// If duplicates are found, the function records a warning to the provided context. -func dedupOwnerReferencesAndAddWarning(obj runtime.Object, requestContext context.Context, afterMutatingAdmission bool) { - accessor, err := meta.Accessor(obj) - if err != nil { - // The object doesn't have metadata. Nothing we need to do here. - return - } - refs := accessor.GetOwnerReferences() - deduped, duplicates := dedupOwnerReferences(refs) - if len(duplicates) > 0 { - // NOTE: For CREATE and UPDATE requests the API server dedups both before and after mutating admission. - // For PATCH request the API server only dedups after mutating admission. - format := DuplicateOwnerReferencesWarningFormat - if afterMutatingAdmission { - format = DuplicateOwnerReferencesAfterMutatingAdmissionWarningFormat - } - warning.AddWarning(requestContext, "", fmt.Sprintf(format, - strings.Join(duplicates, ", "))) - accessor.SetOwnerReferences(deduped) - } -} - -func summarizeData(data []byte, maxLength int) string { - switch { - case len(data) == 0: - return "<empty>" - case data[0] == '{': - if len(data) > maxLength { - return string(data[:maxLength]) + " ..." - } - return string(data) - default: - if len(data) > maxLength { - return hex.EncodeToString(data[:maxLength]) + " ..." - } - return hex.EncodeToString(data) - } -} - -func limitedReadBody(req *http.Request, limit int64) ([]byte, error) { - defer req.Body.Close() - if limit <= 0 { - return ioutil.ReadAll(req.Body) - } - lr := &io.LimitedReader{ - R: req.Body, - N: limit + 1, - } - data, err := ioutil.ReadAll(lr) - if err != nil { - return nil, err - } - if lr.N <= 0 { - return nil, errors.NewRequestEntityTooLargeError(fmt.Sprintf("limit is %d", limit)) - } - return data, nil -} - -func limitedReadBodyWithRecordMetric(ctx context.Context, req *http.Request, limit int64, resourceGroup string, verb requestmetrics.RequestBodyVerb) ([]byte, error) { - readBody, err := limitedReadBody(req, limit) - if err == nil { - // only record if we've read successfully - requestmetrics.RecordRequestBodySize(ctx, resourceGroup, verb, len(readBody)) - } - return readBody, err -} - -func isDryRun(url *url.URL) bool { - return len(url.Query()["dryRun"]) != 0 -} - -// fieldValidation checks that the field validation feature is enabled -// and returns a valid directive of either -// - Ignore (default when feature is disabled) -// - Warn (default when feature is enabled) -// - Strict -func fieldValidation(directive string) string { - if !utilfeature.DefaultFeatureGate.Enabled(features.ServerSideFieldValidation) { - return metav1.FieldValidationIgnore - } - if directive == "" { - return metav1.FieldValidationWarn - } - return directive -} - -// parseYAMLWarnings takes the strict decoding errors from the yaml decoder's output -// and parses each individual warnings, or leaves the warning as is if -// it does not look like a yaml strict decoding error. -func parseYAMLWarnings(errString string) []string { - var trimmedString string - if trimmedShortString := strings.TrimPrefix(errString, shortPrefix); len(trimmedShortString) < len(errString) { - trimmedString = trimmedShortString - } else if trimmedLongString := strings.TrimPrefix(errString, longPrefix); len(trimmedLongString) < len(errString) { - trimmedString = trimmedLongString - } else { - // not a yaml error, return as-is - return []string{errString} - } - - splitStrings := strings.Split(trimmedString, "\n") - for i, s := range splitStrings { - splitStrings[i] = strings.TrimSpace(s) - } - return splitStrings -} - -// addStrictDecodingWarnings confirms that the error is a strict decoding error -// and if so adds a warning for each strict decoding violation. -func addStrictDecodingWarnings(requestContext context.Context, errs []error) { - for _, e := range errs { - yamlWarnings := parseYAMLWarnings(e.Error()) - for _, w := range yamlWarnings { - warning.AddWarning(requestContext, "", w) - } - } -} - -type etcdError interface { - Code() grpccodes.Code - Error() string -} - -type grpcError interface { - GRPCStatus() *grpcstatus.Status -} - -func isTooLargeError(err error) bool { - if err != nil { - if etcdErr, ok := err.(etcdError); ok { - if etcdErr.Code() == grpccodes.InvalidArgument && etcdErr.Error() == "etcdserver: request is too large" { - return true - } - } - if grpcErr, ok := err.(grpcError); ok { - if grpcErr.GRPCStatus().Code() == grpccodes.ResourceExhausted && strings.Contains(grpcErr.GRPCStatus().Message(), "trying to send message larger than max") { - return true - } - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/trace_util.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/trace_util.go deleted file mode 100644 index 7d273d6224..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/trace_util.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "net/http" - - "go.opentelemetry.io/otel/attribute" -) - -func traceFields(req *http.Request) []attribute.KeyValue { - return []attribute.KeyValue{ - attribute.Stringer("accept", &lazyAccept{req: req}), - attribute.Stringer("audit-id", &lazyAuditID{req: req}), - attribute.Stringer("client", &lazyClientIP{req: req}), - attribute.String("protocol", req.Proto), - attribute.Stringer("resource", &lazyResource{req: req}), - attribute.Stringer("scope", &lazyScope{req: req}), - attribute.String("url", req.URL.Path), - attribute.Stringer("user-agent", &lazyTruncatedUserAgent{req: req}), - attribute.Stringer("verb", &lazyVerb{req: req}), - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/update.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/update.go deleted file mode 100644 index 630c97cdcd..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/update.go +++ /dev/null @@ -1,311 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "context" - "fmt" - "net/http" - "sync" - "time" - - "go.opentelemetry.io/otel/attribute" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metainternalversionscheme "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - "k8s.io/apiserver/pkg/endpoints/handlers/finisher" - requestmetrics "k8s.io/apiserver/pkg/endpoints/handlers/metrics" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" -) - -// UpdateResource returns a function that will handle a resource update -func UpdateResource(r rest.Updater, scope *RequestScope, admit admission.Interface) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - // For performance tracking purposes. - ctx, span := tracing.Start(ctx, "Update", traceFields(req)...) - defer span.End(500 * time.Millisecond) - - namespace, name, err := scope.Namer.Name(req) - if err != nil { - scope.err(err, w, req) - return - } - - // enforce a timeout of at most requestTimeoutUpperBound (34s) or less if the user-provided - // timeout inside the parent context is lower than requestTimeoutUpperBound. - ctx, cancel := context.WithTimeout(ctx, requestTimeoutUpperBound) - defer cancel() - - ctx = request.WithNamespace(ctx, namespace) - - outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - - body, err := limitedReadBodyWithRecordMetric(ctx, req, scope.MaxRequestBodyBytes, scope.Resource.GroupResource().String(), requestmetrics.Update) - if err != nil { - span.AddEvent("limitedReadBody failed", attribute.Int("len", len(body)), attribute.String("err", err.Error())) - scope.err(err, w, req) - return - } - span.AddEvent("limitedReadBody succeeded", attribute.Int("len", len(body))) - - options := &metav1.UpdateOptions{} - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, options); err != nil { - err = errors.NewBadRequest(err.Error()) - scope.err(err, w, req) - return - } - if errs := validation.ValidateUpdateOptions(options); len(errs) > 0 { - err := errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "UpdateOptions"}, "", errs) - scope.err(err, w, req) - return - } - options.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("UpdateOptions")) - - s, err := negotiation.NegotiateInputSerializer(req, false, scope.Serializer) - if err != nil { - scope.err(err, w, req) - return - } - defaultGVK := scope.Kind - original := r.New() - - validationDirective := fieldValidation(options.FieldValidation) - decodeSerializer := s.Serializer - if validationDirective == metav1.FieldValidationWarn || validationDirective == metav1.FieldValidationStrict { - decodeSerializer = s.StrictSerializer - } - - decoder := scope.Serializer.DecoderToVersion(decodeSerializer, scope.HubGroupVersion) - span.AddEvent("About to convert to expected version") - obj, gvk, err := decoder.Decode(body, &defaultGVK, original) - if err != nil { - strictError, isStrictError := runtime.AsStrictDecodingError(err) - switch { - case isStrictError && obj != nil && validationDirective == metav1.FieldValidationWarn: - addStrictDecodingWarnings(req.Context(), strictError.Errors()) - case isStrictError && validationDirective == metav1.FieldValidationIgnore: - klog.Warningf("unexpected strict error when field validation is set to ignore") - fallthrough - default: - err = transformDecodeError(scope.Typer, err, original, gvk, body) - scope.err(err, w, req) - return - } - } - - objGV := gvk.GroupVersion() - if !scope.AcceptsGroupVersion(objGV) { - err = errors.NewBadRequest(fmt.Sprintf("the API version in the data (%s) does not match the expected API version (%s)", objGV, defaultGVK.GroupVersion())) - scope.err(err, w, req) - return - } - span.AddEvent("Conversion done") - - audit.LogRequestObject(req.Context(), obj, objGV, scope.Resource, scope.Subresource, scope.Serializer) - admit = admission.WithAudit(admit) - - // if this object supports namespace info - if objectMeta, err := meta.Accessor(obj); err == nil { - // ensure namespace on the object is correct, or error if a conflicting namespace was set in the object - if err := rest.EnsureObjectNamespaceMatchesRequestNamespace(rest.ExpectedNamespaceForResource(namespace, scope.Resource), objectMeta); err != nil { - scope.err(err, w, req) - return - } - } - - if err := checkName(obj, name, namespace, scope.Namer); err != nil { - scope.err(err, w, req) - return - } - - userInfo, _ := request.UserFrom(ctx) - transformers := []rest.TransformFunc{} - - // allows skipping managedFields update if the resulting object is too big - shouldUpdateManagedFields := true - if scope.FieldManager != nil { - admit = fieldmanager.NewManagedFieldsValidatingAdmissionController(admit) - transformers = append(transformers, func(_ context.Context, newObj, liveObj runtime.Object) (runtime.Object, error) { - if shouldUpdateManagedFields { - return scope.FieldManager.UpdateNoErrors(liveObj, newObj, managerOrUserAgent(options.FieldManager, req.UserAgent())), nil - } - return newObj, nil - }) - } - - if mutatingAdmission, ok := admit.(admission.MutationInterface); ok { - transformers = append(transformers, func(ctx context.Context, newObj, oldObj runtime.Object) (runtime.Object, error) { - isNotZeroObject, err := hasUID(oldObj) - if err != nil { - return nil, fmt.Errorf("unexpected error when extracting UID from oldObj: %v", err.Error()) - } else if !isNotZeroObject { - if mutatingAdmission.Handles(admission.Create) { - return newObj, mutatingAdmission.Admit(ctx, admission.NewAttributesRecord(newObj, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, updateToCreateOptions(options), dryrun.IsDryRun(options.DryRun), userInfo), scope) - } - } else { - if mutatingAdmission.Handles(admission.Update) { - return newObj, mutatingAdmission.Admit(ctx, admission.NewAttributesRecord(newObj, oldObj, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, options, dryrun.IsDryRun(options.DryRun), userInfo), scope) - } - } - return newObj, nil - }) - transformers = append(transformers, func(ctx context.Context, newObj, oldObj runtime.Object) (runtime.Object, error) { - // Dedup owner references again after mutating admission happens - dedupOwnerReferencesAndAddWarning(newObj, req.Context(), true) - return newObj, nil - }) - } - - // Ignore changes that only affect managed fields - // timestamps. FieldManager can't know about changes - // like normalized fields, defaulted fields and other - // mutations. - // Only makes sense when SSA field manager is being used - if scope.FieldManager != nil { - transformers = append(transformers, fieldmanager.IgnoreManagedFieldsTimestampsTransformer) - } - - createAuthorizerAttributes := authorizer.AttributesRecord{ - User: userInfo, - ResourceRequest: true, - Path: req.URL.Path, - Verb: "create", - APIGroup: scope.Resource.Group, - APIVersion: scope.Resource.Version, - Resource: scope.Resource.Resource, - Subresource: scope.Subresource, - Namespace: namespace, - Name: name, - } - - span.AddEvent("About to store object in database") - wasCreated := false - requestFunc := func() (runtime.Object, error) { - obj, created, err := r.Update( - ctx, - name, - rest.DefaultUpdatedObjectInfo(obj, transformers...), - withAuthorization(rest.AdmissionToValidateObjectFunc( - admit, - admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, updateToCreateOptions(options), dryrun.IsDryRun(options.DryRun), userInfo), scope), - scope.Authorizer, createAuthorizerAttributes), - rest.AdmissionToValidateObjectUpdateFunc( - admit, - admission.NewAttributesRecord(nil, nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, options, dryrun.IsDryRun(options.DryRun), userInfo), scope), - false, - options, - ) - wasCreated = created - return obj, err - } - // Dedup owner references before updating managed fields - dedupOwnerReferencesAndAddWarning(obj, req.Context(), false) - result, err := finisher.FinishRequest(ctx, func() (runtime.Object, error) { - result, err := requestFunc() - // If the object wasn't committed to storage because it's serialized size was too large, - // it is safe to remove managedFields (which can be large) and try again. - if isTooLargeError(err) && scope.FieldManager != nil { - if accessor, accessorErr := meta.Accessor(obj); accessorErr == nil { - accessor.SetManagedFields(nil) - shouldUpdateManagedFields = false - result, err = requestFunc() - } - } - return result, err - }) - if err != nil { - span.AddEvent("Write to database call failed", attribute.Int("len", len(body)), attribute.String("err", err.Error())) - scope.err(err, w, req) - return - } - span.AddEvent("Write to database call succeeded", attribute.Int("len", len(body))) - - status := http.StatusOK - if wasCreated { - status = http.StatusCreated - } - - span.AddEvent("About to write a response") - defer span.AddEvent("Writing http response done") - transformResponseObject(ctx, scope, req, w, status, outputMediaType, result) - } -} - -func withAuthorization(validate rest.ValidateObjectFunc, a authorizer.Authorizer, attributes authorizer.Attributes) rest.ValidateObjectFunc { - var once sync.Once - var authorizerDecision authorizer.Decision - var authorizerReason string - var authorizerErr error - return func(ctx context.Context, obj runtime.Object) error { - if a == nil { - return errors.NewInternalError(fmt.Errorf("no authorizer provided, unable to authorize a create on update")) - } - once.Do(func() { - authorizerDecision, authorizerReason, authorizerErr = a.Authorize(ctx, attributes) - }) - // an authorizer like RBAC could encounter evaluation errors and still allow the request, so authorizer decision is checked before error here. - if authorizerDecision == authorizer.DecisionAllow { - // Continue to validating admission - return validate(ctx, obj) - } - if authorizerErr != nil { - return errors.NewInternalError(authorizerErr) - } - - // The user is not authorized to perform this action, so we need to build the error response - gr := schema.GroupResource{ - Group: attributes.GetAPIGroup(), - Resource: attributes.GetResource(), - } - name := attributes.GetName() - err := fmt.Errorf("%v", authorizerReason) - return errors.NewForbidden(gr, name, err) - } -} - -// updateToCreateOptions creates a CreateOptions with the same field values as the provided UpdateOptions. -func updateToCreateOptions(uo *metav1.UpdateOptions) *metav1.CreateOptions { - if uo == nil { - return nil - } - co := &metav1.CreateOptions{ - DryRun: uo.DryRun, - FieldManager: uo.FieldManager, - FieldValidation: uo.FieldValidation, - } - co.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("CreateOptions")) - return co -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/watch.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/watch.go deleted file mode 100644 index 9b8917caaf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/handlers/watch.go +++ /dev/null @@ -1,356 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handlers - -import ( - "bytes" - "fmt" - "io" - "net/http" - "reflect" - "time" - - "golang.org/x/net/websocket" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer/streaming" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/util/wsstream" -) - -// nothing will ever be sent down this channel -var neverExitWatch <-chan time.Time = make(chan time.Time) - -// timeoutFactory abstracts watch timeout logic for testing -type TimeoutFactory interface { - TimeoutCh() (<-chan time.Time, func() bool) -} - -// realTimeoutFactory implements timeoutFactory -type realTimeoutFactory struct { - timeout time.Duration -} - -// TimeoutCh returns a channel which will receive something when the watch times out, -// and a cleanup function to call when this happens. -func (w *realTimeoutFactory) TimeoutCh() (<-chan time.Time, func() bool) { - if w.timeout == 0 { - return neverExitWatch, func() bool { return false } - } - t := time.NewTimer(w.timeout) - return t.C, t.Stop -} - -// serveWatch will serve a watch response. -// TODO: the functionality in this method and in WatchServer.Serve is not cleanly decoupled. -func serveWatch(watcher watch.Interface, scope *RequestScope, mediaTypeOptions negotiation.MediaTypeOptions, req *http.Request, w http.ResponseWriter, timeout time.Duration) { - defer watcher.Stop() - - options, err := optionsForTransform(mediaTypeOptions, req) - if err != nil { - scope.err(err, w, req) - return - } - - // negotiate for the stream serializer from the scope's serializer - serializer, err := negotiation.NegotiateOutputMediaTypeStream(req, scope.Serializer, scope) - if err != nil { - scope.err(err, w, req) - return - } - framer := serializer.StreamSerializer.Framer - streamSerializer := serializer.StreamSerializer.Serializer - encoder := scope.Serializer.EncoderForVersion(streamSerializer, scope.Kind.GroupVersion()) - useTextFraming := serializer.EncodesAsText - if framer == nil { - scope.err(fmt.Errorf("no framer defined for %q available for embedded encoding", serializer.MediaType), w, req) - return - } - // TODO: next step, get back mediaTypeOptions from negotiate and return the exact value here - mediaType := serializer.MediaType - if mediaType != runtime.ContentTypeJSON { - mediaType += ";stream=watch" - } - - // locate the appropriate embedded encoder based on the transform - var embeddedEncoder runtime.Encoder - contentKind, contentSerializer, transform := targetEncodingForTransform(scope, mediaTypeOptions, req) - if transform { - info, ok := runtime.SerializerInfoForMediaType(contentSerializer.SupportedMediaTypes(), serializer.MediaType) - if !ok { - scope.err(fmt.Errorf("no encoder for %q exists in the requested target %#v", serializer.MediaType, contentSerializer), w, req) - return - } - embeddedEncoder = contentSerializer.EncoderForVersion(info.Serializer, contentKind.GroupVersion()) - } else { - embeddedEncoder = scope.Serializer.EncoderForVersion(serializer.Serializer, contentKind.GroupVersion()) - } - - ctx := req.Context() - - server := &WatchServer{ - Watching: watcher, - Scope: scope, - - UseTextFraming: useTextFraming, - MediaType: mediaType, - Framer: framer, - Encoder: encoder, - EmbeddedEncoder: embeddedEncoder, - - Fixup: func(obj runtime.Object) runtime.Object { - result, err := transformObject(ctx, obj, options, mediaTypeOptions, scope, req) - if err != nil { - utilruntime.HandleError(fmt.Errorf("failed to transform object %v: %v", reflect.TypeOf(obj), err)) - return obj - } - // When we are transformed to a table, use the table options as the state for whether we - // should print headers - on watch, we only want to print table headers on the first object - // and omit them on subsequent events. - if tableOptions, ok := options.(*metav1.TableOptions); ok { - tableOptions.NoHeaders = true - } - return result - }, - - TimeoutFactory: &realTimeoutFactory{timeout}, - } - - server.ServeHTTP(w, req) -} - -// WatchServer serves a watch.Interface over a websocket or vanilla HTTP. -type WatchServer struct { - Watching watch.Interface - Scope *RequestScope - - // true if websocket messages should use text framing (as opposed to binary framing) - UseTextFraming bool - // the media type this watch is being served with - MediaType string - // used to frame the watch stream - Framer runtime.Framer - // used to encode the watch stream event itself - Encoder runtime.Encoder - // used to encode the nested object in the watch stream - EmbeddedEncoder runtime.Encoder - // used to correct the object before we send it to the serializer - Fixup func(runtime.Object) runtime.Object - - TimeoutFactory TimeoutFactory -} - -// ServeHTTP serves a series of encoded events via HTTP with Transfer-Encoding: chunked -// or over a websocket connection. -func (s *WatchServer) ServeHTTP(w http.ResponseWriter, req *http.Request) { - kind := s.Scope.Kind - - if wsstream.IsWebSocketRequest(req) { - w.Header().Set("Content-Type", s.MediaType) - websocket.Handler(s.HandleWS).ServeHTTP(w, req) - return - } - - flusher, ok := w.(http.Flusher) - if !ok { - err := fmt.Errorf("unable to start watch - can't get http.Flusher: %#v", w) - utilruntime.HandleError(err) - s.Scope.err(errors.NewInternalError(err), w, req) - return - } - - framer := s.Framer.NewFrameWriter(w) - if framer == nil { - // programmer error - err := fmt.Errorf("no stream framing support is available for media type %q", s.MediaType) - utilruntime.HandleError(err) - s.Scope.err(errors.NewBadRequest(err.Error()), w, req) - return - } - - var e streaming.Encoder - var memoryAllocator runtime.MemoryAllocator - - if encoder, supportsAllocator := s.Encoder.(runtime.EncoderWithAllocator); supportsAllocator { - memoryAllocator = runtime.AllocatorPool.Get().(*runtime.Allocator) - defer runtime.AllocatorPool.Put(memoryAllocator) - e = streaming.NewEncoderWithAllocator(framer, encoder, memoryAllocator) - } else { - e = streaming.NewEncoder(framer, s.Encoder) - } - - // ensure the connection times out - timeoutCh, cleanup := s.TimeoutFactory.TimeoutCh() - defer cleanup() - - // begin the stream - w.Header().Set("Content-Type", s.MediaType) - w.Header().Set("Transfer-Encoding", "chunked") - w.WriteHeader(http.StatusOK) - flusher.Flush() - - var unknown runtime.Unknown - internalEvent := &metav1.InternalEvent{} - outEvent := &metav1.WatchEvent{} - buf := &bytes.Buffer{} - ch := s.Watching.ResultChan() - done := req.Context().Done() - - embeddedEncodeFn := s.EmbeddedEncoder.Encode - if encoder, supportsAllocator := s.EmbeddedEncoder.(runtime.EncoderWithAllocator); supportsAllocator { - if memoryAllocator == nil { - // don't put the allocator inside the embeddedEncodeFn as that would allocate memory on every call. - // instead, we allocate the buffer for the entire watch session and release it when we close the connection. - memoryAllocator = runtime.AllocatorPool.Get().(*runtime.Allocator) - defer runtime.AllocatorPool.Put(memoryAllocator) - } - embeddedEncodeFn = func(obj runtime.Object, w io.Writer) error { - return encoder.EncodeWithAllocator(obj, w, memoryAllocator) - } - } - - for { - select { - case <-done: - return - case <-timeoutCh: - return - case event, ok := <-ch: - if !ok { - // End of results. - return - } - metrics.WatchEvents.WithContext(req.Context()).WithLabelValues(kind.Group, kind.Version, kind.Kind).Inc() - - obj := s.Fixup(event.Object) - if err := embeddedEncodeFn(obj, buf); err != nil { - // unexpected error - utilruntime.HandleError(fmt.Errorf("unable to encode watch object %T: %v", obj, err)) - return - } - - // ContentType is not required here because we are defaulting to the serializer - // type - unknown.Raw = buf.Bytes() - event.Object = &unknown - metrics.WatchEventsSizes.WithContext(req.Context()).WithLabelValues(kind.Group, kind.Version, kind.Kind).Observe(float64(len(unknown.Raw))) - - *outEvent = metav1.WatchEvent{} - - // create the external type directly and encode it. Clients will only recognize the serialization we provide. - // The internal event is being reused, not reallocated so its just a few extra assignments to do it this way - // and we get the benefit of using conversion functions which already have to stay in sync - *internalEvent = metav1.InternalEvent(event) - err := metav1.Convert_v1_InternalEvent_To_v1_WatchEvent(internalEvent, outEvent, nil) - if err != nil { - utilruntime.HandleError(fmt.Errorf("unable to convert watch object: %v", err)) - // client disconnect. - return - } - if err := e.Encode(outEvent); err != nil { - utilruntime.HandleError(fmt.Errorf("unable to encode watch object %T: %v (%#v)", outEvent, err, e)) - // client disconnect. - return - } - if len(ch) == 0 { - flusher.Flush() - } - - buf.Reset() - } - } -} - -// HandleWS implements a websocket handler. -func (s *WatchServer) HandleWS(ws *websocket.Conn) { - defer ws.Close() - done := make(chan struct{}) - - go func() { - defer utilruntime.HandleCrash() - // This blocks until the connection is closed. - // Client should not send anything. - wsstream.IgnoreReceives(ws, 0) - // Once the client closes, we should also close - close(done) - }() - - var unknown runtime.Unknown - internalEvent := &metav1.InternalEvent{} - buf := &bytes.Buffer{} - streamBuf := &bytes.Buffer{} - ch := s.Watching.ResultChan() - - for { - select { - case <-done: - return - case event, ok := <-ch: - if !ok { - // End of results. - return - } - obj := s.Fixup(event.Object) - if err := s.EmbeddedEncoder.Encode(obj, buf); err != nil { - // unexpected error - utilruntime.HandleError(fmt.Errorf("unable to encode watch object %T: %v", obj, err)) - return - } - - // ContentType is not required here because we are defaulting to the serializer - // type - unknown.Raw = buf.Bytes() - event.Object = &unknown - - // the internal event will be versioned by the encoder - // create the external type directly and encode it. Clients will only recognize the serialization we provide. - // The internal event is being reused, not reallocated so its just a few extra assignments to do it this way - // and we get the benefit of using conversion functions which already have to stay in sync - outEvent := &metav1.WatchEvent{} - *internalEvent = metav1.InternalEvent(event) - err := metav1.Convert_v1_InternalEvent_To_v1_WatchEvent(internalEvent, outEvent, nil) - if err != nil { - utilruntime.HandleError(fmt.Errorf("unable to convert watch object: %v", err)) - // client disconnect. - return - } - if err := s.Encoder.Encode(outEvent, streamBuf); err != nil { - // encoding error - utilruntime.HandleError(fmt.Errorf("unable to encode event: %v", err)) - return - } - if s.UseTextFraming { - if err := websocket.Message.Send(ws, streamBuf.String()); err != nil { - // Client disconnect. - return - } - } else { - if err := websocket.Message.Send(ws, streamBuf.Bytes()); err != nil { - // Client disconnect. - return - } - } - buf.Reset() - streamBuf.Reset() - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/installer.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/installer.go deleted file mode 100644 index b0af449f09..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/installer.go +++ /dev/null @@ -1,1314 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package endpoints - -import ( - "fmt" - "net/http" - "reflect" - "sort" - "strings" - "time" - "unicode" - - restful "github.com/emicklei/go-restful/v3" - apidiscoveryv2beta1 "k8s.io/api/apidiscovery/v2beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/endpoints/deprecation" - "k8s.io/apiserver/pkg/endpoints/discovery" - "k8s.io/apiserver/pkg/endpoints/handlers" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - "k8s.io/apiserver/pkg/endpoints/handlers/negotiation" - "k8s.io/apiserver/pkg/endpoints/metrics" - utilwarning "k8s.io/apiserver/pkg/endpoints/warning" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storageversion" - utilfeature "k8s.io/apiserver/pkg/util/feature" - versioninfo "k8s.io/component-base/version" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -const ( - ROUTE_META_GVK = "x-kubernetes-group-version-kind" - ROUTE_META_ACTION = "x-kubernetes-action" -) - -type APIInstaller struct { - group *APIGroupVersion - prefix string // Path prefix where API resources are to be registered. - minRequestTimeout time.Duration -} - -// Struct capturing information about an action ("GET", "POST", "WATCH", "PROXY", etc). -type action struct { - Verb string // Verb identifying the action ("GET", "POST", "WATCH", "PROXY", etc). - Path string // The path of the action - Params []*restful.Parameter // List of parameters associated with the action. - Namer handlers.ScopeNamer - AllNamespaces bool // true iff the action is namespaced but works on aggregate result for all namespaces -} - -func ConvertGroupVersionIntoToDiscovery(list []metav1.APIResource) ([]apidiscoveryv2beta1.APIResourceDiscovery, error) { - var apiResourceList []apidiscoveryv2beta1.APIResourceDiscovery - parentResources := make(map[string]int) - - // Loop through all top-level resources - for _, r := range list { - if strings.Contains(r.Name, "/") { - // Skip subresources for now so we can get the list of resources - continue - } - - var scope apidiscoveryv2beta1.ResourceScope - if r.Namespaced { - scope = apidiscoveryv2beta1.ScopeNamespace - } else { - scope = apidiscoveryv2beta1.ScopeCluster - } - - resource := apidiscoveryv2beta1.APIResourceDiscovery{ - Resource: r.Name, - Scope: scope, - ResponseKind: &metav1.GroupVersionKind{ - Group: r.Group, - Version: r.Version, - Kind: r.Kind, - }, - Verbs: r.Verbs, - ShortNames: r.ShortNames, - Categories: r.Categories, - SingularResource: r.SingularName, - } - apiResourceList = append(apiResourceList, resource) - parentResources[r.Name] = len(apiResourceList) - 1 - } - - // Loop through all subresources - for _, r := range list { - // Split resource name and subresource name - split := strings.SplitN(r.Name, "/", 2) - - if len(split) != 2 { - // Skip parent resources - continue - } - - var scope apidiscoveryv2beta1.ResourceScope - if r.Namespaced { - scope = apidiscoveryv2beta1.ScopeNamespace - } else { - scope = apidiscoveryv2beta1.ScopeCluster - } - - parentidx, exists := parentResources[split[0]] - if !exists { - // If a subresource exists without a parent, create a parent - apiResourceList = append(apiResourceList, apidiscoveryv2beta1.APIResourceDiscovery{ - Resource: split[0], - Scope: scope, - }) - parentidx = len(apiResourceList) - 1 - parentResources[split[0]] = parentidx - } - - if apiResourceList[parentidx].Scope != scope { - return nil, fmt.Errorf("Error: Parent %s (scope: %s) and subresource %s (scope: %s) scope do not match", split[0], apiResourceList[parentidx].Scope, split[1], scope) - // - } - - subresource := apidiscoveryv2beta1.APISubresourceDiscovery{ - Subresource: split[1], - Verbs: r.Verbs, - } - if r.Kind != "" { - subresource.ResponseKind = &metav1.GroupVersionKind{ - Group: r.Group, - Version: r.Version, - Kind: r.Kind, - } - } - apiResourceList[parentidx].Subresources = append(apiResourceList[parentidx].Subresources, subresource) - } - - return apiResourceList, nil -} - -// An interface to see if one storage supports override its default verb for monitoring -type StorageMetricsOverride interface { - // OverrideMetricsVerb gives a storage object an opportunity to override the verb reported to the metrics endpoint - OverrideMetricsVerb(oldVerb string) (newVerb string) -} - -// An interface to see if an object supports swagger documentation as a method -type documentable interface { - SwaggerDoc() map[string]string -} - -// toDiscoveryKubeVerb maps an action.Verb to the logical kube verb, used for discovery -var toDiscoveryKubeVerb = map[string]string{ - "CONNECT": "", // do not list in discovery. - "DELETE": "delete", - "DELETECOLLECTION": "deletecollection", - "GET": "get", - "LIST": "list", - "PATCH": "patch", - "POST": "create", - "PROXY": "proxy", - "PUT": "update", - "WATCH": "watch", - "WATCHLIST": "watch", -} - -// Install handlers for API resources. -func (a *APIInstaller) Install() ([]metav1.APIResource, []*storageversion.ResourceInfo, *restful.WebService, []error) { - var apiResources []metav1.APIResource - var resourceInfos []*storageversion.ResourceInfo - var errors []error - ws := a.newWebService() - - // Register the paths in a deterministic (sorted) order to get a deterministic swagger spec. - paths := make([]string, len(a.group.Storage)) - var i int = 0 - for path := range a.group.Storage { - paths[i] = path - i++ - } - sort.Strings(paths) - for _, path := range paths { - apiResource, resourceInfo, err := a.registerResourceHandlers(path, a.group.Storage[path], ws) - if err != nil { - errors = append(errors, fmt.Errorf("error in registering resource: %s, %v", path, err)) - } - if apiResource != nil { - apiResources = append(apiResources, *apiResource) - } - if resourceInfo != nil { - resourceInfos = append(resourceInfos, resourceInfo) - } - } - return apiResources, resourceInfos, ws, errors -} - -// newWebService creates a new restful webservice with the api installer's prefix and version. -func (a *APIInstaller) newWebService() *restful.WebService { - ws := new(restful.WebService) - ws.Path(a.prefix) - // a.prefix contains "prefix/group/version" - ws.Doc("API at " + a.prefix) - // Backwards compatibility, we accepted objects with empty content-type at V1. - // If we stop using go-restful, we can default empty content-type to application/json on an - // endpoint by endpoint basis - ws.Consumes("*/*") - mediaTypes, streamMediaTypes := negotiation.MediaTypesForSerializer(a.group.Serializer) - ws.Produces(append(mediaTypes, streamMediaTypes...)...) - ws.ApiVersion(a.group.GroupVersion.String()) - - return ws -} - -// calculate the storage gvk, the gvk objects are converted to before persisted to the etcd. -func getStorageVersionKind(storageVersioner runtime.GroupVersioner, storage rest.Storage, typer runtime.ObjectTyper) (schema.GroupVersionKind, error) { - object := storage.New() - fqKinds, _, err := typer.ObjectKinds(object) - if err != nil { - return schema.GroupVersionKind{}, err - } - gvk, ok := storageVersioner.KindForGroupVersionKinds(fqKinds) - if !ok { - return schema.GroupVersionKind{}, fmt.Errorf("cannot find the storage version kind for %v", reflect.TypeOf(object)) - } - return gvk, nil -} - -// GetResourceKind returns the external group version kind registered for the given storage -// object. If the storage object is a subresource and has an override supplied for it, it returns -// the group version kind supplied in the override. -func GetResourceKind(groupVersion schema.GroupVersion, storage rest.Storage, typer runtime.ObjectTyper) (schema.GroupVersionKind, error) { - // Let the storage tell us exactly what GVK it has - if gvkProvider, ok := storage.(rest.GroupVersionKindProvider); ok { - return gvkProvider.GroupVersionKind(groupVersion), nil - } - - object := storage.New() - fqKinds, _, err := typer.ObjectKinds(object) - if err != nil { - return schema.GroupVersionKind{}, err - } - - // a given go type can have multiple potential fully qualified kinds. Find the one that corresponds with the group - // we're trying to register here - fqKindToRegister := schema.GroupVersionKind{} - for _, fqKind := range fqKinds { - if fqKind.Group == groupVersion.Group { - fqKindToRegister = groupVersion.WithKind(fqKind.Kind) - break - } - } - if fqKindToRegister.Empty() { - return schema.GroupVersionKind{}, fmt.Errorf("unable to locate fully qualified kind for %v: found %v when registering for %v", reflect.TypeOf(object), fqKinds, groupVersion) - } - - // group is guaranteed to match based on the check above - return fqKindToRegister, nil -} - -func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storage, ws *restful.WebService) (*metav1.APIResource, *storageversion.ResourceInfo, error) { - admit := a.group.Admit - - optionsExternalVersion := a.group.GroupVersion - if a.group.OptionsExternalVersion != nil { - optionsExternalVersion = *a.group.OptionsExternalVersion - } - - resource, subresource, err := splitSubresource(path) - if err != nil { - return nil, nil, err - } - - group, version := a.group.GroupVersion.Group, a.group.GroupVersion.Version - - fqKindToRegister, err := GetResourceKind(a.group.GroupVersion, storage, a.group.Typer) - if err != nil { - return nil, nil, err - } - - versionedPtr, err := a.group.Creater.New(fqKindToRegister) - if err != nil { - return nil, nil, err - } - defaultVersionedObject := indirectArbitraryPointer(versionedPtr) - kind := fqKindToRegister.Kind - isSubresource := len(subresource) > 0 - - // If there is a subresource, namespace scoping is defined by the parent resource - var namespaceScoped bool - if isSubresource { - parentStorage, ok := a.group.Storage[resource] - if !ok { - return nil, nil, fmt.Errorf("missing parent storage: %q", resource) - } - scoper, ok := parentStorage.(rest.Scoper) - if !ok { - return nil, nil, fmt.Errorf("%q must implement scoper", resource) - } - namespaceScoped = scoper.NamespaceScoped() - - } else { - scoper, ok := storage.(rest.Scoper) - if !ok { - return nil, nil, fmt.Errorf("%q must implement scoper", resource) - } - namespaceScoped = scoper.NamespaceScoped() - } - - // what verbs are supported by the storage, used to know what verbs we support per path - creater, isCreater := storage.(rest.Creater) - namedCreater, isNamedCreater := storage.(rest.NamedCreater) - lister, isLister := storage.(rest.Lister) - getter, isGetter := storage.(rest.Getter) - getterWithOptions, isGetterWithOptions := storage.(rest.GetterWithOptions) - gracefulDeleter, isGracefulDeleter := storage.(rest.GracefulDeleter) - collectionDeleter, isCollectionDeleter := storage.(rest.CollectionDeleter) - updater, isUpdater := storage.(rest.Updater) - patcher, isPatcher := storage.(rest.Patcher) - watcher, isWatcher := storage.(rest.Watcher) - connecter, isConnecter := storage.(rest.Connecter) - storageMeta, isMetadata := storage.(rest.StorageMetadata) - storageVersionProvider, isStorageVersionProvider := storage.(rest.StorageVersionProvider) - gvAcceptor, _ := storage.(rest.GroupVersionAcceptor) - if !isMetadata { - storageMeta = defaultStorageMetadata{} - } - - if isNamedCreater { - isCreater = true - } - - var resetFields map[fieldpath.APIVersion]*fieldpath.Set - if a.group.OpenAPIModels != nil { - if resetFieldsStrategy, isResetFieldsStrategy := storage.(rest.ResetFieldsStrategy); isResetFieldsStrategy { - resetFields = resetFieldsStrategy.GetResetFields() - } - } - - var versionedList interface{} - if isLister { - list := lister.NewList() - listGVKs, _, err := a.group.Typer.ObjectKinds(list) - if err != nil { - return nil, nil, err - } - versionedListPtr, err := a.group.Creater.New(a.group.GroupVersion.WithKind(listGVKs[0].Kind)) - if err != nil { - return nil, nil, err - } - versionedList = indirectArbitraryPointer(versionedListPtr) - } - - versionedListOptions, err := a.group.Creater.New(optionsExternalVersion.WithKind("ListOptions")) - if err != nil { - return nil, nil, err - } - versionedCreateOptions, err := a.group.Creater.New(optionsExternalVersion.WithKind("CreateOptions")) - if err != nil { - return nil, nil, err - } - versionedPatchOptions, err := a.group.Creater.New(optionsExternalVersion.WithKind("PatchOptions")) - if err != nil { - return nil, nil, err - } - versionedUpdateOptions, err := a.group.Creater.New(optionsExternalVersion.WithKind("UpdateOptions")) - if err != nil { - return nil, nil, err - } - - var versionedDeleteOptions runtime.Object - var versionedDeleterObject interface{} - deleteReturnsDeletedObject := false - if isGracefulDeleter { - versionedDeleteOptions, err = a.group.Creater.New(optionsExternalVersion.WithKind("DeleteOptions")) - if err != nil { - return nil, nil, err - } - versionedDeleterObject = indirectArbitraryPointer(versionedDeleteOptions) - - if mayReturnFullObjectDeleter, ok := storage.(rest.MayReturnFullObjectDeleter); ok { - deleteReturnsDeletedObject = mayReturnFullObjectDeleter.DeleteReturnsDeletedObject() - } - } - - versionedStatusPtr, err := a.group.Creater.New(optionsExternalVersion.WithKind("Status")) - if err != nil { - return nil, nil, err - } - versionedStatus := indirectArbitraryPointer(versionedStatusPtr) - var ( - getOptions runtime.Object - versionedGetOptions runtime.Object - getOptionsInternalKind schema.GroupVersionKind - getSubpath bool - ) - if isGetterWithOptions { - getOptions, getSubpath, _ = getterWithOptions.NewGetOptions() - getOptionsInternalKinds, _, err := a.group.Typer.ObjectKinds(getOptions) - if err != nil { - return nil, nil, err - } - getOptionsInternalKind = getOptionsInternalKinds[0] - versionedGetOptions, err = a.group.Creater.New(a.group.GroupVersion.WithKind(getOptionsInternalKind.Kind)) - if err != nil { - versionedGetOptions, err = a.group.Creater.New(optionsExternalVersion.WithKind(getOptionsInternalKind.Kind)) - if err != nil { - return nil, nil, err - } - } - isGetter = true - } - - var versionedWatchEvent interface{} - if isWatcher { - versionedWatchEventPtr, err := a.group.Creater.New(a.group.GroupVersion.WithKind("WatchEvent")) - if err != nil { - return nil, nil, err - } - versionedWatchEvent = indirectArbitraryPointer(versionedWatchEventPtr) - } - - var ( - connectOptions runtime.Object - versionedConnectOptions runtime.Object - connectOptionsInternalKind schema.GroupVersionKind - connectSubpath bool - ) - if isConnecter { - connectOptions, connectSubpath, _ = connecter.NewConnectOptions() - if connectOptions != nil { - connectOptionsInternalKinds, _, err := a.group.Typer.ObjectKinds(connectOptions) - if err != nil { - return nil, nil, err - } - - connectOptionsInternalKind = connectOptionsInternalKinds[0] - versionedConnectOptions, err = a.group.Creater.New(a.group.GroupVersion.WithKind(connectOptionsInternalKind.Kind)) - if err != nil { - versionedConnectOptions, err = a.group.Creater.New(optionsExternalVersion.WithKind(connectOptionsInternalKind.Kind)) - if err != nil { - return nil, nil, err - } - } - } - } - - allowWatchList := isWatcher && isLister // watching on lists is allowed only for kinds that support both watch and list. - nameParam := ws.PathParameter("name", "name of the "+kind).DataType("string") - pathParam := ws.PathParameter("path", "path to the resource").DataType("string") - - params := []*restful.Parameter{} - actions := []action{} - - var resourceKind string - kindProvider, ok := storage.(rest.KindProvider) - if ok { - resourceKind = kindProvider.Kind() - } else { - resourceKind = kind - } - - tableProvider, isTableProvider := storage.(rest.TableConvertor) - if isLister && !isTableProvider { - // All listers must implement TableProvider - return nil, nil, fmt.Errorf("%q must implement TableConvertor", resource) - } - - var apiResource metav1.APIResource - if utilfeature.DefaultFeatureGate.Enabled(features.StorageVersionHash) && - isStorageVersionProvider && - storageVersionProvider.StorageVersion() != nil { - versioner := storageVersionProvider.StorageVersion() - gvk, err := getStorageVersionKind(versioner, storage, a.group.Typer) - if err != nil { - return nil, nil, err - } - apiResource.StorageVersionHash = discovery.StorageVersionHash(gvk.Group, gvk.Version, gvk.Kind) - } - - // Get the list of actions for the given scope. - switch { - case !namespaceScoped: - // Handle non-namespace scoped resources like nodes. - resourcePath := resource - resourceParams := params - itemPath := resourcePath + "/{name}" - nameParams := append(params, nameParam) - proxyParams := append(nameParams, pathParam) - suffix := "" - if isSubresource { - suffix = "/" + subresource - itemPath = itemPath + suffix - resourcePath = itemPath - resourceParams = nameParams - } - apiResource.Name = path - apiResource.Namespaced = false - apiResource.Kind = resourceKind - namer := handlers.ContextBasedNaming{ - Namer: a.group.Namer, - ClusterScoped: true, - } - - // Handler for standard REST verbs (GET, PUT, POST and DELETE). - // Add actions at the resource path: /api/apiVersion/resource - actions = appendIf(actions, action{"LIST", resourcePath, resourceParams, namer, false}, isLister) - actions = appendIf(actions, action{"POST", resourcePath, resourceParams, namer, false}, isCreater) - actions = appendIf(actions, action{"DELETECOLLECTION", resourcePath, resourceParams, namer, false}, isCollectionDeleter) - // DEPRECATED in 1.11 - actions = appendIf(actions, action{"WATCHLIST", "watch/" + resourcePath, resourceParams, namer, false}, allowWatchList) - - // Add actions at the item path: /api/apiVersion/resource/{name} - actions = appendIf(actions, action{"GET", itemPath, nameParams, namer, false}, isGetter) - if getSubpath { - actions = appendIf(actions, action{"GET", itemPath + "/{path:*}", proxyParams, namer, false}, isGetter) - } - actions = appendIf(actions, action{"PUT", itemPath, nameParams, namer, false}, isUpdater) - actions = appendIf(actions, action{"PATCH", itemPath, nameParams, namer, false}, isPatcher) - actions = appendIf(actions, action{"DELETE", itemPath, nameParams, namer, false}, isGracefulDeleter) - // DEPRECATED in 1.11 - actions = appendIf(actions, action{"WATCH", "watch/" + itemPath, nameParams, namer, false}, isWatcher) - actions = appendIf(actions, action{"CONNECT", itemPath, nameParams, namer, false}, isConnecter) - actions = appendIf(actions, action{"CONNECT", itemPath + "/{path:*}", proxyParams, namer, false}, isConnecter && connectSubpath) - default: - namespaceParamName := "namespaces" - // Handler for standard REST verbs (GET, PUT, POST and DELETE). - namespaceParam := ws.PathParameter("namespace", "object name and auth scope, such as for teams and projects").DataType("string") - namespacedPath := namespaceParamName + "/{namespace}/" + resource - namespaceParams := []*restful.Parameter{namespaceParam} - - resourcePath := namespacedPath - resourceParams := namespaceParams - itemPath := namespacedPath + "/{name}" - nameParams := append(namespaceParams, nameParam) - proxyParams := append(nameParams, pathParam) - itemPathSuffix := "" - if isSubresource { - itemPathSuffix = "/" + subresource - itemPath = itemPath + itemPathSuffix - resourcePath = itemPath - resourceParams = nameParams - } - apiResource.Name = path - apiResource.Namespaced = true - apiResource.Kind = resourceKind - namer := handlers.ContextBasedNaming{ - Namer: a.group.Namer, - ClusterScoped: false, - } - - actions = appendIf(actions, action{"LIST", resourcePath, resourceParams, namer, false}, isLister) - actions = appendIf(actions, action{"POST", resourcePath, resourceParams, namer, false}, isCreater) - actions = appendIf(actions, action{"DELETECOLLECTION", resourcePath, resourceParams, namer, false}, isCollectionDeleter) - // DEPRECATED in 1.11 - actions = appendIf(actions, action{"WATCHLIST", "watch/" + resourcePath, resourceParams, namer, false}, allowWatchList) - - actions = appendIf(actions, action{"GET", itemPath, nameParams, namer, false}, isGetter) - if getSubpath { - actions = appendIf(actions, action{"GET", itemPath + "/{path:*}", proxyParams, namer, false}, isGetter) - } - actions = appendIf(actions, action{"PUT", itemPath, nameParams, namer, false}, isUpdater) - actions = appendIf(actions, action{"PATCH", itemPath, nameParams, namer, false}, isPatcher) - actions = appendIf(actions, action{"DELETE", itemPath, nameParams, namer, false}, isGracefulDeleter) - // DEPRECATED in 1.11 - actions = appendIf(actions, action{"WATCH", "watch/" + itemPath, nameParams, namer, false}, isWatcher) - actions = appendIf(actions, action{"CONNECT", itemPath, nameParams, namer, false}, isConnecter) - actions = appendIf(actions, action{"CONNECT", itemPath + "/{path:*}", proxyParams, namer, false}, isConnecter && connectSubpath) - - // list or post across namespace. - // For ex: LIST all pods in all namespaces by sending a LIST request at /api/apiVersion/pods. - // TODO: more strongly type whether a resource allows these actions on "all namespaces" (bulk delete) - if !isSubresource { - actions = appendIf(actions, action{"LIST", resource, params, namer, true}, isLister) - // DEPRECATED in 1.11 - actions = appendIf(actions, action{"WATCHLIST", "watch/" + resource, params, namer, true}, allowWatchList) - } - } - - var resourceInfo *storageversion.ResourceInfo - if utilfeature.DefaultFeatureGate.Enabled(features.StorageVersionAPI) && - utilfeature.DefaultFeatureGate.Enabled(features.APIServerIdentity) && - isStorageVersionProvider && - storageVersionProvider.StorageVersion() != nil { - - versioner := storageVersionProvider.StorageVersion() - encodingGVK, err := getStorageVersionKind(versioner, storage, a.group.Typer) - if err != nil { - return nil, nil, err - } - decodableVersions := []schema.GroupVersion{} - if a.group.ConvertabilityChecker != nil { - decodableVersions = a.group.ConvertabilityChecker.VersionsForGroupKind(fqKindToRegister.GroupKind()) - } - resourceInfo = &storageversion.ResourceInfo{ - GroupResource: schema.GroupResource{ - Group: a.group.GroupVersion.Group, - Resource: apiResource.Name, - }, - EncodingVersion: encodingGVK.GroupVersion().String(), - // We record EquivalentResourceMapper first instead of calculate - // DecodableVersions immediately because API installation must - // be completed first for us to know equivalent APIs - EquivalentResourceMapper: a.group.EquivalentResourceRegistry, - - DirectlyDecodableVersions: decodableVersions, - } - } - - var disabledParams []string - if !utilfeature.DefaultFeatureGate.Enabled(features.ServerSideFieldValidation) { - disabledParams = []string{"fieldValidation"} - } - - // Create Routes for the actions. - // TODO: Add status documentation using Returns() - // Errors (see api/errors/errors.go as well as go-restful router): - // http.StatusNotFound, http.StatusMethodNotAllowed, - // http.StatusUnsupportedMediaType, http.StatusNotAcceptable, - // http.StatusBadRequest, http.StatusUnauthorized, http.StatusForbidden, - // http.StatusRequestTimeout, http.StatusConflict, http.StatusPreconditionFailed, - // http.StatusUnprocessableEntity, http.StatusInternalServerError, - // http.StatusServiceUnavailable - // and api error codes - // Note that if we specify a versioned Status object here, we may need to - // create one for the tests, also - // Success: - // http.StatusOK, http.StatusCreated, http.StatusAccepted, http.StatusNoContent - // - // test/integration/auth_test.go is currently the most comprehensive status code test - - for _, s := range a.group.Serializer.SupportedMediaTypes() { - if len(s.MediaTypeSubType) == 0 || len(s.MediaTypeType) == 0 { - return nil, nil, fmt.Errorf("all serializers in the group Serializer must have MediaTypeType and MediaTypeSubType set: %s", s.MediaType) - } - } - mediaTypes, streamMediaTypes := negotiation.MediaTypesForSerializer(a.group.Serializer) - allMediaTypes := append(mediaTypes, streamMediaTypes...) - ws.Produces(allMediaTypes...) - - kubeVerbs := map[string]struct{}{} - reqScope := handlers.RequestScope{ - Serializer: a.group.Serializer, - ParameterCodec: a.group.ParameterCodec, - Creater: a.group.Creater, - Convertor: a.group.Convertor, - Defaulter: a.group.Defaulter, - Typer: a.group.Typer, - UnsafeConvertor: a.group.UnsafeConvertor, - Authorizer: a.group.Authorizer, - - EquivalentResourceMapper: a.group.EquivalentResourceRegistry, - - // TODO: Check for the interface on storage - TableConvertor: tableProvider, - - // TODO: This seems wrong for cross-group subresources. It makes an assumption that a subresource and its parent are in the same group version. Revisit this. - Resource: a.group.GroupVersion.WithResource(resource), - Subresource: subresource, - Kind: fqKindToRegister, - - AcceptsGroupVersionDelegate: gvAcceptor, - - HubGroupVersion: schema.GroupVersion{Group: fqKindToRegister.Group, Version: runtime.APIVersionInternal}, - - MetaGroupVersion: metav1.SchemeGroupVersion, - - MaxRequestBodyBytes: a.group.MaxRequestBodyBytes, - } - if a.group.MetaGroupVersion != nil { - reqScope.MetaGroupVersion = *a.group.MetaGroupVersion - } - if a.group.OpenAPIModels != nil { - reqScope.FieldManager, err = fieldmanager.NewDefaultFieldManager( - a.group.TypeConverter, - a.group.UnsafeConvertor, - a.group.Defaulter, - a.group.Creater, - fqKindToRegister, - reqScope.HubGroupVersion, - subresource, - resetFields, - ) - if err != nil { - return nil, nil, fmt.Errorf("failed to create field manager: %v", err) - } - } - for _, action := range actions { - producedObject := storageMeta.ProducesObject(action.Verb) - if producedObject == nil { - producedObject = defaultVersionedObject - } - reqScope.Namer = action.Namer - - requestScope := "cluster" - var namespaced string - var operationSuffix string - if apiResource.Namespaced { - requestScope = "namespace" - namespaced = "Namespaced" - } - if strings.HasSuffix(action.Path, "/{path:*}") { - requestScope = "resource" - operationSuffix = operationSuffix + "WithPath" - } - if strings.Index(action.Path, "/{name}") != -1 || action.Verb == "POST" { - requestScope = "resource" - } - if action.AllNamespaces { - requestScope = "cluster" - operationSuffix = operationSuffix + "ForAllNamespaces" - namespaced = "" - } - - if kubeVerb, found := toDiscoveryKubeVerb[action.Verb]; found { - if len(kubeVerb) != 0 { - kubeVerbs[kubeVerb] = struct{}{} - } - } else { - return nil, nil, fmt.Errorf("unknown action verb for discovery: %s", action.Verb) - } - - routes := []*restful.RouteBuilder{} - - // If there is a subresource, kind should be the parent's kind. - if isSubresource { - parentStorage, ok := a.group.Storage[resource] - if !ok { - return nil, nil, fmt.Errorf("missing parent storage: %q", resource) - } - - fqParentKind, err := GetResourceKind(a.group.GroupVersion, parentStorage, a.group.Typer) - if err != nil { - return nil, nil, err - } - kind = fqParentKind.Kind - } - - verbOverrider, needOverride := storage.(StorageMetricsOverride) - - // accumulate endpoint-level warnings - var ( - warnings []string - deprecated bool - removedRelease string - ) - - { - versionedPtrWithGVK := versionedPtr.DeepCopyObject() - versionedPtrWithGVK.GetObjectKind().SetGroupVersionKind(fqKindToRegister) - currentMajor, currentMinor, _ := deprecation.MajorMinor(versioninfo.Get()) - deprecated = deprecation.IsDeprecated(versionedPtrWithGVK, currentMajor, currentMinor) - if deprecated { - removedRelease = deprecation.RemovedRelease(versionedPtrWithGVK) - warnings = append(warnings, deprecation.WarningMessage(versionedPtrWithGVK)) - } - } - - switch action.Verb { - case "GET": // Get a resource. - var handler restful.RouteFunction - if isGetterWithOptions { - handler = restfulGetResourceWithOptions(getterWithOptions, reqScope, isSubresource) - } else { - handler = restfulGetResource(getter, reqScope) - } - - if needOverride { - // need change the reported verb - handler = metrics.InstrumentRouteFunc(verbOverrider.OverrideMetricsVerb(action.Verb), group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, handler) - } else { - handler = metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, handler) - } - handler = utilwarning.AddWarningsHandler(handler, warnings) - - doc := "read the specified " + kind - if isSubresource { - doc = "read " + subresource + " of the specified " + kind - } - route := ws.GET(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("read"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(append(storageMeta.ProducesMIMETypes(action.Verb), mediaTypes...)...). - Returns(http.StatusOK, "OK", producedObject). - Writes(producedObject) - if isGetterWithOptions { - if err := AddObjectParams(ws, route, versionedGetOptions); err != nil { - return nil, nil, err - } - } - addParams(route, action.Params) - routes = append(routes, route) - case "LIST": // List all resources of a kind. - doc := "list objects of kind " + kind - if isSubresource { - doc = "list " + subresource + " of objects of kind " + kind - } - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulListResource(lister, watcher, reqScope, false, a.minRequestTimeout)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.GET(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("list"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(append(storageMeta.ProducesMIMETypes(action.Verb), allMediaTypes...)...). - Returns(http.StatusOK, "OK", versionedList). - Writes(versionedList) - if err := AddObjectParams(ws, route, versionedListOptions); err != nil { - return nil, nil, err - } - switch { - case isLister && isWatcher: - doc := "list or watch objects of kind " + kind - if isSubresource { - doc = "list or watch " + subresource + " of objects of kind " + kind - } - route.Doc(doc) - case isWatcher: - doc := "watch objects of kind " + kind - if isSubresource { - doc = "watch " + subresource + "of objects of kind " + kind - } - route.Doc(doc) - } - addParams(route, action.Params) - routes = append(routes, route) - case "PUT": // Update a resource. - doc := "replace the specified " + kind - if isSubresource { - doc = "replace " + subresource + " of the specified " + kind - } - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulUpdateResource(updater, reqScope, admit)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.PUT(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("replace"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(append(storageMeta.ProducesMIMETypes(action.Verb), mediaTypes...)...). - Returns(http.StatusOK, "OK", producedObject). - // TODO: in some cases, the API may return a v1.Status instead of the versioned object - // but currently go-restful can't handle multiple different objects being returned. - Returns(http.StatusCreated, "Created", producedObject). - Reads(defaultVersionedObject). - Writes(producedObject) - if err := AddObjectParams(ws, route, versionedUpdateOptions, disabledParams...); err != nil { - return nil, nil, err - } - addParams(route, action.Params) - routes = append(routes, route) - case "PATCH": // Partially update a resource - doc := "partially update the specified " + kind - if isSubresource { - doc = "partially update " + subresource + " of the specified " + kind - } - supportedTypes := []string{ - string(types.JSONPatchType), - string(types.MergePatchType), - string(types.StrategicMergePatchType), - string(types.ApplyPatchType), - } - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulPatchResource(patcher, reqScope, admit, supportedTypes)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.PATCH(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Consumes(supportedTypes...). - Operation("patch"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(append(storageMeta.ProducesMIMETypes(action.Verb), mediaTypes...)...). - Returns(http.StatusOK, "OK", producedObject). - // Patch can return 201 when a server side apply is requested - Returns(http.StatusCreated, "Created", producedObject). - Reads(metav1.Patch{}). - Writes(producedObject) - if err := AddObjectParams(ws, route, versionedPatchOptions, disabledParams...); err != nil { - return nil, nil, err - } - addParams(route, action.Params) - routes = append(routes, route) - case "POST": // Create a resource. - var handler restful.RouteFunction - if isNamedCreater { - handler = restfulCreateNamedResource(namedCreater, reqScope, admit) - } else { - handler = restfulCreateResource(creater, reqScope, admit) - } - handler = metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, handler) - handler = utilwarning.AddWarningsHandler(handler, warnings) - article := GetArticleForNoun(kind, " ") - doc := "create" + article + kind - if isSubresource { - doc = "create " + subresource + " of" + article + kind - } - route := ws.POST(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("create"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(append(storageMeta.ProducesMIMETypes(action.Verb), mediaTypes...)...). - Returns(http.StatusOK, "OK", producedObject). - // TODO: in some cases, the API may return a v1.Status instead of the versioned object - // but currently go-restful can't handle multiple different objects being returned. - Returns(http.StatusCreated, "Created", producedObject). - Returns(http.StatusAccepted, "Accepted", producedObject). - Reads(defaultVersionedObject). - Writes(producedObject) - if err := AddObjectParams(ws, route, versionedCreateOptions, disabledParams...); err != nil { - return nil, nil, err - } - addParams(route, action.Params) - routes = append(routes, route) - case "DELETE": // Delete a resource. - article := GetArticleForNoun(kind, " ") - doc := "delete" + article + kind - if isSubresource { - doc = "delete " + subresource + " of" + article + kind - } - deleteReturnType := versionedStatus - if deleteReturnsDeletedObject { - deleteReturnType = producedObject - } - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulDeleteResource(gracefulDeleter, isGracefulDeleter, reqScope, admit)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.DELETE(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("delete"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(append(storageMeta.ProducesMIMETypes(action.Verb), mediaTypes...)...). - Writes(deleteReturnType). - Returns(http.StatusOK, "OK", deleteReturnType). - Returns(http.StatusAccepted, "Accepted", deleteReturnType) - if isGracefulDeleter { - route.Reads(versionedDeleterObject) - route.ParameterNamed("body").Required(false) - if err := AddObjectParams(ws, route, versionedDeleteOptions); err != nil { - return nil, nil, err - } - } - addParams(route, action.Params) - routes = append(routes, route) - case "DELETECOLLECTION": - doc := "delete collection of " + kind - if isSubresource { - doc = "delete collection of " + subresource + " of a " + kind - } - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulDeleteCollection(collectionDeleter, isCollectionDeleter, reqScope, admit)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.DELETE(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("deletecollection"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(append(storageMeta.ProducesMIMETypes(action.Verb), mediaTypes...)...). - Writes(versionedStatus). - Returns(http.StatusOK, "OK", versionedStatus) - if isCollectionDeleter { - route.Reads(versionedDeleterObject) - route.ParameterNamed("body").Required(false) - if err := AddObjectParams(ws, route, versionedDeleteOptions); err != nil { - return nil, nil, err - } - } - if err := AddObjectParams(ws, route, versionedListOptions, "watch", "allowWatchBookmarks"); err != nil { - return nil, nil, err - } - addParams(route, action.Params) - routes = append(routes, route) - // deprecated in 1.11 - case "WATCH": // Watch a resource. - doc := "watch changes to an object of kind " + kind - if isSubresource { - doc = "watch changes to " + subresource + " of an object of kind " + kind - } - doc += ". deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter." - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulListResource(lister, watcher, reqScope, true, a.minRequestTimeout)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.GET(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("watch"+namespaced+kind+strings.Title(subresource)+operationSuffix). - Produces(allMediaTypes...). - Returns(http.StatusOK, "OK", versionedWatchEvent). - Writes(versionedWatchEvent) - if err := AddObjectParams(ws, route, versionedListOptions); err != nil { - return nil, nil, err - } - addParams(route, action.Params) - routes = append(routes, route) - // deprecated in 1.11 - case "WATCHLIST": // Watch all resources of a kind. - doc := "watch individual changes to a list of " + kind - if isSubresource { - doc = "watch individual changes to a list of " + subresource + " of " + kind - } - doc += ". deprecated: use the 'watch' parameter with a list operation instead." - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulListResource(lister, watcher, reqScope, true, a.minRequestTimeout)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.GET(action.Path).To(handler). - Doc(doc). - Param(ws.QueryParameter("pretty", "If 'true', then the output is pretty printed.")). - Operation("watch"+namespaced+kind+strings.Title(subresource)+"List"+operationSuffix). - Produces(allMediaTypes...). - Returns(http.StatusOK, "OK", versionedWatchEvent). - Writes(versionedWatchEvent) - if err := AddObjectParams(ws, route, versionedListOptions); err != nil { - return nil, nil, err - } - addParams(route, action.Params) - routes = append(routes, route) - case "CONNECT": - for _, method := range connecter.ConnectMethods() { - connectProducedObject := storageMeta.ProducesObject(method) - if connectProducedObject == nil { - connectProducedObject = "string" - } - doc := "connect " + method + " requests to " + kind - if isSubresource { - doc = "connect " + method + " requests to " + subresource + " of " + kind - } - handler := metrics.InstrumentRouteFunc(action.Verb, group, version, resource, subresource, requestScope, metrics.APIServerComponent, deprecated, removedRelease, restfulConnectResource(connecter, reqScope, admit, path, isSubresource)) - handler = utilwarning.AddWarningsHandler(handler, warnings) - route := ws.Method(method).Path(action.Path). - To(handler). - Doc(doc). - Operation("connect" + strings.Title(strings.ToLower(method)) + namespaced + kind + strings.Title(subresource) + operationSuffix). - Produces("*/*"). - Consumes("*/*"). - Writes(connectProducedObject) - if versionedConnectOptions != nil { - if err := AddObjectParams(ws, route, versionedConnectOptions); err != nil { - return nil, nil, err - } - } - addParams(route, action.Params) - routes = append(routes, route) - - // transform ConnectMethods to kube verbs - if kubeVerb, found := toDiscoveryKubeVerb[method]; found { - if len(kubeVerb) != 0 { - kubeVerbs[kubeVerb] = struct{}{} - } - } - } - default: - return nil, nil, fmt.Errorf("unrecognized action verb: %s", action.Verb) - } - for _, route := range routes { - route.Metadata(ROUTE_META_GVK, metav1.GroupVersionKind{ - Group: reqScope.Kind.Group, - Version: reqScope.Kind.Version, - Kind: reqScope.Kind.Kind, - }) - route.Metadata(ROUTE_META_ACTION, strings.ToLower(action.Verb)) - ws.Route(route) - } - // Note: update GetAuthorizerAttributes() when adding a custom handler. - } - - apiResource.Verbs = make([]string, 0, len(kubeVerbs)) - for kubeVerb := range kubeVerbs { - apiResource.Verbs = append(apiResource.Verbs, kubeVerb) - } - sort.Strings(apiResource.Verbs) - - if shortNamesProvider, ok := storage.(rest.ShortNamesProvider); ok { - apiResource.ShortNames = shortNamesProvider.ShortNames() - } - if categoriesProvider, ok := storage.(rest.CategoriesProvider); ok { - apiResource.Categories = categoriesProvider.Categories() - } - if gvkProvider, ok := storage.(rest.GroupVersionKindProvider); ok { - gvk := gvkProvider.GroupVersionKind(a.group.GroupVersion) - apiResource.Group = gvk.Group - apiResource.Version = gvk.Version - apiResource.Kind = gvk.Kind - } - - // Record the existence of the GVR and the corresponding GVK - a.group.EquivalentResourceRegistry.RegisterKindFor(reqScope.Resource, reqScope.Subresource, fqKindToRegister) - - return &apiResource, resourceInfo, nil -} - -// indirectArbitraryPointer returns *ptrToObject for an arbitrary pointer -func indirectArbitraryPointer(ptrToObject interface{}) interface{} { - return reflect.Indirect(reflect.ValueOf(ptrToObject)).Interface() -} - -func appendIf(actions []action, a action, shouldAppend bool) []action { - if shouldAppend { - actions = append(actions, a) - } - return actions -} - -func addParams(route *restful.RouteBuilder, params []*restful.Parameter) { - for _, param := range params { - route.Param(param) - } -} - -// AddObjectParams converts a runtime.Object into a set of go-restful Param() definitions on the route. -// The object must be a pointer to a struct; only fields at the top level of the struct that are not -// themselves interfaces or structs are used; only fields with a json tag that is non empty (the standard -// Go JSON behavior for omitting a field) become query parameters. The name of the query parameter is -// the JSON field name. If a description struct tag is set on the field, that description is used on the -// query parameter. In essence, it converts a standard JSON top level object into a query param schema. -func AddObjectParams(ws *restful.WebService, route *restful.RouteBuilder, obj interface{}, excludedNames ...string) error { - sv, err := conversion.EnforcePtr(obj) - if err != nil { - return err - } - st := sv.Type() - excludedNameSet := sets.NewString(excludedNames...) - switch st.Kind() { - case reflect.Struct: - for i := 0; i < st.NumField(); i++ { - name := st.Field(i).Name - sf, ok := st.FieldByName(name) - if !ok { - continue - } - switch sf.Type.Kind() { - case reflect.Interface, reflect.Struct: - case reflect.Pointer: - // TODO: This is a hack to let metav1.Time through. This needs to be fixed in a more generic way eventually. bug #36191 - if (sf.Type.Elem().Kind() == reflect.Interface || sf.Type.Elem().Kind() == reflect.Struct) && strings.TrimPrefix(sf.Type.String(), "*") != "metav1.Time" { - continue - } - fallthrough - default: - jsonTag := sf.Tag.Get("json") - if len(jsonTag) == 0 { - continue - } - jsonName := strings.SplitN(jsonTag, ",", 2)[0] - if len(jsonName) == 0 { - continue - } - if excludedNameSet.Has(jsonName) { - continue - } - var desc string - if docable, ok := obj.(documentable); ok { - desc = docable.SwaggerDoc()[jsonName] - } - route.Param(ws.QueryParameter(jsonName, desc).DataType(typeToJSON(sf.Type.String()))) - } - } - } - return nil -} - -// TODO: this is incomplete, expand as needed. -// Convert the name of a golang type to the name of a JSON type -func typeToJSON(typeName string) string { - switch typeName { - case "bool", "*bool": - return "boolean" - case "uint8", "*uint8", "int", "*int", "int32", "*int32", "int64", "*int64", "uint32", "*uint32", "uint64", "*uint64": - return "integer" - case "float64", "*float64", "float32", "*float32": - return "number" - case "metav1.Time", "*metav1.Time": - return "string" - case "byte", "*byte": - return "string" - case "v1.DeletionPropagation", "*v1.DeletionPropagation": - return "string" - case "v1.ResourceVersionMatch", "*v1.ResourceVersionMatch": - return "string" - case "v1.IncludeObjectPolicy", "*v1.IncludeObjectPolicy": - return "string" - - // TODO: Fix these when go-restful supports a way to specify an array query param: - // https://github.com/emicklei/go-restful/issues/225 - case "[]string", "[]*string": - return "string" - case "[]int32", "[]*int32": - return "integer" - - default: - return typeName - } -} - -// defaultStorageMetadata provides default answers to rest.StorageMetadata. -type defaultStorageMetadata struct{} - -// defaultStorageMetadata implements rest.StorageMetadata -var _ rest.StorageMetadata = defaultStorageMetadata{} - -func (defaultStorageMetadata) ProducesMIMETypes(verb string) []string { - return nil -} - -func (defaultStorageMetadata) ProducesObject(verb string) interface{} { - return nil -} - -// splitSubresource checks if the given storage path is the path of a subresource and returns -// the resource and subresource components. -func splitSubresource(path string) (string, string, error) { - var resource, subresource string - switch parts := strings.Split(path, "/"); len(parts) { - case 2: - resource, subresource = parts[0], parts[1] - case 1: - resource = parts[0] - default: - // TODO: support deeper paths - return "", "", fmt.Errorf("api_installer allows only one or two segment paths (resource or resource/subresource)") - } - return resource, subresource, nil -} - -// GetArticleForNoun returns the article needed for the given noun. -func GetArticleForNoun(noun string, padding string) string { - if !strings.HasSuffix(noun, "ss") && strings.HasSuffix(noun, "s") { - // Plurals don't have an article. - // Don't catch words like class - return fmt.Sprintf("%v", padding) - } - - article := "a" - if isVowel(rune(noun[0])) { - article = "an" - } - - return fmt.Sprintf("%s%s%s", padding, article, padding) -} - -// isVowel returns true if the rune is a vowel (case insensitive). -func isVowel(c rune) bool { - vowels := []rune{'a', 'e', 'i', 'o', 'u'} - for _, value := range vowels { - if value == unicode.ToLower(c) { - return true - } - } - return false -} - -func restfulListResource(r rest.Lister, rw rest.Watcher, scope handlers.RequestScope, forceWatch bool, minRequestTimeout time.Duration) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.ListResource(r, rw, &scope, forceWatch, minRequestTimeout)(res.ResponseWriter, req.Request) - } -} - -func restfulCreateNamedResource(r rest.NamedCreater, scope handlers.RequestScope, admit admission.Interface) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.CreateNamedResource(r, &scope, admit)(res.ResponseWriter, req.Request) - } -} - -func restfulCreateResource(r rest.Creater, scope handlers.RequestScope, admit admission.Interface) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.CreateResource(r, &scope, admit)(res.ResponseWriter, req.Request) - } -} - -func restfulDeleteResource(r rest.GracefulDeleter, allowsOptions bool, scope handlers.RequestScope, admit admission.Interface) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.DeleteResource(r, allowsOptions, &scope, admit)(res.ResponseWriter, req.Request) - } -} - -func restfulDeleteCollection(r rest.CollectionDeleter, checkBody bool, scope handlers.RequestScope, admit admission.Interface) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.DeleteCollection(r, checkBody, &scope, admit)(res.ResponseWriter, req.Request) - } -} - -func restfulUpdateResource(r rest.Updater, scope handlers.RequestScope, admit admission.Interface) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.UpdateResource(r, &scope, admit)(res.ResponseWriter, req.Request) - } -} - -func restfulPatchResource(r rest.Patcher, scope handlers.RequestScope, admit admission.Interface, supportedTypes []string) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.PatchResource(r, &scope, admit, supportedTypes)(res.ResponseWriter, req.Request) - } -} - -func restfulGetResource(r rest.Getter, scope handlers.RequestScope) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.GetResource(r, &scope)(res.ResponseWriter, req.Request) - } -} - -func restfulGetResourceWithOptions(r rest.GetterWithOptions, scope handlers.RequestScope, isSubresource bool) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.GetResourceWithOptions(r, &scope, isSubresource)(res.ResponseWriter, req.Request) - } -} - -func restfulConnectResource(connecter rest.Connecter, scope handlers.RequestScope, admit admission.Interface, restPath string, isSubresource bool) restful.RouteFunction { - return func(req *restful.Request, res *restful.Response) { - handlers.ConnectResource(connecter, &scope, admit, restPath, isSubresource)(res.ResponseWriter, req.Request) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/metrics/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/metrics/OWNERS deleted file mode 100644 index 43fbd53336..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/metrics/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - wojtek-t -approvers: - - logicalhan diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go deleted file mode 100644 index c62363608d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go +++ /dev/null @@ -1,852 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "context" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - restful "github.com/emicklei/go-restful/v3" - "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/types" - utilsets "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/endpoints/responsewriter" - "k8s.io/apiserver/pkg/features" - utilfeature "k8s.io/apiserver/pkg/util/feature" - compbasemetrics "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -// resettableCollector is the interface implemented by prometheus.MetricVec -// that can be used by Prometheus to collect metrics and reset their values. -type resettableCollector interface { - compbasemetrics.Registerable - Reset() -} - -const ( - APIServerComponent string = "apiserver" - OtherRequestMethod string = "other" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -var ( - deprecatedRequestGauge = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Subsystem: APIServerComponent, - Name: "requested_deprecated_apis", - Help: "Gauge of deprecated APIs that have been requested, broken out by API group, version, resource, subresource, and removed_release.", - StabilityLevel: compbasemetrics.STABLE, - }, - []string{"group", "version", "resource", "subresource", "removed_release"}, - ) - - // TODO(a-robinson): Add unit tests for the handling of these metrics once - // the upstream library supports it. - requestCounter = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: APIServerComponent, - Name: "request_total", - Help: "Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response code.", - StabilityLevel: compbasemetrics.STABLE, - }, - []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component", "code", "system_client"}, - ) - longRunningRequestsGauge = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Subsystem: APIServerComponent, - Name: "longrunning_requests", - Help: "Gauge of all active long-running apiserver requests broken out by verb, group, version, resource, scope and component. Not all requests are tracked this way.", - StabilityLevel: compbasemetrics.STABLE, - }, - []string{"verb", "group", "version", "resource", "subresource", "scope", "component"}, - ) - requestLatencies = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Subsystem: APIServerComponent, - Name: "request_duration_seconds", - Help: "Response latency distribution in seconds for each verb, dry run value, group, version, resource, subresource, scope and component.", - // This metric is used for verifying api call latencies SLO, - // as well as tracking regressions in this aspects. - // Thus we customize buckets significantly, to empower both usecases. - Buckets: []float64{0.005, 0.025, 0.05, 0.1, 0.2, 0.4, 0.6, 0.8, 1.0, 1.25, 1.5, 2, 3, - 4, 5, 6, 8, 10, 15, 20, 30, 45, 60}, - StabilityLevel: compbasemetrics.STABLE, - }, - []string{"verb", "dry_run", "group", "version", "resource", "subresource", "scope", "component"}, - ) - requestSloLatencies = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Subsystem: APIServerComponent, - Name: "request_slo_duration_seconds", - Help: "Response latency distribution (not counting webhook duration) in seconds for each verb, group, version, resource, subresource, scope and component.", - // This metric is supplementary to the requestLatencies metric. - // It measures request duration excluding webhooks as they are mostly - // dependant on user configuration. - Buckets: []float64{0.05, 0.1, 0.2, 0.4, 0.6, 0.8, 1.0, 1.25, 1.5, 2, 3, - 4, 5, 6, 8, 10, 15, 20, 30, 45, 60}, - StabilityLevel: compbasemetrics.ALPHA, - DeprecatedVersion: "1.27.0", - }, - []string{"verb", "group", "version", "resource", "subresource", "scope", "component"}, - ) - requestSliLatencies = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Subsystem: APIServerComponent, - Name: "request_sli_duration_seconds", - Help: "Response latency distribution (not counting webhook duration) in seconds for each verb, group, version, resource, subresource, scope and component.", - // This metric is supplementary to the requestLatencies metric. - // It measures request duration excluding webhooks as they are mostly - // dependant on user configuration. - Buckets: []float64{0.05, 0.1, 0.2, 0.4, 0.6, 0.8, 1.0, 1.25, 1.5, 2, 3, - 4, 5, 6, 8, 10, 15, 20, 30, 45, 60}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"verb", "group", "version", "resource", "subresource", "scope", "component"}, - ) - fieldValidationRequestLatencies = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Name: "field_validation_request_duration_seconds", - Help: "Response latency distribution in seconds for each field validation value and whether field validation is enabled or not", - // This metric is supplementary to the requestLatencies metric. - // It measures request durations for the various field validation - // values. - Buckets: []float64{0.05, 0.1, 0.2, 0.4, 0.6, 0.8, 1.0, 1.25, 1.5, 2, 3, - 4, 5, 6, 8, 10, 15, 20, 30, 45, 60}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"field_validation", "enabled"}, - ) - responseSizes = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Subsystem: APIServerComponent, - Name: "response_sizes", - Help: "Response size distribution in bytes for each group, version, verb, resource, subresource, scope and component.", - // Use buckets ranging from 1000 bytes (1KB) to 10^9 bytes (1GB). - Buckets: compbasemetrics.ExponentialBuckets(1000, 10.0, 7), - StabilityLevel: compbasemetrics.STABLE, - }, - []string{"verb", "group", "version", "resource", "subresource", "scope", "component"}, - ) - // TLSHandshakeErrors is a number of requests dropped with 'TLS handshake error from' error - TLSHandshakeErrors = compbasemetrics.NewCounter( - &compbasemetrics.CounterOpts{ - Subsystem: APIServerComponent, - Name: "tls_handshake_errors_total", - Help: "Number of requests dropped with 'TLS handshake error from' error", - StabilityLevel: compbasemetrics.ALPHA, - }, - ) - WatchEvents = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: APIServerComponent, - Name: "watch_events_total", - Help: "Number of events sent in watch clients", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"group", "version", "kind"}, - ) - WatchEventsSizes = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Subsystem: APIServerComponent, - Name: "watch_events_sizes", - Help: "Watch event size distribution in bytes", - Buckets: compbasemetrics.ExponentialBuckets(1024, 2.0, 8), // 1K, 2K, 4K, 8K, ..., 128K. - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"group", "version", "kind"}, - ) - // Because of volatility of the base metric this is pre-aggregated one. Instead of reporting current usage all the time - // it reports maximal usage during the last second. - currentInflightRequests = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Subsystem: APIServerComponent, - Name: "current_inflight_requests", - Help: "Maximal number of currently used inflight request limit of this apiserver per request kind in last second.", - StabilityLevel: compbasemetrics.STABLE, - }, - []string{"request_kind"}, - ) - currentInqueueRequests = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Subsystem: APIServerComponent, - Name: "current_inqueue_requests", - Help: "Maximal number of queued requests in this apiserver per request kind in last second.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"request_kind"}, - ) - - requestTerminationsTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: APIServerComponent, - Name: "request_terminations_total", - Help: "Number of requests which apiserver terminated in self-defense.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"verb", "group", "version", "resource", "subresource", "scope", "component", "code"}, - ) - - apiSelfRequestCounter = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: APIServerComponent, - Name: "selfrequest_total", - Help: "Counter of apiserver self-requests broken out for each verb, API resource and subresource.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"verb", "resource", "subresource"}, - ) - - requestFilterDuration = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Subsystem: APIServerComponent, - Name: "request_filter_duration_seconds", - Help: "Request filter latency distribution in seconds, for each filter type", - Buckets: []float64{0.0001, 0.0003, 0.001, 0.003, 0.01, 0.03, 0.1, 0.3, 1.0, 5.0}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"filter"}, - ) - - // requestAbortsTotal is a number of aborted requests with http.ErrAbortHandler - requestAbortsTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: APIServerComponent, - Name: "request_aborts_total", - Help: "Number of requests which apiserver aborted possibly due to a timeout, for each group, version, verb, resource, subresource and scope", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"verb", "group", "version", "resource", "subresource", "scope"}, - ) - - // requestPostTimeoutTotal tracks the activity of the executing request handler after the associated request - // has been timed out by the apiserver. - // source: the name of the handler that is recording this metric. Currently, we have two: - // - timeout-handler: the "executing" handler returns after the timeout filter times out the request. - // - rest-handler: the "executing" handler returns after the rest layer times out the request. - // status: whether the handler panicked or threw an error, possible values: - // - 'panic': the handler panicked - // - 'error': the handler return an error - // - 'ok': the handler returned a result (no error and no panic) - // - 'pending': the handler is still running in the background and it did not return - // within the wait threshold. - requestPostTimeoutTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: APIServerComponent, - Name: "request_post_timeout_total", - Help: "Tracks the activity of the request handlers after the associated requests have been timed out by the apiserver", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"source", "status"}, - ) - - requestTimestampComparisonDuration = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Subsystem: APIServerComponent, - Name: "request_timestamp_comparison_time", - Help: "Time taken for comparison of old vs new objects in UPDATE or PATCH requests", - Buckets: []float64{0.0001, 0.0003, 0.001, 0.003, 0.01, 0.03, 0.1, 0.3, 1.0, 5.0}, - StabilityLevel: compbasemetrics.ALPHA, - }, - // Path the code takes to reach a conclusion: - // i.e. unequalObjectsFast, unequalObjectsSlow, equalObjectsSlow - []string{"code_path"}, - ) - - metrics = []resettableCollector{ - deprecatedRequestGauge, - requestCounter, - longRunningRequestsGauge, - requestLatencies, - requestSloLatencies, - requestSliLatencies, - fieldValidationRequestLatencies, - responseSizes, - TLSHandshakeErrors, - WatchEvents, - WatchEventsSizes, - currentInflightRequests, - currentInqueueRequests, - requestTerminationsTotal, - apiSelfRequestCounter, - requestFilterDuration, - requestAbortsTotal, - requestPostTimeoutTotal, - requestTimestampComparisonDuration, - } - - // these are the valid request methods which we report in our metrics. Any other request methods - // will be aggregated under 'unknown' - validRequestMethods = utilsets.NewString( - "APPLY", - "CONNECT", - "CREATE", - "DELETE", - "DELETECOLLECTION", - "GET", - "LIST", - "PATCH", - "POST", - "PROXY", - "PUT", - "UPDATE", - "WATCH", - "WATCHLIST") -) - -const ( - // ReadOnlyKind is a string identifying read only request kind - ReadOnlyKind = "readOnly" - // MutatingKind is a string identifying mutating request kind - MutatingKind = "mutating" - - // WaitingPhase is the phase value for a request waiting in a queue - WaitingPhase = "waiting" - // ExecutingPhase is the phase value for an executing request - ExecutingPhase = "executing" -) - -const ( - // deprecatedAnnotationKey is a key for an audit annotation set to - // "true" on requests made to deprecated API versions - deprecatedAnnotationKey = "k8s.io/deprecated" - // removedReleaseAnnotationKey is a key for an audit annotation set to - // the target removal release, in "<major>.<minor>" format, - // on requests made to deprecated API versions with a target removal release - removedReleaseAnnotationKey = "k8s.io/removed-release" -) - -const ( - // The source that is recording the apiserver_request_post_timeout_total metric. - // The "executing" request handler returns after the timeout filter times out the request. - PostTimeoutSourceTimeoutHandler = "timeout-handler" - - // The source that is recording the apiserver_request_post_timeout_total metric. - // The "executing" request handler returns after the rest layer times out the request. - PostTimeoutSourceRestHandler = "rest-handler" -) - -const ( - // The executing request handler panicked after the request had - // been timed out by the apiserver. - PostTimeoutHandlerPanic = "panic" - - // The executing request handler has returned an error to the post-timeout - // receiver after the request had been timed out by the apiserver. - PostTimeoutHandlerError = "error" - - // The executing request handler has returned a result to the post-timeout - // receiver after the request had been timed out by the apiserver. - PostTimeoutHandlerOK = "ok" - - // The executing request handler has not panicked or returned any error/result to - // the post-timeout receiver yet after the request had been timed out by the apiserver. - // The post-timeout receiver gives up after waiting for certain threshold and if the - // executing request handler has not returned yet we use the following label. - PostTimeoutHandlerPending = "pending" -) - -var registerMetrics sync.Once - -// Register all metrics. -func Register() { - registerMetrics.Do(func() { - for _, metric := range metrics { - legacyregistry.MustRegister(metric) - } - }) -} - -// Reset all metrics. -func Reset() { - for _, metric := range metrics { - metric.Reset() - } -} - -// UpdateInflightRequestMetrics reports concurrency metrics classified by -// mutating vs Readonly. -func UpdateInflightRequestMetrics(phase string, nonmutating, mutating int) { - for _, kc := range []struct { - kind string - count int - }{{ReadOnlyKind, nonmutating}, {MutatingKind, mutating}} { - if phase == ExecutingPhase { - currentInflightRequests.WithLabelValues(kc.kind).Set(float64(kc.count)) - } else { - currentInqueueRequests.WithLabelValues(kc.kind).Set(float64(kc.count)) - } - } -} - -func RecordFilterLatency(ctx context.Context, name string, elapsed time.Duration) { - requestFilterDuration.WithContext(ctx).WithLabelValues(name).Observe(elapsed.Seconds()) -} - -func RecordTimestampComparisonLatency(codePath string, elapsed time.Duration) { - requestTimestampComparisonDuration.WithLabelValues(codePath).Observe(elapsed.Seconds()) -} - -func RecordRequestPostTimeout(source string, status string) { - requestPostTimeoutTotal.WithLabelValues(source, status).Inc() -} - -// RecordRequestAbort records that the request was aborted possibly due to a timeout. -func RecordRequestAbort(req *http.Request, requestInfo *request.RequestInfo) { - if requestInfo == nil { - requestInfo = &request.RequestInfo{Verb: req.Method, Path: req.URL.Path} - } - - scope := CleanScope(requestInfo) - reportedVerb := cleanVerb(CanonicalVerb(strings.ToUpper(req.Method), scope), getVerbIfWatch(req), req) - resource := requestInfo.Resource - subresource := requestInfo.Subresource - group := requestInfo.APIGroup - version := requestInfo.APIVersion - - requestAbortsTotal.WithContext(req.Context()).WithLabelValues(reportedVerb, group, version, resource, subresource, scope).Inc() -} - -// RecordDroppedRequest records that the request was rejected via http.TooManyRequests. -func RecordDroppedRequest(req *http.Request, requestInfo *request.RequestInfo, component string, isMutatingRequest bool) { - if requestInfo == nil { - requestInfo = &request.RequestInfo{Verb: req.Method, Path: req.URL.Path} - } - scope := CleanScope(requestInfo) - dryRun := cleanDryRun(req.URL) - - // We don't use verb from <requestInfo>, as this may be propagated from - // InstrumentRouteFunc which is registered in installer.go with predefined - // list of verbs (different than those translated to RequestInfo). - // However, we need to tweak it e.g. to differentiate GET from LIST. - reportedVerb := cleanVerb(CanonicalVerb(strings.ToUpper(req.Method), scope), getVerbIfWatch(req), req) - - if requestInfo.IsResourceRequest { - requestCounter.WithContext(req.Context()).WithLabelValues(reportedVerb, dryRun, requestInfo.APIGroup, requestInfo.APIVersion, requestInfo.Resource, requestInfo.Subresource, scope, component, codeToString(http.StatusTooManyRequests), "").Inc() - } else { - requestCounter.WithContext(req.Context()).WithLabelValues(reportedVerb, dryRun, "", "", "", requestInfo.Subresource, scope, component, codeToString(http.StatusTooManyRequests), "").Inc() - } -} - -// RecordRequestTermination records that the request was terminated early as part of a resource -// preservation or apiserver self-defense mechanism (e.g. timeouts, maxinflight throttling, -// proxyHandler errors). RecordRequestTermination should only be called zero or one times -// per request. -func RecordRequestTermination(req *http.Request, requestInfo *request.RequestInfo, component string, code int) { - if requestInfo == nil { - requestInfo = &request.RequestInfo{Verb: req.Method, Path: req.URL.Path} - } - scope := CleanScope(requestInfo) - - // We don't use verb from <requestInfo>, as this may be propagated from - // InstrumentRouteFunc which is registered in installer.go with predefined - // list of verbs (different than those translated to RequestInfo). - // However, we need to tweak it e.g. to differentiate GET from LIST. - reportedVerb := cleanVerb(CanonicalVerb(strings.ToUpper(req.Method), scope), getVerbIfWatch(req), req) - - if requestInfo.IsResourceRequest { - requestTerminationsTotal.WithContext(req.Context()).WithLabelValues(reportedVerb, requestInfo.APIGroup, requestInfo.APIVersion, requestInfo.Resource, requestInfo.Subresource, scope, component, codeToString(code)).Inc() - } else { - requestTerminationsTotal.WithContext(req.Context()).WithLabelValues(reportedVerb, "", "", "", requestInfo.Path, scope, component, codeToString(code)).Inc() - } -} - -// RecordLongRunning tracks the execution of a long running request against the API server. It provides an accurate count -// of the total number of open long running requests. requestInfo may be nil if the caller is not in the normal request flow. -func RecordLongRunning(req *http.Request, requestInfo *request.RequestInfo, component string, fn func()) { - if requestInfo == nil { - requestInfo = &request.RequestInfo{Verb: req.Method, Path: req.URL.Path} - } - var g compbasemetrics.GaugeMetric - scope := CleanScope(requestInfo) - - // We don't use verb from <requestInfo>, as this may be propagated from - // InstrumentRouteFunc which is registered in installer.go with predefined - // list of verbs (different than those translated to RequestInfo). - // However, we need to tweak it e.g. to differentiate GET from LIST. - reportedVerb := cleanVerb(CanonicalVerb(strings.ToUpper(req.Method), scope), getVerbIfWatch(req), req) - - if requestInfo.IsResourceRequest { - g = longRunningRequestsGauge.WithContext(req.Context()).WithLabelValues(reportedVerb, requestInfo.APIGroup, requestInfo.APIVersion, requestInfo.Resource, requestInfo.Subresource, scope, component) - } else { - g = longRunningRequestsGauge.WithContext(req.Context()).WithLabelValues(reportedVerb, "", "", "", requestInfo.Path, scope, component) - } - g.Inc() - defer g.Dec() - fn() -} - -// MonitorRequest handles standard transformations for client and the reported verb and then invokes Monitor to record -// a request. verb must be uppercase to be backwards compatible with existing monitoring tooling. -func MonitorRequest(req *http.Request, verb, group, version, resource, subresource, scope, component string, deprecated bool, removedRelease string, httpCode, respSize int, elapsed time.Duration) { - // We don't use verb from <requestInfo>, as this may be propagated from - // InstrumentRouteFunc which is registered in installer.go with predefined - // list of verbs (different than those translated to RequestInfo). - // However, we need to tweak it e.g. to differentiate GET from LIST. - reportedVerb := cleanVerb(CanonicalVerb(strings.ToUpper(req.Method), scope), verb, req) - - dryRun := cleanDryRun(req.URL) - elapsedSeconds := elapsed.Seconds() - - systemClient := "" - if uas := strings.SplitN(req.UserAgent(), "/", 2); len(uas) > 1 { - switch uas[0] { - case "kube-apiserver": - apiSelfRequestCounter.WithContext(req.Context()).WithLabelValues(reportedVerb, resource, subresource).Inc() - fallthrough - case "kube-controller-manager", "kube-scheduler", "cluster-policy-controller": - systemClient = uas[0] - } - } - requestCounter.WithContext(req.Context()).WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, codeToString(httpCode), systemClient).Inc() - - if deprecated { - deprecatedRequestGauge.WithContext(req.Context()).WithLabelValues(group, version, resource, subresource, removedRelease).Set(1) - audit.AddAuditAnnotation(req.Context(), deprecatedAnnotationKey, "true") - if len(removedRelease) > 0 { - audit.AddAuditAnnotation(req.Context(), removedReleaseAnnotationKey, removedRelease) - } - } - requestLatencies.WithContext(req.Context()).WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component).Observe(elapsedSeconds) - fieldValidation := cleanFieldValidation(req.URL) - fieldValidationEnabled := strconv.FormatBool(utilfeature.DefaultFeatureGate.Enabled(features.ServerSideFieldValidation)) - fieldValidationRequestLatencies.WithContext(req.Context()).WithLabelValues(fieldValidation, fieldValidationEnabled) - - if wd, ok := request.LatencyTrackersFrom(req.Context()); ok { - sliLatency := elapsedSeconds - (wd.MutatingWebhookTracker.GetLatency() + wd.ValidatingWebhookTracker.GetLatency()).Seconds() - requestSloLatencies.WithContext(req.Context()).WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(sliLatency) - requestSliLatencies.WithContext(req.Context()).WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(sliLatency) - } - // We are only interested in response sizes of read requests. - if verb == "GET" || verb == "LIST" { - responseSizes.WithContext(req.Context()).WithLabelValues(reportedVerb, group, version, resource, subresource, scope, component).Observe(float64(respSize)) - } -} - -// InstrumentRouteFunc works like Prometheus' InstrumentHandlerFunc but wraps -// the go-restful RouteFunction instead of a HandlerFunc plus some Kubernetes endpoint specific information. -func InstrumentRouteFunc(verb, group, version, resource, subresource, scope, component string, deprecated bool, removedRelease string, routeFunc restful.RouteFunction) restful.RouteFunction { - return restful.RouteFunction(func(req *restful.Request, response *restful.Response) { - requestReceivedTimestamp, ok := request.ReceivedTimestampFrom(req.Request.Context()) - if !ok { - requestReceivedTimestamp = time.Now() - } - - delegate := &ResponseWriterDelegator{ResponseWriter: response.ResponseWriter} - - rw := responsewriter.WrapForHTTP1Or2(delegate) - response.ResponseWriter = rw - - routeFunc(req, response) - - MonitorRequest(req.Request, verb, group, version, resource, subresource, scope, component, deprecated, removedRelease, delegate.Status(), delegate.ContentLength(), time.Since(requestReceivedTimestamp)) - }) -} - -// InstrumentHandlerFunc works like Prometheus' InstrumentHandlerFunc but adds some Kubernetes endpoint specific information. -func InstrumentHandlerFunc(verb, group, version, resource, subresource, scope, component string, deprecated bool, removedRelease string, handler http.HandlerFunc) http.HandlerFunc { - return func(w http.ResponseWriter, req *http.Request) { - requestReceivedTimestamp, ok := request.ReceivedTimestampFrom(req.Context()) - if !ok { - requestReceivedTimestamp = time.Now() - } - - delegate := &ResponseWriterDelegator{ResponseWriter: w} - w = responsewriter.WrapForHTTP1Or2(delegate) - - handler(w, req) - - MonitorRequest(req, verb, group, version, resource, subresource, scope, component, deprecated, removedRelease, delegate.Status(), delegate.ContentLength(), time.Since(requestReceivedTimestamp)) - } -} - -// NormalizedVerb returns normalized verb -func NormalizedVerb(req *http.Request) string { - verb := req.Method - if requestInfo, ok := request.RequestInfoFrom(req.Context()); ok { - // If we can find a requestInfo, we can get a scope, and then - // we can convert GETs to LISTs when needed. - scope := CleanScope(requestInfo) - verb = CanonicalVerb(strings.ToUpper(verb), scope) - } - - // mark APPLY requests and WATCH requests correctly. - return CleanVerb(verb, req) -} - -// CleanScope returns the scope of the request. -func CleanScope(requestInfo *request.RequestInfo) string { - if requestInfo.Name != "" || requestInfo.Verb == "create" { - return "resource" - } - if requestInfo.Namespace != "" { - return "namespace" - } - if requestInfo.IsResourceRequest { - return "cluster" - } - // this is the empty scope - return "" -} - -// CanonicalVerb distinguishes LISTs from GETs (and HEADs). It assumes verb is -// UPPERCASE. -func CanonicalVerb(verb string, scope string) string { - switch verb { - case "GET", "HEAD": - if scope != "resource" && scope != "" { - return "LIST" - } - return "GET" - default: - return verb - } -} - -// CleanVerb returns a normalized verb, so that it is easy to tell WATCH from -// LIST and APPLY from PATCH. -func CleanVerb(verb string, request *http.Request) string { - reportedVerb := verb - if suggestedVerb := getVerbIfWatch(request); suggestedVerb == "WATCH" { - reportedVerb = "WATCH" - } - // normalize the legacy WATCHLIST to WATCH to ensure users aren't surprised by metrics - if verb == "WATCHLIST" { - reportedVerb = "WATCH" - } - if verb == "PATCH" && request.Header.Get("Content-Type") == string(types.ApplyPatchType) { - reportedVerb = "APPLY" - } - return reportedVerb -} - -// cleanVerb additionally ensures that unknown verbs don't clog up the metrics. -func cleanVerb(verb, suggestedVerb string, request *http.Request) string { - // CanonicalVerb (being an input for this function) doesn't handle correctly the - // deprecated path pattern for watch of: - // GET /api/{version}/watch/{resource} - // We correct it manually based on the pass verb from the installer. - var reportedVerb string - if suggestedVerb == "WATCH" || suggestedVerb == "WATCHLIST" { - reportedVerb = "WATCH" - } else { - reportedVerb = CleanVerb(verb, request) - } - if validRequestMethods.Has(reportedVerb) { - return reportedVerb - } - return OtherRequestMethod -} - -// getVerbIfWatch additionally ensures that GET or List would be transformed to WATCH -func getVerbIfWatch(req *http.Request) string { - if strings.ToUpper(req.Method) == "GET" || strings.ToUpper(req.Method) == "LIST" { - // see apimachinery/pkg/runtime/conversion.go Convert_Slice_string_To_bool - if values := req.URL.Query()["watch"]; len(values) > 0 { - if value := strings.ToLower(values[0]); value != "0" && value != "false" { - return "WATCH" - } - } - } - return "" -} - -func cleanDryRun(u *url.URL) string { - // avoid allocating when we don't see dryRun in the query - if !strings.Contains(u.RawQuery, "dryRun") { - return "" - } - dryRun := u.Query()["dryRun"] - if errs := validation.ValidateDryRun(nil, dryRun); len(errs) > 0 { - return "invalid" - } - // Since dryRun could be valid with any arbitrarily long length - // we have to dedup and sort the elements before joining them together - // TODO: this is a fairly large allocation for what it does, consider - // a sort and dedup in a single pass - return strings.Join(utilsets.NewString(dryRun...).List(), ",") -} - -func cleanFieldValidation(u *url.URL) string { - // avoid allocating when we don't see dryRun in the query - if !strings.Contains(u.RawQuery, "fieldValidation") { - return "" - } - fieldValidation := u.Query()["fieldValidation"] - if len(fieldValidation) != 1 { - return "invalid" - } - if errs := validation.ValidateFieldValidation(nil, fieldValidation[0]); len(errs) > 0 { - return "invalid" - } - return fieldValidation[0] -} - -var _ http.ResponseWriter = (*ResponseWriterDelegator)(nil) -var _ responsewriter.UserProvidedDecorator = (*ResponseWriterDelegator)(nil) - -// ResponseWriterDelegator interface wraps http.ResponseWriter to additionally record content-length, status-code, etc. -type ResponseWriterDelegator struct { - http.ResponseWriter - - status int - written int64 - wroteHeader bool -} - -func (r *ResponseWriterDelegator) Unwrap() http.ResponseWriter { - return r.ResponseWriter -} - -func (r *ResponseWriterDelegator) WriteHeader(code int) { - r.status = code - r.wroteHeader = true - r.ResponseWriter.WriteHeader(code) -} - -func (r *ResponseWriterDelegator) Write(b []byte) (int, error) { - if !r.wroteHeader { - r.WriteHeader(http.StatusOK) - } - n, err := r.ResponseWriter.Write(b) - r.written += int64(n) - return n, err -} - -func (r *ResponseWriterDelegator) Status() int { - return r.status -} - -func (r *ResponseWriterDelegator) ContentLength() int { - return int(r.written) -} - -// Small optimization over Itoa -func codeToString(s int) string { - switch s { - case 100: - return "100" - case 101: - return "101" - - case 200: - return "200" - case 201: - return "201" - case 202: - return "202" - case 203: - return "203" - case 204: - return "204" - case 205: - return "205" - case 206: - return "206" - - case 300: - return "300" - case 301: - return "301" - case 302: - return "302" - case 304: - return "304" - case 305: - return "305" - case 307: - return "307" - - case 400: - return "400" - case 401: - return "401" - case 402: - return "402" - case 403: - return "403" - case 404: - return "404" - case 405: - return "405" - case 406: - return "406" - case 407: - return "407" - case 408: - return "408" - case 409: - return "409" - case 410: - return "410" - case 411: - return "411" - case 412: - return "412" - case 413: - return "413" - case 414: - return "414" - case 415: - return "415" - case 416: - return "416" - case 417: - return "417" - case 418: - return "418" - - case 500: - return "500" - case 501: - return "501" - case 502: - return "502" - case 503: - return "503" - case 504: - return "504" - case 505: - return "505" - - case 428: - return "428" - case 429: - return "429" - case 431: - return "431" - case 511: - return "511" - - default: - return strconv.Itoa(s) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/openapi/openapi.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/openapi/openapi.go deleted file mode 100644 index e61f444399..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/openapi/openapi.go +++ /dev/null @@ -1,191 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package openapi - -import ( - "bytes" - "fmt" - "reflect" - "sort" - "strings" - "unicode" - - restful "github.com/emicklei/go-restful/v3" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/kube-openapi/pkg/util" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -var verbs = util.NewTrie([]string{"get", "log", "read", "replace", "patch", "delete", "deletecollection", "watch", "connect", "proxy", "list", "create", "patch"}) - -const ( - extensionGVK = "x-kubernetes-group-version-kind" -) - -// ToValidOperationID makes an string a valid op ID (e.g. removing punctuations and whitespaces and make it camel case) -func ToValidOperationID(s string, capitalizeFirstLetter bool) string { - var buffer bytes.Buffer - capitalize := capitalizeFirstLetter - for i, r := range s { - if unicode.IsLetter(r) || r == '_' || (i != 0 && unicode.IsDigit(r)) { - if capitalize { - buffer.WriteRune(unicode.ToUpper(r)) - capitalize = false - } else { - buffer.WriteRune(r) - } - } else { - capitalize = true - } - } - return buffer.String() -} - -// GetOperationIDAndTags returns a customize operation ID and a list of tags for kubernetes API server's OpenAPI spec to prevent duplicate IDs. -func GetOperationIDAndTags(r *restful.Route) (string, []string, error) { - op := r.Operation - path := r.Path - var tags []string - prefix, exists := verbs.GetPrefix(op) - if !exists { - return op, tags, fmt.Errorf("operation names should start with a verb. Cannot determine operation verb from %v", op) - } - op = op[len(prefix):] - parts := strings.Split(strings.Trim(path, "/"), "/") - // Assume /api is /apis/core, remove this when we actually server /api/... on /apis/core/... - if len(parts) >= 1 && parts[0] == "api" { - parts = append([]string{"apis", "core"}, parts[1:]...) - } - if len(parts) >= 2 && parts[0] == "apis" { - trimmed := strings.TrimSuffix(parts[1], ".k8s.io") - prefix = prefix + ToValidOperationID(trimmed, prefix != "") - tag := ToValidOperationID(trimmed, false) - if len(parts) > 2 { - prefix = prefix + ToValidOperationID(parts[2], prefix != "") - tag = tag + "_" + ToValidOperationID(parts[2], false) - } - tags = append(tags, tag) - } else if len(parts) >= 1 { - tags = append(tags, ToValidOperationID(parts[0], false)) - } - return prefix + ToValidOperationID(op, prefix != ""), tags, nil -} - -type groupVersionKinds []v1.GroupVersionKind - -func (s groupVersionKinds) Len() int { - return len(s) -} - -func (s groupVersionKinds) Swap(i, j int) { - s[i], s[j] = s[j], s[i] -} - -func (s groupVersionKinds) Less(i, j int) bool { - if s[i].Group == s[j].Group { - if s[i].Version == s[j].Version { - return s[i].Kind < s[j].Kind - } - return s[i].Version < s[j].Version - } - return s[i].Group < s[j].Group -} - -func (s groupVersionKinds) JSON() []interface{} { - j := []interface{}{} - for _, gvk := range s { - j = append(j, map[string]interface{}{ - "group": gvk.Group, - "version": gvk.Version, - "kind": gvk.Kind, - }) - } - return j -} - -// DefinitionNamer is the type to customize OpenAPI definition name. -type DefinitionNamer struct { - typeGroupVersionKinds map[string]groupVersionKinds -} - -func gvkConvert(gvk schema.GroupVersionKind) v1.GroupVersionKind { - return v1.GroupVersionKind{ - Group: gvk.Group, - Version: gvk.Version, - Kind: gvk.Kind, - } -} - -func friendlyName(name string) string { - nameParts := strings.Split(name, "/") - // Reverse first part. e.g., io.k8s... instead of k8s.io... - if len(nameParts) > 0 && strings.Contains(nameParts[0], ".") { - parts := strings.Split(nameParts[0], ".") - for i, j := 0, len(parts)-1; i < j; i, j = i+1, j-1 { - parts[i], parts[j] = parts[j], parts[i] - } - nameParts[0] = strings.Join(parts, ".") - } - return strings.Join(nameParts, ".") -} - -func typeName(t reflect.Type) string { - path := t.PkgPath() - if strings.Contains(path, "/vendor/") { - path = path[strings.Index(path, "/vendor/")+len("/vendor/"):] - } - return fmt.Sprintf("%s.%s", path, t.Name()) -} - -// NewDefinitionNamer constructs a new DefinitionNamer to be used to customize OpenAPI spec. -func NewDefinitionNamer(schemes ...*runtime.Scheme) *DefinitionNamer { - ret := &DefinitionNamer{ - typeGroupVersionKinds: map[string]groupVersionKinds{}, - } - for _, s := range schemes { - for gvk, rtype := range s.AllKnownTypes() { - newGVK := gvkConvert(gvk) - exists := false - for _, existingGVK := range ret.typeGroupVersionKinds[typeName(rtype)] { - if newGVK == existingGVK { - exists = true - break - } - } - if !exists { - ret.typeGroupVersionKinds[typeName(rtype)] = append(ret.typeGroupVersionKinds[typeName(rtype)], newGVK) - } - } - } - for _, gvk := range ret.typeGroupVersionKinds { - sort.Sort(gvk) - } - return ret -} - -// GetDefinitionName returns the name and tags for a given definition -func (d *DefinitionNamer) GetDefinitionName(name string) (string, spec.Extensions) { - if groupVersionKinds, ok := d.typeGroupVersionKinds[name]; ok { - return friendlyName(name), spec.Extensions{ - extensionGVK: groupVersionKinds.JSON(), - } - } - return friendlyName(name), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/OWNERS deleted file mode 100644 index 87c80edbbb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - sttts diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/context.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/context.go deleted file mode 100644 index 8f4e60f549..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/context.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/authentication/user" -) - -// The key type is unexported to prevent collisions -type key int - -const ( - // namespaceKey is the context key for the request namespace. - namespaceKey key = iota - - // userKey is the context key for the request user. - userKey -) - -// NewContext instantiates a base context object for request flows. -func NewContext() context.Context { - return context.TODO() -} - -// NewDefaultContext instantiates a base context object for request flows in the default namespace -func NewDefaultContext() context.Context { - return WithNamespace(NewContext(), metav1.NamespaceDefault) -} - -// WithValue returns a copy of parent in which the value associated with key is val. -func WithValue(parent context.Context, key interface{}, val interface{}) context.Context { - return context.WithValue(parent, key, val) -} - -// WithNamespace returns a copy of parent in which the namespace value is set -func WithNamespace(parent context.Context, namespace string) context.Context { - return WithValue(parent, namespaceKey, namespace) -} - -// NamespaceFrom returns the value of the namespace key on the ctx -func NamespaceFrom(ctx context.Context) (string, bool) { - namespace, ok := ctx.Value(namespaceKey).(string) - return namespace, ok -} - -// NamespaceValue returns the value of the namespace key on the ctx, or the empty string if none -func NamespaceValue(ctx context.Context) string { - namespace, _ := NamespaceFrom(ctx) - return namespace -} - -// WithUser returns a copy of parent in which the user value is set -func WithUser(parent context.Context, user user.Info) context.Context { - return WithValue(parent, userKey, user) -} - -// UserFrom returns the value of the user key on the ctx -func UserFrom(ctx context.Context) (user.Info, bool) { - user, ok := ctx.Value(userKey).(user.Info) - return user, ok -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/doc.go deleted file mode 100644 index 96da6f2b9c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package request contains everything around extracting info from -// a http request object. -// TODO: this package is temporary. Handlers must move into pkg/apiserver/handlers to avoid dependency cycle -package request // import "k8s.io/apiserver/pkg/endpoints/request" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/received_time.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/received_time.go deleted file mode 100644 index 7d58cf3ad9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/received_time.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "context" - "time" -) - -type requestReceivedTimestampKeyType int - -// requestReceivedTimestampKey is the ReceivedTimestamp (the time the request reached the apiserver) -// key for the context. -const requestReceivedTimestampKey requestReceivedTimestampKeyType = iota - -// WithReceivedTimestamp returns a copy of parent context in which the ReceivedTimestamp -// (the time the request reached the apiserver) is set. -// -// If the specified ReceivedTimestamp is zero, no value is set and the parent context is returned as is. -func WithReceivedTimestamp(parent context.Context, receivedTimestamp time.Time) context.Context { - if receivedTimestamp.IsZero() { - return parent - } - return WithValue(parent, requestReceivedTimestampKey, receivedTimestamp) -} - -// ReceivedTimestampFrom returns the value of the ReceivedTimestamp key from the specified context. -func ReceivedTimestampFrom(ctx context.Context) (time.Time, bool) { - info, ok := ctx.Value(requestReceivedTimestampKey).(time.Time) - return info, ok -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/requestinfo.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/requestinfo.go deleted file mode 100644 index 2bc00a66e7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/requestinfo.go +++ /dev/null @@ -1,274 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "context" - "fmt" - "net/http" - "strings" - - "k8s.io/apimachinery/pkg/api/validation/path" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metainternalversionscheme "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - - "k8s.io/klog/v2" -) - -// LongRunningRequestCheck is a predicate which is true for long-running http requests. -type LongRunningRequestCheck func(r *http.Request, requestInfo *RequestInfo) bool - -type RequestInfoResolver interface { - NewRequestInfo(req *http.Request) (*RequestInfo, error) -} - -// RequestInfo holds information parsed from the http.Request -type RequestInfo struct { - // IsResourceRequest indicates whether or not the request is for an API resource or subresource - IsResourceRequest bool - // Path is the URL path of the request - Path string - // Verb is the kube verb associated with the request for API requests, not the http verb. This includes things like list and watch. - // for non-resource requests, this is the lowercase http verb - Verb string - - APIPrefix string - APIGroup string - APIVersion string - Namespace string - // Resource is the name of the resource being requested. This is not the kind. For example: pods - Resource string - // Subresource is the name of the subresource being requested. This is a different resource, scoped to the parent resource, but it may have a different kind. - // For instance, /pods has the resource "pods" and the kind "Pod", while /pods/foo/status has the resource "pods", the sub resource "status", and the kind "Pod" - // (because status operates on pods). The binding resource for a pod though may be /pods/foo/binding, which has resource "pods", subresource "binding", and kind "Binding". - Subresource string - // Name is empty for some verbs, but if the request directly indicates a name (not in body content) then this field is filled in. - Name string - // Parts are the path parts for the request, always starting with /{resource}/{name} - Parts []string -} - -// specialVerbs contains just strings which are used in REST paths for special actions that don't fall under the normal -// CRUDdy GET/POST/PUT/DELETE actions on REST objects. -// TODO: find a way to keep this up to date automatically. Maybe dynamically populate list as handlers added to -// master's Mux. -var specialVerbs = sets.NewString("proxy", "watch") - -// specialVerbsNoSubresources contains root verbs which do not allow subresources -var specialVerbsNoSubresources = sets.NewString("proxy") - -// namespaceSubresources contains subresources of namespace -// this list allows the parser to distinguish between a namespace subresource, and a namespaced resource -var namespaceSubresources = sets.NewString("status", "finalize") - -// NamespaceSubResourcesForTest exports namespaceSubresources for testing in pkg/controlplane/master_test.go, so we never drift -var NamespaceSubResourcesForTest = sets.NewString(namespaceSubresources.List()...) - -type RequestInfoFactory struct { - APIPrefixes sets.String // without leading and trailing slashes - GrouplessAPIPrefixes sets.String // without leading and trailing slashes -} - -// TODO write an integration test against the swagger doc to test the RequestInfo and match up behavior to responses -// NewRequestInfo returns the information from the http request. If error is not nil, RequestInfo holds the information as best it is known before the failure -// It handles both resource and non-resource requests and fills in all the pertinent information for each. -// Valid Inputs: -// Resource paths -// /apis/{api-group}/{version}/namespaces -// /api/{version}/namespaces -// /api/{version}/namespaces/{namespace} -// /api/{version}/namespaces/{namespace}/{resource} -// /api/{version}/namespaces/{namespace}/{resource}/{resourceName} -// /api/{version}/{resource} -// /api/{version}/{resource}/{resourceName} -// -// Special verbs without subresources: -// /api/{version}/proxy/{resource}/{resourceName} -// /api/{version}/proxy/namespaces/{namespace}/{resource}/{resourceName} -// -// Special verbs with subresources: -// /api/{version}/watch/{resource} -// /api/{version}/watch/namespaces/{namespace}/{resource} -// -// NonResource paths -// /apis/{api-group}/{version} -// /apis/{api-group} -// /apis -// /api/{version} -// /api -// /healthz -// / -func (r *RequestInfoFactory) NewRequestInfo(req *http.Request) (*RequestInfo, error) { - // start with a non-resource request until proven otherwise - requestInfo := RequestInfo{ - IsResourceRequest: false, - Path: req.URL.Path, - Verb: strings.ToLower(req.Method), - } - - currentParts := splitPath(req.URL.Path) - if len(currentParts) < 3 { - // return a non-resource request - return &requestInfo, nil - } - - if !r.APIPrefixes.Has(currentParts[0]) { - // return a non-resource request - return &requestInfo, nil - } - requestInfo.APIPrefix = currentParts[0] - currentParts = currentParts[1:] - - if !r.GrouplessAPIPrefixes.Has(requestInfo.APIPrefix) { - // one part (APIPrefix) has already been consumed, so this is actually "do we have four parts?" - if len(currentParts) < 3 { - // return a non-resource request - return &requestInfo, nil - } - - requestInfo.APIGroup = currentParts[0] - currentParts = currentParts[1:] - } - - requestInfo.IsResourceRequest = true - requestInfo.APIVersion = currentParts[0] - currentParts = currentParts[1:] - - // handle input of form /{specialVerb}/* - if specialVerbs.Has(currentParts[0]) { - if len(currentParts) < 2 { - return &requestInfo, fmt.Errorf("unable to determine kind and namespace from url, %v", req.URL) - } - - requestInfo.Verb = currentParts[0] - currentParts = currentParts[1:] - - } else { - switch req.Method { - case "POST": - requestInfo.Verb = "create" - case "GET", "HEAD": - requestInfo.Verb = "get" - case "PUT": - requestInfo.Verb = "update" - case "PATCH": - requestInfo.Verb = "patch" - case "DELETE": - requestInfo.Verb = "delete" - default: - requestInfo.Verb = "" - } - } - - // URL forms: /namespaces/{namespace}/{kind}/*, where parts are adjusted to be relative to kind - if currentParts[0] == "namespaces" { - if len(currentParts) > 1 { - requestInfo.Namespace = currentParts[1] - - // if there is another step after the namespace name and it is not a known namespace subresource - // move currentParts to include it as a resource in its own right - if len(currentParts) > 2 && !namespaceSubresources.Has(currentParts[2]) { - currentParts = currentParts[2:] - } - } - } else { - requestInfo.Namespace = metav1.NamespaceNone - } - - // parsing successful, so we now know the proper value for .Parts - requestInfo.Parts = currentParts - - // parts look like: resource/resourceName/subresource/other/stuff/we/don't/interpret - switch { - case len(requestInfo.Parts) >= 3 && !specialVerbsNoSubresources.Has(requestInfo.Verb): - requestInfo.Subresource = requestInfo.Parts[2] - fallthrough - case len(requestInfo.Parts) >= 2: - requestInfo.Name = requestInfo.Parts[1] - fallthrough - case len(requestInfo.Parts) >= 1: - requestInfo.Resource = requestInfo.Parts[0] - } - - // if there's no name on the request and we thought it was a get before, then the actual verb is a list or a watch - if len(requestInfo.Name) == 0 && requestInfo.Verb == "get" { - opts := metainternalversion.ListOptions{} - if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), metav1.SchemeGroupVersion, &opts); err != nil { - // An error in parsing request will result in default to "list" and not setting "name" field. - klog.ErrorS(err, "Couldn't parse request", "Request", req.URL.Query()) - // Reset opts to not rely on partial results from parsing. - // However, if watch is set, let's report it. - opts = metainternalversion.ListOptions{} - if values := req.URL.Query()["watch"]; len(values) > 0 { - switch strings.ToLower(values[0]) { - case "false", "0": - default: - opts.Watch = true - } - } - } - - if opts.Watch { - requestInfo.Verb = "watch" - } else { - requestInfo.Verb = "list" - } - - if opts.FieldSelector != nil { - if name, ok := opts.FieldSelector.RequiresExactMatch("metadata.name"); ok { - if len(path.IsValidPathSegmentName(name)) == 0 { - requestInfo.Name = name - } - } - } - } - // if there's no name on the request and we thought it was a delete before, then the actual verb is deletecollection - if len(requestInfo.Name) == 0 && requestInfo.Verb == "delete" { - requestInfo.Verb = "deletecollection" - } - - return &requestInfo, nil -} - -type requestInfoKeyType int - -// requestInfoKey is the RequestInfo key for the context. It's of private type here. Because -// keys are interfaces and interfaces are equal when the type and the value is equal, this -// does not conflict with the keys defined in pkg/api. -const requestInfoKey requestInfoKeyType = iota - -// WithRequestInfo returns a copy of parent in which the request info value is set -func WithRequestInfo(parent context.Context, info *RequestInfo) context.Context { - return WithValue(parent, requestInfoKey, info) -} - -// RequestInfoFrom returns the value of the RequestInfo key on the ctx -func RequestInfoFrom(ctx context.Context) (*RequestInfo, bool) { - info, ok := ctx.Value(requestInfoKey).(*RequestInfo) - return info, ok -} - -// splitPath returns the segments for a URL path. -func splitPath(path string) []string { - path = strings.Trim(path, "/") - if path == "" { - return []string{} - } - return strings.Split(path, "/") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/webhook_duration.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/webhook_duration.go deleted file mode 100644 index 120bc46bf8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/request/webhook_duration.go +++ /dev/null @@ -1,272 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "context" - "sync" - "time" - - "k8s.io/utils/clock" -) - -func sumDuration(d1 time.Duration, d2 time.Duration) time.Duration { - return d1 + d2 -} - -func maxDuration(d1 time.Duration, d2 time.Duration) time.Duration { - if d1 > d2 { - return d1 - } - return d2 -} - -// DurationTracker is a simple interface for tracking functions duration, -// it is safe for concurrent use by multiple goroutines. -type DurationTracker interface { - // Track measures time spent in the given function f and - // aggregates measured duration using aggregateFunction. - // if Track is invoked with f from multiple goroutines concurrently, - // then f must be safe to be invoked concurrently by multiple goroutines. - Track(f func()) - - // TrackDuration tracks latency from the specified duration - // and aggregate it using aggregateFunction - TrackDuration(time.Duration) - - // GetLatency returns the total latency incurred so far - GetLatency() time.Duration -} - -// durationTracker implements DurationTracker by measuring function time -// using given clock and aggregates the duration using given aggregate function -type durationTracker struct { - clock clock.Clock - latency time.Duration - mu sync.Mutex - aggregateFunction func(time.Duration, time.Duration) time.Duration -} - -// Track measures time spent in given function and aggregates measured -// duration using aggregateFunction -func (t *durationTracker) Track(f func()) { - startedAt := t.clock.Now() - defer func() { - duration := t.clock.Since(startedAt) - t.mu.Lock() - defer t.mu.Unlock() - t.latency = t.aggregateFunction(t.latency, duration) - }() - - f() -} - -// TrackDuration tracks latency from the given duration -// using aggregateFunction -func (t *durationTracker) TrackDuration(d time.Duration) { - t.mu.Lock() - defer t.mu.Unlock() - t.latency = t.aggregateFunction(t.latency, d) -} - -// GetLatency returns aggregated latency tracked by a tracker -func (t *durationTracker) GetLatency() time.Duration { - t.mu.Lock() - defer t.mu.Unlock() - return t.latency -} - -func newSumLatencyTracker(c clock.Clock) DurationTracker { - return &durationTracker{ - clock: c, - aggregateFunction: sumDuration, - } -} - -func newMaxLatencyTracker(c clock.Clock) DurationTracker { - return &durationTracker{ - clock: c, - aggregateFunction: maxDuration, - } -} - -// LatencyTrackers stores trackers used to measure latecny incurred in -// components within the apiserver. -type LatencyTrackers struct { - // MutatingWebhookTracker tracks the latency incurred in mutating webhook(s). - // Since mutating webhooks are done sequentially, latency - // is aggregated using sum function. - MutatingWebhookTracker DurationTracker - - // ValidatingWebhookTracker tracks the latency incurred in validating webhook(s). - // Validate webhooks are done in parallel, so max function is used. - ValidatingWebhookTracker DurationTracker - - // StorageTracker tracks the latency incurred inside the storage layer, - // it accounts for the time it takes to send data to the underlying - // storage layer (etcd) and get the complete response back. - // If a request involves N (N>=1) round trips to the underlying - // stogare layer, the latency will account for the total duration - // from these N round trips. - // It does not include the time incurred in admission, or validation. - StorageTracker DurationTracker - - // TransformTracker tracks the latency incurred in transforming the - // response object(s) returned from the underlying storage layer. - // This includes transforming the object to user's desired form - // (ie. as Table), and also setting appropriate API level fields. - // This does not include the latency incurred in serialization - // (json or protobuf) of the response object or writing - // of it to the http ResponseWriter object. - TransformTracker DurationTracker - - // SerializationTracker tracks the latency incurred in serialization - // (json or protobuf) of the response object. - // NOTE: serialization and writing of the serialized raw bytes to the - // associated http ResponseWriter object are interleaved, and hence - // the latency measured here will include the time spent writing the - // serialized raw bytes to the http ResponseWriter object. - SerializationTracker DurationTracker - - // ResponseWriteTracker tracks the latency incurred in writing the - // serialized raw bytes to the http ResponseWriter object (via the - // Write method) associated with the request. - // The Write method can be invoked multiple times, so we use a - // latency tracker that sums up the duration from each call. - ResponseWriteTracker DurationTracker -} - -type latencyTrackersKeyType int - -// latencyTrackersKey is the key that associates a LatencyTrackers -// instance with the request context. -const latencyTrackersKey latencyTrackersKeyType = iota - -// WithLatencyTrackers returns a copy of parent context to which an -// instance of LatencyTrackers is added. -func WithLatencyTrackers(parent context.Context) context.Context { - return WithLatencyTrackersAndCustomClock(parent, clock.RealClock{}) -} - -// WithLatencyTrackersAndCustomClock returns a copy of parent context to which -// an instance of LatencyTrackers is added. Tracers use given clock. -func WithLatencyTrackersAndCustomClock(parent context.Context, c clock.Clock) context.Context { - return WithValue(parent, latencyTrackersKey, &LatencyTrackers{ - MutatingWebhookTracker: newSumLatencyTracker(c), - ValidatingWebhookTracker: newMaxLatencyTracker(c), - StorageTracker: newSumLatencyTracker(c), - TransformTracker: newSumLatencyTracker(c), - SerializationTracker: newSumLatencyTracker(c), - ResponseWriteTracker: newSumLatencyTracker(c), - }) -} - -// LatencyTrackersFrom returns the associated LatencyTrackers instance -// from the specified context. -func LatencyTrackersFrom(ctx context.Context) (*LatencyTrackers, bool) { - wd, ok := ctx.Value(latencyTrackersKey).(*LatencyTrackers) - return wd, ok && wd != nil -} - -// TrackTransformResponseObjectLatency is used to track latency incurred -// inside the function that takes an object returned from the underlying -// storage layer (etcd) and performs any necessary transformations -// of the response object. This does not include the latency incurred in -// serialization (json or protobuf) of the response object or writing of -// it to the http ResponseWriter object. -// When called multiple times, the latency incurred inside the -// transform func each time will be summed up. -func TrackTransformResponseObjectLatency(ctx context.Context, transform func()) { - if tracker, ok := LatencyTrackersFrom(ctx); ok { - tracker.TransformTracker.Track(transform) - return - } - - transform() -} - -// TrackStorageLatency is used to track latency incurred -// inside the underlying storage layer. -// When called multiple times, the latency provided will be summed up. -func TrackStorageLatency(ctx context.Context, d time.Duration) { - if tracker, ok := LatencyTrackersFrom(ctx); ok { - tracker.StorageTracker.TrackDuration(d) - } -} - -// TrackSerializeResponseObjectLatency is used to track latency incurred in -// serialization (json or protobuf) of the response object. -// When called multiple times, the latency provided will be summed up. -func TrackSerializeResponseObjectLatency(ctx context.Context, f func()) { - if tracker, ok := LatencyTrackersFrom(ctx); ok { - tracker.SerializationTracker.Track(f) - return - } - - f() -} - -// TrackResponseWriteLatency is used to track latency incurred in writing -// the serialized raw bytes to the http ResponseWriter object (via the -// Write method) associated with the request. -// When called multiple times, the latency provided will be summed up. -func TrackResponseWriteLatency(ctx context.Context, d time.Duration) { - if tracker, ok := LatencyTrackersFrom(ctx); ok { - tracker.ResponseWriteTracker.TrackDuration(d) - } -} - -// AuditAnnotationsFromLatencyTrackers will inspect each latency tracker -// associated with the request context and return a set of audit -// annotations that can be added to the API audit entry. -func AuditAnnotationsFromLatencyTrackers(ctx context.Context) map[string]string { - const ( - transformLatencyKey = "apiserver.latency.k8s.io/transform-response-object" - storageLatencyKey = "apiserver.latency.k8s.io/etcd" - serializationLatencyKey = "apiserver.latency.k8s.io/serialize-response-object" - responseWriteLatencyKey = "apiserver.latency.k8s.io/response-write" - mutatingWebhookLatencyKey = "apiserver.latency.k8s.io/mutating-webhook" - validatingWebhookLatencyKey = "apiserver.latency.k8s.io/validating-webhook" - ) - - tracker, ok := LatencyTrackersFrom(ctx) - if !ok { - return nil - } - - annotations := map[string]string{} - if latency := tracker.TransformTracker.GetLatency(); latency != 0 { - annotations[transformLatencyKey] = latency.String() - } - if latency := tracker.StorageTracker.GetLatency(); latency != 0 { - annotations[storageLatencyKey] = latency.String() - } - if latency := tracker.SerializationTracker.GetLatency(); latency != 0 { - annotations[serializationLatencyKey] = latency.String() - } - if latency := tracker.ResponseWriteTracker.GetLatency(); latency != 0 { - annotations[responseWriteLatencyKey] = latency.String() - } - if latency := tracker.MutatingWebhookTracker.GetLatency(); latency != 0 { - annotations[mutatingWebhookLatencyKey] = latency.String() - } - if latency := tracker.ValidatingWebhookTracker.GetLatency(); latency != 0 { - annotations[validatingWebhookLatencyKey] = latency.String() - } - - return annotations -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/responsewriter/fake.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/responsewriter/fake.go deleted file mode 100644 index 3a8fe7a6a8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/responsewriter/fake.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package responsewriter - -import ( - "bufio" - "net" - "net/http" -) - -var _ http.ResponseWriter = &FakeResponseWriter{} - -// FakeResponseWriter implements http.ResponseWriter, -// it is used for testing purpose only -type FakeResponseWriter struct{} - -func (fw *FakeResponseWriter) Header() http.Header { return http.Header{} } -func (fw *FakeResponseWriter) WriteHeader(code int) {} -func (fw *FakeResponseWriter) Write(bs []byte) (int, error) { return len(bs), nil } - -// For HTTP2 an http.ResponseWriter object implements -// http.Flusher and http.CloseNotifier. -// It is used for testing purpose only -type FakeResponseWriterFlusherCloseNotifier struct { - *FakeResponseWriter -} - -func (fw *FakeResponseWriterFlusherCloseNotifier) Flush() {} -func (fw *FakeResponseWriterFlusherCloseNotifier) CloseNotify() <-chan bool { return nil } - -// For HTTP/1.x an http.ResponseWriter object implements -// http.Flusher, http.CloseNotifier and http.Hijacker. -// It is used for testing purpose only -type FakeResponseWriterFlusherCloseNotifierHijacker struct { - *FakeResponseWriterFlusherCloseNotifier -} - -func (fw *FakeResponseWriterFlusherCloseNotifierHijacker) Hijack() (net.Conn, *bufio.ReadWriter, error) { - return nil, nil, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/responsewriter/wrapper.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/responsewriter/wrapper.go deleted file mode 100644 index 893dfa2812..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/responsewriter/wrapper.go +++ /dev/null @@ -1,180 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package responsewriter - -import ( - "bufio" - "net" - "net/http" -) - -// UserProvidedDecorator represensts a user (client that uses this package) -// provided decorator that wraps an inner http.ResponseWriter object. -// The user-provided decorator object must return the inner (decorated) -// http.ResponseWriter object via the Unwrap function. -type UserProvidedDecorator interface { - http.ResponseWriter - - // Unwrap returns the inner http.ResponseWriter object associated - // with the user-provided decorator. - Unwrap() http.ResponseWriter -} - -// WrapForHTTP1Or2 accepts a user-provided decorator of an "inner" http.responseWriter -// object and potentially wraps the user-provided decorator with a new http.ResponseWriter -// object that implements http.CloseNotifier, http.Flusher, and/or http.Hijacker by -// delegating to the user-provided decorator (if it implements the relevant method) or -// the inner http.ResponseWriter (otherwise), so that the returned http.ResponseWriter -// object implements the same subset of those interfaces as the inner http.ResponseWriter. -// -// This function handles the following three casses. -// - The inner ResponseWriter implements `http.CloseNotifier`, `http.Flusher`, -// and `http.Hijacker` (an HTTP/1.1 sever provides such a ResponseWriter). -// - The inner ResponseWriter implements `http.CloseNotifier` and `http.Flusher` -// but not `http.Hijacker` (an HTTP/2 server provides such a ResponseWriter). -// - All the other cases collapse to this one, in which the given ResponseWriter is returned. -// -// There are three applicable terms: -// - "outer": this is the ResponseWriter object returned by the WrapForHTTP1Or2 function. -// - "user-provided decorator" or "middle": this is the user-provided decorator -// that decorates an inner ResponseWriter object. A user-provided decorator -// implements the UserProvidedDecorator interface. A user-provided decorator -// may or may not implement http.CloseNotifier, http.Flusher or http.Hijacker. -// - "inner": the ResponseWriter that the user-provided decorator extends. -func WrapForHTTP1Or2(decorator UserProvidedDecorator) http.ResponseWriter { - // from go net/http documentation: - // The default HTTP/1.x and HTTP/2 ResponseWriter implementations support Flusher - // Handlers should always test for this ability at runtime. - // - // The Hijacker interface is implemented by ResponseWriters that allow an HTTP handler - // to take over the connection. - // The default ResponseWriter for HTTP/1.x connections supports Hijacker, but HTTP/2 connections - // intentionally do not. ResponseWriter wrappers may also not support Hijacker. - // Handlers should always test for this ability at runtime - // - // The CloseNotifier interface is implemented by ResponseWriters which allow detecting - // when the underlying connection has gone away. - // Deprecated: the CloseNotifier interface predates Go's context package. - // New code should use Request.Context instead. - inner := decorator.Unwrap() - if innerNotifierFlusher, ok := inner.(CloseNotifierFlusher); ok { - // for HTTP/2 request, the default ResponseWriter object (http2responseWriter) - // implements Flusher and CloseNotifier. - outerHTTP2 := outerWithCloseNotifyAndFlush{ - UserProvidedDecorator: decorator, - InnerCloseNotifierFlusher: innerNotifierFlusher, - } - - if innerHijacker, hijackable := inner.(http.Hijacker); hijackable { - // for HTTP/1.x request the default implementation of ResponseWriter - // also implement CloseNotifier, Flusher and Hijacker - return &outerWithCloseNotifyFlushAndHijack{ - outerWithCloseNotifyAndFlush: outerHTTP2, - InnerHijacker: innerHijacker, - } - } - - return outerHTTP2 - } - - // we should never be here for either http/1.x or http2 request - return decorator -} - -// CloseNotifierFlusher is a combination of http.CloseNotifier and http.Flusher -// This applies to both http/1.x and http2 requests. -type CloseNotifierFlusher interface { - http.CloseNotifier - http.Flusher -} - -// GetOriginal goes through the chain of wrapped http.ResponseWriter objects -// and returns the original http.ResponseWriter object provided to the first -// request handler in the filter chain. -func GetOriginal(w http.ResponseWriter) http.ResponseWriter { - decorator, ok := w.(UserProvidedDecorator) - if !ok { - return w - } - - inner := decorator.Unwrap() - if inner == w { - // infinite cycle here, we should never be here though. - panic("http.ResponseWriter decorator chain has a cycle") - } - - return GetOriginal(inner) -} - -//nolint:staticcheck // SA1019 -var _ http.CloseNotifier = outerWithCloseNotifyAndFlush{} -var _ http.Flusher = outerWithCloseNotifyAndFlush{} -var _ http.ResponseWriter = outerWithCloseNotifyAndFlush{} -var _ UserProvidedDecorator = outerWithCloseNotifyAndFlush{} - -// outerWithCloseNotifyAndFlush is the outer object that extends the -// user provied decorator with http.CloseNotifier and http.Flusher only. -type outerWithCloseNotifyAndFlush struct { - // UserProvidedDecorator is the user-provided object, it decorates - // an inner ResponseWriter object. - UserProvidedDecorator - - // http.CloseNotifier and http.Flusher for the inner object - InnerCloseNotifierFlusher CloseNotifierFlusher -} - -func (wr outerWithCloseNotifyAndFlush) CloseNotify() <-chan bool { - if notifier, ok := wr.UserProvidedDecorator.(http.CloseNotifier); ok { - return notifier.CloseNotify() - } - - return wr.InnerCloseNotifierFlusher.CloseNotify() -} - -func (wr outerWithCloseNotifyAndFlush) Flush() { - if flusher, ok := wr.UserProvidedDecorator.(http.Flusher); ok { - flusher.Flush() - return - } - - wr.InnerCloseNotifierFlusher.Flush() -} - -//lint:file-ignore SA1019 Keep supporting deprecated http.CloseNotifier -var _ http.CloseNotifier = outerWithCloseNotifyFlushAndHijack{} -var _ http.Flusher = outerWithCloseNotifyFlushAndHijack{} -var _ http.Hijacker = outerWithCloseNotifyFlushAndHijack{} -var _ http.ResponseWriter = outerWithCloseNotifyFlushAndHijack{} -var _ UserProvidedDecorator = outerWithCloseNotifyFlushAndHijack{} - -// outerWithCloseNotifyFlushAndHijack is the outer object that extends the -// user-provided decorator with http.CloseNotifier, http.Flusher and http.Hijacker. -// This applies to http/1.x requests only. -type outerWithCloseNotifyFlushAndHijack struct { - outerWithCloseNotifyAndFlush - - // http.Hijacker for the inner object - InnerHijacker http.Hijacker -} - -func (wr outerWithCloseNotifyFlushAndHijack) Hijack() (net.Conn, *bufio.ReadWriter, error) { - if hijacker, ok := wr.UserProvidedDecorator.(http.Hijacker); ok { - return hijacker.Hijack() - } - - return wr.InnerHijacker.Hijack() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/warning/warning.go b/etcd/vendor/k8s.io/apiserver/pkg/endpoints/warning/warning.go deleted file mode 100644 index 512fa5defc..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/endpoints/warning/warning.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package warning - -import ( - restful "github.com/emicklei/go-restful/v3" - - "k8s.io/apiserver/pkg/warning" -) - -// AddWarningsHandler returns a handler that adds the provided warnings to all requests, -// then delegates to the provided handler. -func AddWarningsHandler(handler restful.RouteFunction, warnings []string) restful.RouteFunction { - if len(warnings) == 0 { - return handler - } - - return func(req *restful.Request, res *restful.Response) { - ctx := req.Request.Context() - for _, msg := range warnings { - warning.AddWarning(ctx, "", msg) - } - handler(req, res) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/features/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/features/OWNERS deleted file mode 100644 index 3e1dd9f081..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/features/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - feature-approvers diff --git a/etcd/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/etcd/vendor/k8s.io/apiserver/pkg/features/kube_features.go deleted file mode 100644 index aa903587d8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/features/kube_features.go +++ /dev/null @@ -1,252 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package features - -import ( - "k8s.io/apimachinery/pkg/util/runtime" - - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/component-base/featuregate" -) - -const ( - // Every feature gate should add method here following this template: - // - // // owner: @username - // // alpha: v1.4 - // MyFeature featuregate.Feature = "MyFeature" - // - // Feature gates should be listed in alphabetical, case-sensitive - // (upper before any lower case character) order. This reduces the risk - // of code conflicts because changes are more likely to be scattered - // across the file. - - // owner: @jefftree @alexzielenski - // alpha: v1.26 - // - // Enables an single HTTP endpoint /discovery/<version> which supports native HTTP - // caching with ETags containing all APIResources known to the apiserver. - AggregatedDiscoveryEndpoint featuregate.Feature = "AggregatedDiscoveryEndpoint" - - // owner: @smarterclayton - // alpha: v1.8 - // beta: v1.9 - // - // Allow API clients to retrieve resource lists in chunks rather than - // all at once. - APIListChunking featuregate.Feature = "APIListChunking" - - // owner: @MikeSpreitzer @yue9944882 - // alpha: v1.18 - // beta: v1.20 - // - // Enables managing request concurrency with prioritization and fairness at each server. - // The FeatureGate was introduced in release 1.15 but the feature - // was not really implemented before 1.18. - APIPriorityAndFairness featuregate.Feature = "APIPriorityAndFairness" - - // owner: @ilackams - // alpha: v1.7 - // beta: v1.16 - // - // Enables compression of REST responses (GET and LIST only) - APIResponseCompression featuregate.Feature = "APIResponseCompression" - - // owner: @roycaihw - // alpha: v1.20 - // - // Assigns each kube-apiserver an ID in a cluster. - APIServerIdentity featuregate.Feature = "APIServerIdentity" - - // owner: @dashpole - // alpha: v1.22 - // - // Add support for distributed tracing in the API Server - APIServerTracing featuregate.Feature = "APIServerTracing" - - // owner: @tallclair - // alpha: v1.7 - // beta: v1.8 - // GA: v1.12 - // - // AdvancedAuditing enables a much more general API auditing pipeline, which includes support for - // pluggable output backends and an audit policy specifying how different requests should be - // audited. - AdvancedAuditing featuregate.Feature = "AdvancedAuditing" - - // owner: @cici37 @jpbetz - // kep: http://kep.k8s.io/3488 - // alpha: v1.26 - // - // Enables expression validation in Admission Control - ValidatingAdmissionPolicy featuregate.Feature = "ValidatingAdmissionPolicy" - - // owner: @cici37 - // kep: https://kep.k8s.io/2876 - // alpha: v1.23 - // beta: v1.25 - // - // Enables expression validation for Custom Resource - CustomResourceValidationExpressions featuregate.Feature = "CustomResourceValidationExpressions" - - // owner: @apelisse - // alpha: v1.12 - // beta: v1.13 - // stable: v1.18 - // - // Allow requests to be processed but not stored, so that - // validation, merging, mutation can be tested without - // committing. - DryRun featuregate.Feature = "DryRun" - - // owner: @wojtek-t - // alpha: v1.20 - // beta: v1.21 - // GA: v1.24 - // - // Allows for updating watchcache resource version with progress notify events. - EfficientWatchResumption featuregate.Feature = "EfficientWatchResumption" - - // owner: @aramase - // kep: https://kep.k8s.io/3299 - // alpha: v1.25 - // - // Enables KMS v2 API for encryption at rest. - KMSv2 featuregate.Feature = "KMSv2" - - // owner: @jiahuif - // kep: https://kep.k8s.io/2887 - // alpha: v1.23 - // beta: v1.24 - // - // Enables populating "enum" field of OpenAPI schemas - // in the spec returned from kube-apiserver. - OpenAPIEnums featuregate.Feature = "OpenAPIEnums" - - // owner: @jefftree - // kep: https://kep.k8s.io/2896 - // alpha: v1.23 - // beta: v1.24 - // - // Enables kubernetes to publish OpenAPI v3 - OpenAPIV3 featuregate.Feature = "OpenAPIV3" - - // owner: @caesarxuchao - // alpha: v1.15 - // beta: v1.16 - // - // Allow apiservers to show a count of remaining items in the response - // to a chunking list request. - RemainingItemCount featuregate.Feature = "RemainingItemCount" - - // owner: @wojtek-t - // alpha: v1.16 - // beta: v1.20 - // GA: v1.24 - // - // Deprecates and removes SelfLink from ObjectMeta and ListMeta. - RemoveSelfLink featuregate.Feature = "RemoveSelfLink" - - // owner: @apelisse, @lavalamp - // alpha: v1.14 - // beta: v1.16 - // stable: v1.22 - // - // Server-side apply. Merging happens on the server. - ServerSideApply featuregate.Feature = "ServerSideApply" - - // owner: @kevindelgado - // kep: https://kep.k8s.io/2885 - // alpha: v1.23 - // beta: v1.24 - // - // Enables server-side field validation. - ServerSideFieldValidation featuregate.Feature = "ServerSideFieldValidation" - - // owner: @caesarxuchao @roycaihw - // alpha: v1.20 - // - // Enable the storage version API. - StorageVersionAPI featuregate.Feature = "StorageVersionAPI" - - // owner: @caesarxuchao - // alpha: v1.14 - // beta: v1.15 - // - // Allow apiservers to expose the storage version hash in the discovery - // document. - StorageVersionHash featuregate.Feature = "StorageVersionHash" - - // owner: @wojtek-t - // alpha: v1.15 - // beta: v1.16 - // GA: v1.17 - // - // Enables support for watch bookmark events. - WatchBookmark featuregate.Feature = "WatchBookmark" -) - -func init() { - runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates)) -} - -// defaultKubernetesFeatureGates consists of all known Kubernetes-specific feature keys. -// To add a new feature, define a key for it above and add it here. The features will be -// available throughout Kubernetes binaries. -var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - AggregatedDiscoveryEndpoint: {Default: false, PreRelease: featuregate.Alpha}, - - APIListChunking: {Default: true, PreRelease: featuregate.Beta}, - - APIPriorityAndFairness: {Default: true, PreRelease: featuregate.Beta}, - - APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, - - APIServerIdentity: {Default: true, PreRelease: featuregate.Beta}, - - APIServerTracing: {Default: false, PreRelease: featuregate.Alpha}, - - AdvancedAuditing: {Default: true, PreRelease: featuregate.GA}, - - ValidatingAdmissionPolicy: {Default: false, PreRelease: featuregate.Alpha}, - - CustomResourceValidationExpressions: {Default: true, PreRelease: featuregate.Beta}, - - DryRun: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - EfficientWatchResumption: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - KMSv2: {Default: false, PreRelease: featuregate.Alpha}, - - OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta}, - - OpenAPIV3: {Default: true, PreRelease: featuregate.Beta}, - - RemainingItemCount: {Default: true, PreRelease: featuregate.Beta}, - - RemoveSelfLink: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - ServerSideApply: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - ServerSideFieldValidation: {Default: true, PreRelease: featuregate.Beta}, - - StorageVersionAPI: {Default: false, PreRelease: featuregate.Alpha}, - - StorageVersionHash: {Default: true, PreRelease: featuregate.Beta}, - - WatchBookmark: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/OWNERS deleted file mode 100644 index 104836035a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - deads2k - - derekwaynecarr -reviewers: - - deads2k - - derekwaynecarr - - smarterclayton -labels: - - sig/api-machinery -emeritus_approvers: - - vishh diff --git a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/OWNERS deleted file mode 100644 index af1dfdbdb4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - smarterclayton - - derekwaynecarr diff --git a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/configuration.go b/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/configuration.go deleted file mode 100644 index 966c5c7c65..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/configuration.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - quota "k8s.io/apiserver/pkg/quota/v1" -) - -// implements a basic configuration -type simpleConfiguration struct { - evaluators []quota.Evaluator - ignoredResources map[schema.GroupResource]struct{} -} - -// NewConfiguration creates a quota configuration -func NewConfiguration(evaluators []quota.Evaluator, ignoredResources map[schema.GroupResource]struct{}) quota.Configuration { - return &simpleConfiguration{ - evaluators: evaluators, - ignoredResources: ignoredResources, - } -} - -func (c *simpleConfiguration) IgnoredResources() map[schema.GroupResource]struct{} { - return c.ignoredResources -} - -func (c *simpleConfiguration) Evaluators() []quota.Evaluator { - return c.evaluators -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go b/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go deleted file mode 100644 index 55b31a745a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/evaluator.go +++ /dev/null @@ -1,319 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "fmt" - "sync/atomic" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/client-go/informers" - "k8s.io/client-go/tools/cache" -) - -// InformerForResourceFunc knows how to provision an informer -type InformerForResourceFunc func(schema.GroupVersionResource) (informers.GenericInformer, error) - -// ListerFuncForResourceFunc knows how to provision a lister from an informer func. -// The lister returns errors until the informer has synced. -func ListerFuncForResourceFunc(f InformerForResourceFunc) quota.ListerForResourceFunc { - return func(gvr schema.GroupVersionResource) (cache.GenericLister, error) { - informer, err := f(gvr) - if err != nil { - return nil, err - } - return &protectedLister{ - hasSynced: cachedHasSynced(informer.Informer().HasSynced), - notReadyErr: fmt.Errorf("%v not yet synced", gvr), - delegate: informer.Lister(), - }, nil - } -} - -// cachedHasSynced returns a function that calls hasSynced() until it returns true once, then returns true -func cachedHasSynced(hasSynced func() bool) func() bool { - cache := &atomic.Bool{} - cache.Store(false) - return func() bool { - if cache.Load() { - // short-circuit if already synced - return true - } - if hasSynced() { - // remember we synced - cache.Store(true) - return true - } - return false - } -} - -// protectedLister returns notReadyError if hasSynced returns false, otherwise delegates to delegate -type protectedLister struct { - hasSynced func() bool - notReadyErr error - delegate cache.GenericLister -} - -func (p *protectedLister) List(selector labels.Selector) (ret []runtime.Object, err error) { - if !p.hasSynced() { - return nil, p.notReadyErr - } - return p.delegate.List(selector) -} -func (p *protectedLister) Get(name string) (runtime.Object, error) { - if !p.hasSynced() { - return nil, p.notReadyErr - } - return p.delegate.Get(name) -} -func (p *protectedLister) ByNamespace(namespace string) cache.GenericNamespaceLister { - return &protectedNamespaceLister{p.hasSynced, p.notReadyErr, p.delegate.ByNamespace(namespace)} -} - -// protectedNamespaceLister returns notReadyError if hasSynced returns false, otherwise delegates to delegate -type protectedNamespaceLister struct { - hasSynced func() bool - notReadyErr error - delegate cache.GenericNamespaceLister -} - -func (p *protectedNamespaceLister) List(selector labels.Selector) (ret []runtime.Object, err error) { - if !p.hasSynced() { - return nil, p.notReadyErr - } - return p.delegate.List(selector) -} -func (p *protectedNamespaceLister) Get(name string) (runtime.Object, error) { - if !p.hasSynced() { - return nil, p.notReadyErr - } - return p.delegate.Get(name) -} - -// ListResourceUsingListerFunc returns a listing function based on the shared informer factory for the specified resource. -func ListResourceUsingListerFunc(l quota.ListerForResourceFunc, resource schema.GroupVersionResource) ListFuncByNamespace { - return func(namespace string) ([]runtime.Object, error) { - lister, err := l(resource) - if err != nil { - return nil, err - } - return lister.ByNamespace(namespace).List(labels.Everything()) - } -} - -// ObjectCountQuotaResourceNameFor returns the object count quota name for specified groupResource -func ObjectCountQuotaResourceNameFor(groupResource schema.GroupResource) corev1.ResourceName { - if len(groupResource.Group) == 0 { - return corev1.ResourceName("count/" + groupResource.Resource) - } - return corev1.ResourceName("count/" + groupResource.Resource + "." + groupResource.Group) -} - -// ListFuncByNamespace knows how to list resources in a namespace -type ListFuncByNamespace func(namespace string) ([]runtime.Object, error) - -// MatchesScopeFunc knows how to evaluate if an object matches a scope -type MatchesScopeFunc func(scope corev1.ScopedResourceSelectorRequirement, object runtime.Object) (bool, error) - -// UsageFunc knows how to measure usage associated with an object -type UsageFunc func(object runtime.Object) (corev1.ResourceList, error) - -// MatchingResourceNamesFunc is a function that returns the list of resources matched -type MatchingResourceNamesFunc func(input []corev1.ResourceName) []corev1.ResourceName - -// MatchesNoScopeFunc returns false on all match checks -func MatchesNoScopeFunc(scope corev1.ScopedResourceSelectorRequirement, object runtime.Object) (bool, error) { - return false, nil -} - -// Matches returns true if the quota matches the specified item. -func Matches( - resourceQuota *corev1.ResourceQuota, item runtime.Object, - matchFunc MatchingResourceNamesFunc, scopeFunc MatchesScopeFunc) (bool, error) { - if resourceQuota == nil { - return false, fmt.Errorf("expected non-nil quota") - } - // verify the quota matches on at least one resource - matchResource := len(matchFunc(quota.ResourceNames(resourceQuota.Status.Hard))) > 0 - // by default, no scopes matches all - matchScope := true - for _, scope := range getScopeSelectorsFromQuota(resourceQuota) { - innerMatch, err := scopeFunc(scope, item) - if err != nil { - return false, err - } - matchScope = matchScope && innerMatch - } - return matchResource && matchScope, nil -} - -func getScopeSelectorsFromQuota(quota *corev1.ResourceQuota) []corev1.ScopedResourceSelectorRequirement { - selectors := []corev1.ScopedResourceSelectorRequirement{} - for _, scope := range quota.Spec.Scopes { - selectors = append(selectors, corev1.ScopedResourceSelectorRequirement{ - ScopeName: scope, - Operator: corev1.ScopeSelectorOpExists}) - } - if quota.Spec.ScopeSelector != nil { - selectors = append(selectors, quota.Spec.ScopeSelector.MatchExpressions...) - } - return selectors -} - -// CalculateUsageStats is a utility function that knows how to calculate aggregate usage. -func CalculateUsageStats(options quota.UsageStatsOptions, - listFunc ListFuncByNamespace, - scopeFunc MatchesScopeFunc, - usageFunc UsageFunc) (quota.UsageStats, error) { - // default each tracked resource to zero - result := quota.UsageStats{Used: corev1.ResourceList{}} - for _, resourceName := range options.Resources { - result.Used[resourceName] = resource.Quantity{Format: resource.DecimalSI} - } - items, err := listFunc(options.Namespace) - if err != nil { - return result, fmt.Errorf("failed to list content: %v", err) - } - for _, item := range items { - // need to verify that the item matches the set of scopes - matchesScopes := true - for _, scope := range options.Scopes { - innerMatch, err := scopeFunc(corev1.ScopedResourceSelectorRequirement{ScopeName: scope}, item) - if err != nil { - return result, nil - } - if !innerMatch { - matchesScopes = false - } - } - if options.ScopeSelector != nil { - for _, selector := range options.ScopeSelector.MatchExpressions { - innerMatch, err := scopeFunc(selector, item) - if err != nil { - return result, nil - } - matchesScopes = matchesScopes && innerMatch - } - } - // only count usage if there was a match - if matchesScopes { - usage, err := usageFunc(item) - if err != nil { - return result, err - } - result.Used = quota.Add(result.Used, usage) - } - } - return result, nil -} - -// objectCountEvaluator provides an implementation for quota.Evaluator -// that associates usage of the specified resource based on the number of items -// returned by the specified listing function. -type objectCountEvaluator struct { - // GroupResource that this evaluator tracks. - // It is used to construct a generic object count quota name - groupResource schema.GroupResource - // A function that knows how to list resources by namespace. - // TODO move to dynamic client in future - listFuncByNamespace ListFuncByNamespace - // Names associated with this resource in the quota for generic counting. - resourceNames []corev1.ResourceName -} - -// Constraints returns an error if the configured resource name is not in the required set. -func (o *objectCountEvaluator) Constraints(required []corev1.ResourceName, item runtime.Object) error { - // no-op for object counting - return nil -} - -// Handles returns true if the object count evaluator needs to track this attributes. -func (o *objectCountEvaluator) Handles(a admission.Attributes) bool { - operation := a.GetOperation() - return operation == admission.Create -} - -// Matches returns true if the evaluator matches the specified quota with the provided input item -func (o *objectCountEvaluator) Matches(resourceQuota *corev1.ResourceQuota, item runtime.Object) (bool, error) { - return Matches(resourceQuota, item, o.MatchingResources, MatchesNoScopeFunc) -} - -// MatchingResources takes the input specified list of resources and returns the set of resources it matches. -func (o *objectCountEvaluator) MatchingResources(input []corev1.ResourceName) []corev1.ResourceName { - return quota.Intersection(input, o.resourceNames) -} - -// MatchingScopes takes the input specified list of scopes and input object. Returns the set of scopes resource matches. -func (o *objectCountEvaluator) MatchingScopes(item runtime.Object, scopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - return []corev1.ScopedResourceSelectorRequirement{}, nil -} - -// UncoveredQuotaScopes takes the input matched scopes which are limited by configuration and the matched quota scopes. -// It returns the scopes which are in limited scopes but don't have a corresponding covering quota scope -func (o *objectCountEvaluator) UncoveredQuotaScopes(limitedScopes []corev1.ScopedResourceSelectorRequirement, matchedQuotaScopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - return []corev1.ScopedResourceSelectorRequirement{}, nil -} - -// Usage returns the resource usage for the specified object -func (o *objectCountEvaluator) Usage(object runtime.Object) (corev1.ResourceList, error) { - quantity := resource.NewQuantity(1, resource.DecimalSI) - resourceList := corev1.ResourceList{} - for _, resourceName := range o.resourceNames { - resourceList[resourceName] = *quantity - } - return resourceList, nil -} - -// GroupResource tracked by this evaluator -func (o *objectCountEvaluator) GroupResource() schema.GroupResource { - return o.groupResource -} - -// UsageStats calculates aggregate usage for the object. -func (o *objectCountEvaluator) UsageStats(options quota.UsageStatsOptions) (quota.UsageStats, error) { - return CalculateUsageStats(options, o.listFuncByNamespace, MatchesNoScopeFunc, o.Usage) -} - -// Verify implementation of interface at compile time. -var _ quota.Evaluator = &objectCountEvaluator{} - -// NewObjectCountEvaluator returns an evaluator that can perform generic -// object quota counting. It allows an optional alias for backwards compatibility -// purposes for the legacy object counting names in quota. Unless its supporting -// backward compatibility, alias should not be used. -func NewObjectCountEvaluator( - groupResource schema.GroupResource, listFuncByNamespace ListFuncByNamespace, - alias corev1.ResourceName) quota.Evaluator { - - resourceNames := []corev1.ResourceName{ObjectCountQuotaResourceNameFor(groupResource)} - if len(alias) > 0 { - resourceNames = append(resourceNames, alias) - } - - return &objectCountEvaluator{ - groupResource: groupResource, - listFuncByNamespace: listFuncByNamespace, - resourceNames: resourceNames, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/registry.go b/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/registry.go deleted file mode 100644 index 0c10236063..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/generic/registry.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "sync" - - "k8s.io/apimachinery/pkg/runtime/schema" - quota "k8s.io/apiserver/pkg/quota/v1" -) - -// implements a basic registry -type simpleRegistry struct { - lock sync.RWMutex - // evaluators tracked by the registry - evaluators map[schema.GroupResource]quota.Evaluator -} - -// NewRegistry creates a simple registry with initial list of evaluators -func NewRegistry(evaluators []quota.Evaluator) quota.Registry { - return &simpleRegistry{ - evaluators: evaluatorsByGroupResource(evaluators), - } -} - -func (r *simpleRegistry) Add(e quota.Evaluator) { - r.lock.Lock() - defer r.lock.Unlock() - r.evaluators[e.GroupResource()] = e -} - -func (r *simpleRegistry) Remove(e quota.Evaluator) { - r.lock.Lock() - defer r.lock.Unlock() - delete(r.evaluators, e.GroupResource()) -} - -func (r *simpleRegistry) Get(gr schema.GroupResource) quota.Evaluator { - r.lock.RLock() - defer r.lock.RUnlock() - return r.evaluators[gr] -} - -func (r *simpleRegistry) List() []quota.Evaluator { - r.lock.RLock() - defer r.lock.RUnlock() - - return evaluatorsList(r.evaluators) -} - -// evaluatorsByGroupResource converts a list of evaluators to a map by group resource. -func evaluatorsByGroupResource(items []quota.Evaluator) map[schema.GroupResource]quota.Evaluator { - result := map[schema.GroupResource]quota.Evaluator{} - for _, item := range items { - result[item.GroupResource()] = item - } - return result -} - -// evaluatorsList converts a map of evaluators to list -func evaluatorsList(input map[schema.GroupResource]quota.Evaluator) []quota.Evaluator { - var result []quota.Evaluator - for _, item := range input { - result = append(result, item) - } - return result -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/interfaces.go deleted file mode 100644 index 511e8818c7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/interfaces.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - "k8s.io/client-go/tools/cache" -) - -// UsageStatsOptions is an options structs that describes how stats should be calculated -type UsageStatsOptions struct { - // Namespace where stats should be calculate - Namespace string - // Scopes that must match counted objects - Scopes []corev1.ResourceQuotaScope - // Resources are the set of resources to include in the measurement - Resources []corev1.ResourceName - ScopeSelector *corev1.ScopeSelector -} - -// UsageStats is result of measuring observed resource use in the system -type UsageStats struct { - // Used maps resource to quantity used - Used corev1.ResourceList -} - -// Evaluator knows how to evaluate quota usage for a particular group resource -type Evaluator interface { - // Constraints ensures that each required resource is present on item - Constraints(required []corev1.ResourceName, item runtime.Object) error - // GroupResource returns the groupResource that this object knows how to evaluate - GroupResource() schema.GroupResource - // Handles determines if quota could be impacted by the specified attribute. - // If true, admission control must perform quota processing for the operation, otherwise it is safe to ignore quota. - Handles(operation admission.Attributes) bool - // Matches returns true if the specified quota matches the input item - Matches(resourceQuota *corev1.ResourceQuota, item runtime.Object) (bool, error) - // MatchingScopes takes the input specified list of scopes and input object and returns the set of scopes that matches input object. - MatchingScopes(item runtime.Object, scopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) - // UncoveredQuotaScopes takes the input matched scopes which are limited by configuration and the matched quota scopes. It returns the scopes which are in limited scopes but don't have a corresponding covering quota scope - UncoveredQuotaScopes(limitedScopes []corev1.ScopedResourceSelectorRequirement, matchedQuotaScopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) - // MatchingResources takes the input specified list of resources and returns the set of resources evaluator matches. - MatchingResources(input []corev1.ResourceName) []corev1.ResourceName - // Usage returns the resource usage for the specified object - Usage(item runtime.Object) (corev1.ResourceList, error) - // UsageStats calculates latest observed usage stats for all objects - UsageStats(options UsageStatsOptions) (UsageStats, error) -} - -// Configuration defines how the quota system is configured. -type Configuration interface { - // IgnoredResources are ignored by quota. - IgnoredResources() map[schema.GroupResource]struct{} - // Evaluators for quota evaluation. - Evaluators() []Evaluator -} - -// Registry maintains a list of evaluators -type Registry interface { - // Add to registry - Add(e Evaluator) - // Remove from registry - Remove(e Evaluator) - // Get by group resource - Get(gr schema.GroupResource) Evaluator - // List from registry - List() []Evaluator -} - -// ListerForResourceFunc knows how to get a lister for a specific resource -type ListerForResourceFunc func(schema.GroupVersionResource) (cache.GenericLister, error) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/resources.go b/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/resources.go deleted file mode 100644 index b664719209..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/quota/v1/resources.go +++ /dev/null @@ -1,304 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "sort" - "strings" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" -) - -// Equals returns true if the two lists are equivalent -func Equals(a corev1.ResourceList, b corev1.ResourceList) bool { - if len(a) != len(b) { - return false - } - - for key, value1 := range a { - value2, found := b[key] - if !found { - return false - } - if value1.Cmp(value2) != 0 { - return false - } - } - - return true -} - -// LessThanOrEqual returns true if a < b for each key in b -// If false, it returns the keys in a that exceeded b -func LessThanOrEqual(a corev1.ResourceList, b corev1.ResourceList) (bool, []corev1.ResourceName) { - result := true - resourceNames := []corev1.ResourceName{} - for key, value := range b { - if other, found := a[key]; found { - if other.Cmp(value) > 0 { - result = false - resourceNames = append(resourceNames, key) - } - } - } - return result, resourceNames -} - -// Max returns the result of Max(a, b) for each named resource -func Max(a corev1.ResourceList, b corev1.ResourceList) corev1.ResourceList { - result := corev1.ResourceList{} - for key, value := range a { - if other, found := b[key]; found { - if value.Cmp(other) <= 0 { - result[key] = other.DeepCopy() - continue - } - } - result[key] = value.DeepCopy() - } - for key, value := range b { - if _, found := result[key]; !found { - result[key] = value.DeepCopy() - } - } - return result -} - -// Add returns the result of a + b for each named resource -func Add(a corev1.ResourceList, b corev1.ResourceList) corev1.ResourceList { - result := corev1.ResourceList{} - for key, value := range a { - quantity := value.DeepCopy() - if other, found := b[key]; found { - quantity.Add(other) - } - result[key] = quantity - } - for key, value := range b { - if _, found := result[key]; !found { - result[key] = value.DeepCopy() - } - } - return result -} - -// SubtractWithNonNegativeResult - subtracts and returns result of a - b but -// makes sure we don't return negative values to prevent negative resource usage. -func SubtractWithNonNegativeResult(a corev1.ResourceList, b corev1.ResourceList) corev1.ResourceList { - zero := resource.MustParse("0") - - result := corev1.ResourceList{} - for key, value := range a { - quantity := value.DeepCopy() - if other, found := b[key]; found { - quantity.Sub(other) - } - if quantity.Cmp(zero) > 0 { - result[key] = quantity - } else { - result[key] = zero - } - } - - for key := range b { - if _, found := result[key]; !found { - result[key] = zero - } - } - return result -} - -// Subtract returns the result of a - b for each named resource -func Subtract(a corev1.ResourceList, b corev1.ResourceList) corev1.ResourceList { - result := corev1.ResourceList{} - for key, value := range a { - quantity := value.DeepCopy() - if other, found := b[key]; found { - quantity.Sub(other) - } - result[key] = quantity - } - for key, value := range b { - if _, found := result[key]; !found { - quantity := value.DeepCopy() - quantity.Neg() - result[key] = quantity - } - } - return result -} - -// Mask returns a new resource list that only has the values with the specified names -func Mask(resources corev1.ResourceList, names []corev1.ResourceName) corev1.ResourceList { - nameSet := ToSet(names) - result := corev1.ResourceList{} - for key, value := range resources { - if nameSet.Has(string(key)) { - result[key] = value.DeepCopy() - } - } - return result -} - -// ResourceNames returns a list of all resource names in the ResourceList -func ResourceNames(resources corev1.ResourceList) []corev1.ResourceName { - result := []corev1.ResourceName{} - for resourceName := range resources { - result = append(result, resourceName) - } - return result -} - -// Contains returns true if the specified item is in the list of items -func Contains(items []corev1.ResourceName, item corev1.ResourceName) bool { - for _, i := range items { - if i == item { - return true - } - } - return false -} - -// ContainsPrefix returns true if the specified item has a prefix that contained in given prefix Set -func ContainsPrefix(prefixSet []string, item corev1.ResourceName) bool { - for _, prefix := range prefixSet { - if strings.HasPrefix(string(item), prefix) { - return true - } - } - return false -} - -// Intersection returns the intersection of both list of resources, deduped and sorted -func Intersection(a []corev1.ResourceName, b []corev1.ResourceName) []corev1.ResourceName { - result := make([]corev1.ResourceName, 0, len(a)) - for _, item := range a { - if Contains(result, item) { - continue - } - if !Contains(b, item) { - continue - } - result = append(result, item) - } - sort.Slice(result, func(i, j int) bool { return result[i] < result[j] }) - return result -} - -// Difference returns the list of resources resulting from a-b, deduped and sorted -func Difference(a []corev1.ResourceName, b []corev1.ResourceName) []corev1.ResourceName { - result := make([]corev1.ResourceName, 0, len(a)) - for _, item := range a { - if Contains(b, item) || Contains(result, item) { - continue - } - result = append(result, item) - } - sort.Slice(result, func(i, j int) bool { return result[i] < result[j] }) - return result -} - -// IsZero returns true if each key maps to the quantity value 0 -func IsZero(a corev1.ResourceList) bool { - zero := resource.MustParse("0") - for _, v := range a { - if v.Cmp(zero) != 0 { - return false - } - } - return true -} - -// RemoveZeros returns a new resource list that only has no zero values -func RemoveZeros(a corev1.ResourceList) corev1.ResourceList { - result := corev1.ResourceList{} - for key, value := range a { - if !value.IsZero() { - result[key] = value - } - } - return result -} - -// IsNegative returns the set of resource names that have a negative value. -func IsNegative(a corev1.ResourceList) []corev1.ResourceName { - results := []corev1.ResourceName{} - zero := resource.MustParse("0") - for k, v := range a { - if v.Cmp(zero) < 0 { - results = append(results, k) - } - } - return results -} - -// ToSet takes a list of resource names and converts to a string set -func ToSet(resourceNames []corev1.ResourceName) sets.String { - result := sets.NewString() - for _, resourceName := range resourceNames { - result.Insert(string(resourceName)) - } - return result -} - -// CalculateUsage calculates and returns the requested ResourceList usage. -// If an error is returned, usage only contains the resources which encountered no calculation errors. -func CalculateUsage(namespaceName string, scopes []corev1.ResourceQuotaScope, hardLimits corev1.ResourceList, registry Registry, scopeSelector *corev1.ScopeSelector) (corev1.ResourceList, error) { - // find the intersection between the hard resources on the quota - // and the resources this controller can track to know what we can - // look to measure updated usage stats for - hardResources := ResourceNames(hardLimits) - potentialResources := []corev1.ResourceName{} - evaluators := registry.List() - for _, evaluator := range evaluators { - potentialResources = append(potentialResources, evaluator.MatchingResources(hardResources)...) - } - // NOTE: the intersection just removes duplicates since the evaluator match intersects with hard - matchedResources := Intersection(hardResources, potentialResources) - - errors := []error{} - - // sum the observed usage from each evaluator - newUsage := corev1.ResourceList{} - for _, evaluator := range evaluators { - // only trigger the evaluator if it matches a resource in the quota, otherwise, skip calculating anything - intersection := evaluator.MatchingResources(matchedResources) - if len(intersection) == 0 { - continue - } - - usageStatsOptions := UsageStatsOptions{Namespace: namespaceName, Scopes: scopes, Resources: intersection, ScopeSelector: scopeSelector} - stats, err := evaluator.UsageStats(usageStatsOptions) - if err != nil { - // remember the error - errors = append(errors, err) - // exclude resources which encountered calculation errors - matchedResources = Difference(matchedResources, intersection) - continue - } - newUsage = Add(newUsage, stats.Used) - } - - // mask the observed usage to only the set of resources tracked by this quota - // merge our observed usage with the quota usage status - // if the new usage is different than the last usage, we will need to do an update - newUsage = Mask(newUsage, matchedResources) - return newUsage, utilerrors.NewAggregate(errors) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/OWNERS deleted file mode 100644 index 29d730907f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/OWNERS +++ /dev/null @@ -1,19 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - yujuhong - - derekwaynecarr - - caesarxuchao - - mikedanese - - liggitt - - saad-ali - - janetkuo - - pwittrock - - ncdc - - dims - - enj diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/doc.go deleted file mode 100644 index ea79d130a7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package generic provides a generic object store interface and a -// generic label/field matching type. -package generic // import "k8s.io/apiserver/pkg/registry/generic" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/matcher.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/matcher.go deleted file mode 100644 index 4364374ef4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/matcher.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" -) - -// ObjectMetaFieldsSet returns a fields that represent the ObjectMeta. -func ObjectMetaFieldsSet(objectMeta *metav1.ObjectMeta, hasNamespaceField bool) fields.Set { - if !hasNamespaceField { - return fields.Set{ - "metadata.name": objectMeta.Name, - } - } - return fields.Set{ - "metadata.name": objectMeta.Name, - "metadata.namespace": objectMeta.Namespace, - } -} - -// AdObjectMetaField add fields that represent the ObjectMeta to source. -func AddObjectMetaFieldsSet(source fields.Set, objectMeta *metav1.ObjectMeta, hasNamespaceField bool) fields.Set { - source["metadata.name"] = objectMeta.Name - if hasNamespaceField { - source["metadata.namespace"] = objectMeta.Namespace - } - return source -} - -// MergeFieldsSets merges a fields'set from fragment into the source. -func MergeFieldsSets(source fields.Set, fragment fields.Set) fields.Set { - for k, value := range fragment { - source[k] = value - } - return source -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/options.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/options.go deleted file mode 100644 index d675a258f5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/options.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "time" - - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/storagebackend" - flowcontrolrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - "k8s.io/client-go/tools/cache" -) - -// RESTOptions is set of resource-specific configuration options to generic registries. -type RESTOptions struct { - StorageConfig *storagebackend.ConfigForResource - Decorator StorageDecorator - - EnableGarbageCollection bool - DeleteCollectionWorkers int - ResourcePrefix string - CountMetricPollPeriod time.Duration - StorageObjectCountTracker flowcontrolrequest.StorageObjectCountTracker -} - -// Implement RESTOptionsGetter so that RESTOptions can directly be used when available (i.e. tests) -func (opts RESTOptions) GetRESTOptions(schema.GroupResource) (RESTOptions, error) { - return opts, nil -} - -type RESTOptionsGetter interface { - GetRESTOptions(resource schema.GroupResource) (RESTOptions, error) -} - -// StoreOptions is set of configuration options used to complete generic registries. -type StoreOptions struct { - RESTOptions RESTOptionsGetter - TriggerFunc storage.IndexerFuncs - AttrFunc storage.AttrFunc - Indexers *cache.Indexers -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/decorated_watcher.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/decorated_watcher.go deleted file mode 100644 index e066d2a7fa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/decorated_watcher.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package registry - -import ( - "context" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" -) - -type decoratedWatcher struct { - w watch.Interface - decorator func(runtime.Object) - cancel context.CancelFunc - resultCh chan watch.Event -} - -func newDecoratedWatcher(ctx context.Context, w watch.Interface, decorator func(runtime.Object)) *decoratedWatcher { - ctx, cancel := context.WithCancel(ctx) - d := &decoratedWatcher{ - w: w, - decorator: decorator, - cancel: cancel, - resultCh: make(chan watch.Event), - } - go d.run(ctx) - return d -} - -// run decorates watch events from the underlying watcher until its result channel -// is closed or the passed in context is done. -// When run() returns, decoratedWatcher#resultCh is closed. -func (d *decoratedWatcher) run(ctx context.Context) { - var recv, send watch.Event - var ok bool - defer close(d.resultCh) - for { - select { - case recv, ok = <-d.w.ResultChan(): - if !ok { - // The underlying channel was closed, cancel our context - d.cancel() - return - } - switch recv.Type { - case watch.Added, watch.Modified, watch.Deleted, watch.Bookmark: - d.decorator(recv.Object) - send = recv - case watch.Error: - send = recv - } - select { - case d.resultCh <- send: - // propagated event successfully - case <-ctx.Done(): - // context timed out or was cancelled, stop the underlying watcher - d.w.Stop() - return - } - case <-ctx.Done(): - // context timed out or was cancelled, stop the underlying watcher - d.w.Stop() - return - } - } -} - -func (d *decoratedWatcher) Stop() { - // stop the underlying watcher - d.w.Stop() - // cancel our context - d.cancel() -} - -func (d *decoratedWatcher) ResultChan() <-chan watch.Event { - return d.resultCh -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/doc.go deleted file mode 100644 index bd315ae47b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package etcd has a generic implementation of a registry that -// stores things in etcd. -package registry // import "k8s.io/apiserver/pkg/registry/generic/registry" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/dryrun.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/dryrun.go deleted file mode 100644 index 018e4b4c52..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/dryrun.go +++ /dev/null @@ -1,109 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package registry - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/apiserver/pkg/storage" -) - -type DryRunnableStorage struct { - Storage storage.Interface - Codec runtime.Codec -} - -func (s *DryRunnableStorage) Versioner() storage.Versioner { - return s.Storage.Versioner() -} - -func (s *DryRunnableStorage) Create(ctx context.Context, key string, obj, out runtime.Object, ttl uint64, dryRun bool) error { - if dryRun { - if err := s.Storage.Get(ctx, key, storage.GetOptions{}, out); err == nil { - return storage.NewKeyExistsError(key, 0) - } - return s.copyInto(obj, out) - } - return s.Storage.Create(ctx, key, obj, out, ttl) -} - -func (s *DryRunnableStorage) Delete(ctx context.Context, key string, out runtime.Object, preconditions *storage.Preconditions, deleteValidation storage.ValidateObjectFunc, dryRun bool, cachedExistingObject runtime.Object) error { - if dryRun { - if err := s.Storage.Get(ctx, key, storage.GetOptions{}, out); err != nil { - return err - } - if err := preconditions.Check(key, out); err != nil { - return err - } - return deleteValidation(ctx, out) - } - return s.Storage.Delete(ctx, key, out, preconditions, deleteValidation, cachedExistingObject) -} - -func (s *DryRunnableStorage) Watch(ctx context.Context, key string, opts storage.ListOptions) (watch.Interface, error) { - return s.Storage.Watch(ctx, key, opts) -} - -func (s *DryRunnableStorage) Get(ctx context.Context, key string, opts storage.GetOptions, objPtr runtime.Object) error { - return s.Storage.Get(ctx, key, opts, objPtr) -} - -func (s *DryRunnableStorage) GetList(ctx context.Context, key string, opts storage.ListOptions, listObj runtime.Object) error { - return s.Storage.GetList(ctx, key, opts, listObj) -} - -func (s *DryRunnableStorage) GuaranteedUpdate( - ctx context.Context, key string, destination runtime.Object, ignoreNotFound bool, - preconditions *storage.Preconditions, tryUpdate storage.UpdateFunc, dryRun bool, cachedExistingObject runtime.Object) error { - if dryRun { - err := s.Storage.Get(ctx, key, storage.GetOptions{IgnoreNotFound: ignoreNotFound}, destination) - if err != nil { - return err - } - err = preconditions.Check(key, destination) - if err != nil { - return err - } - rev, err := s.Versioner().ObjectResourceVersion(destination) - if err != nil { - return err - } - updated, _, err := tryUpdate(destination, storage.ResponseMeta{ResourceVersion: rev}) - if err != nil { - return err - } - return s.copyInto(updated, destination) - } - return s.Storage.GuaranteedUpdate(ctx, key, destination, ignoreNotFound, preconditions, tryUpdate, cachedExistingObject) -} - -func (s *DryRunnableStorage) Count(key string) (int64, error) { - return s.Storage.Count(key) -} - -func (s *DryRunnableStorage) copyInto(in, out runtime.Object) error { - var data []byte - - data, err := runtime.Encode(s.Codec, in) - if err != nil { - return err - } - _, _, err = s.Codec.Decode(data, nil, out) - return err -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/storage_factory.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/storage_factory.go deleted file mode 100644 index 3983c92d01..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/storage_factory.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package registry - -import ( - "fmt" - "sync" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - cacherstorage "k8s.io/apiserver/pkg/storage/cacher" - "k8s.io/apiserver/pkg/storage/storagebackend" - "k8s.io/apiserver/pkg/storage/storagebackend/factory" - "k8s.io/client-go/tools/cache" -) - -// Creates a cacher based given storageConfig. -func StorageWithCacher() generic.StorageDecorator { - return func( - storageConfig *storagebackend.ConfigForResource, - resourcePrefix string, - keyFunc func(obj runtime.Object) (string, error), - newFunc func() runtime.Object, - newListFunc func() runtime.Object, - getAttrsFunc storage.AttrFunc, - triggerFuncs storage.IndexerFuncs, - indexers *cache.Indexers) (storage.Interface, factory.DestroyFunc, error) { - - s, d, err := generic.NewRawStorage(storageConfig, newFunc) - if err != nil { - return s, d, err - } - if klogV := klog.V(5); klogV.Enabled() { - //nolint:logcheck // It complains about the key/value pairs because it cannot check them. - klogV.InfoS("Storage caching is enabled", objectTypeToArgs(newFunc())...) - } - - cacherConfig := cacherstorage.Config{ - Storage: s, - Versioner: storage.APIObjectVersioner{}, - GroupResource: storageConfig.GroupResource, - ResourcePrefix: resourcePrefix, - KeyFunc: keyFunc, - NewFunc: newFunc, - NewListFunc: newListFunc, - GetAttrsFunc: getAttrsFunc, - IndexerFuncs: triggerFuncs, - Indexers: indexers, - Codec: storageConfig.Codec, - } - cacher, err := cacherstorage.NewCacherFromConfig(cacherConfig) - if err != nil { - return nil, func() {}, err - } - var once sync.Once - destroyFunc := func() { - once.Do(func() { - cacher.Stop() - d() - }) - } - - return cacher, destroyFunc, nil - } -} - -func objectTypeToArgs(obj runtime.Object) []interface{} { - // special-case unstructured objects that tell us their apiVersion/kind - if u, isUnstructured := obj.(*unstructured.Unstructured); isUnstructured { - if apiVersion, kind := u.GetAPIVersion(), u.GetKind(); len(apiVersion) > 0 && len(kind) > 0 { - return []interface{}{"apiVersion", apiVersion, "kind", kind} - } - } - - // otherwise just return the type - return []interface{}{"type", fmt.Sprintf("%T", obj)} -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/store.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/store.go deleted file mode 100644 index 40bca49665..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/registry/store.go +++ /dev/null @@ -1,1529 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package registry - -import ( - "context" - "fmt" - "strings" - "sync" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/api/validation/path" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/watch" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - storeerr "k8s.io/apiserver/pkg/storage/errors" - "k8s.io/apiserver/pkg/storage/etcd3/metrics" - "k8s.io/apiserver/pkg/util/dryrun" - flowcontrolrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - - "k8s.io/klog/v2" -) - -// FinishFunc is a function returned by Begin hooks to complete an operation. -type FinishFunc func(ctx context.Context, success bool) - -// AfterDeleteFunc is the type used for the Store.AfterDelete hook. -type AfterDeleteFunc func(obj runtime.Object, options *metav1.DeleteOptions) - -// BeginCreateFunc is the type used for the Store.BeginCreate hook. -type BeginCreateFunc func(ctx context.Context, obj runtime.Object, options *metav1.CreateOptions) (FinishFunc, error) - -// AfterCreateFunc is the type used for the Store.AfterCreate hook. -type AfterCreateFunc func(obj runtime.Object, options *metav1.CreateOptions) - -// BeginUpdateFunc is the type used for the Store.BeginUpdate hook. -type BeginUpdateFunc func(ctx context.Context, obj, old runtime.Object, options *metav1.UpdateOptions) (FinishFunc, error) - -// AfterUpdateFunc is the type used for the Store.AfterUpdate hook. -type AfterUpdateFunc func(obj runtime.Object, options *metav1.UpdateOptions) - -// GenericStore interface can be used for type assertions when we need to access the underlying strategies. -type GenericStore interface { - GetCreateStrategy() rest.RESTCreateStrategy - GetUpdateStrategy() rest.RESTUpdateStrategy - GetDeleteStrategy() rest.RESTDeleteStrategy -} - -// Store implements k8s.io/apiserver/pkg/registry/rest.StandardStorage. It's -// intended to be embeddable and allows the consumer to implement any -// non-generic functions that are required. This object is intended to be -// copyable so that it can be used in different ways but share the same -// underlying behavior. -// -// All fields are required unless specified. -// -// The intended use of this type is embedding within a Kind specific -// RESTStorage implementation. This type provides CRUD semantics on a Kubelike -// resource, handling details like conflict detection with ResourceVersion and -// semantics. The RESTCreateStrategy, RESTUpdateStrategy, and -// RESTDeleteStrategy are generic across all backends, and encapsulate logic -// specific to the API. -// -// TODO: make the default exposed methods exactly match a generic RESTStorage -type Store struct { - // NewFunc returns a new instance of the type this registry returns for a - // GET of a single object, e.g.: - // - // curl GET /apis/group/version/namespaces/my-ns/myresource/name-of-object - NewFunc func() runtime.Object - - // NewListFunc returns a new list of the type this registry; it is the - // type returned when the resource is listed, e.g.: - // - // curl GET /apis/group/version/namespaces/my-ns/myresource - NewListFunc func() runtime.Object - - // DefaultQualifiedResource is the pluralized name of the resource. - // This field is used if there is no request info present in the context. - // See qualifiedResourceFromContext for details. - DefaultQualifiedResource schema.GroupResource - - // KeyRootFunc returns the root etcd key for this resource; should not - // include trailing "/". This is used for operations that work on the - // entire collection (listing and watching). - // - // KeyRootFunc and KeyFunc must be supplied together or not at all. - KeyRootFunc func(ctx context.Context) string - - // KeyFunc returns the key for a specific object in the collection. - // KeyFunc is called for Create/Update/Get/Delete. Note that 'namespace' - // can be gotten from ctx. - // - // KeyFunc and KeyRootFunc must be supplied together or not at all. - KeyFunc func(ctx context.Context, name string) (string, error) - - // ObjectNameFunc returns the name of an object or an error. - ObjectNameFunc func(obj runtime.Object) (string, error) - - // TTLFunc returns the TTL (time to live) that objects should be persisted - // with. The existing parameter is the current TTL or the default for this - // operation. The update parameter indicates whether this is an operation - // against an existing object. - // - // Objects that are persisted with a TTL are evicted once the TTL expires. - TTLFunc func(obj runtime.Object, existing uint64, update bool) (uint64, error) - - // PredicateFunc returns a matcher corresponding to the provided labels - // and fields. The SelectionPredicate returned should return true if the - // object matches the given field and label selectors. - PredicateFunc func(label labels.Selector, field fields.Selector) storage.SelectionPredicate - - // EnableGarbageCollection affects the handling of Update and Delete - // requests. Enabling garbage collection allows finalizers to do work to - // finalize this object before the store deletes it. - // - // If any store has garbage collection enabled, it must also be enabled in - // the kube-controller-manager. - EnableGarbageCollection bool - - // DeleteCollectionWorkers is the maximum number of workers in a single - // DeleteCollection call. Delete requests for the items in a collection - // are issued in parallel. - DeleteCollectionWorkers int - - // Decorator is an optional exit hook on an object returned from the - // underlying storage. The returned object could be an individual object - // (e.g. Pod) or a list type (e.g. PodList). Decorator is intended for - // integrations that are above storage and should only be used for - // specific cases where storage of the value is not appropriate, since - // they cannot be watched. - Decorator func(runtime.Object) - - // CreateStrategy implements resource-specific behavior during creation. - CreateStrategy rest.RESTCreateStrategy - // BeginCreate is an optional hook that returns a "transaction-like" - // commit/revert function which will be called at the end of the operation, - // but before AfterCreate and Decorator, indicating via the argument - // whether the operation succeeded. If this returns an error, the function - // is not called. Almost nobody should use this hook. - BeginCreate BeginCreateFunc - // AfterCreate implements a further operation to run after a resource is - // created and before it is decorated, optional. - AfterCreate AfterCreateFunc - - // UpdateStrategy implements resource-specific behavior during updates. - UpdateStrategy rest.RESTUpdateStrategy - // BeginUpdate is an optional hook that returns a "transaction-like" - // commit/revert function which will be called at the end of the operation, - // but before AfterUpdate and Decorator, indicating via the argument - // whether the operation succeeded. If this returns an error, the function - // is not called. Almost nobody should use this hook. - BeginUpdate BeginUpdateFunc - // AfterUpdate implements a further operation to run after a resource is - // updated and before it is decorated, optional. - AfterUpdate AfterUpdateFunc - - // DeleteStrategy implements resource-specific behavior during deletion. - DeleteStrategy rest.RESTDeleteStrategy - // AfterDelete implements a further operation to run after a resource is - // deleted and before it is decorated, optional. - AfterDelete AfterDeleteFunc - // ReturnDeletedObject determines whether the Store returns the object - // that was deleted. Otherwise, return a generic success status response. - ReturnDeletedObject bool - // ShouldDeleteDuringUpdate is an optional function to determine whether - // an update from existing to obj should result in a delete. - // If specified, this is checked in addition to standard finalizer, - // deletionTimestamp, and deletionGracePeriodSeconds checks. - ShouldDeleteDuringUpdate func(ctx context.Context, key string, obj, existing runtime.Object) bool - - // TableConvertor is an optional interface for transforming items or lists - // of items into tabular output. If unset, the default will be used. - TableConvertor rest.TableConvertor - - // ResetFieldsStrategy provides the fields reset by the strategy that - // should not be modified by the user. - ResetFieldsStrategy rest.ResetFieldsStrategy - - // Storage is the interface for the underlying storage for the - // resource. It is wrapped into a "DryRunnableStorage" that will - // either pass-through or simply dry-run. - Storage DryRunnableStorage - // StorageVersioner outputs the <group/version/kind> an object will be - // converted to before persisted in etcd, given a list of possible - // kinds of the object. - // If the StorageVersioner is nil, apiserver will leave the - // storageVersionHash as empty in the discovery document. - StorageVersioner runtime.GroupVersioner - - // DestroyFunc cleans up clients used by the underlying Storage; optional. - // If set, DestroyFunc has to be implemented in thread-safe way and - // be prepared for being called more than once. - DestroyFunc func() -} - -// Note: the rest.StandardStorage interface aggregates the common REST verbs -var _ rest.StandardStorage = &Store{} -var _ rest.TableConvertor = &Store{} -var _ GenericStore = &Store{} - -const ( - OptimisticLockErrorMsg = "the object has been modified; please apply your changes to the latest version and try again" - resourceCountPollPeriodJitter = 1.2 -) - -// NamespaceKeyRootFunc is the default function for constructing storage paths -// to resource directories enforcing namespace rules. -func NamespaceKeyRootFunc(ctx context.Context, prefix string) string { - key := prefix - ns, ok := genericapirequest.NamespaceFrom(ctx) - if ok && len(ns) > 0 { - key = key + "/" + ns - } - return key -} - -// NamespaceKeyFunc is the default function for constructing storage paths to -// a resource relative to the given prefix enforcing namespace rules. If the -// context does not contain a namespace, it errors. -func NamespaceKeyFunc(ctx context.Context, prefix string, name string) (string, error) { - key := NamespaceKeyRootFunc(ctx, prefix) - ns, ok := genericapirequest.NamespaceFrom(ctx) - if !ok || len(ns) == 0 { - return "", apierrors.NewBadRequest("Namespace parameter required.") - } - if len(name) == 0 { - return "", apierrors.NewBadRequest("Name parameter required.") - } - if msgs := path.IsValidPathSegmentName(name); len(msgs) != 0 { - return "", apierrors.NewBadRequest(fmt.Sprintf("Name parameter invalid: %q: %s", name, strings.Join(msgs, ";"))) - } - key = key + "/" + name - return key, nil -} - -// NoNamespaceKeyFunc is the default function for constructing storage paths -// to a resource relative to the given prefix without a namespace. -func NoNamespaceKeyFunc(ctx context.Context, prefix string, name string) (string, error) { - if len(name) == 0 { - return "", apierrors.NewBadRequest("Name parameter required.") - } - if msgs := path.IsValidPathSegmentName(name); len(msgs) != 0 { - return "", apierrors.NewBadRequest(fmt.Sprintf("Name parameter invalid: %q: %s", name, strings.Join(msgs, ";"))) - } - key := prefix + "/" + name - return key, nil -} - -// New implements RESTStorage.New. -func (e *Store) New() runtime.Object { - return e.NewFunc() -} - -// Destroy cleans up its resources on shutdown. -func (e *Store) Destroy() { - if e.DestroyFunc != nil { - e.DestroyFunc() - } -} - -// NewList implements rest.Lister. -func (e *Store) NewList() runtime.Object { - return e.NewListFunc() -} - -// NamespaceScoped indicates whether the resource is namespaced -func (e *Store) NamespaceScoped() bool { - if e.CreateStrategy != nil { - return e.CreateStrategy.NamespaceScoped() - } - if e.UpdateStrategy != nil { - return e.UpdateStrategy.NamespaceScoped() - } - - panic("programmer error: no CRUD for resource, override NamespaceScoped too") -} - -// GetCreateStrategy implements GenericStore. -func (e *Store) GetCreateStrategy() rest.RESTCreateStrategy { - return e.CreateStrategy -} - -// GetUpdateStrategy implements GenericStore. -func (e *Store) GetUpdateStrategy() rest.RESTUpdateStrategy { - return e.UpdateStrategy -} - -// GetDeleteStrategy implements GenericStore. -func (e *Store) GetDeleteStrategy() rest.RESTDeleteStrategy { - return e.DeleteStrategy -} - -// List returns a list of items matching labels and field according to the -// store's PredicateFunc. -func (e *Store) List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) { - label := labels.Everything() - if options != nil && options.LabelSelector != nil { - label = options.LabelSelector - } - field := fields.Everything() - if options != nil && options.FieldSelector != nil { - field = options.FieldSelector - } - out, err := e.ListPredicate(ctx, e.PredicateFunc(label, field), options) - if err != nil { - return nil, err - } - if e.Decorator != nil { - e.Decorator(out) - } - return out, nil -} - -// ListPredicate returns a list of all the items matching the given -// SelectionPredicate. -func (e *Store) ListPredicate(ctx context.Context, p storage.SelectionPredicate, options *metainternalversion.ListOptions) (runtime.Object, error) { - if options == nil { - // By default we should serve the request from etcd. - options = &metainternalversion.ListOptions{ResourceVersion: ""} - } - p.Limit = options.Limit - p.Continue = options.Continue - list := e.NewListFunc() - qualifiedResource := e.qualifiedResourceFromContext(ctx) - storageOpts := storage.ListOptions{ - ResourceVersion: options.ResourceVersion, - ResourceVersionMatch: options.ResourceVersionMatch, - Predicate: p, - Recursive: true, - } - if name, ok := p.MatchesSingle(); ok { - if key, err := e.KeyFunc(ctx, name); err == nil { - storageOpts.Recursive = false - err := e.Storage.GetList(ctx, key, storageOpts, list) - return list, storeerr.InterpretListError(err, qualifiedResource) - } - // if we cannot extract a key based on the current context, the optimization is skipped - } - - err := e.Storage.GetList(ctx, e.KeyRootFunc(ctx), storageOpts, list) - return list, storeerr.InterpretListError(err, qualifiedResource) -} - -// finishNothing is a do-nothing FinishFunc. -func finishNothing(context.Context, bool) {} - -// Create inserts a new item according to the unique key from the object. -// Note that registries may mutate the input object (e.g. in the strategy -// hooks). Tests which call this might want to call DeepCopy if they expect to -// be able to examine the input and output objects for differences. -func (e *Store) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - var finishCreate FinishFunc = finishNothing - - // Init metadata as early as possible. - if objectMeta, err := meta.Accessor(obj); err != nil { - return nil, err - } else { - rest.FillObjectMetaSystemFields(objectMeta) - if len(objectMeta.GetGenerateName()) > 0 && len(objectMeta.GetName()) == 0 { - objectMeta.SetName(e.CreateStrategy.GenerateName(objectMeta.GetGenerateName())) - } - } - - if e.BeginCreate != nil { - fn, err := e.BeginCreate(ctx, obj, options) - if err != nil { - return nil, err - } - finishCreate = fn - defer func() { - finishCreate(ctx, false) - }() - } - - if err := rest.BeforeCreate(e.CreateStrategy, ctx, obj); err != nil { - return nil, err - } - // at this point we have a fully formed object. It is time to call the validators that the apiserver - // handling chain wants to enforce. - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - name, err := e.ObjectNameFunc(obj) - if err != nil { - return nil, err - } - key, err := e.KeyFunc(ctx, name) - if err != nil { - return nil, err - } - qualifiedResource := e.qualifiedResourceFromContext(ctx) - ttl, err := e.calculateTTL(obj, 0, false) - if err != nil { - return nil, err - } - out := e.NewFunc() - if err := e.Storage.Create(ctx, key, obj, out, ttl, dryrun.IsDryRun(options.DryRun)); err != nil { - err = storeerr.InterpretCreateError(err, qualifiedResource, name) - err = rest.CheckGeneratedNameError(ctx, e.CreateStrategy, err, obj) - if !apierrors.IsAlreadyExists(err) { - return nil, err - } - if errGet := e.Storage.Get(ctx, key, storage.GetOptions{}, out); errGet != nil { - return nil, err - } - accessor, errGetAcc := meta.Accessor(out) - if errGetAcc != nil { - return nil, err - } - if accessor.GetDeletionTimestamp() != nil { - msg := &err.(*apierrors.StatusError).ErrStatus.Message - *msg = fmt.Sprintf("object is being deleted: %s", *msg) - } - return nil, err - } - // The operation has succeeded. Call the finish function if there is one, - // and then make sure the defer doesn't call it again. - fn := finishCreate - finishCreate = finishNothing - fn(ctx, true) - - if e.AfterCreate != nil { - e.AfterCreate(out, options) - } - if e.Decorator != nil { - e.Decorator(out) - } - return out, nil -} - -// ShouldDeleteDuringUpdate is the default function for -// checking if an object should be deleted during an update. -// It checks if the new object has no finalizers, -// the existing object's deletionTimestamp is set, and -// the existing object's deletionGracePeriodSeconds is 0 or nil -func ShouldDeleteDuringUpdate(ctx context.Context, key string, obj, existing runtime.Object) bool { - newMeta, err := meta.Accessor(obj) - if err != nil { - utilruntime.HandleError(err) - return false - } - oldMeta, err := meta.Accessor(existing) - if err != nil { - utilruntime.HandleError(err) - return false - } - if len(newMeta.GetFinalizers()) > 0 { - // don't delete with finalizers remaining in the new object - return false - } - if oldMeta.GetDeletionTimestamp() == nil { - // don't delete if the existing object hasn't had a delete request made - return false - } - // delete if the existing object has no grace period or a grace period of 0 - return oldMeta.GetDeletionGracePeriodSeconds() == nil || *oldMeta.GetDeletionGracePeriodSeconds() == 0 -} - -// deleteWithoutFinalizers handles deleting an object ignoring its finalizer list. -// Used for objects that are either been finalized or have never initialized. -func (e *Store) deleteWithoutFinalizers(ctx context.Context, name, key string, obj runtime.Object, preconditions *storage.Preconditions, options *metav1.DeleteOptions) (runtime.Object, bool, error) { - out := e.NewFunc() - klog.V(6).InfoS("Going to delete object from registry, triggered by update", "object", klog.KRef(genericapirequest.NamespaceValue(ctx), name)) - // Using the rest.ValidateAllObjectFunc because the request is an UPDATE request and has already passed the admission for the UPDATE verb. - if err := e.Storage.Delete(ctx, key, out, preconditions, rest.ValidateAllObjectFunc, dryrun.IsDryRun(options.DryRun), nil); err != nil { - // Deletion is racy, i.e., there could be multiple update - // requests to remove all finalizers from the object, so we - // ignore the NotFound error. - if storage.IsNotFound(err) { - _, err := e.finalizeDelete(ctx, obj, true, options) - // clients are expecting an updated object if a PUT succeeded, - // but finalizeDelete returns a metav1.Status, so return - // the object in the request instead. - return obj, false, err - } - return nil, false, storeerr.InterpretDeleteError(err, e.qualifiedResourceFromContext(ctx), name) - } - _, err := e.finalizeDelete(ctx, out, true, options) - // clients are expecting an updated object if a PUT succeeded, but - // finalizeDelete returns a metav1.Status, so return the object in - // the request instead. - return obj, false, err -} - -// Update performs an atomic update and set of the object. Returns the result of the update -// or an error. If the registry allows create-on-update, the create flow will be executed. -// A bool is returned along with the object and any errors, to indicate object creation. -func (e *Store) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - key, err := e.KeyFunc(ctx, name) - if err != nil { - return nil, false, err - } - - var ( - creatingObj runtime.Object - creating = false - ) - - qualifiedResource := e.qualifiedResourceFromContext(ctx) - storagePreconditions := &storage.Preconditions{} - if preconditions := objInfo.Preconditions(); preconditions != nil { - storagePreconditions.UID = preconditions.UID - storagePreconditions.ResourceVersion = preconditions.ResourceVersion - } - - out := e.NewFunc() - // deleteObj is only used in case a deletion is carried out - var deleteObj runtime.Object - err = e.Storage.GuaranteedUpdate(ctx, key, out, true, storagePreconditions, func(existing runtime.Object, res storage.ResponseMeta) (runtime.Object, *uint64, error) { - existingResourceVersion, err := e.Storage.Versioner().ObjectResourceVersion(existing) - if err != nil { - return nil, nil, err - } - if existingResourceVersion == 0 { - if !e.UpdateStrategy.AllowCreateOnUpdate() && !forceAllowCreate { - return nil, nil, apierrors.NewNotFound(qualifiedResource, name) - } - } - - // Given the existing object, get the new object - obj, err := objInfo.UpdatedObject(ctx, existing) - if err != nil { - return nil, nil, err - } - - // If AllowUnconditionalUpdate() is true and the object specified by - // the user does not have a resource version, then we populate it with - // the latest version. Else, we check that the version specified by - // the user matches the version of latest storage object. - newResourceVersion, err := e.Storage.Versioner().ObjectResourceVersion(obj) - if err != nil { - return nil, nil, err - } - doUnconditionalUpdate := newResourceVersion == 0 && e.UpdateStrategy.AllowUnconditionalUpdate() - - if existingResourceVersion == 0 { - // Init metadata as early as possible. - if objectMeta, err := meta.Accessor(obj); err != nil { - return nil, nil, err - } else { - rest.FillObjectMetaSystemFields(objectMeta) - } - - var finishCreate FinishFunc = finishNothing - - if e.BeginCreate != nil { - fn, err := e.BeginCreate(ctx, obj, newCreateOptionsFromUpdateOptions(options)) - if err != nil { - return nil, nil, err - } - finishCreate = fn - defer func() { - finishCreate(ctx, false) - }() - } - - creating = true - creatingObj = obj - if err := rest.BeforeCreate(e.CreateStrategy, ctx, obj); err != nil { - return nil, nil, err - } - // at this point we have a fully formed object. It is time to call the validators that the apiserver - // handling chain wants to enforce. - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, nil, err - } - } - ttl, err := e.calculateTTL(obj, 0, false) - if err != nil { - return nil, nil, err - } - - // The operation has succeeded. Call the finish function if there is one, - // and then make sure the defer doesn't call it again. - fn := finishCreate - finishCreate = finishNothing - fn(ctx, true) - - return obj, &ttl, nil - } - - creating = false - creatingObj = nil - if doUnconditionalUpdate { - // Update the object's resource version to match the latest - // storage object's resource version. - err = e.Storage.Versioner().UpdateObject(obj, res.ResourceVersion) - if err != nil { - return nil, nil, err - } - } else { - // Check if the object's resource version matches the latest - // resource version. - if newResourceVersion == 0 { - // TODO: The Invalid error should have a field for Resource. - // After that field is added, we should fill the Resource and - // leave the Kind field empty. See the discussion in #18526. - qualifiedKind := schema.GroupKind{Group: qualifiedResource.Group, Kind: qualifiedResource.Resource} - fieldErrList := field.ErrorList{field.Invalid(field.NewPath("metadata").Child("resourceVersion"), newResourceVersion, "must be specified for an update")} - return nil, nil, apierrors.NewInvalid(qualifiedKind, name, fieldErrList) - } - if newResourceVersion != existingResourceVersion { - return nil, nil, apierrors.NewConflict(qualifiedResource, name, fmt.Errorf(OptimisticLockErrorMsg)) - } - } - - var finishUpdate FinishFunc = finishNothing - - if e.BeginUpdate != nil { - fn, err := e.BeginUpdate(ctx, obj, existing, options) - if err != nil { - return nil, nil, err - } - finishUpdate = fn - defer func() { - finishUpdate(ctx, false) - }() - } - - if err := rest.BeforeUpdate(e.UpdateStrategy, ctx, obj, existing); err != nil { - return nil, nil, err - } - // at this point we have a fully formed object. It is time to call the validators that the apiserver - // handling chain wants to enforce. - if updateValidation != nil { - if err := updateValidation(ctx, obj.DeepCopyObject(), existing.DeepCopyObject()); err != nil { - return nil, nil, err - } - } - // Check the default delete-during-update conditions, and store-specific conditions if provided - if ShouldDeleteDuringUpdate(ctx, key, obj, existing) && - (e.ShouldDeleteDuringUpdate == nil || e.ShouldDeleteDuringUpdate(ctx, key, obj, existing)) { - deleteObj = obj - return nil, nil, errEmptiedFinalizers - } - ttl, err := e.calculateTTL(obj, res.TTL, true) - if err != nil { - return nil, nil, err - } - - // The operation has succeeded. Call the finish function if there is one, - // and then make sure the defer doesn't call it again. - fn := finishUpdate - finishUpdate = finishNothing - fn(ctx, true) - - if int64(ttl) != res.TTL { - return obj, &ttl, nil - } - return obj, nil, nil - }, dryrun.IsDryRun(options.DryRun), nil) - - if err != nil { - // delete the object - if err == errEmptiedFinalizers { - return e.deleteWithoutFinalizers(ctx, name, key, deleteObj, storagePreconditions, newDeleteOptionsFromUpdateOptions(options)) - } - if creating { - err = storeerr.InterpretCreateError(err, qualifiedResource, name) - err = rest.CheckGeneratedNameError(ctx, e.CreateStrategy, err, creatingObj) - } else { - err = storeerr.InterpretUpdateError(err, qualifiedResource, name) - } - return nil, false, err - } - - if creating { - if e.AfterCreate != nil { - e.AfterCreate(out, newCreateOptionsFromUpdateOptions(options)) - } - } else { - if e.AfterUpdate != nil { - e.AfterUpdate(out, options) - } - } - if e.Decorator != nil { - e.Decorator(out) - } - return out, creating, nil -} - -// This is a helper to convert UpdateOptions to CreateOptions for the -// create-on-update path. -func newCreateOptionsFromUpdateOptions(in *metav1.UpdateOptions) *metav1.CreateOptions { - co := &metav1.CreateOptions{ - DryRun: in.DryRun, - FieldManager: in.FieldManager, - FieldValidation: in.FieldValidation, - } - co.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("CreateOptions")) - return co -} - -// This is a helper to convert UpdateOptions to DeleteOptions for the -// delete-on-update path. -func newDeleteOptionsFromUpdateOptions(in *metav1.UpdateOptions) *metav1.DeleteOptions { - do := &metav1.DeleteOptions{ - DryRun: in.DryRun, - } - do.TypeMeta.SetGroupVersionKind(metav1.SchemeGroupVersion.WithKind("DeleteOptions")) - return do -} - -// Get retrieves the item from storage. -func (e *Store) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - obj := e.NewFunc() - key, err := e.KeyFunc(ctx, name) - if err != nil { - return nil, err - } - if err := e.Storage.Get(ctx, key, storage.GetOptions{ResourceVersion: options.ResourceVersion}, obj); err != nil { - return nil, storeerr.InterpretGetError(err, e.qualifiedResourceFromContext(ctx), name) - } - if e.Decorator != nil { - e.Decorator(obj) - } - return obj, nil -} - -// qualifiedResourceFromContext attempts to retrieve a GroupResource from the context's request info. -// If the context has no request info, DefaultQualifiedResource is used. -func (e *Store) qualifiedResourceFromContext(ctx context.Context) schema.GroupResource { - if info, ok := genericapirequest.RequestInfoFrom(ctx); ok { - return schema.GroupResource{Group: info.APIGroup, Resource: info.Resource} - } - // some implementations access storage directly and thus the context has no RequestInfo - return e.DefaultQualifiedResource -} - -var ( - errAlreadyDeleting = fmt.Errorf("abort delete") - errDeleteNow = fmt.Errorf("delete now") - errEmptiedFinalizers = fmt.Errorf("emptied finalizers") -) - -// shouldOrphanDependents returns true if the finalizer for orphaning should be set -// updated for FinalizerOrphanDependents. In the order of highest to lowest -// priority, there are three factors affect whether to add/remove the -// FinalizerOrphanDependents: options, existing finalizers of the object, -// and e.DeleteStrategy.DefaultGarbageCollectionPolicy. -func shouldOrphanDependents(ctx context.Context, e *Store, accessor metav1.Object, options *metav1.DeleteOptions) bool { - // Get default GC policy from this REST object type - gcStrategy, ok := e.DeleteStrategy.(rest.GarbageCollectionDeleteStrategy) - var defaultGCPolicy rest.GarbageCollectionPolicy - if ok { - defaultGCPolicy = gcStrategy.DefaultGarbageCollectionPolicy(ctx) - } - - if defaultGCPolicy == rest.Unsupported { - // return false to indicate that we should NOT orphan - return false - } - - // An explicit policy was set at deletion time, that overrides everything - //nolint:staticcheck // SA1019 backwards compatibility - if options != nil && options.OrphanDependents != nil { - //nolint:staticcheck // SA1019 backwards compatibility - return *options.OrphanDependents - } - if options != nil && options.PropagationPolicy != nil { - switch *options.PropagationPolicy { - case metav1.DeletePropagationOrphan: - return true - case metav1.DeletePropagationBackground, metav1.DeletePropagationForeground: - return false - } - } - - // If a finalizer is set in the object, it overrides the default - // validation should make sure the two cases won't be true at the same time. - finalizers := accessor.GetFinalizers() - for _, f := range finalizers { - switch f { - case metav1.FinalizerOrphanDependents: - return true - case metav1.FinalizerDeleteDependents: - return false - } - } - - // Get default orphan policy from this REST object type if it exists - return defaultGCPolicy == rest.OrphanDependents -} - -// shouldDeleteDependents returns true if the finalizer for foreground deletion should be set -// updated for FinalizerDeleteDependents. In the order of highest to lowest -// priority, there are three factors affect whether to add/remove the -// FinalizerDeleteDependents: options, existing finalizers of the object, and -// e.DeleteStrategy.DefaultGarbageCollectionPolicy. -func shouldDeleteDependents(ctx context.Context, e *Store, accessor metav1.Object, options *metav1.DeleteOptions) bool { - // Get default GC policy from this REST object type - if gcStrategy, ok := e.DeleteStrategy.(rest.GarbageCollectionDeleteStrategy); ok && gcStrategy.DefaultGarbageCollectionPolicy(ctx) == rest.Unsupported { - // return false to indicate that we should NOT delete in foreground - return false - } - - // If an explicit policy was set at deletion time, that overrides both - //nolint:staticcheck // SA1019 backwards compatibility - if options != nil && options.OrphanDependents != nil { - return false - } - if options != nil && options.PropagationPolicy != nil { - switch *options.PropagationPolicy { - case metav1.DeletePropagationForeground: - return true - case metav1.DeletePropagationBackground, metav1.DeletePropagationOrphan: - return false - } - } - - // If a finalizer is set in the object, it overrides the default - // validation has made sure the two cases won't be true at the same time. - finalizers := accessor.GetFinalizers() - for _, f := range finalizers { - switch f { - case metav1.FinalizerDeleteDependents: - return true - case metav1.FinalizerOrphanDependents: - return false - } - } - - return false -} - -// deletionFinalizersForGarbageCollection analyzes the object and delete options -// to determine whether the object is in need of finalization by the garbage -// collector. If so, returns the set of deletion finalizers to apply and a bool -// indicating whether the finalizer list has changed and is in need of updating. -// -// The finalizers returned are intended to be handled by the garbage collector. -// If garbage collection is disabled for the store, this function returns false -// to ensure finalizers aren't set which will never be cleared. -func deletionFinalizersForGarbageCollection(ctx context.Context, e *Store, accessor metav1.Object, options *metav1.DeleteOptions) (bool, []string) { - if !e.EnableGarbageCollection { - return false, []string{} - } - shouldOrphan := shouldOrphanDependents(ctx, e, accessor, options) - shouldDeleteDependentInForeground := shouldDeleteDependents(ctx, e, accessor, options) - newFinalizers := []string{} - - // first remove both finalizers, add them back if needed. - for _, f := range accessor.GetFinalizers() { - if f == metav1.FinalizerOrphanDependents || f == metav1.FinalizerDeleteDependents { - continue - } - newFinalizers = append(newFinalizers, f) - } - - if shouldOrphan { - newFinalizers = append(newFinalizers, metav1.FinalizerOrphanDependents) - } - if shouldDeleteDependentInForeground { - newFinalizers = append(newFinalizers, metav1.FinalizerDeleteDependents) - } - - oldFinalizerSet := sets.NewString(accessor.GetFinalizers()...) - newFinalizersSet := sets.NewString(newFinalizers...) - if oldFinalizerSet.Equal(newFinalizersSet) { - return false, accessor.GetFinalizers() - } - return true, newFinalizers -} - -// markAsDeleting sets the obj's DeletionGracePeriodSeconds to 0, and sets the -// DeletionTimestamp to "now" if there is no existing deletionTimestamp or if the existing -// deletionTimestamp is further in future. Finalizers are watching for such updates and will -// finalize the object if their IDs are present in the object's Finalizers list. -func markAsDeleting(obj runtime.Object, now time.Time) (err error) { - objectMeta, kerr := meta.Accessor(obj) - if kerr != nil { - return kerr - } - // This handles Generation bump for resources that don't support graceful - // deletion. For resources that support graceful deletion is handle in - // pkg/api/rest/delete.go - if objectMeta.GetDeletionTimestamp() == nil && objectMeta.GetGeneration() > 0 { - objectMeta.SetGeneration(objectMeta.GetGeneration() + 1) - } - existingDeletionTimestamp := objectMeta.GetDeletionTimestamp() - if existingDeletionTimestamp == nil || existingDeletionTimestamp.After(now) { - metaNow := metav1.NewTime(now) - objectMeta.SetDeletionTimestamp(&metaNow) - } - var zero int64 = 0 - objectMeta.SetDeletionGracePeriodSeconds(&zero) - return nil -} - -// updateForGracefulDeletionAndFinalizers updates the given object for -// graceful deletion and finalization by setting the deletion timestamp and -// grace period seconds (graceful deletion) and updating the list of -// finalizers (finalization); it returns: -// -// 1. an error -// 2. a boolean indicating that the object was not found, but it should be -// ignored -// 3. a boolean indicating that the object's grace period is exhausted and it -// should be deleted immediately -// 4. a new output object with the state that was updated -// 5. a copy of the last existing state of the object -func (e *Store) updateForGracefulDeletionAndFinalizers(ctx context.Context, name, key string, options *metav1.DeleteOptions, preconditions storage.Preconditions, deleteValidation rest.ValidateObjectFunc, in runtime.Object) (err error, ignoreNotFound, deleteImmediately bool, out, lastExisting runtime.Object) { - lastGraceful := int64(0) - var pendingFinalizers bool - out = e.NewFunc() - err = e.Storage.GuaranteedUpdate( - ctx, - key, - out, - false, /* ignoreNotFound */ - &preconditions, - storage.SimpleUpdate(func(existing runtime.Object) (runtime.Object, error) { - if err := deleteValidation(ctx, existing); err != nil { - return nil, err - } - graceful, pendingGraceful, err := rest.BeforeDelete(e.DeleteStrategy, ctx, existing, options) - if err != nil { - return nil, err - } - if pendingGraceful { - return nil, errAlreadyDeleting - } - - // Add/remove the orphan finalizer as the options dictates. - // Note that this occurs after checking pendingGraceufl, so - // finalizers cannot be updated via DeleteOptions if deletion has - // started. - existingAccessor, err := meta.Accessor(existing) - if err != nil { - return nil, err - } - needsUpdate, newFinalizers := deletionFinalizersForGarbageCollection(ctx, e, existingAccessor, options) - if needsUpdate { - existingAccessor.SetFinalizers(newFinalizers) - } - - pendingFinalizers = len(existingAccessor.GetFinalizers()) != 0 - if !graceful { - // set the DeleteGracePeriods to 0 if the object has pendingFinalizers but not supporting graceful deletion - if pendingFinalizers { - klog.V(6).InfoS("Object has pending finalizers, so the registry is going to update its status to deleting", - "object", klog.KRef(genericapirequest.NamespaceValue(ctx), name), "gracePeriod", time.Second*0) - err = markAsDeleting(existing, time.Now()) - if err != nil { - return nil, err - } - return existing, nil - } - return nil, errDeleteNow - } - lastGraceful = *options.GracePeriodSeconds - lastExisting = existing - return existing, nil - }), - dryrun.IsDryRun(options.DryRun), - nil, - ) - switch err { - case nil: - // If there are pending finalizers, we never delete the object immediately. - if pendingFinalizers { - return nil, false, false, out, lastExisting - } - if lastGraceful > 0 { - return nil, false, false, out, lastExisting - } - // If we are here, the registry supports grace period mechanism and - // we are intentionally delete gracelessly. In this case, we may - // enter a race with other k8s components. If other component wins - // the race, the object will not be found, and we should tolerate - // the NotFound error. See - // https://github.com/kubernetes/kubernetes/issues/19403 for - // details. - return nil, true, true, out, lastExisting - case errDeleteNow: - // we've updated the object to have a zero grace period, or it's already at 0, so - // we should fall through and truly delete the object. - return nil, false, true, out, lastExisting - case errAlreadyDeleting: - out, err = e.finalizeDelete(ctx, in, true, options) - return err, false, false, out, lastExisting - default: - return storeerr.InterpretUpdateError(err, e.qualifiedResourceFromContext(ctx), name), false, false, out, lastExisting - } -} - -// Delete removes the item from storage. -// options can be mutated by rest.BeforeDelete due to a graceful deletion strategy. -func (e *Store) Delete(ctx context.Context, name string, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error) { - key, err := e.KeyFunc(ctx, name) - if err != nil { - return nil, false, err - } - obj := e.NewFunc() - qualifiedResource := e.qualifiedResourceFromContext(ctx) - if err = e.Storage.Get(ctx, key, storage.GetOptions{}, obj); err != nil { - return nil, false, storeerr.InterpretDeleteError(err, qualifiedResource, name) - } - - // support older consumers of delete by treating "nil" as delete immediately - if options == nil { - options = metav1.NewDeleteOptions(0) - } - var preconditions storage.Preconditions - if options.Preconditions != nil { - preconditions.UID = options.Preconditions.UID - preconditions.ResourceVersion = options.Preconditions.ResourceVersion - } - graceful, pendingGraceful, err := rest.BeforeDelete(e.DeleteStrategy, ctx, obj, options) - if err != nil { - return nil, false, err - } - // this means finalizers cannot be updated via DeleteOptions if a deletion is already pending - if pendingGraceful { - out, err := e.finalizeDelete(ctx, obj, false, options) - return out, false, err - } - // check if obj has pending finalizers - accessor, err := meta.Accessor(obj) - if err != nil { - return nil, false, apierrors.NewInternalError(err) - } - pendingFinalizers := len(accessor.GetFinalizers()) != 0 - var ignoreNotFound bool - var deleteImmediately bool = true - var lastExisting, out runtime.Object - - // Handle combinations of graceful deletion and finalization by issuing - // the correct updates. - shouldUpdateFinalizers, _ := deletionFinalizersForGarbageCollection(ctx, e, accessor, options) - // TODO: remove the check, because we support no-op updates now. - if graceful || pendingFinalizers || shouldUpdateFinalizers { - err, ignoreNotFound, deleteImmediately, out, lastExisting = e.updateForGracefulDeletionAndFinalizers(ctx, name, key, options, preconditions, deleteValidation, obj) - // Update the preconditions.ResourceVersion if set since we updated the object. - if err == nil && deleteImmediately && preconditions.ResourceVersion != nil { - accessor, err = meta.Accessor(out) - if err != nil { - return out, false, apierrors.NewInternalError(err) - } - resourceVersion := accessor.GetResourceVersion() - preconditions.ResourceVersion = &resourceVersion - } - } - - // !deleteImmediately covers all cases where err != nil. We keep both to be future-proof. - if !deleteImmediately || err != nil { - return out, false, err - } - - // Going further in this function is not useful when we are - // performing a dry-run request. Worse, it will actually - // override "out" with the version of the object in database - // that doesn't have the finalizer and deletiontimestamp set - // (because the update above was dry-run too). If we already - // have that version available, let's just return it now, - // otherwise, we can call dry-run delete that will get us the - // latest version of the object. - if dryrun.IsDryRun(options.DryRun) && out != nil { - return out, true, nil - } - - // delete immediately, or no graceful deletion supported - klog.V(6).InfoS("Going to delete object from registry", "object", klog.KRef(genericapirequest.NamespaceValue(ctx), name)) - out = e.NewFunc() - if err := e.Storage.Delete(ctx, key, out, &preconditions, storage.ValidateObjectFunc(deleteValidation), dryrun.IsDryRun(options.DryRun), nil); err != nil { - // Please refer to the place where we set ignoreNotFound for the reason - // why we ignore the NotFound error . - if storage.IsNotFound(err) && ignoreNotFound && lastExisting != nil { - // The lastExisting object may not be the last state of the object - // before its deletion, but it's the best approximation. - out, err := e.finalizeDelete(ctx, lastExisting, true, options) - return out, true, err - } - return nil, false, storeerr.InterpretDeleteError(err, qualifiedResource, name) - } - out, err = e.finalizeDelete(ctx, out, true, options) - return out, true, err -} - -// DeleteReturnsDeletedObject implements the rest.MayReturnFullObjectDeleter interface -func (e *Store) DeleteReturnsDeletedObject() bool { - return e.ReturnDeletedObject -} - -// DeleteCollection removes all items returned by List with a given ListOptions from storage. -// -// DeleteCollection is currently NOT atomic. It can happen that only subset of objects -// will be deleted from storage, and then an error will be returned. -// In case of success, the list of deleted objects will be returned. -// -// TODO: Currently, there is no easy way to remove 'directory' entry from storage (if we -// are removing all objects of a given type) with the current API (it's technically -// possibly with storage API, but watch is not delivered correctly then). -// It will be possible to fix it with v3 etcd API. -func (e *Store) DeleteCollection(ctx context.Context, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions, listOptions *metainternalversion.ListOptions) (runtime.Object, error) { - if listOptions == nil { - listOptions = &metainternalversion.ListOptions{} - } else { - listOptions = listOptions.DeepCopy() - } - - listObj, err := e.List(ctx, listOptions) - if err != nil { - return nil, err - } - items, err := meta.ExtractList(listObj) - if err != nil { - return nil, err - } - if len(items) == 0 { - // Nothing to delete, return now - return listObj, nil - } - // Spawn a number of goroutines, so that we can issue requests to storage - // in parallel to speed up deletion. - // It is proportional to the number of items to delete, up to - // DeleteCollectionWorkers (it doesn't make much sense to spawn 16 - // workers to delete 10 items). - workersNumber := e.DeleteCollectionWorkers - if workersNumber > len(items) { - workersNumber = len(items) - } - if workersNumber < 1 { - workersNumber = 1 - } - wg := sync.WaitGroup{} - toProcess := make(chan int, 2*workersNumber) - errs := make(chan error, workersNumber+1) - workersExited := make(chan struct{}) - distributorExited := make(chan struct{}) - - go func() { - defer utilruntime.HandleCrash(func(panicReason interface{}) { - errs <- fmt.Errorf("DeleteCollection distributor panicked: %v", panicReason) - }) - defer close(distributorExited) - for i := 0; i < len(items); i++ { - select { - case toProcess <- i: - case <-workersExited: - klog.V(4).InfoS("workers already exited, and there are some items waiting to be processed", "finished", i, "total", len(items)) - return - } - } - close(toProcess) - }() - - wg.Add(workersNumber) - for i := 0; i < workersNumber; i++ { - go func() { - // panics don't cross goroutine boundaries - defer utilruntime.HandleCrash(func(panicReason interface{}) { - errs <- fmt.Errorf("DeleteCollection goroutine panicked: %v", panicReason) - }) - defer wg.Done() - - for index := range toProcess { - accessor, err := meta.Accessor(items[index]) - if err != nil { - errs <- err - return - } - // DeepCopy the deletion options because individual graceful deleters communicate changes via a mutating - // function in the delete strategy called in the delete method. While that is always ugly, it works - // when making a single call. When making multiple calls via delete collection, the mutation applied to - // pod/A can change the option ultimately used for pod/B. - if _, _, err := e.Delete(ctx, accessor.GetName(), deleteValidation, options.DeepCopy()); err != nil && !apierrors.IsNotFound(err) { - klog.V(4).InfoS("Delete object in DeleteCollection failed", "object", klog.KObj(accessor), "err", err) - errs <- err - return - } - } - }() - } - wg.Wait() - // notify distributor to exit - close(workersExited) - <-distributorExited - select { - case err := <-errs: - return nil, err - default: - return listObj, nil - } -} - -// finalizeDelete runs the Store's AfterDelete hook if runHooks is set and -// returns the decorated deleted object if appropriate. -func (e *Store) finalizeDelete(ctx context.Context, obj runtime.Object, runHooks bool, options *metav1.DeleteOptions) (runtime.Object, error) { - if runHooks && e.AfterDelete != nil { - e.AfterDelete(obj, options) - } - if e.ReturnDeletedObject { - if e.Decorator != nil { - e.Decorator(obj) - } - return obj, nil - } - // Return information about the deleted object, which enables clients to - // verify that the object was actually deleted and not waiting for finalizers. - accessor, err := meta.Accessor(obj) - if err != nil { - return nil, err - } - qualifiedResource := e.qualifiedResourceFromContext(ctx) - details := &metav1.StatusDetails{ - Name: accessor.GetName(), - Group: qualifiedResource.Group, - Kind: qualifiedResource.Resource, // Yes we set Kind field to resource. - UID: accessor.GetUID(), - } - status := &metav1.Status{Status: metav1.StatusSuccess, Details: details} - return status, nil -} - -// Watch makes a matcher for the given label and field, and calls -// WatchPredicate. If possible, you should customize PredicateFunc to produce -// a matcher that matches by key. SelectionPredicate does this for you -// automatically. -func (e *Store) Watch(ctx context.Context, options *metainternalversion.ListOptions) (watch.Interface, error) { - label := labels.Everything() - if options != nil && options.LabelSelector != nil { - label = options.LabelSelector - } - field := fields.Everything() - if options != nil && options.FieldSelector != nil { - field = options.FieldSelector - } - predicate := e.PredicateFunc(label, field) - - resourceVersion := "" - if options != nil { - resourceVersion = options.ResourceVersion - predicate.AllowWatchBookmarks = options.AllowWatchBookmarks - } - return e.WatchPredicate(ctx, predicate, resourceVersion) -} - -// WatchPredicate starts a watch for the items that matches. -func (e *Store) WatchPredicate(ctx context.Context, p storage.SelectionPredicate, resourceVersion string) (watch.Interface, error) { - storageOpts := storage.ListOptions{ResourceVersion: resourceVersion, Predicate: p, Recursive: true} - - key := e.KeyRootFunc(ctx) - if name, ok := p.MatchesSingle(); ok { - if k, err := e.KeyFunc(ctx, name); err == nil { - key = k - storageOpts.Recursive = false - } - // if we cannot extract a key based on the current context, the - // optimization is skipped - } - - w, err := e.Storage.Watch(ctx, key, storageOpts) - if err != nil { - return nil, err - } - if e.Decorator != nil { - return newDecoratedWatcher(ctx, w, e.Decorator), nil - } - return w, nil -} - -// calculateTTL is a helper for retrieving the updated TTL for an object or -// returning an error if the TTL cannot be calculated. The defaultTTL is -// changed to 1 if less than zero. Zero means no TTL, not expire immediately. -func (e *Store) calculateTTL(obj runtime.Object, defaultTTL int64, update bool) (ttl uint64, err error) { - // TODO: validate this is assertion is still valid. - - // etcd may return a negative TTL for a node if the expiration has not - // occurred due to server lag - we will ensure that the value is at least - // set. - if defaultTTL < 0 { - defaultTTL = 1 - } - ttl = uint64(defaultTTL) - if e.TTLFunc != nil { - ttl, err = e.TTLFunc(obj, ttl, update) - } - return ttl, err -} - -// CompleteWithOptions updates the store with the provided options and -// defaults common fields. -func (e *Store) CompleteWithOptions(options *generic.StoreOptions) error { - if e.DefaultQualifiedResource.Empty() { - return fmt.Errorf("store %#v must have a non-empty qualified resource", e) - } - if e.NewFunc == nil { - return fmt.Errorf("store for %s must have NewFunc set", e.DefaultQualifiedResource.String()) - } - if e.NewListFunc == nil { - return fmt.Errorf("store for %s must have NewListFunc set", e.DefaultQualifiedResource.String()) - } - if (e.KeyRootFunc == nil) != (e.KeyFunc == nil) { - return fmt.Errorf("store for %s must set both KeyRootFunc and KeyFunc or neither", e.DefaultQualifiedResource.String()) - } - - if e.TableConvertor == nil { - return fmt.Errorf("store for %s must set TableConvertor; rest.NewDefaultTableConvertor(e.DefaultQualifiedResource) can be used to output just name/creation time", e.DefaultQualifiedResource.String()) - } - - var isNamespaced bool - switch { - case e.CreateStrategy != nil: - isNamespaced = e.CreateStrategy.NamespaceScoped() - case e.UpdateStrategy != nil: - isNamespaced = e.UpdateStrategy.NamespaceScoped() - default: - return fmt.Errorf("store for %s must have CreateStrategy or UpdateStrategy set", e.DefaultQualifiedResource.String()) - } - - if e.DeleteStrategy == nil { - return fmt.Errorf("store for %s must have DeleteStrategy set", e.DefaultQualifiedResource.String()) - } - - if options.RESTOptions == nil { - return fmt.Errorf("options for %s must have RESTOptions set", e.DefaultQualifiedResource.String()) - } - - attrFunc := options.AttrFunc - if attrFunc == nil { - if isNamespaced { - attrFunc = storage.DefaultNamespaceScopedAttr - } else { - attrFunc = storage.DefaultClusterScopedAttr - } - } - if e.PredicateFunc == nil { - e.PredicateFunc = func(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: attrFunc, - } - } - } - - err := validateIndexers(options.Indexers) - if err != nil { - return err - } - - opts, err := options.RESTOptions.GetRESTOptions(e.DefaultQualifiedResource) - if err != nil { - return err - } - - // ResourcePrefix must come from the underlying factory - prefix := opts.ResourcePrefix - if !strings.HasPrefix(prefix, "/") { - prefix = "/" + prefix - } - if prefix == "/" { - return fmt.Errorf("store for %s has an invalid prefix %q", e.DefaultQualifiedResource.String(), opts.ResourcePrefix) - } - - // Set the default behavior for storage key generation - if e.KeyRootFunc == nil && e.KeyFunc == nil { - if isNamespaced { - e.KeyRootFunc = func(ctx context.Context) string { - return NamespaceKeyRootFunc(ctx, prefix) - } - e.KeyFunc = func(ctx context.Context, name string) (string, error) { - return NamespaceKeyFunc(ctx, prefix, name) - } - } else { - e.KeyRootFunc = func(ctx context.Context) string { - return prefix - } - e.KeyFunc = func(ctx context.Context, name string) (string, error) { - return NoNamespaceKeyFunc(ctx, prefix, name) - } - } - } - - // We adapt the store's keyFunc so that we can use it with the StorageDecorator - // without making any assumptions about where objects are stored in etcd - keyFunc := func(obj runtime.Object) (string, error) { - accessor, err := meta.Accessor(obj) - if err != nil { - return "", err - } - - if isNamespaced { - return e.KeyFunc(genericapirequest.WithNamespace(genericapirequest.NewContext(), accessor.GetNamespace()), accessor.GetName()) - } - - return e.KeyFunc(genericapirequest.NewContext(), accessor.GetName()) - } - - if e.DeleteCollectionWorkers == 0 { - e.DeleteCollectionWorkers = opts.DeleteCollectionWorkers - } - - e.EnableGarbageCollection = opts.EnableGarbageCollection - - if e.ObjectNameFunc == nil { - e.ObjectNameFunc = func(obj runtime.Object) (string, error) { - accessor, err := meta.Accessor(obj) - if err != nil { - return "", err - } - return accessor.GetName(), nil - } - } - - if e.Storage.Storage == nil { - e.Storage.Codec = opts.StorageConfig.Codec - var err error - e.Storage.Storage, e.DestroyFunc, err = opts.Decorator( - opts.StorageConfig, - prefix, - keyFunc, - e.NewFunc, - e.NewListFunc, - attrFunc, - options.TriggerFunc, - options.Indexers, - ) - if err != nil { - return err - } - e.StorageVersioner = opts.StorageConfig.EncodeVersioner - - if opts.CountMetricPollPeriod > 0 { - stopFunc := e.startObservingCount(opts.CountMetricPollPeriod, opts.StorageObjectCountTracker) - previousDestroy := e.DestroyFunc - var once sync.Once - e.DestroyFunc = func() { - once.Do(func() { - stopFunc() - if previousDestroy != nil { - previousDestroy() - } - }) - } - } - } - - return nil -} - -// startObservingCount starts monitoring given prefix and periodically updating metrics. It returns a function to stop collection. -func (e *Store) startObservingCount(period time.Duration, objectCountTracker flowcontrolrequest.StorageObjectCountTracker) func() { - prefix := e.KeyRootFunc(genericapirequest.NewContext()) - resourceName := e.DefaultQualifiedResource.String() - klog.V(2).InfoS("Monitoring resource count at path", "resource", resourceName, "path", "<storage-prefix>/"+prefix) - stopCh := make(chan struct{}) - go wait.JitterUntil(func() { - count, err := e.Storage.Count(prefix) - if err != nil { - klog.V(5).InfoS("Failed to update storage count metric", "err", err) - count = -1 - } - - metrics.UpdateObjectCount(resourceName, count) - if objectCountTracker != nil { - objectCountTracker.Set(resourceName, count) - } - }, period, resourceCountPollPeriodJitter, true, stopCh) - return func() { close(stopCh) } -} - -func (e *Store) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - if e.TableConvertor != nil { - return e.TableConvertor.ConvertToTable(ctx, object, tableOptions) - } - return rest.NewDefaultTableConvertor(e.DefaultQualifiedResource).ConvertToTable(ctx, object, tableOptions) -} - -func (e *Store) StorageVersion() runtime.GroupVersioner { - return e.StorageVersioner -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (e *Store) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - if e.ResetFieldsStrategy == nil { - return nil - } - return e.ResetFieldsStrategy.GetResetFields() -} - -// validateIndexers will check the prefix of indexers. -func validateIndexers(indexers *cache.Indexers) error { - if indexers == nil { - return nil - } - for indexName := range *indexers { - if len(indexName) <= 2 || (indexName[:2] != "l:" && indexName[:2] != "f:") { - return fmt.Errorf("index must prefix with \"l:\" or \"f:\"") - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/doc.go deleted file mode 100644 index 3b77b55936..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package rest has generic implementations of resources used for -// REST responses -package rest // import "k8s.io/apiserver/pkg/registry/generic/rest" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/response_checker.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/response_checker.go deleted file mode 100644 index b26d43348a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/response_checker.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "fmt" - "io" - "io/ioutil" - "net/http" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// Check the http error status from a location URL. -// And convert an error into a structured API object. -// Finally ensure we close the body before returning the error -type HttpResponseChecker interface { - Check(resp *http.Response) error -} - -// Max length read from the response body of a location which returns error status -const ( - maxReadLength = 50000 -) - -// A generic http response checker to transform the error. -type GenericHttpResponseChecker struct { - QualifiedResource schema.GroupResource - Name string -} - -func (checker GenericHttpResponseChecker) Check(resp *http.Response) error { - if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent { - defer resp.Body.Close() - bodyBytes, err := ioutil.ReadAll(io.LimitReader(resp.Body, maxReadLength)) - if err != nil { - return errors.NewInternalError(err) - } - bodyText := string(bodyBytes) - - switch { - case resp.StatusCode == http.StatusInternalServerError: - return errors.NewInternalError(fmt.Errorf("%s", bodyText)) - case resp.StatusCode == http.StatusBadRequest: - return errors.NewBadRequest(bodyText) - case resp.StatusCode == http.StatusNotFound: - return errors.NewGenericServerResponse(resp.StatusCode, "", checker.QualifiedResource, checker.Name, bodyText, 0, false) - } - return errors.NewGenericServerResponse(resp.StatusCode, "", checker.QualifiedResource, checker.Name, bodyText, 0, false) - } - return nil -} - -func NewGenericHttpResponseChecker(qualifiedResource schema.GroupResource, name string) GenericHttpResponseChecker { - return GenericHttpResponseChecker{QualifiedResource: qualifiedResource, Name: name} -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/streamer.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/streamer.go deleted file mode 100644 index cb9e4898cd..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/rest/streamer.go +++ /dev/null @@ -1,115 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "strings" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/registry/rest" -) - -type CounterMetric interface { - Inc() -} - -// LocationStreamer is a resource that streams the contents of a particular -// location URL. -type LocationStreamer struct { - Location *url.URL - Transport http.RoundTripper - ContentType string - Flush bool - ResponseChecker HttpResponseChecker - RedirectChecker func(req *http.Request, via []*http.Request) error - // TLSVerificationErrorCounter is an optional value that will Inc every time a TLS error is encountered. This can - // be wired a single prometheus counter instance to get counts overall. - TLSVerificationErrorCounter CounterMetric -} - -// a LocationStreamer must implement a rest.ResourceStreamer -var _ rest.ResourceStreamer = &LocationStreamer{} - -func (obj *LocationStreamer) GetObjectKind() schema.ObjectKind { - return schema.EmptyObjectKind -} -func (obj *LocationStreamer) DeepCopyObject() runtime.Object { - panic("rest.LocationStreamer does not implement DeepCopyObject") -} - -// InputStream returns a stream with the contents of the URL location. If no location is provided, -// a null stream is returned. -func (s *LocationStreamer) InputStream(ctx context.Context, apiVersion, acceptHeader string) (stream io.ReadCloser, flush bool, contentType string, err error) { - if s.Location == nil { - // If no location was provided, return a null stream - return nil, false, "", nil - } - transport := s.Transport - if transport == nil { - transport = http.DefaultTransport - } - - client := &http.Client{ - Transport: transport, - CheckRedirect: s.RedirectChecker, - } - req, err := http.NewRequest("GET", s.Location.String(), nil) - if err != nil { - return nil, false, "", fmt.Errorf("failed to construct request for %s, got %v", s.Location.String(), err) - } - // Pass the parent context down to the request to ensure that the resources - // will be release properly. - req = req.WithContext(ctx) - - resp, err := client.Do(req) - if err != nil { - // TODO prefer segregate TLS errors more reliably, but we do want to increment a count - if strings.Contains(err.Error(), "x509:") && s.TLSVerificationErrorCounter != nil { - s.TLSVerificationErrorCounter.Inc() - } - return nil, false, "", err - } - - if s.ResponseChecker != nil { - if err = s.ResponseChecker.Check(resp); err != nil { - return nil, false, "", err - } - } - - contentType = s.ContentType - if len(contentType) == 0 { - contentType = resp.Header.Get("Content-Type") - if len(contentType) > 0 { - contentType = strings.TrimSpace(strings.SplitN(contentType, ";", 2)[0]) - } - } - flush = s.Flush - stream = resp.Body - return -} - -// PreventRedirects is a redirect checker that prevents the client from following a redirect. -func PreventRedirects(_ *http.Request, _ []*http.Request) error { - return errors.New("redirects forbidden") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/storage_decorator.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/storage_decorator.go deleted file mode 100644 index 715aa10477..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/generic/storage_decorator.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package generic - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/storagebackend" - "k8s.io/apiserver/pkg/storage/storagebackend/factory" - "k8s.io/client-go/tools/cache" -) - -// StorageDecorator is a function signature for producing a storage.Interface -// and an associated DestroyFunc from given parameters. -type StorageDecorator func( - config *storagebackend.ConfigForResource, - resourcePrefix string, - keyFunc func(obj runtime.Object) (string, error), - newFunc func() runtime.Object, - newListFunc func() runtime.Object, - getAttrsFunc storage.AttrFunc, - trigger storage.IndexerFuncs, - indexers *cache.Indexers) (storage.Interface, factory.DestroyFunc, error) - -// UndecoratedStorage returns the given a new storage from the given config -// without any decoration. -func UndecoratedStorage( - config *storagebackend.ConfigForResource, - resourcePrefix string, - keyFunc func(obj runtime.Object) (string, error), - newFunc func() runtime.Object, - newListFunc func() runtime.Object, - getAttrsFunc storage.AttrFunc, - trigger storage.IndexerFuncs, - indexers *cache.Indexers) (storage.Interface, factory.DestroyFunc, error) { - return NewRawStorage(config, newFunc) -} - -// NewRawStorage creates the low level kv storage. This is a work-around for current -// two layer of same storage interface. -// TODO: Once cacher is enabled on all registries (event registry is special), we will remove this method. -func NewRawStorage(config *storagebackend.ConfigForResource, newFunc func() runtime.Object) (storage.Interface, factory.DestroyFunc, error) { - return factory.Create(*config, newFunc) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/OWNERS deleted file mode 100644 index 4dd70bd888..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/OWNERS +++ /dev/null @@ -1,16 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - thockin - - smarterclayton - - wojtek-t - - deads2k - - derekwaynecarr - - caesarxuchao - - mikedanese - - liggitt - - justinsb - - ncdc - - dims - - ingvagabund - - enj diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/create.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/create.go deleted file mode 100644 index b3e57d0a45..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/create.go +++ /dev/null @@ -1,223 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - genericvalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/api/validation/path" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/admission" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/apiserver/pkg/warning" -) - -// RESTCreateStrategy defines the minimum validation, accepted input, and -// name generation behavior to create an object that follows Kubernetes -// API conventions. -type RESTCreateStrategy interface { - runtime.ObjectTyper - // The name generator is used when the standard GenerateName field is set. - // The NameGenerator will be invoked prior to validation. - names.NameGenerator - - // NamespaceScoped returns true if the object must be within a namespace. - NamespaceScoped() bool - // PrepareForCreate is invoked on create before validation to normalize - // the object. For example: remove fields that are not to be persisted, - // sort order-insensitive list fields, etc. This should not remove fields - // whose presence would be considered a validation error. - // - // Often implemented as a type check and an initailization or clearing of - // status. Clear the status because status changes are internal. External - // callers of an api (users) should not be setting an initial status on - // newly created objects. - PrepareForCreate(ctx context.Context, obj runtime.Object) - // Validate returns an ErrorList with validation errors or nil. Validate - // is invoked after default fields in the object have been filled in - // before the object is persisted. This method should not mutate the - // object. - Validate(ctx context.Context, obj runtime.Object) field.ErrorList - // WarningsOnCreate returns warnings to the client performing a create. - // WarningsOnCreate is invoked after default fields in the object have been filled in - // and after Validate has passed, before Canonicalize is called, and the object is persisted. - // This method must not mutate the object. - // - // Be brief; limit warnings to 120 characters if possible. - // Don't include a "Warning:" prefix in the message (that is added by clients on output). - // Warnings returned about a specific field should be formatted as "path.to.field: message". - // For example: `spec.imagePullSecrets[0].name: invalid empty name ""` - // - // Use warning messages to describe problems the client making the API request should correct or be aware of. - // For example: - // - use of deprecated fields/labels/annotations that will stop working in a future release - // - use of obsolete fields/labels/annotations that are non-functional - // - malformed or invalid specifications that prevent successful handling of the submitted object, - // but are not rejected by validation for compatibility reasons - // - // Warnings should not be returned for fields which cannot be resolved by the caller. - // For example, do not warn about spec fields in a subresource creation request. - WarningsOnCreate(ctx context.Context, obj runtime.Object) []string - // Canonicalize allows an object to be mutated into a canonical form. This - // ensures that code that operates on these objects can rely on the common - // form for things like comparison. Canonicalize is invoked after - // validation has succeeded but before the object has been persisted. - // This method may mutate the object. Often implemented as a type check or - // empty method. - Canonicalize(obj runtime.Object) -} - -// BeforeCreate ensures that common operations for all resources are performed on creation. It only returns -// errors that can be converted to api.Status. It invokes PrepareForCreate, then Validate. -// It returns nil if the object should be created. -func BeforeCreate(strategy RESTCreateStrategy, ctx context.Context, obj runtime.Object) error { - objectMeta, kind, kerr := objectMetaAndKind(strategy, obj) - if kerr != nil { - return kerr - } - - // ensure that system-critical metadata has been populated - if !metav1.HasObjectMetaSystemFieldValues(objectMeta) { - return errors.NewInternalError(fmt.Errorf("system metadata was not initialized")) - } - - // ensure the name has been generated - if len(objectMeta.GetGenerateName()) > 0 && len(objectMeta.GetName()) == 0 { - return errors.NewInternalError(fmt.Errorf("metadata.name was not generated")) - } - - // ensure namespace on the object is correct, or error if a conflicting namespace was set in the object - requestNamespace, ok := genericapirequest.NamespaceFrom(ctx) - if !ok { - return errors.NewInternalError(fmt.Errorf("no namespace information found in request context")) - } - if err := EnsureObjectNamespaceMatchesRequestNamespace(ExpectedNamespaceForScope(requestNamespace, strategy.NamespaceScoped()), objectMeta); err != nil { - return err - } - - strategy.PrepareForCreate(ctx, obj) - - if errs := strategy.Validate(ctx, obj); len(errs) > 0 { - return errors.NewInvalid(kind.GroupKind(), objectMeta.GetName(), errs) - } - - // Custom validation (including name validation) passed - // Now run common validation on object meta - // Do this *after* custom validation so that specific error messages are shown whenever possible - if errs := genericvalidation.ValidateObjectMetaAccessor(objectMeta, strategy.NamespaceScoped(), path.ValidatePathSegmentName, field.NewPath("metadata")); len(errs) > 0 { - return errors.NewInvalid(kind.GroupKind(), objectMeta.GetName(), errs) - } - - for _, w := range strategy.WarningsOnCreate(ctx, obj) { - warning.AddWarning(ctx, "", w) - } - - strategy.Canonicalize(obj) - - return nil -} - -// CheckGeneratedNameError checks whether an error that occurred creating a resource is due -// to generation being unable to pick a valid name. -func CheckGeneratedNameError(ctx context.Context, strategy RESTCreateStrategy, err error, obj runtime.Object) error { - if !errors.IsAlreadyExists(err) { - return err - } - - objectMeta, gvk, kerr := objectMetaAndKind(strategy, obj) - if kerr != nil { - return kerr - } - - if len(objectMeta.GetGenerateName()) == 0 { - // If we don't have a generated name, return the original error (AlreadyExists). - // When we're here, the user picked a name that is causing a conflict. - return err - } - - // Get the group resource information from the context, if populated. - gr := schema.GroupResource{} - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - gr = schema.GroupResource{Group: gvk.Group, Resource: requestInfo.Resource} - } - - // If we have a name and generated name, the server picked a name - // that already exists. - return errors.NewGenerateNameConflict(gr, objectMeta.GetName(), 1) -} - -// objectMetaAndKind retrieves kind and ObjectMeta from a runtime object, or returns an error. -func objectMetaAndKind(typer runtime.ObjectTyper, obj runtime.Object) (metav1.Object, schema.GroupVersionKind, error) { - objectMeta, err := meta.Accessor(obj) - if err != nil { - return nil, schema.GroupVersionKind{}, errors.NewInternalError(err) - } - kinds, _, err := typer.ObjectKinds(obj) - if err != nil { - return nil, schema.GroupVersionKind{}, errors.NewInternalError(err) - } - return objectMeta, kinds[0], nil -} - -// NamespaceScopedStrategy has a method to tell if the object must be in a namespace. -type NamespaceScopedStrategy interface { - // NamespaceScoped returns if the object must be in a namespace. - NamespaceScoped() bool -} - -// AdmissionToValidateObjectFunc converts validating admission to a rest validate object func -func AdmissionToValidateObjectFunc(admit admission.Interface, staticAttributes admission.Attributes, o admission.ObjectInterfaces) ValidateObjectFunc { - validatingAdmission, ok := admit.(admission.ValidationInterface) - if !ok { - return func(ctx context.Context, obj runtime.Object) error { return nil } - } - return func(ctx context.Context, obj runtime.Object) error { - name := staticAttributes.GetName() - // in case the generated name is populated - if len(name) == 0 { - if metadata, err := meta.Accessor(obj); err == nil { - name = metadata.GetName() - } - } - - finalAttributes := admission.NewAttributesRecord( - obj, - staticAttributes.GetOldObject(), - staticAttributes.GetKind(), - staticAttributes.GetNamespace(), - name, - staticAttributes.GetResource(), - staticAttributes.GetSubresource(), - staticAttributes.GetOperation(), - staticAttributes.GetOperationOptions(), - staticAttributes.IsDryRun(), - staticAttributes.GetUserInfo(), - ) - if !validatingAdmission.Handles(finalAttributes.GetOperation()) { - return nil - } - return validatingAdmission.Validate(ctx, finalAttributes, o) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/create_update.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/create_update.go deleted file mode 100644 index acef76fa63..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/create_update.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// RESTCreateUpdateStrategy is a union of RESTUpdateStrategy and RESTCreateStrategy, -// and it defines the minimum validation, accepted input, and name generation -// behavior to create and update an object that follows Kubernetes API conventions. -type RESTCreateUpdateStrategy interface { - RESTCreateStrategy - // AllowCreateOnUpdate returns true if the object can be created by a PUT. - AllowCreateOnUpdate() bool - // PrepareForUpdate is invoked on update before validation to normalize - // the object. For example: remove fields that are not to be persisted, - // sort order-insensitive list fields, etc. This should not remove fields - // whose presence would be considered a validation error. - PrepareForUpdate(ctx context.Context, obj, old runtime.Object) - // ValidateUpdate is invoked after default fields in the object have been - // filled in before the object is persisted. This method should not mutate - // the object. - ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList - // WarningsOnUpdate returns warnings to the client performing the update. - // WarningsOnUpdate is invoked after default fields in the object have been filled in - // and after ValidateUpdate has passed, before Canonicalize is called, and before the object is persisted. - // This method must not mutate either object. - // - // Be brief; limit warnings to 120 characters if possible. - // Don't include a "Warning:" prefix in the message (that is added by clients on output). - // Warnings returned about a specific field should be formatted as "path.to.field: message". - // For example: `spec.imagePullSecrets[0].name: invalid empty name ""` - // - // Use warning messages to describe problems the client making the API request should correct or be aware of. - // For example: - // - use of deprecated fields/labels/annotations that will stop working in a future release - // - use of obsolete fields/labels/annotations that are non-functional - // - malformed or invalid specifications that prevent successful handling of the submitted object, - // but are not rejected by validation for compatibility reasons - // - // Warnings should not be returned for fields which cannot be resolved by the caller. - // For example, do not warn about spec fields in a status update. - WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string - // AllowUnconditionalUpdate returns true if the object can be updated - // unconditionally (irrespective of the latest resource version), when - // there is no resource version specified in the object. - AllowUnconditionalUpdate() bool -} - -// Ensure that RESTCreateUpdateStrategy extends RESTCreateStrategy -var _ RESTCreateStrategy = (RESTCreateUpdateStrategy)(nil) - -// Ensure that RESTCreateUpdateStrategy extends RESTUpdateStrategy -var _ RESTUpdateStrategy = (RESTCreateUpdateStrategy)(nil) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/delete.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/delete.go deleted file mode 100644 index 34102690e8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/delete.go +++ /dev/null @@ -1,202 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - "time" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - utilpointer "k8s.io/utils/pointer" -) - -// RESTDeleteStrategy defines deletion behavior on an object that follows Kubernetes -// API conventions. -type RESTDeleteStrategy interface { - runtime.ObjectTyper -} - -type GarbageCollectionPolicy string - -const ( - DeleteDependents GarbageCollectionPolicy = "DeleteDependents" - OrphanDependents GarbageCollectionPolicy = "OrphanDependents" - // Unsupported means that the resource knows that it cannot be GC'd, so the finalizers - // should never be set in storage. - Unsupported GarbageCollectionPolicy = "Unsupported" -) - -// GarbageCollectionDeleteStrategy must be implemented by the registry that wants to -// orphan dependents by default. -type GarbageCollectionDeleteStrategy interface { - // DefaultGarbageCollectionPolicy returns the default garbage collection behavior. - DefaultGarbageCollectionPolicy(ctx context.Context) GarbageCollectionPolicy -} - -// RESTGracefulDeleteStrategy must be implemented by the registry that supports -// graceful deletion. -type RESTGracefulDeleteStrategy interface { - // CheckGracefulDelete should return true if the object can be gracefully deleted and set - // any default values on the DeleteOptions. - // NOTE: if return true, `options.GracePeriodSeconds` must be non-nil (nil will fail), - // that's what tells the deletion how "graceful" to be. - CheckGracefulDelete(ctx context.Context, obj runtime.Object, options *metav1.DeleteOptions) bool -} - -// BeforeDelete tests whether the object can be gracefully deleted. -// If graceful is set, the object should be gracefully deleted. If gracefulPending -// is set, the object has already been gracefully deleted (and the provided grace -// period is longer than the time to deletion). An error is returned if the -// condition cannot be checked or the gracePeriodSeconds is invalid. The options -// argument may be updated with default values if graceful is true. Second place -// where we set deletionTimestamp is pkg/registry/generic/registry/store.go. -// This function is responsible for setting deletionTimestamp during gracefulDeletion, -// other one for cascading deletions. -func BeforeDelete(strategy RESTDeleteStrategy, ctx context.Context, obj runtime.Object, options *metav1.DeleteOptions) (graceful, gracefulPending bool, err error) { - objectMeta, gvk, kerr := objectMetaAndKind(strategy, obj) - if kerr != nil { - return false, false, kerr - } - if errs := validation.ValidateDeleteOptions(options); len(errs) > 0 { - return false, false, errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "DeleteOptions"}, "", errs) - } - // Checking the Preconditions here to fail early. They'll be enforced later on when we actually do the deletion, too. - if options.Preconditions != nil { - if options.Preconditions.UID != nil && *options.Preconditions.UID != objectMeta.GetUID() { - return false, false, errors.NewConflict(schema.GroupResource{Group: gvk.Group, Resource: gvk.Kind}, objectMeta.GetName(), fmt.Errorf("the UID in the precondition (%s) does not match the UID in record (%s). The object might have been deleted and then recreated", *options.Preconditions.UID, objectMeta.GetUID())) - } - if options.Preconditions.ResourceVersion != nil && *options.Preconditions.ResourceVersion != objectMeta.GetResourceVersion() { - return false, false, errors.NewConflict(schema.GroupResource{Group: gvk.Group, Resource: gvk.Kind}, objectMeta.GetName(), fmt.Errorf("the ResourceVersion in the precondition (%s) does not match the ResourceVersion in record (%s). The object might have been modified", *options.Preconditions.ResourceVersion, objectMeta.GetResourceVersion())) - } - } - - // Negative values will be treated as the value `1s` on the delete path. - if gracePeriodSeconds := options.GracePeriodSeconds; gracePeriodSeconds != nil && *gracePeriodSeconds < 0 { - options.GracePeriodSeconds = utilpointer.Int64(1) - } - if deletionGracePeriodSeconds := objectMeta.GetDeletionGracePeriodSeconds(); deletionGracePeriodSeconds != nil && *deletionGracePeriodSeconds < 0 { - objectMeta.SetDeletionGracePeriodSeconds(utilpointer.Int64(1)) - } - - gracefulStrategy, ok := strategy.(RESTGracefulDeleteStrategy) - if !ok { - // If we're not deleting gracefully there's no point in updating Generation, as we won't update - // the obcject before deleting it. - return false, false, nil - } - // if the object is already being deleted, no need to update generation. - if objectMeta.GetDeletionTimestamp() != nil { - // if we are already being deleted, we may only shorten the deletion grace period - // this means the object was gracefully deleted previously but deletionGracePeriodSeconds was not set, - // so we force deletion immediately - // IMPORTANT: - // The deletion operation happens in two phases. - // 1. Update to set DeletionGracePeriodSeconds and DeletionTimestamp - // 2. Delete the object from storage. - // If the update succeeds, but the delete fails (network error, internal storage error, etc.), - // a resource was previously left in a state that was non-recoverable. We - // check if the existing stored resource has a grace period as 0 and if so - // attempt to delete immediately in order to recover from this scenario. - if objectMeta.GetDeletionGracePeriodSeconds() == nil || *objectMeta.GetDeletionGracePeriodSeconds() == 0 { - return false, false, nil - } - // only a shorter grace period may be provided by a user - if options.GracePeriodSeconds != nil { - period := int64(*options.GracePeriodSeconds) - if period >= *objectMeta.GetDeletionGracePeriodSeconds() { - return false, true, nil - } - newDeletionTimestamp := metav1.NewTime( - objectMeta.GetDeletionTimestamp().Add(-time.Second * time.Duration(*objectMeta.GetDeletionGracePeriodSeconds())). - Add(time.Second * time.Duration(*options.GracePeriodSeconds))) - objectMeta.SetDeletionTimestamp(&newDeletionTimestamp) - objectMeta.SetDeletionGracePeriodSeconds(&period) - return true, false, nil - } - // graceful deletion is pending, do nothing - options.GracePeriodSeconds = objectMeta.GetDeletionGracePeriodSeconds() - return false, true, nil - } - - // `CheckGracefulDelete` will be implemented by specific strategy - if !gracefulStrategy.CheckGracefulDelete(ctx, obj, options) { - return false, false, nil - } - - if options.GracePeriodSeconds == nil { - return false, false, errors.NewInternalError(fmt.Errorf("options.GracePeriodSeconds should not be nil")) - } - - now := metav1.NewTime(metav1.Now().Add(time.Second * time.Duration(*options.GracePeriodSeconds))) - objectMeta.SetDeletionTimestamp(&now) - objectMeta.SetDeletionGracePeriodSeconds(options.GracePeriodSeconds) - // If it's the first graceful deletion we are going to set the DeletionTimestamp to non-nil. - // Controllers of the object that's being deleted shouldn't take any nontrivial actions, hence its behavior changes. - // Thus we need to bump object's Generation (if set). This handles generation bump during graceful deletion. - // The bump for objects that don't support graceful deletion is handled in pkg/registry/generic/registry/store.go. - if objectMeta.GetGeneration() > 0 { - objectMeta.SetGeneration(objectMeta.GetGeneration() + 1) - } - - return true, false, nil -} - -// AdmissionToValidateObjectDeleteFunc returns a admission validate func for object deletion -func AdmissionToValidateObjectDeleteFunc(admit admission.Interface, staticAttributes admission.Attributes, objInterfaces admission.ObjectInterfaces) ValidateObjectFunc { - mutatingAdmission, isMutatingAdmission := admit.(admission.MutationInterface) - validatingAdmission, isValidatingAdmission := admit.(admission.ValidationInterface) - - mutating := isMutatingAdmission && mutatingAdmission.Handles(staticAttributes.GetOperation()) - validating := isValidatingAdmission && validatingAdmission.Handles(staticAttributes.GetOperation()) - - return func(ctx context.Context, old runtime.Object) error { - if !mutating && !validating { - return nil - } - finalAttributes := admission.NewAttributesRecord( - nil, - // Deep copy the object to avoid accidentally changing the object. - old.DeepCopyObject(), - staticAttributes.GetKind(), - staticAttributes.GetNamespace(), - staticAttributes.GetName(), - staticAttributes.GetResource(), - staticAttributes.GetSubresource(), - staticAttributes.GetOperation(), - staticAttributes.GetOperationOptions(), - staticAttributes.IsDryRun(), - staticAttributes.GetUserInfo(), - ) - if mutating { - if err := mutatingAdmission.Admit(ctx, finalAttributes, objInterfaces); err != nil { - return err - } - } - if validating { - if err := validatingAdmission.Validate(ctx, finalAttributes, objInterfaces); err != nil { - return err - } - } - return nil - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/doc.go deleted file mode 100644 index 20524d21ff..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package rest defines common logic around changes to Kubernetes-style resources. -package rest // import "k8s.io/apiserver/pkg/registry/rest" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/meta.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/meta.go deleted file mode 100644 index 12c1e5f98c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/meta.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/uuid" -) - -// WipeObjectMetaSystemFields erases fields that are managed by the system on ObjectMeta. -func WipeObjectMetaSystemFields(meta metav1.Object) { - meta.SetCreationTimestamp(metav1.Time{}) - meta.SetUID("") - meta.SetDeletionTimestamp(nil) - meta.SetDeletionGracePeriodSeconds(nil) - meta.SetSelfLink("") -} - -// FillObjectMetaSystemFields populates fields that are managed by the system on ObjectMeta. -func FillObjectMetaSystemFields(meta metav1.Object) { - meta.SetCreationTimestamp(metav1.Now()) - meta.SetUID(uuid.NewUUID()) -} - -// EnsureObjectNamespaceMatchesRequestNamespace returns an error if obj.Namespace and requestNamespace -// are both populated and do not match. If either is unpopulated, it modifies obj as needed to ensure -// obj.GetNamespace() == requestNamespace. -func EnsureObjectNamespaceMatchesRequestNamespace(requestNamespace string, obj metav1.Object) error { - objNamespace := obj.GetNamespace() - switch { - case objNamespace == requestNamespace: - // already matches, no-op - return nil - - case objNamespace == metav1.NamespaceNone: - // unset, default to request namespace - obj.SetNamespace(requestNamespace) - return nil - - case requestNamespace == metav1.NamespaceNone: - // cluster-scoped, clear namespace - obj.SetNamespace(metav1.NamespaceNone) - return nil - - default: - // mismatch, error - return errors.NewBadRequest("the namespace of the provided object does not match the namespace sent on the request") - } -} - -// ExpectedNamespaceForScope returns the expected namespace for a resource, given the request namespace and resource scope. -func ExpectedNamespaceForScope(requestNamespace string, namespaceScoped bool) string { - if namespaceScoped { - return requestNamespace - } - return "" -} - -// ExpectedNamespaceForResource returns the expected namespace for a resource, given the request namespace. -func ExpectedNamespaceForResource(requestNamespace string, resource schema.GroupVersionResource) string { - if resource.Resource == "namespaces" && resource.Group == "" { - return "" - } - return requestNamespace -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go deleted file mode 100644 index 6330ea8f53..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go +++ /dev/null @@ -1,379 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "io" - "net/http" - "net/url" - - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/watch" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -//TODO: -// Storage interfaces need to be separated into two groups; those that operate -// on collections and those that operate on individually named items. -// Collection interfaces: -// (Method: Current -> Proposed) -// GET: Lister -> CollectionGetter -// WATCH: Watcher -> CollectionWatcher -// CREATE: Creater -> CollectionCreater -// DELETE: (n/a) -> CollectionDeleter -// UPDATE: (n/a) -> CollectionUpdater -// -// Single item interfaces: -// (Method: Current -> Proposed) -// GET: Getter -> NamedGetter -// WATCH: (n/a) -> NamedWatcher -// CREATE: (n/a) -> NamedCreater -// DELETE: Deleter -> NamedDeleter -// UPDATE: Update -> NamedUpdater - -// Storage is a generic interface for RESTful storage services. -// Resources which are exported to the RESTful API of apiserver need to implement this interface. It is expected -// that objects may implement any of the below interfaces. -type Storage interface { - // New returns an empty object that can be used with Create and Update after request data has been put into it. - // This object must be a pointer type for use with Codec.DecodeInto([]byte, runtime.Object) - New() runtime.Object - - // Destroy cleans up its resources on shutdown. - // Destroy has to be implemented in thread-safe way and be prepared - // for being called more than once. - Destroy() -} - -// Scoper indicates what scope the resource is at. It must be specified. -// It is usually provided automatically based on your strategy. -type Scoper interface { - // NamespaceScoped returns true if the storage is namespaced - NamespaceScoped() bool -} - -// KindProvider specifies a different kind for its API than for its internal storage. This is necessary for external -// objects that are not compiled into the api server. For such objects, there is no in-memory representation for -// the object, so they must be represented as generic objects (e.g. runtime.Unknown), but when we present the object as part of -// API discovery we want to present the specific kind, not the generic internal representation. -type KindProvider interface { - Kind() string -} - -// ShortNamesProvider is an interface for RESTful storage services. Delivers a list of short names for a resource. The list is used by kubectl to have short names representation of resources. -type ShortNamesProvider interface { - ShortNames() []string -} - -// CategoriesProvider allows a resource to specify which groups of resources (categories) it's part of. Categories can -// be used by API clients to refer to a batch of resources by using a single name (e.g. "all" could translate to "pod,rc,svc,..."). -type CategoriesProvider interface { - Categories() []string -} - -// GroupVersionKindProvider is used to specify a particular GroupVersionKind to discovery. This is used for polymorphic endpoints -// which generally point to foreign versions. Scale refers to Scale.v1beta1.extensions for instance. -// This trumps KindProvider since it is capable of providing the information required. -// TODO KindProvider (only used by federation) should be removed and replaced with this, but that presents greater risk late in 1.8. -type GroupVersionKindProvider interface { - GroupVersionKind(containingGV schema.GroupVersion) schema.GroupVersionKind -} - -// GroupVersionAcceptor is used to determine if a particular GroupVersion is acceptable to send to an endpoint. -// This is used for endpoints which accept multiple versions (which is extremely rare). -// The only known instance is pods/evictions which accepts policy/v1, but also policy/v1beta1 for backwards compatibility. -type GroupVersionAcceptor interface { - AcceptsGroupVersion(gv schema.GroupVersion) bool -} - -// Lister is an object that can retrieve resources that match the provided field and label criteria. -type Lister interface { - // NewList returns an empty object that can be used with the List call. - // This object must be a pointer type for use with Codec.DecodeInto([]byte, runtime.Object) - NewList() runtime.Object - // List selects resources in the storage which match to the selector. 'options' can be nil. - List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) - // TableConvertor ensures all list implementers also implement table conversion - TableConvertor -} - -// Getter is an object that can retrieve a named RESTful resource. -type Getter interface { - // Get finds a resource in the storage by name and returns it. - // Although it can return an arbitrary error value, IsNotFound(err) is true for the - // returned error value err when the specified resource is not found. - Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) -} - -// GetterWithOptions is an object that retrieve a named RESTful resource and takes -// additional options on the get request. It allows a caller to also receive the -// subpath of the GET request. -type GetterWithOptions interface { - // Get finds a resource in the storage by name and returns it. - // Although it can return an arbitrary error value, IsNotFound(err) is true for the - // returned error value err when the specified resource is not found. - // The options object passed to it is of the same type returned by the NewGetOptions - // method. - // TODO: Pass metav1.GetOptions. - Get(ctx context.Context, name string, options runtime.Object) (runtime.Object, error) - - // NewGetOptions returns an empty options object that will be used to pass - // options to the Get method. It may return a bool and a string, if true, the - // value of the request path below the object will be included as the named - // string in the serialization of the runtime object. E.g., returning "path" - // will convert the trailing request scheme value to "path" in the map[string][]string - // passed to the converter. - NewGetOptions() (runtime.Object, bool, string) -} - -type TableConvertor interface { - ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) -} - -// GracefulDeleter knows how to pass deletion options to allow delayed deletion of a -// RESTful object. -type GracefulDeleter interface { - // Delete finds a resource in the storage and deletes it. - // The delete attempt is validated by the deleteValidation first. - // If options are provided, the resource will attempt to honor them or return an invalid - // request error. - // Although it can return an arbitrary error value, IsNotFound(err) is true for the - // returned error value err when the specified resource is not found. - // Delete *may* return the object that was deleted, or a status object indicating additional - // information about deletion. - // It also returns a boolean which is set to true if the resource was instantly - // deleted or false if it will be deleted asynchronously. - Delete(ctx context.Context, name string, deleteValidation ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error) -} - -// MayReturnFullObjectDeleter may return deleted object (instead of a simple status) on deletion. -type MayReturnFullObjectDeleter interface { - DeleteReturnsDeletedObject() bool -} - -// CollectionDeleter is an object that can delete a collection -// of RESTful resources. -type CollectionDeleter interface { - // DeleteCollection selects all resources in the storage matching given 'listOptions' - // and deletes them. The delete attempt is validated by the deleteValidation first. - // If 'options' are provided, the resource will attempt to honor them or return an - // invalid request error. - // DeleteCollection may not be atomic - i.e. it may delete some objects and still - // return an error after it. On success, returns a list of deleted objects. - DeleteCollection(ctx context.Context, deleteValidation ValidateObjectFunc, options *metav1.DeleteOptions, listOptions *metainternalversion.ListOptions) (runtime.Object, error) -} - -// Creater is an object that can create an instance of a RESTful object. -type Creater interface { - // New returns an empty object that can be used with Create after request data has been put into it. - // This object must be a pointer type for use with Codec.DecodeInto([]byte, runtime.Object) - New() runtime.Object - - // Create creates a new version of a resource. - Create(ctx context.Context, obj runtime.Object, createValidation ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) -} - -// NamedCreater is an object that can create an instance of a RESTful object using a name parameter. -type NamedCreater interface { - // New returns an empty object that can be used with Create after request data has been put into it. - // This object must be a pointer type for use with Codec.DecodeInto([]byte, runtime.Object) - New() runtime.Object - - // Create creates a new version of a resource. It expects a name parameter from the path. - // This is needed for create operations on subresources which include the name of the parent - // resource in the path. - Create(ctx context.Context, name string, obj runtime.Object, createValidation ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) -} - -// UpdatedObjectInfo provides information about an updated object to an Updater. -// It requires access to the old object in order to return the newly updated object. -type UpdatedObjectInfo interface { - // Returns preconditions built from the updated object, if applicable. - // May return nil, or a preconditions object containing nil fields, - // if no preconditions can be determined from the updated object. - Preconditions() *metav1.Preconditions - - // UpdatedObject returns the updated object, given a context and old object. - // The only time an empty oldObj should be passed in is if a "create on update" is occurring (there is no oldObj). - UpdatedObject(ctx context.Context, oldObj runtime.Object) (newObj runtime.Object, err error) -} - -// ValidateObjectFunc is a function to act on a given object. An error may be returned -// if the hook cannot be completed. A ValidateObjectFunc may NOT transform the provided -// object. -type ValidateObjectFunc func(ctx context.Context, obj runtime.Object) error - -// ValidateAllObjectFunc is a "admit everything" instance of ValidateObjectFunc. -func ValidateAllObjectFunc(ctx context.Context, obj runtime.Object) error { - return nil -} - -// ValidateObjectUpdateFunc is a function to act on a given object and its predecessor. -// An error may be returned if the hook cannot be completed. An UpdateObjectFunc -// may NOT transform the provided object. -type ValidateObjectUpdateFunc func(ctx context.Context, obj, old runtime.Object) error - -// ValidateAllObjectUpdateFunc is a "admit everything" instance of ValidateObjectUpdateFunc. -func ValidateAllObjectUpdateFunc(ctx context.Context, obj, old runtime.Object) error { - return nil -} - -// Updater is an object that can update an instance of a RESTful object. -type Updater interface { - // New returns an empty object that can be used with Update after request data has been put into it. - // This object must be a pointer type for use with Codec.DecodeInto([]byte, runtime.Object) - New() runtime.Object - - // Update finds a resource in the storage and updates it. Some implementations - // may allow updates creates the object - they should set the created boolean - // to true. - Update(ctx context.Context, name string, objInfo UpdatedObjectInfo, createValidation ValidateObjectFunc, updateValidation ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) -} - -// CreaterUpdater is a storage object that must support both create and update. -// Go prevents embedded interfaces that implement the same method. -type CreaterUpdater interface { - Creater - Update(ctx context.Context, name string, objInfo UpdatedObjectInfo, createValidation ValidateObjectFunc, updateValidation ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) -} - -// CreaterUpdater must satisfy the Updater interface. -var _ Updater = CreaterUpdater(nil) - -// Patcher is a storage object that supports both get and update. -type Patcher interface { - Getter - Updater -} - -// Watcher should be implemented by all Storage objects that -// want to offer the ability to watch for changes through the watch api. -type Watcher interface { - // 'label' selects on labels; 'field' selects on the object's fields. Not all fields - // are supported; an error should be returned if 'field' tries to select on a field that - // isn't supported. 'resourceVersion' allows for continuing/starting a watch at a - // particular version. - Watch(ctx context.Context, options *metainternalversion.ListOptions) (watch.Interface, error) -} - -// StandardStorage is an interface covering the common verbs. Provided for testing whether a -// resource satisfies the normal storage methods. Use Storage when passing opaque storage objects. -type StandardStorage interface { - Getter - Lister - CreaterUpdater - GracefulDeleter - CollectionDeleter - Watcher - - // Destroy cleans up its resources on shutdown. - // Destroy has to be implemented in thread-safe way and be prepared - // for being called more than once. - Destroy() -} - -// Redirector know how to return a remote resource's location. -type Redirector interface { - // ResourceLocation should return the remote location of the given resource, and an optional transport to use to request it, or an error. - ResourceLocation(ctx context.Context, id string) (remoteLocation *url.URL, transport http.RoundTripper, err error) -} - -// Responder abstracts the normal response behavior for a REST method and is passed to callers that -// may wish to handle the response directly in some cases, but delegate to the normal error or object -// behavior in other cases. -type Responder interface { - // Object writes the provided object to the response. Invoking this method multiple times is undefined. - Object(statusCode int, obj runtime.Object) - // Error writes the provided error to the response. This method may only be invoked once. - Error(err error) -} - -// Connecter is a storage object that responds to a connection request. -type Connecter interface { - // Connect returns an http.Handler that will handle the request/response for a given API invocation. - // The provided responder may be used for common API responses. The responder will write both status - // code and body, so the ServeHTTP method should exit after invoking the responder. The Handler will - // be used for a single API request and then discarded. The Responder is guaranteed to write to the - // same http.ResponseWriter passed to ServeHTTP. - Connect(ctx context.Context, id string, options runtime.Object, r Responder) (http.Handler, error) - - // NewConnectOptions returns an empty options object that will be used to pass - // options to the Connect method. If nil, then a nil options object is passed to - // Connect. It may return a bool and a string. If true, the value of the request - // path below the object will be included as the named string in the serialization - // of the runtime object. - NewConnectOptions() (runtime.Object, bool, string) - - // ConnectMethods returns the list of HTTP methods handled by Connect - ConnectMethods() []string -} - -// ResourceStreamer is an interface implemented by objects that prefer to be streamed from the server -// instead of decoded directly. -type ResourceStreamer interface { - // InputStream should return an io.ReadCloser if the provided object supports streaming. The desired - // api version and an accept header (may be empty) are passed to the call. If no error occurs, - // the caller may return a flag indicating whether the result should be flushed as writes occur - // and a content type string that indicates the type of the stream. - // If a null stream is returned, a StatusNoContent response wil be generated. - InputStream(ctx context.Context, apiVersion, acceptHeader string) (stream io.ReadCloser, flush bool, mimeType string, err error) -} - -// StorageMetadata is an optional interface that callers can implement to provide additional -// information about their Storage objects. -type StorageMetadata interface { - // ProducesMIMETypes returns a list of the MIME types the specified HTTP verb (GET, POST, DELETE, - // PATCH) can respond with. - ProducesMIMETypes(verb string) []string - - // ProducesObject returns an object the specified HTTP verb respond with. It will overwrite storage object if - // it is not nil. Only the type of the return object matters, the value will be ignored. - ProducesObject(verb string) interface{} -} - -// StorageVersionProvider is an optional interface that a storage object can -// implement if it wishes to disclose its storage version. -type StorageVersionProvider interface { - // StorageVersion returns a group versioner, which will outputs the gvk - // an object will be converted to before persisted in etcd, given a - // list of kinds the object might belong to. - StorageVersion() runtime.GroupVersioner -} - -// ResetFieldsStrategy is an optional interface that a storage object can -// implement if it wishes to provide the fields reset by its strategies. -type ResetFieldsStrategy interface { - GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set -} - -// CreateUpdateResetFieldsStrategy is a union of RESTCreateUpdateStrategy -// and ResetFieldsStrategy. -type CreateUpdateResetFieldsStrategy interface { - RESTCreateUpdateStrategy - ResetFieldsStrategy -} - -// UpdateResetFieldsStrategy is a union of RESTUpdateStrategy -// and ResetFieldsStrategy. -type UpdateResetFieldsStrategy interface { - RESTUpdateStrategy - ResetFieldsStrategy -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/table.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/table.go deleted file mode 100644 index 58d2803006..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/table.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - "net/http" - "time" - - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" -) - -type defaultTableConvertor struct { - defaultQualifiedResource schema.GroupResource -} - -// NewDefaultTableConvertor creates a default convertor; the provided resource is used for error messages -// if no resource info can be determined from the context passed to ConvertToTable. -func NewDefaultTableConvertor(defaultQualifiedResource schema.GroupResource) TableConvertor { - return defaultTableConvertor{defaultQualifiedResource: defaultQualifiedResource} -} - -var swaggerMetadataDescriptions = metav1.ObjectMeta{}.SwaggerDoc() - -func (c defaultTableConvertor) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - var table metav1.Table - fn := func(obj runtime.Object) error { - m, err := meta.Accessor(obj) - if err != nil { - resource := c.defaultQualifiedResource - if info, ok := genericapirequest.RequestInfoFrom(ctx); ok { - resource = schema.GroupResource{Group: info.APIGroup, Resource: info.Resource} - } - return errNotAcceptable{resource: resource} - } - table.Rows = append(table.Rows, metav1.TableRow{ - Cells: []interface{}{m.GetName(), m.GetCreationTimestamp().Time.UTC().Format(time.RFC3339)}, - Object: runtime.RawExtension{Object: obj}, - }) - return nil - } - switch { - case meta.IsListType(object): - if err := meta.EachListItem(object, fn); err != nil { - return nil, err - } - default: - if err := fn(object); err != nil { - return nil, err - } - } - if m, err := meta.ListAccessor(object); err == nil { - table.ResourceVersion = m.GetResourceVersion() - table.Continue = m.GetContinue() - table.RemainingItemCount = m.GetRemainingItemCount() - } else { - if m, err := meta.CommonAccessor(object); err == nil { - table.ResourceVersion = m.GetResourceVersion() - } - } - if opt, ok := tableOptions.(*metav1.TableOptions); !ok || !opt.NoHeaders { - table.ColumnDefinitions = []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: swaggerMetadataDescriptions["name"]}, - {Name: "Created At", Type: "date", Description: swaggerMetadataDescriptions["creationTimestamp"]}, - } - } - return &table, nil -} - -// errNotAcceptable indicates the resource doesn't support Table conversion -type errNotAcceptable struct { - resource schema.GroupResource -} - -func (e errNotAcceptable) Error() string { - return fmt.Sprintf("the resource %s does not support being converted to a Table", e.resource) -} - -func (e errNotAcceptable) Status() metav1.Status { - return metav1.Status{ - Status: metav1.StatusFailure, - Code: http.StatusNotAcceptable, - Reason: metav1.StatusReason("NotAcceptable"), - Message: e.Error(), - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/update.go b/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/update.go deleted file mode 100644 index dc63caf0b5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/registry/rest/update.go +++ /dev/null @@ -1,295 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - genericvalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/api/validation/path" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/admission" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/warning" -) - -// RESTUpdateStrategy defines the minimum validation, accepted input, and -// name generation behavior to update an object that follows Kubernetes -// API conventions. A resource may have many UpdateStrategies, depending on -// the call pattern in use. -type RESTUpdateStrategy interface { - runtime.ObjectTyper - // NamespaceScoped returns true if the object must be within a namespace. - NamespaceScoped() bool - // AllowCreateOnUpdate returns true if the object can be created by a PUT. - AllowCreateOnUpdate() bool - // PrepareForUpdate is invoked on update before validation to normalize - // the object. For example: remove fields that are not to be persisted, - // sort order-insensitive list fields, etc. This should not remove fields - // whose presence would be considered a validation error. - PrepareForUpdate(ctx context.Context, obj, old runtime.Object) - // ValidateUpdate is invoked after default fields in the object have been - // filled in before the object is persisted. This method should not mutate - // the object. - ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList - // WarningsOnUpdate returns warnings to the client performing the update. - // WarningsOnUpdate is invoked after default fields in the object have been filled in - // and after ValidateUpdate has passed, before Canonicalize is called, and before the object is persisted. - // This method must not mutate either object. - // - // Be brief; limit warnings to 120 characters if possible. - // Don't include a "Warning:" prefix in the message (that is added by clients on output). - // Warnings returned about a specific field should be formatted as "path.to.field: message". - // For example: `spec.imagePullSecrets[0].name: invalid empty name ""` - // - // Use warning messages to describe problems the client making the API request should correct or be aware of. - // For example: - // - use of deprecated fields/labels/annotations that will stop working in a future release - // - use of obsolete fields/labels/annotations that are non-functional - // - malformed or invalid specifications that prevent successful handling of the submitted object, - // but are not rejected by validation for compatibility reasons - // - // Warnings should not be returned for fields which cannot be resolved by the caller. - // For example, do not warn about spec fields in a status update. - WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string - // Canonicalize allows an object to be mutated into a canonical form. This - // ensures that code that operates on these objects can rely on the common - // form for things like comparison. Canonicalize is invoked after - // validation has succeeded but before the object has been persisted. - // This method may mutate the object. - Canonicalize(obj runtime.Object) - // AllowUnconditionalUpdate returns true if the object can be updated - // unconditionally (irrespective of the latest resource version), when - // there is no resource version specified in the object. - AllowUnconditionalUpdate() bool -} - -// TODO: add other common fields that require global validation. -func validateCommonFields(obj, old runtime.Object, strategy RESTUpdateStrategy) (field.ErrorList, error) { - allErrs := field.ErrorList{} - objectMeta, err := meta.Accessor(obj) - if err != nil { - return nil, fmt.Errorf("failed to get new object metadata: %v", err) - } - oldObjectMeta, err := meta.Accessor(old) - if err != nil { - return nil, fmt.Errorf("failed to get old object metadata: %v", err) - } - allErrs = append(allErrs, genericvalidation.ValidateObjectMetaAccessor(objectMeta, strategy.NamespaceScoped(), path.ValidatePathSegmentName, field.NewPath("metadata"))...) - allErrs = append(allErrs, genericvalidation.ValidateObjectMetaAccessorUpdate(objectMeta, oldObjectMeta, field.NewPath("metadata"))...) - - return allErrs, nil -} - -// BeforeUpdate ensures that common operations for all resources are performed on update. It only returns -// errors that can be converted to api.Status. It will invoke update validation with the provided existing -// and updated objects. -// It sets zero values only if the object does not have a zero value for the respective field. -func BeforeUpdate(strategy RESTUpdateStrategy, ctx context.Context, obj, old runtime.Object) error { - objectMeta, kind, kerr := objectMetaAndKind(strategy, obj) - if kerr != nil { - return kerr - } - - // ensure namespace on the object is correct, or error if a conflicting namespace was set in the object - requestNamespace, ok := genericapirequest.NamespaceFrom(ctx) - if !ok { - return errors.NewInternalError(fmt.Errorf("no namespace information found in request context")) - } - if err := EnsureObjectNamespaceMatchesRequestNamespace(ExpectedNamespaceForScope(requestNamespace, strategy.NamespaceScoped()), objectMeta); err != nil { - return err - } - - // Ensure requests cannot update generation - oldMeta, err := meta.Accessor(old) - if err != nil { - return err - } - objectMeta.SetGeneration(oldMeta.GetGeneration()) - - strategy.PrepareForUpdate(ctx, obj, old) - - // Use the existing UID if none is provided - if len(objectMeta.GetUID()) == 0 { - objectMeta.SetUID(oldMeta.GetUID()) - } - // ignore changes to timestamp - if oldCreationTime := oldMeta.GetCreationTimestamp(); !oldCreationTime.IsZero() { - objectMeta.SetCreationTimestamp(oldMeta.GetCreationTimestamp()) - } - // an update can never remove/change a deletion timestamp - if !oldMeta.GetDeletionTimestamp().IsZero() { - objectMeta.SetDeletionTimestamp(oldMeta.GetDeletionTimestamp()) - } - // an update can never remove/change grace period seconds - if oldMeta.GetDeletionGracePeriodSeconds() != nil && objectMeta.GetDeletionGracePeriodSeconds() == nil { - objectMeta.SetDeletionGracePeriodSeconds(oldMeta.GetDeletionGracePeriodSeconds()) - } - - // Ensure some common fields, like UID, are validated for all resources. - errs, err := validateCommonFields(obj, old, strategy) - if err != nil { - return errors.NewInternalError(err) - } - - errs = append(errs, strategy.ValidateUpdate(ctx, obj, old)...) - if len(errs) > 0 { - return errors.NewInvalid(kind.GroupKind(), objectMeta.GetName(), errs) - } - - for _, w := range strategy.WarningsOnUpdate(ctx, obj, old) { - warning.AddWarning(ctx, "", w) - } - - strategy.Canonicalize(obj) - - return nil -} - -// TransformFunc is a function to transform and return newObj -type TransformFunc func(ctx context.Context, newObj runtime.Object, oldObj runtime.Object) (transformedNewObj runtime.Object, err error) - -// defaultUpdatedObjectInfo implements UpdatedObjectInfo -type defaultUpdatedObjectInfo struct { - // obj is the updated object - obj runtime.Object - - // transformers is an optional list of transforming functions that modify or - // replace obj using information from the context, old object, or other sources. - transformers []TransformFunc -} - -// DefaultUpdatedObjectInfo returns an UpdatedObjectInfo impl based on the specified object. -func DefaultUpdatedObjectInfo(obj runtime.Object, transformers ...TransformFunc) UpdatedObjectInfo { - return &defaultUpdatedObjectInfo{obj, transformers} -} - -// Preconditions satisfies the UpdatedObjectInfo interface. -func (i *defaultUpdatedObjectInfo) Preconditions() *metav1.Preconditions { - // Attempt to get the UID out of the object - accessor, err := meta.Accessor(i.obj) - if err != nil { - // If no UID can be read, no preconditions are possible - return nil - } - - // If empty, no preconditions needed - uid := accessor.GetUID() - if len(uid) == 0 { - return nil - } - - return &metav1.Preconditions{UID: &uid} -} - -// UpdatedObject satisfies the UpdatedObjectInfo interface. -// It returns a copy of the held obj, passed through any configured transformers. -func (i *defaultUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj runtime.Object) (runtime.Object, error) { - var err error - // Start with the configured object - newObj := i.obj - - // If the original is non-nil (might be nil if the first transformer builds the object from the oldObj), make a copy, - // so we don't return the original. BeforeUpdate can mutate the returned object, doing things like clearing ResourceVersion. - // If we're re-called, we need to be able to return the pristine version. - if newObj != nil { - newObj = newObj.DeepCopyObject() - } - - // Allow any configured transformers to update the new object - for _, transformer := range i.transformers { - newObj, err = transformer(ctx, newObj, oldObj) - if err != nil { - return nil, err - } - } - - return newObj, nil -} - -// wrappedUpdatedObjectInfo allows wrapping an existing objInfo and -// chaining additional transformations/checks on the result of UpdatedObject() -type wrappedUpdatedObjectInfo struct { - // obj is the updated object - objInfo UpdatedObjectInfo - - // transformers is an optional list of transforming functions that modify or - // replace obj using information from the context, old object, or other sources. - transformers []TransformFunc -} - -// WrapUpdatedObjectInfo returns an UpdatedObjectInfo impl that delegates to -// the specified objInfo, then calls the passed transformers -func WrapUpdatedObjectInfo(objInfo UpdatedObjectInfo, transformers ...TransformFunc) UpdatedObjectInfo { - return &wrappedUpdatedObjectInfo{objInfo, transformers} -} - -// Preconditions satisfies the UpdatedObjectInfo interface. -func (i *wrappedUpdatedObjectInfo) Preconditions() *metav1.Preconditions { - return i.objInfo.Preconditions() -} - -// UpdatedObject satisfies the UpdatedObjectInfo interface. -// It delegates to the wrapped objInfo and passes the result through any configured transformers. -func (i *wrappedUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj runtime.Object) (runtime.Object, error) { - newObj, err := i.objInfo.UpdatedObject(ctx, oldObj) - if err != nil { - return newObj, err - } - - // Allow any configured transformers to update the new object or error - for _, transformer := range i.transformers { - newObj, err = transformer(ctx, newObj, oldObj) - if err != nil { - return nil, err - } - } - - return newObj, nil -} - -// AdmissionToValidateObjectUpdateFunc converts validating admission to a rest validate object update func -func AdmissionToValidateObjectUpdateFunc(admit admission.Interface, staticAttributes admission.Attributes, o admission.ObjectInterfaces) ValidateObjectUpdateFunc { - validatingAdmission, ok := admit.(admission.ValidationInterface) - if !ok { - return func(ctx context.Context, obj, old runtime.Object) error { return nil } - } - return func(ctx context.Context, obj, old runtime.Object) error { - finalAttributes := admission.NewAttributesRecord( - obj, - old, - staticAttributes.GetKind(), - staticAttributes.GetNamespace(), - staticAttributes.GetName(), - staticAttributes.GetResource(), - staticAttributes.GetSubresource(), - staticAttributes.GetOperation(), - staticAttributes.GetOperationOptions(), - staticAttributes.IsDryRun(), - staticAttributes.GetUserInfo(), - ) - if !validatingAdmission.Handles(finalAttributes.GetOperation()) { - return nil - } - return validatingAdmission.Validate(ctx, finalAttributes, o) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/config.go b/etcd/vendor/k8s.io/apiserver/pkg/server/config.go deleted file mode 100644 index 7e34c6da7a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/config.go +++ /dev/null @@ -1,1109 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "context" - "crypto/sha256" - "encoding/base32" - "fmt" - "io/ioutil" - "net" - "net/http" - "os" - goruntime "runtime" - "runtime/debug" - "sort" - "strconv" - "strings" - "sync/atomic" - "time" - - jsonpatch "github.com/evanphx/json-patch" - "github.com/google/uuid" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - utilwaitgroup "k8s.io/apimachinery/pkg/util/waitgroup" - "k8s.io/apimachinery/pkg/version" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/authenticatorfactory" - authenticatorunion "k8s.io/apiserver/pkg/authentication/request/union" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/endpoints/discovery" - discoveryendpoint "k8s.io/apiserver/pkg/endpoints/discovery/aggregated" - "k8s.io/apiserver/pkg/endpoints/filterlatency" - genericapifilters "k8s.io/apiserver/pkg/endpoints/filters" - apiopenapi "k8s.io/apiserver/pkg/endpoints/openapi" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - genericfeatures "k8s.io/apiserver/pkg/features" - genericregistry "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - "k8s.io/apiserver/pkg/server/egressselector" - genericfilters "k8s.io/apiserver/pkg/server/filters" - "k8s.io/apiserver/pkg/server/healthz" - "k8s.io/apiserver/pkg/server/routes" - serverstore "k8s.io/apiserver/pkg/server/storage" - "k8s.io/apiserver/pkg/storageversion" - utilfeature "k8s.io/apiserver/pkg/util/feature" - utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" - flowcontrolrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/kubernetes/typed/core/v1" - restclient "k8s.io/client-go/rest" - "k8s.io/component-base/logs" - "k8s.io/component-base/metrics/features" - "k8s.io/component-base/metrics/prometheus/slis" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" - openapicommon "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/validation/spec" - "k8s.io/utils/clock" - utilsnet "k8s.io/utils/net" - - // install apis - _ "k8s.io/apiserver/pkg/apis/apiserver/install" -) - -const ( - // DefaultLegacyAPIPrefix is where the legacy APIs will be located. - DefaultLegacyAPIPrefix = "/api" - - // APIGroupPrefix is where non-legacy API group will be located. - APIGroupPrefix = "/apis" -) - -// Config is a structure used to configure a GenericAPIServer. -// Its members are sorted roughly in order of importance for composers. -type Config struct { - // SecureServing is required to serve https - SecureServing *SecureServingInfo - - // Authentication is the configuration for authentication - Authentication AuthenticationInfo - - // Authorization is the configuration for authorization - Authorization AuthorizationInfo - - // LoopbackClientConfig is a config for a privileged loopback connection to the API server - // This is required for proper functioning of the PostStartHooks on a GenericAPIServer - // TODO: move into SecureServing(WithLoopback) as soon as insecure serving is gone - LoopbackClientConfig *restclient.Config - - // EgressSelector provides a lookup mechanism for dialing outbound connections. - // It does so based on a EgressSelectorConfiguration which was read at startup. - EgressSelector *egressselector.EgressSelector - - // RuleResolver is required to get the list of rules that apply to a given user - // in a given namespace - RuleResolver authorizer.RuleResolver - // AdmissionControl performs deep inspection of a given request (including content) - // to set values and determine whether its allowed - AdmissionControl admission.Interface - CorsAllowedOriginList []string - HSTSDirectives []string - // FlowControl, if not nil, gives priority and fairness to request handling - FlowControl utilflowcontrol.Interface - - EnableIndex bool - EnableProfiling bool - EnableDiscovery bool - - // Requires generic profiling enabled - EnableContentionProfiling bool - EnableMetrics bool - - DisabledPostStartHooks sets.String - // done values in this values for this map are ignored. - PostStartHooks map[string]PostStartHookConfigEntry - - // Version will enable the /version endpoint if non-nil - Version *version.Info - // AuditBackend is where audit events are sent to. - AuditBackend audit.Backend - // AuditPolicyRuleEvaluator makes the decision of whether and how to audit log a request. - AuditPolicyRuleEvaluator audit.PolicyRuleEvaluator - // ExternalAddress is the host name to use for external (public internet) facing URLs (e.g. Swagger) - // Will default to a value based on secure serving info and available ipv4 IPs. - ExternalAddress string - - // TracerProvider can provide a tracer, which records spans for distributed tracing. - TracerProvider tracing.TracerProvider - - //=========================================================================== - // Fields you probably don't care about changing - //=========================================================================== - - // BuildHandlerChainFunc allows you to build custom handler chains by decorating the apiHandler. - BuildHandlerChainFunc func(apiHandler http.Handler, c *Config) (secure http.Handler) - // HandlerChainWaitGroup allows you to wait for all chain handlers exit after the server shutdown. - HandlerChainWaitGroup *utilwaitgroup.SafeWaitGroup - // DiscoveryAddresses is used to build the IPs pass to discovery. If nil, the ExternalAddress is - // always reported - DiscoveryAddresses discovery.Addresses - // The default set of healthz checks. There might be more added via AddHealthChecks dynamically. - HealthzChecks []healthz.HealthChecker - // The default set of livez checks. There might be more added via AddHealthChecks dynamically. - LivezChecks []healthz.HealthChecker - // The default set of readyz-only checks. There might be more added via AddReadyzChecks dynamically. - ReadyzChecks []healthz.HealthChecker - // LegacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests - // to InstallLegacyAPIGroup. New API servers don't generally have legacy groups at all. - LegacyAPIGroupPrefixes sets.String - // RequestInfoResolver is used to assign attributes (used by admission and authorization) based on a request URL. - // Use-cases that are like kubelets may need to customize this. - RequestInfoResolver apirequest.RequestInfoResolver - // Serializer is required and provides the interface for serializing and converting objects to and from the wire - // The default (api.Codecs) usually works fine. - Serializer runtime.NegotiatedSerializer - // OpenAPIConfig will be used in generating OpenAPI spec. This is nil by default. Use DefaultOpenAPIConfig for "working" defaults. - OpenAPIConfig *openapicommon.Config - // OpenAPIV3Config will be used in generating OpenAPI V3 spec. This is nil by default. Use DefaultOpenAPIV3Config for "working" defaults. - OpenAPIV3Config *openapicommon.Config - // SkipOpenAPIInstallation avoids installing the OpenAPI handler if set to true. - SkipOpenAPIInstallation bool - - // RESTOptionsGetter is used to construct RESTStorage types via the generic registry. - RESTOptionsGetter genericregistry.RESTOptionsGetter - - // If specified, all requests except those which match the LongRunningFunc predicate will timeout - // after this duration. - RequestTimeout time.Duration - // If specified, long running requests such as watch will be allocated a random timeout between this value, and - // twice this value. Note that it is up to the request handlers to ignore or honor this timeout. In seconds. - MinRequestTimeout int - - // This represents the maximum amount of time it should take for apiserver to complete its startup - // sequence and become healthy. From apiserver's start time to when this amount of time has - // elapsed, /livez will assume that unfinished post-start hooks will complete successfully and - // therefore return true. - LivezGracePeriod time.Duration - // ShutdownDelayDuration allows to block shutdown for some time, e.g. until endpoints pointing to this API server - // have converged on all node. During this time, the API server keeps serving, /healthz will return 200, - // but /readyz will return failure. - ShutdownDelayDuration time.Duration - - // The limit on the total size increase all "copy" operations in a json - // patch may cause. - // This affects all places that applies json patch in the binary. - JSONPatchMaxCopyBytes int64 - // The limit on the request size that would be accepted and decoded in a write request - // 0 means no limit. - MaxRequestBodyBytes int64 - // MaxRequestsInFlight is the maximum number of parallel non-long-running requests. Every further - // request has to wait. Applies only to non-mutating requests. - MaxRequestsInFlight int - // MaxMutatingRequestsInFlight is the maximum number of parallel mutating requests. Every further - // request has to wait. - MaxMutatingRequestsInFlight int - // Predicate which is true for paths of long-running http requests - LongRunningFunc apirequest.LongRunningRequestCheck - - // GoawayChance is the probability that send a GOAWAY to HTTP/2 clients. When client received - // GOAWAY, the in-flight requests will not be affected and new requests will use - // a new TCP connection to triggering re-balancing to another server behind the load balance. - // Default to 0, means never send GOAWAY. Max is 0.02 to prevent break the apiserver. - GoawayChance float64 - - // MergedResourceConfig indicates which groupVersion enabled and its resources enabled/disabled. - // This is composed of genericapiserver defaultAPIResourceConfig and those parsed from flags. - // If not specify any in flags, then genericapiserver will only enable defaultAPIResourceConfig. - MergedResourceConfig *serverstore.ResourceConfig - - // lifecycleSignals provides access to the various signals - // that happen during lifecycle of the apiserver. - // it's intentionally marked private as it should never be overridden. - lifecycleSignals lifecycleSignals - - // StorageObjectCountTracker is used to keep track of the total number of objects - // in the storage per resource, so we can estimate width of incoming requests. - StorageObjectCountTracker flowcontrolrequest.StorageObjectCountTracker - - // ShutdownSendRetryAfter dictates when to initiate shutdown of the HTTP - // Server during the graceful termination of the apiserver. If true, we wait - // for non longrunning requests in flight to be drained and then initiate a - // shutdown of the HTTP Server. If false, we initiate a shutdown of the HTTP - // Server as soon as ShutdownDelayDuration has elapsed. - // If enabled, after ShutdownDelayDuration elapses, any incoming request is - // rejected with a 429 status code and a 'Retry-After' response. - ShutdownSendRetryAfter bool - - // EventSink receives events about the life cycle of the API server, e.g. readiness, serving, signals and termination. - EventSink EventSink - - //=========================================================================== - // values below here are targets for removal - //=========================================================================== - - // PublicAddress is the IP address where members of the cluster (kubelet, - // kube-proxy, services, etc.) can reach the GenericAPIServer. - // If nil or 0.0.0.0, the host's default interface will be used. - PublicAddress net.IP - - // EquivalentResourceRegistry provides information about resources equivalent to a given resource, - // and the kind associated with a given resource. As resources are installed, they are registered here. - EquivalentResourceRegistry runtime.EquivalentResourceRegistry - - // APIServerID is the ID of this API server - APIServerID string - - // StorageVersionManager holds the storage versions of the API resources installed by this server. - StorageVersionManager storageversion.Manager - - // AggregatedDiscoveryGroupManager serves /apis in an aggregated form. - AggregatedDiscoveryGroupManager discoveryendpoint.ResourceManager - - // SendRetryAfterWhileNotReadyOnce, if enabled, the apiserver will - // reject all incoming requests with a 503 status code and a - // 'Retry-After' response header until the apiserver has fully - // initialized, except for requests from a designated debugger group. - // This option ensures that the system stays consistent even when - // requests are received before the server has been initialized. - // In particular, it prevents child deletion in case of GC or/and - // orphaned content in case of the namespaces controller. - // NOTE: this option is applicable to Microshift only, - // this should never be enabled for OCP. - SendRetryAfterWhileNotReadyOnce bool -} - -// EventSink allows to create events. -type EventSink interface { - Create(event *corev1.Event) (*corev1.Event, error) -} - -type RecommendedConfig struct { - Config - - // SharedInformerFactory provides shared informers for Kubernetes resources. This value is set by - // RecommendedOptions.CoreAPI.ApplyTo called by RecommendedOptions.ApplyTo. It uses an in-cluster client config - // by default, or the kubeconfig given with kubeconfig command line flag. - SharedInformerFactory informers.SharedInformerFactory - - // ClientConfig holds the kubernetes client configuration. - // This value is set by RecommendedOptions.CoreAPI.ApplyTo called by RecommendedOptions.ApplyTo. - // By default in-cluster client config is used. - ClientConfig *restclient.Config -} - -type SecureServingInfo struct { - // Listener is the secure server network listener. - Listener net.Listener - - // Cert is the main server cert which is used if SNI does not match. Cert must be non-nil and is - // allowed to be in SNICerts. - Cert dynamiccertificates.CertKeyContentProvider - - // SNICerts are the TLS certificates used for SNI. - SNICerts []dynamiccertificates.SNICertKeyContentProvider - - // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates - ClientCA dynamiccertificates.CAContentProvider - - // MinTLSVersion optionally overrides the minimum TLS version supported. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - MinTLSVersion uint16 - - // CipherSuites optionally overrides the list of allowed cipher suites for the server. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - CipherSuites []uint16 - - // HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client. - // A value of zero means to use the default provided by golang's HTTP/2 support. - HTTP2MaxStreamsPerConnection int - - // DisableHTTP2 indicates that http2 should not be enabled. - DisableHTTP2 bool -} - -type AuthenticationInfo struct { - // APIAudiences is a list of identifier that the API identifies as. This is - // used by some authenticators to validate audience bound credentials. - APIAudiences authenticator.Audiences - // Authenticator determines which subject is making the request - Authenticator authenticator.Request -} - -type AuthorizationInfo struct { - // Authorizer determines whether the subject is allowed to make the request based only - // on the RequestURI - Authorizer authorizer.Authorizer -} - -func init() { - utilruntime.Must(features.AddFeatureGates(utilfeature.DefaultMutableFeatureGate)) -} - -// NewConfig returns a Config struct with the default values -func NewConfig(codecs serializer.CodecFactory) *Config { - defaultHealthChecks := []healthz.HealthChecker{healthz.PingHealthz, healthz.LogHealthz} - var id string - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerIdentity) { - hostname, err := os.Hostname() - if err != nil { - klog.Fatalf("error getting hostname for apiserver identity: %v", err) - } - - hash := sha256.Sum256([]byte(hostname)) - id = "kube-apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16])) - } - lifecycleSignals := newLifecycleSignals() - - return &Config{ - Serializer: codecs, - BuildHandlerChainFunc: DefaultBuildHandlerChain, - HandlerChainWaitGroup: new(utilwaitgroup.SafeWaitGroup), - LegacyAPIGroupPrefixes: sets.NewString(DefaultLegacyAPIPrefix), - DisabledPostStartHooks: sets.NewString(), - PostStartHooks: map[string]PostStartHookConfigEntry{}, - HealthzChecks: append([]healthz.HealthChecker{}, defaultHealthChecks...), - ReadyzChecks: append([]healthz.HealthChecker{}, defaultHealthChecks...), - LivezChecks: append([]healthz.HealthChecker{}, defaultHealthChecks...), - EnableIndex: true, - EnableDiscovery: true, - EnableProfiling: true, - EnableMetrics: true, - MaxRequestsInFlight: 400, - MaxMutatingRequestsInFlight: 200, - RequestTimeout: time.Duration(60) * time.Second, - MinRequestTimeout: 1800, - LivezGracePeriod: time.Duration(0), - ShutdownDelayDuration: time.Duration(0), - // 1.5MB is the default client request size in bytes - // the etcd server should accept. See - // https://github.com/etcd-io/etcd/blob/release-3.4/embed/config.go#L56. - // A request body might be encoded in json, and is converted to - // proto when persisted in etcd, so we allow 2x as the largest size - // increase the "copy" operations in a json patch may cause. - JSONPatchMaxCopyBytes: int64(3 * 1024 * 1024), - // 1.5MB is the recommended client request size in byte - // the etcd server should accept. See - // https://github.com/etcd-io/etcd/blob/release-3.4/embed/config.go#L56. - // A request body might be encoded in json, and is converted to - // proto when persisted in etcd, so we allow 2x as the largest request - // body size to be accepted and decoded in a write request. - // If this constant is changed, DefaultMaxRequestSizeBytes in k8s.io/apiserver/pkg/cel/limits.go - // should be changed to reflect the new value, if the two haven't - // been wired together already somehow. - MaxRequestBodyBytes: int64(3 * 1024 * 1024), - - // Default to treating watch as a long-running operation - // Generic API servers have no inherent long-running subresources - LongRunningFunc: genericfilters.BasicLongRunningRequestCheck(sets.NewString("watch"), sets.NewString()), - lifecycleSignals: lifecycleSignals, - StorageObjectCountTracker: flowcontrolrequest.NewStorageObjectCountTracker(), - - APIServerID: id, - StorageVersionManager: storageversion.NewDefaultManager(), - TracerProvider: tracing.NewNoopTracerProvider(), - } -} - -// NewRecommendedConfig returns a RecommendedConfig struct with the default values -func NewRecommendedConfig(codecs serializer.CodecFactory) *RecommendedConfig { - return &RecommendedConfig{ - Config: *NewConfig(codecs), - } -} - -// DefaultOpenAPIConfig provides the default OpenAPIConfig used to build the OpenAPI V2 spec -func DefaultOpenAPIConfig(getDefinitions openapicommon.GetOpenAPIDefinitions, defNamer *apiopenapi.DefinitionNamer) *openapicommon.Config { - return &openapicommon.Config{ - ProtocolList: []string{"https"}, - IgnorePrefixes: []string{}, - Info: &spec.Info{ - InfoProps: spec.InfoProps{ - Title: "Generic API Server", - }, - }, - DefaultResponse: &spec.Response{ - ResponseProps: spec.ResponseProps{ - Description: "Default Response.", - }, - }, - GetOperationIDAndTags: apiopenapi.GetOperationIDAndTags, - GetDefinitionName: defNamer.GetDefinitionName, - GetDefinitions: getDefinitions, - } -} - -// DefaultOpenAPIV3Config provides the default OpenAPIV3Config used to build the OpenAPI V3 spec -func DefaultOpenAPIV3Config(getDefinitions openapicommon.GetOpenAPIDefinitions, defNamer *apiopenapi.DefinitionNamer) *openapicommon.Config { - defaultConfig := DefaultOpenAPIConfig(getDefinitions, defNamer) - defaultConfig.Definitions = getDefinitions(func(name string) spec.Ref { - defName, _ := defaultConfig.GetDefinitionName(name) - return spec.MustCreateRef("#/components/schemas/" + openapicommon.EscapeJsonPointer(defName)) - }) - - return defaultConfig -} - -func (c *AuthenticationInfo) ApplyClientCert(clientCA dynamiccertificates.CAContentProvider, servingInfo *SecureServingInfo) error { - if servingInfo == nil { - return nil - } - if clientCA == nil { - return nil - } - if servingInfo.ClientCA == nil { - servingInfo.ClientCA = clientCA - return nil - } - - servingInfo.ClientCA = dynamiccertificates.NewUnionCAContentProvider(servingInfo.ClientCA, clientCA) - return nil -} - -type completedConfig struct { - *Config - - //=========================================================================== - // values below here are filled in during completion - //=========================================================================== - - // SharedInformerFactory provides shared informers for resources - SharedInformerFactory informers.SharedInformerFactory -} - -type CompletedConfig struct { - // Embed a private pointer that cannot be instantiated outside of this package. - *completedConfig -} - -// AddHealthChecks adds a health check to our config to be exposed by the health endpoints -// of our configured apiserver. We should prefer this to adding healthChecks directly to -// the config unless we explicitly want to add a healthcheck only to a specific health endpoint. -func (c *Config) AddHealthChecks(healthChecks ...healthz.HealthChecker) { - c.HealthzChecks = append(c.HealthzChecks, healthChecks...) - c.LivezChecks = append(c.LivezChecks, healthChecks...) - c.ReadyzChecks = append(c.ReadyzChecks, healthChecks...) -} - -// AddReadyzChecks adds a health check to our config to be exposed by the readyz endpoint -// of our configured apiserver. -func (c *Config) AddReadyzChecks(healthChecks ...healthz.HealthChecker) { - c.ReadyzChecks = append(c.ReadyzChecks, healthChecks...) -} - -// AddPostStartHook allows you to add a PostStartHook that will later be added to the server itself in a New call. -// Name conflicts will cause an error. -func (c *Config) AddPostStartHook(name string, hook PostStartHookFunc) error { - if len(name) == 0 { - return fmt.Errorf("missing name") - } - if hook == nil { - return fmt.Errorf("hook func may not be nil: %q", name) - } - if c.DisabledPostStartHooks.Has(name) { - klog.V(1).Infof("skipping %q because it was explicitly disabled", name) - return nil - } - - if postStartHook, exists := c.PostStartHooks[name]; exists { - // this is programmer error, but it can be hard to debug - return fmt.Errorf("unable to add %q because it was already registered by: %s", name, postStartHook.originatingStack) - } - c.PostStartHooks[name] = PostStartHookConfigEntry{hook: hook, originatingStack: string(debug.Stack())} - - return nil -} - -// AddPostStartHookOrDie allows you to add a PostStartHook, but dies on failure. -func (c *Config) AddPostStartHookOrDie(name string, hook PostStartHookFunc) { - if err := c.AddPostStartHook(name, hook); err != nil { - klog.Fatalf("Error registering PostStartHook %q: %v", name, err) - } -} - -func completeOpenAPI(config *openapicommon.Config, version *version.Info) { - if config == nil { - return - } - if config.SecurityDefinitions != nil { - // Setup OpenAPI security: all APIs will have the same authentication for now. - config.DefaultSecurity = []map[string][]string{} - keys := []string{} - for k := range *config.SecurityDefinitions { - keys = append(keys, k) - } - sort.Strings(keys) - for _, k := range keys { - config.DefaultSecurity = append(config.DefaultSecurity, map[string][]string{k: {}}) - } - if config.CommonResponses == nil { - config.CommonResponses = map[int]spec.Response{} - } - if _, exists := config.CommonResponses[http.StatusUnauthorized]; !exists { - config.CommonResponses[http.StatusUnauthorized] = spec.Response{ - ResponseProps: spec.ResponseProps{ - Description: "Unauthorized", - }, - } - } - } - // make sure we populate info, and info.version, if not manually set - if config.Info == nil { - config.Info = &spec.Info{} - } - if config.Info.Version == "" { - if version != nil { - config.Info.Version = strings.Split(version.String(), "-")[0] - } else { - config.Info.Version = "unversioned" - } - } -} - -// DrainedNotify returns a lifecycle signal of genericapiserver already drained while shutting down. -func (c *Config) DrainedNotify() <-chan struct{} { - return c.lifecycleSignals.InFlightRequestsDrained.Signaled() -} - -// HasBeenReadySignal exposes a server's lifecycle signal which is signaled when the readyz endpoint succeeds for the first time. -func (c *Config) HasBeenReadySignal() <-chan struct{} { - return c.lifecycleSignals.HasBeenReady.Signaled() -} - -// Complete fills in any fields not set that are required to have valid data and can be derived -// from other fields. If you're going to `ApplyOptions`, do that first. It's mutating the receiver. -func (c *Config) Complete(informers informers.SharedInformerFactory) CompletedConfig { - if len(c.ExternalAddress) == 0 && c.PublicAddress != nil { - c.ExternalAddress = c.PublicAddress.String() - } - - // if there is no port, and we listen on one securely, use that one - if _, _, err := net.SplitHostPort(c.ExternalAddress); err != nil { - if c.SecureServing == nil { - klog.Fatalf("cannot derive external address port without listening on a secure port.") - } - _, port, err := c.SecureServing.HostPort() - if err != nil { - klog.Fatalf("cannot derive external address from the secure port: %v", err) - } - c.ExternalAddress = net.JoinHostPort(c.ExternalAddress, strconv.Itoa(port)) - } - - completeOpenAPI(c.OpenAPIConfig, c.Version) - completeOpenAPI(c.OpenAPIV3Config, c.Version) - - if c.DiscoveryAddresses == nil { - c.DiscoveryAddresses = discovery.DefaultAddresses{DefaultAddress: c.ExternalAddress} - } - - if c.EventSink == nil { - c.EventSink = nullEventSink{} - } - - AuthorizeClientBearerToken(c.LoopbackClientConfig, &c.Authentication, &c.Authorization) - - if c.RequestInfoResolver == nil { - c.RequestInfoResolver = NewRequestInfoResolver(c) - } - - if c.EquivalentResourceRegistry == nil { - if c.RESTOptionsGetter == nil { - c.EquivalentResourceRegistry = runtime.NewEquivalentResourceRegistry() - } else { - c.EquivalentResourceRegistry = runtime.NewEquivalentResourceRegistryWithIdentity(func(groupResource schema.GroupResource) string { - // use the storage prefix as the key if possible - if opts, err := c.RESTOptionsGetter.GetRESTOptions(groupResource); err == nil { - return opts.ResourcePrefix - } - // otherwise return "" to use the default key (parent GV name) - return "" - }) - } - } - - return CompletedConfig{&completedConfig{c, informers}} -} - -// Complete fills in any fields not set that are required to have valid data and can be derived -// from other fields. If you're going to `ApplyOptions`, do that first. It's mutating the receiver. -func (c *RecommendedConfig) Complete() CompletedConfig { - if c.ClientConfig != nil { - ref, err := eventReference() - if err != nil { - klog.Warningf("Failed to derive event reference, won't create events: %v", err) - c.EventSink = nullEventSink{} - } else { - ns := ref.Namespace - if len(ns) == 0 { - ns = "default" - } - c.EventSink = &v1.EventSinkImpl{ - Interface: kubernetes.NewForConfigOrDie(c.ClientConfig).CoreV1().Events(ns), - } - } - } - - return c.Config.Complete(c.SharedInformerFactory) -} - -func eventReference() (*corev1.ObjectReference, error) { - ns := os.Getenv("POD_NAMESPACE") - pod := os.Getenv("POD_NAME") - if len(ns) == 0 && len(pod) > 0 { - serviceAccountNamespaceFile := "/var/run/secrets/kubernetes.io/serviceaccount/namespace" - if _, err := os.Stat(serviceAccountNamespaceFile); err == nil { - bs, err := ioutil.ReadFile(serviceAccountNamespaceFile) - if err != nil { - return nil, err - } - ns = string(bs) - } - } - if len(ns) == 0 { - pod = "" - ns = "openshift-kube-apiserver" - } - if len(pod) == 0 { - return &corev1.ObjectReference{ - Kind: "Namespace", - Name: ns, - APIVersion: "v1", - }, nil - } - - return &corev1.ObjectReference{ - Kind: "Pod", - Namespace: ns, - Name: pod, - APIVersion: "v1", - }, nil -} - -// New creates a new server which logically combines the handling chain with the passed server. -// name is used to differentiate for logging. The handler chain in particular can be difficult as it starts delegating. -// delegationTarget may not be nil. -func (c completedConfig) New(name string, delegationTarget DelegationTarget) (*GenericAPIServer, error) { - if c.Serializer == nil { - return nil, fmt.Errorf("Genericapiserver.New() called with config.Serializer == nil") - } - if c.LoopbackClientConfig == nil { - return nil, fmt.Errorf("Genericapiserver.New() called with config.LoopbackClientConfig == nil") - } - if c.EquivalentResourceRegistry == nil { - return nil, fmt.Errorf("Genericapiserver.New() called with config.EquivalentResourceRegistry == nil") - } - - handlerChainBuilder := func(handler http.Handler) http.Handler { - return c.BuildHandlerChainFunc(handler, c.Config) - } - - apiServerHandler := NewAPIServerHandler(name, c.Serializer, handlerChainBuilder, delegationTarget.UnprotectedHandler()) - - s := &GenericAPIServer{ - discoveryAddresses: c.DiscoveryAddresses, - LoopbackClientConfig: c.LoopbackClientConfig, - legacyAPIGroupPrefixes: c.LegacyAPIGroupPrefixes, - admissionControl: c.AdmissionControl, - Serializer: c.Serializer, - AuditBackend: c.AuditBackend, - Authorizer: c.Authorization.Authorizer, - delegationTarget: delegationTarget, - EquivalentResourceRegistry: c.EquivalentResourceRegistry, - HandlerChainWaitGroup: c.HandlerChainWaitGroup, - Handler: apiServerHandler, - - listedPathProvider: apiServerHandler, - - minRequestTimeout: time.Duration(c.MinRequestTimeout) * time.Second, - ShutdownTimeout: c.RequestTimeout, - ShutdownDelayDuration: c.ShutdownDelayDuration, - SecureServingInfo: c.SecureServing, - ExternalAddress: c.ExternalAddress, - - openAPIConfig: c.OpenAPIConfig, - openAPIV3Config: c.OpenAPIV3Config, - skipOpenAPIInstallation: c.SkipOpenAPIInstallation, - - postStartHooks: map[string]postStartHookEntry{}, - preShutdownHooks: map[string]preShutdownHookEntry{}, - disabledPostStartHooks: c.DisabledPostStartHooks, - - healthzChecks: c.HealthzChecks, - livezChecks: c.LivezChecks, - readyzChecks: c.ReadyzChecks, - livezGracePeriod: c.LivezGracePeriod, - - DiscoveryGroupManager: discovery.NewRootAPIsHandler(c.DiscoveryAddresses, c.Serializer), - - maxRequestBodyBytes: c.MaxRequestBodyBytes, - livezClock: clock.RealClock{}, - - lifecycleSignals: c.lifecycleSignals, - ShutdownSendRetryAfter: c.ShutdownSendRetryAfter, - - APIServerID: c.APIServerID, - StorageVersionManager: c.StorageVersionManager, - - Version: c.Version, - - muxAndDiscoveryCompleteSignals: map[string]<-chan struct{}{}, - - eventSink: c.EventSink, - } - - ref, err := eventReference() - if err != nil { - klog.Warningf("Failed to derive event reference, won't create events: %v", err) - c.EventSink = nullEventSink{} - } - s.eventRef = ref - - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.AggregatedDiscoveryEndpoint) { - manager := c.AggregatedDiscoveryGroupManager - if manager == nil { - manager = discoveryendpoint.NewResourceManager() - } - s.AggregatedDiscoveryGroupManager = manager - s.AggregatedLegacyDiscoveryGroupManager = discoveryendpoint.NewResourceManager() - } - for { - if c.JSONPatchMaxCopyBytes <= 0 { - break - } - existing := atomic.LoadInt64(&jsonpatch.AccumulatedCopySizeLimit) - if existing > 0 && existing < c.JSONPatchMaxCopyBytes { - break - } - if atomic.CompareAndSwapInt64(&jsonpatch.AccumulatedCopySizeLimit, existing, c.JSONPatchMaxCopyBytes) { - break - } - } - - // first add poststarthooks from delegated targets - for k, v := range delegationTarget.PostStartHooks() { - s.postStartHooks[k] = v - } - - for k, v := range delegationTarget.PreShutdownHooks() { - s.preShutdownHooks[k] = v - } - - // add poststarthooks that were preconfigured. Using the add method will give us an error if the same name has already been registered. - for name, preconfiguredPostStartHook := range c.PostStartHooks { - if err := s.AddPostStartHook(name, preconfiguredPostStartHook.hook); err != nil { - return nil, err - } - } - - // register mux signals from the delegated server - for k, v := range delegationTarget.MuxAndDiscoveryCompleteSignals() { - if err := s.RegisterMuxAndDiscoveryCompleteSignal(k, v); err != nil { - return nil, err - } - } - - genericApiServerHookName := "generic-apiserver-start-informers" - if c.SharedInformerFactory != nil { - if !s.isPostStartHookRegistered(genericApiServerHookName) { - err := s.AddPostStartHook(genericApiServerHookName, func(context PostStartHookContext) error { - c.SharedInformerFactory.Start(context.StopCh) - return nil - }) - if err != nil { - return nil, err - } - } - // TODO: Once we get rid of /healthz consider changing this to post-start-hook. - err := s.AddReadyzChecks(healthz.NewInformerSyncHealthz(c.SharedInformerFactory)) - if err != nil { - return nil, err - } - } - - const priorityAndFairnessConfigConsumerHookName = "priority-and-fairness-config-consumer" - if s.isPostStartHookRegistered(priorityAndFairnessConfigConsumerHookName) { - } else if c.FlowControl != nil { - err := s.AddPostStartHook(priorityAndFairnessConfigConsumerHookName, func(context PostStartHookContext) error { - go c.FlowControl.Run(context.StopCh) - return nil - }) - if err != nil { - return nil, err - } - // TODO(yue9944882): plumb pre-shutdown-hook for request-management system? - } else { - klog.V(3).Infof("Not requested to run hook %s", priorityAndFairnessConfigConsumerHookName) - } - - // Add PostStartHooks for maintaining the watermarks for the Priority-and-Fairness and the Max-in-Flight filters. - if c.FlowControl != nil { - const priorityAndFairnessFilterHookName = "priority-and-fairness-filter" - if !s.isPostStartHookRegistered(priorityAndFairnessFilterHookName) { - err := s.AddPostStartHook(priorityAndFairnessFilterHookName, func(context PostStartHookContext) error { - genericfilters.StartPriorityAndFairnessWatermarkMaintenance(context.StopCh) - return nil - }) - if err != nil { - return nil, err - } - } - } else { - const maxInFlightFilterHookName = "max-in-flight-filter" - if !s.isPostStartHookRegistered(maxInFlightFilterHookName) { - err := s.AddPostStartHook(maxInFlightFilterHookName, func(context PostStartHookContext) error { - genericfilters.StartMaxInFlightWatermarkMaintenance(context.StopCh) - return nil - }) - if err != nil { - return nil, err - } - } - } - - // Add PostStartHook for maintenaing the object count tracker. - if c.StorageObjectCountTracker != nil { - const storageObjectCountTrackerHookName = "storage-object-count-tracker-hook" - if !s.isPostStartHookRegistered(storageObjectCountTrackerHookName) { - if err := s.AddPostStartHook(storageObjectCountTrackerHookName, func(context PostStartHookContext) error { - go c.StorageObjectCountTracker.RunUntil(context.StopCh) - return nil - }); err != nil { - return nil, err - } - } - } - - for _, delegateCheck := range delegationTarget.HealthzChecks() { - skip := false - for _, existingCheck := range c.HealthzChecks { - if existingCheck.Name() == delegateCheck.Name() { - skip = true - break - } - } - if skip { - continue - } - s.AddHealthChecks(delegateCheck) - } - s.RegisterDestroyFunc(func() { - if err := c.Config.TracerProvider.Shutdown(context.Background()); err != nil { - klog.Errorf("failed to shut down tracer provider: %v", err) - } - }) - - s.listedPathProvider = routes.ListedPathProviders{s.listedPathProvider, delegationTarget} - - installAPI(s, c.Config) - - // use the UnprotectedHandler from the delegation target to ensure that we don't attempt to double authenticator, authorize, - // or some other part of the filter chain in delegation cases. - if delegationTarget.UnprotectedHandler() == nil && c.EnableIndex { - s.Handler.NonGoRestfulMux.NotFoundHandler(routes.IndexLister{ - StatusCode: http.StatusNotFound, - PathProvider: s.listedPathProvider, - }) - } - - return s, nil -} - -func BuildHandlerChainWithStorageVersionPrecondition(apiHandler http.Handler, c *Config) http.Handler { - // WithStorageVersionPrecondition needs the WithRequestInfo to run first - handler := genericapifilters.WithStorageVersionPrecondition(apiHandler, c.StorageVersionManager, c.Serializer) - return DefaultBuildHandlerChain(handler, c) -} - -func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler { - handler := filterlatency.TrackCompleted(apiHandler) - handler = genericapifilters.WithAuthorization(handler, c.Authorization.Authorizer, c.Serializer) - handler = filterlatency.TrackStarted(handler, c.TracerProvider, "authorization") - - if c.FlowControl != nil { - workEstimatorCfg := flowcontrolrequest.DefaultWorkEstimatorConfig() - requestWorkEstimator := flowcontrolrequest.NewWorkEstimator( - c.StorageObjectCountTracker.Get, c.FlowControl.GetInterestedWatchCount, workEstimatorCfg) - handler = filterlatency.TrackCompleted(handler) - handler = genericfilters.WithPriorityAndFairness(handler, c.LongRunningFunc, c.FlowControl, requestWorkEstimator) - handler = filterlatency.TrackStarted(handler, c.TracerProvider, "priorityandfairness") - } else { - handler = genericfilters.WithMaxInFlightLimit(handler, c.MaxRequestsInFlight, c.MaxMutatingRequestsInFlight, c.LongRunningFunc) - } - - if c.SendRetryAfterWhileNotReadyOnce { - handler = genericfilters.WithNotReady(handler, c.lifecycleSignals.HasBeenReady.Signaled()) - } - - handler = filterlatency.TrackCompleted(handler) - handler = genericapifilters.WithImpersonation(handler, c.Authorization.Authorizer, c.Serializer) - handler = filterlatency.TrackStarted(handler, c.TracerProvider, "impersonation") - - handler = filterlatency.TrackCompleted(handler) - handler = genericapifilters.WithAudit(handler, c.AuditBackend, c.AuditPolicyRuleEvaluator, c.LongRunningFunc) - handler = filterlatency.TrackStarted(handler, c.TracerProvider, "audit") - - failedHandler := genericapifilters.Unauthorized(c.Serializer) - failedHandler = genericapifilters.WithFailedAuthenticationAudit(failedHandler, c.AuditBackend, c.AuditPolicyRuleEvaluator) - - failedHandler = filterlatency.TrackCompleted(failedHandler) - handler = filterlatency.TrackCompleted(handler) - handler = genericapifilters.WithAuthentication(handler, c.Authentication.Authenticator, failedHandler, c.Authentication.APIAudiences) - handler = filterlatency.TrackStarted(handler, c.TracerProvider, "authentication") - - handler = genericfilters.WithCORS(handler, c.CorsAllowedOriginList, nil, nil, nil, "true") - - // WithTimeoutForNonLongRunningRequests will call the rest of the request handling in a go-routine with the - // context with deadline. The go-routine can keep running, while the timeout logic will return a timeout to the client. - handler = genericfilters.WithTimeoutForNonLongRunningRequests(handler, c.LongRunningFunc) - - handler = genericapifilters.WithRequestDeadline(handler, c.AuditBackend, c.AuditPolicyRuleEvaluator, - c.LongRunningFunc, c.Serializer, c.RequestTimeout) - handler = genericfilters.WithWaitGroup(handler, c.LongRunningFunc, c.HandlerChainWaitGroup) - handler = WithNonReadyRequestLogging(handler, c.lifecycleSignals.HasBeenReady) - handler = WithLateConnectionFilter(handler) - if c.SecureServing != nil && !c.SecureServing.DisableHTTP2 && c.GoawayChance > 0 { - handler = genericfilters.WithProbabilisticGoaway(handler, c.GoawayChance) - } - handler = genericapifilters.WithWarningRecorder(handler) - handler = genericapifilters.WithCacheControl(handler) - handler = genericfilters.WithHSTS(handler, c.HSTSDirectives) - if c.ShutdownSendRetryAfter { - handler = genericfilters.WithRetryAfter(handler, c.lifecycleSignals.NotAcceptingNewRequest.Signaled()) - } - handler = genericfilters.WithOptInRetryAfter(handler, c.newServerFullyInitializedFunc()) - handler = genericfilters.WithHTTPLogging(handler, c.newIsTerminatingFunc()) - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerTracing) { - handler = genericapifilters.WithTracing(handler, c.TracerProvider) - } - handler = genericapifilters.WithLatencyTrackers(handler) - handler = genericapifilters.WithRequestInfo(handler, c.RequestInfoResolver) - handler = genericapifilters.WithRequestReceivedTimestamp(handler) - handler = genericapifilters.WithMuxAndDiscoveryComplete(handler, c.lifecycleSignals.MuxAndDiscoveryComplete.Signaled()) - handler = genericfilters.WithPanicRecovery(handler, c.RequestInfoResolver) - handler = genericapifilters.WithAuditInit(handler) - return handler -} - -func installAPI(s *GenericAPIServer, c *Config) { - if c.EnableIndex { - routes.Index{}.Install(s.listedPathProvider, s.Handler.NonGoRestfulMux) - } - if c.EnableProfiling { - routes.Profiling{}.Install(s.Handler.NonGoRestfulMux) - if c.EnableContentionProfiling { - goruntime.SetBlockProfileRate(1) - } - // so far, only logging related endpoints are considered valid to add for these debug flags. - routes.DebugFlags{}.Install(s.Handler.NonGoRestfulMux, "v", routes.StringFlagPutHandler(logs.GlogSetter)) - } - - if c.EnableMetrics { - if c.EnableProfiling { - routes.MetricsWithReset{}.Install(s.Handler.NonGoRestfulMux) - if utilfeature.DefaultFeatureGate.Enabled(features.ComponentSLIs) { - slis.SLIMetricsWithReset{}.Install(s.Handler.NonGoRestfulMux) - } - } else { - routes.DefaultMetrics{}.Install(s.Handler.NonGoRestfulMux) - if utilfeature.DefaultFeatureGate.Enabled(features.ComponentSLIs) { - slis.SLIMetrics{}.Install(s.Handler.NonGoRestfulMux) - } - } - } - - routes.Version{Version: c.Version}.Install(s.Handler.GoRestfulContainer) - - if c.EnableDiscovery { - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.AggregatedDiscoveryEndpoint) { - wrapped := discoveryendpoint.WrapAggregatedDiscoveryToHandler(s.DiscoveryGroupManager, s.AggregatedDiscoveryGroupManager) - s.Handler.GoRestfulContainer.Add(wrapped.GenerateWebService("/apis", metav1.APIGroupList{})) - } else { - s.Handler.GoRestfulContainer.Add(s.DiscoveryGroupManager.WebService()) - } - } - if c.FlowControl != nil && utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIPriorityAndFairness) { - c.FlowControl.Install(s.Handler.NonGoRestfulMux) - } -} - -func NewRequestInfoResolver(c *Config) *apirequest.RequestInfoFactory { - apiPrefixes := sets.NewString(strings.Trim(APIGroupPrefix, "/")) // all possible API prefixes - legacyAPIPrefixes := sets.String{} // APIPrefixes that won't have groups (legacy) - for legacyAPIPrefix := range c.LegacyAPIGroupPrefixes { - apiPrefixes.Insert(strings.Trim(legacyAPIPrefix, "/")) - legacyAPIPrefixes.Insert(strings.Trim(legacyAPIPrefix, "/")) - } - - return &apirequest.RequestInfoFactory{ - APIPrefixes: apiPrefixes, - GrouplessAPIPrefixes: legacyAPIPrefixes, - } -} - -func (s *SecureServingInfo) HostPort() (string, int, error) { - if s == nil || s.Listener == nil { - return "", 0, fmt.Errorf("no listener found") - } - addr := s.Listener.Addr().String() - host, portStr, err := net.SplitHostPort(addr) - if err != nil { - return "", 0, fmt.Errorf("failed to get port from listener address %q: %v", addr, err) - } - port, err := utilsnet.ParsePort(portStr, true) - if err != nil { - return "", 0, fmt.Errorf("invalid non-numeric port %q", portStr) - } - return host, port, nil -} - -// AuthorizeClientBearerToken wraps the authenticator and authorizer in loopback authentication logic -// if the loopback client config is specified AND it has a bearer token. Note that if either authn or -// authz is nil, this function won't add a token authenticator or authorizer. -func AuthorizeClientBearerToken(loopback *restclient.Config, authn *AuthenticationInfo, authz *AuthorizationInfo) { - if loopback == nil || len(loopback.BearerToken) == 0 { - return - } - if authn == nil || authz == nil { - // prevent nil pointer panic - return - } - if authn.Authenticator == nil || authz.Authorizer == nil { - // authenticator or authorizer might be nil if we want to bypass authz/authn - // and we also do nothing in this case. - return - } - - privilegedLoopbackToken := loopback.BearerToken - var uid = uuid.New().String() - tokens := make(map[string]*user.DefaultInfo) - tokens[privilegedLoopbackToken] = &user.DefaultInfo{ - Name: user.APIServerUser, - UID: uid, - Groups: []string{user.SystemPrivilegedGroup}, - } - - tokenAuthenticator := authenticatorfactory.NewFromTokens(tokens, authn.APIAudiences) - authn.Authenticator = authenticatorunion.New(tokenAuthenticator, authn.Authenticator) -} - -type nullEventSink struct{} - -func (nullEventSink) Create(event *corev1.Event) (*corev1.Event, error) { - return nil, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/config_selfclient.go b/etcd/vendor/k8s.io/apiserver/pkg/server/config_selfclient.go deleted file mode 100644 index 9a224d3f75..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/config_selfclient.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "fmt" - "net" - - restclient "k8s.io/client-go/rest" - netutils "k8s.io/utils/net" -) - -// LoopbackClientServerNameOverride is passed to the apiserver from the loopback client in order to -// select the loopback certificate via SNI if TLS is used. -const LoopbackClientServerNameOverride = "apiserver-loopback-client" - -func (s *SecureServingInfo) NewClientConfig(caCert []byte) (*restclient.Config, error) { - if s == nil || (s.Cert == nil && len(s.SNICerts) == 0) { - return nil, nil - } - - host, port, err := LoopbackHostPort(s.Listener.Addr().String()) - if err != nil { - return nil, err - } - - return &restclient.Config{ - // Do not limit loopback client QPS. - QPS: -1, - Host: "https://" + net.JoinHostPort(host, port), - TLSClientConfig: restclient.TLSClientConfig{ - CAData: caCert, - }, - }, nil -} - -func (s *SecureServingInfo) NewLoopbackClientConfig(token string, loopbackCert []byte) (*restclient.Config, error) { - c, err := s.NewClientConfig(loopbackCert) - if err != nil || c == nil { - return c, err - } - - c.BearerToken = token - // override the ServerName to select our loopback certificate via SNI. This name is also - // used by the client to compare the returns server certificate against. - c.TLSClientConfig.ServerName = LoopbackClientServerNameOverride - - return c, nil -} - -// LoopbackHostPort returns the host and port loopback REST clients should use -// to contact the server. -func LoopbackHostPort(bindAddress string) (string, string, error) { - host, port, err := net.SplitHostPort(bindAddress) - if err != nil { - // should never happen - return "", "", fmt.Errorf("invalid server bind address: %q", bindAddress) - } - - isIPv6 := netutils.IsIPv6String(host) - - // Value is expected to be an IP or DNS name, not "0.0.0.0". - if host == "0.0.0.0" || host == "::" { - // Get ip of local interface, but fall back to "localhost". - // Note that "localhost" is resolved with the external nameserver first with Go's stdlib. - // So if localhost.<yoursearchdomain> resolves, we don't get a 127.0.0.1 as expected. - host = getLoopbackAddress(isIPv6) - } - return host, port, nil -} - -// getLoopbackAddress returns the ip address of local loopback interface. If any error occurs or loopback interface is not found, will fall back to "localhost" -func getLoopbackAddress(wantIPv6 bool) string { - addrs, err := net.InterfaceAddrs() - if err == nil { - for _, address := range addrs { - if ipnet, ok := address.(*net.IPNet); ok && ipnet.IP.IsLoopback() && wantIPv6 == netutils.IsIPv6(ipnet.IP) { - return ipnet.IP.String() - } - } - } - return "localhost" -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/deleted_kinds.go b/etcd/vendor/k8s.io/apiserver/pkg/server/deleted_kinds.go deleted file mode 100644 index f14ed9213d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/deleted_kinds.go +++ /dev/null @@ -1,201 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "os" - "strconv" - "strings" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - apimachineryversion "k8s.io/apimachinery/pkg/version" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/klog/v2" -) - -// resourceExpirationEvaluator holds info for deciding if a particular rest.Storage needs to excluded from the API -type resourceExpirationEvaluator struct { - currentMajor int - currentMinor int - isAlpha bool - // This is usually set for testing for which tests need to be removed. This prevent insta-failing CI. - // Set KUBE_APISERVER_STRICT_REMOVED_API_HANDLING_IN_ALPHA to see what will be removed when we tag beta - strictRemovedHandlingInAlpha bool - // This is usually set by a cluster-admin looking for a short-term escape hatch after something bad happened. - // This should be made a flag before merge - // Set KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE to prevent removing APIs for one more release. - serveRemovedAPIsOneMoreRelease bool -} - -// ResourceExpirationEvaluator indicates whether or not a resource should be served. -type ResourceExpirationEvaluator interface { - // RemoveDeletedKinds inspects the storage map and modifies it in place by removing storage for kinds that have been deleted. - // versionedResourcesStorageMap mirrors the field on APIGroupInfo, it's a map from version to resource to the storage. - RemoveDeletedKinds(groupName string, versioner runtime.ObjectVersioner, versionedResourcesStorageMap map[string]map[string]rest.Storage) - // ShouldServeForVersion returns true if a particular version cut off is after the current version - ShouldServeForVersion(majorRemoved, minorRemoved int) bool -} - -func NewResourceExpirationEvaluator(currentVersion apimachineryversion.Info) (ResourceExpirationEvaluator, error) { - ret := &resourceExpirationEvaluator{ - strictRemovedHandlingInAlpha: false, - } - if len(currentVersion.Major) > 0 { - currentMajor64, err := strconv.ParseInt(currentVersion.Major, 10, 32) - if err != nil { - return nil, err - } - ret.currentMajor = int(currentMajor64) - } - if len(currentVersion.Minor) > 0 { - // split the "normal" + and - for semver stuff - minorString := strings.Split(currentVersion.Minor, "+")[0] - minorString = strings.Split(minorString, "-")[0] - minorString = strings.Split(minorString, ".")[0] - currentMinor64, err := strconv.ParseInt(minorString, 10, 32) - if err != nil { - return nil, err - } - ret.currentMinor = int(currentMinor64) - } - - ret.isAlpha = strings.Contains(currentVersion.GitVersion, "alpha") - - if envString, ok := os.LookupEnv("KUBE_APISERVER_STRICT_REMOVED_API_HANDLING_IN_ALPHA"); !ok { - // do nothing - } else if envBool, err := strconv.ParseBool(envString); err != nil { - return nil, err - } else { - ret.strictRemovedHandlingInAlpha = envBool - } - - if envString, ok := os.LookupEnv("KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE"); !ok { - // do nothing - } else if envBool, err := strconv.ParseBool(envString); err != nil { - return nil, err - } else { - ret.serveRemovedAPIsOneMoreRelease = envBool - } - - return ret, nil -} - -func (e *resourceExpirationEvaluator) shouldServe(gv schema.GroupVersion, versioner runtime.ObjectVersioner, resourceServingInfo rest.Storage) bool { - internalPtr := resourceServingInfo.New() - - target := gv - // honor storage that overrides group version (used for things like scale subresources) - if versionProvider, ok := resourceServingInfo.(rest.GroupVersionKindProvider); ok { - target = versionProvider.GroupVersionKind(target).GroupVersion() - } - - versionedPtr, err := versioner.ConvertToVersion(internalPtr, target) - if err != nil { - utilruntime.HandleError(err) - return false - } - - removed, ok := versionedPtr.(removedInterface) - if !ok { - return true - } - majorRemoved, minorRemoved := removed.APILifecycleRemoved() - return e.ShouldServeForVersion(majorRemoved, minorRemoved) -} - -func (e *resourceExpirationEvaluator) ShouldServeForVersion(majorRemoved, minorRemoved int) bool { - if e.currentMajor < majorRemoved { - return true - } - if e.currentMajor > majorRemoved { - return false - } - if e.currentMinor < minorRemoved { - return true - } - if e.currentMinor > minorRemoved { - return false - } - // at this point major and minor are equal, so this API should be removed when the current release GAs. - // If this is an alpha tag, don't remove by default, but allow the option. - // If the cluster-admin has requested serving one more release, allow it. - if e.isAlpha && e.strictRemovedHandlingInAlpha { // don't serve in alpha if we want strict handling - return false - } - if e.isAlpha { // alphas are allowed to continue serving expired betas while we clean up the test - return true - } - if e.serveRemovedAPIsOneMoreRelease { // cluster-admins are allowed to kick the can one release down the road - return true - } - return false -} - -type removedInterface interface { - APILifecycleRemoved() (major, minor int) -} - -// removeDeletedKinds inspects the storage map and modifies it in place by removing storage for kinds that have been deleted. -// versionedResourcesStorageMap mirrors the field on APIGroupInfo, it's a map from version to resource to the storage. -func (e *resourceExpirationEvaluator) RemoveDeletedKinds(groupName string, versioner runtime.ObjectVersioner, versionedResourcesStorageMap map[string]map[string]rest.Storage) { - versionsToRemove := sets.NewString() - for apiVersion := range sets.StringKeySet(versionedResourcesStorageMap) { - versionToResource := versionedResourcesStorageMap[apiVersion] - resourcesToRemove := sets.NewString() - for resourceName, resourceServingInfo := range versionToResource { - if !e.shouldServe(schema.GroupVersion{Group: groupName, Version: apiVersion}, versioner, resourceServingInfo) { - resourcesToRemove.Insert(resourceName) - } - } - - for resourceName := range versionedResourcesStorageMap[apiVersion] { - if !shouldRemoveResourceAndSubresources(resourcesToRemove, resourceName) { - continue - } - - klog.V(1).Infof("Removing resource %v.%v.%v because it is time to stop serving it per APILifecycle.", resourceName, apiVersion, groupName) - delete(versionToResource, resourceName) - } - versionedResourcesStorageMap[apiVersion] = versionToResource - - if len(versionedResourcesStorageMap[apiVersion]) == 0 { - versionsToRemove.Insert(apiVersion) - } - } - - for _, apiVersion := range versionsToRemove.List() { - klog.V(1).Infof("Removing version %v.%v because it is time to stop serving it because it has no resources per APILifecycle.", apiVersion, groupName) - delete(versionedResourcesStorageMap, apiVersion) - } -} - -func shouldRemoveResourceAndSubresources(resourcesToRemove sets.String, resourceName string) bool { - for _, resourceToRemove := range resourcesToRemove.List() { - if resourceName == resourceToRemove { - return true - } - // our API works on nesting, so you can have deployments, deployments/status, and deployments/scale. Not all subresources - // serve the parent type, but if the parent type (deployments in this case), has been removed, it's subresources should be removed too. - if strings.HasPrefix(resourceName, resourceToRemove+"/") { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go b/etcd/vendor/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go deleted file mode 100644 index 04375d1dd7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/deprecated_insecure_serving.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "net" - "net/http" - "time" - - "k8s.io/klog/v2" - - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/client-go/rest" -) - -// DeprecatedInsecureServingInfo is the main context object for the insecure http server. -// HTTP does NOT include authentication or authorization. -// You shouldn't be using this. It makes sig-auth sad. -type DeprecatedInsecureServingInfo struct { - // Listener is the secure server network listener. - Listener net.Listener - // optional server name for log messages - Name string -} - -// Serve starts an insecure http server with the given handler. It fails only if -// the initial listen call fails. It does not block. -func (s *DeprecatedInsecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error { - insecureServer := &http.Server{ - Addr: s.Listener.Addr().String(), - Handler: handler, - MaxHeaderBytes: 1 << 20, - - IdleTimeout: 90 * time.Second, // matches http.DefaultTransport keep-alive timeout - ReadHeaderTimeout: 32 * time.Second, // just shy of requestTimeoutUpperBound - } - - if len(s.Name) > 0 { - klog.Infof("Serving %s insecurely on %s", s.Name, s.Listener.Addr()) - } else { - klog.Infof("Serving insecurely on %s", s.Listener.Addr()) - } - _, _, err := RunServer(insecureServer, s.Listener, shutdownTimeout, stopCh) - // NOTE: we do not handle stoppedCh returned by RunServer for graceful termination here - return err -} - -func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config, error) { - if s == nil { - return nil, nil - } - - host, port, err := LoopbackHostPort(s.Listener.Addr().String()) - if err != nil { - return nil, err - } - - return &rest.Config{ - Host: "http://" + net.JoinHostPort(host, port), - // Increase QPS limits. The client is currently passed to all admission plugins, - // and those can be throttled in case of higher load on apiserver - see #22340 and #22422 - // for more details. Once #22422 is fixed, we may want to remove it. - QPS: 50, - Burst: 100, - }, nil -} - -// InsecureSuperuser implements authenticator.Request to always return a superuser. -// This is functionally equivalent to skipping authentication and authorization, -// but allows apiserver code to stop special-casing a nil user to skip authorization checks. -type InsecureSuperuser struct{} - -func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { - auds, _ := authenticator.AudiencesFrom(req.Context()) - return &authenticator.Response{ - User: &user.DefaultInfo{ - Name: "system:unsecured", - Groups: []string{user.SystemPrivilegedGroup, user.AllAuthenticated}, - }, - Audiences: auds, - }, true, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/doc.go deleted file mode 100644 index bc671eae84..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package server contains the plumbing to create kubernetes-like API server command. -package server // import "k8s.io/apiserver/pkg/server" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/cert_key.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/cert_key.go deleted file mode 100644 index 6a7b93ad2b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/cert_key.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "bytes" -) - -// certKeyContent holds the content for the cert and key -type certKeyContent struct { - cert []byte - key []byte -} - -func (c *certKeyContent) Equal(rhs *certKeyContent) bool { - if c == nil || rhs == nil { - return c == rhs - } - - return bytes.Equal(c.key, rhs.key) && bytes.Equal(c.cert, rhs.cert) -} - -// sniCertKeyContent holds the content for the cert and key as well as any explicit names -type sniCertKeyContent struct { - certKeyContent - sniNames []string -} - -func (c *sniCertKeyContent) Equal(rhs *sniCertKeyContent) bool { - if c == nil || rhs == nil { - return c == rhs - } - - if len(c.sniNames) != len(rhs.sniNames) { - return false - } - - for i := range c.sniNames { - if c.sniNames[i] != rhs.sniNames[i] { - return false - } - } - - return c.certKeyContent.Equal(&rhs.certKeyContent) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/client_ca.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/client_ca.go deleted file mode 100644 index 2c950f2361..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/client_ca.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "bytes" -) - -// dynamicCertificateContent holds the content that overrides the baseTLSConfig -type dynamicCertificateContent struct { - // clientCA holds the content for the clientCA bundle - clientCA caBundleContent - servingCert certKeyContent - sniCerts []sniCertKeyContent -} - -// caBundleContent holds the content for the clientCA bundle. Wrapping the bytes makes the Equals work nicely with the -// method receiver. -type caBundleContent struct { - caBundle []byte -} - -func (c *dynamicCertificateContent) Equal(rhs *dynamicCertificateContent) bool { - if c == nil || rhs == nil { - return c == rhs - } - - if !c.clientCA.Equal(&rhs.clientCA) { - return false - } - - if !c.servingCert.Equal(&rhs.servingCert) { - return false - } - - if len(c.sniCerts) != len(rhs.sniCerts) { - return false - } - - for i := range c.sniCerts { - if !c.sniCerts[i].Equal(&rhs.sniCerts[i]) { - return false - } - } - - return true -} - -func (c *caBundleContent) Equal(rhs *caBundleContent) bool { - if c == nil || rhs == nil { - return c == rhs - } - - return bytes.Equal(c.caBundle, rhs.caBundle) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go deleted file mode 100644 index 428fd66bae..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go +++ /dev/null @@ -1,274 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "bytes" - "context" - "crypto/x509" - "fmt" - "sync/atomic" - "time" - - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - corev1informers "k8s.io/client-go/informers/core/v1" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -// ConfigMapCAController provies a CAContentProvider that can dynamically react to configmap changes -// It also fulfills the authenticator interface to provide verifyoptions -type ConfigMapCAController struct { - name string - - configmapLister corev1listers.ConfigMapLister - configmapNamespace string - configmapName string - configmapKey string - // configMapInformer is tracked so that we can start these on Run - configMapInformer cache.SharedIndexInformer - - // caBundle is a caBundleAndVerifier that contains the last read, non-zero length content of the file - caBundle atomic.Value - - listeners []Listener - - queue workqueue.RateLimitingInterface - // preRunCaches are the caches to sync before starting the work of this control loop - preRunCaches []cache.InformerSynced -} - -var _ CAContentProvider = &ConfigMapCAController{} -var _ ControllerRunner = &ConfigMapCAController{} - -// NewDynamicCAFromConfigMapController returns a CAContentProvider based on a configmap that automatically reloads content. -// It is near-realtime via an informer. -func NewDynamicCAFromConfigMapController(purpose, namespace, name, key string, kubeClient kubernetes.Interface) (*ConfigMapCAController, error) { - if len(purpose) == 0 { - return nil, fmt.Errorf("missing purpose for ca bundle") - } - if len(namespace) == 0 { - return nil, fmt.Errorf("missing namespace for ca bundle") - } - if len(name) == 0 { - return nil, fmt.Errorf("missing name for ca bundle") - } - if len(key) == 0 { - return nil, fmt.Errorf("missing key for ca bundle") - } - caContentName := fmt.Sprintf("%s::%s::%s::%s", purpose, namespace, name, key) - - // we construct our own informer because we need such a small subset of the information available. Just one namespace. - uncastConfigmapInformer := corev1informers.NewFilteredConfigMapInformer(kubeClient, namespace, 12*time.Hour, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, func(listOptions *v1.ListOptions) { - listOptions.FieldSelector = fields.OneTermEqualSelector("metadata.name", name).String() - }) - - configmapLister := corev1listers.NewConfigMapLister(uncastConfigmapInformer.GetIndexer()) - - c := &ConfigMapCAController{ - name: caContentName, - configmapNamespace: namespace, - configmapName: name, - configmapKey: key, - configmapLister: configmapLister, - configMapInformer: uncastConfigmapInformer, - - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicConfigMapCABundle-%s", purpose)), - preRunCaches: []cache.InformerSynced{uncastConfigmapInformer.HasSynced}, - } - - uncastConfigmapInformer.AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: func(obj interface{}) bool { - if cast, ok := obj.(*corev1.ConfigMap); ok { - return cast.Name == c.configmapName && cast.Namespace == c.configmapNamespace - } - if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok { - if cast, ok := tombstone.Obj.(*corev1.ConfigMap); ok { - return cast.Name == c.configmapName && cast.Namespace == c.configmapNamespace - } - } - return true // always return true just in case. The checks are fairly cheap - }, - Handler: cache.ResourceEventHandlerFuncs{ - // we have a filter, so any time we're called, we may as well queue. We only ever check one configmap - // so we don't have to be choosy about our key. - AddFunc: func(obj interface{}) { - c.queue.Add(c.keyFn()) - }, - UpdateFunc: func(oldObj, newObj interface{}) { - c.queue.Add(c.keyFn()) - }, - DeleteFunc: func(obj interface{}) { - c.queue.Add(c.keyFn()) - }, - }, - }) - - return c, nil -} - -func (c *ConfigMapCAController) keyFn() string { - // this format matches DeletionHandlingMetaNamespaceKeyFunc for our single key - return c.configmapNamespace + "/" + c.configmapName -} - -// AddListener adds a listener to be notified when the CA content changes. -func (c *ConfigMapCAController) AddListener(listener Listener) { - c.listeners = append(c.listeners, listener) -} - -// loadCABundle determines the next set of content for the file. -func (c *ConfigMapCAController) loadCABundle() error { - configMap, err := c.configmapLister.ConfigMaps(c.configmapNamespace).Get(c.configmapName) - if err != nil { - return err - } - caBundle := configMap.Data[c.configmapKey] - if len(caBundle) == 0 { - return fmt.Errorf("missing content for CA bundle %q", c.Name()) - } - - // check to see if we have a change. If the values are the same, do nothing. - if !c.hasCAChanged([]byte(caBundle)) { - return nil - } - - caBundleAndVerifier, err := newCABundleAndVerifier(c.Name(), []byte(caBundle)) - if err != nil { - return err - } - c.caBundle.Store(caBundleAndVerifier) - - for _, listener := range c.listeners { - listener.Enqueue() - } - - return nil -} - -// hasCAChanged returns true if the caBundle is different than the current. -func (c *ConfigMapCAController) hasCAChanged(caBundle []byte) bool { - uncastExisting := c.caBundle.Load() - if uncastExisting == nil { - return true - } - - // check to see if we have a change. If the values are the same, do nothing. - existing, ok := uncastExisting.(*caBundleAndVerifier) - if !ok { - return true - } - if !bytes.Equal(existing.caBundle, caBundle) { - return true - } - - return false -} - -// RunOnce runs a single sync loop -func (c *ConfigMapCAController) RunOnce(ctx context.Context) error { - // Ignore the error when running once because when using a dynamically loaded ca file, because we think it's better to have nothing for - // a brief time than completely crash. If crashing is necessary, higher order logic like a healthcheck and cause failures. - _ = c.loadCABundle() - return nil -} - -// Run starts the kube-apiserver and blocks until stopCh is closed. -func (c *ConfigMapCAController) Run(ctx context.Context, workers int) { - defer utilruntime.HandleCrash() - defer c.queue.ShutDown() - - klog.InfoS("Starting controller", "name", c.name) - defer klog.InfoS("Shutting down controller", "name", c.name) - - // we have a personal informer that is narrowly scoped, start it. - go c.configMapInformer.Run(ctx.Done()) - - // wait for your secondary caches to fill before starting your work - if !cache.WaitForNamedCacheSync(c.name, ctx.Done(), c.preRunCaches...) { - return - } - - // doesn't matter what workers say, only start one. - go wait.Until(c.runWorker, time.Second, ctx.Done()) - - // start timer that rechecks every minute, just in case. this also serves to prime the controller quickly. - go wait.PollImmediateUntil(FileRefreshDuration, func() (bool, error) { - c.queue.Add(workItemKey) - return false, nil - }, ctx.Done()) - - <-ctx.Done() -} - -func (c *ConfigMapCAController) runWorker() { - for c.processNextWorkItem() { - } -} - -func (c *ConfigMapCAController) processNextWorkItem() bool { - dsKey, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(dsKey) - - err := c.loadCABundle() - if err == nil { - c.queue.Forget(dsKey) - return true - } - - utilruntime.HandleError(fmt.Errorf("%v failed with : %v", dsKey, err)) - c.queue.AddRateLimited(dsKey) - - return true -} - -// Name is just an identifier -func (c *ConfigMapCAController) Name() string { - return c.name -} - -// CurrentCABundleContent provides ca bundle byte content -func (c *ConfigMapCAController) CurrentCABundleContent() []byte { - uncastObj := c.caBundle.Load() - if uncastObj == nil { - return nil // this can happen if we've been unable load data from the apiserver for some reason - } - - return c.caBundle.Load().(*caBundleAndVerifier).caBundle -} - -// VerifyOptions provides verifyoptions compatible with authenticators -func (c *ConfigMapCAController) VerifyOptions() (x509.VerifyOptions, bool) { - uncastObj := c.caBundle.Load() - if uncastObj == nil { - // This can happen if we've been unable load data from the apiserver for some reason. - // In this case, we should not accept any connections on the basis of this ca bundle. - return x509.VerifyOptions{}, false - } - - return uncastObj.(*caBundleAndVerifier).verifyOptions, true -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go deleted file mode 100644 index 6dbed6a650..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go +++ /dev/null @@ -1,290 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "bytes" - "context" - "crypto/x509" - "fmt" - "io/ioutil" - "sync/atomic" - "time" - - "github.com/fsnotify/fsnotify" - "k8s.io/client-go/util/cert" - - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -// FileRefreshDuration is exposed so that integration tests can crank up the reload speed. -var FileRefreshDuration = 1 * time.Minute - -// ControllerRunner is a generic interface for starting a controller -type ControllerRunner interface { - // RunOnce runs the sync loop a single time. This useful for synchronous priming - RunOnce(ctx context.Context) error - - // Run should be called a go .Run - Run(ctx context.Context, workers int) -} - -// DynamicFileCAContent provides a CAContentProvider that can dynamically react to new file content -// It also fulfills the authenticator interface to provide verifyoptions -type DynamicFileCAContent struct { - name string - - // filename is the name the file to read. - filename string - - // caBundle is a caBundleAndVerifier that contains the last read, non-zero length content of the file - caBundle atomic.Value - - listeners []Listener - - // queue only ever has one item, but it has nice error handling backoff/retry semantics - queue workqueue.RateLimitingInterface -} - -var _ Notifier = &DynamicFileCAContent{} -var _ CAContentProvider = &DynamicFileCAContent{} -var _ ControllerRunner = &DynamicFileCAContent{} - -type caBundleAndVerifier struct { - caBundle []byte - verifyOptions x509.VerifyOptions -} - -// NewDynamicCAContentFromFile returns a CAContentProvider based on a filename that automatically reloads content -func NewDynamicCAContentFromFile(purpose, filename string) (*DynamicFileCAContent, error) { - if len(filename) == 0 { - return nil, fmt.Errorf("missing filename for ca bundle") - } - name := fmt.Sprintf("%s::%s", purpose, filename) - - ret := &DynamicFileCAContent{ - name: name, - filename: filename, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicCABundle-%s", purpose)), - } - if err := ret.loadCABundle(); err != nil { - return nil, err - } - - return ret, nil -} - -// AddListener adds a listener to be notified when the CA content changes. -func (c *DynamicFileCAContent) AddListener(listener Listener) { - c.listeners = append(c.listeners, listener) -} - -// loadCABundle determines the next set of content for the file. -func (c *DynamicFileCAContent) loadCABundle() error { - caBundle, err := ioutil.ReadFile(c.filename) - if err != nil { - return err - } - if len(caBundle) == 0 { - return fmt.Errorf("missing content for CA bundle %q", c.Name()) - } - - // check to see if we have a change. If the values are the same, do nothing. - if !c.hasCAChanged(caBundle) { - return nil - } - - caBundleAndVerifier, err := newCABundleAndVerifier(c.Name(), caBundle) - if err != nil { - return err - } - c.caBundle.Store(caBundleAndVerifier) - klog.V(2).InfoS("Loaded a new CA Bundle and Verifier", "name", c.Name()) - - for _, listener := range c.listeners { - listener.Enqueue() - } - - return nil -} - -// hasCAChanged returns true if the caBundle is different than the current. -func (c *DynamicFileCAContent) hasCAChanged(caBundle []byte) bool { - uncastExisting := c.caBundle.Load() - if uncastExisting == nil { - return true - } - - // check to see if we have a change. If the values are the same, do nothing. - existing, ok := uncastExisting.(*caBundleAndVerifier) - if !ok { - return true - } - if !bytes.Equal(existing.caBundle, caBundle) { - return true - } - - return false -} - -// RunOnce runs a single sync loop -func (c *DynamicFileCAContent) RunOnce(ctx context.Context) error { - return c.loadCABundle() -} - -// Run starts the controller and blocks until stopCh is closed. -func (c *DynamicFileCAContent) Run(ctx context.Context, workers int) { - defer utilruntime.HandleCrash() - defer c.queue.ShutDown() - - klog.InfoS("Starting controller", "name", c.name) - defer klog.InfoS("Shutting down controller", "name", c.name) - - // doesn't matter what workers say, only start one. - go wait.Until(c.runWorker, time.Second, ctx.Done()) - - // start the loop that watches the CA file until stopCh is closed. - go wait.Until(func() { - if err := c.watchCAFile(ctx.Done()); err != nil { - klog.ErrorS(err, "Failed to watch CA file, will retry later") - } - }, time.Minute, ctx.Done()) - - <-ctx.Done() -} - -func (c *DynamicFileCAContent) watchCAFile(stopCh <-chan struct{}) error { - // Trigger a check here to ensure the content will be checked periodically even if the following watch fails. - c.queue.Add(workItemKey) - - w, err := fsnotify.NewWatcher() - if err != nil { - return fmt.Errorf("error creating fsnotify watcher: %v", err) - } - defer w.Close() - - if err = w.Add(c.filename); err != nil { - return fmt.Errorf("error adding watch for file %s: %v", c.filename, err) - } - // Trigger a check in case the file is updated before the watch starts. - c.queue.Add(workItemKey) - - for { - select { - case e := <-w.Events: - if err := c.handleWatchEvent(e, w); err != nil { - return err - } - case err := <-w.Errors: - return fmt.Errorf("received fsnotify error: %v", err) - case <-stopCh: - return nil - } - } -} - -// handleWatchEvent triggers reloading the CA file, and restarts a new watch if it's a Remove or Rename event. -func (c *DynamicFileCAContent) handleWatchEvent(e fsnotify.Event, w *fsnotify.Watcher) error { - // This should be executed after restarting the watch (if applicable) to ensure no file event will be missing. - defer c.queue.Add(workItemKey) - if !e.Has(fsnotify.Remove) && !e.Has(fsnotify.Rename) { - return nil - } - if err := w.Remove(c.filename); err != nil { - klog.InfoS("Failed to remove file watch, it may have been deleted", "file", c.filename, "err", err) - } - if err := w.Add(c.filename); err != nil { - return fmt.Errorf("error adding watch for file %s: %v", c.filename, err) - } - return nil -} - -func (c *DynamicFileCAContent) runWorker() { - for c.processNextWorkItem() { - } -} - -func (c *DynamicFileCAContent) processNextWorkItem() bool { - dsKey, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(dsKey) - - err := c.loadCABundle() - if err == nil { - c.queue.Forget(dsKey) - return true - } - - utilruntime.HandleError(fmt.Errorf("%v failed with : %v", dsKey, err)) - c.queue.AddRateLimited(dsKey) - - return true -} - -// Name is just an identifier -func (c *DynamicFileCAContent) Name() string { - return c.name -} - -// CurrentCABundleContent provides ca bundle byte content -func (c *DynamicFileCAContent) CurrentCABundleContent() (cabundle []byte) { - return c.caBundle.Load().(*caBundleAndVerifier).caBundle -} - -// VerifyOptions provides verifyoptions compatible with authenticators -func (c *DynamicFileCAContent) VerifyOptions() (x509.VerifyOptions, bool) { - uncastObj := c.caBundle.Load() - if uncastObj == nil { - return x509.VerifyOptions{}, false - } - - return uncastObj.(*caBundleAndVerifier).verifyOptions, true -} - -// newVerifyOptions creates a new verification func from a file. It reads the content and then fails. -// It will return a nil function if you pass an empty CA file. -func newCABundleAndVerifier(name string, caBundle []byte) (*caBundleAndVerifier, error) { - if len(caBundle) == 0 { - return nil, fmt.Errorf("missing content for CA bundle %q", name) - } - - // Wrap with an x509 verifier - var err error - verifyOptions := defaultVerifyOptions() - verifyOptions.Roots, err = cert.NewPoolFromBytes(caBundle) - if err != nil { - return nil, fmt.Errorf("error loading CA bundle for %q: %v", name, err) - } - - return &caBundleAndVerifier{ - caBundle: caBundle, - verifyOptions: verifyOptions, - }, nil -} - -// defaultVerifyOptions returns VerifyOptions that use the system root certificates, current time, -// and requires certificates to be valid for client auth (x509.ExtKeyUsageClientAuth) -func defaultVerifyOptions() x509.VerifyOptions { - return x509.VerifyOptions{ - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go deleted file mode 100644 index 36c4d45868..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go +++ /dev/null @@ -1,233 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "context" - "crypto/tls" - "fmt" - "io/ioutil" - "sync/atomic" - "time" - - "github.com/fsnotify/fsnotify" - - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -// DynamicCertKeyPairContent provides a CertKeyContentProvider that can dynamically react to new file content -type DynamicCertKeyPairContent struct { - name string - - // certFile is the name of the certificate file to read. - certFile string - // keyFile is the name of the key file to read. - keyFile string - - // certKeyPair is a certKeyContent that contains the last read, non-zero length content of the key and cert - certKeyPair atomic.Value - - listeners []Listener - - // queue only ever has one item, but it has nice error handling backoff/retry semantics - queue workqueue.RateLimitingInterface -} - -var _ CertKeyContentProvider = &DynamicCertKeyPairContent{} -var _ ControllerRunner = &DynamicCertKeyPairContent{} - -// NewDynamicServingContentFromFiles returns a dynamic CertKeyContentProvider based on a cert and key filename -func NewDynamicServingContentFromFiles(purpose, certFile, keyFile string) (*DynamicCertKeyPairContent, error) { - if len(certFile) == 0 || len(keyFile) == 0 { - return nil, fmt.Errorf("missing filename for serving cert") - } - name := fmt.Sprintf("%s::%s::%s", purpose, certFile, keyFile) - - ret := &DynamicCertKeyPairContent{ - name: name, - certFile: certFile, - keyFile: keyFile, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicCABundle-%s", purpose)), - } - if err := ret.loadCertKeyPair(); err != nil { - return nil, err - } - - return ret, nil -} - -// AddListener adds a listener to be notified when the serving cert content changes. -func (c *DynamicCertKeyPairContent) AddListener(listener Listener) { - c.listeners = append(c.listeners, listener) -} - -// loadCertKeyPair determines the next set of content for the file. -func (c *DynamicCertKeyPairContent) loadCertKeyPair() error { - cert, err := ioutil.ReadFile(c.certFile) - if err != nil { - return err - } - key, err := ioutil.ReadFile(c.keyFile) - if err != nil { - return err - } - if len(cert) == 0 || len(key) == 0 { - return fmt.Errorf("missing content for serving cert %q", c.Name()) - } - - // Ensure that the key matches the cert and both are valid - _, err = tls.X509KeyPair(cert, key) - if err != nil { - return err - } - - newCertKey := &certKeyContent{ - cert: cert, - key: key, - } - - // check to see if we have a change. If the values are the same, do nothing. - existing, ok := c.certKeyPair.Load().(*certKeyContent) - if ok && existing != nil && existing.Equal(newCertKey) { - return nil - } - - c.certKeyPair.Store(newCertKey) - klog.V(2).InfoS("Loaded a new cert/key pair", "name", c.Name()) - - for _, listener := range c.listeners { - listener.Enqueue() - } - - return nil -} - -// RunOnce runs a single sync loop -func (c *DynamicCertKeyPairContent) RunOnce(ctx context.Context) error { - return c.loadCertKeyPair() -} - -// Run starts the controller and blocks until context is killed. -func (c *DynamicCertKeyPairContent) Run(ctx context.Context, workers int) { - defer utilruntime.HandleCrash() - defer c.queue.ShutDown() - - klog.InfoS("Starting controller", "name", c.name) - defer klog.InfoS("Shutting down controller", "name", c.name) - - // doesn't matter what workers say, only start one. - go wait.Until(c.runWorker, time.Second, ctx.Done()) - - // start the loop that watches the cert and key files until stopCh is closed. - go wait.Until(func() { - if err := c.watchCertKeyFile(ctx.Done()); err != nil { - klog.ErrorS(err, "Failed to watch cert and key file, will retry later") - } - }, time.Minute, ctx.Done()) - - <-ctx.Done() -} - -func (c *DynamicCertKeyPairContent) watchCertKeyFile(stopCh <-chan struct{}) error { - // Trigger a check here to ensure the content will be checked periodically even if the following watch fails. - c.queue.Add(workItemKey) - - w, err := fsnotify.NewWatcher() - if err != nil { - return fmt.Errorf("error creating fsnotify watcher: %v", err) - } - defer w.Close() - - if err := w.Add(c.certFile); err != nil { - return fmt.Errorf("error adding watch for file %s: %v", c.certFile, err) - } - if err := w.Add(c.keyFile); err != nil { - return fmt.Errorf("error adding watch for file %s: %v", c.keyFile, err) - } - // Trigger a check in case the file is updated before the watch starts. - c.queue.Add(workItemKey) - - for { - select { - case e := <-w.Events: - if err := c.handleWatchEvent(e, w); err != nil { - return err - } - case err := <-w.Errors: - return fmt.Errorf("received fsnotify error: %v", err) - case <-stopCh: - return nil - } - } -} - -// handleWatchEvent triggers reloading the cert and key file, and restarts a new watch if it's a Remove or Rename event. -// If one file is updated before the other, the loadCertKeyPair method will catch the mismatch and will not apply the -// change. When an event of the other file is received, it will trigger reloading the files again and the new content -// will be loaded and used. -func (c *DynamicCertKeyPairContent) handleWatchEvent(e fsnotify.Event, w *fsnotify.Watcher) error { - // This should be executed after restarting the watch (if applicable) to ensure no file event will be missing. - defer c.queue.Add(workItemKey) - if !e.Has(fsnotify.Remove) && !e.Has(fsnotify.Rename) { - return nil - } - if err := w.Remove(e.Name); err != nil { - klog.InfoS("Failed to remove file watch, it may have been deleted", "file", e.Name, "err", err) - } - if err := w.Add(e.Name); err != nil { - return fmt.Errorf("error adding watch for file %s: %v", e.Name, err) - } - return nil -} - -func (c *DynamicCertKeyPairContent) runWorker() { - for c.processNextWorkItem() { - } -} - -func (c *DynamicCertKeyPairContent) processNextWorkItem() bool { - dsKey, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(dsKey) - - err := c.loadCertKeyPair() - if err == nil { - c.queue.Forget(dsKey) - return true - } - - utilruntime.HandleError(fmt.Errorf("%v failed with : %v", dsKey, err)) - c.queue.AddRateLimited(dsKey) - - return true -} - -// Name is just an identifier -func (c *DynamicCertKeyPairContent) Name() string { - return c.name -} - -// CurrentCertKeyContent provides cert and key byte content -func (c *DynamicCertKeyPairContent) CurrentCertKeyContent() ([]byte, []byte) { - certKeyContent := c.certKeyPair.Load().(*certKeyContent) - return certKeyContent.cert, certKeyContent.key -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_sni_content.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_sni_content.go deleted file mode 100644 index 621fc9ff0b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_sni_content.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -// DynamicFileSNIContent provides a SNICertKeyContentProvider that can dynamically react to new file content -type DynamicFileSNIContent struct { - *DynamicCertKeyPairContent - sniNames []string -} - -var _ SNICertKeyContentProvider = &DynamicFileSNIContent{} -var _ ControllerRunner = &DynamicFileSNIContent{} - -// NewDynamicSNIContentFromFiles returns a dynamic SNICertKeyContentProvider based on a cert and key filename and explicit names -func NewDynamicSNIContentFromFiles(purpose, certFile, keyFile string, sniNames ...string) (*DynamicFileSNIContent, error) { - servingContent, err := NewDynamicServingContentFromFiles(purpose, certFile, keyFile) - if err != nil { - return nil, err - } - - ret := &DynamicFileSNIContent{ - DynamicCertKeyPairContent: servingContent, - sniNames: sniNames, - } - if err := ret.loadCertKeyPair(); err != nil { - return nil, err - } - - return ret, nil -} - -// SNINames returns explicitly set SNI names for the certificate. These are not dynamic. -func (c *DynamicFileSNIContent) SNINames() []string { - return c.sniNames -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/interfaces.go deleted file mode 100644 index 7811c5d8bf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/interfaces.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "crypto/x509" -) - -// Listener is an interface to use to notify interested parties of a change. -type Listener interface { - // Enqueue should be called when an input may have changed - Enqueue() -} - -// Notifier is a way to add listeners -type Notifier interface { - // AddListener is adds a listener to be notified of potential input changes. - // This is a noop on static providers. - AddListener(listener Listener) -} - -// CAContentProvider provides ca bundle byte content -type CAContentProvider interface { - Notifier - - // Name is just an identifier. - Name() string - // CurrentCABundleContent provides ca bundle byte content. Errors can be - // contained to the controllers initializing the value. By the time you get - // here, you should always be returning a value that won't fail. - CurrentCABundleContent() []byte - // VerifyOptions provides VerifyOptions for authenticators. - VerifyOptions() (x509.VerifyOptions, bool) -} - -// CertKeyContentProvider provides a certificate and matching private key. -type CertKeyContentProvider interface { - Notifier - - // Name is just an identifier. - Name() string - // CurrentCertKeyContent provides cert and key byte content. - CurrentCertKeyContent() ([]byte, []byte) -} - -// SNICertKeyContentProvider provides a certificate and matching private key as -// well as optional explicit names. -type SNICertKeyContentProvider interface { - Notifier - - CertKeyContentProvider - // SNINames provides names used for SNI. May return nil. - SNINames() []string -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/named_certificates.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/named_certificates.go deleted file mode 100644 index 7b9637bc0e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/named_certificates.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "crypto/tls" - "crypto/x509" - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/klog/v2" - netutils "k8s.io/utils/net" -) - -// BuildNamedCertificates returns a map of *tls.Certificate by name. It's -// suitable for use in tls.Config#NamedCertificates. Returns an error if any of the certs -// is invalid. Returns nil if len(certs) == 0 -func (c *DynamicServingCertificateController) BuildNamedCertificates(sniCerts []sniCertKeyContent) (map[string]*tls.Certificate, error) { - nameToCertificate := map[string]*tls.Certificate{} - byNameExplicit := map[string]*tls.Certificate{} - - // Iterate backwards so that earlier certs take precedence in the names map - for i := len(sniCerts) - 1; i >= 0; i-- { - cert, err := tls.X509KeyPair(sniCerts[i].cert, sniCerts[i].key) - if err != nil { - return nil, fmt.Errorf("invalid SNI cert keypair [%d/%q]: %v", i, c.sniCerts[i].Name(), err) - } - - // error is not possible given above call to X509KeyPair - x509Cert, _ := x509.ParseCertificate(cert.Certificate[0]) - - names := sniCerts[i].sniNames - for _, name := range names { - byNameExplicit[name] = &cert - } - - klog.V(2).InfoS("Loaded SNI cert", "index", i, "certName", c.sniCerts[i].Name(), "certDetail", GetHumanCertDetail(x509Cert)) - if c.eventRecorder != nil { - c.eventRecorder.Eventf(&corev1.ObjectReference{Name: c.sniCerts[i].Name()}, nil, corev1.EventTypeWarning, "TLSConfigChanged", "SNICertificateReload", "loaded SNI cert [%d/%q]: %s with explicit names %v", i, c.sniCerts[i].Name(), GetHumanCertDetail(x509Cert), names) - } - - if len(names) == 0 { - names = getCertificateNames(x509Cert) - for _, name := range names { - nameToCertificate[name] = &cert - } - } - } - - // Explicitly set names must override - for k, v := range byNameExplicit { - nameToCertificate[k] = v - } - - return nameToCertificate, nil -} - -// getCertificateNames returns names for an x509.Certificate. The names are -// suitable for use in tls.Config#NamedCertificates. -func getCertificateNames(cert *x509.Certificate) []string { - var names []string - - cn := cert.Subject.CommonName - cnIsIP := netutils.ParseIPSloppy(cn) != nil - cnIsValidDomain := cn == "*" || len(validation.IsDNS1123Subdomain(strings.TrimPrefix(cn, "*."))) == 0 - // don't use the CN if it is a valid IP because our IP serving detection may unexpectedly use it to terminate the connection. - if !cnIsIP && cnIsValidDomain { - names = append(names, cn) - } - names = append(names, cert.DNSNames...) - // intentionally all IPs in the cert are ignored as SNI forbids passing IPs - // to select a cert. Before go 1.6 the tls happily passed IPs as SNI values. - - return names -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go deleted file mode 100644 index 1934ed1d88..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "crypto/tls" - "crypto/x509" -) - -type staticCAContent struct { - name string - caBundle *caBundleAndVerifier -} - -var _ CAContentProvider = &staticCAContent{} - -// NewStaticCAContent returns a CAContentProvider that always returns the same value -func NewStaticCAContent(name string, caBundle []byte) (CAContentProvider, error) { - caBundleAndVerifier, err := newCABundleAndVerifier(name, caBundle) - if err != nil { - return nil, err - } - - return &staticCAContent{ - name: name, - caBundle: caBundleAndVerifier, - }, nil -} - -// Name is just an identifier -func (c *staticCAContent) Name() string { - return c.name -} - -func (c *staticCAContent) AddListener(Listener) {} - -// CurrentCABundleContent provides ca bundle byte content -func (c *staticCAContent) CurrentCABundleContent() (cabundle []byte) { - return c.caBundle.caBundle -} - -func (c *staticCAContent) VerifyOptions() (x509.VerifyOptions, bool) { - return c.caBundle.verifyOptions, true -} - -type staticCertKeyContent struct { - name string - cert []byte - key []byte -} - -// NewStaticCertKeyContent returns a CertKeyContentProvider that always returns the same value -func NewStaticCertKeyContent(name string, cert, key []byte) (CertKeyContentProvider, error) { - // Ensure that the key matches the cert and both are valid - _, err := tls.X509KeyPair(cert, key) - if err != nil { - return nil, err - } - - return &staticCertKeyContent{ - name: name, - cert: cert, - key: key, - }, nil -} - -// Name is just an identifier -func (c *staticCertKeyContent) Name() string { - return c.name -} - -func (c *staticCertKeyContent) AddListener(Listener) {} - -// CurrentCertKeyContent provides cert and key content -func (c *staticCertKeyContent) CurrentCertKeyContent() ([]byte, []byte) { - return c.cert, c.key -} - -type staticSNICertKeyContent struct { - staticCertKeyContent - sniNames []string -} - -// NewStaticSNICertKeyContent returns a SNICertKeyContentProvider that always returns the same value -func NewStaticSNICertKeyContent(name string, cert, key []byte, sniNames ...string) (SNICertKeyContentProvider, error) { - // Ensure that the key matches the cert and both are valid - _, err := tls.X509KeyPair(cert, key) - if err != nil { - return nil, err - } - - return &staticSNICertKeyContent{ - staticCertKeyContent: staticCertKeyContent{ - name: name, - cert: cert, - key: key, - }, - sniNames: sniNames, - }, nil -} - -func (c *staticSNICertKeyContent) SNINames() []string { - return c.sniNames -} - -func (c *staticSNICertKeyContent) AddListener(Listener) {} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/tlsconfig.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/tlsconfig.go deleted file mode 100644 index 56e7ffd275..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/tlsconfig.go +++ /dev/null @@ -1,284 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "crypto/tls" - "crypto/x509" - "errors" - "fmt" - "net" - "sync/atomic" - "time" - - corev1 "k8s.io/api/core/v1" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/tools/events" - "k8s.io/client-go/util/cert" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -const workItemKey = "key" - -// DynamicServingCertificateController dynamically loads certificates and provides a golang tls compatible dynamic GetCertificate func. -type DynamicServingCertificateController struct { - // baseTLSConfig is the static portion of the tlsConfig for serving to clients. It is copied and the copy is mutated - // based on the dynamic cert state. - baseTLSConfig *tls.Config - - // clientCA provides the very latest content of the ca bundle - clientCA CAContentProvider - // servingCert provides the very latest content of the default serving certificate - servingCert CertKeyContentProvider - // sniCerts are a list of CertKeyContentProvider with associated names used for SNI - sniCerts []SNICertKeyContentProvider - - // currentlyServedContent holds the original bytes that we are serving. This is used to decide if we need to set a - // new atomic value. The types used for efficient TLSConfig preclude using the processed value. - currentlyServedContent *dynamicCertificateContent - // currentServingTLSConfig holds a *tls.Config that will be used to serve requests - currentServingTLSConfig atomic.Value - - // queue only ever has one item, but it has nice error handling backoff/retry semantics - queue workqueue.RateLimitingInterface - eventRecorder events.EventRecorder -} - -var _ Listener = &DynamicServingCertificateController{} - -// NewDynamicServingCertificateController returns a controller that can be used to keep a TLSConfig up to date. -func NewDynamicServingCertificateController( - baseTLSConfig *tls.Config, - clientCA CAContentProvider, - servingCert CertKeyContentProvider, - sniCerts []SNICertKeyContentProvider, - eventRecorder events.EventRecorder, -) *DynamicServingCertificateController { - c := &DynamicServingCertificateController{ - baseTLSConfig: baseTLSConfig, - clientCA: clientCA, - servingCert: servingCert, - sniCerts: sniCerts, - - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "DynamicServingCertificateController"), - eventRecorder: eventRecorder, - } - - return c -} - -// GetConfigForClient is an implementation of tls.Config.GetConfigForClient -func (c *DynamicServingCertificateController) GetConfigForClient(clientHello *tls.ClientHelloInfo) (*tls.Config, error) { - uncastObj := c.currentServingTLSConfig.Load() - if uncastObj == nil { - return nil, errors.New("dynamiccertificates: configuration not ready") - } - tlsConfig, ok := uncastObj.(*tls.Config) - if !ok { - return nil, errors.New("dynamiccertificates: unexpected config type") - } - - tlsConfigCopy := tlsConfig.Clone() - - // if the client set SNI information, just use our "normal" SNI flow - if len(clientHello.ServerName) > 0 { - return tlsConfigCopy, nil - } - - // if the client didn't set SNI, then we need to inspect the requested IP so that we can choose - // a certificate from our list if we specifically handle that IP. This can happen when an IP is specifically mapped by name. - host, _, err := net.SplitHostPort(clientHello.Conn.LocalAddr().String()) - if err != nil { - return tlsConfigCopy, nil - } - - ipCert, ok := tlsConfigCopy.NameToCertificate[host] - if !ok { - return tlsConfigCopy, nil - } - tlsConfigCopy.Certificates = []tls.Certificate{*ipCert} - tlsConfigCopy.NameToCertificate = nil - - return tlsConfigCopy, nil -} - -// newTLSContent determines the next set of content for overriding the baseTLSConfig. -func (c *DynamicServingCertificateController) newTLSContent() (*dynamicCertificateContent, error) { - newContent := &dynamicCertificateContent{} - - if c.clientCA != nil { - currClientCABundle := c.clientCA.CurrentCABundleContent() - // we allow removing all client ca bundles because the server is still secure when this happens. it just means - // that there isn't a hint to clients about which client-cert to used. this happens when there is no client-ca - // yet known for authentication, which can happen in aggregated apiservers and some kube-apiserver deployment modes. - newContent.clientCA = caBundleContent{caBundle: currClientCABundle} - } - - if c.servingCert != nil { - currServingCert, currServingKey := c.servingCert.CurrentCertKeyContent() - if len(currServingCert) == 0 || len(currServingKey) == 0 { - return nil, fmt.Errorf("not loading an empty serving certificate from %q", c.servingCert.Name()) - } - - newContent.servingCert = certKeyContent{cert: currServingCert, key: currServingKey} - } - - for i, sniCert := range c.sniCerts { - currCert, currKey := sniCert.CurrentCertKeyContent() - if len(currCert) == 0 || len(currKey) == 0 { - return nil, fmt.Errorf("not loading an empty SNI certificate from %d/%q", i, sniCert.Name()) - } - - newContent.sniCerts = append(newContent.sniCerts, sniCertKeyContent{certKeyContent: certKeyContent{cert: currCert, key: currKey}, sniNames: sniCert.SNINames()}) - } - - return newContent, nil -} - -// syncCerts gets newTLSContent, if it has changed from the existing, the content is parsed and stored for usage in -// GetConfigForClient. -func (c *DynamicServingCertificateController) syncCerts() error { - newContent, err := c.newTLSContent() - if err != nil { - return err - } - // if the content is the same as what we currently have, we can simply skip it. This works because we are single - // threaded. If you ever make this multi-threaded, add a lock. - if newContent.Equal(c.currentlyServedContent) { - return nil - } - - // make a shallow copy and override the dynamic pieces which have changed. - newTLSConfigCopy := c.baseTLSConfig.Clone() - - // parse new content to add to TLSConfig - if len(newContent.clientCA.caBundle) > 0 { - newClientCAPool := x509.NewCertPool() - newClientCAs, err := cert.ParseCertsPEM(newContent.clientCA.caBundle) - if err != nil { - return fmt.Errorf("unable to load client CA file %q: %v", string(newContent.clientCA.caBundle), err) - } - for i, cert := range newClientCAs { - klog.V(2).InfoS("Loaded client CA", "index", i, "certName", c.clientCA.Name(), "certDetail", GetHumanCertDetail(cert)) - if c.eventRecorder != nil { - c.eventRecorder.Eventf(&corev1.ObjectReference{Name: c.clientCA.Name()}, nil, corev1.EventTypeWarning, "TLSConfigChanged", "CACertificateReload", "loaded client CA [%d/%q]: %s", i, c.clientCA.Name(), GetHumanCertDetail(cert)) - } - - newClientCAPool.AddCert(cert) - } - - newTLSConfigCopy.ClientCAs = newClientCAPool - } - - if len(newContent.servingCert.cert) > 0 && len(newContent.servingCert.key) > 0 { - cert, err := tls.X509KeyPair(newContent.servingCert.cert, newContent.servingCert.key) - if err != nil { - return fmt.Errorf("invalid serving cert keypair: %v", err) - } - - x509Cert, err := x509.ParseCertificate(cert.Certificate[0]) - if err != nil { - return fmt.Errorf("invalid serving cert: %v", err) - } - - klog.V(2).InfoS("Loaded serving cert", "certName", c.servingCert.Name(), "certDetail", GetHumanCertDetail(x509Cert)) - if c.eventRecorder != nil { - c.eventRecorder.Eventf(&corev1.ObjectReference{Name: c.servingCert.Name()}, nil, corev1.EventTypeWarning, "TLSConfigChanged", "ServingCertificateReload", "loaded serving cert [%q]: %s", c.servingCert.Name(), GetHumanCertDetail(x509Cert)) - } - - newTLSConfigCopy.Certificates = []tls.Certificate{cert} - } - - if len(newContent.sniCerts) > 0 { - newTLSConfigCopy.NameToCertificate, err = c.BuildNamedCertificates(newContent.sniCerts) - if err != nil { - return fmt.Errorf("unable to build named certificate map: %v", err) - } - - // append all named certs. Otherwise, the go tls stack will think no SNI processing - // is necessary because there is only one cert anyway. - // Moreover, if servingCert is not set, the first SNI - // cert will become the default cert. That's what we expect anyway. - for _, sniCert := range newTLSConfigCopy.NameToCertificate { - newTLSConfigCopy.Certificates = append(newTLSConfigCopy.Certificates, *sniCert) - } - } - - // store new values of content for serving. - c.currentServingTLSConfig.Store(newTLSConfigCopy) - c.currentlyServedContent = newContent // this is single threaded, so we have no locking issue - - return nil -} - -// RunOnce runs a single sync step to ensure that we have a valid starting configuration. -func (c *DynamicServingCertificateController) RunOnce() error { - return c.syncCerts() -} - -// Run starts the kube-apiserver and blocks until stopCh is closed. -func (c *DynamicServingCertificateController) Run(workers int, stopCh <-chan struct{}) { - defer utilruntime.HandleCrash() - defer c.queue.ShutDown() - - klog.InfoS("Starting DynamicServingCertificateController") - defer klog.InfoS("Shutting down DynamicServingCertificateController") - - // synchronously load once. We will trigger again, so ignoring any error is fine - _ = c.RunOnce() - - // doesn't matter what workers say, only start one. - go wait.Until(c.runWorker, time.Second, stopCh) - - // start timer that rechecks every minute, just in case. this also serves to prime the controller quickly. - go wait.Until(func() { - c.Enqueue() - }, 1*time.Minute, stopCh) - - <-stopCh -} - -func (c *DynamicServingCertificateController) runWorker() { - for c.processNextWorkItem() { - } -} - -func (c *DynamicServingCertificateController) processNextWorkItem() bool { - dsKey, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(dsKey) - - err := c.syncCerts() - if err == nil { - c.queue.Forget(dsKey) - return true - } - - utilruntime.HandleError(fmt.Errorf("%v failed with : %v", dsKey, err)) - c.queue.AddRateLimited(dsKey) - - return true -} - -// Enqueue a method to allow separate control loops to cause the certificate controller to trigger and read content. -func (c *DynamicServingCertificateController) Enqueue() { - c.queue.Add(workItemKey) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/union_content.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/union_content.go deleted file mode 100644 index 57622bd34e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/union_content.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "bytes" - "context" - "crypto/x509" - "strings" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" -) - -type unionCAContent []CAContentProvider - -var _ CAContentProvider = &unionCAContent{} -var _ ControllerRunner = &unionCAContent{} - -// NewUnionCAContentProvider returns a CAContentProvider that is a union of other CAContentProviders -func NewUnionCAContentProvider(caContentProviders ...CAContentProvider) CAContentProvider { - return unionCAContent(caContentProviders) -} - -// Name is just an identifier -func (c unionCAContent) Name() string { - names := []string{} - for _, curr := range c { - names = append(names, curr.Name()) - } - return strings.Join(names, ",") -} - -// CurrentCABundleContent provides ca bundle byte content -func (c unionCAContent) CurrentCABundleContent() []byte { - caBundles := [][]byte{} - for _, curr := range c { - if currCABytes := curr.CurrentCABundleContent(); len(currCABytes) > 0 { - caBundles = append(caBundles, []byte(strings.TrimSpace(string(currCABytes)))) - } - } - - return bytes.Join(caBundles, []byte("\n")) -} - -// CurrentCABundleContent provides ca bundle byte content -func (c unionCAContent) VerifyOptions() (x509.VerifyOptions, bool) { - currCABundle := c.CurrentCABundleContent() - if len(currCABundle) == 0 { - return x509.VerifyOptions{}, false - } - - // TODO make more efficient. This isn't actually used in any of our mainline paths. It's called to build the TLSConfig - // TODO on file changes, but the actual authentication runs against the individual items, not the union. - ret, err := newCABundleAndVerifier(c.Name(), c.CurrentCABundleContent()) - if err != nil { - // because we're made up of already vetted values, this indicates some kind of coding error - panic(err) - } - - return ret.verifyOptions, true -} - -// AddListener adds a listener to be notified when the CA content changes. -func (c unionCAContent) AddListener(listener Listener) { - for _, curr := range c { - curr.AddListener(listener) - } -} - -// AddListener adds a listener to be notified when the CA content changes. -func (c unionCAContent) RunOnce(ctx context.Context) error { - errors := []error{} - for _, curr := range c { - if controller, ok := curr.(ControllerRunner); ok { - if err := controller.RunOnce(ctx); err != nil { - errors = append(errors, err) - } - } - } - - return utilerrors.NewAggregate(errors) -} - -// Run runs the controller -func (c unionCAContent) Run(ctx context.Context, workers int) { - for _, curr := range c { - if controller, ok := curr.(ControllerRunner); ok { - go controller.Run(ctx, workers) - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/util.go b/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/util.go deleted file mode 100644 index 4e55a05783..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/util.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiccertificates - -import ( - "crypto/x509" - "fmt" - "strings" - "time" -) - -// GetHumanCertDetail is a convenient method for printing compact details of certificate that helps when debugging -// kube-apiserver usage of certs. -func GetHumanCertDetail(certificate *x509.Certificate) string { - humanName := certificate.Subject.CommonName - signerHumanName := certificate.Issuer.CommonName - if certificate.Subject.CommonName == certificate.Issuer.CommonName { - signerHumanName = "<self>" - } - - usages := []string{} - for _, curr := range certificate.ExtKeyUsage { - if curr == x509.ExtKeyUsageClientAuth { - usages = append(usages, "client") - continue - } - if curr == x509.ExtKeyUsageServerAuth { - usages = append(usages, "serving") - continue - } - - usages = append(usages, fmt.Sprintf("%d", curr)) - } - - validServingNames := []string{} - for _, ip := range certificate.IPAddresses { - validServingNames = append(validServingNames, ip.String()) - } - validServingNames = append(validServingNames, certificate.DNSNames...) - servingString := "" - if len(validServingNames) > 0 { - servingString = fmt.Sprintf(" validServingFor=[%s]", strings.Join(validServingNames, ",")) - } - - groupString := "" - if len(certificate.Subject.Organization) > 0 { - groupString = fmt.Sprintf(" groups=[%s]", strings.Join(certificate.Subject.Organization, ",")) - } - - return fmt.Sprintf("%q [%s]%s%s issuer=%q (%v to %v (now=%v))", humanName, strings.Join(usages, ","), groupString, servingString, signerHumanName, certificate.NotBefore.UTC(), certificate.NotAfter.UTC(), - time.Now().UTC()) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/config.go b/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/config.go deleted file mode 100644 index 2df786e13f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/config.go +++ /dev/null @@ -1,254 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package egressselector - -import ( - "fmt" - "io/ioutil" - "strings" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/apis/apiserver" - "k8s.io/apiserver/pkg/apis/apiserver/install" - "k8s.io/apiserver/pkg/apis/apiserver/v1beta1" - "k8s.io/utils/path" - "sigs.k8s.io/yaml" -) - -var cfgScheme = runtime.NewScheme() - -// validEgressSelectorNames contains the set of valid egress selctor names. -var validEgressSelectorNames = sets.NewString("controlplane", "cluster", "etcd") - -func init() { - install.Install(cfgScheme) -} - -// ReadEgressSelectorConfiguration reads the egress selector configuration at the specified path. -// It returns the loaded egress selector configuration if the input file aligns with the required syntax. -// If it does not align with the provided syntax, it returns a default configuration which should function as a no-op. -// It does this by returning a nil configuration, which preserves backward compatibility. -// This works because prior to this there was no egress selector configuration. -// It returns an error if the file did not exist. -func ReadEgressSelectorConfiguration(configFilePath string) (*apiserver.EgressSelectorConfiguration, error) { - if configFilePath == "" { - return nil, nil - } - // a file was provided, so we just read it. - data, err := ioutil.ReadFile(configFilePath) - if err != nil { - return nil, fmt.Errorf("unable to read egress selector configuration from %q [%v]", configFilePath, err) - } - var decodedConfig v1beta1.EgressSelectorConfiguration - err = yaml.Unmarshal(data, &decodedConfig) - if err != nil { - // we got an error where the decode wasn't related to a missing type - return nil, err - } - if decodedConfig.Kind != "EgressSelectorConfiguration" { - return nil, fmt.Errorf("invalid service configuration object %q", decodedConfig.Kind) - } - internalConfig := &apiserver.EgressSelectorConfiguration{} - if err := cfgScheme.Convert(&decodedConfig, internalConfig, nil); err != nil { - // we got an error where the decode wasn't related to a missing type - return nil, err - } - return internalConfig, nil -} - -// ValidateEgressSelectorConfiguration checks the apiserver.EgressSelectorConfiguration for -// common configuration errors. It will return error for problems such as configuring mtls/cert -// settings for protocol which do not support security. It will also try to catch errors such as -// incorrect file paths. It will return nil if it does not find anything wrong. -func ValidateEgressSelectorConfiguration(config *apiserver.EgressSelectorConfiguration) field.ErrorList { - allErrs := field.ErrorList{} - if config == nil { - return allErrs // Treating a nil configuration as valid - } - for _, service := range config.EgressSelections { - fldPath := field.NewPath("service", "connection") - switch service.Connection.ProxyProtocol { - case apiserver.ProtocolDirect: - allErrs = append(allErrs, validateDirectConnection(service.Connection, fldPath)...) - case apiserver.ProtocolHTTPConnect: - allErrs = append(allErrs, validateHTTPConnectTransport(service.Connection.Transport, fldPath)...) - case apiserver.ProtocolGRPC: - allErrs = append(allErrs, validateGRPCTransport(service.Connection.Transport, fldPath)...) - default: - allErrs = append(allErrs, field.NotSupported( - fldPath.Child("protocol"), - service.Connection.ProxyProtocol, - []string{ - string(apiserver.ProtocolDirect), - string(apiserver.ProtocolHTTPConnect), - string(apiserver.ProtocolGRPC), - })) - } - } - - seen := sets.String{} - for i, service := range config.EgressSelections { - canonicalName := strings.ToLower(service.Name) - fldPath := field.NewPath("service", "connection") - // no duplicate check - if seen.Has(canonicalName) { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i), canonicalName)) - continue - } - seen.Insert(canonicalName) - - if !validEgressSelectorNames.Has(canonicalName) { - allErrs = append(allErrs, field.NotSupported(fldPath, canonicalName, validEgressSelectorNames.List())) - continue - } - } - - return allErrs -} - -func validateHTTPConnectTransport(transport *apiserver.Transport, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if transport == nil { - allErrs = append(allErrs, field.Required( - fldPath.Child("transport"), - "transport must be set for HTTPConnect")) - return allErrs - } - - if transport.TCP != nil && transport.UDS != nil { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("tcp"), - transport.TCP, - "TCP and UDS cannot both be set")) - } else if transport.TCP == nil && transport.UDS == nil { - allErrs = append(allErrs, field.Required( - fldPath.Child("tcp"), - "One of TCP or UDS must be set")) - } else if transport.TCP != nil { - allErrs = append(allErrs, validateTCPConnection(transport.TCP, fldPath)...) - } else if transport.UDS != nil { - allErrs = append(allErrs, validateUDSConnection(transport.UDS, fldPath)...) - } - return allErrs -} - -func validateGRPCTransport(transport *apiserver.Transport, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if transport == nil { - allErrs = append(allErrs, field.Required( - fldPath.Child("transport"), - "transport must be set for GRPC")) - return allErrs - } - - if transport.UDS != nil { - allErrs = append(allErrs, validateUDSConnection(transport.UDS, fldPath)...) - } else { - allErrs = append(allErrs, field.Required( - fldPath.Child("uds"), - "UDS must be set with GRPC")) - } - return allErrs -} - -func validateDirectConnection(connection apiserver.Connection, fldPath *field.Path) field.ErrorList { - if connection.Transport != nil { - return field.ErrorList{field.Invalid( - fldPath.Child("transport"), - "direct", - "Transport config should be absent for direct connect"), - } - } - - return nil -} - -func validateUDSConnection(udsConfig *apiserver.UDSTransport, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if udsConfig.UDSName == "" { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("udsName"), - "nil", - "UDSName should be present for UDS connections")) - } - return allErrs -} - -func validateTCPConnection(tcpConfig *apiserver.TCPTransport, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if strings.HasPrefix(tcpConfig.URL, "http://") { - if tcpConfig.TLSConfig != nil { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("tlsConfig"), - "nil", - "TLSConfig config should not be present when using HTTP")) - } - } else if strings.HasPrefix(tcpConfig.URL, "https://") { - return validateTLSConfig(tcpConfig.TLSConfig, fldPath) - } else { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("url"), - tcpConfig.URL, - "supported connection protocols are http:// and https://")) - } - return allErrs -} - -func validateTLSConfig(tlsConfig *apiserver.TLSConfig, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if tlsConfig == nil { - allErrs = append(allErrs, field.Required( - fldPath.Child("tlsConfig"), - "TLSConfig must be present when using HTTPS")) - return allErrs - } - if tlsConfig.CABundle != "" { - if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.CABundle); !exists || err != nil { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("tlsConfig", "caBundle"), - tlsConfig.CABundle, - "TLS config ca bundle does not exist")) - } - } - if tlsConfig.ClientCert == "" { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("tlsConfig", "clientCert"), - "nil", - "Using TLS requires clientCert")) - } else if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.ClientCert); !exists || err != nil { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("tlsConfig", "clientCert"), - tlsConfig.ClientCert, - "TLS client cert does not exist")) - } - if tlsConfig.ClientKey == "" { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("tlsConfig", "clientKey"), - "nil", - "Using TLS requires requires clientKey")) - } else if exists, err := path.Exists(path.CheckFollowSymlink, tlsConfig.ClientKey); !exists || err != nil { - allErrs = append(allErrs, field.Invalid( - fldPath.Child("tlsConfig", "clientKey"), - tlsConfig.ClientKey, - "TLS client key does not exist")) - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go b/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go deleted file mode 100644 index 0936d6ef4e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go +++ /dev/null @@ -1,406 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package egressselector - -import ( - "bufio" - "context" - "crypto/tls" - "crypto/x509" - "fmt" - "io/ioutil" - "net" - "net/http" - "net/url" - "strings" - "time" - - "go.opentelemetry.io/otel/attribute" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/apis/apiserver" - egressmetrics "k8s.io/apiserver/pkg/server/egressselector/metrics" - "k8s.io/component-base/metrics/legacyregistry" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" - client "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client" -) - -var directDialer utilnet.DialFunc = http.DefaultTransport.(*http.Transport).DialContext - -func init() { - client.Metrics.RegisterMetrics(legacyregistry.Registerer()) -} - -// EgressSelector is the map of network context type to context dialer, for network egress. -type EgressSelector struct { - egressToDialer map[EgressType]utilnet.DialFunc -} - -// EgressType is an indicator of which egress selection should be used for sending traffic. -// See https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1281-network-proxy/README.md#network-context -type EgressType int - -const ( - // ControlPlane is the EgressType for traffic intended to go to the control plane. - ControlPlane EgressType = iota - // Etcd is the EgressType for traffic intended to go to Kubernetes persistence store. - Etcd - // Cluster is the EgressType for traffic intended to go to the system being managed by Kubernetes. - Cluster -) - -// NetworkContext is the struct used by Kubernetes API Server to indicate where it intends traffic to be sent. -type NetworkContext struct { - // EgressSelectionName is the unique name of the - // EgressSelectorConfiguration which determines - // the network we route the traffic to. - EgressSelectionName EgressType -} - -// Lookup is the interface to get the dialer function for the network context. -type Lookup func(networkContext NetworkContext) (utilnet.DialFunc, error) - -// String returns the canonical string representation of the egress type -func (s EgressType) String() string { - switch s { - case ControlPlane: - return "controlplane" - case Etcd: - return "etcd" - case Cluster: - return "cluster" - default: - return "invalid" - } -} - -// AsNetworkContext is a helper function to make it easy to get the basic NetworkContext objects. -func (s EgressType) AsNetworkContext() NetworkContext { - return NetworkContext{EgressSelectionName: s} -} - -func lookupServiceName(name string) (EgressType, error) { - switch strings.ToLower(name) { - case "controlplane": - return ControlPlane, nil - case "etcd": - return Etcd, nil - case "cluster": - return Cluster, nil - } - return -1, fmt.Errorf("unrecognized service name %s", name) -} - -func tunnelHTTPConnect(proxyConn net.Conn, proxyAddress, addr string) (net.Conn, error) { - fmt.Fprintf(proxyConn, "CONNECT %s HTTP/1.1\r\nHost: %s\r\n\r\n", addr, "127.0.0.1") - br := bufio.NewReader(proxyConn) - res, err := http.ReadResponse(br, nil) - if err != nil { - proxyConn.Close() - return nil, fmt.Errorf("reading HTTP response from CONNECT to %s via proxy %s failed: %v", - addr, proxyAddress, err) - } - if res.StatusCode != 200 { - proxyConn.Close() - return nil, fmt.Errorf("proxy error from %s while dialing %s, code %d: %v", - proxyAddress, addr, res.StatusCode, res.Status) - } - - // It's safe to discard the bufio.Reader here and return the - // original TCP conn directly because we only use this for - // TLS, and in TLS the client speaks first, so we know there's - // no unbuffered data. But we can double-check. - if br.Buffered() > 0 { - proxyConn.Close() - return nil, fmt.Errorf("unexpected %d bytes of buffered data from CONNECT proxy %q", - br.Buffered(), proxyAddress) - } - return proxyConn, nil -} - -type proxier interface { - // proxy returns a connection to addr. - proxy(ctx context.Context, addr string) (net.Conn, error) -} - -var _ proxier = &httpConnectProxier{} - -type httpConnectProxier struct { - conn net.Conn - proxyAddress string -} - -func (t *httpConnectProxier) proxy(ctx context.Context, addr string) (net.Conn, error) { - return tunnelHTTPConnect(t.conn, t.proxyAddress, addr) -} - -var _ proxier = &grpcProxier{} - -type grpcProxier struct { - tunnel client.Tunnel -} - -func (g *grpcProxier) proxy(ctx context.Context, addr string) (net.Conn, error) { - return g.tunnel.DialContext(ctx, "tcp", addr) -} - -type proxyServerConnector interface { - // connect establishes connection to the proxy server, and returns a - // proxier based on the connection. - // - // The provided Context must be non-nil. The context is used for connecting to the proxy only. - // If the context expires before the connection is complete, an error is returned. - // Once successfully connected to the proxy, any expiration of the context will not affect the connection. - connect(context.Context) (proxier, error) -} - -type tcpHTTPConnectConnector struct { - proxyAddress string - tlsConfig *tls.Config -} - -func (t *tcpHTTPConnectConnector) connect(ctx context.Context) (proxier, error) { - d := tls.Dialer{ - Config: t.tlsConfig, - } - conn, err := d.DialContext(ctx, "tcp", t.proxyAddress) - if err != nil { - return nil, err - } - return &httpConnectProxier{conn: conn, proxyAddress: t.proxyAddress}, nil -} - -type udsHTTPConnectConnector struct { - udsName string -} - -func (u *udsHTTPConnectConnector) connect(ctx context.Context) (proxier, error) { - var d net.Dialer - conn, err := d.DialContext(ctx, "unix", u.udsName) - if err != nil { - return nil, err - } - return &httpConnectProxier{conn: conn, proxyAddress: u.udsName}, nil -} - -type udsGRPCConnector struct { - udsName string -} - -// connect establishes a connection to a proxy over gRPC. -// TODO At the moment, it does not use the provided context. -func (u *udsGRPCConnector) connect(_ context.Context) (proxier, error) { - udsName := u.udsName - dialOption := grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) { - var d net.Dialer - c, err := d.DialContext(ctx, "unix", udsName) - if err != nil { - klog.Errorf("failed to create connection to uds name %s, error: %v", udsName, err) - } - return c, err - }) - - // CreateSingleUseGrpcTunnel() unfortunately couples dial and connection contexts. Because of that, - // we cannot use ctx just for dialing and control the connection lifetime separately. - // See https://github.com/kubernetes-sigs/apiserver-network-proxy/issues/357. - tunnelCtx := context.TODO() - tunnel, err := client.CreateSingleUseGrpcTunnel(tunnelCtx, udsName, dialOption, - grpc.WithBlock(), - grpc.WithReturnConnectionError(), - grpc.WithTimeout(30*time.Second), // matches http.DefaultTransport dial timeout - grpc.WithTransportCredentials(insecure.NewCredentials())) - if err != nil { - return nil, err - } - return &grpcProxier{tunnel: tunnel}, nil -} - -type dialerCreator struct { - connector proxyServerConnector - direct bool - options metricsOptions -} - -type metricsOptions struct { - transport string - protocol string -} - -func (d *dialerCreator) createDialer() utilnet.DialFunc { - if d.direct { - return directDialer - } - return func(ctx context.Context, network, addr string) (net.Conn, error) { - ctx, span := tracing.Start(ctx, fmt.Sprintf("Proxy via %s protocol over %s", d.options.protocol, d.options.transport), attribute.String("address", addr)) - defer span.End(500 * time.Millisecond) - start := egressmetrics.Metrics.Clock().Now() - egressmetrics.Metrics.ObserveDialStart(d.options.protocol, d.options.transport) - proxier, err := d.connector.connect(ctx) - if err != nil { - egressmetrics.Metrics.ObserveDialFailure(d.options.protocol, d.options.transport, egressmetrics.StageConnect) - return nil, err - } - conn, err := proxier.proxy(ctx, addr) - if err != nil { - egressmetrics.Metrics.ObserveDialFailure(d.options.protocol, d.options.transport, egressmetrics.StageProxy) - return nil, err - } - egressmetrics.Metrics.ObserveDialLatency(egressmetrics.Metrics.Clock().Now().Sub(start), d.options.protocol, d.options.transport) - return conn, nil - } -} - -func getTLSConfig(t *apiserver.TLSConfig) (*tls.Config, error) { - clientCert := t.ClientCert - clientKey := t.ClientKey - caCert := t.CABundle - clientCerts, err := tls.LoadX509KeyPair(clientCert, clientKey) - if err != nil { - return nil, fmt.Errorf("failed to read key pair %s & %s, got %v", clientCert, clientKey, err) - } - certPool := x509.NewCertPool() - if caCert != "" { - certBytes, err := ioutil.ReadFile(caCert) - if err != nil { - return nil, fmt.Errorf("failed to read cert file %s, got %v", caCert, err) - } - ok := certPool.AppendCertsFromPEM(certBytes) - if !ok { - return nil, fmt.Errorf("failed to append CA cert to the cert pool") - } - } else { - // Use host's root CA set instead of providing our own - certPool = nil - } - return &tls.Config{ - Certificates: []tls.Certificate{clientCerts}, - RootCAs: certPool, - }, nil -} - -func getProxyAddress(urlString string) (string, error) { - proxyURL, err := url.Parse(urlString) - if err != nil { - return "", fmt.Errorf("invalid proxy server url %q: %v", urlString, err) - } - return proxyURL.Host, nil -} - -func connectionToDialerCreator(c apiserver.Connection) (*dialerCreator, error) { - switch c.ProxyProtocol { - - case apiserver.ProtocolHTTPConnect: - if c.Transport.UDS != nil { - return &dialerCreator{ - connector: &udsHTTPConnectConnector{ - udsName: c.Transport.UDS.UDSName, - }, - options: metricsOptions{ - transport: egressmetrics.TransportUDS, - protocol: egressmetrics.ProtocolHTTPConnect, - }, - }, nil - } else if c.Transport.TCP != nil { - tlsConfig, err := getTLSConfig(c.Transport.TCP.TLSConfig) - if err != nil { - return nil, err - } - proxyAddress, err := getProxyAddress(c.Transport.TCP.URL) - if err != nil { - return nil, err - } - return &dialerCreator{ - connector: &tcpHTTPConnectConnector{ - tlsConfig: tlsConfig, - proxyAddress: proxyAddress, - }, - options: metricsOptions{ - transport: egressmetrics.TransportTCP, - protocol: egressmetrics.ProtocolHTTPConnect, - }, - }, nil - } else { - return nil, fmt.Errorf("Either a TCP or UDS transport must be specified") - } - case apiserver.ProtocolGRPC: - if c.Transport.UDS != nil { - return &dialerCreator{ - connector: &udsGRPCConnector{ - udsName: c.Transport.UDS.UDSName, - }, - options: metricsOptions{ - transport: egressmetrics.TransportUDS, - protocol: egressmetrics.ProtocolGRPC, - }, - }, nil - } - return nil, fmt.Errorf("UDS transport must be specified for GRPC") - case apiserver.ProtocolDirect: - return &dialerCreator{direct: true}, nil - default: - return nil, fmt.Errorf("unrecognized service connection protocol %q", c.ProxyProtocol) - } - -} - -// NewEgressSelector configures lookup mechanism for Lookup. -// It does so based on a EgressSelectorConfiguration which was read at startup. -func NewEgressSelector(config *apiserver.EgressSelectorConfiguration) (*EgressSelector, error) { - if config == nil || config.EgressSelections == nil { - // No Connection Services configured, leaving the serviceMap empty, will return default dialer. - return nil, nil - } - cs := &EgressSelector{ - egressToDialer: make(map[EgressType]utilnet.DialFunc), - } - for _, service := range config.EgressSelections { - name, err := lookupServiceName(service.Name) - if err != nil { - return nil, err - } - dialerCreator, err := connectionToDialerCreator(service.Connection) - if err != nil { - return nil, fmt.Errorf("failed to create dialer for egressSelection %q: %v", name, err) - } - cs.egressToDialer[name] = dialerCreator.createDialer() - } - return cs, nil -} - -// NewEgressSelectorWithMap returns a EgressSelector with the supplied EgressType to DialFunc map. -func NewEgressSelectorWithMap(m map[EgressType]utilnet.DialFunc) *EgressSelector { - if m == nil { - m = make(map[EgressType]utilnet.DialFunc) - } - return &EgressSelector{ - egressToDialer: m, - } -} - -// Lookup gets the dialer function for the network context. -// This is configured for the Kubernetes API Server at startup. -func (cs *EgressSelector) Lookup(networkContext NetworkContext) (utilnet.DialFunc, error) { - if cs.egressToDialer == nil { - // The round trip wrapper will over-ride the dialContext method appropriately - return nil, nil - } - - return cs.egressToDialer[networkContext.EgressSelectionName], nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/metrics/metrics.go deleted file mode 100644 index 2e39947cd5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/egressselector/metrics/metrics.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "time" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" - "k8s.io/utils/clock" -) - -const ( - namespace = "apiserver" - subsystem = "egress_dialer" - - // ProtocolHTTPConnect means that the proxy protocol is http-connect. - ProtocolHTTPConnect = "http_connect" - // ProtocolGRPC means that the proxy protocol is the GRPC protocol. - ProtocolGRPC = "grpc" - // TransportTCP means that the transport is TCP. - TransportTCP = "tcp" - // TransportUDS means that the transport is UDS. - TransportUDS = "uds" - // StageConnect indicates that the dial failed at establishing connection to the proxy server. - StageConnect = "connect" - // StageProxy indicates that the dial failed at requesting the proxy server to proxy. - StageProxy = "proxy" -) - -var ( - // Use buckets ranging from 5 ms to 12.5 seconds. - latencyBuckets = []float64{0.005, 0.025, 0.1, 0.5, 2.5, 12.5} - - // Metrics provides access to all dial metrics. - Metrics = newDialMetrics() -) - -// DialMetrics instruments dials to proxy server with prometheus metrics. -type DialMetrics struct { - clock clock.Clock - starts *metrics.CounterVec - latencies *metrics.HistogramVec - failures *metrics.CounterVec -} - -// newDialMetrics create a new DialMetrics, configured with default metric names. -func newDialMetrics() *DialMetrics { - starts := metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "dial_start_total", - Help: "Dial starts, labeled by the protocol (http-connect or grpc) and transport (tcp or uds).", - StabilityLevel: metrics.ALPHA, - }, - []string{"protocol", "transport"}, - ) - - latencies := metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "dial_duration_seconds", - Help: "Dial latency histogram in seconds, labeled by the protocol (http-connect or grpc), transport (tcp or uds)", - Buckets: latencyBuckets, - StabilityLevel: metrics.ALPHA, - }, - []string{"protocol", "transport"}, - ) - - failures := metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "dial_failure_count", - Help: "Dial failure count, labeled by the protocol (http-connect or grpc), transport (tcp or uds), and stage (connect or proxy). The stage indicates at which stage the dial failed", - StabilityLevel: metrics.ALPHA, - }, - []string{"protocol", "transport", "stage"}, - ) - - legacyregistry.MustRegister(starts) - legacyregistry.MustRegister(latencies) - legacyregistry.MustRegister(failures) - return &DialMetrics{starts: starts, latencies: latencies, failures: failures, clock: clock.RealClock{}} -} - -// Clock returns the clock. -func (m *DialMetrics) Clock() clock.Clock { - return m.clock -} - -// SetClock sets the clock. -func (m *DialMetrics) SetClock(c clock.Clock) { - m.clock = c -} - -// Reset resets the metrics. -func (m *DialMetrics) Reset() { - m.starts.Reset() - m.latencies.Reset() - m.failures.Reset() -} - -// ObserveDialStart records the start of a dial attempt, labeled by protocol, transport. -func (m *DialMetrics) ObserveDialStart(protocol, transport string) { - m.starts.WithLabelValues(protocol, transport).Inc() -} - -// ObserveDialLatency records the latency of a dial, labeled by protocol, transport. -func (m *DialMetrics) ObserveDialLatency(elapsed time.Duration, protocol, transport string) { - m.latencies.WithLabelValues(protocol, transport).Observe(elapsed.Seconds()) -} - -// ObserveDialFailure records a failed dial, labeled by protocol, transport, and the stage the dial failed at. -func (m *DialMetrics) ObserveDialFailure(protocol, transport, stage string) { - m.failures.WithLabelValues(protocol, transport, stage).Inc() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/OWNERS deleted file mode 100644 index 010b7838e3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - sttts - - dims diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/content_type.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/content_type.go deleted file mode 100644 index 65c73fcdc4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/content_type.go +++ /dev/null @@ -1,28 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import "net/http" - -// WithContentType sets both the Content-Type and the X-Content-Type-Options (nosniff) header -func WithContentType(handler http.Handler, contentType string) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", contentType) - w.Header().Set("X-Content-Type-Options", "nosniff") - handler.ServeHTTP(w, r) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/cors.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/cors.go deleted file mode 100644 index 29c46e4c79..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/cors.go +++ /dev/null @@ -1,98 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" - "regexp" - "strings" - - "k8s.io/klog/v2" -) - -// TODO: use restful.CrossOriginResourceSharing -// See github.com/emicklei/go-restful/blob/master/examples/cors/restful-CORS-filter.go, and -// github.com/emicklei/go-restful/blob/master/examples/basicauth/restful-basic-authentication.go -// Or, for a more detailed implementation use https://github.com/martini-contrib/cors -// or implement CORS at your proxy layer. - -// WithCORS is a simple CORS implementation that wraps an http Handler. -// Pass nil for allowedMethods and allowedHeaders to use the defaults. If allowedOriginPatterns -// is empty or nil, no CORS support is installed. -func WithCORS(handler http.Handler, allowedOriginPatterns []string, allowedMethods []string, allowedHeaders []string, exposedHeaders []string, allowCredentials string) http.Handler { - if len(allowedOriginPatterns) == 0 { - return handler - } - allowedOriginPatternsREs := allowedOriginRegexps(allowedOriginPatterns) - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - origin := req.Header.Get("Origin") - if origin != "" { - allowed := false - for _, re := range allowedOriginPatternsREs { - if allowed = re.MatchString(origin); allowed { - break - } - } - if allowed { - w.Header().Set("Access-Control-Allow-Origin", origin) - // Set defaults for methods and headers if nothing was passed - if allowedMethods == nil { - allowedMethods = []string{"POST", "GET", "OPTIONS", "PUT", "DELETE", "PATCH"} - } - if allowedHeaders == nil { - allowedHeaders = []string{"Content-Type", "Content-Length", "Accept-Encoding", "X-CSRF-Token", "Authorization", "X-Requested-With", "If-Modified-Since"} - } - if exposedHeaders == nil { - exposedHeaders = []string{"Date"} - } - w.Header().Set("Access-Control-Allow-Methods", strings.Join(allowedMethods, ", ")) - w.Header().Set("Access-Control-Allow-Headers", strings.Join(allowedHeaders, ", ")) - w.Header().Set("Access-Control-Expose-Headers", strings.Join(exposedHeaders, ", ")) - w.Header().Set("Access-Control-Allow-Credentials", allowCredentials) - - // Stop here if its a preflight OPTIONS request - if req.Method == "OPTIONS" { - w.WriteHeader(http.StatusNoContent) - return - } - } - } - // Dispatch to the next handler - handler.ServeHTTP(w, req) - }) -} - -func allowedOriginRegexps(allowedOrigins []string) []*regexp.Regexp { - res, err := compileRegexps(allowedOrigins) - if err != nil { - klog.Fatalf("Invalid CORS allowed origin, --cors-allowed-origins flag was set to %v - %v", strings.Join(allowedOrigins, ","), err) - } - return res -} - -// Takes a list of strings and compiles them into a list of regular expressions -func compileRegexps(regexpStrings []string) ([]*regexp.Regexp, error) { - regexps := []*regexp.Regexp{} - for _, regexpStr := range regexpStrings { - r, err := regexp.Compile(regexpStr) - if err != nil { - return []*regexp.Regexp{}, err - } - regexps = append(regexps, r) - } - return regexps, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/doc.go deleted file mode 100644 index a90cc3b496..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package filters contains all the http handler chain filters which -// are not api related. -package filters // import "k8s.io/apiserver/pkg/server/filters" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/goaway.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/goaway.go deleted file mode 100644 index 065bd22bbc..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/goaway.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "math/rand" - "net/http" - "sync" -) - -// GoawayDecider decides if server should send a GOAWAY -type GoawayDecider interface { - Goaway(r *http.Request) bool -} - -var ( - // randPool used to get a rand.Rand and generate a random number thread-safely, - // which improve the performance of using rand.Rand with a locker - randPool = &sync.Pool{ - New: func() interface{} { - return rand.New(rand.NewSource(rand.Int63())) - }, - } -) - -// WithProbabilisticGoaway returns an http.Handler that send GOAWAY probabilistically -// according to the given chance for HTTP2 requests. After client receive GOAWAY, -// the in-flight long-running requests will not be influenced, and the new requests -// will use a new TCP connection to re-balancing to another server behind the load balance. -func WithProbabilisticGoaway(inner http.Handler, chance float64) http.Handler { - return &goaway{ - handler: inner, - decider: &probabilisticGoawayDecider{ - chance: chance, - next: func() float64 { - rnd := randPool.Get().(*rand.Rand) - ret := rnd.Float64() - randPool.Put(rnd) - return ret - }, - }, - } -} - -// goaway send a GOAWAY to client according to decider for HTTP2 requests -type goaway struct { - handler http.Handler - decider GoawayDecider -} - -// ServeHTTP implement HTTP handler -func (h *goaway) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if r.Proto == "HTTP/2.0" && h.decider.Goaway(r) { - // Send a GOAWAY and tear down the TCP connection when idle. - w.Header().Set("Connection", "close") - } - - h.handler.ServeHTTP(w, r) -} - -// probabilisticGoawayDecider send GOAWAY probabilistically according to chance -type probabilisticGoawayDecider struct { - chance float64 - next func() float64 -} - -// Goaway implement GoawayDecider -func (p *probabilisticGoawayDecider) Goaway(r *http.Request) bool { - return p.next() < p.chance -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/hsts.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/hsts.go deleted file mode 100644 index 46625381fa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/hsts.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" - "strings" -) - -// WithHSTS is a simple HSTS implementation that wraps an http Handler. -// If hstsDirectives is empty or nil, no HSTS support is installed. -func WithHSTS(handler http.Handler, hstsDirectives []string) http.Handler { - if len(hstsDirectives) == 0 { - return handler - } - allDirectives := strings.Join(hstsDirectives, "; ") - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - // Chrome and Mozilla Firefox maintain an HSTS preload list - // issue : golang.org/issue/26162 - // Set the Strict-Transport-Security header if it is not already set - if _, ok := w.Header()["Strict-Transport-Security"]; !ok { - w.Header().Set("Strict-Transport-Security", allDirectives) - } - handler.ServeHTTP(w, req) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/longrunning.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/longrunning.go deleted file mode 100644 index 1b58f16386..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/longrunning.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" - "strings" - - "k8s.io/apimachinery/pkg/util/sets" - apirequest "k8s.io/apiserver/pkg/endpoints/request" -) - -// BasicLongRunningRequestCheck returns true if the given request has one of the specified verbs or one of the specified subresources, or is a profiler request. -func BasicLongRunningRequestCheck(longRunningVerbs, longRunningSubresources sets.String) apirequest.LongRunningRequestCheck { - return func(r *http.Request, requestInfo *apirequest.RequestInfo) bool { - if longRunningVerbs.Has(requestInfo.Verb) { - return true - } - if requestInfo.IsResourceRequest && longRunningSubresources.Has(requestInfo.Subresource) { - return true - } - if !requestInfo.IsResourceRequest && strings.HasPrefix(requestInfo.Path, "/debug/pprof/") { - return true - } - return false - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/maxinflight.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/maxinflight.go deleted file mode 100644 index 5d7b00ec33..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/maxinflight.go +++ /dev/null @@ -1,229 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "fmt" - "net/http" - "sync" - "time" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/endpoints/metrics" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - fcmetrics "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - - "k8s.io/klog/v2" -) - -const ( - // Constant for the retry-after interval on rate limiting. - // TODO: maybe make this dynamic? or user-adjustable? - retryAfter = "1" - - // How often inflight usage metric should be updated. Because - // the metrics tracks maximal value over period making this - // longer will increase the metric value. - inflightUsageMetricUpdatePeriod = time.Second -) - -var ( - nonMutatingRequestVerbs = sets.NewString("get", "list", "watch") - watchVerbs = sets.NewString("watch") -) - -func handleError(w http.ResponseWriter, r *http.Request, err error) { - errorMsg := fmt.Sprintf("Internal Server Error: %#v", r.RequestURI) - http.Error(w, errorMsg, http.StatusInternalServerError) - klog.Errorf(err.Error()) -} - -// requestWatermark is used to track maximal numbers of requests in a particular phase of handling -type requestWatermark struct { - phase string - readOnlyObserver, mutatingObserver fcmetrics.RatioedGauge - lock sync.Mutex - readOnlyWatermark, mutatingWatermark int -} - -func (w *requestWatermark) recordMutating(mutatingVal int) { - w.mutatingObserver.Set(float64(mutatingVal)) - - w.lock.Lock() - defer w.lock.Unlock() - - if w.mutatingWatermark < mutatingVal { - w.mutatingWatermark = mutatingVal - } -} - -func (w *requestWatermark) recordReadOnly(readOnlyVal int) { - w.readOnlyObserver.Set(float64(readOnlyVal)) - - w.lock.Lock() - defer w.lock.Unlock() - - if w.readOnlyWatermark < readOnlyVal { - w.readOnlyWatermark = readOnlyVal - } -} - -// watermark tracks requests being executed (not waiting in a queue) -var watermark = &requestWatermark{ - phase: metrics.ExecutingPhase, -} - -// startWatermarkMaintenance starts the goroutines to observe and maintain the specified watermark. -func startWatermarkMaintenance(watermark *requestWatermark, stopCh <-chan struct{}) { - // Periodically update the inflight usage metric. - go wait.Until(func() { - watermark.lock.Lock() - readOnlyWatermark := watermark.readOnlyWatermark - mutatingWatermark := watermark.mutatingWatermark - watermark.readOnlyWatermark = 0 - watermark.mutatingWatermark = 0 - watermark.lock.Unlock() - - metrics.UpdateInflightRequestMetrics(watermark.phase, readOnlyWatermark, mutatingWatermark) - }, inflightUsageMetricUpdatePeriod, stopCh) -} - -var initMaxInFlightOnce sync.Once - -func initMaxInFlight(nonMutatingLimit, mutatingLimit int) { - initMaxInFlightOnce.Do(func() { - // Fetching these gauges is delayed until after their underlying metric has been registered - // so that this latches onto the efficient implementation. - watermark.readOnlyObserver = fcmetrics.GetExecutingReadonlyConcurrency() - watermark.mutatingObserver = fcmetrics.GetExecutingMutatingConcurrency() - if nonMutatingLimit != 0 { - watermark.readOnlyObserver.SetDenominator(float64(nonMutatingLimit)) - klog.V(2).InfoS("Set denominator for readonly requests", "limit", nonMutatingLimit) - } - if mutatingLimit != 0 { - watermark.mutatingObserver.SetDenominator(float64(mutatingLimit)) - klog.V(2).InfoS("Set denominator for mutating requests", "limit", mutatingLimit) - } - }) -} - -// WithMaxInFlightLimit limits the number of in-flight requests to buffer size of the passed in channel. -func WithMaxInFlightLimit( - handler http.Handler, - nonMutatingLimit int, - mutatingLimit int, - longRunningRequestCheck apirequest.LongRunningRequestCheck, -) http.Handler { - if nonMutatingLimit == 0 && mutatingLimit == 0 { - return handler - } - var nonMutatingChan chan bool - var mutatingChan chan bool - if nonMutatingLimit != 0 { - nonMutatingChan = make(chan bool, nonMutatingLimit) - klog.V(2).InfoS("Initialized nonMutatingChan", "len", nonMutatingLimit) - } else { - klog.V(2).InfoS("Running with nil nonMutatingChan") - } - if mutatingLimit != 0 { - mutatingChan = make(chan bool, mutatingLimit) - klog.V(2).InfoS("Initialized mutatingChan", "len", mutatingLimit) - } else { - klog.V(2).InfoS("Running with nil mutatingChan") - } - initMaxInFlight(nonMutatingLimit, mutatingLimit) - - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx := r.Context() - requestInfo, ok := apirequest.RequestInfoFrom(ctx) - if !ok { - handleError(w, r, fmt.Errorf("no RequestInfo found in context, handler chain must be wrong")) - return - } - - // Skip tracking long running events. - if longRunningRequestCheck != nil && longRunningRequestCheck(r, requestInfo) { - handler.ServeHTTP(w, r) - return - } - - var c chan bool - isMutatingRequest := !nonMutatingRequestVerbs.Has(requestInfo.Verb) - if isMutatingRequest { - c = mutatingChan - } else { - c = nonMutatingChan - } - - if c == nil { - handler.ServeHTTP(w, r) - } else { - - select { - case c <- true: - // We note the concurrency level both while the - // request is being served and after it is done being - // served, because both states contribute to the - // sampled stats on concurrency. - if isMutatingRequest { - watermark.recordMutating(len(c)) - } else { - watermark.recordReadOnly(len(c)) - } - defer func() { - <-c - if isMutatingRequest { - watermark.recordMutating(len(c)) - } else { - watermark.recordReadOnly(len(c)) - } - }() - handler.ServeHTTP(w, r) - - default: - // at this point we're about to return a 429, BUT not all actors should be rate limited. A system:master is so powerful - // that they should always get an answer. It's a super-admin or a loopback connection. - if currUser, ok := apirequest.UserFrom(ctx); ok { - for _, group := range currUser.GetGroups() { - if group == user.SystemPrivilegedGroup { - handler.ServeHTTP(w, r) - return - } - } - } - // We need to split this data between buckets used for throttling. - metrics.RecordDroppedRequest(r, requestInfo, metrics.APIServerComponent, isMutatingRequest) - metrics.RecordRequestTermination(r, requestInfo, metrics.APIServerComponent, http.StatusTooManyRequests) - tooManyRequests(r, w) - } - } - }) -} - -// StartMaxInFlightWatermarkMaintenance starts the goroutines to observe and maintain watermarks for max-in-flight -// requests. -func StartMaxInFlightWatermarkMaintenance(stopCh <-chan struct{}) { - startWatermarkMaintenance(watermark, stopCh) -} - -func tooManyRequests(req *http.Request, w http.ResponseWriter) { - // Return a 429 status indicating "Too Many Requests" - w.Header().Set("Retry-After", retryAfter) - http.Error(w, "Too many requests, please try again later.", http.StatusTooManyRequests) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/patch_optin_retry.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/patch_optin_retry.go deleted file mode 100644 index 88cdaabbea..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/patch_optin_retry.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" -) - -func WithOptInRetryAfter(handler http.Handler, initializedFn func() bool) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - var retryAfter bool - if value := req.Header.Get("X-OpenShift-Internal-If-Not-Ready"); value == "reject" { - // the caller opted in for the request to be rejected if the server is not ready - retryAfter = !initializedFn() - } - - if !retryAfter { - handler.ServeHTTP(w, req) - return - } - - // Return a 429 status asking the client to try again after 5 seconds - w.Header().Set("Retry-After", "5") - http.Error(w, "The apiserver hasn't been fully initialized yet, please try again later.", http.StatusTooManyRequests) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go deleted file mode 100644 index 937971c17e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go +++ /dev/null @@ -1,325 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "context" - "fmt" - "net/http" - "runtime" - "sync" - "sync/atomic" - "time" - - flowcontrol "k8s.io/api/flowcontrol/v1beta3" - apitypes "k8s.io/apimachinery/pkg/types" - epmetrics "k8s.io/apiserver/pkg/endpoints/metrics" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/server/httplog" - utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" - fcmetrics "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - flowcontrolrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - "k8s.io/klog/v2" -) - -// PriorityAndFairnessClassification identifies the results of -// classification for API Priority and Fairness -type PriorityAndFairnessClassification struct { - FlowSchemaName string - FlowSchemaUID apitypes.UID - PriorityLevelName string - PriorityLevelUID apitypes.UID -} - -// waitingMark tracks requests waiting rather than being executed -var waitingMark = &requestWatermark{ - phase: epmetrics.WaitingPhase, -} - -var atomicMutatingExecuting, atomicReadOnlyExecuting int32 -var atomicMutatingWaiting, atomicReadOnlyWaiting int32 - -// newInitializationSignal is defined for testing purposes. -var newInitializationSignal = utilflowcontrol.NewInitializationSignal - -func truncateLogField(s string) string { - const maxFieldLogLength = 64 - - if len(s) > maxFieldLogLength { - s = s[0:maxFieldLogLength] - } - return s -} - -var initAPFOnce sync.Once - -// WithPriorityAndFairness limits the number of in-flight -// requests in a fine-grained way. -func WithPriorityAndFairness( - handler http.Handler, - longRunningRequestCheck apirequest.LongRunningRequestCheck, - fcIfc utilflowcontrol.Interface, - workEstimator flowcontrolrequest.WorkEstimatorFunc, -) http.Handler { - if fcIfc == nil { - klog.Warningf("priority and fairness support not found, skipping") - return handler - } - initAPFOnce.Do(func() { - initMaxInFlight(0, 0) - // Fetching these gauges is delayed until after their underlying metric has been registered - // so that this latches onto the efficient implementation. - waitingMark.readOnlyObserver = fcmetrics.GetWaitingReadonlyConcurrency() - waitingMark.mutatingObserver = fcmetrics.GetWaitingMutatingConcurrency() - }) - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx := r.Context() - requestInfo, ok := apirequest.RequestInfoFrom(ctx) - if !ok { - handleError(w, r, fmt.Errorf("no RequestInfo found in context")) - return - } - user, ok := apirequest.UserFrom(ctx) - if !ok { - handleError(w, r, fmt.Errorf("no User found in context")) - return - } - - isWatchRequest := watchVerbs.Has(requestInfo.Verb) - - // Skip tracking long running non-watch requests. - if longRunningRequestCheck != nil && longRunningRequestCheck(r, requestInfo) && !isWatchRequest { - klog.V(6).Infof("Serving RequestInfo=%#+v, user.Info=%#+v as longrunning\n", requestInfo, user) - handler.ServeHTTP(w, r) - return - } - - var classification *PriorityAndFairnessClassification - noteFn := func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration, flowDistinguisher string) { - classification = &PriorityAndFairnessClassification{ - FlowSchemaName: fs.Name, - FlowSchemaUID: fs.UID, - PriorityLevelName: pl.Name, - PriorityLevelUID: pl.UID} - - httplog.AddKeyValue(ctx, "apf_pl", truncateLogField(pl.Name)) - httplog.AddKeyValue(ctx, "apf_fs", truncateLogField(fs.Name)) - } - // estimateWork is called, if at all, after noteFn - estimateWork := func() flowcontrolrequest.WorkEstimate { - if classification == nil { - // workEstimator is being invoked before classification of - // the request has completed, we should never be here though. - klog.ErrorS(fmt.Errorf("workEstimator is being invoked before classification of the request has completed"), - "Using empty FlowSchema and PriorityLevelConfiguration name", "verb", r.Method, "URI", r.RequestURI) - - return workEstimator(r, "", "") - } - - workEstimate := workEstimator(r, classification.FlowSchemaName, classification.PriorityLevelName) - - fcmetrics.ObserveWorkEstimatedSeats(classification.PriorityLevelName, classification.FlowSchemaName, workEstimate.MaxSeats()) - httplog.AddKeyValue(ctx, "apf_iseats", workEstimate.InitialSeats) - httplog.AddKeyValue(ctx, "apf_fseats", workEstimate.FinalSeats) - httplog.AddKeyValue(ctx, "apf_additionalLatency", workEstimate.AdditionalLatency) - - return workEstimate - } - - var served bool - isMutatingRequest := !nonMutatingRequestVerbs.Has(requestInfo.Verb) - noteExecutingDelta := func(delta int32) { - if isMutatingRequest { - watermark.recordMutating(int(atomic.AddInt32(&atomicMutatingExecuting, delta))) - } else { - watermark.recordReadOnly(int(atomic.AddInt32(&atomicReadOnlyExecuting, delta))) - } - } - noteWaitingDelta := func(delta int32) { - if isMutatingRequest { - waitingMark.recordMutating(int(atomic.AddInt32(&atomicMutatingWaiting, delta))) - } else { - waitingMark.recordReadOnly(int(atomic.AddInt32(&atomicReadOnlyWaiting, delta))) - } - } - queueNote := func(inQueue bool) { - if inQueue { - noteWaitingDelta(1) - } else { - noteWaitingDelta(-1) - } - } - - digest := utilflowcontrol.RequestDigest{ - RequestInfo: requestInfo, - User: user, - } - - if isWatchRequest { - // This channel blocks calling handler.ServeHTTP() until closed, and is closed inside execute(). - // If APF rejects the request, it is never closed. - shouldStartWatchCh := make(chan struct{}) - - watchInitializationSignal := newInitializationSignal() - // This wraps the request passed to handler.ServeHTTP(), - // setting a context that plumbs watchInitializationSignal to storage - var watchReq *http.Request - // This is set inside execute(), prior to closing shouldStartWatchCh. - // If the request is rejected by APF it is left nil. - var forgetWatch utilflowcontrol.ForgetWatchFunc - - defer func() { - // Protect from the situation when request will not reach storage layer - // and the initialization signal will not be send. - if watchInitializationSignal != nil { - watchInitializationSignal.Signal() - } - // Forget the watcher if it was registered. - // - // // This is race-free because by this point, one of the following occurred: - // case <-shouldStartWatchCh: execute() completed the assignment to forgetWatch - // case <-resultCh: Handle() completed, and Handle() does not return - // while execute() is running - if forgetWatch != nil { - forgetWatch() - } - }() - - execute := func() { - startedAt := time.Now() - defer func() { - httplog.AddKeyValue(ctx, "apf_init_latency", time.Since(startedAt)) - }() - noteExecutingDelta(1) - defer noteExecutingDelta(-1) - served = true - setResponseHeaders(classification, w) - - forgetWatch = fcIfc.RegisterWatch(r) - - // Notify the main thread that we're ready to start the watch. - close(shouldStartWatchCh) - - // Wait until the request is finished from the APF point of view - // (which is when its initialization is done). - watchInitializationSignal.Wait() - } - - // Ensure that an item can be put to resultCh asynchronously. - resultCh := make(chan interface{}, 1) - - // Call Handle in a separate goroutine. - // The reason for it is that from APF point of view, the request processing - // finishes as soon as watch is initialized (which is generally orders of - // magnitude faster then the watch request itself). This means that Handle() - // call finishes much faster and for performance reasons we want to reduce - // the number of running goroutines - so we run the shorter thing in a - // dedicated goroutine and the actual watch handler in the main one. - go func() { - defer func() { - err := recover() - // do not wrap the sentinel ErrAbortHandler panic value - if err != nil && err != http.ErrAbortHandler { - // Same as stdlib http server code. Manually allocate stack - // trace buffer size to prevent excessively large logs - const size = 64 << 10 - buf := make([]byte, size) - buf = buf[:runtime.Stack(buf, false)] - err = fmt.Sprintf("%v\n%s", err, buf) - } - - // Ensure that the result is put into resultCh independently of the panic. - resultCh <- err - }() - - // We create handleCtx with explicit cancelation function. - // The reason for it is that Handle() underneath may start additional goroutine - // that is blocked on context cancellation. However, from APF point of view, - // we don't want to wait until the whole watch request is processed (which is - // when it context is actually cancelled) - we want to unblock the goroutine as - // soon as the request is processed from the APF point of view. - // - // Note that we explicitly do NOT call the actuall handler using that context - // to avoid cancelling request too early. - handleCtx, handleCtxCancel := context.WithCancel(ctx) - defer handleCtxCancel() - - // Note that Handle will return irrespective of whether the request - // executes or is rejected. In the latter case, the function will return - // without calling the passed `execute` function. - fcIfc.Handle(handleCtx, digest, noteFn, estimateWork, queueNote, execute) - }() - - select { - case <-shouldStartWatchCh: - watchCtx := utilflowcontrol.WithInitializationSignal(ctx, watchInitializationSignal) - watchReq = r.WithContext(watchCtx) - handler.ServeHTTP(w, watchReq) - // Protect from the situation when request will not reach storage layer - // and the initialization signal will not be send. - // It has to happen before waiting on the resultCh below. - watchInitializationSignal.Signal() - // TODO: Consider finishing the request as soon as Handle call panics. - if err := <-resultCh; err != nil { - panic(err) - } - case err := <-resultCh: - if err != nil { - panic(err) - } - } - } else { - execute := func() { - noteExecutingDelta(1) - defer noteExecutingDelta(-1) - served = true - setResponseHeaders(classification, w) - - handler.ServeHTTP(w, r) - } - - fcIfc.Handle(ctx, digest, noteFn, estimateWork, queueNote, execute) - } - - if !served { - setResponseHeaders(classification, w) - - epmetrics.RecordDroppedRequest(r, requestInfo, epmetrics.APIServerComponent, isMutatingRequest) - epmetrics.RecordRequestTermination(r, requestInfo, epmetrics.APIServerComponent, http.StatusTooManyRequests) - tooManyRequests(r, w) - } - }) -} - -// StartPriorityAndFairnessWatermarkMaintenance starts the goroutines to observe and maintain watermarks for -// priority-and-fairness requests. -func StartPriorityAndFairnessWatermarkMaintenance(stopCh <-chan struct{}) { - startWatermarkMaintenance(watermark, stopCh) - startWatermarkMaintenance(waitingMark, stopCh) -} - -func setResponseHeaders(classification *PriorityAndFairnessClassification, w http.ResponseWriter) { - if classification == nil { - return - } - - // We intentionally set the UID of the flow-schema and priority-level instead of name. This is so that - // the names that cluster-admins choose for categorization and priority levels are not exposed, also - // the names might make it obvious to the users that they are rejected due to classification with low priority. - w.Header().Set(flowcontrol.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID)) - w.Header().Set(flowcontrol.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/timeout.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/timeout.go deleted file mode 100644 index 432851a631..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/timeout.go +++ /dev/null @@ -1,310 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "bufio" - "encoding/json" - "fmt" - "net" - "net/http" - "runtime" - "sync" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/endpoints/metrics" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/endpoints/responsewriter" - "k8s.io/apiserver/pkg/server/httplog" -) - -// WithTimeoutForNonLongRunningRequests times out non-long-running requests after the time given by timeout. -func WithTimeoutForNonLongRunningRequests(handler http.Handler, longRunning apirequest.LongRunningRequestCheck) http.Handler { - if longRunning == nil { - return handler - } - timeoutFunc := func(req *http.Request) (*http.Request, bool, func(), *apierrors.StatusError) { - // TODO unify this with apiserver.MaxInFlightLimit - ctx := req.Context() - - requestInfo, ok := apirequest.RequestInfoFrom(ctx) - if !ok { - // if this happens, the handler chain isn't setup correctly because there is no request info - return req, false, func() {}, apierrors.NewInternalError(fmt.Errorf("no request info found for request during timeout")) - } - - if longRunning(req, requestInfo) { - return req, true, nil, nil - } - - postTimeoutFn := func() { - metrics.RecordRequestTermination(req, requestInfo, metrics.APIServerComponent, http.StatusGatewayTimeout) - } - return req, false, postTimeoutFn, apierrors.NewTimeoutError("request did not complete within the allotted timeout", 0) - } - return WithTimeout(handler, timeoutFunc) -} - -type timeoutFunc = func(*http.Request) (req *http.Request, longRunning bool, postTimeoutFunc func(), err *apierrors.StatusError) - -// WithTimeout returns an http.Handler that runs h with a timeout -// determined by timeoutFunc. The new http.Handler calls h.ServeHTTP to handle -// each request, but if a call runs for longer than its time limit, the -// handler responds with a 504 Gateway Timeout error and the message -// provided. (If msg is empty, a suitable default message will be sent.) After -// the handler times out, writes by h to its http.ResponseWriter will return -// http.ErrHandlerTimeout. If timeoutFunc returns a nil timeout channel, no -// timeout will be enforced. recordFn is a function that will be invoked whenever -// a timeout happens. -func WithTimeout(h http.Handler, timeoutFunc timeoutFunc) http.Handler { - return &timeoutHandler{h, timeoutFunc} -} - -type timeoutHandler struct { - handler http.Handler - timeout timeoutFunc -} - -func (t *timeoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - r, longRunning, postTimeoutFn, err := t.timeout(r) - if longRunning { - t.handler.ServeHTTP(w, r) - return - } - - timeoutCh := r.Context().Done() - - // resultCh is used as both errCh and stopCh - resultCh := make(chan interface{}) - var tw timeoutWriter - tw, w = newTimeoutWriter(w) - - // Make a copy of request and work on it in new goroutine - // to avoid race condition when accessing/modifying request (e.g. headers) - rCopy := r.Clone(r.Context()) - go func() { - defer func() { - err := recover() - // do not wrap the sentinel ErrAbortHandler panic value - if err != nil && err != http.ErrAbortHandler { - // Same as stdlib http server code. Manually allocate stack - // trace buffer size to prevent excessively large logs - const size = 64 << 10 - buf := make([]byte, size) - buf = buf[:runtime.Stack(buf, false)] - err = fmt.Sprintf("%v\n%s", err, buf) - } - resultCh <- err - }() - t.handler.ServeHTTP(w, rCopy) - }() - select { - case err := <-resultCh: - // panic if error occurs; stop otherwise - if err != nil { - panic(err) - } - return - case <-timeoutCh: - defer func() { - // resultCh needs to have a reader, since the function doing - // the work needs to send to it. This is defer'd to ensure it runs - // ever if the post timeout work itself panics. - go func() { - timedOutAt := time.Now() - res := <-resultCh - - status := metrics.PostTimeoutHandlerOK - if res != nil { - // a non nil res indicates that there was a panic. - status = metrics.PostTimeoutHandlerPanic - } - - metrics.RecordRequestPostTimeout(metrics.PostTimeoutSourceTimeoutHandler, status) - err := fmt.Errorf("post-timeout activity - time-elapsed: %s, %v %q result: %v", - time.Since(timedOutAt), r.Method, r.URL.Path, res) - utilruntime.HandleError(err) - }() - }() - httplog.SetStacktracePredicate(r.Context(), func(status int) bool { - return false - }) - defer postTimeoutFn() - tw.timeout(err) - } -} - -type timeoutWriter interface { - http.ResponseWriter - timeout(*apierrors.StatusError) -} - -func newTimeoutWriter(w http.ResponseWriter) (timeoutWriter, http.ResponseWriter) { - base := &baseTimeoutWriter{w: w, handlerHeaders: w.Header().Clone()} - wrapped := responsewriter.WrapForHTTP1Or2(base) - - return base, wrapped -} - -var _ http.ResponseWriter = &baseTimeoutWriter{} -var _ responsewriter.UserProvidedDecorator = &baseTimeoutWriter{} - -type baseTimeoutWriter struct { - w http.ResponseWriter - - // headers written by the normal handler - handlerHeaders http.Header - - mu sync.Mutex - // if the timeout handler has timeout - timedOut bool - // if this timeout writer has wrote header - wroteHeader bool - // if this timeout writer has been hijacked - hijacked bool -} - -func (tw *baseTimeoutWriter) Unwrap() http.ResponseWriter { - return tw.w -} - -func (tw *baseTimeoutWriter) Header() http.Header { - tw.mu.Lock() - defer tw.mu.Unlock() - - if tw.timedOut { - return http.Header{} - } - - return tw.handlerHeaders -} - -func (tw *baseTimeoutWriter) Write(p []byte) (int, error) { - tw.mu.Lock() - defer tw.mu.Unlock() - - if tw.timedOut { - return 0, http.ErrHandlerTimeout - } - if tw.hijacked { - return 0, http.ErrHijacked - } - - if !tw.wroteHeader { - copyHeaders(tw.w.Header(), tw.handlerHeaders) - tw.wroteHeader = true - } - return tw.w.Write(p) -} - -func (tw *baseTimeoutWriter) Flush() { - tw.mu.Lock() - defer tw.mu.Unlock() - - if tw.timedOut { - return - } - - // the outer ResponseWriter object returned by WrapForHTTP1Or2 implements - // http.Flusher if the inner object (tw.w) implements http.Flusher. - tw.w.(http.Flusher).Flush() -} - -func (tw *baseTimeoutWriter) WriteHeader(code int) { - tw.mu.Lock() - defer tw.mu.Unlock() - - if tw.timedOut || tw.wroteHeader || tw.hijacked { - return - } - - copyHeaders(tw.w.Header(), tw.handlerHeaders) - tw.wroteHeader = true - tw.w.WriteHeader(code) -} - -func copyHeaders(dst, src http.Header) { - for k, v := range src { - dst[k] = v - } -} - -func (tw *baseTimeoutWriter) timeout(err *apierrors.StatusError) { - tw.mu.Lock() - defer tw.mu.Unlock() - - tw.timedOut = true - - // The timeout writer has not been used by the inner handler. - // We can safely timeout the HTTP request by sending by a timeout - // handler - if !tw.wroteHeader && !tw.hijacked { - tw.w.WriteHeader(http.StatusGatewayTimeout) - enc := json.NewEncoder(tw.w) - enc.Encode(&err.ErrStatus) - } else { - // The timeout writer has been used by the inner handler. There is - // no way to timeout the HTTP request at the point. We have to shutdown - // the connection for HTTP1 or reset stream for HTTP2. - // - // Note from the golang's docs: - // If ServeHTTP panics, the server (the caller of ServeHTTP) assumes - // that the effect of the panic was isolated to the active request. - // It recovers the panic, logs a stack trace to the server error log, - // and either closes the network connection or sends an HTTP/2 - // RST_STREAM, depending on the HTTP protocol. To abort a handler so - // the client sees an interrupted response but the server doesn't log - // an error, panic with the value ErrAbortHandler. - // - // We are throwing http.ErrAbortHandler deliberately so that a client is notified and to suppress a not helpful stacktrace in the logs - panic(http.ErrAbortHandler) - } -} - -func (tw *baseTimeoutWriter) CloseNotify() <-chan bool { - tw.mu.Lock() - defer tw.mu.Unlock() - - if tw.timedOut { - done := make(chan bool) - close(done) - return done - } - - // the outer ResponseWriter object returned by WrapForHTTP1Or2 implements - // http.CloseNotifier if the inner object (tw.w) implements http.CloseNotifier. - return tw.w.(http.CloseNotifier).CloseNotify() -} - -func (tw *baseTimeoutWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { - tw.mu.Lock() - defer tw.mu.Unlock() - - if tw.timedOut { - return nil, nil, http.ErrHandlerTimeout - } - - // the outer ResponseWriter object returned by WrapForHTTP1Or2 implements - // http.Hijacker if the inner object (tw.w) implements http.Hijacker. - conn, rw, err := tw.w.(http.Hijacker).Hijack() - if err == nil { - tw.hijacked = true - } - return conn, rw, err -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/waitgroup.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/waitgroup.go deleted file mode 100644 index 70b32c7669..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/waitgroup.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "errors" - "fmt" - "net/http" - - "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - utilwaitgroup "k8s.io/apimachinery/pkg/util/waitgroup" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/client-go/kubernetes/scheme" -) - -// WithWaitGroup adds all non long-running requests to wait group, which is used for graceful shutdown. -func WithWaitGroup(handler http.Handler, longRunning apirequest.LongRunningRequestCheck, wg *utilwaitgroup.SafeWaitGroup) http.Handler { - // NOTE: both WithWaitGroup and WithRetryAfter must use the same exact isRequestExemptFunc 'isRequestExemptFromRetryAfter, - // otherwise SafeWaitGroup might wait indefinitely and will prevent the server from shutting down gracefully. - return withWaitGroup(handler, longRunning, wg, isRequestExemptFromRetryAfter) -} - -func withWaitGroup(handler http.Handler, longRunning apirequest.LongRunningRequestCheck, wg *utilwaitgroup.SafeWaitGroup, isRequestExemptFn isRequestExemptFunc) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - ctx := req.Context() - requestInfo, ok := apirequest.RequestInfoFrom(ctx) - if !ok { - // if this happens, the handler chain isn't setup correctly because there is no request info - responsewriters.InternalError(w, req, errors.New("no RequestInfo found in the context")) - return - } - - if longRunning(req, requestInfo) { - handler.ServeHTTP(w, req) - return - } - - if err := wg.Add(1); err != nil { - // shutdown delay duration has elapsed and SafeWaitGroup.Wait has been invoked, - // this means 'WithRetryAfter' has started sending Retry-After response. - // we are going to exempt the same set of requests that WithRetryAfter are - // exempting from being rejected with a Retry-After response. - if isRequestExemptFn(req) { - handler.ServeHTTP(w, req) - return - } - - // When apiserver is shutting down, signal clients to retry - // There is a good chance the client hit a different server, so a tight retry is good for client responsiveness. - w.Header().Add("Retry-After", "1") - w.Header().Set("Content-Type", runtime.ContentTypeJSON) - w.Header().Set("X-Content-Type-Options", "nosniff") - statusErr := apierrors.NewServiceUnavailable("apiserver is shutting down").Status() - w.WriteHeader(int(statusErr.Code)) - fmt.Fprintln(w, runtime.EncodeOrDie(scheme.Codecs.LegacyCodec(v1.SchemeGroupVersion), &statusErr)) - return - } - - defer wg.Done() - handler.ServeHTTP(w, req) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/with_not_ready_patch.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/with_not_ready_patch.go deleted file mode 100644 index 0915d8c661..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/with_not_ready_patch.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "errors" - "k8s.io/apiserver/pkg/warning" - "net/http" - - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/endpoints/request" -) - -const ( - // notReadyDebuggerGroup facilitates debugging if the apiserver takes longer - // to initilize. All request(s) from this designated group will be allowed - // while the apiserver is being initialized. - // The apiserver will reject all incoming requests with a 'Retry-After' - // response header until it has fully initialized, except for - // requests from this special debugger group. - notReadyDebuggerGroup = "system:openshift:risky-not-ready-microshift-debugging-group" -) - -// WithNotReady rejects any incoming new request(s) with a 'Retry-After' -// response if the specified hasBeenReadyCh channel is still open, with -// the following exceptions: -// - all request(s) from the designated debugger group is exempt, this -// helps debug the apiserver if it takes longer to initialize. -// - local loopback requests (this exempts system:apiserver) -// - /healthz, /livez, /readyz, /metrics are exempt -// -// It includes new request(s) on a new or an existing TCP connection -// Any new request(s) arriving before hasBeenreadyCh is closed -// are replied with a 503 and the following response headers: -// - 'Retry-After: N` (so client can retry after N seconds) -func WithNotReady(handler http.Handler, hasBeenReadyCh <-chan struct{}) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - select { - case <-hasBeenReadyCh: - handler.ServeHTTP(w, req) - return - default: - } - - requestor, exists := request.UserFrom(req.Context()) - if !exists { - responsewriters.InternalError(w, req, errors.New("no user found for request")) - return - } - - // make sure we exempt: - // - local loopback requests (this exempts system:apiserver) - // - health probes and metric scraping - // - requests from the exempt debugger group. - if requestor.GetName() == user.APIServerUser || - hasExemptPathPrefix(req) || - matchesDebuggerGroup(requestor, notReadyDebuggerGroup) { - warning.AddWarning(req.Context(), "", "The apiserver was still initializing, while this request was being served") - handler.ServeHTTP(w, req) - return - } - - // Return a 503 status asking the client to try again after 5 seconds - w.Header().Set("Retry-After", "5") - http.Error(w, "The apiserver hasn't been fully initialized yet, please try again later.", - http.StatusServiceUnavailable) - }) -} - -func matchesDebuggerGroup(requestor user.Info, debugger string) bool { - for _, group := range requestor.GetGroups() { - if group == debugger { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/with_retry_after.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/with_retry_after.go deleted file mode 100644 index c5e2daa8ed..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/with_retry_after.go +++ /dev/null @@ -1,130 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "net/http" - "strings" -) - -var ( - // health probes and metrics scraping are never rejected, we will continue - // serving these requests after shutdown delay duration elapses. - pathPrefixesExemptFromRetryAfter = []string{ - "/readyz", - "/livez", - "/healthz", - "/metrics", - } -) - -// isRequestExemptFunc returns true if the request should not be rejected, -// with a Retry-After response, otherwise it returns false. -type isRequestExemptFunc func(*http.Request) bool - -// retryAfterParams dictates how the Retry-After response is constructed -type retryAfterParams struct { - // TearDownConnection is true when we should send a 'Connection: close' - // header in the response so net/http can tear down the TCP connection. - TearDownConnection bool - - // Message describes why Retry-After response has been sent by the server - Message string -} - -// shouldRespondWithRetryAfterFunc returns true if the requests should -// be rejected with a Retry-After response once certain conditions are met. -// The retryAfterParams returned contains instructions on how to -// construct the Retry-After response. -type shouldRespondWithRetryAfterFunc func() (*retryAfterParams, bool) - -// WithRetryAfter rejects any incoming new request(s) with a 429 -// if the specified shutdownDelayDurationElapsedFn channel is closed -// -// It includes new request(s) on a new or an existing TCP connection -// Any new request(s) arriving after shutdownDelayDurationElapsedFn is closed -// are replied with a 429 and the following response headers: -// - 'Retry-After: N` (so client can retry after N seconds, hopefully on a new apiserver instance) -// - 'Connection: close': tear down the TCP connection -// -// TODO: is there a way to merge WithWaitGroup and this filter? -func WithRetryAfter(handler http.Handler, shutdownDelayDurationElapsedCh <-chan struct{}) http.Handler { - shutdownRetryAfterParams := &retryAfterParams{ - TearDownConnection: true, - Message: "The apiserver is shutting down, please try again later.", - } - - // NOTE: both WithRetryAfter and WithWaitGroup must use the same exact isRequestExemptFunc 'isRequestExemptFromRetryAfter, - // otherwise SafeWaitGroup might wait indefinitely and will prevent the server from shutting down gracefully. - return withRetryAfter(handler, isRequestExemptFromRetryAfter, func() (*retryAfterParams, bool) { - select { - case <-shutdownDelayDurationElapsedCh: - return shutdownRetryAfterParams, true - default: - return nil, false - } - }) -} - -func withRetryAfter(handler http.Handler, isRequestExemptFn isRequestExemptFunc, shouldRespondWithRetryAfterFn shouldRespondWithRetryAfterFunc) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - params, send := shouldRespondWithRetryAfterFn() - if !send || isRequestExemptFn(req) { - handler.ServeHTTP(w, req) - return - } - - // If we are here this means it's time to send Retry-After response - // - // Copied from net/http2 library - // "Connection" headers aren't allowed in HTTP/2 (RFC 7540, 8.1.2.2), - // but respect "Connection" == "close" to mean sending a GOAWAY and tearing - // down the TCP connection when idle, like we do for HTTP/1. - if params.TearDownConnection { - w.Header().Set("Connection", "close") - } - - // Return a 429 status asking the client to try again after 5 seconds - w.Header().Set("Retry-After", "5") - http.Error(w, params.Message, http.StatusTooManyRequests) - }) -} - -// isRequestExemptFromRetryAfter returns true if the given request should be exempt -// from being rejected with a 'Retry-After' response. -// NOTE: both 'WithRetryAfter' and 'WithWaitGroup' filters should use this function -// to exempt the set of requests from being rejected or tracked. -func isRequestExemptFromRetryAfter(r *http.Request) bool { - return isKubeApiserverUserAgent(r) || hasExemptPathPrefix(r) -} - -// isKubeApiserverUserAgent returns true if the user-agent matches -// the one set by the local loopback. -// NOTE: we can't look up the authenticated user informaion from the -// request context since the authentication filter has not executed yet. -func isKubeApiserverUserAgent(req *http.Request) bool { - return strings.HasPrefix(req.UserAgent(), "kube-apiserver/") -} - -func hasExemptPathPrefix(r *http.Request) bool { - for _, whiteListedPrefix := range pathPrefixesExemptFromRetryAfter { - if strings.HasPrefix(r.URL.Path, whiteListedPrefix) { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/wrap.go b/etcd/vendor/k8s.io/apiserver/pkg/server/filters/wrap.go deleted file mode 100644 index 528d643be8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/filters/wrap.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package filters - -import ( - "fmt" - "net/http" - - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/server/httplog" - "k8s.io/klog/v2" -) - -// WithPanicRecovery wraps an http Handler to recover and log panics (except in the special case of http.ErrAbortHandler panics, which suppress logging). -func WithPanicRecovery(handler http.Handler, resolver request.RequestInfoResolver) http.Handler { - return withPanicRecovery(handler, func(w http.ResponseWriter, req *http.Request, err interface{}) { - if err == http.ErrAbortHandler { - // Honor the http.ErrAbortHandler sentinel panic value - // - // If ServeHTTP panics, the server (the caller of ServeHTTP) assumes - // that the effect of the panic was isolated to the active request. - // It recovers the panic, logs a stack trace to the server error log, - // and either closes the network connection or sends an HTTP/2 - // RST_STREAM, depending on the HTTP protocol. To abort a handler so - // the client sees an interrupted response but the server doesn't log - // an error, panic with the value ErrAbortHandler. - // - // Note that HandleCrash function is actually crashing, after calling the handlers - if info, err := resolver.NewRequestInfo(req); err != nil { - metrics.RecordRequestAbort(req, nil) - } else { - metrics.RecordRequestAbort(req, info) - } - // This call can have different handlers, but the default chain rate limits. Call it after the metrics are updated - // in case the rate limit delays it. If you outrun the rate for this one timed out requests, something has gone - // seriously wrong with your server, but generally having a logging signal for timeouts is useful. - runtime.HandleError(fmt.Errorf("timeout or abort while handling: method=%v URI=%q audit-ID=%q", req.Method, req.RequestURI, audit.GetAuditIDTruncated(req.Context()))) - return - } - http.Error(w, "This request caused apiserver to panic. Look in the logs for details.", http.StatusInternalServerError) - klog.ErrorS(nil, "apiserver panic'd", "method", req.Method, "URI", req.RequestURI, "audit-ID", audit.GetAuditIDTruncated(req.Context())) - }) -} - -// WithHTTPLogging enables logging of incoming requests. -func WithHTTPLogging(handler http.Handler, isTerminating func() bool) http.Handler { - return httplog.WithLogging(handler, httplog.DefaultStacktracePred, isTerminating) -} - -func withPanicRecovery(handler http.Handler, crashHandler func(http.ResponseWriter, *http.Request, interface{})) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - defer runtime.HandleCrash(func(err interface{}) { - crashHandler(w, req, err) - }) - - // Dispatch to the internal handler - handler.ServeHTTP(w, req) - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/genericapiserver.go b/etcd/vendor/k8s.io/apiserver/pkg/server/genericapiserver.go deleted file mode 100644 index 01f7ec8d75..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/genericapiserver.go +++ /dev/null @@ -1,983 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "fmt" - "net/http" - "os" - gpath "path" - "strings" - "sync" - "time" - - systemd "github.com/coreos/go-systemd/v22/daemon" - - apidiscoveryv2beta1 "k8s.io/api/apidiscovery/v2beta1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/sets" - utilwaitgroup "k8s.io/apimachinery/pkg/util/waitgroup" - "k8s.io/apimachinery/pkg/version" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapi "k8s.io/apiserver/pkg/endpoints" - "k8s.io/apiserver/pkg/endpoints/discovery" - discoveryendpoint "k8s.io/apiserver/pkg/endpoints/discovery/aggregated" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/server/healthz" - "k8s.io/apiserver/pkg/server/routes" - "k8s.io/apiserver/pkg/storageversion" - utilfeature "k8s.io/apiserver/pkg/util/feature" - utilopenapi "k8s.io/apiserver/pkg/util/openapi" - restclient "k8s.io/client-go/rest" - "k8s.io/klog/v2" - openapibuilder2 "k8s.io/kube-openapi/pkg/builder" - openapicommon "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/handler" - "k8s.io/kube-openapi/pkg/handler3" - openapiutil "k8s.io/kube-openapi/pkg/util" - openapiproto "k8s.io/kube-openapi/pkg/util/proto" - "k8s.io/kube-openapi/pkg/validation/spec" - "k8s.io/utils/clock" -) - -// Info about an API group. -type APIGroupInfo struct { - PrioritizedVersions []schema.GroupVersion - // Info about the resources in this group. It's a map from version to resource to the storage. - VersionedResourcesStorageMap map[string]map[string]rest.Storage - // OptionsExternalVersion controls the APIVersion used for common objects in the - // schema like api.Status, api.DeleteOptions, and metav1.ListOptions. Other implementors may - // define a version "v1beta1" but want to use the Kubernetes "v1" internal objects. - // If nil, defaults to groupMeta.GroupVersion. - // TODO: Remove this when https://github.com/kubernetes/kubernetes/issues/19018 is fixed. - OptionsExternalVersion *schema.GroupVersion - // MetaGroupVersion defaults to "meta.k8s.io/v1" and is the scheme group version used to decode - // common API implementations like ListOptions. Future changes will allow this to vary by group - // version (for when the inevitable meta/v2 group emerges). - MetaGroupVersion *schema.GroupVersion - - // Scheme includes all of the types used by this group and how to convert between them (or - // to convert objects from outside of this group that are accepted in this API). - // TODO: replace with interfaces - Scheme *runtime.Scheme - // NegotiatedSerializer controls how this group encodes and decodes data - NegotiatedSerializer runtime.NegotiatedSerializer - // ParameterCodec performs conversions for query parameters passed to API calls - ParameterCodec runtime.ParameterCodec - - // StaticOpenAPISpec is the spec derived from the definitions of all resources installed together. - // It is set during InstallAPIGroups, InstallAPIGroup, and InstallLegacyAPIGroup. - StaticOpenAPISpec *spec.Swagger -} - -func (a *APIGroupInfo) destroyStorage() { - for _, stores := range a.VersionedResourcesStorageMap { - for _, store := range stores { - store.Destroy() - } - } -} - -// GenericAPIServer contains state for a Kubernetes cluster api server. -type GenericAPIServer struct { - // discoveryAddresses is used to build cluster IPs for discovery. - discoveryAddresses discovery.Addresses - - // LoopbackClientConfig is a config for a privileged loopback connection to the API server - LoopbackClientConfig *restclient.Config - - // minRequestTimeout is how short the request timeout can be. This is used to build the RESTHandler - minRequestTimeout time.Duration - - // ShutdownTimeout is the timeout used for server shutdown. This specifies the timeout before server - // gracefully shutdown returns. - ShutdownTimeout time.Duration - - // legacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests - // to InstallLegacyAPIGroup - legacyAPIGroupPrefixes sets.String - - // admissionControl is used to build the RESTStorage that backs an API Group. - admissionControl admission.Interface - - // SecureServingInfo holds configuration of the TLS server. - SecureServingInfo *SecureServingInfo - - // ExternalAddress is the address (hostname or IP and port) that should be used in - // external (public internet) URLs for this GenericAPIServer. - ExternalAddress string - - // Serializer controls how common API objects not in a group/version prefix are serialized for this server. - // Individual APIGroups may define their own serializers. - Serializer runtime.NegotiatedSerializer - - // "Outputs" - // Handler holds the handlers being used by this API server - Handler *APIServerHandler - - // listedPathProvider is a lister which provides the set of paths to show at / - listedPathProvider routes.ListedPathProvider - - // DiscoveryGroupManager serves /apis in an unaggregated form. - DiscoveryGroupManager discovery.GroupManager - - // AggregatedDiscoveryGroupManager serves /apis in an aggregated form. - AggregatedDiscoveryGroupManager discoveryendpoint.ResourceManager - - // AggregatedLegacyDiscoveryGroupManager serves /api in an aggregated form. - AggregatedLegacyDiscoveryGroupManager discoveryendpoint.ResourceManager - - // Enable swagger and/or OpenAPI if these configs are non-nil. - openAPIConfig *openapicommon.Config - - // Enable swagger and/or OpenAPI V3 if these configs are non-nil. - openAPIV3Config *openapicommon.Config - - // SkipOpenAPIInstallation indicates not to install the OpenAPI handler - // during PrepareRun. - // Set this to true when the specific API Server has its own OpenAPI handler - // (e.g. kube-aggregator) - skipOpenAPIInstallation bool - - // OpenAPIVersionedService controls the /openapi/v2 endpoint, and can be used to update the served spec. - // It is set during PrepareRun if `openAPIConfig` is non-nil unless `skipOpenAPIInstallation` is true. - OpenAPIVersionedService *handler.OpenAPIService - - // OpenAPIV3VersionedService controls the /openapi/v3 endpoint and can be used to update the served spec. - // It is set during PrepareRun if `openAPIConfig` is non-nil unless `skipOpenAPIInstallation` is true. - OpenAPIV3VersionedService *handler3.OpenAPIService - - // StaticOpenAPISpec is the spec derived from the restful container endpoints. - // It is set during PrepareRun. - StaticOpenAPISpec *spec.Swagger - - // PostStartHooks are each called after the server has started listening, in a separate go func for each - // with no guarantee of ordering between them. The map key is a name used for error reporting. - // It may kill the process with a panic if it wishes to by returning an error. - postStartHookLock sync.Mutex - postStartHooks map[string]postStartHookEntry - postStartHooksCalled bool - disabledPostStartHooks sets.String - - preShutdownHookLock sync.Mutex - preShutdownHooks map[string]preShutdownHookEntry - preShutdownHooksCalled bool - - // healthz checks - healthzLock sync.Mutex - healthzChecks []healthz.HealthChecker - healthzChecksInstalled bool - // livez checks - livezLock sync.Mutex - livezChecks []healthz.HealthChecker - livezChecksInstalled bool - // readyz checks - readyzLock sync.Mutex - readyzChecks []healthz.HealthChecker - readyzChecksInstalled bool - livezGracePeriod time.Duration - livezClock clock.Clock - - // auditing. The backend is started before the server starts listening. - AuditBackend audit.Backend - - // Authorizer determines whether a user is allowed to make a certain request. The Handler does a preliminary - // authorization check using the request URI but it may be necessary to make additional checks, such as in - // the create-on-update case - Authorizer authorizer.Authorizer - - // EquivalentResourceRegistry provides information about resources equivalent to a given resource, - // and the kind associated with a given resource. As resources are installed, they are registered here. - EquivalentResourceRegistry runtime.EquivalentResourceRegistry - - // delegationTarget is the next delegate in the chain. This is never nil. - delegationTarget DelegationTarget - - // HandlerChainWaitGroup allows you to wait for all chain handlers finish after the server shutdown. - HandlerChainWaitGroup *utilwaitgroup.SafeWaitGroup - - // ShutdownDelayDuration allows to block shutdown for some time, e.g. until endpoints pointing to this API server - // have converged on all node. During this time, the API server keeps serving, /healthz will return 200, - // but /readyz will return failure. - ShutdownDelayDuration time.Duration - - // The limit on the request body size that would be accepted and decoded in a write request. - // 0 means no limit. - maxRequestBodyBytes int64 - - // APIServerID is the ID of this API server - APIServerID string - - // StorageVersionManager holds the storage versions of the API resources installed by this server. - StorageVersionManager storageversion.Manager - - // Version will enable the /version endpoint if non-nil - Version *version.Info - - // lifecycleSignals provides access to the various signals that happen during the life cycle of the apiserver. - lifecycleSignals lifecycleSignals - - // destroyFns contains a list of functions that should be called on shutdown to clean up resources. - destroyFns []func() - - // muxAndDiscoveryCompleteSignals holds signals that indicate all known HTTP paths have been registered. - // it exists primarily to avoid returning a 404 response when a resource actually exists but we haven't installed the path to a handler. - // it is exposed for easier composition of the individual servers. - // the primary users of this field are the WithMuxCompleteProtection filter and the NotFoundHandler - muxAndDiscoveryCompleteSignals map[string]<-chan struct{} - - // ShutdownSendRetryAfter dictates when to initiate shutdown of the HTTP - // Server during the graceful termination of the apiserver. If true, we wait - // for non longrunning requests in flight to be drained and then initiate a - // shutdown of the HTTP Server. If false, we initiate a shutdown of the HTTP - // Server as soon as ShutdownDelayDuration has elapsed. - // If enabled, after ShutdownDelayDuration elapses, any incoming request is - // rejected with a 429 status code and a 'Retry-After' response. - ShutdownSendRetryAfter bool - - // EventSink creates events. - eventSink EventSink - eventRef *corev1.ObjectReference -} - -// DelegationTarget is an interface which allows for composition of API servers with top level handling that works -// as expected. -type DelegationTarget interface { - // UnprotectedHandler returns a handler that is NOT protected by a normal chain - UnprotectedHandler() http.Handler - - // PostStartHooks returns the post-start hooks that need to be combined - PostStartHooks() map[string]postStartHookEntry - - // PreShutdownHooks returns the pre-stop hooks that need to be combined - PreShutdownHooks() map[string]preShutdownHookEntry - - // HealthzChecks returns the healthz checks that need to be combined - HealthzChecks() []healthz.HealthChecker - - // ListedPaths returns the paths for supporting an index - ListedPaths() []string - - // NextDelegate returns the next delegationTarget in the chain of delegations - NextDelegate() DelegationTarget - - // PrepareRun does post API installation setup steps. It calls recursively the same function of the delegates. - PrepareRun() preparedGenericAPIServer - - // MuxAndDiscoveryCompleteSignals exposes registered signals that indicate if all known HTTP paths have been installed. - MuxAndDiscoveryCompleteSignals() map[string]<-chan struct{} - - // Destroy cleans up its resources on shutdown. - // Destroy has to be implemented in thread-safe way and be prepared - // for being called more than once. - Destroy() -} - -func (s *GenericAPIServer) UnprotectedHandler() http.Handler { - // when we delegate, we need the server we're delegating to choose whether or not to use gorestful - return s.Handler.Director -} -func (s *GenericAPIServer) PostStartHooks() map[string]postStartHookEntry { - return s.postStartHooks -} -func (s *GenericAPIServer) PreShutdownHooks() map[string]preShutdownHookEntry { - return s.preShutdownHooks -} -func (s *GenericAPIServer) HealthzChecks() []healthz.HealthChecker { - return s.healthzChecks -} -func (s *GenericAPIServer) ListedPaths() []string { - return s.listedPathProvider.ListedPaths() -} - -func (s *GenericAPIServer) NextDelegate() DelegationTarget { - return s.delegationTarget -} - -// RegisterMuxAndDiscoveryCompleteSignal registers the given signal that will be used to determine if all known -// HTTP paths have been registered. It is okay to call this method after instantiating the generic server but before running. -func (s *GenericAPIServer) RegisterMuxAndDiscoveryCompleteSignal(signalName string, signal <-chan struct{}) error { - if _, exists := s.muxAndDiscoveryCompleteSignals[signalName]; exists { - return fmt.Errorf("%s already registered", signalName) - } - s.muxAndDiscoveryCompleteSignals[signalName] = signal - return nil -} - -func (s *GenericAPIServer) MuxAndDiscoveryCompleteSignals() map[string]<-chan struct{} { - return s.muxAndDiscoveryCompleteSignals -} - -// RegisterDestroyFunc registers a function that will be called during Destroy(). -// The function have to be idempotent and prepared to be called more than once. -func (s *GenericAPIServer) RegisterDestroyFunc(destroyFn func()) { - s.destroyFns = append(s.destroyFns, destroyFn) -} - -// Destroy cleans up all its and its delegation target resources on shutdown. -// It starts with destroying its own resources and later proceeds with -// its delegation target. -func (s *GenericAPIServer) Destroy() { - for _, destroyFn := range s.destroyFns { - destroyFn() - } - if s.delegationTarget != nil { - s.delegationTarget.Destroy() - } -} - -type emptyDelegate struct { - // handler is called at the end of the delegation chain - // when a request has been made against an unregistered HTTP path the individual servers will simply pass it through until it reaches the handler. - handler http.Handler -} - -func NewEmptyDelegate() DelegationTarget { - return emptyDelegate{} -} - -// NewEmptyDelegateWithCustomHandler allows for registering a custom handler usually for special handling of 404 requests -func NewEmptyDelegateWithCustomHandler(handler http.Handler) DelegationTarget { - return emptyDelegate{handler} -} - -func (s emptyDelegate) UnprotectedHandler() http.Handler { - return s.handler -} -func (s emptyDelegate) PostStartHooks() map[string]postStartHookEntry { - return map[string]postStartHookEntry{} -} -func (s emptyDelegate) PreShutdownHooks() map[string]preShutdownHookEntry { - return map[string]preShutdownHookEntry{} -} -func (s emptyDelegate) HealthzChecks() []healthz.HealthChecker { - return []healthz.HealthChecker{} -} -func (s emptyDelegate) ListedPaths() []string { - return []string{} -} -func (s emptyDelegate) NextDelegate() DelegationTarget { - return nil -} -func (s emptyDelegate) PrepareRun() preparedGenericAPIServer { - return preparedGenericAPIServer{nil} -} -func (s emptyDelegate) MuxAndDiscoveryCompleteSignals() map[string]<-chan struct{} { - return map[string]<-chan struct{}{} -} -func (s emptyDelegate) Destroy() { -} - -// preparedGenericAPIServer is a private wrapper that enforces a call of PrepareRun() before Run can be invoked. -type preparedGenericAPIServer struct { - *GenericAPIServer -} - -// PrepareRun does post API installation setup steps. It calls recursively the same function of the delegates. -func (s *GenericAPIServer) PrepareRun() preparedGenericAPIServer { - s.delegationTarget.PrepareRun() - - if s.openAPIConfig != nil && !s.skipOpenAPIInstallation { - s.OpenAPIVersionedService, s.StaticOpenAPISpec = routes.OpenAPI{ - Config: s.openAPIConfig, - }.InstallV2(s.Handler.GoRestfulContainer, s.Handler.NonGoRestfulMux) - } - - if s.openAPIV3Config != nil && !s.skipOpenAPIInstallation { - if utilfeature.DefaultFeatureGate.Enabled(features.OpenAPIV3) { - s.OpenAPIV3VersionedService = routes.OpenAPI{ - Config: s.openAPIV3Config, - }.InstallV3(s.Handler.GoRestfulContainer, s.Handler.NonGoRestfulMux) - } - } - - s.installHealthz() - s.installLivez() - - // as soon as shutdown is initiated, readiness should start failing - readinessStopCh := s.lifecycleSignals.ShutdownInitiated.Signaled() - err := s.addReadyzShutdownCheck(readinessStopCh) - if err != nil { - klog.Errorf("Failed to install readyz shutdown check %s", err) - } - s.installReadyz() - - return preparedGenericAPIServer{s} -} - -// Run spawns the secure http server. It only returns if stopCh is closed -// or the secure port cannot be listened on initially. -// This is the diagram of what channels/signals are dependent on each other: -// -// | stopCh -// | | -// | --------------------------------------------------------- -// | | | -// | ShutdownInitiated (shutdownInitiatedCh) | -// | | | -// | (ShutdownDelayDuration) (PreShutdownHooks) -// | | | -// | AfterShutdownDelayDuration (delayedStopCh) PreShutdownHooksStopped (preShutdownHooksHasStoppedCh) -// | | | -// | |-------------------------------------------------------| -// | | -// | | -// | NotAcceptingNewRequest (notAcceptingNewRequestCh) -// | | -// | | -// | |---------------------------------------------------------| -// | | | | | -// | [without [with | | -// | ShutdownSendRetryAfter] ShutdownSendRetryAfter] | | -// | | | | | -// | | ---------------| | -// | | | | -// | | (HandlerChainWaitGroup::Wait) | -// | | | | -// | | InFlightRequestsDrained (drainedCh) | -// | | | | -// | ----------------------------------------|-----------------| -// | | | -// | stopHttpServerCh (AuditBackend::Shutdown()) -// | | -// | listenerStoppedCh -// | | -// | HTTPServerStoppedListening (httpServerStoppedListeningCh) -func (s preparedGenericAPIServer) Run(stopCh <-chan struct{}) error { - delayedStopCh := s.lifecycleSignals.AfterShutdownDelayDuration - shutdownInitiatedCh := s.lifecycleSignals.ShutdownInitiated - - // Clean up resources on shutdown. - defer s.Destroy() - - // spawn a new goroutine for closing the MuxAndDiscoveryComplete signal - // registration happens during construction of the generic api server - // the last server in the chain aggregates signals from the previous instances - go func() { - for _, muxAndDiscoveryCompletedSignal := range s.GenericAPIServer.MuxAndDiscoveryCompleteSignals() { - select { - case <-muxAndDiscoveryCompletedSignal: - continue - case <-stopCh: - klog.V(1).Infof("haven't completed %s, stop requested", s.lifecycleSignals.MuxAndDiscoveryComplete.Name()) - return - } - } - s.lifecycleSignals.MuxAndDiscoveryComplete.Signal() - klog.V(1).Infof("%s has all endpoints registered and discovery information is complete", s.lifecycleSignals.MuxAndDiscoveryComplete.Name()) - }() - - go func() { - defer delayedStopCh.Signal() - defer func() { - klog.V(1).InfoS("[graceful-termination] shutdown event", "name", delayedStopCh.Name()) - s.Eventf(corev1.EventTypeNormal, delayedStopCh.Name(), "The minimal shutdown duration of %v finished", s.ShutdownDelayDuration) - }() - - <-stopCh - - // As soon as shutdown is initiated, /readyz should start returning failure. - // This gives the load balancer a window defined by ShutdownDelayDuration to detect that /readyz is red - // and stop sending traffic to this server. - shutdownInitiatedCh.Signal() - klog.V(1).InfoS("[graceful-termination] shutdown event", "name", shutdownInitiatedCh.Name()) - s.Eventf(corev1.EventTypeNormal, shutdownInitiatedCh.Name(), "Received signal to terminate, becoming unready, but keeping serving") - - time.Sleep(s.ShutdownDelayDuration) - }() - - lateStopCh := make(chan struct{}) - if s.ShutdownDelayDuration > 0 { - go func() { - defer close(lateStopCh) - - <-stopCh - - time.Sleep(s.ShutdownDelayDuration * 8 / 10) - }() - } - - s.SecureServingInfo.Listener = &terminationLoggingListener{ - Listener: s.SecureServingInfo.Listener, - lateStopCh: lateStopCh, - } - unexpectedRequestsEventf.Store(s.Eventf) - - // close socket after delayed stopCh - shutdownTimeout := s.ShutdownTimeout - if s.ShutdownSendRetryAfter { - // when this mode is enabled, we do the following: - // - the server will continue to listen until all existing requests in flight - // (not including active long running requests) have been drained. - // - once drained, http Server Shutdown is invoked with a timeout of 2s, - // net/http waits for 1s for the peer to respond to a GO_AWAY frame, so - // we should wait for a minimum of 2s - shutdownTimeout = 2 * time.Second - klog.V(1).InfoS("[graceful-termination] using HTTP Server shutdown timeout", "ShutdownTimeout", shutdownTimeout) - } - - notAcceptingNewRequestCh := s.lifecycleSignals.NotAcceptingNewRequest - drainedCh := s.lifecycleSignals.InFlightRequestsDrained - stopHttpServerCh := make(chan struct{}) - go func() { - defer close(stopHttpServerCh) - - timeToStopHttpServerCh := notAcceptingNewRequestCh.Signaled() - if s.ShutdownSendRetryAfter { - timeToStopHttpServerCh = drainedCh.Signaled() - } - - <-timeToStopHttpServerCh - }() - - // Start the audit backend before any request comes in. This means we must call Backend.Run - // before http server start serving. Otherwise the Backend.ProcessEvents call might block. - // AuditBackend.Run will stop as soon as all in-flight requests are drained. - if s.AuditBackend != nil { - if err := s.AuditBackend.Run(drainedCh.Signaled()); err != nil { - return fmt.Errorf("failed to run the audit backend: %v", err) - } - } - - stoppedCh, listenerStoppedCh, err := s.NonBlockingRun(stopHttpServerCh, shutdownTimeout) - if err != nil { - return err - } - - httpServerStoppedListeningCh := s.lifecycleSignals.HTTPServerStoppedListening - go func() { - <-listenerStoppedCh - httpServerStoppedListeningCh.Signal() - klog.V(1).InfoS("[graceful-termination] shutdown event", "name", httpServerStoppedListeningCh.Name()) - s.Eventf(corev1.EventTypeNormal, httpServerStoppedListeningCh.Name(), "HTTP Server has stopped listening") - }() - - // we don't accept new request as soon as both ShutdownDelayDuration has - // elapsed and preshutdown hooks have completed. - preShutdownHooksHasStoppedCh := s.lifecycleSignals.PreShutdownHooksStopped - go func() { - defer func() { - klog.V(1).InfoS("[graceful-termination] shutdown event", "name", notAcceptingNewRequestCh.Name()) - s.Eventf(corev1.EventTypeNormal, drainedCh.Name(), "All non long-running request(s) in-flight have drained") - }() - defer notAcceptingNewRequestCh.Signal() - - // wait for the delayed stopCh before closing the handler chain - <-delayedStopCh.Signaled() - - // Additionally wait for preshutdown hooks to also be finished, as some of them need - // to send API calls to clean up after themselves (e.g. lease reconcilers removing - // itself from the active servers). - <-preShutdownHooksHasStoppedCh.Signaled() - }() - - go func() { - defer klog.V(1).InfoS("[graceful-termination] shutdown event", "name", drainedCh.Name()) - defer drainedCh.Signal() - - // wait for the delayed stopCh before closing the handler chain (it rejects everything after Wait has been called). - <-notAcceptingNewRequestCh.Signaled() - - // Wait for all requests to finish, which are bounded by the RequestTimeout variable. - // once HandlerChainWaitGroup.Wait is invoked, the apiserver is - // expected to reject any incoming request with a {503, Retry-After} - // response via the WithWaitGroup filter. On the contrary, we observe - // that incoming request(s) get a 'connection refused' error, this is - // because, at this point, we have called 'Server.Shutdown' and - // net/http server has stopped listening. This causes incoming - // request to get a 'connection refused' error. - // On the other hand, if 'ShutdownSendRetryAfter' is enabled incoming - // requests will be rejected with a {429, Retry-After} since - // 'Server.Shutdown' will be invoked only after in-flight requests - // have been drained. - // TODO: can we consolidate these two modes of graceful termination? - s.HandlerChainWaitGroup.Wait() - }() - - klog.V(1).Info("[graceful-termination] waiting for shutdown to be initiated") - <-stopCh - - // run shutdown hooks directly. This includes deregistering from - // the kubernetes endpoint in case of kube-apiserver. - func() { - defer func() { - preShutdownHooksHasStoppedCh.Signal() - klog.V(1).InfoS("[graceful-termination] pre-shutdown hooks completed", "name", preShutdownHooksHasStoppedCh.Name()) - s.Eventf(corev1.EventTypeNormal, "TerminationPreShutdownHooksFinished", "All pre-shutdown hooks have been finished") - }() - err = s.RunPreShutdownHooks() - }() - if err != nil { - return err - } - - // Wait for all requests in flight to drain, bounded by the RequestTimeout variable. - <-drainedCh.Signaled() - - if s.AuditBackend != nil { - s.AuditBackend.Shutdown() - klog.V(1).InfoS("[graceful-termination] audit backend shutdown completed") - } - - // wait for stoppedCh that is closed when the graceful termination (server.Shutdown) is finished. - <-listenerStoppedCh - <-stoppedCh - - klog.V(1).Info("[graceful-termination] apiserver is exiting") - s.Eventf(corev1.EventTypeNormal, "TerminationGracefulTerminationFinished", "All pending requests processed") - - return nil -} - -// NonBlockingRun spawns the secure http server. An error is -// returned if the secure port cannot be listened on. -// The returned channel is closed when the (asynchronous) termination is finished. -func (s preparedGenericAPIServer) NonBlockingRun(stopCh <-chan struct{}, shutdownTimeout time.Duration) (<-chan struct{}, <-chan struct{}, error) { - // Use an internal stop channel to allow cleanup of the listeners on error. - internalStopCh := make(chan struct{}) - var stoppedCh <-chan struct{} - var listenerStoppedCh <-chan struct{} - if s.SecureServingInfo != nil && s.Handler != nil { - var err error - stoppedCh, listenerStoppedCh, err = s.SecureServingInfo.Serve(s.Handler, shutdownTimeout, internalStopCh) - if err != nil { - close(internalStopCh) - return nil, nil, err - } - } - - // Now that listener have bound successfully, it is the - // responsibility of the caller to close the provided channel to - // ensure cleanup. - go func() { - <-stopCh - close(internalStopCh) - }() - - s.RunPostStartHooks(stopCh) - - if _, err := systemd.SdNotify(true, "READY=1\n"); err != nil { - klog.Errorf("Unable to send systemd daemon successful start message: %v\n", err) - } - - return stoppedCh, listenerStoppedCh, nil -} - -// installAPIResources is a private method for installing the REST storage backing each api groupversionresource -func (s *GenericAPIServer) installAPIResources(apiPrefix string, apiGroupInfo *APIGroupInfo, openAPIModels openapiproto.Models) error { - var resourceInfos []*storageversion.ResourceInfo - for _, groupVersion := range apiGroupInfo.PrioritizedVersions { - if len(apiGroupInfo.VersionedResourcesStorageMap[groupVersion.Version]) == 0 { - klog.Warningf("Skipping API %v because it has no resources.", groupVersion) - continue - } - - apiGroupVersion, err := s.getAPIGroupVersion(apiGroupInfo, groupVersion, apiPrefix) - if err != nil { - return err - } - if apiGroupInfo.OptionsExternalVersion != nil { - apiGroupVersion.OptionsExternalVersion = apiGroupInfo.OptionsExternalVersion - } - apiGroupVersion.OpenAPIModels = openAPIModels - - if openAPIModels != nil { - typeConverter, err := fieldmanager.NewTypeConverter(openAPIModels, false) - if err != nil { - return err - } - apiGroupVersion.TypeConverter = typeConverter - } - - apiGroupVersion.MaxRequestBodyBytes = s.maxRequestBodyBytes - - discoveryAPIResources, r, err := apiGroupVersion.InstallREST(s.Handler.GoRestfulContainer) - - if err != nil { - return fmt.Errorf("unable to setup API %v: %v", apiGroupInfo, err) - } - resourceInfos = append(resourceInfos, r...) - - if utilfeature.DefaultFeatureGate.Enabled(features.AggregatedDiscoveryEndpoint) { - // Aggregated discovery only aggregates resources under /apis - if apiPrefix == APIGroupPrefix { - s.AggregatedDiscoveryGroupManager.AddGroupVersion( - groupVersion.Group, - apidiscoveryv2beta1.APIVersionDiscovery{ - Version: groupVersion.Version, - Resources: discoveryAPIResources, - }, - ) - } else { - // There is only one group version for legacy resources, priority can be defaulted to 0. - s.AggregatedLegacyDiscoveryGroupManager.AddGroupVersion( - groupVersion.Group, - apidiscoveryv2beta1.APIVersionDiscovery{ - Version: groupVersion.Version, - Resources: discoveryAPIResources, - }, - ) - } - } - - } - - s.RegisterDestroyFunc(apiGroupInfo.destroyStorage) - - if utilfeature.DefaultFeatureGate.Enabled(features.StorageVersionAPI) && - utilfeature.DefaultFeatureGate.Enabled(features.APIServerIdentity) { - // API installation happens before we start listening on the handlers, - // therefore it is safe to register ResourceInfos here. The handler will block - // write requests until the storage versions of the targeting resources are updated. - s.StorageVersionManager.AddResourceInfo(resourceInfos...) - } - - return nil -} - -// InstallLegacyAPIGroup exposes the given legacy api group in the API. -// The <apiGroupInfo> passed into this function shouldn't be used elsewhere as the -// underlying storage will be destroyed on this servers shutdown. -func (s *GenericAPIServer) InstallLegacyAPIGroup(apiPrefix string, apiGroupInfo *APIGroupInfo) error { - if !s.legacyAPIGroupPrefixes.Has(apiPrefix) { - return fmt.Errorf("%q is not in the allowed legacy API prefixes: %v", apiPrefix, s.legacyAPIGroupPrefixes.List()) - } - - openAPIModels, err := s.getOpenAPIModels(apiPrefix, apiGroupInfo) - if err != nil { - return fmt.Errorf("unable to get openapi models: %v", err) - } - - if err := s.installAPIResources(apiPrefix, apiGroupInfo, openAPIModels); err != nil { - return err - } - - // Install the version handler. - // Add a handler at /<apiPrefix> to enumerate the supported api versions. - legacyRootAPIHandler := discovery.NewLegacyRootAPIHandler(s.discoveryAddresses, s.Serializer, apiPrefix) - if utilfeature.DefaultFeatureGate.Enabled(features.AggregatedDiscoveryEndpoint) { - wrapped := discoveryendpoint.WrapAggregatedDiscoveryToHandler(legacyRootAPIHandler, s.AggregatedLegacyDiscoveryGroupManager) - s.Handler.GoRestfulContainer.Add(wrapped.GenerateWebService("/api", metav1.APIVersions{})) - } else { - s.Handler.GoRestfulContainer.Add(legacyRootAPIHandler.WebService()) - } - - return nil -} - -// InstallAPIGroups exposes given api groups in the API. -// The <apiGroupInfos> passed into this function shouldn't be used elsewhere as the -// underlying storage will be destroyed on this servers shutdown. -func (s *GenericAPIServer) InstallAPIGroups(apiGroupInfos ...*APIGroupInfo) error { - for _, apiGroupInfo := range apiGroupInfos { - // Do not register empty group or empty version. Doing so claims /apis/ for the wrong entity to be returned. - // Catching these here places the error much closer to its origin - if len(apiGroupInfo.PrioritizedVersions[0].Group) == 0 { - return fmt.Errorf("cannot register handler with an empty group for %#v", *apiGroupInfo) - } - if len(apiGroupInfo.PrioritizedVersions[0].Version) == 0 { - return fmt.Errorf("cannot register handler with an empty version for %#v", *apiGroupInfo) - } - } - - openAPIModels, err := s.getOpenAPIModels(APIGroupPrefix, apiGroupInfos...) - if err != nil { - return fmt.Errorf("unable to get openapi models: %v", err) - } - - for _, apiGroupInfo := range apiGroupInfos { - if err := s.installAPIResources(APIGroupPrefix, apiGroupInfo, openAPIModels); err != nil { - return fmt.Errorf("unable to install api resources: %v", err) - } - - // setup discovery - // Install the version handler. - // Add a handler at /apis/<groupName> to enumerate all versions supported by this group. - apiVersionsForDiscovery := []metav1.GroupVersionForDiscovery{} - for _, groupVersion := range apiGroupInfo.PrioritizedVersions { - // Check the config to make sure that we elide versions that don't have any resources - if len(apiGroupInfo.VersionedResourcesStorageMap[groupVersion.Version]) == 0 { - continue - } - apiVersionsForDiscovery = append(apiVersionsForDiscovery, metav1.GroupVersionForDiscovery{ - GroupVersion: groupVersion.String(), - Version: groupVersion.Version, - }) - } - preferredVersionForDiscovery := metav1.GroupVersionForDiscovery{ - GroupVersion: apiGroupInfo.PrioritizedVersions[0].String(), - Version: apiGroupInfo.PrioritizedVersions[0].Version, - } - apiGroup := metav1.APIGroup{ - Name: apiGroupInfo.PrioritizedVersions[0].Group, - Versions: apiVersionsForDiscovery, - PreferredVersion: preferredVersionForDiscovery, - } - - s.DiscoveryGroupManager.AddGroup(apiGroup) - s.Handler.GoRestfulContainer.Add(discovery.NewAPIGroupHandler(s.Serializer, apiGroup).WebService()) - } - return nil -} - -// InstallAPIGroup exposes the given api group in the API. -// The <apiGroupInfo> passed into this function shouldn't be used elsewhere as the -// underlying storage will be destroyed on this servers shutdown. -func (s *GenericAPIServer) InstallAPIGroup(apiGroupInfo *APIGroupInfo) error { - return s.InstallAPIGroups(apiGroupInfo) -} - -func (s *GenericAPIServer) getAPIGroupVersion(apiGroupInfo *APIGroupInfo, groupVersion schema.GroupVersion, apiPrefix string) (*genericapi.APIGroupVersion, error) { - storage := make(map[string]rest.Storage) - for k, v := range apiGroupInfo.VersionedResourcesStorageMap[groupVersion.Version] { - if strings.ToLower(k) != k { - return nil, fmt.Errorf("resource names must be lowercase only, not %q", k) - } - storage[k] = v - } - version := s.newAPIGroupVersion(apiGroupInfo, groupVersion) - version.Root = apiPrefix - version.Storage = storage - return version, nil -} - -func (s *GenericAPIServer) newAPIGroupVersion(apiGroupInfo *APIGroupInfo, groupVersion schema.GroupVersion) *genericapi.APIGroupVersion { - return &genericapi.APIGroupVersion{ - GroupVersion: groupVersion, - MetaGroupVersion: apiGroupInfo.MetaGroupVersion, - - ParameterCodec: apiGroupInfo.ParameterCodec, - Serializer: apiGroupInfo.NegotiatedSerializer, - Creater: apiGroupInfo.Scheme, - Convertor: apiGroupInfo.Scheme, - ConvertabilityChecker: apiGroupInfo.Scheme, - UnsafeConvertor: runtime.UnsafeObjectConvertor(apiGroupInfo.Scheme), - Defaulter: apiGroupInfo.Scheme, - Typer: apiGroupInfo.Scheme, - Namer: runtime.Namer(meta.NewAccessor()), - - EquivalentResourceRegistry: s.EquivalentResourceRegistry, - - Admit: s.admissionControl, - MinRequestTimeout: s.minRequestTimeout, - Authorizer: s.Authorizer, - } -} - -// NewDefaultAPIGroupInfo returns an APIGroupInfo stubbed with "normal" values -// exposed for easier composition from other packages -func NewDefaultAPIGroupInfo(group string, scheme *runtime.Scheme, parameterCodec runtime.ParameterCodec, codecs serializer.CodecFactory) APIGroupInfo { - return APIGroupInfo{ - PrioritizedVersions: scheme.PrioritizedVersionsForGroup(group), - VersionedResourcesStorageMap: map[string]map[string]rest.Storage{}, - // TODO unhardcode this. It was hardcoded before, but we need to re-evaluate - OptionsExternalVersion: &schema.GroupVersion{Version: "v1"}, - Scheme: scheme, - ParameterCodec: parameterCodec, - NegotiatedSerializer: codecs, - } -} - -// getOpenAPIModels is a private method for getting the OpenAPI models -func (s *GenericAPIServer) getOpenAPIModels(apiPrefix string, apiGroupInfos ...*APIGroupInfo) (openapiproto.Models, error) { - if s.openAPIConfig == nil { - return nil, nil - } - pathsToIgnore := openapiutil.NewTrie(s.openAPIConfig.IgnorePrefixes) - resourceNames := make([]string, 0) - for _, apiGroupInfo := range apiGroupInfos { - groupResources, err := getResourceNamesForGroup(apiPrefix, apiGroupInfo, pathsToIgnore) - if err != nil { - return nil, err - } - resourceNames = append(resourceNames, groupResources...) - } - - // Build the openapi definitions for those resources and convert it to proto models - openAPISpec, err := openapibuilder2.BuildOpenAPIDefinitionsForResources(s.openAPIConfig, resourceNames...) - if err != nil { - return nil, err - } - for _, apiGroupInfo := range apiGroupInfos { - apiGroupInfo.StaticOpenAPISpec = openAPISpec - } - return utilopenapi.ToProtoModels(openAPISpec) -} - -// getResourceNamesForGroup is a private method for getting the canonical names for each resource to build in an api group -func getResourceNamesForGroup(apiPrefix string, apiGroupInfo *APIGroupInfo, pathsToIgnore openapiutil.Trie) ([]string, error) { - // Get the canonical names of every resource we need to build in this api group - resourceNames := make([]string, 0) - for _, groupVersion := range apiGroupInfo.PrioritizedVersions { - for resource, storage := range apiGroupInfo.VersionedResourcesStorageMap[groupVersion.Version] { - path := gpath.Join(apiPrefix, groupVersion.Group, groupVersion.Version, resource) - if !pathsToIgnore.HasPrefix(path) { - kind, err := genericapi.GetResourceKind(groupVersion, storage, apiGroupInfo.Scheme) - if err != nil { - return nil, err - } - sampleObject, err := apiGroupInfo.Scheme.New(kind) - if err != nil { - return nil, err - } - name := openapiutil.GetCanonicalTypeName(sampleObject) - resourceNames = append(resourceNames, name) - } - } - } - - return resourceNames, nil -} - -// Eventf creates an event with the API server as source, either in default namespace against default namespace, or -// if POD_NAME/NAMESPACE are set against that pod. -func (s *GenericAPIServer) Eventf(eventType, reason, messageFmt string, args ...interface{}) { - t := metav1.Time{Time: time.Now()} - host, _ := os.Hostname() // expicitly ignore error. Empty host is fine - - ref := *s.eventRef - if len(ref.Namespace) == 0 { - ref.Namespace = "default" // TODO: event broadcaster sets event ns to default. We have to match. Odd. - } - - e := &corev1.Event{ - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%v.%x", ref.Name, t.UnixNano()), - Namespace: ref.Namespace, - }, - InvolvedObject: ref, - Reason: reason, - Message: fmt.Sprintf(messageFmt, args...), - Type: eventType, - Source: corev1.EventSource{Component: "apiserver", Host: host}, - } - - klog.V(2).Infof("Event(%#v): type: '%v' reason: '%v' %v", e.InvolvedObject, e.Type, e.Reason, e.Message) - - if _, err := s.eventSink.Create(e); err != nil { - klog.Warningf("failed to create event %s/%s: %v", e.Namespace, e.Name, err) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/handler.go b/etcd/vendor/k8s.io/apiserver/pkg/server/handler.go deleted file mode 100644 index 9f37df1cdf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/handler.go +++ /dev/null @@ -1,190 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "bytes" - "fmt" - "net/http" - rt "runtime" - "sort" - "strings" - - "github.com/emicklei/go-restful/v3" - "k8s.io/klog/v2" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/server/mux" -) - -// APIServerHandlers holds the different http.Handlers used by the API server. -// This includes the full handler chain, the director (which chooses between gorestful and nonGoRestful, -// the gorestful handler (used for the API) which falls through to the nonGoRestful handler on unregistered paths, -// and the nonGoRestful handler (which can contain a fallthrough of its own) -// FullHandlerChain -> Director -> {GoRestfulContainer,NonGoRestfulMux} based on inspection of registered web services -type APIServerHandler struct { - // FullHandlerChain is the one that is eventually served with. It should include the full filter - // chain and then call the Director. - FullHandlerChain http.Handler - // The registered APIs. InstallAPIs uses this. Other servers probably shouldn't access this directly. - GoRestfulContainer *restful.Container - // NonGoRestfulMux is the final HTTP handler in the chain. - // It comes after all filters and the API handling - // This is where other servers can attach handler to various parts of the chain. - NonGoRestfulMux *mux.PathRecorderMux - - // Director is here so that we can properly handle fall through and proxy cases. - // This looks a bit bonkers, but here's what's happening. We need to have /apis handling registered in gorestful in order to have - // swagger generated for compatibility. Doing that with `/apis` as a webservice, means that it forcibly 404s (no defaulting allowed) - // all requests which are not /apis or /apis/. We need those calls to fall through behind goresful for proper delegation. Trying to - // register for a pattern which includes everything behind it doesn't work because gorestful negotiates for verbs and content encoding - // and all those things go crazy when gorestful really just needs to pass through. In addition, openapi enforces unique verb constraints - // which we don't fit into and it still muddies up swagger. Trying to switch the webservices into a route doesn't work because the - // containing webservice faces all the same problems listed above. - // This leads to the crazy thing done here. Our mux does what we need, so we'll place it in front of gorestful. It will introspect to - // decide if the route is likely to be handled by goresful and route there if needed. Otherwise, it goes to NonGoRestfulMux mux in - // order to handle "normal" paths and delegation. Hopefully no API consumers will ever have to deal with this level of detail. I think - // we should consider completely removing gorestful. - // Other servers should only use this opaquely to delegate to an API server. - Director http.Handler -} - -// HandlerChainBuilderFn is used to wrap the GoRestfulContainer handler using the provided handler chain. -// It is normally used to apply filtering like authentication and authorization -type HandlerChainBuilderFn func(apiHandler http.Handler) http.Handler - -func NewAPIServerHandler(name string, s runtime.NegotiatedSerializer, handlerChainBuilder HandlerChainBuilderFn, notFoundHandler http.Handler) *APIServerHandler { - nonGoRestfulMux := mux.NewPathRecorderMux(name) - if notFoundHandler != nil { - nonGoRestfulMux.NotFoundHandler(notFoundHandler) - } - - gorestfulContainer := restful.NewContainer() - gorestfulContainer.ServeMux = http.NewServeMux() - gorestfulContainer.Router(restful.CurlyRouter{}) // e.g. for proxy/{kind}/{name}/{*} - gorestfulContainer.RecoverHandler(func(panicReason interface{}, httpWriter http.ResponseWriter) { - logStackOnRecover(s, panicReason, httpWriter) - }) - gorestfulContainer.ServiceErrorHandler(func(serviceErr restful.ServiceError, request *restful.Request, response *restful.Response) { - serviceErrorHandler(s, serviceErr, request, response) - }) - - director := director{ - name: name, - goRestfulContainer: gorestfulContainer, - nonGoRestfulMux: nonGoRestfulMux, - } - - return &APIServerHandler{ - FullHandlerChain: handlerChainBuilder(director), - GoRestfulContainer: gorestfulContainer, - NonGoRestfulMux: nonGoRestfulMux, - Director: director, - } -} - -// ListedPaths returns the paths that should be shown under / -func (a *APIServerHandler) ListedPaths() []string { - var handledPaths []string - // Extract the paths handled using restful.WebService - for _, ws := range a.GoRestfulContainer.RegisteredWebServices() { - handledPaths = append(handledPaths, ws.RootPath()) - } - handledPaths = append(handledPaths, a.NonGoRestfulMux.ListedPaths()...) - sort.Strings(handledPaths) - - return handledPaths -} - -type director struct { - name string - goRestfulContainer *restful.Container - nonGoRestfulMux *mux.PathRecorderMux -} - -func (d director) ServeHTTP(w http.ResponseWriter, req *http.Request) { - path := req.URL.Path - - // check to see if our webservices want to claim this path - for _, ws := range d.goRestfulContainer.RegisteredWebServices() { - switch { - case ws.RootPath() == "/apis": - // if we are exactly /apis or /apis/, then we need special handling in loop. - // normally these are passed to the nonGoRestfulMux, but if discovery is enabled, it will go directly. - // We can't rely on a prefix match since /apis matches everything (see the big comment on Director above) - if path == "/apis" || path == "/apis/" { - klog.V(5).Infof("%v: %v %q satisfied by gorestful with webservice %v", d.name, req.Method, path, ws.RootPath()) - // don't use servemux here because gorestful servemuxes get messed up when removing webservices - // TODO fix gorestful, remove TPRs, or stop using gorestful - d.goRestfulContainer.Dispatch(w, req) - return - } - - case strings.HasPrefix(path, ws.RootPath()): - // ensure an exact match or a path boundary match - if len(path) == len(ws.RootPath()) || path[len(ws.RootPath())] == '/' { - klog.V(5).Infof("%v: %v %q satisfied by gorestful with webservice %v", d.name, req.Method, path, ws.RootPath()) - // don't use servemux here because gorestful servemuxes get messed up when removing webservices - // TODO fix gorestful, remove TPRs, or stop using gorestful - d.goRestfulContainer.Dispatch(w, req) - return - } - } - } - - // if we didn't find a match, then we just skip gorestful altogether - klog.V(5).Infof("%v: %v %q satisfied by nonGoRestful", d.name, req.Method, path) - d.nonGoRestfulMux.ServeHTTP(w, req) -} - -// TODO: Unify with RecoverPanics? -func logStackOnRecover(s runtime.NegotiatedSerializer, panicReason interface{}, w http.ResponseWriter) { - var buffer bytes.Buffer - buffer.WriteString(fmt.Sprintf("recover from panic situation: - %v\r\n", panicReason)) - for i := 2; ; i++ { - _, file, line, ok := rt.Caller(i) - if !ok { - break - } - buffer.WriteString(fmt.Sprintf(" %s:%d\r\n", file, line)) - } - klog.Errorln(buffer.String()) - - headers := http.Header{} - if ct := w.Header().Get("Content-Type"); len(ct) > 0 { - headers.Set("Accept", ct) - } - responsewriters.ErrorNegotiated(apierrors.NewGenericServerResponse(http.StatusInternalServerError, "", schema.GroupResource{}, "", "", 0, false), s, schema.GroupVersion{}, w, &http.Request{Header: headers}) -} - -func serviceErrorHandler(s runtime.NegotiatedSerializer, serviceErr restful.ServiceError, request *restful.Request, resp *restful.Response) { - responsewriters.ErrorNegotiated( - apierrors.NewGenericServerResponse(serviceErr.Code, "", schema.GroupResource{}, "", serviceErr.Message, 0, false), - s, - schema.GroupVersion{}, - resp, - request.Request, - ) -} - -// ServeHTTP makes it an http.Handler -func (a *APIServerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - a.FullHandlerChain.ServeHTTP(w, r) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/healthz.go b/etcd/vendor/k8s.io/apiserver/pkg/server/healthz.go deleted file mode 100644 index d6d13444d7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/healthz.go +++ /dev/null @@ -1,164 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "fmt" - "net/http" - "time" - - "k8s.io/apiserver/pkg/server/healthz" - "k8s.io/utils/clock" -) - -// AddHealthChecks adds HealthCheck(s) to health endpoints (healthz, livez, readyz) but -// configures the liveness grace period to be zero, which means we expect this health check -// to immediately indicate that the apiserver is unhealthy. -func (s *GenericAPIServer) AddHealthChecks(checks ...healthz.HealthChecker) error { - // we opt for a delay of zero here, because this entrypoint adds generic health checks - // and not health checks which are specifically related to kube-apiserver boot-sequences. - return s.addHealthChecks(0, checks...) -} - -// AddBootSequenceHealthChecks adds health checks to the old healthz endpoint (for backwards compatibility reasons) -// as well as livez and readyz. The livez grace period is defined by the value of the -// command-line flag --livez-grace-period; before the grace period elapses, the livez health checks -// will default to healthy. One may want to set a grace period in order to prevent the kubelet from restarting -// the kube-apiserver due to long-ish boot sequences. Readyz health checks, on the other hand, have no grace period, -// since readyz should fail until boot fully completes. -func (s *GenericAPIServer) AddBootSequenceHealthChecks(checks ...healthz.HealthChecker) error { - return s.addHealthChecks(s.livezGracePeriod, checks...) -} - -// addHealthChecks adds health checks to healthz, livez, and readyz. The delay passed in will set -// a corresponding grace period on livez. -func (s *GenericAPIServer) addHealthChecks(livezGracePeriod time.Duration, checks ...healthz.HealthChecker) error { - s.healthzLock.Lock() - defer s.healthzLock.Unlock() - if s.healthzChecksInstalled { - return fmt.Errorf("unable to add because the healthz endpoint has already been created") - } - s.healthzChecks = append(s.healthzChecks, checks...) - if err := s.AddLivezChecks(livezGracePeriod, checks...); err != nil { - return err - } - return s.AddReadyzChecks(checks...) -} - -// AddReadyzChecks allows you to add a HealthCheck to readyz. -func (s *GenericAPIServer) AddReadyzChecks(checks ...healthz.HealthChecker) error { - s.readyzLock.Lock() - defer s.readyzLock.Unlock() - if s.readyzChecksInstalled { - return fmt.Errorf("unable to add because the readyz endpoint has already been created") - } - s.readyzChecks = append(s.readyzChecks, checks...) - return nil -} - -// AddLivezChecks allows you to add a HealthCheck to livez. -func (s *GenericAPIServer) AddLivezChecks(delay time.Duration, checks ...healthz.HealthChecker) error { - s.livezLock.Lock() - defer s.livezLock.Unlock() - if s.livezChecksInstalled { - return fmt.Errorf("unable to add because the livez endpoint has already been created") - } - for _, check := range checks { - s.livezChecks = append(s.livezChecks, delayedHealthCheck(check, s.livezClock, delay)) - } - return nil -} - -// addReadyzShutdownCheck is a convenience function for adding a readyz shutdown check, so -// that we can register that the api-server is no longer ready while we attempt to gracefully -// shutdown. -func (s *GenericAPIServer) addReadyzShutdownCheck(stopCh <-chan struct{}) error { - return s.AddReadyzChecks(shutdownCheck{stopCh}) -} - -// installHealthz creates the healthz endpoint for this server -func (s *GenericAPIServer) installHealthz() { - s.healthzLock.Lock() - defer s.healthzLock.Unlock() - s.healthzChecksInstalled = true - healthz.InstallHandler(s.Handler.NonGoRestfulMux, s.healthzChecks...) -} - -// installReadyz creates the readyz endpoint for this server. -func (s *GenericAPIServer) installReadyz() { - s.readyzLock.Lock() - defer s.readyzLock.Unlock() - s.readyzChecksInstalled = true - healthz.InstallReadyzHandlerWithHealthyFunc(s.Handler.NonGoRestfulMux, func() { - // note: InstallReadyzHandlerWithHealthyFunc guarantees that this is called only once - s.lifecycleSignals.HasBeenReady.Signal() - }, s.readyzChecks...) -} - -// installLivez creates the livez endpoint for this server. -func (s *GenericAPIServer) installLivez() { - s.livezLock.Lock() - defer s.livezLock.Unlock() - s.livezChecksInstalled = true - healthz.InstallLivezHandler(s.Handler.NonGoRestfulMux, s.livezChecks...) -} - -// shutdownCheck fails if the embedded channel is closed. This is intended to allow for graceful shutdown sequences -// for the apiserver. -type shutdownCheck struct { - StopCh <-chan struct{} -} - -func (shutdownCheck) Name() string { - return "shutdown" -} - -func (c shutdownCheck) Check(req *http.Request) error { - select { - case <-c.StopCh: - return fmt.Errorf("process is shutting down") - default: - } - return nil -} - -// delayedHealthCheck wraps a health check which will not fail until the explicitly defined delay has elapsed. This -// is intended for use primarily for livez health checks. -func delayedHealthCheck(check healthz.HealthChecker, clock clock.Clock, delay time.Duration) healthz.HealthChecker { - return delayedLivezCheck{ - check, - clock.Now().Add(delay), - clock, - } -} - -type delayedLivezCheck struct { - check healthz.HealthChecker - startCheck time.Time - clock clock.Clock -} - -func (c delayedLivezCheck) Name() string { - return c.check.Name() -} - -func (c delayedLivezCheck) Check(req *http.Request) error { - if c.clock.Now().After(c.startCheck) { - return c.check.Check(req) - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/healthz/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/healthz/doc.go deleted file mode 100644 index ad3f001873..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/healthz/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package healthz implements basic http server health checking. -// Usage: -// -// import "k8s.io/apiserver/pkg/server/healthz" -// healthz.InstallHandler(mux) -package healthz // import "k8s.io/apiserver/pkg/server/healthz" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/healthz/healthz.go b/etcd/vendor/k8s.io/apiserver/pkg/server/healthz/healthz.go deleted file mode 100644 index 63ff59750f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/healthz/healthz.go +++ /dev/null @@ -1,314 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package healthz - -import ( - "bytes" - "context" - "fmt" - "net/http" - "reflect" - "strings" - "sync" - "sync/atomic" - "time" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/server/httplog" - "k8s.io/component-base/metrics/prometheus/slis" - "k8s.io/klog/v2" -) - -// HealthChecker is a named healthz checker. -type HealthChecker interface { - Name() string - Check(req *http.Request) error -} - -// PingHealthz returns true automatically when checked -var PingHealthz HealthChecker = ping{} - -// ping implements the simplest possible healthz checker. -type ping struct{} - -func (ping) Name() string { - return "ping" -} - -// PingHealthz is a health check that returns true. -func (ping) Check(_ *http.Request) error { - return nil -} - -// LogHealthz returns true if logging is not blocked -var LogHealthz HealthChecker = &log{} - -type log struct { - startOnce sync.Once - lastVerified atomic.Value -} - -func (l *log) Name() string { - return "log" -} - -func (l *log) Check(_ *http.Request) error { - l.startOnce.Do(func() { - l.lastVerified.Store(time.Now()) - go wait.Forever(func() { - klog.Flush() - l.lastVerified.Store(time.Now()) - }, time.Minute) - }) - - lastVerified := l.lastVerified.Load().(time.Time) - if time.Since(lastVerified) < (2 * time.Minute) { - return nil - } - return fmt.Errorf("logging blocked") -} - -type cacheSyncWaiter interface { - WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool -} - -type informerSync struct { - cacheSyncWaiter cacheSyncWaiter -} - -var _ HealthChecker = &informerSync{} - -// NewInformerSyncHealthz returns a new HealthChecker that will pass only if all informers in the given cacheSyncWaiter sync. -func NewInformerSyncHealthz(cacheSyncWaiter cacheSyncWaiter) HealthChecker { - return &informerSync{ - cacheSyncWaiter: cacheSyncWaiter, - } -} - -func (i *informerSync) Name() string { - return "informer-sync" -} - -func (i *informerSync) Check(_ *http.Request) error { - stopCh := make(chan struct{}) - // Close stopCh to force checking if informers are synced now. - close(stopCh) - - informersByStarted := make(map[bool][]string) - for informerType, started := range i.cacheSyncWaiter.WaitForCacheSync(stopCh) { - informersByStarted[started] = append(informersByStarted[started], informerType.String()) - } - - if notStarted := informersByStarted[false]; len(notStarted) > 0 { - return fmt.Errorf("%d informers not started yet: %v", len(notStarted), notStarted) - } - return nil -} - -// NamedCheck returns a healthz checker for the given name and function. -func NamedCheck(name string, check func(r *http.Request) error) HealthChecker { - return &healthzCheck{name, check} -} - -// InstallHandler registers handlers for health checking on the path -// "/healthz" to mux. *All handlers* for mux must be specified in -// exactly one call to InstallHandler. Calling InstallHandler more -// than once for the same mux will result in a panic. -func InstallHandler(mux mux, checks ...HealthChecker) { - InstallPathHandler(mux, "/healthz", checks...) -} - -// InstallReadyzHandler registers handlers for health checking on the path -// "/readyz" to mux. *All handlers* for mux must be specified in -// exactly one call to InstallHandler. Calling InstallHandler more -// than once for the same mux will result in a panic. -func InstallReadyzHandler(mux mux, checks ...HealthChecker) { - InstallPathHandler(mux, "/readyz", checks...) -} - -// InstallReadyzHandlerWithHealthyFunc is like InstallReadyzHandler, but in addition call firstTimeReady -// the first time /readyz succeeds. -func InstallReadyzHandlerWithHealthyFunc(mux mux, firstTimeReady func(), checks ...HealthChecker) { - InstallPathHandlerWithHealthyFunc(mux, "/readyz", firstTimeReady, checks...) -} - -// InstallLivezHandler registers handlers for liveness checking on the path -// "/livez" to mux. *All handlers* for mux must be specified in -// exactly one call to InstallHandler. Calling InstallHandler more -// than once for the same mux will result in a panic. -func InstallLivezHandler(mux mux, checks ...HealthChecker) { - InstallPathHandler(mux, "/livez", checks...) -} - -// InstallPathHandler registers handlers for health checking on -// a specific path to mux. *All handlers* for the path must be -// specified in exactly one call to InstallPathHandler. Calling -// InstallPathHandler more than once for the same path and mux will -// result in a panic. -func InstallPathHandler(mux mux, path string, checks ...HealthChecker) { - InstallPathHandlerWithHealthyFunc(mux, path, nil, checks...) -} - -// InstallPathHandlerWithHealthyFunc is like InstallPathHandler, but calls firstTimeHealthy exactly once -// when the handler succeeds for the first time. -func InstallPathHandlerWithHealthyFunc(mux mux, path string, firstTimeHealthy func(), checks ...HealthChecker) { - if len(checks) == 0 { - klog.V(5).Info("No default health checks specified. Installing the ping handler.") - checks = []HealthChecker{PingHealthz} - } - - klog.V(5).Infof("Installing health checkers for (%v): %v", path, formatQuoted(checkerNames(checks...)...)) - - name := strings.Split(strings.TrimPrefix(path, "/"), "/")[0] - mux.Handle(path, - metrics.InstrumentHandlerFunc("GET", - /* group = */ "", - /* version = */ "", - /* resource = */ "", - /* subresource = */ path, - /* scope = */ "", - /* component = */ "", - /* deprecated */ false, - /* removedRelease */ "", - handleRootHealth(name, firstTimeHealthy, checks...))) - for _, check := range checks { - mux.Handle(fmt.Sprintf("%s/%v", path, check.Name()), adaptCheckToHandler(check.Check)) - } -} - -// mux is an interface describing the methods InstallHandler requires. -type mux interface { - Handle(pattern string, handler http.Handler) -} - -// healthzCheck implements HealthChecker on an arbitrary name and check function. -type healthzCheck struct { - name string - check func(r *http.Request) error -} - -var _ HealthChecker = &healthzCheck{} - -func (c *healthzCheck) Name() string { - return c.name -} - -func (c *healthzCheck) Check(r *http.Request) error { - return c.check(r) -} - -// getExcludedChecks extracts the health check names to be excluded from the query param -func getExcludedChecks(r *http.Request) sets.String { - checks, found := r.URL.Query()["exclude"] - if found { - return sets.NewString(checks...) - } - return sets.NewString() -} - -// handleRootHealth returns an http.HandlerFunc that serves the provided checks. -func handleRootHealth(name string, firstTimeHealthy func(), checks ...HealthChecker) http.HandlerFunc { - var notifyOnce sync.Once - return func(w http.ResponseWriter, r *http.Request) { - excluded := getExcludedChecks(r) - // failedVerboseLogOutput is for output to the log. It indicates detailed failed output information for the log. - var failedVerboseLogOutput bytes.Buffer - var failedChecks []string - var individualCheckOutput bytes.Buffer - for _, check := range checks { - // no-op the check if we've specified we want to exclude the check - if excluded.Has(check.Name()) { - excluded.Delete(check.Name()) - fmt.Fprintf(&individualCheckOutput, "[+]%s excluded: ok\n", check.Name()) - continue - } - if err := check.Check(r); err != nil { - slis.ObserveHealthcheck(context.Background(), check.Name(), name, slis.Error) - // don't include the error since this endpoint is public. If someone wants more detail - // they should have explicit permission to the detailed checks. - fmt.Fprintf(&individualCheckOutput, "[-]%s failed: reason withheld\n", check.Name()) - // but we do want detailed information for our log - fmt.Fprintf(&failedVerboseLogOutput, "[-]%s failed: %v\n", check.Name(), err) - failedChecks = append(failedChecks, check.Name()) - } else { - slis.ObserveHealthcheck(context.Background(), check.Name(), name, slis.Success) - fmt.Fprintf(&individualCheckOutput, "[+]%s ok\n", check.Name()) - } - } - if excluded.Len() > 0 { - fmt.Fprintf(&individualCheckOutput, "warn: some health checks cannot be excluded: no matches for %s\n", formatQuoted(excluded.List()...)) - klog.V(6).Infof("cannot exclude some health checks, no health checks are installed matching %s", - formatQuoted(excluded.List()...)) - } - // always be verbose on failure - if len(failedChecks) > 0 { - klog.V(2).Infof("%s check failed: %s\n%v", strings.Join(failedChecks, ","), name, failedVerboseLogOutput.String()) - httplog.SetStacktracePredicate(r.Context(), func(int) bool { return false }) - http.Error(w, fmt.Sprintf("%s%s check failed", individualCheckOutput.String(), name), http.StatusInternalServerError) - return - } - - // signal first time this is healthy - if firstTimeHealthy != nil { - notifyOnce.Do(firstTimeHealthy) - } - - w.Header().Set("Content-Type", "text/plain; charset=utf-8") - w.Header().Set("X-Content-Type-Options", "nosniff") - if _, found := r.URL.Query()["verbose"]; !found { - fmt.Fprint(w, "ok") - return - } - - individualCheckOutput.WriteTo(w) - fmt.Fprintf(w, "%s check passed\n", name) - } -} - -// adaptCheckToHandler returns an http.HandlerFunc that serves the provided checks. -func adaptCheckToHandler(c func(r *http.Request) error) http.HandlerFunc { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - err := c(r) - if err != nil { - http.Error(w, fmt.Sprintf("internal server error: %v", err), http.StatusInternalServerError) - } else { - fmt.Fprint(w, "ok") - } - }) -} - -// checkerNames returns the names of the checks in the same order as passed in. -func checkerNames(checks ...HealthChecker) []string { - // accumulate the names of checks for printing them out. - checkerNames := make([]string, 0, len(checks)) - for _, check := range checks { - checkerNames = append(checkerNames, check.Name()) - } - return checkerNames -} - -// formatQuoted returns a formatted string of the health check names, -// preserving the order passed in. -func formatQuoted(names ...string) string { - quoted := make([]string, 0, len(names)) - for _, name := range names { - quoted = append(quoted, fmt.Sprintf("%q", name)) - } - return strings.Join(quoted, ",") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/hooks.go b/etcd/vendor/k8s.io/apiserver/pkg/server/hooks.go deleted file mode 100644 index 065df6bc5c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/hooks.go +++ /dev/null @@ -1,245 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "errors" - "fmt" - "net/http" - "runtime/debug" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/server/healthz" - restclient "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -// PostStartHookFunc is a function that is called after the server has started. -// It must properly handle cases like: -// 1. asynchronous start in multiple API server processes -// 2. conflicts between the different processes all trying to perform the same action -// 3. partially complete work (API server crashes while running your hook) -// 4. API server access **BEFORE** your hook has completed -// -// Think of it like a mini-controller that is super privileged and gets to run in-process -// If you use this feature, tag @deads2k on github who has promised to review code for anyone's PostStartHook -// until it becomes easier to use. -type PostStartHookFunc func(context PostStartHookContext) error - -// PreShutdownHookFunc is a function that can be added to the shutdown logic. -type PreShutdownHookFunc func() error - -// PostStartHookContext provides information about this API server to a PostStartHookFunc -type PostStartHookContext struct { - // LoopbackClientConfig is a config for a privileged loopback connection to the API server - LoopbackClientConfig *restclient.Config - // StopCh is the channel that will be closed when the server stops - StopCh <-chan struct{} -} - -// PostStartHookProvider is an interface in addition to provide a post start hook for the api server -type PostStartHookProvider interface { - PostStartHook() (string, PostStartHookFunc, error) -} - -type postStartHookEntry struct { - hook PostStartHookFunc - // originatingStack holds the stack that registered postStartHooks. This allows us to show a more helpful message - // for duplicate registration. - originatingStack string - - // done will be closed when the postHook is finished - done chan struct{} -} - -type PostStartHookConfigEntry struct { - hook PostStartHookFunc - // originatingStack holds the stack that registered postStartHooks. This allows us to show a more helpful message - // for duplicate registration. - originatingStack string -} - -type preShutdownHookEntry struct { - hook PreShutdownHookFunc -} - -// AddPostStartHook allows you to add a PostStartHook. -func (s *GenericAPIServer) AddPostStartHook(name string, hook PostStartHookFunc) error { - if len(name) == 0 { - return fmt.Errorf("missing name") - } - if hook == nil { - return fmt.Errorf("hook func may not be nil: %q", name) - } - if s.disabledPostStartHooks.Has(name) { - klog.V(1).Infof("skipping %q because it was explicitly disabled", name) - return nil - } - - s.postStartHookLock.Lock() - defer s.postStartHookLock.Unlock() - - if s.postStartHooksCalled { - return fmt.Errorf("unable to add %q because PostStartHooks have already been called", name) - } - if postStartHook, exists := s.postStartHooks[name]; exists { - // this is programmer error, but it can be hard to debug - return fmt.Errorf("unable to add %q because it was already registered by: %s", name, postStartHook.originatingStack) - } - - // done is closed when the poststarthook is finished. This is used by the health check to be able to indicate - // that the poststarthook is finished - done := make(chan struct{}) - if err := s.AddBootSequenceHealthChecks(postStartHookHealthz{name: "poststarthook/" + name, done: done}); err != nil { - return err - } - s.postStartHooks[name] = postStartHookEntry{hook: hook, originatingStack: string(debug.Stack()), done: done} - - return nil -} - -// AddPostStartHookOrDie allows you to add a PostStartHook, but dies on failure -func (s *GenericAPIServer) AddPostStartHookOrDie(name string, hook PostStartHookFunc) { - if err := s.AddPostStartHook(name, hook); err != nil { - klog.Fatalf("Error registering PostStartHook %q: %v", name, err) - } -} - -// AddPreShutdownHook allows you to add a PreShutdownHook. -func (s *GenericAPIServer) AddPreShutdownHook(name string, hook PreShutdownHookFunc) error { - if len(name) == 0 { - return fmt.Errorf("missing name") - } - if hook == nil { - return nil - } - - s.preShutdownHookLock.Lock() - defer s.preShutdownHookLock.Unlock() - - if s.preShutdownHooksCalled { - return fmt.Errorf("unable to add %q because PreShutdownHooks have already been called", name) - } - if _, exists := s.preShutdownHooks[name]; exists { - return fmt.Errorf("unable to add %q because it is already registered", name) - } - - s.preShutdownHooks[name] = preShutdownHookEntry{hook: hook} - - return nil -} - -// AddPreShutdownHookOrDie allows you to add a PostStartHook, but dies on failure -func (s *GenericAPIServer) AddPreShutdownHookOrDie(name string, hook PreShutdownHookFunc) { - if err := s.AddPreShutdownHook(name, hook); err != nil { - klog.Fatalf("Error registering PreShutdownHook %q: %v", name, err) - } -} - -// RunPostStartHooks runs the PostStartHooks for the server -func (s *GenericAPIServer) RunPostStartHooks(stopCh <-chan struct{}) { - s.postStartHookLock.Lock() - defer s.postStartHookLock.Unlock() - s.postStartHooksCalled = true - - context := PostStartHookContext{ - LoopbackClientConfig: s.LoopbackClientConfig, - StopCh: stopCh, - } - - for hookName, hookEntry := range s.postStartHooks { - go runPostStartHook(hookName, hookEntry, context) - } -} - -// RunPreShutdownHooks runs the PreShutdownHooks for the server -func (s *GenericAPIServer) RunPreShutdownHooks() error { - var errorList []error - - s.preShutdownHookLock.Lock() - defer s.preShutdownHookLock.Unlock() - s.preShutdownHooksCalled = true - - for hookName, hookEntry := range s.preShutdownHooks { - if err := runPreShutdownHook(hookName, hookEntry); err != nil { - errorList = append(errorList, err) - } - } - return utilerrors.NewAggregate(errorList) -} - -// isPostStartHookRegistered checks whether a given PostStartHook is registered -func (s *GenericAPIServer) isPostStartHookRegistered(name string) bool { - s.postStartHookLock.Lock() - defer s.postStartHookLock.Unlock() - _, exists := s.postStartHooks[name] - return exists -} - -func runPostStartHook(name string, entry postStartHookEntry, context PostStartHookContext) { - var err error - func() { - // don't let the hook *accidentally* panic and kill the server - defer utilruntime.HandleCrash() - err = entry.hook(context) - }() - // if the hook intentionally wants to kill server, let it. - if err != nil { - klog.Fatalf("PostStartHook %q failed: %v", name, err) - } - close(entry.done) -} - -func runPreShutdownHook(name string, entry preShutdownHookEntry) error { - var err error - func() { - // don't let the hook *accidentally* panic and kill the server - defer utilruntime.HandleCrash() - err = entry.hook() - }() - if err != nil { - return fmt.Errorf("PreShutdownHook %q failed: %v", name, err) - } - return nil -} - -// postStartHookHealthz implements a healthz check for poststarthooks. It will return a "hookNotFinished" -// error until the poststarthook is finished. -type postStartHookHealthz struct { - name string - - // done will be closed when the postStartHook is finished - done chan struct{} -} - -var _ healthz.HealthChecker = postStartHookHealthz{} - -func (h postStartHookHealthz) Name() string { - return h.name -} - -var errHookNotFinished = errors.New("not finished") - -func (h postStartHookHealthz) Check(req *http.Request) error { - select { - case <-h.done: - return nil - default: - return errHookNotFinished - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/httplog/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/httplog/doc.go deleted file mode 100644 index caa6572c76..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/httplog/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package httplog contains a helper object and functions to maintain a log -// along with an http response. -package httplog // import "k8s.io/apiserver/pkg/server/httplog" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/httplog/httplog.go b/etcd/vendor/k8s.io/apiserver/pkg/server/httplog/httplog.go deleted file mode 100644 index afa989e5bb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/httplog/httplog.go +++ /dev/null @@ -1,338 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package httplog - -import ( - "bufio" - "context" - "fmt" - "net" - "net/http" - "runtime" - "strings" - "sync" - "time" - - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/endpoints/responsewriter" - "k8s.io/klog/v2" -) - -// StacktracePred returns true if a stacktrace should be logged for this status. -type StacktracePred func(httpStatus int) (logStacktrace bool) - -// ShouldLogRequestPred returns true if logging should be enabled for this request -type ShouldLogRequestPred func() bool - -type logger interface { - Addf(format string, data ...interface{}) -} - -type respLoggerContextKeyType int - -// respLoggerContextKey is used to store the respLogger pointer in the request context. -const respLoggerContextKey respLoggerContextKeyType = iota - -// Add a layer on top of ResponseWriter, so we can track latency and error -// message sources. -// -// TODO now that we're using go-restful, we shouldn't need to be wrapping -// the http.ResponseWriter. We can recover panics from go-restful, and -// the logging value is questionable. -type respLogger struct { - hijacked bool - statusRecorded bool - status int - statusStack string - // mutex is used when accessing addedInfo, addedKeyValuePairs and logStacktracePred. - // They can be modified by other goroutine when logging happens (in case of request timeout) - mutex sync.Mutex - addedInfo strings.Builder - addedKeyValuePairs []interface{} - startTime time.Time - isTerminating bool - - captureErrorOutput bool - - req *http.Request - userAgent string - w http.ResponseWriter - - logStacktracePred StacktracePred -} - -var _ http.ResponseWriter = &respLogger{} -var _ responsewriter.UserProvidedDecorator = &respLogger{} - -func (rl *respLogger) Unwrap() http.ResponseWriter { - return rl.w -} - -// Simple logger that logs immediately when Addf is called -type passthroughLogger struct{} - -// Addf logs info immediately. -func (passthroughLogger) Addf(format string, data ...interface{}) { - klog.V(2).Info(fmt.Sprintf(format, data...)) -} - -// DefaultStacktracePred is the default implementation of StacktracePred. -func DefaultStacktracePred(status int) bool { - return (status < http.StatusOK || status >= http.StatusInternalServerError) && status != http.StatusSwitchingProtocols -} - -const withLoggingLevel = 3 - -// WithLogging wraps the handler with logging. -func WithLogging(handler http.Handler, pred StacktracePred, isTerminatingFn func() bool) http.Handler { - return withLogging(handler, pred, func() bool { - return klog.V(withLoggingLevel).Enabled() - }, isTerminatingFn) -} - -func withLogging(handler http.Handler, stackTracePred StacktracePred, shouldLogRequest ShouldLogRequestPred, isTerminatingFn func() bool) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - if !shouldLogRequest() { - handler.ServeHTTP(w, req) - return - } - - ctx := req.Context() - if old := respLoggerFromRequest(req); old != nil { - panic("multiple WithLogging calls!") - } - startTime := time.Now() - if receivedTimestamp, ok := request.ReceivedTimestampFrom(ctx); ok { - startTime = receivedTimestamp - } - - isTerminating := false - if isTerminatingFn != nil { - isTerminating = isTerminatingFn() - } - rl := newLoggedWithStartTime(req, w, startTime).StacktraceWhen(stackTracePred).IsTerminating(isTerminating) - req = req.WithContext(context.WithValue(ctx, respLoggerContextKey, rl)) - defer rl.Log() - - if klog.V(3).Enabled() || (rl.isTerminating && klog.V(1).Enabled()) { - defer rl.Log() - } - w = responsewriter.WrapForHTTP1Or2(rl) - handler.ServeHTTP(w, req) - }) -} - -// respLoggerFromContext returns the respLogger or nil. -func respLoggerFromContext(ctx context.Context) *respLogger { - val := ctx.Value(respLoggerContextKey) - if rl, ok := val.(*respLogger); ok { - return rl - } - return nil -} - -func respLoggerFromRequest(req *http.Request) *respLogger { - return respLoggerFromContext(req.Context()) -} - -func newLoggedWithStartTime(req *http.Request, w http.ResponseWriter, startTime time.Time) *respLogger { - logger := &respLogger{ - startTime: startTime, - req: req, - userAgent: req.UserAgent(), - w: w, - logStacktracePred: DefaultStacktracePred, - } - return logger -} - -// newLogged turns a normal response writer into a logged response writer. -func newLogged(req *http.Request, w http.ResponseWriter) *respLogger { - return newLoggedWithStartTime(req, w, time.Now()) -} - -// LogOf returns the logger hiding in w. If there is not an existing logger -// then a passthroughLogger will be created which will log to stdout immediately -// when Addf is called. -func LogOf(req *http.Request, w http.ResponseWriter) logger { - if rl := respLoggerFromRequest(req); rl != nil { - return rl - } - return &passthroughLogger{} -} - -// Unlogged returns the original ResponseWriter, or w if it is not our inserted logger. -func Unlogged(req *http.Request, w http.ResponseWriter) http.ResponseWriter { - if rl := respLoggerFromRequest(req); rl != nil { - return rl.w - } - return w -} - -// StacktraceWhen sets the stacktrace logging predicate, which decides when to log a stacktrace. -// There's a default, so you don't need to call this unless you don't like the default. -func (rl *respLogger) StacktraceWhen(pred StacktracePred) *respLogger { - rl.mutex.Lock() - defer rl.mutex.Unlock() - rl.logStacktracePred = pred - return rl -} - -// IsTerminating informs the logger that the server is terminating. -func (rl *respLogger) IsTerminating(is bool) *respLogger { - rl.isTerminating = is - return rl -} - -// StatusIsNot returns a StacktracePred which will cause stacktraces to be logged -// for any status *not* in the given list. -func StatusIsNot(statuses ...int) StacktracePred { - statusesNoTrace := map[int]bool{} - for _, s := range statuses { - statusesNoTrace[s] = true - } - return func(status int) bool { - _, ok := statusesNoTrace[status] - return !ok - } -} - -// Addf adds additional data to be logged with this request. -func (rl *respLogger) Addf(format string, data ...interface{}) { - rl.mutex.Lock() - defer rl.mutex.Unlock() - rl.addedInfo.WriteString("\n") - rl.addedInfo.WriteString(fmt.Sprintf(format, data...)) -} - -func AddInfof(ctx context.Context, format string, data ...interface{}) { - if rl := respLoggerFromContext(ctx); rl != nil { - rl.Addf(format, data...) - } -} - -func (rl *respLogger) AddKeyValue(key string, value interface{}) { - rl.mutex.Lock() - defer rl.mutex.Unlock() - rl.addedKeyValuePairs = append(rl.addedKeyValuePairs, key, value) -} - -// AddKeyValue adds a (key, value) pair to the httplog associated -// with the request. -// Use this function if you want your data to show up in httplog -// in a more structured and readable way. -func AddKeyValue(ctx context.Context, key string, value interface{}) { - if rl := respLoggerFromContext(ctx); rl != nil { - rl.AddKeyValue(key, value) - } -} - -// SetStacktracePredicate sets a custom stacktrace predicate for the -// logger associated with the given request context. -func SetStacktracePredicate(ctx context.Context, pred StacktracePred) { - if rl := respLoggerFromContext(ctx); rl != nil { - rl.StacktraceWhen(pred) - } -} - -// Log is intended to be called once at the end of your request handler, via defer -func (rl *respLogger) Log() { - latency := time.Since(rl.startTime) - auditID := audit.GetAuditIDTruncated(rl.req.Context()) - verb := metrics.NormalizedVerb(rl.req) - - keysAndValues := []interface{}{ - "verb", verb, - "URI", rl.req.RequestURI, - "latency", latency, - // We can't get UserAgent from rl.req.UserAgent() here as it accesses headers map, - // which can be modified in another goroutine when apiserver request times out. - // For example authentication filter modifies request's headers, - // This can cause apiserver to crash with unrecoverable fatal error. - // More info about concurrent read and write for maps: https://golang.org/doc/go1.6#runtime - "userAgent", rl.userAgent, - "audit-ID", auditID, - "srcIP", rl.req.RemoteAddr, - } - // Lock for accessing addedKeyValuePairs and addedInfo - rl.mutex.Lock() - defer rl.mutex.Unlock() - keysAndValues = append(keysAndValues, rl.addedKeyValuePairs...) - - if rl.hijacked { - keysAndValues = append(keysAndValues, "hijacked", true) - } else { - keysAndValues = append(keysAndValues, "resp", rl.status) - if len(rl.statusStack) > 0 { - keysAndValues = append(keysAndValues, "statusStack", rl.statusStack) - } - info := rl.addedInfo.String() - if len(info) > 0 { - keysAndValues = append(keysAndValues, "addedInfo", info) - } - } - - klog.V(withLoggingLevel).InfoSDepth(1, "HTTP", keysAndValues...) -} - -// Header implements http.ResponseWriter. -func (rl *respLogger) Header() http.Header { - return rl.w.Header() -} - -// Write implements http.ResponseWriter. -func (rl *respLogger) Write(b []byte) (int, error) { - if !rl.statusRecorded { - rl.recordStatus(http.StatusOK) // Default if WriteHeader hasn't been called - } - if rl.captureErrorOutput { - rl.Addf("logging error output: %q\n", string(b)) - } - return rl.w.Write(b) -} - -// WriteHeader implements http.ResponseWriter. -func (rl *respLogger) WriteHeader(status int) { - rl.recordStatus(status) - rl.w.WriteHeader(status) -} - -func (rl *respLogger) Hijack() (net.Conn, *bufio.ReadWriter, error) { - rl.hijacked = true - - // the outer ResponseWriter object returned by WrapForHTTP1Or2 implements - // http.Hijacker if the inner object (rl.w) implements http.Hijacker. - return rl.w.(http.Hijacker).Hijack() -} - -func (rl *respLogger) recordStatus(status int) { - rl.mutex.Lock() - defer rl.mutex.Unlock() - rl.status = status - rl.statusRecorded = true - if rl.logStacktracePred(status) { - // Only log stacks for errors - stack := make([]byte, 50*1024) - stack = stack[:runtime.Stack(stack, false)] - rl.statusStack = "\n" + string(stack) - rl.captureErrorOutput = true - } else { - rl.statusStack = "" - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/lifecycle_signals.go b/etcd/vendor/k8s.io/apiserver/pkg/server/lifecycle_signals.go deleted file mode 100644 index ce4c1b4a6e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/lifecycle_signals.go +++ /dev/null @@ -1,190 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "sync" -) - -/* -We make an attempt here to identify the events that take place during -lifecycle of the apiserver. - -We also identify each event with a name so we can refer to it. - -Events: -- ShutdownInitiated: KILL signal received -- AfterShutdownDelayDuration: shutdown delay duration has passed -- InFlightRequestsDrained: all in flight request(s) have been drained -- HasBeenReady is signaled when the readyz endpoint succeeds for the first time - -The following is a sequence of shutdown events that we expect to see with - 'ShutdownSendRetryAfter' = false: - -T0: ShutdownInitiated: KILL signal received - - /readyz starts returning red - - run pre shutdown hooks - -T0+70s: AfterShutdownDelayDuration: shutdown delay duration has passed - - the default value of 'ShutdownDelayDuration' is '70s' - - it's time to initiate shutdown of the HTTP Server, server.Shutdown is invoked - - as a consequene, the Close function has is called for all listeners - - the HTTP Server stops listening immediately - - any new request arriving on a new TCP socket is denied with - a network error similar to 'connection refused' - - the HTTP Server waits gracefully for existing requests to complete - up to '60s' (dictated by ShutdownTimeout) - - active long running requests will receive a GOAWAY. - -T0+70s: HTTPServerStoppedListening: - - this event is signaled when the HTTP Server has stopped listening - which is immediately after server.Shutdown has been invoked - -T0 + 70s + up-to 60s: InFlightRequestsDrained: existing in flight requests have been drained - - long running requests are outside of this scope - - up-to 60s: the default value of 'ShutdownTimeout' is 60s, this means that - any request in flight has a hard timeout of 60s. - - it's time to call 'Shutdown' on the audit events since all - in flight request(s) have drained. - - -The following is a sequence of shutdown events that we expect to see with - 'ShutdownSendRetryAfter' = true: - -T0: ShutdownInitiated: KILL signal received - - /readyz starts returning red - - run pre shutdown hooks - -T0+70s: AfterShutdownDelayDuration: shutdown delay duration has passed - - the default value of 'ShutdownDelayDuration' is '70s' - - the HTTP Server will continue to listen - - the apiserver is not accepting new request(s) - - it includes new request(s) on a new or an existing TCP connection - - new request(s) arriving after this point are replied with a 429 - and the response headers: 'Retry-After: 1` and 'Connection: close' - - note: these new request(s) will not show up in audit logs - -T0 + 70s + up to 60s: InFlightRequestsDrained: existing in flight requests have been drained - - long running requests are outside of this scope - - up to 60s: the default value of 'ShutdownTimeout' is 60s, this means that - any request in flight has a hard timeout of 60s. - - server.Shutdown is called, the HTTP Server stops listening immediately - - the HTTP Server waits gracefully for existing requests to complete - up to '2s' (it's hard coded right now) -*/ - -// lifecycleSignal encapsulates a named apiserver event -type lifecycleSignal interface { - // Signal signals the event, indicating that the event has occurred. - // Signal is idempotent, once signaled the event stays signaled and - // it immediately unblocks any goroutine waiting for this event. - Signal() - - // Signaled returns a channel that is closed when the underlying event - // has been signaled. Successive calls to Signaled return the same value. - Signaled() <-chan struct{} - - // Name returns the name of the signal, useful for logging. - Name() string -} - -// lifecycleSignals provides an abstraction of the events that -// transpire during the lifecycle of the apiserver. This abstraction makes it easy -// for us to write unit tests that can verify expected graceful termination behavior. -// -// GenericAPIServer can use these to either: -// - signal that a particular termination event has transpired -// - wait for a designated termination event to transpire and do some action. -type lifecycleSignals struct { - // ShutdownInitiated event is signaled when an apiserver shutdown has been initiated. - // It is signaled when the `stopCh` provided by the main goroutine - // receives a KILL signal and is closed as a consequence. - ShutdownInitiated lifecycleSignal - - // AfterShutdownDelayDuration event is signaled as soon as ShutdownDelayDuration - // has elapsed since the ShutdownInitiated event. - // ShutdownDelayDuration allows the apiserver to delay shutdown for some time. - AfterShutdownDelayDuration lifecycleSignal - - // PreShutdownHooksStopped event is signaled when all registered - // preshutdown hook(s) have finished running. - PreShutdownHooksStopped lifecycleSignal - - // NotAcceptingNewRequest event is signaled when the server is no - // longer accepting any new request, from this point on any new - // request will receive an error. - NotAcceptingNewRequest lifecycleSignal - - // InFlightRequestsDrained event is signaled when the existing requests - // in flight have completed. This is used as signal to shut down the audit backends - InFlightRequestsDrained lifecycleSignal - - // HTTPServerStoppedListening termination event is signaled when the - // HTTP Server has stopped listening to the underlying socket. - HTTPServerStoppedListening lifecycleSignal - - // HasBeenReady is signaled when the readyz endpoint succeeds for the first time. - HasBeenReady lifecycleSignal - - // MuxAndDiscoveryComplete is signaled when all known HTTP paths have been installed. - // It exists primarily to avoid returning a 404 response when a resource actually exists but we haven't installed the path to a handler. - // The actual logic is implemented by an APIServer using the generic server library. - MuxAndDiscoveryComplete lifecycleSignal -} - -// newLifecycleSignals returns an instance of lifecycleSignals interface to be used -// to coordinate lifecycle of the apiserver -func newLifecycleSignals() lifecycleSignals { - return lifecycleSignals{ - ShutdownInitiated: newNamedChannelWrapper("ShutdownInitiated"), - AfterShutdownDelayDuration: newNamedChannelWrapper("AfterShutdownDelayDuration"), - PreShutdownHooksStopped: newNamedChannelWrapper("PreShutdownHooksStopped"), - NotAcceptingNewRequest: newNamedChannelWrapper("NotAcceptingNewRequest"), - InFlightRequestsDrained: newNamedChannelWrapper("InFlightRequestsDrained"), - HTTPServerStoppedListening: newNamedChannelWrapper("HTTPServerStoppedListening"), - HasBeenReady: newNamedChannelWrapper("HasBeenReady"), - MuxAndDiscoveryComplete: newNamedChannelWrapper("MuxAndDiscoveryComplete"), - } -} - -func newNamedChannelWrapper(name string) lifecycleSignal { - return &namedChannelWrapper{ - name: name, - once: sync.Once{}, - ch: make(chan struct{}), - } -} - -type namedChannelWrapper struct { - name string - once sync.Once - ch chan struct{} -} - -func (e *namedChannelWrapper) Signal() { - e.once.Do(func() { - close(e.ch) - }) -} - -func (e *namedChannelWrapper) Signaled() <-chan struct{} { - return e.ch -} - -func (e *namedChannelWrapper) Name() string { - return e.name -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/mux/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/server/mux/OWNERS deleted file mode 100644 index 87c80edbbb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/mux/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - sttts diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/mux/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/mux/doc.go deleted file mode 100644 index 178aa9fe6c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/mux/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package mux contains abstractions for http multiplexing of APIs. -package mux // import "k8s.io/apiserver/pkg/server/mux" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/mux/pathrecorder.go b/etcd/vendor/k8s.io/apiserver/pkg/server/mux/pathrecorder.go deleted file mode 100644 index beb7a8d807..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/mux/pathrecorder.go +++ /dev/null @@ -1,279 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mux - -import ( - "fmt" - "net/http" - "runtime/debug" - "sort" - "strings" - "sync" - "sync/atomic" - - "k8s.io/klog/v2" - - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" -) - -// PathRecorderMux wraps a mux object and records the registered exposedPaths. -type PathRecorderMux struct { - // name is used for logging so you can trace requests through - name string - - lock sync.Mutex - notFoundHandler http.Handler - pathToHandler map[string]http.Handler - prefixToHandler map[string]http.Handler - - // mux stores a pathHandler and is used to handle the actual serving. - // Turns out, we want to accept trailing slashes, BUT we don't care about handling - // everything under them. This does exactly matches only unless its explicitly requested to - // do something different - mux atomic.Value - - // exposedPaths is the list of paths that should be shown at / - exposedPaths []string - - // pathStacks holds the stacks of all registered paths. This allows us to show a more helpful message - // before the "http: multiple registrations for %s" panic. - pathStacks map[string]string -} - -// pathHandler is an http.Handler that will satisfy requests first by exact match, then by prefix, -// then by notFoundHandler -type pathHandler struct { - // muxName is used for logging so you can trace requests through - muxName string - - // pathToHandler is a map of exactly matching request to its handler - pathToHandler map[string]http.Handler - - // this has to be sorted by most slashes then by length - prefixHandlers []prefixHandler - - // notFoundHandler is the handler to use for satisfying requests with no other match - notFoundHandler http.Handler -} - -// prefixHandler holds the prefix it should match and the handler to use -type prefixHandler struct { - // prefix is the prefix to test for a request match - prefix string - // handler is used to satisfy matching requests - handler http.Handler -} - -// NewPathRecorderMux creates a new PathRecorderMux -func NewPathRecorderMux(name string) *PathRecorderMux { - ret := &PathRecorderMux{ - name: name, - pathToHandler: map[string]http.Handler{}, - prefixToHandler: map[string]http.Handler{}, - mux: atomic.Value{}, - exposedPaths: []string{}, - pathStacks: map[string]string{}, - } - - ret.mux.Store(&pathHandler{notFoundHandler: http.NotFoundHandler()}) - return ret -} - -// ListedPaths returns the registered handler exposedPaths. -func (m *PathRecorderMux) ListedPaths() []string { - handledPaths := append([]string{}, m.exposedPaths...) - sort.Strings(handledPaths) - - return handledPaths -} - -func (m *PathRecorderMux) trackCallers(path string) { - stack := string(debug.Stack()) - if existingStack, ok := m.pathStacks[path]; ok { - utilruntime.HandleError(fmt.Errorf("duplicate path registration of %q: original registration from %v\n\nnew registration from %v", path, existingStack, stack)) - } - m.pathStacks[path] = stack -} - -// refreshMuxLocked creates a new mux and must be called while locked. Otherwise the view of handlers may -// not be consistent -func (m *PathRecorderMux) refreshMuxLocked() { - newMux := &pathHandler{ - muxName: m.name, - pathToHandler: map[string]http.Handler{}, - prefixHandlers: []prefixHandler{}, - notFoundHandler: http.NotFoundHandler(), - } - if m.notFoundHandler != nil { - newMux.notFoundHandler = m.notFoundHandler - } - for path, handler := range m.pathToHandler { - newMux.pathToHandler[path] = handler - } - - keys := sets.StringKeySet(m.prefixToHandler).List() - sort.Sort(sort.Reverse(byPrefixPriority(keys))) - for _, prefix := range keys { - newMux.prefixHandlers = append(newMux.prefixHandlers, prefixHandler{ - prefix: prefix, - handler: m.prefixToHandler[prefix], - }) - } - - m.mux.Store(newMux) -} - -// NotFoundHandler sets the handler to use if there's no match for a give path -func (m *PathRecorderMux) NotFoundHandler(notFoundHandler http.Handler) { - m.lock.Lock() - defer m.lock.Unlock() - - m.notFoundHandler = notFoundHandler - - m.refreshMuxLocked() -} - -// Unregister removes a path from the mux. -func (m *PathRecorderMux) Unregister(path string) { - m.lock.Lock() - defer m.lock.Unlock() - - delete(m.pathToHandler, path) - delete(m.prefixToHandler, path) - delete(m.pathStacks, path) - for i := range m.exposedPaths { - if m.exposedPaths[i] == path { - m.exposedPaths = append(m.exposedPaths[:i], m.exposedPaths[i+1:]...) - break - } - } - - m.refreshMuxLocked() -} - -// Handle registers the handler for the given pattern. -// If a handler already exists for pattern, Handle panics. -func (m *PathRecorderMux) Handle(path string, handler http.Handler) { - m.lock.Lock() - defer m.lock.Unlock() - m.trackCallers(path) - - m.exposedPaths = append(m.exposedPaths, path) - m.pathToHandler[path] = handler - m.refreshMuxLocked() -} - -// HandleFunc registers the handler function for the given pattern. -// If a handler already exists for pattern, Handle panics. -func (m *PathRecorderMux) HandleFunc(path string, handler func(http.ResponseWriter, *http.Request)) { - m.Handle(path, http.HandlerFunc(handler)) -} - -// UnlistedHandle registers the handler for the given pattern, but doesn't list it. -// If a handler already exists for pattern, Handle panics. -func (m *PathRecorderMux) UnlistedHandle(path string, handler http.Handler) { - m.lock.Lock() - defer m.lock.Unlock() - m.trackCallers(path) - - m.pathToHandler[path] = handler - m.refreshMuxLocked() -} - -// UnlistedHandleFunc registers the handler function for the given pattern, but doesn't list it. -// If a handler already exists for pattern, Handle panics. -func (m *PathRecorderMux) UnlistedHandleFunc(path string, handler func(http.ResponseWriter, *http.Request)) { - m.UnlistedHandle(path, http.HandlerFunc(handler)) -} - -// HandlePrefix is like Handle, but matches for anything under the path. Like a standard golang trailing slash. -func (m *PathRecorderMux) HandlePrefix(path string, handler http.Handler) { - if !strings.HasSuffix(path, "/") { - panic(fmt.Sprintf("%q must end in a trailing slash", path)) - } - - m.lock.Lock() - defer m.lock.Unlock() - m.trackCallers(path) - - m.exposedPaths = append(m.exposedPaths, path) - m.prefixToHandler[path] = handler - m.refreshMuxLocked() -} - -// UnlistedHandlePrefix is like UnlistedHandle, but matches for anything under the path. Like a standard golang trailing slash. -func (m *PathRecorderMux) UnlistedHandlePrefix(path string, handler http.Handler) { - if !strings.HasSuffix(path, "/") { - panic(fmt.Sprintf("%q must end in a trailing slash", path)) - } - - m.lock.Lock() - defer m.lock.Unlock() - m.trackCallers(path) - - m.prefixToHandler[path] = handler - m.refreshMuxLocked() -} - -// ServeHTTP makes it an http.Handler -func (m *PathRecorderMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { - m.mux.Load().(*pathHandler).ServeHTTP(w, r) -} - -// ServeHTTP makes it an http.Handler -func (h *pathHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if exactHandler, ok := h.pathToHandler[r.URL.Path]; ok { - klog.V(5).Infof("%v: %q satisfied by exact match", h.muxName, r.URL.Path) - exactHandler.ServeHTTP(w, r) - return - } - - for _, prefixHandler := range h.prefixHandlers { - if strings.HasPrefix(r.URL.Path, prefixHandler.prefix) { - klog.V(5).Infof("%v: %q satisfied by prefix %v", h.muxName, r.URL.Path, prefixHandler.prefix) - prefixHandler.handler.ServeHTTP(w, r) - return - } - } - - klog.V(5).Infof("%v: %q satisfied by NotFoundHandler", h.muxName, r.URL.Path) - h.notFoundHandler.ServeHTTP(w, r) -} - -// byPrefixPriority sorts url prefixes by the order in which they should be tested by the mux -// this has to be sorted by most slashes then by length so that we can iterate straight -// through to match the "best" one first. -type byPrefixPriority []string - -func (s byPrefixPriority) Len() int { return len(s) } -func (s byPrefixPriority) Swap(i, j int) { s[i], s[j] = s[j], s[i] } -func (s byPrefixPriority) Less(i, j int) bool { - lhsNumParts := strings.Count(s[i], "/") - rhsNumParts := strings.Count(s[j], "/") - if lhsNumParts != rhsNumParts { - return lhsNumParts < rhsNumParts - } - - lhsLen := len(s[i]) - rhsLen := len(s[j]) - if lhsLen != rhsLen { - return lhsLen < rhsLen - } - - return strings.Compare(s[i], s[j]) < 0 -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/server/options/OWNERS deleted file mode 100644 index 4105e64af8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - smarterclayton - - wojtek-t - - deads2k - - liggitt - - sttts - - soltysh - - dims - - cjcullen - - ping035627 - - enj diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/admission.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/admission.go deleted file mode 100644 index 5ee0036de1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/admission.go +++ /dev/null @@ -1,241 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "strings" - - "github.com/spf13/pflag" - - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/initializer" - admissionmetrics "k8s.io/apiserver/pkg/admission/metrics" - "k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle" - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy" - mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating" - validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating" - apiserverapi "k8s.io/apiserver/pkg/apis/apiserver" - apiserverapiv1 "k8s.io/apiserver/pkg/apis/apiserver/v1" - apiserverapiv1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1" - "k8s.io/apiserver/pkg/server" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - "k8s.io/component-base/featuregate" -) - -var configScheme = runtime.NewScheme() - -func init() { - utilruntime.Must(apiserverapi.AddToScheme(configScheme)) - utilruntime.Must(apiserverapiv1alpha1.AddToScheme(configScheme)) - utilruntime.Must(apiserverapiv1.AddToScheme(configScheme)) -} - -// AdmissionOptions holds the admission options -type AdmissionOptions struct { - // RecommendedPluginOrder holds an ordered list of plugin names we recommend to use by default - RecommendedPluginOrder []string - // DefaultOffPlugins is a set of plugin names that is disabled by default - DefaultOffPlugins sets.String - - // EnablePlugins indicates plugins to be enabled passed through `--enable-admission-plugins`. - EnablePlugins []string - // DisablePlugins indicates plugins to be disabled passed through `--disable-admission-plugins`. - DisablePlugins []string - // ConfigFile is the file path with admission control configuration. - ConfigFile string - // Plugins contains all registered plugins. - Plugins *admission.Plugins - // Decorators is a list of admission decorator to wrap around the admission plugins - Decorators admission.Decorators -} - -// NewAdmissionOptions creates a new instance of AdmissionOptions -// Note: -// -// In addition it calls RegisterAllAdmissionPlugins to register -// all generic admission plugins. -// -// Provides the list of RecommendedPluginOrder that holds sane values -// that can be used by servers that don't care about admission chain. -// Servers that do care can overwrite/append that field after creation. -func NewAdmissionOptions() *AdmissionOptions { - options := &AdmissionOptions{ - Plugins: admission.NewPlugins(), - Decorators: admission.Decorators{admission.DecoratorFunc(admissionmetrics.WithControllerMetrics)}, - // This list is mix of mutating admission plugins and validating - // admission plugins. The apiserver always runs the validating ones - // after all the mutating ones, so their relative order in this list - // doesn't matter. - RecommendedPluginOrder: []string{lifecycle.PluginName, mutatingwebhook.PluginName, validatingadmissionpolicy.PluginName, validatingwebhook.PluginName}, - DefaultOffPlugins: sets.NewString(), - } - server.RegisterAllAdmissionPlugins(options.Plugins) - return options -} - -// AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet -func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { - if a == nil { - return - } - - fs.StringSliceVar(&a.EnablePlugins, "enable-admission-plugins", a.EnablePlugins, ""+ - "admission plugins that should be enabled in addition to default enabled ones ("+ - strings.Join(a.defaultEnabledPluginNames(), ", ")+"). "+ - "Comma-delimited list of admission plugins: "+strings.Join(a.Plugins.Registered(), ", ")+". "+ - "The order of plugins in this flag does not matter.") - fs.StringSliceVar(&a.DisablePlugins, "disable-admission-plugins", a.DisablePlugins, ""+ - "admission plugins that should be disabled although they are in the default enabled plugins list ("+ - strings.Join(a.defaultEnabledPluginNames(), ", ")+"). "+ - "Comma-delimited list of admission plugins: "+strings.Join(a.Plugins.Registered(), ", ")+". "+ - "The order of plugins in this flag does not matter.") - fs.StringVar(&a.ConfigFile, "admission-control-config-file", a.ConfigFile, - "File with admission control configuration.") -} - -// ApplyTo adds the admission chain to the server configuration. -// In case admission plugin names were not provided by a cluster-admin they will be prepared from the recommended/default values. -// In addition the method lazily initializes a generic plugin that is appended to the list of pluginInitializers -// note this method uses: -// -// genericconfig.Authorizer -func (a *AdmissionOptions) ApplyTo( - c *server.Config, - informers informers.SharedInformerFactory, - kubeAPIServerClientConfig *rest.Config, - features featuregate.FeatureGate, - pluginInitializers ...admission.PluginInitializer, -) error { - if a == nil { - return nil - } - - // Admission depends on CoreAPI to set SharedInformerFactory and ClientConfig. - if informers == nil { - return fmt.Errorf("admission depends on a Kubernetes core API shared informer, it cannot be nil") - } - - pluginNames := a.enabledPluginNames() - - pluginsConfigProvider, err := admission.ReadAdmissionConfiguration(pluginNames, a.ConfigFile, configScheme) - if err != nil { - return fmt.Errorf("failed to read plugin config: %v", err) - } - - clientset, err := kubernetes.NewForConfig(kubeAPIServerClientConfig) - if err != nil { - return err - } - dynamicClient, err := dynamic.NewForConfig(kubeAPIServerClientConfig) - if err != nil { - return err - } - genericInitializer := initializer.New(clientset, dynamicClient, informers, c.Authorization.Authorizer, features, c.DrainedNotify()) - initializersChain := admission.PluginInitializers{genericInitializer} - initializersChain = append(initializersChain, pluginInitializers...) - - admissionChain, err := a.Plugins.NewFromPlugins(pluginNames, pluginsConfigProvider, initializersChain, a.Decorators) - if err != nil { - return err - } - - c.AdmissionControl = admissionmetrics.WithStepMetrics(admissionChain) - return nil -} - -// Validate verifies flags passed to AdmissionOptions. -func (a *AdmissionOptions) Validate() []error { - if a == nil { - return nil - } - - errs := []error{} - - registeredPlugins := sets.NewString(a.Plugins.Registered()...) - for _, name := range a.EnablePlugins { - if !registeredPlugins.Has(name) { - errs = append(errs, fmt.Errorf("enable-admission-plugins plugin %q is unknown", name)) - } - } - - for _, name := range a.DisablePlugins { - if !registeredPlugins.Has(name) { - errs = append(errs, fmt.Errorf("disable-admission-plugins plugin %q is unknown", name)) - } - } - - enablePlugins := sets.NewString(a.EnablePlugins...) - disablePlugins := sets.NewString(a.DisablePlugins...) - if len(enablePlugins.Intersection(disablePlugins).List()) > 0 { - errs = append(errs, fmt.Errorf("%v in enable-admission-plugins and disable-admission-plugins "+ - "overlapped", enablePlugins.Intersection(disablePlugins).List())) - } - - // Verify RecommendedPluginOrder. - recommendPlugins := sets.NewString(a.RecommendedPluginOrder...) - intersections := registeredPlugins.Intersection(recommendPlugins) - if !intersections.Equal(recommendPlugins) { - // Developer error, this should never run in. - errs = append(errs, fmt.Errorf("plugins %v in RecommendedPluginOrder are not registered", - recommendPlugins.Difference(intersections).List())) - } - if !intersections.Equal(registeredPlugins) { - // Developer error, this should never run in. - errs = append(errs, fmt.Errorf("plugins %v registered are not in RecommendedPluginOrder", - registeredPlugins.Difference(intersections).List())) - } - - return errs -} - -// enabledPluginNames makes use of RecommendedPluginOrder, DefaultOffPlugins, -// EnablePlugins, DisablePlugins fields -// to prepare a list of ordered plugin names that are enabled. -func (a *AdmissionOptions) enabledPluginNames() []string { - allOffPlugins := append(a.DefaultOffPlugins.List(), a.DisablePlugins...) - disabledPlugins := sets.NewString(allOffPlugins...) - enabledPlugins := sets.NewString(a.EnablePlugins...) - disabledPlugins = disabledPlugins.Difference(enabledPlugins) - - orderedPlugins := []string{} - for _, plugin := range a.RecommendedPluginOrder { - if !disabledPlugins.Has(plugin) { - orderedPlugins = append(orderedPlugins, plugin) - } - } - - return orderedPlugins -} - -// Return names of plugins which are enabled by default -func (a *AdmissionOptions) defaultEnabledPluginNames() []string { - defaultOnPluginNames := []string{} - for _, pluginName := range a.RecommendedPluginOrder { - if !a.DefaultOffPlugins.Has(pluginName) { - defaultOnPluginNames = append(defaultOnPluginNames, pluginName) - } - } - - return defaultOnPluginNames -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/api_enablement.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/api_enablement.go deleted file mode 100644 index 13968b4e7d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/api_enablement.go +++ /dev/null @@ -1,115 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "strings" - - "github.com/spf13/pflag" - - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/resourceconfig" - serverstore "k8s.io/apiserver/pkg/server/storage" - cliflag "k8s.io/component-base/cli/flag" -) - -// APIEnablementOptions contains the options for which resources to turn on and off. -// Given small aggregated API servers, this option isn't required for "normal" API servers -type APIEnablementOptions struct { - RuntimeConfig cliflag.ConfigurationMap -} - -func NewAPIEnablementOptions() *APIEnablementOptions { - return &APIEnablementOptions{ - RuntimeConfig: make(cliflag.ConfigurationMap), - } -} - -// AddFlags adds flags for a specific APIServer to the specified FlagSet -func (s *APIEnablementOptions) AddFlags(fs *pflag.FlagSet) { - fs.Var(&s.RuntimeConfig, "runtime-config", ""+ - "A set of key=value pairs that enable or disable built-in APIs. Supported options are:\n"+ - "v1=true|false for the core API group\n"+ - "<group>/<version>=true|false for a specific API group and version (e.g. apps/v1=true)\n"+ - "api/all=true|false controls all API versions\n"+ - "api/ga=true|false controls all API versions of the form v[0-9]+\n"+ - "api/beta=true|false controls all API versions of the form v[0-9]+beta[0-9]+\n"+ - "api/alpha=true|false controls all API versions of the form v[0-9]+alpha[0-9]+\n"+ - "api/legacy is deprecated, and will be removed in a future version") -} - -// Validate validates RuntimeConfig with a list of registries. -// Usually this list only has one element, the apiserver registry of the process. -// But in the advanced (and usually not recommended) case of delegated apiservers there can be more. -// Validate will filter out the known groups of each registry. -// If anything is left over after that, an error is returned. -func (s *APIEnablementOptions) Validate(registries ...GroupRegistry) []error { - if s == nil { - return nil - } - - errors := []error{} - if s.RuntimeConfig[resourceconfig.APIAll] == "false" && len(s.RuntimeConfig) == 1 { - // Do not allow only set api/all=false, in such case apiserver startup has no meaning. - return append(errors, fmt.Errorf("invalid key with only %v=false", resourceconfig.APIAll)) - } - - groups, err := resourceconfig.ParseGroups(s.RuntimeConfig) - if err != nil { - return append(errors, err) - } - - for _, registry := range registries { - // filter out known groups - groups = unknownGroups(groups, registry) - } - if len(groups) != 0 { - errors = append(errors, fmt.Errorf("unknown api groups %s", strings.Join(groups, ","))) - } - - return errors -} - -// ApplyTo override MergedResourceConfig with defaults and registry -func (s *APIEnablementOptions) ApplyTo(c *server.Config, defaultResourceConfig *serverstore.ResourceConfig, registry resourceconfig.GroupVersionRegistry) error { - - if s == nil { - return nil - } - - mergedResourceConfig, err := resourceconfig.MergeAPIResourceConfigs(defaultResourceConfig, s.RuntimeConfig, registry) - c.MergedResourceConfig = mergedResourceConfig - - return err -} - -func unknownGroups(groups []string, registry GroupRegistry) []string { - unknownGroups := []string{} - for _, group := range groups { - if !registry.IsGroupRegistered(group) { - unknownGroups = append(unknownGroups, group) - } - } - return unknownGroups -} - -// GroupRegistry provides a method to check whether given group is registered. -type GroupRegistry interface { - // IsRegistered returns true if given group is registered. - IsGroupRegistered(group string) bool -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/audit.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/audit.go deleted file mode 100644 index f3c9adba04..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/audit.go +++ /dev/null @@ -1,622 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "io" - "os" - "path/filepath" - "strings" - "time" - - "github.com/spf13/pflag" - "gopkg.in/natefinch/lumberjack.v2" - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/runtime/schema" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/sets" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/audit/policy" - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/egressselector" - "k8s.io/apiserver/pkg/util/webhook" - pluginbuffered "k8s.io/apiserver/plugin/pkg/audit/buffered" - pluginlog "k8s.io/apiserver/plugin/pkg/audit/log" - plugintruncate "k8s.io/apiserver/plugin/pkg/audit/truncate" - pluginwebhook "k8s.io/apiserver/plugin/pkg/audit/webhook" -) - -const ( - // Default configuration values for ModeBatch. - defaultBatchBufferSize = 10000 // Buffer up to 10000 events before starting discarding. - // These batch parameters are only used by the webhook backend. - defaultBatchMaxSize = 400 // Only send up to 400 events at a time. - defaultBatchMaxWait = 30 * time.Second // Send events at least twice a minute. - defaultBatchThrottleQPS = 10 // Limit the send rate by 10 QPS. - defaultBatchThrottleBurst = 15 // Allow up to 15 QPS burst. -) - -func appendBackend(existing, newBackend audit.Backend) audit.Backend { - if existing == nil { - return newBackend - } - if newBackend == nil { - return existing - } - return audit.Union(existing, newBackend) -} - -type AuditOptions struct { - // Policy configuration file for filtering audit events that are captured. - // If unspecified, a default is provided. - PolicyFile string - - // Plugin options - LogOptions AuditLogOptions - WebhookOptions AuditWebhookOptions -} - -const ( - // ModeBatch indicates that the audit backend should buffer audit events - // internally, sending batch updates either once a certain number of - // events have been received or a certain amount of time has passed. - ModeBatch = "batch" - // ModeBlocking causes the audit backend to block on every attempt to process - // a set of events. This causes requests to the API server to wait for the - // flush before sending a response. - ModeBlocking = "blocking" - // ModeBlockingStrict is the same as ModeBlocking, except when there is - // a failure during audit logging at RequestReceived stage, the whole - // request to apiserver will fail. - ModeBlockingStrict = "blocking-strict" -) - -// AllowedModes is the modes known for audit backends. -var AllowedModes = []string{ - ModeBatch, - ModeBlocking, - ModeBlockingStrict, -} - -type AuditBatchOptions struct { - // Should the backend asynchronous batch events to the webhook backend or - // should the backend block responses? - // - // Defaults to asynchronous batch events. - Mode string - // Configuration for batching backend. Only used in batch mode. - BatchConfig pluginbuffered.BatchConfig -} - -type AuditTruncateOptions struct { - // Whether truncating is enabled or not. - Enabled bool - - // Truncating configuration. - TruncateConfig plugintruncate.Config -} - -// AuditLogOptions determines the output of the structured audit log by default. -type AuditLogOptions struct { - Path string - MaxAge int - MaxBackups int - MaxSize int - Format string - Compress bool - - BatchOptions AuditBatchOptions - TruncateOptions AuditTruncateOptions - - // API group version used for serializing audit events. - GroupVersionString string -} - -// AuditWebhookOptions control the webhook configuration for audit events. -type AuditWebhookOptions struct { - ConfigFile string - InitialBackoff time.Duration - - BatchOptions AuditBatchOptions - TruncateOptions AuditTruncateOptions - - // API group version used for serializing audit events. - GroupVersionString string -} - -// AuditDynamicOptions control the configuration of dynamic backends for audit events -type AuditDynamicOptions struct { - // Enabled tells whether the dynamic audit capability is enabled. - Enabled bool - - // Configuration for batching backend. This is currently only used as an override - // for integration tests - BatchConfig *pluginbuffered.BatchConfig -} - -func NewAuditOptions() *AuditOptions { - return &AuditOptions{ - WebhookOptions: AuditWebhookOptions{ - InitialBackoff: pluginwebhook.DefaultInitialBackoffDelay, - BatchOptions: AuditBatchOptions{ - Mode: ModeBatch, - BatchConfig: defaultWebhookBatchConfig(), - }, - TruncateOptions: NewAuditTruncateOptions(), - GroupVersionString: "audit.k8s.io/v1", - }, - LogOptions: AuditLogOptions{ - Format: pluginlog.FormatJson, - BatchOptions: AuditBatchOptions{ - Mode: ModeBlocking, - BatchConfig: defaultLogBatchConfig(), - }, - TruncateOptions: NewAuditTruncateOptions(), - GroupVersionString: "audit.k8s.io/v1", - }, - } -} - -func NewAuditTruncateOptions() AuditTruncateOptions { - return AuditTruncateOptions{ - Enabled: false, - TruncateConfig: plugintruncate.Config{ - MaxBatchSize: 10 * 1024 * 1024, // 10MB - MaxEventSize: 100 * 1024, // 100KB - }, - } -} - -// Validate checks invalid config combination -func (o *AuditOptions) Validate() []error { - if o == nil { - return nil - } - - var allErrors []error - allErrors = append(allErrors, o.LogOptions.Validate()...) - allErrors = append(allErrors, o.WebhookOptions.Validate()...) - - return allErrors -} - -func validateBackendMode(pluginName string, mode string) error { - for _, m := range AllowedModes { - if m == mode { - return nil - } - } - return fmt.Errorf("invalid audit %s mode %s, allowed modes are %q", pluginName, mode, strings.Join(AllowedModes, ",")) -} - -func validateBackendBatchOptions(pluginName string, options AuditBatchOptions) error { - if err := validateBackendMode(pluginName, options.Mode); err != nil { - return err - } - if options.Mode != ModeBatch { - // Don't validate the unused options. - return nil - } - config := options.BatchConfig - if config.BufferSize <= 0 { - return fmt.Errorf("invalid audit batch %s buffer size %v, must be a positive number", pluginName, config.BufferSize) - } - if config.MaxBatchSize <= 0 { - return fmt.Errorf("invalid audit batch %s max batch size %v, must be a positive number", pluginName, config.MaxBatchSize) - } - if config.ThrottleEnable { - if config.ThrottleQPS <= 0 { - return fmt.Errorf("invalid audit batch %s throttle QPS %v, must be a positive number", pluginName, config.ThrottleQPS) - } - if config.ThrottleBurst <= 0 { - return fmt.Errorf("invalid audit batch %s throttle burst %v, must be a positive number", pluginName, config.ThrottleBurst) - } - } - return nil -} - -var knownGroupVersions = []schema.GroupVersion{ - auditv1.SchemeGroupVersion, -} - -func validateGroupVersionString(groupVersion string) error { - gv, err := schema.ParseGroupVersion(groupVersion) - if err != nil { - return err - } - if !knownGroupVersion(gv) { - return fmt.Errorf("invalid group version, allowed versions are %q", knownGroupVersions) - } - if gv != auditv1.SchemeGroupVersion { - klog.Warningf("%q is deprecated and will be removed in a future release, use %q instead", gv, auditv1.SchemeGroupVersion) - } - return nil -} - -func knownGroupVersion(gv schema.GroupVersion) bool { - for _, knownGv := range knownGroupVersions { - if gv == knownGv { - return true - } - } - return false -} - -func (o *AuditOptions) AddFlags(fs *pflag.FlagSet) { - if o == nil { - return - } - - fs.StringVar(&o.PolicyFile, "audit-policy-file", o.PolicyFile, - "Path to the file that defines the audit policy configuration.") - - o.LogOptions.AddFlags(fs) - o.LogOptions.BatchOptions.AddFlags(pluginlog.PluginName, fs) - o.LogOptions.TruncateOptions.AddFlags(pluginlog.PluginName, fs) - o.WebhookOptions.AddFlags(fs) - o.WebhookOptions.BatchOptions.AddFlags(pluginwebhook.PluginName, fs) - o.WebhookOptions.TruncateOptions.AddFlags(pluginwebhook.PluginName, fs) -} - -func (o *AuditOptions) ApplyTo( - c *server.Config, -) error { - if o == nil { - return nil - } - if c == nil { - return fmt.Errorf("server config must be non-nil") - } - - // 1. Build policy evaluator - evaluator, err := o.newPolicyRuleEvaluator() - if err != nil { - return err - } - - // 2. Build log backend - var logBackend audit.Backend - w, err := o.LogOptions.getWriter() - if err != nil { - return err - } - if w != nil { - if evaluator == nil { - klog.V(2).Info("No audit policy file provided, no events will be recorded for log backend") - } else { - logBackend = o.LogOptions.newBackend(w) - } - } - - // 3. Build webhook backend - var webhookBackend audit.Backend - if o.WebhookOptions.enabled() { - if evaluator == nil { - klog.V(2).Info("No audit policy file provided, no events will be recorded for webhook backend") - } else { - if c.EgressSelector != nil { - var egressDialer utilnet.DialFunc - egressDialer, err = c.EgressSelector.Lookup(egressselector.ControlPlane.AsNetworkContext()) - if err != nil { - return err - } - webhookBackend, err = o.WebhookOptions.newUntruncatedBackend(egressDialer) - } else { - webhookBackend, err = o.WebhookOptions.newUntruncatedBackend(nil) - } - if err != nil { - return err - } - } - } - - groupVersion, err := schema.ParseGroupVersion(o.WebhookOptions.GroupVersionString) - if err != nil { - return err - } - - // 4. Apply dynamic options. - var dynamicBackend audit.Backend - if webhookBackend != nil { - // if only webhook is enabled wrap it in the truncate options - dynamicBackend = o.WebhookOptions.TruncateOptions.wrapBackend(webhookBackend, groupVersion) - } - - // 5. Set the policy rule evaluator - c.AuditPolicyRuleEvaluator = evaluator - - // 6. Join the log backend with the webhooks - c.AuditBackend = appendBackend(logBackend, dynamicBackend) - - if c.AuditBackend != nil { - klog.V(2).Infof("Using audit backend: %s", c.AuditBackend) - } - return nil -} - -func (o *AuditOptions) newPolicyRuleEvaluator() (audit.PolicyRuleEvaluator, error) { - if o.PolicyFile == "" { - return nil, nil - } - - p, err := policy.LoadPolicyFromFile(o.PolicyFile) - if err != nil { - return nil, fmt.Errorf("loading audit policy file: %v", err) - } - return policy.NewPolicyRuleEvaluator(p), nil -} - -func (o *AuditBatchOptions) AddFlags(pluginName string, fs *pflag.FlagSet) { - fs.StringVar(&o.Mode, fmt.Sprintf("audit-%s-mode", pluginName), o.Mode, - "Strategy for sending audit events. Blocking indicates sending events should block"+ - " server responses. Batch causes the backend to buffer and write events"+ - " asynchronously. Known modes are "+strings.Join(AllowedModes, ",")+".") - fs.IntVar(&o.BatchConfig.BufferSize, fmt.Sprintf("audit-%s-batch-buffer-size", pluginName), - o.BatchConfig.BufferSize, "The size of the buffer to store events before "+ - "batching and writing. Only used in batch mode.") - fs.IntVar(&o.BatchConfig.MaxBatchSize, fmt.Sprintf("audit-%s-batch-max-size", pluginName), - o.BatchConfig.MaxBatchSize, "The maximum size of a batch. Only used in batch mode.") - fs.DurationVar(&o.BatchConfig.MaxBatchWait, fmt.Sprintf("audit-%s-batch-max-wait", pluginName), - o.BatchConfig.MaxBatchWait, "The amount of time to wait before force writing the "+ - "batch that hadn't reached the max size. Only used in batch mode.") - fs.BoolVar(&o.BatchConfig.ThrottleEnable, fmt.Sprintf("audit-%s-batch-throttle-enable", pluginName), - o.BatchConfig.ThrottleEnable, "Whether batching throttling is enabled. Only used in batch mode.") - fs.Float32Var(&o.BatchConfig.ThrottleQPS, fmt.Sprintf("audit-%s-batch-throttle-qps", pluginName), - o.BatchConfig.ThrottleQPS, "Maximum average number of batches per second. "+ - "Only used in batch mode.") - fs.IntVar(&o.BatchConfig.ThrottleBurst, fmt.Sprintf("audit-%s-batch-throttle-burst", pluginName), - o.BatchConfig.ThrottleBurst, "Maximum number of requests sent at the same "+ - "moment if ThrottleQPS was not utilized before. Only used in batch mode.") -} - -type ignoreErrorsBackend struct { - audit.Backend -} - -func (i *ignoreErrorsBackend) ProcessEvents(ev ...*auditinternal.Event) bool { - i.Backend.ProcessEvents(ev...) - return true -} - -func (i *ignoreErrorsBackend) String() string { - return fmt.Sprintf("ignoreErrors<%s>", i.Backend) -} - -func (o *AuditBatchOptions) wrapBackend(delegate audit.Backend) audit.Backend { - if o.Mode == ModeBlockingStrict { - return delegate - } - if o.Mode == ModeBlocking { - return &ignoreErrorsBackend{Backend: delegate} - } - return pluginbuffered.NewBackend(delegate, o.BatchConfig) -} - -func (o *AuditTruncateOptions) Validate(pluginName string) error { - config := o.TruncateConfig - if config.MaxEventSize <= 0 { - return fmt.Errorf("invalid audit truncate %s max event size %v, must be a positive number", pluginName, config.MaxEventSize) - } - if config.MaxBatchSize < config.MaxEventSize { - return fmt.Errorf("invalid audit truncate %s max batch size %v, must be greater than "+ - "max event size (%v)", pluginName, config.MaxBatchSize, config.MaxEventSize) - } - return nil -} - -func (o *AuditTruncateOptions) AddFlags(pluginName string, fs *pflag.FlagSet) { - fs.BoolVar(&o.Enabled, fmt.Sprintf("audit-%s-truncate-enabled", pluginName), - o.Enabled, "Whether event and batch truncating is enabled.") - fs.Int64Var(&o.TruncateConfig.MaxBatchSize, fmt.Sprintf("audit-%s-truncate-max-batch-size", pluginName), - o.TruncateConfig.MaxBatchSize, "Maximum size of the batch sent to the underlying backend. "+ - "Actual serialized size can be several hundreds of bytes greater. If a batch exceeds this limit, "+ - "it is split into several batches of smaller size.") - fs.Int64Var(&o.TruncateConfig.MaxEventSize, fmt.Sprintf("audit-%s-truncate-max-event-size", pluginName), - o.TruncateConfig.MaxEventSize, "Maximum size of the audit event sent to the underlying backend. "+ - "If the size of an event is greater than this number, first request and response are removed, and "+ - "if this doesn't reduce the size enough, event is discarded.") -} - -func (o *AuditTruncateOptions) wrapBackend(delegate audit.Backend, gv schema.GroupVersion) audit.Backend { - if !o.Enabled { - return delegate - } - return plugintruncate.NewBackend(delegate, o.TruncateConfig, gv) -} - -func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringVar(&o.Path, "audit-log-path", o.Path, - "If set, all requests coming to the apiserver will be logged to this file. '-' means standard out.") - fs.IntVar(&o.MaxAge, "audit-log-maxage", o.MaxAge, - "The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.") - fs.IntVar(&o.MaxBackups, "audit-log-maxbackup", o.MaxBackups, - "The maximum number of old audit log files to retain. Setting a value of 0 will mean there's no restriction on the number of files.") - fs.IntVar(&o.MaxSize, "audit-log-maxsize", o.MaxSize, - "The maximum size in megabytes of the audit log file before it gets rotated.") - fs.StringVar(&o.Format, "audit-log-format", o.Format, - "Format of saved audits. \"legacy\" indicates 1-line text format for each event."+ - " \"json\" indicates structured json format. Known formats are "+ - strings.Join(pluginlog.AllowedFormats, ",")+".") - fs.StringVar(&o.GroupVersionString, "audit-log-version", o.GroupVersionString, - "API group and version used for serializing audit events written to log.") - fs.BoolVar(&o.Compress, "audit-log-compress", o.Compress, "If set, the rotated log files will be compressed using gzip.") -} - -func (o *AuditLogOptions) Validate() []error { - // Check whether the log backend is enabled based on the options. - if !o.enabled() { - return nil - } - - var allErrors []error - - if err := validateBackendBatchOptions(pluginlog.PluginName, o.BatchOptions); err != nil { - allErrors = append(allErrors, err) - } - if err := o.TruncateOptions.Validate(pluginlog.PluginName); err != nil { - allErrors = append(allErrors, err) - } - - if err := validateGroupVersionString(o.GroupVersionString); err != nil { - allErrors = append(allErrors, err) - } - - // Check log format - if !sets.NewString(pluginlog.AllowedFormats...).Has(o.Format) { - allErrors = append(allErrors, fmt.Errorf("invalid audit log format %s, allowed formats are %q", o.Format, strings.Join(pluginlog.AllowedFormats, ","))) - } - - // Check validities of MaxAge, MaxBackups and MaxSize of log options, if file log backend is enabled. - if o.MaxAge < 0 { - allErrors = append(allErrors, fmt.Errorf("--audit-log-maxage %v can't be a negative number", o.MaxAge)) - } - if o.MaxBackups < 0 { - allErrors = append(allErrors, fmt.Errorf("--audit-log-maxbackup %v can't be a negative number", o.MaxBackups)) - } - if o.MaxSize < 0 { - allErrors = append(allErrors, fmt.Errorf("--audit-log-maxsize %v can't be a negative number", o.MaxSize)) - } - - return allErrors -} - -// Check whether the log backend is enabled based on the options. -func (o *AuditLogOptions) enabled() bool { - return o != nil && o.Path != "" -} - -func (o *AuditLogOptions) getWriter() (io.Writer, error) { - if !o.enabled() { - return nil, nil - } - - if o.Path == "-" { - return os.Stdout, nil - } - - if err := o.ensureLogFile(); err != nil { - return nil, fmt.Errorf("ensureLogFile: %w", err) - } - - return &lumberjack.Logger{ - Filename: o.Path, - MaxAge: o.MaxAge, - MaxBackups: o.MaxBackups, - MaxSize: o.MaxSize, - Compress: o.Compress, - }, nil -} - -func (o *AuditLogOptions) ensureLogFile() error { - if err := os.MkdirAll(filepath.Dir(o.Path), 0700); err != nil { - return err - } - mode := os.FileMode(0600) - f, err := os.OpenFile(o.Path, os.O_CREATE|os.O_APPEND|os.O_RDWR, mode) - if err != nil { - return err - } - return f.Close() -} - -func (o *AuditLogOptions) newBackend(w io.Writer) audit.Backend { - groupVersion, _ := schema.ParseGroupVersion(o.GroupVersionString) - log := pluginlog.NewBackend(w, o.Format, groupVersion) - log = o.BatchOptions.wrapBackend(log) - log = o.TruncateOptions.wrapBackend(log, groupVersion) - return log -} - -func (o *AuditWebhookOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringVar(&o.ConfigFile, "audit-webhook-config-file", o.ConfigFile, - "Path to a kubeconfig formatted file that defines the audit webhook configuration.") - fs.DurationVar(&o.InitialBackoff, "audit-webhook-initial-backoff", - o.InitialBackoff, "The amount of time to wait before retrying the first failed request.") - fs.DurationVar(&o.InitialBackoff, "audit-webhook-batch-initial-backoff", - o.InitialBackoff, "The amount of time to wait before retrying the first failed request.") - fs.MarkDeprecated("audit-webhook-batch-initial-backoff", - "Deprecated, use --audit-webhook-initial-backoff instead.") - fs.StringVar(&o.GroupVersionString, "audit-webhook-version", o.GroupVersionString, - "API group and version used for serializing audit events written to webhook.") -} - -func (o *AuditWebhookOptions) Validate() []error { - if !o.enabled() { - return nil - } - - var allErrors []error - if err := validateBackendBatchOptions(pluginwebhook.PluginName, o.BatchOptions); err != nil { - allErrors = append(allErrors, err) - } - if err := o.TruncateOptions.Validate(pluginwebhook.PluginName); err != nil { - allErrors = append(allErrors, err) - } - - if err := validateGroupVersionString(o.GroupVersionString); err != nil { - allErrors = append(allErrors, err) - } - return allErrors -} - -func (o *AuditWebhookOptions) enabled() bool { - return o != nil && o.ConfigFile != "" -} - -// newUntruncatedBackend returns a webhook backend without the truncate options applied -// this is done so that the same trucate backend can wrap both the webhook and dynamic backends -func (o *AuditWebhookOptions) newUntruncatedBackend(customDial utilnet.DialFunc) (audit.Backend, error) { - groupVersion, _ := schema.ParseGroupVersion(o.GroupVersionString) - webhook, err := pluginwebhook.NewBackend(o.ConfigFile, groupVersion, webhook.DefaultRetryBackoffWithInitialDelay(o.InitialBackoff), customDial) - if err != nil { - return nil, fmt.Errorf("initializing audit webhook: %v", err) - } - webhook = o.BatchOptions.wrapBackend(webhook) - return webhook, nil -} - -// defaultWebhookBatchConfig returns the default BatchConfig used by the Webhook backend. -func defaultWebhookBatchConfig() pluginbuffered.BatchConfig { - return pluginbuffered.BatchConfig{ - BufferSize: defaultBatchBufferSize, - MaxBatchSize: defaultBatchMaxSize, - MaxBatchWait: defaultBatchMaxWait, - - ThrottleEnable: true, - ThrottleQPS: defaultBatchThrottleQPS, - ThrottleBurst: defaultBatchThrottleBurst, - - AsyncDelegate: true, - } -} - -// defaultLogBatchConfig returns the default BatchConfig used by the Log backend. -func defaultLogBatchConfig() pluginbuffered.BatchConfig { - return pluginbuffered.BatchConfig{ - BufferSize: defaultBatchBufferSize, - // Batching is not useful for the log-file backend. - // MaxBatchWait ignored. - MaxBatchSize: 1, - ThrottleEnable: false, - // Asynchronous log threads just create lock contention. - AsyncDelegate: false, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/authentication.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/authentication.go deleted file mode 100644 index 296d8530e0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/authentication.go +++ /dev/null @@ -1,447 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "context" - "fmt" - "strings" - "time" - - "github.com/spf13/pflag" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/authenticatorfactory" - "k8s.io/apiserver/pkg/authentication/request/headerrequest" - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/client-go/transport" - "k8s.io/klog/v2" - openapicommon "k8s.io/kube-openapi/pkg/common" -) - -// DefaultAuthWebhookRetryBackoff is the default backoff parameters for -// both authentication and authorization webhook used by the apiserver. -func DefaultAuthWebhookRetryBackoff() *wait.Backoff { - return &wait.Backoff{ - Duration: 500 * time.Millisecond, - Factor: 1.5, - Jitter: 0.2, - Steps: 5, - } -} - -type RequestHeaderAuthenticationOptions struct { - // ClientCAFile is the root certificate bundle to verify client certificates on incoming requests - // before trusting usernames in headers. - ClientCAFile string - - UsernameHeaders []string - GroupHeaders []string - ExtraHeaderPrefixes []string - AllowedNames []string -} - -func (s *RequestHeaderAuthenticationOptions) Validate() []error { - allErrors := []error{} - - if err := checkForWhiteSpaceOnly("requestheader-username-headers", s.UsernameHeaders...); err != nil { - allErrors = append(allErrors, err) - } - if err := checkForWhiteSpaceOnly("requestheader-group-headers", s.GroupHeaders...); err != nil { - allErrors = append(allErrors, err) - } - if err := checkForWhiteSpaceOnly("requestheader-extra-headers-prefix", s.ExtraHeaderPrefixes...); err != nil { - allErrors = append(allErrors, err) - } - if err := checkForWhiteSpaceOnly("requestheader-allowed-names", s.AllowedNames...); err != nil { - allErrors = append(allErrors, err) - } - - return allErrors -} - -func checkForWhiteSpaceOnly(flag string, headerNames ...string) error { - for _, headerName := range headerNames { - if len(strings.TrimSpace(headerName)) == 0 { - return fmt.Errorf("empty value in %q", flag) - } - } - - return nil -} - -func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet) { - if s == nil { - return - } - - fs.StringSliceVar(&s.UsernameHeaders, "requestheader-username-headers", s.UsernameHeaders, ""+ - "List of request headers to inspect for usernames. X-Remote-User is common.") - - fs.StringSliceVar(&s.GroupHeaders, "requestheader-group-headers", s.GroupHeaders, ""+ - "List of request headers to inspect for groups. X-Remote-Group is suggested.") - - fs.StringSliceVar(&s.ExtraHeaderPrefixes, "requestheader-extra-headers-prefix", s.ExtraHeaderPrefixes, ""+ - "List of request header prefixes to inspect. X-Remote-Extra- is suggested.") - - fs.StringVar(&s.ClientCAFile, "requestheader-client-ca-file", s.ClientCAFile, ""+ - "Root certificate bundle to use to verify client certificates on incoming requests "+ - "before trusting usernames in headers specified by --requestheader-username-headers. "+ - "WARNING: generally do not depend on authorization being already done for incoming requests.") - - fs.StringSliceVar(&s.AllowedNames, "requestheader-allowed-names", s.AllowedNames, ""+ - "List of client certificate common names to allow to provide usernames in headers "+ - "specified by --requestheader-username-headers. If empty, any client certificate validated "+ - "by the authorities in --requestheader-client-ca-file is allowed.") -} - -// ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options -// if necessary, nil otherwise. -func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() (*authenticatorfactory.RequestHeaderConfig, error) { - if len(s.ClientCAFile) == 0 { - return nil, nil - } - - caBundleProvider, err := dynamiccertificates.NewDynamicCAContentFromFile("request-header", s.ClientCAFile) - if err != nil { - return nil, err - } - - return &authenticatorfactory.RequestHeaderConfig{ - UsernameHeaders: headerrequest.StaticStringSlice(s.UsernameHeaders), - GroupHeaders: headerrequest.StaticStringSlice(s.GroupHeaders), - ExtraHeaderPrefixes: headerrequest.StaticStringSlice(s.ExtraHeaderPrefixes), - CAContentProvider: caBundleProvider, - AllowedClientNames: headerrequest.StaticStringSlice(s.AllowedNames), - }, nil -} - -// ClientCertAuthenticationOptions provides different options for client cert auth. You should use `GetClientVerifyOptionFn` to -// get the verify options for your authenticator. -type ClientCertAuthenticationOptions struct { - // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates - ClientCA string - - // CAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. - // Generally this is the CA bundle file used to authenticate client certificates - // If non-nil, this takes priority over the ClientCA file. - CAContentProvider dynamiccertificates.CAContentProvider -} - -// GetClientVerifyOptionFn provides verify options for your authenticator while respecting the preferred order of verifiers. -func (s *ClientCertAuthenticationOptions) GetClientCAContentProvider() (dynamiccertificates.CAContentProvider, error) { - if s.CAContentProvider != nil { - return s.CAContentProvider, nil - } - - if len(s.ClientCA) == 0 { - return nil, nil - } - - return dynamiccertificates.NewDynamicCAContentFromFile("client-ca-bundle", s.ClientCA) -} - -func (s *ClientCertAuthenticationOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringVar(&s.ClientCA, "client-ca-file", s.ClientCA, ""+ - "If set, any request presenting a client certificate signed by one of "+ - "the authorities in the client-ca-file is authenticated with an identity "+ - "corresponding to the CommonName of the client certificate.") -} - -// DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to -// the root kube API server. The API federator will act as -// a front proxy and direction connections will be able to delegate to the core kube API server -type DelegatingAuthenticationOptions struct { - // RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the - // TokenAccessReview.authentication.k8s.io endpoint for checking tokens. - RemoteKubeConfigFile string - // RemoteKubeConfigFileOptional is specifying whether not specifying the kubeconfig or - // a missing in-cluster config will be fatal. - RemoteKubeConfigFileOptional bool - - // CacheTTL is the length of time that a token authentication answer will be cached. - CacheTTL time.Duration - - ClientCert ClientCertAuthenticationOptions - RequestHeader RequestHeaderAuthenticationOptions - - // SkipInClusterLookup indicates missing authentication configuration should not be retrieved from the cluster configmap - SkipInClusterLookup bool - - // TolerateInClusterLookupFailure indicates failures to look up authentication configuration from the cluster configmap should not be fatal. - // Setting this can result in an authenticator that will reject all requests. - TolerateInClusterLookupFailure bool - - // WebhookRetryBackoff specifies the backoff parameters for the authentication webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - WebhookRetryBackoff *wait.Backoff - - // TokenRequestTimeout specifies a time limit for requests made by the authorization webhook client. - // The default value is set to 10 seconds. - TokenRequestTimeout time.Duration - - // CustomRoundTripperFn allows for specifying a middleware function for custom HTTP behaviour for the authentication webhook client. - CustomRoundTripperFn transport.WrapperFunc - - // DisableAnonymous gives user an option to disable Anonymous authentication. - DisableAnonymous bool -} - -func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions { - return &DelegatingAuthenticationOptions{ - // very low for responsiveness, but high enough to handle storms - CacheTTL: 10 * time.Second, - ClientCert: ClientCertAuthenticationOptions{}, - RequestHeader: RequestHeaderAuthenticationOptions{ - UsernameHeaders: []string{"x-remote-user"}, - GroupHeaders: []string{"x-remote-group"}, - ExtraHeaderPrefixes: []string{"x-remote-extra-"}, - }, - WebhookRetryBackoff: DefaultAuthWebhookRetryBackoff(), - TokenRequestTimeout: 10 * time.Second, - } -} - -// WithCustomRetryBackoff sets the custom backoff parameters for the authentication webhook retry logic. -func (s *DelegatingAuthenticationOptions) WithCustomRetryBackoff(backoff wait.Backoff) { - s.WebhookRetryBackoff = &backoff -} - -// WithRequestTimeout sets the given timeout for requests made by the authentication webhook client. -func (s *DelegatingAuthenticationOptions) WithRequestTimeout(timeout time.Duration) { - s.TokenRequestTimeout = timeout -} - -// WithCustomRoundTripper allows for specifying a middleware function for custom HTTP behaviour for the authentication webhook client. -func (s *DelegatingAuthenticationOptions) WithCustomRoundTripper(rt transport.WrapperFunc) { - s.CustomRoundTripperFn = rt -} - -func (s *DelegatingAuthenticationOptions) Validate() []error { - if s == nil { - return nil - } - - allErrors := []error{} - allErrors = append(allErrors, s.RequestHeader.Validate()...) - - if s.WebhookRetryBackoff != nil && s.WebhookRetryBackoff.Steps <= 0 { - allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 1, but is: %d", s.WebhookRetryBackoff.Steps)) - } - - return allErrors -} - -func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet) { - if s == nil { - return - } - - var optionalKubeConfigSentence string - if s.RemoteKubeConfigFileOptional { - optionalKubeConfigSentence = " This is optional. If empty, all token requests are considered to be anonymous and no client CA is looked up in the cluster." - } - fs.StringVar(&s.RemoteKubeConfigFile, "authentication-kubeconfig", s.RemoteKubeConfigFile, ""+ - "kubeconfig file pointing at the 'core' kubernetes server with enough rights to create "+ - "tokenreviews.authentication.k8s.io."+optionalKubeConfigSentence) - - fs.DurationVar(&s.CacheTTL, "authentication-token-webhook-cache-ttl", s.CacheTTL, - "The duration to cache responses from the webhook token authenticator.") - - s.ClientCert.AddFlags(fs) - s.RequestHeader.AddFlags(fs) - - fs.BoolVar(&s.SkipInClusterLookup, "authentication-skip-lookup", s.SkipInClusterLookup, ""+ - "If false, the authentication-kubeconfig will be used to lookup missing authentication "+ - "configuration from the cluster.") - fs.BoolVar(&s.TolerateInClusterLookupFailure, "authentication-tolerate-lookup-failure", s.TolerateInClusterLookupFailure, ""+ - "If true, failures to look up missing authentication configuration from the cluster are not considered fatal. "+ - "Note that this can result in authentication that treats all requests as anonymous.") -} - -func (s *DelegatingAuthenticationOptions) ApplyTo(authenticationInfo *server.AuthenticationInfo, servingInfo *server.SecureServingInfo, openAPIConfig *openapicommon.Config) error { - if s == nil { - authenticationInfo.Authenticator = nil - return nil - } - - cfg := authenticatorfactory.DelegatingAuthenticatorConfig{ - Anonymous: !s.DisableAnonymous, - CacheTTL: s.CacheTTL, - WebhookRetryBackoff: s.WebhookRetryBackoff, - TokenAccessReviewTimeout: s.TokenRequestTimeout, - } - - client, err := s.getClient() - if err != nil { - return fmt.Errorf("failed to get delegated authentication kubeconfig: %v", err) - } - - // configure token review - if client != nil { - cfg.TokenAccessReviewClient = client.AuthenticationV1() - } - - // get the clientCA information - clientCASpecified := s.ClientCert != ClientCertAuthenticationOptions{} - var clientCAProvider dynamiccertificates.CAContentProvider - if clientCASpecified { - clientCAProvider, err = s.ClientCert.GetClientCAContentProvider() - if err != nil { - return fmt.Errorf("unable to load client CA provider: %v", err) - } - cfg.ClientCertificateCAContentProvider = clientCAProvider - if err = authenticationInfo.ApplyClientCert(cfg.ClientCertificateCAContentProvider, servingInfo); err != nil { - return fmt.Errorf("unable to assign client CA provider: %v", err) - } - - } else if !s.SkipInClusterLookup { - if client == nil { - klog.Warningf("No authentication-kubeconfig provided in order to lookup client-ca-file in configmap/%s in %s, so client certificate authentication won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) - } else { - clientCAProvider, err = dynamiccertificates.NewDynamicCAFromConfigMapController("client-ca", authenticationConfigMapNamespace, authenticationConfigMapName, "client-ca-file", client) - if err != nil { - return fmt.Errorf("unable to load configmap based client CA file: %v", err) - } - cfg.ClientCertificateCAContentProvider = clientCAProvider - if err = authenticationInfo.ApplyClientCert(cfg.ClientCertificateCAContentProvider, servingInfo); err != nil { - return fmt.Errorf("unable to assign configmap based client CA file: %v", err) - } - - } - } - - requestHeaderCAFileSpecified := len(s.RequestHeader.ClientCAFile) > 0 - var requestHeaderConfig *authenticatorfactory.RequestHeaderConfig - if requestHeaderCAFileSpecified { - requestHeaderConfig, err = s.RequestHeader.ToAuthenticationRequestHeaderConfig() - if err != nil { - return fmt.Errorf("unable to create request header authentication config: %v", err) - } - - } else if !s.SkipInClusterLookup { - if client == nil { - klog.Warningf("No authentication-kubeconfig provided in order to lookup requestheader-client-ca-file in configmap/%s in %s, so request-header client certificate authentication won't work.", authenticationConfigMapName, authenticationConfigMapNamespace) - } else { - requestHeaderConfig, err = s.createRequestHeaderConfig(client) - if err != nil { - if s.TolerateInClusterLookupFailure { - klog.Warningf("Error looking up in-cluster authentication configuration: %v", err) - klog.Warning("Continuing without authentication configuration. This may treat all requests as anonymous.") - klog.Warning("To require authentication configuration lookup to succeed, set --authentication-tolerate-lookup-failure=false") - } else { - return fmt.Errorf("unable to load configmap based request-header-client-ca-file: %v", err) - } - } - } - } - if requestHeaderConfig != nil { - cfg.RequestHeaderConfig = requestHeaderConfig - if err = authenticationInfo.ApplyClientCert(cfg.RequestHeaderConfig.CAContentProvider, servingInfo); err != nil { - return fmt.Errorf("unable to load request-header-client-ca-file: %v", err) - } - } - - // create authenticator - authenticator, securityDefinitions, err := cfg.New() - if err != nil { - return err - } - authenticationInfo.Authenticator = authenticator - if openAPIConfig != nil { - openAPIConfig.SecurityDefinitions = securityDefinitions - } - - return nil -} - -const ( - authenticationConfigMapNamespace = metav1.NamespaceSystem - // authenticationConfigMapName is the name of ConfigMap in the kube-system namespace holding the root certificate - // bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified - // by --requestheader-username-headers. This is created in the cluster by the kube-apiserver. - // "WARNING: generally do not depend on authorization being already done for incoming requests.") - authenticationConfigMapName = "extension-apiserver-authentication" -) - -func (s *DelegatingAuthenticationOptions) createRequestHeaderConfig(client kubernetes.Interface) (*authenticatorfactory.RequestHeaderConfig, error) { - dynamicRequestHeaderProvider, err := newDynamicRequestHeaderController(client) - if err != nil { - return nil, fmt.Errorf("unable to create request header authentication config: %v", err) - } - - // look up authentication configuration in the cluster and in case of an err defer to authentication-tolerate-lookup-failure flag - // We are passing the context to ProxyCerts.RunOnce as it needs to implement RunOnce(ctx) however the - // context is not used at all. So passing a empty context shouldn't be a problem - ctx := context.TODO() - if err := dynamicRequestHeaderProvider.RunOnce(ctx); err != nil { - return nil, err - } - - return &authenticatorfactory.RequestHeaderConfig{ - CAContentProvider: dynamicRequestHeaderProvider, - UsernameHeaders: headerrequest.StringSliceProvider(headerrequest.StringSliceProviderFunc(dynamicRequestHeaderProvider.UsernameHeaders)), - GroupHeaders: headerrequest.StringSliceProvider(headerrequest.StringSliceProviderFunc(dynamicRequestHeaderProvider.GroupHeaders)), - ExtraHeaderPrefixes: headerrequest.StringSliceProvider(headerrequest.StringSliceProviderFunc(dynamicRequestHeaderProvider.ExtraHeaderPrefixes)), - AllowedClientNames: headerrequest.StringSliceProvider(headerrequest.StringSliceProviderFunc(dynamicRequestHeaderProvider.AllowedClientNames)), - }, nil -} - -// getClient returns a Kubernetes clientset. If s.RemoteKubeConfigFileOptional is true, nil will be returned -// if no kubeconfig is specified by the user and the in-cluster config is not found. -func (s *DelegatingAuthenticationOptions) getClient() (kubernetes.Interface, error) { - var clientConfig *rest.Config - var err error - if len(s.RemoteKubeConfigFile) > 0 { - loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile} - loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) - - clientConfig, err = loader.ClientConfig() - } else { - // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will - // use this path. If it is optional, ignore errors. - clientConfig, err = rest.InClusterConfig() - if err != nil && s.RemoteKubeConfigFileOptional { - if err != rest.ErrNotInCluster { - klog.Warningf("failed to read in-cluster kubeconfig for delegated authentication: %v", err) - } - return nil, nil - } - } - if err != nil { - return nil, fmt.Errorf("failed to get delegated authentication kubeconfig: %v", err) - } - - // set high qps/burst limits since this will effectively limit API server responsiveness - clientConfig.QPS = 200 - clientConfig.Burst = 400 - // do not set a timeout on the http client, instead use context for cancellation - // if multiple timeouts were set, the request will pick the smaller timeout to be applied, leaving other useless. - // - // see https://github.com/golang/go/blob/a937729c2c2f6950a32bc5cd0f5b88700882f078/src/net/http/client.go#L364 - if s.CustomRoundTripperFn != nil { - clientConfig.Wrap(s.CustomRoundTripperFn) - } - - return kubernetes.NewForConfig(clientConfig) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/authentication_dynamic_request_header.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/authentication_dynamic_request_header.go deleted file mode 100644 index 0dac340218..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/authentication_dynamic_request_header.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/authentication/request/headerrequest" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - "k8s.io/client-go/kubernetes" -) - -var _ dynamiccertificates.ControllerRunner = &DynamicRequestHeaderController{} -var _ dynamiccertificates.CAContentProvider = &DynamicRequestHeaderController{} - -var _ headerrequest.RequestHeaderAuthRequestProvider = &DynamicRequestHeaderController{} - -// DynamicRequestHeaderController combines DynamicCAFromConfigMapController and RequestHeaderAuthRequestController -// into one controller for dynamically filling RequestHeaderConfig struct -type DynamicRequestHeaderController struct { - *dynamiccertificates.ConfigMapCAController - *headerrequest.RequestHeaderAuthRequestController -} - -// newDynamicRequestHeaderController creates a new controller that implements DynamicRequestHeaderController -func newDynamicRequestHeaderController(client kubernetes.Interface) (*DynamicRequestHeaderController, error) { - requestHeaderCAController, err := dynamiccertificates.NewDynamicCAFromConfigMapController( - "client-ca", - authenticationConfigMapNamespace, - authenticationConfigMapName, - "requestheader-client-ca-file", - client) - if err != nil { - return nil, fmt.Errorf("unable to create DynamicCAFromConfigMap controller: %v", err) - } - - requestHeaderAuthRequestController := headerrequest.NewRequestHeaderAuthRequestController( - authenticationConfigMapName, - authenticationConfigMapNamespace, - client, - "requestheader-username-headers", - "requestheader-group-headers", - "requestheader-extra-headers-prefix", - "requestheader-allowed-names", - ) - return &DynamicRequestHeaderController{ - ConfigMapCAController: requestHeaderCAController, - RequestHeaderAuthRequestController: requestHeaderAuthRequestController, - }, nil -} - -func (c *DynamicRequestHeaderController) RunOnce(ctx context.Context) error { - errs := []error{} - errs = append(errs, c.ConfigMapCAController.RunOnce(ctx)) - errs = append(errs, c.RequestHeaderAuthRequestController.RunOnce(ctx)) - return errors.NewAggregate(errs) -} - -func (c *DynamicRequestHeaderController) Run(ctx context.Context, workers int) { - go c.ConfigMapCAController.Run(ctx, workers) - go c.RequestHeaderAuthRequestController.Run(ctx, workers) - <-ctx.Done() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/authorization.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/authorization.go deleted file mode 100644 index 2420b89505..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/authorization.go +++ /dev/null @@ -1,253 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "time" - - "github.com/spf13/pflag" - - "github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/authorization/authorizerfactory" - "k8s.io/apiserver/pkg/authorization/path" - "k8s.io/apiserver/pkg/authorization/union" - "k8s.io/apiserver/pkg/server" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/client-go/transport" - "k8s.io/klog/v2" -) - -// DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to -// the root kube API server. -// WARNING: never assume that every authenticated incoming request already does authorization. -// -// The aggregator in the kube API server does this today, but this behaviour is not -// guaranteed in the future. -type DelegatingAuthorizationOptions struct { - // RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the - // SubjectAccessReview.authorization.k8s.io endpoint for checking tokens. - RemoteKubeConfigFile string - // RemoteKubeConfigFileOptional is specifying whether not specifying the kubeconfig or - // a missing in-cluster config will be fatal. - RemoteKubeConfigFileOptional bool - - // AllowCacheTTL is the length of time that a successful authorization response will be cached - AllowCacheTTL time.Duration - - // DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached. - // You generally want more responsive, "deny, try again" flows. - DenyCacheTTL time.Duration - - // AlwaysAllowPaths are HTTP paths which are excluded from authorization. They can be plain - // paths or end in * in which case prefix-match is applied. A leading / is optional. - AlwaysAllowPaths []string - - // AlwaysAllowGroups are groups which are allowed to take any actions. In kube, this is system:masters. - AlwaysAllowGroups []string - - // ClientTimeout specifies a time limit for requests made by SubjectAccessReviews client. - // The default value is set to 10 seconds. - ClientTimeout time.Duration - - // WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - WebhookRetryBackoff *wait.Backoff - - // CustomRoundTripperFn allows for specifying a middleware function for custom HTTP behaviour for the authorization webhook client. - CustomRoundTripperFn transport.WrapperFunc -} - -func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions { - return &DelegatingAuthorizationOptions{ - // very low for responsiveness, but high enough to handle storms - AllowCacheTTL: 10 * time.Second, - DenyCacheTTL: 10 * time.Second, - ClientTimeout: 10 * time.Second, - WebhookRetryBackoff: DefaultAuthWebhookRetryBackoff(), - // This allows the kubelet to always get health and readiness without causing an authorization check. - // This field can be cleared by callers if they don't want this behavior. - AlwaysAllowPaths: []string{"/healthz", "/readyz", "/livez"}, - // In an authorization call delegated to a kube-apiserver (the expected common-case), system:masters has full - // authority in a hard-coded authorizer. This means that our default can reasonably be to skip an authorization - // check for system:masters. - // This field can be cleared by callers if they don't want this behavior. - AlwaysAllowGroups: []string{"system:masters"}, - } -} - -// WithAlwaysAllowGroups appends the list of paths to AlwaysAllowGroups -func (s *DelegatingAuthorizationOptions) WithAlwaysAllowGroups(groups ...string) *DelegatingAuthorizationOptions { - s.AlwaysAllowGroups = append(s.AlwaysAllowGroups, groups...) - return s -} - -// WithAlwaysAllowPaths appends the list of paths to AlwaysAllowPaths -func (s *DelegatingAuthorizationOptions) WithAlwaysAllowPaths(paths ...string) *DelegatingAuthorizationOptions { - s.AlwaysAllowPaths = append(s.AlwaysAllowPaths, paths...) - return s -} - -// WithClientTimeout sets the given timeout for SAR client used by this authorizer -func (s *DelegatingAuthorizationOptions) WithClientTimeout(timeout time.Duration) { - s.ClientTimeout = timeout -} - -// WithCustomRetryBackoff sets the custom backoff parameters for the authorization webhook retry logic. -func (s *DelegatingAuthorizationOptions) WithCustomRetryBackoff(backoff wait.Backoff) { - s.WebhookRetryBackoff = &backoff -} - -// WithCustomRoundTripper allows for specifying a middleware function for custom HTTP behaviour for the authorization webhook client. -func (s *DelegatingAuthorizationOptions) WithCustomRoundTripper(rt transport.WrapperFunc) { - s.CustomRoundTripperFn = rt -} - -func (s *DelegatingAuthorizationOptions) Validate() []error { - if s == nil { - return nil - } - - allErrors := []error{} - if s.WebhookRetryBackoff != nil && s.WebhookRetryBackoff.Steps <= 0 { - allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 1, but is: %d", s.WebhookRetryBackoff.Steps)) - } - - return allErrors -} - -func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet) { - if s == nil { - return - } - - var optionalKubeConfigSentence string - if s.RemoteKubeConfigFileOptional { - optionalKubeConfigSentence = " This is optional. If empty, all requests not skipped by authorization are forbidden." - } - fs.StringVar(&s.RemoteKubeConfigFile, "authorization-kubeconfig", s.RemoteKubeConfigFile, - "kubeconfig file pointing at the 'core' kubernetes server with enough rights to create "+ - "subjectaccessreviews.authorization.k8s.io."+optionalKubeConfigSentence) - - fs.DurationVar(&s.AllowCacheTTL, "authorization-webhook-cache-authorized-ttl", - s.AllowCacheTTL, - "The duration to cache 'authorized' responses from the webhook authorizer.") - - fs.DurationVar(&s.DenyCacheTTL, - "authorization-webhook-cache-unauthorized-ttl", s.DenyCacheTTL, - "The duration to cache 'unauthorized' responses from the webhook authorizer.") - - fs.StringSliceVar(&s.AlwaysAllowPaths, "authorization-always-allow-paths", s.AlwaysAllowPaths, - "A list of HTTP paths to skip during authorization, i.e. these are authorized without "+ - "contacting the 'core' kubernetes server.") -} - -func (s *DelegatingAuthorizationOptions) ApplyTo(c *server.AuthorizationInfo) error { - if s == nil { - c.Authorizer = authorizerfactory.NewAlwaysAllowAuthorizer() - return nil - } - - client, err := s.getClient() - if err != nil { - return err - } - - c.Authorizer, err = s.toAuthorizer(client) - return err -} - -func (s *DelegatingAuthorizationOptions) toAuthorizer(client kubernetes.Interface) (authorizer.Authorizer, error) { - var authorizers []authorizer.Authorizer - - if len(s.AlwaysAllowGroups) > 0 { - authorizers = append(authorizers, authorizerfactory.NewPrivilegedGroups(s.AlwaysAllowGroups...)) - } - - // add an authorizer to always approver the openshift metrics scraper. - authorizers = append(authorizers, hardcodedauthorizer.NewHardCodedMetricsAuthorizer()) - - if len(s.AlwaysAllowPaths) > 0 { - a, err := path.NewAuthorizer(s.AlwaysAllowPaths) - if err != nil { - return nil, err - } - authorizers = append(authorizers, a) - } - - if client == nil { - klog.Warning("No authorization-kubeconfig provided, so SubjectAccessReview of authorization tokens won't work.") - } else { - cfg := authorizerfactory.DelegatingAuthorizerConfig{ - SubjectAccessReviewClient: client.AuthorizationV1(), - AllowCacheTTL: s.AllowCacheTTL, - DenyCacheTTL: s.DenyCacheTTL, - WebhookRetryBackoff: s.WebhookRetryBackoff, - } - delegatedAuthorizer, err := cfg.New() - if err != nil { - return nil, err - } - authorizers = append(authorizers, delegatedAuthorizer) - } - - return union.New(authorizers...), nil -} - -func (s *DelegatingAuthorizationOptions) getClient() (kubernetes.Interface, error) { - var clientConfig *rest.Config - var err error - if len(s.RemoteKubeConfigFile) > 0 { - loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: s.RemoteKubeConfigFile} - loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) - - clientConfig, err = loader.ClientConfig() - } else { - // without the remote kubeconfig file, try to use the in-cluster config. Most addon API servers will - // use this path. If it is optional, ignore errors. - clientConfig, err = rest.InClusterConfig() - if err != nil && s.RemoteKubeConfigFileOptional { - if err != rest.ErrNotInCluster { - klog.Warningf("failed to read in-cluster kubeconfig for delegated authorization: %v", err) - } - return nil, nil - } - } - if err != nil { - return nil, fmt.Errorf("failed to get delegated authorization kubeconfig: %v", err) - } - - // set high qps/burst limits since this will effectively limit API server responsiveness - clientConfig.QPS = 200 - clientConfig.Burst = 400 - clientConfig.Timeout = s.ClientTimeout - if s.CustomRoundTripperFn != nil { - clientConfig.Wrap(s.CustomRoundTripperFn) - } - - // make the client use protobuf - protoConfig := rest.CopyConfig(clientConfig) - protoConfig.AcceptContentTypes = "application/vnd.kubernetes.protobuf,application/json" - protoConfig.ContentType = "application/vnd.kubernetes.protobuf" - - return kubernetes.NewForConfig(protoConfig) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/coreapi.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/coreapi.go deleted file mode 100644 index 12a65517e1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/coreapi.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "time" - - "github.com/spf13/pflag" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/util/feature" - clientgoinformers "k8s.io/client-go/informers" - clientgoclientset "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - tracing "k8s.io/component-base/tracing" -) - -// CoreAPIOptions contains options to configure the connection to a core API Kubernetes apiserver. -type CoreAPIOptions struct { - // CoreAPIKubeconfigPath is a filename for a kubeconfig file to contact the core API server with. - // If it is not set, the in cluster config is used. - CoreAPIKubeconfigPath string -} - -func NewCoreAPIOptions() *CoreAPIOptions { - return &CoreAPIOptions{} -} - -func (o *CoreAPIOptions) AddFlags(fs *pflag.FlagSet) { - if o == nil { - return - } - - fs.StringVar(&o.CoreAPIKubeconfigPath, "kubeconfig", o.CoreAPIKubeconfigPath, - "kubeconfig file pointing at the 'core' kubernetes server.") -} - -func (o *CoreAPIOptions) ApplyTo(config *server.RecommendedConfig) error { - if o == nil { - return nil - } - - // create shared informer for Kubernetes APIs - var kubeconfig *rest.Config - var err error - if len(o.CoreAPIKubeconfigPath) > 0 { - loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: o.CoreAPIKubeconfigPath} - loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) - kubeconfig, err = loader.ClientConfig() - if err != nil { - return fmt.Errorf("failed to load kubeconfig at %q: %v", o.CoreAPIKubeconfigPath, err) - } - } else { - kubeconfig, err = rest.InClusterConfig() - if err != nil { - return err - } - } - if feature.DefaultFeatureGate.Enabled(features.APIServerTracing) { - kubeconfig.Wrap(tracing.WrapperFor(config.TracerProvider)) - } - clientgoExternalClient, err := clientgoclientset.NewForConfig(kubeconfig) - if err != nil { - return fmt.Errorf("failed to create Kubernetes clientset: %v", err) - } - config.ClientConfig = kubeconfig - config.SharedInformerFactory = clientgoinformers.NewSharedInformerFactory(clientgoExternalClient, 10*time.Minute) - - return nil -} - -func (o *CoreAPIOptions) Validate() []error { - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/deprecated_insecure_serving.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/deprecated_insecure_serving.go deleted file mode 100644 index 173c28b80d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/deprecated_insecure_serving.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "net" - - "github.com/spf13/pflag" - - "k8s.io/apiserver/pkg/server" -) - -// DeprecatedInsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port. -// No one should be using these anymore. -// DEPRECATED: all insecure serving options are removed in a future version -type DeprecatedInsecureServingOptions struct { - BindAddress net.IP - BindPort int - // BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp", - // "tcp4", and "tcp6". - BindNetwork string - - // Listener is the secure server network listener. - // either Listener or BindAddress/BindPort/BindNetwork is set, - // if Listener is set, use it and omit BindAddress/BindPort/BindNetwork. - Listener net.Listener - - // ListenFunc can be overridden to create a custom listener, e.g. for mocking in tests. - // It defaults to options.CreateListener. - ListenFunc func(network, addr string, config net.ListenConfig) (net.Listener, int, error) -} - -// Validate ensures that the insecure port values within the range of the port. -func (s *DeprecatedInsecureServingOptions) Validate() []error { - if s == nil { - return nil - } - - errors := []error{} - - if s.BindPort < 0 || s.BindPort > 65535 { - errors = append(errors, fmt.Errorf("insecure port %v must be between 0 and 65535, inclusive. 0 for turning off insecure (HTTP) port", s.BindPort)) - } - - return errors -} - -// AddFlags adds flags related to insecure serving to the specified FlagSet. -func (s *DeprecatedInsecureServingOptions) AddFlags(fs *pflag.FlagSet) { - if s == nil { - return - } - - fs.IPVar(&s.BindAddress, "insecure-bind-address", s.BindAddress, ""+ - "The IP address on which to serve the --insecure-port (set to 0.0.0.0 or :: for listening in all interfaces and IP families).") - // Though this flag is deprecated, we discovered security concerns over how to do health checks without it e.g. #43784 - fs.MarkDeprecated("insecure-bind-address", "This flag will be removed in a future version.") - fs.Lookup("insecure-bind-address").Hidden = false - - fs.IntVar(&s.BindPort, "insecure-port", s.BindPort, ""+ - "The port on which to serve unsecured, unauthenticated access.") - // Though this flag is deprecated, we discovered security concerns over how to do health checks without it e.g. #43784 - fs.MarkDeprecated("insecure-port", "This flag will be removed in a future version.") - fs.Lookup("insecure-port").Hidden = false -} - -// AddUnqualifiedFlags adds flags related to insecure serving without the --insecure prefix to the specified FlagSet. -func (s *DeprecatedInsecureServingOptions) AddUnqualifiedFlags(fs *pflag.FlagSet) { - if s == nil { - return - } - - fs.IPVar(&s.BindAddress, "address", s.BindAddress, - "The IP address on which to serve the insecure --port (set to '0.0.0.0' or '::' for listening in all interfaces and IP families).") - fs.MarkDeprecated("address", "see --bind-address instead.") - fs.Lookup("address").Hidden = false - - fs.IntVar(&s.BindPort, "port", s.BindPort, "The port on which to serve unsecured, unauthenticated access. Set to 0 to disable.") - fs.MarkDeprecated("port", "see --secure-port instead.") - fs.Lookup("port").Hidden = false -} - -// ApplyTo adds DeprecatedInsecureServingOptions to the insecureserverinfo and kube-controller manager configuration. -// Note: the double pointer allows to set the *DeprecatedInsecureServingInfo to nil without referencing the struct hosting this pointer. -func (s *DeprecatedInsecureServingOptions) ApplyTo(c **server.DeprecatedInsecureServingInfo) error { - if s == nil { - return nil - } - if s.BindPort <= 0 { - return nil - } - - if s.Listener == nil { - var err error - listen := CreateListener - if s.ListenFunc != nil { - listen = s.ListenFunc - } - addr := net.JoinHostPort(s.BindAddress.String(), fmt.Sprintf("%d", s.BindPort)) - s.Listener, s.BindPort, err = listen(s.BindNetwork, addr, net.ListenConfig{}) - if err != nil { - return fmt.Errorf("failed to create listener: %v", err) - } - } - - *c = &server.DeprecatedInsecureServingInfo{ - Listener: s.Listener, - } - - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/doc.go deleted file mode 100644 index 426336be09..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// package options is the public flags and options used by a generic api -// server. It takes a minimal set of dependencies and does not reference -// implementations, in order to ensure it may be reused by multiple components -// (such as CLI commands that wish to generate or validate config). -package options // import "k8s.io/apiserver/pkg/server/options" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/egress_selector.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/egress_selector.go deleted file mode 100644 index c7c94e5770..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/egress_selector.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - - "github.com/spf13/pflag" - "k8s.io/utils/path" - - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/egressselector" -) - -// EgressSelectorOptions holds the api server egress selector options. -// See https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1281-network-proxy/README.md -type EgressSelectorOptions struct { - // ConfigFile is the file path with api-server egress selector configuration. - ConfigFile string -} - -// NewEgressSelectorOptions creates a new instance of EgressSelectorOptions -// -// The option is to point to a configuration file for egress/konnectivity. -// This determines which types of requests use egress/konnectivity and how they use it. -// If empty the API Server will attempt to connect directly using the network. -func NewEgressSelectorOptions() *EgressSelectorOptions { - return &EgressSelectorOptions{} -} - -// AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet -func (o *EgressSelectorOptions) AddFlags(fs *pflag.FlagSet) { - if o == nil { - return - } - - fs.StringVar(&o.ConfigFile, "egress-selector-config-file", o.ConfigFile, - "File with apiserver egress selector configuration.") -} - -// ApplyTo adds the egress selector settings to the server configuration. -// In case egress selector settings were not provided by a cluster-admin -// they will be prepared from the recommended/default/no-op values. -func (o *EgressSelectorOptions) ApplyTo(c *server.Config) error { - if o == nil { - return nil - } - - npConfig, err := egressselector.ReadEgressSelectorConfiguration(o.ConfigFile) - if err != nil { - return fmt.Errorf("failed to read egress selector config: %v", err) - } - errs := egressselector.ValidateEgressSelectorConfiguration(npConfig) - if len(errs) > 0 { - return fmt.Errorf("failed to validate egress selector configuration: %v", errs.ToAggregate()) - } - - cs, err := egressselector.NewEgressSelector(npConfig) - if err != nil { - return fmt.Errorf("failed to setup egress selector with config %#v: %v", npConfig, err) - } - c.EgressSelector = cs - return nil -} - -// Validate verifies flags passed to EgressSelectorOptions. -func (o *EgressSelectorOptions) Validate() []error { - if o == nil || o.ConfigFile == "" { - return nil - } - - errs := []error{} - - if exists, err := path.Exists(path.CheckFollowSymlink, o.ConfigFile); !exists || err != nil { - errs = append(errs, fmt.Errorf("egress-selector-config-file %s does not exist", o.ConfigFile)) - } - - return errs -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/OWNERS deleted file mode 100644 index d2ea8ec60c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-encryption-at-rest-approvers -reviewers: - - sig-auth-encryption-at-rest-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go deleted file mode 100644 index c95717c532..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/config.go +++ /dev/null @@ -1,730 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package encryptionconfig - -import ( - "context" - "crypto/aes" - "crypto/cipher" - "crypto/sha256" - "encoding/base64" - "errors" - "fmt" - "io" - "net/http" - "os" - "sync" - "sync/atomic" - "time" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - apiserverconfig "k8s.io/apiserver/pkg/apis/config" - apiserverconfigv1 "k8s.io/apiserver/pkg/apis/config/v1" - "k8s.io/apiserver/pkg/apis/config/validation" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/server/healthz" - "k8s.io/apiserver/pkg/storage/value" - aestransformer "k8s.io/apiserver/pkg/storage/value/encrypt/aes" - "k8s.io/apiserver/pkg/storage/value/encrypt/envelope" - envelopekmsv2 "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2" - "k8s.io/apiserver/pkg/storage/value/encrypt/identity" - "k8s.io/apiserver/pkg/storage/value/encrypt/secretbox" - utilfeature "k8s.io/apiserver/pkg/util/feature" -) - -const ( - aesCBCTransformerPrefixV1 = "k8s:enc:aescbc:v1:" - aesGCMTransformerPrefixV1 = "k8s:enc:aesgcm:v1:" - secretboxTransformerPrefixV1 = "k8s:enc:secretbox:v1:" - kmsTransformerPrefixV1 = "k8s:enc:kms:v1:" - kmsTransformerPrefixV2 = "k8s:enc:kms:v2:" - kmsPluginHealthzNegativeTTL = 3 * time.Second - kmsPluginHealthzPositiveTTL = 20 * time.Second - kmsAPIVersionV1 = "v1" - kmsAPIVersionV2 = "v2" - kmsReloadHealthCheckName = "kms-providers" -) - -type kmsPluginHealthzResponse struct { - err error - received time.Time -} - -type kmsPluginProbe struct { - name string - ttl time.Duration - service envelope.Service - lastResponse *kmsPluginHealthzResponse - l *sync.Mutex -} - -type kmsv2PluginProbe struct { - name string - ttl time.Duration - service envelopekmsv2.Service - lastResponse *kmsPluginHealthzResponse - l *sync.Mutex -} - -type kmsHealthChecker []healthz.HealthChecker - -func (k kmsHealthChecker) Name() string { - return kmsReloadHealthCheckName -} - -func (k kmsHealthChecker) Check(req *http.Request) error { - var errs []error - - for i := range k { - checker := k[i] - if err := checker.Check(req); err != nil { - errs = append(errs, fmt.Errorf("%s: %w", checker.Name(), err)) - } - } - - return utilerrors.Reduce(utilerrors.NewAggregate(errs)) -} - -func (h *kmsPluginProbe) toHealthzCheck(idx int) healthz.HealthChecker { - return healthz.NamedCheck(fmt.Sprintf("kms-provider-%d", idx), func(r *http.Request) error { - return h.check() - }) -} - -func (h *kmsv2PluginProbe) toHealthzCheck(idx int) healthz.HealthChecker { - return healthz.NamedCheck(fmt.Sprintf("kms-provider-%d", idx), func(r *http.Request) error { - return h.check(r.Context()) - }) -} - -// EncryptionConfiguration represents the parsed and normalized encryption configuration for the apiserver. -type EncryptionConfiguration struct { - // Transformers is a list of value.Transformer that will be used to encrypt and decrypt data. - Transformers map[schema.GroupResource]value.Transformer - - // HealthChecks is a list of healthz.HealthChecker that will be used to check the health of the encryption providers. - HealthChecks []healthz.HealthChecker - - // EncryptionFileContentHash is the hash of the encryption config file. - EncryptionFileContentHash string - - // KMSCloseGracePeriod is the duration we will wait before closing old transformers. - // We wait for any in-flight requests to finish by using the duration which is longer than their timeout. - KMSCloseGracePeriod time.Duration -} - -// LoadEncryptionConfig parses and validates the encryption config specified by filepath. -// It may launch multiple go routines whose lifecycle is controlled by stopCh. -// If reload is true, or KMS v2 plugins are used with no KMS v1 plugins, the returned slice of health checkers will always be of length 1. -func LoadEncryptionConfig(filepath string, reload bool, stopCh <-chan struct{}) (*EncryptionConfiguration, error) { - config, contentHash, err := loadConfig(filepath, reload) - if err != nil { - return nil, fmt.Errorf("error while parsing file: %w", err) - } - - transformers, kmsHealthChecks, kmsUsed, err := getTransformerOverridesAndKMSPluginHealthzCheckers(config, stopCh) - if err != nil { - return nil, fmt.Errorf("error while building transformers: %w", err) - } - - if reload || (kmsUsed.v2Used && !kmsUsed.v1Used) { - kmsHealthChecks = []healthz.HealthChecker{kmsHealthChecker(kmsHealthChecks)} - } - - // KMSTimeout is the duration we will wait before closing old transformers. - // The way we calculate is as follows: - // 1. Sum all timeouts across all KMS plugins. (check kmsPrefixTransformer for differences between v1 and v2) - // 2. Multiply that by 2 (to allow for some buffer) - // The reason we sum all timeout is because kmsHealthChecker() will run all health checks serially - return &EncryptionConfiguration{ - Transformers: transformers, - HealthChecks: kmsHealthChecks, - EncryptionFileContentHash: contentHash, - KMSCloseGracePeriod: 2 * kmsUsed.kmsTimeoutSum, - }, err -} - -func getTransformerOverridesAndKMSPluginHealthzCheckers(config *apiserverconfig.EncryptionConfiguration, stopCh <-chan struct{}) (map[schema.GroupResource]value.Transformer, []healthz.HealthChecker, *kmsState, error) { - var kmsHealthChecks []healthz.HealthChecker - transformers, probes, kmsUsed, err := getTransformerOverridesAndKMSPluginProbes(config, stopCh) - if err != nil { - return nil, nil, nil, err - } - for i := range probes { - probe := probes[i] - kmsHealthChecks = append(kmsHealthChecks, probe.toHealthzCheck(i)) - } - - return transformers, kmsHealthChecks, kmsUsed, nil -} - -type healthChecker interface { - toHealthzCheck(idx int) healthz.HealthChecker -} - -func getTransformerOverridesAndKMSPluginProbes(config *apiserverconfig.EncryptionConfiguration, stopCh <-chan struct{}) (map[schema.GroupResource]value.Transformer, []healthChecker, *kmsState, error) { - resourceToPrefixTransformer := map[schema.GroupResource][]value.PrefixTransformer{} - var probes []healthChecker - var kmsUsed kmsState - - // For each entry in the configuration - for _, resourceConfig := range config.Resources { - resourceConfig := resourceConfig - - transformers, p, used, err := prefixTransformersAndProbes(resourceConfig, stopCh) - if err != nil { - return nil, nil, nil, err - } - kmsUsed.v1Used = kmsUsed.v1Used || used.v1Used - kmsUsed.v2Used = kmsUsed.v2Used || used.v2Used - - kmsUsed.kmsTimeoutSum += used.kmsTimeoutSum - - // For each resource, create a list of providers to use - for _, resource := range resourceConfig.Resources { - resource := resource - gr := schema.ParseGroupResource(resource) - resourceToPrefixTransformer[gr] = append( - resourceToPrefixTransformer[gr], transformers...) - } - - probes = append(probes, p...) - } - - transformers := make(map[schema.GroupResource]value.Transformer, len(resourceToPrefixTransformer)) - for gr, transList := range resourceToPrefixTransformer { - gr := gr - transList := transList - transformers[gr] = value.NewPrefixTransformers(fmt.Errorf("no matching prefix found"), transList...) - } - - return transformers, probes, &kmsUsed, nil -} - -// check encrypts and decrypts test data against KMS-Plugin's gRPC endpoint. -func (h *kmsPluginProbe) check() error { - h.l.Lock() - defer h.l.Unlock() - - if (time.Since(h.lastResponse.received)) < h.ttl { - return h.lastResponse.err - } - - p, err := h.service.Encrypt([]byte("ping")) - if err != nil { - h.lastResponse = &kmsPluginHealthzResponse{err: err, received: time.Now()} - h.ttl = kmsPluginHealthzNegativeTTL - return fmt.Errorf("failed to perform encrypt section of the healthz check for KMS Provider %s, error: %w", h.name, err) - } - - if _, err := h.service.Decrypt(p); err != nil { - h.lastResponse = &kmsPluginHealthzResponse{err: err, received: time.Now()} - h.ttl = kmsPluginHealthzNegativeTTL - return fmt.Errorf("failed to perform decrypt section of the healthz check for KMS Provider %s, error: %w", h.name, err) - } - - h.lastResponse = &kmsPluginHealthzResponse{err: nil, received: time.Now()} - h.ttl = kmsPluginHealthzPositiveTTL - return nil -} - -// check gets the healthz status of the KMSv2-Plugin using the Status() method. -func (h *kmsv2PluginProbe) check(ctx context.Context) error { - h.l.Lock() - defer h.l.Unlock() - - if (time.Since(h.lastResponse.received)) < h.ttl { - return h.lastResponse.err - } - - p, err := h.service.Status(ctx) - if err != nil { - h.lastResponse = &kmsPluginHealthzResponse{err: err, received: time.Now()} - h.ttl = kmsPluginHealthzNegativeTTL - return fmt.Errorf("failed to perform status section of the healthz check for KMS Provider %s, error: %w", h.name, err) - } - - if err := isKMSv2ProviderHealthy(h.name, p); err != nil { - h.lastResponse = &kmsPluginHealthzResponse{err: err, received: time.Now()} - h.ttl = kmsPluginHealthzNegativeTTL - return err - } - - h.lastResponse = &kmsPluginHealthzResponse{err: nil, received: time.Now()} - h.ttl = kmsPluginHealthzPositiveTTL - return nil -} - -// isKMSv2ProviderHealthy checks if the KMSv2-Plugin is healthy. -func isKMSv2ProviderHealthy(name string, response *envelopekmsv2.StatusResponse) error { - var errs []error - if response.Healthz != "ok" { - errs = append(errs, fmt.Errorf("got unexpected healthz status: %s", response.Healthz)) - } - if response.Version != envelopekmsv2.KMSAPIVersion { - errs = append(errs, fmt.Errorf("expected KMSv2 API version %s, got %s", envelopekmsv2.KMSAPIVersion, response.Version)) - } - if len(response.KeyID) == 0 { - errs = append(errs, fmt.Errorf("expected KMSv2 KeyID to be set, got %s", response.KeyID)) - } - - if err := utilerrors.Reduce(utilerrors.NewAggregate(errs)); err != nil { - return fmt.Errorf("kmsv2 Provider %s is not healthy, error: %w", name, err) - } - return nil -} - -// loadConfig parses the encryption configuration file at filepath and returns the parsed config and hash of the file. -func loadConfig(filepath string, reload bool) (*apiserverconfig.EncryptionConfiguration, string, error) { - f, err := os.Open(filepath) - if err != nil { - return nil, "", fmt.Errorf("error opening encryption provider configuration file %q: %w", filepath, err) - } - defer f.Close() - - data, err := io.ReadAll(f) - if err != nil { - return nil, "", fmt.Errorf("could not read contents: %w", err) - } - if len(data) == 0 { - return nil, "", fmt.Errorf("encryption provider configuration file %q is empty", filepath) - } - - scheme := runtime.NewScheme() - codecs := serializer.NewCodecFactory(scheme) - utilruntime.Must(apiserverconfig.AddToScheme(scheme)) - utilruntime.Must(apiserverconfigv1.AddToScheme(scheme)) - - configObj, gvk, err := codecs.UniversalDecoder().Decode(data, nil, nil) - if err != nil { - return nil, "", err - } - config, ok := configObj.(*apiserverconfig.EncryptionConfiguration) - if !ok { - return nil, "", fmt.Errorf("got unexpected config type: %v", gvk) - } - - return config, computeEncryptionConfigHash(data), validation.ValidateEncryptionConfiguration(config, reload).ToAggregate() -} - -func prefixTransformersAndProbes(config apiserverconfig.ResourceConfiguration, stopCh <-chan struct{}) ([]value.PrefixTransformer, []healthChecker, *kmsState, error) { - var transformers []value.PrefixTransformer - var probes []healthChecker - var kmsUsed kmsState - - for _, provider := range config.Providers { - provider := provider - var ( - transformer value.PrefixTransformer - transformerErr error - probe healthChecker - used *kmsState - ) - - switch { - case provider.AESGCM != nil: - transformer, transformerErr = aesPrefixTransformer(provider.AESGCM, aestransformer.NewGCMTransformer, aesGCMTransformerPrefixV1) - - case provider.AESCBC != nil: - transformer, transformerErr = aesPrefixTransformer(provider.AESCBC, aestransformer.NewCBCTransformer, aesCBCTransformerPrefixV1) - - case provider.Secretbox != nil: - transformer, transformerErr = secretboxPrefixTransformer(provider.Secretbox) - - case provider.KMS != nil: - transformer, probe, used, transformerErr = kmsPrefixTransformer(provider.KMS, stopCh) - if transformerErr == nil { - probes = append(probes, probe) - kmsUsed.v1Used = kmsUsed.v1Used || used.v1Used - kmsUsed.v2Used = kmsUsed.v2Used || used.v2Used - - // calculate the maximum timeout for all KMS providers - kmsUsed.kmsTimeoutSum += used.kmsTimeoutSum - } - - case provider.Identity != nil: - transformer = value.PrefixTransformer{ - Transformer: identity.NewEncryptCheckTransformer(), - Prefix: []byte{}, - } - - default: - return nil, nil, nil, errors.New("provider does not contain any of the expected providers: KMS, AESGCM, AESCBC, Secretbox, Identity") - } - - if transformerErr != nil { - return nil, nil, nil, transformerErr - } - - transformers = append(transformers, transformer) - } - - return transformers, probes, &kmsUsed, nil -} - -type blockTransformerFunc func(cipher.Block) value.Transformer - -func aesPrefixTransformer(config *apiserverconfig.AESConfiguration, fn blockTransformerFunc, prefix string) (value.PrefixTransformer, error) { - var result value.PrefixTransformer - - if len(config.Keys) == 0 { - return result, fmt.Errorf("aes provider has no valid keys") - } - for _, key := range config.Keys { - key := key - if key.Name == "" { - return result, fmt.Errorf("key with invalid name provided") - } - if key.Secret == "" { - return result, fmt.Errorf("key %v has no provided secret", key.Name) - } - } - - keyTransformers := []value.PrefixTransformer{} - - for _, keyData := range config.Keys { - keyData := keyData - key, err := base64.StdEncoding.DecodeString(keyData.Secret) - if err != nil { - return result, fmt.Errorf("could not obtain secret for named key %s: %s", keyData.Name, err) - } - block, err := aes.NewCipher(key) - if err != nil { - return result, fmt.Errorf("error while creating cipher for named key %s: %s", keyData.Name, err) - } - - // Create a new PrefixTransformer for this key - keyTransformers = append(keyTransformers, - value.PrefixTransformer{ - Transformer: fn(block), - Prefix: []byte(keyData.Name + ":"), - }) - } - - // Create a prefixTransformer which can choose between these keys - keyTransformer := value.NewPrefixTransformers( - fmt.Errorf("no matching key was found for the provided AES transformer"), keyTransformers...) - - // Create a PrefixTransformer which shall later be put in a list with other providers - result = value.PrefixTransformer{ - Transformer: keyTransformer, - Prefix: []byte(prefix), - } - return result, nil -} - -func secretboxPrefixTransformer(config *apiserverconfig.SecretboxConfiguration) (value.PrefixTransformer, error) { - var result value.PrefixTransformer - - if len(config.Keys) == 0 { - return result, fmt.Errorf("secretbox provider has no valid keys") - } - for _, key := range config.Keys { - key := key - if key.Name == "" { - return result, fmt.Errorf("key with invalid name provided") - } - if key.Secret == "" { - return result, fmt.Errorf("key %v has no provided secret", key.Name) - } - } - - keyTransformers := []value.PrefixTransformer{} - - for _, keyData := range config.Keys { - keyData := keyData - key, err := base64.StdEncoding.DecodeString(keyData.Secret) - if err != nil { - return result, fmt.Errorf("could not obtain secret for named key %s: %s", keyData.Name, err) - } - - if len(key) != 32 { - return result, fmt.Errorf("expected key size 32 for secretbox provider, got %v", len(key)) - } - - keyArray := [32]byte{} - copy(keyArray[:], key) - - // Create a new PrefixTransformer for this key - keyTransformers = append(keyTransformers, - value.PrefixTransformer{ - Transformer: secretbox.NewSecretboxTransformer(keyArray), - Prefix: []byte(keyData.Name + ":"), - }) - } - - // Create a prefixTransformer which can choose between these keys - keyTransformer := value.NewPrefixTransformers( - fmt.Errorf("no matching key was found for the provided Secretbox transformer"), keyTransformers...) - - // Create a PrefixTransformer which shall later be put in a list with other providers - result = value.PrefixTransformer{ - Transformer: keyTransformer, - Prefix: []byte(secretboxTransformerPrefixV1), - } - return result, nil -} - -var ( - // The factory to create kms service. This is to make writing test easier. - envelopeServiceFactory = envelope.NewGRPCService - - // The factory to create kmsv2 service. Exported for integration tests. - EnvelopeKMSv2ServiceFactory = envelopekmsv2.NewGRPCService -) - -type kmsState struct { - v1Used, v2Used bool - kmsTimeoutSum time.Duration -} - -func kmsPrefixTransformer(config *apiserverconfig.KMSConfiguration, stopCh <-chan struct{}) (value.PrefixTransformer, healthChecker, *kmsState, error) { - // we ignore the cancel func because this context should only be canceled when stopCh is closed - ctx, _ := wait.ContextForChannel(stopCh) - - kmsName := config.Name - switch config.APIVersion { - case kmsAPIVersionV1: - envelopeService, err := envelopeServiceFactory(ctx, config.Endpoint, config.Timeout.Duration) - if err != nil { - return value.PrefixTransformer{}, nil, nil, fmt.Errorf("could not configure KMSv1-Plugin's probe %q, error: %w", kmsName, err) - } - - probe := &kmsPluginProbe{ - name: kmsName, - ttl: kmsPluginHealthzNegativeTTL, - service: envelopeService, - l: &sync.Mutex{}, - lastResponse: &kmsPluginHealthzResponse{}, - } - - transformer := envelopePrefixTransformer(config, envelopeService, kmsTransformerPrefixV1) - - return transformer, probe, &kmsState{ - v1Used: true, - // for v1 we will do encrypt and decrypt for health check. Since these are serial operations, we will double the timeout. - kmsTimeoutSum: 2 * config.Timeout.Duration, - }, nil - - case kmsAPIVersionV2: - if !utilfeature.DefaultFeatureGate.Enabled(features.KMSv2) { - return value.PrefixTransformer{}, nil, nil, fmt.Errorf("could not configure KMSv2 plugin %q, KMSv2 feature is not enabled", kmsName) - } - - envelopeService, err := EnvelopeKMSv2ServiceFactory(ctx, config.Endpoint, config.Timeout.Duration) - if err != nil { - return value.PrefixTransformer{}, nil, nil, fmt.Errorf("could not configure KMSv2-Plugin's probe %q, error: %w", kmsName, err) - } - - probe := &kmsv2PluginProbe{ - name: kmsName, - ttl: kmsPluginHealthzNegativeTTL, - service: envelopeService, - l: &sync.Mutex{}, - lastResponse: &kmsPluginHealthzResponse{}, - } - - // using AES-GCM by default for encrypting data with KMSv2 - transformer := value.PrefixTransformer{ - Transformer: envelopekmsv2.NewEnvelopeTransformer(envelopeService, int(*config.CacheSize), aestransformer.NewGCMTransformer), - Prefix: []byte(kmsTransformerPrefixV2 + kmsName + ":"), - } - - return transformer, probe, &kmsState{ - v2Used: true, - kmsTimeoutSum: config.Timeout.Duration, - }, nil - - default: - return value.PrefixTransformer{}, nil, nil, fmt.Errorf("could not configure KMS plugin %q, unsupported KMS API version %q", kmsName, config.APIVersion) - } -} - -func envelopePrefixTransformer(config *apiserverconfig.KMSConfiguration, envelopeService envelope.Service, prefix string) value.PrefixTransformer { - baseTransformerFunc := func(block cipher.Block) value.Transformer { - // v1.24: write using AES-CBC only but support reads via AES-CBC and AES-GCM (so we can move to AES-GCM) - // v1.25: write using AES-GCM only but support reads via AES-GCM and fallback to AES-CBC for backwards compatibility - // TODO(aramase): Post v1.25: We cannot drop CBC read support until we automate storage migration. - // We could have a release note that hard requires users to perform storage migration. - return unionTransformers{aestransformer.NewGCMTransformer(block), aestransformer.NewCBCTransformer(block)} - } - - return value.PrefixTransformer{ - Transformer: envelope.NewEnvelopeTransformer(envelopeService, int(*config.CacheSize), baseTransformerFunc), - Prefix: []byte(prefix + config.Name + ":"), - } -} - -type unionTransformers []value.Transformer - -func (u unionTransformers) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) (out []byte, stale bool, err error) { - var errs []error - for i := range u { - transformer := u[i] - result, stale, err := transformer.TransformFromStorage(ctx, data, dataCtx) - if err != nil { - errs = append(errs, err) - continue - } - // when i != 0, we have transformed the data from storage using the new transformer, - // we want to issue a write to etcd even if the contents of the data haven't changed - return result, stale || i != 0, nil - } - if err := utilerrors.Reduce(utilerrors.NewAggregate(errs)); err != nil { - return nil, false, err - } - return nil, false, fmt.Errorf("unionTransformers: unable to transform from storage") -} - -func (u unionTransformers) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) (out []byte, err error) { - return u[0].TransformToStorage(ctx, data, dataCtx) -} - -// computeEncryptionConfigHash returns the expected hash for an encryption config file that has been loaded as bytes. -// We use a hash instead of the raw file contents when tracking changes to avoid holding any encryption keys in memory outside of their associated transformers. -// This hash must be used in-memory and not externalized to the process because it has no cross-release stability guarantees. -func computeEncryptionConfigHash(data []byte) string { - return fmt.Sprintf("%x", sha256.Sum256(data)) -} - -var _ healthz.HealthChecker = &DynamicTransformers{} - -// DynamicTransformers holds transformers that may be dynamically updated via a single external actor, likely a controller. -// This struct must avoid locks (even read write locks) as it is inline to all calls to storage. -type DynamicTransformers struct { - transformTracker *atomic.Value -} - -type transformTracker struct { - transformerOverrides map[schema.GroupResource]value.Transformer - kmsPluginHealthzCheck healthz.HealthChecker - closeTransformers context.CancelFunc - kmsCloseGracePeriod time.Duration -} - -// NewDynamicTransformers returns transformers, health checks for kms providers and an ability to close transformers. -func NewDynamicTransformers( - transformerOverrides map[schema.GroupResource]value.Transformer, - kmsPluginHealthzCheck healthz.HealthChecker, - closeTransformers context.CancelFunc, - kmsCloseGracePeriod time.Duration, -) *DynamicTransformers { - dynamicTransformers := &DynamicTransformers{ - transformTracker: &atomic.Value{}, - } - - tracker := &transformTracker{ - transformerOverrides: transformerOverrides, - kmsPluginHealthzCheck: kmsPluginHealthzCheck, - closeTransformers: closeTransformers, - kmsCloseGracePeriod: kmsCloseGracePeriod, - } - dynamicTransformers.transformTracker.Store(tracker) - - return dynamicTransformers -} - -// Check implements healthz.HealthChecker -func (d *DynamicTransformers) Check(req *http.Request) error { - return d.transformTracker.Load().(*transformTracker).kmsPluginHealthzCheck.Check(req) -} - -// Name implements healthz.HealthChecker -func (d *DynamicTransformers) Name() string { - return kmsReloadHealthCheckName -} - -// TransformerForResource returns the transformer for the given resource. -func (d *DynamicTransformers) TransformerForResource(resource schema.GroupResource) value.Transformer { - return &resourceTransformer{ - resource: resource, - transformTracker: d.transformTracker, - } -} - -// Set sets the transformer overrides. This method is not go routine safe and must only be called by the same, single caller throughout the lifetime of this object. -func (d *DynamicTransformers) Set( - transformerOverrides map[schema.GroupResource]value.Transformer, - closeTransformers context.CancelFunc, - kmsPluginHealthzCheck healthz.HealthChecker, - kmsCloseGracePeriod time.Duration, -) { - // store new values - newTransformTracker := &transformTracker{ - transformerOverrides: transformerOverrides, - closeTransformers: closeTransformers, - kmsPluginHealthzCheck: kmsPluginHealthzCheck, - kmsCloseGracePeriod: kmsCloseGracePeriod, - } - - // update new transformer overrides - oldTransformTracker := d.transformTracker.Swap(newTransformTracker).(*transformTracker) - - // close old transformers once we wait for grpc request to finish any in-flight requests. - // by the time we spawn this go routine, the new transformers have already been set and will be used for new requests. - // if the server starts shutting down during sleep duration then the transformers will correctly closed early because their lifetime is tied to the api-server drain notifier. - go func() { - time.Sleep(oldTransformTracker.kmsCloseGracePeriod) - oldTransformTracker.closeTransformers() - }() -} - -var _ value.Transformer = &resourceTransformer{} - -type resourceTransformer struct { - resource schema.GroupResource - transformTracker *atomic.Value -} - -func (r *resourceTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { - return r.transformer().TransformFromStorage(ctx, data, dataCtx) -} - -func (r *resourceTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { - return r.transformer().TransformToStorage(ctx, data, dataCtx) -} - -func (r *resourceTransformer) transformer() value.Transformer { - transformer := r.transformTracker.Load().(*transformTracker).transformerOverrides[r.resource] - if transformer == nil { - return identity.NewEncryptCheckTransformer() - } - return transformer -} - -type ResourceTransformers interface { - TransformerForResource(resource schema.GroupResource) value.Transformer -} - -var _ ResourceTransformers = &DynamicTransformers{} -var _ ResourceTransformers = &StaticTransformers{} - -type StaticTransformers map[schema.GroupResource]value.Transformer - -// StaticTransformers -func (s StaticTransformers) TransformerForResource(resource schema.GroupResource) value.Transformer { - transformer := s[resource] - if transformer == nil { - return identity.NewEncryptCheckTransformer() - } - return transformer -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller.go deleted file mode 100644 index 35fc1dea0d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller.go +++ /dev/null @@ -1,265 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "context" - "fmt" - "net/http" - "time" - - "github.com/fsnotify/fsnotify" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/server/healthz" - "k8s.io/apiserver/pkg/server/options/encryptionconfig" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -// workqueueKey is the dummy key used to process change in encryption config file. -const workqueueKey = "key" - -// DynamicKMSEncryptionConfigContent which can dynamically handle changes in encryption config file. -type DynamicKMSEncryptionConfigContent struct { - name string - - // filePath is the path of the file to read. - filePath string - - // lastLoadedEncryptionConfigHash stores last successfully read encryption config file content. - lastLoadedEncryptionConfigHash string - - // queue for processing changes in encryption config file. - queue workqueue.RateLimitingInterface - - // dynamicTransformers updates the transformers when encryption config file changes. - dynamicTransformers *encryptionconfig.DynamicTransformers - - // stopCh used here is a lifecycle signal of genericapiserver already drained while shutting down. - stopCh <-chan struct{} -} - -// NewDynamicKMSEncryptionConfiguration returns controller that dynamically reacts to changes in encryption config file. -func NewDynamicKMSEncryptionConfiguration( - name, filePath string, - dynamicTransformers *encryptionconfig.DynamicTransformers, - configContentHash string, - stopCh <-chan struct{}, -) *DynamicKMSEncryptionConfigContent { - encryptionConfig := &DynamicKMSEncryptionConfigContent{ - name: name, - filePath: filePath, - lastLoadedEncryptionConfigHash: configContentHash, - dynamicTransformers: dynamicTransformers, - stopCh: stopCh, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("%s-hot-reload", name)), - } - encryptionConfig.queue.Add(workqueueKey) - - return encryptionConfig -} - -// Run starts the controller and blocks until stopCh is closed. -func (d *DynamicKMSEncryptionConfigContent) Run(ctx context.Context) { - defer utilruntime.HandleCrash() - defer d.queue.ShutDown() - - klog.InfoS("Starting controller", "name", d.name) - defer klog.InfoS("Shutting down controller", "name", d.name) - - // start worker for processing content - go wait.Until(d.runWorker, time.Second, ctx.Done()) - - // start the loop that watches the encryption config file until stopCh is closed. - go wait.Until(func() { - if err := d.watchEncryptionConfigFile(ctx.Done()); err != nil { - // if there is an error while setting up or handling the watches, this will ensure that we will process the config file. - defer d.queue.Add(workqueueKey) - klog.ErrorS(err, "Failed to watch encryption config file, will retry later") - } - }, time.Second, ctx.Done()) - - <-ctx.Done() -} - -func (d *DynamicKMSEncryptionConfigContent) watchEncryptionConfigFile(stopCh <-chan struct{}) error { - watcher, err := fsnotify.NewWatcher() - if err != nil { - return fmt.Errorf("error creating fsnotify watcher: %w", err) - } - defer watcher.Close() - - if err = watcher.Add(d.filePath); err != nil { - return fmt.Errorf("error adding watch for file %s: %w", d.filePath, err) - } - - for { - select { - case event := <-watcher.Events: - if err := d.handleWatchEvent(event, watcher); err != nil { - return err - } - case err := <-watcher.Errors: - return fmt.Errorf("received fsnotify error: %w", err) - case <-stopCh: - return nil - } - } -} - -func (d *DynamicKMSEncryptionConfigContent) handleWatchEvent(event fsnotify.Event, watcher *fsnotify.Watcher) error { - // This should be executed after restarting the watch (if applicable) to ensure no file event will be missing. - defer d.queue.Add(workqueueKey) - - // return if file has not been removed or renamed. - if event.Op&(fsnotify.Remove|fsnotify.Rename) == 0 { - return nil - } - - if err := watcher.Remove(d.filePath); err != nil { - klog.V(2).InfoS("Failed to remove file watch, it may have been deleted", "file", d.filePath, "err", err) - } - if err := watcher.Add(d.filePath); err != nil { - return fmt.Errorf("error adding watch for file %s: %w", d.filePath, err) - } - - return nil -} - -// runWorker to process file content -func (d *DynamicKMSEncryptionConfigContent) runWorker() { - for d.processNextWorkItem() { - } -} - -// processNextWorkItem processes file content when there is a message in the queue. -func (d *DynamicKMSEncryptionConfigContent) processNextWorkItem() bool { - // key here is dummy item in the queue to trigger file content processing. - key, quit := d.queue.Get() - if quit { - return false - } - defer d.queue.Done(key) - - var ( - updatedEffectiveConfig bool - err error - encryptionConfiguration *encryptionconfig.EncryptionConfiguration - configChanged bool - ) - - // get context to close the new transformers. - ctx, closeTransformers := wait.ContextForChannel(d.stopCh) - - defer func() { - // TODO: increment success metric when updatedEffectiveConfig=true - - if !updatedEffectiveConfig { - // avoid leaking if we're not using the newly constructed transformers (due to an error or them not being changed) - closeTransformers() - } - if err != nil { - // TODO: increment failure metric - utilruntime.HandleError(fmt.Errorf("error processing encryption config file %s: %v", d.filePath, err)) - // add dummy item back to the queue to trigger file content processing. - d.queue.AddRateLimited(key) - } - }() - - encryptionConfiguration, configChanged, err = d.processEncryptionConfig(ctx) - if err != nil { - return true - } - if !configChanged { - return true - } - - if len(encryptionConfiguration.HealthChecks) != 1 { - err = fmt.Errorf("unexpected number of healthz checks: %d. Should have only one", len(encryptionConfiguration.HealthChecks)) - return true - } - // get healthz checks for all new KMS plugins. - if err = d.validateNewTransformersHealth(ctx, encryptionConfiguration.HealthChecks[0], encryptionConfiguration.KMSCloseGracePeriod); err != nil { - return true - } - - // update transformers. - // when reload=true there must always be one healthz check. - d.dynamicTransformers.Set( - encryptionConfiguration.Transformers, - closeTransformers, - encryptionConfiguration.HealthChecks[0], - encryptionConfiguration.KMSCloseGracePeriod, - ) - - // update local copy of recent config content once update is successful. - d.lastLoadedEncryptionConfigHash = encryptionConfiguration.EncryptionFileContentHash - klog.V(2).InfoS("Loaded new kms encryption config content", "name", d.name) - - updatedEffectiveConfig = true - return true -} - -// loadEncryptionConfig processes the next set of content from the file. -func (d *DynamicKMSEncryptionConfigContent) processEncryptionConfig(ctx context.Context) ( - encryptionConfiguration *encryptionconfig.EncryptionConfiguration, - configChanged bool, - err error, -) { - // this code path will only execute if reload=true. So passing true explicitly. - encryptionConfiguration, err = encryptionconfig.LoadEncryptionConfig(d.filePath, true, ctx.Done()) - if err != nil { - return nil, false, err - } - - // check if encryptionConfig is different from the current. Do nothing if they are the same. - if encryptionConfiguration.EncryptionFileContentHash == d.lastLoadedEncryptionConfigHash { - klog.V(4).InfoS("Encryption config has not changed", "name", d.name) - return nil, false, nil - } - return encryptionConfiguration, true, nil -} - -func (d *DynamicKMSEncryptionConfigContent) validateNewTransformersHealth( - ctx context.Context, - kmsPluginHealthzCheck healthz.HealthChecker, - kmsPluginCloseGracePeriod time.Duration, -) error { - // test if new transformers are healthy - var healthCheckError error - - if kmsPluginCloseGracePeriod < 10*time.Second { - kmsPluginCloseGracePeriod = 10 * time.Second - } - - pollErr := wait.PollImmediate(100*time.Millisecond, kmsPluginCloseGracePeriod, func() (bool, error) { - // create a fake http get request to health check endpoint - req, err := http.NewRequestWithContext(ctx, http.MethodGet, fmt.Sprintf("/healthz/%s", kmsPluginHealthzCheck.Name()), nil) - if err != nil { - return false, err - } - - healthCheckError = kmsPluginHealthzCheck.Check(req) - return healthCheckError == nil, nil - }) - if pollErr != nil { - return fmt.Errorf("health check for new transformers failed, polling error %v: %w", pollErr, healthCheckError) - } - klog.V(2).InfoS("Health check succeeded") - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/etcd.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/etcd.go deleted file mode 100644 index a570efc611..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/etcd.go +++ /dev/null @@ -1,476 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "net/http" - "strconv" - "strings" - "time" - - "github.com/spf13/pflag" - - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/healthz" - "k8s.io/apiserver/pkg/server/options/encryptionconfig" - kmsconfigcontroller "k8s.io/apiserver/pkg/server/options/encryptionconfig/controller" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/apiserver/pkg/storage/storagebackend" - storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory" - flowcontrolrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - "k8s.io/klog/v2" -) - -type EtcdOptions struct { - // The value of Paging on StorageConfig will be overridden by the - // calculated feature gate value. - StorageConfig storagebackend.Config - EncryptionProviderConfigFilepath string - EncryptionProviderConfigAutomaticReload bool - - EtcdServersOverrides []string - - // To enable protobuf as storage format, it is enough - // to set it to "application/vnd.kubernetes.protobuf". - DefaultStorageMediaType string - DeleteCollectionWorkers int - EnableGarbageCollection bool - - // Set EnableWatchCache to false to disable all watch caches - EnableWatchCache bool - // Set DefaultWatchCacheSize to zero to disable watch caches for those resources that have no explicit cache size set - DefaultWatchCacheSize int - // WatchCacheSizes represents override to a given resource - WatchCacheSizes []string - - // complete guards fields that must be initialized via Complete before the Apply methods can be used. - complete bool - resourceTransformers encryptionconfig.ResourceTransformers - kmsPluginHealthzChecks []healthz.HealthChecker - - // SkipHealthEndpoints, when true, causes the Apply methods to not set up health endpoints. - // This allows multiple invocations of the Apply methods without duplication of said endpoints. - SkipHealthEndpoints bool -} - -var storageTypes = sets.NewString( - storagebackend.StorageTypeETCD3, -) - -func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions { - options := &EtcdOptions{ - StorageConfig: *backendConfig, - DefaultStorageMediaType: "application/json", - DeleteCollectionWorkers: 1, - EnableGarbageCollection: true, - EnableWatchCache: true, - DefaultWatchCacheSize: 100, - } - options.StorageConfig.CountMetricPollPeriod = time.Minute - return options -} - -func (s *EtcdOptions) Validate() []error { - if s == nil { - return nil - } - - allErrors := []error{} - if len(s.StorageConfig.Transport.ServerList) == 0 { - allErrors = append(allErrors, fmt.Errorf("--etcd-servers must be specified")) - } - - if s.StorageConfig.Type != storagebackend.StorageTypeUnset && !storageTypes.Has(s.StorageConfig.Type) { - allErrors = append(allErrors, fmt.Errorf("--storage-backend invalid, allowed values: %s. If not specified, it will default to 'etcd3'", strings.Join(storageTypes.List(), ", "))) - } - - for _, override := range s.EtcdServersOverrides { - tokens := strings.Split(override, "#") - if len(tokens) != 2 { - allErrors = append(allErrors, fmt.Errorf("--etcd-servers-overrides invalid, must be of format: group/resource#servers, where servers are URLs, semicolon separated")) - continue - } - - apiresource := strings.Split(tokens[0], "/") - if len(apiresource) != 2 { - allErrors = append(allErrors, fmt.Errorf("--etcd-servers-overrides invalid, must be of format: group/resource#servers, where servers are URLs, semicolon separated")) - continue - } - - } - - if len(s.EncryptionProviderConfigFilepath) == 0 && s.EncryptionProviderConfigAutomaticReload { - allErrors = append(allErrors, fmt.Errorf("--encryption-provider-config-automatic-reload must be set with --encryption-provider-config")) - } - - return allErrors -} - -// AddFlags adds flags related to etcd storage for a specific APIServer to the specified FlagSet -func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) { - if s == nil { - return - } - - fs.StringSliceVar(&s.EtcdServersOverrides, "etcd-servers-overrides", s.EtcdServersOverrides, ""+ - "Per-resource etcd servers overrides, comma separated. The individual override "+ - "format: group/resource#servers, where servers are URLs, semicolon separated. "+ - "Note that this applies only to resources compiled into this server binary. ") - - fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+ - "The media type to use to store objects in storage. "+ - "Some resources or storage backends may only support a specific media type and will ignore this setting. "+ - "Supported media types: [application/json, application/yaml, application/vnd.kubernetes.protobuf]") - fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers, - "Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.") - - fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+ - "Enables the generic garbage collector. MUST be synced with the corresponding flag "+ - "of the kube-controller-manager.") - - fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache, - "Enable watch caching in the apiserver") - - fs.IntVar(&s.DefaultWatchCacheSize, "default-watch-cache-size", s.DefaultWatchCacheSize, - "Default watch cache size. If zero, watch cache will be disabled for resources that do not have a default watch size set.") - - fs.MarkDeprecated("default-watch-cache-size", - "watch caches are sized automatically and this flag will be removed in a future version") - - fs.StringSliceVar(&s.WatchCacheSizes, "watch-cache-sizes", s.WatchCacheSizes, ""+ - "Watch cache size settings for some resources (pods, nodes, etc.), comma separated. "+ - "The individual setting format: resource[.group]#size, where resource is lowercase plural (no version), "+ - "group is omitted for resources of apiVersion v1 (the legacy core API) and included for others, "+ - "and size is a number. This option is only meaningful for resources built into the apiserver, "+ - "not ones defined by CRDs or aggregated from external servers, and is only consulted if the "+ - "watch-cache is enabled. The only meaningful size setting to supply here is zero, which means to "+ - "disable watch caching for the associated resource; all non-zero values are equivalent and mean "+ - "to not disable watch caching for that resource") - - fs.StringVar(&s.StorageConfig.Type, "storage-backend", s.StorageConfig.Type, - "The storage backend for persistence. Options: 'etcd3' (default).") - - fs.StringSliceVar(&s.StorageConfig.Transport.ServerList, "etcd-servers", s.StorageConfig.Transport.ServerList, - "List of etcd servers to connect with (scheme://ip:port), comma separated.") - - fs.StringVar(&s.StorageConfig.Prefix, "etcd-prefix", s.StorageConfig.Prefix, - "The prefix to prepend to all resource paths in etcd.") - - fs.StringVar(&s.StorageConfig.Transport.KeyFile, "etcd-keyfile", s.StorageConfig.Transport.KeyFile, - "SSL key file used to secure etcd communication.") - - fs.StringVar(&s.StorageConfig.Transport.CertFile, "etcd-certfile", s.StorageConfig.Transport.CertFile, - "SSL certification file used to secure etcd communication.") - - fs.StringVar(&s.StorageConfig.Transport.TrustedCAFile, "etcd-cafile", s.StorageConfig.Transport.TrustedCAFile, - "SSL Certificate Authority file used to secure etcd communication.") - - fs.StringVar(&s.EncryptionProviderConfigFilepath, "encryption-provider-config", s.EncryptionProviderConfigFilepath, - "The file containing configuration for encryption providers to be used for storing secrets in etcd") - - fs.BoolVar(&s.EncryptionProviderConfigAutomaticReload, "encryption-provider-config-automatic-reload", s.EncryptionProviderConfigAutomaticReload, - "Determines if the file set by --encryption-provider-config should be automatically reloaded if the disk contents change. "+ - "Setting this to true disables the ability to uniquely identify distinct KMS plugins via the API server healthz endpoints.") - - fs.DurationVar(&s.StorageConfig.CompactionInterval, "etcd-compaction-interval", s.StorageConfig.CompactionInterval, - "The interval of compaction requests. If 0, the compaction request from apiserver is disabled.") - - fs.DurationVar(&s.StorageConfig.CountMetricPollPeriod, "etcd-count-metric-poll-period", s.StorageConfig.CountMetricPollPeriod, ""+ - "Frequency of polling etcd for number of resources per type. 0 disables the metric collection.") - - fs.DurationVar(&s.StorageConfig.DBMetricPollInterval, "etcd-db-metric-poll-interval", s.StorageConfig.DBMetricPollInterval, - "The interval of requests to poll etcd and update metric. 0 disables the metric collection") - - fs.DurationVar(&s.StorageConfig.HealthcheckTimeout, "etcd-healthcheck-timeout", s.StorageConfig.HealthcheckTimeout, - "The timeout to use when checking etcd health.") - - fs.DurationVar(&s.StorageConfig.ReadycheckTimeout, "etcd-readycheck-timeout", s.StorageConfig.ReadycheckTimeout, - "The timeout to use when checking etcd readiness") - - fs.Int64Var(&s.StorageConfig.LeaseManagerConfig.ReuseDurationSeconds, "lease-reuse-duration-seconds", s.StorageConfig.LeaseManagerConfig.ReuseDurationSeconds, - "The time in seconds that each lease is reused. A lower value could avoid large number of objects reusing the same lease. Notice that a too small value may cause performance problems at storage layer.") -} - -// Complete must be called exactly once before using any of the Apply methods. It is responsible for setting -// up objects that must be created once and reused across multiple invocations such as storage transformers. -// This method mutates the receiver (EtcdOptions). It must never mutate the inputs. -func (s *EtcdOptions) Complete( - storageObjectCountTracker flowcontrolrequest.StorageObjectCountTracker, - stopCh <-chan struct{}, - addPostStartHook func(name string, hook server.PostStartHookFunc) error, -) error { - if s == nil { - return nil - } - - if s.complete { - return fmt.Errorf("EtcdOptions.Complete called more than once") - } - - if len(s.EncryptionProviderConfigFilepath) != 0 { - ctxTransformers, closeTransformers := wait.ContextForChannel(stopCh) - ctxServer, _ := wait.ContextForChannel(stopCh) // explicitly ignore cancel here because we do not own the server's lifecycle - - encryptionConfiguration, err := encryptionconfig.LoadEncryptionConfig(s.EncryptionProviderConfigFilepath, s.EncryptionProviderConfigAutomaticReload, ctxTransformers.Done()) - if err != nil { - // in case of error, we want to close partially initialized (if any) transformers - closeTransformers() - return err - } - - // enable kms hot reload controller only if the config file is set to be automatically reloaded - if s.EncryptionProviderConfigAutomaticReload { - // with reload=true we will always have 1 health check - if len(encryptionConfiguration.HealthChecks) != 1 { - // in case of error, we want to close partially initialized (if any) transformers - closeTransformers() - return fmt.Errorf("failed to start kms encryption config hot reload controller. only 1 health check should be available when reload is enabled") - } - - dynamicTransformers := encryptionconfig.NewDynamicTransformers(encryptionConfiguration.Transformers, encryptionConfiguration.HealthChecks[0], closeTransformers, encryptionConfiguration.KMSCloseGracePeriod) - - s.resourceTransformers = dynamicTransformers - s.kmsPluginHealthzChecks = []healthz.HealthChecker{dynamicTransformers} - - // add post start hook to start hot reload controller - // adding this hook here will ensure that it gets configured exactly once - err = addPostStartHook( - "start-encryption-provider-config-automatic-reload", - func(hookContext server.PostStartHookContext) error { - kmsConfigController := kmsconfigcontroller.NewDynamicKMSEncryptionConfiguration( - "kms-encryption-config", - s.EncryptionProviderConfigFilepath, - dynamicTransformers, - encryptionConfiguration.EncryptionFileContentHash, - ctxServer.Done(), - ) - - go kmsConfigController.Run(ctxServer) - - return nil - }, - ) - if err != nil { - // in case of error, we want to close partially initialized (if any) transformers - closeTransformers() - return fmt.Errorf("failed to add post start hook for kms encryption config hot reload controller: %w", err) - } - } else { - s.resourceTransformers = encryptionconfig.StaticTransformers(encryptionConfiguration.Transformers) - s.kmsPluginHealthzChecks = encryptionConfiguration.HealthChecks - } - } - - s.StorageConfig.StorageObjectCountTracker = storageObjectCountTracker - - s.complete = true - - return nil -} - -// ApplyTo mutates the provided server.Config. It must never mutate the receiver (EtcdOptions). -func (s *EtcdOptions) ApplyTo(c *server.Config) error { - if s == nil { - return nil - } - - return s.ApplyWithStorageFactoryTo(&SimpleStorageFactory{StorageConfig: s.StorageConfig}, c) -} - -// ApplyWithStorageFactoryTo mutates the provided server.Config. It must never mutate the receiver (EtcdOptions). -func (s *EtcdOptions) ApplyWithStorageFactoryTo(factory serverstorage.StorageFactory, c *server.Config) error { - if s == nil { - return nil - } - - if !s.complete { - return fmt.Errorf("EtcdOptions.Apply called without completion") - } - - if !s.SkipHealthEndpoints { - if err := s.addEtcdHealthEndpoint(c); err != nil { - return err - } - } - - if s.resourceTransformers != nil { - factory = &transformerStorageFactory{ - delegate: factory, - resourceTransformers: s.resourceTransformers, - } - } - - c.RESTOptionsGetter = &StorageFactoryRestOptionsFactory{Options: *s, StorageFactory: factory} - return nil -} - -func (s *EtcdOptions) addEtcdHealthEndpoint(c *server.Config) error { - healthCheck, err := storagefactory.CreateHealthCheck(s.StorageConfig, c.DrainedNotify()) - if err != nil { - return err - } - c.AddHealthChecks(healthz.NamedCheck("etcd", func(r *http.Request) error { - return healthCheck() - })) - - readyCheck, err := storagefactory.CreateReadyCheck(s.StorageConfig, c.DrainedNotify()) - if err != nil { - return err - } - c.AddReadyzChecks(healthz.NamedCheck("etcd-readiness", func(r *http.Request) error { - return readyCheck() - })) - - c.AddHealthChecks(s.kmsPluginHealthzChecks...) - - return nil -} - -type StorageFactoryRestOptionsFactory struct { - Options EtcdOptions - StorageFactory serverstorage.StorageFactory -} - -func (f *StorageFactoryRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error) { - storageConfig, err := f.StorageFactory.NewConfig(resource) - if err != nil { - return generic.RESTOptions{}, fmt.Errorf("unable to find storage destination for %v, due to %v", resource, err.Error()) - } - - ret := generic.RESTOptions{ - StorageConfig: storageConfig, - Decorator: generic.UndecoratedStorage, - DeleteCollectionWorkers: f.Options.DeleteCollectionWorkers, - EnableGarbageCollection: f.Options.EnableGarbageCollection, - ResourcePrefix: f.StorageFactory.ResourcePrefix(resource), - CountMetricPollPeriod: f.Options.StorageConfig.CountMetricPollPeriod, - StorageObjectCountTracker: f.Options.StorageConfig.StorageObjectCountTracker, - } - - if f.Options.EnableWatchCache { - sizes, err := ParseWatchCacheSizes(f.Options.WatchCacheSizes) - if err != nil { - return generic.RESTOptions{}, err - } - size, ok := sizes[resource] - if ok && size > 0 { - klog.Warningf("Dropping watch-cache-size for %v - watchCache size is now dynamic", resource) - } - if ok && size <= 0 { - klog.V(3).InfoS("Not using watch cache", "resource", resource) - ret.Decorator = generic.UndecoratedStorage - } else { - klog.V(3).InfoS("Using watch cache", "resource", resource) - ret.Decorator = genericregistry.StorageWithCacher() - } - } - - return ret, nil -} - -// ParseWatchCacheSizes turns a list of cache size values into a map of group resources -// to requested sizes. -func ParseWatchCacheSizes(cacheSizes []string) (map[schema.GroupResource]int, error) { - watchCacheSizes := make(map[schema.GroupResource]int) - for _, c := range cacheSizes { - tokens := strings.Split(c, "#") - if len(tokens) != 2 { - return nil, fmt.Errorf("invalid value of watch cache size: %s", c) - } - - size, err := strconv.Atoi(tokens[1]) - if err != nil { - return nil, fmt.Errorf("invalid size of watch cache size: %s", c) - } - if size < 0 { - return nil, fmt.Errorf("watch cache size cannot be negative: %s", c) - } - watchCacheSizes[schema.ParseGroupResource(tokens[0])] = size - } - return watchCacheSizes, nil -} - -// WriteWatchCacheSizes turns a map of cache size values into a list of string specifications. -func WriteWatchCacheSizes(watchCacheSizes map[schema.GroupResource]int) ([]string, error) { - var cacheSizes []string - - for resource, size := range watchCacheSizes { - if size < 0 { - return nil, fmt.Errorf("watch cache size cannot be negative for resource %s", resource) - } - cacheSizes = append(cacheSizes, fmt.Sprintf("%s#%d", resource.String(), size)) - } - return cacheSizes, nil -} - -var _ serverstorage.StorageFactory = &SimpleStorageFactory{} - -// SimpleStorageFactory provides a StorageFactory implementation that should be used when different -// resources essentially share the same storage config (as defined by the given storagebackend.Config). -// It assumes the resources are stored at a path that is purely based on the schema.GroupResource. -// Users that need flexibility and per resource overrides should use DefaultStorageFactory instead. -type SimpleStorageFactory struct { - StorageConfig storagebackend.Config -} - -func (s *SimpleStorageFactory) NewConfig(resource schema.GroupResource) (*storagebackend.ConfigForResource, error) { - return s.StorageConfig.ForResource(resource), nil -} - -func (s *SimpleStorageFactory) ResourcePrefix(resource schema.GroupResource) string { - return resource.Group + "/" + resource.Resource -} - -func (s *SimpleStorageFactory) Backends() []serverstorage.Backend { - // nothing should ever call this method but we still provide a functional implementation - return serverstorage.Backends(s.StorageConfig) -} - -var _ serverstorage.StorageFactory = &transformerStorageFactory{} - -type transformerStorageFactory struct { - delegate serverstorage.StorageFactory - resourceTransformers encryptionconfig.ResourceTransformers -} - -func (t *transformerStorageFactory) NewConfig(resource schema.GroupResource) (*storagebackend.ConfigForResource, error) { - config, err := t.delegate.NewConfig(resource) - if err != nil { - return nil, err - } - - configCopy := *config - resourceConfig := configCopy.Config - resourceConfig.Transformer = t.resourceTransformers.TransformerForResource(resource) - configCopy.Config = resourceConfig - - return &configCopy, nil -} - -func (t *transformerStorageFactory) ResourcePrefix(resource schema.GroupResource) string { - return t.delegate.ResourcePrefix(resource) -} - -func (t *transformerStorageFactory) Backends() []serverstorage.Backend { - return t.delegate.Backends() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/feature.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/feature.go deleted file mode 100644 index e8a6241842..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/feature.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "github.com/spf13/pflag" - - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apiserver/pkg/server" -) - -type FeatureOptions struct { - EnableProfiling bool - EnableContentionProfiling bool -} - -func NewFeatureOptions() *FeatureOptions { - defaults := server.NewConfig(serializer.CodecFactory{}) - - return &FeatureOptions{ - EnableProfiling: defaults.EnableProfiling, - EnableContentionProfiling: defaults.EnableContentionProfiling, - } -} - -func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet) { - if o == nil { - return - } - - fs.BoolVar(&o.EnableProfiling, "profiling", o.EnableProfiling, - "Enable profiling via web interface host:port/debug/pprof/") - fs.BoolVar(&o.EnableContentionProfiling, "contention-profiling", o.EnableContentionProfiling, - "Enable lock contention profiling, if profiling is enabled") -} - -func (o *FeatureOptions) ApplyTo(c *server.Config) error { - if o == nil { - return nil - } - - c.EnableProfiling = o.EnableProfiling - c.EnableContentionProfiling = o.EnableContentionProfiling - - return nil -} - -func (o *FeatureOptions) Validate() []error { - if o == nil { - return nil - } - - errs := []error{} - return errs -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/recommended.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/recommended.go deleted file mode 100644 index 28aad0daf6..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/recommended.go +++ /dev/null @@ -1,172 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - - "github.com/spf13/pflag" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/storage/storagebackend" - "k8s.io/apiserver/pkg/util/feature" - utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" - "k8s.io/client-go/kubernetes" - "k8s.io/component-base/featuregate" - "k8s.io/klog/v2" -) - -// RecommendedOptions contains the recommended options for running an API server. -// If you add something to this list, it should be in a logical grouping. -// Each of them can be nil to leave the feature unconfigured on ApplyTo. -type RecommendedOptions struct { - Etcd *EtcdOptions - SecureServing *SecureServingOptionsWithLoopback - Authentication *DelegatingAuthenticationOptions - Authorization *DelegatingAuthorizationOptions - Audit *AuditOptions - Features *FeatureOptions - CoreAPI *CoreAPIOptions - - // FeatureGate is a way to plumb feature gate through if you have them. - FeatureGate featuregate.FeatureGate - // ExtraAdmissionInitializers is called once after all ApplyTo from the options above, to pass the returned - // admission plugin initializers to Admission.ApplyTo. - ExtraAdmissionInitializers func(c *server.RecommendedConfig) ([]admission.PluginInitializer, error) - Admission *AdmissionOptions - // API Server Egress Selector is used to control outbound traffic from the API Server - EgressSelector *EgressSelectorOptions - // Traces contains options to control distributed request tracing. - Traces *TracingOptions -} - -func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptions { - sso := NewSecureServingOptions() - - // We are composing recommended options for an aggregated api-server, - // whose client is typically a proxy multiplexing many operations --- - // notably including long-running ones --- into one HTTP/2 connection - // into this server. So allow many concurrent operations. - sso.HTTP2MaxStreamsPerConnection = 1000 - - return &RecommendedOptions{ - Etcd: NewEtcdOptions(storagebackend.NewDefaultConfig(prefix, codec)), - SecureServing: sso.WithLoopback(), - Authentication: NewDelegatingAuthenticationOptions(), - Authorization: NewDelegatingAuthorizationOptions(), - Audit: NewAuditOptions(), - Features: NewFeatureOptions(), - CoreAPI: NewCoreAPIOptions(), - // Wired a global by default that sadly people will abuse to have different meanings in different repos. - // Please consider creating your own FeatureGate so you can have a consistent meaning for what a variable contains - // across different repos. Future you will thank you. - FeatureGate: feature.DefaultFeatureGate, - ExtraAdmissionInitializers: func(c *server.RecommendedConfig) ([]admission.PluginInitializer, error) { return nil, nil }, - Admission: NewAdmissionOptions(), - EgressSelector: NewEgressSelectorOptions(), - Traces: NewTracingOptions(), - } -} - -func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) { - o.Etcd.AddFlags(fs) - o.SecureServing.AddFlags(fs) - o.Authentication.AddFlags(fs) - o.Authorization.AddFlags(fs) - o.Audit.AddFlags(fs) - o.Features.AddFlags(fs) - o.CoreAPI.AddFlags(fs) - o.Admission.AddFlags(fs) - o.EgressSelector.AddFlags(fs) - o.Traces.AddFlags(fs) -} - -// ApplyTo adds RecommendedOptions to the server configuration. -// pluginInitializers can be empty, it is only need for additional initializers. -func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error { - if err := o.Etcd.Complete(config.Config.StorageObjectCountTracker, config.Config.DrainedNotify(), config.Config.AddPostStartHook); err != nil { - return err - } - if err := o.Etcd.ApplyTo(&config.Config); err != nil { - return err - } - if err := o.EgressSelector.ApplyTo(&config.Config); err != nil { - return err - } - if err := o.Traces.ApplyTo(config.Config.EgressSelector, &config.Config); err != nil { - return err - } - if err := o.SecureServing.ApplyTo(&config.Config.SecureServing, &config.Config.LoopbackClientConfig); err != nil { - return err - } - if err := o.Authentication.ApplyTo(&config.Config.Authentication, config.SecureServing, config.OpenAPIConfig); err != nil { - return err - } - if err := o.Authorization.ApplyTo(&config.Config.Authorization); err != nil { - return err - } - if err := o.Audit.ApplyTo(&config.Config); err != nil { - return err - } - if err := o.Features.ApplyTo(&config.Config); err != nil { - return err - } - if err := o.CoreAPI.ApplyTo(config); err != nil { - return err - } - if initializers, err := o.ExtraAdmissionInitializers(config); err != nil { - return err - } else if err := o.Admission.ApplyTo(&config.Config, config.SharedInformerFactory, config.ClientConfig, o.FeatureGate, initializers...); err != nil { - return err - } - if feature.DefaultFeatureGate.Enabled(features.APIPriorityAndFairness) { - if config.ClientConfig != nil { - if config.MaxRequestsInFlight+config.MaxMutatingRequestsInFlight <= 0 { - return fmt.Errorf("invalid configuration: MaxRequestsInFlight=%d and MaxMutatingRequestsInFlight=%d; they must add up to something positive", config.MaxRequestsInFlight, config.MaxMutatingRequestsInFlight) - - } - config.FlowControl = utilflowcontrol.New( - config.SharedInformerFactory, - kubernetes.NewForConfigOrDie(config.ClientConfig).FlowcontrolV1beta3(), - config.MaxRequestsInFlight+config.MaxMutatingRequestsInFlight, - config.RequestTimeout/4, - ) - } else { - klog.Warningf("Neither kubeconfig is provided nor service-account is mounted, so APIPriorityAndFairness will be disabled") - } - } - return nil -} - -func (o *RecommendedOptions) Validate() []error { - errors := []error{} - errors = append(errors, o.Etcd.Validate()...) - errors = append(errors, o.SecureServing.Validate()...) - errors = append(errors, o.Authentication.Validate()...) - errors = append(errors, o.Authorization.Validate()...) - errors = append(errors, o.Audit.Validate()...) - errors = append(errors, o.Features.Validate()...) - errors = append(errors, o.CoreAPI.Validate()...) - errors = append(errors, o.Admission.Validate()...) - errors = append(errors, o.EgressSelector.Validate()...) - errors = append(errors, o.Traces.Validate()...) - - return errors -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/server_run_options.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/server_run_options.go deleted file mode 100644 index 000b9867e3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/server_run_options.go +++ /dev/null @@ -1,282 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "net" - "strings" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/server" - utilfeature "k8s.io/apiserver/pkg/util/feature" - - "github.com/spf13/pflag" -) - -// ServerRunOptions contains the options while running a generic api server. -type ServerRunOptions struct { - AdvertiseAddress net.IP - - CorsAllowedOriginList []string - HSTSDirectives []string - ExternalHost string - MaxRequestsInFlight int - MaxMutatingRequestsInFlight int - RequestTimeout time.Duration - GoawayChance float64 - LivezGracePeriod time.Duration - MinRequestTimeout int - ShutdownDelayDuration time.Duration - // We intentionally did not add a flag for this option. Users of the - // apiserver library can wire it to a flag. - JSONPatchMaxCopyBytes int64 - // The limit on the request body size that would be accepted and - // decoded in a write request. 0 means no limit. - // We intentionally did not add a flag for this option. Users of the - // apiserver library can wire it to a flag. - MaxRequestBodyBytes int64 - EnablePriorityAndFairness bool - - // ShutdownSendRetryAfter dictates when to initiate shutdown of the HTTP - // Server during the graceful termination of the apiserver. If true, we wait - // for non longrunning requests in flight to be drained and then initiate a - // shutdown of the HTTP Server. If false, we initiate a shutdown of the HTTP - // Server as soon as ShutdownDelayDuration has elapsed. - // If enabled, after ShutdownDelayDuration elapses, any incoming request is - // rejected with a 429 status code and a 'Retry-After' response. - ShutdownSendRetryAfter bool - - // SendRetryAfterWhileNotReadyOnce, if enabled, the apiserver will - // reject all incoming requests with a 503 status code and a - // 'Retry-After' response header until the apiserver has fully - // initialized, except for requests from a designated debugger group. - // This option ensures that the system stays consistent even when - // requests are received before the server has been initialized. - // In particular, it prevents child deletion in case of GC or/and - // orphaned content in case of the namespaces controller. - // NOTE: this option is applicable to Microshift only, - // this should never be enabled for OCP. - SendRetryAfterWhileNotReadyOnce bool -} - -func NewServerRunOptions() *ServerRunOptions { - defaults := server.NewConfig(serializer.CodecFactory{}) - return &ServerRunOptions{ - MaxRequestsInFlight: defaults.MaxRequestsInFlight, - MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight, - RequestTimeout: defaults.RequestTimeout, - LivezGracePeriod: defaults.LivezGracePeriod, - MinRequestTimeout: defaults.MinRequestTimeout, - ShutdownDelayDuration: defaults.ShutdownDelayDuration, - JSONPatchMaxCopyBytes: defaults.JSONPatchMaxCopyBytes, - MaxRequestBodyBytes: defaults.MaxRequestBodyBytes, - EnablePriorityAndFairness: true, - ShutdownSendRetryAfter: false, - SendRetryAfterWhileNotReadyOnce: false, - } -} - -// ApplyTo applies the run options to the method receiver and returns self -func (s *ServerRunOptions) ApplyTo(c *server.Config) error { - c.CorsAllowedOriginList = s.CorsAllowedOriginList - c.HSTSDirectives = s.HSTSDirectives - c.ExternalAddress = s.ExternalHost - c.MaxRequestsInFlight = s.MaxRequestsInFlight - c.MaxMutatingRequestsInFlight = s.MaxMutatingRequestsInFlight - c.LivezGracePeriod = s.LivezGracePeriod - c.RequestTimeout = s.RequestTimeout - c.GoawayChance = s.GoawayChance - c.MinRequestTimeout = s.MinRequestTimeout - c.ShutdownDelayDuration = s.ShutdownDelayDuration - c.JSONPatchMaxCopyBytes = s.JSONPatchMaxCopyBytes - c.MaxRequestBodyBytes = s.MaxRequestBodyBytes - c.PublicAddress = s.AdvertiseAddress - c.ShutdownSendRetryAfter = s.ShutdownSendRetryAfter - c.SendRetryAfterWhileNotReadyOnce = s.SendRetryAfterWhileNotReadyOnce - - return nil -} - -// DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. -func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions) error { - if secure == nil { - return nil - } - - if s.AdvertiseAddress == nil || s.AdvertiseAddress.IsUnspecified() { - hostIP, err := secure.DefaultExternalAddress() - if err != nil { - return fmt.Errorf("Unable to find suitable network address.error='%v'. "+ - "Try to set the AdvertiseAddress directly or provide a valid BindAddress to fix this.", err) - } - s.AdvertiseAddress = hostIP - } - - return nil -} - -// Validate checks validation of ServerRunOptions -func (s *ServerRunOptions) Validate() []error { - errors := []error{} - - if s.LivezGracePeriod < 0 { - errors = append(errors, fmt.Errorf("--livez-grace-period can not be a negative value")) - } - - if s.MaxRequestsInFlight < 0 { - errors = append(errors, fmt.Errorf("--max-requests-inflight can not be negative value")) - } - if s.MaxMutatingRequestsInFlight < 0 { - errors = append(errors, fmt.Errorf("--max-mutating-requests-inflight can not be negative value")) - } - - if s.RequestTimeout.Nanoseconds() < 0 { - errors = append(errors, fmt.Errorf("--request-timeout can not be negative value")) - } - - if s.GoawayChance < 0 || s.GoawayChance > 0.02 { - errors = append(errors, fmt.Errorf("--goaway-chance can not be less than 0 or greater than 0.02")) - } - - if s.MinRequestTimeout < 0 { - errors = append(errors, fmt.Errorf("--min-request-timeout can not be negative value")) - } - - if s.ShutdownDelayDuration < 0 { - errors = append(errors, fmt.Errorf("--shutdown-delay-duration can not be negative value")) - } - - if s.JSONPatchMaxCopyBytes < 0 { - errors = append(errors, fmt.Errorf("ServerRunOptions.JSONPatchMaxCopyBytes can not be negative value")) - } - - if s.MaxRequestBodyBytes < 0 { - errors = append(errors, fmt.Errorf("ServerRunOptions.MaxRequestBodyBytes can not be negative value")) - } - - if err := validateHSTSDirectives(s.HSTSDirectives); err != nil { - errors = append(errors, err) - } - return errors -} - -func validateHSTSDirectives(hstsDirectives []string) error { - // HSTS Headers format: Strict-Transport-Security:max-age=expireTime [;includeSubDomains] [;preload] - // See https://tools.ietf.org/html/rfc6797#section-6.1 for more information - allErrors := []error{} - for _, hstsDirective := range hstsDirectives { - if len(strings.TrimSpace(hstsDirective)) == 0 { - allErrors = append(allErrors, fmt.Errorf("empty value in strict-transport-security-directives")) - continue - } - if hstsDirective != "includeSubDomains" && hstsDirective != "preload" { - maxAgeDirective := strings.Split(hstsDirective, "=") - if len(maxAgeDirective) != 2 || maxAgeDirective[0] != "max-age" { - allErrors = append(allErrors, fmt.Errorf("--strict-transport-security-directives invalid, allowed values: max-age=expireTime, includeSubDomains, preload. see https://tools.ietf.org/html/rfc6797#section-6.1 for more information")) - } - } - } - return errors.NewAggregate(allErrors) -} - -// AddUniversalFlags adds flags for a specific APIServer to the specified FlagSet -func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) { - // Note: the weird ""+ in below lines seems to be the only way to get gofmt to - // arrange these text blocks sensibly. Grrr. - - fs.IPVar(&s.AdvertiseAddress, "advertise-address", s.AdvertiseAddress, ""+ - "The IP address on which to advertise the apiserver to members of the cluster. This "+ - "address must be reachable by the rest of the cluster. If blank, the --bind-address "+ - "will be used. If --bind-address is unspecified, the host's default interface will "+ - "be used.") - - fs.StringSliceVar(&s.CorsAllowedOriginList, "cors-allowed-origins", s.CorsAllowedOriginList, ""+ - "List of allowed origins for CORS, comma separated. An allowed origin can be a regular "+ - "expression to support subdomain matching. If this list is empty CORS will not be enabled.") - - fs.StringSliceVar(&s.HSTSDirectives, "strict-transport-security-directives", s.HSTSDirectives, ""+ - "List of directives for HSTS, comma separated. If this list is empty, then HSTS directives will not "+ - "be added. Example: 'max-age=31536000,includeSubDomains,preload'") - - fs.StringVar(&s.ExternalHost, "external-hostname", s.ExternalHost, - "The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs or OpenID Discovery).") - - deprecatedMasterServiceNamespace := metav1.NamespaceDefault - fs.StringVar(&deprecatedMasterServiceNamespace, "master-service-namespace", deprecatedMasterServiceNamespace, ""+ - "DEPRECATED: the namespace from which the Kubernetes master services should be injected into pods.") - fs.MarkDeprecated("master-service-namespace", "This flag will be removed in v1.27") - - fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", s.MaxRequestsInFlight, ""+ - "This and --max-mutating-requests-inflight are summed to determine the server's total concurrency limit "+ - "(which must be positive) if --enable-priority-and-fairness is true. "+ - "Otherwise, this flag limits the maximum number of non-mutating requests in flight, "+ - "or a zero value disables the limit completely.") - - fs.IntVar(&s.MaxMutatingRequestsInFlight, "max-mutating-requests-inflight", s.MaxMutatingRequestsInFlight, ""+ - "This and --max-requests-inflight are summed to determine the server's total concurrency limit "+ - "(which must be positive) if --enable-priority-and-fairness is true. "+ - "Otherwise, this flag limits the maximum number of mutating requests in flight, "+ - "or a zero value disables the limit completely.") - - fs.DurationVar(&s.RequestTimeout, "request-timeout", s.RequestTimeout, ""+ - "An optional field indicating the duration a handler must keep a request open before timing "+ - "it out. This is the default request timeout for requests but may be overridden by flags such as "+ - "--min-request-timeout for specific types of requests.") - - fs.Float64Var(&s.GoawayChance, "goaway-chance", s.GoawayChance, ""+ - "To prevent HTTP/2 clients from getting stuck on a single apiserver, randomly close a connection (GOAWAY). "+ - "The client's other in-flight requests won't be affected, and the client will reconnect, likely landing on a different apiserver after going through the load balancer again. "+ - "This argument sets the fraction of requests that will be sent a GOAWAY. Clusters with single apiservers, or which don't use a load balancer, should NOT enable this. "+ - "Min is 0 (off), Max is .02 (1/50 requests); .001 (1/1000) is a recommended starting point.") - - fs.DurationVar(&s.LivezGracePeriod, "livez-grace-period", s.LivezGracePeriod, ""+ - "This option represents the maximum amount of time it should take for apiserver to complete its startup sequence "+ - "and become live. From apiserver's start time to when this amount of time has elapsed, /livez will assume "+ - "that unfinished post-start hooks will complete successfully and therefore return true.") - - fs.IntVar(&s.MinRequestTimeout, "min-request-timeout", s.MinRequestTimeout, ""+ - "An optional field indicating the minimum number of seconds a handler must keep "+ - "a request open before timing it out. Currently only honored by the watch request "+ - "handler, which picks a randomized value above this number as the connection timeout, "+ - "to spread out load.") - - fs.BoolVar(&s.EnablePriorityAndFairness, "enable-priority-and-fairness", s.EnablePriorityAndFairness, ""+ - "If true and the APIPriorityAndFairness feature gate is enabled, replace the max-in-flight handler with an enhanced one that queues and dispatches with priority and fairness") - - fs.DurationVar(&s.ShutdownDelayDuration, "shutdown-delay-duration", s.ShutdownDelayDuration, ""+ - "Time to delay the termination. During that time the server keeps serving requests normally. The endpoints /healthz and /livez "+ - "will return success, but /readyz immediately returns failure. Graceful termination starts after this delay "+ - "has elapsed. This can be used to allow load balancer to stop sending traffic to this server.") - - fs.BoolVar(&s.ShutdownSendRetryAfter, "shutdown-send-retry-after", s.ShutdownSendRetryAfter, ""+ - "If true the HTTP Server will continue listening until all non long running request(s) in flight have been drained, "+ - "during this window all incoming requests will be rejected with a status code 429 and a 'Retry-After' response header, "+ - "in addition 'Connection: close' response header is set in order to tear down the TCP connection when idle.") - - // NOTE: this option is applicable to Microshift only, this should never be enabled for OCP. - fs.BoolVar(&s.SendRetryAfterWhileNotReadyOnce, "send-retry-after-while-not-ready-once", s.SendRetryAfterWhileNotReadyOnce, ""+ - "If true, incoming request(s) will be rejected with a '503' status code and a 'Retry-After' response header "+ - "until the apiserver has initialized, except for requests from a certain group. This option ensures that the system stays "+ - "consistent even when requests arrive at the server before it has been initialized. "+ - "This option is applicable to Microshift only, this should never be enabled for OCP") - - utilfeature.DefaultMutableFeatureGate.AddFlag(fs) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving.go deleted file mode 100644 index c64798b4f9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving.go +++ /dev/null @@ -1,384 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "context" - "fmt" - "net" - "path" - "strconv" - "strings" - "syscall" - - "github.com/spf13/pflag" - "k8s.io/klog/v2" - netutils "k8s.io/utils/net" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - certutil "k8s.io/client-go/util/cert" - "k8s.io/client-go/util/keyutil" - cliflag "k8s.io/component-base/cli/flag" -) - -type SecureServingOptions struct { - BindAddress net.IP - // BindPort is ignored when Listener is set, will serve https even with 0. - BindPort int - // BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp", - // "tcp4", and "tcp6". - BindNetwork string - // Required set to true means that BindPort cannot be zero. - Required bool - // ExternalAddress is the address advertised, even if BindAddress is a loopback. By default this - // is set to BindAddress if the later no loopback, or to the first host interface address. - ExternalAddress net.IP - - // Listener is the secure server network listener. - // either Listener or BindAddress/BindPort/BindNetwork is set, - // if Listener is set, use it and omit BindAddress/BindPort/BindNetwork. - Listener net.Listener - - // ServerCert is the TLS cert info for serving secure traffic - ServerCert GeneratableKeyCert - // SNICertKeys are named CertKeys for serving secure traffic with SNI support. - SNICertKeys []cliflag.NamedCertKey - // CipherSuites is the list of allowed cipher suites for the server. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - CipherSuites []string - // MinTLSVersion is the minimum TLS version supported. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - MinTLSVersion string - - // HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client. - // A value of zero means to use the default provided by golang's HTTP/2 support. - HTTP2MaxStreamsPerConnection int - - // PermitPortSharing controls if SO_REUSEPORT is used when binding the port, which allows - // more than one instance to bind on the same address and port. - PermitPortSharing bool - - // PermitAddressSharing controls if SO_REUSEADDR is used when binding the port. - PermitAddressSharing bool -} - -type CertKey struct { - // CertFile is a file containing a PEM-encoded certificate, and possibly the complete certificate chain - CertFile string - // KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile - KeyFile string -} - -type GeneratableKeyCert struct { - // CertKey allows setting an explicit cert/key file to use. - CertKey CertKey - - // CertDirectory specifies a directory to write generated certificates to if CertFile/KeyFile aren't explicitly set. - // PairName is used to determine the filenames within CertDirectory. - // If CertDirectory and PairName are not set, an in-memory certificate will be generated. - CertDirectory string - // PairName is the name which will be used with CertDirectory to make a cert and key filenames. - // It becomes CertDirectory/PairName.crt and CertDirectory/PairName.key - PairName string - - // GeneratedCert holds an in-memory generated certificate if CertFile/KeyFile aren't explicitly set, and CertDirectory/PairName are not set. - GeneratedCert dynamiccertificates.CertKeyContentProvider - - // FixtureDirectory is a directory that contains test fixture used to avoid regeneration of certs during tests. - // The format is: - // <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt - // <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key - FixtureDirectory string -} - -func NewSecureServingOptions() *SecureServingOptions { - return &SecureServingOptions{ - BindAddress: netutils.ParseIPSloppy("0.0.0.0"), - BindPort: 443, - ServerCert: GeneratableKeyCert{ - PairName: "apiserver", - CertDirectory: "apiserver.local.config/certificates", - }, - } -} - -func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error) { - if s.ExternalAddress != nil && !s.ExternalAddress.IsUnspecified() { - return s.ExternalAddress, nil - } - return utilnet.ResolveBindAddress(s.BindAddress) -} - -func (s *SecureServingOptions) Validate() []error { - if s == nil { - return nil - } - - errors := []error{} - - if s.Required && s.BindPort < 1 || s.BindPort > 65535 { - errors = append(errors, fmt.Errorf("--secure-port %v must be between 1 and 65535, inclusive. It cannot be turned off with 0", s.BindPort)) - } else if s.BindPort < 0 || s.BindPort > 65535 { - errors = append(errors, fmt.Errorf("--secure-port %v must be between 0 and 65535, inclusive. 0 for turning off secure port", s.BindPort)) - } - - if (len(s.ServerCert.CertKey.CertFile) != 0 || len(s.ServerCert.CertKey.KeyFile) != 0) && s.ServerCert.GeneratedCert != nil { - errors = append(errors, fmt.Errorf("cert/key file and in-memory certificate cannot both be set")) - } - - return errors -} - -func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) { - if s == nil { - return - } - - fs.IPVar(&s.BindAddress, "bind-address", s.BindAddress, ""+ - "The IP address on which to listen for the --secure-port port. The "+ - "associated interface(s) must be reachable by the rest of the cluster, and by CLI/web "+ - "clients. If blank or an unspecified address (0.0.0.0 or ::), all interfaces will be used.") - - desc := "The port on which to serve HTTPS with authentication and authorization." - if s.Required { - desc += " It cannot be switched off with 0." - } else { - desc += " If 0, don't serve HTTPS at all." - } - fs.IntVar(&s.BindPort, "secure-port", s.BindPort, desc) - - fs.StringVar(&s.ServerCert.CertDirectory, "cert-dir", s.ServerCert.CertDirectory, ""+ - "The directory where the TLS certs are located. "+ - "If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.") - - fs.StringVar(&s.ServerCert.CertKey.CertFile, "tls-cert-file", s.ServerCert.CertKey.CertFile, ""+ - "File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated "+ - "after server cert). If HTTPS serving is enabled, and --tls-cert-file and "+ - "--tls-private-key-file are not provided, a self-signed certificate and key "+ - "are generated for the public address and saved to the directory specified by --cert-dir.") - - fs.StringVar(&s.ServerCert.CertKey.KeyFile, "tls-private-key-file", s.ServerCert.CertKey.KeyFile, - "File containing the default x509 private key matching --tls-cert-file.") - - tlsCipherPreferredValues := cliflag.PreferredTLSCipherNames() - tlsCipherInsecureValues := cliflag.InsecureTLSCipherNames() - fs.StringSliceVar(&s.CipherSuites, "tls-cipher-suites", s.CipherSuites, - "Comma-separated list of cipher suites for the server. "+ - "If omitted, the default Go cipher suites will be used. \n"+ - "Preferred values: "+strings.Join(tlsCipherPreferredValues, ", ")+". \n"+ - "Insecure values: "+strings.Join(tlsCipherInsecureValues, ", ")+".") - - tlsPossibleVersions := cliflag.TLSPossibleVersions() - fs.StringVar(&s.MinTLSVersion, "tls-min-version", s.MinTLSVersion, - "Minimum TLS version supported. "+ - "Possible values: "+strings.Join(tlsPossibleVersions, ", ")) - - fs.Var(cliflag.NewNamedCertKeyArray(&s.SNICertKeys), "tls-sni-cert-key", ""+ - "A pair of x509 certificate and private key file paths, optionally suffixed with a list of "+ - "domain patterns which are fully qualified domain names, possibly with prefixed wildcard "+ - "segments. The domain patterns also allow IP addresses, but IPs should only be used if "+ - "the apiserver has visibility to the IP address requested by a client. "+ - "If no domain patterns are provided, the names of the certificate are "+ - "extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns "+ - "trump over extracted names. For multiple key/certificate pairs, use the "+ - "--tls-sni-cert-key multiple times. "+ - "Examples: \"example.crt,example.key\" or \"foo.crt,foo.key:*.foo.com,foo.com\".") - - fs.IntVar(&s.HTTP2MaxStreamsPerConnection, "http2-max-streams-per-connection", s.HTTP2MaxStreamsPerConnection, ""+ - "The limit that the server gives to clients for "+ - "the maximum number of streams in an HTTP/2 connection. "+ - "Zero means to use golang's default.") - - fs.BoolVar(&s.PermitPortSharing, "permit-port-sharing", s.PermitPortSharing, - "If true, SO_REUSEPORT will be used when binding the port, which allows "+ - "more than one instance to bind on the same address and port. [default=false]") - - fs.BoolVar(&s.PermitAddressSharing, "permit-address-sharing", s.PermitAddressSharing, - "If true, SO_REUSEADDR will be used when binding the port. This allows binding "+ - "to wildcard IPs like 0.0.0.0 and specific IPs in parallel, and it avoids waiting "+ - "for the kernel to release sockets in TIME_WAIT state. [default=false]") -} - -// ApplyTo fills up serving information in the server configuration. -func (s *SecureServingOptions) ApplyTo(config **server.SecureServingInfo) error { - if s == nil { - return nil - } - if s.BindPort <= 0 && s.Listener == nil { - return nil - } - - if s.Listener == nil { - var err error - addr := net.JoinHostPort(s.BindAddress.String(), strconv.Itoa(s.BindPort)) - - c := net.ListenConfig{} - - ctls := multipleControls{} - if s.PermitPortSharing { - ctls = append(ctls, permitPortReuse) - } - if s.PermitAddressSharing { - ctls = append(ctls, permitAddressReuse) - } - if len(ctls) > 0 { - c.Control = ctls.Control - } - - s.Listener, s.BindPort, err = CreateListener(s.BindNetwork, addr, c) - if err != nil { - return fmt.Errorf("failed to create listener: %v", err) - } - } else { - if _, ok := s.Listener.Addr().(*net.TCPAddr); !ok { - return fmt.Errorf("failed to parse ip and port from listener") - } - s.BindPort = s.Listener.Addr().(*net.TCPAddr).Port - s.BindAddress = s.Listener.Addr().(*net.TCPAddr).IP - } - - *config = &server.SecureServingInfo{ - Listener: s.Listener, - HTTP2MaxStreamsPerConnection: s.HTTP2MaxStreamsPerConnection, - } - c := *config - - serverCertFile, serverKeyFile := s.ServerCert.CertKey.CertFile, s.ServerCert.CertKey.KeyFile - // load main cert - if len(serverCertFile) != 0 || len(serverKeyFile) != 0 { - var err error - c.Cert, err = dynamiccertificates.NewDynamicServingContentFromFiles("serving-cert", serverCertFile, serverKeyFile) - if err != nil { - return err - } - } else if s.ServerCert.GeneratedCert != nil { - c.Cert = s.ServerCert.GeneratedCert - } - - if len(s.CipherSuites) != 0 { - cipherSuites, err := cliflag.TLSCipherSuites(s.CipherSuites) - if err != nil { - return err - } - c.CipherSuites = cipherSuites - } - - var err error - c.MinTLSVersion, err = cliflag.TLSVersion(s.MinTLSVersion) - if err != nil { - return err - } - - // load SNI certs - namedTLSCerts := make([]dynamiccertificates.SNICertKeyContentProvider, 0, len(s.SNICertKeys)) - for _, nck := range s.SNICertKeys { - tlsCert, err := dynamiccertificates.NewDynamicSNIContentFromFiles("sni-serving-cert", nck.CertFile, nck.KeyFile, nck.Names...) - namedTLSCerts = append(namedTLSCerts, tlsCert) - if err != nil { - return fmt.Errorf("failed to load SNI cert and key: %v", err) - } - } - c.SNICerts = namedTLSCerts - - return nil -} - -func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateDNS []string, alternateIPs []net.IP) error { - if s == nil || (s.BindPort == 0 && s.Listener == nil) { - return nil - } - keyCert := &s.ServerCert.CertKey - if len(keyCert.CertFile) != 0 || len(keyCert.KeyFile) != 0 { - return nil - } - - canReadCertAndKey := false - if len(s.ServerCert.CertDirectory) > 0 { - if len(s.ServerCert.PairName) == 0 { - return fmt.Errorf("PairName is required if CertDirectory is set") - } - keyCert.CertFile = path.Join(s.ServerCert.CertDirectory, s.ServerCert.PairName+".crt") - keyCert.KeyFile = path.Join(s.ServerCert.CertDirectory, s.ServerCert.PairName+".key") - if canRead, err := certutil.CanReadCertAndKey(keyCert.CertFile, keyCert.KeyFile); err != nil { - return err - } else { - canReadCertAndKey = canRead - } - } - - if !canReadCertAndKey { - // add either the bind address or localhost to the valid alternates - if s.BindAddress.IsUnspecified() { - alternateDNS = append(alternateDNS, "localhost") - } else { - alternateIPs = append(alternateIPs, s.BindAddress) - } - - if cert, key, err := certutil.GenerateSelfSignedCertKeyWithFixtures(publicAddress, alternateIPs, alternateDNS, s.ServerCert.FixtureDirectory); err != nil { - return fmt.Errorf("unable to generate self signed cert: %v", err) - } else if len(keyCert.CertFile) > 0 && len(keyCert.KeyFile) > 0 { - if err := certutil.WriteCert(keyCert.CertFile, cert); err != nil { - return err - } - if err := keyutil.WriteKey(keyCert.KeyFile, key); err != nil { - return err - } - klog.Infof("Generated self-signed cert (%s, %s)", keyCert.CertFile, keyCert.KeyFile) - } else { - s.ServerCert.GeneratedCert, err = dynamiccertificates.NewStaticCertKeyContent("Generated self signed cert", cert, key) - if err != nil { - return err - } - klog.Infof("Generated self-signed cert in-memory") - } - } - - return nil -} - -func CreateListener(network, addr string, config net.ListenConfig) (net.Listener, int, error) { - if len(network) == 0 { - network = "tcp" - } - - ln, err := config.Listen(context.TODO(), network, addr) - if err != nil { - return nil, 0, fmt.Errorf("failed to listen on %v: %v", addr, err) - } - - // get port - tcpAddr, ok := ln.Addr().(*net.TCPAddr) - if !ok { - ln.Close() - return nil, 0, fmt.Errorf("invalid listen address: %q", ln.Addr().String()) - } - - return ln, tcpAddr.Port, nil -} - -type multipleControls []func(network, addr string, conn syscall.RawConn) error - -func (mcs multipleControls) Control(network, addr string, conn syscall.RawConn) error { - for _, c := range mcs { - if err := c(network, addr, conn); err != nil { - return err - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_unix.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_unix.go deleted file mode 100644 index 483eac79b2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_unix.go +++ /dev/null @@ -1,44 +0,0 @@ -//go:build !windows -// +build !windows - -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "syscall" - - "golang.org/x/sys/unix" - - "k8s.io/klog/v2" -) - -func permitPortReuse(network, addr string, conn syscall.RawConn) error { - return conn.Control(func(fd uintptr) { - if err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, unix.SO_REUSEPORT, 1); err != nil { - klog.Warningf("failed to set SO_REUSEPORT on socket: %v", err) - } - }) -} - -func permitAddressReuse(network, addr string, conn syscall.RawConn) error { - return conn.Control(func(fd uintptr) { - if err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, unix.SO_REUSEADDR, 1); err != nil { - klog.Warningf("failed to set SO_REUSEADDR on socket: %v", err) - } - }) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_windows.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_windows.go deleted file mode 100644 index 844de61883..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_windows.go +++ /dev/null @@ -1,35 +0,0 @@ -//go:build windows -// +build windows - -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "syscall" -) - -func permitPortReuse(network, address string, c syscall.RawConn) error { - return fmt.Errorf("port reuse is not supported on Windows") -} - -// Windows supports SO_REUSEADDR, but it may cause undefined behavior, as -// there is no protection against port hijacking. -func permitAddressReuse(network, addr string, conn syscall.RawConn) error { - return fmt.Errorf("address reuse is not supported on Windows") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go deleted file mode 100644 index 2317be82d2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/serving_with_loopback.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - - "github.com/google/uuid" - - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - "k8s.io/client-go/rest" - certutil "k8s.io/client-go/util/cert" -) - -type SecureServingOptionsWithLoopback struct { - *SecureServingOptions -} - -func (o *SecureServingOptions) WithLoopback() *SecureServingOptionsWithLoopback { - return &SecureServingOptionsWithLoopback{o} -} - -// ApplyTo fills up serving information in the server configuration. -func (s *SecureServingOptionsWithLoopback) ApplyTo(secureServingInfo **server.SecureServingInfo, loopbackClientConfig **rest.Config) error { - if s == nil || s.SecureServingOptions == nil || secureServingInfo == nil { - return nil - } - - if err := s.SecureServingOptions.ApplyTo(secureServingInfo); err != nil { - return err - } - - if *secureServingInfo == nil || loopbackClientConfig == nil { - return nil - } - - // create self-signed cert+key with the fake server.LoopbackClientServerNameOverride and - // let the server return it when the loopback client connects. - certPem, keyPem, err := certutil.GenerateSelfSignedCertKey(server.LoopbackClientServerNameOverride, nil, nil) - if err != nil { - return fmt.Errorf("failed to generate self-signed certificate for loopback connection: %v", err) - } - certProvider, err := dynamiccertificates.NewStaticSNICertKeyContent("self-signed loopback", certPem, keyPem, server.LoopbackClientServerNameOverride) - if err != nil { - return fmt.Errorf("failed to generate self-signed certificate for loopback connection: %v", err) - } - - // Write to the front of SNICerts so that this overrides any other certs with the same name - (*secureServingInfo).SNICerts = append([]dynamiccertificates.SNICertKeyContentProvider{certProvider}, (*secureServingInfo).SNICerts...) - - secureLoopbackClientConfig, err := (*secureServingInfo).NewLoopbackClientConfig(uuid.New().String(), certPem) - switch { - // if we failed and there's no fallback loopback client config, we need to fail - case err != nil && *loopbackClientConfig == nil: - (*secureServingInfo).SNICerts = (*secureServingInfo).SNICerts[1:] - return err - - // if we failed, but we already have a fallback loopback client config (usually insecure), allow it - case err != nil && *loopbackClientConfig != nil: - - default: - *loopbackClientConfig = secureLoopbackClientConfig - } - - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/options/tracing.go b/etcd/vendor/k8s.io/apiserver/pkg/server/options/tracing.go deleted file mode 100644 index 1a135e83d2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/options/tracing.go +++ /dev/null @@ -1,162 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "context" - "fmt" - "io/ioutil" - "net" - - "github.com/spf13/pflag" - "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" - "go.opentelemetry.io/otel/sdk/resource" - "go.opentelemetry.io/otel/semconv/v1.12.0" - "google.golang.org/grpc" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apiserver/pkg/apis/apiserver" - "k8s.io/apiserver/pkg/apis/apiserver/install" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/egressselector" - "k8s.io/apiserver/pkg/util/feature" - tracing "k8s.io/component-base/tracing" - tracingapi "k8s.io/component-base/tracing/api/v1" - "k8s.io/utils/path" -) - -const apiserverService = "apiserver" - -var ( - cfgScheme = runtime.NewScheme() - codecs = serializer.NewCodecFactory(cfgScheme) -) - -func init() { - install.Install(cfgScheme) -} - -// TracingOptions contain configuration options for tracing -// exporters -type TracingOptions struct { - // ConfigFile is the file path with api-server tracing configuration. - ConfigFile string -} - -// NewTracingOptions creates a new instance of TracingOptions -func NewTracingOptions() *TracingOptions { - return &TracingOptions{} -} - -// AddFlags adds flags related to tracing to the specified FlagSet -func (o *TracingOptions) AddFlags(fs *pflag.FlagSet) { - if o == nil { - return - } - - fs.StringVar(&o.ConfigFile, "tracing-config-file", o.ConfigFile, - "File with apiserver tracing configuration.") -} - -// ApplyTo fills up Tracing config with options. -func (o *TracingOptions) ApplyTo(es *egressselector.EgressSelector, c *server.Config) error { - if o == nil || o.ConfigFile == "" { - return nil - } - if !feature.DefaultFeatureGate.Enabled(features.APIServerTracing) { - return fmt.Errorf("APIServerTracing feature is not enabled, but tracing config file was provided") - } - - traceConfig, err := ReadTracingConfiguration(o.ConfigFile) - if err != nil { - return fmt.Errorf("failed to read tracing config: %v", err) - } - - errs := tracingapi.ValidateTracingConfiguration(traceConfig, feature.DefaultFeatureGate, nil) - if len(errs) > 0 { - return fmt.Errorf("failed to validate tracing configuration: %v", errs.ToAggregate()) - } - - opts := []otlptracegrpc.Option{} - if es != nil { - // Only use the egressselector dialer if egressselector is enabled. - // Endpoint is on the "ControlPlane" network - egressDialer, err := es.Lookup(egressselector.ControlPlane.AsNetworkContext()) - if err != nil { - return err - } - if egressDialer != nil { - otelDialer := func(ctx context.Context, addr string) (net.Conn, error) { - return egressDialer(ctx, "tcp", addr) - } - opts = append(opts, otlptracegrpc.WithDialOption(grpc.WithContextDialer(otelDialer))) - } - } - - resourceOpts := []resource.Option{ - resource.WithAttributes( - semconv.ServiceNameKey.String(apiserverService), - semconv.ServiceInstanceIDKey.String(c.APIServerID), - ), - } - tp, err := tracing.NewProvider(context.Background(), traceConfig, opts, resourceOpts) - if err != nil { - return err - } - c.TracerProvider = tp - if c.LoopbackClientConfig != nil { - c.LoopbackClientConfig.Wrap(tracing.WrapperFor(c.TracerProvider)) - } - return nil -} - -// Validate verifies flags passed to TracingOptions. -func (o *TracingOptions) Validate() (errs []error) { - if o == nil || o.ConfigFile == "" { - return - } - - if exists, err := path.Exists(path.CheckFollowSymlink, o.ConfigFile); !exists { - errs = append(errs, fmt.Errorf("tracing-config-file %s does not exist", o.ConfigFile)) - } else if err != nil { - errs = append(errs, fmt.Errorf("error checking if tracing-config-file %s exists: %v", o.ConfigFile, err)) - } - return -} - -// ReadTracingConfiguration reads the tracing configuration from a file -func ReadTracingConfiguration(configFilePath string) (*tracingapi.TracingConfiguration, error) { - if configFilePath == "" { - return nil, fmt.Errorf("tracing config file was empty") - } - data, err := ioutil.ReadFile(configFilePath) - if err != nil { - return nil, fmt.Errorf("unable to read tracing configuration from %q: %v", configFilePath, err) - } - internalConfig := &apiserver.TracingConfiguration{} - // this handles json/yaml/whatever, and decodes all registered version to the internal version - if err := runtime.DecodeInto(codecs.UniversalDecoder(), data, internalConfig); err != nil { - return nil, fmt.Errorf("unable to decode tracing configuration data: %v", err) - } - tc := &tracingapi.TracingConfiguration{ - Endpoint: internalConfig.Endpoint, - SamplingRatePerMillion: internalConfig.SamplingRatePerMillion, - } - return tc, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/patch_config.go b/etcd/vendor/k8s.io/apiserver/pkg/server/patch_config.go deleted file mode 100644 index 0324b3f5b4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/patch_config.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -// newIsTerminatingFunc returns a 'func() bool' that relies on the -// 'ShutdownInitiated' life cycle signal of answer if the apiserver -// has started the termination process. -func (c *Config) newIsTerminatingFunc() func() bool { - var shutdownCh <-chan struct{} - // TODO: a properly initialized Config object should always have lifecycleSignals - // initialized, but some config unit tests leave lifecycleSignals as nil. - // Fix the unit tests upstream and then we can remove this check. - if c.lifecycleSignals.ShutdownInitiated != nil { - shutdownCh = c.lifecycleSignals.ShutdownInitiated.Signaled() - } - - return func() bool { - select { - case <-shutdownCh: - return true - default: - return false - } - } -} - -func (c *Config) newServerFullyInitializedFunc() func() bool { - return func() bool { - select { - case <-c.lifecycleSignals.HasBeenReady.Signaled(): - return true - default: - return false - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go b/etcd/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go deleted file mode 100644 index 46a734b29a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go +++ /dev/null @@ -1,158 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "fmt" - "net" - "net/http" - "strings" - "sync" - goatomic "sync/atomic" - - "go.uber.org/atomic" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apiserver/pkg/audit" - "k8s.io/klog/v2" - netutils "k8s.io/utils/net" -) - -// terminationLoggingListener wraps the given listener to mark late connections -// as such, identified by the remote address. In parallel, we have a filter that -// logs bad requests through these connections. We need this filter to get -// access to the http path in order to filter out healthz or readyz probes that -// are allowed at any point during termination. -// -// Connections are late after the lateStopCh has been closed. -type terminationLoggingListener struct { - net.Listener - lateStopCh <-chan struct{} -} - -type eventfFunc func(eventType, reason, messageFmt string, args ...interface{}) - -var ( - lateConnectionRemoteAddrsLock sync.RWMutex - lateConnectionRemoteAddrs = map[string]bool{} - - unexpectedRequestsEventf goatomic.Value -) - -func (l *terminationLoggingListener) Accept() (net.Conn, error) { - c, err := l.Listener.Accept() - if err != nil { - return nil, err - } - - select { - case <-l.lateStopCh: - lateConnectionRemoteAddrsLock.Lock() - defer lateConnectionRemoteAddrsLock.Unlock() - lateConnectionRemoteAddrs[c.RemoteAddr().String()] = true - default: - } - - return c, nil -} - -// WithLateConnectionFilter logs every non-probe request that comes through a late connection identified by remote address. -func WithLateConnectionFilter(handler http.Handler) http.Handler { - var lateRequestReceived atomic.Bool - - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - lateConnectionRemoteAddrsLock.RLock() - late := lateConnectionRemoteAddrs[r.RemoteAddr] - lateConnectionRemoteAddrsLock.RUnlock() - - if late { - if pth := "/" + strings.TrimLeft(r.URL.Path, "/"); pth != "/readyz" && pth != "/healthz" && pth != "/livez" { - if isLocal(r) { - audit.AddAuditAnnotation(r.Context(), "openshift.io/during-graceful", fmt.Sprintf("loopback=true,%v,readyz=false", r.URL.Host)) - klog.V(4).Infof("Loopback request to %q (user agent %q) through connection created very late in the graceful termination process (more than 80%% has passed). This client probably does not watch /readyz and might get failures when termination is over.", r.URL.Path, r.UserAgent()) - } else { - audit.AddAuditAnnotation(r.Context(), "openshift.io/during-graceful", fmt.Sprintf("loopback=false,%v,readyz=false", r.URL.Host)) - klog.Warningf("Request to %q (source IP %s, user agent %q) through a connection created very late in the graceful termination process (more than 80%% has passed), possibly a sign for a broken load balancer setup.", r.URL.Path, r.RemoteAddr, r.UserAgent()) - - // create only one event to avoid event spam. - var eventf eventfFunc - eventf, _ = unexpectedRequestsEventf.Load().(eventfFunc) - if swapped := lateRequestReceived.CAS(false, true); swapped && eventf != nil { - eventf(corev1.EventTypeWarning, "LateConnections", "The apiserver received connections (e.g. from %q, user agent %q) very late in the graceful termination process, possibly a sign for a broken load balancer setup.", r.RemoteAddr, r.UserAgent()) - } - } - } - } - - handler.ServeHTTP(w, r) - }) -} - -// WithNonReadyRequestLogging rejects the request until the process has been ready once. -func WithNonReadyRequestLogging(handler http.Handler, hasBeenReadySignal lifecycleSignal) http.Handler { - if hasBeenReadySignal == nil { - return handler - } - - var nonReadyRequestReceived atomic.Bool - - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - select { - case <-hasBeenReadySignal.Signaled(): - handler.ServeHTTP(w, r) - return - default: - } - - // ignore connections to local IP. Those clients better know what they are doing. - if pth := "/" + strings.TrimLeft(r.URL.Path, "/"); pth != "/readyz" && pth != "/healthz" && pth != "/livez" { - if isLocal(r) { - if !isKubeApiserverLoopBack(r) { - audit.AddAuditAnnotation(r.Context(), "openshift.io/unready", fmt.Sprintf("loopback=true,%v,readyz=false", r.URL.Host)) - klog.V(2).Infof("Loopback request to %q (user agent %q) before server is ready. This client probably does not watch /readyz and might get inconsistent answers.", r.URL.Path, r.UserAgent()) - } - } else { - audit.AddAuditAnnotation(r.Context(), "openshift.io/unready", fmt.Sprintf("loopback=false,%v,readyz=false", r.URL.Host)) - klog.Warningf("Request to %q (source IP %s, user agent %q) before server is ready, possibly a sign for a broken load balancer setup.", r.URL.Path, r.RemoteAddr, r.UserAgent()) - - // create only one event to avoid event spam. - var eventf eventfFunc - eventf, _ = unexpectedRequestsEventf.Load().(eventfFunc) - if swapped := nonReadyRequestReceived.CAS(false, true); swapped && eventf != nil { - eventf(corev1.EventTypeWarning, "NonReadyRequests", "The kube-apiserver received requests (e.g. from %q, user agent %q, accessing %s) before it was ready, possibly a sign for a broken load balancer setup.", r.RemoteAddr, r.UserAgent(), r.URL.Path) - } - } - } - - handler.ServeHTTP(w, r) - }) -} - -func isLocal(req *http.Request) bool { - host, _, err := net.SplitHostPort(req.RemoteAddr) - if err != nil { - // ignore error and keep going - } else if ip := netutils.ParseIPSloppy(host); ip != nil { - return ip.IsLoopback() - } - - return false -} - -func isKubeApiserverLoopBack(req *http.Request) bool { - return strings.HasPrefix(req.UserAgent(), "kube-apiserver/") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/plugins.go b/etcd/vendor/k8s.io/apiserver/pkg/server/plugins.go deleted file mode 100644 index 25acf92dc8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/plugins.go +++ /dev/null @@ -1,34 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -// This file exists to force the desired plugin implementations to be linked into genericapi pkg. -import ( - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle" - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy" - mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating" - validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating" -) - -// RegisterAllAdmissionPlugins registers all admission plugins -func RegisterAllAdmissionPlugins(plugins *admission.Plugins) { - lifecycle.Register(plugins) - validatingwebhook.Register(plugins) - mutatingwebhook.Register(plugins) - validatingadmissionpolicy.Register(plugins) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/resourceconfig/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/resourceconfig/doc.go deleted file mode 100644 index 0dae21535d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/resourceconfig/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package resourceconfig contains the resource config related helper functions. -package resourceconfig // import "k8s.io/apiserver/pkg/server/resourceconfig" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/resourceconfig/helpers.go b/etcd/vendor/k8s.io/apiserver/pkg/server/resourceconfig/helpers.go deleted file mode 100644 index e90aa91619..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/resourceconfig/helpers.go +++ /dev/null @@ -1,229 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourceconfig - -import ( - "fmt" - "regexp" - "strconv" - "strings" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - serverstore "k8s.io/apiserver/pkg/server/storage" - cliflag "k8s.io/component-base/cli/flag" -) - -// GroupVersionRegistry provides access to registered group versions. -type GroupVersionRegistry interface { - // IsGroupRegistered returns true if given group is registered. - IsGroupRegistered(group string) bool - // IsVersionRegistered returns true if given version is registered. - IsVersionRegistered(v schema.GroupVersion) bool - // PrioritizedVersionsAllGroups returns all registered group versions. - PrioritizedVersionsAllGroups() []schema.GroupVersion -} - -// MergeResourceEncodingConfigs merges the given defaultResourceConfig with specific GroupVersionResource overrides. -func MergeResourceEncodingConfigs( - defaultResourceEncoding *serverstore.DefaultResourceEncodingConfig, - resourceEncodingOverrides []schema.GroupVersionResource, -) *serverstore.DefaultResourceEncodingConfig { - resourceEncodingConfig := defaultResourceEncoding - for _, gvr := range resourceEncodingOverrides { - resourceEncodingConfig.SetResourceEncoding(gvr.GroupResource(), gvr.GroupVersion(), - schema.GroupVersion{Group: gvr.Group, Version: runtime.APIVersionInternal}) - } - return resourceEncodingConfig -} - -// Recognized values for the --runtime-config parameter to enable/disable groups of APIs -const ( - APIAll = "api/all" - APIGA = "api/ga" - APIBeta = "api/beta" - APIAlpha = "api/alpha" -) - -var ( - gaPattern = regexp.MustCompile(`^v\d+$`) - betaPattern = regexp.MustCompile(`^v\d+beta\d+$`) - alphaPattern = regexp.MustCompile(`^v\d+alpha\d+$`) - - groupVersionMatchers = map[string]func(gv schema.GroupVersion) bool{ - // allows users to address all api versions - APIAll: func(gv schema.GroupVersion) bool { return true }, - // allows users to address all api versions in the form v[0-9]+ - APIGA: func(gv schema.GroupVersion) bool { return gaPattern.MatchString(gv.Version) }, - // allows users to address all beta api versions - APIBeta: func(gv schema.GroupVersion) bool { return betaPattern.MatchString(gv.Version) }, - // allows users to address all alpha api versions - APIAlpha: func(gv schema.GroupVersion) bool { return alphaPattern.MatchString(gv.Version) }, - } - - groupVersionMatchersOrder = []string{APIAll, APIGA, APIBeta, APIAlpha} -) - -// MergeAPIResourceConfigs merges the given defaultAPIResourceConfig with the given resourceConfigOverrides. -// Exclude the groups not registered in registry, and check if version is -// not registered in group, then it will fail. -func MergeAPIResourceConfigs( - defaultAPIResourceConfig *serverstore.ResourceConfig, - resourceConfigOverrides cliflag.ConfigurationMap, - registry GroupVersionRegistry, -) (*serverstore.ResourceConfig, error) { - resourceConfig := defaultAPIResourceConfig - overrides := resourceConfigOverrides - - for _, flag := range groupVersionMatchersOrder { - if value, ok := overrides[flag]; ok { - if value == "false" { - resourceConfig.DisableMatchingVersions(groupVersionMatchers[flag]) - } else if value == "true" { - resourceConfig.EnableMatchingVersions(groupVersionMatchers[flag]) - } else { - return nil, fmt.Errorf("invalid value %v=%v", flag, value) - } - } - } - - type versionEnablementPreference struct { - key string - enabled bool - groupVersion schema.GroupVersion - } - type resourceEnablementPreference struct { - key string - enabled bool - groupVersionResource schema.GroupVersionResource - } - versionPreferences := []versionEnablementPreference{} - resourcePreferences := []resourceEnablementPreference{} - - // "<resourceSpecifier>={true|false} allows users to enable/disable API. - // This takes preference over api/all, if specified. - // Iterate through all group/version overrides specified in runtimeConfig. - for key := range overrides { - // Have already handled them above. Can skip them here. - if _, ok := groupVersionMatchers[key]; ok { - continue - } - - tokens := strings.Split(key, "/") - if len(tokens) < 2 || len(tokens) > 3 { - continue - } - groupVersionString := tokens[0] + "/" + tokens[1] - groupVersion, err := schema.ParseGroupVersion(groupVersionString) - if err != nil { - return nil, fmt.Errorf("invalid key %s", key) - } - - // Exclude group not registered into the registry. - if !registry.IsGroupRegistered(groupVersion.Group) { - continue - } - - // Verify that the groupVersion is registered into registry. - if !registry.IsVersionRegistered(groupVersion) { - return nil, fmt.Errorf("group version %s that has not been registered", groupVersion.String()) - } - enabled, err := getRuntimeConfigValue(overrides, key, false) - if err != nil { - return nil, err - } - - switch len(tokens) { - case 2: - versionPreferences = append(versionPreferences, versionEnablementPreference{ - key: key, - enabled: enabled, - groupVersion: groupVersion, - }) - case 3: - if strings.ToLower(tokens[2]) != tokens[2] { - return nil, fmt.Errorf("invalid key %v: group/version/resource and resource is always lowercase plural, not %q", key, tokens[2]) - } - resourcePreferences = append(resourcePreferences, resourceEnablementPreference{ - key: key, - enabled: enabled, - groupVersionResource: groupVersion.WithResource(tokens[2]), - }) - } - } - - // apply version preferences first, so that we can remove the hardcoded resource preferences that are being overridden - for _, versionPreference := range versionPreferences { - if versionPreference.enabled { - // enable the groupVersion for "group/version=true" - resourceConfig.EnableVersions(versionPreference.groupVersion) - - } else { - // disable the groupVersion only for "group/version=false" - resourceConfig.DisableVersions(versionPreference.groupVersion) - } - } - - // apply resource preferences last, so they have the highest priority - for _, resourcePreference := range resourcePreferences { - if resourcePreference.enabled { - // enable the resource for "group/version/resource=true" - resourceConfig.EnableResources(resourcePreference.groupVersionResource) - } else { - resourceConfig.DisableResources(resourcePreference.groupVersionResource) - } - } - - return resourceConfig, nil -} - -func getRuntimeConfigValue(overrides cliflag.ConfigurationMap, apiKey string, defaultValue bool) (bool, error) { - flagValue, ok := overrides[apiKey] - if ok { - if flagValue == "" { - return true, nil - } - boolValue, err := strconv.ParseBool(flagValue) - if err != nil { - return false, fmt.Errorf("invalid value of %s: %s, err: %v", apiKey, flagValue, err) - } - return boolValue, nil - } - return defaultValue, nil -} - -// ParseGroups takes in resourceConfig and returns parsed groups. -func ParseGroups(resourceConfig cliflag.ConfigurationMap) ([]string, error) { - groups := []string{} - for key := range resourceConfig { - if _, ok := groupVersionMatchers[key]; ok { - continue - } - tokens := strings.Split(key, "/") - if len(tokens) != 2 && len(tokens) != 3 { - return groups, fmt.Errorf("runtime-config invalid key %s", key) - } - groupVersionString := tokens[0] + "/" + tokens[1] - groupVersion, err := schema.ParseGroupVersion(groupVersionString) - if err != nil { - return nil, fmt.Errorf("runtime-config invalid key %s", key) - } - groups = append(groups, groupVersion.Group) - } - - return groups, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/OWNERS deleted file mode 100644 index 87c80edbbb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - sttts diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/doc.go deleted file mode 100644 index 603e899cde..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package routes holds a collection of optional genericapiserver http handlers. -package routes // import "k8s.io/apiserver/pkg/server/routes" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/flags.go b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/flags.go deleted file mode 100644 index 55835a6e85..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/flags.go +++ /dev/null @@ -1,127 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - "fmt" - "html/template" - "io/ioutil" - "net/http" - "path" - "sync" - - "k8s.io/klog/v2" - - "k8s.io/apiserver/pkg/server/mux" -) - -var ( - lock = &sync.RWMutex{} - registeredFlags = map[string]debugFlag{} -) - -// DebugFlags adds handlers for flags under /debug/flags. -type DebugFlags struct { -} - -// Install registers the APIServer's flags handler. -func (f DebugFlags) Install(c *mux.PathRecorderMux, flag string, handler func(http.ResponseWriter, *http.Request)) { - c.UnlistedHandle("/debug/flags", http.HandlerFunc(f.Index)) - c.UnlistedHandlePrefix("/debug/flags/", http.HandlerFunc(f.Index)) - - url := path.Join("/debug/flags", flag) - c.UnlistedHandleFunc(url, handler) - - f.addFlag(flag) -} - -// Index responds with the `/debug/flags` request. -// For example, "/debug/flags/v" serves the "--v" flag. -// Index responds to a request for "/debug/flags/" with an HTML page -// listing the available flags. -func (f DebugFlags) Index(w http.ResponseWriter, r *http.Request) { - lock.RLock() - defer lock.RUnlock() - if err := indexTmpl.Execute(w, registeredFlags); err != nil { - klog.Error(err) - } -} - -var indexTmpl = template.Must(template.New("index").Parse(`<html> -<head> -<title>/debug/flags/</title> -</head> -<body> -/debug/flags/<br> -<br> -flags:<br> -<table> -{{range .}} -<tr>{{.Flag}}<br> -{{end}} -</table> -<br> -full flags configurable<br> -</body> -</html> -`)) - -type debugFlag struct { - Flag string -} - -func (f DebugFlags) addFlag(flag string) { - lock.Lock() - defer lock.Unlock() - registeredFlags[flag] = debugFlag{flag} -} - -// StringFlagSetterFunc is a func used for setting string type flag. -type StringFlagSetterFunc func(string) (string, error) - -// StringFlagPutHandler wraps an http Handler to set string type flag. -func StringFlagPutHandler(setter StringFlagSetterFunc) http.HandlerFunc { - return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - switch { - case req.Method == "PUT": - body, err := ioutil.ReadAll(req.Body) - if err != nil { - writePlainText(http.StatusBadRequest, "error reading request body: "+err.Error(), w) - return - } - defer req.Body.Close() - response, err := setter(string(body)) - if err != nil { - writePlainText(http.StatusBadRequest, err.Error(), w) - return - } - writePlainText(http.StatusOK, response, w) - return - default: - writePlainText(http.StatusNotAcceptable, "unsupported http method", w) - return - } - }) -} - -// writePlainText renders a simple string response. -func writePlainText(statusCode int, text string, w http.ResponseWriter) { - w.Header().Set("Content-Type", "text/plain") - w.Header().Set("X-Content-Type-Options", "nosniff") - w.WriteHeader(statusCode) - fmt.Fprintln(w, text) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/index.go b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/index.go deleted file mode 100644 index 1407579886..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/index.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - "net/http" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" - "k8s.io/apiserver/pkg/server/mux" -) - -// ListedPathProvider is an interface for providing paths that should be reported at /. -type ListedPathProvider interface { - // ListedPaths is an alphabetically sorted list of paths to be reported at /. - ListedPaths() []string -} - -// ListedPathProviders is a convenient way to combine multiple ListedPathProviders -type ListedPathProviders []ListedPathProvider - -// ListedPaths unions and sorts the included paths. -func (p ListedPathProviders) ListedPaths() []string { - ret := sets.String{} - for _, provider := range p { - for _, path := range provider.ListedPaths() { - ret.Insert(path) - } - } - - return ret.List() -} - -// Index provides a webservice for the http root / listing all known paths. -type Index struct{} - -// Install adds the Index webservice to the given mux. -func (i Index) Install(pathProvider ListedPathProvider, mux *mux.PathRecorderMux) { - handler := IndexLister{StatusCode: http.StatusOK, PathProvider: pathProvider} - - mux.UnlistedHandle("/", handler) - mux.UnlistedHandle("/index.html", handler) -} - -// IndexLister lists the available indexes with the status code provided -type IndexLister struct { - StatusCode int - PathProvider ListedPathProvider -} - -// ServeHTTP serves the available paths. -func (i IndexLister) ServeHTTP(w http.ResponseWriter, r *http.Request) { - responsewriters.WriteRawJSON(i.StatusCode, metav1.RootPaths{Paths: i.PathProvider.ListedPaths()}, w) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/metrics.go deleted file mode 100644 index d30f74b9c4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/metrics.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - apimetrics "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/server/mux" - cachermetrics "k8s.io/apiserver/pkg/storage/cacher/metrics" - etcd3metrics "k8s.io/apiserver/pkg/storage/etcd3/metrics" - flowcontrolmetrics "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -// DefaultMetrics installs the default prometheus metrics handler -type DefaultMetrics struct{} - -// Install adds the DefaultMetrics handler -func (m DefaultMetrics) Install(c *mux.PathRecorderMux) { - register() - c.Handle("/metrics", legacyregistry.Handler()) -} - -// MetricsWithReset install the prometheus metrics handler extended with support for the DELETE method -// which resets the metrics. -type MetricsWithReset struct{} - -// Install adds the MetricsWithReset handler -func (m MetricsWithReset) Install(c *mux.PathRecorderMux) { - register() - c.Handle("/metrics", legacyregistry.HandlerWithReset()) -} - -// register apiserver and etcd metrics -func register() { - apimetrics.Register() - cachermetrics.Register() - etcd3metrics.Register() - flowcontrolmetrics.Register() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/openapi.go b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/openapi.go deleted file mode 100644 index a0d3b15be0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/openapi.go +++ /dev/null @@ -1,113 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - "strings" - - restful "github.com/emicklei/go-restful/v3" - "k8s.io/klog/v2" - - "k8s.io/apiserver/pkg/server/mux" - builder2 "k8s.io/kube-openapi/pkg/builder" - "k8s.io/kube-openapi/pkg/builder3" - "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/handler" - "k8s.io/kube-openapi/pkg/handler3" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -// OpenAPI installs spec endpoints for each web service. -type OpenAPI struct { - Config *common.Config -} - -// Install adds the SwaggerUI webservice to the given mux. -func (oa OpenAPI) InstallV2(c *restful.Container, mux *mux.PathRecorderMux) (*handler.OpenAPIService, *spec.Swagger) { - // we shadow ClustResourceQuotas, RoleBindingRestrictions, and SecurityContextContstraints - // with a CRD. This loop removes all CRQ,RBR, SCC paths - // from the OpenAPI spec such that they don't conflict with the CRD - // apiextensions-apiserver spec during merging. - oa.Config.IgnorePrefixes = append(oa.Config.IgnorePrefixes, - "/apis/quota.openshift.io/v1/clusterresourcequotas", - "/apis/security.openshift.io/v1/securitycontextconstraints", - "/apis/authorization.openshift.io/v1/rolebindingrestrictions", - "/apis/authorization.openshift.io/v1/namespaces/{namespace}/rolebindingrestrictions", - "/apis/authorization.openshift.io/v1/watch/namespaces/{namespace}/rolebindingrestrictions", - "/apis/authorization.openshift.io/v1/watch/rolebindingrestrictions") - - spec, err := builder2.BuildOpenAPISpec(c.RegisteredWebServices(), oa.Config) - if err != nil { - klog.Fatalf("Failed to build open api spec for root: %v", err) - } - - // we shadow ClustResourceQuotas, RoleBindingRestrictions, and SecurityContextContstraints - // with a CRD. This loop removes all CRQ,RBR, SCC paths - // from the OpenAPI spec such that they don't conflict with the CRD - // apiextensions-apiserver spec during merging. - for pth := range spec.Paths.Paths { - if strings.HasPrefix(pth, "/apis/quota.openshift.io/v1/clusterresourcequotas") || - strings.Contains(pth, "rolebindingrestrictions") || - strings.HasPrefix(pth, "/apis/security.openshift.io/v1/securitycontextconstraints") { - delete(spec.Paths.Paths, pth) - } - } - - spec.Definitions = handler.PruneDefaults(spec.Definitions) - openAPIVersionedService, err := handler.NewOpenAPIService(spec) - if err != nil { - klog.Fatalf("Failed to create OpenAPIService: %v", err) - } - - err = openAPIVersionedService.RegisterOpenAPIVersionedService("/openapi/v2", mux) - if err != nil { - klog.Fatalf("Failed to register versioned open api spec for root: %v", err) - } - - return openAPIVersionedService, spec -} - -// InstallV3 adds the static group/versions defined in the RegisteredWebServices to the OpenAPI v3 spec -func (oa OpenAPI) InstallV3(c *restful.Container, mux *mux.PathRecorderMux) *handler3.OpenAPIService { - openAPIVersionedService, err := handler3.NewOpenAPIService(nil) - if err != nil { - klog.Fatalf("Failed to create OpenAPIService: %v", err) - } - - err = openAPIVersionedService.RegisterOpenAPIV3VersionedService("/openapi/v3", mux) - if err != nil { - klog.Fatalf("Failed to register versioned open api spec for root: %v", err) - } - - grouped := make(map[string][]*restful.WebService) - - for _, t := range c.RegisteredWebServices() { - // Strip the "/" prefix from the name - gvName := t.RootPath()[1:] - grouped[gvName] = []*restful.WebService{t} - } - - for gv, ws := range grouped { - spec, err := builder3.BuildOpenAPISpec(ws, oa.Config) - if err != nil { - klog.Errorf("Failed to build OpenAPI v3 for group %s, %q", gv, err) - - } - openAPIVersionedService.UpdateGroupVersion(gv, spec) - } - return openAPIVersionedService -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/profiling.go b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/profiling.go deleted file mode 100644 index b57d590f52..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/profiling.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - "net/http" - "net/http/pprof" - - "k8s.io/apiserver/pkg/server/mux" -) - -// Profiling adds handlers for pprof under /debug/pprof. -type Profiling struct{} - -// Install adds the Profiling webservice to the given mux. -func (d Profiling) Install(c *mux.PathRecorderMux) { - c.UnlistedHandleFunc("/debug/pprof", redirectTo("/debug/pprof/")) - c.UnlistedHandlePrefix("/debug/pprof/", http.HandlerFunc(pprof.Index)) - c.UnlistedHandleFunc("/debug/pprof/profile", pprof.Profile) - c.UnlistedHandleFunc("/debug/pprof/symbol", pprof.Symbol) - c.UnlistedHandleFunc("/debug/pprof/trace", pprof.Trace) -} - -// redirectTo redirects request to a certain destination. -func redirectTo(to string) func(http.ResponseWriter, *http.Request) { - return func(rw http.ResponseWriter, req *http.Request) { - http.Redirect(rw, req, to, http.StatusFound) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/version.go b/etcd/vendor/k8s.io/apiserver/pkg/server/routes/version.go deleted file mode 100644 index d2235f2ee6..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/routes/version.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - "net/http" - - "github.com/emicklei/go-restful/v3" - - "k8s.io/apimachinery/pkg/version" - "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" -) - -// Version provides a webservice with version information. -type Version struct { - Version *version.Info -} - -// Install registers the APIServer's `/version` handler. -func (v Version) Install(c *restful.Container) { - if v.Version == nil { - return - } - - // Set up a service to return the git code version. - versionWS := new(restful.WebService) - versionWS.Path("/version") - versionWS.Doc("git code version from which this is built") - versionWS.Route( - versionWS.GET("/").To(v.handleVersion). - Doc("get the code version"). - Operation("getCodeVersion"). - Produces(restful.MIME_JSON). - Consumes(restful.MIME_JSON). - Writes(version.Info{})) - - c.Add(versionWS) -} - -// handleVersion writes the server's version information. -func (v Version) handleVersion(req *restful.Request, resp *restful.Response) { - responsewriters.WriteRawJSON(http.StatusOK, *v.Version, resp.ResponseWriter) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/secure_serving.go b/etcd/vendor/k8s.io/apiserver/pkg/server/secure_serving.go deleted file mode 100644 index 64bcc87ebf..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/secure_serving.go +++ /dev/null @@ -1,303 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "context" - "crypto/tls" - "fmt" - "io" - "log" - "net" - "net/http" - "os" - "strings" - "time" - - "golang.org/x/net/http2" - "k8s.io/component-base/cli/flag" - "k8s.io/klog/v2" - - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/endpoints/metrics" - "k8s.io/apiserver/pkg/server/dynamiccertificates" -) - -const ( - defaultKeepAlivePeriod = 3 * time.Minute -) - -// tlsConfig produces the tls.Config to serve with. -func (s *SecureServingInfo) tlsConfig(stopCh <-chan struct{}) (*tls.Config, error) { - tlsConfig := &tls.Config{ - // Can't use SSLv3 because of POODLE and BEAST - // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher - // Can't use TLSv1.1 because of RC4 cipher usage - MinVersion: tls.VersionTLS12, - // enable HTTP2 for go's 1.7 HTTP Server - NextProtos: []string{"h2", "http/1.1"}, - } - - // these are static aspects of the tls.Config - if s.DisableHTTP2 { - klog.Info("Forcing use of http/1.1 only") - tlsConfig.NextProtos = []string{"http/1.1"} - } - if s.MinTLSVersion > 0 { - tlsConfig.MinVersion = s.MinTLSVersion - } - if len(s.CipherSuites) > 0 { - tlsConfig.CipherSuites = s.CipherSuites - insecureCiphers := flag.InsecureTLSCiphers() - for i := 0; i < len(s.CipherSuites); i++ { - for cipherName, cipherID := range insecureCiphers { - if s.CipherSuites[i] == cipherID { - klog.Warningf("Use of insecure cipher '%s' detected.", cipherName) - } - } - } - } - - if s.ClientCA != nil { - // Populate PeerCertificates in requests, but don't reject connections without certificates - // This allows certificates to be validated by authenticators, while still allowing other auth types - tlsConfig.ClientAuth = tls.RequestClientCert - } - - if s.ClientCA != nil || s.Cert != nil || len(s.SNICerts) > 0 { - dynamicCertificateController := dynamiccertificates.NewDynamicServingCertificateController( - tlsConfig, - s.ClientCA, - s.Cert, - s.SNICerts, - nil, // TODO see how to plumb an event recorder down in here. For now this results in simply klog messages. - ) - - if s.ClientCA != nil { - s.ClientCA.AddListener(dynamicCertificateController) - } - if s.Cert != nil { - s.Cert.AddListener(dynamicCertificateController) - } - // generate a context from stopCh. This is to avoid modifying files which are relying on apiserver - // TODO: See if we can pass ctx to the current method - ctx, cancel := context.WithCancel(context.Background()) - go func() { - select { - case <-stopCh: - cancel() // stopCh closed, so cancel our context - case <-ctx.Done(): - } - }() - // start controllers if possible - if controller, ok := s.ClientCA.(dynamiccertificates.ControllerRunner); ok { - // runonce to try to prime data. If this fails, it's ok because we fail closed. - // Files are required to be populated already, so this is for convenience. - if err := controller.RunOnce(ctx); err != nil { - klog.Warningf("Initial population of client CA failed: %v", err) - } - - go controller.Run(ctx, 1) - } - if controller, ok := s.Cert.(dynamiccertificates.ControllerRunner); ok { - // runonce to try to prime data. If this fails, it's ok because we fail closed. - // Files are required to be populated already, so this is for convenience. - if err := controller.RunOnce(ctx); err != nil { - klog.Warningf("Initial population of default serving certificate failed: %v", err) - } - - go controller.Run(ctx, 1) - } - for _, sniCert := range s.SNICerts { - sniCert.AddListener(dynamicCertificateController) - if controller, ok := sniCert.(dynamiccertificates.ControllerRunner); ok { - // runonce to try to prime data. If this fails, it's ok because we fail closed. - // Files are required to be populated already, so this is for convenience. - if err := controller.RunOnce(ctx); err != nil { - klog.Warningf("Initial population of SNI serving certificate failed: %v", err) - } - - go controller.Run(ctx, 1) - } - } - - // runonce to try to prime data. If this fails, it's ok because we fail closed. - // Files are required to be populated already, so this is for convenience. - if err := dynamicCertificateController.RunOnce(); err != nil { - klog.Warningf("Initial population of dynamic certificates failed: %v", err) - } - go dynamicCertificateController.Run(1, stopCh) - - tlsConfig.GetConfigForClient = dynamicCertificateController.GetConfigForClient - } - - return tlsConfig, nil -} - -// Serve runs the secure http server. It fails only if certificates cannot be loaded or the initial listen call fails. -// The actual server loop (stoppable by closing stopCh) runs in a go routine, i.e. Serve does not block. -// It returns a stoppedCh that is closed when all non-hijacked active requests have been processed. -// It returns a listenerStoppedCh that is closed when the underlying http Server has stopped listening. -func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, <-chan struct{}, error) { - if s.Listener == nil { - return nil, nil, fmt.Errorf("listener must not be nil") - } - - tlsConfig, err := s.tlsConfig(stopCh) - if err != nil { - return nil, nil, err - } - - secureServer := &http.Server{ - Addr: s.Listener.Addr().String(), - Handler: handler, - MaxHeaderBytes: 1 << 20, - TLSConfig: tlsConfig, - - IdleTimeout: 90 * time.Second, // matches http.DefaultTransport keep-alive timeout - ReadHeaderTimeout: 32 * time.Second, // just shy of requestTimeoutUpperBound - } - - // At least 99% of serialized resources in surveyed clusters were smaller than 256kb. - // This should be big enough to accommodate most API POST requests in a single frame, - // and small enough to allow a per connection buffer of this size multiplied by `MaxConcurrentStreams`. - const resourceBody99Percentile = 256 * 1024 - - http2Options := &http2.Server{ - IdleTimeout: 90 * time.Second, // matches http.DefaultTransport keep-alive timeout - } - - // shrink the per-stream buffer and max framesize from the 1MB default while still accommodating most API POST requests in a single frame - http2Options.MaxUploadBufferPerStream = resourceBody99Percentile - http2Options.MaxReadFrameSize = resourceBody99Percentile - - // use the overridden concurrent streams setting or make the default of 250 explicit so we can size MaxUploadBufferPerConnection appropriately - if s.HTTP2MaxStreamsPerConnection > 0 { - http2Options.MaxConcurrentStreams = uint32(s.HTTP2MaxStreamsPerConnection) - } else { - http2Options.MaxConcurrentStreams = 250 - } - - // increase the connection buffer size from the 1MB default to handle the specified number of concurrent streams - http2Options.MaxUploadBufferPerConnection = http2Options.MaxUploadBufferPerStream * int32(http2Options.MaxConcurrentStreams) - - if !s.DisableHTTP2 { - // apply settings to the server - if err := http2.ConfigureServer(secureServer, http2Options); err != nil { - return nil, nil, fmt.Errorf("error configuring http2: %v", err) - } - } - - // use tlsHandshakeErrorWriter to handle messages of tls handshake error - tlsErrorWriter := &tlsHandshakeErrorWriter{os.Stderr} - tlsErrorLogger := log.New(tlsErrorWriter, "", 0) - secureServer.ErrorLog = tlsErrorLogger - - klog.Infof("Serving securely on %s", secureServer.Addr) - return RunServer(secureServer, s.Listener, shutdownTimeout, stopCh) -} - -// RunServer spawns a go-routine continuously serving until the stopCh is -// closed. -// It returns a stoppedCh that is closed when all non-hijacked active requests -// have been processed. -// This function does not block -// TODO: make private when insecure serving is gone from the kube-apiserver -func RunServer( - server *http.Server, - ln net.Listener, - shutDownTimeout time.Duration, - stopCh <-chan struct{}, -) (<-chan struct{}, <-chan struct{}, error) { - if ln == nil { - return nil, nil, fmt.Errorf("listener must not be nil") - } - - // Shutdown server gracefully. - serverShutdownCh, listenerStoppedCh := make(chan struct{}), make(chan struct{}) - go func() { - defer close(serverShutdownCh) - <-stopCh - ctx, cancel := context.WithTimeout(context.Background(), shutDownTimeout) - server.Shutdown(ctx) - cancel() - }() - - go func() { - defer utilruntime.HandleCrash() - defer close(listenerStoppedCh) - - var listener net.Listener - listener = tcpKeepAliveListener{ln} - if server.TLSConfig != nil { - listener = tls.NewListener(listener, server.TLSConfig) - } - - err := server.Serve(listener) - - msg := fmt.Sprintf("Stopped listening on %s", ln.Addr().String()) - select { - case <-stopCh: - klog.Info(msg) - default: - panic(fmt.Sprintf("%s due to error: %v", msg, err)) - } - }() - - return serverShutdownCh, listenerStoppedCh, nil -} - -// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted -// connections. It's used by ListenAndServe and ListenAndServeTLS so -// dead TCP connections (e.g. closing laptop mid-download) eventually -// go away. -// -// Copied from Go 1.7.2 net/http/server.go -type tcpKeepAliveListener struct { - net.Listener -} - -func (ln tcpKeepAliveListener) Accept() (net.Conn, error) { - c, err := ln.Listener.Accept() - if err != nil { - return nil, err - } - if tc, ok := c.(*net.TCPConn); ok { - tc.SetKeepAlive(true) - tc.SetKeepAlivePeriod(defaultKeepAlivePeriod) - } - return c, nil -} - -// tlsHandshakeErrorWriter writes TLS handshake errors to klog with -// trace level - V(5), to avoid flooding of tls handshake errors. -type tlsHandshakeErrorWriter struct { - out io.Writer -} - -const tlsHandshakeErrorPrefix = "http: TLS handshake error" - -func (w *tlsHandshakeErrorWriter) Write(p []byte) (int, error) { - if strings.Contains(string(p), tlsHandshakeErrorPrefix) { - klog.V(5).Info(string(p)) - metrics.TLSHandshakeErrors.Inc() - return len(p), nil - } - - // for non tls handshake error, log it as usual - return w.out.Write(p) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/signal.go b/etcd/vendor/k8s.io/apiserver/pkg/server/signal.go deleted file mode 100644 index bdd2728f8a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/signal.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "context" - "os" - "os/signal" - - "k8s.io/klog/v2" -) - -var onlyOneSignalHandler = make(chan struct{}) -var shutdownHandler chan os.Signal - -// SetupSignalHandler registered for SIGTERM and SIGINT. A stop channel is returned -// which is closed on one of these signals. If a second signal is caught, the program -// is terminated with exit code 1. -// Only one of SetupSignalContext and SetupSignalHandler should be called, and only can -// be called once. -func SetupSignalHandler() <-chan struct{} { - return SetupSignalContext().Done() -} - -// SetupSignalHandlerIgnoringFurtherSignals is the same as SetupSignalContext, except -// it ignores further exit signals after receiving the first one. -func SetupSignalHandlerIgnoringFurtherSignals() <-chan struct{} { - return SetupSignalContextNotExiting().Done() -} - -// SetupSignalContext is same as SetupSignalHandler, but a context.Context is returned. -// Only one of SetupSignalContext and SetupSignalHandler should be called, and only can -// be called once. -func SetupSignalContext() context.Context { - return setupSignalContext(true) -} - -// SetupSignalContextNotExiting is the same as SetupSignalContext, except -// it ignores further exit signals after receiving the first one. -func SetupSignalContextNotExiting() context.Context { - return setupSignalContext(false) -} - -func setupSignalContext(exitOnSecondSignal bool) context.Context { - close(onlyOneSignalHandler) // panics when called twice - - shutdownHandler = make(chan os.Signal, 2) - - ctx, cancel := context.WithCancel(context.Background()) - signal.Notify(shutdownHandler, shutdownSignals...) - go func() { - <-shutdownHandler - cancel() - if exitOnSecondSignal { - <-shutdownHandler - os.Exit(1) - } else { - for { - <-shutdownHandler - klog.Infof("Termination signal has been received already. Ignoring signal.") - } - } - }() - - return ctx -} - -// RequestShutdown emulates a received event that is considered as shutdown signal (SIGTERM/SIGINT) -// This returns whether a handler was notified -func RequestShutdown() bool { - if shutdownHandler != nil { - select { - case shutdownHandler <- shutdownSignals[0]: - return true - default: - } - } - - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/signal_posix.go b/etcd/vendor/k8s.io/apiserver/pkg/server/signal_posix.go deleted file mode 100644 index 7acb2038a1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/signal_posix.go +++ /dev/null @@ -1,27 +0,0 @@ -//go:build !windows -// +build !windows - -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "os" - "syscall" -) - -var shutdownSignals = []os.Signal{os.Interrupt, syscall.SIGTERM} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/signal_windows.go b/etcd/vendor/k8s.io/apiserver/pkg/server/signal_windows.go deleted file mode 100644 index e7645a2088..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/signal_windows.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package server - -import ( - "os" -) - -var shutdownSignals = []os.Signal{os.Interrupt} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/server/storage/doc.go deleted file mode 100644 index 36b0d22524..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package storage contains the plumbing to setup the etcd storage of the apiserver. -package storage // import "k8s.io/apiserver/pkg/server/storage" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/resource_config.go b/etcd/vendor/k8s.io/apiserver/pkg/server/storage/resource_config.go deleted file mode 100644 index ce8d1822aa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/resource_config.go +++ /dev/null @@ -1,153 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// APIResourceConfigSource is the interface to determine which groups and versions are enabled -type APIResourceConfigSource interface { - ResourceEnabled(resource schema.GroupVersionResource) bool - AnyResourceForGroupEnabled(group string) bool -} - -var _ APIResourceConfigSource = &ResourceConfig{} - -type ResourceConfig struct { - GroupVersionConfigs map[schema.GroupVersion]bool - ResourceConfigs map[schema.GroupVersionResource]bool -} - -func NewResourceConfig() *ResourceConfig { - return &ResourceConfig{GroupVersionConfigs: map[schema.GroupVersion]bool{}, ResourceConfigs: map[schema.GroupVersionResource]bool{}} -} - -// DisableMatchingVersions disables all group/versions for which the matcher function returns true. -// This will remove any preferences previously set on individual resources. -func (o *ResourceConfig) DisableMatchingVersions(matcher func(gv schema.GroupVersion) bool) { - for version := range o.GroupVersionConfigs { - if matcher(version) { - o.GroupVersionConfigs[version] = false - o.removeMatchingResourcePreferences(resourceMatcherForVersion(version)) - } - } -} - -// EnableMatchingVersions enables all group/versions for which the matcher function returns true. -// This will remove any preferences previously set on individual resources. -func (o *ResourceConfig) EnableMatchingVersions(matcher func(gv schema.GroupVersion) bool) { - for version := range o.GroupVersionConfigs { - if matcher(version) { - o.GroupVersionConfigs[version] = true - o.removeMatchingResourcePreferences(resourceMatcherForVersion(version)) - } - } -} - -// resourceMatcherForVersion matches resources in the specified version -func resourceMatcherForVersion(gv schema.GroupVersion) func(gvr schema.GroupVersionResource) bool { - return func(gvr schema.GroupVersionResource) bool { - return gv == gvr.GroupVersion() - } -} - -// removeMatchingResourcePreferences removes individual resource preferences that match. This is useful when an override of a version or level enablement should -// override the previously individual preferences. -func (o *ResourceConfig) removeMatchingResourcePreferences(matcher func(gvr schema.GroupVersionResource) bool) { - keysToRemove := []schema.GroupVersionResource{} - for k := range o.ResourceConfigs { - if matcher(k) { - keysToRemove = append(keysToRemove, k) - } - } - for _, k := range keysToRemove { - delete(o.ResourceConfigs, k) - } -} - -// DisableVersions disables the versions entirely. -// This will remove any preferences previously set on individual resources. -func (o *ResourceConfig) DisableVersions(versions ...schema.GroupVersion) { - for _, version := range versions { - o.GroupVersionConfigs[version] = false - - // a preference about a version takes priority over the previously set resources - o.removeMatchingResourcePreferences(resourceMatcherForVersion(version)) - } -} - -// EnableVersions enables all resources in a given groupVersion. -// This will remove any preferences previously set on individual resources. -func (o *ResourceConfig) EnableVersions(versions ...schema.GroupVersion) { - for _, version := range versions { - o.GroupVersionConfigs[version] = true - - // a preference about a version takes priority over the previously set resources - o.removeMatchingResourcePreferences(resourceMatcherForVersion(version)) - } - -} - -// TODO this must be removed and we enable/disable individual resources. -func (o *ResourceConfig) versionEnabled(version schema.GroupVersion) bool { - enabled, _ := o.GroupVersionConfigs[version] - return enabled -} - -func (o *ResourceConfig) DisableResources(resources ...schema.GroupVersionResource) { - for _, resource := range resources { - o.ResourceConfigs[resource] = false - } -} - -func (o *ResourceConfig) EnableResources(resources ...schema.GroupVersionResource) { - for _, resource := range resources { - o.ResourceConfigs[resource] = true - } -} - -func (o *ResourceConfig) ResourceEnabled(resource schema.GroupVersionResource) bool { - // if a resource is explicitly set, that takes priority over the preference of the version. - resourceEnabled, explicitlySet := o.ResourceConfigs[resource] - if explicitlySet { - return resourceEnabled - } - - if !o.versionEnabled(resource.GroupVersion()) { - return false - } - // they are enabled by default. - return true -} - -func (o *ResourceConfig) AnyResourceForGroupEnabled(group string) bool { - for version := range o.GroupVersionConfigs { - if version.Group == group { - if o.versionEnabled(version) { - return true - } - } - } - for resource := range o.ResourceConfigs { - if resource.Group == group && o.ResourceEnabled(resource) { - return true - } - } - - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/resource_encoding_config.go b/etcd/vendor/k8s.io/apiserver/pkg/server/storage/resource_encoding_config.go deleted file mode 100644 index efb22fbc8d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/resource_encoding_config.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -type ResourceEncodingConfig interface { - // StorageEncoding returns the serialization format for the resource. - // TODO this should actually return a GroupVersionKind since you can logically have multiple "matching" Kinds - // For now, it returns just the GroupVersion for consistency with old behavior - StorageEncodingFor(schema.GroupResource) (schema.GroupVersion, error) - - // InMemoryEncodingFor returns the groupVersion for the in memory representation the storage should convert to. - InMemoryEncodingFor(schema.GroupResource) (schema.GroupVersion, error) -} - -type DefaultResourceEncodingConfig struct { - // resources records the overriding encoding configs for individual resources. - resources map[schema.GroupResource]*OverridingResourceEncoding - scheme *runtime.Scheme -} - -type OverridingResourceEncoding struct { - ExternalResourceEncoding schema.GroupVersion - InternalResourceEncoding schema.GroupVersion -} - -var _ ResourceEncodingConfig = &DefaultResourceEncodingConfig{} - -func NewDefaultResourceEncodingConfig(scheme *runtime.Scheme) *DefaultResourceEncodingConfig { - return &DefaultResourceEncodingConfig{resources: map[schema.GroupResource]*OverridingResourceEncoding{}, scheme: scheme} -} - -func (o *DefaultResourceEncodingConfig) SetResourceEncoding(resourceBeingStored schema.GroupResource, externalEncodingVersion, internalVersion schema.GroupVersion) { - o.resources[resourceBeingStored] = &OverridingResourceEncoding{ - ExternalResourceEncoding: externalEncodingVersion, - InternalResourceEncoding: internalVersion, - } -} - -func (o *DefaultResourceEncodingConfig) StorageEncodingFor(resource schema.GroupResource) (schema.GroupVersion, error) { - if !o.scheme.IsGroupRegistered(resource.Group) { - return schema.GroupVersion{}, fmt.Errorf("group %q is not registered in scheme", resource.Group) - } - - resourceOverride, resourceExists := o.resources[resource] - if resourceExists { - return resourceOverride.ExternalResourceEncoding, nil - } - - // return the most preferred external version for the group - return o.scheme.PrioritizedVersionsForGroup(resource.Group)[0], nil -} - -func (o *DefaultResourceEncodingConfig) InMemoryEncodingFor(resource schema.GroupResource) (schema.GroupVersion, error) { - if !o.scheme.IsGroupRegistered(resource.Group) { - return schema.GroupVersion{}, fmt.Errorf("group %q is not registered in scheme", resource.Group) - } - - resourceOverride, resourceExists := o.resources[resource] - if resourceExists { - return resourceOverride.InternalResourceEncoding, nil - } - return schema.GroupVersion{Group: resource.Group, Version: runtime.APIVersionInternal}, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/storage_codec.go b/etcd/vendor/k8s.io/apiserver/pkg/server/storage/storage_codec.go deleted file mode 100644 index 4f5a398a08..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/storage_codec.go +++ /dev/null @@ -1,103 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "fmt" - "mime" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer/recognizer" - "k8s.io/apiserver/pkg/storage/storagebackend" -) - -// StorageCodecConfig are the arguments passed to newStorageCodecFn -type StorageCodecConfig struct { - StorageMediaType string - StorageSerializer runtime.StorageSerializer - StorageVersion schema.GroupVersion - MemoryVersion schema.GroupVersion - Config storagebackend.Config - - EncoderDecoratorFn func(runtime.Encoder) runtime.Encoder - DecoderDecoratorFn func([]runtime.Decoder) []runtime.Decoder -} - -// NewStorageCodec assembles a storage codec for the provided storage media type, the provided serializer, and the requested -// storage and memory versions. -func NewStorageCodec(opts StorageCodecConfig) (runtime.Codec, runtime.GroupVersioner, error) { - mediaType, _, err := mime.ParseMediaType(opts.StorageMediaType) - if err != nil { - return nil, nil, fmt.Errorf("%q is not a valid mime-type", opts.StorageMediaType) - } - - supportedMediaTypes := opts.StorageSerializer.SupportedMediaTypes() - serializer, ok := runtime.SerializerInfoForMediaType(supportedMediaTypes, mediaType) - if !ok { - supportedMediaTypeList := make([]string, len(supportedMediaTypes)) - for i, mediaType := range supportedMediaTypes { - supportedMediaTypeList[i] = mediaType.MediaType - } - return nil, nil, fmt.Errorf("unable to find serializer for %q, supported media types: %v", mediaType, supportedMediaTypeList) - } - - s := serializer.Serializer - - // Give callers the opportunity to wrap encoders and decoders. For decoders, each returned decoder will - // be passed to the recognizer so that multiple decoders are available. - var encoder runtime.Encoder = s - if opts.EncoderDecoratorFn != nil { - encoder = opts.EncoderDecoratorFn(encoder) - } - decoders := []runtime.Decoder{ - // selected decoder as the primary - s, - // universal deserializer as a fallback - opts.StorageSerializer.UniversalDeserializer(), - // base64-wrapped universal deserializer as a last resort. - // this allows reading base64-encoded protobuf, which should only exist if etcd2+protobuf was used at some point. - // data written that way could exist in etcd2, or could have been migrated to etcd3. - // TODO: flag this type of data if we encounter it, require migration (read to decode, write to persist using a supported encoder), and remove in 1.8 - runtime.NewBase64Serializer(nil, opts.StorageSerializer.UniversalDeserializer()), - } - if opts.DecoderDecoratorFn != nil { - decoders = opts.DecoderDecoratorFn(decoders) - } - - encodeVersioner := runtime.NewMultiGroupVersioner( - opts.StorageVersion, - schema.GroupKind{Group: opts.StorageVersion.Group}, - schema.GroupKind{Group: opts.MemoryVersion.Group}, - ) - - // Ensure the storage receives the correct version. - encoder = opts.StorageSerializer.EncoderForVersion( - encoder, - encodeVersioner, - ) - decoder := opts.StorageSerializer.DecoderToVersion( - recognizer.NewDecoder(decoders...), - runtime.NewCoercingMultiGroupVersioner( - opts.MemoryVersion, - schema.GroupKind{Group: opts.MemoryVersion.Group}, - schema.GroupKind{Group: opts.StorageVersion.Group}, - ), - ) - - return runtime.NewCodec(encoder, decoder), encodeVersioner, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/storage_factory.go b/etcd/vendor/k8s.io/apiserver/pkg/server/storage/storage_factory.go deleted file mode 100644 index 5b1c24446c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/server/storage/storage_factory.go +++ /dev/null @@ -1,349 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "crypto/tls" - "crypto/x509" - "io/ioutil" - "strings" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/storage/storagebackend" - utilfeature "k8s.io/apiserver/pkg/util/feature" -) - -// Backend describes the storage servers, the information here should be enough -// for health validations. -type Backend struct { - // the url of storage backend like: https://etcd.domain:2379 - Server string - // the required tls config - TLSConfig *tls.Config -} - -// StorageFactory is the interface to locate the storage for a given GroupResource -type StorageFactory interface { - // New finds the storage destination for the given group and resource. It will - // return an error if the group has no storage destination configured. - NewConfig(groupResource schema.GroupResource) (*storagebackend.ConfigForResource, error) - - // ResourcePrefix returns the overridden resource prefix for the GroupResource - // This allows for cohabitation of resources with different native types and provides - // centralized control over the shape of etcd directories - ResourcePrefix(groupResource schema.GroupResource) string - - // Backends gets all backends for all registered storage destinations. - // Used for getting all instances for health validations. - Backends() []Backend -} - -// DefaultStorageFactory takes a GroupResource and returns back its storage interface. This result includes: -// 1. Merged etcd config, including: auth, server locations, prefixes -// 2. Resource encodings for storage: group,version,kind to store as -// 3. Cohabitating default: some resources like hpa are exposed through multiple APIs. They must agree on 1 and 2 -type DefaultStorageFactory struct { - // StorageConfig describes how to create a storage backend in general. - // Its authentication information will be used for every storage.Interface returned. - StorageConfig storagebackend.Config - - Overrides map[schema.GroupResource]groupResourceOverrides - - DefaultResourcePrefixes map[schema.GroupResource]string - - // DefaultMediaType is the media type used to store resources. If it is not set, "application/json" is used. - DefaultMediaType string - - // DefaultSerializer is used to create encoders and decoders for the storage.Interface. - DefaultSerializer runtime.StorageSerializer - - // ResourceEncodingConfig describes how to encode a particular GroupVersionResource - ResourceEncodingConfig ResourceEncodingConfig - - // APIResourceConfigSource indicates whether the *storage* is enabled, NOT the API - // This is discrete from resource enablement because those are separate concerns. How this source is configured - // is left to the caller. - APIResourceConfigSource APIResourceConfigSource - - // newStorageCodecFn exists to be overwritten for unit testing. - newStorageCodecFn func(opts StorageCodecConfig) (codec runtime.Codec, encodeVersioner runtime.GroupVersioner, err error) -} - -type groupResourceOverrides struct { - // etcdLocation contains the list of "special" locations that are used for particular GroupResources - // These are merged on top of the StorageConfig when requesting the storage.Interface for a given GroupResource - etcdLocation []string - // etcdPrefix is the base location for a GroupResource. - etcdPrefix string - // etcdResourcePrefix is the location to use to store a particular type under the `etcdPrefix` location - // If empty, the default mapping is used. If the default mapping doesn't contain an entry, it will use - // the ToLowered name of the resource, not including the group. - etcdResourcePrefix string - // mediaType is the desired serializer to choose. If empty, the default is chosen. - mediaType string - // serializer contains the list of "special" serializers for a GroupResource. Resource=* means for the entire group - serializer runtime.StorageSerializer - // cohabitatingResources keeps track of which resources must be stored together. This happens when we have multiple ways - // of exposing one set of concepts. autoscaling.HPA and extensions.HPA as a for instance - // The order of the slice matters! It is the priority order of lookup for finding a storage location - cohabitatingResources []schema.GroupResource - // encoderDecoratorFn is optional and may wrap the provided encoder prior to being serialized. - encoderDecoratorFn func(runtime.Encoder) runtime.Encoder - // decoderDecoratorFn is optional and may wrap the provided decoders (can add new decoders). The order of - // returned decoders will be priority for attempt to decode. - decoderDecoratorFn func([]runtime.Decoder) []runtime.Decoder - // disablePaging will prevent paging on the provided resource. - disablePaging bool -} - -// Apply overrides the provided config and options if the override has a value in that position -func (o groupResourceOverrides) Apply(config *storagebackend.Config, options *StorageCodecConfig) { - if len(o.etcdLocation) > 0 { - config.Transport.ServerList = o.etcdLocation - } - if len(o.etcdPrefix) > 0 { - config.Prefix = o.etcdPrefix - } - - if len(o.mediaType) > 0 { - options.StorageMediaType = o.mediaType - } - if o.serializer != nil { - options.StorageSerializer = o.serializer - } - if o.encoderDecoratorFn != nil { - options.EncoderDecoratorFn = o.encoderDecoratorFn - } - if o.decoderDecoratorFn != nil { - options.DecoderDecoratorFn = o.decoderDecoratorFn - } - if o.disablePaging { - config.Paging = false - } -} - -var _ StorageFactory = &DefaultStorageFactory{} - -const AllResources = "*" - -func NewDefaultStorageFactory( - config storagebackend.Config, - defaultMediaType string, - defaultSerializer runtime.StorageSerializer, - resourceEncodingConfig ResourceEncodingConfig, - resourceConfig APIResourceConfigSource, - specialDefaultResourcePrefixes map[schema.GroupResource]string, -) *DefaultStorageFactory { - config.Paging = utilfeature.DefaultFeatureGate.Enabled(features.APIListChunking) - if len(defaultMediaType) == 0 { - defaultMediaType = runtime.ContentTypeJSON - } - return &DefaultStorageFactory{ - StorageConfig: config, - Overrides: map[schema.GroupResource]groupResourceOverrides{}, - DefaultMediaType: defaultMediaType, - DefaultSerializer: defaultSerializer, - ResourceEncodingConfig: resourceEncodingConfig, - APIResourceConfigSource: resourceConfig, - DefaultResourcePrefixes: specialDefaultResourcePrefixes, - - newStorageCodecFn: NewStorageCodec, - } -} - -func (s *DefaultStorageFactory) SetEtcdLocation(groupResource schema.GroupResource, location []string) { - overrides := s.Overrides[groupResource] - overrides.etcdLocation = location - s.Overrides[groupResource] = overrides -} - -func (s *DefaultStorageFactory) SetEtcdPrefix(groupResource schema.GroupResource, prefix string) { - overrides := s.Overrides[groupResource] - overrides.etcdPrefix = prefix - s.Overrides[groupResource] = overrides -} - -// SetDisableAPIListChunking allows a specific resource to disable paging at the storage layer, to prevent -// exposure of key names in continuations. This may be overridden by feature gates. -func (s *DefaultStorageFactory) SetDisableAPIListChunking(groupResource schema.GroupResource) { - overrides := s.Overrides[groupResource] - overrides.disablePaging = true - s.Overrides[groupResource] = overrides -} - -// SetResourceEtcdPrefix sets the prefix for a resource, but not the base-dir. You'll end up in `etcdPrefix/resourceEtcdPrefix`. -func (s *DefaultStorageFactory) SetResourceEtcdPrefix(groupResource schema.GroupResource, prefix string) { - overrides := s.Overrides[groupResource] - overrides.etcdResourcePrefix = prefix - s.Overrides[groupResource] = overrides -} - -func (s *DefaultStorageFactory) SetSerializer(groupResource schema.GroupResource, mediaType string, serializer runtime.StorageSerializer) { - overrides := s.Overrides[groupResource] - overrides.mediaType = mediaType - overrides.serializer = serializer - s.Overrides[groupResource] = overrides -} - -// AddCohabitatingResources links resources together the order of the slice matters! its the priority order of lookup for finding a storage location -func (s *DefaultStorageFactory) AddCohabitatingResources(groupResources ...schema.GroupResource) { - for _, groupResource := range groupResources { - overrides := s.Overrides[groupResource] - overrides.cohabitatingResources = groupResources - s.Overrides[groupResource] = overrides - } -} - -func (s *DefaultStorageFactory) AddSerializationChains(encoderDecoratorFn func(runtime.Encoder) runtime.Encoder, decoderDecoratorFn func([]runtime.Decoder) []runtime.Decoder, groupResources ...schema.GroupResource) { - for _, groupResource := range groupResources { - overrides := s.Overrides[groupResource] - overrides.encoderDecoratorFn = encoderDecoratorFn - overrides.decoderDecoratorFn = decoderDecoratorFn - s.Overrides[groupResource] = overrides - } -} - -func getAllResourcesAlias(resource schema.GroupResource) schema.GroupResource { - return schema.GroupResource{Group: resource.Group, Resource: AllResources} -} - -func (s *DefaultStorageFactory) getStorageGroupResource(groupResource schema.GroupResource) schema.GroupResource { - for _, potentialStorageResource := range s.Overrides[groupResource].cohabitatingResources { - // TODO deads2k or liggitt determine if have ever stored any of our cohabitating resources in a different location on new clusters - if s.APIResourceConfigSource.AnyResourceForGroupEnabled(potentialStorageResource.Group) { - return potentialStorageResource - } - } - - return groupResource -} - -// New finds the storage destination for the given group and resource. It will -// return an error if the group has no storage destination configured. -func (s *DefaultStorageFactory) NewConfig(groupResource schema.GroupResource) (*storagebackend.ConfigForResource, error) { - chosenStorageResource := s.getStorageGroupResource(groupResource) - - // operate on copy - storageConfig := s.StorageConfig - codecConfig := StorageCodecConfig{ - StorageMediaType: s.DefaultMediaType, - StorageSerializer: s.DefaultSerializer, - } - - if override, ok := s.Overrides[getAllResourcesAlias(chosenStorageResource)]; ok { - override.Apply(&storageConfig, &codecConfig) - } - if override, ok := s.Overrides[chosenStorageResource]; ok { - override.Apply(&storageConfig, &codecConfig) - } - - var err error - codecConfig.StorageVersion, err = s.ResourceEncodingConfig.StorageEncodingFor(chosenStorageResource) - if err != nil { - return nil, err - } - codecConfig.MemoryVersion, err = s.ResourceEncodingConfig.InMemoryEncodingFor(groupResource) - if err != nil { - return nil, err - } - codecConfig.Config = storageConfig - - storageConfig.Codec, storageConfig.EncodeVersioner, err = s.newStorageCodecFn(codecConfig) - if err != nil { - return nil, err - } - klog.V(3).Infof("storing %v in %v, reading as %v from %#v", groupResource, codecConfig.StorageVersion, codecConfig.MemoryVersion, codecConfig.Config) - - return storageConfig.ForResource(groupResource), nil -} - -// Backends returns all backends for all registered storage destinations. -// Used for getting all instances for health validations. -func (s *DefaultStorageFactory) Backends() []Backend { - return backends(s.StorageConfig, s.Overrides) -} - -// Backends returns all backends for all registered storage destinations. -// Used for getting all instances for health validations. -func Backends(storageConfig storagebackend.Config) []Backend { - return backends(storageConfig, nil) -} - -func backends(storageConfig storagebackend.Config, grOverrides map[schema.GroupResource]groupResourceOverrides) []Backend { - servers := sets.NewString(storageConfig.Transport.ServerList...) - - for _, overrides := range grOverrides { - servers.Insert(overrides.etcdLocation...) - } - - tlsConfig := &tls.Config{ - InsecureSkipVerify: true, - } - if len(storageConfig.Transport.CertFile) > 0 && len(storageConfig.Transport.KeyFile) > 0 { - cert, err := tls.LoadX509KeyPair(storageConfig.Transport.CertFile, storageConfig.Transport.KeyFile) - if err != nil { - klog.Errorf("failed to load key pair while getting backends: %s", err) - } else { - tlsConfig.Certificates = []tls.Certificate{cert} - } - } - if len(storageConfig.Transport.TrustedCAFile) > 0 { - if caCert, err := ioutil.ReadFile(storageConfig.Transport.TrustedCAFile); err != nil { - klog.Errorf("failed to read ca file while getting backends: %s", err) - } else { - caPool := x509.NewCertPool() - caPool.AppendCertsFromPEM(caCert) - tlsConfig.RootCAs = caPool - tlsConfig.InsecureSkipVerify = false - } - } - - backends := []Backend{} - for server := range servers { - backends = append(backends, Backend{ - Server: server, - // We can't share TLSConfig across different backends to avoid races. - // For more details see: https://pr.k8s.io/59338 - TLSConfig: tlsConfig.Clone(), - }) - } - return backends -} - -func (s *DefaultStorageFactory) ResourcePrefix(groupResource schema.GroupResource) string { - chosenStorageResource := s.getStorageGroupResource(groupResource) - groupOverride := s.Overrides[getAllResourcesAlias(chosenStorageResource)] - exactResourceOverride := s.Overrides[chosenStorageResource] - - etcdResourcePrefix := s.DefaultResourcePrefixes[chosenStorageResource] - if len(groupOverride.etcdResourcePrefix) > 0 { - etcdResourcePrefix = groupOverride.etcdResourcePrefix - } - if len(exactResourceOverride.etcdResourcePrefix) > 0 { - etcdResourcePrefix = exactResourceOverride.etcdResourcePrefix - } - if len(etcdResourcePrefix) == 0 { - etcdResourcePrefix = strings.ToLower(chosenStorageResource.Resource) - } - - return etcdResourcePrefix -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storage/OWNERS deleted file mode 100644 index c77bfe44b5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/OWNERS +++ /dev/null @@ -1,21 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - lavalamp - - liggitt - - wojtek-t -reviewers: - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - caesarxuchao - - mikedanese - - liggitt - - ncdc - - ingvagabund - - enj - - stevekuznetsov -emeritus_approvers: - - xiang90 - - timothysc diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/api_object_versioner.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/api_object_versioner.go deleted file mode 100644 index 9c77b09022..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/api_object_versioner.go +++ /dev/null @@ -1,130 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "fmt" - "strconv" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// APIObjectVersioner implements versioning and extracting etcd node information -// for objects that have an embedded ObjectMeta or ListMeta field. -type APIObjectVersioner struct{} - -// UpdateObject implements Versioner -func (a APIObjectVersioner) UpdateObject(obj runtime.Object, resourceVersion uint64) error { - accessor, err := meta.Accessor(obj) - if err != nil { - return err - } - versionString := "" - if resourceVersion != 0 { - versionString = strconv.FormatUint(resourceVersion, 10) - } - accessor.SetResourceVersion(versionString) - return nil -} - -// UpdateList implements Versioner -func (a APIObjectVersioner) UpdateList(obj runtime.Object, resourceVersion uint64, nextKey string, count *int64) error { - if resourceVersion == 0 { - return fmt.Errorf("illegal resource version from storage: %d", resourceVersion) - } - listAccessor, err := meta.ListAccessor(obj) - if err != nil || listAccessor == nil { - return err - } - versionString := strconv.FormatUint(resourceVersion, 10) - listAccessor.SetResourceVersion(versionString) - listAccessor.SetContinue(nextKey) - listAccessor.SetRemainingItemCount(count) - return nil -} - -// PrepareObjectForStorage clears resourceVersion and selfLink prior to writing to etcd. -func (a APIObjectVersioner) PrepareObjectForStorage(obj runtime.Object) error { - accessor, err := meta.Accessor(obj) - if err != nil { - return err - } - accessor.SetResourceVersion("") - accessor.SetSelfLink("") - return nil -} - -// ObjectResourceVersion implements Versioner -func (a APIObjectVersioner) ObjectResourceVersion(obj runtime.Object) (uint64, error) { - accessor, err := meta.Accessor(obj) - if err != nil { - return 0, err - } - version := accessor.GetResourceVersion() - if len(version) == 0 { - return 0, nil - } - return strconv.ParseUint(version, 10, 64) -} - -// ParseResourceVersion takes a resource version argument and converts it to -// the etcd version. For watch we should pass to helper.Watch(). Because resourceVersion is -// an opaque value, the default watch behavior for non-zero watch is to watch -// the next value (if you pass "1", you will see updates from "2" onwards). -func (a APIObjectVersioner) ParseResourceVersion(resourceVersion string) (uint64, error) { - if resourceVersion == "" || resourceVersion == "0" { - return 0, nil - } - version, err := strconv.ParseUint(resourceVersion, 10, 64) - if err != nil { - return 0, NewInvalidError(field.ErrorList{ - // Validation errors are supposed to return version-specific field - // paths, but this is probably close enough. - field.Invalid(field.NewPath("resourceVersion"), resourceVersion, err.Error()), - }) - } - return version, nil -} - -// Versioner implements Versioner -var _ Versioner = APIObjectVersioner{} - -// CompareResourceVersion compares etcd resource versions. Outside this API they are all strings, -// but etcd resource versions are special, they're actually ints, so we can easily compare them. -func (a APIObjectVersioner) CompareResourceVersion(lhs, rhs runtime.Object) int { - lhsVersion, err := a.ObjectResourceVersion(lhs) - if err != nil { - // coder error - panic(err) - } - rhsVersion, err := a.ObjectResourceVersion(rhs) - if err != nil { - // coder error - panic(err) - } - - if lhsVersion == rhsVersion { - return 0 - } - if lhsVersion < rhsVersion { - return -1 - } - - return 1 -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go deleted file mode 100644 index dfa2115790..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go +++ /dev/null @@ -1,1519 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cacher - -import ( - "context" - "fmt" - "net/http" - "reflect" - "sync" - "time" - - "go.opentelemetry.io/otel/attribute" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/cacher/metrics" - utilfeature "k8s.io/apiserver/pkg/util/feature" - utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" - "k8s.io/client-go/tools/cache" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -var ( - emptyFunc = func(bool) {} -) - -const ( - // storageWatchListPageSize is the cacher's request chunk size of - // initial and resync watch lists to storage. - storageWatchListPageSize = int64(10000) - // defaultBookmarkFrequency defines how frequently watch bookmarks should be send - // in addition to sending a bookmark right before watch deadline. - // - // NOTE: Update `eventFreshDuration` when changing this value. - defaultBookmarkFrequency = time.Minute -) - -// Config contains the configuration for a given Cache. -type Config struct { - // An underlying storage.Interface. - Storage storage.Interface - - // An underlying storage.Versioner. - Versioner storage.Versioner - - // The GroupResource the cacher is caching. Used for disambiguating *unstructured.Unstructured (CRDs) in logging - // and metrics. - GroupResource schema.GroupResource - - // The Cache will be caching objects of a given Type and assumes that they - // are all stored under ResourcePrefix directory in the underlying database. - ResourcePrefix string - - // KeyFunc is used to get a key in the underlying storage for a given object. - KeyFunc func(runtime.Object) (string, error) - - // GetAttrsFunc is used to get object labels, fields - GetAttrsFunc func(runtime.Object) (label labels.Set, field fields.Set, err error) - - // IndexerFuncs is used for optimizing amount of watchers that - // needs to process an incoming event. - IndexerFuncs storage.IndexerFuncs - - // Indexers is used to accelerate the list operation, falls back to regular list - // operation if no indexer found. - Indexers *cache.Indexers - - // NewFunc is a function that creates new empty object storing a object of type Type. - NewFunc func() runtime.Object - - // NewList is a function that creates new empty object storing a list of - // objects of type Type. - NewListFunc func() runtime.Object - - Codec runtime.Codec - - Clock clock.Clock -} - -type watchersMap map[int]*cacheWatcher - -func (wm watchersMap) addWatcher(w *cacheWatcher, number int) { - wm[number] = w -} - -func (wm watchersMap) deleteWatcher(number int, done func(*cacheWatcher)) { - if watcher, ok := wm[number]; ok { - delete(wm, number) - done(watcher) - } -} - -func (wm watchersMap) terminateAll(done func(*cacheWatcher)) { - for key, watcher := range wm { - delete(wm, key) - done(watcher) - } -} - -type indexedWatchers struct { - allWatchers watchersMap - valueWatchers map[string]watchersMap -} - -func (i *indexedWatchers) addWatcher(w *cacheWatcher, number int, value string, supported bool) { - if supported { - if _, ok := i.valueWatchers[value]; !ok { - i.valueWatchers[value] = watchersMap{} - } - i.valueWatchers[value].addWatcher(w, number) - } else { - i.allWatchers.addWatcher(w, number) - } -} - -func (i *indexedWatchers) deleteWatcher(number int, value string, supported bool, done func(*cacheWatcher)) { - if supported { - i.valueWatchers[value].deleteWatcher(number, done) - if len(i.valueWatchers[value]) == 0 { - delete(i.valueWatchers, value) - } - } else { - i.allWatchers.deleteWatcher(number, done) - } -} - -func (i *indexedWatchers) terminateAll(groupResource schema.GroupResource, done func(*cacheWatcher)) { - // note that we don't have to call setDrainInputBufferLocked method on the watchers - // because we take advantage of the default value - stop immediately - // also watchers that have had already its draining strategy set - // are no longer available (they were removed from the allWatchers and the valueWatchers maps) - if len(i.allWatchers) > 0 || len(i.valueWatchers) > 0 { - klog.Warningf("Terminating all watchers from cacher %v", groupResource) - } - i.allWatchers.terminateAll(done) - for _, watchers := range i.valueWatchers { - watchers.terminateAll(done) - } - i.valueWatchers = map[string]watchersMap{} -} - -// As we don't need a high precision here, we keep all watchers timeout within a -// second in a bucket, and pop up them once at the timeout. To be more specific, -// if you set fire time at X, you can get the bookmark within (X-1,X+1) period. -type watcherBookmarkTimeBuckets struct { - lock sync.Mutex - // the key of watcherBuckets is the number of seconds since createTime - watchersBuckets map[int64][]*cacheWatcher - createTime time.Time - startBucketID int64 - clock clock.Clock - bookmarkFrequency time.Duration -} - -func newTimeBucketWatchers(clock clock.Clock, bookmarkFrequency time.Duration) *watcherBookmarkTimeBuckets { - return &watcherBookmarkTimeBuckets{ - watchersBuckets: make(map[int64][]*cacheWatcher), - createTime: clock.Now(), - startBucketID: 0, - clock: clock, - bookmarkFrequency: bookmarkFrequency, - } -} - -// adds a watcher to the bucket, if the deadline is before the start, it will be -// added to the first one. -func (t *watcherBookmarkTimeBuckets) addWatcher(w *cacheWatcher) bool { - // note that the returned time can be before t.createTime, - // especially in cases when the nextBookmarkTime method - // give us the zero value of type Time - // so buckedID can hold a negative value - nextTime, ok := w.nextBookmarkTime(t.clock.Now(), t.bookmarkFrequency) - if !ok { - return false - } - bucketID := int64(nextTime.Sub(t.createTime) / time.Second) - t.lock.Lock() - defer t.lock.Unlock() - if bucketID < t.startBucketID { - bucketID = t.startBucketID - } - watchers := t.watchersBuckets[bucketID] - t.watchersBuckets[bucketID] = append(watchers, w) - return true -} - -func (t *watcherBookmarkTimeBuckets) popExpiredWatchers() [][]*cacheWatcher { - currentBucketID := int64(t.clock.Since(t.createTime) / time.Second) - // There should be one or two elements in almost all cases - expiredWatchers := make([][]*cacheWatcher, 0, 2) - t.lock.Lock() - defer t.lock.Unlock() - for ; t.startBucketID <= currentBucketID; t.startBucketID++ { - if watchers, ok := t.watchersBuckets[t.startBucketID]; ok { - delete(t.watchersBuckets, t.startBucketID) - expiredWatchers = append(expiredWatchers, watchers) - } - } - return expiredWatchers -} - -type filterWithAttrsFunc func(key string, l labels.Set, f fields.Set) bool - -type indexedTriggerFunc struct { - indexName string - indexerFunc storage.IndexerFunc -} - -// Cacher is responsible for serving WATCH and LIST requests for a given -// resource from its internal cache and updating its cache in the background -// based on the underlying storage contents. -// Cacher implements storage.Interface (although most of the calls are just -// delegated to the underlying storage). -type Cacher struct { - // HighWaterMarks for performance debugging. - // Important: Since HighWaterMark is using sync/atomic, it has to be at the top of the struct due to a bug on 32-bit platforms - // See: https://golang.org/pkg/sync/atomic/ for more information - incomingHWM storage.HighWaterMark - // Incoming events that should be dispatched to watchers. - incoming chan watchCacheEvent - - resourcePrefix string - - sync.RWMutex - - // Before accessing the cacher's cache, wait for the ready to be ok. - // This is necessary to prevent users from accessing structures that are - // uninitialized or are being repopulated right now. - // ready needs to be set to false when the cacher is paused or stopped. - // ready needs to be set to true when the cacher is ready to use after - // initialization. - ready *ready - - // Underlying storage.Interface. - storage storage.Interface - - // Expected type of objects in the underlying cache. - objectType reflect.Type - // Used for logging, to disambiguate *unstructured.Unstructured (CRDs) - groupResource schema.GroupResource - - // "sliding window" of recent changes of objects and the current state. - watchCache *watchCache - reflector *cache.Reflector - - // Versioner is used to handle resource versions. - versioner storage.Versioner - - // newFunc is a function that creates new empty object storing a object of type Type. - newFunc func() runtime.Object - - // indexedTrigger is used for optimizing amount of watchers that needs to process - // an incoming event. - indexedTrigger *indexedTriggerFunc - // watchers is mapping from the value of trigger function that a - // watcher is interested into the watchers - watcherIdx int - watchers indexedWatchers - - // Defines a time budget that can be spend on waiting for not-ready watchers - // while dispatching event before shutting them down. - dispatchTimeoutBudget timeBudget - - // Handling graceful termination. - stopLock sync.RWMutex - stopped bool - stopCh chan struct{} - stopWg sync.WaitGroup - - clock clock.Clock - // timer is used to avoid unnecessary allocations in underlying watchers. - timer *time.Timer - - // dispatching determines whether there is currently dispatching of - // any event in flight. - dispatching bool - // watchersBuffer is a list of watchers potentially interested in currently - // dispatched event. - watchersBuffer []*cacheWatcher - // blockedWatchers is a list of watchers whose buffer is currently full. - blockedWatchers []*cacheWatcher - // watchersToStop is a list of watchers that were supposed to be stopped - // during current dispatching, but stopping was deferred to the end of - // dispatching that event to avoid race with closing channels in watchers. - watchersToStop []*cacheWatcher - // Maintain a timeout queue to send the bookmark event before the watcher times out. - bookmarkWatchers *watcherBookmarkTimeBuckets - // expiredBookmarkWatchers is a list of watchers that were expired and need to be schedule for a next bookmark event - expiredBookmarkWatchers []*cacheWatcher -} - -// NewCacherFromConfig creates a new Cacher responsible for servicing WATCH and LIST requests from -// its internal cache and updating its cache in the background based on the -// given configuration. -func NewCacherFromConfig(config Config) (*Cacher, error) { - stopCh := make(chan struct{}) - obj := config.NewFunc() - // Give this error when it is constructed rather than when you get the - // first watch item, because it's much easier to track down that way. - if err := runtime.CheckCodec(config.Codec, obj); err != nil { - return nil, fmt.Errorf("storage codec doesn't seem to match given type: %v", err) - } - - var indexedTrigger *indexedTriggerFunc - if config.IndexerFuncs != nil { - // For now, we don't support multiple trigger functions defined - // for a given resource. - if len(config.IndexerFuncs) > 1 { - return nil, fmt.Errorf("cacher %s doesn't support more than one IndexerFunc: ", reflect.TypeOf(obj).String()) - } - for key, value := range config.IndexerFuncs { - if value != nil { - indexedTrigger = &indexedTriggerFunc{ - indexName: key, - indexerFunc: value, - } - } - } - } - - if config.Clock == nil { - config.Clock = clock.RealClock{} - } - objType := reflect.TypeOf(obj) - cacher := &Cacher{ - resourcePrefix: config.ResourcePrefix, - ready: newReady(), - storage: config.Storage, - objectType: objType, - groupResource: config.GroupResource, - versioner: config.Versioner, - newFunc: config.NewFunc, - indexedTrigger: indexedTrigger, - watcherIdx: 0, - watchers: indexedWatchers{ - allWatchers: make(map[int]*cacheWatcher), - valueWatchers: make(map[string]watchersMap), - }, - // TODO: Figure out the correct value for the buffer size. - incoming: make(chan watchCacheEvent, 100), - dispatchTimeoutBudget: newTimeBudget(), - // We need to (potentially) stop both: - // - wait.Until go-routine - // - reflector.ListAndWatch - // and there are no guarantees on the order that they will stop. - // So we will be simply closing the channel, and synchronizing on the WaitGroup. - stopCh: stopCh, - clock: config.Clock, - timer: time.NewTimer(time.Duration(0)), - bookmarkWatchers: newTimeBucketWatchers(config.Clock, defaultBookmarkFrequency), - } - - // Ensure that timer is stopped. - if !cacher.timer.Stop() { - // Consume triggered (but not yet received) timer event - // so that future reuse does not get a spurious timeout. - <-cacher.timer.C - } - - watchCache := newWatchCache( - config.KeyFunc, cacher.processEvent, config.GetAttrsFunc, config.Versioner, config.Indexers, config.Clock, config.GroupResource) - listerWatcher := NewCacherListerWatcher(config.Storage, config.ResourcePrefix, config.NewListFunc) - reflectorName := "storage/cacher.go:" + config.ResourcePrefix - - reflector := cache.NewNamedReflector(reflectorName, listerWatcher, obj, watchCache, 0) - // Configure reflector's pager to for an appropriate pagination chunk size for fetching data from - // storage. The pager falls back to full list if paginated list calls fail due to an "Expired" error. - reflector.WatchListPageSize = storageWatchListPageSize - // When etcd loses leader for 3 cycles, it returns error "no leader". - // We don't want to terminate all watchers as recreating all watchers puts high load on api-server. - // In most of the cases, leader is reelected within few cycles. - reflector.MaxInternalErrorRetryDuration = time.Second * 30 - - cacher.watchCache = watchCache - cacher.reflector = reflector - - go cacher.dispatchEvents() - - cacher.stopWg.Add(1) - go func() { - defer cacher.stopWg.Done() - defer cacher.terminateAllWatchers() - wait.Until( - func() { - if !cacher.isStopped() { - cacher.startCaching(stopCh) - } - }, time.Second, stopCh, - ) - }() - - return cacher, nil -} - -func (c *Cacher) startCaching(stopChannel <-chan struct{}) { - // The 'usable' lock is always 'RLock'able when it is safe to use the cache. - // It is safe to use the cache after a successful list until a disconnection. - // We start with usable (write) locked. The below OnReplace function will - // unlock it after a successful list. The below defer will then re-lock - // it when this function exits (always due to disconnection), only if - // we actually got a successful list. This cycle will repeat as needed. - successfulList := false - c.watchCache.SetOnReplace(func() { - successfulList = true - c.ready.set(true) - klog.V(1).Infof("cacher (%v): initialized", c.groupResource.String()) - metrics.WatchCacheInitializations.WithLabelValues(c.groupResource.String()).Inc() - }) - defer func() { - if successfulList { - c.ready.set(false) - } - }() - - c.terminateAllWatchers() - // Note that since onReplace may be not called due to errors, we explicitly - // need to retry it on errors under lock. - // Also note that startCaching is called in a loop, so there's no need - // to have another loop here. - if err := c.reflector.ListAndWatch(stopChannel); err != nil { - klog.Errorf("cacher (%v): unexpected ListAndWatch error: %v; reinitializing...", c.groupResource.String(), err) - } -} - -// Versioner implements storage.Interface. -func (c *Cacher) Versioner() storage.Versioner { - return c.storage.Versioner() -} - -// Create implements storage.Interface. -func (c *Cacher) Create(ctx context.Context, key string, obj, out runtime.Object, ttl uint64) error { - return c.storage.Create(ctx, key, obj, out, ttl) -} - -// Delete implements storage.Interface. -func (c *Cacher) Delete( - ctx context.Context, key string, out runtime.Object, preconditions *storage.Preconditions, - validateDeletion storage.ValidateObjectFunc, _ runtime.Object) error { - // Ignore the suggestion and try to pass down the current version of the object - // read from cache. - if elem, exists, err := c.watchCache.GetByKey(key); err != nil { - klog.Errorf("GetByKey returned error: %v", err) - } else if exists { - // DeepCopy the object since we modify resource version when serializing the - // current object. - currObj := elem.(*storeElement).Object.DeepCopyObject() - return c.storage.Delete(ctx, key, out, preconditions, validateDeletion, currObj) - } - // If we couldn't get the object, fallback to no-suggestion. - return c.storage.Delete(ctx, key, out, preconditions, validateDeletion, nil) -} - -// Watch implements storage.Interface. -func (c *Cacher) Watch(ctx context.Context, key string, opts storage.ListOptions) (watch.Interface, error) { - pred := opts.Predicate - watchRV, err := c.versioner.ParseResourceVersion(opts.ResourceVersion) - if err != nil { - return nil, err - } - - if err := c.ready.wait(); err != nil { - return nil, errors.NewServiceUnavailable(err.Error()) - } - - triggerValue, triggerSupported := "", false - if c.indexedTrigger != nil { - for _, field := range pred.IndexFields { - if field == c.indexedTrigger.indexName { - if value, ok := pred.Field.RequiresExactMatch(field); ok { - triggerValue, triggerSupported = value, true - } - } - } - } - - // It boils down to a tradeoff between: - // - having it as small as possible to reduce memory usage - // - having it large enough to ensure that watchers that need to process - // a bunch of changes have enough buffer to avoid from blocking other - // watchers on our watcher having a processing hiccup - chanSize := c.watchCache.suggestedWatchChannelSize(c.indexedTrigger != nil, triggerSupported) - - // Determine watch timeout('0' means deadline is not set, ignore checking) - deadline, _ := ctx.Deadline() - - identifier := fmt.Sprintf("key: %q, labels: %q, fields: %q", key, pred.Label, pred.Field) - - // Create a watcher here to reduce memory allocations under lock, - // given that memory allocation may trigger GC and block the thread. - // Also note that emptyFunc is a placeholder, until we will be able - // to compute watcher.forget function (which has to happen under lock). - watcher := newCacheWatcher( - chanSize, - filterWithAttrsFunction(key, pred), - emptyFunc, - c.versioner, - deadline, - pred.AllowWatchBookmarks, - c.groupResource, - identifier, - ) - - // We explicitly use thread unsafe version and do locking ourself to ensure that - // no new events will be processed in the meantime. The watchCache will be unlocked - // on return from this function. - // Note that we cannot do it under Cacher lock, to avoid a deadlock, since the - // underlying watchCache is calling processEvent under its lock. - c.watchCache.RLock() - defer c.watchCache.RUnlock() - cacheInterval, err := c.watchCache.getAllEventsSinceLocked(watchRV) - if err != nil { - // To match the uncached watch implementation, once we have passed authn/authz/admission, - // and successfully parsed a resource version, other errors must fail with a watch event of type ERROR, - // rather than a directly returned error. - return newErrWatcher(err), nil - } - - func() { - c.Lock() - defer c.Unlock() - // Update watcher.forget function once we can compute it. - watcher.forget = forgetWatcher(c, watcher, c.watcherIdx, triggerValue, triggerSupported) - c.watchers.addWatcher(watcher, c.watcherIdx, triggerValue, triggerSupported) - - // Add it to the queue only when the client support watch bookmarks. - if watcher.allowWatchBookmarks { - c.bookmarkWatchers.addWatcher(watcher) - } - c.watcherIdx++ - }() - - go watcher.processInterval(ctx, cacheInterval, watchRV) - return watcher, nil -} - -// Get implements storage.Interface. -func (c *Cacher) Get(ctx context.Context, key string, opts storage.GetOptions, objPtr runtime.Object) error { - if opts.ResourceVersion == "" { - // If resourceVersion is not specified, serve it from underlying - // storage (for backward compatibility). - return c.storage.Get(ctx, key, opts, objPtr) - } - - // If resourceVersion is specified, serve it from cache. - // It's guaranteed that the returned value is at least that - // fresh as the given resourceVersion. - getRV, err := c.versioner.ParseResourceVersion(opts.ResourceVersion) - if err != nil { - return err - } - - if getRV == 0 && !c.ready.check() { - // If Cacher is not yet initialized and we don't require any specific - // minimal resource version, simply forward the request to storage. - return c.storage.Get(ctx, key, opts, objPtr) - } - - // Do not create a trace - it's not for free and there are tons - // of Get requests. We can add it if it will be really needed. - if err := c.ready.wait(); err != nil { - return errors.NewServiceUnavailable(err.Error()) - } - - objVal, err := conversion.EnforcePtr(objPtr) - if err != nil { - return err - } - - obj, exists, readResourceVersion, err := c.watchCache.WaitUntilFreshAndGet(ctx, getRV, key) - if err != nil { - return err - } - - if exists { - elem, ok := obj.(*storeElement) - if !ok { - return fmt.Errorf("non *storeElement returned from storage: %v", obj) - } - objVal.Set(reflect.ValueOf(elem.Object).Elem()) - } else { - objVal.Set(reflect.Zero(objVal.Type())) - if !opts.IgnoreNotFound { - return storage.NewKeyNotFoundError(key, int64(readResourceVersion)) - } - } - return nil -} - -// NOTICE: Keep in sync with shouldListFromStorage function in -// -// staging/src/k8s.io/apiserver/pkg/util/flowcontrol/request/list_work_estimator.go -func shouldDelegateList(opts storage.ListOptions) bool { - resourceVersion := opts.ResourceVersion - pred := opts.Predicate - pagingEnabled := utilfeature.DefaultFeatureGate.Enabled(features.APIListChunking) - hasContinuation := pagingEnabled && len(pred.Continue) > 0 - hasLimit := pagingEnabled && pred.Limit > 0 && resourceVersion != "0" - - // If resourceVersion is not specified, serve it from underlying - // storage (for backward compatibility). If a continuation is - // requested, serve it from the underlying storage as well. - // Limits are only sent to storage when resourceVersion is non-zero - // since the watch cache isn't able to perform continuations, and - // limits are ignored when resource version is zero - return resourceVersion == "" || hasContinuation || hasLimit || opts.ResourceVersionMatch == metav1.ResourceVersionMatchExact -} - -func (c *Cacher) listItems(ctx context.Context, listRV uint64, key string, pred storage.SelectionPredicate, recursive bool) ([]interface{}, uint64, string, error) { - if !recursive { - obj, exists, readResourceVersion, err := c.watchCache.WaitUntilFreshAndGet(ctx, listRV, key) - if err != nil { - return nil, 0, "", err - } - if exists { - return []interface{}{obj}, readResourceVersion, "", nil - } - return nil, readResourceVersion, "", nil - } - return c.watchCache.WaitUntilFreshAndList(ctx, listRV, pred.MatcherIndex()) -} - -// GetList implements storage.Interface -func (c *Cacher) GetList(ctx context.Context, key string, opts storage.ListOptions, listObj runtime.Object) error { - recursive := opts.Recursive - resourceVersion := opts.ResourceVersion - pred := opts.Predicate - if shouldDelegateList(opts) { - return c.storage.GetList(ctx, key, opts, listObj) - } - - // If resourceVersion is specified, serve it from cache. - // It's guaranteed that the returned value is at least that - // fresh as the given resourceVersion. - listRV, err := c.versioner.ParseResourceVersion(resourceVersion) - if err != nil { - return err - } - - if listRV == 0 && !c.ready.check() { - // If Cacher is not yet initialized and we don't require any specific - // minimal resource version, simply forward the request to storage. - return c.storage.GetList(ctx, key, opts, listObj) - } - - ctx, span := tracing.Start(ctx, "cacher list", - attribute.String("audit-id", audit.GetAuditIDTruncated(ctx)), - attribute.Stringer("type", c.groupResource)) - defer span.End(500 * time.Millisecond) - - if err := c.ready.wait(); err != nil { - return errors.NewServiceUnavailable(err.Error()) - } - span.AddEvent("Ready") - - // List elements with at least 'listRV' from cache. - listPtr, err := meta.GetItemsPtr(listObj) - if err != nil { - return err - } - listVal, err := conversion.EnforcePtr(listPtr) - if err != nil { - return err - } - if listVal.Kind() != reflect.Slice { - return fmt.Errorf("need a pointer to slice, got %v", listVal.Kind()) - } - filter := filterWithAttrsFunction(key, pred) - - objs, readResourceVersion, indexUsed, err := c.listItems(ctx, listRV, key, pred, recursive) - if err != nil { - return err - } - span.AddEvent("Listed items from cache", attribute.Int("count", len(objs))) - if len(objs) > listVal.Cap() && pred.Label.Empty() && pred.Field.Empty() { - // Resize the slice appropriately, since we already know that none - // of the elements will be filtered out. - listVal.Set(reflect.MakeSlice(reflect.SliceOf(c.objectType.Elem()), 0, len(objs))) - span.AddEvent("Resized result") - } - for _, obj := range objs { - elem, ok := obj.(*storeElement) - if !ok { - return fmt.Errorf("non *storeElement returned from storage: %v", obj) - } - if filter(elem.Key, elem.Labels, elem.Fields) { - listVal.Set(reflect.Append(listVal, reflect.ValueOf(elem.Object).Elem())) - } - } - span.AddEvent("Filtered items", attribute.Int("count", listVal.Len())) - if c.versioner != nil { - if err := c.versioner.UpdateList(listObj, readResourceVersion, "", nil); err != nil { - return err - } - } - metrics.RecordListCacheMetrics(c.resourcePrefix, indexUsed, len(objs), listVal.Len()) - return nil -} - -// GuaranteedUpdate implements storage.Interface. -func (c *Cacher) GuaranteedUpdate( - ctx context.Context, key string, destination runtime.Object, ignoreNotFound bool, - preconditions *storage.Preconditions, tryUpdate storage.UpdateFunc, _ runtime.Object) error { - // Ignore the suggestion and try to pass down the current version of the object - // read from cache. - if elem, exists, err := c.watchCache.GetByKey(key); err != nil { - klog.Errorf("GetByKey returned error: %v", err) - } else if exists { - // DeepCopy the object since we modify resource version when serializing the - // current object. - currObj := elem.(*storeElement).Object.DeepCopyObject() - return c.storage.GuaranteedUpdate(ctx, key, destination, ignoreNotFound, preconditions, tryUpdate, currObj) - } - // If we couldn't get the object, fallback to no-suggestion. - return c.storage.GuaranteedUpdate(ctx, key, destination, ignoreNotFound, preconditions, tryUpdate, nil) -} - -// Count implements storage.Interface. -func (c *Cacher) Count(pathPrefix string) (int64, error) { - return c.storage.Count(pathPrefix) -} - -// baseObjectThreadUnsafe omits locking for cachingObject. -func baseObjectThreadUnsafe(object runtime.Object) runtime.Object { - if co, ok := object.(*cachingObject); ok { - return co.object - } - return object -} - -func (c *Cacher) triggerValuesThreadUnsafe(event *watchCacheEvent) ([]string, bool) { - if c.indexedTrigger == nil { - return nil, false - } - - result := make([]string, 0, 2) - result = append(result, c.indexedTrigger.indexerFunc(baseObjectThreadUnsafe(event.Object))) - if event.PrevObject == nil { - return result, true - } - prevTriggerValue := c.indexedTrigger.indexerFunc(baseObjectThreadUnsafe(event.PrevObject)) - if result[0] != prevTriggerValue { - result = append(result, prevTriggerValue) - } - return result, true -} - -func (c *Cacher) processEvent(event *watchCacheEvent) { - if curLen := int64(len(c.incoming)); c.incomingHWM.Update(curLen) { - // Monitor if this gets backed up, and how much. - klog.V(1).Infof("cacher (%v): %v objects queued in incoming channel.", c.groupResource.String(), curLen) - } - c.incoming <- *event -} - -func (c *Cacher) dispatchEvents() { - // Jitter to help level out any aggregate load. - bookmarkTimer := c.clock.NewTimer(wait.Jitter(time.Second, 0.25)) - defer bookmarkTimer.Stop() - - lastProcessedResourceVersion := uint64(0) - for { - select { - case event, ok := <-c.incoming: - if !ok { - return - } - // Don't dispatch bookmarks coming from the storage layer. - // They can be very frequent (even to the level of subseconds) - // to allow efficient watch resumption on kube-apiserver restarts, - // and propagating them down may overload the whole system. - // - // TODO: If at some point we decide the performance and scalability - // footprint is acceptable, this is the place to hook them in. - // However, we then need to check if this was called as a result - // of a bookmark event or regular Add/Update/Delete operation by - // checking if resourceVersion here has changed. - if event.Type != watch.Bookmark { - c.dispatchEvent(&event) - } - lastProcessedResourceVersion = event.ResourceVersion - metrics.EventsCounter.WithLabelValues(c.groupResource.String()).Inc() - case <-bookmarkTimer.C(): - bookmarkTimer.Reset(wait.Jitter(time.Second, 0.25)) - // Never send a bookmark event if we did not see an event here, this is fine - // because we don't provide any guarantees on sending bookmarks. - if lastProcessedResourceVersion == 0 { - // pop expired watchers in case there has been no update - c.bookmarkWatchers.popExpiredWatchers() - continue - } - bookmarkEvent := &watchCacheEvent{ - Type: watch.Bookmark, - Object: c.newFunc(), - ResourceVersion: lastProcessedResourceVersion, - } - if err := c.versioner.UpdateObject(bookmarkEvent.Object, bookmarkEvent.ResourceVersion); err != nil { - klog.Errorf("failure to set resourceVersion to %d on bookmark event %+v", bookmarkEvent.ResourceVersion, bookmarkEvent.Object) - continue - } - c.dispatchEvent(bookmarkEvent) - case <-c.stopCh: - return - } - } -} - -func setCachingObjects(event *watchCacheEvent, versioner storage.Versioner) { - switch event.Type { - case watch.Added, watch.Modified: - if object, err := newCachingObject(event.Object); err == nil { - event.Object = object - } else { - klog.Errorf("couldn't create cachingObject from: %#v", event.Object) - } - // Don't wrap PrevObject for update event (for create events it is nil). - // We only encode those to deliver DELETE watch events, so if - // event.Object is not nil it can be used only for watchers for which - // selector was satisfied for its previous version and is no longer - // satisfied for the current version. - // This is rare enough that it doesn't justify making deep-copy of the - // object (done by newCachingObject) every time. - case watch.Deleted: - // Don't wrap Object for delete events - these are not to deliver any - // events. Only wrap PrevObject. - if object, err := newCachingObject(event.PrevObject); err == nil { - // Update resource version of the object. - // event.PrevObject is used to deliver DELETE watch events and - // for them, we set resourceVersion to <current> instead of - // the resourceVersion of the last modification of the object. - updateResourceVersion(object, versioner, event.ResourceVersion) - event.PrevObject = object - } else { - klog.Errorf("couldn't create cachingObject from: %#v", event.Object) - } - } -} - -func (c *Cacher) dispatchEvent(event *watchCacheEvent) { - c.startDispatching(event) - defer c.finishDispatching() - // Watchers stopped after startDispatching will be delayed to finishDispatching, - - // Since add() can block, we explicitly add when cacher is unlocked. - // Dispatching event in nonblocking way first, which make faster watchers - // not be blocked by slower ones. - if event.Type == watch.Bookmark { - for _, watcher := range c.watchersBuffer { - watcher.nonblockingAdd(event) - } - } else { - // Set up caching of object serializations only for dispatching this event. - // - // Storing serializations in memory would result in increased memory usage, - // but it would help for caching encodings for watches started from old - // versions. However, we still don't have a convincing data that the gain - // from it justifies increased memory usage, so for now we drop the cached - // serializations after dispatching this event. - // - // Given that CachingObject is just wrapping the object and not perfoming - // deep-copying (until some field is explicitly being modified), we create - // it unconditionally to ensure safety and reduce deep-copying. - // - // Make a shallow copy to allow overwriting Object and PrevObject. - wcEvent := *event - setCachingObjects(&wcEvent, c.versioner) - event = &wcEvent - - c.blockedWatchers = c.blockedWatchers[:0] - for _, watcher := range c.watchersBuffer { - if !watcher.nonblockingAdd(event) { - c.blockedWatchers = append(c.blockedWatchers, watcher) - } - } - - if len(c.blockedWatchers) > 0 { - // dispatchEvent is called very often, so arrange - // to reuse timers instead of constantly allocating. - startTime := time.Now() - timeout := c.dispatchTimeoutBudget.takeAvailable() - c.timer.Reset(timeout) - - // Send event to all blocked watchers. As long as timer is running, - // `add` will wait for the watcher to unblock. After timeout, - // `add` will not wait, but immediately close a still blocked watcher. - // Hence, every watcher gets the chance to unblock itself while timer - // is running, not only the first ones in the list. - timer := c.timer - for _, watcher := range c.blockedWatchers { - if !watcher.add(event, timer) { - // fired, clean the timer by set it to nil. - timer = nil - } - } - - // Stop the timer if it is not fired - if timer != nil && !timer.Stop() { - // Consume triggered (but not yet received) timer event - // so that future reuse does not get a spurious timeout. - <-timer.C - } - - c.dispatchTimeoutBudget.returnUnused(timeout - time.Since(startTime)) - } - } -} - -func (c *Cacher) startDispatchingBookmarkEventsLocked() { - // Pop already expired watchers. However, explicitly ignore stopped ones, - // as we don't delete watcher from bookmarkWatchers when it is stopped. - for _, watchers := range c.bookmarkWatchers.popExpiredWatchers() { - for _, watcher := range watchers { - // c.Lock() is held here. - // watcher.stopThreadUnsafe() is protected by c.Lock() - if watcher.stopped { - continue - } - c.watchersBuffer = append(c.watchersBuffer, watcher) - c.expiredBookmarkWatchers = append(c.expiredBookmarkWatchers, watcher) - } - } -} - -// startDispatching chooses watchers potentially interested in a given event -// a marks dispatching as true. -func (c *Cacher) startDispatching(event *watchCacheEvent) { - // It is safe to call triggerValuesThreadUnsafe here, because at this - // point only this thread can access this event (we create a separate - // watchCacheEvent for every dispatch). - triggerValues, supported := c.triggerValuesThreadUnsafe(event) - - c.Lock() - defer c.Unlock() - - c.dispatching = true - // We are reusing the slice to avoid memory reallocations in every - // dispatchEvent() call. That may prevent Go GC from freeing items - // from previous phases that are sitting behind the current length - // of the slice, but there is only a limited number of those and the - // gain from avoiding memory allocations is much bigger. - c.watchersBuffer = c.watchersBuffer[:0] - - if event.Type == watch.Bookmark { - c.startDispatchingBookmarkEventsLocked() - // return here to reduce following code indentation and diff - return - } - - // Iterate over "allWatchers" no matter what the trigger function is. - for _, watcher := range c.watchers.allWatchers { - c.watchersBuffer = append(c.watchersBuffer, watcher) - } - if supported { - // Iterate over watchers interested in the given values of the trigger. - for _, triggerValue := range triggerValues { - for _, watcher := range c.watchers.valueWatchers[triggerValue] { - c.watchersBuffer = append(c.watchersBuffer, watcher) - } - } - } else { - // supported equal to false generally means that trigger function - // is not defined (or not aware of any indexes). In this case, - // watchers filters should generally also don't generate any - // trigger values, but can cause problems in case of some - // misconfiguration. Thus we paranoidly leave this branch. - - // Iterate over watchers interested in exact values for all values. - for _, watchers := range c.watchers.valueWatchers { - for _, watcher := range watchers { - c.watchersBuffer = append(c.watchersBuffer, watcher) - } - } - } -} - -// finishDispatching stops all the watchers that were supposed to be -// stopped in the meantime, but it was deferred to avoid closing input -// channels of watchers, as add() may still have writing to it. -// It also marks dispatching as false. -func (c *Cacher) finishDispatching() { - c.Lock() - defer c.Unlock() - c.dispatching = false - for _, watcher := range c.watchersToStop { - watcher.stopLocked() - } - c.watchersToStop = c.watchersToStop[:0] - - for _, watcher := range c.expiredBookmarkWatchers { - if watcher.stopped { - continue - } - // requeue the watcher for the next bookmark if needed. - c.bookmarkWatchers.addWatcher(watcher) - } - c.expiredBookmarkWatchers = c.expiredBookmarkWatchers[:0] -} - -func (c *Cacher) terminateAllWatchers() { - c.Lock() - defer c.Unlock() - c.watchers.terminateAll(c.groupResource, c.stopWatcherLocked) -} - -func (c *Cacher) stopWatcherLocked(watcher *cacheWatcher) { - if c.dispatching { - c.watchersToStop = append(c.watchersToStop, watcher) - } else { - watcher.stopLocked() - } -} - -func (c *Cacher) isStopped() bool { - c.stopLock.RLock() - defer c.stopLock.RUnlock() - return c.stopped -} - -// Stop implements the graceful termination. -func (c *Cacher) Stop() { - c.stopLock.Lock() - if c.stopped { - // avoid stopping twice (note: cachers are shared with subresources) - c.stopLock.Unlock() - return - } - c.stopped = true - c.ready.stop() - c.stopLock.Unlock() - close(c.stopCh) - c.stopWg.Wait() -} - -func forgetWatcher(c *Cacher, w *cacheWatcher, index int, triggerValue string, triggerSupported bool) func(bool) { - return func(drainWatcher bool) { - c.Lock() - defer c.Unlock() - - w.setDrainInputBufferLocked(drainWatcher) - - // It's possible that the watcher is already not in the structure (e.g. in case of - // simultaneous Stop() and terminateAllWatchers(), but it is safe to call stopLocked() - // on a watcher multiple times. - c.watchers.deleteWatcher(index, triggerValue, triggerSupported, c.stopWatcherLocked) - } -} - -func filterWithAttrsFunction(key string, p storage.SelectionPredicate) filterWithAttrsFunc { - filterFunc := func(objKey string, label labels.Set, field fields.Set) bool { - if !hasPathPrefix(objKey, key) { - return false - } - return p.MatchesObjectAttributes(label, field) - } - return filterFunc -} - -// LastSyncResourceVersion returns resource version to which the underlying cache is synced. -func (c *Cacher) LastSyncResourceVersion() (uint64, error) { - if err := c.ready.wait(); err != nil { - return 0, errors.NewServiceUnavailable(err.Error()) - } - - resourceVersion := c.reflector.LastSyncResourceVersion() - return c.versioner.ParseResourceVersion(resourceVersion) -} - -// cacherListerWatcher opaques storage.Interface to expose cache.ListerWatcher. -type cacherListerWatcher struct { - storage storage.Interface - resourcePrefix string - newListFunc func() runtime.Object -} - -// NewCacherListerWatcher returns a storage.Interface backed ListerWatcher. -func NewCacherListerWatcher(storage storage.Interface, resourcePrefix string, newListFunc func() runtime.Object) cache.ListerWatcher { - return &cacherListerWatcher{ - storage: storage, - resourcePrefix: resourcePrefix, - newListFunc: newListFunc, - } -} - -// Implements cache.ListerWatcher interface. -func (lw *cacherListerWatcher) List(options metav1.ListOptions) (runtime.Object, error) { - list := lw.newListFunc() - pred := storage.SelectionPredicate{ - Label: labels.Everything(), - Field: fields.Everything(), - Limit: options.Limit, - Continue: options.Continue, - } - - storageOpts := storage.ListOptions{ - ResourceVersionMatch: options.ResourceVersionMatch, - Predicate: pred, - Recursive: true, - } - if err := lw.storage.GetList(context.TODO(), lw.resourcePrefix, storageOpts, list); err != nil { - return nil, err - } - return list, nil -} - -// Implements cache.ListerWatcher interface. -func (lw *cacherListerWatcher) Watch(options metav1.ListOptions) (watch.Interface, error) { - opts := storage.ListOptions{ - ResourceVersion: options.ResourceVersion, - Predicate: storage.Everything, - Recursive: true, - ProgressNotify: true, - } - return lw.storage.Watch(context.TODO(), lw.resourcePrefix, opts) -} - -// errWatcher implements watch.Interface to return a single error -type errWatcher struct { - result chan watch.Event -} - -func newErrWatcher(err error) *errWatcher { - // Create an error event - errEvent := watch.Event{Type: watch.Error} - switch err := err.(type) { - case runtime.Object: - errEvent.Object = err - case *errors.StatusError: - errEvent.Object = &err.ErrStatus - default: - errEvent.Object = &metav1.Status{ - Status: metav1.StatusFailure, - Message: err.Error(), - Reason: metav1.StatusReasonInternalError, - Code: http.StatusInternalServerError, - } - } - - // Create a watcher with room for a single event, populate it, and close the channel - watcher := &errWatcher{result: make(chan watch.Event, 1)} - watcher.result <- errEvent - close(watcher.result) - - return watcher -} - -// Implements watch.Interface. -func (c *errWatcher) ResultChan() <-chan watch.Event { - return c.result -} - -// Implements watch.Interface. -func (c *errWatcher) Stop() { - // no-op -} - -// cacheWatcher implements watch.Interface -// this is not thread-safe -type cacheWatcher struct { - input chan *watchCacheEvent - result chan watch.Event - done chan struct{} - filter filterWithAttrsFunc - stopped bool - forget func(bool) - versioner storage.Versioner - // The watcher will be closed by server after the deadline, - // save it here to send bookmark events before that. - deadline time.Time - allowWatchBookmarks bool - groupResource schema.GroupResource - - // human readable identifier that helps assigning cacheWatcher - // instance with request - identifier string - - // drainInputBuffer indicates whether we should delay closing this watcher - // and send all event in the input buffer. - drainInputBuffer bool -} - -func newCacheWatcher( - chanSize int, - filter filterWithAttrsFunc, - forget func(bool), - versioner storage.Versioner, - deadline time.Time, - allowWatchBookmarks bool, - groupResource schema.GroupResource, - identifier string, -) *cacheWatcher { - return &cacheWatcher{ - input: make(chan *watchCacheEvent, chanSize), - result: make(chan watch.Event, chanSize), - done: make(chan struct{}), - filter: filter, - stopped: false, - forget: forget, - versioner: versioner, - deadline: deadline, - allowWatchBookmarks: allowWatchBookmarks, - groupResource: groupResource, - identifier: identifier, - } -} - -// Implements watch.Interface. -func (c *cacheWatcher) ResultChan() <-chan watch.Event { - return c.result -} - -// Implements watch.Interface. -func (c *cacheWatcher) Stop() { - c.forget(false) -} - -// we rely on the fact that stopLocked is actually protected by Cacher.Lock() -func (c *cacheWatcher) stopLocked() { - if !c.stopped { - c.stopped = true - // stop without draining the input channel was requested. - if !c.drainInputBuffer { - close(c.done) - } - close(c.input) - } - - // Even if the watcher was already stopped, if it previously was - // using draining mode and it's not using it now we need to - // close the done channel now. Otherwise we could leak the - // processing goroutine if it will be trying to put more objects - // into result channel, the channel will be full and there will - // already be noone on the processing the events on the receiving end. - if !c.drainInputBuffer && !c.isDoneChannelClosedLocked() { - close(c.done) - } -} - -func (c *cacheWatcher) nonblockingAdd(event *watchCacheEvent) bool { - select { - case c.input <- event: - return true - default: - return false - } -} - -// Nil timer means that add will not block (if it can't send event immediately, it will break the watcher) -func (c *cacheWatcher) add(event *watchCacheEvent, timer *time.Timer) bool { - // Try to send the event immediately, without blocking. - if c.nonblockingAdd(event) { - return true - } - - closeFunc := func() { - // This means that we couldn't send event to that watcher. - // Since we don't want to block on it infinitely, - // we simply terminate it. - klog.V(1).Infof("Forcing %v watcher close due to unresponsiveness: %v. len(c.input) = %v, len(c.result) = %v", c.groupResource.String(), c.identifier, len(c.input), len(c.result)) - metrics.TerminatedWatchersCounter.WithLabelValues(c.groupResource.String()).Inc() - c.forget(false) - } - - if timer == nil { - closeFunc() - return false - } - - // OK, block sending, but only until timer fires. - select { - case c.input <- event: - return true - case <-timer.C: - closeFunc() - return false - } -} - -func (c *cacheWatcher) nextBookmarkTime(now time.Time, bookmarkFrequency time.Duration) (time.Time, bool) { - // We try to send bookmarks: - // - // (a) right before the watcher timeout - for now we simply set it 2s before - // the deadline - // - // (b) roughly every minute - // - // (b) gives us periodicity if the watch breaks due to unexpected - // conditions, (a) ensures that on timeout the watcher is as close to - // now as possible - this covers 99% of cases. - - heartbeatTime := now.Add(bookmarkFrequency) - if c.deadline.IsZero() { - // Timeout is set by our client libraries (e.g. reflector) as well as defaulted by - // apiserver if properly configured. So this shoudln't happen in practice. - return heartbeatTime, true - } - if pretimeoutTime := c.deadline.Add(-2 * time.Second); pretimeoutTime.Before(heartbeatTime) { - heartbeatTime = pretimeoutTime - } - - if heartbeatTime.Before(now) { - return time.Time{}, false - } - return heartbeatTime, true -} - -// setDrainInputBufferLocked if set to true indicates that we should delay closing this watcher -// until we send all events residing in the input buffer. -func (c *cacheWatcher) setDrainInputBufferLocked(drain bool) { - c.drainInputBuffer = drain -} - -// isDoneChannelClosed checks if c.done channel is closed -func (c *cacheWatcher) isDoneChannelClosedLocked() bool { - select { - case <-c.done: - return true - default: - } - return false -} - -func getMutableObject(object runtime.Object) runtime.Object { - if _, ok := object.(*cachingObject); ok { - // It is safe to return without deep-copy, because the underlying - // object will lazily perform deep-copy on the first try to change - // any of its fields. - return object - } - return object.DeepCopyObject() -} - -func updateResourceVersion(object runtime.Object, versioner storage.Versioner, resourceVersion uint64) { - if err := versioner.UpdateObject(object, resourceVersion); err != nil { - utilruntime.HandleError(fmt.Errorf("failure to version api object (%d) %#v: %v", resourceVersion, object, err)) - } -} - -func (c *cacheWatcher) convertToWatchEvent(event *watchCacheEvent) *watch.Event { - if event.Type == watch.Bookmark { - return &watch.Event{Type: watch.Bookmark, Object: event.Object.DeepCopyObject()} - } - - curObjPasses := event.Type != watch.Deleted && c.filter(event.Key, event.ObjLabels, event.ObjFields) - oldObjPasses := false - if event.PrevObject != nil { - oldObjPasses = c.filter(event.Key, event.PrevObjLabels, event.PrevObjFields) - } - if !curObjPasses && !oldObjPasses { - // Watcher is not interested in that object. - return nil - } - - switch { - case curObjPasses && !oldObjPasses: - return &watch.Event{Type: watch.Added, Object: getMutableObject(event.Object)} - case curObjPasses && oldObjPasses: - return &watch.Event{Type: watch.Modified, Object: getMutableObject(event.Object)} - case !curObjPasses && oldObjPasses: - // return a delete event with the previous object content, but with the event's resource version - oldObj := getMutableObject(event.PrevObject) - // We know that if oldObj is cachingObject (which can only be set via - // setCachingObjects), its resourceVersion is already set correctly and - // we don't need to update it. However, since cachingObject efficiently - // handles noop updates, we avoid this microoptimization here. - updateResourceVersion(oldObj, c.versioner, event.ResourceVersion) - return &watch.Event{Type: watch.Deleted, Object: oldObj} - } - - return nil -} - -// NOTE: sendWatchCacheEvent is assumed to not modify <event> !!! -func (c *cacheWatcher) sendWatchCacheEvent(event *watchCacheEvent) { - watchEvent := c.convertToWatchEvent(event) - if watchEvent == nil { - // Watcher is not interested in that object. - return - } - - // We need to ensure that if we put event X to the c.result, all - // previous events were already put into it before, no matter whether - // c.done is close or not. - // Thus we cannot simply select from c.done and c.result and this - // would give us non-determinism. - // At the same time, we don't want to block infinitely on putting - // to c.result, when c.done is already closed. - // - // This ensures that with c.done already close, we at most once go - // into the next select after this. With that, no matter which - // statement we choose there, we will deliver only consecutive - // events. - select { - case <-c.done: - return - default: - } - - select { - case c.result <- *watchEvent: - case <-c.done: - } -} - -func (c *cacheWatcher) processInterval(ctx context.Context, cacheInterval *watchCacheInterval, resourceVersion uint64) { - defer utilruntime.HandleCrash() - defer close(c.result) - defer c.Stop() - - // Check how long we are processing initEvents. - // As long as these are not processed, we are not processing - // any incoming events, so if it takes long, we may actually - // block all watchers for some time. - // TODO: From the logs it seems that there happens processing - // times even up to 1s which is very long. However, this doesn't - // depend that much on the number of initEvents. E.g. from the - // 2000-node Kubemark run we have logs like this, e.g.: - // ... processing 13862 initEvents took 66.808689ms - // ... processing 14040 initEvents took 993.532539ms - // We should understand what is blocking us in those cases (e.g. - // is it lack of CPU, network, or sth else) and potentially - // consider increase size of result buffer in those cases. - const initProcessThreshold = 500 * time.Millisecond - startTime := time.Now() - - initEventCount := 0 - for { - event, err := cacheInterval.Next() - if err != nil { - // An error indicates that the cache interval - // has been invalidated and can no longer serve - // events. - // - // Initially we considered sending an "out-of-history" - // Error event in this case, but because historically - // such events weren't sent out of the watchCache, we - // decided not to. This is still ok, because on watch - // closure, the watcher will try to re-instantiate the - // watch and then will get an explicit "out-of-history" - // window. There is potential for optimization, but for - // now, in order to be on the safe side and not break - // custom clients, the cost of it is something that we - // are fully accepting. - klog.Warningf("couldn't retrieve watch event to serve: %#v", err) - return - } - if event == nil { - break - } - c.sendWatchCacheEvent(event) - // With some events already sent, update resourceVersion so that - // events that were buffered and not yet processed won't be delivered - // to this watcher second time causing going back in time. - resourceVersion = event.ResourceVersion - initEventCount++ - } - - if initEventCount > 0 { - metrics.InitCounter.WithLabelValues(c.groupResource.String()).Add(float64(initEventCount)) - } - processingTime := time.Since(startTime) - if processingTime > initProcessThreshold { - klog.V(2).Infof("processing %d initEvents of %s (%s) took %v", initEventCount, c.groupResource, c.identifier, processingTime) - } - - c.process(ctx, resourceVersion) -} - -func (c *cacheWatcher) process(ctx context.Context, resourceVersion uint64) { - // At this point we already start processing incoming watch events. - // However, the init event can still be processed because their serialization - // and sending to the client happens asynchrnously. - // TODO: As describe in the KEP, we would like to estimate that by delaying - // the initialization signal proportionally to the number of events to - // process, but we're leaving this to the tuning phase. - utilflowcontrol.WatchInitialized(ctx) - - for { - select { - case event, ok := <-c.input: - if !ok { - return - } - // only send events newer than resourceVersion - if event.ResourceVersion > resourceVersion { - c.sendWatchCacheEvent(event) - } - case <-ctx.Done(): - return - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/caching_object.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/caching_object.go deleted file mode 100644 index 258efed842..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/caching_object.go +++ /dev/null @@ -1,408 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cacher - -import ( - "bytes" - "fmt" - "io" - "reflect" - "runtime/debug" - "sync" - "sync/atomic" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/klog/v2" -) - -var _ runtime.CacheableObject = &cachingObject{} - -// metaRuntimeInterface implements runtime.Object and -// metav1.Object interfaces. -type metaRuntimeInterface interface { - runtime.Object - metav1.Object -} - -// serializationResult captures a result of serialization. -type serializationResult struct { - // once should be used to ensure serialization is computed once. - once sync.Once - - // raw is serialized object. - raw []byte - // err is error from serialization. - err error -} - -// serializationsCache is a type for caching serialization results. -type serializationsCache map[runtime.Identifier]*serializationResult - -// cachingObject is an object that is able to cache its serializations -// so that each of those is computed exactly once. -// -// cachingObject implements the metav1.Object interface (accessors for -// all metadata fields). -type cachingObject struct { - lock sync.RWMutex - - // deepCopied defines whether the object below has already been - // deep copied. The operation is performed lazily on the first - // setXxx operation. - // - // The lazy deep-copy make is useful, as effectively the only - // case when we are setting some fields are ResourceVersion for - // DELETE events, so in all other cases we can effectively avoid - // performing any deep copies. - deepCopied bool - - // Object for which serializations are cached. - object metaRuntimeInterface - - // serializations is a cache containing object`s serializations. - // The value stored in atomic.Value is of type serializationsCache. - // The atomic.Value type is used to allow fast-path. - serializations atomic.Value -} - -// newCachingObject performs a deep copy of the given object and wraps it -// into a cachingObject. -// An error is returned if it's not possible to cast the object to -// metav1.Object type. -func newCachingObject(object runtime.Object) (*cachingObject, error) { - if obj, ok := object.(metaRuntimeInterface); ok { - result := &cachingObject{ - object: obj, - deepCopied: false, - } - result.serializations.Store(make(serializationsCache)) - return result, nil - } - return nil, fmt.Errorf("can't cast object to metav1.Object: %#v", object) -} - -func (o *cachingObject) getSerializationResult(id runtime.Identifier) *serializationResult { - // Fast-path for getting from cache. - serializations := o.serializations.Load().(serializationsCache) - if result, exists := serializations[id]; exists { - return result - } - - // Slow-path (that may require insert). - o.lock.Lock() - defer o.lock.Unlock() - - serializations = o.serializations.Load().(serializationsCache) - // Check if in the meantime it wasn't inserted. - if result, exists := serializations[id]; exists { - return result - } - - // Insert an entry for <id>. This requires copy of existing map. - newSerializations := make(serializationsCache) - for k, v := range serializations { - newSerializations[k] = v - } - result := &serializationResult{} - newSerializations[id] = result - o.serializations.Store(newSerializations) - return result -} - -// CacheEncode implements runtime.CacheableObject interface. -// It serializes the object and writes the result to given io.Writer trying -// to first use the already cached result and falls back to a given encode -// function in case of cache miss. -// It assumes that for a given identifier, the encode function always encodes -// each input object into the same output format. -func (o *cachingObject) CacheEncode(id runtime.Identifier, encode func(runtime.Object, io.Writer) error, w io.Writer) error { - result := o.getSerializationResult(id) - result.once.Do(func() { - buffer := bytes.NewBuffer(nil) - // TODO(wojtek-t): This is currently making a copy to avoid races - // in cases where encoding is making subtle object modifications, - // e.g. #82497 - // Figure out if we can somehow avoid this under some conditions. - result.err = encode(o.GetObject(), buffer) - result.raw = buffer.Bytes() - }) - // Once invoked, fields of serialization will not change. - if result.err != nil { - return result.err - } - _, err := w.Write(result.raw) - return err -} - -// GetObject implements runtime.CacheableObject interface. -// It returns deep-copy of the wrapped object to return ownership of it -// to the called according to the contract of the interface. -func (o *cachingObject) GetObject() runtime.Object { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.DeepCopyObject().(metaRuntimeInterface) -} - -// GetObjectKind implements runtime.Object interface. -func (o *cachingObject) GetObjectKind() schema.ObjectKind { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetObjectKind() -} - -// DeepCopyObject implements runtime.Object interface. -func (o *cachingObject) DeepCopyObject() runtime.Object { - // DeepCopyObject on cachingObject is not expected to be called anywhere. - // However, to be on the safe-side, we implement it, though given the - // cache is only an optimization we ignore copying it. - result := &cachingObject{ - deepCopied: true, - } - result.serializations.Store(make(serializationsCache)) - - o.lock.RLock() - defer o.lock.RUnlock() - result.object = o.object.DeepCopyObject().(metaRuntimeInterface) - return result -} - -var ( - invalidationCacheTimestampLock sync.Mutex - invalidationCacheTimestamp time.Time -) - -// shouldLogCacheInvalidation allows for logging cache-invalidation -// at most once per second (to avoid spamming logs in case of issues). -func shouldLogCacheInvalidation(now time.Time) bool { - invalidationCacheTimestampLock.Lock() - defer invalidationCacheTimestampLock.Unlock() - if invalidationCacheTimestamp.Add(time.Second).Before(now) { - invalidationCacheTimestamp = now - return true - } - return false -} - -func (o *cachingObject) invalidateCacheLocked() { - if cache, ok := o.serializations.Load().(serializationsCache); ok && len(cache) == 0 { - return - } - // We don't expect cache invalidation to happen - so we want - // to log the stacktrace to allow debugging if that will happen. - // OTOH, we don't want to spam logs with it. - // So we try to log it at most once per second. - if shouldLogCacheInvalidation(time.Now()) { - klog.Warningf("Unexpected cache invalidation for %#v\n%s", o.object, string(debug.Stack())) - } - o.serializations.Store(make(serializationsCache)) -} - -// The following functions implement metav1.Object interface: -// - getters simply delegate for the underlying object -// - setters check if operations isn't noop and if so, -// invalidate the cache and delegate for the underlying object - -func (o *cachingObject) conditionalSet(isNoop func() bool, set func()) { - if fastPath := func() bool { - o.lock.RLock() - defer o.lock.RUnlock() - return isNoop() - }(); fastPath { - return - } - o.lock.Lock() - defer o.lock.Unlock() - if isNoop() { - return - } - if !o.deepCopied { - o.object = o.object.DeepCopyObject().(metaRuntimeInterface) - o.deepCopied = true - } - o.invalidateCacheLocked() - set() -} - -func (o *cachingObject) GetNamespace() string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetNamespace() -} -func (o *cachingObject) SetNamespace(namespace string) { - o.conditionalSet( - func() bool { return o.object.GetNamespace() == namespace }, - func() { o.object.SetNamespace(namespace) }, - ) -} -func (o *cachingObject) GetName() string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetName() -} -func (o *cachingObject) SetName(name string) { - o.conditionalSet( - func() bool { return o.object.GetName() == name }, - func() { o.object.SetName(name) }, - ) -} -func (o *cachingObject) GetGenerateName() string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetGenerateName() -} -func (o *cachingObject) SetGenerateName(name string) { - o.conditionalSet( - func() bool { return o.object.GetGenerateName() == name }, - func() { o.object.SetGenerateName(name) }, - ) -} -func (o *cachingObject) GetUID() types.UID { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetUID() -} -func (o *cachingObject) SetUID(uid types.UID) { - o.conditionalSet( - func() bool { return o.object.GetUID() == uid }, - func() { o.object.SetUID(uid) }, - ) -} -func (o *cachingObject) GetResourceVersion() string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetResourceVersion() -} -func (o *cachingObject) SetResourceVersion(version string) { - o.conditionalSet( - func() bool { return o.object.GetResourceVersion() == version }, - func() { o.object.SetResourceVersion(version) }, - ) -} -func (o *cachingObject) GetGeneration() int64 { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetGeneration() -} -func (o *cachingObject) SetGeneration(generation int64) { - o.conditionalSet( - func() bool { return o.object.GetGeneration() == generation }, - func() { o.object.SetGeneration(generation) }, - ) -} -func (o *cachingObject) GetSelfLink() string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetSelfLink() -} -func (o *cachingObject) SetSelfLink(selfLink string) { - o.conditionalSet( - func() bool { return o.object.GetSelfLink() == selfLink }, - func() { o.object.SetSelfLink(selfLink) }, - ) -} -func (o *cachingObject) GetCreationTimestamp() metav1.Time { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetCreationTimestamp() -} -func (o *cachingObject) SetCreationTimestamp(timestamp metav1.Time) { - o.conditionalSet( - func() bool { return o.object.GetCreationTimestamp() == timestamp }, - func() { o.object.SetCreationTimestamp(timestamp) }, - ) -} -func (o *cachingObject) GetDeletionTimestamp() *metav1.Time { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetDeletionTimestamp() -} -func (o *cachingObject) SetDeletionTimestamp(timestamp *metav1.Time) { - o.conditionalSet( - func() bool { return o.object.GetDeletionTimestamp() == timestamp }, - func() { o.object.SetDeletionTimestamp(timestamp) }, - ) -} -func (o *cachingObject) GetDeletionGracePeriodSeconds() *int64 { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetDeletionGracePeriodSeconds() -} -func (o *cachingObject) SetDeletionGracePeriodSeconds(gracePeriodSeconds *int64) { - o.conditionalSet( - func() bool { return o.object.GetDeletionGracePeriodSeconds() == gracePeriodSeconds }, - func() { o.object.SetDeletionGracePeriodSeconds(gracePeriodSeconds) }, - ) -} -func (o *cachingObject) GetLabels() map[string]string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetLabels() -} -func (o *cachingObject) SetLabels(labels map[string]string) { - o.conditionalSet( - func() bool { return reflect.DeepEqual(o.object.GetLabels(), labels) }, - func() { o.object.SetLabels(labels) }, - ) -} -func (o *cachingObject) GetAnnotations() map[string]string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetAnnotations() -} -func (o *cachingObject) SetAnnotations(annotations map[string]string) { - o.conditionalSet( - func() bool { return reflect.DeepEqual(o.object.GetAnnotations(), annotations) }, - func() { o.object.SetAnnotations(annotations) }, - ) -} -func (o *cachingObject) GetFinalizers() []string { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetFinalizers() -} -func (o *cachingObject) SetFinalizers(finalizers []string) { - o.conditionalSet( - func() bool { return reflect.DeepEqual(o.object.GetFinalizers(), finalizers) }, - func() { o.object.SetFinalizers(finalizers) }, - ) -} -func (o *cachingObject) GetOwnerReferences() []metav1.OwnerReference { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetOwnerReferences() -} -func (o *cachingObject) SetOwnerReferences(references []metav1.OwnerReference) { - o.conditionalSet( - func() bool { return reflect.DeepEqual(o.object.GetOwnerReferences(), references) }, - func() { o.object.SetOwnerReferences(references) }, - ) -} -func (o *cachingObject) GetManagedFields() []metav1.ManagedFieldsEntry { - o.lock.RLock() - defer o.lock.RUnlock() - return o.object.GetManagedFields() -} -func (o *cachingObject) SetManagedFields(managedFields []metav1.ManagedFieldsEntry) { - o.conditionalSet( - func() bool { return reflect.DeepEqual(o.object.GetManagedFields(), managedFields) }, - func() { o.object.SetManagedFields(managedFields) }, - ) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/metrics/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/metrics/OWNERS deleted file mode 100644 index b26e7a4dc7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/metrics/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-instrumentation-approvers -reviewers: - - sig-instrumentation-reviewers -labels: - - sig/instrumentation diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/metrics/metrics.go deleted file mode 100644 index ffebf5e5b4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/metrics/metrics.go +++ /dev/null @@ -1,174 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "sync" - - compbasemetrics "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const ( - namespace = "apiserver" - subsystem = "watch_cache" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -var ( - listCacheCount = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Name: "cache_list_total", - Help: "Number of LIST requests served from watch cache", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource_prefix", "index"}, - ) - listCacheNumFetched = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Name: "cache_list_fetched_objects_total", - Help: "Number of objects read from watch cache in the course of serving a LIST request", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource_prefix", "index"}, - ) - listCacheNumReturned = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Name: "cache_list_returned_objects_total", - Help: "Number of objects returned for a LIST request from watch cache", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource_prefix"}, - ) - InitCounter = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Name: "init_events_total", - Help: "Counter of init events processed in watch cache broken by resource type.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - - EventsCounter = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "events_dispatched_total", - Help: "Counter of events dispatched in watch cache broken by resource type.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - - TerminatedWatchersCounter = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Name: "terminated_watchers_total", - Help: "Counter of watchers closed due to unresponsiveness broken by resource type.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - - watchCacheCapacityIncreaseTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: subsystem, - Name: "capacity_increase_total", - Help: "Total number of watch cache capacity increase events broken by resource type.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - - watchCacheCapacityDecreaseTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Subsystem: subsystem, - Name: "capacity_decrease_total", - Help: "Total number of watch cache capacity decrease events broken by resource type.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - - WatchCacheCapacity = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Subsystem: subsystem, - Name: "capacity", - Help: "Total capacity of watch cache broken by resource type.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - - WatchCacheInitializations = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "initializations_total", - Help: "Counter of watch cache initializations broken by resource type.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) -) - -var registerMetrics sync.Once - -// Register all metrics. -func Register() { - // Register the metrics. - registerMetrics.Do(func() { - legacyregistry.MustRegister(listCacheCount) - legacyregistry.MustRegister(listCacheNumFetched) - legacyregistry.MustRegister(listCacheNumReturned) - legacyregistry.MustRegister(InitCounter) - legacyregistry.MustRegister(EventsCounter) - legacyregistry.MustRegister(TerminatedWatchersCounter) - legacyregistry.MustRegister(watchCacheCapacityIncreaseTotal) - legacyregistry.MustRegister(watchCacheCapacityDecreaseTotal) - legacyregistry.MustRegister(WatchCacheCapacity) - legacyregistry.MustRegister(WatchCacheInitializations) - }) -} - -// RecordListCacheMetrics notes various metrics of the cost to serve a LIST request -func RecordListCacheMetrics(resourcePrefix, indexName string, numFetched, numReturned int) { - listCacheCount.WithLabelValues(resourcePrefix, indexName).Inc() - listCacheNumFetched.WithLabelValues(resourcePrefix, indexName).Add(float64(numFetched)) - listCacheNumReturned.WithLabelValues(resourcePrefix).Add(float64(numReturned)) -} - -// RecordsWatchCacheCapacityChange record watchCache capacity resize(increase or decrease) operations. -func RecordsWatchCacheCapacityChange(objType string, old, new int) { - WatchCacheCapacity.WithLabelValues(objType).Set(float64(new)) - if old < new { - WatchCacheCapacity.WithLabelValues(objType).Inc() - return - } - watchCacheCapacityDecreaseTotal.WithLabelValues(objType).Inc() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go deleted file mode 100644 index 8278dd2b2f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/ready.go +++ /dev/null @@ -1,96 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cacher - -import ( - "fmt" - "sync" -) - -type status int - -const ( - Pending status = iota - Ready - Stopped -) - -// ready is a three state condition variable that blocks until is Ready if is not Stopped. -// Its initial state is Pending. -type ready struct { - state status - c *sync.Cond -} - -func newReady() *ready { - return &ready{ - c: sync.NewCond(&sync.RWMutex{}), - state: Pending, - } -} - -// wait blocks until it is Ready or Stopped, it returns an error if is Stopped. -func (r *ready) wait() error { - r.c.L.Lock() - defer r.c.L.Unlock() - for r.state == Pending { - r.c.Wait() - } - switch r.state { - case Ready: - return nil - case Stopped: - return fmt.Errorf("apiserver cacher is stopped") - default: - return fmt.Errorf("unexpected apiserver cache state: %v", r.state) - } -} - -// check returns true only if it is Ready. -func (r *ready) check() bool { - // TODO: Make check() function more sophisticated, in particular - // allow it to behave as "waitWithTimeout". - rwMutex := r.c.L.(*sync.RWMutex) - rwMutex.RLock() - defer rwMutex.RUnlock() - return r.state == Ready -} - -// set the state to Pending (false) or Ready (true), it does not have effect if the state is Stopped. -func (r *ready) set(ok bool) { - r.c.L.Lock() - defer r.c.L.Unlock() - if r.state == Stopped { - return - } - if ok { - r.state = Ready - } else { - r.state = Pending - } - r.c.Broadcast() -} - -// stop the condition variable and set it as Stopped. This state is irreversible. -func (r *ready) stop() { - r.c.L.Lock() - defer r.c.L.Unlock() - if r.state != Stopped { - r.state = Stopped - r.c.Broadcast() - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/time_budget.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/time_budget.go deleted file mode 100644 index 636c6ef8d6..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/time_budget.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cacher - -import ( - "sync" - "time" - - "k8s.io/utils/clock" -) - -const ( - refreshPerSecond = 50 * time.Millisecond - maxBudget = 100 * time.Millisecond -) - -// timeBudget implements a budget of time that you can use and is -// periodically being refreshed. The pattern to use it is: -// -// budget := newTimeBudget(...) -// ... -// timeout := budget.takeAvailable() -// // Now you can spend at most timeout on doing stuff -// ... -// // If you didn't use all timeout, return what you didn't use -// budget.returnUnused(<unused part of timeout>) -// -// NOTE: It's not recommended to be used concurrently from multiple threads - -// if first user takes the whole timeout, the second one will get 0 timeout -// even though the first one may return something later. -type timeBudget interface { - takeAvailable() time.Duration - returnUnused(unused time.Duration) -} - -type timeBudgetImpl struct { - sync.Mutex - clock clock.Clock - budget time.Duration - maxBudget time.Duration - refresh time.Duration - // last store last access time - last time.Time -} - -func newTimeBudget() timeBudget { - result := &timeBudgetImpl{ - clock: clock.RealClock{}, - budget: time.Duration(0), - refresh: refreshPerSecond, - maxBudget: maxBudget, - } - result.last = result.clock.Now() - return result -} - -func (t *timeBudgetImpl) takeAvailable() time.Duration { - t.Lock() - defer t.Unlock() - // budget accumulated since last access - now := t.clock.Now() - acc := now.Sub(t.last).Seconds() * t.refresh.Seconds() - if acc < 0 { - acc = 0 - } - // update current budget and store the current time - if t.budget = t.budget + time.Duration(acc*1e9); t.budget > t.maxBudget { - t.budget = t.maxBudget - } - t.last = now - result := t.budget - t.budget = time.Duration(0) - return result -} - -func (t *timeBudgetImpl) returnUnused(unused time.Duration) { - t.Lock() - defer t.Unlock() - if unused < 0 { - // We used more than allowed. - return - } - // add the unused time directly to the budget - // takeAvailable() will take into account the elapsed time - if t.budget = t.budget + unused; t.budget > t.maxBudget { - t.budget = t.maxBudget - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/util.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/util.go deleted file mode 100644 index 7943a93dca..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/util.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cacher - -import ( - "strings" -) - -// hasPathPrefix returns true if the string matches pathPrefix exactly, or if is prefixed with pathPrefix at a path segment boundary -func hasPathPrefix(s, pathPrefix string) bool { - // Short circuit if s doesn't contain the prefix at all - if !strings.HasPrefix(s, pathPrefix) { - return false - } - - pathPrefixLength := len(pathPrefix) - - if len(s) == pathPrefixLength { - // Exact match - return true - } - if strings.HasSuffix(pathPrefix, "/") { - // pathPrefix already ensured a path segment boundary - return true - } - if s[pathPrefixLength:pathPrefixLength+1] == "/" { - // The next character in s is a path segment boundary - // Check this instead of normalizing pathPrefix to avoid allocating on every call - return true - } - return false -} - -func max(a, b int) int { - if a > b { - return a - } - return b -} - -func min(a, b int) int { - if a < b { - return a - } - return b -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache.go deleted file mode 100644 index bbbeee361f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache.go +++ /dev/null @@ -1,688 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cacher - -import ( - "context" - "fmt" - "math" - "sort" - "sync" - "time" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/cacher/metrics" - "k8s.io/client-go/tools/cache" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -const ( - // blockTimeout determines how long we're willing to block the request - // to wait for a given resource version to be propagated to cache, - // before terminating request and returning Timeout error with retry - // after suggestion. - blockTimeout = 3 * time.Second - - // resourceVersionTooHighRetrySeconds is the seconds before a operation should be retried by the client - // after receiving a 'too high resource version' error. - resourceVersionTooHighRetrySeconds = 1 - - // eventFreshDuration is time duration of events we want to keep. - // We set it to `defaultBookmarkFrequency` plus epsilon to maximize - // chances that last bookmark was sent within kept history, at the - // same time, minimizing the needed memory usage. - eventFreshDuration = 75 * time.Second - - // defaultLowerBoundCapacity is a default value for event cache capacity's lower bound. - // TODO: Figure out, to what value we can decreased it. - defaultLowerBoundCapacity = 100 - - // defaultUpperBoundCapacity should be able to keep eventFreshDuration of history. - defaultUpperBoundCapacity = 100 * 1024 -) - -// watchCacheEvent is a single "watch event" that is send to users of -// watchCache. Additionally to a typical "watch.Event" it contains -// the previous value of the object to enable proper filtering in the -// upper layers. -type watchCacheEvent struct { - Type watch.EventType - Object runtime.Object - ObjLabels labels.Set - ObjFields fields.Set - PrevObject runtime.Object - PrevObjLabels labels.Set - PrevObjFields fields.Set - Key string - ResourceVersion uint64 - RecordTime time.Time -} - -// Computing a key of an object is generally non-trivial (it performs -// e.g. validation underneath). Similarly computing object fields and -// labels. To avoid computing them multiple times (to serve the event -// in different List/Watch requests), in the underlying store we are -// keeping structs (key, object, labels, fields). -type storeElement struct { - Key string - Object runtime.Object - Labels labels.Set - Fields fields.Set -} - -func storeElementKey(obj interface{}) (string, error) { - elem, ok := obj.(*storeElement) - if !ok { - return "", fmt.Errorf("not a storeElement: %v", obj) - } - return elem.Key, nil -} - -func storeElementObject(obj interface{}) (runtime.Object, error) { - elem, ok := obj.(*storeElement) - if !ok { - return nil, fmt.Errorf("not a storeElement: %v", obj) - } - return elem.Object, nil -} - -func storeElementIndexFunc(objIndexFunc cache.IndexFunc) cache.IndexFunc { - return func(obj interface{}) (strings []string, e error) { - seo, err := storeElementObject(obj) - if err != nil { - return nil, err - } - return objIndexFunc(seo) - } -} - -func storeElementIndexers(indexers *cache.Indexers) cache.Indexers { - if indexers == nil { - return cache.Indexers{} - } - ret := cache.Indexers{} - for indexName, indexFunc := range *indexers { - ret[indexName] = storeElementIndexFunc(indexFunc) - } - return ret -} - -// watchCache implements a Store interface. -// However, it depends on the elements implementing runtime.Object interface. -// -// watchCache is a "sliding window" (with a limited capacity) of objects -// observed from a watch. -type watchCache struct { - sync.RWMutex - - // Condition on which lists are waiting for the fresh enough - // resource version. - cond *sync.Cond - - // Maximum size of history window. - capacity int - - // upper bound of capacity since event cache has a dynamic size. - upperBoundCapacity int - - // lower bound of capacity since event cache has a dynamic size. - lowerBoundCapacity int - - // keyFunc is used to get a key in the underlying storage for a given object. - keyFunc func(runtime.Object) (string, error) - - // getAttrsFunc is used to get labels and fields of an object. - getAttrsFunc func(runtime.Object) (labels.Set, fields.Set, error) - - // cache is used a cyclic buffer - its first element (with the smallest - // resourceVersion) is defined by startIndex, its last element is defined - // by endIndex (if cache is full it will be startIndex + capacity). - // Both startIndex and endIndex can be greater than buffer capacity - - // you should always apply modulo capacity to get an index in cache array. - cache []*watchCacheEvent - startIndex int - endIndex int - - // store will effectively support LIST operation from the "end of cache - // history" i.e. from the moment just after the newest cached watched event. - // It is necessary to effectively allow clients to start watching at now. - // NOTE: We assume that <store> is thread-safe. - store cache.Indexer - - // ResourceVersion up to which the watchCache is propagated. - resourceVersion uint64 - - // ResourceVersion of the last list result (populated via Replace() method). - listResourceVersion uint64 - - // This handler is run at the end of every successful Replace() method. - onReplace func() - - // This handler is run at the end of every Add/Update/Delete method - // and additionally gets the previous value of the object. - eventHandler func(*watchCacheEvent) - - // for testing timeouts. - clock clock.Clock - - // An underlying storage.Versioner. - versioner storage.Versioner - - // cacher's group resource - groupResource schema.GroupResource - - // For testing cache interval invalidation. - indexValidator indexValidator -} - -func newWatchCache( - keyFunc func(runtime.Object) (string, error), - eventHandler func(*watchCacheEvent), - getAttrsFunc func(runtime.Object) (labels.Set, fields.Set, error), - versioner storage.Versioner, - indexers *cache.Indexers, - clock clock.Clock, - groupResource schema.GroupResource) *watchCache { - wc := &watchCache{ - capacity: defaultLowerBoundCapacity, - keyFunc: keyFunc, - getAttrsFunc: getAttrsFunc, - cache: make([]*watchCacheEvent, defaultLowerBoundCapacity), - lowerBoundCapacity: defaultLowerBoundCapacity, - upperBoundCapacity: defaultUpperBoundCapacity, - startIndex: 0, - endIndex: 0, - store: cache.NewIndexer(storeElementKey, storeElementIndexers(indexers)), - resourceVersion: 0, - listResourceVersion: 0, - eventHandler: eventHandler, - clock: clock, - versioner: versioner, - groupResource: groupResource, - } - metrics.WatchCacheCapacity.WithLabelValues(groupResource.String()).Set(float64(wc.capacity)) - wc.cond = sync.NewCond(wc.RLocker()) - wc.indexValidator = wc.isIndexValidLocked - - return wc -} - -// Add takes runtime.Object as an argument. -func (w *watchCache) Add(obj interface{}) error { - object, resourceVersion, err := w.objectToVersionedRuntimeObject(obj) - if err != nil { - return err - } - event := watch.Event{Type: watch.Added, Object: object} - - f := func(elem *storeElement) error { return w.store.Add(elem) } - return w.processEvent(event, resourceVersion, f) -} - -// Update takes runtime.Object as an argument. -func (w *watchCache) Update(obj interface{}) error { - object, resourceVersion, err := w.objectToVersionedRuntimeObject(obj) - if err != nil { - return err - } - event := watch.Event{Type: watch.Modified, Object: object} - - f := func(elem *storeElement) error { return w.store.Update(elem) } - return w.processEvent(event, resourceVersion, f) -} - -// Delete takes runtime.Object as an argument. -func (w *watchCache) Delete(obj interface{}) error { - object, resourceVersion, err := w.objectToVersionedRuntimeObject(obj) - if err != nil { - return err - } - event := watch.Event{Type: watch.Deleted, Object: object} - - f := func(elem *storeElement) error { return w.store.Delete(elem) } - return w.processEvent(event, resourceVersion, f) -} - -func (w *watchCache) objectToVersionedRuntimeObject(obj interface{}) (runtime.Object, uint64, error) { - object, ok := obj.(runtime.Object) - if !ok { - return nil, 0, fmt.Errorf("obj does not implement runtime.Object interface: %v", obj) - } - resourceVersion, err := w.versioner.ObjectResourceVersion(object) - if err != nil { - return nil, 0, err - } - return object, resourceVersion, nil -} - -// processEvent is safe as long as there is at most one call to it in flight -// at any point in time. -func (w *watchCache) processEvent(event watch.Event, resourceVersion uint64, updateFunc func(*storeElement) error) error { - key, err := w.keyFunc(event.Object) - if err != nil { - return fmt.Errorf("couldn't compute key: %v", err) - } - elem := &storeElement{Key: key, Object: event.Object} - elem.Labels, elem.Fields, err = w.getAttrsFunc(event.Object) - if err != nil { - return err - } - - wcEvent := &watchCacheEvent{ - Type: event.Type, - Object: elem.Object, - ObjLabels: elem.Labels, - ObjFields: elem.Fields, - Key: key, - ResourceVersion: resourceVersion, - RecordTime: w.clock.Now(), - } - - if err := func() error { - // TODO: We should consider moving this lock below after the watchCacheEvent - // is created. In such situation, the only problematic scenario is Replace( - // happening after getting object from store and before acquiring a lock. - // Maybe introduce another lock for this purpose. - w.Lock() - defer w.Unlock() - - previous, exists, err := w.store.Get(elem) - if err != nil { - return err - } - if exists { - previousElem := previous.(*storeElement) - wcEvent.PrevObject = previousElem.Object - wcEvent.PrevObjLabels = previousElem.Labels - wcEvent.PrevObjFields = previousElem.Fields - } - - w.updateCache(wcEvent) - w.resourceVersion = resourceVersion - defer w.cond.Broadcast() - - return updateFunc(elem) - }(); err != nil { - return err - } - - // Avoid calling event handler under lock. - // This is safe as long as there is at most one call to Add/Update/Delete and - // UpdateResourceVersion in flight at any point in time, which is true now, - // because reflector calls them synchronously from its main thread. - if w.eventHandler != nil { - w.eventHandler(wcEvent) - } - return nil -} - -// Assumes that lock is already held for write. -func (w *watchCache) updateCache(event *watchCacheEvent) { - w.resizeCacheLocked(event.RecordTime) - if w.isCacheFullLocked() { - // Cache is full - remove the oldest element. - w.startIndex++ - } - w.cache[w.endIndex%w.capacity] = event - w.endIndex++ -} - -// resizeCacheLocked resizes the cache if necessary: -// - increases capacity by 2x if cache is full and all cached events occurred within last eventFreshDuration. -// - decreases capacity by 2x when recent quarter of events occurred outside of eventFreshDuration(protect watchCache from flapping). -func (w *watchCache) resizeCacheLocked(eventTime time.Time) { - if w.isCacheFullLocked() && eventTime.Sub(w.cache[w.startIndex%w.capacity].RecordTime) < eventFreshDuration { - capacity := min(w.capacity*2, w.upperBoundCapacity) - if capacity > w.capacity { - w.doCacheResizeLocked(capacity) - } - return - } - if w.isCacheFullLocked() && eventTime.Sub(w.cache[(w.endIndex-w.capacity/4)%w.capacity].RecordTime) > eventFreshDuration { - capacity := max(w.capacity/2, w.lowerBoundCapacity) - if capacity < w.capacity { - w.doCacheResizeLocked(capacity) - } - return - } -} - -// isCacheFullLocked used to judge whether watchCacheEvent is full. -// Assumes that lock is already held for write. -func (w *watchCache) isCacheFullLocked() bool { - return w.endIndex == w.startIndex+w.capacity -} - -// doCacheResizeLocked resize watchCache's event array with different capacity. -// Assumes that lock is already held for write. -func (w *watchCache) doCacheResizeLocked(capacity int) { - newCache := make([]*watchCacheEvent, capacity) - if capacity < w.capacity { - // adjust startIndex if cache capacity shrink. - w.startIndex = w.endIndex - capacity - } - for i := w.startIndex; i < w.endIndex; i++ { - newCache[i%capacity] = w.cache[i%w.capacity] - } - w.cache = newCache - metrics.RecordsWatchCacheCapacityChange(w.groupResource.String(), w.capacity, capacity) - w.capacity = capacity -} - -func (w *watchCache) UpdateResourceVersion(resourceVersion string) { - rv, err := w.versioner.ParseResourceVersion(resourceVersion) - if err != nil { - klog.Errorf("Couldn't parse resourceVersion: %v", err) - return - } - - func() { - w.Lock() - defer w.Unlock() - w.resourceVersion = rv - }() - - // Avoid calling event handler under lock. - // This is safe as long as there is at most one call to Add/Update/Delete and - // UpdateResourceVersion in flight at any point in time, which is true now, - // because reflector calls them synchronously from its main thread. - if w.eventHandler != nil { - wcEvent := &watchCacheEvent{ - Type: watch.Bookmark, - ResourceVersion: rv, - } - w.eventHandler(wcEvent) - } -} - -// List returns list of pointers to <storeElement> objects. -func (w *watchCache) List() []interface{} { - return w.store.List() -} - -// waitUntilFreshAndBlock waits until cache is at least as fresh as given <resourceVersion>. -// NOTE: This function acquired lock and doesn't release it. -// You HAVE TO explicitly call w.RUnlock() after this function. -func (w *watchCache) waitUntilFreshAndBlock(ctx context.Context, resourceVersion uint64) error { - startTime := w.clock.Now() - - // In case resourceVersion is 0, we accept arbitrarily stale result. - // As a result, the condition in the below for loop will never be - // satisfied (w.resourceVersion is never negative), this call will - // never hit the w.cond.Wait(). - // As a result - we can optimize the code by not firing the wakeup - // function (and avoid starting a gorotuine), especially given that - // resourceVersion=0 is the most common case. - if resourceVersion > 0 { - go func() { - // Wake us up when the time limit has expired. The docs - // promise that time.After (well, NewTimer, which it calls) - // will wait *at least* the duration given. Since this go - // routine starts sometime after we record the start time, and - // it will wake up the loop below sometime after the broadcast, - // we don't need to worry about waking it up before the time - // has expired accidentally. - <-w.clock.After(blockTimeout) - w.cond.Broadcast() - }() - } - - w.RLock() - span := tracing.SpanFromContext(ctx) - span.AddEvent("watchCache locked acquired") - for w.resourceVersion < resourceVersion { - if w.clock.Since(startTime) >= blockTimeout { - // Request that the client retry after 'resourceVersionTooHighRetrySeconds' seconds. - return storage.NewTooLargeResourceVersionError(resourceVersion, w.resourceVersion, resourceVersionTooHighRetrySeconds) - } - w.cond.Wait() - } - span.AddEvent("watchCache fresh enough") - return nil -} - -// WaitUntilFreshAndList returns list of pointers to `storeElement` objects along -// with their ResourceVersion and the name of the index, if any, that was used. -func (w *watchCache) WaitUntilFreshAndList(ctx context.Context, resourceVersion uint64, matchValues []storage.MatchValue) ([]interface{}, uint64, string, error) { - err := w.waitUntilFreshAndBlock(ctx, resourceVersion) - defer w.RUnlock() - if err != nil { - return nil, 0, "", err - } - - // This isn't the place where we do "final filtering" - only some "prefiltering" is happening here. So the only - // requirement here is to NOT miss anything that should be returned. We can return as many non-matching items as we - // want - they will be filtered out later. The fact that we return less things is only further performance improvement. - // TODO: if multiple indexes match, return the one with the fewest items, so as to do as much filtering as possible. - for _, matchValue := range matchValues { - if result, err := w.store.ByIndex(matchValue.IndexName, matchValue.Value); err == nil { - return result, w.resourceVersion, matchValue.IndexName, nil - } - } - return w.store.List(), w.resourceVersion, "", nil -} - -// WaitUntilFreshAndGet returns a pointers to <storeElement> object. -func (w *watchCache) WaitUntilFreshAndGet(ctx context.Context, resourceVersion uint64, key string) (interface{}, bool, uint64, error) { - err := w.waitUntilFreshAndBlock(ctx, resourceVersion) - defer w.RUnlock() - if err != nil { - return nil, false, 0, err - } - value, exists, err := w.store.GetByKey(key) - return value, exists, w.resourceVersion, err -} - -func (w *watchCache) ListKeys() []string { - return w.store.ListKeys() -} - -// Get takes runtime.Object as a parameter. However, it returns -// pointer to <storeElement>. -func (w *watchCache) Get(obj interface{}) (interface{}, bool, error) { - object, ok := obj.(runtime.Object) - if !ok { - return nil, false, fmt.Errorf("obj does not implement runtime.Object interface: %v", obj) - } - key, err := w.keyFunc(object) - if err != nil { - return nil, false, fmt.Errorf("couldn't compute key: %v", err) - } - - return w.store.Get(&storeElement{Key: key, Object: object}) -} - -// GetByKey returns pointer to <storeElement>. -func (w *watchCache) GetByKey(key string) (interface{}, bool, error) { - return w.store.GetByKey(key) -} - -// Replace takes slice of runtime.Object as a parameter. -func (w *watchCache) Replace(objs []interface{}, resourceVersion string) error { - version, err := w.versioner.ParseResourceVersion(resourceVersion) - if err != nil { - return err - } - - toReplace := make([]interface{}, 0, len(objs)) - for _, obj := range objs { - object, ok := obj.(runtime.Object) - if !ok { - return fmt.Errorf("didn't get runtime.Object for replace: %#v", obj) - } - key, err := w.keyFunc(object) - if err != nil { - return fmt.Errorf("couldn't compute key: %v", err) - } - objLabels, objFields, err := w.getAttrsFunc(object) - if err != nil { - return err - } - toReplace = append(toReplace, &storeElement{ - Key: key, - Object: object, - Labels: objLabels, - Fields: objFields, - }) - } - - w.Lock() - defer w.Unlock() - - w.startIndex = 0 - w.endIndex = 0 - if err := w.store.Replace(toReplace, resourceVersion); err != nil { - return err - } - w.listResourceVersion = version - w.resourceVersion = version - if w.onReplace != nil { - w.onReplace() - } - w.cond.Broadcast() - klog.V(3).Infof("Replace watchCache (rev: %v) ", resourceVersion) - return nil -} - -func (w *watchCache) SetOnReplace(onReplace func()) { - w.Lock() - defer w.Unlock() - w.onReplace = onReplace -} - -func (w *watchCache) Resync() error { - // Nothing to do - return nil -} - -func (w *watchCache) currentCapacity() int { - w.Lock() - defer w.Unlock() - return w.capacity -} - -const ( - // minWatchChanSize is the min size of channels used by the watch. - // We keep that set to 10 for "backward compatibility" until we - // convince ourselves based on some metrics that decreasing is safe. - minWatchChanSize = 10 - // maxWatchChanSizeWithIndexAndTriger is the max size of the channel - // used by the watch using the index and trigger selector. - maxWatchChanSizeWithIndexAndTrigger = 10 - // maxWatchChanSizeWithIndexWithoutTrigger is the max size of the channel - // used by the watch using the index but without triggering selector. - // We keep that set to 1000 for "backward compatibility", until we - // convinced ourselves based on some metrics that decreasing is safe. - maxWatchChanSizeWithIndexWithoutTrigger = 1000 - // maxWatchChanSizeWithoutIndex is the max size of the channel - // used by the watch not using the index. - // TODO(wojtek-t): Figure out if the value shouldn't be higher. - maxWatchChanSizeWithoutIndex = 100 -) - -func (w *watchCache) suggestedWatchChannelSize(indexExists, triggerUsed bool) int { - // To estimate the channel size we use a heuristic that a channel - // should roughly be able to keep one second of history. - // We don't have an exact data, but given we store updates from - // the last <eventFreshDuration>, we approach it by dividing the - // capacity by the length of the history window. - chanSize := int(math.Ceil(float64(w.currentCapacity()) / eventFreshDuration.Seconds())) - - // Finally we adjust the size to avoid ending with too low or - // to large values. - if chanSize < minWatchChanSize { - chanSize = minWatchChanSize - } - var maxChanSize int - switch { - case indexExists && triggerUsed: - maxChanSize = maxWatchChanSizeWithIndexAndTrigger - case indexExists && !triggerUsed: - maxChanSize = maxWatchChanSizeWithIndexWithoutTrigger - case !indexExists: - maxChanSize = maxWatchChanSizeWithoutIndex - } - if chanSize > maxChanSize { - chanSize = maxChanSize - } - return chanSize -} - -// isIndexValidLocked checks if a given index is still valid. -// This assumes that the lock is held. -func (w *watchCache) isIndexValidLocked(index int) bool { - return index >= w.startIndex -} - -// getAllEventsSinceLocked returns a watchCacheInterval that can be used to -// retrieve events since a certain resourceVersion. This function assumes to -// be called under the watchCache lock. -func (w *watchCache) getAllEventsSinceLocked(resourceVersion uint64) (*watchCacheInterval, error) { - size := w.endIndex - w.startIndex - var oldest uint64 - switch { - case w.listResourceVersion > 0 && w.startIndex == 0: - // If no event was removed from the buffer since last relist, the oldest watch - // event we can deliver is one greater than the resource version of the list. - oldest = w.listResourceVersion + 1 - case size > 0: - // If the previous condition is not satisfied: either some event was already - // removed from the buffer or we've never completed a list (the latter can - // only happen in unit tests that populate the buffer without performing - // list/replace operations), the oldest watch event we can deliver is the first - // one in the buffer. - oldest = w.cache[w.startIndex%w.capacity].ResourceVersion - default: - return nil, fmt.Errorf("watch cache isn't correctly initialized") - } - - if resourceVersion == 0 { - // resourceVersion = 0 means that we don't require any specific starting point - // and we would like to start watching from ~now. - // However, to keep backward compatibility, we additionally need to return the - // current state and only then start watching from that point. - // - // TODO: In v2 api, we should stop returning the current state - #13969. - ci, err := newCacheIntervalFromStore(w.resourceVersion, w.store, w.getAttrsFunc) - if err != nil { - return nil, err - } - return ci, nil - } - if resourceVersion < oldest-1 { - return nil, errors.NewResourceExpired(fmt.Sprintf("too old resource version: %d (%d)", resourceVersion, oldest-1)) - } - - // Binary search the smallest index at which resourceVersion is greater than the given one. - f := func(i int) bool { - return w.cache[(w.startIndex+i)%w.capacity].ResourceVersion > resourceVersion - } - first := sort.Search(size, f) - indexerFunc := func(i int) *watchCacheEvent { - return w.cache[i%w.capacity] - } - ci := newCacheInterval(w.startIndex+first, w.endIndex, indexerFunc, w.indexValidator, &w.RWMutex) - return ci, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache_interval.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache_interval.go deleted file mode 100644 index c455357e04..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache_interval.go +++ /dev/null @@ -1,226 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cacher - -import ( - "fmt" - "sync" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/tools/cache" -) - -// watchCacheInterval serves as an abstraction over a source -// of watchCacheEvents. It maintains a window of events over -// an underlying source and these events can be served using -// the exposed Next() API. The main intent for doing things -// this way is to introduce an upper bound of memory usage -// for starting a watch and reduce the maximum possible time -// interval for which the lock would be held while events are -// copied over. -// -// The source of events for the interval is typically either -// the watchCache circular buffer, if events being retrieved -// need to be for resource versions > 0 or the underlying -// implementation of Store, if resource version = 0. -// -// Furthermore, an interval can be either valid or invalid at -// any given point of time. The notion of validity makes sense -// only in cases where the window of events in the underlying -// source can change over time - i.e. for watchCache circular -// buffer. When the circular buffer is full and an event needs -// to be popped off, watchCache::startIndex is incremented. In -// this case, an interval tracking that popped event is valid -// only if it has already been copied to its internal buffer. -// However, for efficiency we perform that lazily and we mark -// an interval as invalid iff we need to copy events from the -// watchCache and we end up needing events that have already -// been popped off. This translates to the following condition: -// -// watchCacheInterval::startIndex >= watchCache::startIndex. -// -// When this condition becomes false, the interval is no longer -// valid and should not be used to retrieve and serve elements -// from the underlying source. -type watchCacheInterval struct { - // startIndex denotes the starting point of the interval - // being considered. The value is the index in the actual - // source of watchCacheEvents. If the source of events is - // the watchCache, then this must be used modulo capacity. - startIndex int - - // endIndex denotes the ending point of the interval being - // considered. The value is the index in the actual source - // of events. If the source of the events is the watchCache, - // then this should be used modulo capacity. - endIndex int - - // indexer is meant to inject behaviour for how an event must - // be retrieved from the underlying source given an index. - indexer indexerFunc - - // indexValidator is used to check if a given index is still - // valid perspective. If it is deemed that the index is not - // valid, then this interval can no longer be used to serve - // events. Use of indexValidator is warranted only in cases - // where the window of events in the underlying source can - // change over time. Furthermore, an interval is invalid if - // its startIndex no longer coincides with the startIndex of - // underlying source. - indexValidator indexValidator - - // buffer holds watchCacheEvents that this interval returns on - // a call to Next(). This exists mainly to reduce acquiring the - // lock on each invocation of Next(). - buffer *watchCacheIntervalBuffer - - // lock effectively protects access to the underlying source - // of events through - indexer and indexValidator. - // - // Given that indexer and indexValidator only read state, if - // possible, Locker obtained through RLocker() is provided. - lock sync.Locker -} - -type attrFunc func(runtime.Object) (labels.Set, fields.Set, error) -type indexerFunc func(int) *watchCacheEvent -type indexValidator func(int) bool - -func newCacheInterval(startIndex, endIndex int, indexer indexerFunc, indexValidator indexValidator, locker sync.Locker) *watchCacheInterval { - return &watchCacheInterval{ - startIndex: startIndex, - endIndex: endIndex, - indexer: indexer, - indexValidator: indexValidator, - buffer: &watchCacheIntervalBuffer{buffer: make([]*watchCacheEvent, bufferSize)}, - lock: locker, - } -} - -// newCacheIntervalFromStore is meant to handle the case of rv=0, such that the events -// returned by Next() need to be events from a List() done on the underlying store of -// the watch cache. -func newCacheIntervalFromStore(resourceVersion uint64, store cache.Indexer, getAttrsFunc attrFunc) (*watchCacheInterval, error) { - buffer := &watchCacheIntervalBuffer{} - allItems := store.List() - buffer.buffer = make([]*watchCacheEvent, len(allItems)) - for i, item := range allItems { - elem, ok := item.(*storeElement) - if !ok { - return nil, fmt.Errorf("not a storeElement: %v", elem) - } - objLabels, objFields, err := getAttrsFunc(elem.Object) - if err != nil { - return nil, err - } - buffer.buffer[i] = &watchCacheEvent{ - Type: watch.Added, - Object: elem.Object, - ObjLabels: objLabels, - ObjFields: objFields, - Key: elem.Key, - ResourceVersion: resourceVersion, - } - buffer.endIndex++ - } - ci := &watchCacheInterval{ - startIndex: 0, - // Simulate that we already have all the events we're looking for. - endIndex: 0, - buffer: buffer, - } - - return ci, nil -} - -// Next returns the next item in the cache interval provided the cache -// interval is still valid. An error is returned if the interval is -// invalidated. -func (wci *watchCacheInterval) Next() (*watchCacheEvent, error) { - // if there are items in the buffer to return, return from - // the buffer. - if event, exists := wci.buffer.next(); exists { - return event, nil - } - // check if there are still other events in this interval - // that can be processed. - if wci.startIndex >= wci.endIndex { - return nil, nil - } - wci.lock.Lock() - defer wci.lock.Unlock() - - if valid := wci.indexValidator(wci.startIndex); !valid { - return nil, fmt.Errorf("cache interval invalidated, interval startIndex: %d", wci.startIndex) - } - - wci.fillBuffer() - if event, exists := wci.buffer.next(); exists { - return event, nil - } - return nil, nil -} - -func (wci *watchCacheInterval) fillBuffer() { - wci.buffer.startIndex = 0 - wci.buffer.endIndex = 0 - for wci.startIndex < wci.endIndex && !wci.buffer.isFull() { - event := wci.indexer(wci.startIndex) - if event == nil { - break - } - wci.buffer.buffer[wci.buffer.endIndex] = event - wci.buffer.endIndex++ - wci.startIndex++ - } -} - -const bufferSize = 100 - -// watchCacheIntervalBuffer is used to reduce acquiring -// the lock on each invocation of watchCacheInterval.Next(). -type watchCacheIntervalBuffer struct { - // buffer is used to hold watchCacheEvents that - // the interval returns on a call to Next(). - buffer []*watchCacheEvent - // The first element of buffer is defined by startIndex, - // its last element is defined by endIndex. - startIndex int - endIndex int -} - -// next returns the next event present in the interval buffer provided -// it is not empty. -func (wcib *watchCacheIntervalBuffer) next() (*watchCacheEvent, bool) { - if wcib.isEmpty() { - return nil, false - } - next := wcib.buffer[wcib.startIndex] - wcib.startIndex++ - return next, true -} - -func (wcib *watchCacheIntervalBuffer) isFull() bool { - return wcib.endIndex >= bufferSize -} - -func (wcib *watchCacheIntervalBuffer) isEmpty() bool { - return wcib.startIndex == wcib.endIndex -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/continue.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/continue.go deleted file mode 100644 index fcd95af9b3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/continue.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "path" - "strings" -) - -var ( - ErrInvalidStartRV = errors.New("continue key is not valid: incorrect encoded start resourceVersion (version meta.k8s.io/v1)") - ErrEmptyStartKey = errors.New("continue key is not valid: encoded start key empty (version meta.k8s.io/v1)") - ErrGenericInvalidKey = errors.New("continue key is not valid") - ErrUnrecognizedEncodedVersion = errors.New("continue key is not valid: server does not recognize this encoded version") -) - -// continueToken is a simple structured object for encoding the state of a continue token. -// TODO: if we change the version of the encoded from, we can't start encoding the new version -// until all other servers are upgraded (i.e. we need to support rolling schema) -// This is a public API struct and cannot change. -type continueToken struct { - APIVersion string `json:"v"` - ResourceVersion int64 `json:"rv"` - StartKey string `json:"start"` -} - -// DecodeContinue transforms an encoded predicate from into a versioned struct. -// TODO: return a typed error that instructs clients that they must relist -func DecodeContinue(continueValue, keyPrefix string) (fromKey string, rv int64, err error) { - data, err := base64.RawURLEncoding.DecodeString(continueValue) - if err != nil { - return "", 0, fmt.Errorf("%w: %v", ErrGenericInvalidKey, err) - } - var c continueToken - if err := json.Unmarshal(data, &c); err != nil { - return "", 0, fmt.Errorf("%w: %v", ErrGenericInvalidKey, err) - } - switch c.APIVersion { - case "meta.k8s.io/v1": - if c.ResourceVersion == 0 { - return "", 0, ErrInvalidStartRV - } - if len(c.StartKey) == 0 { - return "", 0, ErrEmptyStartKey - } - // defend against path traversal attacks by clients - path.Clean will ensure that startKey cannot - // be at a higher level of the hierarchy, and so when we append the key prefix we will end up with - // continue start key that is fully qualified and cannot range over anything less specific than - // keyPrefix. - key := c.StartKey - if !strings.HasPrefix(key, "/") { - key = "/" + key - } - cleaned := path.Clean(key) - if cleaned != key { - return "", 0, fmt.Errorf("%w: %v", ErrGenericInvalidKey, c.StartKey) - } - return keyPrefix + cleaned[1:], c.ResourceVersion, nil - default: - return "", 0, fmt.Errorf("%w %v", ErrUnrecognizedEncodedVersion, c.APIVersion) - } -} - -// EncodeContinue returns a string representing the encoded continuation of the current query. -func EncodeContinue(key, keyPrefix string, resourceVersion int64) (string, error) { - nextKey := strings.TrimPrefix(key, keyPrefix) - if nextKey == key { - return "", fmt.Errorf("unable to encode next field: the key and key prefix do not match") - } - out, err := json.Marshal(&continueToken{APIVersion: "meta.k8s.io/v1", ResourceVersion: resourceVersion, StartKey: nextKey}) - if err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(out), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/doc.go deleted file mode 100644 index fbdd944687..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Interfaces for database-related operations. -package storage // import "k8s.io/apiserver/pkg/storage" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/errors.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/errors.go deleted file mode 100644 index ed4f4d0d0e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/errors.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -const ( - ErrCodeKeyNotFound int = iota + 1 - ErrCodeKeyExists - ErrCodeResourceVersionConflicts - ErrCodeInvalidObj - ErrCodeUnreachable -) - -var errCodeToMessage = map[int]string{ - ErrCodeKeyNotFound: "key not found", - ErrCodeKeyExists: "key exists", - ErrCodeResourceVersionConflicts: "resource version conflicts", - ErrCodeInvalidObj: "invalid object", - ErrCodeUnreachable: "server unreachable", -} - -func NewKeyNotFoundError(key string, rv int64) *StorageError { - return &StorageError{ - Code: ErrCodeKeyNotFound, - Key: key, - ResourceVersion: rv, - } -} - -func NewKeyExistsError(key string, rv int64) *StorageError { - return &StorageError{ - Code: ErrCodeKeyExists, - Key: key, - ResourceVersion: rv, - } -} - -func NewResourceVersionConflictsError(key string, rv int64) *StorageError { - return &StorageError{ - Code: ErrCodeResourceVersionConflicts, - Key: key, - ResourceVersion: rv, - } -} - -func NewUnreachableError(key string, rv int64) *StorageError { - return &StorageError{ - Code: ErrCodeUnreachable, - Key: key, - ResourceVersion: rv, - } -} - -func NewInvalidObjError(key, msg string) *StorageError { - return &StorageError{ - Code: ErrCodeInvalidObj, - Key: key, - AdditionalErrorMsg: msg, - } -} - -type StorageError struct { - Code int - Key string - ResourceVersion int64 - AdditionalErrorMsg string -} - -func (e *StorageError) Error() string { - return fmt.Sprintf("StorageError: %s, Code: %d, Key: %s, ResourceVersion: %d, AdditionalErrorMsg: %s", - errCodeToMessage[e.Code], e.Code, e.Key, e.ResourceVersion, e.AdditionalErrorMsg) -} - -// IsNotFound returns true if and only if err is "key" not found error. -func IsNotFound(err error) bool { - return isErrCode(err, ErrCodeKeyNotFound) -} - -// IsExist returns true if and only if err is "key" already exists error. -func IsExist(err error) bool { - return isErrCode(err, ErrCodeKeyExists) -} - -// IsUnreachable returns true if and only if err indicates the server could not be reached. -func IsUnreachable(err error) bool { - return isErrCode(err, ErrCodeUnreachable) -} - -// IsConflict returns true if and only if err is a write conflict. -func IsConflict(err error) bool { - return isErrCode(err, ErrCodeResourceVersionConflicts) -} - -// IsInvalidObj returns true if and only if err is invalid error -func IsInvalidObj(err error) bool { - return isErrCode(err, ErrCodeInvalidObj) -} - -func isErrCode(err error, code int) bool { - if err == nil { - return false - } - if e, ok := err.(*StorageError); ok { - return e.Code == code - } - return false -} - -// InvalidError is generated when an error caused by invalid API object occurs -// in the storage package. -type InvalidError struct { - Errs field.ErrorList -} - -func (e InvalidError) Error() string { - return e.Errs.ToAggregate().Error() -} - -// IsInvalidError returns true if and only if err is an InvalidError. -func IsInvalidError(err error) bool { - _, ok := err.(InvalidError) - return ok -} - -func NewInvalidError(errors field.ErrorList) InvalidError { - return InvalidError{errors} -} - -// InternalError is generated when an error occurs in the storage package, i.e., -// not from the underlying storage backend (e.g., etcd). -type InternalError struct { - Reason string -} - -func (e InternalError) Error() string { - return e.Reason -} - -// IsInternalError returns true if and only if err is an InternalError. -func IsInternalError(err error) bool { - _, ok := err.(InternalError) - return ok -} - -func NewInternalError(reason string) InternalError { - return InternalError{reason} -} - -func NewInternalErrorf(format string, a ...interface{}) InternalError { - return InternalError{fmt.Sprintf(format, a...)} -} - -var tooLargeResourceVersionCauseMsg = "Too large resource version" - -// NewTooLargeResourceVersionError returns a timeout error with the given retrySeconds for a request for -// a minimum resource version that is larger than the largest currently available resource version for a requested resource. -func NewTooLargeResourceVersionError(minimumResourceVersion, currentRevision uint64, retrySeconds int) error { - err := errors.NewTimeoutError(fmt.Sprintf("Too large resource version: %d, current: %d", minimumResourceVersion, currentRevision), retrySeconds) - err.ErrStatus.Details.Causes = []metav1.StatusCause{ - { - Type: metav1.CauseTypeResourceVersionTooLarge, - Message: tooLargeResourceVersionCauseMsg, - }, - } - return err -} - -// IsTooLargeResourceVersion returns true if the error is a TooLargeResourceVersion error. -func IsTooLargeResourceVersion(err error) bool { - if !errors.IsTimeout(err) { - return false - } - return errors.HasStatusCause(err, metav1.CauseTypeResourceVersionTooLarge) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/errors/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/errors/doc.go deleted file mode 100644 index e251b61680..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/errors/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package storage provides conversion of storage errors to API errors. -package storage // import "k8s.io/apiserver/pkg/storage/errors" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/errors/storage.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/errors/storage.go deleted file mode 100644 index 89f3453980..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/errors/storage.go +++ /dev/null @@ -1,116 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/storage" -) - -// InterpretListError converts a generic error on a retrieval -// operation into the appropriate API error. -func InterpretListError(err error, qualifiedResource schema.GroupResource) error { - switch { - case storage.IsNotFound(err): - return errors.NewNotFound(qualifiedResource, "") - case storage.IsUnreachable(err): - return errors.NewServerTimeout(qualifiedResource, "list", 2) // TODO: make configurable or handled at a higher level - case storage.IsInternalError(err): - return errors.NewInternalError(err) - default: - return err - } -} - -// InterpretGetError converts a generic error on a retrieval -// operation into the appropriate API error. -func InterpretGetError(err error, qualifiedResource schema.GroupResource, name string) error { - switch { - case storage.IsNotFound(err): - return errors.NewNotFound(qualifiedResource, name) - case storage.IsUnreachable(err): - return errors.NewServerTimeout(qualifiedResource, "get", 2) // TODO: make configurable or handled at a higher level - case storage.IsInternalError(err): - return errors.NewInternalError(err) - default: - return err - } -} - -// InterpretCreateError converts a generic error on a create -// operation into the appropriate API error. -func InterpretCreateError(err error, qualifiedResource schema.GroupResource, name string) error { - switch { - case storage.IsExist(err): - return errors.NewAlreadyExists(qualifiedResource, name) - case storage.IsUnreachable(err): - return errors.NewServerTimeout(qualifiedResource, "create", 2) // TODO: make configurable or handled at a higher level - case storage.IsInternalError(err): - return errors.NewInternalError(err) - default: - return err - } -} - -// InterpretUpdateError converts a generic error on an update -// operation into the appropriate API error. -func InterpretUpdateError(err error, qualifiedResource schema.GroupResource, name string) error { - switch { - case storage.IsConflict(err), storage.IsExist(err), storage.IsInvalidObj(err): - return errors.NewConflict(qualifiedResource, name, err) - case storage.IsUnreachable(err): - return errors.NewServerTimeout(qualifiedResource, "update", 2) // TODO: make configurable or handled at a higher level - case storage.IsNotFound(err): - return errors.NewNotFound(qualifiedResource, name) - case storage.IsInternalError(err): - return errors.NewInternalError(err) - default: - return err - } -} - -// InterpretDeleteError converts a generic error on a delete -// operation into the appropriate API error. -func InterpretDeleteError(err error, qualifiedResource schema.GroupResource, name string) error { - switch { - case storage.IsNotFound(err): - return errors.NewNotFound(qualifiedResource, name) - case storage.IsUnreachable(err): - return errors.NewServerTimeout(qualifiedResource, "delete", 2) // TODO: make configurable or handled at a higher level - case storage.IsConflict(err), storage.IsExist(err), storage.IsInvalidObj(err): - return errors.NewConflict(qualifiedResource, name, err) - case storage.IsInternalError(err): - return errors.NewInternalError(err) - default: - return err - } -} - -// InterpretWatchError converts a generic error on a watch -// operation into the appropriate API error. -func InterpretWatchError(err error, resource schema.GroupResource, name string) error { - switch { - case storage.IsInvalidError(err): - invalidError, _ := err.(storage.InvalidError) - return errors.NewInvalid(schema.GroupKind{Group: resource.Group, Kind: resource.Resource}, name, invalidError.Errs) - case storage.IsInternalError(err): - return errors.NewInternalError(err) - default: - return err - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/OWNERS deleted file mode 100644 index 6b7e2928ea..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - wojtek-t diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/compact.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/compact.go deleted file mode 100644 index f279c6cabb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/compact.go +++ /dev/null @@ -1,162 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "context" - "strconv" - "sync" - "time" - - clientv3 "go.etcd.io/etcd/client/v3" - "k8s.io/klog/v2" -) - -const ( - compactRevKey = "compact_rev_key" -) - -var ( - endpointsMapMu sync.Mutex - endpointsMap map[string]struct{} -) - -func init() { - endpointsMap = make(map[string]struct{}) -} - -// StartCompactor starts a compactor in the background to compact old version of keys that's not needed. -// By default, we save the most recent 5 minutes data and compact versions > 5minutes ago. -// It should be enough for slow watchers and to tolerate burst. -// TODO: We might keep a longer history (12h) in the future once storage API can take advantage of past version of keys. -func StartCompactor(ctx context.Context, client *clientv3.Client, compactInterval time.Duration) { - endpointsMapMu.Lock() - defer endpointsMapMu.Unlock() - - // In one process, we can have only one compactor for one cluster. - // Currently we rely on endpoints to differentiate clusters. - for _, ep := range client.Endpoints() { - if _, ok := endpointsMap[ep]; ok { - klog.V(4).Infof("compactor already exists for endpoints %v", client.Endpoints()) - return - } - } - for _, ep := range client.Endpoints() { - endpointsMap[ep] = struct{}{} - } - - if compactInterval != 0 { - go compactor(ctx, client, compactInterval) - } -} - -// compactor periodically compacts historical versions of keys in etcd. -// It will compact keys with versions older than given interval. -// In other words, after compaction, it will only contain keys set during last interval. -// Any API call for the older versions of keys will return error. -// Interval is the time interval between each compaction. The first compaction happens after "interval". -func compactor(ctx context.Context, client *clientv3.Client, interval time.Duration) { - // Technical definitions: - // We have a special key in etcd defined as *compactRevKey*. - // compactRevKey's value will be set to the string of last compacted revision. - // compactRevKey's version will be used as logical time for comparison. THe version is referred as compact time. - // Initially, because the key doesn't exist, the compact time (version) is 0. - // - // Algorithm: - // - Compare to see if (local compact_time) = (remote compact_time). - // - If yes, increment both local and remote compact_time, and do a compaction. - // - If not, set local to remote compact_time. - // - // Technical details/insights: - // - // The protocol here is lease based. If one compactor CAS successfully, the others would know it when they fail in - // CAS later and would try again in 5 minutes. If an APIServer crashed, another one would "take over" the lease. - // - // For example, in the following diagram, we have a compactor C1 doing compaction in t1, t2. Another compactor C2 - // at t1' (t1 < t1' < t2) would CAS fail, set its known oldRev to rev at t1', and try again in t2' (t2' > t2). - // If C1 crashed and wouldn't compact at t2, C2 would CAS successfully at t2'. - // - // oldRev(t2) curRev(t2) - // + - // oldRev curRev | - // + + | - // | | | - // | | t1' | t2' - // +---v-------------v----^---------v------^----> - // t0 t1 t2 - // - // We have the guarantees: - // - in normal cases, the interval is 5 minutes. - // - in failover, the interval is >5m and <10m - // - // FAQ: - // - What if time is not accurate? We don't care as long as someone did the compaction. Atomicity is ensured using - // etcd API. - // - What happened under heavy load scenarios? Initially, each apiserver will do only one compaction - // every 5 minutes. This is very unlikely affecting or affected w.r.t. server load. - - var compactTime int64 - var rev int64 - var err error - for { - select { - case <-time.After(interval): - case <-ctx.Done(): - return - } - - compactTime, rev, err = compact(ctx, client, compactTime, rev) - if err != nil { - klog.Errorf("etcd: endpoint (%v) compact failed: %v", client.Endpoints(), err) - continue - } - } -} - -// compact compacts etcd store and returns current rev. -// It will return the current compact time and global revision if no error occurred. -// Note that CAS fail will not incur any error. -func compact(ctx context.Context, client *clientv3.Client, t, rev int64) (int64, int64, error) { - resp, err := client.KV.Txn(ctx).If( - clientv3.Compare(clientv3.Version(compactRevKey), "=", t), - ).Then( - clientv3.OpPut(compactRevKey, strconv.FormatInt(rev, 10)), // Expect side effect: increment Version - ).Else( - clientv3.OpGet(compactRevKey), - ).Commit() - if err != nil { - return t, rev, err - } - - curRev := resp.Header.Revision - - if !resp.Succeeded { - curTime := resp.Responses[0].GetResponseRange().Kvs[0].Version - return curTime, curRev, nil - } - curTime := t + 1 - - if rev == 0 { - // We don't compact on bootstrap. - return curTime, curRev, nil - } - if _, err = client.Compact(ctx, rev); err != nil { - return curTime, curRev, err - } - klog.V(4).Infof("etcd: compacted rev (%d), endpoints (%v)", rev, client.Endpoints()) - return curTime, curRev, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/errors.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/errors.go deleted file mode 100644 index d71c9917dc..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/errors.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apiserver/pkg/storage" - - etcdrpc "go.etcd.io/etcd/api/v3/v3rpc/rpctypes" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -func interpretWatchError(err error) error { - switch { - case err == etcdrpc.ErrCompacted: - return errors.NewResourceExpired("The resourceVersion for the provided watch is too old.") - } - return err -} - -const ( - expired string = "The resourceVersion for the provided list is too old." - continueExpired string = "The provided continue parameter is too old " + - "to display a consistent list result. You can start a new list without " + - "the continue parameter." - inconsistentContinue string = "The provided continue parameter is too old " + - "to display a consistent list result. You can start a new list without " + - "the continue parameter, or use the continue token in this response to " + - "retrieve the remainder of the results. Continuing with the provided " + - "token results in an inconsistent list - objects that were created, " + - "modified, or deleted between the time the first chunk was returned " + - "and now may show up in the list." -) - -func interpretListError(err error, paging bool, continueKey, keyPrefix string) error { - switch { - case err == etcdrpc.ErrCompacted: - if paging { - return handleCompactedErrorForPaging(continueKey, keyPrefix) - } - return errors.NewResourceExpired(expired) - } - return err -} - -func handleCompactedErrorForPaging(continueKey, keyPrefix string) error { - // continueToken.ResoureVersion=-1 means that the apiserver can - // continue the list at the latest resource version. We don't use rv=0 - // for this purpose to distinguish from a bad token that has empty rv. - newToken, err := storage.EncodeContinue(continueKey, keyPrefix, -1) - if err != nil { - utilruntime.HandleError(err) - return errors.NewResourceExpired(continueExpired) - } - statusError := errors.NewResourceExpired(inconsistentContinue) - statusError.ErrStatus.ListMeta.Continue = newToken - return statusError -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/event.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/event.go deleted file mode 100644 index 3e5bfb1c63..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/event.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "fmt" - "go.etcd.io/etcd/api/v3/mvccpb" - clientv3 "go.etcd.io/etcd/client/v3" -) - -type event struct { - key string - value []byte - prevValue []byte - rev int64 - isDeleted bool - isCreated bool - isProgressNotify bool -} - -// parseKV converts a KeyValue retrieved from an initial sync() listing to a synthetic isCreated event. -func parseKV(kv *mvccpb.KeyValue) *event { - return &event{ - key: string(kv.Key), - value: kv.Value, - prevValue: nil, - rev: kv.ModRevision, - isDeleted: false, - isCreated: true, - } -} - -func parseEvent(e *clientv3.Event) (*event, error) { - if !e.IsCreate() && e.PrevKv == nil { - // If the previous value is nil, error. One example of how this is possible is if the previous value has been compacted already. - return nil, fmt.Errorf("etcd event received with PrevKv=nil (key=%q, modRevision=%d, type=%s)", string(e.Kv.Key), e.Kv.ModRevision, e.Type.String()) - - } - ret := &event{ - key: string(e.Kv.Key), - value: e.Kv.Value, - rev: e.Kv.ModRevision, - isDeleted: e.Type == clientv3.EventTypeDelete, - isCreated: e.IsCreate(), - } - if e.PrevKv != nil { - ret.prevValue = e.PrevKv.Value - } - return ret, nil -} - -func progressNotifyEvent(rev int64) *event { - return &event{ - rev: rev, - isProgressNotify: true, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/healthcheck.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/healthcheck.go deleted file mode 100644 index ad051d2d6c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/healthcheck.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "encoding/json" - "fmt" -) - -// etcdHealth encodes data returned from etcd /healthz handler. -type etcdHealth struct { - // Note this has to be public so the json library can modify it. - Health string `json:"health"` -} - -// EtcdHealthCheck decodes data returned from etcd /healthz handler. -func EtcdHealthCheck(data []byte) error { - obj := etcdHealth{} - if err := json.Unmarshal(data, &obj); err != nil { - return err - } - if obj.Health != "true" { - return fmt.Errorf("Unhealthy status: %s", obj.Health) - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/latency_tracker.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/latency_tracker.go deleted file mode 100644 index 96d592e790..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/latency_tracker.go +++ /dev/null @@ -1,108 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "context" - "time" - - clientv3 "go.etcd.io/etcd/client/v3" - endpointsrequest "k8s.io/apiserver/pkg/endpoints/request" -) - -// NewETCDLatencyTracker returns an implementation of -// clientv3.KV that times the calls from the specified -// 'delegate' KV instance in order to track latency incurred. -func NewETCDLatencyTracker(delegate clientv3.KV) clientv3.KV { - return &clientV3KVLatencyTracker{KV: delegate} -} - -// clientV3KVLatencyTracker decorates a clientv3.KV instance and times -// each call so we can track the latency an API request incurs in etcd -// round trips (the time it takes to send data to etcd and get the -// complete response back) -// -// If an API request involves N (N>=1) round trips to etcd, then we will sum -// up the latenciy incurred in each roundtrip. - -// It uses the context associated with the request in flight, so there -// are no states shared among the requests in flight, and so there is no -// concurrency overhead. -// If the goroutine executing the request handler makes concurrent calls -// to the underlying storage layer, that is protected since the latency -// tracking function TrackStorageLatency is thread safe. -// -// NOTE: Compact is an asynchronous process and is not associated with -// -// any request, so we will not be tracking its latency. -type clientV3KVLatencyTracker struct { - clientv3.KV -} - -func (c *clientV3KVLatencyTracker) Put(ctx context.Context, key, val string, opts ...clientv3.OpOption) (*clientv3.PutResponse, error) { - startedAt := time.Now() - defer func() { - endpointsrequest.TrackStorageLatency(ctx, time.Since(startedAt)) - }() - - return c.KV.Put(ctx, key, val, opts...) -} - -func (c *clientV3KVLatencyTracker) Get(ctx context.Context, key string, opts ...clientv3.OpOption) (*clientv3.GetResponse, error) { - startedAt := time.Now() - defer func() { - endpointsrequest.TrackStorageLatency(ctx, time.Since(startedAt)) - }() - - return c.KV.Get(ctx, key, opts...) -} - -func (c *clientV3KVLatencyTracker) Delete(ctx context.Context, key string, opts ...clientv3.OpOption) (*clientv3.DeleteResponse, error) { - startedAt := time.Now() - defer func() { - endpointsrequest.TrackStorageLatency(ctx, time.Since(startedAt)) - }() - - return c.KV.Delete(ctx, key, opts...) -} - -func (c *clientV3KVLatencyTracker) Do(ctx context.Context, op clientv3.Op) (clientv3.OpResponse, error) { - startedAt := time.Now() - defer func() { - endpointsrequest.TrackStorageLatency(ctx, time.Since(startedAt)) - }() - - return c.KV.Do(ctx, op) -} - -func (c *clientV3KVLatencyTracker) Txn(ctx context.Context) clientv3.Txn { - return &clientV3TxnTracker{ctx: ctx, Txn: c.KV.Txn(ctx)} -} - -type clientV3TxnTracker struct { - ctx context.Context - clientv3.Txn -} - -func (t *clientV3TxnTracker) Commit() (*clientv3.TxnResponse, error) { - startedAt := time.Now() - defer func() { - endpointsrequest.TrackStorageLatency(t.ctx, time.Since(startedAt)) - }() - - return t.Txn.Commit() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/lease_manager.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/lease_manager.go deleted file mode 100644 index 12c9d00c76..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/lease_manager.go +++ /dev/null @@ -1,131 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "context" - "sync" - "time" - - clientv3 "go.etcd.io/etcd/client/v3" - "k8s.io/apiserver/pkg/storage/etcd3/metrics" -) - -const ( - defaultLeaseReuseDurationSeconds = 60 - defaultLeaseMaxObjectCount = 1000 -) - -// LeaseManagerConfig is configuration for creating a lease manager. -type LeaseManagerConfig struct { - // ReuseDurationSeconds specifies time in seconds that each lease is reused - ReuseDurationSeconds int64 - // MaxObjectCount specifies how many objects that a lease can attach - MaxObjectCount int64 -} - -// NewDefaultLeaseManagerConfig creates a LeaseManagerConfig with default values -func NewDefaultLeaseManagerConfig() LeaseManagerConfig { - return LeaseManagerConfig{ - ReuseDurationSeconds: defaultLeaseReuseDurationSeconds, - MaxObjectCount: defaultLeaseMaxObjectCount, - } -} - -// leaseManager is used to manage leases requested from etcd. If a new write -// needs a lease that has similar expiration time to the previous one, the old -// lease will be reused to reduce the overhead of etcd, since lease operations -// are expensive. In the implementation, we only store one previous lease, -// since all the events have the same ttl. -type leaseManager struct { - client *clientv3.Client // etcd client used to grant leases - leaseMu sync.Mutex - prevLeaseID clientv3.LeaseID - prevLeaseExpirationTime time.Time - // The period of time in seconds and percent of TTL that each lease is - // reused. The minimum of them is used to avoid unreasonably large - // numbers. - leaseReuseDurationSeconds int64 - leaseReuseDurationPercent float64 - leaseMaxAttachedObjectCount int64 - leaseAttachedObjectCount int64 -} - -// newDefaultLeaseManager creates a new lease manager using default setting. -func newDefaultLeaseManager(client *clientv3.Client, config LeaseManagerConfig) *leaseManager { - if config.MaxObjectCount <= 0 { - config.MaxObjectCount = defaultLeaseMaxObjectCount - } - return newLeaseManager(client, config.ReuseDurationSeconds, 0.05, config.MaxObjectCount) -} - -// newLeaseManager creates a new lease manager with the number of buffered -// leases, lease reuse duration in seconds and percentage. The percentage -// value x means x*100%. -func newLeaseManager(client *clientv3.Client, leaseReuseDurationSeconds int64, leaseReuseDurationPercent float64, maxObjectCount int64) *leaseManager { - return &leaseManager{ - client: client, - leaseReuseDurationSeconds: leaseReuseDurationSeconds, - leaseReuseDurationPercent: leaseReuseDurationPercent, - leaseMaxAttachedObjectCount: maxObjectCount, - } -} - -// GetLease returns a lease based on requested ttl: if the cached previous -// lease can be reused, reuse it; otherwise request a new one from etcd. -func (l *leaseManager) GetLease(ctx context.Context, ttl int64) (clientv3.LeaseID, error) { - now := time.Now() - l.leaseMu.Lock() - defer l.leaseMu.Unlock() - // check if previous lease can be reused - reuseDurationSeconds := l.getReuseDurationSecondsLocked(ttl) - valid := now.Add(time.Duration(ttl) * time.Second).Before(l.prevLeaseExpirationTime) - sufficient := now.Add(time.Duration(ttl+reuseDurationSeconds) * time.Second).After(l.prevLeaseExpirationTime) - - // We count all operations that happened in the same lease, regardless of success or failure. - // Currently each GetLease call only attach 1 object - l.leaseAttachedObjectCount++ - - if valid && sufficient && l.leaseAttachedObjectCount <= l.leaseMaxAttachedObjectCount { - return l.prevLeaseID, nil - } - - // request a lease with a little extra ttl from etcd - ttl += reuseDurationSeconds - lcr, err := l.client.Lease.Grant(ctx, ttl) - if err != nil { - return clientv3.LeaseID(0), err - } - // cache the new lease id - l.prevLeaseID = lcr.ID - l.prevLeaseExpirationTime = now.Add(time.Duration(ttl) * time.Second) - // refresh count - metrics.UpdateLeaseObjectCount(l.leaseAttachedObjectCount) - l.leaseAttachedObjectCount = 1 - return lcr.ID, nil -} - -// getReuseDurationSecondsLocked returns the reusable duration in seconds -// based on the configuration. Lock has to be acquired before calling this -// function. -func (l *leaseManager) getReuseDurationSecondsLocked(ttl int64) int64 { - reuseDurationSeconds := int64(l.leaseReuseDurationPercent * float64(ttl)) - if reuseDurationSeconds > l.leaseReuseDurationSeconds { - reuseDurationSeconds = l.leaseReuseDurationSeconds - } - return reuseDurationSeconds -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/logger.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/logger.go deleted file mode 100644 index 773d12f6f1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/logger.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "fmt" - - "google.golang.org/grpc/grpclog" - "k8s.io/klog/v2" -) - -func init() { - grpclog.SetLoggerV2(klogWrapper{}) -} - -type klogWrapper struct{} - -const klogWrapperDepth = 4 - -func (klogWrapper) Info(args ...interface{}) { - if klogV := klog.V(5); klogV.Enabled() { - klogV.InfoSDepth(klogWrapperDepth, fmt.Sprint(args...)) - } -} - -func (klogWrapper) Infoln(args ...interface{}) { - if klogV := klog.V(5); klogV.Enabled() { - klogV.InfoSDepth(klogWrapperDepth, fmt.Sprintln(args...)) - } -} - -func (klogWrapper) Infof(format string, args ...interface{}) { - if klogV := klog.V(5); klogV.Enabled() { - klog.V(5).InfoSDepth(klogWrapperDepth, fmt.Sprintf(format, args...)) - } -} - -func (klogWrapper) Warning(args ...interface{}) { - klog.WarningDepth(klogWrapperDepth, args...) -} - -func (klogWrapper) Warningln(args ...interface{}) { - klog.WarningDepth(klogWrapperDepth, fmt.Sprintln(args...)) -} - -func (klogWrapper) Warningf(format string, args ...interface{}) { - klog.WarningDepth(klogWrapperDepth, fmt.Sprintf(format, args...)) -} - -func (klogWrapper) Error(args ...interface{}) { - klog.ErrorDepth(klogWrapperDepth, args...) -} - -func (klogWrapper) Errorln(args ...interface{}) { - klog.ErrorDepth(klogWrapperDepth, fmt.Sprintln(args...)) -} - -func (klogWrapper) Errorf(format string, args ...interface{}) { - klog.ErrorDepth(klogWrapperDepth, fmt.Sprintf(format, args...)) -} - -func (klogWrapper) Fatal(args ...interface{}) { - klog.FatalDepth(klogWrapperDepth, args...) -} - -func (klogWrapper) Fatalln(args ...interface{}) { - klog.FatalDepth(klogWrapperDepth, fmt.Sprintln(args...)) -} - -func (klogWrapper) Fatalf(format string, args ...interface{}) { - klog.FatalDepth(klogWrapperDepth, fmt.Sprintf(format, args...)) -} - -func (klogWrapper) V(l int) bool { - return bool(klog.V(klog.Level(l)).Enabled()) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/OWNERS deleted file mode 100644 index 433e84aa3e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - logicalhan diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/metrics.go deleted file mode 100644 index 8255822945..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/metrics/metrics.go +++ /dev/null @@ -1,179 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "sync" - "time" - - compbasemetrics "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -var ( - etcdRequestLatency = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Name: "etcd_request_duration_seconds", - Help: "Etcd request latency in seconds for each operation and object type.", - // Etcd request latency in seconds for each operation and object type. - // This metric is used for verifying etcd api call latencies SLO - // keep consistent with apiserver metric 'requestLatencies' in - // staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go - Buckets: []float64{0.005, 0.025, 0.05, 0.1, 0.2, 0.4, 0.6, 0.8, 1.0, 1.25, 1.5, 2, 3, - 4, 5, 6, 8, 10, 15, 20, 30, 45, 60}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"operation", "type"}, - ) - objectCounts = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Name: "apiserver_storage_objects", - Help: "Number of stored objects at the time of last check split by kind.", - StabilityLevel: compbasemetrics.STABLE, - }, - []string{"resource"}, - ) - dbTotalSize = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Subsystem: "apiserver", - Name: "storage_db_total_size_in_bytes", - Help: "Total size of the storage database file physically allocated in bytes.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"endpoint"}, - ) - etcdBookmarkCounts = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Name: "etcd_bookmark_counts", - Help: "Number of etcd bookmarks (progress notify events) split by kind.", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - etcdLeaseObjectCounts = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Name: "etcd_lease_object_counts", - Help: "Number of objects attached to a single etcd lease.", - Buckets: []float64{10, 50, 100, 500, 1000, 2500, 5000}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{}, - ) - listStorageCount = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Name: "apiserver_storage_list_total", - Help: "Number of LIST requests served from storage", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - listStorageNumFetched = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Name: "apiserver_storage_list_fetched_objects_total", - Help: "Number of objects read from storage in the course of serving a LIST request", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - listStorageNumSelectorEvals = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Name: "apiserver_storage_list_evaluated_objects_total", - Help: "Number of objects tested in the course of serving a LIST request from storage", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) - listStorageNumReturned = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Name: "apiserver_storage_list_returned_objects_total", - Help: "Number of objects returned for a LIST request from storage", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{"resource"}, - ) -) - -var registerMetrics sync.Once - -// Register all metrics. -func Register() { - // Register the metrics. - registerMetrics.Do(func() { - legacyregistry.MustRegister(etcdRequestLatency) - legacyregistry.MustRegister(objectCounts) - legacyregistry.MustRegister(dbTotalSize) - legacyregistry.MustRegister(etcdBookmarkCounts) - legacyregistry.MustRegister(etcdLeaseObjectCounts) - legacyregistry.MustRegister(listStorageCount) - legacyregistry.MustRegister(listStorageNumFetched) - legacyregistry.MustRegister(listStorageNumSelectorEvals) - legacyregistry.MustRegister(listStorageNumReturned) - }) -} - -// UpdateObjectCount sets the apiserver_storage_object_counts metric. -func UpdateObjectCount(resourcePrefix string, count int64) { - objectCounts.WithLabelValues(resourcePrefix).Set(float64(count)) -} - -// RecordEtcdRequestLatency sets the etcd_request_duration_seconds metrics. -func RecordEtcdRequestLatency(verb, resource string, startTime time.Time) { - etcdRequestLatency.WithLabelValues(verb, resource).Observe(sinceInSeconds(startTime)) -} - -// RecordEtcdBookmark updates the etcd_bookmark_counts metric. -func RecordEtcdBookmark(resource string) { - etcdBookmarkCounts.WithLabelValues(resource).Inc() -} - -// Reset resets the etcd_request_duration_seconds metric. -func Reset() { - etcdRequestLatency.Reset() -} - -// sinceInSeconds gets the time since the specified start in seconds. -func sinceInSeconds(start time.Time) float64 { - return time.Since(start).Seconds() -} - -// UpdateEtcdDbSize sets the etcd_db_total_size_in_bytes metric. -func UpdateEtcdDbSize(ep string, size int64) { - dbTotalSize.WithLabelValues(ep).Set(float64(size)) -} - -// UpdateLeaseObjectCount sets the etcd_lease_object_counts metric. -func UpdateLeaseObjectCount(count int64) { - // Currently we only store one previous lease, since all the events have the same ttl. - // See pkg/storage/etcd3/lease_manager.go - etcdLeaseObjectCounts.WithLabelValues().Observe(float64(count)) -} - -// RecordListEtcd3Metrics notes various metrics of the cost to serve a LIST request -func RecordStorageListMetrics(resource string, numFetched, numEvald, numReturned int) { - listStorageCount.WithLabelValues(resource).Inc() - listStorageNumFetched.WithLabelValues(resource).Add(float64(numFetched)) - listStorageNumSelectorEvals.WithLabelValues(resource).Add(float64(numEvald)) - listStorageNumReturned.WithLabelValues(resource).Add(float64(numReturned)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/store.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/store.go deleted file mode 100644 index 51e5b9012b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/store.go +++ /dev/null @@ -1,1028 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "bytes" - "context" - "errors" - "fmt" - "path" - "reflect" - "strings" - "time" - - clientv3 "go.etcd.io/etcd/client/v3" - "go.opentelemetry.io/otel/attribute" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/etcd3/metrics" - "k8s.io/apiserver/pkg/storage/value" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/component-base/tracing" - "k8s.io/klog/v2" -) - -const ( - // maxLimit is a maximum page limit increase used when fetching objects from etcd. - // This limit is used only for increasing page size by kube-apiserver. If request - // specifies larger limit initially, it won't be changed. - maxLimit = 10000 -) - -// authenticatedDataString satisfies the value.Context interface. It uses the key to -// authenticate the stored data. This does not defend against reuse of previously -// encrypted values under the same key, but will prevent an attacker from using an -// encrypted value from a different key. A stronger authenticated data segment would -// include the etcd3 Version field (which is incremented on each write to a key and -// reset when the key is deleted), but an attacker with write access to etcd can -// force deletion and recreation of keys to weaken that angle. -type authenticatedDataString string - -// AuthenticatedData implements the value.Context interface. -func (d authenticatedDataString) AuthenticatedData() []byte { - return []byte(string(d)) -} - -var _ value.Context = authenticatedDataString("") - -type store struct { - client *clientv3.Client - codec runtime.Codec - versioner storage.Versioner - transformer value.Transformer - pathPrefix string - groupResource schema.GroupResource - groupResourceString string - watcher *watcher - pagingEnabled bool - leaseManager *leaseManager -} - -type objState struct { - obj runtime.Object - meta *storage.ResponseMeta - rev int64 - data []byte - stale bool -} - -// New returns an etcd3 implementation of storage.Interface. -func New(c *clientv3.Client, codec runtime.Codec, newFunc func() runtime.Object, prefix string, groupResource schema.GroupResource, transformer value.Transformer, pagingEnabled bool, leaseManagerConfig LeaseManagerConfig) storage.Interface { - return newStore(c, codec, newFunc, prefix, groupResource, transformer, pagingEnabled, leaseManagerConfig) -} - -func newStore(c *clientv3.Client, codec runtime.Codec, newFunc func() runtime.Object, prefix string, groupResource schema.GroupResource, transformer value.Transformer, pagingEnabled bool, leaseManagerConfig LeaseManagerConfig) *store { - versioner := storage.APIObjectVersioner{} - // for compatibility with etcd2 impl. - // no-op for default prefix of '/registry'. - // keeps compatibility with etcd2 impl for custom prefixes that don't start with '/' - pathPrefix := path.Join("/", prefix) - if !strings.HasSuffix(pathPrefix, "/") { - // Ensure the pathPrefix ends in "/" here to simplify key concatenation later. - pathPrefix += "/" - } - result := &store{ - client: c, - codec: codec, - versioner: versioner, - transformer: transformer, - pagingEnabled: pagingEnabled, - pathPrefix: pathPrefix, - groupResource: groupResource, - groupResourceString: groupResource.String(), - watcher: newWatcher(c, codec, groupResource, newFunc, versioner), - leaseManager: newDefaultLeaseManager(c, leaseManagerConfig), - } - return result -} - -// Versioner implements storage.Interface.Versioner. -func (s *store) Versioner() storage.Versioner { - return s.versioner -} - -// Get implements storage.Interface.Get. -func (s *store) Get(ctx context.Context, key string, opts storage.GetOptions, out runtime.Object) error { - preparedKey, err := s.prepareKey(key) - if err != nil { - return err - } - startTime := time.Now() - getResp, err := s.client.KV.Get(ctx, preparedKey) - metrics.RecordEtcdRequestLatency("get", s.groupResourceString, startTime) - if err != nil { - return err - } - if err = s.validateMinimumResourceVersion(opts.ResourceVersion, uint64(getResp.Header.Revision)); err != nil { - return err - } - - if len(getResp.Kvs) == 0 { - if opts.IgnoreNotFound { - return runtime.SetZeroValue(out) - } - return storage.NewKeyNotFoundError(preparedKey, 0) - } - kv := getResp.Kvs[0] - - data, _, err := s.transformer.TransformFromStorage(ctx, kv.Value, authenticatedDataString(preparedKey)) - if err != nil { - return storage.NewInternalError(err.Error()) - } - - return decode(s.codec, s.versioner, data, out, kv.ModRevision) -} - -// Create implements storage.Interface.Create. -func (s *store) Create(ctx context.Context, key string, obj, out runtime.Object, ttl uint64) error { - preparedKey, err := s.prepareKey(key) - if err != nil { - return err - } - ctx, span := tracing.Start(ctx, "Create etcd3", - attribute.String("audit-id", audit.GetAuditIDTruncated(ctx)), - attribute.String("key", key), - attribute.String("type", getTypeName(obj)), - attribute.String("resource", s.groupResourceString), - ) - defer span.End(500 * time.Millisecond) - if version, err := s.versioner.ObjectResourceVersion(obj); err == nil && version != 0 { - return errors.New("resourceVersion should not be set on objects to be created") - } - if err := s.versioner.PrepareObjectForStorage(obj); err != nil { - return fmt.Errorf("PrepareObjectForStorage failed: %v", err) - } - span.AddEvent("About to Encode") - data, err := runtime.Encode(s.codec, obj) - if err != nil { - span.AddEvent("Encode failed", attribute.Int("len", len(data)), attribute.String("err", err.Error())) - return err - } - span.AddEvent("Encode succeeded", attribute.Int("len", len(data))) - - opts, err := s.ttlOpts(ctx, int64(ttl)) - if err != nil { - return err - } - - newData, err := s.transformer.TransformToStorage(ctx, data, authenticatedDataString(preparedKey)) - if err != nil { - span.AddEvent("TransformToStorage failed", attribute.String("err", err.Error())) - return storage.NewInternalError(err.Error()) - } - span.AddEvent("TransformToStorage succeeded") - - startTime := time.Now() - txnResp, err := s.client.KV.Txn(ctx).If( - notFound(preparedKey), - ).Then( - clientv3.OpPut(preparedKey, string(newData), opts...), - ).Commit() - metrics.RecordEtcdRequestLatency("create", s.groupResourceString, startTime) - if err != nil { - span.AddEvent("Txn call failed", attribute.String("err", err.Error())) - return err - } - span.AddEvent("Txn call succeeded") - - if !txnResp.Succeeded { - return storage.NewKeyExistsError(preparedKey, 0) - } - - if out != nil { - putResp := txnResp.Responses[0].GetResponsePut() - err = decode(s.codec, s.versioner, data, out, putResp.Header.Revision) - if err != nil { - span.AddEvent("decode failed", attribute.Int("len", len(data)), attribute.String("err", err.Error())) - return err - } - span.AddEvent("decode succeeded", attribute.Int("len", len(data))) - } - return nil -} - -// Delete implements storage.Interface.Delete. -func (s *store) Delete( - ctx context.Context, key string, out runtime.Object, preconditions *storage.Preconditions, - validateDeletion storage.ValidateObjectFunc, cachedExistingObject runtime.Object) error { - preparedKey, err := s.prepareKey(key) - if err != nil { - return err - } - v, err := conversion.EnforcePtr(out) - if err != nil { - return fmt.Errorf("unable to convert output object to pointer: %v", err) - } - return s.conditionalDelete(ctx, preparedKey, out, v, preconditions, validateDeletion, cachedExistingObject) -} - -func (s *store) conditionalDelete( - ctx context.Context, key string, out runtime.Object, v reflect.Value, preconditions *storage.Preconditions, - validateDeletion storage.ValidateObjectFunc, cachedExistingObject runtime.Object) error { - getCurrentState := func() (*objState, error) { - startTime := time.Now() - getResp, err := s.client.KV.Get(ctx, key) - metrics.RecordEtcdRequestLatency("get", s.groupResourceString, startTime) - if err != nil { - return nil, err - } - return s.getState(ctx, getResp, key, v, false) - } - - var origState *objState - var err error - var origStateIsCurrent bool - if cachedExistingObject != nil { - origState, err = s.getStateFromObject(cachedExistingObject) - } else { - origState, err = getCurrentState() - origStateIsCurrent = true - } - if err != nil { - return err - } - - for { - if preconditions != nil { - if err := preconditions.Check(key, origState.obj); err != nil { - if origStateIsCurrent { - return err - } - - // It's possible we're working with stale data. - // Remember the revision of the potentially stale data and the resulting update error - cachedRev := origState.rev - cachedUpdateErr := err - - // Actually fetch - origState, err = getCurrentState() - if err != nil { - return err - } - origStateIsCurrent = true - - // it turns out our cached data was not stale, return the error - if cachedRev == origState.rev { - return cachedUpdateErr - } - - // Retry - continue - } - } - if err := validateDeletion(ctx, origState.obj); err != nil { - if origStateIsCurrent { - return err - } - - // It's possible we're working with stale data. - // Remember the revision of the potentially stale data and the resulting update error - cachedRev := origState.rev - cachedUpdateErr := err - - // Actually fetch - origState, err = getCurrentState() - if err != nil { - return err - } - origStateIsCurrent = true - - // it turns out our cached data was not stale, return the error - if cachedRev == origState.rev { - return cachedUpdateErr - } - - // Retry - continue - } - - startTime := time.Now() - txnResp, err := s.client.KV.Txn(ctx).If( - clientv3.Compare(clientv3.ModRevision(key), "=", origState.rev), - ).Then( - clientv3.OpDelete(key), - ).Else( - clientv3.OpGet(key), - ).Commit() - metrics.RecordEtcdRequestLatency("delete", s.groupResourceString, startTime) - if err != nil { - return err - } - if !txnResp.Succeeded { - getResp := (*clientv3.GetResponse)(txnResp.Responses[0].GetResponseRange()) - klog.V(4).Infof("deletion of %s failed because of a conflict, going to retry", key) - origState, err = s.getState(ctx, getResp, key, v, false) - if err != nil { - return err - } - origStateIsCurrent = true - continue - } - - if len(txnResp.Responses) == 0 || txnResp.Responses[0].GetResponseDeleteRange() == nil { - return errors.New(fmt.Sprintf("invalid DeleteRange response: %v", txnResp.Responses)) - } - deleteResp := txnResp.Responses[0].GetResponseDeleteRange() - if deleteResp.Header == nil { - return errors.New("invalid DeleteRange response - nil header") - } - return decode(s.codec, s.versioner, origState.data, out, deleteResp.Header.Revision) - } -} - -// GuaranteedUpdate implements storage.Interface.GuaranteedUpdate. -func (s *store) GuaranteedUpdate( - ctx context.Context, key string, destination runtime.Object, ignoreNotFound bool, - preconditions *storage.Preconditions, tryUpdate storage.UpdateFunc, cachedExistingObject runtime.Object) error { - preparedKey, err := s.prepareKey(key) - if err != nil { - return err - } - ctx, span := tracing.Start(ctx, "GuaranteedUpdate etcd3", - attribute.String("audit-id", audit.GetAuditIDTruncated(ctx)), - attribute.String("key", key), - attribute.String("type", getTypeName(destination)), - attribute.String("resource", s.groupResourceString)) - defer span.End(500 * time.Millisecond) - - v, err := conversion.EnforcePtr(destination) - if err != nil { - return fmt.Errorf("unable to convert output object to pointer: %v", err) - } - - getCurrentState := func() (*objState, error) { - startTime := time.Now() - getResp, err := s.client.KV.Get(ctx, preparedKey) - metrics.RecordEtcdRequestLatency("get", s.groupResourceString, startTime) - if err != nil { - return nil, err - } - return s.getState(ctx, getResp, preparedKey, v, ignoreNotFound) - } - - var origState *objState - var origStateIsCurrent bool - if cachedExistingObject != nil { - origState, err = s.getStateFromObject(cachedExistingObject) - } else { - origState, err = getCurrentState() - origStateIsCurrent = true - } - if err != nil { - return err - } - span.AddEvent("initial value restored") - - transformContext := authenticatedDataString(preparedKey) - for { - if err := preconditions.Check(preparedKey, origState.obj); err != nil { - // If our data is already up to date, return the error - if origStateIsCurrent { - return err - } - - // It's possible we were working with stale data - // Actually fetch - origState, err = getCurrentState() - if err != nil { - return err - } - origStateIsCurrent = true - // Retry - continue - } - - ret, ttl, err := s.updateState(origState, tryUpdate) - if err != nil { - // If our data is already up to date, return the error - if origStateIsCurrent { - return err - } - - // It's possible we were working with stale data - // Remember the revision of the potentially stale data and the resulting update error - cachedRev := origState.rev - cachedUpdateErr := err - - // Actually fetch - origState, err = getCurrentState() - if err != nil { - return err - } - origStateIsCurrent = true - - // it turns out our cached data was not stale, return the error - if cachedRev == origState.rev { - return cachedUpdateErr - } - - // Retry - continue - } - - span.AddEvent("About to Encode") - data, err := runtime.Encode(s.codec, ret) - if err != nil { - span.AddEvent("Encode failed", attribute.Int("len", len(data)), attribute.String("err", err.Error())) - return err - } - span.AddEvent("Encode succeeded", attribute.Int("len", len(data))) - if !origState.stale && bytes.Equal(data, origState.data) { - // if we skipped the original Get in this loop, we must refresh from - // etcd in order to be sure the data in the store is equivalent to - // our desired serialization - if !origStateIsCurrent { - origState, err = getCurrentState() - if err != nil { - return err - } - origStateIsCurrent = true - if !bytes.Equal(data, origState.data) { - // original data changed, restart loop - continue - } - } - // recheck that the data from etcd is not stale before short-circuiting a write - if !origState.stale { - return decode(s.codec, s.versioner, origState.data, destination, origState.rev) - } - } - - newData, err := s.transformer.TransformToStorage(ctx, data, transformContext) - if err != nil { - span.AddEvent("TransformToStorage failed", attribute.String("err", err.Error())) - return storage.NewInternalError(err.Error()) - } - span.AddEvent("TransformToStorage succeeded") - - opts, err := s.ttlOpts(ctx, int64(ttl)) - if err != nil { - return err - } - span.AddEvent("Transaction prepared") - - startTime := time.Now() - txnResp, err := s.client.KV.Txn(ctx).If( - clientv3.Compare(clientv3.ModRevision(preparedKey), "=", origState.rev), - ).Then( - clientv3.OpPut(preparedKey, string(newData), opts...), - ).Else( - clientv3.OpGet(preparedKey), - ).Commit() - metrics.RecordEtcdRequestLatency("update", s.groupResourceString, startTime) - if err != nil { - span.AddEvent("Txn call failed", attribute.String("err", err.Error())) - return err - } - span.AddEvent("Txn call completed") - span.AddEvent("Transaction committed") - if !txnResp.Succeeded { - getResp := (*clientv3.GetResponse)(txnResp.Responses[0].GetResponseRange()) - klog.V(4).Infof("GuaranteedUpdate of %s failed because of a conflict, going to retry", preparedKey) - origState, err = s.getState(ctx, getResp, preparedKey, v, ignoreNotFound) - if err != nil { - return err - } - span.AddEvent("Retry value restored") - origStateIsCurrent = true - continue - } - putResp := txnResp.Responses[0].GetResponsePut() - - err = decode(s.codec, s.versioner, data, destination, putResp.Header.Revision) - if err != nil { - span.AddEvent("decode failed", attribute.Int("len", len(data)), attribute.String("err", err.Error())) - return err - } - span.AddEvent("decode succeeded", attribute.Int("len", len(data))) - return nil - } -} - -func getNewItemFunc(listObj runtime.Object, v reflect.Value) func() runtime.Object { - // For unstructured lists with a target group/version, preserve the group/version in the instantiated list items - if unstructuredList, isUnstructured := listObj.(*unstructured.UnstructuredList); isUnstructured { - if apiVersion := unstructuredList.GetAPIVersion(); len(apiVersion) > 0 { - return func() runtime.Object { - return &unstructured.Unstructured{Object: map[string]interface{}{"apiVersion": apiVersion}} - } - } - } - - // Otherwise just instantiate an empty item - elem := v.Type().Elem() - return func() runtime.Object { - return reflect.New(elem).Interface().(runtime.Object) - } -} - -func (s *store) Count(key string) (int64, error) { - preparedKey, err := s.prepareKey(key) - if err != nil { - return 0, err - } - - // We need to make sure the key ended with "/" so that we only get children "directories". - // e.g. if we have key "/a", "/a/b", "/ab", getting keys with prefix "/a" will return all three, - // while with prefix "/a/" will return only "/a/b" which is the correct answer. - if !strings.HasSuffix(preparedKey, "/") { - preparedKey += "/" - } - - startTime := time.Now() - getResp, err := s.client.KV.Get(context.Background(), preparedKey, clientv3.WithRange(clientv3.GetPrefixRangeEnd(preparedKey)), clientv3.WithCountOnly()) - metrics.RecordEtcdRequestLatency("listWithCount", preparedKey, startTime) - if err != nil { - return 0, err - } - return getResp.Count, nil -} - -// GetList implements storage.Interface. -func (s *store) GetList(ctx context.Context, key string, opts storage.ListOptions, listObj runtime.Object) error { - preparedKey, err := s.prepareKey(key) - if err != nil { - return err - } - recursive := opts.Recursive - resourceVersion := opts.ResourceVersion - match := opts.ResourceVersionMatch - pred := opts.Predicate - ctx, span := tracing.Start(ctx, fmt.Sprintf("List(recursive=%v) etcd3", recursive), - attribute.String("audit-id", audit.GetAuditIDTruncated(ctx)), - attribute.String("key", key), - attribute.String("resourceVersion", resourceVersion), - attribute.String("resourceVersionMatch", string(match)), - attribute.Int("limit", int(pred.Limit)), - attribute.String("continue", pred.Continue)) - defer span.End(500 * time.Millisecond) - listPtr, err := meta.GetItemsPtr(listObj) - if err != nil { - return err - } - v, err := conversion.EnforcePtr(listPtr) - if err != nil || v.Kind() != reflect.Slice { - return fmt.Errorf("need ptr to slice: %v", err) - } - - // For recursive lists, we need to make sure the key ended with "/" so that we only - // get children "directories". e.g. if we have key "/a", "/a/b", "/ab", getting keys - // with prefix "/a" will return all three, while with prefix "/a/" will return only - // "/a/b" which is the correct answer. - if recursive && !strings.HasSuffix(preparedKey, "/") { - preparedKey += "/" - } - keyPrefix := preparedKey - - // set the appropriate clientv3 options to filter the returned data set - var limitOption *clientv3.OpOption - limit := pred.Limit - var paging bool - options := make([]clientv3.OpOption, 0, 4) - if s.pagingEnabled && pred.Limit > 0 { - paging = true - options = append(options, clientv3.WithLimit(limit)) - limitOption = &options[len(options)-1] - } - - newItemFunc := getNewItemFunc(listObj, v) - - var fromRV *uint64 - if len(resourceVersion) > 0 { - parsedRV, err := s.versioner.ParseResourceVersion(resourceVersion) - if err != nil { - return apierrors.NewBadRequest(fmt.Sprintf("invalid resource version: %v", err)) - } - fromRV = &parsedRV - } - - var returnedRV, continueRV, withRev int64 - var continueKey string - switch { - case recursive && s.pagingEnabled && len(pred.Continue) > 0: - continueKey, continueRV, err = storage.DecodeContinue(pred.Continue, keyPrefix) - if err != nil { - return apierrors.NewBadRequest(fmt.Sprintf("invalid continue token: %v", err)) - } - - if len(resourceVersion) > 0 && resourceVersion != "0" { - return apierrors.NewBadRequest("specifying resource version is not allowed when using continue") - } - - rangeEnd := clientv3.GetPrefixRangeEnd(keyPrefix) - options = append(options, clientv3.WithRange(rangeEnd)) - preparedKey = continueKey - - // If continueRV > 0, the LIST request needs a specific resource version. - // continueRV==0 is invalid. - // If continueRV < 0, the request is for the latest resource version. - if continueRV > 0 { - withRev = continueRV - returnedRV = continueRV - } - case recursive && s.pagingEnabled && pred.Limit > 0: - if fromRV != nil { - switch match { - case metav1.ResourceVersionMatchNotOlderThan: - // The not older than constraint is checked after we get a response from etcd, - // and returnedRV is then set to the revision we get from the etcd response. - case metav1.ResourceVersionMatchExact: - returnedRV = int64(*fromRV) - withRev = returnedRV - case "": // legacy case - if *fromRV > 0 { - returnedRV = int64(*fromRV) - withRev = returnedRV - } - default: - return fmt.Errorf("unknown ResourceVersionMatch value: %v", match) - } - } - - rangeEnd := clientv3.GetPrefixRangeEnd(keyPrefix) - options = append(options, clientv3.WithRange(rangeEnd)) - default: - if fromRV != nil { - switch match { - case metav1.ResourceVersionMatchNotOlderThan: - // The not older than constraint is checked after we get a response from etcd, - // and returnedRV is then set to the revision we get from the etcd response. - case metav1.ResourceVersionMatchExact: - returnedRV = int64(*fromRV) - withRev = returnedRV - case "": // legacy case - default: - return fmt.Errorf("unknown ResourceVersionMatch value: %v", match) - } - } - - if recursive { - options = append(options, clientv3.WithPrefix()) - } - } - if withRev != 0 { - options = append(options, clientv3.WithRev(withRev)) - } - - // loop until we have filled the requested limit from etcd or there are no more results - var lastKey []byte - var hasMore bool - var getResp *clientv3.GetResponse - var numFetched int - var numEvald int - // Because these metrics are for understanding the costs of handling LIST requests, - // get them recorded even in error cases. - defer func() { - numReturn := v.Len() - metrics.RecordStorageListMetrics(s.groupResourceString, numFetched, numEvald, numReturn) - }() - for { - startTime := time.Now() - getResp, err = s.client.KV.Get(ctx, preparedKey, options...) - if recursive { - metrics.RecordEtcdRequestLatency("list", s.groupResourceString, startTime) - } else { - metrics.RecordEtcdRequestLatency("get", s.groupResourceString, startTime) - } - if err != nil { - return interpretListError(err, len(pred.Continue) > 0, continueKey, keyPrefix) - } - numFetched += len(getResp.Kvs) - if err = s.validateMinimumResourceVersion(resourceVersion, uint64(getResp.Header.Revision)); err != nil { - return err - } - hasMore = getResp.More - - if len(getResp.Kvs) == 0 && getResp.More { - return fmt.Errorf("no results were found, but etcd indicated there were more values remaining") - } - - // avoid small allocations for the result slice, since this can be called in many - // different contexts and we don't know how significantly the result will be filtered - if pred.Empty() { - growSlice(v, len(getResp.Kvs)) - } else { - growSlice(v, 2048, len(getResp.Kvs)) - } - - // take items from the response until the bucket is full, filtering as we go - for i, kv := range getResp.Kvs { - if paging && int64(v.Len()) >= pred.Limit { - hasMore = true - break - } - lastKey = kv.Key - - data, _, err := s.transformer.TransformFromStorage(ctx, kv.Value, authenticatedDataString(kv.Key)) - if err != nil { - return storage.NewInternalErrorf("unable to transform key %q: %v", kv.Key, err) - } - - if err := appendListItem(v, data, uint64(kv.ModRevision), pred, s.codec, s.versioner, newItemFunc); err != nil { - return err - } - numEvald++ - - // free kv early. Long lists can take O(seconds) to decode. - getResp.Kvs[i] = nil - } - - // indicate to the client which resource version was returned - if returnedRV == 0 { - returnedRV = getResp.Header.Revision - } - - // no more results remain or we didn't request paging - if !hasMore || !paging { - break - } - // we're paging but we have filled our bucket - if int64(v.Len()) >= pred.Limit { - break - } - - if limit < maxLimit { - // We got incomplete result due to field/label selector dropping the object. - // Double page size to reduce total number of calls to etcd. - limit *= 2 - if limit > maxLimit { - limit = maxLimit - } - *limitOption = clientv3.WithLimit(limit) - } - preparedKey = string(lastKey) + "\x00" - if withRev == 0 { - withRev = returnedRV - options = append(options, clientv3.WithRev(withRev)) - } - } - - // instruct the client to begin querying from immediately after the last key we returned - // we never return a key that the client wouldn't be allowed to see - if hasMore { - // we want to start immediately after the last key - next, err := storage.EncodeContinue(string(lastKey)+"\x00", keyPrefix, returnedRV) - if err != nil { - return err - } - var remainingItemCount *int64 - // getResp.Count counts in objects that do not match the pred. - // Instead of returning inaccurate count for non-empty selectors, we return nil. - // Only set remainingItemCount if the predicate is empty. - if utilfeature.DefaultFeatureGate.Enabled(features.RemainingItemCount) { - if pred.Empty() { - c := int64(getResp.Count - pred.Limit) - remainingItemCount = &c - } - } - return s.versioner.UpdateList(listObj, uint64(returnedRV), next, remainingItemCount) - } - - // no continuation - return s.versioner.UpdateList(listObj, uint64(returnedRV), "", nil) -} - -// growSlice takes a slice value and grows its capacity up -// to the maximum of the passed sizes or maxCapacity, whichever -// is smaller. Above maxCapacity decisions about allocation are left -// to the Go runtime on append. This allows a caller to make an -// educated guess about the potential size of the total list while -// still avoiding overly aggressive initial allocation. If sizes -// is empty maxCapacity will be used as the size to grow. -func growSlice(v reflect.Value, maxCapacity int, sizes ...int) { - cap := v.Cap() - max := cap - for _, size := range sizes { - if size > max { - max = size - } - } - if len(sizes) == 0 || max > maxCapacity { - max = maxCapacity - } - if max <= cap { - return - } - if v.Len() > 0 { - extra := reflect.MakeSlice(v.Type(), v.Len(), max) - reflect.Copy(extra, v) - v.Set(extra) - } else { - extra := reflect.MakeSlice(v.Type(), 0, max) - v.Set(extra) - } -} - -// Watch implements storage.Interface.Watch. -func (s *store) Watch(ctx context.Context, key string, opts storage.ListOptions) (watch.Interface, error) { - preparedKey, err := s.prepareKey(key) - if err != nil { - return nil, err - } - rev, err := s.versioner.ParseResourceVersion(opts.ResourceVersion) - if err != nil { - return nil, err - } - return s.watcher.Watch(ctx, preparedKey, int64(rev), opts.Recursive, opts.ProgressNotify, s.transformer, opts.Predicate) -} - -func (s *store) getState(ctx context.Context, getResp *clientv3.GetResponse, key string, v reflect.Value, ignoreNotFound bool) (*objState, error) { - state := &objState{ - meta: &storage.ResponseMeta{}, - } - - if u, ok := v.Addr().Interface().(runtime.Unstructured); ok { - state.obj = u.NewEmptyInstance() - } else { - state.obj = reflect.New(v.Type()).Interface().(runtime.Object) - } - - if len(getResp.Kvs) == 0 { - if !ignoreNotFound { - return nil, storage.NewKeyNotFoundError(key, 0) - } - if err := runtime.SetZeroValue(state.obj); err != nil { - return nil, err - } - } else { - data, stale, err := s.transformer.TransformFromStorage(ctx, getResp.Kvs[0].Value, authenticatedDataString(key)) - if err != nil { - return nil, storage.NewInternalError(err.Error()) - } - state.rev = getResp.Kvs[0].ModRevision - state.meta.ResourceVersion = uint64(state.rev) - state.data = data - state.stale = stale - if err := decode(s.codec, s.versioner, state.data, state.obj, state.rev); err != nil { - return nil, err - } - } - return state, nil -} - -func (s *store) getStateFromObject(obj runtime.Object) (*objState, error) { - state := &objState{ - obj: obj, - meta: &storage.ResponseMeta{}, - } - - rv, err := s.versioner.ObjectResourceVersion(obj) - if err != nil { - return nil, fmt.Errorf("couldn't get resource version: %v", err) - } - state.rev = int64(rv) - state.meta.ResourceVersion = uint64(state.rev) - - // Compute the serialized form - for that we need to temporarily clean - // its resource version field (those are not stored in etcd). - if err := s.versioner.PrepareObjectForStorage(obj); err != nil { - return nil, fmt.Errorf("PrepareObjectForStorage failed: %v", err) - } - state.data, err = runtime.Encode(s.codec, obj) - if err != nil { - return nil, err - } - if err := s.versioner.UpdateObject(state.obj, uint64(rv)); err != nil { - klog.Errorf("failed to update object version: %v", err) - } - return state, nil -} - -func (s *store) updateState(st *objState, userUpdate storage.UpdateFunc) (runtime.Object, uint64, error) { - ret, ttlPtr, err := userUpdate(st.obj, *st.meta) - if err != nil { - return nil, 0, err - } - - if err := s.versioner.PrepareObjectForStorage(ret); err != nil { - return nil, 0, fmt.Errorf("PrepareObjectForStorage failed: %v", err) - } - var ttl uint64 - if ttlPtr != nil { - ttl = *ttlPtr - } - return ret, ttl, nil -} - -// ttlOpts returns client options based on given ttl. -// ttl: if ttl is non-zero, it will attach the key to a lease with ttl of roughly the same length -func (s *store) ttlOpts(ctx context.Context, ttl int64) ([]clientv3.OpOption, error) { - if ttl == 0 { - return nil, nil - } - id, err := s.leaseManager.GetLease(ctx, ttl) - if err != nil { - return nil, err - } - return []clientv3.OpOption{clientv3.WithLease(id)}, nil -} - -// validateMinimumResourceVersion returns a 'too large resource' version error when the provided minimumResourceVersion is -// greater than the most recent actualRevision available from storage. -func (s *store) validateMinimumResourceVersion(minimumResourceVersion string, actualRevision uint64) error { - if minimumResourceVersion == "" { - return nil - } - minimumRV, err := s.versioner.ParseResourceVersion(minimumResourceVersion) - if err != nil { - return apierrors.NewBadRequest(fmt.Sprintf("invalid resource version: %v", err)) - } - // Enforce the storage.Interface guarantee that the resource version of the returned data - // "will be at least 'resourceVersion'". - if minimumRV > actualRevision { - return storage.NewTooLargeResourceVersionError(minimumRV, actualRevision, 0) - } - return nil -} - -func (s *store) prepareKey(key string) (string, error) { - if key == ".." || - strings.HasPrefix(key, "../") || - strings.HasSuffix(key, "/..") || - strings.Contains(key, "/../") { - return "", fmt.Errorf("invalid key: %q", key) - } - if key == "." || - strings.HasPrefix(key, "./") || - strings.HasSuffix(key, "/.") || - strings.Contains(key, "/./") { - return "", fmt.Errorf("invalid key: %q", key) - } - if key == "" || key == "/" { - return "", fmt.Errorf("empty key: %q", key) - } - // We ensured that pathPrefix ends in '/' in construction, so skip any leading '/' in the key now. - startIndex := 0 - if key[0] == '/' { - startIndex = 1 - } - return s.pathPrefix + key[startIndex:], nil -} - -// decode decodes value of bytes into object. It will also set the object resource version to rev. -// On success, objPtr would be set to the object. -func decode(codec runtime.Codec, versioner storage.Versioner, value []byte, objPtr runtime.Object, rev int64) error { - if _, err := conversion.EnforcePtr(objPtr); err != nil { - return fmt.Errorf("unable to convert output object to pointer: %v", err) - } - _, _, err := codec.Decode(value, nil, objPtr) - if err != nil { - return err - } - // being unable to set the version does not prevent the object from being extracted - if err := versioner.UpdateObject(objPtr, uint64(rev)); err != nil { - klog.Errorf("failed to update object version: %v", err) - } - return nil -} - -// appendListItem decodes and appends the object (if it passes filter) to v, which must be a slice. -func appendListItem(v reflect.Value, data []byte, rev uint64, pred storage.SelectionPredicate, codec runtime.Codec, versioner storage.Versioner, newItemFunc func() runtime.Object) error { - obj, _, err := codec.Decode(data, nil, newItemFunc()) - if err != nil { - return err - } - // being unable to set the version does not prevent the object from being extracted - if err := versioner.UpdateObject(obj, rev); err != nil { - klog.Errorf("failed to update object version: %v", err) - } - if matched, err := pred.Matches(obj); err == nil && matched { - v.Set(reflect.Append(v, reflect.ValueOf(obj).Elem())) - } - return nil -} - -func notFound(key string) clientv3.Cmp { - return clientv3.Compare(clientv3.ModRevision(key), "=", 0) -} - -// getTypeName returns type name of an object for reporting purposes. -func getTypeName(obj interface{}) string { - return reflect.TypeOf(obj).String() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/watcher.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/watcher.go deleted file mode 100644 index c0b7be35c5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/etcd3/watcher.go +++ /dev/null @@ -1,466 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package etcd3 - -import ( - "context" - "fmt" - "os" - "reflect" - "strconv" - "strings" - "sync" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/etcd3/metrics" - "k8s.io/apiserver/pkg/storage/value" - utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" - - clientv3 "go.etcd.io/etcd/client/v3" - "k8s.io/klog/v2" -) - -const ( - // We have set a buffer in order to reduce times of context switches. - incomingBufSize = 100 - outgoingBufSize = 100 -) - -// fatalOnDecodeError is used during testing to panic the server if watcher encounters a decoding error -var fatalOnDecodeError = false - -func init() { - // check to see if we are running in a test environment - TestOnlySetFatalOnDecodeError(true) - fatalOnDecodeError, _ = strconv.ParseBool(os.Getenv("KUBE_PANIC_WATCH_DECODE_ERROR")) -} - -// TestOnlySetFatalOnDecodeError should only be used for cases where decode errors are expected and need to be tested. e.g. conversion webhooks. -func TestOnlySetFatalOnDecodeError(b bool) { - fatalOnDecodeError = b -} - -type watcher struct { - client *clientv3.Client - codec runtime.Codec - newFunc func() runtime.Object - objectType string - groupResource schema.GroupResource - versioner storage.Versioner -} - -// watchChan implements watch.Interface. -type watchChan struct { - watcher *watcher - transformer value.Transformer - key string - initialRev int64 - recursive bool - progressNotify bool - internalPred storage.SelectionPredicate - ctx context.Context - cancel context.CancelFunc - incomingEventChan chan *event - resultChan chan watch.Event - errChan chan error -} - -func newWatcher(client *clientv3.Client, codec runtime.Codec, groupResource schema.GroupResource, newFunc func() runtime.Object, versioner storage.Versioner) *watcher { - res := &watcher{ - client: client, - codec: codec, - groupResource: groupResource, - newFunc: newFunc, - versioner: versioner, - } - if newFunc == nil { - res.objectType = "<unknown>" - } else { - res.objectType = reflect.TypeOf(newFunc()).String() - } - return res -} - -// Watch watches on a key and returns a watch.Interface that transfers relevant notifications. -// If rev is zero, it will return the existing object(s) and then start watching from -// the maximum revision+1 from returned objects. -// If rev is non-zero, it will watch events happened after given revision. -// If recursive is false, it watches on given key. -// If recursive is true, it watches any children and directories under the key, excluding the root key itself. -// pred must be non-nil. Only if pred matches the change, it will be returned. -func (w *watcher) Watch(ctx context.Context, key string, rev int64, recursive, progressNotify bool, transformer value.Transformer, pred storage.SelectionPredicate) (watch.Interface, error) { - if recursive && !strings.HasSuffix(key, "/") { - key += "/" - } - wc := w.createWatchChan(ctx, key, rev, recursive, progressNotify, transformer, pred) - go wc.run() - - // For etcd watch we don't have an easy way to answer whether the watch - // has already caught up. So in the initial version (given that watchcache - // is by default enabled for all resources but Events), we just deliver - // the initialization signal immediately. Improving this will be explored - // in the future. - utilflowcontrol.WatchInitialized(ctx) - - return wc, nil -} - -func (w *watcher) createWatchChan(ctx context.Context, key string, rev int64, recursive, progressNotify bool, transformer value.Transformer, pred storage.SelectionPredicate) *watchChan { - wc := &watchChan{ - watcher: w, - transformer: transformer, - key: key, - initialRev: rev, - recursive: recursive, - progressNotify: progressNotify, - internalPred: pred, - incomingEventChan: make(chan *event, incomingBufSize), - resultChan: make(chan watch.Event, outgoingBufSize), - errChan: make(chan error, 1), - } - if pred.Empty() { - // The filter doesn't filter out any object. - wc.internalPred = storage.Everything - } - - // The etcd server waits until it cannot find a leader for 3 election - // timeouts to cancel existing streams. 3 is currently a hard coded - // constant. The election timeout defaults to 1000ms. If the cluster is - // healthy, when the leader is stopped, the leadership transfer should be - // smooth. (leader transfers its leadership before stopping). If leader is - // hard killed, other servers will take an election timeout to realize - // leader lost and start campaign. - wc.ctx, wc.cancel = context.WithCancel(clientv3.WithRequireLeader(ctx)) - return wc -} - -func (wc *watchChan) run() { - watchClosedCh := make(chan struct{}) - go wc.startWatching(watchClosedCh) - - var resultChanWG sync.WaitGroup - resultChanWG.Add(1) - go wc.processEvent(&resultChanWG) - - select { - case err := <-wc.errChan: - if err == context.Canceled { - break - } - errResult := transformErrorToEvent(err) - if errResult != nil { - // error result is guaranteed to be received by user before closing ResultChan. - select { - case wc.resultChan <- *errResult: - case <-wc.ctx.Done(): // user has given up all results - } - } - case <-watchClosedCh: - case <-wc.ctx.Done(): // user cancel - } - - // We use wc.ctx to reap all goroutines. Under whatever condition, we should stop them all. - // It's fine to double cancel. - wc.cancel() - - // we need to wait until resultChan wouldn't be used anymore - resultChanWG.Wait() - close(wc.resultChan) -} - -func (wc *watchChan) Stop() { - wc.cancel() -} - -func (wc *watchChan) ResultChan() <-chan watch.Event { - return wc.resultChan -} - -// sync tries to retrieve existing data and send them to process. -// The revision to watch will be set to the revision in response. -// All events sent will have isCreated=true -func (wc *watchChan) sync() error { - opts := []clientv3.OpOption{} - if wc.recursive { - opts = append(opts, clientv3.WithPrefix()) - } - getResp, err := wc.watcher.client.Get(wc.ctx, wc.key, opts...) - if err != nil { - return err - } - wc.initialRev = getResp.Header.Revision - for _, kv := range getResp.Kvs { - wc.sendEvent(parseKV(kv)) - } - return nil -} - -// logWatchChannelErr checks whether the error is about mvcc revision compaction which is regarded as warning -func logWatchChannelErr(err error) { - if !strings.Contains(err.Error(), "mvcc: required revision has been compacted") { - klog.Errorf("watch chan error: %v", err) - } else { - klog.Warningf("watch chan error: %v", err) - } -} - -// startWatching does: -// - get current objects if initialRev=0; set initialRev to current rev -// - watch on given key and send events to process. -func (wc *watchChan) startWatching(watchClosedCh chan struct{}) { - if wc.initialRev == 0 { - if err := wc.sync(); err != nil { - klog.Errorf("failed to sync with latest state: %v", err) - wc.sendError(err) - return - } - } - opts := []clientv3.OpOption{clientv3.WithRev(wc.initialRev + 1), clientv3.WithPrevKV()} - if wc.recursive { - opts = append(opts, clientv3.WithPrefix()) - } - if wc.progressNotify { - opts = append(opts, clientv3.WithProgressNotify()) - } - wch := wc.watcher.client.Watch(wc.ctx, wc.key, opts...) - for wres := range wch { - if wres.Err() != nil { - err := wres.Err() - // If there is an error on server (e.g. compaction), the channel will return it before closed. - logWatchChannelErr(err) - wc.sendError(err) - return - } - if wres.IsProgressNotify() { - wc.sendEvent(progressNotifyEvent(wres.Header.GetRevision())) - metrics.RecordEtcdBookmark(wc.watcher.groupResource.String()) - continue - } - - for _, e := range wres.Events { - parsedEvent, err := parseEvent(e) - if err != nil { - logWatchChannelErr(err) - wc.sendError(err) - return - } - wc.sendEvent(parsedEvent) - } - } - // When we come to this point, it's only possible that client side ends the watch. - // e.g. cancel the context, close the client. - // If this watch chan is broken and context isn't cancelled, other goroutines will still hang. - // We should notify the main thread that this goroutine has exited. - close(watchClosedCh) -} - -// processEvent processes events from etcd watcher and sends results to resultChan. -func (wc *watchChan) processEvent(wg *sync.WaitGroup) { - defer wg.Done() - - for { - select { - case e := <-wc.incomingEventChan: - res := wc.transform(e) - if res == nil { - continue - } - if len(wc.resultChan) == outgoingBufSize { - klog.V(3).InfoS("Fast watcher, slow processing. Probably caused by slow dispatching events to watchers", "outgoingEvents", outgoingBufSize, "objectType", wc.watcher.objectType, "groupResource", wc.watcher.groupResource) - } - // If user couldn't receive results fast enough, we also block incoming events from watcher. - // Because storing events in local will cause more memory usage. - // The worst case would be closing the fast watcher. - select { - case wc.resultChan <- *res: - case <-wc.ctx.Done(): - return - } - case <-wc.ctx.Done(): - return - } - } -} - -func (wc *watchChan) filter(obj runtime.Object) bool { - if wc.internalPred.Empty() { - return true - } - matched, err := wc.internalPred.Matches(obj) - return err == nil && matched -} - -func (wc *watchChan) acceptAll() bool { - return wc.internalPred.Empty() -} - -// transform transforms an event into a result for user if not filtered. -func (wc *watchChan) transform(e *event) (res *watch.Event) { - curObj, oldObj, err := wc.prepareObjs(e) - if err != nil { - klog.Errorf("failed to prepare current and previous objects: %v", err) - wc.sendError(err) - return nil - } - - switch { - case e.isProgressNotify: - if wc.watcher.newFunc == nil { - return nil - } - object := wc.watcher.newFunc() - if err := wc.watcher.versioner.UpdateObject(object, uint64(e.rev)); err != nil { - klog.Errorf("failed to propagate object version: %v", err) - return nil - } - res = &watch.Event{ - Type: watch.Bookmark, - Object: object, - } - case e.isDeleted: - if !wc.filter(oldObj) { - return nil - } - res = &watch.Event{ - Type: watch.Deleted, - Object: oldObj, - } - case e.isCreated: - if !wc.filter(curObj) { - return nil - } - res = &watch.Event{ - Type: watch.Added, - Object: curObj, - } - default: - if wc.acceptAll() { - res = &watch.Event{ - Type: watch.Modified, - Object: curObj, - } - return res - } - curObjPasses := wc.filter(curObj) - oldObjPasses := wc.filter(oldObj) - switch { - case curObjPasses && oldObjPasses: - res = &watch.Event{ - Type: watch.Modified, - Object: curObj, - } - case curObjPasses && !oldObjPasses: - res = &watch.Event{ - Type: watch.Added, - Object: curObj, - } - case !curObjPasses && oldObjPasses: - res = &watch.Event{ - Type: watch.Deleted, - Object: oldObj, - } - } - } - return res -} - -func transformErrorToEvent(err error) *watch.Event { - err = interpretWatchError(err) - if _, ok := err.(apierrors.APIStatus); !ok { - err = apierrors.NewInternalError(err) - } - status := err.(apierrors.APIStatus).Status() - return &watch.Event{ - Type: watch.Error, - Object: &status, - } -} - -func (wc *watchChan) sendError(err error) { - select { - case wc.errChan <- err: - case <-wc.ctx.Done(): - } -} - -func (wc *watchChan) sendEvent(e *event) { - if len(wc.incomingEventChan) == incomingBufSize { - klog.V(3).InfoS("Fast watcher, slow processing. Probably caused by slow decoding, user not receiving fast, or other processing logic", "incomingEvents", incomingBufSize, "objectType", wc.watcher.objectType, "groupResource", wc.watcher.groupResource) - } - select { - case wc.incomingEventChan <- e: - case <-wc.ctx.Done(): - } -} - -func (wc *watchChan) prepareObjs(e *event) (curObj runtime.Object, oldObj runtime.Object, err error) { - if e.isProgressNotify { - // progressNotify events doesn't contain neither current nor previous object version, - return nil, nil, nil - } - - if !e.isDeleted { - data, _, err := wc.transformer.TransformFromStorage(wc.ctx, e.value, authenticatedDataString(e.key)) - if err != nil { - return nil, nil, err - } - curObj, err = decodeObj(wc.watcher.codec, wc.watcher.versioner, data, e.rev) - if err != nil { - return nil, nil, err - } - } - // We need to decode prevValue, only if this is deletion event or - // the underlying filter doesn't accept all objects (otherwise we - // know that the filter for previous object will return true and - // we need the object only to compute whether it was filtered out - // before). - if len(e.prevValue) > 0 && (e.isDeleted || !wc.acceptAll()) { - data, _, err := wc.transformer.TransformFromStorage(wc.ctx, e.prevValue, authenticatedDataString(e.key)) - if err != nil { - return nil, nil, err - } - // Note that this sends the *old* object with the etcd revision for the time at - // which it gets deleted. - oldObj, err = decodeObj(wc.watcher.codec, wc.watcher.versioner, data, e.rev) - if err != nil { - return nil, nil, err - } - } - return curObj, oldObj, nil -} - -func decodeObj(codec runtime.Codec, versioner storage.Versioner, data []byte, rev int64) (_ runtime.Object, err error) { - obj, err := runtime.Decode(codec, []byte(data)) - if err != nil { - if fatalOnDecodeError { - // we are running in a test environment and thus an - // error here is due to a coder mistake if the defer - // does not catch it - panic(err) - } - return nil, err - } - // ensure resource version is set on the object we load from etcd - if err := versioner.UpdateObject(obj, uint64(rev)); err != nil { - return nil, fmt.Errorf("failure to version api object (%d) %#v: %v", rev, obj, err) - } - return obj, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/interfaces.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/interfaces.go deleted file mode 100644 index 812aa412bb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/interfaces.go +++ /dev/null @@ -1,271 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/watch" -) - -// Versioner abstracts setting and retrieving metadata fields from database response -// onto the object ot list. It is required to maintain storage invariants - updating an -// object twice with the same data except for the ResourceVersion and SelfLink must be -// a no-op. A resourceVersion of type uint64 is a 'raw' resourceVersion, -// intended to be sent directly to or from the backend. A resourceVersion of -// type string is a 'safe' resourceVersion, intended for consumption by users. -type Versioner interface { - // UpdateObject sets storage metadata into an API object. Returns an error if the object - // cannot be updated correctly. May return nil if the requested object does not need metadata - // from database. - UpdateObject(obj runtime.Object, resourceVersion uint64) error - // UpdateList sets the resource version into an API list object. Returns an error if the object - // cannot be updated correctly. May return nil if the requested object does not need metadata from - // database. continueValue is optional and indicates that more results are available if the client - // passes that value to the server in a subsequent call. remainingItemCount indicates the number - // of remaining objects if the list is partial. The remainingItemCount field is omitted during - // serialization if it is set to nil. - UpdateList(obj runtime.Object, resourceVersion uint64, continueValue string, remainingItemCount *int64) error - // PrepareObjectForStorage should set SelfLink and ResourceVersion to the empty value. Should - // return an error if the specified object cannot be updated. - PrepareObjectForStorage(obj runtime.Object) error - // ObjectResourceVersion returns the resource version (for persistence) of the specified object. - // Should return an error if the specified object does not have a persistable version. - ObjectResourceVersion(obj runtime.Object) (uint64, error) - - // ParseResourceVersion takes a resource version argument and - // converts it to the storage backend. For watch we should pass to helper.Watch(). - // Because resourceVersion is an opaque value, the default watch - // behavior for non-zero watch is to watch the next value (if you pass - // "1", you will see updates from "2" onwards). - ParseResourceVersion(resourceVersion string) (uint64, error) -} - -// ResponseMeta contains information about the database metadata that is associated with -// an object. It abstracts the actual underlying objects to prevent coupling with concrete -// database and to improve testability. -type ResponseMeta struct { - // TTL is the time to live of the node that contained the returned object. It may be - // zero or negative in some cases (objects may be expired after the requested - // expiration time due to server lag). - TTL int64 - // The resource version of the node that contained the returned object. - ResourceVersion uint64 -} - -// IndexerFunc is a function that for a given object computes -// `<value of an index>` for a particular `<index>`. -type IndexerFunc func(obj runtime.Object) string - -// IndexerFuncs is a mapping from `<index name>` to function that -// for a given object computes `<value for that index>`. -type IndexerFuncs map[string]IndexerFunc - -// Everything accepts all objects. -var Everything = SelectionPredicate{ - Label: labels.Everything(), - Field: fields.Everything(), -} - -// MatchValue defines a pair (`<index name>`, `<value for that index>`). -type MatchValue struct { - IndexName string - Value string -} - -// Pass an UpdateFunc to Interface.GuaranteedUpdate to make an update -// that is guaranteed to succeed. -// See the comment for GuaranteedUpdate for more details. -type UpdateFunc func(input runtime.Object, res ResponseMeta) (output runtime.Object, ttl *uint64, err error) - -// ValidateObjectFunc is a function to act on a given object. An error may be returned -// if the hook cannot be completed. The function may NOT transform the provided -// object. -type ValidateObjectFunc func(ctx context.Context, obj runtime.Object) error - -// ValidateAllObjectFunc is a "admit everything" instance of ValidateObjectFunc. -func ValidateAllObjectFunc(ctx context.Context, obj runtime.Object) error { - return nil -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -type Preconditions struct { - // Specifies the target UID. - // +optional - UID *types.UID `json:"uid,omitempty"` - // Specifies the target ResourceVersion - // +optional - ResourceVersion *string `json:"resourceVersion,omitempty"` -} - -// NewUIDPreconditions returns a Preconditions with UID set. -func NewUIDPreconditions(uid string) *Preconditions { - u := types.UID(uid) - return &Preconditions{UID: &u} -} - -func (p *Preconditions) Check(key string, obj runtime.Object) error { - if p == nil { - return nil - } - objMeta, err := meta.Accessor(obj) - if err != nil { - return NewInternalErrorf( - "can't enforce preconditions %v on un-introspectable object %v, got error: %v", - *p, - obj, - err) - } - if p.UID != nil && *p.UID != objMeta.GetUID() { - err := fmt.Sprintf( - "Precondition failed: UID in precondition: %v, UID in object meta: %v", - *p.UID, - objMeta.GetUID()) - return NewInvalidObjError(key, err) - } - if p.ResourceVersion != nil && *p.ResourceVersion != objMeta.GetResourceVersion() { - err := fmt.Sprintf( - "Precondition failed: ResourceVersion in precondition: %v, ResourceVersion in object meta: %v", - *p.ResourceVersion, - objMeta.GetResourceVersion()) - return NewInvalidObjError(key, err) - } - return nil -} - -// Interface offers a common interface for object marshaling/unmarshaling operations and -// hides all the storage-related operations behind it. -type Interface interface { - // Returns Versioner associated with this interface. - Versioner() Versioner - - // Create adds a new object at a key unless it already exists. 'ttl' is time-to-live - // in seconds (0 means forever). If no error is returned and out is not nil, out will be - // set to the read value from database. - Create(ctx context.Context, key string, obj, out runtime.Object, ttl uint64) error - - // Delete removes the specified key and returns the value that existed at that spot. - // If key didn't exist, it will return NotFound storage error. - // If 'cachedExistingObject' is non-nil, it can be used as a suggestion about the - // current version of the object to avoid read operation from storage to get it. - // However, the implementations have to retry in case suggestion is stale. - Delete( - ctx context.Context, key string, out runtime.Object, preconditions *Preconditions, - validateDeletion ValidateObjectFunc, cachedExistingObject runtime.Object) error - - // Watch begins watching the specified key. Events are decoded into API objects, - // and any items selected by 'p' are sent down to returned watch.Interface. - // resourceVersion may be used to specify what version to begin watching, - // which should be the current resourceVersion, and no longer rv+1 - // (e.g. reconnecting without missing any updates). - // If resource version is "0", this interface will get current object at given key - // and send it in an "ADDED" event, before watch starts. - Watch(ctx context.Context, key string, opts ListOptions) (watch.Interface, error) - - // Get unmarshals object found at key into objPtr. On a not found error, will either - // return a zero object of the requested type, or an error, depending on 'opts.ignoreNotFound'. - // Treats empty responses and nil response nodes exactly like a not found error. - // The returned contents may be delayed, but it is guaranteed that they will - // match 'opts.ResourceVersion' according 'opts.ResourceVersionMatch'. - Get(ctx context.Context, key string, opts GetOptions, objPtr runtime.Object) error - - // GetList unmarshalls objects found at key into a *List api object (an object - // that satisfies runtime.IsList definition). - // If 'opts.Recursive' is false, 'key' is used as an exact match. If `opts.Recursive' - // is true, 'key' is used as a prefix. - // The returned contents may be delayed, but it is guaranteed that they will - // match 'opts.ResourceVersion' according 'opts.ResourceVersionMatch'. - GetList(ctx context.Context, key string, opts ListOptions, listObj runtime.Object) error - - // GuaranteedUpdate keeps calling 'tryUpdate()' to update key 'key' (of type 'destination') - // retrying the update until success if there is index conflict. - // Note that object passed to tryUpdate may change across invocations of tryUpdate() if - // other writers are simultaneously updating it, so tryUpdate() needs to take into account - // the current contents of the object when deciding how the update object should look. - // If the key doesn't exist, it will return NotFound storage error if ignoreNotFound=false - // else `destination` will be set to the zero value of it's type. - // If the eventual successful invocation of `tryUpdate` returns an output with the same serialized - // contents as the input, it won't perform any update, but instead set `destination` to an object with those - // contents. - // If 'cachedExistingObject' is non-nil, it can be used as a suggestion about the - // current version of the object to avoid read operation from storage to get it. - // However, the implementations have to retry in case suggestion is stale. - // - // Example: - // - // s := /* implementation of Interface */ - // err := s.GuaranteedUpdate( - // "myKey", &MyType{}, true, preconditions, - // func(input runtime.Object, res ResponseMeta) (runtime.Object, *uint64, error) { - // // Before each invocation of the user defined function, "input" is reset to - // // current contents for "myKey" in database. - // curr := input.(*MyType) // Guaranteed to succeed. - // - // // Make the modification - // curr.Counter++ - // - // // Return the modified object - return an error to stop iterating. Return - // // a uint64 to alter the TTL on the object, or nil to keep it the same value. - // return cur, nil, nil - // }, cachedExistingObject - // ) - GuaranteedUpdate( - ctx context.Context, key string, destination runtime.Object, ignoreNotFound bool, - preconditions *Preconditions, tryUpdate UpdateFunc, cachedExistingObject runtime.Object) error - - // Count returns number of different entries under the key (generally being path prefix). - Count(key string) (int64, error) -} - -// GetOptions provides the options that may be provided for storage get operations. -type GetOptions struct { - // IgnoreNotFound determines what is returned if the requested object is not found. If - // true, a zero object is returned. If false, an error is returned. - IgnoreNotFound bool - // ResourceVersion provides a resource version constraint to apply to the get operation - // as a "not older than" constraint: the result contains data at least as new as the provided - // ResourceVersion. The newest available data is preferred, but any data not older than this - // ResourceVersion may be served. - ResourceVersion string -} - -// ListOptions provides the options that may be provided for storage list operations. -type ListOptions struct { - // ResourceVersion provides a resource version constraint to apply to the list operation - // as a "not older than" constraint: the result contains data at least as new as the provided - // ResourceVersion. The newest available data is preferred, but any data not older than this - // ResourceVersion may be served. - ResourceVersion string - // ResourceVersionMatch provides the rule for how the resource version constraint applies. If set - // to the default value "" the legacy resource version semantic apply. - ResourceVersionMatch metav1.ResourceVersionMatch - // Predicate provides the selection rules for the list operation. - Predicate SelectionPredicate - // Recursive determines whether the list or watch is defined for a single object located at the - // given key, or for the whole set of objects with the given key as a prefix. - Recursive bool - // ProgressNotify determines whether storage-originated bookmark (progress notify) events should - // be delivered to the users. The option is ignored for non-watch requests. - ProgressNotify bool -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/names/generate.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/names/generate.go deleted file mode 100644 index 0b8afff0e9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/names/generate.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package names - -import ( - "fmt" - - utilrand "k8s.io/apimachinery/pkg/util/rand" -) - -// NameGenerator generates names for objects. Some backends may have more information -// available to guide selection of new names and this interface hides those details. -type NameGenerator interface { - // GenerateName generates a valid name from the base name, adding a random suffix to - // the base. If base is valid, the returned name must also be valid. The generator is - // responsible for knowing the maximum valid name length. - GenerateName(base string) string -} - -// simpleNameGenerator generates random names. -type simpleNameGenerator struct{} - -// SimpleNameGenerator is a generator that returns the name plus a random suffix of five alphanumerics -// when a name is requested. The string is guaranteed to not exceed the length of a standard Kubernetes -// name (63 characters) -var SimpleNameGenerator NameGenerator = simpleNameGenerator{} - -const ( - // TODO: make this flexible for non-core resources with alternate naming rules. - maxNameLength = 63 - randomLength = 5 - MaxGeneratedNameLength = maxNameLength - randomLength -) - -func (simpleNameGenerator) GenerateName(base string) string { - if len(base) > MaxGeneratedNameLength { - base = base[:MaxGeneratedNameLength] - } - return fmt.Sprintf("%s%s", base, utilrand.String(randomLength)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/selection_predicate.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/selection_predicate.go deleted file mode 100644 index 7370518e39..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/selection_predicate.go +++ /dev/null @@ -1,159 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" -) - -// AttrFunc returns label and field sets and the uninitialized flag for List or Watch to match. -// In any failure to parse given object, it returns error. -type AttrFunc func(obj runtime.Object) (labels.Set, fields.Set, error) - -// FieldMutationFunc allows the mutation of the field selection fields. It is mutating to -// avoid the extra allocation on this common path -type FieldMutationFunc func(obj runtime.Object, fieldSet fields.Set) error - -func DefaultClusterScopedAttr(obj runtime.Object) (labels.Set, fields.Set, error) { - metadata, err := meta.Accessor(obj) - if err != nil { - return nil, nil, err - } - fieldSet := fields.Set{ - "metadata.name": metadata.GetName(), - } - - return labels.Set(metadata.GetLabels()), fieldSet, nil -} - -func DefaultNamespaceScopedAttr(obj runtime.Object) (labels.Set, fields.Set, error) { - metadata, err := meta.Accessor(obj) - if err != nil { - return nil, nil, err - } - fieldSet := fields.Set{ - "metadata.name": metadata.GetName(), - "metadata.namespace": metadata.GetNamespace(), - } - - return labels.Set(metadata.GetLabels()), fieldSet, nil -} - -func (f AttrFunc) WithFieldMutation(fieldMutator FieldMutationFunc) AttrFunc { - return func(obj runtime.Object) (labels.Set, fields.Set, error) { - labelSet, fieldSet, err := f(obj) - if err != nil { - return nil, nil, err - } - if err := fieldMutator(obj, fieldSet); err != nil { - return nil, nil, err - } - return labelSet, fieldSet, nil - } -} - -// SelectionPredicate is used to represent the way to select objects from api storage. -type SelectionPredicate struct { - Label labels.Selector - Field fields.Selector - GetAttrs AttrFunc - IndexLabels []string - IndexFields []string - Limit int64 - Continue string - AllowWatchBookmarks bool -} - -// Matches returns true if the given object's labels and fields (as -// returned by s.GetAttrs) match s.Label and s.Field. An error is -// returned if s.GetAttrs fails. -func (s *SelectionPredicate) Matches(obj runtime.Object) (bool, error) { - if s.Empty() { - return true, nil - } - labels, fields, err := s.GetAttrs(obj) - if err != nil { - return false, err - } - matched := s.Label.Matches(labels) - if matched && s.Field != nil { - matched = matched && s.Field.Matches(fields) - } - return matched, nil -} - -// MatchesObjectAttributes returns true if the given labels and fields -// match s.Label and s.Field. -func (s *SelectionPredicate) MatchesObjectAttributes(l labels.Set, f fields.Set) bool { - if s.Label.Empty() && s.Field.Empty() { - return true - } - matched := s.Label.Matches(l) - if matched && s.Field != nil { - matched = (matched && s.Field.Matches(f)) - } - return matched -} - -// MatchesSingle will return (name, true) if and only if s.Field matches on the object's -// name. -func (s *SelectionPredicate) MatchesSingle() (string, bool) { - if len(s.Continue) > 0 { - return "", false - } - // TODO: should be namespace.name - if name, ok := s.Field.RequiresExactMatch("metadata.name"); ok { - return name, true - } - return "", false -} - -// Empty returns true if the predicate performs no filtering. -func (s *SelectionPredicate) Empty() bool { - return s.Label.Empty() && s.Field.Empty() -} - -// For any index defined by IndexFields, if a matcher can match only (a subset) -// of objects that return <value> for a given index, a pair (<index name>, <value>) -// wil be returned. -func (s *SelectionPredicate) MatcherIndex() []MatchValue { - var result []MatchValue - for _, field := range s.IndexFields { - if value, ok := s.Field.RequiresExactMatch(field); ok { - result = append(result, MatchValue{IndexName: FieldIndex(field), Value: value}) - } - } - for _, label := range s.IndexLabels { - if value, ok := s.Label.RequiresExactMatch(label); ok { - result = append(result, MatchValue{IndexName: LabelIndex(label), Value: value}) - } - } - return result -} - -// LabelIndex add prefix for label index. -func LabelIndex(label string) string { - return "l:" + label -} - -// FiledIndex add prefix for field index. -func FieldIndex(field string) string { - return "f:" + field -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/OWNERS deleted file mode 100644 index c29de755d0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - lavalamp - - smarterclayton - - wojtek-t diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/config.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/config.go deleted file mode 100644 index 47534c9781..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/config.go +++ /dev/null @@ -1,128 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storagebackend - -import ( - "time" - - oteltrace "go.opentelemetry.io/otel/trace" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/server/egressselector" - "k8s.io/apiserver/pkg/storage/etcd3" - "k8s.io/apiserver/pkg/storage/value" - flowcontrolrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" -) - -const ( - StorageTypeUnset = "" - StorageTypeETCD2 = "etcd2" - StorageTypeETCD3 = "etcd3" - - DefaultCompactInterval = 5 * time.Minute - DefaultDBMetricPollInterval = 30 * time.Second - DefaultHealthcheckTimeout = 2 * time.Second - DefaultReadinessTimeout = 2 * time.Second -) - -// TransportConfig holds all connection related info, i.e. equal TransportConfig means equal servers we talk to. -type TransportConfig struct { - // ServerList is the list of storage servers to connect with. - ServerList []string - // TLS credentials - KeyFile string - CertFile string - TrustedCAFile string - // function to determine the egress dialer. (i.e. konnectivity server dialer) - EgressLookup egressselector.Lookup - // The TracerProvider can add tracing the connection - TracerProvider oteltrace.TracerProvider -} - -// Config is configuration for creating a storage backend. -type Config struct { - // Type defines the type of storage backend. Default ("") is "etcd3". - Type string - // Prefix is the prefix to all keys passed to storage.Interface methods. - Prefix string - // Transport holds all connection related info, i.e. equal TransportConfig means equal servers we talk to. - Transport TransportConfig - // Paging indicates whether the server implementation should allow paging (if it is - // supported). This is generally configured by feature gating, or by a specific - // resource type not wishing to allow paging, and is not intended for end users to - // set. - Paging bool - - Codec runtime.Codec - // EncodeVersioner is the same groupVersioner used to build the - // storage encoder. Given a list of kinds the input object might belong - // to, the EncodeVersioner outputs the gvk the object will be - // converted to before persisted in etcd. - EncodeVersioner runtime.GroupVersioner - // Transformer allows the value to be transformed prior to persisting into etcd. - Transformer value.Transformer - - // CompactionInterval is an interval of requesting compaction from apiserver. - // If the value is 0, no compaction will be issued. - CompactionInterval time.Duration - // CountMetricPollPeriod specifies how often should count metric be updated - CountMetricPollPeriod time.Duration - // DBMetricPollInterval specifies how often should storage backend metric be updated. - DBMetricPollInterval time.Duration - // HealthcheckTimeout specifies the timeout used when checking health - HealthcheckTimeout time.Duration - // ReadycheckTimeout specifies the timeout used when checking readiness - ReadycheckTimeout time.Duration - - LeaseManagerConfig etcd3.LeaseManagerConfig - - // StorageObjectCountTracker is used to keep track of the total - // number of objects in the storage per resource. - StorageObjectCountTracker flowcontrolrequest.StorageObjectCountTracker -} - -// ConfigForResource is a Config specialized to a particular `schema.GroupResource` -type ConfigForResource struct { - // Config is the resource-independent configuration - Config - - // GroupResource is the relevant one - GroupResource schema.GroupResource -} - -// ForResource specializes to the given resource -func (config *Config) ForResource(resource schema.GroupResource) *ConfigForResource { - return &ConfigForResource{ - Config: *config, - GroupResource: resource, - } -} - -func NewDefaultConfig(prefix string, codec runtime.Codec) *Config { - return &Config{ - Paging: true, - Prefix: prefix, - Codec: codec, - CompactionInterval: DefaultCompactInterval, - DBMetricPollInterval: DefaultDBMetricPollInterval, - HealthcheckTimeout: DefaultHealthcheckTimeout, - ReadycheckTimeout: DefaultReadinessTimeout, - LeaseManagerConfig: etcd3.NewDefaultLeaseManagerConfig(), - Transport: TransportConfig{TracerProvider: oteltrace.NewNoopTracerProvider()}, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go deleted file mode 100644 index c178596495..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go +++ /dev/null @@ -1,434 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package factory - -import ( - "context" - "fmt" - "log" - "net" - "net/url" - "os" - "path" - "strings" - "sync" - "time" - - grpcprom "github.com/grpc-ecosystem/go-grpc-prometheus" - "go.etcd.io/etcd/client/pkg/v3/logutil" - "go.etcd.io/etcd/client/pkg/v3/transport" - clientv3 "go.etcd.io/etcd/client/v3" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" - "go.uber.org/zap" - "go.uber.org/zap/zapcore" - "golang.org/x/time/rate" - "google.golang.org/grpc" - - "k8s.io/apimachinery/pkg/runtime" - utilnet "k8s.io/apimachinery/pkg/util/net" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - genericfeatures "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/server/egressselector" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/etcd3" - "k8s.io/apiserver/pkg/storage/etcd3/metrics" - "k8s.io/apiserver/pkg/storage/storagebackend" - "k8s.io/apiserver/pkg/storage/value/encrypt/identity" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/component-base/metrics/legacyregistry" - tracing "k8s.io/component-base/tracing" - "k8s.io/klog/v2" -) - -const ( - // The short keepalive timeout and interval have been chosen to aggressively - // detect a failed etcd server without introducing much overhead. - keepaliveTime = 30 * time.Second - keepaliveTimeout = 10 * time.Second - - // dialTimeout is the timeout for failing to establish a connection. - // It is set to 20 seconds as times shorter than that will cause TLS connections to fail - // on heavily loaded arm64 CPUs (issue #64649) - dialTimeout = 20 * time.Second - - dbMetricsMonitorJitter = 0.5 -) - -// TODO(negz): Stop using a package scoped logger. At the time of writing we're -// creating an etcd client for each CRD. We need to pass each etcd client a -// logger or each client will create its own, which comes with a significant -// memory cost (around 20% of the API server's memory when hundreds of CRDs are -// present). The correct fix here is to not create a client per CRD. See -// https://github.com/kubernetes/kubernetes/issues/111476 for more. -var etcd3ClientLogger *zap.Logger - -func init() { - // grpcprom auto-registers (via an init function) their client metrics, since we are opting out of - // using the global prometheus registry and using our own wrapped global registry, - // we need to explicitly register these metrics to our global registry here. - // For reference: https://github.com/kubernetes/kubernetes/pull/81387 - legacyregistry.RawMustRegister(grpcprom.DefaultClientMetrics) - dbMetricsMonitors = make(map[string]struct{}) - - l, err := logutil.CreateDefaultZapLogger(etcdClientDebugLevel()) - if err != nil { - l = zap.NewNop() - } - etcd3ClientLogger = l.Named("etcd-client") -} - -// etcdClientDebugLevel translates ETCD_CLIENT_DEBUG into zap log level. -// NOTE(negz): This is a copy of a private etcd client function: -// https://github.com/etcd-io/etcd/blob/v3.5.4/client/v3/logger.go#L47 -func etcdClientDebugLevel() zapcore.Level { - envLevel := os.Getenv("ETCD_CLIENT_DEBUG") - if envLevel == "" || envLevel == "true" { - return zapcore.InfoLevel - } - var l zapcore.Level - if err := l.Set(envLevel); err == nil { - log.Printf("Deprecated env ETCD_CLIENT_DEBUG value. Using default level: 'info'") - return zapcore.InfoLevel - } - return l -} - -func newETCD3HealthCheck(c storagebackend.Config, stopCh <-chan struct{}) (func() error, error) { - timeout := storagebackend.DefaultHealthcheckTimeout - if c.HealthcheckTimeout != time.Duration(0) { - timeout = c.HealthcheckTimeout - } - return newETCD3Check(c, timeout, stopCh) -} - -func newETCD3ReadyCheck(c storagebackend.Config, stopCh <-chan struct{}) (func() error, error) { - timeout := storagebackend.DefaultReadinessTimeout - if c.ReadycheckTimeout != time.Duration(0) { - timeout = c.ReadycheckTimeout - } - return newETCD3Check(c, timeout, stopCh) -} - -// atomic error acts as a cache for atomically store an error -// the error is only updated if the timestamp is more recent than -// current stored error. -type atomicLastError struct { - mu sync.RWMutex - err error - timestamp time.Time -} - -func (a *atomicLastError) Store(err error, t time.Time) { - a.mu.Lock() - defer a.mu.Unlock() - if a.timestamp.IsZero() || a.timestamp.Before(t) { - a.err = err - a.timestamp = t - } -} - -func (a *atomicLastError) Load() error { - a.mu.RLock() - defer a.mu.RUnlock() - return a.err -} - -func newETCD3Check(c storagebackend.Config, timeout time.Duration, stopCh <-chan struct{}) (func() error, error) { - // constructing the etcd v3 client blocks and times out if etcd is not available. - // retry in a loop in the background until we successfully create the client, storing the client or error encountered - - lock := sync.RWMutex{} - var client *clientv3.Client - clientErr := fmt.Errorf("etcd client connection not yet established") - - go wait.PollUntil(time.Second, func() (bool, error) { - newClient, err := newETCD3Client(c.Transport) - lock.Lock() - defer lock.Unlock() - // Ensure that server is already not shutting down. - select { - case <-stopCh: - if err == nil { - newClient.Close() - } - return true, nil - default: - } - if err != nil { - clientErr = err - return false, nil - } - client = newClient - clientErr = nil - return true, nil - }, stopCh) - - // Close the client on shutdown. - go func() { - defer utilruntime.HandleCrash() - <-stopCh - - lock.Lock() - defer lock.Unlock() - if client != nil { - client.Close() - clientErr = fmt.Errorf("server is shutting down") - } - }() - - // limit to a request every half of the configured timeout with a maximum burst of one - // rate limited requests will receive the last request sent error (note: not the last received response) - limiter := rate.NewLimiter(rate.Every(timeout/2), 1) - // initial state is the clientErr - lastError := &atomicLastError{err: fmt.Errorf("etcd client connection not yet established")} - - return func() error { - // Given that client is closed on shutdown we hold the lock for - // the entire period of healthcheck call to ensure that client will - // not be closed during healthcheck. - // Given that healthchecks has a 2s timeout, worst case of blocking - // shutdown for additional 2s seems acceptable. - lock.RLock() - defer lock.RUnlock() - - if clientErr != nil { - return clientErr - } - if limiter.Allow() == false { - return lastError.Load() - } - ctx, cancel := context.WithTimeout(context.Background(), timeout) - defer cancel() - // See https://github.com/etcd-io/etcd/blob/c57f8b3af865d1b531b979889c602ba14377420e/etcdctl/ctlv3/command/ep_command.go#L118 - now := time.Now() - _, err := client.Get(ctx, path.Join("/", c.Prefix, "health")) - if err != nil { - err = fmt.Errorf("error getting data from etcd: %w", err) - } - lastError.Store(err, now) - return err - }, nil -} - -var newETCD3Client = func(c storagebackend.TransportConfig) (*clientv3.Client, error) { - tlsInfo := transport.TLSInfo{ - CertFile: c.CertFile, - KeyFile: c.KeyFile, - TrustedCAFile: c.TrustedCAFile, - } - tlsConfig, err := tlsInfo.ClientConfig() - if err != nil { - return nil, err - } - // NOTE: Client relies on nil tlsConfig - // for non-secure connections, update the implicit variable - if len(c.CertFile) == 0 && len(c.KeyFile) == 0 && len(c.TrustedCAFile) == 0 { - tlsConfig = nil - } - networkContext := egressselector.Etcd.AsNetworkContext() - var egressDialer utilnet.DialFunc - if c.EgressLookup != nil { - egressDialer, err = c.EgressLookup(networkContext) - if err != nil { - return nil, err - } - } - dialOptions := []grpc.DialOption{ - grpc.WithBlock(), // block until the underlying connection is up - // use chained interceptors so that the default (retry and backoff) interceptors are added. - // otherwise they will be overwritten by the metric interceptor. - // - // these optional interceptors will be placed after the default ones. - // which seems to be what we want as the metrics will be collected on each attempt (retry) - grpc.WithChainUnaryInterceptor(grpcprom.UnaryClientInterceptor), - grpc.WithChainStreamInterceptor(grpcprom.StreamClientInterceptor), - } - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerTracing) { - tracingOpts := []otelgrpc.Option{ - otelgrpc.WithPropagators(tracing.Propagators()), - otelgrpc.WithTracerProvider(c.TracerProvider), - } - // Even with Noop TracerProvider, the otelgrpc still handles context propagation. - // See https://github.com/open-telemetry/opentelemetry-go/tree/main/example/passthrough - dialOptions = append(dialOptions, - grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor(tracingOpts...)), - grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor(tracingOpts...))) - } - if egressDialer != nil { - dialer := func(ctx context.Context, addr string) (net.Conn, error) { - if strings.Contains(addr, "//") { - // etcd client prior to 3.5 passed URLs to dialer, normalize to address - u, err := url.Parse(addr) - if err != nil { - return nil, err - } - addr = u.Host - } - return egressDialer(ctx, "tcp", addr) - } - dialOptions = append(dialOptions, grpc.WithContextDialer(dialer)) - } - - cfg := clientv3.Config{ - DialTimeout: dialTimeout, - DialKeepAliveTime: keepaliveTime, - DialKeepAliveTimeout: keepaliveTimeout, - DialOptions: dialOptions, - Endpoints: c.ServerList, - TLS: tlsConfig, - Logger: etcd3ClientLogger, - } - - return clientv3.New(cfg) -} - -type runningCompactor struct { - interval time.Duration - cancel context.CancelFunc - client *clientv3.Client - refs int -} - -var ( - // compactorsMu guards access to compactors map - compactorsMu sync.Mutex - compactors = map[string]*runningCompactor{} - // dbMetricsMonitorsMu guards access to dbMetricsMonitors map - dbMetricsMonitorsMu sync.Mutex - dbMetricsMonitors map[string]struct{} -) - -// startCompactorOnce start one compactor per transport. If the interval get smaller on repeated calls, the -// compactor is replaced. A destroy func is returned. If all destroy funcs with the same transport are called, -// the compactor is stopped. -func startCompactorOnce(c storagebackend.TransportConfig, interval time.Duration) (func(), error) { - compactorsMu.Lock() - defer compactorsMu.Unlock() - - key := fmt.Sprintf("%v", c) // gives: {[server1 server2] keyFile certFile caFile} - if compactor, foundBefore := compactors[key]; !foundBefore || compactor.interval > interval { - compactorClient, err := newETCD3Client(c) - if err != nil { - return nil, err - } - - if foundBefore { - // replace compactor - compactor.cancel() - compactor.client.Close() - } else { - // start new compactor - compactor = &runningCompactor{} - compactors[key] = compactor - } - - ctx, cancel := context.WithCancel(context.Background()) - - compactor.interval = interval - compactor.cancel = cancel - compactor.client = compactorClient - - etcd3.StartCompactor(ctx, compactorClient, interval) - } - - compactors[key].refs++ - - return func() { - compactorsMu.Lock() - defer compactorsMu.Unlock() - - compactor := compactors[key] - compactor.refs-- - if compactor.refs == 0 { - compactor.cancel() - compactor.client.Close() - delete(compactors, key) - } - }, nil -} - -func newETCD3Storage(c storagebackend.ConfigForResource, newFunc func() runtime.Object) (storage.Interface, DestroyFunc, error) { - stopCompactor, err := startCompactorOnce(c.Transport, c.CompactionInterval) - if err != nil { - return nil, nil, err - } - - client, err := newETCD3Client(c.Transport) - if err != nil { - stopCompactor() - return nil, nil, err - } - - // decorate the KV instance so we can track etcd latency per request. - client.KV = etcd3.NewETCDLatencyTracker(client.KV) - - stopDBSizeMonitor, err := startDBSizeMonitorPerEndpoint(client, c.DBMetricPollInterval) - if err != nil { - return nil, nil, err - } - - var once sync.Once - destroyFunc := func() { - // we know that storage destroy funcs are called multiple times (due to reuse in subresources). - // Hence, we only destroy once. - // TODO: fix duplicated storage destroy calls higher level - once.Do(func() { - stopCompactor() - stopDBSizeMonitor() - client.Close() - }) - } - transformer := c.Transformer - if transformer == nil { - transformer = identity.NewEncryptCheckTransformer() - } - return etcd3.New(client, c.Codec, newFunc, c.Prefix, c.GroupResource, transformer, c.Paging, c.LeaseManagerConfig), destroyFunc, nil -} - -// startDBSizeMonitorPerEndpoint starts a loop to monitor etcd database size and update the -// corresponding metric etcd_db_total_size_in_bytes for each etcd server endpoint. -func startDBSizeMonitorPerEndpoint(client *clientv3.Client, interval time.Duration) (func(), error) { - if interval == 0 { - return func() {}, nil - } - dbMetricsMonitorsMu.Lock() - defer dbMetricsMonitorsMu.Unlock() - - ctx, cancel := context.WithCancel(context.Background()) - for _, ep := range client.Endpoints() { - if _, found := dbMetricsMonitors[ep]; found { - continue - } - dbMetricsMonitors[ep] = struct{}{} - endpoint := ep - klog.V(4).Infof("Start monitoring storage db size metric for endpoint %s with polling interval %v", endpoint, interval) - go wait.JitterUntilWithContext(ctx, func(context.Context) { - epStatus, err := client.Maintenance.Status(ctx, endpoint) - if err != nil { - klog.V(4).Infof("Failed to get storage db size for ep %s: %v", endpoint, err) - metrics.UpdateEtcdDbSize(endpoint, -1) - } else { - metrics.UpdateEtcdDbSize(endpoint, epStatus.DbSize) - } - }, interval, dbMetricsMonitorJitter, true) - } - - return func() { - cancel() - }, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/factory.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/factory.go deleted file mode 100644 index 4c8a409d65..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/factory.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package factory - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/storagebackend" -) - -// DestroyFunc is to destroy any resources used by the storage returned in Create() together. -type DestroyFunc func() - -// Create creates a storage backend based on given config. -func Create(c storagebackend.ConfigForResource, newFunc func() runtime.Object) (storage.Interface, DestroyFunc, error) { - switch c.Type { - case storagebackend.StorageTypeETCD2: - return nil, nil, fmt.Errorf("%s is no longer a supported storage backend", c.Type) - case storagebackend.StorageTypeUnset, storagebackend.StorageTypeETCD3: - return newETCD3Storage(c, newFunc) - default: - return nil, nil, fmt.Errorf("unknown storage type: %s", c.Type) - } -} - -// CreateHealthCheck creates a healthcheck function based on given config. -func CreateHealthCheck(c storagebackend.Config, stopCh <-chan struct{}) (func() error, error) { - switch c.Type { - case storagebackend.StorageTypeETCD2: - return nil, fmt.Errorf("%s is no longer a supported storage backend", c.Type) - case storagebackend.StorageTypeUnset, storagebackend.StorageTypeETCD3: - return newETCD3HealthCheck(c, stopCh) - default: - return nil, fmt.Errorf("unknown storage type: %s", c.Type) - } -} - -func CreateReadyCheck(c storagebackend.Config, stopCh <-chan struct{}) (func() error, error) { - switch c.Type { - case storagebackend.StorageTypeETCD2: - return nil, fmt.Errorf("%s is no longer a supported storage backend", c.Type) - case storagebackend.StorageTypeUnset, storagebackend.StorageTypeETCD3: - return newETCD3ReadyCheck(c, stopCh) - default: - return nil, fmt.Errorf("unknown storage type: %s", c.Type) - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/util.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/util.go deleted file mode 100644 index 9da8d9713c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/util.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "fmt" - "sync/atomic" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/api/validation/path" - "k8s.io/apimachinery/pkg/runtime" -) - -type SimpleUpdateFunc func(runtime.Object) (runtime.Object, error) - -// SimpleUpdateFunc converts SimpleUpdateFunc into UpdateFunc -func SimpleUpdate(fn SimpleUpdateFunc) UpdateFunc { - return func(input runtime.Object, _ ResponseMeta) (runtime.Object, *uint64, error) { - out, err := fn(input) - return out, nil, err - } -} - -func EverythingFunc(runtime.Object) bool { - return true -} - -func NamespaceKeyFunc(prefix string, obj runtime.Object) (string, error) { - meta, err := meta.Accessor(obj) - if err != nil { - return "", err - } - name := meta.GetName() - if msgs := path.IsValidPathSegmentName(name); len(msgs) != 0 { - return "", fmt.Errorf("invalid name: %v", msgs) - } - return prefix + "/" + meta.GetNamespace() + "/" + name, nil -} - -func NoNamespaceKeyFunc(prefix string, obj runtime.Object) (string, error) { - meta, err := meta.Accessor(obj) - if err != nil { - return "", err - } - name := meta.GetName() - if msgs := path.IsValidPathSegmentName(name); len(msgs) != 0 { - return "", fmt.Errorf("invalid name: %v", msgs) - } - return prefix + "/" + name, nil -} - -// HighWaterMark is a thread-safe object for tracking the maximum value seen -// for some quantity. -type HighWaterMark int64 - -// Update returns true if and only if 'current' is the highest value ever seen. -func (hwm *HighWaterMark) Update(current int64) bool { - for { - old := atomic.LoadInt64((*int64)(hwm)) - if current <= old { - return false - } - if atomic.CompareAndSwapInt64((*int64)(hwm), old, current) { - return true - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/OWNERS deleted file mode 100644 index d2ea8ec60c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-encryption-at-rest-approvers -reviewers: - - sig-auth-encryption-at-rest-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes.go deleted file mode 100644 index 69930c0390..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes.go +++ /dev/null @@ -1,153 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package aes transforms values for storage at rest using AES-GCM. -package aes - -import ( - "bytes" - "context" - "crypto/aes" - "crypto/cipher" - "crypto/rand" - "errors" - "fmt" - "io" - - "k8s.io/apiserver/pkg/storage/value" -) - -// gcm implements AEAD encryption of the provided values given a cipher.Block algorithm. -// The authenticated data provided as part of the value.Context method must match when the same -// value is set to and loaded from storage. In order to ensure that values cannot be copied by -// an attacker from a location under their control, use characteristics of the storage location -// (such as the etcd key) as part of the authenticated data. -// -// Because this mode requires a generated IV and IV reuse is a known weakness of AES-GCM, keys -// must be rotated before a birthday attack becomes feasible. NIST SP 800-38D -// (http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf) recommends using the same -// key with random 96-bit nonces (the default nonce length) no more than 2^32 times, and -// therefore transformers using this implementation *must* ensure they allow for frequent key -// rotation. Future work should include investigation of AES-GCM-SIV as an alternative to -// random nonces. -type gcm struct { - block cipher.Block -} - -// NewGCMTransformer takes the given block cipher and performs encryption and decryption on the given -// data. -func NewGCMTransformer(block cipher.Block) value.Transformer { - return &gcm{block: block} -} - -func (t *gcm) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { - aead, err := cipher.NewGCM(t.block) - if err != nil { - return nil, false, err - } - nonceSize := aead.NonceSize() - if len(data) < nonceSize { - return nil, false, fmt.Errorf("the stored data was shorter than the required size") - } - result, err := aead.Open(nil, data[:nonceSize], data[nonceSize:], dataCtx.AuthenticatedData()) - return result, false, err -} - -func (t *gcm) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { - aead, err := cipher.NewGCM(t.block) - if err != nil { - return nil, err - } - nonceSize := aead.NonceSize() - result := make([]byte, nonceSize+aead.Overhead()+len(data)) - n, err := rand.Read(result[:nonceSize]) - if err != nil { - return nil, err - } - if n != nonceSize { - return nil, fmt.Errorf("unable to read sufficient random bytes") - } - cipherText := aead.Seal(result[nonceSize:nonceSize], result[:nonceSize], data, dataCtx.AuthenticatedData()) - return result[:nonceSize+len(cipherText)], nil -} - -// cbc implements encryption at rest of the provided values given a cipher.Block algorithm. -type cbc struct { - block cipher.Block -} - -// NewCBCTransformer takes the given block cipher and performs encryption and decryption on the given -// data. -func NewCBCTransformer(block cipher.Block) value.Transformer { - return &cbc{block: block} -} - -var ( - ErrInvalidBlockSize = fmt.Errorf("the stored data is not a multiple of the block size") - errInvalidPKCS7Data = errors.New("invalid PKCS7 data (empty or not padded)") - errInvalidPKCS7Padding = errors.New("invalid padding on input") -) - -func (t *cbc) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { - blockSize := aes.BlockSize - if len(data) < blockSize { - return nil, false, fmt.Errorf("the stored data was shorter than the required size") - } - iv := data[:blockSize] - data = data[blockSize:] - - if len(data)%blockSize != 0 { - return nil, false, ErrInvalidBlockSize - } - - result := make([]byte, len(data)) - copy(result, data) - mode := cipher.NewCBCDecrypter(t.block, iv) - mode.CryptBlocks(result, result) - - // remove and verify PKCS#7 padding for CBC - c := result[len(result)-1] - paddingSize := int(c) - size := len(result) - paddingSize - if paddingSize == 0 || paddingSize > len(result) { - return nil, false, errInvalidPKCS7Data - } - for i := 0; i < paddingSize; i++ { - if result[size+i] != c { - return nil, false, errInvalidPKCS7Padding - } - } - - return result[:size], false, nil -} - -func (t *cbc) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { - blockSize := aes.BlockSize - paddingSize := blockSize - (len(data) % blockSize) - result := make([]byte, blockSize+len(data)+paddingSize) - iv := result[:blockSize] - if _, err := io.ReadFull(rand.Reader, iv); err != nil { - return nil, fmt.Errorf("unable to read sufficient random bytes") - } - copy(result[blockSize:], data) - - // add PKCS#7 padding for CBC - copy(result[blockSize+len(data):], bytes.Repeat([]byte{byte(paddingSize)}, paddingSize)) - - mode := cipher.NewCBCEncrypter(t.block, iv) - mode.CryptBlocks(result[blockSize:], result[blockSize:]) - return result, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go deleted file mode 100644 index 43d2e00a22..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go +++ /dev/null @@ -1,198 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package envelope transforms values for storage at rest using a Envelope provider -package envelope - -import ( - "context" - "crypto/aes" - "crypto/cipher" - "crypto/rand" - "encoding/base64" - "fmt" - "time" - - "k8s.io/apiserver/pkg/storage/value" - "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics" - "k8s.io/utils/lru" - - "golang.org/x/crypto/cryptobyte" -) - -func init() { - value.RegisterMetrics() - metrics.RegisterMetrics() -} - -// Service allows encrypting and decrypting data using an external Key Management Service. -type Service interface { - // Decrypt a given bytearray to obtain the original data as bytes. - Decrypt(data []byte) ([]byte, error) - // Encrypt bytes to a ciphertext. - Encrypt(data []byte) ([]byte, error) -} - -type envelopeTransformer struct { - envelopeService Service - - // transformers is a thread-safe LRU cache which caches decrypted DEKs indexed by their encrypted form. - transformers *lru.Cache - - // baseTransformerFunc creates a new transformer for encrypting the data with the DEK. - baseTransformerFunc func(cipher.Block) value.Transformer - - cacheSize int - cacheEnabled bool -} - -// NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. -// It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to -// the data items they encrypt. A cache (of size cacheSize) is maintained to store the most recently -// used decrypted DEKs in memory. -func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) value.Transformer { - var ( - cache *lru.Cache - ) - - if cacheSize > 0 { - cache = lru.New(cacheSize) - } - return &envelopeTransformer{ - envelopeService: envelopeService, - transformers: cache, - baseTransformerFunc: baseTransformerFunc, - cacheEnabled: cacheSize > 0, - cacheSize: cacheSize, - } -} - -// TransformFromStorage decrypts data encrypted by this transformer using envelope encryption. -func (t *envelopeTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { - metrics.RecordArrival(metrics.FromStorageLabel, time.Now()) - - // Read the 16 bit length-of-DEK encoded at the start of the encrypted DEK. 16 bits can - // represent a maximum key length of 65536 bytes. We are using a 256 bit key, whose - // length cannot fit in 8 bits (1 byte). Thus, we use 16 bits (2 bytes) to store the length. - var encKey cryptobyte.String - s := cryptobyte.String(data) - if ok := s.ReadUint16LengthPrefixed(&encKey); !ok { - return nil, false, fmt.Errorf("invalid data encountered by envelope transformer: failed to read uint16 length prefixed data") - } - - encData := []byte(s) - - // Look up the decrypted DEK from cache or Envelope. - transformer := t.getTransformer(encKey) - if transformer == nil { - if t.cacheEnabled { - value.RecordCacheMiss() - } - key, err := t.envelopeService.Decrypt(encKey) - if err != nil { - // Do NOT wrap this err using fmt.Errorf() or similar functions - // because this gRPC status error has useful error code when - // record the metric. - return nil, false, err - } - - transformer, err = t.addTransformer(encKey, key) - if err != nil { - return nil, false, err - } - } - - return transformer.TransformFromStorage(ctx, encData, dataCtx) -} - -// TransformToStorage encrypts data to be written to disk using envelope encryption. -func (t *envelopeTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { - metrics.RecordArrival(metrics.ToStorageLabel, time.Now()) - newKey, err := generateKey(32) - if err != nil { - return nil, err - } - - encKey, err := t.envelopeService.Encrypt(newKey) - if err != nil { - // Do NOT wrap this err using fmt.Errorf() or similar functions - // because this gRPC status error has useful error code when - // record the metric. - return nil, err - } - - transformer, err := t.addTransformer(encKey, newKey) - if err != nil { - return nil, err - } - - result, err := transformer.TransformToStorage(ctx, data, dataCtx) - if err != nil { - return nil, err - } - // Append the length of the encrypted DEK as the first 2 bytes. - b := cryptobyte.NewBuilder(nil) - b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { - b.AddBytes([]byte(encKey)) - }) - b.AddBytes(result) - - return b.Bytes() -} - -var _ value.Transformer = &envelopeTransformer{} - -// addTransformer inserts a new transformer to the Envelope cache of DEKs for future reads. -func (t *envelopeTransformer) addTransformer(encKey []byte, key []byte) (value.Transformer, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - transformer := t.baseTransformerFunc(block) - // Use base64 of encKey as the key into the cache because hashicorp/golang-lru - // cannot hash []uint8. - if t.cacheEnabled { - t.transformers.Add(base64.StdEncoding.EncodeToString(encKey), transformer) - metrics.RecordDekCacheFillPercent(float64(t.transformers.Len()) / float64(t.cacheSize)) - } - return transformer, nil -} - -// getTransformer fetches the transformer corresponding to encKey from cache, if it exists. -func (t *envelopeTransformer) getTransformer(encKey []byte) value.Transformer { - if !t.cacheEnabled { - return nil - } - - _transformer, found := t.transformers.Get(base64.StdEncoding.EncodeToString(encKey)) - if found { - return _transformer.(value.Transformer) - } - return nil -} - -// generateKey generates a random key using system randomness. -func generateKey(length int) (key []byte, err error) { - defer func(start time.Time) { - value.RecordDataKeyGeneration(start, err) - }(time.Now()) - key = make([]byte, length) - if _, err = rand.Read(key); err != nil { - return nil, err - } - - return key, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service.go deleted file mode 100644 index 2b70144608..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/grpc_service.go +++ /dev/null @@ -1,162 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package envelope transforms values for storage at rest using a Envelope provider -package envelope - -import ( - "context" - "fmt" - "net" - "sync" - "time" - - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" - - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/util" - "k8s.io/klog/v2" - kmsapi "k8s.io/kms/apis/v1beta1" -) - -const ( - // unixProtocol is the only supported protocol for remote KMS provider. - unixProtocol = "unix" - // Current version for the protocol interface definition. - kmsapiVersion = "v1beta1" - - versionErrorf = "KMS provider api version %s is not supported, only %s is supported now" -) - -// The gRPC implementation for envelope.Service. -type gRPCService struct { - kmsClient kmsapi.KeyManagementServiceClient - connection *grpc.ClientConn - callTimeout time.Duration - mux sync.RWMutex - versionChecked bool -} - -// NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider. -func NewGRPCService(ctx context.Context, endpoint string, callTimeout time.Duration) (Service, error) { - klog.V(4).Infof("Configure KMS provider with endpoint: %s", endpoint) - - addr, err := util.ParseEndpoint(endpoint) - if err != nil { - return nil, err - } - - s := &gRPCService{callTimeout: callTimeout} - s.connection, err = grpc.Dial( - addr, - grpc.WithTransportCredentials(insecure.NewCredentials()), - grpc.WithUnaryInterceptor(s.interceptor), - grpc.WithDefaultCallOptions(grpc.WaitForReady(true)), - grpc.WithContextDialer( - func(context.Context, string) (net.Conn, error) { - // Ignoring addr and timeout arguments: - // addr - comes from the closure - c, err := net.DialUnix(unixProtocol, nil, &net.UnixAddr{Name: addr}) - if err != nil { - klog.Errorf("failed to create connection to unix socket: %s, error: %v", addr, err) - } else { - klog.V(4).Infof("Successfully dialed Unix socket %v", addr) - } - return c, err - })) - - if err != nil { - return nil, fmt.Errorf("failed to create connection to %s, error: %v", endpoint, err) - } - - s.kmsClient = kmsapi.NewKeyManagementServiceClient(s.connection) - - go func() { - defer utilruntime.HandleCrash() - - <-ctx.Done() - _ = s.connection.Close() - }() - - return s, nil -} - -func (g *gRPCService) checkAPIVersion(ctx context.Context) error { - g.mux.Lock() - defer g.mux.Unlock() - - if g.versionChecked { - return nil - } - - request := &kmsapi.VersionRequest{Version: kmsapiVersion} - response, err := g.kmsClient.Version(ctx, request) - if err != nil { - return fmt.Errorf("failed get version from remote KMS provider: %v", err) - } - if response.Version != kmsapiVersion { - return fmt.Errorf(versionErrorf, response.Version, kmsapiVersion) - } - g.versionChecked = true - - klog.V(4).Infof("Version of KMS provider is %s", response.Version) - return nil -} - -// Decrypt a given data string to obtain the original byte data. -func (g *gRPCService) Decrypt(cipher []byte) ([]byte, error) { - ctx, cancel := context.WithTimeout(context.Background(), g.callTimeout) - defer cancel() - - request := &kmsapi.DecryptRequest{Cipher: cipher, Version: kmsapiVersion} - response, err := g.kmsClient.Decrypt(ctx, request) - if err != nil { - return nil, err - } - return response.Plain, nil -} - -// Encrypt bytes to a string ciphertext. -func (g *gRPCService) Encrypt(plain []byte) ([]byte, error) { - ctx, cancel := context.WithTimeout(context.Background(), g.callTimeout) - defer cancel() - - request := &kmsapi.EncryptRequest{Plain: plain, Version: kmsapiVersion} - response, err := g.kmsClient.Encrypt(ctx, request) - if err != nil { - return nil, err - } - return response.Cipher, nil -} - -func (g *gRPCService) interceptor( - ctx context.Context, - method string, - req interface{}, - reply interface{}, - cc *grpc.ClientConn, - invoker grpc.UnaryInvoker, - opts ...grpc.CallOption, -) error { - if !kmsapi.IsVersionCheckMethod(method) { - if err := g.checkAPIVersion(ctx); err != nil { - return err - } - } - - return invoker(ctx, method, req, reply, cc, opts...) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go deleted file mode 100644 index 726e3053e3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go +++ /dev/null @@ -1,315 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package kmsv2 transforms values for storage at rest using a Envelope v2 provider -package kmsv2 - -import ( - "context" - "crypto/aes" - "crypto/cipher" - "crypto/rand" - "encoding/base64" - "fmt" - "time" - - "github.com/gogo/protobuf/proto" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/uuid" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/value" - kmstypes "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1" - "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics" - "k8s.io/klog/v2" - "k8s.io/utils/lru" -) - -const ( - // KMSAPIVersion is the version of the KMS API. - KMSAPIVersion = "v2alpha1" - // annotationsMaxSize is the maximum size of the annotations. - annotationsMaxSize = 32 * 1024 // 32 kB - // keyIDMaxSize is the maximum size of the keyID. - keyIDMaxSize = 1 * 1024 // 1 kB - // encryptedDEKMaxSize is the maximum size of the encrypted DEK. - encryptedDEKMaxSize = 1 * 1024 // 1 kB -) - -// Service allows encrypting and decrypting data using an external Key Management Service. -type Service interface { - // Decrypt a given bytearray to obtain the original data as bytes. - Decrypt(ctx context.Context, uid string, req *DecryptRequest) ([]byte, error) - // Encrypt bytes to a ciphertext. - Encrypt(ctx context.Context, uid string, data []byte) (*EncryptResponse, error) - // Status returns the status of the KMS. - Status(ctx context.Context) (*StatusResponse, error) -} - -type envelopeTransformer struct { - envelopeService Service - - // transformers is a thread-safe LRU cache which caches decrypted DEKs indexed by their encrypted form. - transformers *lru.Cache - - // baseTransformerFunc creates a new transformer for encrypting the data with the DEK. - baseTransformerFunc func(cipher.Block) value.Transformer - - cacheSize int - cacheEnabled bool -} - -// EncryptResponse is the response from the Envelope service when encrypting data. -type EncryptResponse struct { - Ciphertext []byte - KeyID string - Annotations map[string][]byte -} - -// DecryptRequest is the request to the Envelope service when decrypting data. -type DecryptRequest struct { - Ciphertext []byte - KeyID string - Annotations map[string][]byte -} - -// StatusResponse is the response from the Envelope service when getting the status of the service. -type StatusResponse struct { - Version string - Healthz string - KeyID string -} - -// NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. -// It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to -// the data items they encrypt. A cache (of size cacheSize) is maintained to store the most recently -// used decrypted DEKs in memory. -func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) value.Transformer { - var cache *lru.Cache - - if cacheSize > 0 { - // TODO(aramase): Switch to using expiring cache: kubernetes/kubernetes/staging/src/k8s.io/apimachinery/pkg/util/cache/expiring.go. - // It handles scans a lot better, doesn't have to be right sized, and don't have a global lock on reads. - cache = lru.New(cacheSize) - } - - return &envelopeTransformer{ - envelopeService: envelopeService, - transformers: cache, - baseTransformerFunc: baseTransformerFunc, - cacheEnabled: cacheSize > 0, - cacheSize: cacheSize, - } -} - -// TransformFromStorage decrypts data encrypted by this transformer using envelope encryption. -func (t *envelopeTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { - metrics.RecordArrival(metrics.FromStorageLabel, time.Now()) - - // Deserialize the EncryptedObject from the data. - encryptedObject, err := t.doDecode(data) - if err != nil { - return nil, false, err - } - - // Look up the decrypted DEK from cache or Envelope. - transformer := t.getTransformer(encryptedObject.EncryptedDEK) - if transformer == nil { - if t.cacheEnabled { - value.RecordCacheMiss() - } - uid := string(uuid.NewUUID()) - klog.V(6).InfoS("Decrypting content using envelope service", "uid", uid, "key", string(dataCtx.AuthenticatedData())) - key, err := t.envelopeService.Decrypt(ctx, uid, &DecryptRequest{ - Ciphertext: encryptedObject.EncryptedDEK, - KeyID: encryptedObject.KeyID, - Annotations: encryptedObject.Annotations, - }) - if err != nil { - return nil, false, fmt.Errorf("failed to decrypt DEK, error: %w", err) - } - - transformer, err = t.addTransformer(encryptedObject.EncryptedDEK, key) - if err != nil { - return nil, false, err - } - } - - return transformer.TransformFromStorage(ctx, encryptedObject.EncryptedData, dataCtx) -} - -// TransformToStorage encrypts data to be written to disk using envelope encryption. -func (t *envelopeTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { - metrics.RecordArrival(metrics.ToStorageLabel, time.Now()) - newKey, err := generateKey(32) - if err != nil { - return nil, err - } - - uid := string(uuid.NewUUID()) - klog.V(6).InfoS("Encrypting content using envelope service", "uid", uid, "key", string(dataCtx.AuthenticatedData())) - resp, err := t.envelopeService.Encrypt(ctx, uid, newKey) - if err != nil { - return nil, fmt.Errorf("failed to encrypt DEK, error: %w", err) - } - - transformer, err := t.addTransformer(resp.Ciphertext, newKey) - if err != nil { - return nil, err - } - - result, err := transformer.TransformToStorage(ctx, data, dataCtx) - if err != nil { - return nil, err - } - - encObject := &kmstypes.EncryptedObject{ - KeyID: resp.KeyID, - EncryptedDEK: resp.Ciphertext, - EncryptedData: result, - Annotations: resp.Annotations, - } - - // Serialize the EncryptedObject to a byte array. - return t.doEncode(encObject) -} - -// addTransformer inserts a new transformer to the Envelope cache of DEKs for future reads. -func (t *envelopeTransformer) addTransformer(encKey []byte, key []byte) (value.Transformer, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - transformer := t.baseTransformerFunc(block) - // Use base64 of encKey as the key into the cache because hashicorp/golang-lru - // cannot hash []uint8. - if t.cacheEnabled { - t.transformers.Add(base64.StdEncoding.EncodeToString(encKey), transformer) - metrics.RecordDekCacheFillPercent(float64(t.transformers.Len()) / float64(t.cacheSize)) - } - return transformer, nil -} - -// getTransformer fetches the transformer corresponding to encKey from cache, if it exists. -func (t *envelopeTransformer) getTransformer(encKey []byte) value.Transformer { - if !t.cacheEnabled { - return nil - } - - _transformer, found := t.transformers.Get(base64.StdEncoding.EncodeToString(encKey)) - if found { - return _transformer.(value.Transformer) - } - return nil -} - -// doEncode encodes the EncryptedObject to a byte array. -func (t *envelopeTransformer) doEncode(request *kmstypes.EncryptedObject) ([]byte, error) { - if err := validateEncryptedObject(request); err != nil { - return nil, err - } - return proto.Marshal(request) -} - -// doDecode decodes the byte array to an EncryptedObject. -func (t *envelopeTransformer) doDecode(originalData []byte) (*kmstypes.EncryptedObject, error) { - o := &kmstypes.EncryptedObject{} - if err := proto.Unmarshal(originalData, o); err != nil { - return nil, err - } - // validate the EncryptedObject - if err := validateEncryptedObject(o); err != nil { - return nil, err - } - - return o, nil -} - -// generateKey generates a random key using system randomness. -func generateKey(length int) (key []byte, err error) { - defer func(start time.Time) { - value.RecordDataKeyGeneration(start, err) - }(time.Now()) - key = make([]byte, length) - if _, err = rand.Read(key); err != nil { - return nil, err - } - - return key, nil -} - -func validateEncryptedObject(o *kmstypes.EncryptedObject) error { - if o == nil { - return fmt.Errorf("encrypted object is nil") - } - if len(o.EncryptedData) == 0 { - return fmt.Errorf("encrypted data is empty") - } - if err := validateEncryptedDEK(o.EncryptedDEK); err != nil { - return fmt.Errorf("failed to validate encrypted DEK: %w", err) - } - if err := validateKeyID(o.KeyID); err != nil { - return fmt.Errorf("failed to validate key id: %w", err) - } - if err := validateAnnotations(o.Annotations); err != nil { - return fmt.Errorf("failed to validate annotations: %w", err) - } - return nil -} - -// validateEncryptedDEK tests the following: -// 1. The encrypted DEK is not empty. -// 2. The size of encrypted DEK is less than 1 kB. -func validateEncryptedDEK(encryptedDEK []byte) error { - if len(encryptedDEK) == 0 { - return fmt.Errorf("encrypted DEK is empty") - } - if len(encryptedDEK) > encryptedDEKMaxSize { - return fmt.Errorf("encrypted DEK is %d bytes, which exceeds the max size of %d", len(encryptedDEK), encryptedDEKMaxSize) - } - return nil -} - -// validateAnnotations tests the following: -// 1. checks if the annotation key is fully qualified -// 2. The size of annotations keys + values is less than 32 kB. -func validateAnnotations(annotations map[string][]byte) error { - var errs []error - var totalSize uint64 - for k, v := range annotations { - if fieldErr := validation.IsFullyQualifiedDomainName(field.NewPath("annotations"), k); fieldErr != nil { - errs = append(errs, fieldErr.ToAggregate()) - } - totalSize += uint64(len(k)) + uint64(len(v)) - } - if totalSize > annotationsMaxSize { - errs = append(errs, fmt.Errorf("total size of annotations is %d, which exceeds the max size of %d", totalSize, annotationsMaxSize)) - } - return utilerrors.NewAggregate(errs) -} - -// validateKeyID tests the following: -// 1. The keyID is not empty. -// 2. The size of keyID is less than 1 kB. -func validateKeyID(keyID string) error { - if len(keyID) == 0 { - return fmt.Errorf("keyID is empty") - } - if len(keyID) > keyIDMaxSize { - return fmt.Errorf("keyID is %d bytes, which exceeds the max size of %d", len(keyID), keyIDMaxSize) - } - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/grpc_service.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/grpc_service.go deleted file mode 100644 index 692aeef53a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/grpc_service.go +++ /dev/null @@ -1,139 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package kmsv2 transforms values for storage at rest using a Envelope provider -package kmsv2 - -import ( - "context" - "fmt" - "net" - "time" - - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" - - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/util" - "k8s.io/klog/v2" - kmsapi "k8s.io/kms/apis/v2alpha1" -) - -const ( - // unixProtocol is the only supported protocol for remote KMS provider. - unixProtocol = "unix" -) - -// The gRPC implementation for envelope.Service. -type gRPCService struct { - kmsClient kmsapi.KeyManagementServiceClient - connection *grpc.ClientConn - callTimeout time.Duration -} - -// NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider. -func NewGRPCService(ctx context.Context, endpoint string, callTimeout time.Duration) (Service, error) { - klog.V(4).Infof("Configure KMS provider with endpoint: %s", endpoint) - - addr, err := util.ParseEndpoint(endpoint) - if err != nil { - return nil, err - } - - s := &gRPCService{callTimeout: callTimeout} - s.connection, err = grpc.Dial( - addr, - grpc.WithTransportCredentials(insecure.NewCredentials()), - grpc.WithDefaultCallOptions(grpc.WaitForReady(true)), - grpc.WithContextDialer( - func(context.Context, string) (net.Conn, error) { - // Ignoring addr and timeout arguments: - // addr - comes from the closure - c, err := net.DialUnix(unixProtocol, nil, &net.UnixAddr{Name: addr}) - if err != nil { - klog.Errorf("failed to create connection to unix socket: %s, error: %v", addr, err) - } else { - klog.V(4).Infof("Successfully dialed Unix socket %v", addr) - } - return c, err - })) - - if err != nil { - return nil, fmt.Errorf("failed to create connection to %s, error: %v", endpoint, err) - } - - s.kmsClient = kmsapi.NewKeyManagementServiceClient(s.connection) - - go func() { - defer utilruntime.HandleCrash() - - <-ctx.Done() - _ = s.connection.Close() - }() - - return s, nil -} - -// Decrypt a given data string to obtain the original byte data. -func (g *gRPCService) Decrypt(ctx context.Context, uid string, req *DecryptRequest) ([]byte, error) { - ctx, cancel := context.WithTimeout(ctx, g.callTimeout) - defer cancel() - - request := &kmsapi.DecryptRequest{ - Ciphertext: req.Ciphertext, - Uid: uid, - KeyId: req.KeyID, - Annotations: req.Annotations, - } - response, err := g.kmsClient.Decrypt(ctx, request) - if err != nil { - return nil, err - } - return response.Plaintext, nil -} - -// Encrypt bytes to a string ciphertext. -func (g *gRPCService) Encrypt(ctx context.Context, uid string, plaintext []byte) (*EncryptResponse, error) { - ctx, cancel := context.WithTimeout(ctx, g.callTimeout) - defer cancel() - - request := &kmsapi.EncryptRequest{ - Plaintext: plaintext, - Uid: uid, - } - response, err := g.kmsClient.Encrypt(ctx, request) - if err != nil { - return nil, err - } - return &EncryptResponse{ - Ciphertext: response.Ciphertext, - KeyID: response.KeyId, - Annotations: response.Annotations, - }, nil -} - -// Status returns the status of the KMSv2 provider. -func (g *gRPCService) Status(ctx context.Context) (*StatusResponse, error) { - ctx, cancel := context.WithTimeout(ctx, g.callTimeout) - defer cancel() - - request := &kmsapi.StatusRequest{} - response, err := g.kmsClient.Status(ctx, request) - if err != nil { - return nil, err - } - return &StatusResponse{Version: response.Version, Healthz: response.Healthz, KeyID: response.KeyId}, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/OWNERS deleted file mode 100644 index fa20d4cbeb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# Disable inheritance as this is an api owners file -options: - no_parent_owners: true -approvers: - - api-approvers -reviewers: - - sig-auth-api-reviewers diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/api.pb.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/api.pb.go deleted file mode 100644 index 307b0b248c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/api.pb.go +++ /dev/null @@ -1,128 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: api.proto - -package v2alpha1 - -import ( - fmt "fmt" - proto "github.com/gogo/protobuf/proto" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -// EncryptedObject is the representation of data stored in etcd after envelope encryption. -type EncryptedObject struct { - // EncryptedData is the encrypted data. - EncryptedData []byte `protobuf:"bytes,1,opt,name=encryptedData,proto3" json:"encryptedData,omitempty"` - // KeyID is the KMS key ID used for encryption operations. - KeyID string `protobuf:"bytes,2,opt,name=keyID,proto3" json:"keyID,omitempty"` - // EncryptedDEK is the encrypted DEK. - EncryptedDEK []byte `protobuf:"bytes,3,opt,name=encryptedDEK,proto3" json:"encryptedDEK,omitempty"` - // Annotations is additional metadata that was provided by the KMS plugin. - Annotations map[string][]byte `protobuf:"bytes,4,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EncryptedObject) Reset() { *m = EncryptedObject{} } -func (m *EncryptedObject) String() string { return proto.CompactTextString(m) } -func (*EncryptedObject) ProtoMessage() {} -func (*EncryptedObject) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{0} -} -func (m *EncryptedObject) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptedObject.Unmarshal(m, b) -} -func (m *EncryptedObject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptedObject.Marshal(b, m, deterministic) -} -func (m *EncryptedObject) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptedObject.Merge(m, src) -} -func (m *EncryptedObject) XXX_Size() int { - return xxx_messageInfo_EncryptedObject.Size(m) -} -func (m *EncryptedObject) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptedObject.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptedObject proto.InternalMessageInfo - -func (m *EncryptedObject) GetEncryptedData() []byte { - if m != nil { - return m.EncryptedData - } - return nil -} - -func (m *EncryptedObject) GetKeyID() string { - if m != nil { - return m.KeyID - } - return "" -} - -func (m *EncryptedObject) GetEncryptedDEK() []byte { - if m != nil { - return m.EncryptedDEK - } - return nil -} - -func (m *EncryptedObject) GetAnnotations() map[string][]byte { - if m != nil { - return m.Annotations - } - return nil -} - -func init() { - proto.RegisterType((*EncryptedObject)(nil), "v2alpha1.EncryptedObject") - proto.RegisterMapType((map[string][]byte)(nil), "v2alpha1.EncryptedObject.AnnotationsEntry") -} - -func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } - -var fileDescriptor_00212fb1f9d3bf1c = []byte{ - // 200 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, - 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x28, 0x33, 0x4a, 0xcc, 0x29, 0xc8, 0x48, 0x34, 0x54, - 0xfa, 0xcf, 0xc8, 0xc5, 0xef, 0x9a, 0x97, 0x5c, 0x54, 0x59, 0x50, 0x92, 0x9a, 0xe2, 0x9f, 0x94, - 0x95, 0x9a, 0x5c, 0x22, 0xa4, 0xc2, 0xc5, 0x9b, 0x0a, 0x13, 0x72, 0x49, 0x2c, 0x49, 0x94, 0x60, - 0x54, 0x60, 0xd4, 0xe0, 0x09, 0x42, 0x15, 0x14, 0x12, 0xe1, 0x62, 0xcd, 0x4e, 0xad, 0xf4, 0x74, - 0x91, 0x60, 0x52, 0x60, 0xd4, 0xe0, 0x0c, 0x82, 0x70, 0x84, 0x94, 0xb8, 0x78, 0x10, 0xca, 0x5c, - 0xbd, 0x25, 0x98, 0xc1, 0x5a, 0x51, 0xc4, 0x84, 0x7c, 0xb8, 0xb8, 0x13, 0xf3, 0xf2, 0xf2, 0x4b, - 0x12, 0x4b, 0x32, 0xf3, 0xf3, 0x8a, 0x25, 0x58, 0x14, 0x98, 0x35, 0xb8, 0x8d, 0xb4, 0xf4, 0x60, - 0x6e, 0xd2, 0x43, 0x73, 0x8f, 0x9e, 0x23, 0x42, 0xb1, 0x6b, 0x5e, 0x49, 0x51, 0x65, 0x10, 0xb2, - 0x76, 0x29, 0x3b, 0x2e, 0x01, 0x74, 0x05, 0x42, 0x02, 0x5c, 0xcc, 0xd9, 0xa9, 0x95, 0x60, 0x77, - 0x73, 0x06, 0x81, 0x98, 0x20, 0xd7, 0x96, 0x25, 0xe6, 0x94, 0xa6, 0x82, 0x5d, 0xcb, 0x13, 0x04, - 0xe1, 0x58, 0x31, 0x59, 0x30, 0x26, 0xb1, 0x81, 0x83, 0xc4, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, - 0x88, 0x8c, 0xbb, 0x4e, 0x1f, 0x01, 0x00, 0x00, -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/api.proto b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/api.proto deleted file mode 100644 index e3b978b05e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/api.proto +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// To regenerate api.pb.go run hack/update-generated-kms.sh -syntax = "proto3"; - -package v2alpha1; - -// EncryptedObject is the representation of data stored in etcd after envelope encryption. -message EncryptedObject { - // EncryptedData is the encrypted data. - bytes encryptedData = 1; - - // KeyID is the KMS key ID used for encryption operations. - string keyID = 2; - - // EncryptedDEK is the encrypted DEK. - bytes encryptedDEK = 3; - - // Annotations is additional metadata that was provided by the KMS plugin. - map<string, bytes> annotations = 4; -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/v2alpha1.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/v2alpha1.go deleted file mode 100644 index b8bed64e8c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1/v2alpha1.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v2alpha1 contains definition of kms-plugin's serialized types. -package v2alpha1 diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics/metrics.go deleted file mode 100644 index ca0e0ad0f6..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics/metrics.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "sync" - "time" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const ( - namespace = "apiserver" - subsystem = "envelope_encryption" - FromStorageLabel = "from_storage" - ToStorageLabel = "to_storage" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -var ( - lockLastFromStorage sync.Mutex - lockLastToStorage sync.Mutex - - lastFromStorage time.Time - lastToStorage time.Time - - dekCacheFillPercent = metrics.NewGauge( - &metrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "dek_cache_fill_percent", - Help: "Percent of the cache slots currently occupied by cached DEKs.", - StabilityLevel: metrics.ALPHA, - }, - ) - - dekCacheInterArrivals = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "dek_cache_inter_arrival_time_seconds", - Help: "Time (in seconds) of inter arrival of transformation requests.", - StabilityLevel: metrics.ALPHA, - Buckets: metrics.ExponentialBuckets(60, 2, 10), - }, - []string{"transformation_type"}, - ) -) - -var registerMetricsFunc sync.Once - -func RegisterMetrics() { - registerMetricsFunc.Do(func() { - legacyregistry.MustRegister(dekCacheFillPercent) - legacyregistry.MustRegister(dekCacheInterArrivals) - }) -} - -func RecordArrival(transformationType string, start time.Time) { - switch transformationType { - case FromStorageLabel: - lockLastFromStorage.Lock() - defer lockLastFromStorage.Unlock() - - if lastFromStorage.IsZero() { - lastFromStorage = start - } - dekCacheInterArrivals.WithLabelValues(transformationType).Observe(start.Sub(lastFromStorage).Seconds()) - lastFromStorage = start - case ToStorageLabel: - lockLastToStorage.Lock() - defer lockLastToStorage.Unlock() - - if lastToStorage.IsZero() { - lastToStorage = start - } - dekCacheInterArrivals.WithLabelValues(transformationType).Observe(start.Sub(lastToStorage).Seconds()) - lastToStorage = start - } -} - -func RecordDekCacheFillPercent(percent float64) { - dekCacheFillPercent.Set(percent) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/util/util.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/util/util.go deleted file mode 100644 index f062370aba..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/util/util.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "fmt" - "net/url" - "strings" -) - -const ( - // unixProtocol is the only supported protocol for remote KMS provider. - unixProtocol = "unix" -) - -// Parse the endpoint to extract schema, host or path. -func ParseEndpoint(endpoint string) (string, error) { - if len(endpoint) == 0 { - return "", fmt.Errorf("remote KMS provider can't use empty string as endpoint") - } - - u, err := url.Parse(endpoint) - if err != nil { - return "", fmt.Errorf("invalid endpoint %q for remote KMS provider, error: %v", endpoint, err) - } - - if u.Scheme != unixProtocol { - return "", fmt.Errorf("unsupported scheme %q for remote KMS provider", u.Scheme) - } - - // Linux abstract namespace socket - no physical file required - // Warning: Linux Abstract sockets have not concept of ACL (unlike traditional file based sockets). - // However, Linux Abstract sockets are subject to Linux networking namespace, so will only be accessible to - // containers within the same pod (unless host networking is used). - if strings.HasPrefix(u.Path, "/@") { - return strings.TrimPrefix(u.Path, "/"), nil - } - - return u.Path, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/identity/identity.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/identity/identity.go deleted file mode 100644 index 8d967d7068..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/identity/identity.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package identity - -import ( - "bytes" - "context" - "fmt" - - "k8s.io/apiserver/pkg/storage/value" -) - -var ( - transformer = identityTransformer{} - encryptedPrefix = []byte("k8s:enc:") - errEncryptedData = fmt.Errorf("identity transformer tried to read encrypted data") -) - -// identityTransformer performs no transformation on provided data, but validates -// that the data is not encrypted data during TransformFromStorage -type identityTransformer struct{} - -// NewEncryptCheckTransformer returns an identityTransformer which returns an error -// on attempts to read encrypted data -func NewEncryptCheckTransformer() value.Transformer { - return transformer -} - -// TransformFromStorage returns the input bytes if the data is not encrypted -func (identityTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { - // identityTransformer has to return an error if the data is encoded using another transformer. - // JSON data starts with '{'. Protobuf data has a prefix 'k8s[\x00-\xFF]'. - // Prefix 'k8s:enc:' is reserved for encrypted data on disk. - if bytes.HasPrefix(data, encryptedPrefix) { - return nil, false, errEncryptedData - } - return data, false, nil -} - -// TransformToStorage implements the Transformer interface for identityTransformer -func (identityTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { - return data, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go deleted file mode 100644 index 9aec8acd39..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package secretbox transforms values for storage at rest using XSalsa20 and Poly1305. -package secretbox - -import ( - "context" - "crypto/rand" - "fmt" - - "golang.org/x/crypto/nacl/secretbox" - - "k8s.io/apiserver/pkg/storage/value" -) - -// secretbox implements at rest encryption of the provided values given a 32 byte secret key. -// Uses a standard 24 byte nonce (placed at the beginning of the cipher text) generated -// from crypto/rand. Does not perform authentication of the data at rest. -type secretboxTransformer struct { - key [32]byte -} - -const nonceSize = 24 - -// NewSecretboxTransformer takes the given key and performs encryption and decryption on the given -// data. -func NewSecretboxTransformer(key [32]byte) value.Transformer { - return &secretboxTransformer{key: key} -} - -func (t *secretboxTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { - if len(data) < (secretbox.Overhead + nonceSize) { - return nil, false, fmt.Errorf("the stored data was shorter than the required size") - } - var nonce [nonceSize]byte - copy(nonce[:], data[:nonceSize]) - data = data[nonceSize:] - out := make([]byte, 0, len(data)-secretbox.Overhead) - result, ok := secretbox.Open(out, data, &nonce, &t.key) - if !ok { - return nil, false, fmt.Errorf("output array was not large enough for encryption") - } - return result, false, nil -} - -func (t *secretboxTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { - var nonce [nonceSize]byte - n, err := rand.Read(nonce[:]) - if err != nil { - return nil, err - } - if n != nonceSize { - return nil, fmt.Errorf("unable to read sufficient random bytes") - } - return secretbox.Seal(nonce[:], data, &nonce, &t.key), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/metrics.go deleted file mode 100644 index 63ab526af1..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/metrics.go +++ /dev/null @@ -1,141 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package value - -import ( - "sync" - "time" - - "google.golang.org/grpc/status" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const ( - namespace = "apiserver" - subsystem = "storage" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ -var ( - transformerLatencies = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "transformation_duration_seconds", - Help: "Latencies in seconds of value transformation operations.", - // In-process transformations (ex. AES CBC) complete on the order of 20 microseconds. However, when - // external KMS is involved latencies may climb into hundreds of milliseconds. - Buckets: metrics.ExponentialBuckets(5e-6, 2, 25), - StabilityLevel: metrics.ALPHA, - }, - []string{"transformation_type"}, - ) - - transformerOperationsTotal = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "transformation_operations_total", - Help: "Total number of transformations.", - StabilityLevel: metrics.ALPHA, - }, - []string{"transformation_type", "transformer_prefix", "status"}, - ) - - envelopeTransformationCacheMissTotal = metrics.NewCounter( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "envelope_transformation_cache_misses_total", - Help: "Total number of cache misses while accessing key decryption key(KEK).", - StabilityLevel: metrics.ALPHA, - }, - ) - - dataKeyGenerationLatencies = metrics.NewHistogram( - &metrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "data_key_generation_duration_seconds", - Help: "Latencies in seconds of data encryption key(DEK) generation operations.", - Buckets: metrics.ExponentialBuckets(5e-6, 2, 14), - StabilityLevel: metrics.ALPHA, - }, - ) - - dataKeyGenerationFailuresTotal = metrics.NewCounter( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "data_key_generation_failures_total", - Help: "Total number of failed data encryption key(DEK) generation operations.", - StabilityLevel: metrics.ALPHA, - }, - ) -) - -var registerMetrics sync.Once - -func RegisterMetrics() { - registerMetrics.Do(func() { - legacyregistry.MustRegister(transformerLatencies) - legacyregistry.MustRegister(transformerOperationsTotal) - legacyregistry.MustRegister(envelopeTransformationCacheMissTotal) - legacyregistry.MustRegister(dataKeyGenerationLatencies) - legacyregistry.MustRegister(dataKeyGenerationFailuresTotal) - }) -} - -// RecordTransformation records latencies and count of TransformFromStorage and TransformToStorage operations. -// Note that transformation_failures_total metric is deprecated, use transformation_operations_total instead. -func RecordTransformation(transformationType, transformerPrefix string, start time.Time, err error) { - transformerOperationsTotal.WithLabelValues(transformationType, transformerPrefix, status.Code(err).String()).Inc() - - switch { - case err == nil: - transformerLatencies.WithLabelValues(transformationType).Observe(sinceInSeconds(start)) - } -} - -// RecordCacheMiss records a miss on Key Encryption Key(KEK) - call to KMS was required to decrypt KEK. -func RecordCacheMiss() { - envelopeTransformationCacheMissTotal.Inc() -} - -// RecordDataKeyGeneration records latencies and count of Data Encryption Key generation operations. -func RecordDataKeyGeneration(start time.Time, err error) { - if err != nil { - dataKeyGenerationFailuresTotal.Inc() - return - } - - dataKeyGenerationLatencies.Observe(sinceInSeconds(start)) -} - -// sinceInSeconds gets the time since the specified start in seconds. -func sinceInSeconds(start time.Time) float64 { - return time.Since(start).Seconds() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/transformer.go b/etcd/vendor/k8s.io/apiserver/pkg/storage/value/transformer.go deleted file mode 100644 index 8e5bf94c91..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storage/value/transformer.go +++ /dev/null @@ -1,166 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package value contains methods for assisting with transformation of values in storage. -package value - -import ( - "bytes" - "context" - "fmt" - "time" - - "k8s.io/apimachinery/pkg/util/errors" -) - -func init() { - RegisterMetrics() -} - -// Context is additional information that a storage transformation may need to verify the data at rest. -type Context interface { - // AuthenticatedData should return an array of bytes that describes the current value. If the value changes, - // the transformer may report the value as unreadable or tampered. This may be nil if no such description exists - // or is needed. For additional verification, set this to data that strongly identifies the value, such as - // the key and creation version of the stored data. - AuthenticatedData() []byte -} - -// Transformer allows a value to be transformed before being read from or written to the underlying store. The methods -// must be able to undo the transformation caused by the other. -type Transformer interface { - // TransformFromStorage may transform the provided data from its underlying storage representation or return an error. - // Stale is true if the object on disk is stale and a write to etcd should be issued, even if the contents of the object - // have not changed. - TransformFromStorage(ctx context.Context, data []byte, dataCtx Context) (out []byte, stale bool, err error) - // TransformToStorage may transform the provided data into the appropriate form in storage or return an error. - TransformToStorage(ctx context.Context, data []byte, dataCtx Context) (out []byte, err error) -} - -// DefaultContext is a simple implementation of Context for a slice of bytes. -type DefaultContext []byte - -// AuthenticatedData returns itself. -func (c DefaultContext) AuthenticatedData() []byte { return c } - -// PrefixTransformer holds a transformer interface and the prefix that the transformation is located under. -type PrefixTransformer struct { - Prefix []byte - Transformer Transformer -} - -type prefixTransformers struct { - transformers []PrefixTransformer - err error -} - -var _ Transformer = &prefixTransformers{} - -// NewPrefixTransformers supports the Transformer interface by checking the incoming data against the provided -// prefixes in order. The first matching prefix will be used to transform the value (the prefix is stripped -// before the Transformer interface is invoked). The first provided transformer will be used when writing to -// the store. -func NewPrefixTransformers(err error, transformers ...PrefixTransformer) Transformer { - if err == nil { - err = fmt.Errorf("the provided value does not match any of the supported transformers") - } - return &prefixTransformers{ - transformers: transformers, - err: err, - } -} - -// TransformFromStorage finds the first transformer with a prefix matching the provided data and returns -// the result of transforming the value. It will always mark any transformation as stale that is not using -// the first transformer. -func (t *prefixTransformers) TransformFromStorage(ctx context.Context, data []byte, dataCtx Context) ([]byte, bool, error) { - start := time.Now() - var errs []error - for i, transformer := range t.transformers { - if bytes.HasPrefix(data, transformer.Prefix) { - result, stale, err := transformer.Transformer.TransformFromStorage(ctx, data[len(transformer.Prefix):], dataCtx) - // To migrate away from encryption, user can specify an identity transformer higher up - // (in the config file) than the encryption transformer. In that scenario, the identity transformer needs to - // identify (during reads from disk) whether the data being read is encrypted or not. If the data is encrypted, - // it shall throw an error, but that error should not prevent the next subsequent transformer from being tried. - if len(transformer.Prefix) == 0 && err != nil { - continue - } - if len(transformer.Prefix) == 0 { - RecordTransformation("from_storage", "identity", start, err) - } else { - RecordTransformation("from_storage", string(transformer.Prefix), start, err) - } - - // It is valid to have overlapping prefixes when the same encryption provider - // is specified multiple times but with different keys (the first provider is - // being rotated to and some later provider is being rotated away from). - // - // Example: - // - // { - // "aescbc": { - // "keys": [ - // { - // "name": "2", - // "secret": "some key 2" - // } - // ] - // } - // }, - // { - // "aescbc": { - // "keys": [ - // { - // "name": "1", - // "secret": "some key 1" - // } - // ] - // } - // }, - // - // The transformers for both aescbc configs share the prefix k8s:enc:aescbc:v1: - // but a failure in the first one should not prevent a later match from being attempted. - // Thus we never short-circuit on a prefix match that results in an error. - if err != nil { - errs = append(errs, err) - continue - } - - return result, stale || i != 0, err - } - } - if err := errors.Reduce(errors.NewAggregate(errs)); err != nil { - return nil, false, err - } - RecordTransformation("from_storage", "unknown", start, t.err) - return nil, false, t.err -} - -// TransformToStorage uses the first transformer and adds its prefix to the data. -func (t *prefixTransformers) TransformToStorage(ctx context.Context, data []byte, dataCtx Context) ([]byte, error) { - start := time.Now() - transformer := t.transformers[0] - result, err := transformer.Transformer.TransformToStorage(ctx, data, dataCtx) - RecordTransformation("to_storage", string(transformer.Prefix), start, err) - if err != nil { - return nil, err - } - prefixedData := make([]byte, len(transformer.Prefix), len(result)+len(transformer.Prefix)) - copy(prefixedData, transformer.Prefix) - prefixedData = append(prefixedData, result...) - return prefixedData, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storageversion/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/storageversion/OWNERS deleted file mode 100644 index 869b3da0dc..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storageversion/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - caesarxuchao - - roycaihw diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storageversion/manager.go b/etcd/vendor/k8s.io/apiserver/pkg/storageversion/manager.go deleted file mode 100644 index 0e0d9542b0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storageversion/manager.go +++ /dev/null @@ -1,294 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storageversion - -import ( - "fmt" - "sort" - "sync" - "sync/atomic" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - _ "k8s.io/component-base/metrics/prometheus/workqueue" // for workqueue metric registration - "k8s.io/klog/v2" -) - -// ResourceInfo contains the information to register the resource to the -// storage version API. -type ResourceInfo struct { - GroupResource schema.GroupResource - - EncodingVersion string - // Used to calculate decodable versions. Can only be used after all - // equivalent versions are registered by InstallREST. - EquivalentResourceMapper runtime.EquivalentResourceRegistry - - // DirectlyDecodableVersions is a list of versions that the converter for REST storage knows how to convert. This - // contains items like apiextensions.k8s.io/v1beta1 even if we don't serve that version. - DirectlyDecodableVersions []schema.GroupVersion -} - -// Manager records the resources whose StorageVersions need updates, and provides a method to update those StorageVersions. -type Manager interface { - // AddResourceInfo records resources whose StorageVersions need updates - AddResourceInfo(resources ...*ResourceInfo) - // UpdateStorageVersions tries to update the StorageVersions of the recorded resources - UpdateStorageVersions(kubeAPIServerClientConfig *rest.Config, apiserverID string) - // PendingUpdate returns true if the StorageVersion of the given resource is still pending update. - PendingUpdate(gr schema.GroupResource) bool - // LastUpdateError returns the last error hit when updating the storage version of the given resource. - LastUpdateError(gr schema.GroupResource) error - // Completed returns true if updating StorageVersions of all recorded resources has completed. - Completed() bool -} - -var _ Manager = &defaultManager{} - -// defaultManager indicates if an apiserver has completed reporting its storage versions. -type defaultManager struct { - completed atomic.Bool - - mu sync.RWMutex - // managedResourceInfos records the ResourceInfos whose StorageVersions will get updated in the next - // UpdateStorageVersions call - managedResourceInfos map[*ResourceInfo]struct{} - // managedStatus records the update status of StorageVersion for each GroupResource. Since one - // ResourceInfo may expand into multiple GroupResource (e.g. ingresses.networking.k8s.io and ingresses.extensions), - // this map allows quick status lookup for a GroupResource, during API request handling. - managedStatus map[schema.GroupResource]*updateStatus -} - -type updateStatus struct { - done bool - lastErr error -} - -// NewDefaultManager creates a new defaultManager. -func NewDefaultManager() Manager { - s := &defaultManager{} - s.completed.Store(false) - s.managedResourceInfos = make(map[*ResourceInfo]struct{}) - s.managedStatus = make(map[schema.GroupResource]*updateStatus) - return s -} - -// AddResourceInfo adds ResourceInfo to the manager. -func (s *defaultManager) AddResourceInfo(resources ...*ResourceInfo) { - s.mu.Lock() - defer s.mu.Unlock() - for _, r := range resources { - s.managedResourceInfos[r] = struct{}{} - s.addPendingManagedStatusLocked(r) - } -} - -func (s *defaultManager) addPendingManagedStatusLocked(r *ResourceInfo) { - gvrs := r.EquivalentResourceMapper.EquivalentResourcesFor(r.GroupResource.WithVersion(""), "") - for _, gvr := range gvrs { - gr := gvr.GroupResource() - if _, ok := s.managedStatus[gr]; !ok { - s.managedStatus[gr] = &updateStatus{} - } - } -} - -// UpdateStorageVersions tries to update the StorageVersions of the recorded resources -func (s *defaultManager) UpdateStorageVersions(kubeAPIServerClientConfig *rest.Config, serverID string) { - clientset, err := kubernetes.NewForConfig(kubeAPIServerClientConfig) - if err != nil { - utilruntime.HandleError(fmt.Errorf("failed to get clientset: %v", err)) - return - } - sc := clientset.InternalV1alpha1().StorageVersions() - - s.mu.RLock() - resources := []ResourceInfo{} - for resource := range s.managedResourceInfos { - resources = append(resources, *resource) - } - s.mu.RUnlock() - hasFailure := false - // Sorting the list to make sure we have a consistent dedup result, and - // therefore avoid creating unnecessarily duplicated StorageVersion objects. - // For example, extensions.ingresses and networking.k8s.io.ingresses share - // the same underlying storage. Without sorting, in an HA cluster, one - // apiserver may dedup and update StorageVersion for extensions.ingresses, - // while another apiserver may dedup and update StorageVersion for - // networking.k8s.io.ingresses. The storage migrator (which migrates objects - // per GroupResource) will migrate these resources twice, since both - // StorageVersion objects have CommonEncodingVersion (each with one server registered). - sortResourceInfosByGroupResource(resources) - for _, r := range dedupResourceInfos(resources) { - decodableVersions := decodableVersions(r.DirectlyDecodableVersions, r.EquivalentResourceMapper, r.GroupResource) - gr := r.GroupResource - // Group must be a valid subdomain in DNS (RFC 1123) - if len(gr.Group) == 0 { - gr.Group = "core" - } - if err := updateStorageVersionFor(sc, serverID, gr, r.EncodingVersion, decodableVersions); err != nil { - utilruntime.HandleError(fmt.Errorf("failed to update storage version for %v: %v", r.GroupResource, err)) - s.recordStatusFailure(&r, err) - hasFailure = true - continue - } - klog.V(2).Infof("successfully updated storage version for %v", r.GroupResource) - s.recordStatusSuccess(&r) - } - if hasFailure { - return - } - klog.V(2).Infof("storage version updates complete") - s.setComplete() -} - -// dedupResourceInfos dedups ResourceInfos with the same underlying storage. -// ResourceInfos from the same Group with different Versions share the same underlying storage. -// ResourceInfos from different Groups may share the same underlying storage, e.g. -// networking.k8s.io ingresses and extensions ingresses. The StorageVersion manager -// only needs to update one StorageVersion for the equivalent Groups. -func dedupResourceInfos(infos []ResourceInfo) []ResourceInfo { - var ret []ResourceInfo - seen := make(map[schema.GroupResource]struct{}) - for _, info := range infos { - gr := info.GroupResource - if _, ok := seen[gr]; ok { - continue - } - gvrs := info.EquivalentResourceMapper.EquivalentResourcesFor(gr.WithVersion(""), "") - for _, gvr := range gvrs { - seen[gvr.GroupResource()] = struct{}{} - } - ret = append(ret, info) - } - return ret -} - -func sortResourceInfosByGroupResource(infos []ResourceInfo) { - sort.Sort(byGroupResource(infos)) -} - -type byGroupResource []ResourceInfo - -func (s byGroupResource) Len() int { return len(s) } - -func (s byGroupResource) Less(i, j int) bool { - if s[i].GroupResource.Group == s[j].GroupResource.Group { - return s[i].GroupResource.Resource < s[j].GroupResource.Resource - } - return s[i].GroupResource.Group < s[j].GroupResource.Group -} - -func (s byGroupResource) Swap(i, j int) { s[i], s[j] = s[j], s[i] } - -// recordStatusSuccess marks updated ResourceInfo as completed. -func (s *defaultManager) recordStatusSuccess(r *ResourceInfo) { - s.mu.Lock() - defer s.mu.Unlock() - s.recordStatusSuccessLocked(r) -} - -func (s *defaultManager) recordStatusSuccessLocked(r *ResourceInfo) { - gvrs := r.EquivalentResourceMapper.EquivalentResourcesFor(r.GroupResource.WithVersion(""), "") - for _, gvr := range gvrs { - s.recordSuccessGroupResourceLocked(gvr.GroupResource()) - } -} - -func (s *defaultManager) recordSuccessGroupResourceLocked(gr schema.GroupResource) { - if _, ok := s.managedStatus[gr]; !ok { - return - } - s.managedStatus[gr].done = true - s.managedStatus[gr].lastErr = nil -} - -// recordStatusFailure records latest error updating ResourceInfo. -func (s *defaultManager) recordStatusFailure(r *ResourceInfo, err error) { - s.mu.Lock() - defer s.mu.Unlock() - s.recordStatusFailureLocked(r, err) -} - -func (s *defaultManager) recordStatusFailureLocked(r *ResourceInfo, err error) { - gvrs := r.EquivalentResourceMapper.EquivalentResourcesFor(r.GroupResource.WithVersion(""), "") - for _, gvr := range gvrs { - s.recordErrorGroupResourceLocked(gvr.GroupResource(), err) - } -} - -func (s *defaultManager) recordErrorGroupResourceLocked(gr schema.GroupResource, err error) { - if _, ok := s.managedStatus[gr]; !ok { - return - } - s.managedStatus[gr].lastErr = err -} - -// PendingUpdate returns if the StorageVersion of a resource is still wait to be updated. -func (s *defaultManager) PendingUpdate(gr schema.GroupResource) bool { - s.mu.RLock() - defer s.mu.RUnlock() - if _, ok := s.managedStatus[gr]; !ok { - return false - } - return !s.managedStatus[gr].done -} - -// LastUpdateError returns the last error hit when updating the storage version of the given resource. -func (s *defaultManager) LastUpdateError(gr schema.GroupResource) error { - s.mu.RLock() - defer s.mu.RUnlock() - if _, ok := s.managedStatus[gr]; !ok { - return fmt.Errorf("couldn't find managed status for %v", gr) - } - return s.managedStatus[gr].lastErr -} - -// setComplete marks the completion of updating StorageVersions. No write requests need to be blocked anymore. -func (s *defaultManager) setComplete() { - s.completed.Store(true) -} - -// Completed returns if updating StorageVersions has completed. -func (s *defaultManager) Completed() bool { - return s.completed.Load() -} - -func decodableVersions(directlyDecodableVersions []schema.GroupVersion, e runtime.EquivalentResourceRegistry, gr schema.GroupResource) []string { - var versions []string - for _, decodableVersions := range directlyDecodableVersions { - versions = append(versions, decodableVersions.String()) - } - - decodingGVRs := e.EquivalentResourcesFor(gr.WithVersion(""), "") - for _, v := range decodingGVRs { - found := false - for _, existingVersion := range versions { - if existingVersion == v.GroupVersion().String() { - found = true - } - } - if found { - continue - } - versions = append(versions, v.GroupVersion().String()) - } - return versions -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/storageversion/updater.go b/etcd/vendor/k8s.io/apiserver/pkg/storageversion/updater.go deleted file mode 100644 index ce4d87e91c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/storageversion/updater.go +++ /dev/null @@ -1,196 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storageversion - -import ( - "context" - "fmt" - "time" - - "k8s.io/api/apiserverinternal/v1alpha1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/klog/v2" -) - -// Client has the methods required to update the storage version. -type Client interface { - Create(context.Context, *v1alpha1.StorageVersion, metav1.CreateOptions) (*v1alpha1.StorageVersion, error) - UpdateStatus(context.Context, *v1alpha1.StorageVersion, metav1.UpdateOptions) (*v1alpha1.StorageVersion, error) - Get(context.Context, string, metav1.GetOptions) (*v1alpha1.StorageVersion, error) -} - -// SetCommonEncodingVersion updates the CommonEncodingVersion and the AllEncodingVersionsEqual -// condition based on the StorageVersions. -func SetCommonEncodingVersion(sv *v1alpha1.StorageVersion) { - var oldCommonEncodingVersion *string - if sv.Status.CommonEncodingVersion != nil { - version := *sv.Status.CommonEncodingVersion - oldCommonEncodingVersion = &version - } - sv.Status.CommonEncodingVersion = nil - if len(sv.Status.StorageVersions) != 0 { - firstVersion := sv.Status.StorageVersions[0].EncodingVersion - agreed := true - for _, ssv := range sv.Status.StorageVersions { - if ssv.EncodingVersion != firstVersion { - agreed = false - break - } - } - if agreed { - sv.Status.CommonEncodingVersion = &firstVersion - } - } - - condition := v1alpha1.StorageVersionCondition{ - Type: v1alpha1.AllEncodingVersionsEqual, - Status: v1alpha1.ConditionFalse, - ObservedGeneration: sv.Generation, - LastTransitionTime: metav1.NewTime(time.Now()), - Reason: "CommonEncodingVersionUnset", - Message: "Common encoding version unset", - } - if sv.Status.CommonEncodingVersion != nil { - condition.Status = v1alpha1.ConditionTrue - condition.Reason = "CommonEncodingVersionSet" - condition.Message = "Common encoding version set" - } - forceTransition := false - if oldCommonEncodingVersion != nil && sv.Status.CommonEncodingVersion != nil && - *oldCommonEncodingVersion != *sv.Status.CommonEncodingVersion { - forceTransition = true - } - setStatusCondition(&sv.Status.Conditions, condition, forceTransition) -} - -func findStatusCondition(conditions []v1alpha1.StorageVersionCondition, - conditionType v1alpha1.StorageVersionConditionType) *v1alpha1.StorageVersionCondition { - for i := range conditions { - if conditions[i].Type == conditionType { - return &conditions[i] - } - } - return nil -} - -// setStatusCondition sets the corresponding condition in conditions to newCondition. -// conditions must be non-nil. -// 1. if the condition of the specified type already exists: all fields of the existing condition are updated to -// newCondition, LastTransitionTime is set to now if the new status differs from the old status -// 2. if a condition of the specified type does not exist: LastTransitionTime is set to now() if unset, -// and newCondition is appended -// -// NOTE: forceTransition allows overwriting LastTransitionTime even when the status doesn't change. -func setStatusCondition(conditions *[]v1alpha1.StorageVersionCondition, newCondition v1alpha1.StorageVersionCondition, - forceTransition bool) { - if conditions == nil { - return - } - - if newCondition.LastTransitionTime.IsZero() { - newCondition.LastTransitionTime = metav1.NewTime(time.Now()) - } - existingCondition := findStatusCondition(*conditions, newCondition.Type) - if existingCondition == nil { - *conditions = append(*conditions, newCondition) - return - } - - statusChanged := existingCondition.Status != newCondition.Status - if statusChanged || forceTransition { - existingCondition.LastTransitionTime = newCondition.LastTransitionTime - } - existingCondition.Status = newCondition.Status - existingCondition.Reason = newCondition.Reason - existingCondition.Message = newCondition.Message - existingCondition.ObservedGeneration = newCondition.ObservedGeneration -} - -// updateStorageVersionFor updates the storage version object for the resource. -func updateStorageVersionFor(c Client, apiserverID string, gr schema.GroupResource, encodingVersion string, decodableVersions []string) error { - retries := 3 - var retry int - var err error - for retry < retries { - err = singleUpdate(c, apiserverID, gr, encodingVersion, decodableVersions) - if err == nil { - return nil - } - if apierrors.IsAlreadyExists(err) || apierrors.IsConflict(err) { - time.Sleep(1 * time.Second) - continue - } - if err != nil { - klog.Errorf("retry %d, failed to update storage version for %v: %v", retry, gr, err) - retry++ - time.Sleep(1 * time.Second) - } - } - return err -} - -func singleUpdate(c Client, apiserverID string, gr schema.GroupResource, encodingVersion string, decodableVersions []string) error { - shouldCreate := false - name := fmt.Sprintf("%s.%s", gr.Group, gr.Resource) - sv, err := c.Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil && !apierrors.IsNotFound(err) { - return err - } - if apierrors.IsNotFound(err) { - shouldCreate = true - sv = &v1alpha1.StorageVersion{} - sv.ObjectMeta.Name = name - } - updatedSV := localUpdateStorageVersion(sv, apiserverID, encodingVersion, decodableVersions) - if shouldCreate { - createdSV, err := c.Create(context.TODO(), updatedSV, metav1.CreateOptions{}) - if err != nil { - return err - } - // assign the calculated status to the object just created, then update status - createdSV.Status = updatedSV.Status - _, err = c.UpdateStatus(context.TODO(), createdSV, metav1.UpdateOptions{}) - return err - } - _, err = c.UpdateStatus(context.TODO(), updatedSV, metav1.UpdateOptions{}) - return err -} - -// localUpdateStorageVersion updates the input storageversion with given server storageversion info. -// The function updates the input storageversion in place. -func localUpdateStorageVersion(sv *v1alpha1.StorageVersion, apiserverID, encodingVersion string, decodableVersions []string) *v1alpha1.StorageVersion { - newSSV := v1alpha1.ServerStorageVersion{ - APIServerID: apiserverID, - EncodingVersion: encodingVersion, - DecodableVersions: decodableVersions, - } - foundSSV := false - for i, ssv := range sv.Status.StorageVersions { - if ssv.APIServerID == apiserverID { - sv.Status.StorageVersions[i] = newSSV - foundSSV = true - break - } - } - if !foundSSV { - sv.Status.StorageVersions = append(sv.Status.StorageVersions, newSSV) - } - SetCommonEncodingVersion(sv) - return sv -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/apihelpers/helpers.go b/etcd/vendor/k8s.io/apiserver/pkg/util/apihelpers/helpers.go deleted file mode 100644 index ffc1a0e406..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/apihelpers/helpers.go +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apihelpers - -import ( - "sort" - - flowcontrol "k8s.io/api/flowcontrol/v1beta3" -) - -// SetFlowSchemaCondition sets conditions. -func SetFlowSchemaCondition(flowSchema *flowcontrol.FlowSchema, newCondition flowcontrol.FlowSchemaCondition) { - existingCondition := GetFlowSchemaConditionByType(flowSchema, newCondition.Type) - if existingCondition == nil { - flowSchema.Status.Conditions = append(flowSchema.Status.Conditions, newCondition) - return - } - - if existingCondition.Status != newCondition.Status { - existingCondition.Status = newCondition.Status - existingCondition.LastTransitionTime = newCondition.LastTransitionTime - } - - existingCondition.Reason = newCondition.Reason - existingCondition.Message = newCondition.Message -} - -// GetFlowSchemaConditionByType gets conditions. -func GetFlowSchemaConditionByType(flowSchema *flowcontrol.FlowSchema, conditionType flowcontrol.FlowSchemaConditionType) *flowcontrol.FlowSchemaCondition { - for i := range flowSchema.Status.Conditions { - if flowSchema.Status.Conditions[i].Type == conditionType { - return &flowSchema.Status.Conditions[i] - } - } - return nil -} - -// SetPriorityLevelConfigurationCondition sets conditions. -func SetPriorityLevelConfigurationCondition(priorityLevel *flowcontrol.PriorityLevelConfiguration, newCondition flowcontrol.PriorityLevelConfigurationCondition) { - existingCondition := GetPriorityLevelConfigurationConditionByType(priorityLevel, newCondition.Type) - if existingCondition == nil { - priorityLevel.Status.Conditions = append(priorityLevel.Status.Conditions, newCondition) - return - } - - if existingCondition.Status != newCondition.Status { - existingCondition.Status = newCondition.Status - existingCondition.LastTransitionTime = newCondition.LastTransitionTime - } - - existingCondition.Reason = newCondition.Reason - existingCondition.Message = newCondition.Message -} - -// GetPriorityLevelConfigurationConditionByType gets conditions. -func GetPriorityLevelConfigurationConditionByType(priorityLevel *flowcontrol.PriorityLevelConfiguration, conditionType flowcontrol.PriorityLevelConfigurationConditionType) *flowcontrol.PriorityLevelConfigurationCondition { - for i := range priorityLevel.Status.Conditions { - if priorityLevel.Status.Conditions[i].Type == conditionType { - return &priorityLevel.Status.Conditions[i] - } - } - return nil -} - -var _ sort.Interface = FlowSchemaSequence{} - -// FlowSchemaSequence holds sorted set of pointers to FlowSchema objects. -// FlowSchemaSequence implements `sort.Interface` -type FlowSchemaSequence []*flowcontrol.FlowSchema - -func (s FlowSchemaSequence) Len() int { - return len(s) -} - -func (s FlowSchemaSequence) Less(i, j int) bool { - // the flow-schema w/ lower matching-precedence is prior - if ip, jp := s[i].Spec.MatchingPrecedence, s[j].Spec.MatchingPrecedence; ip != jp { - return ip < jp - } - // sort alphabetically - return s[i].Name < s[j].Name -} - -func (s FlowSchemaSequence) Swap(i, j int) { - s[i], s[j] = s[j], s[i] -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/dryrun/dryrun.go b/etcd/vendor/k8s.io/apiserver/pkg/util/dryrun/dryrun.go deleted file mode 100644 index 3e28c29345..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/dryrun/dryrun.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dryrun - -// IsDryRun returns true if the DryRun flag is an actual dry-run. -func IsDryRun(flag []string) bool { - return len(flag) > 0 -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go b/etcd/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go deleted file mode 100644 index 5911b7568c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package feature - -import ( - "k8s.io/component-base/featuregate" -) - -var ( - // DefaultMutableFeatureGate is a mutable version of DefaultFeatureGate. - // Only top-level commands/options setup and the k8s.io/component-base/featuregate/testing package should make use of this. - // Tests that need to modify feature gates for the duration of their test should use: - // defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.<FeatureName>, <value>)() - DefaultMutableFeatureGate featuregate.MutableFeatureGate = featuregate.NewFeatureGate() - - // DefaultFeatureGate is a shared global FeatureGate. - // Top-level commands/options setup that needs to modify this feature gate should use DefaultMutableFeatureGate. - DefaultFeatureGate featuregate.FeatureGate = DefaultMutableFeatureGate -) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/OWNERS deleted file mode 100644 index 2556c589fd..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/OWNERS +++ /dev/null @@ -1,15 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - lavalamp - - deads2k - - yue9944882 - - MikeSpreitzer -reviewers: - - lavalamp - - deads2k - - yue9944882 - - MikeSpreitzer -labels: - - sig/api-machinery - - area/apiserver diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_context.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_context.go deleted file mode 100644 index 1cd59049de..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_context.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "context" - "sync" -) - -type priorityAndFairnessKeyType int - -const ( - // priorityAndFairnessInitializationSignalKey is a key under which - // initialization signal function for watch requests is stored - // in the context. - priorityAndFairnessInitializationSignalKey priorityAndFairnessKeyType = iota -) - -// WithInitializationSignal creates a copy of parent context with -// priority and fairness initialization signal value. -func WithInitializationSignal(ctx context.Context, signal InitializationSignal) context.Context { - return context.WithValue(ctx, priorityAndFairnessInitializationSignalKey, signal) -} - -// initializationSignalFrom returns an initialization signal function -// which when called signals that watch initialization has already finished -// to priority and fairness dispatcher. -func initializationSignalFrom(ctx context.Context) (InitializationSignal, bool) { - signal, ok := ctx.Value(priorityAndFairnessInitializationSignalKey).(InitializationSignal) - return signal, ok && signal != nil -} - -// WatchInitialized sends a signal to priority and fairness dispatcher -// that a given watch request has already been initialized. -func WatchInitialized(ctx context.Context) { - if signal, ok := initializationSignalFrom(ctx); ok { - signal.Signal() - } -} - -// RequestDelegated informs the priority and fairness dispatcher that -// a given request has been delegated to an aggregated API -// server. No-op when priority and fairness is disabled. -func RequestDelegated(ctx context.Context) { - // The watch initialization signal doesn't traverse request - // boundaries, so we generously fire it as soon as we know - // that the request won't be serviced locally. Safe to call - // for non-watch requests. - WatchInitialized(ctx) -} - -// InitializationSignal is an interface that allows sending and handling -// initialization signals. -type InitializationSignal interface { - // Signal notifies the dispatcher about finished initialization. - Signal() - // Wait waits for the initialization signal. - Wait() -} - -type initializationSignal struct { - once sync.Once - done chan struct{} -} - -func NewInitializationSignal() InitializationSignal { - return &initializationSignal{ - once: sync.Once{}, - done: make(chan struct{}), - } -} - -func (i *initializationSignal) Signal() { - i.once.Do(func() { close(i.done) }) -} - -func (i *initializationSignal) Wait() { - <-i.done -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller.go deleted file mode 100644 index 5718dd9e86..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller.go +++ /dev/null @@ -1,1109 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "context" - "crypto/sha256" - "encoding/binary" - "errors" - "fmt" - "math" - "math/rand" - "sort" - "sync" - "time" - - "github.com/google/go-cmp/cmp" - apiequality "k8s.io/apimachinery/pkg/api/equality" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - fcboot "k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/util/apihelpers" - fq "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing" - fcfmt "k8s.io/apiserver/pkg/util/flowcontrol/format" - "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - fcrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" - "k8s.io/utils/clock" - - flowcontrol "k8s.io/api/flowcontrol/v1beta3" - flowcontrolapplyconfiguration "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3" - flowcontrolclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3" - flowcontrollister "k8s.io/client-go/listers/flowcontrol/v1beta3" -) - -const timeFmt = "2006-01-02T15:04:05.999" - -// This file contains a simple local (to the apiserver) controller -// that digests API Priority and Fairness config objects (FlowSchema -// and PriorityLevelConfiguration) into the data structure that the -// filter uses. At this first level of development this controller -// takes the simplest possible approach: whenever notified of any -// change to any config object, or when any priority level that is -// undesired becomes completely unused, all the config objects are -// read and processed as a whole. - -const ( - // Borrowing among priority levels will be accomplished by periodically - // adjusting the current concurrency limits (CurrentCLs); - // borrowingAdjustmentPeriod is that period. - borrowingAdjustmentPeriod = 10 * time.Second - - // The input to the seat borrowing is smoothed seat demand figures. - // This constant controls the decay rate of that smoothing, - // as described in the comment on the `seatDemandStats` field of `priorityLevelState`. - // The particular number appearing here has the property that half-life - // of that decay is 5 minutes. - // This is a very preliminary guess at a good value and is likely to be tweaked - // once we get some experience with borrowing. - seatDemandSmoothingCoefficient = 0.977 -) - -// The funcs in this package follow the naming convention that the suffix -// "Locked" means the relevant mutex must be locked at the start of each -// call and will be locked upon return. For a configController, the -// suffix "ReadLocked" stipulates a read lock while just "Locked" -// stipulates a full lock. Absence of either suffix means that either -// (a) the lock must NOT be held at call time and will not be held -// upon return or (b) locking is irrelevant. - -// StartFunction begins the process of handling a request. If the -// request gets queued then this function uses the given hashValue as -// the source of entropy as it shuffle-shards the request into a -// queue. The descr1 and descr2 values play no role in the logic but -// appear in log messages. This method does not return until the -// queuing, if any, for this request is done. If `execute` is false -// then `afterExecution` is irrelevant and the request should be -// rejected. Otherwise the request should be executed and -// `afterExecution` must be called exactly once. -type StartFunction func(ctx context.Context, hashValue uint64) (execute bool, afterExecution func()) - -// RequestDigest holds necessary info from request for flow-control -type RequestDigest struct { - RequestInfo *request.RequestInfo - User user.Info -} - -// `*configController` maintains eventual consistency with the API -// objects that configure API Priority and Fairness, and provides a -// procedural interface to the configured behavior. The methods of -// this type and cfgMeal follow the convention that the suffix -// "Locked" means that the caller must hold the configController lock. -type configController struct { - name string // varies in tests of fighting controllers - clock clock.PassiveClock - queueSetFactory fq.QueueSetFactory - reqsGaugeVec metrics.RatioedGaugeVec - execSeatsGaugeVec metrics.RatioedGaugeVec - - // How this controller appears in an ObjectMeta ManagedFieldsEntry.Manager - asFieldManager string - - // Given a boolean indicating whether a FlowSchema's referenced - // PriorityLevelConfig exists, return a boolean indicating whether - // the reference is dangling - foundToDangling func(bool) bool - - // configQueue holds `(interface{})(0)` when the configuration - // objects need to be reprocessed. - configQueue workqueue.RateLimitingInterface - - plLister flowcontrollister.PriorityLevelConfigurationLister - plInformerSynced cache.InformerSynced - - fsLister flowcontrollister.FlowSchemaLister - fsInformerSynced cache.InformerSynced - - flowcontrolClient flowcontrolclient.FlowcontrolV1beta3Interface - - // serverConcurrencyLimit is the limit on the server's total - // number of non-exempt requests being served at once. This comes - // from server configuration. - serverConcurrencyLimit int - - // requestWaitLimit comes from server configuration. - requestWaitLimit time.Duration - - // watchTracker implements the necessary WatchTracker interface. - WatchTracker - - // the most recent update attempts, ordered by increasing age. - // Consumer trims to keep only the last minute's worth of entries. - // The controller uses this to limit itself to at most six updates - // to a given FlowSchema in any minute. - // This may only be accessed from the one and only worker goroutine. - mostRecentUpdates []updateAttempt - - // This must be locked while accessing the later fields. - // A lock for writing is needed - // for writing to any of the following: - // - the flowSchemas field - // - the slice held in the flowSchemas field - // - the priorityLevelStates field - // - the map held in the priorityLevelStates field - // - any field of a priorityLevelState held in that map - lock sync.RWMutex - - // flowSchemas holds the flow schema objects, sorted by increasing - // numerical (decreasing logical) matching precedence. Every - // FlowSchema in this slice is immutable. - flowSchemas apihelpers.FlowSchemaSequence - - // priorityLevelStates maps the PriorityLevelConfiguration object - // name to the state for that level. Every name referenced from a - // member of `flowSchemas` has an entry here. - priorityLevelStates map[string]*priorityLevelState - - // nominalCLSum is the sum of the nominalCL fields in the priorityLevelState records. - // This can exceed serverConcurrencyLimit because of the deliberate rounding up - // in the computation of the nominalCL values. - // This is tracked because it is an input to the allocation adjustment algorithm. - nominalCLSum int -} - -type updateAttempt struct { - timeUpdated time.Time - updatedItems sets.String // FlowSchema names -} - -// priorityLevelState holds the state specific to a priority level. -type priorityLevelState struct { - // the API object or prototype prescribing this level. Nothing - // reached through this pointer is mutable. - pl *flowcontrol.PriorityLevelConfiguration - - // qsCompleter holds the QueueSetCompleter derived from `config` - // and `queues` if config is not exempt, nil otherwise. - qsCompleter fq.QueueSetCompleter - - // The QueueSet for this priority level. This is nil if and only - // if the priority level is exempt. - queues fq.QueueSet - - // quiescing==true indicates that this priority level should be - // removed when its queues have all drained. May be true only if - // queues is non-nil. - quiescing bool - - // number of goroutines between Controller::Match and calling the - // returned StartFunction - numPending int - - // Observers tracking number of requests waiting, executing - reqsGaugePair metrics.RatioedGaugePair - - // Observer of number of seats occupied throughout execution - execSeatsObs metrics.RatioedGauge - - // Integrator of seat demand, reset every CurrentCL adjustment period - seatDemandIntegrator fq.Integrator - - // Gauge of seat demand / nominalCL - seatDemandRatioedGauge metrics.RatioedGauge - - // seatDemandStats is derived from periodically examining the seatDemandIntegrator. - // The average, standard deviation, and high watermark come directly from the integrator. - // envelope = avg + stdDev. - // Periodically smoothed gets replaced with `max(envelope, A*smoothed + (1-A)*envelope)`, - // where A is seatDemandSmoothingCoefficient. - seatDemandStats seatDemandStats - - // nominalCL is the nominal concurrency limit configured in the PriorityLevelConfiguration - nominalCL int - - // minCL is the nominal limit less the lendable amount - minCL int - - //maxCL is the nominal limit plus the amount that may be borrowed - maxCL int - - // currentCL is the dynamically derived concurrency limit to impose for now - currentCL int -} - -type seatDemandStats struct { - avg float64 - stdDev float64 - highWatermark float64 - smoothed float64 -} - -func (stats *seatDemandStats) update(obs fq.IntegratorResults) { - stats.avg = obs.Average - stats.stdDev = obs.Deviation - stats.highWatermark = obs.Max - envelope := obs.Average + obs.Deviation - stats.smoothed = math.Max(envelope, seatDemandSmoothingCoefficient*stats.smoothed+(1-seatDemandSmoothingCoefficient)*envelope) -} - -// NewTestableController is extra flexible to facilitate testing -func newTestableController(config TestableConfig) *configController { - cfgCtlr := &configController{ - name: config.Name, - clock: config.Clock, - queueSetFactory: config.QueueSetFactory, - reqsGaugeVec: config.ReqsGaugeVec, - execSeatsGaugeVec: config.ExecSeatsGaugeVec, - asFieldManager: config.AsFieldManager, - foundToDangling: config.FoundToDangling, - serverConcurrencyLimit: config.ServerConcurrencyLimit, - requestWaitLimit: config.RequestWaitLimit, - flowcontrolClient: config.FlowcontrolClient, - priorityLevelStates: make(map[string]*priorityLevelState), - WatchTracker: NewWatchTracker(), - } - klog.V(2).Infof("NewTestableController %q with serverConcurrencyLimit=%d, requestWaitLimit=%s, name=%s, asFieldManager=%q", cfgCtlr.name, cfgCtlr.serverConcurrencyLimit, cfgCtlr.requestWaitLimit, cfgCtlr.name, cfgCtlr.asFieldManager) - // Start with longish delay because conflicts will be between - // different processes, so take some time to go away. - cfgCtlr.configQueue = workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(200*time.Millisecond, 8*time.Hour), "priority_and_fairness_config_queue") - // ensure the data structure reflects the mandatory config - cfgCtlr.lockAndDigestConfigObjects(nil, nil) - fci := config.InformerFactory.Flowcontrol().V1beta3() - pli := fci.PriorityLevelConfigurations() - fsi := fci.FlowSchemas() - cfgCtlr.plLister = pli.Lister() - cfgCtlr.plInformerSynced = pli.Informer().HasSynced - cfgCtlr.fsLister = fsi.Lister() - cfgCtlr.fsInformerSynced = fsi.Informer().HasSynced - pli.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { - pl := obj.(*flowcontrol.PriorityLevelConfiguration) - klog.V(7).Infof("Triggered API priority and fairness config reloading in %s due to creation of PLC %s", cfgCtlr.name, pl.Name) - cfgCtlr.configQueue.Add(0) - }, - UpdateFunc: func(oldObj, newObj interface{}) { - newPL := newObj.(*flowcontrol.PriorityLevelConfiguration) - oldPL := oldObj.(*flowcontrol.PriorityLevelConfiguration) - if !apiequality.Semantic.DeepEqual(oldPL.Spec, newPL.Spec) { - klog.V(7).Infof("Triggered API priority and fairness config reloading in %s due to spec update of PLC %s", cfgCtlr.name, newPL.Name) - cfgCtlr.configQueue.Add(0) - } else { - klog.V(7).Infof("No trigger API priority and fairness config reloading in %s due to spec non-change of PLC %s", cfgCtlr.name, newPL.Name) - } - }, - DeleteFunc: func(obj interface{}) { - name, _ := cache.DeletionHandlingMetaNamespaceKeyFunc(obj) - klog.V(7).Infof("Triggered API priority and fairness config reloading in %s due to deletion of PLC %s", cfgCtlr.name, name) - cfgCtlr.configQueue.Add(0) - - }}) - fsi.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { - fs := obj.(*flowcontrol.FlowSchema) - klog.V(7).Infof("Triggered API priority and fairness config reloading in %s due to creation of FS %s", cfgCtlr.name, fs.Name) - cfgCtlr.configQueue.Add(0) - }, - UpdateFunc: func(oldObj, newObj interface{}) { - newFS := newObj.(*flowcontrol.FlowSchema) - oldFS := oldObj.(*flowcontrol.FlowSchema) - // Changes to either Spec or Status are relevant. The - // concern is that we might, in some future release, want - // different behavior than is implemented now. One of the - // hardest questions is how does an operator roll out the - // new release in a cluster with multiple kube-apiservers - // --- in a way that works no matter what servers crash - // and restart when. If this handler reacts only to - // changes in Spec then we have a scenario in which the - // rollout leaves the old Status in place. The scenario - // ends with this subsequence: deploy the last new server - // before deleting the last old server, and in between - // those two operations the last old server crashes and - // recovers. The chosen solution is making this controller - // insist on maintaining the particular state that it - // establishes. - if !(apiequality.Semantic.DeepEqual(oldFS.Spec, newFS.Spec) && - apiequality.Semantic.DeepEqual(oldFS.Status, newFS.Status)) { - klog.V(7).Infof("Triggered API priority and fairness config reloading in %s due to spec and/or status update of FS %s", cfgCtlr.name, newFS.Name) - cfgCtlr.configQueue.Add(0) - } else { - klog.V(7).Infof("No trigger of API priority and fairness config reloading in %s due to spec and status non-change of FS %s", cfgCtlr.name, newFS.Name) - } - }, - DeleteFunc: func(obj interface{}) { - name, _ := cache.DeletionHandlingMetaNamespaceKeyFunc(obj) - klog.V(7).Infof("Triggered API priority and fairness config reloading in %s due to deletion of FS %s", cfgCtlr.name, name) - cfgCtlr.configQueue.Add(0) - - }}) - return cfgCtlr -} - -func (cfgCtlr *configController) Run(stopCh <-chan struct{}) error { - defer utilruntime.HandleCrash() - - // Let the config worker stop when we are done - defer cfgCtlr.configQueue.ShutDown() - - klog.Info("Starting API Priority and Fairness config controller") - if ok := cache.WaitForCacheSync(stopCh, cfgCtlr.plInformerSynced, cfgCtlr.fsInformerSynced); !ok { - return fmt.Errorf("Never achieved initial sync") - } - - klog.Info("Running API Priority and Fairness config worker") - go wait.Until(cfgCtlr.runWorker, time.Second, stopCh) - - klog.Info("Running API Priority and Fairness periodic rebalancing process") - go wait.Until(cfgCtlr.updateBorrowing, borrowingAdjustmentPeriod, stopCh) - - <-stopCh - klog.Info("Shutting down API Priority and Fairness config worker") - return nil -} - -func (cfgCtlr *configController) updateBorrowing() { - cfgCtlr.lock.Lock() - defer cfgCtlr.lock.Unlock() - cfgCtlr.updateBorrowingLocked(true, cfgCtlr.priorityLevelStates) -} - -func (cfgCtlr *configController) updateBorrowingLocked(setCompleters bool, plStates map[string]*priorityLevelState) { - items := make([]allocProblemItem, 0, len(plStates)) - plNames := make([]string, 0, len(plStates)) - for plName, plState := range plStates { - if plState.pl.Spec.Limited == nil { - continue - } - obs := plState.seatDemandIntegrator.Reset() - plState.seatDemandStats.update(obs) - // Lower bound on this priority level's adjusted concurreny limit is the lesser of: - // - its seat demamd high watermark over the last adjustment period, and - // - its configured concurrency limit. - // BUT: we do not want this to be lower than the lower bound from configuration. - // See KEP-1040 for a more detailed explanation. - minCurrentCL := math.Max(float64(plState.minCL), math.Min(float64(plState.nominalCL), plState.seatDemandStats.highWatermark)) - plNames = append(plNames, plName) - items = append(items, allocProblemItem{ - lowerBound: minCurrentCL, - upperBound: float64(plState.maxCL), - target: math.Max(minCurrentCL, plState.seatDemandStats.smoothed), - }) - } - if len(items) == 0 && cfgCtlr.nominalCLSum > 0 { - klog.ErrorS(nil, "Impossible: no non-exempt priority levels", "plStates", cfgCtlr.priorityLevelStates) - return - } - allocs, fairFrac, err := computeConcurrencyAllocation(cfgCtlr.nominalCLSum, items) - if err != nil { - klog.ErrorS(err, "Unable to derive new concurrency limits", "plNames", plNames, "items", items) - allocs = make([]float64, len(items)) - for idx, plName := range plNames { - plState := plStates[plName] - if plState.pl.Spec.Limited == nil { - continue - } - allocs[idx] = float64(plState.currentCL) - } - } - for idx, plName := range plNames { - plState := plStates[plName] - if plState.pl.Spec.Limited == nil { - continue - } - if setCompleters { - qsCompleter, err := queueSetCompleterForPL(cfgCtlr.queueSetFactory, plState.queues, - plState.pl, cfgCtlr.requestWaitLimit, plState.reqsGaugePair, plState.execSeatsObs, - metrics.NewUnionGauge(plState.seatDemandIntegrator, plState.seatDemandRatioedGauge)) - if err != nil { - klog.ErrorS(err, "Inconceivable! Configuration error in existing priority level", "pl", plState.pl) - continue - } - plState.qsCompleter = qsCompleter - } - currentCL := int(math.Round(float64(allocs[idx]))) - relChange := relDiff(float64(currentCL), float64(plState.currentCL)) - plState.currentCL = currentCL - metrics.NotePriorityLevelConcurrencyAdjustment(plState.pl.Name, plState.seatDemandStats.highWatermark, plState.seatDemandStats.avg, plState.seatDemandStats.stdDev, plState.seatDemandStats.smoothed, float64(items[idx].target), currentCL) - logLevel := klog.Level(4) - if relChange >= 0.05 { - logLevel = 2 - } - klog.V(logLevel).InfoS("Update CurrentCL", "plName", plName, "seatDemandHighWatermark", plState.seatDemandStats.highWatermark, "seatDemandAvg", plState.seatDemandStats.avg, "seatDemandStdev", plState.seatDemandStats.stdDev, "seatDemandSmoothed", plState.seatDemandStats.smoothed, "fairFrac", fairFrac, "currentCL", currentCL, "backstop", err != nil) - plState.queues = plState.qsCompleter.Complete(fq.DispatchingConfig{ConcurrencyLimit: currentCL}) - } - metrics.SetFairFrac(float64(fairFrac)) -} - -// runWorker is the logic of the one and only worker goroutine. We -// limit the number to one in order to obviate explicit -// synchronization around access to `cfgCtlr.mostRecentUpdates`. -func (cfgCtlr *configController) runWorker() { - for cfgCtlr.processNextWorkItem() { - } -} - -// processNextWorkItem works on one entry from the work queue. -// Only invoke this in the one and only worker goroutine. -func (cfgCtlr *configController) processNextWorkItem() bool { - obj, shutdown := cfgCtlr.configQueue.Get() - if shutdown { - return false - } - - func(obj interface{}) { - defer cfgCtlr.configQueue.Done(obj) - specificDelay, err := cfgCtlr.syncOne() - switch { - case err != nil: - klog.Error(err) - cfgCtlr.configQueue.AddRateLimited(obj) - case specificDelay > 0: - cfgCtlr.configQueue.AddAfter(obj, specificDelay) - default: - cfgCtlr.configQueue.Forget(obj) - } - }(obj) - - return true -} - -// syncOne does one full synchronization. It reads all the API -// objects that configure API Priority and Fairness and updates the -// local configController accordingly. -// Only invoke this in the one and only worker goroutine -func (cfgCtlr *configController) syncOne() (specificDelay time.Duration, err error) { - klog.V(5).Infof("%s syncOne at %s", cfgCtlr.name, cfgCtlr.clock.Now().Format(timeFmt)) - all := labels.Everything() - newPLs, err := cfgCtlr.plLister.List(all) - if err != nil { - return 0, fmt.Errorf("unable to list PriorityLevelConfiguration objects: %w", err) - } - newFSs, err := cfgCtlr.fsLister.List(all) - if err != nil { - return 0, fmt.Errorf("unable to list FlowSchema objects: %w", err) - } - return cfgCtlr.digestConfigObjects(newPLs, newFSs) -} - -// cfgMeal is the data involved in the process of digesting the API -// objects that configure API Priority and Fairness. All the config -// objects are digested together, because this is the simplest way to -// cope with the various dependencies between objects. The process of -// digestion is done in four passes over config objects --- three -// passes over PriorityLevelConfigurations and one pass over the -// FlowSchemas --- with the work dvided among the passes according to -// those dependencies. -type cfgMeal struct { - cfgCtlr *configController - - newPLStates map[string]*priorityLevelState - - // The sum of the concurrency shares of the priority levels in the - // new configuration - shareSum float64 - - // These keep track of which mandatory priority level config - // objects have been digested - haveExemptPL, haveCatchAllPL bool - - // Buffered FlowSchema status updates to do. Do them when the - // lock is not held, to avoid a deadlock due to such a request - // provoking a call into this controller while the lock held - // waiting on that request to complete. - fsStatusUpdates []fsStatusUpdate - - maxWaitingRequests, maxExecutingRequests int -} - -// A buffered set of status updates for FlowSchemas -type fsStatusUpdate struct { - flowSchema *flowcontrol.FlowSchema - condition flowcontrol.FlowSchemaCondition - oldValue flowcontrol.FlowSchemaCondition -} - -// digestConfigObjects is given all the API objects that configure -// cfgCtlr and writes its consequent new configState. -// Only invoke this in the one and only worker goroutine -func (cfgCtlr *configController) digestConfigObjects(newPLs []*flowcontrol.PriorityLevelConfiguration, newFSs []*flowcontrol.FlowSchema) (time.Duration, error) { - fsStatusUpdates := cfgCtlr.lockAndDigestConfigObjects(newPLs, newFSs) - var errs []error - currResult := updateAttempt{ - timeUpdated: cfgCtlr.clock.Now(), - updatedItems: sets.String{}, - } - var suggestedDelay time.Duration - for _, fsu := range fsStatusUpdates { - // if we should skip this name, indicate we will need a delay, but continue with other entries - if cfgCtlr.shouldDelayUpdate(fsu.flowSchema.Name) { - if suggestedDelay == 0 { - suggestedDelay = time.Duration(30+rand.Intn(45)) * time.Second - } - continue - } - - // if we are going to issue an update, be sure we track every name we update so we know if we update it too often. - currResult.updatedItems.Insert(fsu.flowSchema.Name) - if klogV := klog.V(4); klogV.Enabled() { - klogV.Infof("%s writing Condition %s to FlowSchema %s, which had ResourceVersion=%s, because its previous value was %s, diff: %s", - cfgCtlr.name, fsu.condition, fsu.flowSchema.Name, fsu.flowSchema.ResourceVersion, fcfmt.Fmt(fsu.oldValue), cmp.Diff(fsu.oldValue, fsu.condition)) - } - - if err := apply(cfgCtlr.flowcontrolClient.FlowSchemas(), fsu, cfgCtlr.asFieldManager); err != nil { - if apierrors.IsNotFound(err) { - // This object has been deleted. A notification is coming - // and nothing more needs to be done here. - klog.V(5).Infof("%s at %s: attempted update of concurrently deleted FlowSchema %s; nothing more needs to be done", cfgCtlr.name, cfgCtlr.clock.Now().Format(timeFmt), fsu.flowSchema.Name) - } else { - errs = append(errs, fmt.Errorf("failed to set a status.condition for FlowSchema %s: %w", fsu.flowSchema.Name, err)) - } - } - } - cfgCtlr.addUpdateResult(currResult) - - return suggestedDelay, utilerrors.NewAggregate(errs) -} - -func apply(client flowcontrolclient.FlowSchemaInterface, fsu fsStatusUpdate, asFieldManager string) error { - applyOptions := metav1.ApplyOptions{FieldManager: asFieldManager, Force: true} - - // the condition field in fsStatusUpdate holds the new condition we want to update. - // TODO: this will break when we have multiple conditions for a flowschema - _, err := client.ApplyStatus(context.TODO(), toFlowSchemaApplyConfiguration(fsu), applyOptions) - return err -} - -func toFlowSchemaApplyConfiguration(fsUpdate fsStatusUpdate) *flowcontrolapplyconfiguration.FlowSchemaApplyConfiguration { - condition := flowcontrolapplyconfiguration.FlowSchemaCondition(). - WithType(fsUpdate.condition.Type). - WithStatus(fsUpdate.condition.Status). - WithReason(fsUpdate.condition.Reason). - WithLastTransitionTime(fsUpdate.condition.LastTransitionTime). - WithMessage(fsUpdate.condition.Message) - - return flowcontrolapplyconfiguration.FlowSchema(fsUpdate.flowSchema.Name). - WithStatus(flowcontrolapplyconfiguration.FlowSchemaStatus(). - WithConditions(condition), - ) -} - -// shouldDelayUpdate checks to see if a flowschema has been updated too often and returns true if a delay is needed. -// Only invoke this in the one and only worker goroutine -func (cfgCtlr *configController) shouldDelayUpdate(flowSchemaName string) bool { - numUpdatesInPastMinute := 0 - oneMinuteAgo := cfgCtlr.clock.Now().Add(-1 * time.Minute) - for idx, update := range cfgCtlr.mostRecentUpdates { - if oneMinuteAgo.After(update.timeUpdated) { - // this and the remaining items are no longer relevant - cfgCtlr.mostRecentUpdates = cfgCtlr.mostRecentUpdates[:idx] - return false - } - if update.updatedItems.Has(flowSchemaName) { - numUpdatesInPastMinute++ - if numUpdatesInPastMinute > 5 { - return true - } - } - } - return false -} - -// addUpdateResult adds the result. It isn't a ring buffer because -// this is small and rate limited. -// Only invoke this in the one and only worker goroutine -func (cfgCtlr *configController) addUpdateResult(result updateAttempt) { - cfgCtlr.mostRecentUpdates = append([]updateAttempt{result}, cfgCtlr.mostRecentUpdates...) -} - -func (cfgCtlr *configController) lockAndDigestConfigObjects(newPLs []*flowcontrol.PriorityLevelConfiguration, newFSs []*flowcontrol.FlowSchema) []fsStatusUpdate { - cfgCtlr.lock.Lock() - defer cfgCtlr.lock.Unlock() - meal := cfgMeal{ - cfgCtlr: cfgCtlr, - newPLStates: make(map[string]*priorityLevelState), - } - - meal.digestNewPLsLocked(newPLs) - meal.digestFlowSchemasLocked(newFSs) - meal.processOldPLsLocked() - - // Supply missing mandatory PriorityLevelConfiguration objects - if !meal.haveExemptPL { - meal.imaginePL(fcboot.MandatoryPriorityLevelConfigurationExempt, cfgCtlr.requestWaitLimit) - } - if !meal.haveCatchAllPL { - meal.imaginePL(fcboot.MandatoryPriorityLevelConfigurationCatchAll, cfgCtlr.requestWaitLimit) - } - - meal.finishQueueSetReconfigsLocked() - - // The new config has been constructed - cfgCtlr.priorityLevelStates = meal.newPLStates - klog.V(5).InfoS("Switched to new API Priority and Fairness configuration", "maxWaitingRequests", meal.maxWaitingRequests, "maxExecutinRequests", meal.maxExecutingRequests) - - metrics.GetWaitingReadonlyConcurrency().SetDenominator(float64(meal.maxWaitingRequests)) - metrics.GetWaitingMutatingConcurrency().SetDenominator(float64(meal.maxWaitingRequests)) - metrics.GetExecutingReadonlyConcurrency().SetDenominator(float64(meal.maxExecutingRequests)) - metrics.GetExecutingMutatingConcurrency().SetDenominator(float64(meal.maxExecutingRequests)) - - return meal.fsStatusUpdates -} - -// Digest the new set of PriorityLevelConfiguration objects. -// Pretend broken ones do not exist. -func (meal *cfgMeal) digestNewPLsLocked(newPLs []*flowcontrol.PriorityLevelConfiguration) { - for _, pl := range newPLs { - state := meal.cfgCtlr.priorityLevelStates[pl.Name] - if state == nil { - labelValues := []string{pl.Name} - state = &priorityLevelState{ - reqsGaugePair: metrics.RatioedGaugeVecPhasedElementPair(meal.cfgCtlr.reqsGaugeVec, 1, 1, labelValues), - execSeatsObs: meal.cfgCtlr.execSeatsGaugeVec.NewForLabelValuesSafe(0, 1, labelValues), - seatDemandIntegrator: fq.NewNamedIntegrator(meal.cfgCtlr.clock, pl.Name), - seatDemandRatioedGauge: metrics.ApiserverSeatDemands.NewForLabelValuesSafe(0, 1, []string{pl.Name}), - } - } - qsCompleter, err := queueSetCompleterForPL(meal.cfgCtlr.queueSetFactory, state.queues, - pl, meal.cfgCtlr.requestWaitLimit, state.reqsGaugePair, state.execSeatsObs, - metrics.NewUnionGauge(state.seatDemandIntegrator, state.seatDemandRatioedGauge)) - if err != nil { - klog.Warningf("Ignoring PriorityLevelConfiguration object %s because its spec (%s) is broken: %s", pl.Name, fcfmt.Fmt(pl.Spec), err) - continue - } - meal.newPLStates[pl.Name] = state - state.pl = pl - state.qsCompleter = qsCompleter - if state.quiescing { // it was undesired, but no longer - klog.V(3).Infof("Priority level %q was undesired and has become desired again", pl.Name) - state.quiescing = false - } - if state.pl.Spec.Limited != nil { - meal.shareSum += float64(state.pl.Spec.Limited.NominalConcurrencyShares) - } - meal.haveExemptPL = meal.haveExemptPL || pl.Name == flowcontrol.PriorityLevelConfigurationNameExempt - meal.haveCatchAllPL = meal.haveCatchAllPL || pl.Name == flowcontrol.PriorityLevelConfigurationNameCatchAll - } -} - -// Digest the given FlowSchema objects. Ones that reference a missing -// or broken priority level are not to be passed on to the filter for -// use. We do this before holding over old priority levels so that -// requests stop going to those levels and FlowSchemaStatus values -// reflect this. This function also adds any missing mandatory -// FlowSchema objects. The given objects must all have distinct -// names. -func (meal *cfgMeal) digestFlowSchemasLocked(newFSs []*flowcontrol.FlowSchema) { - fsSeq := make(apihelpers.FlowSchemaSequence, 0, len(newFSs)) - fsMap := make(map[string]*flowcontrol.FlowSchema, len(newFSs)) - var haveExemptFS, haveCatchAllFS bool - for i, fs := range newFSs { - otherFS := fsMap[fs.Name] - if otherFS != nil { - // This client is forbidden to do this. - panic(fmt.Sprintf("Given two FlowSchema objects with the same name: %s and %s", fcfmt.Fmt(otherFS), fcfmt.Fmt(fs))) - } - fsMap[fs.Name] = fs - _, goodPriorityRef := meal.newPLStates[fs.Spec.PriorityLevelConfiguration.Name] - - // Ensure the object's status reflects whether its priority - // level reference is broken. - // - // TODO: consider not even trying if server is not handling - // requests yet. - meal.presyncFlowSchemaStatus(fs, meal.cfgCtlr.foundToDangling(goodPriorityRef), fs.Spec.PriorityLevelConfiguration.Name) - - if !goodPriorityRef { - klog.V(6).Infof("Ignoring FlowSchema %s because of bad priority level reference %q", fs.Name, fs.Spec.PriorityLevelConfiguration.Name) - continue - } - fsSeq = append(fsSeq, newFSs[i]) - haveExemptFS = haveExemptFS || fs.Name == flowcontrol.FlowSchemaNameExempt - haveCatchAllFS = haveCatchAllFS || fs.Name == flowcontrol.FlowSchemaNameCatchAll - } - // sort into the order to be used for matching - sort.Sort(fsSeq) - - // Supply missing mandatory FlowSchemas, in correct position - if !haveExemptFS { - fsSeq = append(apihelpers.FlowSchemaSequence{fcboot.MandatoryFlowSchemaExempt}, fsSeq...) - } - if !haveCatchAllFS { - fsSeq = append(fsSeq, fcboot.MandatoryFlowSchemaCatchAll) - } - - meal.cfgCtlr.flowSchemas = fsSeq - klogV := klog.V(5) - if klogV.Enabled() { - for _, fs := range fsSeq { - klogV.Infof("Using FlowSchema %s", fcfmt.Fmt(fs)) - } - } -} - -// Consider all the priority levels in the previous configuration. -// Keep the ones that are in the new config, supply mandatory -// behavior, or are still busy; for the rest: drop it if it has no -// queues, otherwise start the quiescing process if that has not -// already been started. -func (meal *cfgMeal) processOldPLsLocked() { - for plName, plState := range meal.cfgCtlr.priorityLevelStates { - if meal.newPLStates[plName] != nil { - // Still desired and already updated - continue - } - if plName == flowcontrol.PriorityLevelConfigurationNameExempt && !meal.haveExemptPL || plName == flowcontrol.PriorityLevelConfigurationNameCatchAll && !meal.haveCatchAllPL { - // BTW, we know the Spec has not changed because the - // mandatory objects have immutable Specs - klog.V(3).Infof("Retaining mandatory priority level %q despite lack of API object", plName) - } else { - if plState.queues == nil || plState.numPending == 0 && plState.queues.IsIdle() { - // Either there are no queues or they are done - // draining and no use is coming from another - // goroutine - klog.V(3).Infof("Removing undesired priority level %q (nilQueues=%v), Type=%v", plName, plState.queues == nil, plState.pl.Spec.Type) - continue - } - if !plState.quiescing { - klog.V(3).Infof("Priority level %q became undesired", plName) - plState.quiescing = true - } - } - var err error - plState.qsCompleter, err = queueSetCompleterForPL(meal.cfgCtlr.queueSetFactory, plState.queues, - plState.pl, meal.cfgCtlr.requestWaitLimit, plState.reqsGaugePair, plState.execSeatsObs, - metrics.NewUnionGauge(plState.seatDemandIntegrator, plState.seatDemandRatioedGauge)) - if err != nil { - // This can not happen because queueSetCompleterForPL already approved this config - panic(fmt.Sprintf("%s from name=%q spec=%s", err, plName, fcfmt.Fmt(plState.pl.Spec))) - } - if plState.pl.Spec.Limited != nil { - // We deliberately include the lingering priority levels - // here so that their queues get some concurrency and they - // continue to drain. During this interim a lingering - // priority level continues to get a concurrency - // allocation determined by all the share values in the - // regular way. - meal.shareSum += float64(plState.pl.Spec.Limited.NominalConcurrencyShares) - } - meal.haveExemptPL = meal.haveExemptPL || plName == flowcontrol.PriorityLevelConfigurationNameExempt - meal.haveCatchAllPL = meal.haveCatchAllPL || plName == flowcontrol.PriorityLevelConfigurationNameCatchAll - meal.newPLStates[plName] = plState - } -} - -// For all the priority levels of the new config, divide up the -// server's total concurrency limit among them and create/update their -// QueueSets. -func (meal *cfgMeal) finishQueueSetReconfigsLocked() { - for plName, plState := range meal.newPLStates { - if plState.pl.Spec.Limited == nil { - klog.V(5).Infof("Using exempt priority level %q: quiescing=%v", plName, plState.quiescing) - continue - } - - limited := plState.pl.Spec.Limited - // The use of math.Ceil here means that the results might sum - // to a little more than serverConcurrencyLimit but the - // difference will be negligible. - concurrencyLimit := int(math.Ceil(float64(meal.cfgCtlr.serverConcurrencyLimit) * float64(limited.NominalConcurrencyShares) / meal.shareSum)) - var lendableCL, borrowingCL int - if limited.LendablePercent != nil { - lendableCL = int(math.Round(float64(concurrencyLimit) * float64(*limited.LendablePercent) / 100)) - } - if limited.BorrowingLimitPercent != nil { - borrowingCL = int(math.Round(float64(concurrencyLimit) * float64(*limited.BorrowingLimitPercent) / 100)) - } else { - borrowingCL = meal.cfgCtlr.serverConcurrencyLimit - } - metrics.SetPriorityLevelConfiguration(plName, concurrencyLimit, concurrencyLimit-lendableCL, concurrencyLimit+borrowingCL) - plState.seatDemandRatioedGauge.SetDenominator(float64(concurrencyLimit)) - cfgChanged := plState.nominalCL != concurrencyLimit || plState.minCL != concurrencyLimit-lendableCL || plState.maxCL != concurrencyLimit+borrowingCL - plState.nominalCL = concurrencyLimit - plState.minCL = concurrencyLimit - lendableCL - plState.maxCL = concurrencyLimit + borrowingCL - meal.maxExecutingRequests += concurrencyLimit - var waitLimit int - if qCfg := limited.LimitResponse.Queuing; qCfg != nil { - waitLimit = int(qCfg.Queues * qCfg.QueueLengthLimit) - } - meal.maxWaitingRequests += waitLimit - - if plState.queues == nil { - initialCL := concurrencyLimit - lendableCL/2 - klog.V(2).Infof("Introducing queues for priority level %q: config=%s, nominalCL=%d, lendableCL=%d, borrowingCL=%d, currentCL=%d, quiescing=%v (shares=%v, shareSum=%v)", plName, fcfmt.Fmt(plState.pl.Spec), concurrencyLimit, lendableCL, borrowingCL, initialCL, plState.quiescing, plState.pl.Spec.Limited.NominalConcurrencyShares, meal.shareSum) - plState.seatDemandStats = seatDemandStats{} - plState.currentCL = initialCL - } else { - logLevel := klog.Level(5) - if cfgChanged { - logLevel = 2 - } - klog.V(logLevel).Infof("Retaining queues for priority level %q: config=%s, nominalCL=%d, lendableCL=%d, borrowingCL=%d, currentCL=%d, quiescing=%v, numPending=%d (shares=%v, shareSum=%v)", plName, fcfmt.Fmt(plState.pl.Spec), concurrencyLimit, lendableCL, borrowingCL, plState.currentCL, plState.quiescing, plState.numPending, plState.pl.Spec.Limited.NominalConcurrencyShares, meal.shareSum) - } - } - meal.cfgCtlr.nominalCLSum = meal.maxExecutingRequests - meal.cfgCtlr.updateBorrowingLocked(false, meal.newPLStates) -} - -// queueSetCompleterForPL returns an appropriate QueueSetCompleter for the -// given priority level configuration. Returns nil if that config -// does not call for limiting. Returns nil and an error if the given -// object is malformed in a way that is a problem for this package. -func queueSetCompleterForPL(qsf fq.QueueSetFactory, queues fq.QueueSet, pl *flowcontrol.PriorityLevelConfiguration, requestWaitLimit time.Duration, reqsIntPair metrics.RatioedGaugePair, execSeatsObs metrics.RatioedGauge, seatDemandGauge metrics.Gauge) (fq.QueueSetCompleter, error) { - if (pl.Spec.Type == flowcontrol.PriorityLevelEnablementExempt) != (pl.Spec.Limited == nil) { - return nil, errors.New("broken union structure at the top") - } - if (pl.Spec.Type == flowcontrol.PriorityLevelEnablementExempt) != (pl.Name == flowcontrol.PriorityLevelConfigurationNameExempt) { - // This package does not attempt to cope with a priority level dynamically switching between exempt and not. - return nil, errors.New("non-alignment between name and type") - } - if pl.Spec.Limited == nil { - return nil, nil - } - if (pl.Spec.Limited.LimitResponse.Type == flowcontrol.LimitResponseTypeReject) != (pl.Spec.Limited.LimitResponse.Queuing == nil) { - return nil, errors.New("broken union structure for limit response") - } - qcAPI := pl.Spec.Limited.LimitResponse.Queuing - qcQS := fq.QueuingConfig{Name: pl.Name} - if qcAPI != nil { - qcQS = fq.QueuingConfig{Name: pl.Name, - DesiredNumQueues: int(qcAPI.Queues), - QueueLengthLimit: int(qcAPI.QueueLengthLimit), - HandSize: int(qcAPI.HandSize), - RequestWaitLimit: requestWaitLimit, - } - } - var qsc fq.QueueSetCompleter - var err error - if queues != nil { - qsc, err = queues.BeginConfigChange(qcQS) - } else { - qsc, err = qsf.BeginConstruction(qcQS, reqsIntPair, execSeatsObs, seatDemandGauge) - } - if err != nil { - err = fmt.Errorf("priority level %q has QueuingConfiguration %#+v, which is invalid: %w", pl.Name, qcAPI, err) - } - return qsc, err -} - -func (meal *cfgMeal) presyncFlowSchemaStatus(fs *flowcontrol.FlowSchema, isDangling bool, plName string) { - danglingCondition := apihelpers.GetFlowSchemaConditionByType(fs, flowcontrol.FlowSchemaConditionDangling) - if danglingCondition == nil { - danglingCondition = &flowcontrol.FlowSchemaCondition{ - Type: flowcontrol.FlowSchemaConditionDangling, - } - } - desiredStatus := flowcontrol.ConditionFalse - var desiredReason, desiredMessage string - if isDangling { - desiredStatus = flowcontrol.ConditionTrue - desiredReason = "NotFound" - desiredMessage = fmt.Sprintf("This FlowSchema references the PriorityLevelConfiguration object named %q but there is no such object", plName) - } else { - desiredReason = "Found" - desiredMessage = fmt.Sprintf("This FlowSchema references the PriorityLevelConfiguration object named %q and it exists", plName) - } - if danglingCondition.Status == desiredStatus && danglingCondition.Reason == desiredReason && danglingCondition.Message == desiredMessage { - return - } - now := meal.cfgCtlr.clock.Now() - meal.fsStatusUpdates = append(meal.fsStatusUpdates, fsStatusUpdate{ - flowSchema: fs, - condition: flowcontrol.FlowSchemaCondition{ - Type: flowcontrol.FlowSchemaConditionDangling, - Status: desiredStatus, - LastTransitionTime: metav1.NewTime(now), - Reason: desiredReason, - Message: desiredMessage, - }, - oldValue: *danglingCondition}) -} - -// imaginePL adds a priority level based on one of the mandatory ones -// that does not actually exist (right now) as a real API object. -func (meal *cfgMeal) imaginePL(proto *flowcontrol.PriorityLevelConfiguration, requestWaitLimit time.Duration) { - klog.V(3).Infof("No %s PriorityLevelConfiguration found, imagining one", proto.Name) - labelValues := []string{proto.Name} - reqsGaugePair := metrics.RatioedGaugeVecPhasedElementPair(meal.cfgCtlr.reqsGaugeVec, 1, 1, labelValues) - execSeatsObs := meal.cfgCtlr.execSeatsGaugeVec.NewForLabelValuesSafe(0, 1, labelValues) - seatDemandIntegrator := fq.NewNamedIntegrator(meal.cfgCtlr.clock, proto.Name) - seatDemandRatioedGauge := metrics.ApiserverSeatDemands.NewForLabelValuesSafe(0, 1, []string{proto.Name}) - qsCompleter, err := queueSetCompleterForPL(meal.cfgCtlr.queueSetFactory, nil, proto, - requestWaitLimit, reqsGaugePair, execSeatsObs, - metrics.NewUnionGauge(seatDemandIntegrator, seatDemandRatioedGauge)) - if err != nil { - // This can not happen because proto is one of the mandatory - // objects and these are not erroneous - panic(err) - } - meal.newPLStates[proto.Name] = &priorityLevelState{ - pl: proto, - qsCompleter: qsCompleter, - reqsGaugePair: reqsGaugePair, - execSeatsObs: execSeatsObs, - seatDemandIntegrator: seatDemandIntegrator, - seatDemandRatioedGauge: seatDemandRatioedGauge, - } - if proto.Spec.Limited != nil { - meal.shareSum += float64(proto.Spec.Limited.NominalConcurrencyShares) - } -} - -type immediateRequest struct{} - -func (immediateRequest) Finish(execute func()) bool { - execute() - return false -} - -// startRequest classifies and, if appropriate, enqueues the request. -// Returns a nil Request if and only if the request is to be rejected. -// The returned bool indicates whether the request is exempt from -// limitation. The startWaitingTime is when the request started -// waiting in its queue, or `Time{}` if this did not happen. -func (cfgCtlr *configController) startRequest(ctx context.Context, rd RequestDigest, - noteFn func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration, flowDistinguisher string), - workEstimator func() fcrequest.WorkEstimate, - queueNoteFn fq.QueueNoteFn) (fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration, isExempt bool, req fq.Request, startWaitingTime time.Time) { - klog.V(7).Infof("startRequest(%#+v)", rd) - cfgCtlr.lock.RLock() - defer cfgCtlr.lock.RUnlock() - var selectedFlowSchema, catchAllFlowSchema *flowcontrol.FlowSchema - for _, fs := range cfgCtlr.flowSchemas { - if matchesFlowSchema(rd, fs) { - selectedFlowSchema = fs - break - } - if fs.Name == flowcontrol.FlowSchemaNameCatchAll { - catchAllFlowSchema = fs - } - } - if selectedFlowSchema == nil { - // This should never happen. If the requestDigest's User is a part of - // system:authenticated or system:unauthenticated, the catch-all flow - // schema should match it. However, if that invariant somehow fails, - // fallback to the catch-all flow schema anyway. - if catchAllFlowSchema == nil { - // This should absolutely never, ever happen! APF guarantees two - // undeletable flow schemas at all times: an exempt flow schema and a - // catch-all flow schema. - panic(fmt.Sprintf("no fallback catch-all flow schema found for request %#+v and user %#+v", rd.RequestInfo, rd.User)) - } - selectedFlowSchema = catchAllFlowSchema - klog.Warningf("no match found for request %#+v and user %#+v; selecting catchAll=%s as fallback flow schema", rd.RequestInfo, rd.User, fcfmt.Fmt(selectedFlowSchema)) - } - plName := selectedFlowSchema.Spec.PriorityLevelConfiguration.Name - plState := cfgCtlr.priorityLevelStates[plName] - if plState.pl.Spec.Type == flowcontrol.PriorityLevelEnablementExempt { - noteFn(selectedFlowSchema, plState.pl, "") - klog.V(7).Infof("startRequest(%#+v) => fsName=%q, distMethod=%#+v, plName=%q, immediate", rd, selectedFlowSchema.Name, selectedFlowSchema.Spec.DistinguisherMethod, plName) - return selectedFlowSchema, plState.pl, true, immediateRequest{}, time.Time{} - } - var numQueues int32 - if plState.pl.Spec.Limited.LimitResponse.Type == flowcontrol.LimitResponseTypeQueue { - numQueues = plState.pl.Spec.Limited.LimitResponse.Queuing.Queues - } - var flowDistinguisher string - var hashValue uint64 - if numQueues > 1 { - flowDistinguisher = computeFlowDistinguisher(rd, selectedFlowSchema.Spec.DistinguisherMethod) - hashValue = hashFlowID(selectedFlowSchema.Name, flowDistinguisher) - } - - noteFn(selectedFlowSchema, plState.pl, flowDistinguisher) - workEstimate := workEstimator() - - startWaitingTime = time.Now() - klog.V(7).Infof("startRequest(%#+v) => fsName=%q, distMethod=%#+v, plName=%q, numQueues=%d", rd, selectedFlowSchema.Name, selectedFlowSchema.Spec.DistinguisherMethod, plName, numQueues) - req, idle := plState.queues.StartRequest(ctx, &workEstimate, hashValue, flowDistinguisher, selectedFlowSchema.Name, rd.RequestInfo, rd.User, queueNoteFn) - if idle { - cfgCtlr.maybeReapReadLocked(plName, plState) - } - return selectedFlowSchema, plState.pl, false, req, startWaitingTime -} - -// maybeReap will remove the last internal traces of the named -// priority level if it has no more use. Call this after getting a -// clue that the given priority level is undesired and idle. -func (cfgCtlr *configController) maybeReap(plName string) { - cfgCtlr.lock.RLock() - defer cfgCtlr.lock.RUnlock() - plState := cfgCtlr.priorityLevelStates[plName] - if plState == nil { - klog.V(7).Infof("plName=%s, plState==nil", plName) - return - } - if plState.queues == nil { - klog.V(7).Infof("plName=%s, plState.queues==nil", plName) - return - } - useless := plState.quiescing && plState.numPending == 0 && plState.queues.IsIdle() - klog.V(7).Infof("plState.quiescing=%v, plState.numPending=%d, useless=%v", plState.quiescing, plState.numPending, useless) - if !useless { - return - } - klog.V(3).Infof("Triggered API priority and fairness config reloading because priority level %s is undesired and idle", plName) - cfgCtlr.configQueue.Add(0) -} - -// maybeReapLocked requires the cfgCtlr's lock to already be held and -// will remove the last internal traces of the named priority level if -// it has no more use. Call this if both (1) plState.queues is -// non-nil and reported being idle, and (2) cfgCtlr's lock has not -// been released since then. -func (cfgCtlr *configController) maybeReapReadLocked(plName string, plState *priorityLevelState) { - if !(plState.quiescing && plState.numPending == 0) { - return - } - klog.V(3).Infof("Triggered API priority and fairness config reloading because priority level %s is undesired and idle", plName) - cfgCtlr.configQueue.Add(0) -} - -// computeFlowDistinguisher extracts the flow distinguisher according to the given method -func computeFlowDistinguisher(rd RequestDigest, method *flowcontrol.FlowDistinguisherMethod) string { - if method == nil { - return "" - } - switch method.Type { - case flowcontrol.FlowDistinguisherMethodByUserType: - return rd.User.GetName() - case flowcontrol.FlowDistinguisherMethodByNamespaceType: - return rd.RequestInfo.Namespace - default: - // this line shall never reach - panic("invalid flow-distinguisher method") - } -} - -func hashFlowID(fsName, fDistinguisher string) uint64 { - hash := sha256.New() - var sep = [1]byte{0} - hash.Write([]byte(fsName)) - hash.Write(sep[:]) - hash.Write([]byte(fDistinguisher)) - var sum [32]byte - hash.Sum(sum[:0]) - return binary.LittleEndian.Uint64(sum[:8]) -} - -func relDiff(x, y float64) float64 { - diff := math.Abs(x - y) - den := math.Max(math.Abs(x), math.Abs(y)) - if den == 0 { - return 0 - } - return diff / den -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller_debug.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller_debug.go deleted file mode 100644 index 91c49a4bed..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller_debug.go +++ /dev/null @@ -1,265 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "fmt" - "io" - "net/http" - "strconv" - "strings" - "text/tabwriter" - "time" - - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/server/mux" -) - -const ( - queryIncludeRequestDetails = "includeRequestDetails" -) - -func (cfgCtlr *configController) Install(c *mux.PathRecorderMux) { - // TODO(yue9944882): handle "Accept" header properly - // debugging dumps a CSV content for three levels of granularity - // 1. row per priority-level - c.UnlistedHandleFunc("/debug/api_priority_and_fairness/dump_priority_levels", cfgCtlr.dumpPriorityLevels) - // 2. row per queue - c.UnlistedHandleFunc("/debug/api_priority_and_fairness/dump_queues", cfgCtlr.dumpQueues) - // 3. row per request - c.UnlistedHandleFunc("/debug/api_priority_and_fairness/dump_requests", cfgCtlr.dumpRequests) -} - -func (cfgCtlr *configController) dumpPriorityLevels(w http.ResponseWriter, r *http.Request) { - cfgCtlr.lock.Lock() - defer cfgCtlr.lock.Unlock() - tabWriter := tabwriter.NewWriter(w, 8, 0, 1, ' ', 0) - columnHeaders := []string{ - "PriorityLevelName", // 1 - "ActiveQueues", // 2 - "IsIdle", // 3 - "IsQuiescing", // 4 - "WaitingRequests", // 5 - "ExecutingRequests", // 6 - } - tabPrint(tabWriter, rowForHeaders(columnHeaders)) - endLine(tabWriter) - for _, plState := range cfgCtlr.priorityLevelStates { - if plState.queues == nil { - tabPrint(tabWriter, row( - plState.pl.Name, // 1 - "<none>", // 2 - "<none>", // 3 - "<none>", // 4 - "<none>", // 5 - "<none>", // 6 - )) - endLine(tabWriter) - continue - } - queueSetDigest := plState.queues.Dump(false) - activeQueueNum := 0 - for _, q := range queueSetDigest.Queues { - if len(q.Requests) > 0 { - activeQueueNum++ - } - } - - tabPrint(tabWriter, rowForPriorityLevel( - plState.pl.Name, // 1 - activeQueueNum, // 2 - plState.queues.IsIdle(), // 3 - plState.quiescing, // 4 - queueSetDigest.Waiting, // 5 - queueSetDigest.Executing, // 6 - )) - endLine(tabWriter) - } - runtime.HandleError(tabWriter.Flush()) -} - -func (cfgCtlr *configController) dumpQueues(w http.ResponseWriter, r *http.Request) { - cfgCtlr.lock.Lock() - defer cfgCtlr.lock.Unlock() - tabWriter := tabwriter.NewWriter(w, 8, 0, 1, ' ', 0) - columnHeaders := []string{ - "PriorityLevelName", // 1 - "Index", // 2 - "PendingRequests", // 3 - "ExecutingRequests", // 4 - "SeatsInUse", // 5 - "NextDispatchR", // 6 - "InitialSeatsSum", // 7 - "MaxSeatsSum", // 8 - "TotalWorkSum", // 9 - } - tabPrint(tabWriter, rowForHeaders(columnHeaders)) - endLine(tabWriter) - for _, plState := range cfgCtlr.priorityLevelStates { - if plState.queues == nil { - tabPrint(tabWriter, row( - plState.pl.Name, // 1 - "<none>", // 2 - "<none>", // 3 - "<none>", // 4 - "<none>", // 5 - "<none>", // 6 - "<none>", // 7 - "<none>", // 8 - "<none>", // 9 - )) - endLine(tabWriter) - continue - } - queueSetDigest := plState.queues.Dump(false) - for i, q := range queueSetDigest.Queues { - tabPrint(tabWriter, row( - plState.pl.Name, // 1 - "PriorityLevelName" - strconv.Itoa(i), // 2 - "Index" - strconv.Itoa(len(q.Requests)), // 3 - "PendingRequests" - strconv.Itoa(q.ExecutingRequests), // 4 - "ExecutingRequests" - strconv.Itoa(q.SeatsInUse), // 5 - "SeatsInUse" - q.NextDispatchR, // 6 - "NextDispatchR" - strconv.Itoa(q.QueueSum.InitialSeatsSum), // 7 - "InitialSeatsSum" - strconv.Itoa(q.QueueSum.MaxSeatsSum), // 8 - "MaxSeatsSum" - q.QueueSum.TotalWorkSum, // 9 - "TotalWorkSum" - )) - endLine(tabWriter) - } - } - runtime.HandleError(tabWriter.Flush()) -} - -func (cfgCtlr *configController) dumpRequests(w http.ResponseWriter, r *http.Request) { - cfgCtlr.lock.Lock() - defer cfgCtlr.lock.Unlock() - - includeRequestDetails := len(r.URL.Query().Get(queryIncludeRequestDetails)) > 0 - - tabWriter := tabwriter.NewWriter(w, 8, 0, 1, ' ', 0) - tabPrint(tabWriter, rowForHeaders([]string{ - "PriorityLevelName", // 1 - "FlowSchemaName", // 2 - "QueueIndex", // 3 - "RequestIndexInQueue", // 4 - "FlowDistingsher", // 5 - "ArriveTime", // 6 - "InitialSeats", // 7 - "FinalSeats", // 8 - "AdditionalLatency", // 9 - })) - if includeRequestDetails { - continueLine(tabWriter) - tabPrint(tabWriter, rowForHeaders([]string{ - "UserName", // 10 - "Verb", // 11 - "APIPath", // 12 - "Namespace", // 13 - "Name", // 14 - "APIVersion", // 15 - "Resource", // 16 - "SubResource", // 17 - })) - } - endLine(tabWriter) - for _, plState := range cfgCtlr.priorityLevelStates { - if plState.queues == nil { - continue - } - queueSetDigest := plState.queues.Dump(includeRequestDetails) - for iq, q := range queueSetDigest.Queues { - for ir, r := range q.Requests { - tabPrint(tabWriter, row( - plState.pl.Name, // 1 - r.MatchedFlowSchema, // 2 - strconv.Itoa(iq), // 3 - strconv.Itoa(ir), // 4 - r.FlowDistinguisher, // 5 - r.ArriveTime.UTC().Format(time.RFC3339Nano), // 6 - strconv.Itoa(int(r.WorkEstimate.InitialSeats)), // 7 - strconv.Itoa(int(r.WorkEstimate.FinalSeats)), // 8 - r.WorkEstimate.AdditionalLatency.String(), // 9 - )) - if includeRequestDetails { - continueLine(tabWriter) - tabPrint(tabWriter, rowForRequestDetails( - r.UserName, // 10 - r.RequestInfo.Verb, // 11 - r.RequestInfo.Path, // 12 - r.RequestInfo.Namespace, // 13 - r.RequestInfo.Name, // 14 - schema.GroupVersion{ - Group: r.RequestInfo.APIGroup, - Version: r.RequestInfo.APIVersion, - }.String(), // 15 - r.RequestInfo.Resource, // 16 - r.RequestInfo.Subresource, // 17 - )) - } - endLine(tabWriter) - } - } - } - runtime.HandleError(tabWriter.Flush()) -} - -func tabPrint(w io.Writer, row string) { - _, err := fmt.Fprint(w, row) - runtime.HandleError(err) -} - -func continueLine(w io.Writer) { - _, err := fmt.Fprint(w, ",\t") - runtime.HandleError(err) -} -func endLine(w io.Writer) { - _, err := fmt.Fprint(w, "\n") - runtime.HandleError(err) -} - -func rowForHeaders(headers []string) string { - return row(headers...) -} - -func rowForPriorityLevel(plName string, activeQueues int, isIdle, isQuiescing bool, waitingRequests, executingRequests int) string { - return row( - plName, - strconv.Itoa(activeQueues), - strconv.FormatBool(isIdle), - strconv.FormatBool(isQuiescing), - strconv.Itoa(waitingRequests), - strconv.Itoa(executingRequests), - ) -} - -func rowForRequestDetails(username, verb, path, namespace, name, apiVersion, resource, subResource string) string { - return row( - username, - verb, - path, - namespace, - name, - apiVersion, - resource, - subResource, - ) -} - -func row(columns ...string) string { - return strings.Join(columns, ",\t") -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go deleted file mode 100644 index 037ac0db15..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go +++ /dev/null @@ -1,197 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "context" - "strconv" - "time" - - "k8s.io/apiserver/pkg/server/httplog" - "k8s.io/apiserver/pkg/server/mux" - fq "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing" - "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock" - fqs "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset" - "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - fcrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - kubeinformers "k8s.io/client-go/informers" - "k8s.io/klog/v2" - "k8s.io/utils/clock" - - flowcontrol "k8s.io/api/flowcontrol/v1beta3" - flowcontrolclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3" -) - -// ConfigConsumerAsFieldManager is how the config consuminng -// controller appears in an ObjectMeta ManagedFieldsEntry.Manager -const ConfigConsumerAsFieldManager = "api-priority-and-fairness-config-consumer-v1" - -// Interface defines how the API Priority and Fairness filter interacts with the underlying system. -type Interface interface { - // Handle takes care of queuing and dispatching a request - // characterized by the given digest. The given `noteFn` will be - // invoked with the results of request classification. - // The given `workEstimator` is called, if at all, after noteFn. - // `workEstimator` will be invoked only when the request - // is classified as non 'exempt'. - // 'workEstimator', when invoked, must return the - // work parameters for the request. - // If the request is queued then `queueNoteFn` will be called twice, - // first with `true` and then with `false`; otherwise - // `queueNoteFn` will not be called at all. If Handle decides - // that the request should be executed then `execute()` will be - // invoked once to execute the request; otherwise `execute()` will - // not be invoked. - // Handle() should never return while execute() is running, even if - // ctx is cancelled or times out. - Handle(ctx context.Context, - requestDigest RequestDigest, - noteFn func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration, flowDistinguisher string), - workEstimator func() fcrequest.WorkEstimate, - queueNoteFn fq.QueueNoteFn, - execFn func(), - ) - - // Run monitors config objects from the main apiservers and causes - // any needed changes to local behavior. This method ceases - // activity and returns after the given channel is closed. - Run(stopCh <-chan struct{}) error - - // Install installs debugging endpoints to the web-server. - Install(c *mux.PathRecorderMux) - - // WatchTracker provides the WatchTracker interface. - WatchTracker -} - -// This request filter implements https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1040-priority-and-fairness/README.md - -// New creates a new instance to implement API priority and fairness -func New( - informerFactory kubeinformers.SharedInformerFactory, - flowcontrolClient flowcontrolclient.FlowcontrolV1beta3Interface, - serverConcurrencyLimit int, - requestWaitLimit time.Duration, -) Interface { - clk := eventclock.Real{} - return NewTestable(TestableConfig{ - Name: "Controller", - Clock: clk, - AsFieldManager: ConfigConsumerAsFieldManager, - FoundToDangling: func(found bool) bool { return !found }, - InformerFactory: informerFactory, - FlowcontrolClient: flowcontrolClient, - ServerConcurrencyLimit: serverConcurrencyLimit, - RequestWaitLimit: requestWaitLimit, - ReqsGaugeVec: metrics.PriorityLevelConcurrencyGaugeVec, - ExecSeatsGaugeVec: metrics.PriorityLevelExecutionSeatsGaugeVec, - QueueSetFactory: fqs.NewQueueSetFactory(clk), - }) -} - -// TestableConfig carries the parameters to an implementation that is testable -type TestableConfig struct { - // Name of the controller - Name string - - // Clock to use in timing deliberate delays - Clock clock.PassiveClock - - // AsFieldManager is the string to use in the metadata for - // server-side apply. Normally this is - // `ConfigConsumerAsFieldManager`. This is exposed as a parameter - // so that a test of competing controllers can supply different - // values. - AsFieldManager string - - // FoundToDangling maps the boolean indicating whether a - // FlowSchema's referenced PLC exists to the boolean indicating - // that FlowSchema's status should indicate a dangling reference. - // This is a parameter so that we can write tests of what happens - // when servers disagree on that bit of Status. - FoundToDangling func(bool) bool - - // InformerFactory to use in building the controller - InformerFactory kubeinformers.SharedInformerFactory - - // FlowcontrolClient to use for manipulating config objects - FlowcontrolClient flowcontrolclient.FlowcontrolV1beta3Interface - - // ServerConcurrencyLimit for the controller to enforce - ServerConcurrencyLimit int - - // RequestWaitLimit configured on the server - RequestWaitLimit time.Duration - - // GaugeVec for metrics about requests, broken down by phase and priority_level - ReqsGaugeVec metrics.RatioedGaugeVec - - // RatioedGaugePairVec for metrics about seats occupied by all phases of execution - ExecSeatsGaugeVec metrics.RatioedGaugeVec - - // QueueSetFactory for the queuing implementation - QueueSetFactory fq.QueueSetFactory -} - -// NewTestable is extra flexible to facilitate testing -func NewTestable(config TestableConfig) Interface { - return newTestableController(config) -} - -func (cfgCtlr *configController) Handle(ctx context.Context, requestDigest RequestDigest, - noteFn func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration, flowDistinguisher string), - workEstimator func() fcrequest.WorkEstimate, - queueNoteFn fq.QueueNoteFn, - execFn func()) { - fs, pl, isExempt, req, startWaitingTime := cfgCtlr.startRequest(ctx, requestDigest, noteFn, workEstimator, queueNoteFn) - queued := startWaitingTime != time.Time{} - if req == nil { - if queued { - metrics.ObserveWaitingDuration(ctx, pl.Name, fs.Name, strconv.FormatBool(req != nil), time.Since(startWaitingTime)) - } - klog.V(7).Infof("Handle(%#+v) => fsName=%q, distMethod=%#+v, plName=%q, isExempt=%v, reject", requestDigest, fs.Name, fs.Spec.DistinguisherMethod, pl.Name, isExempt) - return - } - klog.V(7).Infof("Handle(%#+v) => fsName=%q, distMethod=%#+v, plName=%q, isExempt=%v, queued=%v", requestDigest, fs.Name, fs.Spec.DistinguisherMethod, pl.Name, isExempt, queued) - var executed bool - idle, panicking := true, true - defer func() { - klog.V(7).Infof("Handle(%#+v) => fsName=%q, distMethod=%#+v, plName=%q, isExempt=%v, queued=%v, Finish() => panicking=%v idle=%v", - requestDigest, fs.Name, fs.Spec.DistinguisherMethod, pl.Name, isExempt, queued, panicking, idle) - if idle { - cfgCtlr.maybeReap(pl.Name) - } - }() - idle = req.Finish(func() { - if queued { - metrics.ObserveWaitingDuration(ctx, pl.Name, fs.Name, strconv.FormatBool(req != nil), time.Since(startWaitingTime)) - } - metrics.AddDispatch(ctx, pl.Name, fs.Name) - executed = true - startExecutionTime := time.Now() - defer func() { - executionTime := time.Since(startExecutionTime) - httplog.AddKeyValue(ctx, "apf_execution_time", executionTime) - metrics.ObserveExecutionDuration(ctx, pl.Name, fs.Name, executionTime) - }() - execFn() - }) - if queued && !executed { - metrics.ObserveWaitingDuration(ctx, pl.Name, fs.Name, strconv.FormatBool(req != nil), time.Since(startWaitingTime)) - } - panicking = false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/conc_alloc.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/conc_alloc.go deleted file mode 100644 index 4360390711..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/conc_alloc.go +++ /dev/null @@ -1,256 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "errors" - "fmt" - "math" - "sort" -) - -// allocProblemItem is one of the classes to which computeConcurrencyAllocation should make an allocation -type allocProblemItem struct { - target float64 - lowerBound float64 - upperBound float64 -} - -// relativeAllocItem is like allocProblemItem but with target avoiding zero and the bounds divided by the target -type relativeAllocItem struct { - target float64 - relativeLowerBound float64 - relativeUpperBound float64 -} - -// relativeAllocProblem collects together all the classes and holds the result of sorting by increasing bounds. -// For J <= K, ascendingIndices[J] identifies a bound that is <= the one of ascendingIndices[K]. -// When ascendingIndices[J] = 2*N + 0, this identifies the lower bound of items[N]. -// When ascendingIndices[J] = 2*N + 1, this identifies the upper bound of items[N]. -type relativeAllocProblem struct { - items []relativeAllocItem - ascendingIndices []int -} - -// initIndices fills in ascendingIndices and sorts them -func (rap *relativeAllocProblem) initIndices() *relativeAllocProblem { - rap.ascendingIndices = make([]int, len(rap.items)*2) - for idx := 0; idx < len(rap.ascendingIndices); idx++ { - rap.ascendingIndices[idx] = idx - } - sort.Sort(rap) - return rap -} - -func (rap *relativeAllocProblem) getItemIndex(idx int) (int, bool) { - packedIndex := rap.ascendingIndices[idx] - itemIndex := packedIndex / 2 - return itemIndex, packedIndex == itemIndex*2 -} - -// decode(J) returns the bound associated with ascendingIndices[J], the associated items index, -// and a bool indicating whether the bound is the item's lower bound. -func (rap *relativeAllocProblem) decode(idx int) (float64, int, bool) { - itemIdx, lower := rap.getItemIndex(idx) - if lower { - return rap.items[itemIdx].relativeLowerBound, itemIdx, lower - } - return rap.items[itemIdx].relativeUpperBound, itemIdx, lower -} - -func (rap *relativeAllocProblem) getProportion(idx int) float64 { - prop, _, _ := rap.decode(idx) - return prop -} - -func (rap *relativeAllocProblem) Len() int { return len(rap.items) * 2 } - -func (rap *relativeAllocProblem) Less(i, j int) bool { - return rap.getProportion(i) < rap.getProportion(j) -} - -func (rap *relativeAllocProblem) Swap(i, j int) { - rap.ascendingIndices[i], rap.ascendingIndices[j] = rap.ascendingIndices[j], rap.ascendingIndices[i] -} - -// minMax records the minimum and maximum value seen while scanning a set of numbers -type minMax struct { - min float64 - max float64 -} - -// note scans one more number -func (mm *minMax) note(x float64) { - mm.min = math.Min(mm.min, x) - mm.max = math.Max(mm.max, x) -} - -const MinTarget = 0.001 -const epsilon = 0.0000001 - -// computeConcurrencyAllocation returns the unique `allocs []float64`, and -// an associated `fairProp float64`, that jointly have -// all of the following properties (to the degree that floating point calculations allow) -// if possible otherwise returns an error saying why it is impossible. -// `allocs` sums to `requiredSum`. -// For each J in [0, len(classes)): -// (1) `classes[J].lowerBound <= allocs[J] <= classes[J].upperBound` and -// (2) exactly one of the following is true: -// (2a) `allocs[J] == fairProp * classes[J].target`, -// (2b) `allocs[J] == classes[J].lowerBound && classes[J].lowerBound > fairProp * classes[J].target`, or -// (2c) `allocs[J] == classes[J].upperBound && classes[J].upperBound < fairProp * classes[J].target`. -// Each allocProblemItem is required to have `target >= lowerBound >= 0` and `upperBound >= lowerBound`. -// A target smaller than MinTarget is treated as if it were MinTarget. -func computeConcurrencyAllocation(requiredSum int, classes []allocProblemItem) ([]float64, float64, error) { - if requiredSum < 0 { - return nil, 0, errors.New("negative sums are not supported") - } - requiredSumF := float64(requiredSum) - var lowSum, highSum, targetSum float64 - ubRange := minMax{min: float64(math.MaxFloat32)} - lbRange := minMax{min: float64(math.MaxFloat32)} - relativeItems := make([]relativeAllocItem, len(classes)) - for idx, item := range classes { - target := item.target - if item.lowerBound < 0 { - return nil, 0, fmt.Errorf("lower bound %d is %v but negative lower bounds are not allowed", idx, item.lowerBound) - } - if target < item.lowerBound { - return nil, 0, fmt.Errorf("target %d is %v, which is below its lower bound of %v", idx, target, item.lowerBound) - } - if item.upperBound < item.lowerBound { - return nil, 0, fmt.Errorf("upper bound %d is %v but should not be less than the lower bound %v", idx, item.upperBound, item.lowerBound) - } - if target < MinTarget { - // tweak this to a non-zero value so avoid dividing by zero - target = MinTarget - } - lowSum += item.lowerBound - highSum += item.upperBound - targetSum += target - relativeItem := relativeAllocItem{ - target: target, - relativeLowerBound: item.lowerBound / target, - relativeUpperBound: item.upperBound / target, - } - ubRange.note(relativeItem.relativeUpperBound) - lbRange.note(relativeItem.relativeLowerBound) - relativeItems[idx] = relativeItem - } - if lbRange.max > 1 { - return nil, 0, fmt.Errorf("lbRange.max-1=%v, which is impossible because lbRange.max can not be greater than 1", lbRange.max-1) - } - if lowSum-requiredSumF > epsilon { - return nil, 0, fmt.Errorf("lower bounds sum to %v, which is higher than the required sum of %v", lowSum, requiredSum) - } - if requiredSumF-highSum > epsilon { - return nil, 0, fmt.Errorf("upper bounds sum to %v, which is lower than the required sum of %v", highSum, requiredSum) - } - ans := make([]float64, len(classes)) - if requiredSum == 0 { - return ans, 0, nil - } - if lowSum-requiredSumF > -epsilon { // no wiggle room, constrained from below - for idx, item := range classes { - ans[idx] = item.lowerBound - } - return ans, lbRange.min, nil - } - if requiredSumF-highSum > -epsilon { // no wiggle room, constrained from above - for idx, item := range classes { - ans[idx] = item.upperBound - } - return ans, ubRange.max, nil - } - // Now we know the solution is a unique fairProp in [lbRange.min, ubRange.max]. - // See if the solution does not run into any bounds. - fairProp := requiredSumF / targetSum - if lbRange.max <= fairProp && fairProp <= ubRange.min { // no bounds matter - for idx := range classes { - ans[idx] = relativeItems[idx].target * fairProp - } - return ans, fairProp, nil - } - // Sadly, some bounds matter. - // We find the solution by sorting the bounds and considering progressively - // higher values of fairProp, starting from lbRange.min. - rap := (&relativeAllocProblem{items: relativeItems}).initIndices() - sumSoFar := lowSum - fairProp = lbRange.min - var sensitiveTargetSum, deltaSensitiveTargetSum float64 - var numSensitiveClasses, deltaSensitiveClasses int - var nextIdx int - // `nextIdx` is the next `rap` index to consider. - // `sumSoFar` is what the allocs would sum to if the current - // value of `fairProp` solves the problem. - // If the current value of fairProp were the answer then - // `sumSoFar == requiredSum`. - // Otherwise the next increment in fairProp involves changing the allocations - // of `numSensitiveClasses` classes whose targets sum to `sensitiveTargetSum`; - // for the other classes, an upper or lower bound has applied and will continue to apply. - // The last increment of nextIdx calls for adding `deltaSensitiveClasses` - // to `numSensitiveClasses` and adding `deltaSensitiveTargetSum` to `sensitiveTargetSum`. - for sumSoFar < requiredSumF { - // There might be more than one bound that is equal to the current value - // of fairProp; find all of them because they will all be relevant to - // the next change in fairProp. - // Set nextBound to the next bound that is NOT equal to fairProp, - // and advance nextIdx to the index of that bound. - var nextBound float64 - for { - sensitiveTargetSum += deltaSensitiveTargetSum - numSensitiveClasses += deltaSensitiveClasses - if nextIdx >= rap.Len() { - return nil, 0, fmt.Errorf("impossible: ran out of bounds to consider in bound-constrained problem") - } - var itemIdx int - var lower bool - nextBound, itemIdx, lower = rap.decode(nextIdx) - if lower { - deltaSensitiveClasses = 1 - deltaSensitiveTargetSum = rap.items[itemIdx].target - } else { - deltaSensitiveClasses = -1 - deltaSensitiveTargetSum = -rap.items[itemIdx].target - } - nextIdx++ - if nextBound > fairProp { - break - } - } - // fairProp can increase to nextBound without passing any intermediate bounds. - if numSensitiveClasses == 0 { - // No classes are affected by the next range of fairProp; skip right past it - fairProp = nextBound - continue - } - // See whether fairProp can increase to the solution before passing the next bound. - deltaFairProp := (requiredSumF - sumSoFar) / sensitiveTargetSum - nextProp := fairProp + deltaFairProp - if nextProp <= nextBound { - fairProp = nextProp - break - } - // No, fairProp has to increase above nextBound - sumSoFar += (nextBound - fairProp) * sensitiveTargetSum - fairProp = nextBound - } - for idx, item := range classes { - ans[idx] = math.Max(item.lowerBound, math.Min(item.upperBound, fairProp*relativeItems[idx].target)) - } - return ans, fairProp, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/debug/dump.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/debug/dump.go deleted file mode 100644 index 439d48c45a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/debug/dump.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package debug - -import ( - "time" - - "k8s.io/apiserver/pkg/endpoints/request" - flowcontrolrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" -) - -// QueueSetDump is an instant dump of queue-set. -type QueueSetDump struct { - Queues []QueueDump - Waiting int - Executing int - SeatsInUse int - SeatsWaiting int -} - -// QueueDump is an instant dump of one queue in a queue-set. -type QueueDump struct { - QueueSum QueueSum - Requests []RequestDump - NextDispatchR string - ExecutingRequests int - SeatsInUse int -} - -type QueueSum struct { - InitialSeatsSum int - MaxSeatsSum int - TotalWorkSum string -} - -// RequestDump is an instant dump of one requests pending in the queue. -type RequestDump struct { - MatchedFlowSchema string - FlowDistinguisher string - ArriveTime time.Time - StartTime time.Time - WorkEstimate flowcontrolrequest.WorkEstimate - // request details - UserName string - RequestInfo request.RequestInfo -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock/interface.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock/interface.go deleted file mode 100644 index 58f88b9924..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock/interface.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventclock - -import ( - "time" - - baseclock "k8s.io/utils/clock" -) - -// EventFunc does some work that needs to be done at or after the -// given time. -type EventFunc func(time.Time) - -// EventClock is an active clock abstraction for use in code that is -// testable with a fake clock that itself determines how time may be -// advanced. The timing paradigm is invoking EventFuncs rather than -// synchronizing through channels, so that the fake clock has a handle -// on when associated activity is done. -type Interface interface { - baseclock.PassiveClock - - // Sleep returns after the given duration (or more). - Sleep(d time.Duration) - - // EventAfterDuration invokes the given EventFunc after the given duration (or more), - // passing the time when the invocation was launched. - EventAfterDuration(f EventFunc, d time.Duration) - - // EventAfterTime invokes the given EventFunc at the given time or later, - // passing the time when the invocation was launched. - EventAfterTime(f EventFunc, t time.Time) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock/real.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock/real.go deleted file mode 100644 index d567a0f45e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock/real.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventclock - -import ( - "time" - - "k8s.io/utils/clock" -) - -// RealEventClock fires event on real world time -type Real struct { - clock.RealClock -} - -var _ Interface = Real{} - -// EventAfterDuration schedules an EventFunc -func (Real) EventAfterDuration(f EventFunc, d time.Duration) { - ch := time.After(d) - go func() { - t := <-ch - f(t) - }() -} - -// EventAfterTime schedules an EventFunc -func (r Real) EventAfterTime(f EventFunc, t time.Time) { - r.EventAfterDuration(f, time.Until(t)) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/integrator.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/integrator.go deleted file mode 100644 index f421a6425b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/integrator.go +++ /dev/null @@ -1,191 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fairqueuing - -import ( - "math" - "sync" - "time" - - fcmetrics "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - - "k8s.io/utils/clock" -) - -// Integrator computes the moments of some variable X over time as -// read from a particular clock. The integrals start when the -// Integrator is created, and ends at the latest operation on the -// Integrator. -type Integrator interface { - fcmetrics.Gauge - - GetResults() IntegratorResults - - // Return the results of integrating to now, and reset integration to start now - Reset() IntegratorResults -} - -// IntegratorResults holds statistical abstracts of the integration -type IntegratorResults struct { - Duration float64 //seconds - Average float64 //time-weighted - Deviation float64 //standard deviation: sqrt(avg((value-avg)^2)) - Min, Max float64 -} - -// Equal tests for semantic equality. -// This considers all NaN values to be equal to each other. -func (x *IntegratorResults) Equal(y *IntegratorResults) bool { - return x == y || x != nil && y != nil && x.Duration == y.Duration && x.Min == y.Min && x.Max == y.Max && (x.Average == y.Average || math.IsNaN(x.Average) && math.IsNaN(y.Average)) && (x.Deviation == y.Deviation || math.IsNaN(x.Deviation) && math.IsNaN(y.Deviation)) -} - -type integrator struct { - name string - clock clock.PassiveClock - sync.Mutex - lastTime time.Time - x float64 - moments Moments - min, max float64 -} - -// NewNamedIntegrator makes one that uses the given clock and name -func NewNamedIntegrator(clock clock.PassiveClock, name string) Integrator { - return &integrator{ - name: name, - clock: clock, - lastTime: clock.Now(), - } -} - -func (igr *integrator) Set(x float64) { - igr.Lock() - igr.setLocked(x) - igr.Unlock() -} - -func (igr *integrator) Add(deltaX float64) { - igr.Lock() - igr.setLocked(igr.x + deltaX) - igr.Unlock() -} - -func (igr *integrator) Inc() { - igr.Add(1) -} - -func (igr *integrator) Dec() { - igr.Add(-1) -} - -func (igr *integrator) SetToCurrentTime() { - igr.Set(float64(time.Now().UnixNano())) -} - -func (igr *integrator) setLocked(x float64) { - igr.updateLocked() - igr.x = x - if x < igr.min { - igr.min = x - } - if x > igr.max { - igr.max = x - } -} - -func (igr *integrator) updateLocked() { - now := igr.clock.Now() - dt := now.Sub(igr.lastTime).Seconds() - igr.lastTime = now - igr.moments = igr.moments.Add(ConstantMoments(dt, igr.x)) -} - -func (igr *integrator) GetResults() IntegratorResults { - igr.Lock() - defer igr.Unlock() - return igr.getResultsLocked() -} - -func (igr *integrator) Reset() IntegratorResults { - igr.Lock() - defer igr.Unlock() - results := igr.getResultsLocked() - igr.moments = Moments{} - igr.min = igr.x - igr.max = igr.x - return results -} - -func (igr *integrator) getResultsLocked() (results IntegratorResults) { - igr.updateLocked() - results.Min, results.Max = igr.min, igr.max - results.Duration = igr.moments.ElapsedSeconds - results.Average, results.Deviation = igr.moments.AvgAndStdDev() - return -} - -// Moments are the integrals of the 0, 1, and 2 powers of some -// variable X over some range of time. -type Moments struct { - ElapsedSeconds float64 // integral of dt - IntegralX float64 // integral of x dt - IntegralXX float64 // integral of x*x dt -} - -// ConstantMoments is for a constant X -func ConstantMoments(dt, x float64) Moments { - return Moments{ - ElapsedSeconds: dt, - IntegralX: x * dt, - IntegralXX: x * x * dt, - } -} - -// Add combines over two ranges of time -func (igr Moments) Add(ogr Moments) Moments { - return Moments{ - ElapsedSeconds: igr.ElapsedSeconds + ogr.ElapsedSeconds, - IntegralX: igr.IntegralX + ogr.IntegralX, - IntegralXX: igr.IntegralXX + ogr.IntegralXX, - } -} - -// Sub finds the difference between a range of time and a subrange -func (igr Moments) Sub(ogr Moments) Moments { - return Moments{ - ElapsedSeconds: igr.ElapsedSeconds - ogr.ElapsedSeconds, - IntegralX: igr.IntegralX - ogr.IntegralX, - IntegralXX: igr.IntegralXX - ogr.IntegralXX, - } -} - -// AvgAndStdDev returns the average and standard devation -func (igr Moments) AvgAndStdDev() (float64, float64) { - if igr.ElapsedSeconds <= 0 { - return math.NaN(), math.NaN() - } - avg := igr.IntegralX / igr.ElapsedSeconds - // standard deviation is sqrt( average( (x - xbar)^2 ) ) - // = sqrt( Integral( x^2 + xbar^2 -2*x*xbar dt ) / Duration ) - // = sqrt( ( Integral( x^2 dt ) + Duration * xbar^2 - 2*xbar*Integral(x dt) ) / Duration) - // = sqrt( Integral(x^2 dt)/Duration - xbar^2 ) - variance := igr.IntegralXX/igr.ElapsedSeconds - avg*avg - if variance >= 0 { - return avg, math.Sqrt(variance) - } - return avg, math.NaN() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/interface.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/interface.go deleted file mode 100644 index 5522bb4554..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/interface.go +++ /dev/null @@ -1,136 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fairqueuing - -import ( - "context" - "time" - - "k8s.io/apiserver/pkg/util/flowcontrol/debug" - "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - "k8s.io/apiserver/pkg/util/flowcontrol/request" -) - -// QueueSetFactory is used to create QueueSet objects. Creation, like -// config update, is done in two phases: the first phase consumes the -// QueuingConfig and the second consumes the DispatchingConfig. They -// are separated so that errors from the first phase can be found -// before committing to a concurrency allotment for the second. -type QueueSetFactory interface { - // BeginConstruction does the first phase of creating a QueueSet. - // The RatioedGaugePair observes number of requests, - // execution covering just the regular phase. - // The RatioedGauge observes number of seats occupied through all phases of execution. - // The Gauge observes the seat demand (executing + queued seats). - BeginConstruction(QueuingConfig, metrics.RatioedGaugePair, metrics.RatioedGauge, metrics.Gauge) (QueueSetCompleter, error) -} - -// QueueSetCompleter finishes the two-step process of creating or -// reconfiguring a QueueSet -type QueueSetCompleter interface { - // Complete returns a QueueSet configured by the given - // dispatching configuration. - Complete(DispatchingConfig) QueueSet -} - -// QueueSet is the abstraction for the queuing and dispatching -// functionality of one non-exempt priority level. It covers the -// functionality described in the "Assignment to a Queue", "Queuing", -// and "Dispatching" sections of -// https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1040-priority-and-fairness/README.md -// . Some day we may have connections between priority levels, but -// today is not that day. -type QueueSet interface { - // BeginConfigChange starts the two-step process of updating the - // configuration. No change is made until Complete is called. If - // `C := X.BeginConstruction(q)` then `C.Complete(d)` returns the - // same value `X`. If the QueuingConfig's DesiredNumQueues field - // is zero then the other queuing-specific config parameters are - // not changed, so that the queues continue draining as before. - // In any case, reconfiguration does not discard any queue unless - // and until it is undesired and empty. - BeginConfigChange(QueuingConfig) (QueueSetCompleter, error) - - // IsIdle returns a bool indicating whether the QueueSet was idle - // at the moment of the return. Idle means the QueueSet has zero - // requests queued and zero executing. This bit can change only - // (1) during a call to StartRequest and (2) during a call to - // Request::Finish. In the latter case idleness can only change - // from false to true. - IsIdle() bool - - // StartRequest begins the process of handling a request. If the - // request gets queued and the number of queues is greater than 1 - // then StartRequest uses the given hashValue as the source of - // entropy as it shuffle-shards the request into a queue. The - // descr1 and descr2 values play no role in the logic but appear - // in log messages. This method always returns quickly (without - // waiting for the request to be dequeued). If this method - // returns a nil Request value then caller should reject the - // request and the returned bool indicates whether the QueueSet - // was idle at the moment of the return. Otherwise idle==false - // and the client must call the Finish method of the Request - // exactly once. - StartRequest(ctx context.Context, width *request.WorkEstimate, hashValue uint64, flowDistinguisher, fsName string, descr1, descr2 interface{}, queueNoteFn QueueNoteFn) (req Request, idle bool) - - // Dump saves and returns the instant internal state of the queue-set. - // Note that dumping process will stop the queue-set from proceeding - // any requests. - // For debugging only. - Dump(includeRequestDetails bool) debug.QueueSetDump -} - -// QueueNoteFn is called when a request enters and leaves a queue -type QueueNoteFn func(inQueue bool) - -// Request represents the remainder of the handling of one request -type Request interface { - // Finish determines whether to execute or reject the request and - // invokes `execute` if the decision is to execute the request. - // The returned `idle bool` value indicates whether the QueueSet - // was idle when the value was calculated, but might no longer be - // accurate by the time the client examines that value. - Finish(execute func()) (idle bool) -} - -// QueuingConfig defines the configuration of the queuing aspect of a QueueSet. -type QueuingConfig struct { - // Name is used to identify a queue set, allowing for descriptive information about its intended use - Name string - - // DesiredNumQueues is the number of queues that the API says - // should exist now. This may be zero, in which case - // QueueLengthLimit, HandSize, and RequestWaitLimit are ignored. - DesiredNumQueues int - - // QueueLengthLimit is the maximum number of requests that may be waiting in a given queue at a time - QueueLengthLimit int - - // HandSize is a parameter of shuffle sharding. Upon arrival of a request, a queue is chosen by randomly - // dealing a "hand" of this many queues and then picking one of minimum length. - HandSize int - - // RequestWaitLimit is the maximum amount of time that a request may wait in a queue. - // If, by the end of that time, the request has not been dispatched then it is rejected. - RequestWaitLimit time.Duration -} - -// DispatchingConfig defines the configuration of the dispatching aspect of a QueueSet. -type DispatchingConfig struct { - // ConcurrencyLimit is the maximum number of requests of this QueueSet that may be executing at a time - ConcurrencyLimit int -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise/interface.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise/interface.go deleted file mode 100644 index b2e3adbdcb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise/interface.go +++ /dev/null @@ -1,34 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package promise - -// WriteOnce represents a variable that is initially not set and can -// be set once and is readable. This is the common meaning for -// "promise". -type WriteOnce interface { - // Get reads the current value of this variable. If this - // variable is not set yet then this call blocks until this - // variable gets a value. - Get() interface{} - - // Set normally writes a value into this variable, unblocks every - // goroutine waiting for this variable to have a value, and - // returns true. In the unhappy case that this variable is - // already set, this method returns false without modifying the - // variable's value. - Set(interface{}) bool -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise/promise.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise/promise.go deleted file mode 100644 index d3bda40aaa..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise/promise.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package promise - -import ( - "sync" -) - -// promise implements the WriteOnce interface. -type promise struct { - doneCh <-chan struct{} - doneVal interface{} - setCh chan struct{} - onceler sync.Once - value interface{} -} - -var _ WriteOnce = &promise{} - -// NewWriteOnce makes a new thread-safe WriteOnce. -// -// If `initial` is non-nil then that value is Set at creation time. -// -// If a `Get` is waiting soon after `doneCh` becomes selectable (which -// never happens for the nil channel) then `Set(doneVal)` effectively -// happens at that time. -func NewWriteOnce(initial interface{}, doneCh <-chan struct{}, doneVal interface{}) WriteOnce { - p := &promise{ - doneCh: doneCh, - doneVal: doneVal, - setCh: make(chan struct{}), - } - if initial != nil { - p.Set(initial) - } - return p -} - -func (p *promise) Get() interface{} { - select { - case <-p.setCh: - case <-p.doneCh: - p.Set(p.doneVal) - } - return p.value -} - -func (p *promise) Set(value interface{}) bool { - var ans bool - p.onceler.Do(func() { - p.value = value - close(p.setCh) - ans = true - }) - return ans -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/doc.go deleted file mode 100644 index fc30ebfd5b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/doc.go +++ /dev/null @@ -1,119 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package queueset implements a technique called "fair queuing for -// server requests". One QueueSet is a set of queues operating -// according to this technique. -// -// Fair queuing for server requests is inspired by the fair queuing -// technique from the world of networking. You can find a good paper -// on that at https://dl.acm.org/citation.cfm?doid=75247.75248 or -// http://people.csail.mit.edu/imcgraw/links/research/pubs/networks/WFQ.pdf -// and there is an implementation outline in the Wikipedia article at -// https://en.wikipedia.org/wiki/Fair_queuing . -// -// Fair queuing for server requests differs from traditional fair -// queuing in three ways: (1) we are dispatching application layer -// requests to a server rather than transmitting packets on a network -// link, (2) multiple requests can be executing at once, and (3) the -// service time (execution duration) is not known until the execution -// completes. -// -// The first two differences can easily be handled by straightforward -// adaptation of the concept called "R(t)" in the original paper and -// "virtual time" in the implementation outline. In that -// implementation outline, the notation now() is used to mean reading -// the virtual clock. In the original paper’s terms, "R(t)" is the -// number of "rounds" that have been completed at real time t --- -// where a round consists of virtually transmitting one bit from every -// non-empty queue in the router (regardless of which queue holds the -// packet that is really being transmitted at the moment); in this -// conception, a packet is considered to be "in" its queue until the -// packet’s transmission is finished. For our problem, we can define a -// round to be giving one nanosecond of CPU to every non-empty queue -// in the apiserver (where emptiness is judged based on both queued -// and executing requests from that queue), and define R(t) = (server -// start time) + (1 ns) * (number of rounds since server start). Let -// us write NEQ(t) for that number of non-empty queues in the -// apiserver at time t. Let us also write C for the concurrency -// limit. In the original paper, the partial derivative of R(t) with -// respect to t is -// -// 1 / NEQ(t) . -// -// To generalize from transmitting one packet at a time to executing C -// requests at a time, that derivative becomes -// -// C / NEQ(t) . -// -// However, sometimes there are fewer than C requests available to -// execute. For a given queue "q", let us also write "reqs(q, t)" for -// the number of requests of that queue that are executing at that -// time. The total number of requests executing is sum[over q] -// reqs(q, t) and if that is less than C then virtual time is not -// advancing as fast as it would if all C seats were occupied; in this -// case the numerator of the quotient in that derivative should be -// adjusted proportionally. Putting it all together for fair queing -// for server requests: at a particular time t, the partial derivative -// of R(t) with respect to t is -// -// min( C, sum[over q] reqs(q, t) ) / NEQ(t) . -// -// In terms of the implementation outline, this is the rate at which -// virtual time is advancing at time t (in virtual nanoseconds per -// real nanosecond). Where the networking implementation outline adds -// packet size to a virtual time, in our version this corresponds to -// adding a service time (i.e., duration) to virtual time. -// -// The third difference is handled by modifying the algorithm to -// dispatch based on an initial guess at the request’s service time -// (duration) and then make the corresponding adjustments once the -// request’s actual service time is known. This is similar, although -// not exactly isomorphic, to the original paper’s adjustment by -// `$\delta$` for the sake of promptness. -// -// For implementation simplicity (see below), let us use the same -// initial service time guess for every request; call that duration -// G. A good choice might be the service time limit (1 -// minute). Different guesses will give slightly different dynamics, -// but any positive number can be used for G without ruining the -// long-term behavior. -// -// As in ordinary fair queuing, there is a bound on divergence from -// the ideal. In plain fair queuing the bound is one packet; in our -// version it is C requests. -// -// To support efficiently making the necessary adjustments once a -// request’s actual service time is known, the virtual finish time of -// a request and the last virtual finish time of a queue are not -// represented directly but instead computed from queue length, -// request position in the queue, and an alternate state variable that -// holds the queue’s virtual start time. While the queue is empty and -// has no requests executing: the value of its virtual start time -// variable is ignored and its last virtual finish time is considered -// to be in the virtual past. When a request arrives to an empty queue -// with no requests executing, the queue’s virtual start time is set -// to the current virtual time. The virtual finish time of request -// number J in the queue (counting from J=1 for the head) is J * G + -// (queue's virtual start time). While the queue is non-empty: the -// last virtual finish time of the queue is the virtual finish time of -// the last request in the queue. While the queue is empty and has a -// request executing: the last virtual finish time is the queue’s -// virtual start time. When a request is dequeued for service the -// queue’s virtual start time is advanced by G. When a request -// finishes being served, and the actual service time was S, the -// queue’s virtual start time is decremented by G - S. -package queueset diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/fifo_list.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/fifo_list.go deleted file mode 100644 index eb56e1e946..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/fifo_list.go +++ /dev/null @@ -1,156 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package queueset - -import ( - "container/list" -) - -// removeFromFIFOFunc removes a designated element from the list -// if that element is in the list. -// The complexity of the runtime cost is O(1). -// The returned value is the element removed, if indeed one was removed, -// otherwise `nil`. -type removeFromFIFOFunc func() *request - -// walkFunc is called for each request in the list in the -// oldest -> newest order. -// ok: if walkFunc returns false then the iteration stops immediately. -// walkFunc may remove the given request from the fifo, -// but may not mutate the fifo in any othe way. -type walkFunc func(*request) (ok bool) - -// Internal interface to abstract out the implementation details -// of the underlying list used to maintain the requests. -// -// Note that a fifo, including the removeFromFIFOFuncs returned from Enqueue, -// is not safe for concurrent use by multiple goroutines. -type fifo interface { - // Enqueue enqueues the specified request into the list and - // returns a removeFromFIFOFunc function that can be used to remove the - // request from the list - Enqueue(*request) removeFromFIFOFunc - - // Dequeue pulls out the oldest request from the list. - Dequeue() (*request, bool) - - // Peek returns the oldest request without removing it. - Peek() (*request, bool) - - // Length returns the number of requests in the list. - Length() int - - // QueueSum returns the sum of initial seats, final seats, and - // additional latency aggregated from all requests in this queue. - QueueSum() queueSum - - // Walk iterates through the list in order of oldest -> newest - // and executes the specified walkFunc for each request in that order. - // - // if the specified walkFunc returns false the Walk function - // stops the walk an returns immediately. - Walk(walkFunc) -} - -// the FIFO list implementation is not safe for concurrent use by multiple -// goroutines. -type requestFIFO struct { - *list.List - - sum queueSum -} - -func newRequestFIFO() fifo { - return &requestFIFO{ - List: list.New(), - } -} - -func (l *requestFIFO) Length() int { - return l.Len() -} - -func (l *requestFIFO) QueueSum() queueSum { - return l.sum -} - -func (l *requestFIFO) Enqueue(req *request) removeFromFIFOFunc { - e := l.PushBack(req) - addToQueueSum(&l.sum, req) - - return func() *request { - if e.Value == nil { - return nil - } - l.Remove(e) - e.Value = nil - deductFromQueueSum(&l.sum, req) - return req - } -} - -func (l *requestFIFO) Dequeue() (*request, bool) { - return l.getFirst(true) -} - -func (l *requestFIFO) Peek() (*request, bool) { - return l.getFirst(false) -} - -func (l *requestFIFO) getFirst(remove bool) (*request, bool) { - e := l.Front() - if e == nil { - return nil, false - } - - if remove { - defer func() { - l.Remove(e) - e.Value = nil - }() - } - - request, ok := e.Value.(*request) - if remove && ok { - deductFromQueueSum(&l.sum, request) - } - return request, ok -} - -func (l *requestFIFO) Walk(f walkFunc) { - var next *list.Element - for current := l.Front(); current != nil; current = next { - next = current.Next() // f is allowed to remove current - if r, ok := current.Value.(*request); ok { - if !f(r) { - return - } - } - } -} - -func addToQueueSum(sum *queueSum, req *request) { - sum.InitialSeatsSum += req.InitialSeats() - sum.MaxSeatsSum += req.MaxSeats() - sum.TotalWorkSum += req.totalWork() -} - -func deductFromQueueSum(sum *queueSum, req *request) { - sum.InitialSeatsSum -= req.InitialSeats() - sum.MaxSeatsSum -= req.MaxSeats() - sum.TotalWorkSum -= req.totalWork() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go deleted file mode 100644 index 9106a033ef..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go +++ /dev/null @@ -1,1046 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package queueset - -import ( - "context" - "errors" - "fmt" - "math" - "sync" - "time" - - "k8s.io/apiserver/pkg/util/flowcontrol/debug" - fq "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing" - "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock" - "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise" - "k8s.io/apiserver/pkg/util/flowcontrol/metrics" - fqrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" - "k8s.io/apiserver/pkg/util/shufflesharding" - "k8s.io/klog/v2" - - // The following hack is needed to work around a tooling deficiency. - // Packages imported only for test code are not included in vendor. - // See https://kubernetes.slack.com/archives/C0EG7JC6T/p1626985671458800?thread_ts=1626983387.450800&cid=C0EG7JC6T - _ "k8s.io/utils/clock/testing" -) - -const nsTimeFmt = "2006-01-02 15:04:05.000000000" - -// queueSetFactory implements the QueueSetFactory interface -// queueSetFactory makes QueueSet objects. -type queueSetFactory struct { - clock eventclock.Interface - promiseFactoryFactory promiseFactoryFactory -} - -// promiseFactory returns a WriteOnce -// - whose Set method is invoked with the queueSet locked, and -// - whose Get method is invoked with the queueSet not locked. -// The parameters are the same as for `promise.NewWriteOnce`. -type promiseFactory func(initial interface{}, doneCh <-chan struct{}, doneVal interface{}) promise.WriteOnce - -// promiseFactoryFactory returns the promiseFactory to use for the given queueSet -type promiseFactoryFactory func(*queueSet) promiseFactory - -// `*queueSetCompleter` implements QueueSetCompleter. Exactly one of -// the fields `factory` and `theSet` is non-nil. -type queueSetCompleter struct { - factory *queueSetFactory - reqsGaugePair metrics.RatioedGaugePair - execSeatsGauge metrics.RatioedGauge - seatDemandIntegrator metrics.Gauge - theSet *queueSet - qCfg fq.QueuingConfig - dealer *shufflesharding.Dealer -} - -// queueSet implements the Fair Queuing for Server Requests technique -// described in this package's doc, and a pointer to one implements -// the QueueSet interface. The fields listed before the lock -// should not be changed; the fields listed after the -// lock must be accessed only while holding the lock. -// -// The methods of this type follow the naming convention that the -// suffix "Locked" means the caller must hold the lock; for a method -// whose name does not end in "Locked" either acquires the lock or -// does not care about locking. -// -// The methods of this type also follow the convention that the suffix -// "ToBoundLocked" means that the caller may have to follow up with a -// call to `boundNextDispatchLocked`. This is so for a method that -// changes what request is oldest in a queue, because that change means -// that the anti-windup hack in boundNextDispatchLocked needs to be -// applied wrt the revised oldest request in the queue. -type queueSet struct { - clock eventclock.Interface - estimatedServiceDuration time.Duration - - reqsGaugePair metrics.RatioedGaugePair // .RequestsExecuting covers regular phase only - - execSeatsGauge metrics.RatioedGauge // for all phases of execution - - seatDemandIntegrator metrics.Gauge - - promiseFactory promiseFactory - - lock sync.Mutex - - // qCfg holds the current queuing configuration. Its - // DesiredNumQueues may be less than the current number of queues. - // If its DesiredNumQueues is zero then its other queuing - // parameters retain the settings they had when DesiredNumQueues - // was last non-zero (if ever). - qCfg fq.QueuingConfig - - // the current dispatching configuration. - dCfg fq.DispatchingConfig - - // If `qCfg.DesiredNumQueues` is non-zero then dealer is not nil - // and is good for `qCfg`. - dealer *shufflesharding.Dealer - - // queues may be longer than the desired number, while the excess - // queues are still draining. - queues []*queue - - // currentR is the amount of seat-seconds allocated per queue since process startup. - // This is our generalization of the progress meter named R in the original fair queuing work. - currentR fqrequest.SeatSeconds - - // lastRealTime is what `clock.Now()` yielded when `virtualTime` was last updated - lastRealTime time.Time - - // robinIndex is the index of the last queue dispatched - robinIndex int - - // totRequestsWaiting is the sum, over all the queues, of the - // number of requests waiting in that queue - totRequestsWaiting int - - // totRequestsExecuting is the total number of requests of this - // queueSet that are currently executing. That is the same as the - // sum, over all the queues, of the number of requests executing - // from that queue. - totRequestsExecuting int - - // totSeatsInUse is the number of total "seats" in use by all the - // request(s) that are currently executing in this queueset. - totSeatsInUse int - - // totSeatsWaiting is the sum, over all the waiting requests, of their - // max width. - totSeatsWaiting int - - // enqueues is the number of requests that have ever been enqueued - enqueues int -} - -// NewQueueSetFactory creates a new QueueSetFactory object -func NewQueueSetFactory(c eventclock.Interface) fq.QueueSetFactory { - return newTestableQueueSetFactory(c, ordinaryPromiseFactoryFactory) -} - -// newTestableQueueSetFactory creates a new QueueSetFactory object with the given promiseFactoryFactory -func newTestableQueueSetFactory(c eventclock.Interface, promiseFactoryFactory promiseFactoryFactory) fq.QueueSetFactory { - return &queueSetFactory{ - clock: c, - promiseFactoryFactory: promiseFactoryFactory, - } -} - -func (qsf *queueSetFactory) BeginConstruction(qCfg fq.QueuingConfig, reqsGaugePair metrics.RatioedGaugePair, execSeatsGauge metrics.RatioedGauge, seatDemandIntegrator metrics.Gauge) (fq.QueueSetCompleter, error) { - dealer, err := checkConfig(qCfg) - if err != nil { - return nil, err - } - return &queueSetCompleter{ - factory: qsf, - reqsGaugePair: reqsGaugePair, - execSeatsGauge: execSeatsGauge, - seatDemandIntegrator: seatDemandIntegrator, - qCfg: qCfg, - dealer: dealer}, nil -} - -// checkConfig returns a non-nil Dealer if the config is valid and -// calls for one, and returns a non-nil error if the given config is -// invalid. -func checkConfig(qCfg fq.QueuingConfig) (*shufflesharding.Dealer, error) { - if qCfg.DesiredNumQueues == 0 { - return nil, nil - } - dealer, err := shufflesharding.NewDealer(qCfg.DesiredNumQueues, qCfg.HandSize) - if err != nil { - err = fmt.Errorf("the QueueSetConfig implies an invalid shuffle sharding config (DesiredNumQueues is deckSize): %w", err) - } - return dealer, err -} - -func (qsc *queueSetCompleter) Complete(dCfg fq.DispatchingConfig) fq.QueueSet { - qs := qsc.theSet - if qs == nil { - qs = &queueSet{ - clock: qsc.factory.clock, - estimatedServiceDuration: 3 * time.Millisecond, - reqsGaugePair: qsc.reqsGaugePair, - execSeatsGauge: qsc.execSeatsGauge, - seatDemandIntegrator: qsc.seatDemandIntegrator, - qCfg: qsc.qCfg, - currentR: 0, - lastRealTime: qsc.factory.clock.Now(), - } - qs.promiseFactory = qsc.factory.promiseFactoryFactory(qs) - } - qs.setConfiguration(context.Background(), qsc.qCfg, qsc.dealer, dCfg) - return qs -} - -// createQueues is a helper method for initializing an array of n queues -func createQueues(n, baseIndex int) []*queue { - fqqueues := make([]*queue, n) - for i := 0; i < n; i++ { - fqqueues[i] = &queue{index: baseIndex + i, requests: newRequestFIFO()} - } - return fqqueues -} - -func (qs *queueSet) BeginConfigChange(qCfg fq.QueuingConfig) (fq.QueueSetCompleter, error) { - dealer, err := checkConfig(qCfg) - if err != nil { - return nil, err - } - return &queueSetCompleter{ - theSet: qs, - qCfg: qCfg, - dealer: dealer}, nil -} - -// setConfiguration is used to set the configuration for a queueSet. -// Update handling for when fields are updated is handled here as well - -// eg: if DesiredNum is increased, setConfiguration reconciles by -// adding more queues. -func (qs *queueSet) setConfiguration(ctx context.Context, qCfg fq.QueuingConfig, dealer *shufflesharding.Dealer, dCfg fq.DispatchingConfig) { - qs.lockAndSyncTime(ctx) - defer qs.lock.Unlock() - - if qCfg.DesiredNumQueues > 0 { - // Adding queues is the only thing that requires immediate action - // Removing queues is handled by attrition, removing a queue when - // it goes empty and there are too many. - numQueues := len(qs.queues) - if qCfg.DesiredNumQueues > numQueues { - qs.queues = append(qs.queues, - createQueues(qCfg.DesiredNumQueues-numQueues, len(qs.queues))...) - } - } else { - qCfg.QueueLengthLimit = qs.qCfg.QueueLengthLimit - qCfg.HandSize = qs.qCfg.HandSize - qCfg.RequestWaitLimit = qs.qCfg.RequestWaitLimit - } - - qs.qCfg = qCfg - qs.dCfg = dCfg - qs.dealer = dealer - qll := qCfg.QueueLengthLimit - if qll < 1 { - qll = 1 - } - if qCfg.DesiredNumQueues > 0 { - qll *= qCfg.DesiredNumQueues - } - qs.reqsGaugePair.RequestsWaiting.SetDenominator(float64(qll)) - qs.reqsGaugePair.RequestsExecuting.SetDenominator(float64(dCfg.ConcurrencyLimit)) - qs.execSeatsGauge.SetDenominator(float64(dCfg.ConcurrencyLimit)) - - qs.dispatchAsMuchAsPossibleLocked() -} - -// A decision about a request -type requestDecision int - -// Values passed through a request's decision -const ( - // Serve this one - decisionExecute requestDecision = iota - - // Reject this one due to APF queuing considerations - decisionReject - - // This one's context timed out / was canceled - decisionCancel -) - -// StartRequest begins the process of handling a request. We take the -// approach of updating the metrics about total requests queued and -// executing at each point where there is a change in that quantity, -// because the metrics --- and only the metrics --- track that -// quantity per FlowSchema. -// The queueSet's promiseFactory is invoked once if the returned Request is non-nil, -// not invoked if the Request is nil. -func (qs *queueSet) StartRequest(ctx context.Context, workEstimate *fqrequest.WorkEstimate, hashValue uint64, flowDistinguisher, fsName string, descr1, descr2 interface{}, queueNoteFn fq.QueueNoteFn) (fq.Request, bool) { - qs.lockAndSyncTime(ctx) - defer qs.lock.Unlock() - var req *request - - // ======================================================================== - // Step 0: - // Apply only concurrency limit, if zero queues desired - if qs.qCfg.DesiredNumQueues < 1 { - if !qs.canAccommodateSeatsLocked(workEstimate.MaxSeats()) { - klog.V(5).Infof("QS(%s): rejecting request %q %#+v %#+v because %d seats are asked for, %d seats are in use (%d are executing) and the limit is %d", - qs.qCfg.Name, fsName, descr1, descr2, workEstimate, qs.totSeatsInUse, qs.totRequestsExecuting, qs.dCfg.ConcurrencyLimit) - metrics.AddReject(ctx, qs.qCfg.Name, fsName, "concurrency-limit") - return nil, qs.isIdleLocked() - } - req = qs.dispatchSansQueueLocked(ctx, workEstimate, flowDistinguisher, fsName, descr1, descr2) - return req, false - } - - // ======================================================================== - // Step 1: - // 1) Start with shuffle sharding, to pick a queue. - // 2) Reject old requests that have been waiting too long - // 3) Reject current request if there is not enough concurrency shares and - // we are at max queue length - // 4) If not rejected, create a request and enqueue - req = qs.timeoutOldRequestsAndRejectOrEnqueueLocked(ctx, workEstimate, hashValue, flowDistinguisher, fsName, descr1, descr2, queueNoteFn) - // req == nil means that the request was rejected - no remaining - // concurrency shares and at max queue length already - if req == nil { - klog.V(5).Infof("QS(%s): rejecting request %q %#+v %#+v due to queue full", qs.qCfg.Name, fsName, descr1, descr2) - metrics.AddReject(ctx, qs.qCfg.Name, fsName, "queue-full") - return nil, qs.isIdleLocked() - } - - // ======================================================================== - // Step 2: - // The next step is to invoke the method that dequeues as much - // as possible. - // This method runs a loop, as long as there are non-empty - // queues and the number currently executing is less than the - // assured concurrency value. The body of the loop uses the - // fair queuing technique to pick a queue and dispatch a - // request from that queue. - qs.dispatchAsMuchAsPossibleLocked() - - return req, false -} - -// ordinaryPromiseFactoryFactory is the promiseFactoryFactory that -// a queueSetFactory would ordinarily use. -// Test code might use something different. -func ordinaryPromiseFactoryFactory(qs *queueSet) promiseFactory { - return promise.NewWriteOnce -} - -// MaxSeats returns the maximum number of seats this request requires, it is -// the maxumum of the two - WorkEstimate.InitialSeats, WorkEstimate.FinalSeats. -func (req *request) MaxSeats() int { - return req.workEstimate.MaxSeats() -} - -func (req *request) InitialSeats() int { - return int(req.workEstimate.InitialSeats) -} - -func (req *request) NoteQueued(inQueue bool) { - if req.queueNoteFn != nil { - req.queueNoteFn(inQueue) - } -} - -func (req *request) Finish(execFn func()) bool { - exec, idle := req.wait() - if !exec { - return idle - } - func() { - defer func() { - idle = req.qs.finishRequestAndDispatchAsMuchAsPossible(req) - }() - - execFn() - }() - - return idle -} - -func (req *request) wait() (bool, bool) { - qs := req.qs - - // ======================================================================== - // Step 3: - // The final step is to wait on a decision from - // somewhere and then act on it. - decisionAny := req.decision.Get() - qs.lockAndSyncTime(req.ctx) - defer qs.lock.Unlock() - if req.waitStarted { - // This can not happen, because the client is forbidden to - // call Wait twice on the same request - klog.Errorf("Duplicate call to the Wait method! Immediately returning execute=false. QueueSet=%s, startTime=%s, descr1=%#+v, descr2=%#+v", req.qs.qCfg.Name, req.startTime, req.descr1, req.descr2) - return false, qs.isIdleLocked() - } - req.waitStarted = true - switch decisionAny { - case decisionReject: - klog.V(5).Infof("QS(%s): request %#+v %#+v timed out after being enqueued\n", qs.qCfg.Name, req.descr1, req.descr2) - metrics.AddReject(req.ctx, qs.qCfg.Name, req.fsName, "time-out") - return false, qs.isIdleLocked() - case decisionCancel: - case decisionExecute: - klog.V(5).Infof("QS(%s): Dispatching request %#+v %#+v from its queue", qs.qCfg.Name, req.descr1, req.descr2) - return true, false - default: - // This can not happen, all possible values are handled above - klog.Errorf("QS(%s): Impossible decision (type %T, value %#+v) for request %#+v %#+v! Treating as cancel", qs.qCfg.Name, decisionAny, decisionAny, req.descr1, req.descr2) - } - // TODO(aaron-prindle) add metrics for this case - klog.V(5).Infof("QS(%s): Ejecting request %#+v %#+v from its queue", qs.qCfg.Name, req.descr1, req.descr2) - // remove the request from the queue as it has timed out - queue := req.queue - if req.removeFromQueueLocked() != nil { - defer qs.boundNextDispatchLocked(queue) - qs.totRequestsWaiting-- - qs.totSeatsWaiting -= req.MaxSeats() - metrics.AddReject(req.ctx, qs.qCfg.Name, req.fsName, "cancelled") - metrics.AddRequestsInQueues(req.ctx, qs.qCfg.Name, req.fsName, -1) - req.NoteQueued(false) - qs.reqsGaugePair.RequestsWaiting.Add(-1) - qs.seatDemandIntegrator.Set(float64(qs.totSeatsInUse + qs.totSeatsWaiting)) - } - return false, qs.isIdleLocked() -} - -func (qs *queueSet) IsIdle() bool { - qs.lock.Lock() - defer qs.lock.Unlock() - return qs.isIdleLocked() -} - -func (qs *queueSet) isIdleLocked() bool { - return qs.totRequestsWaiting == 0 && qs.totRequestsExecuting == 0 -} - -// lockAndSyncTime acquires the lock and updates the virtual time. -// Doing them together avoids the mistake of modifying some queue state -// before calling syncTimeLocked. -func (qs *queueSet) lockAndSyncTime(ctx context.Context) { - qs.lock.Lock() - qs.syncTimeLocked(ctx) -} - -// syncTimeLocked updates the virtual time based on the assumption -// that the current state of the queues has been in effect since -// `qs.lastRealTime`. Thus, it should be invoked after acquiring the -// lock and before modifying the state of any queue. -func (qs *queueSet) syncTimeLocked(ctx context.Context) { - realNow := qs.clock.Now() - timeSinceLast := realNow.Sub(qs.lastRealTime) - qs.lastRealTime = realNow - prevR := qs.currentR - incrR := fqrequest.SeatsTimesDuration(qs.getVirtualTimeRatioLocked(), timeSinceLast) - qs.currentR = prevR + incrR - switch { - case prevR > qs.currentR: - klog.ErrorS(errors.New("queueset::currentR overflow"), "Overflow", "QS", qs.qCfg.Name, "when", realNow.Format(nsTimeFmt), "prevR", prevR, "incrR", incrR, "currentR", qs.currentR) - case qs.currentR >= highR: - qs.advanceEpoch(ctx, realNow, incrR) - } - metrics.SetCurrentR(qs.qCfg.Name, qs.currentR.ToFloat()) -} - -// rDecrement is the amount by which the progress meter R is wound backwards -// when needed to avoid overflow. -const rDecrement = fqrequest.MaxSeatSeconds / 2 - -// highR is the threshold that triggers advance of the epoch. -// That is, decrementing the global progress meter R by rDecrement. -const highR = rDecrement + rDecrement/2 - -// advanceEpoch subtracts rDecrement from the global progress meter R -// and all the readings that have been taked from that meter. -// The now and incrR parameters are only used to add info to the log messages. -func (qs *queueSet) advanceEpoch(ctx context.Context, now time.Time, incrR fqrequest.SeatSeconds) { - oldR := qs.currentR - qs.currentR -= rDecrement - klog.InfoS("Advancing epoch", "QS", qs.qCfg.Name, "when", now.Format(nsTimeFmt), "oldR", oldR, "newR", qs.currentR, "incrR", incrR) - success := true - for qIdx, queue := range qs.queues { - if queue.requests.Length() == 0 && queue.requestsExecuting == 0 { - // Do not just decrement, the value could be quite outdated. - // It is safe to reset to zero in this case, because the next request - // will overwrite the zero with `qs.currentR`. - queue.nextDispatchR = 0 - continue - } - oldNextDispatchR := queue.nextDispatchR - queue.nextDispatchR -= rDecrement - if queue.nextDispatchR > oldNextDispatchR { - klog.ErrorS(errors.New("queue::nextDispatchR underflow"), "Underflow", "QS", qs.qCfg.Name, "queue", qIdx, "oldNextDispatchR", oldNextDispatchR, "newNextDispatchR", queue.nextDispatchR, "incrR", incrR) - success = false - } - queue.requests.Walk(func(req *request) bool { - oldArrivalR := req.arrivalR - req.arrivalR -= rDecrement - if req.arrivalR > oldArrivalR { - klog.ErrorS(errors.New("request::arrivalR underflow"), "Underflow", "QS", qs.qCfg.Name, "queue", qIdx, "request", *req, "oldArrivalR", oldArrivalR, "incrR", incrR) - success = false - } - return true - }) - } - metrics.AddEpochAdvance(ctx, qs.qCfg.Name, success) -} - -// getVirtualTimeRatio calculates the rate at which virtual time has -// been advancing, according to the logic in `doc.go`. -func (qs *queueSet) getVirtualTimeRatioLocked() float64 { - activeQueues := 0 - seatsRequested := 0 - for _, queue := range qs.queues { - // here we want the sum of the maximum width of the requests in this queue since our - // goal is to find the maximum rate at which the queue could work. - seatsRequested += (queue.seatsInUse + queue.requests.QueueSum().MaxSeatsSum) - if queue.requests.Length() > 0 || queue.requestsExecuting > 0 { - activeQueues++ - } - } - if activeQueues == 0 { - return 0 - } - return math.Min(float64(seatsRequested), float64(qs.dCfg.ConcurrencyLimit)) / float64(activeQueues) -} - -// timeoutOldRequestsAndRejectOrEnqueueLocked encapsulates the logic required -// to validate and enqueue a request for the queueSet/QueueSet: -// 1) Start with shuffle sharding, to pick a queue. -// 2) Reject old requests that have been waiting too long -// 3) Reject current request if there is not enough concurrency shares and -// we are at max queue length -// 4) If not rejected, create a request and enqueue -// returns the enqueud request on a successful enqueue -// returns nil in the case that there is no available concurrency or -// the queuelengthlimit has been reached -func (qs *queueSet) timeoutOldRequestsAndRejectOrEnqueueLocked(ctx context.Context, workEstimate *fqrequest.WorkEstimate, hashValue uint64, flowDistinguisher, fsName string, descr1, descr2 interface{}, queueNoteFn fq.QueueNoteFn) *request { - // Start with the shuffle sharding, to pick a queue. - queueIdx := qs.shuffleShardLocked(hashValue, descr1, descr2) - queue := qs.queues[queueIdx] - // The next step is the logic to reject requests that have been waiting too long - qs.removeTimedOutRequestsFromQueueToBoundLocked(queue, fsName) - // NOTE: currently timeout is only checked for each new request. This means that there can be - // requests that are in the queue longer than the timeout if there are no new requests - // We prefer the simplicity over the promptness, at least for now. - - defer qs.boundNextDispatchLocked(queue) - - // Create a request and enqueue - req := &request{ - qs: qs, - fsName: fsName, - flowDistinguisher: flowDistinguisher, - ctx: ctx, - decision: qs.promiseFactory(nil, ctx.Done(), decisionCancel), - arrivalTime: qs.clock.Now(), - arrivalR: qs.currentR, - queue: queue, - descr1: descr1, - descr2: descr2, - queueNoteFn: queueNoteFn, - workEstimate: qs.completeWorkEstimate(workEstimate), - } - if ok := qs.rejectOrEnqueueToBoundLocked(req); !ok { - return nil - } - metrics.ObserveQueueLength(ctx, qs.qCfg.Name, fsName, queue.requests.Length()) - return req -} - -// shuffleShardLocked uses shuffle sharding to select a queue index -// using the given hashValue and the shuffle sharding parameters of the queueSet. -func (qs *queueSet) shuffleShardLocked(hashValue uint64, descr1, descr2 interface{}) int { - var backHand [8]int - // Deal into a data structure, so that the order of visit below is not necessarily the order of the deal. - // This removes bias in the case of flows with overlapping hands. - hand := qs.dealer.DealIntoHand(hashValue, backHand[:]) - handSize := len(hand) - offset := qs.enqueues % handSize - qs.enqueues++ - bestQueueIdx := -1 - minQueueSeatSeconds := fqrequest.MaxSeatSeconds - for i := 0; i < handSize; i++ { - queueIdx := hand[(offset+i)%handSize] - queue := qs.queues[queueIdx] - queueSum := queue.requests.QueueSum() - - // this is the total amount of work in seat-seconds for requests - // waiting in this queue, we will select the queue with the minimum. - thisQueueSeatSeconds := queueSum.TotalWorkSum - klog.V(7).Infof("QS(%s): For request %#+v %#+v considering queue %d with sum: %#v and %d seats in use, nextDispatchR=%v", qs.qCfg.Name, descr1, descr2, queueIdx, queueSum, queue.seatsInUse, queue.nextDispatchR) - if thisQueueSeatSeconds < minQueueSeatSeconds { - minQueueSeatSeconds = thisQueueSeatSeconds - bestQueueIdx = queueIdx - } - } - if klogV := klog.V(6); klogV.Enabled() { - chosenQueue := qs.queues[bestQueueIdx] - klogV.Infof("QS(%s) at t=%s R=%v: For request %#+v %#+v chose queue %d, with sum: %#v & %d seats in use & nextDispatchR=%v", qs.qCfg.Name, qs.clock.Now().Format(nsTimeFmt), qs.currentR, descr1, descr2, bestQueueIdx, chosenQueue.requests.QueueSum(), chosenQueue.seatsInUse, chosenQueue.nextDispatchR) - } - return bestQueueIdx -} - -// removeTimedOutRequestsFromQueueToBoundLocked rejects old requests that have been enqueued -// past the requestWaitLimit -func (qs *queueSet) removeTimedOutRequestsFromQueueToBoundLocked(queue *queue, fsName string) { - timeoutCount := 0 - disqueueSeats := 0 - now := qs.clock.Now() - reqs := queue.requests - // reqs are sorted oldest -> newest - // can short circuit loop (break) if oldest requests are not timing out - // as newer requests also will not have timed out - - // now - requestWaitLimit = arrivalLimit - arrivalLimit := now.Add(-qs.qCfg.RequestWaitLimit) - reqs.Walk(func(req *request) bool { - if arrivalLimit.After(req.arrivalTime) { - if req.decision.Set(decisionReject) && req.removeFromQueueLocked() != nil { - timeoutCount++ - disqueueSeats += req.MaxSeats() - req.NoteQueued(false) - metrics.AddRequestsInQueues(req.ctx, qs.qCfg.Name, req.fsName, -1) - } - // we need to check if the next request has timed out. - return true - } - // since reqs are sorted oldest -> newest, we are done here. - return false - }) - - // remove timed out requests from queue - if timeoutCount > 0 { - qs.totRequestsWaiting -= timeoutCount - qs.totSeatsWaiting -= disqueueSeats - qs.reqsGaugePair.RequestsWaiting.Add(float64(-timeoutCount)) - qs.seatDemandIntegrator.Set(float64(qs.totSeatsInUse + qs.totSeatsWaiting)) - } -} - -// rejectOrEnqueueToBoundLocked rejects or enqueues the newly arrived -// request, which has been assigned to a queue. If up against the -// queue length limit and the concurrency limit then returns false. -// Otherwise enqueues and returns true. -func (qs *queueSet) rejectOrEnqueueToBoundLocked(request *request) bool { - queue := request.queue - curQueueLength := queue.requests.Length() - // rejects the newly arrived request if resource criteria not met - if qs.totSeatsInUse >= qs.dCfg.ConcurrencyLimit && - curQueueLength >= qs.qCfg.QueueLengthLimit { - return false - } - - qs.enqueueToBoundLocked(request) - return true -} - -// enqueues a request into its queue. -func (qs *queueSet) enqueueToBoundLocked(request *request) { - queue := request.queue - now := qs.clock.Now() - if queue.requests.Length() == 0 && queue.requestsExecuting == 0 { - // the queue’s start R is set to the virtual time. - queue.nextDispatchR = qs.currentR - klogV := klog.V(6) - if klogV.Enabled() { - klogV.Infof("QS(%s) at t=%s R=%v: initialized queue %d start R due to request %#+v %#+v", qs.qCfg.Name, now.Format(nsTimeFmt), queue.nextDispatchR, queue.index, request.descr1, request.descr2) - } - } - request.removeFromQueueLocked = queue.requests.Enqueue(request) - qs.totRequestsWaiting++ - qs.totSeatsWaiting += request.MaxSeats() - metrics.AddRequestsInQueues(request.ctx, qs.qCfg.Name, request.fsName, 1) - request.NoteQueued(true) - qs.reqsGaugePair.RequestsWaiting.Add(1) - qs.seatDemandIntegrator.Set(float64(qs.totSeatsInUse + qs.totSeatsWaiting)) -} - -// dispatchAsMuchAsPossibleLocked does as many dispatches as possible now. -func (qs *queueSet) dispatchAsMuchAsPossibleLocked() { - for qs.totRequestsWaiting != 0 && qs.totSeatsInUse < qs.dCfg.ConcurrencyLimit && qs.dispatchLocked() { - } -} - -func (qs *queueSet) dispatchSansQueueLocked(ctx context.Context, workEstimate *fqrequest.WorkEstimate, flowDistinguisher, fsName string, descr1, descr2 interface{}) *request { - // does not call metrics.SetDispatchMetrics because there is no queuing and thus no interesting virtual world - now := qs.clock.Now() - req := &request{ - qs: qs, - fsName: fsName, - flowDistinguisher: flowDistinguisher, - ctx: ctx, - startTime: now, - decision: qs.promiseFactory(decisionExecute, ctx.Done(), decisionCancel), - arrivalTime: now, - arrivalR: qs.currentR, - descr1: descr1, - descr2: descr2, - workEstimate: qs.completeWorkEstimate(workEstimate), - } - qs.totRequestsExecuting++ - qs.totSeatsInUse += req.MaxSeats() - metrics.AddRequestsExecuting(ctx, qs.qCfg.Name, fsName, 1) - metrics.AddRequestConcurrencyInUse(qs.qCfg.Name, fsName, req.MaxSeats()) - qs.reqsGaugePair.RequestsExecuting.Add(1) - qs.execSeatsGauge.Add(float64(req.MaxSeats())) - qs.seatDemandIntegrator.Set(float64(qs.totSeatsInUse + qs.totSeatsWaiting)) - klogV := klog.V(5) - if klogV.Enabled() { - klogV.Infof("QS(%s) at t=%s R=%v: immediate dispatch of request %q %#+v %#+v, qs will have %d executing", qs.qCfg.Name, now.Format(nsTimeFmt), qs.currentR, fsName, descr1, descr2, qs.totRequestsExecuting) - } - return req -} - -// dispatchLocked uses the Fair Queuing for Server Requests method to -// select a queue and dispatch the oldest request in that queue. The -// return value indicates whether a request was dequeued; this will -// be false when either all queues are empty or the request at the head -// of the next queue cannot be dispatched. -func (qs *queueSet) dispatchLocked() bool { - queue, request := qs.findDispatchQueueToBoundLocked() - if queue == nil { - return false - } - if request == nil { // This should never happen. But if it does... - return false - } - qs.totRequestsWaiting-- - qs.totSeatsWaiting -= request.MaxSeats() - metrics.AddRequestsInQueues(request.ctx, qs.qCfg.Name, request.fsName, -1) - request.NoteQueued(false) - qs.reqsGaugePair.RequestsWaiting.Add(-1) - defer qs.boundNextDispatchLocked(queue) - if !request.decision.Set(decisionExecute) { - qs.seatDemandIntegrator.Set(float64(qs.totSeatsInUse + qs.totSeatsWaiting)) - return true - } - request.startTime = qs.clock.Now() - // At this moment the request leaves its queue and starts - // executing. We do not recognize any interim state between - // "queued" and "executing". While that means "executing" - // includes a little overhead from this package, this is not a - // problem because other overhead is also included. - qs.totRequestsExecuting++ - qs.totSeatsInUse += request.MaxSeats() - queue.requestsExecuting++ - queue.seatsInUse += request.MaxSeats() - metrics.AddRequestsExecuting(request.ctx, qs.qCfg.Name, request.fsName, 1) - metrics.AddRequestConcurrencyInUse(qs.qCfg.Name, request.fsName, request.MaxSeats()) - qs.reqsGaugePair.RequestsExecuting.Add(1) - qs.execSeatsGauge.Add(float64(request.MaxSeats())) - qs.seatDemandIntegrator.Set(float64(qs.totSeatsInUse + qs.totSeatsWaiting)) - klogV := klog.V(6) - if klogV.Enabled() { - klogV.Infof("QS(%s) at t=%s R=%v: dispatching request %#+v %#+v work %v from queue %d with start R %v, queue will have %d waiting & %d requests occupying %d seats, set will have %d seats occupied", - qs.qCfg.Name, request.startTime.Format(nsTimeFmt), qs.currentR, request.descr1, request.descr2, - request.workEstimate, queue.index, queue.nextDispatchR, queue.requests.Length(), queue.requestsExecuting, queue.seatsInUse, qs.totSeatsInUse) - } - // When a request is dequeued for service -> qs.virtualStart += G * width - if request.totalWork() > rDecrement/100 { // A single increment should never be so big - klog.Errorf("QS(%s) at t=%s R=%v: dispatching request %#+v %#+v with implausibly high work %v from queue %d with start R %v", - qs.qCfg.Name, request.startTime.Format(nsTimeFmt), qs.currentR, request.descr1, request.descr2, - request.workEstimate, queue.index, queue.nextDispatchR) - } - queue.nextDispatchR += request.totalWork() - return true -} - -// canAccommodateSeatsLocked returns true if this queueSet has enough -// seats available to accommodate a request with the given number of seats, -// otherwise it returns false. -func (qs *queueSet) canAccommodateSeatsLocked(seats int) bool { - switch { - case seats > qs.dCfg.ConcurrencyLimit: - // we have picked the queue with the minimum virtual finish time, but - // the number of seats this request asks for exceeds the concurrency limit. - // TODO: this is a quick fix for now, once we have borrowing in place we will not need it - if qs.totRequestsExecuting == 0 { - // TODO: apply additional lateny associated with this request, as described in the KEP - return true - } - // wait for all "currently" executing requests in this queueSet - // to finish before we can execute this request. - return false - case qs.totSeatsInUse+seats > qs.dCfg.ConcurrencyLimit: - return false - } - - return true -} - -// findDispatchQueueToBoundLocked examines the queues in round robin order and -// returns the first one of those for which the virtual finish time of -// the oldest waiting request is minimal, and also returns that request. -// Returns nils if the head of the selected queue can not be dispatched now, -// in which case the caller does not need to follow up with`qs.boundNextDispatchLocked`. -func (qs *queueSet) findDispatchQueueToBoundLocked() (*queue, *request) { - minVirtualFinish := fqrequest.MaxSeatSeconds - sMin := fqrequest.MaxSeatSeconds - dsMin := fqrequest.MaxSeatSeconds - sMax := fqrequest.MinSeatSeconds - dsMax := fqrequest.MinSeatSeconds - var minQueue *queue - var minIndex int - nq := len(qs.queues) - for range qs.queues { - qs.robinIndex = (qs.robinIndex + 1) % nq - queue := qs.queues[qs.robinIndex] - oldestWaiting, _ := queue.requests.Peek() - if oldestWaiting != nil { - sMin = ssMin(sMin, queue.nextDispatchR) - sMax = ssMax(sMax, queue.nextDispatchR) - estimatedWorkInProgress := fqrequest.SeatsTimesDuration(float64(queue.seatsInUse), qs.estimatedServiceDuration) - dsMin = ssMin(dsMin, queue.nextDispatchR-estimatedWorkInProgress) - dsMax = ssMax(dsMax, queue.nextDispatchR-estimatedWorkInProgress) - currentVirtualFinish := queue.nextDispatchR + oldestWaiting.totalWork() - klog.V(11).InfoS("Considering queue to dispatch", "queueSet", qs.qCfg.Name, "queue", qs.robinIndex, "finishR", currentVirtualFinish) - if currentVirtualFinish < minVirtualFinish { - minVirtualFinish = currentVirtualFinish - minQueue = queue - minIndex = qs.robinIndex - } - } - } - - oldestReqFromMinQueue, _ := minQueue.requests.Peek() - if oldestReqFromMinQueue == nil { - // This cannot happen - klog.ErrorS(errors.New("selected queue is empty"), "Impossible", "queueSet", qs.qCfg.Name) - return nil, nil - } - if !qs.canAccommodateSeatsLocked(oldestReqFromMinQueue.MaxSeats()) { - // since we have not picked the queue with the minimum virtual finish - // time, we are not going to advance the round robin index here. - klogV := klog.V(4) - if klogV.Enabled() { - klogV.Infof("QS(%s): request %v %v seats %d cannot be dispatched from queue %d, waiting for currently executing requests to complete, %d requests are occupying %d seats and the limit is %d", - qs.qCfg.Name, oldestReqFromMinQueue.descr1, oldestReqFromMinQueue.descr2, oldestReqFromMinQueue.MaxSeats(), minQueue.index, qs.totRequestsExecuting, qs.totSeatsInUse, qs.dCfg.ConcurrencyLimit) - } - metrics.AddDispatchWithNoAccommodation(qs.qCfg.Name, oldestReqFromMinQueue.fsName) - return nil, nil - } - oldestReqFromMinQueue.removeFromQueueLocked() - - // If the requested final seats exceed capacity of that queue, - // we reduce them to current capacity and adjust additional latency - // to preserve the total amount of work. - if oldestReqFromMinQueue.workEstimate.FinalSeats > uint64(qs.dCfg.ConcurrencyLimit) { - finalSeats := uint64(qs.dCfg.ConcurrencyLimit) - additionalLatency := oldestReqFromMinQueue.workEstimate.finalWork.DurationPerSeat(float64(finalSeats)) - oldestReqFromMinQueue.workEstimate.FinalSeats = finalSeats - oldestReqFromMinQueue.workEstimate.AdditionalLatency = additionalLatency - } - - // we set the round robin indexing to start at the chose queue - // for the next round. This way the non-selected queues - // win in the case that the virtual finish times are the same - qs.robinIndex = minIndex - - if minQueue.nextDispatchR < oldestReqFromMinQueue.arrivalR { - klog.ErrorS(errors.New("dispatch before arrival"), "Inconceivable!", "QS", qs.qCfg.Name, "queue", minQueue.index, "dispatchR", minQueue.nextDispatchR, "request", oldestReqFromMinQueue) - } - metrics.SetDispatchMetrics(qs.qCfg.Name, qs.currentR.ToFloat(), minQueue.nextDispatchR.ToFloat(), sMin.ToFloat(), sMax.ToFloat(), dsMin.ToFloat(), dsMax.ToFloat()) - return minQueue, oldestReqFromMinQueue -} - -func ssMin(a, b fqrequest.SeatSeconds) fqrequest.SeatSeconds { - if a > b { - return b - } - return a -} - -func ssMax(a, b fqrequest.SeatSeconds) fqrequest.SeatSeconds { - if a < b { - return b - } - return a -} - -// finishRequestAndDispatchAsMuchAsPossible is a convenience method -// which calls finishRequest for a given request and then dispatches -// as many requests as possible. This is all of what needs to be done -// once a request finishes execution or is canceled. This returns a bool -// indicating whether the QueueSet is now idle. -func (qs *queueSet) finishRequestAndDispatchAsMuchAsPossible(req *request) bool { - qs.lockAndSyncTime(req.ctx) - defer qs.lock.Unlock() - - qs.finishRequestLocked(req) - qs.dispatchAsMuchAsPossibleLocked() - return qs.isIdleLocked() -} - -// finishRequestLocked is a callback that should be used when a -// previously dispatched request has completed it's service. This -// callback updates important state in the queueSet -func (qs *queueSet) finishRequestLocked(r *request) { - now := qs.clock.Now() - qs.totRequestsExecuting-- - metrics.AddRequestsExecuting(r.ctx, qs.qCfg.Name, r.fsName, -1) - qs.reqsGaugePair.RequestsExecuting.Add(-1) - - actualServiceDuration := now.Sub(r.startTime) - - // TODO: for now we keep the logic localized so it is easier to see - // how the counters are tracked for queueset and queue, in future we - // can refactor to move this function. - releaseSeatsLocked := func() { - defer qs.removeQueueIfEmptyLocked(r) - - qs.totSeatsInUse -= r.MaxSeats() - metrics.AddRequestConcurrencyInUse(qs.qCfg.Name, r.fsName, -r.MaxSeats()) - qs.execSeatsGauge.Add(-float64(r.MaxSeats())) - qs.seatDemandIntegrator.Set(float64(qs.totSeatsInUse + qs.totSeatsWaiting)) - if r.queue != nil { - r.queue.seatsInUse -= r.MaxSeats() - } - } - - defer func() { - klogV := klog.V(6) - if r.workEstimate.AdditionalLatency <= 0 { - // release the seats allocated to this request immediately - releaseSeatsLocked() - if !klogV.Enabled() { - } else if r.queue != nil { - klogV.Infof("QS(%s) at t=%s R=%v: request %#+v %#+v finished all use of %d seats, adjusted queue %d start R to %v due to service time %.9fs, queue will have %d requests with %#v waiting & %d requests occupying %d seats", - qs.qCfg.Name, now.Format(nsTimeFmt), qs.currentR, r.descr1, r.descr2, r.workEstimate.MaxSeats(), r.queue.index, - r.queue.nextDispatchR, actualServiceDuration.Seconds(), r.queue.requests.Length(), r.queue.requests.QueueSum(), r.queue.requestsExecuting, r.queue.seatsInUse) - } else { - klogV.Infof("QS(%s) at t=%s R=%v: request %#+v %#+v finished all use of %d seats, qs will have %d requests occupying %d seats", qs.qCfg.Name, now.Format(nsTimeFmt), qs.currentR, r.descr1, r.descr2, r.workEstimate.InitialSeats, qs.totRequestsExecuting, qs.totSeatsInUse) - } - return - } - - additionalLatency := r.workEstimate.AdditionalLatency - if !klogV.Enabled() { - } else if r.queue != nil { - klogV.Infof("QS(%s) at t=%s R=%v: request %#+v %#+v finished main use of %d seats but lingering on %d seats for %v seconds, adjusted queue %d start R to %v due to service time %.9fs, queue will have %d requests with %#v waiting & %d requests occupying %d seats", - qs.qCfg.Name, now.Format(nsTimeFmt), qs.currentR, r.descr1, r.descr2, r.workEstimate.InitialSeats, r.workEstimate.FinalSeats, additionalLatency.Seconds(), r.queue.index, - r.queue.nextDispatchR, actualServiceDuration.Seconds(), r.queue.requests.Length(), r.queue.requests.QueueSum(), r.queue.requestsExecuting, r.queue.seatsInUse) - } else { - klogV.Infof("QS(%s) at t=%s R=%v: request %#+v %#+v finished main use of %d seats but lingering on %d seats for %v seconds, qs will have %d requests occupying %d seats", qs.qCfg.Name, now.Format(nsTimeFmt), qs.currentR, r.descr1, r.descr2, r.workEstimate.InitialSeats, r.workEstimate.FinalSeats, additionalLatency.Seconds(), qs.totRequestsExecuting, qs.totSeatsInUse) - } - // EventAfterDuration will execute the event func in a new goroutine, - // so the seats allocated to this request will be released after - // AdditionalLatency elapses, this ensures that the additional - // latency has no impact on the user experience. - qs.clock.EventAfterDuration(func(_ time.Time) { - qs.lockAndSyncTime(r.ctx) - defer qs.lock.Unlock() - now := qs.clock.Now() - releaseSeatsLocked() - if !klogV.Enabled() { - } else if r.queue != nil { - klogV.Infof("QS(%s) at t=%s R=%v: request %#+v %#+v finished lingering on %d seats, queue %d will have %d requests with %#v waiting & %d requests occupying %d seats", - qs.qCfg.Name, now.Format(nsTimeFmt), qs.currentR, r.descr1, r.descr2, r.workEstimate.FinalSeats, r.queue.index, - r.queue.requests.Length(), r.queue.requests.QueueSum(), r.queue.requestsExecuting, r.queue.seatsInUse) - } else { - klogV.Infof("QS(%s) at t=%s R=%v: request %#+v %#+v finished lingering on %d seats, qs will have %d requests occupying %d seats", qs.qCfg.Name, now.Format(nsTimeFmt), qs.currentR, r.descr1, r.descr2, r.workEstimate.FinalSeats, qs.totRequestsExecuting, qs.totSeatsInUse) - } - qs.dispatchAsMuchAsPossibleLocked() - }, additionalLatency) - }() - - if r.queue != nil { - // request has finished, remove from requests executing - r.queue.requestsExecuting-- - - // When a request finishes being served, and the actual service time was S, - // the queue’s start R is decremented by (G - S)*width. - r.queue.nextDispatchR -= fqrequest.SeatsTimesDuration(float64(r.InitialSeats()), qs.estimatedServiceDuration-actualServiceDuration) - qs.boundNextDispatchLocked(r.queue) - } -} - -// boundNextDispatchLocked applies the anti-windup hack. -// We need a hack because all non-empty queues are allocated the same -// number of seats. A queue that can not use all those seats and does -// not go empty accumulates a progresively earlier `virtualStart` compared -// to queues that are using more than they are allocated. -// The following hack addresses the first side of that inequity, -// by insisting that dispatch in the virtual world not precede arrival. -func (qs *queueSet) boundNextDispatchLocked(queue *queue) { - oldestReqFromMinQueue, _ := queue.requests.Peek() - if oldestReqFromMinQueue == nil { - return - } - var virtualStartBound = oldestReqFromMinQueue.arrivalR - if queue.nextDispatchR < virtualStartBound { - if klogV := klog.V(4); klogV.Enabled() { - klogV.InfoS("AntiWindup tweaked queue", "QS", qs.qCfg.Name, "queue", queue.index, "time", qs.clock.Now().Format(nsTimeFmt), "requestDescr1", oldestReqFromMinQueue.descr1, "requestDescr2", oldestReqFromMinQueue.descr2, "newVirtualStart", virtualStartBound, "deltaVirtualStart", (virtualStartBound - queue.nextDispatchR)) - } - queue.nextDispatchR = virtualStartBound - } -} - -func (qs *queueSet) removeQueueIfEmptyLocked(r *request) { - if r.queue == nil { - return - } - - // If there are more queues than desired and this one has no - // requests then remove it - if len(qs.queues) > qs.qCfg.DesiredNumQueues && - r.queue.requests.Length() == 0 && - r.queue.requestsExecuting == 0 { - qs.queues = removeQueueAndUpdateIndexes(qs.queues, r.queue.index) - - // decrement here to maintain the invariant that (qs.robinIndex+1) % numQueues - // is the index of the next queue after the one last dispatched from - if qs.robinIndex >= r.queue.index { - qs.robinIndex-- - } - } -} - -// removeQueueAndUpdateIndexes uses reslicing to remove an index from a slice -// and then updates the 'index' field of the queues to be correct -func removeQueueAndUpdateIndexes(queues []*queue, index int) []*queue { - keptQueues := append(queues[:index], queues[index+1:]...) - for i := index; i < len(keptQueues); i++ { - keptQueues[i].index-- - } - return keptQueues -} - -func (qs *queueSet) Dump(includeRequestDetails bool) debug.QueueSetDump { - qs.lock.Lock() - defer qs.lock.Unlock() - d := debug.QueueSetDump{ - Queues: make([]debug.QueueDump, len(qs.queues)), - Waiting: qs.totRequestsWaiting, - Executing: qs.totRequestsExecuting, - SeatsInUse: qs.totSeatsInUse, - SeatsWaiting: qs.totSeatsWaiting, - } - for i, q := range qs.queues { - d.Queues[i] = q.dumpLocked(includeRequestDetails) - } - return d -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/types.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/types.go deleted file mode 100644 index f1073b96b2..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/types.go +++ /dev/null @@ -1,183 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package queueset - -import ( - "context" - "time" - - genericrequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/util/flowcontrol/debug" - fq "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing" - "k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise" - fcrequest "k8s.io/apiserver/pkg/util/flowcontrol/request" -) - -// request is a temporary container for "requests" with additional -// tracking fields required for QueueSet functionality. -type request struct { - ctx context.Context - - qs *queueSet - - flowDistinguisher string - fsName string - - // The relevant queue. Is nil if this request did not go through - // a queue. - queue *queue - - // estimated amount of work of the request - workEstimate completedWorkEstimate - - // decision gets set to a `requestDecision` indicating what to do - // with this request. It gets set exactly once, when the request - // is removed from its queue. The value will be decisionReject, - // decisionCancel, or decisionExecute. - // - // decision.Set is called with the queueSet locked. - // decision.Get is called without the queueSet locked. - decision promise.WriteOnce - - // arrivalTime is the real time when the request entered this system - arrivalTime time.Time - - // descr1 and descr2 are not used in any logic but they appear in - // log messages - descr1, descr2 interface{} - - queueNoteFn fq.QueueNoteFn - - // The preceding fields are filled in at creation and not modified since; - // the following fields may be modified later and must only be accessed while - // holding the queueSet's lock. - - // Removes this request from its queue. If the request is not put into a - // a queue it will be nil. - removeFromQueueLocked removeFromFIFOFunc - - // arrivalR is R(arrivalTime). R is, confusingly, also called "virtual time". - // This field is meaningful only while the request is waiting in the virtual world. - arrivalR fcrequest.SeatSeconds - - // startTime is the real time when the request began executing - startTime time.Time - - // Indicates whether client has called Request::Wait() - waitStarted bool -} - -type completedWorkEstimate struct { - fcrequest.WorkEstimate - totalWork fcrequest.SeatSeconds // initial plus final work - finalWork fcrequest.SeatSeconds // only final work -} - -// queue is a sequence of requests that have arrived but not yet finished -// execution in both the real and virtual worlds. -type queue struct { - // The requests not yet executing in the real world are stored in a FIFO list. - requests fifo - - // nextDispatchR is the R progress meter reading at - // which the next request will be dispatched in the virtual world. - nextDispatchR fcrequest.SeatSeconds - - // requestsExecuting is the count in the real world. - requestsExecuting int - - // index is the position of this queue among those in its queueSet. - index int - - // seatsInUse is the total number of "seats" currently occupied - // by all the requests that are currently executing in this queue. - seatsInUse int -} - -// queueSum tracks the sum of initial seats, max seats, and -// totalWork from all requests in a given queue -type queueSum struct { - // InitialSeatsSum is the sum of InitialSeats - // associated with all requests in a given queue. - InitialSeatsSum int - - // MaxSeatsSum is the sum of MaxSeats - // associated with all requests in a given queue. - MaxSeatsSum int - - // TotalWorkSum is the sum of totalWork of the waiting requests - TotalWorkSum fcrequest.SeatSeconds -} - -func (req *request) totalWork() fcrequest.SeatSeconds { - return req.workEstimate.totalWork -} - -func (qs *queueSet) completeWorkEstimate(we *fcrequest.WorkEstimate) completedWorkEstimate { - finalWork := qs.computeFinalWork(we) - return completedWorkEstimate{ - WorkEstimate: *we, - totalWork: qs.computeInitialWork(we) + finalWork, - finalWork: finalWork, - } -} - -func (qs *queueSet) computeInitialWork(we *fcrequest.WorkEstimate) fcrequest.SeatSeconds { - return fcrequest.SeatsTimesDuration(float64(we.InitialSeats), qs.estimatedServiceDuration) -} - -func (qs *queueSet) computeFinalWork(we *fcrequest.WorkEstimate) fcrequest.SeatSeconds { - return fcrequest.SeatsTimesDuration(float64(we.FinalSeats), we.AdditionalLatency) -} - -func (q *queue) dumpLocked(includeDetails bool) debug.QueueDump { - digest := make([]debug.RequestDump, q.requests.Length()) - i := 0 - q.requests.Walk(func(r *request) bool { - // dump requests. - digest[i].MatchedFlowSchema = r.fsName - digest[i].FlowDistinguisher = r.flowDistinguisher - digest[i].ArriveTime = r.arrivalTime - digest[i].StartTime = r.startTime - digest[i].WorkEstimate = r.workEstimate.WorkEstimate - if includeDetails { - userInfo, _ := genericrequest.UserFrom(r.ctx) - digest[i].UserName = userInfo.GetName() - requestInfo, ok := genericrequest.RequestInfoFrom(r.ctx) - if ok { - digest[i].RequestInfo = *requestInfo - } - } - i++ - return true - }) - - sum := q.requests.QueueSum() - queueSum := debug.QueueSum{ - InitialSeatsSum: sum.InitialSeatsSum, - MaxSeatsSum: sum.MaxSeatsSum, - TotalWorkSum: sum.TotalWorkSum.String(), - } - - return debug.QueueDump{ - NextDispatchR: q.nextDispatchR.String(), - Requests: digest, - ExecutingRequests: q.requestsExecuting, - SeatsInUse: q.seatsInUse, - QueueSum: queueSum, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/format/formatting.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/format/formatting.go deleted file mode 100644 index 4944423738..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/format/formatting.go +++ /dev/null @@ -1,231 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package format - -import ( - "bytes" - "encoding/json" - "fmt" - - flowcontrol "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/endpoints/request" -) - -// This file provides an easy way to mark a value for formatting to -// `%s` in full detail IF it is printed but without costing a lot of -// CPU or memory if the value is NOT printed. The API Priority and -// Fairness API objects are formatted into JSON. The other types of -// objects here are formatted into golang source. - -// Stringer marks the given value for custom formatting by this package. -type Stringer struct{ val interface{} } - -// Fmt marks the given value for custom formatting by this package. -func Fmt(val interface{}) Stringer { - return Stringer{val} -} - -// String formats to a string in full detail -func (sr Stringer) String() string { - if sr.val == nil { - return "nil" - } - switch typed := sr.val.(type) { - case *flowcontrol.FlowSchema, - flowcontrol.FlowSchema, - flowcontrol.FlowSchemaSpec, - flowcontrol.FlowDistinguisherMethod, - *flowcontrol.FlowDistinguisherMethod, - *flowcontrol.PolicyRulesWithSubjects, - flowcontrol.PolicyRulesWithSubjects, - flowcontrol.Subject, - flowcontrol.ResourcePolicyRule, - flowcontrol.NonResourcePolicyRule, - flowcontrol.FlowSchemaCondition, - *flowcontrol.PriorityLevelConfiguration, - flowcontrol.PriorityLevelConfiguration, - flowcontrol.PriorityLevelConfigurationSpec, - *flowcontrol.LimitedPriorityLevelConfiguration, - flowcontrol.LimitedPriorityLevelConfiguration, - flowcontrol.LimitResponse, - *flowcontrol.QueuingConfiguration, - flowcontrol.QueuingConfiguration: - return ToJSON(sr.val) - case []user.Info: - return FmtUsers(typed) - case []*request.RequestInfo: - return FmtRequests(typed) - default: - return fmt.Sprintf("%#+v", sr.val) - } -} - -// ToJSON converts using encoding/json and handles errors by -// formatting them -func ToJSON(val interface{}) string { - bs, err := json.Marshal(val) - str := string(bs) - if err != nil { - str = str + "<" + err.Error() + ">" - } - return str -} - -// FmtPriorityLevelConfiguration returns a golang source expression -// equivalent to the given value -func FmtPriorityLevelConfiguration(pl *flowcontrol.PriorityLevelConfiguration) string { - if pl == nil { - return "nil" - } - var buf bytes.Buffer - buf.WriteString(fmt.Sprintf("&flowcontrolv1beta3.PriorityLevelConfiguration{ObjectMeta: %#+v, Spec: ", - pl.ObjectMeta)) - BufferPriorityLevelConfigurationSpec(&buf, &pl.Spec) - buf.WriteString(fmt.Sprintf(", Status: %#+v}", pl.Status)) - return buf.String() -} - -// FmtPriorityLevelConfigurationSpec returns a golang source -// expression equivalent to the given value -func FmtPriorityLevelConfigurationSpec(plSpec *flowcontrol.PriorityLevelConfigurationSpec) string { - var buf bytes.Buffer - BufferPriorityLevelConfigurationSpec(&buf, plSpec) - return buf.String() -} - -// BufferPriorityLevelConfigurationSpec writes a golang source -// expression for the given value to the given buffer -func BufferPriorityLevelConfigurationSpec(buf *bytes.Buffer, plSpec *flowcontrol.PriorityLevelConfigurationSpec) { - buf.WriteString(fmt.Sprintf("flowcontrolv1beta3.PriorityLevelConfigurationSpec{Type: %#v", plSpec.Type)) - if plSpec.Limited != nil { - buf.WriteString(fmt.Sprintf(", Limited: &flowcontrol.LimitedPriorityLevelConfiguration{NominalConcurrencyShares:%d, LimitResponse:flowcontrol.LimitResponse{Type:%#v", plSpec.Limited.NominalConcurrencyShares, plSpec.Limited.LimitResponse.Type)) - if plSpec.Limited.LimitResponse.Queuing != nil { - buf.WriteString(fmt.Sprintf(", Queuing:&%#+v", *plSpec.Limited.LimitResponse.Queuing)) - } - buf.WriteString(" } }") - } - buf.WriteString("}") -} - -// FmtFlowSchema produces a golang source expression of the value. -func FmtFlowSchema(fs *flowcontrol.FlowSchema) string { - if fs == nil { - return "nil" - } - var buf bytes.Buffer - buf.WriteString(fmt.Sprintf("&flowcontrolv1beta3.FlowSchema{ObjectMeta: %#+v, Spec: ", - fs.ObjectMeta)) - BufferFlowSchemaSpec(&buf, &fs.Spec) - buf.WriteString(fmt.Sprintf(", Status: %#+v}", fs.Status)) - return buf.String() -} - -// FmtFlowSchemaSpec produces a golang source expression equivalent to -// the given spec -func FmtFlowSchemaSpec(fsSpec *flowcontrol.FlowSchemaSpec) string { - var buf bytes.Buffer - BufferFlowSchemaSpec(&buf, fsSpec) - return buf.String() -} - -// BufferFlowSchemaSpec writes a golang source expression for the -// given value to the given buffer -func BufferFlowSchemaSpec(buf *bytes.Buffer, fsSpec *flowcontrol.FlowSchemaSpec) { - buf.WriteString(fmt.Sprintf("flowcontrolv1beta3.FlowSchemaSpec{PriorityLevelConfiguration: %#+v, MatchingPrecedence: %d, DistinguisherMethod: ", - fsSpec.PriorityLevelConfiguration, - fsSpec.MatchingPrecedence)) - if fsSpec.DistinguisherMethod == nil { - buf.WriteString("nil") - } else { - buf.WriteString(fmt.Sprintf("&%#+v", *fsSpec.DistinguisherMethod)) - } - buf.WriteString(", Rules: []flowcontrol.PolicyRulesWithSubjects{") - for idx, rule := range fsSpec.Rules { - if idx > 0 { - buf.WriteString(", ") - } - BufferFmtPolicyRulesWithSubjectsSlim(buf, rule) - } - buf.WriteString("}}") -} - -// FmtPolicyRulesWithSubjects produces a golang source expression of the value. -func FmtPolicyRulesWithSubjects(rule flowcontrol.PolicyRulesWithSubjects) string { - return "flowcontrolv1beta3.PolicyRulesWithSubjects" + FmtPolicyRulesWithSubjectsSlim(rule) -} - -// FmtPolicyRulesWithSubjectsSlim produces a golang source expression -// of the value but without the leading type name. See above for an -// example context where this is useful. -func FmtPolicyRulesWithSubjectsSlim(rule flowcontrol.PolicyRulesWithSubjects) string { - var buf bytes.Buffer - BufferFmtPolicyRulesWithSubjectsSlim(&buf, rule) - return buf.String() -} - -// BufferFmtPolicyRulesWithSubjectsSlim writes a golang source -// expression for the given value to the given buffer but excludes the -// leading type name -func BufferFmtPolicyRulesWithSubjectsSlim(buf *bytes.Buffer, rule flowcontrol.PolicyRulesWithSubjects) { - buf.WriteString("{Subjects: []flowcontrolv1beta3.Subject{") - for jdx, subj := range rule.Subjects { - if jdx > 0 { - buf.WriteString(", ") - } - buf.WriteString(fmt.Sprintf("{Kind: %q", subj.Kind)) - if subj.User != nil { - buf.WriteString(fmt.Sprintf(", User: &%#+v", *subj.User)) - } - if subj.Group != nil { - buf.WriteString(fmt.Sprintf(", Group: &%#+v", *subj.Group)) - } - if subj.ServiceAccount != nil { - buf.WriteString(fmt.Sprintf(", ServiceAccount: &%#+v", *subj.ServiceAccount)) - } - buf.WriteString("}") - } - buf.WriteString(fmt.Sprintf("}, ResourceRules: %#+v, NonResourceRules: %#+v}", rule.ResourceRules, rule.NonResourceRules)) -} - -// FmtUsers produces a golang source expression of the value. -func FmtUsers(list []user.Info) string { - var buf bytes.Buffer - buf.WriteString("[]user.Info{") - for idx, member := range list { - if idx > 0 { - buf.WriteString(", ") - } - buf.WriteString(fmt.Sprintf("%#+v", member)) - } - buf.WriteString("}") - return buf.String() -} - -// FmtRequests produces a golang source expression of the value. -func FmtRequests(list []*request.RequestInfo) string { - var buf bytes.Buffer - buf.WriteString("[]*request.RequestInfo{") - for idx, member := range list { - if idx > 0 { - buf.WriteString(", ") - } - buf.WriteString(fmt.Sprintf("%#+v", member)) - } - buf.WriteString("}") - return buf.String() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/formatting.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/formatting.go deleted file mode 100644 index 5b5b367bd9..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/formatting.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "fmt" - - fcfmt "k8s.io/apiserver/pkg/util/flowcontrol/format" -) - -var _ fmt.GoStringer = RequestDigest{} - -// GoString produces a golang source expression of the value. -func (rd RequestDigest) GoString() string { - return fmt.Sprintf("RequestDigest{RequestInfo: %#+v, User: %#+v}", rd.RequestInfo, rd.User) -} - -var _ fmt.GoStringer = (*priorityLevelState)(nil) - -// GoString produces a golang source expression of the value. -func (pls *priorityLevelState) GoString() string { - if pls == nil { - return "nil" - } - return fmt.Sprintf("&priorityLevelState{pl:%s, qsCompleter:%#+v, queues:%#+v, quiescing:%#v, numPending:%d}", fcfmt.Fmt(pls.pl), pls.qsCompleter, pls.queues, pls.quiescing, pls.numPending) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/interface.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/interface.go deleted file mode 100644 index 1f33f02b07..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/interface.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -// Gauge is the methods of a gauge that are used by instrumented code. -type Gauge interface { - Set(float64) - Inc() - Dec() - Add(float64) - SetToCurrentTime() -} - -// RatioedGauge tracks ratios. -// The numerator is set/changed through the Gauge methods, -// and the denominator can be updated through the SetDenominator method. -// A ratio is tracked whenever the numerator or denominator is set/changed. -type RatioedGauge interface { - Gauge - - // SetDenominator sets the denominator to use until it is changed again - SetDenominator(float64) -} - -// RatioedGaugeVec creates related observers that are -// differentiated by a series of label values -type RatioedGaugeVec interface { - // NewForLabelValuesSafe makes a new vector member for the given tuple of label values, - // initialized with the given numerator and denominator. - // Unlike the usual Vec WithLabelValues method, this is intended to be called only - // once per vector member (at the start of its lifecycle). - // The "Safe" part is saying that the returned object will function properly after metric registration - // even if this method is called before registration. - NewForLabelValuesSafe(initialNumerator, initialDenominator float64, labelValues []string) RatioedGauge -} - -//////////////////////////////// Pairs //////////////////////////////// -// -// API Priority and Fairness tends to use RatioedGaugeVec members in pairs, -// one for requests waiting in a queue and one for requests being executed. -// The following definitions are a convenience layer that adds support for that -// particular pattern of usage. - -// RatioedGaugePair is a corresponding pair of gauges, one for the -// number of requests waiting in queue(s) and one for the number of -// requests being executed. -type RatioedGaugePair struct { - // RequestsWaiting is given observations of the number of currently queued requests - RequestsWaiting RatioedGauge - - // RequestsExecuting is given observations of the number of requests currently executing - RequestsExecuting RatioedGauge -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/metrics.go deleted file mode 100644 index 7cb05df6c8..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/metrics.go +++ /dev/null @@ -1,600 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "context" - "strconv" - "strings" - "sync" - "time" - - epmetrics "k8s.io/apiserver/pkg/endpoints/metrics" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - compbasemetrics "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" - basemetricstestutil "k8s.io/component-base/metrics/testutil" -) - -const ( - namespace = "apiserver" - subsystem = "flowcontrol" -) - -const ( - requestKind = "request_kind" - priorityLevel = "priority_level" - flowSchema = "flow_schema" - phase = "phase" - LabelNamePhase = "phase" - LabelValueWaiting = "waiting" - LabelValueExecuting = "executing" -) - -var ( - queueLengthBuckets = []float64{0, 10, 25, 50, 100, 250, 500, 1000} - requestDurationSecondsBuckets = []float64{0, 0.005, 0.02, 0.05, 0.1, 0.2, 0.5, 1, 2, 5, 10, 30} -) - -var registerMetrics sync.Once - -// Register all metrics. -func Register() { - registerMetrics.Do(func() { - for _, metric := range metrics { - legacyregistry.MustRegister(metric) - } - }) -} - -type resettable interface { - Reset() -} - -// Reset all resettable metrics to zero -func Reset() { - for _, metric := range metrics { - if rm, ok := metric.(resettable); ok { - rm.Reset() - } - } -} - -// GatherAndCompare the given metrics with the given Prometheus syntax expected value -func GatherAndCompare(expected string, metricNames ...string) error { - return basemetricstestutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(expected), metricNames...) -} - -// Registerables is a slice of Registerable -type Registerables []compbasemetrics.Registerable - -// Append adds more -func (rs Registerables) Append(more ...compbasemetrics.Registerable) Registerables { - return append(rs, more...) -} - -var ( - apiserverRejectedRequestsTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "rejected_requests_total", - Help: "Number of requests rejected by API Priority and Fairness subsystem", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema, "reason"}, - ) - apiserverDispatchedRequestsTotal = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "dispatched_requests_total", - Help: "Number of requests executed by API Priority and Fairness subsystem", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - // PriorityLevelExecutionSeatsGaugeVec creates observers of seats occupied throughout execution for priority levels - PriorityLevelExecutionSeatsGaugeVec = NewTimingRatioHistogramVec( - &compbasemetrics.TimingHistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "priority_level_seat_utilization", - Help: "Observations, at the end of every nanosecond, of utilization of seats for any stage of execution (but only initial stage for WATCHes)", - // Buckets for both 0.99 and 1.0 mean PromQL's histogram_quantile will reveal saturation - Buckets: []float64{0, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.95, 0.99, 1}, - ConstLabels: map[string]string{phase: "executing"}, - StabilityLevel: compbasemetrics.ALPHA, - }, - priorityLevel, - ) - // PriorityLevelConcurrencyGaugeVec creates gauges of concurrency broken down by phase, priority level - PriorityLevelConcurrencyGaugeVec = NewTimingRatioHistogramVec( - &compbasemetrics.TimingHistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "priority_level_request_utilization", - Help: "Observations, at the end of every nanosecond, of number of requests (as a fraction of the relevant limit) waiting or in any stage of execution (but only initial stage for WATCHes)", - // For executing: the denominator will be seats, so this metric will skew low. - // For waiting: total queue capacity is generally quite generous, so this metric will skew low. - Buckets: []float64{0, 0.001, 0.003, 0.01, 0.03, 0.1, 0.25, 0.5, 0.75, 1}, - StabilityLevel: compbasemetrics.ALPHA, - }, - LabelNamePhase, priorityLevel, - ) - // readWriteConcurrencyGaugeVec creates ratioed gauges of requests/limit broken down by phase and mutating vs readonly - readWriteConcurrencyGaugeVec = NewTimingRatioHistogramVec( - &compbasemetrics.TimingHistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "read_vs_write_current_requests", - Help: "Observations, at the end of every nanosecond, of the number of requests (as a fraction of the relevant limit) waiting or in regular stage of execution", - // This metric will skew low for the same reason as the priority level metrics - // and also because APF has a combined limit for mutating and readonly. - Buckets: []float64{0, 0.001, 0.01, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.95, 0.99, 1}, - StabilityLevel: compbasemetrics.ALPHA, - }, - LabelNamePhase, requestKind, - ) - apiserverCurrentR = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "current_r", - Help: "R(time of last change)", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverDispatchR = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "dispatch_r", - Help: "R(time of last dispatch)", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverLatestS = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "latest_s", - Help: "S(most recently dispatched request)", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverNextSBounds = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "next_s_bounds", - Help: "min and max, over queues, of S(oldest waiting request in queue)", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, "bound"}, - ) - apiserverNextDiscountedSBounds = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "next_discounted_s_bounds", - Help: "min and max, over queues, of S(oldest waiting request in queue) - estimated work in progress", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, "bound"}, - ) - apiserverCurrentInqueueRequests = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "current_inqueue_requests", - Help: "Number of requests currently pending in queues of the API Priority and Fairness subsystem", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - apiserverRequestQueueLength = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "request_queue_length_after_enqueue", - Help: "Length of queue in the API Priority and Fairness subsystem, as seen by each request after it is enqueued", - Buckets: queueLengthBuckets, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - apiserverRequestConcurrencyLimit = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "request_concurrency_limit", - Help: "Shared concurrency limit in the API Priority and Fairness subsystem", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverCurrentExecutingRequests = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "current_executing_requests", - Help: "Number of requests in initial (for a WATCH) or any (for a non-WATCH) execution stage in the API Priority and Fairness subsystem", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - apiserverRequestConcurrencyInUse = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "request_concurrency_in_use", - Help: "Concurrency (number of seats) occupied by the currently executing (initial stage for a WATCH, any stage otherwise) requests in the API Priority and Fairness subsystem", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - apiserverRequestWaitingSeconds = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "request_wait_duration_seconds", - Help: "Length of time a request spent waiting in its queue", - Buckets: requestDurationSecondsBuckets, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema, "execute"}, - ) - apiserverRequestExecutionSeconds = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "request_execution_seconds", - Help: "Duration of initial stage (for a WATCH) or any (for a non-WATCH) stage of request execution in the API Priority and Fairness subsystem", - Buckets: requestDurationSecondsBuckets, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema, "type"}, - ) - watchCountSamples = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "watch_count_samples", - Help: "count of watchers for mutating requests in API Priority and Fairness", - Buckets: []float64{0, 1, 10, 100, 1000, 10000}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - apiserverEpochAdvances = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "epoch_advance_total", - Help: "Number of times the queueset's progress meter jumped backward", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, "success"}, - ) - apiserverWorkEstimatedSeats = compbasemetrics.NewHistogramVec( - &compbasemetrics.HistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "work_estimated_seats", - Help: "Number of estimated seats (maximum of initial and final seats) associated with requests in API Priority and Fairness", - // the upper bound comes from the maximum number of seats a request - // can occupy which is currently set at 10. - Buckets: []float64{1, 2, 4, 10}, - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - apiserverDispatchWithNoAccommodation = compbasemetrics.NewCounterVec( - &compbasemetrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "request_dispatch_no_accommodation_total", - Help: "Number of times a dispatch attempt resulted in a non accommodation due to lack of available seats", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel, flowSchema}, - ) - apiserverNominalConcurrencyLimits = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "nominal_limit_seats", - Help: "Nominal number of execution seats configured for each priority level", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverMinimumConcurrencyLimits = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "lower_limit_seats", - Help: "Configured lower bound on number of execution seats available to each priority level", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverMaximumConcurrencyLimits = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "upper_limit_seats", - Help: "Configured upper bound on number of execution seats available to each priority level", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - ApiserverSeatDemands = NewTimingRatioHistogramVec( - &compbasemetrics.TimingHistogramOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "demand_seats", - Help: "Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)", - // Rationale for the bucket boundaries: - // For 0--1, evenly spaced and not too many; - // For 1--2, roughly powers of sqrt(sqrt(2)); - // For 2--6, roughly powers of sqrt(2); - // We need coverage over 1, but do not want too many buckets. - Buckets: []float64{0.2, 0.4, 0.6, 0.8, 1, 1.2, 1.4, 1.7, 2, 2.8, 4, 6}, - StabilityLevel: compbasemetrics.ALPHA, - }, - priorityLevel, - ) - apiserverSeatDemandHighWatermarks = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "demand_seats_high_watermark", - Help: "High watermark, over last adjustment period, of demand_seats", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverSeatDemandAverages = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "demand_seats_average", - Help: "Time-weighted average, over last adjustment period, of demand_seats", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverSeatDemandStandardDeviations = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "demand_seats_stdev", - Help: "Time-weighted standard deviation, over last adjustment period, of demand_seats", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverSeatDemandSmootheds = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "demand_seats_smoothed", - Help: "Smoothed seat demands", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverSeatDemandTargets = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "target_seats", - Help: "Seat allocation targets", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - apiserverFairFracs = compbasemetrics.NewGauge( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "seat_fair_frac", - Help: "Fair fraction of server's concurrency to allocate to each priority level that can use it", - StabilityLevel: compbasemetrics.ALPHA, - }) - apiserverCurrentConcurrencyLimits = compbasemetrics.NewGaugeVec( - &compbasemetrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "current_limit_seats", - Help: "current derived number of execution seats available to each priority level", - StabilityLevel: compbasemetrics.ALPHA, - }, - []string{priorityLevel}, - ) - - metrics = Registerables{ - apiserverRejectedRequestsTotal, - apiserverDispatchedRequestsTotal, - apiserverCurrentR, - apiserverDispatchR, - apiserverLatestS, - apiserverNextSBounds, - apiserverNextDiscountedSBounds, - apiserverCurrentInqueueRequests, - apiserverRequestQueueLength, - apiserverRequestConcurrencyLimit, - apiserverRequestConcurrencyInUse, - apiserverCurrentExecutingRequests, - apiserverRequestWaitingSeconds, - apiserverRequestExecutionSeconds, - watchCountSamples, - apiserverEpochAdvances, - apiserverWorkEstimatedSeats, - apiserverDispatchWithNoAccommodation, - apiserverNominalConcurrencyLimits, - apiserverMinimumConcurrencyLimits, - apiserverMaximumConcurrencyLimits, - apiserverSeatDemandHighWatermarks, - apiserverSeatDemandAverages, - apiserverSeatDemandStandardDeviations, - apiserverSeatDemandSmootheds, - apiserverSeatDemandTargets, - apiserverFairFracs, - apiserverCurrentConcurrencyLimits, - }. - Append(PriorityLevelExecutionSeatsGaugeVec.metrics()...). - Append(PriorityLevelConcurrencyGaugeVec.metrics()...). - Append(readWriteConcurrencyGaugeVec.metrics()...). - Append(ApiserverSeatDemands.metrics()...) -) - -type indexOnce struct { - labelValues []string - once sync.Once - gauge RatioedGauge -} - -func (io *indexOnce) getGauge() RatioedGauge { - io.once.Do(func() { - io.gauge = readWriteConcurrencyGaugeVec.NewForLabelValuesSafe(0, 1, io.labelValues) - }) - return io.gauge -} - -var waitingReadonly = indexOnce{labelValues: []string{LabelValueWaiting, epmetrics.ReadOnlyKind}} -var executingReadonly = indexOnce{labelValues: []string{LabelValueExecuting, epmetrics.ReadOnlyKind}} -var waitingMutating = indexOnce{labelValues: []string{LabelValueWaiting, epmetrics.MutatingKind}} -var executingMutating = indexOnce{labelValues: []string{LabelValueExecuting, epmetrics.MutatingKind}} - -// GetWaitingReadonlyConcurrency returns the gauge of number of readonly requests waiting / limit on those. -var GetWaitingReadonlyConcurrency = waitingReadonly.getGauge - -// GetExecutingReadonlyConcurrency returns the gauge of number of executing readonly requests / limit on those. -var GetExecutingReadonlyConcurrency = executingReadonly.getGauge - -// GetWaitingMutatingConcurrency returns the gauge of number of mutating requests waiting / limit on those. -var GetWaitingMutatingConcurrency = waitingMutating.getGauge - -// GetExecutingMutatingConcurrency returns the gauge of number of executing mutating requests / limit on those. -var GetExecutingMutatingConcurrency = executingMutating.getGauge - -// AddRequestsInQueues adds the given delta to the gauge of the # of requests in the queues of the specified flowSchema and priorityLevel -func AddRequestsInQueues(ctx context.Context, priorityLevel, flowSchema string, delta int) { - apiserverCurrentInqueueRequests.WithLabelValues(priorityLevel, flowSchema).Add(float64(delta)) -} - -// AddRequestsExecuting adds the given delta to the gauge of executing requests of the given flowSchema and priorityLevel -func AddRequestsExecuting(ctx context.Context, priorityLevel, flowSchema string, delta int) { - apiserverCurrentExecutingRequests.WithLabelValues(priorityLevel, flowSchema).Add(float64(delta)) -} - -// SetCurrentR sets the current-R (virtualTime) gauge for the given priority level -func SetCurrentR(priorityLevel string, r float64) { - apiserverCurrentR.WithLabelValues(priorityLevel).Set(r) -} - -// SetLatestS sets the latest-S (virtual time of dispatched request) gauge for the given priority level -func SetDispatchMetrics(priorityLevel string, r, s, sMin, sMax, discountedSMin, discountedSMax float64) { - apiserverDispatchR.WithLabelValues(priorityLevel).Set(r) - apiserverLatestS.WithLabelValues(priorityLevel).Set(s) - apiserverNextSBounds.WithLabelValues(priorityLevel, "min").Set(sMin) - apiserverNextSBounds.WithLabelValues(priorityLevel, "max").Set(sMax) - apiserverNextDiscountedSBounds.WithLabelValues(priorityLevel, "min").Set(discountedSMin) - apiserverNextDiscountedSBounds.WithLabelValues(priorityLevel, "max").Set(discountedSMax) -} - -// AddRequestConcurrencyInUse adds the given delta to the gauge of concurrency in use by -// the currently executing requests of the given flowSchema and priorityLevel -func AddRequestConcurrencyInUse(priorityLevel, flowSchema string, delta int) { - apiserverRequestConcurrencyInUse.WithLabelValues(priorityLevel, flowSchema).Add(float64(delta)) -} - -// AddReject increments the # of rejected requests for flow control -func AddReject(ctx context.Context, priorityLevel, flowSchema, reason string) { - apiserverRejectedRequestsTotal.WithContext(ctx).WithLabelValues(priorityLevel, flowSchema, reason).Add(1) -} - -// AddDispatch increments the # of dispatched requests for flow control -func AddDispatch(ctx context.Context, priorityLevel, flowSchema string) { - apiserverDispatchedRequestsTotal.WithContext(ctx).WithLabelValues(priorityLevel, flowSchema).Add(1) -} - -// ObserveQueueLength observes the queue length for flow control -func ObserveQueueLength(ctx context.Context, priorityLevel, flowSchema string, length int) { - apiserverRequestQueueLength.WithContext(ctx).WithLabelValues(priorityLevel, flowSchema).Observe(float64(length)) -} - -// ObserveWaitingDuration observes the queue length for flow control -func ObserveWaitingDuration(ctx context.Context, priorityLevel, flowSchema, execute string, waitTime time.Duration) { - apiserverRequestWaitingSeconds.WithContext(ctx).WithLabelValues(priorityLevel, flowSchema, execute).Observe(waitTime.Seconds()) -} - -// ObserveExecutionDuration observes the execution duration for flow control -func ObserveExecutionDuration(ctx context.Context, priorityLevel, flowSchema string, executionTime time.Duration) { - reqType := "regular" - if requestInfo, ok := apirequest.RequestInfoFrom(ctx); ok && requestInfo.Verb == "watch" { - reqType = requestInfo.Verb - } - apiserverRequestExecutionSeconds.WithContext(ctx).WithLabelValues(priorityLevel, flowSchema, reqType).Observe(executionTime.Seconds()) -} - -// ObserveWatchCount notes a sampling of a watch count -func ObserveWatchCount(ctx context.Context, priorityLevel, flowSchema string, count int) { - watchCountSamples.WithLabelValues(priorityLevel, flowSchema).Observe(float64(count)) -} - -// AddEpochAdvance notes an advance of the progress meter baseline for a given priority level -func AddEpochAdvance(ctx context.Context, priorityLevel string, success bool) { - apiserverEpochAdvances.WithContext(ctx).WithLabelValues(priorityLevel, strconv.FormatBool(success)).Inc() -} - -// ObserveWorkEstimatedSeats notes a sampling of estimated seats associated with a request -func ObserveWorkEstimatedSeats(priorityLevel, flowSchema string, seats int) { - apiserverWorkEstimatedSeats.WithLabelValues(priorityLevel, flowSchema).Observe(float64(seats)) -} - -// AddDispatchWithNoAccommodation keeps track of number of times dispatch attempt results -// in a non accommodation due to lack of available seats. -func AddDispatchWithNoAccommodation(priorityLevel, flowSchema string) { - apiserverDispatchWithNoAccommodation.WithLabelValues(priorityLevel, flowSchema).Inc() -} - -func SetPriorityLevelConfiguration(priorityLevel string, nominalCL, minCL, maxCL int) { - apiserverRequestConcurrencyLimit.WithLabelValues(priorityLevel).Set(float64(nominalCL)) - apiserverNominalConcurrencyLimits.WithLabelValues(priorityLevel).Set(float64(nominalCL)) - apiserverMinimumConcurrencyLimits.WithLabelValues(priorityLevel).Set(float64(minCL)) - apiserverMaximumConcurrencyLimits.WithLabelValues(priorityLevel).Set(float64(maxCL)) -} - -func NotePriorityLevelConcurrencyAdjustment(priorityLevel string, seatDemandHWM, seatDemandAvg, seatDemandStdev, seatDemandSmoothed, seatDemandTarget float64, currentCL int) { - apiserverSeatDemandHighWatermarks.WithLabelValues(priorityLevel).Set(seatDemandHWM) - apiserverSeatDemandAverages.WithLabelValues(priorityLevel).Set(seatDemandAvg) - apiserverSeatDemandStandardDeviations.WithLabelValues(priorityLevel).Set(seatDemandStdev) - apiserverSeatDemandSmootheds.WithLabelValues(priorityLevel).Set(seatDemandSmoothed) - apiserverSeatDemandTargets.WithLabelValues(priorityLevel).Set(seatDemandTarget) - apiserverCurrentConcurrencyLimits.WithLabelValues(priorityLevel).Set(float64(currentCL)) -} - -func SetFairFrac(fairFrac float64) { - apiserverFairFracs.Set(fairFrac) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/timing_ratio_histogram.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/timing_ratio_histogram.go deleted file mode 100644 index cd32782a49..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/timing_ratio_histogram.go +++ /dev/null @@ -1,225 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "context" - "sync" - "time" - - compbasemetrics "k8s.io/component-base/metrics" - "k8s.io/klog/v2" -) - -// TimingRatioHistogram is essentially a gauge for a ratio where the client -// independently controls the numerator and denominator. -// When scraped it produces a histogram of samples of the ratio -// taken at the end of every nanosecond. -// `*TimingRatioHistogram` implements both Registerable and RatioedGauge. -type TimingRatioHistogram struct { - // The implementation is layered on TimingHistogram, - // adding the division by an occasionally adjusted denominator. - - // Registerable is the registerable aspect. - // That is the registerable aspect of the underlying TimingHistogram. - compbasemetrics.Registerable - - // timingRatioHistogramInner implements the RatioedGauge aspect. - timingRatioHistogramInner -} - -// TimingRatioHistogramOpts is the constructor parameters of a TimingRatioHistogram. -// The `TimingHistogramOpts.InitialValue` is the initial numerator. -type TimingRatioHistogramOpts struct { - compbasemetrics.TimingHistogramOpts - InitialDenominator float64 -} - -// timingRatioHistogramInner implements the instrumentation aspect -type timingRatioHistogramInner struct { - nowFunc func() time.Time - getGaugeOfRatio func() Gauge - sync.Mutex - // access only with mutex locked - numerator, denominator float64 -} - -var _ RatioedGauge = &timingRatioHistogramInner{} -var _ RatioedGauge = &TimingRatioHistogram{} -var _ compbasemetrics.Registerable = &TimingRatioHistogram{} - -// NewTimingHistogram returns an object which is TimingHistogram-like. However, nothing -// will be measured until the histogram is registered in at least one registry. -func NewTimingRatioHistogram(opts *TimingRatioHistogramOpts) *TimingRatioHistogram { - return NewTestableTimingRatioHistogram(time.Now, opts) -} - -// NewTestableTimingHistogram adds injection of the clock -func NewTestableTimingRatioHistogram(nowFunc func() time.Time, opts *TimingRatioHistogramOpts) *TimingRatioHistogram { - ratioedOpts := opts.TimingHistogramOpts - ratioedOpts.InitialValue /= opts.InitialDenominator - th := compbasemetrics.NewTestableTimingHistogram(nowFunc, &ratioedOpts) - return &TimingRatioHistogram{ - Registerable: th, - timingRatioHistogramInner: timingRatioHistogramInner{ - nowFunc: nowFunc, - getGaugeOfRatio: func() Gauge { return th }, - numerator: opts.InitialValue, - denominator: opts.InitialDenominator, - }} -} - -func (trh *timingRatioHistogramInner) Set(numerator float64) { - trh.Lock() - defer trh.Unlock() - trh.numerator = numerator - ratio := numerator / trh.denominator - trh.getGaugeOfRatio().Set(ratio) -} - -func (trh *timingRatioHistogramInner) Add(deltaNumerator float64) { - trh.Lock() - defer trh.Unlock() - numerator := trh.numerator + deltaNumerator - trh.numerator = numerator - ratio := numerator / trh.denominator - trh.getGaugeOfRatio().Set(ratio) -} - -func (trh *timingRatioHistogramInner) Sub(deltaNumerator float64) { - trh.Add(-deltaNumerator) -} - -func (trh *timingRatioHistogramInner) Inc() { - trh.Add(1) -} - -func (trh *timingRatioHistogramInner) Dec() { - trh.Add(-1) -} - -func (trh *timingRatioHistogramInner) SetToCurrentTime() { - trh.Set(float64(trh.nowFunc().Sub(time.Unix(0, 0)))) -} - -func (trh *timingRatioHistogramInner) SetDenominator(denominator float64) { - trh.Lock() - defer trh.Unlock() - trh.denominator = denominator - ratio := trh.numerator / denominator - trh.getGaugeOfRatio().Set(ratio) -} - -// WithContext allows the normal TimingHistogram metric to pass in context. -// The context is no-op at the current level of development. -func (trh *timingRatioHistogramInner) WithContext(ctx context.Context) RatioedGauge { - return trh -} - -// TimingRatioHistogramVec is a collection of TimingRatioHistograms that differ -// only in label values. -// `*TimingRatioHistogramVec` implements both Registerable and RatioedGaugeVec. -type TimingRatioHistogramVec struct { - // promote only the Registerable methods - compbasemetrics.Registerable - // delegate is TimingHistograms of the ratio - delegate compbasemetrics.GaugeVecMetric -} - -var _ RatioedGaugeVec = &TimingRatioHistogramVec{} -var _ compbasemetrics.Registerable = &TimingRatioHistogramVec{} - -// NewTimingHistogramVec constructs a new vector. -// `opts.InitialValue` is the initial ratio, but this applies -// only for the tiny period of time until NewForLabelValuesSafe sets -// the ratio based on the given initial numerator and denominator. -// Thus there is a tiny splinter of time during member construction when -// its underlying TimingHistogram is given the initial numerator rather than -// the initial ratio (which is obviously a non-issue when both are zero). -// Note the difficulties associated with extracting a member -// before registering the vector. -func NewTimingRatioHistogramVec(opts *compbasemetrics.TimingHistogramOpts, labelNames ...string) *TimingRatioHistogramVec { - return NewTestableTimingRatioHistogramVec(time.Now, opts, labelNames...) -} - -// NewTestableTimingHistogramVec adds injection of the clock. -func NewTestableTimingRatioHistogramVec(nowFunc func() time.Time, opts *compbasemetrics.TimingHistogramOpts, labelNames ...string) *TimingRatioHistogramVec { - delegate := compbasemetrics.NewTestableTimingHistogramVec(nowFunc, opts, labelNames) - return &TimingRatioHistogramVec{ - Registerable: delegate, - delegate: delegate, - } -} - -func (v *TimingRatioHistogramVec) metrics() Registerables { - return Registerables{v} -} - -// NewForLabelValuesChecked will return an error if this vec is not hidden and not yet registered -// or there is a syntactic problem with the labelValues. -func (v *TimingRatioHistogramVec) NewForLabelValuesChecked(initialNumerator, initialDenominator float64, labelValues []string) (RatioedGauge, error) { - underMember, err := v.delegate.WithLabelValuesChecked(labelValues...) - if err != nil { - return noopRatioed{}, err - } - underMember.Set(initialNumerator / initialDenominator) - return &timingRatioHistogramInner{ - getGaugeOfRatio: func() Gauge { return underMember }, - numerator: initialNumerator, - denominator: initialDenominator, - }, nil -} - -// NewForLabelValuesSafe is the same as NewForLabelValuesChecked in cases where that does not -// return an error. When the unsafe version returns an error due to the vector not being -// registered yet, the safe version returns an object that implements its methods -// by looking up the relevant vector member in each call (thus getting a non-noop after registration). -// In the other error cases the object returned here is a noop. -func (v *TimingRatioHistogramVec) NewForLabelValuesSafe(initialNumerator, initialDenominator float64, labelValues []string) RatioedGauge { - tro, err := v.NewForLabelValuesChecked(initialNumerator, initialDenominator, labelValues) - if err == nil { - klog.V(3).InfoS("TimingRatioHistogramVec.NewForLabelValuesSafe hit the efficient case", "fqName", v.FQName(), "labelValues", labelValues) - return tro - } - if !compbasemetrics.ErrIsNotRegistered(err) { - klog.ErrorS(err, "Failed to extract TimingRatioHistogramVec member, using noop instead", "vectorname", v.FQName(), "labelValues", labelValues) - return tro - } - klog.V(3).InfoS("TimingRatioHistogramVec.NewForLabelValuesSafe hit the inefficient case", "fqName", v.FQName(), "labelValues", labelValues) - // At this point we know v.NewForLabelValuesChecked(..) returns a permanent noop, - // which we precisely want to avoid using. Instead, make our own gauge that - // fetches the element on every Set. - return &timingRatioHistogramInner{ - getGaugeOfRatio: func() Gauge { return v.delegate.WithLabelValues(labelValues...) }, - numerator: initialNumerator, - denominator: initialDenominator, - } -} - -type noopRatioed struct{} - -func (noopRatioed) Set(float64) {} -func (noopRatioed) Add(float64) {} -func (noopRatioed) Sub(float64) {} -func (noopRatioed) Inc() {} -func (noopRatioed) Dec() {} -func (noopRatioed) SetToCurrentTime() {} -func (noopRatioed) SetDenominator(float64) {} - -func (v *TimingRatioHistogramVec) Reset() { - v.delegate.Reset() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/union_gauge.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/union_gauge.go deleted file mode 100644 index b01daaaaa5..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/union_gauge.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -type unionGauge []Gauge - -var _ Gauge = unionGauge(nil) - -// NewUnionGauge constructs a Gauge that delegates to all of the given Gauges -func NewUnionGauge(elts ...Gauge) Gauge { - return unionGauge(elts) -} - -func (ug unionGauge) Set(x float64) { - for _, gauge := range ug { - gauge.Set(x) - } -} - -func (ug unionGauge) Add(x float64) { - for _, gauge := range ug { - gauge.Add(x) - } -} - -func (ug unionGauge) Inc() { - for _, gauge := range ug { - gauge.Inc() - } -} - -func (ug unionGauge) Dec() { - for _, gauge := range ug { - gauge.Dec() - } -} - -func (ug unionGauge) SetToCurrentTime() { - for _, gauge := range ug { - gauge.SetToCurrentTime() - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/vec_element_pair.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/vec_element_pair.go deleted file mode 100644 index 6dcef12c2f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/metrics/vec_element_pair.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -// RatioedGaugeVecPhasedElementPair extracts a pair of elements that differ in handling phase -func RatioedGaugeVecPhasedElementPair(vec RatioedGaugeVec, initialWaitingDenominator, initialExecutingDenominator float64, labelValues []string) RatioedGaugePair { - return RatioedGaugePair{ - RequestsWaiting: vec.NewForLabelValuesSafe(0, initialWaitingDenominator, append([]string{LabelValueWaiting}, labelValues...)), - RequestsExecuting: vec.NewForLabelValuesSafe(0, initialExecutingDenominator, append([]string{LabelValueExecuting}, labelValues...)), - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/config.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/config.go deleted file mode 100644 index b6db19209b..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/config.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - minimumSeats = 1 - maximumSeats = 10 - objectsPerSeat = 100.0 - watchesPerSeat = 10.0 - enableMutatingWorkEstimator = true -) - -var eventAdditionalDuration = 5 * time.Millisecond - -// WorkEstimatorConfig holds work estimator parameters. -type WorkEstimatorConfig struct { - *ListWorkEstimatorConfig `json:"listWorkEstimatorConfig,omitempty"` - *MutatingWorkEstimatorConfig `json:"mutatingWorkEstimatorConfig,omitempty"` - - // MinimumSeats is the minimum number of seats a request must occupy. - MinimumSeats uint64 `json:"minimumSeats,omitempty"` - // MaximumSeats is the maximum number of seats a request can occupy - // - // NOTE: work_estimate_seats_samples metric uses the value of maximumSeats - // as the upper bound, so when we change maximumSeats we should also - // update the buckets of the metric. - MaximumSeats uint64 `json:"maximumSeats,omitempty"` -} - -// ListWorkEstimatorConfig holds work estimator parameters related to list requests. -type ListWorkEstimatorConfig struct { - ObjectsPerSeat float64 `json:"objectsPerSeat,omitempty"` -} - -// MutatingWorkEstimatorConfig holds work estimator -// parameters related to watches of mutating objects. -type MutatingWorkEstimatorConfig struct { - // TODO(wojtekt): Remove it once we tune the algorithm to not fail - // scalability tests. - Enabled bool `json:"enable,omitempty"` - EventAdditionalDuration metav1.Duration `json:"eventAdditionalDurationMs,omitempty"` - WatchesPerSeat float64 `json:"watchesPerSeat,omitempty"` -} - -// DefaultWorkEstimatorConfig creates a new WorkEstimatorConfig with default values. -func DefaultWorkEstimatorConfig() *WorkEstimatorConfig { - return &WorkEstimatorConfig{ - MinimumSeats: minimumSeats, - MaximumSeats: maximumSeats, - ListWorkEstimatorConfig: defaultListWorkEstimatorConfig(), - MutatingWorkEstimatorConfig: defaultMutatingWorkEstimatorConfig(), - } -} - -// defaultListWorkEstimatorConfig creates a new ListWorkEstimatorConfig with default values. -func defaultListWorkEstimatorConfig() *ListWorkEstimatorConfig { - return &ListWorkEstimatorConfig{ObjectsPerSeat: objectsPerSeat} -} - -// defaultMutatingWorkEstimatorConfig creates a new MutatingWorkEstimatorConfig with default values. -func defaultMutatingWorkEstimatorConfig() *MutatingWorkEstimatorConfig { - return &MutatingWorkEstimatorConfig{ - Enabled: enableMutatingWorkEstimator, - EventAdditionalDuration: metav1.Duration{Duration: eventAdditionalDuration}, - WatchesPerSeat: watchesPerSeat, - } -} - -// eventAdditionalDuration converts eventAdditionalDurationMs to a time.Duration type. -func (c *MutatingWorkEstimatorConfig) eventAdditionalDuration() time.Duration { - return c.EventAdditionalDuration.Duration -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/list_work_estimator.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/list_work_estimator.go deleted file mode 100644 index 75d70a0ad4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/list_work_estimator.go +++ /dev/null @@ -1,154 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "math" - "net/http" - "net/url" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/features" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/klog/v2" -) - -func newListWorkEstimator(countFn objectCountGetterFunc, config *WorkEstimatorConfig) WorkEstimatorFunc { - estimator := &listWorkEstimator{ - config: config, - countGetterFn: countFn, - } - return estimator.estimate -} - -type listWorkEstimator struct { - config *WorkEstimatorConfig - countGetterFn objectCountGetterFunc -} - -func (e *listWorkEstimator) estimate(r *http.Request, flowSchemaName, priorityLevelName string) WorkEstimate { - requestInfo, ok := apirequest.RequestInfoFrom(r.Context()) - if !ok { - // no RequestInfo should never happen, but to be on the safe side - // let's return maximumSeats - return WorkEstimate{InitialSeats: e.config.MaximumSeats} - } - - if requestInfo.Name != "" { - // Requests with metadata.name specified are usually executed as get - // requests in storage layer so their width should be 1. - // Example of such list requests: - // /apis/certificates.k8s.io/v1/certificatesigningrequests?fieldSelector=metadata.name%3Dcsr-xxs4m - // /api/v1/namespaces/test/configmaps?fieldSelector=metadata.name%3Dbig-deployment-1&limit=500&resourceVersion=0 - return WorkEstimate{InitialSeats: e.config.MinimumSeats} - } - - query := r.URL.Query() - listOptions := metav1.ListOptions{} - if err := metav1.Convert_url_Values_To_v1_ListOptions(&query, &listOptions, nil); err != nil { - klog.ErrorS(err, "Failed to convert options while estimating work for the list request") - - // This request is destined to fail in the validation layer, - // return maximumSeats for this request to be consistent. - return WorkEstimate{InitialSeats: e.config.MaximumSeats} - } - isListFromCache := !shouldListFromStorage(query, &listOptions) - - numStored, err := e.countGetterFn(key(requestInfo)) - switch { - case err == ObjectCountStaleErr: - // object count going stale is indicative of degradation, so we should - // be conservative here and allocate maximum seats to this list request. - // NOTE: if a CRD is removed, its count will go stale first and then the - // pruner will eventually remove the CRD from the cache. - return WorkEstimate{InitialSeats: e.config.MaximumSeats} - case err == ObjectCountNotFoundErr: - // there are multiple scenarios in which we can see this error: - // a. the type is truly unknown, a typo on the caller's part. - // b. the count has gone stale for too long and the pruner - // has removed the type from the cache. - // c. the type is an aggregated resource that is served by a - // different apiserver (thus its object count is not updated) - // we don't have a way to distinguish between those situations. - // However, in case c, the request is delegated to a different apiserver, - // and thus its cost for our server is minimal. To avoid the situation - // when aggregated API calls are overestimated, we allocate the minimum - // possible seats (see #109106 as an example when being more conservative - // led to problems). - return WorkEstimate{InitialSeats: e.config.MinimumSeats} - case err != nil: - // we should never be here since Get returns either ObjectCountStaleErr or - // ObjectCountNotFoundErr, return maximumSeats to be on the safe side. - klog.ErrorS(err, "Unexpected error from object count tracker") - return WorkEstimate{InitialSeats: e.config.MaximumSeats} - } - - limit := numStored - if utilfeature.DefaultFeatureGate.Enabled(features.APIListChunking) && listOptions.Limit > 0 && - listOptions.Limit < numStored { - limit = listOptions.Limit - } - - var estimatedObjectsToBeProcessed int64 - - switch { - case isListFromCache: - // TODO: For resources that implement indexes at the watchcache level, - // we need to adjust the cost accordingly - estimatedObjectsToBeProcessed = numStored - case listOptions.FieldSelector != "" || listOptions.LabelSelector != "": - estimatedObjectsToBeProcessed = numStored + limit - default: - estimatedObjectsToBeProcessed = 2 * limit - } - - // for now, our rough estimate is to allocate one seat to each 100 obejcts that - // will be processed by the list request. - // we will come up with a different formula for the transformation function and/or - // fine tune this number in future iteratons. - seats := uint64(math.Ceil(float64(estimatedObjectsToBeProcessed) / e.config.ObjectsPerSeat)) - - // make sure we never return a seat of zero - if seats < e.config.MinimumSeats { - seats = e.config.MinimumSeats - } - if seats > e.config.MaximumSeats { - seats = e.config.MaximumSeats - } - return WorkEstimate{InitialSeats: seats} -} - -func key(requestInfo *apirequest.RequestInfo) string { - groupResource := &schema.GroupResource{ - Group: requestInfo.APIGroup, - Resource: requestInfo.Resource, - } - return groupResource.String() -} - -// NOTICE: Keep in sync with shouldDelegateList function in -// -// staging/src/k8s.io/apiserver/pkg/storage/cacher/cacher.go -func shouldListFromStorage(query url.Values, opts *metav1.ListOptions) bool { - resourceVersion := opts.ResourceVersion - pagingEnabled := utilfeature.DefaultFeatureGate.Enabled(features.APIListChunking) - hasContinuation := pagingEnabled && len(opts.Continue) > 0 - hasLimit := pagingEnabled && opts.Limit > 0 && resourceVersion != "0" - return resourceVersion == "" || hasContinuation || hasLimit || opts.ResourceVersionMatch == metav1.ResourceVersionMatchExact -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/mutating_work_estimator.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/mutating_work_estimator.go deleted file mode 100644 index 305f8e1ebb..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/mutating_work_estimator.go +++ /dev/null @@ -1,149 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "math" - "net/http" - "time" - - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/util/flowcontrol/metrics" -) - -func newMutatingWorkEstimator(countFn watchCountGetterFunc, config *WorkEstimatorConfig) WorkEstimatorFunc { - estimator := &mutatingWorkEstimator{ - config: config, - countFn: countFn, - } - return estimator.estimate -} - -type mutatingWorkEstimator struct { - config *WorkEstimatorConfig - countFn watchCountGetterFunc -} - -func (e *mutatingWorkEstimator) estimate(r *http.Request, flowSchemaName, priorityLevelName string) WorkEstimate { - // TODO(wojtekt): Remove once we tune the algorithm to not fail - // scalability tests. - if !e.config.Enabled { - return WorkEstimate{ - InitialSeats: 1, - } - } - - requestInfo, ok := apirequest.RequestInfoFrom(r.Context()) - if !ok { - // no RequestInfo should never happen, but to be on the safe side - // let's return a large value. - return WorkEstimate{ - InitialSeats: 1, - FinalSeats: e.config.MaximumSeats, - AdditionalLatency: e.config.eventAdditionalDuration(), - } - } - - if isRequestExemptFromWatchEvents(requestInfo) { - return WorkEstimate{ - InitialSeats: e.config.MinimumSeats, - FinalSeats: 0, - AdditionalLatency: time.Duration(0), - } - } - - watchCount := e.countFn(requestInfo) - metrics.ObserveWatchCount(r.Context(), priorityLevelName, flowSchemaName, watchCount) - - // The cost of the request associated with the watchers of that event - // consists of three parts: - // - cost of going through the event change logic - // - cost of serialization of the event - // - cost of processing an event object for each watcher (e.g. filtering, - // sending data over network) - // We're starting simple to get some operational experience with it and - // we will work on tuning the algorithm later. Given that the actual work - // associated with processing watch events is happening in multiple - // goroutines (proportional to the number of watchers) that are all - // resumed at once, as a starting point we assume that each such goroutine - // is taking 1/Nth of a seat for M milliseconds. - // We allow the accounting of that work in P&F to be reshaped into another - // rectangle of equal area for practical reasons. - var finalSeats uint64 - var additionalLatency time.Duration - - // TODO: Make this unconditional after we tune the algorithm better. - // Technically, there is an overhead connected to processing an event after - // the request finishes even if there is a small number of watches. - // However, until we tune the estimation we want to stay on the safe side - // an avoid introducing additional latency for almost every single request. - if watchCount >= int(e.config.WatchesPerSeat) { - // TODO: As described in the KEP, we should take into account that not all - // events are equal and try to estimate the cost of a single event based on - // some historical data about size of events. - finalSeats = uint64(math.Ceil(float64(watchCount) / e.config.WatchesPerSeat)) - finalWork := SeatsTimesDuration(float64(finalSeats), e.config.eventAdditionalDuration()) - - // While processing individual events is highly parallel, - // the design/implementation of P&F has a couple limitations that - // make using this assumption in the P&F implementation very - // inefficient because: - // - we reserve max(initialSeats, finalSeats) for time of executing - // both phases of the request - // - even more importantly, when a given `wide` request is the one to - // be dispatched, we are not dispatching any other request until - // we accumulate enough seats to dispatch the nominated one, even - // if currently unoccupied seats would allow for dispatching some - // other requests in the meantime - // As a consequence of these, the wider the request, the more capacity - // will effectively be blocked and unused during dispatching and - // executing this request. - // - // To mitigate the impact of it, we're capping the maximum number of - // seats that can be assigned to a given request. Thanks to it: - // 1) we reduce the amount of seat-seconds that are "wasted" during - // dispatching and executing initial phase of the request - // 2) we are not changing the finalWork estimate - just potentially - // reshaping it to be narrower and longer. As long as the maximum - // seats setting will prevent dispatching too many requests at once - // to prevent overloading kube-apiserver (and/or etcd or the VM or - // a physical machine it is running on), we believe the relaxed - // version should be good enough to achieve the P&F goals. - // - // TODO: Confirm that the current cap of maximumSeats allow us to - // achieve the above. - if finalSeats > e.config.MaximumSeats { - finalSeats = e.config.MaximumSeats - } - additionalLatency = finalWork.DurationPerSeat(float64(finalSeats)) - } - - return WorkEstimate{ - InitialSeats: 1, - FinalSeats: finalSeats, - AdditionalLatency: additionalLatency, - } -} - -func isRequestExemptFromWatchEvents(requestInfo *apirequest.RequestInfo) bool { - // Creating token for service account does not produce any event, - // but still serviceaccounts can have multiple watchers. - if requestInfo.Resource == "serviceaccounts" && requestInfo.Subresource == "token" { - return true - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/object_count_tracker.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/object_count_tracker.go deleted file mode 100644 index 62a5e4f2d4..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/object_count_tracker.go +++ /dev/null @@ -1,169 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "errors" - "sync" - "time" - - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -const ( - // type deletion (it applies mostly to CRD) is not a very frequent - // operation so we can afford to prune the cache at a large interval. - // at the same time, we also want to make sure that the scalability - // tests hit this code path. - pruneInterval = 1 * time.Hour - - // the storage layer polls for object count at every 1m interval, we will allow - // up to 2-3 transient failures to get the latest count for a given resource. - staleTolerationThreshold = 3 * time.Minute -) - -var ( - // ObjectCountNotFoundErr is returned when the object count for - // a given resource is not being tracked. - ObjectCountNotFoundErr = errors.New("object count not found for the given resource") - - // ObjectCountStaleErr is returned when the object count for a - // given resource has gone stale due to transient failures. - ObjectCountStaleErr = errors.New("object count has gone stale for the given resource") -) - -// StorageObjectCountTracker is an interface that is used to keep track of -// of the total number of objects for each resource. -// {group}.{resource} is used as the key name to update and retrieve -// the total number of objects for a given resource. -type StorageObjectCountTracker interface { - // Set is invoked to update the current number of total - // objects for the given resource - Set(string, int64) - - // Get returns the total number of objects for the given resource. - // The following errors are returned: - // - if the count has gone stale for a given resource due to transient - // failures ObjectCountStaleErr is returned. - // - if the given resource is not being tracked then - // ObjectCountNotFoundErr is returned. - Get(string) (int64, error) - - // RunUntil starts all the necessary maintenance. - RunUntil(stopCh <-chan struct{}) -} - -// NewStorageObjectCountTracker returns an instance of -// StorageObjectCountTracker interface that can be used to -// keep track of the total number of objects for each resource. -func NewStorageObjectCountTracker() StorageObjectCountTracker { - return &objectCountTracker{ - clock: &clock.RealClock{}, - counts: map[string]*timestampedCount{}, - } -} - -// timestampedCount stores the count of a given resource with a last updated -// timestamp so we can prune it after it goes stale for certain threshold. -type timestampedCount struct { - count int64 - lastUpdatedAt time.Time -} - -// objectCountTracker implements StorageObjectCountTracker with -// reader/writer mutual exclusion lock. -type objectCountTracker struct { - clock clock.PassiveClock - - lock sync.RWMutex - counts map[string]*timestampedCount -} - -func (t *objectCountTracker) Set(groupResource string, count int64) { - if count <= -1 { - // a value of -1 indicates that the 'Count' call failed to contact - // the storage layer, in most cases this error can be transient. - // we will continue to work with the count that is in the cache - // up to a certain threshold defined by staleTolerationThreshold. - // in case this becomes a non transient error then the count for - // the given resource will will eventually be removed from - // the cache by the pruner. - return - } - - now := t.clock.Now() - - // lock for writing - t.lock.Lock() - defer t.lock.Unlock() - - if item, ok := t.counts[groupResource]; ok { - item.count = count - item.lastUpdatedAt = now - return - } - - t.counts[groupResource] = &timestampedCount{ - count: count, - lastUpdatedAt: now, - } -} - -func (t *objectCountTracker) Get(groupResource string) (int64, error) { - staleThreshold := t.clock.Now().Add(-staleTolerationThreshold) - - t.lock.RLock() - defer t.lock.RUnlock() - - if item, ok := t.counts[groupResource]; ok { - if item.lastUpdatedAt.Before(staleThreshold) { - return item.count, ObjectCountStaleErr - } - return item.count, nil - } - return 0, ObjectCountNotFoundErr -} - -// RunUntil runs all the necessary maintenance. -func (t *objectCountTracker) RunUntil(stopCh <-chan struct{}) { - wait.PollUntil( - pruneInterval, - func() (bool, error) { - // always prune at every pruneInterval - return false, t.prune(pruneInterval) - }, stopCh) - klog.InfoS("StorageObjectCountTracker pruner is exiting") -} - -func (t *objectCountTracker) prune(threshold time.Duration) error { - oldestLastUpdatedAtAllowed := t.clock.Now().Add(-threshold) - - // lock for writing - t.lock.Lock() - defer t.lock.Unlock() - - for groupResource, count := range t.counts { - if count.lastUpdatedAt.After(oldestLastUpdatedAtAllowed) { - continue - } - delete(t.counts, groupResource) - } - - return nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/seat_seconds.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/seat_seconds.go deleted file mode 100644 index e3a4017452..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/seat_seconds.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "fmt" - "math" - "time" -) - -// SeatSeconds is a measure of work, in units of seat-seconds, using a fixed-point representation. -// `SeatSeconds(n)` represents `n/ssScale` seat-seconds. -// The `ssScale` constant is private to the implementation here, -// no other code should use it. -type SeatSeconds uint64 - -// MaxSeatsSeconds is the maximum representable value of SeatSeconds -const MaxSeatSeconds = SeatSeconds(math.MaxUint64) - -// MinSeatSeconds is the lowest representable value of SeatSeconds -const MinSeatSeconds = SeatSeconds(0) - -// SeatsTimeDuration produces the SeatSeconds value for the given factors. -// This is intended only to produce small values, increments in work -// rather than amount of work done since process start. -func SeatsTimesDuration(seats float64, duration time.Duration) SeatSeconds { - return SeatSeconds(math.Round(seats * float64(duration/time.Nanosecond) / (1e9 / ssScale))) -} - -// ToFloat converts to a floating-point representation. -// This conversion may lose precision. -func (ss SeatSeconds) ToFloat() float64 { - return float64(ss) / ssScale -} - -// DurationPerSeat returns duration per seat. -// This division may lose precision. -func (ss SeatSeconds) DurationPerSeat(seats float64) time.Duration { - return time.Duration(float64(ss) / seats * (float64(time.Second) / ssScale)) -} - -// String converts to a string. -// This is suitable for large as well as small values. -func (ss SeatSeconds) String() string { - const div = SeatSeconds(ssScale) - quo := ss / div - rem := ss - quo*div - return fmt.Sprintf("%d.%08dss", quo, rem) -} - -const ssScale = 1e8 diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/width.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/width.go deleted file mode 100644 index 86f0425843..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/request/width.go +++ /dev/null @@ -1,113 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package request - -import ( - "fmt" - "net/http" - "time" - - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/klog/v2" -) - -// WorkEstimate carries three of the four parameters that determine the work in a request. -// The fourth parameter is the duration of the initial phase of execution. -type WorkEstimate struct { - // InitialSeats is the number of seats occupied while the server is - // executing this request. - InitialSeats uint64 - - // FinalSeats is the number of seats occupied at the end, - // during the AdditionalLatency. - FinalSeats uint64 - - // AdditionalLatency specifies the additional duration the seats allocated - // to this request must be reserved after the given request had finished. - // AdditionalLatency should not have any impact on the user experience, the - // caller must not experience this additional latency. - AdditionalLatency time.Duration -} - -// MaxSeats returns the maximum number of seats the request occupies over the -// phases of being served. -func (we *WorkEstimate) MaxSeats() int { - if we.InitialSeats >= we.FinalSeats { - return int(we.InitialSeats) - } - - return int(we.FinalSeats) -} - -// objectCountGetterFunc represents a function that gets the total -// number of objects for a given resource. -type objectCountGetterFunc func(string) (int64, error) - -// watchCountGetterFunc represents a function that gets the total -// number of watchers potentially interested in a given request. -type watchCountGetterFunc func(*apirequest.RequestInfo) int - -// NewWorkEstimator estimates the work that will be done by a given request, -// if no WorkEstimatorFunc matches the given request then the default -// work estimate of 1 seat is allocated to the request. -func NewWorkEstimator(objectCountFn objectCountGetterFunc, watchCountFn watchCountGetterFunc, config *WorkEstimatorConfig) WorkEstimatorFunc { - estimator := &workEstimator{ - minimumSeats: config.MinimumSeats, - maximumSeats: config.MaximumSeats, - listWorkEstimator: newListWorkEstimator(objectCountFn, config), - mutatingWorkEstimator: newMutatingWorkEstimator(watchCountFn, config), - } - return estimator.estimate -} - -// WorkEstimatorFunc returns the estimated work of a given request. -// This function will be used by the Priority & Fairness filter to -// estimate the work of of incoming requests. -type WorkEstimatorFunc func(request *http.Request, flowSchemaName, priorityLevelName string) WorkEstimate - -func (e WorkEstimatorFunc) EstimateWork(r *http.Request, flowSchemaName, priorityLevelName string) WorkEstimate { - return e(r, flowSchemaName, priorityLevelName) -} - -type workEstimator struct { - // the minimum number of seats a request must occupy - minimumSeats uint64 - // the maximum number of seats a request can occupy - maximumSeats uint64 - // listWorkEstimator estimates work for list request(s) - listWorkEstimator WorkEstimatorFunc - // mutatingWorkEstimator calculates the width of mutating request(s) - mutatingWorkEstimator WorkEstimatorFunc -} - -func (e *workEstimator) estimate(r *http.Request, flowSchemaName, priorityLevelName string) WorkEstimate { - requestInfo, ok := apirequest.RequestInfoFrom(r.Context()) - if !ok { - klog.ErrorS(fmt.Errorf("no RequestInfo found in context"), "Failed to estimate work for the request", "URI", r.RequestURI) - // no RequestInfo should never happen, but to be on the safe side let's return maximumSeats - return WorkEstimate{InitialSeats: e.maximumSeats} - } - - switch requestInfo.Verb { - case "list": - return e.listWorkEstimator.EstimateWork(r, flowSchemaName, priorityLevelName) - case "create", "update", "patch", "delete": - return e.mutatingWorkEstimator.EstimateWork(r, flowSchemaName, priorityLevelName) - } - - return WorkEstimate{InitialSeats: e.minimumSeats} -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/rule.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/rule.go deleted file mode 100644 index a404d3286e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/rule.go +++ /dev/null @@ -1,203 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "strings" - - flowcontrol "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apiserver/pkg/authentication/serviceaccount" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/endpoints/request" -) - -// Tests whether a given request and FlowSchema match. Nobody mutates -// either input. -func matchesFlowSchema(digest RequestDigest, flowSchema *flowcontrol.FlowSchema) bool { - for _, policyRule := range flowSchema.Spec.Rules { - if matchesPolicyRule(digest, &policyRule) { - return true - } - } - return false -} - -func matchesPolicyRule(digest RequestDigest, policyRule *flowcontrol.PolicyRulesWithSubjects) bool { - if !matchesASubject(digest.User, policyRule.Subjects) { - return false - } - if digest.RequestInfo.IsResourceRequest { - return matchesAResourceRule(digest.RequestInfo, policyRule.ResourceRules) - } - return matchesANonResourceRule(digest.RequestInfo, policyRule.NonResourceRules) -} - -func matchesASubject(user user.Info, subjects []flowcontrol.Subject) bool { - for _, subject := range subjects { - if matchesSubject(user, subject) { - return true - } - } - return false -} - -func matchesSubject(user user.Info, subject flowcontrol.Subject) bool { - switch subject.Kind { - case flowcontrol.SubjectKindUser: - return subject.User != nil && (subject.User.Name == flowcontrol.NameAll || subject.User.Name == user.GetName()) - case flowcontrol.SubjectKindGroup: - if subject.Group == nil { - return false - } - seek := subject.Group.Name - if seek == "*" { - return true - } - for _, userGroup := range user.GetGroups() { - if userGroup == seek { - return true - } - } - return false - case flowcontrol.SubjectKindServiceAccount: - if subject.ServiceAccount == nil { - return false - } - if subject.ServiceAccount.Name == flowcontrol.NameAll { - return serviceAccountMatchesNamespace(subject.ServiceAccount.Namespace, user.GetName()) - } - return serviceaccount.MatchesUsername(subject.ServiceAccount.Namespace, subject.ServiceAccount.Name, user.GetName()) - default: - return false - } -} - -// serviceAccountMatchesNamespace checks whether the provided service account username matches the namespace, without -// allocating. Use this when checking a service account namespace against a known string. -// This is copied from `k8s.io/apiserver/pkg/authentication/serviceaccount::MatchesUsername` and simplified to not check the name part. -func serviceAccountMatchesNamespace(namespace string, username string) bool { - const ( - ServiceAccountUsernamePrefix = "system:serviceaccount:" - ServiceAccountUsernameSeparator = ":" - ) - if !strings.HasPrefix(username, ServiceAccountUsernamePrefix) { - return false - } - username = username[len(ServiceAccountUsernamePrefix):] - - if !strings.HasPrefix(username, namespace) { - return false - } - username = username[len(namespace):] - - return strings.HasPrefix(username, ServiceAccountUsernameSeparator) -} - -func matchesAResourceRule(ri *request.RequestInfo, rules []flowcontrol.ResourcePolicyRule) bool { - for _, rr := range rules { - if matchesResourcePolicyRule(ri, rr) { - return true - } - } - return false -} - -func matchesResourcePolicyRule(ri *request.RequestInfo, policyRule flowcontrol.ResourcePolicyRule) bool { - if !matchPolicyRuleVerb(policyRule.Verbs, ri.Verb) { - return false - } - if !matchPolicyRuleResource(policyRule.Resources, ri.Resource, ri.Subresource) { - return false - } - if !matchPolicyRuleAPIGroup(policyRule.APIGroups, ri.APIGroup) { - return false - } - if len(ri.Namespace) == 0 { - return policyRule.ClusterScope - } - return containsString(ri.Namespace, policyRule.Namespaces, flowcontrol.NamespaceEvery) -} - -func matchesANonResourceRule(ri *request.RequestInfo, rules []flowcontrol.NonResourcePolicyRule) bool { - for _, rr := range rules { - if matchesNonResourcePolicyRule(ri, rr) { - return true - } - } - return false -} - -func matchesNonResourcePolicyRule(ri *request.RequestInfo, policyRule flowcontrol.NonResourcePolicyRule) bool { - if !matchPolicyRuleVerb(policyRule.Verbs, ri.Verb) { - return false - } - return matchPolicyRuleNonResourceURL(policyRule.NonResourceURLs, ri.Path) -} - -func matchPolicyRuleVerb(policyRuleVerbs []string, requestVerb string) bool { - return containsString(requestVerb, policyRuleVerbs, flowcontrol.VerbAll) -} - -func matchPolicyRuleNonResourceURL(policyRuleRequestURLs []string, requestPath string) bool { - for _, rulePath := range policyRuleRequestURLs { - if rulePath == flowcontrol.NonResourceAll || rulePath == requestPath { - return true - } - rulePrefix := strings.TrimSuffix(rulePath, "*") - if !strings.HasSuffix(rulePrefix, "/") { - rulePrefix = rulePrefix + "/" - } - if strings.HasPrefix(requestPath, rulePrefix) { - return true - } - } - return false -} - -func matchPolicyRuleAPIGroup(policyRuleAPIGroups []string, requestAPIGroup string) bool { - return containsString(requestAPIGroup, policyRuleAPIGroups, flowcontrol.APIGroupAll) -} - -func rsJoin(requestResource, requestSubresource string) string { - seekString := requestResource - if requestSubresource != "" { - seekString = requestResource + "/" + requestSubresource - } - return seekString -} - -func matchPolicyRuleResource(policyRuleRequestResources []string, requestResource, requestSubresource string) bool { - return containsString(rsJoin(requestResource, requestSubresource), policyRuleRequestResources, flowcontrol.ResourceAll) -} - -// containsString returns true if either `x` or `wildcard` is in -// `list`. The wildcard is not a pattern to match against `x`; rather -// the presence of the wildcard in the list is the caller's way of -// saying that all values of `x` should match the list. This function -// assumes that if `wildcard` is in `list` then it is the only member -// of the list, which is enforced by validation. -func containsString(x string, list []string, wildcard string) bool { - if len(list) == 1 && list[0] == wildcard { - return true - } - for _, y := range list { - if x == y { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/watch_tracker.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/watch_tracker.go deleted file mode 100644 index 287b100cfd..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flowcontrol/watch_tracker.go +++ /dev/null @@ -1,234 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "net/http" - "sync" - - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - "k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/endpoints/request" - - "k8s.io/klog/v2" -) - -// readOnlyVerbs contains verbs for read-only requests. -var readOnlyVerbs = sets.NewString("get", "list", "watch", "proxy") - -// watchIdentifier identifies group of watches that are similar. -// As described in the "Priority and Fairness" KEP, we consider -// watches similar if they have the same resourceType, namespace -// and name. We ignore selectors as they have to be evaluated -// when processing an even anyway. -// -// TODO: For now we only track the number of watches registered -// in our kube-apiserver. Eventually we should consider sharing -// this information with other kube-apiserver as described in the -// KEP, but this isn't part of the first version. -type watchIdentifier struct { - apiGroup string - resource string - namespace string - name string -} - -// ForgetWatchFunc is a function that should be called to forget -// the previously registered watch from the watch tracker. -type ForgetWatchFunc func() - -// WatchTracker is an interface that allows tracking the number -// of watches in the system for the purpose of estimating the -// cost of incoming mutating requests. -type WatchTracker interface { - // RegisterWatch reqisters a watch based on the provided http.Request - // in the tracker. It returns the function that should be called - // to forget the watcher once it is finished. - RegisterWatch(r *http.Request) ForgetWatchFunc - - // GetInterestedWatchCount returns the number of watches that are - // potentially interested in a request with a given RequestInfo - // for the purpose of estimating cost of that request. - GetInterestedWatchCount(requestInfo *request.RequestInfo) int -} - -// builtinIndexes represents of set of indexes registered in -// watchcache that are indexing watches and increase speed of -// their processing. -// We define the indexes as a map from a resource to the path -// to the field in the object on which the index is built. -type builtinIndexes map[string]string - -func getBuiltinIndexes() builtinIndexes { - // The only existing indexes as of now are: - // - spec.nodeName for pods - // - metadata.Name for nodes, secrets and configmaps - // However, we can ignore the latter, because the requestInfo.Name - // is set for them (i.e. we already catch them correctly). - return map[string]string{ - "pods": "spec.nodeName", - } -} - -// watchTracker tracks the number of watches in the system for -// the purpose of estimating the cost of incoming mutating requests. -type watchTracker struct { - // indexes represents a set of registered indexes. - // It can't change after creation. - indexes builtinIndexes - - lock sync.Mutex - watchCount map[watchIdentifier]int -} - -func NewWatchTracker() WatchTracker { - return &watchTracker{ - indexes: getBuiltinIndexes(), - watchCount: make(map[watchIdentifier]int), - } -} - -const ( - unsetValue = "<unset>" -) - -func getIndexValue(r *http.Request, field string) string { - opts := metainternalversion.ListOptions{} - if err := scheme.ParameterCodec.DecodeParameters(r.URL.Query(), metav1.SchemeGroupVersion, &opts); err != nil { - klog.Warningf("Couldn't parse list options for %v: %v", r.URL.Query(), err) - return unsetValue - } - if opts.FieldSelector == nil { - return unsetValue - } - if value, ok := opts.FieldSelector.RequiresExactMatch(field); ok { - return value - } - return unsetValue -} - -type indexValue struct { - resource string - value string -} - -// RegisterWatch implements WatchTracker interface. -func (w *watchTracker) RegisterWatch(r *http.Request) ForgetWatchFunc { - requestInfo, ok := request.RequestInfoFrom(r.Context()) - if !ok || requestInfo == nil || requestInfo.Verb != "watch" { - return nil - } - - var index *indexValue - if indexField, ok := w.indexes[requestInfo.Resource]; ok { - index = &indexValue{ - resource: requestInfo.Resource, - value: getIndexValue(r, indexField), - } - } - - identifier := &watchIdentifier{ - apiGroup: requestInfo.APIGroup, - resource: requestInfo.Resource, - namespace: requestInfo.Namespace, - name: requestInfo.Name, - } - - w.lock.Lock() - defer w.lock.Unlock() - w.updateIndexLocked(identifier, index, 1) - return w.forgetWatch(identifier, index) -} - -func (w *watchTracker) updateIndexLocked(identifier *watchIdentifier, index *indexValue, incr int) { - if index == nil { - w.watchCount[*identifier] += incr - } else { - // For resources with defined index, for a given watch event we are - // only processing the watchers that: - // (a) do not specify field selector for an index field - // (b) do specify field selector with the value equal to the value - // coming from the processed object - // - // TODO(wojtek-t): For the sake of making progress and initially - // simplifying the implementation, we approximate (b) for all values - // as the value for an empty string. The assumption we're making here - // is that the difference between the actual number of watchers that - // will be processed, i.e. (a)+(b) above and the one from our - // approximation i.e. (a)+[(b) for field value of ""] will be small. - // This seem to be true in almost all production clusters, which makes - // it a reasonable first step simplification to unblock progres on it. - if index.value == unsetValue || index.value == "" { - w.watchCount[*identifier] += incr - } - } -} - -func (w *watchTracker) forgetWatch(identifier *watchIdentifier, index *indexValue) ForgetWatchFunc { - return func() { - w.lock.Lock() - defer w.lock.Unlock() - - w.updateIndexLocked(identifier, index, -1) - if w.watchCount[*identifier] == 0 { - delete(w.watchCount, *identifier) - } - } -} - -// GetInterestedWatchCount implements WatchTracker interface. -// -// TODO(wojtek-t): As of now, requestInfo for object creation (POST) doesn't -// -// contain the Name field set. Figure out if we can somehow get it for the -// more accurate cost estimation. -// -// TODO(wojtek-t): Figure out how to approach DELETECOLLECTION calls. -func (w *watchTracker) GetInterestedWatchCount(requestInfo *request.RequestInfo) int { - if requestInfo == nil || readOnlyVerbs.Has(requestInfo.Verb) { - return 0 - } - - result := 0 - // The watches that we're interested in include: - // - watches for all objects of a resource type (no namespace and name specified) - // - watches for all objects of a resource type in the same namespace (no name specified) - // - watched interested in this particular object - identifier := &watchIdentifier{ - apiGroup: requestInfo.APIGroup, - resource: requestInfo.Resource, - } - - w.lock.Lock() - defer w.lock.Unlock() - - result += w.watchCount[*identifier] - - if requestInfo.Namespace != "" { - identifier.namespace = requestInfo.Namespace - result += w.watchCount[*identifier] - } - - if requestInfo.Name != "" { - identifier.name = requestInfo.Name - result += w.watchCount[*identifier] - } - - return result -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flushwriter/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flushwriter/doc.go deleted file mode 100644 index f81e09a29c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flushwriter/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package flushwriter implements a wrapper for a writer that flushes on every -// write if that writer implements the io.Flusher interface -package flushwriter // import "k8s.io/apiserver/pkg/util/flushwriter" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/flushwriter/writer.go b/etcd/vendor/k8s.io/apiserver/pkg/util/flushwriter/writer.go deleted file mode 100644 index 748bd01085..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/flushwriter/writer.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flushwriter - -import ( - "io" - "net/http" -) - -// Wrap wraps an io.Writer into a writer that flushes after every write if -// the writer implements the Flusher interface. -func Wrap(w io.Writer) io.Writer { - fw := &flushWriter{ - writer: w, - } - if flusher, ok := w.(http.Flusher); ok { - fw.flusher = flusher - } - return fw -} - -// flushWriter provides wrapper for responseWriter with HTTP streaming capabilities -type flushWriter struct { - flusher http.Flusher - writer io.Writer -} - -// Write is a FlushWriter implementation of the io.Writer that sends any buffered -// data to the client. -func (fw *flushWriter) Write(p []byte) (n int, err error) { - n, err = fw.writer.Write(p) - if err != nil { - return - } - if fw.flusher != nil { - fw.flusher.Flush() - } - return -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/openapi/enablement.go b/etcd/vendor/k8s.io/apiserver/pkg/util/openapi/enablement.go deleted file mode 100644 index 693821ac02..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/openapi/enablement.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package openapi - -import ( - "strings" - - genericfeatures "k8s.io/apiserver/pkg/features" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/schemamutation" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -// enumTypeDescriptionHeader is the header of enum section in schema description. -const enumTypeDescriptionHeader = "Possible enum values:" - -// GetOpenAPIDefinitionsWithoutDisabledFeatures wraps a GetOpenAPIDefinitions to revert -// any change to the schema that was made by disabled features. -func GetOpenAPIDefinitionsWithoutDisabledFeatures(GetOpenAPIDefinitions common.GetOpenAPIDefinitions) common.GetOpenAPIDefinitions { - return func(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { - defs := GetOpenAPIDefinitions(ref) - restoreDefinitions(defs) - return defs - } -} - -// restoreDefinitions restores any changes by disabled features from definition map. -func restoreDefinitions(defs map[string]common.OpenAPIDefinition) { - // revert changes from OpenAPIEnums - if !utilfeature.DefaultFeatureGate.Enabled(genericfeatures.OpenAPIEnums) { - for gvk, def := range defs { - orig := &def.Schema - if ret := pruneEnums(orig); ret != orig { - def.Schema = *ret - defs[gvk] = def - } - } - } -} - -func pruneEnums(schema *spec.Schema) *spec.Schema { - walker := schemamutation.Walker{ - SchemaCallback: func(schema *spec.Schema) *spec.Schema { - orig := schema - clone := func() { - if orig == schema { // if schema has not been mutated yet - schema = new(spec.Schema) - *schema = *orig // make a clone from orig to schema - } - } - if headerIndex := strings.Index(schema.Description, enumTypeDescriptionHeader); headerIndex != -1 { - // remove the enum section from description. - // note that the new lines before the header should be removed too, - // thus the slice range. - clone() - schema.Description = schema.Description[:headerIndex] - } - if len(schema.Enum) != 0 { - // remove the enum field - clone() - schema.Enum = nil - } - return schema - }, - RefCallback: schemamutation.RefCallbackNoop, - } - return walker.WalkSchema(schema) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/openapi/proto.go b/etcd/vendor/k8s.io/apiserver/pkg/util/openapi/proto.go deleted file mode 100644 index 162812f145..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/openapi/proto.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package openapi - -import ( - "encoding/json" - - openapi_v2 "github.com/google/gnostic/openapiv2" - - "k8s.io/kube-openapi/pkg/util/proto" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -// ToProtoModels builds the proto formatted models from OpenAPI spec -func ToProtoModels(openAPISpec *spec.Swagger) (proto.Models, error) { - specBytes, err := json.MarshalIndent(openAPISpec, " ", " ") - if err != nil { - return nil, err - } - - doc, err := openapi_v2.ParseDocument(specBytes) - if err != nil { - return nil, err - } - - models, err := proto.NewOpenAPIData(doc) - if err != nil { - return nil, err - } - - return models, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/shufflesharding/shufflesharding.go b/etcd/vendor/k8s.io/apiserver/pkg/util/shufflesharding/shufflesharding.go deleted file mode 100644 index 6ef4ed8900..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/shufflesharding/shufflesharding.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package shufflesharding - -import ( - "fmt" - "math" -) - -// MaxHashBits is the max bit length which can be used from hash value. -// If we use all bits of hash value, the critical(last) card shuffled by -// Dealer will be uneven to 2:3 (first half:second half) at most, -// in order to reduce this unevenness to 32:33, we set MaxHashBits to 60 here. -const MaxHashBits = 60 - -// RequiredEntropyBits makes a quick and slightly conservative estimate of the number -// of bits of hash value that are consumed in shuffle sharding a deck of the given size -// to a hand of the given size. The result is meaningful only if -// 1 <= handSize <= deckSize <= 1<<26. -func RequiredEntropyBits(deckSize, handSize int) int { - return int(math.Ceil(math.Log2(float64(deckSize)) * float64(handSize))) -} - -// Dealer contains some necessary parameters and provides some methods for shuffle sharding. -// Dealer is thread-safe. -type Dealer struct { - deckSize int - handSize int -} - -// NewDealer will create a Dealer with the given deckSize and handSize, will return error when -// deckSize or handSize is invalid as below. -// 1. deckSize or handSize is not positive -// 2. handSize is greater than deckSize -// 3. deckSize is impractically large (greater than 1<<26) -// 4. required entropy bits of deckSize and handSize is greater than MaxHashBits -func NewDealer(deckSize, handSize int) (*Dealer, error) { - if deckSize <= 0 || handSize <= 0 { - return nil, fmt.Errorf("deckSize %d or handSize %d is not positive", deckSize, handSize) - } - if handSize > deckSize { - return nil, fmt.Errorf("handSize %d is greater than deckSize %d", handSize, deckSize) - } - if deckSize > 1<<26 { - return nil, fmt.Errorf("deckSize %d is impractically large", deckSize) - } - if RequiredEntropyBits(deckSize, handSize) > MaxHashBits { - return nil, fmt.Errorf("required entropy bits of deckSize %d and handSize %d is greater than %d", deckSize, handSize, MaxHashBits) - } - - return &Dealer{ - deckSize: deckSize, - handSize: handSize, - }, nil -} - -// Deal shuffles a card deck and deals a hand of cards, using the given hashValue as the source of entropy. -// The deck size and hand size are properties of the Dealer. -// This function synchronously makes sequential calls to pick, one for each dealt card. -// Each card is identified by an integer in the range [0, deckSize). -// For example, for deckSize=128 and handSize=4 this function might call pick(14); pick(73); pick(119); pick(26). -func (d *Dealer) Deal(hashValue uint64, pick func(int)) { - // 15 is the largest possible value of handSize - var remainders [15]int - - for i := 0; i < d.handSize; i++ { - hashValueNext := hashValue / uint64(d.deckSize-i) - remainders[i] = int(hashValue - uint64(d.deckSize-i)*hashValueNext) - hashValue = hashValueNext - } - - for i := 0; i < d.handSize; i++ { - card := remainders[i] - for j := i; j > 0; j-- { - if card >= remainders[j-1] { - card++ - } - } - pick(card) - } -} - -// DealIntoHand shuffles and deals according to the Dealer's parameters, -// using the given hashValue as the source of entropy and then -// returns the dealt cards as a slice of `int`. -// If `hand` has the correct length as Dealer's handSize, it will be used as-is and no allocations will be made. -// If `hand` is nil or too small, it will be extended (performing an allocation). -// If `hand` is too large, a sub-slice will be returned. -func (d *Dealer) DealIntoHand(hashValue uint64, hand []int) []int { - h := hand[:0] - d.Deal(hashValue, func(card int) { h = append(h, card) }) - return h -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/authentication.go b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/authentication.go deleted file mode 100644 index a69506de69..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/authentication.go +++ /dev/null @@ -1,275 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "fmt" - "io/ioutil" - "net" - "net/http" - "strconv" - "strings" - "time" - - "go.opentelemetry.io/otel/trace" - - corev1 "k8s.io/api/core/v1" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/features" - egressselector "k8s.io/apiserver/pkg/server/egressselector" - "k8s.io/apiserver/pkg/util/feature" - "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" - tracing "k8s.io/component-base/tracing" -) - -// AuthenticationInfoResolverWrapper can be used to inject Dial function to the -// rest.Config generated by the resolver. -type AuthenticationInfoResolverWrapper func(AuthenticationInfoResolver) AuthenticationInfoResolver - -// NewDefaultAuthenticationInfoResolverWrapper builds a default authn resolver wrapper -func NewDefaultAuthenticationInfoResolverWrapper( - proxyTransport *http.Transport, - egressSelector *egressselector.EgressSelector, - kubeapiserverClientConfig *rest.Config, - tp trace.TracerProvider) AuthenticationInfoResolverWrapper { - - webhookAuthResolverWrapper := func(delegate AuthenticationInfoResolver) AuthenticationInfoResolver { - return &AuthenticationInfoResolverDelegator{ - ClientConfigForFunc: func(hostPort string) (*rest.Config, error) { - if hostPort == "kubernetes.default.svc:443" { - return kubeapiserverClientConfig, nil - } - ret, err := delegate.ClientConfigFor(hostPort) - if err != nil { - return nil, err - } - if feature.DefaultFeatureGate.Enabled(features.APIServerTracing) { - ret.Wrap(tracing.WrapperFor(tp)) - } - - if egressSelector != nil { - networkContext := egressselector.ControlPlane.AsNetworkContext() - var egressDialer utilnet.DialFunc - egressDialer, err = egressSelector.Lookup(networkContext) - - if err != nil { - return nil, err - } - - ret.Dial = egressDialer - } - return ret, nil - }, - ClientConfigForServiceFunc: func(serviceName, serviceNamespace string, servicePort int) (*rest.Config, error) { - if serviceName == "kubernetes" && serviceNamespace == corev1.NamespaceDefault && servicePort == 443 { - return kubeapiserverClientConfig, nil - } - ret, err := delegate.ClientConfigForService(serviceName, serviceNamespace, servicePort) - if err != nil { - return nil, err - } - if feature.DefaultFeatureGate.Enabled(features.APIServerTracing) { - ret.Wrap(tracing.WrapperFor(tp)) - } - - if egressSelector != nil { - networkContext := egressselector.Cluster.AsNetworkContext() - var egressDialer utilnet.DialFunc - egressDialer, err = egressSelector.Lookup(networkContext) - if err != nil { - return nil, err - } - - ret.Dial = egressDialer - } else if proxyTransport != nil && proxyTransport.DialContext != nil { - ret.Dial = proxyTransport.DialContext - } - return ret, nil - }, - } - } - return webhookAuthResolverWrapper -} - -// AuthenticationInfoResolver builds rest.Config base on the server or service -// name and service namespace. -type AuthenticationInfoResolver interface { - // ClientConfigFor builds rest.Config based on the hostPort. - ClientConfigFor(hostPort string) (*rest.Config, error) - // ClientConfigForService builds rest.Config based on the serviceName and - // serviceNamespace. - ClientConfigForService(serviceName, serviceNamespace string, servicePort int) (*rest.Config, error) -} - -// AuthenticationInfoResolverDelegator implements AuthenticationInfoResolver. -type AuthenticationInfoResolverDelegator struct { - ClientConfigForFunc func(hostPort string) (*rest.Config, error) - ClientConfigForServiceFunc func(serviceName, serviceNamespace string, servicePort int) (*rest.Config, error) -} - -// ClientConfigFor returns client config for given hostPort. -func (a *AuthenticationInfoResolverDelegator) ClientConfigFor(hostPort string) (*rest.Config, error) { - return a.ClientConfigForFunc(hostPort) -} - -// ClientConfigForService returns client config for given service. -func (a *AuthenticationInfoResolverDelegator) ClientConfigForService(serviceName, serviceNamespace string, servicePort int) (*rest.Config, error) { - return a.ClientConfigForServiceFunc(serviceName, serviceNamespace, servicePort) -} - -type defaultAuthenticationInfoResolver struct { - kubeconfig clientcmdapi.Config -} - -// NewDefaultAuthenticationInfoResolver generates an AuthenticationInfoResolver -// that builds rest.Config based on the kubeconfig file. kubeconfigFile is the -// path to the kubeconfig. -func NewDefaultAuthenticationInfoResolver(kubeconfigFile string) (AuthenticationInfoResolver, error) { - if len(kubeconfigFile) == 0 { - return &defaultAuthenticationInfoResolver{}, nil - } - - loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() - loadingRules.ExplicitPath = kubeconfigFile - loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) - clientConfig, err := loader.RawConfig() - if err != nil { - return nil, err - } - - return &defaultAuthenticationInfoResolver{kubeconfig: clientConfig}, nil -} - -func (c *defaultAuthenticationInfoResolver) ClientConfigFor(hostPort string) (*rest.Config, error) { - return c.clientConfig(hostPort) -} - -func (c *defaultAuthenticationInfoResolver) ClientConfigForService(serviceName, serviceNamespace string, servicePort int) (*rest.Config, error) { - return c.clientConfig(net.JoinHostPort(serviceName+"."+serviceNamespace+".svc", strconv.Itoa(servicePort))) -} - -func (c *defaultAuthenticationInfoResolver) clientConfig(target string) (*rest.Config, error) { - // exact match - if authConfig, ok := c.kubeconfig.AuthInfos[target]; ok { - return restConfigFromKubeconfig(authConfig) - } - - // star prefixed match - serverSteps := strings.Split(target, ".") - for i := 1; i < len(serverSteps); i++ { - nickName := "*." + strings.Join(serverSteps[i:], ".") - if authConfig, ok := c.kubeconfig.AuthInfos[nickName]; ok { - return restConfigFromKubeconfig(authConfig) - } - } - - // If target included the default https port (443), search again without the port - if target, port, err := net.SplitHostPort(target); err == nil && port == "443" { - // exact match without port - if authConfig, ok := c.kubeconfig.AuthInfos[target]; ok { - return restConfigFromKubeconfig(authConfig) - } - - // star prefixed match without port - serverSteps := strings.Split(target, ".") - for i := 1; i < len(serverSteps); i++ { - nickName := "*." + strings.Join(serverSteps[i:], ".") - if authConfig, ok := c.kubeconfig.AuthInfos[nickName]; ok { - return restConfigFromKubeconfig(authConfig) - } - } - } - - // if we're trying to hit the kube-apiserver and there wasn't an explicit config, use the in-cluster config - if target == "kubernetes.default.svc:443" { - // if we can find an in-cluster-config use that. If we can't, fall through. - inClusterConfig, err := rest.InClusterConfig() - if err == nil { - return setGlobalDefaults(inClusterConfig), nil - } - } - - // star (default) match - if authConfig, ok := c.kubeconfig.AuthInfos["*"]; ok { - return restConfigFromKubeconfig(authConfig) - } - - // use the current context from the kubeconfig if possible - if len(c.kubeconfig.CurrentContext) > 0 { - if currContext, ok := c.kubeconfig.Contexts[c.kubeconfig.CurrentContext]; ok { - if len(currContext.AuthInfo) > 0 { - if currAuth, ok := c.kubeconfig.AuthInfos[currContext.AuthInfo]; ok { - return restConfigFromKubeconfig(currAuth) - } - } - } - } - - // anonymous - return setGlobalDefaults(&rest.Config{}), nil -} - -func restConfigFromKubeconfig(configAuthInfo *clientcmdapi.AuthInfo) (*rest.Config, error) { - config := &rest.Config{} - - // blindly overwrite existing values based on precedence - if len(configAuthInfo.Token) > 0 { - config.BearerToken = configAuthInfo.Token - config.BearerTokenFile = configAuthInfo.TokenFile - } else if len(configAuthInfo.TokenFile) > 0 { - tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile) - if err != nil { - return nil, err - } - config.BearerToken = string(tokenBytes) - config.BearerTokenFile = configAuthInfo.TokenFile - } - if len(configAuthInfo.Impersonate) > 0 { - config.Impersonate = rest.ImpersonationConfig{ - UserName: configAuthInfo.Impersonate, - Groups: configAuthInfo.ImpersonateGroups, - Extra: configAuthInfo.ImpersonateUserExtra, - } - } - if len(configAuthInfo.ClientCertificate) > 0 || len(configAuthInfo.ClientCertificateData) > 0 { - config.CertFile = configAuthInfo.ClientCertificate - config.CertData = configAuthInfo.ClientCertificateData - config.KeyFile = configAuthInfo.ClientKey - config.KeyData = configAuthInfo.ClientKeyData - } - if len(configAuthInfo.Username) > 0 || len(configAuthInfo.Password) > 0 { - config.Username = configAuthInfo.Username - config.Password = configAuthInfo.Password - } - if configAuthInfo.Exec != nil { - config.ExecProvider = configAuthInfo.Exec.DeepCopy() - } - if configAuthInfo.AuthProvider != nil { - return nil, fmt.Errorf("auth provider not supported") - } - - return setGlobalDefaults(config), nil -} - -func setGlobalDefaults(config *rest.Config) *rest.Config { - config.UserAgent = "kube-apiserver-admission" - config.Timeout = 30 * time.Second - - return config -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/client.go b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/client.go deleted file mode 100644 index ec3585b45a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/client.go +++ /dev/null @@ -1,230 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "net" - "net/url" - "strconv" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/util/x509metrics" - "k8s.io/client-go/rest" - "k8s.io/utils/lru" -) - -const ( - defaultCacheSize = 200 -) - -// ClientConfig defines parameters required for creating a hook client. -type ClientConfig struct { - Name string - URL string - CABundle []byte - Service *ClientConfigService -} - -// ClientConfigService defines service discovery parameters of the webhook. -type ClientConfigService struct { - Name string - Namespace string - Path string - Port int32 -} - -// ClientManager builds REST clients to talk to webhooks. It caches the clients -// to avoid duplicate creation. -type ClientManager struct { - authInfoResolver AuthenticationInfoResolver - serviceResolver ServiceResolver - negotiatedSerializer runtime.NegotiatedSerializer - cache *lru.Cache -} - -// NewClientManager creates a clientManager. -func NewClientManager(gvs []schema.GroupVersion, addToSchemaFuncs ...func(s *runtime.Scheme) error) (ClientManager, error) { - cache := lru.New(defaultCacheSize) - hookScheme := runtime.NewScheme() - for _, addToSchemaFunc := range addToSchemaFuncs { - if err := addToSchemaFunc(hookScheme); err != nil { - return ClientManager{}, err - } - } - return ClientManager{ - cache: cache, - negotiatedSerializer: serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{ - Serializer: serializer.NewCodecFactory(hookScheme).LegacyCodec(gvs...), - }), - }, nil -} - -// SetAuthenticationInfoResolverWrapper sets the -// AuthenticationInfoResolverWrapper. -func (cm *ClientManager) SetAuthenticationInfoResolverWrapper(wrapper AuthenticationInfoResolverWrapper) { - if wrapper != nil { - cm.authInfoResolver = wrapper(cm.authInfoResolver) - } -} - -// SetAuthenticationInfoResolver sets the AuthenticationInfoResolver. -func (cm *ClientManager) SetAuthenticationInfoResolver(resolver AuthenticationInfoResolver) { - cm.authInfoResolver = resolver -} - -// SetServiceResolver sets the ServiceResolver. -func (cm *ClientManager) SetServiceResolver(sr ServiceResolver) { - if sr != nil { - cm.serviceResolver = sr - } -} - -// Validate checks if ClientManager is properly set up. -func (cm *ClientManager) Validate() error { - var errs []error - if cm.negotiatedSerializer == nil { - errs = append(errs, fmt.Errorf("the clientManager requires a negotiatedSerializer")) - } - if cm.serviceResolver == nil { - errs = append(errs, fmt.Errorf("the clientManager requires a serviceResolver")) - } - if cm.authInfoResolver == nil { - errs = append(errs, fmt.Errorf("the clientManager requires an authInfoResolver")) - } - return utilerrors.NewAggregate(errs) -} - -// HookClient get a RESTClient from the cache, or constructs one based on the -// webhook configuration. -func (cm *ClientManager) HookClient(cc ClientConfig) (*rest.RESTClient, error) { - ccWithNoName := cc - ccWithNoName.Name = "" - cacheKey, err := json.Marshal(ccWithNoName) - if err != nil { - return nil, err - } - if client, ok := cm.cache.Get(string(cacheKey)); ok { - return client.(*rest.RESTClient), nil - } - - complete := func(cfg *rest.Config) (*rest.RESTClient, error) { - // Avoid client-side rate limiting talking to the webhook backend. - // Rate limiting should happen when deciding how many requests to serve. - cfg.QPS = -1 - - // Combine CAData from the config with any existing CA bundle provided - if len(cfg.TLSClientConfig.CAData) > 0 { - cfg.TLSClientConfig.CAData = append(cfg.TLSClientConfig.CAData, '\n') - } - cfg.TLSClientConfig.CAData = append(cfg.TLSClientConfig.CAData, cc.CABundle...) - - // Use http/1.1 instead of http/2. - // This is a workaround for http/2-enabled clients not load-balancing concurrent requests to multiple backends. - // See https://issue.k8s.io/75791 for details. - cfg.NextProtos = []string{"http/1.1"} - - cfg.ContentConfig.NegotiatedSerializer = cm.negotiatedSerializer - cfg.ContentConfig.ContentType = runtime.ContentTypeJSON - - // Add a transport wrapper that allows detection of TLS connections to - // servers with serving certificates with deprecated characteristics - cfg.Wrap(x509metrics.NewDeprecatedCertificateRoundTripperWrapperConstructor( - x509MissingSANCounter, - x509InsecureSHA1Counter, - )) - - client, err := rest.UnversionedRESTClientFor(cfg) - if err == nil { - cm.cache.Add(string(cacheKey), client) - } - return client, err - } - - if cc.Service != nil { - port := cc.Service.Port - if port == 0 { - // Default to port 443 if no service port is specified - port = 443 - } - - restConfig, err := cm.authInfoResolver.ClientConfigForService(cc.Service.Name, cc.Service.Namespace, int(port)) - if err != nil { - return nil, err - } - cfg := rest.CopyConfig(restConfig) - serverName := cc.Service.Name + "." + cc.Service.Namespace + ".svc" - - host := net.JoinHostPort(serverName, strconv.Itoa(int(port))) - cfg.Host = "https://" + host - cfg.APIPath = cc.Service.Path - // Set the server name if not already set - if len(cfg.TLSClientConfig.ServerName) == 0 { - cfg.TLSClientConfig.ServerName = serverName - } - - delegateDialer := cfg.Dial - if delegateDialer == nil { - var d net.Dialer - delegateDialer = d.DialContext - } - cfg.Dial = func(ctx context.Context, network, addr string) (net.Conn, error) { - if addr == host { - u, err := cm.serviceResolver.ResolveEndpoint(cc.Service.Namespace, cc.Service.Name, port) - if err != nil { - return nil, err - } - addr = u.Host - } - return delegateDialer(ctx, network, addr) - } - - return complete(cfg) - } - - if cc.URL == "" { - return nil, &ErrCallingWebhook{WebhookName: cc.Name, Reason: errors.New("webhook configuration must have either service or URL")} - } - - u, err := url.Parse(cc.URL) - if err != nil { - return nil, &ErrCallingWebhook{WebhookName: cc.Name, Reason: fmt.Errorf("Unparsable URL: %v", err)} - } - - hostPort := u.Host - if len(u.Port()) == 0 { - // Default to port 443 if no port is specified - hostPort = net.JoinHostPort(hostPort, "443") - } - - restConfig, err := cm.authInfoResolver.ClientConfigFor(hostPort) - if err != nil { - return nil, err - } - - cfg := rest.CopyConfig(restConfig) - cfg.Host = u.Scheme + "://" + u.Host - cfg.APIPath = u.Path - - return complete(cfg) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/error.go b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/error.go deleted file mode 100644 index 3c5d39ae3c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/error.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "fmt" - - apierrors "k8s.io/apimachinery/pkg/api/errors" -) - -// ErrCallingWebhook is returned for transport-layer errors calling webhooks. It -// represents a failure to talk to the webhook, not the webhook rejecting a -// request. -type ErrCallingWebhook struct { - WebhookName string - Reason error - Status *apierrors.StatusError -} - -func (e *ErrCallingWebhook) Error() string { - if e.Reason != nil { - return fmt.Sprintf("failed calling webhook %q: %v", e.WebhookName, e.Reason) - } - return fmt.Sprintf("failed calling webhook %q; no further details available", e.WebhookName) -} - -// ErrWebhookRejection represents a webhook properly rejecting a request. -type ErrWebhookRejection struct { - Status *apierrors.StatusError -} - -func (e *ErrWebhookRejection) Error() string { - return e.Status.Error() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/gencerts.sh b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/gencerts.sh deleted file mode 100644 index a6426a9591..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/gencerts.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -# gencerts.sh generates the certificates for the webhook tests. -# -# It is not expected to be run often (there is no go generate rule), and mainly -# exists for documentation purposes. - -CN_BASE="webhook_tests" - -cat > intermediate_ca.conf << EOF -[ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer -basicConstraints = critical,CA:true -keyUsage = cRLSign, keyCertSign -EOF - -cat > server.conf << EOF -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names -[alt_names] -IP.1 = 127.0.0.1 -DNS.1 = localhost -EOF - -cat > server_no_san.conf << EOF -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -EOF - -cat > client.conf << EOF -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names -[alt_names] -IP.1 = 127.0.0.1 -EOF - -# Create a certificate authority -openssl genrsa -out caKey.pem 2048 -openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=${CN_BASE}_ca" - -# Create a second certificate authority -openssl genrsa -out badCAKey.pem 2048 -openssl req -x509 -new -nodes -key badCAKey.pem -days 100000 -out badCACert.pem -subj "/CN=${CN_BASE}_ca" - -# Create an intermediate certificate authority -openssl genrsa -out caKeyInter.pem 2048 -openssl req -new -nodes -key caKeyInter.pem -days 100000 -out caCertInter.csr -subj "/CN=${CN_BASE}_intermediate_ca" -openssl x509 -req -in caCertInter.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out caCertInter.pem -days 100000 -extensions v3_ca -extfile intermediate_ca.conf - -# Create an intermediate certificate authority with sha1 signature -openssl req -new -nodes -key caKeyInter.pem -days 100000 -out caCertInterSHA1.csr -subj "/CN=${CN_BASE}_intermediate_ca" -openssl x509 -sha1 -req -in caCertInterSHA1.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out caCertInterSHA1.pem -days 100000 -extensions v3_ca -extfile intermediate_ca.conf - -# Create a server certiticate -openssl genrsa -out serverKey.pem 2048 -openssl req -new -key serverKey.pem -out server.csr -subj "/CN=${CN_BASE}_server" -config server.conf -openssl x509 -req -in server.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCert.pem -days 100000 -extensions v3_req -extfile server.conf - -# Create a server certiticate w/o SAN -openssl req -new -key serverKey.pem -out serverNoSAN.csr -subj "/CN=localhost" -config server_no_san.conf -openssl x509 -req -in serverNoSAN.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCertNoSAN.pem -days 100000 -extensions v3_req -extfile server_no_san.conf - -# Create a server certiticate with SHA1 signature signed by OK intermediate CA -openssl req -new -key serverKey.pem -out serverSHA1.csr -subj "/CN=localhost" -config server.conf -openssl x509 -sha1 -req -in serverSHA1.csr -CA caCertInter.pem -CAkey caKeyInter.pem -CAcreateserial -out sha1ServerCertInter.pem -days 100000 -extensions v3_req -extfile server.conf - -# Create a server certiticate signed by SHA1-signed intermediate CA -openssl req -new -key serverKey.pem -out serverInterSHA1.csr -subj "/CN=localhost" -config server.conf -openssl x509 -req -in serverInterSHA1.csr -CA caCertInterSHA1.pem -CAkey caKeyInter.pem -CAcreateserial -out serverCertInterSHA1.pem -days 100000 -extensions v3_req -extfile server.conf - -# Create a client certiticate -openssl genrsa -out clientKey.pem 2048 -openssl req -new -key clientKey.pem -out client.csr -subj "/CN=${CN_BASE}_client" -config client.conf -openssl x509 -req -in client.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out clientCert.pem -days 100000 -extensions v3_req -extfile client.conf - -outfile=certs_test.go - -cat > $outfile << EOF -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file was generated using openssl by the gencerts.sh script -// and holds raw certificates for the webhook tests. - -package webhook -EOF - -for file in caKey caCert badCAKey badCACert caCertInter caCertInterSHA1 serverKey serverCert serverCertNoSAN clientKey clientCert sha1ServerCertInter serverCertInterSHA1; do - data=$(cat ${file}.pem) - echo "" >> $outfile - echo "var $file = []byte(\`$data\`)" >> $outfile -done - -# Clean up after we're done. -rm ./*.pem -rm ./*.csr -rm ./*.srl -rm ./*.conf diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/metrics.go b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/metrics.go deleted file mode 100644 index 67fc8fabe0..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/metrics.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -var x509MissingSANCounter = metrics.NewCounter( - &metrics.CounterOpts{ - Subsystem: "webhooks", - Namespace: "apiserver", - Name: "x509_missing_san_total", - Help: "Counts the number of requests to servers missing SAN extension " + - "in their serving certificate OR the number of connection failures " + - "due to the lack of x509 certificate SAN extension missing " + - "(either/or, based on the runtime environment)", - StabilityLevel: metrics.ALPHA, - }, -) - -var x509InsecureSHA1Counter = metrics.NewCounter( - &metrics.CounterOpts{ - Subsystem: "webhooks", - Namespace: "apiserver", - Name: "x509_insecure_sha1_total", - Help: "Counts the number of requests to servers with insecure SHA1 signatures " + - "in their serving certificate OR the number of connection failures " + - "due to the insecure SHA1 signatures (either/or, based on the runtime environment)", - StabilityLevel: metrics.ALPHA, - }, -) - -func init() { - legacyregistry.MustRegister(x509MissingSANCounter) - legacyregistry.MustRegister(x509InsecureSHA1Counter) -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/serviceresolver.go b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/serviceresolver.go deleted file mode 100644 index fcd953da3c..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/serviceresolver.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "errors" - "fmt" - "net/url" -) - -// ServiceResolver knows how to convert a service reference into an actual location. -type ServiceResolver interface { - ResolveEndpoint(namespace, name string, port int32) (*url.URL, error) -} - -type defaultServiceResolver struct{} - -// NewDefaultServiceResolver creates a new default server resolver. -func NewDefaultServiceResolver() ServiceResolver { - return &defaultServiceResolver{} -} - -// ResolveEndpoint constructs a service URL from a given namespace and name -// note that the name, namespace, and port are required and by default all -// created addresses use HTTPS scheme. -// for example: -// -// name=ross namespace=andromeda resolves to https://ross.andromeda.svc:443 -func (sr defaultServiceResolver) ResolveEndpoint(namespace, name string, port int32) (*url.URL, error) { - if len(name) == 0 || len(namespace) == 0 || port == 0 { - return nil, errors.New("cannot resolve an empty service name or namespace or port") - } - return &url.URL{Scheme: "https", Host: fmt.Sprintf("%s.%s.svc:%d", name, namespace, port)}, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/validation.go b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/validation.go deleted file mode 100644 index 695c00d176..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/validation.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "fmt" - "net/url" - "strings" - - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// ValidateWebhookURL validates webhook's URL. -func ValidateWebhookURL(fldPath *field.Path, URL string, forceHttps bool) field.ErrorList { - var allErrors field.ErrorList - const form = "; desired format: https://host[/path]" - if u, err := url.Parse(URL); err != nil { - allErrors = append(allErrors, field.Required(fldPath, "url must be a valid URL: "+err.Error()+form)) - } else { - if forceHttps && u.Scheme != "https" { - allErrors = append(allErrors, field.Invalid(fldPath, u.Scheme, "'https' is the only allowed URL scheme"+form)) - } - if len(u.Host) == 0 { - allErrors = append(allErrors, field.Invalid(fldPath, u.Host, "host must be specified"+form)) - } - if u.User != nil { - allErrors = append(allErrors, field.Invalid(fldPath, u.User.String(), "user information is not permitted in the URL")) - } - if len(u.Fragment) != 0 { - allErrors = append(allErrors, field.Invalid(fldPath, u.Fragment, "fragments are not permitted in the URL")) - } - if len(u.RawQuery) != 0 { - allErrors = append(allErrors, field.Invalid(fldPath, u.RawQuery, "query parameters are not permitted in the URL")) - } - } - return allErrors -} - -func ValidateWebhookService(fldPath *field.Path, namespace, name string, path *string, port int32) field.ErrorList { - var allErrors field.ErrorList - - if len(name) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("name"), "service name is required")) - } - - if len(namespace) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("namespace"), "service namespace is required")) - } - - if errs := validation.IsValidPortNum(int(port)); errs != nil { - allErrors = append(allErrors, field.Invalid(fldPath.Child("port"), port, "port is not valid: "+strings.Join(errs, ", "))) - } - - if path == nil { - return allErrors - } - - // TODO: replace below with url.Parse + verifying that host is empty? - - urlPath := *path - if urlPath == "/" || len(urlPath) == 0 { - return allErrors - } - if urlPath == "//" { - allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, "segment[0] may not be empty")) - return allErrors - } - - if !strings.HasPrefix(urlPath, "/") { - allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, "must start with a '/'")) - } - - urlPathToCheck := urlPath[1:] - if strings.HasSuffix(urlPathToCheck, "/") { - urlPathToCheck = urlPathToCheck[:len(urlPathToCheck)-1] - } - steps := strings.Split(urlPathToCheck, "/") - for i, step := range steps { - if len(step) == 0 { - allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, fmt.Sprintf("segment[%d] may not be empty", i))) - continue - } - failures := validation.IsDNS1123Subdomain(step) - for _, failure := range failures { - allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, fmt.Sprintf("segment[%d]: %v", i, failure))) - } - } - - return allErrors -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/webhook.go b/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/webhook.go deleted file mode 100644 index 06a74c1cd3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/webhook/webhook.go +++ /dev/null @@ -1,170 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package webhook implements a generic HTTP webhook plugin. -package webhook - -import ( - "context" - "fmt" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/util/x509metrics" - "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" -) - -// defaultRequestTimeout is set for all webhook request. This is the absolute -// timeout of the HTTP request, including reading the response body. -const defaultRequestTimeout = 30 * time.Second - -// DefaultRetryBackoffWithInitialDelay returns the default backoff parameters for webhook retry from a given initial delay. -// Handy for the client that provides a custom initial delay only. -func DefaultRetryBackoffWithInitialDelay(initialBackoffDelay time.Duration) wait.Backoff { - return wait.Backoff{ - Duration: initialBackoffDelay, - Factor: 1.5, - Jitter: 0.2, - Steps: 5, - } -} - -// GenericWebhook defines a generic client for webhooks with commonly used capabilities, -// such as retry requests. -type GenericWebhook struct { - RestClient *rest.RESTClient - RetryBackoff wait.Backoff - ShouldRetry func(error) bool -} - -// DefaultShouldRetry is a default implementation for the GenericWebhook ShouldRetry function property. -// If the error reason is one of: networking (connection reset) or http (InternalServerError (500), GatewayTimeout (504), TooManyRequests (429)), -// or apierrors.SuggestsClientDelay() returns true, then the function advises a retry. -// Otherwise it returns false for an immediate fail. -func DefaultShouldRetry(err error) bool { - // these errors indicate a transient error that should be retried. - if utilnet.IsConnectionReset(err) || apierrors.IsInternalError(err) || apierrors.IsTimeout(err) || apierrors.IsTooManyRequests(err) { - return true - } - // if the error sends the Retry-After header, we respect it as an explicit confirmation we should retry. - if _, shouldRetry := apierrors.SuggestsClientDelay(err); shouldRetry { - return true - } - return false -} - -// NewGenericWebhook creates a new GenericWebhook from the provided rest.Config. -func NewGenericWebhook(scheme *runtime.Scheme, codecFactory serializer.CodecFactory, config *rest.Config, groupVersions []schema.GroupVersion, retryBackoff wait.Backoff) (*GenericWebhook, error) { - for _, groupVersion := range groupVersions { - if !scheme.IsVersionRegistered(groupVersion) { - return nil, fmt.Errorf("webhook plugin requires enabling extension resource: %s", groupVersion) - } - } - - clientConfig := rest.CopyConfig(config) - - codec := codecFactory.LegacyCodec(groupVersions...) - clientConfig.ContentConfig.NegotiatedSerializer = serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{Serializer: codec}) - - clientConfig.Wrap(x509metrics.NewDeprecatedCertificateRoundTripperWrapperConstructor( - x509MissingSANCounter, - x509InsecureSHA1Counter, - )) - - restClient, err := rest.UnversionedRESTClientFor(clientConfig) - if err != nil { - return nil, err - } - - return &GenericWebhook{restClient, retryBackoff, DefaultShouldRetry}, nil -} - -// WithExponentialBackoff will retry webhookFn() as specified by the given backoff parameters with exponentially -// increasing backoff when it returns an error for which this GenericWebhook's ShouldRetry function returns true, -// confirming it to be retriable. If no ShouldRetry has been defined for the webhook, -// then the default one is used (DefaultShouldRetry). -func (g *GenericWebhook) WithExponentialBackoff(ctx context.Context, webhookFn func() rest.Result) rest.Result { - var result rest.Result - shouldRetry := g.ShouldRetry - if shouldRetry == nil { - shouldRetry = DefaultShouldRetry - } - WithExponentialBackoff(ctx, g.RetryBackoff, func() error { - result = webhookFn() - return result.Error() - }, shouldRetry) - return result -} - -// WithExponentialBackoff will retry webhookFn up to 5 times with exponentially increasing backoff when -// it returns an error for which shouldRetry returns true, confirming it to be retriable. -func WithExponentialBackoff(ctx context.Context, retryBackoff wait.Backoff, webhookFn func() error, shouldRetry func(error) bool) error { - // having a webhook error allows us to track the last actual webhook error for requests that - // are later cancelled or time out. - var webhookErr error - err := wait.ExponentialBackoffWithContext(ctx, retryBackoff, func() (bool, error) { - webhookErr = webhookFn() - if shouldRetry(webhookErr) { - return false, nil - } - if webhookErr != nil { - return false, webhookErr - } - return true, nil - }) - - switch { - // we check for webhookErr first, if webhookErr is set it's the most important error to return. - case webhookErr != nil: - return webhookErr - case err != nil: - return fmt.Errorf("webhook call failed: %s", err.Error()) - default: - return nil - } -} - -func LoadKubeconfig(kubeConfigFile string, customDial utilnet.DialFunc) (*rest.Config, error) { - loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() - loadingRules.ExplicitPath = kubeConfigFile - loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) - - clientConfig, err := loader.ClientConfig() - if err != nil { - return nil, err - } - - clientConfig.Dial = customDial - - // Kubeconfigs can't set a timeout, this can only be set through a command line flag. - // - // https://github.com/kubernetes/client-go/blob/master/tools/clientcmd/overrides.go - // - // Set this to something reasonable so request to webhooks don't hang forever. - clientConfig.Timeout = defaultRequestTimeout - - // Avoid client-side rate limiting talking to the webhook backend. - // Rate limiting should happen when deciding how many requests to serve. - clientConfig.QPS = -1 - - return clientConfig, nil -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/conn.go b/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/conn.go deleted file mode 100644 index 09f54a49c7..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/conn.go +++ /dev/null @@ -1,350 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package wsstream - -import ( - "encoding/base64" - "fmt" - "io" - "net/http" - "regexp" - "strings" - "time" - - "golang.org/x/net/websocket" - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/util/runtime" -) - -// The Websocket subprotocol "channel.k8s.io" prepends each binary message with a byte indicating -// the channel number (zero indexed) the message was sent on. Messages in both directions should -// prefix their messages with this channel byte. When used for remote execution, the channel numbers -// are by convention defined to match the POSIX file-descriptors assigned to STDIN, STDOUT, and STDERR -// (0, 1, and 2). No other conversion is performed on the raw subprotocol - writes are sent as they -// are received by the server. -// -// Example client session: -// -// CONNECT http://server.com with subprotocol "channel.k8s.io" -// WRITE []byte{0, 102, 111, 111, 10} # send "foo\n" on channel 0 (STDIN) -// READ []byte{1, 10} # receive "\n" on channel 1 (STDOUT) -// CLOSE -const ChannelWebSocketProtocol = "channel.k8s.io" - -// The Websocket subprotocol "base64.channel.k8s.io" base64 encodes each message with a character -// indicating the channel number (zero indexed) the message was sent on. Messages in both directions -// should prefix their messages with this channel char. When used for remote execution, the channel -// numbers are by convention defined to match the POSIX file-descriptors assigned to STDIN, STDOUT, -// and STDERR ('0', '1', and '2'). The data received on the server is base64 decoded (and must be -// be valid) and data written by the server to the client is base64 encoded. -// -// Example client session: -// -// CONNECT http://server.com with subprotocol "base64.channel.k8s.io" -// WRITE []byte{48, 90, 109, 57, 118, 67, 103, 111, 61} # send "foo\n" (base64: "Zm9vCgo=") on channel '0' (STDIN) -// READ []byte{49, 67, 103, 61, 61} # receive "\n" (base64: "Cg==") on channel '1' (STDOUT) -// CLOSE -const Base64ChannelWebSocketProtocol = "base64.channel.k8s.io" - -type codecType int - -const ( - rawCodec codecType = iota - base64Codec -) - -type ChannelType int - -const ( - IgnoreChannel ChannelType = iota - ReadChannel - WriteChannel - ReadWriteChannel -) - -var ( - // connectionUpgradeRegex matches any Connection header value that includes upgrade - connectionUpgradeRegex = regexp.MustCompile("(^|.*,\\s*)upgrade($|\\s*,)") -) - -// IsWebSocketRequest returns true if the incoming request contains connection upgrade headers -// for WebSockets. -func IsWebSocketRequest(req *http.Request) bool { - if !strings.EqualFold(req.Header.Get("Upgrade"), "websocket") { - return false - } - return connectionUpgradeRegex.MatchString(strings.ToLower(req.Header.Get("Connection"))) -} - -// IgnoreReceives reads from a WebSocket until it is closed, then returns. If timeout is set, the -// read and write deadlines are pushed every time a new message is received. -func IgnoreReceives(ws *websocket.Conn, timeout time.Duration) { - defer runtime.HandleCrash() - var data []byte - for { - resetTimeout(ws, timeout) - if err := websocket.Message.Receive(ws, &data); err != nil { - return - } - } -} - -// handshake ensures the provided user protocol matches one of the allowed protocols. It returns -// no error if no protocol is specified. -func handshake(config *websocket.Config, req *http.Request, allowed []string) error { - protocols := config.Protocol - if len(protocols) == 0 { - protocols = []string{""} - } - - for _, protocol := range protocols { - for _, allow := range allowed { - if allow == protocol { - config.Protocol = []string{protocol} - return nil - } - } - } - - return fmt.Errorf("requested protocol(s) are not supported: %v; supports %v", config.Protocol, allowed) -} - -// ChannelProtocolConfig describes a websocket subprotocol with channels. -type ChannelProtocolConfig struct { - Binary bool - Channels []ChannelType -} - -// NewDefaultChannelProtocols returns a channel protocol map with the -// subprotocols "", "channel.k8s.io", "base64.channel.k8s.io" and the given -// channels. -func NewDefaultChannelProtocols(channels []ChannelType) map[string]ChannelProtocolConfig { - return map[string]ChannelProtocolConfig{ - "": {Binary: true, Channels: channels}, - ChannelWebSocketProtocol: {Binary: true, Channels: channels}, - Base64ChannelWebSocketProtocol: {Binary: false, Channels: channels}, - } -} - -// Conn supports sending multiple binary channels over a websocket connection. -type Conn struct { - protocols map[string]ChannelProtocolConfig - selectedProtocol string - channels []*websocketChannel - codec codecType - ready chan struct{} - ws *websocket.Conn - timeout time.Duration -} - -// NewConn creates a WebSocket connection that supports a set of channels. Channels begin each -// web socket message with a single byte indicating the channel number (0-N). 255 is reserved for -// future use. The channel types for each channel are passed as an array, supporting the different -// duplex modes. Read and Write refer to whether the channel can be used as a Reader or Writer. -// -// The protocols parameter maps subprotocol names to ChannelProtocols. The empty string subprotocol -// name is used if websocket.Config.Protocol is empty. -func NewConn(protocols map[string]ChannelProtocolConfig) *Conn { - return &Conn{ - ready: make(chan struct{}), - protocols: protocols, - } -} - -// SetIdleTimeout sets the interval for both reads and writes before timeout. If not specified, -// there is no timeout on the connection. -func (conn *Conn) SetIdleTimeout(duration time.Duration) { - conn.timeout = duration -} - -// Open the connection and create channels for reading and writing. It returns -// the selected subprotocol, a slice of channels and an error. -func (conn *Conn) Open(w http.ResponseWriter, req *http.Request) (string, []io.ReadWriteCloser, error) { - go func() { - defer runtime.HandleCrash() - defer conn.Close() - websocket.Server{Handshake: conn.handshake, Handler: conn.handle}.ServeHTTP(w, req) - }() - <-conn.ready - rwc := make([]io.ReadWriteCloser, len(conn.channels)) - for i := range conn.channels { - rwc[i] = conn.channels[i] - } - return conn.selectedProtocol, rwc, nil -} - -func (conn *Conn) initialize(ws *websocket.Conn) { - negotiated := ws.Config().Protocol - conn.selectedProtocol = negotiated[0] - p := conn.protocols[conn.selectedProtocol] - if p.Binary { - conn.codec = rawCodec - } else { - conn.codec = base64Codec - } - conn.ws = ws - conn.channels = make([]*websocketChannel, len(p.Channels)) - for i, t := range p.Channels { - switch t { - case ReadChannel: - conn.channels[i] = newWebsocketChannel(conn, byte(i), true, false) - case WriteChannel: - conn.channels[i] = newWebsocketChannel(conn, byte(i), false, true) - case ReadWriteChannel: - conn.channels[i] = newWebsocketChannel(conn, byte(i), true, true) - case IgnoreChannel: - conn.channels[i] = newWebsocketChannel(conn, byte(i), false, false) - } - } - - close(conn.ready) -} - -func (conn *Conn) handshake(config *websocket.Config, req *http.Request) error { - supportedProtocols := make([]string, 0, len(conn.protocols)) - for p := range conn.protocols { - supportedProtocols = append(supportedProtocols, p) - } - return handshake(config, req, supportedProtocols) -} - -func (conn *Conn) resetTimeout() { - if conn.timeout > 0 { - conn.ws.SetDeadline(time.Now().Add(conn.timeout)) - } -} - -// Close is only valid after Open has been called -func (conn *Conn) Close() error { - <-conn.ready - for _, s := range conn.channels { - s.Close() - } - conn.ws.Close() - return nil -} - -// handle implements a websocket handler. -func (conn *Conn) handle(ws *websocket.Conn) { - defer conn.Close() - conn.initialize(ws) - - for { - conn.resetTimeout() - var data []byte - if err := websocket.Message.Receive(ws, &data); err != nil { - if err != io.EOF { - klog.Errorf("Error on socket receive: %v", err) - } - break - } - if len(data) == 0 { - continue - } - channel := data[0] - if conn.codec == base64Codec { - channel = channel - '0' - } - data = data[1:] - if int(channel) >= len(conn.channels) { - klog.V(6).Infof("Frame is targeted for a reader %d that is not valid, possible protocol error", channel) - continue - } - if _, err := conn.channels[channel].DataFromSocket(data); err != nil { - klog.Errorf("Unable to write frame to %d: %v\n%s", channel, err, string(data)) - continue - } - } -} - -// write multiplexes the specified channel onto the websocket -func (conn *Conn) write(num byte, data []byte) (int, error) { - conn.resetTimeout() - switch conn.codec { - case rawCodec: - frame := make([]byte, len(data)+1) - frame[0] = num - copy(frame[1:], data) - if err := websocket.Message.Send(conn.ws, frame); err != nil { - return 0, err - } - case base64Codec: - frame := string('0'+num) + base64.StdEncoding.EncodeToString(data) - if err := websocket.Message.Send(conn.ws, frame); err != nil { - return 0, err - } - } - return len(data), nil -} - -// websocketChannel represents a channel in a connection -type websocketChannel struct { - conn *Conn - num byte - r io.Reader - w io.WriteCloser - - read, write bool -} - -// newWebsocketChannel creates a pipe for writing to a websocket. Do not write to this pipe -// prior to the connection being opened. It may be no, half, or full duplex depending on -// read and write. -func newWebsocketChannel(conn *Conn, num byte, read, write bool) *websocketChannel { - r, w := io.Pipe() - return &websocketChannel{conn, num, r, w, read, write} -} - -func (p *websocketChannel) Write(data []byte) (int, error) { - if !p.write { - return len(data), nil - } - return p.conn.write(p.num, data) -} - -// DataFromSocket is invoked by the connection receiver to move data from the connection -// into a specific channel. -func (p *websocketChannel) DataFromSocket(data []byte) (int, error) { - if !p.read { - return len(data), nil - } - - switch p.conn.codec { - case rawCodec: - return p.w.Write(data) - case base64Codec: - dst := make([]byte, len(data)) - n, err := base64.StdEncoding.Decode(dst, data) - if err != nil { - return 0, err - } - return p.w.Write(dst[:n]) - } - return 0, nil -} - -func (p *websocketChannel) Read(data []byte) (int, error) { - if !p.read { - return 0, io.EOF - } - return p.r.Read(data) -} - -func (p *websocketChannel) Close() error { - return p.w.Close() -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/doc.go deleted file mode 100644 index 694ce81d20..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package wsstream contains utilities for streaming content over WebSockets. -// The Conn type allows callers to multiplex multiple read/write channels over -// a single websocket. The Reader type allows an io.Reader to be copied over -// a websocket channel as binary content. -package wsstream // import "k8s.io/apiserver/pkg/util/wsstream" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/stream.go b/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/stream.go deleted file mode 100644 index ba7e6a519a..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/wsstream/stream.go +++ /dev/null @@ -1,177 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package wsstream - -import ( - "encoding/base64" - "io" - "net/http" - "sync" - "time" - - "golang.org/x/net/websocket" - - "k8s.io/apimachinery/pkg/util/runtime" -) - -// The WebSocket subprotocol "binary.k8s.io" will only send messages to the -// client and ignore messages sent to the server. The received messages are -// the exact bytes written to the stream. Zero byte messages are possible. -const binaryWebSocketProtocol = "binary.k8s.io" - -// The WebSocket subprotocol "base64.binary.k8s.io" will only send messages to the -// client and ignore messages sent to the server. The received messages are -// a base64 version of the bytes written to the stream. Zero byte messages are -// possible. -const base64BinaryWebSocketProtocol = "base64.binary.k8s.io" - -// ReaderProtocolConfig describes a websocket subprotocol with one stream. -type ReaderProtocolConfig struct { - Binary bool -} - -// NewDefaultReaderProtocols returns a stream protocol map with the -// subprotocols "", "channel.k8s.io", "base64.channel.k8s.io". -func NewDefaultReaderProtocols() map[string]ReaderProtocolConfig { - return map[string]ReaderProtocolConfig{ - "": {Binary: true}, - binaryWebSocketProtocol: {Binary: true}, - base64BinaryWebSocketProtocol: {Binary: false}, - } -} - -// Reader supports returning an arbitrary byte stream over a websocket channel. -type Reader struct { - err chan error - r io.Reader - ping bool - timeout time.Duration - protocols map[string]ReaderProtocolConfig - selectedProtocol string - - handleCrash func(additionalHandlers ...func(interface{})) // overridable for testing -} - -// NewReader creates a WebSocket pipe that will copy the contents of r to a provided -// WebSocket connection. If ping is true, a zero length message will be sent to the client -// before the stream begins reading. -// -// The protocols parameter maps subprotocol names to StreamProtocols. The empty string -// subprotocol name is used if websocket.Config.Protocol is empty. -func NewReader(r io.Reader, ping bool, protocols map[string]ReaderProtocolConfig) *Reader { - return &Reader{ - r: r, - err: make(chan error), - ping: ping, - protocols: protocols, - handleCrash: runtime.HandleCrash, - } -} - -// SetIdleTimeout sets the interval for both reads and writes before timeout. If not specified, -// there is no timeout on the reader. -func (r *Reader) SetIdleTimeout(duration time.Duration) { - r.timeout = duration -} - -func (r *Reader) handshake(config *websocket.Config, req *http.Request) error { - supportedProtocols := make([]string, 0, len(r.protocols)) - for p := range r.protocols { - supportedProtocols = append(supportedProtocols, p) - } - return handshake(config, req, supportedProtocols) -} - -// Copy the reader to the response. The created WebSocket is closed after this -// method completes. -func (r *Reader) Copy(w http.ResponseWriter, req *http.Request) error { - go func() { - defer r.handleCrash() - websocket.Server{Handshake: r.handshake, Handler: r.handle}.ServeHTTP(w, req) - }() - return <-r.err -} - -// handle implements a WebSocket handler. -func (r *Reader) handle(ws *websocket.Conn) { - // Close the connection when the client requests it, or when we finish streaming, whichever happens first - closeConnOnce := &sync.Once{} - closeConn := func() { - closeConnOnce.Do(func() { - ws.Close() - }) - } - - negotiated := ws.Config().Protocol - r.selectedProtocol = negotiated[0] - defer close(r.err) - defer closeConn() - - go func() { - defer runtime.HandleCrash() - // This blocks until the connection is closed. - // Client should not send anything. - IgnoreReceives(ws, r.timeout) - // Once the client closes, we should also close - closeConn() - }() - - r.err <- messageCopy(ws, r.r, !r.protocols[r.selectedProtocol].Binary, r.ping, r.timeout) -} - -func resetTimeout(ws *websocket.Conn, timeout time.Duration) { - if timeout > 0 { - ws.SetDeadline(time.Now().Add(timeout)) - } -} - -func messageCopy(ws *websocket.Conn, r io.Reader, base64Encode, ping bool, timeout time.Duration) error { - buf := make([]byte, 2048) - if ping { - resetTimeout(ws, timeout) - if base64Encode { - if err := websocket.Message.Send(ws, ""); err != nil { - return err - } - } else { - if err := websocket.Message.Send(ws, []byte{}); err != nil { - return err - } - } - } - for { - resetTimeout(ws, timeout) - n, err := r.Read(buf) - if err != nil { - if err == io.EOF { - return nil - } - return err - } - if n > 0 { - if base64Encode { - if err := websocket.Message.Send(ws, base64.StdEncoding.EncodeToString(buf[:n])); err != nil { - return err - } - } else { - if err := websocket.Message.Send(ws, buf[:n]); err != nil { - return err - } - } - } - } -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations.go b/etcd/vendor/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations.go deleted file mode 100644 index 464510ea8f..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations.go +++ /dev/null @@ -1,225 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package x509metrics - -import ( - "crypto/x509" - "errors" - "fmt" - "net/http" - "reflect" - "strings" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/audit" - "k8s.io/component-base/metrics" - "k8s.io/klog/v2" -) - -var _ utilnet.RoundTripperWrapper = &x509DeprecatedCertificateMetricsRTWrapper{} - -type x509DeprecatedCertificateMetricsRTWrapper struct { - rt http.RoundTripper - - checkers []deprecatedCertificateAttributeChecker -} - -type deprecatedCertificateAttributeChecker interface { - // CheckRoundTripError returns true if the err is an error specific - // to this deprecated certificate attribute - CheckRoundTripError(err error) bool - // CheckPeerCertificates returns true if the deprecated attribute/value pair - // was found in a given certificate in the http.Response.TLS.PeerCertificates bundle - CheckPeerCertificates(certs []*x509.Certificate) bool - // IncreaseCounter increases the counter internal to this interface - // Use the req to derive and log information useful for troubleshooting the certificate issue - IncreaseMetricsCounter(req *http.Request) -} - -// counterRaiser is a helper structure to include in certificate deprecation checkers. -// It implements the IncreaseMetricsCounter() method so that, when included in the checker, -// it does not have to be reimplemented. -type counterRaiser struct { - counter *metrics.Counter - // programmatic id used in log and audit annotations prefixes - id string - // human readable explanation - reason string -} - -func (c *counterRaiser) IncreaseMetricsCounter(req *http.Request) { - if req != nil && req.URL != nil { - if hostname := req.URL.Hostname(); len(hostname) > 0 { - prefix := fmt.Sprintf("%s.invalid-cert.kubernetes.io", c.id) - klog.Infof("%s: invalid certificate detected connecting to %q: %s", prefix, hostname, c.reason) - audit.AddAuditAnnotation(req.Context(), prefix+"/"+hostname, c.reason) - } - } - c.counter.Inc() -} - -// NewDeprecatedCertificateRoundTripperWrapperConstructor returns a RoundTripper wrapper that's usable within ClientConfig.Wrap. -// -// It increases the `missingSAN` counter whenever: -// 1. we get a x509.HostnameError with string `x509: certificate relies on legacy Common Name field` -// which indicates an error caused by the deprecation of Common Name field when veryfing remote -// hostname -// 2. the server certificate in response contains no SAN. This indicates that this binary run -// with the GODEBUG=x509ignoreCN=0 in env -// -// It increases the `sha1` counter whenever: -// 1. we get a x509.InsecureAlgorithmError with string `SHA1` -// which indicates an error caused by an insecure SHA1 signature -// 2. the server certificate in response contains a SHA1WithRSA or ECDSAWithSHA1 signature. -// This indicates that this binary run with the GODEBUG=x509sha1=1 in env -func NewDeprecatedCertificateRoundTripperWrapperConstructor(missingSAN, sha1 *metrics.Counter) func(rt http.RoundTripper) http.RoundTripper { - return func(rt http.RoundTripper) http.RoundTripper { - return &x509DeprecatedCertificateMetricsRTWrapper{ - rt: rt, - checkers: []deprecatedCertificateAttributeChecker{ - NewSANDeprecatedChecker(missingSAN), - NewSHA1SignatureDeprecatedChecker(sha1), - }, - } - } -} - -func (w *x509DeprecatedCertificateMetricsRTWrapper) RoundTrip(req *http.Request) (*http.Response, error) { - resp, err := w.rt.RoundTrip(req) - - if err != nil { - for _, checker := range w.checkers { - if checker.CheckRoundTripError(err) { - checker.IncreaseMetricsCounter(req) - } - } - } else if resp != nil { - if resp.TLS != nil && len(resp.TLS.PeerCertificates) > 0 { - for _, checker := range w.checkers { - if checker.CheckPeerCertificates(resp.TLS.PeerCertificates) { - checker.IncreaseMetricsCounter(req) - } - } - } - } - - return resp, err -} - -func (w *x509DeprecatedCertificateMetricsRTWrapper) WrappedRoundTripper() http.RoundTripper { - return w.rt -} - -var _ deprecatedCertificateAttributeChecker = &missingSANChecker{} - -type missingSANChecker struct { - counterRaiser -} - -func NewSANDeprecatedChecker(counter *metrics.Counter) *missingSANChecker { - return &missingSANChecker{ - counterRaiser: counterRaiser{ - counter: counter, - id: "missing-san", - reason: "relies on a legacy Common Name field instead of the SAN extension for subject validation", - }, - } -} - -// CheckRoundTripError returns true when we're running w/o GODEBUG=x509ignoreCN=0 -// and the client reports a HostnameError about the legacy CN fields -func (c *missingSANChecker) CheckRoundTripError(err error) bool { - if err != nil && errors.As(err, &x509.HostnameError{}) && strings.Contains(err.Error(), "x509: certificate relies on legacy Common Name field") { - // increase the count of registered failures due to Go 1.15 x509 cert Common Name deprecation - return true - } - - return false -} - -// CheckPeerCertificates returns true when the server response contains -// a leaf certificate w/o the SAN extension -func (c *missingSANChecker) CheckPeerCertificates(peerCertificates []*x509.Certificate) bool { - if len(peerCertificates) > 0 { - if serverCert := peerCertificates[0]; !hasSAN(serverCert) { - return true - } - } - - return false -} - -func hasSAN(c *x509.Certificate) bool { - sanOID := []int{2, 5, 29, 17} - - for _, e := range c.Extensions { - if e.Id.Equal(sanOID) { - return true - } - } - return false -} - -type sha1SignatureChecker struct { - *counterRaiser -} - -func NewSHA1SignatureDeprecatedChecker(counter *metrics.Counter) *sha1SignatureChecker { - return &sha1SignatureChecker{ - counterRaiser: &counterRaiser{ - counter: counter, - id: "insecure-sha1", - reason: "uses an insecure SHA-1 signature", - }, - } -} - -// CheckRoundTripError returns true when we're running w/o GODEBUG=x509sha1=1 -// and the client reports an InsecureAlgorithmError about a SHA1 signature -func (c *sha1SignatureChecker) CheckRoundTripError(err error) bool { - var unknownAuthorityError x509.UnknownAuthorityError - if err == nil { - return false - } - if !errors.As(err, &unknownAuthorityError) { - return false - } - - errMsg := err.Error() - if strIdx := strings.Index(errMsg, "x509: cannot verify signature: insecure algorithm"); strIdx != -1 && strings.Contains(errMsg[strIdx:], "SHA1") { - // increase the count of registered failures due to Go 1.18 x509 sha1 signature deprecation - return true - } - - return false -} - -// CheckPeerCertificates returns true when the server response contains -// a non-root non-self-signed certificate with a deprecated SHA1 signature -func (c *sha1SignatureChecker) CheckPeerCertificates(peerCertificates []*x509.Certificate) bool { - // check all received non-self-signed certificates for deprecated signing algorithms - for _, cert := range peerCertificates { - if cert.SignatureAlgorithm == x509.SHA1WithRSA || cert.SignatureAlgorithm == x509.ECDSAWithSHA1 { - // the SHA-1 deprecation does not involve self-signed root certificates - if !reflect.DeepEqual(cert.Issuer, cert.Subject) { - return true - } - } - } - - return false -} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/warning/context.go b/etcd/vendor/k8s.io/apiserver/pkg/warning/context.go deleted file mode 100644 index 2009225458..0000000000 --- a/etcd/vendor/k8s.io/apiserver/pkg/warning/context.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package warning - -import ( - "context" -) - -// The key type is unexported to prevent collisions -type key int - -const ( - // warningRecorderKey is the context key for the warning recorder. - warningRecorderKey key = iota -) - -// Recorder provides a method for recording warnings -type Recorder interface { - // AddWarning adds the specified warning to the response. - // agent must be valid UTF-8, and must not contain spaces, quotes, backslashes, or control characters. - // text must be valid UTF-8, and must not contain control characters. - AddWarning(agent, text string) -} - -// WithWarningRecorder returns a new context that wraps the provided context and contains the provided Recorder implementation. -// The returned context can be passed to AddWarning(). -func WithWarningRecorder(ctx context.Context, recorder Recorder) context.Context { - return context.WithValue(ctx, warningRecorderKey, recorder) -} - -func warningRecorderFrom(ctx context.Context) (Recorder, bool) { - recorder, ok := ctx.Value(warningRecorderKey).(Recorder) - return recorder, ok -} - -// AddWarning records a warning for the specified agent and text to the Recorder added to the provided context using WithWarningRecorder(). -// If no Recorder exists in the provided context, this is a no-op. -// agent must be valid UTF-8, and must not contain spaces, quotes, backslashes, or control characters. -// text must be valid UTF-8, and must not contain control characters. -func AddWarning(ctx context.Context, agent string, text string) { - recorder, ok := warningRecorderFrom(ctx) - if !ok { - return - } - recorder.AddWarning(agent, text) -} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/buffered/buffered.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/buffered/buffered.go deleted file mode 100644 index 07f263b2e3..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/buffered/buffered.go +++ /dev/null @@ -1,290 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package buffered - -import ( - "fmt" - "sync" - "time" - - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" - "k8s.io/client-go/util/flowcontrol" -) - -// PluginName is the name reported in error metrics. -const PluginName = "buffered" - -// BatchConfig represents batching delegate audit backend configuration. -type BatchConfig struct { - // BufferSize defines a size of the buffering queue. - BufferSize int - // MaxBatchSize defines maximum size of a batch. - MaxBatchSize int - // MaxBatchWait indicates the maximum interval between two batches. - MaxBatchWait time.Duration - - // ThrottleEnable defines whether throttling will be applied to the batching process. - ThrottleEnable bool - // ThrottleQPS defines the allowed rate of batches per second sent to the delegate backend. - ThrottleQPS float32 - // ThrottleBurst defines the maximum number of requests sent to the delegate backend at the same moment in case - // the capacity defined by ThrottleQPS was not utilized. - ThrottleBurst int - - // Whether the delegate backend should be called asynchronously. - AsyncDelegate bool -} - -type bufferedBackend struct { - // The delegate backend that actually exports events. - delegateBackend audit.Backend - - // Channel to buffer events before sending to the delegate backend. - buffer chan *auditinternal.Event - // Maximum number of events in a batch sent to the delegate backend. - maxBatchSize int - // Amount of time to wait after sending a batch to the delegate backend before sending another one. - // - // Receiving maxBatchSize events will always trigger sending a batch, regardless of the amount of time passed. - maxBatchWait time.Duration - - // Whether the delegate backend should be called asynchronously. - asyncDelegate bool - - // Channel to signal that the batching routine has processed all remaining events and exited. - // Once `shutdownCh` is closed no new events will be sent to the delegate backend. - shutdownCh chan struct{} - - // WaitGroup to control the concurrency of sending batches to the delegate backend. - // Worker routine calls Add before sending a batch and - // then spawns a routine that calls Done after batch was processed by the delegate backend. - // This WaitGroup is used to wait for all sending routines to finish before shutting down audit backend. - wg sync.WaitGroup - - // Limits the number of batches sent to the delegate backend per second. - throttle flowcontrol.RateLimiter -} - -var _ audit.Backend = &bufferedBackend{} - -// NewBackend returns a buffered audit backend that wraps delegate backend. -// Buffered backend automatically runs and shuts down the delegate backend. -func NewBackend(delegate audit.Backend, config BatchConfig) audit.Backend { - var throttle flowcontrol.RateLimiter - if config.ThrottleEnable { - throttle = flowcontrol.NewTokenBucketRateLimiter(config.ThrottleQPS, config.ThrottleBurst) - } - return &bufferedBackend{ - delegateBackend: delegate, - buffer: make(chan *auditinternal.Event, config.BufferSize), - maxBatchSize: config.MaxBatchSize, - maxBatchWait: config.MaxBatchWait, - asyncDelegate: config.AsyncDelegate, - shutdownCh: make(chan struct{}), - wg: sync.WaitGroup{}, - throttle: throttle, - } -} - -func (b *bufferedBackend) Run(stopCh <-chan struct{}) error { - go func() { - // Signal that the working routine has exited. - defer close(b.shutdownCh) - - b.processIncomingEvents(stopCh) - - // Handle the events that were received after the last buffer - // scraping and before this line. Since the buffer is closed, no new - // events will come through. - allEventsProcessed := false - timer := make(chan time.Time) - for !allEventsProcessed { - allEventsProcessed = func() bool { - // Recover from any panic in order to try to process all remaining events. - // Note, that in case of a panic, the return value will be false and - // the loop execution will continue. - defer runtime.HandleCrash() - - events := b.collectEvents(timer, wait.NeverStop) - b.processEvents(events) - return len(events) == 0 - }() - } - }() - return b.delegateBackend.Run(stopCh) -} - -// Shutdown blocks until stopCh passed to the Run method is closed and all -// events added prior to that moment are batched and sent to the delegate backend. -func (b *bufferedBackend) Shutdown() { - // Wait until the routine spawned in Run method exits. - <-b.shutdownCh - - // Wait until all sending routines exit. - // - // - When b.shutdownCh is closed, we know that the goroutine in Run has terminated. - // - This means that processIncomingEvents has terminated. - // - Which means that b.buffer is closed and cannot accept any new events anymore. - // - Because processEvents is called synchronously from the Run goroutine, the waitgroup has its final value. - // Hence wg.Wait will not miss any more outgoing batches. - b.wg.Wait() - - b.delegateBackend.Shutdown() -} - -// processIncomingEvents runs a loop that collects events from the buffer. When -// b.stopCh is closed, processIncomingEvents stops and closes the buffer. -func (b *bufferedBackend) processIncomingEvents(stopCh <-chan struct{}) { - defer close(b.buffer) - - var ( - maxWaitChan <-chan time.Time - maxWaitTimer *time.Timer - ) - // Only use max wait batching if batching is enabled. - if b.maxBatchSize > 1 { - maxWaitTimer = time.NewTimer(b.maxBatchWait) - maxWaitChan = maxWaitTimer.C - defer maxWaitTimer.Stop() - } - - for { - func() { - // Recover from any panics caused by this function so a panic in the - // goroutine can't bring down the main routine. - defer runtime.HandleCrash() - - if b.maxBatchSize > 1 { - maxWaitTimer.Reset(b.maxBatchWait) - } - b.processEvents(b.collectEvents(maxWaitChan, stopCh)) - }() - - select { - case <-stopCh: - return - default: - } - } -} - -// collectEvents attempts to collect some number of events in a batch. -// -// The following things can cause collectEvents to stop and return the list -// of events: -// -// - Maximum number of events for a batch. -// - Timer has passed. -// - Buffer channel is closed and empty. -// - stopCh is closed. -func (b *bufferedBackend) collectEvents(timer <-chan time.Time, stopCh <-chan struct{}) []*auditinternal.Event { - var events []*auditinternal.Event - -L: - for i := 0; i < b.maxBatchSize; i++ { - select { - case ev, ok := <-b.buffer: - // Buffer channel was closed and no new events will follow. - if !ok { - break L - } - events = append(events, ev) - case <-timer: - // Timer has expired. Send currently accumulated batch. - break L - case <-stopCh: - // Backend has been stopped. Send currently accumulated batch. - break L - } - } - - return events -} - -// processEvents process the batch events in a goroutine using delegateBackend's ProcessEvents. -func (b *bufferedBackend) processEvents(events []*auditinternal.Event) { - if len(events) == 0 { - return - } - - // TODO(audit): Should control the number of active goroutines - // if one goroutine takes 5 seconds to finish, the number of goroutines can be 5 * defaultBatchThrottleQPS - if b.throttle != nil { - b.throttle.Accept() - } - - if b.asyncDelegate { - b.wg.Add(1) - go func() { - defer b.wg.Done() - defer runtime.HandleCrash() - - // Execute the real processing in a goroutine to keep it from blocking. - // This lets the batching routine continue draining the queue immediately. - b.delegateBackend.ProcessEvents(events...) - }() - } else { - func() { - defer runtime.HandleCrash() - - // Execute the real processing in a goroutine to keep it from blocking. - // This lets the batching routine continue draining the queue immediately. - b.delegateBackend.ProcessEvents(events...) - }() - } -} - -func (b *bufferedBackend) ProcessEvents(ev ...*auditinternal.Event) bool { - // The following mechanism is in place to support the situation when audit - // events are still coming after the backend was stopped. - var sendErr error - var evIndex int - - // If the delegateBackend was shutdown and the buffer channel was closed, an - // attempt to add an event to it will result in panic that we should - // recover from. - defer func() { - if err := recover(); err != nil { - sendErr = fmt.Errorf("audit backend shut down") - } - if sendErr != nil { - audit.HandlePluginError(PluginName, sendErr, ev[evIndex:]...) - } - }() - - for i, e := range ev { - evIndex = i - // Per the audit.Backend interface these events are reused after being - // sent to the Sink. Deep copy and send the copy to the queue. - event := e.DeepCopy() - - select { - case b.buffer <- event: - default: - sendErr = fmt.Errorf("audit buffer queue blocked") - return true - } - } - return true -} - -func (b *bufferedBackend) String() string { - return fmt.Sprintf("%s<%s>", PluginName, b.delegateBackend) -} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/buffered/doc.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/buffered/doc.go deleted file mode 100644 index a82599e426..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/buffered/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package buffered provides an implementation for the audit.Backend interface -// that batches incoming audit events and sends batches to the delegate audit.Backend. -package buffered // import "k8s.io/apiserver/plugin/pkg/audit/buffered" diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/log/backend.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/log/backend.go deleted file mode 100644 index 2ef2cc6ece..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/log/backend.go +++ /dev/null @@ -1,104 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package log - -import ( - "fmt" - "io" - "strings" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" -) - -const ( - // FormatLegacy saves event in 1-line text format. - FormatLegacy = "legacy" - // FormatJson saves event in structured json format. - FormatJson = "json" - - // PluginName is the name of this plugin, to be used in help and logs. - PluginName = "log" -) - -// AllowedFormats are the formats known by log backend. -var AllowedFormats = []string{ - FormatLegacy, - FormatJson, -} - -type backend struct { - out io.Writer - format string - encoder runtime.Encoder -} - -var _ audit.Backend = &backend{} - -func NewBackend(out io.Writer, format string, groupVersion schema.GroupVersion) audit.Backend { - return &backend{ - out: out, - format: format, - encoder: audit.Codecs.LegacyCodec(groupVersion), - } -} - -func (b *backend) ProcessEvents(events ...*auditinternal.Event) bool { - success := true - for _, ev := range events { - success = b.logEvent(ev) && success - } - return success -} - -func (b *backend) logEvent(ev *auditinternal.Event) bool { - line := "" - switch b.format { - case FormatLegacy: - line = audit.EventString(ev) + "\n" - case FormatJson: - bs, err := runtime.Encode(b.encoder, ev) - if err != nil { - audit.HandlePluginError(PluginName, err, ev) - return false - } - line = string(bs[:]) - default: - audit.HandlePluginError(PluginName, fmt.Errorf("log format %q is not in list of known formats (%s)", - b.format, strings.Join(AllowedFormats, ",")), ev) - return false - } - if _, err := fmt.Fprint(b.out, line); err != nil { - audit.HandlePluginError(PluginName, err, ev) - return false - } - return true -} - -func (b *backend) Run(stopCh <-chan struct{}) error { - return nil -} - -func (b *backend) Shutdown() { - // Nothing to do here. -} - -func (b *backend) String() string { - return PluginName -} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/truncate/doc.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/truncate/doc.go deleted file mode 100644 index 9392ac3147..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/truncate/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package truncate provides an implementation for the audit.Backend interface -// that truncates audit events and sends them to the delegate audit.Backend. -package truncate // import "k8s.io/apiserver/plugin/pkg/audit/truncate" diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate.go deleted file mode 100644 index 42a40e3ebe..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate.go +++ /dev/null @@ -1,165 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package truncate - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/audit" -) - -const ( - // PluginName is the name reported in error metrics. - PluginName = "truncate" - - // annotationKey defines the name of the annotation used to indicate truncation. - annotationKey = "audit.k8s.io/truncated" - // annotationValue defines the value of the annotation used to indicate truncation. - annotationValue = "true" -) - -// Config represents truncating backend configuration. -type Config struct { - // MaxEventSize defines max allowed size of the event. If the event is larger, - // truncating will be performed. - MaxEventSize int64 - - // MaxBatchSize defined max allowed size of the batch of events, passed to the backend. - // If the total size of the batch is larger than this number, batch will be split. Actual - // size of the serialized request might be slightly higher, on the order of hundreds of bytes. - MaxBatchSize int64 -} - -type backend struct { - // The delegate backend that actually exports events. - delegateBackend audit.Backend - - // Configuration used for truncation. - c Config - - // Encoder used to calculate audit event sizes. - e runtime.Encoder -} - -var _ audit.Backend = &backend{} - -// NewBackend returns a new truncating backend, using configuration passed in the parameters. -// Truncate backend automatically runs and shut downs the delegate backend. -func NewBackend(delegateBackend audit.Backend, config Config, groupVersion schema.GroupVersion) audit.Backend { - return &backend{ - delegateBackend: delegateBackend, - c: config, - e: audit.Codecs.LegacyCodec(groupVersion), - } -} - -func (b *backend) ProcessEvents(events ...*auditinternal.Event) bool { - var errors []error - var impacted []*auditinternal.Event - var batch []*auditinternal.Event - var batchSize int64 - success := true - for _, event := range events { - size, err := b.calcSize(event) - // If event was correctly serialized, but the size is more than allowed - // and it makes sense to do trimming, i.e. there's a request and/or - // response present, try to strip away request and response. - if err == nil && size > b.c.MaxEventSize && event.Level.GreaterOrEqual(auditinternal.LevelRequest) { - event = truncate(event) - size, err = b.calcSize(event) - } - if err != nil { - errors = append(errors, err) - impacted = append(impacted, event) - continue - } - if size > b.c.MaxEventSize { - errors = append(errors, fmt.Errorf("event is too large even after truncating")) - impacted = append(impacted, event) - continue - } - - if len(batch) > 0 && batchSize+size > b.c.MaxBatchSize { - success = b.delegateBackend.ProcessEvents(batch...) && success - batch = []*auditinternal.Event{} - batchSize = 0 - } - - batchSize += size - batch = append(batch, event) - } - - if len(batch) > 0 { - success = b.delegateBackend.ProcessEvents(batch...) && success - } - - if len(impacted) > 0 { - audit.HandlePluginError(PluginName, utilerrors.NewAggregate(errors), impacted...) - } - return success -} - -// truncate removed request and response objects from the audit events, -// to try and keep at least metadata. -func truncate(e *auditinternal.Event) *auditinternal.Event { - // Make a shallow copy to avoid copying response/request objects. - newEvent := &auditinternal.Event{} - *newEvent = *e - - newEvent.RequestObject = nil - newEvent.ResponseObject = nil - - if newEvent.Annotations == nil { - newEvent.Annotations = make(map[string]string) - } - newEvent.Annotations[annotationKey] = annotationValue - - return newEvent -} - -func (b *backend) Run(stopCh <-chan struct{}) error { - return b.delegateBackend.Run(stopCh) -} - -func (b *backend) Shutdown() { - b.delegateBackend.Shutdown() -} - -func (b *backend) calcSize(e *auditinternal.Event) (int64, error) { - s := &sizer{} - if err := b.e.Encode(e, s); err != nil { - return 0, err - } - return s.Size, nil -} - -func (b *backend) String() string { - return fmt.Sprintf("%s<%s>", PluginName, b.delegateBackend) -} - -type sizer struct { - Size int64 -} - -func (s *sizer) Write(p []byte) (n int, err error) { - s.Size += int64(len(p)) - return len(p), nil -} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook.go deleted file mode 100644 index 6355df4038..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook.go +++ /dev/null @@ -1,146 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package webhook implements the audit.Backend interface using HTTP webhooks. -package webhook - -import ( - "context" - "fmt" - "time" - - "go.opentelemetry.io/otel/attribute" - - "k8s.io/apimachinery/pkg/runtime/schema" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/wait" - auditinternal "k8s.io/apiserver/pkg/apis/audit" - "k8s.io/apiserver/pkg/apis/audit/install" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/client-go/rest" - "k8s.io/component-base/tracing" -) - -const ( - // PluginName is the name of this plugin, to be used in help and logs. - PluginName = "webhook" - - // DefaultInitialBackoffDelay is the default amount of time to wait before - // retrying sending audit events through a webhook. - DefaultInitialBackoffDelay = 10 * time.Second -) - -func init() { - install.Install(audit.Scheme) -} - -// retryOnError enforces the webhook client to retry requests -// on error regardless of its nature. -// The default implementation considers a very limited set of -// 'retriable' errors, assuming correct use of HTTP codes by -// external webhooks. -// That may easily lead to dropped audit events. In fact, there is -// hardly any error that could be a justified reason NOT to retry -// sending audit events if there is even a slight chance that the -// receiving service gets back to normal at some point. -func retryOnError(err error) bool { - if err != nil { - return true - } - return false -} - -func loadWebhook(configFile string, groupVersion schema.GroupVersion, retryBackoff wait.Backoff, customDial utilnet.DialFunc) (*webhook.GenericWebhook, error) { - clientConfig, err := webhook.LoadKubeconfig(configFile, customDial) - if err != nil { - return nil, err - } - w, err := webhook.NewGenericWebhook(audit.Scheme, audit.Codecs, clientConfig, - []schema.GroupVersion{groupVersion}, retryBackoff) - if err != nil { - return nil, err - } - - w.ShouldRetry = retryOnError - return w, nil -} - -type backend struct { - w *webhook.GenericWebhook - name string -} - -// NewDynamicBackend returns an audit backend configured from a REST client that -// sends events over HTTP to an external service. -func NewDynamicBackend(rc *rest.RESTClient, retryBackoff wait.Backoff) audit.Backend { - return &backend{ - w: &webhook.GenericWebhook{ - RestClient: rc, - RetryBackoff: retryBackoff, - ShouldRetry: retryOnError, - }, - name: fmt.Sprintf("dynamic_%s", PluginName), - } -} - -// NewBackend returns an audit backend that sends events over HTTP to an external service. -func NewBackend(kubeConfigFile string, groupVersion schema.GroupVersion, retryBackoff wait.Backoff, customDial utilnet.DialFunc) (audit.Backend, error) { - w, err := loadWebhook(kubeConfigFile, groupVersion, retryBackoff, customDial) - if err != nil { - return nil, err - } - return &backend{w: w, name: PluginName}, nil -} - -func (b *backend) Run(stopCh <-chan struct{}) error { - return nil -} - -func (b *backend) Shutdown() { - // nothing to do here -} - -func (b *backend) ProcessEvents(ev ...*auditinternal.Event) bool { - if err := b.processEvents(ev...); err != nil { - audit.HandlePluginError(b.String(), err, ev...) - return false - } - return true -} - -func (b *backend) processEvents(ev ...*auditinternal.Event) error { - var list auditinternal.EventList - for _, e := range ev { - list.Items = append(list.Items, *e) - } - return b.w.WithExponentialBackoff(context.Background(), func() rest.Result { - ctx, span := tracing.Start(context.Background(), "Call Audit Events webhook", - attribute.String("name", b.name), - attribute.Int("event-count", len(list.Items)), - ) - // Only log audit webhook traces that exceed a 25ms per object limit plus a 50ms - // request overhead allowance. The high per object limit used here is primarily to - // allow enough time for the serialization/deserialization of audit events, which - // contain nested request and response objects plus additional event fields. - defer span.End(time.Duration(50+25*len(list.Items)) * time.Millisecond) - return b.w.RestClient.Post().Body(&list).Do(ctx) - }).Error() -} - -func (b *backend) String() string { - return b.name -} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go deleted file mode 100644 index 03f294abdc..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go +++ /dev/null @@ -1,708 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -/* -oidc implements the authenticator.Token interface using the OpenID Connect protocol. - - config := oidc.Options{ - IssuerURL: "https://accounts.google.com", - ClientID: os.Getenv("GOOGLE_CLIENT_ID"), - UsernameClaim: "email", - } - tokenAuthenticator, err := oidc.New(config) -*/ -package oidc - -import ( - "context" - "crypto/tls" - "crypto/x509" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "io/ioutil" - "net/http" - "net/url" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/coreos/go-oidc" - - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" - certutil "k8s.io/client-go/util/cert" - "k8s.io/klog/v2" -) - -var ( - // synchronizeTokenIDVerifierForTest should be set to true to force a - // wait until the token ID verifiers are ready. - synchronizeTokenIDVerifierForTest = false -) - -type Options struct { - // IssuerURL is the URL the provider signs ID Tokens as. This will be the "iss" - // field of all tokens produced by the provider and is used for configuration - // discovery. - // - // The URL is usually the provider's URL without a path, for example - // "https://accounts.google.com" or "https://login.salesforce.com". - // - // The provider must implement configuration discovery. - // See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig - IssuerURL string - - // Optional KeySet to allow for synchronous initialization instead of fetching from the remote issuer. - KeySet oidc.KeySet - - // ClientID the JWT must be issued for, the "sub" field. This plugin only trusts a single - // client to ensure the plugin can be used with public providers. - // - // The plugin supports the "authorized party" OpenID Connect claim, which allows - // specialized providers to issue tokens to a client for a different client. - // See: https://openid.net/specs/openid-connect-core-1_0.html#IDToken - ClientID string - - // PEM encoded root certificate contents of the provider. Mutually exclusive with Client. - CAContentProvider CAContentProvider - - // Optional http.Client used to make all requests to the remote issuer. Mutually exclusive with CAContentProvider. - Client *http.Client - - // UsernameClaim is the JWT field to use as the user's username. - UsernameClaim string - - // UsernamePrefix, if specified, causes claims mapping to username to be prefix with - // the provided value. A value "oidc:" would result in usernames like "oidc:john". - UsernamePrefix string - - // GroupsClaim, if specified, causes the OIDCAuthenticator to try to populate the user's - // groups with an ID Token field. If the GroupsClaim field is present in an ID Token the value - // must be a string or list of strings. - GroupsClaim string - - // GroupsPrefix, if specified, causes claims mapping to group names to be prefixed with the - // value. A value "oidc:" would result in groups like "oidc:engineering" and "oidc:marketing". - GroupsPrefix string - - // SupportedSigningAlgs sets the accepted set of JOSE signing algorithms that - // can be used by the provider to sign tokens. - // - // https://tools.ietf.org/html/rfc7518#section-3.1 - // - // This value defaults to RS256, the value recommended by the OpenID Connect - // spec: - // - // https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation - SupportedSigningAlgs []string - - // RequiredClaims, if specified, causes the OIDCAuthenticator to verify that all the - // required claims key value pairs are present in the ID Token. - RequiredClaims map[string]string - - // now is used for testing. It defaults to time.Now. - now func() time.Time -} - -// Subset of dynamiccertificates.CAContentProvider that can be used to dynamically load root CAs. -type CAContentProvider interface { - CurrentCABundleContent() []byte -} - -// initVerifier creates a new ID token verifier for the given configuration and issuer URL. On success, calls setVerifier with the -// resulting verifier. -func initVerifier(ctx context.Context, config *oidc.Config, iss string) (*oidc.IDTokenVerifier, error) { - provider, err := oidc.NewProvider(ctx, iss) - if err != nil { - return nil, fmt.Errorf("init verifier failed: %v", err) - } - return provider.Verifier(config), nil -} - -// asyncIDTokenVerifier is an ID token verifier that allows async initialization -// of the issuer check. Must be passed by reference as it wraps sync.Mutex. -type asyncIDTokenVerifier struct { - m sync.Mutex - - // v is the ID token verifier initialized asynchronously. It remains nil - // up until it is eventually initialized. - // Guarded by m - v *oidc.IDTokenVerifier -} - -// newAsyncIDTokenVerifier creates a new asynchronous token verifier. The -// verifier is available immediately, but may remain uninitialized for some time -// after creation. -func newAsyncIDTokenVerifier(ctx context.Context, c *oidc.Config, iss string) *asyncIDTokenVerifier { - t := &asyncIDTokenVerifier{} - - sync := make(chan struct{}) - // Polls indefinitely in an attempt to initialize the distributed claims - // verifier, or until context canceled. - initFn := func() (done bool, err error) { - klog.V(4).Infof("oidc authenticator: attempting init: iss=%v", iss) - v, err := initVerifier(ctx, c, iss) - if err != nil { - klog.Errorf("oidc authenticator: async token verifier for issuer: %q: %v", iss, err) - return false, nil - } - t.m.Lock() - defer t.m.Unlock() - t.v = v - close(sync) - return true, nil - } - - go func() { - if done, _ := initFn(); !done { - go wait.PollUntil(time.Second*10, initFn, ctx.Done()) - } - }() - - if synchronizeTokenIDVerifierForTest { - <-sync - } - - return t -} - -// verifier returns the underlying ID token verifier, or nil if one is not yet initialized. -func (a *asyncIDTokenVerifier) verifier() *oidc.IDTokenVerifier { - a.m.Lock() - defer a.m.Unlock() - return a.v -} - -type Authenticator struct { - issuerURL string - - usernameClaim string - usernamePrefix string - groupsClaim string - groupsPrefix string - requiredClaims map[string]string - - // Contains an *oidc.IDTokenVerifier. Do not access directly use the - // idTokenVerifier method. - verifier atomic.Value - - cancel context.CancelFunc - - // resolver is used to resolve distributed claims. - resolver *claimResolver -} - -func (a *Authenticator) setVerifier(v *oidc.IDTokenVerifier) { - a.verifier.Store(v) -} - -func (a *Authenticator) idTokenVerifier() (*oidc.IDTokenVerifier, bool) { - if v := a.verifier.Load(); v != nil { - return v.(*oidc.IDTokenVerifier), true - } - return nil, false -} - -func (a *Authenticator) Close() { - a.cancel() -} - -// whitelist of signing algorithms to ensure users don't mistakenly pass something -// goofy. -var allowedSigningAlgs = map[string]bool{ - oidc.RS256: true, - oidc.RS384: true, - oidc.RS512: true, - oidc.ES256: true, - oidc.ES384: true, - oidc.ES512: true, - oidc.PS256: true, - oidc.PS384: true, - oidc.PS512: true, -} - -func New(opts Options) (*Authenticator, error) { - url, err := url.Parse(opts.IssuerURL) - if err != nil { - return nil, err - } - - if url.Scheme != "https" { - return nil, fmt.Errorf("'oidc-issuer-url' (%q) has invalid scheme (%q), require 'https'", opts.IssuerURL, url.Scheme) - } - - if opts.UsernameClaim == "" { - return nil, errors.New("no username claim provided") - } - - supportedSigningAlgs := opts.SupportedSigningAlgs - if len(supportedSigningAlgs) == 0 { - // RS256 is the default recommended by OpenID Connect and an 'alg' value - // providers are required to implement. - supportedSigningAlgs = []string{oidc.RS256} - } - for _, alg := range supportedSigningAlgs { - if !allowedSigningAlgs[alg] { - return nil, fmt.Errorf("oidc: unsupported signing alg: %q", alg) - } - } - - if opts.Client != nil && opts.CAContentProvider != nil { - return nil, fmt.Errorf("oidc: Client and CAContentProvider are mutually exclusive") - } - - client := opts.Client - - if client == nil { - var roots *x509.CertPool - if opts.CAContentProvider != nil { - // TODO(enj): make this reload CA data dynamically - roots, err = certutil.NewPoolFromBytes(opts.CAContentProvider.CurrentCABundleContent()) - if err != nil { - return nil, fmt.Errorf("Failed to read the CA contents: %v", err) - } - } else { - klog.Info("OIDC: No x509 certificates provided, will use host's root CA set") - } - - // Copied from http.DefaultTransport. - tr := net.SetTransportDefaults(&http.Transport{ - // According to golang's doc, if RootCAs is nil, - // TLS uses the host's root CA set. - TLSClientConfig: &tls.Config{RootCAs: roots}, - }) - - client = &http.Client{Transport: tr, Timeout: 30 * time.Second} - } - - ctx, cancel := context.WithCancel(context.Background()) - ctx = oidc.ClientContext(ctx, client) - - now := opts.now - if now == nil { - now = time.Now - } - - verifierConfig := &oidc.Config{ - ClientID: opts.ClientID, - SupportedSigningAlgs: supportedSigningAlgs, - Now: now, - } - - var resolver *claimResolver - if opts.GroupsClaim != "" { - resolver = newClaimResolver(opts.GroupsClaim, client, verifierConfig) - } - - authenticator := &Authenticator{ - issuerURL: opts.IssuerURL, - usernameClaim: opts.UsernameClaim, - usernamePrefix: opts.UsernamePrefix, - groupsClaim: opts.GroupsClaim, - groupsPrefix: opts.GroupsPrefix, - requiredClaims: opts.RequiredClaims, - cancel: cancel, - resolver: resolver, - } - - if opts.KeySet != nil { - // We already have a key set, synchronously initialize the verifier. - authenticator.setVerifier(oidc.NewVerifier(opts.IssuerURL, opts.KeySet, verifierConfig)) - } else { - // Asynchronously attempt to initialize the authenticator. This enables - // self-hosted providers, providers that run on top of Kubernetes itself. - go wait.PollImmediateUntil(10*time.Second, func() (done bool, err error) { - provider, err := oidc.NewProvider(ctx, opts.IssuerURL) - if err != nil { - klog.Errorf("oidc authenticator: initializing plugin: %v", err) - return false, nil - } - - verifier := provider.Verifier(verifierConfig) - authenticator.setVerifier(verifier) - return true, nil - }, ctx.Done()) - } - - return authenticator, nil -} - -// untrustedIssuer extracts an untrusted "iss" claim from the given JWT token, -// or returns an error if the token can not be parsed. Since the JWT is not -// verified, the returned issuer should not be trusted. -func untrustedIssuer(token string) (string, error) { - parts := strings.Split(token, ".") - if len(parts) != 3 { - return "", fmt.Errorf("malformed token") - } - payload, err := base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return "", fmt.Errorf("error decoding token: %v", err) - } - claims := struct { - // WARNING: this JWT is not verified. Do not trust these claims. - Issuer string `json:"iss"` - }{} - if err := json.Unmarshal(payload, &claims); err != nil { - return "", fmt.Errorf("while unmarshaling token: %v", err) - } - // Coalesce the legacy GoogleIss with the new one. - // - // http://openid.net/specs/openid-connect-core-1_0.html#GoogleIss - if claims.Issuer == "accounts.google.com" { - return "https://accounts.google.com", nil - } - return claims.Issuer, nil -} - -func hasCorrectIssuer(iss, tokenData string) bool { - uiss, err := untrustedIssuer(tokenData) - if err != nil { - return false - } - if uiss != iss { - return false - } - return true -} - -// endpoint represents an OIDC distributed claims endpoint. -type endpoint struct { - // URL to use to request the distributed claim. This URL is expected to be - // prefixed by one of the known issuer URLs. - URL string `json:"endpoint,omitempty"` - // AccessToken is the bearer token to use for access. If empty, it is - // not used. Access token is optional per the OIDC distributed claims - // specification. - // See: http://openid.net/specs/openid-connect-core-1_0.html#DistributedExample - AccessToken string `json:"access_token,omitempty"` - // JWT is the container for aggregated claims. Not supported at the moment. - // See: http://openid.net/specs/openid-connect-core-1_0.html#AggregatedExample - JWT string `json:"JWT,omitempty"` -} - -// claimResolver expands distributed claims by calling respective claim source -// endpoints. -type claimResolver struct { - // claim is the distributed claim that may be resolved. - claim string - - // client is the to use for resolving distributed claims - client *http.Client - - // config is the OIDC configuration used for resolving distributed claims. - config *oidc.Config - - // verifierPerIssuer contains, for each issuer, the appropriate verifier to use - // for this claim. It is assumed that there will be very few entries in - // this map. - // Guarded by m. - verifierPerIssuer map[string]*asyncIDTokenVerifier - - m sync.Mutex -} - -// newClaimResolver creates a new resolver for distributed claims. -func newClaimResolver(claim string, client *http.Client, config *oidc.Config) *claimResolver { - return &claimResolver{claim: claim, client: client, config: config, verifierPerIssuer: map[string]*asyncIDTokenVerifier{}} -} - -// Verifier returns either the verifier for the specified issuer, or error. -func (r *claimResolver) Verifier(iss string) (*oidc.IDTokenVerifier, error) { - r.m.Lock() - av := r.verifierPerIssuer[iss] - if av == nil { - // This lazy init should normally be very quick. - // TODO: Make this context cancelable. - ctx := oidc.ClientContext(context.Background(), r.client) - av = newAsyncIDTokenVerifier(ctx, r.config, iss) - r.verifierPerIssuer[iss] = av - } - r.m.Unlock() - - v := av.verifier() - if v == nil { - return nil, fmt.Errorf("verifier not initialized for issuer: %q", iss) - } - return v, nil -} - -// expand extracts the distributed claims from claim names and claim sources. -// The extracted claim value is pulled up into the supplied claims. -// -// Distributed claims are of the form as seen below, and are defined in the -// OIDC Connect Core 1.0, section 5.6.2. -// See: https://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims -// -// { -// ... (other normal claims)... -// "_claim_names": { -// "groups": "src1" -// }, -// "_claim_sources": { -// "src1": { -// "endpoint": "https://www.example.com", -// "access_token": "f005ba11" -// }, -// }, -// } -func (r *claimResolver) expand(c claims) error { - const ( - // The claim containing a map of endpoint references per claim. - // OIDC Connect Core 1.0, section 5.6.2. - claimNamesKey = "_claim_names" - // The claim containing endpoint specifications. - // OIDC Connect Core 1.0, section 5.6.2. - claimSourcesKey = "_claim_sources" - ) - - _, ok := c[r.claim] - if ok { - // There already is a normal claim, skip resolving. - return nil - } - names, ok := c[claimNamesKey] - if !ok { - // No _claim_names, no keys to look up. - return nil - } - - claimToSource := map[string]string{} - if err := json.Unmarshal([]byte(names), &claimToSource); err != nil { - return fmt.Errorf("oidc: error parsing distributed claim names: %v", err) - } - - rawSources, ok := c[claimSourcesKey] - if !ok { - // Having _claim_names claim, but no _claim_sources is not an expected - // state. - return fmt.Errorf("oidc: no claim sources") - } - - var sources map[string]endpoint - if err := json.Unmarshal([]byte(rawSources), &sources); err != nil { - // The claims sources claim is malformed, this is not an expected state. - return fmt.Errorf("oidc: could not parse claim sources: %v", err) - } - - src, ok := claimToSource[r.claim] - if !ok { - // No distributed claim present. - return nil - } - ep, ok := sources[src] - if !ok { - return fmt.Errorf("id token _claim_names contained a source %s missing in _claims_sources", src) - } - if ep.URL == "" { - // This is maybe an aggregated claim (ep.JWT != ""). - return nil - } - return r.resolve(ep, c) -} - -// resolve requests distributed claims from all endpoints passed in, -// and inserts the lookup results into allClaims. -func (r *claimResolver) resolve(endpoint endpoint, allClaims claims) error { - // TODO: cache resolved claims. - jwt, err := getClaimJWT(r.client, endpoint.URL, endpoint.AccessToken) - if err != nil { - return fmt.Errorf("while getting distributed claim %q: %v", r.claim, err) - } - untrustedIss, err := untrustedIssuer(jwt) - if err != nil { - return fmt.Errorf("getting untrusted issuer from endpoint %v failed for claim %q: %v", endpoint.URL, r.claim, err) - } - v, err := r.Verifier(untrustedIss) - if err != nil { - return fmt.Errorf("verifying untrusted issuer %v failed: %v", untrustedIss, err) - } - t, err := v.Verify(context.Background(), jwt) - if err != nil { - return fmt.Errorf("verify distributed claim token: %v", err) - } - var distClaims claims - if err := t.Claims(&distClaims); err != nil { - return fmt.Errorf("could not parse distributed claims for claim %v: %v", r.claim, err) - } - value, ok := distClaims[r.claim] - if !ok { - return fmt.Errorf("jwt returned by distributed claim endpoint %q did not contain claim: %v", endpoint.URL, r.claim) - } - allClaims[r.claim] = value - return nil -} - -func (a *Authenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { - if !hasCorrectIssuer(a.issuerURL, token) { - return nil, false, nil - } - - verifier, ok := a.idTokenVerifier() - if !ok { - return nil, false, fmt.Errorf("oidc: authenticator not initialized") - } - - idToken, err := verifier.Verify(ctx, token) - if err != nil { - return nil, false, fmt.Errorf("oidc: verify token: %v", err) - } - - var c claims - if err := idToken.Claims(&c); err != nil { - return nil, false, fmt.Errorf("oidc: parse claims: %v", err) - } - if a.resolver != nil { - if err := a.resolver.expand(c); err != nil { - return nil, false, fmt.Errorf("oidc: could not expand distributed claims: %v", err) - } - } - - var username string - if err := c.unmarshalClaim(a.usernameClaim, &username); err != nil { - return nil, false, fmt.Errorf("oidc: parse username claims %q: %v", a.usernameClaim, err) - } - - if a.usernameClaim == "email" { - // If the email_verified claim is present, ensure the email is valid. - // https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims - if hasEmailVerified := c.hasClaim("email_verified"); hasEmailVerified { - var emailVerified bool - if err := c.unmarshalClaim("email_verified", &emailVerified); err != nil { - return nil, false, fmt.Errorf("oidc: parse 'email_verified' claim: %v", err) - } - - // If the email_verified claim is present we have to verify it is set to `true`. - if !emailVerified { - return nil, false, fmt.Errorf("oidc: email not verified") - } - } - } - - if a.usernamePrefix != "" { - username = a.usernamePrefix + username - } - - info := &user.DefaultInfo{Name: username} - if a.groupsClaim != "" { - if _, ok := c[a.groupsClaim]; ok { - // Some admins want to use string claims like "role" as the group value. - // Allow the group claim to be a single string instead of an array. - // - // See: https://github.com/kubernetes/kubernetes/issues/33290 - var groups stringOrArray - if err := c.unmarshalClaim(a.groupsClaim, &groups); err != nil { - return nil, false, fmt.Errorf("oidc: parse groups claim %q: %v", a.groupsClaim, err) - } - info.Groups = []string(groups) - } - } - - if a.groupsPrefix != "" { - for i, group := range info.Groups { - info.Groups[i] = a.groupsPrefix + group - } - } - - // check to ensure all required claims are present in the ID token and have matching values. - for claim, value := range a.requiredClaims { - if !c.hasClaim(claim) { - return nil, false, fmt.Errorf("oidc: required claim %s not present in ID token", claim) - } - - // NOTE: Only string values are supported as valid required claim values. - var claimValue string - if err := c.unmarshalClaim(claim, &claimValue); err != nil { - return nil, false, fmt.Errorf("oidc: parse claim %s: %v", claim, err) - } - if claimValue != value { - return nil, false, fmt.Errorf("oidc: required claim %s value does not match. Got = %s, want = %s", claim, claimValue, value) - } - } - - return &authenticator.Response{User: info}, true, nil -} - -// getClaimJWT gets a distributed claim JWT from url, using the supplied access -// token as bearer token. If the access token is "", the authorization header -// will not be set. -// TODO: Allow passing in JSON hints to the IDP. -func getClaimJWT(client *http.Client, url, accessToken string) (string, error) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - // TODO: Allow passing request body with configurable information. - req, err := http.NewRequest("GET", url, nil) - if err != nil { - return "", fmt.Errorf("while calling %v: %v", url, err) - } - if accessToken != "" { - req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", accessToken)) - } - req = req.WithContext(ctx) - response, err := client.Do(req) - if err != nil { - return "", err - } - // Report non-OK status code as an error. - if response.StatusCode < http.StatusOK || response.StatusCode > http.StatusIMUsed { - return "", fmt.Errorf("error while getting distributed claim JWT: %v", response.Status) - } - defer response.Body.Close() - responseBytes, err := ioutil.ReadAll(response.Body) - if err != nil { - return "", fmt.Errorf("could not decode distributed claim response") - } - return string(responseBytes), nil -} - -type stringOrArray []string - -func (s *stringOrArray) UnmarshalJSON(b []byte) error { - var a []string - if err := json.Unmarshal(b, &a); err == nil { - *s = a - return nil - } - var str string - if err := json.Unmarshal(b, &str); err != nil { - return err - } - *s = []string{str} - return nil -} - -type claims map[string]json.RawMessage - -func (c claims) unmarshalClaim(name string, v interface{}) error { - val, ok := c[name] - if !ok { - return fmt.Errorf("claim not present") - } - return json.Unmarshal([]byte(val), v) -} - -func (c claims) hasClaim(name string) bool { - if _, ok := c[name]; !ok { - return false - } - return true -} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/metrics.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/metrics.go deleted file mode 100644 index 32e469e80d..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/metrics.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "context" -) - -// AuthenticatorMetrics specifies a set of methods that are used to register various metrics -type AuthenticatorMetrics struct { - // RecordRequestTotal increments the total number of requests for webhooks - RecordRequestTotal func(ctx context.Context, code string) - - // RecordRequestLatency measures request latency in seconds for webhooks. Broken down by status code. - RecordRequestLatency func(ctx context.Context, code string, latency float64) -} - -type noopMetrics struct{} - -func (noopMetrics) RequestTotal(context.Context, string) {} -func (noopMetrics) RequestLatency(context.Context, string, float64) {} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go deleted file mode 100644 index 7d19b4b7ab..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go +++ /dev/null @@ -1,327 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package webhook implements the authenticator.Token interface using HTTP webhooks. -package webhook - -import ( - "context" - "errors" - "fmt" - "strconv" - "time" - - authenticationv1 "k8s.io/api/authentication/v1" - authenticationv1beta1 "k8s.io/api/authentication/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/client-go/kubernetes/scheme" - authenticationv1client "k8s.io/client-go/kubernetes/typed/authentication/v1" - "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -// DefaultRetryBackoff returns the default backoff parameters for webhook retry. -func DefaultRetryBackoff() *wait.Backoff { - backoff := webhook.DefaultRetryBackoffWithInitialDelay(500 * time.Millisecond) - return &backoff -} - -// Ensure WebhookTokenAuthenticator implements the authenticator.Token interface. -var _ authenticator.Token = (*WebhookTokenAuthenticator)(nil) - -type tokenReviewer interface { - Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, int, error) -} - -type WebhookTokenAuthenticator struct { - tokenReview tokenReviewer - retryBackoff wait.Backoff - implicitAuds authenticator.Audiences - requestTimeout time.Duration - metrics AuthenticatorMetrics -} - -// NewFromInterface creates a webhook authenticator using the given tokenReview -// client. It is recommend to wrap this authenticator with the token cache -// authenticator implemented in -// k8s.io/apiserver/pkg/authentication/token/cache. -func NewFromInterface(tokenReview authenticationv1client.AuthenticationV1Interface, implicitAuds authenticator.Audiences, retryBackoff wait.Backoff, requestTimeout time.Duration, metrics AuthenticatorMetrics) (*WebhookTokenAuthenticator, error) { - tokenReviewClient := &tokenReviewV1Client{tokenReview.RESTClient()} - return newWithBackoff(tokenReviewClient, retryBackoff, implicitAuds, requestTimeout, metrics) -} - -// New creates a new WebhookTokenAuthenticator from the provided rest -// config. It is recommend to wrap this authenticator with the token cache -// authenticator implemented in -// k8s.io/apiserver/pkg/authentication/token/cache. -func New(config *rest.Config, version string, implicitAuds authenticator.Audiences, retryBackoff wait.Backoff) (*WebhookTokenAuthenticator, error) { - tokenReview, err := tokenReviewInterfaceFromConfig(config, version, retryBackoff) - if err != nil { - return nil, err - } - return newWithBackoff(tokenReview, retryBackoff, implicitAuds, time.Duration(0), AuthenticatorMetrics{ - RecordRequestTotal: noopMetrics{}.RequestTotal, - RecordRequestLatency: noopMetrics{}.RequestLatency, - }) -} - -// newWithBackoff allows tests to skip the sleep. -func newWithBackoff(tokenReview tokenReviewer, retryBackoff wait.Backoff, implicitAuds authenticator.Audiences, requestTimeout time.Duration, metrics AuthenticatorMetrics) (*WebhookTokenAuthenticator, error) { - return &WebhookTokenAuthenticator{ - tokenReview, - retryBackoff, - implicitAuds, - requestTimeout, - metrics, - }, nil -} - -// AuthenticateToken implements the authenticator.Token interface. -func (w *WebhookTokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { - // We take implicit audiences of the API server at WebhookTokenAuthenticator - // construction time. The outline of how we validate audience here is: - // - // * if the ctx is not audience limited, don't do any audience validation. - // * if ctx is audience-limited, add the audiences to the tokenreview spec - // * if the tokenreview returns with audiences in the status that intersect - // with the audiences in the ctx, copy into the response and return success - // * if the tokenreview returns without an audience in the status, ensure - // the ctx audiences intersect with the implicit audiences, and set the - // intersection in the response. - // * otherwise return unauthenticated. - wantAuds, checkAuds := authenticator.AudiencesFrom(ctx) - r := &authenticationv1.TokenReview{ - Spec: authenticationv1.TokenReviewSpec{ - Token: token, - Audiences: wantAuds, - }, - } - var ( - result *authenticationv1.TokenReview - auds authenticator.Audiences - cancel context.CancelFunc - ) - - // set a hard timeout if it was defined - // if the child has a shorter deadline then it will expire first, - // otherwise if the parent has a shorter deadline then the parent will expire and it will be propagate to the child - if w.requestTimeout > 0 { - ctx, cancel = context.WithTimeout(ctx, w.requestTimeout) - defer cancel() - } - - // WithExponentialBackoff will return tokenreview create error (tokenReviewErr) if any. - if err := webhook.WithExponentialBackoff(ctx, w.retryBackoff, func() error { - var tokenReviewErr error - var statusCode int - - start := time.Now() - result, statusCode, tokenReviewErr = w.tokenReview.Create(ctx, r, metav1.CreateOptions{}) - latency := time.Since(start) - - if statusCode != 0 { - w.metrics.RecordRequestTotal(ctx, strconv.Itoa(statusCode)) - w.metrics.RecordRequestLatency(ctx, strconv.Itoa(statusCode), latency.Seconds()) - return tokenReviewErr - } - - if tokenReviewErr != nil { - w.metrics.RecordRequestTotal(ctx, "<error>") - w.metrics.RecordRequestLatency(ctx, "<error>", latency.Seconds()) - } - return tokenReviewErr - }, webhook.DefaultShouldRetry); err != nil { - // An error here indicates bad configuration or an outage. Log for debugging. - klog.Errorf("Failed to make webhook authenticator request: %v", err) - return nil, false, err - } - - if checkAuds { - gotAuds := w.implicitAuds - if len(result.Status.Audiences) > 0 { - gotAuds = result.Status.Audiences - } - auds = wantAuds.Intersect(gotAuds) - if len(auds) == 0 { - return nil, false, nil - } - } - - r.Status = result.Status - if !r.Status.Authenticated { - var err error - if len(r.Status.Error) != 0 { - err = errors.New(r.Status.Error) - } - return nil, false, err - } - - var extra map[string][]string - if r.Status.User.Extra != nil { - extra = map[string][]string{} - for k, v := range r.Status.User.Extra { - extra[k] = v - } - } - - return &authenticator.Response{ - User: &user.DefaultInfo{ - Name: r.Status.User.Username, - UID: r.Status.User.UID, - Groups: r.Status.User.Groups, - Extra: extra, - }, - Audiences: auds, - }, true, nil -} - -// tokenReviewInterfaceFromConfig builds a client from the specified kubeconfig file, -// and returns a TokenReviewInterface that uses that client. Note that the client submits TokenReview -// requests to the exact path specified in the kubeconfig file, so arbitrary non-API servers can be targeted. -func tokenReviewInterfaceFromConfig(config *rest.Config, version string, retryBackoff wait.Backoff) (tokenReviewer, error) { - localScheme := runtime.NewScheme() - if err := scheme.AddToScheme(localScheme); err != nil { - return nil, err - } - - switch version { - case authenticationv1.SchemeGroupVersion.Version: - groupVersions := []schema.GroupVersion{authenticationv1.SchemeGroupVersion} - if err := localScheme.SetVersionPriority(groupVersions...); err != nil { - return nil, err - } - gw, err := webhook.NewGenericWebhook(localScheme, scheme.Codecs, config, groupVersions, retryBackoff) - if err != nil { - return nil, err - } - return &tokenReviewV1ClientGW{gw.RestClient}, nil - - case authenticationv1beta1.SchemeGroupVersion.Version: - groupVersions := []schema.GroupVersion{authenticationv1beta1.SchemeGroupVersion} - if err := localScheme.SetVersionPriority(groupVersions...); err != nil { - return nil, err - } - gw, err := webhook.NewGenericWebhook(localScheme, scheme.Codecs, config, groupVersions, retryBackoff) - if err != nil { - return nil, err - } - return &tokenReviewV1beta1ClientGW{gw.RestClient}, nil - - default: - return nil, fmt.Errorf( - "unsupported authentication webhook version %q, supported versions are %q, %q", - version, - authenticationv1.SchemeGroupVersion.Version, - authenticationv1beta1.SchemeGroupVersion.Version, - ) - } - -} - -type tokenReviewV1Client struct { - client rest.Interface -} - -// Create takes the representation of a tokenReview and creates it. Returns the server's representation of the tokenReview, HTTP status code and an error, if there is any. -func (c *tokenReviewV1Client) Create(ctx context.Context, tokenReview *authenticationv1.TokenReview, opts metav1.CreateOptions) (result *authenticationv1.TokenReview, statusCode int, err error) { - result = &authenticationv1.TokenReview{} - - restResult := c.client.Post(). - Resource("tokenreviews"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenReview). - Do(ctx) - - restResult.StatusCode(&statusCode) - err = restResult.Into(result) - return -} - -// tokenReviewV1ClientGW used by the generic webhook, doesn't specify GVR. -type tokenReviewV1ClientGW struct { - client rest.Interface -} - -// Create takes the representation of a tokenReview and creates it. Returns the server's representation of the tokenReview, HTTP status code and an error, if there is any. -func (c *tokenReviewV1ClientGW) Create(ctx context.Context, tokenReview *authenticationv1.TokenReview, opts metav1.CreateOptions) (result *authenticationv1.TokenReview, statusCode int, err error) { - result = &authenticationv1.TokenReview{} - - restResult := c.client.Post(). - Body(tokenReview). - Do(ctx) - - restResult.StatusCode(&statusCode) - err = restResult.Into(result) - return -} - -// tokenReviewV1beta1ClientGW used by the generic webhook, doesn't specify GVR. -type tokenReviewV1beta1ClientGW struct { - client rest.Interface -} - -func (t *tokenReviewV1beta1ClientGW) Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, int, error) { - var statusCode int - v1beta1Review := &authenticationv1beta1.TokenReview{Spec: v1SpecToV1beta1Spec(&review.Spec)} - v1beta1Result := &authenticationv1beta1.TokenReview{} - - restResult := t.client.Post().Body(v1beta1Review).Do(ctx) - restResult.StatusCode(&statusCode) - err := restResult.Into(v1beta1Result) - if err != nil { - return nil, statusCode, err - } - review.Status = v1beta1StatusToV1Status(&v1beta1Result.Status) - return review, statusCode, nil -} - -func v1SpecToV1beta1Spec(in *authenticationv1.TokenReviewSpec) authenticationv1beta1.TokenReviewSpec { - return authenticationv1beta1.TokenReviewSpec{ - Token: in.Token, - Audiences: in.Audiences, - } -} - -func v1beta1StatusToV1Status(in *authenticationv1beta1.TokenReviewStatus) authenticationv1.TokenReviewStatus { - return authenticationv1.TokenReviewStatus{ - Authenticated: in.Authenticated, - User: v1beta1UserToV1User(in.User), - Audiences: in.Audiences, - Error: in.Error, - } -} - -func v1beta1UserToV1User(u authenticationv1beta1.UserInfo) authenticationv1.UserInfo { - var extra map[string]authenticationv1.ExtraValue - if u.Extra != nil { - extra = make(map[string]authenticationv1.ExtraValue, len(u.Extra)) - for k, v := range u.Extra { - extra[k] = authenticationv1.ExtraValue(v) - } - } - return authenticationv1.UserInfo{ - Username: u.Username, - UID: u.UID, - Groups: u.Groups, - Extra: extra, - } -} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/gencerts.sh b/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/gencerts.sh deleted file mode 100644 index a66f8f381e..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/gencerts.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2016 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -# gencerts.sh generates the certificates for the webhook authz plugin tests. -# -# It is not expected to be run often (there is no go generate rule), and mainly -# exists for documentation purposes. - -cat > server.conf << EOF -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth -subjectAltName = @alt_names -[alt_names] -IP.1 = 127.0.0.1 -EOF - -cat > client.conf << EOF -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth -EOF - -# Create a certificate authority -openssl genrsa -out caKey.pem 2048 -openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=webhook_authz_ca" - -# Create a second certificate authority -openssl genrsa -out badCAKey.pem 2048 -openssl req -x509 -new -nodes -key badCAKey.pem -days 100000 -out badCACert.pem -subj "/CN=webhook_authz_ca" - -# Create a server certiticate -openssl genrsa -out serverKey.pem 2048 -openssl req -new -key serverKey.pem -out server.csr -subj "/CN=webhook_authz_server" -config server.conf -openssl x509 -req -in server.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCert.pem -days 100000 -extensions v3_req -extfile server.conf - -# Create a client certiticate -openssl genrsa -out clientKey.pem 2048 -openssl req -new -key clientKey.pem -out client.csr -subj "/CN=webhook_authz_client" -config client.conf -openssl x509 -req -in client.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out clientCert.pem -days 100000 -extensions v3_req -extfile client.conf - -outfile=certs_test.go - -cat > $outfile << EOF -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file was generated using openssl by the gencerts.sh script -// and holds raw certificates for the webhook tests. - -package webhook -EOF - -for file in caKey caCert badCAKey badCACert serverKey serverCert clientKey clientCert; do - data=$(cat ${file}.pem) - echo "" >> $outfile - echo "var $file = []byte(\`$data\`)" >> $outfile -done - -# Clean up after we're done. -rm ./*.pem -rm ./*.csr -rm ./*.srl -rm ./*.conf diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics.go deleted file mode 100644 index 0912378b17..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "context" -) - -// AuthorizerMetrics specifies a set of methods that are used to register various metrics for the webhook authorizer -type AuthorizerMetrics struct { - // RecordRequestTotal increments the total number of requests for the webhook authorizer - RecordRequestTotal func(ctx context.Context, code string) - - // RecordRequestLatency measures request latency in seconds for webhooks. Broken down by status code. - RecordRequestLatency func(ctx context.Context, code string, latency float64) -} - -type noopMetrics struct{} - -func (noopMetrics) RecordRequestTotal(context.Context, string) {} -func (noopMetrics) RecordRequestLatency(context.Context, string, float64) {} diff --git a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go b/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go deleted file mode 100644 index 191b373185..0000000000 --- a/etcd/vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go +++ /dev/null @@ -1,436 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package webhook implements the authorizer.Authorizer interface using HTTP webhooks. -package webhook - -import ( - "context" - "encoding/json" - "fmt" - "strconv" - "time" - - authorizationv1 "k8s.io/api/authorization/v1" - authorizationv1beta1 "k8s.io/api/authorization/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/cache" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/client-go/kubernetes/scheme" - authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1" - "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -const ( - // The maximum length of requester-controlled attributes to allow caching. - maxControlledAttrCacheSize = 10000 -) - -// DefaultRetryBackoff returns the default backoff parameters for webhook retry. -func DefaultRetryBackoff() *wait.Backoff { - backoff := webhook.DefaultRetryBackoffWithInitialDelay(500 * time.Millisecond) - return &backoff -} - -// Ensure Webhook implements the authorizer.Authorizer interface. -var _ authorizer.Authorizer = (*WebhookAuthorizer)(nil) - -type subjectAccessReviewer interface { - Create(context.Context, *authorizationv1.SubjectAccessReview, metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, int, error) -} - -type WebhookAuthorizer struct { - subjectAccessReview subjectAccessReviewer - responseCache *cache.LRUExpireCache - authorizedTTL time.Duration - unauthorizedTTL time.Duration - retryBackoff wait.Backoff - decisionOnError authorizer.Decision - metrics AuthorizerMetrics -} - -// NewFromInterface creates a WebhookAuthorizer using the given subjectAccessReview client -func NewFromInterface(subjectAccessReview authorizationv1client.AuthorizationV1Interface, authorizedTTL, unauthorizedTTL time.Duration, retryBackoff wait.Backoff, metrics AuthorizerMetrics) (*WebhookAuthorizer, error) { - return newWithBackoff(&subjectAccessReviewV1Client{subjectAccessReview.RESTClient()}, authorizedTTL, unauthorizedTTL, retryBackoff, metrics) -} - -// New creates a new WebhookAuthorizer from the provided kubeconfig file. -// The config's cluster field is used to refer to the remote service, user refers to the returned authorizer. -// -// # clusters refers to the remote service. -// clusters: -// - name: name-of-remote-authz-service -// cluster: -// certificate-authority: /path/to/ca.pem # CA for verifying the remote service. -// server: https://authz.example.com/authorize # URL of remote service to query. Must use 'https'. -// -// # users refers to the API server's webhook configuration. -// users: -// - name: name-of-api-server -// user: -// client-certificate: /path/to/cert.pem # cert for the webhook plugin to use -// client-key: /path/to/key.pem # key matching the cert -// -// For additional HTTP configuration, refer to the kubeconfig documentation -// https://kubernetes.io/docs/user-guide/kubeconfig-file/. -func New(config *rest.Config, version string, authorizedTTL, unauthorizedTTL time.Duration, retryBackoff wait.Backoff) (*WebhookAuthorizer, error) { - subjectAccessReview, err := subjectAccessReviewInterfaceFromConfig(config, version, retryBackoff) - if err != nil { - return nil, err - } - return newWithBackoff(subjectAccessReview, authorizedTTL, unauthorizedTTL, retryBackoff, AuthorizerMetrics{ - RecordRequestTotal: noopMetrics{}.RecordRequestTotal, - RecordRequestLatency: noopMetrics{}.RecordRequestLatency, - }) -} - -// newWithBackoff allows tests to skip the sleep. -func newWithBackoff(subjectAccessReview subjectAccessReviewer, authorizedTTL, unauthorizedTTL time.Duration, retryBackoff wait.Backoff, metrics AuthorizerMetrics) (*WebhookAuthorizer, error) { - return &WebhookAuthorizer{ - subjectAccessReview: subjectAccessReview, - responseCache: cache.NewLRUExpireCache(8192), - authorizedTTL: authorizedTTL, - unauthorizedTTL: unauthorizedTTL, - retryBackoff: retryBackoff, - decisionOnError: authorizer.DecisionNoOpinion, - metrics: metrics, - }, nil -} - -// Authorize makes a REST request to the remote service describing the attempted action as a JSON -// serialized api.authorization.v1beta1.SubjectAccessReview object. An example request body is -// provided below. -// -// { -// "apiVersion": "authorization.k8s.io/v1beta1", -// "kind": "SubjectAccessReview", -// "spec": { -// "resourceAttributes": { -// "namespace": "kittensandponies", -// "verb": "GET", -// "group": "group3", -// "resource": "pods" -// }, -// "user": "jane", -// "group": [ -// "group1", -// "group2" -// ] -// } -// } -// -// The remote service is expected to fill the SubjectAccessReviewStatus field to either allow or -// disallow access. A permissive response would return: -// -// { -// "apiVersion": "authorization.k8s.io/v1beta1", -// "kind": "SubjectAccessReview", -// "status": { -// "allowed": true -// } -// } -// -// To disallow access, the remote service would return: -// -// { -// "apiVersion": "authorization.k8s.io/v1beta1", -// "kind": "SubjectAccessReview", -// "status": { -// "allowed": false, -// "reason": "user does not have read access to the namespace" -// } -// } -// -// TODO(mikedanese): We should eventually support failing closed when we -// encounter an error. We are failing open now to preserve backwards compatible -// behavior. -func (w *WebhookAuthorizer) Authorize(ctx context.Context, attr authorizer.Attributes) (decision authorizer.Decision, reason string, err error) { - r := &authorizationv1.SubjectAccessReview{} - if user := attr.GetUser(); user != nil { - r.Spec = authorizationv1.SubjectAccessReviewSpec{ - User: user.GetName(), - UID: user.GetUID(), - Groups: user.GetGroups(), - Extra: convertToSARExtra(user.GetExtra()), - } - } - - if attr.IsResourceRequest() { - r.Spec.ResourceAttributes = &authorizationv1.ResourceAttributes{ - Namespace: attr.GetNamespace(), - Verb: attr.GetVerb(), - Group: attr.GetAPIGroup(), - Version: attr.GetAPIVersion(), - Resource: attr.GetResource(), - Subresource: attr.GetSubresource(), - Name: attr.GetName(), - } - } else { - r.Spec.NonResourceAttributes = &authorizationv1.NonResourceAttributes{ - Path: attr.GetPath(), - Verb: attr.GetVerb(), - } - } - key, err := json.Marshal(r.Spec) - if err != nil { - return w.decisionOnError, "", err - } - if entry, ok := w.responseCache.Get(string(key)); ok { - r.Status = entry.(authorizationv1.SubjectAccessReviewStatus) - } else { - var result *authorizationv1.SubjectAccessReview - // WithExponentialBackoff will return SAR create error (sarErr) if any. - if err := webhook.WithExponentialBackoff(ctx, w.retryBackoff, func() error { - var sarErr error - var statusCode int - - start := time.Now() - result, statusCode, sarErr = w.subjectAccessReview.Create(ctx, r, metav1.CreateOptions{}) - latency := time.Since(start) - - if statusCode != 0 { - w.metrics.RecordRequestTotal(ctx, strconv.Itoa(statusCode)) - w.metrics.RecordRequestLatency(ctx, strconv.Itoa(statusCode), latency.Seconds()) - return sarErr - } - - if sarErr != nil { - w.metrics.RecordRequestTotal(ctx, "<error>") - w.metrics.RecordRequestLatency(ctx, "<error>", latency.Seconds()) - } - - return sarErr - }, webhook.DefaultShouldRetry); err != nil { - klog.Errorf("Failed to make webhook authorizer request: %v", err) - return w.decisionOnError, "", err - } - - r.Status = result.Status - if shouldCache(attr) { - if r.Status.Allowed { - w.responseCache.Add(string(key), r.Status, w.authorizedTTL) - } else { - w.responseCache.Add(string(key), r.Status, w.unauthorizedTTL) - } - } - } - switch { - case r.Status.Denied && r.Status.Allowed: - return authorizer.DecisionDeny, r.Status.Reason, fmt.Errorf("webhook subject access review returned both allow and deny response") - case r.Status.Denied: - return authorizer.DecisionDeny, r.Status.Reason, nil - case r.Status.Allowed: - return authorizer.DecisionAllow, r.Status.Reason, nil - default: - return authorizer.DecisionNoOpinion, r.Status.Reason, nil - } - -} - -// TODO: need to finish the method to get the rules when using webhook mode -func (w *WebhookAuthorizer) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { - var ( - resourceRules []authorizer.ResourceRuleInfo - nonResourceRules []authorizer.NonResourceRuleInfo - ) - incomplete := true - return resourceRules, nonResourceRules, incomplete, fmt.Errorf("webhook authorizer does not support user rule resolution") -} - -func convertToSARExtra(extra map[string][]string) map[string]authorizationv1.ExtraValue { - if extra == nil { - return nil - } - ret := map[string]authorizationv1.ExtraValue{} - for k, v := range extra { - ret[k] = authorizationv1.ExtraValue(v) - } - - return ret -} - -// subjectAccessReviewInterfaceFromConfig builds a client from the specified kubeconfig file, -// and returns a SubjectAccessReviewInterface that uses that client. Note that the client submits SubjectAccessReview -// requests to the exact path specified in the kubeconfig file, so arbitrary non-API servers can be targeted. -func subjectAccessReviewInterfaceFromConfig(config *rest.Config, version string, retryBackoff wait.Backoff) (subjectAccessReviewer, error) { - localScheme := runtime.NewScheme() - if err := scheme.AddToScheme(localScheme); err != nil { - return nil, err - } - - switch version { - case authorizationv1.SchemeGroupVersion.Version: - groupVersions := []schema.GroupVersion{authorizationv1.SchemeGroupVersion} - if err := localScheme.SetVersionPriority(groupVersions...); err != nil { - return nil, err - } - gw, err := webhook.NewGenericWebhook(localScheme, scheme.Codecs, config, groupVersions, retryBackoff) - if err != nil { - return nil, err - } - return &subjectAccessReviewV1ClientGW{gw.RestClient}, nil - - case authorizationv1beta1.SchemeGroupVersion.Version: - groupVersions := []schema.GroupVersion{authorizationv1beta1.SchemeGroupVersion} - if err := localScheme.SetVersionPriority(groupVersions...); err != nil { - return nil, err - } - gw, err := webhook.NewGenericWebhook(localScheme, scheme.Codecs, config, groupVersions, retryBackoff) - if err != nil { - return nil, err - } - return &subjectAccessReviewV1beta1ClientGW{gw.RestClient}, nil - - default: - return nil, fmt.Errorf( - "unsupported webhook authorizer version %q, supported versions are %q, %q", - version, - authorizationv1.SchemeGroupVersion.Version, - authorizationv1beta1.SchemeGroupVersion.Version, - ) - } -} - -type subjectAccessReviewV1Client struct { - client rest.Interface -} - -func (t *subjectAccessReviewV1Client) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, opts metav1.CreateOptions) (result *authorizationv1.SubjectAccessReview, statusCode int, err error) { - result = &authorizationv1.SubjectAccessReview{} - - restResult := t.client.Post(). - Resource("subjectaccessreviews"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(subjectAccessReview). - Do(ctx) - - restResult.StatusCode(&statusCode) - err = restResult.Into(result) - return -} - -// subjectAccessReviewV1ClientGW used by the generic webhook, doesn't specify GVR. -type subjectAccessReviewV1ClientGW struct { - client rest.Interface -} - -func (t *subjectAccessReviewV1ClientGW) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, _ metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, int, error) { - var statusCode int - result := &authorizationv1.SubjectAccessReview{} - - restResult := t.client.Post().Body(subjectAccessReview).Do(ctx) - - restResult.StatusCode(&statusCode) - err := restResult.Into(result) - - return result, statusCode, err -} - -// subjectAccessReviewV1beta1ClientGW used by the generic webhook, doesn't specify GVR. -type subjectAccessReviewV1beta1ClientGW struct { - client rest.Interface -} - -func (t *subjectAccessReviewV1beta1ClientGW) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, _ metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, int, error) { - var statusCode int - v1beta1Review := &authorizationv1beta1.SubjectAccessReview{Spec: v1SpecToV1beta1Spec(&subjectAccessReview.Spec)} - v1beta1Result := &authorizationv1beta1.SubjectAccessReview{} - - restResult := t.client.Post().Body(v1beta1Review).Do(ctx) - - restResult.StatusCode(&statusCode) - err := restResult.Into(v1beta1Result) - if err == nil { - subjectAccessReview.Status = v1beta1StatusToV1Status(&v1beta1Result.Status) - } - return subjectAccessReview, statusCode, err -} - -// shouldCache determines whether it is safe to cache the given request attributes. If the -// requester-controlled attributes are too large, this may be a DoS attempt, so we skip the cache. -func shouldCache(attr authorizer.Attributes) bool { - controlledAttrSize := int64(len(attr.GetNamespace())) + - int64(len(attr.GetVerb())) + - int64(len(attr.GetAPIGroup())) + - int64(len(attr.GetAPIVersion())) + - int64(len(attr.GetResource())) + - int64(len(attr.GetSubresource())) + - int64(len(attr.GetName())) + - int64(len(attr.GetPath())) - return controlledAttrSize < maxControlledAttrCacheSize -} - -func v1beta1StatusToV1Status(in *authorizationv1beta1.SubjectAccessReviewStatus) authorizationv1.SubjectAccessReviewStatus { - return authorizationv1.SubjectAccessReviewStatus{ - Allowed: in.Allowed, - Denied: in.Denied, - Reason: in.Reason, - EvaluationError: in.EvaluationError, - } -} - -func v1SpecToV1beta1Spec(in *authorizationv1.SubjectAccessReviewSpec) authorizationv1beta1.SubjectAccessReviewSpec { - return authorizationv1beta1.SubjectAccessReviewSpec{ - ResourceAttributes: v1ResourceAttributesToV1beta1ResourceAttributes(in.ResourceAttributes), - NonResourceAttributes: v1NonResourceAttributesToV1beta1NonResourceAttributes(in.NonResourceAttributes), - User: in.User, - Groups: in.Groups, - Extra: v1ExtraToV1beta1Extra(in.Extra), - UID: in.UID, - } -} - -func v1ResourceAttributesToV1beta1ResourceAttributes(in *authorizationv1.ResourceAttributes) *authorizationv1beta1.ResourceAttributes { - if in == nil { - return nil - } - return &authorizationv1beta1.ResourceAttributes{ - Namespace: in.Namespace, - Verb: in.Verb, - Group: in.Group, - Version: in.Version, - Resource: in.Resource, - Subresource: in.Subresource, - Name: in.Name, - } -} - -func v1NonResourceAttributesToV1beta1NonResourceAttributes(in *authorizationv1.NonResourceAttributes) *authorizationv1beta1.NonResourceAttributes { - if in == nil { - return nil - } - return &authorizationv1beta1.NonResourceAttributes{ - Path: in.Path, - Verb: in.Verb, - } -} - -func v1ExtraToV1beta1Extra(in map[string]authorizationv1.ExtraValue) map[string]authorizationv1beta1.ExtraValue { - if in == nil { - return nil - } - ret := make(map[string]authorizationv1beta1.ExtraValue, len(in)) - for k, v := range in { - ret[k] = authorizationv1beta1.ExtraValue(v) - } - return ret -} diff --git a/etcd/vendor/k8s.io/client-go/dynamic/dynamicinformer/informer.go b/etcd/vendor/k8s.io/client-go/dynamic/dynamicinformer/informer.go deleted file mode 100644 index 40878b400f..0000000000 --- a/etcd/vendor/k8s.io/client-go/dynamic/dynamicinformer/informer.go +++ /dev/null @@ -1,158 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamicinformer - -import ( - "context" - "sync" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/dynamic/dynamiclister" - "k8s.io/client-go/informers" - "k8s.io/client-go/tools/cache" -) - -// NewDynamicSharedInformerFactory constructs a new instance of dynamicSharedInformerFactory for all namespaces. -func NewDynamicSharedInformerFactory(client dynamic.Interface, defaultResync time.Duration) DynamicSharedInformerFactory { - return NewFilteredDynamicSharedInformerFactory(client, defaultResync, metav1.NamespaceAll, nil) -} - -// NewFilteredDynamicSharedInformerFactory constructs a new instance of dynamicSharedInformerFactory. -// Listers obtained via this factory will be subject to the same filters as specified here. -func NewFilteredDynamicSharedInformerFactory(client dynamic.Interface, defaultResync time.Duration, namespace string, tweakListOptions TweakListOptionsFunc) DynamicSharedInformerFactory { - return &dynamicSharedInformerFactory{ - client: client, - defaultResync: defaultResync, - namespace: namespace, - informers: map[schema.GroupVersionResource]informers.GenericInformer{}, - startedInformers: make(map[schema.GroupVersionResource]bool), - tweakListOptions: tweakListOptions, - } -} - -type dynamicSharedInformerFactory struct { - client dynamic.Interface - defaultResync time.Duration - namespace string - - lock sync.Mutex - informers map[schema.GroupVersionResource]informers.GenericInformer - // startedInformers is used for tracking which informers have been started. - // This allows Start() to be called multiple times safely. - startedInformers map[schema.GroupVersionResource]bool - tweakListOptions TweakListOptionsFunc -} - -var _ DynamicSharedInformerFactory = &dynamicSharedInformerFactory{} - -func (f *dynamicSharedInformerFactory) ForResource(gvr schema.GroupVersionResource) informers.GenericInformer { - f.lock.Lock() - defer f.lock.Unlock() - - key := gvr - informer, exists := f.informers[key] - if exists { - return informer - } - - informer = NewFilteredDynamicInformer(f.client, gvr, f.namespace, f.defaultResync, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) - f.informers[key] = informer - - return informer -} - -// Start initializes all requested informers. -func (f *dynamicSharedInformerFactory) Start(stopCh <-chan struct{}) { - f.lock.Lock() - defer f.lock.Unlock() - - for informerType, informer := range f.informers { - if !f.startedInformers[informerType] { - go informer.Informer().Run(stopCh) - f.startedInformers[informerType] = true - } - } -} - -// WaitForCacheSync waits for all started informers' cache were synced. -func (f *dynamicSharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[schema.GroupVersionResource]bool { - informers := func() map[schema.GroupVersionResource]cache.SharedIndexInformer { - f.lock.Lock() - defer f.lock.Unlock() - - informers := map[schema.GroupVersionResource]cache.SharedIndexInformer{} - for informerType, informer := range f.informers { - if f.startedInformers[informerType] { - informers[informerType] = informer.Informer() - } - } - return informers - }() - - res := map[schema.GroupVersionResource]bool{} - for informType, informer := range informers { - res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced) - } - return res -} - -// NewFilteredDynamicInformer constructs a new informer for a dynamic type. -func NewFilteredDynamicInformer(client dynamic.Interface, gvr schema.GroupVersionResource, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions TweakListOptionsFunc) informers.GenericInformer { - return &dynamicInformer{ - gvr: gvr, - informer: cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.Resource(gvr).Namespace(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.Resource(gvr).Namespace(namespace).Watch(context.TODO(), options) - }, - }, - &unstructured.Unstructured{}, - resyncPeriod, - indexers, - ), - } -} - -type dynamicInformer struct { - informer cache.SharedIndexInformer - gvr schema.GroupVersionResource -} - -var _ informers.GenericInformer = &dynamicInformer{} - -func (d *dynamicInformer) Informer() cache.SharedIndexInformer { - return d.informer -} - -func (d *dynamicInformer) Lister() cache.GenericLister { - return dynamiclister.NewRuntimeObjectShim(dynamiclister.New(d.informer.GetIndexer(), d.gvr)) -} diff --git a/etcd/vendor/k8s.io/client-go/dynamic/dynamicinformer/interface.go b/etcd/vendor/k8s.io/client-go/dynamic/dynamicinformer/interface.go deleted file mode 100644 index 083977c301..0000000000 --- a/etcd/vendor/k8s.io/client-go/dynamic/dynamicinformer/interface.go +++ /dev/null @@ -1,34 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamicinformer - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/informers" -) - -// DynamicSharedInformerFactory provides access to a shared informer and lister for dynamic client -type DynamicSharedInformerFactory interface { - Start(stopCh <-chan struct{}) - ForResource(gvr schema.GroupVersionResource) informers.GenericInformer - WaitForCacheSync(stopCh <-chan struct{}) map[schema.GroupVersionResource]bool -} - -// TweakListOptionsFunc defines the signature of a helper function -// that wants to provide more listing options to API -type TweakListOptionsFunc func(*metav1.ListOptions) diff --git a/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/interface.go b/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/interface.go deleted file mode 100644 index c39cbee925..0000000000 --- a/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/interface.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiclister - -import ( - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/labels" -) - -// Lister helps list resources. -type Lister interface { - // List lists all resources in the indexer. - List(selector labels.Selector) (ret []*unstructured.Unstructured, err error) - // Get retrieves a resource from the indexer with the given name - Get(name string) (*unstructured.Unstructured, error) - // Namespace returns an object that can list and get resources in a given namespace. - Namespace(namespace string) NamespaceLister -} - -// NamespaceLister helps list and get resources. -type NamespaceLister interface { - // List lists all resources in the indexer for a given namespace. - List(selector labels.Selector) (ret []*unstructured.Unstructured, err error) - // Get retrieves a resource from the indexer for a given namespace and name. - Get(name string) (*unstructured.Unstructured, error) -} diff --git a/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/lister.go b/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/lister.go deleted file mode 100644 index a50fc471e9..0000000000 --- a/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/lister.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiclister - -import ( - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/tools/cache" -) - -var _ Lister = &dynamicLister{} -var _ NamespaceLister = &dynamicNamespaceLister{} - -// dynamicLister implements the Lister interface. -type dynamicLister struct { - indexer cache.Indexer - gvr schema.GroupVersionResource -} - -// New returns a new Lister. -func New(indexer cache.Indexer, gvr schema.GroupVersionResource) Lister { - return &dynamicLister{indexer: indexer, gvr: gvr} -} - -// List lists all resources in the indexer. -func (l *dynamicLister) List(selector labels.Selector) (ret []*unstructured.Unstructured, err error) { - err = cache.ListAll(l.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*unstructured.Unstructured)) - }) - return ret, err -} - -// Get retrieves a resource from the indexer with the given name -func (l *dynamicLister) Get(name string) (*unstructured.Unstructured, error) { - obj, exists, err := l.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(l.gvr.GroupResource(), name) - } - return obj.(*unstructured.Unstructured), nil -} - -// Namespace returns an object that can list and get resources from a given namespace. -func (l *dynamicLister) Namespace(namespace string) NamespaceLister { - return &dynamicNamespaceLister{indexer: l.indexer, namespace: namespace, gvr: l.gvr} -} - -// dynamicNamespaceLister implements the NamespaceLister interface. -type dynamicNamespaceLister struct { - indexer cache.Indexer - namespace string - gvr schema.GroupVersionResource -} - -// List lists all resources in the indexer for a given namespace. -func (l *dynamicNamespaceLister) List(selector labels.Selector) (ret []*unstructured.Unstructured, err error) { - err = cache.ListAllByNamespace(l.indexer, l.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*unstructured.Unstructured)) - }) - return ret, err -} - -// Get retrieves a resource from the indexer for a given namespace and name. -func (l *dynamicNamespaceLister) Get(name string) (*unstructured.Unstructured, error) { - obj, exists, err := l.indexer.GetByKey(l.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(l.gvr.GroupResource(), name) - } - return obj.(*unstructured.Unstructured), nil -} diff --git a/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/shim.go b/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/shim.go deleted file mode 100644 index 92a5f54af9..0000000000 --- a/etcd/vendor/k8s.io/client-go/dynamic/dynamiclister/shim.go +++ /dev/null @@ -1,87 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package dynamiclister - -import ( - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/cache" -) - -var _ cache.GenericLister = &dynamicListerShim{} -var _ cache.GenericNamespaceLister = &dynamicNamespaceListerShim{} - -// dynamicListerShim implements the cache.GenericLister interface. -type dynamicListerShim struct { - lister Lister -} - -// NewRuntimeObjectShim returns a new shim for Lister. -// It wraps Lister so that it implements cache.GenericLister interface -func NewRuntimeObjectShim(lister Lister) cache.GenericLister { - return &dynamicListerShim{lister: lister} -} - -// List will return all objects across namespaces -func (s *dynamicListerShim) List(selector labels.Selector) (ret []runtime.Object, err error) { - objs, err := s.lister.List(selector) - if err != nil { - return nil, err - } - - ret = make([]runtime.Object, len(objs)) - for index, obj := range objs { - ret[index] = obj - } - return ret, err -} - -// Get will attempt to retrieve assuming that name==key -func (s *dynamicListerShim) Get(name string) (runtime.Object, error) { - return s.lister.Get(name) -} - -func (s *dynamicListerShim) ByNamespace(namespace string) cache.GenericNamespaceLister { - return &dynamicNamespaceListerShim{ - namespaceLister: s.lister.Namespace(namespace), - } -} - -// dynamicNamespaceListerShim implements the NamespaceLister interface. -// It wraps NamespaceLister so that it implements cache.GenericNamespaceLister interface -type dynamicNamespaceListerShim struct { - namespaceLister NamespaceLister -} - -// List will return all objects in this namespace -func (ns *dynamicNamespaceListerShim) List(selector labels.Selector) (ret []runtime.Object, err error) { - objs, err := ns.namespaceLister.List(selector) - if err != nil { - return nil, err - } - - ret = make([]runtime.Object, len(objs)) - for index, obj := range objs { - ret[index] = obj - } - return ret, err -} - -// Get will attempt to retrieve by namespace and name -func (ns *dynamicNamespaceListerShim) Get(name string) (runtime.Object, error) { - return ns.namespaceLister.Get(name) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/interface.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/interface.go deleted file mode 100644 index 7cd8d72766..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package admissionregistration - -import ( - v1 "k8s.io/client-go/informers/admissionregistration/v1" - v1alpha1 "k8s.io/client-go/informers/admissionregistration/v1alpha1" - v1beta1 "k8s.io/client-go/informers/admissionregistration/v1beta1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/interface.go deleted file mode 100644 index 1ecae9ecf7..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // MutatingWebhookConfigurations returns a MutatingWebhookConfigurationInformer. - MutatingWebhookConfigurations() MutatingWebhookConfigurationInformer - // ValidatingWebhookConfigurations returns a ValidatingWebhookConfigurationInformer. - ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// MutatingWebhookConfigurations returns a MutatingWebhookConfigurationInformer. -func (v *version) MutatingWebhookConfigurations() MutatingWebhookConfigurationInformer { - return &mutatingWebhookConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ValidatingWebhookConfigurations returns a ValidatingWebhookConfigurationInformer. -func (v *version) ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInformer { - return &validatingWebhookConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/mutatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/mutatingwebhookconfiguration.go deleted file mode 100644 index b768f6f7f3..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/mutatingwebhookconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/admissionregistration/v1" - cache "k8s.io/client-go/tools/cache" -) - -// MutatingWebhookConfigurationInformer provides access to a shared informer and lister for -// MutatingWebhookConfigurations. -type MutatingWebhookConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.MutatingWebhookConfigurationLister -} - -type mutatingWebhookConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewMutatingWebhookConfigurationInformer constructs a new informer for MutatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewMutatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredMutatingWebhookConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredMutatingWebhookConfigurationInformer constructs a new informer for MutatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredMutatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1().MutatingWebhookConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1().MutatingWebhookConfigurations().Watch(context.TODO(), options) - }, - }, - &admissionregistrationv1.MutatingWebhookConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *mutatingWebhookConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredMutatingWebhookConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *mutatingWebhookConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&admissionregistrationv1.MutatingWebhookConfiguration{}, f.defaultInformer) -} - -func (f *mutatingWebhookConfigurationInformer) Lister() v1.MutatingWebhookConfigurationLister { - return v1.NewMutatingWebhookConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/validatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/validatingwebhookconfiguration.go deleted file mode 100644 index 8ddcdf2d90..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1/validatingwebhookconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/admissionregistration/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ValidatingWebhookConfigurationInformer provides access to a shared informer and lister for -// ValidatingWebhookConfigurations. -type ValidatingWebhookConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ValidatingWebhookConfigurationLister -} - -type validatingWebhookConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewValidatingWebhookConfigurationInformer constructs a new informer for ValidatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewValidatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredValidatingWebhookConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredValidatingWebhookConfigurationInformer constructs a new informer for ValidatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredValidatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1().ValidatingWebhookConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Watch(context.TODO(), options) - }, - }, - &admissionregistrationv1.ValidatingWebhookConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *validatingWebhookConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredValidatingWebhookConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *validatingWebhookConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&admissionregistrationv1.ValidatingWebhookConfiguration{}, f.defaultInformer) -} - -func (f *validatingWebhookConfigurationInformer) Lister() v1.ValidatingWebhookConfigurationLister { - return v1.NewValidatingWebhookConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/interface.go deleted file mode 100644 index 738063ee72..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ValidatingAdmissionPolicies returns a ValidatingAdmissionPolicyInformer. - ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInformer - // ValidatingAdmissionPolicyBindings returns a ValidatingAdmissionPolicyBindingInformer. - ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ValidatingAdmissionPolicies returns a ValidatingAdmissionPolicyInformer. -func (v *version) ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInformer { - return &validatingAdmissionPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ValidatingAdmissionPolicyBindings returns a ValidatingAdmissionPolicyBindingInformer. -func (v *version) ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInformer { - return &validatingAdmissionPolicyBindingInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/validatingadmissionpolicy.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/validatingadmissionpolicy.go deleted file mode 100644 index 01b8a4ab8e..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/validatingadmissionpolicy.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/admissionregistration/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ValidatingAdmissionPolicyInformer provides access to a shared informer and lister for -// ValidatingAdmissionPolicies. -type ValidatingAdmissionPolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ValidatingAdmissionPolicyLister -} - -type validatingAdmissionPolicyInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewValidatingAdmissionPolicyInformer constructs a new informer for ValidatingAdmissionPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewValidatingAdmissionPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredValidatingAdmissionPolicyInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredValidatingAdmissionPolicyInformer constructs a new informer for ValidatingAdmissionPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredValidatingAdmissionPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1alpha1().ValidatingAdmissionPolicies().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1alpha1().ValidatingAdmissionPolicies().Watch(context.TODO(), options) - }, - }, - &admissionregistrationv1alpha1.ValidatingAdmissionPolicy{}, - resyncPeriod, - indexers, - ) -} - -func (f *validatingAdmissionPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredValidatingAdmissionPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *validatingAdmissionPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&admissionregistrationv1alpha1.ValidatingAdmissionPolicy{}, f.defaultInformer) -} - -func (f *validatingAdmissionPolicyInformer) Lister() v1alpha1.ValidatingAdmissionPolicyLister { - return v1alpha1.NewValidatingAdmissionPolicyLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/validatingadmissionpolicybinding.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/validatingadmissionpolicybinding.go deleted file mode 100644 index bd531512b6..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1alpha1/validatingadmissionpolicybinding.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/admissionregistration/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ValidatingAdmissionPolicyBindingInformer provides access to a shared informer and lister for -// ValidatingAdmissionPolicyBindings. -type ValidatingAdmissionPolicyBindingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ValidatingAdmissionPolicyBindingLister -} - -type validatingAdmissionPolicyBindingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewValidatingAdmissionPolicyBindingInformer constructs a new informer for ValidatingAdmissionPolicyBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewValidatingAdmissionPolicyBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredValidatingAdmissionPolicyBindingInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredValidatingAdmissionPolicyBindingInformer constructs a new informer for ValidatingAdmissionPolicyBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredValidatingAdmissionPolicyBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1alpha1().ValidatingAdmissionPolicyBindings().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1alpha1().ValidatingAdmissionPolicyBindings().Watch(context.TODO(), options) - }, - }, - &admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding{}, - resyncPeriod, - indexers, - ) -} - -func (f *validatingAdmissionPolicyBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredValidatingAdmissionPolicyBindingInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *validatingAdmissionPolicyBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding{}, f.defaultInformer) -} - -func (f *validatingAdmissionPolicyBindingInformer) Lister() v1alpha1.ValidatingAdmissionPolicyBindingLister { - return v1alpha1.NewValidatingAdmissionPolicyBindingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/interface.go deleted file mode 100644 index d1e2b61be2..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // MutatingWebhookConfigurations returns a MutatingWebhookConfigurationInformer. - MutatingWebhookConfigurations() MutatingWebhookConfigurationInformer - // ValidatingWebhookConfigurations returns a ValidatingWebhookConfigurationInformer. - ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// MutatingWebhookConfigurations returns a MutatingWebhookConfigurationInformer. -func (v *version) MutatingWebhookConfigurations() MutatingWebhookConfigurationInformer { - return &mutatingWebhookConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ValidatingWebhookConfigurations returns a ValidatingWebhookConfigurationInformer. -func (v *version) ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInformer { - return &validatingWebhookConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/mutatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/mutatingwebhookconfiguration.go deleted file mode 100644 index 12c8ec1fbd..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/mutatingwebhookconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/admissionregistration/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// MutatingWebhookConfigurationInformer provides access to a shared informer and lister for -// MutatingWebhookConfigurations. -type MutatingWebhookConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.MutatingWebhookConfigurationLister -} - -type mutatingWebhookConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewMutatingWebhookConfigurationInformer constructs a new informer for MutatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewMutatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredMutatingWebhookConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredMutatingWebhookConfigurationInformer constructs a new informer for MutatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredMutatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Watch(context.TODO(), options) - }, - }, - &admissionregistrationv1beta1.MutatingWebhookConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *mutatingWebhookConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredMutatingWebhookConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *mutatingWebhookConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&admissionregistrationv1beta1.MutatingWebhookConfiguration{}, f.defaultInformer) -} - -func (f *mutatingWebhookConfigurationInformer) Lister() v1beta1.MutatingWebhookConfigurationLister { - return v1beta1.NewMutatingWebhookConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingwebhookconfiguration.go deleted file mode 100644 index 05eb05097f..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingwebhookconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/admissionregistration/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// ValidatingWebhookConfigurationInformer provides access to a shared informer and lister for -// ValidatingWebhookConfigurations. -type ValidatingWebhookConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.ValidatingWebhookConfigurationLister -} - -type validatingWebhookConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewValidatingWebhookConfigurationInformer constructs a new informer for ValidatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewValidatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredValidatingWebhookConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredValidatingWebhookConfigurationInformer constructs a new informer for ValidatingWebhookConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredValidatingWebhookConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Watch(context.TODO(), options) - }, - }, - &admissionregistrationv1beta1.ValidatingWebhookConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *validatingWebhookConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredValidatingWebhookConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *validatingWebhookConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&admissionregistrationv1beta1.ValidatingWebhookConfiguration{}, f.defaultInformer) -} - -func (f *validatingWebhookConfigurationInformer) Lister() v1beta1.ValidatingWebhookConfigurationLister { - return v1beta1.NewValidatingWebhookConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/interface.go b/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/interface.go deleted file mode 100644 index 122c030998..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/interface.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package apiserverinternal - -import ( - v1alpha1 "k8s.io/client-go/informers/apiserverinternal/v1alpha1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/v1alpha1/interface.go deleted file mode 100644 index 9778325c65..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/v1alpha1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // StorageVersions returns a StorageVersionInformer. - StorageVersions() StorageVersionInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// StorageVersions returns a StorageVersionInformer. -func (v *version) StorageVersions() StorageVersionInformer { - return &storageVersionInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/v1alpha1/storageversion.go b/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/v1alpha1/storageversion.go deleted file mode 100644 index 34175b522d..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apiserverinternal/v1alpha1/storageversion.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/apiserverinternal/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// StorageVersionInformer provides access to a shared informer and lister for -// StorageVersions. -type StorageVersionInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.StorageVersionLister -} - -type storageVersionInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewStorageVersionInformer constructs a new informer for StorageVersion type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewStorageVersionInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredStorageVersionInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredStorageVersionInformer constructs a new informer for StorageVersion type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredStorageVersionInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.InternalV1alpha1().StorageVersions().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.InternalV1alpha1().StorageVersions().Watch(context.TODO(), options) - }, - }, - &apiserverinternalv1alpha1.StorageVersion{}, - resyncPeriod, - indexers, - ) -} - -func (f *storageVersionInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredStorageVersionInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *storageVersionInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&apiserverinternalv1alpha1.StorageVersion{}, f.defaultInformer) -} - -func (f *storageVersionInformer) Lister() v1alpha1.StorageVersionLister { - return v1alpha1.NewStorageVersionLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/interface.go b/etcd/vendor/k8s.io/client-go/informers/apps/interface.go deleted file mode 100644 index 02eefe5842..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package apps - -import ( - v1 "k8s.io/client-go/informers/apps/v1" - v1beta1 "k8s.io/client-go/informers/apps/v1beta1" - v1beta2 "k8s.io/client-go/informers/apps/v1beta2" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface - // V1beta2 provides access to shared informers for resources in V1beta2. - V1beta2() v1beta2.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta2 returns a new v1beta2.Interface. -func (g *group) V1beta2() v1beta2.Interface { - return v1beta2.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1/controllerrevision.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1/controllerrevision.go deleted file mode 100644 index 31e2b74d0f..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1/controllerrevision.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - appsv1 "k8s.io/api/apps/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/apps/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ControllerRevisionInformer provides access to a shared informer and lister for -// ControllerRevisions. -type ControllerRevisionInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ControllerRevisionLister -} - -type controllerRevisionInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewControllerRevisionInformer constructs a new informer for ControllerRevision type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewControllerRevisionInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredControllerRevisionInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredControllerRevisionInformer constructs a new informer for ControllerRevision type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredControllerRevisionInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().ControllerRevisions(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().ControllerRevisions(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1.ControllerRevision{}, - resyncPeriod, - indexers, - ) -} - -func (f *controllerRevisionInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredControllerRevisionInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *controllerRevisionInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1.ControllerRevision{}, f.defaultInformer) -} - -func (f *controllerRevisionInformer) Lister() v1.ControllerRevisionLister { - return v1.NewControllerRevisionLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1/daemonset.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1/daemonset.go deleted file mode 100644 index da7fe9509b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1/daemonset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - appsv1 "k8s.io/api/apps/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/apps/v1" - cache "k8s.io/client-go/tools/cache" -) - -// DaemonSetInformer provides access to a shared informer and lister for -// DaemonSets. -type DaemonSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.DaemonSetLister -} - -type daemonSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewDaemonSetInformer constructs a new informer for DaemonSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewDaemonSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredDaemonSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredDaemonSetInformer constructs a new informer for DaemonSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredDaemonSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().DaemonSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().DaemonSets(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1.DaemonSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *daemonSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredDaemonSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *daemonSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1.DaemonSet{}, f.defaultInformer) -} - -func (f *daemonSetInformer) Lister() v1.DaemonSetLister { - return v1.NewDaemonSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1/deployment.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1/deployment.go deleted file mode 100644 index bd639bb3d9..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1/deployment.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - appsv1 "k8s.io/api/apps/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/apps/v1" - cache "k8s.io/client-go/tools/cache" -) - -// DeploymentInformer provides access to a shared informer and lister for -// Deployments. -type DeploymentInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.DeploymentLister -} - -type deploymentInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().Deployments(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().Deployments(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1.Deployment{}, - resyncPeriod, - indexers, - ) -} - -func (f *deploymentInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *deploymentInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1.Deployment{}, f.defaultInformer) -} - -func (f *deploymentInformer) Lister() v1.DeploymentLister { - return v1.NewDeploymentLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1/interface.go deleted file mode 100644 index fab1e76bd9..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1/interface.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ControllerRevisions returns a ControllerRevisionInformer. - ControllerRevisions() ControllerRevisionInformer - // DaemonSets returns a DaemonSetInformer. - DaemonSets() DaemonSetInformer - // Deployments returns a DeploymentInformer. - Deployments() DeploymentInformer - // ReplicaSets returns a ReplicaSetInformer. - ReplicaSets() ReplicaSetInformer - // StatefulSets returns a StatefulSetInformer. - StatefulSets() StatefulSetInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ControllerRevisions returns a ControllerRevisionInformer. -func (v *version) ControllerRevisions() ControllerRevisionInformer { - return &controllerRevisionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// DaemonSets returns a DaemonSetInformer. -func (v *version) DaemonSets() DaemonSetInformer { - return &daemonSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Deployments returns a DeploymentInformer. -func (v *version) Deployments() DeploymentInformer { - return &deploymentInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ReplicaSets returns a ReplicaSetInformer. -func (v *version) ReplicaSets() ReplicaSetInformer { - return &replicaSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// StatefulSets returns a StatefulSetInformer. -func (v *version) StatefulSets() StatefulSetInformer { - return &statefulSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1/replicaset.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1/replicaset.go deleted file mode 100644 index 6d81a471a4..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1/replicaset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - appsv1 "k8s.io/api/apps/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/apps/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ReplicaSetInformer provides access to a shared informer and lister for -// ReplicaSets. -type ReplicaSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ReplicaSetLister -} - -type replicaSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewReplicaSetInformer constructs a new informer for ReplicaSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewReplicaSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredReplicaSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredReplicaSetInformer constructs a new informer for ReplicaSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredReplicaSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().ReplicaSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().ReplicaSets(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1.ReplicaSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *replicaSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredReplicaSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *replicaSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1.ReplicaSet{}, f.defaultInformer) -} - -func (f *replicaSetInformer) Lister() v1.ReplicaSetLister { - return v1.NewReplicaSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1/statefulset.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1/statefulset.go deleted file mode 100644 index c99bbb73ed..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1/statefulset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - appsv1 "k8s.io/api/apps/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/apps/v1" - cache "k8s.io/client-go/tools/cache" -) - -// StatefulSetInformer provides access to a shared informer and lister for -// StatefulSets. -type StatefulSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.StatefulSetLister -} - -type statefulSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewStatefulSetInformer constructs a new informer for StatefulSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewStatefulSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredStatefulSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredStatefulSetInformer constructs a new informer for StatefulSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredStatefulSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().StatefulSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1().StatefulSets(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1.StatefulSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *statefulSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredStatefulSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *statefulSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1.StatefulSet{}, f.defaultInformer) -} - -func (f *statefulSetInformer) Lister() v1.StatefulSetLister { - return v1.NewStatefulSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/controllerrevision.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/controllerrevision.go deleted file mode 100644 index cb36bd7fd8..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/controllerrevision.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - appsv1beta1 "k8s.io/api/apps/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/apps/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// ControllerRevisionInformer provides access to a shared informer and lister for -// ControllerRevisions. -type ControllerRevisionInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.ControllerRevisionLister -} - -type controllerRevisionInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewControllerRevisionInformer constructs a new informer for ControllerRevision type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewControllerRevisionInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredControllerRevisionInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredControllerRevisionInformer constructs a new informer for ControllerRevision type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredControllerRevisionInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta1().ControllerRevisions(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta1().ControllerRevisions(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta1.ControllerRevision{}, - resyncPeriod, - indexers, - ) -} - -func (f *controllerRevisionInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredControllerRevisionInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *controllerRevisionInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta1.ControllerRevision{}, f.defaultInformer) -} - -func (f *controllerRevisionInformer) Lister() v1beta1.ControllerRevisionLister { - return v1beta1.NewControllerRevisionLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/deployment.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/deployment.go deleted file mode 100644 index e02a13c2f4..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/deployment.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - appsv1beta1 "k8s.io/api/apps/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/apps/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// DeploymentInformer provides access to a shared informer and lister for -// Deployments. -type DeploymentInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.DeploymentLister -} - -type deploymentInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta1().Deployments(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta1().Deployments(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta1.Deployment{}, - resyncPeriod, - indexers, - ) -} - -func (f *deploymentInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *deploymentInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta1.Deployment{}, f.defaultInformer) -} - -func (f *deploymentInformer) Lister() v1beta1.DeploymentLister { - return v1beta1.NewDeploymentLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/interface.go deleted file mode 100644 index 326939cd12..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/interface.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ControllerRevisions returns a ControllerRevisionInformer. - ControllerRevisions() ControllerRevisionInformer - // Deployments returns a DeploymentInformer. - Deployments() DeploymentInformer - // StatefulSets returns a StatefulSetInformer. - StatefulSets() StatefulSetInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ControllerRevisions returns a ControllerRevisionInformer. -func (v *version) ControllerRevisions() ControllerRevisionInformer { - return &controllerRevisionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Deployments returns a DeploymentInformer. -func (v *version) Deployments() DeploymentInformer { - return &deploymentInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// StatefulSets returns a StatefulSetInformer. -func (v *version) StatefulSets() StatefulSetInformer { - return &statefulSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/statefulset.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/statefulset.go deleted file mode 100644 index b845cc99c9..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta1/statefulset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - appsv1beta1 "k8s.io/api/apps/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/apps/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// StatefulSetInformer provides access to a shared informer and lister for -// StatefulSets. -type StatefulSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.StatefulSetLister -} - -type statefulSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewStatefulSetInformer constructs a new informer for StatefulSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewStatefulSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredStatefulSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredStatefulSetInformer constructs a new informer for StatefulSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredStatefulSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta1().StatefulSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta1().StatefulSets(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta1.StatefulSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *statefulSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredStatefulSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *statefulSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta1.StatefulSet{}, f.defaultInformer) -} - -func (f *statefulSetInformer) Lister() v1beta1.StatefulSetLister { - return v1beta1.NewStatefulSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/controllerrevision.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/controllerrevision.go deleted file mode 100644 index 4d0e91320b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/controllerrevision.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - time "time" - - appsv1beta2 "k8s.io/api/apps/v1beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta2 "k8s.io/client-go/listers/apps/v1beta2" - cache "k8s.io/client-go/tools/cache" -) - -// ControllerRevisionInformer provides access to a shared informer and lister for -// ControllerRevisions. -type ControllerRevisionInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta2.ControllerRevisionLister -} - -type controllerRevisionInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewControllerRevisionInformer constructs a new informer for ControllerRevision type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewControllerRevisionInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredControllerRevisionInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredControllerRevisionInformer constructs a new informer for ControllerRevision type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredControllerRevisionInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().ControllerRevisions(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().ControllerRevisions(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta2.ControllerRevision{}, - resyncPeriod, - indexers, - ) -} - -func (f *controllerRevisionInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredControllerRevisionInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *controllerRevisionInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta2.ControllerRevision{}, f.defaultInformer) -} - -func (f *controllerRevisionInformer) Lister() v1beta2.ControllerRevisionLister { - return v1beta2.NewControllerRevisionLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/daemonset.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/daemonset.go deleted file mode 100644 index 280e2fe465..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/daemonset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - time "time" - - appsv1beta2 "k8s.io/api/apps/v1beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta2 "k8s.io/client-go/listers/apps/v1beta2" - cache "k8s.io/client-go/tools/cache" -) - -// DaemonSetInformer provides access to a shared informer and lister for -// DaemonSets. -type DaemonSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta2.DaemonSetLister -} - -type daemonSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewDaemonSetInformer constructs a new informer for DaemonSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewDaemonSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredDaemonSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredDaemonSetInformer constructs a new informer for DaemonSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredDaemonSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().DaemonSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().DaemonSets(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta2.DaemonSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *daemonSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredDaemonSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *daemonSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta2.DaemonSet{}, f.defaultInformer) -} - -func (f *daemonSetInformer) Lister() v1beta2.DaemonSetLister { - return v1beta2.NewDaemonSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/deployment.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/deployment.go deleted file mode 100644 index 67bdb79720..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/deployment.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - time "time" - - appsv1beta2 "k8s.io/api/apps/v1beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta2 "k8s.io/client-go/listers/apps/v1beta2" - cache "k8s.io/client-go/tools/cache" -) - -// DeploymentInformer provides access to a shared informer and lister for -// Deployments. -type DeploymentInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta2.DeploymentLister -} - -type deploymentInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().Deployments(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().Deployments(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta2.Deployment{}, - resyncPeriod, - indexers, - ) -} - -func (f *deploymentInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *deploymentInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta2.Deployment{}, f.defaultInformer) -} - -func (f *deploymentInformer) Lister() v1beta2.DeploymentLister { - return v1beta2.NewDeploymentLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/interface.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/interface.go deleted file mode 100644 index ded89bd5be..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/interface.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ControllerRevisions returns a ControllerRevisionInformer. - ControllerRevisions() ControllerRevisionInformer - // DaemonSets returns a DaemonSetInformer. - DaemonSets() DaemonSetInformer - // Deployments returns a DeploymentInformer. - Deployments() DeploymentInformer - // ReplicaSets returns a ReplicaSetInformer. - ReplicaSets() ReplicaSetInformer - // StatefulSets returns a StatefulSetInformer. - StatefulSets() StatefulSetInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ControllerRevisions returns a ControllerRevisionInformer. -func (v *version) ControllerRevisions() ControllerRevisionInformer { - return &controllerRevisionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// DaemonSets returns a DaemonSetInformer. -func (v *version) DaemonSets() DaemonSetInformer { - return &daemonSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Deployments returns a DeploymentInformer. -func (v *version) Deployments() DeploymentInformer { - return &deploymentInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ReplicaSets returns a ReplicaSetInformer. -func (v *version) ReplicaSets() ReplicaSetInformer { - return &replicaSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// StatefulSets returns a StatefulSetInformer. -func (v *version) StatefulSets() StatefulSetInformer { - return &statefulSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/replicaset.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/replicaset.go deleted file mode 100644 index 85d12bb65d..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/replicaset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - time "time" - - appsv1beta2 "k8s.io/api/apps/v1beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta2 "k8s.io/client-go/listers/apps/v1beta2" - cache "k8s.io/client-go/tools/cache" -) - -// ReplicaSetInformer provides access to a shared informer and lister for -// ReplicaSets. -type ReplicaSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta2.ReplicaSetLister -} - -type replicaSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewReplicaSetInformer constructs a new informer for ReplicaSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewReplicaSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredReplicaSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredReplicaSetInformer constructs a new informer for ReplicaSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredReplicaSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().ReplicaSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().ReplicaSets(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta2.ReplicaSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *replicaSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredReplicaSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *replicaSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta2.ReplicaSet{}, f.defaultInformer) -} - -func (f *replicaSetInformer) Lister() v1beta2.ReplicaSetLister { - return v1beta2.NewReplicaSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/statefulset.go b/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/statefulset.go deleted file mode 100644 index 2fab6f7b2b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/apps/v1beta2/statefulset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - time "time" - - appsv1beta2 "k8s.io/api/apps/v1beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta2 "k8s.io/client-go/listers/apps/v1beta2" - cache "k8s.io/client-go/tools/cache" -) - -// StatefulSetInformer provides access to a shared informer and lister for -// StatefulSets. -type StatefulSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta2.StatefulSetLister -} - -type statefulSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewStatefulSetInformer constructs a new informer for StatefulSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewStatefulSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredStatefulSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredStatefulSetInformer constructs a new informer for StatefulSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredStatefulSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().StatefulSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AppsV1beta2().StatefulSets(namespace).Watch(context.TODO(), options) - }, - }, - &appsv1beta2.StatefulSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *statefulSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredStatefulSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *statefulSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&appsv1beta2.StatefulSet{}, f.defaultInformer) -} - -func (f *statefulSetInformer) Lister() v1beta2.StatefulSetLister { - return v1beta2.NewStatefulSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/interface.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/interface.go deleted file mode 100644 index 2b3b2d0e50..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/interface.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package autoscaling - -import ( - v1 "k8s.io/client-go/informers/autoscaling/v1" - v2 "k8s.io/client-go/informers/autoscaling/v2" - v2beta1 "k8s.io/client-go/informers/autoscaling/v2beta1" - v2beta2 "k8s.io/client-go/informers/autoscaling/v2beta2" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V2 provides access to shared informers for resources in V2. - V2() v2.Interface - // V2beta1 provides access to shared informers for resources in V2beta1. - V2beta1() v2beta1.Interface - // V2beta2 provides access to shared informers for resources in V2beta2. - V2beta2() v2beta2.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V2 returns a new v2.Interface. -func (g *group) V2() v2.Interface { - return v2.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V2beta1 returns a new v2beta1.Interface. -func (g *group) V2beta1() v2beta1.Interface { - return v2beta1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V2beta2 returns a new v2beta2.Interface. -func (g *group) V2beta2() v2beta2.Interface { - return v2beta2.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v1/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v1/horizontalpodautoscaler.go deleted file mode 100644 index 44f041e906..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v1/horizontalpodautoscaler.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - autoscalingv1 "k8s.io/api/autoscaling/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/autoscaling/v1" - cache "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerInformer provides access to a shared informer and lister for -// HorizontalPodAutoscalers. -type HorizontalPodAutoscalerInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.HorizontalPodAutoscalerLister -} - -type horizontalPodAutoscalerInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV1().HorizontalPodAutoscalers(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV1().HorizontalPodAutoscalers(namespace).Watch(context.TODO(), options) - }, - }, - &autoscalingv1.HorizontalPodAutoscaler{}, - resyncPeriod, - indexers, - ) -} - -func (f *horizontalPodAutoscalerInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *horizontalPodAutoscalerInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&autoscalingv1.HorizontalPodAutoscaler{}, f.defaultInformer) -} - -func (f *horizontalPodAutoscalerInformer) Lister() v1.HorizontalPodAutoscalerLister { - return v1.NewHorizontalPodAutoscalerLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v1/interface.go deleted file mode 100644 index 601d0f77f1..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. - HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. -func (v *version) HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer { - return &horizontalPodAutoscalerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2/horizontalpodautoscaler.go deleted file mode 100644 index 5ddb3b015f..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2/horizontalpodautoscaler.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v2 - -import ( - "context" - time "time" - - autoscalingv2 "k8s.io/api/autoscaling/v2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v2 "k8s.io/client-go/listers/autoscaling/v2" - cache "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerInformer provides access to a shared informer and lister for -// HorizontalPodAutoscalers. -type HorizontalPodAutoscalerInformer interface { - Informer() cache.SharedIndexInformer - Lister() v2.HorizontalPodAutoscalerLister -} - -type horizontalPodAutoscalerInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV2().HorizontalPodAutoscalers(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV2().HorizontalPodAutoscalers(namespace).Watch(context.TODO(), options) - }, - }, - &autoscalingv2.HorizontalPodAutoscaler{}, - resyncPeriod, - indexers, - ) -} - -func (f *horizontalPodAutoscalerInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *horizontalPodAutoscalerInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&autoscalingv2.HorizontalPodAutoscaler{}, f.defaultInformer) -} - -func (f *horizontalPodAutoscalerInformer) Lister() v2.HorizontalPodAutoscalerLister { - return v2.NewHorizontalPodAutoscalerLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2/interface.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2/interface.go deleted file mode 100644 index 2c71908e40..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v2 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. - HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. -func (v *version) HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer { - return &horizontalPodAutoscalerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta1/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta1/horizontalpodautoscaler.go deleted file mode 100644 index 6385a2a190..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta1/horizontalpodautoscaler.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v2beta1 - -import ( - "context" - time "time" - - autoscalingv2beta1 "k8s.io/api/autoscaling/v2beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v2beta1 "k8s.io/client-go/listers/autoscaling/v2beta1" - cache "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerInformer provides access to a shared informer and lister for -// HorizontalPodAutoscalers. -type HorizontalPodAutoscalerInformer interface { - Informer() cache.SharedIndexInformer - Lister() v2beta1.HorizontalPodAutoscalerLister -} - -type horizontalPodAutoscalerInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV2beta1().HorizontalPodAutoscalers(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV2beta1().HorizontalPodAutoscalers(namespace).Watch(context.TODO(), options) - }, - }, - &autoscalingv2beta1.HorizontalPodAutoscaler{}, - resyncPeriod, - indexers, - ) -} - -func (f *horizontalPodAutoscalerInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *horizontalPodAutoscalerInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&autoscalingv2beta1.HorizontalPodAutoscaler{}, f.defaultInformer) -} - -func (f *horizontalPodAutoscalerInformer) Lister() v2beta1.HorizontalPodAutoscalerLister { - return v2beta1.NewHorizontalPodAutoscalerLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta1/interface.go deleted file mode 100644 index ff5d44b09d..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v2beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. - HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. -func (v *version) HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer { - return &horizontalPodAutoscalerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta2/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta2/horizontalpodautoscaler.go deleted file mode 100644 index f1ac3f0737..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta2/horizontalpodautoscaler.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v2beta2 - -import ( - "context" - time "time" - - autoscalingv2beta2 "k8s.io/api/autoscaling/v2beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v2beta2 "k8s.io/client-go/listers/autoscaling/v2beta2" - cache "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerInformer provides access to a shared informer and lister for -// HorizontalPodAutoscalers. -type HorizontalPodAutoscalerInformer interface { - Informer() cache.SharedIndexInformer - Lister() v2beta2.HorizontalPodAutoscalerLister -} - -type horizontalPodAutoscalerInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredHorizontalPodAutoscalerInformer constructs a new informer for HorizontalPodAutoscaler type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredHorizontalPodAutoscalerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV2beta2().HorizontalPodAutoscalers(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.AutoscalingV2beta2().HorizontalPodAutoscalers(namespace).Watch(context.TODO(), options) - }, - }, - &autoscalingv2beta2.HorizontalPodAutoscaler{}, - resyncPeriod, - indexers, - ) -} - -func (f *horizontalPodAutoscalerInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredHorizontalPodAutoscalerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *horizontalPodAutoscalerInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&autoscalingv2beta2.HorizontalPodAutoscaler{}, f.defaultInformer) -} - -func (f *horizontalPodAutoscalerInformer) Lister() v2beta2.HorizontalPodAutoscalerLister { - return v2beta2.NewHorizontalPodAutoscalerLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta2/interface.go b/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta2/interface.go deleted file mode 100644 index e482c57925..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/autoscaling/v2beta2/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v2beta2 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. - HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// HorizontalPodAutoscalers returns a HorizontalPodAutoscalerInformer. -func (v *version) HorizontalPodAutoscalers() HorizontalPodAutoscalerInformer { - return &horizontalPodAutoscalerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/batch/interface.go b/etcd/vendor/k8s.io/client-go/informers/batch/interface.go deleted file mode 100644 index 53b81c7ecc..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/batch/interface.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package batch - -import ( - v1 "k8s.io/client-go/informers/batch/v1" - v1beta1 "k8s.io/client-go/informers/batch/v1beta1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/batch/v1/cronjob.go b/etcd/vendor/k8s.io/client-go/informers/batch/v1/cronjob.go deleted file mode 100644 index fdfb655134..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/batch/v1/cronjob.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - batchv1 "k8s.io/api/batch/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/batch/v1" - cache "k8s.io/client-go/tools/cache" -) - -// CronJobInformer provides access to a shared informer and lister for -// CronJobs. -type CronJobInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.CronJobLister -} - -type cronJobInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCronJobInformer constructs a new informer for CronJob type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCronJobInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCronJobInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCronJobInformer constructs a new informer for CronJob type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCronJobInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.BatchV1().CronJobs(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.BatchV1().CronJobs(namespace).Watch(context.TODO(), options) - }, - }, - &batchv1.CronJob{}, - resyncPeriod, - indexers, - ) -} - -func (f *cronJobInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCronJobInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cronJobInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&batchv1.CronJob{}, f.defaultInformer) -} - -func (f *cronJobInformer) Lister() v1.CronJobLister { - return v1.NewCronJobLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/batch/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/batch/v1/interface.go deleted file mode 100644 index 84567fb592..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/batch/v1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // CronJobs returns a CronJobInformer. - CronJobs() CronJobInformer - // Jobs returns a JobInformer. - Jobs() JobInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// CronJobs returns a CronJobInformer. -func (v *version) CronJobs() CronJobInformer { - return &cronJobInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Jobs returns a JobInformer. -func (v *version) Jobs() JobInformer { - return &jobInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/batch/v1/job.go b/etcd/vendor/k8s.io/client-go/informers/batch/v1/job.go deleted file mode 100644 index 4992f52286..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/batch/v1/job.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - batchv1 "k8s.io/api/batch/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/batch/v1" - cache "k8s.io/client-go/tools/cache" -) - -// JobInformer provides access to a shared informer and lister for -// Jobs. -type JobInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.JobLister -} - -type jobInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewJobInformer constructs a new informer for Job type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewJobInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredJobInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredJobInformer constructs a new informer for Job type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredJobInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.BatchV1().Jobs(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.BatchV1().Jobs(namespace).Watch(context.TODO(), options) - }, - }, - &batchv1.Job{}, - resyncPeriod, - indexers, - ) -} - -func (f *jobInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredJobInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *jobInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&batchv1.Job{}, f.defaultInformer) -} - -func (f *jobInformer) Lister() v1.JobLister { - return v1.NewJobLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/batch/v1beta1/cronjob.go b/etcd/vendor/k8s.io/client-go/informers/batch/v1beta1/cronjob.go deleted file mode 100644 index 820c93eaaa..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/batch/v1beta1/cronjob.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - batchv1beta1 "k8s.io/api/batch/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/batch/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// CronJobInformer provides access to a shared informer and lister for -// CronJobs. -type CronJobInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.CronJobLister -} - -type cronJobInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCronJobInformer constructs a new informer for CronJob type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCronJobInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCronJobInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCronJobInformer constructs a new informer for CronJob type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCronJobInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.BatchV1beta1().CronJobs(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.BatchV1beta1().CronJobs(namespace).Watch(context.TODO(), options) - }, - }, - &batchv1beta1.CronJob{}, - resyncPeriod, - indexers, - ) -} - -func (f *cronJobInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCronJobInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cronJobInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&batchv1beta1.CronJob{}, f.defaultInformer) -} - -func (f *cronJobInformer) Lister() v1beta1.CronJobLister { - return v1beta1.NewCronJobLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/batch/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/batch/v1beta1/interface.go deleted file mode 100644 index 76cae22d68..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/batch/v1beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // CronJobs returns a CronJobInformer. - CronJobs() CronJobInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// CronJobs returns a CronJobInformer. -func (v *version) CronJobs() CronJobInformer { - return &cronJobInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/certificates/interface.go b/etcd/vendor/k8s.io/client-go/informers/certificates/interface.go deleted file mode 100644 index e38d01177c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/certificates/interface.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package certificates - -import ( - v1 "k8s.io/client-go/informers/certificates/v1" - v1beta1 "k8s.io/client-go/informers/certificates/v1beta1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/certificates/v1/certificatesigningrequest.go b/etcd/vendor/k8s.io/client-go/informers/certificates/v1/certificatesigningrequest.go deleted file mode 100644 index 73d33a914c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/certificates/v1/certificatesigningrequest.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - certificatesv1 "k8s.io/api/certificates/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/certificates/v1" - cache "k8s.io/client-go/tools/cache" -) - -// CertificateSigningRequestInformer provides access to a shared informer and lister for -// CertificateSigningRequests. -type CertificateSigningRequestInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.CertificateSigningRequestLister -} - -type certificateSigningRequestInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewCertificateSigningRequestInformer constructs a new informer for CertificateSigningRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCertificateSigningRequestInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCertificateSigningRequestInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredCertificateSigningRequestInformer constructs a new informer for CertificateSigningRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCertificateSigningRequestInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CertificatesV1().CertificateSigningRequests().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CertificatesV1().CertificateSigningRequests().Watch(context.TODO(), options) - }, - }, - &certificatesv1.CertificateSigningRequest{}, - resyncPeriod, - indexers, - ) -} - -func (f *certificateSigningRequestInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCertificateSigningRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *certificateSigningRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&certificatesv1.CertificateSigningRequest{}, f.defaultInformer) -} - -func (f *certificateSigningRequestInformer) Lister() v1.CertificateSigningRequestLister { - return v1.NewCertificateSigningRequestLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/certificates/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/certificates/v1/interface.go deleted file mode 100644 index 91ccfb715d..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/certificates/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // CertificateSigningRequests returns a CertificateSigningRequestInformer. - CertificateSigningRequests() CertificateSigningRequestInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// CertificateSigningRequests returns a CertificateSigningRequestInformer. -func (v *version) CertificateSigningRequests() CertificateSigningRequestInformer { - return &certificateSigningRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/certificates/v1beta1/certificatesigningrequest.go b/etcd/vendor/k8s.io/client-go/informers/certificates/v1beta1/certificatesigningrequest.go deleted file mode 100644 index 4e167ab8b1..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/certificates/v1beta1/certificatesigningrequest.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - certificatesv1beta1 "k8s.io/api/certificates/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/certificates/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// CertificateSigningRequestInformer provides access to a shared informer and lister for -// CertificateSigningRequests. -type CertificateSigningRequestInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.CertificateSigningRequestLister -} - -type certificateSigningRequestInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewCertificateSigningRequestInformer constructs a new informer for CertificateSigningRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCertificateSigningRequestInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCertificateSigningRequestInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredCertificateSigningRequestInformer constructs a new informer for CertificateSigningRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCertificateSigningRequestInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CertificatesV1beta1().CertificateSigningRequests().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CertificatesV1beta1().CertificateSigningRequests().Watch(context.TODO(), options) - }, - }, - &certificatesv1beta1.CertificateSigningRequest{}, - resyncPeriod, - indexers, - ) -} - -func (f *certificateSigningRequestInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCertificateSigningRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *certificateSigningRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&certificatesv1beta1.CertificateSigningRequest{}, f.defaultInformer) -} - -func (f *certificateSigningRequestInformer) Lister() v1beta1.CertificateSigningRequestLister { - return v1beta1.NewCertificateSigningRequestLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/certificates/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/certificates/v1beta1/interface.go deleted file mode 100644 index 258dd1d0e6..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/certificates/v1beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // CertificateSigningRequests returns a CertificateSigningRequestInformer. - CertificateSigningRequests() CertificateSigningRequestInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// CertificateSigningRequests returns a CertificateSigningRequestInformer. -func (v *version) CertificateSigningRequests() CertificateSigningRequestInformer { - return &certificateSigningRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/coordination/interface.go b/etcd/vendor/k8s.io/client-go/informers/coordination/interface.go deleted file mode 100644 index 54cfd7b9f2..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/coordination/interface.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package coordination - -import ( - v1 "k8s.io/client-go/informers/coordination/v1" - v1beta1 "k8s.io/client-go/informers/coordination/v1beta1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/coordination/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/coordination/v1/interface.go deleted file mode 100644 index 05c4acbef8..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/coordination/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // Leases returns a LeaseInformer. - Leases() LeaseInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// Leases returns a LeaseInformer. -func (v *version) Leases() LeaseInformer { - return &leaseInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/coordination/v1/lease.go b/etcd/vendor/k8s.io/client-go/informers/coordination/v1/lease.go deleted file mode 100644 index e538923a86..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/coordination/v1/lease.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - coordinationv1 "k8s.io/api/coordination/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/coordination/v1" - cache "k8s.io/client-go/tools/cache" -) - -// LeaseInformer provides access to a shared informer and lister for -// Leases. -type LeaseInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.LeaseLister -} - -type leaseInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewLeaseInformer constructs a new informer for Lease type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewLeaseInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredLeaseInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredLeaseInformer constructs a new informer for Lease type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredLeaseInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoordinationV1().Leases(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoordinationV1().Leases(namespace).Watch(context.TODO(), options) - }, - }, - &coordinationv1.Lease{}, - resyncPeriod, - indexers, - ) -} - -func (f *leaseInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredLeaseInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *leaseInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&coordinationv1.Lease{}, f.defaultInformer) -} - -func (f *leaseInformer) Lister() v1.LeaseLister { - return v1.NewLeaseLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/coordination/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/coordination/v1beta1/interface.go deleted file mode 100644 index 360266206c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/coordination/v1beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // Leases returns a LeaseInformer. - Leases() LeaseInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// Leases returns a LeaseInformer. -func (v *version) Leases() LeaseInformer { - return &leaseInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/coordination/v1beta1/lease.go b/etcd/vendor/k8s.io/client-go/informers/coordination/v1beta1/lease.go deleted file mode 100644 index 5a6959c0ba..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/coordination/v1beta1/lease.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - coordinationv1beta1 "k8s.io/api/coordination/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/coordination/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// LeaseInformer provides access to a shared informer and lister for -// Leases. -type LeaseInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.LeaseLister -} - -type leaseInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewLeaseInformer constructs a new informer for Lease type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewLeaseInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredLeaseInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredLeaseInformer constructs a new informer for Lease type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredLeaseInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoordinationV1beta1().Leases(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoordinationV1beta1().Leases(namespace).Watch(context.TODO(), options) - }, - }, - &coordinationv1beta1.Lease{}, - resyncPeriod, - indexers, - ) -} - -func (f *leaseInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredLeaseInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *leaseInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&coordinationv1beta1.Lease{}, f.defaultInformer) -} - -func (f *leaseInformer) Lister() v1beta1.LeaseLister { - return v1beta1.NewLeaseLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/interface.go b/etcd/vendor/k8s.io/client-go/informers/core/interface.go deleted file mode 100644 index de8396b516..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/interface.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package core - -import ( - v1 "k8s.io/client-go/informers/core/v1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/componentstatus.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/componentstatus.go deleted file mode 100644 index ccdee535bc..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/componentstatus.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ComponentStatusInformer provides access to a shared informer and lister for -// ComponentStatuses. -type ComponentStatusInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ComponentStatusLister -} - -type componentStatusInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewComponentStatusInformer constructs a new informer for ComponentStatus type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewComponentStatusInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredComponentStatusInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredComponentStatusInformer constructs a new informer for ComponentStatus type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredComponentStatusInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ComponentStatuses().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ComponentStatuses().Watch(context.TODO(), options) - }, - }, - &corev1.ComponentStatus{}, - resyncPeriod, - indexers, - ) -} - -func (f *componentStatusInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredComponentStatusInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *componentStatusInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.ComponentStatus{}, f.defaultInformer) -} - -func (f *componentStatusInformer) Lister() v1.ComponentStatusLister { - return v1.NewComponentStatusLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/configmap.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/configmap.go deleted file mode 100644 index 6253581784..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/configmap.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ConfigMapInformer provides access to a shared informer and lister for -// ConfigMaps. -type ConfigMapInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ConfigMapLister -} - -type configMapInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewConfigMapInformer constructs a new informer for ConfigMap type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewConfigMapInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredConfigMapInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredConfigMapInformer constructs a new informer for ConfigMap type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredConfigMapInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ConfigMaps(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ConfigMaps(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.ConfigMap{}, - resyncPeriod, - indexers, - ) -} - -func (f *configMapInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredConfigMapInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *configMapInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.ConfigMap{}, f.defaultInformer) -} - -func (f *configMapInformer) Lister() v1.ConfigMapLister { - return v1.NewConfigMapLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/endpoints.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/endpoints.go deleted file mode 100644 index cd0f25b7f7..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/endpoints.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// EndpointsInformer provides access to a shared informer and lister for -// Endpoints. -type EndpointsInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.EndpointsLister -} - -type endpointsInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewEndpointsInformer constructs a new informer for Endpoints type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewEndpointsInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredEndpointsInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredEndpointsInformer constructs a new informer for Endpoints type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredEndpointsInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Endpoints(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Endpoints(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.Endpoints{}, - resyncPeriod, - indexers, - ) -} - -func (f *endpointsInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredEndpointsInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *endpointsInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.Endpoints{}, f.defaultInformer) -} - -func (f *endpointsInformer) Lister() v1.EndpointsLister { - return v1.NewEndpointsLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/event.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/event.go deleted file mode 100644 index 8825e9b7a4..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/event.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// EventInformer provides access to a shared informer and lister for -// Events. -type EventInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.EventLister -} - -type eventInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewEventInformer constructs a new informer for Event type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewEventInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredEventInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredEventInformer constructs a new informer for Event type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredEventInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Events(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Events(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.Event{}, - resyncPeriod, - indexers, - ) -} - -func (f *eventInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredEventInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *eventInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.Event{}, f.defaultInformer) -} - -func (f *eventInformer) Lister() v1.EventLister { - return v1.NewEventLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/interface.go deleted file mode 100644 index b2216a05c8..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/interface.go +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ComponentStatuses returns a ComponentStatusInformer. - ComponentStatuses() ComponentStatusInformer - // ConfigMaps returns a ConfigMapInformer. - ConfigMaps() ConfigMapInformer - // Endpoints returns a EndpointsInformer. - Endpoints() EndpointsInformer - // Events returns a EventInformer. - Events() EventInformer - // LimitRanges returns a LimitRangeInformer. - LimitRanges() LimitRangeInformer - // Namespaces returns a NamespaceInformer. - Namespaces() NamespaceInformer - // Nodes returns a NodeInformer. - Nodes() NodeInformer - // PersistentVolumes returns a PersistentVolumeInformer. - PersistentVolumes() PersistentVolumeInformer - // PersistentVolumeClaims returns a PersistentVolumeClaimInformer. - PersistentVolumeClaims() PersistentVolumeClaimInformer - // Pods returns a PodInformer. - Pods() PodInformer - // PodTemplates returns a PodTemplateInformer. - PodTemplates() PodTemplateInformer - // ReplicationControllers returns a ReplicationControllerInformer. - ReplicationControllers() ReplicationControllerInformer - // ResourceQuotas returns a ResourceQuotaInformer. - ResourceQuotas() ResourceQuotaInformer - // Secrets returns a SecretInformer. - Secrets() SecretInformer - // Services returns a ServiceInformer. - Services() ServiceInformer - // ServiceAccounts returns a ServiceAccountInformer. - ServiceAccounts() ServiceAccountInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ComponentStatuses returns a ComponentStatusInformer. -func (v *version) ComponentStatuses() ComponentStatusInformer { - return &componentStatusInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ConfigMaps returns a ConfigMapInformer. -func (v *version) ConfigMaps() ConfigMapInformer { - return &configMapInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Endpoints returns a EndpointsInformer. -func (v *version) Endpoints() EndpointsInformer { - return &endpointsInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Events returns a EventInformer. -func (v *version) Events() EventInformer { - return &eventInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// LimitRanges returns a LimitRangeInformer. -func (v *version) LimitRanges() LimitRangeInformer { - return &limitRangeInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Namespaces returns a NamespaceInformer. -func (v *version) Namespaces() NamespaceInformer { - return &namespaceInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// Nodes returns a NodeInformer. -func (v *version) Nodes() NodeInformer { - return &nodeInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// PersistentVolumes returns a PersistentVolumeInformer. -func (v *version) PersistentVolumes() PersistentVolumeInformer { - return &persistentVolumeInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// PersistentVolumeClaims returns a PersistentVolumeClaimInformer. -func (v *version) PersistentVolumeClaims() PersistentVolumeClaimInformer { - return &persistentVolumeClaimInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Pods returns a PodInformer. -func (v *version) Pods() PodInformer { - return &podInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// PodTemplates returns a PodTemplateInformer. -func (v *version) PodTemplates() PodTemplateInformer { - return &podTemplateInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ReplicationControllers returns a ReplicationControllerInformer. -func (v *version) ReplicationControllers() ReplicationControllerInformer { - return &replicationControllerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ResourceQuotas returns a ResourceQuotaInformer. -func (v *version) ResourceQuotas() ResourceQuotaInformer { - return &resourceQuotaInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Secrets returns a SecretInformer. -func (v *version) Secrets() SecretInformer { - return &secretInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Services returns a ServiceInformer. -func (v *version) Services() ServiceInformer { - return &serviceInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ServiceAccounts returns a ServiceAccountInformer. -func (v *version) ServiceAccounts() ServiceAccountInformer { - return &serviceAccountInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/limitrange.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/limitrange.go deleted file mode 100644 index 4cbfda1f7a..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/limitrange.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// LimitRangeInformer provides access to a shared informer and lister for -// LimitRanges. -type LimitRangeInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.LimitRangeLister -} - -type limitRangeInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewLimitRangeInformer constructs a new informer for LimitRange type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewLimitRangeInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredLimitRangeInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredLimitRangeInformer constructs a new informer for LimitRange type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredLimitRangeInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().LimitRanges(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().LimitRanges(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.LimitRange{}, - resyncPeriod, - indexers, - ) -} - -func (f *limitRangeInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredLimitRangeInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *limitRangeInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.LimitRange{}, f.defaultInformer) -} - -func (f *limitRangeInformer) Lister() v1.LimitRangeLister { - return v1.NewLimitRangeLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/namespace.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/namespace.go deleted file mode 100644 index 506f930a7d..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/namespace.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// NamespaceInformer provides access to a shared informer and lister for -// Namespaces. -type NamespaceInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.NamespaceLister -} - -type namespaceInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewNamespaceInformer constructs a new informer for Namespace type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewNamespaceInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredNamespaceInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredNamespaceInformer constructs a new informer for Namespace type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredNamespaceInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Namespaces().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Namespaces().Watch(context.TODO(), options) - }, - }, - &corev1.Namespace{}, - resyncPeriod, - indexers, - ) -} - -func (f *namespaceInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredNamespaceInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *namespaceInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.Namespace{}, f.defaultInformer) -} - -func (f *namespaceInformer) Lister() v1.NamespaceLister { - return v1.NewNamespaceLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/node.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/node.go deleted file mode 100644 index 9939fc2cb6..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/node.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// NodeInformer provides access to a shared informer and lister for -// Nodes. -type NodeInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.NodeLister -} - -type nodeInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewNodeInformer constructs a new informer for Node type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewNodeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredNodeInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredNodeInformer constructs a new informer for Node type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredNodeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Nodes().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Nodes().Watch(context.TODO(), options) - }, - }, - &corev1.Node{}, - resyncPeriod, - indexers, - ) -} - -func (f *nodeInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredNodeInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *nodeInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.Node{}, f.defaultInformer) -} - -func (f *nodeInformer) Lister() v1.NodeLister { - return v1.NewNodeLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/persistentvolume.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/persistentvolume.go deleted file mode 100644 index c82445997c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/persistentvolume.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// PersistentVolumeInformer provides access to a shared informer and lister for -// PersistentVolumes. -type PersistentVolumeInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.PersistentVolumeLister -} - -type persistentVolumeInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPersistentVolumeInformer constructs a new informer for PersistentVolume type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPersistentVolumeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPersistentVolumeInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPersistentVolumeInformer constructs a new informer for PersistentVolume type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPersistentVolumeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().PersistentVolumes().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().PersistentVolumes().Watch(context.TODO(), options) - }, - }, - &corev1.PersistentVolume{}, - resyncPeriod, - indexers, - ) -} - -func (f *persistentVolumeInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPersistentVolumeInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *persistentVolumeInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.PersistentVolume{}, f.defaultInformer) -} - -func (f *persistentVolumeInformer) Lister() v1.PersistentVolumeLister { - return v1.NewPersistentVolumeLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/persistentvolumeclaim.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/persistentvolumeclaim.go deleted file mode 100644 index 7a7df1cff8..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/persistentvolumeclaim.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// PersistentVolumeClaimInformer provides access to a shared informer and lister for -// PersistentVolumeClaims. -type PersistentVolumeClaimInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.PersistentVolumeClaimLister -} - -type persistentVolumeClaimInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewPersistentVolumeClaimInformer constructs a new informer for PersistentVolumeClaim type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPersistentVolumeClaimInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPersistentVolumeClaimInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredPersistentVolumeClaimInformer constructs a new informer for PersistentVolumeClaim type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPersistentVolumeClaimInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().PersistentVolumeClaims(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().PersistentVolumeClaims(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.PersistentVolumeClaim{}, - resyncPeriod, - indexers, - ) -} - -func (f *persistentVolumeClaimInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPersistentVolumeClaimInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *persistentVolumeClaimInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.PersistentVolumeClaim{}, f.defaultInformer) -} - -func (f *persistentVolumeClaimInformer) Lister() v1.PersistentVolumeClaimLister { - return v1.NewPersistentVolumeClaimLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/pod.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/pod.go deleted file mode 100644 index 5c713a9b6f..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/pod.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// PodInformer provides access to a shared informer and lister for -// Pods. -type PodInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.PodLister -} - -type podInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewPodInformer constructs a new informer for Pod type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPodInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPodInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredPodInformer constructs a new informer for Pod type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPodInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Pods(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Pods(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.Pod{}, - resyncPeriod, - indexers, - ) -} - -func (f *podInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPodInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *podInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.Pod{}, f.defaultInformer) -} - -func (f *podInformer) Lister() v1.PodLister { - return v1.NewPodLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/podtemplate.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/podtemplate.go deleted file mode 100644 index 2a16e910db..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/podtemplate.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// PodTemplateInformer provides access to a shared informer and lister for -// PodTemplates. -type PodTemplateInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.PodTemplateLister -} - -type podTemplateInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewPodTemplateInformer constructs a new informer for PodTemplate type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPodTemplateInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPodTemplateInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredPodTemplateInformer constructs a new informer for PodTemplate type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPodTemplateInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().PodTemplates(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().PodTemplates(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.PodTemplate{}, - resyncPeriod, - indexers, - ) -} - -func (f *podTemplateInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPodTemplateInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *podTemplateInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.PodTemplate{}, f.defaultInformer) -} - -func (f *podTemplateInformer) Lister() v1.PodTemplateLister { - return v1.NewPodTemplateLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/replicationcontroller.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/replicationcontroller.go deleted file mode 100644 index 930beb4cd5..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/replicationcontroller.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ReplicationControllerInformer provides access to a shared informer and lister for -// ReplicationControllers. -type ReplicationControllerInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ReplicationControllerLister -} - -type replicationControllerInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewReplicationControllerInformer constructs a new informer for ReplicationController type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewReplicationControllerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredReplicationControllerInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredReplicationControllerInformer constructs a new informer for ReplicationController type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredReplicationControllerInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ReplicationControllers(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ReplicationControllers(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.ReplicationController{}, - resyncPeriod, - indexers, - ) -} - -func (f *replicationControllerInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredReplicationControllerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *replicationControllerInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.ReplicationController{}, f.defaultInformer) -} - -func (f *replicationControllerInformer) Lister() v1.ReplicationControllerLister { - return v1.NewReplicationControllerLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/resourcequota.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/resourcequota.go deleted file mode 100644 index 619262a612..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/resourcequota.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ResourceQuotaInformer provides access to a shared informer and lister for -// ResourceQuotas. -type ResourceQuotaInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ResourceQuotaLister -} - -type resourceQuotaInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewResourceQuotaInformer constructs a new informer for ResourceQuota type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewResourceQuotaInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredResourceQuotaInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredResourceQuotaInformer constructs a new informer for ResourceQuota type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredResourceQuotaInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ResourceQuotas(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ResourceQuotas(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.ResourceQuota{}, - resyncPeriod, - indexers, - ) -} - -func (f *resourceQuotaInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredResourceQuotaInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *resourceQuotaInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.ResourceQuota{}, f.defaultInformer) -} - -func (f *resourceQuotaInformer) Lister() v1.ResourceQuotaLister { - return v1.NewResourceQuotaLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/secret.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/secret.go deleted file mode 100644 index a6be070693..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/secret.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// SecretInformer provides access to a shared informer and lister for -// Secrets. -type SecretInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.SecretLister -} - -type secretInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewSecretInformer constructs a new informer for Secret type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewSecretInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredSecretInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredSecretInformer constructs a new informer for Secret type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredSecretInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Secrets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Secrets(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.Secret{}, - resyncPeriod, - indexers, - ) -} - -func (f *secretInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredSecretInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *secretInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.Secret{}, f.defaultInformer) -} - -func (f *secretInformer) Lister() v1.SecretLister { - return v1.NewSecretLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/service.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/service.go deleted file mode 100644 index 3d9ecc6e95..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/service.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ServiceInformer provides access to a shared informer and lister for -// Services. -type ServiceInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ServiceLister -} - -type serviceInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewServiceInformer constructs a new informer for Service type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewServiceInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredServiceInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredServiceInformer constructs a new informer for Service type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredServiceInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Services(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().Services(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.Service{}, - resyncPeriod, - indexers, - ) -} - -func (f *serviceInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredServiceInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *serviceInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.Service{}, f.defaultInformer) -} - -func (f *serviceInformer) Lister() v1.ServiceLister { - return v1.NewServiceLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/core/v1/serviceaccount.go b/etcd/vendor/k8s.io/client-go/informers/core/v1/serviceaccount.go deleted file mode 100644 index 44371c9fa4..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/core/v1/serviceaccount.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/core/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ServiceAccountInformer provides access to a shared informer and lister for -// ServiceAccounts. -type ServiceAccountInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ServiceAccountLister -} - -type serviceAccountInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewServiceAccountInformer constructs a new informer for ServiceAccount type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewServiceAccountInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredServiceAccountInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredServiceAccountInformer constructs a new informer for ServiceAccount type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredServiceAccountInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ServiceAccounts(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.CoreV1().ServiceAccounts(namespace).Watch(context.TODO(), options) - }, - }, - &corev1.ServiceAccount{}, - resyncPeriod, - indexers, - ) -} - -func (f *serviceAccountInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredServiceAccountInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *serviceAccountInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&corev1.ServiceAccount{}, f.defaultInformer) -} - -func (f *serviceAccountInformer) Lister() v1.ServiceAccountLister { - return v1.NewServiceAccountLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/discovery/interface.go b/etcd/vendor/k8s.io/client-go/informers/discovery/interface.go deleted file mode 100644 index 37da9371f6..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/discovery/interface.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package discovery - -import ( - v1 "k8s.io/client-go/informers/discovery/v1" - v1beta1 "k8s.io/client-go/informers/discovery/v1beta1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/discovery/v1/endpointslice.go b/etcd/vendor/k8s.io/client-go/informers/discovery/v1/endpointslice.go deleted file mode 100644 index 6c6c3372bf..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/discovery/v1/endpointslice.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - discoveryv1 "k8s.io/api/discovery/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/discovery/v1" - cache "k8s.io/client-go/tools/cache" -) - -// EndpointSliceInformer provides access to a shared informer and lister for -// EndpointSlices. -type EndpointSliceInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.EndpointSliceLister -} - -type endpointSliceInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewEndpointSliceInformer constructs a new informer for EndpointSlice type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewEndpointSliceInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredEndpointSliceInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredEndpointSliceInformer constructs a new informer for EndpointSlice type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredEndpointSliceInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.DiscoveryV1().EndpointSlices(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.DiscoveryV1().EndpointSlices(namespace).Watch(context.TODO(), options) - }, - }, - &discoveryv1.EndpointSlice{}, - resyncPeriod, - indexers, - ) -} - -func (f *endpointSliceInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredEndpointSliceInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *endpointSliceInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&discoveryv1.EndpointSlice{}, f.defaultInformer) -} - -func (f *endpointSliceInformer) Lister() v1.EndpointSliceLister { - return v1.NewEndpointSliceLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/discovery/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/discovery/v1/interface.go deleted file mode 100644 index d90c63c0a9..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/discovery/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // EndpointSlices returns a EndpointSliceInformer. - EndpointSlices() EndpointSliceInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// EndpointSlices returns a EndpointSliceInformer. -func (v *version) EndpointSlices() EndpointSliceInformer { - return &endpointSliceInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/discovery/v1beta1/endpointslice.go b/etcd/vendor/k8s.io/client-go/informers/discovery/v1beta1/endpointslice.go deleted file mode 100644 index 69ae38a91a..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/discovery/v1beta1/endpointslice.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/discovery/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// EndpointSliceInformer provides access to a shared informer and lister for -// EndpointSlices. -type EndpointSliceInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.EndpointSliceLister -} - -type endpointSliceInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewEndpointSliceInformer constructs a new informer for EndpointSlice type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewEndpointSliceInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredEndpointSliceInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredEndpointSliceInformer constructs a new informer for EndpointSlice type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredEndpointSliceInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.DiscoveryV1beta1().EndpointSlices(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.DiscoveryV1beta1().EndpointSlices(namespace).Watch(context.TODO(), options) - }, - }, - &discoveryv1beta1.EndpointSlice{}, - resyncPeriod, - indexers, - ) -} - -func (f *endpointSliceInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredEndpointSliceInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *endpointSliceInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&discoveryv1beta1.EndpointSlice{}, f.defaultInformer) -} - -func (f *endpointSliceInformer) Lister() v1beta1.EndpointSliceLister { - return v1beta1.NewEndpointSliceLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/discovery/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/discovery/v1beta1/interface.go deleted file mode 100644 index 4661646e01..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/discovery/v1beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // EndpointSlices returns a EndpointSliceInformer. - EndpointSlices() EndpointSliceInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// EndpointSlices returns a EndpointSliceInformer. -func (v *version) EndpointSlices() EndpointSliceInformer { - return &endpointSliceInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/events/interface.go b/etcd/vendor/k8s.io/client-go/informers/events/interface.go deleted file mode 100644 index b350dde5b6..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/events/interface.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package events - -import ( - v1 "k8s.io/client-go/informers/events/v1" - v1beta1 "k8s.io/client-go/informers/events/v1beta1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/events/v1/event.go b/etcd/vendor/k8s.io/client-go/informers/events/v1/event.go deleted file mode 100644 index f8d35ee15c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/events/v1/event.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - eventsv1 "k8s.io/api/events/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/events/v1" - cache "k8s.io/client-go/tools/cache" -) - -// EventInformer provides access to a shared informer and lister for -// Events. -type EventInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.EventLister -} - -type eventInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewEventInformer constructs a new informer for Event type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewEventInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredEventInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredEventInformer constructs a new informer for Event type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredEventInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.EventsV1().Events(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.EventsV1().Events(namespace).Watch(context.TODO(), options) - }, - }, - &eventsv1.Event{}, - resyncPeriod, - indexers, - ) -} - -func (f *eventInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredEventInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *eventInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&eventsv1.Event{}, f.defaultInformer) -} - -func (f *eventInformer) Lister() v1.EventLister { - return v1.NewEventLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/events/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/events/v1/interface.go deleted file mode 100644 index cd06e23359..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/events/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // Events returns a EventInformer. - Events() EventInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// Events returns a EventInformer. -func (v *version) Events() EventInformer { - return &eventInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/events/v1beta1/event.go b/etcd/vendor/k8s.io/client-go/informers/events/v1beta1/event.go deleted file mode 100644 index 025f6a5cf3..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/events/v1beta1/event.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - eventsv1beta1 "k8s.io/api/events/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/events/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// EventInformer provides access to a shared informer and lister for -// Events. -type EventInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.EventLister -} - -type eventInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewEventInformer constructs a new informer for Event type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewEventInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredEventInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredEventInformer constructs a new informer for Event type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredEventInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.EventsV1beta1().Events(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.EventsV1beta1().Events(namespace).Watch(context.TODO(), options) - }, - }, - &eventsv1beta1.Event{}, - resyncPeriod, - indexers, - ) -} - -func (f *eventInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredEventInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *eventInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&eventsv1beta1.Event{}, f.defaultInformer) -} - -func (f *eventInformer) Lister() v1beta1.EventLister { - return v1beta1.NewEventLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/events/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/events/v1beta1/interface.go deleted file mode 100644 index c71888c9a4..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/events/v1beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // Events returns a EventInformer. - Events() EventInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// Events returns a EventInformer. -func (v *version) Events() EventInformer { - return &eventInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/interface.go b/etcd/vendor/k8s.io/client-go/informers/extensions/interface.go deleted file mode 100644 index 94a66d3853..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/interface.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package extensions - -import ( - v1beta1 "k8s.io/client-go/informers/extensions/v1beta1" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/daemonset.go b/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/daemonset.go deleted file mode 100644 index 050080a598..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/daemonset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/extensions/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// DaemonSetInformer provides access to a shared informer and lister for -// DaemonSets. -type DaemonSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.DaemonSetLister -} - -type daemonSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewDaemonSetInformer constructs a new informer for DaemonSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewDaemonSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredDaemonSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredDaemonSetInformer constructs a new informer for DaemonSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredDaemonSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().DaemonSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().DaemonSets(namespace).Watch(context.TODO(), options) - }, - }, - &extensionsv1beta1.DaemonSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *daemonSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredDaemonSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *daemonSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&extensionsv1beta1.DaemonSet{}, f.defaultInformer) -} - -func (f *daemonSetInformer) Lister() v1beta1.DaemonSetLister { - return v1beta1.NewDaemonSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/deployment.go b/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/deployment.go deleted file mode 100644 index 1b16c5cc91..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/deployment.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/extensions/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// DeploymentInformer provides access to a shared informer and lister for -// Deployments. -type DeploymentInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.DeploymentLister -} - -type deploymentInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredDeploymentInformer constructs a new informer for Deployment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredDeploymentInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().Deployments(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().Deployments(namespace).Watch(context.TODO(), options) - }, - }, - &extensionsv1beta1.Deployment{}, - resyncPeriod, - indexers, - ) -} - -func (f *deploymentInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredDeploymentInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *deploymentInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&extensionsv1beta1.Deployment{}, f.defaultInformer) -} - -func (f *deploymentInformer) Lister() v1beta1.DeploymentLister { - return v1beta1.NewDeploymentLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/ingress.go b/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/ingress.go deleted file mode 100644 index f01a887617..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/ingress.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/extensions/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// IngressInformer provides access to a shared informer and lister for -// Ingresses. -type IngressInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.IngressLister -} - -type ingressInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewIngressInformer constructs a new informer for Ingress type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewIngressInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredIngressInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredIngressInformer constructs a new informer for Ingress type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredIngressInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().Ingresses(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().Ingresses(namespace).Watch(context.TODO(), options) - }, - }, - &extensionsv1beta1.Ingress{}, - resyncPeriod, - indexers, - ) -} - -func (f *ingressInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredIngressInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *ingressInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&extensionsv1beta1.Ingress{}, f.defaultInformer) -} - -func (f *ingressInformer) Lister() v1beta1.IngressLister { - return v1beta1.NewIngressLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/interface.go deleted file mode 100644 index 6f0bea7e87..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/interface.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // DaemonSets returns a DaemonSetInformer. - DaemonSets() DaemonSetInformer - // Deployments returns a DeploymentInformer. - Deployments() DeploymentInformer - // Ingresses returns a IngressInformer. - Ingresses() IngressInformer - // NetworkPolicies returns a NetworkPolicyInformer. - NetworkPolicies() NetworkPolicyInformer - // PodSecurityPolicies returns a PodSecurityPolicyInformer. - PodSecurityPolicies() PodSecurityPolicyInformer - // ReplicaSets returns a ReplicaSetInformer. - ReplicaSets() ReplicaSetInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// DaemonSets returns a DaemonSetInformer. -func (v *version) DaemonSets() DaemonSetInformer { - return &daemonSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Deployments returns a DeploymentInformer. -func (v *version) Deployments() DeploymentInformer { - return &deploymentInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// Ingresses returns a IngressInformer. -func (v *version) Ingresses() IngressInformer { - return &ingressInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// NetworkPolicies returns a NetworkPolicyInformer. -func (v *version) NetworkPolicies() NetworkPolicyInformer { - return &networkPolicyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// PodSecurityPolicies returns a PodSecurityPolicyInformer. -func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer { - return &podSecurityPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ReplicaSets returns a ReplicaSetInformer. -func (v *version) ReplicaSets() ReplicaSetInformer { - return &replicaSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/networkpolicy.go b/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/networkpolicy.go deleted file mode 100644 index 4a924619fb..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/networkpolicy.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/extensions/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// NetworkPolicyInformer provides access to a shared informer and lister for -// NetworkPolicies. -type NetworkPolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.NetworkPolicyLister -} - -type networkPolicyInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewNetworkPolicyInformer constructs a new informer for NetworkPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewNetworkPolicyInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredNetworkPolicyInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredNetworkPolicyInformer constructs a new informer for NetworkPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredNetworkPolicyInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().NetworkPolicies(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().NetworkPolicies(namespace).Watch(context.TODO(), options) - }, - }, - &extensionsv1beta1.NetworkPolicy{}, - resyncPeriod, - indexers, - ) -} - -func (f *networkPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredNetworkPolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *networkPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&extensionsv1beta1.NetworkPolicy{}, f.defaultInformer) -} - -func (f *networkPolicyInformer) Lister() v1beta1.NetworkPolicyLister { - return v1beta1.NewNetworkPolicyLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/podsecuritypolicy.go b/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/podsecuritypolicy.go deleted file mode 100644 index 11be2751cc..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/podsecuritypolicy.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/extensions/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// PodSecurityPolicyInformer provides access to a shared informer and lister for -// PodSecurityPolicies. -type PodSecurityPolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.PodSecurityPolicyLister -} - -type podSecurityPolicyInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().PodSecurityPolicies().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().PodSecurityPolicies().Watch(context.TODO(), options) - }, - }, - &extensionsv1beta1.PodSecurityPolicy{}, - resyncPeriod, - indexers, - ) -} - -func (f *podSecurityPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *podSecurityPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&extensionsv1beta1.PodSecurityPolicy{}, f.defaultInformer) -} - -func (f *podSecurityPolicyInformer) Lister() v1beta1.PodSecurityPolicyLister { - return v1beta1.NewPodSecurityPolicyLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/replicaset.go b/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/replicaset.go deleted file mode 100644 index f7e224bcfb..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/extensions/v1beta1/replicaset.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/extensions/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// ReplicaSetInformer provides access to a shared informer and lister for -// ReplicaSets. -type ReplicaSetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.ReplicaSetLister -} - -type replicaSetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewReplicaSetInformer constructs a new informer for ReplicaSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewReplicaSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredReplicaSetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredReplicaSetInformer constructs a new informer for ReplicaSet type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredReplicaSetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().ReplicaSets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ExtensionsV1beta1().ReplicaSets(namespace).Watch(context.TODO(), options) - }, - }, - &extensionsv1beta1.ReplicaSet{}, - resyncPeriod, - indexers, - ) -} - -func (f *replicaSetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredReplicaSetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *replicaSetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&extensionsv1beta1.ReplicaSet{}, f.defaultInformer) -} - -func (f *replicaSetInformer) Lister() v1beta1.ReplicaSetLister { - return v1beta1.NewReplicaSetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/factory.go b/etcd/vendor/k8s.io/client-go/informers/factory.go deleted file mode 100644 index 8e7a7e36de..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/factory.go +++ /dev/null @@ -1,359 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package informers - -import ( - reflect "reflect" - sync "sync" - time "time" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - schema "k8s.io/apimachinery/pkg/runtime/schema" - admissionregistration "k8s.io/client-go/informers/admissionregistration" - apiserverinternal "k8s.io/client-go/informers/apiserverinternal" - apps "k8s.io/client-go/informers/apps" - autoscaling "k8s.io/client-go/informers/autoscaling" - batch "k8s.io/client-go/informers/batch" - certificates "k8s.io/client-go/informers/certificates" - coordination "k8s.io/client-go/informers/coordination" - core "k8s.io/client-go/informers/core" - discovery "k8s.io/client-go/informers/discovery" - events "k8s.io/client-go/informers/events" - extensions "k8s.io/client-go/informers/extensions" - flowcontrol "k8s.io/client-go/informers/flowcontrol" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - networking "k8s.io/client-go/informers/networking" - node "k8s.io/client-go/informers/node" - policy "k8s.io/client-go/informers/policy" - rbac "k8s.io/client-go/informers/rbac" - resource "k8s.io/client-go/informers/resource" - scheduling "k8s.io/client-go/informers/scheduling" - storage "k8s.io/client-go/informers/storage" - kubernetes "k8s.io/client-go/kubernetes" - cache "k8s.io/client-go/tools/cache" -) - -// SharedInformerOption defines the functional option type for SharedInformerFactory. -type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory - -type sharedInformerFactory struct { - client kubernetes.Interface - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc - lock sync.Mutex - defaultResync time.Duration - customResync map[reflect.Type]time.Duration - - informers map[reflect.Type]cache.SharedIndexInformer - // startedInformers is used for tracking which informers have been started. - // This allows Start() to be called multiple times safely. - startedInformers map[reflect.Type]bool - // wg tracks how many goroutines were started. - wg sync.WaitGroup - // shuttingDown is true when Shutdown has been called. It may still be running - // because it needs to wait for goroutines. - shuttingDown bool -} - -// WithCustomResyncConfig sets a custom resync period for the specified informer types. -func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption { - return func(factory *sharedInformerFactory) *sharedInformerFactory { - for k, v := range resyncConfig { - factory.customResync[reflect.TypeOf(k)] = v - } - return factory - } -} - -// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory. -func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption { - return func(factory *sharedInformerFactory) *sharedInformerFactory { - factory.tweakListOptions = tweakListOptions - return factory - } -} - -// WithNamespace limits the SharedInformerFactory to the specified namespace. -func WithNamespace(namespace string) SharedInformerOption { - return func(factory *sharedInformerFactory) *sharedInformerFactory { - factory.namespace = namespace - return factory - } -} - -// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. -func NewSharedInformerFactory(client kubernetes.Interface, defaultResync time.Duration) SharedInformerFactory { - return NewSharedInformerFactoryWithOptions(client, defaultResync) -} - -// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory. -// Listers obtained via this SharedInformerFactory will be subject to the same filters -// as specified here. -// Deprecated: Please use NewSharedInformerFactoryWithOptions instead -func NewFilteredSharedInformerFactory(client kubernetes.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory { - return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions)) -} - -// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options. -func NewSharedInformerFactoryWithOptions(client kubernetes.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory { - factory := &sharedInformerFactory{ - client: client, - namespace: v1.NamespaceAll, - defaultResync: defaultResync, - informers: make(map[reflect.Type]cache.SharedIndexInformer), - startedInformers: make(map[reflect.Type]bool), - customResync: make(map[reflect.Type]time.Duration), - } - - // Apply all options - for _, opt := range options { - factory = opt(factory) - } - - return factory -} - -func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) { - f.lock.Lock() - defer f.lock.Unlock() - - if f.shuttingDown { - return - } - - for informerType, informer := range f.informers { - if !f.startedInformers[informerType] { - f.wg.Add(1) - // We need a new variable in each loop iteration, - // otherwise the goroutine would use the loop variable - // and that keeps changing. - informer := informer - go func() { - defer f.wg.Done() - informer.Run(stopCh) - }() - f.startedInformers[informerType] = true - } - } -} - -func (f *sharedInformerFactory) Shutdown() { - f.lock.Lock() - f.shuttingDown = true - f.lock.Unlock() - - // Will return immediately if there is nothing to wait for. - f.wg.Wait() -} - -func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool { - informers := func() map[reflect.Type]cache.SharedIndexInformer { - f.lock.Lock() - defer f.lock.Unlock() - - informers := map[reflect.Type]cache.SharedIndexInformer{} - for informerType, informer := range f.informers { - if f.startedInformers[informerType] { - informers[informerType] = informer - } - } - return informers - }() - - res := map[reflect.Type]bool{} - for informType, informer := range informers { - res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced) - } - return res -} - -// InternalInformerFor returns the SharedIndexInformer for obj using an internal -// client. -func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer { - f.lock.Lock() - defer f.lock.Unlock() - - informerType := reflect.TypeOf(obj) - informer, exists := f.informers[informerType] - if exists { - return informer - } - - resyncPeriod, exists := f.customResync[informerType] - if !exists { - resyncPeriod = f.defaultResync - } - - informer = newFunc(f.client, resyncPeriod) - f.informers[informerType] = informer - - return informer -} - -// SharedInformerFactory provides shared informers for resources in all known -// API group versions. -// -// It is typically used like this: -// -// ctx, cancel := context.Background() -// defer cancel() -// factory := NewSharedInformerFactory(client, resyncPeriod) -// defer factory.WaitForStop() // Returns immediately if nothing was started. -// genericInformer := factory.ForResource(resource) -// typedInformer := factory.SomeAPIGroup().V1().SomeType() -// factory.Start(ctx.Done()) // Start processing these informers. -// synced := factory.WaitForCacheSync(ctx.Done()) -// for v, ok := range synced { -// if !ok { -// fmt.Fprintf(os.Stderr, "caches failed to sync: %v", v) -// return -// } -// } -// -// // Creating informers can also be created after Start, but then -// // Start must be called again: -// anotherGenericInformer := factory.ForResource(resource) -// factory.Start(ctx.Done()) -type SharedInformerFactory interface { - internalinterfaces.SharedInformerFactory - - // Start initializes all requested informers. They are handled in goroutines - // which run until the stop channel gets closed. - Start(stopCh <-chan struct{}) - - // Shutdown marks a factory as shutting down. At that point no new - // informers can be started anymore and Start will return without - // doing anything. - // - // In addition, Shutdown blocks until all goroutines have terminated. For that - // to happen, the close channel(s) that they were started with must be closed, - // either before Shutdown gets called or while it is waiting. - // - // Shutdown may be called multiple times, even concurrently. All such calls will - // block until all goroutines have terminated. - Shutdown() - - // WaitForCacheSync blocks until all started informers' caches were synced - // or the stop channel gets closed. - WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool - - // ForResource gives generic access to a shared informer of the matching type. - ForResource(resource schema.GroupVersionResource) (GenericInformer, error) - - // InternalInformerFor returns the SharedIndexInformer for obj using an internal - // client. - InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer - - Admissionregistration() admissionregistration.Interface - Internal() apiserverinternal.Interface - Apps() apps.Interface - Autoscaling() autoscaling.Interface - Batch() batch.Interface - Certificates() certificates.Interface - Coordination() coordination.Interface - Core() core.Interface - Discovery() discovery.Interface - Events() events.Interface - Extensions() extensions.Interface - Flowcontrol() flowcontrol.Interface - Networking() networking.Interface - Node() node.Interface - Policy() policy.Interface - Rbac() rbac.Interface - Resource() resource.Interface - Scheduling() scheduling.Interface - Storage() storage.Interface -} - -func (f *sharedInformerFactory) Admissionregistration() admissionregistration.Interface { - return admissionregistration.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Internal() apiserverinternal.Interface { - return apiserverinternal.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Apps() apps.Interface { - return apps.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Autoscaling() autoscaling.Interface { - return autoscaling.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Batch() batch.Interface { - return batch.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Certificates() certificates.Interface { - return certificates.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Coordination() coordination.Interface { - return coordination.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Core() core.Interface { - return core.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Discovery() discovery.Interface { - return discovery.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Events() events.Interface { - return events.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Extensions() extensions.Interface { - return extensions.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Flowcontrol() flowcontrol.Interface { - return flowcontrol.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Networking() networking.Interface { - return networking.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Node() node.Interface { - return node.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Policy() policy.Interface { - return policy.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Rbac() rbac.Interface { - return rbac.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Resource() resource.Interface { - return resource.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Scheduling() scheduling.Interface { - return scheduling.New(f, f.namespace, f.tweakListOptions) -} - -func (f *sharedInformerFactory) Storage() storage.Interface { - return storage.New(f, f.namespace, f.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/interface.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/interface.go deleted file mode 100644 index 1d3ca09efc..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/interface.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package flowcontrol - -import ( - v1alpha1 "k8s.io/client-go/informers/flowcontrol/v1alpha1" - v1beta1 "k8s.io/client-go/informers/flowcontrol/v1beta1" - v1beta2 "k8s.io/client-go/informers/flowcontrol/v1beta2" - v1beta3 "k8s.io/client-go/informers/flowcontrol/v1beta3" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface - // V1beta2 provides access to shared informers for resources in V1beta2. - V1beta2() v1beta2.Interface - // V1beta3 provides access to shared informers for resources in V1beta3. - V1beta3() v1beta3.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta2 returns a new v1beta2.Interface. -func (g *group) V1beta2() v1beta2.Interface { - return v1beta2.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta3 returns a new v1beta3.Interface. -func (g *group) V1beta3() v1beta3.Interface { - return v1beta3.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/flowschema.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/flowschema.go deleted file mode 100644 index 9a4a904481..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/flowschema.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/flowcontrol/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// FlowSchemaInformer provides access to a shared informer and lister for -// FlowSchemas. -type FlowSchemaInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.FlowSchemaLister -} - -type flowSchemaInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1alpha1().FlowSchemas().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1alpha1().FlowSchemas().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1alpha1.FlowSchema{}, - resyncPeriod, - indexers, - ) -} - -func (f *flowSchemaInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *flowSchemaInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1alpha1.FlowSchema{}, f.defaultInformer) -} - -func (f *flowSchemaInformer) Lister() v1alpha1.FlowSchemaLister { - return v1alpha1.NewFlowSchemaLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/interface.go deleted file mode 100644 index 7097c0058b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // FlowSchemas returns a FlowSchemaInformer. - FlowSchemas() FlowSchemaInformer - // PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. - PriorityLevelConfigurations() PriorityLevelConfigurationInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// FlowSchemas returns a FlowSchemaInformer. -func (v *version) FlowSchemas() FlowSchemaInformer { - return &flowSchemaInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. -func (v *version) PriorityLevelConfigurations() PriorityLevelConfigurationInformer { - return &priorityLevelConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/prioritylevelconfiguration.go deleted file mode 100644 index b81f5c9c36..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1alpha1/prioritylevelconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/flowcontrol/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationInformer provides access to a shared informer and lister for -// PriorityLevelConfigurations. -type PriorityLevelConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.PriorityLevelConfigurationLister -} - -type priorityLevelConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1alpha1().PriorityLevelConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1alpha1().PriorityLevelConfigurations().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1alpha1.PriorityLevelConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *priorityLevelConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *priorityLevelConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1alpha1.PriorityLevelConfiguration{}, f.defaultInformer) -} - -func (f *priorityLevelConfigurationInformer) Lister() v1alpha1.PriorityLevelConfigurationLister { - return v1alpha1.NewPriorityLevelConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/flowschema.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/flowschema.go deleted file mode 100644 index 13f4ff0933..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/flowschema.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/flowcontrol/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// FlowSchemaInformer provides access to a shared informer and lister for -// FlowSchemas. -type FlowSchemaInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.FlowSchemaLister -} - -type flowSchemaInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta1().FlowSchemas().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta1().FlowSchemas().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1beta1.FlowSchema{}, - resyncPeriod, - indexers, - ) -} - -func (f *flowSchemaInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *flowSchemaInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1beta1.FlowSchema{}, f.defaultInformer) -} - -func (f *flowSchemaInformer) Lister() v1beta1.FlowSchemaLister { - return v1beta1.NewFlowSchemaLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/interface.go deleted file mode 100644 index 50329bb0ac..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // FlowSchemas returns a FlowSchemaInformer. - FlowSchemas() FlowSchemaInformer - // PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. - PriorityLevelConfigurations() PriorityLevelConfigurationInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// FlowSchemas returns a FlowSchemaInformer. -func (v *version) FlowSchemas() FlowSchemaInformer { - return &flowSchemaInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. -func (v *version) PriorityLevelConfigurations() PriorityLevelConfigurationInformer { - return &priorityLevelConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/prioritylevelconfiguration.go deleted file mode 100644 index fa4835906a..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta1/prioritylevelconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/flowcontrol/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationInformer provides access to a shared informer and lister for -// PriorityLevelConfigurations. -type PriorityLevelConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.PriorityLevelConfigurationLister -} - -type priorityLevelConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta1().PriorityLevelConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta1().PriorityLevelConfigurations().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1beta1.PriorityLevelConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *priorityLevelConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *priorityLevelConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1beta1.PriorityLevelConfiguration{}, f.defaultInformer) -} - -func (f *priorityLevelConfigurationInformer) Lister() v1beta1.PriorityLevelConfigurationLister { - return v1beta1.NewPriorityLevelConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/flowschema.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/flowschema.go deleted file mode 100644 index 6f6abecea8..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/flowschema.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - time "time" - - flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta2 "k8s.io/client-go/listers/flowcontrol/v1beta2" - cache "k8s.io/client-go/tools/cache" -) - -// FlowSchemaInformer provides access to a shared informer and lister for -// FlowSchemas. -type FlowSchemaInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta2.FlowSchemaLister -} - -type flowSchemaInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta2().FlowSchemas().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta2().FlowSchemas().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1beta2.FlowSchema{}, - resyncPeriod, - indexers, - ) -} - -func (f *flowSchemaInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *flowSchemaInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1beta2.FlowSchema{}, f.defaultInformer) -} - -func (f *flowSchemaInformer) Lister() v1beta2.FlowSchemaLister { - return v1beta2.NewFlowSchemaLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/interface.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/interface.go deleted file mode 100644 index 142d552896..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // FlowSchemas returns a FlowSchemaInformer. - FlowSchemas() FlowSchemaInformer - // PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. - PriorityLevelConfigurations() PriorityLevelConfigurationInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// FlowSchemas returns a FlowSchemaInformer. -func (v *version) FlowSchemas() FlowSchemaInformer { - return &flowSchemaInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. -func (v *version) PriorityLevelConfigurations() PriorityLevelConfigurationInformer { - return &priorityLevelConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/prioritylevelconfiguration.go deleted file mode 100644 index 306a901851..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta2/prioritylevelconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta2 - -import ( - "context" - time "time" - - flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta2 "k8s.io/client-go/listers/flowcontrol/v1beta2" - cache "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationInformer provides access to a shared informer and lister for -// PriorityLevelConfigurations. -type PriorityLevelConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta2.PriorityLevelConfigurationLister -} - -type priorityLevelConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta2().PriorityLevelConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta2().PriorityLevelConfigurations().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1beta2.PriorityLevelConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *priorityLevelConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *priorityLevelConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1beta2.PriorityLevelConfiguration{}, f.defaultInformer) -} - -func (f *priorityLevelConfigurationInformer) Lister() v1beta2.PriorityLevelConfigurationLister { - return v1beta2.NewPriorityLevelConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/flowschema.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/flowschema.go deleted file mode 100644 index 56d8c8b112..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/flowschema.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta3 - -import ( - "context" - time "time" - - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta3 "k8s.io/client-go/listers/flowcontrol/v1beta3" - cache "k8s.io/client-go/tools/cache" -) - -// FlowSchemaInformer provides access to a shared informer and lister for -// FlowSchemas. -type FlowSchemaInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta3.FlowSchemaLister -} - -type flowSchemaInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredFlowSchemaInformer constructs a new informer for FlowSchema type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredFlowSchemaInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta3().FlowSchemas().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta3().FlowSchemas().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1beta3.FlowSchema{}, - resyncPeriod, - indexers, - ) -} - -func (f *flowSchemaInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredFlowSchemaInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *flowSchemaInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1beta3.FlowSchema{}, f.defaultInformer) -} - -func (f *flowSchemaInformer) Lister() v1beta3.FlowSchemaLister { - return v1beta3.NewFlowSchemaLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/interface.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/interface.go deleted file mode 100644 index 54c5414a2b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta3 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // FlowSchemas returns a FlowSchemaInformer. - FlowSchemas() FlowSchemaInformer - // PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. - PriorityLevelConfigurations() PriorityLevelConfigurationInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// FlowSchemas returns a FlowSchemaInformer. -func (v *version) FlowSchemas() FlowSchemaInformer { - return &flowSchemaInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// PriorityLevelConfigurations returns a PriorityLevelConfigurationInformer. -func (v *version) PriorityLevelConfigurations() PriorityLevelConfigurationInformer { - return &priorityLevelConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/prioritylevelconfiguration.go deleted file mode 100644 index 71f8d5b07f..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/flowcontrol/v1beta3/prioritylevelconfiguration.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta3 - -import ( - "context" - time "time" - - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta3 "k8s.io/client-go/listers/flowcontrol/v1beta3" - cache "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationInformer provides access to a shared informer and lister for -// PriorityLevelConfigurations. -type PriorityLevelConfigurationInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta3.PriorityLevelConfigurationLister -} - -type priorityLevelConfigurationInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPriorityLevelConfigurationInformer constructs a new informer for PriorityLevelConfiguration type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPriorityLevelConfigurationInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta3().PriorityLevelConfigurations().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.FlowcontrolV1beta3().PriorityLevelConfigurations().Watch(context.TODO(), options) - }, - }, - &flowcontrolv1beta3.PriorityLevelConfiguration{}, - resyncPeriod, - indexers, - ) -} - -func (f *priorityLevelConfigurationInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPriorityLevelConfigurationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *priorityLevelConfigurationInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&flowcontrolv1beta3.PriorityLevelConfiguration{}, f.defaultInformer) -} - -func (f *priorityLevelConfigurationInformer) Lister() v1beta3.PriorityLevelConfigurationLister { - return v1beta3.NewPriorityLevelConfigurationLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/generic.go b/etcd/vendor/k8s.io/client-go/informers/generic.go deleted file mode 100644 index 59505bddaa..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/generic.go +++ /dev/null @@ -1,408 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package informers - -import ( - "fmt" - - v1 "k8s.io/api/admissionregistration/v1" - v1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - v1beta1 "k8s.io/api/admissionregistration/v1beta1" - apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - appsv1 "k8s.io/api/apps/v1" - appsv1beta1 "k8s.io/api/apps/v1beta1" - v1beta2 "k8s.io/api/apps/v1beta2" - autoscalingv1 "k8s.io/api/autoscaling/v1" - v2 "k8s.io/api/autoscaling/v2" - v2beta1 "k8s.io/api/autoscaling/v2beta1" - v2beta2 "k8s.io/api/autoscaling/v2beta2" - batchv1 "k8s.io/api/batch/v1" - batchv1beta1 "k8s.io/api/batch/v1beta1" - certificatesv1 "k8s.io/api/certificates/v1" - certificatesv1beta1 "k8s.io/api/certificates/v1beta1" - coordinationv1 "k8s.io/api/coordination/v1" - coordinationv1beta1 "k8s.io/api/coordination/v1beta1" - corev1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - eventsv1 "k8s.io/api/events/v1" - eventsv1beta1 "k8s.io/api/events/v1beta1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1" - flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2" - v1beta3 "k8s.io/api/flowcontrol/v1beta3" - networkingv1 "k8s.io/api/networking/v1" - networkingv1alpha1 "k8s.io/api/networking/v1alpha1" - networkingv1beta1 "k8s.io/api/networking/v1beta1" - nodev1 "k8s.io/api/node/v1" - nodev1alpha1 "k8s.io/api/node/v1alpha1" - nodev1beta1 "k8s.io/api/node/v1beta1" - policyv1 "k8s.io/api/policy/v1" - policyv1beta1 "k8s.io/api/policy/v1beta1" - rbacv1 "k8s.io/api/rbac/v1" - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - schedulingv1 "k8s.io/api/scheduling/v1" - schedulingv1alpha1 "k8s.io/api/scheduling/v1alpha1" - schedulingv1beta1 "k8s.io/api/scheduling/v1beta1" - storagev1 "k8s.io/api/storage/v1" - storagev1alpha1 "k8s.io/api/storage/v1alpha1" - storagev1beta1 "k8s.io/api/storage/v1beta1" - schema "k8s.io/apimachinery/pkg/runtime/schema" - cache "k8s.io/client-go/tools/cache" -) - -// GenericInformer is type of SharedIndexInformer which will locate and delegate to other -// sharedInformers based on type -type GenericInformer interface { - Informer() cache.SharedIndexInformer - Lister() cache.GenericLister -} - -type genericInformer struct { - informer cache.SharedIndexInformer - resource schema.GroupResource -} - -// Informer returns the SharedIndexInformer. -func (f *genericInformer) Informer() cache.SharedIndexInformer { - return f.informer -} - -// Lister returns the GenericLister. -func (f *genericInformer) Lister() cache.GenericLister { - return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource) -} - -// ForResource gives generic access to a shared informer of the matching type -// TODO extend this to unknown resources with a client pool -func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { - switch resource { - // Group=admissionregistration.k8s.io, Version=v1 - case v1.SchemeGroupVersion.WithResource("mutatingwebhookconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1().MutatingWebhookConfigurations().Informer()}, nil - case v1.SchemeGroupVersion.WithResource("validatingwebhookconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1().ValidatingWebhookConfigurations().Informer()}, nil - - // Group=admissionregistration.k8s.io, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("validatingadmissionpolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies().Informer()}, nil - case v1alpha1.SchemeGroupVersion.WithResource("validatingadmissionpolicybindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1alpha1().ValidatingAdmissionPolicyBindings().Informer()}, nil - - // Group=admissionregistration.k8s.io, Version=v1beta1 - case v1beta1.SchemeGroupVersion.WithResource("mutatingwebhookconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1beta1().MutatingWebhookConfigurations().Informer()}, nil - case v1beta1.SchemeGroupVersion.WithResource("validatingwebhookconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1beta1().ValidatingWebhookConfigurations().Informer()}, nil - - // Group=apps, Version=v1 - case appsv1.SchemeGroupVersion.WithResource("controllerrevisions"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1().ControllerRevisions().Informer()}, nil - case appsv1.SchemeGroupVersion.WithResource("daemonsets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1().DaemonSets().Informer()}, nil - case appsv1.SchemeGroupVersion.WithResource("deployments"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1().Deployments().Informer()}, nil - case appsv1.SchemeGroupVersion.WithResource("replicasets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1().ReplicaSets().Informer()}, nil - case appsv1.SchemeGroupVersion.WithResource("statefulsets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1().StatefulSets().Informer()}, nil - - // Group=apps, Version=v1beta1 - case appsv1beta1.SchemeGroupVersion.WithResource("controllerrevisions"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta1().ControllerRevisions().Informer()}, nil - case appsv1beta1.SchemeGroupVersion.WithResource("deployments"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta1().Deployments().Informer()}, nil - case appsv1beta1.SchemeGroupVersion.WithResource("statefulsets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta1().StatefulSets().Informer()}, nil - - // Group=apps, Version=v1beta2 - case v1beta2.SchemeGroupVersion.WithResource("controllerrevisions"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta2().ControllerRevisions().Informer()}, nil - case v1beta2.SchemeGroupVersion.WithResource("daemonsets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta2().DaemonSets().Informer()}, nil - case v1beta2.SchemeGroupVersion.WithResource("deployments"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta2().Deployments().Informer()}, nil - case v1beta2.SchemeGroupVersion.WithResource("replicasets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta2().ReplicaSets().Informer()}, nil - case v1beta2.SchemeGroupVersion.WithResource("statefulsets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1beta2().StatefulSets().Informer()}, nil - - // Group=autoscaling, Version=v1 - case autoscalingv1.SchemeGroupVersion.WithResource("horizontalpodautoscalers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Autoscaling().V1().HorizontalPodAutoscalers().Informer()}, nil - - // Group=autoscaling, Version=v2 - case v2.SchemeGroupVersion.WithResource("horizontalpodautoscalers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Autoscaling().V2().HorizontalPodAutoscalers().Informer()}, nil - - // Group=autoscaling, Version=v2beta1 - case v2beta1.SchemeGroupVersion.WithResource("horizontalpodautoscalers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Autoscaling().V2beta1().HorizontalPodAutoscalers().Informer()}, nil - - // Group=autoscaling, Version=v2beta2 - case v2beta2.SchemeGroupVersion.WithResource("horizontalpodautoscalers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Autoscaling().V2beta2().HorizontalPodAutoscalers().Informer()}, nil - - // Group=batch, Version=v1 - case batchv1.SchemeGroupVersion.WithResource("cronjobs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Batch().V1().CronJobs().Informer()}, nil - case batchv1.SchemeGroupVersion.WithResource("jobs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Batch().V1().Jobs().Informer()}, nil - - // Group=batch, Version=v1beta1 - case batchv1beta1.SchemeGroupVersion.WithResource("cronjobs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Batch().V1beta1().CronJobs().Informer()}, nil - - // Group=certificates.k8s.io, Version=v1 - case certificatesv1.SchemeGroupVersion.WithResource("certificatesigningrequests"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Certificates().V1().CertificateSigningRequests().Informer()}, nil - - // Group=certificates.k8s.io, Version=v1beta1 - case certificatesv1beta1.SchemeGroupVersion.WithResource("certificatesigningrequests"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Certificates().V1beta1().CertificateSigningRequests().Informer()}, nil - - // Group=coordination.k8s.io, Version=v1 - case coordinationv1.SchemeGroupVersion.WithResource("leases"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Coordination().V1().Leases().Informer()}, nil - - // Group=coordination.k8s.io, Version=v1beta1 - case coordinationv1beta1.SchemeGroupVersion.WithResource("leases"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Coordination().V1beta1().Leases().Informer()}, nil - - // Group=core, Version=v1 - case corev1.SchemeGroupVersion.WithResource("componentstatuses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().ComponentStatuses().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("configmaps"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().ConfigMaps().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("endpoints"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().Endpoints().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("events"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().Events().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("limitranges"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().LimitRanges().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("namespaces"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().Namespaces().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("nodes"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().Nodes().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("persistentvolumes"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().PersistentVolumes().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("persistentvolumeclaims"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().PersistentVolumeClaims().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("pods"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().Pods().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("podtemplates"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().PodTemplates().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("replicationcontrollers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().ReplicationControllers().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("resourcequotas"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().ResourceQuotas().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("secrets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().Secrets().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("services"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().Services().Informer()}, nil - case corev1.SchemeGroupVersion.WithResource("serviceaccounts"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Core().V1().ServiceAccounts().Informer()}, nil - - // Group=discovery.k8s.io, Version=v1 - case discoveryv1.SchemeGroupVersion.WithResource("endpointslices"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Discovery().V1().EndpointSlices().Informer()}, nil - - // Group=discovery.k8s.io, Version=v1beta1 - case discoveryv1beta1.SchemeGroupVersion.WithResource("endpointslices"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Discovery().V1beta1().EndpointSlices().Informer()}, nil - - // Group=events.k8s.io, Version=v1 - case eventsv1.SchemeGroupVersion.WithResource("events"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Events().V1().Events().Informer()}, nil - - // Group=events.k8s.io, Version=v1beta1 - case eventsv1beta1.SchemeGroupVersion.WithResource("events"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Events().V1beta1().Events().Informer()}, nil - - // Group=extensions, Version=v1beta1 - case extensionsv1beta1.SchemeGroupVersion.WithResource("daemonsets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().DaemonSets().Informer()}, nil - case extensionsv1beta1.SchemeGroupVersion.WithResource("deployments"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().Deployments().Informer()}, nil - case extensionsv1beta1.SchemeGroupVersion.WithResource("ingresses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().Ingresses().Informer()}, nil - case extensionsv1beta1.SchemeGroupVersion.WithResource("networkpolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().NetworkPolicies().Informer()}, nil - case extensionsv1beta1.SchemeGroupVersion.WithResource("podsecuritypolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().PodSecurityPolicies().Informer()}, nil - case extensionsv1beta1.SchemeGroupVersion.WithResource("replicasets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().ReplicaSets().Informer()}, nil - - // Group=flowcontrol.apiserver.k8s.io, Version=v1alpha1 - case flowcontrolv1alpha1.SchemeGroupVersion.WithResource("flowschemas"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1alpha1().FlowSchemas().Informer()}, nil - case flowcontrolv1alpha1.SchemeGroupVersion.WithResource("prioritylevelconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1alpha1().PriorityLevelConfigurations().Informer()}, nil - - // Group=flowcontrol.apiserver.k8s.io, Version=v1beta1 - case flowcontrolv1beta1.SchemeGroupVersion.WithResource("flowschemas"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1beta1().FlowSchemas().Informer()}, nil - case flowcontrolv1beta1.SchemeGroupVersion.WithResource("prioritylevelconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1beta1().PriorityLevelConfigurations().Informer()}, nil - - // Group=flowcontrol.apiserver.k8s.io, Version=v1beta2 - case flowcontrolv1beta2.SchemeGroupVersion.WithResource("flowschemas"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1beta2().FlowSchemas().Informer()}, nil - case flowcontrolv1beta2.SchemeGroupVersion.WithResource("prioritylevelconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1beta2().PriorityLevelConfigurations().Informer()}, nil - - // Group=flowcontrol.apiserver.k8s.io, Version=v1beta3 - case v1beta3.SchemeGroupVersion.WithResource("flowschemas"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1beta3().FlowSchemas().Informer()}, nil - case v1beta3.SchemeGroupVersion.WithResource("prioritylevelconfigurations"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Flowcontrol().V1beta3().PriorityLevelConfigurations().Informer()}, nil - - // Group=internal.apiserver.k8s.io, Version=v1alpha1 - case apiserverinternalv1alpha1.SchemeGroupVersion.WithResource("storageversions"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Internal().V1alpha1().StorageVersions().Informer()}, nil - - // Group=networking.k8s.io, Version=v1 - case networkingv1.SchemeGroupVersion.WithResource("ingresses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1().Ingresses().Informer()}, nil - case networkingv1.SchemeGroupVersion.WithResource("ingressclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1().IngressClasses().Informer()}, nil - case networkingv1.SchemeGroupVersion.WithResource("networkpolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1().NetworkPolicies().Informer()}, nil - - // Group=networking.k8s.io, Version=v1alpha1 - case networkingv1alpha1.SchemeGroupVersion.WithResource("clustercidrs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1alpha1().ClusterCIDRs().Informer()}, nil - - // Group=networking.k8s.io, Version=v1beta1 - case networkingv1beta1.SchemeGroupVersion.WithResource("ingresses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1beta1().Ingresses().Informer()}, nil - case networkingv1beta1.SchemeGroupVersion.WithResource("ingressclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1beta1().IngressClasses().Informer()}, nil - - // Group=node.k8s.io, Version=v1 - case nodev1.SchemeGroupVersion.WithResource("runtimeclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Node().V1().RuntimeClasses().Informer()}, nil - - // Group=node.k8s.io, Version=v1alpha1 - case nodev1alpha1.SchemeGroupVersion.WithResource("runtimeclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Node().V1alpha1().RuntimeClasses().Informer()}, nil - - // Group=node.k8s.io, Version=v1beta1 - case nodev1beta1.SchemeGroupVersion.WithResource("runtimeclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Node().V1beta1().RuntimeClasses().Informer()}, nil - - // Group=policy, Version=v1 - case policyv1.SchemeGroupVersion.WithResource("poddisruptionbudgets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1().PodDisruptionBudgets().Informer()}, nil - - // Group=policy, Version=v1beta1 - case policyv1beta1.SchemeGroupVersion.WithResource("poddisruptionbudgets"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1beta1().PodDisruptionBudgets().Informer()}, nil - case policyv1beta1.SchemeGroupVersion.WithResource("podsecuritypolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1beta1().PodSecurityPolicies().Informer()}, nil - - // Group=rbac.authorization.k8s.io, Version=v1 - case rbacv1.SchemeGroupVersion.WithResource("clusterroles"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1().ClusterRoles().Informer()}, nil - case rbacv1.SchemeGroupVersion.WithResource("clusterrolebindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1().ClusterRoleBindings().Informer()}, nil - case rbacv1.SchemeGroupVersion.WithResource("roles"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1().Roles().Informer()}, nil - case rbacv1.SchemeGroupVersion.WithResource("rolebindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1().RoleBindings().Informer()}, nil - - // Group=rbac.authorization.k8s.io, Version=v1alpha1 - case rbacv1alpha1.SchemeGroupVersion.WithResource("clusterroles"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1alpha1().ClusterRoles().Informer()}, nil - case rbacv1alpha1.SchemeGroupVersion.WithResource("clusterrolebindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1alpha1().ClusterRoleBindings().Informer()}, nil - case rbacv1alpha1.SchemeGroupVersion.WithResource("roles"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1alpha1().Roles().Informer()}, nil - case rbacv1alpha1.SchemeGroupVersion.WithResource("rolebindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1alpha1().RoleBindings().Informer()}, nil - - // Group=rbac.authorization.k8s.io, Version=v1beta1 - case rbacv1beta1.SchemeGroupVersion.WithResource("clusterroles"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1beta1().ClusterRoles().Informer()}, nil - case rbacv1beta1.SchemeGroupVersion.WithResource("clusterrolebindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1beta1().ClusterRoleBindings().Informer()}, nil - case rbacv1beta1.SchemeGroupVersion.WithResource("roles"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1beta1().Roles().Informer()}, nil - case rbacv1beta1.SchemeGroupVersion.WithResource("rolebindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Rbac().V1beta1().RoleBindings().Informer()}, nil - - // Group=resource.k8s.io, Version=v1alpha1 - case resourcev1alpha1.SchemeGroupVersion.WithResource("podschedulings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Resource().V1alpha1().PodSchedulings().Informer()}, nil - case resourcev1alpha1.SchemeGroupVersion.WithResource("resourceclaims"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Resource().V1alpha1().ResourceClaims().Informer()}, nil - case resourcev1alpha1.SchemeGroupVersion.WithResource("resourceclaimtemplates"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Resource().V1alpha1().ResourceClaimTemplates().Informer()}, nil - case resourcev1alpha1.SchemeGroupVersion.WithResource("resourceclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Resource().V1alpha1().ResourceClasses().Informer()}, nil - - // Group=scheduling.k8s.io, Version=v1 - case schedulingv1.SchemeGroupVersion.WithResource("priorityclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Scheduling().V1().PriorityClasses().Informer()}, nil - - // Group=scheduling.k8s.io, Version=v1alpha1 - case schedulingv1alpha1.SchemeGroupVersion.WithResource("priorityclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Scheduling().V1alpha1().PriorityClasses().Informer()}, nil - - // Group=scheduling.k8s.io, Version=v1beta1 - case schedulingv1beta1.SchemeGroupVersion.WithResource("priorityclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Scheduling().V1beta1().PriorityClasses().Informer()}, nil - - // Group=storage.k8s.io, Version=v1 - case storagev1.SchemeGroupVersion.WithResource("csidrivers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1().CSIDrivers().Informer()}, nil - case storagev1.SchemeGroupVersion.WithResource("csinodes"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1().CSINodes().Informer()}, nil - case storagev1.SchemeGroupVersion.WithResource("csistoragecapacities"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1().CSIStorageCapacities().Informer()}, nil - case storagev1.SchemeGroupVersion.WithResource("storageclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1().StorageClasses().Informer()}, nil - case storagev1.SchemeGroupVersion.WithResource("volumeattachments"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1().VolumeAttachments().Informer()}, nil - - // Group=storage.k8s.io, Version=v1alpha1 - case storagev1alpha1.SchemeGroupVersion.WithResource("csistoragecapacities"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1alpha1().CSIStorageCapacities().Informer()}, nil - case storagev1alpha1.SchemeGroupVersion.WithResource("volumeattachments"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1alpha1().VolumeAttachments().Informer()}, nil - - // Group=storage.k8s.io, Version=v1beta1 - case storagev1beta1.SchemeGroupVersion.WithResource("csidrivers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1beta1().CSIDrivers().Informer()}, nil - case storagev1beta1.SchemeGroupVersion.WithResource("csinodes"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1beta1().CSINodes().Informer()}, nil - case storagev1beta1.SchemeGroupVersion.WithResource("csistoragecapacities"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1beta1().CSIStorageCapacities().Informer()}, nil - case storagev1beta1.SchemeGroupVersion.WithResource("storageclasses"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1beta1().StorageClasses().Informer()}, nil - case storagev1beta1.SchemeGroupVersion.WithResource("volumeattachments"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Storage().V1beta1().VolumeAttachments().Informer()}, nil - - } - - return nil, fmt.Errorf("no informer found for %v", resource) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/internalinterfaces/factory_interfaces.go b/etcd/vendor/k8s.io/client-go/informers/internalinterfaces/factory_interfaces.go deleted file mode 100644 index b00ed70cfd..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/internalinterfaces/factory_interfaces.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package internalinterfaces - -import ( - time "time" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - kubernetes "k8s.io/client-go/kubernetes" - cache "k8s.io/client-go/tools/cache" -) - -// NewInformerFunc takes kubernetes.Interface and time.Duration to return a SharedIndexInformer. -type NewInformerFunc func(kubernetes.Interface, time.Duration) cache.SharedIndexInformer - -// SharedInformerFactory a small interface to allow for adding an informer without an import cycle -type SharedInformerFactory interface { - Start(stopCh <-chan struct{}) - InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer -} - -// TweakListOptionsFunc is a function that transforms a v1.ListOptions. -type TweakListOptionsFunc func(*v1.ListOptions) diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/interface.go b/etcd/vendor/k8s.io/client-go/informers/networking/interface.go deleted file mode 100644 index 1c775c465b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package networking - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - v1 "k8s.io/client-go/informers/networking/v1" - v1alpha1 "k8s.io/client-go/informers/networking/v1alpha1" - v1beta1 "k8s.io/client-go/informers/networking/v1beta1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1/ingress.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1/ingress.go deleted file mode 100644 index 06c317ad31..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1/ingress.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/networking/v1" - cache "k8s.io/client-go/tools/cache" -) - -// IngressInformer provides access to a shared informer and lister for -// Ingresses. -type IngressInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.IngressLister -} - -type ingressInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewIngressInformer constructs a new informer for Ingress type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewIngressInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredIngressInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredIngressInformer constructs a new informer for Ingress type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredIngressInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1().Ingresses(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1().Ingresses(namespace).Watch(context.TODO(), options) - }, - }, - &networkingv1.Ingress{}, - resyncPeriod, - indexers, - ) -} - -func (f *ingressInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredIngressInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *ingressInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&networkingv1.Ingress{}, f.defaultInformer) -} - -func (f *ingressInformer) Lister() v1.IngressLister { - return v1.NewIngressLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1/ingressclass.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1/ingressclass.go deleted file mode 100644 index 15514745bf..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1/ingressclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/networking/v1" - cache "k8s.io/client-go/tools/cache" -) - -// IngressClassInformer provides access to a shared informer and lister for -// IngressClasses. -type IngressClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.IngressClassLister -} - -type ingressClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewIngressClassInformer constructs a new informer for IngressClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewIngressClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredIngressClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredIngressClassInformer constructs a new informer for IngressClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredIngressClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1().IngressClasses().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1().IngressClasses().Watch(context.TODO(), options) - }, - }, - &networkingv1.IngressClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *ingressClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredIngressClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *ingressClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&networkingv1.IngressClass{}, f.defaultInformer) -} - -func (f *ingressClassInformer) Lister() v1.IngressClassLister { - return v1.NewIngressClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1/interface.go deleted file mode 100644 index a48d92c4ef..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1/interface.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // Ingresses returns a IngressInformer. - Ingresses() IngressInformer - // IngressClasses returns a IngressClassInformer. - IngressClasses() IngressClassInformer - // NetworkPolicies returns a NetworkPolicyInformer. - NetworkPolicies() NetworkPolicyInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// Ingresses returns a IngressInformer. -func (v *version) Ingresses() IngressInformer { - return &ingressInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// IngressClasses returns a IngressClassInformer. -func (v *version) IngressClasses() IngressClassInformer { - return &ingressClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// NetworkPolicies returns a NetworkPolicyInformer. -func (v *version) NetworkPolicies() NetworkPolicyInformer { - return &networkPolicyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1/networkpolicy.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1/networkpolicy.go deleted file mode 100644 index a75c9ac21f..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1/networkpolicy.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/networking/v1" - cache "k8s.io/client-go/tools/cache" -) - -// NetworkPolicyInformer provides access to a shared informer and lister for -// NetworkPolicies. -type NetworkPolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.NetworkPolicyLister -} - -type networkPolicyInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewNetworkPolicyInformer constructs a new informer for NetworkPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewNetworkPolicyInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredNetworkPolicyInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredNetworkPolicyInformer constructs a new informer for NetworkPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredNetworkPolicyInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1().NetworkPolicies(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1().NetworkPolicies(namespace).Watch(context.TODO(), options) - }, - }, - &networkingv1.NetworkPolicy{}, - resyncPeriod, - indexers, - ) -} - -func (f *networkPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredNetworkPolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *networkPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&networkingv1.NetworkPolicy{}, f.defaultInformer) -} - -func (f *networkPolicyInformer) Lister() v1.NetworkPolicyLister { - return v1.NewNetworkPolicyLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1alpha1/clustercidr.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1alpha1/clustercidr.go deleted file mode 100644 index cefd0f8a1e..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1alpha1/clustercidr.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - networkingv1alpha1 "k8s.io/api/networking/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/networking/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterCIDRInformer provides access to a shared informer and lister for -// ClusterCIDRs. -type ClusterCIDRInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ClusterCIDRLister -} - -type clusterCIDRInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterCIDRInformer constructs a new informer for ClusterCIDR type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterCIDRInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterCIDRInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterCIDRInformer constructs a new informer for ClusterCIDR type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterCIDRInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1alpha1().ClusterCIDRs().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1alpha1().ClusterCIDRs().Watch(context.TODO(), options) - }, - }, - &networkingv1alpha1.ClusterCIDR{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterCIDRInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterCIDRInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterCIDRInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&networkingv1alpha1.ClusterCIDR{}, f.defaultInformer) -} - -func (f *clusterCIDRInformer) Lister() v1alpha1.ClusterCIDRLister { - return v1alpha1.NewClusterCIDRLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1alpha1/interface.go deleted file mode 100644 index c51b748801..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1alpha1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ClusterCIDRs returns a ClusterCIDRInformer. - ClusterCIDRs() ClusterCIDRInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ClusterCIDRs returns a ClusterCIDRInformer. -func (v *version) ClusterCIDRs() ClusterCIDRInformer { - return &clusterCIDRInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/ingress.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/ingress.go deleted file mode 100644 index 8800d6c9cd..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/ingress.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - networkingv1beta1 "k8s.io/api/networking/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/networking/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// IngressInformer provides access to a shared informer and lister for -// Ingresses. -type IngressInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.IngressLister -} - -type ingressInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewIngressInformer constructs a new informer for Ingress type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewIngressInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredIngressInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredIngressInformer constructs a new informer for Ingress type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredIngressInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1beta1().Ingresses(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1beta1().Ingresses(namespace).Watch(context.TODO(), options) - }, - }, - &networkingv1beta1.Ingress{}, - resyncPeriod, - indexers, - ) -} - -func (f *ingressInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredIngressInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *ingressInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&networkingv1beta1.Ingress{}, f.defaultInformer) -} - -func (f *ingressInformer) Lister() v1beta1.IngressLister { - return v1beta1.NewIngressLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/ingressclass.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/ingressclass.go deleted file mode 100644 index 17864299bc..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/ingressclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - networkingv1beta1 "k8s.io/api/networking/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/networking/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// IngressClassInformer provides access to a shared informer and lister for -// IngressClasses. -type IngressClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.IngressClassLister -} - -type ingressClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewIngressClassInformer constructs a new informer for IngressClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewIngressClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredIngressClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredIngressClassInformer constructs a new informer for IngressClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredIngressClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1beta1().IngressClasses().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NetworkingV1beta1().IngressClasses().Watch(context.TODO(), options) - }, - }, - &networkingv1beta1.IngressClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *ingressClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredIngressClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *ingressClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&networkingv1beta1.IngressClass{}, f.defaultInformer) -} - -func (f *ingressClassInformer) Lister() v1beta1.IngressClassLister { - return v1beta1.NewIngressClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/interface.go deleted file mode 100644 index 2dcc3129a5..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/networking/v1beta1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // Ingresses returns a IngressInformer. - Ingresses() IngressInformer - // IngressClasses returns a IngressClassInformer. - IngressClasses() IngressClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// Ingresses returns a IngressInformer. -func (v *version) Ingresses() IngressInformer { - return &ingressInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// IngressClasses returns a IngressClassInformer. -func (v *version) IngressClasses() IngressClassInformer { - return &ingressClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/node/interface.go b/etcd/vendor/k8s.io/client-go/informers/node/interface.go deleted file mode 100644 index 61ed5af76a..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/node/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package node - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - v1 "k8s.io/client-go/informers/node/v1" - v1alpha1 "k8s.io/client-go/informers/node/v1alpha1" - v1beta1 "k8s.io/client-go/informers/node/v1beta1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/node/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/node/v1/interface.go deleted file mode 100644 index 913fec4aca..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/node/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // RuntimeClasses returns a RuntimeClassInformer. - RuntimeClasses() RuntimeClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// RuntimeClasses returns a RuntimeClassInformer. -func (v *version) RuntimeClasses() RuntimeClassInformer { - return &runtimeClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/node/v1/runtimeclass.go b/etcd/vendor/k8s.io/client-go/informers/node/v1/runtimeclass.go deleted file mode 100644 index 293f4e2e2b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/node/v1/runtimeclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - nodev1 "k8s.io/api/node/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/node/v1" - cache "k8s.io/client-go/tools/cache" -) - -// RuntimeClassInformer provides access to a shared informer and lister for -// RuntimeClasses. -type RuntimeClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.RuntimeClassLister -} - -type runtimeClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewRuntimeClassInformer constructs a new informer for RuntimeClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRuntimeClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRuntimeClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredRuntimeClassInformer constructs a new informer for RuntimeClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRuntimeClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NodeV1().RuntimeClasses().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NodeV1().RuntimeClasses().Watch(context.TODO(), options) - }, - }, - &nodev1.RuntimeClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *runtimeClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRuntimeClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *runtimeClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&nodev1.RuntimeClass{}, f.defaultInformer) -} - -func (f *runtimeClassInformer) Lister() v1.RuntimeClassLister { - return v1.NewRuntimeClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/node/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/node/v1alpha1/interface.go deleted file mode 100644 index c56442957e..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/node/v1alpha1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // RuntimeClasses returns a RuntimeClassInformer. - RuntimeClasses() RuntimeClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// RuntimeClasses returns a RuntimeClassInformer. -func (v *version) RuntimeClasses() RuntimeClassInformer { - return &runtimeClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/node/v1alpha1/runtimeclass.go b/etcd/vendor/k8s.io/client-go/informers/node/v1alpha1/runtimeclass.go deleted file mode 100644 index d314a9573c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/node/v1alpha1/runtimeclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - nodev1alpha1 "k8s.io/api/node/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/node/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// RuntimeClassInformer provides access to a shared informer and lister for -// RuntimeClasses. -type RuntimeClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.RuntimeClassLister -} - -type runtimeClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewRuntimeClassInformer constructs a new informer for RuntimeClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRuntimeClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRuntimeClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredRuntimeClassInformer constructs a new informer for RuntimeClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRuntimeClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NodeV1alpha1().RuntimeClasses().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NodeV1alpha1().RuntimeClasses().Watch(context.TODO(), options) - }, - }, - &nodev1alpha1.RuntimeClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *runtimeClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRuntimeClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *runtimeClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&nodev1alpha1.RuntimeClass{}, f.defaultInformer) -} - -func (f *runtimeClassInformer) Lister() v1alpha1.RuntimeClassLister { - return v1alpha1.NewRuntimeClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/node/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/node/v1beta1/interface.go deleted file mode 100644 index 44a1defb6b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/node/v1beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // RuntimeClasses returns a RuntimeClassInformer. - RuntimeClasses() RuntimeClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// RuntimeClasses returns a RuntimeClassInformer. -func (v *version) RuntimeClasses() RuntimeClassInformer { - return &runtimeClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/node/v1beta1/runtimeclass.go b/etcd/vendor/k8s.io/client-go/informers/node/v1beta1/runtimeclass.go deleted file mode 100644 index 07619b2306..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/node/v1beta1/runtimeclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - nodev1beta1 "k8s.io/api/node/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/node/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// RuntimeClassInformer provides access to a shared informer and lister for -// RuntimeClasses. -type RuntimeClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.RuntimeClassLister -} - -type runtimeClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewRuntimeClassInformer constructs a new informer for RuntimeClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRuntimeClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRuntimeClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredRuntimeClassInformer constructs a new informer for RuntimeClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRuntimeClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NodeV1beta1().RuntimeClasses().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.NodeV1beta1().RuntimeClasses().Watch(context.TODO(), options) - }, - }, - &nodev1beta1.RuntimeClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *runtimeClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRuntimeClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *runtimeClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&nodev1beta1.RuntimeClass{}, f.defaultInformer) -} - -func (f *runtimeClassInformer) Lister() v1beta1.RuntimeClassLister { - return v1beta1.NewRuntimeClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/policy/interface.go b/etcd/vendor/k8s.io/client-go/informers/policy/interface.go deleted file mode 100644 index 889cb8152c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/policy/interface.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package policy - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - v1 "k8s.io/client-go/informers/policy/v1" - v1beta1 "k8s.io/client-go/informers/policy/v1beta1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/policy/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/policy/v1/interface.go deleted file mode 100644 index 2c42e1993c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/policy/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // PodDisruptionBudgets returns a PodDisruptionBudgetInformer. - PodDisruptionBudgets() PodDisruptionBudgetInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// PodDisruptionBudgets returns a PodDisruptionBudgetInformer. -func (v *version) PodDisruptionBudgets() PodDisruptionBudgetInformer { - return &podDisruptionBudgetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/policy/v1/poddisruptionbudget.go b/etcd/vendor/k8s.io/client-go/informers/policy/v1/poddisruptionbudget.go deleted file mode 100644 index 436598512a..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/policy/v1/poddisruptionbudget.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - policyv1 "k8s.io/api/policy/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/policy/v1" - cache "k8s.io/client-go/tools/cache" -) - -// PodDisruptionBudgetInformer provides access to a shared informer and lister for -// PodDisruptionBudgets. -type PodDisruptionBudgetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.PodDisruptionBudgetLister -} - -type podDisruptionBudgetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewPodDisruptionBudgetInformer constructs a new informer for PodDisruptionBudget type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPodDisruptionBudgetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPodDisruptionBudgetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredPodDisruptionBudgetInformer constructs a new informer for PodDisruptionBudget type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPodDisruptionBudgetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.PolicyV1().PodDisruptionBudgets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.PolicyV1().PodDisruptionBudgets(namespace).Watch(context.TODO(), options) - }, - }, - &policyv1.PodDisruptionBudget{}, - resyncPeriod, - indexers, - ) -} - -func (f *podDisruptionBudgetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPodDisruptionBudgetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *podDisruptionBudgetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&policyv1.PodDisruptionBudget{}, f.defaultInformer) -} - -func (f *podDisruptionBudgetInformer) Lister() v1.PodDisruptionBudgetLister { - return v1.NewPodDisruptionBudgetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/interface.go deleted file mode 100644 index a6c1825d27..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // PodDisruptionBudgets returns a PodDisruptionBudgetInformer. - PodDisruptionBudgets() PodDisruptionBudgetInformer - // PodSecurityPolicies returns a PodSecurityPolicyInformer. - PodSecurityPolicies() PodSecurityPolicyInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// PodDisruptionBudgets returns a PodDisruptionBudgetInformer. -func (v *version) PodDisruptionBudgets() PodDisruptionBudgetInformer { - return &podDisruptionBudgetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// PodSecurityPolicies returns a PodSecurityPolicyInformer. -func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer { - return &podSecurityPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/poddisruptionbudget.go b/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/poddisruptionbudget.go deleted file mode 100644 index 4530343ecc..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/poddisruptionbudget.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - policyv1beta1 "k8s.io/api/policy/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/policy/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// PodDisruptionBudgetInformer provides access to a shared informer and lister for -// PodDisruptionBudgets. -type PodDisruptionBudgetInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.PodDisruptionBudgetLister -} - -type podDisruptionBudgetInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewPodDisruptionBudgetInformer constructs a new informer for PodDisruptionBudget type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPodDisruptionBudgetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPodDisruptionBudgetInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredPodDisruptionBudgetInformer constructs a new informer for PodDisruptionBudget type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPodDisruptionBudgetInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.PolicyV1beta1().PodDisruptionBudgets(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.PolicyV1beta1().PodDisruptionBudgets(namespace).Watch(context.TODO(), options) - }, - }, - &policyv1beta1.PodDisruptionBudget{}, - resyncPeriod, - indexers, - ) -} - -func (f *podDisruptionBudgetInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPodDisruptionBudgetInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *podDisruptionBudgetInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&policyv1beta1.PodDisruptionBudget{}, f.defaultInformer) -} - -func (f *podDisruptionBudgetInformer) Lister() v1beta1.PodDisruptionBudgetLister { - return v1beta1.NewPodDisruptionBudgetLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/podsecuritypolicy.go b/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/podsecuritypolicy.go deleted file mode 100644 index b87d23434e..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/policy/v1beta1/podsecuritypolicy.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - policyv1beta1 "k8s.io/api/policy/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/policy/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// PodSecurityPolicyInformer provides access to a shared informer and lister for -// PodSecurityPolicies. -type PodSecurityPolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.PodSecurityPolicyLister -} - -type podSecurityPolicyInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.PolicyV1beta1().PodSecurityPolicies().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.PolicyV1beta1().PodSecurityPolicies().Watch(context.TODO(), options) - }, - }, - &policyv1beta1.PodSecurityPolicy{}, - resyncPeriod, - indexers, - ) -} - -func (f *podSecurityPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *podSecurityPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&policyv1beta1.PodSecurityPolicy{}, f.defaultInformer) -} - -func (f *podSecurityPolicyInformer) Lister() v1beta1.PodSecurityPolicyLister { - return v1beta1.NewPodSecurityPolicyLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/interface.go b/etcd/vendor/k8s.io/client-go/informers/rbac/interface.go deleted file mode 100644 index 228811f8a2..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package rbac - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - v1 "k8s.io/client-go/informers/rbac/v1" - v1alpha1 "k8s.io/client-go/informers/rbac/v1alpha1" - v1beta1 "k8s.io/client-go/informers/rbac/v1beta1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/clusterrole.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1/clusterrole.go deleted file mode 100644 index 0572be264b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/clusterrole.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/rbac/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterRoleInformer provides access to a shared informer and lister for -// ClusterRoles. -type ClusterRoleInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ClusterRoleLister -} - -type clusterRoleInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterRoleInformer constructs a new informer for ClusterRole type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterRoleInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterRoleInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterRoleInformer constructs a new informer for ClusterRole type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterRoleInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().ClusterRoles().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().ClusterRoles().Watch(context.TODO(), options) - }, - }, - &rbacv1.ClusterRole{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterRoleInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterRoleInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterRoleInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1.ClusterRole{}, f.defaultInformer) -} - -func (f *clusterRoleInformer) Lister() v1.ClusterRoleLister { - return v1.NewClusterRoleLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/clusterrolebinding.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1/clusterrolebinding.go deleted file mode 100644 index 51026c0558..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/clusterrolebinding.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/rbac/v1" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterRoleBindingInformer provides access to a shared informer and lister for -// ClusterRoleBindings. -type ClusterRoleBindingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.ClusterRoleBindingLister -} - -type clusterRoleBindingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterRoleBindingInformer constructs a new informer for ClusterRoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterRoleBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterRoleBindingInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterRoleBindingInformer constructs a new informer for ClusterRoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterRoleBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().ClusterRoleBindings().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().ClusterRoleBindings().Watch(context.TODO(), options) - }, - }, - &rbacv1.ClusterRoleBinding{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterRoleBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterRoleBindingInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterRoleBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1.ClusterRoleBinding{}, f.defaultInformer) -} - -func (f *clusterRoleBindingInformer) Lister() v1.ClusterRoleBindingLister { - return v1.NewClusterRoleBindingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1/interface.go deleted file mode 100644 index 7f99c9454b..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/interface.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ClusterRoles returns a ClusterRoleInformer. - ClusterRoles() ClusterRoleInformer - // ClusterRoleBindings returns a ClusterRoleBindingInformer. - ClusterRoleBindings() ClusterRoleBindingInformer - // Roles returns a RoleInformer. - Roles() RoleInformer - // RoleBindings returns a RoleBindingInformer. - RoleBindings() RoleBindingInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ClusterRoles returns a ClusterRoleInformer. -func (v *version) ClusterRoles() ClusterRoleInformer { - return &clusterRoleInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ClusterRoleBindings returns a ClusterRoleBindingInformer. -func (v *version) ClusterRoleBindings() ClusterRoleBindingInformer { - return &clusterRoleBindingInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// Roles returns a RoleInformer. -func (v *version) Roles() RoleInformer { - return &roleInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// RoleBindings returns a RoleBindingInformer. -func (v *version) RoleBindings() RoleBindingInformer { - return &roleBindingInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/role.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1/role.go deleted file mode 100644 index 986a5f29f4..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/role.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/rbac/v1" - cache "k8s.io/client-go/tools/cache" -) - -// RoleInformer provides access to a shared informer and lister for -// Roles. -type RoleInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.RoleLister -} - -type roleInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewRoleInformer constructs a new informer for Role type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRoleInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRoleInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredRoleInformer constructs a new informer for Role type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRoleInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().Roles(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().Roles(namespace).Watch(context.TODO(), options) - }, - }, - &rbacv1.Role{}, - resyncPeriod, - indexers, - ) -} - -func (f *roleInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRoleInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *roleInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1.Role{}, f.defaultInformer) -} - -func (f *roleInformer) Lister() v1.RoleLister { - return v1.NewRoleLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/rolebinding.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1/rolebinding.go deleted file mode 100644 index 0264049fb0..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1/rolebinding.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/rbac/v1" - cache "k8s.io/client-go/tools/cache" -) - -// RoleBindingInformer provides access to a shared informer and lister for -// RoleBindings. -type RoleBindingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.RoleBindingLister -} - -type roleBindingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewRoleBindingInformer constructs a new informer for RoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRoleBindingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRoleBindingInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredRoleBindingInformer constructs a new informer for RoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRoleBindingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().RoleBindings(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1().RoleBindings(namespace).Watch(context.TODO(), options) - }, - }, - &rbacv1.RoleBinding{}, - resyncPeriod, - indexers, - ) -} - -func (f *roleBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRoleBindingInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *roleBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1.RoleBinding{}, f.defaultInformer) -} - -func (f *roleBindingInformer) Lister() v1.RoleBindingLister { - return v1.NewRoleBindingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/clusterrole.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/clusterrole.go deleted file mode 100644 index 70d9885f0a..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/clusterrole.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/rbac/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterRoleInformer provides access to a shared informer and lister for -// ClusterRoles. -type ClusterRoleInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ClusterRoleLister -} - -type clusterRoleInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterRoleInformer constructs a new informer for ClusterRole type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterRoleInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterRoleInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterRoleInformer constructs a new informer for ClusterRole type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterRoleInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().ClusterRoles().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().ClusterRoles().Watch(context.TODO(), options) - }, - }, - &rbacv1alpha1.ClusterRole{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterRoleInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterRoleInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterRoleInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1alpha1.ClusterRole{}, f.defaultInformer) -} - -func (f *clusterRoleInformer) Lister() v1alpha1.ClusterRoleLister { - return v1alpha1.NewClusterRoleLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/clusterrolebinding.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/clusterrolebinding.go deleted file mode 100644 index 8c18f67928..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/clusterrolebinding.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/rbac/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterRoleBindingInformer provides access to a shared informer and lister for -// ClusterRoleBindings. -type ClusterRoleBindingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ClusterRoleBindingLister -} - -type clusterRoleBindingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterRoleBindingInformer constructs a new informer for ClusterRoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterRoleBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterRoleBindingInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterRoleBindingInformer constructs a new informer for ClusterRoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterRoleBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().ClusterRoleBindings().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().ClusterRoleBindings().Watch(context.TODO(), options) - }, - }, - &rbacv1alpha1.ClusterRoleBinding{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterRoleBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterRoleBindingInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterRoleBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1alpha1.ClusterRoleBinding{}, f.defaultInformer) -} - -func (f *clusterRoleBindingInformer) Lister() v1alpha1.ClusterRoleBindingLister { - return v1alpha1.NewClusterRoleBindingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/interface.go deleted file mode 100644 index d27c79987f..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/interface.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ClusterRoles returns a ClusterRoleInformer. - ClusterRoles() ClusterRoleInformer - // ClusterRoleBindings returns a ClusterRoleBindingInformer. - ClusterRoleBindings() ClusterRoleBindingInformer - // Roles returns a RoleInformer. - Roles() RoleInformer - // RoleBindings returns a RoleBindingInformer. - RoleBindings() RoleBindingInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ClusterRoles returns a ClusterRoleInformer. -func (v *version) ClusterRoles() ClusterRoleInformer { - return &clusterRoleInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ClusterRoleBindings returns a ClusterRoleBindingInformer. -func (v *version) ClusterRoleBindings() ClusterRoleBindingInformer { - return &clusterRoleBindingInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// Roles returns a RoleInformer. -func (v *version) Roles() RoleInformer { - return &roleInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// RoleBindings returns a RoleBindingInformer. -func (v *version) RoleBindings() RoleBindingInformer { - return &roleBindingInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/role.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/role.go deleted file mode 100644 index 7dc4551d92..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/role.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/rbac/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// RoleInformer provides access to a shared informer and lister for -// Roles. -type RoleInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.RoleLister -} - -type roleInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewRoleInformer constructs a new informer for Role type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRoleInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRoleInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredRoleInformer constructs a new informer for Role type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRoleInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().Roles(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().Roles(namespace).Watch(context.TODO(), options) - }, - }, - &rbacv1alpha1.Role{}, - resyncPeriod, - indexers, - ) -} - -func (f *roleInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRoleInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *roleInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1alpha1.Role{}, f.defaultInformer) -} - -func (f *roleInformer) Lister() v1alpha1.RoleLister { - return v1alpha1.NewRoleLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/rolebinding.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/rolebinding.go deleted file mode 100644 index d49ec8b362..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1alpha1/rolebinding.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/rbac/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// RoleBindingInformer provides access to a shared informer and lister for -// RoleBindings. -type RoleBindingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.RoleBindingLister -} - -type roleBindingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewRoleBindingInformer constructs a new informer for RoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRoleBindingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRoleBindingInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredRoleBindingInformer constructs a new informer for RoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRoleBindingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().RoleBindings(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1alpha1().RoleBindings(namespace).Watch(context.TODO(), options) - }, - }, - &rbacv1alpha1.RoleBinding{}, - resyncPeriod, - indexers, - ) -} - -func (f *roleBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRoleBindingInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *roleBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1alpha1.RoleBinding{}, f.defaultInformer) -} - -func (f *roleBindingInformer) Lister() v1alpha1.RoleBindingLister { - return v1alpha1.NewRoleBindingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/clusterrole.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/clusterrole.go deleted file mode 100644 index e50e1d3935..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/clusterrole.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/rbac/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterRoleInformer provides access to a shared informer and lister for -// ClusterRoles. -type ClusterRoleInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.ClusterRoleLister -} - -type clusterRoleInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterRoleInformer constructs a new informer for ClusterRole type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterRoleInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterRoleInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterRoleInformer constructs a new informer for ClusterRole type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterRoleInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().ClusterRoles().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().ClusterRoles().Watch(context.TODO(), options) - }, - }, - &rbacv1beta1.ClusterRole{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterRoleInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterRoleInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterRoleInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1beta1.ClusterRole{}, f.defaultInformer) -} - -func (f *clusterRoleInformer) Lister() v1beta1.ClusterRoleLister { - return v1beta1.NewClusterRoleLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/clusterrolebinding.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/clusterrolebinding.go deleted file mode 100644 index a7ea4cd38d..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/clusterrolebinding.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/rbac/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterRoleBindingInformer provides access to a shared informer and lister for -// ClusterRoleBindings. -type ClusterRoleBindingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.ClusterRoleBindingLister -} - -type clusterRoleBindingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterRoleBindingInformer constructs a new informer for ClusterRoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterRoleBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterRoleBindingInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterRoleBindingInformer constructs a new informer for ClusterRoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterRoleBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().ClusterRoleBindings().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().ClusterRoleBindings().Watch(context.TODO(), options) - }, - }, - &rbacv1beta1.ClusterRoleBinding{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterRoleBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterRoleBindingInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterRoleBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1beta1.ClusterRoleBinding{}, f.defaultInformer) -} - -func (f *clusterRoleBindingInformer) Lister() v1beta1.ClusterRoleBindingLister { - return v1beta1.NewClusterRoleBindingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/interface.go deleted file mode 100644 index 04add43afa..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/interface.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // ClusterRoles returns a ClusterRoleInformer. - ClusterRoles() ClusterRoleInformer - // ClusterRoleBindings returns a ClusterRoleBindingInformer. - ClusterRoleBindings() ClusterRoleBindingInformer - // Roles returns a RoleInformer. - Roles() RoleInformer - // RoleBindings returns a RoleBindingInformer. - RoleBindings() RoleBindingInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// ClusterRoles returns a ClusterRoleInformer. -func (v *version) ClusterRoles() ClusterRoleInformer { - return &clusterRoleInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// ClusterRoleBindings returns a ClusterRoleBindingInformer. -func (v *version) ClusterRoleBindings() ClusterRoleBindingInformer { - return &clusterRoleBindingInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// Roles returns a RoleInformer. -func (v *version) Roles() RoleInformer { - return &roleInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// RoleBindings returns a RoleBindingInformer. -func (v *version) RoleBindings() RoleBindingInformer { - return &roleBindingInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/role.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/role.go deleted file mode 100644 index e56961e81e..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/role.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/rbac/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// RoleInformer provides access to a shared informer and lister for -// Roles. -type RoleInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.RoleLister -} - -type roleInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewRoleInformer constructs a new informer for Role type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRoleInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRoleInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredRoleInformer constructs a new informer for Role type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRoleInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().Roles(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().Roles(namespace).Watch(context.TODO(), options) - }, - }, - &rbacv1beta1.Role{}, - resyncPeriod, - indexers, - ) -} - -func (f *roleInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRoleInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *roleInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1beta1.Role{}, f.defaultInformer) -} - -func (f *roleInformer) Lister() v1beta1.RoleLister { - return v1beta1.NewRoleLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/rolebinding.go b/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/rolebinding.go deleted file mode 100644 index d893882db3..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/rbac/v1beta1/rolebinding.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/rbac/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// RoleBindingInformer provides access to a shared informer and lister for -// RoleBindings. -type RoleBindingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.RoleBindingLister -} - -type roleBindingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewRoleBindingInformer constructs a new informer for RoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewRoleBindingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredRoleBindingInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredRoleBindingInformer constructs a new informer for RoleBinding type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredRoleBindingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().RoleBindings(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.RbacV1beta1().RoleBindings(namespace).Watch(context.TODO(), options) - }, - }, - &rbacv1beta1.RoleBinding{}, - resyncPeriod, - indexers, - ) -} - -func (f *roleBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredRoleBindingInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *roleBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&rbacv1beta1.RoleBinding{}, f.defaultInformer) -} - -func (f *roleBindingInformer) Lister() v1beta1.RoleBindingLister { - return v1beta1.NewRoleBindingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/resource/interface.go b/etcd/vendor/k8s.io/client-go/informers/resource/interface.go deleted file mode 100644 index 6cf95b0d47..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/resource/interface.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package resource - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - v1alpha1 "k8s.io/client-go/informers/resource/v1alpha1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/interface.go deleted file mode 100644 index 4449dfa652..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/interface.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // PodSchedulings returns a PodSchedulingInformer. - PodSchedulings() PodSchedulingInformer - // ResourceClaims returns a ResourceClaimInformer. - ResourceClaims() ResourceClaimInformer - // ResourceClaimTemplates returns a ResourceClaimTemplateInformer. - ResourceClaimTemplates() ResourceClaimTemplateInformer - // ResourceClasses returns a ResourceClassInformer. - ResourceClasses() ResourceClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// PodSchedulings returns a PodSchedulingInformer. -func (v *version) PodSchedulings() PodSchedulingInformer { - return &podSchedulingInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ResourceClaims returns a ResourceClaimInformer. -func (v *version) ResourceClaims() ResourceClaimInformer { - return &resourceClaimInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ResourceClaimTemplates returns a ResourceClaimTemplateInformer. -func (v *version) ResourceClaimTemplates() ResourceClaimTemplateInformer { - return &resourceClaimTemplateInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// ResourceClasses returns a ResourceClassInformer. -func (v *version) ResourceClasses() ResourceClassInformer { - return &resourceClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/podscheduling.go b/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/podscheduling.go deleted file mode 100644 index 87b4c34e15..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/podscheduling.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/resource/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// PodSchedulingInformer provides access to a shared informer and lister for -// PodSchedulings. -type PodSchedulingInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.PodSchedulingLister -} - -type podSchedulingInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewPodSchedulingInformer constructs a new informer for PodScheduling type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPodSchedulingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPodSchedulingInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredPodSchedulingInformer constructs a new informer for PodScheduling type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPodSchedulingInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().PodSchedulings(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().PodSchedulings(namespace).Watch(context.TODO(), options) - }, - }, - &resourcev1alpha1.PodScheduling{}, - resyncPeriod, - indexers, - ) -} - -func (f *podSchedulingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPodSchedulingInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *podSchedulingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&resourcev1alpha1.PodScheduling{}, f.defaultInformer) -} - -func (f *podSchedulingInformer) Lister() v1alpha1.PodSchedulingLister { - return v1alpha1.NewPodSchedulingLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclaim.go b/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclaim.go deleted file mode 100644 index 10150c0207..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclaim.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/resource/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ResourceClaimInformer provides access to a shared informer and lister for -// ResourceClaims. -type ResourceClaimInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ResourceClaimLister -} - -type resourceClaimInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewResourceClaimInformer constructs a new informer for ResourceClaim type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewResourceClaimInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredResourceClaimInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredResourceClaimInformer constructs a new informer for ResourceClaim type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredResourceClaimInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().ResourceClaims(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().ResourceClaims(namespace).Watch(context.TODO(), options) - }, - }, - &resourcev1alpha1.ResourceClaim{}, - resyncPeriod, - indexers, - ) -} - -func (f *resourceClaimInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredResourceClaimInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *resourceClaimInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&resourcev1alpha1.ResourceClaim{}, f.defaultInformer) -} - -func (f *resourceClaimInformer) Lister() v1alpha1.ResourceClaimLister { - return v1alpha1.NewResourceClaimLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclaimtemplate.go b/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclaimtemplate.go deleted file mode 100644 index cdffa49db7..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclaimtemplate.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/resource/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ResourceClaimTemplateInformer provides access to a shared informer and lister for -// ResourceClaimTemplates. -type ResourceClaimTemplateInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ResourceClaimTemplateLister -} - -type resourceClaimTemplateInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewResourceClaimTemplateInformer constructs a new informer for ResourceClaimTemplate type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewResourceClaimTemplateInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredResourceClaimTemplateInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredResourceClaimTemplateInformer constructs a new informer for ResourceClaimTemplate type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredResourceClaimTemplateInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().ResourceClaimTemplates(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().ResourceClaimTemplates(namespace).Watch(context.TODO(), options) - }, - }, - &resourcev1alpha1.ResourceClaimTemplate{}, - resyncPeriod, - indexers, - ) -} - -func (f *resourceClaimTemplateInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredResourceClaimTemplateInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *resourceClaimTemplateInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&resourcev1alpha1.ResourceClaimTemplate{}, f.defaultInformer) -} - -func (f *resourceClaimTemplateInformer) Lister() v1alpha1.ResourceClaimTemplateLister { - return v1alpha1.NewResourceClaimTemplateLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclass.go b/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclass.go deleted file mode 100644 index e6faa5d02e..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/resource/v1alpha1/resourceclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/resource/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// ResourceClassInformer provides access to a shared informer and lister for -// ResourceClasses. -type ResourceClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.ResourceClassLister -} - -type resourceClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewResourceClassInformer constructs a new informer for ResourceClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewResourceClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredResourceClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredResourceClassInformer constructs a new informer for ResourceClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredResourceClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().ResourceClasses().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ResourceV1alpha1().ResourceClasses().Watch(context.TODO(), options) - }, - }, - &resourcev1alpha1.ResourceClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *resourceClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredResourceClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *resourceClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&resourcev1alpha1.ResourceClass{}, f.defaultInformer) -} - -func (f *resourceClassInformer) Lister() v1alpha1.ResourceClassLister { - return v1alpha1.NewResourceClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/scheduling/interface.go b/etcd/vendor/k8s.io/client-go/informers/scheduling/interface.go deleted file mode 100644 index 659089b531..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/scheduling/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package scheduling - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - v1 "k8s.io/client-go/informers/scheduling/v1" - v1alpha1 "k8s.io/client-go/informers/scheduling/v1alpha1" - v1beta1 "k8s.io/client-go/informers/scheduling/v1beta1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/scheduling/v1/interface.go deleted file mode 100644 index fd7931f34a..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // PriorityClasses returns a PriorityClassInformer. - PriorityClasses() PriorityClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// PriorityClasses returns a PriorityClassInformer. -func (v *version) PriorityClasses() PriorityClassInformer { - return &priorityClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1/priorityclass.go b/etcd/vendor/k8s.io/client-go/informers/scheduling/v1/priorityclass.go deleted file mode 100644 index 730616b4a5..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1/priorityclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - schedulingv1 "k8s.io/api/scheduling/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/scheduling/v1" - cache "k8s.io/client-go/tools/cache" -) - -// PriorityClassInformer provides access to a shared informer and lister for -// PriorityClasses. -type PriorityClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.PriorityClassLister -} - -type priorityClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPriorityClassInformer constructs a new informer for PriorityClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPriorityClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPriorityClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPriorityClassInformer constructs a new informer for PriorityClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPriorityClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SchedulingV1().PriorityClasses().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SchedulingV1().PriorityClasses().Watch(context.TODO(), options) - }, - }, - &schedulingv1.PriorityClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *priorityClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPriorityClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *priorityClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&schedulingv1.PriorityClass{}, f.defaultInformer) -} - -func (f *priorityClassInformer) Lister() v1.PriorityClassLister { - return v1.NewPriorityClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/scheduling/v1alpha1/interface.go deleted file mode 100644 index cd908d14e6..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1alpha1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // PriorityClasses returns a PriorityClassInformer. - PriorityClasses() PriorityClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// PriorityClasses returns a PriorityClassInformer. -func (v *version) PriorityClasses() PriorityClassInformer { - return &priorityClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1alpha1/priorityclass.go b/etcd/vendor/k8s.io/client-go/informers/scheduling/v1alpha1/priorityclass.go deleted file mode 100644 index f82b664369..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1alpha1/priorityclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - schedulingv1alpha1 "k8s.io/api/scheduling/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/scheduling/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// PriorityClassInformer provides access to a shared informer and lister for -// PriorityClasses. -type PriorityClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.PriorityClassLister -} - -type priorityClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPriorityClassInformer constructs a new informer for PriorityClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPriorityClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPriorityClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPriorityClassInformer constructs a new informer for PriorityClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPriorityClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SchedulingV1alpha1().PriorityClasses().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SchedulingV1alpha1().PriorityClasses().Watch(context.TODO(), options) - }, - }, - &schedulingv1alpha1.PriorityClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *priorityClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPriorityClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *priorityClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&schedulingv1alpha1.PriorityClass{}, f.defaultInformer) -} - -func (f *priorityClassInformer) Lister() v1alpha1.PriorityClassLister { - return v1alpha1.NewPriorityClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/scheduling/v1beta1/interface.go deleted file mode 100644 index 52840a9cee..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1beta1/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // PriorityClasses returns a PriorityClassInformer. - PriorityClasses() PriorityClassInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// PriorityClasses returns a PriorityClassInformer. -func (v *version) PriorityClasses() PriorityClassInformer { - return &priorityClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1beta1/priorityclass.go b/etcd/vendor/k8s.io/client-go/informers/scheduling/v1beta1/priorityclass.go deleted file mode 100644 index fc7848891e..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/scheduling/v1beta1/priorityclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - schedulingv1beta1 "k8s.io/api/scheduling/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/scheduling/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// PriorityClassInformer provides access to a shared informer and lister for -// PriorityClasses. -type PriorityClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.PriorityClassLister -} - -type priorityClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewPriorityClassInformer constructs a new informer for PriorityClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewPriorityClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredPriorityClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredPriorityClassInformer constructs a new informer for PriorityClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredPriorityClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SchedulingV1beta1().PriorityClasses().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.SchedulingV1beta1().PriorityClasses().Watch(context.TODO(), options) - }, - }, - &schedulingv1beta1.PriorityClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *priorityClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredPriorityClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *priorityClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&schedulingv1beta1.PriorityClass{}, f.defaultInformer) -} - -func (f *priorityClassInformer) Lister() v1beta1.PriorityClassLister { - return v1beta1.NewPriorityClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/interface.go b/etcd/vendor/k8s.io/client-go/informers/storage/interface.go deleted file mode 100644 index 8245aa60c9..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/interface.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package storage - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - v1 "k8s.io/client-go/informers/storage/v1" - v1alpha1 "k8s.io/client-go/informers/storage/v1alpha1" - v1beta1 "k8s.io/client-go/informers/storage/v1beta1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1 provides access to shared informers for resources in V1. - V1() v1.Interface - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface - // V1beta1 provides access to shared informers for resources in V1beta1. - V1beta1() v1beta1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1 returns a new v1.Interface. -func (g *group) V1() v1.Interface { - return v1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} - -// V1beta1 returns a new v1beta1.Interface. -func (g *group) V1beta1() v1beta1.Interface { - return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1/csidriver.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1/csidriver.go deleted file mode 100644 index 6fd1e678d9..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1/csidriver.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/storage/v1" - cache "k8s.io/client-go/tools/cache" -) - -// CSIDriverInformer provides access to a shared informer and lister for -// CSIDrivers. -type CSIDriverInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.CSIDriverLister -} - -type cSIDriverInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewCSIDriverInformer constructs a new informer for CSIDriver type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCSIDriverInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCSIDriverInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredCSIDriverInformer constructs a new informer for CSIDriver type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCSIDriverInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().CSIDrivers().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().CSIDrivers().Watch(context.TODO(), options) - }, - }, - &storagev1.CSIDriver{}, - resyncPeriod, - indexers, - ) -} - -func (f *cSIDriverInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCSIDriverInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cSIDriverInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1.CSIDriver{}, f.defaultInformer) -} - -func (f *cSIDriverInformer) Lister() v1.CSIDriverLister { - return v1.NewCSIDriverLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1/csinode.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1/csinode.go deleted file mode 100644 index 96416967fb..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1/csinode.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/storage/v1" - cache "k8s.io/client-go/tools/cache" -) - -// CSINodeInformer provides access to a shared informer and lister for -// CSINodes. -type CSINodeInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.CSINodeLister -} - -type cSINodeInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewCSINodeInformer constructs a new informer for CSINode type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCSINodeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCSINodeInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredCSINodeInformer constructs a new informer for CSINode type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCSINodeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().CSINodes().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().CSINodes().Watch(context.TODO(), options) - }, - }, - &storagev1.CSINode{}, - resyncPeriod, - indexers, - ) -} - -func (f *cSINodeInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCSINodeInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cSINodeInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1.CSINode{}, f.defaultInformer) -} - -func (f *cSINodeInformer) Lister() v1.CSINodeLister { - return v1.NewCSINodeLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1/csistoragecapacity.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1/csistoragecapacity.go deleted file mode 100644 index 9b9095f3ae..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1/csistoragecapacity.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/storage/v1" - cache "k8s.io/client-go/tools/cache" -) - -// CSIStorageCapacityInformer provides access to a shared informer and lister for -// CSIStorageCapacities. -type CSIStorageCapacityInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.CSIStorageCapacityLister -} - -type cSIStorageCapacityInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCSIStorageCapacityInformer constructs a new informer for CSIStorageCapacity type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCSIStorageCapacityInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCSIStorageCapacityInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCSIStorageCapacityInformer constructs a new informer for CSIStorageCapacity type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCSIStorageCapacityInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().CSIStorageCapacities(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().CSIStorageCapacities(namespace).Watch(context.TODO(), options) - }, - }, - &storagev1.CSIStorageCapacity{}, - resyncPeriod, - indexers, - ) -} - -func (f *cSIStorageCapacityInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCSIStorageCapacityInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cSIStorageCapacityInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1.CSIStorageCapacity{}, f.defaultInformer) -} - -func (f *cSIStorageCapacityInformer) Lister() v1.CSIStorageCapacityLister { - return v1.NewCSIStorageCapacityLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1/interface.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1/interface.go deleted file mode 100644 index 4f017b0864..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1/interface.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // CSIDrivers returns a CSIDriverInformer. - CSIDrivers() CSIDriverInformer - // CSINodes returns a CSINodeInformer. - CSINodes() CSINodeInformer - // CSIStorageCapacities returns a CSIStorageCapacityInformer. - CSIStorageCapacities() CSIStorageCapacityInformer - // StorageClasses returns a StorageClassInformer. - StorageClasses() StorageClassInformer - // VolumeAttachments returns a VolumeAttachmentInformer. - VolumeAttachments() VolumeAttachmentInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// CSIDrivers returns a CSIDriverInformer. -func (v *version) CSIDrivers() CSIDriverInformer { - return &cSIDriverInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// CSINodes returns a CSINodeInformer. -func (v *version) CSINodes() CSINodeInformer { - return &cSINodeInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// CSIStorageCapacities returns a CSIStorageCapacityInformer. -func (v *version) CSIStorageCapacities() CSIStorageCapacityInformer { - return &cSIStorageCapacityInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// StorageClasses returns a StorageClassInformer. -func (v *version) StorageClasses() StorageClassInformer { - return &storageClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// VolumeAttachments returns a VolumeAttachmentInformer. -func (v *version) VolumeAttachments() VolumeAttachmentInformer { - return &volumeAttachmentInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1/storageclass.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1/storageclass.go deleted file mode 100644 index 8cde79d9a3..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1/storageclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/storage/v1" - cache "k8s.io/client-go/tools/cache" -) - -// StorageClassInformer provides access to a shared informer and lister for -// StorageClasses. -type StorageClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.StorageClassLister -} - -type storageClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewStorageClassInformer constructs a new informer for StorageClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewStorageClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredStorageClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredStorageClassInformer constructs a new informer for StorageClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredStorageClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().StorageClasses().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().StorageClasses().Watch(context.TODO(), options) - }, - }, - &storagev1.StorageClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *storageClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredStorageClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *storageClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1.StorageClass{}, f.defaultInformer) -} - -func (f *storageClassInformer) Lister() v1.StorageClassLister { - return v1.NewStorageClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1/volumeattachment.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1/volumeattachment.go deleted file mode 100644 index be605ff48c..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1/volumeattachment.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - "context" - time "time" - - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1 "k8s.io/client-go/listers/storage/v1" - cache "k8s.io/client-go/tools/cache" -) - -// VolumeAttachmentInformer provides access to a shared informer and lister for -// VolumeAttachments. -type VolumeAttachmentInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1.VolumeAttachmentLister -} - -type volumeAttachmentInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewVolumeAttachmentInformer constructs a new informer for VolumeAttachment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewVolumeAttachmentInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredVolumeAttachmentInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredVolumeAttachmentInformer constructs a new informer for VolumeAttachment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredVolumeAttachmentInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().VolumeAttachments().List(context.TODO(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1().VolumeAttachments().Watch(context.TODO(), options) - }, - }, - &storagev1.VolumeAttachment{}, - resyncPeriod, - indexers, - ) -} - -func (f *volumeAttachmentInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredVolumeAttachmentInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *volumeAttachmentInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1.VolumeAttachment{}, f.defaultInformer) -} - -func (f *volumeAttachmentInformer) Lister() v1.VolumeAttachmentLister { - return v1.NewVolumeAttachmentLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/csistoragecapacity.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/csistoragecapacity.go deleted file mode 100644 index e59dfab2d1..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/csistoragecapacity.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - storagev1alpha1 "k8s.io/api/storage/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/storage/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// CSIStorageCapacityInformer provides access to a shared informer and lister for -// CSIStorageCapacities. -type CSIStorageCapacityInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.CSIStorageCapacityLister -} - -type cSIStorageCapacityInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCSIStorageCapacityInformer constructs a new informer for CSIStorageCapacity type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCSIStorageCapacityInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCSIStorageCapacityInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCSIStorageCapacityInformer constructs a new informer for CSIStorageCapacity type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCSIStorageCapacityInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1alpha1().CSIStorageCapacities(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1alpha1().CSIStorageCapacities(namespace).Watch(context.TODO(), options) - }, - }, - &storagev1alpha1.CSIStorageCapacity{}, - resyncPeriod, - indexers, - ) -} - -func (f *cSIStorageCapacityInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCSIStorageCapacityInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cSIStorageCapacityInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1alpha1.CSIStorageCapacity{}, f.defaultInformer) -} - -func (f *cSIStorageCapacityInformer) Lister() v1alpha1.CSIStorageCapacityLister { - return v1alpha1.NewCSIStorageCapacityLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/interface.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/interface.go deleted file mode 100644 index 033d3b10aa..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/interface.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // CSIStorageCapacities returns a CSIStorageCapacityInformer. - CSIStorageCapacities() CSIStorageCapacityInformer - // VolumeAttachments returns a VolumeAttachmentInformer. - VolumeAttachments() VolumeAttachmentInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// CSIStorageCapacities returns a CSIStorageCapacityInformer. -func (v *version) CSIStorageCapacities() CSIStorageCapacityInformer { - return &cSIStorageCapacityInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// VolumeAttachments returns a VolumeAttachmentInformer. -func (v *version) VolumeAttachments() VolumeAttachmentInformer { - return &volumeAttachmentInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/volumeattachment.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/volumeattachment.go deleted file mode 100644 index 445496dade..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1alpha1/volumeattachment.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - storagev1alpha1 "k8s.io/api/storage/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1alpha1 "k8s.io/client-go/listers/storage/v1alpha1" - cache "k8s.io/client-go/tools/cache" -) - -// VolumeAttachmentInformer provides access to a shared informer and lister for -// VolumeAttachments. -type VolumeAttachmentInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.VolumeAttachmentLister -} - -type volumeAttachmentInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewVolumeAttachmentInformer constructs a new informer for VolumeAttachment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewVolumeAttachmentInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredVolumeAttachmentInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredVolumeAttachmentInformer constructs a new informer for VolumeAttachment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredVolumeAttachmentInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1alpha1().VolumeAttachments().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1alpha1().VolumeAttachments().Watch(context.TODO(), options) - }, - }, - &storagev1alpha1.VolumeAttachment{}, - resyncPeriod, - indexers, - ) -} - -func (f *volumeAttachmentInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredVolumeAttachmentInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *volumeAttachmentInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1alpha1.VolumeAttachment{}, f.defaultInformer) -} - -func (f *volumeAttachmentInformer) Lister() v1alpha1.VolumeAttachmentLister { - return v1alpha1.NewVolumeAttachmentLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csidriver.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csidriver.go deleted file mode 100644 index f138a915b8..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csidriver.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - storagev1beta1 "k8s.io/api/storage/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/storage/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// CSIDriverInformer provides access to a shared informer and lister for -// CSIDrivers. -type CSIDriverInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.CSIDriverLister -} - -type cSIDriverInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewCSIDriverInformer constructs a new informer for CSIDriver type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCSIDriverInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCSIDriverInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredCSIDriverInformer constructs a new informer for CSIDriver type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCSIDriverInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().CSIDrivers().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().CSIDrivers().Watch(context.TODO(), options) - }, - }, - &storagev1beta1.CSIDriver{}, - resyncPeriod, - indexers, - ) -} - -func (f *cSIDriverInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCSIDriverInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cSIDriverInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1beta1.CSIDriver{}, f.defaultInformer) -} - -func (f *cSIDriverInformer) Lister() v1beta1.CSIDriverLister { - return v1beta1.NewCSIDriverLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csinode.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csinode.go deleted file mode 100644 index 6ba63172a3..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csinode.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - storagev1beta1 "k8s.io/api/storage/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/storage/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// CSINodeInformer provides access to a shared informer and lister for -// CSINodes. -type CSINodeInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.CSINodeLister -} - -type cSINodeInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewCSINodeInformer constructs a new informer for CSINode type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCSINodeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCSINodeInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredCSINodeInformer constructs a new informer for CSINode type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCSINodeInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().CSINodes().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().CSINodes().Watch(context.TODO(), options) - }, - }, - &storagev1beta1.CSINode{}, - resyncPeriod, - indexers, - ) -} - -func (f *cSINodeInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCSINodeInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cSINodeInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1beta1.CSINode{}, f.defaultInformer) -} - -func (f *cSINodeInformer) Lister() v1beta1.CSINodeLister { - return v1beta1.NewCSINodeLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csistoragecapacity.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csistoragecapacity.go deleted file mode 100644 index 8f0cc46687..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/csistoragecapacity.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - storagev1beta1 "k8s.io/api/storage/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/storage/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// CSIStorageCapacityInformer provides access to a shared informer and lister for -// CSIStorageCapacities. -type CSIStorageCapacityInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.CSIStorageCapacityLister -} - -type cSIStorageCapacityInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCSIStorageCapacityInformer constructs a new informer for CSIStorageCapacity type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCSIStorageCapacityInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCSIStorageCapacityInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCSIStorageCapacityInformer constructs a new informer for CSIStorageCapacity type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCSIStorageCapacityInformer(client kubernetes.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().CSIStorageCapacities(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().CSIStorageCapacities(namespace).Watch(context.TODO(), options) - }, - }, - &storagev1beta1.CSIStorageCapacity{}, - resyncPeriod, - indexers, - ) -} - -func (f *cSIStorageCapacityInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCSIStorageCapacityInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *cSIStorageCapacityInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1beta1.CSIStorageCapacity{}, f.defaultInformer) -} - -func (f *cSIStorageCapacityInformer) Lister() v1beta1.CSIStorageCapacityLister { - return v1beta1.NewCSIStorageCapacityLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/interface.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/interface.go deleted file mode 100644 index 77b77c08ee..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/interface.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // CSIDrivers returns a CSIDriverInformer. - CSIDrivers() CSIDriverInformer - // CSINodes returns a CSINodeInformer. - CSINodes() CSINodeInformer - // CSIStorageCapacities returns a CSIStorageCapacityInformer. - CSIStorageCapacities() CSIStorageCapacityInformer - // StorageClasses returns a StorageClassInformer. - StorageClasses() StorageClassInformer - // VolumeAttachments returns a VolumeAttachmentInformer. - VolumeAttachments() VolumeAttachmentInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// CSIDrivers returns a CSIDriverInformer. -func (v *version) CSIDrivers() CSIDriverInformer { - return &cSIDriverInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// CSINodes returns a CSINodeInformer. -func (v *version) CSINodes() CSINodeInformer { - return &cSINodeInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// CSIStorageCapacities returns a CSIStorageCapacityInformer. -func (v *version) CSIStorageCapacities() CSIStorageCapacityInformer { - return &cSIStorageCapacityInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - -// StorageClasses returns a StorageClassInformer. -func (v *version) StorageClasses() StorageClassInformer { - return &storageClassInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - -// VolumeAttachments returns a VolumeAttachmentInformer. -func (v *version) VolumeAttachments() VolumeAttachmentInformer { - return &volumeAttachmentInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/storageclass.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/storageclass.go deleted file mode 100644 index a6582bf3d6..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/storageclass.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - storagev1beta1 "k8s.io/api/storage/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/storage/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// StorageClassInformer provides access to a shared informer and lister for -// StorageClasses. -type StorageClassInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.StorageClassLister -} - -type storageClassInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewStorageClassInformer constructs a new informer for StorageClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewStorageClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredStorageClassInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredStorageClassInformer constructs a new informer for StorageClass type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredStorageClassInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().StorageClasses().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().StorageClasses().Watch(context.TODO(), options) - }, - }, - &storagev1beta1.StorageClass{}, - resyncPeriod, - indexers, - ) -} - -func (f *storageClassInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredStorageClassInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *storageClassInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1beta1.StorageClass{}, f.defaultInformer) -} - -func (f *storageClassInformer) Lister() v1beta1.StorageClassLister { - return v1beta1.NewStorageClassLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/volumeattachment.go b/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/volumeattachment.go deleted file mode 100644 index e894246349..0000000000 --- a/etcd/vendor/k8s.io/client-go/informers/storage/v1beta1/volumeattachment.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - storagev1beta1 "k8s.io/api/storage/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - internalinterfaces "k8s.io/client-go/informers/internalinterfaces" - kubernetes "k8s.io/client-go/kubernetes" - v1beta1 "k8s.io/client-go/listers/storage/v1beta1" - cache "k8s.io/client-go/tools/cache" -) - -// VolumeAttachmentInformer provides access to a shared informer and lister for -// VolumeAttachments. -type VolumeAttachmentInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.VolumeAttachmentLister -} - -type volumeAttachmentInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewVolumeAttachmentInformer constructs a new informer for VolumeAttachment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewVolumeAttachmentInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredVolumeAttachmentInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredVolumeAttachmentInformer constructs a new informer for VolumeAttachment type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredVolumeAttachmentInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().VolumeAttachments().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.StorageV1beta1().VolumeAttachments().Watch(context.TODO(), options) - }, - }, - &storagev1beta1.VolumeAttachment{}, - resyncPeriod, - indexers, - ) -} - -func (f *volumeAttachmentInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredVolumeAttachmentInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *volumeAttachmentInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&storagev1beta1.VolumeAttachment{}, f.defaultInformer) -} - -func (f *volumeAttachmentInformer) Lister() v1beta1.VolumeAttachmentLister { - return v1beta1.NewVolumeAttachmentLister(f.Informer().GetIndexer()) -} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/expansion_generated.go deleted file mode 100644 index e121ae41a3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// MutatingWebhookConfigurationListerExpansion allows custom methods to be added to -// MutatingWebhookConfigurationLister. -type MutatingWebhookConfigurationListerExpansion interface{} - -// ValidatingWebhookConfigurationListerExpansion allows custom methods to be added to -// ValidatingWebhookConfigurationLister. -type ValidatingWebhookConfigurationListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/mutatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/mutatingwebhookconfiguration.go deleted file mode 100644 index fe9e27985d..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/mutatingwebhookconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/admissionregistration/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// MutatingWebhookConfigurationLister helps list MutatingWebhookConfigurations. -// All objects returned here must be treated as read-only. -type MutatingWebhookConfigurationLister interface { - // List lists all MutatingWebhookConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.MutatingWebhookConfiguration, err error) - // Get retrieves the MutatingWebhookConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.MutatingWebhookConfiguration, error) - MutatingWebhookConfigurationListerExpansion -} - -// mutatingWebhookConfigurationLister implements the MutatingWebhookConfigurationLister interface. -type mutatingWebhookConfigurationLister struct { - indexer cache.Indexer -} - -// NewMutatingWebhookConfigurationLister returns a new MutatingWebhookConfigurationLister. -func NewMutatingWebhookConfigurationLister(indexer cache.Indexer) MutatingWebhookConfigurationLister { - return &mutatingWebhookConfigurationLister{indexer: indexer} -} - -// List lists all MutatingWebhookConfigurations in the indexer. -func (s *mutatingWebhookConfigurationLister) List(selector labels.Selector) (ret []*v1.MutatingWebhookConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.MutatingWebhookConfiguration)) - }) - return ret, err -} - -// Get retrieves the MutatingWebhookConfiguration from the index for a given name. -func (s *mutatingWebhookConfigurationLister) Get(name string) (*v1.MutatingWebhookConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("mutatingwebhookconfiguration"), name) - } - return obj.(*v1.MutatingWebhookConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/validatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/validatingwebhookconfiguration.go deleted file mode 100644 index 1579a0ebb7..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1/validatingwebhookconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/admissionregistration/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ValidatingWebhookConfigurationLister helps list ValidatingWebhookConfigurations. -// All objects returned here must be treated as read-only. -type ValidatingWebhookConfigurationLister interface { - // List lists all ValidatingWebhookConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ValidatingWebhookConfiguration, err error) - // Get retrieves the ValidatingWebhookConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ValidatingWebhookConfiguration, error) - ValidatingWebhookConfigurationListerExpansion -} - -// validatingWebhookConfigurationLister implements the ValidatingWebhookConfigurationLister interface. -type validatingWebhookConfigurationLister struct { - indexer cache.Indexer -} - -// NewValidatingWebhookConfigurationLister returns a new ValidatingWebhookConfigurationLister. -func NewValidatingWebhookConfigurationLister(indexer cache.Indexer) ValidatingWebhookConfigurationLister { - return &validatingWebhookConfigurationLister{indexer: indexer} -} - -// List lists all ValidatingWebhookConfigurations in the indexer. -func (s *validatingWebhookConfigurationLister) List(selector labels.Selector) (ret []*v1.ValidatingWebhookConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ValidatingWebhookConfiguration)) - }) - return ret, err -} - -// Get retrieves the ValidatingWebhookConfiguration from the index for a given name. -func (s *validatingWebhookConfigurationLister) Get(name string) (*v1.ValidatingWebhookConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("validatingwebhookconfiguration"), name) - } - return obj.(*v1.ValidatingWebhookConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/expansion_generated.go deleted file mode 100644 index 3f8b7819ce..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// ValidatingAdmissionPolicyListerExpansion allows custom methods to be added to -// ValidatingAdmissionPolicyLister. -type ValidatingAdmissionPolicyListerExpansion interface{} - -// ValidatingAdmissionPolicyBindingListerExpansion allows custom methods to be added to -// ValidatingAdmissionPolicyBindingLister. -type ValidatingAdmissionPolicyBindingListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/validatingadmissionpolicy.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/validatingadmissionpolicy.go deleted file mode 100644 index ae500183a7..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/validatingadmissionpolicy.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ValidatingAdmissionPolicyLister helps list ValidatingAdmissionPolicies. -// All objects returned here must be treated as read-only. -type ValidatingAdmissionPolicyLister interface { - // List lists all ValidatingAdmissionPolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ValidatingAdmissionPolicy, err error) - // Get retrieves the ValidatingAdmissionPolicy from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ValidatingAdmissionPolicy, error) - ValidatingAdmissionPolicyListerExpansion -} - -// validatingAdmissionPolicyLister implements the ValidatingAdmissionPolicyLister interface. -type validatingAdmissionPolicyLister struct { - indexer cache.Indexer -} - -// NewValidatingAdmissionPolicyLister returns a new ValidatingAdmissionPolicyLister. -func NewValidatingAdmissionPolicyLister(indexer cache.Indexer) ValidatingAdmissionPolicyLister { - return &validatingAdmissionPolicyLister{indexer: indexer} -} - -// List lists all ValidatingAdmissionPolicies in the indexer. -func (s *validatingAdmissionPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.ValidatingAdmissionPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ValidatingAdmissionPolicy)) - }) - return ret, err -} - -// Get retrieves the ValidatingAdmissionPolicy from the index for a given name. -func (s *validatingAdmissionPolicyLister) Get(name string) (*v1alpha1.ValidatingAdmissionPolicy, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("validatingadmissionpolicy"), name) - } - return obj.(*v1alpha1.ValidatingAdmissionPolicy), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/validatingadmissionpolicybinding.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/validatingadmissionpolicybinding.go deleted file mode 100644 index 552854daf2..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1alpha1/validatingadmissionpolicybinding.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ValidatingAdmissionPolicyBindingLister helps list ValidatingAdmissionPolicyBindings. -// All objects returned here must be treated as read-only. -type ValidatingAdmissionPolicyBindingLister interface { - // List lists all ValidatingAdmissionPolicyBindings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ValidatingAdmissionPolicyBinding, err error) - // Get retrieves the ValidatingAdmissionPolicyBinding from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ValidatingAdmissionPolicyBinding, error) - ValidatingAdmissionPolicyBindingListerExpansion -} - -// validatingAdmissionPolicyBindingLister implements the ValidatingAdmissionPolicyBindingLister interface. -type validatingAdmissionPolicyBindingLister struct { - indexer cache.Indexer -} - -// NewValidatingAdmissionPolicyBindingLister returns a new ValidatingAdmissionPolicyBindingLister. -func NewValidatingAdmissionPolicyBindingLister(indexer cache.Indexer) ValidatingAdmissionPolicyBindingLister { - return &validatingAdmissionPolicyBindingLister{indexer: indexer} -} - -// List lists all ValidatingAdmissionPolicyBindings in the indexer. -func (s *validatingAdmissionPolicyBindingLister) List(selector labels.Selector) (ret []*v1alpha1.ValidatingAdmissionPolicyBinding, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ValidatingAdmissionPolicyBinding)) - }) - return ret, err -} - -// Get retrieves the ValidatingAdmissionPolicyBinding from the index for a given name. -func (s *validatingAdmissionPolicyBindingLister) Get(name string) (*v1alpha1.ValidatingAdmissionPolicyBinding, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("validatingadmissionpolicybinding"), name) - } - return obj.(*v1alpha1.ValidatingAdmissionPolicyBinding), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/expansion_generated.go deleted file mode 100644 index 8960abc4f4..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// MutatingWebhookConfigurationListerExpansion allows custom methods to be added to -// MutatingWebhookConfigurationLister. -type MutatingWebhookConfigurationListerExpansion interface{} - -// ValidatingWebhookConfigurationListerExpansion allows custom methods to be added to -// ValidatingWebhookConfigurationLister. -type ValidatingWebhookConfigurationListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/mutatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/mutatingwebhookconfiguration.go deleted file mode 100644 index 93c6096ee9..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/mutatingwebhookconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/admissionregistration/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// MutatingWebhookConfigurationLister helps list MutatingWebhookConfigurations. -// All objects returned here must be treated as read-only. -type MutatingWebhookConfigurationLister interface { - // List lists all MutatingWebhookConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.MutatingWebhookConfiguration, err error) - // Get retrieves the MutatingWebhookConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.MutatingWebhookConfiguration, error) - MutatingWebhookConfigurationListerExpansion -} - -// mutatingWebhookConfigurationLister implements the MutatingWebhookConfigurationLister interface. -type mutatingWebhookConfigurationLister struct { - indexer cache.Indexer -} - -// NewMutatingWebhookConfigurationLister returns a new MutatingWebhookConfigurationLister. -func NewMutatingWebhookConfigurationLister(indexer cache.Indexer) MutatingWebhookConfigurationLister { - return &mutatingWebhookConfigurationLister{indexer: indexer} -} - -// List lists all MutatingWebhookConfigurations in the indexer. -func (s *mutatingWebhookConfigurationLister) List(selector labels.Selector) (ret []*v1beta1.MutatingWebhookConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.MutatingWebhookConfiguration)) - }) - return ret, err -} - -// Get retrieves the MutatingWebhookConfiguration from the index for a given name. -func (s *mutatingWebhookConfigurationLister) Get(name string) (*v1beta1.MutatingWebhookConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("mutatingwebhookconfiguration"), name) - } - return obj.(*v1beta1.MutatingWebhookConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingwebhookconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingwebhookconfiguration.go deleted file mode 100644 index 7c17fccb2e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingwebhookconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/admissionregistration/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ValidatingWebhookConfigurationLister helps list ValidatingWebhookConfigurations. -// All objects returned here must be treated as read-only. -type ValidatingWebhookConfigurationLister interface { - // List lists all ValidatingWebhookConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ValidatingWebhookConfiguration, err error) - // Get retrieves the ValidatingWebhookConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.ValidatingWebhookConfiguration, error) - ValidatingWebhookConfigurationListerExpansion -} - -// validatingWebhookConfigurationLister implements the ValidatingWebhookConfigurationLister interface. -type validatingWebhookConfigurationLister struct { - indexer cache.Indexer -} - -// NewValidatingWebhookConfigurationLister returns a new ValidatingWebhookConfigurationLister. -func NewValidatingWebhookConfigurationLister(indexer cache.Indexer) ValidatingWebhookConfigurationLister { - return &validatingWebhookConfigurationLister{indexer: indexer} -} - -// List lists all ValidatingWebhookConfigurations in the indexer. -func (s *validatingWebhookConfigurationLister) List(selector labels.Selector) (ret []*v1beta1.ValidatingWebhookConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.ValidatingWebhookConfiguration)) - }) - return ret, err -} - -// Get retrieves the ValidatingWebhookConfiguration from the index for a given name. -func (s *validatingWebhookConfigurationLister) Get(name string) (*v1beta1.ValidatingWebhookConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("validatingwebhookconfiguration"), name) - } - return obj.(*v1beta1.ValidatingWebhookConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apiserverinternal/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/apiserverinternal/v1alpha1/expansion_generated.go deleted file mode 100644 index ad860c7c95..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apiserverinternal/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// StorageVersionListerExpansion allows custom methods to be added to -// StorageVersionLister. -type StorageVersionListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/apiserverinternal/v1alpha1/storageversion.go b/etcd/vendor/k8s.io/client-go/listers/apiserverinternal/v1alpha1/storageversion.go deleted file mode 100644 index 9a6d74b2bf..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apiserverinternal/v1alpha1/storageversion.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// StorageVersionLister helps list StorageVersions. -// All objects returned here must be treated as read-only. -type StorageVersionLister interface { - // List lists all StorageVersions in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.StorageVersion, err error) - // Get retrieves the StorageVersion from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.StorageVersion, error) - StorageVersionListerExpansion -} - -// storageVersionLister implements the StorageVersionLister interface. -type storageVersionLister struct { - indexer cache.Indexer -} - -// NewStorageVersionLister returns a new StorageVersionLister. -func NewStorageVersionLister(indexer cache.Indexer) StorageVersionLister { - return &storageVersionLister{indexer: indexer} -} - -// List lists all StorageVersions in the indexer. -func (s *storageVersionLister) List(selector labels.Selector) (ret []*v1alpha1.StorageVersion, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.StorageVersion)) - }) - return ret, err -} - -// Get retrieves the StorageVersion from the index for a given name. -func (s *storageVersionLister) Get(name string) (*v1alpha1.StorageVersion, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("storageversion"), name) - } - return obj.(*v1alpha1.StorageVersion), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/controllerrevision.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/controllerrevision.go deleted file mode 100644 index 9e2f973746..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/controllerrevision.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ControllerRevisionLister helps list ControllerRevisions. -// All objects returned here must be treated as read-only. -type ControllerRevisionLister interface { - // List lists all ControllerRevisions in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ControllerRevision, err error) - // ControllerRevisions returns an object that can list and get ControllerRevisions. - ControllerRevisions(namespace string) ControllerRevisionNamespaceLister - ControllerRevisionListerExpansion -} - -// controllerRevisionLister implements the ControllerRevisionLister interface. -type controllerRevisionLister struct { - indexer cache.Indexer -} - -// NewControllerRevisionLister returns a new ControllerRevisionLister. -func NewControllerRevisionLister(indexer cache.Indexer) ControllerRevisionLister { - return &controllerRevisionLister{indexer: indexer} -} - -// List lists all ControllerRevisions in the indexer. -func (s *controllerRevisionLister) List(selector labels.Selector) (ret []*v1.ControllerRevision, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ControllerRevision)) - }) - return ret, err -} - -// ControllerRevisions returns an object that can list and get ControllerRevisions. -func (s *controllerRevisionLister) ControllerRevisions(namespace string) ControllerRevisionNamespaceLister { - return controllerRevisionNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ControllerRevisionNamespaceLister helps list and get ControllerRevisions. -// All objects returned here must be treated as read-only. -type ControllerRevisionNamespaceLister interface { - // List lists all ControllerRevisions in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ControllerRevision, err error) - // Get retrieves the ControllerRevision from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ControllerRevision, error) - ControllerRevisionNamespaceListerExpansion -} - -// controllerRevisionNamespaceLister implements the ControllerRevisionNamespaceLister -// interface. -type controllerRevisionNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ControllerRevisions in the indexer for a given namespace. -func (s controllerRevisionNamespaceLister) List(selector labels.Selector) (ret []*v1.ControllerRevision, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ControllerRevision)) - }) - return ret, err -} - -// Get retrieves the ControllerRevision from the indexer for a given namespace and name. -func (s controllerRevisionNamespaceLister) Get(name string) (*v1.ControllerRevision, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("controllerrevision"), name) - } - return obj.(*v1.ControllerRevision), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/daemonset.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/daemonset.go deleted file mode 100644 index 061959e3da..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/daemonset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// DaemonSetLister helps list DaemonSets. -// All objects returned here must be treated as read-only. -type DaemonSetLister interface { - // List lists all DaemonSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.DaemonSet, err error) - // DaemonSets returns an object that can list and get DaemonSets. - DaemonSets(namespace string) DaemonSetNamespaceLister - DaemonSetListerExpansion -} - -// daemonSetLister implements the DaemonSetLister interface. -type daemonSetLister struct { - indexer cache.Indexer -} - -// NewDaemonSetLister returns a new DaemonSetLister. -func NewDaemonSetLister(indexer cache.Indexer) DaemonSetLister { - return &daemonSetLister{indexer: indexer} -} - -// List lists all DaemonSets in the indexer. -func (s *daemonSetLister) List(selector labels.Selector) (ret []*v1.DaemonSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.DaemonSet)) - }) - return ret, err -} - -// DaemonSets returns an object that can list and get DaemonSets. -func (s *daemonSetLister) DaemonSets(namespace string) DaemonSetNamespaceLister { - return daemonSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// DaemonSetNamespaceLister helps list and get DaemonSets. -// All objects returned here must be treated as read-only. -type DaemonSetNamespaceLister interface { - // List lists all DaemonSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.DaemonSet, err error) - // Get retrieves the DaemonSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.DaemonSet, error) - DaemonSetNamespaceListerExpansion -} - -// daemonSetNamespaceLister implements the DaemonSetNamespaceLister -// interface. -type daemonSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all DaemonSets in the indexer for a given namespace. -func (s daemonSetNamespaceLister) List(selector labels.Selector) (ret []*v1.DaemonSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.DaemonSet)) - }) - return ret, err -} - -// Get retrieves the DaemonSet from the indexer for a given namespace and name. -func (s daemonSetNamespaceLister) Get(name string) (*v1.DaemonSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("daemonset"), name) - } - return obj.(*v1.DaemonSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/daemonset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/daemonset_expansion.go deleted file mode 100644 index 667d6fb88e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/daemonset_expansion.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// DaemonSetListerExpansion allows custom methods to be added to -// DaemonSetLister. -type DaemonSetListerExpansion interface { - GetPodDaemonSets(pod *v1.Pod) ([]*apps.DaemonSet, error) - GetHistoryDaemonSets(history *apps.ControllerRevision) ([]*apps.DaemonSet, error) -} - -// DaemonSetNamespaceListerExpansion allows custom methods to be added to -// DaemonSetNamespaceLister. -type DaemonSetNamespaceListerExpansion interface{} - -// GetPodDaemonSets returns a list of DaemonSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching DaemonSets are found. -func (s *daemonSetLister) GetPodDaemonSets(pod *v1.Pod) ([]*apps.DaemonSet, error) { - var selector labels.Selector - var daemonSet *apps.DaemonSet - - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no daemon sets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.DaemonSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var daemonSets []*apps.DaemonSet - for i := range list { - daemonSet = list[i] - if daemonSet.Namespace != pod.Namespace { - continue - } - selector, err = metav1.LabelSelectorAsSelector(daemonSet.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a daemonSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - daemonSets = append(daemonSets, daemonSet) - } - - if len(daemonSets) == 0 { - return nil, fmt.Errorf("could not find daemon set for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return daemonSets, nil -} - -// GetHistoryDaemonSets returns a list of DaemonSets that potentially -// match a ControllerRevision. Only the one specified in the ControllerRevision's ControllerRef -// will actually manage it. -// Returns an error only if no matching DaemonSets are found. -func (s *daemonSetLister) GetHistoryDaemonSets(history *apps.ControllerRevision) ([]*apps.DaemonSet, error) { - if len(history.Labels) == 0 { - return nil, fmt.Errorf("no DaemonSet found for ControllerRevision %s because it has no labels", history.Name) - } - - list, err := s.DaemonSets(history.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var daemonSets []*apps.DaemonSet - for _, ds := range list { - selector, err := metav1.LabelSelectorAsSelector(ds.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the history - continue - } - // If a DaemonSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(history.Labels)) { - continue - } - daemonSets = append(daemonSets, ds) - } - - if len(daemonSets) == 0 { - return nil, fmt.Errorf("could not find DaemonSets for ControllerRevision %s in namespace %s with labels: %v", history.Name, history.Namespace, history.Labels) - } - - return daemonSets, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/deployment.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/deployment.go deleted file mode 100644 index 7704034172..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/deployment.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// DeploymentLister helps list Deployments. -// All objects returned here must be treated as read-only. -type DeploymentLister interface { - // List lists all Deployments in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Deployment, err error) - // Deployments returns an object that can list and get Deployments. - Deployments(namespace string) DeploymentNamespaceLister - DeploymentListerExpansion -} - -// deploymentLister implements the DeploymentLister interface. -type deploymentLister struct { - indexer cache.Indexer -} - -// NewDeploymentLister returns a new DeploymentLister. -func NewDeploymentLister(indexer cache.Indexer) DeploymentLister { - return &deploymentLister{indexer: indexer} -} - -// List lists all Deployments in the indexer. -func (s *deploymentLister) List(selector labels.Selector) (ret []*v1.Deployment, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Deployment)) - }) - return ret, err -} - -// Deployments returns an object that can list and get Deployments. -func (s *deploymentLister) Deployments(namespace string) DeploymentNamespaceLister { - return deploymentNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// DeploymentNamespaceLister helps list and get Deployments. -// All objects returned here must be treated as read-only. -type DeploymentNamespaceLister interface { - // List lists all Deployments in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Deployment, err error) - // Get retrieves the Deployment from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Deployment, error) - DeploymentNamespaceListerExpansion -} - -// deploymentNamespaceLister implements the DeploymentNamespaceLister -// interface. -type deploymentNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Deployments in the indexer for a given namespace. -func (s deploymentNamespaceLister) List(selector labels.Selector) (ret []*v1.Deployment, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Deployment)) - }) - return ret, err -} - -// Get retrieves the Deployment from the indexer for a given namespace and name. -func (s deploymentNamespaceLister) Get(name string) (*v1.Deployment, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("deployment"), name) - } - return obj.(*v1.Deployment), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/expansion_generated.go deleted file mode 100644 index 0c357589d0..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/expansion_generated.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// ControllerRevisionListerExpansion allows custom methods to be added to -// ControllerRevisionLister. -type ControllerRevisionListerExpansion interface{} - -// ControllerRevisionNamespaceListerExpansion allows custom methods to be added to -// ControllerRevisionNamespaceLister. -type ControllerRevisionNamespaceListerExpansion interface{} - -// DeploymentListerExpansion allows custom methods to be added to -// DeploymentLister. -type DeploymentListerExpansion interface{} - -// DeploymentNamespaceListerExpansion allows custom methods to be added to -// DeploymentNamespaceLister. -type DeploymentNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/replicaset.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/replicaset.go deleted file mode 100644 index 3ca7757eb9..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/replicaset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ReplicaSetLister helps list ReplicaSets. -// All objects returned here must be treated as read-only. -type ReplicaSetLister interface { - // List lists all ReplicaSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ReplicaSet, err error) - // ReplicaSets returns an object that can list and get ReplicaSets. - ReplicaSets(namespace string) ReplicaSetNamespaceLister - ReplicaSetListerExpansion -} - -// replicaSetLister implements the ReplicaSetLister interface. -type replicaSetLister struct { - indexer cache.Indexer -} - -// NewReplicaSetLister returns a new ReplicaSetLister. -func NewReplicaSetLister(indexer cache.Indexer) ReplicaSetLister { - return &replicaSetLister{indexer: indexer} -} - -// List lists all ReplicaSets in the indexer. -func (s *replicaSetLister) List(selector labels.Selector) (ret []*v1.ReplicaSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ReplicaSet)) - }) - return ret, err -} - -// ReplicaSets returns an object that can list and get ReplicaSets. -func (s *replicaSetLister) ReplicaSets(namespace string) ReplicaSetNamespaceLister { - return replicaSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ReplicaSetNamespaceLister helps list and get ReplicaSets. -// All objects returned here must be treated as read-only. -type ReplicaSetNamespaceLister interface { - // List lists all ReplicaSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ReplicaSet, err error) - // Get retrieves the ReplicaSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ReplicaSet, error) - ReplicaSetNamespaceListerExpansion -} - -// replicaSetNamespaceLister implements the ReplicaSetNamespaceLister -// interface. -type replicaSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ReplicaSets in the indexer for a given namespace. -func (s replicaSetNamespaceLister) List(selector labels.Selector) (ret []*v1.ReplicaSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ReplicaSet)) - }) - return ret, err -} - -// Get retrieves the ReplicaSet from the indexer for a given namespace and name. -func (s replicaSetNamespaceLister) Get(name string) (*v1.ReplicaSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("replicaset"), name) - } - return obj.(*v1.ReplicaSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/replicaset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/replicaset_expansion.go deleted file mode 100644 index 8e093de0a0..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/replicaset_expansion.go +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// ReplicaSetListerExpansion allows custom methods to be added to -// ReplicaSetLister. -type ReplicaSetListerExpansion interface { - GetPodReplicaSets(pod *v1.Pod) ([]*apps.ReplicaSet, error) -} - -// ReplicaSetNamespaceListerExpansion allows custom methods to be added to -// ReplicaSetNamespaceLister. -type ReplicaSetNamespaceListerExpansion interface{} - -// GetPodReplicaSets returns a list of ReplicaSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching ReplicaSets are found. -func (s *replicaSetLister) GetPodReplicaSets(pod *v1.Pod) ([]*apps.ReplicaSet, error) { - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no ReplicaSets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.ReplicaSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var rss []*apps.ReplicaSet - for _, rs := range list { - if rs.Namespace != pod.Namespace { - continue - } - selector, err := metav1.LabelSelectorAsSelector(rs.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a ReplicaSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - rss = append(rss, rs) - } - - if len(rss) == 0 { - return nil, fmt.Errorf("could not find ReplicaSet for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return rss, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/statefulset.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/statefulset.go deleted file mode 100644 index f6899d5ff9..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/statefulset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// StatefulSetLister helps list StatefulSets. -// All objects returned here must be treated as read-only. -type StatefulSetLister interface { - // List lists all StatefulSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.StatefulSet, err error) - // StatefulSets returns an object that can list and get StatefulSets. - StatefulSets(namespace string) StatefulSetNamespaceLister - StatefulSetListerExpansion -} - -// statefulSetLister implements the StatefulSetLister interface. -type statefulSetLister struct { - indexer cache.Indexer -} - -// NewStatefulSetLister returns a new StatefulSetLister. -func NewStatefulSetLister(indexer cache.Indexer) StatefulSetLister { - return &statefulSetLister{indexer: indexer} -} - -// List lists all StatefulSets in the indexer. -func (s *statefulSetLister) List(selector labels.Selector) (ret []*v1.StatefulSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.StatefulSet)) - }) - return ret, err -} - -// StatefulSets returns an object that can list and get StatefulSets. -func (s *statefulSetLister) StatefulSets(namespace string) StatefulSetNamespaceLister { - return statefulSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// StatefulSetNamespaceLister helps list and get StatefulSets. -// All objects returned here must be treated as read-only. -type StatefulSetNamespaceLister interface { - // List lists all StatefulSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.StatefulSet, err error) - // Get retrieves the StatefulSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.StatefulSet, error) - StatefulSetNamespaceListerExpansion -} - -// statefulSetNamespaceLister implements the StatefulSetNamespaceLister -// interface. -type statefulSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all StatefulSets in the indexer for a given namespace. -func (s statefulSetNamespaceLister) List(selector labels.Selector) (ret []*v1.StatefulSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.StatefulSet)) - }) - return ret, err -} - -// Get retrieves the StatefulSet from the indexer for a given namespace and name. -func (s statefulSetNamespaceLister) Get(name string) (*v1.StatefulSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("statefulset"), name) - } - return obj.(*v1.StatefulSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1/statefulset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1/statefulset_expansion.go deleted file mode 100644 index e79f8a2b46..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1/statefulset_expansion.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// StatefulSetListerExpansion allows custom methods to be added to -// StatefulSetLister. -type StatefulSetListerExpansion interface { - GetPodStatefulSets(pod *v1.Pod) ([]*apps.StatefulSet, error) -} - -// StatefulSetNamespaceListerExpansion allows custom methods to be added to -// StatefulSetNamespaceLister. -type StatefulSetNamespaceListerExpansion interface{} - -// GetPodStatefulSets returns a list of StatefulSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching StatefulSets are found. -func (s *statefulSetLister) GetPodStatefulSets(pod *v1.Pod) ([]*apps.StatefulSet, error) { - var selector labels.Selector - var ps *apps.StatefulSet - - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no StatefulSets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.StatefulSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var psList []*apps.StatefulSet - for i := range list { - ps = list[i] - if ps.Namespace != pod.Namespace { - continue - } - selector, err = metav1.LabelSelectorAsSelector(ps.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a StatefulSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - psList = append(psList, ps) - } - - if len(psList) == 0 { - return nil, fmt.Errorf("could not find StatefulSet for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return psList, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/controllerrevision.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/controllerrevision.go deleted file mode 100644 index fc73de723f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/controllerrevision.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/apps/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ControllerRevisionLister helps list ControllerRevisions. -// All objects returned here must be treated as read-only. -type ControllerRevisionLister interface { - // List lists all ControllerRevisions in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ControllerRevision, err error) - // ControllerRevisions returns an object that can list and get ControllerRevisions. - ControllerRevisions(namespace string) ControllerRevisionNamespaceLister - ControllerRevisionListerExpansion -} - -// controllerRevisionLister implements the ControllerRevisionLister interface. -type controllerRevisionLister struct { - indexer cache.Indexer -} - -// NewControllerRevisionLister returns a new ControllerRevisionLister. -func NewControllerRevisionLister(indexer cache.Indexer) ControllerRevisionLister { - return &controllerRevisionLister{indexer: indexer} -} - -// List lists all ControllerRevisions in the indexer. -func (s *controllerRevisionLister) List(selector labels.Selector) (ret []*v1beta1.ControllerRevision, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.ControllerRevision)) - }) - return ret, err -} - -// ControllerRevisions returns an object that can list and get ControllerRevisions. -func (s *controllerRevisionLister) ControllerRevisions(namespace string) ControllerRevisionNamespaceLister { - return controllerRevisionNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ControllerRevisionNamespaceLister helps list and get ControllerRevisions. -// All objects returned here must be treated as read-only. -type ControllerRevisionNamespaceLister interface { - // List lists all ControllerRevisions in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ControllerRevision, err error) - // Get retrieves the ControllerRevision from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.ControllerRevision, error) - ControllerRevisionNamespaceListerExpansion -} - -// controllerRevisionNamespaceLister implements the ControllerRevisionNamespaceLister -// interface. -type controllerRevisionNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ControllerRevisions in the indexer for a given namespace. -func (s controllerRevisionNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.ControllerRevision, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.ControllerRevision)) - }) - return ret, err -} - -// Get retrieves the ControllerRevision from the indexer for a given namespace and name. -func (s controllerRevisionNamespaceLister) Get(name string) (*v1beta1.ControllerRevision, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("controllerrevision"), name) - } - return obj.(*v1beta1.ControllerRevision), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/deployment.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/deployment.go deleted file mode 100644 index 3fb70794ca..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/deployment.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/apps/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// DeploymentLister helps list Deployments. -// All objects returned here must be treated as read-only. -type DeploymentLister interface { - // List lists all Deployments in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) - // Deployments returns an object that can list and get Deployments. - Deployments(namespace string) DeploymentNamespaceLister - DeploymentListerExpansion -} - -// deploymentLister implements the DeploymentLister interface. -type deploymentLister struct { - indexer cache.Indexer -} - -// NewDeploymentLister returns a new DeploymentLister. -func NewDeploymentLister(indexer cache.Indexer) DeploymentLister { - return &deploymentLister{indexer: indexer} -} - -// List lists all Deployments in the indexer. -func (s *deploymentLister) List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Deployment)) - }) - return ret, err -} - -// Deployments returns an object that can list and get Deployments. -func (s *deploymentLister) Deployments(namespace string) DeploymentNamespaceLister { - return deploymentNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// DeploymentNamespaceLister helps list and get Deployments. -// All objects returned here must be treated as read-only. -type DeploymentNamespaceLister interface { - // List lists all Deployments in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) - // Get retrieves the Deployment from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Deployment, error) - DeploymentNamespaceListerExpansion -} - -// deploymentNamespaceLister implements the DeploymentNamespaceLister -// interface. -type deploymentNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Deployments in the indexer for a given namespace. -func (s deploymentNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Deployment)) - }) - return ret, err -} - -// Get retrieves the Deployment from the indexer for a given namespace and name. -func (s deploymentNamespaceLister) Get(name string) (*v1beta1.Deployment, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("deployment"), name) - } - return obj.(*v1beta1.Deployment), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/expansion_generated.go deleted file mode 100644 index c73cf98c7a..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/expansion_generated.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// ControllerRevisionListerExpansion allows custom methods to be added to -// ControllerRevisionLister. -type ControllerRevisionListerExpansion interface{} - -// ControllerRevisionNamespaceListerExpansion allows custom methods to be added to -// ControllerRevisionNamespaceLister. -type ControllerRevisionNamespaceListerExpansion interface{} - -// DeploymentListerExpansion allows custom methods to be added to -// DeploymentLister. -type DeploymentListerExpansion interface{} - -// DeploymentNamespaceListerExpansion allows custom methods to be added to -// DeploymentNamespaceLister. -type DeploymentNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/statefulset.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/statefulset.go deleted file mode 100644 index e3556bc398..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/statefulset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/apps/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// StatefulSetLister helps list StatefulSets. -// All objects returned here must be treated as read-only. -type StatefulSetLister interface { - // List lists all StatefulSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.StatefulSet, err error) - // StatefulSets returns an object that can list and get StatefulSets. - StatefulSets(namespace string) StatefulSetNamespaceLister - StatefulSetListerExpansion -} - -// statefulSetLister implements the StatefulSetLister interface. -type statefulSetLister struct { - indexer cache.Indexer -} - -// NewStatefulSetLister returns a new StatefulSetLister. -func NewStatefulSetLister(indexer cache.Indexer) StatefulSetLister { - return &statefulSetLister{indexer: indexer} -} - -// List lists all StatefulSets in the indexer. -func (s *statefulSetLister) List(selector labels.Selector) (ret []*v1beta1.StatefulSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.StatefulSet)) - }) - return ret, err -} - -// StatefulSets returns an object that can list and get StatefulSets. -func (s *statefulSetLister) StatefulSets(namespace string) StatefulSetNamespaceLister { - return statefulSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// StatefulSetNamespaceLister helps list and get StatefulSets. -// All objects returned here must be treated as read-only. -type StatefulSetNamespaceLister interface { - // List lists all StatefulSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.StatefulSet, err error) - // Get retrieves the StatefulSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.StatefulSet, error) - StatefulSetNamespaceListerExpansion -} - -// statefulSetNamespaceLister implements the StatefulSetNamespaceLister -// interface. -type statefulSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all StatefulSets in the indexer for a given namespace. -func (s statefulSetNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.StatefulSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.StatefulSet)) - }) - return ret, err -} - -// Get retrieves the StatefulSet from the indexer for a given namespace and name. -func (s statefulSetNamespaceLister) Get(name string) (*v1beta1.StatefulSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("statefulset"), name) - } - return obj.(*v1beta1.StatefulSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/statefulset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/statefulset_expansion.go deleted file mode 100644 index 7d2c4d9b07..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta1/statefulset_expansion.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1beta1" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// StatefulSetListerExpansion allows custom methods to be added to -// StatefulSetLister. -type StatefulSetListerExpansion interface { - GetPodStatefulSets(pod *v1.Pod) ([]*apps.StatefulSet, error) -} - -// StatefulSetNamespaceListerExpansion allows custom methods to be added to -// StatefulSetNamespaceLister. -type StatefulSetNamespaceListerExpansion interface{} - -// GetPodStatefulSets returns a list of StatefulSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching StatefulSets are found. -func (s *statefulSetLister) GetPodStatefulSets(pod *v1.Pod) ([]*apps.StatefulSet, error) { - var selector labels.Selector - var ps *apps.StatefulSet - - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no StatefulSets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.StatefulSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var psList []*apps.StatefulSet - for i := range list { - ps = list[i] - if ps.Namespace != pod.Namespace { - continue - } - selector, err = metav1.LabelSelectorAsSelector(ps.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a StatefulSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - psList = append(psList, ps) - } - - if len(psList) == 0 { - return nil, fmt.Errorf("could not find StatefulSet for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return psList, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/controllerrevision.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/controllerrevision.go deleted file mode 100644 index da2ce86005..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/controllerrevision.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/apps/v1beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ControllerRevisionLister helps list ControllerRevisions. -// All objects returned here must be treated as read-only. -type ControllerRevisionLister interface { - // List lists all ControllerRevisions in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.ControllerRevision, err error) - // ControllerRevisions returns an object that can list and get ControllerRevisions. - ControllerRevisions(namespace string) ControllerRevisionNamespaceLister - ControllerRevisionListerExpansion -} - -// controllerRevisionLister implements the ControllerRevisionLister interface. -type controllerRevisionLister struct { - indexer cache.Indexer -} - -// NewControllerRevisionLister returns a new ControllerRevisionLister. -func NewControllerRevisionLister(indexer cache.Indexer) ControllerRevisionLister { - return &controllerRevisionLister{indexer: indexer} -} - -// List lists all ControllerRevisions in the indexer. -func (s *controllerRevisionLister) List(selector labels.Selector) (ret []*v1beta2.ControllerRevision, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.ControllerRevision)) - }) - return ret, err -} - -// ControllerRevisions returns an object that can list and get ControllerRevisions. -func (s *controllerRevisionLister) ControllerRevisions(namespace string) ControllerRevisionNamespaceLister { - return controllerRevisionNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ControllerRevisionNamespaceLister helps list and get ControllerRevisions. -// All objects returned here must be treated as read-only. -type ControllerRevisionNamespaceLister interface { - // List lists all ControllerRevisions in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.ControllerRevision, err error) - // Get retrieves the ControllerRevision from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.ControllerRevision, error) - ControllerRevisionNamespaceListerExpansion -} - -// controllerRevisionNamespaceLister implements the ControllerRevisionNamespaceLister -// interface. -type controllerRevisionNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ControllerRevisions in the indexer for a given namespace. -func (s controllerRevisionNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.ControllerRevision, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.ControllerRevision)) - }) - return ret, err -} - -// Get retrieves the ControllerRevision from the indexer for a given namespace and name. -func (s controllerRevisionNamespaceLister) Get(name string) (*v1beta2.ControllerRevision, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("controllerrevision"), name) - } - return obj.(*v1beta2.ControllerRevision), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/daemonset.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/daemonset.go deleted file mode 100644 index 4b7aedd758..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/daemonset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/apps/v1beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// DaemonSetLister helps list DaemonSets. -// All objects returned here must be treated as read-only. -type DaemonSetLister interface { - // List lists all DaemonSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.DaemonSet, err error) - // DaemonSets returns an object that can list and get DaemonSets. - DaemonSets(namespace string) DaemonSetNamespaceLister - DaemonSetListerExpansion -} - -// daemonSetLister implements the DaemonSetLister interface. -type daemonSetLister struct { - indexer cache.Indexer -} - -// NewDaemonSetLister returns a new DaemonSetLister. -func NewDaemonSetLister(indexer cache.Indexer) DaemonSetLister { - return &daemonSetLister{indexer: indexer} -} - -// List lists all DaemonSets in the indexer. -func (s *daemonSetLister) List(selector labels.Selector) (ret []*v1beta2.DaemonSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.DaemonSet)) - }) - return ret, err -} - -// DaemonSets returns an object that can list and get DaemonSets. -func (s *daemonSetLister) DaemonSets(namespace string) DaemonSetNamespaceLister { - return daemonSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// DaemonSetNamespaceLister helps list and get DaemonSets. -// All objects returned here must be treated as read-only. -type DaemonSetNamespaceLister interface { - // List lists all DaemonSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.DaemonSet, err error) - // Get retrieves the DaemonSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.DaemonSet, error) - DaemonSetNamespaceListerExpansion -} - -// daemonSetNamespaceLister implements the DaemonSetNamespaceLister -// interface. -type daemonSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all DaemonSets in the indexer for a given namespace. -func (s daemonSetNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.DaemonSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.DaemonSet)) - }) - return ret, err -} - -// Get retrieves the DaemonSet from the indexer for a given namespace and name. -func (s daemonSetNamespaceLister) Get(name string) (*v1beta2.DaemonSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("daemonset"), name) - } - return obj.(*v1beta2.DaemonSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/daemonset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/daemonset_expansion.go deleted file mode 100644 index e722b63b68..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/daemonset_expansion.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1beta2" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// DaemonSetListerExpansion allows custom methods to be added to -// DaemonSetLister. -type DaemonSetListerExpansion interface { - GetPodDaemonSets(pod *v1.Pod) ([]*apps.DaemonSet, error) - GetHistoryDaemonSets(history *apps.ControllerRevision) ([]*apps.DaemonSet, error) -} - -// DaemonSetNamespaceListerExpansion allows custom methods to be added to -// DaemonSetNamespaceLister. -type DaemonSetNamespaceListerExpansion interface{} - -// GetPodDaemonSets returns a list of DaemonSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching DaemonSets are found. -func (s *daemonSetLister) GetPodDaemonSets(pod *v1.Pod) ([]*apps.DaemonSet, error) { - var selector labels.Selector - var daemonSet *apps.DaemonSet - - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no daemon sets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.DaemonSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var daemonSets []*apps.DaemonSet - for i := range list { - daemonSet = list[i] - if daemonSet.Namespace != pod.Namespace { - continue - } - selector, err = metav1.LabelSelectorAsSelector(daemonSet.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a daemonSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - daemonSets = append(daemonSets, daemonSet) - } - - if len(daemonSets) == 0 { - return nil, fmt.Errorf("could not find daemon set for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return daemonSets, nil -} - -// GetHistoryDaemonSets returns a list of DaemonSets that potentially -// match a ControllerRevision. Only the one specified in the ControllerRevision's ControllerRef -// will actually manage it. -// Returns an error only if no matching DaemonSets are found. -func (s *daemonSetLister) GetHistoryDaemonSets(history *apps.ControllerRevision) ([]*apps.DaemonSet, error) { - if len(history.Labels) == 0 { - return nil, fmt.Errorf("no DaemonSet found for ControllerRevision %s because it has no labels", history.Name) - } - - list, err := s.DaemonSets(history.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var daemonSets []*apps.DaemonSet - for _, ds := range list { - selector, err := metav1.LabelSelectorAsSelector(ds.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the history object - continue - } - // If a DaemonSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(history.Labels)) { - continue - } - daemonSets = append(daemonSets, ds) - } - - if len(daemonSets) == 0 { - return nil, fmt.Errorf("could not find DaemonSets for ControllerRevision %s in namespace %s with labels: %v", history.Name, history.Namespace, history.Labels) - } - - return daemonSets, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/deployment.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/deployment.go deleted file mode 100644 index c2857bbc36..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/deployment.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/apps/v1beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// DeploymentLister helps list Deployments. -// All objects returned here must be treated as read-only. -type DeploymentLister interface { - // List lists all Deployments in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.Deployment, err error) - // Deployments returns an object that can list and get Deployments. - Deployments(namespace string) DeploymentNamespaceLister - DeploymentListerExpansion -} - -// deploymentLister implements the DeploymentLister interface. -type deploymentLister struct { - indexer cache.Indexer -} - -// NewDeploymentLister returns a new DeploymentLister. -func NewDeploymentLister(indexer cache.Indexer) DeploymentLister { - return &deploymentLister{indexer: indexer} -} - -// List lists all Deployments in the indexer. -func (s *deploymentLister) List(selector labels.Selector) (ret []*v1beta2.Deployment, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.Deployment)) - }) - return ret, err -} - -// Deployments returns an object that can list and get Deployments. -func (s *deploymentLister) Deployments(namespace string) DeploymentNamespaceLister { - return deploymentNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// DeploymentNamespaceLister helps list and get Deployments. -// All objects returned here must be treated as read-only. -type DeploymentNamespaceLister interface { - // List lists all Deployments in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.Deployment, err error) - // Get retrieves the Deployment from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.Deployment, error) - DeploymentNamespaceListerExpansion -} - -// deploymentNamespaceLister implements the DeploymentNamespaceLister -// interface. -type deploymentNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Deployments in the indexer for a given namespace. -func (s deploymentNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.Deployment, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.Deployment)) - }) - return ret, err -} - -// Get retrieves the Deployment from the indexer for a given namespace and name. -func (s deploymentNamespaceLister) Get(name string) (*v1beta2.Deployment, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("deployment"), name) - } - return obj.(*v1beta2.Deployment), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/expansion_generated.go deleted file mode 100644 index b6d202118e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/expansion_generated.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -// ControllerRevisionListerExpansion allows custom methods to be added to -// ControllerRevisionLister. -type ControllerRevisionListerExpansion interface{} - -// ControllerRevisionNamespaceListerExpansion allows custom methods to be added to -// ControllerRevisionNamespaceLister. -type ControllerRevisionNamespaceListerExpansion interface{} - -// DeploymentListerExpansion allows custom methods to be added to -// DeploymentLister. -type DeploymentListerExpansion interface{} - -// DeploymentNamespaceListerExpansion allows custom methods to be added to -// DeploymentNamespaceLister. -type DeploymentNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/replicaset.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/replicaset.go deleted file mode 100644 index 26b350ce8f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/replicaset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/apps/v1beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ReplicaSetLister helps list ReplicaSets. -// All objects returned here must be treated as read-only. -type ReplicaSetLister interface { - // List lists all ReplicaSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.ReplicaSet, err error) - // ReplicaSets returns an object that can list and get ReplicaSets. - ReplicaSets(namespace string) ReplicaSetNamespaceLister - ReplicaSetListerExpansion -} - -// replicaSetLister implements the ReplicaSetLister interface. -type replicaSetLister struct { - indexer cache.Indexer -} - -// NewReplicaSetLister returns a new ReplicaSetLister. -func NewReplicaSetLister(indexer cache.Indexer) ReplicaSetLister { - return &replicaSetLister{indexer: indexer} -} - -// List lists all ReplicaSets in the indexer. -func (s *replicaSetLister) List(selector labels.Selector) (ret []*v1beta2.ReplicaSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.ReplicaSet)) - }) - return ret, err -} - -// ReplicaSets returns an object that can list and get ReplicaSets. -func (s *replicaSetLister) ReplicaSets(namespace string) ReplicaSetNamespaceLister { - return replicaSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ReplicaSetNamespaceLister helps list and get ReplicaSets. -// All objects returned here must be treated as read-only. -type ReplicaSetNamespaceLister interface { - // List lists all ReplicaSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.ReplicaSet, err error) - // Get retrieves the ReplicaSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.ReplicaSet, error) - ReplicaSetNamespaceListerExpansion -} - -// replicaSetNamespaceLister implements the ReplicaSetNamespaceLister -// interface. -type replicaSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ReplicaSets in the indexer for a given namespace. -func (s replicaSetNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.ReplicaSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.ReplicaSet)) - }) - return ret, err -} - -// Get retrieves the ReplicaSet from the indexer for a given namespace and name. -func (s replicaSetNamespaceLister) Get(name string) (*v1beta2.ReplicaSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("replicaset"), name) - } - return obj.(*v1beta2.ReplicaSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/replicaset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/replicaset_expansion.go deleted file mode 100644 index bc014b5a69..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/replicaset_expansion.go +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1beta2" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// ReplicaSetListerExpansion allows custom methods to be added to -// ReplicaSetLister. -type ReplicaSetListerExpansion interface { - GetPodReplicaSets(pod *v1.Pod) ([]*apps.ReplicaSet, error) -} - -// ReplicaSetNamespaceListerExpansion allows custom methods to be added to -// ReplicaSetNamespaceLister. -type ReplicaSetNamespaceListerExpansion interface{} - -// GetPodReplicaSets returns a list of ReplicaSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching ReplicaSets are found. -func (s *replicaSetLister) GetPodReplicaSets(pod *v1.Pod) ([]*apps.ReplicaSet, error) { - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no ReplicaSets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.ReplicaSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var rss []*apps.ReplicaSet - for _, rs := range list { - if rs.Namespace != pod.Namespace { - continue - } - selector, err := metav1.LabelSelectorAsSelector(rs.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a ReplicaSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - rss = append(rss, rs) - } - - if len(rss) == 0 { - return nil, fmt.Errorf("could not find ReplicaSet for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return rss, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/statefulset.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/statefulset.go deleted file mode 100644 index fbbaf0133f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/statefulset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/apps/v1beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// StatefulSetLister helps list StatefulSets. -// All objects returned here must be treated as read-only. -type StatefulSetLister interface { - // List lists all StatefulSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.StatefulSet, err error) - // StatefulSets returns an object that can list and get StatefulSets. - StatefulSets(namespace string) StatefulSetNamespaceLister - StatefulSetListerExpansion -} - -// statefulSetLister implements the StatefulSetLister interface. -type statefulSetLister struct { - indexer cache.Indexer -} - -// NewStatefulSetLister returns a new StatefulSetLister. -func NewStatefulSetLister(indexer cache.Indexer) StatefulSetLister { - return &statefulSetLister{indexer: indexer} -} - -// List lists all StatefulSets in the indexer. -func (s *statefulSetLister) List(selector labels.Selector) (ret []*v1beta2.StatefulSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.StatefulSet)) - }) - return ret, err -} - -// StatefulSets returns an object that can list and get StatefulSets. -func (s *statefulSetLister) StatefulSets(namespace string) StatefulSetNamespaceLister { - return statefulSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// StatefulSetNamespaceLister helps list and get StatefulSets. -// All objects returned here must be treated as read-only. -type StatefulSetNamespaceLister interface { - // List lists all StatefulSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.StatefulSet, err error) - // Get retrieves the StatefulSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.StatefulSet, error) - StatefulSetNamespaceListerExpansion -} - -// statefulSetNamespaceLister implements the StatefulSetNamespaceLister -// interface. -type statefulSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all StatefulSets in the indexer for a given namespace. -func (s statefulSetNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.StatefulSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.StatefulSet)) - }) - return ret, err -} - -// Get retrieves the StatefulSet from the indexer for a given namespace and name. -func (s statefulSetNamespaceLister) Get(name string) (*v1beta2.StatefulSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("statefulset"), name) - } - return obj.(*v1beta2.StatefulSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/statefulset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/statefulset_expansion.go deleted file mode 100644 index eae31b82f8..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/apps/v1beta2/statefulset_expansion.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1beta2" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// StatefulSetListerExpansion allows custom methods to be added to -// StatefulSetLister. -type StatefulSetListerExpansion interface { - GetPodStatefulSets(pod *v1.Pod) ([]*apps.StatefulSet, error) -} - -// StatefulSetNamespaceListerExpansion allows custom methods to be added to -// StatefulSetNamespaceLister. -type StatefulSetNamespaceListerExpansion interface{} - -// GetPodStatefulSets returns a list of StatefulSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching StatefulSets are found. -func (s *statefulSetLister) GetPodStatefulSets(pod *v1.Pod) ([]*apps.StatefulSet, error) { - var selector labels.Selector - var ps *apps.StatefulSet - - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no StatefulSets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.StatefulSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var psList []*apps.StatefulSet - for i := range list { - ps = list[i] - if ps.Namespace != pod.Namespace { - continue - } - selector, err = metav1.LabelSelectorAsSelector(ps.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a StatefulSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - psList = append(psList, ps) - } - - if len(psList) == 0 { - return nil, fmt.Errorf("could not find StatefulSet for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return psList, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v1/expansion_generated.go deleted file mode 100644 index 05253c7703..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// HorizontalPodAutoscalerListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerLister. -type HorizontalPodAutoscalerListerExpansion interface{} - -// HorizontalPodAutoscalerNamespaceListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerNamespaceLister. -type HorizontalPodAutoscalerNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v1/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v1/horizontalpodautoscaler.go deleted file mode 100644 index 8447f059d4..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v1/horizontalpodautoscaler.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/autoscaling/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerLister helps list HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerLister interface { - // List lists all HorizontalPodAutoscalers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.HorizontalPodAutoscaler, err error) - // HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. - HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister - HorizontalPodAutoscalerListerExpansion -} - -// horizontalPodAutoscalerLister implements the HorizontalPodAutoscalerLister interface. -type horizontalPodAutoscalerLister struct { - indexer cache.Indexer -} - -// NewHorizontalPodAutoscalerLister returns a new HorizontalPodAutoscalerLister. -func NewHorizontalPodAutoscalerLister(indexer cache.Indexer) HorizontalPodAutoscalerLister { - return &horizontalPodAutoscalerLister{indexer: indexer} -} - -// List lists all HorizontalPodAutoscalers in the indexer. -func (s *horizontalPodAutoscalerLister) List(selector labels.Selector) (ret []*v1.HorizontalPodAutoscaler, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. -func (s *horizontalPodAutoscalerLister) HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister { - return horizontalPodAutoscalerNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// HorizontalPodAutoscalerNamespaceLister helps list and get HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerNamespaceLister interface { - // List lists all HorizontalPodAutoscalers in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.HorizontalPodAutoscaler, err error) - // Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.HorizontalPodAutoscaler, error) - HorizontalPodAutoscalerNamespaceListerExpansion -} - -// horizontalPodAutoscalerNamespaceLister implements the HorizontalPodAutoscalerNamespaceLister -// interface. -type horizontalPodAutoscalerNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all HorizontalPodAutoscalers in the indexer for a given namespace. -func (s horizontalPodAutoscalerNamespaceLister) List(selector labels.Selector) (ret []*v1.HorizontalPodAutoscaler, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. -func (s horizontalPodAutoscalerNamespaceLister) Get(name string) (*v1.HorizontalPodAutoscaler, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("horizontalpodautoscaler"), name) - } - return obj.(*v1.HorizontalPodAutoscaler), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2/expansion_generated.go deleted file mode 100644 index 97742b77b2..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v2 - -// HorizontalPodAutoscalerListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerLister. -type HorizontalPodAutoscalerListerExpansion interface{} - -// HorizontalPodAutoscalerNamespaceListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerNamespaceLister. -type HorizontalPodAutoscalerNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2/horizontalpodautoscaler.go deleted file mode 100644 index a5cef27725..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2/horizontalpodautoscaler.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v2 - -import ( - v2 "k8s.io/api/autoscaling/v2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerLister helps list HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerLister interface { - // List lists all HorizontalPodAutoscalers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v2.HorizontalPodAutoscaler, err error) - // HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. - HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister - HorizontalPodAutoscalerListerExpansion -} - -// horizontalPodAutoscalerLister implements the HorizontalPodAutoscalerLister interface. -type horizontalPodAutoscalerLister struct { - indexer cache.Indexer -} - -// NewHorizontalPodAutoscalerLister returns a new HorizontalPodAutoscalerLister. -func NewHorizontalPodAutoscalerLister(indexer cache.Indexer) HorizontalPodAutoscalerLister { - return &horizontalPodAutoscalerLister{indexer: indexer} -} - -// List lists all HorizontalPodAutoscalers in the indexer. -func (s *horizontalPodAutoscalerLister) List(selector labels.Selector) (ret []*v2.HorizontalPodAutoscaler, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v2.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. -func (s *horizontalPodAutoscalerLister) HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister { - return horizontalPodAutoscalerNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// HorizontalPodAutoscalerNamespaceLister helps list and get HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerNamespaceLister interface { - // List lists all HorizontalPodAutoscalers in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v2.HorizontalPodAutoscaler, err error) - // Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v2.HorizontalPodAutoscaler, error) - HorizontalPodAutoscalerNamespaceListerExpansion -} - -// horizontalPodAutoscalerNamespaceLister implements the HorizontalPodAutoscalerNamespaceLister -// interface. -type horizontalPodAutoscalerNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all HorizontalPodAutoscalers in the indexer for a given namespace. -func (s horizontalPodAutoscalerNamespaceLister) List(selector labels.Selector) (ret []*v2.HorizontalPodAutoscaler, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v2.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. -func (s horizontalPodAutoscalerNamespaceLister) Get(name string) (*v2.HorizontalPodAutoscaler, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v2.Resource("horizontalpodautoscaler"), name) - } - return obj.(*v2.HorizontalPodAutoscaler), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta1/expansion_generated.go deleted file mode 100644 index 8d46a4b6e3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v2beta1 - -// HorizontalPodAutoscalerListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerLister. -type HorizontalPodAutoscalerListerExpansion interface{} - -// HorizontalPodAutoscalerNamespaceListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerNamespaceLister. -type HorizontalPodAutoscalerNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta1/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta1/horizontalpodautoscaler.go deleted file mode 100644 index f1804e995b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta1/horizontalpodautoscaler.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v2beta1 - -import ( - v2beta1 "k8s.io/api/autoscaling/v2beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerLister helps list HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerLister interface { - // List lists all HorizontalPodAutoscalers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v2beta1.HorizontalPodAutoscaler, err error) - // HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. - HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister - HorizontalPodAutoscalerListerExpansion -} - -// horizontalPodAutoscalerLister implements the HorizontalPodAutoscalerLister interface. -type horizontalPodAutoscalerLister struct { - indexer cache.Indexer -} - -// NewHorizontalPodAutoscalerLister returns a new HorizontalPodAutoscalerLister. -func NewHorizontalPodAutoscalerLister(indexer cache.Indexer) HorizontalPodAutoscalerLister { - return &horizontalPodAutoscalerLister{indexer: indexer} -} - -// List lists all HorizontalPodAutoscalers in the indexer. -func (s *horizontalPodAutoscalerLister) List(selector labels.Selector) (ret []*v2beta1.HorizontalPodAutoscaler, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v2beta1.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. -func (s *horizontalPodAutoscalerLister) HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister { - return horizontalPodAutoscalerNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// HorizontalPodAutoscalerNamespaceLister helps list and get HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerNamespaceLister interface { - // List lists all HorizontalPodAutoscalers in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v2beta1.HorizontalPodAutoscaler, err error) - // Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v2beta1.HorizontalPodAutoscaler, error) - HorizontalPodAutoscalerNamespaceListerExpansion -} - -// horizontalPodAutoscalerNamespaceLister implements the HorizontalPodAutoscalerNamespaceLister -// interface. -type horizontalPodAutoscalerNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all HorizontalPodAutoscalers in the indexer for a given namespace. -func (s horizontalPodAutoscalerNamespaceLister) List(selector labels.Selector) (ret []*v2beta1.HorizontalPodAutoscaler, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v2beta1.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. -func (s horizontalPodAutoscalerNamespaceLister) Get(name string) (*v2beta1.HorizontalPodAutoscaler, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v2beta1.Resource("horizontalpodautoscaler"), name) - } - return obj.(*v2beta1.HorizontalPodAutoscaler), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta2/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta2/expansion_generated.go deleted file mode 100644 index 5127945a9c..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta2/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v2beta2 - -// HorizontalPodAutoscalerListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerLister. -type HorizontalPodAutoscalerListerExpansion interface{} - -// HorizontalPodAutoscalerNamespaceListerExpansion allows custom methods to be added to -// HorizontalPodAutoscalerNamespaceLister. -type HorizontalPodAutoscalerNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta2/horizontalpodautoscaler.go b/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta2/horizontalpodautoscaler.go deleted file mode 100644 index b0dbaf9eb0..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/autoscaling/v2beta2/horizontalpodautoscaler.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v2beta2 - -import ( - v2beta2 "k8s.io/api/autoscaling/v2beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// HorizontalPodAutoscalerLister helps list HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerLister interface { - // List lists all HorizontalPodAutoscalers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v2beta2.HorizontalPodAutoscaler, err error) - // HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. - HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister - HorizontalPodAutoscalerListerExpansion -} - -// horizontalPodAutoscalerLister implements the HorizontalPodAutoscalerLister interface. -type horizontalPodAutoscalerLister struct { - indexer cache.Indexer -} - -// NewHorizontalPodAutoscalerLister returns a new HorizontalPodAutoscalerLister. -func NewHorizontalPodAutoscalerLister(indexer cache.Indexer) HorizontalPodAutoscalerLister { - return &horizontalPodAutoscalerLister{indexer: indexer} -} - -// List lists all HorizontalPodAutoscalers in the indexer. -func (s *horizontalPodAutoscalerLister) List(selector labels.Selector) (ret []*v2beta2.HorizontalPodAutoscaler, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v2beta2.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// HorizontalPodAutoscalers returns an object that can list and get HorizontalPodAutoscalers. -func (s *horizontalPodAutoscalerLister) HorizontalPodAutoscalers(namespace string) HorizontalPodAutoscalerNamespaceLister { - return horizontalPodAutoscalerNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// HorizontalPodAutoscalerNamespaceLister helps list and get HorizontalPodAutoscalers. -// All objects returned here must be treated as read-only. -type HorizontalPodAutoscalerNamespaceLister interface { - // List lists all HorizontalPodAutoscalers in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v2beta2.HorizontalPodAutoscaler, err error) - // Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v2beta2.HorizontalPodAutoscaler, error) - HorizontalPodAutoscalerNamespaceListerExpansion -} - -// horizontalPodAutoscalerNamespaceLister implements the HorizontalPodAutoscalerNamespaceLister -// interface. -type horizontalPodAutoscalerNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all HorizontalPodAutoscalers in the indexer for a given namespace. -func (s horizontalPodAutoscalerNamespaceLister) List(selector labels.Selector) (ret []*v2beta2.HorizontalPodAutoscaler, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v2beta2.HorizontalPodAutoscaler)) - }) - return ret, err -} - -// Get retrieves the HorizontalPodAutoscaler from the indexer for a given namespace and name. -func (s horizontalPodAutoscalerNamespaceLister) Get(name string) (*v2beta2.HorizontalPodAutoscaler, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v2beta2.Resource("horizontalpodautoscaler"), name) - } - return obj.(*v2beta2.HorizontalPodAutoscaler), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/batch/v1/cronjob.go b/etcd/vendor/k8s.io/client-go/listers/batch/v1/cronjob.go deleted file mode 100644 index 8e49ed959f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/batch/v1/cronjob.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/batch/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CronJobLister helps list CronJobs. -// All objects returned here must be treated as read-only. -type CronJobLister interface { - // List lists all CronJobs in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CronJob, err error) - // CronJobs returns an object that can list and get CronJobs. - CronJobs(namespace string) CronJobNamespaceLister - CronJobListerExpansion -} - -// cronJobLister implements the CronJobLister interface. -type cronJobLister struct { - indexer cache.Indexer -} - -// NewCronJobLister returns a new CronJobLister. -func NewCronJobLister(indexer cache.Indexer) CronJobLister { - return &cronJobLister{indexer: indexer} -} - -// List lists all CronJobs in the indexer. -func (s *cronJobLister) List(selector labels.Selector) (ret []*v1.CronJob, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.CronJob)) - }) - return ret, err -} - -// CronJobs returns an object that can list and get CronJobs. -func (s *cronJobLister) CronJobs(namespace string) CronJobNamespaceLister { - return cronJobNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CronJobNamespaceLister helps list and get CronJobs. -// All objects returned here must be treated as read-only. -type CronJobNamespaceLister interface { - // List lists all CronJobs in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CronJob, err error) - // Get retrieves the CronJob from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.CronJob, error) - CronJobNamespaceListerExpansion -} - -// cronJobNamespaceLister implements the CronJobNamespaceLister -// interface. -type cronJobNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CronJobs in the indexer for a given namespace. -func (s cronJobNamespaceLister) List(selector labels.Selector) (ret []*v1.CronJob, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.CronJob)) - }) - return ret, err -} - -// Get retrieves the CronJob from the indexer for a given namespace and name. -func (s cronJobNamespaceLister) Get(name string) (*v1.CronJob, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("cronjob"), name) - } - return obj.(*v1.CronJob), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/batch/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/batch/v1/expansion_generated.go deleted file mode 100644 index 2209762790..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/batch/v1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// CronJobListerExpansion allows custom methods to be added to -// CronJobLister. -type CronJobListerExpansion interface{} - -// CronJobNamespaceListerExpansion allows custom methods to be added to -// CronJobNamespaceLister. -type CronJobNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/batch/v1/job.go b/etcd/vendor/k8s.io/client-go/listers/batch/v1/job.go deleted file mode 100644 index 3aba6b95fa..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/batch/v1/job.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/batch/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// JobLister helps list Jobs. -// All objects returned here must be treated as read-only. -type JobLister interface { - // List lists all Jobs in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Job, err error) - // Jobs returns an object that can list and get Jobs. - Jobs(namespace string) JobNamespaceLister - JobListerExpansion -} - -// jobLister implements the JobLister interface. -type jobLister struct { - indexer cache.Indexer -} - -// NewJobLister returns a new JobLister. -func NewJobLister(indexer cache.Indexer) JobLister { - return &jobLister{indexer: indexer} -} - -// List lists all Jobs in the indexer. -func (s *jobLister) List(selector labels.Selector) (ret []*v1.Job, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Job)) - }) - return ret, err -} - -// Jobs returns an object that can list and get Jobs. -func (s *jobLister) Jobs(namespace string) JobNamespaceLister { - return jobNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// JobNamespaceLister helps list and get Jobs. -// All objects returned here must be treated as read-only. -type JobNamespaceLister interface { - // List lists all Jobs in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Job, err error) - // Get retrieves the Job from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Job, error) - JobNamespaceListerExpansion -} - -// jobNamespaceLister implements the JobNamespaceLister -// interface. -type jobNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Jobs in the indexer for a given namespace. -func (s jobNamespaceLister) List(selector labels.Selector) (ret []*v1.Job, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Job)) - }) - return ret, err -} - -// Get retrieves the Job from the indexer for a given namespace and name. -func (s jobNamespaceLister) Get(name string) (*v1.Job, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("job"), name) - } - return obj.(*v1.Job), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/batch/v1/job_expansion.go b/etcd/vendor/k8s.io/client-go/listers/batch/v1/job_expansion.go deleted file mode 100644 index 8dc5db7885..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/batch/v1/job_expansion.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - batch "k8s.io/api/batch/v1" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// JobListerExpansion allows custom methods to be added to -// JobLister. -type JobListerExpansion interface { - // GetPodJobs returns a list of Jobs that potentially - // match a Pod. Only the one specified in the Pod's ControllerRef - // will actually manage it. - // Returns an error only if no matching Jobs are found. - GetPodJobs(pod *v1.Pod) (jobs []batch.Job, err error) -} - -// GetPodJobs returns a list of Jobs that potentially -// match a Pod. Only the one specified in the Pod's ControllerRef -// will actually manage it. -// Returns an error only if no matching Jobs are found. -func (l *jobLister) GetPodJobs(pod *v1.Pod) (jobs []batch.Job, err error) { - if len(pod.Labels) == 0 { - err = fmt.Errorf("no jobs found for pod %v because it has no labels", pod.Name) - return - } - - var list []*batch.Job - list, err = l.Jobs(pod.Namespace).List(labels.Everything()) - if err != nil { - return - } - for _, job := range list { - selector, err := metav1.LabelSelectorAsSelector(job.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - if !selector.Matches(labels.Set(pod.Labels)) { - continue - } - jobs = append(jobs, *job) - } - if len(jobs) == 0 { - err = fmt.Errorf("could not find jobs for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - return -} - -// JobNamespaceListerExpansion allows custom methods to be added to -// JobNamespaceLister. -type JobNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/batch/v1beta1/cronjob.go b/etcd/vendor/k8s.io/client-go/listers/batch/v1beta1/cronjob.go deleted file mode 100644 index 4842d5e5a1..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/batch/v1beta1/cronjob.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/batch/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CronJobLister helps list CronJobs. -// All objects returned here must be treated as read-only. -type CronJobLister interface { - // List lists all CronJobs in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.CronJob, err error) - // CronJobs returns an object that can list and get CronJobs. - CronJobs(namespace string) CronJobNamespaceLister - CronJobListerExpansion -} - -// cronJobLister implements the CronJobLister interface. -type cronJobLister struct { - indexer cache.Indexer -} - -// NewCronJobLister returns a new CronJobLister. -func NewCronJobLister(indexer cache.Indexer) CronJobLister { - return &cronJobLister{indexer: indexer} -} - -// List lists all CronJobs in the indexer. -func (s *cronJobLister) List(selector labels.Selector) (ret []*v1beta1.CronJob, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CronJob)) - }) - return ret, err -} - -// CronJobs returns an object that can list and get CronJobs. -func (s *cronJobLister) CronJobs(namespace string) CronJobNamespaceLister { - return cronJobNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CronJobNamespaceLister helps list and get CronJobs. -// All objects returned here must be treated as read-only. -type CronJobNamespaceLister interface { - // List lists all CronJobs in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.CronJob, err error) - // Get retrieves the CronJob from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.CronJob, error) - CronJobNamespaceListerExpansion -} - -// cronJobNamespaceLister implements the CronJobNamespaceLister -// interface. -type cronJobNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CronJobs in the indexer for a given namespace. -func (s cronJobNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.CronJob, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CronJob)) - }) - return ret, err -} - -// Get retrieves the CronJob from the indexer for a given namespace and name. -func (s cronJobNamespaceLister) Get(name string) (*v1beta1.CronJob, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("cronjob"), name) - } - return obj.(*v1beta1.CronJob), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/batch/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/batch/v1beta1/expansion_generated.go deleted file mode 100644 index be2742ef61..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/batch/v1beta1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// CronJobListerExpansion allows custom methods to be added to -// CronJobLister. -type CronJobListerExpansion interface{} - -// CronJobNamespaceListerExpansion allows custom methods to be added to -// CronJobNamespaceLister. -type CronJobNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/certificates/v1/certificatesigningrequest.go b/etcd/vendor/k8s.io/client-go/listers/certificates/v1/certificatesigningrequest.go deleted file mode 100644 index 0d04e118db..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/certificates/v1/certificatesigningrequest.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/certificates/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CertificateSigningRequestLister helps list CertificateSigningRequests. -// All objects returned here must be treated as read-only. -type CertificateSigningRequestLister interface { - // List lists all CertificateSigningRequests in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CertificateSigningRequest, err error) - // Get retrieves the CertificateSigningRequest from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.CertificateSigningRequest, error) - CertificateSigningRequestListerExpansion -} - -// certificateSigningRequestLister implements the CertificateSigningRequestLister interface. -type certificateSigningRequestLister struct { - indexer cache.Indexer -} - -// NewCertificateSigningRequestLister returns a new CertificateSigningRequestLister. -func NewCertificateSigningRequestLister(indexer cache.Indexer) CertificateSigningRequestLister { - return &certificateSigningRequestLister{indexer: indexer} -} - -// List lists all CertificateSigningRequests in the indexer. -func (s *certificateSigningRequestLister) List(selector labels.Selector) (ret []*v1.CertificateSigningRequest, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.CertificateSigningRequest)) - }) - return ret, err -} - -// Get retrieves the CertificateSigningRequest from the index for a given name. -func (s *certificateSigningRequestLister) Get(name string) (*v1.CertificateSigningRequest, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("certificatesigningrequest"), name) - } - return obj.(*v1.CertificateSigningRequest), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/certificates/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/certificates/v1/expansion_generated.go deleted file mode 100644 index 616a1f1a09..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/certificates/v1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// CertificateSigningRequestListerExpansion allows custom methods to be added to -// CertificateSigningRequestLister. -type CertificateSigningRequestListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/certificates/v1beta1/certificatesigningrequest.go b/etcd/vendor/k8s.io/client-go/listers/certificates/v1beta1/certificatesigningrequest.go deleted file mode 100644 index 471b5629b3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/certificates/v1beta1/certificatesigningrequest.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/certificates/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CertificateSigningRequestLister helps list CertificateSigningRequests. -// All objects returned here must be treated as read-only. -type CertificateSigningRequestLister interface { - // List lists all CertificateSigningRequests in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.CertificateSigningRequest, err error) - // Get retrieves the CertificateSigningRequest from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.CertificateSigningRequest, error) - CertificateSigningRequestListerExpansion -} - -// certificateSigningRequestLister implements the CertificateSigningRequestLister interface. -type certificateSigningRequestLister struct { - indexer cache.Indexer -} - -// NewCertificateSigningRequestLister returns a new CertificateSigningRequestLister. -func NewCertificateSigningRequestLister(indexer cache.Indexer) CertificateSigningRequestLister { - return &certificateSigningRequestLister{indexer: indexer} -} - -// List lists all CertificateSigningRequests in the indexer. -func (s *certificateSigningRequestLister) List(selector labels.Selector) (ret []*v1beta1.CertificateSigningRequest, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CertificateSigningRequest)) - }) - return ret, err -} - -// Get retrieves the CertificateSigningRequest from the index for a given name. -func (s *certificateSigningRequestLister) Get(name string) (*v1beta1.CertificateSigningRequest, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("certificatesigningrequest"), name) - } - return obj.(*v1beta1.CertificateSigningRequest), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/certificates/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/certificates/v1beta1/expansion_generated.go deleted file mode 100644 index 68f993cd6e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/certificates/v1beta1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// CertificateSigningRequestListerExpansion allows custom methods to be added to -// CertificateSigningRequestLister. -type CertificateSigningRequestListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/coordination/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/coordination/v1/expansion_generated.go deleted file mode 100644 index ddc494f1c3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/coordination/v1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// LeaseListerExpansion allows custom methods to be added to -// LeaseLister. -type LeaseListerExpansion interface{} - -// LeaseNamespaceListerExpansion allows custom methods to be added to -// LeaseNamespaceLister. -type LeaseNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/coordination/v1/lease.go b/etcd/vendor/k8s.io/client-go/listers/coordination/v1/lease.go deleted file mode 100644 index de366d0e11..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/coordination/v1/lease.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/coordination/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// LeaseLister helps list Leases. -// All objects returned here must be treated as read-only. -type LeaseLister interface { - // List lists all Leases in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Lease, err error) - // Leases returns an object that can list and get Leases. - Leases(namespace string) LeaseNamespaceLister - LeaseListerExpansion -} - -// leaseLister implements the LeaseLister interface. -type leaseLister struct { - indexer cache.Indexer -} - -// NewLeaseLister returns a new LeaseLister. -func NewLeaseLister(indexer cache.Indexer) LeaseLister { - return &leaseLister{indexer: indexer} -} - -// List lists all Leases in the indexer. -func (s *leaseLister) List(selector labels.Selector) (ret []*v1.Lease, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Lease)) - }) - return ret, err -} - -// Leases returns an object that can list and get Leases. -func (s *leaseLister) Leases(namespace string) LeaseNamespaceLister { - return leaseNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// LeaseNamespaceLister helps list and get Leases. -// All objects returned here must be treated as read-only. -type LeaseNamespaceLister interface { - // List lists all Leases in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Lease, err error) - // Get retrieves the Lease from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Lease, error) - LeaseNamespaceListerExpansion -} - -// leaseNamespaceLister implements the LeaseNamespaceLister -// interface. -type leaseNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Leases in the indexer for a given namespace. -func (s leaseNamespaceLister) List(selector labels.Selector) (ret []*v1.Lease, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Lease)) - }) - return ret, err -} - -// Get retrieves the Lease from the indexer for a given namespace and name. -func (s leaseNamespaceLister) Get(name string) (*v1.Lease, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("lease"), name) - } - return obj.(*v1.Lease), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/coordination/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/coordination/v1beta1/expansion_generated.go deleted file mode 100644 index dddc53107b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/coordination/v1beta1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// LeaseListerExpansion allows custom methods to be added to -// LeaseLister. -type LeaseListerExpansion interface{} - -// LeaseNamespaceListerExpansion allows custom methods to be added to -// LeaseNamespaceLister. -type LeaseNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/coordination/v1beta1/lease.go b/etcd/vendor/k8s.io/client-go/listers/coordination/v1beta1/lease.go deleted file mode 100644 index 8dfdc1e9bc..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/coordination/v1beta1/lease.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/coordination/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// LeaseLister helps list Leases. -// All objects returned here must be treated as read-only. -type LeaseLister interface { - // List lists all Leases in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Lease, err error) - // Leases returns an object that can list and get Leases. - Leases(namespace string) LeaseNamespaceLister - LeaseListerExpansion -} - -// leaseLister implements the LeaseLister interface. -type leaseLister struct { - indexer cache.Indexer -} - -// NewLeaseLister returns a new LeaseLister. -func NewLeaseLister(indexer cache.Indexer) LeaseLister { - return &leaseLister{indexer: indexer} -} - -// List lists all Leases in the indexer. -func (s *leaseLister) List(selector labels.Selector) (ret []*v1beta1.Lease, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Lease)) - }) - return ret, err -} - -// Leases returns an object that can list and get Leases. -func (s *leaseLister) Leases(namespace string) LeaseNamespaceLister { - return leaseNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// LeaseNamespaceLister helps list and get Leases. -// All objects returned here must be treated as read-only. -type LeaseNamespaceLister interface { - // List lists all Leases in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Lease, err error) - // Get retrieves the Lease from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Lease, error) - LeaseNamespaceListerExpansion -} - -// leaseNamespaceLister implements the LeaseNamespaceLister -// interface. -type leaseNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Leases in the indexer for a given namespace. -func (s leaseNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Lease, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Lease)) - }) - return ret, err -} - -// Get retrieves the Lease from the indexer for a given namespace and name. -func (s leaseNamespaceLister) Get(name string) (*v1beta1.Lease, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("lease"), name) - } - return obj.(*v1beta1.Lease), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/componentstatus.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/componentstatus.go deleted file mode 100644 index 5fcdac3c76..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/componentstatus.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ComponentStatusLister helps list ComponentStatuses. -// All objects returned here must be treated as read-only. -type ComponentStatusLister interface { - // List lists all ComponentStatuses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ComponentStatus, err error) - // Get retrieves the ComponentStatus from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ComponentStatus, error) - ComponentStatusListerExpansion -} - -// componentStatusLister implements the ComponentStatusLister interface. -type componentStatusLister struct { - indexer cache.Indexer -} - -// NewComponentStatusLister returns a new ComponentStatusLister. -func NewComponentStatusLister(indexer cache.Indexer) ComponentStatusLister { - return &componentStatusLister{indexer: indexer} -} - -// List lists all ComponentStatuses in the indexer. -func (s *componentStatusLister) List(selector labels.Selector) (ret []*v1.ComponentStatus, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ComponentStatus)) - }) - return ret, err -} - -// Get retrieves the ComponentStatus from the index for a given name. -func (s *componentStatusLister) Get(name string) (*v1.ComponentStatus, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("componentstatus"), name) - } - return obj.(*v1.ComponentStatus), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/configmap.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/configmap.go deleted file mode 100644 index 6a410e47c4..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/configmap.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ConfigMapLister helps list ConfigMaps. -// All objects returned here must be treated as read-only. -type ConfigMapLister interface { - // List lists all ConfigMaps in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ConfigMap, err error) - // ConfigMaps returns an object that can list and get ConfigMaps. - ConfigMaps(namespace string) ConfigMapNamespaceLister - ConfigMapListerExpansion -} - -// configMapLister implements the ConfigMapLister interface. -type configMapLister struct { - indexer cache.Indexer -} - -// NewConfigMapLister returns a new ConfigMapLister. -func NewConfigMapLister(indexer cache.Indexer) ConfigMapLister { - return &configMapLister{indexer: indexer} -} - -// List lists all ConfigMaps in the indexer. -func (s *configMapLister) List(selector labels.Selector) (ret []*v1.ConfigMap, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ConfigMap)) - }) - return ret, err -} - -// ConfigMaps returns an object that can list and get ConfigMaps. -func (s *configMapLister) ConfigMaps(namespace string) ConfigMapNamespaceLister { - return configMapNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ConfigMapNamespaceLister helps list and get ConfigMaps. -// All objects returned here must be treated as read-only. -type ConfigMapNamespaceLister interface { - // List lists all ConfigMaps in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ConfigMap, err error) - // Get retrieves the ConfigMap from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ConfigMap, error) - ConfigMapNamespaceListerExpansion -} - -// configMapNamespaceLister implements the ConfigMapNamespaceLister -// interface. -type configMapNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ConfigMaps in the indexer for a given namespace. -func (s configMapNamespaceLister) List(selector labels.Selector) (ret []*v1.ConfigMap, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ConfigMap)) - }) - return ret, err -} - -// Get retrieves the ConfigMap from the indexer for a given namespace and name. -func (s configMapNamespaceLister) Get(name string) (*v1.ConfigMap, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("configmap"), name) - } - return obj.(*v1.ConfigMap), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/endpoints.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/endpoints.go deleted file mode 100644 index 4759ce808f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/endpoints.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EndpointsLister helps list Endpoints. -// All objects returned here must be treated as read-only. -type EndpointsLister interface { - // List lists all Endpoints in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Endpoints, err error) - // Endpoints returns an object that can list and get Endpoints. - Endpoints(namespace string) EndpointsNamespaceLister - EndpointsListerExpansion -} - -// endpointsLister implements the EndpointsLister interface. -type endpointsLister struct { - indexer cache.Indexer -} - -// NewEndpointsLister returns a new EndpointsLister. -func NewEndpointsLister(indexer cache.Indexer) EndpointsLister { - return &endpointsLister{indexer: indexer} -} - -// List lists all Endpoints in the indexer. -func (s *endpointsLister) List(selector labels.Selector) (ret []*v1.Endpoints, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Endpoints)) - }) - return ret, err -} - -// Endpoints returns an object that can list and get Endpoints. -func (s *endpointsLister) Endpoints(namespace string) EndpointsNamespaceLister { - return endpointsNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EndpointsNamespaceLister helps list and get Endpoints. -// All objects returned here must be treated as read-only. -type EndpointsNamespaceLister interface { - // List lists all Endpoints in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Endpoints, err error) - // Get retrieves the Endpoints from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Endpoints, error) - EndpointsNamespaceListerExpansion -} - -// endpointsNamespaceLister implements the EndpointsNamespaceLister -// interface. -type endpointsNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Endpoints in the indexer for a given namespace. -func (s endpointsNamespaceLister) List(selector labels.Selector) (ret []*v1.Endpoints, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Endpoints)) - }) - return ret, err -} - -// Get retrieves the Endpoints from the indexer for a given namespace and name. -func (s endpointsNamespaceLister) Get(name string) (*v1.Endpoints, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("endpoints"), name) - } - return obj.(*v1.Endpoints), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/event.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/event.go deleted file mode 100644 index 4416e20120..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/event.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EventLister helps list Events. -// All objects returned here must be treated as read-only. -type EventLister interface { - // List lists all Events in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Event, err error) - // Events returns an object that can list and get Events. - Events(namespace string) EventNamespaceLister - EventListerExpansion -} - -// eventLister implements the EventLister interface. -type eventLister struct { - indexer cache.Indexer -} - -// NewEventLister returns a new EventLister. -func NewEventLister(indexer cache.Indexer) EventLister { - return &eventLister{indexer: indexer} -} - -// List lists all Events in the indexer. -func (s *eventLister) List(selector labels.Selector) (ret []*v1.Event, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Event)) - }) - return ret, err -} - -// Events returns an object that can list and get Events. -func (s *eventLister) Events(namespace string) EventNamespaceLister { - return eventNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EventNamespaceLister helps list and get Events. -// All objects returned here must be treated as read-only. -type EventNamespaceLister interface { - // List lists all Events in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Event, err error) - // Get retrieves the Event from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Event, error) - EventNamespaceListerExpansion -} - -// eventNamespaceLister implements the EventNamespaceLister -// interface. -type eventNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Events in the indexer for a given namespace. -func (s eventNamespaceLister) List(selector labels.Selector) (ret []*v1.Event, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Event)) - }) - return ret, err -} - -// Get retrieves the Event from the indexer for a given namespace and name. -func (s eventNamespaceLister) Get(name string) (*v1.Event, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("event"), name) - } - return obj.(*v1.Event), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/expansion_generated.go deleted file mode 100644 index 2168a7f483..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/expansion_generated.go +++ /dev/null @@ -1,123 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// ComponentStatusListerExpansion allows custom methods to be added to -// ComponentStatusLister. -type ComponentStatusListerExpansion interface{} - -// ConfigMapListerExpansion allows custom methods to be added to -// ConfigMapLister. -type ConfigMapListerExpansion interface{} - -// ConfigMapNamespaceListerExpansion allows custom methods to be added to -// ConfigMapNamespaceLister. -type ConfigMapNamespaceListerExpansion interface{} - -// EndpointsListerExpansion allows custom methods to be added to -// EndpointsLister. -type EndpointsListerExpansion interface{} - -// EndpointsNamespaceListerExpansion allows custom methods to be added to -// EndpointsNamespaceLister. -type EndpointsNamespaceListerExpansion interface{} - -// EventListerExpansion allows custom methods to be added to -// EventLister. -type EventListerExpansion interface{} - -// EventNamespaceListerExpansion allows custom methods to be added to -// EventNamespaceLister. -type EventNamespaceListerExpansion interface{} - -// LimitRangeListerExpansion allows custom methods to be added to -// LimitRangeLister. -type LimitRangeListerExpansion interface{} - -// LimitRangeNamespaceListerExpansion allows custom methods to be added to -// LimitRangeNamespaceLister. -type LimitRangeNamespaceListerExpansion interface{} - -// NamespaceListerExpansion allows custom methods to be added to -// NamespaceLister. -type NamespaceListerExpansion interface{} - -// NodeListerExpansion allows custom methods to be added to -// NodeLister. -type NodeListerExpansion interface{} - -// PersistentVolumeListerExpansion allows custom methods to be added to -// PersistentVolumeLister. -type PersistentVolumeListerExpansion interface{} - -// PersistentVolumeClaimListerExpansion allows custom methods to be added to -// PersistentVolumeClaimLister. -type PersistentVolumeClaimListerExpansion interface{} - -// PersistentVolumeClaimNamespaceListerExpansion allows custom methods to be added to -// PersistentVolumeClaimNamespaceLister. -type PersistentVolumeClaimNamespaceListerExpansion interface{} - -// PodListerExpansion allows custom methods to be added to -// PodLister. -type PodListerExpansion interface{} - -// PodNamespaceListerExpansion allows custom methods to be added to -// PodNamespaceLister. -type PodNamespaceListerExpansion interface{} - -// PodTemplateListerExpansion allows custom methods to be added to -// PodTemplateLister. -type PodTemplateListerExpansion interface{} - -// PodTemplateNamespaceListerExpansion allows custom methods to be added to -// PodTemplateNamespaceLister. -type PodTemplateNamespaceListerExpansion interface{} - -// ResourceQuotaListerExpansion allows custom methods to be added to -// ResourceQuotaLister. -type ResourceQuotaListerExpansion interface{} - -// ResourceQuotaNamespaceListerExpansion allows custom methods to be added to -// ResourceQuotaNamespaceLister. -type ResourceQuotaNamespaceListerExpansion interface{} - -// SecretListerExpansion allows custom methods to be added to -// SecretLister. -type SecretListerExpansion interface{} - -// SecretNamespaceListerExpansion allows custom methods to be added to -// SecretNamespaceLister. -type SecretNamespaceListerExpansion interface{} - -// ServiceListerExpansion allows custom methods to be added to -// ServiceLister. -type ServiceListerExpansion interface{} - -// ServiceNamespaceListerExpansion allows custom methods to be added to -// ServiceNamespaceLister. -type ServiceNamespaceListerExpansion interface{} - -// ServiceAccountListerExpansion allows custom methods to be added to -// ServiceAccountLister. -type ServiceAccountListerExpansion interface{} - -// ServiceAccountNamespaceListerExpansion allows custom methods to be added to -// ServiceAccountNamespaceLister. -type ServiceAccountNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/limitrange.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/limitrange.go deleted file mode 100644 index d8fa569cd3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/limitrange.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// LimitRangeLister helps list LimitRanges. -// All objects returned here must be treated as read-only. -type LimitRangeLister interface { - // List lists all LimitRanges in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.LimitRange, err error) - // LimitRanges returns an object that can list and get LimitRanges. - LimitRanges(namespace string) LimitRangeNamespaceLister - LimitRangeListerExpansion -} - -// limitRangeLister implements the LimitRangeLister interface. -type limitRangeLister struct { - indexer cache.Indexer -} - -// NewLimitRangeLister returns a new LimitRangeLister. -func NewLimitRangeLister(indexer cache.Indexer) LimitRangeLister { - return &limitRangeLister{indexer: indexer} -} - -// List lists all LimitRanges in the indexer. -func (s *limitRangeLister) List(selector labels.Selector) (ret []*v1.LimitRange, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.LimitRange)) - }) - return ret, err -} - -// LimitRanges returns an object that can list and get LimitRanges. -func (s *limitRangeLister) LimitRanges(namespace string) LimitRangeNamespaceLister { - return limitRangeNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// LimitRangeNamespaceLister helps list and get LimitRanges. -// All objects returned here must be treated as read-only. -type LimitRangeNamespaceLister interface { - // List lists all LimitRanges in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.LimitRange, err error) - // Get retrieves the LimitRange from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.LimitRange, error) - LimitRangeNamespaceListerExpansion -} - -// limitRangeNamespaceLister implements the LimitRangeNamespaceLister -// interface. -type limitRangeNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all LimitRanges in the indexer for a given namespace. -func (s limitRangeNamespaceLister) List(selector labels.Selector) (ret []*v1.LimitRange, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.LimitRange)) - }) - return ret, err -} - -// Get retrieves the LimitRange from the indexer for a given namespace and name. -func (s limitRangeNamespaceLister) Get(name string) (*v1.LimitRange, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("limitrange"), name) - } - return obj.(*v1.LimitRange), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/namespace.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/namespace.go deleted file mode 100644 index 454aa1a0a2..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/namespace.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// NamespaceLister helps list Namespaces. -// All objects returned here must be treated as read-only. -type NamespaceLister interface { - // List lists all Namespaces in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Namespace, err error) - // Get retrieves the Namespace from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Namespace, error) - NamespaceListerExpansion -} - -// namespaceLister implements the NamespaceLister interface. -type namespaceLister struct { - indexer cache.Indexer -} - -// NewNamespaceLister returns a new NamespaceLister. -func NewNamespaceLister(indexer cache.Indexer) NamespaceLister { - return &namespaceLister{indexer: indexer} -} - -// List lists all Namespaces in the indexer. -func (s *namespaceLister) List(selector labels.Selector) (ret []*v1.Namespace, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Namespace)) - }) - return ret, err -} - -// Get retrieves the Namespace from the index for a given name. -func (s *namespaceLister) Get(name string) (*v1.Namespace, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("namespace"), name) - } - return obj.(*v1.Namespace), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/node.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/node.go deleted file mode 100644 index 596049857f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/node.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// NodeLister helps list Nodes. -// All objects returned here must be treated as read-only. -type NodeLister interface { - // List lists all Nodes in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Node, err error) - // Get retrieves the Node from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Node, error) - NodeListerExpansion -} - -// nodeLister implements the NodeLister interface. -type nodeLister struct { - indexer cache.Indexer -} - -// NewNodeLister returns a new NodeLister. -func NewNodeLister(indexer cache.Indexer) NodeLister { - return &nodeLister{indexer: indexer} -} - -// List lists all Nodes in the indexer. -func (s *nodeLister) List(selector labels.Selector) (ret []*v1.Node, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Node)) - }) - return ret, err -} - -// Get retrieves the Node from the index for a given name. -func (s *nodeLister) Get(name string) (*v1.Node, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("node"), name) - } - return obj.(*v1.Node), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/persistentvolume.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/persistentvolume.go deleted file mode 100644 index e7dfd4ac9f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/persistentvolume.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PersistentVolumeLister helps list PersistentVolumes. -// All objects returned here must be treated as read-only. -type PersistentVolumeLister interface { - // List lists all PersistentVolumes in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PersistentVolume, err error) - // Get retrieves the PersistentVolume from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.PersistentVolume, error) - PersistentVolumeListerExpansion -} - -// persistentVolumeLister implements the PersistentVolumeLister interface. -type persistentVolumeLister struct { - indexer cache.Indexer -} - -// NewPersistentVolumeLister returns a new PersistentVolumeLister. -func NewPersistentVolumeLister(indexer cache.Indexer) PersistentVolumeLister { - return &persistentVolumeLister{indexer: indexer} -} - -// List lists all PersistentVolumes in the indexer. -func (s *persistentVolumeLister) List(selector labels.Selector) (ret []*v1.PersistentVolume, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PersistentVolume)) - }) - return ret, err -} - -// Get retrieves the PersistentVolume from the index for a given name. -func (s *persistentVolumeLister) Get(name string) (*v1.PersistentVolume, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("persistentvolume"), name) - } - return obj.(*v1.PersistentVolume), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/persistentvolumeclaim.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/persistentvolumeclaim.go deleted file mode 100644 index fc71bb5a1f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/persistentvolumeclaim.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PersistentVolumeClaimLister helps list PersistentVolumeClaims. -// All objects returned here must be treated as read-only. -type PersistentVolumeClaimLister interface { - // List lists all PersistentVolumeClaims in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PersistentVolumeClaim, err error) - // PersistentVolumeClaims returns an object that can list and get PersistentVolumeClaims. - PersistentVolumeClaims(namespace string) PersistentVolumeClaimNamespaceLister - PersistentVolumeClaimListerExpansion -} - -// persistentVolumeClaimLister implements the PersistentVolumeClaimLister interface. -type persistentVolumeClaimLister struct { - indexer cache.Indexer -} - -// NewPersistentVolumeClaimLister returns a new PersistentVolumeClaimLister. -func NewPersistentVolumeClaimLister(indexer cache.Indexer) PersistentVolumeClaimLister { - return &persistentVolumeClaimLister{indexer: indexer} -} - -// List lists all PersistentVolumeClaims in the indexer. -func (s *persistentVolumeClaimLister) List(selector labels.Selector) (ret []*v1.PersistentVolumeClaim, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PersistentVolumeClaim)) - }) - return ret, err -} - -// PersistentVolumeClaims returns an object that can list and get PersistentVolumeClaims. -func (s *persistentVolumeClaimLister) PersistentVolumeClaims(namespace string) PersistentVolumeClaimNamespaceLister { - return persistentVolumeClaimNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PersistentVolumeClaimNamespaceLister helps list and get PersistentVolumeClaims. -// All objects returned here must be treated as read-only. -type PersistentVolumeClaimNamespaceLister interface { - // List lists all PersistentVolumeClaims in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PersistentVolumeClaim, err error) - // Get retrieves the PersistentVolumeClaim from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.PersistentVolumeClaim, error) - PersistentVolumeClaimNamespaceListerExpansion -} - -// persistentVolumeClaimNamespaceLister implements the PersistentVolumeClaimNamespaceLister -// interface. -type persistentVolumeClaimNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PersistentVolumeClaims in the indexer for a given namespace. -func (s persistentVolumeClaimNamespaceLister) List(selector labels.Selector) (ret []*v1.PersistentVolumeClaim, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PersistentVolumeClaim)) - }) - return ret, err -} - -// Get retrieves the PersistentVolumeClaim from the indexer for a given namespace and name. -func (s persistentVolumeClaimNamespaceLister) Get(name string) (*v1.PersistentVolumeClaim, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("persistentvolumeclaim"), name) - } - return obj.(*v1.PersistentVolumeClaim), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/pod.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/pod.go deleted file mode 100644 index ab8f0946c3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/pod.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PodLister helps list Pods. -// All objects returned here must be treated as read-only. -type PodLister interface { - // List lists all Pods in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Pod, err error) - // Pods returns an object that can list and get Pods. - Pods(namespace string) PodNamespaceLister - PodListerExpansion -} - -// podLister implements the PodLister interface. -type podLister struct { - indexer cache.Indexer -} - -// NewPodLister returns a new PodLister. -func NewPodLister(indexer cache.Indexer) PodLister { - return &podLister{indexer: indexer} -} - -// List lists all Pods in the indexer. -func (s *podLister) List(selector labels.Selector) (ret []*v1.Pod, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Pod)) - }) - return ret, err -} - -// Pods returns an object that can list and get Pods. -func (s *podLister) Pods(namespace string) PodNamespaceLister { - return podNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PodNamespaceLister helps list and get Pods. -// All objects returned here must be treated as read-only. -type PodNamespaceLister interface { - // List lists all Pods in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Pod, err error) - // Get retrieves the Pod from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Pod, error) - PodNamespaceListerExpansion -} - -// podNamespaceLister implements the PodNamespaceLister -// interface. -type podNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Pods in the indexer for a given namespace. -func (s podNamespaceLister) List(selector labels.Selector) (ret []*v1.Pod, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Pod)) - }) - return ret, err -} - -// Get retrieves the Pod from the indexer for a given namespace and name. -func (s podNamespaceLister) Get(name string) (*v1.Pod, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("pod"), name) - } - return obj.(*v1.Pod), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/podtemplate.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/podtemplate.go deleted file mode 100644 index 6c310045b7..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/podtemplate.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PodTemplateLister helps list PodTemplates. -// All objects returned here must be treated as read-only. -type PodTemplateLister interface { - // List lists all PodTemplates in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PodTemplate, err error) - // PodTemplates returns an object that can list and get PodTemplates. - PodTemplates(namespace string) PodTemplateNamespaceLister - PodTemplateListerExpansion -} - -// podTemplateLister implements the PodTemplateLister interface. -type podTemplateLister struct { - indexer cache.Indexer -} - -// NewPodTemplateLister returns a new PodTemplateLister. -func NewPodTemplateLister(indexer cache.Indexer) PodTemplateLister { - return &podTemplateLister{indexer: indexer} -} - -// List lists all PodTemplates in the indexer. -func (s *podTemplateLister) List(selector labels.Selector) (ret []*v1.PodTemplate, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PodTemplate)) - }) - return ret, err -} - -// PodTemplates returns an object that can list and get PodTemplates. -func (s *podTemplateLister) PodTemplates(namespace string) PodTemplateNamespaceLister { - return podTemplateNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PodTemplateNamespaceLister helps list and get PodTemplates. -// All objects returned here must be treated as read-only. -type PodTemplateNamespaceLister interface { - // List lists all PodTemplates in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PodTemplate, err error) - // Get retrieves the PodTemplate from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.PodTemplate, error) - PodTemplateNamespaceListerExpansion -} - -// podTemplateNamespaceLister implements the PodTemplateNamespaceLister -// interface. -type podTemplateNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodTemplates in the indexer for a given namespace. -func (s podTemplateNamespaceLister) List(selector labels.Selector) (ret []*v1.PodTemplate, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PodTemplate)) - }) - return ret, err -} - -// Get retrieves the PodTemplate from the indexer for a given namespace and name. -func (s podTemplateNamespaceLister) Get(name string) (*v1.PodTemplate, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("podtemplate"), name) - } - return obj.(*v1.PodTemplate), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/replicationcontroller.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/replicationcontroller.go deleted file mode 100644 index e28e2ef768..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/replicationcontroller.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ReplicationControllerLister helps list ReplicationControllers. -// All objects returned here must be treated as read-only. -type ReplicationControllerLister interface { - // List lists all ReplicationControllers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ReplicationController, err error) - // ReplicationControllers returns an object that can list and get ReplicationControllers. - ReplicationControllers(namespace string) ReplicationControllerNamespaceLister - ReplicationControllerListerExpansion -} - -// replicationControllerLister implements the ReplicationControllerLister interface. -type replicationControllerLister struct { - indexer cache.Indexer -} - -// NewReplicationControllerLister returns a new ReplicationControllerLister. -func NewReplicationControllerLister(indexer cache.Indexer) ReplicationControllerLister { - return &replicationControllerLister{indexer: indexer} -} - -// List lists all ReplicationControllers in the indexer. -func (s *replicationControllerLister) List(selector labels.Selector) (ret []*v1.ReplicationController, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ReplicationController)) - }) - return ret, err -} - -// ReplicationControllers returns an object that can list and get ReplicationControllers. -func (s *replicationControllerLister) ReplicationControllers(namespace string) ReplicationControllerNamespaceLister { - return replicationControllerNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ReplicationControllerNamespaceLister helps list and get ReplicationControllers. -// All objects returned here must be treated as read-only. -type ReplicationControllerNamespaceLister interface { - // List lists all ReplicationControllers in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ReplicationController, err error) - // Get retrieves the ReplicationController from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ReplicationController, error) - ReplicationControllerNamespaceListerExpansion -} - -// replicationControllerNamespaceLister implements the ReplicationControllerNamespaceLister -// interface. -type replicationControllerNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ReplicationControllers in the indexer for a given namespace. -func (s replicationControllerNamespaceLister) List(selector labels.Selector) (ret []*v1.ReplicationController, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ReplicationController)) - }) - return ret, err -} - -// Get retrieves the ReplicationController from the indexer for a given namespace and name. -func (s replicationControllerNamespaceLister) Get(name string) (*v1.ReplicationController, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("replicationcontroller"), name) - } - return obj.(*v1.ReplicationController), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/replicationcontroller_expansion.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/replicationcontroller_expansion.go deleted file mode 100644 index b031d52173..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/replicationcontroller_expansion.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// ReplicationControllerListerExpansion allows custom methods to be added to -// ReplicationControllerLister. -type ReplicationControllerListerExpansion interface { - GetPodControllers(pod *v1.Pod) ([]*v1.ReplicationController, error) -} - -// ReplicationControllerNamespaceListerExpansion allows custom methods to be added to -// ReplicationControllerNamespaceLister. -type ReplicationControllerNamespaceListerExpansion interface{} - -// GetPodControllers returns a list of ReplicationControllers that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching ReplicationControllers are found. -func (s *replicationControllerLister) GetPodControllers(pod *v1.Pod) ([]*v1.ReplicationController, error) { - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no controllers found for pod %v because it has no labels", pod.Name) - } - - items, err := s.ReplicationControllers(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var controllers []*v1.ReplicationController - for i := range items { - rc := items[i] - selector := labels.Set(rc.Spec.Selector).AsSelectorPreValidated() - - // If an rc with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - controllers = append(controllers, rc) - } - - if len(controllers) == 0 { - return nil, fmt.Errorf("could not find controller for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return controllers, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/resourcequota.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/resourcequota.go deleted file mode 100644 index 9c00b49d4f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/resourcequota.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ResourceQuotaLister helps list ResourceQuotas. -// All objects returned here must be treated as read-only. -type ResourceQuotaLister interface { - // List lists all ResourceQuotas in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ResourceQuota, err error) - // ResourceQuotas returns an object that can list and get ResourceQuotas. - ResourceQuotas(namespace string) ResourceQuotaNamespaceLister - ResourceQuotaListerExpansion -} - -// resourceQuotaLister implements the ResourceQuotaLister interface. -type resourceQuotaLister struct { - indexer cache.Indexer -} - -// NewResourceQuotaLister returns a new ResourceQuotaLister. -func NewResourceQuotaLister(indexer cache.Indexer) ResourceQuotaLister { - return &resourceQuotaLister{indexer: indexer} -} - -// List lists all ResourceQuotas in the indexer. -func (s *resourceQuotaLister) List(selector labels.Selector) (ret []*v1.ResourceQuota, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ResourceQuota)) - }) - return ret, err -} - -// ResourceQuotas returns an object that can list and get ResourceQuotas. -func (s *resourceQuotaLister) ResourceQuotas(namespace string) ResourceQuotaNamespaceLister { - return resourceQuotaNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ResourceQuotaNamespaceLister helps list and get ResourceQuotas. -// All objects returned here must be treated as read-only. -type ResourceQuotaNamespaceLister interface { - // List lists all ResourceQuotas in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ResourceQuota, err error) - // Get retrieves the ResourceQuota from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ResourceQuota, error) - ResourceQuotaNamespaceListerExpansion -} - -// resourceQuotaNamespaceLister implements the ResourceQuotaNamespaceLister -// interface. -type resourceQuotaNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ResourceQuotas in the indexer for a given namespace. -func (s resourceQuotaNamespaceLister) List(selector labels.Selector) (ret []*v1.ResourceQuota, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ResourceQuota)) - }) - return ret, err -} - -// Get retrieves the ResourceQuota from the indexer for a given namespace and name. -func (s resourceQuotaNamespaceLister) Get(name string) (*v1.ResourceQuota, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("resourcequota"), name) - } - return obj.(*v1.ResourceQuota), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/secret.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/secret.go deleted file mode 100644 index d386d4d5cb..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/secret.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// SecretLister helps list Secrets. -// All objects returned here must be treated as read-only. -type SecretLister interface { - // List lists all Secrets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Secret, err error) - // Secrets returns an object that can list and get Secrets. - Secrets(namespace string) SecretNamespaceLister - SecretListerExpansion -} - -// secretLister implements the SecretLister interface. -type secretLister struct { - indexer cache.Indexer -} - -// NewSecretLister returns a new SecretLister. -func NewSecretLister(indexer cache.Indexer) SecretLister { - return &secretLister{indexer: indexer} -} - -// List lists all Secrets in the indexer. -func (s *secretLister) List(selector labels.Selector) (ret []*v1.Secret, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Secret)) - }) - return ret, err -} - -// Secrets returns an object that can list and get Secrets. -func (s *secretLister) Secrets(namespace string) SecretNamespaceLister { - return secretNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// SecretNamespaceLister helps list and get Secrets. -// All objects returned here must be treated as read-only. -type SecretNamespaceLister interface { - // List lists all Secrets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Secret, err error) - // Get retrieves the Secret from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Secret, error) - SecretNamespaceListerExpansion -} - -// secretNamespaceLister implements the SecretNamespaceLister -// interface. -type secretNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Secrets in the indexer for a given namespace. -func (s secretNamespaceLister) List(selector labels.Selector) (ret []*v1.Secret, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Secret)) - }) - return ret, err -} - -// Get retrieves the Secret from the indexer for a given namespace and name. -func (s secretNamespaceLister) Get(name string) (*v1.Secret, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("secret"), name) - } - return obj.(*v1.Secret), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/service.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/service.go deleted file mode 100644 index 51026d7b4b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/service.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ServiceLister helps list Services. -// All objects returned here must be treated as read-only. -type ServiceLister interface { - // List lists all Services in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Service, err error) - // Services returns an object that can list and get Services. - Services(namespace string) ServiceNamespaceLister - ServiceListerExpansion -} - -// serviceLister implements the ServiceLister interface. -type serviceLister struct { - indexer cache.Indexer -} - -// NewServiceLister returns a new ServiceLister. -func NewServiceLister(indexer cache.Indexer) ServiceLister { - return &serviceLister{indexer: indexer} -} - -// List lists all Services in the indexer. -func (s *serviceLister) List(selector labels.Selector) (ret []*v1.Service, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Service)) - }) - return ret, err -} - -// Services returns an object that can list and get Services. -func (s *serviceLister) Services(namespace string) ServiceNamespaceLister { - return serviceNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ServiceNamespaceLister helps list and get Services. -// All objects returned here must be treated as read-only. -type ServiceNamespaceLister interface { - // List lists all Services in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Service, err error) - // Get retrieves the Service from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Service, error) - ServiceNamespaceListerExpansion -} - -// serviceNamespaceLister implements the ServiceNamespaceLister -// interface. -type serviceNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Services in the indexer for a given namespace. -func (s serviceNamespaceLister) List(selector labels.Selector) (ret []*v1.Service, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Service)) - }) - return ret, err -} - -// Get retrieves the Service from the indexer for a given namespace and name. -func (s serviceNamespaceLister) Get(name string) (*v1.Service, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("service"), name) - } - return obj.(*v1.Service), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/core/v1/serviceaccount.go b/etcd/vendor/k8s.io/client-go/listers/core/v1/serviceaccount.go deleted file mode 100644 index aa9554d8bb..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/core/v1/serviceaccount.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ServiceAccountLister helps list ServiceAccounts. -// All objects returned here must be treated as read-only. -type ServiceAccountLister interface { - // List lists all ServiceAccounts in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ServiceAccount, err error) - // ServiceAccounts returns an object that can list and get ServiceAccounts. - ServiceAccounts(namespace string) ServiceAccountNamespaceLister - ServiceAccountListerExpansion -} - -// serviceAccountLister implements the ServiceAccountLister interface. -type serviceAccountLister struct { - indexer cache.Indexer -} - -// NewServiceAccountLister returns a new ServiceAccountLister. -func NewServiceAccountLister(indexer cache.Indexer) ServiceAccountLister { - return &serviceAccountLister{indexer: indexer} -} - -// List lists all ServiceAccounts in the indexer. -func (s *serviceAccountLister) List(selector labels.Selector) (ret []*v1.ServiceAccount, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ServiceAccount)) - }) - return ret, err -} - -// ServiceAccounts returns an object that can list and get ServiceAccounts. -func (s *serviceAccountLister) ServiceAccounts(namespace string) ServiceAccountNamespaceLister { - return serviceAccountNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ServiceAccountNamespaceLister helps list and get ServiceAccounts. -// All objects returned here must be treated as read-only. -type ServiceAccountNamespaceLister interface { - // List lists all ServiceAccounts in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ServiceAccount, err error) - // Get retrieves the ServiceAccount from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ServiceAccount, error) - ServiceAccountNamespaceListerExpansion -} - -// serviceAccountNamespaceLister implements the ServiceAccountNamespaceLister -// interface. -type serviceAccountNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ServiceAccounts in the indexer for a given namespace. -func (s serviceAccountNamespaceLister) List(selector labels.Selector) (ret []*v1.ServiceAccount, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ServiceAccount)) - }) - return ret, err -} - -// Get retrieves the ServiceAccount from the indexer for a given namespace and name. -func (s serviceAccountNamespaceLister) Get(name string) (*v1.ServiceAccount, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("serviceaccount"), name) - } - return obj.(*v1.ServiceAccount), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/discovery/v1/endpointslice.go b/etcd/vendor/k8s.io/client-go/listers/discovery/v1/endpointslice.go deleted file mode 100644 index 4dd46ff1bf..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/discovery/v1/endpointslice.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/discovery/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EndpointSliceLister helps list EndpointSlices. -// All objects returned here must be treated as read-only. -type EndpointSliceLister interface { - // List lists all EndpointSlices in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.EndpointSlice, err error) - // EndpointSlices returns an object that can list and get EndpointSlices. - EndpointSlices(namespace string) EndpointSliceNamespaceLister - EndpointSliceListerExpansion -} - -// endpointSliceLister implements the EndpointSliceLister interface. -type endpointSliceLister struct { - indexer cache.Indexer -} - -// NewEndpointSliceLister returns a new EndpointSliceLister. -func NewEndpointSliceLister(indexer cache.Indexer) EndpointSliceLister { - return &endpointSliceLister{indexer: indexer} -} - -// List lists all EndpointSlices in the indexer. -func (s *endpointSliceLister) List(selector labels.Selector) (ret []*v1.EndpointSlice, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.EndpointSlice)) - }) - return ret, err -} - -// EndpointSlices returns an object that can list and get EndpointSlices. -func (s *endpointSliceLister) EndpointSlices(namespace string) EndpointSliceNamespaceLister { - return endpointSliceNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EndpointSliceNamespaceLister helps list and get EndpointSlices. -// All objects returned here must be treated as read-only. -type EndpointSliceNamespaceLister interface { - // List lists all EndpointSlices in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.EndpointSlice, err error) - // Get retrieves the EndpointSlice from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.EndpointSlice, error) - EndpointSliceNamespaceListerExpansion -} - -// endpointSliceNamespaceLister implements the EndpointSliceNamespaceLister -// interface. -type endpointSliceNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all EndpointSlices in the indexer for a given namespace. -func (s endpointSliceNamespaceLister) List(selector labels.Selector) (ret []*v1.EndpointSlice, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.EndpointSlice)) - }) - return ret, err -} - -// Get retrieves the EndpointSlice from the indexer for a given namespace and name. -func (s endpointSliceNamespaceLister) Get(name string) (*v1.EndpointSlice, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("endpointslice"), name) - } - return obj.(*v1.EndpointSlice), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/discovery/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/discovery/v1/expansion_generated.go deleted file mode 100644 index 660163eeef..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/discovery/v1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// EndpointSliceListerExpansion allows custom methods to be added to -// EndpointSliceLister. -type EndpointSliceListerExpansion interface{} - -// EndpointSliceNamespaceListerExpansion allows custom methods to be added to -// EndpointSliceNamespaceLister. -type EndpointSliceNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/discovery/v1beta1/endpointslice.go b/etcd/vendor/k8s.io/client-go/listers/discovery/v1beta1/endpointslice.go deleted file mode 100644 index e92872d5f4..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/discovery/v1beta1/endpointslice.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/discovery/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EndpointSliceLister helps list EndpointSlices. -// All objects returned here must be treated as read-only. -type EndpointSliceLister interface { - // List lists all EndpointSlices in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.EndpointSlice, err error) - // EndpointSlices returns an object that can list and get EndpointSlices. - EndpointSlices(namespace string) EndpointSliceNamespaceLister - EndpointSliceListerExpansion -} - -// endpointSliceLister implements the EndpointSliceLister interface. -type endpointSliceLister struct { - indexer cache.Indexer -} - -// NewEndpointSliceLister returns a new EndpointSliceLister. -func NewEndpointSliceLister(indexer cache.Indexer) EndpointSliceLister { - return &endpointSliceLister{indexer: indexer} -} - -// List lists all EndpointSlices in the indexer. -func (s *endpointSliceLister) List(selector labels.Selector) (ret []*v1beta1.EndpointSlice, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.EndpointSlice)) - }) - return ret, err -} - -// EndpointSlices returns an object that can list and get EndpointSlices. -func (s *endpointSliceLister) EndpointSlices(namespace string) EndpointSliceNamespaceLister { - return endpointSliceNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EndpointSliceNamespaceLister helps list and get EndpointSlices. -// All objects returned here must be treated as read-only. -type EndpointSliceNamespaceLister interface { - // List lists all EndpointSlices in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.EndpointSlice, err error) - // Get retrieves the EndpointSlice from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.EndpointSlice, error) - EndpointSliceNamespaceListerExpansion -} - -// endpointSliceNamespaceLister implements the EndpointSliceNamespaceLister -// interface. -type endpointSliceNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all EndpointSlices in the indexer for a given namespace. -func (s endpointSliceNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.EndpointSlice, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.EndpointSlice)) - }) - return ret, err -} - -// Get retrieves the EndpointSlice from the indexer for a given namespace and name. -func (s endpointSliceNamespaceLister) Get(name string) (*v1beta1.EndpointSlice, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("endpointslice"), name) - } - return obj.(*v1beta1.EndpointSlice), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/discovery/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/discovery/v1beta1/expansion_generated.go deleted file mode 100644 index 9619bbd8dd..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/discovery/v1beta1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// EndpointSliceListerExpansion allows custom methods to be added to -// EndpointSliceLister. -type EndpointSliceListerExpansion interface{} - -// EndpointSliceNamespaceListerExpansion allows custom methods to be added to -// EndpointSliceNamespaceLister. -type EndpointSliceNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/events/v1/event.go b/etcd/vendor/k8s.io/client-go/listers/events/v1/event.go deleted file mode 100644 index 4abe841e26..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/events/v1/event.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/events/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EventLister helps list Events. -// All objects returned here must be treated as read-only. -type EventLister interface { - // List lists all Events in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Event, err error) - // Events returns an object that can list and get Events. - Events(namespace string) EventNamespaceLister - EventListerExpansion -} - -// eventLister implements the EventLister interface. -type eventLister struct { - indexer cache.Indexer -} - -// NewEventLister returns a new EventLister. -func NewEventLister(indexer cache.Indexer) EventLister { - return &eventLister{indexer: indexer} -} - -// List lists all Events in the indexer. -func (s *eventLister) List(selector labels.Selector) (ret []*v1.Event, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Event)) - }) - return ret, err -} - -// Events returns an object that can list and get Events. -func (s *eventLister) Events(namespace string) EventNamespaceLister { - return eventNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EventNamespaceLister helps list and get Events. -// All objects returned here must be treated as read-only. -type EventNamespaceLister interface { - // List lists all Events in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Event, err error) - // Get retrieves the Event from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Event, error) - EventNamespaceListerExpansion -} - -// eventNamespaceLister implements the EventNamespaceLister -// interface. -type eventNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Events in the indexer for a given namespace. -func (s eventNamespaceLister) List(selector labels.Selector) (ret []*v1.Event, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Event)) - }) - return ret, err -} - -// Get retrieves the Event from the indexer for a given namespace and name. -func (s eventNamespaceLister) Get(name string) (*v1.Event, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("event"), name) - } - return obj.(*v1.Event), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/events/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/events/v1/expansion_generated.go deleted file mode 100644 index 348e784d74..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/events/v1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// EventListerExpansion allows custom methods to be added to -// EventLister. -type EventListerExpansion interface{} - -// EventNamespaceListerExpansion allows custom methods to be added to -// EventNamespaceLister. -type EventNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/events/v1beta1/event.go b/etcd/vendor/k8s.io/client-go/listers/events/v1beta1/event.go deleted file mode 100644 index 41a521be6f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/events/v1beta1/event.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/events/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EventLister helps list Events. -// All objects returned here must be treated as read-only. -type EventLister interface { - // List lists all Events in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Event, err error) - // Events returns an object that can list and get Events. - Events(namespace string) EventNamespaceLister - EventListerExpansion -} - -// eventLister implements the EventLister interface. -type eventLister struct { - indexer cache.Indexer -} - -// NewEventLister returns a new EventLister. -func NewEventLister(indexer cache.Indexer) EventLister { - return &eventLister{indexer: indexer} -} - -// List lists all Events in the indexer. -func (s *eventLister) List(selector labels.Selector) (ret []*v1beta1.Event, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Event)) - }) - return ret, err -} - -// Events returns an object that can list and get Events. -func (s *eventLister) Events(namespace string) EventNamespaceLister { - return eventNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EventNamespaceLister helps list and get Events. -// All objects returned here must be treated as read-only. -type EventNamespaceLister interface { - // List lists all Events in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Event, err error) - // Get retrieves the Event from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Event, error) - EventNamespaceListerExpansion -} - -// eventNamespaceLister implements the EventNamespaceLister -// interface. -type eventNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Events in the indexer for a given namespace. -func (s eventNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Event, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Event)) - }) - return ret, err -} - -// Get retrieves the Event from the indexer for a given namespace and name. -func (s eventNamespaceLister) Get(name string) (*v1beta1.Event, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("event"), name) - } - return obj.(*v1beta1.Event), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/events/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/events/v1beta1/expansion_generated.go deleted file mode 100644 index d311691d9d..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/events/v1beta1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// EventListerExpansion allows custom methods to be added to -// EventLister. -type EventListerExpansion interface{} - -// EventNamespaceListerExpansion allows custom methods to be added to -// EventNamespaceLister. -type EventNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/daemonset.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/daemonset.go deleted file mode 100644 index 900475410b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/daemonset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/extensions/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// DaemonSetLister helps list DaemonSets. -// All objects returned here must be treated as read-only. -type DaemonSetLister interface { - // List lists all DaemonSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.DaemonSet, err error) - // DaemonSets returns an object that can list and get DaemonSets. - DaemonSets(namespace string) DaemonSetNamespaceLister - DaemonSetListerExpansion -} - -// daemonSetLister implements the DaemonSetLister interface. -type daemonSetLister struct { - indexer cache.Indexer -} - -// NewDaemonSetLister returns a new DaemonSetLister. -func NewDaemonSetLister(indexer cache.Indexer) DaemonSetLister { - return &daemonSetLister{indexer: indexer} -} - -// List lists all DaemonSets in the indexer. -func (s *daemonSetLister) List(selector labels.Selector) (ret []*v1beta1.DaemonSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.DaemonSet)) - }) - return ret, err -} - -// DaemonSets returns an object that can list and get DaemonSets. -func (s *daemonSetLister) DaemonSets(namespace string) DaemonSetNamespaceLister { - return daemonSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// DaemonSetNamespaceLister helps list and get DaemonSets. -// All objects returned here must be treated as read-only. -type DaemonSetNamespaceLister interface { - // List lists all DaemonSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.DaemonSet, err error) - // Get retrieves the DaemonSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.DaemonSet, error) - DaemonSetNamespaceListerExpansion -} - -// daemonSetNamespaceLister implements the DaemonSetNamespaceLister -// interface. -type daemonSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all DaemonSets in the indexer for a given namespace. -func (s daemonSetNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.DaemonSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.DaemonSet)) - }) - return ret, err -} - -// Get retrieves the DaemonSet from the indexer for a given namespace and name. -func (s daemonSetNamespaceLister) Get(name string) (*v1beta1.DaemonSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("daemonset"), name) - } - return obj.(*v1beta1.DaemonSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/daemonset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/daemonset_expansion.go deleted file mode 100644 index f6dd7a963e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/daemonset_expansion.go +++ /dev/null @@ -1,115 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - apps "k8s.io/api/apps/v1beta1" - "k8s.io/api/core/v1" - "k8s.io/api/extensions/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// DaemonSetListerExpansion allows custom methods to be added to -// DaemonSetLister. -type DaemonSetListerExpansion interface { - GetPodDaemonSets(pod *v1.Pod) ([]*v1beta1.DaemonSet, error) - GetHistoryDaemonSets(history *apps.ControllerRevision) ([]*v1beta1.DaemonSet, error) -} - -// DaemonSetNamespaceListerExpansion allows custom methods to be added to -// DaemonSetNamespaceLister. -type DaemonSetNamespaceListerExpansion interface{} - -// GetPodDaemonSets returns a list of DaemonSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching DaemonSets are found. -func (s *daemonSetLister) GetPodDaemonSets(pod *v1.Pod) ([]*v1beta1.DaemonSet, error) { - var selector labels.Selector - var daemonSet *v1beta1.DaemonSet - - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no daemon sets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.DaemonSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var daemonSets []*v1beta1.DaemonSet - for i := range list { - daemonSet = list[i] - if daemonSet.Namespace != pod.Namespace { - continue - } - selector, err = metav1.LabelSelectorAsSelector(daemonSet.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a daemonSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - daemonSets = append(daemonSets, daemonSet) - } - - if len(daemonSets) == 0 { - return nil, fmt.Errorf("could not find daemon set for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return daemonSets, nil -} - -// GetHistoryDaemonSets returns a list of DaemonSets that potentially -// match a ControllerRevision. Only the one specified in the ControllerRevision's ControllerRef -// will actually manage it. -// Returns an error only if no matching DaemonSets are found. -func (s *daemonSetLister) GetHistoryDaemonSets(history *apps.ControllerRevision) ([]*v1beta1.DaemonSet, error) { - if len(history.Labels) == 0 { - return nil, fmt.Errorf("no DaemonSet found for ControllerRevision %s because it has no labels", history.Name) - } - - list, err := s.DaemonSets(history.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var daemonSets []*v1beta1.DaemonSet - for _, ds := range list { - selector, err := metav1.LabelSelectorAsSelector(ds.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the history object - continue - } - // If a DaemonSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(history.Labels)) { - continue - } - daemonSets = append(daemonSets, ds) - } - - if len(daemonSets) == 0 { - return nil, fmt.Errorf("could not find DaemonSets for ControllerRevision %s in namespace %s with labels: %v", history.Name, history.Namespace, history.Labels) - } - - return daemonSets, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/deployment.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/deployment.go deleted file mode 100644 index 42b5a07231..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/deployment.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/extensions/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// DeploymentLister helps list Deployments. -// All objects returned here must be treated as read-only. -type DeploymentLister interface { - // List lists all Deployments in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) - // Deployments returns an object that can list and get Deployments. - Deployments(namespace string) DeploymentNamespaceLister - DeploymentListerExpansion -} - -// deploymentLister implements the DeploymentLister interface. -type deploymentLister struct { - indexer cache.Indexer -} - -// NewDeploymentLister returns a new DeploymentLister. -func NewDeploymentLister(indexer cache.Indexer) DeploymentLister { - return &deploymentLister{indexer: indexer} -} - -// List lists all Deployments in the indexer. -func (s *deploymentLister) List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Deployment)) - }) - return ret, err -} - -// Deployments returns an object that can list and get Deployments. -func (s *deploymentLister) Deployments(namespace string) DeploymentNamespaceLister { - return deploymentNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// DeploymentNamespaceLister helps list and get Deployments. -// All objects returned here must be treated as read-only. -type DeploymentNamespaceLister interface { - // List lists all Deployments in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) - // Get retrieves the Deployment from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Deployment, error) - DeploymentNamespaceListerExpansion -} - -// deploymentNamespaceLister implements the DeploymentNamespaceLister -// interface. -type deploymentNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Deployments in the indexer for a given namespace. -func (s deploymentNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Deployment, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Deployment)) - }) - return ret, err -} - -// Get retrieves the Deployment from the indexer for a given namespace and name. -func (s deploymentNamespaceLister) Get(name string) (*v1beta1.Deployment, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("deployment"), name) - } - return obj.(*v1beta1.Deployment), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/expansion_generated.go deleted file mode 100644 index 5599219d9e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/expansion_generated.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// DeploymentListerExpansion allows custom methods to be added to -// DeploymentLister. -type DeploymentListerExpansion interface{} - -// DeploymentNamespaceListerExpansion allows custom methods to be added to -// DeploymentNamespaceLister. -type DeploymentNamespaceListerExpansion interface{} - -// IngressListerExpansion allows custom methods to be added to -// IngressLister. -type IngressListerExpansion interface{} - -// IngressNamespaceListerExpansion allows custom methods to be added to -// IngressNamespaceLister. -type IngressNamespaceListerExpansion interface{} - -// NetworkPolicyListerExpansion allows custom methods to be added to -// NetworkPolicyLister. -type NetworkPolicyListerExpansion interface{} - -// NetworkPolicyNamespaceListerExpansion allows custom methods to be added to -// NetworkPolicyNamespaceLister. -type NetworkPolicyNamespaceListerExpansion interface{} - -// PodSecurityPolicyListerExpansion allows custom methods to be added to -// PodSecurityPolicyLister. -type PodSecurityPolicyListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/ingress.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/ingress.go deleted file mode 100644 index 1cb7677bd8..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/ingress.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/extensions/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// IngressLister helps list Ingresses. -// All objects returned here must be treated as read-only. -type IngressLister interface { - // List lists all Ingresses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) - // Ingresses returns an object that can list and get Ingresses. - Ingresses(namespace string) IngressNamespaceLister - IngressListerExpansion -} - -// ingressLister implements the IngressLister interface. -type ingressLister struct { - indexer cache.Indexer -} - -// NewIngressLister returns a new IngressLister. -func NewIngressLister(indexer cache.Indexer) IngressLister { - return &ingressLister{indexer: indexer} -} - -// List lists all Ingresses in the indexer. -func (s *ingressLister) List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Ingress)) - }) - return ret, err -} - -// Ingresses returns an object that can list and get Ingresses. -func (s *ingressLister) Ingresses(namespace string) IngressNamespaceLister { - return ingressNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// IngressNamespaceLister helps list and get Ingresses. -// All objects returned here must be treated as read-only. -type IngressNamespaceLister interface { - // List lists all Ingresses in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) - // Get retrieves the Ingress from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Ingress, error) - IngressNamespaceListerExpansion -} - -// ingressNamespaceLister implements the IngressNamespaceLister -// interface. -type ingressNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Ingresses in the indexer for a given namespace. -func (s ingressNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Ingress)) - }) - return ret, err -} - -// Get retrieves the Ingress from the indexer for a given namespace and name. -func (s ingressNamespaceLister) Get(name string) (*v1beta1.Ingress, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("ingress"), name) - } - return obj.(*v1beta1.Ingress), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/networkpolicy.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/networkpolicy.go deleted file mode 100644 index 84419a8e96..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/networkpolicy.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/extensions/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// NetworkPolicyLister helps list NetworkPolicies. -// All objects returned here must be treated as read-only. -type NetworkPolicyLister interface { - // List lists all NetworkPolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.NetworkPolicy, err error) - // NetworkPolicies returns an object that can list and get NetworkPolicies. - NetworkPolicies(namespace string) NetworkPolicyNamespaceLister - NetworkPolicyListerExpansion -} - -// networkPolicyLister implements the NetworkPolicyLister interface. -type networkPolicyLister struct { - indexer cache.Indexer -} - -// NewNetworkPolicyLister returns a new NetworkPolicyLister. -func NewNetworkPolicyLister(indexer cache.Indexer) NetworkPolicyLister { - return &networkPolicyLister{indexer: indexer} -} - -// List lists all NetworkPolicies in the indexer. -func (s *networkPolicyLister) List(selector labels.Selector) (ret []*v1beta1.NetworkPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.NetworkPolicy)) - }) - return ret, err -} - -// NetworkPolicies returns an object that can list and get NetworkPolicies. -func (s *networkPolicyLister) NetworkPolicies(namespace string) NetworkPolicyNamespaceLister { - return networkPolicyNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// NetworkPolicyNamespaceLister helps list and get NetworkPolicies. -// All objects returned here must be treated as read-only. -type NetworkPolicyNamespaceLister interface { - // List lists all NetworkPolicies in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.NetworkPolicy, err error) - // Get retrieves the NetworkPolicy from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.NetworkPolicy, error) - NetworkPolicyNamespaceListerExpansion -} - -// networkPolicyNamespaceLister implements the NetworkPolicyNamespaceLister -// interface. -type networkPolicyNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all NetworkPolicies in the indexer for a given namespace. -func (s networkPolicyNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.NetworkPolicy, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.NetworkPolicy)) - }) - return ret, err -} - -// Get retrieves the NetworkPolicy from the indexer for a given namespace and name. -func (s networkPolicyNamespaceLister) Get(name string) (*v1beta1.NetworkPolicy, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("networkpolicy"), name) - } - return obj.(*v1beta1.NetworkPolicy), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/podsecuritypolicy.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/podsecuritypolicy.go deleted file mode 100644 index 5f6a8c0360..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/podsecuritypolicy.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/extensions/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PodSecurityPolicyLister helps list PodSecurityPolicies. -// All objects returned here must be treated as read-only. -type PodSecurityPolicyLister interface { - // List lists all PodSecurityPolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error) - // Get retrieves the PodSecurityPolicy from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.PodSecurityPolicy, error) - PodSecurityPolicyListerExpansion -} - -// podSecurityPolicyLister implements the PodSecurityPolicyLister interface. -type podSecurityPolicyLister struct { - indexer cache.Indexer -} - -// NewPodSecurityPolicyLister returns a new PodSecurityPolicyLister. -func NewPodSecurityPolicyLister(indexer cache.Indexer) PodSecurityPolicyLister { - return &podSecurityPolicyLister{indexer: indexer} -} - -// List lists all PodSecurityPolicies in the indexer. -func (s *podSecurityPolicyLister) List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PodSecurityPolicy)) - }) - return ret, err -} - -// Get retrieves the PodSecurityPolicy from the index for a given name. -func (s *podSecurityPolicyLister) Get(name string) (*v1beta1.PodSecurityPolicy, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("podsecuritypolicy"), name) - } - return obj.(*v1beta1.PodSecurityPolicy), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/replicaset.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/replicaset.go deleted file mode 100644 index a5ec3229bc..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/replicaset.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/extensions/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ReplicaSetLister helps list ReplicaSets. -// All objects returned here must be treated as read-only. -type ReplicaSetLister interface { - // List lists all ReplicaSets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ReplicaSet, err error) - // ReplicaSets returns an object that can list and get ReplicaSets. - ReplicaSets(namespace string) ReplicaSetNamespaceLister - ReplicaSetListerExpansion -} - -// replicaSetLister implements the ReplicaSetLister interface. -type replicaSetLister struct { - indexer cache.Indexer -} - -// NewReplicaSetLister returns a new ReplicaSetLister. -func NewReplicaSetLister(indexer cache.Indexer) ReplicaSetLister { - return &replicaSetLister{indexer: indexer} -} - -// List lists all ReplicaSets in the indexer. -func (s *replicaSetLister) List(selector labels.Selector) (ret []*v1beta1.ReplicaSet, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.ReplicaSet)) - }) - return ret, err -} - -// ReplicaSets returns an object that can list and get ReplicaSets. -func (s *replicaSetLister) ReplicaSets(namespace string) ReplicaSetNamespaceLister { - return replicaSetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ReplicaSetNamespaceLister helps list and get ReplicaSets. -// All objects returned here must be treated as read-only. -type ReplicaSetNamespaceLister interface { - // List lists all ReplicaSets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ReplicaSet, err error) - // Get retrieves the ReplicaSet from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.ReplicaSet, error) - ReplicaSetNamespaceListerExpansion -} - -// replicaSetNamespaceLister implements the ReplicaSetNamespaceLister -// interface. -type replicaSetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ReplicaSets in the indexer for a given namespace. -func (s replicaSetNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.ReplicaSet, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.ReplicaSet)) - }) - return ret, err -} - -// Get retrieves the ReplicaSet from the indexer for a given namespace and name. -func (s replicaSetNamespaceLister) Get(name string) (*v1beta1.ReplicaSet, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("replicaset"), name) - } - return obj.(*v1beta1.ReplicaSet), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/replicaset_expansion.go b/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/replicaset_expansion.go deleted file mode 100644 index 74114c2bd7..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/extensions/v1beta1/replicaset_expansion.go +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - "k8s.io/api/core/v1" - extensions "k8s.io/api/extensions/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// ReplicaSetListerExpansion allows custom methods to be added to -// ReplicaSetLister. -type ReplicaSetListerExpansion interface { - GetPodReplicaSets(pod *v1.Pod) ([]*extensions.ReplicaSet, error) -} - -// ReplicaSetNamespaceListerExpansion allows custom methods to be added to -// ReplicaSetNamespaceLister. -type ReplicaSetNamespaceListerExpansion interface{} - -// GetPodReplicaSets returns a list of ReplicaSets that potentially match a pod. -// Only the one specified in the Pod's ControllerRef will actually manage it. -// Returns an error only if no matching ReplicaSets are found. -func (s *replicaSetLister) GetPodReplicaSets(pod *v1.Pod) ([]*extensions.ReplicaSet, error) { - if len(pod.Labels) == 0 { - return nil, fmt.Errorf("no ReplicaSets found for pod %v because it has no labels", pod.Name) - } - - list, err := s.ReplicaSets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var rss []*extensions.ReplicaSet - for _, rs := range list { - if rs.Namespace != pod.Namespace { - continue - } - selector, err := metav1.LabelSelectorAsSelector(rs.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a ReplicaSet with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - rss = append(rss, rs) - } - - if len(rss) == 0 { - return nil, fmt.Errorf("could not find ReplicaSet for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return rss, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/expansion_generated.go deleted file mode 100644 index 3e74051681..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// FlowSchemaListerExpansion allows custom methods to be added to -// FlowSchemaLister. -type FlowSchemaListerExpansion interface{} - -// PriorityLevelConfigurationListerExpansion allows custom methods to be added to -// PriorityLevelConfigurationLister. -type PriorityLevelConfigurationListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/flowschema.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/flowschema.go deleted file mode 100644 index c8a595cd29..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/flowschema.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// FlowSchemaLister helps list FlowSchemas. -// All objects returned here must be treated as read-only. -type FlowSchemaLister interface { - // List lists all FlowSchemas in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.FlowSchema, err error) - // Get retrieves the FlowSchema from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.FlowSchema, error) - FlowSchemaListerExpansion -} - -// flowSchemaLister implements the FlowSchemaLister interface. -type flowSchemaLister struct { - indexer cache.Indexer -} - -// NewFlowSchemaLister returns a new FlowSchemaLister. -func NewFlowSchemaLister(indexer cache.Indexer) FlowSchemaLister { - return &flowSchemaLister{indexer: indexer} -} - -// List lists all FlowSchemas in the indexer. -func (s *flowSchemaLister) List(selector labels.Selector) (ret []*v1alpha1.FlowSchema, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.FlowSchema)) - }) - return ret, err -} - -// Get retrieves the FlowSchema from the index for a given name. -func (s *flowSchemaLister) Get(name string) (*v1alpha1.FlowSchema, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("flowschema"), name) - } - return obj.(*v1alpha1.FlowSchema), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/prioritylevelconfiguration.go deleted file mode 100644 index daa4ff31d9..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1alpha1/prioritylevelconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationLister helps list PriorityLevelConfigurations. -// All objects returned here must be treated as read-only. -type PriorityLevelConfigurationLister interface { - // List lists all PriorityLevelConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.PriorityLevelConfiguration, err error) - // Get retrieves the PriorityLevelConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.PriorityLevelConfiguration, error) - PriorityLevelConfigurationListerExpansion -} - -// priorityLevelConfigurationLister implements the PriorityLevelConfigurationLister interface. -type priorityLevelConfigurationLister struct { - indexer cache.Indexer -} - -// NewPriorityLevelConfigurationLister returns a new PriorityLevelConfigurationLister. -func NewPriorityLevelConfigurationLister(indexer cache.Indexer) PriorityLevelConfigurationLister { - return &priorityLevelConfigurationLister{indexer: indexer} -} - -// List lists all PriorityLevelConfigurations in the indexer. -func (s *priorityLevelConfigurationLister) List(selector labels.Selector) (ret []*v1alpha1.PriorityLevelConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PriorityLevelConfiguration)) - }) - return ret, err -} - -// Get retrieves the PriorityLevelConfiguration from the index for a given name. -func (s *priorityLevelConfigurationLister) Get(name string) (*v1alpha1.PriorityLevelConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("prioritylevelconfiguration"), name) - } - return obj.(*v1alpha1.PriorityLevelConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/expansion_generated.go deleted file mode 100644 index c674e951e0..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// FlowSchemaListerExpansion allows custom methods to be added to -// FlowSchemaLister. -type FlowSchemaListerExpansion interface{} - -// PriorityLevelConfigurationListerExpansion allows custom methods to be added to -// PriorityLevelConfigurationLister. -type PriorityLevelConfigurationListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/flowschema.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/flowschema.go deleted file mode 100644 index 7927a8411e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/flowschema.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/flowcontrol/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// FlowSchemaLister helps list FlowSchemas. -// All objects returned here must be treated as read-only. -type FlowSchemaLister interface { - // List lists all FlowSchemas in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.FlowSchema, err error) - // Get retrieves the FlowSchema from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.FlowSchema, error) - FlowSchemaListerExpansion -} - -// flowSchemaLister implements the FlowSchemaLister interface. -type flowSchemaLister struct { - indexer cache.Indexer -} - -// NewFlowSchemaLister returns a new FlowSchemaLister. -func NewFlowSchemaLister(indexer cache.Indexer) FlowSchemaLister { - return &flowSchemaLister{indexer: indexer} -} - -// List lists all FlowSchemas in the indexer. -func (s *flowSchemaLister) List(selector labels.Selector) (ret []*v1beta1.FlowSchema, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.FlowSchema)) - }) - return ret, err -} - -// Get retrieves the FlowSchema from the index for a given name. -func (s *flowSchemaLister) Get(name string) (*v1beta1.FlowSchema, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("flowschema"), name) - } - return obj.(*v1beta1.FlowSchema), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/prioritylevelconfiguration.go deleted file mode 100644 index c94aaa4c1d..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta1/prioritylevelconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/flowcontrol/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationLister helps list PriorityLevelConfigurations. -// All objects returned here must be treated as read-only. -type PriorityLevelConfigurationLister interface { - // List lists all PriorityLevelConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PriorityLevelConfiguration, err error) - // Get retrieves the PriorityLevelConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.PriorityLevelConfiguration, error) - PriorityLevelConfigurationListerExpansion -} - -// priorityLevelConfigurationLister implements the PriorityLevelConfigurationLister interface. -type priorityLevelConfigurationLister struct { - indexer cache.Indexer -} - -// NewPriorityLevelConfigurationLister returns a new PriorityLevelConfigurationLister. -func NewPriorityLevelConfigurationLister(indexer cache.Indexer) PriorityLevelConfigurationLister { - return &priorityLevelConfigurationLister{indexer: indexer} -} - -// List lists all PriorityLevelConfigurations in the indexer. -func (s *priorityLevelConfigurationLister) List(selector labels.Selector) (ret []*v1beta1.PriorityLevelConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PriorityLevelConfiguration)) - }) - return ret, err -} - -// Get retrieves the PriorityLevelConfiguration from the index for a given name. -func (s *priorityLevelConfigurationLister) Get(name string) (*v1beta1.PriorityLevelConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("prioritylevelconfiguration"), name) - } - return obj.(*v1beta1.PriorityLevelConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/expansion_generated.go deleted file mode 100644 index b658de6549..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -// FlowSchemaListerExpansion allows custom methods to be added to -// FlowSchemaLister. -type FlowSchemaListerExpansion interface{} - -// PriorityLevelConfigurationListerExpansion allows custom methods to be added to -// PriorityLevelConfigurationLister. -type PriorityLevelConfigurationListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/flowschema.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/flowschema.go deleted file mode 100644 index 2710f26306..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/flowschema.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/flowcontrol/v1beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// FlowSchemaLister helps list FlowSchemas. -// All objects returned here must be treated as read-only. -type FlowSchemaLister interface { - // List lists all FlowSchemas in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.FlowSchema, err error) - // Get retrieves the FlowSchema from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.FlowSchema, error) - FlowSchemaListerExpansion -} - -// flowSchemaLister implements the FlowSchemaLister interface. -type flowSchemaLister struct { - indexer cache.Indexer -} - -// NewFlowSchemaLister returns a new FlowSchemaLister. -func NewFlowSchemaLister(indexer cache.Indexer) FlowSchemaLister { - return &flowSchemaLister{indexer: indexer} -} - -// List lists all FlowSchemas in the indexer. -func (s *flowSchemaLister) List(selector labels.Selector) (ret []*v1beta2.FlowSchema, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.FlowSchema)) - }) - return ret, err -} - -// Get retrieves the FlowSchema from the index for a given name. -func (s *flowSchemaLister) Get(name string) (*v1beta2.FlowSchema, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("flowschema"), name) - } - return obj.(*v1beta2.FlowSchema), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/prioritylevelconfiguration.go deleted file mode 100644 index 00ede00709..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta2/prioritylevelconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/flowcontrol/v1beta2" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationLister helps list PriorityLevelConfigurations. -// All objects returned here must be treated as read-only. -type PriorityLevelConfigurationLister interface { - // List lists all PriorityLevelConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta2.PriorityLevelConfiguration, err error) - // Get retrieves the PriorityLevelConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta2.PriorityLevelConfiguration, error) - PriorityLevelConfigurationListerExpansion -} - -// priorityLevelConfigurationLister implements the PriorityLevelConfigurationLister interface. -type priorityLevelConfigurationLister struct { - indexer cache.Indexer -} - -// NewPriorityLevelConfigurationLister returns a new PriorityLevelConfigurationLister. -func NewPriorityLevelConfigurationLister(indexer cache.Indexer) PriorityLevelConfigurationLister { - return &priorityLevelConfigurationLister{indexer: indexer} -} - -// List lists all PriorityLevelConfigurations in the indexer. -func (s *priorityLevelConfigurationLister) List(selector labels.Selector) (ret []*v1beta2.PriorityLevelConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta2.PriorityLevelConfiguration)) - }) - return ret, err -} - -// Get retrieves the PriorityLevelConfiguration from the index for a given name. -func (s *priorityLevelConfigurationLister) Get(name string) (*v1beta2.PriorityLevelConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta2.Resource("prioritylevelconfiguration"), name) - } - return obj.(*v1beta2.PriorityLevelConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/expansion_generated.go deleted file mode 100644 index 5c14f337b7..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta3 - -// FlowSchemaListerExpansion allows custom methods to be added to -// FlowSchemaLister. -type FlowSchemaListerExpansion interface{} - -// PriorityLevelConfigurationListerExpansion allows custom methods to be added to -// PriorityLevelConfigurationLister. -type PriorityLevelConfigurationListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/flowschema.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/flowschema.go deleted file mode 100644 index ef01b5a76e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/flowschema.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta3 - -import ( - v1beta3 "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// FlowSchemaLister helps list FlowSchemas. -// All objects returned here must be treated as read-only. -type FlowSchemaLister interface { - // List lists all FlowSchemas in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta3.FlowSchema, err error) - // Get retrieves the FlowSchema from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta3.FlowSchema, error) - FlowSchemaListerExpansion -} - -// flowSchemaLister implements the FlowSchemaLister interface. -type flowSchemaLister struct { - indexer cache.Indexer -} - -// NewFlowSchemaLister returns a new FlowSchemaLister. -func NewFlowSchemaLister(indexer cache.Indexer) FlowSchemaLister { - return &flowSchemaLister{indexer: indexer} -} - -// List lists all FlowSchemas in the indexer. -func (s *flowSchemaLister) List(selector labels.Selector) (ret []*v1beta3.FlowSchema, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta3.FlowSchema)) - }) - return ret, err -} - -// Get retrieves the FlowSchema from the index for a given name. -func (s *flowSchemaLister) Get(name string) (*v1beta3.FlowSchema, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta3.Resource("flowschema"), name) - } - return obj.(*v1beta3.FlowSchema), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/prioritylevelconfiguration.go deleted file mode 100644 index d05613949f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/flowcontrol/v1beta3/prioritylevelconfiguration.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta3 - -import ( - v1beta3 "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PriorityLevelConfigurationLister helps list PriorityLevelConfigurations. -// All objects returned here must be treated as read-only. -type PriorityLevelConfigurationLister interface { - // List lists all PriorityLevelConfigurations in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta3.PriorityLevelConfiguration, err error) - // Get retrieves the PriorityLevelConfiguration from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta3.PriorityLevelConfiguration, error) - PriorityLevelConfigurationListerExpansion -} - -// priorityLevelConfigurationLister implements the PriorityLevelConfigurationLister interface. -type priorityLevelConfigurationLister struct { - indexer cache.Indexer -} - -// NewPriorityLevelConfigurationLister returns a new PriorityLevelConfigurationLister. -func NewPriorityLevelConfigurationLister(indexer cache.Indexer) PriorityLevelConfigurationLister { - return &priorityLevelConfigurationLister{indexer: indexer} -} - -// List lists all PriorityLevelConfigurations in the indexer. -func (s *priorityLevelConfigurationLister) List(selector labels.Selector) (ret []*v1beta3.PriorityLevelConfiguration, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta3.PriorityLevelConfiguration)) - }) - return ret, err -} - -// Get retrieves the PriorityLevelConfiguration from the index for a given name. -func (s *priorityLevelConfigurationLister) Get(name string) (*v1beta3.PriorityLevelConfiguration, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta3.Resource("prioritylevelconfiguration"), name) - } - return obj.(*v1beta3.PriorityLevelConfiguration), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1/expansion_generated.go deleted file mode 100644 index a380c2418f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1/expansion_generated.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// IngressListerExpansion allows custom methods to be added to -// IngressLister. -type IngressListerExpansion interface{} - -// IngressNamespaceListerExpansion allows custom methods to be added to -// IngressNamespaceLister. -type IngressNamespaceListerExpansion interface{} - -// IngressClassListerExpansion allows custom methods to be added to -// IngressClassLister. -type IngressClassListerExpansion interface{} - -// NetworkPolicyListerExpansion allows custom methods to be added to -// NetworkPolicyLister. -type NetworkPolicyListerExpansion interface{} - -// NetworkPolicyNamespaceListerExpansion allows custom methods to be added to -// NetworkPolicyNamespaceLister. -type NetworkPolicyNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1/ingress.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1/ingress.go deleted file mode 100644 index 0f49d4f572..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1/ingress.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// IngressLister helps list Ingresses. -// All objects returned here must be treated as read-only. -type IngressLister interface { - // List lists all Ingresses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Ingress, err error) - // Ingresses returns an object that can list and get Ingresses. - Ingresses(namespace string) IngressNamespaceLister - IngressListerExpansion -} - -// ingressLister implements the IngressLister interface. -type ingressLister struct { - indexer cache.Indexer -} - -// NewIngressLister returns a new IngressLister. -func NewIngressLister(indexer cache.Indexer) IngressLister { - return &ingressLister{indexer: indexer} -} - -// List lists all Ingresses in the indexer. -func (s *ingressLister) List(selector labels.Selector) (ret []*v1.Ingress, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Ingress)) - }) - return ret, err -} - -// Ingresses returns an object that can list and get Ingresses. -func (s *ingressLister) Ingresses(namespace string) IngressNamespaceLister { - return ingressNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// IngressNamespaceLister helps list and get Ingresses. -// All objects returned here must be treated as read-only. -type IngressNamespaceLister interface { - // List lists all Ingresses in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Ingress, err error) - // Get retrieves the Ingress from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Ingress, error) - IngressNamespaceListerExpansion -} - -// ingressNamespaceLister implements the IngressNamespaceLister -// interface. -type ingressNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Ingresses in the indexer for a given namespace. -func (s ingressNamespaceLister) List(selector labels.Selector) (ret []*v1.Ingress, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Ingress)) - }) - return ret, err -} - -// Get retrieves the Ingress from the indexer for a given namespace and name. -func (s ingressNamespaceLister) Get(name string) (*v1.Ingress, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("ingress"), name) - } - return obj.(*v1.Ingress), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1/ingressclass.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1/ingressclass.go deleted file mode 100644 index 1480cb13fd..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1/ingressclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// IngressClassLister helps list IngressClasses. -// All objects returned here must be treated as read-only. -type IngressClassLister interface { - // List lists all IngressClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.IngressClass, err error) - // Get retrieves the IngressClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.IngressClass, error) - IngressClassListerExpansion -} - -// ingressClassLister implements the IngressClassLister interface. -type ingressClassLister struct { - indexer cache.Indexer -} - -// NewIngressClassLister returns a new IngressClassLister. -func NewIngressClassLister(indexer cache.Indexer) IngressClassLister { - return &ingressClassLister{indexer: indexer} -} - -// List lists all IngressClasses in the indexer. -func (s *ingressClassLister) List(selector labels.Selector) (ret []*v1.IngressClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.IngressClass)) - }) - return ret, err -} - -// Get retrieves the IngressClass from the index for a given name. -func (s *ingressClassLister) Get(name string) (*v1.IngressClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("ingressclass"), name) - } - return obj.(*v1.IngressClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1/networkpolicy.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1/networkpolicy.go deleted file mode 100644 index 34cabf0577..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1/networkpolicy.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// NetworkPolicyLister helps list NetworkPolicies. -// All objects returned here must be treated as read-only. -type NetworkPolicyLister interface { - // List lists all NetworkPolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.NetworkPolicy, err error) - // NetworkPolicies returns an object that can list and get NetworkPolicies. - NetworkPolicies(namespace string) NetworkPolicyNamespaceLister - NetworkPolicyListerExpansion -} - -// networkPolicyLister implements the NetworkPolicyLister interface. -type networkPolicyLister struct { - indexer cache.Indexer -} - -// NewNetworkPolicyLister returns a new NetworkPolicyLister. -func NewNetworkPolicyLister(indexer cache.Indexer) NetworkPolicyLister { - return &networkPolicyLister{indexer: indexer} -} - -// List lists all NetworkPolicies in the indexer. -func (s *networkPolicyLister) List(selector labels.Selector) (ret []*v1.NetworkPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.NetworkPolicy)) - }) - return ret, err -} - -// NetworkPolicies returns an object that can list and get NetworkPolicies. -func (s *networkPolicyLister) NetworkPolicies(namespace string) NetworkPolicyNamespaceLister { - return networkPolicyNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// NetworkPolicyNamespaceLister helps list and get NetworkPolicies. -// All objects returned here must be treated as read-only. -type NetworkPolicyNamespaceLister interface { - // List lists all NetworkPolicies in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.NetworkPolicy, err error) - // Get retrieves the NetworkPolicy from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.NetworkPolicy, error) - NetworkPolicyNamespaceListerExpansion -} - -// networkPolicyNamespaceLister implements the NetworkPolicyNamespaceLister -// interface. -type networkPolicyNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all NetworkPolicies in the indexer for a given namespace. -func (s networkPolicyNamespaceLister) List(selector labels.Selector) (ret []*v1.NetworkPolicy, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.NetworkPolicy)) - }) - return ret, err -} - -// Get retrieves the NetworkPolicy from the indexer for a given namespace and name. -func (s networkPolicyNamespaceLister) Get(name string) (*v1.NetworkPolicy, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("networkpolicy"), name) - } - return obj.(*v1.NetworkPolicy), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1alpha1/clustercidr.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1alpha1/clustercidr.go deleted file mode 100644 index dca9d7bf0c..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1alpha1/clustercidr.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/networking/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterCIDRLister helps list ClusterCIDRs. -// All objects returned here must be treated as read-only. -type ClusterCIDRLister interface { - // List lists all ClusterCIDRs in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ClusterCIDR, err error) - // Get retrieves the ClusterCIDR from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ClusterCIDR, error) - ClusterCIDRListerExpansion -} - -// clusterCIDRLister implements the ClusterCIDRLister interface. -type clusterCIDRLister struct { - indexer cache.Indexer -} - -// NewClusterCIDRLister returns a new ClusterCIDRLister. -func NewClusterCIDRLister(indexer cache.Indexer) ClusterCIDRLister { - return &clusterCIDRLister{indexer: indexer} -} - -// List lists all ClusterCIDRs in the indexer. -func (s *clusterCIDRLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterCIDR, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ClusterCIDR)) - }) - return ret, err -} - -// Get retrieves the ClusterCIDR from the index for a given name. -func (s *clusterCIDRLister) Get(name string) (*v1alpha1.ClusterCIDR, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("clustercidr"), name) - } - return obj.(*v1alpha1.ClusterCIDR), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1alpha1/expansion_generated.go deleted file mode 100644 index cdc328231a..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// ClusterCIDRListerExpansion allows custom methods to be added to -// ClusterCIDRLister. -type ClusterCIDRListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/expansion_generated.go deleted file mode 100644 index d8c99c186e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/expansion_generated.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// IngressListerExpansion allows custom methods to be added to -// IngressLister. -type IngressListerExpansion interface{} - -// IngressNamespaceListerExpansion allows custom methods to be added to -// IngressNamespaceLister. -type IngressNamespaceListerExpansion interface{} - -// IngressClassListerExpansion allows custom methods to be added to -// IngressClassLister. -type IngressClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/ingress.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/ingress.go deleted file mode 100644 index b8f4d35580..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/ingress.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/networking/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// IngressLister helps list Ingresses. -// All objects returned here must be treated as read-only. -type IngressLister interface { - // List lists all Ingresses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) - // Ingresses returns an object that can list and get Ingresses. - Ingresses(namespace string) IngressNamespaceLister - IngressListerExpansion -} - -// ingressLister implements the IngressLister interface. -type ingressLister struct { - indexer cache.Indexer -} - -// NewIngressLister returns a new IngressLister. -func NewIngressLister(indexer cache.Indexer) IngressLister { - return &ingressLister{indexer: indexer} -} - -// List lists all Ingresses in the indexer. -func (s *ingressLister) List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Ingress)) - }) - return ret, err -} - -// Ingresses returns an object that can list and get Ingresses. -func (s *ingressLister) Ingresses(namespace string) IngressNamespaceLister { - return ingressNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// IngressNamespaceLister helps list and get Ingresses. -// All objects returned here must be treated as read-only. -type IngressNamespaceLister interface { - // List lists all Ingresses in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) - // Get retrieves the Ingress from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Ingress, error) - IngressNamespaceListerExpansion -} - -// ingressNamespaceLister implements the IngressNamespaceLister -// interface. -type ingressNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Ingresses in the indexer for a given namespace. -func (s ingressNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Ingress, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Ingress)) - }) - return ret, err -} - -// Get retrieves the Ingress from the indexer for a given namespace and name. -func (s ingressNamespaceLister) Get(name string) (*v1beta1.Ingress, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("ingress"), name) - } - return obj.(*v1beta1.Ingress), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/ingressclass.go b/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/ingressclass.go deleted file mode 100644 index ebcd6ba85b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/networking/v1beta1/ingressclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/networking/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// IngressClassLister helps list IngressClasses. -// All objects returned here must be treated as read-only. -type IngressClassLister interface { - // List lists all IngressClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.IngressClass, err error) - // Get retrieves the IngressClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.IngressClass, error) - IngressClassListerExpansion -} - -// ingressClassLister implements the IngressClassLister interface. -type ingressClassLister struct { - indexer cache.Indexer -} - -// NewIngressClassLister returns a new IngressClassLister. -func NewIngressClassLister(indexer cache.Indexer) IngressClassLister { - return &ingressClassLister{indexer: indexer} -} - -// List lists all IngressClasses in the indexer. -func (s *ingressClassLister) List(selector labels.Selector) (ret []*v1beta1.IngressClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.IngressClass)) - }) - return ret, err -} - -// Get retrieves the IngressClass from the index for a given name. -func (s *ingressClassLister) Get(name string) (*v1beta1.IngressClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("ingressclass"), name) - } - return obj.(*v1beta1.IngressClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/node/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/node/v1/expansion_generated.go deleted file mode 100644 index 4f010b87c3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/node/v1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// RuntimeClassListerExpansion allows custom methods to be added to -// RuntimeClassLister. -type RuntimeClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/node/v1/runtimeclass.go b/etcd/vendor/k8s.io/client-go/listers/node/v1/runtimeclass.go deleted file mode 100644 index 6e00cf1a59..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/node/v1/runtimeclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/node/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RuntimeClassLister helps list RuntimeClasses. -// All objects returned here must be treated as read-only. -type RuntimeClassLister interface { - // List lists all RuntimeClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.RuntimeClass, err error) - // Get retrieves the RuntimeClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.RuntimeClass, error) - RuntimeClassListerExpansion -} - -// runtimeClassLister implements the RuntimeClassLister interface. -type runtimeClassLister struct { - indexer cache.Indexer -} - -// NewRuntimeClassLister returns a new RuntimeClassLister. -func NewRuntimeClassLister(indexer cache.Indexer) RuntimeClassLister { - return &runtimeClassLister{indexer: indexer} -} - -// List lists all RuntimeClasses in the indexer. -func (s *runtimeClassLister) List(selector labels.Selector) (ret []*v1.RuntimeClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.RuntimeClass)) - }) - return ret, err -} - -// Get retrieves the RuntimeClass from the index for a given name. -func (s *runtimeClassLister) Get(name string) (*v1.RuntimeClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("runtimeclass"), name) - } - return obj.(*v1.RuntimeClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/node/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/node/v1alpha1/expansion_generated.go deleted file mode 100644 index a65c208fac..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/node/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// RuntimeClassListerExpansion allows custom methods to be added to -// RuntimeClassLister. -type RuntimeClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/node/v1alpha1/runtimeclass.go b/etcd/vendor/k8s.io/client-go/listers/node/v1alpha1/runtimeclass.go deleted file mode 100644 index 31f3357990..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/node/v1alpha1/runtimeclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/node/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RuntimeClassLister helps list RuntimeClasses. -// All objects returned here must be treated as read-only. -type RuntimeClassLister interface { - // List lists all RuntimeClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.RuntimeClass, err error) - // Get retrieves the RuntimeClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.RuntimeClass, error) - RuntimeClassListerExpansion -} - -// runtimeClassLister implements the RuntimeClassLister interface. -type runtimeClassLister struct { - indexer cache.Indexer -} - -// NewRuntimeClassLister returns a new RuntimeClassLister. -func NewRuntimeClassLister(indexer cache.Indexer) RuntimeClassLister { - return &runtimeClassLister{indexer: indexer} -} - -// List lists all RuntimeClasses in the indexer. -func (s *runtimeClassLister) List(selector labels.Selector) (ret []*v1alpha1.RuntimeClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.RuntimeClass)) - }) - return ret, err -} - -// Get retrieves the RuntimeClass from the index for a given name. -func (s *runtimeClassLister) Get(name string) (*v1alpha1.RuntimeClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("runtimeclass"), name) - } - return obj.(*v1alpha1.RuntimeClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/node/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/node/v1beta1/expansion_generated.go deleted file mode 100644 index a6744055ce..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/node/v1beta1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// RuntimeClassListerExpansion allows custom methods to be added to -// RuntimeClassLister. -type RuntimeClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/node/v1beta1/runtimeclass.go b/etcd/vendor/k8s.io/client-go/listers/node/v1beta1/runtimeclass.go deleted file mode 100644 index 7dbd6ab268..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/node/v1beta1/runtimeclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/node/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RuntimeClassLister helps list RuntimeClasses. -// All objects returned here must be treated as read-only. -type RuntimeClassLister interface { - // List lists all RuntimeClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.RuntimeClass, err error) - // Get retrieves the RuntimeClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.RuntimeClass, error) - RuntimeClassListerExpansion -} - -// runtimeClassLister implements the RuntimeClassLister interface. -type runtimeClassLister struct { - indexer cache.Indexer -} - -// NewRuntimeClassLister returns a new RuntimeClassLister. -func NewRuntimeClassLister(indexer cache.Indexer) RuntimeClassLister { - return &runtimeClassLister{indexer: indexer} -} - -// List lists all RuntimeClasses in the indexer. -func (s *runtimeClassLister) List(selector labels.Selector) (ret []*v1beta1.RuntimeClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.RuntimeClass)) - }) - return ret, err -} - -// Get retrieves the RuntimeClass from the index for a given name. -func (s *runtimeClassLister) Get(name string) (*v1beta1.RuntimeClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("runtimeclass"), name) - } - return obj.(*v1beta1.RuntimeClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1/eviction.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1/eviction.go deleted file mode 100644 index dc5ffa0740..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1/eviction.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/policy/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EvictionLister helps list Evictions. -// All objects returned here must be treated as read-only. -type EvictionLister interface { - // List lists all Evictions in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Eviction, err error) - // Evictions returns an object that can list and get Evictions. - Evictions(namespace string) EvictionNamespaceLister - EvictionListerExpansion -} - -// evictionLister implements the EvictionLister interface. -type evictionLister struct { - indexer cache.Indexer -} - -// NewEvictionLister returns a new EvictionLister. -func NewEvictionLister(indexer cache.Indexer) EvictionLister { - return &evictionLister{indexer: indexer} -} - -// List lists all Evictions in the indexer. -func (s *evictionLister) List(selector labels.Selector) (ret []*v1.Eviction, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Eviction)) - }) - return ret, err -} - -// Evictions returns an object that can list and get Evictions. -func (s *evictionLister) Evictions(namespace string) EvictionNamespaceLister { - return evictionNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EvictionNamespaceLister helps list and get Evictions. -// All objects returned here must be treated as read-only. -type EvictionNamespaceLister interface { - // List lists all Evictions in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Eviction, err error) - // Get retrieves the Eviction from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Eviction, error) - EvictionNamespaceListerExpansion -} - -// evictionNamespaceLister implements the EvictionNamespaceLister -// interface. -type evictionNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Evictions in the indexer for a given namespace. -func (s evictionNamespaceLister) List(selector labels.Selector) (ret []*v1.Eviction, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Eviction)) - }) - return ret, err -} - -// Get retrieves the Eviction from the indexer for a given namespace and name. -func (s evictionNamespaceLister) Get(name string) (*v1.Eviction, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("eviction"), name) - } - return obj.(*v1.Eviction), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1/expansion_generated.go deleted file mode 100644 index 8e2d55a911..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1/expansion_generated.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// EvictionListerExpansion allows custom methods to be added to -// EvictionLister. -type EvictionListerExpansion interface{} - -// EvictionNamespaceListerExpansion allows custom methods to be added to -// EvictionNamespaceLister. -type EvictionNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1/poddisruptionbudget.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1/poddisruptionbudget.go deleted file mode 100644 index 8470d38bb2..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1/poddisruptionbudget.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/policy/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PodDisruptionBudgetLister helps list PodDisruptionBudgets. -// All objects returned here must be treated as read-only. -type PodDisruptionBudgetLister interface { - // List lists all PodDisruptionBudgets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PodDisruptionBudget, err error) - // PodDisruptionBudgets returns an object that can list and get PodDisruptionBudgets. - PodDisruptionBudgets(namespace string) PodDisruptionBudgetNamespaceLister - PodDisruptionBudgetListerExpansion -} - -// podDisruptionBudgetLister implements the PodDisruptionBudgetLister interface. -type podDisruptionBudgetLister struct { - indexer cache.Indexer -} - -// NewPodDisruptionBudgetLister returns a new PodDisruptionBudgetLister. -func NewPodDisruptionBudgetLister(indexer cache.Indexer) PodDisruptionBudgetLister { - return &podDisruptionBudgetLister{indexer: indexer} -} - -// List lists all PodDisruptionBudgets in the indexer. -func (s *podDisruptionBudgetLister) List(selector labels.Selector) (ret []*v1.PodDisruptionBudget, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PodDisruptionBudget)) - }) - return ret, err -} - -// PodDisruptionBudgets returns an object that can list and get PodDisruptionBudgets. -func (s *podDisruptionBudgetLister) PodDisruptionBudgets(namespace string) PodDisruptionBudgetNamespaceLister { - return podDisruptionBudgetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PodDisruptionBudgetNamespaceLister helps list and get PodDisruptionBudgets. -// All objects returned here must be treated as read-only. -type PodDisruptionBudgetNamespaceLister interface { - // List lists all PodDisruptionBudgets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PodDisruptionBudget, err error) - // Get retrieves the PodDisruptionBudget from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.PodDisruptionBudget, error) - PodDisruptionBudgetNamespaceListerExpansion -} - -// podDisruptionBudgetNamespaceLister implements the PodDisruptionBudgetNamespaceLister -// interface. -type podDisruptionBudgetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodDisruptionBudgets in the indexer for a given namespace. -func (s podDisruptionBudgetNamespaceLister) List(selector labels.Selector) (ret []*v1.PodDisruptionBudget, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PodDisruptionBudget)) - }) - return ret, err -} - -// Get retrieves the PodDisruptionBudget from the indexer for a given namespace and name. -func (s podDisruptionBudgetNamespaceLister) Get(name string) (*v1.PodDisruptionBudget, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("poddisruptionbudget"), name) - } - return obj.(*v1.PodDisruptionBudget), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1/poddisruptionbudget_expansion.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1/poddisruptionbudget_expansion.go deleted file mode 100644 index 115ee3f004..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1/poddisruptionbudget_expansion.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - "k8s.io/api/core/v1" - policy "k8s.io/api/policy/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// PodDisruptionBudgetListerExpansion allows custom methods to be added to -// PodDisruptionBudgetLister. -type PodDisruptionBudgetListerExpansion interface { - GetPodPodDisruptionBudgets(pod *v1.Pod) ([]*policy.PodDisruptionBudget, error) -} - -// PodDisruptionBudgetNamespaceListerExpansion allows custom methods to be added to -// PodDisruptionBudgetNamespaceLister. -type PodDisruptionBudgetNamespaceListerExpansion interface{} - -// GetPodPodDisruptionBudgets returns a list of PodDisruptionBudgets matching a pod. -func (s *podDisruptionBudgetLister) GetPodPodDisruptionBudgets(pod *v1.Pod) ([]*policy.PodDisruptionBudget, error) { - var selector labels.Selector - - list, err := s.PodDisruptionBudgets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var pdbList []*policy.PodDisruptionBudget - for i := range list { - pdb := list[i] - selector, err = metav1.LabelSelectorAsSelector(pdb.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // Unlike the v1beta version, here we let an empty selector match everything. - if !selector.Matches(labels.Set(pod.Labels)) { - continue - } - pdbList = append(pdbList, pdb) - } - - if len(pdbList) == 0 { - return nil, fmt.Errorf("could not find PodDisruptionBudget for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return pdbList, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/eviction.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/eviction.go deleted file mode 100644 index e1d40d0b32..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/eviction.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/policy/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// EvictionLister helps list Evictions. -// All objects returned here must be treated as read-only. -type EvictionLister interface { - // List lists all Evictions in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Eviction, err error) - // Evictions returns an object that can list and get Evictions. - Evictions(namespace string) EvictionNamespaceLister - EvictionListerExpansion -} - -// evictionLister implements the EvictionLister interface. -type evictionLister struct { - indexer cache.Indexer -} - -// NewEvictionLister returns a new EvictionLister. -func NewEvictionLister(indexer cache.Indexer) EvictionLister { - return &evictionLister{indexer: indexer} -} - -// List lists all Evictions in the indexer. -func (s *evictionLister) List(selector labels.Selector) (ret []*v1beta1.Eviction, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Eviction)) - }) - return ret, err -} - -// Evictions returns an object that can list and get Evictions. -func (s *evictionLister) Evictions(namespace string) EvictionNamespaceLister { - return evictionNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// EvictionNamespaceLister helps list and get Evictions. -// All objects returned here must be treated as read-only. -type EvictionNamespaceLister interface { - // List lists all Evictions in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Eviction, err error) - // Get retrieves the Eviction from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Eviction, error) - EvictionNamespaceListerExpansion -} - -// evictionNamespaceLister implements the EvictionNamespaceLister -// interface. -type evictionNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Evictions in the indexer for a given namespace. -func (s evictionNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Eviction, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Eviction)) - }) - return ret, err -} - -// Get retrieves the Eviction from the indexer for a given namespace and name. -func (s evictionNamespaceLister) Get(name string) (*v1beta1.Eviction, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("eviction"), name) - } - return obj.(*v1beta1.Eviction), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/expansion_generated.go deleted file mode 100644 index 9a005f20bb..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/expansion_generated.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// EvictionListerExpansion allows custom methods to be added to -// EvictionLister. -type EvictionListerExpansion interface{} - -// EvictionNamespaceListerExpansion allows custom methods to be added to -// EvictionNamespaceLister. -type EvictionNamespaceListerExpansion interface{} - -// PodSecurityPolicyListerExpansion allows custom methods to be added to -// PodSecurityPolicyLister. -type PodSecurityPolicyListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/poddisruptionbudget.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/poddisruptionbudget.go deleted file mode 100644 index aa08f813ee..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/poddisruptionbudget.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/policy/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PodDisruptionBudgetLister helps list PodDisruptionBudgets. -// All objects returned here must be treated as read-only. -type PodDisruptionBudgetLister interface { - // List lists all PodDisruptionBudgets in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PodDisruptionBudget, err error) - // PodDisruptionBudgets returns an object that can list and get PodDisruptionBudgets. - PodDisruptionBudgets(namespace string) PodDisruptionBudgetNamespaceLister - PodDisruptionBudgetListerExpansion -} - -// podDisruptionBudgetLister implements the PodDisruptionBudgetLister interface. -type podDisruptionBudgetLister struct { - indexer cache.Indexer -} - -// NewPodDisruptionBudgetLister returns a new PodDisruptionBudgetLister. -func NewPodDisruptionBudgetLister(indexer cache.Indexer) PodDisruptionBudgetLister { - return &podDisruptionBudgetLister{indexer: indexer} -} - -// List lists all PodDisruptionBudgets in the indexer. -func (s *podDisruptionBudgetLister) List(selector labels.Selector) (ret []*v1beta1.PodDisruptionBudget, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PodDisruptionBudget)) - }) - return ret, err -} - -// PodDisruptionBudgets returns an object that can list and get PodDisruptionBudgets. -func (s *podDisruptionBudgetLister) PodDisruptionBudgets(namespace string) PodDisruptionBudgetNamespaceLister { - return podDisruptionBudgetNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PodDisruptionBudgetNamespaceLister helps list and get PodDisruptionBudgets. -// All objects returned here must be treated as read-only. -type PodDisruptionBudgetNamespaceLister interface { - // List lists all PodDisruptionBudgets in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PodDisruptionBudget, err error) - // Get retrieves the PodDisruptionBudget from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.PodDisruptionBudget, error) - PodDisruptionBudgetNamespaceListerExpansion -} - -// podDisruptionBudgetNamespaceLister implements the PodDisruptionBudgetNamespaceLister -// interface. -type podDisruptionBudgetNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodDisruptionBudgets in the indexer for a given namespace. -func (s podDisruptionBudgetNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.PodDisruptionBudget, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PodDisruptionBudget)) - }) - return ret, err -} - -// Get retrieves the PodDisruptionBudget from the indexer for a given namespace and name. -func (s podDisruptionBudgetNamespaceLister) Get(name string) (*v1beta1.PodDisruptionBudget, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("poddisruptionbudget"), name) - } - return obj.(*v1beta1.PodDisruptionBudget), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/poddisruptionbudget_expansion.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/poddisruptionbudget_expansion.go deleted file mode 100644 index 994947c4f3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/poddisruptionbudget_expansion.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - "k8s.io/api/core/v1" - policy "k8s.io/api/policy/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -// PodDisruptionBudgetListerExpansion allows custom methods to be added to -// PodDisruptionBudgetLister. -type PodDisruptionBudgetListerExpansion interface { - GetPodPodDisruptionBudgets(pod *v1.Pod) ([]*policy.PodDisruptionBudget, error) -} - -// PodDisruptionBudgetNamespaceListerExpansion allows custom methods to be added to -// PodDisruptionBudgetNamespaceLister. -type PodDisruptionBudgetNamespaceListerExpansion interface{} - -// GetPodPodDisruptionBudgets returns a list of PodDisruptionBudgets matching a pod. Returns an error only if no matching PodDisruptionBudgets are found. -func (s *podDisruptionBudgetLister) GetPodPodDisruptionBudgets(pod *v1.Pod) ([]*policy.PodDisruptionBudget, error) { - var selector labels.Selector - - list, err := s.PodDisruptionBudgets(pod.Namespace).List(labels.Everything()) - if err != nil { - return nil, err - } - - var pdbList []*policy.PodDisruptionBudget - for i := range list { - pdb := list[i] - selector, err = metav1.LabelSelectorAsSelector(pdb.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - - // If a PDB with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - pdbList = append(pdbList, pdb) - } - - if len(pdbList) == 0 { - return nil, fmt.Errorf("could not find PodDisruptionBudget for pod %s in namespace %s with labels: %v", pod.Name, pod.Namespace, pod.Labels) - } - - return pdbList, nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/podsecuritypolicy.go b/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/podsecuritypolicy.go deleted file mode 100644 index 7e73161b25..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/policy/v1beta1/podsecuritypolicy.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/policy/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PodSecurityPolicyLister helps list PodSecurityPolicies. -// All objects returned here must be treated as read-only. -type PodSecurityPolicyLister interface { - // List lists all PodSecurityPolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error) - // Get retrieves the PodSecurityPolicy from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.PodSecurityPolicy, error) - PodSecurityPolicyListerExpansion -} - -// podSecurityPolicyLister implements the PodSecurityPolicyLister interface. -type podSecurityPolicyLister struct { - indexer cache.Indexer -} - -// NewPodSecurityPolicyLister returns a new PodSecurityPolicyLister. -func NewPodSecurityPolicyLister(indexer cache.Indexer) PodSecurityPolicyLister { - return &podSecurityPolicyLister{indexer: indexer} -} - -// List lists all PodSecurityPolicies in the indexer. -func (s *podSecurityPolicyLister) List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PodSecurityPolicy)) - }) - return ret, err -} - -// Get retrieves the PodSecurityPolicy from the index for a given name. -func (s *podSecurityPolicyLister) Get(name string) (*v1beta1.PodSecurityPolicy, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("podsecuritypolicy"), name) - } - return obj.(*v1beta1.PodSecurityPolicy), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/clusterrole.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1/clusterrole.go deleted file mode 100644 index 84dc003ca2..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/clusterrole.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterRoleLister helps list ClusterRoles. -// All objects returned here must be treated as read-only. -type ClusterRoleLister interface { - // List lists all ClusterRoles in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ClusterRole, err error) - // Get retrieves the ClusterRole from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ClusterRole, error) - ClusterRoleListerExpansion -} - -// clusterRoleLister implements the ClusterRoleLister interface. -type clusterRoleLister struct { - indexer cache.Indexer -} - -// NewClusterRoleLister returns a new ClusterRoleLister. -func NewClusterRoleLister(indexer cache.Indexer) ClusterRoleLister { - return &clusterRoleLister{indexer: indexer} -} - -// List lists all ClusterRoles in the indexer. -func (s *clusterRoleLister) List(selector labels.Selector) (ret []*v1.ClusterRole, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ClusterRole)) - }) - return ret, err -} - -// Get retrieves the ClusterRole from the index for a given name. -func (s *clusterRoleLister) Get(name string) (*v1.ClusterRole, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("clusterrole"), name) - } - return obj.(*v1.ClusterRole), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/clusterrolebinding.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1/clusterrolebinding.go deleted file mode 100644 index ff061d4b2b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/clusterrolebinding.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterRoleBindingLister helps list ClusterRoleBindings. -// All objects returned here must be treated as read-only. -type ClusterRoleBindingLister interface { - // List lists all ClusterRoleBindings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ClusterRoleBinding, err error) - // Get retrieves the ClusterRoleBinding from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.ClusterRoleBinding, error) - ClusterRoleBindingListerExpansion -} - -// clusterRoleBindingLister implements the ClusterRoleBindingLister interface. -type clusterRoleBindingLister struct { - indexer cache.Indexer -} - -// NewClusterRoleBindingLister returns a new ClusterRoleBindingLister. -func NewClusterRoleBindingLister(indexer cache.Indexer) ClusterRoleBindingLister { - return &clusterRoleBindingLister{indexer: indexer} -} - -// List lists all ClusterRoleBindings in the indexer. -func (s *clusterRoleBindingLister) List(selector labels.Selector) (ret []*v1.ClusterRoleBinding, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.ClusterRoleBinding)) - }) - return ret, err -} - -// Get retrieves the ClusterRoleBinding from the index for a given name. -func (s *clusterRoleBindingLister) Get(name string) (*v1.ClusterRoleBinding, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("clusterrolebinding"), name) - } - return obj.(*v1.ClusterRoleBinding), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1/expansion_generated.go deleted file mode 100644 index 0eb2a6d114..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/expansion_generated.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// ClusterRoleListerExpansion allows custom methods to be added to -// ClusterRoleLister. -type ClusterRoleListerExpansion interface{} - -// ClusterRoleBindingListerExpansion allows custom methods to be added to -// ClusterRoleBindingLister. -type ClusterRoleBindingListerExpansion interface{} - -// RoleListerExpansion allows custom methods to be added to -// RoleLister. -type RoleListerExpansion interface{} - -// RoleNamespaceListerExpansion allows custom methods to be added to -// RoleNamespaceLister. -type RoleNamespaceListerExpansion interface{} - -// RoleBindingListerExpansion allows custom methods to be added to -// RoleBindingLister. -type RoleBindingListerExpansion interface{} - -// RoleBindingNamespaceListerExpansion allows custom methods to be added to -// RoleBindingNamespaceLister. -type RoleBindingNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/role.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1/role.go deleted file mode 100644 index 503f013b52..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/role.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RoleLister helps list Roles. -// All objects returned here must be treated as read-only. -type RoleLister interface { - // List lists all Roles in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Role, err error) - // Roles returns an object that can list and get Roles. - Roles(namespace string) RoleNamespaceLister - RoleListerExpansion -} - -// roleLister implements the RoleLister interface. -type roleLister struct { - indexer cache.Indexer -} - -// NewRoleLister returns a new RoleLister. -func NewRoleLister(indexer cache.Indexer) RoleLister { - return &roleLister{indexer: indexer} -} - -// List lists all Roles in the indexer. -func (s *roleLister) List(selector labels.Selector) (ret []*v1.Role, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Role)) - }) - return ret, err -} - -// Roles returns an object that can list and get Roles. -func (s *roleLister) Roles(namespace string) RoleNamespaceLister { - return roleNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// RoleNamespaceLister helps list and get Roles. -// All objects returned here must be treated as read-only. -type RoleNamespaceLister interface { - // List lists all Roles in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Role, err error) - // Get retrieves the Role from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.Role, error) - RoleNamespaceListerExpansion -} - -// roleNamespaceLister implements the RoleNamespaceLister -// interface. -type roleNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Roles in the indexer for a given namespace. -func (s roleNamespaceLister) List(selector labels.Selector) (ret []*v1.Role, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.Role)) - }) - return ret, err -} - -// Get retrieves the Role from the indexer for a given namespace and name. -func (s roleNamespaceLister) Get(name string) (*v1.Role, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("role"), name) - } - return obj.(*v1.Role), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/rolebinding.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1/rolebinding.go deleted file mode 100644 index ea50c64136..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1/rolebinding.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RoleBindingLister helps list RoleBindings. -// All objects returned here must be treated as read-only. -type RoleBindingLister interface { - // List lists all RoleBindings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.RoleBinding, err error) - // RoleBindings returns an object that can list and get RoleBindings. - RoleBindings(namespace string) RoleBindingNamespaceLister - RoleBindingListerExpansion -} - -// roleBindingLister implements the RoleBindingLister interface. -type roleBindingLister struct { - indexer cache.Indexer -} - -// NewRoleBindingLister returns a new RoleBindingLister. -func NewRoleBindingLister(indexer cache.Indexer) RoleBindingLister { - return &roleBindingLister{indexer: indexer} -} - -// List lists all RoleBindings in the indexer. -func (s *roleBindingLister) List(selector labels.Selector) (ret []*v1.RoleBinding, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.RoleBinding)) - }) - return ret, err -} - -// RoleBindings returns an object that can list and get RoleBindings. -func (s *roleBindingLister) RoleBindings(namespace string) RoleBindingNamespaceLister { - return roleBindingNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// RoleBindingNamespaceLister helps list and get RoleBindings. -// All objects returned here must be treated as read-only. -type RoleBindingNamespaceLister interface { - // List lists all RoleBindings in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.RoleBinding, err error) - // Get retrieves the RoleBinding from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.RoleBinding, error) - RoleBindingNamespaceListerExpansion -} - -// roleBindingNamespaceLister implements the RoleBindingNamespaceLister -// interface. -type roleBindingNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all RoleBindings in the indexer for a given namespace. -func (s roleBindingNamespaceLister) List(selector labels.Selector) (ret []*v1.RoleBinding, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.RoleBinding)) - }) - return ret, err -} - -// Get retrieves the RoleBinding from the indexer for a given namespace and name. -func (s roleBindingNamespaceLister) Get(name string) (*v1.RoleBinding, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("rolebinding"), name) - } - return obj.(*v1.RoleBinding), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/clusterrole.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/clusterrole.go deleted file mode 100644 index 181ea95a7d..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/clusterrole.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/rbac/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterRoleLister helps list ClusterRoles. -// All objects returned here must be treated as read-only. -type ClusterRoleLister interface { - // List lists all ClusterRoles in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ClusterRole, err error) - // Get retrieves the ClusterRole from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ClusterRole, error) - ClusterRoleListerExpansion -} - -// clusterRoleLister implements the ClusterRoleLister interface. -type clusterRoleLister struct { - indexer cache.Indexer -} - -// NewClusterRoleLister returns a new ClusterRoleLister. -func NewClusterRoleLister(indexer cache.Indexer) ClusterRoleLister { - return &clusterRoleLister{indexer: indexer} -} - -// List lists all ClusterRoles in the indexer. -func (s *clusterRoleLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterRole, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ClusterRole)) - }) - return ret, err -} - -// Get retrieves the ClusterRole from the index for a given name. -func (s *clusterRoleLister) Get(name string) (*v1alpha1.ClusterRole, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("clusterrole"), name) - } - return obj.(*v1alpha1.ClusterRole), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/clusterrolebinding.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/clusterrolebinding.go deleted file mode 100644 index 29d283b6cf..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/clusterrolebinding.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/rbac/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterRoleBindingLister helps list ClusterRoleBindings. -// All objects returned here must be treated as read-only. -type ClusterRoleBindingLister interface { - // List lists all ClusterRoleBindings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ClusterRoleBinding, err error) - // Get retrieves the ClusterRoleBinding from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ClusterRoleBinding, error) - ClusterRoleBindingListerExpansion -} - -// clusterRoleBindingLister implements the ClusterRoleBindingLister interface. -type clusterRoleBindingLister struct { - indexer cache.Indexer -} - -// NewClusterRoleBindingLister returns a new ClusterRoleBindingLister. -func NewClusterRoleBindingLister(indexer cache.Indexer) ClusterRoleBindingLister { - return &clusterRoleBindingLister{indexer: indexer} -} - -// List lists all ClusterRoleBindings in the indexer. -func (s *clusterRoleBindingLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterRoleBinding, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ClusterRoleBinding)) - }) - return ret, err -} - -// Get retrieves the ClusterRoleBinding from the index for a given name. -func (s *clusterRoleBindingLister) Get(name string) (*v1alpha1.ClusterRoleBinding, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("clusterrolebinding"), name) - } - return obj.(*v1alpha1.ClusterRoleBinding), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/expansion_generated.go deleted file mode 100644 index 2d4ad1756e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// ClusterRoleListerExpansion allows custom methods to be added to -// ClusterRoleLister. -type ClusterRoleListerExpansion interface{} - -// ClusterRoleBindingListerExpansion allows custom methods to be added to -// ClusterRoleBindingLister. -type ClusterRoleBindingListerExpansion interface{} - -// RoleListerExpansion allows custom methods to be added to -// RoleLister. -type RoleListerExpansion interface{} - -// RoleNamespaceListerExpansion allows custom methods to be added to -// RoleNamespaceLister. -type RoleNamespaceListerExpansion interface{} - -// RoleBindingListerExpansion allows custom methods to be added to -// RoleBindingLister. -type RoleBindingListerExpansion interface{} - -// RoleBindingNamespaceListerExpansion allows custom methods to be added to -// RoleBindingNamespaceLister. -type RoleBindingNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/role.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/role.go deleted file mode 100644 index 13a64137ae..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/role.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/rbac/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RoleLister helps list Roles. -// All objects returned here must be treated as read-only. -type RoleLister interface { - // List lists all Roles in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.Role, err error) - // Roles returns an object that can list and get Roles. - Roles(namespace string) RoleNamespaceLister - RoleListerExpansion -} - -// roleLister implements the RoleLister interface. -type roleLister struct { - indexer cache.Indexer -} - -// NewRoleLister returns a new RoleLister. -func NewRoleLister(indexer cache.Indexer) RoleLister { - return &roleLister{indexer: indexer} -} - -// List lists all Roles in the indexer. -func (s *roleLister) List(selector labels.Selector) (ret []*v1alpha1.Role, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.Role)) - }) - return ret, err -} - -// Roles returns an object that can list and get Roles. -func (s *roleLister) Roles(namespace string) RoleNamespaceLister { - return roleNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// RoleNamespaceLister helps list and get Roles. -// All objects returned here must be treated as read-only. -type RoleNamespaceLister interface { - // List lists all Roles in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.Role, err error) - // Get retrieves the Role from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.Role, error) - RoleNamespaceListerExpansion -} - -// roleNamespaceLister implements the RoleNamespaceLister -// interface. -type roleNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Roles in the indexer for a given namespace. -func (s roleNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.Role, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.Role)) - }) - return ret, err -} - -// Get retrieves the Role from the indexer for a given namespace and name. -func (s roleNamespaceLister) Get(name string) (*v1alpha1.Role, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("role"), name) - } - return obj.(*v1alpha1.Role), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/rolebinding.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/rolebinding.go deleted file mode 100644 index 0ad3d0eba0..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1alpha1/rolebinding.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/rbac/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RoleBindingLister helps list RoleBindings. -// All objects returned here must be treated as read-only. -type RoleBindingLister interface { - // List lists all RoleBindings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.RoleBinding, err error) - // RoleBindings returns an object that can list and get RoleBindings. - RoleBindings(namespace string) RoleBindingNamespaceLister - RoleBindingListerExpansion -} - -// roleBindingLister implements the RoleBindingLister interface. -type roleBindingLister struct { - indexer cache.Indexer -} - -// NewRoleBindingLister returns a new RoleBindingLister. -func NewRoleBindingLister(indexer cache.Indexer) RoleBindingLister { - return &roleBindingLister{indexer: indexer} -} - -// List lists all RoleBindings in the indexer. -func (s *roleBindingLister) List(selector labels.Selector) (ret []*v1alpha1.RoleBinding, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.RoleBinding)) - }) - return ret, err -} - -// RoleBindings returns an object that can list and get RoleBindings. -func (s *roleBindingLister) RoleBindings(namespace string) RoleBindingNamespaceLister { - return roleBindingNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// RoleBindingNamespaceLister helps list and get RoleBindings. -// All objects returned here must be treated as read-only. -type RoleBindingNamespaceLister interface { - // List lists all RoleBindings in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.RoleBinding, err error) - // Get retrieves the RoleBinding from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.RoleBinding, error) - RoleBindingNamespaceListerExpansion -} - -// roleBindingNamespaceLister implements the RoleBindingNamespaceLister -// interface. -type roleBindingNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all RoleBindings in the indexer for a given namespace. -func (s roleBindingNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.RoleBinding, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.RoleBinding)) - }) - return ret, err -} - -// Get retrieves the RoleBinding from the indexer for a given namespace and name. -func (s roleBindingNamespaceLister) Get(name string) (*v1alpha1.RoleBinding, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("rolebinding"), name) - } - return obj.(*v1alpha1.RoleBinding), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/clusterrole.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/clusterrole.go deleted file mode 100644 index bf6cd99cb1..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/clusterrole.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/rbac/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterRoleLister helps list ClusterRoles. -// All objects returned here must be treated as read-only. -type ClusterRoleLister interface { - // List lists all ClusterRoles in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ClusterRole, err error) - // Get retrieves the ClusterRole from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.ClusterRole, error) - ClusterRoleListerExpansion -} - -// clusterRoleLister implements the ClusterRoleLister interface. -type clusterRoleLister struct { - indexer cache.Indexer -} - -// NewClusterRoleLister returns a new ClusterRoleLister. -func NewClusterRoleLister(indexer cache.Indexer) ClusterRoleLister { - return &clusterRoleLister{indexer: indexer} -} - -// List lists all ClusterRoles in the indexer. -func (s *clusterRoleLister) List(selector labels.Selector) (ret []*v1beta1.ClusterRole, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.ClusterRole)) - }) - return ret, err -} - -// Get retrieves the ClusterRole from the index for a given name. -func (s *clusterRoleLister) Get(name string) (*v1beta1.ClusterRole, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("clusterrole"), name) - } - return obj.(*v1beta1.ClusterRole), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/clusterrolebinding.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/clusterrolebinding.go deleted file mode 100644 index 00bab2330b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/clusterrolebinding.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/rbac/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ClusterRoleBindingLister helps list ClusterRoleBindings. -// All objects returned here must be treated as read-only. -type ClusterRoleBindingLister interface { - // List lists all ClusterRoleBindings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ClusterRoleBinding, err error) - // Get retrieves the ClusterRoleBinding from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.ClusterRoleBinding, error) - ClusterRoleBindingListerExpansion -} - -// clusterRoleBindingLister implements the ClusterRoleBindingLister interface. -type clusterRoleBindingLister struct { - indexer cache.Indexer -} - -// NewClusterRoleBindingLister returns a new ClusterRoleBindingLister. -func NewClusterRoleBindingLister(indexer cache.Indexer) ClusterRoleBindingLister { - return &clusterRoleBindingLister{indexer: indexer} -} - -// List lists all ClusterRoleBindings in the indexer. -func (s *clusterRoleBindingLister) List(selector labels.Selector) (ret []*v1beta1.ClusterRoleBinding, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.ClusterRoleBinding)) - }) - return ret, err -} - -// Get retrieves the ClusterRoleBinding from the index for a given name. -func (s *clusterRoleBindingLister) Get(name string) (*v1beta1.ClusterRoleBinding, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("clusterrolebinding"), name) - } - return obj.(*v1beta1.ClusterRoleBinding), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/expansion_generated.go deleted file mode 100644 index 51f674bd0f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/expansion_generated.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// ClusterRoleListerExpansion allows custom methods to be added to -// ClusterRoleLister. -type ClusterRoleListerExpansion interface{} - -// ClusterRoleBindingListerExpansion allows custom methods to be added to -// ClusterRoleBindingLister. -type ClusterRoleBindingListerExpansion interface{} - -// RoleListerExpansion allows custom methods to be added to -// RoleLister. -type RoleListerExpansion interface{} - -// RoleNamespaceListerExpansion allows custom methods to be added to -// RoleNamespaceLister. -type RoleNamespaceListerExpansion interface{} - -// RoleBindingListerExpansion allows custom methods to be added to -// RoleBindingLister. -type RoleBindingListerExpansion interface{} - -// RoleBindingNamespaceListerExpansion allows custom methods to be added to -// RoleBindingNamespaceLister. -type RoleBindingNamespaceListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/role.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/role.go deleted file mode 100644 index 9cd9b9042d..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/role.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/rbac/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RoleLister helps list Roles. -// All objects returned here must be treated as read-only. -type RoleLister interface { - // List lists all Roles in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Role, err error) - // Roles returns an object that can list and get Roles. - Roles(namespace string) RoleNamespaceLister - RoleListerExpansion -} - -// roleLister implements the RoleLister interface. -type roleLister struct { - indexer cache.Indexer -} - -// NewRoleLister returns a new RoleLister. -func NewRoleLister(indexer cache.Indexer) RoleLister { - return &roleLister{indexer: indexer} -} - -// List lists all Roles in the indexer. -func (s *roleLister) List(selector labels.Selector) (ret []*v1beta1.Role, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Role)) - }) - return ret, err -} - -// Roles returns an object that can list and get Roles. -func (s *roleLister) Roles(namespace string) RoleNamespaceLister { - return roleNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// RoleNamespaceLister helps list and get Roles. -// All objects returned here must be treated as read-only. -type RoleNamespaceLister interface { - // List lists all Roles in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.Role, err error) - // Get retrieves the Role from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.Role, error) - RoleNamespaceListerExpansion -} - -// roleNamespaceLister implements the RoleNamespaceLister -// interface. -type roleNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all Roles in the indexer for a given namespace. -func (s roleNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.Role, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.Role)) - }) - return ret, err -} - -// Get retrieves the Role from the indexer for a given namespace and name. -func (s roleNamespaceLister) Get(name string) (*v1beta1.Role, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("role"), name) - } - return obj.(*v1beta1.Role), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/rolebinding.go b/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/rolebinding.go deleted file mode 100644 index 7c7c91bf3f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/rbac/v1beta1/rolebinding.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/rbac/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// RoleBindingLister helps list RoleBindings. -// All objects returned here must be treated as read-only. -type RoleBindingLister interface { - // List lists all RoleBindings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.RoleBinding, err error) - // RoleBindings returns an object that can list and get RoleBindings. - RoleBindings(namespace string) RoleBindingNamespaceLister - RoleBindingListerExpansion -} - -// roleBindingLister implements the RoleBindingLister interface. -type roleBindingLister struct { - indexer cache.Indexer -} - -// NewRoleBindingLister returns a new RoleBindingLister. -func NewRoleBindingLister(indexer cache.Indexer) RoleBindingLister { - return &roleBindingLister{indexer: indexer} -} - -// List lists all RoleBindings in the indexer. -func (s *roleBindingLister) List(selector labels.Selector) (ret []*v1beta1.RoleBinding, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.RoleBinding)) - }) - return ret, err -} - -// RoleBindings returns an object that can list and get RoleBindings. -func (s *roleBindingLister) RoleBindings(namespace string) RoleBindingNamespaceLister { - return roleBindingNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// RoleBindingNamespaceLister helps list and get RoleBindings. -// All objects returned here must be treated as read-only. -type RoleBindingNamespaceLister interface { - // List lists all RoleBindings in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.RoleBinding, err error) - // Get retrieves the RoleBinding from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.RoleBinding, error) - RoleBindingNamespaceListerExpansion -} - -// roleBindingNamespaceLister implements the RoleBindingNamespaceLister -// interface. -type roleBindingNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all RoleBindings in the indexer for a given namespace. -func (s roleBindingNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.RoleBinding, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.RoleBinding)) - }) - return ret, err -} - -// Get retrieves the RoleBinding from the indexer for a given namespace and name. -func (s roleBindingNamespaceLister) Get(name string) (*v1beta1.RoleBinding, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("rolebinding"), name) - } - return obj.(*v1beta1.RoleBinding), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/expansion_generated.go deleted file mode 100644 index 94885e784f..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// PodSchedulingListerExpansion allows custom methods to be added to -// PodSchedulingLister. -type PodSchedulingListerExpansion interface{} - -// PodSchedulingNamespaceListerExpansion allows custom methods to be added to -// PodSchedulingNamespaceLister. -type PodSchedulingNamespaceListerExpansion interface{} - -// ResourceClaimListerExpansion allows custom methods to be added to -// ResourceClaimLister. -type ResourceClaimListerExpansion interface{} - -// ResourceClaimNamespaceListerExpansion allows custom methods to be added to -// ResourceClaimNamespaceLister. -type ResourceClaimNamespaceListerExpansion interface{} - -// ResourceClaimTemplateListerExpansion allows custom methods to be added to -// ResourceClaimTemplateLister. -type ResourceClaimTemplateListerExpansion interface{} - -// ResourceClaimTemplateNamespaceListerExpansion allows custom methods to be added to -// ResourceClaimTemplateNamespaceLister. -type ResourceClaimTemplateNamespaceListerExpansion interface{} - -// ResourceClassListerExpansion allows custom methods to be added to -// ResourceClassLister. -type ResourceClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/podscheduling.go b/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/podscheduling.go deleted file mode 100644 index fe43713710..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/podscheduling.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/resource/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PodSchedulingLister helps list PodSchedulings. -// All objects returned here must be treated as read-only. -type PodSchedulingLister interface { - // List lists all PodSchedulings in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.PodScheduling, err error) - // PodSchedulings returns an object that can list and get PodSchedulings. - PodSchedulings(namespace string) PodSchedulingNamespaceLister - PodSchedulingListerExpansion -} - -// podSchedulingLister implements the PodSchedulingLister interface. -type podSchedulingLister struct { - indexer cache.Indexer -} - -// NewPodSchedulingLister returns a new PodSchedulingLister. -func NewPodSchedulingLister(indexer cache.Indexer) PodSchedulingLister { - return &podSchedulingLister{indexer: indexer} -} - -// List lists all PodSchedulings in the indexer. -func (s *podSchedulingLister) List(selector labels.Selector) (ret []*v1alpha1.PodScheduling, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodScheduling)) - }) - return ret, err -} - -// PodSchedulings returns an object that can list and get PodSchedulings. -func (s *podSchedulingLister) PodSchedulings(namespace string) PodSchedulingNamespaceLister { - return podSchedulingNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// PodSchedulingNamespaceLister helps list and get PodSchedulings. -// All objects returned here must be treated as read-only. -type PodSchedulingNamespaceLister interface { - // List lists all PodSchedulings in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.PodScheduling, err error) - // Get retrieves the PodScheduling from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.PodScheduling, error) - PodSchedulingNamespaceListerExpansion -} - -// podSchedulingNamespaceLister implements the PodSchedulingNamespaceLister -// interface. -type podSchedulingNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodSchedulings in the indexer for a given namespace. -func (s podSchedulingNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PodScheduling, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodScheduling)) - }) - return ret, err -} - -// Get retrieves the PodScheduling from the indexer for a given namespace and name. -func (s podSchedulingNamespaceLister) Get(name string) (*v1alpha1.PodScheduling, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("podscheduling"), name) - } - return obj.(*v1alpha1.PodScheduling), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclaim.go b/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclaim.go deleted file mode 100644 index 05d5e0cfa4..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclaim.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/resource/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ResourceClaimLister helps list ResourceClaims. -// All objects returned here must be treated as read-only. -type ResourceClaimLister interface { - // List lists all ResourceClaims in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ResourceClaim, err error) - // ResourceClaims returns an object that can list and get ResourceClaims. - ResourceClaims(namespace string) ResourceClaimNamespaceLister - ResourceClaimListerExpansion -} - -// resourceClaimLister implements the ResourceClaimLister interface. -type resourceClaimLister struct { - indexer cache.Indexer -} - -// NewResourceClaimLister returns a new ResourceClaimLister. -func NewResourceClaimLister(indexer cache.Indexer) ResourceClaimLister { - return &resourceClaimLister{indexer: indexer} -} - -// List lists all ResourceClaims in the indexer. -func (s *resourceClaimLister) List(selector labels.Selector) (ret []*v1alpha1.ResourceClaim, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ResourceClaim)) - }) - return ret, err -} - -// ResourceClaims returns an object that can list and get ResourceClaims. -func (s *resourceClaimLister) ResourceClaims(namespace string) ResourceClaimNamespaceLister { - return resourceClaimNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ResourceClaimNamespaceLister helps list and get ResourceClaims. -// All objects returned here must be treated as read-only. -type ResourceClaimNamespaceLister interface { - // List lists all ResourceClaims in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ResourceClaim, err error) - // Get retrieves the ResourceClaim from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ResourceClaim, error) - ResourceClaimNamespaceListerExpansion -} - -// resourceClaimNamespaceLister implements the ResourceClaimNamespaceLister -// interface. -type resourceClaimNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ResourceClaims in the indexer for a given namespace. -func (s resourceClaimNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.ResourceClaim, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ResourceClaim)) - }) - return ret, err -} - -// Get retrieves the ResourceClaim from the indexer for a given namespace and name. -func (s resourceClaimNamespaceLister) Get(name string) (*v1alpha1.ResourceClaim, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("resourceclaim"), name) - } - return obj.(*v1alpha1.ResourceClaim), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclaimtemplate.go b/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclaimtemplate.go deleted file mode 100644 index 97acddc7af..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclaimtemplate.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/resource/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ResourceClaimTemplateLister helps list ResourceClaimTemplates. -// All objects returned here must be treated as read-only. -type ResourceClaimTemplateLister interface { - // List lists all ResourceClaimTemplates in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ResourceClaimTemplate, err error) - // ResourceClaimTemplates returns an object that can list and get ResourceClaimTemplates. - ResourceClaimTemplates(namespace string) ResourceClaimTemplateNamespaceLister - ResourceClaimTemplateListerExpansion -} - -// resourceClaimTemplateLister implements the ResourceClaimTemplateLister interface. -type resourceClaimTemplateLister struct { - indexer cache.Indexer -} - -// NewResourceClaimTemplateLister returns a new ResourceClaimTemplateLister. -func NewResourceClaimTemplateLister(indexer cache.Indexer) ResourceClaimTemplateLister { - return &resourceClaimTemplateLister{indexer: indexer} -} - -// List lists all ResourceClaimTemplates in the indexer. -func (s *resourceClaimTemplateLister) List(selector labels.Selector) (ret []*v1alpha1.ResourceClaimTemplate, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ResourceClaimTemplate)) - }) - return ret, err -} - -// ResourceClaimTemplates returns an object that can list and get ResourceClaimTemplates. -func (s *resourceClaimTemplateLister) ResourceClaimTemplates(namespace string) ResourceClaimTemplateNamespaceLister { - return resourceClaimTemplateNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ResourceClaimTemplateNamespaceLister helps list and get ResourceClaimTemplates. -// All objects returned here must be treated as read-only. -type ResourceClaimTemplateNamespaceLister interface { - // List lists all ResourceClaimTemplates in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ResourceClaimTemplate, err error) - // Get retrieves the ResourceClaimTemplate from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ResourceClaimTemplate, error) - ResourceClaimTemplateNamespaceListerExpansion -} - -// resourceClaimTemplateNamespaceLister implements the ResourceClaimTemplateNamespaceLister -// interface. -type resourceClaimTemplateNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ResourceClaimTemplates in the indexer for a given namespace. -func (s resourceClaimTemplateNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.ResourceClaimTemplate, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ResourceClaimTemplate)) - }) - return ret, err -} - -// Get retrieves the ResourceClaimTemplate from the indexer for a given namespace and name. -func (s resourceClaimTemplateNamespaceLister) Get(name string) (*v1alpha1.ResourceClaimTemplate, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("resourceclaimtemplate"), name) - } - return obj.(*v1alpha1.ResourceClaimTemplate), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclass.go b/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclass.go deleted file mode 100644 index 8d4dbf4d04..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/resource/v1alpha1/resourceclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/resource/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// ResourceClassLister helps list ResourceClasses. -// All objects returned here must be treated as read-only. -type ResourceClassLister interface { - // List lists all ResourceClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.ResourceClass, err error) - // Get retrieves the ResourceClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.ResourceClass, error) - ResourceClassListerExpansion -} - -// resourceClassLister implements the ResourceClassLister interface. -type resourceClassLister struct { - indexer cache.Indexer -} - -// NewResourceClassLister returns a new ResourceClassLister. -func NewResourceClassLister(indexer cache.Indexer) ResourceClassLister { - return &resourceClassLister{indexer: indexer} -} - -// List lists all ResourceClasses in the indexer. -func (s *resourceClassLister) List(selector labels.Selector) (ret []*v1alpha1.ResourceClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.ResourceClass)) - }) - return ret, err -} - -// Get retrieves the ResourceClass from the index for a given name. -func (s *resourceClassLister) Get(name string) (*v1alpha1.ResourceClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("resourceclass"), name) - } - return obj.(*v1alpha1.ResourceClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/scheduling/v1/expansion_generated.go deleted file mode 100644 index d0c45d0125..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// PriorityClassListerExpansion allows custom methods to be added to -// PriorityClassLister. -type PriorityClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1/priorityclass.go b/etcd/vendor/k8s.io/client-go/listers/scheduling/v1/priorityclass.go deleted file mode 100644 index 4da84ccf8a..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1/priorityclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/scheduling/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PriorityClassLister helps list PriorityClasses. -// All objects returned here must be treated as read-only. -type PriorityClassLister interface { - // List lists all PriorityClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.PriorityClass, err error) - // Get retrieves the PriorityClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.PriorityClass, error) - PriorityClassListerExpansion -} - -// priorityClassLister implements the PriorityClassLister interface. -type priorityClassLister struct { - indexer cache.Indexer -} - -// NewPriorityClassLister returns a new PriorityClassLister. -func NewPriorityClassLister(indexer cache.Indexer) PriorityClassLister { - return &priorityClassLister{indexer: indexer} -} - -// List lists all PriorityClasses in the indexer. -func (s *priorityClassLister) List(selector labels.Selector) (ret []*v1.PriorityClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.PriorityClass)) - }) - return ret, err -} - -// Get retrieves the PriorityClass from the index for a given name. -func (s *priorityClassLister) Get(name string) (*v1.PriorityClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("priorityclass"), name) - } - return obj.(*v1.PriorityClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/scheduling/v1alpha1/expansion_generated.go deleted file mode 100644 index bde8b6206c..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// PriorityClassListerExpansion allows custom methods to be added to -// PriorityClassLister. -type PriorityClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1alpha1/priorityclass.go b/etcd/vendor/k8s.io/client-go/listers/scheduling/v1alpha1/priorityclass.go deleted file mode 100644 index 3d25dc80af..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1alpha1/priorityclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/scheduling/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PriorityClassLister helps list PriorityClasses. -// All objects returned here must be treated as read-only. -type PriorityClassLister interface { - // List lists all PriorityClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.PriorityClass, err error) - // Get retrieves the PriorityClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.PriorityClass, error) - PriorityClassListerExpansion -} - -// priorityClassLister implements the PriorityClassLister interface. -type priorityClassLister struct { - indexer cache.Indexer -} - -// NewPriorityClassLister returns a new PriorityClassLister. -func NewPriorityClassLister(indexer cache.Indexer) PriorityClassLister { - return &priorityClassLister{indexer: indexer} -} - -// List lists all PriorityClasses in the indexer. -func (s *priorityClassLister) List(selector labels.Selector) (ret []*v1alpha1.PriorityClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PriorityClass)) - }) - return ret, err -} - -// Get retrieves the PriorityClass from the index for a given name. -func (s *priorityClassLister) Get(name string) (*v1alpha1.PriorityClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("priorityclass"), name) - } - return obj.(*v1alpha1.PriorityClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/scheduling/v1beta1/expansion_generated.go deleted file mode 100644 index b806e8cf80..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1beta1/expansion_generated.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// PriorityClassListerExpansion allows custom methods to be added to -// PriorityClassLister. -type PriorityClassListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1beta1/priorityclass.go b/etcd/vendor/k8s.io/client-go/listers/scheduling/v1beta1/priorityclass.go deleted file mode 100644 index c848d035af..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/scheduling/v1beta1/priorityclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/scheduling/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// PriorityClassLister helps list PriorityClasses. -// All objects returned here must be treated as read-only. -type PriorityClassLister interface { - // List lists all PriorityClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.PriorityClass, err error) - // Get retrieves the PriorityClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.PriorityClass, error) - PriorityClassListerExpansion -} - -// priorityClassLister implements the PriorityClassLister interface. -type priorityClassLister struct { - indexer cache.Indexer -} - -// NewPriorityClassLister returns a new PriorityClassLister. -func NewPriorityClassLister(indexer cache.Indexer) PriorityClassLister { - return &priorityClassLister{indexer: indexer} -} - -// List lists all PriorityClasses in the indexer. -func (s *priorityClassLister) List(selector labels.Selector) (ret []*v1beta1.PriorityClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.PriorityClass)) - }) - return ret, err -} - -// Get retrieves the PriorityClass from the index for a given name. -func (s *priorityClassLister) Get(name string) (*v1beta1.PriorityClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("priorityclass"), name) - } - return obj.(*v1beta1.PriorityClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1/csidriver.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1/csidriver.go deleted file mode 100644 index 4e8ab90900..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1/csidriver.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CSIDriverLister helps list CSIDrivers. -// All objects returned here must be treated as read-only. -type CSIDriverLister interface { - // List lists all CSIDrivers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CSIDriver, err error) - // Get retrieves the CSIDriver from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.CSIDriver, error) - CSIDriverListerExpansion -} - -// cSIDriverLister implements the CSIDriverLister interface. -type cSIDriverLister struct { - indexer cache.Indexer -} - -// NewCSIDriverLister returns a new CSIDriverLister. -func NewCSIDriverLister(indexer cache.Indexer) CSIDriverLister { - return &cSIDriverLister{indexer: indexer} -} - -// List lists all CSIDrivers in the indexer. -func (s *cSIDriverLister) List(selector labels.Selector) (ret []*v1.CSIDriver, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.CSIDriver)) - }) - return ret, err -} - -// Get retrieves the CSIDriver from the index for a given name. -func (s *cSIDriverLister) Get(name string) (*v1.CSIDriver, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("csidriver"), name) - } - return obj.(*v1.CSIDriver), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1/csinode.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1/csinode.go deleted file mode 100644 index 93f869572c..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1/csinode.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CSINodeLister helps list CSINodes. -// All objects returned here must be treated as read-only. -type CSINodeLister interface { - // List lists all CSINodes in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CSINode, err error) - // Get retrieves the CSINode from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.CSINode, error) - CSINodeListerExpansion -} - -// cSINodeLister implements the CSINodeLister interface. -type cSINodeLister struct { - indexer cache.Indexer -} - -// NewCSINodeLister returns a new CSINodeLister. -func NewCSINodeLister(indexer cache.Indexer) CSINodeLister { - return &cSINodeLister{indexer: indexer} -} - -// List lists all CSINodes in the indexer. -func (s *cSINodeLister) List(selector labels.Selector) (ret []*v1.CSINode, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.CSINode)) - }) - return ret, err -} - -// Get retrieves the CSINode from the index for a given name. -func (s *cSINodeLister) Get(name string) (*v1.CSINode, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("csinode"), name) - } - return obj.(*v1.CSINode), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1/csistoragecapacity.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1/csistoragecapacity.go deleted file mode 100644 index a72328c9a3..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1/csistoragecapacity.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CSIStorageCapacityLister helps list CSIStorageCapacities. -// All objects returned here must be treated as read-only. -type CSIStorageCapacityLister interface { - // List lists all CSIStorageCapacities in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CSIStorageCapacity, err error) - // CSIStorageCapacities returns an object that can list and get CSIStorageCapacities. - CSIStorageCapacities(namespace string) CSIStorageCapacityNamespaceLister - CSIStorageCapacityListerExpansion -} - -// cSIStorageCapacityLister implements the CSIStorageCapacityLister interface. -type cSIStorageCapacityLister struct { - indexer cache.Indexer -} - -// NewCSIStorageCapacityLister returns a new CSIStorageCapacityLister. -func NewCSIStorageCapacityLister(indexer cache.Indexer) CSIStorageCapacityLister { - return &cSIStorageCapacityLister{indexer: indexer} -} - -// List lists all CSIStorageCapacities in the indexer. -func (s *cSIStorageCapacityLister) List(selector labels.Selector) (ret []*v1.CSIStorageCapacity, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.CSIStorageCapacity)) - }) - return ret, err -} - -// CSIStorageCapacities returns an object that can list and get CSIStorageCapacities. -func (s *cSIStorageCapacityLister) CSIStorageCapacities(namespace string) CSIStorageCapacityNamespaceLister { - return cSIStorageCapacityNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CSIStorageCapacityNamespaceLister helps list and get CSIStorageCapacities. -// All objects returned here must be treated as read-only. -type CSIStorageCapacityNamespaceLister interface { - // List lists all CSIStorageCapacities in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CSIStorageCapacity, err error) - // Get retrieves the CSIStorageCapacity from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.CSIStorageCapacity, error) - CSIStorageCapacityNamespaceListerExpansion -} - -// cSIStorageCapacityNamespaceLister implements the CSIStorageCapacityNamespaceLister -// interface. -type cSIStorageCapacityNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CSIStorageCapacities in the indexer for a given namespace. -func (s cSIStorageCapacityNamespaceLister) List(selector labels.Selector) (ret []*v1.CSIStorageCapacity, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1.CSIStorageCapacity)) - }) - return ret, err -} - -// Get retrieves the CSIStorageCapacity from the indexer for a given namespace and name. -func (s cSIStorageCapacityNamespaceLister) Get(name string) (*v1.CSIStorageCapacity, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("csistoragecapacity"), name) - } - return obj.(*v1.CSIStorageCapacity), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1/expansion_generated.go deleted file mode 100644 index 196b787e7e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1/expansion_generated.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -// CSIDriverListerExpansion allows custom methods to be added to -// CSIDriverLister. -type CSIDriverListerExpansion interface{} - -// CSINodeListerExpansion allows custom methods to be added to -// CSINodeLister. -type CSINodeListerExpansion interface{} - -// CSIStorageCapacityListerExpansion allows custom methods to be added to -// CSIStorageCapacityLister. -type CSIStorageCapacityListerExpansion interface{} - -// CSIStorageCapacityNamespaceListerExpansion allows custom methods to be added to -// CSIStorageCapacityNamespaceLister. -type CSIStorageCapacityNamespaceListerExpansion interface{} - -// StorageClassListerExpansion allows custom methods to be added to -// StorageClassLister. -type StorageClassListerExpansion interface{} - -// VolumeAttachmentListerExpansion allows custom methods to be added to -// VolumeAttachmentLister. -type VolumeAttachmentListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1/storageclass.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1/storageclass.go deleted file mode 100644 index ffa3d19f50..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1/storageclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// StorageClassLister helps list StorageClasses. -// All objects returned here must be treated as read-only. -type StorageClassLister interface { - // List lists all StorageClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.StorageClass, err error) - // Get retrieves the StorageClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.StorageClass, error) - StorageClassListerExpansion -} - -// storageClassLister implements the StorageClassLister interface. -type storageClassLister struct { - indexer cache.Indexer -} - -// NewStorageClassLister returns a new StorageClassLister. -func NewStorageClassLister(indexer cache.Indexer) StorageClassLister { - return &storageClassLister{indexer: indexer} -} - -// List lists all StorageClasses in the indexer. -func (s *storageClassLister) List(selector labels.Selector) (ret []*v1.StorageClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.StorageClass)) - }) - return ret, err -} - -// Get retrieves the StorageClass from the index for a given name. -func (s *storageClassLister) Get(name string) (*v1.StorageClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("storageclass"), name) - } - return obj.(*v1.StorageClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1/volumeattachment.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1/volumeattachment.go deleted file mode 100644 index fbc735c939..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1/volumeattachment.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// VolumeAttachmentLister helps list VolumeAttachments. -// All objects returned here must be treated as read-only. -type VolumeAttachmentLister interface { - // List lists all VolumeAttachments in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.VolumeAttachment, err error) - // Get retrieves the VolumeAttachment from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1.VolumeAttachment, error) - VolumeAttachmentListerExpansion -} - -// volumeAttachmentLister implements the VolumeAttachmentLister interface. -type volumeAttachmentLister struct { - indexer cache.Indexer -} - -// NewVolumeAttachmentLister returns a new VolumeAttachmentLister. -func NewVolumeAttachmentLister(indexer cache.Indexer) VolumeAttachmentLister { - return &volumeAttachmentLister{indexer: indexer} -} - -// List lists all VolumeAttachments in the indexer. -func (s *volumeAttachmentLister) List(selector labels.Selector) (ret []*v1.VolumeAttachment, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1.VolumeAttachment)) - }) - return ret, err -} - -// Get retrieves the VolumeAttachment from the index for a given name. -func (s *volumeAttachmentLister) Get(name string) (*v1.VolumeAttachment, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1.Resource("volumeattachment"), name) - } - return obj.(*v1.VolumeAttachment), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/csistoragecapacity.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/csistoragecapacity.go deleted file mode 100644 index 0c1b5f2647..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/csistoragecapacity.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/storage/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CSIStorageCapacityLister helps list CSIStorageCapacities. -// All objects returned here must be treated as read-only. -type CSIStorageCapacityLister interface { - // List lists all CSIStorageCapacities in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.CSIStorageCapacity, err error) - // CSIStorageCapacities returns an object that can list and get CSIStorageCapacities. - CSIStorageCapacities(namespace string) CSIStorageCapacityNamespaceLister - CSIStorageCapacityListerExpansion -} - -// cSIStorageCapacityLister implements the CSIStorageCapacityLister interface. -type cSIStorageCapacityLister struct { - indexer cache.Indexer -} - -// NewCSIStorageCapacityLister returns a new CSIStorageCapacityLister. -func NewCSIStorageCapacityLister(indexer cache.Indexer) CSIStorageCapacityLister { - return &cSIStorageCapacityLister{indexer: indexer} -} - -// List lists all CSIStorageCapacities in the indexer. -func (s *cSIStorageCapacityLister) List(selector labels.Selector) (ret []*v1alpha1.CSIStorageCapacity, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CSIStorageCapacity)) - }) - return ret, err -} - -// CSIStorageCapacities returns an object that can list and get CSIStorageCapacities. -func (s *cSIStorageCapacityLister) CSIStorageCapacities(namespace string) CSIStorageCapacityNamespaceLister { - return cSIStorageCapacityNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CSIStorageCapacityNamespaceLister helps list and get CSIStorageCapacities. -// All objects returned here must be treated as read-only. -type CSIStorageCapacityNamespaceLister interface { - // List lists all CSIStorageCapacities in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.CSIStorageCapacity, err error) - // Get retrieves the CSIStorageCapacity from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.CSIStorageCapacity, error) - CSIStorageCapacityNamespaceListerExpansion -} - -// cSIStorageCapacityNamespaceLister implements the CSIStorageCapacityNamespaceLister -// interface. -type cSIStorageCapacityNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CSIStorageCapacities in the indexer for a given namespace. -func (s cSIStorageCapacityNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CSIStorageCapacity, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CSIStorageCapacity)) - }) - return ret, err -} - -// Get retrieves the CSIStorageCapacity from the indexer for a given namespace and name. -func (s cSIStorageCapacityNamespaceLister) Get(name string) (*v1alpha1.CSIStorageCapacity, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("csistoragecapacity"), name) - } - return obj.(*v1alpha1.CSIStorageCapacity), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/expansion_generated.go deleted file mode 100644 index edefe6d05e..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// CSIStorageCapacityListerExpansion allows custom methods to be added to -// CSIStorageCapacityLister. -type CSIStorageCapacityListerExpansion interface{} - -// CSIStorageCapacityNamespaceListerExpansion allows custom methods to be added to -// CSIStorageCapacityNamespaceLister. -type CSIStorageCapacityNamespaceListerExpansion interface{} - -// VolumeAttachmentListerExpansion allows custom methods to be added to -// VolumeAttachmentLister. -type VolumeAttachmentListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/volumeattachment.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/volumeattachment.go deleted file mode 100644 index 3d5e2b7b71..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1alpha1/volumeattachment.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/storage/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// VolumeAttachmentLister helps list VolumeAttachments. -// All objects returned here must be treated as read-only. -type VolumeAttachmentLister interface { - // List lists all VolumeAttachments in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.VolumeAttachment, err error) - // Get retrieves the VolumeAttachment from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.VolumeAttachment, error) - VolumeAttachmentListerExpansion -} - -// volumeAttachmentLister implements the VolumeAttachmentLister interface. -type volumeAttachmentLister struct { - indexer cache.Indexer -} - -// NewVolumeAttachmentLister returns a new VolumeAttachmentLister. -func NewVolumeAttachmentLister(indexer cache.Indexer) VolumeAttachmentLister { - return &volumeAttachmentLister{indexer: indexer} -} - -// List lists all VolumeAttachments in the indexer. -func (s *volumeAttachmentLister) List(selector labels.Selector) (ret []*v1alpha1.VolumeAttachment, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.VolumeAttachment)) - }) - return ret, err -} - -// Get retrieves the VolumeAttachment from the index for a given name. -func (s *volumeAttachmentLister) Get(name string) (*v1alpha1.VolumeAttachment, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("volumeattachment"), name) - } - return obj.(*v1alpha1.VolumeAttachment), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csidriver.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csidriver.go deleted file mode 100644 index c6787aa01b..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csidriver.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CSIDriverLister helps list CSIDrivers. -// All objects returned here must be treated as read-only. -type CSIDriverLister interface { - // List lists all CSIDrivers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.CSIDriver, err error) - // Get retrieves the CSIDriver from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.CSIDriver, error) - CSIDriverListerExpansion -} - -// cSIDriverLister implements the CSIDriverLister interface. -type cSIDriverLister struct { - indexer cache.Indexer -} - -// NewCSIDriverLister returns a new CSIDriverLister. -func NewCSIDriverLister(indexer cache.Indexer) CSIDriverLister { - return &cSIDriverLister{indexer: indexer} -} - -// List lists all CSIDrivers in the indexer. -func (s *cSIDriverLister) List(selector labels.Selector) (ret []*v1beta1.CSIDriver, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CSIDriver)) - }) - return ret, err -} - -// Get retrieves the CSIDriver from the index for a given name. -func (s *cSIDriverLister) Get(name string) (*v1beta1.CSIDriver, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("csidriver"), name) - } - return obj.(*v1beta1.CSIDriver), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csinode.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csinode.go deleted file mode 100644 index 809efaa369..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csinode.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CSINodeLister helps list CSINodes. -// All objects returned here must be treated as read-only. -type CSINodeLister interface { - // List lists all CSINodes in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.CSINode, err error) - // Get retrieves the CSINode from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.CSINode, error) - CSINodeListerExpansion -} - -// cSINodeLister implements the CSINodeLister interface. -type cSINodeLister struct { - indexer cache.Indexer -} - -// NewCSINodeLister returns a new CSINodeLister. -func NewCSINodeLister(indexer cache.Indexer) CSINodeLister { - return &cSINodeLister{indexer: indexer} -} - -// List lists all CSINodes in the indexer. -func (s *cSINodeLister) List(selector labels.Selector) (ret []*v1beta1.CSINode, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CSINode)) - }) - return ret, err -} - -// Get retrieves the CSINode from the index for a given name. -func (s *cSINodeLister) Get(name string) (*v1beta1.CSINode, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("csinode"), name) - } - return obj.(*v1beta1.CSINode), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csistoragecapacity.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csistoragecapacity.go deleted file mode 100644 index 4680ffb7c8..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/csistoragecapacity.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CSIStorageCapacityLister helps list CSIStorageCapacities. -// All objects returned here must be treated as read-only. -type CSIStorageCapacityLister interface { - // List lists all CSIStorageCapacities in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.CSIStorageCapacity, err error) - // CSIStorageCapacities returns an object that can list and get CSIStorageCapacities. - CSIStorageCapacities(namespace string) CSIStorageCapacityNamespaceLister - CSIStorageCapacityListerExpansion -} - -// cSIStorageCapacityLister implements the CSIStorageCapacityLister interface. -type cSIStorageCapacityLister struct { - indexer cache.Indexer -} - -// NewCSIStorageCapacityLister returns a new CSIStorageCapacityLister. -func NewCSIStorageCapacityLister(indexer cache.Indexer) CSIStorageCapacityLister { - return &cSIStorageCapacityLister{indexer: indexer} -} - -// List lists all CSIStorageCapacities in the indexer. -func (s *cSIStorageCapacityLister) List(selector labels.Selector) (ret []*v1beta1.CSIStorageCapacity, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CSIStorageCapacity)) - }) - return ret, err -} - -// CSIStorageCapacities returns an object that can list and get CSIStorageCapacities. -func (s *cSIStorageCapacityLister) CSIStorageCapacities(namespace string) CSIStorageCapacityNamespaceLister { - return cSIStorageCapacityNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CSIStorageCapacityNamespaceLister helps list and get CSIStorageCapacities. -// All objects returned here must be treated as read-only. -type CSIStorageCapacityNamespaceLister interface { - // List lists all CSIStorageCapacities in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.CSIStorageCapacity, err error) - // Get retrieves the CSIStorageCapacity from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.CSIStorageCapacity, error) - CSIStorageCapacityNamespaceListerExpansion -} - -// cSIStorageCapacityNamespaceLister implements the CSIStorageCapacityNamespaceLister -// interface. -type cSIStorageCapacityNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CSIStorageCapacities in the indexer for a given namespace. -func (s cSIStorageCapacityNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.CSIStorageCapacity, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.CSIStorageCapacity)) - }) - return ret, err -} - -// Get retrieves the CSIStorageCapacity from the indexer for a given namespace and name. -func (s cSIStorageCapacityNamespaceLister) Get(name string) (*v1beta1.CSIStorageCapacity, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("csistoragecapacity"), name) - } - return obj.(*v1beta1.CSIStorageCapacity), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/expansion_generated.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/expansion_generated.go deleted file mode 100644 index c2b0d5b17d..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/expansion_generated.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -// CSIDriverListerExpansion allows custom methods to be added to -// CSIDriverLister. -type CSIDriverListerExpansion interface{} - -// CSINodeListerExpansion allows custom methods to be added to -// CSINodeLister. -type CSINodeListerExpansion interface{} - -// CSIStorageCapacityListerExpansion allows custom methods to be added to -// CSIStorageCapacityLister. -type CSIStorageCapacityListerExpansion interface{} - -// CSIStorageCapacityNamespaceListerExpansion allows custom methods to be added to -// CSIStorageCapacityNamespaceLister. -type CSIStorageCapacityNamespaceListerExpansion interface{} - -// StorageClassListerExpansion allows custom methods to be added to -// StorageClassLister. -type StorageClassListerExpansion interface{} - -// VolumeAttachmentListerExpansion allows custom methods to be added to -// VolumeAttachmentLister. -type VolumeAttachmentListerExpansion interface{} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/storageclass.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/storageclass.go deleted file mode 100644 index eb7b8315c6..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/storageclass.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// StorageClassLister helps list StorageClasses. -// All objects returned here must be treated as read-only. -type StorageClassLister interface { - // List lists all StorageClasses in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.StorageClass, err error) - // Get retrieves the StorageClass from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.StorageClass, error) - StorageClassListerExpansion -} - -// storageClassLister implements the StorageClassLister interface. -type storageClassLister struct { - indexer cache.Indexer -} - -// NewStorageClassLister returns a new StorageClassLister. -func NewStorageClassLister(indexer cache.Indexer) StorageClassLister { - return &storageClassLister{indexer: indexer} -} - -// List lists all StorageClasses in the indexer. -func (s *storageClassLister) List(selector labels.Selector) (ret []*v1beta1.StorageClass, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.StorageClass)) - }) - return ret, err -} - -// Get retrieves the StorageClass from the index for a given name. -func (s *storageClassLister) Get(name string) (*v1beta1.StorageClass, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("storageclass"), name) - } - return obj.(*v1beta1.StorageClass), nil -} diff --git a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/volumeattachment.go b/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/volumeattachment.go deleted file mode 100644 index bab2d317c7..0000000000 --- a/etcd/vendor/k8s.io/client-go/listers/storage/v1beta1/volumeattachment.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// VolumeAttachmentLister helps list VolumeAttachments. -// All objects returned here must be treated as read-only. -type VolumeAttachmentLister interface { - // List lists all VolumeAttachments in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.VolumeAttachment, err error) - // Get retrieves the VolumeAttachment from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.VolumeAttachment, error) - VolumeAttachmentListerExpansion -} - -// volumeAttachmentLister implements the VolumeAttachmentLister interface. -type volumeAttachmentLister struct { - indexer cache.Indexer -} - -// NewVolumeAttachmentLister returns a new VolumeAttachmentLister. -func NewVolumeAttachmentLister(indexer cache.Indexer) VolumeAttachmentLister { - return &volumeAttachmentLister{indexer: indexer} -} - -// List lists all VolumeAttachments in the indexer. -func (s *volumeAttachmentLister) List(selector labels.Selector) (ret []*v1beta1.VolumeAttachment, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1beta1.VolumeAttachment)) - }) - return ret, err -} - -// Get retrieves the VolumeAttachment from the index for a given name. -func (s *volumeAttachmentLister) Get(name string) (*v1beta1.VolumeAttachment, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1beta1.Resource("volumeattachment"), name) - } - return obj.(*v1beta1.VolumeAttachment), nil -} diff --git a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/OWNERS b/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/OWNERS deleted file mode 100644 index c4ea6463df..0000000000 --- a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-authenticators-approvers -reviewers: - - sig-auth-authenticators-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/azure/azure_stub.go b/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/azure/azure_stub.go deleted file mode 100644 index 22d3c6b3fe..0000000000 --- a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/azure/azure_stub.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package azure - -import ( - "errors" - - "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -func init() { - if err := rest.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil { - klog.Fatalf("Failed to register azure auth plugin: %v", err) - } -} - -func newAzureAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) { - return nil, errors.New(`The azure auth plugin has been removed. -Please use the https://github.com/Azure/kubelogin kubectl/client-go credential plugin instead. -See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins for further details`) -} diff --git a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/gcp/gcp_stub.go b/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/gcp/gcp_stub.go deleted file mode 100644 index 99585f9391..0000000000 --- a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/gcp/gcp_stub.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package gcp - -import ( - "errors" - - "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -func init() { - if err := rest.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil { - klog.Fatalf("Failed to register gcp auth plugin: %v", err) - } -} - -func newGCPAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) { - return nil, errors.New(`The gcp auth plugin has been removed. -Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead. -See https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for further details`) -} diff --git a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/oidc/oidc.go b/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/oidc/oidc.go deleted file mode 100644 index 70e8b57b14..0000000000 --- a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/oidc/oidc.go +++ /dev/null @@ -1,380 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package oidc - -import ( - "context" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "strings" - "sync" - "time" - - "golang.org/x/oauth2" - "k8s.io/apimachinery/pkg/util/net" - restclient "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -const ( - cfgIssuerURL = "idp-issuer-url" - cfgClientID = "client-id" - cfgClientSecret = "client-secret" - cfgCertificateAuthority = "idp-certificate-authority" - cfgCertificateAuthorityData = "idp-certificate-authority-data" - cfgIDToken = "id-token" - cfgRefreshToken = "refresh-token" - - // Unused. Scopes aren't sent during refreshing. - cfgExtraScopes = "extra-scopes" -) - -func init() { - if err := restclient.RegisterAuthProviderPlugin("oidc", newOIDCAuthProvider); err != nil { - klog.Fatalf("Failed to register oidc auth plugin: %v", err) - } -} - -// expiryDelta determines how earlier a token should be considered -// expired than its actual expiration time. It is used to avoid late -// expirations due to client-server time mismatches. -// -// NOTE(ericchiang): this is take from golang.org/x/oauth2 -const expiryDelta = 10 * time.Second - -var cache = newClientCache() - -// Like TLS transports, keep a cache of OIDC clients indexed by issuer URL. This ensures -// current requests from different clients don't concurrently attempt to refresh the same -// set of credentials. -type clientCache struct { - mu sync.RWMutex - - cache map[cacheKey]*oidcAuthProvider -} - -func newClientCache() *clientCache { - return &clientCache{cache: make(map[cacheKey]*oidcAuthProvider)} -} - -type cacheKey struct { - clusterAddress string - // Canonical issuer URL string of the provider. - issuerURL string - clientID string -} - -func (c *clientCache) getClient(clusterAddress, issuer, clientID string) (*oidcAuthProvider, bool) { - c.mu.RLock() - defer c.mu.RUnlock() - client, ok := c.cache[cacheKey{clusterAddress: clusterAddress, issuerURL: issuer, clientID: clientID}] - return client, ok -} - -// setClient attempts to put the client in the cache but may return any clients -// with the same keys set before. This is so there's only ever one client for a provider. -func (c *clientCache) setClient(clusterAddress, issuer, clientID string, client *oidcAuthProvider) *oidcAuthProvider { - c.mu.Lock() - defer c.mu.Unlock() - key := cacheKey{clusterAddress: clusterAddress, issuerURL: issuer, clientID: clientID} - - // If another client has already initialized a client for the given provider we want - // to use that client instead of the one we're trying to set. This is so all transports - // share a client and can coordinate around the same mutex when refreshing and writing - // to the kubeconfig. - if oldClient, ok := c.cache[key]; ok { - return oldClient - } - - c.cache[key] = client - return client -} - -func newOIDCAuthProvider(clusterAddress string, cfg map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) { - issuer := cfg[cfgIssuerURL] - if issuer == "" { - return nil, fmt.Errorf("Must provide %s", cfgIssuerURL) - } - - clientID := cfg[cfgClientID] - if clientID == "" { - return nil, fmt.Errorf("Must provide %s", cfgClientID) - } - - // Check cache for existing provider. - if provider, ok := cache.getClient(clusterAddress, issuer, clientID); ok { - return provider, nil - } - - if len(cfg[cfgExtraScopes]) > 0 { - klog.V(2).Infof("%s auth provider field depricated, refresh request don't send scopes", - cfgExtraScopes) - } - - var certAuthData []byte - var err error - if cfg[cfgCertificateAuthorityData] != "" { - certAuthData, err = base64.StdEncoding.DecodeString(cfg[cfgCertificateAuthorityData]) - if err != nil { - return nil, err - } - } - - clientConfig := restclient.Config{ - TLSClientConfig: restclient.TLSClientConfig{ - CAFile: cfg[cfgCertificateAuthority], - CAData: certAuthData, - }, - } - - trans, err := restclient.TransportFor(&clientConfig) - if err != nil { - return nil, err - } - hc := &http.Client{Transport: trans} - - provider := &oidcAuthProvider{ - client: hc, - now: time.Now, - cfg: cfg, - persister: persister, - } - - return cache.setClient(clusterAddress, issuer, clientID, provider), nil -} - -type oidcAuthProvider struct { - client *http.Client - - // Method for determining the current time. - now func() time.Time - - // Mutex guards persisting to the kubeconfig file and allows synchronized - // updates to the in-memory config. It also ensures concurrent calls to - // the RoundTripper only trigger a single refresh request. - mu sync.Mutex - cfg map[string]string - persister restclient.AuthProviderConfigPersister -} - -func (p *oidcAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper { - return &roundTripper{ - wrapped: rt, - provider: p, - } -} - -func (p *oidcAuthProvider) Login() error { - return errors.New("not yet implemented") -} - -type roundTripper struct { - provider *oidcAuthProvider - wrapped http.RoundTripper -} - -var _ net.RoundTripperWrapper = &roundTripper{} - -func (r *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - if len(req.Header.Get("Authorization")) != 0 { - return r.wrapped.RoundTrip(req) - } - token, err := r.provider.idToken() - if err != nil { - return nil, err - } - - // shallow copy of the struct - r2 := new(http.Request) - *r2 = *req - // deep copy of the Header so we don't modify the original - // request's Header (as per RoundTripper contract). - r2.Header = make(http.Header) - for k, s := range req.Header { - r2.Header[k] = s - } - r2.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) - - return r.wrapped.RoundTrip(r2) -} - -func (r *roundTripper) WrappedRoundTripper() http.RoundTripper { return r.wrapped } - -func (p *oidcAuthProvider) idToken() (string, error) { - p.mu.Lock() - defer p.mu.Unlock() - - if idToken, ok := p.cfg[cfgIDToken]; ok && len(idToken) > 0 { - valid, err := idTokenExpired(p.now, idToken) - if err != nil { - return "", err - } - if valid { - // If the cached id token is still valid use it. - return idToken, nil - } - } - - // Try to request a new token using the refresh token. - rt, ok := p.cfg[cfgRefreshToken] - if !ok || len(rt) == 0 { - return "", errors.New("No valid id-token, and cannot refresh without refresh-token") - } - - // Determine provider's OAuth2 token endpoint. - tokenURL, err := tokenEndpoint(p.client, p.cfg[cfgIssuerURL]) - if err != nil { - return "", err - } - - config := oauth2.Config{ - ClientID: p.cfg[cfgClientID], - ClientSecret: p.cfg[cfgClientSecret], - Endpoint: oauth2.Endpoint{TokenURL: tokenURL}, - } - - ctx := context.WithValue(context.Background(), oauth2.HTTPClient, p.client) - token, err := config.TokenSource(ctx, &oauth2.Token{RefreshToken: rt}).Token() - if err != nil { - return "", fmt.Errorf("failed to refresh token: %v", err) - } - - idToken, ok := token.Extra("id_token").(string) - if !ok { - // id_token isn't a required part of a refresh token response, so some - // providers (Okta) don't return this value. - // - // See https://github.com/kubernetes/kubernetes/issues/36847 - return "", fmt.Errorf("token response did not contain an id_token, either the scope \"openid\" wasn't requested upon login, or the provider doesn't support id_tokens as part of the refresh response") - } - - // Create a new config to persist. - newCfg := make(map[string]string) - for key, val := range p.cfg { - newCfg[key] = val - } - - // Update the refresh token if the server returned another one. - if token.RefreshToken != "" && token.RefreshToken != rt { - newCfg[cfgRefreshToken] = token.RefreshToken - } - newCfg[cfgIDToken] = idToken - - // Persist new config and if successful, update the in memory config. - if err = p.persister.Persist(newCfg); err != nil { - return "", fmt.Errorf("could not persist new tokens: %v", err) - } - p.cfg = newCfg - - return idToken, nil -} - -// tokenEndpoint uses OpenID Connect discovery to determine the OAuth2 token -// endpoint for the provider, the endpoint the client will use the refresh -// token against. -func tokenEndpoint(client *http.Client, issuer string) (string, error) { - // Well known URL for getting OpenID Connect metadata. - // - // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig - wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration" - resp, err := client.Get(wellKnown) - if err != nil { - return "", err - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return "", err - } - if resp.StatusCode != http.StatusOK { - // Don't produce an error that's too huge (e.g. if we get HTML back for some reason). - const n = 80 - if len(body) > n { - body = append(body[:n], []byte("...")...) - } - return "", fmt.Errorf("oidc: failed to query metadata endpoint %s: %q", resp.Status, body) - } - - // Metadata object. We only care about the token_endpoint, the thing endpoint - // we'll be refreshing against. - // - // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata - var metadata struct { - TokenURL string `json:"token_endpoint"` - } - if err := json.Unmarshal(body, &metadata); err != nil { - return "", fmt.Errorf("oidc: failed to decode provider discovery object: %v", err) - } - if metadata.TokenURL == "" { - return "", fmt.Errorf("oidc: discovery object doesn't contain a token_endpoint") - } - return metadata.TokenURL, nil -} - -func idTokenExpired(now func() time.Time, idToken string) (bool, error) { - parts := strings.Split(idToken, ".") - if len(parts) != 3 { - return false, fmt.Errorf("ID Token is not a valid JWT") - } - - payload, err := base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return false, err - } - var claims struct { - Expiry jsonTime `json:"exp"` - } - if err := json.Unmarshal(payload, &claims); err != nil { - return false, fmt.Errorf("parsing claims: %v", err) - } - - return now().Add(expiryDelta).Before(time.Time(claims.Expiry)), nil -} - -// jsonTime is a json.Unmarshaler that parses a unix timestamp. -// Because JSON numbers don't differentiate between ints and floats, -// we want to ensure we can parse either. -type jsonTime time.Time - -func (j *jsonTime) UnmarshalJSON(b []byte) error { - var n json.Number - if err := json.Unmarshal(b, &n); err != nil { - return err - } - var unix int64 - - if t, err := n.Int64(); err == nil { - unix = t - } else { - f, err := n.Float64() - if err != nil { - return err - } - unix = int64(f) - } - *j = jsonTime(time.Unix(unix, 0)) - return nil -} - -func (j jsonTime) MarshalJSON() ([]byte, error) { - return json.Marshal(time.Time(j).Unix()) -} diff --git a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/plugins.go b/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/plugins.go deleted file mode 100644 index d1efc86cde..0000000000 --- a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/plugins.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package auth - -import ( - // Initialize common client auth plugins. - _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" -) diff --git a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/plugins_providers.go b/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/plugins_providers.go deleted file mode 100644 index 3f0688774e..0000000000 --- a/etcd/vendor/k8s.io/client-go/plugin/pkg/client/auth/plugins_providers.go +++ /dev/null @@ -1,26 +0,0 @@ -//go:build !providerless -// +build !providerless - -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package auth - -import ( - // Initialize client auth plugins for cloud providers. - _ "k8s.io/client-go/plugin/pkg/client/auth/azure" - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" -) diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/OWNERS b/etcd/vendor/k8s.io/client-go/tools/cache/OWNERS deleted file mode 100644 index 726205b3df..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/OWNERS +++ /dev/null @@ -1,28 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - caesarxuchao - - liggitt - - ncdc -reviewers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - derekwaynecarr - - caesarxuchao - - mikedanese - - liggitt - - janetkuo - - justinsb - - soltysh - - jsafrane - - dims - - ingvagabund - - ncdc diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/controller.go b/etcd/vendor/k8s.io/client-go/tools/cache/controller.go deleted file mode 100644 index 0762da3bef..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/controller.go +++ /dev/null @@ -1,495 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "errors" - "sync" - "time" - - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/utils/clock" -) - -// This file implements a low-level controller that is used in -// sharedIndexInformer, which is an implementation of -// SharedIndexInformer. Such informers, in turn, are key components -// in the high level controllers that form the backbone of the -// Kubernetes control plane. Look at those for examples, or the -// example in -// https://github.com/kubernetes/client-go/tree/master/examples/workqueue -// . - -// Config contains all the settings for one of these low-level controllers. -type Config struct { - // The queue for your objects - has to be a DeltaFIFO due to - // assumptions in the implementation. Your Process() function - // should accept the output of this Queue's Pop() method. - Queue - - // Something that can list and watch your objects. - ListerWatcher - - // Something that can process a popped Deltas. - Process ProcessFunc - - // ObjectType is an example object of the type this controller is - // expected to handle. Only the type needs to be right, except - // that when that is `unstructured.Unstructured` the object's - // `"apiVersion"` and `"kind"` must also be right. - ObjectType runtime.Object - - // FullResyncPeriod is the period at which ShouldResync is considered. - FullResyncPeriod time.Duration - - // ShouldResync is periodically used by the reflector to determine - // whether to Resync the Queue. If ShouldResync is `nil` or - // returns true, it means the reflector should proceed with the - // resync. - ShouldResync ShouldResyncFunc - - // If true, when Process() returns an error, re-enqueue the object. - // TODO: add interface to let you inject a delay/backoff or drop - // the object completely if desired. Pass the object in - // question to this interface as a parameter. This is probably moot - // now that this functionality appears at a higher level. - RetryOnError bool - - // Called whenever the ListAndWatch drops the connection with an error. - WatchErrorHandler WatchErrorHandler - - // WatchListPageSize is the requested chunk size of initial and relist watch lists. - WatchListPageSize int64 -} - -// ShouldResyncFunc is a type of function that indicates if a reflector should perform a -// resync or not. It can be used by a shared informer to support multiple event handlers with custom -// resync periods. -type ShouldResyncFunc func() bool - -// ProcessFunc processes a single object. -type ProcessFunc func(obj interface{}) error - -// `*controller` implements Controller -type controller struct { - config Config - reflector *Reflector - reflectorMutex sync.RWMutex - clock clock.Clock -} - -// Controller is a low-level controller that is parameterized by a -// Config and used in sharedIndexInformer. -type Controller interface { - // Run does two things. One is to construct and run a Reflector - // to pump objects/notifications from the Config's ListerWatcher - // to the Config's Queue and possibly invoke the occasional Resync - // on that Queue. The other is to repeatedly Pop from the Queue - // and process with the Config's ProcessFunc. Both of these - // continue until `stopCh` is closed. - Run(stopCh <-chan struct{}) - - // HasSynced delegates to the Config's Queue - HasSynced() bool - - // LastSyncResourceVersion delegates to the Reflector when there - // is one, otherwise returns the empty string - LastSyncResourceVersion() string -} - -// New makes a new Controller from the given Config. -func New(c *Config) Controller { - ctlr := &controller{ - config: *c, - clock: &clock.RealClock{}, - } - return ctlr -} - -// Run begins processing items, and will continue until a value is sent down stopCh or it is closed. -// It's an error to call Run more than once. -// Run blocks; call via go. -func (c *controller) Run(stopCh <-chan struct{}) { - defer utilruntime.HandleCrash() - go func() { - <-stopCh - c.config.Queue.Close() - }() - r := NewReflector( - c.config.ListerWatcher, - c.config.ObjectType, - c.config.Queue, - c.config.FullResyncPeriod, - ) - r.ShouldResync = c.config.ShouldResync - r.WatchListPageSize = c.config.WatchListPageSize - r.clock = c.clock - if c.config.WatchErrorHandler != nil { - r.watchErrorHandler = c.config.WatchErrorHandler - } - - c.reflectorMutex.Lock() - c.reflector = r - c.reflectorMutex.Unlock() - - var wg wait.Group - - wg.StartWithChannel(stopCh, r.Run) - - wait.Until(c.processLoop, time.Second, stopCh) - wg.Wait() -} - -// Returns true once this controller has completed an initial resource listing -func (c *controller) HasSynced() bool { - return c.config.Queue.HasSynced() -} - -func (c *controller) LastSyncResourceVersion() string { - c.reflectorMutex.RLock() - defer c.reflectorMutex.RUnlock() - if c.reflector == nil { - return "" - } - return c.reflector.LastSyncResourceVersion() -} - -// processLoop drains the work queue. -// TODO: Consider doing the processing in parallel. This will require a little thought -// to make sure that we don't end up processing the same object multiple times -// concurrently. -// -// TODO: Plumb through the stopCh here (and down to the queue) so that this can -// actually exit when the controller is stopped. Or just give up on this stuff -// ever being stoppable. Converting this whole package to use Context would -// also be helpful. -func (c *controller) processLoop() { - for { - obj, err := c.config.Queue.Pop(PopProcessFunc(c.config.Process)) - if err != nil { - if err == ErrFIFOClosed { - return - } - if c.config.RetryOnError { - // This is the safe way to re-enqueue. - c.config.Queue.AddIfNotPresent(obj) - } - } - } -} - -// ResourceEventHandler can handle notifications for events that -// happen to a resource. The events are informational only, so you -// can't return an error. The handlers MUST NOT modify the objects -// received; this concerns not only the top level of structure but all -// the data structures reachable from it. -// - OnAdd is called when an object is added. -// - OnUpdate is called when an object is modified. Note that oldObj is the -// last known state of the object-- it is possible that several changes -// were combined together, so you can't use this to see every single -// change. OnUpdate is also called when a re-list happens, and it will -// get called even if nothing changed. This is useful for periodically -// evaluating or syncing something. -// - OnDelete will get the final state of the item if it is known, otherwise -// it will get an object of type DeletedFinalStateUnknown. This can -// happen if the watch is closed and misses the delete event and we don't -// notice the deletion until the subsequent re-list. -type ResourceEventHandler interface { - OnAdd(obj interface{}) - OnUpdate(oldObj, newObj interface{}) - OnDelete(obj interface{}) -} - -// ResourceEventHandlerFuncs is an adaptor to let you easily specify as many or -// as few of the notification functions as you want while still implementing -// ResourceEventHandler. This adapter does not remove the prohibition against -// modifying the objects. -type ResourceEventHandlerFuncs struct { - AddFunc func(obj interface{}) - UpdateFunc func(oldObj, newObj interface{}) - DeleteFunc func(obj interface{}) -} - -// OnAdd calls AddFunc if it's not nil. -func (r ResourceEventHandlerFuncs) OnAdd(obj interface{}) { - if r.AddFunc != nil { - r.AddFunc(obj) - } -} - -// OnUpdate calls UpdateFunc if it's not nil. -func (r ResourceEventHandlerFuncs) OnUpdate(oldObj, newObj interface{}) { - if r.UpdateFunc != nil { - r.UpdateFunc(oldObj, newObj) - } -} - -// OnDelete calls DeleteFunc if it's not nil. -func (r ResourceEventHandlerFuncs) OnDelete(obj interface{}) { - if r.DeleteFunc != nil { - r.DeleteFunc(obj) - } -} - -// FilteringResourceEventHandler applies the provided filter to all events coming -// in, ensuring the appropriate nested handler method is invoked. An object -// that starts passing the filter after an update is considered an add, and an -// object that stops passing the filter after an update is considered a delete. -// Like the handlers, the filter MUST NOT modify the objects it is given. -type FilteringResourceEventHandler struct { - FilterFunc func(obj interface{}) bool - Handler ResourceEventHandler -} - -// OnAdd calls the nested handler only if the filter succeeds -func (r FilteringResourceEventHandler) OnAdd(obj interface{}) { - if !r.FilterFunc(obj) { - return - } - r.Handler.OnAdd(obj) -} - -// OnUpdate ensures the proper handler is called depending on whether the filter matches -func (r FilteringResourceEventHandler) OnUpdate(oldObj, newObj interface{}) { - newer := r.FilterFunc(newObj) - older := r.FilterFunc(oldObj) - switch { - case newer && older: - r.Handler.OnUpdate(oldObj, newObj) - case newer && !older: - r.Handler.OnAdd(newObj) - case !newer && older: - r.Handler.OnDelete(oldObj) - default: - // do nothing - } -} - -// OnDelete calls the nested handler only if the filter succeeds -func (r FilteringResourceEventHandler) OnDelete(obj interface{}) { - if !r.FilterFunc(obj) { - return - } - r.Handler.OnDelete(obj) -} - -// DeletionHandlingMetaNamespaceKeyFunc checks for -// DeletedFinalStateUnknown objects before calling -// MetaNamespaceKeyFunc. -func DeletionHandlingMetaNamespaceKeyFunc(obj interface{}) (string, error) { - if d, ok := obj.(DeletedFinalStateUnknown); ok { - return d.Key, nil - } - return MetaNamespaceKeyFunc(obj) -} - -// NewInformer returns a Store and a controller for populating the store -// while also providing event notifications. You should only used the returned -// Store for Get/List operations; Add/Modify/Deletes will cause the event -// notifications to be faulty. -// -// Parameters: -// - lw is list and watch functions for the source of the resource you want to -// be informed of. -// - objType is an object of the type that you expect to receive. -// - resyncPeriod: if non-zero, will re-list this often (you will get OnUpdate -// calls, even if nothing changed). Otherwise, re-list will be delayed as -// long as possible (until the upstream source closes the watch or times out, -// or you stop the controller). -// - h is the object you want notifications sent to. -func NewInformer( - lw ListerWatcher, - objType runtime.Object, - resyncPeriod time.Duration, - h ResourceEventHandler, -) (Store, Controller) { - // This will hold the client state, as we know it. - clientState := NewStore(DeletionHandlingMetaNamespaceKeyFunc) - - return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, nil) -} - -// NewIndexerInformer returns an Indexer and a Controller for populating the index -// while also providing event notifications. You should only used the returned -// Index for Get/List operations; Add/Modify/Deletes will cause the event -// notifications to be faulty. -// -// Parameters: -// - lw is list and watch functions for the source of the resource you want to -// be informed of. -// - objType is an object of the type that you expect to receive. -// - resyncPeriod: if non-zero, will re-list this often (you will get OnUpdate -// calls, even if nothing changed). Otherwise, re-list will be delayed as -// long as possible (until the upstream source closes the watch or times out, -// or you stop the controller). -// - h is the object you want notifications sent to. -// - indexers is the indexer for the received object type. -func NewIndexerInformer( - lw ListerWatcher, - objType runtime.Object, - resyncPeriod time.Duration, - h ResourceEventHandler, - indexers Indexers, -) (Indexer, Controller) { - // This will hold the client state, as we know it. - clientState := NewIndexer(DeletionHandlingMetaNamespaceKeyFunc, indexers) - - return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, nil) -} - -// TransformFunc allows for transforming an object before it will be processed -// and put into the controller cache and before the corresponding handlers will -// be called on it. -// TransformFunc (similarly to ResourceEventHandler functions) should be able -// to correctly handle the tombstone of type cache.DeletedFinalStateUnknown -// -// The most common usage pattern is to clean-up some parts of the object to -// reduce component memory usage if a given component doesn't care about them. -// given controller doesn't care for them -type TransformFunc func(interface{}) (interface{}, error) - -// NewTransformingInformer returns a Store and a controller for populating -// the store while also providing event notifications. You should only used -// the returned Store for Get/List operations; Add/Modify/Deletes will cause -// the event notifications to be faulty. -// The given transform function will be called on all objects before they will -// put into the Store and corresponding Add/Modify/Delete handlers will -// be invoked for them. -func NewTransformingInformer( - lw ListerWatcher, - objType runtime.Object, - resyncPeriod time.Duration, - h ResourceEventHandler, - transformer TransformFunc, -) (Store, Controller) { - // This will hold the client state, as we know it. - clientState := NewStore(DeletionHandlingMetaNamespaceKeyFunc) - - return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, transformer) -} - -// NewTransformingIndexerInformer returns an Indexer and a controller for -// populating the index while also providing event notifications. You should -// only used the returned Index for Get/List operations; Add/Modify/Deletes -// will cause the event notifications to be faulty. -// The given transform function will be called on all objects before they will -// be put into the Index and corresponding Add/Modify/Delete handlers will -// be invoked for them. -func NewTransformingIndexerInformer( - lw ListerWatcher, - objType runtime.Object, - resyncPeriod time.Duration, - h ResourceEventHandler, - indexers Indexers, - transformer TransformFunc, -) (Indexer, Controller) { - // This will hold the client state, as we know it. - clientState := NewIndexer(DeletionHandlingMetaNamespaceKeyFunc, indexers) - - return clientState, newInformer(lw, objType, resyncPeriod, h, clientState, transformer) -} - -// Multiplexes updates in the form of a list of Deltas into a Store, and informs -// a given handler of events OnUpdate, OnAdd, OnDelete -func processDeltas( - // Object which receives event notifications from the given deltas - handler ResourceEventHandler, - clientState Store, - transformer TransformFunc, - deltas Deltas, -) error { - // from oldest to newest - for _, d := range deltas { - obj := d.Object - if transformer != nil { - var err error - obj, err = transformer(obj) - if err != nil { - return err - } - } - - switch d.Type { - case Sync, Replaced, Added, Updated: - if old, exists, err := clientState.Get(obj); err == nil && exists { - if err := clientState.Update(obj); err != nil { - return err - } - handler.OnUpdate(old, obj) - } else { - if err := clientState.Add(obj); err != nil { - return err - } - handler.OnAdd(obj) - } - case Deleted: - if err := clientState.Delete(obj); err != nil { - return err - } - handler.OnDelete(obj) - } - } - return nil -} - -// newInformer returns a controller for populating the store while also -// providing event notifications. -// -// Parameters -// - lw is list and watch functions for the source of the resource you want to -// be informed of. -// - objType is an object of the type that you expect to receive. -// - resyncPeriod: if non-zero, will re-list this often (you will get OnUpdate -// calls, even if nothing changed). Otherwise, re-list will be delayed as -// long as possible (until the upstream source closes the watch or times out, -// or you stop the controller). -// - h is the object you want notifications sent to. -// - clientState is the store you want to populate -func newInformer( - lw ListerWatcher, - objType runtime.Object, - resyncPeriod time.Duration, - h ResourceEventHandler, - clientState Store, - transformer TransformFunc, -) Controller { - // This will hold incoming changes. Note how we pass clientState in as a - // KeyLister, that way resync operations will result in the correct set - // of update/delete deltas. - fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ - KnownObjects: clientState, - EmitDeltaTypeReplaced: true, - }) - - cfg := &Config{ - Queue: fifo, - ListerWatcher: lw, - ObjectType: objType, - FullResyncPeriod: resyncPeriod, - RetryOnError: false, - - Process: func(obj interface{}) error { - if deltas, ok := obj.(Deltas); ok { - return processDeltas(h, clientState, transformer, deltas) - } - return errors.New("object given as Process argument is not Deltas") - }, - } - return New(cfg) -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/delta_fifo.go b/etcd/vendor/k8s.io/client-go/tools/cache/delta_fifo.go deleted file mode 100644 index 0c13a41f06..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/delta_fifo.go +++ /dev/null @@ -1,757 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "errors" - "fmt" - "sync" - "time" - - "k8s.io/apimachinery/pkg/util/sets" - - "k8s.io/klog/v2" - utiltrace "k8s.io/utils/trace" -) - -// DeltaFIFOOptions is the configuration parameters for DeltaFIFO. All are -// optional. -type DeltaFIFOOptions struct { - - // KeyFunction is used to figure out what key an object should have. (It's - // exposed in the returned DeltaFIFO's KeyOf() method, with additional - // handling around deleted objects and queue state). - // Optional, the default is MetaNamespaceKeyFunc. - KeyFunction KeyFunc - - // KnownObjects is expected to return a list of keys that the consumer of - // this queue "knows about". It is used to decide which items are missing - // when Replace() is called; 'Deleted' deltas are produced for the missing items. - // KnownObjects may be nil if you can tolerate missing deletions on Replace(). - KnownObjects KeyListerGetter - - // EmitDeltaTypeReplaced indicates that the queue consumer - // understands the Replaced DeltaType. Before the `Replaced` event type was - // added, calls to Replace() were handled the same as Sync(). For - // backwards-compatibility purposes, this is false by default. - // When true, `Replaced` events will be sent for items passed to a Replace() call. - // When false, `Sync` events will be sent instead. - EmitDeltaTypeReplaced bool -} - -// DeltaFIFO is like FIFO, but differs in two ways. One is that the -// accumulator associated with a given object's key is not that object -// but rather a Deltas, which is a slice of Delta values for that -// object. Applying an object to a Deltas means to append a Delta -// except when the potentially appended Delta is a Deleted and the -// Deltas already ends with a Deleted. In that case the Deltas does -// not grow, although the terminal Deleted will be replaced by the new -// Deleted if the older Deleted's object is a -// DeletedFinalStateUnknown. -// -// The other difference is that DeltaFIFO has two additional ways that -// an object can be applied to an accumulator: Replaced and Sync. -// If EmitDeltaTypeReplaced is not set to true, Sync will be used in -// replace events for backwards compatibility. Sync is used for periodic -// resync events. -// -// DeltaFIFO is a producer-consumer queue, where a Reflector is -// intended to be the producer, and the consumer is whatever calls -// the Pop() method. -// -// DeltaFIFO solves this use case: -// - You want to process every object change (delta) at most once. -// - When you process an object, you want to see everything -// that's happened to it since you last processed it. -// - You want to process the deletion of some of the objects. -// - You might want to periodically reprocess objects. -// -// DeltaFIFO's Pop(), Get(), and GetByKey() methods return -// interface{} to satisfy the Store/Queue interfaces, but they -// will always return an object of type Deltas. List() returns -// the newest object from each accumulator in the FIFO. -// -// A DeltaFIFO's knownObjects KeyListerGetter provides the abilities -// to list Store keys and to get objects by Store key. The objects in -// question are called "known objects" and this set of objects -// modifies the behavior of the Delete, Replace, and Resync methods -// (each in a different way). -// -// A note on threading: If you call Pop() in parallel from multiple -// threads, you could end up with multiple threads processing slightly -// different versions of the same object. -type DeltaFIFO struct { - // lock/cond protects access to 'items' and 'queue'. - lock sync.RWMutex - cond sync.Cond - - // `items` maps a key to a Deltas. - // Each such Deltas has at least one Delta. - items map[string]Deltas - - // `queue` maintains FIFO order of keys for consumption in Pop(). - // There are no duplicates in `queue`. - // A key is in `queue` if and only if it is in `items`. - queue []string - - // populated is true if the first batch of items inserted by Replace() has been populated - // or Delete/Add/Update/AddIfNotPresent was called first. - populated bool - // initialPopulationCount is the number of items inserted by the first call of Replace() - initialPopulationCount int - - // keyFunc is used to make the key used for queued item - // insertion and retrieval, and should be deterministic. - keyFunc KeyFunc - - // knownObjects list keys that are "known" --- affecting Delete(), - // Replace(), and Resync() - knownObjects KeyListerGetter - - // Used to indicate a queue is closed so a control loop can exit when a queue is empty. - // Currently, not used to gate any of CRUD operations. - closed bool - - // emitDeltaTypeReplaced is whether to emit the Replaced or Sync - // DeltaType when Replace() is called (to preserve backwards compat). - emitDeltaTypeReplaced bool -} - -// DeltaType is the type of a change (addition, deletion, etc) -type DeltaType string - -// Change type definition -const ( - Added DeltaType = "Added" - Updated DeltaType = "Updated" - Deleted DeltaType = "Deleted" - // Replaced is emitted when we encountered watch errors and had to do a - // relist. We don't know if the replaced object has changed. - // - // NOTE: Previous versions of DeltaFIFO would use Sync for Replace events - // as well. Hence, Replaced is only emitted when the option - // EmitDeltaTypeReplaced is true. - Replaced DeltaType = "Replaced" - // Sync is for synthetic events during a periodic resync. - Sync DeltaType = "Sync" -) - -// Delta is a member of Deltas (a list of Delta objects) which -// in its turn is the type stored by a DeltaFIFO. It tells you what -// change happened, and the object's state after* that change. -// -// [*] Unless the change is a deletion, and then you'll get the final -// state of the object before it was deleted. -type Delta struct { - Type DeltaType - Object interface{} -} - -// Deltas is a list of one or more 'Delta's to an individual object. -// The oldest delta is at index 0, the newest delta is the last one. -type Deltas []Delta - -// NewDeltaFIFO returns a Queue which can be used to process changes to items. -// -// keyFunc is used to figure out what key an object should have. (It is -// exposed in the returned DeltaFIFO's KeyOf() method, with additional handling -// around deleted objects and queue state). -// -// 'knownObjects' may be supplied to modify the behavior of Delete, -// Replace, and Resync. It may be nil if you do not need those -// modifications. -// -// TODO: consider merging keyLister with this object, tracking a list of -// "known" keys when Pop() is called. Have to think about how that -// affects error retrying. -// -// NOTE: It is possible to misuse this and cause a race when using an -// external known object source. -// Whether there is a potential race depends on how the consumer -// modifies knownObjects. In Pop(), process function is called under -// lock, so it is safe to update data structures in it that need to be -// in sync with the queue (e.g. knownObjects). -// -// Example: -// In case of sharedIndexInformer being a consumer -// (https://github.com/kubernetes/kubernetes/blob/0cdd940f/staging/src/k8s.io/client-go/tools/cache/shared_informer.go#L192), -// there is no race as knownObjects (s.indexer) is modified safely -// under DeltaFIFO's lock. The only exceptions are GetStore() and -// GetIndexer() methods, which expose ways to modify the underlying -// storage. Currently these two methods are used for creating Lister -// and internal tests. -// -// Also see the comment on DeltaFIFO. -// -// Warning: This constructs a DeltaFIFO that does not differentiate between -// events caused by a call to Replace (e.g., from a relist, which may -// contain object updates), and synthetic events caused by a periodic resync -// (which just emit the existing object). See https://issue.k8s.io/86015 for details. -// -// Use `NewDeltaFIFOWithOptions(DeltaFIFOOptions{..., EmitDeltaTypeReplaced: true})` -// instead to receive a `Replaced` event depending on the type. -// -// Deprecated: Equivalent to NewDeltaFIFOWithOptions(DeltaFIFOOptions{KeyFunction: keyFunc, KnownObjects: knownObjects}) -func NewDeltaFIFO(keyFunc KeyFunc, knownObjects KeyListerGetter) *DeltaFIFO { - return NewDeltaFIFOWithOptions(DeltaFIFOOptions{ - KeyFunction: keyFunc, - KnownObjects: knownObjects, - }) -} - -// NewDeltaFIFOWithOptions returns a Queue which can be used to process changes to -// items. See also the comment on DeltaFIFO. -func NewDeltaFIFOWithOptions(opts DeltaFIFOOptions) *DeltaFIFO { - if opts.KeyFunction == nil { - opts.KeyFunction = MetaNamespaceKeyFunc - } - - f := &DeltaFIFO{ - items: map[string]Deltas{}, - queue: []string{}, - keyFunc: opts.KeyFunction, - knownObjects: opts.KnownObjects, - - emitDeltaTypeReplaced: opts.EmitDeltaTypeReplaced, - } - f.cond.L = &f.lock - return f -} - -var ( - _ = Queue(&DeltaFIFO{}) // DeltaFIFO is a Queue -) - -var ( - // ErrZeroLengthDeltasObject is returned in a KeyError if a Deltas - // object with zero length is encountered (should be impossible, - // but included for completeness). - ErrZeroLengthDeltasObject = errors.New("0 length Deltas object; can't get key") -) - -// Close the queue. -func (f *DeltaFIFO) Close() { - f.lock.Lock() - defer f.lock.Unlock() - f.closed = true - f.cond.Broadcast() -} - -// KeyOf exposes f's keyFunc, but also detects the key of a Deltas object or -// DeletedFinalStateUnknown objects. -func (f *DeltaFIFO) KeyOf(obj interface{}) (string, error) { - if d, ok := obj.(Deltas); ok { - if len(d) == 0 { - return "", KeyError{obj, ErrZeroLengthDeltasObject} - } - obj = d.Newest().Object - } - if d, ok := obj.(DeletedFinalStateUnknown); ok { - return d.Key, nil - } - return f.keyFunc(obj) -} - -// HasSynced returns true if an Add/Update/Delete/AddIfNotPresent are called first, -// or the first batch of items inserted by Replace() has been popped. -func (f *DeltaFIFO) HasSynced() bool { - f.lock.Lock() - defer f.lock.Unlock() - return f.populated && f.initialPopulationCount == 0 -} - -// Add inserts an item, and puts it in the queue. The item is only enqueued -// if it doesn't already exist in the set. -func (f *DeltaFIFO) Add(obj interface{}) error { - f.lock.Lock() - defer f.lock.Unlock() - f.populated = true - return f.queueActionLocked(Added, obj) -} - -// Update is just like Add, but makes an Updated Delta. -func (f *DeltaFIFO) Update(obj interface{}) error { - f.lock.Lock() - defer f.lock.Unlock() - f.populated = true - return f.queueActionLocked(Updated, obj) -} - -// Delete is just like Add, but makes a Deleted Delta. If the given -// object does not already exist, it will be ignored. (It may have -// already been deleted by a Replace (re-list), for example.) In this -// method `f.knownObjects`, if not nil, provides (via GetByKey) -// _additional_ objects that are considered to already exist. -func (f *DeltaFIFO) Delete(obj interface{}) error { - id, err := f.KeyOf(obj) - if err != nil { - return KeyError{obj, err} - } - f.lock.Lock() - defer f.lock.Unlock() - f.populated = true - if f.knownObjects == nil { - if _, exists := f.items[id]; !exists { - // Presumably, this was deleted when a relist happened. - // Don't provide a second report of the same deletion. - return nil - } - } else { - // We only want to skip the "deletion" action if the object doesn't - // exist in knownObjects and it doesn't have corresponding item in items. - // Note that even if there is a "deletion" action in items, we can ignore it, - // because it will be deduped automatically in "queueActionLocked" - _, exists, err := f.knownObjects.GetByKey(id) - _, itemsExist := f.items[id] - if err == nil && !exists && !itemsExist { - // Presumably, this was deleted when a relist happened. - // Don't provide a second report of the same deletion. - return nil - } - } - - // exist in items and/or KnownObjects - return f.queueActionLocked(Deleted, obj) -} - -// AddIfNotPresent inserts an item, and puts it in the queue. If the item is already -// present in the set, it is neither enqueued nor added to the set. -// -// This is useful in a single producer/consumer scenario so that the consumer can -// safely retry items without contending with the producer and potentially enqueueing -// stale items. -// -// Important: obj must be a Deltas (the output of the Pop() function). Yes, this is -// different from the Add/Update/Delete functions. -func (f *DeltaFIFO) AddIfNotPresent(obj interface{}) error { - deltas, ok := obj.(Deltas) - if !ok { - return fmt.Errorf("object must be of type deltas, but got: %#v", obj) - } - id, err := f.KeyOf(deltas) - if err != nil { - return KeyError{obj, err} - } - f.lock.Lock() - defer f.lock.Unlock() - f.addIfNotPresent(id, deltas) - return nil -} - -// addIfNotPresent inserts deltas under id if it does not exist, and assumes the caller -// already holds the fifo lock. -func (f *DeltaFIFO) addIfNotPresent(id string, deltas Deltas) { - f.populated = true - if _, exists := f.items[id]; exists { - return - } - - f.queue = append(f.queue, id) - f.items[id] = deltas - f.cond.Broadcast() -} - -// re-listing and watching can deliver the same update multiple times in any -// order. This will combine the most recent two deltas if they are the same. -func dedupDeltas(deltas Deltas) Deltas { - n := len(deltas) - if n < 2 { - return deltas - } - a := &deltas[n-1] - b := &deltas[n-2] - if out := isDup(a, b); out != nil { - deltas[n-2] = *out - return deltas[:n-1] - } - return deltas -} - -// If a & b represent the same event, returns the delta that ought to be kept. -// Otherwise, returns nil. -// TODO: is there anything other than deletions that need deduping? -func isDup(a, b *Delta) *Delta { - if out := isDeletionDup(a, b); out != nil { - return out - } - // TODO: Detect other duplicate situations? Are there any? - return nil -} - -// keep the one with the most information if both are deletions. -func isDeletionDup(a, b *Delta) *Delta { - if b.Type != Deleted || a.Type != Deleted { - return nil - } - // Do more sophisticated checks, or is this sufficient? - if _, ok := b.Object.(DeletedFinalStateUnknown); ok { - return a - } - return b -} - -// queueActionLocked appends to the delta list for the object. -// Caller must lock first. -func (f *DeltaFIFO) queueActionLocked(actionType DeltaType, obj interface{}) error { - id, err := f.KeyOf(obj) - if err != nil { - return KeyError{obj, err} - } - oldDeltas := f.items[id] - newDeltas := append(oldDeltas, Delta{actionType, obj}) - newDeltas = dedupDeltas(newDeltas) - - if len(newDeltas) > 0 { - if _, exists := f.items[id]; !exists { - f.queue = append(f.queue, id) - } - f.items[id] = newDeltas - f.cond.Broadcast() - } else { - // This never happens, because dedupDeltas never returns an empty list - // when given a non-empty list (as it is here). - // If somehow it happens anyway, deal with it but complain. - if oldDeltas == nil { - klog.Errorf("Impossible dedupDeltas for id=%q: oldDeltas=%#+v, obj=%#+v; ignoring", id, oldDeltas, obj) - return nil - } - klog.Errorf("Impossible dedupDeltas for id=%q: oldDeltas=%#+v, obj=%#+v; breaking invariant by storing empty Deltas", id, oldDeltas, obj) - f.items[id] = newDeltas - return fmt.Errorf("Impossible dedupDeltas for id=%q: oldDeltas=%#+v, obj=%#+v; broke DeltaFIFO invariant by storing empty Deltas", id, oldDeltas, obj) - } - return nil -} - -// List returns a list of all the items; it returns the object -// from the most recent Delta. -// You should treat the items returned inside the deltas as immutable. -func (f *DeltaFIFO) List() []interface{} { - f.lock.RLock() - defer f.lock.RUnlock() - return f.listLocked() -} - -func (f *DeltaFIFO) listLocked() []interface{} { - list := make([]interface{}, 0, len(f.items)) - for _, item := range f.items { - list = append(list, item.Newest().Object) - } - return list -} - -// ListKeys returns a list of all the keys of the objects currently -// in the FIFO. -func (f *DeltaFIFO) ListKeys() []string { - f.lock.RLock() - defer f.lock.RUnlock() - list := make([]string, 0, len(f.queue)) - for _, key := range f.queue { - list = append(list, key) - } - return list -} - -// Get returns the complete list of deltas for the requested item, -// or sets exists=false. -// You should treat the items returned inside the deltas as immutable. -func (f *DeltaFIFO) Get(obj interface{}) (item interface{}, exists bool, err error) { - key, err := f.KeyOf(obj) - if err != nil { - return nil, false, KeyError{obj, err} - } - return f.GetByKey(key) -} - -// GetByKey returns the complete list of deltas for the requested item, -// setting exists=false if that list is empty. -// You should treat the items returned inside the deltas as immutable. -func (f *DeltaFIFO) GetByKey(key string) (item interface{}, exists bool, err error) { - f.lock.RLock() - defer f.lock.RUnlock() - d, exists := f.items[key] - if exists { - // Copy item's slice so operations on this slice - // won't interfere with the object we return. - d = copyDeltas(d) - } - return d, exists, nil -} - -// IsClosed checks if the queue is closed -func (f *DeltaFIFO) IsClosed() bool { - f.lock.Lock() - defer f.lock.Unlock() - return f.closed -} - -// Pop blocks until the queue has some items, and then returns one. If -// multiple items are ready, they are returned in the order in which they were -// added/updated. The item is removed from the queue (and the store) before it -// is returned, so if you don't successfully process it, you need to add it back -// with AddIfNotPresent(). -// process function is called under lock, so it is safe to update data structures -// in it that need to be in sync with the queue (e.g. knownKeys). The PopProcessFunc -// may return an instance of ErrRequeue with a nested error to indicate the current -// item should be requeued (equivalent to calling AddIfNotPresent under the lock). -// process should avoid expensive I/O operation so that other queue operations, i.e. -// Add() and Get(), won't be blocked for too long. -// -// Pop returns a 'Deltas', which has a complete list of all the things -// that happened to the object (deltas) while it was sitting in the queue. -func (f *DeltaFIFO) Pop(process PopProcessFunc) (interface{}, error) { - f.lock.Lock() - defer f.lock.Unlock() - for { - for len(f.queue) == 0 { - // When the queue is empty, invocation of Pop() is blocked until new item is enqueued. - // When Close() is called, the f.closed is set and the condition is broadcasted. - // Which causes this loop to continue and return from the Pop(). - if f.closed { - return nil, ErrFIFOClosed - } - - f.cond.Wait() - } - id := f.queue[0] - f.queue = f.queue[1:] - depth := len(f.queue) - if f.initialPopulationCount > 0 { - f.initialPopulationCount-- - } - item, ok := f.items[id] - if !ok { - // This should never happen - klog.Errorf("Inconceivable! %q was in f.queue but not f.items; ignoring.", id) - continue - } - delete(f.items, id) - // Only log traces if the queue depth is greater than 10 and it takes more than - // 100 milliseconds to process one item from the queue. - // Queue depth never goes high because processing an item is locking the queue, - // and new items can't be added until processing finish. - // https://github.com/kubernetes/kubernetes/issues/103789 - if depth > 10 { - trace := utiltrace.New("DeltaFIFO Pop Process", - utiltrace.Field{Key: "ID", Value: id}, - utiltrace.Field{Key: "Depth", Value: depth}, - utiltrace.Field{Key: "Reason", Value: "slow event handlers blocking the queue"}) - defer trace.LogIfLong(100 * time.Millisecond) - } - err := process(item) - if e, ok := err.(ErrRequeue); ok { - f.addIfNotPresent(id, item) - err = e.Err - } - // Don't need to copyDeltas here, because we're transferring - // ownership to the caller. - return item, err - } -} - -// Replace atomically does two things: (1) it adds the given objects -// using the Sync or Replace DeltaType and then (2) it does some deletions. -// In particular: for every pre-existing key K that is not the key of -// an object in `list` there is the effect of -// `Delete(DeletedFinalStateUnknown{K, O})` where O is current object -// of K. If `f.knownObjects == nil` then the pre-existing keys are -// those in `f.items` and the current object of K is the `.Newest()` -// of the Deltas associated with K. Otherwise the pre-existing keys -// are those listed by `f.knownObjects` and the current object of K is -// what `f.knownObjects.GetByKey(K)` returns. -func (f *DeltaFIFO) Replace(list []interface{}, _ string) error { - f.lock.Lock() - defer f.lock.Unlock() - keys := make(sets.String, len(list)) - - // keep backwards compat for old clients - action := Sync - if f.emitDeltaTypeReplaced { - action = Replaced - } - - // Add Sync/Replaced action for each new item. - for _, item := range list { - key, err := f.KeyOf(item) - if err != nil { - return KeyError{item, err} - } - keys.Insert(key) - if err := f.queueActionLocked(action, item); err != nil { - return fmt.Errorf("couldn't enqueue object: %v", err) - } - } - - if f.knownObjects == nil { - // Do deletion detection against our own list. - queuedDeletions := 0 - for k, oldItem := range f.items { - if keys.Has(k) { - continue - } - // Delete pre-existing items not in the new list. - // This could happen if watch deletion event was missed while - // disconnected from apiserver. - var deletedObj interface{} - if n := oldItem.Newest(); n != nil { - deletedObj = n.Object - } - queuedDeletions++ - if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { - return err - } - } - - if !f.populated { - f.populated = true - // While there shouldn't be any queued deletions in the initial - // population of the queue, it's better to be on the safe side. - f.initialPopulationCount = keys.Len() + queuedDeletions - } - - return nil - } - - // Detect deletions not already in the queue. - knownKeys := f.knownObjects.ListKeys() - queuedDeletions := 0 - for _, k := range knownKeys { - if keys.Has(k) { - continue - } - - deletedObj, exists, err := f.knownObjects.GetByKey(k) - if err != nil { - deletedObj = nil - klog.Errorf("Unexpected error %v during lookup of key %v, placing DeleteFinalStateUnknown marker without object", err, k) - } else if !exists { - deletedObj = nil - klog.Infof("Key %v does not exist in known objects store, placing DeleteFinalStateUnknown marker without object", k) - } - queuedDeletions++ - if err := f.queueActionLocked(Deleted, DeletedFinalStateUnknown{k, deletedObj}); err != nil { - return err - } - } - - if !f.populated { - f.populated = true - f.initialPopulationCount = keys.Len() + queuedDeletions - } - - return nil -} - -// Resync adds, with a Sync type of Delta, every object listed by -// `f.knownObjects` whose key is not already queued for processing. -// If `f.knownObjects` is `nil` then Resync does nothing. -func (f *DeltaFIFO) Resync() error { - f.lock.Lock() - defer f.lock.Unlock() - - if f.knownObjects == nil { - return nil - } - - keys := f.knownObjects.ListKeys() - for _, k := range keys { - if err := f.syncKeyLocked(k); err != nil { - return err - } - } - return nil -} - -func (f *DeltaFIFO) syncKeyLocked(key string) error { - obj, exists, err := f.knownObjects.GetByKey(key) - if err != nil { - klog.Errorf("Unexpected error %v during lookup of key %v, unable to queue object for sync", err, key) - return nil - } else if !exists { - klog.Infof("Key %v does not exist in known objects store, unable to queue object for sync", key) - return nil - } - - // If we are doing Resync() and there is already an event queued for that object, - // we ignore the Resync for it. This is to avoid the race, in which the resync - // comes with the previous value of object (since queueing an event for the object - // doesn't trigger changing the underlying store <knownObjects>. - id, err := f.KeyOf(obj) - if err != nil { - return KeyError{obj, err} - } - if len(f.items[id]) > 0 { - return nil - } - - if err := f.queueActionLocked(Sync, obj); err != nil { - return fmt.Errorf("couldn't queue object: %v", err) - } - return nil -} - -// A KeyListerGetter is anything that knows how to list its keys and look up by key. -type KeyListerGetter interface { - KeyLister - KeyGetter -} - -// A KeyLister is anything that knows how to list its keys. -type KeyLister interface { - ListKeys() []string -} - -// A KeyGetter is anything that knows how to get the value stored under a given key. -type KeyGetter interface { - // GetByKey returns the value associated with the key, or sets exists=false. - GetByKey(key string) (value interface{}, exists bool, err error) -} - -// Oldest is a convenience function that returns the oldest delta, or -// nil if there are no deltas. -func (d Deltas) Oldest() *Delta { - if len(d) > 0 { - return &d[0] - } - return nil -} - -// Newest is a convenience function that returns the newest delta, or -// nil if there are no deltas. -func (d Deltas) Newest() *Delta { - if n := len(d); n > 0 { - return &d[n-1] - } - return nil -} - -// copyDeltas returns a shallow copy of d; that is, it copies the slice but not -// the objects in the slice. This allows Get/List to return an object that we -// know won't be clobbered by a subsequent modifications. -func copyDeltas(d Deltas) Deltas { - d2 := make(Deltas, len(d)) - copy(d2, d) - return d2 -} - -// DeletedFinalStateUnknown is placed into a DeltaFIFO in the case where an object -// was deleted but the watch deletion event was missed while disconnected from -// apiserver. In this case we don't know the final "resting" state of the object, so -// there's a chance the included `Obj` is stale. -type DeletedFinalStateUnknown struct { - Key string - Obj interface{} -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/doc.go b/etcd/vendor/k8s.io/client-go/tools/cache/doc.go deleted file mode 100644 index 56b61d3006..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package cache is a client-side caching mechanism. It is useful for -// reducing the number of server calls you'd otherwise need to make. -// Reflector watches a server and updates a Store. Two stores are provided; -// one that simply caches objects (for example, to allow a scheduler to -// list currently available nodes), and one that additionally acts as -// a FIFO queue (for example, to allow a scheduler to process incoming -// pods). -package cache // import "k8s.io/client-go/tools/cache" diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/expiration_cache.go b/etcd/vendor/k8s.io/client-go/tools/cache/expiration_cache.go deleted file mode 100644 index 813916ebf0..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/expiration_cache.go +++ /dev/null @@ -1,214 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "sync" - "time" - - "k8s.io/utils/clock" -) - -// ExpirationCache implements the store interface -// 1. All entries are automatically time stamped on insert -// a. The key is computed based off the original item/keyFunc -// b. The value inserted under that key is the timestamped item -// 2. Expiration happens lazily on read based on the expiration policy -// a. No item can be inserted into the store while we're expiring -// *any* item in the cache. -// 3. Time-stamps are stripped off unexpired entries before return -// -// Note that the ExpirationCache is inherently slower than a normal -// threadSafeStore because it takes a write lock every time it checks if -// an item has expired. -type ExpirationCache struct { - cacheStorage ThreadSafeStore - keyFunc KeyFunc - clock clock.Clock - expirationPolicy ExpirationPolicy - // expirationLock is a write lock used to guarantee that we don't clobber - // newly inserted objects because of a stale expiration timestamp comparison - expirationLock sync.Mutex -} - -// ExpirationPolicy dictates when an object expires. Currently only abstracted out -// so unittests don't rely on the system clock. -type ExpirationPolicy interface { - IsExpired(obj *TimestampedEntry) bool -} - -// TTLPolicy implements a ttl based ExpirationPolicy. -type TTLPolicy struct { - // >0: Expire entries with an age > ttl - // <=0: Don't expire any entry - TTL time.Duration - - // Clock used to calculate ttl expiration - Clock clock.Clock -} - -// IsExpired returns true if the given object is older than the ttl, or it can't -// determine its age. -func (p *TTLPolicy) IsExpired(obj *TimestampedEntry) bool { - return p.TTL > 0 && p.Clock.Since(obj.Timestamp) > p.TTL -} - -// TimestampedEntry is the only type allowed in a ExpirationCache. -// Keep in mind that it is not safe to share timestamps between computers. -// Behavior may be inconsistent if you get a timestamp from the API Server and -// use it on the client machine as part of your ExpirationCache. -type TimestampedEntry struct { - Obj interface{} - Timestamp time.Time - key string -} - -// getTimestampedEntry returns the TimestampedEntry stored under the given key. -func (c *ExpirationCache) getTimestampedEntry(key string) (*TimestampedEntry, bool) { - item, _ := c.cacheStorage.Get(key) - if tsEntry, ok := item.(*TimestampedEntry); ok { - return tsEntry, true - } - return nil, false -} - -// getOrExpire retrieves the object from the TimestampedEntry if and only if it hasn't -// already expired. It holds a write lock across deletion. -func (c *ExpirationCache) getOrExpire(key string) (interface{}, bool) { - // Prevent all inserts from the time we deem an item as "expired" to when we - // delete it, so an un-expired item doesn't sneak in under the same key, just - // before the Delete. - c.expirationLock.Lock() - defer c.expirationLock.Unlock() - timestampedItem, exists := c.getTimestampedEntry(key) - if !exists { - return nil, false - } - if c.expirationPolicy.IsExpired(timestampedItem) { - c.cacheStorage.Delete(key) - return nil, false - } - return timestampedItem.Obj, true -} - -// GetByKey returns the item stored under the key, or sets exists=false. -func (c *ExpirationCache) GetByKey(key string) (interface{}, bool, error) { - obj, exists := c.getOrExpire(key) - return obj, exists, nil -} - -// Get returns unexpired items. It purges the cache of expired items in the -// process. -func (c *ExpirationCache) Get(obj interface{}) (interface{}, bool, error) { - key, err := c.keyFunc(obj) - if err != nil { - return nil, false, KeyError{obj, err} - } - obj, exists := c.getOrExpire(key) - return obj, exists, nil -} - -// List retrieves a list of unexpired items. It purges the cache of expired -// items in the process. -func (c *ExpirationCache) List() []interface{} { - items := c.cacheStorage.List() - - list := make([]interface{}, 0, len(items)) - for _, item := range items { - key := item.(*TimestampedEntry).key - if obj, exists := c.getOrExpire(key); exists { - list = append(list, obj) - } - } - return list -} - -// ListKeys returns a list of all keys in the expiration cache. -func (c *ExpirationCache) ListKeys() []string { - return c.cacheStorage.ListKeys() -} - -// Add timestamps an item and inserts it into the cache, overwriting entries -// that might exist under the same key. -func (c *ExpirationCache) Add(obj interface{}) error { - key, err := c.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - c.expirationLock.Lock() - defer c.expirationLock.Unlock() - - c.cacheStorage.Add(key, &TimestampedEntry{obj, c.clock.Now(), key}) - return nil -} - -// Update has not been implemented yet for lack of a use case, so this method -// simply calls `Add`. This effectively refreshes the timestamp. -func (c *ExpirationCache) Update(obj interface{}) error { - return c.Add(obj) -} - -// Delete removes an item from the cache. -func (c *ExpirationCache) Delete(obj interface{}) error { - key, err := c.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - c.expirationLock.Lock() - defer c.expirationLock.Unlock() - c.cacheStorage.Delete(key) - return nil -} - -// Replace will convert all items in the given list to TimestampedEntries -// before attempting the replace operation. The replace operation will -// delete the contents of the ExpirationCache `c`. -func (c *ExpirationCache) Replace(list []interface{}, resourceVersion string) error { - items := make(map[string]interface{}, len(list)) - ts := c.clock.Now() - for _, item := range list { - key, err := c.keyFunc(item) - if err != nil { - return KeyError{item, err} - } - items[key] = &TimestampedEntry{item, ts, key} - } - c.expirationLock.Lock() - defer c.expirationLock.Unlock() - c.cacheStorage.Replace(items, resourceVersion) - return nil -} - -// Resync is a no-op for one of these -func (c *ExpirationCache) Resync() error { - return nil -} - -// NewTTLStore creates and returns a ExpirationCache with a TTLPolicy -func NewTTLStore(keyFunc KeyFunc, ttl time.Duration) Store { - return NewExpirationStore(keyFunc, &TTLPolicy{ttl, clock.RealClock{}}) -} - -// NewExpirationStore creates and returns a ExpirationCache for a given policy -func NewExpirationStore(keyFunc KeyFunc, expirationPolicy ExpirationPolicy) Store { - return &ExpirationCache{ - cacheStorage: NewThreadSafeStore(Indexers{}, Indices{}), - keyFunc: keyFunc, - clock: clock.RealClock{}, - expirationPolicy: expirationPolicy, - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/expiration_cache_fakes.go b/etcd/vendor/k8s.io/client-go/tools/cache/expiration_cache_fakes.go deleted file mode 100644 index a16f4735e3..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/expiration_cache_fakes.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/utils/clock" -) - -type fakeThreadSafeMap struct { - ThreadSafeStore - deletedKeys chan<- string -} - -func (c *fakeThreadSafeMap) Delete(key string) { - if c.deletedKeys != nil { - c.ThreadSafeStore.Delete(key) - c.deletedKeys <- key - } -} - -// FakeExpirationPolicy keeps the list for keys which never expires. -type FakeExpirationPolicy struct { - NeverExpire sets.String - RetrieveKeyFunc KeyFunc -} - -// IsExpired used to check if object is expired. -func (p *FakeExpirationPolicy) IsExpired(obj *TimestampedEntry) bool { - key, _ := p.RetrieveKeyFunc(obj) - return !p.NeverExpire.Has(key) -} - -// NewFakeExpirationStore creates a new instance for the ExpirationCache. -func NewFakeExpirationStore(keyFunc KeyFunc, deletedKeys chan<- string, expirationPolicy ExpirationPolicy, cacheClock clock.Clock) Store { - cacheStorage := NewThreadSafeStore(Indexers{}, Indices{}) - return &ExpirationCache{ - cacheStorage: &fakeThreadSafeMap{cacheStorage, deletedKeys}, - keyFunc: keyFunc, - clock: cacheClock, - expirationPolicy: expirationPolicy, - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/fake_custom_store.go b/etcd/vendor/k8s.io/client-go/tools/cache/fake_custom_store.go deleted file mode 100644 index 462d22660c..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/fake_custom_store.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -// FakeCustomStore lets you define custom functions for store operations. -type FakeCustomStore struct { - AddFunc func(obj interface{}) error - UpdateFunc func(obj interface{}) error - DeleteFunc func(obj interface{}) error - ListFunc func() []interface{} - ListKeysFunc func() []string - GetFunc func(obj interface{}) (item interface{}, exists bool, err error) - GetByKeyFunc func(key string) (item interface{}, exists bool, err error) - ReplaceFunc func(list []interface{}, resourceVersion string) error - ResyncFunc func() error -} - -// Add calls the custom Add function if defined -func (f *FakeCustomStore) Add(obj interface{}) error { - if f.AddFunc != nil { - return f.AddFunc(obj) - } - return nil -} - -// Update calls the custom Update function if defined -func (f *FakeCustomStore) Update(obj interface{}) error { - if f.UpdateFunc != nil { - return f.UpdateFunc(obj) - } - return nil -} - -// Delete calls the custom Delete function if defined -func (f *FakeCustomStore) Delete(obj interface{}) error { - if f.DeleteFunc != nil { - return f.DeleteFunc(obj) - } - return nil -} - -// List calls the custom List function if defined -func (f *FakeCustomStore) List() []interface{} { - if f.ListFunc != nil { - return f.ListFunc() - } - return nil -} - -// ListKeys calls the custom ListKeys function if defined -func (f *FakeCustomStore) ListKeys() []string { - if f.ListKeysFunc != nil { - return f.ListKeysFunc() - } - return nil -} - -// Get calls the custom Get function if defined -func (f *FakeCustomStore) Get(obj interface{}) (item interface{}, exists bool, err error) { - if f.GetFunc != nil { - return f.GetFunc(obj) - } - return nil, false, nil -} - -// GetByKey calls the custom GetByKey function if defined -func (f *FakeCustomStore) GetByKey(key string) (item interface{}, exists bool, err error) { - if f.GetByKeyFunc != nil { - return f.GetByKeyFunc(key) - } - return nil, false, nil -} - -// Replace calls the custom Replace function if defined -func (f *FakeCustomStore) Replace(list []interface{}, resourceVersion string) error { - if f.ReplaceFunc != nil { - return f.ReplaceFunc(list, resourceVersion) - } - return nil -} - -// Resync calls the custom Resync function if defined -func (f *FakeCustomStore) Resync() error { - if f.ResyncFunc != nil { - return f.ResyncFunc() - } - return nil -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/fifo.go b/etcd/vendor/k8s.io/client-go/tools/cache/fifo.go deleted file mode 100644 index 8f3313783d..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/fifo.go +++ /dev/null @@ -1,374 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "errors" - "sync" - - "k8s.io/apimachinery/pkg/util/sets" -) - -// PopProcessFunc is passed to Pop() method of Queue interface. -// It is supposed to process the accumulator popped from the queue. -type PopProcessFunc func(interface{}) error - -// ErrRequeue may be returned by a PopProcessFunc to safely requeue -// the current item. The value of Err will be returned from Pop. -type ErrRequeue struct { - // Err is returned by the Pop function - Err error -} - -// ErrFIFOClosed used when FIFO is closed -var ErrFIFOClosed = errors.New("DeltaFIFO: manipulating with closed queue") - -func (e ErrRequeue) Error() string { - if e.Err == nil { - return "the popped item should be requeued without returning an error" - } - return e.Err.Error() -} - -// Queue extends Store with a collection of Store keys to "process". -// Every Add, Update, or Delete may put the object's key in that collection. -// A Queue has a way to derive the corresponding key given an accumulator. -// A Queue can be accessed concurrently from multiple goroutines. -// A Queue can be "closed", after which Pop operations return an error. -type Queue interface { - Store - - // Pop blocks until there is at least one key to process or the - // Queue is closed. In the latter case Pop returns with an error. - // In the former case Pop atomically picks one key to process, - // removes that (key, accumulator) association from the Store, and - // processes the accumulator. Pop returns the accumulator that - // was processed and the result of processing. The PopProcessFunc - // may return an ErrRequeue{inner} and in this case Pop will (a) - // return that (key, accumulator) association to the Queue as part - // of the atomic processing and (b) return the inner error from - // Pop. - Pop(PopProcessFunc) (interface{}, error) - - // AddIfNotPresent puts the given accumulator into the Queue (in - // association with the accumulator's key) if and only if that key - // is not already associated with a non-empty accumulator. - AddIfNotPresent(interface{}) error - - // HasSynced returns true if the first batch of keys have all been - // popped. The first batch of keys are those of the first Replace - // operation if that happened before any Add, AddIfNotPresent, - // Update, or Delete; otherwise the first batch is empty. - HasSynced() bool - - // Close the queue - Close() -} - -// Pop is helper function for popping from Queue. -// WARNING: Do NOT use this function in non-test code to avoid races -// unless you really really really really know what you are doing. -func Pop(queue Queue) interface{} { - var result interface{} - queue.Pop(func(obj interface{}) error { - result = obj - return nil - }) - return result -} - -// FIFO is a Queue in which (a) each accumulator is simply the most -// recently provided object and (b) the collection of keys to process -// is a FIFO. The accumulators all start out empty, and deleting an -// object from its accumulator empties the accumulator. The Resync -// operation is a no-op. -// -// Thus: if multiple adds/updates of a single object happen while that -// object's key is in the queue before it has been processed then it -// will only be processed once, and when it is processed the most -// recent version will be processed. This can't be done with a channel -// -// FIFO solves this use case: -// - You want to process every object (exactly) once. -// - You want to process the most recent version of the object when you process it. -// - You do not want to process deleted objects, they should be removed from the queue. -// - You do not want to periodically reprocess objects. -// -// Compare with DeltaFIFO for other use cases. -type FIFO struct { - lock sync.RWMutex - cond sync.Cond - // We depend on the property that every key in `items` is also in `queue` - items map[string]interface{} - queue []string - - // populated is true if the first batch of items inserted by Replace() has been populated - // or Delete/Add/Update was called first. - populated bool - // initialPopulationCount is the number of items inserted by the first call of Replace() - initialPopulationCount int - - // keyFunc is used to make the key used for queued item insertion and retrieval, and - // should be deterministic. - keyFunc KeyFunc - - // Indication the queue is closed. - // Used to indicate a queue is closed so a control loop can exit when a queue is empty. - // Currently, not used to gate any of CRUD operations. - closed bool -} - -var ( - _ = Queue(&FIFO{}) // FIFO is a Queue -) - -// Close the queue. -func (f *FIFO) Close() { - f.lock.Lock() - defer f.lock.Unlock() - f.closed = true - f.cond.Broadcast() -} - -// HasSynced returns true if an Add/Update/Delete/AddIfNotPresent are called first, -// or the first batch of items inserted by Replace() has been popped. -func (f *FIFO) HasSynced() bool { - f.lock.Lock() - defer f.lock.Unlock() - return f.populated && f.initialPopulationCount == 0 -} - -// Add inserts an item, and puts it in the queue. The item is only enqueued -// if it doesn't already exist in the set. -func (f *FIFO) Add(obj interface{}) error { - id, err := f.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - f.lock.Lock() - defer f.lock.Unlock() - f.populated = true - if _, exists := f.items[id]; !exists { - f.queue = append(f.queue, id) - } - f.items[id] = obj - f.cond.Broadcast() - return nil -} - -// AddIfNotPresent inserts an item, and puts it in the queue. If the item is already -// present in the set, it is neither enqueued nor added to the set. -// -// This is useful in a single producer/consumer scenario so that the consumer can -// safely retry items without contending with the producer and potentially enqueueing -// stale items. -func (f *FIFO) AddIfNotPresent(obj interface{}) error { - id, err := f.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - f.lock.Lock() - defer f.lock.Unlock() - f.addIfNotPresent(id, obj) - return nil -} - -// addIfNotPresent assumes the fifo lock is already held and adds the provided -// item to the queue under id if it does not already exist. -func (f *FIFO) addIfNotPresent(id string, obj interface{}) { - f.populated = true - if _, exists := f.items[id]; exists { - return - } - - f.queue = append(f.queue, id) - f.items[id] = obj - f.cond.Broadcast() -} - -// Update is the same as Add in this implementation. -func (f *FIFO) Update(obj interface{}) error { - return f.Add(obj) -} - -// Delete removes an item. It doesn't add it to the queue, because -// this implementation assumes the consumer only cares about the objects, -// not the order in which they were created/added. -func (f *FIFO) Delete(obj interface{}) error { - id, err := f.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - f.lock.Lock() - defer f.lock.Unlock() - f.populated = true - delete(f.items, id) - return err -} - -// List returns a list of all the items. -func (f *FIFO) List() []interface{} { - f.lock.RLock() - defer f.lock.RUnlock() - list := make([]interface{}, 0, len(f.items)) - for _, item := range f.items { - list = append(list, item) - } - return list -} - -// ListKeys returns a list of all the keys of the objects currently -// in the FIFO. -func (f *FIFO) ListKeys() []string { - f.lock.RLock() - defer f.lock.RUnlock() - list := make([]string, 0, len(f.items)) - for key := range f.items { - list = append(list, key) - } - return list -} - -// Get returns the requested item, or sets exists=false. -func (f *FIFO) Get(obj interface{}) (item interface{}, exists bool, err error) { - key, err := f.keyFunc(obj) - if err != nil { - return nil, false, KeyError{obj, err} - } - return f.GetByKey(key) -} - -// GetByKey returns the requested item, or sets exists=false. -func (f *FIFO) GetByKey(key string) (item interface{}, exists bool, err error) { - f.lock.RLock() - defer f.lock.RUnlock() - item, exists = f.items[key] - return item, exists, nil -} - -// IsClosed checks if the queue is closed -func (f *FIFO) IsClosed() bool { - f.lock.Lock() - defer f.lock.Unlock() - return f.closed -} - -// Pop waits until an item is ready and processes it. If multiple items are -// ready, they are returned in the order in which they were added/updated. -// The item is removed from the queue (and the store) before it is processed, -// so if you don't successfully process it, it should be added back with -// AddIfNotPresent(). process function is called under lock, so it is safe -// update data structures in it that need to be in sync with the queue. -func (f *FIFO) Pop(process PopProcessFunc) (interface{}, error) { - f.lock.Lock() - defer f.lock.Unlock() - for { - for len(f.queue) == 0 { - // When the queue is empty, invocation of Pop() is blocked until new item is enqueued. - // When Close() is called, the f.closed is set and the condition is broadcasted. - // Which causes this loop to continue and return from the Pop(). - if f.closed { - return nil, ErrFIFOClosed - } - - f.cond.Wait() - } - id := f.queue[0] - f.queue = f.queue[1:] - if f.initialPopulationCount > 0 { - f.initialPopulationCount-- - } - item, ok := f.items[id] - if !ok { - // Item may have been deleted subsequently. - continue - } - delete(f.items, id) - err := process(item) - if e, ok := err.(ErrRequeue); ok { - f.addIfNotPresent(id, item) - err = e.Err - } - return item, err - } -} - -// Replace will delete the contents of 'f', using instead the given map. -// 'f' takes ownership of the map, you should not reference the map again -// after calling this function. f's queue is reset, too; upon return, it -// will contain the items in the map, in no particular order. -func (f *FIFO) Replace(list []interface{}, resourceVersion string) error { - items := make(map[string]interface{}, len(list)) - for _, item := range list { - key, err := f.keyFunc(item) - if err != nil { - return KeyError{item, err} - } - items[key] = item - } - - f.lock.Lock() - defer f.lock.Unlock() - - if !f.populated { - f.populated = true - f.initialPopulationCount = len(items) - } - - f.items = items - f.queue = f.queue[:0] - for id := range items { - f.queue = append(f.queue, id) - } - if len(f.queue) > 0 { - f.cond.Broadcast() - } - return nil -} - -// Resync will ensure that every object in the Store has its key in the queue. -// This should be a no-op, because that property is maintained by all operations. -func (f *FIFO) Resync() error { - f.lock.Lock() - defer f.lock.Unlock() - - inQueue := sets.NewString() - for _, id := range f.queue { - inQueue.Insert(id) - } - for id := range f.items { - if !inQueue.Has(id) { - f.queue = append(f.queue, id) - } - } - if len(f.queue) > 0 { - f.cond.Broadcast() - } - return nil -} - -// NewFIFO returns a Store which can be used to queue up items to -// process. -func NewFIFO(keyFunc KeyFunc) *FIFO { - f := &FIFO{ - items: map[string]interface{}{}, - queue: []string{}, - keyFunc: keyFunc, - } - f.cond.L = &f.lock - return f -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/heap.go b/etcd/vendor/k8s.io/client-go/tools/cache/heap.go deleted file mode 100644 index 819325e9e2..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/heap.go +++ /dev/null @@ -1,322 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file implements a heap data structure. - -package cache - -import ( - "container/heap" - "fmt" - "sync" -) - -const ( - closedMsg = "heap is closed" -) - -// LessFunc is used to compare two objects in the heap. -type LessFunc func(interface{}, interface{}) bool - -type heapItem struct { - obj interface{} // The object which is stored in the heap. - index int // The index of the object's key in the Heap.queue. -} - -type itemKeyValue struct { - key string - obj interface{} -} - -// heapData is an internal struct that implements the standard heap interface -// and keeps the data stored in the heap. -type heapData struct { - // items is a map from key of the objects to the objects and their index. - // We depend on the property that items in the map are in the queue and vice versa. - items map[string]*heapItem - // queue implements a heap data structure and keeps the order of elements - // according to the heap invariant. The queue keeps the keys of objects stored - // in "items". - queue []string - - // keyFunc is used to make the key used for queued item insertion and retrieval, and - // should be deterministic. - keyFunc KeyFunc - // lessFunc is used to compare two objects in the heap. - lessFunc LessFunc -} - -var ( - _ = heap.Interface(&heapData{}) // heapData is a standard heap -) - -// Less compares two objects and returns true if the first one should go -// in front of the second one in the heap. -func (h *heapData) Less(i, j int) bool { - if i > len(h.queue) || j > len(h.queue) { - return false - } - itemi, ok := h.items[h.queue[i]] - if !ok { - return false - } - itemj, ok := h.items[h.queue[j]] - if !ok { - return false - } - return h.lessFunc(itemi.obj, itemj.obj) -} - -// Len returns the number of items in the Heap. -func (h *heapData) Len() int { return len(h.queue) } - -// Swap implements swapping of two elements in the heap. This is a part of standard -// heap interface and should never be called directly. -func (h *heapData) Swap(i, j int) { - h.queue[i], h.queue[j] = h.queue[j], h.queue[i] - item := h.items[h.queue[i]] - item.index = i - item = h.items[h.queue[j]] - item.index = j -} - -// Push is supposed to be called by heap.Push only. -func (h *heapData) Push(kv interface{}) { - keyValue := kv.(*itemKeyValue) - n := len(h.queue) - h.items[keyValue.key] = &heapItem{keyValue.obj, n} - h.queue = append(h.queue, keyValue.key) -} - -// Pop is supposed to be called by heap.Pop only. -func (h *heapData) Pop() interface{} { - key := h.queue[len(h.queue)-1] - h.queue = h.queue[0 : len(h.queue)-1] - item, ok := h.items[key] - if !ok { - // This is an error - return nil - } - delete(h.items, key) - return item.obj -} - -// Heap is a thread-safe producer/consumer queue that implements a heap data structure. -// It can be used to implement priority queues and similar data structures. -type Heap struct { - lock sync.RWMutex - cond sync.Cond - - // data stores objects and has a queue that keeps their ordering according - // to the heap invariant. - data *heapData - - // closed indicates that the queue is closed. - // It is mainly used to let Pop() exit its control loop while waiting for an item. - closed bool -} - -// Close the Heap and signals condition variables that may be waiting to pop -// items from the heap. -func (h *Heap) Close() { - h.lock.Lock() - defer h.lock.Unlock() - h.closed = true - h.cond.Broadcast() -} - -// Add inserts an item, and puts it in the queue. The item is updated if it -// already exists. -func (h *Heap) Add(obj interface{}) error { - key, err := h.data.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - h.lock.Lock() - defer h.lock.Unlock() - if h.closed { - return fmt.Errorf(closedMsg) - } - if _, exists := h.data.items[key]; exists { - h.data.items[key].obj = obj - heap.Fix(h.data, h.data.items[key].index) - } else { - h.addIfNotPresentLocked(key, obj) - } - h.cond.Broadcast() - return nil -} - -// BulkAdd adds all the items in the list to the queue and then signals the condition -// variable. It is useful when the caller would like to add all of the items -// to the queue before consumer starts processing them. -func (h *Heap) BulkAdd(list []interface{}) error { - h.lock.Lock() - defer h.lock.Unlock() - if h.closed { - return fmt.Errorf(closedMsg) - } - for _, obj := range list { - key, err := h.data.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - if _, exists := h.data.items[key]; exists { - h.data.items[key].obj = obj - heap.Fix(h.data, h.data.items[key].index) - } else { - h.addIfNotPresentLocked(key, obj) - } - } - h.cond.Broadcast() - return nil -} - -// AddIfNotPresent inserts an item, and puts it in the queue. If an item with -// the key is present in the map, no changes is made to the item. -// -// This is useful in a single producer/consumer scenario so that the consumer can -// safely retry items without contending with the producer and potentially enqueueing -// stale items. -func (h *Heap) AddIfNotPresent(obj interface{}) error { - id, err := h.data.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - h.lock.Lock() - defer h.lock.Unlock() - if h.closed { - return fmt.Errorf(closedMsg) - } - h.addIfNotPresentLocked(id, obj) - h.cond.Broadcast() - return nil -} - -// addIfNotPresentLocked assumes the lock is already held and adds the provided -// item to the queue if it does not already exist. -func (h *Heap) addIfNotPresentLocked(key string, obj interface{}) { - if _, exists := h.data.items[key]; exists { - return - } - heap.Push(h.data, &itemKeyValue{key, obj}) -} - -// Update is the same as Add in this implementation. When the item does not -// exist, it is added. -func (h *Heap) Update(obj interface{}) error { - return h.Add(obj) -} - -// Delete removes an item. -func (h *Heap) Delete(obj interface{}) error { - key, err := h.data.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - h.lock.Lock() - defer h.lock.Unlock() - if item, ok := h.data.items[key]; ok { - heap.Remove(h.data, item.index) - return nil - } - return fmt.Errorf("object not found") -} - -// Pop waits until an item is ready. If multiple items are -// ready, they are returned in the order given by Heap.data.lessFunc. -func (h *Heap) Pop() (interface{}, error) { - h.lock.Lock() - defer h.lock.Unlock() - for len(h.data.queue) == 0 { - // When the queue is empty, invocation of Pop() is blocked until new item is enqueued. - // When Close() is called, the h.closed is set and the condition is broadcast, - // which causes this loop to continue and return from the Pop(). - if h.closed { - return nil, fmt.Errorf("heap is closed") - } - h.cond.Wait() - } - obj := heap.Pop(h.data) - if obj == nil { - return nil, fmt.Errorf("object was removed from heap data") - } - - return obj, nil -} - -// List returns a list of all the items. -func (h *Heap) List() []interface{} { - h.lock.RLock() - defer h.lock.RUnlock() - list := make([]interface{}, 0, len(h.data.items)) - for _, item := range h.data.items { - list = append(list, item.obj) - } - return list -} - -// ListKeys returns a list of all the keys of the objects currently in the Heap. -func (h *Heap) ListKeys() []string { - h.lock.RLock() - defer h.lock.RUnlock() - list := make([]string, 0, len(h.data.items)) - for key := range h.data.items { - list = append(list, key) - } - return list -} - -// Get returns the requested item, or sets exists=false. -func (h *Heap) Get(obj interface{}) (interface{}, bool, error) { - key, err := h.data.keyFunc(obj) - if err != nil { - return nil, false, KeyError{obj, err} - } - return h.GetByKey(key) -} - -// GetByKey returns the requested item, or sets exists=false. -func (h *Heap) GetByKey(key string) (interface{}, bool, error) { - h.lock.RLock() - defer h.lock.RUnlock() - item, exists := h.data.items[key] - if !exists { - return nil, false, nil - } - return item.obj, true, nil -} - -// IsClosed returns true if the queue is closed. -func (h *Heap) IsClosed() bool { - h.lock.RLock() - defer h.lock.RUnlock() - return h.closed -} - -// NewHeap returns a Heap which can be used to queue up items to process. -func NewHeap(keyFn KeyFunc, lessFn LessFunc) *Heap { - h := &Heap{ - data: &heapData{ - items: map[string]*heapItem{}, - queue: []string{}, - keyFunc: keyFn, - lessFunc: lessFn, - }, - } - h.cond.L = &h.lock - return h -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/index.go b/etcd/vendor/k8s.io/client-go/tools/cache/index.go deleted file mode 100644 index b78d3086b8..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/index.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/util/sets" -) - -// Indexer extends Store with multiple indices and restricts each -// accumulator to simply hold the current object (and be empty after -// Delete). -// -// There are three kinds of strings here: -// 1. a storage key, as defined in the Store interface, -// 2. a name of an index, and -// 3. an "indexed value", which is produced by an IndexFunc and -// can be a field value or any other string computed from the object. -type Indexer interface { - Store - // Index returns the stored objects whose set of indexed values - // intersects the set of indexed values of the given object, for - // the named index - Index(indexName string, obj interface{}) ([]interface{}, error) - // IndexKeys returns the storage keys of the stored objects whose - // set of indexed values for the named index includes the given - // indexed value - IndexKeys(indexName, indexedValue string) ([]string, error) - // ListIndexFuncValues returns all the indexed values of the given index - ListIndexFuncValues(indexName string) []string - // ByIndex returns the stored objects whose set of indexed values - // for the named index includes the given indexed value - ByIndex(indexName, indexedValue string) ([]interface{}, error) - // GetIndexers return the indexers - GetIndexers() Indexers - - // AddIndexers adds more indexers to this store. If you call this after you already have data - // in the store, the results are undefined. - AddIndexers(newIndexers Indexers) error -} - -// IndexFunc knows how to compute the set of indexed values for an object. -type IndexFunc func(obj interface{}) ([]string, error) - -// IndexFuncToKeyFuncAdapter adapts an indexFunc to a keyFunc. This is only useful if your index function returns -// unique values for every object. This conversion can create errors when more than one key is found. You -// should prefer to make proper key and index functions. -func IndexFuncToKeyFuncAdapter(indexFunc IndexFunc) KeyFunc { - return func(obj interface{}) (string, error) { - indexKeys, err := indexFunc(obj) - if err != nil { - return "", err - } - if len(indexKeys) > 1 { - return "", fmt.Errorf("too many keys: %v", indexKeys) - } - if len(indexKeys) == 0 { - return "", fmt.Errorf("unexpected empty indexKeys") - } - return indexKeys[0], nil - } -} - -const ( - // NamespaceIndex is the lookup name for the most common index function, which is to index by the namespace field. - NamespaceIndex string = "namespace" -) - -// MetaNamespaceIndexFunc is a default index function that indexes based on an object's namespace -func MetaNamespaceIndexFunc(obj interface{}) ([]string, error) { - meta, err := meta.Accessor(obj) - if err != nil { - return []string{""}, fmt.Errorf("object has no meta: %v", err) - } - return []string{meta.GetNamespace()}, nil -} - -// Index maps the indexed value to a set of keys in the store that match on that value -type Index map[string]sets.String - -// Indexers maps a name to an IndexFunc -type Indexers map[string]IndexFunc - -// Indices maps a name to an Index -type Indices map[string]Index diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/listers.go b/etcd/vendor/k8s.io/client-go/tools/cache/listers.go deleted file mode 100644 index 420ca7b2ac..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/listers.go +++ /dev/null @@ -1,169 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// AppendFunc is used to add a matching item to whatever list the caller is using -type AppendFunc func(interface{}) - -// ListAll calls appendFn with each value retrieved from store which matches the selector. -func ListAll(store Store, selector labels.Selector, appendFn AppendFunc) error { - selectAll := selector.Empty() - for _, m := range store.List() { - if selectAll { - // Avoid computing labels of the objects to speed up common flows - // of listing all objects. - appendFn(m) - continue - } - metadata, err := meta.Accessor(m) - if err != nil { - return err - } - if selector.Matches(labels.Set(metadata.GetLabels())) { - appendFn(m) - } - } - return nil -} - -// ListAllByNamespace used to list items belongs to namespace from Indexer. -func ListAllByNamespace(indexer Indexer, namespace string, selector labels.Selector, appendFn AppendFunc) error { - if namespace == metav1.NamespaceAll { - return ListAll(indexer, selector, appendFn) - } - - items, err := indexer.Index(NamespaceIndex, &metav1.ObjectMeta{Namespace: namespace}) - if err != nil { - // Ignore error; do slow search without index. - klog.Warningf("can not retrieve list of objects using index : %v", err) - for _, m := range indexer.List() { - metadata, err := meta.Accessor(m) - if err != nil { - return err - } - if metadata.GetNamespace() == namespace && selector.Matches(labels.Set(metadata.GetLabels())) { - appendFn(m) - } - - } - return nil - } - - selectAll := selector.Empty() - for _, m := range items { - if selectAll { - // Avoid computing labels of the objects to speed up common flows - // of listing all objects. - appendFn(m) - continue - } - metadata, err := meta.Accessor(m) - if err != nil { - return err - } - if selector.Matches(labels.Set(metadata.GetLabels())) { - appendFn(m) - } - } - - return nil -} - -// GenericLister is a lister skin on a generic Indexer -type GenericLister interface { - // List will return all objects across namespaces - List(selector labels.Selector) (ret []runtime.Object, err error) - // Get will attempt to retrieve assuming that name==key - Get(name string) (runtime.Object, error) - // ByNamespace will give you a GenericNamespaceLister for one namespace - ByNamespace(namespace string) GenericNamespaceLister -} - -// GenericNamespaceLister is a lister skin on a generic Indexer -type GenericNamespaceLister interface { - // List will return all objects in this namespace - List(selector labels.Selector) (ret []runtime.Object, err error) - // Get will attempt to retrieve by namespace and name - Get(name string) (runtime.Object, error) -} - -// NewGenericLister creates a new instance for the genericLister. -func NewGenericLister(indexer Indexer, resource schema.GroupResource) GenericLister { - return &genericLister{indexer: indexer, resource: resource} -} - -type genericLister struct { - indexer Indexer - resource schema.GroupResource -} - -func (s *genericLister) List(selector labels.Selector) (ret []runtime.Object, err error) { - err = ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(runtime.Object)) - }) - return ret, err -} - -func (s *genericLister) ByNamespace(namespace string) GenericNamespaceLister { - return &genericNamespaceLister{indexer: s.indexer, namespace: namespace, resource: s.resource} -} - -func (s *genericLister) Get(name string) (runtime.Object, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(s.resource, name) - } - return obj.(runtime.Object), nil -} - -type genericNamespaceLister struct { - indexer Indexer - namespace string - resource schema.GroupResource -} - -func (s *genericNamespaceLister) List(selector labels.Selector) (ret []runtime.Object, err error) { - err = ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(runtime.Object)) - }) - return ret, err -} - -func (s *genericNamespaceLister) Get(name string) (runtime.Object, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(s.resource, name) - } - return obj.(runtime.Object), nil -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/listwatch.go b/etcd/vendor/k8s.io/client-go/tools/cache/listwatch.go deleted file mode 100644 index 10b7e6512e..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/listwatch.go +++ /dev/null @@ -1,112 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" - restclient "k8s.io/client-go/rest" -) - -// Lister is any object that knows how to perform an initial list. -type Lister interface { - // List should return a list type object; the Items field will be extracted, and the - // ResourceVersion field will be used to start the watch in the right place. - List(options metav1.ListOptions) (runtime.Object, error) -} - -// Watcher is any object that knows how to start a watch on a resource. -type Watcher interface { - // Watch should begin a watch at the specified version. - Watch(options metav1.ListOptions) (watch.Interface, error) -} - -// ListerWatcher is any object that knows how to perform an initial list and start a watch on a resource. -type ListerWatcher interface { - Lister - Watcher -} - -// ListFunc knows how to list resources -type ListFunc func(options metav1.ListOptions) (runtime.Object, error) - -// WatchFunc knows how to watch resources -type WatchFunc func(options metav1.ListOptions) (watch.Interface, error) - -// ListWatch knows how to list and watch a set of apiserver resources. It satisfies the ListerWatcher interface. -// It is a convenience function for users of NewReflector, etc. -// ListFunc and WatchFunc must not be nil -type ListWatch struct { - ListFunc ListFunc - WatchFunc WatchFunc - // DisableChunking requests no chunking for this list watcher. - DisableChunking bool -} - -// Getter interface knows how to access Get method from RESTClient. -type Getter interface { - Get() *restclient.Request -} - -// NewListWatchFromClient creates a new ListWatch from the specified client, resource, namespace and field selector. -func NewListWatchFromClient(c Getter, resource string, namespace string, fieldSelector fields.Selector) *ListWatch { - optionsModifier := func(options *metav1.ListOptions) { - options.FieldSelector = fieldSelector.String() - } - return NewFilteredListWatchFromClient(c, resource, namespace, optionsModifier) -} - -// NewFilteredListWatchFromClient creates a new ListWatch from the specified client, resource, namespace, and option modifier. -// Option modifier is a function takes a ListOptions and modifies the consumed ListOptions. Provide customized modifier function -// to apply modification to ListOptions with a field selector, a label selector, or any other desired options. -func NewFilteredListWatchFromClient(c Getter, resource string, namespace string, optionsModifier func(options *metav1.ListOptions)) *ListWatch { - listFunc := func(options metav1.ListOptions) (runtime.Object, error) { - optionsModifier(&options) - return c.Get(). - Namespace(namespace). - Resource(resource). - VersionedParams(&options, metav1.ParameterCodec). - Do(context.TODO()). - Get() - } - watchFunc := func(options metav1.ListOptions) (watch.Interface, error) { - options.Watch = true - optionsModifier(&options) - return c.Get(). - Namespace(namespace). - Resource(resource). - VersionedParams(&options, metav1.ParameterCodec). - Watch(context.TODO()) - } - return &ListWatch{ListFunc: listFunc, WatchFunc: watchFunc} -} - -// List a set of apiserver resources -func (lw *ListWatch) List(options metav1.ListOptions) (runtime.Object, error) { - // ListWatch is used in Reflector, which already supports pagination. - // Don't paginate here to avoid duplication. - return lw.ListFunc(options) -} - -// Watch a set of apiserver resources -func (lw *ListWatch) Watch(options metav1.ListOptions) (watch.Interface, error) { - return lw.WatchFunc(options) -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/mutation_cache.go b/etcd/vendor/k8s.io/client-go/tools/cache/mutation_cache.go deleted file mode 100644 index c6f953d8e0..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/mutation_cache.go +++ /dev/null @@ -1,262 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "fmt" - "strconv" - "sync" - "time" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime" - utilcache "k8s.io/apimachinery/pkg/util/cache" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" -) - -// MutationCache is able to take the result of update operations and stores them in an LRU -// that can be used to provide a more current view of a requested object. It requires interpreting -// resourceVersions for comparisons. -// Implementations must be thread-safe. -// TODO find a way to layer this into an informer/lister -type MutationCache interface { - GetByKey(key string) (interface{}, bool, error) - ByIndex(indexName, indexKey string) ([]interface{}, error) - Mutation(interface{}) -} - -// ResourceVersionComparator is able to compare object versions. -type ResourceVersionComparator interface { - CompareResourceVersion(lhs, rhs runtime.Object) int -} - -// NewIntegerResourceVersionMutationCache returns a MutationCache that understands how to -// deal with objects that have a resource version that: -// -// - is an integer -// - increases when updated -// - is comparable across the same resource in a namespace -// -// Most backends will have these semantics. Indexer may be nil. ttl controls how long an item -// remains in the mutation cache before it is removed. -// -// If includeAdds is true, objects in the mutation cache will be returned even if they don't exist -// in the underlying store. This is only safe if your use of the cache can handle mutation entries -// remaining in the cache for up to ttl when mutations and deletes occur very closely in time. -func NewIntegerResourceVersionMutationCache(backingCache Store, indexer Indexer, ttl time.Duration, includeAdds bool) MutationCache { - return &mutationCache{ - backingCache: backingCache, - indexer: indexer, - mutationCache: utilcache.NewLRUExpireCache(100), - comparator: etcdObjectVersioner{}, - ttl: ttl, - includeAdds: includeAdds, - } -} - -// mutationCache doesn't guarantee that it returns values added via Mutation since they can page out and -// since you can't distinguish between, "didn't observe create" and "was deleted after create", -// if the key is missing from the backing cache, we always return it as missing -type mutationCache struct { - lock sync.Mutex - backingCache Store - indexer Indexer - mutationCache *utilcache.LRUExpireCache - includeAdds bool - ttl time.Duration - - comparator ResourceVersionComparator -} - -// GetByKey is never guaranteed to return back the value set in Mutation. It could be paged out, it could -// be older than another copy, the backingCache may be more recent or, you might have written twice into the same key. -// You get a value that was valid at some snapshot of time and will always return the newer of backingCache and mutationCache. -func (c *mutationCache) GetByKey(key string) (interface{}, bool, error) { - c.lock.Lock() - defer c.lock.Unlock() - - obj, exists, err := c.backingCache.GetByKey(key) - if err != nil { - return nil, false, err - } - if !exists { - if !c.includeAdds { - // we can't distinguish between, "didn't observe create" and "was deleted after create", so - // if the key is missing, we always return it as missing - return nil, false, nil - } - obj, exists = c.mutationCache.Get(key) - if !exists { - return nil, false, nil - } - } - objRuntime, ok := obj.(runtime.Object) - if !ok { - return obj, true, nil - } - return c.newerObject(key, objRuntime), true, nil -} - -// ByIndex returns the newer objects that match the provided index and indexer key. -// Will return an error if no indexer was provided. -func (c *mutationCache) ByIndex(name string, indexKey string) ([]interface{}, error) { - c.lock.Lock() - defer c.lock.Unlock() - if c.indexer == nil { - return nil, fmt.Errorf("no indexer has been provided to the mutation cache") - } - keys, err := c.indexer.IndexKeys(name, indexKey) - if err != nil { - return nil, err - } - var items []interface{} - keySet := sets.NewString() - for _, key := range keys { - keySet.Insert(key) - obj, exists, err := c.indexer.GetByKey(key) - if err != nil { - return nil, err - } - if !exists { - continue - } - if objRuntime, ok := obj.(runtime.Object); ok { - items = append(items, c.newerObject(key, objRuntime)) - } else { - items = append(items, obj) - } - } - - if c.includeAdds { - fn := c.indexer.GetIndexers()[name] - // Keys() is returned oldest to newest, so full traversal does not alter the LRU behavior - for _, key := range c.mutationCache.Keys() { - updated, ok := c.mutationCache.Get(key) - if !ok { - continue - } - if keySet.Has(key.(string)) { - continue - } - elements, err := fn(updated) - if err != nil { - klog.V(4).Infof("Unable to calculate an index entry for mutation cache entry %s: %v", key, err) - continue - } - for _, inIndex := range elements { - if inIndex != indexKey { - continue - } - items = append(items, updated) - break - } - } - } - - return items, nil -} - -// newerObject checks the mutation cache for a newer object and returns one if found. If the -// mutated object is older than the backing object, it is removed from the Must be -// called while the lock is held. -func (c *mutationCache) newerObject(key string, backing runtime.Object) runtime.Object { - mutatedObj, exists := c.mutationCache.Get(key) - if !exists { - return backing - } - mutatedObjRuntime, ok := mutatedObj.(runtime.Object) - if !ok { - return backing - } - if c.comparator.CompareResourceVersion(backing, mutatedObjRuntime) >= 0 { - c.mutationCache.Remove(key) - return backing - } - return mutatedObjRuntime -} - -// Mutation adds a change to the cache that can be returned in GetByKey if it is newer than the backingCache -// copy. If you call Mutation twice with the same object on different threads, one will win, but its not defined -// which one. This doesn't affect correctness, since the GetByKey guaranteed of "later of these two caches" is -// preserved, but you may not get the version of the object you want. The object you get is only guaranteed to -// "one that was valid at some point in time", not "the one that I want". -func (c *mutationCache) Mutation(obj interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - - key, err := DeletionHandlingMetaNamespaceKeyFunc(obj) - if err != nil { - // this is a "nice to have", so failures shouldn't do anything weird - utilruntime.HandleError(err) - return - } - - if objRuntime, ok := obj.(runtime.Object); ok { - if mutatedObj, exists := c.mutationCache.Get(key); exists { - if mutatedObjRuntime, ok := mutatedObj.(runtime.Object); ok { - if c.comparator.CompareResourceVersion(objRuntime, mutatedObjRuntime) < 0 { - return - } - } - } - } - c.mutationCache.Add(key, obj, c.ttl) -} - -// etcdObjectVersioner implements versioning and extracting etcd node information -// for objects that have an embedded ObjectMeta or ListMeta field. -type etcdObjectVersioner struct{} - -// ObjectResourceVersion implements Versioner -func (a etcdObjectVersioner) ObjectResourceVersion(obj runtime.Object) (uint64, error) { - accessor, err := meta.Accessor(obj) - if err != nil { - return 0, err - } - version := accessor.GetResourceVersion() - if len(version) == 0 { - return 0, nil - } - return strconv.ParseUint(version, 10, 64) -} - -// CompareResourceVersion compares etcd resource versions. Outside this API they are all strings, -// but etcd resource versions are special, they're actually ints, so we can easily compare them. -func (a etcdObjectVersioner) CompareResourceVersion(lhs, rhs runtime.Object) int { - lhsVersion, err := a.ObjectResourceVersion(lhs) - if err != nil { - // coder error - panic(err) - } - rhsVersion, err := a.ObjectResourceVersion(rhs) - if err != nil { - // coder error - panic(err) - } - - if lhsVersion == rhsVersion { - return 0 - } - if lhsVersion < rhsVersion { - return -1 - } - - return 1 -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/mutation_detector.go b/etcd/vendor/k8s.io/client-go/tools/cache/mutation_detector.go deleted file mode 100644 index b37537cbd8..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/mutation_detector.go +++ /dev/null @@ -1,166 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "fmt" - "os" - "reflect" - "strconv" - "sync" - "time" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/diff" -) - -var mutationDetectionEnabled = false - -func init() { - mutationDetectionEnabled, _ = strconv.ParseBool(os.Getenv("KUBE_CACHE_MUTATION_DETECTOR")) -} - -// MutationDetector is able to monitor objects for mutation within a limited window of time -type MutationDetector interface { - // AddObject adds the given object to the set being monitored for a while from now - AddObject(obj interface{}) - - // Run starts the monitoring and does not return until the monitoring is stopped. - Run(stopCh <-chan struct{}) -} - -// NewCacheMutationDetector creates a new instance for the defaultCacheMutationDetector. -func NewCacheMutationDetector(name string) MutationDetector { - if !mutationDetectionEnabled { - return dummyMutationDetector{} - } - klog.Warningln("Mutation detector is enabled, this will result in memory leakage.") - return &defaultCacheMutationDetector{name: name, period: 1 * time.Second, retainDuration: 2 * time.Minute} -} - -type dummyMutationDetector struct{} - -func (dummyMutationDetector) Run(stopCh <-chan struct{}) { -} -func (dummyMutationDetector) AddObject(obj interface{}) { -} - -// defaultCacheMutationDetector gives a way to detect if a cached object has been mutated -// It has a list of cached objects and their copies. I haven't thought of a way -// to see WHO is mutating it, just that it's getting mutated. -type defaultCacheMutationDetector struct { - name string - period time.Duration - - // compareLock ensures only a single call to CompareObjects runs at a time - compareObjectsLock sync.Mutex - - // addLock guards addedObjs between AddObject and CompareObjects - addedObjsLock sync.Mutex - addedObjs []cacheObj - - cachedObjs []cacheObj - - retainDuration time.Duration - lastRotated time.Time - retainedCachedObjs []cacheObj - - // failureFunc is injectable for unit testing. If you don't have it, the process will panic. - // This panic is intentional, since turning on this detection indicates you want a strong - // failure signal. This failure is effectively a p0 bug and you can't trust process results - // after a mutation anyway. - failureFunc func(message string) -} - -// cacheObj holds the actual object and a copy -type cacheObj struct { - cached interface{} - copied interface{} -} - -func (d *defaultCacheMutationDetector) Run(stopCh <-chan struct{}) { - // we DON'T want protection from panics. If we're running this code, we want to die - for { - if d.lastRotated.IsZero() { - d.lastRotated = time.Now() - } else if time.Since(d.lastRotated) > d.retainDuration { - d.retainedCachedObjs = d.cachedObjs - d.cachedObjs = nil - d.lastRotated = time.Now() - } - - d.CompareObjects() - - select { - case <-stopCh: - return - case <-time.After(d.period): - } - } -} - -// AddObject makes a deep copy of the object for later comparison. It only works on runtime.Object -// but that covers the vast majority of our cached objects -func (d *defaultCacheMutationDetector) AddObject(obj interface{}) { - if _, ok := obj.(DeletedFinalStateUnknown); ok { - return - } - if obj, ok := obj.(runtime.Object); ok { - copiedObj := obj.DeepCopyObject() - - d.addedObjsLock.Lock() - defer d.addedObjsLock.Unlock() - d.addedObjs = append(d.addedObjs, cacheObj{cached: obj, copied: copiedObj}) - } -} - -func (d *defaultCacheMutationDetector) CompareObjects() { - d.compareObjectsLock.Lock() - defer d.compareObjectsLock.Unlock() - - // move addedObjs into cachedObjs under lock - // this keeps the critical section small to avoid blocking AddObject while we compare cachedObjs - d.addedObjsLock.Lock() - d.cachedObjs = append(d.cachedObjs, d.addedObjs...) - d.addedObjs = nil - d.addedObjsLock.Unlock() - - altered := false - for i, obj := range d.cachedObjs { - if !reflect.DeepEqual(obj.cached, obj.copied) { - fmt.Printf("CACHE %s[%d] ALTERED!\n%v\n", d.name, i, diff.ObjectGoPrintSideBySide(obj.cached, obj.copied)) - altered = true - } - } - for i, obj := range d.retainedCachedObjs { - if !reflect.DeepEqual(obj.cached, obj.copied) { - fmt.Printf("CACHE %s[%d] ALTERED!\n%v\n", d.name, i, diff.ObjectGoPrintSideBySide(obj.cached, obj.copied)) - altered = true - } - } - - if altered { - msg := fmt.Sprintf("cache %s modified", d.name) - if d.failureFunc != nil { - d.failureFunc(msg) - return - } - panic(msg) - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/reflector.go b/etcd/vendor/k8s.io/client-go/tools/cache/reflector.go deleted file mode 100644 index 9cd476be8a..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/reflector.go +++ /dev/null @@ -1,639 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "context" - "errors" - "fmt" - "io" - "math/rand" - "reflect" - "sync" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/naming" - utilnet "k8s.io/apimachinery/pkg/util/net" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/tools/pager" - "k8s.io/klog/v2" - "k8s.io/utils/clock" - "k8s.io/utils/trace" -) - -const defaultExpectedTypeName = "<unspecified>" - -// Reflector watches a specified resource and causes all changes to be reflected in the given store. -type Reflector struct { - // name identifies this reflector. By default it will be a file:line if possible. - name string - - // The name of the type we expect to place in the store. The name - // will be the stringification of expectedGVK if provided, and the - // stringification of expectedType otherwise. It is for display - // only, and should not be used for parsing or comparison. - expectedTypeName string - // An example object of the type we expect to place in the store. - // Only the type needs to be right, except that when that is - // `unstructured.Unstructured` the object's `"apiVersion"` and - // `"kind"` must also be right. - expectedType reflect.Type - // The GVK of the object we expect to place in the store if unstructured. - expectedGVK *schema.GroupVersionKind - // The destination to sync up with the watch source - store Store - // listerWatcher is used to perform lists and watches. - listerWatcher ListerWatcher - - // backoff manages backoff of ListWatch - backoffManager wait.BackoffManager - // initConnBackoffManager manages backoff the initial connection with the Watch call of ListAndWatch. - initConnBackoffManager wait.BackoffManager - // MaxInternalErrorRetryDuration defines how long we should retry internal errors returned by watch. - MaxInternalErrorRetryDuration time.Duration - - resyncPeriod time.Duration - // ShouldResync is invoked periodically and whenever it returns `true` the Store's Resync operation is invoked - ShouldResync func() bool - // clock allows tests to manipulate time - clock clock.Clock - // paginatedResult defines whether pagination should be forced for list calls. - // It is set based on the result of the initial list call. - paginatedResult bool - // lastSyncResourceVersion is the resource version token last - // observed when doing a sync with the underlying store - // it is thread safe, but not synchronized with the underlying store - lastSyncResourceVersion string - // isLastSyncResourceVersionUnavailable is true if the previous list or watch request with - // lastSyncResourceVersion failed with an "expired" or "too large resource version" error. - isLastSyncResourceVersionUnavailable bool - // lastSyncResourceVersionMutex guards read/write access to lastSyncResourceVersion - lastSyncResourceVersionMutex sync.RWMutex - // WatchListPageSize is the requested chunk size of initial and resync watch lists. - // If unset, for consistent reads (RV="") or reads that opt-into arbitrarily old data - // (RV="0") it will default to pager.PageSize, for the rest (RV != "" && RV != "0") - // it will turn off pagination to allow serving them from watch cache. - // NOTE: It should be used carefully as paginated lists are always served directly from - // etcd, which is significantly less efficient and may lead to serious performance and - // scalability problems. - WatchListPageSize int64 - // Called whenever the ListAndWatch drops the connection with an error. - watchErrorHandler WatchErrorHandler -} - -// ResourceVersionUpdater is an interface that allows store implementation to -// track the current resource version of the reflector. This is especially -// important if storage bookmarks are enabled. -type ResourceVersionUpdater interface { - // UpdateResourceVersion is called each time current resource version of the reflector - // is updated. - UpdateResourceVersion(resourceVersion string) -} - -// The WatchErrorHandler is called whenever ListAndWatch drops the -// connection with an error. After calling this handler, the informer -// will backoff and retry. -// -// The default implementation looks at the error type and tries to log -// the error message at an appropriate level. -// -// Implementations of this handler may display the error message in other -// ways. Implementations should return quickly - any expensive processing -// should be offloaded. -type WatchErrorHandler func(r *Reflector, err error) - -// DefaultWatchErrorHandler is the default implementation of WatchErrorHandler -func DefaultWatchErrorHandler(r *Reflector, err error) { - switch { - case isExpiredError(err): - // Don't set LastSyncResourceVersionUnavailable - LIST call with ResourceVersion=RV already - // has a semantic that it returns data at least as fresh as provided RV. - // So first try to LIST with setting RV to resource version of last observed object. - klog.V(4).Infof("%s: watch of %v closed with: %v", r.name, r.expectedTypeName, err) - case err == io.EOF: - // watch closed normally - case err == io.ErrUnexpectedEOF: - klog.V(1).Infof("%s: Watch for %v closed with unexpected EOF: %v", r.name, r.expectedTypeName, err) - default: - utilruntime.HandleError(fmt.Errorf("%s: Failed to watch %v: %v", r.name, r.expectedTypeName, err)) - } -} - -var ( - // We try to spread the load on apiserver by setting timeouts for - // watch requests - it is random in [minWatchTimeout, 2*minWatchTimeout]. - minWatchTimeout = 5 * time.Minute -) - -// NewNamespaceKeyedIndexerAndReflector creates an Indexer and a Reflector -// The indexer is configured to key on namespace -func NewNamespaceKeyedIndexerAndReflector(lw ListerWatcher, expectedType interface{}, resyncPeriod time.Duration) (indexer Indexer, reflector *Reflector) { - indexer = NewIndexer(MetaNamespaceKeyFunc, Indexers{NamespaceIndex: MetaNamespaceIndexFunc}) - reflector = NewReflector(lw, expectedType, indexer, resyncPeriod) - return indexer, reflector -} - -// NewReflector creates a new Reflector object which will keep the -// given store up to date with the server's contents for the given -// resource. Reflector promises to only put things in the store that -// have the type of expectedType, unless expectedType is nil. If -// resyncPeriod is non-zero, then the reflector will periodically -// consult its ShouldResync function to determine whether to invoke -// the Store's Resync operation; `ShouldResync==nil` means always -// "yes". This enables you to use reflectors to periodically process -// everything as well as incrementally processing the things that -// change. -func NewReflector(lw ListerWatcher, expectedType interface{}, store Store, resyncPeriod time.Duration) *Reflector { - return NewNamedReflector(naming.GetNameFromCallsite(internalPackages...), lw, expectedType, store, resyncPeriod) -} - -// NewNamedReflector same as NewReflector, but with a specified name for logging -func NewNamedReflector(name string, lw ListerWatcher, expectedType interface{}, store Store, resyncPeriod time.Duration) *Reflector { - realClock := &clock.RealClock{} - r := &Reflector{ - name: name, - listerWatcher: lw, - store: store, - // We used to make the call every 1sec (1 QPS), the goal here is to achieve ~98% traffic reduction when - // API server is not healthy. With these parameters, backoff will stop at [30,60) sec interval which is - // 0.22 QPS. If we don't backoff for 2min, assume API server is healthy and we reset the backoff. - backoffManager: wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, realClock), - initConnBackoffManager: wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, realClock), - resyncPeriod: resyncPeriod, - clock: realClock, - watchErrorHandler: WatchErrorHandler(DefaultWatchErrorHandler), - } - r.setExpectedType(expectedType) - return r -} - -func (r *Reflector) setExpectedType(expectedType interface{}) { - r.expectedType = reflect.TypeOf(expectedType) - if r.expectedType == nil { - r.expectedTypeName = defaultExpectedTypeName - return - } - - r.expectedTypeName = r.expectedType.String() - - if obj, ok := expectedType.(*unstructured.Unstructured); ok { - // Use gvk to check that watch event objects are of the desired type. - gvk := obj.GroupVersionKind() - if gvk.Empty() { - klog.V(4).Infof("Reflector from %s configured with expectedType of *unstructured.Unstructured with empty GroupVersionKind.", r.name) - return - } - r.expectedGVK = &gvk - r.expectedTypeName = gvk.String() - } -} - -// internalPackages are packages that ignored when creating a default reflector name. These packages are in the common -// call chains to NewReflector, so they'd be low entropy names for reflectors -var internalPackages = []string{"client-go/tools/cache/"} - -// Run repeatedly uses the reflector's ListAndWatch to fetch all the -// objects and subsequent deltas. -// Run will exit when stopCh is closed. -func (r *Reflector) Run(stopCh <-chan struct{}) { - klog.V(3).Infof("Starting reflector %s (%s) from %s", r.expectedTypeName, r.resyncPeriod, r.name) - wait.BackoffUntil(func() { - if err := r.ListAndWatch(stopCh); err != nil { - r.watchErrorHandler(r, err) - } - }, r.backoffManager, true, stopCh) - klog.V(3).Infof("Stopping reflector %s (%s) from %s", r.expectedTypeName, r.resyncPeriod, r.name) -} - -var ( - // nothing will ever be sent down this channel - neverExitWatch <-chan time.Time = make(chan time.Time) - - // Used to indicate that watching stopped because of a signal from the stop - // channel passed in from a client of the reflector. - errorStopRequested = errors.New("stop requested") -) - -// resyncChan returns a channel which will receive something when a resync is -// required, and a cleanup function. -func (r *Reflector) resyncChan() (<-chan time.Time, func() bool) { - if r.resyncPeriod == 0 { - return neverExitWatch, func() bool { return false } - } - // The cleanup function is required: imagine the scenario where watches - // always fail so we end up listing frequently. Then, if we don't - // manually stop the timer, we could end up with many timers active - // concurrently. - t := r.clock.NewTimer(r.resyncPeriod) - return t.C(), t.Stop -} - -// ListAndWatch first lists all items and get the resource version at the moment of call, -// and then use the resource version to watch. -// It returns error if ListAndWatch didn't even try to initialize watch. -func (r *Reflector) ListAndWatch(stopCh <-chan struct{}) error { - klog.V(3).Infof("Listing and watching %v from %s", r.expectedTypeName, r.name) - - err := r.list(stopCh) - if err != nil { - return err - } - - resyncerrc := make(chan error, 1) - cancelCh := make(chan struct{}) - defer close(cancelCh) - go func() { - resyncCh, cleanup := r.resyncChan() - defer func() { - cleanup() // Call the last one written into cleanup - }() - for { - select { - case <-resyncCh: - case <-stopCh: - return - case <-cancelCh: - return - } - if r.ShouldResync == nil || r.ShouldResync() { - klog.V(4).Infof("%s: forcing resync", r.name) - if err := r.store.Resync(); err != nil { - resyncerrc <- err - return - } - } - cleanup() - resyncCh, cleanup = r.resyncChan() - } - }() - - retry := NewRetryWithDeadline(r.MaxInternalErrorRetryDuration, time.Minute, apierrors.IsInternalError, r.clock) - for { - // give the stopCh a chance to stop the loop, even in case of continue statements further down on errors - select { - case <-stopCh: - return nil - default: - } - - timeoutSeconds := int64(minWatchTimeout.Seconds() * (rand.Float64() + 1.0)) - options := metav1.ListOptions{ - ResourceVersion: r.LastSyncResourceVersion(), - // We want to avoid situations of hanging watchers. Stop any watchers that do not - // receive any events within the timeout window. - TimeoutSeconds: &timeoutSeconds, - // To reduce load on kube-apiserver on watch restarts, you may enable watch bookmarks. - // Reflector doesn't assume bookmarks are returned at all (if the server do not support - // watch bookmarks, it will ignore this field). - AllowWatchBookmarks: true, - } - - // start the clock before sending the request, since some proxies won't flush headers until after the first watch event is sent - start := r.clock.Now() - w, err := r.listerWatcher.Watch(options) - if err != nil { - // If this is "connection refused" error, it means that most likely apiserver is not responsive. - // It doesn't make sense to re-list all objects because most likely we will be able to restart - // watch where we ended. - // If that's the case begin exponentially backing off and resend watch request. - // Do the same for "429" errors. - if utilnet.IsConnectionRefused(err) || apierrors.IsTooManyRequests(err) { - <-r.initConnBackoffManager.Backoff().C() - continue - } - return err - } - - err = watchHandler(start, w, r.store, r.expectedType, r.expectedGVK, r.name, r.expectedTypeName, r.setLastSyncResourceVersion, r.clock, resyncerrc, stopCh) - retry.After(err) - if err != nil { - if err != errorStopRequested { - switch { - case isExpiredError(err): - // Don't set LastSyncResourceVersionUnavailable - LIST call with ResourceVersion=RV already - // has a semantic that it returns data at least as fresh as provided RV. - // So first try to LIST with setting RV to resource version of last observed object. - klog.V(4).Infof("%s: watch of %v closed with: %v", r.name, r.expectedTypeName, err) - case apierrors.IsTooManyRequests(err): - klog.V(2).Infof("%s: watch of %v returned 429 - backing off", r.name, r.expectedTypeName) - <-r.initConnBackoffManager.Backoff().C() - continue - case apierrors.IsInternalError(err) && retry.ShouldRetry(): - klog.V(2).Infof("%s: retrying watch of %v internal error: %v", r.name, r.expectedTypeName, err) - continue - default: - klog.Warningf("%s: watch of %v ended with: %v", r.name, r.expectedTypeName, err) - } - } - return nil - } - } -} - -// list simply lists all items and records a resource version obtained from the server at the moment of the call. -// the resource version can be used for further progress notification (aka. watch). -func (r *Reflector) list(stopCh <-chan struct{}) error { - var resourceVersion string - options := metav1.ListOptions{ResourceVersion: r.relistResourceVersion()} - - initTrace := trace.New("Reflector ListAndWatch", trace.Field{Key: "name", Value: r.name}) - defer initTrace.LogIfLong(10 * time.Second) - var list runtime.Object - var paginatedResult bool - var err error - listCh := make(chan struct{}, 1) - panicCh := make(chan interface{}, 1) - go func() { - defer func() { - if r := recover(); r != nil { - panicCh <- r - } - }() - // Attempt to gather list in chunks, if supported by listerWatcher, if not, the first - // list request will return the full response. - pager := pager.New(pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) { - return r.listerWatcher.List(opts) - })) - switch { - case r.WatchListPageSize != 0: - pager.PageSize = r.WatchListPageSize - case r.paginatedResult: - // We got a paginated result initially. Assume this resource and server honor - // paging requests (i.e. watch cache is probably disabled) and leave the default - // pager size set. - case options.ResourceVersion != "" && options.ResourceVersion != "0": - // User didn't explicitly request pagination. - // - // With ResourceVersion != "", we have a possibility to list from watch cache, - // but we do that (for ResourceVersion != "0") only if Limit is unset. - // To avoid thundering herd on etcd (e.g. on master upgrades), we explicitly - // switch off pagination to force listing from watch cache (if enabled). - // With the existing semantic of RV (result is at least as fresh as provided RV), - // this is correct and doesn't lead to going back in time. - // - // We also don't turn off pagination for ResourceVersion="0", since watch cache - // is ignoring Limit in that case anyway, and if watch cache is not enabled - // we don't introduce regression. - pager.PageSize = 0 - } - - list, paginatedResult, err = pager.List(context.Background(), options) - if isExpiredError(err) || isTooLargeResourceVersionError(err) { - r.setIsLastSyncResourceVersionUnavailable(true) - // Retry immediately if the resource version used to list is unavailable. - // The pager already falls back to full list if paginated list calls fail due to an "Expired" error on - // continuation pages, but the pager might not be enabled, the full list might fail because the - // resource version it is listing at is expired or the cache may not yet be synced to the provided - // resource version. So we need to fallback to resourceVersion="" in all to recover and ensure - // the reflector makes forward progress. - list, paginatedResult, err = pager.List(context.Background(), metav1.ListOptions{ResourceVersion: r.relistResourceVersion()}) - } - close(listCh) - }() - select { - case <-stopCh: - return nil - case r := <-panicCh: - panic(r) - case <-listCh: - } - initTrace.Step("Objects listed", trace.Field{Key: "error", Value: err}) - if err != nil { - klog.Warningf("%s: failed to list %v: %v", r.name, r.expectedTypeName, err) - return fmt.Errorf("failed to list %v: %w", r.expectedTypeName, err) - } - - // We check if the list was paginated and if so set the paginatedResult based on that. - // However, we want to do that only for the initial list (which is the only case - // when we set ResourceVersion="0"). The reasoning behind it is that later, in some - // situations we may force listing directly from etcd (by setting ResourceVersion="") - // which will return paginated result, even if watch cache is enabled. However, in - // that case, we still want to prefer sending requests to watch cache if possible. - // - // Paginated result returned for request with ResourceVersion="0" mean that watch - // cache is disabled and there are a lot of objects of a given type. In such case, - // there is no need to prefer listing from watch cache. - if options.ResourceVersion == "0" && paginatedResult { - r.paginatedResult = true - } - - r.setIsLastSyncResourceVersionUnavailable(false) // list was successful - listMetaInterface, err := meta.ListAccessor(list) - if err != nil { - return fmt.Errorf("unable to understand list result %#v: %v", list, err) - } - resourceVersion = listMetaInterface.GetResourceVersion() - initTrace.Step("Resource version extracted") - items, err := meta.ExtractList(list) - if err != nil { - return fmt.Errorf("unable to understand list result %#v (%v)", list, err) - } - initTrace.Step("Objects extracted") - if err := r.syncWith(items, resourceVersion); err != nil { - return fmt.Errorf("unable to sync list result: %v", err) - } - initTrace.Step("SyncWith done") - r.setLastSyncResourceVersion(resourceVersion) - initTrace.Step("Resource version updated") - return nil -} - -// syncWith replaces the store's items with the given list. -func (r *Reflector) syncWith(items []runtime.Object, resourceVersion string) error { - found := make([]interface{}, 0, len(items)) - for _, item := range items { - found = append(found, item) - } - return r.store.Replace(found, resourceVersion) -} - -// watchHandler watches w and sets setLastSyncResourceVersion -func watchHandler(start time.Time, - w watch.Interface, - store Store, - expectedType reflect.Type, - expectedGVK *schema.GroupVersionKind, - name string, - expectedTypeName string, - setLastSyncResourceVersion func(string), - clock clock.Clock, - errc chan error, - stopCh <-chan struct{}, -) error { - eventCount := 0 - - // Stopping the watcher should be idempotent and if we return from this function there's no way - // we're coming back in with the same watch interface. - defer w.Stop() - -loop: - for { - select { - case <-stopCh: - return errorStopRequested - case err := <-errc: - return err - case event, ok := <-w.ResultChan(): - if !ok { - break loop - } - if event.Type == watch.Error { - return apierrors.FromObject(event.Object) - } - if expectedType != nil { - if e, a := expectedType, reflect.TypeOf(event.Object); e != a { - utilruntime.HandleError(fmt.Errorf("%s: expected type %v, but watch event object had type %v", name, e, a)) - continue - } - } - if expectedGVK != nil { - if e, a := *expectedGVK, event.Object.GetObjectKind().GroupVersionKind(); e != a { - utilruntime.HandleError(fmt.Errorf("%s: expected gvk %v, but watch event object had gvk %v", name, e, a)) - continue - } - } - meta, err := meta.Accessor(event.Object) - if err != nil { - utilruntime.HandleError(fmt.Errorf("%s: unable to understand watch event %#v", name, event)) - continue - } - resourceVersion := meta.GetResourceVersion() - switch event.Type { - case watch.Added: - err := store.Add(event.Object) - if err != nil { - utilruntime.HandleError(fmt.Errorf("%s: unable to add watch event object (%#v) to store: %v", name, event.Object, err)) - } - case watch.Modified: - err := store.Update(event.Object) - if err != nil { - utilruntime.HandleError(fmt.Errorf("%s: unable to update watch event object (%#v) to store: %v", name, event.Object, err)) - } - case watch.Deleted: - // TODO: Will any consumers need access to the "last known - // state", which is passed in event.Object? If so, may need - // to change this. - err := store.Delete(event.Object) - if err != nil { - utilruntime.HandleError(fmt.Errorf("%s: unable to delete watch event object (%#v) from store: %v", name, event.Object, err)) - } - case watch.Bookmark: - // A `Bookmark` means watch has synced here, just update the resourceVersion - default: - utilruntime.HandleError(fmt.Errorf("%s: unable to understand watch event %#v", name, event)) - } - setLastSyncResourceVersion(resourceVersion) - if rvu, ok := store.(ResourceVersionUpdater); ok { - rvu.UpdateResourceVersion(resourceVersion) - } - eventCount++ - } - } - - watchDuration := clock.Since(start) - if watchDuration < 1*time.Second && eventCount == 0 { - return fmt.Errorf("very short watch: %s: Unexpected watch close - watch lasted less than a second and no items received", name) - } - klog.V(4).Infof("%s: Watch close - %v total %v items received", name, expectedTypeName, eventCount) - return nil -} - -// LastSyncResourceVersion is the resource version observed when last sync with the underlying store -// The value returned is not synchronized with access to the underlying store and is not thread-safe -func (r *Reflector) LastSyncResourceVersion() string { - r.lastSyncResourceVersionMutex.RLock() - defer r.lastSyncResourceVersionMutex.RUnlock() - return r.lastSyncResourceVersion -} - -func (r *Reflector) setLastSyncResourceVersion(v string) { - r.lastSyncResourceVersionMutex.Lock() - defer r.lastSyncResourceVersionMutex.Unlock() - r.lastSyncResourceVersion = v -} - -// relistResourceVersion determines the resource version the reflector should list or relist from. -// Returns either the lastSyncResourceVersion so that this reflector will relist with a resource -// versions no older than has already been observed in relist results or watch events, or, if the last relist resulted -// in an HTTP 410 (Gone) status code, returns "" so that the relist will use the latest resource version available in -// etcd via a quorum read. -func (r *Reflector) relistResourceVersion() string { - r.lastSyncResourceVersionMutex.RLock() - defer r.lastSyncResourceVersionMutex.RUnlock() - - if r.isLastSyncResourceVersionUnavailable { - // Since this reflector makes paginated list requests, and all paginated list requests skip the watch cache - // if the lastSyncResourceVersion is unavailable, we set ResourceVersion="" and list again to re-establish reflector - // to the latest available ResourceVersion, using a consistent read from etcd. - return "" - } - if r.lastSyncResourceVersion == "" { - // For performance reasons, initial list performed by reflector uses "0" as resource version to allow it to - // be served from the watch cache if it is enabled. - return "0" - } - return r.lastSyncResourceVersion -} - -// setIsLastSyncResourceVersionUnavailable sets if the last list or watch request with lastSyncResourceVersion returned -// "expired" or "too large resource version" error. -func (r *Reflector) setIsLastSyncResourceVersionUnavailable(isUnavailable bool) { - r.lastSyncResourceVersionMutex.Lock() - defer r.lastSyncResourceVersionMutex.Unlock() - r.isLastSyncResourceVersionUnavailable = isUnavailable -} - -func isExpiredError(err error) bool { - // In Kubernetes 1.17 and earlier, the api server returns both apierrors.StatusReasonExpired and - // apierrors.StatusReasonGone for HTTP 410 (Gone) status code responses. In 1.18 the kube server is more consistent - // and always returns apierrors.StatusReasonExpired. For backward compatibility we can only remove the apierrors.IsGone - // check when we fully drop support for Kubernetes 1.17 servers from reflectors. - return apierrors.IsResourceExpired(err) || apierrors.IsGone(err) -} - -func isTooLargeResourceVersionError(err error) bool { - if apierrors.HasStatusCause(err, metav1.CauseTypeResourceVersionTooLarge) { - return true - } - // In Kubernetes 1.17.0-1.18.5, the api server doesn't set the error status cause to - // metav1.CauseTypeResourceVersionTooLarge to indicate that the requested minimum resource - // version is larger than the largest currently available resource version. To ensure backward - // compatibility with these server versions we also need to detect the error based on the content - // of the error message field. - if !apierrors.IsTimeout(err) { - return false - } - apierr, ok := err.(apierrors.APIStatus) - if !ok || apierr == nil || apierr.Status().Details == nil { - return false - } - for _, cause := range apierr.Status().Details.Causes { - // Matches the message returned by api server 1.17.0-1.18.5 for this error condition - if cause.Message == "Too large resource version" { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/reflector_metrics.go b/etcd/vendor/k8s.io/client-go/tools/cache/reflector_metrics.go deleted file mode 100644 index 5c00115f59..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/reflector_metrics.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file provides abstractions for setting the provider (e.g., prometheus) -// of metrics. - -package cache - -import ( - "sync" -) - -// GaugeMetric represents a single numerical value that can arbitrarily go up -// and down. -type GaugeMetric interface { - Set(float64) -} - -// CounterMetric represents a single numerical value that only ever -// goes up. -type CounterMetric interface { - Inc() -} - -// SummaryMetric captures individual observations. -type SummaryMetric interface { - Observe(float64) -} - -type noopMetric struct{} - -func (noopMetric) Inc() {} -func (noopMetric) Dec() {} -func (noopMetric) Observe(float64) {} -func (noopMetric) Set(float64) {} - -// MetricsProvider generates various metrics used by the reflector. -type MetricsProvider interface { - NewListsMetric(name string) CounterMetric - NewListDurationMetric(name string) SummaryMetric - NewItemsInListMetric(name string) SummaryMetric - - NewWatchesMetric(name string) CounterMetric - NewShortWatchesMetric(name string) CounterMetric - NewWatchDurationMetric(name string) SummaryMetric - NewItemsInWatchMetric(name string) SummaryMetric - - NewLastResourceVersionMetric(name string) GaugeMetric -} - -type noopMetricsProvider struct{} - -func (noopMetricsProvider) NewListsMetric(name string) CounterMetric { return noopMetric{} } -func (noopMetricsProvider) NewListDurationMetric(name string) SummaryMetric { return noopMetric{} } -func (noopMetricsProvider) NewItemsInListMetric(name string) SummaryMetric { return noopMetric{} } -func (noopMetricsProvider) NewWatchesMetric(name string) CounterMetric { return noopMetric{} } -func (noopMetricsProvider) NewShortWatchesMetric(name string) CounterMetric { return noopMetric{} } -func (noopMetricsProvider) NewWatchDurationMetric(name string) SummaryMetric { return noopMetric{} } -func (noopMetricsProvider) NewItemsInWatchMetric(name string) SummaryMetric { return noopMetric{} } -func (noopMetricsProvider) NewLastResourceVersionMetric(name string) GaugeMetric { - return noopMetric{} -} - -var metricsFactory = struct { - metricsProvider MetricsProvider - setProviders sync.Once -}{ - metricsProvider: noopMetricsProvider{}, -} - -// SetReflectorMetricsProvider sets the metrics provider -func SetReflectorMetricsProvider(metricsProvider MetricsProvider) { - metricsFactory.setProviders.Do(func() { - metricsFactory.metricsProvider = metricsProvider - }) -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/retry_with_deadline.go b/etcd/vendor/k8s.io/client-go/tools/cache/retry_with_deadline.go deleted file mode 100644 index 8201fb1532..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/retry_with_deadline.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "k8s.io/utils/clock" - "time" -) - -type RetryWithDeadline interface { - After(error) - ShouldRetry() bool -} - -type retryWithDeadlineImpl struct { - firstErrorTime time.Time - lastErrorTime time.Time - maxRetryDuration time.Duration - minResetPeriod time.Duration - isRetryable func(error) bool - clock clock.Clock -} - -func NewRetryWithDeadline(maxRetryDuration, minResetPeriod time.Duration, isRetryable func(error) bool, clock clock.Clock) RetryWithDeadline { - return &retryWithDeadlineImpl{ - firstErrorTime: time.Time{}, - lastErrorTime: time.Time{}, - maxRetryDuration: maxRetryDuration, - minResetPeriod: minResetPeriod, - isRetryable: isRetryable, - clock: clock, - } -} - -func (r *retryWithDeadlineImpl) reset() { - r.firstErrorTime = time.Time{} - r.lastErrorTime = time.Time{} -} - -func (r *retryWithDeadlineImpl) After(err error) { - if r.isRetryable(err) { - if r.clock.Now().Sub(r.lastErrorTime) >= r.minResetPeriod { - r.reset() - } - - if r.firstErrorTime.IsZero() { - r.firstErrorTime = r.clock.Now() - } - r.lastErrorTime = r.clock.Now() - } -} - -func (r *retryWithDeadlineImpl) ShouldRetry() bool { - if r.maxRetryDuration <= time.Duration(0) { - return false - } - - if r.clock.Now().Sub(r.firstErrorTime) <= r.maxRetryDuration { - return true - } - - r.reset() - return false -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/shared_informer.go b/etcd/vendor/k8s.io/client-go/tools/cache/shared_informer.go deleted file mode 100644 index f5c7316a1d..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/shared_informer.go +++ /dev/null @@ -1,948 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "errors" - "fmt" - "sync" - "time" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/utils/buffer" - "k8s.io/utils/clock" - - "k8s.io/klog/v2" -) - -// SharedInformer provides eventually consistent linkage of its -// clients to the authoritative state of a given collection of -// objects. An object is identified by its API group, kind/resource, -// namespace (if any), and name; the `ObjectMeta.UID` is not part of -// an object's ID as far as this contract is concerned. One -// SharedInformer provides linkage to objects of a particular API -// group and kind/resource. The linked object collection of a -// SharedInformer may be further restricted to one namespace (if -// applicable) and/or by label selector and/or field selector. -// -// The authoritative state of an object is what apiservers provide -// access to, and an object goes through a strict sequence of states. -// An object state is either (1) present with a ResourceVersion and -// other appropriate content or (2) "absent". -// -// A SharedInformer maintains a local cache --- exposed by GetStore(), -// by GetIndexer() in the case of an indexed informer, and possibly by -// machinery involved in creating and/or accessing the informer --- of -// the state of each relevant object. This cache is eventually -// consistent with the authoritative state. This means that, unless -// prevented by persistent communication problems, if ever a -// particular object ID X is authoritatively associated with a state S -// then for every SharedInformer I whose collection includes (X, S) -// eventually either (1) I's cache associates X with S or a later -// state of X, (2) I is stopped, or (3) the authoritative state -// service for X terminates. To be formally complete, we say that the -// absent state meets any restriction by label selector or field -// selector. -// -// For a given informer and relevant object ID X, the sequence of -// states that appears in the informer's cache is a subsequence of the -// states authoritatively associated with X. That is, some states -// might never appear in the cache but ordering among the appearing -// states is correct. Note, however, that there is no promise about -// ordering between states seen for different objects. -// -// The local cache starts out empty, and gets populated and updated -// during `Run()`. -// -// As a simple example, if a collection of objects is henceforth -// unchanging, a SharedInformer is created that links to that -// collection, and that SharedInformer is `Run()` then that -// SharedInformer's cache eventually holds an exact copy of that -// collection (unless it is stopped too soon, the authoritative state -// service ends, or communication problems between the two -// persistently thwart achievement). -// -// As another simple example, if the local cache ever holds a -// non-absent state for some object ID and the object is eventually -// removed from the authoritative state then eventually the object is -// removed from the local cache (unless the SharedInformer is stopped -// too soon, the authoritative state service ends, or communication -// problems persistently thwart the desired result). -// -// The keys in the Store are of the form namespace/name for namespaced -// objects, and are simply the name for non-namespaced objects. -// Clients can use `MetaNamespaceKeyFunc(obj)` to extract the key for -// a given object, and `SplitMetaNamespaceKey(key)` to split a key -// into its constituent parts. -// -// Every query against the local cache is answered entirely from one -// snapshot of the cache's state. Thus, the result of a `List` call -// will not contain two entries with the same namespace and name. -// -// A client is identified here by a ResourceEventHandler. For every -// update to the SharedInformer's local cache and for every client -// added before `Run()`, eventually either the SharedInformer is -// stopped or the client is notified of the update. A client added -// after `Run()` starts gets a startup batch of notifications of -// additions of the objects existing in the cache at the time that -// client was added; also, for every update to the SharedInformer's -// local cache after that client was added, eventually either the -// SharedInformer is stopped or that client is notified of that -// update. Client notifications happen after the corresponding cache -// update and, in the case of a SharedIndexInformer, after the -// corresponding index updates. It is possible that additional cache -// and index updates happen before such a prescribed notification. -// For a given SharedInformer and client, the notifications are -// delivered sequentially. For a given SharedInformer, client, and -// object ID, the notifications are delivered in order. Because -// `ObjectMeta.UID` has no role in identifying objects, it is possible -// that when (1) object O1 with ID (e.g. namespace and name) X and -// `ObjectMeta.UID` U1 in the SharedInformer's local cache is deleted -// and later (2) another object O2 with ID X and ObjectMeta.UID U2 is -// created the informer's clients are not notified of (1) and (2) but -// rather are notified only of an update from O1 to O2. Clients that -// need to detect such cases might do so by comparing the `ObjectMeta.UID` -// field of the old and the new object in the code that handles update -// notifications (i.e. `OnUpdate` method of ResourceEventHandler). -// -// A client must process each notification promptly; a SharedInformer -// is not engineered to deal well with a large backlog of -// notifications to deliver. Lengthy processing should be passed off -// to something else, for example through a -// `client-go/util/workqueue`. -// -// A delete notification exposes the last locally known non-absent -// state, except that its ResourceVersion is replaced with a -// ResourceVersion in which the object is actually absent. -type SharedInformer interface { - // AddEventHandler adds an event handler to the shared informer using the shared informer's resync - // period. Events to a single handler are delivered sequentially, but there is no coordination - // between different handlers. - // It returns a registration handle for the handler that can be used to remove - // the handler again. - AddEventHandler(handler ResourceEventHandler) (ResourceEventHandlerRegistration, error) - // AddEventHandlerWithResyncPeriod adds an event handler to the - // shared informer with the requested resync period; zero means - // this handler does not care about resyncs. The resync operation - // consists of delivering to the handler an update notification - // for every object in the informer's local cache; it does not add - // any interactions with the authoritative storage. Some - // informers do no resyncs at all, not even for handlers added - // with a non-zero resyncPeriod. For an informer that does - // resyncs, and for each handler that requests resyncs, that - // informer develops a nominal resync period that is no shorter - // than the requested period but may be longer. The actual time - // between any two resyncs may be longer than the nominal period - // because the implementation takes time to do work and there may - // be competing load and scheduling noise. - // It returns a registration handle for the handler that can be used to remove - // the handler again and an error if the handler cannot be added. - AddEventHandlerWithResyncPeriod(handler ResourceEventHandler, resyncPeriod time.Duration) (ResourceEventHandlerRegistration, error) - // RemoveEventHandler removes a formerly added event handler given by - // its registration handle. - // This function is guaranteed to be idempotent, and thread-safe. - RemoveEventHandler(handle ResourceEventHandlerRegistration) error - // GetStore returns the informer's local cache as a Store. - GetStore() Store - // GetController is deprecated, it does nothing useful - GetController() Controller - // Run starts and runs the shared informer, returning after it stops. - // The informer will be stopped when stopCh is closed. - Run(stopCh <-chan struct{}) - // HasSynced returns true if the shared informer's store has been - // informed by at least one full LIST of the authoritative state - // of the informer's object collection. This is unrelated to "resync". - HasSynced() bool - // LastSyncResourceVersion is the resource version observed when last synced with the underlying - // store. The value returned is not synchronized with access to the underlying store and is not - // thread-safe. - LastSyncResourceVersion() string - - // The WatchErrorHandler is called whenever ListAndWatch drops the - // connection with an error. After calling this handler, the informer - // will backoff and retry. - // - // The default implementation looks at the error type and tries to log - // the error message at an appropriate level. - // - // There's only one handler, so if you call this multiple times, last one - // wins; calling after the informer has been started returns an error. - // - // The handler is intended for visibility, not to e.g. pause the consumers. - // The handler should return quickly - any expensive processing should be - // offloaded. - SetWatchErrorHandler(handler WatchErrorHandler) error - - // The TransformFunc is called for each object which is about to be stored. - // - // This function is intended for you to take the opportunity to - // remove, transform, or normalize fields. One use case is to strip unused - // metadata fields out of objects to save on RAM cost. - // - // Must be set before starting the informer. - // - // Note: Since the object given to the handler may be already shared with - // other goroutines, it is advisable to copy the object being - // transform before mutating it at all and returning the copy to prevent - // data races. - SetTransform(handler TransformFunc) error - - // IsStopped reports whether the informer has already been stopped. - // Adding event handlers to already stopped informers is not possible. - // An informer already stopped will never be started again. - IsStopped() bool -} - -// Opaque interface representing the registration of ResourceEventHandler for -// a SharedInformer. Must be supplied back to the same SharedInformer's -// `RemoveEventHandler` to unregister the handlers. -type ResourceEventHandlerRegistration interface{} - -// SharedIndexInformer provides add and get Indexers ability based on SharedInformer. -type SharedIndexInformer interface { - SharedInformer - // AddIndexers add indexers to the informer before it starts. - AddIndexers(indexers Indexers) error - GetIndexer() Indexer -} - -// NewSharedInformer creates a new instance for the listwatcher. -func NewSharedInformer(lw ListerWatcher, exampleObject runtime.Object, defaultEventHandlerResyncPeriod time.Duration) SharedInformer { - return NewSharedIndexInformer(lw, exampleObject, defaultEventHandlerResyncPeriod, Indexers{}) -} - -// NewSharedIndexInformer creates a new instance for the listwatcher. -// The created informer will not do resyncs if the given -// defaultEventHandlerResyncPeriod is zero. Otherwise: for each -// handler that with a non-zero requested resync period, whether added -// before or after the informer starts, the nominal resync period is -// the requested resync period rounded up to a multiple of the -// informer's resync checking period. Such an informer's resync -// checking period is established when the informer starts running, -// and is the maximum of (a) the minimum of the resync periods -// requested before the informer starts and the -// defaultEventHandlerResyncPeriod given here and (b) the constant -// `minimumResyncPeriod` defined in this file. -func NewSharedIndexInformer(lw ListerWatcher, exampleObject runtime.Object, defaultEventHandlerResyncPeriod time.Duration, indexers Indexers) SharedIndexInformer { - realClock := &clock.RealClock{} - sharedIndexInformer := &sharedIndexInformer{ - processor: &sharedProcessor{clock: realClock}, - indexer: NewIndexer(DeletionHandlingMetaNamespaceKeyFunc, indexers), - listerWatcher: lw, - objectType: exampleObject, - resyncCheckPeriod: defaultEventHandlerResyncPeriod, - defaultEventHandlerResyncPeriod: defaultEventHandlerResyncPeriod, - cacheMutationDetector: NewCacheMutationDetector(fmt.Sprintf("%T", exampleObject)), - clock: realClock, - } - return sharedIndexInformer -} - -// InformerSynced is a function that can be used to determine if an informer has synced. This is useful for determining if caches have synced. -type InformerSynced func() bool - -const ( - // syncedPollPeriod controls how often you look at the status of your sync funcs - syncedPollPeriod = 100 * time.Millisecond - - // initialBufferSize is the initial number of event notifications that can be buffered. - initialBufferSize = 1024 -) - -// WaitForNamedCacheSync is a wrapper around WaitForCacheSync that generates log messages -// indicating that the caller identified by name is waiting for syncs, followed by -// either a successful or failed sync. -func WaitForNamedCacheSync(controllerName string, stopCh <-chan struct{}, cacheSyncs ...InformerSynced) bool { - klog.Infof("Waiting for caches to sync for %s", controllerName) - - if !WaitForCacheSync(stopCh, cacheSyncs...) { - utilruntime.HandleError(fmt.Errorf("unable to sync caches for %s", controllerName)) - return false - } - - klog.Infof("Caches are synced for %s", controllerName) - return true -} - -// WaitForCacheSync waits for caches to populate. It returns true if it was successful, false -// if the controller should shutdown -// callers should prefer WaitForNamedCacheSync() -func WaitForCacheSync(stopCh <-chan struct{}, cacheSyncs ...InformerSynced) bool { - err := wait.PollImmediateUntil(syncedPollPeriod, - func() (bool, error) { - for _, syncFunc := range cacheSyncs { - if !syncFunc() { - return false, nil - } - } - return true, nil - }, - stopCh) - if err != nil { - klog.V(2).Infof("stop requested") - return false - } - - klog.V(4).Infof("caches populated") - return true -} - -// `*sharedIndexInformer` implements SharedIndexInformer and has three -// main components. One is an indexed local cache, `indexer Indexer`. -// The second main component is a Controller that pulls -// objects/notifications using the ListerWatcher and pushes them into -// a DeltaFIFO --- whose knownObjects is the informer's local cache -// --- while concurrently Popping Deltas values from that fifo and -// processing them with `sharedIndexInformer::HandleDeltas`. Each -// invocation of HandleDeltas, which is done with the fifo's lock -// held, processes each Delta in turn. For each Delta this both -// updates the local cache and stuffs the relevant notification into -// the sharedProcessor. The third main component is that -// sharedProcessor, which is responsible for relaying those -// notifications to each of the informer's clients. -type sharedIndexInformer struct { - indexer Indexer - controller Controller - - processor *sharedProcessor - cacheMutationDetector MutationDetector - - listerWatcher ListerWatcher - - // objectType is an example object of the type this informer is - // expected to handle. Only the type needs to be right, except - // that when that is `unstructured.Unstructured` the object's - // `"apiVersion"` and `"kind"` must also be right. - objectType runtime.Object - - // resyncCheckPeriod is how often we want the reflector's resync timer to fire so it can call - // shouldResync to check if any of our listeners need a resync. - resyncCheckPeriod time.Duration - // defaultEventHandlerResyncPeriod is the default resync period for any handlers added via - // AddEventHandler (i.e. they don't specify one and just want to use the shared informer's default - // value). - defaultEventHandlerResyncPeriod time.Duration - // clock allows for testability - clock clock.Clock - - started, stopped bool - startedLock sync.Mutex - - // blockDeltas gives a way to stop all event distribution so that a late event handler - // can safely join the shared informer. - blockDeltas sync.Mutex - - // Called whenever the ListAndWatch drops the connection with an error. - watchErrorHandler WatchErrorHandler - - transform TransformFunc -} - -// dummyController hides the fact that a SharedInformer is different from a dedicated one -// where a caller can `Run`. The run method is disconnected in this case, because higher -// level logic will decide when to start the SharedInformer and related controller. -// Because returning information back is always asynchronous, the legacy callers shouldn't -// notice any change in behavior. -type dummyController struct { - informer *sharedIndexInformer -} - -func (v *dummyController) Run(stopCh <-chan struct{}) { -} - -func (v *dummyController) HasSynced() bool { - return v.informer.HasSynced() -} - -func (v *dummyController) LastSyncResourceVersion() string { - return "" -} - -type updateNotification struct { - oldObj interface{} - newObj interface{} -} - -type addNotification struct { - newObj interface{} -} - -type deleteNotification struct { - oldObj interface{} -} - -func (s *sharedIndexInformer) SetWatchErrorHandler(handler WatchErrorHandler) error { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - if s.started { - return fmt.Errorf("informer has already started") - } - - s.watchErrorHandler = handler - return nil -} - -func (s *sharedIndexInformer) SetTransform(handler TransformFunc) error { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - if s.started { - return fmt.Errorf("informer has already started") - } - - s.transform = handler - return nil -} - -func (s *sharedIndexInformer) Run(stopCh <-chan struct{}) { - defer utilruntime.HandleCrash() - - if s.HasStarted() { - klog.Warningf("The sharedIndexInformer has started, run more than once is not allowed") - return - } - fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{ - KnownObjects: s.indexer, - EmitDeltaTypeReplaced: true, - }) - - cfg := &Config{ - Queue: fifo, - ListerWatcher: s.listerWatcher, - ObjectType: s.objectType, - FullResyncPeriod: s.resyncCheckPeriod, - RetryOnError: false, - ShouldResync: s.processor.shouldResync, - - Process: s.HandleDeltas, - WatchErrorHandler: s.watchErrorHandler, - } - - func() { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - s.controller = New(cfg) - s.controller.(*controller).clock = s.clock - s.started = true - }() - - // Separate stop channel because Processor should be stopped strictly after controller - processorStopCh := make(chan struct{}) - var wg wait.Group - defer wg.Wait() // Wait for Processor to stop - defer close(processorStopCh) // Tell Processor to stop - wg.StartWithChannel(processorStopCh, s.cacheMutationDetector.Run) - wg.StartWithChannel(processorStopCh, s.processor.run) - - defer func() { - s.startedLock.Lock() - defer s.startedLock.Unlock() - s.stopped = true // Don't want any new listeners - }() - s.controller.Run(stopCh) -} - -func (s *sharedIndexInformer) HasStarted() bool { - s.startedLock.Lock() - defer s.startedLock.Unlock() - return s.started -} - -func (s *sharedIndexInformer) HasSynced() bool { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - if s.controller == nil { - return false - } - return s.controller.HasSynced() -} - -func (s *sharedIndexInformer) LastSyncResourceVersion() string { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - if s.controller == nil { - return "" - } - return s.controller.LastSyncResourceVersion() -} - -func (s *sharedIndexInformer) GetStore() Store { - return s.indexer -} - -func (s *sharedIndexInformer) GetIndexer() Indexer { - return s.indexer -} - -func (s *sharedIndexInformer) AddIndexers(indexers Indexers) error { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - if s.started { - return fmt.Errorf("informer has already started") - } - - return s.indexer.AddIndexers(indexers) -} - -func (s *sharedIndexInformer) GetController() Controller { - return &dummyController{informer: s} -} - -func (s *sharedIndexInformer) AddEventHandler(handler ResourceEventHandler) (ResourceEventHandlerRegistration, error) { - return s.AddEventHandlerWithResyncPeriod(handler, s.defaultEventHandlerResyncPeriod) -} - -func determineResyncPeriod(desired, check time.Duration) time.Duration { - if desired == 0 { - return desired - } - if check == 0 { - klog.Warningf("The specified resyncPeriod %v is invalid because this shared informer doesn't support resyncing", desired) - return 0 - } - if desired < check { - klog.Warningf("The specified resyncPeriod %v is being increased to the minimum resyncCheckPeriod %v", desired, check) - return check - } - return desired -} - -const minimumResyncPeriod = 1 * time.Second - -func (s *sharedIndexInformer) AddEventHandlerWithResyncPeriod(handler ResourceEventHandler, resyncPeriod time.Duration) (ResourceEventHandlerRegistration, error) { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - if s.stopped { - return nil, fmt.Errorf("handler %v was not added to shared informer because it has stopped already", handler) - } - - if resyncPeriod > 0 { - if resyncPeriod < minimumResyncPeriod { - klog.Warningf("resyncPeriod %v is too small. Changing it to the minimum allowed value of %v", resyncPeriod, minimumResyncPeriod) - resyncPeriod = minimumResyncPeriod - } - - if resyncPeriod < s.resyncCheckPeriod { - if s.started { - klog.Warningf("resyncPeriod %v is smaller than resyncCheckPeriod %v and the informer has already started. Changing it to %v", resyncPeriod, s.resyncCheckPeriod, s.resyncCheckPeriod) - resyncPeriod = s.resyncCheckPeriod - } else { - // if the event handler's resyncPeriod is smaller than the current resyncCheckPeriod, update - // resyncCheckPeriod to match resyncPeriod and adjust the resync periods of all the listeners - // accordingly - s.resyncCheckPeriod = resyncPeriod - s.processor.resyncCheckPeriodChanged(resyncPeriod) - } - } - } - - listener := newProcessListener(handler, resyncPeriod, determineResyncPeriod(resyncPeriod, s.resyncCheckPeriod), s.clock.Now(), initialBufferSize) - - if !s.started { - return s.processor.addListener(listener), nil - } - - // in order to safely join, we have to - // 1. stop sending add/update/delete notifications - // 2. do a list against the store - // 3. send synthetic "Add" events to the new handler - // 4. unblock - s.blockDeltas.Lock() - defer s.blockDeltas.Unlock() - - handle := s.processor.addListener(listener) - for _, item := range s.indexer.List() { - listener.add(addNotification{newObj: item}) - } - return handle, nil -} - -func (s *sharedIndexInformer) HandleDeltas(obj interface{}) error { - s.blockDeltas.Lock() - defer s.blockDeltas.Unlock() - - if deltas, ok := obj.(Deltas); ok { - return processDeltas(s, s.indexer, s.transform, deltas) - } - return errors.New("object given as Process argument is not Deltas") -} - -// Conforms to ResourceEventHandler -func (s *sharedIndexInformer) OnAdd(obj interface{}) { - // Invocation of this function is locked under s.blockDeltas, so it is - // save to distribute the notification - s.cacheMutationDetector.AddObject(obj) - s.processor.distribute(addNotification{newObj: obj}, false) -} - -// Conforms to ResourceEventHandler -func (s *sharedIndexInformer) OnUpdate(old, new interface{}) { - isSync := false - - // If is a Sync event, isSync should be true - // If is a Replaced event, isSync is true if resource version is unchanged. - // If RV is unchanged: this is a Sync/Replaced event, so isSync is true - - if accessor, err := meta.Accessor(new); err == nil { - if oldAccessor, err := meta.Accessor(old); err == nil { - // Events that didn't change resourceVersion are treated as resync events - // and only propagated to listeners that requested resync - isSync = accessor.GetResourceVersion() == oldAccessor.GetResourceVersion() - } - } - - // Invocation of this function is locked under s.blockDeltas, so it is - // save to distribute the notification - s.cacheMutationDetector.AddObject(new) - s.processor.distribute(updateNotification{oldObj: old, newObj: new}, isSync) -} - -// Conforms to ResourceEventHandler -func (s *sharedIndexInformer) OnDelete(old interface{}) { - // Invocation of this function is locked under s.blockDeltas, so it is - // save to distribute the notification - s.processor.distribute(deleteNotification{oldObj: old}, false) -} - -// IsStopped reports whether the informer has already been stopped -func (s *sharedIndexInformer) IsStopped() bool { - s.startedLock.Lock() - defer s.startedLock.Unlock() - return s.stopped -} - -func (s *sharedIndexInformer) RemoveEventHandler(handle ResourceEventHandlerRegistration) error { - s.startedLock.Lock() - defer s.startedLock.Unlock() - - // in order to safely remove, we have to - // 1. stop sending add/update/delete notifications - // 2. remove and stop listener - // 3. unblock - s.blockDeltas.Lock() - defer s.blockDeltas.Unlock() - return s.processor.removeListener(handle) -} - -// sharedProcessor has a collection of processorListener and can -// distribute a notification object to its listeners. There are two -// kinds of distribute operations. The sync distributions go to a -// subset of the listeners that (a) is recomputed in the occasional -// calls to shouldResync and (b) every listener is initially put in. -// The non-sync distributions go to every listener. -type sharedProcessor struct { - listenersStarted bool - listenersLock sync.RWMutex - // Map from listeners to whether or not they are currently syncing - listeners map[*processorListener]bool - clock clock.Clock - wg wait.Group -} - -func (p *sharedProcessor) getListener(registration ResourceEventHandlerRegistration) *processorListener { - p.listenersLock.RLock() - defer p.listenersLock.RUnlock() - - if p.listeners == nil { - return nil - } - - if result, ok := registration.(*processorListener); ok { - if _, exists := p.listeners[result]; exists { - return result - } - } - - return nil -} - -func (p *sharedProcessor) addListener(listener *processorListener) ResourceEventHandlerRegistration { - p.listenersLock.Lock() - defer p.listenersLock.Unlock() - - if p.listeners == nil { - p.listeners = make(map[*processorListener]bool) - } - - p.listeners[listener] = true - - if p.listenersStarted { - p.wg.Start(listener.run) - p.wg.Start(listener.pop) - } - - return listener -} - -func (p *sharedProcessor) removeListener(handle ResourceEventHandlerRegistration) error { - p.listenersLock.Lock() - defer p.listenersLock.Unlock() - - listener, ok := handle.(*processorListener) - if !ok { - return fmt.Errorf("invalid key type %t", handle) - } else if p.listeners == nil { - // No listeners are registered, do nothing - return nil - } else if _, exists := p.listeners[listener]; !exists { - // Listener is not registered, just do nothing - return nil - } - - delete(p.listeners, listener) - - if p.listenersStarted { - close(listener.addCh) - } - - return nil -} - -func (p *sharedProcessor) distribute(obj interface{}, sync bool) { - p.listenersLock.RLock() - defer p.listenersLock.RUnlock() - - for listener, isSyncing := range p.listeners { - switch { - case !sync: - // non-sync messages are delivered to every listener - listener.add(obj) - case isSyncing: - // sync messages are delivered to every syncing listener - listener.add(obj) - default: - // skipping a sync obj for a non-syncing listener - } - } -} - -func (p *sharedProcessor) run(stopCh <-chan struct{}) { - func() { - p.listenersLock.RLock() - defer p.listenersLock.RUnlock() - for listener := range p.listeners { - p.wg.Start(listener.run) - p.wg.Start(listener.pop) - } - p.listenersStarted = true - }() - <-stopCh - - p.listenersLock.Lock() - defer p.listenersLock.Unlock() - for listener := range p.listeners { - close(listener.addCh) // Tell .pop() to stop. .pop() will tell .run() to stop - } - - // Wipe out list of listeners since they are now closed - // (processorListener cannot be re-used) - p.listeners = nil - - // Reset to false since no listeners are running - p.listenersStarted = false - - p.wg.Wait() // Wait for all .pop() and .run() to stop -} - -// shouldResync queries every listener to determine if any of them need a resync, based on each -// listener's resyncPeriod. -func (p *sharedProcessor) shouldResync() bool { - p.listenersLock.Lock() - defer p.listenersLock.Unlock() - - resyncNeeded := false - now := p.clock.Now() - for listener := range p.listeners { - // need to loop through all the listeners to see if they need to resync so we can prepare any - // listeners that are going to be resyncing. - shouldResync := listener.shouldResync(now) - p.listeners[listener] = shouldResync - - if shouldResync { - resyncNeeded = true - listener.determineNextResync(now) - } - } - return resyncNeeded -} - -func (p *sharedProcessor) resyncCheckPeriodChanged(resyncCheckPeriod time.Duration) { - p.listenersLock.RLock() - defer p.listenersLock.RUnlock() - - for listener := range p.listeners { - resyncPeriod := determineResyncPeriod( - listener.requestedResyncPeriod, resyncCheckPeriod) - listener.setResyncPeriod(resyncPeriod) - } -} - -// processorListener relays notifications from a sharedProcessor to -// one ResourceEventHandler --- using two goroutines, two unbuffered -// channels, and an unbounded ring buffer. The `add(notification)` -// function sends the given notification to `addCh`. One goroutine -// runs `pop()`, which pumps notifications from `addCh` to `nextCh` -// using storage in the ring buffer while `nextCh` is not keeping up. -// Another goroutine runs `run()`, which receives notifications from -// `nextCh` and synchronously invokes the appropriate handler method. -// -// processorListener also keeps track of the adjusted requested resync -// period of the listener. -type processorListener struct { - nextCh chan interface{} - addCh chan interface{} - - handler ResourceEventHandler - - // pendingNotifications is an unbounded ring buffer that holds all notifications not yet distributed. - // There is one per listener, but a failing/stalled listener will have infinite pendingNotifications - // added until we OOM. - // TODO: This is no worse than before, since reflectors were backed by unbounded DeltaFIFOs, but - // we should try to do something better. - pendingNotifications buffer.RingGrowing - - // requestedResyncPeriod is how frequently the listener wants a - // full resync from the shared informer, but modified by two - // adjustments. One is imposing a lower bound, - // `minimumResyncPeriod`. The other is another lower bound, the - // sharedIndexInformer's `resyncCheckPeriod`, that is imposed (a) only - // in AddEventHandlerWithResyncPeriod invocations made after the - // sharedIndexInformer starts and (b) only if the informer does - // resyncs at all. - requestedResyncPeriod time.Duration - // resyncPeriod is the threshold that will be used in the logic - // for this listener. This value differs from - // requestedResyncPeriod only when the sharedIndexInformer does - // not do resyncs, in which case the value here is zero. The - // actual time between resyncs depends on when the - // sharedProcessor's `shouldResync` function is invoked and when - // the sharedIndexInformer processes `Sync` type Delta objects. - resyncPeriod time.Duration - // nextResync is the earliest time the listener should get a full resync - nextResync time.Time - // resyncLock guards access to resyncPeriod and nextResync - resyncLock sync.Mutex -} - -func newProcessListener(handler ResourceEventHandler, requestedResyncPeriod, resyncPeriod time.Duration, now time.Time, bufferSize int) *processorListener { - ret := &processorListener{ - nextCh: make(chan interface{}), - addCh: make(chan interface{}), - handler: handler, - pendingNotifications: *buffer.NewRingGrowing(bufferSize), - requestedResyncPeriod: requestedResyncPeriod, - resyncPeriod: resyncPeriod, - } - - ret.determineNextResync(now) - - return ret -} - -func (p *processorListener) add(notification interface{}) { - p.addCh <- notification -} - -func (p *processorListener) pop() { - defer utilruntime.HandleCrash() - defer close(p.nextCh) // Tell .run() to stop - - var nextCh chan<- interface{} - var notification interface{} - for { - select { - case nextCh <- notification: - // Notification dispatched - var ok bool - notification, ok = p.pendingNotifications.ReadOne() - if !ok { // Nothing to pop - nextCh = nil // Disable this select case - } - case notificationToAdd, ok := <-p.addCh: - if !ok { - return - } - if notification == nil { // No notification to pop (and pendingNotifications is empty) - // Optimize the case - skip adding to pendingNotifications - notification = notificationToAdd - nextCh = p.nextCh - } else { // There is already a notification waiting to be dispatched - p.pendingNotifications.WriteOne(notificationToAdd) - } - } - } -} - -func (p *processorListener) run() { - // this call blocks until the channel is closed. When a panic happens during the notification - // we will catch it, **the offending item will be skipped!**, and after a short delay (one second) - // the next notification will be attempted. This is usually better than the alternative of never - // delivering again. - stopCh := make(chan struct{}) - wait.Until(func() { - for next := range p.nextCh { - switch notification := next.(type) { - case updateNotification: - p.handler.OnUpdate(notification.oldObj, notification.newObj) - case addNotification: - p.handler.OnAdd(notification.newObj) - case deleteNotification: - p.handler.OnDelete(notification.oldObj) - default: - utilruntime.HandleError(fmt.Errorf("unrecognized notification: %T", next)) - } - } - // the only way to get here is if the p.nextCh is empty and closed - close(stopCh) - }, 1*time.Second, stopCh) -} - -// shouldResync deterimines if the listener needs a resync. If the listener's resyncPeriod is 0, -// this always returns false. -func (p *processorListener) shouldResync(now time.Time) bool { - p.resyncLock.Lock() - defer p.resyncLock.Unlock() - - if p.resyncPeriod == 0 { - return false - } - - return now.After(p.nextResync) || now.Equal(p.nextResync) -} - -func (p *processorListener) determineNextResync(now time.Time) { - p.resyncLock.Lock() - defer p.resyncLock.Unlock() - - p.nextResync = now.Add(p.resyncPeriod) -} - -func (p *processorListener) setResyncPeriod(resyncPeriod time.Duration) { - p.resyncLock.Lock() - defer p.resyncLock.Unlock() - - p.resyncPeriod = resyncPeriod -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/store.go b/etcd/vendor/k8s.io/client-go/tools/cache/store.go deleted file mode 100644 index 5308ea7480..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/store.go +++ /dev/null @@ -1,276 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "fmt" - "strings" - - "k8s.io/apimachinery/pkg/api/meta" -) - -// Store is a generic object storage and processing interface. A -// Store holds a map from string keys to accumulators, and has -// operations to add, update, and delete a given object to/from the -// accumulator currently associated with a given key. A Store also -// knows how to extract the key from a given object, so many operations -// are given only the object. -// -// In the simplest Store implementations each accumulator is simply -// the last given object, or empty after Delete, and thus the Store's -// behavior is simple storage. -// -// Reflector knows how to watch a server and update a Store. This -// package provides a variety of implementations of Store. -type Store interface { - - // Add adds the given object to the accumulator associated with the given object's key - Add(obj interface{}) error - - // Update updates the given object in the accumulator associated with the given object's key - Update(obj interface{}) error - - // Delete deletes the given object from the accumulator associated with the given object's key - Delete(obj interface{}) error - - // List returns a list of all the currently non-empty accumulators - List() []interface{} - - // ListKeys returns a list of all the keys currently associated with non-empty accumulators - ListKeys() []string - - // Get returns the accumulator associated with the given object's key - Get(obj interface{}) (item interface{}, exists bool, err error) - - // GetByKey returns the accumulator associated with the given key - GetByKey(key string) (item interface{}, exists bool, err error) - - // Replace will delete the contents of the store, using instead the - // given list. Store takes ownership of the list, you should not reference - // it after calling this function. - Replace([]interface{}, string) error - - // Resync is meaningless in the terms appearing here but has - // meaning in some implementations that have non-trivial - // additional behavior (e.g., DeltaFIFO). - Resync() error -} - -// KeyFunc knows how to make a key from an object. Implementations should be deterministic. -type KeyFunc func(obj interface{}) (string, error) - -// KeyError will be returned any time a KeyFunc gives an error; it includes the object -// at fault. -type KeyError struct { - Obj interface{} - Err error -} - -// Error gives a human-readable description of the error. -func (k KeyError) Error() string { - return fmt.Sprintf("couldn't create key for object %+v: %v", k.Obj, k.Err) -} - -// Unwrap implements errors.Unwrap -func (k KeyError) Unwrap() error { - return k.Err -} - -// ExplicitKey can be passed to MetaNamespaceKeyFunc if you have the key for -// the object but not the object itself. -type ExplicitKey string - -// MetaNamespaceKeyFunc is a convenient default KeyFunc which knows how to make -// keys for API objects which implement meta.Interface. -// The key uses the format <namespace>/<name> unless <namespace> is empty, then -// it's just <name>. -// -// TODO: replace key-as-string with a key-as-struct so that this -// packing/unpacking won't be necessary. -func MetaNamespaceKeyFunc(obj interface{}) (string, error) { - if key, ok := obj.(ExplicitKey); ok { - return string(key), nil - } - meta, err := meta.Accessor(obj) - if err != nil { - return "", fmt.Errorf("object has no meta: %v", err) - } - if len(meta.GetNamespace()) > 0 { - return meta.GetNamespace() + "/" + meta.GetName(), nil - } - return meta.GetName(), nil -} - -// SplitMetaNamespaceKey returns the namespace and name that -// MetaNamespaceKeyFunc encoded into key. -// -// TODO: replace key-as-string with a key-as-struct so that this -// packing/unpacking won't be necessary. -func SplitMetaNamespaceKey(key string) (namespace, name string, err error) { - parts := strings.Split(key, "/") - switch len(parts) { - case 1: - // name only, no namespace - return "", parts[0], nil - case 2: - // namespace and name - return parts[0], parts[1], nil - } - - return "", "", fmt.Errorf("unexpected key format: %q", key) -} - -// `*cache` implements Indexer in terms of a ThreadSafeStore and an -// associated KeyFunc. -type cache struct { - // cacheStorage bears the burden of thread safety for the cache - cacheStorage ThreadSafeStore - // keyFunc is used to make the key for objects stored in and retrieved from items, and - // should be deterministic. - keyFunc KeyFunc -} - -var _ Store = &cache{} - -// Add inserts an item into the cache. -func (c *cache) Add(obj interface{}) error { - key, err := c.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - c.cacheStorage.Add(key, obj) - return nil -} - -// Update sets an item in the cache to its updated state. -func (c *cache) Update(obj interface{}) error { - key, err := c.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - c.cacheStorage.Update(key, obj) - return nil -} - -// Delete removes an item from the cache. -func (c *cache) Delete(obj interface{}) error { - key, err := c.keyFunc(obj) - if err != nil { - return KeyError{obj, err} - } - c.cacheStorage.Delete(key) - return nil -} - -// List returns a list of all the items. -// List is completely threadsafe as long as you treat all items as immutable. -func (c *cache) List() []interface{} { - return c.cacheStorage.List() -} - -// ListKeys returns a list of all the keys of the objects currently -// in the cache. -func (c *cache) ListKeys() []string { - return c.cacheStorage.ListKeys() -} - -// GetIndexers returns the indexers of cache -func (c *cache) GetIndexers() Indexers { - return c.cacheStorage.GetIndexers() -} - -// Index returns a list of items that match on the index function -// Index is thread-safe so long as you treat all items as immutable -func (c *cache) Index(indexName string, obj interface{}) ([]interface{}, error) { - return c.cacheStorage.Index(indexName, obj) -} - -// IndexKeys returns the storage keys of the stored objects whose set of -// indexed values for the named index includes the given indexed value. -// The returned keys are suitable to pass to GetByKey(). -func (c *cache) IndexKeys(indexName, indexedValue string) ([]string, error) { - return c.cacheStorage.IndexKeys(indexName, indexedValue) -} - -// ListIndexFuncValues returns the list of generated values of an Index func -func (c *cache) ListIndexFuncValues(indexName string) []string { - return c.cacheStorage.ListIndexFuncValues(indexName) -} - -// ByIndex returns the stored objects whose set of indexed values -// for the named index includes the given indexed value. -func (c *cache) ByIndex(indexName, indexedValue string) ([]interface{}, error) { - return c.cacheStorage.ByIndex(indexName, indexedValue) -} - -func (c *cache) AddIndexers(newIndexers Indexers) error { - return c.cacheStorage.AddIndexers(newIndexers) -} - -// Get returns the requested item, or sets exists=false. -// Get is completely threadsafe as long as you treat all items as immutable. -func (c *cache) Get(obj interface{}) (item interface{}, exists bool, err error) { - key, err := c.keyFunc(obj) - if err != nil { - return nil, false, KeyError{obj, err} - } - return c.GetByKey(key) -} - -// GetByKey returns the request item, or exists=false. -// GetByKey is completely threadsafe as long as you treat all items as immutable. -func (c *cache) GetByKey(key string) (item interface{}, exists bool, err error) { - item, exists = c.cacheStorage.Get(key) - return item, exists, nil -} - -// Replace will delete the contents of 'c', using instead the given list. -// 'c' takes ownership of the list, you should not reference the list again -// after calling this function. -func (c *cache) Replace(list []interface{}, resourceVersion string) error { - items := make(map[string]interface{}, len(list)) - for _, item := range list { - key, err := c.keyFunc(item) - if err != nil { - return KeyError{item, err} - } - items[key] = item - } - c.cacheStorage.Replace(items, resourceVersion) - return nil -} - -// Resync is meaningless for one of these -func (c *cache) Resync() error { - return nil -} - -// NewStore returns a Store implemented simply with a map and a lock. -func NewStore(keyFunc KeyFunc) Store { - return &cache{ - cacheStorage: NewThreadSafeStore(Indexers{}, Indices{}), - keyFunc: keyFunc, - } -} - -// NewIndexer returns an Indexer implemented simply with a map and a lock. -func NewIndexer(keyFunc KeyFunc, indexers Indexers) Indexer { - return &cache{ - cacheStorage: NewThreadSafeStore(indexers, Indices{}), - keyFunc: keyFunc, - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/thread_safe_store.go b/etcd/vendor/k8s.io/client-go/tools/cache/thread_safe_store.go deleted file mode 100644 index 145e93ee53..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/thread_safe_store.go +++ /dev/null @@ -1,363 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -import ( - "fmt" - "sync" - - "k8s.io/apimachinery/pkg/util/sets" -) - -// ThreadSafeStore is an interface that allows concurrent indexed -// access to a storage backend. It is like Indexer but does not -// (necessarily) know how to extract the Store key from a given -// object. -// -// TL;DR caveats: you must not modify anything returned by Get or List as it will break -// the indexing feature in addition to not being thread safe. -// -// The guarantees of thread safety provided by List/Get are only valid if the caller -// treats returned items as read-only. For example, a pointer inserted in the store -// through `Add` will be returned as is by `Get`. Multiple clients might invoke `Get` -// on the same key and modify the pointer in a non-thread-safe way. Also note that -// modifying objects stored by the indexers (if any) will *not* automatically lead -// to a re-index. So it's not a good idea to directly modify the objects returned by -// Get/List, in general. -type ThreadSafeStore interface { - Add(key string, obj interface{}) - Update(key string, obj interface{}) - Delete(key string) - Get(key string) (item interface{}, exists bool) - List() []interface{} - ListKeys() []string - Replace(map[string]interface{}, string) - Index(indexName string, obj interface{}) ([]interface{}, error) - IndexKeys(indexName, indexedValue string) ([]string, error) - ListIndexFuncValues(name string) []string - ByIndex(indexName, indexedValue string) ([]interface{}, error) - GetIndexers() Indexers - - // AddIndexers adds more indexers to this store. If you call this after you already have data - // in the store, the results are undefined. - AddIndexers(newIndexers Indexers) error - // Resync is a no-op and is deprecated - Resync() error -} - -// storeIndex implements the indexing functionality for Store interface -type storeIndex struct { - // indexers maps a name to an IndexFunc - indexers Indexers - // indices maps a name to an Index - indices Indices -} - -func (i *storeIndex) reset() { - i.indices = Indices{} -} - -func (i *storeIndex) getKeysFromIndex(indexName string, obj interface{}) (sets.String, error) { - indexFunc := i.indexers[indexName] - if indexFunc == nil { - return nil, fmt.Errorf("Index with name %s does not exist", indexName) - } - - indexedValues, err := indexFunc(obj) - if err != nil { - return nil, err - } - index := i.indices[indexName] - - var storeKeySet sets.String - if len(indexedValues) == 1 { - // In majority of cases, there is exactly one value matching. - // Optimize the most common path - deduping is not needed here. - storeKeySet = index[indexedValues[0]] - } else { - // Need to de-dupe the return list. - // Since multiple keys are allowed, this can happen. - storeKeySet = sets.String{} - for _, indexedValue := range indexedValues { - for key := range index[indexedValue] { - storeKeySet.Insert(key) - } - } - } - - return storeKeySet, nil -} - -func (i *storeIndex) getKeysByIndex(indexName, indexedValue string) (sets.String, error) { - indexFunc := i.indexers[indexName] - if indexFunc == nil { - return nil, fmt.Errorf("Index with name %s does not exist", indexName) - } - - index := i.indices[indexName] - return index[indexedValue], nil -} - -func (i *storeIndex) getIndexValues(indexName string) []string { - index := i.indices[indexName] - names := make([]string, 0, len(index)) - for key := range index { - names = append(names, key) - } - return names -} - -func (i *storeIndex) addIndexers(newIndexers Indexers) error { - oldKeys := sets.StringKeySet(i.indexers) - newKeys := sets.StringKeySet(newIndexers) - - if oldKeys.HasAny(newKeys.List()...) { - return fmt.Errorf("indexer conflict: %v", oldKeys.Intersection(newKeys)) - } - - for k, v := range newIndexers { - i.indexers[k] = v - } - return nil -} - -// updateIndices modifies the objects location in the managed indexes: -// - for create you must provide only the newObj -// - for update you must provide both the oldObj and the newObj -// - for delete you must provide only the oldObj -// updateIndices must be called from a function that already has a lock on the cache -func (i *storeIndex) updateIndices(oldObj interface{}, newObj interface{}, key string) { - var oldIndexValues, indexValues []string - var err error - for name, indexFunc := range i.indexers { - if oldObj != nil { - oldIndexValues, err = indexFunc(oldObj) - } else { - oldIndexValues = oldIndexValues[:0] - } - if err != nil { - panic(fmt.Errorf("unable to calculate an index entry for key %q on index %q: %v", key, name, err)) - } - - if newObj != nil { - indexValues, err = indexFunc(newObj) - } else { - indexValues = indexValues[:0] - } - if err != nil { - panic(fmt.Errorf("unable to calculate an index entry for key %q on index %q: %v", key, name, err)) - } - - index := i.indices[name] - if index == nil { - index = Index{} - i.indices[name] = index - } - - if len(indexValues) == 1 && len(oldIndexValues) == 1 && indexValues[0] == oldIndexValues[0] { - // We optimize for the most common case where indexFunc returns a single value which has not been changed - continue - } - - for _, value := range oldIndexValues { - i.deleteKeyFromIndex(key, value, index) - } - for _, value := range indexValues { - i.addKeyToIndex(key, value, index) - } - } -} - -func (i *storeIndex) addKeyToIndex(key, indexValue string, index Index) { - set := index[indexValue] - if set == nil { - set = sets.String{} - index[indexValue] = set - } - set.Insert(key) -} - -func (i *storeIndex) deleteKeyFromIndex(key, indexValue string, index Index) { - set := index[indexValue] - if set == nil { - return - } - set.Delete(key) - // If we don't delete the set when zero, indices with high cardinality - // short lived resources can cause memory to increase over time from - // unused empty sets. See `kubernetes/kubernetes/issues/84959`. - if len(set) == 0 { - delete(index, indexValue) - } -} - -// threadSafeMap implements ThreadSafeStore -type threadSafeMap struct { - lock sync.RWMutex - items map[string]interface{} - - // index implements the indexing functionality - index *storeIndex -} - -func (c *threadSafeMap) Add(key string, obj interface{}) { - c.Update(key, obj) -} - -func (c *threadSafeMap) Update(key string, obj interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - oldObject := c.items[key] - c.items[key] = obj - c.index.updateIndices(oldObject, obj, key) -} - -func (c *threadSafeMap) Delete(key string) { - c.lock.Lock() - defer c.lock.Unlock() - if obj, exists := c.items[key]; exists { - c.index.updateIndices(obj, nil, key) - delete(c.items, key) - } -} - -func (c *threadSafeMap) Get(key string) (item interface{}, exists bool) { - c.lock.RLock() - defer c.lock.RUnlock() - item, exists = c.items[key] - return item, exists -} - -func (c *threadSafeMap) List() []interface{} { - c.lock.RLock() - defer c.lock.RUnlock() - list := make([]interface{}, 0, len(c.items)) - for _, item := range c.items { - list = append(list, item) - } - return list -} - -// ListKeys returns a list of all the keys of the objects currently -// in the threadSafeMap. -func (c *threadSafeMap) ListKeys() []string { - c.lock.RLock() - defer c.lock.RUnlock() - list := make([]string, 0, len(c.items)) - for key := range c.items { - list = append(list, key) - } - return list -} - -func (c *threadSafeMap) Replace(items map[string]interface{}, resourceVersion string) { - c.lock.Lock() - defer c.lock.Unlock() - c.items = items - - // rebuild any index - c.index.reset() - for key, item := range c.items { - c.index.updateIndices(nil, item, key) - } -} - -// Index returns a list of items that match the given object on the index function. -// Index is thread-safe so long as you treat all items as immutable. -func (c *threadSafeMap) Index(indexName string, obj interface{}) ([]interface{}, error) { - c.lock.RLock() - defer c.lock.RUnlock() - - storeKeySet, err := c.index.getKeysFromIndex(indexName, obj) - if err != nil { - return nil, err - } - - list := make([]interface{}, 0, storeKeySet.Len()) - for storeKey := range storeKeySet { - list = append(list, c.items[storeKey]) - } - return list, nil -} - -// ByIndex returns a list of the items whose indexed values in the given index include the given indexed value -func (c *threadSafeMap) ByIndex(indexName, indexedValue string) ([]interface{}, error) { - c.lock.RLock() - defer c.lock.RUnlock() - - set, err := c.index.getKeysByIndex(indexName, indexedValue) - if err != nil { - return nil, err - } - list := make([]interface{}, 0, set.Len()) - for key := range set { - list = append(list, c.items[key]) - } - - return list, nil -} - -// IndexKeys returns a list of the Store keys of the objects whose indexed values in the given index include the given indexed value. -// IndexKeys is thread-safe so long as you treat all items as immutable. -func (c *threadSafeMap) IndexKeys(indexName, indexedValue string) ([]string, error) { - c.lock.RLock() - defer c.lock.RUnlock() - - set, err := c.index.getKeysByIndex(indexName, indexedValue) - if err != nil { - return nil, err - } - return set.List(), nil -} - -func (c *threadSafeMap) ListIndexFuncValues(indexName string) []string { - c.lock.RLock() - defer c.lock.RUnlock() - - return c.index.getIndexValues(indexName) -} - -func (c *threadSafeMap) GetIndexers() Indexers { - return c.index.indexers -} - -func (c *threadSafeMap) AddIndexers(newIndexers Indexers) error { - c.lock.Lock() - defer c.lock.Unlock() - - if len(c.items) > 0 { - return fmt.Errorf("cannot add indexers to running index") - } - - return c.index.addIndexers(newIndexers) -} - -func (c *threadSafeMap) Resync() error { - // Nothing to do - return nil -} - -// NewThreadSafeStore creates a new instance of ThreadSafeStore. -func NewThreadSafeStore(indexers Indexers, indices Indices) ThreadSafeStore { - return &threadSafeMap{ - items: map[string]interface{}{}, - index: &storeIndex{ - indexers: indexers, - indices: indices, - }, - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/cache/undelta_store.go b/etcd/vendor/k8s.io/client-go/tools/cache/undelta_store.go deleted file mode 100644 index 220845dd3a..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/cache/undelta_store.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cache - -// UndeltaStore listens to incremental updates and sends complete state on every change. -// It implements the Store interface so that it can receive a stream of mirrored objects -// from Reflector. Whenever it receives any complete (Store.Replace) or incremental change -// (Store.Add, Store.Update, Store.Delete), it sends the complete state by calling PushFunc. -// It is thread-safe. It guarantees that every change (Add, Update, Replace, Delete) results -// in one call to PushFunc, but sometimes PushFunc may be called twice with the same values. -// PushFunc should be thread safe. -type UndeltaStore struct { - Store - PushFunc func([]interface{}) -} - -// Assert that it implements the Store interface. -var _ Store = &UndeltaStore{} - -// Add inserts an object into the store and sends complete state by calling PushFunc. -// Note about thread safety. The Store implementation (cache.cache) uses a lock for all methods. -// In the functions below, the lock gets released and reacquired betweend the {Add,Delete,etc} -// and the List. So, the following can happen, resulting in two identical calls to PushFunc. -// time thread 1 thread 2 -// 0 UndeltaStore.Add(a) -// 1 UndeltaStore.Add(b) -// 2 Store.Add(a) -// 3 Store.Add(b) -// 4 Store.List() -> [a,b] -// 5 Store.List() -> [a,b] -func (u *UndeltaStore) Add(obj interface{}) error { - if err := u.Store.Add(obj); err != nil { - return err - } - u.PushFunc(u.Store.List()) - return nil -} - -// Update sets an item in the cache to its updated state and sends complete state by calling PushFunc. -func (u *UndeltaStore) Update(obj interface{}) error { - if err := u.Store.Update(obj); err != nil { - return err - } - u.PushFunc(u.Store.List()) - return nil -} - -// Delete removes an item from the cache and sends complete state by calling PushFunc. -func (u *UndeltaStore) Delete(obj interface{}) error { - if err := u.Store.Delete(obj); err != nil { - return err - } - u.PushFunc(u.Store.List()) - return nil -} - -// Replace will delete the contents of current store, using instead the given list. -// 'u' takes ownership of the list, you should not reference the list again -// after calling this function. -// The new contents complete state will be sent by calling PushFunc after replacement. -func (u *UndeltaStore) Replace(list []interface{}, resourceVersion string) error { - if err := u.Store.Replace(list, resourceVersion); err != nil { - return err - } - u.PushFunc(u.Store.List()) - return nil -} - -// NewUndeltaStore returns an UndeltaStore implemented with a Store. -func NewUndeltaStore(pushFunc func([]interface{}), keyFunc KeyFunc) *UndeltaStore { - return &UndeltaStore{ - Store: NewStore(keyFunc), - PushFunc: pushFunc, - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/events/OWNERS b/etcd/vendor/k8s.io/client-go/tools/events/OWNERS deleted file mode 100644 index 8c1137f412..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/events/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-instrumentation-approvers - - wojtek-t -reviewers: - - sig-instrumentation-reviewers - - wojtek-t -emeritus_approvers: - - yastij diff --git a/etcd/vendor/k8s.io/client-go/tools/events/doc.go b/etcd/vendor/k8s.io/client-go/tools/events/doc.go deleted file mode 100644 index 8c48f607e1..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/events/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package events has all client logic for recording and reporting -// "k8s.io/api/events/v1".Event events. -package events // import "k8s.io/client-go/tools/events" diff --git a/etcd/vendor/k8s.io/client-go/tools/events/event_broadcaster.go b/etcd/vendor/k8s.io/client-go/tools/events/event_broadcaster.go deleted file mode 100644 index 951965e95e..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/events/event_broadcaster.go +++ /dev/null @@ -1,416 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package events - -import ( - "context" - "fmt" - "os" - "sync" - "time" - - corev1 "k8s.io/api/core/v1" - eventsv1 "k8s.io/api/events/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/json" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/strategicpatch" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/watch" - clientset "k8s.io/client-go/kubernetes" - "k8s.io/client-go/kubernetes/scheme" - typedv1core "k8s.io/client-go/kubernetes/typed/core/v1" - typedeventsv1 "k8s.io/client-go/kubernetes/typed/events/v1" - restclient "k8s.io/client-go/rest" - "k8s.io/client-go/tools/record" - "k8s.io/client-go/tools/record/util" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -const ( - maxTriesPerEvent = 12 - finishTime = 6 * time.Minute - refreshTime = 30 * time.Minute - maxQueuedEvents = 1000 -) - -var defaultSleepDuration = 10 * time.Second - -// TODO: validate impact of copying and investigate hashing -type eventKey struct { - action string - reason string - reportingController string - regarding corev1.ObjectReference - related corev1.ObjectReference -} - -type eventBroadcasterImpl struct { - *watch.Broadcaster - mu sync.Mutex - eventCache map[eventKey]*eventsv1.Event - sleepDuration time.Duration - sink EventSink -} - -// EventSinkImpl wraps EventsV1Interface to implement EventSink. -// TODO: this makes it easier for testing purpose and masks the logic of performing API calls. -// Note that rollbacking to raw clientset should also be transparent. -type EventSinkImpl struct { - Interface typedeventsv1.EventsV1Interface -} - -// Create takes the representation of a event and creates it. Returns the server's representation of the event, and an error, if there is any. -func (e *EventSinkImpl) Create(event *eventsv1.Event) (*eventsv1.Event, error) { - if event.Namespace == "" { - return nil, fmt.Errorf("can't create an event with empty namespace") - } - return e.Interface.Events(event.Namespace).Create(context.TODO(), event, metav1.CreateOptions{}) -} - -// Update takes the representation of a event and updates it. Returns the server's representation of the event, and an error, if there is any. -func (e *EventSinkImpl) Update(event *eventsv1.Event) (*eventsv1.Event, error) { - if event.Namespace == "" { - return nil, fmt.Errorf("can't update an event with empty namespace") - } - return e.Interface.Events(event.Namespace).Update(context.TODO(), event, metav1.UpdateOptions{}) -} - -// Patch applies the patch and returns the patched event, and an error, if there is any. -func (e *EventSinkImpl) Patch(event *eventsv1.Event, data []byte) (*eventsv1.Event, error) { - if event.Namespace == "" { - return nil, fmt.Errorf("can't patch an event with empty namespace") - } - return e.Interface.Events(event.Namespace).Patch(context.TODO(), event.Name, types.StrategicMergePatchType, data, metav1.PatchOptions{}) -} - -// NewBroadcaster Creates a new event broadcaster. -func NewBroadcaster(sink EventSink) EventBroadcaster { - return newBroadcaster(sink, defaultSleepDuration, map[eventKey]*eventsv1.Event{}) -} - -// NewBroadcasterForTest Creates a new event broadcaster for test purposes. -func newBroadcaster(sink EventSink, sleepDuration time.Duration, eventCache map[eventKey]*eventsv1.Event) EventBroadcaster { - return &eventBroadcasterImpl{ - Broadcaster: watch.NewBroadcaster(maxQueuedEvents, watch.DropIfChannelFull), - eventCache: eventCache, - sleepDuration: sleepDuration, - sink: sink, - } -} - -func (e *eventBroadcasterImpl) Shutdown() { - e.Broadcaster.Shutdown() -} - -// refreshExistingEventSeries refresh events TTL -func (e *eventBroadcasterImpl) refreshExistingEventSeries() { - // TODO: Investigate whether lock contention won't be a problem - e.mu.Lock() - defer e.mu.Unlock() - for isomorphicKey, event := range e.eventCache { - if event.Series != nil { - if recordedEvent, retry := recordEvent(e.sink, event); !retry { - if recordedEvent != nil { - e.eventCache[isomorphicKey] = recordedEvent - } - } - } - } -} - -// finishSeries checks if a series has ended and either: -// - write final count to the apiserver -// - delete a singleton event (i.e. series field is nil) from the cache -func (e *eventBroadcasterImpl) finishSeries() { - // TODO: Investigate whether lock contention won't be a problem - e.mu.Lock() - defer e.mu.Unlock() - for isomorphicKey, event := range e.eventCache { - eventSerie := event.Series - if eventSerie != nil { - if eventSerie.LastObservedTime.Time.Before(time.Now().Add(-finishTime)) { - if _, retry := recordEvent(e.sink, event); !retry { - delete(e.eventCache, isomorphicKey) - } - } - } else if event.EventTime.Time.Before(time.Now().Add(-finishTime)) { - delete(e.eventCache, isomorphicKey) - } - } -} - -// NewRecorder returns an EventRecorder that records events with the given event source. -func (e *eventBroadcasterImpl) NewRecorder(scheme *runtime.Scheme, reportingController string) EventRecorder { - hostname, _ := os.Hostname() - reportingInstance := reportingController + "-" + hostname - return &recorderImpl{scheme, reportingController, reportingInstance, e.Broadcaster, clock.RealClock{}} -} - -func (e *eventBroadcasterImpl) recordToSink(event *eventsv1.Event, clock clock.Clock) { - // Make a copy before modification, because there could be multiple listeners. - eventCopy := event.DeepCopy() - go func() { - evToRecord := func() *eventsv1.Event { - e.mu.Lock() - defer e.mu.Unlock() - eventKey := getKey(eventCopy) - isomorphicEvent, isIsomorphic := e.eventCache[eventKey] - if isIsomorphic { - if isomorphicEvent.Series != nil { - isomorphicEvent.Series.Count++ - isomorphicEvent.Series.LastObservedTime = metav1.MicroTime{Time: clock.Now()} - return nil - } - isomorphicEvent.Series = &eventsv1.EventSeries{ - Count: 1, - LastObservedTime: metav1.MicroTime{Time: clock.Now()}, - } - return isomorphicEvent - } - e.eventCache[eventKey] = eventCopy - return eventCopy - }() - if evToRecord != nil { - recordedEvent := e.attemptRecording(evToRecord) - if recordedEvent != nil { - recordedEventKey := getKey(recordedEvent) - e.mu.Lock() - defer e.mu.Unlock() - e.eventCache[recordedEventKey] = recordedEvent - } - } - }() -} - -func (e *eventBroadcasterImpl) attemptRecording(event *eventsv1.Event) *eventsv1.Event { - tries := 0 - for { - if recordedEvent, retry := recordEvent(e.sink, event); !retry { - return recordedEvent - } - tries++ - if tries >= maxTriesPerEvent { - klog.Errorf("Unable to write event '%#v' (retry limit exceeded!)", event) - return nil - } - // Randomize sleep so that various clients won't all be - // synced up if the master goes down. - time.Sleep(wait.Jitter(e.sleepDuration, 0.25)) - } -} - -func recordEvent(sink EventSink, event *eventsv1.Event) (*eventsv1.Event, bool) { - var newEvent *eventsv1.Event - var err error - isEventSeries := event.Series != nil - if isEventSeries { - patch, patchBytesErr := createPatchBytesForSeries(event) - if patchBytesErr != nil { - klog.Errorf("Unable to calculate diff, no merge is possible: %v", patchBytesErr) - return nil, false - } - newEvent, err = sink.Patch(event, patch) - } - // Update can fail because the event may have been removed and it no longer exists. - if !isEventSeries || (isEventSeries && util.IsKeyNotFoundError(err)) { - // Making sure that ResourceVersion is empty on creation - event.ResourceVersion = "" - newEvent, err = sink.Create(event) - } - if err == nil { - return newEvent, false - } - // If we can't contact the server, then hold everything while we keep trying. - // Otherwise, something about the event is malformed and we should abandon it. - switch err.(type) { - case *restclient.RequestConstructionError: - // We will construct the request the same next time, so don't keep trying. - klog.Errorf("Unable to construct event '%#v': '%v' (will not retry!)", event, err) - return nil, false - case *errors.StatusError: - if errors.IsAlreadyExists(err) { - klog.V(5).Infof("Server rejected event '%#v': '%v' (will not retry!)", event, err) - } else { - klog.Errorf("Server rejected event '%#v': '%v' (will not retry!)", event, err) - } - return nil, false - case *errors.UnexpectedObjectError: - // We don't expect this; it implies the server's response didn't match a - // known pattern. Go ahead and retry. - default: - // This case includes actual http transport errors. Go ahead and retry. - } - klog.Errorf("Unable to write event: '%v' (may retry after sleeping)", err) - return nil, true -} - -func createPatchBytesForSeries(event *eventsv1.Event) ([]byte, error) { - oldEvent := event.DeepCopy() - oldEvent.Series = nil - oldData, err := json.Marshal(oldEvent) - if err != nil { - return nil, err - } - newData, err := json.Marshal(event) - if err != nil { - return nil, err - } - return strategicpatch.CreateTwoWayMergePatch(oldData, newData, eventsv1.Event{}) -} - -func getKey(event *eventsv1.Event) eventKey { - key := eventKey{ - action: event.Action, - reason: event.Reason, - reportingController: event.ReportingController, - regarding: event.Regarding, - } - if event.Related != nil { - key.related = *event.Related - } - return key -} - -// StartStructuredLogging starts sending events received from this EventBroadcaster to the structured logging function. -// The return value can be ignored or used to stop recording, if desired. -// TODO: this function should also return an error. -func (e *eventBroadcasterImpl) StartStructuredLogging(verbosity klog.Level) func() { - stopWatcher, err := e.StartEventWatcher( - func(obj runtime.Object) { - event, ok := obj.(*eventsv1.Event) - if !ok { - klog.Errorf("unexpected type, expected eventsv1.Event") - return - } - klog.V(verbosity).InfoS("Event occurred", "object", klog.KRef(event.Regarding.Namespace, event.Regarding.Name), "kind", event.Regarding.Kind, "apiVersion", event.Regarding.APIVersion, "type", event.Type, "reason", event.Reason, "action", event.Action, "note", event.Note) - }) - if err != nil { - klog.Errorf("failed to start event watcher: '%v'", err) - return func() {} - } - return stopWatcher -} - -// StartEventWatcher starts sending events received from this EventBroadcaster to the given event handler function. -// The return value is used to stop recording -func (e *eventBroadcasterImpl) StartEventWatcher(eventHandler func(event runtime.Object)) (func(), error) { - watcher, err := e.Watch() - if err != nil { - klog.Errorf("Unable start event watcher: '%v' (will not retry!)", err) - return nil, err - } - go func() { - defer utilruntime.HandleCrash() - for { - watchEvent, ok := <-watcher.ResultChan() - if !ok { - return - } - eventHandler(watchEvent.Object) - } - }() - return watcher.Stop, nil -} - -func (e *eventBroadcasterImpl) startRecordingEvents(stopCh <-chan struct{}) error { - eventHandler := func(obj runtime.Object) { - event, ok := obj.(*eventsv1.Event) - if !ok { - klog.Errorf("unexpected type, expected eventsv1.Event") - return - } - e.recordToSink(event, clock.RealClock{}) - } - stopWatcher, err := e.StartEventWatcher(eventHandler) - if err != nil { - return err - } - go func() { - <-stopCh - stopWatcher() - }() - return nil -} - -// StartRecordingToSink starts sending events received from the specified eventBroadcaster to the given sink. -func (e *eventBroadcasterImpl) StartRecordingToSink(stopCh <-chan struct{}) { - go wait.Until(e.refreshExistingEventSeries, refreshTime, stopCh) - go wait.Until(e.finishSeries, finishTime, stopCh) - err := e.startRecordingEvents(stopCh) - if err != nil { - klog.Errorf("unexpected type, expected eventsv1.Event") - return - } -} - -type eventBroadcasterAdapterImpl struct { - coreClient typedv1core.EventsGetter - coreBroadcaster record.EventBroadcaster - eventsv1Client typedeventsv1.EventsV1Interface - eventsv1Broadcaster EventBroadcaster -} - -// NewEventBroadcasterAdapter creates a wrapper around new and legacy broadcasters to simplify -// migration of individual components to the new Event API. -func NewEventBroadcasterAdapter(client clientset.Interface) EventBroadcasterAdapter { - eventClient := &eventBroadcasterAdapterImpl{} - if _, err := client.Discovery().ServerResourcesForGroupVersion(eventsv1.SchemeGroupVersion.String()); err == nil { - eventClient.eventsv1Client = client.EventsV1() - eventClient.eventsv1Broadcaster = NewBroadcaster(&EventSinkImpl{Interface: eventClient.eventsv1Client}) - } - // Even though there can soon exist cases when coreBroadcaster won't really be needed, - // we create it unconditionally because its overhead is minor and will simplify using usage - // patterns of this library in all components. - eventClient.coreClient = client.CoreV1() - eventClient.coreBroadcaster = record.NewBroadcaster() - return eventClient -} - -// StartRecordingToSink starts sending events received from the specified eventBroadcaster to the given sink. -func (e *eventBroadcasterAdapterImpl) StartRecordingToSink(stopCh <-chan struct{}) { - if e.eventsv1Broadcaster != nil && e.eventsv1Client != nil { - e.eventsv1Broadcaster.StartRecordingToSink(stopCh) - } - if e.coreBroadcaster != nil && e.coreClient != nil { - e.coreBroadcaster.StartRecordingToSink(&typedv1core.EventSinkImpl{Interface: e.coreClient.Events("")}) - } -} - -func (e *eventBroadcasterAdapterImpl) NewRecorder(name string) EventRecorder { - if e.eventsv1Broadcaster != nil && e.eventsv1Client != nil { - return e.eventsv1Broadcaster.NewRecorder(scheme.Scheme, name) - } - return record.NewEventRecorderAdapter(e.DeprecatedNewLegacyRecorder(name)) -} - -func (e *eventBroadcasterAdapterImpl) DeprecatedNewLegacyRecorder(name string) record.EventRecorder { - return e.coreBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: name}) -} - -func (e *eventBroadcasterAdapterImpl) Shutdown() { - if e.coreBroadcaster != nil { - e.coreBroadcaster.Shutdown() - } - if e.eventsv1Broadcaster != nil { - e.eventsv1Broadcaster.Shutdown() - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/events/event_recorder.go b/etcd/vendor/k8s.io/client-go/tools/events/event_recorder.go deleted file mode 100644 index 132843742b..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/events/event_recorder.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package events - -import ( - "fmt" - "time" - - v1 "k8s.io/api/core/v1" - eventsv1 "k8s.io/api/events/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/tools/record/util" - "k8s.io/client-go/tools/reference" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -type recorderImpl struct { - scheme *runtime.Scheme - reportingController string - reportingInstance string - *watch.Broadcaster - clock clock.Clock -} - -func (recorder *recorderImpl) Eventf(regarding runtime.Object, related runtime.Object, eventtype, reason, action, note string, args ...interface{}) { - timestamp := metav1.MicroTime{time.Now()} - message := fmt.Sprintf(note, args...) - refRegarding, err := reference.GetReference(recorder.scheme, regarding) - if err != nil { - klog.Errorf("Could not construct reference to: '%#v' due to: '%v'. Will not report event: '%v' '%v' '%v'", regarding, err, eventtype, reason, message) - return - } - - var refRelated *v1.ObjectReference - if related != nil { - refRelated, err = reference.GetReference(recorder.scheme, related) - if err != nil { - klog.V(9).Infof("Could not construct reference to: '%#v' due to: '%v'.", related, err) - } - } - if !util.ValidateEventType(eventtype) { - klog.Errorf("Unsupported event type: '%v'", eventtype) - return - } - event := recorder.makeEvent(refRegarding, refRelated, timestamp, eventtype, reason, message, recorder.reportingController, recorder.reportingInstance, action) - go func() { - defer utilruntime.HandleCrash() - recorder.Action(watch.Added, event) - }() -} - -func (recorder *recorderImpl) makeEvent(refRegarding *v1.ObjectReference, refRelated *v1.ObjectReference, timestamp metav1.MicroTime, eventtype, reason, message string, reportingController string, reportingInstance string, action string) *eventsv1.Event { - t := metav1.Time{Time: recorder.clock.Now()} - namespace := refRegarding.Namespace - if namespace == "" { - namespace = metav1.NamespaceDefault - } - return &eventsv1.Event{ - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%v.%x", refRegarding.Name, t.UnixNano()), - Namespace: namespace, - }, - EventTime: timestamp, - Series: nil, - ReportingController: reportingController, - ReportingInstance: reportingInstance, - Action: action, - Reason: reason, - Regarding: *refRegarding, - Related: refRelated, - Note: message, - Type: eventtype, - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/events/fake.go b/etcd/vendor/k8s.io/client-go/tools/events/fake.go deleted file mode 100644 index d572e0d3e1..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/events/fake.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package events - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" -) - -// FakeRecorder is used as a fake during tests. It is thread safe. It is usable -// when created manually and not by NewFakeRecorder, however all events may be -// thrown away in this case. -type FakeRecorder struct { - Events chan string -} - -// Eventf emits an event -func (f *FakeRecorder) Eventf(regarding runtime.Object, related runtime.Object, eventtype, reason, action, note string, args ...interface{}) { - if f.Events != nil { - f.Events <- fmt.Sprintf(eventtype+" "+reason+" "+note, args...) - } -} - -// NewFakeRecorder creates new fake event recorder with event channel with -// buffer of given size. -func NewFakeRecorder(bufferSize int) *FakeRecorder { - return &FakeRecorder{ - Events: make(chan string, bufferSize), - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/events/helper.go b/etcd/vendor/k8s.io/client-go/tools/events/helper.go deleted file mode 100644 index dfc57af4c2..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/events/helper.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package events - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - eventsv1 "k8s.io/api/events/v1" - eventsv1beta1 "k8s.io/api/events/v1beta1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" -) - -var mapping = map[schema.GroupVersion]string{ - eventsv1.SchemeGroupVersion: "regarding", - eventsv1beta1.SchemeGroupVersion: "regarding", - corev1.SchemeGroupVersion: "involvedObject", -} - -// GetFieldSelector returns the appropriate field selector based on the API version being used to communicate with the server. -// The returned field selector can be used with List and Watch to filter desired events. -func GetFieldSelector(eventsGroupVersion schema.GroupVersion, regardingGroupVersionKind schema.GroupVersionKind, regardingName string, regardingUID types.UID) (fields.Selector, error) { - field := fields.Set{} - - if _, ok := mapping[eventsGroupVersion]; !ok { - return nil, fmt.Errorf("unknown version %v", eventsGroupVersion) - } - prefix := mapping[eventsGroupVersion] - - if len(regardingName) > 0 { - field[prefix+".name"] = regardingName - } - - if len(regardingGroupVersionKind.Kind) > 0 { - field[prefix+".kind"] = regardingGroupVersionKind.Kind - } - - regardingGroupVersion := regardingGroupVersionKind.GroupVersion() - if !regardingGroupVersion.Empty() { - field[prefix+".apiVersion"] = regardingGroupVersion.String() - } - - if len(regardingUID) > 0 { - field[prefix+".uid"] = string(regardingUID) - } - - return field.AsSelector(), nil -} diff --git a/etcd/vendor/k8s.io/client-go/tools/events/interfaces.go b/etcd/vendor/k8s.io/client-go/tools/events/interfaces.go deleted file mode 100644 index 20f8ca05da..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/events/interfaces.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package events - -import ( - eventsv1 "k8s.io/api/events/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/record" - "k8s.io/klog/v2" -) - -// EventRecorder knows how to record events on behalf of an EventSource. -type EventRecorder interface { - // Eventf constructs an event from the given information and puts it in the queue for sending. - // 'regarding' is the object this event is about. Event will make a reference-- or you may also - // pass a reference to the object directly. - // 'related' is the secondary object for more complex actions. E.g. when regarding object triggers - // a creation or deletion of related object. - // 'type' of this event, and can be one of Normal, Warning. New types could be added in future - // 'reason' is the reason this event is generated. 'reason' should be short and unique; it - // should be in UpperCamelCase format (starting with a capital letter). "reason" will be used - // to automate handling of events, so imagine people writing switch statements to handle them. - // You want to make that easy. - // 'action' explains what happened with regarding/what action did the ReportingController - // (ReportingController is a type of a Controller reporting an Event, e.g. k8s.io/node-controller, k8s.io/kubelet.) - // take in regarding's name; it should be in UpperCamelCase format (starting with a capital letter). - // 'note' is intended to be human readable. - Eventf(regarding runtime.Object, related runtime.Object, eventtype, reason, action, note string, args ...interface{}) -} - -// EventBroadcaster knows how to receive events and send them to any EventSink, watcher, or log. -type EventBroadcaster interface { - // StartRecordingToSink starts sending events received from the specified eventBroadcaster. - StartRecordingToSink(stopCh <-chan struct{}) - - // NewRecorder returns an EventRecorder that can be used to send events to this EventBroadcaster - // with the event source set to the given event source. - NewRecorder(scheme *runtime.Scheme, reportingController string) EventRecorder - - // StartEventWatcher enables you to watch for emitted events without usage - // of StartRecordingToSink. This lets you also process events in a custom way (e.g. in tests). - // NOTE: events received on your eventHandler should be copied before being used. - // TODO: figure out if this can be removed. - StartEventWatcher(eventHandler func(event runtime.Object)) (func(), error) - - // StartStructuredLogging starts sending events received from this EventBroadcaster to the structured - // logging function. The return value can be ignored or used to stop recording, if desired. - StartStructuredLogging(verbosity klog.Level) func() - - // Shutdown shuts down the broadcaster - Shutdown() -} - -// EventSink knows how to store events (client-go implements it.) -// EventSink must respect the namespace that will be embedded in 'event'. -// It is assumed that EventSink will return the same sorts of errors as -// client-go's REST client. -type EventSink interface { - Create(event *eventsv1.Event) (*eventsv1.Event, error) - Update(event *eventsv1.Event) (*eventsv1.Event, error) - Patch(oldEvent *eventsv1.Event, data []byte) (*eventsv1.Event, error) -} - -// EventBroadcasterAdapter is a auxiliary interface to simplify migration to -// the new events API. It is a wrapper around new and legacy broadcasters -// that smartly chooses which one to use. -// -// Deprecated: This interface will be removed once migration is completed. -type EventBroadcasterAdapter interface { - // StartRecordingToSink starts sending events received from the specified eventBroadcaster. - StartRecordingToSink(stopCh <-chan struct{}) - - // NewRecorder creates a new Event Recorder with specified name. - NewRecorder(name string) EventRecorder - - // DeprecatedNewLegacyRecorder creates a legacy Event Recorder with specific name. - DeprecatedNewLegacyRecorder(name string) record.EventRecorder - - // Shutdown shuts down the broadcaster. - Shutdown() -} diff --git a/etcd/vendor/k8s.io/client-go/tools/pager/pager.go b/etcd/vendor/k8s.io/client-go/tools/pager/pager.go deleted file mode 100644 index 9ba988f685..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/pager/pager.go +++ /dev/null @@ -1,255 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package pager - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -const defaultPageSize = 500 -const defaultPageBufferSize = 10 - -// ListPageFunc returns a list object for the given list options. -type ListPageFunc func(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) - -// SimplePageFunc adapts a context-less list function into one that accepts a context. -func SimplePageFunc(fn func(opts metav1.ListOptions) (runtime.Object, error)) ListPageFunc { - return func(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) { - return fn(opts) - } -} - -// ListPager assists client code in breaking large list queries into multiple -// smaller chunks of PageSize or smaller. PageFn is expected to accept a -// metav1.ListOptions that supports paging and return a list. The pager does -// not alter the field or label selectors on the initial options list. -type ListPager struct { - PageSize int64 - PageFn ListPageFunc - - FullListIfExpired bool - - // Number of pages to buffer - PageBufferSize int32 -} - -// New creates a new pager from the provided pager function using the default -// options. It will fall back to a full list if an expiration error is encountered -// as a last resort. -func New(fn ListPageFunc) *ListPager { - return &ListPager{ - PageSize: defaultPageSize, - PageFn: fn, - FullListIfExpired: true, - PageBufferSize: defaultPageBufferSize, - } -} - -// TODO: introduce other types of paging functions - such as those that retrieve from a list -// of namespaces. - -// List returns a single list object, but attempts to retrieve smaller chunks from the -// server to reduce the impact on the server. If the chunk attempt fails, it will load -// the full list instead. The Limit field on options, if unset, will default to the page size. -func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runtime.Object, bool, error) { - if options.Limit == 0 { - options.Limit = p.PageSize - } - requestedResourceVersion := options.ResourceVersion - requestedResourceVersionMatch := options.ResourceVersionMatch - var list *metainternalversion.List - paginatedResult := false - - for { - select { - case <-ctx.Done(): - return nil, paginatedResult, ctx.Err() - default: - } - - obj, err := p.PageFn(ctx, options) - if err != nil { - // Only fallback to full list if an "Expired" errors is returned, FullListIfExpired is true, and - // the "Expired" error occurred in page 2 or later (since full list is intended to prevent a pager.List from - // failing when the resource versions is established by the first page request falls out of the compaction - // during the subsequent list requests). - if !errors.IsResourceExpired(err) || !p.FullListIfExpired || options.Continue == "" { - return nil, paginatedResult, err - } - // the list expired while we were processing, fall back to a full list at - // the requested ResourceVersion. - options.Limit = 0 - options.Continue = "" - options.ResourceVersion = requestedResourceVersion - options.ResourceVersionMatch = requestedResourceVersionMatch - result, err := p.PageFn(ctx, options) - return result, paginatedResult, err - } - m, err := meta.ListAccessor(obj) - if err != nil { - return nil, paginatedResult, fmt.Errorf("returned object must be a list: %v", err) - } - - // exit early and return the object we got if we haven't processed any pages - if len(m.GetContinue()) == 0 && list == nil { - return obj, paginatedResult, nil - } - - // initialize the list and fill its contents - if list == nil { - list = &metainternalversion.List{Items: make([]runtime.Object, 0, options.Limit+1)} - list.ResourceVersion = m.GetResourceVersion() - list.SelfLink = m.GetSelfLink() - } - if err := meta.EachListItem(obj, func(obj runtime.Object) error { - list.Items = append(list.Items, obj) - return nil - }); err != nil { - return nil, paginatedResult, err - } - - // if we have no more items, return the list - if len(m.GetContinue()) == 0 { - return list, paginatedResult, nil - } - - // set the next loop up - options.Continue = m.GetContinue() - // Clear the ResourceVersion(Match) on the subsequent List calls to avoid the - // `specifying resource version is not allowed when using continue` error. - // See https://github.com/kubernetes/kubernetes/issues/85221#issuecomment-553748143. - options.ResourceVersion = "" - options.ResourceVersionMatch = "" - // At this point, result is already paginated. - paginatedResult = true - } -} - -// EachListItem fetches runtime.Object items using this ListPager and invokes fn on each item. If -// fn returns an error, processing stops and that error is returned. If fn does not return an error, -// any error encountered while retrieving the list from the server is returned. If the context -// cancels or times out, the context error is returned. Since the list is retrieved in paginated -// chunks, an "Expired" error (metav1.StatusReasonExpired) may be returned if the pagination list -// requests exceed the expiration limit of the apiserver being called. -// -// Items are retrieved in chunks from the server to reduce the impact on the server with up to -// ListPager.PageBufferSize chunks buffered concurrently in the background. -func (p *ListPager) EachListItem(ctx context.Context, options metav1.ListOptions, fn func(obj runtime.Object) error) error { - return p.eachListChunkBuffered(ctx, options, func(obj runtime.Object) error { - return meta.EachListItem(obj, fn) - }) -} - -// eachListChunkBuffered fetches runtimeObject list chunks using this ListPager and invokes fn on -// each list chunk. If fn returns an error, processing stops and that error is returned. If fn does -// not return an error, any error encountered while retrieving the list from the server is -// returned. If the context cancels or times out, the context error is returned. Since the list is -// retrieved in paginated chunks, an "Expired" error (metav1.StatusReasonExpired) may be returned if -// the pagination list requests exceed the expiration limit of the apiserver being called. -// -// Up to ListPager.PageBufferSize chunks are buffered concurrently in the background. -func (p *ListPager) eachListChunkBuffered(ctx context.Context, options metav1.ListOptions, fn func(obj runtime.Object) error) error { - if p.PageBufferSize < 0 { - return fmt.Errorf("ListPager.PageBufferSize must be >= 0, got %d", p.PageBufferSize) - } - - // Ensure background goroutine is stopped if this call exits before all list items are - // processed. Cancelation error from this deferred cancel call is never returned to caller; - // either the list result has already been sent to bgResultC or the fn error is returned and - // the cancelation error is discarded. - ctx, cancel := context.WithCancel(ctx) - defer cancel() - - chunkC := make(chan runtime.Object, p.PageBufferSize) - bgResultC := make(chan error, 1) - go func() { - defer utilruntime.HandleCrash() - - var err error - defer func() { - close(chunkC) - bgResultC <- err - }() - err = p.eachListChunk(ctx, options, func(chunk runtime.Object) error { - select { - case chunkC <- chunk: // buffer the chunk, this can block - case <-ctx.Done(): - return ctx.Err() - } - return nil - }) - }() - - for o := range chunkC { - select { - case <-ctx.Done(): - return ctx.Err() - default: - } - err := fn(o) - if err != nil { - return err // any fn error should be returned immediately - } - } - // promote the results of our background goroutine to the foreground - return <-bgResultC -} - -// eachListChunk fetches runtimeObject list chunks using this ListPager and invokes fn on each list -// chunk. If fn returns an error, processing stops and that error is returned. If fn does not return -// an error, any error encountered while retrieving the list from the server is returned. If the -// context cancels or times out, the context error is returned. Since the list is retrieved in -// paginated chunks, an "Expired" error (metav1.StatusReasonExpired) may be returned if the -// pagination list requests exceed the expiration limit of the apiserver being called. -func (p *ListPager) eachListChunk(ctx context.Context, options metav1.ListOptions, fn func(obj runtime.Object) error) error { - if options.Limit == 0 { - options.Limit = p.PageSize - } - for { - select { - case <-ctx.Done(): - return ctx.Err() - default: - } - - obj, err := p.PageFn(ctx, options) - if err != nil { - return err - } - m, err := meta.ListAccessor(obj) - if err != nil { - return fmt.Errorf("returned object must be a list: %v", err) - } - if err := fn(obj); err != nil { - return err - } - // if we have no more items, return. - if len(m.GetContinue()) == 0 { - return nil - } - // set the next loop up - options.Continue = m.GetContinue() - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/record/OWNERS b/etcd/vendor/k8s.io/client-go/tools/record/OWNERS deleted file mode 100644 index 8105c4fe08..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/record/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - sig-instrumentation-reviewers -approvers: - - sig-instrumentation-approvers diff --git a/etcd/vendor/k8s.io/client-go/tools/record/doc.go b/etcd/vendor/k8s.io/client-go/tools/record/doc.go deleted file mode 100644 index 33d5fe78ee..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/record/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package record has all client logic for recording and reporting -// "k8s.io/api/core/v1".Event events. -package record // import "k8s.io/client-go/tools/record" diff --git a/etcd/vendor/k8s.io/client-go/tools/record/event.go b/etcd/vendor/k8s.io/client-go/tools/record/event.go deleted file mode 100644 index 998bf8dfb6..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/record/event.go +++ /dev/null @@ -1,394 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package record - -import ( - "fmt" - "math/rand" - "time" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/watch" - restclient "k8s.io/client-go/rest" - "k8s.io/client-go/tools/record/util" - ref "k8s.io/client-go/tools/reference" - "k8s.io/klog/v2" - "k8s.io/utils/clock" -) - -const maxTriesPerEvent = 12 - -var defaultSleepDuration = 10 * time.Second - -const maxQueuedEvents = 1000 - -// EventSink knows how to store events (client.Client implements it.) -// EventSink must respect the namespace that will be embedded in 'event'. -// It is assumed that EventSink will return the same sorts of errors as -// pkg/client's REST client. -type EventSink interface { - Create(event *v1.Event) (*v1.Event, error) - Update(event *v1.Event) (*v1.Event, error) - Patch(oldEvent *v1.Event, data []byte) (*v1.Event, error) -} - -// CorrelatorOptions allows you to change the default of the EventSourceObjectSpamFilter -// and EventAggregator in EventCorrelator -type CorrelatorOptions struct { - // The lru cache size used for both EventSourceObjectSpamFilter and the EventAggregator - // If not specified (zero value), the default specified in events_cache.go will be picked - // This means that the LRUCacheSize has to be greater than 0. - LRUCacheSize int - // The burst size used by the token bucket rate filtering in EventSourceObjectSpamFilter - // If not specified (zero value), the default specified in events_cache.go will be picked - // This means that the BurstSize has to be greater than 0. - BurstSize int - // The fill rate of the token bucket in queries per second in EventSourceObjectSpamFilter - // If not specified (zero value), the default specified in events_cache.go will be picked - // This means that the QPS has to be greater than 0. - QPS float32 - // The func used by the EventAggregator to group event keys for aggregation - // If not specified (zero value), EventAggregatorByReasonFunc will be used - KeyFunc EventAggregatorKeyFunc - // The func used by the EventAggregator to produced aggregated message - // If not specified (zero value), EventAggregatorByReasonMessageFunc will be used - MessageFunc EventAggregatorMessageFunc - // The number of events in an interval before aggregation happens by the EventAggregator - // If not specified (zero value), the default specified in events_cache.go will be picked - // This means that the MaxEvents has to be greater than 0 - MaxEvents int - // The amount of time in seconds that must transpire since the last occurrence of a similar event before it is considered new by the EventAggregator - // If not specified (zero value), the default specified in events_cache.go will be picked - // This means that the MaxIntervalInSeconds has to be greater than 0 - MaxIntervalInSeconds int - // The clock used by the EventAggregator to allow for testing - // If not specified (zero value), clock.RealClock{} will be used - Clock clock.PassiveClock - // The func used by EventFilterFunc, which returns a key for given event, based on which filtering will take place - // If not specified (zero value), getSpamKey will be used - SpamKeyFunc EventSpamKeyFunc -} - -// EventRecorder knows how to record events on behalf of an EventSource. -type EventRecorder interface { - // Event constructs an event from the given information and puts it in the queue for sending. - // 'object' is the object this event is about. Event will make a reference-- or you may also - // pass a reference to the object directly. - // 'eventtype' of this event, and can be one of Normal, Warning. New types could be added in future - // 'reason' is the reason this event is generated. 'reason' should be short and unique; it - // should be in UpperCamelCase format (starting with a capital letter). "reason" will be used - // to automate handling of events, so imagine people writing switch statements to handle them. - // You want to make that easy. - // 'message' is intended to be human readable. - // - // The resulting event will be created in the same namespace as the reference object. - Event(object runtime.Object, eventtype, reason, message string) - - // Eventf is just like Event, but with Sprintf for the message field. - Eventf(object runtime.Object, eventtype, reason, messageFmt string, args ...interface{}) - - // AnnotatedEventf is just like eventf, but with annotations attached - AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{}) -} - -// EventBroadcaster knows how to receive events and send them to any EventSink, watcher, or log. -type EventBroadcaster interface { - // StartEventWatcher starts sending events received from this EventBroadcaster to the given - // event handler function. The return value can be ignored or used to stop recording, if - // desired. - StartEventWatcher(eventHandler func(*v1.Event)) watch.Interface - - // StartRecordingToSink starts sending events received from this EventBroadcaster to the given - // sink. The return value can be ignored or used to stop recording, if desired. - StartRecordingToSink(sink EventSink) watch.Interface - - // StartLogging starts sending events received from this EventBroadcaster to the given logging - // function. The return value can be ignored or used to stop recording, if desired. - StartLogging(logf func(format string, args ...interface{})) watch.Interface - - // StartStructuredLogging starts sending events received from this EventBroadcaster to the structured - // logging function. The return value can be ignored or used to stop recording, if desired. - StartStructuredLogging(verbosity klog.Level) watch.Interface - - // NewRecorder returns an EventRecorder that can be used to send events to this EventBroadcaster - // with the event source set to the given event source. - NewRecorder(scheme *runtime.Scheme, source v1.EventSource) EventRecorder - - // Shutdown shuts down the broadcaster - Shutdown() -} - -// EventRecorderAdapter is a wrapper around a "k8s.io/client-go/tools/record".EventRecorder -// implementing the new "k8s.io/client-go/tools/events".EventRecorder interface. -type EventRecorderAdapter struct { - recorder EventRecorder -} - -// NewEventRecorderAdapter returns an adapter implementing the new -// "k8s.io/client-go/tools/events".EventRecorder interface. -func NewEventRecorderAdapter(recorder EventRecorder) *EventRecorderAdapter { - return &EventRecorderAdapter{ - recorder: recorder, - } -} - -// Eventf is a wrapper around v1 Eventf -func (a *EventRecorderAdapter) Eventf(regarding, _ runtime.Object, eventtype, reason, action, note string, args ...interface{}) { - a.recorder.Eventf(regarding, eventtype, reason, note, args...) -} - -// Creates a new event broadcaster. -func NewBroadcaster() EventBroadcaster { - return &eventBroadcasterImpl{ - Broadcaster: watch.NewLongQueueBroadcaster(maxQueuedEvents, watch.DropIfChannelFull), - sleepDuration: defaultSleepDuration, - } -} - -func NewBroadcasterForTests(sleepDuration time.Duration) EventBroadcaster { - return &eventBroadcasterImpl{ - Broadcaster: watch.NewLongQueueBroadcaster(maxQueuedEvents, watch.DropIfChannelFull), - sleepDuration: sleepDuration, - } -} - -func NewBroadcasterWithCorrelatorOptions(options CorrelatorOptions) EventBroadcaster { - return &eventBroadcasterImpl{ - Broadcaster: watch.NewLongQueueBroadcaster(maxQueuedEvents, watch.DropIfChannelFull), - sleepDuration: defaultSleepDuration, - options: options, - } -} - -type eventBroadcasterImpl struct { - *watch.Broadcaster - sleepDuration time.Duration - options CorrelatorOptions -} - -// StartRecordingToSink starts sending events received from the specified eventBroadcaster to the given sink. -// The return value can be ignored or used to stop recording, if desired. -// TODO: make me an object with parameterizable queue length and retry interval -func (e *eventBroadcasterImpl) StartRecordingToSink(sink EventSink) watch.Interface { - eventCorrelator := NewEventCorrelatorWithOptions(e.options) - return e.StartEventWatcher( - func(event *v1.Event) { - recordToSink(sink, event, eventCorrelator, e.sleepDuration) - }) -} - -func (e *eventBroadcasterImpl) Shutdown() { - e.Broadcaster.Shutdown() -} - -func recordToSink(sink EventSink, event *v1.Event, eventCorrelator *EventCorrelator, sleepDuration time.Duration) { - // Make a copy before modification, because there could be multiple listeners. - // Events are safe to copy like this. - eventCopy := *event - event = &eventCopy - result, err := eventCorrelator.EventCorrelate(event) - if err != nil { - utilruntime.HandleError(err) - } - if result.Skip { - return - } - tries := 0 - for { - if recordEvent(sink, result.Event, result.Patch, result.Event.Count > 1, eventCorrelator) { - break - } - tries++ - if tries >= maxTriesPerEvent { - klog.Errorf("Unable to write event '%#v' (retry limit exceeded!)", event) - break - } - // Randomize the first sleep so that various clients won't all be - // synced up if the master goes down. - if tries == 1 { - time.Sleep(time.Duration(float64(sleepDuration) * rand.Float64())) - } else { - time.Sleep(sleepDuration) - } - } -} - -// recordEvent attempts to write event to a sink. It returns true if the event -// was successfully recorded or discarded, false if it should be retried. -// If updateExistingEvent is false, it creates a new event, otherwise it updates -// existing event. -func recordEvent(sink EventSink, event *v1.Event, patch []byte, updateExistingEvent bool, eventCorrelator *EventCorrelator) bool { - var newEvent *v1.Event - var err error - if updateExistingEvent { - newEvent, err = sink.Patch(event, patch) - } - // Update can fail because the event may have been removed and it no longer exists. - if !updateExistingEvent || (updateExistingEvent && util.IsKeyNotFoundError(err)) { - // Making sure that ResourceVersion is empty on creation - event.ResourceVersion = "" - newEvent, err = sink.Create(event) - } - if err == nil { - // we need to update our event correlator with the server returned state to handle name/resourceversion - eventCorrelator.UpdateState(newEvent) - return true - } - - // If we can't contact the server, then hold everything while we keep trying. - // Otherwise, something about the event is malformed and we should abandon it. - switch err.(type) { - case *restclient.RequestConstructionError: - // We will construct the request the same next time, so don't keep trying. - klog.Errorf("Unable to construct event '%#v': '%v' (will not retry!)", event, err) - return true - case *errors.StatusError: - if errors.IsAlreadyExists(err) { - klog.V(5).Infof("Server rejected event '%#v': '%v' (will not retry!)", event, err) - } else { - klog.Errorf("Server rejected event '%#v': '%v' (will not retry!)", event, err) - } - return true - case *errors.UnexpectedObjectError: - // We don't expect this; it implies the server's response didn't match a - // known pattern. Go ahead and retry. - default: - // This case includes actual http transport errors. Go ahead and retry. - } - klog.Errorf("Unable to write event: '%#v': '%v'(may retry after sleeping)", event, err) - return false -} - -// StartLogging starts sending events received from this EventBroadcaster to the given logging function. -// The return value can be ignored or used to stop recording, if desired. -func (e *eventBroadcasterImpl) StartLogging(logf func(format string, args ...interface{})) watch.Interface { - return e.StartEventWatcher( - func(e *v1.Event) { - logf("Event(%#v): type: '%v' reason: '%v' %v", e.InvolvedObject, e.Type, e.Reason, e.Message) - }) -} - -// StartStructuredLogging starts sending events received from this EventBroadcaster to the structured logging function. -// The return value can be ignored or used to stop recording, if desired. -func (e *eventBroadcasterImpl) StartStructuredLogging(verbosity klog.Level) watch.Interface { - return e.StartEventWatcher( - func(e *v1.Event) { - klog.V(verbosity).InfoS("Event occurred", "object", klog.KRef(e.InvolvedObject.Namespace, e.InvolvedObject.Name), "fieldPath", e.InvolvedObject.FieldPath, "kind", e.InvolvedObject.Kind, "apiVersion", e.InvolvedObject.APIVersion, "type", e.Type, "reason", e.Reason, "message", e.Message) - }) -} - -// StartEventWatcher starts sending events received from this EventBroadcaster to the given event handler function. -// The return value can be ignored or used to stop recording, if desired. -func (e *eventBroadcasterImpl) StartEventWatcher(eventHandler func(*v1.Event)) watch.Interface { - watcher, err := e.Watch() - if err != nil { - klog.Errorf("Unable start event watcher: '%v' (will not retry!)", err) - } - go func() { - defer utilruntime.HandleCrash() - for watchEvent := range watcher.ResultChan() { - event, ok := watchEvent.Object.(*v1.Event) - if !ok { - // This is all local, so there's no reason this should - // ever happen. - continue - } - eventHandler(event) - } - }() - return watcher -} - -// NewRecorder returns an EventRecorder that records events with the given event source. -func (e *eventBroadcasterImpl) NewRecorder(scheme *runtime.Scheme, source v1.EventSource) EventRecorder { - return &recorderImpl{scheme, source, e.Broadcaster, clock.RealClock{}} -} - -type recorderImpl struct { - scheme *runtime.Scheme - source v1.EventSource - *watch.Broadcaster - clock clock.PassiveClock -} - -func (recorder *recorderImpl) generateEvent(object runtime.Object, annotations map[string]string, eventtype, reason, message string) { - ref, err := ref.GetReference(recorder.scheme, object) - if err != nil { - klog.Errorf("Could not construct reference to: '%#v' due to: '%v'. Will not report event: '%v' '%v' '%v'", object, err, eventtype, reason, message) - return - } - - if !util.ValidateEventType(eventtype) { - klog.Errorf("Unsupported event type: '%v'", eventtype) - return - } - - event := recorder.makeEvent(ref, annotations, eventtype, reason, message) - event.Source = recorder.source - - // NOTE: events should be a non-blocking operation, but we also need to not - // put this in a goroutine, otherwise we'll race to write to a closed channel - // when we go to shut down this broadcaster. Just drop events if we get overloaded, - // and log an error if that happens (we've configured the broadcaster to drop - // outgoing events anyway). - sent, err := recorder.ActionOrDrop(watch.Added, event) - if err != nil { - klog.Errorf("unable to record event: %v (will not retry!)", err) - return - } - if !sent { - klog.Errorf("unable to record event: too many queued events, dropped event %#v", event) - } -} - -func (recorder *recorderImpl) Event(object runtime.Object, eventtype, reason, message string) { - recorder.generateEvent(object, nil, eventtype, reason, message) -} - -func (recorder *recorderImpl) Eventf(object runtime.Object, eventtype, reason, messageFmt string, args ...interface{}) { - recorder.Event(object, eventtype, reason, fmt.Sprintf(messageFmt, args...)) -} - -func (recorder *recorderImpl) AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{}) { - recorder.generateEvent(object, annotations, eventtype, reason, fmt.Sprintf(messageFmt, args...)) -} - -func (recorder *recorderImpl) makeEvent(ref *v1.ObjectReference, annotations map[string]string, eventtype, reason, message string) *v1.Event { - t := metav1.Time{Time: recorder.clock.Now()} - namespace := ref.Namespace - if namespace == "" { - namespace = metav1.NamespaceDefault - } - return &v1.Event{ - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%v.%x", ref.Name, t.UnixNano()), - Namespace: namespace, - Annotations: annotations, - }, - InvolvedObject: *ref, - Reason: reason, - Message: message, - FirstTimestamp: t, - LastTimestamp: t, - Count: 1, - Type: eventtype, - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/record/events_cache.go b/etcd/vendor/k8s.io/client-go/tools/record/events_cache.go deleted file mode 100644 index abba06362a..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/record/events_cache.go +++ /dev/null @@ -1,525 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package record - -import ( - "encoding/json" - "fmt" - "strings" - "sync" - "time" - - "github.com/golang/groupcache/lru" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/strategicpatch" - "k8s.io/client-go/util/flowcontrol" - "k8s.io/utils/clock" -) - -const ( - maxLruCacheEntries = 4096 - - // if we see the same event that varies only by message - // more than 10 times in a 10 minute period, aggregate the event - defaultAggregateMaxEvents = 10 - defaultAggregateIntervalInSeconds = 600 - - // by default, allow a source to send 25 events about an object - // but control the refill rate to 1 new event every 5 minutes - // this helps control the long-tail of events for things that are always - // unhealthy - defaultSpamBurst = 25 - defaultSpamQPS = 1. / 300. -) - -// getEventKey builds unique event key based on source, involvedObject, reason, message -func getEventKey(event *v1.Event) string { - return strings.Join([]string{ - event.Source.Component, - event.Source.Host, - event.InvolvedObject.Kind, - event.InvolvedObject.Namespace, - event.InvolvedObject.Name, - event.InvolvedObject.FieldPath, - string(event.InvolvedObject.UID), - event.InvolvedObject.APIVersion, - event.Type, - event.Reason, - event.Message, - }, - "") -} - -// getSpamKey builds unique event key based on source, involvedObject -func getSpamKey(event *v1.Event) string { - return strings.Join([]string{ - event.Source.Component, - event.Source.Host, - event.InvolvedObject.Kind, - event.InvolvedObject.Namespace, - event.InvolvedObject.Name, - string(event.InvolvedObject.UID), - event.InvolvedObject.APIVersion, - }, - "") -} - -// EventSpamKeyFunc is a function that returns unique key based on provided event -type EventSpamKeyFunc func(event *v1.Event) string - -// EventFilterFunc is a function that returns true if the event should be skipped -type EventFilterFunc func(event *v1.Event) bool - -// EventSourceObjectSpamFilter is responsible for throttling -// the amount of events a source and object can produce. -type EventSourceObjectSpamFilter struct { - sync.RWMutex - - // the cache that manages last synced state - cache *lru.Cache - - // burst is the amount of events we allow per source + object - burst int - - // qps is the refill rate of the token bucket in queries per second - qps float32 - - // clock is used to allow for testing over a time interval - clock clock.PassiveClock - - // spamKeyFunc is a func used to create a key based on an event, which is later used to filter spam events. - spamKeyFunc EventSpamKeyFunc -} - -// NewEventSourceObjectSpamFilter allows burst events from a source about an object with the specified qps refill. -func NewEventSourceObjectSpamFilter(lruCacheSize, burst int, qps float32, clock clock.PassiveClock, spamKeyFunc EventSpamKeyFunc) *EventSourceObjectSpamFilter { - return &EventSourceObjectSpamFilter{ - cache: lru.New(lruCacheSize), - burst: burst, - qps: qps, - clock: clock, - spamKeyFunc: spamKeyFunc, - } -} - -// spamRecord holds data used to perform spam filtering decisions. -type spamRecord struct { - // rateLimiter controls the rate of events about this object - rateLimiter flowcontrol.PassiveRateLimiter -} - -// Filter controls that a given source+object are not exceeding the allowed rate. -func (f *EventSourceObjectSpamFilter) Filter(event *v1.Event) bool { - var record spamRecord - - // controls our cached information about this event - eventKey := f.spamKeyFunc(event) - - // do we have a record of similar events in our cache? - f.Lock() - defer f.Unlock() - value, found := f.cache.Get(eventKey) - if found { - record = value.(spamRecord) - } - - // verify we have a rate limiter for this record - if record.rateLimiter == nil { - record.rateLimiter = flowcontrol.NewTokenBucketPassiveRateLimiterWithClock(f.qps, f.burst, f.clock) - } - - // ensure we have available rate - filter := !record.rateLimiter.TryAccept() - - // update the cache - f.cache.Add(eventKey, record) - - return filter -} - -// EventAggregatorKeyFunc is responsible for grouping events for aggregation -// It returns a tuple of the following: -// aggregateKey - key the identifies the aggregate group to bucket this event -// localKey - key that makes this event in the local group -type EventAggregatorKeyFunc func(event *v1.Event) (aggregateKey string, localKey string) - -// EventAggregatorByReasonFunc aggregates events by exact match on event.Source, event.InvolvedObject, event.Type, -// event.Reason, event.ReportingController and event.ReportingInstance -func EventAggregatorByReasonFunc(event *v1.Event) (string, string) { - return strings.Join([]string{ - event.Source.Component, - event.Source.Host, - event.InvolvedObject.Kind, - event.InvolvedObject.Namespace, - event.InvolvedObject.Name, - string(event.InvolvedObject.UID), - event.InvolvedObject.APIVersion, - event.Type, - event.Reason, - event.ReportingController, - event.ReportingInstance, - }, - ""), event.Message -} - -// EventAggregatorMessageFunc is responsible for producing an aggregation message -type EventAggregatorMessageFunc func(event *v1.Event) string - -// EventAggregatorByReasonMessageFunc returns an aggregate message by prefixing the incoming message -func EventAggregatorByReasonMessageFunc(event *v1.Event) string { - return "(combined from similar events): " + event.Message -} - -// EventAggregator identifies similar events and aggregates them into a single event -type EventAggregator struct { - sync.RWMutex - - // The cache that manages aggregation state - cache *lru.Cache - - // The function that groups events for aggregation - keyFunc EventAggregatorKeyFunc - - // The function that generates a message for an aggregate event - messageFunc EventAggregatorMessageFunc - - // The maximum number of events in the specified interval before aggregation occurs - maxEvents uint - - // The amount of time in seconds that must transpire since the last occurrence of a similar event before it's considered new - maxIntervalInSeconds uint - - // clock is used to allow for testing over a time interval - clock clock.PassiveClock -} - -// NewEventAggregator returns a new instance of an EventAggregator -func NewEventAggregator(lruCacheSize int, keyFunc EventAggregatorKeyFunc, messageFunc EventAggregatorMessageFunc, - maxEvents int, maxIntervalInSeconds int, clock clock.PassiveClock) *EventAggregator { - return &EventAggregator{ - cache: lru.New(lruCacheSize), - keyFunc: keyFunc, - messageFunc: messageFunc, - maxEvents: uint(maxEvents), - maxIntervalInSeconds: uint(maxIntervalInSeconds), - clock: clock, - } -} - -// aggregateRecord holds data used to perform aggregation decisions -type aggregateRecord struct { - // we track the number of unique local keys we have seen in the aggregate set to know when to actually aggregate - // if the size of this set exceeds the max, we know we need to aggregate - localKeys sets.String - // The last time at which the aggregate was recorded - lastTimestamp metav1.Time -} - -// EventAggregate checks if a similar event has been seen according to the -// aggregation configuration (max events, max interval, etc) and returns: -// -// - The (potentially modified) event that should be created -// - The cache key for the event, for correlation purposes. This will be set to -// the full key for normal events, and to the result of -// EventAggregatorMessageFunc for aggregate events. -func (e *EventAggregator) EventAggregate(newEvent *v1.Event) (*v1.Event, string) { - now := metav1.NewTime(e.clock.Now()) - var record aggregateRecord - // eventKey is the full cache key for this event - eventKey := getEventKey(newEvent) - // aggregateKey is for the aggregate event, if one is needed. - aggregateKey, localKey := e.keyFunc(newEvent) - - // Do we have a record of similar events in our cache? - e.Lock() - defer e.Unlock() - value, found := e.cache.Get(aggregateKey) - if found { - record = value.(aggregateRecord) - } - - // Is the previous record too old? If so, make a fresh one. Note: if we didn't - // find a similar record, its lastTimestamp will be the zero value, so we - // create a new one in that case. - maxInterval := time.Duration(e.maxIntervalInSeconds) * time.Second - interval := now.Time.Sub(record.lastTimestamp.Time) - if interval > maxInterval { - record = aggregateRecord{localKeys: sets.NewString()} - } - - // Write the new event into the aggregation record and put it on the cache - record.localKeys.Insert(localKey) - record.lastTimestamp = now - e.cache.Add(aggregateKey, record) - - // If we are not yet over the threshold for unique events, don't correlate them - if uint(record.localKeys.Len()) < e.maxEvents { - return newEvent, eventKey - } - - // do not grow our local key set any larger than max - record.localKeys.PopAny() - - // create a new aggregate event, and return the aggregateKey as the cache key - // (so that it can be overwritten.) - eventCopy := &v1.Event{ - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%v.%x", newEvent.InvolvedObject.Name, now.UnixNano()), - Namespace: newEvent.Namespace, - }, - Count: 1, - FirstTimestamp: now, - InvolvedObject: newEvent.InvolvedObject, - LastTimestamp: now, - Message: e.messageFunc(newEvent), - Type: newEvent.Type, - Reason: newEvent.Reason, - Source: newEvent.Source, - } - return eventCopy, aggregateKey -} - -// eventLog records data about when an event was observed -type eventLog struct { - // The number of times the event has occurred since first occurrence. - count uint - - // The time at which the event was first recorded. - firstTimestamp metav1.Time - - // The unique name of the first occurrence of this event - name string - - // Resource version returned from previous interaction with server - resourceVersion string -} - -// eventLogger logs occurrences of an event -type eventLogger struct { - sync.RWMutex - cache *lru.Cache - clock clock.PassiveClock -} - -// newEventLogger observes events and counts their frequencies -func newEventLogger(lruCacheEntries int, clock clock.PassiveClock) *eventLogger { - return &eventLogger{cache: lru.New(lruCacheEntries), clock: clock} -} - -// eventObserve records an event, or updates an existing one if key is a cache hit -func (e *eventLogger) eventObserve(newEvent *v1.Event, key string) (*v1.Event, []byte, error) { - var ( - patch []byte - err error - ) - eventCopy := *newEvent - event := &eventCopy - - e.Lock() - defer e.Unlock() - - // Check if there is an existing event we should update - lastObservation := e.lastEventObservationFromCache(key) - - // If we found a result, prepare a patch - if lastObservation.count > 0 { - // update the event based on the last observation so patch will work as desired - event.Name = lastObservation.name - event.ResourceVersion = lastObservation.resourceVersion - event.FirstTimestamp = lastObservation.firstTimestamp - event.Count = int32(lastObservation.count) + 1 - - eventCopy2 := *event - eventCopy2.Count = 0 - eventCopy2.LastTimestamp = metav1.NewTime(time.Unix(0, 0)) - eventCopy2.Message = "" - - newData, _ := json.Marshal(event) - oldData, _ := json.Marshal(eventCopy2) - patch, err = strategicpatch.CreateTwoWayMergePatch(oldData, newData, event) - } - - // record our new observation - e.cache.Add( - key, - eventLog{ - count: uint(event.Count), - firstTimestamp: event.FirstTimestamp, - name: event.Name, - resourceVersion: event.ResourceVersion, - }, - ) - return event, patch, err -} - -// updateState updates its internal tracking information based on latest server state -func (e *eventLogger) updateState(event *v1.Event) { - key := getEventKey(event) - e.Lock() - defer e.Unlock() - // record our new observation - e.cache.Add( - key, - eventLog{ - count: uint(event.Count), - firstTimestamp: event.FirstTimestamp, - name: event.Name, - resourceVersion: event.ResourceVersion, - }, - ) -} - -// lastEventObservationFromCache returns the event from the cache, reads must be protected via external lock -func (e *eventLogger) lastEventObservationFromCache(key string) eventLog { - value, ok := e.cache.Get(key) - if ok { - observationValue, ok := value.(eventLog) - if ok { - return observationValue - } - } - return eventLog{} -} - -// EventCorrelator processes all incoming events and performs analysis to avoid overwhelming the system. It can filter all -// incoming events to see if the event should be filtered from further processing. It can aggregate similar events that occur -// frequently to protect the system from spamming events that are difficult for users to distinguish. It performs de-duplication -// to ensure events that are observed multiple times are compacted into a single event with increasing counts. -type EventCorrelator struct { - // the function to filter the event - filterFunc EventFilterFunc - // the object that performs event aggregation - aggregator *EventAggregator - // the object that observes events as they come through - logger *eventLogger -} - -// EventCorrelateResult is the result of a Correlate -type EventCorrelateResult struct { - // the event after correlation - Event *v1.Event - // if provided, perform a strategic patch when updating the record on the server - Patch []byte - // if true, do no further processing of the event - Skip bool -} - -// NewEventCorrelator returns an EventCorrelator configured with default values. -// -// The EventCorrelator is responsible for event filtering, aggregating, and counting -// prior to interacting with the API server to record the event. -// -// The default behavior is as follows: -// - Aggregation is performed if a similar event is recorded 10 times -// in a 10 minute rolling interval. A similar event is an event that varies only by -// the Event.Message field. Rather than recording the precise event, aggregation -// will create a new event whose message reports that it has combined events with -// the same reason. -// - Events are incrementally counted if the exact same event is encountered multiple -// times. -// - A source may burst 25 events about an object, but has a refill rate budget -// per object of 1 event every 5 minutes to control long-tail of spam. -func NewEventCorrelator(clock clock.PassiveClock) *EventCorrelator { - cacheSize := maxLruCacheEntries - spamFilter := NewEventSourceObjectSpamFilter(cacheSize, defaultSpamBurst, defaultSpamQPS, clock, getSpamKey) - return &EventCorrelator{ - filterFunc: spamFilter.Filter, - aggregator: NewEventAggregator( - cacheSize, - EventAggregatorByReasonFunc, - EventAggregatorByReasonMessageFunc, - defaultAggregateMaxEvents, - defaultAggregateIntervalInSeconds, - clock), - - logger: newEventLogger(cacheSize, clock), - } -} - -func NewEventCorrelatorWithOptions(options CorrelatorOptions) *EventCorrelator { - optionsWithDefaults := populateDefaults(options) - spamFilter := NewEventSourceObjectSpamFilter( - optionsWithDefaults.LRUCacheSize, - optionsWithDefaults.BurstSize, - optionsWithDefaults.QPS, - optionsWithDefaults.Clock, - optionsWithDefaults.SpamKeyFunc) - return &EventCorrelator{ - filterFunc: spamFilter.Filter, - aggregator: NewEventAggregator( - optionsWithDefaults.LRUCacheSize, - optionsWithDefaults.KeyFunc, - optionsWithDefaults.MessageFunc, - optionsWithDefaults.MaxEvents, - optionsWithDefaults.MaxIntervalInSeconds, - optionsWithDefaults.Clock), - logger: newEventLogger(optionsWithDefaults.LRUCacheSize, optionsWithDefaults.Clock), - } -} - -// populateDefaults populates the zero value options with defaults -func populateDefaults(options CorrelatorOptions) CorrelatorOptions { - if options.LRUCacheSize == 0 { - options.LRUCacheSize = maxLruCacheEntries - } - if options.BurstSize == 0 { - options.BurstSize = defaultSpamBurst - } - if options.QPS == 0 { - options.QPS = defaultSpamQPS - } - if options.KeyFunc == nil { - options.KeyFunc = EventAggregatorByReasonFunc - } - if options.MessageFunc == nil { - options.MessageFunc = EventAggregatorByReasonMessageFunc - } - if options.MaxEvents == 0 { - options.MaxEvents = defaultAggregateMaxEvents - } - if options.MaxIntervalInSeconds == 0 { - options.MaxIntervalInSeconds = defaultAggregateIntervalInSeconds - } - if options.Clock == nil { - options.Clock = clock.RealClock{} - } - if options.SpamKeyFunc == nil { - options.SpamKeyFunc = getSpamKey - } - return options -} - -// EventCorrelate filters, aggregates, counts, and de-duplicates all incoming events -func (c *EventCorrelator) EventCorrelate(newEvent *v1.Event) (*EventCorrelateResult, error) { - if newEvent == nil { - return nil, fmt.Errorf("event is nil") - } - aggregateEvent, ckey := c.aggregator.EventAggregate(newEvent) - observedEvent, patch, err := c.logger.eventObserve(aggregateEvent, ckey) - if c.filterFunc(observedEvent) { - return &EventCorrelateResult{Skip: true}, nil - } - return &EventCorrelateResult{Event: observedEvent, Patch: patch}, err -} - -// UpdateState based on the latest observed state from server -func (c *EventCorrelator) UpdateState(event *v1.Event) { - c.logger.updateState(event) -} diff --git a/etcd/vendor/k8s.io/client-go/tools/record/fake.go b/etcd/vendor/k8s.io/client-go/tools/record/fake.go deleted file mode 100644 index 0b3f344a97..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/record/fake.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package record - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" -) - -// FakeRecorder is used as a fake during tests. It is thread safe. It is usable -// when created manually and not by NewFakeRecorder, however all events may be -// thrown away in this case. -type FakeRecorder struct { - Events chan string - - IncludeObject bool -} - -func objectString(object runtime.Object, includeObject bool) string { - if !includeObject { - return "" - } - return fmt.Sprintf(" involvedObject{kind=%s,apiVersion=%s}", - object.GetObjectKind().GroupVersionKind().Kind, - object.GetObjectKind().GroupVersionKind().GroupVersion(), - ) -} - -func (f *FakeRecorder) Event(object runtime.Object, eventtype, reason, message string) { - if f.Events != nil { - f.Events <- fmt.Sprintf("%s %s %s%s", eventtype, reason, message, objectString(object, f.IncludeObject)) - } -} - -func (f *FakeRecorder) Eventf(object runtime.Object, eventtype, reason, messageFmt string, args ...interface{}) { - if f.Events != nil { - f.Events <- fmt.Sprintf(eventtype+" "+reason+" "+messageFmt, args...) + objectString(object, f.IncludeObject) - } -} - -func (f *FakeRecorder) AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{}) { - f.Eventf(object, eventtype, reason, messageFmt, args...) -} - -// NewFakeRecorder creates new fake event recorder with event channel with -// buffer of given size. -func NewFakeRecorder(bufferSize int) *FakeRecorder { - return &FakeRecorder{ - Events: make(chan string, bufferSize), - } -} diff --git a/etcd/vendor/k8s.io/client-go/tools/record/util/util.go b/etcd/vendor/k8s.io/client-go/tools/record/util/util.go deleted file mode 100644 index afcc6a6a07..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/record/util/util.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "net/http" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" -) - -// ValidateEventType checks that eventtype is an expected type of event -func ValidateEventType(eventtype string) bool { - switch eventtype { - case v1.EventTypeNormal, v1.EventTypeWarning: - return true - } - return false -} - -// IsKeyNotFoundError is utility function that checks if an error is not found error -func IsKeyNotFoundError(err error) bool { - statusErr, _ := err.(*errors.StatusError) - - return statusErr != nil && statusErr.Status().Code == http.StatusNotFound -} diff --git a/etcd/vendor/k8s.io/client-go/tools/watch/informerwatcher.go b/etcd/vendor/k8s.io/client-go/tools/watch/informerwatcher.go deleted file mode 100644 index 5e6aad5cf1..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/watch/informerwatcher.go +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package watch - -import ( - "sync" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/tools/cache" -) - -func newEventProcessor(out chan<- watch.Event) *eventProcessor { - return &eventProcessor{ - out: out, - cond: sync.NewCond(&sync.Mutex{}), - done: make(chan struct{}), - } -} - -// eventProcessor buffers events and writes them to an out chan when a reader -// is waiting. Because of the requirement to buffer events, it synchronizes -// input with a condition, and synchronizes output with a channels. It needs to -// be able to yield while both waiting on an input condition and while blocked -// on writing to the output channel. -type eventProcessor struct { - out chan<- watch.Event - - cond *sync.Cond - buff []watch.Event - - done chan struct{} -} - -func (e *eventProcessor) run() { - for { - batch := e.takeBatch() - e.writeBatch(batch) - if e.stopped() { - return - } - } -} - -func (e *eventProcessor) takeBatch() []watch.Event { - e.cond.L.Lock() - defer e.cond.L.Unlock() - - for len(e.buff) == 0 && !e.stopped() { - e.cond.Wait() - } - - batch := e.buff - e.buff = nil - return batch -} - -func (e *eventProcessor) writeBatch(events []watch.Event) { - for _, event := range events { - select { - case e.out <- event: - case <-e.done: - return - } - } -} - -func (e *eventProcessor) push(event watch.Event) { - e.cond.L.Lock() - defer e.cond.L.Unlock() - defer e.cond.Signal() - e.buff = append(e.buff, event) -} - -func (e *eventProcessor) stopped() bool { - select { - case <-e.done: - return true - default: - return false - } -} - -func (e *eventProcessor) stop() { - close(e.done) - e.cond.Signal() -} - -// NewIndexerInformerWatcher will create an IndexerInformer and wrap it into watch.Interface -// so you can use it anywhere where you'd have used a regular Watcher returned from Watch method. -// it also returns a channel you can use to wait for the informers to fully shutdown. -func NewIndexerInformerWatcher(lw cache.ListerWatcher, objType runtime.Object) (cache.Indexer, cache.Controller, watch.Interface, <-chan struct{}) { - ch := make(chan watch.Event) - w := watch.NewProxyWatcher(ch) - e := newEventProcessor(ch) - - indexer, informer := cache.NewIndexerInformer(lw, objType, 0, cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { - e.push(watch.Event{ - Type: watch.Added, - Object: obj.(runtime.Object), - }) - }, - UpdateFunc: func(old, new interface{}) { - e.push(watch.Event{ - Type: watch.Modified, - Object: new.(runtime.Object), - }) - }, - DeleteFunc: func(obj interface{}) { - staleObj, stale := obj.(cache.DeletedFinalStateUnknown) - if stale { - // We have no means of passing the additional information down using - // watch API based on watch.Event but the caller can filter such - // objects by checking if metadata.deletionTimestamp is set - obj = staleObj.Obj - } - - e.push(watch.Event{ - Type: watch.Deleted, - Object: obj.(runtime.Object), - }) - }, - }, cache.Indexers{}) - - go e.run() - - doneCh := make(chan struct{}) - go func() { - defer close(doneCh) - defer e.stop() - informer.Run(w.StopChan()) - }() - - return indexer, informer, w, doneCh -} diff --git a/etcd/vendor/k8s.io/client-go/tools/watch/retrywatcher.go b/etcd/vendor/k8s.io/client-go/tools/watch/retrywatcher.go deleted file mode 100644 index e4806d2ea1..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/watch/retrywatcher.go +++ /dev/null @@ -1,296 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package watch - -import ( - "context" - "errors" - "fmt" - "io" - "net/http" - "time" - - "github.com/davecgh/go-spew/spew" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/tools/cache" - "k8s.io/klog/v2" -) - -// resourceVersionGetter is an interface used to get resource version from events. -// We can't reuse an interface from meta otherwise it would be a cyclic dependency and we need just this one method -type resourceVersionGetter interface { - GetResourceVersion() string -} - -// RetryWatcher will make sure that in case the underlying watcher is closed (e.g. due to API timeout or etcd timeout) -// it will get restarted from the last point without the consumer even knowing about it. -// RetryWatcher does that by inspecting events and keeping track of resourceVersion. -// Especially useful when using watch.UntilWithoutRetry where premature termination is causing issues and flakes. -// Please note that this is not resilient to etcd cache not having the resource version anymore - you would need to -// use Informers for that. -type RetryWatcher struct { - lastResourceVersion string - watcherClient cache.Watcher - resultChan chan watch.Event - stopChan chan struct{} - doneChan chan struct{} - minRestartDelay time.Duration -} - -// NewRetryWatcher creates a new RetryWatcher. -// It will make sure that watches gets restarted in case of recoverable errors. -// The initialResourceVersion will be given to watch method when first called. -func NewRetryWatcher(initialResourceVersion string, watcherClient cache.Watcher) (*RetryWatcher, error) { - return newRetryWatcher(initialResourceVersion, watcherClient, 1*time.Second) -} - -func newRetryWatcher(initialResourceVersion string, watcherClient cache.Watcher, minRestartDelay time.Duration) (*RetryWatcher, error) { - switch initialResourceVersion { - case "", "0": - // TODO: revisit this if we ever get WATCH v2 where it means start "now" - // without doing the synthetic list of objects at the beginning (see #74022) - return nil, fmt.Errorf("initial RV %q is not supported due to issues with underlying WATCH", initialResourceVersion) - default: - break - } - - rw := &RetryWatcher{ - lastResourceVersion: initialResourceVersion, - watcherClient: watcherClient, - stopChan: make(chan struct{}), - doneChan: make(chan struct{}), - resultChan: make(chan watch.Event, 0), - minRestartDelay: minRestartDelay, - } - - go rw.receive() - return rw, nil -} - -func (rw *RetryWatcher) send(event watch.Event) bool { - // Writing to an unbuffered channel is blocking operation - // and we need to check if stop wasn't requested while doing so. - select { - case rw.resultChan <- event: - return true - case <-rw.stopChan: - return false - } -} - -// doReceive returns true when it is done, false otherwise. -// If it is not done the second return value holds the time to wait before calling it again. -func (rw *RetryWatcher) doReceive() (bool, time.Duration) { - watcher, err := rw.watcherClient.Watch(metav1.ListOptions{ - ResourceVersion: rw.lastResourceVersion, - AllowWatchBookmarks: true, - }) - // We are very unlikely to hit EOF here since we are just establishing the call, - // but it may happen that the apiserver is just shutting down (e.g. being restarted) - // This is consistent with how it is handled for informers - switch err { - case nil: - break - - case io.EOF: - // watch closed normally - return false, 0 - - case io.ErrUnexpectedEOF: - klog.V(1).InfoS("Watch closed with unexpected EOF", "err", err) - return false, 0 - - default: - msg := "Watch failed" - if net.IsProbableEOF(err) || net.IsTimeout(err) { - klog.V(5).InfoS(msg, "err", err) - // Retry - return false, 0 - } - - klog.ErrorS(err, msg) - // Retry - return false, 0 - } - - if watcher == nil { - klog.ErrorS(nil, "Watch returned nil watcher") - // Retry - return false, 0 - } - - ch := watcher.ResultChan() - defer watcher.Stop() - - for { - select { - case <-rw.stopChan: - klog.V(4).InfoS("Stopping RetryWatcher.") - return true, 0 - case event, ok := <-ch: - if !ok { - klog.V(4).InfoS("Failed to get event! Re-creating the watcher.", "resourceVersion", rw.lastResourceVersion) - return false, 0 - } - - // We need to inspect the event and get ResourceVersion out of it - switch event.Type { - case watch.Added, watch.Modified, watch.Deleted, watch.Bookmark: - metaObject, ok := event.Object.(resourceVersionGetter) - if !ok { - _ = rw.send(watch.Event{ - Type: watch.Error, - Object: &apierrors.NewInternalError(errors.New("retryWatcher: doesn't support resourceVersion")).ErrStatus, - }) - // We have to abort here because this might cause lastResourceVersion inconsistency by skipping a potential RV with valid data! - return true, 0 - } - - resourceVersion := metaObject.GetResourceVersion() - if resourceVersion == "" { - _ = rw.send(watch.Event{ - Type: watch.Error, - Object: &apierrors.NewInternalError(fmt.Errorf("retryWatcher: object %#v doesn't support resourceVersion", event.Object)).ErrStatus, - }) - // We have to abort here because this might cause lastResourceVersion inconsistency by skipping a potential RV with valid data! - return true, 0 - } - - // All is fine; send the non-bookmark events and update resource version. - if event.Type != watch.Bookmark { - ok = rw.send(event) - if !ok { - return true, 0 - } - } - rw.lastResourceVersion = resourceVersion - - continue - - case watch.Error: - // This round trip allows us to handle unstructured status - errObject := apierrors.FromObject(event.Object) - statusErr, ok := errObject.(*apierrors.StatusError) - if !ok { - klog.Error(spew.Sprintf("Received an error which is not *metav1.Status but %#+v", event.Object)) - // Retry unknown errors - return false, 0 - } - - status := statusErr.ErrStatus - - statusDelay := time.Duration(0) - if status.Details != nil { - statusDelay = time.Duration(status.Details.RetryAfterSeconds) * time.Second - } - - switch status.Code { - case http.StatusGone: - // Never retry RV too old errors - _ = rw.send(event) - return true, 0 - - case http.StatusGatewayTimeout, http.StatusInternalServerError: - // Retry - return false, statusDelay - - default: - // We retry by default. RetryWatcher is meant to proceed unless it is certain - // that it can't. If we are not certain, we proceed with retry and leave it - // up to the user to timeout if needed. - - // Log here so we have a record of hitting the unexpected error - // and we can whitelist some error codes if we missed any that are expected. - klog.V(5).Info(spew.Sprintf("Retrying after unexpected error: %#+v", event.Object)) - - // Retry - return false, statusDelay - } - - default: - klog.Errorf("Failed to recognize Event type %q", event.Type) - _ = rw.send(watch.Event{ - Type: watch.Error, - Object: &apierrors.NewInternalError(fmt.Errorf("retryWatcher failed to recognize Event type %q", event.Type)).ErrStatus, - }) - // We are unable to restart the watch and have to stop the loop or this might cause lastResourceVersion inconsistency by skipping a potential RV with valid data! - return true, 0 - } - } - } -} - -// receive reads the result from a watcher, restarting it if necessary. -func (rw *RetryWatcher) receive() { - defer close(rw.doneChan) - defer close(rw.resultChan) - - klog.V(4).Info("Starting RetryWatcher.") - defer klog.V(4).Info("Stopping RetryWatcher.") - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - go func() { - select { - case <-rw.stopChan: - cancel() - return - case <-ctx.Done(): - return - } - }() - - // We use non sliding until so we don't introduce delays on happy path when WATCH call - // timeouts or gets closed and we need to reestablish it while also avoiding hot loops. - wait.NonSlidingUntilWithContext(ctx, func(ctx context.Context) { - done, retryAfter := rw.doReceive() - if done { - cancel() - return - } - - timer := time.NewTimer(retryAfter) - select { - case <-ctx.Done(): - timer.Stop() - return - case <-timer.C: - } - - klog.V(4).Infof("Restarting RetryWatcher at RV=%q", rw.lastResourceVersion) - }, rw.minRestartDelay) -} - -// ResultChan implements Interface. -func (rw *RetryWatcher) ResultChan() <-chan watch.Event { - return rw.resultChan -} - -// Stop implements Interface. -func (rw *RetryWatcher) Stop() { - close(rw.stopChan) -} - -// Done allows the caller to be notified when Retry watcher stops. -func (rw *RetryWatcher) Done() <-chan struct{} { - return rw.doneChan -} diff --git a/etcd/vendor/k8s.io/client-go/tools/watch/until.go b/etcd/vendor/k8s.io/client-go/tools/watch/until.go deleted file mode 100644 index 81d4ff0ddf..0000000000 --- a/etcd/vendor/k8s.io/client-go/tools/watch/until.go +++ /dev/null @@ -1,169 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package watch - -import ( - "context" - "errors" - "fmt" - "time" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/tools/cache" - "k8s.io/klog/v2" -) - -// PreconditionFunc returns true if the condition has been reached, false if it has not been reached yet, -// or an error if the condition failed or detected an error state. -type PreconditionFunc func(store cache.Store) (bool, error) - -// ConditionFunc returns true if the condition has been reached, false if it has not been reached yet, -// or an error if the condition cannot be checked and should terminate. In general, it is better to define -// level driven conditions over edge driven conditions (pod has ready=true, vs pod modified and ready changed -// from false to true). -type ConditionFunc func(event watch.Event) (bool, error) - -// ErrWatchClosed is returned when the watch channel is closed before timeout in UntilWithoutRetry. -var ErrWatchClosed = errors.New("watch closed before UntilWithoutRetry timeout") - -// UntilWithoutRetry reads items from the watch until each provided condition succeeds, and then returns the last watch -// encountered. The first condition that returns an error terminates the watch (and the event is also returned). -// If no event has been received, the returned event will be nil. -// Conditions are satisfied sequentially so as to provide a useful primitive for higher level composition. -// Waits until context deadline or until context is canceled. -// -// Warning: Unless you have a very specific use case (probably a special Watcher) don't use this function!!! -// Warning: This will fail e.g. on API timeouts and/or 'too old resource version' error. -// Warning: You are most probably looking for a function *Until* or *UntilWithSync* below, -// Warning: solving such issues. -// TODO: Consider making this function private to prevent misuse when the other occurrences in our codebase are gone. -func UntilWithoutRetry(ctx context.Context, watcher watch.Interface, conditions ...ConditionFunc) (*watch.Event, error) { - ch := watcher.ResultChan() - defer watcher.Stop() - var lastEvent *watch.Event - for _, condition := range conditions { - // check the next condition against the previous event and short circuit waiting for the next watch - if lastEvent != nil { - done, err := condition(*lastEvent) - if err != nil { - return lastEvent, err - } - if done { - continue - } - } - ConditionSucceeded: - for { - select { - case event, ok := <-ch: - if !ok { - return lastEvent, ErrWatchClosed - } - lastEvent = &event - - done, err := condition(event) - if err != nil { - return lastEvent, err - } - if done { - break ConditionSucceeded - } - - case <-ctx.Done(): - return lastEvent, wait.ErrWaitTimeout - } - } - } - return lastEvent, nil -} - -// Until wraps the watcherClient's watch function with RetryWatcher making sure that watcher gets restarted in case of errors. -// The initialResourceVersion will be given to watch method when first called. It shall not be "" or "0" -// given the underlying WATCH call issues (#74022). -// Remaining behaviour is identical to function UntilWithoutRetry. (See above.) -// Until can deal with API timeouts and lost connections. -// It guarantees you to see all events and in the order they happened. -// Due to this guarantee there is no way it can deal with 'Resource version too old error'. It will fail in this case. -// (See `UntilWithSync` if you'd prefer to recover from all the errors including RV too old by re-listing -// -// those items. In normal code you should care about being level driven so you'd not care about not seeing all the edges.) -// -// The most frequent usage for Until would be a test where you want to verify exact order of events ("edges"). -func Until(ctx context.Context, initialResourceVersion string, watcherClient cache.Watcher, conditions ...ConditionFunc) (*watch.Event, error) { - w, err := NewRetryWatcher(initialResourceVersion, watcherClient) - if err != nil { - return nil, err - } - - return UntilWithoutRetry(ctx, w, conditions...) -} - -// UntilWithSync creates an informer from lw, optionally checks precondition when the store is synced, -// and watches the output until each provided condition succeeds, in a way that is identical -// to function UntilWithoutRetry. (See above.) -// UntilWithSync can deal with all errors like API timeout, lost connections and 'Resource version too old'. -// It is the only function that can recover from 'Resource version too old', Until and UntilWithoutRetry will -// just fail in that case. On the other hand it can't provide you with guarantees as strong as using simple -// Watch method with Until. It can skip some intermediate events in case of watch function failing but it will -// re-list to recover and you always get an event, if there has been a change, after recovery. -// Also with the current implementation based on DeltaFIFO, order of the events you receive is guaranteed only for -// particular object, not between more of them even it's the same resource. -// The most frequent usage would be a command that needs to watch the "state of the world" and should't fail, like: -// waiting for object reaching a state, "small" controllers, ... -func UntilWithSync(ctx context.Context, lw cache.ListerWatcher, objType runtime.Object, precondition PreconditionFunc, conditions ...ConditionFunc) (*watch.Event, error) { - indexer, informer, watcher, done := NewIndexerInformerWatcher(lw, objType) - // We need to wait for the internal informers to fully stop so it's easier to reason about - // and it works with non-thread safe clients. - defer func() { <-done }() - // Proxy watcher can be stopped multiple times so it's fine to use defer here to cover alternative branches and - // let UntilWithoutRetry to stop it - defer watcher.Stop() - - if precondition != nil { - if !cache.WaitForCacheSync(ctx.Done(), informer.HasSynced) { - return nil, fmt.Errorf("UntilWithSync: unable to sync caches: %v", ctx.Err()) - } - - done, err := precondition(indexer) - if err != nil { - return nil, err - } - - if done { - return nil, nil - } - } - - return UntilWithoutRetry(ctx, watcher, conditions...) -} - -// ContextWithOptionalTimeout wraps context.WithTimeout and handles infinite timeouts expressed as 0 duration. -func ContextWithOptionalTimeout(parent context.Context, timeout time.Duration) (context.Context, context.CancelFunc) { - if timeout < 0 { - // This should be handled in validation - klog.Errorf("Timeout for context shall not be negative!") - timeout = 0 - } - - if timeout == 0 { - return context.WithCancel(parent) - } - - return context.WithTimeout(parent, timeout) -} diff --git a/etcd/vendor/k8s.io/client-go/util/certificate/csr/csr.go b/etcd/vendor/k8s.io/client-go/util/certificate/csr/csr.go deleted file mode 100644 index 0390d1c02f..0000000000 --- a/etcd/vendor/k8s.io/client-go/util/certificate/csr/csr.go +++ /dev/null @@ -1,364 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package csr - -import ( - "context" - "crypto" - "crypto/x509" - "encoding/pem" - "fmt" - "reflect" - "time" - - certificatesv1 "k8s.io/api/certificates/v1" - certificatesv1beta1 "k8s.io/api/certificates/v1beta1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apimachinery/pkg/watch" - clientset "k8s.io/client-go/kubernetes" - "k8s.io/client-go/tools/cache" - watchtools "k8s.io/client-go/tools/watch" - certutil "k8s.io/client-go/util/cert" - "k8s.io/klog/v2" - "k8s.io/utils/pointer" -) - -// RequestCertificate will either use an existing (if this process has run -// before but not to completion) or create a certificate signing request using the -// PEM encoded CSR and send it to API server. An optional requestedDuration may be passed -// to set the spec.expirationSeconds field on the CSR to control the lifetime of the issued -// certificate. This is not guaranteed as the signer may choose to ignore the request. -func RequestCertificate(client clientset.Interface, csrData []byte, name, signerName string, requestedDuration *time.Duration, usages []certificatesv1.KeyUsage, privateKey interface{}) (reqName string, reqUID types.UID, err error) { - csr := &certificatesv1.CertificateSigningRequest{ - // Username, UID, Groups will be injected by API server. - TypeMeta: metav1.TypeMeta{Kind: "CertificateSigningRequest"}, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - }, - Spec: certificatesv1.CertificateSigningRequestSpec{ - Request: csrData, - Usages: usages, - SignerName: signerName, - }, - } - if len(csr.Name) == 0 { - csr.GenerateName = "csr-" - } - if requestedDuration != nil { - csr.Spec.ExpirationSeconds = DurationToExpirationSeconds(*requestedDuration) - } - - reqName, reqUID, err = create(client, csr) - switch { - case err == nil: - return reqName, reqUID, err - - case apierrors.IsAlreadyExists(err) && len(name) > 0: - klog.Infof("csr for this node already exists, reusing") - req, err := get(client, name) - if err != nil { - return "", "", formatError("cannot retrieve certificate signing request: %v", err) - } - if err := ensureCompatible(req, csr, privateKey); err != nil { - return "", "", fmt.Errorf("retrieved csr is not compatible: %v", err) - } - klog.Infof("csr for this node is still valid") - return req.Name, req.UID, nil - - default: - return "", "", formatError("cannot create certificate signing request: %v", err) - } -} - -func DurationToExpirationSeconds(duration time.Duration) *int32 { - return pointer.Int32(int32(duration / time.Second)) -} - -func ExpirationSecondsToDuration(expirationSeconds int32) time.Duration { - return time.Duration(expirationSeconds) * time.Second -} - -func get(client clientset.Interface, name string) (*certificatesv1.CertificateSigningRequest, error) { - v1req, v1err := client.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}) - if v1err == nil || !apierrors.IsNotFound(v1err) { - return v1req, v1err - } - - v1beta1req, v1beta1err := client.CertificatesV1beta1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}) - if v1beta1err != nil { - return nil, v1beta1err - } - - v1req = &certificatesv1.CertificateSigningRequest{ - ObjectMeta: v1beta1req.ObjectMeta, - Spec: certificatesv1.CertificateSigningRequestSpec{ - Request: v1beta1req.Spec.Request, - }, - } - if v1beta1req.Spec.SignerName != nil { - v1req.Spec.SignerName = *v1beta1req.Spec.SignerName - } - for _, usage := range v1beta1req.Spec.Usages { - v1req.Spec.Usages = append(v1req.Spec.Usages, certificatesv1.KeyUsage(usage)) - } - return v1req, nil -} - -func create(client clientset.Interface, csr *certificatesv1.CertificateSigningRequest) (reqName string, reqUID types.UID, err error) { - // only attempt a create via v1 if we specified signerName and usages and are not using the legacy unknown signerName - if len(csr.Spec.Usages) > 0 && len(csr.Spec.SignerName) > 0 && csr.Spec.SignerName != "kubernetes.io/legacy-unknown" { - v1req, v1err := client.CertificatesV1().CertificateSigningRequests().Create(context.TODO(), csr, metav1.CreateOptions{}) - switch { - case v1err != nil && apierrors.IsNotFound(v1err): - // v1 CSR API was not found, continue to try v1beta1 - - case v1err != nil: - // other creation error - return "", "", v1err - - default: - // success - return v1req.Name, v1req.UID, v1err - } - } - - // convert relevant bits to v1beta1 - v1beta1csr := &certificatesv1beta1.CertificateSigningRequest{ - ObjectMeta: csr.ObjectMeta, - Spec: certificatesv1beta1.CertificateSigningRequestSpec{ - SignerName: &csr.Spec.SignerName, - Request: csr.Spec.Request, - }, - } - for _, usage := range csr.Spec.Usages { - v1beta1csr.Spec.Usages = append(v1beta1csr.Spec.Usages, certificatesv1beta1.KeyUsage(usage)) - } - - // create v1beta1 - v1beta1req, v1beta1err := client.CertificatesV1beta1().CertificateSigningRequests().Create(context.TODO(), v1beta1csr, metav1.CreateOptions{}) - if v1beta1err != nil { - return "", "", v1beta1err - } - return v1beta1req.Name, v1beta1req.UID, nil -} - -// WaitForCertificate waits for a certificate to be issued until timeout, or returns an error. -func WaitForCertificate(ctx context.Context, client clientset.Interface, reqName string, reqUID types.UID) (certData []byte, err error) { - fieldSelector := fields.OneTermEqualSelector("metadata.name", reqName).String() - - var lw *cache.ListWatch - var obj runtime.Object - for { - // see if the v1 API is available - if _, err := client.CertificatesV1().CertificateSigningRequests().List(ctx, metav1.ListOptions{FieldSelector: fieldSelector}); err == nil { - // watch v1 objects - obj = &certificatesv1.CertificateSigningRequest{} - lw = &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - options.FieldSelector = fieldSelector - return client.CertificatesV1().CertificateSigningRequests().List(ctx, options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - options.FieldSelector = fieldSelector - return client.CertificatesV1().CertificateSigningRequests().Watch(ctx, options) - }, - } - break - } else { - klog.V(2).Infof("error fetching v1 certificate signing request: %v", err) - } - - // return if we've timed out - if err := ctx.Err(); err != nil { - return nil, wait.ErrWaitTimeout - } - - // see if the v1beta1 API is available - if _, err := client.CertificatesV1beta1().CertificateSigningRequests().List(ctx, metav1.ListOptions{FieldSelector: fieldSelector}); err == nil { - // watch v1beta1 objects - obj = &certificatesv1beta1.CertificateSigningRequest{} - lw = &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - options.FieldSelector = fieldSelector - return client.CertificatesV1beta1().CertificateSigningRequests().List(ctx, options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - options.FieldSelector = fieldSelector - return client.CertificatesV1beta1().CertificateSigningRequests().Watch(ctx, options) - }, - } - break - } else { - klog.V(2).Infof("error fetching v1beta1 certificate signing request: %v", err) - } - - // return if we've timed out - if err := ctx.Err(); err != nil { - return nil, wait.ErrWaitTimeout - } - - // wait and try again - time.Sleep(time.Second) - } - - var issuedCertificate []byte - _, err = watchtools.UntilWithSync( - ctx, - lw, - obj, - nil, - func(event watch.Event) (bool, error) { - switch event.Type { - case watch.Modified, watch.Added: - case watch.Deleted: - return false, fmt.Errorf("csr %q was deleted", reqName) - default: - return false, nil - } - - switch csr := event.Object.(type) { - case *certificatesv1.CertificateSigningRequest: - if csr.UID != reqUID { - return false, fmt.Errorf("csr %q changed UIDs", csr.Name) - } - approved := false - for _, c := range csr.Status.Conditions { - if c.Type == certificatesv1.CertificateDenied { - return false, fmt.Errorf("certificate signing request is denied, reason: %v, message: %v", c.Reason, c.Message) - } - if c.Type == certificatesv1.CertificateFailed { - return false, fmt.Errorf("certificate signing request failed, reason: %v, message: %v", c.Reason, c.Message) - } - if c.Type == certificatesv1.CertificateApproved { - approved = true - } - } - if approved { - if len(csr.Status.Certificate) > 0 { - klog.V(2).Infof("certificate signing request %s is issued", csr.Name) - issuedCertificate = csr.Status.Certificate - return true, nil - } - klog.V(2).Infof("certificate signing request %s is approved, waiting to be issued", csr.Name) - } - - case *certificatesv1beta1.CertificateSigningRequest: - if csr.UID != reqUID { - return false, fmt.Errorf("csr %q changed UIDs", csr.Name) - } - approved := false - for _, c := range csr.Status.Conditions { - if c.Type == certificatesv1beta1.CertificateDenied { - return false, fmt.Errorf("certificate signing request is denied, reason: %v, message: %v", c.Reason, c.Message) - } - if c.Type == certificatesv1beta1.CertificateFailed { - return false, fmt.Errorf("certificate signing request failed, reason: %v, message: %v", c.Reason, c.Message) - } - if c.Type == certificatesv1beta1.CertificateApproved { - approved = true - } - } - if approved { - if len(csr.Status.Certificate) > 0 { - klog.V(2).Infof("certificate signing request %s is issued", csr.Name) - issuedCertificate = csr.Status.Certificate - return true, nil - } - klog.V(2).Infof("certificate signing request %s is approved, waiting to be issued", csr.Name) - } - - default: - return false, fmt.Errorf("unexpected type received: %T", event.Object) - } - - return false, nil - }, - ) - if err == wait.ErrWaitTimeout { - return nil, wait.ErrWaitTimeout - } - if err != nil { - return nil, formatError("cannot watch on the certificate signing request: %v", err) - } - - return issuedCertificate, nil -} - -// ensureCompatible ensures that a CSR object is compatible with an original CSR -func ensureCompatible(new, orig *certificatesv1.CertificateSigningRequest, privateKey interface{}) error { - newCSR, err := parseCSR(new.Spec.Request) - if err != nil { - return fmt.Errorf("unable to parse new csr: %v", err) - } - origCSR, err := parseCSR(orig.Spec.Request) - if err != nil { - return fmt.Errorf("unable to parse original csr: %v", err) - } - if !reflect.DeepEqual(newCSR.Subject, origCSR.Subject) { - return fmt.Errorf("csr subjects differ: new: %#v, orig: %#v", newCSR.Subject, origCSR.Subject) - } - if len(new.Spec.SignerName) > 0 && len(orig.Spec.SignerName) > 0 && new.Spec.SignerName != orig.Spec.SignerName { - return fmt.Errorf("csr signerNames differ: new %q, orig: %q", new.Spec.SignerName, orig.Spec.SignerName) - } - signer, ok := privateKey.(crypto.Signer) - if !ok { - return fmt.Errorf("privateKey is not a signer") - } - newCSR.PublicKey = signer.Public() - if err := newCSR.CheckSignature(); err != nil { - return fmt.Errorf("error validating signature new CSR against old key: %v", err) - } - if len(new.Status.Certificate) > 0 { - certs, err := certutil.ParseCertsPEM(new.Status.Certificate) - if err != nil { - return fmt.Errorf("error parsing signed certificate for CSR: %v", err) - } - now := time.Now() - for _, cert := range certs { - if now.After(cert.NotAfter) { - return fmt.Errorf("one of the certificates for the CSR has expired: %s", cert.NotAfter) - } - } - } - return nil -} - -// formatError preserves the type of an API message but alters the message. Expects -// a single argument format string, and returns the wrapped error. -func formatError(format string, err error) error { - if s, ok := err.(apierrors.APIStatus); ok { - se := &apierrors.StatusError{ErrStatus: s.Status()} - se.ErrStatus.Message = fmt.Sprintf(format, se.ErrStatus.Message) - return se - } - return fmt.Errorf(format, err) -} - -// parseCSR extracts the CSR from the API object and decodes it. -func parseCSR(pemData []byte) (*x509.CertificateRequest, error) { - // extract PEM from request object - block, _ := pem.Decode(pemData) - if block == nil || block.Type != "CERTIFICATE REQUEST" { - return nil, fmt.Errorf("PEM block type must be CERTIFICATE REQUEST") - } - return x509.ParseCertificateRequest(block.Bytes) -} diff --git a/etcd/vendor/k8s.io/client-go/util/retry/OWNERS b/etcd/vendor/k8s.io/client-go/util/retry/OWNERS deleted file mode 100644 index 75736b5aac..0000000000 --- a/etcd/vendor/k8s.io/client-go/util/retry/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - caesarxuchao diff --git a/etcd/vendor/k8s.io/client-go/util/retry/util.go b/etcd/vendor/k8s.io/client-go/util/retry/util.go deleted file mode 100644 index 0c6e504a6d..0000000000 --- a/etcd/vendor/k8s.io/client-go/util/retry/util.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package retry - -import ( - "time" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/util/wait" -) - -// DefaultRetry is the recommended retry for a conflict where multiple clients -// are making changes to the same resource. -var DefaultRetry = wait.Backoff{ - Steps: 5, - Duration: 10 * time.Millisecond, - Factor: 1.0, - Jitter: 0.1, -} - -// DefaultBackoff is the recommended backoff for a conflict where a client -// may be attempting to make an unrelated modification to a resource under -// active management by one or more controllers. -var DefaultBackoff = wait.Backoff{ - Steps: 4, - Duration: 10 * time.Millisecond, - Factor: 5.0, - Jitter: 0.1, -} - -// OnError allows the caller to retry fn in case the error returned by fn is retriable -// according to the provided function. backoff defines the maximum retries and the wait -// interval between two retries. -func OnError(backoff wait.Backoff, retriable func(error) bool, fn func() error) error { - var lastErr error - err := wait.ExponentialBackoff(backoff, func() (bool, error) { - err := fn() - switch { - case err == nil: - return true, nil - case retriable(err): - lastErr = err - return false, nil - default: - return false, err - } - }) - if err == wait.ErrWaitTimeout { - err = lastErr - } - return err -} - -// RetryOnConflict is used to make an update to a resource when you have to worry about -// conflicts caused by other code making unrelated updates to the resource at the same -// time. fn should fetch the resource to be modified, make appropriate changes to it, try -// to update it, and return (unmodified) the error from the update function. On a -// successful update, RetryOnConflict will return nil. If the update function returns a -// "Conflict" error, RetryOnConflict will wait some amount of time as described by -// backoff, and then try again. On a non-"Conflict" error, or if it retries too many times -// and gives up, RetryOnConflict will return an error to the caller. -// -// err := retry.RetryOnConflict(retry.DefaultRetry, func() error { -// // Fetch the resource here; you need to refetch it on every try, since -// // if you got a conflict on the last update attempt then you need to get -// // the current version before making your own changes. -// pod, err := c.Pods("mynamespace").Get(name, metav1.GetOptions{}) -// if err != nil { -// return err -// } -// -// // Make whatever updates to the resource are needed -// pod.Status.Phase = v1.PodFailed -// -// // Try to update -// _, err = c.Pods("mynamespace").UpdateStatus(pod) -// // You have to return err itself here (not wrapped inside another error) -// // so that RetryOnConflict can identify it correctly. -// return err -// }) -// if err != nil { -// // May be conflict if max retries were hit, or may be something unrelated -// // like permissions or a network error -// return err -// } -// ... -// -// TODO: Make Backoff an interface? -func RetryOnConflict(backoff wait.Backoff, fn func() error) error { - return OnError(backoff, errors.IsConflict, fn) -} diff --git a/etcd/vendor/k8s.io/cloud-provider/CONTRIBUTING.md b/etcd/vendor/k8s.io/cloud-provider/CONTRIBUTING.md deleted file mode 100644 index fe4643fdb9..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/CONTRIBUTING.md +++ /dev/null @@ -1,9 +0,0 @@ -# Contributing guidelines - -Welcome to Kubernetes. We are excited about the prospect of you joining our [community](https://github.com/kubernetes/community)! The Kubernetes community abides by the CNCF [code of conduct](code-of-conduct.md). - -Do not open pull requests directly against this repository, they will be ignored. Instead, please open pull requests against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes. Changes to this repo should be discussed with [sig cloud-provider](https://github.com/kubernetes/community/tree/master/sig-cloud-provider). - -This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/cloud-provider](https://git.k8s.io/kubernetes/staging/src/k8s.io/cloud-provider) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot). - -Please see [Staging Directory and Publishing](https://git.k8s.io/community/contributors/devel/sig-architecture/staging.md) for more information diff --git a/etcd/vendor/k8s.io/cloud-provider/LICENSE b/etcd/vendor/k8s.io/cloud-provider/LICENSE deleted file mode 100644 index 8dada3edaf..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/cloud-provider/OWNERS b/etcd/vendor/k8s.io/cloud-provider/OWNERS deleted file mode 100644 index 19a29715a2..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/OWNERS +++ /dev/null @@ -1,29 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - mikedanese - - dims - - wlan0 - - andrewsykim - - cheftako -reviewers: - - wojtek-t - - deads2k - - derekwaynecarr - - mikedanese - - liggitt - - sttts - - dchen1107 - - saad-ali - - luxas - - justinsb - - jsafrane - - dims - - freehan - - jingxu97 - - wlan0 - - cheftako - - andrewsykim -labels: - - sig/cloud-provider - - area/cloudprovider diff --git a/etcd/vendor/k8s.io/cloud-provider/README.md b/etcd/vendor/k8s.io/cloud-provider/README.md deleted file mode 100644 index 542a9a7a83..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# cloud-provider - -This repository defines the cloud-provider interface and mechanism to initialize -a cloud-provider implementation into Kubernetes. Currently multiple processes -use this code although the intent is that it will eventually only be cloud -controller manager. - -**Note:** go-get or vendor this package as `k8s.io/cloud-provider`. - -## Purpose - -This library is a shared dependency for processes which need to be able to -integrate with cloud-provider specific functionality. - -## Compatibility - -Cloud Providers are expected to keep the HEAD of their implementations in sync -with the HEAD of this repository. - -## Where does it come from? - -`cloud-provider` is synced from -https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/cloud-provider. -Code changes are made in that location, merged into k8s.io/kubernetes and -later synced here. - -## Things you should NOT do - - 1. Add an cloud provider specific code to this repo. - 2. Directly modify anything under vendor/k8s.io/cloud-provider in this repo. Those are driven from `k8s.io/kubernetes/staging/src/k8s.io/cloud-provider`. - 3. Make interface changes without first discussing them with - sig-cloudprovider. - diff --git a/etcd/vendor/k8s.io/cloud-provider/SECURITY_CONTACTS b/etcd/vendor/k8s.io/cloud-provider/SECURITY_CONTACTS deleted file mode 100644 index 68e73edaff..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/SECURITY_CONTACTS +++ /dev/null @@ -1,20 +0,0 @@ -# Defined below are the security contacts for this repo. -# -# They are the contact point for the Product Security Committee to reach out -# to for triaging and handling of incoming issues. -# -# The below names agree to abide by the -# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) -# and will be removed and replaced if they violate that agreement. -# -# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE -# INSTRUCTIONS AT https://kubernetes.io/security/ - -cheftako -andrewsykim -dims -cjcullen -joelsmith -liggitt -philips -tallclair diff --git a/etcd/vendor/k8s.io/cloud-provider/cloud.go b/etcd/vendor/k8s.io/cloud-provider/cloud.go deleted file mode 100644 index 44c62ccc03..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/cloud.go +++ /dev/null @@ -1,313 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cloudprovider - -import ( - "context" - "errors" - "fmt" - "strings" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/informers" - clientset "k8s.io/client-go/kubernetes" - restclient "k8s.io/client-go/rest" -) - -// ControllerClientBuilder allows you to get clients and configs for controllers -// Please note a copy also exists in pkg/controller/client_builder.go -// TODO: Make this depend on the separate controller utilities repo (issues/68947) -type ControllerClientBuilder interface { - Config(name string) (*restclient.Config, error) - ConfigOrDie(name string) *restclient.Config - Client(name string) (clientset.Interface, error) - ClientOrDie(name string) clientset.Interface -} - -// Interface is an abstract, pluggable interface for cloud providers. -type Interface interface { - // Initialize provides the cloud with a kubernetes client builder and may spawn goroutines - // to perform housekeeping or run custom controllers specific to the cloud provider. - // Any tasks started here should be cleaned up when the stop channel closes. - Initialize(clientBuilder ControllerClientBuilder, stop <-chan struct{}) - // LoadBalancer returns a balancer interface. Also returns true if the interface is supported, false otherwise. - LoadBalancer() (LoadBalancer, bool) - // Instances returns an instances interface. Also returns true if the interface is supported, false otherwise. - Instances() (Instances, bool) - // InstancesV2 is an implementation for instances and should only be implemented by external cloud providers. - // Implementing InstancesV2 is behaviorally identical to Instances but is optimized to significantly reduce - // API calls to the cloud provider when registering and syncing nodes. Implementation of this interface will - // disable calls to the Zones interface. Also returns true if the interface is supported, false otherwise. - InstancesV2() (InstancesV2, bool) - // Zones returns a zones interface. Also returns true if the interface is supported, false otherwise. - // DEPRECATED: Zones is deprecated in favor of retrieving zone/region information from InstancesV2. - // This interface will not be called if InstancesV2 is enabled. - Zones() (Zones, bool) - // Clusters returns a clusters interface. Also returns true if the interface is supported, false otherwise. - Clusters() (Clusters, bool) - // Routes returns a routes interface along with whether the interface is supported. - Routes() (Routes, bool) - // ProviderName returns the cloud provider ID. - ProviderName() string - // HasClusterID returns true if a ClusterID is required and set - HasClusterID() bool -} - -type InformerUser interface { - // SetInformers sets the informer on the cloud object. - SetInformers(informerFactory informers.SharedInformerFactory) -} - -// Clusters is an abstract, pluggable interface for clusters of containers. -type Clusters interface { - // ListClusters lists the names of the available clusters. - ListClusters(ctx context.Context) ([]string, error) - // Master gets back the address (either DNS name or IP address) of the master node for the cluster. - Master(ctx context.Context, clusterName string) (string, error) -} - -// (DEPRECATED) DefaultLoadBalancerName is the default load balancer name that is called from -// LoadBalancer.GetLoadBalancerName. Use this method to maintain backward compatible names for -// LoadBalancers that were created prior to Kubernetes v1.12. In the future, each provider should -// replace this method call in GetLoadBalancerName with a provider-specific implementation that -// is less cryptic than the Service's UUID. -func DefaultLoadBalancerName(service *v1.Service) string { - //GCE requires that the name of a load balancer starts with a lower case letter. - ret := "a" + string(service.UID) - ret = strings.Replace(ret, "-", "", -1) - //AWS requires that the name of a load balancer is shorter than 32 bytes. - if len(ret) > 32 { - ret = ret[:32] - } - return ret -} - -// GetInstanceProviderID builds a ProviderID for a node in a cloud. -func GetInstanceProviderID(ctx context.Context, cloud Interface, nodeName types.NodeName) (string, error) { - instances, ok := cloud.Instances() - if !ok { - return "", fmt.Errorf("failed to get instances from cloud provider") - } - instanceID, err := instances.InstanceID(ctx, nodeName) - if err != nil { - if err == NotImplemented { - return "", err - } - - return "", fmt.Errorf("failed to get instance ID from cloud provider: %v", err) - } - return cloud.ProviderName() + "://" + instanceID, nil -} - -// LoadBalancer is an abstract, pluggable interface for load balancers. -// -// Cloud provider may chose to implement the logic for -// constructing/destroying specific kinds of load balancers in a -// controller separate from the ServiceController. If this is the case, -// then {Ensure,Update}LoadBalancer must return the ImplementedElsewhere error. -// For the given LB service, the GetLoadBalancer must return "exists=True" if -// there exists a LoadBalancer instance created by ServiceController. -// In all other cases, GetLoadBalancer must return a NotFound error. -// EnsureLoadBalancerDeleted must not return ImplementedElsewhere to ensure -// proper teardown of resources that were allocated by the ServiceController. -// This can happen if a user changes the type of LB via an update to the resource -// or when migrating from ServiceController to alternate implementation. -// The finalizer on the service will be added and removed by ServiceController -// irrespective of the ImplementedElsewhere error. Additional finalizers for -// LB services must be managed in the alternate implementation. -type LoadBalancer interface { - // TODO: Break this up into different interfaces (LB, etc) when we have more than one type of service - // GetLoadBalancer returns whether the specified load balancer exists, and - // if so, what its status is. - // Implementations must treat the *v1.Service parameter as read-only and not modify it. - // Parameter 'clusterName' is the name of the cluster as presented to kube-controller-manager - GetLoadBalancer(ctx context.Context, clusterName string, service *v1.Service) (status *v1.LoadBalancerStatus, exists bool, err error) - // GetLoadBalancerName returns the name of the load balancer. Implementations must treat the - // *v1.Service parameter as read-only and not modify it. - GetLoadBalancerName(ctx context.Context, clusterName string, service *v1.Service) string - // EnsureLoadBalancer creates a new load balancer 'name', or updates the existing one. Returns the status of the balancer - // Implementations must treat the *v1.Service and *v1.Node - // parameters as read-only and not modify them. - // Parameter 'clusterName' is the name of the cluster as presented to kube-controller-manager - EnsureLoadBalancer(ctx context.Context, clusterName string, service *v1.Service, nodes []*v1.Node) (*v1.LoadBalancerStatus, error) - // UpdateLoadBalancer updates hosts under the specified load balancer. - // Implementations must treat the *v1.Service and *v1.Node - // parameters as read-only and not modify them. - // Parameter 'clusterName' is the name of the cluster as presented to kube-controller-manager - UpdateLoadBalancer(ctx context.Context, clusterName string, service *v1.Service, nodes []*v1.Node) error - // EnsureLoadBalancerDeleted deletes the specified load balancer if it - // exists, returning nil if the load balancer specified either didn't exist or - // was successfully deleted. - // This construction is useful because many cloud providers' load balancers - // have multiple underlying components, meaning a Get could say that the LB - // doesn't exist even if some part of it is still laying around. - // Implementations must treat the *v1.Service parameter as read-only and not modify it. - // Parameter 'clusterName' is the name of the cluster as presented to kube-controller-manager - EnsureLoadBalancerDeleted(ctx context.Context, clusterName string, service *v1.Service) error -} - -// Instances is an abstract, pluggable interface for sets of instances. -type Instances interface { - // NodeAddresses returns the addresses of the specified instance. - NodeAddresses(ctx context.Context, name types.NodeName) ([]v1.NodeAddress, error) - // NodeAddressesByProviderID returns the addresses of the specified instance. - // The instance is specified using the providerID of the node. The - // ProviderID is a unique identifier of the node. This will not be called - // from the node whose nodeaddresses are being queried. i.e. local metadata - // services cannot be used in this method to obtain nodeaddresses - NodeAddressesByProviderID(ctx context.Context, providerID string) ([]v1.NodeAddress, error) - // InstanceID returns the cloud provider ID of the node with the specified NodeName. - // Note that if the instance does not exist, we must return ("", cloudprovider.InstanceNotFound) - // cloudprovider.InstanceNotFound should NOT be returned for instances that exist but are stopped/sleeping - InstanceID(ctx context.Context, nodeName types.NodeName) (string, error) - // InstanceType returns the type of the specified instance. - InstanceType(ctx context.Context, name types.NodeName) (string, error) - // InstanceTypeByProviderID returns the type of the specified instance. - InstanceTypeByProviderID(ctx context.Context, providerID string) (string, error) - // AddSSHKeyToAllInstances adds an SSH public key as a legal identity for all instances - // expected format for the key is standard ssh-keygen format: <protocol> <blob> - AddSSHKeyToAllInstances(ctx context.Context, user string, keyData []byte) error - // CurrentNodeName returns the name of the node we are currently running on - // On most clouds (e.g. GCE) this is the hostname, so we provide the hostname - CurrentNodeName(ctx context.Context, hostname string) (types.NodeName, error) - // InstanceExistsByProviderID returns true if the instance for the given provider exists. - // If false is returned with no error, the instance will be immediately deleted by the cloud controller manager. - // This method should still return true for instances that exist but are stopped/sleeping. - InstanceExistsByProviderID(ctx context.Context, providerID string) (bool, error) - // InstanceShutdownByProviderID returns true if the instance is shutdown in cloudprovider - InstanceShutdownByProviderID(ctx context.Context, providerID string) (bool, error) -} - -// InstancesV2 is an abstract, pluggable interface for cloud provider instances. -// Unlike the Instances interface, it is designed for external cloud providers and should only be used by them. -// Implementation of this interface will disable calls to the Zones interface. -type InstancesV2 interface { - // InstanceExists returns true if the instance for the given node exists according to the cloud provider. - // Use the node.name or node.spec.providerID field to find the node in the cloud provider. - InstanceExists(ctx context.Context, node *v1.Node) (bool, error) - // InstanceShutdown returns true if the instance is shutdown according to the cloud provider. - // Use the node.name or node.spec.providerID field to find the node in the cloud provider. - InstanceShutdown(ctx context.Context, node *v1.Node) (bool, error) - // InstanceMetadata returns the instance's metadata. The values returned in InstanceMetadata are - // translated into specific fields and labels in the Node object on registration. - // Implementations should always check node.spec.providerID first when trying to discover the instance - // for a given node. In cases where node.spec.providerID is empty, implementations can use other - // properties of the node like its name, labels and annotations. - InstanceMetadata(ctx context.Context, node *v1.Node) (*InstanceMetadata, error) -} - -// Route is a representation of an advanced routing rule. -type Route struct { - // Name is the name of the routing rule in the cloud-provider. - // It will be ignored in a Create (although nameHint may influence it) - Name string - // TargetNode is the NodeName of the target instance. - TargetNode types.NodeName - // DestinationCIDR is the CIDR format IP range that this routing rule - // applies to. - DestinationCIDR string - // Blackhole is set to true if this is a blackhole route - // The node controller will delete the route if it is in the managed range. - Blackhole bool -} - -// Routes is an abstract, pluggable interface for advanced routing rules. -type Routes interface { - // ListRoutes lists all managed routes that belong to the specified clusterName - ListRoutes(ctx context.Context, clusterName string) ([]*Route, error) - // CreateRoute creates the described managed route - // route.Name will be ignored, although the cloud-provider may use nameHint - // to create a more user-meaningful name. - CreateRoute(ctx context.Context, clusterName string, nameHint string, route *Route) error - // DeleteRoute deletes the specified managed route - // Route should be as returned by ListRoutes - DeleteRoute(ctx context.Context, clusterName string, route *Route) error -} - -var ( - DiskNotFound = errors.New("disk is not found") - ImplementedElsewhere = errors.New("implemented by alternate to cloud provider") - InstanceNotFound = errors.New("instance not found") - NotImplemented = errors.New("unimplemented") -) - -// Zone represents the location of a particular machine. -type Zone struct { - FailureDomain string - Region string -} - -// Zones is an abstract, pluggable interface for zone enumeration. -// DEPRECATED: Zones is deprecated in favor of retrieving zone/region information from InstancesV2. -// This interface will not be called if InstancesV2 is enabled. -type Zones interface { - // GetZone returns the Zone containing the current failure zone and locality region that the program is running in - // In most cases, this method is called from the kubelet querying a local metadata service to acquire its zone. - // For the case of external cloud providers, use GetZoneByProviderID or GetZoneByNodeName since GetZone - // can no longer be called from the kubelets. - GetZone(ctx context.Context) (Zone, error) - - // GetZoneByProviderID returns the Zone containing the current zone and locality region of the node specified by providerID - // This method is particularly used in the context of external cloud providers where node initialization must be done - // outside the kubelets. - GetZoneByProviderID(ctx context.Context, providerID string) (Zone, error) - - // GetZoneByNodeName returns the Zone containing the current zone and locality region of the node specified by node name - // This method is particularly used in the context of external cloud providers where node initialization must be done - // outside the kubelets. - GetZoneByNodeName(ctx context.Context, nodeName types.NodeName) (Zone, error) -} - -// PVLabeler is an abstract, pluggable interface for fetching labels for volumes -type PVLabeler interface { - GetLabelsForVolume(ctx context.Context, pv *v1.PersistentVolume) (map[string]string, error) -} - -// InstanceMetadata contains metadata about a specific instance. -// Values returned in InstanceMetadata are translated into specific fields and labels for Node. -type InstanceMetadata struct { - // ProviderID is a unique ID used to identify an instance on the cloud provider. - // The ProviderID set here will be set on the node's spec.providerID field. - // The provider ID format can be set by the cloud provider but providers should - // ensure the format does not change in any incompatible way. - // - // The provider ID format used by existing cloud provider has been: - // <provider-name>://<instance-id> - // Existing providers setting this field should preserve the existing format - // currently being set in node.spec.providerID. - ProviderID string - // InstanceType is the instance's type. - // The InstanceType set here will be set using the following labels on the node object: - // * node.kubernetes.io/instance-type=<instance-type> - // * beta.kubernetes.io/instance-type=<instance-type> (DEPRECATED) - InstanceType string - // NodeAddress contains information for the instance's address. - // The node addresses returned here will be set on the node's status.addresses field. - NodeAddresses []v1.NodeAddress - - // Zone is the zone that the instance is in. - // The value set here is applied as the following labels on the node: - // * topology.kubernetes.io/zone=<zone> - // * failure-domain.beta.kubernetes.io/zone=<zone> (DEPRECATED) - Zone string - // Region is the region that the instance is in. - // The value set here is applied as the following labels on the node: - // * topology.kubernetes.io/region=<region> - // * failure-domain.beta.kubernetes.io/region=<region> (DEPRECATED) - Region string -} diff --git a/etcd/vendor/k8s.io/cloud-provider/code-of-conduct.md b/etcd/vendor/k8s.io/cloud-provider/code-of-conduct.md deleted file mode 100644 index 0d15c00cf3..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/code-of-conduct.md +++ /dev/null @@ -1,3 +0,0 @@ -# Kubernetes Community Code of Conduct - -Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) diff --git a/etcd/vendor/k8s.io/cloud-provider/doc.go b/etcd/vendor/k8s.io/cloud-provider/doc.go deleted file mode 100644 index 6b401e4564..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package cloudprovider supplies interfaces and implementations for cloud service providers. -package cloudprovider // import "k8s.io/cloud-provider" diff --git a/etcd/vendor/k8s.io/cloud-provider/plugins.go b/etcd/vendor/k8s.io/cloud-provider/plugins.go deleted file mode 100644 index 5300abdb4c..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/plugins.go +++ /dev/null @@ -1,174 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cloudprovider - -import ( - "fmt" - "io" - "os" - "sync" - - "k8s.io/klog/v2" -) - -// Factory is a function that returns a cloudprovider.Interface. -// The config parameter provides an io.Reader handler to the factory in -// order to load specific configurations. If no configuration is provided -// the parameter is nil. -type Factory func(config io.Reader) (Interface, error) - -// All registered cloud providers. -var ( - providersMutex sync.Mutex - providers = make(map[string]Factory) - deprecatedCloudProviders = []struct { - name string - external bool - detail string - }{ - {"aws", false, "The AWS provider is deprecated and will be removed in a future release. Please use https://github.com/kubernetes/cloud-provider-aws"}, - {"azure", false, "The Azure provider is deprecated and will be removed in a future release. Please use https://github.com/kubernetes-sigs/cloud-provider-azure"}, - {"gce", false, "The GCE provider is deprecated and will be removed in a future release. Please use https://github.com/kubernetes/cloud-provider-gcp"}, - {"vsphere", false, "The vSphere provider is deprecated and will be removed in a future release. Please use https://github.com/kubernetes/cloud-provider-vsphere"}, - } -) - -const externalCloudProvider = "external" - -// RegisterCloudProvider registers a cloudprovider.Factory by name. This -// is expected to happen during app startup. -func RegisterCloudProvider(name string, cloud Factory) { - providersMutex.Lock() - defer providersMutex.Unlock() - if _, found := providers[name]; found { - klog.Fatalf("Cloud provider %q was registered twice", name) - } - klog.V(1).Infof("Registered cloud provider %q", name) - providers[name] = cloud -} - -// IsCloudProvider returns true if name corresponds to an already registered -// cloud provider. -func IsCloudProvider(name string) bool { - providersMutex.Lock() - defer providersMutex.Unlock() - _, found := providers[name] - return found -} - -// GetCloudProvider creates an instance of the named cloud provider, or nil if -// the name is unknown. The error return is only used if the named provider -// was known but failed to initialize. The config parameter specifies the -// io.Reader handler of the configuration file for the cloud provider, or nil -// for no configuration. -func GetCloudProvider(name string, config io.Reader) (Interface, error) { - providersMutex.Lock() - defer providersMutex.Unlock() - f, found := providers[name] - if !found { - return nil, nil - } - return f(config) -} - -// Detects if the string is an external cloud provider -func IsExternal(name string) bool { - return name == externalCloudProvider -} - -// IsDeprecatedInternal is responsible for preventing cloud.Interface -// from being initialized in kubelet, kube-controller-manager or kube-api-server -func IsDeprecatedInternal(name string) bool { - for _, provider := range deprecatedCloudProviders { - if provider.name == name { - return true - } - } - - return false -} - -// DisableWarningForProvider logs information about disabled cloud provider state -func DisableWarningForProvider(providerName string) { - for _, provider := range deprecatedCloudProviders { - if provider.name == providerName { - klog.Infof("INFO: Please make sure you are running external cloud controller manager binary for provider %q."+ - "In-tree cloud providers are currently disabled. Refer to https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/cloud-provider/sample"+ - "for example implementation.", providerName) - detail := fmt.Sprintf("Please reach to sig-cloud-provider and use 'external' cloud provider for %q: %s", providerName, provider.detail) - klog.Warningf("WARNING: %q built-in cloud provider is now disabled. %s", providerName, detail) - break - } - } -} - -// DeprecationWarningForProvider logs information about deprecated cloud provider state -func DeprecationWarningForProvider(providerName string) { - for _, provider := range deprecatedCloudProviders { - if provider.name != providerName { - continue - } - - detail := provider.detail - if provider.external { - detail = fmt.Sprintf("Please use 'external' cloud provider for %s: %s", providerName, provider.detail) - } - - klog.Warningf("WARNING: %s built-in cloud provider is now deprecated. %s", providerName, detail) - break - } -} - -// InitCloudProvider creates an instance of the named cloud provider. -func InitCloudProvider(name string, configFilePath string) (Interface, error) { - var cloud Interface - var err error - - if name == "" { - return nil, nil - } - - if IsExternal(name) { - klog.Info("External cloud provider specified") - return nil, nil - } - - if configFilePath != "" { - var config *os.File - config, err = os.Open(configFilePath) - if err != nil { - klog.Fatalf("Couldn't open cloud provider configuration %s: %#v", - configFilePath, err) - } - - defer config.Close() - cloud, err = GetCloudProvider(name, config) - } else { - // Pass explicit nil so plugins can actually check for nil. See - // "Why is my nil error value not equal to nil?" in golang.org/doc/faq. - cloud, err = GetCloudProvider(name, nil) - } - - if err != nil { - return nil, fmt.Errorf("could not init cloud provider %q: %v", name, err) - } - if cloud == nil { - return nil, fmt.Errorf("unknown cloud provider %q", name) - } - - return cloud, nil -} diff --git a/etcd/vendor/k8s.io/cloud-provider/ports.go b/etcd/vendor/k8s.io/cloud-provider/ports.go deleted file mode 100644 index 797de6d928..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/ports.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cloudprovider - -const ( - // CloudControllerManagerPort is the default port for the cloud controller manager server. - // This value may be overridden by a flag at startup. - CloudControllerManagerPort = 10258 -) diff --git a/etcd/vendor/k8s.io/cloud-provider/volume/constants.go b/etcd/vendor/k8s.io/cloud-provider/volume/constants.go deleted file mode 100644 index d05f64ae25..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/volume/constants.go +++ /dev/null @@ -1,26 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -const ( - // ProvisionedVolumeName is the name of a volume in an external cloud - // that is being provisioned and thus should be ignored by rest of Kubernetes. - ProvisionedVolumeName = "placeholder-for-provisioning" - - // LabelMultiZoneDelimiter separates zones for volumes - LabelMultiZoneDelimiter = "__" -) diff --git a/etcd/vendor/k8s.io/cloud-provider/volume/helpers/rounding.go b/etcd/vendor/k8s.io/cloud-provider/volume/helpers/rounding.go deleted file mode 100644 index 1018157380..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/volume/helpers/rounding.go +++ /dev/null @@ -1,165 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package helpers - -import ( - "fmt" - "math" - "math/bits" - - "k8s.io/apimachinery/pkg/api/resource" -) - -/* -The Cloud Provider's volume plugins provision disks for corresponding -PersistentVolumeClaims. Cloud Providers use different allocation unit for their -disk sizes. AWS allows you to specify the size as an integer amount of GiB, -while Portworx expects bytes for example. On AWS, if you want a volume of -1500MiB, the actual call to the AWS API should therefore be for a 2GiB disk. -This file contains functions that help rounding a storage request based on a -Cloud Provider's allocation unit. -*/ - -const ( - // GB - GigaByte size - GB = 1000 * 1000 * 1000 - // GiB - GibiByte size - GiB = 1024 * 1024 * 1024 - - // MB - MegaByte size - MB = 1000 * 1000 - // MiB - MebiByte size - MiB = 1024 * 1024 - - // KB - KiloByte size - KB = 1000 - // KiB - KibiByte size - KiB = 1024 -) - -// RoundUpToGiB rounds up given quantity upto chunks of GiB -func RoundUpToGiB(size resource.Quantity) (int64, error) { - return roundUpSizeInt64(size, GiB) -} - -// RoundUpToMB rounds up given quantity to chunks of MB -func RoundUpToMB(size resource.Quantity) (int64, error) { - return roundUpSizeInt64(size, MB) -} - -// RoundUpToMiB rounds up given quantity upto chunks of MiB -func RoundUpToMiB(size resource.Quantity) (int64, error) { - return roundUpSizeInt64(size, MiB) -} - -// RoundUpToKB rounds up given quantity to chunks of KB -func RoundUpToKB(size resource.Quantity) (int64, error) { - return roundUpSizeInt64(size, KB) -} - -// RoundUpToKiB rounds up given quantity to chunks of KiB -func RoundUpToKiB(size resource.Quantity) (int64, error) { - return roundUpSizeInt64(size, KiB) -} - -// RoundUpToB rounds up given quantity to chunks of bytes -func RoundUpToB(size resource.Quantity) (int64, error) { - return roundUpSizeInt64(size, 1) -} - -// RoundUpToGiBInt rounds up given quantity upto chunks of GiB. It returns an -// int instead of an int64 and an error if there's overflow -func RoundUpToGiBInt(size resource.Quantity) (int, error) { - return roundUpSizeInt(size, GiB) -} - -// RoundUpToMBInt rounds up given quantity to chunks of MB. It returns an -// int instead of an int64 and an error if there's overflow -func RoundUpToMBInt(size resource.Quantity) (int, error) { - return roundUpSizeInt(size, MB) -} - -// RoundUpToMiBInt rounds up given quantity upto chunks of MiB. It returns an -// int instead of an int64 and an error if there's overflow -func RoundUpToMiBInt(size resource.Quantity) (int, error) { - return roundUpSizeInt(size, MiB) -} - -// RoundUpToKBInt rounds up given quantity to chunks of KB. It returns an -// int instead of an int64 and an error if there's overflow -func RoundUpToKBInt(size resource.Quantity) (int, error) { - return roundUpSizeInt(size, KB) -} - -// RoundUpToKiBInt rounds up given quantity upto chunks of KiB. It returns an -// int instead of an int64 and an error if there's overflow -func RoundUpToKiBInt(size resource.Quantity) (int, error) { - return roundUpSizeInt(size, KiB) -} - -// RoundUpToGiBInt32 rounds up given quantity up to chunks of GiB. It returns an -// int32 instead of an int64 and an error if there's overflow -func RoundUpToGiBInt32(size resource.Quantity) (int32, error) { - return roundUpSizeInt32(size, GiB) -} - -// roundUpSizeInt calculates how many allocation units are needed to accommodate -// a volume of a given size. It returns an int and an error if there's overflow -func roundUpSizeInt(size resource.Quantity, allocationUnitBytes int64) (int, error) { - if bits.UintSize == 32 { - res, err := roundUpSizeInt32(size, allocationUnitBytes) - return int(res), err - } - res, err := roundUpSizeInt64(size, allocationUnitBytes) - return int(res), err -} - -// roundUpSizeInt32 calculates how many allocation units are needed to accommodate -// a volume of a given size. It returns an int32 and an error if there's overflow -func roundUpSizeInt32(size resource.Quantity, allocationUnitBytes int64) (int32, error) { - roundedUpInt32, err := roundUpSizeInt64(size, allocationUnitBytes) - if err != nil { - return 0, err - } - if roundedUpInt32 > math.MaxInt32 { - return 0, fmt.Errorf("quantity %s is too great, overflows int32", size.String()) - } - return int32(roundedUpInt32), nil -} - -// roundUpSizeInt64 calculates how many allocation units are needed to accommodate -// a volume of a given size. It returns an int64 and an error if there's overflow -func roundUpSizeInt64(size resource.Quantity, allocationUnitBytes int64) (int64, error) { - // Use CmpInt64() to find out if the value of "size" would overflow an - // int64 and therefore have Value() return a wrong result. Then, retrieve - // the value as int64 and perform the rounding. - // It's not convenient to use AsScale() and related functions as they don't - // support BinarySI format, nor can we use AsInt64() directly since it's - // only implemented for int64 scaled numbers (int64Amount). - - // CmpInt64() actually returns 0 when comparing an amount bigger than MaxInt64. - if size.CmpInt64(math.MaxInt64) >= 0 { - return 0, fmt.Errorf("quantity %s is too great, overflows int64", size.String()) - } - volumeSizeBytes := size.Value() - - roundedUp := volumeSizeBytes / allocationUnitBytes - if volumeSizeBytes%allocationUnitBytes > 0 { - roundedUp++ - } - return roundedUp, nil -} diff --git a/etcd/vendor/k8s.io/cloud-provider/volume/helpers/zones.go b/etcd/vendor/k8s.io/cloud-provider/volume/helpers/zones.go deleted file mode 100644 index ff3a392846..0000000000 --- a/etcd/vendor/k8s.io/cloud-provider/volume/helpers/zones.go +++ /dev/null @@ -1,313 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package helpers - -import ( - "fmt" - "hash/fnv" - "math/rand" - "strconv" - "strings" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/sets" - cloudvolume "k8s.io/cloud-provider/volume" - "k8s.io/klog/v2" -) - -// LabelZonesToSet converts a PV label value from string containing a delimited list of zones to set -func LabelZonesToSet(labelZonesValue string) (sets.String, error) { - return stringToSet(labelZonesValue, cloudvolume.LabelMultiZoneDelimiter) -} - -// ZonesSetToLabelValue converts zones set to label value -func ZonesSetToLabelValue(strSet sets.String) string { - return strings.Join(strSet.UnsortedList(), cloudvolume.LabelMultiZoneDelimiter) -} - -// ZonesToSet converts a string containing a comma separated list of zones to set -func ZonesToSet(zonesString string) (sets.String, error) { - zones, err := stringToSet(zonesString, ",") - if err != nil { - return nil, fmt.Errorf("error parsing zones %s, must be strings separated by commas: %v", zonesString, err) - } - return zones, nil -} - -// StringToSet converts a string containing list separated by specified delimiter to a set -func stringToSet(str, delimiter string) (sets.String, error) { - zonesSlice := strings.Split(str, delimiter) - zonesSet := make(sets.String) - for _, zone := range zonesSlice { - trimmedZone := strings.TrimSpace(zone) - if trimmedZone == "" { - return make(sets.String), fmt.Errorf( - "%q separated list (%q) must not contain an empty string", - delimiter, - str) - } - zonesSet.Insert(trimmedZone) - } - return zonesSet, nil -} - -// LabelZonesToList converts a PV label value from string containing a delimited list of zones to list -func LabelZonesToList(labelZonesValue string) ([]string, error) { - return stringToList(labelZonesValue, cloudvolume.LabelMultiZoneDelimiter) -} - -// StringToList converts a string containing list separated by specified delimiter to a list -func stringToList(str, delimiter string) ([]string, error) { - zonesSlice := make([]string, 0) - for _, zone := range strings.Split(str, delimiter) { - trimmedZone := strings.TrimSpace(zone) - if trimmedZone == "" { - return nil, fmt.Errorf( - "%q separated list (%q) must not contain an empty string", - delimiter, - str) - } - zonesSlice = append(zonesSlice, trimmedZone) - } - return zonesSlice, nil -} - -// SelectZoneForVolume is a wrapper around SelectZonesForVolume -// to select a single zone for a volume based on parameters -func SelectZoneForVolume(zoneParameterPresent, zonesParameterPresent bool, zoneParameter string, zonesParameter, zonesWithNodes sets.String, node *v1.Node, allowedTopologies []v1.TopologySelectorTerm, pvcName string) (string, error) { - zones, err := SelectZonesForVolume(zoneParameterPresent, zonesParameterPresent, zoneParameter, zonesParameter, zonesWithNodes, node, allowedTopologies, pvcName, 1) - if err != nil { - return "", err - } - zone, ok := zones.PopAny() - if !ok { - return "", fmt.Errorf("could not determine a zone to provision volume in") - } - return zone, nil -} - -// SelectZonesForVolume selects zones for a volume based on several factors: -// node.zone, allowedTopologies, zone/zones parameters from storageclass, -// zones with active nodes from the cluster. The number of zones = replicas. -func SelectZonesForVolume(zoneParameterPresent, zonesParameterPresent bool, zoneParameter string, zonesParameter, zonesWithNodes sets.String, node *v1.Node, allowedTopologies []v1.TopologySelectorTerm, pvcName string, numReplicas uint32) (sets.String, error) { - if zoneParameterPresent && zonesParameterPresent { - return nil, fmt.Errorf("both zone and zones StorageClass parameters must not be used at the same time") - } - - var zoneFromNode string - // pick one zone from node if present - if node != nil { - // VolumeScheduling implicit since node is not nil - if zoneParameterPresent || zonesParameterPresent { - return nil, fmt.Errorf("zone[s] cannot be specified in StorageClass if VolumeBindingMode is set to WaitForFirstConsumer. Please specify allowedTopologies in StorageClass for constraining zones") - } - - // pick node's zone for one of the replicas - var ok bool - zoneFromNode, ok = node.ObjectMeta.Labels[v1.LabelTopologyZone] - if !ok { - zoneFromNode, ok = node.ObjectMeta.Labels[v1.LabelFailureDomainBetaZone] - if !ok { - return nil, fmt.Errorf("Either %s or %s Label for node missing", v1.LabelTopologyZone, v1.LabelFailureDomainBetaZone) - } - } - // if single replica volume and node with zone found, return immediately - if numReplicas == 1 { - return sets.NewString(zoneFromNode), nil - } - } - - // pick zone from allowedZones if specified - allowedZones, err := ZonesFromAllowedTopologies(allowedTopologies) - if err != nil { - return nil, err - } - - if (len(allowedTopologies) > 0) && (allowedZones.Len() == 0) { - return nil, fmt.Errorf("no matchLabelExpressions with %s key found in allowedTopologies. Please specify matchLabelExpressions with %s key", v1.LabelTopologyZone, v1.LabelTopologyZone) - } - - if allowedZones.Len() > 0 { - // VolumeScheduling implicit since allowedZones present - if zoneParameterPresent || zonesParameterPresent { - return nil, fmt.Errorf("zone[s] cannot be specified in StorageClass if allowedTopologies specified") - } - // scheduler will guarantee if node != null above, zoneFromNode is member of allowedZones. - // so if zoneFromNode != "", we can safely assume it is part of allowedZones. - zones, err := chooseZonesForVolumeIncludingZone(allowedZones, pvcName, zoneFromNode, numReplicas) - if err != nil { - return nil, fmt.Errorf("cannot process zones in allowedTopologies: %v", err) - } - return zones, nil - } - - // pick zone from parameters if present - if zoneParameterPresent { - if numReplicas > 1 { - return nil, fmt.Errorf("zone cannot be specified if desired number of replicas for pv is greather than 1. Please specify zones or allowedTopologies to specify desired zones") - } - return sets.NewString(zoneParameter), nil - } - - if zonesParameterPresent { - if uint32(zonesParameter.Len()) < numReplicas { - return nil, fmt.Errorf("not enough zones found in zones parameter to provision a volume with %d replicas. Found %d zones, need %d zones", numReplicas, zonesParameter.Len(), numReplicas) - } - // directly choose from zones parameter; no zone from node need to be considered - return ChooseZonesForVolume(zonesParameter, pvcName, numReplicas), nil - } - - // pick zone from zones with nodes - if zonesWithNodes.Len() > 0 { - // If node != null (and thus zoneFromNode != ""), zoneFromNode will be member of zonesWithNodes - zones, err := chooseZonesForVolumeIncludingZone(zonesWithNodes, pvcName, zoneFromNode, numReplicas) - if err != nil { - return nil, fmt.Errorf("cannot process zones where nodes exist in the cluster: %v", err) - } - return zones, nil - } - return nil, fmt.Errorf("cannot determine zones to provision volume in") -} - -// ZonesFromAllowedTopologies returns a list of zones specified in allowedTopologies -func ZonesFromAllowedTopologies(allowedTopologies []v1.TopologySelectorTerm) (sets.String, error) { - zones := make(sets.String) - for _, term := range allowedTopologies { - for _, exp := range term.MatchLabelExpressions { - if exp.Key == v1.LabelTopologyZone || exp.Key == v1.LabelFailureDomainBetaZone { - for _, value := range exp.Values { - zones.Insert(value) - } - } else { - return nil, fmt.Errorf("unsupported key found in matchLabelExpressions: %s", exp.Key) - } - } - } - return zones, nil -} - -// chooseZonesForVolumeIncludingZone is a wrapper around ChooseZonesForVolume that ensures zoneToInclude is chosen -// zoneToInclude can either be empty in which case it is ignored. If non-empty, zoneToInclude is expected to be member of zones. -// numReplicas is expected to be > 0 and <= zones.Len() -func chooseZonesForVolumeIncludingZone(zones sets.String, pvcName, zoneToInclude string, numReplicas uint32) (sets.String, error) { - if numReplicas == 0 { - return nil, fmt.Errorf("invalid number of replicas passed") - } - if uint32(zones.Len()) < numReplicas { - return nil, fmt.Errorf("not enough zones found to provision a volume with %d replicas. Need at least %d distinct zones for a volume with %d replicas", numReplicas, numReplicas, numReplicas) - } - if zoneToInclude != "" && !zones.Has(zoneToInclude) { - return nil, fmt.Errorf("zone to be included: %s needs to be member of set: %v", zoneToInclude, zones) - } - if uint32(zones.Len()) == numReplicas { - return zones, nil - } - if zoneToInclude != "" { - zones.Delete(zoneToInclude) - numReplicas = numReplicas - 1 - } - zonesChosen := ChooseZonesForVolume(zones, pvcName, numReplicas) - if zoneToInclude != "" { - zonesChosen.Insert(zoneToInclude) - } - return zonesChosen, nil -} - -// ChooseZonesForVolume is identical to ChooseZoneForVolume, but selects a multiple zones, for multi-zone disks. -func ChooseZonesForVolume(zones sets.String, pvcName string, numZones uint32) sets.String { - // No zones available, return empty set. - replicaZones := sets.NewString() - if zones.Len() == 0 { - return replicaZones - } - - // We create the volume in a zone determined by the name - // Eventually the scheduler will coordinate placement into an available zone - hash, index := getPVCNameHashAndIndexOffset(pvcName) - - // Zones.List returns zones in a consistent order (sorted) - // We do have a potential failure case where volumes will not be properly spread, - // if the set of zones changes during StatefulSet volume creation. However, this is - // probably relatively unlikely because we expect the set of zones to be essentially - // static for clusters. - // Hopefully we can address this problem if/when we do full scheduler integration of - // PVC placement (which could also e.g. avoid putting volumes in overloaded or - // unhealthy zones) - zoneSlice := zones.List() - - startingIndex := index * numZones - for index = startingIndex; index < startingIndex+numZones; index++ { - zone := zoneSlice[(hash+index)%uint32(len(zoneSlice))] - replicaZones.Insert(zone) - } - - klog.V(2).Infof("Creating volume for replicated PVC %q; chosen zones=%q from zones=%q", - pvcName, replicaZones.UnsortedList(), zoneSlice) - return replicaZones -} - -func getPVCNameHashAndIndexOffset(pvcName string) (hash uint32, index uint32) { - if pvcName == "" { - // We should always be called with a name; this shouldn't happen - klog.Warningf("No name defined during volume create; choosing random zone") - - hash = rand.Uint32() - } else { - hashString := pvcName - - // Heuristic to make sure that volumes in a StatefulSet are spread across zones - // StatefulSet PVCs are (currently) named ClaimName-StatefulSetName-Id, - // where Id is an integer index. - // Note though that if a StatefulSet pod has multiple claims, we need them to be - // in the same zone, because otherwise the pod will be unable to mount both volumes, - // and will be unschedulable. So we hash _only_ the "StatefulSetName" portion when - // it looks like `ClaimName-StatefulSetName-Id`. - // We continue to round-robin volume names that look like `Name-Id` also; this is a useful - // feature for users that are creating statefulset-like functionality without using statefulsets. - lastDash := strings.LastIndexByte(pvcName, '-') - if lastDash != -1 { - statefulsetIDString := pvcName[lastDash+1:] - statefulsetID, err := strconv.ParseUint(statefulsetIDString, 10, 32) - if err == nil { - // Offset by the statefulsetID, so we round-robin across zones - index = uint32(statefulsetID) - // We still hash the volume name, but only the prefix - hashString = pvcName[:lastDash] - - // In the special case where it looks like `ClaimName-StatefulSetName-Id`, - // hash only the StatefulSetName, so that different claims on the same StatefulSet - // member end up in the same zone. - // Note that StatefulSetName (and ClaimName) might themselves both have dashes. - // We actually just take the portion after the final - of ClaimName-StatefulSetName. - // For our purposes it doesn't much matter (just suboptimal spreading). - lastDash := strings.LastIndexByte(hashString, '-') - if lastDash != -1 { - hashString = hashString[lastDash+1:] - } - - klog.V(2).Infof("Detected StatefulSet-style volume name %q; index=%d", pvcName, index) - } - } - - // We hash the (base) volume name, so we don't bias towards the first N zones - h := fnv.New32() - h.Write([]byte(hashString)) - hash = h.Sum32() - } - - return hash, index -} diff --git a/etcd/vendor/k8s.io/cluster-bootstrap/LICENSE b/etcd/vendor/k8s.io/cluster-bootstrap/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/etcd/vendor/k8s.io/cluster-bootstrap/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/cluster-bootstrap/token/api/doc.go b/etcd/vendor/k8s.io/cluster-bootstrap/token/api/doc.go deleted file mode 100644 index 9bb5d9cdb0..0000000000 --- a/etcd/vendor/k8s.io/cluster-bootstrap/token/api/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package api (k8s.io/cluster-bootstrap/token/api) contains constants and types needed for -// bootstrap tokens as maintained by the BootstrapSigner and TokenCleaner -// controllers (in k8s.io/kubernetes/pkg/controller/bootstrap) -package api // import "k8s.io/cluster-bootstrap/token/api" diff --git a/etcd/vendor/k8s.io/cluster-bootstrap/token/api/types.go b/etcd/vendor/k8s.io/cluster-bootstrap/token/api/types.go deleted file mode 100644 index 3bea78b176..0000000000 --- a/etcd/vendor/k8s.io/cluster-bootstrap/token/api/types.go +++ /dev/null @@ -1,112 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - "k8s.io/api/core/v1" -) - -const ( - // BootstrapTokenSecretPrefix is the prefix for bootstrap token names. - // Bootstrap tokens secrets must be named in the form - // `bootstrap-token-<token-id>`. This is the prefix to be used before the - // token ID. - BootstrapTokenSecretPrefix = "bootstrap-token-" - - // SecretTypeBootstrapToken is used during the automated bootstrap process (first - // implemented by kubeadm). It stores tokens that are used to sign well known - // ConfigMaps. They may also eventually be used for authentication. - SecretTypeBootstrapToken v1.SecretType = "bootstrap.kubernetes.io/token" - - // BootstrapTokenIDKey is the id of this token. This can be transmitted in the - // clear and encoded in the name of the secret. It must be a random 6 character - // string that matches the regexp `^([a-z0-9]{6})$`. Required. - BootstrapTokenIDKey = "token-id" - - // BootstrapTokenSecretKey is the actual secret. It must be a random 16 character - // string that matches the regexp `^([a-z0-9]{16})$`. Required. - BootstrapTokenSecretKey = "token-secret" - - // BootstrapTokenExpirationKey is when this token should be expired and no - // longer used. A controller will delete this resource after this time. This - // is an absolute UTC time using RFC3339. If this cannot be parsed, the token - // should be considered invalid. Optional. - BootstrapTokenExpirationKey = "expiration" - - // BootstrapTokenDescriptionKey is a description in human-readable format that - // describes what the bootstrap token is used for. Optional. - BootstrapTokenDescriptionKey = "description" - - // BootstrapTokenExtraGroupsKey is a comma-separated list of group names. - // The bootstrap token will authenticate as these groups in addition to the - // "system:bootstrappers" group. - BootstrapTokenExtraGroupsKey = "auth-extra-groups" - - // BootstrapTokenUsagePrefix is the prefix for the other usage constants that specifies different - // functions of a bootstrap token - BootstrapTokenUsagePrefix = "usage-bootstrap-" - - // BootstrapTokenUsageSigningKey signals that this token should be used to - // sign configs as part of the bootstrap process. Value must be "true". Any - // other value is assumed to be false. Optional. - BootstrapTokenUsageSigningKey = "usage-bootstrap-signing" - - // BootstrapTokenUsageAuthentication signals that this token should be used - // as a bearer token to authenticate against the Kubernetes API. The bearer - // token takes the form "<token-id>.<token-secret>" and authenticates as the - // user "system:bootstrap:<token-id>" in the "system:bootstrappers" group - // as well as any groups specified using BootstrapTokenExtraGroupsKey. - // Value must be "true". Any other value is assumed to be false. Optional. - BootstrapTokenUsageAuthentication = "usage-bootstrap-authentication" - - // ConfigMapClusterInfo defines the name for the ConfigMap where the information how to connect and trust the cluster exist - ConfigMapClusterInfo = "cluster-info" - - // KubeConfigKey defines at which key in the Data object of the ConfigMap the KubeConfig object is stored - KubeConfigKey = "kubeconfig" - - // JWSSignatureKeyPrefix defines what key prefix the JWS-signed tokens have - JWSSignatureKeyPrefix = "jws-kubeconfig-" - - // BootstrapUserPrefix is the username prefix bootstrapping bearer tokens - // authenticate as. The full username given is "system:bootstrap:<token-id>". - BootstrapUserPrefix = "system:bootstrap:" - - // BootstrapDefaultGroup is the default group for bootstrapping bearer - // tokens (in addition to any groups from BootstrapTokenExtraGroupsKey). - BootstrapDefaultGroup = "system:bootstrappers" - - // BootstrapGroupPattern is the valid regex pattern that all groups - // assigned to a bootstrap token by BootstrapTokenExtraGroupsKey must match. - // See also util.ValidateBootstrapGroupName() - BootstrapGroupPattern = `\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z` - - // BootstrapTokenPattern defines the {id}.{secret} regular expression pattern - BootstrapTokenPattern = `\A([a-z0-9]{6})\.([a-z0-9]{16})\z` - - // BootstrapTokenIDPattern defines token's id regular expression pattern - BootstrapTokenIDPattern = `\A([a-z0-9]{6})\z` - - // BootstrapTokenIDBytes defines the number of bytes used for the Bootstrap Token's ID field - BootstrapTokenIDBytes = 6 - - // BootstrapTokenSecretBytes defines the number of bytes used the Bootstrap Token's Secret field - BootstrapTokenSecretBytes = 16 -) - -// KnownTokenUsages specifies the known functions a token will get. -var KnownTokenUsages = []string{"signing", "authentication"} diff --git a/etcd/vendor/k8s.io/cluster-bootstrap/token/util/helpers.go b/etcd/vendor/k8s.io/cluster-bootstrap/token/util/helpers.go deleted file mode 100644 index f9ea35b5ee..0000000000 --- a/etcd/vendor/k8s.io/cluster-bootstrap/token/util/helpers.go +++ /dev/null @@ -1,136 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "bufio" - "crypto/rand" - "fmt" - "regexp" - "strings" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/cluster-bootstrap/token/api" -) - -// TODO(dixudx): refactor this to util/secrets and util/tokens - -// validBootstrapTokenChars defines the characters a bootstrap token can consist of -const validBootstrapTokenChars = "0123456789abcdefghijklmnopqrstuvwxyz" - -var ( - // BootstrapTokenRegexp is a compiled regular expression of TokenRegexpString - BootstrapTokenRegexp = regexp.MustCompile(api.BootstrapTokenPattern) - // BootstrapTokenIDRegexp is a compiled regular expression of TokenIDRegexpString - BootstrapTokenIDRegexp = regexp.MustCompile(api.BootstrapTokenIDPattern) - // BootstrapGroupRegexp is a compiled regular expression of BootstrapGroupPattern - BootstrapGroupRegexp = regexp.MustCompile(api.BootstrapGroupPattern) -) - -// GenerateBootstrapToken generates a new, random Bootstrap Token. -func GenerateBootstrapToken() (string, error) { - tokenID, err := randBytes(api.BootstrapTokenIDBytes) - if err != nil { - return "", err - } - - tokenSecret, err := randBytes(api.BootstrapTokenSecretBytes) - if err != nil { - return "", err - } - - return TokenFromIDAndSecret(tokenID, tokenSecret), nil -} - -// randBytes returns a random string consisting of the characters in -// validBootstrapTokenChars, with the length customized by the parameter -func randBytes(length int) (string, error) { - // len("0123456789abcdefghijklmnopqrstuvwxyz") = 36 which doesn't evenly divide - // the possible values of a byte: 256 mod 36 = 4. Discard any random bytes we - // read that are >= 252 so the bytes we evenly divide the character set. - const maxByteValue = 252 - - var ( - b byte - err error - token = make([]byte, length) - ) - - reader := bufio.NewReaderSize(rand.Reader, length*2) - for i := range token { - for { - if b, err = reader.ReadByte(); err != nil { - return "", err - } - if b < maxByteValue { - break - } - } - - token[i] = validBootstrapTokenChars[int(b)%len(validBootstrapTokenChars)] - } - - return string(token), nil -} - -// TokenFromIDAndSecret returns the full token which is of the form "{id}.{secret}" -func TokenFromIDAndSecret(id, secret string) string { - return fmt.Sprintf("%s.%s", id, secret) -} - -// IsValidBootstrapToken returns whether the given string is valid as a Bootstrap Token and -// in other words satisfies the BootstrapTokenRegexp -func IsValidBootstrapToken(token string) bool { - return BootstrapTokenRegexp.MatchString(token) -} - -// IsValidBootstrapTokenID returns whether the given string is valid as a Bootstrap Token ID and -// in other words satisfies the BootstrapTokenIDRegexp -func IsValidBootstrapTokenID(tokenID string) bool { - return BootstrapTokenIDRegexp.MatchString(tokenID) -} - -// BootstrapTokenSecretName returns the expected name for the Secret storing the -// Bootstrap Token in the Kubernetes API. -func BootstrapTokenSecretName(tokenID string) string { - return fmt.Sprintf("%s%s", api.BootstrapTokenSecretPrefix, tokenID) -} - -// ValidateBootstrapGroupName checks if the provided group name is a valid -// bootstrap group name. Returns nil if valid or a validation error if invalid. -// TODO(dixudx): should be moved to util/secrets -func ValidateBootstrapGroupName(name string) error { - if BootstrapGroupRegexp.Match([]byte(name)) { - return nil - } - return fmt.Errorf("bootstrap group %q is invalid (must match %s)", name, api.BootstrapGroupPattern) -} - -// ValidateUsages validates that the passed in string are valid usage strings for bootstrap tokens. -func ValidateUsages(usages []string) error { - validUsages := sets.NewString(api.KnownTokenUsages...) - invalidUsages := sets.NewString() - for _, usage := range usages { - if !validUsages.Has(usage) { - invalidUsages.Insert(usage) - } - } - if len(invalidUsages) > 0 { - return fmt.Errorf("invalid bootstrap token usage string: %s, valid usage options: %s", strings.Join(invalidUsages.List(), ","), strings.Join(api.KnownTokenUsages, ",")) - } - return nil -} diff --git a/etcd/vendor/k8s.io/cluster-bootstrap/util/secrets/secrets.go b/etcd/vendor/k8s.io/cluster-bootstrap/util/secrets/secrets.go deleted file mode 100644 index 73894ee0d2..0000000000 --- a/etcd/vendor/k8s.io/cluster-bootstrap/util/secrets/secrets.go +++ /dev/null @@ -1,112 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package secrets - -import ( - "regexp" - "strings" - "time" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/cluster-bootstrap/token/api" - legacyutil "k8s.io/cluster-bootstrap/token/util" - "k8s.io/klog/v2" -) - -var ( - secretNameRe = regexp.MustCompile(`^` + regexp.QuoteMeta(api.BootstrapTokenSecretPrefix) + `([a-z0-9]{6})$`) -) - -// GetData returns the string value for the given key in the specified Secret -// If there is an error or if the key doesn't exist, an empty string is returned. -func GetData(secret *v1.Secret, key string) string { - if secret.Data == nil { - return "" - } - if val, ok := secret.Data[key]; ok { - return string(val) - } - return "" -} - -// HasExpired will identify whether the secret expires -func HasExpired(secret *v1.Secret, currentTime time.Time) bool { - _, expired := GetExpiration(secret, currentTime) - - return expired -} - -// GetExpiration checks if the secret expires -// isExpired indicates if the secret is already expired. -// timeRemaining indicates how long until it does expire. -// if the secret has no expiration timestamp, returns 0, false. -// if there is an error parsing the secret's expiration timestamp, returns 0, true. -func GetExpiration(secret *v1.Secret, currentTime time.Time) (timeRemaining time.Duration, isExpired bool) { - expiration := GetData(secret, api.BootstrapTokenExpirationKey) - if len(expiration) == 0 { - return 0, false - } - expTime, err := time.Parse(time.RFC3339, expiration) - if err != nil { - klog.V(3).Infof("Unparseable expiration time (%s) in %s/%s Secret: %v. Treating as expired.", - expiration, secret.Namespace, secret.Name, err) - return 0, true - } - - timeRemaining = expTime.Sub(currentTime) - if timeRemaining <= 0 { - klog.V(3).Infof("Expired bootstrap token in %s/%s Secret: %v", - secret.Namespace, secret.Name, expiration) - return 0, true - } - return timeRemaining, false -} - -// ParseName parses the name of the secret to extract the secret ID. -func ParseName(name string) (secretID string, ok bool) { - r := secretNameRe.FindStringSubmatch(name) - if r == nil { - return "", false - } - return r[1], true -} - -// GetGroups loads and validates the bootstrapapi.BootstrapTokenExtraGroupsKey -// key from the bootstrap token secret, returning a list of group names or an -// error if any of the group names are invalid. -func GetGroups(secret *v1.Secret) ([]string, error) { - // always include the default group - groups := sets.NewString(api.BootstrapDefaultGroup) - - // grab any extra groups and if there are none, return just the default - extraGroupsString := GetData(secret, api.BootstrapTokenExtraGroupsKey) - if extraGroupsString == "" { - return groups.List(), nil - } - - // validate the names of the extra groups - for _, group := range strings.Split(extraGroupsString, ",") { - if err := legacyutil.ValidateBootstrapGroupName(group); err != nil { - return nil, err - } - groups.Insert(group) - } - - // return the result as a deduplicated, sorted list - return groups.List(), nil -} diff --git a/etcd/vendor/k8s.io/cluster-bootstrap/util/tokens/tokens.go b/etcd/vendor/k8s.io/cluster-bootstrap/util/tokens/tokens.go deleted file mode 100644 index bedeaceb38..0000000000 --- a/etcd/vendor/k8s.io/cluster-bootstrap/util/tokens/tokens.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package tokens - -import ( - "fmt" - "regexp" - - "k8s.io/cluster-bootstrap/token/api" -) - -var ( - bootstrapTokenRe = regexp.MustCompile(api.BootstrapTokenPattern) -) - -// ParseToken tries and parse a valid token from a string. -// A token ID and token secret are returned in case of success, an error otherwise. -func ParseToken(s string) (tokenID, tokenSecret string, err error) { - split := bootstrapTokenRe.FindStringSubmatch(s) - if len(split) != 3 { - return "", "", fmt.Errorf("token [%q] was not of form [%q]", s, api.BootstrapTokenPattern) - } - return split[1], split[2], nil -} diff --git a/etcd/vendor/k8s.io/component-base/config/OWNERS b/etcd/vendor/k8s.io/component-base/config/OWNERS deleted file mode 100644 index 7243d3cc82..0000000000 --- a/etcd/vendor/k8s.io/component-base/config/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# Disable inheritance as this is an api owners file -options: - no_parent_owners: true -approvers: - - api-approvers -reviewers: - - api-reviewers -labels: - - kind/api-change - - sig/api-machinery - - sig/scheduling diff --git a/etcd/vendor/k8s.io/component-base/config/doc.go b/etcd/vendor/k8s.io/component-base/config/doc.go deleted file mode 100644 index dd0a5a53a7..0000000000 --- a/etcd/vendor/k8s.io/component-base/config/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package config // import "k8s.io/component-base/config" diff --git a/etcd/vendor/k8s.io/component-base/config/types.go b/etcd/vendor/k8s.io/component-base/config/types.go deleted file mode 100644 index aad605eeef..0000000000 --- a/etcd/vendor/k8s.io/component-base/config/types.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// ClientConnectionConfiguration contains details for constructing a client. -type ClientConnectionConfiguration struct { - // kubeconfig is the path to a KubeConfig file. - Kubeconfig string - // acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the - // default value of 'application/json'. This field will control all connections to the server used by a particular - // client. - AcceptContentTypes string - // contentType is the content type used when sending data to the server from this client. - ContentType string - // qps controls the number of queries per second allowed for this connection. - QPS float32 - // burst allows extra queries to accumulate when a client is exceeding its rate. - Burst int32 -} - -// LeaderElectionConfiguration defines the configuration of leader election -// clients for components that can run with leader election enabled. -type LeaderElectionConfiguration struct { - // leaderElect enables a leader election client to gain leadership - // before executing the main loop. Enable this when running replicated - // components for high availability. - LeaderElect bool - // leaseDuration is the duration that non-leader candidates will wait - // after observing a leadership renewal until attempting to acquire - // leadership of a led but unrenewed leader slot. This is effectively the - // maximum duration that a leader can be stopped before it is replaced - // by another candidate. This is only applicable if leader election is - // enabled. - LeaseDuration metav1.Duration - // renewDeadline is the interval between attempts by the acting master to - // renew a leadership slot before it stops leading. This must be less - // than or equal to the lease duration. This is only applicable if leader - // election is enabled. - RenewDeadline metav1.Duration - // retryPeriod is the duration the clients should wait between attempting - // acquisition and renewal of a leadership. This is only applicable if - // leader election is enabled. - RetryPeriod metav1.Duration - // resourceLock indicates the resource object type that will be used to lock - // during leader election cycles. - ResourceLock string - // resourceName indicates the name of resource object that will be used to lock - // during leader election cycles. - ResourceName string - // resourceNamespace indicates the namespace of resource object that will be used to lock - // during leader election cycles. - ResourceNamespace string -} - -// DebuggingConfiguration holds configuration for Debugging related features. -type DebuggingConfiguration struct { - // enableProfiling enables profiling via web interface host:port/debug/pprof/ - EnableProfiling bool - // enableContentionProfiling enables lock contention profiling, if - // enableProfiling is true. - EnableContentionProfiling bool -} diff --git a/etcd/vendor/k8s.io/component-base/config/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/component-base/config/zz_generated.deepcopy.go deleted file mode 100644 index fb0c1f1e6a..0000000000 --- a/etcd/vendor/k8s.io/component-base/config/zz_generated.deepcopy.go +++ /dev/null @@ -1,73 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package config - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClientConnectionConfiguration) DeepCopyInto(out *ClientConnectionConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnectionConfiguration. -func (in *ClientConnectionConfiguration) DeepCopy() *ClientConnectionConfiguration { - if in == nil { - return nil - } - out := new(ClientConnectionConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DebuggingConfiguration) DeepCopyInto(out *DebuggingConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DebuggingConfiguration. -func (in *DebuggingConfiguration) DeepCopy() *DebuggingConfiguration { - if in == nil { - return nil - } - out := new(DebuggingConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LeaderElectionConfiguration) DeepCopyInto(out *LeaderElectionConfiguration) { - *out = *in - out.LeaseDuration = in.LeaseDuration - out.RenewDeadline = in.RenewDeadline - out.RetryPeriod = in.RetryPeriod - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfiguration. -func (in *LeaderElectionConfiguration) DeepCopy() *LeaderElectionConfiguration { - if in == nil { - return nil - } - out := new(LeaderElectionConfiguration) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/component-base/metrics/features/kube_features.go b/etcd/vendor/k8s.io/component-base/metrics/features/kube_features.go deleted file mode 100644 index 3f17132149..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/features/kube_features.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package features - -import ( - "k8s.io/component-base/featuregate" -) - -const ( - // owner: @logicalhan - // kep: https://kep.k8s.io/3466 - // alpha: v1.26 - ComponentSLIs featuregate.Feature = "ComponentSLIs" -) - -func featureGates() map[featuregate.Feature]featuregate.FeatureSpec { - return map[featuregate.Feature]featuregate.FeatureSpec{ - ComponentSLIs: {Default: false, PreRelease: featuregate.Alpha}, - } -} - -// AddFeatureGates adds all feature gates used by this package. -func AddFeatureGates(mutableFeatureGate featuregate.MutableFeatureGate) error { - return mutableFeatureGate.Add(featureGates()) -} diff --git a/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/metrics.go b/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/metrics.go deleted file mode 100644 index 7fb4a8e064..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/metrics.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package slis - -import ( - "context" - k8smetrics "k8s.io/component-base/metrics" -) - -type HealthcheckStatus string - -const ( - Success HealthcheckStatus = "success" - Error HealthcheckStatus = "error" -) - -type HealthcheckType string - -var ( - // healthcheck is a Prometheus Gauge metrics used for recording the results of a k8s healthcheck. - healthcheck = k8smetrics.NewGaugeVec( - &k8smetrics.GaugeOpts{ - Namespace: "kubernetes", - Name: "healthcheck", - Help: "This metric records the result of a single healthcheck.", - StabilityLevel: k8smetrics.ALPHA, - }, - []string{"name", "type"}, - ) - - // healthchecksTotal is a Prometheus Counter metrics used for counting the results of a k8s healthcheck. - healthchecksTotal = k8smetrics.NewCounterVec( - &k8smetrics.CounterOpts{ - Namespace: "kubernetes", - Name: "healthchecks_total", - Help: "This metric records the results of all healthcheck.", - StabilityLevel: k8smetrics.ALPHA, - }, - []string{"name", "type", "status"}, - ) -) - -func Register(registry k8smetrics.KubeRegistry) { - registry.Register(healthcheck) - registry.Register(healthchecksTotal) -} - -func ResetHealthMetrics() { - healthcheck.Reset() - healthchecksTotal.Reset() -} - -func ObserveHealthcheck(ctx context.Context, name string, healthcheckType string, status HealthcheckStatus) error { - if status == Success { - healthcheck.WithContext(ctx).WithLabelValues(name, healthcheckType).Set(1) - } else { - healthcheck.WithContext(ctx).WithLabelValues(name, healthcheckType).Set(0) - } - - healthchecksTotal.WithContext(ctx).WithLabelValues(name, healthcheckType, string(status)).Inc() - return nil -} diff --git a/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/registry.go b/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/registry.go deleted file mode 100644 index f26340d3ee..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/registry.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package slis - -import ( - "k8s.io/component-base/metrics" -) - -var ( - // Registry exposes the SLI registry so that additional SLIs can be - // added on a per-component basis. - Registry = metrics.NewKubeRegistry() -) diff --git a/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/routes.go b/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/routes.go deleted file mode 100644 index 4e88b7c24a..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/prometheus/slis/routes.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package slis - -import ( - "net/http" - "sync" - - "k8s.io/component-base/metrics" -) - -var ( - installOnce = sync.Once{} - installWithResetOnce = sync.Once{} -) - -type mux interface { - Handle(path string, handler http.Handler) -} - -type SLIMetrics struct{} - -// Install adds the DefaultMetrics handler -func (s SLIMetrics) Install(m mux) { - installOnce.Do(func() { - Register(Registry) - m.Handle("/metrics/slis", metrics.HandlerFor(Registry, metrics.HandlerOpts{})) - }) -} - -type SLIMetricsWithReset struct{} - -// Install adds the DefaultMetrics handler -func (s SLIMetricsWithReset) Install(m mux) { - installWithResetOnce.Do(func() { - Register(Registry) - m.Handle("/metrics/slis", metrics.HandlerWithReset(Registry, metrics.HandlerOpts{})) - }) -} diff --git a/etcd/vendor/k8s.io/component-base/metrics/prometheus/workqueue/metrics.go b/etcd/vendor/k8s.io/component-base/metrics/prometheus/workqueue/metrics.go deleted file mode 100644 index 59fd1cf6df..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/prometheus/workqueue/metrics.go +++ /dev/null @@ -1,137 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package workqueue - -import ( - "k8s.io/client-go/util/workqueue" - k8smetrics "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -// Package prometheus sets the workqueue DefaultMetricsFactory to produce -// prometheus metrics. To use this package, you just have to import it. - -// Metrics subsystem and keys used by the workqueue. -const ( - WorkQueueSubsystem = "workqueue" - DepthKey = "depth" - AddsKey = "adds_total" - QueueLatencyKey = "queue_duration_seconds" - WorkDurationKey = "work_duration_seconds" - UnfinishedWorkKey = "unfinished_work_seconds" - LongestRunningProcessorKey = "longest_running_processor_seconds" - RetriesKey = "retries_total" -) - -var ( - depth = k8smetrics.NewGaugeVec(&k8smetrics.GaugeOpts{ - Subsystem: WorkQueueSubsystem, - Name: DepthKey, - StabilityLevel: k8smetrics.ALPHA, - Help: "Current depth of workqueue", - }, []string{"name"}) - - adds = k8smetrics.NewCounterVec(&k8smetrics.CounterOpts{ - Subsystem: WorkQueueSubsystem, - Name: AddsKey, - StabilityLevel: k8smetrics.ALPHA, - Help: "Total number of adds handled by workqueue", - }, []string{"name"}) - - latency = k8smetrics.NewHistogramVec(&k8smetrics.HistogramOpts{ - Subsystem: WorkQueueSubsystem, - Name: QueueLatencyKey, - StabilityLevel: k8smetrics.ALPHA, - Help: "How long in seconds an item stays in workqueue before being requested.", - Buckets: k8smetrics.ExponentialBuckets(10e-9, 10, 10), - }, []string{"name"}) - - workDuration = k8smetrics.NewHistogramVec(&k8smetrics.HistogramOpts{ - Subsystem: WorkQueueSubsystem, - Name: WorkDurationKey, - StabilityLevel: k8smetrics.ALPHA, - Help: "How long in seconds processing an item from workqueue takes.", - Buckets: k8smetrics.ExponentialBuckets(10e-9, 10, 10), - }, []string{"name"}) - - unfinished = k8smetrics.NewGaugeVec(&k8smetrics.GaugeOpts{ - Subsystem: WorkQueueSubsystem, - Name: UnfinishedWorkKey, - StabilityLevel: k8smetrics.ALPHA, - Help: "How many seconds of work has done that " + - "is in progress and hasn't been observed by work_duration. Large " + - "values indicate stuck threads. One can deduce the number of stuck " + - "threads by observing the rate at which this increases.", - }, []string{"name"}) - - longestRunningProcessor = k8smetrics.NewGaugeVec(&k8smetrics.GaugeOpts{ - Subsystem: WorkQueueSubsystem, - Name: LongestRunningProcessorKey, - StabilityLevel: k8smetrics.ALPHA, - Help: "How many seconds has the longest running " + - "processor for workqueue been running.", - }, []string{"name"}) - - retries = k8smetrics.NewCounterVec(&k8smetrics.CounterOpts{ - Subsystem: WorkQueueSubsystem, - Name: RetriesKey, - StabilityLevel: k8smetrics.ALPHA, - Help: "Total number of retries handled by workqueue", - }, []string{"name"}) - - metrics = []k8smetrics.Registerable{ - depth, adds, latency, workDuration, unfinished, longestRunningProcessor, retries, - } -) - -type prometheusMetricsProvider struct { -} - -func init() { - for _, m := range metrics { - legacyregistry.MustRegister(m) - } - workqueue.SetProvider(prometheusMetricsProvider{}) -} - -func (prometheusMetricsProvider) NewDepthMetric(name string) workqueue.GaugeMetric { - return depth.WithLabelValues(name) -} - -func (prometheusMetricsProvider) NewAddsMetric(name string) workqueue.CounterMetric { - return adds.WithLabelValues(name) -} - -func (prometheusMetricsProvider) NewLatencyMetric(name string) workqueue.HistogramMetric { - return latency.WithLabelValues(name) -} - -func (prometheusMetricsProvider) NewWorkDurationMetric(name string) workqueue.HistogramMetric { - return workDuration.WithLabelValues(name) -} - -func (prometheusMetricsProvider) NewUnfinishedWorkSecondsMetric(name string) workqueue.SettableGaugeMetric { - return unfinished.WithLabelValues(name) -} - -func (prometheusMetricsProvider) NewLongestRunningProcessorSecondsMetric(name string) workqueue.SettableGaugeMetric { - return longestRunningProcessor.WithLabelValues(name) -} - -func (prometheusMetricsProvider) NewRetriesMetric(name string) workqueue.CounterMetric { - return retries.WithLabelValues(name) -} diff --git a/etcd/vendor/k8s.io/component-base/metrics/testutil/metrics.go b/etcd/vendor/k8s.io/component-base/metrics/testutil/metrics.go deleted file mode 100644 index df3f8ee0c1..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/testutil/metrics.go +++ /dev/null @@ -1,435 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package testutil - -import ( - "fmt" - "io" - "math" - "reflect" - "sort" - "strings" - - dto "github.com/prometheus/client_model/go" - "github.com/prometheus/common/expfmt" - "github.com/prometheus/common/model" - - "k8s.io/component-base/metrics" -) - -var ( - // MetricNameLabel is label under which model.Sample stores metric name - MetricNameLabel model.LabelName = model.MetricNameLabel - // QuantileLabel is label under which model.Sample stores latency quantile value - QuantileLabel model.LabelName = model.QuantileLabel -) - -// Metrics is generic metrics for other specific metrics -type Metrics map[string]model.Samples - -// Equal returns true if all metrics are the same as the arguments. -func (m *Metrics) Equal(o Metrics) bool { - var leftKeySet []string - var rightKeySet []string - for k := range *m { - leftKeySet = append(leftKeySet, k) - } - for k := range o { - rightKeySet = append(rightKeySet, k) - } - if !reflect.DeepEqual(leftKeySet, rightKeySet) { - return false - } - for _, k := range leftKeySet { - if !(*m)[k].Equal(o[k]) { - return false - } - } - return true -} - -// NewMetrics returns new metrics which are initialized. -func NewMetrics() Metrics { - result := make(Metrics) - return result -} - -// ParseMetrics parses Metrics from data returned from prometheus endpoint -func ParseMetrics(data string, output *Metrics) error { - dec := expfmt.NewDecoder(strings.NewReader(data), expfmt.FmtText) - decoder := expfmt.SampleDecoder{ - Dec: dec, - Opts: &expfmt.DecodeOptions{}, - } - - for { - var v model.Vector - if err := decoder.Decode(&v); err != nil { - if err == io.EOF { - // Expected loop termination condition. - return nil - } - continue - } - for _, metric := range v { - name := string(metric.Metric[MetricNameLabel]) - (*output)[name] = append((*output)[name], metric) - } - } -} - -// TextToMetricFamilies reads 'in' as the simple and flat text-based exchange -// format and creates MetricFamily proto messages. It returns the MetricFamily -// proto messages in a map where the metric names are the keys, along with any -// error encountered. -func TextToMetricFamilies(in io.Reader) (map[string]*dto.MetricFamily, error) { - var textParser expfmt.TextParser - return textParser.TextToMetricFamilies(in) -} - -// PrintSample returns formatted representation of metric Sample -func PrintSample(sample *model.Sample) string { - buf := make([]string, 0) - // Id is a VERY special label. For 'normal' container it's useless, but it's necessary - // for 'system' containers (e.g. /docker-daemon, /kubelet, etc.). We know if that's the - // case by checking if there's a label "kubernetes_container_name" present. It's hacky - // but it works... - _, normalContainer := sample.Metric["kubernetes_container_name"] - for k, v := range sample.Metric { - if strings.HasPrefix(string(k), "__") { - continue - } - - if string(k) == "id" && normalContainer { - continue - } - buf = append(buf, fmt.Sprintf("%v=%v", string(k), v)) - } - return fmt.Sprintf("[%v] = %v", strings.Join(buf, ","), sample.Value) -} - -// ComputeHistogramDelta computes the change in histogram metric for a selected label. -// Results are stored in after samples -func ComputeHistogramDelta(before, after model.Samples, label model.LabelName) { - beforeSamplesMap := make(map[string]*model.Sample) - for _, bSample := range before { - beforeSamplesMap[makeKey(bSample.Metric[label], bSample.Metric["le"])] = bSample - } - for _, aSample := range after { - if bSample, found := beforeSamplesMap[makeKey(aSample.Metric[label], aSample.Metric["le"])]; found { - aSample.Value = aSample.Value - bSample.Value - } - } -} - -func makeKey(a, b model.LabelValue) string { - return string(a) + "___" + string(b) -} - -// GetMetricValuesForLabel returns value of metric for a given dimension -func GetMetricValuesForLabel(ms Metrics, metricName, label string) map[string]int64 { - samples, found := ms[metricName] - result := make(map[string]int64, len(samples)) - if !found { - return result - } - for _, sample := range samples { - count := int64(sample.Value) - dimensionName := string(sample.Metric[model.LabelName(label)]) - result[dimensionName] = count - } - return result -} - -// ValidateMetrics verifies if every sample of metric has all expected labels -func ValidateMetrics(metrics Metrics, metricName string, expectedLabels ...string) error { - samples, ok := metrics[metricName] - if !ok { - return fmt.Errorf("metric %q was not found in metrics", metricName) - } - for _, sample := range samples { - for _, l := range expectedLabels { - if _, ok := sample.Metric[model.LabelName(l)]; !ok { - return fmt.Errorf("metric %q is missing label %q, sample: %q", metricName, l, sample.String()) - } - } - } - return nil -} - -// Histogram wraps prometheus histogram DTO (data transfer object) -type Histogram struct { - *dto.Histogram -} - -// HistogramVec wraps a slice of Histogram. -// Note that each Histogram must have the same number of buckets. -type HistogramVec []*Histogram - -// GetAggregatedSampleCount aggregates the sample count of each inner Histogram. -func (vec HistogramVec) GetAggregatedSampleCount() uint64 { - var count uint64 - for _, hist := range vec { - count += hist.GetSampleCount() - } - return count -} - -// GetAggregatedSampleSum aggregates the sample sum of each inner Histogram. -func (vec HistogramVec) GetAggregatedSampleSum() float64 { - var sum float64 - for _, hist := range vec { - sum += hist.GetSampleSum() - } - return sum -} - -// Quantile first aggregates inner buckets of each Histogram, and then -// computes q-th quantile of a cumulative histogram. -func (vec HistogramVec) Quantile(q float64) float64 { - var buckets []bucket - - for i, hist := range vec { - for j, bckt := range hist.Bucket { - if i == 0 { - buckets = append(buckets, bucket{ - count: float64(bckt.GetCumulativeCount()), - upperBound: bckt.GetUpperBound(), - }) - } else { - buckets[j].count += float64(bckt.GetCumulativeCount()) - } - } - } - - if len(buckets) == 0 || buckets[len(buckets)-1].upperBound != math.Inf(+1) { - // The list of buckets in dto.Histogram doesn't include the final +Inf bucket, so we - // add it here for the rest of the samples. - buckets = append(buckets, bucket{ - count: float64(vec.GetAggregatedSampleCount()), - upperBound: math.Inf(+1), - }) - } - - return bucketQuantile(q, buckets) -} - -// Average computes wrapped histograms' average value. -func (vec HistogramVec) Average() float64 { - return vec.GetAggregatedSampleSum() / float64(vec.GetAggregatedSampleCount()) -} - -// Validate makes sure the wrapped histograms have all necessary fields set and with valid values. -func (vec HistogramVec) Validate() error { - bucketSize := 0 - for i, hist := range vec { - if err := hist.Validate(); err != nil { - return err - } - if i == 0 { - bucketSize = len(hist.GetBucket()) - } else if bucketSize != len(hist.GetBucket()) { - return fmt.Errorf("found different bucket size: expect %v, but got %v at index %v", bucketSize, len(hist.GetBucket()), i) - } - } - return nil -} - -// GetHistogramVecFromGatherer collects a metric, that matches the input labelValue map, -// from a gatherer implementing k8s.io/component-base/metrics.Gatherer interface. -// Used only for testing purposes where we need to gather metrics directly from a running binary (without metrics endpoint). -func GetHistogramVecFromGatherer(gatherer metrics.Gatherer, metricName string, lvMap map[string]string) (HistogramVec, error) { - var metricFamily *dto.MetricFamily - m, err := gatherer.Gather() - if err != nil { - return nil, err - } - for _, mFamily := range m { - if mFamily.GetName() == metricName { - metricFamily = mFamily - break - } - } - - if metricFamily == nil { - return nil, fmt.Errorf("metric %q not found", metricName) - } - - if len(metricFamily.GetMetric()) == 0 { - return nil, fmt.Errorf("metric %q is empty", metricName) - } - - vec := make(HistogramVec, 0) - for _, metric := range metricFamily.GetMetric() { - if LabelsMatch(metric, lvMap) { - if hist := metric.GetHistogram(); hist != nil { - vec = append(vec, &Histogram{hist}) - } - } - } - return vec, nil -} - -func uint64Ptr(u uint64) *uint64 { - return &u -} - -// Bucket of a histogram -type bucket struct { - upperBound float64 - count float64 -} - -func bucketQuantile(q float64, buckets []bucket) float64 { - if q < 0 { - return math.Inf(-1) - } - if q > 1 { - return math.Inf(+1) - } - - if len(buckets) < 2 { - return math.NaN() - } - - rank := q * buckets[len(buckets)-1].count - b := sort.Search(len(buckets)-1, func(i int) bool { return buckets[i].count >= rank }) - - if b == 0 { - return buckets[0].upperBound * (rank / buckets[0].count) - } - - if b == len(buckets)-1 && math.IsInf(buckets[b].upperBound, 1) { - return buckets[len(buckets)-2].upperBound - } - - // linear approximation of b-th bucket - brank := rank - buckets[b-1].count - bSize := buckets[b].upperBound - buckets[b-1].upperBound - bCount := buckets[b].count - buckets[b-1].count - - return buckets[b-1].upperBound + bSize*(brank/bCount) -} - -// Quantile computes q-th quantile of a cumulative histogram. -// It's expected the histogram is valid (by calling Validate) -func (hist *Histogram) Quantile(q float64) float64 { - var buckets []bucket - - for _, bckt := range hist.Bucket { - buckets = append(buckets, bucket{ - count: float64(bckt.GetCumulativeCount()), - upperBound: bckt.GetUpperBound(), - }) - } - - if len(buckets) == 0 || buckets[len(buckets)-1].upperBound != math.Inf(+1) { - // The list of buckets in dto.Histogram doesn't include the final +Inf bucket, so we - // add it here for the rest of the samples. - buckets = append(buckets, bucket{ - count: float64(hist.GetSampleCount()), - upperBound: math.Inf(+1), - }) - } - - return bucketQuantile(q, buckets) -} - -// Average computes histogram's average value -func (hist *Histogram) Average() float64 { - return hist.GetSampleSum() / float64(hist.GetSampleCount()) -} - -// Validate makes sure the wrapped histogram has all necessary fields set and with valid values. -func (hist *Histogram) Validate() error { - if hist.SampleCount == nil || hist.GetSampleCount() == 0 { - return fmt.Errorf("nil or empty histogram SampleCount") - } - - if hist.SampleSum == nil || hist.GetSampleSum() == 0 { - return fmt.Errorf("nil or empty histogram SampleSum") - } - - for _, bckt := range hist.Bucket { - if bckt == nil { - return fmt.Errorf("empty histogram bucket") - } - if bckt.UpperBound == nil || bckt.GetUpperBound() < 0 { - return fmt.Errorf("nil or negative histogram bucket UpperBound") - } - } - - return nil -} - -// GetGaugeMetricValue extracts metric value from GaugeMetric -func GetGaugeMetricValue(m metrics.GaugeMetric) (float64, error) { - metricProto := &dto.Metric{} - if err := m.Write(metricProto); err != nil { - return 0, fmt.Errorf("error writing m: %v", err) - } - return metricProto.Gauge.GetValue(), nil -} - -// GetCounterMetricValue extracts metric value from CounterMetric -func GetCounterMetricValue(m metrics.CounterMetric) (float64, error) { - metricProto := &dto.Metric{} - if err := m.(metrics.Metric).Write(metricProto); err != nil { - return 0, fmt.Errorf("error writing m: %v", err) - } - return metricProto.Counter.GetValue(), nil -} - -// GetHistogramMetricValue extracts sum of all samples from ObserverMetric -func GetHistogramMetricValue(m metrics.ObserverMetric) (float64, error) { - metricProto := &dto.Metric{} - if err := m.(metrics.Metric).Write(metricProto); err != nil { - return 0, fmt.Errorf("error writing m: %v", err) - } - return metricProto.Histogram.GetSampleSum(), nil -} - -// GetHistogramMetricCount extracts count of all samples from ObserverMetric -func GetHistogramMetricCount(m metrics.ObserverMetric) (uint64, error) { - metricProto := &dto.Metric{} - if err := m.(metrics.Metric).Write(metricProto); err != nil { - return 0, fmt.Errorf("error writing m: %v", err) - } - return metricProto.Histogram.GetSampleCount(), nil -} - -// LabelsMatch returns true if metric has all expected labels otherwise false -func LabelsMatch(metric *dto.Metric, labelFilter map[string]string) bool { - metricLabels := map[string]string{} - - for _, labelPair := range metric.Label { - metricLabels[labelPair.GetName()] = labelPair.GetValue() - } - - // length comparison then match key to values in the maps - if len(labelFilter) > len(metricLabels) { - return false - } - - for labelName, labelValue := range labelFilter { - if value, ok := metricLabels[labelName]; !ok || value != labelValue { - return false - } - } - - return true -} diff --git a/etcd/vendor/k8s.io/component-base/metrics/testutil/promlint.go b/etcd/vendor/k8s.io/component-base/metrics/testutil/promlint.go deleted file mode 100644 index 4c537be225..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/testutil/promlint.go +++ /dev/null @@ -1,151 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package testutil - -import ( - "fmt" - "io" - "strings" - - "github.com/prometheus/client_golang/prometheus/testutil/promlint" -) - -// exceptionMetrics is an exception list of metrics which violates promlint rules. -// -// The original entries come from the existing metrics when we introduce promlint. -// We setup this list for allow and not fail on the current violations. -// Generally speaking, you need to fix the problem for a new metric rather than add it into the list. -var exceptionMetrics = []string{ - // k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/egressselector - "apiserver_egress_dialer_dial_failure_count", // counter metrics should have "_total" suffix - - // k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/server/healthz - "apiserver_request_total", // label names should be written in 'snake_case' not 'camelCase' - - // k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/endpoints/filters - "authenticated_user_requests", // counter metrics should have "_total" suffix - "authentication_attempts", // counter metrics should have "_total" suffix - - // kube-apiserver - "aggregator_openapi_v2_regeneration_count", - "apiserver_admission_step_admission_duration_seconds_summary", - "apiserver_current_inflight_requests", - "apiserver_longrunning_gauge", - "get_token_count", - "get_token_fail_count", - "ssh_tunnel_open_count", - "ssh_tunnel_open_fail_count", - - // kube-controller-manager - "attachdetach_controller_forced_detaches", - "authenticated_user_requests", - "authentication_attempts", - "get_token_count", - "get_token_fail_count", - "node_collector_evictions_number", -} - -// A Problem is an issue detected by a Linter. -type Problem promlint.Problem - -func (p *Problem) String() string { - return fmt.Sprintf("%s:%s", p.Metric, p.Text) -} - -// A Linter is a Prometheus metrics linter. It identifies issues with metric -// names, types, and metadata, and reports them to the caller. -type Linter struct { - promLinter *promlint.Linter -} - -// Lint performs a linting pass, returning a slice of Problems indicating any -// issues found in the metrics stream. The slice is sorted by metric name -// and issue description. -func (l *Linter) Lint() ([]Problem, error) { - promProblems, err := l.promLinter.Lint() - if err != nil { - return nil, err - } - - // Ignore problems those in exception list - problems := make([]Problem, 0, len(promProblems)) - for i := range promProblems { - if !l.shouldIgnore(promProblems[i].Metric) { - problems = append(problems, Problem(promProblems[i])) - } - } - - return problems, nil -} - -// shouldIgnore returns true if metric in the exception list, otherwise returns false. -func (l *Linter) shouldIgnore(metricName string) bool { - for i := range exceptionMetrics { - if metricName == exceptionMetrics[i] { - return true - } - } - - return false -} - -// NewPromLinter creates a new Linter that reads an input stream of Prometheus metrics. -// Only the text exposition format is supported. -func NewPromLinter(r io.Reader) *Linter { - return &Linter{ - promLinter: promlint.New(r), - } -} - -func mergeProblems(problems []Problem) string { - var problemsMsg []string - - for index := range problems { - problemsMsg = append(problemsMsg, problems[index].String()) - } - - return strings.Join(problemsMsg, ",") -} - -// shouldIgnore returns true if metric in the exception list, otherwise returns false. -func shouldIgnore(metricName string) bool { - for i := range exceptionMetrics { - if metricName == exceptionMetrics[i] { - return true - } - } - - return false -} - -// getLintError will ignore the metrics in exception list and converts lint problem to error. -func getLintError(problems []promlint.Problem) error { - var filteredProblems []Problem - for _, problem := range problems { - if shouldIgnore(problem.Metric) { - continue - } - - filteredProblems = append(filteredProblems, Problem(problem)) - } - - if len(filteredProblems) == 0 { - return nil - } - - return fmt.Errorf("lint error: %s", mergeProblems(filteredProblems)) -} diff --git a/etcd/vendor/k8s.io/component-base/metrics/testutil/testutil.go b/etcd/vendor/k8s.io/component-base/metrics/testutil/testutil.go deleted file mode 100644 index 439045989c..0000000000 --- a/etcd/vendor/k8s.io/component-base/metrics/testutil/testutil.go +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package testutil - -import ( - "fmt" - "io" - - "github.com/prometheus/client_golang/prometheus/testutil" - - apimachineryversion "k8s.io/apimachinery/pkg/version" - "k8s.io/component-base/metrics" -) - -// CollectAndCompare registers the provided Collector with a newly created -// pedantic Registry. It then does the same as GatherAndCompare, gathering the -// metrics from the pedantic Registry. -func CollectAndCompare(c metrics.Collector, expected io.Reader, metricNames ...string) error { - lintProblems, err := testutil.CollectAndLint(c, metricNames...) - if err != nil { - return err - } - if err := getLintError(lintProblems); err != nil { - return err - } - - return testutil.CollectAndCompare(c, expected, metricNames...) -} - -// GatherAndCompare gathers all metrics from the provided Gatherer and compares -// it to an expected output read from the provided Reader in the Prometheus text -// exposition format. If any metricNames are provided, only metrics with those -// names are compared. -func GatherAndCompare(g metrics.Gatherer, expected io.Reader, metricNames ...string) error { - lintProblems, err := testutil.GatherAndLint(g, metricNames...) - if err != nil { - return err - } - if err := getLintError(lintProblems); err != nil { - return err - } - - return testutil.GatherAndCompare(g, expected, metricNames...) -} - -// CustomCollectAndCompare registers the provided StableCollector with a newly created -// registry. It then does the same as GatherAndCompare, gathering the -// metrics from the pedantic Registry. -func CustomCollectAndCompare(c metrics.StableCollector, expected io.Reader, metricNames ...string) error { - registry := metrics.NewKubeRegistry() - registry.CustomMustRegister(c) - - return GatherAndCompare(registry, expected, metricNames...) -} - -// NewFakeKubeRegistry creates a fake `KubeRegistry` that takes the input version as `build in version`. -// It should only be used in testing scenario especially for the deprecated metrics. -// The input version format should be `major.minor.patch`, e.g. '1.18.0'. -func NewFakeKubeRegistry(ver string) metrics.KubeRegistry { - backup := metrics.BuildVersion - defer func() { - metrics.BuildVersion = backup - }() - - metrics.BuildVersion = func() apimachineryversion.Info { - return apimachineryversion.Info{ - GitVersion: fmt.Sprintf("v%s-alpha+1.12345", ver), - } - } - - return metrics.NewKubeRegistry() -} diff --git a/etcd/vendor/k8s.io/component-base/tracing/OWNERS b/etcd/vendor/k8s.io/component-base/tracing/OWNERS deleted file mode 100644 index b26e7a4dc7..0000000000 --- a/etcd/vendor/k8s.io/component-base/tracing/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-instrumentation-approvers -reviewers: - - sig-instrumentation-reviewers -labels: - - sig/instrumentation diff --git a/etcd/vendor/k8s.io/component-base/tracing/api/v1/config.go b/etcd/vendor/k8s.io/component-base/tracing/api/v1/config.go deleted file mode 100644 index ae9bbbfc09..0000000000 --- a/etcd/vendor/k8s.io/component-base/tracing/api/v1/config.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - "net/url" - "strings" - - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/component-base/featuregate" -) - -var ( - maxSamplingRatePerMillion = int32(1000000) -) - -// ValidateTracingConfiguration validates the tracing configuration -func ValidateTracingConfiguration(traceConfig *TracingConfiguration, featureGate featuregate.FeatureGate, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if traceConfig == nil { - return allErrs - } - if traceConfig.SamplingRatePerMillion != nil { - allErrs = append(allErrs, validateSamplingRate(*traceConfig.SamplingRatePerMillion, fldPath.Child("samplingRatePerMillion"))...) - } - if traceConfig.Endpoint != nil { - allErrs = append(allErrs, validateEndpoint(*traceConfig.Endpoint, fldPath.Child("endpoint"))...) - } - return allErrs -} - -func validateSamplingRate(rate int32, fldPath *field.Path) field.ErrorList { - errs := field.ErrorList{} - if rate < 0 { - errs = append(errs, field.Invalid( - fldPath, rate, - "sampling rate must be positive", - )) - } - if rate > maxSamplingRatePerMillion { - errs = append(errs, field.Invalid( - fldPath, rate, - "sampling rate per million must be less than or equal to one million", - )) - } - return errs -} - -func validateEndpoint(endpoint string, fldPath *field.Path) field.ErrorList { - errs := field.ErrorList{} - if !strings.Contains(endpoint, "//") { - endpoint = "dns://" + endpoint - } - url, err := url.Parse(endpoint) - if err != nil { - errs = append(errs, field.Invalid( - fldPath, endpoint, - err.Error(), - )) - return errs - } - switch url.Scheme { - case "dns": - case "unix": - case "unix-abstract": - default: - errs = append(errs, field.Invalid( - fldPath, endpoint, - fmt.Sprintf("unsupported scheme: %v. Options are none, dns, unix, or unix-abstract. See https://github.com/grpc/grpc/blob/master/doc/naming.md", url.Scheme), - )) - } - return errs -} diff --git a/etcd/vendor/k8s.io/component-base/tracing/api/v1/doc.go b/etcd/vendor/k8s.io/component-base/tracing/api/v1/doc.go deleted file mode 100644 index ffe36aef6f..0000000000 --- a/etcd/vendor/k8s.io/component-base/tracing/api/v1/doc.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -// Package v1 contains the configuration API for tracing. -// -// The intention is to only have a single version of this API, potentially with -// new fields added over time in a backwards-compatible manner. Fields for -// alpha or beta features are allowed as long as they are defined so that not -// changing the defaults leaves those features disabled. -// -// The "v1" package name is just a reminder that API compatibility rules apply, -// not an indication of the stability of all features covered by it. - -package v1 // import "k8s.io/component-base/tracing/api/v1" diff --git a/etcd/vendor/k8s.io/component-base/tracing/api/v1/types.go b/etcd/vendor/k8s.io/component-base/tracing/api/v1/types.go deleted file mode 100644 index a59d564050..0000000000 --- a/etcd/vendor/k8s.io/component-base/tracing/api/v1/types.go +++ /dev/null @@ -1,32 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -// TracingConfiguration provides versioned configuration for OpenTelemetry tracing clients. -type TracingConfiguration struct { - // Endpoint of the collector this component will report traces to. - // The connection is insecure, and does not currently support TLS. - // Recommended is unset, and endpoint is the otlp grpc default, localhost:4317. - // +optional - Endpoint *string `json:"endpoint,omitempty"` - - // SamplingRatePerMillion is the number of samples to collect per million spans. - // Recommended is unset. If unset, sampler respects its parent span's sampling - // rate, but otherwise never samples. - // +optional - SamplingRatePerMillion *int32 `json:"samplingRatePerMillion,omitempty"` -} diff --git a/etcd/vendor/k8s.io/component-base/tracing/api/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/component-base/tracing/api/v1/zz_generated.deepcopy.go deleted file mode 100644 index 2afc68117b..0000000000 --- a/etcd/vendor/k8s.io/component-base/tracing/api/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,48 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TracingConfiguration) DeepCopyInto(out *TracingConfiguration) { - *out = *in - if in.Endpoint != nil { - in, out := &in.Endpoint, &out.Endpoint - *out = new(string) - **out = **in - } - if in.SamplingRatePerMillion != nil { - in, out := &in.SamplingRatePerMillion, &out.SamplingRatePerMillion - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfiguration. -func (in *TracingConfiguration) DeepCopy() *TracingConfiguration { - if in == nil { - return nil - } - out := new(TracingConfiguration) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/component-base/tracing/tracing.go b/etcd/vendor/k8s.io/component-base/tracing/tracing.go deleted file mode 100644 index 50894eb3b9..0000000000 --- a/etcd/vendor/k8s.io/component-base/tracing/tracing.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package tracing - -import ( - "context" - "time" - - "go.opentelemetry.io/otel/attribute" - "go.opentelemetry.io/otel/trace" - - utiltrace "k8s.io/utils/trace" -) - -const instrumentationScope = "k8s.io/component-base/tracing" - -// Start creates spans using both OpenTelemetry, and the k8s.io/utils/trace package. -// It only creates an OpenTelemetry span if the incoming context already includes a span. -func Start(ctx context.Context, name string, attributes ...attribute.KeyValue) (context.Context, *Span) { - // If the incoming context already includes an OpenTelemetry span, create a child span with the provided name and attributes. - // If the caller is not using OpenTelemetry, or has tracing disabled (e.g. with a component-specific feature flag), this is a noop. - ctx, otelSpan := trace.SpanFromContext(ctx).TracerProvider().Tracer(instrumentationScope).Start(ctx, name, trace.WithAttributes(attributes...)) - // If there is already a utiltrace span in the context, use that as our parent span. - utilSpan := utiltrace.FromContext(ctx).Nest(name, attributesToFields(attributes)...) - // Set the trace as active in the context so that subsequent Start calls create nested spans. - return utiltrace.ContextWithTrace(ctx, utilSpan), &Span{ - otelSpan: otelSpan, - utilSpan: utilSpan, - } -} - -// Span is a component part of a trace. It represents a single named -// and timed operation of a workflow being observed. -// This Span is a combination of an OpenTelemetry and k8s.io/utils/trace span -// to facilitate the migration to OpenTelemetry. -type Span struct { - otelSpan trace.Span - utilSpan *utiltrace.Trace -} - -// AddEvent adds a point-in-time event with a name and attributes. -func (s *Span) AddEvent(name string, attributes ...attribute.KeyValue) { - s.otelSpan.AddEvent(name, trace.WithAttributes(attributes...)) - if s.utilSpan != nil { - s.utilSpan.Step(name, attributesToFields(attributes)...) - } -} - -// End ends the span, and logs if the span duration is greater than the logThreshold. -func (s *Span) End(logThreshold time.Duration) { - s.otelSpan.End() - if s.utilSpan != nil { - s.utilSpan.LogIfLong(logThreshold) - } -} - -func attributesToFields(attributes []attribute.KeyValue) []utiltrace.Field { - fields := make([]utiltrace.Field, len(attributes)) - for i := range attributes { - attr := attributes[i] - fields[i] = utiltrace.Field{Key: string(attr.Key), Value: attr.Value.AsInterface()} - } - return fields -} - -// SpanFromContext returns the *Span from the current context. It is composed of the active -// OpenTelemetry and k8s.io/utils/trace spans. -func SpanFromContext(ctx context.Context) *Span { - return &Span{ - otelSpan: trace.SpanFromContext(ctx), - utilSpan: utiltrace.FromContext(ctx), - } -} - -// ContextWithSpan returns a context with the Span included in the context. -func ContextWithSpan(ctx context.Context, s *Span) context.Context { - return trace.ContextWithSpan(utiltrace.ContextWithTrace(ctx, s.utilSpan), s.otelSpan) -} diff --git a/etcd/vendor/k8s.io/component-base/tracing/utils.go b/etcd/vendor/k8s.io/component-base/tracing/utils.go deleted file mode 100644 index ae894a8091..0000000000 --- a/etcd/vendor/k8s.io/component-base/tracing/utils.go +++ /dev/null @@ -1,124 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package tracing - -import ( - "context" - "net/http" - - "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" - "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" - "go.opentelemetry.io/otel/propagation" - "go.opentelemetry.io/otel/sdk/resource" - sdktrace "go.opentelemetry.io/otel/sdk/trace" - oteltrace "go.opentelemetry.io/otel/trace" - - "k8s.io/client-go/transport" - "k8s.io/component-base/tracing/api/v1" -) - -// TracerProvider is an OpenTelemetry TracerProvider which can be shut down -type TracerProvider interface { - oteltrace.TracerProvider - Shutdown(context.Context) error -} - -type noopTracerProvider struct { - oteltrace.TracerProvider -} - -func (n *noopTracerProvider) Shutdown(context.Context) error { - return nil -} - -func NewNoopTracerProvider() TracerProvider { - return &noopTracerProvider{TracerProvider: oteltrace.NewNoopTracerProvider()} -} - -// NewProvider creates a TracerProvider in a component, and enforces recommended tracing behavior -func NewProvider(ctx context.Context, - tracingConfig *v1.TracingConfiguration, - addedOpts []otlptracegrpc.Option, - resourceOpts []resource.Option, -) (TracerProvider, error) { - if tracingConfig == nil { - return NewNoopTracerProvider(), nil - } - opts := append([]otlptracegrpc.Option{}, addedOpts...) - if tracingConfig.Endpoint != nil { - opts = append(opts, otlptracegrpc.WithEndpoint(*tracingConfig.Endpoint)) - } - opts = append(opts, otlptracegrpc.WithInsecure()) - exporter, err := otlptracegrpc.New(ctx, opts...) - if err != nil { - return nil, err - } - res, err := resource.New(ctx, resourceOpts...) - if err != nil { - return nil, err - } - - // sampler respects parent span's sampling rate or - // otherwise never samples. - sampler := sdktrace.NeverSample() - // Or, emit spans for a fraction of transactions - if tracingConfig.SamplingRatePerMillion != nil && *tracingConfig.SamplingRatePerMillion > 0 { - sampler = sdktrace.TraceIDRatioBased(float64(*tracingConfig.SamplingRatePerMillion) / float64(1000000)) - } - // batch span processor to aggregate spans before export. - bsp := sdktrace.NewBatchSpanProcessor(exporter) - tp := sdktrace.NewTracerProvider( - sdktrace.WithSampler(sdktrace.ParentBased(sampler)), - sdktrace.WithSpanProcessor(bsp), - sdktrace.WithResource(res), - ) - return tp, nil -} - -// WithTracing adds tracing to requests if the incoming request is sampled -func WithTracing(handler http.Handler, tp oteltrace.TracerProvider, serviceName string) http.Handler { - opts := []otelhttp.Option{ - otelhttp.WithPropagators(Propagators()), - otelhttp.WithTracerProvider(tp), - } - // With Noop TracerProvider, the otelhttp still handles context propagation. - // See https://github.com/open-telemetry/opentelemetry-go/tree/main/example/passthrough - return otelhttp.NewHandler(handler, serviceName, opts...) -} - -// WrapperFor can be used to add tracing to a *rest.Config. -// Example usage: -// tp := NewProvider(...) -// config, _ := rest.InClusterConfig() -// config.Wrap(WrapperFor(tp)) -// kubeclient, _ := clientset.NewForConfig(config) -func WrapperFor(tp oteltrace.TracerProvider) transport.WrapperFunc { - return func(rt http.RoundTripper) http.RoundTripper { - opts := []otelhttp.Option{ - otelhttp.WithPropagators(Propagators()), - otelhttp.WithTracerProvider(tp), - } - // With Noop TracerProvider, the otelhttp still handles context propagation. - // See https://github.com/open-telemetry/opentelemetry-go/tree/main/example/passthrough - return otelhttp.NewTransport(rt, opts...) - } -} - -// Propagators returns the recommended set of propagators. -func Propagators() propagation.TextMapPropagator { - return propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}) -} diff --git a/etcd/vendor/k8s.io/component-helpers/LICENSE b/etcd/vendor/k8s.io/component-helpers/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/component-helpers/apimachinery/lease/controller.go b/etcd/vendor/k8s.io/component-helpers/apimachinery/lease/controller.go deleted file mode 100644 index 203285e744..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/apimachinery/lease/controller.go +++ /dev/null @@ -1,239 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package lease - -import ( - "context" - "fmt" - "time" - - coordinationv1 "k8s.io/api/coordination/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" - clientset "k8s.io/client-go/kubernetes" - coordclientset "k8s.io/client-go/kubernetes/typed/coordination/v1" - "k8s.io/utils/clock" - "k8s.io/utils/pointer" - - "k8s.io/klog/v2" -) - -const ( - // maxUpdateRetries is the number of immediate, successive retries the controller will attempt - // when renewing the lease before it waits for the renewal interval before trying again, - // similar to what we do for node status retries - maxUpdateRetries = 5 - // maxBackoff is the maximum sleep time during backoff (e.g. in backoffEnsureLease) - maxBackoff = 7 * time.Second -) - -// Controller manages creating and renewing the lease for this component (kube-apiserver, kubelet, etc.) -type Controller interface { - Run(stopCh <-chan struct{}) -} - -// ProcessLeaseFunc processes the given lease in-place -type ProcessLeaseFunc func(*coordinationv1.Lease) error - -type controller struct { - client clientset.Interface - leaseClient coordclientset.LeaseInterface - holderIdentity string - leaseName string - leaseNamespace string - leaseDurationSeconds int32 - renewInterval time.Duration - clock clock.Clock - onRepeatedHeartbeatFailure func() - - // latestLease is the latest lease which the controller updated or created - latestLease *coordinationv1.Lease - - // newLeasePostProcessFunc allows customizing a lease object (e.g. setting OwnerReference) - // before every time the lease is created/refreshed(updated). Note that an error will block - // a lease CREATE, causing the controller to retry next time, but an error won't block a - // lease UPDATE. - newLeasePostProcessFunc ProcessLeaseFunc -} - -// NewController constructs and returns a controller -func NewController(clock clock.Clock, client clientset.Interface, holderIdentity string, leaseDurationSeconds int32, onRepeatedHeartbeatFailure func(), renewInterval time.Duration, leaseName, leaseNamespace string, newLeasePostProcessFunc ProcessLeaseFunc) Controller { - var leaseClient coordclientset.LeaseInterface - if client != nil { - leaseClient = client.CoordinationV1().Leases(leaseNamespace) - } - return &controller{ - client: client, - leaseClient: leaseClient, - holderIdentity: holderIdentity, - leaseName: leaseName, - leaseNamespace: leaseNamespace, - leaseDurationSeconds: leaseDurationSeconds, - renewInterval: renewInterval, - clock: clock, - onRepeatedHeartbeatFailure: onRepeatedHeartbeatFailure, - newLeasePostProcessFunc: newLeasePostProcessFunc, - } -} - -// Run runs the controller -func (c *controller) Run(stopCh <-chan struct{}) { - if c.leaseClient == nil { - klog.Infof("lease controller has nil lease client, will not claim or renew leases") - return - } - wait.JitterUntil(c.sync, c.renewInterval, 0.04, true, stopCh) -} - -func (c *controller) sync() { - if c.latestLease != nil { - // As long as the lease is not (or very rarely) updated by any other agent than the component itself, - // we can optimistically assume it didn't change since our last update and try updating - // based on the version from that time. Thanks to it we avoid GET call and reduce load - // on etcd and kube-apiserver. - // If at some point other agents will also be frequently updating the Lease object, this - // can result in performance degradation, because we will end up with calling additional - // GET/PUT - at this point this whole "if" should be removed. - err := c.retryUpdateLease(c.latestLease) - if err == nil { - return - } - klog.Infof("failed to update lease using latest lease, fallback to ensure lease, err: %v", err) - } - - lease, created := c.backoffEnsureLease() - c.latestLease = lease - // we don't need to update the lease if we just created it - if !created && lease != nil { - if err := c.retryUpdateLease(lease); err != nil { - klog.Errorf("%v, will retry after %v", err, c.renewInterval) - } - } -} - -// backoffEnsureLease attempts to create the lease if it does not exist, -// and uses exponentially increasing waits to prevent overloading the API server -// with retries. Returns the lease, and true if this call created the lease, -// false otherwise. -func (c *controller) backoffEnsureLease() (*coordinationv1.Lease, bool) { - var ( - lease *coordinationv1.Lease - created bool - err error - ) - sleep := 100 * time.Millisecond - for { - lease, created, err = c.ensureLease() - if err == nil { - break - } - sleep = minDuration(2*sleep, maxBackoff) - klog.Errorf("failed to ensure lease exists, will retry in %v, error: %v", sleep, err) - // backoff wait - c.clock.Sleep(sleep) - } - return lease, created -} - -// ensureLease creates the lease if it does not exist. Returns the lease and -// a bool (true if this call created the lease), or any error that occurs. -func (c *controller) ensureLease() (*coordinationv1.Lease, bool, error) { - lease, err := c.leaseClient.Get(context.TODO(), c.leaseName, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - // lease does not exist, create it. - leaseToCreate, err := c.newLease(nil) - // An error occurred during allocating the new lease (likely from newLeasePostProcessFunc). - // Given that we weren't able to set the lease correctly, we simply - // not create it this time - we will retry in the next iteration. - if err != nil { - return nil, false, nil - } - lease, err := c.leaseClient.Create(context.TODO(), leaseToCreate, metav1.CreateOptions{}) - if err != nil { - return nil, false, err - } - return lease, true, nil - } else if err != nil { - // unexpected error getting lease - return nil, false, err - } - // lease already existed - return lease, false, nil -} - -// retryUpdateLease attempts to update the lease for maxUpdateRetries, -// call this once you're sure the lease has been created -func (c *controller) retryUpdateLease(base *coordinationv1.Lease) error { - for i := 0; i < maxUpdateRetries; i++ { - leaseToUpdate, _ := c.newLease(base) - lease, err := c.leaseClient.Update(context.TODO(), leaseToUpdate, metav1.UpdateOptions{}) - if err == nil { - c.latestLease = lease - return nil - } - klog.Errorf("failed to update lease, error: %v", err) - // OptimisticLockError requires getting the newer version of lease to proceed. - if apierrors.IsConflict(err) { - base, _ = c.backoffEnsureLease() - continue - } - if i > 0 && c.onRepeatedHeartbeatFailure != nil { - c.onRepeatedHeartbeatFailure() - } - } - return fmt.Errorf("failed %d attempts to update lease", maxUpdateRetries) -} - -// newLease constructs a new lease if base is nil, or returns a copy of base -// with desired state asserted on the copy. -// Note that an error will block lease CREATE, causing the CREATE to be retried in -// the next iteration; but the error won't block lease refresh (UPDATE). -func (c *controller) newLease(base *coordinationv1.Lease) (*coordinationv1.Lease, error) { - // Use the bare minimum set of fields; other fields exist for debugging/legacy, - // but we don't need to make component heartbeats more complicated by using them. - var lease *coordinationv1.Lease - if base == nil { - lease = &coordinationv1.Lease{ - ObjectMeta: metav1.ObjectMeta{ - Name: c.leaseName, - Namespace: c.leaseNamespace, - }, - Spec: coordinationv1.LeaseSpec{ - HolderIdentity: pointer.StringPtr(c.holderIdentity), - LeaseDurationSeconds: pointer.Int32Ptr(c.leaseDurationSeconds), - }, - } - } else { - lease = base.DeepCopy() - } - lease.Spec.RenewTime = &metav1.MicroTime{Time: c.clock.Now()} - - if c.newLeasePostProcessFunc != nil { - err := c.newLeasePostProcessFunc(lease) - return lease, err - } - - return lease, nil -} - -func minDuration(a, b time.Duration) time.Duration { - if a < b { - return a - } - return b -} diff --git a/etcd/vendor/k8s.io/component-helpers/apps/poddisruptionbudget/helpers.go b/etcd/vendor/k8s.io/component-helpers/apps/poddisruptionbudget/helpers.go deleted file mode 100644 index f6008c76d7..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/apps/poddisruptionbudget/helpers.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package poddisruptionbudget - -import ( - policy "k8s.io/api/policy/v1" - apimeta "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// UpdateDisruptionAllowedCondition updates the DisruptionAllowed condition -// on a PodDisruptionBudget based on the value of the DisruptionsAllowed field. -func UpdateDisruptionAllowedCondition(pdb *policy.PodDisruptionBudget) { - if pdb.Status.Conditions == nil { - pdb.Status.Conditions = make([]metav1.Condition, 0) - } - if pdb.Status.DisruptionsAllowed > 0 { - apimeta.SetStatusCondition(&pdb.Status.Conditions, metav1.Condition{ - Type: policy.DisruptionAllowedCondition, - Reason: policy.SufficientPodsReason, - Status: metav1.ConditionTrue, - ObservedGeneration: pdb.Status.ObservedGeneration, - }) - } else { - apimeta.SetStatusCondition(&pdb.Status.Conditions, metav1.Condition{ - Type: policy.DisruptionAllowedCondition, - Reason: policy.InsufficientPodsReason, - Status: metav1.ConditionFalse, - ObservedGeneration: pdb.Status.ObservedGeneration, - }) - } -} - -// ConditionsAreUpToDate checks whether the status and reason for the -// DisruptionAllowed condition are set to the correct values based on the -// DisruptionsAllowed field. -func ConditionsAreUpToDate(pdb *policy.PodDisruptionBudget) bool { - cond := apimeta.FindStatusCondition(pdb.Status.Conditions, policy.DisruptionAllowedCondition) - if cond == nil { - return false - } - - if pdb.Status.ObservedGeneration != pdb.Generation { - return false - } - - if pdb.Status.DisruptionsAllowed > 0 { - return cond.Status == metav1.ConditionTrue && cond.Reason == policy.SufficientPodsReason - } - return cond.Status == metav1.ConditionFalse && cond.Reason == policy.InsufficientPodsReason -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrole_interfaces.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrole_interfaces.go deleted file mode 100644 index c10745c688..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrole_interfaces.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconciliation - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" -) - -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RuleOwner -// +k8s:deepcopy-gen:nonpointer-interfaces=true -type ClusterRoleRuleOwner struct { - ClusterRole *rbacv1.ClusterRole -} - -func (o ClusterRoleRuleOwner) GetObject() runtime.Object { - return o.ClusterRole -} - -func (o ClusterRoleRuleOwner) GetNamespace() string { - return o.ClusterRole.Namespace -} - -func (o ClusterRoleRuleOwner) GetName() string { - return o.ClusterRole.Name -} - -func (o ClusterRoleRuleOwner) GetLabels() map[string]string { - return o.ClusterRole.Labels -} - -func (o ClusterRoleRuleOwner) SetLabels(in map[string]string) { - o.ClusterRole.Labels = in -} - -func (o ClusterRoleRuleOwner) GetAnnotations() map[string]string { - return o.ClusterRole.Annotations -} - -func (o ClusterRoleRuleOwner) SetAnnotations(in map[string]string) { - o.ClusterRole.Annotations = in -} - -func (o ClusterRoleRuleOwner) GetRules() []rbacv1.PolicyRule { - return o.ClusterRole.Rules -} - -func (o ClusterRoleRuleOwner) SetRules(in []rbacv1.PolicyRule) { - o.ClusterRole.Rules = in -} - -func (o ClusterRoleRuleOwner) GetAggregationRule() *rbacv1.AggregationRule { - return o.ClusterRole.AggregationRule -} - -func (o ClusterRoleRuleOwner) SetAggregationRule(in *rbacv1.AggregationRule) { - o.ClusterRole.AggregationRule = in -} - -type ClusterRoleModifier struct { - Client rbacv1client.ClusterRoleInterface -} - -func (c ClusterRoleModifier) Get(namespace, name string) (RuleOwner, error) { - ret, err := c.Client.Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - return nil, err - } - return ClusterRoleRuleOwner{ClusterRole: ret}, err -} - -func (c ClusterRoleModifier) Create(in RuleOwner) (RuleOwner, error) { - ret, err := c.Client.Create(context.TODO(), in.(ClusterRoleRuleOwner).ClusterRole, metav1.CreateOptions{}) - if err != nil { - return nil, err - } - return ClusterRoleRuleOwner{ClusterRole: ret}, err -} - -func (c ClusterRoleModifier) Update(in RuleOwner) (RuleOwner, error) { - ret, err := c.Client.Update(context.TODO(), in.(ClusterRoleRuleOwner).ClusterRole, metav1.UpdateOptions{}) - if err != nil { - return nil, err - } - return ClusterRoleRuleOwner{ClusterRole: ret}, err - -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrolebinding_interfaces.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrolebinding_interfaces.go deleted file mode 100644 index f55a1bf3fd..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrolebinding_interfaces.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconciliation - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" -) - -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RoleBinding -// +k8s:deepcopy-gen:nonpointer-interfaces=true -type ClusterRoleBindingAdapter struct { - ClusterRoleBinding *rbacv1.ClusterRoleBinding -} - -func (o ClusterRoleBindingAdapter) GetObject() runtime.Object { - return o.ClusterRoleBinding -} - -func (o ClusterRoleBindingAdapter) GetNamespace() string { - return o.ClusterRoleBinding.Namespace -} - -func (o ClusterRoleBindingAdapter) GetName() string { - return o.ClusterRoleBinding.Name -} - -func (o ClusterRoleBindingAdapter) GetUID() types.UID { - return o.ClusterRoleBinding.UID -} - -func (o ClusterRoleBindingAdapter) GetLabels() map[string]string { - return o.ClusterRoleBinding.Labels -} - -func (o ClusterRoleBindingAdapter) SetLabels(in map[string]string) { - o.ClusterRoleBinding.Labels = in -} - -func (o ClusterRoleBindingAdapter) GetAnnotations() map[string]string { - return o.ClusterRoleBinding.Annotations -} - -func (o ClusterRoleBindingAdapter) SetAnnotations(in map[string]string) { - o.ClusterRoleBinding.Annotations = in -} - -func (o ClusterRoleBindingAdapter) GetRoleRef() rbacv1.RoleRef { - return o.ClusterRoleBinding.RoleRef -} - -func (o ClusterRoleBindingAdapter) GetSubjects() []rbacv1.Subject { - return o.ClusterRoleBinding.Subjects -} - -func (o ClusterRoleBindingAdapter) SetSubjects(in []rbacv1.Subject) { - o.ClusterRoleBinding.Subjects = in -} - -type ClusterRoleBindingClientAdapter struct { - Client rbacv1client.ClusterRoleBindingInterface -} - -func (c ClusterRoleBindingClientAdapter) Get(namespace, name string) (RoleBinding, error) { - ret, err := c.Client.Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - return nil, err - } - return ClusterRoleBindingAdapter{ClusterRoleBinding: ret}, err -} - -func (c ClusterRoleBindingClientAdapter) Create(in RoleBinding) (RoleBinding, error) { - ret, err := c.Client.Create(context.TODO(), in.(ClusterRoleBindingAdapter).ClusterRoleBinding, metav1.CreateOptions{}) - if err != nil { - return nil, err - } - return ClusterRoleBindingAdapter{ClusterRoleBinding: ret}, err -} - -func (c ClusterRoleBindingClientAdapter) Update(in RoleBinding) (RoleBinding, error) { - ret, err := c.Client.Update(context.TODO(), in.(ClusterRoleBindingAdapter).ClusterRoleBinding, metav1.UpdateOptions{}) - if err != nil { - return nil, err - } - return ClusterRoleBindingAdapter{ClusterRoleBinding: ret}, err - -} - -func (c ClusterRoleBindingClientAdapter) Delete(namespace, name string, uid types.UID) error { - return c.Client.Delete(context.TODO(), name, metav1.DeleteOptions{Preconditions: &metav1.Preconditions{UID: &uid}}) -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/namespace.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/namespace.go deleted file mode 100644 index 584a625226..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/namespace.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconciliation - -import ( - "context" - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" -) - -// tryEnsureNamespace gets or creates the given namespace while ignoring forbidden errors. -// It is a best effort attempt as the user may not be able to get or create namespaces. -// This allows us to handle flows where the user can only mutate roles and role bindings. -func tryEnsureNamespace(client corev1client.NamespaceInterface, namespace string) error { - _, getErr := client.Get(context.TODO(), namespace, metav1.GetOptions{}) - if getErr == nil { - return nil - } - - if fatalGetErr := utilerrors.FilterOut(getErr, apierrors.IsNotFound, apierrors.IsForbidden); fatalGetErr != nil { - return fatalGetErr - } - - ns := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}} - _, createErr := client.Create(context.TODO(), ns, metav1.CreateOptions{}) - - return utilerrors.FilterOut(createErr, apierrors.IsAlreadyExists, apierrors.IsForbidden) -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role.go deleted file mode 100644 index f191ea3374..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role.go +++ /dev/null @@ -1,289 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconciliation - -import ( - "fmt" - "reflect" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/component-helpers/auth/rbac/validation" -) - -type ReconcileOperation string - -var ( - ReconcileCreate ReconcileOperation = "create" - ReconcileUpdate ReconcileOperation = "update" - ReconcileRecreate ReconcileOperation = "recreate" - ReconcileNone ReconcileOperation = "none" -) - -type RuleOwnerModifier interface { - Get(namespace, name string) (RuleOwner, error) - Create(RuleOwner) (RuleOwner, error) - Update(RuleOwner) (RuleOwner, error) -} - -type RuleOwner interface { - GetObject() runtime.Object - GetNamespace() string - GetName() string - GetLabels() map[string]string - SetLabels(map[string]string) - GetAnnotations() map[string]string - SetAnnotations(map[string]string) - GetRules() []rbacv1.PolicyRule - SetRules([]rbacv1.PolicyRule) - GetAggregationRule() *rbacv1.AggregationRule - SetAggregationRule(*rbacv1.AggregationRule) - DeepCopyRuleOwner() RuleOwner -} - -type ReconcileRoleOptions struct { - // Role is the expected role that will be reconciled - Role RuleOwner - // Confirm indicates writes should be performed. When false, results are returned as a dry-run. - Confirm bool - // RemoveExtraPermissions indicates reconciliation should remove extra permissions from an existing role - RemoveExtraPermissions bool - // Client is used to look up existing roles, and create/update the role when Confirm=true - Client RuleOwnerModifier -} - -type ReconcileClusterRoleResult struct { - // Role is the reconciled role from the reconciliation operation. - // If the reconcile was performed as a dry-run, or the existing role was protected, the reconciled role is not persisted. - Role RuleOwner - - // MissingRules contains expected rules that were missing from the currently persisted role - MissingRules []rbacv1.PolicyRule - // ExtraRules contains extra permissions the currently persisted role had - ExtraRules []rbacv1.PolicyRule - - // MissingAggregationRuleSelectors contains expected selectors that were missing from the currently persisted role - MissingAggregationRuleSelectors []metav1.LabelSelector - // ExtraAggregationRuleSelectors contains extra selectors the currently persisted role had - ExtraAggregationRuleSelectors []metav1.LabelSelector - - // Operation is the API operation required to reconcile. - // If no reconciliation was needed, it is set to ReconcileNone. - // If options.Confirm == false, the reconcile was in dry-run mode, so the operation was not performed. - // If result.Protected == true, the role opted out of reconciliation, so the operation was not performed. - // Otherwise, the operation was performed. - Operation ReconcileOperation - // Protected indicates an existing role prevented reconciliation - Protected bool -} - -func (o *ReconcileRoleOptions) Run() (*ReconcileClusterRoleResult, error) { - return o.run(0) -} - -func (o *ReconcileRoleOptions) run(attempts int) (*ReconcileClusterRoleResult, error) { - // This keeps us from retrying forever if a role keeps appearing and disappearing as we reconcile. - // Conflict errors on update are handled at a higher level. - if attempts > 2 { - return nil, fmt.Errorf("exceeded maximum attempts") - } - - var result *ReconcileClusterRoleResult - - existing, err := o.Client.Get(o.Role.GetNamespace(), o.Role.GetName()) - switch { - case errors.IsNotFound(err): - aggregationRule := o.Role.GetAggregationRule() - if aggregationRule == nil { - aggregationRule = &rbacv1.AggregationRule{} - } - result = &ReconcileClusterRoleResult{ - Role: o.Role, - MissingRules: o.Role.GetRules(), - MissingAggregationRuleSelectors: aggregationRule.ClusterRoleSelectors, - Operation: ReconcileCreate, - } - - case err != nil: - return nil, err - - default: - result, err = computeReconciledRole(existing, o.Role, o.RemoveExtraPermissions) - if err != nil { - return nil, err - } - } - - // If reconcile-protected, short-circuit - if result.Protected { - return result, nil - } - // If we're in dry-run mode, short-circuit - if !o.Confirm { - return result, nil - } - - switch result.Operation { - case ReconcileCreate: - created, err := o.Client.Create(result.Role) - // If created since we started this reconcile, re-run - if errors.IsAlreadyExists(err) { - return o.run(attempts + 1) - } - if err != nil { - return nil, err - } - result.Role = created - - case ReconcileUpdate: - updated, err := o.Client.Update(result.Role) - // If deleted since we started this reconcile, re-run - if errors.IsNotFound(err) { - return o.run(attempts + 1) - } - if err != nil { - return nil, err - } - result.Role = updated - - case ReconcileNone: - // no-op - - default: - return nil, fmt.Errorf("invalid operation: %v", result.Operation) - } - - return result, nil -} - -// computeReconciledRole returns the role that must be created and/or updated to make the -// existing role's permissions match the expected role's permissions -func computeReconciledRole(existing, expected RuleOwner, removeExtraPermissions bool) (*ReconcileClusterRoleResult, error) { - result := &ReconcileClusterRoleResult{Operation: ReconcileNone} - - result.Protected = (existing.GetAnnotations()[rbacv1.AutoUpdateAnnotationKey] == "false") - - // Start with a copy of the existing object - result.Role = existing.DeepCopyRuleOwner() - - // Merge expected annotations and labels - result.Role.SetAnnotations(merge(expected.GetAnnotations(), result.Role.GetAnnotations())) - if !reflect.DeepEqual(result.Role.GetAnnotations(), existing.GetAnnotations()) { - result.Operation = ReconcileUpdate - } - result.Role.SetLabels(merge(expected.GetLabels(), result.Role.GetLabels())) - if !reflect.DeepEqual(result.Role.GetLabels(), existing.GetLabels()) { - result.Operation = ReconcileUpdate - } - - // Compute extra and missing rules - // Don't compute extra permissions if expected and existing roles are both aggregated - if expected.GetAggregationRule() == nil || existing.GetAggregationRule() == nil { - _, result.ExtraRules = validation.Covers(expected.GetRules(), existing.GetRules()) - } - _, result.MissingRules = validation.Covers(existing.GetRules(), expected.GetRules()) - - switch { - case !removeExtraPermissions && len(result.MissingRules) > 0: - // add missing rules in the union case - result.Role.SetRules(append(result.Role.GetRules(), result.MissingRules...)) - result.Operation = ReconcileUpdate - - case removeExtraPermissions && (len(result.MissingRules) > 0 || len(result.ExtraRules) > 0): - // stomp to expected rules in the non-union case - result.Role.SetRules(expected.GetRules()) - result.Operation = ReconcileUpdate - } - - // Compute extra and missing rules - _, result.ExtraAggregationRuleSelectors = aggregationRuleCovers(expected.GetAggregationRule(), existing.GetAggregationRule()) - _, result.MissingAggregationRuleSelectors = aggregationRuleCovers(existing.GetAggregationRule(), expected.GetAggregationRule()) - - switch { - case expected.GetAggregationRule() == nil && existing.GetAggregationRule() != nil: - // we didn't expect this to be an aggregated role at all, remove the existing aggregation - result.Role.SetAggregationRule(nil) - result.Operation = ReconcileUpdate - - case !removeExtraPermissions && len(result.MissingAggregationRuleSelectors) > 0: - // add missing rules in the union case - aggregationRule := result.Role.GetAggregationRule() - if aggregationRule == nil { - aggregationRule = &rbacv1.AggregationRule{} - } - aggregationRule.ClusterRoleSelectors = append(aggregationRule.ClusterRoleSelectors, result.MissingAggregationRuleSelectors...) - result.Role.SetAggregationRule(aggregationRule) - result.Operation = ReconcileUpdate - - case removeExtraPermissions && (len(result.MissingAggregationRuleSelectors) > 0 || len(result.ExtraAggregationRuleSelectors) > 0): - result.Role.SetAggregationRule(expected.GetAggregationRule()) - result.Operation = ReconcileUpdate - } - - return result, nil -} - -// merge combines the given maps with the later annotations having higher precedence -func merge(maps ...map[string]string) map[string]string { - var output map[string]string = nil - for _, m := range maps { - if m != nil && output == nil { - output = map[string]string{} - } - for k, v := range m { - output[k] = v - } - } - return output -} - -// aggregationRuleCovers determines whether or not the ownerSelectors cover the servantSelectors in terms of semantically -// equal label selectors. -// It returns whether or not the ownerSelectors cover and a list of the rules that the ownerSelectors do not cover. -func aggregationRuleCovers(ownerRule, servantRule *rbacv1.AggregationRule) (bool, []metav1.LabelSelector) { - switch { - case ownerRule == nil && servantRule == nil: - return true, []metav1.LabelSelector{} - case ownerRule == nil && servantRule != nil: - return false, servantRule.ClusterRoleSelectors - case ownerRule != nil && servantRule == nil: - return true, []metav1.LabelSelector{} - - } - - ownerSelectors := ownerRule.ClusterRoleSelectors - servantSelectors := servantRule.ClusterRoleSelectors - uncoveredSelectors := []metav1.LabelSelector{} - - for _, servantSelector := range servantSelectors { - covered := false - for _, ownerSelector := range ownerSelectors { - if equality.Semantic.DeepEqual(ownerSelector, servantSelector) { - covered = true - break - } - } - if !covered { - uncoveredSelectors = append(uncoveredSelectors, servantSelector) - } - } - - return (len(uncoveredSelectors) == 0), uncoveredSelectors -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings.go deleted file mode 100644 index c8e1596177..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings.go +++ /dev/null @@ -1,250 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconciliation - -import ( - "fmt" - "reflect" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" -) - -type RoleBindingModifier interface { - Get(namespace, name string) (RoleBinding, error) - Delete(namespace, name string, uid types.UID) error - Create(RoleBinding) (RoleBinding, error) - Update(RoleBinding) (RoleBinding, error) -} - -type RoleBinding interface { - GetObject() runtime.Object - GetNamespace() string - GetName() string - GetUID() types.UID - GetLabels() map[string]string - SetLabels(map[string]string) - GetAnnotations() map[string]string - SetAnnotations(map[string]string) - GetRoleRef() rbacv1.RoleRef - GetSubjects() []rbacv1.Subject - SetSubjects([]rbacv1.Subject) - DeepCopyRoleBinding() RoleBinding -} - -// ReconcileRoleBindingOptions holds options for running a role binding reconciliation -type ReconcileRoleBindingOptions struct { - // RoleBinding is the expected rolebinding that will be reconciled - RoleBinding RoleBinding - // Confirm indicates writes should be performed. When false, results are returned as a dry-run. - Confirm bool - // RemoveExtraSubjects indicates reconciliation should remove extra subjects from an existing role binding - RemoveExtraSubjects bool - // Client is used to look up existing rolebindings, and create/update the rolebinding when Confirm=true - Client RoleBindingModifier -} - -// ReconcileClusterRoleBindingResult holds the result of a reconciliation operation. -type ReconcileClusterRoleBindingResult struct { - // RoleBinding is the reconciled rolebinding from the reconciliation operation. - // If the reconcile was performed as a dry-run, or the existing rolebinding was protected, the reconciled rolebinding is not persisted. - RoleBinding RoleBinding - - // MissingSubjects contains expected subjects that were missing from the currently persisted rolebinding - MissingSubjects []rbacv1.Subject - // ExtraSubjects contains extra subjects the currently persisted rolebinding had - ExtraSubjects []rbacv1.Subject - - // Operation is the API operation required to reconcile. - // If no reconciliation was needed, it is set to ReconcileNone. - // If options.Confirm == false, the reconcile was in dry-run mode, so the operation was not performed. - // If result.Protected == true, the rolebinding opted out of reconciliation, so the operation was not performed. - // Otherwise, the operation was performed. - Operation ReconcileOperation - // Protected indicates an existing role prevented reconciliation - Protected bool -} - -func (o *ReconcileRoleBindingOptions) Run() (*ReconcileClusterRoleBindingResult, error) { - return o.run(0) -} - -func (o *ReconcileRoleBindingOptions) run(attempts int) (*ReconcileClusterRoleBindingResult, error) { - // This keeps us from retrying forever if a rolebinding keeps appearing and disappearing as we reconcile. - // Conflict errors on update are handled at a higher level. - if attempts > 3 { - return nil, fmt.Errorf("exceeded maximum attempts") - } - - var result *ReconcileClusterRoleBindingResult - - existingBinding, err := o.Client.Get(o.RoleBinding.GetNamespace(), o.RoleBinding.GetName()) - switch { - case errors.IsNotFound(err): - result = &ReconcileClusterRoleBindingResult{ - RoleBinding: o.RoleBinding, - MissingSubjects: o.RoleBinding.GetSubjects(), - Operation: ReconcileCreate, - } - - case err != nil: - return nil, err - - default: - result, err = computeReconciledRoleBinding(existingBinding, o.RoleBinding, o.RemoveExtraSubjects) - if err != nil { - return nil, err - } - } - - // If reconcile-protected, short-circuit - if result.Protected { - return result, nil - } - // If we're in dry-run mode, short-circuit - if !o.Confirm { - return result, nil - } - - switch result.Operation { - case ReconcileRecreate: - // Try deleting - err := o.Client.Delete(existingBinding.GetNamespace(), existingBinding.GetName(), existingBinding.GetUID()) - switch { - case err == nil, errors.IsNotFound(err): - // object no longer exists, as desired - case errors.IsConflict(err): - // delete failed because our UID precondition conflicted - // this could mean another object exists with a different UID, re-run - return o.run(attempts + 1) - default: - // return other errors - return nil, err - } - // continue to create - fallthrough - case ReconcileCreate: - created, err := o.Client.Create(result.RoleBinding) - // If created since we started this reconcile, re-run - if errors.IsAlreadyExists(err) { - return o.run(attempts + 1) - } - if err != nil { - return nil, err - } - result.RoleBinding = created - - case ReconcileUpdate: - updated, err := o.Client.Update(result.RoleBinding) - // If deleted since we started this reconcile, re-run - if errors.IsNotFound(err) { - return o.run(attempts + 1) - } - if err != nil { - return nil, err - } - result.RoleBinding = updated - - case ReconcileNone: - // no-op - - default: - return nil, fmt.Errorf("invalid operation: %v", result.Operation) - } - - return result, nil -} - -// computeReconciledRoleBinding returns the rolebinding that must be created and/or updated to make the -// existing rolebinding's subjects, roleref, labels, and annotations match the expected rolebinding -func computeReconciledRoleBinding(existing, expected RoleBinding, removeExtraSubjects bool) (*ReconcileClusterRoleBindingResult, error) { - result := &ReconcileClusterRoleBindingResult{Operation: ReconcileNone} - - result.Protected = (existing.GetAnnotations()[rbacv1.AutoUpdateAnnotationKey] == "false") - - // Reset the binding completely if the roleRef is different - if expected.GetRoleRef() != existing.GetRoleRef() { - result.RoleBinding = expected - result.Operation = ReconcileRecreate - return result, nil - } - - // Start with a copy of the existing object - result.RoleBinding = existing.DeepCopyRoleBinding() - - // Merge expected annotations and labels - result.RoleBinding.SetAnnotations(merge(expected.GetAnnotations(), result.RoleBinding.GetAnnotations())) - if !reflect.DeepEqual(result.RoleBinding.GetAnnotations(), existing.GetAnnotations()) { - result.Operation = ReconcileUpdate - } - result.RoleBinding.SetLabels(merge(expected.GetLabels(), result.RoleBinding.GetLabels())) - if !reflect.DeepEqual(result.RoleBinding.GetLabels(), existing.GetLabels()) { - result.Operation = ReconcileUpdate - } - - // Compute extra and missing subjects - result.MissingSubjects, result.ExtraSubjects = diffSubjectLists(expected.GetSubjects(), existing.GetSubjects()) - - switch { - case !removeExtraSubjects && len(result.MissingSubjects) > 0: - // add missing subjects in the union case - result.RoleBinding.SetSubjects(append(result.RoleBinding.GetSubjects(), result.MissingSubjects...)) - result.Operation = ReconcileUpdate - - case removeExtraSubjects && (len(result.MissingSubjects) > 0 || len(result.ExtraSubjects) > 0): - // stomp to expected subjects in the non-union case - result.RoleBinding.SetSubjects(expected.GetSubjects()) - result.Operation = ReconcileUpdate - } - - return result, nil -} - -func contains(list []rbacv1.Subject, item rbacv1.Subject) bool { - for _, listItem := range list { - if listItem == item { - return true - } - } - return false -} - -// diffSubjectLists returns lists containing the items unique to each provided list: -// -// list1Only = list1 - list2 -// list2Only = list2 - list1 -// -// if both returned lists are empty, the provided lists are equal -func diffSubjectLists(list1 []rbacv1.Subject, list2 []rbacv1.Subject) (list1Only []rbacv1.Subject, list2Only []rbacv1.Subject) { - for _, list1Item := range list1 { - if !contains(list2, list1Item) { - if !contains(list1Only, list1Item) { - list1Only = append(list1Only, list1Item) - } - } - } - for _, list2Item := range list2 { - if !contains(list1, list2Item) { - if !contains(list2Only, list2Item) { - list2Only = append(list2Only, list2Item) - } - } - } - return -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/role_interfaces.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/role_interfaces.go deleted file mode 100644 index ae7e7867ad..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/role_interfaces.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconciliation - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" -) - -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RuleOwner -// +k8s:deepcopy-gen:nonpointer-interfaces=true -type RoleRuleOwner struct { - Role *rbacv1.Role -} - -func (o RoleRuleOwner) GetObject() runtime.Object { - return o.Role -} - -func (o RoleRuleOwner) GetNamespace() string { - return o.Role.Namespace -} - -func (o RoleRuleOwner) GetName() string { - return o.Role.Name -} - -func (o RoleRuleOwner) GetLabels() map[string]string { - return o.Role.Labels -} - -func (o RoleRuleOwner) SetLabels(in map[string]string) { - o.Role.Labels = in -} - -func (o RoleRuleOwner) GetAnnotations() map[string]string { - return o.Role.Annotations -} - -func (o RoleRuleOwner) SetAnnotations(in map[string]string) { - o.Role.Annotations = in -} - -func (o RoleRuleOwner) GetRules() []rbacv1.PolicyRule { - return o.Role.Rules -} - -func (o RoleRuleOwner) SetRules(in []rbacv1.PolicyRule) { - o.Role.Rules = in -} - -func (o RoleRuleOwner) GetAggregationRule() *rbacv1.AggregationRule { - return nil -} - -func (o RoleRuleOwner) SetAggregationRule(in *rbacv1.AggregationRule) { -} - -type RoleModifier struct { - Client rbacv1client.RolesGetter - NamespaceClient corev1client.NamespaceInterface -} - -func (c RoleModifier) Get(namespace, name string) (RuleOwner, error) { - ret, err := c.Client.Roles(namespace).Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - return nil, err - } - return RoleRuleOwner{Role: ret}, err -} - -func (c RoleModifier) Create(in RuleOwner) (RuleOwner, error) { - if err := tryEnsureNamespace(c.NamespaceClient, in.GetNamespace()); err != nil { - return nil, err - } - - ret, err := c.Client.Roles(in.GetNamespace()).Create(context.TODO(), in.(RoleRuleOwner).Role, metav1.CreateOptions{}) - if err != nil { - return nil, err - } - return RoleRuleOwner{Role: ret}, err -} - -func (c RoleModifier) Update(in RuleOwner) (RuleOwner, error) { - ret, err := c.Client.Roles(in.GetNamespace()).Update(context.TODO(), in.(RoleRuleOwner).Role, metav1.UpdateOptions{}) - if err != nil { - return nil, err - } - return RoleRuleOwner{Role: ret}, err - -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/rolebinding_interfaces.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/rolebinding_interfaces.go deleted file mode 100644 index 990bb1035d..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/rolebinding_interfaces.go +++ /dev/null @@ -1,117 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconciliation - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" -) - -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RoleBinding -// +k8s:deepcopy-gen:nonpointer-interfaces=true -type RoleBindingAdapter struct { - RoleBinding *rbacv1.RoleBinding -} - -func (o RoleBindingAdapter) GetObject() runtime.Object { - return o.RoleBinding -} - -func (o RoleBindingAdapter) GetNamespace() string { - return o.RoleBinding.Namespace -} - -func (o RoleBindingAdapter) GetName() string { - return o.RoleBinding.Name -} - -func (o RoleBindingAdapter) GetUID() types.UID { - return o.RoleBinding.UID -} - -func (o RoleBindingAdapter) GetLabels() map[string]string { - return o.RoleBinding.Labels -} - -func (o RoleBindingAdapter) SetLabels(in map[string]string) { - o.RoleBinding.Labels = in -} - -func (o RoleBindingAdapter) GetAnnotations() map[string]string { - return o.RoleBinding.Annotations -} - -func (o RoleBindingAdapter) SetAnnotations(in map[string]string) { - o.RoleBinding.Annotations = in -} - -func (o RoleBindingAdapter) GetRoleRef() rbacv1.RoleRef { - return o.RoleBinding.RoleRef -} - -func (o RoleBindingAdapter) GetSubjects() []rbacv1.Subject { - return o.RoleBinding.Subjects -} - -func (o RoleBindingAdapter) SetSubjects(in []rbacv1.Subject) { - o.RoleBinding.Subjects = in -} - -type RoleBindingClientAdapter struct { - Client rbacv1client.RoleBindingsGetter - NamespaceClient corev1client.NamespaceInterface -} - -func (c RoleBindingClientAdapter) Get(namespace, name string) (RoleBinding, error) { - ret, err := c.Client.RoleBindings(namespace).Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - return nil, err - } - return RoleBindingAdapter{RoleBinding: ret}, err -} - -func (c RoleBindingClientAdapter) Create(in RoleBinding) (RoleBinding, error) { - if err := tryEnsureNamespace(c.NamespaceClient, in.GetNamespace()); err != nil { - return nil, err - } - - ret, err := c.Client.RoleBindings(in.GetNamespace()).Create(context.TODO(), in.(RoleBindingAdapter).RoleBinding, metav1.CreateOptions{}) - if err != nil { - return nil, err - } - return RoleBindingAdapter{RoleBinding: ret}, err -} - -func (c RoleBindingClientAdapter) Update(in RoleBinding) (RoleBinding, error) { - ret, err := c.Client.RoleBindings(in.GetNamespace()).Update(context.TODO(), in.(RoleBindingAdapter).RoleBinding, metav1.UpdateOptions{}) - if err != nil { - return nil, err - } - return RoleBindingAdapter{RoleBinding: ret}, err - -} - -func (c RoleBindingClientAdapter) Delete(namespace, name string, uid types.UID) error { - return c.Client.RoleBindings(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{Preconditions: &metav1.Preconditions{UID: &uid}}) -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/zz_generated.deepcopy.go deleted file mode 100644 index 48065cd314..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/reconciliation/zz_generated.deepcopy.go +++ /dev/null @@ -1,130 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package reconciliation - -import ( - v1 "k8s.io/api/rbac/v1" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterRoleBindingAdapter) DeepCopyInto(out *ClusterRoleBindingAdapter) { - *out = *in - if in.ClusterRoleBinding != nil { - in, out := &in.ClusterRoleBinding, &out.ClusterRoleBinding - *out = new(v1.ClusterRoleBinding) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBindingAdapter. -func (in *ClusterRoleBindingAdapter) DeepCopy() *ClusterRoleBindingAdapter { - if in == nil { - return nil - } - out := new(ClusterRoleBindingAdapter) - in.DeepCopyInto(out) - return out -} - -// DeepCopyRoleBinding is an autogenerated deepcopy function, copying the receiver, creating a new RoleBinding. -func (in ClusterRoleBindingAdapter) DeepCopyRoleBinding() RoleBinding { - return *in.DeepCopy() -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterRoleRuleOwner) DeepCopyInto(out *ClusterRoleRuleOwner) { - *out = *in - if in.ClusterRole != nil { - in, out := &in.ClusterRole, &out.ClusterRole - *out = new(v1.ClusterRole) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleRuleOwner. -func (in *ClusterRoleRuleOwner) DeepCopy() *ClusterRoleRuleOwner { - if in == nil { - return nil - } - out := new(ClusterRoleRuleOwner) - in.DeepCopyInto(out) - return out -} - -// DeepCopyRuleOwner is an autogenerated deepcopy function, copying the receiver, creating a new RuleOwner. -func (in ClusterRoleRuleOwner) DeepCopyRuleOwner() RuleOwner { - return *in.DeepCopy() -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RoleBindingAdapter) DeepCopyInto(out *RoleBindingAdapter) { - *out = *in - if in.RoleBinding != nil { - in, out := &in.RoleBinding, &out.RoleBinding - *out = new(v1.RoleBinding) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBindingAdapter. -func (in *RoleBindingAdapter) DeepCopy() *RoleBindingAdapter { - if in == nil { - return nil - } - out := new(RoleBindingAdapter) - in.DeepCopyInto(out) - return out -} - -// DeepCopyRoleBinding is an autogenerated deepcopy function, copying the receiver, creating a new RoleBinding. -func (in RoleBindingAdapter) DeepCopyRoleBinding() RoleBinding { - return *in.DeepCopy() -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RoleRuleOwner) DeepCopyInto(out *RoleRuleOwner) { - *out = *in - if in.Role != nil { - in, out := &in.Role, &out.Role - *out = new(v1.Role) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRuleOwner. -func (in *RoleRuleOwner) DeepCopy() *RoleRuleOwner { - if in == nil { - return nil - } - out := new(RoleRuleOwner) - in.DeepCopyInto(out) - return out -} - -// DeepCopyRuleOwner is an autogenerated deepcopy function, copying the receiver, creating a new RuleOwner. -func (in RoleRuleOwner) DeepCopyRuleOwner() RuleOwner { - return *in.DeepCopy() -} diff --git a/etcd/vendor/k8s.io/component-helpers/auth/rbac/validation/policy_comparator.go b/etcd/vendor/k8s.io/component-helpers/auth/rbac/validation/policy_comparator.go deleted file mode 100644 index 7a0268b5e9..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/auth/rbac/validation/policy_comparator.go +++ /dev/null @@ -1,173 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "strings" - - rbacv1 "k8s.io/api/rbac/v1" -) - -// Covers determines whether or not the ownerRules cover the servantRules in terms of allowed actions. -// It returns whether or not the ownerRules cover and a list of the rules that the ownerRules do not cover. -func Covers(ownerRules, servantRules []rbacv1.PolicyRule) (bool, []rbacv1.PolicyRule) { - // 1. Break every servantRule into individual rule tuples: group, verb, resource, resourceName - // 2. Compare the mini-rules against each owner rule. Because the breakdown is down to the most atomic level, we're guaranteed that each mini-servant rule will be either fully covered or not covered by a single owner rule - // 3. Any left over mini-rules means that we are not covered and we have a nice list of them. - // TODO: it might be nice to collapse the list down into something more human readable - - subrules := []rbacv1.PolicyRule{} - for _, servantRule := range servantRules { - subrules = append(subrules, BreakdownRule(servantRule)...) - } - - uncoveredRules := []rbacv1.PolicyRule{} - for _, subrule := range subrules { - covered := false - for _, ownerRule := range ownerRules { - if ruleCovers(ownerRule, subrule) { - covered = true - break - } - } - - if !covered { - uncoveredRules = append(uncoveredRules, subrule) - } - } - - return (len(uncoveredRules) == 0), uncoveredRules -} - -// BreadownRule takes a rule and builds an equivalent list of rules that each have at most one verb, one -// resource, and one resource name -func BreakdownRule(rule rbacv1.PolicyRule) []rbacv1.PolicyRule { - subrules := []rbacv1.PolicyRule{} - for _, group := range rule.APIGroups { - for _, resource := range rule.Resources { - for _, verb := range rule.Verbs { - if len(rule.ResourceNames) > 0 { - for _, resourceName := range rule.ResourceNames { - subrules = append(subrules, rbacv1.PolicyRule{APIGroups: []string{group}, Resources: []string{resource}, Verbs: []string{verb}, ResourceNames: []string{resourceName}}) - } - - } else { - subrules = append(subrules, rbacv1.PolicyRule{APIGroups: []string{group}, Resources: []string{resource}, Verbs: []string{verb}}) - } - - } - } - } - - // Non-resource URLs are unique because they only combine with verbs. - for _, nonResourceURL := range rule.NonResourceURLs { - for _, verb := range rule.Verbs { - subrules = append(subrules, rbacv1.PolicyRule{NonResourceURLs: []string{nonResourceURL}, Verbs: []string{verb}}) - } - } - - return subrules -} - -func has(set []string, ele string) bool { - for _, s := range set { - if s == ele { - return true - } - } - return false -} - -func hasAll(set, contains []string) bool { - owning := make(map[string]struct{}, len(set)) - for _, ele := range set { - owning[ele] = struct{}{} - } - for _, ele := range contains { - if _, ok := owning[ele]; !ok { - return false - } - } - return true -} - -func resourceCoversAll(setResources, coversResources []string) bool { - // if we have a star or an exact match on all resources, then we match - if has(setResources, rbacv1.ResourceAll) || hasAll(setResources, coversResources) { - return true - } - - for _, path := range coversResources { - // if we have an exact match, then we match. - if has(setResources, path) { - continue - } - // if we're not a subresource, then we definitely don't match. fail. - if !strings.Contains(path, "/") { - return false - } - tokens := strings.SplitN(path, "/", 2) - resourceToCheck := "*/" + tokens[1] - if !has(setResources, resourceToCheck) { - return false - } - } - - return true -} - -func nonResourceURLsCoversAll(set, covers []string) bool { - for _, path := range covers { - covered := false - for _, owner := range set { - if nonResourceURLCovers(owner, path) { - covered = true - break - } - } - if !covered { - return false - } - } - return true -} - -func nonResourceURLCovers(ownerPath, subPath string) bool { - if ownerPath == subPath { - return true - } - return strings.HasSuffix(ownerPath, "*") && strings.HasPrefix(subPath, strings.TrimRight(ownerPath, "*")) -} - -// ruleCovers determines whether the ownerRule (which may have multiple verbs, resources, and resourceNames) covers -// the subrule (which may only contain at most one verb, resource, and resourceName) -func ruleCovers(ownerRule, subRule rbacv1.PolicyRule) bool { - verbMatches := has(ownerRule.Verbs, rbacv1.VerbAll) || hasAll(ownerRule.Verbs, subRule.Verbs) - groupMatches := has(ownerRule.APIGroups, rbacv1.APIGroupAll) || hasAll(ownerRule.APIGroups, subRule.APIGroups) - resourceMatches := resourceCoversAll(ownerRule.Resources, subRule.Resources) - nonResourceURLMatches := nonResourceURLsCoversAll(ownerRule.NonResourceURLs, subRule.NonResourceURLs) - - resourceNameMatches := false - - if len(subRule.ResourceNames) == 0 { - resourceNameMatches = (len(ownerRule.ResourceNames) == 0) - } else { - resourceNameMatches = (len(ownerRule.ResourceNames) == 0) || hasAll(ownerRule.ResourceNames, subRule.ResourceNames) - } - - return verbMatches && groupMatches && resourceMatches && resourceNameMatches && nonResourceURLMatches -} diff --git a/etcd/vendor/k8s.io/component-helpers/node/util/sysctl/sysctl.go b/etcd/vendor/k8s.io/component-helpers/node/util/sysctl/sysctl.go deleted file mode 100644 index 4910aa22d3..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/node/util/sysctl/sysctl.go +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package sysctl - -import ( - "os" - "path" - "strconv" - "strings" -) - -const ( - sysctlBase = "/proc/sys" - // VMOvercommitMemory refers to the sysctl variable responsible for defining - // the memory over-commit policy used by kernel. - VMOvercommitMemory = "vm/overcommit_memory" - // VMPanicOnOOM refers to the sysctl variable responsible for defining - // the OOM behavior used by kernel. - VMPanicOnOOM = "vm/panic_on_oom" - // KernelPanic refers to the sysctl variable responsible for defining - // the timeout after a panic for the kernel to reboot. - KernelPanic = "kernel/panic" - // KernelPanicOnOops refers to the sysctl variable responsible for defining - // the kernel behavior when an oops or BUG is encountered. - KernelPanicOnOops = "kernel/panic_on_oops" - // RootMaxKeys refers to the sysctl variable responsible for defining - // the maximum number of keys that the root user (UID 0 in the root user namespace) may own. - RootMaxKeys = "kernel/keys/root_maxkeys" - // RootMaxBytes refers to the sysctl variable responsible for defining - // the maximum number of bytes of data that the root user (UID 0 in the root user namespace) - // can hold in the payloads of the keys owned by root. - RootMaxBytes = "kernel/keys/root_maxbytes" - - // VMOvercommitMemoryAlways represents that kernel performs no memory over-commit handling. - VMOvercommitMemoryAlways = 1 - // VMPanicOnOOMInvokeOOMKiller represents that kernel calls the oom_killer function when OOM occurs. - VMPanicOnOOMInvokeOOMKiller = 0 - - // KernelPanicOnOopsAlways represents that kernel panics on kernel oops. - KernelPanicOnOopsAlways = 1 - // KernelPanicRebootTimeout is the timeout seconds after a panic for the kernel to reboot. - KernelPanicRebootTimeout = 10 - - // RootMaxKeysSetting is the maximum number of keys that the root user (UID 0 in the root user namespace) may own. - // Needed since docker creates a new key per container. - RootMaxKeysSetting = 1000000 - // RootMaxBytesSetting is the maximum number of bytes of data that the root user (UID 0 in the root user namespace) - // can hold in the payloads of the keys owned by root. - // Allocate 25 bytes per key * number of MaxKeys. - RootMaxBytesSetting = RootMaxKeysSetting * 25 -) - -// Interface is an injectable interface for running sysctl commands. -type Interface interface { - // GetSysctl returns the value for the specified sysctl setting - GetSysctl(sysctl string) (int, error) - // SetSysctl modifies the specified sysctl flag to the new value - SetSysctl(sysctl string, newVal int) error -} - -// New returns a new Interface for accessing sysctl -func New() Interface { - return &procSysctl{} -} - -// procSysctl implements Interface by reading and writing files under /proc/sys -type procSysctl struct { -} - -// GetSysctl returns the value for the specified sysctl setting -func (*procSysctl) GetSysctl(sysctl string) (int, error) { - data, err := os.ReadFile(path.Join(sysctlBase, sysctl)) - if err != nil { - return -1, err - } - val, err := strconv.Atoi(strings.Trim(string(data), " \n")) - if err != nil { - return -1, err - } - return val, nil -} - -// SetSysctl modifies the specified sysctl flag to the new value -func (*procSysctl) SetSysctl(sysctl string, newVal int) error { - return os.WriteFile(path.Join(sysctlBase, sysctl), []byte(strconv.Itoa(newVal)), 0640) -} diff --git a/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/doc.go b/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/doc.go deleted file mode 100644 index c6cf8132af..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package corev1 defines functions which should satisfy one of the following: -// -// - Be used by more than one core component (kube-scheduler, kubelet, kube-apiserver, etc.) -// - Be used by a core component and another kubernetes project (cluster-autoscaler, descheduler) -// -// And be a scheduling feature. -package corev1 // import "k8s.io/component-helpers/scheduling/corev1" diff --git a/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/helpers.go b/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/helpers.go deleted file mode 100644 index 23a94bd7bc..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/helpers.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package corev1 - -import ( - "encoding/json" - - v1 "k8s.io/api/core/v1" - "k8s.io/component-helpers/scheduling/corev1/nodeaffinity" -) - -// PodPriority returns priority of the given pod. -func PodPriority(pod *v1.Pod) int32 { - if pod.Spec.Priority != nil { - return *pod.Spec.Priority - } - // When priority of a running pod is nil, it means it was created at a time - // that there was no global default priority class and the priority class - // name of the pod was empty. So, we resolve to the static default priority. - return 0 -} - -// MatchNodeSelectorTerms checks whether the node labels and fields match node selector terms in ORed; -// nil or empty term matches no objects. -func MatchNodeSelectorTerms( - node *v1.Node, - nodeSelector *v1.NodeSelector, -) (bool, error) { - if node == nil { - return false, nil - } - return nodeaffinity.NewLazyErrorNodeSelector(nodeSelector).Match(node) -} - -// GetAvoidPodsFromNodeAnnotations scans the list of annotations and -// returns the pods that needs to be avoided for this node from scheduling -func GetAvoidPodsFromNodeAnnotations(annotations map[string]string) (v1.AvoidPods, error) { - var avoidPods v1.AvoidPods - if len(annotations) > 0 && annotations[v1.PreferAvoidPodsAnnotationKey] != "" { - err := json.Unmarshal([]byte(annotations[v1.PreferAvoidPodsAnnotationKey]), &avoidPods) - if err != nil { - return avoidPods, err - } - } - return avoidPods, nil -} - -// TolerationsTolerateTaint checks if taint is tolerated by any of the tolerations. -func TolerationsTolerateTaint(tolerations []v1.Toleration, taint *v1.Taint) bool { - for i := range tolerations { - if tolerations[i].ToleratesTaint(taint) { - return true - } - } - return false -} - -type taintsFilterFunc func(*v1.Taint) bool - -// FindMatchingUntoleratedTaint checks if the given tolerations tolerates -// all the filtered taints, and returns the first taint without a toleration -// Returns true if there is an untolerated taint -// Returns false if all taints are tolerated -func FindMatchingUntoleratedTaint(taints []v1.Taint, tolerations []v1.Toleration, inclusionFilter taintsFilterFunc) (v1.Taint, bool) { - filteredTaints := getFilteredTaints(taints, inclusionFilter) - for _, taint := range filteredTaints { - if !TolerationsTolerateTaint(tolerations, &taint) { - return taint, true - } - } - return v1.Taint{}, false -} - -// getFilteredTaints returns a list of taints satisfying the filter predicate -func getFilteredTaints(taints []v1.Taint, inclusionFilter taintsFilterFunc) []v1.Taint { - if inclusionFilter == nil { - return taints - } - filteredTaints := []v1.Taint{} - for _, taint := range taints { - if !inclusionFilter(&taint) { - continue - } - filteredTaints = append(filteredTaints, taint) - } - return filteredTaints -} diff --git a/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/nodeaffinity/nodeaffinity.go b/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/nodeaffinity/nodeaffinity.go deleted file mode 100644 index 27caf69b92..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/scheduling/corev1/nodeaffinity/nodeaffinity.go +++ /dev/null @@ -1,324 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package nodeaffinity - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/selection" - "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/validation/field" -) - -// NodeSelector is a runtime representation of v1.NodeSelector. -type NodeSelector struct { - lazy LazyErrorNodeSelector -} - -// LazyErrorNodeSelector is a runtime representation of v1.NodeSelector that -// only reports parse errors when no terms match. -type LazyErrorNodeSelector struct { - terms []nodeSelectorTerm -} - -// NewNodeSelector returns a NodeSelector or aggregate parsing errors found. -func NewNodeSelector(ns *v1.NodeSelector, opts ...field.PathOption) (*NodeSelector, error) { - lazy := NewLazyErrorNodeSelector(ns, opts...) - var errs []error - for _, term := range lazy.terms { - if len(term.parseErrs) > 0 { - errs = append(errs, term.parseErrs...) - } - } - if len(errs) != 0 { - return nil, errors.Flatten(errors.NewAggregate(errs)) - } - return &NodeSelector{lazy: *lazy}, nil -} - -// NewLazyErrorNodeSelector creates a NodeSelector that only reports parse -// errors when no terms match. -func NewLazyErrorNodeSelector(ns *v1.NodeSelector, opts ...field.PathOption) *LazyErrorNodeSelector { - p := field.ToPath(opts...) - parsedTerms := make([]nodeSelectorTerm, 0, len(ns.NodeSelectorTerms)) - path := p.Child("nodeSelectorTerms") - for i, term := range ns.NodeSelectorTerms { - // nil or empty term selects no objects - if isEmptyNodeSelectorTerm(&term) { - continue - } - p := path.Index(i) - parsedTerms = append(parsedTerms, newNodeSelectorTerm(&term, p)) - } - return &LazyErrorNodeSelector{ - terms: parsedTerms, - } -} - -// Match checks whether the node labels and fields match the selector terms, ORed; -// nil or empty term matches no objects. -func (ns *NodeSelector) Match(node *v1.Node) bool { - // parse errors are reported in NewNodeSelector. - match, _ := ns.lazy.Match(node) - return match -} - -// Match checks whether the node labels and fields match the selector terms, ORed; -// nil or empty term matches no objects. -// Parse errors are only returned if no terms matched. -func (ns *LazyErrorNodeSelector) Match(node *v1.Node) (bool, error) { - if node == nil { - return false, nil - } - nodeLabels := labels.Set(node.Labels) - nodeFields := extractNodeFields(node) - - var errs []error - for _, term := range ns.terms { - match, tErrs := term.match(nodeLabels, nodeFields) - if len(tErrs) > 0 { - errs = append(errs, tErrs...) - continue - } - if match { - return true, nil - } - } - return false, errors.Flatten(errors.NewAggregate(errs)) -} - -// PreferredSchedulingTerms is a runtime representation of []v1.PreferredSchedulingTerms. -type PreferredSchedulingTerms struct { - terms []preferredSchedulingTerm -} - -// NewPreferredSchedulingTerms returns a PreferredSchedulingTerms or all the parsing errors found. -// If a v1.PreferredSchedulingTerm has a 0 weight, its parsing is skipped. -func NewPreferredSchedulingTerms(terms []v1.PreferredSchedulingTerm, opts ...field.PathOption) (*PreferredSchedulingTerms, error) { - p := field.ToPath(opts...) - var errs []error - parsedTerms := make([]preferredSchedulingTerm, 0, len(terms)) - for i, term := range terms { - path := p.Index(i) - if term.Weight == 0 || isEmptyNodeSelectorTerm(&term.Preference) { - continue - } - parsedTerm := preferredSchedulingTerm{ - nodeSelectorTerm: newNodeSelectorTerm(&term.Preference, path), - weight: int(term.Weight), - } - if len(parsedTerm.parseErrs) > 0 { - errs = append(errs, parsedTerm.parseErrs...) - } else { - parsedTerms = append(parsedTerms, parsedTerm) - } - } - if len(errs) != 0 { - return nil, errors.Flatten(errors.NewAggregate(errs)) - } - return &PreferredSchedulingTerms{terms: parsedTerms}, nil -} - -// Score returns a score for a Node: the sum of the weights of the terms that -// match the Node. -func (t *PreferredSchedulingTerms) Score(node *v1.Node) int64 { - var score int64 - nodeLabels := labels.Set(node.Labels) - nodeFields := extractNodeFields(node) - for _, term := range t.terms { - // parse errors are reported in NewPreferredSchedulingTerms. - if ok, _ := term.match(nodeLabels, nodeFields); ok { - score += int64(term.weight) - } - } - return score -} - -func isEmptyNodeSelectorTerm(term *v1.NodeSelectorTerm) bool { - return len(term.MatchExpressions) == 0 && len(term.MatchFields) == 0 -} - -func extractNodeFields(n *v1.Node) fields.Set { - f := make(fields.Set) - if len(n.Name) > 0 { - f["metadata.name"] = n.Name - } - return f -} - -type nodeSelectorTerm struct { - matchLabels labels.Selector - matchFields fields.Selector - parseErrs []error -} - -func newNodeSelectorTerm(term *v1.NodeSelectorTerm, path *field.Path) nodeSelectorTerm { - var parsedTerm nodeSelectorTerm - var errs []error - if len(term.MatchExpressions) != 0 { - p := path.Child("matchExpressions") - parsedTerm.matchLabels, errs = nodeSelectorRequirementsAsSelector(term.MatchExpressions, p) - if errs != nil { - parsedTerm.parseErrs = append(parsedTerm.parseErrs, errs...) - } - } - if len(term.MatchFields) != 0 { - p := path.Child("matchFields") - parsedTerm.matchFields, errs = nodeSelectorRequirementsAsFieldSelector(term.MatchFields, p) - if errs != nil { - parsedTerm.parseErrs = append(parsedTerm.parseErrs, errs...) - } - } - return parsedTerm -} - -func (t *nodeSelectorTerm) match(nodeLabels labels.Set, nodeFields fields.Set) (bool, []error) { - if t.parseErrs != nil { - return false, t.parseErrs - } - if t.matchLabels != nil && !t.matchLabels.Matches(nodeLabels) { - return false, nil - } - if t.matchFields != nil && len(nodeFields) > 0 && !t.matchFields.Matches(nodeFields) { - return false, nil - } - return true, nil -} - -// nodeSelectorRequirementsAsSelector converts the []NodeSelectorRequirement api type into a struct that implements -// labels.Selector. -func nodeSelectorRequirementsAsSelector(nsm []v1.NodeSelectorRequirement, path *field.Path) (labels.Selector, []error) { - if len(nsm) == 0 { - return labels.Nothing(), nil - } - var errs []error - selector := labels.NewSelector() - for i, expr := range nsm { - p := path.Index(i) - var op selection.Operator - switch expr.Operator { - case v1.NodeSelectorOpIn: - op = selection.In - case v1.NodeSelectorOpNotIn: - op = selection.NotIn - case v1.NodeSelectorOpExists: - op = selection.Exists - case v1.NodeSelectorOpDoesNotExist: - op = selection.DoesNotExist - case v1.NodeSelectorOpGt: - op = selection.GreaterThan - case v1.NodeSelectorOpLt: - op = selection.LessThan - default: - errs = append(errs, field.NotSupported(p.Child("operator"), expr.Operator, nil)) - continue - } - r, err := labels.NewRequirement(expr.Key, op, expr.Values, field.WithPath(p)) - if err != nil { - errs = append(errs, err) - } else { - selector = selector.Add(*r) - } - } - if len(errs) != 0 { - return nil, errs - } - return selector, nil -} - -var validFieldSelectorOperators = []string{ - string(v1.NodeSelectorOpIn), - string(v1.NodeSelectorOpNotIn), -} - -// nodeSelectorRequirementsAsFieldSelector converts the []NodeSelectorRequirement core type into a struct that implements -// fields.Selector. -func nodeSelectorRequirementsAsFieldSelector(nsr []v1.NodeSelectorRequirement, path *field.Path) (fields.Selector, []error) { - if len(nsr) == 0 { - return fields.Nothing(), nil - } - var errs []error - - var selectors []fields.Selector - for i, expr := range nsr { - p := path.Index(i) - switch expr.Operator { - case v1.NodeSelectorOpIn: - if len(expr.Values) != 1 { - errs = append(errs, field.Invalid(p.Child("values"), expr.Values, "must have one element")) - } else { - selectors = append(selectors, fields.OneTermEqualSelector(expr.Key, expr.Values[0])) - } - - case v1.NodeSelectorOpNotIn: - if len(expr.Values) != 1 { - errs = append(errs, field.Invalid(p.Child("values"), expr.Values, "must have one element")) - } else { - selectors = append(selectors, fields.OneTermNotEqualSelector(expr.Key, expr.Values[0])) - } - - default: - errs = append(errs, field.NotSupported(p.Child("operator"), expr.Operator, validFieldSelectorOperators)) - } - } - - if len(errs) != 0 { - return nil, errs - } - return fields.AndSelectors(selectors...), nil -} - -type preferredSchedulingTerm struct { - nodeSelectorTerm - weight int -} - -type RequiredNodeAffinity struct { - labelSelector labels.Selector - nodeSelector *LazyErrorNodeSelector -} - -// GetRequiredNodeAffinity returns the parsing result of pod's nodeSelector and nodeAffinity. -func GetRequiredNodeAffinity(pod *v1.Pod) RequiredNodeAffinity { - var selector labels.Selector - if len(pod.Spec.NodeSelector) > 0 { - selector = labels.SelectorFromSet(pod.Spec.NodeSelector) - } - // Use LazyErrorNodeSelector for backwards compatibility of parsing errors. - var affinity *LazyErrorNodeSelector - if pod.Spec.Affinity != nil && - pod.Spec.Affinity.NodeAffinity != nil && - pod.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution != nil { - affinity = NewLazyErrorNodeSelector(pod.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution) - } - return RequiredNodeAffinity{labelSelector: selector, nodeSelector: affinity} -} - -// Match checks whether the pod is schedulable onto nodes according to -// the requirements in both nodeSelector and nodeAffinity. -func (s RequiredNodeAffinity) Match(node *v1.Node) (bool, error) { - if s.labelSelector != nil { - if !s.labelSelector.Matches(labels.Set(node.Labels)) { - return false, nil - } - } - if s.nodeSelector != nil { - return s.nodeSelector.Match(node) - } - return true, nil -} diff --git a/etcd/vendor/k8s.io/component-helpers/storage/ephemeral/ephemeral.go b/etcd/vendor/k8s.io/component-helpers/storage/ephemeral/ephemeral.go deleted file mode 100644 index 67dddaf5c3..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/storage/ephemeral/ephemeral.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package ephemeral provides code that supports the usual pattern -// for accessing the PVC that provides a generic ephemeral inline volume: -// -// - determine the PVC name that corresponds to the inline volume source -// - retrieve the PVC -// - verify that the PVC is owned by the pod -// - use the PVC -package ephemeral - -import ( - "fmt" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// VolumeClaimName returns the name of the PersistentVolumeClaim -// object that gets created for the generic ephemeral inline volume. The -// name is deterministic and therefore this function does not need any -// additional information besides the Pod name and volume name and it -// will never fail. -// -// Before using the PVC for the Pod, the caller must check that it is -// indeed the PVC that was created for the Pod by calling IsUsable. -func VolumeClaimName(pod *v1.Pod, volume *v1.Volume) string { - return pod.Name + "-" + volume.Name -} - -// VolumeIsForPod checks that the PVC is the ephemeral volume that -// was created for the Pod. It returns an error that is informative -// enough to be returned by the caller without adding further details -// about the Pod or PVC. -func VolumeIsForPod(pod *v1.Pod, pvc *v1.PersistentVolumeClaim) error { - // Checking the namespaces is just a precaution. The caller should - // never pass in a PVC that isn't from the same namespace as the - // Pod. - if pvc.Namespace != pod.Namespace || !metav1.IsControlledBy(pvc, pod) { - return fmt.Errorf("PVC %s/%s was not created for pod %s/%s (pod is not owner)", pvc.Namespace, pvc.Name, pod.Namespace, pod.Name) - } - return nil -} diff --git a/etcd/vendor/k8s.io/component-helpers/storage/volume/helpers.go b/etcd/vendor/k8s.io/component-helpers/storage/volume/helpers.go deleted file mode 100644 index 7ec376f34a..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/storage/volume/helpers.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "fmt" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/component-helpers/scheduling/corev1" -) - -// GetPersistentVolumeClaimClass returns StorageClassName. If no storage class was -// requested, it returns "". -func GetPersistentVolumeClaimClass(claim *v1.PersistentVolumeClaim) string { - // Use beta annotation first - if class, found := claim.Annotations[v1.BetaStorageClassAnnotation]; found { - return class - } - - if claim.Spec.StorageClassName != nil { - return *claim.Spec.StorageClassName - } - - return "" -} - -// GetPersistentVolumeClass returns StorageClassName. -func GetPersistentVolumeClass(volume *v1.PersistentVolume) string { - // Use beta annotation first - if class, found := volume.Annotations[v1.BetaStorageClassAnnotation]; found { - return class - } - - return volume.Spec.StorageClassName -} - -// CheckNodeAffinity looks at the PV node affinity, and checks if the node has the same corresponding labels -// This ensures that we don't mount a volume that doesn't belong to this node -func CheckNodeAffinity(pv *v1.PersistentVolume, nodeLabels map[string]string) error { - if pv.Spec.NodeAffinity == nil { - return nil - } - - if pv.Spec.NodeAffinity.Required != nil { - node := &v1.Node{ObjectMeta: metav1.ObjectMeta{Labels: nodeLabels}} - terms := pv.Spec.NodeAffinity.Required - if matches, err := corev1.MatchNodeSelectorTerms(node, terms); err != nil { - return err - } else if !matches { - return fmt.Errorf("no matching NodeSelectorTerms") - } - } - - return nil -} diff --git a/etcd/vendor/k8s.io/component-helpers/storage/volume/pv_helpers.go b/etcd/vendor/k8s.io/component-helpers/storage/volume/pv_helpers.go deleted file mode 100644 index f927b72314..0000000000 --- a/etcd/vendor/k8s.io/component-helpers/storage/volume/pv_helpers.go +++ /dev/null @@ -1,342 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "fmt" - - v1 "k8s.io/api/core/v1" - storage "k8s.io/api/storage/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/kubernetes/scheme" - storagelisters "k8s.io/client-go/listers/storage/v1" - "k8s.io/client-go/tools/reference" -) - -const ( - // AnnBindCompleted Annotation applies to PVCs. It indicates that the lifecycle - // of the PVC has passed through the initial setup. This information changes how - // we interpret some observations of the state of the objects. Value of this - // Annotation does not matter. - AnnBindCompleted = "pv.kubernetes.io/bind-completed" - - // AnnBoundByController annotation applies to PVs and PVCs. It indicates that - // the binding (PV->PVC or PVC->PV) was installed by the controller. The - // absence of this annotation means the binding was done by the user (i.e. - // pre-bound). Value of this annotation does not matter. - // External PV binders must bind PV the same way as PV controller, otherwise PV - // controller may not handle it correctly. - AnnBoundByController = "pv.kubernetes.io/bound-by-controller" - - // AnnSelectedNode annotation is added to a PVC that has been triggered by scheduler to - // be dynamically provisioned. Its value is the name of the selected node. - AnnSelectedNode = "volume.kubernetes.io/selected-node" - - // NotSupportedProvisioner is a special provisioner name which can be set - // in storage class to indicate dynamic provisioning is not supported by - // the storage. - NotSupportedProvisioner = "kubernetes.io/no-provisioner" - - // AnnDynamicallyProvisioned annotation is added to a PV that has been dynamically provisioned by - // Kubernetes. Its value is name of volume plugin that created the volume. - // It serves both user (to show where a PV comes from) and Kubernetes (to - // recognize dynamically provisioned PVs in its decisions). - AnnDynamicallyProvisioned = "pv.kubernetes.io/provisioned-by" - - // AnnMigratedTo annotation is added to a PVC and PV that is supposed to be - // dynamically provisioned/deleted by by its corresponding CSI driver - // through the CSIMigration feature flags. When this annotation is set the - // Kubernetes components will "stand-down" and the external-provisioner will - // act on the objects - AnnMigratedTo = "pv.kubernetes.io/migrated-to" - - // AnnStorageProvisioner annotation is added to a PVC that is supposed to be dynamically - // provisioned. Its value is name of volume plugin that is supposed to provision - // a volume for this PVC. - // TODO: remove beta anno once deprecation period ends - AnnStorageProvisioner = "volume.kubernetes.io/storage-provisioner" - AnnBetaStorageProvisioner = "volume.beta.kubernetes.io/storage-provisioner" - - //PVDeletionProtectionFinalizer is the finalizer added by the external-provisioner on the PV - PVDeletionProtectionFinalizer = "external-provisioner.volume.kubernetes.io/finalizer" - - // PVDeletionInTreeProtectionFinalizer is the finalizer added to protect PV deletion for in-tree volumes. - PVDeletionInTreeProtectionFinalizer = "kubernetes.io/pv-controller" -) - -// IsDelayBindingProvisioning checks if claim provisioning with selected-node annotation -func IsDelayBindingProvisioning(claim *v1.PersistentVolumeClaim) bool { - // When feature VolumeScheduling enabled, - // Scheduler signal to the PV controller to start dynamic - // provisioning by setting the "AnnSelectedNode" annotation - // in the PVC - _, ok := claim.Annotations[AnnSelectedNode] - return ok -} - -// IsDelayBindingMode checks if claim is in delay binding mode. -func IsDelayBindingMode(claim *v1.PersistentVolumeClaim, classLister storagelisters.StorageClassLister) (bool, error) { - className := GetPersistentVolumeClaimClass(claim) - if className == "" { - return false, nil - } - - class, err := classLister.Get(className) - if err != nil { - if apierrors.IsNotFound(err) { - return false, nil - } - return false, err - } - - if class.VolumeBindingMode == nil { - return false, fmt.Errorf("VolumeBindingMode not set for StorageClass %q", className) - } - - return *class.VolumeBindingMode == storage.VolumeBindingWaitForFirstConsumer, nil -} - -// GetBindVolumeToClaim returns a new volume which is bound to given claim. In -// addition, it returns a bool which indicates whether we made modification on -// original volume. -func GetBindVolumeToClaim(volume *v1.PersistentVolume, claim *v1.PersistentVolumeClaim) (*v1.PersistentVolume, bool, error) { - dirty := false - - // Check if the volume was already bound (either by user or by controller) - shouldSetBoundByController := false - if !IsVolumeBoundToClaim(volume, claim) { - shouldSetBoundByController = true - } - - // The volume from method args can be pointing to watcher cache. We must not - // modify these, therefore create a copy. - volumeClone := volume.DeepCopy() - - // Bind the volume to the claim if it is not bound yet - if volume.Spec.ClaimRef == nil || - volume.Spec.ClaimRef.Name != claim.Name || - volume.Spec.ClaimRef.Namespace != claim.Namespace || - volume.Spec.ClaimRef.UID != claim.UID { - - claimRef, err := reference.GetReference(scheme.Scheme, claim) - if err != nil { - return nil, false, fmt.Errorf("unexpected error getting claim reference: %w", err) - } - volumeClone.Spec.ClaimRef = claimRef - dirty = true - } - - // Set AnnBoundByController if it is not set yet - if shouldSetBoundByController && !metav1.HasAnnotation(volumeClone.ObjectMeta, AnnBoundByController) { - metav1.SetMetaDataAnnotation(&volumeClone.ObjectMeta, AnnBoundByController, "yes") - dirty = true - } - - return volumeClone, dirty, nil -} - -// IsVolumeBoundToClaim returns true, if given volume is pre-bound or bound -// to specific claim. Both claim.Name and claim.Namespace must be equal. -// If claim.UID is present in volume.Spec.ClaimRef, it must be equal too. -func IsVolumeBoundToClaim(volume *v1.PersistentVolume, claim *v1.PersistentVolumeClaim) bool { - if volume.Spec.ClaimRef == nil { - return false - } - if claim.Name != volume.Spec.ClaimRef.Name || claim.Namespace != volume.Spec.ClaimRef.Namespace { - return false - } - if volume.Spec.ClaimRef.UID != "" && claim.UID != volume.Spec.ClaimRef.UID { - return false - } - return true -} - -// FindMatchingVolume goes through the list of volumes to find the best matching volume -// for the claim. -// -// This function is used by both the PV controller and scheduler. -// -// delayBinding is true only in the PV controller path. When set, prebound PVs are still returned -// as a match for the claim, but unbound PVs are skipped. -// -// node is set only in the scheduler path. When set, the PV node affinity is checked against -// the node's labels. -// -// excludedVolumes is only used in the scheduler path, and is needed for evaluating multiple -// unbound PVCs for a single Pod at one time. As each PVC finds a matching PV, the chosen -// PV needs to be excluded from future matching. -func FindMatchingVolume( - claim *v1.PersistentVolumeClaim, - volumes []*v1.PersistentVolume, - node *v1.Node, - excludedVolumes map[string]*v1.PersistentVolume, - delayBinding bool) (*v1.PersistentVolume, error) { - - var smallestVolume *v1.PersistentVolume - var smallestVolumeQty resource.Quantity - requestedQty := claim.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)] - requestedClass := GetPersistentVolumeClaimClass(claim) - - var selector labels.Selector - if claim.Spec.Selector != nil { - internalSelector, err := metav1.LabelSelectorAsSelector(claim.Spec.Selector) - if err != nil { - return nil, fmt.Errorf("error creating internal label selector for claim: %v: %v", claimToClaimKey(claim), err) - } - selector = internalSelector - } - - // Go through all available volumes with two goals: - // - find a volume that is either pre-bound by user or dynamically - // provisioned for this claim. Because of this we need to loop through - // all volumes. - // - find the smallest matching one if there is no volume pre-bound to - // the claim. - for _, volume := range volumes { - if _, ok := excludedVolumes[volume.Name]; ok { - // Skip volumes in the excluded list - continue - } - if volume.Spec.ClaimRef != nil && !IsVolumeBoundToClaim(volume, claim) { - continue - } - - volumeQty := volume.Spec.Capacity[v1.ResourceStorage] - if volumeQty.Cmp(requestedQty) < 0 { - continue - } - // filter out mismatching volumeModes - if CheckVolumeModeMismatches(&claim.Spec, &volume.Spec) { - continue - } - - // check if PV's DeletionTimeStamp is set, if so, skip this volume. - if volume.ObjectMeta.DeletionTimestamp != nil { - continue - } - - nodeAffinityValid := true - if node != nil { - // Scheduler path, check that the PV NodeAffinity - // is satisfied by the node - // CheckNodeAffinity is the most expensive call in this loop. - // We should check cheaper conditions first or consider optimizing this function. - err := CheckNodeAffinity(volume, node.Labels) - if err != nil { - nodeAffinityValid = false - } - } - - if IsVolumeBoundToClaim(volume, claim) { - // If PV node affinity is invalid, return no match. - // This means the prebound PV (and therefore PVC) - // is not suitable for this node. - if !nodeAffinityValid { - return nil, nil - } - - return volume, nil - } - - if node == nil && delayBinding { - // PV controller does not bind this claim. - // Scheduler will handle binding unbound volumes - // Scheduler path will have node != nil - continue - } - - // filter out: - // - volumes in non-available phase - // - volumes whose labels don't match the claim's selector, if specified - // - volumes in Class that is not requested - // - volumes whose NodeAffinity does not match the node - if volume.Status.Phase != v1.VolumeAvailable { - // We ignore volumes in non-available phase, because volumes that - // satisfies matching criteria will be updated to available, binding - // them now has high chance of encountering unnecessary failures - // due to API conflicts. - continue - } else if selector != nil && !selector.Matches(labels.Set(volume.Labels)) { - continue - } - if GetPersistentVolumeClass(volume) != requestedClass { - continue - } - if !nodeAffinityValid { - continue - } - - if node != nil { - // Scheduler path - // Check that the access modes match - if !CheckAccessModes(claim, volume) { - continue - } - } - - if smallestVolume == nil || smallestVolumeQty.Cmp(volumeQty) > 0 { - smallestVolume = volume - smallestVolumeQty = volumeQty - } - } - - if smallestVolume != nil { - // Found a matching volume - return smallestVolume, nil - } - - return nil, nil -} - -// CheckVolumeModeMismatches is a convenience method that checks volumeMode for PersistentVolume -// and PersistentVolumeClaims -func CheckVolumeModeMismatches(pvcSpec *v1.PersistentVolumeClaimSpec, pvSpec *v1.PersistentVolumeSpec) bool { - // In HA upgrades, we cannot guarantee that the apiserver is on a version >= controller-manager. - // So we default a nil volumeMode to filesystem - requestedVolumeMode := v1.PersistentVolumeFilesystem - if pvcSpec.VolumeMode != nil { - requestedVolumeMode = *pvcSpec.VolumeMode - } - pvVolumeMode := v1.PersistentVolumeFilesystem - if pvSpec.VolumeMode != nil { - pvVolumeMode = *pvSpec.VolumeMode - } - return requestedVolumeMode != pvVolumeMode -} - -// CheckAccessModes returns true if PV satisfies all the PVC's requested AccessModes -func CheckAccessModes(claim *v1.PersistentVolumeClaim, volume *v1.PersistentVolume) bool { - pvModesMap := map[v1.PersistentVolumeAccessMode]bool{} - for _, mode := range volume.Spec.AccessModes { - pvModesMap[mode] = true - } - - for _, mode := range claim.Spec.AccessModes { - _, ok := pvModesMap[mode] - if !ok { - return false - } - } - return true -} - -func claimToClaimKey(claim *v1.PersistentVolumeClaim) string { - return fmt.Sprintf("%s/%s", claim.Namespace, claim.Name) -} diff --git a/etcd/vendor/k8s.io/kms/LICENSE b/etcd/vendor/k8s.io/kms/LICENSE deleted file mode 100644 index 8dada3edaf..0000000000 --- a/etcd/vendor/k8s.io/kms/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/kms/apis/v1beta1/api.pb.go b/etcd/vendor/k8s.io/kms/apis/v1beta1/api.pb.go deleted file mode 100644 index 6210014a2b..0000000000 --- a/etcd/vendor/k8s.io/kms/apis/v1beta1/api.pb.go +++ /dev/null @@ -1,502 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: api.proto - -package v1beta1 - -import ( - context "context" - fmt "fmt" - proto "github.com/gogo/protobuf/proto" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -type VersionRequest struct { - // Version of the KMS plugin API. - Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *VersionRequest) Reset() { *m = VersionRequest{} } -func (m *VersionRequest) String() string { return proto.CompactTextString(m) } -func (*VersionRequest) ProtoMessage() {} -func (*VersionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{0} -} -func (m *VersionRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_VersionRequest.Unmarshal(m, b) -} -func (m *VersionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_VersionRequest.Marshal(b, m, deterministic) -} -func (m *VersionRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_VersionRequest.Merge(m, src) -} -func (m *VersionRequest) XXX_Size() int { - return xxx_messageInfo_VersionRequest.Size(m) -} -func (m *VersionRequest) XXX_DiscardUnknown() { - xxx_messageInfo_VersionRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_VersionRequest proto.InternalMessageInfo - -func (m *VersionRequest) GetVersion() string { - if m != nil { - return m.Version - } - return "" -} - -type VersionResponse struct { - // Version of the KMS plugin API. - Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` - // Name of the KMS provider. - RuntimeName string `protobuf:"bytes,2,opt,name=runtime_name,json=runtimeName,proto3" json:"runtime_name,omitempty"` - // Version of the KMS provider. The string must be semver-compatible. - RuntimeVersion string `protobuf:"bytes,3,opt,name=runtime_version,json=runtimeVersion,proto3" json:"runtime_version,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *VersionResponse) Reset() { *m = VersionResponse{} } -func (m *VersionResponse) String() string { return proto.CompactTextString(m) } -func (*VersionResponse) ProtoMessage() {} -func (*VersionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{1} -} -func (m *VersionResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_VersionResponse.Unmarshal(m, b) -} -func (m *VersionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_VersionResponse.Marshal(b, m, deterministic) -} -func (m *VersionResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_VersionResponse.Merge(m, src) -} -func (m *VersionResponse) XXX_Size() int { - return xxx_messageInfo_VersionResponse.Size(m) -} -func (m *VersionResponse) XXX_DiscardUnknown() { - xxx_messageInfo_VersionResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_VersionResponse proto.InternalMessageInfo - -func (m *VersionResponse) GetVersion() string { - if m != nil { - return m.Version - } - return "" -} - -func (m *VersionResponse) GetRuntimeName() string { - if m != nil { - return m.RuntimeName - } - return "" -} - -func (m *VersionResponse) GetRuntimeVersion() string { - if m != nil { - return m.RuntimeVersion - } - return "" -} - -type DecryptRequest struct { - // Version of the KMS plugin API. - Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` - // The data to be decrypted. - Cipher []byte `protobuf:"bytes,2,opt,name=cipher,proto3" json:"cipher,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DecryptRequest) Reset() { *m = DecryptRequest{} } -func (m *DecryptRequest) String() string { return proto.CompactTextString(m) } -func (*DecryptRequest) ProtoMessage() {} -func (*DecryptRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{2} -} -func (m *DecryptRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DecryptRequest.Unmarshal(m, b) -} -func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DecryptRequest.Marshal(b, m, deterministic) -} -func (m *DecryptRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_DecryptRequest.Merge(m, src) -} -func (m *DecryptRequest) XXX_Size() int { - return xxx_messageInfo_DecryptRequest.Size(m) -} -func (m *DecryptRequest) XXX_DiscardUnknown() { - xxx_messageInfo_DecryptRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_DecryptRequest proto.InternalMessageInfo - -func (m *DecryptRequest) GetVersion() string { - if m != nil { - return m.Version - } - return "" -} - -func (m *DecryptRequest) GetCipher() []byte { - if m != nil { - return m.Cipher - } - return nil -} - -type DecryptResponse struct { - // The decrypted data. - Plain []byte `protobuf:"bytes,1,opt,name=plain,proto3" json:"plain,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DecryptResponse) Reset() { *m = DecryptResponse{} } -func (m *DecryptResponse) String() string { return proto.CompactTextString(m) } -func (*DecryptResponse) ProtoMessage() {} -func (*DecryptResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{3} -} -func (m *DecryptResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DecryptResponse.Unmarshal(m, b) -} -func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DecryptResponse.Marshal(b, m, deterministic) -} -func (m *DecryptResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_DecryptResponse.Merge(m, src) -} -func (m *DecryptResponse) XXX_Size() int { - return xxx_messageInfo_DecryptResponse.Size(m) -} -func (m *DecryptResponse) XXX_DiscardUnknown() { - xxx_messageInfo_DecryptResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_DecryptResponse proto.InternalMessageInfo - -func (m *DecryptResponse) GetPlain() []byte { - if m != nil { - return m.Plain - } - return nil -} - -type EncryptRequest struct { - // Version of the KMS plugin API. - Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` - // The data to be encrypted. - Plain []byte `protobuf:"bytes,2,opt,name=plain,proto3" json:"plain,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EncryptRequest) Reset() { *m = EncryptRequest{} } -func (m *EncryptRequest) String() string { return proto.CompactTextString(m) } -func (*EncryptRequest) ProtoMessage() {} -func (*EncryptRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{4} -} -func (m *EncryptRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptRequest.Unmarshal(m, b) -} -func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptRequest.Marshal(b, m, deterministic) -} -func (m *EncryptRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptRequest.Merge(m, src) -} -func (m *EncryptRequest) XXX_Size() int { - return xxx_messageInfo_EncryptRequest.Size(m) -} -func (m *EncryptRequest) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptRequest proto.InternalMessageInfo - -func (m *EncryptRequest) GetVersion() string { - if m != nil { - return m.Version - } - return "" -} - -func (m *EncryptRequest) GetPlain() []byte { - if m != nil { - return m.Plain - } - return nil -} - -type EncryptResponse struct { - // The encrypted data. - Cipher []byte `protobuf:"bytes,1,opt,name=cipher,proto3" json:"cipher,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EncryptResponse) Reset() { *m = EncryptResponse{} } -func (m *EncryptResponse) String() string { return proto.CompactTextString(m) } -func (*EncryptResponse) ProtoMessage() {} -func (*EncryptResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{5} -} -func (m *EncryptResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptResponse.Unmarshal(m, b) -} -func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptResponse.Marshal(b, m, deterministic) -} -func (m *EncryptResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptResponse.Merge(m, src) -} -func (m *EncryptResponse) XXX_Size() int { - return xxx_messageInfo_EncryptResponse.Size(m) -} -func (m *EncryptResponse) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptResponse proto.InternalMessageInfo - -func (m *EncryptResponse) GetCipher() []byte { - if m != nil { - return m.Cipher - } - return nil -} - -func init() { - proto.RegisterType((*VersionRequest)(nil), "v1beta1.VersionRequest") - proto.RegisterType((*VersionResponse)(nil), "v1beta1.VersionResponse") - proto.RegisterType((*DecryptRequest)(nil), "v1beta1.DecryptRequest") - proto.RegisterType((*DecryptResponse)(nil), "v1beta1.DecryptResponse") - proto.RegisterType((*EncryptRequest)(nil), "v1beta1.EncryptRequest") - proto.RegisterType((*EncryptResponse)(nil), "v1beta1.EncryptResponse") -} - -func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } - -var fileDescriptor_00212fb1f9d3bf1c = []byte{ - // 286 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x52, 0x4f, 0x4b, 0xc3, 0x30, - 0x14, 0x5f, 0x27, 0xae, 0xec, 0x59, 0x5a, 0x08, 0x43, 0x8b, 0x27, 0xcd, 0x65, 0xea, 0xa1, 0x30, - 0xbd, 0x8b, 0x88, 0x9e, 0x44, 0x0f, 0x15, 0xbc, 0x4a, 0x56, 0x1e, 0x1a, 0xb0, 0x69, 0x4c, 0xb3, - 0xca, 0xbe, 0xa8, 0x9f, 0x47, 0x6c, 0x5e, 0x6b, 0x3a, 0x11, 0x77, 0x7c, 0x2f, 0xef, 0xf7, 0xef, - 0xbd, 0xc0, 0x54, 0x68, 0x99, 0x69, 0x53, 0xd9, 0x8a, 0x85, 0xcd, 0x62, 0x89, 0x56, 0x2c, 0xf8, - 0x19, 0xc4, 0x4f, 0x68, 0x6a, 0x59, 0xa9, 0x1c, 0xdf, 0x57, 0x58, 0x5b, 0x96, 0x42, 0xd8, 0xb8, - 0x4e, 0x1a, 0x1c, 0x05, 0x27, 0xd3, 0xbc, 0x2b, 0xf9, 0x07, 0x24, 0xfd, 0x6c, 0xad, 0x2b, 0x55, - 0xe3, 0xdf, 0xc3, 0xec, 0x18, 0x22, 0xb3, 0x52, 0x56, 0x96, 0xf8, 0xac, 0x44, 0x89, 0xe9, 0xb8, - 0x7d, 0xde, 0xa3, 0xde, 0x83, 0x28, 0x91, 0xcd, 0x21, 0xe9, 0x46, 0x3a, 0x92, 0x9d, 0x76, 0x2a, - 0xa6, 0x36, 0xa9, 0xf1, 0x6b, 0x88, 0x6f, 0xb0, 0x30, 0x6b, 0x6d, 0xff, 0x35, 0xc9, 0xf6, 0x61, - 0x52, 0x48, 0xfd, 0x8a, 0xa6, 0x55, 0x8c, 0x72, 0xaa, 0xf8, 0x1c, 0x92, 0x9e, 0x83, 0xcc, 0xcf, - 0x60, 0x57, 0xbf, 0x09, 0xe9, 0x28, 0xa2, 0xdc, 0x15, 0xfc, 0x0a, 0xe2, 0x5b, 0xb5, 0xa5, 0x58, - 0xcf, 0x30, 0xf6, 0x19, 0x4e, 0x21, 0xe9, 0x19, 0x48, 0xea, 0xc7, 0x55, 0xe0, 0xbb, 0x3a, 0xff, - 0x0c, 0x60, 0x76, 0x87, 0xeb, 0x7b, 0xa1, 0xc4, 0x0b, 0x96, 0xa8, 0xec, 0x23, 0x9a, 0x46, 0x16, - 0xc8, 0x2e, 0x21, 0xa4, 0xf4, 0xec, 0x20, 0xa3, 0x63, 0x65, 0xc3, 0x4b, 0x1d, 0xa6, 0xbf, 0x1f, - 0x9c, 0x1c, 0x1f, 0x7d, 0xe3, 0x29, 0xae, 0x87, 0x1f, 0x2e, 0xd1, 0xc3, 0x6f, 0x6c, 0xc6, 0xe1, - 0x29, 0x83, 0x87, 0x1f, 0xee, 0xc5, 0xc3, 0x6f, 0xc4, 0xe5, 0xa3, 0xe5, 0xa4, 0xfd, 0x67, 0x17, - 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x57, 0xc8, 0x65, 0x5a, 0x74, 0x02, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// KeyManagementServiceClient is the client API for KeyManagementService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type KeyManagementServiceClient interface { - // Version returns the runtime name and runtime version of the KMS provider. - Version(ctx context.Context, in *VersionRequest, opts ...grpc.CallOption) (*VersionResponse, error) - // Execute decryption operation in KMS provider. - Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) - // Execute encryption operation in KMS provider. - Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) -} - -type keyManagementServiceClient struct { - cc *grpc.ClientConn -} - -func NewKeyManagementServiceClient(cc *grpc.ClientConn) KeyManagementServiceClient { - return &keyManagementServiceClient{cc} -} - -func (c *keyManagementServiceClient) Version(ctx context.Context, in *VersionRequest, opts ...grpc.CallOption) (*VersionResponse, error) { - out := new(VersionResponse) - err := c.cc.Invoke(ctx, "/v1beta1.KeyManagementService/Version", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyManagementServiceClient) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) { - out := new(DecryptResponse) - err := c.cc.Invoke(ctx, "/v1beta1.KeyManagementService/Decrypt", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyManagementServiceClient) Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) { - out := new(EncryptResponse) - err := c.cc.Invoke(ctx, "/v1beta1.KeyManagementService/Encrypt", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// KeyManagementServiceServer is the server API for KeyManagementService service. -type KeyManagementServiceServer interface { - // Version returns the runtime name and runtime version of the KMS provider. - Version(context.Context, *VersionRequest) (*VersionResponse, error) - // Execute decryption operation in KMS provider. - Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) - // Execute encryption operation in KMS provider. - Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) -} - -// UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations. -type UnimplementedKeyManagementServiceServer struct { -} - -func (*UnimplementedKeyManagementServiceServer) Version(ctx context.Context, req *VersionRequest) (*VersionResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Version not implemented") -} -func (*UnimplementedKeyManagementServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") -} -func (*UnimplementedKeyManagementServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Encrypt not implemented") -} - -func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer) { - s.RegisterService(&_KeyManagementService_serviceDesc, srv) -} - -func _KeyManagementService_Version_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(VersionRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyManagementServiceServer).Version(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1beta1.KeyManagementService/Version", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyManagementServiceServer).Version(ctx, req.(*VersionRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyManagementService_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DecryptRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyManagementServiceServer).Decrypt(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1beta1.KeyManagementService/Decrypt", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyManagementServiceServer).Decrypt(ctx, req.(*DecryptRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyManagementService_Encrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(EncryptRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyManagementServiceServer).Encrypt(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1beta1.KeyManagementService/Encrypt", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyManagementServiceServer).Encrypt(ctx, req.(*EncryptRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _KeyManagementService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "v1beta1.KeyManagementService", - HandlerType: (*KeyManagementServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Version", - Handler: _KeyManagementService_Version_Handler, - }, - { - MethodName: "Decrypt", - Handler: _KeyManagementService_Decrypt_Handler, - }, - { - MethodName: "Encrypt", - Handler: _KeyManagementService_Encrypt_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "api.proto", -} diff --git a/etcd/vendor/k8s.io/kms/apis/v1beta1/api.proto b/etcd/vendor/k8s.io/kms/apis/v1beta1/api.proto deleted file mode 100644 index a9b44bf5fa..0000000000 --- a/etcd/vendor/k8s.io/kms/apis/v1beta1/api.proto +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// To regenerate api.pb.go run hack/update-generated-kms.sh -syntax = "proto3"; - -package v1beta1; - -// This service defines the public APIs for remote KMS provider. -service KeyManagementService { - // Version returns the runtime name and runtime version of the KMS provider. - rpc Version(VersionRequest) returns (VersionResponse) {} - - // Execute decryption operation in KMS provider. - rpc Decrypt(DecryptRequest) returns (DecryptResponse) {} - // Execute encryption operation in KMS provider. - rpc Encrypt(EncryptRequest) returns (EncryptResponse) {} -} - -message VersionRequest { - // Version of the KMS plugin API. - string version = 1; -} - -message VersionResponse { - // Version of the KMS plugin API. - string version = 1; - // Name of the KMS provider. - string runtime_name = 2; - // Version of the KMS provider. The string must be semver-compatible. - string runtime_version = 3; -} - -message DecryptRequest { - // Version of the KMS plugin API. - string version = 1; - // The data to be decrypted. - bytes cipher = 2; -} - -message DecryptResponse { - // The decrypted data. - bytes plain = 1; -} - -message EncryptRequest { - // Version of the KMS plugin API. - string version = 1; - // The data to be encrypted. - bytes plain = 2; -} - -message EncryptResponse { - // The encrypted data. - bytes cipher = 1; -} - diff --git a/etcd/vendor/k8s.io/kms/apis/v1beta1/v1beta1.go b/etcd/vendor/k8s.io/kms/apis/v1beta1/v1beta1.go deleted file mode 100644 index 842d0a2fdc..0000000000 --- a/etcd/vendor/k8s.io/kms/apis/v1beta1/v1beta1.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1beta1 contains definition of kms-plugin's gRPC service. -package v1beta1 - -// IsVersionCheckMethod determines whether the supplied method is a version check against kms-plugin. -func IsVersionCheckMethod(method string) bool { - return method == "/v1beta1.KeyManagementService/Version" -} diff --git a/etcd/vendor/k8s.io/kms/apis/v2alpha1/api.pb.go b/etcd/vendor/k8s.io/kms/apis/v2alpha1/api.pb.go deleted file mode 100644 index ab55bd1b3e..0000000000 --- a/etcd/vendor/k8s.io/kms/apis/v2alpha1/api.pb.go +++ /dev/null @@ -1,542 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: api.proto - -package v2alpha1 - -import ( - context "context" - fmt "fmt" - proto "github.com/gogo/protobuf/proto" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -type StatusRequest struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *StatusRequest) Reset() { *m = StatusRequest{} } -func (m *StatusRequest) String() string { return proto.CompactTextString(m) } -func (*StatusRequest) ProtoMessage() {} -func (*StatusRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{0} -} -func (m *StatusRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_StatusRequest.Unmarshal(m, b) -} -func (m *StatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_StatusRequest.Marshal(b, m, deterministic) -} -func (m *StatusRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_StatusRequest.Merge(m, src) -} -func (m *StatusRequest) XXX_Size() int { - return xxx_messageInfo_StatusRequest.Size(m) -} -func (m *StatusRequest) XXX_DiscardUnknown() { - xxx_messageInfo_StatusRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_StatusRequest proto.InternalMessageInfo - -type StatusResponse struct { - // Version of the KMS plugin API. Must match the configured .resources[].providers[].kms.apiVersion - Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` - // Any value other than "ok" is failing healthz. On failure, the associated API server healthz endpoint will contain this value as part of the error message. - Healthz string `protobuf:"bytes,2,opt,name=healthz,proto3" json:"healthz,omitempty"` - // the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage. - KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *StatusResponse) Reset() { *m = StatusResponse{} } -func (m *StatusResponse) String() string { return proto.CompactTextString(m) } -func (*StatusResponse) ProtoMessage() {} -func (*StatusResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{1} -} -func (m *StatusResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_StatusResponse.Unmarshal(m, b) -} -func (m *StatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_StatusResponse.Marshal(b, m, deterministic) -} -func (m *StatusResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_StatusResponse.Merge(m, src) -} -func (m *StatusResponse) XXX_Size() int { - return xxx_messageInfo_StatusResponse.Size(m) -} -func (m *StatusResponse) XXX_DiscardUnknown() { - xxx_messageInfo_StatusResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_StatusResponse proto.InternalMessageInfo - -func (m *StatusResponse) GetVersion() string { - if m != nil { - return m.Version - } - return "" -} - -func (m *StatusResponse) GetHealthz() string { - if m != nil { - return m.Healthz - } - return "" -} - -func (m *StatusResponse) GetKeyId() string { - if m != nil { - return m.KeyId - } - return "" -} - -type DecryptRequest struct { - // The data to be decrypted. - Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` - // UID is a unique identifier for the request. - Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"` - // The keyID that was provided to the apiserver during encryption. - // This represents the KMS KEK that was used to encrypt the data. - KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` - // Additional metadata that was sent by the KMS plugin during encryption. - Annotations map[string][]byte `protobuf:"bytes,4,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DecryptRequest) Reset() { *m = DecryptRequest{} } -func (m *DecryptRequest) String() string { return proto.CompactTextString(m) } -func (*DecryptRequest) ProtoMessage() {} -func (*DecryptRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{2} -} -func (m *DecryptRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DecryptRequest.Unmarshal(m, b) -} -func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DecryptRequest.Marshal(b, m, deterministic) -} -func (m *DecryptRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_DecryptRequest.Merge(m, src) -} -func (m *DecryptRequest) XXX_Size() int { - return xxx_messageInfo_DecryptRequest.Size(m) -} -func (m *DecryptRequest) XXX_DiscardUnknown() { - xxx_messageInfo_DecryptRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_DecryptRequest proto.InternalMessageInfo - -func (m *DecryptRequest) GetCiphertext() []byte { - if m != nil { - return m.Ciphertext - } - return nil -} - -func (m *DecryptRequest) GetUid() string { - if m != nil { - return m.Uid - } - return "" -} - -func (m *DecryptRequest) GetKeyId() string { - if m != nil { - return m.KeyId - } - return "" -} - -func (m *DecryptRequest) GetAnnotations() map[string][]byte { - if m != nil { - return m.Annotations - } - return nil -} - -type DecryptResponse struct { - // The decrypted data. - Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DecryptResponse) Reset() { *m = DecryptResponse{} } -func (m *DecryptResponse) String() string { return proto.CompactTextString(m) } -func (*DecryptResponse) ProtoMessage() {} -func (*DecryptResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{3} -} -func (m *DecryptResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DecryptResponse.Unmarshal(m, b) -} -func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DecryptResponse.Marshal(b, m, deterministic) -} -func (m *DecryptResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_DecryptResponse.Merge(m, src) -} -func (m *DecryptResponse) XXX_Size() int { - return xxx_messageInfo_DecryptResponse.Size(m) -} -func (m *DecryptResponse) XXX_DiscardUnknown() { - xxx_messageInfo_DecryptResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_DecryptResponse proto.InternalMessageInfo - -func (m *DecryptResponse) GetPlaintext() []byte { - if m != nil { - return m.Plaintext - } - return nil -} - -type EncryptRequest struct { - // The data to be encrypted. - Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` - // UID is a unique identifier for the request. - Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EncryptRequest) Reset() { *m = EncryptRequest{} } -func (m *EncryptRequest) String() string { return proto.CompactTextString(m) } -func (*EncryptRequest) ProtoMessage() {} -func (*EncryptRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{4} -} -func (m *EncryptRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptRequest.Unmarshal(m, b) -} -func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptRequest.Marshal(b, m, deterministic) -} -func (m *EncryptRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptRequest.Merge(m, src) -} -func (m *EncryptRequest) XXX_Size() int { - return xxx_messageInfo_EncryptRequest.Size(m) -} -func (m *EncryptRequest) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptRequest proto.InternalMessageInfo - -func (m *EncryptRequest) GetPlaintext() []byte { - if m != nil { - return m.Plaintext - } - return nil -} - -func (m *EncryptRequest) GetUid() string { - if m != nil { - return m.Uid - } - return "" -} - -type EncryptResponse struct { - // The encrypted data. - Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` - // The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use. - // This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage. - KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` - // Additional metadata to be stored with the encrypted data. - // This metadata can contain the encrypted local KEK that was used to encrypt the DEK. - // This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data. - Annotations map[string][]byte `protobuf:"bytes,3,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *EncryptResponse) Reset() { *m = EncryptResponse{} } -func (m *EncryptResponse) String() string { return proto.CompactTextString(m) } -func (*EncryptResponse) ProtoMessage() {} -func (*EncryptResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{5} -} -func (m *EncryptResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptResponse.Unmarshal(m, b) -} -func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptResponse.Marshal(b, m, deterministic) -} -func (m *EncryptResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptResponse.Merge(m, src) -} -func (m *EncryptResponse) XXX_Size() int { - return xxx_messageInfo_EncryptResponse.Size(m) -} -func (m *EncryptResponse) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptResponse proto.InternalMessageInfo - -func (m *EncryptResponse) GetCiphertext() []byte { - if m != nil { - return m.Ciphertext - } - return nil -} - -func (m *EncryptResponse) GetKeyId() string { - if m != nil { - return m.KeyId - } - return "" -} - -func (m *EncryptResponse) GetAnnotations() map[string][]byte { - if m != nil { - return m.Annotations - } - return nil -} - -func init() { - proto.RegisterType((*StatusRequest)(nil), "v2alpha1.StatusRequest") - proto.RegisterType((*StatusResponse)(nil), "v2alpha1.StatusResponse") - proto.RegisterType((*DecryptRequest)(nil), "v2alpha1.DecryptRequest") - proto.RegisterMapType((map[string][]byte)(nil), "v2alpha1.DecryptRequest.AnnotationsEntry") - proto.RegisterType((*DecryptResponse)(nil), "v2alpha1.DecryptResponse") - proto.RegisterType((*EncryptRequest)(nil), "v2alpha1.EncryptRequest") - proto.RegisterType((*EncryptResponse)(nil), "v2alpha1.EncryptResponse") - proto.RegisterMapType((map[string][]byte)(nil), "v2alpha1.EncryptResponse.AnnotationsEntry") -} - -func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } - -var fileDescriptor_00212fb1f9d3bf1c = []byte{ - // 391 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x93, 0xcf, 0x4f, 0xe2, 0x40, - 0x14, 0xc7, 0x29, 0x5d, 0x60, 0x79, 0xb0, 0x40, 0x26, 0x6c, 0xb6, 0x4b, 0x36, 0x1b, 0x32, 0x27, - 0x76, 0x0f, 0xdd, 0x2c, 0x5e, 0x8c, 0x89, 0x06, 0x13, 0x39, 0x18, 0xf4, 0x52, 0x8e, 0x1e, 0xcc, - 0x08, 0x2f, 0x76, 0x42, 0x9d, 0xd6, 0x76, 0xda, 0x58, 0xff, 0x50, 0x13, 0xff, 0x01, 0xff, 0x0e, - 0xd3, 0x76, 0xa0, 0x2d, 0x88, 0x9e, 0xbc, 0xcd, 0xfb, 0xd1, 0xef, 0xf7, 0xcd, 0x67, 0x5e, 0xa1, - 0xc9, 0x3c, 0x6e, 0x7a, 0xbe, 0x2b, 0x5d, 0xf2, 0x35, 0x1a, 0x33, 0xc7, 0xb3, 0xd9, 0x7f, 0xda, - 0x85, 0x6f, 0x73, 0xc9, 0x64, 0x18, 0x58, 0x78, 0x1f, 0x62, 0x20, 0xe9, 0x15, 0x74, 0xd6, 0x89, - 0xc0, 0x73, 0x45, 0x80, 0xc4, 0x80, 0x46, 0x84, 0x7e, 0xc0, 0x5d, 0x61, 0x68, 0x43, 0x6d, 0xd4, - 0xb4, 0xd6, 0x61, 0x52, 0xb1, 0x91, 0x39, 0xd2, 0x7e, 0x34, 0xaa, 0x59, 0x45, 0x85, 0xe4, 0x3b, - 0xd4, 0x57, 0x18, 0x5f, 0xf3, 0xa5, 0xa1, 0xa7, 0x85, 0xda, 0x0a, 0xe3, 0xf3, 0x25, 0x7d, 0xd1, - 0xa0, 0x73, 0x86, 0x0b, 0x3f, 0xf6, 0xa4, 0xf2, 0x23, 0xbf, 0x01, 0x16, 0xdc, 0xb3, 0xd1, 0x97, - 0xf8, 0x20, 0x53, 0x83, 0xb6, 0x55, 0xc8, 0x90, 0x1e, 0xe8, 0x21, 0x5f, 0x2a, 0xfd, 0xe4, 0xb8, - 0x47, 0x9b, 0xcc, 0xa0, 0xc5, 0x84, 0x70, 0x25, 0x93, 0xdc, 0x15, 0x81, 0xf1, 0x65, 0xa8, 0x8f, - 0x5a, 0xe3, 0x3f, 0xe6, 0xfa, 0xa6, 0x66, 0xd9, 0xd7, 0x3c, 0xcd, 0x7b, 0xa7, 0x42, 0xfa, 0xb1, - 0x55, 0xfc, 0x7a, 0x70, 0x02, 0xbd, 0xed, 0x86, 0x64, 0x92, 0x15, 0xc6, 0x8a, 0x41, 0x72, 0x24, - 0x7d, 0xa8, 0x45, 0xcc, 0x09, 0x31, 0x9d, 0xae, 0x6d, 0x65, 0xc1, 0x51, 0xf5, 0x50, 0xa3, 0xff, - 0xa0, 0xbb, 0xf1, 0x53, 0x18, 0x7f, 0x41, 0xd3, 0x73, 0x18, 0x17, 0x85, 0x7b, 0xe6, 0x09, 0x3a, - 0x81, 0xce, 0x54, 0x94, 0xc0, 0xbc, 0xdb, 0xbf, 0x8b, 0x85, 0x3e, 0x69, 0xd0, 0xdd, 0x48, 0x28, - 0xcf, 0x8f, 0xe0, 0xe6, 0x28, 0xab, 0x45, 0x94, 0x17, 0x65, 0x94, 0x7a, 0x8a, 0xf2, 0x6f, 0x8e, - 0x72, 0xcb, 0xe6, 0x73, 0x59, 0x8e, 0x9f, 0x35, 0xe8, 0xcf, 0x30, 0xbe, 0x64, 0x82, 0xdd, 0xe2, - 0x1d, 0x0a, 0x39, 0x47, 0x3f, 0xe2, 0x0b, 0x24, 0xc7, 0x50, 0xcf, 0x56, 0x95, 0xfc, 0xc8, 0x67, - 0x2b, 0x6d, 0xf3, 0xc0, 0xd8, 0x2d, 0x64, 0x33, 0xd3, 0x0a, 0x99, 0x40, 0x43, 0xbd, 0x11, 0x31, - 0xf6, 0xad, 0xc9, 0xe0, 0xe7, 0x1b, 0x95, 0xa2, 0x82, 0x42, 0x51, 0x54, 0x28, 0xbf, 0x63, 0x51, - 0x61, 0x8b, 0x1b, 0xad, 0xdc, 0xd4, 0xd3, 0xff, 0xf1, 0xe0, 0x35, 0x00, 0x00, 0xff, 0xff, 0xa7, - 0xdd, 0xa1, 0x79, 0x9c, 0x03, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// KeyManagementServiceClient is the client API for KeyManagementService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type KeyManagementServiceClient interface { - // this API is meant to be polled - Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) - // Execute decryption operation in KMS provider. - Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) - // Execute encryption operation in KMS provider. - Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) -} - -type keyManagementServiceClient struct { - cc *grpc.ClientConn -} - -func NewKeyManagementServiceClient(cc *grpc.ClientConn) KeyManagementServiceClient { - return &keyManagementServiceClient{cc} -} - -func (c *keyManagementServiceClient) Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) { - out := new(StatusResponse) - err := c.cc.Invoke(ctx, "/v2alpha1.KeyManagementService/Status", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyManagementServiceClient) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) { - out := new(DecryptResponse) - err := c.cc.Invoke(ctx, "/v2alpha1.KeyManagementService/Decrypt", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyManagementServiceClient) Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) { - out := new(EncryptResponse) - err := c.cc.Invoke(ctx, "/v2alpha1.KeyManagementService/Encrypt", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// KeyManagementServiceServer is the server API for KeyManagementService service. -type KeyManagementServiceServer interface { - // this API is meant to be polled - Status(context.Context, *StatusRequest) (*StatusResponse, error) - // Execute decryption operation in KMS provider. - Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) - // Execute encryption operation in KMS provider. - Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) -} - -// UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations. -type UnimplementedKeyManagementServiceServer struct { -} - -func (*UnimplementedKeyManagementServiceServer) Status(ctx context.Context, req *StatusRequest) (*StatusResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Status not implemented") -} -func (*UnimplementedKeyManagementServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") -} -func (*UnimplementedKeyManagementServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Encrypt not implemented") -} - -func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer) { - s.RegisterService(&_KeyManagementService_serviceDesc, srv) -} - -func _KeyManagementService_Status_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(StatusRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyManagementServiceServer).Status(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v2alpha1.KeyManagementService/Status", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyManagementServiceServer).Status(ctx, req.(*StatusRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyManagementService_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DecryptRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyManagementServiceServer).Decrypt(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v2alpha1.KeyManagementService/Decrypt", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyManagementServiceServer).Decrypt(ctx, req.(*DecryptRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyManagementService_Encrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(EncryptRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyManagementServiceServer).Encrypt(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v2alpha1.KeyManagementService/Encrypt", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyManagementServiceServer).Encrypt(ctx, req.(*EncryptRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _KeyManagementService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "v2alpha1.KeyManagementService", - HandlerType: (*KeyManagementServiceServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Status", - Handler: _KeyManagementService_Status_Handler, - }, - { - MethodName: "Decrypt", - Handler: _KeyManagementService_Decrypt_Handler, - }, - { - MethodName: "Encrypt", - Handler: _KeyManagementService_Encrypt_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "api.proto", -} diff --git a/etcd/vendor/k8s.io/kms/apis/v2alpha1/api.proto b/etcd/vendor/k8s.io/kms/apis/v2alpha1/api.proto deleted file mode 100644 index 9b960b2acc..0000000000 --- a/etcd/vendor/k8s.io/kms/apis/v2alpha1/api.proto +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// To regenerate api.pb.go run hack/update-generated-kms.sh -syntax = "proto3"; - -package v2alpha1; - -// This service defines the public APIs for remote KMS provider. -service KeyManagementService { - // this API is meant to be polled - rpc Status(StatusRequest) returns (StatusResponse) {} - - // Execute decryption operation in KMS provider. - rpc Decrypt(DecryptRequest) returns (DecryptResponse) {} - // Execute encryption operation in KMS provider. - rpc Encrypt(EncryptRequest) returns (EncryptResponse) {} -} - -message StatusRequest {} - -message StatusResponse { - // Version of the KMS plugin API. Must match the configured .resources[].providers[].kms.apiVersion - string version = 1; - // Any value other than "ok" is failing healthz. On failure, the associated API server healthz endpoint will contain this value as part of the error message. - string healthz = 2; - // the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage. - string key_id = 3; -} - -message DecryptRequest { - // The data to be decrypted. - bytes ciphertext = 1; - // UID is a unique identifier for the request. - string uid = 2; - // The keyID that was provided to the apiserver during encryption. - // This represents the KMS KEK that was used to encrypt the data. - string key_id = 3; - // Additional metadata that was sent by the KMS plugin during encryption. - map<string, bytes> annotations = 4; -} - -message DecryptResponse { - // The decrypted data. - bytes plaintext = 1; -} - -message EncryptRequest { - // The data to be encrypted. - bytes plaintext = 1; - // UID is a unique identifier for the request. - string uid = 2; -} - -message EncryptResponse { - // The encrypted data. - bytes ciphertext = 1; - // The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use. - // This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage. - string key_id = 2; - // Additional metadata to be stored with the encrypted data. - // This metadata can contain the encrypted local KEK that was used to encrypt the DEK. - // This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data. - map<string, bytes> annotations = 3; -} diff --git a/etcd/vendor/k8s.io/kms/apis/v2alpha1/v2alpha1.go b/etcd/vendor/k8s.io/kms/apis/v2alpha1/v2alpha1.go deleted file mode 100644 index 546c4074ef..0000000000 --- a/etcd/vendor/k8s.io/kms/apis/v2alpha1/v2alpha1.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v2alpha1 contains definition of kms-plugin's gRPC service. -package v2alpha1 diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/builder/doc.go b/etcd/vendor/k8s.io/kube-openapi/pkg/builder/doc.go deleted file mode 100644 index c3109067f2..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/builder/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package builder contains code to generate OpenAPI discovery spec (which -// initial version of it also known as Swagger 2.0). -// For more details: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md -package builder diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/builder/openapi.go b/etcd/vendor/k8s.io/kube-openapi/pkg/builder/openapi.go deleted file mode 100644 index 98be932cb9..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/builder/openapi.go +++ /dev/null @@ -1,468 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package builder - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - - restful "github.com/emicklei/go-restful/v3" - - "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/common/restfuladapter" - "k8s.io/kube-openapi/pkg/util" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -const ( - OpenAPIVersion = "2.0" -) - -type openAPI struct { - config *common.Config - swagger *spec.Swagger - protocolList []string - definitions map[string]common.OpenAPIDefinition -} - -// BuildOpenAPISpec builds OpenAPI spec given a list of route containers and common.Config to customize it. -// -// Deprecated: BuildOpenAPISpecFromRoutes should be used instead. -func BuildOpenAPISpec(routeContainers []*restful.WebService, config *common.Config) (*spec.Swagger, error) { - return BuildOpenAPISpecFromRoutes(restfuladapter.AdaptWebServices(routeContainers), config) -} - -// BuildOpenAPISpecFromRoutes builds OpenAPI spec given a list of route containers and common.Config to customize it. -func BuildOpenAPISpecFromRoutes(routeContainers []common.RouteContainer, config *common.Config) (*spec.Swagger, error) { - o := newOpenAPI(config) - err := o.buildPaths(routeContainers) - if err != nil { - return nil, err - } - return o.finalizeSwagger() -} - -// BuildOpenAPIDefinitionsForResource builds a partial OpenAPI spec given a sample object and common.Config to customize it. -func BuildOpenAPIDefinitionsForResource(model interface{}, config *common.Config) (*spec.Definitions, error) { - o := newOpenAPI(config) - // We can discard the return value of toSchema because all we care about is the side effect of calling it. - // All the models created for this resource get added to o.swagger.Definitions - _, err := o.toSchema(util.GetCanonicalTypeName(model)) - if err != nil { - return nil, err - } - swagger, err := o.finalizeSwagger() - if err != nil { - return nil, err - } - return &swagger.Definitions, nil -} - -// BuildOpenAPIDefinitionsForResources returns the OpenAPI spec which includes the definitions for the -// passed type names. -func BuildOpenAPIDefinitionsForResources(config *common.Config, names ...string) (*spec.Swagger, error) { - o := newOpenAPI(config) - // We can discard the return value of toSchema because all we care about is the side effect of calling it. - // All the models created for this resource get added to o.swagger.Definitions - for _, name := range names { - _, err := o.toSchema(name) - if err != nil { - return nil, err - } - } - return o.finalizeSwagger() -} - -// newOpenAPI sets up the openAPI object so we can build the spec. -func newOpenAPI(config *common.Config) openAPI { - o := openAPI{ - config: config, - swagger: &spec.Swagger{ - SwaggerProps: spec.SwaggerProps{ - Swagger: OpenAPIVersion, - Definitions: spec.Definitions{}, - Responses: config.ResponseDefinitions, - Paths: &spec.Paths{Paths: map[string]spec.PathItem{}}, - Info: config.Info, - }, - }, - } - - if o.config.GetOperationIDAndTagsFromRoute == nil { - // Map the deprecated handler to the common interface, if provided. - if o.config.GetOperationIDAndTags != nil { - o.config.GetOperationIDAndTagsFromRoute = func(r common.Route) (string, []string, error) { - restfulRouteAdapter, ok := r.(*restfuladapter.RouteAdapter) - if !ok { - return "", nil, fmt.Errorf("config.GetOperationIDAndTags specified but route is not a restful v1 Route") - } - - return o.config.GetOperationIDAndTags(restfulRouteAdapter.Route) - } - } else { - o.config.GetOperationIDAndTagsFromRoute = func(r common.Route) (string, []string, error) { - return r.OperationName(), nil, nil - } - } - } - - if o.config.GetDefinitionName == nil { - o.config.GetDefinitionName = func(name string) (string, spec.Extensions) { - return name[strings.LastIndex(name, "/")+1:], nil - } - } - o.definitions = o.config.GetDefinitions(func(name string) spec.Ref { - defName, _ := o.config.GetDefinitionName(name) - return spec.MustCreateRef("#/definitions/" + common.EscapeJsonPointer(defName)) - }) - if o.config.CommonResponses == nil { - o.config.CommonResponses = map[int]spec.Response{} - } - return o -} - -// finalizeSwagger is called after the spec is built and returns the final spec. -// NOTE: finalizeSwagger also make changes to the final spec, as specified in the config. -func (o *openAPI) finalizeSwagger() (*spec.Swagger, error) { - if o.config.SecurityDefinitions != nil { - o.swagger.SecurityDefinitions = *o.config.SecurityDefinitions - o.swagger.Security = o.config.DefaultSecurity - } - if o.config.PostProcessSpec != nil { - var err error - o.swagger, err = o.config.PostProcessSpec(o.swagger) - if err != nil { - return nil, err - } - } - - return o.swagger, nil -} - -func (o *openAPI) buildDefinitionRecursively(name string) error { - uniqueName, extensions := o.config.GetDefinitionName(name) - if _, ok := o.swagger.Definitions[uniqueName]; ok { - return nil - } - if item, ok := o.definitions[name]; ok { - schema := spec.Schema{ - VendorExtensible: item.Schema.VendorExtensible, - SchemaProps: item.Schema.SchemaProps, - SwaggerSchemaProps: item.Schema.SwaggerSchemaProps, - } - if extensions != nil { - if schema.Extensions == nil { - schema.Extensions = spec.Extensions{} - } - for k, v := range extensions { - schema.Extensions[k] = v - } - } - if v, ok := item.Schema.Extensions[common.ExtensionV2Schema]; ok { - if v2Schema, isOpenAPISchema := v.(spec.Schema); isOpenAPISchema { - schema = v2Schema - } - } - o.swagger.Definitions[uniqueName] = schema - for _, v := range item.Dependencies { - if err := o.buildDefinitionRecursively(v); err != nil { - return err - } - } - } else { - return fmt.Errorf("cannot find model definition for %v. If you added a new type, you may need to add +k8s:openapi-gen=true to the package or type and run code-gen again", name) - } - return nil -} - -// buildDefinitionForType build a definition for a given type and return a referable name to its definition. -// This is the main function that keep track of definitions used in this spec and is depend on code generated -// by k8s.io/kubernetes/cmd/libs/go2idl/openapi-gen. -func (o *openAPI) buildDefinitionForType(name string) (string, error) { - if err := o.buildDefinitionRecursively(name); err != nil { - return "", err - } - defName, _ := o.config.GetDefinitionName(name) - return "#/definitions/" + common.EscapeJsonPointer(defName), nil -} - -// buildPaths builds OpenAPI paths using go-restful's web services. -func (o *openAPI) buildPaths(routeContainers []common.RouteContainer) error { - pathsToIgnore := util.NewTrie(o.config.IgnorePrefixes) - duplicateOpId := make(map[string]string) - for _, w := range routeContainers { - rootPath := w.RootPath() - if pathsToIgnore.HasPrefix(rootPath) { - continue - } - commonParams, err := o.buildParameters(w.PathParameters()) - if err != nil { - return err - } - for path, routes := range groupRoutesByPath(w.Routes()) { - // go-swagger has special variable definition {$NAME:*} that can only be - // used at the end of the path and it is not recognized by OpenAPI. - if strings.HasSuffix(path, ":*}") { - path = path[:len(path)-3] + "}" - } - if pathsToIgnore.HasPrefix(path) { - continue - } - // Aggregating common parameters make API spec (and generated clients) simpler - inPathCommonParamsMap, err := o.findCommonParameters(routes) - if err != nil { - return err - } - pathItem, exists := o.swagger.Paths.Paths[path] - if exists { - return fmt.Errorf("duplicate webservice route has been found for path: %v", path) - } - pathItem = spec.PathItem{ - PathItemProps: spec.PathItemProps{ - Parameters: make([]spec.Parameter, 0), - }, - } - // add web services's parameters as well as any parameters appears in all ops, as common parameters - pathItem.Parameters = append(pathItem.Parameters, commonParams...) - for _, p := range inPathCommonParamsMap { - pathItem.Parameters = append(pathItem.Parameters, p) - } - sortParameters(pathItem.Parameters) - for _, route := range routes { - op, err := o.buildOperations(route, inPathCommonParamsMap) - sortParameters(op.Parameters) - if err != nil { - return err - } - dpath, exists := duplicateOpId[op.ID] - if exists { - return fmt.Errorf("duplicate Operation ID %v for path %v and %v", op.ID, dpath, path) - } else { - duplicateOpId[op.ID] = path - } - switch strings.ToUpper(route.Method()) { - case "GET": - pathItem.Get = op - case "POST": - pathItem.Post = op - case "HEAD": - pathItem.Head = op - case "PUT": - pathItem.Put = op - case "DELETE": - pathItem.Delete = op - case "OPTIONS": - pathItem.Options = op - case "PATCH": - pathItem.Patch = op - } - } - o.swagger.Paths.Paths[path] = pathItem - } - } - return nil -} - -// buildOperations builds operations for each webservice path -func (o *openAPI) buildOperations(route common.Route, inPathCommonParamsMap map[interface{}]spec.Parameter) (ret *spec.Operation, err error) { - ret = &spec.Operation{ - OperationProps: spec.OperationProps{ - Description: route.Description(), - Consumes: route.Consumes(), - Produces: route.Produces(), - Schemes: o.config.ProtocolList, - Responses: &spec.Responses{ - ResponsesProps: spec.ResponsesProps{ - StatusCodeResponses: make(map[int]spec.Response), - }, - }, - }, - } - for k, v := range route.Metadata() { - if strings.HasPrefix(k, common.ExtensionPrefix) { - if ret.Extensions == nil { - ret.Extensions = spec.Extensions{} - } - ret.Extensions.Add(k, v) - } - } - if ret.ID, ret.Tags, err = o.config.GetOperationIDAndTagsFromRoute(route); err != nil { - return ret, err - } - - // Build responses - for _, resp := range route.StatusCodeResponses() { - ret.Responses.StatusCodeResponses[resp.Code()], err = o.buildResponse(resp.Model(), resp.Message()) - if err != nil { - return ret, err - } - } - // If there is no response but a write sample, assume that write sample is an http.StatusOK response. - if len(ret.Responses.StatusCodeResponses) == 0 && route.ResponsePayloadSample() != nil { - ret.Responses.StatusCodeResponses[http.StatusOK], err = o.buildResponse(route.ResponsePayloadSample(), "OK") - if err != nil { - return ret, err - } - } - for code, resp := range o.config.CommonResponses { - if _, exists := ret.Responses.StatusCodeResponses[code]; !exists { - ret.Responses.StatusCodeResponses[code] = resp - } - } - // If there is still no response, use default response provided. - if len(ret.Responses.StatusCodeResponses) == 0 { - ret.Responses.Default = o.config.DefaultResponse - } - - // Build non-common Parameters - ret.Parameters = make([]spec.Parameter, 0) - for _, param := range route.Parameters() { - if _, isCommon := inPathCommonParamsMap[mapKeyFromParam(param)]; !isCommon { - openAPIParam, err := o.buildParameter(param, route.RequestPayloadSample()) - if err != nil { - return ret, err - } - ret.Parameters = append(ret.Parameters, openAPIParam) - } - } - return ret, nil -} - -func (o *openAPI) buildResponse(model interface{}, description string) (spec.Response, error) { - schema, err := o.toSchema(util.GetCanonicalTypeName(model)) - if err != nil { - return spec.Response{}, err - } - return spec.Response{ - ResponseProps: spec.ResponseProps{ - Description: description, - Schema: schema, - }, - }, nil -} - -func (o *openAPI) findCommonParameters(routes []common.Route) (map[interface{}]spec.Parameter, error) { - commonParamsMap := make(map[interface{}]spec.Parameter, 0) - paramOpsCountByName := make(map[interface{}]int, 0) - paramNameKindToDataMap := make(map[interface{}]common.Parameter, 0) - for _, route := range routes { - routeParamDuplicateMap := make(map[interface{}]bool) - s := "" - params := route.Parameters() - for _, param := range params { - m, _ := json.Marshal(param) - s += string(m) + "\n" - key := mapKeyFromParam(param) - if routeParamDuplicateMap[key] { - msg, _ := json.Marshal(params) - return commonParamsMap, fmt.Errorf("duplicate parameter %v for route %v, %v", param.Name(), string(msg), s) - } - routeParamDuplicateMap[key] = true - paramOpsCountByName[key]++ - paramNameKindToDataMap[key] = param - } - } - for key, count := range paramOpsCountByName { - paramData := paramNameKindToDataMap[key] - if count == len(routes) && paramData.Kind() != common.BodyParameterKind { - openAPIParam, err := o.buildParameter(paramData, nil) - if err != nil { - return commonParamsMap, err - } - commonParamsMap[key] = openAPIParam - } - } - return commonParamsMap, nil -} - -func (o *openAPI) toSchema(name string) (_ *spec.Schema, err error) { - if openAPIType, openAPIFormat := common.OpenAPITypeFormat(name); openAPIType != "" { - return &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{openAPIType}, - Format: openAPIFormat, - }, - }, nil - } else { - ref, err := o.buildDefinitionForType(name) - if err != nil { - return nil, err - } - return &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: spec.MustCreateRef(ref), - }, - }, nil - } -} - -func (o *openAPI) buildParameter(restParam common.Parameter, bodySample interface{}) (ret spec.Parameter, err error) { - ret = spec.Parameter{ - ParamProps: spec.ParamProps{ - Name: restParam.Name(), - Description: restParam.Description(), - Required: restParam.Required(), - }, - } - switch restParam.Kind() { - case common.BodyParameterKind: - if bodySample != nil { - ret.In = "body" - ret.Schema, err = o.toSchema(util.GetCanonicalTypeName(bodySample)) - return ret, err - } else { - // There is not enough information in the body parameter to build the definition. - // Body parameter has a data type that is a short name but we need full package name - // of the type to create a definition. - return ret, fmt.Errorf("restful body parameters are not supported: %v", restParam.DataType()) - } - case common.PathParameterKind: - ret.In = "path" - if !restParam.Required() { - return ret, fmt.Errorf("path parameters should be marked at required for parameter %v", restParam) - } - case common.QueryParameterKind: - ret.In = "query" - case common.HeaderParameterKind: - ret.In = "header" - case common.FormParameterKind: - ret.In = "formData" - default: - return ret, fmt.Errorf("unknown restful operation kind : %v", restParam.Kind()) - } - openAPIType, openAPIFormat := common.OpenAPITypeFormat(restParam.DataType()) - if openAPIType == "" { - return ret, fmt.Errorf("non-body Restful parameter type should be a simple type, but got : %v", restParam.DataType()) - } - ret.Type = openAPIType - ret.Format = openAPIFormat - ret.UniqueItems = !restParam.AllowMultiple() - return ret, nil -} - -func (o *openAPI) buildParameters(restParam []common.Parameter) (ret []spec.Parameter, err error) { - ret = make([]spec.Parameter, len(restParam)) - for i, v := range restParam { - ret[i], err = o.buildParameter(v, nil) - if err != nil { - return ret, err - } - } - return ret, nil -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/builder/util.go b/etcd/vendor/k8s.io/kube-openapi/pkg/builder/util.go deleted file mode 100644 index 3621a4de17..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/builder/util.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package builder - -import ( - "sort" - - "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -type parameters []spec.Parameter - -func (s parameters) Len() int { return len(s) } -func (s parameters) Swap(i, j int) { s[i], s[j] = s[j], s[i] } - -// byNameIn used in sorting parameters by Name and In fields. -type byNameIn struct { - parameters -} - -func (s byNameIn) Less(i, j int) bool { - return s.parameters[i].Name < s.parameters[j].Name || (s.parameters[i].Name == s.parameters[j].Name && s.parameters[i].In < s.parameters[j].In) -} - -// SortParameters sorts parameters by Name and In fields. -func sortParameters(p []spec.Parameter) { - sort.Sort(byNameIn{p}) -} - -func groupRoutesByPath(routes []common.Route) map[string][]common.Route { - pathToRoutes := make(map[string][]common.Route) - for _, r := range routes { - pathToRoutes[r.Path()] = append(pathToRoutes[r.Path()], r) - } - return pathToRoutes -} - -func mapKeyFromParam(param common.Parameter) interface{} { - return struct { - Name string - Kind common.ParameterKind - }{ - Name: param.Name(), - Kind: param.Kind(), - } -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/builder3/openapi.go b/etcd/vendor/k8s.io/kube-openapi/pkg/builder3/openapi.go deleted file mode 100644 index a0c00f07f8..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/builder3/openapi.go +++ /dev/null @@ -1,475 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package builder3 - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - - restful "github.com/emicklei/go-restful/v3" - - builderutil "k8s.io/kube-openapi/pkg/builder3/util" - "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/common/restfuladapter" - "k8s.io/kube-openapi/pkg/spec3" - "k8s.io/kube-openapi/pkg/util" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -const ( - OpenAPIVersion = "3.0" -) - -type openAPI struct { - config *common.OpenAPIV3Config - spec *spec3.OpenAPI - definitions map[string]common.OpenAPIDefinition -} - -func groupRoutesByPath(routes []common.Route) map[string][]common.Route { - pathToRoutes := make(map[string][]common.Route) - for _, r := range routes { - pathToRoutes[r.Path()] = append(pathToRoutes[r.Path()], r) - } - return pathToRoutes -} - -func (o *openAPI) buildResponse(model interface{}, description string, content []string) (*spec3.Response, error) { - response := &spec3.Response{ - ResponseProps: spec3.ResponseProps{ - Description: description, - Content: make(map[string]*spec3.MediaType), - }, - } - - s, err := o.toSchema(util.GetCanonicalTypeName(model)) - if err != nil { - return nil, err - } - - for _, contentType := range content { - response.ResponseProps.Content[contentType] = &spec3.MediaType{ - MediaTypeProps: spec3.MediaTypeProps{ - Schema: s, - }, - } - } - return response, nil -} - -func (o *openAPI) buildOperations(route common.Route, inPathCommonParamsMap map[interface{}]*spec3.Parameter) (*spec3.Operation, error) { - ret := &spec3.Operation{ - OperationProps: spec3.OperationProps{ - Description: route.Description(), - Responses: &spec3.Responses{ - ResponsesProps: spec3.ResponsesProps{ - StatusCodeResponses: make(map[int]*spec3.Response), - }, - }, - }, - } - for k, v := range route.Metadata() { - if strings.HasPrefix(k, common.ExtensionPrefix) { - if ret.Extensions == nil { - ret.Extensions = spec.Extensions{} - } - ret.Extensions.Add(k, v) - } - } - - var err error - if ret.OperationId, ret.Tags, err = o.config.GetOperationIDAndTagsFromRoute(route); err != nil { - return ret, err - } - - // Build responses - for _, resp := range route.StatusCodeResponses() { - ret.Responses.StatusCodeResponses[resp.Code()], err = o.buildResponse(resp.Model(), resp.Message(), route.Produces()) - if err != nil { - return ret, err - } - } - - // If there is no response but a write sample, assume that write sample is an http.StatusOK response. - if len(ret.Responses.StatusCodeResponses) == 0 && route.ResponsePayloadSample() != nil { - ret.Responses.StatusCodeResponses[http.StatusOK], err = o.buildResponse(route.ResponsePayloadSample(), "OK", route.Produces()) - if err != nil { - return ret, err - } - } - - for code, resp := range o.config.CommonResponses { - if _, exists := ret.Responses.StatusCodeResponses[code]; !exists { - ret.Responses.StatusCodeResponses[code] = resp - } - } - - if len(ret.Responses.StatusCodeResponses) == 0 { - ret.Responses.Default = o.config.DefaultResponse - } - - params := route.Parameters() - for _, param := range params { - _, isCommon := inPathCommonParamsMap[mapKeyFromParam(param)] - if !isCommon && param.Kind() != common.BodyParameterKind { - openAPIParam, err := o.buildParameter(param) - if err != nil { - return ret, err - } - ret.Parameters = append(ret.Parameters, openAPIParam) - } - } - - body, err := o.buildRequestBody(params, route.Consumes(), route.RequestPayloadSample()) - if err != nil { - return nil, err - } - - if body != nil { - ret.RequestBody = body - } - return ret, nil -} - -func (o *openAPI) buildRequestBody(parameters []common.Parameter, consumes []string, bodySample interface{}) (*spec3.RequestBody, error) { - for _, param := range parameters { - if param.Kind() == common.BodyParameterKind && bodySample != nil { - schema, err := o.toSchema(util.GetCanonicalTypeName(bodySample)) - if err != nil { - return nil, err - } - r := &spec3.RequestBody{ - RequestBodyProps: spec3.RequestBodyProps{ - Content: map[string]*spec3.MediaType{}, - }, - } - for _, consume := range consumes { - r.Content[consume] = &spec3.MediaType{ - MediaTypeProps: spec3.MediaTypeProps{ - Schema: schema, - }, - } - } - return r, nil - } - } - return nil, nil -} - -func newOpenAPI(config *common.Config) openAPI { - o := openAPI{ - config: common.ConvertConfigToV3(config), - spec: &spec3.OpenAPI{ - Version: "3.0.0", - Info: config.Info, - Paths: &spec3.Paths{ - Paths: map[string]*spec3.Path{}, - }, - Components: &spec3.Components{ - Schemas: map[string]*spec.Schema{}, - }, - }, - } - if len(o.config.ResponseDefinitions) > 0 { - o.spec.Components.Responses = make(map[string]*spec3.Response) - - } - for k, response := range o.config.ResponseDefinitions { - o.spec.Components.Responses[k] = response - } - - if len(o.config.SecuritySchemes) > 0 { - o.spec.Components.SecuritySchemes = make(spec3.SecuritySchemes) - - } - for k, securityScheme := range o.config.SecuritySchemes { - o.spec.Components.SecuritySchemes[k] = securityScheme - } - - if o.config.GetOperationIDAndTagsFromRoute == nil { - // Map the deprecated handler to the common interface, if provided. - if o.config.GetOperationIDAndTags != nil { - o.config.GetOperationIDAndTagsFromRoute = func(r common.Route) (string, []string, error) { - restfulRouteAdapter, ok := r.(*restfuladapter.RouteAdapter) - if !ok { - return "", nil, fmt.Errorf("config.GetOperationIDAndTags specified but route is not a restful v1 Route") - } - - return o.config.GetOperationIDAndTags(restfulRouteAdapter.Route) - } - } else { - o.config.GetOperationIDAndTagsFromRoute = func(r common.Route) (string, []string, error) { - return r.OperationName(), nil, nil - } - } - } - - if o.config.GetDefinitionName == nil { - o.config.GetDefinitionName = func(name string) (string, spec.Extensions) { - return name[strings.LastIndex(name, "/")+1:], nil - } - } - - if o.config.Definitions != nil { - o.definitions = o.config.Definitions - } else { - o.definitions = o.config.GetDefinitions(func(name string) spec.Ref { - defName, _ := o.config.GetDefinitionName(name) - return spec.MustCreateRef("#/components/schemas/" + common.EscapeJsonPointer(defName)) - }) - } - - return o -} - -func (o *openAPI) buildOpenAPISpec(webServices []common.RouteContainer) error { - pathsToIgnore := util.NewTrie(o.config.IgnorePrefixes) - for _, w := range webServices { - rootPath := w.RootPath() - if pathsToIgnore.HasPrefix(rootPath) { - continue - } - - commonParams, err := o.buildParameters(w.PathParameters()) - if err != nil { - return err - } - - for path, routes := range groupRoutesByPath(w.Routes()) { - // go-swagger has special variable definition {$NAME:*} that can only be - // used at the end of the path and it is not recognized by OpenAPI. - if strings.HasSuffix(path, ":*}") { - path = path[:len(path)-3] + "}" - } - if pathsToIgnore.HasPrefix(path) { - continue - } - - // Aggregating common parameters make API spec (and generated clients) simpler - inPathCommonParamsMap, err := o.findCommonParameters(routes) - if err != nil { - return err - } - pathItem, exists := o.spec.Paths.Paths[path] - if exists { - return fmt.Errorf("duplicate webservice route has been found for path: %v", path) - } - - pathItem = &spec3.Path{ - PathProps: spec3.PathProps{}, - } - - // add web services's parameters as well as any parameters appears in all ops, as common parameters - pathItem.Parameters = append(pathItem.Parameters, commonParams...) - for _, p := range inPathCommonParamsMap { - pathItem.Parameters = append(pathItem.Parameters, p) - } - sortParameters(pathItem.Parameters) - - for _, route := range routes { - op, _ := o.buildOperations(route, inPathCommonParamsMap) - sortParameters(op.Parameters) - - switch strings.ToUpper(route.Method()) { - case "GET": - pathItem.Get = op - case "POST": - pathItem.Post = op - case "HEAD": - pathItem.Head = op - case "PUT": - pathItem.Put = op - case "DELETE": - pathItem.Delete = op - case "OPTIONS": - pathItem.Options = op - case "PATCH": - pathItem.Patch = op - } - - } - o.spec.Paths.Paths[path] = pathItem - } - } - return nil -} - -// BuildOpenAPISpec builds OpenAPI v3 spec given a list of route containers and common.Config to customize it. -// -// Deprecated: BuildOpenAPISpecFromRoutes should be used instead. -func BuildOpenAPISpec(webServices []*restful.WebService, config *common.Config) (*spec3.OpenAPI, error) { - return BuildOpenAPISpecFromRoutes(restfuladapter.AdaptWebServices(webServices), config) -} - -// BuildOpenAPISpecFromRoutes builds OpenAPI v3 spec given a list of route containers and common.Config to customize it. -func BuildOpenAPISpecFromRoutes(webServices []common.RouteContainer, config *common.Config) (*spec3.OpenAPI, error) { - a := newOpenAPI(config) - err := a.buildOpenAPISpec(webServices) - if err != nil { - return nil, err - } - return a.spec, nil -} - -func (o *openAPI) findCommonParameters(routes []common.Route) (map[interface{}]*spec3.Parameter, error) { - commonParamsMap := make(map[interface{}]*spec3.Parameter, 0) - paramOpsCountByName := make(map[interface{}]int, 0) - paramNameKindToDataMap := make(map[interface{}]common.Parameter, 0) - for _, route := range routes { - routeParamDuplicateMap := make(map[interface{}]bool) - s := "" - params := route.Parameters() - for _, param := range params { - m, _ := json.Marshal(param) - s += string(m) + "\n" - key := mapKeyFromParam(param) - if routeParamDuplicateMap[key] { - msg, _ := json.Marshal(params) - return commonParamsMap, fmt.Errorf("duplicate parameter %v for route %v, %v", param.Name(), string(msg), s) - } - routeParamDuplicateMap[key] = true - paramOpsCountByName[key]++ - paramNameKindToDataMap[key] = param - } - } - for key, count := range paramOpsCountByName { - paramData := paramNameKindToDataMap[key] - if count == len(routes) && paramData.Kind() != common.BodyParameterKind { - openAPIParam, err := o.buildParameter(paramData) - if err != nil { - return commonParamsMap, err - } - commonParamsMap[key] = openAPIParam - } - } - return commonParamsMap, nil -} - -func (o *openAPI) buildParameters(restParam []common.Parameter) (ret []*spec3.Parameter, err error) { - ret = make([]*spec3.Parameter, len(restParam)) - for i, v := range restParam { - ret[i], err = o.buildParameter(v) - if err != nil { - return ret, err - } - } - return ret, nil -} - -func (o *openAPI) buildParameter(restParam common.Parameter) (ret *spec3.Parameter, err error) { - ret = &spec3.Parameter{ - ParameterProps: spec3.ParameterProps{ - Name: restParam.Name(), - Description: restParam.Description(), - Required: restParam.Required(), - }, - } - switch restParam.Kind() { - case common.BodyParameterKind: - return nil, nil - case common.PathParameterKind: - ret.In = "path" - if !restParam.Required() { - return ret, fmt.Errorf("path parameters should be marked as required for parameter %v", restParam) - } - case common.QueryParameterKind: - ret.In = "query" - case common.HeaderParameterKind: - ret.In = "header" - /* TODO: add support for the cookie param */ - default: - return ret, fmt.Errorf("unsupported restful parameter kind : %v", restParam.Kind()) - } - openAPIType, openAPIFormat := common.OpenAPITypeFormat(restParam.DataType()) - if openAPIType == "" { - return ret, fmt.Errorf("non-body Restful parameter type should be a simple type, but got : %v", restParam.DataType()) - } - - ret.Schema = &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{openAPIType}, - Format: openAPIFormat, - UniqueItems: !restParam.AllowMultiple(), - }, - } - return ret, nil -} - -func (o *openAPI) buildDefinitionRecursively(name string) error { - uniqueName, extensions := o.config.GetDefinitionName(name) - if _, ok := o.spec.Components.Schemas[uniqueName]; ok { - return nil - } - if item, ok := o.definitions[name]; ok { - schema := &spec.Schema{ - VendorExtensible: item.Schema.VendorExtensible, - SchemaProps: item.Schema.SchemaProps, - SwaggerSchemaProps: item.Schema.SwaggerSchemaProps, - } - if extensions != nil { - if schema.Extensions == nil { - schema.Extensions = spec.Extensions{} - } - for k, v := range extensions { - schema.Extensions[k] = v - } - } - // delete the embedded v2 schema if exists, otherwise no-op - delete(schema.VendorExtensible.Extensions, common.ExtensionV2Schema) - schema = builderutil.WrapRefs(schema) - o.spec.Components.Schemas[uniqueName] = schema - for _, v := range item.Dependencies { - if err := o.buildDefinitionRecursively(v); err != nil { - return err - } - } - } else { - return fmt.Errorf("cannot find model definition for %v. If you added a new type, you may need to add +k8s:openapi-gen=true to the package or type and run code-gen again", name) - } - return nil -} - -func (o *openAPI) buildDefinitionForType(name string) (string, error) { - if err := o.buildDefinitionRecursively(name); err != nil { - return "", err - } - defName, _ := o.config.GetDefinitionName(name) - return "#/components/schemas/" + common.EscapeJsonPointer(defName), nil -} - -func (o *openAPI) toSchema(name string) (_ *spec.Schema, err error) { - if openAPIType, openAPIFormat := common.OpenAPITypeFormat(name); openAPIType != "" { - return &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{openAPIType}, - Format: openAPIFormat, - }, - }, nil - } else { - ref, err := o.buildDefinitionForType(name) - if err != nil { - return nil, err - } - return &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: spec.MustCreateRef(ref), - }, - }, nil - } -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/builder3/util.go b/etcd/vendor/k8s.io/kube-openapi/pkg/builder3/util.go deleted file mode 100644 index a8a90fa15d..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/builder3/util.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package builder3 - -import ( - "sort" - - "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/spec3" -) - -func mapKeyFromParam(param common.Parameter) interface{} { - return struct { - Name string - Kind common.ParameterKind - }{ - Name: param.Name(), - Kind: param.Kind(), - } -} - -func (s parameters) Len() int { return len(s) } -func (s parameters) Swap(i, j int) { s[i], s[j] = s[j], s[i] } - -type parameters []*spec3.Parameter - -type byNameIn struct { - parameters -} - -func (s byNameIn) Less(i, j int) bool { - return s.parameters[i].Name < s.parameters[j].Name || (s.parameters[i].Name == s.parameters[j].Name && s.parameters[i].In < s.parameters[j].In) -} - -// SortParameters sorts parameters by Name and In fields. -func sortParameters(p []*spec3.Parameter) { - sort.Sort(byNameIn{p}) -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/adapter.go b/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/adapter.go deleted file mode 100644 index 6755f8760c..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/adapter.go +++ /dev/null @@ -1,16 +0,0 @@ -package restfuladapter - -import ( - "github.com/emicklei/go-restful/v3" - "k8s.io/kube-openapi/pkg/common" -) - -// AdaptWebServices adapts a slice of restful.WebService into the common interfaces. -func AdaptWebServices(webServices []*restful.WebService) []common.RouteContainer { - var containers []common.RouteContainer - for _, ws := range webServices { - containers = append(containers, &WebServiceAdapter{ws}) - } - return containers -} - diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/param_adapter.go b/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/param_adapter.go deleted file mode 100644 index 6805dd6c7f..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/param_adapter.go +++ /dev/null @@ -1,54 +0,0 @@ -package restfuladapter - -import ( - "encoding/json" - "github.com/emicklei/go-restful/v3" - "k8s.io/kube-openapi/pkg/common" -) - -var _ common.Parameter = &ParamAdapter{} - -type ParamAdapter struct { - Param *restful.Parameter -} - -func (r *ParamAdapter) MarshalJSON() ([]byte, error) { - return json.Marshal(r.Param) -} - -func (r *ParamAdapter) Name() string { - return r.Param.Data().Name -} - -func (r *ParamAdapter) Description() string { - return r.Param.Data().Description -} - -func (r *ParamAdapter) Required() bool { - return r.Param.Data().Required -} - -func (r *ParamAdapter) Kind() common.ParameterKind { - switch r.Param.Kind() { - case restful.PathParameterKind: - return common.PathParameterKind - case restful.QueryParameterKind: - return common.QueryParameterKind - case restful.BodyParameterKind: - return common.BodyParameterKind - case restful.HeaderParameterKind: - return common.HeaderParameterKind - case restful.FormParameterKind: - return common.FormParameterKind - default: - return common.UnknownParameterKind - } -} - -func (r *ParamAdapter) DataType() string { - return r.Param.Data().DataType -} - -func (r *ParamAdapter) AllowMultiple() bool { - return r.Param.Data().AllowMultiple -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/response_error_adapter.go b/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/response_error_adapter.go deleted file mode 100644 index 92556398eb..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/response_error_adapter.go +++ /dev/null @@ -1,25 +0,0 @@ -package restfuladapter - -import ( - "github.com/emicklei/go-restful/v3" - "k8s.io/kube-openapi/pkg/common" -) - -var _ common.StatusCodeResponse = &ResponseErrorAdapter{} - -// ResponseErrorAdapter adapts a restful.ResponseError to common.StatusCodeResponse. -type ResponseErrorAdapter struct { - Err *restful.ResponseError -} - -func (r *ResponseErrorAdapter) Message() string { - return r.Err.Message -} - -func (r *ResponseErrorAdapter) Model() interface{} { - return r.Err.Model -} - -func (r *ResponseErrorAdapter) Code() int { - return r.Err.Code -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/route_adapter.go b/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/route_adapter.go deleted file mode 100644 index c7ba3a5644..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/route_adapter.go +++ /dev/null @@ -1,68 +0,0 @@ -package restfuladapter - -import ( - "github.com/emicklei/go-restful/v3" - "k8s.io/kube-openapi/pkg/common" -) - -var _ common.Route = &RouteAdapter{} - -// RouteAdapter adapts a restful.Route to common.Route. -type RouteAdapter struct { - Route *restful.Route -} - -func (r *RouteAdapter) StatusCodeResponses() []common.StatusCodeResponse { - // go-restful uses the ResponseErrors field to contain both error and regular responses. - var responses []common.StatusCodeResponse - for _, res := range r.Route.ResponseErrors { - localRes := res - responses = append(responses, &ResponseErrorAdapter{&localRes}) - } - - return responses -} - -func (r *RouteAdapter) OperationName() string { - return r.Route.Operation -} - -func (r *RouteAdapter) Method() string { - return r.Route.Method -} - -func (r *RouteAdapter) Path() string { - return r.Route.Path -} - -func (r *RouteAdapter) Parameters() []common.Parameter { - var params []common.Parameter - for _, rParam := range r.Route.ParameterDocs { - params = append(params, &ParamAdapter{rParam}) - } - return params -} - -func (r *RouteAdapter) Description() string { - return r.Route.Doc -} - -func (r *RouteAdapter) Consumes() []string { - return r.Route.Consumes -} - -func (r *RouteAdapter) Produces() []string { - return r.Route.Produces -} - -func (r *RouteAdapter) Metadata() map[string]interface{} { - return r.Route.Metadata -} - -func (r *RouteAdapter) RequestPayloadSample() interface{} { - return r.Route.ReadSample -} - -func (r *RouteAdapter) ResponsePayloadSample() interface{} { - return r.Route.WriteSample -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/webservice_adapter.go b/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/webservice_adapter.go deleted file mode 100644 index 995586538d..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/common/restfuladapter/webservice_adapter.go +++ /dev/null @@ -1,34 +0,0 @@ -package restfuladapter - -import ( - "github.com/emicklei/go-restful/v3" - "k8s.io/kube-openapi/pkg/common" -) - -var _ common.RouteContainer = &WebServiceAdapter{} - -// WebServiceAdapter adapts a restful.WebService to common.RouteContainer. -type WebServiceAdapter struct { - WebService *restful.WebService -} - -func (r *WebServiceAdapter) RootPath() string { - return r.WebService.RootPath() -} - -func (r *WebServiceAdapter) PathParameters() []common.Parameter { - var params []common.Parameter - for _, rParam := range r.WebService.PathParameters() { - params = append(params, &ParamAdapter{rParam}) - } - return params -} - -func (r *WebServiceAdapter) Routes() []common.Route { - var routes []common.Route - for _, rRoute := range r.WebService.Routes() { - localRoute := rRoute - routes = append(routes, &RouteAdapter{&localRoute}) - } - return routes -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/handler/default_pruning.go b/etcd/vendor/k8s.io/kube-openapi/pkg/handler/default_pruning.go deleted file mode 100644 index 53bd9a640f..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/handler/default_pruning.go +++ /dev/null @@ -1,208 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handler - -import "k8s.io/kube-openapi/pkg/validation/spec" - -// PruneDefaults remove all the defaults recursively from all the -// schemas in the definitions, and does not modify the definitions in -// place. -func PruneDefaults(definitions spec.Definitions) spec.Definitions { - definitionsCloned := false - for k, v := range definitions { - if s := PruneDefaultsSchema(&v); s != &v { - if !definitionsCloned { - definitionsCloned = true - orig := definitions - definitions = make(spec.Definitions, len(orig)) - for k2, v2 := range orig { - definitions[k2] = v2 - } - } - definitions[k] = *s - } - } - return definitions -} - -// PruneDefaultsSchema remove all the defaults recursively from the -// schema in place. -func PruneDefaultsSchema(schema *spec.Schema) *spec.Schema { - if schema == nil { - return nil - } - - orig := schema - clone := func() { - if orig == schema { - schema = &spec.Schema{} - *schema = *orig - } - } - - if schema.Default != nil { - clone() - schema.Default = nil - } - - definitionsCloned := false - for k, v := range schema.Definitions { - if s := PruneDefaultsSchema(&v); s != &v { - if !definitionsCloned { - definitionsCloned = true - clone() - schema.Definitions = make(spec.Definitions, len(orig.Definitions)) - for k2, v2 := range orig.Definitions { - schema.Definitions[k2] = v2 - } - } - schema.Definitions[k] = *s - } - } - - propertiesCloned := false - for k, v := range schema.Properties { - if s := PruneDefaultsSchema(&v); s != &v { - if !propertiesCloned { - propertiesCloned = true - clone() - schema.Properties = make(map[string]spec.Schema, len(orig.Properties)) - for k2, v2 := range orig.Properties { - schema.Properties[k2] = v2 - } - } - schema.Properties[k] = *s - } - } - - patternPropertiesCloned := false - for k, v := range schema.PatternProperties { - if s := PruneDefaultsSchema(&v); s != &v { - if !patternPropertiesCloned { - patternPropertiesCloned = true - clone() - schema.PatternProperties = make(map[string]spec.Schema, len(orig.PatternProperties)) - for k2, v2 := range orig.PatternProperties { - schema.PatternProperties[k2] = v2 - } - } - schema.PatternProperties[k] = *s - } - } - - dependenciesCloned := false - for k, v := range schema.Dependencies { - if s := PruneDefaultsSchema(v.Schema); s != v.Schema { - if !dependenciesCloned { - dependenciesCloned = true - clone() - schema.Dependencies = make(spec.Dependencies, len(orig.Dependencies)) - for k2, v2 := range orig.Dependencies { - schema.Dependencies[k2] = v2 - } - } - v.Schema = s - schema.Dependencies[k] = v - } - } - - allOfCloned := false - for i := range schema.AllOf { - if s := PruneDefaultsSchema(&schema.AllOf[i]); s != &schema.AllOf[i] { - if !allOfCloned { - allOfCloned = true - clone() - schema.AllOf = make([]spec.Schema, len(orig.AllOf)) - copy(schema.AllOf, orig.AllOf) - } - schema.AllOf[i] = *s - } - } - - anyOfCloned := false - for i := range schema.AnyOf { - if s := PruneDefaultsSchema(&schema.AnyOf[i]); s != &schema.AnyOf[i] { - if !anyOfCloned { - anyOfCloned = true - clone() - schema.AnyOf = make([]spec.Schema, len(orig.AnyOf)) - copy(schema.AnyOf, orig.AnyOf) - } - schema.AnyOf[i] = *s - } - } - - oneOfCloned := false - for i := range schema.OneOf { - if s := PruneDefaultsSchema(&schema.OneOf[i]); s != &schema.OneOf[i] { - if !oneOfCloned { - oneOfCloned = true - clone() - schema.OneOf = make([]spec.Schema, len(orig.OneOf)) - copy(schema.OneOf, orig.OneOf) - } - schema.OneOf[i] = *s - } - } - - if schema.Not != nil { - if s := PruneDefaultsSchema(schema.Not); s != schema.Not { - clone() - schema.Not = s - } - } - - if schema.AdditionalProperties != nil && schema.AdditionalProperties.Schema != nil { - if s := PruneDefaultsSchema(schema.AdditionalProperties.Schema); s != schema.AdditionalProperties.Schema { - clone() - schema.AdditionalProperties = &spec.SchemaOrBool{Schema: s, Allows: schema.AdditionalProperties.Allows} - } - } - - if schema.AdditionalItems != nil && schema.AdditionalItems.Schema != nil { - if s := PruneDefaultsSchema(schema.AdditionalItems.Schema); s != schema.AdditionalItems.Schema { - clone() - schema.AdditionalItems = &spec.SchemaOrBool{Schema: s, Allows: schema.AdditionalItems.Allows} - } - } - - if schema.Items != nil { - if schema.Items.Schema != nil { - if s := PruneDefaultsSchema(schema.Items.Schema); s != schema.Items.Schema { - clone() - schema.Items = &spec.SchemaOrArray{Schema: s} - } - } else { - itemsCloned := false - for i := range schema.Items.Schemas { - if s := PruneDefaultsSchema(&schema.Items.Schemas[i]); s != &schema.Items.Schemas[i] { - if !itemsCloned { - clone() - schema.Items = &spec.SchemaOrArray{ - Schemas: make([]spec.Schema, len(orig.Items.Schemas)), - } - itemsCloned = true - copy(schema.Items.Schemas, orig.Items.Schemas) - } - schema.Items.Schemas[i] = *s - } - } - } - } - - return schema -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/handler/handler.go b/etcd/vendor/k8s.io/kube-openapi/pkg/handler/handler.go deleted file mode 100644 index 7a2590dcb9..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/handler/handler.go +++ /dev/null @@ -1,242 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package handler - -import ( - "bytes" - "compress/gzip" - "crypto/sha512" - "encoding/json" - "fmt" - "mime" - "net/http" - "strconv" - "sync" - "time" - - "github.com/NYTimes/gziphandler" - "github.com/emicklei/go-restful/v3" - "github.com/golang/protobuf/proto" - openapi_v2 "github.com/google/gnostic/openapiv2" - "github.com/munnerz/goautoneg" - klog "k8s.io/klog/v2" - "k8s.io/kube-openapi/pkg/builder" - "k8s.io/kube-openapi/pkg/common" - "k8s.io/kube-openapi/pkg/common/restfuladapter" - "k8s.io/kube-openapi/pkg/internal/handler" - "k8s.io/kube-openapi/pkg/validation/spec" -) - -const ( - jsonExt = ".json" - - mimeJson = "application/json" - // TODO(mehdy): change @68f4ded to a version tag when gnostic add version tags. - mimePb = "application/com.github.googleapis.gnostic.OpenAPIv2@68f4ded+protobuf" - mimePbGz = "application/x-gzip" -) - -func computeETag(data []byte) string { - if data == nil { - return "" - } - return fmt.Sprintf("%X", sha512.Sum512(data)) -} - -// OpenAPIService is the service responsible for serving OpenAPI spec. It has -// the ability to safely change the spec while serving it. -type OpenAPIService struct { - // rwMutex protects All members of this service. - rwMutex sync.RWMutex - - lastModified time.Time - - jsonCache handler.HandlerCache - protoCache handler.HandlerCache - etagCache handler.HandlerCache -} - -func init() { - mime.AddExtensionType(".json", mimeJson) - mime.AddExtensionType(".pb-v1", mimePb) - mime.AddExtensionType(".gz", mimePbGz) -} - -// NewOpenAPIService builds an OpenAPIService starting with the given spec. -func NewOpenAPIService(spec *spec.Swagger) (*OpenAPIService, error) { - o := &OpenAPIService{} - if err := o.UpdateSpec(spec); err != nil { - return nil, err - } - return o, nil -} - -func (o *OpenAPIService) getSwaggerBytes() ([]byte, string, time.Time, error) { - o.rwMutex.RLock() - defer o.rwMutex.RUnlock() - specBytes, err := o.jsonCache.Get() - if err != nil { - return nil, "", time.Time{}, err - } - etagBytes, err := o.etagCache.Get() - if err != nil { - return nil, "", time.Time{}, err - } - return specBytes, string(etagBytes), o.lastModified, nil -} - -func (o *OpenAPIService) getSwaggerPbBytes() ([]byte, string, time.Time, error) { - o.rwMutex.RLock() - defer o.rwMutex.RUnlock() - specPb, err := o.protoCache.Get() - if err != nil { - return nil, "", time.Time{}, err - } - etagBytes, err := o.etagCache.Get() - if err != nil { - return nil, "", time.Time{}, err - } - return specPb, string(etagBytes), o.lastModified, nil -} - -func (o *OpenAPIService) UpdateSpec(openapiSpec *spec.Swagger) (err error) { - o.rwMutex.Lock() - defer o.rwMutex.Unlock() - o.jsonCache = o.jsonCache.New(func() ([]byte, error) { - return json.Marshal(openapiSpec) - }) - o.protoCache = o.protoCache.New(func() ([]byte, error) { - json, err := o.jsonCache.Get() - if err != nil { - return nil, err - } - return ToProtoBinary(json) - }) - o.etagCache = o.etagCache.New(func() ([]byte, error) { - json, err := o.jsonCache.Get() - if err != nil { - return nil, err - } - return []byte(computeETag(json)), nil - }) - o.lastModified = time.Now() - - return nil -} - -func ToProtoBinary(json []byte) ([]byte, error) { - document, err := openapi_v2.ParseDocument(json) - if err != nil { - return nil, err - } - return proto.Marshal(document) -} - -func toGzip(data []byte) []byte { - var buf bytes.Buffer - zw := gzip.NewWriter(&buf) - zw.Write(data) - zw.Close() - return buf.Bytes() -} - -// RegisterOpenAPIVersionedService registers a handler to provide access to provided swagger spec. -// -// Deprecated: use OpenAPIService.RegisterOpenAPIVersionedService instead. -func RegisterOpenAPIVersionedService(spec *spec.Swagger, servePath string, handler common.PathHandler) (*OpenAPIService, error) { - o, err := NewOpenAPIService(spec) - if err != nil { - return nil, err - } - return o, o.RegisterOpenAPIVersionedService(servePath, handler) -} - -// RegisterOpenAPIVersionedService registers a handler to provide access to provided swagger spec. -func (o *OpenAPIService) RegisterOpenAPIVersionedService(servePath string, handler common.PathHandler) error { - accepted := []struct { - Type string - SubType string - GetDataAndETag func() ([]byte, string, time.Time, error) - }{ - {"application", "json", o.getSwaggerBytes}, - {"application", "com.github.proto-openapi.spec.v2@v1.0+protobuf", o.getSwaggerPbBytes}, - } - - handler.Handle(servePath, gziphandler.GzipHandler(http.HandlerFunc( - func(w http.ResponseWriter, r *http.Request) { - decipherableFormats := r.Header.Get("Accept") - if decipherableFormats == "" { - decipherableFormats = "*/*" - } - clauses := goautoneg.ParseAccept(decipherableFormats) - w.Header().Add("Vary", "Accept") - for _, clause := range clauses { - for _, accepts := range accepted { - if clause.Type != accepts.Type && clause.Type != "*" { - continue - } - if clause.SubType != accepts.SubType && clause.SubType != "*" { - continue - } - - // serve the first matching media type in the sorted clause list - data, etag, lastModified, err := accepts.GetDataAndETag() - if err != nil { - klog.Errorf("Error in OpenAPI handler: %s", err) - // only return a 503 if we have no older cache data to serve - if data == nil { - w.WriteHeader(http.StatusServiceUnavailable) - return - } - } - // ETag must be enclosed in double quotes: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag - w.Header().Set("Etag", strconv.Quote(etag)) - // ServeContent will take care of caching using eTag. - http.ServeContent(w, r, servePath, lastModified, bytes.NewReader(data)) - return - } - } - // Return 406 for not acceptable format - w.WriteHeader(406) - return - }), - )) - - return nil -} - -// BuildAndRegisterOpenAPIVersionedService builds the spec and registers a handler to provide access to it. -// Use this method if your OpenAPI spec is static. If you want to update the spec, use BuildOpenAPISpec then RegisterOpenAPIVersionedService. -// -// Deprecated: BuildAndRegisterOpenAPIVersionedServiceFromRoutes should be used instead. -func BuildAndRegisterOpenAPIVersionedService(servePath string, webServices []*restful.WebService, config *common.Config, handler common.PathHandler) (*OpenAPIService, error) { - return BuildAndRegisterOpenAPIVersionedServiceFromRoutes(servePath, restfuladapter.AdaptWebServices(webServices), config, handler) -} - -// BuildAndRegisterOpenAPIVersionedServiceFromRoutes builds the spec and registers a handler to provide access to it. -// Use this method if your OpenAPI spec is static. If you want to update the spec, use BuildOpenAPISpec then RegisterOpenAPIVersionedService. -func BuildAndRegisterOpenAPIVersionedServiceFromRoutes(servePath string, routeContainers []common.RouteContainer, config *common.Config, handler common.PathHandler) (*OpenAPIService, error) { - spec, err := builder.BuildOpenAPISpecFromRoutes(routeContainers, config) - if err != nil { - return nil, err - } - o, err := NewOpenAPIService(spec) - if err != nil { - return nil, err - } - return o, o.RegisterOpenAPIVersionedService(servePath, handler) -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/util/trie.go b/etcd/vendor/k8s.io/kube-openapi/pkg/util/trie.go deleted file mode 100644 index a9a76c1791..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/util/trie.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -// A simple trie implementation with Add and HasPrefix methods only. -type Trie struct { - children map[byte]*Trie - wordTail bool - word string -} - -// NewTrie creates a Trie and add all strings in the provided list to it. -func NewTrie(list []string) Trie { - ret := Trie{ - children: make(map[byte]*Trie), - wordTail: false, - } - for _, v := range list { - ret.Add(v) - } - return ret -} - -// Add adds a word to this trie -func (t *Trie) Add(v string) { - root := t - for _, b := range []byte(v) { - child, exists := root.children[b] - if !exists { - child = &Trie{ - children: make(map[byte]*Trie), - wordTail: false, - } - root.children[b] = child - } - root = child - } - root.wordTail = true - root.word = v -} - -// HasPrefix returns true of v has any of the prefixes stored in this trie. -func (t *Trie) HasPrefix(v string) bool { - _, has := t.GetPrefix(v) - return has -} - -// GetPrefix is like HasPrefix but return the prefix in case of match or empty string otherwise. -func (t *Trie) GetPrefix(v string) (string, bool) { - root := t - if root.wordTail { - return root.word, true - } - for _, b := range []byte(v) { - child, exists := root.children[b] - if !exists { - return "", false - } - if child.wordTail { - return child.word, true - } - root = child - } - return "", false -} diff --git a/etcd/vendor/k8s.io/kube-openapi/pkg/util/util.go b/etcd/vendor/k8s.io/kube-openapi/pkg/util/util.go deleted file mode 100644 index 0be06989e6..0000000000 --- a/etcd/vendor/k8s.io/kube-openapi/pkg/util/util.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "reflect" - "strings" -) - -// [DEPRECATED] ToCanonicalName converts Golang package/type canonical name into REST friendly OpenAPI name. -// This method is deprecated because it has a misleading name. Please use ToRESTFriendlyName -// instead -// -// NOTE: actually the "canonical name" in this method should be named "REST friendly OpenAPI name", -// which is different from "canonical name" defined in GetCanonicalTypeName. The "canonical name" defined -// in GetCanonicalTypeName means Go type names with full package path. -// -// Examples of REST friendly OpenAPI name: -// Input: k8s.io/api/core/v1.Pod -// Output: io.k8s.api.core.v1.Pod -// -// Input: k8s.io/api/core/v1 -// Output: io.k8s.api.core.v1 -// -// Input: csi.storage.k8s.io/v1alpha1.CSINodeInfo -// Output: io.k8s.storage.csi.v1alpha1.CSINodeInfo -func ToCanonicalName(name string) string { - return ToRESTFriendlyName(name) -} - -// ToRESTFriendlyName converts Golang package/type canonical name into REST friendly OpenAPI name. -// -// Examples of REST friendly OpenAPI name: -// Input: k8s.io/api/core/v1.Pod -// Output: io.k8s.api.core.v1.Pod -// -// Input: k8s.io/api/core/v1 -// Output: io.k8s.api.core.v1 -// -// Input: csi.storage.k8s.io/v1alpha1.CSINodeInfo -// Output: io.k8s.storage.csi.v1alpha1.CSINodeInfo -func ToRESTFriendlyName(name string) string { - nameParts := strings.Split(name, "/") - // Reverse first part. e.g., io.k8s... instead of k8s.io... - if len(nameParts) > 0 && strings.Contains(nameParts[0], ".") { - parts := strings.Split(nameParts[0], ".") - for i, j := 0, len(parts)-1; i < j; i, j = i+1, j-1 { - parts[i], parts[j] = parts[j], parts[i] - } - nameParts[0] = strings.Join(parts, ".") - } - return strings.Join(nameParts, ".") -} - -// OpenAPICanonicalTypeNamer is an interface for models without Go type to seed model name. -// -// OpenAPI canonical names are Go type names with full package path, for uniquely indentifying -// a model / Go type. If a Go type is vendored from another package, only the path after "/vendor/" -// should be used. For custom resource definition (CRD), the canonical name is expected to be -// group/version.kind -// -// Examples of canonical name: -// Go type: k8s.io/kubernetes/pkg/apis/core.Pod -// CRD: csi.storage.k8s.io/v1alpha1.CSINodeInfo -// -// Example for vendored Go type: -// Original full path: k8s.io/kubernetes/vendor/k8s.io/api/core/v1.Pod -// Canonical name: k8s.io/api/core/v1.Pod -// -// Original full path: vendor/k8s.io/api/core/v1.Pod -// Canonical name: k8s.io/api/core/v1.Pod -type OpenAPICanonicalTypeNamer interface { - OpenAPICanonicalTypeName() string -} - -// GetCanonicalTypeName will find the canonical type name of a sample object, removing -// the "vendor" part of the path -func GetCanonicalTypeName(model interface{}) string { - if namer, ok := model.(OpenAPICanonicalTypeNamer); ok { - return namer.OpenAPICanonicalTypeName() - } - t := reflect.TypeOf(model) - if t.Kind() == reflect.Ptr { - t = t.Elem() - } - if t.PkgPath() == "" { - return t.Name() - } - path := t.PkgPath() - if strings.Contains(path, "/vendor/") { - path = path[strings.Index(path, "/vendor/")+len("/vendor/"):] - } else if strings.HasPrefix(path, "vendor/") { - path = strings.TrimPrefix(path, "vendor/") - } - return path + "." + t.Name() -} diff --git a/etcd/vendor/k8s.io/kubelet/LICENSE b/etcd/vendor/k8s.io/kubelet/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/etcd/vendor/k8s.io/kubelet/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/kubelet/pkg/apis/well_known_labels.go b/etcd/vendor/k8s.io/kubelet/pkg/apis/well_known_labels.go deleted file mode 100644 index b77b526392..0000000000 --- a/etcd/vendor/k8s.io/kubelet/pkg/apis/well_known_labels.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apis - -import ( - "strings" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/sets" -) - -const ( - // LabelOS is a label to indicate the operating system of the node. - // The OS labels are promoted to GA in 1.14. kubelet applies GA labels and stop applying the beta OS labels in Kubernetes 1.19. - LabelOS = "beta.kubernetes.io/os" - // LabelArch is a label to indicate the architecture of the node. - // The Arch labels are promoted to GA in 1.14. kubelet applies GA labels and stop applying the beta Arch labels in Kubernetes 1.19. - LabelArch = "beta.kubernetes.io/arch" -) - -var kubeletLabels = sets.NewString( - v1.LabelHostname, - v1.LabelTopologyZone, - v1.LabelTopologyRegion, - v1.LabelFailureDomainBetaZone, - v1.LabelFailureDomainBetaRegion, - v1.LabelInstanceType, - v1.LabelInstanceTypeStable, - v1.LabelOSStable, - v1.LabelArchStable, - - LabelOS, - LabelArch, - - // These are special for OpenShift: - "node-role.kubernetes.io/control-plane", - "node-role.kubernetes.io/master", - "node-role.kubernetes.io/worker", - "node-role.kubernetes.io/etcd", -) - -var kubeletLabelNamespaces = sets.NewString( - v1.LabelNamespaceSuffixKubelet, - v1.LabelNamespaceSuffixNode, -) - -// KubeletLabels returns the list of label keys kubelets are allowed to set on their own Node objects -func KubeletLabels() []string { - return kubeletLabels.List() -} - -// KubeletLabelNamespaces returns the list of label key namespaces kubelets are allowed to set on their own Node objects -func KubeletLabelNamespaces() []string { - return kubeletLabelNamespaces.List() -} - -// IsKubeletLabel returns true if the label key is one that kubelets are allowed to set on their own Node object. -// This checks if the key is in the KubeletLabels() list, or has a namespace in the KubeletLabelNamespaces() list. -func IsKubeletLabel(key string) bool { - if kubeletLabels.Has(key) { - return true - } - - namespace := getLabelNamespace(key) - for allowedNamespace := range kubeletLabelNamespaces { - if namespace == allowedNamespace || strings.HasSuffix(namespace, "."+allowedNamespace) { - return true - } - } - - return false -} - -func getLabelNamespace(key string) string { - if parts := strings.SplitN(key, "/", 2); len(parts) == 2 { - return parts[0] - } - return "" -} diff --git a/etcd/vendor/k8s.io/kubernetes/LICENSE b/etcd/vendor/k8s.io/kubernetes/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/legacyscheme/scheme.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/legacyscheme/scheme.go deleted file mode 100644 index f9baf7a012..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/legacyscheme/scheme.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package legacyscheme - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" -) - -var ( - // Scheme is the default instance of runtime.Scheme to which types in the Kubernetes API are already registered. - // NOTE: If you are copying this file to start a new api group, STOP! Copy the - // extensions group instead. This Scheme is special and should appear ONLY in - // the api group, unless you really know what you're doing. - // TODO(lavalamp): make the above error impossible. - Scheme = runtime.NewScheme() - - // Codecs provides access to encoding and decoding for the scheme - Codecs = serializer.NewCodecFactory(Scheme) - - // ParameterCodec handles versioning of objects that are converted to query parameters. - ParameterCodec = runtime.NewParameterCodec(Scheme) -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/node/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/node/util.go deleted file mode 100644 index fcc6dba414..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/node/util.go +++ /dev/null @@ -1,108 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/validation/field" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/node" -) - -var deprecatedNodeLabels = map[string]string{ - `beta.kubernetes.io/arch`: `deprecated since v1.14; use "kubernetes.io/arch" instead`, - `beta.kubernetes.io/os`: `deprecated since v1.14; use "kubernetes.io/os" instead`, - `failure-domain.beta.kubernetes.io/region`: `deprecated since v1.17; use "topology.kubernetes.io/region" instead`, - `failure-domain.beta.kubernetes.io/zone`: `deprecated since v1.17; use "topology.kubernetes.io/zone" instead`, - `beta.kubernetes.io/instance-type`: `deprecated since v1.17; use "node.kubernetes.io/instance-type" instead`, -} - -// GetNodeLabelDeprecatedMessage returns the message for the deprecated node label -// and a bool indicating if the label is deprecated. -func GetNodeLabelDeprecatedMessage(key string) (string, bool) { - msg, ok := deprecatedNodeLabels[key] - return msg, ok -} - -func GetWarningsForRuntimeClass(rc *node.RuntimeClass) []string { - var warnings []string - - if rc != nil && rc.Scheduling != nil && rc.Scheduling.NodeSelector != nil { - // use of deprecated node labels in scheduling's node affinity - for key := range rc.Scheduling.NodeSelector { - if msg, deprecated := GetNodeLabelDeprecatedMessage(key); deprecated { - warnings = append(warnings, fmt.Sprintf("%s: %s", field.NewPath("scheduling", "nodeSelector"), msg)) - } - } - } - - return warnings -} - -// GetWarningsForNodeSelector tests if any of the node selector requirements in the template is deprecated. -// If there are deprecated node selector requirements in either match expressions or match labels, a warning is returned. -func GetWarningsForNodeSelector(nodeSelector *metav1.LabelSelector, fieldPath *field.Path) []string { - if nodeSelector == nil { - return nil - } - - var warnings []string - // use of deprecated node labels in matchLabelExpressions - for i, expression := range nodeSelector.MatchExpressions { - if msg, deprecated := GetNodeLabelDeprecatedMessage(expression.Key); deprecated { - warnings = append( - warnings, - fmt.Sprintf( - "%s: %s is %s", - fieldPath.Child("matchExpressions").Index(i).Child("key"), - expression.Key, - msg, - ), - ) - } - } - - // use of deprecated node labels in matchLabels - for label := range nodeSelector.MatchLabels { - if msg, deprecated := GetNodeLabelDeprecatedMessage(label); deprecated { - warnings = append(warnings, fmt.Sprintf("%s: %s", fieldPath.Child("matchLabels").Child(label), msg)) - } - } - return warnings -} - -// GetWarningsForNodeSelectorTerm checks match expressions of node selector term -func GetWarningsForNodeSelectorTerm(nodeSelectorTerm api.NodeSelectorTerm, fieldPath *field.Path) []string { - var warnings []string - // use of deprecated node labels in matchLabelExpressions - for i, expression := range nodeSelectorTerm.MatchExpressions { - if msg, deprecated := GetNodeLabelDeprecatedMessage(expression.Key); deprecated { - warnings = append( - warnings, - fmt.Sprintf( - "%s: %s is %s", - fieldPath.Child("matchExpressions").Index(i).Child("key"), - expression.Key, - msg, - ), - ) - } - } - return warnings -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolume/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolume/util.go deleted file mode 100644 index 29862d73d5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolume/util.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package persistentvolume - -import ( - "k8s.io/apimachinery/pkg/util/validation/field" - utilfeature "k8s.io/apiserver/pkg/util/feature" - nodeapi "k8s.io/kubernetes/pkg/api/node" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/features" -) - -// DropDisabledFields removes disabled fields from the pv spec. -// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pv spec. -func DropDisabledFields(pvSpec *api.PersistentVolumeSpec, oldPVSpec *api.PersistentVolumeSpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.CSINodeExpandSecret) && !hasNodeExpansionSecrets(oldPVSpec) { - if pvSpec.CSI != nil { - pvSpec.CSI.NodeExpandSecretRef = nil - } - } -} - -func hasNodeExpansionSecrets(oldPVSpec *api.PersistentVolumeSpec) bool { - if oldPVSpec == nil || oldPVSpec.CSI == nil { - return false - } - - if oldPVSpec.CSI.NodeExpandSecretRef != nil { - return true - } - return false -} - -func GetWarningsForPersistentVolume(pv *api.PersistentVolume) []string { - if pv == nil { - return nil - } - return warningsForPersistentVolumeSpecAndMeta(nil, &pv.Spec) -} - -func warningsForPersistentVolumeSpecAndMeta(fieldPath *field.Path, pvSpec *api.PersistentVolumeSpec) []string { - var warnings []string - - if pvSpec.NodeAffinity != nil && pvSpec.NodeAffinity.Required != nil { - termFldPath := fieldPath.Child("spec", "nodeAffinity", "required", "nodeSelectorTerms") - // use of deprecated node labels in node affinity - for i, term := range pvSpec.NodeAffinity.Required.NodeSelectorTerms { - warnings = append(warnings, nodeapi.GetWarningsForNodeSelectorTerm(term, termFldPath.Index(i))...) - } - } - - return warnings -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/OWNERS deleted file mode 100644 index 2152f772fb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - smarterclayton - - jsafrane diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go deleted file mode 100644 index 4334afcca5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go +++ /dev/null @@ -1,219 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package persistentvolumeclaim - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/util/validation/field" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/features" -) - -const ( - pvc string = "PersistentVolumeClaim" - volumeSnapshot string = "VolumeSnapshot" -) - -// DropDisabledFields removes disabled fields from the pvc spec. -// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pvc spec. -func DropDisabledFields(pvcSpec, oldPVCSpec *core.PersistentVolumeClaimSpec) { - // Drop the contents of the dataSourceRef field if the AnyVolumeDataSource - // feature gate is disabled. - if !utilfeature.DefaultFeatureGate.Enabled(features.AnyVolumeDataSource) { - if !dataSourceRefInUse(oldPVCSpec) { - pvcSpec.DataSourceRef = nil - } - } - - // Drop the contents of the dataSourceRef field if the CrossNamespaceVolumeDataSource - // feature gate is disabled and dataSourceRef.Namespace is specified. - if !utilfeature.DefaultFeatureGate.Enabled(features.CrossNamespaceVolumeDataSource) && - pvcSpec.DataSourceRef != nil && pvcSpec.DataSourceRef.Namespace != nil && len(*pvcSpec.DataSourceRef.Namespace) != 0 { - if !dataSourceRefInUse(oldPVCSpec) { - pvcSpec.DataSourceRef = nil - } - } -} - -// EnforceDataSourceBackwardsCompatibility drops the data source field under certain conditions -// to maintain backwards compatibility with old behavior. -// See KEP 1495 for details. -// Specifically, if this is an update of a PVC with no data source, or a creation of a new PVC, -// and the dataSourceRef field is not filled in, then we will drop "invalid" data sources -// (anything other than a PVC or a VolumeSnapshot) from this request as if an empty PVC had -// been requested. -// This should be called after DropDisabledFields so that if the AnyVolumeDataSource feature -// gate is disabled, dataSourceRef will be forced to empty, ensuring pre-1.22 behavior. -// This should be called before NormalizeDataSources, so that data sources other than PVCs -// and VolumeSnapshots can only be set through the dataSourceRef field and not the dataSource -// field. -func EnforceDataSourceBackwardsCompatibility(pvcSpec, oldPVCSpec *core.PersistentVolumeClaimSpec) { - // Check if the old PVC has a data source here is so that on updates from old clients - // that omit dataSourceRef, we preserve the data source, even if it would have been - // invalid to specify it at using the dataSource field at create. - if dataSourceInUse(oldPVCSpec) { - return - } - - // Check if dataSourceRef is empty is because if it's not empty, then there is - // definitely a newer client and it definitely either wants to create a non-empty - // volume, or it wants to update a PVC that has a data source. Whether the - // specified data source is valid or satisfiable is a matter for validation and - // the volume populator code, but we can say with certainty that the client is - // not expecting the legacy behavior of ignoring invalid data sources. - if pvcSpec.DataSourceRef != nil { - return - } - - // Historically, we only allow PVCs and VolumeSnapshots in the dataSource field. - // All other values are silently dropped. - if !dataSourceIsPvcOrSnapshot(pvcSpec.DataSource) { - pvcSpec.DataSource = nil - } -} - -func DropDisabledFieldsFromStatus(pvc, oldPVC *core.PersistentVolumeClaim) { - if !utilfeature.DefaultFeatureGate.Enabled(features.RecoverVolumeExpansionFailure) { - if !allocatedResourcesInUse(oldPVC) { - pvc.Status.AllocatedResources = nil - } - if !resizeStatusInUse(oldPVC) { - pvc.Status.ResizeStatus = nil - } - } -} - -func dataSourceInUse(oldPVCSpec *core.PersistentVolumeClaimSpec) bool { - if oldPVCSpec == nil { - return false - } - if oldPVCSpec.DataSource != nil || oldPVCSpec.DataSourceRef != nil { - return true - } - return false -} - -func dataSourceIsPvcOrSnapshot(dataSource *core.TypedLocalObjectReference) bool { - if dataSource != nil { - apiGroup := "" - if dataSource.APIGroup != nil { - apiGroup = *dataSource.APIGroup - } - if dataSource.Kind == pvc && - apiGroup == "" { - return true - } - - if dataSource.Kind == volumeSnapshot && apiGroup == "snapshot.storage.k8s.io" { - return true - } - } - return false -} - -func dataSourceRefInUse(oldPVCSpec *core.PersistentVolumeClaimSpec) bool { - if oldPVCSpec == nil { - return false - } - if oldPVCSpec.DataSourceRef != nil { - return true - } - return false -} - -// NormalizeDataSources ensures that DataSource and DataSourceRef have the same contents -// as long as both are not explicitly set. -// This should be used by creates/gets of PVCs, but not updates -func NormalizeDataSources(pvcSpec *core.PersistentVolumeClaimSpec) { - // Don't enable this behavior if the feature gate is not on - if !utilfeature.DefaultFeatureGate.Enabled(features.AnyVolumeDataSource) { - return - } - if pvcSpec.DataSource != nil && pvcSpec.DataSourceRef == nil { - // Using the old way of setting a data source - pvcSpec.DataSourceRef = &core.TypedObjectReference{ - Kind: pvcSpec.DataSource.Kind, - Name: pvcSpec.DataSource.Name, - } - if pvcSpec.DataSource.APIGroup != nil { - apiGroup := *pvcSpec.DataSource.APIGroup - pvcSpec.DataSourceRef.APIGroup = &apiGroup - } - } else if pvcSpec.DataSourceRef != nil && pvcSpec.DataSource == nil { - if pvcSpec.DataSourceRef.Namespace == nil || len(*pvcSpec.DataSourceRef.Namespace) == 0 { - // Using the new way of setting a data source - pvcSpec.DataSource = &core.TypedLocalObjectReference{ - Kind: pvcSpec.DataSourceRef.Kind, - Name: pvcSpec.DataSourceRef.Name, - } - if pvcSpec.DataSourceRef.APIGroup != nil { - apiGroup := *pvcSpec.DataSourceRef.APIGroup - pvcSpec.DataSource.APIGroup = &apiGroup - } - } - } -} - -func resizeStatusInUse(oldPVC *core.PersistentVolumeClaim) bool { - if oldPVC == nil { - return false - } - if oldPVC.Status.ResizeStatus != nil { - return true - } - return false -} - -func allocatedResourcesInUse(oldPVC *core.PersistentVolumeClaim) bool { - if oldPVC == nil { - return false - } - - if oldPVC.Status.AllocatedResources != nil { - return true - } - - return false -} - -func GetWarningsForPersistentVolumeClaim(pv *core.PersistentVolumeClaim) []string { - if pv == nil { - return nil - } - - return GetWarningsForPersistentVolumeClaimSpec(field.NewPath("spec"), pv.Spec) -} - -func GetWarningsForPersistentVolumeClaimSpec(fieldPath *field.Path, pvSpec core.PersistentVolumeClaimSpec) []string { - - var warnings []string - requestValue := pvSpec.Resources.Requests[core.ResourceStorage] - if requestValue.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf( - "%s: fractional byte value %q is invalid, must be an integer", - fieldPath.Child("resources").Child("requests").Key(core.ResourceStorage.String()), requestValue.String())) - } - limitValue := pvSpec.Resources.Limits[core.ResourceStorage] - if limitValue.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf( - "%s: fractional byte value %q is invalid, must be an integer", - fieldPath.Child("resources").Child("limits").Key(core.ResourceStorage.String()), limitValue.String())) - } - return warnings -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/OWNERS deleted file mode 100644 index 542dbb7fa6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - smarterclayton - - thockin diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/util.go deleted file mode 100644 index c99a8e34f3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/util.go +++ /dev/null @@ -1,831 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package pod - -import ( - "strings" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilfeature "k8s.io/apiserver/pkg/util/feature" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/features" -) - -// ContainerType signifies container type -type ContainerType int - -const ( - // Containers is for normal containers - Containers ContainerType = 1 << iota - // InitContainers is for init containers - InitContainers - // EphemeralContainers is for ephemeral containers - EphemeralContainers -) - -// AllContainers specifies that all containers be visited -const AllContainers ContainerType = (InitContainers | Containers | EphemeralContainers) - -// AllFeatureEnabledContainers returns a ContainerType mask which includes all container -// types except for the ones guarded by feature gate. -func AllFeatureEnabledContainers() ContainerType { - return AllContainers -} - -// ContainerVisitor is called with each container spec, and returns true -// if visiting should continue. -type ContainerVisitor func(container *api.Container, containerType ContainerType) (shouldContinue bool) - -// VisitContainers invokes the visitor function with a pointer to every container -// spec in the given pod spec with type set in mask. If visitor returns false, -// visiting is short-circuited. VisitContainers returns true if visiting completes, -// false if visiting was short-circuited. -func VisitContainers(podSpec *api.PodSpec, mask ContainerType, visitor ContainerVisitor) bool { - if mask&InitContainers != 0 { - for i := range podSpec.InitContainers { - if !visitor(&podSpec.InitContainers[i], InitContainers) { - return false - } - } - } - if mask&Containers != 0 { - for i := range podSpec.Containers { - if !visitor(&podSpec.Containers[i], Containers) { - return false - } - } - } - if mask&EphemeralContainers != 0 { - for i := range podSpec.EphemeralContainers { - if !visitor((*api.Container)(&podSpec.EphemeralContainers[i].EphemeralContainerCommon), EphemeralContainers) { - return false - } - } - } - return true -} - -// Visitor is called with each object name, and returns true if visiting should continue -type Visitor func(name string) (shouldContinue bool) - -func skipEmptyNames(visitor Visitor) Visitor { - return func(name string) bool { - if len(name) == 0 { - // continue visiting - return true - } - // delegate to visitor - return visitor(name) - } -} - -// VisitPodSecretNames invokes the visitor function with the name of every secret -// referenced by the pod spec. If visitor returns false, visiting is short-circuited. -// Transitive references (e.g. pod -> pvc -> pv -> secret) are not visited. -// Returns true if visiting completed, false if visiting was short-circuited. -func VisitPodSecretNames(pod *api.Pod, visitor Visitor, containerType ContainerType) bool { - visitor = skipEmptyNames(visitor) - for _, reference := range pod.Spec.ImagePullSecrets { - if !visitor(reference.Name) { - return false - } - } - VisitContainers(&pod.Spec, containerType, func(c *api.Container, containerType ContainerType) bool { - return visitContainerSecretNames(c, visitor) - }) - var source *api.VolumeSource - for i := range pod.Spec.Volumes { - source = &pod.Spec.Volumes[i].VolumeSource - switch { - case source.AzureFile != nil: - if len(source.AzureFile.SecretName) > 0 && !visitor(source.AzureFile.SecretName) { - return false - } - case source.CephFS != nil: - if source.CephFS.SecretRef != nil && !visitor(source.CephFS.SecretRef.Name) { - return false - } - case source.Cinder != nil: - if source.Cinder.SecretRef != nil && !visitor(source.Cinder.SecretRef.Name) { - return false - } - case source.FlexVolume != nil: - if source.FlexVolume.SecretRef != nil && !visitor(source.FlexVolume.SecretRef.Name) { - return false - } - case source.Projected != nil: - for j := range source.Projected.Sources { - if source.Projected.Sources[j].Secret != nil { - if !visitor(source.Projected.Sources[j].Secret.Name) { - return false - } - } - } - case source.RBD != nil: - if source.RBD.SecretRef != nil && !visitor(source.RBD.SecretRef.Name) { - return false - } - case source.Secret != nil: - if !visitor(source.Secret.SecretName) { - return false - } - case source.ScaleIO != nil: - if source.ScaleIO.SecretRef != nil && !visitor(source.ScaleIO.SecretRef.Name) { - return false - } - case source.ISCSI != nil: - if source.ISCSI.SecretRef != nil && !visitor(source.ISCSI.SecretRef.Name) { - return false - } - case source.StorageOS != nil: - if source.StorageOS.SecretRef != nil && !visitor(source.StorageOS.SecretRef.Name) { - return false - } - case source.CSI != nil: - if source.CSI.NodePublishSecretRef != nil && !visitor(source.CSI.NodePublishSecretRef.Name) { - return false - } - } - } - return true -} - -func visitContainerSecretNames(container *api.Container, visitor Visitor) bool { - for _, env := range container.EnvFrom { - if env.SecretRef != nil { - if !visitor(env.SecretRef.Name) { - return false - } - } - } - for _, envVar := range container.Env { - if envVar.ValueFrom != nil && envVar.ValueFrom.SecretKeyRef != nil { - if !visitor(envVar.ValueFrom.SecretKeyRef.Name) { - return false - } - } - } - return true -} - -// VisitPodConfigmapNames invokes the visitor function with the name of every configmap -// referenced by the pod spec. If visitor returns false, visiting is short-circuited. -// Transitive references (e.g. pod -> pvc -> pv -> secret) are not visited. -// Returns true if visiting completed, false if visiting was short-circuited. -func VisitPodConfigmapNames(pod *api.Pod, visitor Visitor, containerType ContainerType) bool { - visitor = skipEmptyNames(visitor) - VisitContainers(&pod.Spec, containerType, func(c *api.Container, containerType ContainerType) bool { - return visitContainerConfigmapNames(c, visitor) - }) - var source *api.VolumeSource - for i := range pod.Spec.Volumes { - source = &pod.Spec.Volumes[i].VolumeSource - switch { - case source.Projected != nil: - for j := range source.Projected.Sources { - if source.Projected.Sources[j].ConfigMap != nil { - if !visitor(source.Projected.Sources[j].ConfigMap.Name) { - return false - } - } - } - case source.ConfigMap != nil: - if !visitor(source.ConfigMap.Name) { - return false - } - } - } - return true -} - -func visitContainerConfigmapNames(container *api.Container, visitor Visitor) bool { - for _, env := range container.EnvFrom { - if env.ConfigMapRef != nil { - if !visitor(env.ConfigMapRef.Name) { - return false - } - } - } - for _, envVar := range container.Env { - if envVar.ValueFrom != nil && envVar.ValueFrom.ConfigMapKeyRef != nil { - if !visitor(envVar.ValueFrom.ConfigMapKeyRef.Name) { - return false - } - } - } - return true -} - -// IsPodReady returns true if a pod is ready; false otherwise. -func IsPodReady(pod *api.Pod) bool { - return IsPodReadyConditionTrue(pod.Status) -} - -// IsPodReadyConditionTrue returns true if a pod is ready; false otherwise. -func IsPodReadyConditionTrue(status api.PodStatus) bool { - condition := GetPodReadyCondition(status) - return condition != nil && condition.Status == api.ConditionTrue -} - -// GetPodReadyCondition extracts the pod ready condition from the given status and returns that. -// Returns nil if the condition is not present. -func GetPodReadyCondition(status api.PodStatus) *api.PodCondition { - _, condition := GetPodCondition(&status, api.PodReady) - return condition -} - -// GetPodCondition extracts the provided condition from the given status and returns that. -// Returns nil and -1 if the condition is not present, and the index of the located condition. -func GetPodCondition(status *api.PodStatus, conditionType api.PodConditionType) (int, *api.PodCondition) { - if status == nil { - return -1, nil - } - for i := range status.Conditions { - if status.Conditions[i].Type == conditionType { - return i, &status.Conditions[i] - } - } - return -1, nil -} - -// UpdatePodCondition updates existing pod condition or creates a new one. Sets LastTransitionTime to now if the -// status has changed. -// Returns true if pod condition has changed or has been added. -func UpdatePodCondition(status *api.PodStatus, condition *api.PodCondition) bool { - condition.LastTransitionTime = metav1.Now() - // Try to find this pod condition. - conditionIndex, oldCondition := GetPodCondition(status, condition.Type) - - if oldCondition == nil { - // We are adding new pod condition. - status.Conditions = append(status.Conditions, *condition) - return true - } - // We are updating an existing condition, so we need to check if it has changed. - if condition.Status == oldCondition.Status { - condition.LastTransitionTime = oldCondition.LastTransitionTime - } - - isEqual := condition.Status == oldCondition.Status && - condition.Reason == oldCondition.Reason && - condition.Message == oldCondition.Message && - condition.LastProbeTime.Equal(&oldCondition.LastProbeTime) && - condition.LastTransitionTime.Equal(&oldCondition.LastTransitionTime) - - status.Conditions[conditionIndex] = *condition - // Return true if one of the fields have changed. - return !isEqual -} - -// usesHugePagesInProjectedVolume returns true if hugepages are used in downward api for volume -func usesHugePagesInProjectedVolume(podSpec *api.PodSpec) bool { - // determine if any container is using hugepages in downward api volume - for _, volumeSource := range podSpec.Volumes { - if volumeSource.DownwardAPI != nil { - for _, item := range volumeSource.DownwardAPI.Items { - if item.ResourceFieldRef != nil { - if strings.HasPrefix(item.ResourceFieldRef.Resource, "requests.hugepages-") || strings.HasPrefix(item.ResourceFieldRef.Resource, "limits.hugepages-") { - return true - } - } - } - } - } - return false -} - -// usesHugePagesInProjectedEnv returns true if hugepages are used in downward api for volume -func usesHugePagesInProjectedEnv(item api.Container) bool { - for _, env := range item.Env { - if env.ValueFrom != nil { - if env.ValueFrom.ResourceFieldRef != nil { - if strings.HasPrefix(env.ValueFrom.ResourceFieldRef.Resource, "requests.hugepages-") || strings.HasPrefix(env.ValueFrom.ResourceFieldRef.Resource, "limits.hugepages-") { - return true - } - } - } - } - return false -} - -func checkContainerUseIndivisibleHugePagesValues(container api.Container) bool { - for resourceName, quantity := range container.Resources.Limits { - if helper.IsHugePageResourceName(resourceName) { - if !helper.IsHugePageResourceValueDivisible(resourceName, quantity) { - return true - } - } - } - - for resourceName, quantity := range container.Resources.Requests { - if helper.IsHugePageResourceName(resourceName) { - if !helper.IsHugePageResourceValueDivisible(resourceName, quantity) { - return true - } - } - } - - return false -} - -// usesIndivisibleHugePagesValues returns true if the one of the containers uses non-integer multiple -// of huge page unit size -func usesIndivisibleHugePagesValues(podSpec *api.PodSpec) bool { - foundIndivisibleHugePagesValue := false - VisitContainers(podSpec, AllContainers, func(c *api.Container, containerType ContainerType) bool { - if checkContainerUseIndivisibleHugePagesValues(*c) { - foundIndivisibleHugePagesValue = true - } - return !foundIndivisibleHugePagesValue // continue visiting if we haven't seen an invalid value yet - }) - - if foundIndivisibleHugePagesValue { - return true - } - - for resourceName, quantity := range podSpec.Overhead { - if helper.IsHugePageResourceName(resourceName) { - if !helper.IsHugePageResourceValueDivisible(resourceName, quantity) { - return true - } - } - } - - return false -} - -// haveSameExpandedDNSConfig returns true if the oldPodSpec already had -// ExpandedDNSConfig and podSpec has the same DNSConfig -func haveSameExpandedDNSConfig(podSpec, oldPodSpec *api.PodSpec) bool { - if oldPodSpec == nil || oldPodSpec.DNSConfig == nil { - return false - } - if podSpec == nil || podSpec.DNSConfig == nil { - return false - } - - if len(oldPodSpec.DNSConfig.Searches) <= apivalidation.MaxDNSSearchPathsLegacy && - len(strings.Join(oldPodSpec.DNSConfig.Searches, " ")) <= apivalidation.MaxDNSSearchListCharsLegacy { - // didn't have ExpandedDNSConfig - return false - } - - if len(oldPodSpec.DNSConfig.Searches) != len(podSpec.DNSConfig.Searches) { - // updates DNSConfig - return false - } - - for i, oldSearch := range oldPodSpec.DNSConfig.Searches { - if podSpec.DNSConfig.Searches[i] != oldSearch { - // updates DNSConfig - return false - } - } - - return true -} - -// GetValidationOptionsFromPodSpecAndMeta returns validation options based on pod specs and metadata -func GetValidationOptionsFromPodSpecAndMeta(podSpec, oldPodSpec *api.PodSpec, podMeta, oldPodMeta *metav1.ObjectMeta) apivalidation.PodValidationOptions { - // default pod validation options based on feature gate - opts := apivalidation.PodValidationOptions{ - // Allow pod spec to use hugepages in downward API if feature is enabled - AllowDownwardAPIHugePages: utilfeature.DefaultFeatureGate.Enabled(features.DownwardAPIHugePages), - AllowInvalidPodDeletionCost: !utilfeature.DefaultFeatureGate.Enabled(features.PodDeletionCost), - // Do not allow pod spec to use non-integer multiple of huge page unit size default - AllowIndivisibleHugePagesValues: false, - // Allow pod spec with expanded DNS configuration - AllowExpandedDNSConfig: utilfeature.DefaultFeatureGate.Enabled(features.ExpandedDNSConfig) || haveSameExpandedDNSConfig(podSpec, oldPodSpec), - AllowInvalidLabelValueInSelector: false, - } - - if oldPodSpec != nil { - // if old spec used hugepages in downward api, we must allow it - opts.AllowDownwardAPIHugePages = opts.AllowDownwardAPIHugePages || usesHugePagesInProjectedVolume(oldPodSpec) - // determine if any container is using hugepages in env var - if !opts.AllowDownwardAPIHugePages { - VisitContainers(oldPodSpec, AllContainers, func(c *api.Container, containerType ContainerType) bool { - opts.AllowDownwardAPIHugePages = opts.AllowDownwardAPIHugePages || usesHugePagesInProjectedEnv(*c) - return !opts.AllowDownwardAPIHugePages - }) - } - - // if old spec used non-integer multiple of huge page unit size, we must allow it - opts.AllowIndivisibleHugePagesValues = usesIndivisibleHugePagesValues(oldPodSpec) - - opts.AllowInvalidLabelValueInSelector = hasInvalidLabelValueInAffinitySelector(oldPodSpec) - - } - if oldPodMeta != nil && !opts.AllowInvalidPodDeletionCost { - // This is an update, so validate only if the existing object was valid. - _, err := helper.GetDeletionCostFromPodAnnotations(oldPodMeta.Annotations) - opts.AllowInvalidPodDeletionCost = err != nil - } - - return opts -} - -// GetValidationOptionsFromPodTemplate will return pod validation options for specified template. -func GetValidationOptionsFromPodTemplate(podTemplate, oldPodTemplate *api.PodTemplateSpec) apivalidation.PodValidationOptions { - var newPodSpec, oldPodSpec *api.PodSpec - var newPodMeta, oldPodMeta *metav1.ObjectMeta - // we have to be careful about nil pointers here - // replication controller in particular is prone to passing nil - if podTemplate != nil { - newPodSpec = &podTemplate.Spec - newPodMeta = &podTemplate.ObjectMeta - } - if oldPodTemplate != nil { - oldPodSpec = &oldPodTemplate.Spec - oldPodMeta = &oldPodTemplate.ObjectMeta - } - return GetValidationOptionsFromPodSpecAndMeta(newPodSpec, oldPodSpec, newPodMeta, oldPodMeta) -} - -// DropDisabledTemplateFields removes disabled fields from the pod template metadata and spec. -// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a PodTemplateSpec -func DropDisabledTemplateFields(podTemplate, oldPodTemplate *api.PodTemplateSpec) { - var ( - podSpec *api.PodSpec - podAnnotations map[string]string - oldPodSpec *api.PodSpec - oldPodAnnotations map[string]string - ) - if podTemplate != nil { - podSpec = &podTemplate.Spec - podAnnotations = podTemplate.Annotations - } - if oldPodTemplate != nil { - oldPodSpec = &oldPodTemplate.Spec - oldPodAnnotations = oldPodTemplate.Annotations - } - dropDisabledFields(podSpec, podAnnotations, oldPodSpec, oldPodAnnotations) -} - -// DropDisabledPodFields removes disabled fields from the pod metadata and spec. -// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a Pod -func DropDisabledPodFields(pod, oldPod *api.Pod) { - var ( - podSpec *api.PodSpec - podAnnotations map[string]string - oldPodSpec *api.PodSpec - oldPodAnnotations map[string]string - ) - if pod != nil { - podSpec = &pod.Spec - podAnnotations = pod.Annotations - } - if oldPod != nil { - oldPodSpec = &oldPod.Spec - oldPodAnnotations = oldPod.Annotations - } - dropDisabledFields(podSpec, podAnnotations, oldPodSpec, oldPodAnnotations) -} - -// dropDisabledFields removes disabled fields from the pod metadata and spec. -func dropDisabledFields( - podSpec *api.PodSpec, podAnnotations map[string]string, - oldPodSpec *api.PodSpec, oldPodAnnotations map[string]string, -) { - // the new spec must always be non-nil - if podSpec == nil { - podSpec = &api.PodSpec{} - } - - if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) && !appArmorInUse(oldPodAnnotations) { - for k := range podAnnotations { - if strings.HasPrefix(k, v1.AppArmorBetaContainerAnnotationKeyPrefix) { - delete(podAnnotations, k) - } - } - } - - if !utilfeature.DefaultFeatureGate.Enabled(features.ProbeTerminationGracePeriod) && !probeGracePeriodInUse(oldPodSpec) { - // Set pod-level terminationGracePeriodSeconds to nil if the feature is disabled and it is not used - VisitContainers(podSpec, AllContainers, func(c *api.Container, containerType ContainerType) bool { - if c.LivenessProbe != nil { - c.LivenessProbe.TerminationGracePeriodSeconds = nil - } - if c.StartupProbe != nil { - c.StartupProbe.TerminationGracePeriodSeconds = nil - } - // cannot be set for readiness probes - return true - }) - } - - // If the feature is disabled and not in use, drop the hostUsers field. - if !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) && !hostUsersInUse(oldPodSpec) { - // Drop the field in podSpec only if SecurityContext is not nil. - // If it is nil, there is no need to set hostUsers=nil (it will be nil too). - if podSpec.SecurityContext != nil { - podSpec.SecurityContext.HostUsers = nil - } - } - - // If the feature is disabled and not in use, drop the schedulingGates field. - if !utilfeature.DefaultFeatureGate.Enabled(features.PodSchedulingReadiness) && !schedulingGatesInUse(oldPodSpec) { - podSpec.SchedulingGates = nil - } - - dropDisabledProcMountField(podSpec, oldPodSpec) - - dropDisabledTopologySpreadConstraintsFields(podSpec, oldPodSpec) - dropDisabledNodeInclusionPolicyFields(podSpec, oldPodSpec) - dropDisabledMatchLabelKeysField(podSpec, oldPodSpec) - dropDisabledDynamicResourceAllocationFields(podSpec, oldPodSpec) -} - -// dropDisabledDynamicResourceAllocationFields removes pod claim references from -// container specs and pod-level resource claims unless they are already used -// by the old pod spec. -func dropDisabledDynamicResourceAllocationFields(podSpec, oldPodSpec *api.PodSpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicResourceAllocation) && !dynamicResourceAllocationInUse(oldPodSpec) { - dropResourceClaimRequests(podSpec.Containers) - dropResourceClaimRequests(podSpec.InitContainers) - dropEphemeralResourceClaimRequests(podSpec.EphemeralContainers) - podSpec.ResourceClaims = nil - } -} - -func dynamicResourceAllocationInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - - // We only need to check this field because the containers cannot have - // resource requirements entries for claims without a corresponding - // entry at the pod spec level. - return len(podSpec.ResourceClaims) > 0 -} - -func dropResourceClaimRequests(containers []api.Container) { - for i := range containers { - containers[i].Resources.Claims = nil - } -} - -func dropEphemeralResourceClaimRequests(containers []api.EphemeralContainer) { - for i := range containers { - containers[i].Resources.Claims = nil - } -} - -// dropDisabledTopologySpreadConstraintsFields removes disabled fields from PodSpec related -// to TopologySpreadConstraints only if it is not already used by the old spec. -func dropDisabledTopologySpreadConstraintsFields(podSpec, oldPodSpec *api.PodSpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.MinDomainsInPodTopologySpread) && - !minDomainsInUse(oldPodSpec) && - podSpec != nil { - for i := range podSpec.TopologySpreadConstraints { - podSpec.TopologySpreadConstraints[i].MinDomains = nil - } - } -} - -// minDomainsInUse returns true if the pod spec is non-nil -// and has non-nil MinDomains field in TopologySpreadConstraints. -func minDomainsInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - - for _, c := range podSpec.TopologySpreadConstraints { - if c.MinDomains != nil { - return true - } - } - return false -} - -// dropDisabledProcMountField removes disabled fields from PodSpec related -// to ProcMount only if it is not already used by the old spec -func dropDisabledProcMountField(podSpec, oldPodSpec *api.PodSpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) && !procMountInUse(oldPodSpec) { - defaultProcMount := api.DefaultProcMount - VisitContainers(podSpec, AllContainers, func(c *api.Container, containerType ContainerType) bool { - if c.SecurityContext != nil && c.SecurityContext.ProcMount != nil { - // The ProcMount field was improperly forced to non-nil in 1.12. - // If the feature is disabled, and the existing object is not using any non-default values, and the ProcMount field is present in the incoming object, force to the default value. - // Note: we cannot force the field to nil when the feature is disabled because it causes a diff against previously persisted data. - c.SecurityContext.ProcMount = &defaultProcMount - } - return true - }) - } -} - -// dropDisabledNodeInclusionPolicyFields removes disabled fields from PodSpec related -// to NodeInclusionPolicy only if it is not used by the old spec. -func dropDisabledNodeInclusionPolicyFields(podSpec, oldPodSpec *api.PodSpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.NodeInclusionPolicyInPodTopologySpread) && podSpec != nil { - if !nodeTaintsPolicyInUse(oldPodSpec) { - for i := range podSpec.TopologySpreadConstraints { - podSpec.TopologySpreadConstraints[i].NodeTaintsPolicy = nil - } - } - if !nodeAffinityPolicyInUse(oldPodSpec) { - for i := range podSpec.TopologySpreadConstraints { - podSpec.TopologySpreadConstraints[i].NodeAffinityPolicy = nil - } - } - } -} - -// dropDisabledMatchLabelKeysField removes disabled fields from PodSpec related -// to MatchLabelKeys only if it is not already used by the old spec. -func dropDisabledMatchLabelKeysField(podSpec, oldPodSpec *api.PodSpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.MatchLabelKeysInPodTopologySpread) && !matchLabelKeysInUse(oldPodSpec) { - for i := range podSpec.TopologySpreadConstraints { - podSpec.TopologySpreadConstraints[i].MatchLabelKeys = nil - } - } -} - -// matchLabelKeysInUse returns true if the pod spec is non-nil -// and has MatchLabelKeys field set in TopologySpreadConstraints. -func matchLabelKeysInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - - for _, c := range podSpec.TopologySpreadConstraints { - if len(c.MatchLabelKeys) > 0 { - return true - } - } - return false -} - -// nodeAffinityPolicyInUse returns true if the pod spec is non-nil and has NodeAffinityPolicy field set -// in TopologySpreadConstraints -func nodeAffinityPolicyInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - for _, c := range podSpec.TopologySpreadConstraints { - if c.NodeAffinityPolicy != nil { - return true - } - } - return false -} - -// nodeTaintsPolicyInUse returns true if the pod spec is non-nil and has NodeTaintsPolicy field set -// in TopologySpreadConstraints -func nodeTaintsPolicyInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - for _, c := range podSpec.TopologySpreadConstraints { - if c.NodeTaintsPolicy != nil { - return true - } - } - return false -} - -// hostUsersInUse returns true if the pod spec has spec.hostUsers field set. -func hostUsersInUse(podSpec *api.PodSpec) bool { - if podSpec != nil && podSpec.SecurityContext != nil && podSpec.SecurityContext.HostUsers != nil { - return true - } - - return false -} - -// procMountInUse returns true if the pod spec is non-nil and has a SecurityContext's ProcMount field set to a non-default value -func procMountInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - - var inUse bool - VisitContainers(podSpec, AllContainers, func(c *api.Container, containerType ContainerType) bool { - if c.SecurityContext == nil || c.SecurityContext.ProcMount == nil { - return true - } - if *c.SecurityContext.ProcMount != api.DefaultProcMount { - inUse = true - return false - } - return true - }) - - return inUse -} - -// appArmorInUse returns true if the pod has apparmor related information -func appArmorInUse(podAnnotations map[string]string) bool { - for k := range podAnnotations { - if strings.HasPrefix(k, v1.AppArmorBetaContainerAnnotationKeyPrefix) { - return true - } - } - return false -} - -// probeGracePeriodInUse returns true if the pod spec is non-nil and has a probe that makes use -// of the probe-level terminationGracePeriodSeconds feature -func probeGracePeriodInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - - var inUse bool - VisitContainers(podSpec, AllContainers, func(c *api.Container, containerType ContainerType) bool { - // cannot be set for readiness probes - if (c.LivenessProbe != nil && c.LivenessProbe.TerminationGracePeriodSeconds != nil) || - (c.StartupProbe != nil && c.StartupProbe.TerminationGracePeriodSeconds != nil) { - inUse = true - return false - } - return true - }) - - return inUse -} - -// schedulingGatesInUse returns true if the pod spec is non-nil and it has SchedulingGates field set. -func schedulingGatesInUse(podSpec *api.PodSpec) bool { - if podSpec == nil { - return false - } - return len(podSpec.SchedulingGates) != 0 -} - -// SeccompAnnotationForField takes a pod seccomp profile field and returns the -// converted annotation value -func SeccompAnnotationForField(field *api.SeccompProfile) string { - // If only seccomp fields are specified, add the corresponding annotations. - // This ensures that the fields are enforced even if the node version - // trails the API version - switch field.Type { - case api.SeccompProfileTypeUnconfined: - return v1.SeccompProfileNameUnconfined - - case api.SeccompProfileTypeRuntimeDefault: - return v1.SeccompProfileRuntimeDefault - - case api.SeccompProfileTypeLocalhost: - if field.LocalhostProfile != nil { - return v1.SeccompLocalhostProfileNamePrefix + *field.LocalhostProfile - } - } - - // we can only reach this code path if the LocalhostProfile is nil but the - // provided field type is SeccompProfileTypeLocalhost or if an unrecognized - // type is specified - return "" -} - -func hasInvalidLabelValueInAffinitySelector(spec *api.PodSpec) bool { - if spec.Affinity != nil { - if spec.Affinity.PodAffinity != nil { - for _, term := range spec.Affinity.PodAffinity.RequiredDuringSchedulingIgnoredDuringExecution { - allErrs := apivalidation.ValidatePodAffinityTermSelector(term, false, nil) - if len(allErrs) != 0 { - return true - } - } - for _, term := range spec.Affinity.PodAffinity.PreferredDuringSchedulingIgnoredDuringExecution { - allErrs := apivalidation.ValidatePodAffinityTermSelector(term.PodAffinityTerm, false, nil) - if len(allErrs) != 0 { - return true - } - } - } - if spec.Affinity.PodAntiAffinity != nil { - for _, term := range spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution { - allErrs := apivalidation.ValidatePodAffinityTermSelector(term, false, nil) - if len(allErrs) != 0 { - return true - } - } - for _, term := range spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution { - allErrs := apivalidation.ValidatePodAffinityTermSelector(term.PodAffinityTerm, false, nil) - if len(allErrs) != 0 { - return true - } - } - } - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/warnings.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/warnings.go deleted file mode 100644 index f2e5d8fa01..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/pod/warnings.go +++ /dev/null @@ -1,254 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package pod - -import ( - "context" - "fmt" - "strings" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - nodeapi "k8s.io/kubernetes/pkg/api/node" - pvcutil "k8s.io/kubernetes/pkg/api/persistentvolumeclaim" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/pods" -) - -func GetWarningsForPod(ctx context.Context, pod, oldPod *api.Pod) []string { - if pod == nil { - return nil - } - - var ( - oldSpec *api.PodSpec - oldMeta *metav1.ObjectMeta - ) - if oldPod != nil { - oldSpec = &oldPod.Spec - oldMeta = &oldPod.ObjectMeta - } - return warningsForPodSpecAndMeta(nil, &pod.Spec, &pod.ObjectMeta, oldSpec, oldMeta) -} - -func GetWarningsForPodTemplate(ctx context.Context, fieldPath *field.Path, podTemplate, oldPodTemplate *api.PodTemplateSpec) []string { - if podTemplate == nil { - return nil - } - - var ( - oldSpec *api.PodSpec - oldMeta *metav1.ObjectMeta - ) - if oldPodTemplate != nil { - oldSpec = &oldPodTemplate.Spec - oldMeta = &oldPodTemplate.ObjectMeta - } - return warningsForPodSpecAndMeta(fieldPath, &podTemplate.Spec, &podTemplate.ObjectMeta, oldSpec, oldMeta) -} - -var deprecatedAnnotations = []struct { - key string - prefix string - message string -}{ - { - key: `scheduler.alpha.kubernetes.io/critical-pod`, - message: `non-functional in v1.16+; use the "priorityClassName" field instead`, - }, - { - key: `security.alpha.kubernetes.io/sysctls`, - message: `non-functional in v1.11+; use the "sysctls" field instead`, - }, - { - key: `security.alpha.kubernetes.io/unsafe-sysctls`, - message: `non-functional in v1.11+; use the "sysctls" field instead`, - }, -} - -func warningsForPodSpecAndMeta(fieldPath *field.Path, podSpec *api.PodSpec, meta *metav1.ObjectMeta, oldPodSpec *api.PodSpec, oldMeta *metav1.ObjectMeta) []string { - var warnings []string - - // use of deprecated node labels in selectors/affinity/topology - for k := range podSpec.NodeSelector { - if msg, deprecated := nodeapi.GetNodeLabelDeprecatedMessage(k); deprecated { - warnings = append(warnings, fmt.Sprintf("%s: %s", fieldPath.Child("spec", "nodeSelector").Key(k), msg)) - } - } - if podSpec.Affinity != nil && podSpec.Affinity.NodeAffinity != nil { - n := podSpec.Affinity.NodeAffinity - if n.RequiredDuringSchedulingIgnoredDuringExecution != nil { - termFldPath := fieldPath.Child("spec", "affinity", "nodeAffinity", "requiredDuringSchedulingIgnoredDuringExecution", "nodeSelectorTerms") - for i, term := range n.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms { - warnings = append(warnings, nodeapi.GetWarningsForNodeSelectorTerm(term, termFldPath.Index(i))...) - } - } - preferredFldPath := fieldPath.Child("spec", "affinity", "nodeAffinity", "preferredDuringSchedulingIgnoredDuringExecution") - for i, term := range n.PreferredDuringSchedulingIgnoredDuringExecution { - warnings = append(warnings, nodeapi.GetWarningsForNodeSelectorTerm(term.Preference, preferredFldPath.Index(i).Child("preference"))...) - } - } - for i, t := range podSpec.TopologySpreadConstraints { - if msg, deprecated := nodeapi.GetNodeLabelDeprecatedMessage(t.TopologyKey); deprecated { - warnings = append(warnings, fmt.Sprintf( - "%s: %s is %s", - fieldPath.Child("spec", "topologySpreadConstraints").Index(i).Child("topologyKey"), - t.TopologyKey, - msg, - )) - } - } - - // use of deprecated annotations - for _, deprecated := range deprecatedAnnotations { - if _, exists := meta.Annotations[deprecated.key]; exists { - warnings = append(warnings, fmt.Sprintf("%s: %s", fieldPath.Child("metadata", "annotations").Key(deprecated.key), deprecated.message)) - } - if len(deprecated.prefix) > 0 { - for k := range meta.Annotations { - if strings.HasPrefix(k, deprecated.prefix) { - warnings = append(warnings, fmt.Sprintf("%s: %s", fieldPath.Child("metadata", "annotations").Key(k), deprecated.message)) - break - } - } - } - } - - // deprecated and removed volume plugins - for i, v := range podSpec.Volumes { - if v.PhotonPersistentDisk != nil { - warnings = append(warnings, fmt.Sprintf("%s: deprecated in v1.11, non-functional in v1.16+", fieldPath.Child("spec", "volumes").Index(i).Child("photonPersistentDisk"))) - } - if v.GitRepo != nil { - warnings = append(warnings, fmt.Sprintf("%s: deprecated in v1.11", fieldPath.Child("spec", "volumes").Index(i).Child("gitRepo"))) - } - if v.ScaleIO != nil { - warnings = append(warnings, fmt.Sprintf("%s: deprecated in v1.16, non-functional in v1.22+", fieldPath.Child("spec", "volumes").Index(i).Child("scaleIO"))) - } - if v.Flocker != nil { - warnings = append(warnings, fmt.Sprintf("%s: deprecated in v1.22, support removal is planned in v1.26", fieldPath.Child("spec", "volumes").Index(i).Child("flocker"))) - } - if v.StorageOS != nil { - warnings = append(warnings, fmt.Sprintf("%s: deprecated in v1.22, support removal is planned in v1.26", fieldPath.Child("spec", "volumes").Index(i).Child("storageOS"))) - } - if v.Quobyte != nil { - warnings = append(warnings, fmt.Sprintf("%s: deprecated in v1.22, support removal is planned in v1.26", fieldPath.Child("spec", "volumes").Index(i).Child("quobyte"))) - } - if v.Glusterfs != nil { - warnings = append(warnings, fmt.Sprintf("%s: deprecated in v1.25, this feature will be removed soon after in a subsequent release", fieldPath.Child("spec", "volumes").Index(i).Child("glusterfs"))) - } - if v.Ephemeral != nil && v.Ephemeral.VolumeClaimTemplate != nil { - warnings = append(warnings, pvcutil.GetWarningsForPersistentVolumeClaimSpec(fieldPath.Child("spec", "volumes").Index(i).Child("ephemeral").Child("volumeClaimTemplate").Child("spec"), v.Ephemeral.VolumeClaimTemplate.Spec)...) - } - } - - // duplicate hostAliases (#91670, #58477) - if len(podSpec.HostAliases) > 1 { - items := sets.NewString() - for i, item := range podSpec.HostAliases { - if items.Has(item.IP) { - warnings = append(warnings, fmt.Sprintf("%s: duplicate ip %q", fieldPath.Child("spec", "hostAliases").Index(i).Child("ip"), item.IP)) - } else { - items.Insert(item.IP) - } - } - } - - // duplicate imagePullSecrets (#91629, #58477) - if len(podSpec.ImagePullSecrets) > 1 { - items := sets.NewString() - for i, item := range podSpec.ImagePullSecrets { - if items.Has(item.Name) { - warnings = append(warnings, fmt.Sprintf("%s: duplicate name %q", fieldPath.Child("spec", "imagePullSecrets").Index(i).Child("name"), item.Name)) - } else { - items.Insert(item.Name) - } - } - } - // imagePullSecrets with empty name (#99454#issuecomment-787838112) - for i, item := range podSpec.ImagePullSecrets { - if len(item.Name) == 0 { - warnings = append(warnings, fmt.Sprintf("%s: invalid empty name %q", fieldPath.Child("spec", "imagePullSecrets").Index(i).Child("name"), item.Name)) - } - } - - // duplicate volume names (#78266, #58477) - if len(podSpec.Volumes) > 1 { - items := sets.NewString() - for i, item := range podSpec.Volumes { - if items.Has(item.Name) { - warnings = append(warnings, fmt.Sprintf("%s: duplicate name %q", fieldPath.Child("spec", "volumes").Index(i).Child("name"), item.Name)) - } else { - items.Insert(item.Name) - } - } - } - - // fractional memory/ephemeral-storage requests/limits (#79950, #49442, #18538) - if value, ok := podSpec.Overhead[api.ResourceMemory]; ok && value.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf("%s: fractional byte value %q is invalid, must be an integer", fieldPath.Child("spec", "overhead").Key(string(api.ResourceMemory)), value.String())) - } - if value, ok := podSpec.Overhead[api.ResourceEphemeralStorage]; ok && value.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf("%s: fractional byte value %q is invalid, must be an integer", fieldPath.Child("spec", "overhead").Key(string(api.ResourceEphemeralStorage)), value.String())) - } - - // use of pod seccomp annotation without accompanying field - if podSpec.SecurityContext == nil || podSpec.SecurityContext.SeccompProfile == nil { - if _, exists := meta.Annotations[api.SeccompPodAnnotationKey]; exists { - warnings = append(warnings, fmt.Sprintf(`%s: deprecated since v1.19, non-functional in a future release; use the "seccompProfile" field instead`, fieldPath.Child("metadata", "annotations").Key(api.SeccompPodAnnotationKey))) - } - } - - pods.VisitContainersWithPath(podSpec, fieldPath.Child("spec"), func(c *api.Container, p *field.Path) bool { - // use of container seccomp annotation without accompanying field - if c.SecurityContext == nil || c.SecurityContext.SeccompProfile == nil { - if _, exists := meta.Annotations[api.SeccompContainerAnnotationKeyPrefix+c.Name]; exists { - warnings = append(warnings, fmt.Sprintf(`%s: deprecated since v1.19, non-functional in a future release; use the "seccompProfile" field instead`, fieldPath.Child("metadata", "annotations").Key(api.SeccompContainerAnnotationKeyPrefix+c.Name))) - } - } - - // fractional memory/ephemeral-storage requests/limits (#79950, #49442, #18538) - if value, ok := c.Resources.Limits[api.ResourceMemory]; ok && value.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf("%s: fractional byte value %q is invalid, must be an integer", p.Child("resources", "limits").Key(string(api.ResourceMemory)), value.String())) - } - if value, ok := c.Resources.Requests[api.ResourceMemory]; ok && value.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf("%s: fractional byte value %q is invalid, must be an integer", p.Child("resources", "requests").Key(string(api.ResourceMemory)), value.String())) - } - if value, ok := c.Resources.Limits[api.ResourceEphemeralStorage]; ok && value.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf("%s: fractional byte value %q is invalid, must be an integer", p.Child("resources", "limits").Key(string(api.ResourceEphemeralStorage)), value.String())) - } - if value, ok := c.Resources.Requests[api.ResourceEphemeralStorage]; ok && value.MilliValue()%int64(1000) != int64(0) { - warnings = append(warnings, fmt.Sprintf("%s: fractional byte value %q is invalid, must be an integer", p.Child("resources", "requests").Key(string(api.ResourceEphemeralStorage)), value.String())) - } - - // duplicate containers[*].env (#86163, #93266, #58477) - if len(c.Env) > 1 { - items := sets.NewString() - for i, item := range c.Env { - if items.Has(item.Name) { - warnings = append(warnings, fmt.Sprintf("%s: duplicate name %q", p.Child("env").Index(i).Child("name"), item.Name)) - } else { - items.Insert(item.Name) - } - } - } - return true - }) - - return warnings -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/podsecuritypolicy/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/api/podsecuritypolicy/OWNERS deleted file mode 100644 index 59ee7e4862..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/podsecuritypolicy/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-policy-approvers - - sig-auth-policy-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/podsecuritypolicy/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/podsecuritypolicy/util.go deleted file mode 100644 index 0b31891dea..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/podsecuritypolicy/util.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podsecuritypolicy - -import ( - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/features" -) - -// DropDisabledFields removes disabled fields from the pod security policy spec. -// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pod security policy spec. -func DropDisabledFields(pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) && !allowedProcMountTypesInUse(oldPSPSpec) { - pspSpec.AllowedProcMountTypes = nil - } -} - -func allowedProcMountTypesInUse(oldPSPSpec *policy.PodSecurityPolicySpec) bool { - if oldPSPSpec == nil { - return false - } - - if oldPSPSpec.AllowedProcMountTypes != nil { - return true - } - - return false - -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/service/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/api/service/OWNERS deleted file mode 100644 index a1efa9b2af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/service/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - justinsb - - freehan diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/service/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/service/util.go deleted file mode 100644 index a4262edad2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/service/util.go +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package service - -import ( - "fmt" - "strings" - - api "k8s.io/kubernetes/pkg/apis/core" - utilnet "k8s.io/utils/net" -) - -const ( - defaultLoadBalancerSourceRanges = "0.0.0.0/0" -) - -// IsAllowAll checks whether the utilnet.IPNet allows traffic from 0.0.0.0/0 -func IsAllowAll(ipnets utilnet.IPNetSet) bool { - for _, s := range ipnets.StringSlice() { - if s == "0.0.0.0/0" { - return true - } - } - return false -} - -// GetLoadBalancerSourceRanges first try to parse and verify LoadBalancerSourceRanges field from a service. -// If the field is not specified, turn to parse and verify the AnnotationLoadBalancerSourceRangesKey annotation from a service, -// extracting the source ranges to allow, and if not present returns a default (allow-all) value. -func GetLoadBalancerSourceRanges(service *api.Service) (utilnet.IPNetSet, error) { - var ipnets utilnet.IPNetSet - var err error - // if SourceRange field is specified, ignore sourceRange annotation - if len(service.Spec.LoadBalancerSourceRanges) > 0 { - specs := service.Spec.LoadBalancerSourceRanges - ipnets, err = utilnet.ParseIPNets(specs...) - - if err != nil { - return nil, fmt.Errorf("service.Spec.LoadBalancerSourceRanges: %v is not valid. Expecting a list of IP ranges. For example, 10.0.0.0/24. Error msg: %v", specs, err) - } - } else { - val := service.Annotations[api.AnnotationLoadBalancerSourceRangesKey] - val = strings.TrimSpace(val) - if val == "" { - val = defaultLoadBalancerSourceRanges - } - specs := strings.Split(val, ",") - ipnets, err = utilnet.ParseIPNets(specs...) - if err != nil { - return nil, fmt.Errorf("%s: %s is not valid. Expecting a comma-separated list of source IP ranges. For example, 10.0.0.0/24,192.168.2.0/24", api.AnnotationLoadBalancerSourceRangesKey, val) - } - } - return ipnets, nil -} - -// RequestsOnlyLocalTraffic checks if service requests OnlyLocal traffic. -func RequestsOnlyLocalTraffic(service *api.Service) bool { - if service.Spec.Type != api.ServiceTypeLoadBalancer && - service.Spec.Type != api.ServiceTypeNodePort { - return false - } - - return service.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal -} - -// NeedsHealthCheck checks if service needs health check. -func NeedsHealthCheck(service *api.Service) bool { - if service.Spec.Type != api.ServiceTypeLoadBalancer { - return false - } - return RequestsOnlyLocalTraffic(service) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/storage/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/storage/util.go deleted file mode 100644 index 133d8b2b64..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/storage/util.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/util/validation/field" - nodeapi "k8s.io/kubernetes/pkg/api/node" - "k8s.io/kubernetes/pkg/apis/storage" -) - -func GetWarningsForStorageClass(sc *storage.StorageClass) []string { - var warnings []string - - if sc != nil && sc.AllowedTopologies != nil { - // use of deprecated node labels in allowedTopologies's matchLabelExpressions - for i, topo := range sc.AllowedTopologies { - for j, expression := range topo.MatchLabelExpressions { - if msg, deprecated := nodeapi.GetNodeLabelDeprecatedMessage(expression.Key); deprecated { - warnings = append(warnings, fmt.Sprintf("%s: %s", field.NewPath("allowedTopologies").Index(i).Child("matchLabelExpressions").Index(j).Child("key"), msg)) - } - } - } - } - - return warnings -} - -func GetWarningsForCSIStorageCapacity(csc *storage.CSIStorageCapacity) []string { - if csc != nil { - return nodeapi.GetWarningsForNodeSelector(csc.NodeTopology, field.NewPath("nodeTopology")) - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/endpoints/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/endpoints/util.go deleted file mode 100644 index d0af83be27..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/endpoints/util.go +++ /dev/null @@ -1,236 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package endpoints - -import ( - "bytes" - "crypto/md5" - "encoding/hex" - "hash" - "sort" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" - hashutil "k8s.io/kubernetes/pkg/util/hash" -) - -// RepackSubsets takes a slice of EndpointSubset objects, expands it to the full -// representation, and then repacks that into the canonical layout. This -// ensures that code which operates on these objects can rely on the common -// form for things like comparison. The result is a newly allocated slice. -func RepackSubsets(subsets []v1.EndpointSubset) []v1.EndpointSubset { - // First map each unique port definition to the sets of hosts that - // offer it. - allAddrs := map[addressKey]*v1.EndpointAddress{} - portToAddrReadyMap := map[v1.EndpointPort]addressSet{} - for i := range subsets { - if len(subsets[i].Ports) == 0 { - // Don't discard endpoints with no ports defined, use a sentinel. - mapAddressesByPort(&subsets[i], v1.EndpointPort{Port: -1}, allAddrs, portToAddrReadyMap) - } else { - for _, port := range subsets[i].Ports { - mapAddressesByPort(&subsets[i], port, allAddrs, portToAddrReadyMap) - } - } - } - - // Next, map the sets of hosts to the sets of ports they offer. - // Go does not allow maps or slices as keys to maps, so we have - // to synthesize an artificial key and do a sort of 2-part - // associative entity. - type keyString string - keyToAddrReadyMap := map[keyString]addressSet{} - addrReadyMapKeyToPorts := map[keyString][]v1.EndpointPort{} - for port, addrs := range portToAddrReadyMap { - key := keyString(hashAddresses(addrs)) - keyToAddrReadyMap[key] = addrs - if port.Port > 0 { // avoid sentinels - addrReadyMapKeyToPorts[key] = append(addrReadyMapKeyToPorts[key], port) - } else { - if _, found := addrReadyMapKeyToPorts[key]; !found { - // Force it to be present in the map - addrReadyMapKeyToPorts[key] = nil - } - } - } - - // Next, build the N-to-M association the API wants. - final := []v1.EndpointSubset{} - for key, ports := range addrReadyMapKeyToPorts { - var readyAddrs, notReadyAddrs []v1.EndpointAddress - for addr, ready := range keyToAddrReadyMap[key] { - if ready { - readyAddrs = append(readyAddrs, *addr) - } else { - notReadyAddrs = append(notReadyAddrs, *addr) - } - } - final = append(final, v1.EndpointSubset{Addresses: readyAddrs, NotReadyAddresses: notReadyAddrs, Ports: ports}) - } - - // Finally, sort it. - return SortSubsets(final) -} - -// The sets of hosts must be de-duped, using IP+UID as the key. -type addressKey struct { - ip string - uid types.UID -} - -// mapAddressesByPort adds all ready and not-ready addresses into a map by a single port. -func mapAddressesByPort(subset *v1.EndpointSubset, port v1.EndpointPort, allAddrs map[addressKey]*v1.EndpointAddress, portToAddrReadyMap map[v1.EndpointPort]addressSet) { - for k := range subset.Addresses { - mapAddressByPort(&subset.Addresses[k], port, true, allAddrs, portToAddrReadyMap) - } - for k := range subset.NotReadyAddresses { - mapAddressByPort(&subset.NotReadyAddresses[k], port, false, allAddrs, portToAddrReadyMap) - } -} - -// mapAddressByPort adds one address into a map by port, registering the address with a unique pointer, and preserving -// any existing ready state. -func mapAddressByPort(addr *v1.EndpointAddress, port v1.EndpointPort, ready bool, allAddrs map[addressKey]*v1.EndpointAddress, portToAddrReadyMap map[v1.EndpointPort]addressSet) *v1.EndpointAddress { - // use addressKey to distinguish between two endpoints that are identical addresses - // but may have come from different hosts, for attribution. For instance, Mesos - // assigns pods the node IP, but the pods are distinct. - key := addressKey{ip: addr.IP} - if addr.TargetRef != nil { - key.uid = addr.TargetRef.UID - } - - // Accumulate the address. The full EndpointAddress structure is preserved for use when - // we rebuild the subsets so that the final TargetRef has all of the necessary data. - existingAddress := allAddrs[key] - if existingAddress == nil { - // Make a copy so we don't write to the - // input args of this function. - existingAddress = &v1.EndpointAddress{} - *existingAddress = *addr - allAddrs[key] = existingAddress - } - - // Remember that this port maps to this address. - if _, found := portToAddrReadyMap[port]; !found { - portToAddrReadyMap[port] = addressSet{} - } - // if we have not yet recorded this port for this address, or if the previous - // state was ready, write the current ready state. not ready always trumps - // ready. - if wasReady, found := portToAddrReadyMap[port][existingAddress]; !found || wasReady { - portToAddrReadyMap[port][existingAddress] = ready - } - return existingAddress -} - -type addressSet map[*v1.EndpointAddress]bool - -type addrReady struct { - addr *v1.EndpointAddress - ready bool -} - -func hashAddresses(addrs addressSet) string { - // Flatten the list of addresses into a string so it can be used as a - // map key. Unfortunately, DeepHashObject is implemented in terms of - // spew, and spew does not handle non-primitive map keys well. So - // first we collapse it into a slice, sort the slice, then hash that. - slice := make([]addrReady, 0, len(addrs)) - for k, ready := range addrs { - slice = append(slice, addrReady{k, ready}) - } - sort.Sort(addrsReady(slice)) - hasher := md5.New() - hashutil.DeepHashObject(hasher, slice) - return hex.EncodeToString(hasher.Sum(nil)[0:]) -} - -func lessAddrReady(a, b addrReady) bool { - // ready is not significant to hashing since we can't have duplicate addresses - return LessEndpointAddress(a.addr, b.addr) -} - -type addrsReady []addrReady - -func (sl addrsReady) Len() int { return len(sl) } -func (sl addrsReady) Swap(i, j int) { sl[i], sl[j] = sl[j], sl[i] } -func (sl addrsReady) Less(i, j int) bool { - return lessAddrReady(sl[i], sl[j]) -} - -// LessEndpointAddress compares IP addresses lexicographically and returns true if first argument is lesser than second -func LessEndpointAddress(a, b *v1.EndpointAddress) bool { - ipComparison := bytes.Compare([]byte(a.IP), []byte(b.IP)) - if ipComparison != 0 { - return ipComparison < 0 - } - if b.TargetRef == nil { - return false - } - if a.TargetRef == nil { - return true - } - return a.TargetRef.UID < b.TargetRef.UID -} - -// SortSubsets sorts an array of EndpointSubset objects in place. For ease of -// use it returns the input slice. -func SortSubsets(subsets []v1.EndpointSubset) []v1.EndpointSubset { - for i := range subsets { - ss := &subsets[i] - sort.Sort(addrsByIPAndUID(ss.Addresses)) - sort.Sort(addrsByIPAndUID(ss.NotReadyAddresses)) - sort.Sort(portsByHash(ss.Ports)) - } - sort.Sort(subsetsByHash(subsets)) - return subsets -} - -func hashObject(hasher hash.Hash, obj interface{}) []byte { - hashutil.DeepHashObject(hasher, obj) - return hasher.Sum(nil) -} - -type subsetsByHash []v1.EndpointSubset - -func (sl subsetsByHash) Len() int { return len(sl) } -func (sl subsetsByHash) Swap(i, j int) { sl[i], sl[j] = sl[j], sl[i] } -func (sl subsetsByHash) Less(i, j int) bool { - hasher := md5.New() - h1 := hashObject(hasher, sl[i]) - h2 := hashObject(hasher, sl[j]) - return bytes.Compare(h1, h2) < 0 -} - -type addrsByIPAndUID []v1.EndpointAddress - -func (sl addrsByIPAndUID) Len() int { return len(sl) } -func (sl addrsByIPAndUID) Swap(i, j int) { sl[i], sl[j] = sl[j], sl[i] } -func (sl addrsByIPAndUID) Less(i, j int) bool { - return LessEndpointAddress(&sl[i], &sl[j]) -} - -type portsByHash []v1.EndpointPort - -func (sl portsByHash) Len() int { return len(sl) } -func (sl portsByHash) Swap(i, j int) { sl[i], sl[j] = sl[j], sl[i] } -func (sl portsByHash) Less(i, j int) bool { - hasher := md5.New() - h1 := hashObject(hasher, sl[i]) - h2 := hashObject(hasher, sl[j]) - return bytes.Compare(h1, h2) < 0 -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/persistentvolume/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/persistentvolume/util.go deleted file mode 100644 index 7d55e7778a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/persistentvolume/util.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package persistentvolume - -import ( - corev1 "k8s.io/api/core/v1" -) - -func getClaimRefNamespace(pv *corev1.PersistentVolume) string { - if pv.Spec.ClaimRef != nil { - return pv.Spec.ClaimRef.Namespace - } - return "" -} - -// Visitor is called with each object's namespace and name, and returns true if visiting should continue -type Visitor func(namespace, name string, kubeletVisible bool) (shouldContinue bool) - -func skipEmptyNames(visitor Visitor) Visitor { - return func(namespace, name string, kubeletVisible bool) bool { - if len(name) == 0 { - // continue visiting - return true - } - // delegate to visitor - return visitor(namespace, name, kubeletVisible) - } -} - -// VisitPVSecretNames invokes the visitor function with the name of every secret -// referenced by the PV spec. If visitor returns false, visiting is short-circuited. -// Returns true if visiting completed, false if visiting was short-circuited. -func VisitPVSecretNames(pv *corev1.PersistentVolume, visitor Visitor) bool { - visitor = skipEmptyNames(visitor) - source := &pv.Spec.PersistentVolumeSource - switch { - case source.AzureFile != nil: - if source.AzureFile.SecretNamespace != nil && len(*source.AzureFile.SecretNamespace) > 0 { - if len(source.AzureFile.SecretName) > 0 && !visitor(*source.AzureFile.SecretNamespace, source.AzureFile.SecretName, true /* kubeletVisible */) { - return false - } - } else { - if len(source.AzureFile.SecretName) > 0 && !visitor(getClaimRefNamespace(pv), source.AzureFile.SecretName, true /* kubeletVisible */) { - return false - } - } - return true - case source.CephFS != nil: - if source.CephFS.SecretRef != nil { - // previously persisted PV objects use claimRef namespace - ns := getClaimRefNamespace(pv) - if len(source.CephFS.SecretRef.Namespace) > 0 { - // use the secret namespace if namespace is set - ns = source.CephFS.SecretRef.Namespace - } - if !visitor(ns, source.CephFS.SecretRef.Name, true /* kubeletVisible */) { - return false - } - } - case source.Cinder != nil: - if source.Cinder.SecretRef != nil && !visitor(source.Cinder.SecretRef.Namespace, source.Cinder.SecretRef.Name, true /* kubeletVisible */) { - return false - } - case source.FlexVolume != nil: - if source.FlexVolume.SecretRef != nil { - // previously persisted PV objects use claimRef namespace - ns := getClaimRefNamespace(pv) - if len(source.FlexVolume.SecretRef.Namespace) > 0 { - // use the secret namespace if namespace is set - ns = source.FlexVolume.SecretRef.Namespace - } - if !visitor(ns, source.FlexVolume.SecretRef.Name, true /* kubeletVisible */) { - return false - } - } - case source.RBD != nil: - if source.RBD.SecretRef != nil { - // previously persisted PV objects use claimRef namespace - ns := getClaimRefNamespace(pv) - if len(source.RBD.SecretRef.Namespace) > 0 { - // use the secret namespace if namespace is set - ns = source.RBD.SecretRef.Namespace - } - if !visitor(ns, source.RBD.SecretRef.Name, true /* kubeletVisible */) { - return false - } - } - case source.ScaleIO != nil: - if source.ScaleIO.SecretRef != nil { - ns := getClaimRefNamespace(pv) - if source.ScaleIO.SecretRef != nil && len(source.ScaleIO.SecretRef.Namespace) > 0 { - ns = source.ScaleIO.SecretRef.Namespace - } - if !visitor(ns, source.ScaleIO.SecretRef.Name, true /* kubeletVisible */) { - return false - } - } - case source.ISCSI != nil: - if source.ISCSI.SecretRef != nil { - // previously persisted PV objects use claimRef namespace - ns := getClaimRefNamespace(pv) - if len(source.ISCSI.SecretRef.Namespace) > 0 { - // use the secret namespace if namespace is set - ns = source.ISCSI.SecretRef.Namespace - } - if !visitor(ns, source.ISCSI.SecretRef.Name, true /* kubeletVisible */) { - return false - } - } - case source.StorageOS != nil: - if source.StorageOS.SecretRef != nil && !visitor(source.StorageOS.SecretRef.Namespace, source.StorageOS.SecretRef.Name, true /* kubeletVisible */) { - return false - } - case source.CSI != nil: - if source.CSI.ControllerPublishSecretRef != nil { - if !visitor(source.CSI.ControllerPublishSecretRef.Namespace, source.CSI.ControllerPublishSecretRef.Name, false /* kubeletVisible */) { - return false - } - } - if source.CSI.ControllerExpandSecretRef != nil { - if !visitor(source.CSI.ControllerExpandSecretRef.Namespace, source.CSI.ControllerExpandSecretRef.Name, false /* kubeletVisible */) { - return false - } - } - - if source.CSI.NodePublishSecretRef != nil { - if !visitor(source.CSI.NodePublishSecretRef.Namespace, source.CSI.NodePublishSecretRef.Name, true /* kubeletVisible */) { - return false - } - } - if source.CSI.NodeStageSecretRef != nil { - if !visitor(source.CSI.NodeStageSecretRef.Namespace, source.CSI.NodeStageSecretRef.Name, true /* kubeletVisible */) { - return false - } - } - if source.CSI.NodeExpandSecretRef != nil { - if !visitor(source.CSI.NodeExpandSecretRef.Namespace, source.CSI.NodeExpandSecretRef.Name, true /* kubeletVisible */) { - return false - } - } - } - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/pod/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/pod/util.go deleted file mode 100644 index dc526b62eb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/api/v1/pod/util.go +++ /dev/null @@ -1,386 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package pod - -import ( - "fmt" - "time" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -// FindPort locates the container port for the given pod and portName. If the -// targetPort is a number, use that. If the targetPort is a string, look that -// string up in all named ports in all containers in the target pod. If no -// match is found, fail. -func FindPort(pod *v1.Pod, svcPort *v1.ServicePort) (int, error) { - portName := svcPort.TargetPort - switch portName.Type { - case intstr.String: - name := portName.StrVal - for _, container := range pod.Spec.Containers { - for _, port := range container.Ports { - if port.Name == name && port.Protocol == svcPort.Protocol { - return int(port.ContainerPort), nil - } - } - } - case intstr.Int: - return portName.IntValue(), nil - } - - return 0, fmt.Errorf("no suitable port for manifest: %s", pod.UID) -} - -// ContainerType signifies container type -type ContainerType int - -const ( - // Containers is for normal containers - Containers ContainerType = 1 << iota - // InitContainers is for init containers - InitContainers - // EphemeralContainers is for ephemeral containers - EphemeralContainers -) - -// AllContainers specifies that all containers be visited -const AllContainers ContainerType = InitContainers | Containers | EphemeralContainers - -// AllFeatureEnabledContainers returns a ContainerType mask which includes all container -// types except for the ones guarded by feature gate. -func AllFeatureEnabledContainers() ContainerType { - return AllContainers -} - -// ContainerVisitor is called with each container spec, and returns true -// if visiting should continue. -type ContainerVisitor func(container *v1.Container, containerType ContainerType) (shouldContinue bool) - -// Visitor is called with each object name, and returns true if visiting should continue -type Visitor func(name string) (shouldContinue bool) - -func skipEmptyNames(visitor Visitor) Visitor { - return func(name string) bool { - if len(name) == 0 { - // continue visiting - return true - } - // delegate to visitor - return visitor(name) - } -} - -// VisitContainers invokes the visitor function with a pointer to every container -// spec in the given pod spec with type set in mask. If visitor returns false, -// visiting is short-circuited. VisitContainers returns true if visiting completes, -// false if visiting was short-circuited. -func VisitContainers(podSpec *v1.PodSpec, mask ContainerType, visitor ContainerVisitor) bool { - if mask&InitContainers != 0 { - for i := range podSpec.InitContainers { - if !visitor(&podSpec.InitContainers[i], InitContainers) { - return false - } - } - } - if mask&Containers != 0 { - for i := range podSpec.Containers { - if !visitor(&podSpec.Containers[i], Containers) { - return false - } - } - } - if mask&EphemeralContainers != 0 { - for i := range podSpec.EphemeralContainers { - if !visitor((*v1.Container)(&podSpec.EphemeralContainers[i].EphemeralContainerCommon), EphemeralContainers) { - return false - } - } - } - return true -} - -// VisitPodSecretNames invokes the visitor function with the name of every secret -// referenced by the pod spec. If visitor returns false, visiting is short-circuited. -// Transitive references (e.g. pod -> pvc -> pv -> secret) are not visited. -// Returns true if visiting completed, false if visiting was short-circuited. -func VisitPodSecretNames(pod *v1.Pod, visitor Visitor) bool { - visitor = skipEmptyNames(visitor) - for _, reference := range pod.Spec.ImagePullSecrets { - if !visitor(reference.Name) { - return false - } - } - VisitContainers(&pod.Spec, AllContainers, func(c *v1.Container, containerType ContainerType) bool { - return visitContainerSecretNames(c, visitor) - }) - var source *v1.VolumeSource - - for i := range pod.Spec.Volumes { - source = &pod.Spec.Volumes[i].VolumeSource - switch { - case source.AzureFile != nil: - if len(source.AzureFile.SecretName) > 0 && !visitor(source.AzureFile.SecretName) { - return false - } - case source.CephFS != nil: - if source.CephFS.SecretRef != nil && !visitor(source.CephFS.SecretRef.Name) { - return false - } - case source.Cinder != nil: - if source.Cinder.SecretRef != nil && !visitor(source.Cinder.SecretRef.Name) { - return false - } - case source.FlexVolume != nil: - if source.FlexVolume.SecretRef != nil && !visitor(source.FlexVolume.SecretRef.Name) { - return false - } - case source.Projected != nil: - for j := range source.Projected.Sources { - if source.Projected.Sources[j].Secret != nil { - if !visitor(source.Projected.Sources[j].Secret.Name) { - return false - } - } - } - case source.RBD != nil: - if source.RBD.SecretRef != nil && !visitor(source.RBD.SecretRef.Name) { - return false - } - case source.Secret != nil: - if !visitor(source.Secret.SecretName) { - return false - } - case source.ScaleIO != nil: - if source.ScaleIO.SecretRef != nil && !visitor(source.ScaleIO.SecretRef.Name) { - return false - } - case source.ISCSI != nil: - if source.ISCSI.SecretRef != nil && !visitor(source.ISCSI.SecretRef.Name) { - return false - } - case source.StorageOS != nil: - if source.StorageOS.SecretRef != nil && !visitor(source.StorageOS.SecretRef.Name) { - return false - } - case source.CSI != nil: - if source.CSI.NodePublishSecretRef != nil && !visitor(source.CSI.NodePublishSecretRef.Name) { - return false - } - } - } - return true -} - -// visitContainerSecretNames returns true unless the visitor returned false when invoked with a secret reference -func visitContainerSecretNames(container *v1.Container, visitor Visitor) bool { - for _, env := range container.EnvFrom { - if env.SecretRef != nil { - if !visitor(env.SecretRef.Name) { - return false - } - } - } - for _, envVar := range container.Env { - if envVar.ValueFrom != nil && envVar.ValueFrom.SecretKeyRef != nil { - if !visitor(envVar.ValueFrom.SecretKeyRef.Name) { - return false - } - } - } - return true -} - -// VisitPodConfigmapNames invokes the visitor function with the name of every configmap -// referenced by the pod spec. If visitor returns false, visiting is short-circuited. -// Transitive references (e.g. pod -> pvc -> pv -> secret) are not visited. -// Returns true if visiting completed, false if visiting was short-circuited. -func VisitPodConfigmapNames(pod *v1.Pod, visitor Visitor) bool { - visitor = skipEmptyNames(visitor) - VisitContainers(&pod.Spec, AllContainers, func(c *v1.Container, containerType ContainerType) bool { - return visitContainerConfigmapNames(c, visitor) - }) - var source *v1.VolumeSource - for i := range pod.Spec.Volumes { - source = &pod.Spec.Volumes[i].VolumeSource - switch { - case source.Projected != nil: - for j := range source.Projected.Sources { - if source.Projected.Sources[j].ConfigMap != nil { - if !visitor(source.Projected.Sources[j].ConfigMap.Name) { - return false - } - } - } - case source.ConfigMap != nil: - if !visitor(source.ConfigMap.Name) { - return false - } - } - } - return true -} - -// visitContainerConfigmapNames returns true unless the visitor returned false when invoked with a configmap reference -func visitContainerConfigmapNames(container *v1.Container, visitor Visitor) bool { - for _, env := range container.EnvFrom { - if env.ConfigMapRef != nil { - if !visitor(env.ConfigMapRef.Name) { - return false - } - } - } - for _, envVar := range container.Env { - if envVar.ValueFrom != nil && envVar.ValueFrom.ConfigMapKeyRef != nil { - if !visitor(envVar.ValueFrom.ConfigMapKeyRef.Name) { - return false - } - } - } - return true -} - -// GetContainerStatus extracts the status of container "name" from "statuses". -// It also returns if "name" exists. -func GetContainerStatus(statuses []v1.ContainerStatus, name string) (v1.ContainerStatus, bool) { - for i := range statuses { - if statuses[i].Name == name { - return statuses[i], true - } - } - return v1.ContainerStatus{}, false -} - -// GetExistingContainerStatus extracts the status of container "name" from "statuses", -// It also returns if "name" exists. -func GetExistingContainerStatus(statuses []v1.ContainerStatus, name string) v1.ContainerStatus { - status, _ := GetContainerStatus(statuses, name) - return status -} - -// IsPodAvailable returns true if a pod is available; false otherwise. -// Precondition for an available pod is that it must be ready. On top -// of that, there are two cases when a pod can be considered available: -// 1. minReadySeconds == 0, or -// 2. LastTransitionTime (is set) + minReadySeconds < current time -func IsPodAvailable(pod *v1.Pod, minReadySeconds int32, now metav1.Time) bool { - if !IsPodReady(pod) { - return false - } - - c := GetPodReadyCondition(pod.Status) - minReadySecondsDuration := time.Duration(minReadySeconds) * time.Second - if minReadySeconds == 0 || (!c.LastTransitionTime.IsZero() && c.LastTransitionTime.Add(minReadySecondsDuration).Before(now.Time)) { - return true - } - return false -} - -// IsPodReady returns true if a pod is ready; false otherwise. -func IsPodReady(pod *v1.Pod) bool { - return IsPodReadyConditionTrue(pod.Status) -} - -// IsPodTerminal returns true if a pod is terminal, all containers are stopped and cannot ever regress. -func IsPodTerminal(pod *v1.Pod) bool { - return IsPodPhaseTerminal(pod.Status.Phase) -} - -// IsPodPhaseTerminal returns true if the pod's phase is terminal. -func IsPodPhaseTerminal(phase v1.PodPhase) bool { - return phase == v1.PodFailed || phase == v1.PodSucceeded -} - -// IsPodReadyConditionTrue returns true if a pod is ready; false otherwise. -func IsPodReadyConditionTrue(status v1.PodStatus) bool { - condition := GetPodReadyCondition(status) - return condition != nil && condition.Status == v1.ConditionTrue -} - -// IsContainersReadyConditionTrue returns true if a pod is ready; false otherwise. -func IsContainersReadyConditionTrue(status v1.PodStatus) bool { - condition := GetContainersReadyCondition(status) - return condition != nil && condition.Status == v1.ConditionTrue -} - -// GetPodReadyCondition extracts the pod ready condition from the given status and returns that. -// Returns nil if the condition is not present. -func GetPodReadyCondition(status v1.PodStatus) *v1.PodCondition { - _, condition := GetPodCondition(&status, v1.PodReady) - return condition -} - -// GetContainersReadyCondition extracts the containers ready condition from the given status and returns that. -// Returns nil if the condition is not present. -func GetContainersReadyCondition(status v1.PodStatus) *v1.PodCondition { - _, condition := GetPodCondition(&status, v1.ContainersReady) - return condition -} - -// GetPodCondition extracts the provided condition from the given status and returns that. -// Returns nil and -1 if the condition is not present, and the index of the located condition. -func GetPodCondition(status *v1.PodStatus, conditionType v1.PodConditionType) (int, *v1.PodCondition) { - if status == nil { - return -1, nil - } - return GetPodConditionFromList(status.Conditions, conditionType) -} - -// GetPodConditionFromList extracts the provided condition from the given list of condition and -// returns the index of the condition and the condition. Returns -1 and nil if the condition is not present. -func GetPodConditionFromList(conditions []v1.PodCondition, conditionType v1.PodConditionType) (int, *v1.PodCondition) { - if conditions == nil { - return -1, nil - } - for i := range conditions { - if conditions[i].Type == conditionType { - return i, &conditions[i] - } - } - return -1, nil -} - -// UpdatePodCondition updates existing pod condition or creates a new one. Sets LastTransitionTime to now if the -// status has changed. -// Returns true if pod condition has changed or has been added. -func UpdatePodCondition(status *v1.PodStatus, condition *v1.PodCondition) bool { - condition.LastTransitionTime = metav1.Now() - // Try to find this pod condition. - conditionIndex, oldCondition := GetPodCondition(status, condition.Type) - - if oldCondition == nil { - // We are adding new pod condition. - status.Conditions = append(status.Conditions, *condition) - return true - } - // We are updating an existing condition, so we need to check if it has changed. - if condition.Status == oldCondition.Status { - condition.LastTransitionTime = oldCondition.LastTransitionTime - } - - isEqual := condition.Status == oldCondition.Status && - condition.Reason == oldCondition.Reason && - condition.Message == oldCondition.Message && - condition.LastProbeTime.Equal(&oldCondition.LastProbeTime) && - condition.LastTransitionTime.Equal(&oldCondition.LastTransitionTime) - - status.Conditions[conditionIndex] = *condition - // Return true if one of the fields have changed. - return !isEqual -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/OWNERS deleted file mode 100644 index 2fa50ca5bd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-authorizers-approvers - - sig-auth-authorizers-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/doc.go deleted file mode 100644 index 9d24e1135f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package abac diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/latest/latest.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/latest/latest.go deleted file mode 100644 index b89ab1cbd5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/latest/latest.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package latest - -import ( - //Init the abac api package - _ "k8s.io/kubernetes/pkg/apis/abac" - _ "k8s.io/kubernetes/pkg/apis/abac/v0" - _ "k8s.io/kubernetes/pkg/apis/abac/v1beta1" -) - -// TODO: this file is totally wrong, it should look like other latest files. -// lavalamp is in the middle of fixing this code, so wait for the new way of doing things.. diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/register.go deleted file mode 100644 index 8dacb58035..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/register.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package abac - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" -) - -// GroupName is the API group for abac -const GroupName = "abac.authorization.kubernetes.io" - -// SchemeGroupVersion is the API group version used to register abac internal -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Scheme is the default instance of runtime.Scheme to which types in the abac API group are api.Registry. -// TODO: remove this, abac should not have its own scheme. -var Scheme = runtime.NewScheme() - -// Codecs provides access to encoding and decoding for the scheme -var Codecs = serializer.NewCodecFactory(Scheme) - -func init() { - // TODO: delete this, abac should not have its own scheme. - addKnownTypes(Scheme) -} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Policy{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/types.go deleted file mode 100644 index 3f094b724b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/types.go +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package abac - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Policy contains a single ABAC policy rule -type Policy struct { - metav1.TypeMeta - - // Spec describes the policy rule - Spec PolicySpec -} - -// PolicySpec contains the attributes for a policy rule -type PolicySpec struct { - - // User is the username this rule applies to. - // Either user or group is required to match the request. - // "*" matches all users. - User string - - // Group is the group this rule applies to. - // Either user or group is required to match the request. - // "*" matches all groups. - Group string - - // Readonly matches readonly requests when true, and all requests when false - Readonly bool - - // APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests. - // "*" matches all API groups - APIGroup string - - // Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests. - // "*" matches all resources - Resource string - - // Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests. - // "*" matches all namespaces (including unnamespaced requests) - Namespace string - - // NonResourcePath matches non-resource request paths. - // "*" matches all paths - // "/foo/*" matches all subpaths of foo - NonResourcePath string - - // TODO: "expires" string in RFC3339 format. - - // TODO: want a way to allow some users to restart containers of a pod but - // not delete or modify it. - - // TODO: want a way to allow a controller to create a pod based only on a - // certain podTemplates. - -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/conversion.go deleted file mode 100644 index 13b5375029..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/conversion.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v0 - -import ( - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/abac" -) - -// allAuthenticated matches k8s.io/apiserver/pkg/authentication/user.AllAuthenticated, -// but we don't want a client library (which must include types), depending on a server library -const allAuthenticated = "system:authenticated" - -func Convert_v0_Policy_To_abac_Policy(in *Policy, out *abac.Policy, s conversion.Scope) error { - out.Spec.User = in.User - out.Spec.Group = in.Group - out.Spec.Namespace = in.Namespace - out.Spec.Resource = in.Resource - out.Spec.Readonly = in.Readonly - - // In v0, unspecified user and group matches all authenticated subjects - if len(in.User) == 0 && len(in.Group) == 0 { - out.Spec.Group = allAuthenticated - } - // In v0, user or group of * matches all authenticated subjects - if in.User == "*" || in.Group == "*" { - out.Spec.Group = allAuthenticated - out.Spec.User = "" - } - - // In v0, leaving namespace empty matches all namespaces - if len(in.Namespace) == 0 { - out.Spec.Namespace = "*" - } - // In v0, leaving resource empty matches all resources - if len(in.Resource) == 0 { - out.Spec.Resource = "*" - } - // Any rule in v0 should match all API groups - out.Spec.APIGroup = "*" - - // In v0, leaving namespace and resource blank allows non-resource paths - if len(in.Namespace) == 0 && len(in.Resource) == 0 { - out.Spec.NonResourcePath = "*" - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/doc.go deleted file mode 100644 index 44aa923c3d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=false -// +k8s:deepcopy-gen=package - -// +groupName=abac.authorization.kubernetes.io - -package v0 // import "k8s.io/kubernetes/pkg/apis/abac/v0" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/register.go deleted file mode 100644 index 3d22251c45..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/register.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v0 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/apis/abac" -) - -// GroupName is the group name use in this package -const GroupName = "abac.authorization.kubernetes.io" - -// SchemeGroupVersion is the API group version used to register abac v0 -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v0"} - -func init() { - // TODO: Delete this init function, abac should not have its own scheme. - utilruntime.Must(addKnownTypes(abac.Scheme)) - - utilruntime.Must(RegisterConversions(abac.Scheme)) -} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - SchemeBuilder runtime.SchemeBuilder - // localSchemeBuilder ïs a pointer to SchemeBuilder instance. Using localSchemeBuilder - // defaulting and conversion init funcs are registered as well. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - localSchemeBuilder = &SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Policy{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/types.go deleted file mode 100644 index 3ebf30fea6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/types.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:openapi-gen=true - -package v0 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Policy contains a single ABAC policy rule -type Policy struct { - metav1.TypeMeta `json:",inline"` - - // User is the username this rule applies to. - // Either user or group is required to match the request. - // "*" matches all users. - // +optional - User string `json:"user,omitempty"` - - // Group is the group this rule applies to. - // Either user or group is required to match the request. - // "*" matches all groups. - // +optional - Group string `json:"group,omitempty"` - - // Readonly matches readonly requests when true, and all requests when false - // +optional - Readonly bool `json:"readonly,omitempty"` - - // Resource is the name of a resource - // "*" matches all resources - // +optional - Resource string `json:"resource,omitempty"` - - // Namespace is the name of a namespace - // "*" matches all namespaces (including unnamespaced requests) - // +optional - Namespace string `json:"namespace,omitempty"` -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/zz_generated.conversion.go deleted file mode 100644 index 1111f6b07e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/zz_generated.conversion.go +++ /dev/null @@ -1,43 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v0 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - abac "k8s.io/kubernetes/pkg/apis/abac" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddConversionFunc((*Policy)(nil), (*abac.Policy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v0_Policy_To_abac_Policy(a.(*Policy), b.(*abac.Policy), scope) - }); err != nil { - return err - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/zz_generated.deepcopy.go deleted file mode 100644 index 0e2ad7bcab..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v0/zz_generated.deepcopy.go +++ /dev/null @@ -1,51 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v0 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Policy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/conversion.go deleted file mode 100644 index 6508d479ac..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/conversion.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/abac" -) - -// allAuthenticated matches k8s.io/apiserver/pkg/authentication/user.AllAuthenticated, -// but we don't want an client library (which must include types), depending on a server library -const allAuthenticated = "system:authenticated" - -func Convert_v1beta1_Policy_To_abac_Policy(in *Policy, out *abac.Policy, s conversion.Scope) error { - if err := autoConvert_v1beta1_Policy_To_abac_Policy(in, out, s); err != nil { - return err - } - - // In v1beta1, * user or group maps to all authenticated subjects - if in.Spec.User == "*" || in.Spec.Group == "*" { - out.Spec.Group = allAuthenticated - out.Spec.User = "" - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/doc.go deleted file mode 100644 index 62ac4e21d6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/abac -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta - -// +groupName=abac.authorization.kubernetes.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/abac/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/register.go deleted file mode 100644 index ff20882c6d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/register.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/apis/abac" -) - -// GroupName is the group name use in this package -const GroupName = "abac.authorization.kubernetes.io" - -// SchemeGroupVersion is the API group and version for abac v1beta1 -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -func init() { - // TODO: Delete this init function, abac should not have its own scheme. - utilruntime.Must(addKnownTypes(abac.Scheme)) - - utilruntime.Must(RegisterConversions(abac.Scheme)) -} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - SchemeBuilder runtime.SchemeBuilder - // localSchemeBuilder ïs a pointer to SchemeBuilder instance. Using localSchemeBuilder - // defaulting and conversion init funcs are registered as well. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - localSchemeBuilder = &SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, RegisterDefaults) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Policy{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/types.go deleted file mode 100644 index 6e7c7239c3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/types.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:openapi-gen=true - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Policy contains a single ABAC policy rule -type Policy struct { - metav1.TypeMeta `json:",inline"` - - // Spec describes the policy rule - Spec PolicySpec `json:"spec"` -} - -// PolicySpec contains the attributes for a policy rule -type PolicySpec struct { - // User is the username this rule applies to. - // Either user or group is required to match the request. - // "*" matches all users. - // +optional - User string `json:"user,omitempty"` - - // Group is the group this rule applies to. - // Either user or group is required to match the request. - // "*" matches all groups. - // +optional - Group string `json:"group,omitempty"` - - // Readonly matches readonly requests when true, and all requests when false - // +optional - Readonly bool `json:"readonly,omitempty"` - - // APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests. - // "*" matches all API groups - // +optional - APIGroup string `json:"apiGroup,omitempty"` - - // Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests. - // "*" matches all resources - // +optional - Resource string `json:"resource,omitempty"` - - // Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests. - // "*" matches all namespaces (including unnamespaced requests) - // +optional - Namespace string `json:"namespace,omitempty"` - - // NonResourcePath matches non-resource request paths. - // "*" matches all paths - // "/foo/*" matches all subpaths of foo - // +optional - NonResourcePath string `json:"nonResourcePath,omitempty"` -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 4bb4d8b540..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,109 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - abac "k8s.io/kubernetes/pkg/apis/abac" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*abac.Policy)(nil), (*Policy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_abac_Policy_To_v1beta1_Policy(a.(*abac.Policy), b.(*Policy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PolicySpec)(nil), (*abac.PolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PolicySpec_To_abac_PolicySpec(a.(*PolicySpec), b.(*abac.PolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*abac.PolicySpec)(nil), (*PolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_abac_PolicySpec_To_v1beta1_PolicySpec(a.(*abac.PolicySpec), b.(*PolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*Policy)(nil), (*abac.Policy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Policy_To_abac_Policy(a.(*Policy), b.(*abac.Policy), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_Policy_To_abac_Policy(in *Policy, out *abac.Policy, s conversion.Scope) error { - if err := Convert_v1beta1_PolicySpec_To_abac_PolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -func autoConvert_abac_Policy_To_v1beta1_Policy(in *abac.Policy, out *Policy, s conversion.Scope) error { - if err := Convert_abac_PolicySpec_To_v1beta1_PolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_abac_Policy_To_v1beta1_Policy is an autogenerated conversion function. -func Convert_abac_Policy_To_v1beta1_Policy(in *abac.Policy, out *Policy, s conversion.Scope) error { - return autoConvert_abac_Policy_To_v1beta1_Policy(in, out, s) -} - -func autoConvert_v1beta1_PolicySpec_To_abac_PolicySpec(in *PolicySpec, out *abac.PolicySpec, s conversion.Scope) error { - out.User = in.User - out.Group = in.Group - out.Readonly = in.Readonly - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.Namespace = in.Namespace - out.NonResourcePath = in.NonResourcePath - return nil -} - -// Convert_v1beta1_PolicySpec_To_abac_PolicySpec is an autogenerated conversion function. -func Convert_v1beta1_PolicySpec_To_abac_PolicySpec(in *PolicySpec, out *abac.PolicySpec, s conversion.Scope) error { - return autoConvert_v1beta1_PolicySpec_To_abac_PolicySpec(in, out, s) -} - -func autoConvert_abac_PolicySpec_To_v1beta1_PolicySpec(in *abac.PolicySpec, out *PolicySpec, s conversion.Scope) error { - out.User = in.User - out.Group = in.Group - out.Readonly = in.Readonly - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.Namespace = in.Namespace - out.NonResourcePath = in.NonResourcePath - return nil -} - -// Convert_abac_PolicySpec_To_v1beta1_PolicySpec is an autogenerated conversion function. -func Convert_abac_PolicySpec_To_v1beta1_PolicySpec(in *abac.PolicySpec, out *PolicySpec, s conversion.Scope) error { - return autoConvert_abac_PolicySpec_To_v1beta1_PolicySpec(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index f4cc7b93f5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Spec = in.Spec - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Policy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicySpec) DeepCopyInto(out *PolicySpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec. -func (in *PolicySpec) DeepCopy() *PolicySpec { - if in == nil { - return nil - } - out := new(PolicySpec) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 198b5be4af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/zz_generated.deepcopy.go deleted file mode 100644 index 40c5b58fdf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/abac/zz_generated.deepcopy.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package abac - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Spec = in.Spec - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Policy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicySpec) DeepCopyInto(out *PolicySpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec. -func (in *PolicySpec) DeepCopy() *PolicySpec { - if in == nil { - return nil - } - out := new(PolicySpec) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/doc.go deleted file mode 100644 index bbf4d2e92d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=admission.k8s.io - -package admission // import "k8s.io/kubernetes/pkg/apis/admission" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/install/install.go deleted file mode 100644 index 01408afdf5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/admission" - v1 "k8s.io/kubernetes/pkg/apis/admission/v1" - "k8s.io/kubernetes/pkg/apis/admission/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(admission.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/register.go deleted file mode 100644 index 17d078fd35..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/register.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder the schema builder - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme handler to add items to the schema - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &AdmissionReview{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/types.go deleted file mode 100644 index 14051f0169..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/types.go +++ /dev/null @@ -1,166 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "k8s.io/kubernetes/pkg/apis/authentication" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// AdmissionReview describes an admission review request/response. -type AdmissionReview struct { - metav1.TypeMeta - - // Request describes the attributes for the admission request. - // +optional - Request *AdmissionRequest - - // Response describes the attributes for the admission response. - // +optional - Response *AdmissionResponse -} - -// AdmissionRequest describes the admission.Attributes for the admission request. -type AdmissionRequest struct { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - UID types.UID - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - Kind metav1.GroupVersionKind - // Resource is the fully-qualified resource being requested (for example, v1.pods) - Resource metav1.GroupVersionResource - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - SubResource string - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - RequestKind *metav1.GroupVersionKind - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - RequestResource *metav1.GroupVersionResource - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - RequestSubResource string - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this method will return the empty string. - // +optional - Name string - // Namespace is the namespace associated with the request (if any). - // +optional - Namespace string - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - Operation Operation - // UserInfo is information about the requesting user - UserInfo authentication.UserInfo - // Object is the object from the incoming request. - // +optional - Object runtime.Object - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - OldObject runtime.Object - // DryRun indicates that modifications will definitely not be persisted for this request. - // Calls to webhooks must have no side effects if DryRun is true. - // Defaults to false. - // +optional - DryRun *bool - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - Options runtime.Object -} - -// AdmissionResponse describes an admission response. -type AdmissionResponse struct { - // UID is an identifier for the individual request/response. - // This should be copied over from the corresponding AdmissionRequest. - UID types.UID - // Allowed indicates whether or not the admission request was permitted. - Allowed bool - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - Result *metav1.Status - // Patch contains the actual patch. Currently we only support a response in the form of JSONPatch, RFC 6902. - // +optional - Patch []byte - // PatchType indicates the form the Patch will take. Currently we only support "JSONPatch". - // +optional - PatchType *PatchType - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - AuditAnnotations map[string]string - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - Warnings []string -} - -// PatchType is the type of patch being used to represent the mutated object -type PatchType string - -// PatchType constants. -const ( - PatchTypeJSONPatch PatchType = "JSONPatch" -) - -// Operation is the type of resource operation being checked for admission control -type Operation string - -// Operation constants -const ( - Create Operation = "CREATE" - Update Operation = "UPDATE" - Delete Operation = "DELETE" - Connect Operation = "CONNECT" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/doc.go deleted file mode 100644 index e27e8aee59..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/admission -// +k8s:conversion-gen-external-types=k8s.io/api/admission/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/admission/v1 - -// +groupName=admission.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/admission/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/register.go deleted file mode 100644 index 54de12d311..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - admissionv1 "k8s.io/api/admission/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name for this API. -const GroupName = "admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &admissionv1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/zz_generated.conversion.go deleted file mode 100644 index 535390fd73..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/zz_generated.conversion.go +++ /dev/null @@ -1,208 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/admission/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - admission "k8s.io/kubernetes/pkg/apis/admission" - authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.AdmissionRequest)(nil), (*admission.AdmissionRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AdmissionRequest_To_admission_AdmissionRequest(a.(*v1.AdmissionRequest), b.(*admission.AdmissionRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admission.AdmissionRequest)(nil), (*v1.AdmissionRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admission_AdmissionRequest_To_v1_AdmissionRequest(a.(*admission.AdmissionRequest), b.(*v1.AdmissionRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.AdmissionResponse)(nil), (*admission.AdmissionResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AdmissionResponse_To_admission_AdmissionResponse(a.(*v1.AdmissionResponse), b.(*admission.AdmissionResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admission.AdmissionResponse)(nil), (*v1.AdmissionResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admission_AdmissionResponse_To_v1_AdmissionResponse(a.(*admission.AdmissionResponse), b.(*v1.AdmissionResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.AdmissionReview)(nil), (*admission.AdmissionReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AdmissionReview_To_admission_AdmissionReview(a.(*v1.AdmissionReview), b.(*admission.AdmissionReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admission.AdmissionReview)(nil), (*v1.AdmissionReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admission_AdmissionReview_To_v1_AdmissionReview(a.(*admission.AdmissionReview), b.(*v1.AdmissionReview), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_AdmissionRequest_To_admission_AdmissionRequest(in *v1.AdmissionRequest, out *admission.AdmissionRequest, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Kind = in.Kind - out.Resource = in.Resource - out.SubResource = in.SubResource - out.RequestKind = (*metav1.GroupVersionKind)(unsafe.Pointer(in.RequestKind)) - out.RequestResource = (*metav1.GroupVersionResource)(unsafe.Pointer(in.RequestResource)) - out.RequestSubResource = in.RequestSubResource - out.Name = in.Name - out.Namespace = in.Namespace - out.Operation = admission.Operation(in.Operation) - if err := authenticationv1.Convert_v1_UserInfo_To_authentication_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil { - return err - } - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil { - return err - } - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.OldObject, &out.OldObject, s); err != nil { - return err - } - out.DryRun = (*bool)(unsafe.Pointer(in.DryRun)) - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Options, &out.Options, s); err != nil { - return err - } - return nil -} - -// Convert_v1_AdmissionRequest_To_admission_AdmissionRequest is an autogenerated conversion function. -func Convert_v1_AdmissionRequest_To_admission_AdmissionRequest(in *v1.AdmissionRequest, out *admission.AdmissionRequest, s conversion.Scope) error { - return autoConvert_v1_AdmissionRequest_To_admission_AdmissionRequest(in, out, s) -} - -func autoConvert_admission_AdmissionRequest_To_v1_AdmissionRequest(in *admission.AdmissionRequest, out *v1.AdmissionRequest, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Kind = in.Kind - out.Resource = in.Resource - out.SubResource = in.SubResource - out.RequestKind = (*metav1.GroupVersionKind)(unsafe.Pointer(in.RequestKind)) - out.RequestResource = (*metav1.GroupVersionResource)(unsafe.Pointer(in.RequestResource)) - out.RequestSubResource = in.RequestSubResource - out.Name = in.Name - out.Namespace = in.Namespace - out.Operation = v1.Operation(in.Operation) - if err := authenticationv1.Convert_authentication_UserInfo_To_v1_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil { - return err - } - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil { - return err - } - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.OldObject, &out.OldObject, s); err != nil { - return err - } - out.DryRun = (*bool)(unsafe.Pointer(in.DryRun)) - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Options, &out.Options, s); err != nil { - return err - } - return nil -} - -// Convert_admission_AdmissionRequest_To_v1_AdmissionRequest is an autogenerated conversion function. -func Convert_admission_AdmissionRequest_To_v1_AdmissionRequest(in *admission.AdmissionRequest, out *v1.AdmissionRequest, s conversion.Scope) error { - return autoConvert_admission_AdmissionRequest_To_v1_AdmissionRequest(in, out, s) -} - -func autoConvert_v1_AdmissionResponse_To_admission_AdmissionResponse(in *v1.AdmissionResponse, out *admission.AdmissionResponse, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Allowed = in.Allowed - out.Result = (*metav1.Status)(unsafe.Pointer(in.Result)) - out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch)) - out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType)) - out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations)) - out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings)) - return nil -} - -// Convert_v1_AdmissionResponse_To_admission_AdmissionResponse is an autogenerated conversion function. -func Convert_v1_AdmissionResponse_To_admission_AdmissionResponse(in *v1.AdmissionResponse, out *admission.AdmissionResponse, s conversion.Scope) error { - return autoConvert_v1_AdmissionResponse_To_admission_AdmissionResponse(in, out, s) -} - -func autoConvert_admission_AdmissionResponse_To_v1_AdmissionResponse(in *admission.AdmissionResponse, out *v1.AdmissionResponse, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Allowed = in.Allowed - out.Result = (*metav1.Status)(unsafe.Pointer(in.Result)) - out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch)) - out.PatchType = (*v1.PatchType)(unsafe.Pointer(in.PatchType)) - out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations)) - out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings)) - return nil -} - -// Convert_admission_AdmissionResponse_To_v1_AdmissionResponse is an autogenerated conversion function. -func Convert_admission_AdmissionResponse_To_v1_AdmissionResponse(in *admission.AdmissionResponse, out *v1.AdmissionResponse, s conversion.Scope) error { - return autoConvert_admission_AdmissionResponse_To_v1_AdmissionResponse(in, out, s) -} - -func autoConvert_v1_AdmissionReview_To_admission_AdmissionReview(in *v1.AdmissionReview, out *admission.AdmissionReview, s conversion.Scope) error { - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(admission.AdmissionRequest) - if err := Convert_v1_AdmissionRequest_To_admission_AdmissionRequest(*in, *out, s); err != nil { - return err - } - } else { - out.Request = nil - } - out.Response = (*admission.AdmissionResponse)(unsafe.Pointer(in.Response)) - return nil -} - -// Convert_v1_AdmissionReview_To_admission_AdmissionReview is an autogenerated conversion function. -func Convert_v1_AdmissionReview_To_admission_AdmissionReview(in *v1.AdmissionReview, out *admission.AdmissionReview, s conversion.Scope) error { - return autoConvert_v1_AdmissionReview_To_admission_AdmissionReview(in, out, s) -} - -func autoConvert_admission_AdmissionReview_To_v1_AdmissionReview(in *admission.AdmissionReview, out *v1.AdmissionReview, s conversion.Scope) error { - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(v1.AdmissionRequest) - if err := Convert_admission_AdmissionRequest_To_v1_AdmissionRequest(*in, *out, s); err != nil { - return err - } - } else { - out.Request = nil - } - out.Response = (*v1.AdmissionResponse)(unsafe.Pointer(in.Response)) - return nil -} - -// Convert_admission_AdmissionReview_To_v1_AdmissionReview is an autogenerated conversion function. -func Convert_admission_AdmissionReview_To_v1_AdmissionReview(in *admission.AdmissionReview, out *v1.AdmissionReview, s conversion.Scope) error { - return autoConvert_admission_AdmissionReview_To_v1_AdmissionReview(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/doc.go deleted file mode 100644 index 6121375963..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/admission -// +k8s:conversion-gen-external-types=k8s.io/api/admission/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/admission/v1beta1 - -// +groupName=admission.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/admission/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/register.go deleted file mode 100644 index 703c294559..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - admissionv1beta1 "k8s.io/api/admission/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name for this API. -const GroupName = "admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &admissionv1beta1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/zz_generated.conversion.go deleted file mode 100644 index b2d44b2c9f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,208 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/admission/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - admission "k8s.io/kubernetes/pkg/apis/admission" - authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.AdmissionRequest)(nil), (*admission.AdmissionRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest(a.(*v1beta1.AdmissionRequest), b.(*admission.AdmissionRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admission.AdmissionRequest)(nil), (*v1beta1.AdmissionRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest(a.(*admission.AdmissionRequest), b.(*v1beta1.AdmissionRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.AdmissionResponse)(nil), (*admission.AdmissionResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse(a.(*v1beta1.AdmissionResponse), b.(*admission.AdmissionResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admission.AdmissionResponse)(nil), (*v1beta1.AdmissionResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse(a.(*admission.AdmissionResponse), b.(*v1beta1.AdmissionResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.AdmissionReview)(nil), (*admission.AdmissionReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AdmissionReview_To_admission_AdmissionReview(a.(*v1beta1.AdmissionReview), b.(*admission.AdmissionReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admission.AdmissionReview)(nil), (*v1beta1.AdmissionReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admission_AdmissionReview_To_v1beta1_AdmissionReview(a.(*admission.AdmissionReview), b.(*v1beta1.AdmissionReview), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest(in *v1beta1.AdmissionRequest, out *admission.AdmissionRequest, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Kind = in.Kind - out.Resource = in.Resource - out.SubResource = in.SubResource - out.RequestKind = (*v1.GroupVersionKind)(unsafe.Pointer(in.RequestKind)) - out.RequestResource = (*v1.GroupVersionResource)(unsafe.Pointer(in.RequestResource)) - out.RequestSubResource = in.RequestSubResource - out.Name = in.Name - out.Namespace = in.Namespace - out.Operation = admission.Operation(in.Operation) - if err := authenticationv1.Convert_v1_UserInfo_To_authentication_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil { - return err - } - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil { - return err - } - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.OldObject, &out.OldObject, s); err != nil { - return err - } - out.DryRun = (*bool)(unsafe.Pointer(in.DryRun)) - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Options, &out.Options, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest is an autogenerated conversion function. -func Convert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest(in *v1beta1.AdmissionRequest, out *admission.AdmissionRequest, s conversion.Scope) error { - return autoConvert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest(in, out, s) -} - -func autoConvert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest(in *admission.AdmissionRequest, out *v1beta1.AdmissionRequest, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Kind = in.Kind - out.Resource = in.Resource - out.SubResource = in.SubResource - out.RequestKind = (*v1.GroupVersionKind)(unsafe.Pointer(in.RequestKind)) - out.RequestResource = (*v1.GroupVersionResource)(unsafe.Pointer(in.RequestResource)) - out.RequestSubResource = in.RequestSubResource - out.Name = in.Name - out.Namespace = in.Namespace - out.Operation = v1beta1.Operation(in.Operation) - if err := authenticationv1.Convert_authentication_UserInfo_To_v1_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil { - return err - } - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil { - return err - } - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.OldObject, &out.OldObject, s); err != nil { - return err - } - out.DryRun = (*bool)(unsafe.Pointer(in.DryRun)) - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Options, &out.Options, s); err != nil { - return err - } - return nil -} - -// Convert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest is an autogenerated conversion function. -func Convert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest(in *admission.AdmissionRequest, out *v1beta1.AdmissionRequest, s conversion.Scope) error { - return autoConvert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest(in, out, s) -} - -func autoConvert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse(in *v1beta1.AdmissionResponse, out *admission.AdmissionResponse, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Allowed = in.Allowed - out.Result = (*v1.Status)(unsafe.Pointer(in.Result)) - out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch)) - out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType)) - out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations)) - out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings)) - return nil -} - -// Convert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse is an autogenerated conversion function. -func Convert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse(in *v1beta1.AdmissionResponse, out *admission.AdmissionResponse, s conversion.Scope) error { - return autoConvert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse(in, out, s) -} - -func autoConvert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse(in *admission.AdmissionResponse, out *v1beta1.AdmissionResponse, s conversion.Scope) error { - out.UID = types.UID(in.UID) - out.Allowed = in.Allowed - out.Result = (*v1.Status)(unsafe.Pointer(in.Result)) - out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch)) - out.PatchType = (*v1beta1.PatchType)(unsafe.Pointer(in.PatchType)) - out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations)) - out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings)) - return nil -} - -// Convert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse is an autogenerated conversion function. -func Convert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse(in *admission.AdmissionResponse, out *v1beta1.AdmissionResponse, s conversion.Scope) error { - return autoConvert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse(in, out, s) -} - -func autoConvert_v1beta1_AdmissionReview_To_admission_AdmissionReview(in *v1beta1.AdmissionReview, out *admission.AdmissionReview, s conversion.Scope) error { - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(admission.AdmissionRequest) - if err := Convert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest(*in, *out, s); err != nil { - return err - } - } else { - out.Request = nil - } - out.Response = (*admission.AdmissionResponse)(unsafe.Pointer(in.Response)) - return nil -} - -// Convert_v1beta1_AdmissionReview_To_admission_AdmissionReview is an autogenerated conversion function. -func Convert_v1beta1_AdmissionReview_To_admission_AdmissionReview(in *v1beta1.AdmissionReview, out *admission.AdmissionReview, s conversion.Scope) error { - return autoConvert_v1beta1_AdmissionReview_To_admission_AdmissionReview(in, out, s) -} - -func autoConvert_admission_AdmissionReview_To_v1beta1_AdmissionReview(in *admission.AdmissionReview, out *v1beta1.AdmissionReview, s conversion.Scope) error { - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(v1beta1.AdmissionRequest) - if err := Convert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest(*in, *out, s); err != nil { - return err - } - } else { - out.Request = nil - } - out.Response = (*v1beta1.AdmissionResponse)(unsafe.Pointer(in.Response)) - return nil -} - -// Convert_admission_AdmissionReview_To_v1beta1_AdmissionReview is an autogenerated conversion function. -func Convert_admission_AdmissionReview_To_v1beta1_AdmissionReview(in *admission.AdmissionReview, out *v1beta1.AdmissionReview, s conversion.Scope) error { - return autoConvert_admission_AdmissionReview_To_v1beta1_AdmissionReview(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 198b5be4af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/zz_generated.deepcopy.go deleted file mode 100644 index 452f53fdb7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admission/zz_generated.deepcopy.go +++ /dev/null @@ -1,148 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package admission - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionRequest) DeepCopyInto(out *AdmissionRequest) { - *out = *in - out.Kind = in.Kind - out.Resource = in.Resource - if in.RequestKind != nil { - in, out := &in.RequestKind, &out.RequestKind - *out = new(v1.GroupVersionKind) - **out = **in - } - if in.RequestResource != nil { - in, out := &in.RequestResource, &out.RequestResource - *out = new(v1.GroupVersionResource) - **out = **in - } - in.UserInfo.DeepCopyInto(&out.UserInfo) - if in.Object != nil { - out.Object = in.Object.DeepCopyObject() - } - if in.OldObject != nil { - out.OldObject = in.OldObject.DeepCopyObject() - } - if in.DryRun != nil { - in, out := &in.DryRun, &out.DryRun - *out = new(bool) - **out = **in - } - if in.Options != nil { - out.Options = in.Options.DeepCopyObject() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionRequest. -func (in *AdmissionRequest) DeepCopy() *AdmissionRequest { - if in == nil { - return nil - } - out := new(AdmissionRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) { - *out = *in - if in.Result != nil { - in, out := &in.Result, &out.Result - *out = new(v1.Status) - (*in).DeepCopyInto(*out) - } - if in.Patch != nil { - in, out := &in.Patch, &out.Patch - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.PatchType != nil { - in, out := &in.PatchType, &out.PatchType - *out = new(PatchType) - **out = **in - } - if in.AuditAnnotations != nil { - in, out := &in.AuditAnnotations, &out.AuditAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Warnings != nil { - in, out := &in.Warnings, &out.Warnings - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionResponse. -func (in *AdmissionResponse) DeepCopy() *AdmissionResponse { - if in == nil { - return nil - } - out := new(AdmissionResponse) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionReview) DeepCopyInto(out *AdmissionReview) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(AdmissionRequest) - (*in).DeepCopyInto(*out) - } - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(AdmissionResponse) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReview. -func (in *AdmissionReview) DeepCopy() *AdmissionReview { - if in == nil { - return nil - } - out := new(AdmissionReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/doc.go deleted file mode 100644 index a81502498b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=admissionregistration.k8s.io - -// Package admissionregistration is the internal version of the API. -// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration -// ValidatingWebhookConfiguration, and MutatingWebhookConfiguration are for the -// new dynamic admission controller configuration. -package admissionregistration // import "k8s.io/kubernetes/pkg/apis/admissionregistration" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/install/install.go deleted file mode 100644 index 46c301db3a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - v1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1" - "k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1" - "k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(admissionregistration.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion, v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/register.go deleted file mode 100644 index a69343e20b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/register.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admissionregistration - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the name used for this API group -const GroupName = "admissionregistration.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns back a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns back a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a global function that registers this API group & version to a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ValidatingWebhookConfiguration{}, - &ValidatingWebhookConfigurationList{}, - &MutatingWebhookConfiguration{}, - &MutatingWebhookConfigurationList{}, - &ValidatingAdmissionPolicy{}, - &ValidatingAdmissionPolicyList{}, - &ValidatingAdmissionPolicyBinding{}, - &ValidatingAdmissionPolicyBindingList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/types.go deleted file mode 100644 index 58eed90184..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/types.go +++ /dev/null @@ -1,815 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admissionregistration - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended -// to make sure that all the tuple expansions are valid. -type Rule struct { - // APIGroups is the API groups the resources belong to. '*' is all groups. - // If '*' is present, the length of the slice must be one. - // Required. - APIGroups []string - - // APIVersions is the API versions the resources belong to. '*' is all versions. - // If '*' is present, the length of the slice must be one. - // Required. - APIVersions []string - - // Resources is a list of resources this rule applies to. - // - // For example: - // 'pods' means pods. - // 'pods/log' means the log subresource of pods. - // '*' means all resources, but not subresources. - // 'pods/*' means all subresources of pods. - // '*/scale' means all scale subresources. - // '*/*' means all resources and their subresources. - // - // If wildcard is present, the validation rule will ensure resources do not - // overlap with each other. - // - // Depending on the enclosing object, subresources might not be allowed. - // Required. - Resources []string - - // scope specifies the scope of this rule. - // Valid values are "Cluster", "Namespaced", and "*" - // "Cluster" means that only cluster-scoped resources will match this rule. - // Namespace API objects are cluster-scoped. - // "Namespaced" means that only namespaced resources will match this rule. - // "*" means that there are no scope restrictions. - // Subresources match the scope of their parent resource. - // Default is "*". - // - // +optional - Scope *ScopeType -} - -// ScopeType specifies the type of scope being used -type ScopeType string - -const ( - // ClusterScope means that scope is limited to cluster-scoped objects. - // Namespace objects are cluster-scoped. - ClusterScope ScopeType = "Cluster" - // NamespacedScope means that scope is limited to namespaced objects. - NamespacedScope ScopeType = "Namespaced" - // AllScopes means that all scopes are included. - AllScopes ScopeType = "*" -) - -// FailurePolicyType specifies the type of failure policy -type FailurePolicyType string - -const ( - // Ignore means that an error calling the webhook is ignored. - Ignore FailurePolicyType = "Ignore" - // Fail means that an error calling the webhook causes the admission to fail. - Fail FailurePolicyType = "Fail" -) - -// MatchPolicyType specifies the type of match policy -type MatchPolicyType string - -const ( - // Exact means requests should only be sent to the webhook if they exactly match a given rule - Exact MatchPolicyType = "Exact" - // Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. - Equivalent MatchPolicyType = "Equivalent" -) - -// SideEffectClass denotes the type of side effects resulting from calling the webhook -type SideEffectClass string - -const ( - // SideEffectClassUnknown means that no information is known about the side effects of calling the webhook. - // If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. - SideEffectClassUnknown SideEffectClass = "Unknown" - // SideEffectClassNone means that calling the webhook will have no side effects. - SideEffectClassNone SideEffectClass = "None" - // SideEffectClassSome means that calling the webhook will possibly have side effects. - // If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. - SideEffectClassSome SideEffectClass = "Some" - // SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the - // request being reviewed has the dry-run attribute, the side effects will be suppressed. - SideEffectClassNoneOnDryRun SideEffectClass = "NoneOnDryRun" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. -type ValidatingAdmissionPolicy struct { - metav1.TypeMeta - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metav1.ObjectMeta - // Specification of the desired behavior of the ValidatingAdmissionPolicy. - Spec ValidatingAdmissionPolicySpec -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy. -type ValidatingAdmissionPolicyList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metav1.ListMeta - // List of ValidatingAdmissionPolicy. - Items []ValidatingAdmissionPolicy -} - -// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy. -type ValidatingAdmissionPolicySpec struct { - // ParamKind specifies the kind of resources used to parameterize this policy. - // If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. - // If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. - // If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null. - // +optional - ParamKind *ParamKind - - // MatchConstraints specifies what resources this policy is designed to validate. - // The AdmissionPolicy cares about a request if it matches _all_ Constraint. - // However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API - // ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. - // Required. - MatchConstraints *MatchResources - - // Validations contain CEL expressions which is used to apply the validation. - // A minimum of one validation is required for a policy definition. - // Required. - Validations []Validation - - // FailurePolicy defines how to handle failures for the admission policy. - // Failures can occur from invalid or mis-configured policy definitions or bindings. - // A policy is invalid if spec.paramKind refers to a non-existent Kind. - // A binding is invalid if spec.paramRef.name refers to a non-existent resource. - // Allowed values are Ignore or Fail. Defaults to Fail. - // +optional - FailurePolicy *FailurePolicyType -} - -// ParamKind is a tuple of Group Kind and Version. -type ParamKind struct { - // APIVersion is the API group version the resources belong to. - // In format of "group/version". - // Required. - APIVersion string - - // Kind is the API kind the resources belong to. - // Required. - Kind string -} - -// Validation specifies the CEL expression which is used to apply the validation. -type Validation struct { - // Expression represents the expression which will be evaluated by CEL. - // ref: https://github.com/google/cel-spec - // CEL expressions have access to the contents of the Admission request/response, organized into CEL variables as well as some other useful variables: - // - //'object' - The object from the incoming request. The value is null for DELETE requests. - //'oldObject' - The existing object. The value is null for CREATE requests. - //'request' - Attributes of the admission request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - //'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - // - // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the - // object. No other metadata properties are accessible. - // - // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. - // Accessible property names are escaped according to the following rules when accessed in the expression: - // - '__' escapes to '__underscores__' - // - '.' escapes to '__dot__' - // - '-' escapes to '__dash__' - // - '/' escapes to '__slash__' - // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: - // "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", - // "import", "let", "loop", "package", "namespace", "return". - // Examples: - // - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"} - // - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} - // - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} - // - // Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. - // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: - // - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and - // non-intersecting elements in `Y` are appended, retaining their partial order. - // - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values - // are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with - // non-intersecting keys are appended, retaining their partial order. - // Required. - Expression string - // Message represents the message displayed when validation fails. The message is required if the Expression contains - // line breaks. The message must not contain line breaks. - // If unset, the message is "failed rule: {Rule}". - // e.g. "must be a URL with the host matching spec.host" - // If ExpressMessage is specified, Message will be ignored - // If the Expression contains line breaks. Eith Message or ExpressMessage is required. - // The message must not contain line breaks. - // If unset, the message is "failed Expression: {Expression}". - // +optional - Message string - // Reason represents a machine-readable description of why this validation failed. - // If this is the first validation in the list to fail, this reason, as well as the - // corresponding HTTP response code, are used in the - // HTTP response to the client. - // The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". - // If not set, StatusReasonInvalid is used in the response to the client. - // +optional - Reason *metav1.StatusReason -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. -// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters. -type ValidatingAdmissionPolicyBinding struct { - metav1.TypeMeta - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metav1.ObjectMeta - // Specification of the desired behavior of the ValidatingAdmissionPolicyBinding. - Spec ValidatingAdmissionPolicyBindingSpec -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ValidatingAdmissionPolicyBindingList is a list of PolicyBinding. -type ValidatingAdmissionPolicyBindingList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metav1.ListMeta - // List of PolicyBinding. - Items []ValidatingAdmissionPolicyBinding -} - -// ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding. -type ValidatingAdmissionPolicyBindingSpec struct { - // PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. - // If the referenced resource does not exist, this binding is considered invalid and will be ignored - // Required. - PolicyName string - - // ParamRef specifies the parameter resource used to configure the admission control policy. - // It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. - // If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. - // +optional - ParamRef *ParamRef - - // MatchResources declares what resources match this binding and will be validated by it. - // Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. - // If this is unset, all resources matched by the policy are validated by this binding - // When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. - // Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required. - // +optional - MatchResources *MatchResources -} - -// ParamRef references a parameter resource -type ParamRef struct { - // Name of the resource being referenced. - Name string - // Namespace of the referenced resource. - // Should be empty for the cluster-scoped resources - // +optional - Namespace string -} - -// MatchResources decides whether to run the admission control policy on an object based -// on whether it meets the match criteria. -// The exclude rules take precedence over include rules (if a resource matches both, it is excluded) -type MatchResources struct { - // NamespaceSelector decides whether to run the admission control policy on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the policy. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the policy on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - NamespaceSelector *metav1.LabelSelector - // ObjectSelector decides whether to run the validation based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the cel validation, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - ObjectSelector *metav1.LabelSelector - // ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. - // The policy cares about an operation if it matches _any_ Rule. - // +optional - ResourceRules []NamedRuleWithOperations - // ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. - // The exclude rules take precedence over include rules (if a resource matches both, it is excluded) - // +optional - ExcludeResourceRules []NamedRuleWithOperations - // matchPolicy defines how the "MatchResources" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy. - // - // Defaults to "Equivalent" - // +optional - MatchPolicy *MatchPolicyType -} - -// NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. -type NamedRuleWithOperations struct { - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - // +optional - ResourceNames []string - // RuleWithOperations is a tuple of Operations and Resources. - RuleWithOperations RuleWithOperations -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ValidatingWebhookConfiguration describes the configuration of an admission webhook that accepts or rejects and object without changing it. -type ValidatingWebhookConfiguration struct { - metav1.TypeMeta - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metav1.ObjectMeta - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - Webhooks []ValidatingWebhook -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration. -type ValidatingWebhookConfigurationList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metav1.ListMeta - // List of ValidatingWebhookConfigurations. - Items []ValidatingWebhookConfiguration -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object. -type MutatingWebhookConfiguration struct { - metav1.TypeMeta - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metav1.ObjectMeta - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - Webhooks []MutatingWebhook -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration. -type MutatingWebhookConfigurationList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metav1.ListMeta - // List of MutatingWebhookConfiguration. - Items []MutatingWebhookConfiguration -} - -// ValidatingWebhook describes an admission webhook and the resources and operations it applies to. -type ValidatingWebhook struct { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - Name string - - // ClientConfig defines how to communicate with the hook. - // Required - ClientConfig WebhookClientConfig - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - Rules []RuleWithOperations - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Ignore. - // +optional - FailurePolicy *FailurePolicyType - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // +optional - MatchPolicy *MatchPolicyType - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - NamespaceSelector *metav1.LabelSelector - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - ObjectSelector *metav1.LabelSelector - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: Unknown, None, Some, NoneOnDryRun - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. Defaults to Unknown. - // +optional - SideEffects *SideEffectClass - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // +optional - TimeoutSeconds *int32 - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If the webhook configuration has already been persisted with a version apiserver - // does not understand, calls to the webhook will fail and be subject to the failure policy. - // +optional - AdmissionReviewVersions []string -} - -// MutatingWebhook describes an admission webhook and the resources and operations it applies to. -type MutatingWebhook struct { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - Name string - - // ClientConfig defines how to communicate with the hook. - // Required - ClientConfig WebhookClientConfig - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - Rules []RuleWithOperations - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Ignore. - // +optional - FailurePolicy *FailurePolicyType - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // +optional - MatchPolicy *MatchPolicyType - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - NamespaceSelector *metav1.LabelSelector - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - ObjectSelector *metav1.LabelSelector - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: Unknown, None, Some, NoneOnDryRun - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. Defaults to Unknown. - // +optional - SideEffects *SideEffectClass - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // +optional - TimeoutSeconds *int32 - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If the webhook configuration has already been persisted with a version apiserver - // does not understand, calls to the webhook will fail and be subject to the failure policy. - // +optional - AdmissionReviewVersions []string - - // reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. - // Allowed values are "Never" and "IfNeeded". - // - // Never: the webhook will not be called more than once in a single admission evaluation. - // - // IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation - // if the object being admitted is modified by other admission plugins after the initial webhook call. - // Webhooks that specify this option *must* be idempotent, and hence able to process objects they previously admitted. - // Note: - // * the number of additional invocations is not guaranteed to be exactly one. - // * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. - // * webhooks that use this option may be reordered to minimize the number of additional invocations. - // * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. - // - // Defaults to "Never". - // +optional - ReinvocationPolicy *ReinvocationPolicyType -} - -// ReinvocationPolicyType specifies what type of policy the admission hook uses. -type ReinvocationPolicyType string - -var ( - // NeverReinvocationPolicy indicates that the webhook must not be called more than once in a - // single admission evaluation. - NeverReinvocationPolicy ReinvocationPolicyType = "Never" - // IfNeededReinvocationPolicy indicates that the webhook may be called at least one - // additional time as part of the admission evaluation if the object being admitted is - // modified by other admission plugins after the initial webhook call. - IfNeededReinvocationPolicy ReinvocationPolicyType = "IfNeeded" -) - -// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make -// sure that all the tuple expansions are valid. -type RuleWithOperations struct { - // Operations is the operations the admission hook cares about - CREATE, UPDATE, or * - // for all operations. - // If '*' is present, the length of the slice must be one. - // Required. - Operations []OperationType - // Rule is embedded, it describes other criteria of the rule, like - // APIGroups, APIVersions, Resources, etc. - Rule -} - -// OperationType specifies what type of operation the admission hook cares about. -type OperationType string - -// The constants should be kept in sync with those defined in k8s.io/kubernetes/pkg/admission/interface.go. -const ( - OperationAll OperationType = "*" - Create OperationType = "CREATE" - Update OperationType = "UPDATE" - Delete OperationType = "DELETE" - Connect OperationType = "CONNECT" -) - -// WebhookClientConfig contains the information to make a TLS -// connection with the webhook -type WebhookClientConfig struct { - // `url` gives the location of the webhook, in standard URL form - // (`scheme://host:port/path`). Exactly one of `url` or `service` - // must be specified. - // - // The `host` should not refer to a service running in the cluster; use - // the `service` field instead. The host might be resolved via external - // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve - // in-cluster DNS as that would be a layering violation). `host` may - // also be an IP address. - // - // Please note that using `localhost` or `127.0.0.1` as a `host` is - // risky unless you take great care to run this webhook on all hosts - // which run an apiserver which might need to make calls to this - // webhook. Such installs are likely to be non-portable, i.e., not easy - // to turn up in a new cluster. - // - // The scheme must be "https"; the URL must begin with "https://". - // - // A path is optional, and if present may be any string permissible in - // a URL. You may use the path to pass an arbitrary string to the - // webhook, for example, a cluster identifier. - // - // Attempting to use a user or basic auth e.g. "user:password@" is not - // allowed. Fragments ("#...") and query parameters ("?...") are not - // allowed, either. - // - // +optional - URL *string - - // `service` is a reference to the service for this webhook. Either - // `service` or `url` must be specified. - // - // If the webhook is running within the cluster, then you should use `service`. - // - // +optional - Service *ServiceReference - - // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. - // If unspecified, system trust roots on the apiserver are used. - // +optional - CABundle []byte -} - -// ServiceReference holds a reference to Service.legacy.k8s.io -type ServiceReference struct { - // `namespace` is the namespace of the service. - // Required - Namespace string - // `name` is the name of the service. - // Required - Name string - - // `path` is an optional URL path which will be sent in any request to - // this service. - // +optional - Path *string - - // If specified, the port on the service that hosting webhook. - // `port` should be a valid port number (1-65535, inclusive). - // +optional - Port int32 -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/conversion.go deleted file mode 100644 index ca5f603229..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/conversion.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - v1 "k8s.io/api/admissionregistration/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - admissionregistration "k8s.io/kubernetes/pkg/apis/admissionregistration" -) - -// Convert_admissionregistration_Rule_To_v1_Rule is an autogenerated conversion function. -func Convert_admissionregistration_Rule_To_v1_Rule(in *admissionregistration.Rule, out *v1.Rule, s conversion.Scope) error { - return autoConvert_admissionregistration_Rule_To_v1_Rule(in, out, s) -} - -// Convert_v1_Rule_To_admissionregistration_Rule is an autogenerated conversion function. -func Convert_v1_Rule_To_admissionregistration_Rule(in *v1.Rule, out *admissionregistration.Rule, s conversion.Scope) error { - return autoConvert_v1_Rule_To_admissionregistration_Rule(in, out, s) -} - -// Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations is an autogenerated conversion function. -func Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(in *admissionregistration.RuleWithOperations, out *v1.RuleWithOperations, s conversion.Scope) error { - return autoConvert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(in, out, s) -} - -// Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations is an autogenerated conversion function. -func Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(in *v1.RuleWithOperations, out *admissionregistration.RuleWithOperations, s conversion.Scope) error { - return autoConvert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/defaults.go deleted file mode 100644 index 217bf224fe..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/defaults.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilpointer "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_ValidatingWebhook sets defaults for webhook validating -func SetDefaults_ValidatingWebhook(obj *admissionregistrationv1.ValidatingWebhook) { - if obj.FailurePolicy == nil { - policy := admissionregistrationv1.Fail - obj.FailurePolicy = &policy - } - if obj.MatchPolicy == nil { - policy := admissionregistrationv1.Equivalent - obj.MatchPolicy = &policy - } - if obj.NamespaceSelector == nil { - selector := metav1.LabelSelector{} - obj.NamespaceSelector = &selector - } - if obj.ObjectSelector == nil { - selector := metav1.LabelSelector{} - obj.ObjectSelector = &selector - } - if obj.TimeoutSeconds == nil { - obj.TimeoutSeconds = new(int32) - *obj.TimeoutSeconds = 10 - } -} - -// SetDefaults_MutatingWebhook sets defaults for webhook mutating -func SetDefaults_MutatingWebhook(obj *admissionregistrationv1.MutatingWebhook) { - if obj.FailurePolicy == nil { - policy := admissionregistrationv1.Fail - obj.FailurePolicy = &policy - } - if obj.MatchPolicy == nil { - policy := admissionregistrationv1.Equivalent - obj.MatchPolicy = &policy - } - if obj.NamespaceSelector == nil { - selector := metav1.LabelSelector{} - obj.NamespaceSelector = &selector - } - if obj.ObjectSelector == nil { - selector := metav1.LabelSelector{} - obj.ObjectSelector = &selector - } - if obj.TimeoutSeconds == nil { - obj.TimeoutSeconds = new(int32) - *obj.TimeoutSeconds = 10 - } - if obj.ReinvocationPolicy == nil { - never := admissionregistrationv1.NeverReinvocationPolicy - obj.ReinvocationPolicy = &never - } -} - -// SetDefaults_Rule sets defaults for webhook rule -func SetDefaults_Rule(obj *admissionregistrationv1.Rule) { - if obj.Scope == nil { - s := admissionregistrationv1.AllScopes - obj.Scope = &s - } -} - -// SetDefaults_ServiceReference sets defaults for Webhook's ServiceReference -func SetDefaults_ServiceReference(obj *admissionregistrationv1.ServiceReference) { - if obj.Port == nil { - obj.Port = utilpointer.Int32Ptr(443) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/doc.go deleted file mode 100644 index 86443170da..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/doc.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/admissionregistration -// +k8s:conversion-gen-external-types=k8s.io/api/admissionregistration/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/admissionregistration/v1 -// +groupName=admissionregistration.k8s.io - -// Package v1 is the v1 version of the API. -// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration -// ValidatingWebhookConfiguration, and MutatingWebhookConfiguration are for the -// new dynamic admission controller configuration. -package v1 // import "k8s.io/kubernetes/pkg/apis/admissionregistration/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/register.go deleted file mode 100644 index 32a76d7cb7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name used in this package -const GroupName = "admissionregistration.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &admissionregistrationv1.SchemeBuilder - // AddToScheme handler to add items to the schema - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/zz_generated.conversion.go deleted file mode 100644 index a206e20d84..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/zz_generated.conversion.go +++ /dev/null @@ -1,538 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - admissionregistration "k8s.io/kubernetes/pkg/apis/admissionregistration" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.MutatingWebhook)(nil), (*admissionregistration.MutatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_MutatingWebhook_To_admissionregistration_MutatingWebhook(a.(*v1.MutatingWebhook), b.(*admissionregistration.MutatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.MutatingWebhook)(nil), (*v1.MutatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_MutatingWebhook_To_v1_MutatingWebhook(a.(*admissionregistration.MutatingWebhook), b.(*v1.MutatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.MutatingWebhookConfiguration)(nil), (*admissionregistration.MutatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(a.(*v1.MutatingWebhookConfiguration), b.(*admissionregistration.MutatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.MutatingWebhookConfiguration)(nil), (*v1.MutatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_MutatingWebhookConfiguration_To_v1_MutatingWebhookConfiguration(a.(*admissionregistration.MutatingWebhookConfiguration), b.(*v1.MutatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.MutatingWebhookConfigurationList)(nil), (*admissionregistration.MutatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(a.(*v1.MutatingWebhookConfigurationList), b.(*admissionregistration.MutatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.MutatingWebhookConfigurationList)(nil), (*v1.MutatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_MutatingWebhookConfigurationList_To_v1_MutatingWebhookConfigurationList(a.(*admissionregistration.MutatingWebhookConfigurationList), b.(*v1.MutatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceReference)(nil), (*admissionregistration.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceReference_To_admissionregistration_ServiceReference(a.(*v1.ServiceReference), b.(*admissionregistration.ServiceReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ServiceReference)(nil), (*v1.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ServiceReference_To_v1_ServiceReference(a.(*admissionregistration.ServiceReference), b.(*v1.ServiceReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ValidatingWebhook)(nil), (*admissionregistration.ValidatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(a.(*v1.ValidatingWebhook), b.(*admissionregistration.ValidatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingWebhook)(nil), (*v1.ValidatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingWebhook_To_v1_ValidatingWebhook(a.(*admissionregistration.ValidatingWebhook), b.(*v1.ValidatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ValidatingWebhookConfiguration)(nil), (*admissionregistration.ValidatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(a.(*v1.ValidatingWebhookConfiguration), b.(*admissionregistration.ValidatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingWebhookConfiguration)(nil), (*v1.ValidatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1_ValidatingWebhookConfiguration(a.(*admissionregistration.ValidatingWebhookConfiguration), b.(*v1.ValidatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ValidatingWebhookConfigurationList)(nil), (*admissionregistration.ValidatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(a.(*v1.ValidatingWebhookConfigurationList), b.(*admissionregistration.ValidatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingWebhookConfigurationList)(nil), (*v1.ValidatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingWebhookConfigurationList_To_v1_ValidatingWebhookConfigurationList(a.(*admissionregistration.ValidatingWebhookConfigurationList), b.(*v1.ValidatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.WebhookClientConfig)(nil), (*admissionregistration.WebhookClientConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(a.(*v1.WebhookClientConfig), b.(*admissionregistration.WebhookClientConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.WebhookClientConfig)(nil), (*v1.WebhookClientConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_WebhookClientConfig_To_v1_WebhookClientConfig(a.(*admissionregistration.WebhookClientConfig), b.(*v1.WebhookClientConfig), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*admissionregistration.RuleWithOperations)(nil), (*v1.RuleWithOperations)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(a.(*admissionregistration.RuleWithOperations), b.(*v1.RuleWithOperations), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*admissionregistration.Rule)(nil), (*v1.Rule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_Rule_To_v1_Rule(a.(*admissionregistration.Rule), b.(*v1.Rule), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.RuleWithOperations)(nil), (*admissionregistration.RuleWithOperations)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(a.(*v1.RuleWithOperations), b.(*admissionregistration.RuleWithOperations), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.Rule)(nil), (*admissionregistration.Rule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Rule_To_admissionregistration_Rule(a.(*v1.Rule), b.(*admissionregistration.Rule), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_MutatingWebhook_To_admissionregistration_MutatingWebhook(in *v1.MutatingWebhook, out *admissionregistration.MutatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]admissionregistration.RuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*admissionregistration.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*admissionregistration.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*admissionregistration.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - out.ReinvocationPolicy = (*admissionregistration.ReinvocationPolicyType)(unsafe.Pointer(in.ReinvocationPolicy)) - return nil -} - -// Convert_v1_MutatingWebhook_To_admissionregistration_MutatingWebhook is an autogenerated conversion function. -func Convert_v1_MutatingWebhook_To_admissionregistration_MutatingWebhook(in *v1.MutatingWebhook, out *admissionregistration.MutatingWebhook, s conversion.Scope) error { - return autoConvert_v1_MutatingWebhook_To_admissionregistration_MutatingWebhook(in, out, s) -} - -func autoConvert_admissionregistration_MutatingWebhook_To_v1_MutatingWebhook(in *admissionregistration.MutatingWebhook, out *v1.MutatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_admissionregistration_WebhookClientConfig_To_v1_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]v1.RuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*v1.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*v1.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*v1.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - out.ReinvocationPolicy = (*v1.ReinvocationPolicyType)(unsafe.Pointer(in.ReinvocationPolicy)) - return nil -} - -// Convert_admissionregistration_MutatingWebhook_To_v1_MutatingWebhook is an autogenerated conversion function. -func Convert_admissionregistration_MutatingWebhook_To_v1_MutatingWebhook(in *admissionregistration.MutatingWebhook, out *v1.MutatingWebhook, s conversion.Scope) error { - return autoConvert_admissionregistration_MutatingWebhook_To_v1_MutatingWebhook(in, out, s) -} - -func autoConvert_v1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(in *v1.MutatingWebhookConfiguration, out *admissionregistration.MutatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]admissionregistration.MutatingWebhook, len(*in)) - for i := range *in { - if err := Convert_v1_MutatingWebhook_To_admissionregistration_MutatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_v1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration is an autogenerated conversion function. -func Convert_v1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(in *v1.MutatingWebhookConfiguration, out *admissionregistration.MutatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_v1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(in, out, s) -} - -func autoConvert_admissionregistration_MutatingWebhookConfiguration_To_v1_MutatingWebhookConfiguration(in *admissionregistration.MutatingWebhookConfiguration, out *v1.MutatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]v1.MutatingWebhook, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_MutatingWebhook_To_v1_MutatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_admissionregistration_MutatingWebhookConfiguration_To_v1_MutatingWebhookConfiguration is an autogenerated conversion function. -func Convert_admissionregistration_MutatingWebhookConfiguration_To_v1_MutatingWebhookConfiguration(in *admissionregistration.MutatingWebhookConfiguration, out *v1.MutatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_admissionregistration_MutatingWebhookConfiguration_To_v1_MutatingWebhookConfiguration(in, out, s) -} - -func autoConvert_v1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(in *v1.MutatingWebhookConfigurationList, out *admissionregistration.MutatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]admissionregistration.MutatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_v1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_v1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(in *v1.MutatingWebhookConfigurationList, out *admissionregistration.MutatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_v1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_admissionregistration_MutatingWebhookConfigurationList_To_v1_MutatingWebhookConfigurationList(in *admissionregistration.MutatingWebhookConfigurationList, out *v1.MutatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.MutatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_MutatingWebhookConfiguration_To_v1_MutatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_admissionregistration_MutatingWebhookConfigurationList_To_v1_MutatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_admissionregistration_MutatingWebhookConfigurationList_To_v1_MutatingWebhookConfigurationList(in *admissionregistration.MutatingWebhookConfigurationList, out *v1.MutatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_admissionregistration_MutatingWebhookConfigurationList_To_v1_MutatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_v1_Rule_To_admissionregistration_Rule(in *v1.Rule, out *admissionregistration.Rule, s conversion.Scope) error { - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.APIVersions = *(*[]string)(unsafe.Pointer(&in.APIVersions)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.Scope = (*admissionregistration.ScopeType)(unsafe.Pointer(in.Scope)) - return nil -} - -func autoConvert_admissionregistration_Rule_To_v1_Rule(in *admissionregistration.Rule, out *v1.Rule, s conversion.Scope) error { - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.APIVersions = *(*[]string)(unsafe.Pointer(&in.APIVersions)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.Scope = (*v1.ScopeType)(unsafe.Pointer(in.Scope)) - return nil -} - -func autoConvert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(in *v1.RuleWithOperations, out *admissionregistration.RuleWithOperations, s conversion.Scope) error { - out.Operations = *(*[]admissionregistration.OperationType)(unsafe.Pointer(&in.Operations)) - if err := Convert_v1_Rule_To_admissionregistration_Rule(&in.Rule, &out.Rule, s); err != nil { - return err - } - return nil -} - -func autoConvert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(in *admissionregistration.RuleWithOperations, out *v1.RuleWithOperations, s conversion.Scope) error { - out.Operations = *(*[]v1.OperationType)(unsafe.Pointer(&in.Operations)) - if err := Convert_admissionregistration_Rule_To_v1_Rule(&in.Rule, &out.Rule, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1_ServiceReference_To_admissionregistration_ServiceReference(in *v1.ServiceReference, out *admissionregistration.ServiceReference, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - out.Path = (*string)(unsafe.Pointer(in.Path)) - if err := metav1.Convert_Pointer_int32_To_int32(&in.Port, &out.Port, s); err != nil { - return err - } - return nil -} - -// Convert_v1_ServiceReference_To_admissionregistration_ServiceReference is an autogenerated conversion function. -func Convert_v1_ServiceReference_To_admissionregistration_ServiceReference(in *v1.ServiceReference, out *admissionregistration.ServiceReference, s conversion.Scope) error { - return autoConvert_v1_ServiceReference_To_admissionregistration_ServiceReference(in, out, s) -} - -func autoConvert_admissionregistration_ServiceReference_To_v1_ServiceReference(in *admissionregistration.ServiceReference, out *v1.ServiceReference, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - out.Path = (*string)(unsafe.Pointer(in.Path)) - if err := metav1.Convert_int32_To_Pointer_int32(&in.Port, &out.Port, s); err != nil { - return err - } - return nil -} - -// Convert_admissionregistration_ServiceReference_To_v1_ServiceReference is an autogenerated conversion function. -func Convert_admissionregistration_ServiceReference_To_v1_ServiceReference(in *admissionregistration.ServiceReference, out *v1.ServiceReference, s conversion.Scope) error { - return autoConvert_admissionregistration_ServiceReference_To_v1_ServiceReference(in, out, s) -} - -func autoConvert_v1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(in *v1.ValidatingWebhook, out *admissionregistration.ValidatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]admissionregistration.RuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*admissionregistration.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*admissionregistration.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*admissionregistration.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - return nil -} - -// Convert_v1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook is an autogenerated conversion function. -func Convert_v1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(in *v1.ValidatingWebhook, out *admissionregistration.ValidatingWebhook, s conversion.Scope) error { - return autoConvert_v1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingWebhook_To_v1_ValidatingWebhook(in *admissionregistration.ValidatingWebhook, out *v1.ValidatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_admissionregistration_WebhookClientConfig_To_v1_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]v1.RuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*v1.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*v1.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*v1.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - return nil -} - -// Convert_admissionregistration_ValidatingWebhook_To_v1_ValidatingWebhook is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingWebhook_To_v1_ValidatingWebhook(in *admissionregistration.ValidatingWebhook, out *v1.ValidatingWebhook, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingWebhook_To_v1_ValidatingWebhook(in, out, s) -} - -func autoConvert_v1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(in *v1.ValidatingWebhookConfiguration, out *admissionregistration.ValidatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]admissionregistration.ValidatingWebhook, len(*in)) - for i := range *in { - if err := Convert_v1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_v1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration is an autogenerated conversion function. -func Convert_v1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(in *v1.ValidatingWebhookConfiguration, out *admissionregistration.ValidatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_v1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingWebhookConfiguration_To_v1_ValidatingWebhookConfiguration(in *admissionregistration.ValidatingWebhookConfiguration, out *v1.ValidatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]v1.ValidatingWebhook, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_ValidatingWebhook_To_v1_ValidatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1_ValidatingWebhookConfiguration is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1_ValidatingWebhookConfiguration(in *admissionregistration.ValidatingWebhookConfiguration, out *v1.ValidatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingWebhookConfiguration_To_v1_ValidatingWebhookConfiguration(in, out, s) -} - -func autoConvert_v1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(in *v1.ValidatingWebhookConfigurationList, out *admissionregistration.ValidatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]admissionregistration.ValidatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_v1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_v1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(in *v1.ValidatingWebhookConfigurationList, out *admissionregistration.ValidatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_v1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingWebhookConfigurationList_To_v1_ValidatingWebhookConfigurationList(in *admissionregistration.ValidatingWebhookConfigurationList, out *v1.ValidatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.ValidatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1_ValidatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_admissionregistration_ValidatingWebhookConfigurationList_To_v1_ValidatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingWebhookConfigurationList_To_v1_ValidatingWebhookConfigurationList(in *admissionregistration.ValidatingWebhookConfigurationList, out *v1.ValidatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingWebhookConfigurationList_To_v1_ValidatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_v1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(in *v1.WebhookClientConfig, out *admissionregistration.WebhookClientConfig, s conversion.Scope) error { - out.URL = (*string)(unsafe.Pointer(in.URL)) - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = new(admissionregistration.ServiceReference) - if err := Convert_v1_ServiceReference_To_admissionregistration_ServiceReference(*in, *out, s); err != nil { - return err - } - } else { - out.Service = nil - } - out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle)) - return nil -} - -// Convert_v1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig is an autogenerated conversion function. -func Convert_v1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(in *v1.WebhookClientConfig, out *admissionregistration.WebhookClientConfig, s conversion.Scope) error { - return autoConvert_v1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(in, out, s) -} - -func autoConvert_admissionregistration_WebhookClientConfig_To_v1_WebhookClientConfig(in *admissionregistration.WebhookClientConfig, out *v1.WebhookClientConfig, s conversion.Scope) error { - out.URL = (*string)(unsafe.Pointer(in.URL)) - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = new(v1.ServiceReference) - if err := Convert_admissionregistration_ServiceReference_To_v1_ServiceReference(*in, *out, s); err != nil { - return err - } - } else { - out.Service = nil - } - out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle)) - return nil -} - -// Convert_admissionregistration_WebhookClientConfig_To_v1_WebhookClientConfig is an autogenerated conversion function. -func Convert_admissionregistration_WebhookClientConfig_To_v1_WebhookClientConfig(in *admissionregistration.WebhookClientConfig, out *v1.WebhookClientConfig, s conversion.Scope) error { - return autoConvert_admissionregistration_WebhookClientConfig_To_v1_WebhookClientConfig(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/zz_generated.defaults.go deleted file mode 100644 index c67444952a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1/zz_generated.defaults.go +++ /dev/null @@ -1,88 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/admissionregistration/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.MutatingWebhookConfiguration{}, func(obj interface{}) { - SetObjectDefaults_MutatingWebhookConfiguration(obj.(*v1.MutatingWebhookConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1.MutatingWebhookConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_MutatingWebhookConfigurationList(obj.(*v1.MutatingWebhookConfigurationList)) - }) - scheme.AddTypeDefaultingFunc(&v1.ValidatingWebhookConfiguration{}, func(obj interface{}) { - SetObjectDefaults_ValidatingWebhookConfiguration(obj.(*v1.ValidatingWebhookConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1.ValidatingWebhookConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_ValidatingWebhookConfigurationList(obj.(*v1.ValidatingWebhookConfigurationList)) - }) - return nil -} - -func SetObjectDefaults_MutatingWebhookConfiguration(in *v1.MutatingWebhookConfiguration) { - for i := range in.Webhooks { - a := &in.Webhooks[i] - SetDefaults_MutatingWebhook(a) - if a.ClientConfig.Service != nil { - SetDefaults_ServiceReference(a.ClientConfig.Service) - } - for j := range a.Rules { - b := &a.Rules[j] - SetDefaults_Rule(&b.Rule) - } - } -} - -func SetObjectDefaults_MutatingWebhookConfigurationList(in *v1.MutatingWebhookConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_MutatingWebhookConfiguration(a) - } -} - -func SetObjectDefaults_ValidatingWebhookConfiguration(in *v1.ValidatingWebhookConfiguration) { - for i := range in.Webhooks { - a := &in.Webhooks[i] - SetDefaults_ValidatingWebhook(a) - if a.ClientConfig.Service != nil { - SetDefaults_ServiceReference(a.ClientConfig.Service) - } - for j := range a.Rules { - b := &a.Rules[j] - SetDefaults_Rule(&b.Rule) - } - } -} - -func SetObjectDefaults_ValidatingWebhookConfigurationList(in *v1.ValidatingWebhookConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ValidatingWebhookConfiguration(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/defaults.go deleted file mode 100644 index 85d12b128f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/defaults.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_ValidatingAdmissionPolicySpec sets defaults for ValidatingAdmissionPolicySpec -func SetDefaults_ValidatingAdmissionPolicySpec(obj *admissionregistrationv1alpha1.ValidatingAdmissionPolicySpec) { - if obj.FailurePolicy == nil { - policy := admissionregistrationv1alpha1.Fail - obj.FailurePolicy = &policy - } -} - -// SetDefaults_MatchResources sets defaults for MatchResources -func SetDefaults_MatchResources(obj *admissionregistrationv1alpha1.MatchResources) { - if obj.MatchPolicy == nil { - policy := admissionregistrationv1alpha1.Equivalent - obj.MatchPolicy = &policy - } - if obj.NamespaceSelector == nil { - selector := metav1.LabelSelector{} - obj.NamespaceSelector = &selector - } - if obj.ObjectSelector == nil { - selector := metav1.LabelSelector{} - obj.ObjectSelector = &selector - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/doc.go deleted file mode 100644 index 2fec4005ee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/admissionregistration -// +k8s:conversion-gen-external-types=k8s.io/api/admissionregistration/v1alpha1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/admissionregistration/v1alpha1 -// +groupName=admissionregistration.k8s.io - -// Package v1alpha1 is the v1alpha1 version of the API. -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/register.go deleted file mode 100644 index c44ff41fe1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name used in this package -const GroupName = "admissionregistration.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &admissionregistrationv1alpha1.SchemeBuilder - // AddToScheme handler to add items to the schema - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 96e090c245..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,533 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - admissionregistration "k8s.io/kubernetes/pkg/apis/admissionregistration" - admissionregistrationv1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.MatchResources)(nil), (*admissionregistration.MatchResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_MatchResources_To_admissionregistration_MatchResources(a.(*v1alpha1.MatchResources), b.(*admissionregistration.MatchResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.MatchResources)(nil), (*v1alpha1.MatchResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_MatchResources_To_v1alpha1_MatchResources(a.(*admissionregistration.MatchResources), b.(*v1alpha1.MatchResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.NamedRuleWithOperations)(nil), (*admissionregistration.NamedRuleWithOperations)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_NamedRuleWithOperations_To_admissionregistration_NamedRuleWithOperations(a.(*v1alpha1.NamedRuleWithOperations), b.(*admissionregistration.NamedRuleWithOperations), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.NamedRuleWithOperations)(nil), (*v1alpha1.NamedRuleWithOperations)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_NamedRuleWithOperations_To_v1alpha1_NamedRuleWithOperations(a.(*admissionregistration.NamedRuleWithOperations), b.(*v1alpha1.NamedRuleWithOperations), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ParamKind)(nil), (*admissionregistration.ParamKind)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ParamKind_To_admissionregistration_ParamKind(a.(*v1alpha1.ParamKind), b.(*admissionregistration.ParamKind), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ParamKind)(nil), (*v1alpha1.ParamKind)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ParamKind_To_v1alpha1_ParamKind(a.(*admissionregistration.ParamKind), b.(*v1alpha1.ParamKind), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ParamRef)(nil), (*admissionregistration.ParamRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ParamRef_To_admissionregistration_ParamRef(a.(*v1alpha1.ParamRef), b.(*admissionregistration.ParamRef), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ParamRef)(nil), (*v1alpha1.ParamRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ParamRef_To_v1alpha1_ParamRef(a.(*admissionregistration.ParamRef), b.(*v1alpha1.ParamRef), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ValidatingAdmissionPolicy)(nil), (*admissionregistration.ValidatingAdmissionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ValidatingAdmissionPolicy_To_admissionregistration_ValidatingAdmissionPolicy(a.(*v1alpha1.ValidatingAdmissionPolicy), b.(*admissionregistration.ValidatingAdmissionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingAdmissionPolicy)(nil), (*v1alpha1.ValidatingAdmissionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingAdmissionPolicy_To_v1alpha1_ValidatingAdmissionPolicy(a.(*admissionregistration.ValidatingAdmissionPolicy), b.(*v1alpha1.ValidatingAdmissionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ValidatingAdmissionPolicyBinding)(nil), (*admissionregistration.ValidatingAdmissionPolicyBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ValidatingAdmissionPolicyBinding_To_admissionregistration_ValidatingAdmissionPolicyBinding(a.(*v1alpha1.ValidatingAdmissionPolicyBinding), b.(*admissionregistration.ValidatingAdmissionPolicyBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingAdmissionPolicyBinding)(nil), (*v1alpha1.ValidatingAdmissionPolicyBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingAdmissionPolicyBinding_To_v1alpha1_ValidatingAdmissionPolicyBinding(a.(*admissionregistration.ValidatingAdmissionPolicyBinding), b.(*v1alpha1.ValidatingAdmissionPolicyBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ValidatingAdmissionPolicyBindingList)(nil), (*admissionregistration.ValidatingAdmissionPolicyBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ValidatingAdmissionPolicyBindingList_To_admissionregistration_ValidatingAdmissionPolicyBindingList(a.(*v1alpha1.ValidatingAdmissionPolicyBindingList), b.(*admissionregistration.ValidatingAdmissionPolicyBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingAdmissionPolicyBindingList)(nil), (*v1alpha1.ValidatingAdmissionPolicyBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingAdmissionPolicyBindingList_To_v1alpha1_ValidatingAdmissionPolicyBindingList(a.(*admissionregistration.ValidatingAdmissionPolicyBindingList), b.(*v1alpha1.ValidatingAdmissionPolicyBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ValidatingAdmissionPolicyBindingSpec)(nil), (*admissionregistration.ValidatingAdmissionPolicyBindingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ValidatingAdmissionPolicyBindingSpec_To_admissionregistration_ValidatingAdmissionPolicyBindingSpec(a.(*v1alpha1.ValidatingAdmissionPolicyBindingSpec), b.(*admissionregistration.ValidatingAdmissionPolicyBindingSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingAdmissionPolicyBindingSpec)(nil), (*v1alpha1.ValidatingAdmissionPolicyBindingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingAdmissionPolicyBindingSpec_To_v1alpha1_ValidatingAdmissionPolicyBindingSpec(a.(*admissionregistration.ValidatingAdmissionPolicyBindingSpec), b.(*v1alpha1.ValidatingAdmissionPolicyBindingSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ValidatingAdmissionPolicyList)(nil), (*admissionregistration.ValidatingAdmissionPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ValidatingAdmissionPolicyList_To_admissionregistration_ValidatingAdmissionPolicyList(a.(*v1alpha1.ValidatingAdmissionPolicyList), b.(*admissionregistration.ValidatingAdmissionPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingAdmissionPolicyList)(nil), (*v1alpha1.ValidatingAdmissionPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingAdmissionPolicyList_To_v1alpha1_ValidatingAdmissionPolicyList(a.(*admissionregistration.ValidatingAdmissionPolicyList), b.(*v1alpha1.ValidatingAdmissionPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ValidatingAdmissionPolicySpec)(nil), (*admissionregistration.ValidatingAdmissionPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ValidatingAdmissionPolicySpec_To_admissionregistration_ValidatingAdmissionPolicySpec(a.(*v1alpha1.ValidatingAdmissionPolicySpec), b.(*admissionregistration.ValidatingAdmissionPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingAdmissionPolicySpec)(nil), (*v1alpha1.ValidatingAdmissionPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingAdmissionPolicySpec_To_v1alpha1_ValidatingAdmissionPolicySpec(a.(*admissionregistration.ValidatingAdmissionPolicySpec), b.(*v1alpha1.ValidatingAdmissionPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.Validation)(nil), (*admissionregistration.Validation)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Validation_To_admissionregistration_Validation(a.(*v1alpha1.Validation), b.(*admissionregistration.Validation), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.Validation)(nil), (*v1alpha1.Validation)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_Validation_To_v1alpha1_Validation(a.(*admissionregistration.Validation), b.(*v1alpha1.Validation), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_MatchResources_To_admissionregistration_MatchResources(in *v1alpha1.MatchResources, out *admissionregistration.MatchResources, s conversion.Scope) error { - out.NamespaceSelector = (*v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*v1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - if in.ResourceRules != nil { - in, out := &in.ResourceRules, &out.ResourceRules - *out = make([]admissionregistration.NamedRuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_NamedRuleWithOperations_To_admissionregistration_NamedRuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.ResourceRules = nil - } - if in.ExcludeResourceRules != nil { - in, out := &in.ExcludeResourceRules, &out.ExcludeResourceRules - *out = make([]admissionregistration.NamedRuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_NamedRuleWithOperations_To_admissionregistration_NamedRuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.ExcludeResourceRules = nil - } - out.MatchPolicy = (*admissionregistration.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - return nil -} - -// Convert_v1alpha1_MatchResources_To_admissionregistration_MatchResources is an autogenerated conversion function. -func Convert_v1alpha1_MatchResources_To_admissionregistration_MatchResources(in *v1alpha1.MatchResources, out *admissionregistration.MatchResources, s conversion.Scope) error { - return autoConvert_v1alpha1_MatchResources_To_admissionregistration_MatchResources(in, out, s) -} - -func autoConvert_admissionregistration_MatchResources_To_v1alpha1_MatchResources(in *admissionregistration.MatchResources, out *v1alpha1.MatchResources, s conversion.Scope) error { - out.NamespaceSelector = (*v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*v1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - if in.ResourceRules != nil { - in, out := &in.ResourceRules, &out.ResourceRules - *out = make([]v1alpha1.NamedRuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_NamedRuleWithOperations_To_v1alpha1_NamedRuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.ResourceRules = nil - } - if in.ExcludeResourceRules != nil { - in, out := &in.ExcludeResourceRules, &out.ExcludeResourceRules - *out = make([]v1alpha1.NamedRuleWithOperations, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_NamedRuleWithOperations_To_v1alpha1_NamedRuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.ExcludeResourceRules = nil - } - out.MatchPolicy = (*v1alpha1.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - return nil -} - -// Convert_admissionregistration_MatchResources_To_v1alpha1_MatchResources is an autogenerated conversion function. -func Convert_admissionregistration_MatchResources_To_v1alpha1_MatchResources(in *admissionregistration.MatchResources, out *v1alpha1.MatchResources, s conversion.Scope) error { - return autoConvert_admissionregistration_MatchResources_To_v1alpha1_MatchResources(in, out, s) -} - -func autoConvert_v1alpha1_NamedRuleWithOperations_To_admissionregistration_NamedRuleWithOperations(in *v1alpha1.NamedRuleWithOperations, out *admissionregistration.NamedRuleWithOperations, s conversion.Scope) error { - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - if err := admissionregistrationv1.Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(&in.RuleWithOperations, &out.RuleWithOperations, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_NamedRuleWithOperations_To_admissionregistration_NamedRuleWithOperations is an autogenerated conversion function. -func Convert_v1alpha1_NamedRuleWithOperations_To_admissionregistration_NamedRuleWithOperations(in *v1alpha1.NamedRuleWithOperations, out *admissionregistration.NamedRuleWithOperations, s conversion.Scope) error { - return autoConvert_v1alpha1_NamedRuleWithOperations_To_admissionregistration_NamedRuleWithOperations(in, out, s) -} - -func autoConvert_admissionregistration_NamedRuleWithOperations_To_v1alpha1_NamedRuleWithOperations(in *admissionregistration.NamedRuleWithOperations, out *v1alpha1.NamedRuleWithOperations, s conversion.Scope) error { - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - if err := admissionregistrationv1.Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(&in.RuleWithOperations, &out.RuleWithOperations, s); err != nil { - return err - } - return nil -} - -// Convert_admissionregistration_NamedRuleWithOperations_To_v1alpha1_NamedRuleWithOperations is an autogenerated conversion function. -func Convert_admissionregistration_NamedRuleWithOperations_To_v1alpha1_NamedRuleWithOperations(in *admissionregistration.NamedRuleWithOperations, out *v1alpha1.NamedRuleWithOperations, s conversion.Scope) error { - return autoConvert_admissionregistration_NamedRuleWithOperations_To_v1alpha1_NamedRuleWithOperations(in, out, s) -} - -func autoConvert_v1alpha1_ParamKind_To_admissionregistration_ParamKind(in *v1alpha1.ParamKind, out *admissionregistration.ParamKind, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.Kind = in.Kind - return nil -} - -// Convert_v1alpha1_ParamKind_To_admissionregistration_ParamKind is an autogenerated conversion function. -func Convert_v1alpha1_ParamKind_To_admissionregistration_ParamKind(in *v1alpha1.ParamKind, out *admissionregistration.ParamKind, s conversion.Scope) error { - return autoConvert_v1alpha1_ParamKind_To_admissionregistration_ParamKind(in, out, s) -} - -func autoConvert_admissionregistration_ParamKind_To_v1alpha1_ParamKind(in *admissionregistration.ParamKind, out *v1alpha1.ParamKind, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.Kind = in.Kind - return nil -} - -// Convert_admissionregistration_ParamKind_To_v1alpha1_ParamKind is an autogenerated conversion function. -func Convert_admissionregistration_ParamKind_To_v1alpha1_ParamKind(in *admissionregistration.ParamKind, out *v1alpha1.ParamKind, s conversion.Scope) error { - return autoConvert_admissionregistration_ParamKind_To_v1alpha1_ParamKind(in, out, s) -} - -func autoConvert_v1alpha1_ParamRef_To_admissionregistration_ParamRef(in *v1alpha1.ParamRef, out *admissionregistration.ParamRef, s conversion.Scope) error { - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_v1alpha1_ParamRef_To_admissionregistration_ParamRef is an autogenerated conversion function. -func Convert_v1alpha1_ParamRef_To_admissionregistration_ParamRef(in *v1alpha1.ParamRef, out *admissionregistration.ParamRef, s conversion.Scope) error { - return autoConvert_v1alpha1_ParamRef_To_admissionregistration_ParamRef(in, out, s) -} - -func autoConvert_admissionregistration_ParamRef_To_v1alpha1_ParamRef(in *admissionregistration.ParamRef, out *v1alpha1.ParamRef, s conversion.Scope) error { - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_admissionregistration_ParamRef_To_v1alpha1_ParamRef is an autogenerated conversion function. -func Convert_admissionregistration_ParamRef_To_v1alpha1_ParamRef(in *admissionregistration.ParamRef, out *v1alpha1.ParamRef, s conversion.Scope) error { - return autoConvert_admissionregistration_ParamRef_To_v1alpha1_ParamRef(in, out, s) -} - -func autoConvert_v1alpha1_ValidatingAdmissionPolicy_To_admissionregistration_ValidatingAdmissionPolicy(in *v1alpha1.ValidatingAdmissionPolicy, out *admissionregistration.ValidatingAdmissionPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_ValidatingAdmissionPolicySpec_To_admissionregistration_ValidatingAdmissionPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ValidatingAdmissionPolicy_To_admissionregistration_ValidatingAdmissionPolicy is an autogenerated conversion function. -func Convert_v1alpha1_ValidatingAdmissionPolicy_To_admissionregistration_ValidatingAdmissionPolicy(in *v1alpha1.ValidatingAdmissionPolicy, out *admissionregistration.ValidatingAdmissionPolicy, s conversion.Scope) error { - return autoConvert_v1alpha1_ValidatingAdmissionPolicy_To_admissionregistration_ValidatingAdmissionPolicy(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingAdmissionPolicy_To_v1alpha1_ValidatingAdmissionPolicy(in *admissionregistration.ValidatingAdmissionPolicy, out *v1alpha1.ValidatingAdmissionPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_admissionregistration_ValidatingAdmissionPolicySpec_To_v1alpha1_ValidatingAdmissionPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_admissionregistration_ValidatingAdmissionPolicy_To_v1alpha1_ValidatingAdmissionPolicy is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingAdmissionPolicy_To_v1alpha1_ValidatingAdmissionPolicy(in *admissionregistration.ValidatingAdmissionPolicy, out *v1alpha1.ValidatingAdmissionPolicy, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingAdmissionPolicy_To_v1alpha1_ValidatingAdmissionPolicy(in, out, s) -} - -func autoConvert_v1alpha1_ValidatingAdmissionPolicyBinding_To_admissionregistration_ValidatingAdmissionPolicyBinding(in *v1alpha1.ValidatingAdmissionPolicyBinding, out *admissionregistration.ValidatingAdmissionPolicyBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_ValidatingAdmissionPolicyBindingSpec_To_admissionregistration_ValidatingAdmissionPolicyBindingSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ValidatingAdmissionPolicyBinding_To_admissionregistration_ValidatingAdmissionPolicyBinding is an autogenerated conversion function. -func Convert_v1alpha1_ValidatingAdmissionPolicyBinding_To_admissionregistration_ValidatingAdmissionPolicyBinding(in *v1alpha1.ValidatingAdmissionPolicyBinding, out *admissionregistration.ValidatingAdmissionPolicyBinding, s conversion.Scope) error { - return autoConvert_v1alpha1_ValidatingAdmissionPolicyBinding_To_admissionregistration_ValidatingAdmissionPolicyBinding(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingAdmissionPolicyBinding_To_v1alpha1_ValidatingAdmissionPolicyBinding(in *admissionregistration.ValidatingAdmissionPolicyBinding, out *v1alpha1.ValidatingAdmissionPolicyBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_admissionregistration_ValidatingAdmissionPolicyBindingSpec_To_v1alpha1_ValidatingAdmissionPolicyBindingSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_admissionregistration_ValidatingAdmissionPolicyBinding_To_v1alpha1_ValidatingAdmissionPolicyBinding is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingAdmissionPolicyBinding_To_v1alpha1_ValidatingAdmissionPolicyBinding(in *admissionregistration.ValidatingAdmissionPolicyBinding, out *v1alpha1.ValidatingAdmissionPolicyBinding, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingAdmissionPolicyBinding_To_v1alpha1_ValidatingAdmissionPolicyBinding(in, out, s) -} - -func autoConvert_v1alpha1_ValidatingAdmissionPolicyBindingList_To_admissionregistration_ValidatingAdmissionPolicyBindingList(in *v1alpha1.ValidatingAdmissionPolicyBindingList, out *admissionregistration.ValidatingAdmissionPolicyBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]admissionregistration.ValidatingAdmissionPolicyBinding, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_ValidatingAdmissionPolicyBinding_To_admissionregistration_ValidatingAdmissionPolicyBinding(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1alpha1_ValidatingAdmissionPolicyBindingList_To_admissionregistration_ValidatingAdmissionPolicyBindingList is an autogenerated conversion function. -func Convert_v1alpha1_ValidatingAdmissionPolicyBindingList_To_admissionregistration_ValidatingAdmissionPolicyBindingList(in *v1alpha1.ValidatingAdmissionPolicyBindingList, out *admissionregistration.ValidatingAdmissionPolicyBindingList, s conversion.Scope) error { - return autoConvert_v1alpha1_ValidatingAdmissionPolicyBindingList_To_admissionregistration_ValidatingAdmissionPolicyBindingList(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingAdmissionPolicyBindingList_To_v1alpha1_ValidatingAdmissionPolicyBindingList(in *admissionregistration.ValidatingAdmissionPolicyBindingList, out *v1alpha1.ValidatingAdmissionPolicyBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1alpha1.ValidatingAdmissionPolicyBinding, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_ValidatingAdmissionPolicyBinding_To_v1alpha1_ValidatingAdmissionPolicyBinding(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_admissionregistration_ValidatingAdmissionPolicyBindingList_To_v1alpha1_ValidatingAdmissionPolicyBindingList is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingAdmissionPolicyBindingList_To_v1alpha1_ValidatingAdmissionPolicyBindingList(in *admissionregistration.ValidatingAdmissionPolicyBindingList, out *v1alpha1.ValidatingAdmissionPolicyBindingList, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingAdmissionPolicyBindingList_To_v1alpha1_ValidatingAdmissionPolicyBindingList(in, out, s) -} - -func autoConvert_v1alpha1_ValidatingAdmissionPolicyBindingSpec_To_admissionregistration_ValidatingAdmissionPolicyBindingSpec(in *v1alpha1.ValidatingAdmissionPolicyBindingSpec, out *admissionregistration.ValidatingAdmissionPolicyBindingSpec, s conversion.Scope) error { - out.PolicyName = in.PolicyName - out.ParamRef = (*admissionregistration.ParamRef)(unsafe.Pointer(in.ParamRef)) - if in.MatchResources != nil { - in, out := &in.MatchResources, &out.MatchResources - *out = new(admissionregistration.MatchResources) - if err := Convert_v1alpha1_MatchResources_To_admissionregistration_MatchResources(*in, *out, s); err != nil { - return err - } - } else { - out.MatchResources = nil - } - return nil -} - -// Convert_v1alpha1_ValidatingAdmissionPolicyBindingSpec_To_admissionregistration_ValidatingAdmissionPolicyBindingSpec is an autogenerated conversion function. -func Convert_v1alpha1_ValidatingAdmissionPolicyBindingSpec_To_admissionregistration_ValidatingAdmissionPolicyBindingSpec(in *v1alpha1.ValidatingAdmissionPolicyBindingSpec, out *admissionregistration.ValidatingAdmissionPolicyBindingSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ValidatingAdmissionPolicyBindingSpec_To_admissionregistration_ValidatingAdmissionPolicyBindingSpec(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingAdmissionPolicyBindingSpec_To_v1alpha1_ValidatingAdmissionPolicyBindingSpec(in *admissionregistration.ValidatingAdmissionPolicyBindingSpec, out *v1alpha1.ValidatingAdmissionPolicyBindingSpec, s conversion.Scope) error { - out.PolicyName = in.PolicyName - out.ParamRef = (*v1alpha1.ParamRef)(unsafe.Pointer(in.ParamRef)) - if in.MatchResources != nil { - in, out := &in.MatchResources, &out.MatchResources - *out = new(v1alpha1.MatchResources) - if err := Convert_admissionregistration_MatchResources_To_v1alpha1_MatchResources(*in, *out, s); err != nil { - return err - } - } else { - out.MatchResources = nil - } - return nil -} - -// Convert_admissionregistration_ValidatingAdmissionPolicyBindingSpec_To_v1alpha1_ValidatingAdmissionPolicyBindingSpec is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingAdmissionPolicyBindingSpec_To_v1alpha1_ValidatingAdmissionPolicyBindingSpec(in *admissionregistration.ValidatingAdmissionPolicyBindingSpec, out *v1alpha1.ValidatingAdmissionPolicyBindingSpec, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingAdmissionPolicyBindingSpec_To_v1alpha1_ValidatingAdmissionPolicyBindingSpec(in, out, s) -} - -func autoConvert_v1alpha1_ValidatingAdmissionPolicyList_To_admissionregistration_ValidatingAdmissionPolicyList(in *v1alpha1.ValidatingAdmissionPolicyList, out *admissionregistration.ValidatingAdmissionPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]admissionregistration.ValidatingAdmissionPolicy, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_ValidatingAdmissionPolicy_To_admissionregistration_ValidatingAdmissionPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1alpha1_ValidatingAdmissionPolicyList_To_admissionregistration_ValidatingAdmissionPolicyList is an autogenerated conversion function. -func Convert_v1alpha1_ValidatingAdmissionPolicyList_To_admissionregistration_ValidatingAdmissionPolicyList(in *v1alpha1.ValidatingAdmissionPolicyList, out *admissionregistration.ValidatingAdmissionPolicyList, s conversion.Scope) error { - return autoConvert_v1alpha1_ValidatingAdmissionPolicyList_To_admissionregistration_ValidatingAdmissionPolicyList(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingAdmissionPolicyList_To_v1alpha1_ValidatingAdmissionPolicyList(in *admissionregistration.ValidatingAdmissionPolicyList, out *v1alpha1.ValidatingAdmissionPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1alpha1.ValidatingAdmissionPolicy, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_ValidatingAdmissionPolicy_To_v1alpha1_ValidatingAdmissionPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_admissionregistration_ValidatingAdmissionPolicyList_To_v1alpha1_ValidatingAdmissionPolicyList is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingAdmissionPolicyList_To_v1alpha1_ValidatingAdmissionPolicyList(in *admissionregistration.ValidatingAdmissionPolicyList, out *v1alpha1.ValidatingAdmissionPolicyList, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingAdmissionPolicyList_To_v1alpha1_ValidatingAdmissionPolicyList(in, out, s) -} - -func autoConvert_v1alpha1_ValidatingAdmissionPolicySpec_To_admissionregistration_ValidatingAdmissionPolicySpec(in *v1alpha1.ValidatingAdmissionPolicySpec, out *admissionregistration.ValidatingAdmissionPolicySpec, s conversion.Scope) error { - out.ParamKind = (*admissionregistration.ParamKind)(unsafe.Pointer(in.ParamKind)) - if in.MatchConstraints != nil { - in, out := &in.MatchConstraints, &out.MatchConstraints - *out = new(admissionregistration.MatchResources) - if err := Convert_v1alpha1_MatchResources_To_admissionregistration_MatchResources(*in, *out, s); err != nil { - return err - } - } else { - out.MatchConstraints = nil - } - out.Validations = *(*[]admissionregistration.Validation)(unsafe.Pointer(&in.Validations)) - out.FailurePolicy = (*admissionregistration.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - return nil -} - -// Convert_v1alpha1_ValidatingAdmissionPolicySpec_To_admissionregistration_ValidatingAdmissionPolicySpec is an autogenerated conversion function. -func Convert_v1alpha1_ValidatingAdmissionPolicySpec_To_admissionregistration_ValidatingAdmissionPolicySpec(in *v1alpha1.ValidatingAdmissionPolicySpec, out *admissionregistration.ValidatingAdmissionPolicySpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ValidatingAdmissionPolicySpec_To_admissionregistration_ValidatingAdmissionPolicySpec(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingAdmissionPolicySpec_To_v1alpha1_ValidatingAdmissionPolicySpec(in *admissionregistration.ValidatingAdmissionPolicySpec, out *v1alpha1.ValidatingAdmissionPolicySpec, s conversion.Scope) error { - out.ParamKind = (*v1alpha1.ParamKind)(unsafe.Pointer(in.ParamKind)) - if in.MatchConstraints != nil { - in, out := &in.MatchConstraints, &out.MatchConstraints - *out = new(v1alpha1.MatchResources) - if err := Convert_admissionregistration_MatchResources_To_v1alpha1_MatchResources(*in, *out, s); err != nil { - return err - } - } else { - out.MatchConstraints = nil - } - out.Validations = *(*[]v1alpha1.Validation)(unsafe.Pointer(&in.Validations)) - out.FailurePolicy = (*v1alpha1.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - return nil -} - -// Convert_admissionregistration_ValidatingAdmissionPolicySpec_To_v1alpha1_ValidatingAdmissionPolicySpec is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingAdmissionPolicySpec_To_v1alpha1_ValidatingAdmissionPolicySpec(in *admissionregistration.ValidatingAdmissionPolicySpec, out *v1alpha1.ValidatingAdmissionPolicySpec, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingAdmissionPolicySpec_To_v1alpha1_ValidatingAdmissionPolicySpec(in, out, s) -} - -func autoConvert_v1alpha1_Validation_To_admissionregistration_Validation(in *v1alpha1.Validation, out *admissionregistration.Validation, s conversion.Scope) error { - out.Expression = in.Expression - out.Message = in.Message - out.Reason = (*v1.StatusReason)(unsafe.Pointer(in.Reason)) - return nil -} - -// Convert_v1alpha1_Validation_To_admissionregistration_Validation is an autogenerated conversion function. -func Convert_v1alpha1_Validation_To_admissionregistration_Validation(in *v1alpha1.Validation, out *admissionregistration.Validation, s conversion.Scope) error { - return autoConvert_v1alpha1_Validation_To_admissionregistration_Validation(in, out, s) -} - -func autoConvert_admissionregistration_Validation_To_v1alpha1_Validation(in *admissionregistration.Validation, out *v1alpha1.Validation, s conversion.Scope) error { - out.Expression = in.Expression - out.Message = in.Message - out.Reason = (*v1.StatusReason)(unsafe.Pointer(in.Reason)) - return nil -} - -// Convert_admissionregistration_Validation_To_v1alpha1_Validation is an autogenerated conversion function. -func Convert_admissionregistration_Validation_To_v1alpha1_Validation(in *admissionregistration.Validation, out *v1alpha1.Validation, s conversion.Scope) error { - return autoConvert_admissionregistration_Validation_To_v1alpha1_Validation(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 918816c988..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,90 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1alpha1.ValidatingAdmissionPolicy{}, func(obj interface{}) { - SetObjectDefaults_ValidatingAdmissionPolicy(obj.(*v1alpha1.ValidatingAdmissionPolicy)) - }) - scheme.AddTypeDefaultingFunc(&v1alpha1.ValidatingAdmissionPolicyBinding{}, func(obj interface{}) { - SetObjectDefaults_ValidatingAdmissionPolicyBinding(obj.(*v1alpha1.ValidatingAdmissionPolicyBinding)) - }) - scheme.AddTypeDefaultingFunc(&v1alpha1.ValidatingAdmissionPolicyBindingList{}, func(obj interface{}) { - SetObjectDefaults_ValidatingAdmissionPolicyBindingList(obj.(*v1alpha1.ValidatingAdmissionPolicyBindingList)) - }) - scheme.AddTypeDefaultingFunc(&v1alpha1.ValidatingAdmissionPolicyList{}, func(obj interface{}) { - SetObjectDefaults_ValidatingAdmissionPolicyList(obj.(*v1alpha1.ValidatingAdmissionPolicyList)) - }) - return nil -} - -func SetObjectDefaults_ValidatingAdmissionPolicy(in *v1alpha1.ValidatingAdmissionPolicy) { - SetDefaults_ValidatingAdmissionPolicySpec(&in.Spec) - if in.Spec.MatchConstraints != nil { - SetDefaults_MatchResources(in.Spec.MatchConstraints) - for i := range in.Spec.MatchConstraints.ResourceRules { - a := &in.Spec.MatchConstraints.ResourceRules[i] - v1.SetDefaults_Rule(&a.RuleWithOperations.Rule) - } - for i := range in.Spec.MatchConstraints.ExcludeResourceRules { - a := &in.Spec.MatchConstraints.ExcludeResourceRules[i] - v1.SetDefaults_Rule(&a.RuleWithOperations.Rule) - } - } -} - -func SetObjectDefaults_ValidatingAdmissionPolicyBinding(in *v1alpha1.ValidatingAdmissionPolicyBinding) { - if in.Spec.MatchResources != nil { - SetDefaults_MatchResources(in.Spec.MatchResources) - for i := range in.Spec.MatchResources.ResourceRules { - a := &in.Spec.MatchResources.ResourceRules[i] - v1.SetDefaults_Rule(&a.RuleWithOperations.Rule) - } - for i := range in.Spec.MatchResources.ExcludeResourceRules { - a := &in.Spec.MatchResources.ExcludeResourceRules[i] - v1.SetDefaults_Rule(&a.RuleWithOperations.Rule) - } - } -} - -func SetObjectDefaults_ValidatingAdmissionPolicyBindingList(in *v1alpha1.ValidatingAdmissionPolicyBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ValidatingAdmissionPolicyBinding(a) - } -} - -func SetObjectDefaults_ValidatingAdmissionPolicyList(in *v1alpha1.ValidatingAdmissionPolicyList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ValidatingAdmissionPolicy(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/defaults.go deleted file mode 100644 index 561a549cdd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/defaults.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilpointer "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_ValidatingWebhook sets defaults for webhook validating -func SetDefaults_ValidatingWebhook(obj *admissionregistrationv1beta1.ValidatingWebhook) { - if obj.FailurePolicy == nil { - policy := admissionregistrationv1beta1.Ignore - obj.FailurePolicy = &policy - } - if obj.MatchPolicy == nil { - policy := admissionregistrationv1beta1.Exact - obj.MatchPolicy = &policy - } - if obj.NamespaceSelector == nil { - selector := metav1.LabelSelector{} - obj.NamespaceSelector = &selector - } - if obj.ObjectSelector == nil { - selector := metav1.LabelSelector{} - obj.ObjectSelector = &selector - } - if obj.SideEffects == nil { - // TODO: revisit/remove this default and possibly make the field required when promoting to v1 - unknown := admissionregistrationv1beta1.SideEffectClassUnknown - obj.SideEffects = &unknown - } - if obj.TimeoutSeconds == nil { - obj.TimeoutSeconds = new(int32) - *obj.TimeoutSeconds = 30 - } - - if len(obj.AdmissionReviewVersions) == 0 { - obj.AdmissionReviewVersions = []string{admissionregistrationv1beta1.SchemeGroupVersion.Version} - } -} - -// SetDefaults_MutatingWebhook sets defaults for webhook mutating -func SetDefaults_MutatingWebhook(obj *admissionregistrationv1beta1.MutatingWebhook) { - if obj.FailurePolicy == nil { - policy := admissionregistrationv1beta1.Ignore - obj.FailurePolicy = &policy - } - if obj.MatchPolicy == nil { - policy := admissionregistrationv1beta1.Exact - obj.MatchPolicy = &policy - } - if obj.NamespaceSelector == nil { - selector := metav1.LabelSelector{} - obj.NamespaceSelector = &selector - } - if obj.ObjectSelector == nil { - selector := metav1.LabelSelector{} - obj.ObjectSelector = &selector - } - if obj.SideEffects == nil { - // TODO: revisit/remove this default and possibly make the field required when promoting to v1 - unknown := admissionregistrationv1beta1.SideEffectClassUnknown - obj.SideEffects = &unknown - } - if obj.TimeoutSeconds == nil { - obj.TimeoutSeconds = new(int32) - *obj.TimeoutSeconds = 30 - } - if obj.ReinvocationPolicy == nil { - never := admissionregistrationv1beta1.NeverReinvocationPolicy - obj.ReinvocationPolicy = &never - } - - if len(obj.AdmissionReviewVersions) == 0 { - obj.AdmissionReviewVersions = []string{admissionregistrationv1beta1.SchemeGroupVersion.Version} - } -} - -// SetDefaults_ServiceReference sets defaults for Webhook's ServiceReference -func SetDefaults_ServiceReference(obj *admissionregistrationv1beta1.ServiceReference) { - if obj.Port == nil { - obj.Port = utilpointer.Int32Ptr(443) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/doc.go deleted file mode 100644 index df2827ee28..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/doc.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/admissionregistration -// +k8s:conversion-gen-external-types=k8s.io/api/admissionregistration/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/admissionregistration/v1beta1 -// +groupName=admissionregistration.k8s.io - -// Package v1beta1 is the v1beta1 version of the API. -// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration -// ValidatingWebhookConfiguration, and MutatingWebhookConfiguration are for the -// new dynamic admission controller configuration. -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/register.go deleted file mode 100644 index 92d22f9ace..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name used in this package -const GroupName = "admissionregistration.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &admissionregistrationv1beta1.SchemeBuilder - // AddToScheme handler to add items to the schema - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/zz_generated.conversion.go deleted file mode 100644 index e132ef4200..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,488 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - v1beta1 "k8s.io/api/admissionregistration/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - admissionregistration "k8s.io/kubernetes/pkg/apis/admissionregistration" - v1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.MutatingWebhook)(nil), (*admissionregistration.MutatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_MutatingWebhook_To_admissionregistration_MutatingWebhook(a.(*v1beta1.MutatingWebhook), b.(*admissionregistration.MutatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.MutatingWebhook)(nil), (*v1beta1.MutatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_MutatingWebhook_To_v1beta1_MutatingWebhook(a.(*admissionregistration.MutatingWebhook), b.(*v1beta1.MutatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.MutatingWebhookConfiguration)(nil), (*admissionregistration.MutatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(a.(*v1beta1.MutatingWebhookConfiguration), b.(*admissionregistration.MutatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.MutatingWebhookConfiguration)(nil), (*v1beta1.MutatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_MutatingWebhookConfiguration_To_v1beta1_MutatingWebhookConfiguration(a.(*admissionregistration.MutatingWebhookConfiguration), b.(*v1beta1.MutatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.MutatingWebhookConfigurationList)(nil), (*admissionregistration.MutatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(a.(*v1beta1.MutatingWebhookConfigurationList), b.(*admissionregistration.MutatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.MutatingWebhookConfigurationList)(nil), (*v1beta1.MutatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_MutatingWebhookConfigurationList_To_v1beta1_MutatingWebhookConfigurationList(a.(*admissionregistration.MutatingWebhookConfigurationList), b.(*v1beta1.MutatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ServiceReference)(nil), (*admissionregistration.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ServiceReference_To_admissionregistration_ServiceReference(a.(*v1beta1.ServiceReference), b.(*admissionregistration.ServiceReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ServiceReference)(nil), (*v1beta1.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ServiceReference_To_v1beta1_ServiceReference(a.(*admissionregistration.ServiceReference), b.(*v1beta1.ServiceReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ValidatingWebhook)(nil), (*admissionregistration.ValidatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(a.(*v1beta1.ValidatingWebhook), b.(*admissionregistration.ValidatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingWebhook)(nil), (*v1beta1.ValidatingWebhook)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingWebhook_To_v1beta1_ValidatingWebhook(a.(*admissionregistration.ValidatingWebhook), b.(*v1beta1.ValidatingWebhook), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ValidatingWebhookConfiguration)(nil), (*admissionregistration.ValidatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(a.(*v1beta1.ValidatingWebhookConfiguration), b.(*admissionregistration.ValidatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingWebhookConfiguration)(nil), (*v1beta1.ValidatingWebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1beta1_ValidatingWebhookConfiguration(a.(*admissionregistration.ValidatingWebhookConfiguration), b.(*v1beta1.ValidatingWebhookConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ValidatingWebhookConfigurationList)(nil), (*admissionregistration.ValidatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(a.(*v1beta1.ValidatingWebhookConfigurationList), b.(*admissionregistration.ValidatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.ValidatingWebhookConfigurationList)(nil), (*v1beta1.ValidatingWebhookConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_ValidatingWebhookConfigurationList_To_v1beta1_ValidatingWebhookConfigurationList(a.(*admissionregistration.ValidatingWebhookConfigurationList), b.(*v1beta1.ValidatingWebhookConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.WebhookClientConfig)(nil), (*admissionregistration.WebhookClientConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(a.(*v1beta1.WebhookClientConfig), b.(*admissionregistration.WebhookClientConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*admissionregistration.WebhookClientConfig)(nil), (*v1beta1.WebhookClientConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_admissionregistration_WebhookClientConfig_To_v1beta1_WebhookClientConfig(a.(*admissionregistration.WebhookClientConfig), b.(*v1beta1.WebhookClientConfig), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_MutatingWebhook_To_admissionregistration_MutatingWebhook(in *v1beta1.MutatingWebhook, out *admissionregistration.MutatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1beta1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]admissionregistration.RuleWithOperations, len(*in)) - for i := range *in { - if err := v1.Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*admissionregistration.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*admissionregistration.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*admissionregistration.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - out.ReinvocationPolicy = (*admissionregistration.ReinvocationPolicyType)(unsafe.Pointer(in.ReinvocationPolicy)) - return nil -} - -// Convert_v1beta1_MutatingWebhook_To_admissionregistration_MutatingWebhook is an autogenerated conversion function. -func Convert_v1beta1_MutatingWebhook_To_admissionregistration_MutatingWebhook(in *v1beta1.MutatingWebhook, out *admissionregistration.MutatingWebhook, s conversion.Scope) error { - return autoConvert_v1beta1_MutatingWebhook_To_admissionregistration_MutatingWebhook(in, out, s) -} - -func autoConvert_admissionregistration_MutatingWebhook_To_v1beta1_MutatingWebhook(in *admissionregistration.MutatingWebhook, out *v1beta1.MutatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_admissionregistration_WebhookClientConfig_To_v1beta1_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]admissionregistrationv1.RuleWithOperations, len(*in)) - for i := range *in { - if err := v1.Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*v1beta1.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*v1beta1.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*v1beta1.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - out.ReinvocationPolicy = (*v1beta1.ReinvocationPolicyType)(unsafe.Pointer(in.ReinvocationPolicy)) - return nil -} - -// Convert_admissionregistration_MutatingWebhook_To_v1beta1_MutatingWebhook is an autogenerated conversion function. -func Convert_admissionregistration_MutatingWebhook_To_v1beta1_MutatingWebhook(in *admissionregistration.MutatingWebhook, out *v1beta1.MutatingWebhook, s conversion.Scope) error { - return autoConvert_admissionregistration_MutatingWebhook_To_v1beta1_MutatingWebhook(in, out, s) -} - -func autoConvert_v1beta1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(in *v1beta1.MutatingWebhookConfiguration, out *admissionregistration.MutatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]admissionregistration.MutatingWebhook, len(*in)) - for i := range *in { - if err := Convert_v1beta1_MutatingWebhook_To_admissionregistration_MutatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_v1beta1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration is an autogenerated conversion function. -func Convert_v1beta1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(in *v1beta1.MutatingWebhookConfiguration, out *admissionregistration.MutatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_v1beta1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(in, out, s) -} - -func autoConvert_admissionregistration_MutatingWebhookConfiguration_To_v1beta1_MutatingWebhookConfiguration(in *admissionregistration.MutatingWebhookConfiguration, out *v1beta1.MutatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]v1beta1.MutatingWebhook, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_MutatingWebhook_To_v1beta1_MutatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_admissionregistration_MutatingWebhookConfiguration_To_v1beta1_MutatingWebhookConfiguration is an autogenerated conversion function. -func Convert_admissionregistration_MutatingWebhookConfiguration_To_v1beta1_MutatingWebhookConfiguration(in *admissionregistration.MutatingWebhookConfiguration, out *v1beta1.MutatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_admissionregistration_MutatingWebhookConfiguration_To_v1beta1_MutatingWebhookConfiguration(in, out, s) -} - -func autoConvert_v1beta1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(in *v1beta1.MutatingWebhookConfigurationList, out *admissionregistration.MutatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]admissionregistration.MutatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_v1beta1_MutatingWebhookConfiguration_To_admissionregistration_MutatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_v1beta1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(in *v1beta1.MutatingWebhookConfigurationList, out *admissionregistration.MutatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_v1beta1_MutatingWebhookConfigurationList_To_admissionregistration_MutatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_admissionregistration_MutatingWebhookConfigurationList_To_v1beta1_MutatingWebhookConfigurationList(in *admissionregistration.MutatingWebhookConfigurationList, out *v1beta1.MutatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.MutatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_MutatingWebhookConfiguration_To_v1beta1_MutatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_admissionregistration_MutatingWebhookConfigurationList_To_v1beta1_MutatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_admissionregistration_MutatingWebhookConfigurationList_To_v1beta1_MutatingWebhookConfigurationList(in *admissionregistration.MutatingWebhookConfigurationList, out *v1beta1.MutatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_admissionregistration_MutatingWebhookConfigurationList_To_v1beta1_MutatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_v1beta1_ServiceReference_To_admissionregistration_ServiceReference(in *v1beta1.ServiceReference, out *admissionregistration.ServiceReference, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - out.Path = (*string)(unsafe.Pointer(in.Path)) - if err := metav1.Convert_Pointer_int32_To_int32(&in.Port, &out.Port, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_ServiceReference_To_admissionregistration_ServiceReference is an autogenerated conversion function. -func Convert_v1beta1_ServiceReference_To_admissionregistration_ServiceReference(in *v1beta1.ServiceReference, out *admissionregistration.ServiceReference, s conversion.Scope) error { - return autoConvert_v1beta1_ServiceReference_To_admissionregistration_ServiceReference(in, out, s) -} - -func autoConvert_admissionregistration_ServiceReference_To_v1beta1_ServiceReference(in *admissionregistration.ServiceReference, out *v1beta1.ServiceReference, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - out.Path = (*string)(unsafe.Pointer(in.Path)) - if err := metav1.Convert_int32_To_Pointer_int32(&in.Port, &out.Port, s); err != nil { - return err - } - return nil -} - -// Convert_admissionregistration_ServiceReference_To_v1beta1_ServiceReference is an autogenerated conversion function. -func Convert_admissionregistration_ServiceReference_To_v1beta1_ServiceReference(in *admissionregistration.ServiceReference, out *v1beta1.ServiceReference, s conversion.Scope) error { - return autoConvert_admissionregistration_ServiceReference_To_v1beta1_ServiceReference(in, out, s) -} - -func autoConvert_v1beta1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(in *v1beta1.ValidatingWebhook, out *admissionregistration.ValidatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1beta1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]admissionregistration.RuleWithOperations, len(*in)) - for i := range *in { - if err := v1.Convert_v1_RuleWithOperations_To_admissionregistration_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*admissionregistration.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*admissionregistration.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*admissionregistration.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - return nil -} - -// Convert_v1beta1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook is an autogenerated conversion function. -func Convert_v1beta1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(in *v1beta1.ValidatingWebhook, out *admissionregistration.ValidatingWebhook, s conversion.Scope) error { - return autoConvert_v1beta1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingWebhook_To_v1beta1_ValidatingWebhook(in *admissionregistration.ValidatingWebhook, out *v1beta1.ValidatingWebhook, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_admissionregistration_WebhookClientConfig_To_v1beta1_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil { - return err - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]admissionregistrationv1.RuleWithOperations, len(*in)) - for i := range *in { - if err := v1.Convert_admissionregistration_RuleWithOperations_To_v1_RuleWithOperations(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - out.FailurePolicy = (*v1beta1.FailurePolicyType)(unsafe.Pointer(in.FailurePolicy)) - out.MatchPolicy = (*v1beta1.MatchPolicyType)(unsafe.Pointer(in.MatchPolicy)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.ObjectSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.ObjectSelector)) - out.SideEffects = (*v1beta1.SideEffectClass)(unsafe.Pointer(in.SideEffects)) - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - out.AdmissionReviewVersions = *(*[]string)(unsafe.Pointer(&in.AdmissionReviewVersions)) - return nil -} - -// Convert_admissionregistration_ValidatingWebhook_To_v1beta1_ValidatingWebhook is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingWebhook_To_v1beta1_ValidatingWebhook(in *admissionregistration.ValidatingWebhook, out *v1beta1.ValidatingWebhook, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingWebhook_To_v1beta1_ValidatingWebhook(in, out, s) -} - -func autoConvert_v1beta1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(in *v1beta1.ValidatingWebhookConfiguration, out *admissionregistration.ValidatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]admissionregistration.ValidatingWebhook, len(*in)) - for i := range *in { - if err := Convert_v1beta1_ValidatingWebhook_To_admissionregistration_ValidatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_v1beta1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration is an autogenerated conversion function. -func Convert_v1beta1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(in *v1beta1.ValidatingWebhookConfiguration, out *admissionregistration.ValidatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_v1beta1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingWebhookConfiguration_To_v1beta1_ValidatingWebhookConfiguration(in *admissionregistration.ValidatingWebhookConfiguration, out *v1beta1.ValidatingWebhookConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]v1beta1.ValidatingWebhook, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_ValidatingWebhook_To_v1beta1_ValidatingWebhook(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Webhooks = nil - } - return nil -} - -// Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1beta1_ValidatingWebhookConfiguration is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1beta1_ValidatingWebhookConfiguration(in *admissionregistration.ValidatingWebhookConfiguration, out *v1beta1.ValidatingWebhookConfiguration, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingWebhookConfiguration_To_v1beta1_ValidatingWebhookConfiguration(in, out, s) -} - -func autoConvert_v1beta1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(in *v1beta1.ValidatingWebhookConfigurationList, out *admissionregistration.ValidatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]admissionregistration.ValidatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_v1beta1_ValidatingWebhookConfiguration_To_admissionregistration_ValidatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_v1beta1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(in *v1beta1.ValidatingWebhookConfigurationList, out *admissionregistration.ValidatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_v1beta1_ValidatingWebhookConfigurationList_To_admissionregistration_ValidatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_admissionregistration_ValidatingWebhookConfigurationList_To_v1beta1_ValidatingWebhookConfigurationList(in *admissionregistration.ValidatingWebhookConfigurationList, out *v1beta1.ValidatingWebhookConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.ValidatingWebhookConfiguration, len(*in)) - for i := range *in { - if err := Convert_admissionregistration_ValidatingWebhookConfiguration_To_v1beta1_ValidatingWebhookConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_admissionregistration_ValidatingWebhookConfigurationList_To_v1beta1_ValidatingWebhookConfigurationList is an autogenerated conversion function. -func Convert_admissionregistration_ValidatingWebhookConfigurationList_To_v1beta1_ValidatingWebhookConfigurationList(in *admissionregistration.ValidatingWebhookConfigurationList, out *v1beta1.ValidatingWebhookConfigurationList, s conversion.Scope) error { - return autoConvert_admissionregistration_ValidatingWebhookConfigurationList_To_v1beta1_ValidatingWebhookConfigurationList(in, out, s) -} - -func autoConvert_v1beta1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(in *v1beta1.WebhookClientConfig, out *admissionregistration.WebhookClientConfig, s conversion.Scope) error { - out.URL = (*string)(unsafe.Pointer(in.URL)) - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = new(admissionregistration.ServiceReference) - if err := Convert_v1beta1_ServiceReference_To_admissionregistration_ServiceReference(*in, *out, s); err != nil { - return err - } - } else { - out.Service = nil - } - out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle)) - return nil -} - -// Convert_v1beta1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig is an autogenerated conversion function. -func Convert_v1beta1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(in *v1beta1.WebhookClientConfig, out *admissionregistration.WebhookClientConfig, s conversion.Scope) error { - return autoConvert_v1beta1_WebhookClientConfig_To_admissionregistration_WebhookClientConfig(in, out, s) -} - -func autoConvert_admissionregistration_WebhookClientConfig_To_v1beta1_WebhookClientConfig(in *admissionregistration.WebhookClientConfig, out *v1beta1.WebhookClientConfig, s conversion.Scope) error { - out.URL = (*string)(unsafe.Pointer(in.URL)) - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = new(v1beta1.ServiceReference) - if err := Convert_admissionregistration_ServiceReference_To_v1beta1_ServiceReference(*in, *out, s); err != nil { - return err - } - } else { - out.Service = nil - } - out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle)) - return nil -} - -// Convert_admissionregistration_WebhookClientConfig_To_v1beta1_WebhookClientConfig is an autogenerated conversion function. -func Convert_admissionregistration_WebhookClientConfig_To_v1beta1_WebhookClientConfig(in *admissionregistration.WebhookClientConfig, out *v1beta1.WebhookClientConfig, s conversion.Scope) error { - return autoConvert_admissionregistration_WebhookClientConfig_To_v1beta1_WebhookClientConfig(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 7acc059900..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,89 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/admissionregistration/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.MutatingWebhookConfiguration{}, func(obj interface{}) { - SetObjectDefaults_MutatingWebhookConfiguration(obj.(*v1beta1.MutatingWebhookConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1beta1.MutatingWebhookConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_MutatingWebhookConfigurationList(obj.(*v1beta1.MutatingWebhookConfigurationList)) - }) - scheme.AddTypeDefaultingFunc(&v1beta1.ValidatingWebhookConfiguration{}, func(obj interface{}) { - SetObjectDefaults_ValidatingWebhookConfiguration(obj.(*v1beta1.ValidatingWebhookConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1beta1.ValidatingWebhookConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_ValidatingWebhookConfigurationList(obj.(*v1beta1.ValidatingWebhookConfigurationList)) - }) - return nil -} - -func SetObjectDefaults_MutatingWebhookConfiguration(in *v1beta1.MutatingWebhookConfiguration) { - for i := range in.Webhooks { - a := &in.Webhooks[i] - SetDefaults_MutatingWebhook(a) - if a.ClientConfig.Service != nil { - SetDefaults_ServiceReference(a.ClientConfig.Service) - } - for j := range a.Rules { - b := &a.Rules[j] - v1.SetDefaults_Rule(&b.Rule) - } - } -} - -func SetObjectDefaults_MutatingWebhookConfigurationList(in *v1beta1.MutatingWebhookConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_MutatingWebhookConfiguration(a) - } -} - -func SetObjectDefaults_ValidatingWebhookConfiguration(in *v1beta1.ValidatingWebhookConfiguration) { - for i := range in.Webhooks { - a := &in.Webhooks[i] - SetDefaults_ValidatingWebhook(a) - if a.ClientConfig.Service != nil { - SetDefaults_ServiceReference(a.ClientConfig.Service) - } - for j := range a.Rules { - b := &a.Rules[j] - v1.SetDefaults_Rule(&b.Rule) - } - } -} - -func SetObjectDefaults_ValidatingWebhookConfigurationList(in *v1beta1.ValidatingWebhookConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ValidatingWebhookConfiguration(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/validation/validation.go deleted file mode 100644 index 78b5c8cc86..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/validation/validation.go +++ /dev/null @@ -1,815 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "regexp" - "strings" - - genericvalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/api/validation/path" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/util/sets" - utilvalidation "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - plugincel "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy" - "k8s.io/apiserver/pkg/cel" - "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - admissionregistrationv1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1" - admissionregistrationv1beta1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1" -) - -func hasWildcard(slice []string) bool { - for _, s := range slice { - if s == "*" { - return true - } - } - return false -} - -func validateResources(resources []string, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - if len(resources) == 0 { - allErrors = append(allErrors, field.Required(fldPath, "")) - } - - // x/* - resourcesWithWildcardSubresoures := sets.String{} - // */x - subResourcesWithWildcardResource := sets.String{} - // */* - hasDoubleWildcard := false - // * - hasSingleWildcard := false - // x - hasResourceWithoutSubresource := false - - for i, resSub := range resources { - if resSub == "" { - allErrors = append(allErrors, field.Required(fldPath.Index(i), "")) - continue - } - if resSub == "*/*" { - hasDoubleWildcard = true - } - if resSub == "*" { - hasSingleWildcard = true - } - parts := strings.SplitN(resSub, "/", 2) - if len(parts) == 1 { - hasResourceWithoutSubresource = resSub != "*" - continue - } - res, sub := parts[0], parts[1] - if _, ok := resourcesWithWildcardSubresoures[res]; ok { - allErrors = append(allErrors, field.Invalid(fldPath.Index(i), resSub, fmt.Sprintf("if '%s/*' is present, must not specify %s", res, resSub))) - } - if _, ok := subResourcesWithWildcardResource[sub]; ok { - allErrors = append(allErrors, field.Invalid(fldPath.Index(i), resSub, fmt.Sprintf("if '*/%s' is present, must not specify %s", sub, resSub))) - } - if sub == "*" { - resourcesWithWildcardSubresoures[res] = struct{}{} - } - if res == "*" { - subResourcesWithWildcardResource[sub] = struct{}{} - } - } - if len(resources) > 1 && hasDoubleWildcard { - allErrors = append(allErrors, field.Invalid(fldPath, resources, "if '*/*' is present, must not specify other resources")) - } - if hasSingleWildcard && hasResourceWithoutSubresource { - allErrors = append(allErrors, field.Invalid(fldPath, resources, "if '*' is present, must not specify other resources without subresources")) - } - return allErrors -} - -func validateResourcesNoSubResources(resources []string, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - if len(resources) == 0 { - allErrors = append(allErrors, field.Required(fldPath, "")) - } - for i, resource := range resources { - if resource == "" { - allErrors = append(allErrors, field.Required(fldPath.Index(i), "")) - } - if strings.Contains(resource, "/") { - allErrors = append(allErrors, field.Invalid(fldPath.Index(i), resource, "must not specify subresources")) - } - } - if len(resources) > 1 && hasWildcard(resources) { - allErrors = append(allErrors, field.Invalid(fldPath, resources, "if '*' is present, must not specify other resources")) - } - return allErrors -} - -var validScopes = sets.NewString( - string(admissionregistration.ClusterScope), - string(admissionregistration.NamespacedScope), - string(admissionregistration.AllScopes), -) - -func validateRule(rule *admissionregistration.Rule, fldPath *field.Path, allowSubResource bool) field.ErrorList { - var allErrors field.ErrorList - if len(rule.APIGroups) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("apiGroups"), "")) - } - if len(rule.APIGroups) > 1 && hasWildcard(rule.APIGroups) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("apiGroups"), rule.APIGroups, "if '*' is present, must not specify other API groups")) - } - // Note: group could be empty, e.g., the legacy "v1" API - if len(rule.APIVersions) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("apiVersions"), "")) - } - if len(rule.APIVersions) > 1 && hasWildcard(rule.APIVersions) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("apiVersions"), rule.APIVersions, "if '*' is present, must not specify other API versions")) - } - for i, version := range rule.APIVersions { - if version == "" { - allErrors = append(allErrors, field.Required(fldPath.Child("apiVersions").Index(i), "")) - } - } - if allowSubResource { - allErrors = append(allErrors, validateResources(rule.Resources, fldPath.Child("resources"))...) - } else { - allErrors = append(allErrors, validateResourcesNoSubResources(rule.Resources, fldPath.Child("resources"))...) - } - if rule.Scope != nil && !validScopes.Has(string(*rule.Scope)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("scope"), *rule.Scope, validScopes.List())) - } - return allErrors -} - -// AcceptedAdmissionReviewVersions contains the list of AdmissionReview versions the *prior* version of the API server understands. -// 1.15: server understands v1beta1; accepted versions are ["v1beta1"] -// 1.16: server understands v1, v1beta1; accepted versions are ["v1beta1"] -// 1.17+: server understands v1, v1beta1; accepted versions are ["v1","v1beta1"] -var AcceptedAdmissionReviewVersions = []string{admissionregistrationv1.SchemeGroupVersion.Version, admissionregistrationv1beta1.SchemeGroupVersion.Version} - -func isAcceptedAdmissionReviewVersion(v string) bool { - for _, version := range AcceptedAdmissionReviewVersions { - if v == version { - return true - } - } - return false -} - -func validateAdmissionReviewVersions(versions []string, requireRecognizedAdmissionReviewVersion bool, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - - // Currently only v1beta1 accepted in AdmissionReviewVersions - if len(versions) < 1 { - allErrors = append(allErrors, field.Required(fldPath, fmt.Sprintf("must specify one of %v", strings.Join(AcceptedAdmissionReviewVersions, ", ")))) - } else { - seen := map[string]bool{} - hasAcceptedVersion := false - for i, v := range versions { - if seen[v] { - allErrors = append(allErrors, field.Invalid(fldPath.Index(i), v, "duplicate version")) - continue - } - seen[v] = true - for _, errString := range utilvalidation.IsDNS1035Label(v) { - allErrors = append(allErrors, field.Invalid(fldPath.Index(i), v, errString)) - } - if isAcceptedAdmissionReviewVersion(v) { - hasAcceptedVersion = true - } - } - if requireRecognizedAdmissionReviewVersion && !hasAcceptedVersion { - allErrors = append(allErrors, field.Invalid( - fldPath, versions, - fmt.Sprintf("must include at least one of %v", - strings.Join(AcceptedAdmissionReviewVersions, ", ")))) - } - } - return allErrors -} - -// ValidateValidatingWebhookConfiguration validates a webhook before creation. -func ValidateValidatingWebhookConfiguration(e *admissionregistration.ValidatingWebhookConfiguration) field.ErrorList { - return validateValidatingWebhookConfiguration(e, validationOptions{ - requireNoSideEffects: true, - requireRecognizedAdmissionReviewVersion: true, - requireUniqueWebhookNames: true, - allowInvalidLabelValueInSelector: false, - }) -} - -func validateValidatingWebhookConfiguration(e *admissionregistration.ValidatingWebhookConfiguration, opts validationOptions) field.ErrorList { - allErrors := genericvalidation.ValidateObjectMeta(&e.ObjectMeta, false, genericvalidation.NameIsDNSSubdomain, field.NewPath("metadata")) - hookNames := sets.NewString() - for i, hook := range e.Webhooks { - allErrors = append(allErrors, validateValidatingWebhook(&hook, opts, field.NewPath("webhooks").Index(i))...) - allErrors = append(allErrors, validateAdmissionReviewVersions(hook.AdmissionReviewVersions, opts.requireRecognizedAdmissionReviewVersion, field.NewPath("webhooks").Index(i).Child("admissionReviewVersions"))...) - if opts.requireUniqueWebhookNames && len(hook.Name) > 0 { - if hookNames.Has(hook.Name) { - allErrors = append(allErrors, field.Duplicate(field.NewPath("webhooks").Index(i).Child("name"), hook.Name)) - } else { - hookNames.Insert(hook.Name) - } - } - } - return allErrors -} - -// ValidateMutatingWebhookConfiguration validates a webhook before creation. -func ValidateMutatingWebhookConfiguration(e *admissionregistration.MutatingWebhookConfiguration) field.ErrorList { - return validateMutatingWebhookConfiguration(e, validationOptions{ - requireNoSideEffects: true, - requireRecognizedAdmissionReviewVersion: true, - requireUniqueWebhookNames: true, - allowInvalidLabelValueInSelector: false, - }) -} - -type validationOptions struct { - requireNoSideEffects bool - requireRecognizedAdmissionReviewVersion bool - requireUniqueWebhookNames bool - allowInvalidLabelValueInSelector bool -} - -func validateMutatingWebhookConfiguration(e *admissionregistration.MutatingWebhookConfiguration, opts validationOptions) field.ErrorList { - allErrors := genericvalidation.ValidateObjectMeta(&e.ObjectMeta, false, genericvalidation.NameIsDNSSubdomain, field.NewPath("metadata")) - - hookNames := sets.NewString() - for i, hook := range e.Webhooks { - allErrors = append(allErrors, validateMutatingWebhook(&hook, opts, field.NewPath("webhooks").Index(i))...) - allErrors = append(allErrors, validateAdmissionReviewVersions(hook.AdmissionReviewVersions, opts.requireRecognizedAdmissionReviewVersion, field.NewPath("webhooks").Index(i).Child("admissionReviewVersions"))...) - if opts.requireUniqueWebhookNames && len(hook.Name) > 0 { - if hookNames.Has(hook.Name) { - allErrors = append(allErrors, field.Duplicate(field.NewPath("webhooks").Index(i).Child("name"), hook.Name)) - } else { - hookNames.Insert(hook.Name) - } - } - } - return allErrors -} - -func validateValidatingWebhook(hook *admissionregistration.ValidatingWebhook, opts validationOptions, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - // hook.Name must be fully qualified - allErrors = append(allErrors, utilvalidation.IsFullyQualifiedName(fldPath.Child("name"), hook.Name)...) - labelSelectorValidationOpts := metav1validation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.allowInvalidLabelValueInSelector, - } - - for i, rule := range hook.Rules { - allErrors = append(allErrors, validateRuleWithOperations(&rule, fldPath.Child("rules").Index(i))...) - } - if hook.FailurePolicy != nil && !supportedFailurePolicies.Has(string(*hook.FailurePolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("failurePolicy"), *hook.FailurePolicy, supportedFailurePolicies.List())) - } - if hook.MatchPolicy != nil && !supportedMatchPolicies.Has(string(*hook.MatchPolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("matchPolicy"), *hook.MatchPolicy, supportedMatchPolicies.List())) - } - allowedSideEffects := supportedSideEffectClasses - if opts.requireNoSideEffects { - allowedSideEffects = noSideEffectClasses - } - if hook.SideEffects == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("sideEffects"), fmt.Sprintf("must specify one of %v", strings.Join(allowedSideEffects.List(), ", ")))) - } - if hook.SideEffects != nil && !allowedSideEffects.Has(string(*hook.SideEffects)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("sideEffects"), *hook.SideEffects, allowedSideEffects.List())) - } - if hook.TimeoutSeconds != nil && (*hook.TimeoutSeconds > 30 || *hook.TimeoutSeconds < 1) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("timeoutSeconds"), *hook.TimeoutSeconds, "the timeout value must be between 1 and 30 seconds")) - } - - if hook.NamespaceSelector != nil { - allErrors = append(allErrors, metav1validation.ValidateLabelSelector(hook.NamespaceSelector, labelSelectorValidationOpts, fldPath.Child("namespaceSelector"))...) - } - - if hook.ObjectSelector != nil { - allErrors = append(allErrors, metav1validation.ValidateLabelSelector(hook.ObjectSelector, labelSelectorValidationOpts, fldPath.Child("objectSelector"))...) - } - - cc := hook.ClientConfig - switch { - case (cc.URL == nil) == (cc.Service == nil): - allErrors = append(allErrors, field.Required(fldPath.Child("clientConfig"), "exactly one of url or service is required")) - case cc.URL != nil: - allErrors = append(allErrors, webhook.ValidateWebhookURL(fldPath.Child("clientConfig").Child("url"), *cc.URL, true)...) - case cc.Service != nil: - allErrors = append(allErrors, webhook.ValidateWebhookService(fldPath.Child("clientConfig").Child("service"), cc.Service.Name, cc.Service.Namespace, cc.Service.Path, cc.Service.Port)...) - } - return allErrors -} - -func validateMutatingWebhook(hook *admissionregistration.MutatingWebhook, opts validationOptions, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - // hook.Name must be fully qualified - allErrors = append(allErrors, utilvalidation.IsFullyQualifiedName(fldPath.Child("name"), hook.Name)...) - labelSelectorValidationOpts := metav1validation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.allowInvalidLabelValueInSelector, - } - - for i, rule := range hook.Rules { - allErrors = append(allErrors, validateRuleWithOperations(&rule, fldPath.Child("rules").Index(i))...) - } - if hook.FailurePolicy != nil && !supportedFailurePolicies.Has(string(*hook.FailurePolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("failurePolicy"), *hook.FailurePolicy, supportedFailurePolicies.List())) - } - if hook.MatchPolicy != nil && !supportedMatchPolicies.Has(string(*hook.MatchPolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("matchPolicy"), *hook.MatchPolicy, supportedMatchPolicies.List())) - } - allowedSideEffects := supportedSideEffectClasses - if opts.requireNoSideEffects { - allowedSideEffects = noSideEffectClasses - } - if hook.SideEffects == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("sideEffects"), fmt.Sprintf("must specify one of %v", strings.Join(allowedSideEffects.List(), ", ")))) - } - if hook.SideEffects != nil && !allowedSideEffects.Has(string(*hook.SideEffects)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("sideEffects"), *hook.SideEffects, allowedSideEffects.List())) - } - if hook.TimeoutSeconds != nil && (*hook.TimeoutSeconds > 30 || *hook.TimeoutSeconds < 1) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("timeoutSeconds"), *hook.TimeoutSeconds, "the timeout value must be between 1 and 30 seconds")) - } - - if hook.NamespaceSelector != nil { - allErrors = append(allErrors, metav1validation.ValidateLabelSelector(hook.NamespaceSelector, labelSelectorValidationOpts, fldPath.Child("namespaceSelector"))...) - } - if hook.ObjectSelector != nil { - allErrors = append(allErrors, metav1validation.ValidateLabelSelector(hook.ObjectSelector, labelSelectorValidationOpts, fldPath.Child("objectSelector"))...) - } - if hook.ReinvocationPolicy != nil && !supportedReinvocationPolicies.Has(string(*hook.ReinvocationPolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("reinvocationPolicy"), *hook.ReinvocationPolicy, supportedReinvocationPolicies.List())) - } - - cc := hook.ClientConfig - switch { - case (cc.URL == nil) == (cc.Service == nil): - allErrors = append(allErrors, field.Required(fldPath.Child("clientConfig"), "exactly one of url or service is required")) - case cc.URL != nil: - allErrors = append(allErrors, webhook.ValidateWebhookURL(fldPath.Child("clientConfig").Child("url"), *cc.URL, true)...) - case cc.Service != nil: - allErrors = append(allErrors, webhook.ValidateWebhookService(fldPath.Child("clientConfig").Child("service"), cc.Service.Name, cc.Service.Namespace, cc.Service.Path, cc.Service.Port)...) - } - return allErrors -} - -var supportedFailurePolicies = sets.NewString( - string(admissionregistration.Ignore), - string(admissionregistration.Fail), -) - -var supportedMatchPolicies = sets.NewString( - string(admissionregistration.Exact), - string(admissionregistration.Equivalent), -) - -var supportedSideEffectClasses = sets.NewString( - string(admissionregistration.SideEffectClassUnknown), - string(admissionregistration.SideEffectClassNone), - string(admissionregistration.SideEffectClassSome), - string(admissionregistration.SideEffectClassNoneOnDryRun), -) - -var noSideEffectClasses = sets.NewString( - string(admissionregistration.SideEffectClassNone), - string(admissionregistration.SideEffectClassNoneOnDryRun), -) - -var supportedOperations = sets.NewString( - string(admissionregistration.OperationAll), - string(admissionregistration.Create), - string(admissionregistration.Update), - string(admissionregistration.Delete), - string(admissionregistration.Connect), -) - -var supportedReinvocationPolicies = sets.NewString( - string(admissionregistration.NeverReinvocationPolicy), - string(admissionregistration.IfNeededReinvocationPolicy), -) - -var supportedValidationPolicyReason = sets.NewString( - string(metav1.StatusReasonForbidden), - string(metav1.StatusReasonInvalid), - string(metav1.StatusReasonRequestEntityTooLarge), -) - -func hasWildcardOperation(operations []admissionregistration.OperationType) bool { - for _, o := range operations { - if o == admissionregistration.OperationAll { - return true - } - } - return false -} - -func validateRuleWithOperations(ruleWithOperations *admissionregistration.RuleWithOperations, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - if len(ruleWithOperations.Operations) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("operations"), "")) - } - if len(ruleWithOperations.Operations) > 1 && hasWildcardOperation(ruleWithOperations.Operations) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("operations"), ruleWithOperations.Operations, "if '*' is present, must not specify other operations")) - } - for i, operation := range ruleWithOperations.Operations { - if !supportedOperations.Has(string(operation)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("operations").Index(i), operation, supportedOperations.List())) - } - } - allowSubResource := true - allErrors = append(allErrors, validateRule(&ruleWithOperations.Rule, fldPath, allowSubResource)...) - return allErrors -} - -// mutatingHasAcceptedAdmissionReviewVersions returns true if all webhooks have at least one -// admission review version this apiserver accepts. -func mutatingHasAcceptedAdmissionReviewVersions(webhooks []admissionregistration.MutatingWebhook) bool { - for _, hook := range webhooks { - hasRecognizedVersion := false - for _, version := range hook.AdmissionReviewVersions { - if isAcceptedAdmissionReviewVersion(version) { - hasRecognizedVersion = true - break - } - } - if !hasRecognizedVersion && len(hook.AdmissionReviewVersions) > 0 { - return false - } - } - return true -} - -// validatingHasAcceptedAdmissionReviewVersions returns true if all webhooks have at least one -// admission review version this apiserver accepts. -func validatingHasAcceptedAdmissionReviewVersions(webhooks []admissionregistration.ValidatingWebhook) bool { - for _, hook := range webhooks { - hasRecognizedVersion := false - for _, version := range hook.AdmissionReviewVersions { - if isAcceptedAdmissionReviewVersion(version) { - hasRecognizedVersion = true - break - } - } - if !hasRecognizedVersion && len(hook.AdmissionReviewVersions) > 0 { - return false - } - } - return true -} - -// mutatingHasUniqueWebhookNames returns true if all webhooks have unique names -func mutatingHasUniqueWebhookNames(webhooks []admissionregistration.MutatingWebhook) bool { - names := sets.NewString() - for _, hook := range webhooks { - if names.Has(hook.Name) { - return false - } - names.Insert(hook.Name) - } - return true -} - -// validatingHasUniqueWebhookNames returns true if all webhooks have unique names -func validatingHasUniqueWebhookNames(webhooks []admissionregistration.ValidatingWebhook) bool { - names := sets.NewString() - for _, hook := range webhooks { - if names.Has(hook.Name) { - return false - } - names.Insert(hook.Name) - } - return true -} - -// mutatingHasNoSideEffects returns true if all webhooks have no side effects -func mutatingHasNoSideEffects(webhooks []admissionregistration.MutatingWebhook) bool { - for _, hook := range webhooks { - if hook.SideEffects == nil || !noSideEffectClasses.Has(string(*hook.SideEffects)) { - return false - } - } - return true -} - -// validatingHasNoSideEffects returns true if all webhooks have no side effects -func validatingHasNoSideEffects(webhooks []admissionregistration.ValidatingWebhook) bool { - for _, hook := range webhooks { - if hook.SideEffects == nil || !noSideEffectClasses.Has(string(*hook.SideEffects)) { - return false - } - } - return true -} - -// validatingWebhookAllowInvalidLabelValueInSelector returns true if all webhooksallow invalid label value in selector -func validatingWebhookHasInvalidLabelValueInSelector(webhooks []admissionregistration.ValidatingWebhook) bool { - labelSelectorValidationOpts := metav1validation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: false, - } - - for _, hook := range webhooks { - if hook.NamespaceSelector != nil { - if len(metav1validation.ValidateLabelSelector(hook.NamespaceSelector, labelSelectorValidationOpts, nil)) > 0 { - return true - } - } - if hook.ObjectSelector != nil { - if len(metav1validation.ValidateLabelSelector(hook.ObjectSelector, labelSelectorValidationOpts, nil)) > 0 { - return true - } - } - } - return false -} - -// mutatingWebhookAllowInvalidLabelValueInSelector returns true if all webhooks allow invalid label value in selector -func mutatingWebhookHasInvalidLabelValueInSelector(webhooks []admissionregistration.MutatingWebhook) bool { - labelSelectorValidationOpts := metav1validation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: false, - } - - for _, hook := range webhooks { - if hook.NamespaceSelector != nil { - if len(metav1validation.ValidateLabelSelector(hook.NamespaceSelector, labelSelectorValidationOpts, nil)) > 0 { - return true - } - } - if hook.ObjectSelector != nil { - if len(metav1validation.ValidateLabelSelector(hook.ObjectSelector, labelSelectorValidationOpts, nil)) > 0 { - return true - } - } - } - return false -} - -// ValidateValidatingWebhookConfigurationUpdate validates update of validating webhook configuration -func ValidateValidatingWebhookConfigurationUpdate(newC, oldC *admissionregistration.ValidatingWebhookConfiguration) field.ErrorList { - return validateValidatingWebhookConfiguration(newC, validationOptions{ - requireNoSideEffects: validatingHasNoSideEffects(oldC.Webhooks), - requireRecognizedAdmissionReviewVersion: validatingHasAcceptedAdmissionReviewVersions(oldC.Webhooks), - requireUniqueWebhookNames: validatingHasUniqueWebhookNames(oldC.Webhooks), - allowInvalidLabelValueInSelector: validatingWebhookHasInvalidLabelValueInSelector(oldC.Webhooks), - }) -} - -// ValidateMutatingWebhookConfigurationUpdate validates update of mutating webhook configuration -func ValidateMutatingWebhookConfigurationUpdate(newC, oldC *admissionregistration.MutatingWebhookConfiguration) field.ErrorList { - return validateMutatingWebhookConfiguration(newC, validationOptions{ - requireNoSideEffects: mutatingHasNoSideEffects(oldC.Webhooks), - requireRecognizedAdmissionReviewVersion: mutatingHasAcceptedAdmissionReviewVersions(oldC.Webhooks), - requireUniqueWebhookNames: mutatingHasUniqueWebhookNames(oldC.Webhooks), - allowInvalidLabelValueInSelector: mutatingWebhookHasInvalidLabelValueInSelector(oldC.Webhooks), - }) -} - -// ValidateValidatingAdmissionPolicy validates a ValidatingAdmissionPolicy before creation. -func ValidateValidatingAdmissionPolicy(p *admissionregistration.ValidatingAdmissionPolicy) field.ErrorList { - return validateValidatingAdmissionPolicy(p) -} - -func validateValidatingAdmissionPolicy(p *admissionregistration.ValidatingAdmissionPolicy) field.ErrorList { - allErrors := genericvalidation.ValidateObjectMeta(&p.ObjectMeta, false, genericvalidation.NameIsDNSSubdomain, field.NewPath("metadata")) - allErrors = append(allErrors, validateValidatingAdmissionPolicySpec(&p.Spec, field.NewPath("spec"))...) - return allErrors -} - -func validateValidatingAdmissionPolicySpec(spec *admissionregistration.ValidatingAdmissionPolicySpec, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - if spec.FailurePolicy == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("failurePolicy"), "")) - } else if !supportedFailurePolicies.Has(string(*spec.FailurePolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("failurePolicy"), *spec.FailurePolicy, supportedFailurePolicies.List())) - } - if spec.ParamKind != nil { - allErrors = append(allErrors, validateParamKind(*spec.ParamKind, fldPath.Child("paramKind"))...) - } - if spec.MatchConstraints == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("matchConstraints"), "")) - } else { - allErrors = append(allErrors, validateMatchResources(spec.MatchConstraints, fldPath.Child("matchConstraints"))...) - // at least one resourceRule must be defined to provide type information - if len(spec.MatchConstraints.ResourceRules) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("matchConstraints", "resourceRules"), "")) - } - } - if len(spec.Validations) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("validations"), "")) - } else { - for i, validation := range spec.Validations { - allErrors = append(allErrors, validateValidation(&validation, spec.ParamKind, fldPath.Child("validations").Index(i))...) - } - } - - return allErrors -} - -func validateParamKind(gvk admissionregistration.ParamKind, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - if len(gvk.APIVersion) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("apiVersion"), "")) - } else if gv, err := parseGroupVersion(gvk.APIVersion); err != nil { - allErrors = append(allErrors, field.Invalid(fldPath.Child("apiVersion"), gvk.APIVersion, err.Error())) - } else { - //this matches the APIService group field validation - if len(gv.Group) > 0 { - if errs := utilvalidation.IsDNS1123Subdomain(gv.Group); len(errs) > 0 { - allErrors = append(allErrors, field.Invalid(fldPath.Child("apiVersion"), gv.Group, strings.Join(errs, ","))) - } - } - //this matches the APIService version field validation - if len(gv.Version) == 0 { - allErrors = append(allErrors, field.Invalid(fldPath.Child("apiVersion"), gvk.APIVersion, "version must be specified")) - } else { - if errs := utilvalidation.IsDNS1035Label(gv.Version); len(errs) > 0 { - allErrors = append(allErrors, field.Invalid(fldPath.Child("apiVersion"), gv.Version, strings.Join(errs, ","))) - } - } - } - if len(gvk.Kind) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("kind"), "")) - } else if errs := utilvalidation.IsDNS1035Label(strings.ToLower(gvk.Kind)); len(errs) > 0 { - allErrors = append(allErrors, field.Invalid(fldPath.Child("kind"), gvk.Kind, "may have mixed case, but should otherwise match: "+strings.Join(errs, ","))) - } - - return allErrors -} - -type groupVersion struct { - Group string - Version string -} - -// parseGroupVersion turns "group/version" string into a groupVersion struct. It reports error -// if it cannot parse the string. -func parseGroupVersion(gv string) (groupVersion, error) { - if (len(gv) == 0) || (gv == "/") { - return groupVersion{}, nil - } - - switch strings.Count(gv, "/") { - case 0: - return groupVersion{"", gv}, nil - case 1: - i := strings.Index(gv, "/") - return groupVersion{gv[:i], gv[i+1:]}, nil - default: - return groupVersion{}, fmt.Errorf("unexpected GroupVersion string: %v", gv) - } -} - -func validateMatchResources(mc *admissionregistration.MatchResources, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - if mc == nil { - return allErrors - } - if mc.MatchPolicy == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("matchPolicy"), "")) - } else if !supportedMatchPolicies.Has(string(*mc.MatchPolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("matchPolicy"), *mc.MatchPolicy, supportedMatchPolicies.List())) - } - if mc.NamespaceSelector == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("namespaceSelector"), "")) - } else { - // validate selector strictly, this type was released after issue #99139 was resolved - allErrors = append(allErrors, metav1validation.ValidateLabelSelector(mc.NamespaceSelector, metav1validation.LabelSelectorValidationOptions{}, fldPath.Child("namespaceSelector"))...) - } - - if mc.ObjectSelector == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("labelSelector"), "")) - } else { - // validate selector strictly, this type was released after issue #99139 was resolved - allErrors = append(allErrors, metav1validation.ValidateLabelSelector(mc.ObjectSelector, metav1validation.LabelSelectorValidationOptions{}, fldPath.Child("labelSelector"))...) - } - - for i, namedRuleWithOperations := range mc.ResourceRules { - allErrors = append(allErrors, validateNamedRuleWithOperations(&namedRuleWithOperations, fldPath.Child("resourceRules").Index(i))...) - } - - for i, namedRuleWithOperations := range mc.ExcludeResourceRules { - allErrors = append(allErrors, validateNamedRuleWithOperations(&namedRuleWithOperations, fldPath.Child("excludeResourceRules").Index(i))...) - } - return allErrors -} - -func validateNamedRuleWithOperations(n *admissionregistration.NamedRuleWithOperations, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - resourceNames := sets.NewString() - for i, rName := range n.ResourceNames { - for _, msg := range path.ValidatePathSegmentName(rName, false) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("resourceNames").Index(i), rName, msg)) - } - if resourceNames.Has(rName) { - allErrors = append(allErrors, field.Duplicate(fldPath.Child("resourceNames").Index(i), rName)) - } else { - resourceNames.Insert(rName) - } - } - allErrors = append(allErrors, validateRuleWithOperations(&n.RuleWithOperations, fldPath)...) - return allErrors -} - -func validateValidation(v *admissionregistration.Validation, paramKind *admissionregistration.ParamKind, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - trimmedExpression := strings.TrimSpace(v.Expression) - trimmedMsg := strings.TrimSpace(v.Message) - if len(trimmedExpression) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("expression"), "expression is not specified")) - } else { - result := plugincel.CompileValidatingPolicyExpression(trimmedExpression, paramKind != nil) - if result.Error != nil { - switch result.Error.Type { - case cel.ErrorTypeRequired: - allErrors = append(allErrors, field.Required(fldPath.Child("expression"), result.Error.Detail)) - case cel.ErrorTypeInvalid: - allErrors = append(allErrors, field.Invalid(fldPath.Child("expression"), v.Expression, result.Error.Detail)) - case cel.ErrorTypeInternal: - allErrors = append(allErrors, field.InternalError(fldPath.Child("expression"), result.Error)) - default: - allErrors = append(allErrors, field.InternalError(fldPath.Child("expression"), fmt.Errorf("unsupported error type: %w", result.Error))) - } - } - } - if len(v.Message) > 0 && len(trimmedMsg) == 0 { - allErrors = append(allErrors, field.Invalid(fldPath.Child("message"), v.Message, "message must be non-empty if specified")) - } else if hasNewlines(trimmedMsg) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("message"), v.Message, "message must not contain line breaks")) - } else if hasNewlines(trimmedMsg) && trimmedMsg == "" { - allErrors = append(allErrors, field.Required(fldPath.Child("message"), "message must be specified if expression contains line breaks")) - } - if v.Reason != nil && !supportedValidationPolicyReason.Has(string(*v.Reason)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("reason"), *v.Reason, supportedValidationPolicyReason.List())) - } - return allErrors -} - -var newlineMatcher = regexp.MustCompile(`[\n\r]+`) // valid newline chars in CEL grammar -func hasNewlines(s string) bool { - return newlineMatcher.MatchString(s) -} - -// ValidateValidatingAdmissionPolicyBinding validates a ValidatingAdmissionPolicyBinding before create. -func ValidateValidatingAdmissionPolicyBinding(pb *admissionregistration.ValidatingAdmissionPolicyBinding) field.ErrorList { - return validateValidatingAdmissionPolicyBinding(pb) -} - -func validateValidatingAdmissionPolicyBinding(pb *admissionregistration.ValidatingAdmissionPolicyBinding) field.ErrorList { - allErrors := genericvalidation.ValidateObjectMeta(&pb.ObjectMeta, false, genericvalidation.NameIsDNSSubdomain, field.NewPath("metadata")) - allErrors = append(allErrors, validateValidatingAdmissionPolicyBindingSpec(&pb.Spec, field.NewPath("spec"))...) - - return allErrors -} - -func validateValidatingAdmissionPolicyBindingSpec(spec *admissionregistration.ValidatingAdmissionPolicyBindingSpec, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - - if len(spec.PolicyName) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("policyName"), "")) - } else { - for _, msg := range genericvalidation.NameIsDNSSubdomain(spec.PolicyName, false) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("policyName"), spec.PolicyName, msg)) - } - } - allErrors = append(allErrors, validateParamRef(spec.ParamRef, fldPath.Child("paramRef"))...) - allErrors = append(allErrors, validateMatchResources(spec.MatchResources, fldPath.Child("matchResouces"))...) - - return allErrors -} - -func validateParamRef(pr *admissionregistration.ParamRef, fldPath *field.Path) field.ErrorList { - var allErrors field.ErrorList - if pr == nil { - return allErrors - } - for _, msg := range path.ValidatePathSegmentName(pr.Name, false) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("name"), pr.Name, msg)) - } - return allErrors -} - -// ValidateValidatingAdmissionPolicyUpdate validates update of validating admission policy -func ValidateValidatingAdmissionPolicyUpdate(newC, oldC *admissionregistration.ValidatingAdmissionPolicy) field.ErrorList { - return validateValidatingAdmissionPolicy(newC) -} - -// ValidateValidatingAdmissionPolicyBindingUpdate validates update of validating admission policy -func ValidateValidatingAdmissionPolicyBindingUpdate(newC, oldC *admissionregistration.ValidatingAdmissionPolicyBinding) field.ErrorList { - return validateValidatingAdmissionPolicyBinding(newC) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/zz_generated.deepcopy.go deleted file mode 100644 index a42c7257a1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/admissionregistration/zz_generated.deepcopy.go +++ /dev/null @@ -1,696 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package admissionregistration - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MatchResources) DeepCopyInto(out *MatchResources) { - *out = *in - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.ObjectSelector != nil { - in, out := &in.ObjectSelector, &out.ObjectSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.ResourceRules != nil { - in, out := &in.ResourceRules, &out.ResourceRules - *out = make([]NamedRuleWithOperations, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ExcludeResourceRules != nil { - in, out := &in.ExcludeResourceRules, &out.ExcludeResourceRules - *out = make([]NamedRuleWithOperations, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.MatchPolicy != nil { - in, out := &in.MatchPolicy, &out.MatchPolicy - *out = new(MatchPolicyType) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchResources. -func (in *MatchResources) DeepCopy() *MatchResources { - if in == nil { - return nil - } - out := new(MatchResources) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MutatingWebhook) DeepCopyInto(out *MutatingWebhook) { - *out = *in - in.ClientConfig.DeepCopyInto(&out.ClientConfig) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]RuleWithOperations, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.FailurePolicy != nil { - in, out := &in.FailurePolicy, &out.FailurePolicy - *out = new(FailurePolicyType) - **out = **in - } - if in.MatchPolicy != nil { - in, out := &in.MatchPolicy, &out.MatchPolicy - *out = new(MatchPolicyType) - **out = **in - } - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.ObjectSelector != nil { - in, out := &in.ObjectSelector, &out.ObjectSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.SideEffects != nil { - in, out := &in.SideEffects, &out.SideEffects - *out = new(SideEffectClass) - **out = **in - } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(int32) - **out = **in - } - if in.AdmissionReviewVersions != nil { - in, out := &in.AdmissionReviewVersions, &out.AdmissionReviewVersions - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ReinvocationPolicy != nil { - in, out := &in.ReinvocationPolicy, &out.ReinvocationPolicy - *out = new(ReinvocationPolicyType) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MutatingWebhook. -func (in *MutatingWebhook) DeepCopy() *MutatingWebhook { - if in == nil { - return nil - } - out := new(MutatingWebhook) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MutatingWebhookConfiguration) DeepCopyInto(out *MutatingWebhookConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]MutatingWebhook, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MutatingWebhookConfiguration. -func (in *MutatingWebhookConfiguration) DeepCopy() *MutatingWebhookConfiguration { - if in == nil { - return nil - } - out := new(MutatingWebhookConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *MutatingWebhookConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MutatingWebhookConfigurationList) DeepCopyInto(out *MutatingWebhookConfigurationList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]MutatingWebhookConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MutatingWebhookConfigurationList. -func (in *MutatingWebhookConfigurationList) DeepCopy() *MutatingWebhookConfigurationList { - if in == nil { - return nil - } - out := new(MutatingWebhookConfigurationList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *MutatingWebhookConfigurationList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamedRuleWithOperations) DeepCopyInto(out *NamedRuleWithOperations) { - *out = *in - if in.ResourceNames != nil { - in, out := &in.ResourceNames, &out.ResourceNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - in.RuleWithOperations.DeepCopyInto(&out.RuleWithOperations) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedRuleWithOperations. -func (in *NamedRuleWithOperations) DeepCopy() *NamedRuleWithOperations { - if in == nil { - return nil - } - out := new(NamedRuleWithOperations) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ParamKind) DeepCopyInto(out *ParamKind) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParamKind. -func (in *ParamKind) DeepCopy() *ParamKind { - if in == nil { - return nil - } - out := new(ParamKind) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ParamRef) DeepCopyInto(out *ParamRef) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParamRef. -func (in *ParamRef) DeepCopy() *ParamRef { - if in == nil { - return nil - } - out := new(ParamRef) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Rule) DeepCopyInto(out *Rule) { - *out = *in - if in.APIGroups != nil { - in, out := &in.APIGroups, &out.APIGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.APIVersions != nil { - in, out := &in.APIVersions, &out.APIVersions - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Scope != nil { - in, out := &in.Scope, &out.Scope - *out = new(ScopeType) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule. -func (in *Rule) DeepCopy() *Rule { - if in == nil { - return nil - } - out := new(Rule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RuleWithOperations) DeepCopyInto(out *RuleWithOperations) { - *out = *in - if in.Operations != nil { - in, out := &in.Operations, &out.Operations - *out = make([]OperationType, len(*in)) - copy(*out, *in) - } - in.Rule.DeepCopyInto(&out.Rule) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleWithOperations. -func (in *RuleWithOperations) DeepCopy() *RuleWithOperations { - if in == nil { - return nil - } - out := new(RuleWithOperations) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceReference) DeepCopyInto(out *ServiceReference) { - *out = *in - if in.Path != nil { - in, out := &in.Path, &out.Path - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference. -func (in *ServiceReference) DeepCopy() *ServiceReference { - if in == nil { - return nil - } - out := new(ServiceReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingAdmissionPolicy) DeepCopyInto(out *ValidatingAdmissionPolicy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicy. -func (in *ValidatingAdmissionPolicy) DeepCopy() *ValidatingAdmissionPolicy { - if in == nil { - return nil - } - out := new(ValidatingAdmissionPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ValidatingAdmissionPolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingAdmissionPolicyBinding) DeepCopyInto(out *ValidatingAdmissionPolicyBinding) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBinding. -func (in *ValidatingAdmissionPolicyBinding) DeepCopy() *ValidatingAdmissionPolicyBinding { - if in == nil { - return nil - } - out := new(ValidatingAdmissionPolicyBinding) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ValidatingAdmissionPolicyBinding) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingAdmissionPolicyBindingList) DeepCopyInto(out *ValidatingAdmissionPolicyBindingList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ValidatingAdmissionPolicyBinding, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBindingList. -func (in *ValidatingAdmissionPolicyBindingList) DeepCopy() *ValidatingAdmissionPolicyBindingList { - if in == nil { - return nil - } - out := new(ValidatingAdmissionPolicyBindingList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ValidatingAdmissionPolicyBindingList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopyInto(out *ValidatingAdmissionPolicyBindingSpec) { - *out = *in - if in.ParamRef != nil { - in, out := &in.ParamRef, &out.ParamRef - *out = new(ParamRef) - **out = **in - } - if in.MatchResources != nil { - in, out := &in.MatchResources, &out.MatchResources - *out = new(MatchResources) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBindingSpec. -func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopy() *ValidatingAdmissionPolicyBindingSpec { - if in == nil { - return nil - } - out := new(ValidatingAdmissionPolicyBindingSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingAdmissionPolicyList) DeepCopyInto(out *ValidatingAdmissionPolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ValidatingAdmissionPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyList. -func (in *ValidatingAdmissionPolicyList) DeepCopy() *ValidatingAdmissionPolicyList { - if in == nil { - return nil - } - out := new(ValidatingAdmissionPolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ValidatingAdmissionPolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingAdmissionPolicySpec) DeepCopyInto(out *ValidatingAdmissionPolicySpec) { - *out = *in - if in.ParamKind != nil { - in, out := &in.ParamKind, &out.ParamKind - *out = new(ParamKind) - **out = **in - } - if in.MatchConstraints != nil { - in, out := &in.MatchConstraints, &out.MatchConstraints - *out = new(MatchResources) - (*in).DeepCopyInto(*out) - } - if in.Validations != nil { - in, out := &in.Validations, &out.Validations - *out = make([]Validation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.FailurePolicy != nil { - in, out := &in.FailurePolicy, &out.FailurePolicy - *out = new(FailurePolicyType) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicySpec. -func (in *ValidatingAdmissionPolicySpec) DeepCopy() *ValidatingAdmissionPolicySpec { - if in == nil { - return nil - } - out := new(ValidatingAdmissionPolicySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingWebhook) DeepCopyInto(out *ValidatingWebhook) { - *out = *in - in.ClientConfig.DeepCopyInto(&out.ClientConfig) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]RuleWithOperations, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.FailurePolicy != nil { - in, out := &in.FailurePolicy, &out.FailurePolicy - *out = new(FailurePolicyType) - **out = **in - } - if in.MatchPolicy != nil { - in, out := &in.MatchPolicy, &out.MatchPolicy - *out = new(MatchPolicyType) - **out = **in - } - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.ObjectSelector != nil { - in, out := &in.ObjectSelector, &out.ObjectSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.SideEffects != nil { - in, out := &in.SideEffects, &out.SideEffects - *out = new(SideEffectClass) - **out = **in - } - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(int32) - **out = **in - } - if in.AdmissionReviewVersions != nil { - in, out := &in.AdmissionReviewVersions, &out.AdmissionReviewVersions - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingWebhook. -func (in *ValidatingWebhook) DeepCopy() *ValidatingWebhook { - if in == nil { - return nil - } - out := new(ValidatingWebhook) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingWebhookConfiguration) DeepCopyInto(out *ValidatingWebhookConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Webhooks != nil { - in, out := &in.Webhooks, &out.Webhooks - *out = make([]ValidatingWebhook, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingWebhookConfiguration. -func (in *ValidatingWebhookConfiguration) DeepCopy() *ValidatingWebhookConfiguration { - if in == nil { - return nil - } - out := new(ValidatingWebhookConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ValidatingWebhookConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ValidatingWebhookConfigurationList) DeepCopyInto(out *ValidatingWebhookConfigurationList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ValidatingWebhookConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingWebhookConfigurationList. -func (in *ValidatingWebhookConfigurationList) DeepCopy() *ValidatingWebhookConfigurationList { - if in == nil { - return nil - } - out := new(ValidatingWebhookConfigurationList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ValidatingWebhookConfigurationList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Validation) DeepCopyInto(out *Validation) { - *out = *in - if in.Reason != nil { - in, out := &in.Reason, &out.Reason - *out = new(v1.StatusReason) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation. -func (in *Validation) DeepCopy() *Validation { - if in == nil { - return nil - } - out := new(Validation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig) { - *out = *in - if in.URL != nil { - in, out := &in.URL, &out.URL - *out = new(string) - **out = **in - } - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = new(ServiceReference) - (*in).DeepCopyInto(*out) - } - if in.CABundle != nil { - in, out := &in.CABundle, &out.CABundle - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig. -func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig { - if in == nil { - return nil - } - out := new(WebhookClientConfig) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/doc.go deleted file mode 100644 index f26f5175eb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=internal.apiserver.k8s.io - -// Package apiserverinternal contains the "internal" version of the API used by -// the apiservers themselves. -package apiserverinternal // import "k8s.io/kubernetes/pkg/apis/apiserverinternal" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/install/install.go deleted file mode 100644 index 9a3905644e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/install/install.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/apiserverinternal" - "k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(apiserverinternal.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/register.go deleted file mode 100644 index 1958c82422..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apiserverinternal - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "internal.apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a global function that registers this API group & version to a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &StorageVersion{}, - &StorageVersionList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/types.go deleted file mode 100644 index f1ce8a8dd4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/types.go +++ /dev/null @@ -1,125 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apiserverinternal - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// StorageVersion of a specific resource. -type StorageVersion struct { - metav1.TypeMeta - // The name is <group>.<resource>. - metav1.ObjectMeta - - // Spec is an empty spec. It is here to comply with Kubernetes API style. - Spec StorageVersionSpec - - // API server instances report the version they can decode and the version they - // encode objects to when persisting objects in the backend. - Status StorageVersionStatus -} - -// StorageVersionSpec is an empty spec. -type StorageVersionSpec struct{} - -// StorageVersionStatus API server instances report the versions they can decode and the version they -// encode objects to when persisting objects in the backend. -type StorageVersionStatus struct { - // The reported versions per API server instance. - // +optional - StorageVersions []ServerStorageVersion - // If all API server instances agree on the same encoding storage version, - // then this field is set to that version. Otherwise this field is left empty. - // API servers should finish updating its storageVersionStatus entry before - // serving write operations, so that this field will be in sync with the reality. - // +optional - CommonEncodingVersion *string - - // The latest available observations of the storageVersion's state. - // +optional - Conditions []StorageVersionCondition -} - -// ServerStorageVersion An API server instance reports the version it can decode and the version it -// encodes objects to when persisting objects in the backend. -type ServerStorageVersion struct { - // The ID of the reporting API server. - APIServerID string - - // The API server encodes the object to this version when persisting it in - // the backend (e.g., etcd). - EncodingVersion string - - // The API server can decode objects encoded in these versions. - // The encodingVersion must be included in the decodableVersions. - DecodableVersions []string -} - -// StorageVersionConditionType Indicates the storage version condition type -type StorageVersionConditionType string - -const ( - //AllEncodingVersionsEqual Indicates that encoding storage versions reported by all servers are equal. - AllEncodingVersionsEqual StorageVersionConditionType = "AllEncodingVersionsEqual" -) - -// ConditionStatus indicates status of condition from "True", "False", or "Unknown" -type ConditionStatus string - -const ( - // ConditionTrue indicates condition as "True" - ConditionTrue ConditionStatus = "True" - // ConditionFalse indicates condition as "False" - ConditionFalse ConditionStatus = "False" - // ConditionUnknown indicates condition as "Unknown" - ConditionUnknown ConditionStatus = "Unknown" -) - -// StorageVersionCondition Describes the state of the storageVersion at a certain point. -type StorageVersionCondition struct { - // Type of the condition. - // +optional - Type StorageVersionConditionType - // Status of the condition, one of True, False, Unknown. - // +required - Status ConditionStatus - // If set, this represents the .metadata.generation that the condition was set based upon. - // +optional - ObservedGeneration int64 - // Last time the condition transitioned from one status to another. - // +required - LastTransitionTime metav1.Time - // The reason for the condition's last transition. - // +required - Reason string - // A human readable message indicating details about the transition. - // +required - Message string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// StorageVersionList A list of StorageVersions. -type StorageVersionList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - Items []StorageVersion -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/doc.go deleted file mode 100644 index 8a665272f9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/doc.go +++ /dev/null @@ -1,26 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/apiserverinternal -// +k8s:conversion-gen-external-types=k8s.io/api/apiserverinternal/v1alpha1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/apiserverinternal/v1alpha1 - -// +groupName=internal.apiserver.k8s.io - -// Package v1alpha1 contains the v1alpha1 version of the API used by the -// apiservers themselves. -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/register.go deleted file mode 100644 index b63a549eab..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "internal.apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &apiserverinternalv1alpha1.SchemeBuilder - // AddToScheme adds api to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 9bb20d5a34..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,251 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - apiserverinternal "k8s.io/kubernetes/pkg/apis/apiserverinternal" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.ServerStorageVersion)(nil), (*apiserverinternal.ServerStorageVersion)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ServerStorageVersion_To_apiserverinternal_ServerStorageVersion(a.(*v1alpha1.ServerStorageVersion), b.(*apiserverinternal.ServerStorageVersion), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserverinternal.ServerStorageVersion)(nil), (*v1alpha1.ServerStorageVersion)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserverinternal_ServerStorageVersion_To_v1alpha1_ServerStorageVersion(a.(*apiserverinternal.ServerStorageVersion), b.(*v1alpha1.ServerStorageVersion), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.StorageVersion)(nil), (*apiserverinternal.StorageVersion)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_StorageVersion_To_apiserverinternal_StorageVersion(a.(*v1alpha1.StorageVersion), b.(*apiserverinternal.StorageVersion), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserverinternal.StorageVersion)(nil), (*v1alpha1.StorageVersion)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserverinternal_StorageVersion_To_v1alpha1_StorageVersion(a.(*apiserverinternal.StorageVersion), b.(*v1alpha1.StorageVersion), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.StorageVersionCondition)(nil), (*apiserverinternal.StorageVersionCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_StorageVersionCondition_To_apiserverinternal_StorageVersionCondition(a.(*v1alpha1.StorageVersionCondition), b.(*apiserverinternal.StorageVersionCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserverinternal.StorageVersionCondition)(nil), (*v1alpha1.StorageVersionCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserverinternal_StorageVersionCondition_To_v1alpha1_StorageVersionCondition(a.(*apiserverinternal.StorageVersionCondition), b.(*v1alpha1.StorageVersionCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.StorageVersionList)(nil), (*apiserverinternal.StorageVersionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_StorageVersionList_To_apiserverinternal_StorageVersionList(a.(*v1alpha1.StorageVersionList), b.(*apiserverinternal.StorageVersionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserverinternal.StorageVersionList)(nil), (*v1alpha1.StorageVersionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserverinternal_StorageVersionList_To_v1alpha1_StorageVersionList(a.(*apiserverinternal.StorageVersionList), b.(*v1alpha1.StorageVersionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.StorageVersionSpec)(nil), (*apiserverinternal.StorageVersionSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_StorageVersionSpec_To_apiserverinternal_StorageVersionSpec(a.(*v1alpha1.StorageVersionSpec), b.(*apiserverinternal.StorageVersionSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserverinternal.StorageVersionSpec)(nil), (*v1alpha1.StorageVersionSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserverinternal_StorageVersionSpec_To_v1alpha1_StorageVersionSpec(a.(*apiserverinternal.StorageVersionSpec), b.(*v1alpha1.StorageVersionSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.StorageVersionStatus)(nil), (*apiserverinternal.StorageVersionStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_StorageVersionStatus_To_apiserverinternal_StorageVersionStatus(a.(*v1alpha1.StorageVersionStatus), b.(*apiserverinternal.StorageVersionStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apiserverinternal.StorageVersionStatus)(nil), (*v1alpha1.StorageVersionStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apiserverinternal_StorageVersionStatus_To_v1alpha1_StorageVersionStatus(a.(*apiserverinternal.StorageVersionStatus), b.(*v1alpha1.StorageVersionStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_ServerStorageVersion_To_apiserverinternal_ServerStorageVersion(in *v1alpha1.ServerStorageVersion, out *apiserverinternal.ServerStorageVersion, s conversion.Scope) error { - out.APIServerID = in.APIServerID - out.EncodingVersion = in.EncodingVersion - out.DecodableVersions = *(*[]string)(unsafe.Pointer(&in.DecodableVersions)) - return nil -} - -// Convert_v1alpha1_ServerStorageVersion_To_apiserverinternal_ServerStorageVersion is an autogenerated conversion function. -func Convert_v1alpha1_ServerStorageVersion_To_apiserverinternal_ServerStorageVersion(in *v1alpha1.ServerStorageVersion, out *apiserverinternal.ServerStorageVersion, s conversion.Scope) error { - return autoConvert_v1alpha1_ServerStorageVersion_To_apiserverinternal_ServerStorageVersion(in, out, s) -} - -func autoConvert_apiserverinternal_ServerStorageVersion_To_v1alpha1_ServerStorageVersion(in *apiserverinternal.ServerStorageVersion, out *v1alpha1.ServerStorageVersion, s conversion.Scope) error { - out.APIServerID = in.APIServerID - out.EncodingVersion = in.EncodingVersion - out.DecodableVersions = *(*[]string)(unsafe.Pointer(&in.DecodableVersions)) - return nil -} - -// Convert_apiserverinternal_ServerStorageVersion_To_v1alpha1_ServerStorageVersion is an autogenerated conversion function. -func Convert_apiserverinternal_ServerStorageVersion_To_v1alpha1_ServerStorageVersion(in *apiserverinternal.ServerStorageVersion, out *v1alpha1.ServerStorageVersion, s conversion.Scope) error { - return autoConvert_apiserverinternal_ServerStorageVersion_To_v1alpha1_ServerStorageVersion(in, out, s) -} - -func autoConvert_v1alpha1_StorageVersion_To_apiserverinternal_StorageVersion(in *v1alpha1.StorageVersion, out *apiserverinternal.StorageVersion, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_StorageVersionSpec_To_apiserverinternal_StorageVersionSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_StorageVersionStatus_To_apiserverinternal_StorageVersionStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_StorageVersion_To_apiserverinternal_StorageVersion is an autogenerated conversion function. -func Convert_v1alpha1_StorageVersion_To_apiserverinternal_StorageVersion(in *v1alpha1.StorageVersion, out *apiserverinternal.StorageVersion, s conversion.Scope) error { - return autoConvert_v1alpha1_StorageVersion_To_apiserverinternal_StorageVersion(in, out, s) -} - -func autoConvert_apiserverinternal_StorageVersion_To_v1alpha1_StorageVersion(in *apiserverinternal.StorageVersion, out *v1alpha1.StorageVersion, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apiserverinternal_StorageVersionSpec_To_v1alpha1_StorageVersionSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apiserverinternal_StorageVersionStatus_To_v1alpha1_StorageVersionStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apiserverinternal_StorageVersion_To_v1alpha1_StorageVersion is an autogenerated conversion function. -func Convert_apiserverinternal_StorageVersion_To_v1alpha1_StorageVersion(in *apiserverinternal.StorageVersion, out *v1alpha1.StorageVersion, s conversion.Scope) error { - return autoConvert_apiserverinternal_StorageVersion_To_v1alpha1_StorageVersion(in, out, s) -} - -func autoConvert_v1alpha1_StorageVersionCondition_To_apiserverinternal_StorageVersionCondition(in *v1alpha1.StorageVersionCondition, out *apiserverinternal.StorageVersionCondition, s conversion.Scope) error { - out.Type = apiserverinternal.StorageVersionConditionType(in.Type) - out.Status = apiserverinternal.ConditionStatus(in.Status) - out.ObservedGeneration = in.ObservedGeneration - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1alpha1_StorageVersionCondition_To_apiserverinternal_StorageVersionCondition is an autogenerated conversion function. -func Convert_v1alpha1_StorageVersionCondition_To_apiserverinternal_StorageVersionCondition(in *v1alpha1.StorageVersionCondition, out *apiserverinternal.StorageVersionCondition, s conversion.Scope) error { - return autoConvert_v1alpha1_StorageVersionCondition_To_apiserverinternal_StorageVersionCondition(in, out, s) -} - -func autoConvert_apiserverinternal_StorageVersionCondition_To_v1alpha1_StorageVersionCondition(in *apiserverinternal.StorageVersionCondition, out *v1alpha1.StorageVersionCondition, s conversion.Scope) error { - out.Type = v1alpha1.StorageVersionConditionType(in.Type) - out.Status = v1alpha1.ConditionStatus(in.Status) - out.ObservedGeneration = in.ObservedGeneration - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apiserverinternal_StorageVersionCondition_To_v1alpha1_StorageVersionCondition is an autogenerated conversion function. -func Convert_apiserverinternal_StorageVersionCondition_To_v1alpha1_StorageVersionCondition(in *apiserverinternal.StorageVersionCondition, out *v1alpha1.StorageVersionCondition, s conversion.Scope) error { - return autoConvert_apiserverinternal_StorageVersionCondition_To_v1alpha1_StorageVersionCondition(in, out, s) -} - -func autoConvert_v1alpha1_StorageVersionList_To_apiserverinternal_StorageVersionList(in *v1alpha1.StorageVersionList, out *apiserverinternal.StorageVersionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]apiserverinternal.StorageVersion)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_StorageVersionList_To_apiserverinternal_StorageVersionList is an autogenerated conversion function. -func Convert_v1alpha1_StorageVersionList_To_apiserverinternal_StorageVersionList(in *v1alpha1.StorageVersionList, out *apiserverinternal.StorageVersionList, s conversion.Scope) error { - return autoConvert_v1alpha1_StorageVersionList_To_apiserverinternal_StorageVersionList(in, out, s) -} - -func autoConvert_apiserverinternal_StorageVersionList_To_v1alpha1_StorageVersionList(in *apiserverinternal.StorageVersionList, out *v1alpha1.StorageVersionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.StorageVersion)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_apiserverinternal_StorageVersionList_To_v1alpha1_StorageVersionList is an autogenerated conversion function. -func Convert_apiserverinternal_StorageVersionList_To_v1alpha1_StorageVersionList(in *apiserverinternal.StorageVersionList, out *v1alpha1.StorageVersionList, s conversion.Scope) error { - return autoConvert_apiserverinternal_StorageVersionList_To_v1alpha1_StorageVersionList(in, out, s) -} - -func autoConvert_v1alpha1_StorageVersionSpec_To_apiserverinternal_StorageVersionSpec(in *v1alpha1.StorageVersionSpec, out *apiserverinternal.StorageVersionSpec, s conversion.Scope) error { - return nil -} - -// Convert_v1alpha1_StorageVersionSpec_To_apiserverinternal_StorageVersionSpec is an autogenerated conversion function. -func Convert_v1alpha1_StorageVersionSpec_To_apiserverinternal_StorageVersionSpec(in *v1alpha1.StorageVersionSpec, out *apiserverinternal.StorageVersionSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_StorageVersionSpec_To_apiserverinternal_StorageVersionSpec(in, out, s) -} - -func autoConvert_apiserverinternal_StorageVersionSpec_To_v1alpha1_StorageVersionSpec(in *apiserverinternal.StorageVersionSpec, out *v1alpha1.StorageVersionSpec, s conversion.Scope) error { - return nil -} - -// Convert_apiserverinternal_StorageVersionSpec_To_v1alpha1_StorageVersionSpec is an autogenerated conversion function. -func Convert_apiserverinternal_StorageVersionSpec_To_v1alpha1_StorageVersionSpec(in *apiserverinternal.StorageVersionSpec, out *v1alpha1.StorageVersionSpec, s conversion.Scope) error { - return autoConvert_apiserverinternal_StorageVersionSpec_To_v1alpha1_StorageVersionSpec(in, out, s) -} - -func autoConvert_v1alpha1_StorageVersionStatus_To_apiserverinternal_StorageVersionStatus(in *v1alpha1.StorageVersionStatus, out *apiserverinternal.StorageVersionStatus, s conversion.Scope) error { - out.StorageVersions = *(*[]apiserverinternal.ServerStorageVersion)(unsafe.Pointer(&in.StorageVersions)) - out.CommonEncodingVersion = (*string)(unsafe.Pointer(in.CommonEncodingVersion)) - out.Conditions = *(*[]apiserverinternal.StorageVersionCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1alpha1_StorageVersionStatus_To_apiserverinternal_StorageVersionStatus is an autogenerated conversion function. -func Convert_v1alpha1_StorageVersionStatus_To_apiserverinternal_StorageVersionStatus(in *v1alpha1.StorageVersionStatus, out *apiserverinternal.StorageVersionStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_StorageVersionStatus_To_apiserverinternal_StorageVersionStatus(in, out, s) -} - -func autoConvert_apiserverinternal_StorageVersionStatus_To_v1alpha1_StorageVersionStatus(in *apiserverinternal.StorageVersionStatus, out *v1alpha1.StorageVersionStatus, s conversion.Scope) error { - out.StorageVersions = *(*[]v1alpha1.ServerStorageVersion)(unsafe.Pointer(&in.StorageVersions)) - out.CommonEncodingVersion = (*string)(unsafe.Pointer(in.CommonEncodingVersion)) - out.Conditions = *(*[]v1alpha1.StorageVersionCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_apiserverinternal_StorageVersionStatus_To_v1alpha1_StorageVersionStatus is an autogenerated conversion function. -func Convert_apiserverinternal_StorageVersionStatus_To_v1alpha1_StorageVersionStatus(in *apiserverinternal.StorageVersionStatus, out *v1alpha1.StorageVersionStatus, s conversion.Scope) error { - return autoConvert_apiserverinternal_StorageVersionStatus_To_v1alpha1_StorageVersionStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/validation/validation.go deleted file mode 100644 index 4493907d1c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/validation/validation.go +++ /dev/null @@ -1,198 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strings" - - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - utilvalidation "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/apiserverinternal" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" -) - -// ValidateStorageVersion validate the storage version object. -func ValidateStorageVersion(sv *apiserverinternal.StorageVersion) field.ErrorList { - var allErrs field.ErrorList - allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&sv.ObjectMeta, false, ValidateStorageVersionName, field.NewPath("metadata"))...) - allErrs = append(allErrs, validateStorageVersionStatus(sv.Status, field.NewPath("status"))...) - return allErrs -} - -// ValidateStorageVersionName is a ValidateNameFunc for storage version names -func ValidateStorageVersionName(name string, prefix bool) []string { - var allErrs []string - idx := strings.LastIndex(name, ".") - if idx < 0 { - allErrs = append(allErrs, "name must be in the form of <group>.<resource>") - } else { - for _, msg := range utilvalidation.IsDNS1123Subdomain(name[:idx]) { - allErrs = append(allErrs, "the group segment "+msg) - } - for _, msg := range utilvalidation.IsDNS1035Label(name[idx+1:]) { - allErrs = append(allErrs, "the resource segment "+msg) - } - } - return allErrs -} - -// ValidateStorageVersionUpdate tests if an update to a StorageVersion is valid. -func ValidateStorageVersionUpdate(sv, oldSV *apiserverinternal.StorageVersion) field.ErrorList { - // no error since StorageVersionSpec is an empty spec - return field.ErrorList{} -} - -// ValidateStorageVersionStatusUpdate tests if an update to a StorageVersionStatus is valid. -func ValidateStorageVersionStatusUpdate(sv, oldSV *apiserverinternal.StorageVersion) field.ErrorList { - var allErrs field.ErrorList - allErrs = append(allErrs, validateStorageVersionStatus(sv.Status, field.NewPath("status"))...) - return allErrs -} - -func validateStorageVersionStatus(ss apiserverinternal.StorageVersionStatus, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - for i, ssv := range ss.StorageVersions { - allErrs = append(allErrs, validateServerStorageVersion(ssv, fldPath.Child("storageVersions").Index(i))...) - } - if err := validateCommonVersion(ss, fldPath); err != nil { - allErrs = append(allErrs, err) - } - allErrs = append(allErrs, validateStorageVersionCondition(ss.Conditions, fldPath)...) - return allErrs -} - -func validateServerStorageVersion(ssv apiserverinternal.ServerStorageVersion, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range apimachineryvalidation.NameIsDNSSubdomain(ssv.APIServerID, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("apiServerID"), ssv.APIServerID, msg)) - } - if errs := isValidAPIVersion(ssv.EncodingVersion); len(errs) > 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("encodingVersion"), ssv.EncodingVersion, strings.Join(errs, ","))) - } - - found := false - for i, dv := range ssv.DecodableVersions { - if errs := isValidAPIVersion(dv); len(errs) > 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("decodableVersions").Index(i), dv, strings.Join(errs, ","))) - } - if dv == ssv.EncodingVersion { - found = true - } - } - if !found { - allErrs = append(allErrs, field.Invalid(fldPath.Child("decodableVersions"), ssv.DecodableVersions, fmt.Sprintf("decodableVersions must include encodingVersion %s", ssv.EncodingVersion))) - } - return allErrs -} - -func commonVersion(ssv []apiserverinternal.ServerStorageVersion) *string { - if len(ssv) == 0 { - return nil - } - commonVersion := ssv[0].EncodingVersion - for _, v := range ssv[1:] { - if v.EncodingVersion != commonVersion { - return nil - } - } - return &commonVersion -} - -func validateCommonVersion(svs apiserverinternal.StorageVersionStatus, fldPath *field.Path) *field.Error { - actualCommonVersion := commonVersion(svs.StorageVersions) - if actualCommonVersion == nil && svs.CommonEncodingVersion == nil { - return nil - } - if actualCommonVersion == nil && svs.CommonEncodingVersion != nil { - return field.Invalid(fldPath.Child("commonEncodingVersion"), *svs.CommonEncodingVersion, "should be nil if servers do not agree on the same encoding version, or if there is no server reporting the supported versions yet") - } - if actualCommonVersion != nil && svs.CommonEncodingVersion == nil { - return field.Invalid(fldPath.Child("commonEncodingVersion"), svs.CommonEncodingVersion, fmt.Sprintf("the common encoding version is %s", *actualCommonVersion)) - } - if actualCommonVersion != nil && svs.CommonEncodingVersion != nil && *actualCommonVersion != *svs.CommonEncodingVersion { - return field.Invalid(fldPath.Child("commonEncodingVersion"), *svs.CommonEncodingVersion, fmt.Sprintf("the actual common encoding version is %s", *actualCommonVersion)) - } - return nil -} - -func validateStorageVersionCondition(conditions []apiserverinternal.StorageVersionCondition, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // We do not verify that the condition type or the condition status is - // a predefined one because we might add more type or status later. - seenType := make(map[apiserverinternal.StorageVersionConditionType]int) - for i, condition := range conditions { - if ii, ok := seenType[condition.Type]; ok { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("type"), string(condition.Type), - fmt.Sprintf("the type of the condition is not unique, it also appears in conditions[%d]", ii))) - } - seenType[condition.Type] = i - allErrs = append(allErrs, apivalidation.ValidateQualifiedName(string(condition.Type), fldPath.Index(i).Child("type"))...) - allErrs = append(allErrs, apivalidation.ValidateQualifiedName(string(condition.Status), fldPath.Index(i).Child("status"))...) - if condition.Reason == "" { - allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("reason"), "reason cannot be empty")) - } - if condition.Message == "" { - allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("message"), "message cannot be empty")) - } - } - return allErrs -} - -const dns1035LabelFmt string = "[a-z]([-a-z0-9]*[a-z0-9])?" -const dns1035LabelErrMsg string = "a DNS-1035 label, which must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character" - -// isValidAPIVersion tests whether the value passed is a valid apiVersion. A -// valid apiVersion contains a version string that matches DNS_LABEL format, -// with an optional group/ prefix, where the group string matches DNS_SUBDOMAIN -// format. If the value is not valid, a list of error strings is returned. -// Otherwise an empty list (or nil) is returned. -func isValidAPIVersion(apiVersion string) []string { - var errs []string - parts := strings.Split(apiVersion, "/") - var version string - switch len(parts) { - case 1: - version = parts[0] - case 2: - var group string - group, version = parts[0], parts[1] - if len(group) == 0 { - errs = append(errs, "group part: "+utilvalidation.EmptyError()) - } else if msgs := utilvalidation.IsDNS1123Subdomain(group); len(msgs) != 0 { - errs = append(errs, prefixEach(msgs, "group part: ")...) - } - default: - return append(errs, "an apiVersion is "+utilvalidation.RegexError(dns1035LabelErrMsg, dns1035LabelFmt, "my-name", "abc-123")+ - " with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyVersion')") - } - - if len(version) == 0 { - errs = append(errs, "version part: "+utilvalidation.EmptyError()) - } else if msgs := utilvalidation.IsDNS1035Label(version); len(msgs) != 0 { - errs = append(errs, prefixEach(msgs, "version part: ")...) - } - return errs -} - -func prefixEach(msgs []string, prefix string) []string { - for i := range msgs { - msgs[i] = prefix + msgs[i] - } - return msgs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/zz_generated.deepcopy.go deleted file mode 100644 index 73210bb07b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apiserverinternal/zz_generated.deepcopy.go +++ /dev/null @@ -1,176 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package apiserverinternal - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServerStorageVersion) DeepCopyInto(out *ServerStorageVersion) { - *out = *in - if in.DecodableVersions != nil { - in, out := &in.DecodableVersions, &out.DecodableVersions - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerStorageVersion. -func (in *ServerStorageVersion) DeepCopy() *ServerStorageVersion { - if in == nil { - return nil - } - out := new(ServerStorageVersion) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageVersion) DeepCopyInto(out *StorageVersion) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersion. -func (in *StorageVersion) DeepCopy() *StorageVersion { - if in == nil { - return nil - } - out := new(StorageVersion) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *StorageVersion) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageVersionCondition) DeepCopyInto(out *StorageVersionCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionCondition. -func (in *StorageVersionCondition) DeepCopy() *StorageVersionCondition { - if in == nil { - return nil - } - out := new(StorageVersionCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageVersionList) DeepCopyInto(out *StorageVersionList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]StorageVersion, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionList. -func (in *StorageVersionList) DeepCopy() *StorageVersionList { - if in == nil { - return nil - } - out := new(StorageVersionList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *StorageVersionList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageVersionSpec) DeepCopyInto(out *StorageVersionSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionSpec. -func (in *StorageVersionSpec) DeepCopy() *StorageVersionSpec { - if in == nil { - return nil - } - out := new(StorageVersionSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageVersionStatus) DeepCopyInto(out *StorageVersionStatus) { - *out = *in - if in.StorageVersions != nil { - in, out := &in.StorageVersions, &out.StorageVersions - *out = make([]ServerStorageVersion, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.CommonEncodingVersion != nil { - in, out := &in.CommonEncodingVersion, &out.CommonEncodingVersion - *out = new(string) - **out = **in - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]StorageVersionCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionStatus. -func (in *StorageVersionStatus) DeepCopy() *StorageVersionStatus { - if in == nil { - return nil - } - out := new(StorageVersionStatus) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/OWNERS deleted file mode 100644 index 885cc9f3e9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-apps-api-reviewers - - sig-apps-api-approvers -labels: - - sig/apps diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/doc.go deleted file mode 100644 index 1ff549998c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package apps // import "k8s.io/kubernetes/pkg/apis/apps" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/install/install.go deleted file mode 100644 index c53860afb7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the apps API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/apps/v1" - "k8s.io/kubernetes/pkg/apis/apps/v1beta1" - "k8s.io/kubernetes/pkg/apis/apps/v1beta2" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(apps.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1beta2.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta2.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/register.go deleted file mode 100644 index 4f5f20a34d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/register.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apps - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/kubernetes/pkg/apis/autoscaling" -) - -var ( - // SchemeBuilder stores functions to add things to a scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all stored functions t oa scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -// GroupName is the group name use in this package -const GroupName = "apps" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - // TODO this will get cleaned up with the scheme types are fixed - scheme.AddKnownTypes(SchemeGroupVersion, - &DaemonSet{}, - &DaemonSetList{}, - &Deployment{}, - &DeploymentList{}, - &DeploymentRollback{}, - &autoscaling.Scale{}, - &StatefulSet{}, - &StatefulSetList{}, - &ControllerRevision{}, - &ControllerRevisionList{}, - &ReplicaSet{}, - &ReplicaSetList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/types.go deleted file mode 100644 index 624deca9b3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/types.go +++ /dev/null @@ -1,916 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apps - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// StatefulSet represents a set of pods with consistent identities. -// Identities are defined as: -// - Network: A single stable DNS and hostname. -// - Storage: As many VolumeClaims as requested. -// -// The StatefulSet guarantees that a given network identity will always -// map to the same storage identity. -type StatefulSet struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the desired identities of pods in this set. - // +optional - Spec StatefulSetSpec - - // Status is the current status of Pods in this StatefulSet. This data - // may be out of date by some window of time. - // +optional - Status StatefulSetStatus -} - -// PodManagementPolicyType defines the policy for creating pods under a stateful set. -type PodManagementPolicyType string - -const ( - // OrderedReadyPodManagement will create pods in strictly increasing order on - // scale up and strictly decreasing order on scale down, progressing only when - // the previous pod is ready or terminated. At most one pod will be changed - // at any time. - OrderedReadyPodManagement PodManagementPolicyType = "OrderedReady" - // ParallelPodManagement will create and delete pods as soon as the stateful set - // replica count is changed, and will not wait for pods to be ready or complete - // termination. - ParallelPodManagement PodManagementPolicyType = "Parallel" -) - -// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet -// controller will use to perform updates. It includes any additional parameters -// necessary to perform the update for the indicated strategy. -type StatefulSetUpdateStrategy struct { - // Type indicates the type of the StatefulSetUpdateStrategy. - Type StatefulSetUpdateStrategyType - // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. - RollingUpdate *RollingUpdateStatefulSetStrategy -} - -// StatefulSetUpdateStrategyType is a string enumeration type that enumerates -// all possible update strategies for the StatefulSet controller. -type StatefulSetUpdateStrategyType string - -const ( - // RollingUpdateStatefulSetStrategyType indicates that update will be - // applied to all Pods in the StatefulSet with respect to the StatefulSet - // ordering constraints. When a scale operation is performed with this - // strategy, new Pods will be created from the specification version indicated - // by the StatefulSet's updateRevision. - RollingUpdateStatefulSetStrategyType StatefulSetUpdateStrategyType = "RollingUpdate" - // OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version - // tracking and ordered rolling restarts are disabled. Pods are recreated - // from the StatefulSetSpec when they are manually deleted. When a scale - // operation is performed with this strategy,specification version indicated - // by the StatefulSet's currentRevision. - OnDeleteStatefulSetStrategyType StatefulSetUpdateStrategyType = "OnDelete" -) - -// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. -type RollingUpdateStatefulSetStrategy struct { - // Partition indicates the ordinal at which the StatefulSet should be partitioned - // for updates. During a rolling update, all pods from ordinal Replicas-1 to - // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - // This is helpful in being able to do a canary based deployment. The default value is 0. - Partition int32 - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding up. This can not be 0. - // Defaults to 1. This field is alpha-level and is only honored by servers that enable the - // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - // will be counted towards MaxUnavailable. - // +optional - MaxUnavailable *intstr.IntOrString -} - -// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine -// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is -// deleted or scaled down. -type PersistentVolumeClaimRetentionPolicyType string - -const ( - // RetainPersistentVolumeClaimRetentionPolicyType is the default - // PersistentVolumeClaimRetentionPolicy and specifies that - // PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates - // will not be deleted. - RetainPersistentVolumeClaimRetentionPolicyType PersistentVolumeClaimRetentionPolicyType = "Retain" - // DeletePersistentVolumeClaimRetentionPolicyType specifies that - // PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates - // will be deleted in the scenario specified in - // StatefulSetPersistentVolumeClaimPolicy. - DeletePersistentVolumeClaimRetentionPolicyType PersistentVolumeClaimRetentionPolicyType = "Delete" -) - -// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs -// created from the StatefulSet VolumeClaimTemplates. -type StatefulSetPersistentVolumeClaimRetentionPolicy struct { - // WhenDeleted specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is deleted. The default policy - // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The - // `Delete` policy causes those PVCs to be deleted. - WhenDeleted PersistentVolumeClaimRetentionPolicyType - // WhenScaled specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is scaled down. The default - // policy of `Retain` causes PVCs to not be affected by a scaledown. The - // `Delete` policy causes the associated PVCs for any excess pods above - // the replica count to be deleted. - WhenScaled PersistentVolumeClaimRetentionPolicyType -} - -// StatefulSetOrdinals describes the policy used for replica ordinal assignment -// in this StatefulSet. -type StatefulSetOrdinals struct { - // start is the number representing the first replica's index. It may be used - // to number replicas from an alternate index (eg: 1-indexed) over the default - // 0-indexed names, or to orchestrate progressive movement of replicas from - // one StatefulSet to another. - // If set, replica indices will be in the range: - // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). - // If unset, defaults to 0. Replica indices will be in the range: - // [0, .spec.replicas). - // +optional - Start int32 -} - -// A StatefulSetSpec is the specification of a StatefulSet. -type StatefulSetSpec struct { - // Replicas is the desired number of replicas of the given Template. - // These are replicas in the sense that they are instantiations of the - // same Template, but individual replicas also have a consistent identity. - // If unspecified, defaults to 1. - // TODO: Consider a rename of this field. - // +optional - Replicas int32 - - // Selector is a label query over pods that should match the replica count. - // If empty, defaulted to labels on the pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - Selector *metav1.LabelSelector - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. Each pod stamped out by the StatefulSet - // will fulfill this Template, but have a unique identity from the rest - // of the StatefulSet. Each pod will be named with the format - // <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named - // "web" with index number "3" would be named "web-3". - Template api.PodTemplateSpec - - // VolumeClaimTemplates is a list of claims that pods are allowed to reference. - // The StatefulSet controller is responsible for mapping network identities to - // claims in a way that maintains the identity of a pod. Every claim in - // this list must have at least one matching (by name) volumeMount in one - // container in the template. A claim in this list takes precedence over - // any volumes in the template, with the same name. - // TODO: Define the behavior if a claim already exists with the same name. - // +optional - VolumeClaimTemplates []api.PersistentVolumeClaim - - // ServiceName is the name of the service that governs this StatefulSet. - // This service must exist before the StatefulSet, and is responsible for - // the network identity of the set. Pods get DNS/hostnames that follow the - // pattern: pod-specific-string.serviceName.default.svc.cluster.local - // where "pod-specific-string" is managed by the StatefulSet controller. - ServiceName string - - // PodManagementPolicy controls how pods are created during initial scale up, - // when replacing pods on nodes, or when scaling down. The default policy is - // `OrderedReady`, where pods are created in increasing order (pod-0, then - // pod-1, etc) and the controller will wait until each pod is ready before - // continuing. When scaling down, the pods are removed in the opposite order. - // The alternative policy is `Parallel` which will create pods in parallel - // to match the desired scale without waiting, and on scale down will delete - // all pods at once. - // +optional - PodManagementPolicy PodManagementPolicyType - - // updateStrategy indicates the StatefulSetUpdateStrategy that will be - // employed to update Pods in the StatefulSet when a revision is made to - // Template. - UpdateStrategy StatefulSetUpdateStrategy - - // revisionHistoryLimit is the maximum number of revisions that will - // be maintained in the StatefulSet's revision history. The revision history - // consists of all revisions not represented by a currently applied - // StatefulSetSpec version. The default value is 10. - RevisionHistoryLimit *int32 - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - MinReadySeconds int32 - - // PersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from - // the StatefulSet VolumeClaimTemplates. This requires the - // StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha. - // +optional - PersistentVolumeClaimRetentionPolicy *StatefulSetPersistentVolumeClaimRetentionPolicy - - // ordinals controls the numbering of replica indices in a StatefulSet. The - // default ordinals behavior assigns a "0" index to the first replica and - // increments the index by one for each additional replica requested. Using - // the ordinals field requires the StatefulSetStartOrdinal feature gate to be - // enabled, which is alpha. - // +optional - Ordinals *StatefulSetOrdinals -} - -// StatefulSetStatus represents the current state of a StatefulSet. -type StatefulSetStatus struct { - // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the - // StatefulSet's generation, which is updated on mutation by the API Server. - // +optional - ObservedGeneration *int64 - - // replicas is the number of Pods created by the StatefulSet controller. - Replicas int32 - - // readyReplicas is the number of Pods created by the StatefulSet controller that have a Ready Condition. - ReadyReplicas int32 - - // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by currentRevision. - CurrentReplicas int32 - - // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by updateRevision. - UpdatedReplicas int32 - - // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the - // sequence [0,currentReplicas). - CurrentRevision string - - // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence - // [replicas-updatedReplicas,replicas) - UpdateRevision string - - // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller - // uses this field as a collision avoidance mechanism when it needs to create the name for the - // newest ControllerRevision. - // +optional - CollisionCount *int32 - - // Represents the latest available observations of a statefulset's current state. - Conditions []StatefulSetCondition - - // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. - // +optional - AvailableReplicas int32 -} - -// StatefulSetConditionType describes the condition types of StatefulSets. -type StatefulSetConditionType string - -// TODO: Add valid condition types for Statefulsets. - -// StatefulSetCondition describes the state of a statefulset at a certain point. -type StatefulSetCondition struct { - // Type of statefulset condition. - Type StatefulSetConditionType - // Status of the condition, one of True, False, Unknown. - Status api.ConditionStatus - // The last time this condition was updated. - LastTransitionTime metav1.Time - // The reason for the condition's last transition. - Reason string - // A human readable message indicating details about the transition. - Message string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// StatefulSetList is a collection of StatefulSets. -type StatefulSetList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - Items []StatefulSet -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ControllerRevision implements an immutable snapshot of state data. Clients -// are responsible for serializing and deserializing the objects that contain -// their internal state. -// Once a ControllerRevision has been successfully created, it can not be updated. -// The API Server will fail validation of all requests that attempt to mutate -// the Data field. ControllerRevisions may, however, be deleted. -type ControllerRevision struct { - metav1.TypeMeta - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Data is the Object representing the state. - Data runtime.Object - - // Revision indicates the revision of the state represented by Data. - Revision int64 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ControllerRevisionList is a resource containing a list of ControllerRevision objects. -type ControllerRevisionList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // Items is the list of ControllerRevision objects. - Items []ControllerRevision -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Deployment provides declarative updates for Pods and ReplicaSets. -type Deployment struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior of the Deployment. - // +optional - Spec DeploymentSpec - - // Most recently observed status of the Deployment. - // +optional - Status DeploymentStatus -} - -// DeploymentSpec specifies the state of a Deployment. -type DeploymentSpec struct { - // Number of desired pods. - Replicas int32 - - // Label selector for pods. Existing ReplicaSets whose pods are - // selected by this will be the ones affected by this deployment. - // +optional - Selector *metav1.LabelSelector - - // Template describes the pods that will be created. - Template api.PodTemplateSpec - - // The deployment strategy to use to replace existing pods with new ones. - // +optional - Strategy DeploymentStrategy - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - MinReadySeconds int32 - - // The number of old ReplicaSets to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // This is set to the max value of int32 (i.e. 2147483647) by default, which means - // "retaining all old ReplicaSets". - // +optional - RevisionHistoryLimit *int32 - - // Indicates that the deployment is paused and will not be processed by the - // deployment controller. - // +optional - Paused bool - - // DEPRECATED. - // The config this deployment is rolling back to. Will be cleared after rollback is done. - // +optional - RollbackTo *RollbackConfig - - // The maximum time in seconds for a deployment to make progress before it - // is considered to be failed. The deployment controller will continue to - // process failed deployments and a condition with a ProgressDeadlineExceeded - // reason will be surfaced in the deployment status. Note that progress will - // not be estimated during the time a deployment is paused. This is set to - // the max value of int32 (i.e. 2147483647) by default, which means "no deadline". - // +optional - ProgressDeadlineSeconds *int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// DeploymentRollback stores the information required to rollback a deployment. -// DEPRECATED. -type DeploymentRollback struct { - metav1.TypeMeta - // Required: This must match the Name of a deployment. - Name string - // The annotations to be updated to a deployment - // +optional - UpdatedAnnotations map[string]string - // The config of this deployment rollback. - RollbackTo RollbackConfig -} - -// RollbackConfig specifies the state of a revision to roll back to. -// DEPRECATED. -type RollbackConfig struct { - // The revision to rollback to. If set to 0, rollback to the last revision. - // +optional - Revision int64 -} - -const ( - // DefaultDeploymentUniqueLabelKey is the default key of the selector that is added - // to existing RCs (and label key that is added to its pods) to prevent the existing RCs - // to select new pods (and old pods being select by new RC). - DefaultDeploymentUniqueLabelKey string = "pod-template-hash" -) - -// DeploymentStrategy stores information about the strategy and rolling-update -// behavior of a deployment. -type DeploymentStrategy struct { - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - Type DeploymentStrategyType - - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. - // +optional - RollingUpdate *RollingUpdateDeployment -} - -// DeploymentStrategyType defines strategies with a deployment. -type DeploymentStrategyType string - -const ( - // RecreateDeploymentStrategyType - kill all existing pods before creating new ones. - RecreateDeploymentStrategyType DeploymentStrategyType = "Recreate" - - // RollingUpdateDeploymentStrategyType - Replace the old RCs by new one using rolling update i.e gradually scale down the old RCs and scale up the new one. - RollingUpdateDeploymentStrategyType DeploymentStrategyType = "RollingUpdate" -) - -// RollingUpdateDeployment is the spec to control the desired behavior of rolling update. -type RollingUpdateDeployment struct { - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). - // Absolute number is calculated from percentage by rounding down. - // This can not be 0 if MaxSurge is 0. - // By default, a fixed value of 1 is used. - // Example: when this is set to 30%, the old RC can be scaled down by 30% - // immediately when the rolling update starts. Once new pods are ready, old RC - // can be scaled down further, followed by scaling up the new RC, ensuring - // that at least 70% of original number of pods are available at all times - // during the update. - // +optional - MaxUnavailable intstr.IntOrString - - // The maximum number of pods that can be scheduled above the original number of - // pods. - // Value can be an absolute number (ex: 5) or a percentage of total pods at - // the start of the update (ex: 10%). This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up. - // By default, a value of 1 is used. - // Example: when this is set to 30%, the new RC can be scaled up by 30% - // immediately when the rolling update starts. Once old pods have been killed, - // new RC can be scaled up further, ensuring that total number of pods running - // at any time during the update is at most 130% of original pods. - // +optional - MaxSurge intstr.IntOrString -} - -// DeploymentStatus holds information about the observed status of a deployment. -type DeploymentStatus struct { - // The generation observed by the deployment controller. - // +optional - ObservedGeneration int64 - - // Total number of non-terminated pods targeted by this deployment (their labels match the selector). - // +optional - Replicas int32 - - // Total number of non-terminated pods targeted by this deployment that have the desired template spec. - // +optional - UpdatedReplicas int32 - - // Total number of ready pods targeted by this deployment. - // +optional - ReadyReplicas int32 - - // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. - // +optional - AvailableReplicas int32 - - // Total number of unavailable pods targeted by this deployment. This is the total number of - // pods that are still required for the deployment to have 100% available capacity. They may - // either be pods that are running but not yet available or pods that still have not been created. - // +optional - UnavailableReplicas int32 - - // Represents the latest available observations of a deployment's current state. - Conditions []DeploymentCondition - - // Count of hash collisions for the Deployment. The Deployment controller uses this - // field as a collision avoidance mechanism when it needs to create the name for the - // newest ReplicaSet. - // +optional - CollisionCount *int32 -} - -// DeploymentConditionType defines conditions of a deployment. -type DeploymentConditionType string - -// These are valid conditions of a deployment. -const ( - // Available means the deployment is available, ie. at least the minimum available - // replicas required are up and running for at least minReadySeconds. - DeploymentAvailable DeploymentConditionType = "Available" - // Progressing means the deployment is progressing. Progress for a deployment is - // considered when a new replica set is created or adopted, and when new pods scale - // up or old pods scale down. Progress is not estimated for paused deployments or - // when progressDeadlineSeconds is not specified. - DeploymentProgressing DeploymentConditionType = "Progressing" - // ReplicaFailure is added in a deployment when one of its pods fails to be created - // or deleted. - DeploymentReplicaFailure DeploymentConditionType = "ReplicaFailure" -) - -// DeploymentCondition describes the state of a deployment at a certain point. -type DeploymentCondition struct { - // Type of deployment condition. - Type DeploymentConditionType - // Status of the condition, one of True, False, Unknown. - Status api.ConditionStatus - // The last time this condition was updated. - LastUpdateTime metav1.Time - // Last time the condition transitioned from one status to another. - LastTransitionTime metav1.Time - // The reason for the condition's last transition. - Reason string - // A human readable message indicating details about the transition. - Message string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// DeploymentList defines multiple deployments. -type DeploymentList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // Items is the list of deployments. - Items []Deployment -} - -// DaemonSetUpdateStrategy defines a strategy to update a daemon set. -type DaemonSetUpdateStrategy struct { - // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". - // +optional - Type DaemonSetUpdateStrategyType - - // Rolling update config params. Present only if type = "RollingUpdate". - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. Same as Deployment `strategy.rollingUpdate`. - // See https://github.com/kubernetes/kubernetes/issues/35345 - // +optional - RollingUpdate *RollingUpdateDaemonSet -} - -// DaemonSetUpdateStrategyType is a strategy according to which a daemon set -// gets updated. -type DaemonSetUpdateStrategyType string - -const ( - // RollingUpdateDaemonSetStrategyType - Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. - RollingUpdateDaemonSetStrategyType DaemonSetUpdateStrategyType = "RollingUpdate" - - // OnDeleteDaemonSetStrategyType - Replace the old daemons only when it's killed - OnDeleteDaemonSetStrategyType DaemonSetUpdateStrategyType = "OnDelete" -) - -// RollingUpdateDaemonSet is the spec to control the desired behavior of daemon set rolling update. -type RollingUpdateDaemonSet struct { - // The maximum number of DaemonSet pods that can be unavailable during the - // update. Value can be an absolute number (ex: 5) or a percentage of total - // number of DaemonSet pods at the start of the update (ex: 10%). Absolute - // number is calculated from percentage by rounding up. - // This cannot be 0 if MaxSurge is 0 - // Default value is 1. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their pods stopped for an update at any given time. The update - // starts by stopping at most 30% of those DaemonSet pods and then brings - // up new DaemonSet pods in their place. Once the new pods are available, - // it then proceeds onto other DaemonSet pods, thus ensuring that at least - // 70% of original number of DaemonSet pods are available at all times during - // the update. - // +optional - MaxUnavailable intstr.IntOrString - - // The maximum number of nodes with an existing available DaemonSet pod that - // can have an updated DaemonSet pod during during an update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up to a minimum of 1. - // Default value is 0. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their a new pod created before the old pod is marked as deleted. - // The update starts by launching new pods on 30% of nodes. Once an updated - // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - // on that node is marked deleted. If the old pod becomes unavailable for any - // reason (Ready transitions to false, is evicted, or is drained) an updated - // pod is immediately created on that node without considering surge limits. - // Allowing surge implies the possibility that the resources consumed by the - // daemonset on any given node can double if the readiness check fails, and - // so resource intensive daemonsets should take into account that they may - // cause evictions during disruption. - // +optional - MaxSurge intstr.IntOrString -} - -// DaemonSetSpec is the specification of a daemon set. -type DaemonSetSpec struct { - // A label query over pods that are managed by the daemon set. - // Must match in order to be controlled. - // If empty, defaulted to labels on Pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - Selector *metav1.LabelSelector - - // An object that describes the pod that will be created. - // The DaemonSet will create exactly one copy of this pod on every node - // that matches the template's node selector (or on every node if no node - // selector is specified). - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - Template api.PodTemplateSpec - - // An update strategy to replace existing DaemonSet pods with new pods. - // +optional - UpdateStrategy DaemonSetUpdateStrategy - - // The minimum number of seconds for which a newly created DaemonSet pod should - // be ready without any of its container crashing, for it to be considered - // available. Defaults to 0 (pod will be considered available as soon as it - // is ready). - // +optional - MinReadySeconds int32 - - // DEPRECATED. - // A sequence number representing a specific generation of the template. - // Populated by the system. It can be set only during the creation. - // +optional - TemplateGeneration int64 - - // The number of old history to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - RevisionHistoryLimit *int32 -} - -// DaemonSetStatus represents the current status of a daemon set. -type DaemonSetStatus struct { - // The number of nodes that are running at least 1 - // daemon pod and are supposed to run the daemon pod. - CurrentNumberScheduled int32 - - // The number of nodes that are running the daemon pod, but are - // not supposed to run the daemon pod. - NumberMisscheduled int32 - - // The total number of nodes that should be running the daemon - // pod (including nodes correctly running the daemon pod). - DesiredNumberScheduled int32 - - // The number of nodes that should be running the daemon pod and have one - // or more of the daemon pod running and ready. - NumberReady int32 - - // The most recent generation observed by the daemon set controller. - // +optional - ObservedGeneration int64 - - // The total number of nodes that are running updated daemon pod - // +optional - UpdatedNumberScheduled int32 - - // The number of nodes that should be running the - // daemon pod and have one or more of the daemon pod running and - // available (ready for at least spec.minReadySeconds) - // +optional - NumberAvailable int32 - - // The number of nodes that should be running the - // daemon pod and have none of the daemon pod running and available - // (ready for at least spec.minReadySeconds) - // +optional - NumberUnavailable int32 - - // Count of hash collisions for the DaemonSet. The DaemonSet controller - // uses this field as a collision avoidance mechanism when it needs to - // create the name for the newest ControllerRevision. - // +optional - CollisionCount *int32 - - // Represents the latest available observations of a DaemonSet's current state. - Conditions []DaemonSetCondition -} - -// DaemonSetConditionType defines a daemon set condition. -type DaemonSetConditionType string - -// TODO: Add valid condition types of a DaemonSet. - -// DaemonSetCondition describes the state of a DaemonSet at a certain point. -type DaemonSetCondition struct { - // Type of DaemonSet condition. - Type DaemonSetConditionType - // Status of the condition, one of True, False, Unknown. - Status api.ConditionStatus - // Last time the condition transitioned from one status to another. - LastTransitionTime metav1.Time - // The reason for the condition's last transition. - Reason string - // A human readable message indicating details about the transition. - Message string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// DaemonSet represents the configuration of a daemon set. -type DaemonSet struct { - metav1.TypeMeta - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // The desired behavior of this daemon set. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec DaemonSetSpec - - // The current status of this daemon set. This data may be - // out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Status DaemonSetStatus -} - -const ( - // DaemonSetTemplateGenerationKey is the key of the labels that is added - // to daemon set pods to distinguish between old and new pod templates - // during DaemonSet template update. - // DEPRECATED: DefaultDaemonSetUniqueLabelKey is used instead. - DaemonSetTemplateGenerationKey string = "pod-template-generation" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// DaemonSetList is a collection of daemon sets. -type DaemonSetList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // A list of daemon sets. - Items []DaemonSet -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ReplicaSet ensures that a specified number of pod replicas are running at any given time. -type ReplicaSet struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the desired behavior of this ReplicaSet. - // +optional - Spec ReplicaSetSpec - - // Status is the current status of this ReplicaSet. This data may be - // out of date by some window of time. - // +optional - Status ReplicaSetStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ReplicaSetList is a collection of ReplicaSets. -type ReplicaSetList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []ReplicaSet -} - -// ReplicaSetSpec is the specification of a ReplicaSet. -// As the internal representation of a ReplicaSet, it must have -// a Template set. -type ReplicaSetSpec struct { - // Replicas is the number of desired replicas. - Replicas int32 - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - MinReadySeconds int32 - - // Selector is a label query over pods that should match the replica count. - // Must match in order to be controlled. - // If empty, defaulted to labels on pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - Selector *metav1.LabelSelector - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. - // +optional - Template api.PodTemplateSpec -} - -// ReplicaSetStatus represents the current status of a ReplicaSet. -type ReplicaSetStatus struct { - // Replicas is the number of actual replicas. - Replicas int32 - - // The number of pods that have labels matching the labels of the pod template of the replicaset. - // +optional - FullyLabeledReplicas int32 - - // The number of ready replicas for this replica set. - // +optional - ReadyReplicas int32 - - // The number of available replicas (ready for at least minReadySeconds) for this replica set. - // +optional - AvailableReplicas int32 - - // ObservedGeneration is the most recent generation observed by the controller. - // +optional - ObservedGeneration int64 - - // Represents the latest available observations of a replica set's current state. - // +optional - Conditions []ReplicaSetCondition -} - -// ReplicaSetConditionType is a condition of a replica set. -type ReplicaSetConditionType string - -// These are valid conditions of a replica set. -const ( - // ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created - // due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted - // due to kubelet being down or finalizers are failing. - ReplicaSetReplicaFailure ReplicaSetConditionType = "ReplicaFailure" -) - -// ReplicaSetCondition describes the state of a replica set at a certain point. -type ReplicaSetCondition struct { - // Type of replica set condition. - Type ReplicaSetConditionType - // Status of the condition, one of True, False, Unknown. - Status api.ConditionStatus - // The last time the condition transitioned from one status to another. - // +optional - LastTransitionTime metav1.Time - // The reason for the condition's last transition. - // +optional - Reason string - // A human readable message indicating details about the transition. - // +optional - Message string -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/conversion.go deleted file mode 100644 index 8f7da272c4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/conversion.go +++ /dev/null @@ -1,166 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - "strconv" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/core" -) - -// Convert_apps_DeploymentSpec_To_v1_DeploymentSpec is defined here, because public -// conversion is not auto-generated due to existing warnings. -func Convert_apps_DeploymentSpec_To_v1_DeploymentSpec(in *apps.DeploymentSpec, out *appsv1.DeploymentSpec, s conversion.Scope) error { - if err := autoConvert_apps_DeploymentSpec_To_v1_DeploymentSpec(in, out, s); err != nil { - return err - } - return nil -} - -func Convert_v1_Deployment_To_apps_Deployment(in *appsv1.Deployment, out *apps.Deployment, s conversion.Scope) error { - if err := autoConvert_v1_Deployment_To_apps_Deployment(in, out, s); err != nil { - return err - } - - // Copy annotation to deprecated rollbackTo field for roundtrip - // TODO: remove this conversion after we delete extensions/v1beta1 and apps/v1beta1 Deployment - if revision := in.Annotations[appsv1.DeprecatedRollbackTo]; revision != "" { - if revision64, err := strconv.ParseInt(revision, 10, 64); err != nil { - return fmt.Errorf("failed to parse annotation[%s]=%s as int64: %v", appsv1.DeprecatedRollbackTo, revision, err) - } else { - out.Spec.RollbackTo = new(apps.RollbackConfig) - out.Spec.RollbackTo.Revision = revision64 - } - out.Annotations = deepCopyStringMap(out.Annotations) - delete(out.Annotations, appsv1.DeprecatedRollbackTo) - } else { - out.Spec.RollbackTo = nil - } - - return nil -} - -func Convert_apps_Deployment_To_v1_Deployment(in *apps.Deployment, out *appsv1.Deployment, s conversion.Scope) error { - if err := autoConvert_apps_Deployment_To_v1_Deployment(in, out, s); err != nil { - return err - } - - out.Annotations = deepCopyStringMap(out.Annotations) // deep copy because we modify it below - - // Copy deprecated rollbackTo field to annotation for roundtrip - // TODO: remove this conversion after we delete extensions/v1beta1 and apps/v1beta1 Deployment - if in.Spec.RollbackTo != nil { - if out.Annotations == nil { - out.Annotations = make(map[string]string) - } - out.Annotations[appsv1.DeprecatedRollbackTo] = strconv.FormatInt(in.Spec.RollbackTo.Revision, 10) - } else { - delete(out.Annotations, appsv1.DeprecatedRollbackTo) - } - - return nil -} - -func Convert_apps_DaemonSet_To_v1_DaemonSet(in *apps.DaemonSet, out *appsv1.DaemonSet, s conversion.Scope) error { - if err := autoConvert_apps_DaemonSet_To_v1_DaemonSet(in, out, s); err != nil { - return err - } - - out.Annotations = deepCopyStringMap(out.Annotations) // deep copy annotations because we change them below - out.Annotations[appsv1.DeprecatedTemplateGeneration] = strconv.FormatInt(in.Spec.TemplateGeneration, 10) - return nil -} - -// Convert_apps_DaemonSetSpec_To_v1_DaemonSetSpec is defined here, because public -// conversion is not auto-generated due to existing warnings. -func Convert_apps_DaemonSetSpec_To_v1_DaemonSetSpec(in *apps.DaemonSetSpec, out *appsv1.DaemonSetSpec, s conversion.Scope) error { - if err := autoConvert_apps_DaemonSetSpec_To_v1_DaemonSetSpec(in, out, s); err != nil { - return err - } - return nil -} - -func Convert_v1_DaemonSet_To_apps_DaemonSet(in *appsv1.DaemonSet, out *apps.DaemonSet, s conversion.Scope) error { - if err := autoConvert_v1_DaemonSet_To_apps_DaemonSet(in, out, s); err != nil { - return err - } - if value, ok := in.Annotations[appsv1.DeprecatedTemplateGeneration]; ok { - if value64, err := strconv.ParseInt(value, 10, 64); err != nil { - return err - } else { - out.Spec.TemplateGeneration = value64 - out.Annotations = deepCopyStringMap(out.Annotations) - delete(out.Annotations, appsv1.DeprecatedTemplateGeneration) - } - } - return nil -} - -func deepCopyStringMap(m map[string]string) map[string]string { - ret := make(map[string]string, len(m)) - for k, v := range m { - ret[k] = v - } - return ret -} - -// Convert_apps_StatefulSetSpec_To_v1_StatefulSetSpec augments auto-conversion to preserve < 1.17 behavior -// setting apiVersion/kind in nested persistent volume claim objects. -func Convert_v1_StatefulSetSpec_To_apps_StatefulSetSpec(in *appsv1.StatefulSetSpec, out *apps.StatefulSetSpec, s conversion.Scope) error { - if err := autoConvert_v1_StatefulSetSpec_To_apps_StatefulSetSpec(in, out, s); err != nil { - return err - } - // set APIVersion/Kind to behave the same as reflective conversion < 1.17. - // see https://issue.k8s.io/87583 - if out.VolumeClaimTemplates != nil { - // copy so we don't modify the input - templatesCopy := make([]core.PersistentVolumeClaim, len(out.VolumeClaimTemplates)) - copy(templatesCopy, out.VolumeClaimTemplates) - out.VolumeClaimTemplates = templatesCopy - for i := range out.VolumeClaimTemplates { - out.VolumeClaimTemplates[i].APIVersion = "" - out.VolumeClaimTemplates[i].Kind = "" - } - } - return nil -} - -// Convert_apps_StatefulSetSpec_To_v1_StatefulSetSpec augments auto-conversion to preserve < 1.17 behavior -// setting apiVersion/kind in nested persistent volume claim objects. -func Convert_apps_StatefulSetSpec_To_v1_StatefulSetSpec(in *apps.StatefulSetSpec, out *appsv1.StatefulSetSpec, s conversion.Scope) error { - if err := autoConvert_apps_StatefulSetSpec_To_v1_StatefulSetSpec(in, out, s); err != nil { - return err - } - // set APIVersion/Kind to behave the same as reflective conversion < 1.17. - // see https://issue.k8s.io/87583 - if out.VolumeClaimTemplates != nil { - // copy so we don't modify the input - templatesCopy := make([]corev1.PersistentVolumeClaim, len(out.VolumeClaimTemplates)) - copy(templatesCopy, out.VolumeClaimTemplates) - out.VolumeClaimTemplates = templatesCopy - for i := range out.VolumeClaimTemplates { - out.VolumeClaimTemplates[i].APIVersion = "v1" - out.VolumeClaimTemplates[i].Kind = "PersistentVolumeClaim" - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/defaults.go deleted file mode 100644 index a259bcf8c5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/defaults.go +++ /dev/null @@ -1,156 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - appsv1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/features" - "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_Deployment sets additional defaults compared to its counterpart -// in extensions. These addons are: -// - MaxUnavailable during rolling update set to 25% (1 in extensions) -// - MaxSurge value during rolling update set to 25% (1 in extensions) -// - RevisionHistoryLimit set to 10 (not set in extensions) -// - ProgressDeadlineSeconds set to 600s (not set in extensions) -func SetDefaults_Deployment(obj *appsv1.Deployment) { - // Set DeploymentSpec.Replicas to 1 if it is not set. - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } - strategy := &obj.Spec.Strategy - // Set default DeploymentStrategyType as RollingUpdate. - if strategy.Type == "" { - strategy.Type = appsv1.RollingUpdateDeploymentStrategyType - } - if strategy.Type == appsv1.RollingUpdateDeploymentStrategyType { - if strategy.RollingUpdate == nil { - rollingUpdate := appsv1.RollingUpdateDeployment{} - strategy.RollingUpdate = &rollingUpdate - } - if strategy.RollingUpdate.MaxUnavailable == nil { - // Set default MaxUnavailable as 25% by default. - maxUnavailable := intstr.FromString("25%") - strategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - if strategy.RollingUpdate.MaxSurge == nil { - // Set default MaxSurge as 25% by default. - maxSurge := intstr.FromString("25%") - strategy.RollingUpdate.MaxSurge = &maxSurge - } - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } - if obj.Spec.ProgressDeadlineSeconds == nil { - obj.Spec.ProgressDeadlineSeconds = new(int32) - *obj.Spec.ProgressDeadlineSeconds = 600 - } -} - -func SetDefaults_DaemonSet(obj *appsv1.DaemonSet) { - updateStrategy := &obj.Spec.UpdateStrategy - if updateStrategy.Type == "" { - updateStrategy.Type = appsv1.RollingUpdateDaemonSetStrategyType - } - if updateStrategy.Type == appsv1.RollingUpdateDaemonSetStrategyType { - if updateStrategy.RollingUpdate == nil { - rollingUpdate := appsv1.RollingUpdateDaemonSet{} - updateStrategy.RollingUpdate = &rollingUpdate - } - if updateStrategy.RollingUpdate.MaxUnavailable == nil { - // Set default MaxUnavailable as 1 by default. - maxUnavailable := intstr.FromInt(1) - updateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - if updateStrategy.RollingUpdate.MaxSurge == nil { - // Set default MaxSurge as 0 by default. - maxSurge := intstr.FromInt(0) - updateStrategy.RollingUpdate.MaxSurge = &maxSurge - } - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } -} - -func SetDefaults_StatefulSet(obj *appsv1.StatefulSet) { - if len(obj.Spec.PodManagementPolicy) == 0 { - obj.Spec.PodManagementPolicy = appsv1.OrderedReadyPodManagement - } - - if obj.Spec.UpdateStrategy.Type == "" { - obj.Spec.UpdateStrategy.Type = appsv1.RollingUpdateStatefulSetStrategyType - - if obj.Spec.UpdateStrategy.RollingUpdate == nil { - // UpdateStrategy.RollingUpdate will take default values below. - obj.Spec.UpdateStrategy.RollingUpdate = &appsv1.RollingUpdateStatefulSetStrategy{} - } - } - - if obj.Spec.UpdateStrategy.Type == appsv1.RollingUpdateStatefulSetStrategyType && - obj.Spec.UpdateStrategy.RollingUpdate != nil { - - if obj.Spec.UpdateStrategy.RollingUpdate.Partition == nil { - obj.Spec.UpdateStrategy.RollingUpdate.Partition = pointer.Int32(0) - } - if utilfeature.DefaultFeatureGate.Enabled(features.MaxUnavailableStatefulSet) { - if obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable == nil { - maxUnavailable := intstr.FromInt(1) - obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - } - } - - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoDeletePVC) { - if obj.Spec.PersistentVolumeClaimRetentionPolicy == nil { - obj.Spec.PersistentVolumeClaimRetentionPolicy = &appsv1.StatefulSetPersistentVolumeClaimRetentionPolicy{} - } - if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted) == 0 { - obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted = appsv1.RetainPersistentVolumeClaimRetentionPolicyType - } - if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled) == 0 { - obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled = appsv1.RetainPersistentVolumeClaimRetentionPolicyType - } - } - - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } -} -func SetDefaults_ReplicaSet(obj *appsv1.ReplicaSet) { - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/doc.go deleted file mode 100644 index 90409248fd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/apps -// +k8s:conversion-gen-external-types=k8s.io/api/apps/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/apps/v1 - -package v1 // import "k8s.io/kubernetes/pkg/apis/apps/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/register.go deleted file mode 100644 index 038d9b3566..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - appsv1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "apps" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &appsv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/zz_generated.conversion.go deleted file mode 100644 index 7783bd2611..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/zz_generated.conversion.go +++ /dev/null @@ -1,1342 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - apps "k8s.io/kubernetes/pkg/apis/apps" - core "k8s.io/kubernetes/pkg/apis/core" - apiscorev1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.ControllerRevision)(nil), (*apps.ControllerRevision)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ControllerRevision_To_apps_ControllerRevision(a.(*v1.ControllerRevision), b.(*apps.ControllerRevision), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ControllerRevision)(nil), (*v1.ControllerRevision)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ControllerRevision_To_v1_ControllerRevision(a.(*apps.ControllerRevision), b.(*v1.ControllerRevision), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ControllerRevisionList)(nil), (*apps.ControllerRevisionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ControllerRevisionList_To_apps_ControllerRevisionList(a.(*v1.ControllerRevisionList), b.(*apps.ControllerRevisionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ControllerRevisionList)(nil), (*v1.ControllerRevisionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ControllerRevisionList_To_v1_ControllerRevisionList(a.(*apps.ControllerRevisionList), b.(*v1.ControllerRevisionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DaemonSetCondition)(nil), (*apps.DaemonSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DaemonSetCondition_To_apps_DaemonSetCondition(a.(*v1.DaemonSetCondition), b.(*apps.DaemonSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetCondition)(nil), (*v1.DaemonSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetCondition_To_v1_DaemonSetCondition(a.(*apps.DaemonSetCondition), b.(*v1.DaemonSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DaemonSetList)(nil), (*apps.DaemonSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DaemonSetList_To_apps_DaemonSetList(a.(*v1.DaemonSetList), b.(*apps.DaemonSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetList)(nil), (*v1.DaemonSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetList_To_v1_DaemonSetList(a.(*apps.DaemonSetList), b.(*v1.DaemonSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DaemonSetSpec)(nil), (*apps.DaemonSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DaemonSetSpec_To_apps_DaemonSetSpec(a.(*v1.DaemonSetSpec), b.(*apps.DaemonSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DaemonSetStatus)(nil), (*apps.DaemonSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DaemonSetStatus_To_apps_DaemonSetStatus(a.(*v1.DaemonSetStatus), b.(*apps.DaemonSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetStatus)(nil), (*v1.DaemonSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetStatus_To_v1_DaemonSetStatus(a.(*apps.DaemonSetStatus), b.(*v1.DaemonSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DaemonSetUpdateStrategy)(nil), (*apps.DaemonSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(a.(*v1.DaemonSetUpdateStrategy), b.(*apps.DaemonSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetUpdateStrategy)(nil), (*v1.DaemonSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetUpdateStrategy_To_v1_DaemonSetUpdateStrategy(a.(*apps.DaemonSetUpdateStrategy), b.(*v1.DaemonSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DeploymentCondition)(nil), (*apps.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DeploymentCondition_To_apps_DeploymentCondition(a.(*v1.DeploymentCondition), b.(*apps.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentCondition)(nil), (*v1.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentCondition_To_v1_DeploymentCondition(a.(*apps.DeploymentCondition), b.(*v1.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DeploymentList)(nil), (*apps.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DeploymentList_To_apps_DeploymentList(a.(*v1.DeploymentList), b.(*apps.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentList)(nil), (*v1.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentList_To_v1_DeploymentList(a.(*apps.DeploymentList), b.(*v1.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DeploymentSpec)(nil), (*apps.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DeploymentSpec_To_apps_DeploymentSpec(a.(*v1.DeploymentSpec), b.(*apps.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DeploymentStatus)(nil), (*apps.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DeploymentStatus_To_apps_DeploymentStatus(a.(*v1.DeploymentStatus), b.(*apps.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStatus)(nil), (*v1.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStatus_To_v1_DeploymentStatus(a.(*apps.DeploymentStatus), b.(*v1.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DeploymentStrategy)(nil), (*apps.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DeploymentStrategy_To_apps_DeploymentStrategy(a.(*v1.DeploymentStrategy), b.(*apps.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStrategy)(nil), (*v1.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStrategy_To_v1_DeploymentStrategy(a.(*apps.DeploymentStrategy), b.(*v1.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicaSet)(nil), (*apps.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicaSet_To_apps_ReplicaSet(a.(*v1.ReplicaSet), b.(*apps.ReplicaSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSet)(nil), (*v1.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSet_To_v1_ReplicaSet(a.(*apps.ReplicaSet), b.(*v1.ReplicaSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicaSetCondition)(nil), (*apps.ReplicaSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicaSetCondition_To_apps_ReplicaSetCondition(a.(*v1.ReplicaSetCondition), b.(*apps.ReplicaSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetCondition)(nil), (*v1.ReplicaSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetCondition_To_v1_ReplicaSetCondition(a.(*apps.ReplicaSetCondition), b.(*v1.ReplicaSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicaSetList)(nil), (*apps.ReplicaSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicaSetList_To_apps_ReplicaSetList(a.(*v1.ReplicaSetList), b.(*apps.ReplicaSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetList)(nil), (*v1.ReplicaSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetList_To_v1_ReplicaSetList(a.(*apps.ReplicaSetList), b.(*v1.ReplicaSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicaSetSpec)(nil), (*apps.ReplicaSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicaSetSpec_To_apps_ReplicaSetSpec(a.(*v1.ReplicaSetSpec), b.(*apps.ReplicaSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetSpec)(nil), (*v1.ReplicaSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetSpec_To_v1_ReplicaSetSpec(a.(*apps.ReplicaSetSpec), b.(*v1.ReplicaSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicaSetStatus)(nil), (*apps.ReplicaSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicaSetStatus_To_apps_ReplicaSetStatus(a.(*v1.ReplicaSetStatus), b.(*apps.ReplicaSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetStatus)(nil), (*v1.ReplicaSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetStatus_To_v1_ReplicaSetStatus(a.(*apps.ReplicaSetStatus), b.(*v1.ReplicaSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RollingUpdateDaemonSet)(nil), (*apps.RollingUpdateDaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(a.(*v1.RollingUpdateDaemonSet), b.(*apps.RollingUpdateDaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateDaemonSet)(nil), (*v1.RollingUpdateDaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateDaemonSet_To_v1_RollingUpdateDaemonSet(a.(*apps.RollingUpdateDaemonSet), b.(*v1.RollingUpdateDaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RollingUpdateDeployment)(nil), (*apps.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(a.(*v1.RollingUpdateDeployment), b.(*apps.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateDeployment)(nil), (*v1.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateDeployment_To_v1_RollingUpdateDeployment(a.(*apps.RollingUpdateDeployment), b.(*v1.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RollingUpdateStatefulSetStrategy)(nil), (*apps.RollingUpdateStatefulSetStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(a.(*v1.RollingUpdateStatefulSetStrategy), b.(*apps.RollingUpdateStatefulSetStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateStatefulSetStrategy)(nil), (*v1.RollingUpdateStatefulSetStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateStatefulSetStrategy_To_v1_RollingUpdateStatefulSetStrategy(a.(*apps.RollingUpdateStatefulSetStrategy), b.(*v1.RollingUpdateStatefulSetStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StatefulSet)(nil), (*apps.StatefulSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSet_To_apps_StatefulSet(a.(*v1.StatefulSet), b.(*apps.StatefulSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSet)(nil), (*v1.StatefulSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSet_To_v1_StatefulSet(a.(*apps.StatefulSet), b.(*v1.StatefulSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StatefulSetCondition)(nil), (*apps.StatefulSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSetCondition_To_apps_StatefulSetCondition(a.(*v1.StatefulSetCondition), b.(*apps.StatefulSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetCondition)(nil), (*v1.StatefulSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetCondition_To_v1_StatefulSetCondition(a.(*apps.StatefulSetCondition), b.(*v1.StatefulSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StatefulSetList)(nil), (*apps.StatefulSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSetList_To_apps_StatefulSetList(a.(*v1.StatefulSetList), b.(*apps.StatefulSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetList)(nil), (*v1.StatefulSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetList_To_v1_StatefulSetList(a.(*apps.StatefulSetList), b.(*v1.StatefulSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StatefulSetOrdinals)(nil), (*apps.StatefulSetOrdinals)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(a.(*v1.StatefulSetOrdinals), b.(*apps.StatefulSetOrdinals), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetOrdinals)(nil), (*v1.StatefulSetOrdinals)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetOrdinals_To_v1_StatefulSetOrdinals(a.(*apps.StatefulSetOrdinals), b.(*v1.StatefulSetOrdinals), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), (*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(a.(*v1.StatefulSetPersistentVolumeClaimRetentionPolicy), b.(*apps.StatefulSetPersistentVolumeClaimRetentionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), (*v1.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1_StatefulSetPersistentVolumeClaimRetentionPolicy(a.(*apps.StatefulSetPersistentVolumeClaimRetentionPolicy), b.(*v1.StatefulSetPersistentVolumeClaimRetentionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StatefulSetStatus)(nil), (*apps.StatefulSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSetStatus_To_apps_StatefulSetStatus(a.(*v1.StatefulSetStatus), b.(*apps.StatefulSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetStatus)(nil), (*v1.StatefulSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetStatus_To_v1_StatefulSetStatus(a.(*apps.StatefulSetStatus), b.(*v1.StatefulSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StatefulSetUpdateStrategy)(nil), (*apps.StatefulSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(a.(*v1.StatefulSetUpdateStrategy), b.(*apps.StatefulSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetUpdateStrategy)(nil), (*v1.StatefulSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetUpdateStrategy_To_v1_StatefulSetUpdateStrategy(a.(*apps.StatefulSetUpdateStrategy), b.(*v1.StatefulSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.DaemonSetSpec)(nil), (*v1.DaemonSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetSpec_To_v1_DaemonSetSpec(a.(*apps.DaemonSetSpec), b.(*v1.DaemonSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.DaemonSet)(nil), (*v1.DaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSet_To_v1_DaemonSet(a.(*apps.DaemonSet), b.(*v1.DaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.DeploymentSpec)(nil), (*v1.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentSpec_To_v1_DeploymentSpec(a.(*apps.DeploymentSpec), b.(*v1.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.Deployment)(nil), (*v1.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_Deployment_To_v1_Deployment(a.(*apps.Deployment), b.(*v1.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.StatefulSetSpec)(nil), (*v1.StatefulSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetSpec_To_v1_StatefulSetSpec(a.(*apps.StatefulSetSpec), b.(*v1.StatefulSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.DaemonSet)(nil), (*apps.DaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DaemonSet_To_apps_DaemonSet(a.(*v1.DaemonSet), b.(*apps.DaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.Deployment)(nil), (*apps.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Deployment_To_apps_Deployment(a.(*v1.Deployment), b.(*apps.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.StatefulSetSpec)(nil), (*apps.StatefulSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StatefulSetSpec_To_apps_StatefulSetSpec(a.(*v1.StatefulSetSpec), b.(*apps.StatefulSetSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_ControllerRevision_To_apps_ControllerRevision(in *v1.ControllerRevision, out *apps.ControllerRevision, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Data, &out.Data, s); err != nil { - return err - } - out.Revision = in.Revision - return nil -} - -// Convert_v1_ControllerRevision_To_apps_ControllerRevision is an autogenerated conversion function. -func Convert_v1_ControllerRevision_To_apps_ControllerRevision(in *v1.ControllerRevision, out *apps.ControllerRevision, s conversion.Scope) error { - return autoConvert_v1_ControllerRevision_To_apps_ControllerRevision(in, out, s) -} - -func autoConvert_apps_ControllerRevision_To_v1_ControllerRevision(in *apps.ControllerRevision, out *v1.ControllerRevision, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Data, &out.Data, s); err != nil { - return err - } - out.Revision = in.Revision - return nil -} - -// Convert_apps_ControllerRevision_To_v1_ControllerRevision is an autogenerated conversion function. -func Convert_apps_ControllerRevision_To_v1_ControllerRevision(in *apps.ControllerRevision, out *v1.ControllerRevision, s conversion.Scope) error { - return autoConvert_apps_ControllerRevision_To_v1_ControllerRevision(in, out, s) -} - -func autoConvert_v1_ControllerRevisionList_To_apps_ControllerRevisionList(in *v1.ControllerRevisionList, out *apps.ControllerRevisionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.ControllerRevision, len(*in)) - for i := range *in { - if err := Convert_v1_ControllerRevision_To_apps_ControllerRevision(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_ControllerRevisionList_To_apps_ControllerRevisionList is an autogenerated conversion function. -func Convert_v1_ControllerRevisionList_To_apps_ControllerRevisionList(in *v1.ControllerRevisionList, out *apps.ControllerRevisionList, s conversion.Scope) error { - return autoConvert_v1_ControllerRevisionList_To_apps_ControllerRevisionList(in, out, s) -} - -func autoConvert_apps_ControllerRevisionList_To_v1_ControllerRevisionList(in *apps.ControllerRevisionList, out *v1.ControllerRevisionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.ControllerRevision, len(*in)) - for i := range *in { - if err := Convert_apps_ControllerRevision_To_v1_ControllerRevision(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_ControllerRevisionList_To_v1_ControllerRevisionList is an autogenerated conversion function. -func Convert_apps_ControllerRevisionList_To_v1_ControllerRevisionList(in *apps.ControllerRevisionList, out *v1.ControllerRevisionList, s conversion.Scope) error { - return autoConvert_apps_ControllerRevisionList_To_v1_ControllerRevisionList(in, out, s) -} - -func autoConvert_v1_DaemonSet_To_apps_DaemonSet(in *v1.DaemonSet, out *apps.DaemonSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_DaemonSetSpec_To_apps_DaemonSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_DaemonSetStatus_To_apps_DaemonSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_apps_DaemonSet_To_v1_DaemonSet(in *apps.DaemonSet, out *v1.DaemonSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_DaemonSetSpec_To_v1_DaemonSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_DaemonSetStatus_To_v1_DaemonSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1_DaemonSetCondition_To_apps_DaemonSetCondition(in *v1.DaemonSetCondition, out *apps.DaemonSetCondition, s conversion.Scope) error { - out.Type = apps.DaemonSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_DaemonSetCondition_To_apps_DaemonSetCondition is an autogenerated conversion function. -func Convert_v1_DaemonSetCondition_To_apps_DaemonSetCondition(in *v1.DaemonSetCondition, out *apps.DaemonSetCondition, s conversion.Scope) error { - return autoConvert_v1_DaemonSetCondition_To_apps_DaemonSetCondition(in, out, s) -} - -func autoConvert_apps_DaemonSetCondition_To_v1_DaemonSetCondition(in *apps.DaemonSetCondition, out *v1.DaemonSetCondition, s conversion.Scope) error { - out.Type = v1.DaemonSetConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_DaemonSetCondition_To_v1_DaemonSetCondition is an autogenerated conversion function. -func Convert_apps_DaemonSetCondition_To_v1_DaemonSetCondition(in *apps.DaemonSetCondition, out *v1.DaemonSetCondition, s conversion.Scope) error { - return autoConvert_apps_DaemonSetCondition_To_v1_DaemonSetCondition(in, out, s) -} - -func autoConvert_v1_DaemonSetList_To_apps_DaemonSetList(in *v1.DaemonSetList, out *apps.DaemonSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.DaemonSet, len(*in)) - for i := range *in { - if err := Convert_v1_DaemonSet_To_apps_DaemonSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_DaemonSetList_To_apps_DaemonSetList is an autogenerated conversion function. -func Convert_v1_DaemonSetList_To_apps_DaemonSetList(in *v1.DaemonSetList, out *apps.DaemonSetList, s conversion.Scope) error { - return autoConvert_v1_DaemonSetList_To_apps_DaemonSetList(in, out, s) -} - -func autoConvert_apps_DaemonSetList_To_v1_DaemonSetList(in *apps.DaemonSetList, out *v1.DaemonSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.DaemonSet, len(*in)) - for i := range *in { - if err := Convert_apps_DaemonSet_To_v1_DaemonSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_DaemonSetList_To_v1_DaemonSetList is an autogenerated conversion function. -func Convert_apps_DaemonSetList_To_v1_DaemonSetList(in *apps.DaemonSetList, out *v1.DaemonSetList, s conversion.Scope) error { - return autoConvert_apps_DaemonSetList_To_v1_DaemonSetList(in, out, s) -} - -func autoConvert_v1_DaemonSetSpec_To_apps_DaemonSetSpec(in *v1.DaemonSetSpec, out *apps.DaemonSetSpec, s conversion.Scope) error { - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_v1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - return nil -} - -// Convert_v1_DaemonSetSpec_To_apps_DaemonSetSpec is an autogenerated conversion function. -func Convert_v1_DaemonSetSpec_To_apps_DaemonSetSpec(in *v1.DaemonSetSpec, out *apps.DaemonSetSpec, s conversion.Scope) error { - return autoConvert_v1_DaemonSetSpec_To_apps_DaemonSetSpec(in, out, s) -} - -func autoConvert_apps_DaemonSetSpec_To_v1_DaemonSetSpec(in *apps.DaemonSetSpec, out *v1.DaemonSetSpec, s conversion.Scope) error { - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_apps_DaemonSetUpdateStrategy_To_v1_DaemonSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - // WARNING: in.TemplateGeneration requires manual conversion: does not exist in peer-type - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - return nil -} - -func autoConvert_v1_DaemonSetStatus_To_apps_DaemonSetStatus(in *v1.DaemonSetStatus, out *apps.DaemonSetStatus, s conversion.Scope) error { - out.CurrentNumberScheduled = in.CurrentNumberScheduled - out.NumberMisscheduled = in.NumberMisscheduled - out.DesiredNumberScheduled = in.DesiredNumberScheduled - out.NumberReady = in.NumberReady - out.ObservedGeneration = in.ObservedGeneration - out.UpdatedNumberScheduled = in.UpdatedNumberScheduled - out.NumberAvailable = in.NumberAvailable - out.NumberUnavailable = in.NumberUnavailable - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]apps.DaemonSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_DaemonSetStatus_To_apps_DaemonSetStatus is an autogenerated conversion function. -func Convert_v1_DaemonSetStatus_To_apps_DaemonSetStatus(in *v1.DaemonSetStatus, out *apps.DaemonSetStatus, s conversion.Scope) error { - return autoConvert_v1_DaemonSetStatus_To_apps_DaemonSetStatus(in, out, s) -} - -func autoConvert_apps_DaemonSetStatus_To_v1_DaemonSetStatus(in *apps.DaemonSetStatus, out *v1.DaemonSetStatus, s conversion.Scope) error { - out.CurrentNumberScheduled = in.CurrentNumberScheduled - out.NumberMisscheduled = in.NumberMisscheduled - out.DesiredNumberScheduled = in.DesiredNumberScheduled - out.NumberReady = in.NumberReady - out.ObservedGeneration = in.ObservedGeneration - out.UpdatedNumberScheduled = in.UpdatedNumberScheduled - out.NumberAvailable = in.NumberAvailable - out.NumberUnavailable = in.NumberUnavailable - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]v1.DaemonSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_apps_DaemonSetStatus_To_v1_DaemonSetStatus is an autogenerated conversion function. -func Convert_apps_DaemonSetStatus_To_v1_DaemonSetStatus(in *apps.DaemonSetStatus, out *v1.DaemonSetStatus, s conversion.Scope) error { - return autoConvert_apps_DaemonSetStatus_To_v1_DaemonSetStatus(in, out, s) -} - -func autoConvert_v1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in *v1.DaemonSetUpdateStrategy, out *apps.DaemonSetUpdateStrategy, s conversion.Scope) error { - out.Type = apps.DaemonSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateDaemonSet) - if err := Convert_v1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy is an autogenerated conversion function. -func Convert_v1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in *v1.DaemonSetUpdateStrategy, out *apps.DaemonSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_v1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in, out, s) -} - -func autoConvert_apps_DaemonSetUpdateStrategy_To_v1_DaemonSetUpdateStrategy(in *apps.DaemonSetUpdateStrategy, out *v1.DaemonSetUpdateStrategy, s conversion.Scope) error { - out.Type = v1.DaemonSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1.RollingUpdateDaemonSet) - if err := Convert_apps_RollingUpdateDaemonSet_To_v1_RollingUpdateDaemonSet(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_DaemonSetUpdateStrategy_To_v1_DaemonSetUpdateStrategy is an autogenerated conversion function. -func Convert_apps_DaemonSetUpdateStrategy_To_v1_DaemonSetUpdateStrategy(in *apps.DaemonSetUpdateStrategy, out *v1.DaemonSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_apps_DaemonSetUpdateStrategy_To_v1_DaemonSetUpdateStrategy(in, out, s) -} - -func autoConvert_v1_Deployment_To_apps_Deployment(in *v1.Deployment, out *apps.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_DeploymentSpec_To_apps_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_DeploymentStatus_To_apps_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_apps_Deployment_To_v1_Deployment(in *apps.Deployment, out *v1.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_DeploymentSpec_To_v1_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStatus_To_v1_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1_DeploymentCondition_To_apps_DeploymentCondition(in *v1.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - out.Type = apps.DeploymentConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_DeploymentCondition_To_apps_DeploymentCondition is an autogenerated conversion function. -func Convert_v1_DeploymentCondition_To_apps_DeploymentCondition(in *v1.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - return autoConvert_v1_DeploymentCondition_To_apps_DeploymentCondition(in, out, s) -} - -func autoConvert_apps_DeploymentCondition_To_v1_DeploymentCondition(in *apps.DeploymentCondition, out *v1.DeploymentCondition, s conversion.Scope) error { - out.Type = v1.DeploymentConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_DeploymentCondition_To_v1_DeploymentCondition is an autogenerated conversion function. -func Convert_apps_DeploymentCondition_To_v1_DeploymentCondition(in *apps.DeploymentCondition, out *v1.DeploymentCondition, s conversion.Scope) error { - return autoConvert_apps_DeploymentCondition_To_v1_DeploymentCondition(in, out, s) -} - -func autoConvert_v1_DeploymentList_To_apps_DeploymentList(in *v1.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.Deployment, len(*in)) - for i := range *in { - if err := Convert_v1_Deployment_To_apps_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_DeploymentList_To_apps_DeploymentList is an autogenerated conversion function. -func Convert_v1_DeploymentList_To_apps_DeploymentList(in *v1.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - return autoConvert_v1_DeploymentList_To_apps_DeploymentList(in, out, s) -} - -func autoConvert_apps_DeploymentList_To_v1_DeploymentList(in *apps.DeploymentList, out *v1.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.Deployment, len(*in)) - for i := range *in { - if err := Convert_apps_Deployment_To_v1_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_DeploymentList_To_v1_DeploymentList is an autogenerated conversion function. -func Convert_apps_DeploymentList_To_v1_DeploymentList(in *apps.DeploymentList, out *v1.DeploymentList, s conversion.Scope) error { - return autoConvert_apps_DeploymentList_To_v1_DeploymentList(in, out, s) -} - -func autoConvert_v1_DeploymentSpec_To_apps_DeploymentSpec(in *v1.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_v1_DeploymentStrategy_To_apps_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -// Convert_v1_DeploymentSpec_To_apps_DeploymentSpec is an autogenerated conversion function. -func Convert_v1_DeploymentSpec_To_apps_DeploymentSpec(in *v1.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - return autoConvert_v1_DeploymentSpec_To_apps_DeploymentSpec(in, out, s) -} - -func autoConvert_apps_DeploymentSpec_To_v1_DeploymentSpec(in *apps.DeploymentSpec, out *v1.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStrategy_To_v1_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - // WARNING: in.RollbackTo requires manual conversion: does not exist in peer-type - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -func autoConvert_v1_DeploymentStatus_To_apps_DeploymentStatus(in *v1.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]apps.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_v1_DeploymentStatus_To_apps_DeploymentStatus is an autogenerated conversion function. -func Convert_v1_DeploymentStatus_To_apps_DeploymentStatus(in *v1.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - return autoConvert_v1_DeploymentStatus_To_apps_DeploymentStatus(in, out, s) -} - -func autoConvert_apps_DeploymentStatus_To_v1_DeploymentStatus(in *apps.DeploymentStatus, out *v1.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]v1.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_apps_DeploymentStatus_To_v1_DeploymentStatus is an autogenerated conversion function. -func Convert_apps_DeploymentStatus_To_v1_DeploymentStatus(in *apps.DeploymentStatus, out *v1.DeploymentStatus, s conversion.Scope) error { - return autoConvert_apps_DeploymentStatus_To_v1_DeploymentStatus(in, out, s) -} - -func autoConvert_v1_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - out.Type = apps.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateDeployment) - if err := Convert_v1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1_DeploymentStrategy_To_apps_DeploymentStrategy is an autogenerated conversion function. -func Convert_v1_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_v1_DeploymentStrategy_To_apps_DeploymentStrategy(in, out, s) -} - -func autoConvert_apps_DeploymentStrategy_To_v1_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1.DeploymentStrategy, s conversion.Scope) error { - out.Type = v1.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1.RollingUpdateDeployment) - if err := Convert_apps_RollingUpdateDeployment_To_v1_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_DeploymentStrategy_To_v1_DeploymentStrategy is an autogenerated conversion function. -func Convert_apps_DeploymentStrategy_To_v1_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_apps_DeploymentStrategy_To_v1_DeploymentStrategy(in, out, s) -} - -func autoConvert_v1_ReplicaSet_To_apps_ReplicaSet(in *v1.ReplicaSet, out *apps.ReplicaSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ReplicaSetSpec_To_apps_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_ReplicaSetStatus_To_apps_ReplicaSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_ReplicaSet_To_apps_ReplicaSet is an autogenerated conversion function. -func Convert_v1_ReplicaSet_To_apps_ReplicaSet(in *v1.ReplicaSet, out *apps.ReplicaSet, s conversion.Scope) error { - return autoConvert_v1_ReplicaSet_To_apps_ReplicaSet(in, out, s) -} - -func autoConvert_apps_ReplicaSet_To_v1_ReplicaSet(in *apps.ReplicaSet, out *v1.ReplicaSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_ReplicaSetSpec_To_v1_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_ReplicaSetStatus_To_v1_ReplicaSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_ReplicaSet_To_v1_ReplicaSet is an autogenerated conversion function. -func Convert_apps_ReplicaSet_To_v1_ReplicaSet(in *apps.ReplicaSet, out *v1.ReplicaSet, s conversion.Scope) error { - return autoConvert_apps_ReplicaSet_To_v1_ReplicaSet(in, out, s) -} - -func autoConvert_v1_ReplicaSetCondition_To_apps_ReplicaSetCondition(in *v1.ReplicaSetCondition, out *apps.ReplicaSetCondition, s conversion.Scope) error { - out.Type = apps.ReplicaSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_ReplicaSetCondition_To_apps_ReplicaSetCondition is an autogenerated conversion function. -func Convert_v1_ReplicaSetCondition_To_apps_ReplicaSetCondition(in *v1.ReplicaSetCondition, out *apps.ReplicaSetCondition, s conversion.Scope) error { - return autoConvert_v1_ReplicaSetCondition_To_apps_ReplicaSetCondition(in, out, s) -} - -func autoConvert_apps_ReplicaSetCondition_To_v1_ReplicaSetCondition(in *apps.ReplicaSetCondition, out *v1.ReplicaSetCondition, s conversion.Scope) error { - out.Type = v1.ReplicaSetConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_ReplicaSetCondition_To_v1_ReplicaSetCondition is an autogenerated conversion function. -func Convert_apps_ReplicaSetCondition_To_v1_ReplicaSetCondition(in *apps.ReplicaSetCondition, out *v1.ReplicaSetCondition, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetCondition_To_v1_ReplicaSetCondition(in, out, s) -} - -func autoConvert_v1_ReplicaSetList_To_apps_ReplicaSetList(in *v1.ReplicaSetList, out *apps.ReplicaSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.ReplicaSet, len(*in)) - for i := range *in { - if err := Convert_v1_ReplicaSet_To_apps_ReplicaSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_ReplicaSetList_To_apps_ReplicaSetList is an autogenerated conversion function. -func Convert_v1_ReplicaSetList_To_apps_ReplicaSetList(in *v1.ReplicaSetList, out *apps.ReplicaSetList, s conversion.Scope) error { - return autoConvert_v1_ReplicaSetList_To_apps_ReplicaSetList(in, out, s) -} - -func autoConvert_apps_ReplicaSetList_To_v1_ReplicaSetList(in *apps.ReplicaSetList, out *v1.ReplicaSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.ReplicaSet, len(*in)) - for i := range *in { - if err := Convert_apps_ReplicaSet_To_v1_ReplicaSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_ReplicaSetList_To_v1_ReplicaSetList is an autogenerated conversion function. -func Convert_apps_ReplicaSetList_To_v1_ReplicaSetList(in *apps.ReplicaSetList, out *v1.ReplicaSetList, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetList_To_v1_ReplicaSetList(in, out, s) -} - -func autoConvert_v1_ReplicaSetSpec_To_apps_ReplicaSetSpec(in *v1.ReplicaSetSpec, out *apps.ReplicaSetSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_v1_ReplicaSetSpec_To_apps_ReplicaSetSpec is an autogenerated conversion function. -func Convert_v1_ReplicaSetSpec_To_apps_ReplicaSetSpec(in *v1.ReplicaSetSpec, out *apps.ReplicaSetSpec, s conversion.Scope) error { - return autoConvert_v1_ReplicaSetSpec_To_apps_ReplicaSetSpec(in, out, s) -} - -func autoConvert_apps_ReplicaSetSpec_To_v1_ReplicaSetSpec(in *apps.ReplicaSetSpec, out *v1.ReplicaSetSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_apps_ReplicaSetSpec_To_v1_ReplicaSetSpec is an autogenerated conversion function. -func Convert_apps_ReplicaSetSpec_To_v1_ReplicaSetSpec(in *apps.ReplicaSetSpec, out *v1.ReplicaSetSpec, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetSpec_To_v1_ReplicaSetSpec(in, out, s) -} - -func autoConvert_v1_ReplicaSetStatus_To_apps_ReplicaSetStatus(in *v1.ReplicaSetStatus, out *apps.ReplicaSetStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]apps.ReplicaSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_ReplicaSetStatus_To_apps_ReplicaSetStatus is an autogenerated conversion function. -func Convert_v1_ReplicaSetStatus_To_apps_ReplicaSetStatus(in *v1.ReplicaSetStatus, out *apps.ReplicaSetStatus, s conversion.Scope) error { - return autoConvert_v1_ReplicaSetStatus_To_apps_ReplicaSetStatus(in, out, s) -} - -func autoConvert_apps_ReplicaSetStatus_To_v1_ReplicaSetStatus(in *apps.ReplicaSetStatus, out *v1.ReplicaSetStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]v1.ReplicaSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_apps_ReplicaSetStatus_To_v1_ReplicaSetStatus is an autogenerated conversion function. -func Convert_apps_ReplicaSetStatus_To_v1_ReplicaSetStatus(in *apps.ReplicaSetStatus, out *v1.ReplicaSetStatus, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetStatus_To_v1_ReplicaSetStatus(in, out, s) -} - -func autoConvert_v1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in *v1.RollingUpdateDaemonSet, out *apps.RollingUpdateDaemonSet, s conversion.Scope) error { - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_v1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet is an autogenerated conversion function. -func Convert_v1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in *v1.RollingUpdateDaemonSet, out *apps.RollingUpdateDaemonSet, s conversion.Scope) error { - return autoConvert_v1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in, out, s) -} - -func autoConvert_apps_RollingUpdateDaemonSet_To_v1_RollingUpdateDaemonSet(in *apps.RollingUpdateDaemonSet, out *v1.RollingUpdateDaemonSet, s conversion.Scope) error { - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_apps_RollingUpdateDaemonSet_To_v1_RollingUpdateDaemonSet is an autogenerated conversion function. -func Convert_apps_RollingUpdateDaemonSet_To_v1_RollingUpdateDaemonSet(in *apps.RollingUpdateDaemonSet, out *v1.RollingUpdateDaemonSet, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateDaemonSet_To_v1_RollingUpdateDaemonSet(in, out, s) -} - -func autoConvert_v1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_v1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_v1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_v1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_apps_RollingUpdateDeployment_To_v1_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_apps_RollingUpdateDeployment_To_v1_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_apps_RollingUpdateDeployment_To_v1_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateDeployment_To_v1_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_v1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in *v1.RollingUpdateStatefulSetStrategy, out *apps.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Partition, &out.Partition, s); err != nil { - return err - } - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - return nil -} - -// Convert_v1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy is an autogenerated conversion function. -func Convert_v1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in *v1.RollingUpdateStatefulSetStrategy, out *apps.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - return autoConvert_v1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in, out, s) -} - -func autoConvert_apps_RollingUpdateStatefulSetStrategy_To_v1_RollingUpdateStatefulSetStrategy(in *apps.RollingUpdateStatefulSetStrategy, out *v1.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Partition, &out.Partition, s); err != nil { - return err - } - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - return nil -} - -// Convert_apps_RollingUpdateStatefulSetStrategy_To_v1_RollingUpdateStatefulSetStrategy is an autogenerated conversion function. -func Convert_apps_RollingUpdateStatefulSetStrategy_To_v1_RollingUpdateStatefulSetStrategy(in *apps.RollingUpdateStatefulSetStrategy, out *v1.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateStatefulSetStrategy_To_v1_RollingUpdateStatefulSetStrategy(in, out, s) -} - -func autoConvert_v1_StatefulSet_To_apps_StatefulSet(in *v1.StatefulSet, out *apps.StatefulSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_StatefulSetSpec_To_apps_StatefulSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_StatefulSetStatus_To_apps_StatefulSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_StatefulSet_To_apps_StatefulSet is an autogenerated conversion function. -func Convert_v1_StatefulSet_To_apps_StatefulSet(in *v1.StatefulSet, out *apps.StatefulSet, s conversion.Scope) error { - return autoConvert_v1_StatefulSet_To_apps_StatefulSet(in, out, s) -} - -func autoConvert_apps_StatefulSet_To_v1_StatefulSet(in *apps.StatefulSet, out *v1.StatefulSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_StatefulSetSpec_To_v1_StatefulSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_StatefulSetStatus_To_v1_StatefulSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_StatefulSet_To_v1_StatefulSet is an autogenerated conversion function. -func Convert_apps_StatefulSet_To_v1_StatefulSet(in *apps.StatefulSet, out *v1.StatefulSet, s conversion.Scope) error { - return autoConvert_apps_StatefulSet_To_v1_StatefulSet(in, out, s) -} - -func autoConvert_v1_StatefulSetCondition_To_apps_StatefulSetCondition(in *v1.StatefulSetCondition, out *apps.StatefulSetCondition, s conversion.Scope) error { - out.Type = apps.StatefulSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_StatefulSetCondition_To_apps_StatefulSetCondition is an autogenerated conversion function. -func Convert_v1_StatefulSetCondition_To_apps_StatefulSetCondition(in *v1.StatefulSetCondition, out *apps.StatefulSetCondition, s conversion.Scope) error { - return autoConvert_v1_StatefulSetCondition_To_apps_StatefulSetCondition(in, out, s) -} - -func autoConvert_apps_StatefulSetCondition_To_v1_StatefulSetCondition(in *apps.StatefulSetCondition, out *v1.StatefulSetCondition, s conversion.Scope) error { - out.Type = v1.StatefulSetConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_StatefulSetCondition_To_v1_StatefulSetCondition is an autogenerated conversion function. -func Convert_apps_StatefulSetCondition_To_v1_StatefulSetCondition(in *apps.StatefulSetCondition, out *v1.StatefulSetCondition, s conversion.Scope) error { - return autoConvert_apps_StatefulSetCondition_To_v1_StatefulSetCondition(in, out, s) -} - -func autoConvert_v1_StatefulSetList_To_apps_StatefulSetList(in *v1.StatefulSetList, out *apps.StatefulSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.StatefulSet, len(*in)) - for i := range *in { - if err := Convert_v1_StatefulSet_To_apps_StatefulSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_StatefulSetList_To_apps_StatefulSetList is an autogenerated conversion function. -func Convert_v1_StatefulSetList_To_apps_StatefulSetList(in *v1.StatefulSetList, out *apps.StatefulSetList, s conversion.Scope) error { - return autoConvert_v1_StatefulSetList_To_apps_StatefulSetList(in, out, s) -} - -func autoConvert_apps_StatefulSetList_To_v1_StatefulSetList(in *apps.StatefulSetList, out *v1.StatefulSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.StatefulSet, len(*in)) - for i := range *in { - if err := Convert_apps_StatefulSet_To_v1_StatefulSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_StatefulSetList_To_v1_StatefulSetList is an autogenerated conversion function. -func Convert_apps_StatefulSetList_To_v1_StatefulSetList(in *apps.StatefulSetList, out *v1.StatefulSetList, s conversion.Scope) error { - return autoConvert_apps_StatefulSetList_To_v1_StatefulSetList(in, out, s) -} - -func autoConvert_v1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in *v1.StatefulSetOrdinals, out *apps.StatefulSetOrdinals, s conversion.Scope) error { - out.Start = in.Start - return nil -} - -// Convert_v1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals is an autogenerated conversion function. -func Convert_v1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in *v1.StatefulSetOrdinals, out *apps.StatefulSetOrdinals, s conversion.Scope) error { - return autoConvert_v1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in, out, s) -} - -func autoConvert_apps_StatefulSetOrdinals_To_v1_StatefulSetOrdinals(in *apps.StatefulSetOrdinals, out *v1.StatefulSetOrdinals, s conversion.Scope) error { - out.Start = in.Start - return nil -} - -// Convert_apps_StatefulSetOrdinals_To_v1_StatefulSetOrdinals is an autogenerated conversion function. -func Convert_apps_StatefulSetOrdinals_To_v1_StatefulSetOrdinals(in *apps.StatefulSetOrdinals, out *v1.StatefulSetOrdinals, s conversion.Scope) error { - return autoConvert_apps_StatefulSetOrdinals_To_v1_StatefulSetOrdinals(in, out, s) -} - -func autoConvert_v1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in *v1.StatefulSetPersistentVolumeClaimRetentionPolicy, out *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - out.WhenDeleted = apps.PersistentVolumeClaimRetentionPolicyType(in.WhenDeleted) - out.WhenScaled = apps.PersistentVolumeClaimRetentionPolicyType(in.WhenScaled) - return nil -} - -// Convert_v1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy is an autogenerated conversion function. -func Convert_v1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in *v1.StatefulSetPersistentVolumeClaimRetentionPolicy, out *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - return autoConvert_v1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in, out, s) -} - -func autoConvert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1_StatefulSetPersistentVolumeClaimRetentionPolicy(in *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, out *v1.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - out.WhenDeleted = v1.PersistentVolumeClaimRetentionPolicyType(in.WhenDeleted) - out.WhenScaled = v1.PersistentVolumeClaimRetentionPolicyType(in.WhenScaled) - return nil -} - -// Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1_StatefulSetPersistentVolumeClaimRetentionPolicy is an autogenerated conversion function. -func Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1_StatefulSetPersistentVolumeClaimRetentionPolicy(in *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, out *v1.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - return autoConvert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1_StatefulSetPersistentVolumeClaimRetentionPolicy(in, out, s) -} - -func autoConvert_v1_StatefulSetSpec_To_apps_StatefulSetSpec(in *v1.StatefulSetSpec, out *apps.StatefulSetSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.VolumeClaimTemplates = *(*[]core.PersistentVolumeClaim)(unsafe.Pointer(&in.VolumeClaimTemplates)) - out.ServiceName = in.ServiceName - out.PodManagementPolicy = apps.PodManagementPolicyType(in.PodManagementPolicy) - if err := Convert_v1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.MinReadySeconds = in.MinReadySeconds - out.PersistentVolumeClaimRetentionPolicy = (*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(unsafe.Pointer(in.PersistentVolumeClaimRetentionPolicy)) - out.Ordinals = (*apps.StatefulSetOrdinals)(unsafe.Pointer(in.Ordinals)) - return nil -} - -func autoConvert_apps_StatefulSetSpec_To_v1_StatefulSetSpec(in *apps.StatefulSetSpec, out *v1.StatefulSetSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := apiscorev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.VolumeClaimTemplates = *(*[]corev1.PersistentVolumeClaim)(unsafe.Pointer(&in.VolumeClaimTemplates)) - out.ServiceName = in.ServiceName - out.PodManagementPolicy = v1.PodManagementPolicyType(in.PodManagementPolicy) - if err := Convert_apps_StatefulSetUpdateStrategy_To_v1_StatefulSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.MinReadySeconds = in.MinReadySeconds - out.PersistentVolumeClaimRetentionPolicy = (*v1.StatefulSetPersistentVolumeClaimRetentionPolicy)(unsafe.Pointer(in.PersistentVolumeClaimRetentionPolicy)) - out.Ordinals = (*v1.StatefulSetOrdinals)(unsafe.Pointer(in.Ordinals)) - return nil -} - -func autoConvert_v1_StatefulSetStatus_To_apps_StatefulSetStatus(in *v1.StatefulSetStatus, out *apps.StatefulSetStatus, s conversion.Scope) error { - if err := metav1.Convert_int64_To_Pointer_int64(&in.ObservedGeneration, &out.ObservedGeneration, s); err != nil { - return err - } - out.Replicas = in.Replicas - out.ReadyReplicas = in.ReadyReplicas - out.CurrentReplicas = in.CurrentReplicas - out.UpdatedReplicas = in.UpdatedReplicas - out.CurrentRevision = in.CurrentRevision - out.UpdateRevision = in.UpdateRevision - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]apps.StatefulSetCondition)(unsafe.Pointer(&in.Conditions)) - out.AvailableReplicas = in.AvailableReplicas - return nil -} - -// Convert_v1_StatefulSetStatus_To_apps_StatefulSetStatus is an autogenerated conversion function. -func Convert_v1_StatefulSetStatus_To_apps_StatefulSetStatus(in *v1.StatefulSetStatus, out *apps.StatefulSetStatus, s conversion.Scope) error { - return autoConvert_v1_StatefulSetStatus_To_apps_StatefulSetStatus(in, out, s) -} - -func autoConvert_apps_StatefulSetStatus_To_v1_StatefulSetStatus(in *apps.StatefulSetStatus, out *v1.StatefulSetStatus, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int64_To_int64(&in.ObservedGeneration, &out.ObservedGeneration, s); err != nil { - return err - } - out.Replicas = in.Replicas - out.ReadyReplicas = in.ReadyReplicas - out.CurrentReplicas = in.CurrentReplicas - out.UpdatedReplicas = in.UpdatedReplicas - out.CurrentRevision = in.CurrentRevision - out.UpdateRevision = in.UpdateRevision - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]v1.StatefulSetCondition)(unsafe.Pointer(&in.Conditions)) - out.AvailableReplicas = in.AvailableReplicas - return nil -} - -// Convert_apps_StatefulSetStatus_To_v1_StatefulSetStatus is an autogenerated conversion function. -func Convert_apps_StatefulSetStatus_To_v1_StatefulSetStatus(in *apps.StatefulSetStatus, out *v1.StatefulSetStatus, s conversion.Scope) error { - return autoConvert_apps_StatefulSetStatus_To_v1_StatefulSetStatus(in, out, s) -} - -func autoConvert_v1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in *v1.StatefulSetUpdateStrategy, out *apps.StatefulSetUpdateStrategy, s conversion.Scope) error { - out.Type = apps.StatefulSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateStatefulSetStrategy) - if err := Convert_v1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy is an autogenerated conversion function. -func Convert_v1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in *v1.StatefulSetUpdateStrategy, out *apps.StatefulSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_v1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in, out, s) -} - -func autoConvert_apps_StatefulSetUpdateStrategy_To_v1_StatefulSetUpdateStrategy(in *apps.StatefulSetUpdateStrategy, out *v1.StatefulSetUpdateStrategy, s conversion.Scope) error { - out.Type = v1.StatefulSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1.RollingUpdateStatefulSetStrategy) - if err := Convert_apps_RollingUpdateStatefulSetStrategy_To_v1_RollingUpdateStatefulSetStrategy(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_StatefulSetUpdateStrategy_To_v1_StatefulSetUpdateStrategy is an autogenerated conversion function. -func Convert_apps_StatefulSetUpdateStrategy_To_v1_StatefulSetUpdateStrategy(in *apps.StatefulSetUpdateStrategy, out *v1.StatefulSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_apps_StatefulSetUpdateStrategy_To_v1_StatefulSetUpdateStrategy(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/zz_generated.defaults.go deleted file mode 100644 index 12a4ff4450..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1/zz_generated.defaults.go +++ /dev/null @@ -1,1152 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/apps/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.DaemonSet{}, func(obj interface{}) { SetObjectDefaults_DaemonSet(obj.(*v1.DaemonSet)) }) - scheme.AddTypeDefaultingFunc(&v1.DaemonSetList{}, func(obj interface{}) { SetObjectDefaults_DaemonSetList(obj.(*v1.DaemonSetList)) }) - scheme.AddTypeDefaultingFunc(&v1.Deployment{}, func(obj interface{}) { SetObjectDefaults_Deployment(obj.(*v1.Deployment)) }) - scheme.AddTypeDefaultingFunc(&v1.DeploymentList{}, func(obj interface{}) { SetObjectDefaults_DeploymentList(obj.(*v1.DeploymentList)) }) - scheme.AddTypeDefaultingFunc(&v1.ReplicaSet{}, func(obj interface{}) { SetObjectDefaults_ReplicaSet(obj.(*v1.ReplicaSet)) }) - scheme.AddTypeDefaultingFunc(&v1.ReplicaSetList{}, func(obj interface{}) { SetObjectDefaults_ReplicaSetList(obj.(*v1.ReplicaSetList)) }) - scheme.AddTypeDefaultingFunc(&v1.StatefulSet{}, func(obj interface{}) { SetObjectDefaults_StatefulSet(obj.(*v1.StatefulSet)) }) - scheme.AddTypeDefaultingFunc(&v1.StatefulSetList{}, func(obj interface{}) { SetObjectDefaults_StatefulSetList(obj.(*v1.StatefulSetList)) }) - return nil -} - -func SetObjectDefaults_DaemonSet(in *v1.DaemonSet) { - SetDefaults_DaemonSet(in) - corev1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - corev1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - corev1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - corev1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - corev1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - corev1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - corev1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - corev1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - corev1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - corev1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - corev1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - corev1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - corev1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - corev1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - corev1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_DaemonSetList(in *v1.DaemonSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_DaemonSet(a) - } -} - -func SetObjectDefaults_Deployment(in *v1.Deployment) { - SetDefaults_Deployment(in) - corev1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - corev1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - corev1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - corev1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - corev1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - corev1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - corev1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - corev1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - corev1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - corev1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - corev1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - corev1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - corev1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - corev1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - corev1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_DeploymentList(in *v1.DeploymentList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Deployment(a) - } -} - -func SetObjectDefaults_ReplicaSet(in *v1.ReplicaSet) { - SetDefaults_ReplicaSet(in) - corev1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - corev1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - corev1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - corev1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - corev1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - corev1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - corev1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - corev1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - corev1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - corev1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - corev1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - corev1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - corev1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - corev1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - corev1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_ReplicaSetList(in *v1.ReplicaSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ReplicaSet(a) - } -} - -func SetObjectDefaults_StatefulSet(in *v1.StatefulSet) { - SetDefaults_StatefulSet(in) - corev1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - corev1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - corev1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - corev1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - corev1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - corev1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - corev1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - corev1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - corev1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - corev1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - corev1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - corev1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - corev1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - corev1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - corev1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) - for i := range in.Spec.VolumeClaimTemplates { - a := &in.Spec.VolumeClaimTemplates[i] - corev1.SetDefaults_PersistentVolumeClaim(a) - corev1.SetDefaults_PersistentVolumeClaimSpec(&a.Spec) - corev1.SetDefaults_ResourceList(&a.Spec.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Spec.Resources.Requests) - corev1.SetDefaults_ResourceList(&a.Status.Capacity) - corev1.SetDefaults_ResourceList(&a.Status.AllocatedResources) - } -} - -func SetObjectDefaults_StatefulSetList(in *v1.StatefulSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_StatefulSet(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/conversion.go deleted file mode 100644 index 21583d559c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/conversion.go +++ /dev/null @@ -1,123 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - appsv1beta1 "k8s.io/api/apps/v1beta1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - apps "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/core" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - // Add field label conversions for kinds having selectable nothing but ObjectMeta fields. - if err := scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("StatefulSet"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", "metadata.namespace", "status.successful": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported for appsv1beta1.StatefulSet: %s", label) - } - }); err != nil { - return err - } - - return nil -} - -func Convert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(in *autoscaling.ScaleStatus, out *appsv1beta1.ScaleStatus, s conversion.Scope) error { - out.Replicas = int32(in.Replicas) - out.TargetSelector = in.Selector - - out.Selector = nil - selector, err := metav1.ParseToLabelSelector(in.Selector) - if err != nil { - return fmt.Errorf("failed to parse selector: %v", err) - } - if len(selector.MatchExpressions) == 0 { - out.Selector = selector.MatchLabels - } - - return nil -} - -func Convert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(in *appsv1beta1.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - - if in.TargetSelector != "" { - out.Selector = in.TargetSelector - } else if in.Selector != nil { - set := labels.Set{} - for key, val := range in.Selector { - set[key] = val - } - out.Selector = labels.SelectorFromSet(set).String() - } else { - out.Selector = "" - } - return nil -} - -// Convert_v1beta1_StatefulSetSpec_To_apps_StatefulSetSpec augments auto-conversion to preserve < 1.17 behavior -// setting apiVersion/kind in nested persistent volume claim objects. -func Convert_v1beta1_StatefulSetSpec_To_apps_StatefulSetSpec(in *appsv1beta1.StatefulSetSpec, out *apps.StatefulSetSpec, s conversion.Scope) error { - if err := autoConvert_v1beta1_StatefulSetSpec_To_apps_StatefulSetSpec(in, out, s); err != nil { - return err - } - // set APIVersion/Kind to behave the same as reflective conversion < 1.17. - // see https://issue.k8s.io/87583 - if out.VolumeClaimTemplates != nil { - // copy so we don't modify the input - templatesCopy := make([]core.PersistentVolumeClaim, len(out.VolumeClaimTemplates)) - copy(templatesCopy, out.VolumeClaimTemplates) - out.VolumeClaimTemplates = templatesCopy - for i := range out.VolumeClaimTemplates { - out.VolumeClaimTemplates[i].APIVersion = "" - out.VolumeClaimTemplates[i].Kind = "" - } - } - return nil -} - -// Convert_apps_StatefulSetSpec_To_v1beta1_StatefulSetSpec augments auto-conversion to preserve < 1.17 behavior -// setting apiVersion/kind in nested persistent volume claim objects. -func Convert_apps_StatefulSetSpec_To_v1beta1_StatefulSetSpec(in *apps.StatefulSetSpec, out *appsv1beta1.StatefulSetSpec, s conversion.Scope) error { - if err := autoConvert_apps_StatefulSetSpec_To_v1beta1_StatefulSetSpec(in, out, s); err != nil { - return err - } - // set APIVersion/Kind to behave the same as reflective conversion < 1.17. - // see https://issue.k8s.io/87583 - if out.VolumeClaimTemplates != nil { - // copy so we don't modify the input - templatesCopy := make([]corev1.PersistentVolumeClaim, len(out.VolumeClaimTemplates)) - copy(templatesCopy, out.VolumeClaimTemplates) - out.VolumeClaimTemplates = templatesCopy - for i := range out.VolumeClaimTemplates { - out.VolumeClaimTemplates[i].APIVersion = "v1" - out.VolumeClaimTemplates[i].Kind = "PersistentVolumeClaim" - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/defaults.go deleted file mode 100644 index 874ce62eb0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/defaults.go +++ /dev/null @@ -1,140 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - appsv1beta1 "k8s.io/api/apps/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/features" - "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_StatefulSet(obj *appsv1beta1.StatefulSet) { - if len(obj.Spec.PodManagementPolicy) == 0 { - obj.Spec.PodManagementPolicy = appsv1beta1.OrderedReadyPodManagement - } - - if obj.Spec.UpdateStrategy.Type == "" { - obj.Spec.UpdateStrategy.Type = appsv1beta1.OnDeleteStatefulSetStrategyType - } - labels := obj.Spec.Template.Labels - if labels != nil { - if obj.Spec.Selector == nil { - obj.Spec.Selector = &metav1.LabelSelector{ - MatchLabels: labels, - } - } - if len(obj.Labels) == 0 { - obj.Labels = labels - } - } - - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoDeletePVC) { - if obj.Spec.PersistentVolumeClaimRetentionPolicy == nil { - obj.Spec.PersistentVolumeClaimRetentionPolicy = &appsv1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy{} - } - if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted) == 0 { - obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted = appsv1beta1.RetainPersistentVolumeClaimRetentionPolicyType - } - if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled) == 0 { - obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled = appsv1beta1.RetainPersistentVolumeClaimRetentionPolicyType - } - } - - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } - if obj.Spec.UpdateStrategy.Type == appsv1beta1.RollingUpdateStatefulSetStrategyType && - obj.Spec.UpdateStrategy.RollingUpdate != nil { - - if obj.Spec.UpdateStrategy.RollingUpdate.Partition == nil { - obj.Spec.UpdateStrategy.RollingUpdate.Partition = pointer.Int32(0) - } - if utilfeature.DefaultFeatureGate.Enabled(features.MaxUnavailableStatefulSet) { - if obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable == nil { - maxUnavailable := intstr.FromInt(1) - obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - } - } -} - -// SetDefaults_Deployment sets additional defaults compared to its counterpart -// in extensions. These addons are: -// - MaxUnavailable during rolling update set to 25% (1 in extensions) -// - MaxSurge value during rolling update set to 25% (1 in extensions) -// - RevisionHistoryLimit set to 2 (not set in extensions) -// - ProgressDeadlineSeconds set to 600s (not set in extensions) -func SetDefaults_Deployment(obj *appsv1beta1.Deployment) { - // Default labels and selector to labels from pod template spec. - labels := obj.Spec.Template.Labels - - if labels != nil { - if obj.Spec.Selector == nil { - obj.Spec.Selector = &metav1.LabelSelector{MatchLabels: labels} - } - if len(obj.Labels) == 0 { - obj.Labels = labels - } - } - // Set appsv1beta1.DeploymentSpec.Replicas to 1 if it is not set. - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } - strategy := &obj.Spec.Strategy - // Set default appsv1beta1.DeploymentStrategyType as RollingUpdate. - if strategy.Type == "" { - strategy.Type = appsv1beta1.RollingUpdateDeploymentStrategyType - } - if strategy.Type == appsv1beta1.RollingUpdateDeploymentStrategyType { - if strategy.RollingUpdate == nil { - rollingUpdate := appsv1beta1.RollingUpdateDeployment{} - strategy.RollingUpdate = &rollingUpdate - } - if strategy.RollingUpdate.MaxUnavailable == nil { - // Set default MaxUnavailable as 25% by default. - maxUnavailable := intstr.FromString("25%") - strategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - if strategy.RollingUpdate.MaxSurge == nil { - // Set default MaxSurge as 25% by default. - maxSurge := intstr.FromString("25%") - strategy.RollingUpdate.MaxSurge = &maxSurge - } - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 2 - } - if obj.Spec.ProgressDeadlineSeconds == nil { - obj.Spec.ProgressDeadlineSeconds = new(int32) - *obj.Spec.ProgressDeadlineSeconds = 600 - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/doc.go deleted file mode 100644 index 0a660311a2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/apps -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling -// +k8s:conversion-gen-external-types=k8s.io/api/apps/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/apps/v1beta1 - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/apps/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/register.go deleted file mode 100644 index 44ea1b83b4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - appsv1beta1 "k8s.io/api/apps/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "apps" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &appsv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/zz_generated.conversion.go deleted file mode 100644 index cbbda226ae..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,1002 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/apps/v1beta1" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - apps "k8s.io/kubernetes/pkg/apis/apps" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.ControllerRevision)(nil), (*apps.ControllerRevision)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ControllerRevision_To_apps_ControllerRevision(a.(*v1beta1.ControllerRevision), b.(*apps.ControllerRevision), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ControllerRevision)(nil), (*v1beta1.ControllerRevision)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ControllerRevision_To_v1beta1_ControllerRevision(a.(*apps.ControllerRevision), b.(*v1beta1.ControllerRevision), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ControllerRevisionList)(nil), (*apps.ControllerRevisionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ControllerRevisionList_To_apps_ControllerRevisionList(a.(*v1beta1.ControllerRevisionList), b.(*apps.ControllerRevisionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ControllerRevisionList)(nil), (*v1beta1.ControllerRevisionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ControllerRevisionList_To_v1beta1_ControllerRevisionList(a.(*apps.ControllerRevisionList), b.(*v1beta1.ControllerRevisionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Deployment)(nil), (*apps.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Deployment_To_apps_Deployment(a.(*v1beta1.Deployment), b.(*apps.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.Deployment)(nil), (*v1beta1.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_Deployment_To_v1beta1_Deployment(a.(*apps.Deployment), b.(*v1beta1.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentCondition)(nil), (*apps.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(a.(*v1beta1.DeploymentCondition), b.(*apps.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentCondition)(nil), (*v1beta1.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(a.(*apps.DeploymentCondition), b.(*v1beta1.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentList)(nil), (*apps.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentList_To_apps_DeploymentList(a.(*v1beta1.DeploymentList), b.(*apps.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentList)(nil), (*v1beta1.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentList_To_v1beta1_DeploymentList(a.(*apps.DeploymentList), b.(*v1beta1.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentRollback)(nil), (*apps.DeploymentRollback)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(a.(*v1beta1.DeploymentRollback), b.(*apps.DeploymentRollback), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentRollback)(nil), (*v1beta1.DeploymentRollback)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(a.(*apps.DeploymentRollback), b.(*v1beta1.DeploymentRollback), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentSpec)(nil), (*apps.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(a.(*v1beta1.DeploymentSpec), b.(*apps.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentSpec)(nil), (*v1beta1.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(a.(*apps.DeploymentSpec), b.(*v1beta1.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentStatus)(nil), (*apps.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(a.(*v1beta1.DeploymentStatus), b.(*apps.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStatus)(nil), (*v1beta1.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(a.(*apps.DeploymentStatus), b.(*v1beta1.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentStrategy)(nil), (*apps.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(a.(*v1beta1.DeploymentStrategy), b.(*apps.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStrategy)(nil), (*v1beta1.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(a.(*apps.DeploymentStrategy), b.(*v1beta1.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RollbackConfig)(nil), (*apps.RollbackConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig(a.(*v1beta1.RollbackConfig), b.(*apps.RollbackConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollbackConfig)(nil), (*v1beta1.RollbackConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig(a.(*apps.RollbackConfig), b.(*v1beta1.RollbackConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RollingUpdateDeployment)(nil), (*apps.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(a.(*v1beta1.RollingUpdateDeployment), b.(*apps.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateDeployment)(nil), (*v1beta1.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(a.(*apps.RollingUpdateDeployment), b.(*v1beta1.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RollingUpdateStatefulSetStrategy)(nil), (*apps.RollingUpdateStatefulSetStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(a.(*v1beta1.RollingUpdateStatefulSetStrategy), b.(*apps.RollingUpdateStatefulSetStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateStatefulSetStrategy)(nil), (*v1beta1.RollingUpdateStatefulSetStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta1_RollingUpdateStatefulSetStrategy(a.(*apps.RollingUpdateStatefulSetStrategy), b.(*v1beta1.RollingUpdateStatefulSetStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Scale)(nil), (*autoscaling.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Scale_To_autoscaling_Scale(a.(*v1beta1.Scale), b.(*autoscaling.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.Scale)(nil), (*v1beta1.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_Scale_To_v1beta1_Scale(a.(*autoscaling.Scale), b.(*v1beta1.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ScaleSpec)(nil), (*autoscaling.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(a.(*v1beta1.ScaleSpec), b.(*autoscaling.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ScaleSpec)(nil), (*v1beta1.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(a.(*autoscaling.ScaleSpec), b.(*v1beta1.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StatefulSet)(nil), (*apps.StatefulSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSet_To_apps_StatefulSet(a.(*v1beta1.StatefulSet), b.(*apps.StatefulSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSet)(nil), (*v1beta1.StatefulSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSet_To_v1beta1_StatefulSet(a.(*apps.StatefulSet), b.(*v1beta1.StatefulSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StatefulSetCondition)(nil), (*apps.StatefulSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSetCondition_To_apps_StatefulSetCondition(a.(*v1beta1.StatefulSetCondition), b.(*apps.StatefulSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetCondition)(nil), (*v1beta1.StatefulSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetCondition_To_v1beta1_StatefulSetCondition(a.(*apps.StatefulSetCondition), b.(*v1beta1.StatefulSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StatefulSetList)(nil), (*apps.StatefulSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSetList_To_apps_StatefulSetList(a.(*v1beta1.StatefulSetList), b.(*apps.StatefulSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetList)(nil), (*v1beta1.StatefulSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetList_To_v1beta1_StatefulSetList(a.(*apps.StatefulSetList), b.(*v1beta1.StatefulSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StatefulSetOrdinals)(nil), (*apps.StatefulSetOrdinals)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(a.(*v1beta1.StatefulSetOrdinals), b.(*apps.StatefulSetOrdinals), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetOrdinals)(nil), (*v1beta1.StatefulSetOrdinals)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetOrdinals_To_v1beta1_StatefulSetOrdinals(a.(*apps.StatefulSetOrdinals), b.(*v1beta1.StatefulSetOrdinals), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), (*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(a.(*v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy), b.(*apps.StatefulSetPersistentVolumeClaimRetentionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), (*v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy(a.(*apps.StatefulSetPersistentVolumeClaimRetentionPolicy), b.(*v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StatefulSetStatus)(nil), (*apps.StatefulSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSetStatus_To_apps_StatefulSetStatus(a.(*v1beta1.StatefulSetStatus), b.(*apps.StatefulSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetStatus)(nil), (*v1beta1.StatefulSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetStatus_To_v1beta1_StatefulSetStatus(a.(*apps.StatefulSetStatus), b.(*v1beta1.StatefulSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StatefulSetUpdateStrategy)(nil), (*apps.StatefulSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(a.(*v1beta1.StatefulSetUpdateStrategy), b.(*apps.StatefulSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetUpdateStrategy)(nil), (*v1beta1.StatefulSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetUpdateStrategy_To_v1beta1_StatefulSetUpdateStrategy(a.(*apps.StatefulSetUpdateStrategy), b.(*v1beta1.StatefulSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.StatefulSetSpec)(nil), (*v1beta1.StatefulSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetSpec_To_v1beta1_StatefulSetSpec(a.(*apps.StatefulSetSpec), b.(*v1beta1.StatefulSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ScaleStatus)(nil), (*v1beta1.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(a.(*autoscaling.ScaleStatus), b.(*v1beta1.ScaleStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.ScaleStatus)(nil), (*autoscaling.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(a.(*v1beta1.ScaleStatus), b.(*autoscaling.ScaleStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.StatefulSetSpec)(nil), (*apps.StatefulSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StatefulSetSpec_To_apps_StatefulSetSpec(a.(*v1beta1.StatefulSetSpec), b.(*apps.StatefulSetSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_ControllerRevision_To_apps_ControllerRevision(in *v1beta1.ControllerRevision, out *apps.ControllerRevision, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Data, &out.Data, s); err != nil { - return err - } - out.Revision = in.Revision - return nil -} - -// Convert_v1beta1_ControllerRevision_To_apps_ControllerRevision is an autogenerated conversion function. -func Convert_v1beta1_ControllerRevision_To_apps_ControllerRevision(in *v1beta1.ControllerRevision, out *apps.ControllerRevision, s conversion.Scope) error { - return autoConvert_v1beta1_ControllerRevision_To_apps_ControllerRevision(in, out, s) -} - -func autoConvert_apps_ControllerRevision_To_v1beta1_ControllerRevision(in *apps.ControllerRevision, out *v1beta1.ControllerRevision, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Data, &out.Data, s); err != nil { - return err - } - out.Revision = in.Revision - return nil -} - -// Convert_apps_ControllerRevision_To_v1beta1_ControllerRevision is an autogenerated conversion function. -func Convert_apps_ControllerRevision_To_v1beta1_ControllerRevision(in *apps.ControllerRevision, out *v1beta1.ControllerRevision, s conversion.Scope) error { - return autoConvert_apps_ControllerRevision_To_v1beta1_ControllerRevision(in, out, s) -} - -func autoConvert_v1beta1_ControllerRevisionList_To_apps_ControllerRevisionList(in *v1beta1.ControllerRevisionList, out *apps.ControllerRevisionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.ControllerRevision, len(*in)) - for i := range *in { - if err := Convert_v1beta1_ControllerRevision_To_apps_ControllerRevision(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_ControllerRevisionList_To_apps_ControllerRevisionList is an autogenerated conversion function. -func Convert_v1beta1_ControllerRevisionList_To_apps_ControllerRevisionList(in *v1beta1.ControllerRevisionList, out *apps.ControllerRevisionList, s conversion.Scope) error { - return autoConvert_v1beta1_ControllerRevisionList_To_apps_ControllerRevisionList(in, out, s) -} - -func autoConvert_apps_ControllerRevisionList_To_v1beta1_ControllerRevisionList(in *apps.ControllerRevisionList, out *v1beta1.ControllerRevisionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.ControllerRevision, len(*in)) - for i := range *in { - if err := Convert_apps_ControllerRevision_To_v1beta1_ControllerRevision(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_ControllerRevisionList_To_v1beta1_ControllerRevisionList is an autogenerated conversion function. -func Convert_apps_ControllerRevisionList_To_v1beta1_ControllerRevisionList(in *apps.ControllerRevisionList, out *v1beta1.ControllerRevisionList, s conversion.Scope) error { - return autoConvert_apps_ControllerRevisionList_To_v1beta1_ControllerRevisionList(in, out, s) -} - -func autoConvert_v1beta1_Deployment_To_apps_Deployment(in *v1beta1.Deployment, out *apps.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_Deployment_To_apps_Deployment is an autogenerated conversion function. -func Convert_v1beta1_Deployment_To_apps_Deployment(in *v1beta1.Deployment, out *apps.Deployment, s conversion.Scope) error { - return autoConvert_v1beta1_Deployment_To_apps_Deployment(in, out, s) -} - -func autoConvert_apps_Deployment_To_v1beta1_Deployment(in *apps.Deployment, out *v1beta1.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_Deployment_To_v1beta1_Deployment is an autogenerated conversion function. -func Convert_apps_Deployment_To_v1beta1_Deployment(in *apps.Deployment, out *v1beta1.Deployment, s conversion.Scope) error { - return autoConvert_apps_Deployment_To_v1beta1_Deployment(in, out, s) -} - -func autoConvert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(in *v1beta1.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - out.Type = apps.DeploymentConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition is an autogenerated conversion function. -func Convert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(in *v1beta1.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(in, out, s) -} - -func autoConvert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(in *apps.DeploymentCondition, out *v1beta1.DeploymentCondition, s conversion.Scope) error { - out.Type = v1beta1.DeploymentConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition is an autogenerated conversion function. -func Convert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(in *apps.DeploymentCondition, out *v1beta1.DeploymentCondition, s conversion.Scope) error { - return autoConvert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(in, out, s) -} - -func autoConvert_v1beta1_DeploymentList_To_apps_DeploymentList(in *v1beta1.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.Deployment, len(*in)) - for i := range *in { - if err := Convert_v1beta1_Deployment_To_apps_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_DeploymentList_To_apps_DeploymentList is an autogenerated conversion function. -func Convert_v1beta1_DeploymentList_To_apps_DeploymentList(in *v1beta1.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentList_To_apps_DeploymentList(in, out, s) -} - -func autoConvert_apps_DeploymentList_To_v1beta1_DeploymentList(in *apps.DeploymentList, out *v1beta1.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.Deployment, len(*in)) - for i := range *in { - if err := Convert_apps_Deployment_To_v1beta1_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_DeploymentList_To_v1beta1_DeploymentList is an autogenerated conversion function. -func Convert_apps_DeploymentList_To_v1beta1_DeploymentList(in *apps.DeploymentList, out *v1beta1.DeploymentList, s conversion.Scope) error { - return autoConvert_apps_DeploymentList_To_v1beta1_DeploymentList(in, out, s) -} - -func autoConvert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(in *v1beta1.DeploymentRollback, out *apps.DeploymentRollback, s conversion.Scope) error { - out.Name = in.Name - out.UpdatedAnnotations = *(*map[string]string)(unsafe.Pointer(&in.UpdatedAnnotations)) - if err := Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig(&in.RollbackTo, &out.RollbackTo, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback is an autogenerated conversion function. -func Convert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(in *v1beta1.DeploymentRollback, out *apps.DeploymentRollback, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(in, out, s) -} - -func autoConvert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(in *apps.DeploymentRollback, out *v1beta1.DeploymentRollback, s conversion.Scope) error { - out.Name = in.Name - out.UpdatedAnnotations = *(*map[string]string)(unsafe.Pointer(&in.UpdatedAnnotations)) - if err := Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig(&in.RollbackTo, &out.RollbackTo, s); err != nil { - return err - } - return nil -} - -// Convert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback is an autogenerated conversion function. -func Convert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(in *apps.DeploymentRollback, out *v1beta1.DeploymentRollback, s conversion.Scope) error { - return autoConvert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(in, out, s) -} - -func autoConvert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(in *v1beta1.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - out.RollbackTo = (*apps.RollbackConfig)(unsafe.Pointer(in.RollbackTo)) - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -// Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec is an autogenerated conversion function. -func Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(in *v1beta1.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(in, out, s) -} - -func autoConvert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(in *apps.DeploymentSpec, out *v1beta1.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - out.RollbackTo = (*v1beta1.RollbackConfig)(unsafe.Pointer(in.RollbackTo)) - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -// Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec is an autogenerated conversion function. -func Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(in *apps.DeploymentSpec, out *v1beta1.DeploymentSpec, s conversion.Scope) error { - return autoConvert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(in, out, s) -} - -func autoConvert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(in *v1beta1.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]apps.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus is an autogenerated conversion function. -func Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(in *v1beta1.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(in, out, s) -} - -func autoConvert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(in *apps.DeploymentStatus, out *v1beta1.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]v1beta1.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus is an autogenerated conversion function. -func Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(in *apps.DeploymentStatus, out *v1beta1.DeploymentStatus, s conversion.Scope) error { - return autoConvert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(in, out, s) -} - -func autoConvert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1beta1.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - out.Type = apps.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateDeployment) - if err := Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy is an autogenerated conversion function. -func Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1beta1.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(in, out, s) -} - -func autoConvert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1beta1.DeploymentStrategy, s conversion.Scope) error { - out.Type = v1beta1.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1beta1.RollingUpdateDeployment) - if err := Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy is an autogenerated conversion function. -func Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1beta1.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in, out, s) -} - -func autoConvert_v1beta1_RollbackConfig_To_apps_RollbackConfig(in *v1beta1.RollbackConfig, out *apps.RollbackConfig, s conversion.Scope) error { - out.Revision = in.Revision - return nil -} - -// Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig is an autogenerated conversion function. -func Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig(in *v1beta1.RollbackConfig, out *apps.RollbackConfig, s conversion.Scope) error { - return autoConvert_v1beta1_RollbackConfig_To_apps_RollbackConfig(in, out, s) -} - -func autoConvert_apps_RollbackConfig_To_v1beta1_RollbackConfig(in *apps.RollbackConfig, out *v1beta1.RollbackConfig, s conversion.Scope) error { - out.Revision = in.Revision - return nil -} - -// Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig is an autogenerated conversion function. -func Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig(in *apps.RollbackConfig, out *v1beta1.RollbackConfig, s conversion.Scope) error { - return autoConvert_apps_RollbackConfig_To_v1beta1_RollbackConfig(in, out, s) -} - -func autoConvert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1beta1.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1beta1.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1beta1.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1beta1.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_v1beta1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in *v1beta1.RollingUpdateStatefulSetStrategy, out *apps.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Partition, &out.Partition, s); err != nil { - return err - } - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - return nil -} - -// Convert_v1beta1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy is an autogenerated conversion function. -func Convert_v1beta1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in *v1beta1.RollingUpdateStatefulSetStrategy, out *apps.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - return autoConvert_v1beta1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in, out, s) -} - -func autoConvert_apps_RollingUpdateStatefulSetStrategy_To_v1beta1_RollingUpdateStatefulSetStrategy(in *apps.RollingUpdateStatefulSetStrategy, out *v1beta1.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Partition, &out.Partition, s); err != nil { - return err - } - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - return nil -} - -// Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta1_RollingUpdateStatefulSetStrategy is an autogenerated conversion function. -func Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta1_RollingUpdateStatefulSetStrategy(in *apps.RollingUpdateStatefulSetStrategy, out *v1beta1.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateStatefulSetStrategy_To_v1beta1_RollingUpdateStatefulSetStrategy(in, out, s) -} - -func autoConvert_v1beta1_Scale_To_autoscaling_Scale(in *v1beta1.Scale, out *autoscaling.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_Scale_To_autoscaling_Scale is an autogenerated conversion function. -func Convert_v1beta1_Scale_To_autoscaling_Scale(in *v1beta1.Scale, out *autoscaling.Scale, s conversion.Scope) error { - return autoConvert_v1beta1_Scale_To_autoscaling_Scale(in, out, s) -} - -func autoConvert_autoscaling_Scale_To_v1beta1_Scale(in *autoscaling.Scale, out *v1beta1.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_Scale_To_v1beta1_Scale is an autogenerated conversion function. -func Convert_autoscaling_Scale_To_v1beta1_Scale(in *autoscaling.Scale, out *v1beta1.Scale, s conversion.Scope) error { - return autoConvert_autoscaling_Scale_To_v1beta1_Scale(in, out, s) -} - -func autoConvert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(in *v1beta1.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec is an autogenerated conversion function. -func Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(in *v1beta1.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - return autoConvert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(in, out, s) -} - -func autoConvert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(in *autoscaling.ScaleSpec, out *v1beta1.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec is an autogenerated conversion function. -func Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(in *autoscaling.ScaleSpec, out *v1beta1.ScaleSpec, s conversion.Scope) error { - return autoConvert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(in, out, s) -} - -func autoConvert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(in *v1beta1.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - // WARNING: in.Selector requires manual conversion: inconvertible types (map[string]string vs string) - // WARNING: in.TargetSelector requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(in *autoscaling.ScaleStatus, out *v1beta1.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - // WARNING: in.Selector requires manual conversion: inconvertible types (string vs map[string]string) - return nil -} - -func autoConvert_v1beta1_StatefulSet_To_apps_StatefulSet(in *v1beta1.StatefulSet, out *apps.StatefulSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_StatefulSetSpec_To_apps_StatefulSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_StatefulSetStatus_To_apps_StatefulSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_StatefulSet_To_apps_StatefulSet is an autogenerated conversion function. -func Convert_v1beta1_StatefulSet_To_apps_StatefulSet(in *v1beta1.StatefulSet, out *apps.StatefulSet, s conversion.Scope) error { - return autoConvert_v1beta1_StatefulSet_To_apps_StatefulSet(in, out, s) -} - -func autoConvert_apps_StatefulSet_To_v1beta1_StatefulSet(in *apps.StatefulSet, out *v1beta1.StatefulSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_StatefulSetSpec_To_v1beta1_StatefulSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_StatefulSetStatus_To_v1beta1_StatefulSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_StatefulSet_To_v1beta1_StatefulSet is an autogenerated conversion function. -func Convert_apps_StatefulSet_To_v1beta1_StatefulSet(in *apps.StatefulSet, out *v1beta1.StatefulSet, s conversion.Scope) error { - return autoConvert_apps_StatefulSet_To_v1beta1_StatefulSet(in, out, s) -} - -func autoConvert_v1beta1_StatefulSetCondition_To_apps_StatefulSetCondition(in *v1beta1.StatefulSetCondition, out *apps.StatefulSetCondition, s conversion.Scope) error { - out.Type = apps.StatefulSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta1_StatefulSetCondition_To_apps_StatefulSetCondition is an autogenerated conversion function. -func Convert_v1beta1_StatefulSetCondition_To_apps_StatefulSetCondition(in *v1beta1.StatefulSetCondition, out *apps.StatefulSetCondition, s conversion.Scope) error { - return autoConvert_v1beta1_StatefulSetCondition_To_apps_StatefulSetCondition(in, out, s) -} - -func autoConvert_apps_StatefulSetCondition_To_v1beta1_StatefulSetCondition(in *apps.StatefulSetCondition, out *v1beta1.StatefulSetCondition, s conversion.Scope) error { - out.Type = v1beta1.StatefulSetConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_StatefulSetCondition_To_v1beta1_StatefulSetCondition is an autogenerated conversion function. -func Convert_apps_StatefulSetCondition_To_v1beta1_StatefulSetCondition(in *apps.StatefulSetCondition, out *v1beta1.StatefulSetCondition, s conversion.Scope) error { - return autoConvert_apps_StatefulSetCondition_To_v1beta1_StatefulSetCondition(in, out, s) -} - -func autoConvert_v1beta1_StatefulSetList_To_apps_StatefulSetList(in *v1beta1.StatefulSetList, out *apps.StatefulSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.StatefulSet, len(*in)) - for i := range *in { - if err := Convert_v1beta1_StatefulSet_To_apps_StatefulSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_StatefulSetList_To_apps_StatefulSetList is an autogenerated conversion function. -func Convert_v1beta1_StatefulSetList_To_apps_StatefulSetList(in *v1beta1.StatefulSetList, out *apps.StatefulSetList, s conversion.Scope) error { - return autoConvert_v1beta1_StatefulSetList_To_apps_StatefulSetList(in, out, s) -} - -func autoConvert_apps_StatefulSetList_To_v1beta1_StatefulSetList(in *apps.StatefulSetList, out *v1beta1.StatefulSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.StatefulSet, len(*in)) - for i := range *in { - if err := Convert_apps_StatefulSet_To_v1beta1_StatefulSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_StatefulSetList_To_v1beta1_StatefulSetList is an autogenerated conversion function. -func Convert_apps_StatefulSetList_To_v1beta1_StatefulSetList(in *apps.StatefulSetList, out *v1beta1.StatefulSetList, s conversion.Scope) error { - return autoConvert_apps_StatefulSetList_To_v1beta1_StatefulSetList(in, out, s) -} - -func autoConvert_v1beta1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in *v1beta1.StatefulSetOrdinals, out *apps.StatefulSetOrdinals, s conversion.Scope) error { - out.Start = in.Start - return nil -} - -// Convert_v1beta1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals is an autogenerated conversion function. -func Convert_v1beta1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in *v1beta1.StatefulSetOrdinals, out *apps.StatefulSetOrdinals, s conversion.Scope) error { - return autoConvert_v1beta1_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in, out, s) -} - -func autoConvert_apps_StatefulSetOrdinals_To_v1beta1_StatefulSetOrdinals(in *apps.StatefulSetOrdinals, out *v1beta1.StatefulSetOrdinals, s conversion.Scope) error { - out.Start = in.Start - return nil -} - -// Convert_apps_StatefulSetOrdinals_To_v1beta1_StatefulSetOrdinals is an autogenerated conversion function. -func Convert_apps_StatefulSetOrdinals_To_v1beta1_StatefulSetOrdinals(in *apps.StatefulSetOrdinals, out *v1beta1.StatefulSetOrdinals, s conversion.Scope) error { - return autoConvert_apps_StatefulSetOrdinals_To_v1beta1_StatefulSetOrdinals(in, out, s) -} - -func autoConvert_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in *v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy, out *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - out.WhenDeleted = apps.PersistentVolumeClaimRetentionPolicyType(in.WhenDeleted) - out.WhenScaled = apps.PersistentVolumeClaimRetentionPolicyType(in.WhenScaled) - return nil -} - -// Convert_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy is an autogenerated conversion function. -func Convert_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in *v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy, out *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - return autoConvert_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in, out, s) -} - -func autoConvert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy(in *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, out *v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - out.WhenDeleted = v1beta1.PersistentVolumeClaimRetentionPolicyType(in.WhenDeleted) - out.WhenScaled = v1beta1.PersistentVolumeClaimRetentionPolicyType(in.WhenScaled) - return nil -} - -// Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy is an autogenerated conversion function. -func Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy(in *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, out *v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - return autoConvert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta1_StatefulSetPersistentVolumeClaimRetentionPolicy(in, out, s) -} - -func autoConvert_v1beta1_StatefulSetSpec_To_apps_StatefulSetSpec(in *v1beta1.StatefulSetSpec, out *apps.StatefulSetSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.VolumeClaimTemplates = *(*[]core.PersistentVolumeClaim)(unsafe.Pointer(&in.VolumeClaimTemplates)) - out.ServiceName = in.ServiceName - out.PodManagementPolicy = apps.PodManagementPolicyType(in.PodManagementPolicy) - if err := Convert_v1beta1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.MinReadySeconds = in.MinReadySeconds - out.PersistentVolumeClaimRetentionPolicy = (*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(unsafe.Pointer(in.PersistentVolumeClaimRetentionPolicy)) - out.Ordinals = (*apps.StatefulSetOrdinals)(unsafe.Pointer(in.Ordinals)) - return nil -} - -func autoConvert_apps_StatefulSetSpec_To_v1beta1_StatefulSetSpec(in *apps.StatefulSetSpec, out *v1beta1.StatefulSetSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.VolumeClaimTemplates = *(*[]v1.PersistentVolumeClaim)(unsafe.Pointer(&in.VolumeClaimTemplates)) - out.ServiceName = in.ServiceName - out.PodManagementPolicy = v1beta1.PodManagementPolicyType(in.PodManagementPolicy) - if err := Convert_apps_StatefulSetUpdateStrategy_To_v1beta1_StatefulSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.MinReadySeconds = in.MinReadySeconds - out.PersistentVolumeClaimRetentionPolicy = (*v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy)(unsafe.Pointer(in.PersistentVolumeClaimRetentionPolicy)) - out.Ordinals = (*v1beta1.StatefulSetOrdinals)(unsafe.Pointer(in.Ordinals)) - return nil -} - -func autoConvert_v1beta1_StatefulSetStatus_To_apps_StatefulSetStatus(in *v1beta1.StatefulSetStatus, out *apps.StatefulSetStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.Replicas = in.Replicas - out.ReadyReplicas = in.ReadyReplicas - out.CurrentReplicas = in.CurrentReplicas - out.UpdatedReplicas = in.UpdatedReplicas - out.CurrentRevision = in.CurrentRevision - out.UpdateRevision = in.UpdateRevision - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]apps.StatefulSetCondition)(unsafe.Pointer(&in.Conditions)) - out.AvailableReplicas = in.AvailableReplicas - return nil -} - -// Convert_v1beta1_StatefulSetStatus_To_apps_StatefulSetStatus is an autogenerated conversion function. -func Convert_v1beta1_StatefulSetStatus_To_apps_StatefulSetStatus(in *v1beta1.StatefulSetStatus, out *apps.StatefulSetStatus, s conversion.Scope) error { - return autoConvert_v1beta1_StatefulSetStatus_To_apps_StatefulSetStatus(in, out, s) -} - -func autoConvert_apps_StatefulSetStatus_To_v1beta1_StatefulSetStatus(in *apps.StatefulSetStatus, out *v1beta1.StatefulSetStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.Replicas = in.Replicas - out.ReadyReplicas = in.ReadyReplicas - out.CurrentReplicas = in.CurrentReplicas - out.UpdatedReplicas = in.UpdatedReplicas - out.CurrentRevision = in.CurrentRevision - out.UpdateRevision = in.UpdateRevision - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]v1beta1.StatefulSetCondition)(unsafe.Pointer(&in.Conditions)) - out.AvailableReplicas = in.AvailableReplicas - return nil -} - -// Convert_apps_StatefulSetStatus_To_v1beta1_StatefulSetStatus is an autogenerated conversion function. -func Convert_apps_StatefulSetStatus_To_v1beta1_StatefulSetStatus(in *apps.StatefulSetStatus, out *v1beta1.StatefulSetStatus, s conversion.Scope) error { - return autoConvert_apps_StatefulSetStatus_To_v1beta1_StatefulSetStatus(in, out, s) -} - -func autoConvert_v1beta1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in *v1beta1.StatefulSetUpdateStrategy, out *apps.StatefulSetUpdateStrategy, s conversion.Scope) error { - out.Type = apps.StatefulSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateStatefulSetStrategy) - if err := Convert_v1beta1_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1beta1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy is an autogenerated conversion function. -func Convert_v1beta1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in *v1beta1.StatefulSetUpdateStrategy, out *apps.StatefulSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_v1beta1_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in, out, s) -} - -func autoConvert_apps_StatefulSetUpdateStrategy_To_v1beta1_StatefulSetUpdateStrategy(in *apps.StatefulSetUpdateStrategy, out *v1beta1.StatefulSetUpdateStrategy, s conversion.Scope) error { - out.Type = v1beta1.StatefulSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1beta1.RollingUpdateStatefulSetStrategy) - if err := Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta1_RollingUpdateStatefulSetStrategy(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_StatefulSetUpdateStrategy_To_v1beta1_StatefulSetUpdateStrategy is an autogenerated conversion function. -func Convert_apps_StatefulSetUpdateStrategy_To_v1beta1_StatefulSetUpdateStrategy(in *apps.StatefulSetUpdateStrategy, out *v1beta1.StatefulSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_apps_StatefulSetUpdateStrategy_To_v1beta1_StatefulSetUpdateStrategy(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 0f9434adcb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,598 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/apps/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.Deployment{}, func(obj interface{}) { SetObjectDefaults_Deployment(obj.(*v1beta1.Deployment)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.DeploymentList{}, func(obj interface{}) { SetObjectDefaults_DeploymentList(obj.(*v1beta1.DeploymentList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.StatefulSet{}, func(obj interface{}) { SetObjectDefaults_StatefulSet(obj.(*v1beta1.StatefulSet)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.StatefulSetList{}, func(obj interface{}) { SetObjectDefaults_StatefulSetList(obj.(*v1beta1.StatefulSetList)) }) - return nil -} - -func SetObjectDefaults_Deployment(in *v1beta1.Deployment) { - SetDefaults_Deployment(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_DeploymentList(in *v1beta1.DeploymentList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Deployment(a) - } -} - -func SetObjectDefaults_StatefulSet(in *v1beta1.StatefulSet) { - SetDefaults_StatefulSet(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) - for i := range in.Spec.VolumeClaimTemplates { - a := &in.Spec.VolumeClaimTemplates[i] - v1.SetDefaults_PersistentVolumeClaim(a) - v1.SetDefaults_PersistentVolumeClaimSpec(&a.Spec) - v1.SetDefaults_ResourceList(&a.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Spec.Resources.Requests) - v1.SetDefaults_ResourceList(&a.Status.Capacity) - v1.SetDefaults_ResourceList(&a.Status.AllocatedResources) - } -} - -func SetObjectDefaults_StatefulSetList(in *v1beta1.StatefulSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_StatefulSet(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/conversion.go deleted file mode 100644 index 0234c06d6d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/conversion.go +++ /dev/null @@ -1,225 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - "fmt" - "strconv" - - appsv1beta2 "k8s.io/api/apps/v1beta2" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/apis/apps" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/core" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - // Add field label conversions for kinds having selectable nothing but ObjectMeta fields. - if err := scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("StatefulSet"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", "metadata.namespace", "status.successful": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported for appsv1beta2.StatefulSet: %s", label) - } - }); err != nil { - return err - } - - return nil -} - -func Convert_autoscaling_ScaleStatus_To_v1beta2_ScaleStatus(in *autoscaling.ScaleStatus, out *appsv1beta2.ScaleStatus, s conversion.Scope) error { - out.Replicas = int32(in.Replicas) - out.TargetSelector = in.Selector - - out.Selector = nil - selector, err := metav1.ParseToLabelSelector(in.Selector) - if err != nil { - return fmt.Errorf("failed to parse selector: %v", err) - } - if len(selector.MatchExpressions) == 0 { - out.Selector = selector.MatchLabels - } - - return nil -} - -func Convert_v1beta2_ScaleStatus_To_autoscaling_ScaleStatus(in *appsv1beta2.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - - // Normally when 2 fields map to the same internal value we favor the old field, since - // old clients can't be expected to know about new fields but clients that know about the - // new field can be expected to know about the old field (though that's not quite true, due - // to kubectl apply). However, these fields are readonly, so any non-nil value should work. - if in.TargetSelector != "" { - out.Selector = in.TargetSelector - } else if in.Selector != nil { - set := labels.Set{} - for key, val := range in.Selector { - set[key] = val - } - out.Selector = labels.SelectorFromSet(set).String() - } else { - out.Selector = "" - } - return nil -} - -// Convert_apps_DeploymentSpec_To_v1beta2_DeploymentSpec is defined here, because public -// conversion is not auto-generated due to existing warnings. -func Convert_apps_DeploymentSpec_To_v1beta2_DeploymentSpec(in *apps.DeploymentSpec, out *appsv1beta2.DeploymentSpec, s conversion.Scope) error { - if err := autoConvert_apps_DeploymentSpec_To_v1beta2_DeploymentSpec(in, out, s); err != nil { - return err - } - return nil -} - -func Convert_v1beta2_Deployment_To_apps_Deployment(in *appsv1beta2.Deployment, out *apps.Deployment, s conversion.Scope) error { - if err := autoConvert_v1beta2_Deployment_To_apps_Deployment(in, out, s); err != nil { - return err - } - - // Copy annotation to deprecated rollbackTo field for roundtrip - // TODO: remove this conversion after we delete extensions/v1beta1 and apps/v1beta1 Deployment - if revision := in.Annotations[appsv1beta2.DeprecatedRollbackTo]; revision != "" { - if revision64, err := strconv.ParseInt(revision, 10, 64); err != nil { - return fmt.Errorf("failed to parse annotation[%s]=%s as int64: %v", appsv1beta2.DeprecatedRollbackTo, revision, err) - } else { - out.Spec.RollbackTo = new(apps.RollbackConfig) - out.Spec.RollbackTo.Revision = revision64 - } - out.Annotations = deepCopyStringMap(out.Annotations) - delete(out.Annotations, appsv1beta2.DeprecatedRollbackTo) - } else { - out.Spec.RollbackTo = nil - } - - return nil -} - -func Convert_apps_Deployment_To_v1beta2_Deployment(in *apps.Deployment, out *appsv1beta2.Deployment, s conversion.Scope) error { - if err := autoConvert_apps_Deployment_To_v1beta2_Deployment(in, out, s); err != nil { - return err - } - - out.Annotations = deepCopyStringMap(out.Annotations) // deep copy because we modify annotations below - // Copy deprecated rollbackTo field to annotation for roundtrip - // TODO: remove this conversion after we delete extensions/v1beta1 and apps/v1beta1 Deployment - if in.Spec.RollbackTo != nil { - if out.Annotations == nil { - out.Annotations = make(map[string]string) - } - out.Annotations[appsv1beta2.DeprecatedRollbackTo] = strconv.FormatInt(in.Spec.RollbackTo.Revision, 10) - } else { - delete(out.Annotations, appsv1beta2.DeprecatedRollbackTo) - } - - return nil -} - -func Convert_apps_DaemonSet_To_v1beta2_DaemonSet(in *apps.DaemonSet, out *appsv1beta2.DaemonSet, s conversion.Scope) error { - if err := autoConvert_apps_DaemonSet_To_v1beta2_DaemonSet(in, out, s); err != nil { - return err - } - - out.Annotations = deepCopyStringMap(out.Annotations) - out.Annotations[appsv1beta2.DeprecatedTemplateGeneration] = strconv.FormatInt(in.Spec.TemplateGeneration, 10) - return nil -} - -// Convert_apps_DaemonSetSpec_To_v1beta2_DaemonSetSpec is defined here, because public -// conversion is not auto-generated due to existing warnings. -func Convert_apps_DaemonSetSpec_To_v1beta2_DaemonSetSpec(in *apps.DaemonSetSpec, out *appsv1beta2.DaemonSetSpec, s conversion.Scope) error { - if err := autoConvert_apps_DaemonSetSpec_To_v1beta2_DaemonSetSpec(in, out, s); err != nil { - return err - } - return nil -} - -func Convert_v1beta2_DaemonSet_To_apps_DaemonSet(in *appsv1beta2.DaemonSet, out *apps.DaemonSet, s conversion.Scope) error { - if err := autoConvert_v1beta2_DaemonSet_To_apps_DaemonSet(in, out, s); err != nil { - return err - } - - if value, ok := in.Annotations[appsv1beta2.DeprecatedTemplateGeneration]; ok { - if value64, err := strconv.ParseInt(value, 10, 64); err != nil { - return err - } else { - out.Spec.TemplateGeneration = value64 - out.Annotations = deepCopyStringMap(out.Annotations) - delete(out.Annotations, appsv1beta2.DeprecatedTemplateGeneration) - } - } - - return nil -} - -func deepCopyStringMap(m map[string]string) map[string]string { - ret := make(map[string]string, len(m)) - for k, v := range m { - ret[k] = v - } - return ret -} - -// Convert_v1beta2_StatefulSetSpec_To_apps_StatefulSetSpec augments auto-conversion to preserve < 1.17 behavior -// setting apiVersion/kind in nested persistent volume claim objects. -func Convert_v1beta2_StatefulSetSpec_To_apps_StatefulSetSpec(in *appsv1beta2.StatefulSetSpec, out *apps.StatefulSetSpec, s conversion.Scope) error { - if err := autoConvert_v1beta2_StatefulSetSpec_To_apps_StatefulSetSpec(in, out, s); err != nil { - return err - } - // set APIVersion/Kind to behave the same as reflective conversion < 1.17. - // see https://issue.k8s.io/87583 - if out.VolumeClaimTemplates != nil { - // copy so we don't modify the input - templatesCopy := make([]core.PersistentVolumeClaim, len(out.VolumeClaimTemplates)) - copy(templatesCopy, out.VolumeClaimTemplates) - out.VolumeClaimTemplates = templatesCopy - for i := range out.VolumeClaimTemplates { - out.VolumeClaimTemplates[i].APIVersion = "" - out.VolumeClaimTemplates[i].Kind = "" - } - } - return nil -} - -// Convert_apps_StatefulSetSpec_To_v1beta2_StatefulSetSpec augments auto-conversion to preserve < 1.17 behavior -// setting apiVersion/kind in nested persistent volume claim objects. -func Convert_apps_StatefulSetSpec_To_v1beta2_StatefulSetSpec(in *apps.StatefulSetSpec, out *appsv1beta2.StatefulSetSpec, s conversion.Scope) error { - if err := autoConvert_apps_StatefulSetSpec_To_v1beta2_StatefulSetSpec(in, out, s); err != nil { - return err - } - // set APIVersion/Kind to behave the same as reflective conversion < 1.17. - // see https://issue.k8s.io/87583 - if out.VolumeClaimTemplates != nil { - // copy so we don't modify the input - templatesCopy := make([]corev1.PersistentVolumeClaim, len(out.VolumeClaimTemplates)) - copy(templatesCopy, out.VolumeClaimTemplates) - out.VolumeClaimTemplates = templatesCopy - for i := range out.VolumeClaimTemplates { - out.VolumeClaimTemplates[i].APIVersion = "v1" - out.VolumeClaimTemplates[i].Kind = "PersistentVolumeClaim" - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/defaults.go deleted file mode 100644 index 4f5be48e25..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/defaults.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - appsv1beta2 "k8s.io/api/apps/v1beta2" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/features" - "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_DaemonSet(obj *appsv1beta2.DaemonSet) { - updateStrategy := &obj.Spec.UpdateStrategy - if updateStrategy.Type == "" { - updateStrategy.Type = appsv1beta2.RollingUpdateDaemonSetStrategyType - } - if updateStrategy.Type == appsv1beta2.RollingUpdateDaemonSetStrategyType { - if updateStrategy.RollingUpdate == nil { - rollingUpdate := appsv1beta2.RollingUpdateDaemonSet{} - updateStrategy.RollingUpdate = &rollingUpdate - } - if updateStrategy.RollingUpdate.MaxUnavailable == nil { - // Set default MaxUnavailable as 1 by default. - maxUnavailable := intstr.FromInt(1) - updateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - if updateStrategy.RollingUpdate.MaxSurge == nil { - // Set default MaxSurge as 0 by default. - maxSurge := intstr.FromInt(0) - updateStrategy.RollingUpdate.MaxSurge = &maxSurge - } - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } -} - -func SetDefaults_StatefulSet(obj *appsv1beta2.StatefulSet) { - if len(obj.Spec.PodManagementPolicy) == 0 { - obj.Spec.PodManagementPolicy = appsv1beta2.OrderedReadyPodManagement - } - - if obj.Spec.UpdateStrategy.Type == "" { - obj.Spec.UpdateStrategy.Type = appsv1beta2.RollingUpdateStatefulSetStrategyType - - if obj.Spec.UpdateStrategy.RollingUpdate == nil { - // UpdateStrategy.RollingUpdate will take default values below. - obj.Spec.UpdateStrategy.RollingUpdate = &appsv1beta2.RollingUpdateStatefulSetStrategy{} - } - } - - if obj.Spec.UpdateStrategy.Type == appsv1beta2.RollingUpdateStatefulSetStrategyType && - obj.Spec.UpdateStrategy.RollingUpdate != nil { - - if obj.Spec.UpdateStrategy.RollingUpdate.Partition == nil { - obj.Spec.UpdateStrategy.RollingUpdate.Partition = pointer.Int32(0) - } - if utilfeature.DefaultFeatureGate.Enabled(features.MaxUnavailableStatefulSet) { - if obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable == nil { - maxUnavailable := intstr.FromInt(1) - obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - } - } - - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoDeletePVC) { - if obj.Spec.PersistentVolumeClaimRetentionPolicy == nil { - obj.Spec.PersistentVolumeClaimRetentionPolicy = &appsv1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy{} - } - if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted) == 0 { - obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted = appsv1beta2.RetainPersistentVolumeClaimRetentionPolicyType - } - if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled) == 0 { - obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled = appsv1beta2.RetainPersistentVolumeClaimRetentionPolicyType - } - } - - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } -} - -// SetDefaults_Deployment sets additional defaults compared to its counterpart -// in extensions. These addons are: -// - MaxUnavailable during rolling update set to 25% (1 in extensions) -// - MaxSurge value during rolling update set to 25% (1 in extensions) -// - RevisionHistoryLimit set to 10 (not set in extensions) -// - ProgressDeadlineSeconds set to 600s (not set in extensions) -func SetDefaults_Deployment(obj *appsv1beta2.Deployment) { - // Set appsv1beta2.DeploymentSpec.Replicas to 1 if it is not set. - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } - strategy := &obj.Spec.Strategy - // Set default appsv1beta2.DeploymentStrategyType as RollingUpdate. - if strategy.Type == "" { - strategy.Type = appsv1beta2.RollingUpdateDeploymentStrategyType - } - if strategy.Type == appsv1beta2.RollingUpdateDeploymentStrategyType { - if strategy.RollingUpdate == nil { - rollingUpdate := appsv1beta2.RollingUpdateDeployment{} - strategy.RollingUpdate = &rollingUpdate - } - if strategy.RollingUpdate.MaxUnavailable == nil { - // Set default MaxUnavailable as 25% by default. - maxUnavailable := intstr.FromString("25%") - strategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - if strategy.RollingUpdate.MaxSurge == nil { - // Set default MaxSurge as 25% by default. - maxSurge := intstr.FromString("25%") - strategy.RollingUpdate.MaxSurge = &maxSurge - } - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } - if obj.Spec.ProgressDeadlineSeconds == nil { - obj.Spec.ProgressDeadlineSeconds = new(int32) - *obj.Spec.ProgressDeadlineSeconds = 600 - } -} - -func SetDefaults_ReplicaSet(obj *appsv1beta2.ReplicaSet) { - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/doc.go deleted file mode 100644 index fbc652dbae..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/apps -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling -// +k8s:conversion-gen-external-types=k8s.io/api/apps/v1beta2 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/apps/v1beta2 - -package v1beta2 // import "k8s.io/kubernetes/pkg/apis/apps/v1beta2" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/register.go deleted file mode 100644 index 99e7a56b1a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - appsv1beta2 "k8s.io/api/apps/v1beta2" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "apps" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta2"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &appsv1beta2.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/zz_generated.conversion.go deleted file mode 100644 index 884bb3f0b1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/zz_generated.conversion.go +++ /dev/null @@ -1,1438 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta2 - -import ( - unsafe "unsafe" - - v1beta2 "k8s.io/api/apps/v1beta2" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - apps "k8s.io/kubernetes/pkg/apis/apps" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta2.ControllerRevision)(nil), (*apps.ControllerRevision)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ControllerRevision_To_apps_ControllerRevision(a.(*v1beta2.ControllerRevision), b.(*apps.ControllerRevision), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ControllerRevision)(nil), (*v1beta2.ControllerRevision)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ControllerRevision_To_v1beta2_ControllerRevision(a.(*apps.ControllerRevision), b.(*v1beta2.ControllerRevision), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ControllerRevisionList)(nil), (*apps.ControllerRevisionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ControllerRevisionList_To_apps_ControllerRevisionList(a.(*v1beta2.ControllerRevisionList), b.(*apps.ControllerRevisionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ControllerRevisionList)(nil), (*v1beta2.ControllerRevisionList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ControllerRevisionList_To_v1beta2_ControllerRevisionList(a.(*apps.ControllerRevisionList), b.(*v1beta2.ControllerRevisionList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DaemonSetCondition)(nil), (*apps.DaemonSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DaemonSetCondition_To_apps_DaemonSetCondition(a.(*v1beta2.DaemonSetCondition), b.(*apps.DaemonSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetCondition)(nil), (*v1beta2.DaemonSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetCondition_To_v1beta2_DaemonSetCondition(a.(*apps.DaemonSetCondition), b.(*v1beta2.DaemonSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DaemonSetList)(nil), (*apps.DaemonSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DaemonSetList_To_apps_DaemonSetList(a.(*v1beta2.DaemonSetList), b.(*apps.DaemonSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetList)(nil), (*v1beta2.DaemonSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetList_To_v1beta2_DaemonSetList(a.(*apps.DaemonSetList), b.(*v1beta2.DaemonSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DaemonSetSpec)(nil), (*apps.DaemonSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DaemonSetSpec_To_apps_DaemonSetSpec(a.(*v1beta2.DaemonSetSpec), b.(*apps.DaemonSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DaemonSetStatus)(nil), (*apps.DaemonSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DaemonSetStatus_To_apps_DaemonSetStatus(a.(*v1beta2.DaemonSetStatus), b.(*apps.DaemonSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetStatus)(nil), (*v1beta2.DaemonSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetStatus_To_v1beta2_DaemonSetStatus(a.(*apps.DaemonSetStatus), b.(*v1beta2.DaemonSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DaemonSetUpdateStrategy)(nil), (*apps.DaemonSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(a.(*v1beta2.DaemonSetUpdateStrategy), b.(*apps.DaemonSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetUpdateStrategy)(nil), (*v1beta2.DaemonSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetUpdateStrategy_To_v1beta2_DaemonSetUpdateStrategy(a.(*apps.DaemonSetUpdateStrategy), b.(*v1beta2.DaemonSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DeploymentCondition)(nil), (*apps.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DeploymentCondition_To_apps_DeploymentCondition(a.(*v1beta2.DeploymentCondition), b.(*apps.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentCondition)(nil), (*v1beta2.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentCondition_To_v1beta2_DeploymentCondition(a.(*apps.DeploymentCondition), b.(*v1beta2.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DeploymentList)(nil), (*apps.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DeploymentList_To_apps_DeploymentList(a.(*v1beta2.DeploymentList), b.(*apps.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentList)(nil), (*v1beta2.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentList_To_v1beta2_DeploymentList(a.(*apps.DeploymentList), b.(*v1beta2.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DeploymentSpec)(nil), (*apps.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DeploymentSpec_To_apps_DeploymentSpec(a.(*v1beta2.DeploymentSpec), b.(*apps.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DeploymentStatus)(nil), (*apps.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DeploymentStatus_To_apps_DeploymentStatus(a.(*v1beta2.DeploymentStatus), b.(*apps.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStatus)(nil), (*v1beta2.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStatus_To_v1beta2_DeploymentStatus(a.(*apps.DeploymentStatus), b.(*v1beta2.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.DeploymentStrategy)(nil), (*apps.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DeploymentStrategy_To_apps_DeploymentStrategy(a.(*v1beta2.DeploymentStrategy), b.(*apps.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStrategy)(nil), (*v1beta2.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStrategy_To_v1beta2_DeploymentStrategy(a.(*apps.DeploymentStrategy), b.(*v1beta2.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ReplicaSet)(nil), (*apps.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ReplicaSet_To_apps_ReplicaSet(a.(*v1beta2.ReplicaSet), b.(*apps.ReplicaSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSet)(nil), (*v1beta2.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSet_To_v1beta2_ReplicaSet(a.(*apps.ReplicaSet), b.(*v1beta2.ReplicaSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ReplicaSetCondition)(nil), (*apps.ReplicaSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ReplicaSetCondition_To_apps_ReplicaSetCondition(a.(*v1beta2.ReplicaSetCondition), b.(*apps.ReplicaSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetCondition)(nil), (*v1beta2.ReplicaSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetCondition_To_v1beta2_ReplicaSetCondition(a.(*apps.ReplicaSetCondition), b.(*v1beta2.ReplicaSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ReplicaSetList)(nil), (*apps.ReplicaSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ReplicaSetList_To_apps_ReplicaSetList(a.(*v1beta2.ReplicaSetList), b.(*apps.ReplicaSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetList)(nil), (*v1beta2.ReplicaSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetList_To_v1beta2_ReplicaSetList(a.(*apps.ReplicaSetList), b.(*v1beta2.ReplicaSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ReplicaSetSpec)(nil), (*apps.ReplicaSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ReplicaSetSpec_To_apps_ReplicaSetSpec(a.(*v1beta2.ReplicaSetSpec), b.(*apps.ReplicaSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetSpec)(nil), (*v1beta2.ReplicaSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetSpec_To_v1beta2_ReplicaSetSpec(a.(*apps.ReplicaSetSpec), b.(*v1beta2.ReplicaSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ReplicaSetStatus)(nil), (*apps.ReplicaSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ReplicaSetStatus_To_apps_ReplicaSetStatus(a.(*v1beta2.ReplicaSetStatus), b.(*apps.ReplicaSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetStatus)(nil), (*v1beta2.ReplicaSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetStatus_To_v1beta2_ReplicaSetStatus(a.(*apps.ReplicaSetStatus), b.(*v1beta2.ReplicaSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.RollingUpdateDaemonSet)(nil), (*apps.RollingUpdateDaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(a.(*v1beta2.RollingUpdateDaemonSet), b.(*apps.RollingUpdateDaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateDaemonSet)(nil), (*v1beta2.RollingUpdateDaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateDaemonSet_To_v1beta2_RollingUpdateDaemonSet(a.(*apps.RollingUpdateDaemonSet), b.(*v1beta2.RollingUpdateDaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.RollingUpdateDeployment)(nil), (*apps.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(a.(*v1beta2.RollingUpdateDeployment), b.(*apps.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateDeployment)(nil), (*v1beta2.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateDeployment_To_v1beta2_RollingUpdateDeployment(a.(*apps.RollingUpdateDeployment), b.(*v1beta2.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.RollingUpdateStatefulSetStrategy)(nil), (*apps.RollingUpdateStatefulSetStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(a.(*v1beta2.RollingUpdateStatefulSetStrategy), b.(*apps.RollingUpdateStatefulSetStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateStatefulSetStrategy)(nil), (*v1beta2.RollingUpdateStatefulSetStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta2_RollingUpdateStatefulSetStrategy(a.(*apps.RollingUpdateStatefulSetStrategy), b.(*v1beta2.RollingUpdateStatefulSetStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.Scale)(nil), (*autoscaling.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_Scale_To_autoscaling_Scale(a.(*v1beta2.Scale), b.(*autoscaling.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.Scale)(nil), (*v1beta2.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_Scale_To_v1beta2_Scale(a.(*autoscaling.Scale), b.(*v1beta2.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ScaleSpec)(nil), (*autoscaling.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ScaleSpec_To_autoscaling_ScaleSpec(a.(*v1beta2.ScaleSpec), b.(*autoscaling.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ScaleSpec)(nil), (*v1beta2.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleSpec_To_v1beta2_ScaleSpec(a.(*autoscaling.ScaleSpec), b.(*v1beta2.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.StatefulSet)(nil), (*apps.StatefulSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSet_To_apps_StatefulSet(a.(*v1beta2.StatefulSet), b.(*apps.StatefulSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSet)(nil), (*v1beta2.StatefulSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSet_To_v1beta2_StatefulSet(a.(*apps.StatefulSet), b.(*v1beta2.StatefulSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.StatefulSetCondition)(nil), (*apps.StatefulSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSetCondition_To_apps_StatefulSetCondition(a.(*v1beta2.StatefulSetCondition), b.(*apps.StatefulSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetCondition)(nil), (*v1beta2.StatefulSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetCondition_To_v1beta2_StatefulSetCondition(a.(*apps.StatefulSetCondition), b.(*v1beta2.StatefulSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.StatefulSetList)(nil), (*apps.StatefulSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSetList_To_apps_StatefulSetList(a.(*v1beta2.StatefulSetList), b.(*apps.StatefulSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetList)(nil), (*v1beta2.StatefulSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetList_To_v1beta2_StatefulSetList(a.(*apps.StatefulSetList), b.(*v1beta2.StatefulSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.StatefulSetOrdinals)(nil), (*apps.StatefulSetOrdinals)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(a.(*v1beta2.StatefulSetOrdinals), b.(*apps.StatefulSetOrdinals), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetOrdinals)(nil), (*v1beta2.StatefulSetOrdinals)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetOrdinals_To_v1beta2_StatefulSetOrdinals(a.(*apps.StatefulSetOrdinals), b.(*v1beta2.StatefulSetOrdinals), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), (*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(a.(*v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy), b.(*apps.StatefulSetPersistentVolumeClaimRetentionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), (*v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy(a.(*apps.StatefulSetPersistentVolumeClaimRetentionPolicy), b.(*v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.StatefulSetStatus)(nil), (*apps.StatefulSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSetStatus_To_apps_StatefulSetStatus(a.(*v1beta2.StatefulSetStatus), b.(*apps.StatefulSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetStatus)(nil), (*v1beta2.StatefulSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetStatus_To_v1beta2_StatefulSetStatus(a.(*apps.StatefulSetStatus), b.(*v1beta2.StatefulSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.StatefulSetUpdateStrategy)(nil), (*apps.StatefulSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(a.(*v1beta2.StatefulSetUpdateStrategy), b.(*apps.StatefulSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.StatefulSetUpdateStrategy)(nil), (*v1beta2.StatefulSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetUpdateStrategy_To_v1beta2_StatefulSetUpdateStrategy(a.(*apps.StatefulSetUpdateStrategy), b.(*v1beta2.StatefulSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.DaemonSetSpec)(nil), (*v1beta2.DaemonSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetSpec_To_v1beta2_DaemonSetSpec(a.(*apps.DaemonSetSpec), b.(*v1beta2.DaemonSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.DaemonSet)(nil), (*v1beta2.DaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSet_To_v1beta2_DaemonSet(a.(*apps.DaemonSet), b.(*v1beta2.DaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.DeploymentSpec)(nil), (*v1beta2.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentSpec_To_v1beta2_DeploymentSpec(a.(*apps.DeploymentSpec), b.(*v1beta2.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.Deployment)(nil), (*v1beta2.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_Deployment_To_v1beta2_Deployment(a.(*apps.Deployment), b.(*v1beta2.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.StatefulSetSpec)(nil), (*v1beta2.StatefulSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_StatefulSetSpec_To_v1beta2_StatefulSetSpec(a.(*apps.StatefulSetSpec), b.(*v1beta2.StatefulSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ScaleStatus)(nil), (*v1beta2.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleStatus_To_v1beta2_ScaleStatus(a.(*autoscaling.ScaleStatus), b.(*v1beta2.ScaleStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta2.DaemonSet)(nil), (*apps.DaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_DaemonSet_To_apps_DaemonSet(a.(*v1beta2.DaemonSet), b.(*apps.DaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta2.Deployment)(nil), (*apps.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_Deployment_To_apps_Deployment(a.(*v1beta2.Deployment), b.(*apps.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta2.ScaleStatus)(nil), (*autoscaling.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ScaleStatus_To_autoscaling_ScaleStatus(a.(*v1beta2.ScaleStatus), b.(*autoscaling.ScaleStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta2.StatefulSetSpec)(nil), (*apps.StatefulSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_StatefulSetSpec_To_apps_StatefulSetSpec(a.(*v1beta2.StatefulSetSpec), b.(*apps.StatefulSetSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta2_ControllerRevision_To_apps_ControllerRevision(in *v1beta2.ControllerRevision, out *apps.ControllerRevision, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Data, &out.Data, s); err != nil { - return err - } - out.Revision = in.Revision - return nil -} - -// Convert_v1beta2_ControllerRevision_To_apps_ControllerRevision is an autogenerated conversion function. -func Convert_v1beta2_ControllerRevision_To_apps_ControllerRevision(in *v1beta2.ControllerRevision, out *apps.ControllerRevision, s conversion.Scope) error { - return autoConvert_v1beta2_ControllerRevision_To_apps_ControllerRevision(in, out, s) -} - -func autoConvert_apps_ControllerRevision_To_v1beta2_ControllerRevision(in *apps.ControllerRevision, out *v1beta2.ControllerRevision, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Data, &out.Data, s); err != nil { - return err - } - out.Revision = in.Revision - return nil -} - -// Convert_apps_ControllerRevision_To_v1beta2_ControllerRevision is an autogenerated conversion function. -func Convert_apps_ControllerRevision_To_v1beta2_ControllerRevision(in *apps.ControllerRevision, out *v1beta2.ControllerRevision, s conversion.Scope) error { - return autoConvert_apps_ControllerRevision_To_v1beta2_ControllerRevision(in, out, s) -} - -func autoConvert_v1beta2_ControllerRevisionList_To_apps_ControllerRevisionList(in *v1beta2.ControllerRevisionList, out *apps.ControllerRevisionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.ControllerRevision, len(*in)) - for i := range *in { - if err := Convert_v1beta2_ControllerRevision_To_apps_ControllerRevision(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta2_ControllerRevisionList_To_apps_ControllerRevisionList is an autogenerated conversion function. -func Convert_v1beta2_ControllerRevisionList_To_apps_ControllerRevisionList(in *v1beta2.ControllerRevisionList, out *apps.ControllerRevisionList, s conversion.Scope) error { - return autoConvert_v1beta2_ControllerRevisionList_To_apps_ControllerRevisionList(in, out, s) -} - -func autoConvert_apps_ControllerRevisionList_To_v1beta2_ControllerRevisionList(in *apps.ControllerRevisionList, out *v1beta2.ControllerRevisionList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta2.ControllerRevision, len(*in)) - for i := range *in { - if err := Convert_apps_ControllerRevision_To_v1beta2_ControllerRevision(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_ControllerRevisionList_To_v1beta2_ControllerRevisionList is an autogenerated conversion function. -func Convert_apps_ControllerRevisionList_To_v1beta2_ControllerRevisionList(in *apps.ControllerRevisionList, out *v1beta2.ControllerRevisionList, s conversion.Scope) error { - return autoConvert_apps_ControllerRevisionList_To_v1beta2_ControllerRevisionList(in, out, s) -} - -func autoConvert_v1beta2_DaemonSet_To_apps_DaemonSet(in *v1beta2.DaemonSet, out *apps.DaemonSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta2_DaemonSetSpec_To_apps_DaemonSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta2_DaemonSetStatus_To_apps_DaemonSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_apps_DaemonSet_To_v1beta2_DaemonSet(in *apps.DaemonSet, out *v1beta2.DaemonSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_DaemonSetSpec_To_v1beta2_DaemonSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_DaemonSetStatus_To_v1beta2_DaemonSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta2_DaemonSetCondition_To_apps_DaemonSetCondition(in *v1beta2.DaemonSetCondition, out *apps.DaemonSetCondition, s conversion.Scope) error { - out.Type = apps.DaemonSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta2_DaemonSetCondition_To_apps_DaemonSetCondition is an autogenerated conversion function. -func Convert_v1beta2_DaemonSetCondition_To_apps_DaemonSetCondition(in *v1beta2.DaemonSetCondition, out *apps.DaemonSetCondition, s conversion.Scope) error { - return autoConvert_v1beta2_DaemonSetCondition_To_apps_DaemonSetCondition(in, out, s) -} - -func autoConvert_apps_DaemonSetCondition_To_v1beta2_DaemonSetCondition(in *apps.DaemonSetCondition, out *v1beta2.DaemonSetCondition, s conversion.Scope) error { - out.Type = v1beta2.DaemonSetConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_DaemonSetCondition_To_v1beta2_DaemonSetCondition is an autogenerated conversion function. -func Convert_apps_DaemonSetCondition_To_v1beta2_DaemonSetCondition(in *apps.DaemonSetCondition, out *v1beta2.DaemonSetCondition, s conversion.Scope) error { - return autoConvert_apps_DaemonSetCondition_To_v1beta2_DaemonSetCondition(in, out, s) -} - -func autoConvert_v1beta2_DaemonSetList_To_apps_DaemonSetList(in *v1beta2.DaemonSetList, out *apps.DaemonSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.DaemonSet, len(*in)) - for i := range *in { - if err := Convert_v1beta2_DaemonSet_To_apps_DaemonSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta2_DaemonSetList_To_apps_DaemonSetList is an autogenerated conversion function. -func Convert_v1beta2_DaemonSetList_To_apps_DaemonSetList(in *v1beta2.DaemonSetList, out *apps.DaemonSetList, s conversion.Scope) error { - return autoConvert_v1beta2_DaemonSetList_To_apps_DaemonSetList(in, out, s) -} - -func autoConvert_apps_DaemonSetList_To_v1beta2_DaemonSetList(in *apps.DaemonSetList, out *v1beta2.DaemonSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta2.DaemonSet, len(*in)) - for i := range *in { - if err := Convert_apps_DaemonSet_To_v1beta2_DaemonSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_DaemonSetList_To_v1beta2_DaemonSetList is an autogenerated conversion function. -func Convert_apps_DaemonSetList_To_v1beta2_DaemonSetList(in *apps.DaemonSetList, out *v1beta2.DaemonSetList, s conversion.Scope) error { - return autoConvert_apps_DaemonSetList_To_v1beta2_DaemonSetList(in, out, s) -} - -func autoConvert_v1beta2_DaemonSetSpec_To_apps_DaemonSetSpec(in *v1beta2.DaemonSetSpec, out *apps.DaemonSetSpec, s conversion.Scope) error { - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_v1beta2_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - return nil -} - -// Convert_v1beta2_DaemonSetSpec_To_apps_DaemonSetSpec is an autogenerated conversion function. -func Convert_v1beta2_DaemonSetSpec_To_apps_DaemonSetSpec(in *v1beta2.DaemonSetSpec, out *apps.DaemonSetSpec, s conversion.Scope) error { - return autoConvert_v1beta2_DaemonSetSpec_To_apps_DaemonSetSpec(in, out, s) -} - -func autoConvert_apps_DaemonSetSpec_To_v1beta2_DaemonSetSpec(in *apps.DaemonSetSpec, out *v1beta2.DaemonSetSpec, s conversion.Scope) error { - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_apps_DaemonSetUpdateStrategy_To_v1beta2_DaemonSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - // WARNING: in.TemplateGeneration requires manual conversion: does not exist in peer-type - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - return nil -} - -func autoConvert_v1beta2_DaemonSetStatus_To_apps_DaemonSetStatus(in *v1beta2.DaemonSetStatus, out *apps.DaemonSetStatus, s conversion.Scope) error { - out.CurrentNumberScheduled = in.CurrentNumberScheduled - out.NumberMisscheduled = in.NumberMisscheduled - out.DesiredNumberScheduled = in.DesiredNumberScheduled - out.NumberReady = in.NumberReady - out.ObservedGeneration = in.ObservedGeneration - out.UpdatedNumberScheduled = in.UpdatedNumberScheduled - out.NumberAvailable = in.NumberAvailable - out.NumberUnavailable = in.NumberUnavailable - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]apps.DaemonSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta2_DaemonSetStatus_To_apps_DaemonSetStatus is an autogenerated conversion function. -func Convert_v1beta2_DaemonSetStatus_To_apps_DaemonSetStatus(in *v1beta2.DaemonSetStatus, out *apps.DaemonSetStatus, s conversion.Scope) error { - return autoConvert_v1beta2_DaemonSetStatus_To_apps_DaemonSetStatus(in, out, s) -} - -func autoConvert_apps_DaemonSetStatus_To_v1beta2_DaemonSetStatus(in *apps.DaemonSetStatus, out *v1beta2.DaemonSetStatus, s conversion.Scope) error { - out.CurrentNumberScheduled = in.CurrentNumberScheduled - out.NumberMisscheduled = in.NumberMisscheduled - out.DesiredNumberScheduled = in.DesiredNumberScheduled - out.NumberReady = in.NumberReady - out.ObservedGeneration = in.ObservedGeneration - out.UpdatedNumberScheduled = in.UpdatedNumberScheduled - out.NumberAvailable = in.NumberAvailable - out.NumberUnavailable = in.NumberUnavailable - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]v1beta2.DaemonSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_apps_DaemonSetStatus_To_v1beta2_DaemonSetStatus is an autogenerated conversion function. -func Convert_apps_DaemonSetStatus_To_v1beta2_DaemonSetStatus(in *apps.DaemonSetStatus, out *v1beta2.DaemonSetStatus, s conversion.Scope) error { - return autoConvert_apps_DaemonSetStatus_To_v1beta2_DaemonSetStatus(in, out, s) -} - -func autoConvert_v1beta2_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in *v1beta2.DaemonSetUpdateStrategy, out *apps.DaemonSetUpdateStrategy, s conversion.Scope) error { - out.Type = apps.DaemonSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateDaemonSet) - if err := Convert_v1beta2_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1beta2_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy is an autogenerated conversion function. -func Convert_v1beta2_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in *v1beta2.DaemonSetUpdateStrategy, out *apps.DaemonSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_v1beta2_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in, out, s) -} - -func autoConvert_apps_DaemonSetUpdateStrategy_To_v1beta2_DaemonSetUpdateStrategy(in *apps.DaemonSetUpdateStrategy, out *v1beta2.DaemonSetUpdateStrategy, s conversion.Scope) error { - out.Type = v1beta2.DaemonSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1beta2.RollingUpdateDaemonSet) - if err := Convert_apps_RollingUpdateDaemonSet_To_v1beta2_RollingUpdateDaemonSet(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_DaemonSetUpdateStrategy_To_v1beta2_DaemonSetUpdateStrategy is an autogenerated conversion function. -func Convert_apps_DaemonSetUpdateStrategy_To_v1beta2_DaemonSetUpdateStrategy(in *apps.DaemonSetUpdateStrategy, out *v1beta2.DaemonSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_apps_DaemonSetUpdateStrategy_To_v1beta2_DaemonSetUpdateStrategy(in, out, s) -} - -func autoConvert_v1beta2_Deployment_To_apps_Deployment(in *v1beta2.Deployment, out *apps.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta2_DeploymentSpec_To_apps_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta2_DeploymentStatus_To_apps_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_apps_Deployment_To_v1beta2_Deployment(in *apps.Deployment, out *v1beta2.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_DeploymentSpec_To_v1beta2_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStatus_To_v1beta2_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta2_DeploymentCondition_To_apps_DeploymentCondition(in *v1beta2.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - out.Type = apps.DeploymentConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta2_DeploymentCondition_To_apps_DeploymentCondition is an autogenerated conversion function. -func Convert_v1beta2_DeploymentCondition_To_apps_DeploymentCondition(in *v1beta2.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - return autoConvert_v1beta2_DeploymentCondition_To_apps_DeploymentCondition(in, out, s) -} - -func autoConvert_apps_DeploymentCondition_To_v1beta2_DeploymentCondition(in *apps.DeploymentCondition, out *v1beta2.DeploymentCondition, s conversion.Scope) error { - out.Type = v1beta2.DeploymentConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_DeploymentCondition_To_v1beta2_DeploymentCondition is an autogenerated conversion function. -func Convert_apps_DeploymentCondition_To_v1beta2_DeploymentCondition(in *apps.DeploymentCondition, out *v1beta2.DeploymentCondition, s conversion.Scope) error { - return autoConvert_apps_DeploymentCondition_To_v1beta2_DeploymentCondition(in, out, s) -} - -func autoConvert_v1beta2_DeploymentList_To_apps_DeploymentList(in *v1beta2.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.Deployment, len(*in)) - for i := range *in { - if err := Convert_v1beta2_Deployment_To_apps_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta2_DeploymentList_To_apps_DeploymentList is an autogenerated conversion function. -func Convert_v1beta2_DeploymentList_To_apps_DeploymentList(in *v1beta2.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - return autoConvert_v1beta2_DeploymentList_To_apps_DeploymentList(in, out, s) -} - -func autoConvert_apps_DeploymentList_To_v1beta2_DeploymentList(in *apps.DeploymentList, out *v1beta2.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta2.Deployment, len(*in)) - for i := range *in { - if err := Convert_apps_Deployment_To_v1beta2_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_DeploymentList_To_v1beta2_DeploymentList is an autogenerated conversion function. -func Convert_apps_DeploymentList_To_v1beta2_DeploymentList(in *apps.DeploymentList, out *v1beta2.DeploymentList, s conversion.Scope) error { - return autoConvert_apps_DeploymentList_To_v1beta2_DeploymentList(in, out, s) -} - -func autoConvert_v1beta2_DeploymentSpec_To_apps_DeploymentSpec(in *v1beta2.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_v1beta2_DeploymentStrategy_To_apps_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -// Convert_v1beta2_DeploymentSpec_To_apps_DeploymentSpec is an autogenerated conversion function. -func Convert_v1beta2_DeploymentSpec_To_apps_DeploymentSpec(in *v1beta2.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - return autoConvert_v1beta2_DeploymentSpec_To_apps_DeploymentSpec(in, out, s) -} - -func autoConvert_apps_DeploymentSpec_To_v1beta2_DeploymentSpec(in *apps.DeploymentSpec, out *v1beta2.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStrategy_To_v1beta2_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - // WARNING: in.RollbackTo requires manual conversion: does not exist in peer-type - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -func autoConvert_v1beta2_DeploymentStatus_To_apps_DeploymentStatus(in *v1beta2.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]apps.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_v1beta2_DeploymentStatus_To_apps_DeploymentStatus is an autogenerated conversion function. -func Convert_v1beta2_DeploymentStatus_To_apps_DeploymentStatus(in *v1beta2.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - return autoConvert_v1beta2_DeploymentStatus_To_apps_DeploymentStatus(in, out, s) -} - -func autoConvert_apps_DeploymentStatus_To_v1beta2_DeploymentStatus(in *apps.DeploymentStatus, out *v1beta2.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]v1beta2.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_apps_DeploymentStatus_To_v1beta2_DeploymentStatus is an autogenerated conversion function. -func Convert_apps_DeploymentStatus_To_v1beta2_DeploymentStatus(in *apps.DeploymentStatus, out *v1beta2.DeploymentStatus, s conversion.Scope) error { - return autoConvert_apps_DeploymentStatus_To_v1beta2_DeploymentStatus(in, out, s) -} - -func autoConvert_v1beta2_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1beta2.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - out.Type = apps.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateDeployment) - if err := Convert_v1beta2_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1beta2_DeploymentStrategy_To_apps_DeploymentStrategy is an autogenerated conversion function. -func Convert_v1beta2_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1beta2.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_v1beta2_DeploymentStrategy_To_apps_DeploymentStrategy(in, out, s) -} - -func autoConvert_apps_DeploymentStrategy_To_v1beta2_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1beta2.DeploymentStrategy, s conversion.Scope) error { - out.Type = v1beta2.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1beta2.RollingUpdateDeployment) - if err := Convert_apps_RollingUpdateDeployment_To_v1beta2_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_DeploymentStrategy_To_v1beta2_DeploymentStrategy is an autogenerated conversion function. -func Convert_apps_DeploymentStrategy_To_v1beta2_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1beta2.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_apps_DeploymentStrategy_To_v1beta2_DeploymentStrategy(in, out, s) -} - -func autoConvert_v1beta2_ReplicaSet_To_apps_ReplicaSet(in *v1beta2.ReplicaSet, out *apps.ReplicaSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta2_ReplicaSetSpec_To_apps_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta2_ReplicaSetStatus_To_apps_ReplicaSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_ReplicaSet_To_apps_ReplicaSet is an autogenerated conversion function. -func Convert_v1beta2_ReplicaSet_To_apps_ReplicaSet(in *v1beta2.ReplicaSet, out *apps.ReplicaSet, s conversion.Scope) error { - return autoConvert_v1beta2_ReplicaSet_To_apps_ReplicaSet(in, out, s) -} - -func autoConvert_apps_ReplicaSet_To_v1beta2_ReplicaSet(in *apps.ReplicaSet, out *v1beta2.ReplicaSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_ReplicaSetSpec_To_v1beta2_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_ReplicaSetStatus_To_v1beta2_ReplicaSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_ReplicaSet_To_v1beta2_ReplicaSet is an autogenerated conversion function. -func Convert_apps_ReplicaSet_To_v1beta2_ReplicaSet(in *apps.ReplicaSet, out *v1beta2.ReplicaSet, s conversion.Scope) error { - return autoConvert_apps_ReplicaSet_To_v1beta2_ReplicaSet(in, out, s) -} - -func autoConvert_v1beta2_ReplicaSetCondition_To_apps_ReplicaSetCondition(in *v1beta2.ReplicaSetCondition, out *apps.ReplicaSetCondition, s conversion.Scope) error { - out.Type = apps.ReplicaSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta2_ReplicaSetCondition_To_apps_ReplicaSetCondition is an autogenerated conversion function. -func Convert_v1beta2_ReplicaSetCondition_To_apps_ReplicaSetCondition(in *v1beta2.ReplicaSetCondition, out *apps.ReplicaSetCondition, s conversion.Scope) error { - return autoConvert_v1beta2_ReplicaSetCondition_To_apps_ReplicaSetCondition(in, out, s) -} - -func autoConvert_apps_ReplicaSetCondition_To_v1beta2_ReplicaSetCondition(in *apps.ReplicaSetCondition, out *v1beta2.ReplicaSetCondition, s conversion.Scope) error { - out.Type = v1beta2.ReplicaSetConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_ReplicaSetCondition_To_v1beta2_ReplicaSetCondition is an autogenerated conversion function. -func Convert_apps_ReplicaSetCondition_To_v1beta2_ReplicaSetCondition(in *apps.ReplicaSetCondition, out *v1beta2.ReplicaSetCondition, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetCondition_To_v1beta2_ReplicaSetCondition(in, out, s) -} - -func autoConvert_v1beta2_ReplicaSetList_To_apps_ReplicaSetList(in *v1beta2.ReplicaSetList, out *apps.ReplicaSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.ReplicaSet, len(*in)) - for i := range *in { - if err := Convert_v1beta2_ReplicaSet_To_apps_ReplicaSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta2_ReplicaSetList_To_apps_ReplicaSetList is an autogenerated conversion function. -func Convert_v1beta2_ReplicaSetList_To_apps_ReplicaSetList(in *v1beta2.ReplicaSetList, out *apps.ReplicaSetList, s conversion.Scope) error { - return autoConvert_v1beta2_ReplicaSetList_To_apps_ReplicaSetList(in, out, s) -} - -func autoConvert_apps_ReplicaSetList_To_v1beta2_ReplicaSetList(in *apps.ReplicaSetList, out *v1beta2.ReplicaSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta2.ReplicaSet, len(*in)) - for i := range *in { - if err := Convert_apps_ReplicaSet_To_v1beta2_ReplicaSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_ReplicaSetList_To_v1beta2_ReplicaSetList is an autogenerated conversion function. -func Convert_apps_ReplicaSetList_To_v1beta2_ReplicaSetList(in *apps.ReplicaSetList, out *v1beta2.ReplicaSetList, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetList_To_v1beta2_ReplicaSetList(in, out, s) -} - -func autoConvert_v1beta2_ReplicaSetSpec_To_apps_ReplicaSetSpec(in *v1beta2.ReplicaSetSpec, out *apps.ReplicaSetSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_ReplicaSetSpec_To_apps_ReplicaSetSpec is an autogenerated conversion function. -func Convert_v1beta2_ReplicaSetSpec_To_apps_ReplicaSetSpec(in *v1beta2.ReplicaSetSpec, out *apps.ReplicaSetSpec, s conversion.Scope) error { - return autoConvert_v1beta2_ReplicaSetSpec_To_apps_ReplicaSetSpec(in, out, s) -} - -func autoConvert_apps_ReplicaSetSpec_To_v1beta2_ReplicaSetSpec(in *apps.ReplicaSetSpec, out *v1beta2.ReplicaSetSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_apps_ReplicaSetSpec_To_v1beta2_ReplicaSetSpec is an autogenerated conversion function. -func Convert_apps_ReplicaSetSpec_To_v1beta2_ReplicaSetSpec(in *apps.ReplicaSetSpec, out *v1beta2.ReplicaSetSpec, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetSpec_To_v1beta2_ReplicaSetSpec(in, out, s) -} - -func autoConvert_v1beta2_ReplicaSetStatus_To_apps_ReplicaSetStatus(in *v1beta2.ReplicaSetStatus, out *apps.ReplicaSetStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]apps.ReplicaSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta2_ReplicaSetStatus_To_apps_ReplicaSetStatus is an autogenerated conversion function. -func Convert_v1beta2_ReplicaSetStatus_To_apps_ReplicaSetStatus(in *v1beta2.ReplicaSetStatus, out *apps.ReplicaSetStatus, s conversion.Scope) error { - return autoConvert_v1beta2_ReplicaSetStatus_To_apps_ReplicaSetStatus(in, out, s) -} - -func autoConvert_apps_ReplicaSetStatus_To_v1beta2_ReplicaSetStatus(in *apps.ReplicaSetStatus, out *v1beta2.ReplicaSetStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]v1beta2.ReplicaSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_apps_ReplicaSetStatus_To_v1beta2_ReplicaSetStatus is an autogenerated conversion function. -func Convert_apps_ReplicaSetStatus_To_v1beta2_ReplicaSetStatus(in *apps.ReplicaSetStatus, out *v1beta2.ReplicaSetStatus, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetStatus_To_v1beta2_ReplicaSetStatus(in, out, s) -} - -func autoConvert_v1beta2_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in *v1beta2.RollingUpdateDaemonSet, out *apps.RollingUpdateDaemonSet, s conversion.Scope) error { - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet is an autogenerated conversion function. -func Convert_v1beta2_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in *v1beta2.RollingUpdateDaemonSet, out *apps.RollingUpdateDaemonSet, s conversion.Scope) error { - return autoConvert_v1beta2_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in, out, s) -} - -func autoConvert_apps_RollingUpdateDaemonSet_To_v1beta2_RollingUpdateDaemonSet(in *apps.RollingUpdateDaemonSet, out *v1beta2.RollingUpdateDaemonSet, s conversion.Scope) error { - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_apps_RollingUpdateDaemonSet_To_v1beta2_RollingUpdateDaemonSet is an autogenerated conversion function. -func Convert_apps_RollingUpdateDaemonSet_To_v1beta2_RollingUpdateDaemonSet(in *apps.RollingUpdateDaemonSet, out *v1beta2.RollingUpdateDaemonSet, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateDaemonSet_To_v1beta2_RollingUpdateDaemonSet(in, out, s) -} - -func autoConvert_v1beta2_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1beta2.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_RollingUpdateDeployment_To_apps_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_v1beta2_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1beta2.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_v1beta2_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_apps_RollingUpdateDeployment_To_v1beta2_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1beta2.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_apps_RollingUpdateDeployment_To_v1beta2_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_apps_RollingUpdateDeployment_To_v1beta2_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1beta2.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateDeployment_To_v1beta2_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_v1beta2_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in *v1beta2.RollingUpdateStatefulSetStrategy, out *apps.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Partition, &out.Partition, s); err != nil { - return err - } - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - return nil -} - -// Convert_v1beta2_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy is an autogenerated conversion function. -func Convert_v1beta2_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in *v1beta2.RollingUpdateStatefulSetStrategy, out *apps.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - return autoConvert_v1beta2_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(in, out, s) -} - -func autoConvert_apps_RollingUpdateStatefulSetStrategy_To_v1beta2_RollingUpdateStatefulSetStrategy(in *apps.RollingUpdateStatefulSetStrategy, out *v1beta2.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Partition, &out.Partition, s); err != nil { - return err - } - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - return nil -} - -// Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta2_RollingUpdateStatefulSetStrategy is an autogenerated conversion function. -func Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta2_RollingUpdateStatefulSetStrategy(in *apps.RollingUpdateStatefulSetStrategy, out *v1beta2.RollingUpdateStatefulSetStrategy, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateStatefulSetStrategy_To_v1beta2_RollingUpdateStatefulSetStrategy(in, out, s) -} - -func autoConvert_v1beta2_Scale_To_autoscaling_Scale(in *v1beta2.Scale, out *autoscaling.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta2_ScaleSpec_To_autoscaling_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta2_ScaleStatus_To_autoscaling_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_Scale_To_autoscaling_Scale is an autogenerated conversion function. -func Convert_v1beta2_Scale_To_autoscaling_Scale(in *v1beta2.Scale, out *autoscaling.Scale, s conversion.Scope) error { - return autoConvert_v1beta2_Scale_To_autoscaling_Scale(in, out, s) -} - -func autoConvert_autoscaling_Scale_To_v1beta2_Scale(in *autoscaling.Scale, out *v1beta2.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_ScaleSpec_To_v1beta2_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_ScaleStatus_To_v1beta2_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_Scale_To_v1beta2_Scale is an autogenerated conversion function. -func Convert_autoscaling_Scale_To_v1beta2_Scale(in *autoscaling.Scale, out *v1beta2.Scale, s conversion.Scope) error { - return autoConvert_autoscaling_Scale_To_v1beta2_Scale(in, out, s) -} - -func autoConvert_v1beta2_ScaleSpec_To_autoscaling_ScaleSpec(in *v1beta2.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_v1beta2_ScaleSpec_To_autoscaling_ScaleSpec is an autogenerated conversion function. -func Convert_v1beta2_ScaleSpec_To_autoscaling_ScaleSpec(in *v1beta2.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - return autoConvert_v1beta2_ScaleSpec_To_autoscaling_ScaleSpec(in, out, s) -} - -func autoConvert_autoscaling_ScaleSpec_To_v1beta2_ScaleSpec(in *autoscaling.ScaleSpec, out *v1beta2.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_autoscaling_ScaleSpec_To_v1beta2_ScaleSpec is an autogenerated conversion function. -func Convert_autoscaling_ScaleSpec_To_v1beta2_ScaleSpec(in *autoscaling.ScaleSpec, out *v1beta2.ScaleSpec, s conversion.Scope) error { - return autoConvert_autoscaling_ScaleSpec_To_v1beta2_ScaleSpec(in, out, s) -} - -func autoConvert_v1beta2_ScaleStatus_To_autoscaling_ScaleStatus(in *v1beta2.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - // WARNING: in.Selector requires manual conversion: inconvertible types (map[string]string vs string) - // WARNING: in.TargetSelector requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ScaleStatus_To_v1beta2_ScaleStatus(in *autoscaling.ScaleStatus, out *v1beta2.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - // WARNING: in.Selector requires manual conversion: inconvertible types (string vs map[string]string) - return nil -} - -func autoConvert_v1beta2_StatefulSet_To_apps_StatefulSet(in *v1beta2.StatefulSet, out *apps.StatefulSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta2_StatefulSetSpec_To_apps_StatefulSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta2_StatefulSetStatus_To_apps_StatefulSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_StatefulSet_To_apps_StatefulSet is an autogenerated conversion function. -func Convert_v1beta2_StatefulSet_To_apps_StatefulSet(in *v1beta2.StatefulSet, out *apps.StatefulSet, s conversion.Scope) error { - return autoConvert_v1beta2_StatefulSet_To_apps_StatefulSet(in, out, s) -} - -func autoConvert_apps_StatefulSet_To_v1beta2_StatefulSet(in *apps.StatefulSet, out *v1beta2.StatefulSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_StatefulSetSpec_To_v1beta2_StatefulSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_StatefulSetStatus_To_v1beta2_StatefulSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_StatefulSet_To_v1beta2_StatefulSet is an autogenerated conversion function. -func Convert_apps_StatefulSet_To_v1beta2_StatefulSet(in *apps.StatefulSet, out *v1beta2.StatefulSet, s conversion.Scope) error { - return autoConvert_apps_StatefulSet_To_v1beta2_StatefulSet(in, out, s) -} - -func autoConvert_v1beta2_StatefulSetCondition_To_apps_StatefulSetCondition(in *v1beta2.StatefulSetCondition, out *apps.StatefulSetCondition, s conversion.Scope) error { - out.Type = apps.StatefulSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta2_StatefulSetCondition_To_apps_StatefulSetCondition is an autogenerated conversion function. -func Convert_v1beta2_StatefulSetCondition_To_apps_StatefulSetCondition(in *v1beta2.StatefulSetCondition, out *apps.StatefulSetCondition, s conversion.Scope) error { - return autoConvert_v1beta2_StatefulSetCondition_To_apps_StatefulSetCondition(in, out, s) -} - -func autoConvert_apps_StatefulSetCondition_To_v1beta2_StatefulSetCondition(in *apps.StatefulSetCondition, out *v1beta2.StatefulSetCondition, s conversion.Scope) error { - out.Type = v1beta2.StatefulSetConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_StatefulSetCondition_To_v1beta2_StatefulSetCondition is an autogenerated conversion function. -func Convert_apps_StatefulSetCondition_To_v1beta2_StatefulSetCondition(in *apps.StatefulSetCondition, out *v1beta2.StatefulSetCondition, s conversion.Scope) error { - return autoConvert_apps_StatefulSetCondition_To_v1beta2_StatefulSetCondition(in, out, s) -} - -func autoConvert_v1beta2_StatefulSetList_To_apps_StatefulSetList(in *v1beta2.StatefulSetList, out *apps.StatefulSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.StatefulSet, len(*in)) - for i := range *in { - if err := Convert_v1beta2_StatefulSet_To_apps_StatefulSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta2_StatefulSetList_To_apps_StatefulSetList is an autogenerated conversion function. -func Convert_v1beta2_StatefulSetList_To_apps_StatefulSetList(in *v1beta2.StatefulSetList, out *apps.StatefulSetList, s conversion.Scope) error { - return autoConvert_v1beta2_StatefulSetList_To_apps_StatefulSetList(in, out, s) -} - -func autoConvert_apps_StatefulSetList_To_v1beta2_StatefulSetList(in *apps.StatefulSetList, out *v1beta2.StatefulSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta2.StatefulSet, len(*in)) - for i := range *in { - if err := Convert_apps_StatefulSet_To_v1beta2_StatefulSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_StatefulSetList_To_v1beta2_StatefulSetList is an autogenerated conversion function. -func Convert_apps_StatefulSetList_To_v1beta2_StatefulSetList(in *apps.StatefulSetList, out *v1beta2.StatefulSetList, s conversion.Scope) error { - return autoConvert_apps_StatefulSetList_To_v1beta2_StatefulSetList(in, out, s) -} - -func autoConvert_v1beta2_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in *v1beta2.StatefulSetOrdinals, out *apps.StatefulSetOrdinals, s conversion.Scope) error { - out.Start = in.Start - return nil -} - -// Convert_v1beta2_StatefulSetOrdinals_To_apps_StatefulSetOrdinals is an autogenerated conversion function. -func Convert_v1beta2_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in *v1beta2.StatefulSetOrdinals, out *apps.StatefulSetOrdinals, s conversion.Scope) error { - return autoConvert_v1beta2_StatefulSetOrdinals_To_apps_StatefulSetOrdinals(in, out, s) -} - -func autoConvert_apps_StatefulSetOrdinals_To_v1beta2_StatefulSetOrdinals(in *apps.StatefulSetOrdinals, out *v1beta2.StatefulSetOrdinals, s conversion.Scope) error { - out.Start = in.Start - return nil -} - -// Convert_apps_StatefulSetOrdinals_To_v1beta2_StatefulSetOrdinals is an autogenerated conversion function. -func Convert_apps_StatefulSetOrdinals_To_v1beta2_StatefulSetOrdinals(in *apps.StatefulSetOrdinals, out *v1beta2.StatefulSetOrdinals, s conversion.Scope) error { - return autoConvert_apps_StatefulSetOrdinals_To_v1beta2_StatefulSetOrdinals(in, out, s) -} - -func autoConvert_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in *v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy, out *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - out.WhenDeleted = apps.PersistentVolumeClaimRetentionPolicyType(in.WhenDeleted) - out.WhenScaled = apps.PersistentVolumeClaimRetentionPolicyType(in.WhenScaled) - return nil -} - -// Convert_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy is an autogenerated conversion function. -func Convert_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in *v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy, out *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - return autoConvert_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy_To_apps_StatefulSetPersistentVolumeClaimRetentionPolicy(in, out, s) -} - -func autoConvert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy(in *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, out *v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - out.WhenDeleted = v1beta2.PersistentVolumeClaimRetentionPolicyType(in.WhenDeleted) - out.WhenScaled = v1beta2.PersistentVolumeClaimRetentionPolicyType(in.WhenScaled) - return nil -} - -// Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy is an autogenerated conversion function. -func Convert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy(in *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, out *v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy, s conversion.Scope) error { - return autoConvert_apps_StatefulSetPersistentVolumeClaimRetentionPolicy_To_v1beta2_StatefulSetPersistentVolumeClaimRetentionPolicy(in, out, s) -} - -func autoConvert_v1beta2_StatefulSetSpec_To_apps_StatefulSetSpec(in *v1beta2.StatefulSetSpec, out *apps.StatefulSetSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.VolumeClaimTemplates = *(*[]core.PersistentVolumeClaim)(unsafe.Pointer(&in.VolumeClaimTemplates)) - out.ServiceName = in.ServiceName - out.PodManagementPolicy = apps.PodManagementPolicyType(in.PodManagementPolicy) - if err := Convert_v1beta2_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.MinReadySeconds = in.MinReadySeconds - out.PersistentVolumeClaimRetentionPolicy = (*apps.StatefulSetPersistentVolumeClaimRetentionPolicy)(unsafe.Pointer(in.PersistentVolumeClaimRetentionPolicy)) - out.Ordinals = (*apps.StatefulSetOrdinals)(unsafe.Pointer(in.Ordinals)) - return nil -} - -func autoConvert_apps_StatefulSetSpec_To_v1beta2_StatefulSetSpec(in *apps.StatefulSetSpec, out *v1beta2.StatefulSetSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.VolumeClaimTemplates = *(*[]v1.PersistentVolumeClaim)(unsafe.Pointer(&in.VolumeClaimTemplates)) - out.ServiceName = in.ServiceName - out.PodManagementPolicy = v1beta2.PodManagementPolicyType(in.PodManagementPolicy) - if err := Convert_apps_StatefulSetUpdateStrategy_To_v1beta2_StatefulSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.MinReadySeconds = in.MinReadySeconds - out.PersistentVolumeClaimRetentionPolicy = (*v1beta2.StatefulSetPersistentVolumeClaimRetentionPolicy)(unsafe.Pointer(in.PersistentVolumeClaimRetentionPolicy)) - out.Ordinals = (*v1beta2.StatefulSetOrdinals)(unsafe.Pointer(in.Ordinals)) - return nil -} - -func autoConvert_v1beta2_StatefulSetStatus_To_apps_StatefulSetStatus(in *v1beta2.StatefulSetStatus, out *apps.StatefulSetStatus, s conversion.Scope) error { - if err := metav1.Convert_int64_To_Pointer_int64(&in.ObservedGeneration, &out.ObservedGeneration, s); err != nil { - return err - } - out.Replicas = in.Replicas - out.ReadyReplicas = in.ReadyReplicas - out.CurrentReplicas = in.CurrentReplicas - out.UpdatedReplicas = in.UpdatedReplicas - out.CurrentRevision = in.CurrentRevision - out.UpdateRevision = in.UpdateRevision - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]apps.StatefulSetCondition)(unsafe.Pointer(&in.Conditions)) - out.AvailableReplicas = in.AvailableReplicas - return nil -} - -// Convert_v1beta2_StatefulSetStatus_To_apps_StatefulSetStatus is an autogenerated conversion function. -func Convert_v1beta2_StatefulSetStatus_To_apps_StatefulSetStatus(in *v1beta2.StatefulSetStatus, out *apps.StatefulSetStatus, s conversion.Scope) error { - return autoConvert_v1beta2_StatefulSetStatus_To_apps_StatefulSetStatus(in, out, s) -} - -func autoConvert_apps_StatefulSetStatus_To_v1beta2_StatefulSetStatus(in *apps.StatefulSetStatus, out *v1beta2.StatefulSetStatus, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int64_To_int64(&in.ObservedGeneration, &out.ObservedGeneration, s); err != nil { - return err - } - out.Replicas = in.Replicas - out.ReadyReplicas = in.ReadyReplicas - out.CurrentReplicas = in.CurrentReplicas - out.UpdatedReplicas = in.UpdatedReplicas - out.CurrentRevision = in.CurrentRevision - out.UpdateRevision = in.UpdateRevision - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]v1beta2.StatefulSetCondition)(unsafe.Pointer(&in.Conditions)) - out.AvailableReplicas = in.AvailableReplicas - return nil -} - -// Convert_apps_StatefulSetStatus_To_v1beta2_StatefulSetStatus is an autogenerated conversion function. -func Convert_apps_StatefulSetStatus_To_v1beta2_StatefulSetStatus(in *apps.StatefulSetStatus, out *v1beta2.StatefulSetStatus, s conversion.Scope) error { - return autoConvert_apps_StatefulSetStatus_To_v1beta2_StatefulSetStatus(in, out, s) -} - -func autoConvert_v1beta2_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in *v1beta2.StatefulSetUpdateStrategy, out *apps.StatefulSetUpdateStrategy, s conversion.Scope) error { - out.Type = apps.StatefulSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateStatefulSetStrategy) - if err := Convert_v1beta2_RollingUpdateStatefulSetStrategy_To_apps_RollingUpdateStatefulSetStrategy(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1beta2_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy is an autogenerated conversion function. -func Convert_v1beta2_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in *v1beta2.StatefulSetUpdateStrategy, out *apps.StatefulSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_v1beta2_StatefulSetUpdateStrategy_To_apps_StatefulSetUpdateStrategy(in, out, s) -} - -func autoConvert_apps_StatefulSetUpdateStrategy_To_v1beta2_StatefulSetUpdateStrategy(in *apps.StatefulSetUpdateStrategy, out *v1beta2.StatefulSetUpdateStrategy, s conversion.Scope) error { - out.Type = v1beta2.StatefulSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1beta2.RollingUpdateStatefulSetStrategy) - if err := Convert_apps_RollingUpdateStatefulSetStrategy_To_v1beta2_RollingUpdateStatefulSetStrategy(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_StatefulSetUpdateStrategy_To_v1beta2_StatefulSetUpdateStrategy is an autogenerated conversion function. -func Convert_apps_StatefulSetUpdateStrategy_To_v1beta2_StatefulSetUpdateStrategy(in *apps.StatefulSetUpdateStrategy, out *v1beta2.StatefulSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_apps_StatefulSetUpdateStrategy_To_v1beta2_StatefulSetUpdateStrategy(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/zz_generated.defaults.go deleted file mode 100644 index 37728587b1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/v1beta2/zz_generated.defaults.go +++ /dev/null @@ -1,1152 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/apps/v1beta2" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta2.DaemonSet{}, func(obj interface{}) { SetObjectDefaults_DaemonSet(obj.(*v1beta2.DaemonSet)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.DaemonSetList{}, func(obj interface{}) { SetObjectDefaults_DaemonSetList(obj.(*v1beta2.DaemonSetList)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.Deployment{}, func(obj interface{}) { SetObjectDefaults_Deployment(obj.(*v1beta2.Deployment)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.DeploymentList{}, func(obj interface{}) { SetObjectDefaults_DeploymentList(obj.(*v1beta2.DeploymentList)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.ReplicaSet{}, func(obj interface{}) { SetObjectDefaults_ReplicaSet(obj.(*v1beta2.ReplicaSet)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.ReplicaSetList{}, func(obj interface{}) { SetObjectDefaults_ReplicaSetList(obj.(*v1beta2.ReplicaSetList)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.StatefulSet{}, func(obj interface{}) { SetObjectDefaults_StatefulSet(obj.(*v1beta2.StatefulSet)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.StatefulSetList{}, func(obj interface{}) { SetObjectDefaults_StatefulSetList(obj.(*v1beta2.StatefulSetList)) }) - return nil -} - -func SetObjectDefaults_DaemonSet(in *v1beta2.DaemonSet) { - SetDefaults_DaemonSet(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_DaemonSetList(in *v1beta2.DaemonSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_DaemonSet(a) - } -} - -func SetObjectDefaults_Deployment(in *v1beta2.Deployment) { - SetDefaults_Deployment(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_DeploymentList(in *v1beta2.DeploymentList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Deployment(a) - } -} - -func SetObjectDefaults_ReplicaSet(in *v1beta2.ReplicaSet) { - SetDefaults_ReplicaSet(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_ReplicaSetList(in *v1beta2.ReplicaSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ReplicaSet(a) - } -} - -func SetObjectDefaults_StatefulSet(in *v1beta2.StatefulSet) { - SetDefaults_StatefulSet(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) - for i := range in.Spec.VolumeClaimTemplates { - a := &in.Spec.VolumeClaimTemplates[i] - v1.SetDefaults_PersistentVolumeClaim(a) - v1.SetDefaults_PersistentVolumeClaimSpec(&a.Spec) - v1.SetDefaults_ResourceList(&a.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Spec.Resources.Requests) - v1.SetDefaults_ResourceList(&a.Status.Capacity) - v1.SetDefaults_ResourceList(&a.Status.AllocatedResources) - } -} - -func SetObjectDefaults_StatefulSetList(in *v1beta2.StatefulSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_StatefulSet(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go deleted file mode 100644 index 7fb8160c1a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go +++ /dev/null @@ -1,765 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strconv" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/apis/apps" - api "k8s.io/kubernetes/pkg/apis/core" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/features" -) - -// ValidateStatefulSetName can be used to check whether the given StatefulSet name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -func ValidateStatefulSetName(name string, prefix bool) []string { - // TODO: Validate that there's name for the suffix inserted by the pods. - // Currently this is just "-index". In the future we may allow a user - // specified list of suffixes and we need to validate the longest one. - return apimachineryvalidation.NameIsDNSSubdomain(name, prefix) -} - -// ValidatePodTemplateSpecForStatefulSet validates the given template and ensures that it is in accordance with the desired selector. -func ValidatePodTemplateSpecForStatefulSet(template *api.PodTemplateSpec, selector labels.Selector, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if template == nil { - allErrs = append(allErrs, field.Required(fldPath, "")) - } else { - if !selector.Empty() { - // Verify that the StatefulSet selector matches the labels in template. - labels := labels.Set(template.Labels) - if !selector.Matches(labels) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata", "labels"), template.Labels, "`selector` does not match template `labels`")) - } - } - // TODO: Add validation for PodSpec, currently this will check volumes, which we know will - // fail. We should really check that the union of the given volumes and volumeClaims match - // volume mounts in the containers. - // allErrs = append(allErrs, apivalidation.ValidatePodTemplateSpec(template, fldPath)...) - allErrs = append(allErrs, unversionedvalidation.ValidateLabels(template.Labels, fldPath.Child("labels"))...) - allErrs = append(allErrs, apivalidation.ValidateAnnotations(template.Annotations, fldPath.Child("annotations"))...) - allErrs = append(allErrs, apivalidation.ValidatePodSpecificAnnotations(template.Annotations, &template.Spec, fldPath.Child("annotations"), opts)...) - } - return allErrs -} - -func ValidatePersistentVolumeClaimRetentionPolicyType(policy apps.PersistentVolumeClaimRetentionPolicyType, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - switch policy { - case apps.RetainPersistentVolumeClaimRetentionPolicyType: - case apps.DeletePersistentVolumeClaimRetentionPolicyType: - default: - allErrs = append(allErrs, field.NotSupported(fldPath, policy, []string{string(apps.RetainPersistentVolumeClaimRetentionPolicyType), string(apps.DeletePersistentVolumeClaimRetentionPolicyType)})) - } - return allErrs -} - -func ValidatePersistentVolumeClaimRetentionPolicy(policy *apps.StatefulSetPersistentVolumeClaimRetentionPolicy, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if policy != nil { - allErrs = append(allErrs, ValidatePersistentVolumeClaimRetentionPolicyType(policy.WhenDeleted, fldPath.Child("whenDeleted"))...) - allErrs = append(allErrs, ValidatePersistentVolumeClaimRetentionPolicyType(policy.WhenScaled, fldPath.Child("whenScaled"))...) - } - return allErrs -} - -// ValidateStatefulSetSpec tests if required fields in the StatefulSet spec are set. -func ValidateStatefulSetSpec(spec *apps.StatefulSetSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - switch spec.PodManagementPolicy { - case "": - allErrs = append(allErrs, field.Required(fldPath.Child("podManagementPolicy"), "")) - case apps.OrderedReadyPodManagement, apps.ParallelPodManagement: - default: - allErrs = append(allErrs, field.Invalid(fldPath.Child("podManagementPolicy"), spec.PodManagementPolicy, fmt.Sprintf("must be '%s' or '%s'", apps.OrderedReadyPodManagement, apps.ParallelPodManagement))) - } - - switch spec.UpdateStrategy.Type { - case "": - allErrs = append(allErrs, field.Required(fldPath.Child("updateStrategy"), "")) - case apps.OnDeleteStatefulSetStrategyType: - if spec.UpdateStrategy.RollingUpdate != nil { - allErrs = append( - allErrs, - field.Invalid( - fldPath.Child("updateStrategy").Child("rollingUpdate"), - spec.UpdateStrategy.RollingUpdate, - fmt.Sprintf("only allowed for updateStrategy '%s'", apps.RollingUpdateStatefulSetStrategyType))) - } - case apps.RollingUpdateStatefulSetStrategyType: - if spec.UpdateStrategy.RollingUpdate != nil { - allErrs = append(allErrs, validateRollingUpdateStatefulSet(spec.UpdateStrategy.RollingUpdate, fldPath.Child("updateStrategy", "rollingUpdate"))...) - - } - default: - allErrs = append(allErrs, - field.Invalid(fldPath.Child("updateStrategy"), spec.UpdateStrategy, - fmt.Sprintf("must be '%s' or '%s'", - apps.RollingUpdateStatefulSetStrategyType, - apps.OnDeleteStatefulSetStrategyType))) - } - - allErrs = append(allErrs, ValidatePersistentVolumeClaimRetentionPolicy(spec.PersistentVolumeClaimRetentionPolicy, fldPath.Child("persistentVolumeClaimRetentionPolicy"))...) - - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.Replicas), fldPath.Child("replicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.MinReadySeconds), fldPath.Child("minReadySeconds"))...) - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) { - if spec.Ordinals != nil { - replicaStartOrdinal := spec.Ordinals.Start - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(replicaStartOrdinal), fldPath.Child("ordinals.start"))...) - } - } - - if spec.Selector == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("selector"), "")) - } else { - // validate selector strictly, spec.selector was always required to pass LabelSelectorAsSelector below - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, unversionedvalidation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false}, fldPath.Child("selector"))...) - if len(spec.Selector.MatchLabels)+len(spec.Selector.MatchExpressions) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "empty selector is invalid for statefulset")) - } - } - - selector, err := metav1.LabelSelectorAsSelector(spec.Selector) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "")) - } else { - allErrs = append(allErrs, ValidatePodTemplateSpecForStatefulSet(&spec.Template, selector, fldPath.Child("template"), opts)...) - } - - if spec.Template.Spec.RestartPolicy != api.RestartPolicyAlways { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("template", "spec", "restartPolicy"), spec.Template.Spec.RestartPolicy, []string{string(api.RestartPolicyAlways)})) - } - if spec.Template.Spec.ActiveDeadlineSeconds != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("template", "spec", "activeDeadlineSeconds"), "activeDeadlineSeconds in StatefulSet is not Supported")) - } - - return allErrs -} - -// ValidateStatefulSet validates a StatefulSet. -func ValidateStatefulSet(statefulSet *apps.StatefulSet, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&statefulSet.ObjectMeta, true, ValidateStatefulSetName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateStatefulSetSpec(&statefulSet.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateStatefulSetUpdate tests if required fields in the StatefulSet are set. -func ValidateStatefulSetUpdate(statefulSet, oldStatefulSet *apps.StatefulSet, opts apivalidation.PodValidationOptions) field.ErrorList { - // first, validate that the new statefulset is valid - allErrs := ValidateStatefulSet(statefulSet, opts) - - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&statefulSet.ObjectMeta, &oldStatefulSet.ObjectMeta, field.NewPath("metadata"))...) - - // statefulset updates aren't super common and general updates are likely to be touching spec, so we'll do this - // deep copy right away. This avoids mutating our inputs - newStatefulSetClone := statefulSet.DeepCopy() - newStatefulSetClone.Spec.Replicas = oldStatefulSet.Spec.Replicas // +k8s:verify-mutation:reason=clone - newStatefulSetClone.Spec.Template = oldStatefulSet.Spec.Template // +k8s:verify-mutation:reason=clone - newStatefulSetClone.Spec.UpdateStrategy = oldStatefulSet.Spec.UpdateStrategy // +k8s:verify-mutation:reason=clone - newStatefulSetClone.Spec.MinReadySeconds = oldStatefulSet.Spec.MinReadySeconds // +k8s:verify-mutation:reason=clone - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) { - newStatefulSetClone.Spec.Ordinals = oldStatefulSet.Spec.Ordinals // +k8s:verify-mutation:reason=clone - } - - newStatefulSetClone.Spec.PersistentVolumeClaimRetentionPolicy = oldStatefulSet.Spec.PersistentVolumeClaimRetentionPolicy // +k8s:verify-mutation:reason=clone - if !apiequality.Semantic.DeepEqual(newStatefulSetClone.Spec, oldStatefulSet.Spec) { - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden")) - } else { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden")) - } - } - - return allErrs -} - -// ValidateStatefulSetStatus validates a StatefulSetStatus. -func ValidateStatefulSetStatus(status *apps.StatefulSetStatus, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Replicas), fieldPath.Child("replicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.ReadyReplicas), fieldPath.Child("readyReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.CurrentReplicas), fieldPath.Child("currentReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.UpdatedReplicas), fieldPath.Child("updatedReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.AvailableReplicas), fieldPath.Child("availableReplicas"))...) - if status.ObservedGeneration != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*status.ObservedGeneration), fieldPath.Child("observedGeneration"))...) - } - if status.CollisionCount != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*status.CollisionCount), fieldPath.Child("collisionCount"))...) - } - - msg := "cannot be greater than status.replicas" - if status.ReadyReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("readyReplicas"), status.ReadyReplicas, msg)) - } - if status.CurrentReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("currentReplicas"), status.CurrentReplicas, msg)) - } - if status.UpdatedReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("updatedReplicas"), status.UpdatedReplicas, msg)) - } - if status.AvailableReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("availableReplicas"), status.AvailableReplicas, msg)) - } - if status.AvailableReplicas > status.ReadyReplicas { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("availableReplicas"), status.AvailableReplicas, "cannot be greater than status.readyReplicas")) - } - return allErrs -} - -// ValidateStatefulSetStatusUpdate tests if required fields in the StatefulSet are set. -func ValidateStatefulSetStatusUpdate(statefulSet, oldStatefulSet *apps.StatefulSet) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateStatefulSetStatus(&statefulSet.Status, field.NewPath("status"))...) - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&statefulSet.ObjectMeta, &oldStatefulSet.ObjectMeta, field.NewPath("metadata"))...) - // TODO: Validate status. - if apivalidation.IsDecremented(statefulSet.Status.CollisionCount, oldStatefulSet.Status.CollisionCount) { - value := int32(0) - if statefulSet.Status.CollisionCount != nil { - value = *statefulSet.Status.CollisionCount - } - allErrs = append(allErrs, field.Invalid(field.NewPath("status").Child("collisionCount"), value, "cannot be decremented")) - } - return allErrs -} - -// ValidateControllerRevisionName can be used to check whether the given ControllerRevision name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateControllerRevisionName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateControllerRevision collects errors for the fields of state and returns those errors as an ErrorList. If the -// returned list is empty, state is valid. Validation is performed to ensure that state is a valid ObjectMeta, its name -// is valid, and that it doesn't exceed the MaxControllerRevisionSize. -func ValidateControllerRevision(revision *apps.ControllerRevision) field.ErrorList { - errs := field.ErrorList{} - - errs = append(errs, apivalidation.ValidateObjectMeta(&revision.ObjectMeta, true, ValidateControllerRevisionName, field.NewPath("metadata"))...) - if revision.Data == nil { - errs = append(errs, field.Required(field.NewPath("data"), "data is mandatory")) - } - errs = append(errs, apivalidation.ValidateNonnegativeField(revision.Revision, field.NewPath("revision"))...) - return errs -} - -// ValidateControllerRevisionUpdate collects errors pertaining to the mutation of an ControllerRevision Object. If the -// returned ErrorList is empty the update operation is valid. Any mutation to the ControllerRevision's Data or Revision -// is considered to be invalid. -func ValidateControllerRevisionUpdate(newHistory, oldHistory *apps.ControllerRevision) field.ErrorList { - errs := field.ErrorList{} - - errs = append(errs, apivalidation.ValidateObjectMetaUpdate(&newHistory.ObjectMeta, &oldHistory.ObjectMeta, field.NewPath("metadata"))...) - errs = append(errs, ValidateControllerRevision(newHistory)...) - errs = append(errs, apivalidation.ValidateImmutableField(newHistory.Data, oldHistory.Data, field.NewPath("data"))...) - return errs -} - -// ValidateDaemonSet tests if required fields in the DaemonSet are set. -func ValidateDaemonSet(ds *apps.DaemonSet, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&ds.ObjectMeta, true, ValidateDaemonSetName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateDaemonSetSpec(&ds.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateDaemonSetUpdate tests if required fields in the DaemonSet are set. -func ValidateDaemonSetUpdate(ds, oldDS *apps.DaemonSet, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&ds.ObjectMeta, &oldDS.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateDaemonSetSpecUpdate(&ds.Spec, &oldDS.Spec, field.NewPath("spec"))...) - allErrs = append(allErrs, ValidateDaemonSetSpec(&ds.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateDaemonSetSpecUpdate tests if an update to a DaemonSetSpec is valid. -func ValidateDaemonSetSpecUpdate(newSpec, oldSpec *apps.DaemonSetSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - // TemplateGeneration shouldn't be decremented - if newSpec.TemplateGeneration < oldSpec.TemplateGeneration { - allErrs = append(allErrs, field.Invalid(fldPath.Child("templateGeneration"), newSpec.TemplateGeneration, "must not be decremented")) - } - - // TemplateGeneration should be increased when and only when template is changed - templateUpdated := !apiequality.Semantic.DeepEqual(newSpec.Template, oldSpec.Template) - if newSpec.TemplateGeneration == oldSpec.TemplateGeneration && templateUpdated { - allErrs = append(allErrs, field.Invalid(fldPath.Child("templateGeneration"), newSpec.TemplateGeneration, "must be incremented upon template update")) - } else if newSpec.TemplateGeneration > oldSpec.TemplateGeneration && !templateUpdated { - allErrs = append(allErrs, field.Invalid(fldPath.Child("templateGeneration"), newSpec.TemplateGeneration, "must not be incremented without template update")) - } - - return allErrs -} - -// validateDaemonSetStatus validates a DaemonSetStatus -func validateDaemonSetStatus(status *apps.DaemonSetStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.CurrentNumberScheduled), fldPath.Child("currentNumberScheduled"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.NumberMisscheduled), fldPath.Child("numberMisscheduled"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.DesiredNumberScheduled), fldPath.Child("desiredNumberScheduled"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.NumberReady), fldPath.Child("numberReady"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(status.ObservedGeneration, fldPath.Child("observedGeneration"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.UpdatedNumberScheduled), fldPath.Child("updatedNumberScheduled"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.NumberAvailable), fldPath.Child("numberAvailable"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.NumberUnavailable), fldPath.Child("numberUnavailable"))...) - if status.CollisionCount != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*status.CollisionCount), fldPath.Child("collisionCount"))...) - } - return allErrs -} - -// ValidateDaemonSetStatusUpdate tests if required fields in the DaemonSet Status section -func ValidateDaemonSetStatusUpdate(ds, oldDS *apps.DaemonSet) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&ds.ObjectMeta, &oldDS.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, validateDaemonSetStatus(&ds.Status, field.NewPath("status"))...) - if apivalidation.IsDecremented(ds.Status.CollisionCount, oldDS.Status.CollisionCount) { - value := int32(0) - if ds.Status.CollisionCount != nil { - value = *ds.Status.CollisionCount - } - allErrs = append(allErrs, field.Invalid(field.NewPath("status").Child("collisionCount"), value, "cannot be decremented")) - } - return allErrs -} - -// ValidateDaemonSetSpec tests if required fields in the DaemonSetSpec are set. -func ValidateDaemonSetSpec(spec *apps.DaemonSetSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector} - - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, labelSelectorValidationOpts, fldPath.Child("selector"))...) - - selector, err := metav1.LabelSelectorAsSelector(spec.Selector) - if err == nil && !selector.Matches(labels.Set(spec.Template.Labels)) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "metadata", "labels"), spec.Template.Labels, "`selector` does not match template `labels`")) - } - if spec.Selector != nil && len(spec.Selector.MatchLabels)+len(spec.Selector.MatchExpressions) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "empty selector is invalid for daemonset")) - } - - allErrs = append(allErrs, apivalidation.ValidatePodTemplateSpec(&spec.Template, fldPath.Child("template"), opts)...) - // Daemons typically run on more than one node, so mark Read-Write persistent disks as invalid. - allErrs = append(allErrs, apivalidation.ValidateReadOnlyPersistentDisks(spec.Template.Spec.Volumes, fldPath.Child("template", "spec", "volumes"))...) - // RestartPolicy has already been first-order validated as per ValidatePodTemplateSpec(). - if spec.Template.Spec.RestartPolicy != api.RestartPolicyAlways { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("template", "spec", "restartPolicy"), spec.Template.Spec.RestartPolicy, []string{string(api.RestartPolicyAlways)})) - } - if spec.Template.Spec.ActiveDeadlineSeconds != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("template", "spec", "activeDeadlineSeconds"), "activeDeadlineSeconds in DaemonSet is not Supported")) - } - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.MinReadySeconds), fldPath.Child("minReadySeconds"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.TemplateGeneration), fldPath.Child("templateGeneration"))...) - - allErrs = append(allErrs, ValidateDaemonSetUpdateStrategy(&spec.UpdateStrategy, fldPath.Child("updateStrategy"))...) - if spec.RevisionHistoryLimit != nil { - // zero is a valid RevisionHistoryLimit - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.RevisionHistoryLimit), fldPath.Child("revisionHistoryLimit"))...) - } - return allErrs -} - -// ValidateRollingUpdateDaemonSet validates a given RollingUpdateDaemonSet. -func ValidateRollingUpdateDaemonSet(rollingUpdate *apps.RollingUpdateDaemonSet, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - // Validate both fields are positive ints or have a percentage value - allErrs = append(allErrs, ValidatePositiveIntOrPercent(rollingUpdate.MaxUnavailable, fldPath.Child("maxUnavailable"))...) - allErrs = append(allErrs, ValidatePositiveIntOrPercent(rollingUpdate.MaxSurge, fldPath.Child("maxSurge"))...) - - // Validate that MaxUnavailable and MaxSurge are not more than 100%. - allErrs = append(allErrs, IsNotMoreThan100Percent(rollingUpdate.MaxUnavailable, fldPath.Child("maxUnavailable"))...) - allErrs = append(allErrs, IsNotMoreThan100Percent(rollingUpdate.MaxSurge, fldPath.Child("maxSurge"))...) - - // Validate exactly one of MaxSurge or MaxUnavailable is non-zero - hasUnavailable := getIntOrPercentValue(rollingUpdate.MaxUnavailable) != 0 - hasSurge := getIntOrPercentValue(rollingUpdate.MaxSurge) != 0 - switch { - case hasUnavailable && hasSurge: - allErrs = append(allErrs, field.Invalid(fldPath.Child("maxSurge"), rollingUpdate.MaxSurge, "may not be set when maxUnavailable is non-zero")) - case !hasUnavailable && !hasSurge: - allErrs = append(allErrs, field.Required(fldPath.Child("maxUnavailable"), "cannot be 0 when maxSurge is 0")) - } - - return allErrs -} - -// validateRollingUpdateStatefulSet validates a given RollingUpdateStatefulSet. -func validateRollingUpdateStatefulSet(rollingUpdate *apps.RollingUpdateStatefulSetStrategy, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - fldPathMaxUn := fldPath.Child("maxUnavailable") - allErrs = append(allErrs, - apivalidation.ValidateNonnegativeField( - int64(rollingUpdate.Partition), - fldPath.Child("partition"))...) - if rollingUpdate.MaxUnavailable != nil { - allErrs = append(allErrs, ValidatePositiveIntOrPercent(*rollingUpdate.MaxUnavailable, fldPathMaxUn)...) - if getIntOrPercentValue(*rollingUpdate.MaxUnavailable) == 0 { - // MaxUnavailable cannot be 0. - allErrs = append(allErrs, field.Invalid(fldPathMaxUn, *rollingUpdate.MaxUnavailable, "cannot be 0")) - } - // Validate that MaxUnavailable is not more than 100%. - allErrs = append(allErrs, IsNotMoreThan100Percent(*rollingUpdate.MaxUnavailable, fldPathMaxUn)...) - } - return allErrs -} - -// ValidateDaemonSetUpdateStrategy validates a given DaemonSetUpdateStrategy. -func ValidateDaemonSetUpdateStrategy(strategy *apps.DaemonSetUpdateStrategy, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - switch strategy.Type { - case apps.OnDeleteDaemonSetStrategyType: - case apps.RollingUpdateDaemonSetStrategyType: - // Make sure RollingUpdate field isn't nil. - if strategy.RollingUpdate == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("rollingUpdate"), "")) - return allErrs - } - allErrs = append(allErrs, ValidateRollingUpdateDaemonSet(strategy.RollingUpdate, fldPath.Child("rollingUpdate"))...) - default: - validValues := []string{string(apps.RollingUpdateDaemonSetStrategyType), string(apps.OnDeleteDaemonSetStrategyType)} - allErrs = append(allErrs, field.NotSupported(fldPath, strategy, validValues)) - } - return allErrs -} - -// ValidateDaemonSetName can be used to check whether the given daemon set name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateDaemonSetName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateDeploymentName validates that the given name can be used as a deployment name. -var ValidateDeploymentName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidatePositiveIntOrPercent tests if a given value is a valid int or -// percentage. -func ValidatePositiveIntOrPercent(intOrPercent intstr.IntOrString, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - switch intOrPercent.Type { - case intstr.String: - for _, msg := range validation.IsValidPercent(intOrPercent.StrVal) { - allErrs = append(allErrs, field.Invalid(fldPath, intOrPercent, msg)) - } - case intstr.Int: - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(intOrPercent.IntValue()), fldPath)...) - default: - allErrs = append(allErrs, field.Invalid(fldPath, intOrPercent, "must be an integer or percentage (e.g '5%%')")) - } - return allErrs -} - -func getPercentValue(intOrStringValue intstr.IntOrString) (int, bool) { - if intOrStringValue.Type != intstr.String { - return 0, false - } - if len(validation.IsValidPercent(intOrStringValue.StrVal)) != 0 { - return 0, false - } - value, _ := strconv.Atoi(intOrStringValue.StrVal[:len(intOrStringValue.StrVal)-1]) - return value, true -} - -func getIntOrPercentValue(intOrStringValue intstr.IntOrString) int { - value, isPercent := getPercentValue(intOrStringValue) - if isPercent { - return value - } - return intOrStringValue.IntValue() -} - -// IsNotMoreThan100Percent tests is a value can be represented as a percentage -// and if this value is not more than 100%. -func IsNotMoreThan100Percent(intOrStringValue intstr.IntOrString, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - value, isPercent := getPercentValue(intOrStringValue) - if !isPercent || value <= 100 { - return nil - } - allErrs = append(allErrs, field.Invalid(fldPath, intOrStringValue, "must not be greater than 100%")) - return allErrs -} - -// ValidateRollingUpdateDeployment validates a given RollingUpdateDeployment. -func ValidateRollingUpdateDeployment(rollingUpdate *apps.RollingUpdateDeployment, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidatePositiveIntOrPercent(rollingUpdate.MaxUnavailable, fldPath.Child("maxUnavailable"))...) - allErrs = append(allErrs, ValidatePositiveIntOrPercent(rollingUpdate.MaxSurge, fldPath.Child("maxSurge"))...) - if getIntOrPercentValue(rollingUpdate.MaxUnavailable) == 0 && getIntOrPercentValue(rollingUpdate.MaxSurge) == 0 { - // Both MaxSurge and MaxUnavailable cannot be zero. - allErrs = append(allErrs, field.Invalid(fldPath.Child("maxUnavailable"), rollingUpdate.MaxUnavailable, "may not be 0 when `maxSurge` is 0")) - } - // Validate that MaxUnavailable is not more than 100%. - allErrs = append(allErrs, IsNotMoreThan100Percent(rollingUpdate.MaxUnavailable, fldPath.Child("maxUnavailable"))...) - return allErrs -} - -// ValidateDeploymentStrategy validates given DeploymentStrategy. -func ValidateDeploymentStrategy(strategy *apps.DeploymentStrategy, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - switch strategy.Type { - case apps.RecreateDeploymentStrategyType: - if strategy.RollingUpdate != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("rollingUpdate"), "may not be specified when strategy `type` is '"+string(apps.RecreateDeploymentStrategyType+"'"))) - } - case apps.RollingUpdateDeploymentStrategyType: - // This should never happen since it's set and checked in defaults.go - if strategy.RollingUpdate == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("rollingUpdate"), "this should be defaulted and never be nil")) - } else { - allErrs = append(allErrs, ValidateRollingUpdateDeployment(strategy.RollingUpdate, fldPath.Child("rollingUpdate"))...) - } - default: - validValues := []string{string(apps.RecreateDeploymentStrategyType), string(apps.RollingUpdateDeploymentStrategyType)} - allErrs = append(allErrs, field.NotSupported(fldPath, strategy, validValues)) - } - return allErrs -} - -// ValidateRollback validates given RollbackConfig. -func ValidateRollback(rollback *apps.RollbackConfig, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - v := rollback.Revision - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(v), fldPath.Child("version"))...) - return allErrs -} - -// ValidateDeploymentSpec validates given deployment spec. -func ValidateDeploymentSpec(spec *apps.DeploymentSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.Replicas), fldPath.Child("replicas"))...) - - if spec.Selector == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("selector"), "")) - } else { - // validate selector strictly, spec.selector was always required to pass LabelSelectorAsSelector below - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, unversionedvalidation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false}, fldPath.Child("selector"))...) - if len(spec.Selector.MatchLabels)+len(spec.Selector.MatchExpressions) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "empty selector is invalid for deployment")) - } - } - - selector, err := metav1.LabelSelectorAsSelector(spec.Selector) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "invalid label selector")) - } else { - allErrs = append(allErrs, ValidatePodTemplateSpecForReplicaSet(&spec.Template, selector, spec.Replicas, fldPath.Child("template"), opts)...) - } - - allErrs = append(allErrs, ValidateDeploymentStrategy(&spec.Strategy, fldPath.Child("strategy"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.MinReadySeconds), fldPath.Child("minReadySeconds"))...) - if spec.RevisionHistoryLimit != nil { - // zero is a valid RevisionHistoryLimit - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.RevisionHistoryLimit), fldPath.Child("revisionHistoryLimit"))...) - } - if spec.RollbackTo != nil { - allErrs = append(allErrs, ValidateRollback(spec.RollbackTo, fldPath.Child("rollback"))...) - } - if spec.ProgressDeadlineSeconds != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.ProgressDeadlineSeconds), fldPath.Child("progressDeadlineSeconds"))...) - if *spec.ProgressDeadlineSeconds <= spec.MinReadySeconds { - allErrs = append(allErrs, field.Invalid(fldPath.Child("progressDeadlineSeconds"), spec.ProgressDeadlineSeconds, "must be greater than minReadySeconds")) - } - } - return allErrs -} - -// ValidateDeploymentStatus validates given deployment status. -func ValidateDeploymentStatus(status *apps.DeploymentStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(status.ObservedGeneration, fldPath.Child("observedGeneration"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Replicas), fldPath.Child("replicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.UpdatedReplicas), fldPath.Child("updatedReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.ReadyReplicas), fldPath.Child("readyReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.AvailableReplicas), fldPath.Child("availableReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.UnavailableReplicas), fldPath.Child("unavailableReplicas"))...) - if status.CollisionCount != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*status.CollisionCount), fldPath.Child("collisionCount"))...) - } - msg := "cannot be greater than status.replicas" - if status.UpdatedReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("updatedReplicas"), status.UpdatedReplicas, msg)) - } - if status.ReadyReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("readyReplicas"), status.ReadyReplicas, msg)) - } - if status.AvailableReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("availableReplicas"), status.AvailableReplicas, msg)) - } - if status.AvailableReplicas > status.ReadyReplicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("availableReplicas"), status.AvailableReplicas, "cannot be greater than readyReplicas")) - } - return allErrs -} - -// ValidateDeploymentUpdate tests if an update to a Deployment is valid. -func ValidateDeploymentUpdate(update, old *apps.Deployment, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateDeploymentSpec(&update.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateDeploymentStatusUpdate tests if a an update to a Deployment status -// is valid. -func ValidateDeploymentStatusUpdate(update, old *apps.Deployment) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata")) - fldPath := field.NewPath("status") - allErrs = append(allErrs, ValidateDeploymentStatus(&update.Status, fldPath)...) - if apivalidation.IsDecremented(update.Status.CollisionCount, old.Status.CollisionCount) { - value := int32(0) - if update.Status.CollisionCount != nil { - value = *update.Status.CollisionCount - } - allErrs = append(allErrs, field.Invalid(fldPath.Child("collisionCount"), value, "cannot be decremented")) - } - return allErrs -} - -// ValidateDeployment validates a given Deployment. -func ValidateDeployment(obj *apps.Deployment, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&obj.ObjectMeta, true, ValidateDeploymentName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateDeploymentSpec(&obj.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateDeploymentRollback validates a given DeploymentRollback. -func ValidateDeploymentRollback(obj *apps.DeploymentRollback) field.ErrorList { - allErrs := apivalidation.ValidateAnnotations(obj.UpdatedAnnotations, field.NewPath("updatedAnnotations")) - if len(obj.Name) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("name"), "name is required")) - } - allErrs = append(allErrs, ValidateRollback(&obj.RollbackTo, field.NewPath("rollback"))...) - return allErrs -} - -// ValidateReplicaSetName can be used to check whether the given ReplicaSet -// name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateReplicaSetName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateReplicaSet tests if required fields in the ReplicaSet are set. -func ValidateReplicaSet(rs *apps.ReplicaSet, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&rs.ObjectMeta, true, ValidateReplicaSetName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateReplicaSetSpec(&rs.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateReplicaSetUpdate tests if required fields in the ReplicaSet are set. -func ValidateReplicaSetUpdate(rs, oldRs *apps.ReplicaSet, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&rs.ObjectMeta, &oldRs.ObjectMeta, field.NewPath("metadata"))...) - allErrs = append(allErrs, ValidateReplicaSetSpec(&rs.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateReplicaSetStatusUpdate tests if required fields in the ReplicaSet are set. -func ValidateReplicaSetStatusUpdate(rs, oldRs *apps.ReplicaSet) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&rs.ObjectMeta, &oldRs.ObjectMeta, field.NewPath("metadata"))...) - allErrs = append(allErrs, ValidateReplicaSetStatus(rs.Status, field.NewPath("status"))...) - return allErrs -} - -// ValidateReplicaSetStatus validates a given ReplicaSetStatus. -func ValidateReplicaSetStatus(status apps.ReplicaSetStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Replicas), fldPath.Child("replicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.FullyLabeledReplicas), fldPath.Child("fullyLabeledReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.ReadyReplicas), fldPath.Child("readyReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.AvailableReplicas), fldPath.Child("availableReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.ObservedGeneration), fldPath.Child("observedGeneration"))...) - msg := "cannot be greater than status.replicas" - if status.FullyLabeledReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("fullyLabeledReplicas"), status.FullyLabeledReplicas, msg)) - } - if status.ReadyReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("readyReplicas"), status.ReadyReplicas, msg)) - } - if status.AvailableReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("availableReplicas"), status.AvailableReplicas, msg)) - } - if status.AvailableReplicas > status.ReadyReplicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("availableReplicas"), status.AvailableReplicas, "cannot be greater than readyReplicas")) - } - return allErrs -} - -// ValidateReplicaSetSpec tests if required fields in the ReplicaSet spec are set. -func ValidateReplicaSetSpec(spec *apps.ReplicaSetSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.Replicas), fldPath.Child("replicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.MinReadySeconds), fldPath.Child("minReadySeconds"))...) - - if spec.Selector == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("selector"), "")) - } else { - // validate selector strictly, spec.selector was always required to pass LabelSelectorAsSelector below - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, unversionedvalidation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false}, fldPath.Child("selector"))...) - if len(spec.Selector.MatchLabels)+len(spec.Selector.MatchExpressions) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "empty selector is invalid for deployment")) - } - } - - selector, err := metav1.LabelSelectorAsSelector(spec.Selector) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("selector"), spec.Selector, "invalid label selector")) - } else { - allErrs = append(allErrs, ValidatePodTemplateSpecForReplicaSet(&spec.Template, selector, spec.Replicas, fldPath.Child("template"), opts)...) - } - return allErrs -} - -// ValidatePodTemplateSpecForReplicaSet validates the given template and ensures that it is in accordance with the desired selector and replicas. -func ValidatePodTemplateSpecForReplicaSet(template *api.PodTemplateSpec, selector labels.Selector, replicas int32, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if template == nil { - allErrs = append(allErrs, field.Required(fldPath, "")) - } else { - if !selector.Empty() { - // Verify that the ReplicaSet selector matches the labels in template. - labels := labels.Set(template.Labels) - if !selector.Matches(labels) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata", "labels"), template.Labels, "`selector` does not match template `labels`")) - } - } - allErrs = append(allErrs, apivalidation.ValidatePodTemplateSpec(template, fldPath, opts)...) - if replicas > 1 { - allErrs = append(allErrs, apivalidation.ValidateReadOnlyPersistentDisks(template.Spec.Volumes, fldPath.Child("spec", "volumes"))...) - } - // RestartPolicy has already been first-order validated as per ValidatePodTemplateSpec(). - if template.Spec.RestartPolicy != api.RestartPolicyAlways { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("spec", "restartPolicy"), template.Spec.RestartPolicy, []string{string(api.RestartPolicyAlways)})) - } - if template.Spec.ActiveDeadlineSeconds != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("spec", "activeDeadlineSeconds"), "activeDeadlineSeconds in ReplicaSet is not Supported")) - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/zz_generated.deepcopy.go deleted file mode 100644 index 3353f12507..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/apps/zz_generated.deepcopy.go +++ /dev/null @@ -1,850 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package apps - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ControllerRevision) DeepCopyInto(out *ControllerRevision) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Data != nil { - out.Data = in.Data.DeepCopyObject() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerRevision. -func (in *ControllerRevision) DeepCopy() *ControllerRevision { - if in == nil { - return nil - } - out := new(ControllerRevision) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ControllerRevision) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ControllerRevisionList) DeepCopyInto(out *ControllerRevisionList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ControllerRevision, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerRevisionList. -func (in *ControllerRevisionList) DeepCopy() *ControllerRevisionList { - if in == nil { - return nil - } - out := new(ControllerRevisionList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ControllerRevisionList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DaemonSet) DeepCopyInto(out *DaemonSet) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonSet. -func (in *DaemonSet) DeepCopy() *DaemonSet { - if in == nil { - return nil - } - out := new(DaemonSet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DaemonSet) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DaemonSetCondition) DeepCopyInto(out *DaemonSetCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonSetCondition. -func (in *DaemonSetCondition) DeepCopy() *DaemonSetCondition { - if in == nil { - return nil - } - out := new(DaemonSetCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DaemonSetList) DeepCopyInto(out *DaemonSetList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]DaemonSet, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonSetList. -func (in *DaemonSetList) DeepCopy() *DaemonSetList { - if in == nil { - return nil - } - out := new(DaemonSetList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DaemonSetList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DaemonSetSpec) DeepCopyInto(out *DaemonSetSpec) { - *out = *in - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - in.Template.DeepCopyInto(&out.Template) - in.UpdateStrategy.DeepCopyInto(&out.UpdateStrategy) - if in.RevisionHistoryLimit != nil { - in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonSetSpec. -func (in *DaemonSetSpec) DeepCopy() *DaemonSetSpec { - if in == nil { - return nil - } - out := new(DaemonSetSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DaemonSetStatus) DeepCopyInto(out *DaemonSetStatus) { - *out = *in - if in.CollisionCount != nil { - in, out := &in.CollisionCount, &out.CollisionCount - *out = new(int32) - **out = **in - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]DaemonSetCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonSetStatus. -func (in *DaemonSetStatus) DeepCopy() *DaemonSetStatus { - if in == nil { - return nil - } - out := new(DaemonSetStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DaemonSetUpdateStrategy) DeepCopyInto(out *DaemonSetUpdateStrategy) { - *out = *in - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(RollingUpdateDaemonSet) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonSetUpdateStrategy. -func (in *DaemonSetUpdateStrategy) DeepCopy() *DaemonSetUpdateStrategy { - if in == nil { - return nil - } - out := new(DaemonSetUpdateStrategy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Deployment) DeepCopyInto(out *Deployment) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Deployment. -func (in *Deployment) DeepCopy() *Deployment { - if in == nil { - return nil - } - out := new(Deployment) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Deployment) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeploymentCondition) DeepCopyInto(out *DeploymentCondition) { - *out = *in - in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentCondition. -func (in *DeploymentCondition) DeepCopy() *DeploymentCondition { - if in == nil { - return nil - } - out := new(DeploymentCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeploymentList) DeepCopyInto(out *DeploymentList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Deployment, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentList. -func (in *DeploymentList) DeepCopy() *DeploymentList { - if in == nil { - return nil - } - out := new(DeploymentList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DeploymentList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeploymentRollback) DeepCopyInto(out *DeploymentRollback) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.UpdatedAnnotations != nil { - in, out := &in.UpdatedAnnotations, &out.UpdatedAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - out.RollbackTo = in.RollbackTo - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentRollback. -func (in *DeploymentRollback) DeepCopy() *DeploymentRollback { - if in == nil { - return nil - } - out := new(DeploymentRollback) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DeploymentRollback) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) { - *out = *in - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - in.Template.DeepCopyInto(&out.Template) - in.Strategy.DeepCopyInto(&out.Strategy) - if in.RevisionHistoryLimit != nil { - in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit - *out = new(int32) - **out = **in - } - if in.RollbackTo != nil { - in, out := &in.RollbackTo, &out.RollbackTo - *out = new(RollbackConfig) - **out = **in - } - if in.ProgressDeadlineSeconds != nil { - in, out := &in.ProgressDeadlineSeconds, &out.ProgressDeadlineSeconds - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpec. -func (in *DeploymentSpec) DeepCopy() *DeploymentSpec { - if in == nil { - return nil - } - out := new(DeploymentSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]DeploymentCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.CollisionCount != nil { - in, out := &in.CollisionCount, &out.CollisionCount - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentStatus. -func (in *DeploymentStatus) DeepCopy() *DeploymentStatus { - if in == nil { - return nil - } - out := new(DeploymentStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeploymentStrategy) DeepCopyInto(out *DeploymentStrategy) { - *out = *in - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(RollingUpdateDeployment) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentStrategy. -func (in *DeploymentStrategy) DeepCopy() *DeploymentStrategy { - if in == nil { - return nil - } - out := new(DeploymentStrategy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicaSet) DeepCopyInto(out *ReplicaSet) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSet. -func (in *ReplicaSet) DeepCopy() *ReplicaSet { - if in == nil { - return nil - } - out := new(ReplicaSet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ReplicaSet) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicaSetCondition) DeepCopyInto(out *ReplicaSetCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSetCondition. -func (in *ReplicaSetCondition) DeepCopy() *ReplicaSetCondition { - if in == nil { - return nil - } - out := new(ReplicaSetCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicaSetList) DeepCopyInto(out *ReplicaSetList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ReplicaSet, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSetList. -func (in *ReplicaSetList) DeepCopy() *ReplicaSetList { - if in == nil { - return nil - } - out := new(ReplicaSetList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ReplicaSetList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicaSetSpec) DeepCopyInto(out *ReplicaSetSpec) { - *out = *in - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - in.Template.DeepCopyInto(&out.Template) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSetSpec. -func (in *ReplicaSetSpec) DeepCopy() *ReplicaSetSpec { - if in == nil { - return nil - } - out := new(ReplicaSetSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicaSetStatus) DeepCopyInto(out *ReplicaSetStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]ReplicaSetCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSetStatus. -func (in *ReplicaSetStatus) DeepCopy() *ReplicaSetStatus { - if in == nil { - return nil - } - out := new(ReplicaSetStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RollbackConfig) DeepCopyInto(out *RollbackConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RollbackConfig. -func (in *RollbackConfig) DeepCopy() *RollbackConfig { - if in == nil { - return nil - } - out := new(RollbackConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RollingUpdateDaemonSet) DeepCopyInto(out *RollingUpdateDaemonSet) { - *out = *in - out.MaxUnavailable = in.MaxUnavailable - out.MaxSurge = in.MaxSurge - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RollingUpdateDaemonSet. -func (in *RollingUpdateDaemonSet) DeepCopy() *RollingUpdateDaemonSet { - if in == nil { - return nil - } - out := new(RollingUpdateDaemonSet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RollingUpdateDeployment) DeepCopyInto(out *RollingUpdateDeployment) { - *out = *in - out.MaxUnavailable = in.MaxUnavailable - out.MaxSurge = in.MaxSurge - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RollingUpdateDeployment. -func (in *RollingUpdateDeployment) DeepCopy() *RollingUpdateDeployment { - if in == nil { - return nil - } - out := new(RollingUpdateDeployment) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RollingUpdateStatefulSetStrategy) DeepCopyInto(out *RollingUpdateStatefulSetStrategy) { - *out = *in - if in.MaxUnavailable != nil { - in, out := &in.MaxUnavailable, &out.MaxUnavailable - *out = new(intstr.IntOrString) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RollingUpdateStatefulSetStrategy. -func (in *RollingUpdateStatefulSetStrategy) DeepCopy() *RollingUpdateStatefulSetStrategy { - if in == nil { - return nil - } - out := new(RollingUpdateStatefulSetStrategy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSet) DeepCopyInto(out *StatefulSet) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSet. -func (in *StatefulSet) DeepCopy() *StatefulSet { - if in == nil { - return nil - } - out := new(StatefulSet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *StatefulSet) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSetCondition) DeepCopyInto(out *StatefulSetCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetCondition. -func (in *StatefulSetCondition) DeepCopy() *StatefulSetCondition { - if in == nil { - return nil - } - out := new(StatefulSetCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSetList) DeepCopyInto(out *StatefulSetList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]StatefulSet, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetList. -func (in *StatefulSetList) DeepCopy() *StatefulSetList { - if in == nil { - return nil - } - out := new(StatefulSetList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *StatefulSetList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSetOrdinals) DeepCopyInto(out *StatefulSetOrdinals) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetOrdinals. -func (in *StatefulSetOrdinals) DeepCopy() *StatefulSetOrdinals { - if in == nil { - return nil - } - out := new(StatefulSetOrdinals) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSetPersistentVolumeClaimRetentionPolicy) DeepCopyInto(out *StatefulSetPersistentVolumeClaimRetentionPolicy) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetPersistentVolumeClaimRetentionPolicy. -func (in *StatefulSetPersistentVolumeClaimRetentionPolicy) DeepCopy() *StatefulSetPersistentVolumeClaimRetentionPolicy { - if in == nil { - return nil - } - out := new(StatefulSetPersistentVolumeClaimRetentionPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSetSpec) DeepCopyInto(out *StatefulSetSpec) { - *out = *in - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - in.Template.DeepCopyInto(&out.Template) - if in.VolumeClaimTemplates != nil { - in, out := &in.VolumeClaimTemplates, &out.VolumeClaimTemplates - *out = make([]core.PersistentVolumeClaim, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - in.UpdateStrategy.DeepCopyInto(&out.UpdateStrategy) - if in.RevisionHistoryLimit != nil { - in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit - *out = new(int32) - **out = **in - } - if in.PersistentVolumeClaimRetentionPolicy != nil { - in, out := &in.PersistentVolumeClaimRetentionPolicy, &out.PersistentVolumeClaimRetentionPolicy - *out = new(StatefulSetPersistentVolumeClaimRetentionPolicy) - **out = **in - } - if in.Ordinals != nil { - in, out := &in.Ordinals, &out.Ordinals - *out = new(StatefulSetOrdinals) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetSpec. -func (in *StatefulSetSpec) DeepCopy() *StatefulSetSpec { - if in == nil { - return nil - } - out := new(StatefulSetSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSetStatus) DeepCopyInto(out *StatefulSetStatus) { - *out = *in - if in.ObservedGeneration != nil { - in, out := &in.ObservedGeneration, &out.ObservedGeneration - *out = new(int64) - **out = **in - } - if in.CollisionCount != nil { - in, out := &in.CollisionCount, &out.CollisionCount - *out = new(int32) - **out = **in - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]StatefulSetCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetStatus. -func (in *StatefulSetStatus) DeepCopy() *StatefulSetStatus { - if in == nil { - return nil - } - out := new(StatefulSetStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StatefulSetUpdateStrategy) DeepCopyInto(out *StatefulSetUpdateStrategy) { - *out = *in - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(RollingUpdateStatefulSetStrategy) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetUpdateStrategy. -func (in *StatefulSetUpdateStrategy) DeepCopy() *StatefulSetUpdateStrategy { - if in == nil { - return nil - } - out := new(StatefulSetUpdateStrategy) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/OWNERS deleted file mode 100644 index 4dfbb98aec..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-authenticators-approvers - - sig-auth-authenticators-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/doc.go deleted file mode 100644 index b86561616e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=authentication.k8s.io - -package authentication // import "k8s.io/kubernetes/pkg/apis/authentication" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/install/install.go deleted file mode 100644 index 2781007a14..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/authentication" - "k8s.io/kubernetes/pkg/apis/authentication/v1" - "k8s.io/kubernetes/pkg/apis/authentication/v1alpha1" - "k8s.io/kubernetes/pkg/apis/authentication/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(authentication.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion, v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/register.go deleted file mode 100644 index b672c14e0e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/register.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authentication - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &TokenReview{}, - &TokenRequest{}, - &SelfSubjectReview{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/types.go deleted file mode 100644 index d38e2169f3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/types.go +++ /dev/null @@ -1,183 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authentication - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" -) - -const ( - // ImpersonateUserHeader is used to impersonate a particular user during an API server request - ImpersonateUserHeader = "Impersonate-User" - - // ImpersonateUIDHeader is used to impersonate a particular UID during an API server request. - ImpersonateUidHeader = "Impersonate-Uid" - - // ImpersonateGroupHeader is used to impersonate a particular group during an API server request. - // It can be repeated multiplied times for multiple groups. - ImpersonateGroupHeader = "Impersonate-Group" - - // ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the - // extra map[string][]string for user.Info. The key will be every after the prefix. - // It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple - // times to have multiple elements in the slice under a single key - ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// TokenReview attempts to authenticate a token to a known user. -type TokenReview struct { - metav1.TypeMeta - // ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock - // REST handler paths work - metav1.ObjectMeta - - // Spec holds information about the request being evaluated - Spec TokenReviewSpec - - // Status is filled in by the server and indicates whether the request can be authenticated. - Status TokenReviewStatus -} - -// TokenReviewSpec is a description of the token authentication request. -type TokenReviewSpec struct { - // Token is the opaque bearer token. - Token string `datapolicy:"token"` - // Audiences is a list of the identifiers that the resource server presented - // with the token identifies as. Audience-aware token authenticators will - // verify that the token was intended for at least one of the audiences in - // this list. If no audiences are provided, the audience will default to the - // audience of the Kubernetes apiserver. - Audiences []string -} - -// TokenReviewStatus is the result of the token authentication request. -// This type mirrors the authentication.Token interface -type TokenReviewStatus struct { - // Authenticated indicates that the token was associated with a known user. - Authenticated bool - // User is the UserInfo associated with the provided token. - User UserInfo - // Audiences are audience identifiers chosen by the authenticator that are - // compatible with both the TokenReview and token. An identifier is any - // identifier in the intersection of the TokenReviewSpec audiences and the - // token's audiences. A client of the TokenReview API that sets the - // spec.audiences field should validate that a compatible audience identifier - // is returned in the status.audiences field to ensure that the TokenReview - // server is audience aware. If a TokenReview returns an empty - // status.audience field where status.authenticated is "true", the token is - // valid against the audience of the Kubernetes API server. - Audiences []string - // Error indicates that the token couldn't be checked - Error string -} - -// UserInfo holds the information about the user needed to implement the -// user.Info interface. -type UserInfo struct { - // The name that uniquely identifies this user among all active users. - Username string - // A unique value that identifies this user across time. If this user is - // deleted and another user by the same name is added, they will have - // different UIDs. - UID string - // The names of groups this user is a part of. - Groups []string - // Any additional information provided by the authenticator. - Extra map[string]ExtraValue -} - -// ExtraValue masks the value so protobuf can generate -type ExtraValue []string - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// TokenRequest requests a token for a given service account. -type TokenRequest struct { - metav1.TypeMeta - // ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock - // REST handler paths work - metav1.ObjectMeta - - Spec TokenRequestSpec - Status TokenRequestStatus -} - -// TokenRequestSpec contains client provided parameters of a token request. -type TokenRequestSpec struct { - // Audiences are the intended audiences of the token. A recipient of a - // token must identify themself with an identifier in the list of - // audiences of the token, and otherwise should reject the token. A - // token issued for multiple audiences may be used to authenticate - // against any of the audiences listed but implies a high degree of - // trust between the target audiences. - Audiences []string - - // ExpirationSeconds is the requested duration of validity of the request. The - // token issuer may return a token with a different validity duration so a - // client needs to check the 'expiration' field in a response. - ExpirationSeconds int64 - - // BoundObjectRef is a reference to an object that the token will be bound to. - // The token will only be valid for as long as the bound object exists. - // NOTE: The API server's TokenReview endpoint will validate the - // BoundObjectRef, but other audiences may not. Keep ExpirationSeconds - // small if you want prompt revocation. - BoundObjectRef *BoundObjectReference -} - -// TokenRequestStatus is the result of a token request. -type TokenRequestStatus struct { - // Token is the opaque bearer token. - Token string `datapolicy:"token"` - // ExpirationTimestamp is the time of expiration of the returned token. - ExpirationTimestamp metav1.Time -} - -// BoundObjectReference is a reference to an object that a token is bound to. -type BoundObjectReference struct { - // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. - Kind string - // API version of the referent. - APIVersion string - - // Name of the referent. - Name string - // UID of the referent. - UID types.UID -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. -// When using impersonation, users will receive the user info of the user being impersonated. -type SelfSubjectReview struct { - metav1.TypeMeta - // ObjectMeta fulfills the metav1.ObjectMetaAccessor interface so that the stock. - // REST handler paths work. - metav1.ObjectMeta - // Status is filled in by the server with the user attributes. - Status SelfSubjectReviewStatus -} - -// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user. -type SelfSubjectReviewStatus struct { - // User attributes of the user making this request. - UserInfo UserInfo -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/conversion.go deleted file mode 100644 index 8088edeb41..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/conversion.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - v1 "k8s.io/api/authentication/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - authentication "k8s.io/kubernetes/pkg/apis/authentication" -) - -// Convert_v1_UserInfo_To_authentication_UserInfo is defined outside the autogenerated file for use by other API packages -func Convert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error { - return autoConvert_v1_UserInfo_To_authentication_UserInfo(in, out, s) -} - -// Convert_authentication_UserInfo_To_v1_UserInfo is defined outside the autogenerated file for use by other API packages -func Convert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error { - return autoConvert_authentication_UserInfo_To_v1_UserInfo(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/defaults.go deleted file mode 100644 index b9448624ee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - authenticationv1 "k8s.io/api/authentication/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_TokenRequestSpec(obj *authenticationv1.TokenRequestSpec) { - if obj.ExpirationSeconds == nil { - hour := int64(60 * 60) - obj.ExpirationSeconds = &hour - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/doc.go deleted file mode 100644 index a53c4d6ddf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/authentication -// +k8s:conversion-gen-external-types=k8s.io/api/authentication/v1 -// +groupName=authentication.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/authentication/v1 - -package v1 // import "k8s.io/kubernetes/pkg/apis/authentication/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/register.go deleted file mode 100644 index b2f22b9a35..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - authenticationv1 "k8s.io/api/authentication/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &authenticationv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/zz_generated.conversion.go deleted file mode 100644 index 24bbaa6881..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/zz_generated.conversion.go +++ /dev/null @@ -1,331 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - authentication "k8s.io/kubernetes/pkg/apis/authentication" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.BoundObjectReference)(nil), (*authentication.BoundObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_BoundObjectReference_To_authentication_BoundObjectReference(a.(*v1.BoundObjectReference), b.(*authentication.BoundObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.BoundObjectReference)(nil), (*v1.BoundObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_BoundObjectReference_To_v1_BoundObjectReference(a.(*authentication.BoundObjectReference), b.(*v1.BoundObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TokenRequest)(nil), (*authentication.TokenRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TokenRequest_To_authentication_TokenRequest(a.(*v1.TokenRequest), b.(*authentication.TokenRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenRequest)(nil), (*v1.TokenRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenRequest_To_v1_TokenRequest(a.(*authentication.TokenRequest), b.(*v1.TokenRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TokenRequestSpec)(nil), (*authentication.TokenRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(a.(*v1.TokenRequestSpec), b.(*authentication.TokenRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenRequestSpec)(nil), (*v1.TokenRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(a.(*authentication.TokenRequestSpec), b.(*v1.TokenRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TokenRequestStatus)(nil), (*authentication.TokenRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(a.(*v1.TokenRequestStatus), b.(*authentication.TokenRequestStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenRequestStatus)(nil), (*v1.TokenRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(a.(*authentication.TokenRequestStatus), b.(*v1.TokenRequestStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TokenReview)(nil), (*authentication.TokenReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TokenReview_To_authentication_TokenReview(a.(*v1.TokenReview), b.(*authentication.TokenReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenReview)(nil), (*v1.TokenReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenReview_To_v1_TokenReview(a.(*authentication.TokenReview), b.(*v1.TokenReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TokenReviewSpec)(nil), (*authentication.TokenReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(a.(*v1.TokenReviewSpec), b.(*authentication.TokenReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenReviewSpec)(nil), (*v1.TokenReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec(a.(*authentication.TokenReviewSpec), b.(*v1.TokenReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TokenReviewStatus)(nil), (*authentication.TokenReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus(a.(*v1.TokenReviewStatus), b.(*authentication.TokenReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenReviewStatus)(nil), (*v1.TokenReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus(a.(*authentication.TokenReviewStatus), b.(*v1.TokenReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*authentication.UserInfo)(nil), (*v1.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_UserInfo_To_v1_UserInfo(a.(*authentication.UserInfo), b.(*v1.UserInfo), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.UserInfo)(nil), (*authentication.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_UserInfo_To_authentication_UserInfo(a.(*v1.UserInfo), b.(*authentication.UserInfo), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_BoundObjectReference_To_authentication_BoundObjectReference(in *v1.BoundObjectReference, out *authentication.BoundObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.APIVersion = in.APIVersion - out.Name = in.Name - out.UID = types.UID(in.UID) - return nil -} - -// Convert_v1_BoundObjectReference_To_authentication_BoundObjectReference is an autogenerated conversion function. -func Convert_v1_BoundObjectReference_To_authentication_BoundObjectReference(in *v1.BoundObjectReference, out *authentication.BoundObjectReference, s conversion.Scope) error { - return autoConvert_v1_BoundObjectReference_To_authentication_BoundObjectReference(in, out, s) -} - -func autoConvert_authentication_BoundObjectReference_To_v1_BoundObjectReference(in *authentication.BoundObjectReference, out *v1.BoundObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.APIVersion = in.APIVersion - out.Name = in.Name - out.UID = types.UID(in.UID) - return nil -} - -// Convert_authentication_BoundObjectReference_To_v1_BoundObjectReference is an autogenerated conversion function. -func Convert_authentication_BoundObjectReference_To_v1_BoundObjectReference(in *authentication.BoundObjectReference, out *v1.BoundObjectReference, s conversion.Scope) error { - return autoConvert_authentication_BoundObjectReference_To_v1_BoundObjectReference(in, out, s) -} - -func autoConvert_v1_TokenRequest_To_authentication_TokenRequest(in *v1.TokenRequest, out *authentication.TokenRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_TokenRequest_To_authentication_TokenRequest is an autogenerated conversion function. -func Convert_v1_TokenRequest_To_authentication_TokenRequest(in *v1.TokenRequest, out *authentication.TokenRequest, s conversion.Scope) error { - return autoConvert_v1_TokenRequest_To_authentication_TokenRequest(in, out, s) -} - -func autoConvert_authentication_TokenRequest_To_v1_TokenRequest(in *authentication.TokenRequest, out *v1.TokenRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authentication_TokenRequest_To_v1_TokenRequest is an autogenerated conversion function. -func Convert_authentication_TokenRequest_To_v1_TokenRequest(in *authentication.TokenRequest, out *v1.TokenRequest, s conversion.Scope) error { - return autoConvert_authentication_TokenRequest_To_v1_TokenRequest(in, out, s) -} - -func autoConvert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(in *v1.TokenRequestSpec, out *authentication.TokenRequestSpec, s conversion.Scope) error { - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - if err := metav1.Convert_Pointer_int64_To_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil { - return err - } - out.BoundObjectRef = (*authentication.BoundObjectReference)(unsafe.Pointer(in.BoundObjectRef)) - return nil -} - -// Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec is an autogenerated conversion function. -func Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(in *v1.TokenRequestSpec, out *authentication.TokenRequestSpec, s conversion.Scope) error { - return autoConvert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(in, out, s) -} - -func autoConvert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(in *authentication.TokenRequestSpec, out *v1.TokenRequestSpec, s conversion.Scope) error { - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - if err := metav1.Convert_int64_To_Pointer_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil { - return err - } - out.BoundObjectRef = (*v1.BoundObjectReference)(unsafe.Pointer(in.BoundObjectRef)) - return nil -} - -// Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec is an autogenerated conversion function. -func Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(in *authentication.TokenRequestSpec, out *v1.TokenRequestSpec, s conversion.Scope) error { - return autoConvert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(in, out, s) -} - -func autoConvert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(in *v1.TokenRequestStatus, out *authentication.TokenRequestStatus, s conversion.Scope) error { - out.Token = in.Token - out.ExpirationTimestamp = in.ExpirationTimestamp - return nil -} - -// Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus is an autogenerated conversion function. -func Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(in *v1.TokenRequestStatus, out *authentication.TokenRequestStatus, s conversion.Scope) error { - return autoConvert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(in, out, s) -} - -func autoConvert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(in *authentication.TokenRequestStatus, out *v1.TokenRequestStatus, s conversion.Scope) error { - out.Token = in.Token - out.ExpirationTimestamp = in.ExpirationTimestamp - return nil -} - -// Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus is an autogenerated conversion function. -func Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(in *authentication.TokenRequestStatus, out *v1.TokenRequestStatus, s conversion.Scope) error { - return autoConvert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(in, out, s) -} - -func autoConvert_v1_TokenReview_To_authentication_TokenReview(in *v1.TokenReview, out *authentication.TokenReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_TokenReview_To_authentication_TokenReview is an autogenerated conversion function. -func Convert_v1_TokenReview_To_authentication_TokenReview(in *v1.TokenReview, out *authentication.TokenReview, s conversion.Scope) error { - return autoConvert_v1_TokenReview_To_authentication_TokenReview(in, out, s) -} - -func autoConvert_authentication_TokenReview_To_v1_TokenReview(in *authentication.TokenReview, out *v1.TokenReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authentication_TokenReview_To_v1_TokenReview is an autogenerated conversion function. -func Convert_authentication_TokenReview_To_v1_TokenReview(in *authentication.TokenReview, out *v1.TokenReview, s conversion.Scope) error { - return autoConvert_authentication_TokenReview_To_v1_TokenReview(in, out, s) -} - -func autoConvert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error { - out.Token = in.Token - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - return nil -} - -// Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec is an autogenerated conversion function. -func Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error { - return autoConvert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(in, out, s) -} - -func autoConvert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1.TokenReviewSpec, s conversion.Scope) error { - out.Token = in.Token - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - return nil -} - -// Convert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec is an autogenerated conversion function. -func Convert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1.TokenReviewSpec, s conversion.Scope) error { - return autoConvert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec(in, out, s) -} - -func autoConvert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus(in *v1.TokenReviewStatus, out *authentication.TokenReviewStatus, s conversion.Scope) error { - out.Authenticated = in.Authenticated - if err := Convert_v1_UserInfo_To_authentication_UserInfo(&in.User, &out.User, s); err != nil { - return err - } - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - out.Error = in.Error - return nil -} - -// Convert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus is an autogenerated conversion function. -func Convert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus(in *v1.TokenReviewStatus, out *authentication.TokenReviewStatus, s conversion.Scope) error { - return autoConvert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus(in, out, s) -} - -func autoConvert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus(in *authentication.TokenReviewStatus, out *v1.TokenReviewStatus, s conversion.Scope) error { - out.Authenticated = in.Authenticated - if err := Convert_authentication_UserInfo_To_v1_UserInfo(&in.User, &out.User, s); err != nil { - return err - } - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - out.Error = in.Error - return nil -} - -// Convert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus is an autogenerated conversion function. -func Convert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus(in *authentication.TokenReviewStatus, out *v1.TokenReviewStatus, s conversion.Scope) error { - return autoConvert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus(in, out, s) -} - -func autoConvert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error { - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]authentication.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} - -func autoConvert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error { - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]v1.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/zz_generated.defaults.go deleted file mode 100644 index e2ae4c314b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1/zz_generated.defaults.go +++ /dev/null @@ -1,39 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/authentication/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.TokenRequest{}, func(obj interface{}) { SetObjectDefaults_TokenRequest(obj.(*v1.TokenRequest)) }) - return nil -} - -func SetObjectDefaults_TokenRequest(in *v1.TokenRequest) { - SetDefaults_TokenRequestSpec(&in.Spec) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/defaults.go deleted file mode 100644 index c0de82c4bb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/doc.go deleted file mode 100644 index 1ac09a49c6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/authentication -// +k8s:conversion-gen-external-types=k8s.io/api/authentication/v1alpha1 -// +groupName=authentication.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/authentication/v1alpha1 - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/authentication/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/register.go deleted file mode 100644 index 0ca620e625..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &authenticationv1alpha1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 912778f2b5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,110 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/authentication/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - authentication "k8s.io/kubernetes/pkg/apis/authentication" - v1 "k8s.io/kubernetes/pkg/apis/authentication/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.SelfSubjectReview)(nil), (*authentication.SelfSubjectReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_SelfSubjectReview_To_authentication_SelfSubjectReview(a.(*v1alpha1.SelfSubjectReview), b.(*authentication.SelfSubjectReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.SelfSubjectReview)(nil), (*v1alpha1.SelfSubjectReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_SelfSubjectReview_To_v1alpha1_SelfSubjectReview(a.(*authentication.SelfSubjectReview), b.(*v1alpha1.SelfSubjectReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.SelfSubjectReviewStatus)(nil), (*authentication.SelfSubjectReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_SelfSubjectReviewStatus_To_authentication_SelfSubjectReviewStatus(a.(*v1alpha1.SelfSubjectReviewStatus), b.(*authentication.SelfSubjectReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.SelfSubjectReviewStatus)(nil), (*v1alpha1.SelfSubjectReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_SelfSubjectReviewStatus_To_v1alpha1_SelfSubjectReviewStatus(a.(*authentication.SelfSubjectReviewStatus), b.(*v1alpha1.SelfSubjectReviewStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_SelfSubjectReview_To_authentication_SelfSubjectReview(in *v1alpha1.SelfSubjectReview, out *authentication.SelfSubjectReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_SelfSubjectReviewStatus_To_authentication_SelfSubjectReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_SelfSubjectReview_To_authentication_SelfSubjectReview is an autogenerated conversion function. -func Convert_v1alpha1_SelfSubjectReview_To_authentication_SelfSubjectReview(in *v1alpha1.SelfSubjectReview, out *authentication.SelfSubjectReview, s conversion.Scope) error { - return autoConvert_v1alpha1_SelfSubjectReview_To_authentication_SelfSubjectReview(in, out, s) -} - -func autoConvert_authentication_SelfSubjectReview_To_v1alpha1_SelfSubjectReview(in *authentication.SelfSubjectReview, out *v1alpha1.SelfSubjectReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authentication_SelfSubjectReviewStatus_To_v1alpha1_SelfSubjectReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authentication_SelfSubjectReview_To_v1alpha1_SelfSubjectReview is an autogenerated conversion function. -func Convert_authentication_SelfSubjectReview_To_v1alpha1_SelfSubjectReview(in *authentication.SelfSubjectReview, out *v1alpha1.SelfSubjectReview, s conversion.Scope) error { - return autoConvert_authentication_SelfSubjectReview_To_v1alpha1_SelfSubjectReview(in, out, s) -} - -func autoConvert_v1alpha1_SelfSubjectReviewStatus_To_authentication_SelfSubjectReviewStatus(in *v1alpha1.SelfSubjectReviewStatus, out *authentication.SelfSubjectReviewStatus, s conversion.Scope) error { - if err := v1.Convert_v1_UserInfo_To_authentication_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_SelfSubjectReviewStatus_To_authentication_SelfSubjectReviewStatus is an autogenerated conversion function. -func Convert_v1alpha1_SelfSubjectReviewStatus_To_authentication_SelfSubjectReviewStatus(in *v1alpha1.SelfSubjectReviewStatus, out *authentication.SelfSubjectReviewStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_SelfSubjectReviewStatus_To_authentication_SelfSubjectReviewStatus(in, out, s) -} - -func autoConvert_authentication_SelfSubjectReviewStatus_To_v1alpha1_SelfSubjectReviewStatus(in *authentication.SelfSubjectReviewStatus, out *v1alpha1.SelfSubjectReviewStatus, s conversion.Scope) error { - if err := v1.Convert_authentication_UserInfo_To_v1_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil { - return err - } - return nil -} - -// Convert_authentication_SelfSubjectReviewStatus_To_v1alpha1_SelfSubjectReviewStatus is an autogenerated conversion function. -func Convert_authentication_SelfSubjectReviewStatus_To_v1alpha1_SelfSubjectReviewStatus(in *authentication.SelfSubjectReviewStatus, out *v1alpha1.SelfSubjectReviewStatus, s conversion.Scope) error { - return autoConvert_authentication_SelfSubjectReviewStatus_To_v1alpha1_SelfSubjectReviewStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/defaults.go deleted file mode 100644 index 37abb53bd2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/doc.go deleted file mode 100644 index 60dbc493ea..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/authentication -// +k8s:conversion-gen-external-types=k8s.io/api/authentication/v1beta1 -// +groupName=authentication.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/authentication/v1beta1 - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/authentication/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/register.go deleted file mode 100644 index b0fe3e57ed..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - authenticationv1beta1 "k8s.io/api/authentication/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &authenticationv1beta1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 0174d7b335..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,191 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/authentication/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - authentication "k8s.io/kubernetes/pkg/apis/authentication" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.TokenReview)(nil), (*authentication.TokenReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_TokenReview_To_authentication_TokenReview(a.(*v1beta1.TokenReview), b.(*authentication.TokenReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenReview)(nil), (*v1beta1.TokenReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenReview_To_v1beta1_TokenReview(a.(*authentication.TokenReview), b.(*v1beta1.TokenReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.TokenReviewSpec)(nil), (*authentication.TokenReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(a.(*v1beta1.TokenReviewSpec), b.(*authentication.TokenReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenReviewSpec)(nil), (*v1beta1.TokenReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec(a.(*authentication.TokenReviewSpec), b.(*v1beta1.TokenReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.TokenReviewStatus)(nil), (*authentication.TokenReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus(a.(*v1beta1.TokenReviewStatus), b.(*authentication.TokenReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.TokenReviewStatus)(nil), (*v1beta1.TokenReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus(a.(*authentication.TokenReviewStatus), b.(*v1beta1.TokenReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.UserInfo)(nil), (*authentication.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_UserInfo_To_authentication_UserInfo(a.(*v1beta1.UserInfo), b.(*authentication.UserInfo), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.UserInfo)(nil), (*v1beta1.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_UserInfo_To_v1beta1_UserInfo(a.(*authentication.UserInfo), b.(*v1beta1.UserInfo), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_TokenReview_To_authentication_TokenReview(in *v1beta1.TokenReview, out *authentication.TokenReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_TokenReview_To_authentication_TokenReview is an autogenerated conversion function. -func Convert_v1beta1_TokenReview_To_authentication_TokenReview(in *v1beta1.TokenReview, out *authentication.TokenReview, s conversion.Scope) error { - return autoConvert_v1beta1_TokenReview_To_authentication_TokenReview(in, out, s) -} - -func autoConvert_authentication_TokenReview_To_v1beta1_TokenReview(in *authentication.TokenReview, out *v1beta1.TokenReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authentication_TokenReview_To_v1beta1_TokenReview is an autogenerated conversion function. -func Convert_authentication_TokenReview_To_v1beta1_TokenReview(in *authentication.TokenReview, out *v1beta1.TokenReview, s conversion.Scope) error { - return autoConvert_authentication_TokenReview_To_v1beta1_TokenReview(in, out, s) -} - -func autoConvert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1beta1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error { - out.Token = in.Token - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - return nil -} - -// Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec is an autogenerated conversion function. -func Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1beta1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error { - return autoConvert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(in, out, s) -} - -func autoConvert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1beta1.TokenReviewSpec, s conversion.Scope) error { - out.Token = in.Token - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - return nil -} - -// Convert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec is an autogenerated conversion function. -func Convert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1beta1.TokenReviewSpec, s conversion.Scope) error { - return autoConvert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec(in, out, s) -} - -func autoConvert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus(in *v1beta1.TokenReviewStatus, out *authentication.TokenReviewStatus, s conversion.Scope) error { - out.Authenticated = in.Authenticated - if err := Convert_v1beta1_UserInfo_To_authentication_UserInfo(&in.User, &out.User, s); err != nil { - return err - } - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - out.Error = in.Error - return nil -} - -// Convert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus is an autogenerated conversion function. -func Convert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus(in *v1beta1.TokenReviewStatus, out *authentication.TokenReviewStatus, s conversion.Scope) error { - return autoConvert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus(in, out, s) -} - -func autoConvert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus(in *authentication.TokenReviewStatus, out *v1beta1.TokenReviewStatus, s conversion.Scope) error { - out.Authenticated = in.Authenticated - if err := Convert_authentication_UserInfo_To_v1beta1_UserInfo(&in.User, &out.User, s); err != nil { - return err - } - out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) - out.Error = in.Error - return nil -} - -// Convert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus is an autogenerated conversion function. -func Convert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus(in *authentication.TokenReviewStatus, out *v1beta1.TokenReviewStatus, s conversion.Scope) error { - return autoConvert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus(in, out, s) -} - -func autoConvert_v1beta1_UserInfo_To_authentication_UserInfo(in *v1beta1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error { - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]authentication.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} - -// Convert_v1beta1_UserInfo_To_authentication_UserInfo is an autogenerated conversion function. -func Convert_v1beta1_UserInfo_To_authentication_UserInfo(in *v1beta1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error { - return autoConvert_v1beta1_UserInfo_To_authentication_UserInfo(in, out, s) -} - -func autoConvert_authentication_UserInfo_To_v1beta1_UserInfo(in *authentication.UserInfo, out *v1beta1.UserInfo, s conversion.Scope) error { - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]v1beta1.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} - -// Convert_authentication_UserInfo_To_v1beta1_UserInfo is an autogenerated conversion function. -func Convert_authentication_UserInfo_To_v1beta1_UserInfo(in *authentication.UserInfo, out *v1beta1.UserInfo, s conversion.Scope) error { - return autoConvert_authentication_UserInfo_To_v1beta1_UserInfo(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 198b5be4af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/validation/validation.go deleted file mode 100644 index b174ddfc1e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/validation/validation.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package validation contains methods to validate kinds in the -// authentication.k8s.io API group. -package validation - -import ( - "time" - - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/authentication" -) - -// ValidateTokenRequest validates a TokenRequest. -func ValidateTokenRequest(tr *authentication.TokenRequest) field.ErrorList { - allErrs := field.ErrorList{} - specPath := field.NewPath("spec") - - const min = 10 * time.Minute - if tr.Spec.ExpirationSeconds < int64(min.Seconds()) { - allErrs = append(allErrs, field.Invalid(specPath.Child("expirationSeconds"), tr.Spec.ExpirationSeconds, "may not specify a duration less than 10 minutes")) - } - if tr.Spec.ExpirationSeconds > 1<<32 { - allErrs = append(allErrs, field.Invalid(specPath.Child("expirationSeconds"), tr.Spec.ExpirationSeconds, "may not specify a duration larger than 2^32 seconds")) - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/zz_generated.deepcopy.go deleted file mode 100644 index 9e1d752313..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authentication/zz_generated.deepcopy.go +++ /dev/null @@ -1,284 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package authentication - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference. -func (in *BoundObjectReference) DeepCopy() *BoundObjectReference { - if in == nil { - return nil - } - out := new(BoundObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in ExtraValue) DeepCopyInto(out *ExtraValue) { - { - in := &in - *out = make(ExtraValue, len(*in)) - copy(*out, *in) - return - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. -func (in ExtraValue) DeepCopy() ExtraValue { - if in == nil { - return nil - } - out := new(ExtraValue) - in.DeepCopyInto(out) - return *out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SelfSubjectReview) DeepCopyInto(out *SelfSubjectReview) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectReview. -func (in *SelfSubjectReview) DeepCopy() *SelfSubjectReview { - if in == nil { - return nil - } - out := new(SelfSubjectReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SelfSubjectReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SelfSubjectReviewStatus) DeepCopyInto(out *SelfSubjectReviewStatus) { - *out = *in - in.UserInfo.DeepCopyInto(&out.UserInfo) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectReviewStatus. -func (in *SelfSubjectReviewStatus) DeepCopy() *SelfSubjectReviewStatus { - if in == nil { - return nil - } - out := new(SelfSubjectReviewStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenRequest) DeepCopyInto(out *TokenRequest) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest. -func (in *TokenRequest) DeepCopy() *TokenRequest { - if in == nil { - return nil - } - out := new(TokenRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *TokenRequest) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec) { - *out = *in - if in.Audiences != nil { - in, out := &in.Audiences, &out.Audiences - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.BoundObjectRef != nil { - in, out := &in.BoundObjectRef, &out.BoundObjectRef - *out = new(BoundObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec. -func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec { - if in == nil { - return nil - } - out := new(TokenRequestSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus) { - *out = *in - in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus. -func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus { - if in == nil { - return nil - } - out := new(TokenRequestStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenReview) DeepCopyInto(out *TokenReview) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReview. -func (in *TokenReview) DeepCopy() *TokenReview { - if in == nil { - return nil - } - out := new(TokenReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *TokenReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec) { - *out = *in - if in.Audiences != nil { - in, out := &in.Audiences, &out.Audiences - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewSpec. -func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec { - if in == nil { - return nil - } - out := new(TokenReviewSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus) { - *out = *in - in.User.DeepCopyInto(&out.User) - if in.Audiences != nil { - in, out := &in.Audiences, &out.Audiences - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenReviewStatus. -func (in *TokenReviewStatus) DeepCopy() *TokenReviewStatus { - if in == nil { - return nil - } - out := new(TokenReviewStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UserInfo) DeepCopyInto(out *UserInfo) { - *out = *in - if in.Groups != nil { - in, out := &in.Groups, &out.Groups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Extra != nil { - in, out := &in.Extra, &out.Extra - *out = make(map[string]ExtraValue, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make(ExtraValue, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. -func (in *UserInfo) DeepCopy() *UserInfo { - if in == nil { - return nil - } - out := new(UserInfo) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/OWNERS deleted file mode 100644 index 2fa50ca5bd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-authorizers-approvers - - sig-auth-authorizers-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/doc.go deleted file mode 100644 index 896049861f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=authorization.k8s.io - -package authorization // import "k8s.io/kubernetes/pkg/apis/authorization" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/install/install.go deleted file mode 100644 index f9af4928da..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/authorization" - "k8s.io/kubernetes/pkg/apis/authorization/v1" - "k8s.io/kubernetes/pkg/apis/authorization/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(authorization.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/register.go deleted file mode 100644 index 3f91937ca2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/register.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorization - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "authorization.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &SelfSubjectRulesReview{}, - &SelfSubjectAccessReview{}, - &SubjectAccessReview{}, - &LocalSubjectAccessReview{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/types.go deleted file mode 100644 index 368f37e66f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/types.go +++ /dev/null @@ -1,218 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorization - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SubjectAccessReview checks whether or not a user or group can perform an action. Not filling in a -// spec.namespace means "in all namespaces". -type SubjectAccessReview struct { - metav1.TypeMeta - metav1.ObjectMeta - - // Spec holds information about the request being evaluated - Spec SubjectAccessReviewSpec - - // Status is filled in by the server and indicates whether the request is allowed or not - Status SubjectAccessReviewStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a -// spec.namespace means "in all namespaces". Self is a special case, because users should always be able -// to check whether they can perform an action -type SelfSubjectAccessReview struct { - metav1.TypeMeta - metav1.ObjectMeta - - // Spec holds information about the request being evaluated. - Spec SelfSubjectAccessReviewSpec - - // Status is filled in by the server and indicates whether the request is allowed or not - Status SubjectAccessReviewStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. -// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions -// checking. -type LocalSubjectAccessReview struct { - metav1.TypeMeta - metav1.ObjectMeta - - // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace - // you made the request against. If empty, it is defaulted. - Spec SubjectAccessReviewSpec - - // Status is filled in by the server and indicates whether the request is allowed or not - Status SubjectAccessReviewStatus -} - -// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface -type ResourceAttributes struct { - // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces - // "" (empty) is defaulted for LocalSubjectAccessReviews - // "" (empty) is empty for cluster-scoped resources - // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview - Namespace string - // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. - Verb string - // Group is the API Group of the Resource. "*" means all. - Group string - // Version is the API Version of the Resource. "*" means all. - Version string - // Resource is one of the existing resource types. "*" means all. - Resource string - // Subresource is one of the existing resource types. "" means none. - Subresource string - // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. - Name string -} - -// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface -type NonResourceAttributes struct { - // Path is the URL path of the request - Path string - // Verb is the standard HTTP verb - Verb string -} - -// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes -// and NonResourceAttributes must be set -type SubjectAccessReviewSpec struct { - // ResourceAttributes describes information for a resource access request - ResourceAttributes *ResourceAttributes - // NonResourceAttributes describes information for a non-resource access request - NonResourceAttributes *NonResourceAttributes - - // User is the user you're testing for. - // If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups - User string - // Groups is the groups you're testing for. - Groups []string - // Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer - // it needs a reflection here. - Extra map[string]ExtraValue - // UID information about the requesting user. - UID string -} - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -type ExtraValue []string - -// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes -// and NonResourceAttributes must be set -type SelfSubjectAccessReviewSpec struct { - // ResourceAttributes describes information for a resource access request - ResourceAttributes *ResourceAttributes - // NonResourceAttributes describes information for a non-resource access request - NonResourceAttributes *NonResourceAttributes -} - -// SubjectAccessReviewStatus represents the current state of a SubjectAccessReview. -type SubjectAccessReviewStatus struct { - // Allowed is required. True if the action would be allowed, false otherwise. - Allowed bool - // Denied is optional. True if the action would be denied, otherwise - // false. If both allowed is false and denied is false, then the - // authorizer has no opinion on whether to authorize the action. Denied - // may not be true if Allowed is true. - Denied bool - // Reason is optional. It indicates why a request was allowed or denied. - Reason string - // EvaluationError is an indication that some error occurred during the authorization check. - // It is entirely possible to get an error and be able to continue determine authorization status in spite of it. - // For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request. - EvaluationError string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. -// The returned list of actions may be incomplete depending on the server's authorization mode, -// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, -// or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to -// drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. -// SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. -type SelfSubjectRulesReview struct { - metav1.TypeMeta - metav1.ObjectMeta - - // Spec holds information about the request being evaluated. - Spec SelfSubjectRulesReviewSpec - - // Status is filled in by the server and indicates the set of actions a user can perform. - Status SubjectRulesReviewStatus -} - -// SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview. -type SelfSubjectRulesReviewSpec struct { - // Namespace to evaluate rules for. Required. - Namespace string -} - -// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on -// the set of authorizers the server is configured with and any errors experienced during evaluation. -// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, -// even if that list is incomplete. -type SubjectRulesReviewStatus struct { - // ResourceRules is the list of actions the subject is allowed to perform on resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - ResourceRules []ResourceRule - // NonResourceRules is the list of actions the subject is allowed to perform on non-resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - NonResourceRules []NonResourceRule - // Incomplete is true when the rules returned by this call are incomplete. This is most commonly - // encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation. - Incomplete bool - // EvaluationError can appear in combination with Rules. It indicates an error occurred during - // rule evaluation, such as an authorizer that doesn't support rule evaluation, and that - // ResourceRules and/or NonResourceRules may be incomplete. - EvaluationError string -} - -// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, -// may contain duplicates, and possibly be incomplete. -type ResourceRule struct { - // Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all. - Verbs []string - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "*" means all. - APIGroups []string - // Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups. - // "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups. - Resources []string - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all. - ResourceNames []string -} - -// NonResourceRule holds information that describes a rule for the non-resource -type NonResourceRule struct { - // Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all. - Verbs []string - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, - // final step in the path. "*" means all. - NonResourceURLs []string -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/defaults.go deleted file mode 100644 index 074e15baed..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/doc.go deleted file mode 100644 index ca90e9e0e7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/authorization -// +k8s:conversion-gen-external-types=k8s.io/api/authorization/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/authorization/v1 - -// +groupName=authorization.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/authorization/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/register.go deleted file mode 100644 index 2f6865b428..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/register.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - authorizationv1 "k8s.io/api/authorization/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "authorization.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // localSchemeBuilder extends the SchemeBuilder instance with the external types. In this package, - // defaulting and conversion init funcs are registered as well. - localSchemeBuilder = &authorizationv1.SchemeBuilder - // AddToScheme is a global function that registers this API group & version to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/zz_generated.conversion.go deleted file mode 100644 index 83b7fd9f8d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/zz_generated.conversion.go +++ /dev/null @@ -1,525 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/authorization/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - authorization "k8s.io/kubernetes/pkg/apis/authorization" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.LocalSubjectAccessReview)(nil), (*authorization.LocalSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(a.(*v1.LocalSubjectAccessReview), b.(*authorization.LocalSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.LocalSubjectAccessReview)(nil), (*v1.LocalSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_LocalSubjectAccessReview_To_v1_LocalSubjectAccessReview(a.(*authorization.LocalSubjectAccessReview), b.(*v1.LocalSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NonResourceAttributes)(nil), (*authorization.NonResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NonResourceAttributes_To_authorization_NonResourceAttributes(a.(*v1.NonResourceAttributes), b.(*authorization.NonResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.NonResourceAttributes)(nil), (*v1.NonResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_NonResourceAttributes_To_v1_NonResourceAttributes(a.(*authorization.NonResourceAttributes), b.(*v1.NonResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NonResourceRule)(nil), (*authorization.NonResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NonResourceRule_To_authorization_NonResourceRule(a.(*v1.NonResourceRule), b.(*authorization.NonResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.NonResourceRule)(nil), (*v1.NonResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_NonResourceRule_To_v1_NonResourceRule(a.(*authorization.NonResourceRule), b.(*v1.NonResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceAttributes)(nil), (*authorization.ResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceAttributes_To_authorization_ResourceAttributes(a.(*v1.ResourceAttributes), b.(*authorization.ResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.ResourceAttributes)(nil), (*v1.ResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_ResourceAttributes_To_v1_ResourceAttributes(a.(*authorization.ResourceAttributes), b.(*v1.ResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceRule)(nil), (*authorization.ResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceRule_To_authorization_ResourceRule(a.(*v1.ResourceRule), b.(*authorization.ResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.ResourceRule)(nil), (*v1.ResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_ResourceRule_To_v1_ResourceRule(a.(*authorization.ResourceRule), b.(*v1.ResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SelfSubjectAccessReview)(nil), (*authorization.SelfSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(a.(*v1.SelfSubjectAccessReview), b.(*authorization.SelfSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectAccessReview)(nil), (*v1.SelfSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectAccessReview_To_v1_SelfSubjectAccessReview(a.(*authorization.SelfSubjectAccessReview), b.(*v1.SelfSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SelfSubjectAccessReviewSpec)(nil), (*authorization.SelfSubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(a.(*v1.SelfSubjectAccessReviewSpec), b.(*authorization.SelfSubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectAccessReviewSpec)(nil), (*v1.SelfSubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectAccessReviewSpec_To_v1_SelfSubjectAccessReviewSpec(a.(*authorization.SelfSubjectAccessReviewSpec), b.(*v1.SelfSubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SelfSubjectRulesReview)(nil), (*authorization.SelfSubjectRulesReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(a.(*v1.SelfSubjectRulesReview), b.(*authorization.SelfSubjectRulesReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectRulesReview)(nil), (*v1.SelfSubjectRulesReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview(a.(*authorization.SelfSubjectRulesReview), b.(*v1.SelfSubjectRulesReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SelfSubjectRulesReviewSpec)(nil), (*authorization.SelfSubjectRulesReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(a.(*v1.SelfSubjectRulesReviewSpec), b.(*authorization.SelfSubjectRulesReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectRulesReviewSpec)(nil), (*v1.SelfSubjectRulesReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectRulesReviewSpec_To_v1_SelfSubjectRulesReviewSpec(a.(*authorization.SelfSubjectRulesReviewSpec), b.(*v1.SelfSubjectRulesReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SubjectAccessReview)(nil), (*authorization.SubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SubjectAccessReview_To_authorization_SubjectAccessReview(a.(*v1.SubjectAccessReview), b.(*authorization.SubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectAccessReview)(nil), (*v1.SubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectAccessReview_To_v1_SubjectAccessReview(a.(*authorization.SubjectAccessReview), b.(*v1.SubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SubjectAccessReviewSpec)(nil), (*authorization.SubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(a.(*v1.SubjectAccessReviewSpec), b.(*authorization.SubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectAccessReviewSpec)(nil), (*v1.SubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectAccessReviewSpec_To_v1_SubjectAccessReviewSpec(a.(*authorization.SubjectAccessReviewSpec), b.(*v1.SubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SubjectAccessReviewStatus)(nil), (*authorization.SubjectAccessReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(a.(*v1.SubjectAccessReviewStatus), b.(*authorization.SubjectAccessReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectAccessReviewStatus)(nil), (*v1.SubjectAccessReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus(a.(*authorization.SubjectAccessReviewStatus), b.(*v1.SubjectAccessReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SubjectRulesReviewStatus)(nil), (*authorization.SubjectRulesReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(a.(*v1.SubjectRulesReviewStatus), b.(*authorization.SubjectRulesReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectRulesReviewStatus)(nil), (*v1.SubjectRulesReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(a.(*authorization.SubjectRulesReviewStatus), b.(*v1.SubjectRulesReviewStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in *v1.LocalSubjectAccessReview, out *authorization.LocalSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview is an autogenerated conversion function. -func Convert_v1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in *v1.LocalSubjectAccessReview, out *authorization.LocalSubjectAccessReview, s conversion.Scope) error { - return autoConvert_v1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in, out, s) -} - -func autoConvert_authorization_LocalSubjectAccessReview_To_v1_LocalSubjectAccessReview(in *authorization.LocalSubjectAccessReview, out *v1.LocalSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SubjectAccessReviewSpec_To_v1_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_LocalSubjectAccessReview_To_v1_LocalSubjectAccessReview is an autogenerated conversion function. -func Convert_authorization_LocalSubjectAccessReview_To_v1_LocalSubjectAccessReview(in *authorization.LocalSubjectAccessReview, out *v1.LocalSubjectAccessReview, s conversion.Scope) error { - return autoConvert_authorization_LocalSubjectAccessReview_To_v1_LocalSubjectAccessReview(in, out, s) -} - -func autoConvert_v1_NonResourceAttributes_To_authorization_NonResourceAttributes(in *v1.NonResourceAttributes, out *authorization.NonResourceAttributes, s conversion.Scope) error { - out.Path = in.Path - out.Verb = in.Verb - return nil -} - -// Convert_v1_NonResourceAttributes_To_authorization_NonResourceAttributes is an autogenerated conversion function. -func Convert_v1_NonResourceAttributes_To_authorization_NonResourceAttributes(in *v1.NonResourceAttributes, out *authorization.NonResourceAttributes, s conversion.Scope) error { - return autoConvert_v1_NonResourceAttributes_To_authorization_NonResourceAttributes(in, out, s) -} - -func autoConvert_authorization_NonResourceAttributes_To_v1_NonResourceAttributes(in *authorization.NonResourceAttributes, out *v1.NonResourceAttributes, s conversion.Scope) error { - out.Path = in.Path - out.Verb = in.Verb - return nil -} - -// Convert_authorization_NonResourceAttributes_To_v1_NonResourceAttributes is an autogenerated conversion function. -func Convert_authorization_NonResourceAttributes_To_v1_NonResourceAttributes(in *authorization.NonResourceAttributes, out *v1.NonResourceAttributes, s conversion.Scope) error { - return autoConvert_authorization_NonResourceAttributes_To_v1_NonResourceAttributes(in, out, s) -} - -func autoConvert_v1_NonResourceRule_To_authorization_NonResourceRule(in *v1.NonResourceRule, out *authorization.NonResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1_NonResourceRule_To_authorization_NonResourceRule is an autogenerated conversion function. -func Convert_v1_NonResourceRule_To_authorization_NonResourceRule(in *v1.NonResourceRule, out *authorization.NonResourceRule, s conversion.Scope) error { - return autoConvert_v1_NonResourceRule_To_authorization_NonResourceRule(in, out, s) -} - -func autoConvert_authorization_NonResourceRule_To_v1_NonResourceRule(in *authorization.NonResourceRule, out *v1.NonResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_authorization_NonResourceRule_To_v1_NonResourceRule is an autogenerated conversion function. -func Convert_authorization_NonResourceRule_To_v1_NonResourceRule(in *authorization.NonResourceRule, out *v1.NonResourceRule, s conversion.Scope) error { - return autoConvert_authorization_NonResourceRule_To_v1_NonResourceRule(in, out, s) -} - -func autoConvert_v1_ResourceAttributes_To_authorization_ResourceAttributes(in *v1.ResourceAttributes, out *authorization.ResourceAttributes, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Verb = in.Verb - out.Group = in.Group - out.Version = in.Version - out.Resource = in.Resource - out.Subresource = in.Subresource - out.Name = in.Name - return nil -} - -// Convert_v1_ResourceAttributes_To_authorization_ResourceAttributes is an autogenerated conversion function. -func Convert_v1_ResourceAttributes_To_authorization_ResourceAttributes(in *v1.ResourceAttributes, out *authorization.ResourceAttributes, s conversion.Scope) error { - return autoConvert_v1_ResourceAttributes_To_authorization_ResourceAttributes(in, out, s) -} - -func autoConvert_authorization_ResourceAttributes_To_v1_ResourceAttributes(in *authorization.ResourceAttributes, out *v1.ResourceAttributes, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Verb = in.Verb - out.Group = in.Group - out.Version = in.Version - out.Resource = in.Resource - out.Subresource = in.Subresource - out.Name = in.Name - return nil -} - -// Convert_authorization_ResourceAttributes_To_v1_ResourceAttributes is an autogenerated conversion function. -func Convert_authorization_ResourceAttributes_To_v1_ResourceAttributes(in *authorization.ResourceAttributes, out *v1.ResourceAttributes, s conversion.Scope) error { - return autoConvert_authorization_ResourceAttributes_To_v1_ResourceAttributes(in, out, s) -} - -func autoConvert_v1_ResourceRule_To_authorization_ResourceRule(in *v1.ResourceRule, out *authorization.ResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - return nil -} - -// Convert_v1_ResourceRule_To_authorization_ResourceRule is an autogenerated conversion function. -func Convert_v1_ResourceRule_To_authorization_ResourceRule(in *v1.ResourceRule, out *authorization.ResourceRule, s conversion.Scope) error { - return autoConvert_v1_ResourceRule_To_authorization_ResourceRule(in, out, s) -} - -func autoConvert_authorization_ResourceRule_To_v1_ResourceRule(in *authorization.ResourceRule, out *v1.ResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - return nil -} - -// Convert_authorization_ResourceRule_To_v1_ResourceRule is an autogenerated conversion function. -func Convert_authorization_ResourceRule_To_v1_ResourceRule(in *authorization.ResourceRule, out *v1.ResourceRule, s conversion.Scope) error { - return autoConvert_authorization_ResourceRule_To_v1_ResourceRule(in, out, s) -} - -func autoConvert_v1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in *v1.SelfSubjectAccessReview, out *authorization.SelfSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview is an autogenerated conversion function. -func Convert_v1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in *v1.SelfSubjectAccessReview, out *authorization.SelfSubjectAccessReview, s conversion.Scope) error { - return autoConvert_v1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in, out, s) -} - -func autoConvert_authorization_SelfSubjectAccessReview_To_v1_SelfSubjectAccessReview(in *authorization.SelfSubjectAccessReview, out *v1.SelfSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SelfSubjectAccessReviewSpec_To_v1_SelfSubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_SelfSubjectAccessReview_To_v1_SelfSubjectAccessReview is an autogenerated conversion function. -func Convert_authorization_SelfSubjectAccessReview_To_v1_SelfSubjectAccessReview(in *authorization.SelfSubjectAccessReview, out *v1.SelfSubjectAccessReview, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectAccessReview_To_v1_SelfSubjectAccessReview(in, out, s) -} - -func autoConvert_v1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in *v1.SelfSubjectAccessReviewSpec, out *authorization.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*authorization.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*authorization.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - return nil -} - -// Convert_v1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_v1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in *v1.SelfSubjectAccessReviewSpec, out *authorization.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_v1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_authorization_SelfSubjectAccessReviewSpec_To_v1_SelfSubjectAccessReviewSpec(in *authorization.SelfSubjectAccessReviewSpec, out *v1.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*v1.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*v1.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - return nil -} - -// Convert_authorization_SelfSubjectAccessReviewSpec_To_v1_SelfSubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_authorization_SelfSubjectAccessReviewSpec_To_v1_SelfSubjectAccessReviewSpec(in *authorization.SelfSubjectAccessReviewSpec, out *v1.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectAccessReviewSpec_To_v1_SelfSubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_v1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(in *v1.SelfSubjectRulesReview, out *authorization.SelfSubjectRulesReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview is an autogenerated conversion function. -func Convert_v1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(in *v1.SelfSubjectRulesReview, out *authorization.SelfSubjectRulesReview, s conversion.Scope) error { - return autoConvert_v1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(in, out, s) -} - -func autoConvert_authorization_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview(in *authorization.SelfSubjectRulesReview, out *v1.SelfSubjectRulesReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SelfSubjectRulesReviewSpec_To_v1_SelfSubjectRulesReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview is an autogenerated conversion function. -func Convert_authorization_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview(in *authorization.SelfSubjectRulesReview, out *v1.SelfSubjectRulesReview, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectRulesReview_To_v1_SelfSubjectRulesReview(in, out, s) -} - -func autoConvert_v1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(in *v1.SelfSubjectRulesReviewSpec, out *authorization.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - out.Namespace = in.Namespace - return nil -} - -// Convert_v1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec is an autogenerated conversion function. -func Convert_v1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(in *v1.SelfSubjectRulesReviewSpec, out *authorization.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - return autoConvert_v1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(in, out, s) -} - -func autoConvert_authorization_SelfSubjectRulesReviewSpec_To_v1_SelfSubjectRulesReviewSpec(in *authorization.SelfSubjectRulesReviewSpec, out *v1.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - out.Namespace = in.Namespace - return nil -} - -// Convert_authorization_SelfSubjectRulesReviewSpec_To_v1_SelfSubjectRulesReviewSpec is an autogenerated conversion function. -func Convert_authorization_SelfSubjectRulesReviewSpec_To_v1_SelfSubjectRulesReviewSpec(in *authorization.SelfSubjectRulesReviewSpec, out *v1.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectRulesReviewSpec_To_v1_SelfSubjectRulesReviewSpec(in, out, s) -} - -func autoConvert_v1_SubjectAccessReview_To_authorization_SubjectAccessReview(in *v1.SubjectAccessReview, out *authorization.SubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_SubjectAccessReview_To_authorization_SubjectAccessReview is an autogenerated conversion function. -func Convert_v1_SubjectAccessReview_To_authorization_SubjectAccessReview(in *v1.SubjectAccessReview, out *authorization.SubjectAccessReview, s conversion.Scope) error { - return autoConvert_v1_SubjectAccessReview_To_authorization_SubjectAccessReview(in, out, s) -} - -func autoConvert_authorization_SubjectAccessReview_To_v1_SubjectAccessReview(in *authorization.SubjectAccessReview, out *v1.SubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SubjectAccessReviewSpec_To_v1_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_SubjectAccessReview_To_v1_SubjectAccessReview is an autogenerated conversion function. -func Convert_authorization_SubjectAccessReview_To_v1_SubjectAccessReview(in *authorization.SubjectAccessReview, out *v1.SubjectAccessReview, s conversion.Scope) error { - return autoConvert_authorization_SubjectAccessReview_To_v1_SubjectAccessReview(in, out, s) -} - -func autoConvert_v1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in *v1.SubjectAccessReviewSpec, out *authorization.SubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*authorization.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*authorization.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - out.User = in.User - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]authorization.ExtraValue)(unsafe.Pointer(&in.Extra)) - out.UID = in.UID - return nil -} - -// Convert_v1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_v1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in *v1.SubjectAccessReviewSpec, out *authorization.SubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_v1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_authorization_SubjectAccessReviewSpec_To_v1_SubjectAccessReviewSpec(in *authorization.SubjectAccessReviewSpec, out *v1.SubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*v1.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*v1.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - out.User = in.User - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]v1.ExtraValue)(unsafe.Pointer(&in.Extra)) - out.UID = in.UID - return nil -} - -// Convert_authorization_SubjectAccessReviewSpec_To_v1_SubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_authorization_SubjectAccessReviewSpec_To_v1_SubjectAccessReviewSpec(in *authorization.SubjectAccessReviewSpec, out *v1.SubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_authorization_SubjectAccessReviewSpec_To_v1_SubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in *v1.SubjectAccessReviewStatus, out *authorization.SubjectAccessReviewStatus, s conversion.Scope) error { - out.Allowed = in.Allowed - out.Denied = in.Denied - out.Reason = in.Reason - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus is an autogenerated conversion function. -func Convert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in *v1.SubjectAccessReviewStatus, out *authorization.SubjectAccessReviewStatus, s conversion.Scope) error { - return autoConvert_v1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in, out, s) -} - -func autoConvert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus(in *authorization.SubjectAccessReviewStatus, out *v1.SubjectAccessReviewStatus, s conversion.Scope) error { - out.Allowed = in.Allowed - out.Denied = in.Denied - out.Reason = in.Reason - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus is an autogenerated conversion function. -func Convert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus(in *authorization.SubjectAccessReviewStatus, out *v1.SubjectAccessReviewStatus, s conversion.Scope) error { - return autoConvert_authorization_SubjectAccessReviewStatus_To_v1_SubjectAccessReviewStatus(in, out, s) -} - -func autoConvert_v1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(in *v1.SubjectRulesReviewStatus, out *authorization.SubjectRulesReviewStatus, s conversion.Scope) error { - out.ResourceRules = *(*[]authorization.ResourceRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]authorization.NonResourceRule)(unsafe.Pointer(&in.NonResourceRules)) - out.Incomplete = in.Incomplete - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_v1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus is an autogenerated conversion function. -func Convert_v1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(in *v1.SubjectRulesReviewStatus, out *authorization.SubjectRulesReviewStatus, s conversion.Scope) error { - return autoConvert_v1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(in, out, s) -} - -func autoConvert_authorization_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(in *authorization.SubjectRulesReviewStatus, out *v1.SubjectRulesReviewStatus, s conversion.Scope) error { - out.ResourceRules = *(*[]v1.ResourceRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]v1.NonResourceRule)(unsafe.Pointer(&in.NonResourceRules)) - out.Incomplete = in.Incomplete - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_authorization_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus is an autogenerated conversion function. -func Convert_authorization_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(in *authorization.SubjectRulesReviewStatus, out *v1.SubjectRulesReviewStatus, s conversion.Scope) error { - return autoConvert_authorization_SubjectRulesReviewStatus_To_v1_SubjectRulesReviewStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/defaults.go deleted file mode 100644 index 7d689a4cc8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/doc.go deleted file mode 100644 index f67454aee4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/authorization -// +k8s:conversion-gen-external-types=k8s.io/api/authorization/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/authorization/v1beta1 - -// +groupName=authorization.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/authorization/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/register.go deleted file mode 100644 index 5e0b1d0d71..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - authorizationv1beta1 "k8s.io/api/authorization/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "authorization.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &authorizationv1beta1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/zz_generated.conversion.go deleted file mode 100644 index d8af485afe..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,525 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/authorization/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - authorization "k8s.io/kubernetes/pkg/apis/authorization" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.LocalSubjectAccessReview)(nil), (*authorization.LocalSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(a.(*v1beta1.LocalSubjectAccessReview), b.(*authorization.LocalSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.LocalSubjectAccessReview)(nil), (*v1beta1.LocalSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview(a.(*authorization.LocalSubjectAccessReview), b.(*v1beta1.LocalSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NonResourceAttributes)(nil), (*authorization.NonResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes(a.(*v1beta1.NonResourceAttributes), b.(*authorization.NonResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.NonResourceAttributes)(nil), (*v1beta1.NonResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes(a.(*authorization.NonResourceAttributes), b.(*v1beta1.NonResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NonResourceRule)(nil), (*authorization.NonResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NonResourceRule_To_authorization_NonResourceRule(a.(*v1beta1.NonResourceRule), b.(*authorization.NonResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.NonResourceRule)(nil), (*v1beta1.NonResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_NonResourceRule_To_v1beta1_NonResourceRule(a.(*authorization.NonResourceRule), b.(*v1beta1.NonResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ResourceAttributes)(nil), (*authorization.ResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes(a.(*v1beta1.ResourceAttributes), b.(*authorization.ResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.ResourceAttributes)(nil), (*v1beta1.ResourceAttributes)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes(a.(*authorization.ResourceAttributes), b.(*v1beta1.ResourceAttributes), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ResourceRule)(nil), (*authorization.ResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ResourceRule_To_authorization_ResourceRule(a.(*v1beta1.ResourceRule), b.(*authorization.ResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.ResourceRule)(nil), (*v1beta1.ResourceRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_ResourceRule_To_v1beta1_ResourceRule(a.(*authorization.ResourceRule), b.(*v1beta1.ResourceRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SelfSubjectAccessReview)(nil), (*authorization.SelfSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(a.(*v1beta1.SelfSubjectAccessReview), b.(*authorization.SelfSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectAccessReview)(nil), (*v1beta1.SelfSubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview(a.(*authorization.SelfSubjectAccessReview), b.(*v1beta1.SelfSubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SelfSubjectAccessReviewSpec)(nil), (*authorization.SelfSubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(a.(*v1beta1.SelfSubjectAccessReviewSpec), b.(*authorization.SelfSubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectAccessReviewSpec)(nil), (*v1beta1.SelfSubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec(a.(*authorization.SelfSubjectAccessReviewSpec), b.(*v1beta1.SelfSubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SelfSubjectRulesReview)(nil), (*authorization.SelfSubjectRulesReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(a.(*v1beta1.SelfSubjectRulesReview), b.(*authorization.SelfSubjectRulesReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectRulesReview)(nil), (*v1beta1.SelfSubjectRulesReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectRulesReview_To_v1beta1_SelfSubjectRulesReview(a.(*authorization.SelfSubjectRulesReview), b.(*v1beta1.SelfSubjectRulesReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SelfSubjectRulesReviewSpec)(nil), (*authorization.SelfSubjectRulesReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(a.(*v1beta1.SelfSubjectRulesReviewSpec), b.(*authorization.SelfSubjectRulesReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SelfSubjectRulesReviewSpec)(nil), (*v1beta1.SelfSubjectRulesReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SelfSubjectRulesReviewSpec_To_v1beta1_SelfSubjectRulesReviewSpec(a.(*authorization.SelfSubjectRulesReviewSpec), b.(*v1beta1.SelfSubjectRulesReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SubjectAccessReview)(nil), (*authorization.SubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview(a.(*v1beta1.SubjectAccessReview), b.(*authorization.SubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectAccessReview)(nil), (*v1beta1.SubjectAccessReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview(a.(*authorization.SubjectAccessReview), b.(*v1beta1.SubjectAccessReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SubjectAccessReviewSpec)(nil), (*authorization.SubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(a.(*v1beta1.SubjectAccessReviewSpec), b.(*authorization.SubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectAccessReviewSpec)(nil), (*v1beta1.SubjectAccessReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(a.(*authorization.SubjectAccessReviewSpec), b.(*v1beta1.SubjectAccessReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SubjectAccessReviewStatus)(nil), (*authorization.SubjectAccessReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(a.(*v1beta1.SubjectAccessReviewStatus), b.(*authorization.SubjectAccessReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectAccessReviewStatus)(nil), (*v1beta1.SubjectAccessReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(a.(*authorization.SubjectAccessReviewStatus), b.(*v1beta1.SubjectAccessReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SubjectRulesReviewStatus)(nil), (*authorization.SubjectRulesReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(a.(*v1beta1.SubjectRulesReviewStatus), b.(*authorization.SubjectRulesReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authorization.SubjectRulesReviewStatus)(nil), (*v1beta1.SubjectRulesReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authorization_SubjectRulesReviewStatus_To_v1beta1_SubjectRulesReviewStatus(a.(*authorization.SubjectRulesReviewStatus), b.(*v1beta1.SubjectRulesReviewStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in *v1beta1.LocalSubjectAccessReview, out *authorization.LocalSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview is an autogenerated conversion function. -func Convert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in *v1beta1.LocalSubjectAccessReview, out *authorization.LocalSubjectAccessReview, s conversion.Scope) error { - return autoConvert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in, out, s) -} - -func autoConvert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview(in *authorization.LocalSubjectAccessReview, out *v1beta1.LocalSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview is an autogenerated conversion function. -func Convert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview(in *authorization.LocalSubjectAccessReview, out *v1beta1.LocalSubjectAccessReview, s conversion.Scope) error { - return autoConvert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview(in, out, s) -} - -func autoConvert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes(in *v1beta1.NonResourceAttributes, out *authorization.NonResourceAttributes, s conversion.Scope) error { - out.Path = in.Path - out.Verb = in.Verb - return nil -} - -// Convert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes is an autogenerated conversion function. -func Convert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes(in *v1beta1.NonResourceAttributes, out *authorization.NonResourceAttributes, s conversion.Scope) error { - return autoConvert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes(in, out, s) -} - -func autoConvert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes(in *authorization.NonResourceAttributes, out *v1beta1.NonResourceAttributes, s conversion.Scope) error { - out.Path = in.Path - out.Verb = in.Verb - return nil -} - -// Convert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes is an autogenerated conversion function. -func Convert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes(in *authorization.NonResourceAttributes, out *v1beta1.NonResourceAttributes, s conversion.Scope) error { - return autoConvert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes(in, out, s) -} - -func autoConvert_v1beta1_NonResourceRule_To_authorization_NonResourceRule(in *v1beta1.NonResourceRule, out *authorization.NonResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1beta1_NonResourceRule_To_authorization_NonResourceRule is an autogenerated conversion function. -func Convert_v1beta1_NonResourceRule_To_authorization_NonResourceRule(in *v1beta1.NonResourceRule, out *authorization.NonResourceRule, s conversion.Scope) error { - return autoConvert_v1beta1_NonResourceRule_To_authorization_NonResourceRule(in, out, s) -} - -func autoConvert_authorization_NonResourceRule_To_v1beta1_NonResourceRule(in *authorization.NonResourceRule, out *v1beta1.NonResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_authorization_NonResourceRule_To_v1beta1_NonResourceRule is an autogenerated conversion function. -func Convert_authorization_NonResourceRule_To_v1beta1_NonResourceRule(in *authorization.NonResourceRule, out *v1beta1.NonResourceRule, s conversion.Scope) error { - return autoConvert_authorization_NonResourceRule_To_v1beta1_NonResourceRule(in, out, s) -} - -func autoConvert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes(in *v1beta1.ResourceAttributes, out *authorization.ResourceAttributes, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Verb = in.Verb - out.Group = in.Group - out.Version = in.Version - out.Resource = in.Resource - out.Subresource = in.Subresource - out.Name = in.Name - return nil -} - -// Convert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes is an autogenerated conversion function. -func Convert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes(in *v1beta1.ResourceAttributes, out *authorization.ResourceAttributes, s conversion.Scope) error { - return autoConvert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes(in, out, s) -} - -func autoConvert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes(in *authorization.ResourceAttributes, out *v1beta1.ResourceAttributes, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Verb = in.Verb - out.Group = in.Group - out.Version = in.Version - out.Resource = in.Resource - out.Subresource = in.Subresource - out.Name = in.Name - return nil -} - -// Convert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes is an autogenerated conversion function. -func Convert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes(in *authorization.ResourceAttributes, out *v1beta1.ResourceAttributes, s conversion.Scope) error { - return autoConvert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes(in, out, s) -} - -func autoConvert_v1beta1_ResourceRule_To_authorization_ResourceRule(in *v1beta1.ResourceRule, out *authorization.ResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - return nil -} - -// Convert_v1beta1_ResourceRule_To_authorization_ResourceRule is an autogenerated conversion function. -func Convert_v1beta1_ResourceRule_To_authorization_ResourceRule(in *v1beta1.ResourceRule, out *authorization.ResourceRule, s conversion.Scope) error { - return autoConvert_v1beta1_ResourceRule_To_authorization_ResourceRule(in, out, s) -} - -func autoConvert_authorization_ResourceRule_To_v1beta1_ResourceRule(in *authorization.ResourceRule, out *v1beta1.ResourceRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - return nil -} - -// Convert_authorization_ResourceRule_To_v1beta1_ResourceRule is an autogenerated conversion function. -func Convert_authorization_ResourceRule_To_v1beta1_ResourceRule(in *authorization.ResourceRule, out *v1beta1.ResourceRule, s conversion.Scope) error { - return autoConvert_authorization_ResourceRule_To_v1beta1_ResourceRule(in, out, s) -} - -func autoConvert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in *v1beta1.SelfSubjectAccessReview, out *authorization.SelfSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview is an autogenerated conversion function. -func Convert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in *v1beta1.SelfSubjectAccessReview, out *authorization.SelfSubjectAccessReview, s conversion.Scope) error { - return autoConvert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in, out, s) -} - -func autoConvert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview(in *authorization.SelfSubjectAccessReview, out *v1beta1.SelfSubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview is an autogenerated conversion function. -func Convert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview(in *authorization.SelfSubjectAccessReview, out *v1beta1.SelfSubjectAccessReview, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview(in, out, s) -} - -func autoConvert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in *v1beta1.SelfSubjectAccessReviewSpec, out *authorization.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*authorization.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*authorization.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - return nil -} - -// Convert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in *v1beta1.SelfSubjectAccessReviewSpec, out *authorization.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec(in *authorization.SelfSubjectAccessReviewSpec, out *v1beta1.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*v1beta1.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*v1beta1.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - return nil -} - -// Convert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec(in *authorization.SelfSubjectAccessReviewSpec, out *v1beta1.SelfSubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_v1beta1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(in *v1beta1.SelfSubjectRulesReview, out *authorization.SelfSubjectRulesReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview is an autogenerated conversion function. -func Convert_v1beta1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(in *v1beta1.SelfSubjectRulesReview, out *authorization.SelfSubjectRulesReview, s conversion.Scope) error { - return autoConvert_v1beta1_SelfSubjectRulesReview_To_authorization_SelfSubjectRulesReview(in, out, s) -} - -func autoConvert_authorization_SelfSubjectRulesReview_To_v1beta1_SelfSubjectRulesReview(in *authorization.SelfSubjectRulesReview, out *v1beta1.SelfSubjectRulesReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SelfSubjectRulesReviewSpec_To_v1beta1_SelfSubjectRulesReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectRulesReviewStatus_To_v1beta1_SubjectRulesReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_SelfSubjectRulesReview_To_v1beta1_SelfSubjectRulesReview is an autogenerated conversion function. -func Convert_authorization_SelfSubjectRulesReview_To_v1beta1_SelfSubjectRulesReview(in *authorization.SelfSubjectRulesReview, out *v1beta1.SelfSubjectRulesReview, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectRulesReview_To_v1beta1_SelfSubjectRulesReview(in, out, s) -} - -func autoConvert_v1beta1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(in *v1beta1.SelfSubjectRulesReviewSpec, out *authorization.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - out.Namespace = in.Namespace - return nil -} - -// Convert_v1beta1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec is an autogenerated conversion function. -func Convert_v1beta1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(in *v1beta1.SelfSubjectRulesReviewSpec, out *authorization.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - return autoConvert_v1beta1_SelfSubjectRulesReviewSpec_To_authorization_SelfSubjectRulesReviewSpec(in, out, s) -} - -func autoConvert_authorization_SelfSubjectRulesReviewSpec_To_v1beta1_SelfSubjectRulesReviewSpec(in *authorization.SelfSubjectRulesReviewSpec, out *v1beta1.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - out.Namespace = in.Namespace - return nil -} - -// Convert_authorization_SelfSubjectRulesReviewSpec_To_v1beta1_SelfSubjectRulesReviewSpec is an autogenerated conversion function. -func Convert_authorization_SelfSubjectRulesReviewSpec_To_v1beta1_SelfSubjectRulesReviewSpec(in *authorization.SelfSubjectRulesReviewSpec, out *v1beta1.SelfSubjectRulesReviewSpec, s conversion.Scope) error { - return autoConvert_authorization_SelfSubjectRulesReviewSpec_To_v1beta1_SelfSubjectRulesReviewSpec(in, out, s) -} - -func autoConvert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview(in *v1beta1.SubjectAccessReview, out *authorization.SubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview is an autogenerated conversion function. -func Convert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview(in *v1beta1.SubjectAccessReview, out *authorization.SubjectAccessReview, s conversion.Scope) error { - return autoConvert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview(in, out, s) -} - -func autoConvert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview(in *authorization.SubjectAccessReview, out *v1beta1.SubjectAccessReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview is an autogenerated conversion function. -func Convert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview(in *authorization.SubjectAccessReview, out *v1beta1.SubjectAccessReview, s conversion.Scope) error { - return autoConvert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview(in, out, s) -} - -func autoConvert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in *v1beta1.SubjectAccessReviewSpec, out *authorization.SubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*authorization.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*authorization.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - out.User = in.User - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]authorization.ExtraValue)(unsafe.Pointer(&in.Extra)) - out.UID = in.UID - return nil -} - -// Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in *v1beta1.SubjectAccessReviewSpec, out *authorization.SubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(in *authorization.SubjectAccessReviewSpec, out *v1beta1.SubjectAccessReviewSpec, s conversion.Scope) error { - out.ResourceAttributes = (*v1beta1.ResourceAttributes)(unsafe.Pointer(in.ResourceAttributes)) - out.NonResourceAttributes = (*v1beta1.NonResourceAttributes)(unsafe.Pointer(in.NonResourceAttributes)) - out.User = in.User - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]v1beta1.ExtraValue)(unsafe.Pointer(&in.Extra)) - out.UID = in.UID - return nil -} - -// Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec is an autogenerated conversion function. -func Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(in *authorization.SubjectAccessReviewSpec, out *v1beta1.SubjectAccessReviewSpec, s conversion.Scope) error { - return autoConvert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(in, out, s) -} - -func autoConvert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in *v1beta1.SubjectAccessReviewStatus, out *authorization.SubjectAccessReviewStatus, s conversion.Scope) error { - out.Allowed = in.Allowed - out.Denied = in.Denied - out.Reason = in.Reason - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus is an autogenerated conversion function. -func Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in *v1beta1.SubjectAccessReviewStatus, out *authorization.SubjectAccessReviewStatus, s conversion.Scope) error { - return autoConvert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in, out, s) -} - -func autoConvert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(in *authorization.SubjectAccessReviewStatus, out *v1beta1.SubjectAccessReviewStatus, s conversion.Scope) error { - out.Allowed = in.Allowed - out.Denied = in.Denied - out.Reason = in.Reason - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus is an autogenerated conversion function. -func Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(in *authorization.SubjectAccessReviewStatus, out *v1beta1.SubjectAccessReviewStatus, s conversion.Scope) error { - return autoConvert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(in, out, s) -} - -func autoConvert_v1beta1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(in *v1beta1.SubjectRulesReviewStatus, out *authorization.SubjectRulesReviewStatus, s conversion.Scope) error { - out.ResourceRules = *(*[]authorization.ResourceRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]authorization.NonResourceRule)(unsafe.Pointer(&in.NonResourceRules)) - out.Incomplete = in.Incomplete - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_v1beta1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus is an autogenerated conversion function. -func Convert_v1beta1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(in *v1beta1.SubjectRulesReviewStatus, out *authorization.SubjectRulesReviewStatus, s conversion.Scope) error { - return autoConvert_v1beta1_SubjectRulesReviewStatus_To_authorization_SubjectRulesReviewStatus(in, out, s) -} - -func autoConvert_authorization_SubjectRulesReviewStatus_To_v1beta1_SubjectRulesReviewStatus(in *authorization.SubjectRulesReviewStatus, out *v1beta1.SubjectRulesReviewStatus, s conversion.Scope) error { - out.ResourceRules = *(*[]v1beta1.ResourceRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]v1beta1.NonResourceRule)(unsafe.Pointer(&in.NonResourceRules)) - out.Incomplete = in.Incomplete - out.EvaluationError = in.EvaluationError - return nil -} - -// Convert_authorization_SubjectRulesReviewStatus_To_v1beta1_SubjectRulesReviewStatus is an autogenerated conversion function. -func Convert_authorization_SubjectRulesReviewStatus_To_v1beta1_SubjectRulesReviewStatus(in *authorization.SubjectRulesReviewStatus, out *v1beta1.SubjectRulesReviewStatus, s conversion.Scope) error { - return autoConvert_authorization_SubjectRulesReviewStatus_To_v1beta1_SubjectRulesReviewStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 198b5be4af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/validation/validation.go deleted file mode 100644 index 41e3936206..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/validation/validation.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - apiequality "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/validation/field" - authorizationapi "k8s.io/kubernetes/pkg/apis/authorization" -) - -// ValidateSubjectAccessReviewSpec validates a SubjectAccessReviewSpec and returns an -// ErrorList with any errors. -func ValidateSubjectAccessReviewSpec(spec authorizationapi.SubjectAccessReviewSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if spec.ResourceAttributes != nil && spec.NonResourceAttributes != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceAttributes"), spec.NonResourceAttributes, `cannot be specified in combination with resourceAttributes`)) - } - if spec.ResourceAttributes == nil && spec.NonResourceAttributes == nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceAttributes"), spec.NonResourceAttributes, `exactly one of nonResourceAttributes or resourceAttributes must be specified`)) - } - if len(spec.User) == 0 && len(spec.Groups) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("user"), spec.User, `at least one of user or group must be specified`)) - } - - return allErrs -} - -// ValidateSelfSubjectAccessReviewSpec validates a SelfSubjectAccessReviewSpec and returns an -// ErrorList with any errors. -func ValidateSelfSubjectAccessReviewSpec(spec authorizationapi.SelfSubjectAccessReviewSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if spec.ResourceAttributes != nil && spec.NonResourceAttributes != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceAttributes"), spec.NonResourceAttributes, `cannot be specified in combination with resourceAttributes`)) - } - if spec.ResourceAttributes == nil && spec.NonResourceAttributes == nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceAttributes"), spec.NonResourceAttributes, `exactly one of nonResourceAttributes or resourceAttributes must be specified`)) - } - - return allErrs -} - -// ValidateSelfSubjectRulesReview validates a SelfSubjectRulesReview and returns an -// ErrorList with any errors. -func ValidateSelfSubjectRulesReview(review *authorizationapi.SelfSubjectRulesReview) field.ErrorList { - return field.ErrorList{} -} - -// ValidateSubjectAccessReview validates a SubjectAccessReview and returns an -// ErrorList with any errors. -func ValidateSubjectAccessReview(sar *authorizationapi.SubjectAccessReview) field.ErrorList { - allErrs := ValidateSubjectAccessReviewSpec(sar.Spec, field.NewPath("spec")) - objectMetaShallowCopy := sar.ObjectMeta - objectMetaShallowCopy.ManagedFields = nil - if !apiequality.Semantic.DeepEqual(metav1.ObjectMeta{}, objectMetaShallowCopy) { - allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty`)) - } - return allErrs -} - -// ValidateSelfSubjectAccessReview validates a SelfSubjectAccessReview and returns an -// ErrorList with any errors. -func ValidateSelfSubjectAccessReview(sar *authorizationapi.SelfSubjectAccessReview) field.ErrorList { - allErrs := ValidateSelfSubjectAccessReviewSpec(sar.Spec, field.NewPath("spec")) - objectMetaShallowCopy := sar.ObjectMeta - objectMetaShallowCopy.ManagedFields = nil - if !apiequality.Semantic.DeepEqual(metav1.ObjectMeta{}, objectMetaShallowCopy) { - allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty`)) - } - return allErrs -} - -// ValidateLocalSubjectAccessReview validates a LocalSubjectAccessReview and returns an -// ErrorList with any errors. -func ValidateLocalSubjectAccessReview(sar *authorizationapi.LocalSubjectAccessReview) field.ErrorList { - allErrs := ValidateSubjectAccessReviewSpec(sar.Spec, field.NewPath("spec")) - - objectMetaShallowCopy := sar.ObjectMeta - objectMetaShallowCopy.Namespace = "" - objectMetaShallowCopy.ManagedFields = nil - if !apiequality.Semantic.DeepEqual(metav1.ObjectMeta{}, objectMetaShallowCopy) { - allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty except for namespace`)) - } - - if sar.Spec.ResourceAttributes != nil && sar.Spec.ResourceAttributes.Namespace != sar.Namespace { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec.resourceAttributes.namespace"), sar.Spec.ResourceAttributes.Namespace, `must match metadata.namespace`)) - } - if sar.Spec.NonResourceAttributes != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec.nonResourceAttributes"), sar.Spec.NonResourceAttributes, `disallowed on this kind of request`)) - } - - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/zz_generated.deepcopy.go deleted file mode 100644 index dbd42caf5b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/authorization/zz_generated.deepcopy.go +++ /dev/null @@ -1,386 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package authorization - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in ExtraValue) DeepCopyInto(out *ExtraValue) { - { - in := &in - *out = make(ExtraValue, len(*in)) - copy(*out, *in) - return - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. -func (in ExtraValue) DeepCopy() ExtraValue { - if in == nil { - return nil - } - out := new(ExtraValue) - in.DeepCopyInto(out) - return *out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LocalSubjectAccessReview) DeepCopyInto(out *LocalSubjectAccessReview) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalSubjectAccessReview. -func (in *LocalSubjectAccessReview) DeepCopy() *LocalSubjectAccessReview { - if in == nil { - return nil - } - out := new(LocalSubjectAccessReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *LocalSubjectAccessReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NonResourceAttributes) DeepCopyInto(out *NonResourceAttributes) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonResourceAttributes. -func (in *NonResourceAttributes) DeepCopy() *NonResourceAttributes { - if in == nil { - return nil - } - out := new(NonResourceAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NonResourceRule) DeepCopyInto(out *NonResourceRule) { - *out = *in - if in.Verbs != nil { - in, out := &in.Verbs, &out.Verbs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.NonResourceURLs != nil { - in, out := &in.NonResourceURLs, &out.NonResourceURLs - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonResourceRule. -func (in *NonResourceRule) DeepCopy() *NonResourceRule { - if in == nil { - return nil - } - out := new(NonResourceRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceAttributes) DeepCopyInto(out *ResourceAttributes) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceAttributes. -func (in *ResourceAttributes) DeepCopy() *ResourceAttributes { - if in == nil { - return nil - } - out := new(ResourceAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceRule) DeepCopyInto(out *ResourceRule) { - *out = *in - if in.Verbs != nil { - in, out := &in.Verbs, &out.Verbs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.APIGroups != nil { - in, out := &in.APIGroups, &out.APIGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ResourceNames != nil { - in, out := &in.ResourceNames, &out.ResourceNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRule. -func (in *ResourceRule) DeepCopy() *ResourceRule { - if in == nil { - return nil - } - out := new(ResourceRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SelfSubjectAccessReview) DeepCopyInto(out *SelfSubjectAccessReview) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectAccessReview. -func (in *SelfSubjectAccessReview) DeepCopy() *SelfSubjectAccessReview { - if in == nil { - return nil - } - out := new(SelfSubjectAccessReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SelfSubjectAccessReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SelfSubjectAccessReviewSpec) DeepCopyInto(out *SelfSubjectAccessReviewSpec) { - *out = *in - if in.ResourceAttributes != nil { - in, out := &in.ResourceAttributes, &out.ResourceAttributes - *out = new(ResourceAttributes) - **out = **in - } - if in.NonResourceAttributes != nil { - in, out := &in.NonResourceAttributes, &out.NonResourceAttributes - *out = new(NonResourceAttributes) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectAccessReviewSpec. -func (in *SelfSubjectAccessReviewSpec) DeepCopy() *SelfSubjectAccessReviewSpec { - if in == nil { - return nil - } - out := new(SelfSubjectAccessReviewSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SelfSubjectRulesReview) DeepCopyInto(out *SelfSubjectRulesReview) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectRulesReview. -func (in *SelfSubjectRulesReview) DeepCopy() *SelfSubjectRulesReview { - if in == nil { - return nil - } - out := new(SelfSubjectRulesReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SelfSubjectRulesReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SelfSubjectRulesReviewSpec) DeepCopyInto(out *SelfSubjectRulesReviewSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectRulesReviewSpec. -func (in *SelfSubjectRulesReviewSpec) DeepCopy() *SelfSubjectRulesReviewSpec { - if in == nil { - return nil - } - out := new(SelfSubjectRulesReviewSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SubjectAccessReview) DeepCopyInto(out *SubjectAccessReview) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectAccessReview. -func (in *SubjectAccessReview) DeepCopy() *SubjectAccessReview { - if in == nil { - return nil - } - out := new(SubjectAccessReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SubjectAccessReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SubjectAccessReviewSpec) DeepCopyInto(out *SubjectAccessReviewSpec) { - *out = *in - if in.ResourceAttributes != nil { - in, out := &in.ResourceAttributes, &out.ResourceAttributes - *out = new(ResourceAttributes) - **out = **in - } - if in.NonResourceAttributes != nil { - in, out := &in.NonResourceAttributes, &out.NonResourceAttributes - *out = new(NonResourceAttributes) - **out = **in - } - if in.Groups != nil { - in, out := &in.Groups, &out.Groups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Extra != nil { - in, out := &in.Extra, &out.Extra - *out = make(map[string]ExtraValue, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make(ExtraValue, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectAccessReviewSpec. -func (in *SubjectAccessReviewSpec) DeepCopy() *SubjectAccessReviewSpec { - if in == nil { - return nil - } - out := new(SubjectAccessReviewSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SubjectAccessReviewStatus) DeepCopyInto(out *SubjectAccessReviewStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectAccessReviewStatus. -func (in *SubjectAccessReviewStatus) DeepCopy() *SubjectAccessReviewStatus { - if in == nil { - return nil - } - out := new(SubjectAccessReviewStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SubjectRulesReviewStatus) DeepCopyInto(out *SubjectRulesReviewStatus) { - *out = *in - if in.ResourceRules != nil { - in, out := &in.ResourceRules, &out.ResourceRules - *out = make([]ResourceRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.NonResourceRules != nil { - in, out := &in.NonResourceRules, &out.NonResourceRules - *out = make([]NonResourceRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectRulesReviewStatus. -func (in *SubjectRulesReviewStatus) DeepCopy() *SubjectRulesReviewStatus { - if in == nil { - return nil - } - out := new(SubjectRulesReviewStatus) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/OWNERS deleted file mode 100644 index ba7b77a5a7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - caesarxuchao - - sttts - - ncdc - - dims diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/annotations.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/annotations.go deleted file mode 100644 index e49aaab2ec..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/annotations.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package autoscaling - -// MetricSpecsAnnotation is the annotation which holds non-CPU-utilization HPA metric -// specs when converting the `Metrics` field from autoscaling/v2beta1 -const MetricSpecsAnnotation = "autoscaling.alpha.kubernetes.io/metrics" - -// MetricStatusesAnnotation is the annotation which holds non-CPU-utilization HPA metric -// statuses when converting the `CurrentMetrics` field from autoscaling/v2beta1 -const MetricStatusesAnnotation = "autoscaling.alpha.kubernetes.io/current-metrics" - -// HorizontalPodAutoscalerConditionsAnnotation is the annotation which holds the conditions -// of an HPA when converting the `Conditions` field from autoscaling/v2beta1 -const HorizontalPodAutoscalerConditionsAnnotation = "autoscaling.alpha.kubernetes.io/conditions" - -// DefaultCPUUtilization is the default value for CPU utilization, provided no other -// metrics are present. This is here because it's used by both the v2beta1 defaulting -// logic, and the pseudo-defaulting done in v1 conversion. -const DefaultCPUUtilization = 80 - -// BehaviorSpecsAnnotation is the annotation which holds the HPA constraints specs -// when converting the `Behavior` field from autoscaling/v2beta2 -const BehaviorSpecsAnnotation = "autoscaling.alpha.kubernetes.io/behavior" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/doc.go deleted file mode 100644 index 7c91aac8bb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package autoscaling // import "k8s.io/kubernetes/pkg/apis/autoscaling" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/helpers.go deleted file mode 100644 index f66a12f4de..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/helpers.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package autoscaling - -// DropRoundTripHorizontalPodAutoscalerAnnotations removes any annotations used to serialize round-tripped fields from later API versions, -// and returns false if no changes were made and the original input object was returned. -// It should always be called when converting internal -> external versions, prior -// to setting any of the custom annotations: -// -// annotations, copiedAnnotations := DropRoundTripHorizontalPodAutoscalerAnnotations(externalObj.Annotations) -// externalObj.Annotations = annotations -// -// if internal.SomeField != nil { -// if !copiedAnnotations { -// externalObj.Annotations = DeepCopyStringMap(externalObj.Annotations) -// copiedAnnotations = true -// } -// externalObj.Annotations[...] = json.Marshal(...) -// } -func DropRoundTripHorizontalPodAutoscalerAnnotations(in map[string]string) (out map[string]string, copied bool) { - _, hasMetricsSpecs := in[MetricSpecsAnnotation] - _, hasBehaviorSpecs := in[BehaviorSpecsAnnotation] - _, hasMetricsStatuses := in[MetricStatusesAnnotation] - _, hasConditions := in[HorizontalPodAutoscalerConditionsAnnotation] - if hasMetricsSpecs || hasBehaviorSpecs || hasMetricsStatuses || hasConditions { - out = DeepCopyStringMap(in) - delete(out, MetricSpecsAnnotation) - delete(out, BehaviorSpecsAnnotation) - delete(out, MetricStatusesAnnotation) - delete(out, HorizontalPodAutoscalerConditionsAnnotation) - return out, true - } - return in, false -} - -// DeepCopyStringMap returns a copy of the input map. -// If input is nil, an empty map is returned. -func DeepCopyStringMap(in map[string]string) map[string]string { - out := make(map[string]string, len(in)) - for k, v := range in { - out[k] = v - } - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/install/install.go deleted file mode 100644 index 3740aee315..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/install/install.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/autoscaling/v1" - "k8s.io/kubernetes/pkg/apis/autoscaling/v2" - "k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1" - "k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(autoscaling.AddToScheme(scheme)) - utilruntime.Must(v2beta2.AddToScheme(scheme)) - utilruntime.Must(v2.AddToScheme(scheme)) - utilruntime.Must(v2beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - // TODO: move v2 to the front of the list in 1.24 - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v2.SchemeGroupVersion, v2beta1.SchemeGroupVersion, v2beta2.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/register.go deleted file mode 100644 index 871e5513a5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/register.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package autoscaling - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "autoscaling" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Scale{}, - &HorizontalPodAutoscaler{}, - &HorizontalPodAutoscalerList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/types.go deleted file mode 100644 index e0ed0dad1c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/types.go +++ /dev/null @@ -1,554 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package autoscaling - -import ( - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Scale represents a scaling request for a resource. -type Scale struct { - metav1.TypeMeta - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metav1.ObjectMeta - - // defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - Spec ScaleSpec - - // current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only. - // +optional - Status ScaleStatus -} - -// ScaleSpec describes the attributes of a scale subresource. -type ScaleSpec struct { - // desired number of instances for the scaled object. - // +optional - Replicas int32 -} - -// ScaleStatus represents the current status of a scale subresource. -type ScaleStatus struct { - // actual number of observed instances of the scaled object. - Replicas int32 - - // label query over pods that should match the replicas count. This is same - // as the label selector but in the string format to avoid introspection - // by clients. The string will be in the same format as the query-param syntax. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - Selector string -} - -// CrossVersionObjectReference contains enough information to let you identify the referred resource. -type CrossVersionObjectReference struct { - // Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - Kind string - // Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names - Name string - // API version of the referent - // +optional - APIVersion string -} - -// HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler. -type HorizontalPodAutoscalerSpec struct { - // ScaleTargetRef points to the target resource to scale, and is used to the pods for which metrics - // should be collected, as well as to actually change the replica count. - ScaleTargetRef CrossVersionObjectReference - // minReplicas is the lower limit for the number of replicas to which the autoscaler - // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - // alpha feature gate HPAScaleToZero is enabled and at least one Object or External - // metric is configured. Scaling is active as long as at least one metric value is - // available. - // +optional - MinReplicas *int32 - // MaxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. - // It cannot be less that minReplicas. - MaxReplicas int32 - // Metrics contains the specifications for which to use to calculate the - // desired replica count (the maximum replica count across all metrics will - // be used). The desired replica count is calculated multiplying the - // ratio between the target value and the current value by the current - // number of pods. Ergo, metrics used must decrease as the pod count is - // increased, and vice-versa. See the individual metric source types for - // more information about how each type of metric must respond. - // +optional - Metrics []MetricSpec - - // behavior configures the scaling behavior of the target - // in both Up and Down directions (scaleUp and scaleDown fields respectively). - // If not set, the default HPAScalingRules for scale up and scale down are used. - // +optional - Behavior *HorizontalPodAutoscalerBehavior -} - -// HorizontalPodAutoscalerBehavior configures a scaling behavior for Up and Down direction -// (scaleUp and scaleDown fields respectively). -type HorizontalPodAutoscalerBehavior struct { - // scaleUp is scaling policy for scaling Up. - // If not set, the default value is the higher of: - // * increase no more than 4 pods per 60 seconds - // * double the number of pods per 60 seconds - // No stabilization is used. - // +optional - ScaleUp *HPAScalingRules - // scaleDown is scaling policy for scaling Down. - // If not set, the default value is to allow to scale down to minReplicas pods, with a - // 300 second stabilization window (i.e., the highest recommendation for - // the last 300sec is used). - // +optional - ScaleDown *HPAScalingRules -} - -// ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction -type ScalingPolicySelect string - -const ( - // MaxPolicySelect selects the policy with the highest possible change. - MaxPolicySelect ScalingPolicySelect = "Max" - // MinPolicySelect selects the policy with the lowest possible change. - MinPolicySelect ScalingPolicySelect = "Min" - // DisabledPolicySelect disables the scaling in this direction. - DisabledPolicySelect ScalingPolicySelect = "Disabled" -) - -// HPAScalingRules configures the scaling behavior for one direction. -// These Rules are applied after calculating DesiredReplicas from metrics for the HPA. -// They can limit the scaling velocity by specifying scaling policies. -// They can prevent flapping by specifying the stabilization window, so that the -// number of replicas is not set instantly, instead, the safest value from the stabilization -// window is chosen. -type HPAScalingRules struct { - // StabilizationWindowSeconds is the number of seconds for which past recommendations should be - // considered while scaling up or scaling down. - // StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - // If not set, use the default values: - // - For scale up: 0 (i.e. no stabilization is done). - // - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - // +optional - StabilizationWindowSeconds *int32 - // selectPolicy is used to specify which policy should be used. - // If not set, the default value MaxPolicySelect is used. - // +optional - SelectPolicy *ScalingPolicySelect - // policies is a list of potential scaling polices which can used during scaling. - // At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - // +optional - Policies []HPAScalingPolicy -} - -// HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions. -type HPAScalingPolicyType string - -const ( - // PodsScalingPolicy is a policy used to specify a change in absolute number of pods. - PodsScalingPolicy HPAScalingPolicyType = "Pods" - // PercentScalingPolicy is a policy used to specify a relative amount of change with respect to - // the current number of pods. - PercentScalingPolicy HPAScalingPolicyType = "Percent" -) - -// HPAScalingPolicy is a single policy which must hold true for a specified past interval. -type HPAScalingPolicy struct { - // Type is used to specify the scaling policy. - Type HPAScalingPolicyType - // Value contains the amount of change which is permitted by the policy. - // It must be greater than zero - Value int32 - // PeriodSeconds specifies the window of time for which the policy should hold true. - // PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - PeriodSeconds int32 -} - -// MetricSourceType indicates the type of metric. -type MetricSourceType string - -const ( - // ObjectMetricSourceType is a metric describing a kubernetes object - // (for example, hits-per-second on an Ingress object). - ObjectMetricSourceType MetricSourceType = "Object" - // PodsMetricSourceType is a metric describing each pod in the current scale - // target (for example, transactions-processed-per-second). The values - // will be averaged together before being compared to the target value. - PodsMetricSourceType MetricSourceType = "Pods" - // ResourceMetricSourceType is a resource metric known to Kubernetes, as - // specified in requests and limits, describing each pod in the current - // scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics (the "pods" source). - ResourceMetricSourceType MetricSourceType = "Resource" - // ExternalMetricSourceType is a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - ExternalMetricSourceType MetricSourceType = "External" - // ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as - // specified in requests and limits, describing a single container in each pod in the current - // scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics (the "pods" source). - ContainerResourceMetricSourceType MetricSourceType = "ContainerResource" -) - -// MetricSpec specifies how to scale based on a single metric -// (only `type` and one other matching field should be set at once). -type MetricSpec struct { - // Type is the type of metric source. It should be one of "Object", - // "Pods" or "Resource", each mapping to a matching field in the object. - Type MetricSourceType - - // Object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - Object *ObjectMetricSource - // Pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - Pods *PodsMetricSource - // Resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - Resource *ResourceMetricSource - // ContainerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod of the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - ContainerResource *ContainerResourceMetricSource - // External refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - External *ExternalMetricSource -} - -// ObjectMetricSource indicates how to scale on a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -type ObjectMetricSource struct { - DescribedObject CrossVersionObjectReference - Target MetricTarget - Metric MetricIdentifier -} - -// PodsMetricSource indicates how to scale on a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -// The values will be averaged together before being compared to the target -// value. -type PodsMetricSource struct { - // metric identifies the target metric by name and selector - Metric MetricIdentifier - // target specifies the target value for the given metric - Target MetricTarget -} - -// ResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -type ResourceMetricSource struct { - // Name is the name of the resource in question. - Name api.ResourceName - // Target specifies the target value for the given metric - Target MetricTarget -} - -// ContainerResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in the requests and limits, describing a single container in -// each of the pods of the current scale target(e.g. CPU or memory). The values will be -// averaged together before being compared to the target. Such metrics are built into -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -type ContainerResourceMetricSource struct { - // name is the name of the of the resource - Name api.ResourceName - // container is the name of the container in the pods of the scaling target. - Container string - // target specifies the target value for the given metric - Target MetricTarget -} - -// ExternalMetricSource indicates how to scale on a metric not associated with -// any Kubernetes object (for example length of queue in cloud -// messaging service, or QPS from loadbalancer running outside of cluster). -type ExternalMetricSource struct { - // Metric identifies the target metric by name and selector - Metric MetricIdentifier - // Target specifies the target value for the given metric - Target MetricTarget -} - -// MetricIdentifier defines the name and optionally selector for a metric -type MetricIdentifier struct { - // Name is the name of the given metric - Name string - // Selector is the selector for the given metric - // it is the string-encoded form of a standard kubernetes label selector - // +optional - Selector *metav1.LabelSelector -} - -// MetricTarget defines the target value, average value, or average utilization of a specific metric -type MetricTarget struct { - // Type represents whether the metric type is Utilization, Value, or AverageValue - Type MetricTargetType - // Value is the target value of the metric (as a quantity). - Value *resource.Quantity - // TargetAverageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - AverageValue *resource.Quantity - - // AverageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // Currently only valid for Resource metric source type - AverageUtilization *int32 -} - -// MetricTargetType specifies the type of metric being targeted, and should be either -// "Value", "AverageValue", or "Utilization" -type MetricTargetType string - -const ( - // UtilizationMetricType is a possible value for MetricTarget.Type. - UtilizationMetricType MetricTargetType = "Utilization" - // ValueMetricType is a possible value for MetricTarget.Type. - ValueMetricType MetricTargetType = "Value" - // AverageValueMetricType is a possible value for MetricTarget.Type. - AverageValueMetricType MetricTargetType = "AverageValue" -) - -// HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler. -type HorizontalPodAutoscalerStatus struct { - // ObservedGeneration is the most recent generation observed by this autoscaler. - // +optional - ObservedGeneration *int64 - - // LastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, - // used by the autoscaler to control how often the number of pods is changed. - // +optional - LastScaleTime *metav1.Time - - // CurrentReplicas is current number of replicas of pods managed by this autoscaler, - // as last seen by the autoscaler. - CurrentReplicas int32 - - // DesiredReplicas is the desired number of replicas of pods managed by this autoscaler, - // as last calculated by the autoscaler. - DesiredReplicas int32 - - // CurrentMetrics is the last read state of the metrics used by this autoscaler. - // +optional - CurrentMetrics []MetricStatus - - // Conditions is the set of conditions required for this autoscaler to scale its target, - // and indicates whether or not those conditions are met. - Conditions []HorizontalPodAutoscalerCondition -} - -// ConditionStatus indicates the status of a condition (true, false, or unknown). -type ConditionStatus string - -// These are valid condition statuses. "ConditionTrue" means a resource is in the condition; -// "ConditionFalse" means a resource is not in the condition; "ConditionUnknown" means kubernetes -// can't decide if a resource is in the condition or not. In the future, we could add other -// intermediate conditions, e.g. ConditionDegraded. -const ( - ConditionTrue ConditionStatus = "True" - ConditionFalse ConditionStatus = "False" - ConditionUnknown ConditionStatus = "Unknown" -) - -// HorizontalPodAutoscalerConditionType are the valid conditions of -// a HorizontalPodAutoscaler. -type HorizontalPodAutoscalerConditionType string - -const ( - // ScalingActive indicates that the HPA controller is able to scale if necessary: - // it's correctly configured, can fetch the desired metrics, and isn't disabled. - ScalingActive HorizontalPodAutoscalerConditionType = "ScalingActive" - // AbleToScale indicates a lack of transient issues which prevent scaling from occurring, - // such as being in a backoff window, or being unable to access/update the target scale. - AbleToScale HorizontalPodAutoscalerConditionType = "AbleToScale" - // ScalingLimited indicates that the calculated scale based on metrics would be above or - // below the range for the HPA, and has thus been capped. - ScalingLimited HorizontalPodAutoscalerConditionType = "ScalingLimited" -) - -// HorizontalPodAutoscalerCondition describes the state of -// a HorizontalPodAutoscaler at a certain point. -type HorizontalPodAutoscalerCondition struct { - // Type describes the current condition - Type HorizontalPodAutoscalerConditionType - // Status is the status of the condition (True, False, Unknown) - Status ConditionStatus - // LastTransitionTime is the last time the condition transitioned from - // one status to another - // +optional - LastTransitionTime metav1.Time - // Reason is the reason for the condition's last transition. - // +optional - Reason string - // Message is a human-readable explanation containing details about - // the transition - // +optional - Message string -} - -// MetricStatus describes the last-read state of a single metric. -type MetricStatus struct { - // Type is the type of metric source. It will be one of "Object", - // "Pods" or "Resource", each corresponds to a matching field in the object. - Type MetricSourceType - - // Object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - Object *ObjectMetricStatus - // Pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - Pods *PodsMetricStatus - // Resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - Resource *ResourceMetricStatus - // ContainerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - ContainerResource *ContainerResourceMetricStatus - // External refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - External *ExternalMetricStatus -} - -// ObjectMetricStatus indicates the current value of a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -type ObjectMetricStatus struct { - Metric MetricIdentifier - Current MetricValueStatus - - DescribedObject CrossVersionObjectReference -} - -// PodsMetricStatus indicates the current value of a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -type PodsMetricStatus struct { - Metric MetricIdentifier - Current MetricValueStatus -} - -// ResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -type ResourceMetricStatus struct { - // Name is the name of the resource in question. - Name api.ResourceName - Current MetricValueStatus -} - -// ContainerResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -type ContainerResourceMetricStatus struct { - // Name is the name of the resource in question. - Name api.ResourceName - Container string - Current MetricValueStatus -} - -// ExternalMetricStatus indicates the current value of a global metric -// not associated with any Kubernetes object. -type ExternalMetricStatus struct { - Metric MetricIdentifier - Current MetricValueStatus -} - -// MetricValueStatus indicates the current value of a metric. -type MetricValueStatus struct { - Value *resource.Quantity - AverageValue *resource.Quantity - AverageUtilization *int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// HorizontalPodAutoscaler is the configuration for a horizontal pod -// autoscaler, which automatically manages the replica count of any resource -// implementing the scale subresource based on the metrics specified. -type HorizontalPodAutoscaler struct { - metav1.TypeMeta - // Metadata is the standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Spec is the specification for the behaviour of the autoscaler. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - Spec HorizontalPodAutoscalerSpec - - // Status is the current information about the autoscaler. - // +optional - Status HorizontalPodAutoscalerStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects. -type HorizontalPodAutoscalerList struct { - metav1.TypeMeta - // Metadata is the standard list metadata. - // +optional - metav1.ListMeta - - // Items is the list of horizontal pod autoscaler objects. - Items []HorizontalPodAutoscaler -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/conversion.go deleted file mode 100644 index ded80ce8e3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/conversion.go +++ /dev/null @@ -1,567 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "encoding/json" - - autoscalingv1 "k8s.io/api/autoscaling/v1" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/core" -) - -func Convert_autoscaling_MetricTarget_To_v1_CrossVersionObjectReference(in *autoscaling.MetricTarget, out *autoscalingv1.CrossVersionObjectReference, s conversion.Scope) error { - return nil -} - -func Convert_v1_CrossVersionObjectReference_To_autoscaling_MetricTarget(in *autoscalingv1.CrossVersionObjectReference, out *autoscaling.MetricTarget, s conversion.Scope) error { - return nil -} - -func Convert_autoscaling_ExternalMetricSource_To_v1_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *autoscalingv1.ExternalMetricSource, s conversion.Scope) error { - out.MetricName = in.Metric.Name - out.TargetValue = in.Target.Value - out.TargetAverageValue = in.Target.AverageValue - out.MetricSelector = in.Metric.Selector - return nil -} - -func Convert_v1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *autoscalingv1.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - value := in.TargetValue - averageValue := in.TargetAverageValue - var metricType autoscaling.MetricTargetType - if value == nil { - metricType = autoscaling.AverageValueMetricType - } else { - metricType = autoscaling.ValueMetricType - } - out.Target = autoscaling.MetricTarget{ - Type: metricType, - Value: value, - AverageValue: averageValue, - } - - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.MetricSelector, - } - return nil -} - -func Convert_autoscaling_ObjectMetricSource_To_v1_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *autoscalingv1.ObjectMetricSource, s conversion.Scope) error { - if in.Target.Value != nil { - out.TargetValue = *in.Target.Value - } - out.AverageValue = in.Target.AverageValue - out.Target = autoscalingv1.CrossVersionObjectReference{ - Kind: in.DescribedObject.Kind, - Name: in.DescribedObject.Name, - APIVersion: in.DescribedObject.APIVersion, - } - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - return nil -} - -func Convert_v1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *autoscalingv1.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - var metricType autoscaling.MetricTargetType - if in.AverageValue == nil { - metricType = autoscaling.ValueMetricType - } else { - metricType = autoscaling.AverageValueMetricType - } - - out.Target = autoscaling.MetricTarget{ - Type: metricType, - Value: &in.TargetValue, - AverageValue: in.AverageValue, - } - out.DescribedObject = autoscaling.CrossVersionObjectReference{ - Kind: in.Target.Kind, - Name: in.Target.Name, - APIVersion: in.Target.APIVersion, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_autoscaling_PodsMetricSource_To_v1_PodsMetricSource(in *autoscaling.PodsMetricSource, out *autoscalingv1.PodsMetricSource, s conversion.Scope) error { - if in.Target.AverageValue != nil { - out.TargetAverageValue = *in.Target.AverageValue - } - - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - return nil -} - -func Convert_v1_PodsMetricSource_To_autoscaling_PodsMetricSource(in *autoscalingv1.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - metricType := autoscaling.AverageValueMetricType - - out.Target = autoscaling.MetricTarget{ - Type: metricType, - AverageValue: &in.TargetAverageValue, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_autoscaling_ExternalMetricStatus_To_v1_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *autoscalingv1.ExternalMetricStatus, s conversion.Scope) error { - out.MetricName = in.Metric.Name - if in.Current.Value != nil { - out.CurrentValue = *in.Current.Value - } - if in.Current.AverageValue != nil { - out.CurrentAverageValue = in.Current.AverageValue - } - out.MetricSelector = in.Metric.Selector - return nil -} - -func Convert_v1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *autoscalingv1.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - value := in.CurrentValue - averageValue := in.CurrentAverageValue - out.Current = autoscaling.MetricValueStatus{ - Value: &value, - AverageValue: averageValue, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.MetricSelector, - } - return nil -} - -func Convert_autoscaling_ObjectMetricStatus_To_v1_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *autoscalingv1.ObjectMetricStatus, s conversion.Scope) error { - if in.Current.Value != nil { - out.CurrentValue = *in.Current.Value - } - if in.Current.AverageValue != nil { - currentAverageValue := *in.Current.AverageValue - out.AverageValue = &currentAverageValue - } - out.Target = autoscalingv1.CrossVersionObjectReference{ - Kind: in.DescribedObject.Kind, - Name: in.DescribedObject.Name, - APIVersion: in.DescribedObject.APIVersion, - } - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - return nil -} - -func Convert_v1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *autoscalingv1.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - out.Current = autoscaling.MetricValueStatus{ - Value: &in.CurrentValue, - AverageValue: in.AverageValue, - } - out.DescribedObject = autoscaling.CrossVersionObjectReference{ - Kind: in.Target.Kind, - Name: in.Target.Name, - APIVersion: in.Target.APIVersion, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_autoscaling_PodsMetricStatus_To_v1_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *autoscalingv1.PodsMetricStatus, s conversion.Scope) error { - if in.Current.AverageValue != nil { - out.CurrentAverageValue = *in.Current.AverageValue - } - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - return nil -} - -func Convert_v1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *autoscalingv1.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - out.Current = autoscaling.MetricValueStatus{ - AverageValue: &in.CurrentAverageValue, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_v1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *autoscalingv1.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - utilization := in.TargetAverageUtilization - averageValue := in.TargetAverageValue - var metricType autoscaling.MetricTargetType - if utilization == nil { - metricType = autoscaling.AverageValueMetricType - } else { - metricType = autoscaling.UtilizationMetricType - } - out.Target = autoscaling.MetricTarget{ - Type: metricType, - AverageValue: averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ResourceMetricSource_To_v1_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *autoscalingv1.ResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.TargetAverageUtilization = in.Target.AverageUtilization - out.TargetAverageValue = in.Target.AverageValue - return nil -} - -func Convert_v1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *autoscalingv1.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - out.Container = in.Container - utilization := in.CurrentAverageUtilization - averageValue := &in.CurrentAverageValue - out.Current = autoscaling.MetricValueStatus{ - AverageValue: averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ContainerResourceMetricStatus_To_v1_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *autoscalingv1.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - out.CurrentAverageUtilization = in.Current.AverageUtilization - if in.Current.AverageValue != nil { - out.CurrentAverageValue = *in.Current.AverageValue - } - return nil -} - -func Convert_v1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *autoscalingv1.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - utilization := in.CurrentAverageUtilization - averageValue := &in.CurrentAverageValue - out.Current = autoscaling.MetricValueStatus{ - AverageValue: averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ResourceMetricStatus_To_v1_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *autoscalingv1.ResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.CurrentAverageUtilization = in.Current.AverageUtilization - if in.Current.AverageValue != nil { - out.CurrentAverageValue = *in.Current.AverageValue - } - return nil -} - -func Convert_autoscaling_HorizontalPodAutoscaler_To_v1_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *autoscalingv1.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_autoscaling_HorizontalPodAutoscaler_To_v1_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - - // clear any pre-existing round-trip annotations to make sure the only ones set are ones we produced during conversion - annotations, copiedAnnotations := autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - out.Annotations = annotations - - otherMetrics := make([]autoscalingv1.MetricSpec, 0, len(in.Spec.Metrics)) - for _, metric := range in.Spec.Metrics { - if metric.Type == autoscaling.ResourceMetricSourceType && metric.Resource != nil && metric.Resource.Name == core.ResourceCPU && metric.Resource.Target.AverageUtilization != nil { - continue - } - - convMetric := autoscalingv1.MetricSpec{} - if err := Convert_autoscaling_MetricSpec_To_v1_MetricSpec(&metric, &convMetric, s); err != nil { - return err - } - otherMetrics = append(otherMetrics, convMetric) - } - - // NB: we need to save the status even if it maps to a CPU utilization status in order to save the raw value as well - currentMetrics := make([]autoscalingv1.MetricStatus, len(in.Status.CurrentMetrics)) - for i, currentMetric := range in.Status.CurrentMetrics { - if err := Convert_autoscaling_MetricStatus_To_v1_MetricStatus(&currentMetric, &currentMetrics[i], s); err != nil { - return err - } - } - - // store HPA conditions in an annotation - currentConditions := make([]autoscalingv1.HorizontalPodAutoscalerCondition, len(in.Status.Conditions)) - for i, currentCondition := range in.Status.Conditions { - if err := Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v1_HorizontalPodAutoscalerCondition(&currentCondition, &currentConditions[i], s); err != nil { - return err - } - } - - if len(otherMetrics) > 0 { - otherMetricsEnc, err := json.Marshal(otherMetrics) - if err != nil { - return err - } - // copy before mutating - if !copiedAnnotations { - copiedAnnotations = true - out.Annotations = autoscaling.DeepCopyStringMap(out.Annotations) - } - out.Annotations[autoscaling.MetricSpecsAnnotation] = string(otherMetricsEnc) - } - - if len(in.Status.CurrentMetrics) > 0 { - currentMetricsEnc, err := json.Marshal(currentMetrics) - if err != nil { - return err - } - // copy before mutating - if !copiedAnnotations { - copiedAnnotations = true - out.Annotations = autoscaling.DeepCopyStringMap(out.Annotations) - } - out.Annotations[autoscaling.MetricStatusesAnnotation] = string(currentMetricsEnc) - } - - if in.Spec.Behavior != nil { - // TODO: this is marshaling an internal type. Fix this without breaking backwards compatibility. - behaviorEnc, err := json.Marshal(in.Spec.Behavior) - if err != nil { - return err - } - // copy before mutating - if !copiedAnnotations { - copiedAnnotations = true - out.Annotations = autoscaling.DeepCopyStringMap(out.Annotations) - } - out.Annotations[autoscaling.BehaviorSpecsAnnotation] = string(behaviorEnc) - } - - if len(in.Status.Conditions) > 0 { - currentConditionsEnc, err := json.Marshal(currentConditions) - if err != nil { - return err - } - // copy before mutating - if !copiedAnnotations { - //nolint:ineffassign - copiedAnnotations = true - out.Annotations = autoscaling.DeepCopyStringMap(out.Annotations) - } - out.Annotations[autoscaling.HorizontalPodAutoscalerConditionsAnnotation] = string(currentConditionsEnc) - } - - return nil -} - -func Convert_v1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *autoscalingv1.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_v1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - - if otherMetricsEnc, hasOtherMetrics := out.Annotations[autoscaling.MetricSpecsAnnotation]; hasOtherMetrics { - var otherMetrics []autoscalingv1.MetricSpec - if err := json.Unmarshal([]byte(otherMetricsEnc), &otherMetrics); err == nil { - // the normal Spec conversion could have populated out.Spec.Metrics with a single element, so deal with that - outMetrics := make([]autoscaling.MetricSpec, len(otherMetrics)+len(out.Spec.Metrics)) - for i, metric := range otherMetrics { - if err := Convert_v1_MetricSpec_To_autoscaling_MetricSpec(&metric, &outMetrics[i], s); err != nil { - return err - } - } - if out.Spec.Metrics != nil { - outMetrics[len(otherMetrics)] = out.Spec.Metrics[0] - } - out.Spec.Metrics = outMetrics - } - } - - if behaviorEnc, hasConstraints := out.Annotations[autoscaling.BehaviorSpecsAnnotation]; hasConstraints { - // TODO: this is unmarshaling an internal type. Fix this without breaking backwards compatibility. - var behavior autoscaling.HorizontalPodAutoscalerBehavior - if err := json.Unmarshal([]byte(behaviorEnc), &behavior); err == nil && behavior != (autoscaling.HorizontalPodAutoscalerBehavior{}) { - out.Spec.Behavior = &behavior - } - } - - if currentMetricsEnc, hasCurrentMetrics := out.Annotations[autoscaling.MetricStatusesAnnotation]; hasCurrentMetrics { - // ignore any existing status values -- the ones here have more information - var currentMetrics []autoscalingv1.MetricStatus - if err := json.Unmarshal([]byte(currentMetricsEnc), &currentMetrics); err == nil { - out.Status.CurrentMetrics = make([]autoscaling.MetricStatus, len(currentMetrics)) - for i, currentMetric := range currentMetrics { - if err := Convert_v1_MetricStatus_To_autoscaling_MetricStatus(&currentMetric, &out.Status.CurrentMetrics[i], s); err != nil { - return err - } - } - } - } - - // autoscaling/v1 formerly had an implicit default applied in the controller. In v2beta1, we apply it explicitly. - // We apply it here, explicitly, since we have access to the full set of metrics from the annotation. - if len(out.Spec.Metrics) == 0 { - // no other metrics, no explicit CPU value set - out.Spec.Metrics = []autoscaling.MetricSpec{ - { - Type: autoscaling.ResourceMetricSourceType, - Resource: &autoscaling.ResourceMetricSource{ - Name: core.ResourceCPU, - Target: autoscaling.MetricTarget{ - Type: autoscaling.UtilizationMetricType, - }, - }, - }, - } - out.Spec.Metrics[0].Resource.Target.AverageUtilization = new(int32) - *out.Spec.Metrics[0].Resource.Target.AverageUtilization = autoscaling.DefaultCPUUtilization - } - - if currentConditionsEnc, hasCurrentConditions := out.Annotations[autoscaling.HorizontalPodAutoscalerConditionsAnnotation]; hasCurrentConditions { - var currentConditions []autoscalingv1.HorizontalPodAutoscalerCondition - if err := json.Unmarshal([]byte(currentConditionsEnc), &currentConditions); err == nil { - out.Status.Conditions = make([]autoscaling.HorizontalPodAutoscalerCondition, len(currentConditions)) - for i, currentCondition := range currentConditions { - if err := Convert_v1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(&currentCondition, &out.Status.Conditions[i], s); err != nil { - return err - } - } - } - } - - // drop round-tripping annotations after converting to internal - out.Annotations, _ = autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - - return nil -} - -func Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v1_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *autoscalingv1.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_autoscaling_CrossVersionObjectReference_To_v1_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - - out.MinReplicas = in.MinReplicas - out.MaxReplicas = in.MaxReplicas - - for _, metric := range in.Metrics { - if metric.Type == autoscaling.ResourceMetricSourceType && metric.Resource != nil && metric.Resource.Name == core.ResourceCPU && metric.Resource.Target.AverageUtilization != nil { - out.TargetCPUUtilizationPercentage = new(int32) - *out.TargetCPUUtilizationPercentage = *metric.Resource.Target.AverageUtilization - break - } - } - - return nil -} - -func Convert_v1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *autoscalingv1.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_v1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - - out.MinReplicas = in.MinReplicas - out.MaxReplicas = in.MaxReplicas - - if in.TargetCPUUtilizationPercentage != nil { - out.Metrics = []autoscaling.MetricSpec{ - { - Type: autoscaling.ResourceMetricSourceType, - Resource: &autoscaling.ResourceMetricSource{ - Name: core.ResourceCPU, - Target: autoscaling.MetricTarget{ - Type: autoscaling.UtilizationMetricType, - }, - }, - }, - } - out.Metrics[0].Resource.Target.AverageUtilization = new(int32) - *out.Metrics[0].Resource.Target.AverageUtilization = *in.TargetCPUUtilizationPercentage - } - - return nil -} - -func Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v1_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *autoscalingv1.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.LastScaleTime = in.LastScaleTime - - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - - for _, metric := range in.CurrentMetrics { - if metric.Type == autoscaling.ResourceMetricSourceType && metric.Resource != nil && metric.Resource.Name == core.ResourceCPU { - if metric.Resource.Current.AverageUtilization != nil { - - out.CurrentCPUUtilizationPercentage = new(int32) - *out.CurrentCPUUtilizationPercentage = *metric.Resource.Current.AverageUtilization - } - } - } - return nil -} - -func Convert_v1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *autoscalingv1.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.LastScaleTime = in.LastScaleTime - - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - - if in.CurrentCPUUtilizationPercentage != nil { - out.CurrentMetrics = []autoscaling.MetricStatus{ - { - Type: autoscaling.ResourceMetricSourceType, - Resource: &autoscaling.ResourceMetricStatus{ - Name: core.ResourceCPU, - }, - }, - } - out.CurrentMetrics[0].Resource.Current.AverageUtilization = new(int32) - *out.CurrentMetrics[0].Resource.Current.AverageUtilization = *in.CurrentCPUUtilizationPercentage - } - return nil -} - -func Convert_v1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *autoscalingv1.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - out.Container = in.Container - utilization := in.TargetAverageUtilization - averageValue := in.TargetAverageValue - var metricType autoscaling.MetricTargetType - if utilization == nil { - metricType = autoscaling.AverageValueMetricType - } else { - metricType = autoscaling.UtilizationMetricType - } - out.Target = autoscaling.MetricTarget{ - Type: metricType, - AverageValue: averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ContainerResourceMetricSource_To_v1_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *autoscalingv1.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - out.TargetAverageUtilization = in.Target.AverageUtilization - out.TargetAverageValue = in.Target.AverageValue - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/defaults.go deleted file mode 100644 index e15cb67c30..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/defaults.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - autoscalingv1 "k8s.io/api/autoscaling/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_HorizontalPodAutoscaler(obj *autoscalingv1.HorizontalPodAutoscaler) { - if obj.Spec.MinReplicas == nil { - obj.Spec.MinReplicas = pointer.Int32(1) - } - - // NB: we apply a default for CPU utilization in conversion because - // we need access to the annotations to properly apply the default. -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/doc.go deleted file mode 100644 index 44229ea6b2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling -// +k8s:conversion-gen-external-types=k8s.io/api/autoscaling/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/autoscaling/v1 - -package v1 // import "k8s.io/kubernetes/pkg/apis/autoscaling/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/register.go deleted file mode 100644 index be246346d7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - autoscalingv1 "k8s.io/api/autoscaling/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "autoscaling" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &autoscalingv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/zz_generated.conversion.go deleted file mode 100644 index 7092cc587a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/zz_generated.conversion.go +++ /dev/null @@ -1,860 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/autoscaling/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.CrossVersionObjectReference)(nil), (*autoscaling.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(a.(*v1.CrossVersionObjectReference), b.(*autoscaling.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.CrossVersionObjectReference)(nil), (*v1.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_CrossVersionObjectReference_To_v1_CrossVersionObjectReference(a.(*autoscaling.CrossVersionObjectReference), b.(*v1.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.HorizontalPodAutoscalerCondition)(nil), (*autoscaling.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(a.(*v1.HorizontalPodAutoscalerCondition), b.(*autoscaling.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerCondition)(nil), (*v1.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v1_HorizontalPodAutoscalerCondition(a.(*autoscaling.HorizontalPodAutoscalerCondition), b.(*v1.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.HorizontalPodAutoscalerList)(nil), (*autoscaling.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(a.(*v1.HorizontalPodAutoscalerList), b.(*autoscaling.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerList)(nil), (*v1.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerList_To_v1_HorizontalPodAutoscalerList(a.(*autoscaling.HorizontalPodAutoscalerList), b.(*v1.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.MetricSpec)(nil), (*autoscaling.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_MetricSpec_To_autoscaling_MetricSpec(a.(*v1.MetricSpec), b.(*autoscaling.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricSpec)(nil), (*v1.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricSpec_To_v1_MetricSpec(a.(*autoscaling.MetricSpec), b.(*v1.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.MetricStatus)(nil), (*autoscaling.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_MetricStatus_To_autoscaling_MetricStatus(a.(*v1.MetricStatus), b.(*autoscaling.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricStatus)(nil), (*v1.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricStatus_To_v1_MetricStatus(a.(*autoscaling.MetricStatus), b.(*v1.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Scale)(nil), (*autoscaling.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Scale_To_autoscaling_Scale(a.(*v1.Scale), b.(*autoscaling.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.Scale)(nil), (*v1.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_Scale_To_v1_Scale(a.(*autoscaling.Scale), b.(*v1.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ScaleSpec)(nil), (*autoscaling.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ScaleSpec_To_autoscaling_ScaleSpec(a.(*v1.ScaleSpec), b.(*autoscaling.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ScaleSpec)(nil), (*v1.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleSpec_To_v1_ScaleSpec(a.(*autoscaling.ScaleSpec), b.(*v1.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ScaleStatus)(nil), (*autoscaling.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ScaleStatus_To_autoscaling_ScaleStatus(a.(*v1.ScaleStatus), b.(*autoscaling.ScaleStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ScaleStatus)(nil), (*v1.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleStatus_To_v1_ScaleStatus(a.(*autoscaling.ScaleStatus), b.(*v1.ScaleStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ContainerResourceMetricSource)(nil), (*v1.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricSource_To_v1_ContainerResourceMetricSource(a.(*autoscaling.ContainerResourceMetricSource), b.(*v1.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ContainerResourceMetricStatus)(nil), (*v1.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricStatus_To_v1_ContainerResourceMetricStatus(a.(*autoscaling.ContainerResourceMetricStatus), b.(*v1.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ExternalMetricSource)(nil), (*v1.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricSource_To_v1_ExternalMetricSource(a.(*autoscaling.ExternalMetricSource), b.(*v1.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ExternalMetricStatus)(nil), (*v1.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricStatus_To_v1_ExternalMetricStatus(a.(*autoscaling.ExternalMetricStatus), b.(*v1.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.HorizontalPodAutoscalerSpec)(nil), (*v1.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v1_HorizontalPodAutoscalerSpec(a.(*autoscaling.HorizontalPodAutoscalerSpec), b.(*v1.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.HorizontalPodAutoscalerStatus)(nil), (*v1.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v1_HorizontalPodAutoscalerStatus(a.(*autoscaling.HorizontalPodAutoscalerStatus), b.(*v1.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.HorizontalPodAutoscaler)(nil), (*v1.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscaler_To_v1_HorizontalPodAutoscaler(a.(*autoscaling.HorizontalPodAutoscaler), b.(*v1.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.MetricTarget)(nil), (*v1.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricTarget_To_v1_CrossVersionObjectReference(a.(*autoscaling.MetricTarget), b.(*v1.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ObjectMetricSource)(nil), (*v1.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricSource_To_v1_ObjectMetricSource(a.(*autoscaling.ObjectMetricSource), b.(*v1.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ObjectMetricStatus)(nil), (*v1.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricStatus_To_v1_ObjectMetricStatus(a.(*autoscaling.ObjectMetricStatus), b.(*v1.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.PodsMetricSource)(nil), (*v1.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricSource_To_v1_PodsMetricSource(a.(*autoscaling.PodsMetricSource), b.(*v1.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.PodsMetricStatus)(nil), (*v1.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricStatus_To_v1_PodsMetricStatus(a.(*autoscaling.PodsMetricStatus), b.(*v1.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ResourceMetricSource)(nil), (*v1.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricSource_To_v1_ResourceMetricSource(a.(*autoscaling.ResourceMetricSource), b.(*v1.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ResourceMetricStatus)(nil), (*v1.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricStatus_To_v1_ResourceMetricStatus(a.(*autoscaling.ResourceMetricStatus), b.(*v1.ResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ContainerResourceMetricSource)(nil), (*autoscaling.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(a.(*v1.ContainerResourceMetricSource), b.(*autoscaling.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ContainerResourceMetricStatus)(nil), (*autoscaling.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(a.(*v1.ContainerResourceMetricStatus), b.(*autoscaling.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.CrossVersionObjectReference)(nil), (*autoscaling.MetricTarget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CrossVersionObjectReference_To_autoscaling_MetricTarget(a.(*v1.CrossVersionObjectReference), b.(*autoscaling.MetricTarget), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ExternalMetricSource)(nil), (*autoscaling.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(a.(*v1.ExternalMetricSource), b.(*autoscaling.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ExternalMetricStatus)(nil), (*autoscaling.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(a.(*v1.ExternalMetricStatus), b.(*autoscaling.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.HorizontalPodAutoscalerSpec)(nil), (*autoscaling.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(a.(*v1.HorizontalPodAutoscalerSpec), b.(*autoscaling.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.HorizontalPodAutoscalerStatus)(nil), (*autoscaling.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(a.(*v1.HorizontalPodAutoscalerStatus), b.(*autoscaling.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.HorizontalPodAutoscaler)(nil), (*autoscaling.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(a.(*v1.HorizontalPodAutoscaler), b.(*autoscaling.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ObjectMetricSource)(nil), (*autoscaling.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(a.(*v1.ObjectMetricSource), b.(*autoscaling.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ObjectMetricStatus)(nil), (*autoscaling.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(a.(*v1.ObjectMetricStatus), b.(*autoscaling.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.PodsMetricSource)(nil), (*autoscaling.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodsMetricSource_To_autoscaling_PodsMetricSource(a.(*v1.PodsMetricSource), b.(*autoscaling.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.PodsMetricStatus)(nil), (*autoscaling.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(a.(*v1.PodsMetricStatus), b.(*autoscaling.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ResourceMetricSource)(nil), (*autoscaling.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(a.(*v1.ResourceMetricSource), b.(*autoscaling.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ResourceMetricStatus)(nil), (*autoscaling.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(a.(*v1.ResourceMetricStatus), b.(*autoscaling.ResourceMetricStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *v1.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.TargetAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - out.Container = in.Container - return nil -} - -func autoConvert_autoscaling_ContainerResourceMetricSource_To_v1_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *v1.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = corev1.ResourceName(in.Name) - out.Container = in.Container - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *v1.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.CurrentAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - out.Container = in.Container - return nil -} - -func autoConvert_autoscaling_ContainerResourceMetricStatus_To_v1_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *v1.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = corev1.ResourceName(in.Name) - out.Container = in.Container - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v1.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_v1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_v1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v1.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_v1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_autoscaling_CrossVersionObjectReference_To_v1_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v1.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_autoscaling_CrossVersionObjectReference_To_v1_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_autoscaling_CrossVersionObjectReference_To_v1_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v1.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_autoscaling_CrossVersionObjectReference_To_v1_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_v1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *v1.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.MetricSelector requires manual conversion: does not exist in peer-type - // WARNING: in.TargetValue requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ExternalMetricSource_To_v1_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *v1.ExternalMetricSource, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *v1.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.MetricSelector requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentValue requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ExternalMetricStatus_To_v1_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *v1.ExternalMetricStatus, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *v1.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_autoscaling_HorizontalPodAutoscaler_To_v1_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *v1.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v1_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v1_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v1.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = autoscaling.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = autoscaling.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_v1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v1.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_v1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v1_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v1.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = v1.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v1_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v1_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v1.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v1_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_v1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v1.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]autoscaling.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_v1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_v1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v1.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_v1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v1_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v1.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_autoscaling_HorizontalPodAutoscaler_To_v1_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerList_To_v1_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerList_To_v1_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v1.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v1_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_v1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *v1.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_v1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - // WARNING: in.TargetCPUUtilizationPercentage requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerSpec_To_v1_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *v1.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_autoscaling_CrossVersionObjectReference_To_v1_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - // WARNING: in.Metrics requires manual conversion: does not exist in peer-type - // WARNING: in.Behavior requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *v1.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - // WARNING: in.CurrentCPUUtilizationPercentage requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerStatus_To_v1_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *v1.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - // WARNING: in.CurrentMetrics requires manual conversion: does not exist in peer-type - // WARNING: in.Conditions requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_MetricSpec_To_autoscaling_MetricSpec(in *v1.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(autoscaling.ObjectMetricSource) - if err := Convert_v1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(autoscaling.PodsMetricSource) - if err := Convert_v1_PodsMetricSource_To_autoscaling_PodsMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(autoscaling.ResourceMetricSource) - if err := Convert_v1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricSource) - if err := Convert_v1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(autoscaling.ExternalMetricSource) - if err := Convert_v1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_v1_MetricSpec_To_autoscaling_MetricSpec is an autogenerated conversion function. -func Convert_v1_MetricSpec_To_autoscaling_MetricSpec(in *v1.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - return autoConvert_v1_MetricSpec_To_autoscaling_MetricSpec(in, out, s) -} - -func autoConvert_autoscaling_MetricSpec_To_v1_MetricSpec(in *autoscaling.MetricSpec, out *v1.MetricSpec, s conversion.Scope) error { - out.Type = v1.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(v1.ObjectMetricSource) - if err := Convert_autoscaling_ObjectMetricSource_To_v1_ObjectMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(v1.PodsMetricSource) - if err := Convert_autoscaling_PodsMetricSource_To_v1_PodsMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(v1.ResourceMetricSource) - if err := Convert_autoscaling_ResourceMetricSource_To_v1_ResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v1.ContainerResourceMetricSource) - if err := Convert_autoscaling_ContainerResourceMetricSource_To_v1_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(v1.ExternalMetricSource) - if err := Convert_autoscaling_ExternalMetricSource_To_v1_ExternalMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_autoscaling_MetricSpec_To_v1_MetricSpec is an autogenerated conversion function. -func Convert_autoscaling_MetricSpec_To_v1_MetricSpec(in *autoscaling.MetricSpec, out *v1.MetricSpec, s conversion.Scope) error { - return autoConvert_autoscaling_MetricSpec_To_v1_MetricSpec(in, out, s) -} - -func autoConvert_v1_MetricStatus_To_autoscaling_MetricStatus(in *v1.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(autoscaling.ObjectMetricStatus) - if err := Convert_v1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(autoscaling.PodsMetricStatus) - if err := Convert_v1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(autoscaling.ResourceMetricStatus) - if err := Convert_v1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricStatus) - if err := Convert_v1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(autoscaling.ExternalMetricStatus) - if err := Convert_v1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_v1_MetricStatus_To_autoscaling_MetricStatus is an autogenerated conversion function. -func Convert_v1_MetricStatus_To_autoscaling_MetricStatus(in *v1.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - return autoConvert_v1_MetricStatus_To_autoscaling_MetricStatus(in, out, s) -} - -func autoConvert_autoscaling_MetricStatus_To_v1_MetricStatus(in *autoscaling.MetricStatus, out *v1.MetricStatus, s conversion.Scope) error { - out.Type = v1.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(v1.ObjectMetricStatus) - if err := Convert_autoscaling_ObjectMetricStatus_To_v1_ObjectMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(v1.PodsMetricStatus) - if err := Convert_autoscaling_PodsMetricStatus_To_v1_PodsMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(v1.ResourceMetricStatus) - if err := Convert_autoscaling_ResourceMetricStatus_To_v1_ResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v1.ContainerResourceMetricStatus) - if err := Convert_autoscaling_ContainerResourceMetricStatus_To_v1_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(v1.ExternalMetricStatus) - if err := Convert_autoscaling_ExternalMetricStatus_To_v1_ExternalMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_autoscaling_MetricStatus_To_v1_MetricStatus is an autogenerated conversion function. -func Convert_autoscaling_MetricStatus_To_v1_MetricStatus(in *autoscaling.MetricStatus, out *v1.MetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_MetricStatus_To_v1_MetricStatus(in, out, s) -} - -func autoConvert_v1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *v1.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - if err := Convert_v1_CrossVersionObjectReference_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.TargetValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - // WARNING: in.AverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ObjectMetricSource_To_v1_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *v1.ObjectMetricSource, s conversion.Scope) error { - // WARNING: in.DescribedObject requires manual conversion: does not exist in peer-type - if err := Convert_autoscaling_MetricTarget_To_v1_CrossVersionObjectReference(&in.Target, &out.Target, s); err != nil { - return err - } - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *v1.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - // WARNING: in.Target requires manual conversion: does not exist in peer-type - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - // WARNING: in.AverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ObjectMetricStatus_To_v1_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *v1.ObjectMetricStatus, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Current requires manual conversion: does not exist in peer-type - // WARNING: in.DescribedObject requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_PodsMetricSource_To_autoscaling_PodsMetricSource(in *v1.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_PodsMetricSource_To_v1_PodsMetricSource(in *autoscaling.PodsMetricSource, out *v1.PodsMetricSource, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *v1.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_PodsMetricStatus_To_v1_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *v1.PodsMetricStatus, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *v1.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.TargetAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ResourceMetricSource_To_v1_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *v1.ResourceMetricSource, s conversion.Scope) error { - out.Name = corev1.ResourceName(in.Name) - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *v1.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.CurrentAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ResourceMetricStatus_To_v1_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *v1.ResourceMetricStatus, s conversion.Scope) error { - out.Name = corev1.ResourceName(in.Name) - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1_Scale_To_autoscaling_Scale(in *v1.Scale, out *autoscaling.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ScaleSpec_To_autoscaling_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_ScaleStatus_To_autoscaling_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Scale_To_autoscaling_Scale is an autogenerated conversion function. -func Convert_v1_Scale_To_autoscaling_Scale(in *v1.Scale, out *autoscaling.Scale, s conversion.Scope) error { - return autoConvert_v1_Scale_To_autoscaling_Scale(in, out, s) -} - -func autoConvert_autoscaling_Scale_To_v1_Scale(in *autoscaling.Scale, out *v1.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_ScaleSpec_To_v1_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_ScaleStatus_To_v1_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_Scale_To_v1_Scale is an autogenerated conversion function. -func Convert_autoscaling_Scale_To_v1_Scale(in *autoscaling.Scale, out *v1.Scale, s conversion.Scope) error { - return autoConvert_autoscaling_Scale_To_v1_Scale(in, out, s) -} - -func autoConvert_v1_ScaleSpec_To_autoscaling_ScaleSpec(in *v1.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_v1_ScaleSpec_To_autoscaling_ScaleSpec is an autogenerated conversion function. -func Convert_v1_ScaleSpec_To_autoscaling_ScaleSpec(in *v1.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - return autoConvert_v1_ScaleSpec_To_autoscaling_ScaleSpec(in, out, s) -} - -func autoConvert_autoscaling_ScaleSpec_To_v1_ScaleSpec(in *autoscaling.ScaleSpec, out *v1.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_autoscaling_ScaleSpec_To_v1_ScaleSpec is an autogenerated conversion function. -func Convert_autoscaling_ScaleSpec_To_v1_ScaleSpec(in *autoscaling.ScaleSpec, out *v1.ScaleSpec, s conversion.Scope) error { - return autoConvert_autoscaling_ScaleSpec_To_v1_ScaleSpec(in, out, s) -} - -func autoConvert_v1_ScaleStatus_To_autoscaling_ScaleStatus(in *v1.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.Selector = in.Selector - return nil -} - -// Convert_v1_ScaleStatus_To_autoscaling_ScaleStatus is an autogenerated conversion function. -func Convert_v1_ScaleStatus_To_autoscaling_ScaleStatus(in *v1.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - return autoConvert_v1_ScaleStatus_To_autoscaling_ScaleStatus(in, out, s) -} - -func autoConvert_autoscaling_ScaleStatus_To_v1_ScaleStatus(in *autoscaling.ScaleStatus, out *v1.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.Selector = in.Selector - return nil -} - -// Convert_autoscaling_ScaleStatus_To_v1_ScaleStatus is an autogenerated conversion function. -func Convert_autoscaling_ScaleStatus_To_v1_ScaleStatus(in *autoscaling.ScaleStatus, out *v1.ScaleStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ScaleStatus_To_v1_ScaleStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/zz_generated.defaults.go deleted file mode 100644 index cc20c613d9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v1/zz_generated.defaults.go +++ /dev/null @@ -1,49 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/autoscaling/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.HorizontalPodAutoscaler{}, func(obj interface{}) { SetObjectDefaults_HorizontalPodAutoscaler(obj.(*v1.HorizontalPodAutoscaler)) }) - scheme.AddTypeDefaultingFunc(&v1.HorizontalPodAutoscalerList{}, func(obj interface{}) { - SetObjectDefaults_HorizontalPodAutoscalerList(obj.(*v1.HorizontalPodAutoscalerList)) - }) - return nil -} - -func SetObjectDefaults_HorizontalPodAutoscaler(in *v1.HorizontalPodAutoscaler) { - SetDefaults_HorizontalPodAutoscaler(in) -} - -func SetObjectDefaults_HorizontalPodAutoscalerList(in *v1.HorizontalPodAutoscalerList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_HorizontalPodAutoscaler(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/conversion.go deleted file mode 100644 index fc159fb24e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/conversion.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2 - -import ( - autoscalingv2 "k8s.io/api/autoscaling/v2" - - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/autoscaling" -) - -func Convert_autoscaling_HorizontalPodAutoscaler_To_v2_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *autoscalingv2.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_autoscaling_HorizontalPodAutoscaler_To_v2_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - // v2 round-trips to internal without any serialized annotations, make sure any from other versions don't get serialized - out.Annotations, _ = autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - return nil -} - -func Convert_v2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *autoscalingv2.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_v2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - // v2 round-trips to internal without any serialized annotations, make sure any from other versions don't get serialized - out.Annotations, _ = autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/defaults.go deleted file mode 100644 index 2ae50ae287..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/defaults.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2 - -import ( - autoscalingv2 "k8s.io/api/autoscaling/v2" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/utils/pointer" -) - -var ( - // These constants repeats previous HPA behavior - scaleUpLimitPercent int32 = 100 - scaleUpLimitMinimumPods int32 = 4 - scaleUpPeriod int32 = 15 - scaleUpStabilizationSeconds int32 - maxPolicy = autoscalingv2.MaxChangePolicySelect - defaultHPAScaleUpRules = autoscalingv2.HPAScalingRules{ - StabilizationWindowSeconds: &scaleUpStabilizationSeconds, - SelectPolicy: &maxPolicy, - Policies: []autoscalingv2.HPAScalingPolicy{ - { - Type: autoscalingv2.PodsScalingPolicy, - Value: scaleUpLimitMinimumPods, - PeriodSeconds: scaleUpPeriod, - }, - { - Type: autoscalingv2.PercentScalingPolicy, - Value: scaleUpLimitPercent, - PeriodSeconds: scaleUpPeriod, - }, - }, - } - scaleDownPeriod int32 = 15 - // Currently we can set the downscaleStabilizationWindow from the command line - // So we can not rewrite the command line option from here - scaleDownLimitPercent int32 = 100 - defaultHPAScaleDownRules = autoscalingv2.HPAScalingRules{ - StabilizationWindowSeconds: nil, - SelectPolicy: &maxPolicy, - Policies: []autoscalingv2.HPAScalingPolicy{ - { - Type: autoscalingv2.PercentScalingPolicy, - Value: scaleDownLimitPercent, - PeriodSeconds: scaleDownPeriod, - }, - }, - } -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_HorizontalPodAutoscaler(obj *autoscalingv2.HorizontalPodAutoscaler) { - if obj.Spec.MinReplicas == nil { - obj.Spec.MinReplicas = pointer.Int32(1) - } - - if len(obj.Spec.Metrics) == 0 { - utilizationDefaultVal := int32(autoscaling.DefaultCPUUtilization) - obj.Spec.Metrics = []autoscalingv2.MetricSpec{ - { - Type: autoscalingv2.ResourceMetricSourceType, - Resource: &autoscalingv2.ResourceMetricSource{ - Name: v1.ResourceCPU, - Target: autoscalingv2.MetricTarget{ - Type: autoscalingv2.UtilizationMetricType, - AverageUtilization: &utilizationDefaultVal, - }, - }, - }, - } - } - SetDefaults_HorizontalPodAutoscalerBehavior(obj) -} - -// SetDefaults_HorizontalPodAutoscalerBehavior fills the behavior if it is not null -func SetDefaults_HorizontalPodAutoscalerBehavior(obj *autoscalingv2.HorizontalPodAutoscaler) { - // if behavior is specified, we should fill all the 'nil' values with the default ones - if obj.Spec.Behavior != nil { - obj.Spec.Behavior.ScaleUp = GenerateHPAScaleUpRules(obj.Spec.Behavior.ScaleUp) - obj.Spec.Behavior.ScaleDown = GenerateHPAScaleDownRules(obj.Spec.Behavior.ScaleDown) - } -} - -// GenerateHPAScaleUpRules returns a fully-initialized HPAScalingRules value -// We guarantee that no pointer in the structure will have the 'nil' value -func GenerateHPAScaleUpRules(scalingRules *autoscalingv2.HPAScalingRules) *autoscalingv2.HPAScalingRules { - defaultScalingRules := defaultHPAScaleUpRules.DeepCopy() - return copyHPAScalingRules(scalingRules, defaultScalingRules) -} - -// GenerateHPAScaleDownRules returns a fully-initialized HPAScalingRules value -// We guarantee that no pointer in the structure will have the 'nil' value -// EXCEPT StabilizationWindowSeconds, for reasoning check the comment for defaultHPAScaleDownRules -func GenerateHPAScaleDownRules(scalingRules *autoscalingv2.HPAScalingRules) *autoscalingv2.HPAScalingRules { - defaultScalingRules := defaultHPAScaleDownRules.DeepCopy() - return copyHPAScalingRules(scalingRules, defaultScalingRules) -} - -// copyHPAScalingRules copies all non-`nil` fields in HPA constraint structure -func copyHPAScalingRules(from, to *autoscalingv2.HPAScalingRules) *autoscalingv2.HPAScalingRules { - if from == nil { - return to - } - if from.SelectPolicy != nil { - to.SelectPolicy = from.SelectPolicy - } - if from.StabilizationWindowSeconds != nil { - to.StabilizationWindowSeconds = from.StabilizationWindowSeconds - } - if from.Policies != nil { - to.Policies = from.Policies - } - return to -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/doc.go deleted file mode 100644 index e508c7a545..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling -// +k8s:conversion-gen-external-types=k8s.io/api/autoscaling/v2 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/autoscaling/v2 - -package v2 // import "k8s.io/kubernetes/pkg/apis/autoscaling/v2" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/register.go deleted file mode 100644 index c7d807cf40..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2 - -import ( - autoscalingv2 "k8s.io/api/autoscaling/v2" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "autoscaling" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v2"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &autoscalingv2.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/zz_generated.conversion.go deleted file mode 100644 index 52fc7ad4de..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/zz_generated.conversion.go +++ /dev/null @@ -1,1037 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v2 - -import ( - unsafe "unsafe" - - v2 "k8s.io/api/autoscaling/v2" - v1 "k8s.io/api/core/v1" - resource "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v2.ContainerResourceMetricSource)(nil), (*autoscaling.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(a.(*v2.ContainerResourceMetricSource), b.(*autoscaling.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ContainerResourceMetricSource)(nil), (*v2.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricSource_To_v2_ContainerResourceMetricSource(a.(*autoscaling.ContainerResourceMetricSource), b.(*v2.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.ContainerResourceMetricStatus)(nil), (*autoscaling.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(a.(*v2.ContainerResourceMetricStatus), b.(*autoscaling.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ContainerResourceMetricStatus)(nil), (*v2.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricStatus_To_v2_ContainerResourceMetricStatus(a.(*autoscaling.ContainerResourceMetricStatus), b.(*v2.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.CrossVersionObjectReference)(nil), (*autoscaling.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(a.(*v2.CrossVersionObjectReference), b.(*autoscaling.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.CrossVersionObjectReference)(nil), (*v2.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference(a.(*autoscaling.CrossVersionObjectReference), b.(*v2.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.ExternalMetricSource)(nil), (*autoscaling.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(a.(*v2.ExternalMetricSource), b.(*autoscaling.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ExternalMetricSource)(nil), (*v2.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricSource_To_v2_ExternalMetricSource(a.(*autoscaling.ExternalMetricSource), b.(*v2.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.ExternalMetricStatus)(nil), (*autoscaling.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(a.(*v2.ExternalMetricStatus), b.(*autoscaling.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ExternalMetricStatus)(nil), (*v2.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricStatus_To_v2_ExternalMetricStatus(a.(*autoscaling.ExternalMetricStatus), b.(*v2.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.HPAScalingPolicy)(nil), (*autoscaling.HPAScalingPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(a.(*v2.HPAScalingPolicy), b.(*autoscaling.HPAScalingPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HPAScalingPolicy)(nil), (*v2.HPAScalingPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HPAScalingPolicy_To_v2_HPAScalingPolicy(a.(*autoscaling.HPAScalingPolicy), b.(*v2.HPAScalingPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.HPAScalingRules)(nil), (*autoscaling.HPAScalingRules)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HPAScalingRules_To_autoscaling_HPAScalingRules(a.(*v2.HPAScalingRules), b.(*autoscaling.HPAScalingRules), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HPAScalingRules)(nil), (*v2.HPAScalingRules)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HPAScalingRules_To_v2_HPAScalingRules(a.(*autoscaling.HPAScalingRules), b.(*v2.HPAScalingRules), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.HorizontalPodAutoscalerBehavior)(nil), (*autoscaling.HorizontalPodAutoscalerBehavior)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(a.(*v2.HorizontalPodAutoscalerBehavior), b.(*autoscaling.HorizontalPodAutoscalerBehavior), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerBehavior)(nil), (*v2.HorizontalPodAutoscalerBehavior)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2_HorizontalPodAutoscalerBehavior(a.(*autoscaling.HorizontalPodAutoscalerBehavior), b.(*v2.HorizontalPodAutoscalerBehavior), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.HorizontalPodAutoscalerCondition)(nil), (*autoscaling.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(a.(*v2.HorizontalPodAutoscalerCondition), b.(*autoscaling.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerCondition)(nil), (*v2.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2_HorizontalPodAutoscalerCondition(a.(*autoscaling.HorizontalPodAutoscalerCondition), b.(*v2.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.HorizontalPodAutoscalerList)(nil), (*autoscaling.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(a.(*v2.HorizontalPodAutoscalerList), b.(*autoscaling.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerList)(nil), (*v2.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerList_To_v2_HorizontalPodAutoscalerList(a.(*autoscaling.HorizontalPodAutoscalerList), b.(*v2.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.HorizontalPodAutoscalerSpec)(nil), (*autoscaling.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(a.(*v2.HorizontalPodAutoscalerSpec), b.(*autoscaling.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerSpec)(nil), (*v2.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2_HorizontalPodAutoscalerSpec(a.(*autoscaling.HorizontalPodAutoscalerSpec), b.(*v2.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.HorizontalPodAutoscalerStatus)(nil), (*autoscaling.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(a.(*v2.HorizontalPodAutoscalerStatus), b.(*autoscaling.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerStatus)(nil), (*v2.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2_HorizontalPodAutoscalerStatus(a.(*autoscaling.HorizontalPodAutoscalerStatus), b.(*v2.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.MetricIdentifier)(nil), (*autoscaling.MetricIdentifier)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(a.(*v2.MetricIdentifier), b.(*autoscaling.MetricIdentifier), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricIdentifier)(nil), (*v2.MetricIdentifier)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(a.(*autoscaling.MetricIdentifier), b.(*v2.MetricIdentifier), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.MetricSpec)(nil), (*autoscaling.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_MetricSpec_To_autoscaling_MetricSpec(a.(*v2.MetricSpec), b.(*autoscaling.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricSpec)(nil), (*v2.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricSpec_To_v2_MetricSpec(a.(*autoscaling.MetricSpec), b.(*v2.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.MetricStatus)(nil), (*autoscaling.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_MetricStatus_To_autoscaling_MetricStatus(a.(*v2.MetricStatus), b.(*autoscaling.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricStatus)(nil), (*v2.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricStatus_To_v2_MetricStatus(a.(*autoscaling.MetricStatus), b.(*v2.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.MetricTarget)(nil), (*autoscaling.MetricTarget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_MetricTarget_To_autoscaling_MetricTarget(a.(*v2.MetricTarget), b.(*autoscaling.MetricTarget), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricTarget)(nil), (*v2.MetricTarget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricTarget_To_v2_MetricTarget(a.(*autoscaling.MetricTarget), b.(*v2.MetricTarget), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.MetricValueStatus)(nil), (*autoscaling.MetricValueStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(a.(*v2.MetricValueStatus), b.(*autoscaling.MetricValueStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricValueStatus)(nil), (*v2.MetricValueStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(a.(*autoscaling.MetricValueStatus), b.(*v2.MetricValueStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.ObjectMetricSource)(nil), (*autoscaling.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(a.(*v2.ObjectMetricSource), b.(*autoscaling.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ObjectMetricSource)(nil), (*v2.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricSource_To_v2_ObjectMetricSource(a.(*autoscaling.ObjectMetricSource), b.(*v2.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.ObjectMetricStatus)(nil), (*autoscaling.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(a.(*v2.ObjectMetricStatus), b.(*autoscaling.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ObjectMetricStatus)(nil), (*v2.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricStatus_To_v2_ObjectMetricStatus(a.(*autoscaling.ObjectMetricStatus), b.(*v2.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.PodsMetricSource)(nil), (*autoscaling.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_PodsMetricSource_To_autoscaling_PodsMetricSource(a.(*v2.PodsMetricSource), b.(*autoscaling.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.PodsMetricSource)(nil), (*v2.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricSource_To_v2_PodsMetricSource(a.(*autoscaling.PodsMetricSource), b.(*v2.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.PodsMetricStatus)(nil), (*autoscaling.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(a.(*v2.PodsMetricStatus), b.(*autoscaling.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.PodsMetricStatus)(nil), (*v2.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricStatus_To_v2_PodsMetricStatus(a.(*autoscaling.PodsMetricStatus), b.(*v2.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.ResourceMetricSource)(nil), (*autoscaling.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(a.(*v2.ResourceMetricSource), b.(*autoscaling.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ResourceMetricSource)(nil), (*v2.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricSource_To_v2_ResourceMetricSource(a.(*autoscaling.ResourceMetricSource), b.(*v2.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2.ResourceMetricStatus)(nil), (*autoscaling.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(a.(*v2.ResourceMetricStatus), b.(*autoscaling.ResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ResourceMetricStatus)(nil), (*v2.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricStatus_To_v2_ResourceMetricStatus(a.(*autoscaling.ResourceMetricStatus), b.(*v2.ResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.HorizontalPodAutoscaler)(nil), (*v2.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscaler_To_v2_HorizontalPodAutoscaler(a.(*autoscaling.HorizontalPodAutoscaler), b.(*v2.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2.HorizontalPodAutoscaler)(nil), (*autoscaling.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(a.(*v2.HorizontalPodAutoscaler), b.(*autoscaling.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *v2.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - out.Container = in.Container - return nil -} - -// Convert_v2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource is an autogenerated conversion function. -func Convert_v2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *v2.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - return autoConvert_v2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ContainerResourceMetricSource_To_v2_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *v2.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - if err := Convert_autoscaling_MetricTarget_To_v2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ContainerResourceMetricSource_To_v2_ContainerResourceMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ContainerResourceMetricSource_To_v2_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *v2.ContainerResourceMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ContainerResourceMetricSource_To_v2_ContainerResourceMetricSource(in, out, s) -} - -func autoConvert_v2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *v2.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - out.Container = in.Container - return nil -} - -// Convert_v2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus is an autogenerated conversion function. -func Convert_v2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *v2.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - return autoConvert_v2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ContainerResourceMetricStatus_To_v2_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *v2.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - if err := Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ContainerResourceMetricStatus_To_v2_ContainerResourceMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ContainerResourceMetricStatus_To_v2_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *v2.ContainerResourceMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ContainerResourceMetricStatus_To_v2_ContainerResourceMetricStatus(in, out, s) -} - -func autoConvert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v2.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v2.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v2.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v2.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_v2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *v2.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - if err := Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_v2_ExternalMetricSource_To_autoscaling_ExternalMetricSource is an autogenerated conversion function. -func Convert_v2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *v2.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - return autoConvert_v2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ExternalMetricSource_To_v2_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *v2.ExternalMetricSource, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricTarget_To_v2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ExternalMetricSource_To_v2_ExternalMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ExternalMetricSource_To_v2_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *v2.ExternalMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ExternalMetricSource_To_v2_ExternalMetricSource(in, out, s) -} - -func autoConvert_v2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *v2.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - if err := Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_v2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus is an autogenerated conversion function. -func Convert_v2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *v2.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - return autoConvert_v2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ExternalMetricStatus_To_v2_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *v2.ExternalMetricStatus, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ExternalMetricStatus_To_v2_ExternalMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ExternalMetricStatus_To_v2_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *v2.ExternalMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ExternalMetricStatus_To_v2_ExternalMetricStatus(in, out, s) -} - -func autoConvert_v2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(in *v2.HPAScalingPolicy, out *autoscaling.HPAScalingPolicy, s conversion.Scope) error { - out.Type = autoscaling.HPAScalingPolicyType(in.Type) - out.Value = in.Value - out.PeriodSeconds = in.PeriodSeconds - return nil -} - -// Convert_v2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy is an autogenerated conversion function. -func Convert_v2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(in *v2.HPAScalingPolicy, out *autoscaling.HPAScalingPolicy, s conversion.Scope) error { - return autoConvert_v2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(in, out, s) -} - -func autoConvert_autoscaling_HPAScalingPolicy_To_v2_HPAScalingPolicy(in *autoscaling.HPAScalingPolicy, out *v2.HPAScalingPolicy, s conversion.Scope) error { - out.Type = v2.HPAScalingPolicyType(in.Type) - out.Value = in.Value - out.PeriodSeconds = in.PeriodSeconds - return nil -} - -// Convert_autoscaling_HPAScalingPolicy_To_v2_HPAScalingPolicy is an autogenerated conversion function. -func Convert_autoscaling_HPAScalingPolicy_To_v2_HPAScalingPolicy(in *autoscaling.HPAScalingPolicy, out *v2.HPAScalingPolicy, s conversion.Scope) error { - return autoConvert_autoscaling_HPAScalingPolicy_To_v2_HPAScalingPolicy(in, out, s) -} - -func autoConvert_v2_HPAScalingRules_To_autoscaling_HPAScalingRules(in *v2.HPAScalingRules, out *autoscaling.HPAScalingRules, s conversion.Scope) error { - out.StabilizationWindowSeconds = (*int32)(unsafe.Pointer(in.StabilizationWindowSeconds)) - out.SelectPolicy = (*autoscaling.ScalingPolicySelect)(unsafe.Pointer(in.SelectPolicy)) - out.Policies = *(*[]autoscaling.HPAScalingPolicy)(unsafe.Pointer(&in.Policies)) - return nil -} - -// Convert_v2_HPAScalingRules_To_autoscaling_HPAScalingRules is an autogenerated conversion function. -func Convert_v2_HPAScalingRules_To_autoscaling_HPAScalingRules(in *v2.HPAScalingRules, out *autoscaling.HPAScalingRules, s conversion.Scope) error { - return autoConvert_v2_HPAScalingRules_To_autoscaling_HPAScalingRules(in, out, s) -} - -func autoConvert_autoscaling_HPAScalingRules_To_v2_HPAScalingRules(in *autoscaling.HPAScalingRules, out *v2.HPAScalingRules, s conversion.Scope) error { - out.StabilizationWindowSeconds = (*int32)(unsafe.Pointer(in.StabilizationWindowSeconds)) - out.SelectPolicy = (*v2.ScalingPolicySelect)(unsafe.Pointer(in.SelectPolicy)) - out.Policies = *(*[]v2.HPAScalingPolicy)(unsafe.Pointer(&in.Policies)) - return nil -} - -// Convert_autoscaling_HPAScalingRules_To_v2_HPAScalingRules is an autogenerated conversion function. -func Convert_autoscaling_HPAScalingRules_To_v2_HPAScalingRules(in *autoscaling.HPAScalingRules, out *v2.HPAScalingRules, s conversion.Scope) error { - return autoConvert_autoscaling_HPAScalingRules_To_v2_HPAScalingRules(in, out, s) -} - -func autoConvert_v2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *v2.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_autoscaling_HorizontalPodAutoscaler_To_v2_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *v2.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(in *v2.HorizontalPodAutoscalerBehavior, out *autoscaling.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - out.ScaleUp = (*autoscaling.HPAScalingRules)(unsafe.Pointer(in.ScaleUp)) - out.ScaleDown = (*autoscaling.HPAScalingRules)(unsafe.Pointer(in.ScaleDown)) - return nil -} - -// Convert_v2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior is an autogenerated conversion function. -func Convert_v2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(in *v2.HorizontalPodAutoscalerBehavior, out *autoscaling.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - return autoConvert_v2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2_HorizontalPodAutoscalerBehavior(in *autoscaling.HorizontalPodAutoscalerBehavior, out *v2.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - out.ScaleUp = (*v2.HPAScalingRules)(unsafe.Pointer(in.ScaleUp)) - out.ScaleDown = (*v2.HPAScalingRules)(unsafe.Pointer(in.ScaleDown)) - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2_HorizontalPodAutoscalerBehavior is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2_HorizontalPodAutoscalerBehavior(in *autoscaling.HorizontalPodAutoscalerBehavior, out *v2.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2_HorizontalPodAutoscalerBehavior(in, out, s) -} - -func autoConvert_v2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v2.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = autoscaling.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = autoscaling.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_v2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v2.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_v2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v2_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v2.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = v2.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v2.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v2_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_v2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v2.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]autoscaling.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_v2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_v2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v2.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_v2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v2_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v2.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v2.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_autoscaling_HorizontalPodAutoscaler_To_v2_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerList_To_v2_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerList_To_v2_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v2.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v2_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_v2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *v2.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - if in.Metrics != nil { - in, out := &in.Metrics, &out.Metrics - *out = make([]autoscaling.MetricSpec, len(*in)) - for i := range *in { - if err := Convert_v2_MetricSpec_To_autoscaling_MetricSpec(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Metrics = nil - } - out.Behavior = (*autoscaling.HorizontalPodAutoscalerBehavior)(unsafe.Pointer(in.Behavior)) - return nil -} - -// Convert_v2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec is an autogenerated conversion function. -func Convert_v2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *v2.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - return autoConvert_v2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerSpec_To_v2_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *v2.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - if in.Metrics != nil { - in, out := &in.Metrics, &out.Metrics - *out = make([]v2.MetricSpec, len(*in)) - for i := range *in { - if err := Convert_autoscaling_MetricSpec_To_v2_MetricSpec(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Metrics = nil - } - out.Behavior = (*v2.HorizontalPodAutoscalerBehavior)(unsafe.Pointer(in.Behavior)) - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2_HorizontalPodAutoscalerSpec is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *v2.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerSpec_To_v2_HorizontalPodAutoscalerSpec(in, out, s) -} - -func autoConvert_v2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *v2.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - if in.CurrentMetrics != nil { - in, out := &in.CurrentMetrics, &out.CurrentMetrics - *out = make([]autoscaling.MetricStatus, len(*in)) - for i := range *in { - if err := Convert_v2_MetricStatus_To_autoscaling_MetricStatus(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.CurrentMetrics = nil - } - out.Conditions = *(*[]autoscaling.HorizontalPodAutoscalerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus is an autogenerated conversion function. -func Convert_v2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *v2.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - return autoConvert_v2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerStatus_To_v2_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *v2.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - if in.CurrentMetrics != nil { - in, out := &in.CurrentMetrics, &out.CurrentMetrics - *out = make([]v2.MetricStatus, len(*in)) - for i := range *in { - if err := Convert_autoscaling_MetricStatus_To_v2_MetricStatus(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.CurrentMetrics = nil - } - out.Conditions = *(*[]v2.HorizontalPodAutoscalerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2_HorizontalPodAutoscalerStatus is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *v2.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerStatus_To_v2_HorizontalPodAutoscalerStatus(in, out, s) -} - -func autoConvert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(in *v2.MetricIdentifier, out *autoscaling.MetricIdentifier, s conversion.Scope) error { - out.Name = in.Name - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - return nil -} - -// Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier is an autogenerated conversion function. -func Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(in *v2.MetricIdentifier, out *autoscaling.MetricIdentifier, s conversion.Scope) error { - return autoConvert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(in, out, s) -} - -func autoConvert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(in *autoscaling.MetricIdentifier, out *v2.MetricIdentifier, s conversion.Scope) error { - out.Name = in.Name - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - return nil -} - -// Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier is an autogenerated conversion function. -func Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(in *autoscaling.MetricIdentifier, out *v2.MetricIdentifier, s conversion.Scope) error { - return autoConvert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(in, out, s) -} - -func autoConvert_v2_MetricSpec_To_autoscaling_MetricSpec(in *v2.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - out.Object = (*autoscaling.ObjectMetricSource)(unsafe.Pointer(in.Object)) - out.Pods = (*autoscaling.PodsMetricSource)(unsafe.Pointer(in.Pods)) - out.Resource = (*autoscaling.ResourceMetricSource)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricSource) - if err := Convert_v2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*autoscaling.ExternalMetricSource)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_v2_MetricSpec_To_autoscaling_MetricSpec is an autogenerated conversion function. -func Convert_v2_MetricSpec_To_autoscaling_MetricSpec(in *v2.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - return autoConvert_v2_MetricSpec_To_autoscaling_MetricSpec(in, out, s) -} - -func autoConvert_autoscaling_MetricSpec_To_v2_MetricSpec(in *autoscaling.MetricSpec, out *v2.MetricSpec, s conversion.Scope) error { - out.Type = v2.MetricSourceType(in.Type) - out.Object = (*v2.ObjectMetricSource)(unsafe.Pointer(in.Object)) - out.Pods = (*v2.PodsMetricSource)(unsafe.Pointer(in.Pods)) - out.Resource = (*v2.ResourceMetricSource)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v2.ContainerResourceMetricSource) - if err := Convert_autoscaling_ContainerResourceMetricSource_To_v2_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*v2.ExternalMetricSource)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_autoscaling_MetricSpec_To_v2_MetricSpec is an autogenerated conversion function. -func Convert_autoscaling_MetricSpec_To_v2_MetricSpec(in *autoscaling.MetricSpec, out *v2.MetricSpec, s conversion.Scope) error { - return autoConvert_autoscaling_MetricSpec_To_v2_MetricSpec(in, out, s) -} - -func autoConvert_v2_MetricStatus_To_autoscaling_MetricStatus(in *v2.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - out.Object = (*autoscaling.ObjectMetricStatus)(unsafe.Pointer(in.Object)) - out.Pods = (*autoscaling.PodsMetricStatus)(unsafe.Pointer(in.Pods)) - out.Resource = (*autoscaling.ResourceMetricStatus)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricStatus) - if err := Convert_v2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*autoscaling.ExternalMetricStatus)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_v2_MetricStatus_To_autoscaling_MetricStatus is an autogenerated conversion function. -func Convert_v2_MetricStatus_To_autoscaling_MetricStatus(in *v2.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - return autoConvert_v2_MetricStatus_To_autoscaling_MetricStatus(in, out, s) -} - -func autoConvert_autoscaling_MetricStatus_To_v2_MetricStatus(in *autoscaling.MetricStatus, out *v2.MetricStatus, s conversion.Scope) error { - out.Type = v2.MetricSourceType(in.Type) - out.Object = (*v2.ObjectMetricStatus)(unsafe.Pointer(in.Object)) - out.Pods = (*v2.PodsMetricStatus)(unsafe.Pointer(in.Pods)) - out.Resource = (*v2.ResourceMetricStatus)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v2.ContainerResourceMetricStatus) - if err := Convert_autoscaling_ContainerResourceMetricStatus_To_v2_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*v2.ExternalMetricStatus)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_autoscaling_MetricStatus_To_v2_MetricStatus is an autogenerated conversion function. -func Convert_autoscaling_MetricStatus_To_v2_MetricStatus(in *autoscaling.MetricStatus, out *v2.MetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_MetricStatus_To_v2_MetricStatus(in, out, s) -} - -func autoConvert_v2_MetricTarget_To_autoscaling_MetricTarget(in *v2.MetricTarget, out *autoscaling.MetricTarget, s conversion.Scope) error { - out.Type = autoscaling.MetricTargetType(in.Type) - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_v2_MetricTarget_To_autoscaling_MetricTarget is an autogenerated conversion function. -func Convert_v2_MetricTarget_To_autoscaling_MetricTarget(in *v2.MetricTarget, out *autoscaling.MetricTarget, s conversion.Scope) error { - return autoConvert_v2_MetricTarget_To_autoscaling_MetricTarget(in, out, s) -} - -func autoConvert_autoscaling_MetricTarget_To_v2_MetricTarget(in *autoscaling.MetricTarget, out *v2.MetricTarget, s conversion.Scope) error { - out.Type = v2.MetricTargetType(in.Type) - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_autoscaling_MetricTarget_To_v2_MetricTarget is an autogenerated conversion function. -func Convert_autoscaling_MetricTarget_To_v2_MetricTarget(in *autoscaling.MetricTarget, out *v2.MetricTarget, s conversion.Scope) error { - return autoConvert_autoscaling_MetricTarget_To_v2_MetricTarget(in, out, s) -} - -func autoConvert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(in *v2.MetricValueStatus, out *autoscaling.MetricValueStatus, s conversion.Scope) error { - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus is an autogenerated conversion function. -func Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(in *v2.MetricValueStatus, out *autoscaling.MetricValueStatus, s conversion.Scope) error { - return autoConvert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(in, out, s) -} - -func autoConvert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(in *autoscaling.MetricValueStatus, out *v2.MetricValueStatus, s conversion.Scope) error { - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus is an autogenerated conversion function. -func Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(in *autoscaling.MetricValueStatus, out *v2.MetricValueStatus, s conversion.Scope) error { - return autoConvert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(in, out, s) -} - -func autoConvert_v2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *v2.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - if err := Convert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - if err := Convert_v2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - if err := Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - return nil -} - -// Convert_v2_ObjectMetricSource_To_autoscaling_ObjectMetricSource is an autogenerated conversion function. -func Convert_v2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *v2.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - return autoConvert_v2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ObjectMetricSource_To_v2_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *v2.ObjectMetricSource, s conversion.Scope) error { - if err := Convert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricTarget_To_v2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ObjectMetricSource_To_v2_ObjectMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ObjectMetricSource_To_v2_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *v2.ObjectMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ObjectMetricSource_To_v2_ObjectMetricSource(in, out, s) -} - -func autoConvert_v2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *v2.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - if err := Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - if err := Convert_v2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - return nil -} - -// Convert_v2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus is an autogenerated conversion function. -func Convert_v2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *v2.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - return autoConvert_v2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ObjectMetricStatus_To_v2_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *v2.ObjectMetricStatus, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - if err := Convert_autoscaling_CrossVersionObjectReference_To_v2_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ObjectMetricStatus_To_v2_ObjectMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ObjectMetricStatus_To_v2_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *v2.ObjectMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ObjectMetricStatus_To_v2_ObjectMetricStatus(in, out, s) -} - -func autoConvert_v2_PodsMetricSource_To_autoscaling_PodsMetricSource(in *v2.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - if err := Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_v2_PodsMetricSource_To_autoscaling_PodsMetricSource is an autogenerated conversion function. -func Convert_v2_PodsMetricSource_To_autoscaling_PodsMetricSource(in *v2.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - return autoConvert_v2_PodsMetricSource_To_autoscaling_PodsMetricSource(in, out, s) -} - -func autoConvert_autoscaling_PodsMetricSource_To_v2_PodsMetricSource(in *autoscaling.PodsMetricSource, out *v2.PodsMetricSource, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricTarget_To_v2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_PodsMetricSource_To_v2_PodsMetricSource is an autogenerated conversion function. -func Convert_autoscaling_PodsMetricSource_To_v2_PodsMetricSource(in *autoscaling.PodsMetricSource, out *v2.PodsMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_PodsMetricSource_To_v2_PodsMetricSource(in, out, s) -} - -func autoConvert_v2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *v2.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - if err := Convert_v2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_v2_PodsMetricStatus_To_autoscaling_PodsMetricStatus is an autogenerated conversion function. -func Convert_v2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *v2.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - return autoConvert_v2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_PodsMetricStatus_To_v2_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *v2.PodsMetricStatus, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_PodsMetricStatus_To_v2_PodsMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_PodsMetricStatus_To_v2_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *v2.PodsMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_PodsMetricStatus_To_v2_PodsMetricStatus(in, out, s) -} - -func autoConvert_v2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *v2.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_v2_ResourceMetricSource_To_autoscaling_ResourceMetricSource is an autogenerated conversion function. -func Convert_v2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *v2.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - return autoConvert_v2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ResourceMetricSource_To_v2_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *v2.ResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - if err := Convert_autoscaling_MetricTarget_To_v2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ResourceMetricSource_To_v2_ResourceMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ResourceMetricSource_To_v2_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *v2.ResourceMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ResourceMetricSource_To_v2_ResourceMetricSource(in, out, s) -} - -func autoConvert_v2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *v2.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_v2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus is an autogenerated conversion function. -func Convert_v2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *v2.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - return autoConvert_v2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ResourceMetricStatus_To_v2_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *v2.ResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - if err := Convert_autoscaling_MetricValueStatus_To_v2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ResourceMetricStatus_To_v2_ResourceMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ResourceMetricStatus_To_v2_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *v2.ResourceMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ResourceMetricStatus_To_v2_ResourceMetricStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/zz_generated.defaults.go deleted file mode 100644 index 916791255e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2/zz_generated.defaults.go +++ /dev/null @@ -1,49 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v2 - -import ( - v2 "k8s.io/api/autoscaling/v2" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v2.HorizontalPodAutoscaler{}, func(obj interface{}) { SetObjectDefaults_HorizontalPodAutoscaler(obj.(*v2.HorizontalPodAutoscaler)) }) - scheme.AddTypeDefaultingFunc(&v2.HorizontalPodAutoscalerList{}, func(obj interface{}) { - SetObjectDefaults_HorizontalPodAutoscalerList(obj.(*v2.HorizontalPodAutoscalerList)) - }) - return nil -} - -func SetObjectDefaults_HorizontalPodAutoscaler(in *v2.HorizontalPodAutoscaler) { - SetDefaults_HorizontalPodAutoscaler(in) -} - -func SetObjectDefaults_HorizontalPodAutoscalerList(in *v2.HorizontalPodAutoscalerList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_HorizontalPodAutoscaler(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/conversion.go deleted file mode 100644 index 513b41a2a3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/conversion.go +++ /dev/null @@ -1,360 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2beta1 - -import ( - "encoding/json" - - autoscalingv2beta1 "k8s.io/api/autoscaling/v2beta1" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func Convert_autoscaling_MetricTarget_To_v2beta1_CrossVersionObjectReference(in *autoscaling.MetricTarget, out *autoscalingv2beta1.CrossVersionObjectReference, s conversion.Scope) error { - return nil -} - -func Convert_v2beta1_CrossVersionObjectReference_To_autoscaling_MetricTarget(in *autoscalingv2beta1.CrossVersionObjectReference, out *autoscaling.MetricTarget, s conversion.Scope) error { - return nil -} - -func Convert_v2beta1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *autoscalingv2beta1.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - out.Container = in.Container - utilization := in.CurrentAverageUtilization - averageValue := in.CurrentAverageValue - out.Current = autoscaling.MetricValueStatus{ - AverageValue: &averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ContainerResourceMetricStatus_To_v2beta1_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *autoscalingv2beta1.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - out.CurrentAverageUtilization = in.Current.AverageUtilization - if in.Current.AverageValue != nil { - out.CurrentAverageValue = *in.Current.AverageValue - } - return nil -} - -func Convert_v2beta1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *autoscalingv2beta1.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - utilization := in.CurrentAverageUtilization - averageValue := in.CurrentAverageValue - out.Current = autoscaling.MetricValueStatus{ - AverageValue: &averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ResourceMetricStatus_To_v2beta1_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *autoscalingv2beta1.ResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.CurrentAverageUtilization = in.Current.AverageUtilization - if in.Current.AverageValue != nil { - out.CurrentAverageValue = *in.Current.AverageValue - } - return nil -} - -func Convert_v2beta1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *autoscalingv2beta1.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - utilization := in.TargetAverageUtilization - averageValue := in.TargetAverageValue - - var metricType autoscaling.MetricTargetType - if utilization == nil { - metricType = autoscaling.AverageValueMetricType - } else { - metricType = autoscaling.UtilizationMetricType - } - out.Target = autoscaling.MetricTarget{ - Type: metricType, - AverageValue: averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ResourceMetricSource_To_v2beta1_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *autoscalingv2beta1.ResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.TargetAverageUtilization = in.Target.AverageUtilization - out.TargetAverageValue = in.Target.AverageValue - return nil -} - -func Convert_autoscaling_ExternalMetricSource_To_v2beta1_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *autoscalingv2beta1.ExternalMetricSource, s conversion.Scope) error { - out.MetricName = in.Metric.Name - out.TargetValue = in.Target.Value - out.TargetAverageValue = in.Target.AverageValue - out.MetricSelector = in.Metric.Selector - return nil -} - -func Convert_v2beta1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *autoscalingv2beta1.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - value := in.TargetValue - averageValue := in.TargetAverageValue - - var metricType autoscaling.MetricTargetType - if value == nil { - metricType = autoscaling.AverageValueMetricType - } else { - metricType = autoscaling.ValueMetricType - } - - out.Target = autoscaling.MetricTarget{ - Type: metricType, - Value: value, - AverageValue: averageValue, - } - - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.MetricSelector, - } - return nil -} - -func Convert_autoscaling_ObjectMetricSource_To_v2beta1_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *autoscalingv2beta1.ObjectMetricSource, s conversion.Scope) error { - if in.Target.Value != nil { - out.TargetValue = *in.Target.Value - } - out.AverageValue = in.Target.AverageValue - - out.Target = autoscalingv2beta1.CrossVersionObjectReference{ - Kind: in.DescribedObject.Kind, - Name: in.DescribedObject.Name, - APIVersion: in.DescribedObject.APIVersion, - } - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - - return nil -} - -func Convert_v2beta1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *autoscalingv2beta1.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - var metricType autoscaling.MetricTargetType - if in.AverageValue == nil { - metricType = autoscaling.ValueMetricType - } else { - metricType = autoscaling.AverageValueMetricType - } - out.Target = autoscaling.MetricTarget{ - Type: metricType, - Value: &in.TargetValue, - AverageValue: in.AverageValue, - } - out.DescribedObject = autoscaling.CrossVersionObjectReference{ - Kind: in.Target.Kind, - Name: in.Target.Name, - APIVersion: in.Target.APIVersion, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_autoscaling_PodsMetricSource_To_v2beta1_PodsMetricSource(in *autoscaling.PodsMetricSource, out *autoscalingv2beta1.PodsMetricSource, s conversion.Scope) error { - if in.Target.AverageValue != nil { - targetAverageValue := *in.Target.AverageValue - out.TargetAverageValue = targetAverageValue - } - - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - - return nil -} - -func Convert_v2beta1_PodsMetricSource_To_autoscaling_PodsMetricSource(in *autoscalingv2beta1.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - targetAverageValue := &in.TargetAverageValue - metricType := autoscaling.AverageValueMetricType - - out.Target = autoscaling.MetricTarget{ - Type: metricType, - AverageValue: targetAverageValue, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_autoscaling_ExternalMetricStatus_To_v2beta1_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *autoscalingv2beta1.ExternalMetricStatus, s conversion.Scope) error { - out.CurrentAverageValue = in.Current.AverageValue - out.MetricName = in.Metric.Name - if in.Current.Value != nil { - out.CurrentValue = *in.Current.Value - } - out.MetricSelector = in.Metric.Selector - return nil -} - -func Convert_v2beta1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *autoscalingv2beta1.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - value := in.CurrentValue - averageValue := in.CurrentAverageValue - out.Current = autoscaling.MetricValueStatus{ - Value: &value, - AverageValue: averageValue, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.MetricSelector, - } - return nil -} - -func Convert_autoscaling_ObjectMetricStatus_To_v2beta1_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *autoscalingv2beta1.ObjectMetricStatus, s conversion.Scope) error { - if in.Current.Value != nil { - out.CurrentValue = *in.Current.Value - } - out.Target = autoscalingv2beta1.CrossVersionObjectReference{ - Kind: in.DescribedObject.Kind, - Name: in.DescribedObject.Name, - APIVersion: in.DescribedObject.APIVersion, - } - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - if in.Current.AverageValue != nil { - currentAverageValue := *in.Current.AverageValue - out.AverageValue = &currentAverageValue - } - return nil -} - -func Convert_v2beta1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *autoscalingv2beta1.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - out.Current = autoscaling.MetricValueStatus{ - Value: &in.CurrentValue, - AverageValue: in.AverageValue, - } - out.DescribedObject = autoscaling.CrossVersionObjectReference{ - Kind: in.Target.Kind, - Name: in.Target.Name, - APIVersion: in.Target.APIVersion, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_autoscaling_PodsMetricStatus_To_v2beta1_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *autoscalingv2beta1.PodsMetricStatus, s conversion.Scope) error { - if in.Current.AverageValue != nil { - out.CurrentAverageValue = *in.Current.AverageValue - } - out.MetricName = in.Metric.Name - out.Selector = in.Metric.Selector - return nil -} - -func Convert_v2beta1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *autoscalingv2beta1.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - out.Current = autoscaling.MetricValueStatus{ - AverageValue: &in.CurrentAverageValue, - } - out.Metric = autoscaling.MetricIdentifier{ - Name: in.MetricName, - Selector: in.Selector, - } - return nil -} - -func Convert_autoscaling_HorizontalPodAutoscaler_To_v2beta1_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *autoscalingv2beta1.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_autoscaling_HorizontalPodAutoscaler_To_v2beta1_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - - // clear any pre-existing round-trip annotations to make sure the only ones set are ones we produced during conversion - annotations, copiedAnnotations := autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - out.Annotations = annotations - - if in.Spec.Behavior != nil { - // TODO: this is marshaling an internal type. Fix this without breaking backwards compatibility with n-1 API servers. - behaviorEnc, err := json.Marshal(in.Spec.Behavior) - if err != nil { - return err - } - // copy before mutating - if !copiedAnnotations { - //nolint:ineffassign - copiedAnnotations = true - out.Annotations = autoscaling.DeepCopyStringMap(out.Annotations) - } - out.Annotations[autoscaling.BehaviorSpecsAnnotation] = string(behaviorEnc) - } - - return nil -} - -func Convert_v2beta1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *autoscalingv2beta1.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_v2beta1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - - if behaviorEnc, hasBehaviors := out.Annotations[autoscaling.BehaviorSpecsAnnotation]; hasBehaviors { - // TODO: this is unmarshaling an internal type. Fix this without breaking backwards compatibility with n-1 API servers. - var behavior autoscaling.HorizontalPodAutoscalerBehavior - if err := json.Unmarshal([]byte(behaviorEnc), &behavior); err == nil && behavior != (autoscaling.HorizontalPodAutoscalerBehavior{}) { - // only move well-formed data from annotations to fields - out.Spec.Behavior = &behavior - } - } - - // drop round-tripping annotations after converting to internal - out.Annotations, _ = autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - - return nil -} - -func Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta1_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *autoscalingv2beta1.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta1_HorizontalPodAutoscalerSpec(in, out, s) -} - -func Convert_v2beta1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *autoscalingv2beta1.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - utilization := in.TargetAverageUtilization - averageValue := in.TargetAverageValue - - var metricType autoscaling.MetricTargetType - if utilization == nil { - metricType = autoscaling.AverageValueMetricType - } else { - metricType = autoscaling.UtilizationMetricType - } - out.Target = autoscaling.MetricTarget{ - Type: metricType, - AverageValue: averageValue, - AverageUtilization: utilization, - } - return nil -} - -func Convert_autoscaling_ContainerResourceMetricSource_To_v2beta1_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *autoscalingv2beta1.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.TargetAverageUtilization = in.Target.AverageUtilization - out.TargetAverageValue = in.Target.AverageValue - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/defaults.go deleted file mode 100644 index 77866da4ed..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/defaults.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2beta1 - -import ( - autoscalingv2beta1 "k8s.io/api/autoscaling/v2beta1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_HorizontalPodAutoscaler(obj *autoscalingv2beta1.HorizontalPodAutoscaler) { - if obj.Spec.MinReplicas == nil { - obj.Spec.MinReplicas = pointer.Int32(1) - } - - if len(obj.Spec.Metrics) == 0 { - utilizationDefaultVal := int32(autoscaling.DefaultCPUUtilization) - obj.Spec.Metrics = []autoscalingv2beta1.MetricSpec{ - { - Type: autoscalingv2beta1.ResourceMetricSourceType, - Resource: &autoscalingv2beta1.ResourceMetricSource{ - Name: v1.ResourceCPU, - TargetAverageUtilization: &utilizationDefaultVal, - }, - }, - } - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/doc.go deleted file mode 100644 index 76790a29bd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling -// +k8s:conversion-gen-external-types=k8s.io/api/autoscaling/v2beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/autoscaling/v2beta1 - -package v2beta1 // import "k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/register.go deleted file mode 100644 index b2433d34cf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2beta1 - -import ( - autoscalingv2beta1 "k8s.io/api/autoscaling/v2beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "autoscaling" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v2beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &autoscalingv2beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/zz_generated.conversion.go deleted file mode 100644 index 37ae8e6709..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/zz_generated.conversion.go +++ /dev/null @@ -1,812 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v2beta1 - -import ( - unsafe "unsafe" - - v2beta1 "k8s.io/api/autoscaling/v2beta1" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v2beta1.CrossVersionObjectReference)(nil), (*autoscaling.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(a.(*v2beta1.CrossVersionObjectReference), b.(*autoscaling.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.CrossVersionObjectReference)(nil), (*v2beta1.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_CrossVersionObjectReference_To_v2beta1_CrossVersionObjectReference(a.(*autoscaling.CrossVersionObjectReference), b.(*v2beta1.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta1.HorizontalPodAutoscalerCondition)(nil), (*autoscaling.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(a.(*v2beta1.HorizontalPodAutoscalerCondition), b.(*autoscaling.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerCondition)(nil), (*v2beta1.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta1_HorizontalPodAutoscalerCondition(a.(*autoscaling.HorizontalPodAutoscalerCondition), b.(*v2beta1.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta1.HorizontalPodAutoscalerList)(nil), (*autoscaling.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(a.(*v2beta1.HorizontalPodAutoscalerList), b.(*autoscaling.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerList)(nil), (*v2beta1.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerList_To_v2beta1_HorizontalPodAutoscalerList(a.(*autoscaling.HorizontalPodAutoscalerList), b.(*v2beta1.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta1.HorizontalPodAutoscalerSpec)(nil), (*autoscaling.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(a.(*v2beta1.HorizontalPodAutoscalerSpec), b.(*autoscaling.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta1.HorizontalPodAutoscalerStatus)(nil), (*autoscaling.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(a.(*v2beta1.HorizontalPodAutoscalerStatus), b.(*autoscaling.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerStatus)(nil), (*v2beta1.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta1_HorizontalPodAutoscalerStatus(a.(*autoscaling.HorizontalPodAutoscalerStatus), b.(*v2beta1.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta1.MetricSpec)(nil), (*autoscaling.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_MetricSpec_To_autoscaling_MetricSpec(a.(*v2beta1.MetricSpec), b.(*autoscaling.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricSpec)(nil), (*v2beta1.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricSpec_To_v2beta1_MetricSpec(a.(*autoscaling.MetricSpec), b.(*v2beta1.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta1.MetricStatus)(nil), (*autoscaling.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_MetricStatus_To_autoscaling_MetricStatus(a.(*v2beta1.MetricStatus), b.(*autoscaling.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricStatus)(nil), (*v2beta1.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricStatus_To_v2beta1_MetricStatus(a.(*autoscaling.MetricStatus), b.(*v2beta1.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ContainerResourceMetricSource)(nil), (*v2beta1.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricSource_To_v2beta1_ContainerResourceMetricSource(a.(*autoscaling.ContainerResourceMetricSource), b.(*v2beta1.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ContainerResourceMetricStatus)(nil), (*v2beta1.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricStatus_To_v2beta1_ContainerResourceMetricStatus(a.(*autoscaling.ContainerResourceMetricStatus), b.(*v2beta1.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ExternalMetricSource)(nil), (*v2beta1.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricSource_To_v2beta1_ExternalMetricSource(a.(*autoscaling.ExternalMetricSource), b.(*v2beta1.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ExternalMetricStatus)(nil), (*v2beta1.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricStatus_To_v2beta1_ExternalMetricStatus(a.(*autoscaling.ExternalMetricStatus), b.(*v2beta1.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.HorizontalPodAutoscalerSpec)(nil), (*v2beta1.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta1_HorizontalPodAutoscalerSpec(a.(*autoscaling.HorizontalPodAutoscalerSpec), b.(*v2beta1.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.HorizontalPodAutoscaler)(nil), (*v2beta1.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscaler_To_v2beta1_HorizontalPodAutoscaler(a.(*autoscaling.HorizontalPodAutoscaler), b.(*v2beta1.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.MetricTarget)(nil), (*v2beta1.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricTarget_To_v2beta1_CrossVersionObjectReference(a.(*autoscaling.MetricTarget), b.(*v2beta1.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ObjectMetricSource)(nil), (*v2beta1.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricSource_To_v2beta1_ObjectMetricSource(a.(*autoscaling.ObjectMetricSource), b.(*v2beta1.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ObjectMetricStatus)(nil), (*v2beta1.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricStatus_To_v2beta1_ObjectMetricStatus(a.(*autoscaling.ObjectMetricStatus), b.(*v2beta1.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.PodsMetricSource)(nil), (*v2beta1.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricSource_To_v2beta1_PodsMetricSource(a.(*autoscaling.PodsMetricSource), b.(*v2beta1.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.PodsMetricStatus)(nil), (*v2beta1.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricStatus_To_v2beta1_PodsMetricStatus(a.(*autoscaling.PodsMetricStatus), b.(*v2beta1.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ResourceMetricSource)(nil), (*v2beta1.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricSource_To_v2beta1_ResourceMetricSource(a.(*autoscaling.ResourceMetricSource), b.(*v2beta1.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ResourceMetricStatus)(nil), (*v2beta1.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricStatus_To_v2beta1_ResourceMetricStatus(a.(*autoscaling.ResourceMetricStatus), b.(*v2beta1.ResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ContainerResourceMetricSource)(nil), (*autoscaling.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(a.(*v2beta1.ContainerResourceMetricSource), b.(*autoscaling.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ContainerResourceMetricStatus)(nil), (*autoscaling.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(a.(*v2beta1.ContainerResourceMetricStatus), b.(*autoscaling.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.CrossVersionObjectReference)(nil), (*autoscaling.MetricTarget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_CrossVersionObjectReference_To_autoscaling_MetricTarget(a.(*v2beta1.CrossVersionObjectReference), b.(*autoscaling.MetricTarget), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ExternalMetricSource)(nil), (*autoscaling.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(a.(*v2beta1.ExternalMetricSource), b.(*autoscaling.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ExternalMetricStatus)(nil), (*autoscaling.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(a.(*v2beta1.ExternalMetricStatus), b.(*autoscaling.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.HorizontalPodAutoscaler)(nil), (*autoscaling.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(a.(*v2beta1.HorizontalPodAutoscaler), b.(*autoscaling.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ObjectMetricSource)(nil), (*autoscaling.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(a.(*v2beta1.ObjectMetricSource), b.(*autoscaling.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ObjectMetricStatus)(nil), (*autoscaling.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(a.(*v2beta1.ObjectMetricStatus), b.(*autoscaling.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.PodsMetricSource)(nil), (*autoscaling.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_PodsMetricSource_To_autoscaling_PodsMetricSource(a.(*v2beta1.PodsMetricSource), b.(*autoscaling.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.PodsMetricStatus)(nil), (*autoscaling.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(a.(*v2beta1.PodsMetricStatus), b.(*autoscaling.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ResourceMetricSource)(nil), (*autoscaling.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(a.(*v2beta1.ResourceMetricSource), b.(*autoscaling.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta1.ResourceMetricStatus)(nil), (*autoscaling.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(a.(*v2beta1.ResourceMetricStatus), b.(*autoscaling.ResourceMetricStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v2beta1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *v2beta1.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.TargetAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - out.Container = in.Container - return nil -} - -func autoConvert_autoscaling_ContainerResourceMetricSource_To_v2beta1_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *v2beta1.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *v2beta1.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.CurrentAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - out.Container = in.Container - return nil -} - -func autoConvert_autoscaling_ContainerResourceMetricStatus_To_v2beta1_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *v2beta1.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v2beta1.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_v2beta1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_v2beta1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v2beta1.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_v2beta1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_autoscaling_CrossVersionObjectReference_To_v2beta1_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v2beta1.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_autoscaling_CrossVersionObjectReference_To_v2beta1_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_autoscaling_CrossVersionObjectReference_To_v2beta1_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v2beta1.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_autoscaling_CrossVersionObjectReference_To_v2beta1_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_v2beta1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *v2beta1.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.MetricSelector requires manual conversion: does not exist in peer-type - // WARNING: in.TargetValue requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ExternalMetricSource_To_v2beta1_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *v2beta1.ExternalMetricSource, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *v2beta1.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.MetricSelector requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentValue requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ExternalMetricStatus_To_v2beta1_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *v2beta1.ExternalMetricStatus, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *v2beta1.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v2beta1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v2beta1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_autoscaling_HorizontalPodAutoscaler_To_v2beta1_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *v2beta1.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta1_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta1_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v2beta1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v2beta1.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = autoscaling.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = autoscaling.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v2beta1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_v2beta1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v2beta1.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_v2beta1_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta1_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v2beta1.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = v2beta1.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta1_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta1_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v2beta1.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta1_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_v2beta1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v2beta1.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]autoscaling.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_v2beta1_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v2beta1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_v2beta1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v2beta1.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_v2beta1_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v2beta1_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v2beta1.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v2beta1.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_autoscaling_HorizontalPodAutoscaler_To_v2beta1_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerList_To_v2beta1_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerList_To_v2beta1_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v2beta1.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v2beta1_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_v2beta1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *v2beta1.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_v2beta1_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - if in.Metrics != nil { - in, out := &in.Metrics, &out.Metrics - *out = make([]autoscaling.MetricSpec, len(*in)) - for i := range *in { - if err := Convert_v2beta1_MetricSpec_To_autoscaling_MetricSpec(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Metrics = nil - } - return nil -} - -// Convert_v2beta1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec is an autogenerated conversion function. -func Convert_v2beta1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *v2beta1.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - return autoConvert_v2beta1_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta1_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *v2beta1.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_autoscaling_CrossVersionObjectReference_To_v2beta1_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - if in.Metrics != nil { - in, out := &in.Metrics, &out.Metrics - *out = make([]v2beta1.MetricSpec, len(*in)) - for i := range *in { - if err := Convert_autoscaling_MetricSpec_To_v2beta1_MetricSpec(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Metrics = nil - } - // WARNING: in.Behavior requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *v2beta1.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - if in.CurrentMetrics != nil { - in, out := &in.CurrentMetrics, &out.CurrentMetrics - *out = make([]autoscaling.MetricStatus, len(*in)) - for i := range *in { - if err := Convert_v2beta1_MetricStatus_To_autoscaling_MetricStatus(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.CurrentMetrics = nil - } - out.Conditions = *(*[]autoscaling.HorizontalPodAutoscalerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v2beta1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus is an autogenerated conversion function. -func Convert_v2beta1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *v2beta1.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - return autoConvert_v2beta1_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta1_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *v2beta1.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - if in.CurrentMetrics != nil { - in, out := &in.CurrentMetrics, &out.CurrentMetrics - *out = make([]v2beta1.MetricStatus, len(*in)) - for i := range *in { - if err := Convert_autoscaling_MetricStatus_To_v2beta1_MetricStatus(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.CurrentMetrics = nil - } - out.Conditions = *(*[]v2beta1.HorizontalPodAutoscalerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta1_HorizontalPodAutoscalerStatus is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta1_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *v2beta1.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta1_HorizontalPodAutoscalerStatus(in, out, s) -} - -func autoConvert_v2beta1_MetricSpec_To_autoscaling_MetricSpec(in *v2beta1.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(autoscaling.ObjectMetricSource) - if err := Convert_v2beta1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(autoscaling.PodsMetricSource) - if err := Convert_v2beta1_PodsMetricSource_To_autoscaling_PodsMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(autoscaling.ResourceMetricSource) - if err := Convert_v2beta1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricSource) - if err := Convert_v2beta1_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(autoscaling.ExternalMetricSource) - if err := Convert_v2beta1_ExternalMetricSource_To_autoscaling_ExternalMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_v2beta1_MetricSpec_To_autoscaling_MetricSpec is an autogenerated conversion function. -func Convert_v2beta1_MetricSpec_To_autoscaling_MetricSpec(in *v2beta1.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - return autoConvert_v2beta1_MetricSpec_To_autoscaling_MetricSpec(in, out, s) -} - -func autoConvert_autoscaling_MetricSpec_To_v2beta1_MetricSpec(in *autoscaling.MetricSpec, out *v2beta1.MetricSpec, s conversion.Scope) error { - out.Type = v2beta1.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(v2beta1.ObjectMetricSource) - if err := Convert_autoscaling_ObjectMetricSource_To_v2beta1_ObjectMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(v2beta1.PodsMetricSource) - if err := Convert_autoscaling_PodsMetricSource_To_v2beta1_PodsMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(v2beta1.ResourceMetricSource) - if err := Convert_autoscaling_ResourceMetricSource_To_v2beta1_ResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v2beta1.ContainerResourceMetricSource) - if err := Convert_autoscaling_ContainerResourceMetricSource_To_v2beta1_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(v2beta1.ExternalMetricSource) - if err := Convert_autoscaling_ExternalMetricSource_To_v2beta1_ExternalMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_autoscaling_MetricSpec_To_v2beta1_MetricSpec is an autogenerated conversion function. -func Convert_autoscaling_MetricSpec_To_v2beta1_MetricSpec(in *autoscaling.MetricSpec, out *v2beta1.MetricSpec, s conversion.Scope) error { - return autoConvert_autoscaling_MetricSpec_To_v2beta1_MetricSpec(in, out, s) -} - -func autoConvert_v2beta1_MetricStatus_To_autoscaling_MetricStatus(in *v2beta1.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(autoscaling.ObjectMetricStatus) - if err := Convert_v2beta1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(autoscaling.PodsMetricStatus) - if err := Convert_v2beta1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(autoscaling.ResourceMetricStatus) - if err := Convert_v2beta1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricStatus) - if err := Convert_v2beta1_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(autoscaling.ExternalMetricStatus) - if err := Convert_v2beta1_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_v2beta1_MetricStatus_To_autoscaling_MetricStatus is an autogenerated conversion function. -func Convert_v2beta1_MetricStatus_To_autoscaling_MetricStatus(in *v2beta1.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - return autoConvert_v2beta1_MetricStatus_To_autoscaling_MetricStatus(in, out, s) -} - -func autoConvert_autoscaling_MetricStatus_To_v2beta1_MetricStatus(in *autoscaling.MetricStatus, out *v2beta1.MetricStatus, s conversion.Scope) error { - out.Type = v2beta1.MetricSourceType(in.Type) - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(v2beta1.ObjectMetricStatus) - if err := Convert_autoscaling_ObjectMetricStatus_To_v2beta1_ObjectMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Object = nil - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(v2beta1.PodsMetricStatus) - if err := Convert_autoscaling_PodsMetricStatus_To_v2beta1_PodsMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Pods = nil - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(v2beta1.ResourceMetricStatus) - if err := Convert_autoscaling_ResourceMetricStatus_To_v2beta1_ResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.Resource = nil - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v2beta1.ContainerResourceMetricStatus) - if err := Convert_autoscaling_ContainerResourceMetricStatus_To_v2beta1_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(v2beta1.ExternalMetricStatus) - if err := Convert_autoscaling_ExternalMetricStatus_To_v2beta1_ExternalMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.External = nil - } - return nil -} - -// Convert_autoscaling_MetricStatus_To_v2beta1_MetricStatus is an autogenerated conversion function. -func Convert_autoscaling_MetricStatus_To_v2beta1_MetricStatus(in *autoscaling.MetricStatus, out *v2beta1.MetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_MetricStatus_To_v2beta1_MetricStatus(in, out, s) -} - -func autoConvert_v2beta1_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *v2beta1.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - if err := Convert_v2beta1_CrossVersionObjectReference_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.TargetValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - // WARNING: in.AverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ObjectMetricSource_To_v2beta1_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *v2beta1.ObjectMetricSource, s conversion.Scope) error { - // WARNING: in.DescribedObject requires manual conversion: does not exist in peer-type - if err := Convert_autoscaling_MetricTarget_To_v2beta1_CrossVersionObjectReference(&in.Target, &out.Target, s); err != nil { - return err - } - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *v2beta1.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - // WARNING: in.Target requires manual conversion: does not exist in peer-type - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - // WARNING: in.AverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ObjectMetricStatus_To_v2beta1_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *v2beta1.ObjectMetricStatus, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Current requires manual conversion: does not exist in peer-type - // WARNING: in.DescribedObject requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_PodsMetricSource_To_autoscaling_PodsMetricSource(in *v2beta1.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_PodsMetricSource_To_v2beta1_PodsMetricSource(in *autoscaling.PodsMetricSource, out *v2beta1.PodsMetricSource, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *v2beta1.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - // WARNING: in.MetricName requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - // WARNING: in.Selector requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_PodsMetricStatus_To_v2beta1_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *v2beta1.PodsMetricStatus, s conversion.Scope) error { - // WARNING: in.Metric requires manual conversion: does not exist in peer-type - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *v2beta1.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.TargetAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.TargetAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ResourceMetricSource_To_v2beta1_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *v2beta1.ResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - // WARNING: in.Target requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v2beta1_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *v2beta1.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - // WARNING: in.CurrentAverageUtilization requires manual conversion: does not exist in peer-type - // WARNING: in.CurrentAverageValue requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ResourceMetricStatus_To_v2beta1_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *v2beta1.ResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - // WARNING: in.Current requires manual conversion: does not exist in peer-type - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/zz_generated.defaults.go deleted file mode 100644 index 4d4abc79e0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1/zz_generated.defaults.go +++ /dev/null @@ -1,51 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v2beta1 - -import ( - v2beta1 "k8s.io/api/autoscaling/v2beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v2beta1.HorizontalPodAutoscaler{}, func(obj interface{}) { - SetObjectDefaults_HorizontalPodAutoscaler(obj.(*v2beta1.HorizontalPodAutoscaler)) - }) - scheme.AddTypeDefaultingFunc(&v2beta1.HorizontalPodAutoscalerList{}, func(obj interface{}) { - SetObjectDefaults_HorizontalPodAutoscalerList(obj.(*v2beta1.HorizontalPodAutoscalerList)) - }) - return nil -} - -func SetObjectDefaults_HorizontalPodAutoscaler(in *v2beta1.HorizontalPodAutoscaler) { - SetDefaults_HorizontalPodAutoscaler(in) -} - -func SetObjectDefaults_HorizontalPodAutoscalerList(in *v2beta1.HorizontalPodAutoscalerList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_HorizontalPodAutoscaler(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/conversion.go deleted file mode 100644 index 3a555e8c87..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/conversion.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2beta2 - -import ( - autoscalingv2beta2 "k8s.io/api/autoscaling/v2beta2" - - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/autoscaling" -) - -func Convert_autoscaling_HorizontalPodAutoscaler_To_v2beta2_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *autoscalingv2beta2.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_autoscaling_HorizontalPodAutoscaler_To_v2beta2_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - // v2beta2 round-trips to internal without any serialized annotations, make sure any from other versions don't get serialized - out.Annotations, _ = autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - return nil -} - -func Convert_v2beta2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *autoscalingv2beta2.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - if err := autoConvert_v2beta2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in, out, s); err != nil { - return err - } - // v2beta2 round-trips to internal without any serialized annotations, make sure any from other versions don't get serialized - out.Annotations, _ = autoscaling.DropRoundTripHorizontalPodAutoscalerAnnotations(out.Annotations) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/defaults.go deleted file mode 100644 index c6f60dd490..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/defaults.go +++ /dev/null @@ -1,134 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2beta2 - -import ( - autoscalingv2beta2 "k8s.io/api/autoscaling/v2beta2" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/utils/pointer" -) - -var ( - // These constants repeats previous HPA behavior - scaleUpLimitPercent int32 = 100 - scaleUpLimitMinimumPods int32 = 4 - scaleUpPeriod int32 = 15 - scaleUpStabilizationSeconds int32 - maxPolicy = autoscalingv2beta2.MaxPolicySelect - defaultHPAScaleUpRules = autoscalingv2beta2.HPAScalingRules{ - StabilizationWindowSeconds: &scaleUpStabilizationSeconds, - SelectPolicy: &maxPolicy, - Policies: []autoscalingv2beta2.HPAScalingPolicy{ - { - Type: autoscalingv2beta2.PodsScalingPolicy, - Value: scaleUpLimitMinimumPods, - PeriodSeconds: scaleUpPeriod, - }, - { - Type: autoscalingv2beta2.PercentScalingPolicy, - Value: scaleUpLimitPercent, - PeriodSeconds: scaleUpPeriod, - }, - }, - } - scaleDownPeriod int32 = 15 - // Currently we can set the downscaleStabilizationWindow from the command line - // So we can not rewrite the command line option from here - scaleDownStabilizationSeconds *int32 = nil - scaleDownLimitPercent int32 = 100 - defaultHPAScaleDownRules = autoscalingv2beta2.HPAScalingRules{ - StabilizationWindowSeconds: scaleDownStabilizationSeconds, - SelectPolicy: &maxPolicy, - Policies: []autoscalingv2beta2.HPAScalingPolicy{ - { - Type: autoscalingv2beta2.PercentScalingPolicy, - Value: scaleDownLimitPercent, - PeriodSeconds: scaleDownPeriod, - }, - }, - } -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_HorizontalPodAutoscaler(obj *autoscalingv2beta2.HorizontalPodAutoscaler) { - if obj.Spec.MinReplicas == nil { - obj.Spec.MinReplicas = pointer.Int32(1) - } - - if len(obj.Spec.Metrics) == 0 { - utilizationDefaultVal := int32(autoscaling.DefaultCPUUtilization) - obj.Spec.Metrics = []autoscalingv2beta2.MetricSpec{ - { - Type: autoscalingv2beta2.ResourceMetricSourceType, - Resource: &autoscalingv2beta2.ResourceMetricSource{ - Name: v1.ResourceCPU, - Target: autoscalingv2beta2.MetricTarget{ - Type: autoscalingv2beta2.UtilizationMetricType, - AverageUtilization: &utilizationDefaultVal, - }, - }, - }, - } - } - SetDefaults_HorizontalPodAutoscalerBehavior(obj) -} - -// SetDefaults_HorizontalPodAutoscalerBehavior fills the behavior if it is not null -func SetDefaults_HorizontalPodAutoscalerBehavior(obj *autoscalingv2beta2.HorizontalPodAutoscaler) { - // if behavior is specified, we should fill all the 'nil' values with the default ones - if obj.Spec.Behavior != nil { - obj.Spec.Behavior.ScaleUp = GenerateHPAScaleUpRules(obj.Spec.Behavior.ScaleUp) - obj.Spec.Behavior.ScaleDown = GenerateHPAScaleDownRules(obj.Spec.Behavior.ScaleDown) - } -} - -// GenerateHPAScaleUpRules returns a fully-initialized HPAScalingRules value -// We guarantee that no pointer in the structure will have the 'nil' value -func GenerateHPAScaleUpRules(scalingRules *autoscalingv2beta2.HPAScalingRules) *autoscalingv2beta2.HPAScalingRules { - defaultScalingRules := defaultHPAScaleUpRules.DeepCopy() - return copyHPAScalingRules(scalingRules, defaultScalingRules) -} - -// GenerateHPAScaleDownRules returns a fully-initialized HPAScalingRules value -// We guarantee that no pointer in the structure will have the 'nil' value -// EXCEPT StabilizationWindowSeconds, for reasoning check the comment for defaultHPAScaleDownRules -func GenerateHPAScaleDownRules(scalingRules *autoscalingv2beta2.HPAScalingRules) *autoscalingv2beta2.HPAScalingRules { - defaultScalingRules := defaultHPAScaleDownRules.DeepCopy() - return copyHPAScalingRules(scalingRules, defaultScalingRules) -} - -// copyHPAScalingRules copies all non-`nil` fields in HPA constraint structure -func copyHPAScalingRules(from, to *autoscalingv2beta2.HPAScalingRules) *autoscalingv2beta2.HPAScalingRules { - if from == nil { - return to - } - if from.SelectPolicy != nil { - to.SelectPolicy = from.SelectPolicy - } - if from.StabilizationWindowSeconds != nil { - to.StabilizationWindowSeconds = from.StabilizationWindowSeconds - } - if from.Policies != nil { - to.Policies = from.Policies - } - return to -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/doc.go deleted file mode 100644 index 91c337a5ee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling -// +k8s:conversion-gen-external-types=k8s.io/api/autoscaling/v2beta2 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/autoscaling/v2beta2 - -package v2beta2 // import "k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/register.go deleted file mode 100644 index fc86de007e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2beta2 - -import ( - autoscalingv2beta2 "k8s.io/api/autoscaling/v2beta2" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "autoscaling" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v2beta2"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &autoscalingv2beta2.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/zz_generated.conversion.go deleted file mode 100644 index 5111ec1ca9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/zz_generated.conversion.go +++ /dev/null @@ -1,1037 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v2beta2 - -import ( - unsafe "unsafe" - - v2beta2 "k8s.io/api/autoscaling/v2beta2" - v1 "k8s.io/api/core/v1" - resource "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v2beta2.ContainerResourceMetricSource)(nil), (*autoscaling.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(a.(*v2beta2.ContainerResourceMetricSource), b.(*autoscaling.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ContainerResourceMetricSource)(nil), (*v2beta2.ContainerResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricSource_To_v2beta2_ContainerResourceMetricSource(a.(*autoscaling.ContainerResourceMetricSource), b.(*v2beta2.ContainerResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.ContainerResourceMetricStatus)(nil), (*autoscaling.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(a.(*v2beta2.ContainerResourceMetricStatus), b.(*autoscaling.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ContainerResourceMetricStatus)(nil), (*v2beta2.ContainerResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ContainerResourceMetricStatus_To_v2beta2_ContainerResourceMetricStatus(a.(*autoscaling.ContainerResourceMetricStatus), b.(*v2beta2.ContainerResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.CrossVersionObjectReference)(nil), (*autoscaling.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(a.(*v2beta2.CrossVersionObjectReference), b.(*autoscaling.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.CrossVersionObjectReference)(nil), (*v2beta2.CrossVersionObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference(a.(*autoscaling.CrossVersionObjectReference), b.(*v2beta2.CrossVersionObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.ExternalMetricSource)(nil), (*autoscaling.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(a.(*v2beta2.ExternalMetricSource), b.(*autoscaling.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ExternalMetricSource)(nil), (*v2beta2.ExternalMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricSource_To_v2beta2_ExternalMetricSource(a.(*autoscaling.ExternalMetricSource), b.(*v2beta2.ExternalMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.ExternalMetricStatus)(nil), (*autoscaling.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(a.(*v2beta2.ExternalMetricStatus), b.(*autoscaling.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ExternalMetricStatus)(nil), (*v2beta2.ExternalMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ExternalMetricStatus_To_v2beta2_ExternalMetricStatus(a.(*autoscaling.ExternalMetricStatus), b.(*v2beta2.ExternalMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.HPAScalingPolicy)(nil), (*autoscaling.HPAScalingPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(a.(*v2beta2.HPAScalingPolicy), b.(*autoscaling.HPAScalingPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HPAScalingPolicy)(nil), (*v2beta2.HPAScalingPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HPAScalingPolicy_To_v2beta2_HPAScalingPolicy(a.(*autoscaling.HPAScalingPolicy), b.(*v2beta2.HPAScalingPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.HPAScalingRules)(nil), (*autoscaling.HPAScalingRules)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HPAScalingRules_To_autoscaling_HPAScalingRules(a.(*v2beta2.HPAScalingRules), b.(*autoscaling.HPAScalingRules), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HPAScalingRules)(nil), (*v2beta2.HPAScalingRules)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HPAScalingRules_To_v2beta2_HPAScalingRules(a.(*autoscaling.HPAScalingRules), b.(*v2beta2.HPAScalingRules), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.HorizontalPodAutoscalerBehavior)(nil), (*autoscaling.HorizontalPodAutoscalerBehavior)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(a.(*v2beta2.HorizontalPodAutoscalerBehavior), b.(*autoscaling.HorizontalPodAutoscalerBehavior), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerBehavior)(nil), (*v2beta2.HorizontalPodAutoscalerBehavior)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2beta2_HorizontalPodAutoscalerBehavior(a.(*autoscaling.HorizontalPodAutoscalerBehavior), b.(*v2beta2.HorizontalPodAutoscalerBehavior), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.HorizontalPodAutoscalerCondition)(nil), (*autoscaling.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(a.(*v2beta2.HorizontalPodAutoscalerCondition), b.(*autoscaling.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerCondition)(nil), (*v2beta2.HorizontalPodAutoscalerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta2_HorizontalPodAutoscalerCondition(a.(*autoscaling.HorizontalPodAutoscalerCondition), b.(*v2beta2.HorizontalPodAutoscalerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.HorizontalPodAutoscalerList)(nil), (*autoscaling.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(a.(*v2beta2.HorizontalPodAutoscalerList), b.(*autoscaling.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerList)(nil), (*v2beta2.HorizontalPodAutoscalerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerList_To_v2beta2_HorizontalPodAutoscalerList(a.(*autoscaling.HorizontalPodAutoscalerList), b.(*v2beta2.HorizontalPodAutoscalerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.HorizontalPodAutoscalerSpec)(nil), (*autoscaling.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(a.(*v2beta2.HorizontalPodAutoscalerSpec), b.(*autoscaling.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerSpec)(nil), (*v2beta2.HorizontalPodAutoscalerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta2_HorizontalPodAutoscalerSpec(a.(*autoscaling.HorizontalPodAutoscalerSpec), b.(*v2beta2.HorizontalPodAutoscalerSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.HorizontalPodAutoscalerStatus)(nil), (*autoscaling.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(a.(*v2beta2.HorizontalPodAutoscalerStatus), b.(*autoscaling.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.HorizontalPodAutoscalerStatus)(nil), (*v2beta2.HorizontalPodAutoscalerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta2_HorizontalPodAutoscalerStatus(a.(*autoscaling.HorizontalPodAutoscalerStatus), b.(*v2beta2.HorizontalPodAutoscalerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.MetricIdentifier)(nil), (*autoscaling.MetricIdentifier)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(a.(*v2beta2.MetricIdentifier), b.(*autoscaling.MetricIdentifier), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricIdentifier)(nil), (*v2beta2.MetricIdentifier)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(a.(*autoscaling.MetricIdentifier), b.(*v2beta2.MetricIdentifier), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.MetricSpec)(nil), (*autoscaling.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_MetricSpec_To_autoscaling_MetricSpec(a.(*v2beta2.MetricSpec), b.(*autoscaling.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricSpec)(nil), (*v2beta2.MetricSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricSpec_To_v2beta2_MetricSpec(a.(*autoscaling.MetricSpec), b.(*v2beta2.MetricSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.MetricStatus)(nil), (*autoscaling.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_MetricStatus_To_autoscaling_MetricStatus(a.(*v2beta2.MetricStatus), b.(*autoscaling.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricStatus)(nil), (*v2beta2.MetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricStatus_To_v2beta2_MetricStatus(a.(*autoscaling.MetricStatus), b.(*v2beta2.MetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.MetricTarget)(nil), (*autoscaling.MetricTarget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(a.(*v2beta2.MetricTarget), b.(*autoscaling.MetricTarget), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricTarget)(nil), (*v2beta2.MetricTarget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(a.(*autoscaling.MetricTarget), b.(*v2beta2.MetricTarget), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.MetricValueStatus)(nil), (*autoscaling.MetricValueStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(a.(*v2beta2.MetricValueStatus), b.(*autoscaling.MetricValueStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.MetricValueStatus)(nil), (*v2beta2.MetricValueStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(a.(*autoscaling.MetricValueStatus), b.(*v2beta2.MetricValueStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.ObjectMetricSource)(nil), (*autoscaling.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(a.(*v2beta2.ObjectMetricSource), b.(*autoscaling.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ObjectMetricSource)(nil), (*v2beta2.ObjectMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricSource_To_v2beta2_ObjectMetricSource(a.(*autoscaling.ObjectMetricSource), b.(*v2beta2.ObjectMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.ObjectMetricStatus)(nil), (*autoscaling.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(a.(*v2beta2.ObjectMetricStatus), b.(*autoscaling.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ObjectMetricStatus)(nil), (*v2beta2.ObjectMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ObjectMetricStatus_To_v2beta2_ObjectMetricStatus(a.(*autoscaling.ObjectMetricStatus), b.(*v2beta2.ObjectMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.PodsMetricSource)(nil), (*autoscaling.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_PodsMetricSource_To_autoscaling_PodsMetricSource(a.(*v2beta2.PodsMetricSource), b.(*autoscaling.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.PodsMetricSource)(nil), (*v2beta2.PodsMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricSource_To_v2beta2_PodsMetricSource(a.(*autoscaling.PodsMetricSource), b.(*v2beta2.PodsMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.PodsMetricStatus)(nil), (*autoscaling.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(a.(*v2beta2.PodsMetricStatus), b.(*autoscaling.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.PodsMetricStatus)(nil), (*v2beta2.PodsMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_PodsMetricStatus_To_v2beta2_PodsMetricStatus(a.(*autoscaling.PodsMetricStatus), b.(*v2beta2.PodsMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.ResourceMetricSource)(nil), (*autoscaling.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(a.(*v2beta2.ResourceMetricSource), b.(*autoscaling.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ResourceMetricSource)(nil), (*v2beta2.ResourceMetricSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricSource_To_v2beta2_ResourceMetricSource(a.(*autoscaling.ResourceMetricSource), b.(*v2beta2.ResourceMetricSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v2beta2.ResourceMetricStatus)(nil), (*autoscaling.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(a.(*v2beta2.ResourceMetricStatus), b.(*autoscaling.ResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ResourceMetricStatus)(nil), (*v2beta2.ResourceMetricStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ResourceMetricStatus_To_v2beta2_ResourceMetricStatus(a.(*autoscaling.ResourceMetricStatus), b.(*v2beta2.ResourceMetricStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.HorizontalPodAutoscaler)(nil), (*v2beta2.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_HorizontalPodAutoscaler_To_v2beta2_HorizontalPodAutoscaler(a.(*autoscaling.HorizontalPodAutoscaler), b.(*v2beta2.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v2beta2.HorizontalPodAutoscaler)(nil), (*autoscaling.HorizontalPodAutoscaler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v2beta2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(a.(*v2beta2.HorizontalPodAutoscaler), b.(*autoscaling.HorizontalPodAutoscaler), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v2beta2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *v2beta2.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - out.Container = in.Container - return nil -} - -// Convert_v2beta2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource is an autogenerated conversion function. -func Convert_v2beta2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in *v2beta2.ContainerResourceMetricSource, out *autoscaling.ContainerResourceMetricSource, s conversion.Scope) error { - return autoConvert_v2beta2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ContainerResourceMetricSource_To_v2beta2_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *v2beta2.ContainerResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - if err := Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ContainerResourceMetricSource_To_v2beta2_ContainerResourceMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ContainerResourceMetricSource_To_v2beta2_ContainerResourceMetricSource(in *autoscaling.ContainerResourceMetricSource, out *v2beta2.ContainerResourceMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ContainerResourceMetricSource_To_v2beta2_ContainerResourceMetricSource(in, out, s) -} - -func autoConvert_v2beta2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *v2beta2.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - out.Container = in.Container - return nil -} - -// Convert_v2beta2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus is an autogenerated conversion function. -func Convert_v2beta2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in *v2beta2.ContainerResourceMetricStatus, out *autoscaling.ContainerResourceMetricStatus, s conversion.Scope) error { - return autoConvert_v2beta2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ContainerResourceMetricStatus_To_v2beta2_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *v2beta2.ContainerResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - out.Container = in.Container - if err := Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ContainerResourceMetricStatus_To_v2beta2_ContainerResourceMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ContainerResourceMetricStatus_To_v2beta2_ContainerResourceMetricStatus(in *autoscaling.ContainerResourceMetricStatus, out *v2beta2.ContainerResourceMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ContainerResourceMetricStatus_To_v2beta2_ContainerResourceMetricStatus(in, out, s) -} - -func autoConvert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v2beta2.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in *v2beta2.CrossVersionObjectReference, out *autoscaling.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v2beta2.CrossVersionObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Name = in.Name - out.APIVersion = in.APIVersion - return nil -} - -// Convert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference is an autogenerated conversion function. -func Convert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference(in *autoscaling.CrossVersionObjectReference, out *v2beta2.CrossVersionObjectReference, s conversion.Scope) error { - return autoConvert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference(in, out, s) -} - -func autoConvert_v2beta2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *v2beta2.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - if err := Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_ExternalMetricSource_To_autoscaling_ExternalMetricSource is an autogenerated conversion function. -func Convert_v2beta2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in *v2beta2.ExternalMetricSource, out *autoscaling.ExternalMetricSource, s conversion.Scope) error { - return autoConvert_v2beta2_ExternalMetricSource_To_autoscaling_ExternalMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ExternalMetricSource_To_v2beta2_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *v2beta2.ExternalMetricSource, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ExternalMetricSource_To_v2beta2_ExternalMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ExternalMetricSource_To_v2beta2_ExternalMetricSource(in *autoscaling.ExternalMetricSource, out *v2beta2.ExternalMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ExternalMetricSource_To_v2beta2_ExternalMetricSource(in, out, s) -} - -func autoConvert_v2beta2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *v2beta2.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - if err := Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus is an autogenerated conversion function. -func Convert_v2beta2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in *v2beta2.ExternalMetricStatus, out *autoscaling.ExternalMetricStatus, s conversion.Scope) error { - return autoConvert_v2beta2_ExternalMetricStatus_To_autoscaling_ExternalMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ExternalMetricStatus_To_v2beta2_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *v2beta2.ExternalMetricStatus, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ExternalMetricStatus_To_v2beta2_ExternalMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ExternalMetricStatus_To_v2beta2_ExternalMetricStatus(in *autoscaling.ExternalMetricStatus, out *v2beta2.ExternalMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ExternalMetricStatus_To_v2beta2_ExternalMetricStatus(in, out, s) -} - -func autoConvert_v2beta2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(in *v2beta2.HPAScalingPolicy, out *autoscaling.HPAScalingPolicy, s conversion.Scope) error { - out.Type = autoscaling.HPAScalingPolicyType(in.Type) - out.Value = in.Value - out.PeriodSeconds = in.PeriodSeconds - return nil -} - -// Convert_v2beta2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy is an autogenerated conversion function. -func Convert_v2beta2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(in *v2beta2.HPAScalingPolicy, out *autoscaling.HPAScalingPolicy, s conversion.Scope) error { - return autoConvert_v2beta2_HPAScalingPolicy_To_autoscaling_HPAScalingPolicy(in, out, s) -} - -func autoConvert_autoscaling_HPAScalingPolicy_To_v2beta2_HPAScalingPolicy(in *autoscaling.HPAScalingPolicy, out *v2beta2.HPAScalingPolicy, s conversion.Scope) error { - out.Type = v2beta2.HPAScalingPolicyType(in.Type) - out.Value = in.Value - out.PeriodSeconds = in.PeriodSeconds - return nil -} - -// Convert_autoscaling_HPAScalingPolicy_To_v2beta2_HPAScalingPolicy is an autogenerated conversion function. -func Convert_autoscaling_HPAScalingPolicy_To_v2beta2_HPAScalingPolicy(in *autoscaling.HPAScalingPolicy, out *v2beta2.HPAScalingPolicy, s conversion.Scope) error { - return autoConvert_autoscaling_HPAScalingPolicy_To_v2beta2_HPAScalingPolicy(in, out, s) -} - -func autoConvert_v2beta2_HPAScalingRules_To_autoscaling_HPAScalingRules(in *v2beta2.HPAScalingRules, out *autoscaling.HPAScalingRules, s conversion.Scope) error { - out.StabilizationWindowSeconds = (*int32)(unsafe.Pointer(in.StabilizationWindowSeconds)) - out.SelectPolicy = (*autoscaling.ScalingPolicySelect)(unsafe.Pointer(in.SelectPolicy)) - out.Policies = *(*[]autoscaling.HPAScalingPolicy)(unsafe.Pointer(&in.Policies)) - return nil -} - -// Convert_v2beta2_HPAScalingRules_To_autoscaling_HPAScalingRules is an autogenerated conversion function. -func Convert_v2beta2_HPAScalingRules_To_autoscaling_HPAScalingRules(in *v2beta2.HPAScalingRules, out *autoscaling.HPAScalingRules, s conversion.Scope) error { - return autoConvert_v2beta2_HPAScalingRules_To_autoscaling_HPAScalingRules(in, out, s) -} - -func autoConvert_autoscaling_HPAScalingRules_To_v2beta2_HPAScalingRules(in *autoscaling.HPAScalingRules, out *v2beta2.HPAScalingRules, s conversion.Scope) error { - out.StabilizationWindowSeconds = (*int32)(unsafe.Pointer(in.StabilizationWindowSeconds)) - out.SelectPolicy = (*v2beta2.ScalingPolicySelect)(unsafe.Pointer(in.SelectPolicy)) - out.Policies = *(*[]v2beta2.HPAScalingPolicy)(unsafe.Pointer(&in.Policies)) - return nil -} - -// Convert_autoscaling_HPAScalingRules_To_v2beta2_HPAScalingRules is an autogenerated conversion function. -func Convert_autoscaling_HPAScalingRules_To_v2beta2_HPAScalingRules(in *autoscaling.HPAScalingRules, out *v2beta2.HPAScalingRules, s conversion.Scope) error { - return autoConvert_autoscaling_HPAScalingRules_To_v2beta2_HPAScalingRules(in, out, s) -} - -func autoConvert_v2beta2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(in *v2beta2.HorizontalPodAutoscaler, out *autoscaling.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v2beta2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v2beta2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_autoscaling_HorizontalPodAutoscaler_To_v2beta2_HorizontalPodAutoscaler(in *autoscaling.HorizontalPodAutoscaler, out *v2beta2.HorizontalPodAutoscaler, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta2_HorizontalPodAutoscalerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta2_HorizontalPodAutoscalerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v2beta2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(in *v2beta2.HorizontalPodAutoscalerBehavior, out *autoscaling.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - out.ScaleUp = (*autoscaling.HPAScalingRules)(unsafe.Pointer(in.ScaleUp)) - out.ScaleDown = (*autoscaling.HPAScalingRules)(unsafe.Pointer(in.ScaleDown)) - return nil -} - -// Convert_v2beta2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior is an autogenerated conversion function. -func Convert_v2beta2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(in *v2beta2.HorizontalPodAutoscalerBehavior, out *autoscaling.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - return autoConvert_v2beta2_HorizontalPodAutoscalerBehavior_To_autoscaling_HorizontalPodAutoscalerBehavior(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2beta2_HorizontalPodAutoscalerBehavior(in *autoscaling.HorizontalPodAutoscalerBehavior, out *v2beta2.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - out.ScaleUp = (*v2beta2.HPAScalingRules)(unsafe.Pointer(in.ScaleUp)) - out.ScaleDown = (*v2beta2.HPAScalingRules)(unsafe.Pointer(in.ScaleDown)) - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2beta2_HorizontalPodAutoscalerBehavior is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2beta2_HorizontalPodAutoscalerBehavior(in *autoscaling.HorizontalPodAutoscalerBehavior, out *v2beta2.HorizontalPodAutoscalerBehavior, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerBehavior_To_v2beta2_HorizontalPodAutoscalerBehavior(in, out, s) -} - -func autoConvert_v2beta2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v2beta2.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = autoscaling.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = autoscaling.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v2beta2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_v2beta2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in *v2beta2.HorizontalPodAutoscalerCondition, out *autoscaling.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_v2beta2_HorizontalPodAutoscalerCondition_To_autoscaling_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta2_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v2beta2.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - out.Type = v2beta2.HorizontalPodAutoscalerConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta2_HorizontalPodAutoscalerCondition is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta2_HorizontalPodAutoscalerCondition(in *autoscaling.HorizontalPodAutoscalerCondition, out *v2beta2.HorizontalPodAutoscalerCondition, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerCondition_To_v2beta2_HorizontalPodAutoscalerCondition(in, out, s) -} - -func autoConvert_v2beta2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v2beta2.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]autoscaling.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_v2beta2_HorizontalPodAutoscaler_To_autoscaling_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v2beta2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_v2beta2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in *v2beta2.HorizontalPodAutoscalerList, out *autoscaling.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_v2beta2_HorizontalPodAutoscalerList_To_autoscaling_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v2beta2_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v2beta2.HorizontalPodAutoscalerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v2beta2.HorizontalPodAutoscaler, len(*in)) - for i := range *in { - if err := Convert_autoscaling_HorizontalPodAutoscaler_To_v2beta2_HorizontalPodAutoscaler(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerList_To_v2beta2_HorizontalPodAutoscalerList is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerList_To_v2beta2_HorizontalPodAutoscalerList(in *autoscaling.HorizontalPodAutoscalerList, out *v2beta2.HorizontalPodAutoscalerList, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerList_To_v2beta2_HorizontalPodAutoscalerList(in, out, s) -} - -func autoConvert_v2beta2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *v2beta2.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - if in.Metrics != nil { - in, out := &in.Metrics, &out.Metrics - *out = make([]autoscaling.MetricSpec, len(*in)) - for i := range *in { - if err := Convert_v2beta2_MetricSpec_To_autoscaling_MetricSpec(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Metrics = nil - } - out.Behavior = (*autoscaling.HorizontalPodAutoscalerBehavior)(unsafe.Pointer(in.Behavior)) - return nil -} - -// Convert_v2beta2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec is an autogenerated conversion function. -func Convert_v2beta2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in *v2beta2.HorizontalPodAutoscalerSpec, out *autoscaling.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - return autoConvert_v2beta2_HorizontalPodAutoscalerSpec_To_autoscaling_HorizontalPodAutoscalerSpec(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta2_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *v2beta2.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - if err := Convert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference(&in.ScaleTargetRef, &out.ScaleTargetRef, s); err != nil { - return err - } - out.MinReplicas = (*int32)(unsafe.Pointer(in.MinReplicas)) - out.MaxReplicas = in.MaxReplicas - if in.Metrics != nil { - in, out := &in.Metrics, &out.Metrics - *out = make([]v2beta2.MetricSpec, len(*in)) - for i := range *in { - if err := Convert_autoscaling_MetricSpec_To_v2beta2_MetricSpec(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Metrics = nil - } - out.Behavior = (*v2beta2.HorizontalPodAutoscalerBehavior)(unsafe.Pointer(in.Behavior)) - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta2_HorizontalPodAutoscalerSpec is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta2_HorizontalPodAutoscalerSpec(in *autoscaling.HorizontalPodAutoscalerSpec, out *v2beta2.HorizontalPodAutoscalerSpec, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerSpec_To_v2beta2_HorizontalPodAutoscalerSpec(in, out, s) -} - -func autoConvert_v2beta2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *v2beta2.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - if in.CurrentMetrics != nil { - in, out := &in.CurrentMetrics, &out.CurrentMetrics - *out = make([]autoscaling.MetricStatus, len(*in)) - for i := range *in { - if err := Convert_v2beta2_MetricStatus_To_autoscaling_MetricStatus(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.CurrentMetrics = nil - } - out.Conditions = *(*[]autoscaling.HorizontalPodAutoscalerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v2beta2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus is an autogenerated conversion function. -func Convert_v2beta2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in *v2beta2.HorizontalPodAutoscalerStatus, out *autoscaling.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - return autoConvert_v2beta2_HorizontalPodAutoscalerStatus_To_autoscaling_HorizontalPodAutoscalerStatus(in, out, s) -} - -func autoConvert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta2_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *v2beta2.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - out.ObservedGeneration = (*int64)(unsafe.Pointer(in.ObservedGeneration)) - out.LastScaleTime = (*metav1.Time)(unsafe.Pointer(in.LastScaleTime)) - out.CurrentReplicas = in.CurrentReplicas - out.DesiredReplicas = in.DesiredReplicas - if in.CurrentMetrics != nil { - in, out := &in.CurrentMetrics, &out.CurrentMetrics - *out = make([]v2beta2.MetricStatus, len(*in)) - for i := range *in { - if err := Convert_autoscaling_MetricStatus_To_v2beta2_MetricStatus(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.CurrentMetrics = nil - } - out.Conditions = *(*[]v2beta2.HorizontalPodAutoscalerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta2_HorizontalPodAutoscalerStatus is an autogenerated conversion function. -func Convert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta2_HorizontalPodAutoscalerStatus(in *autoscaling.HorizontalPodAutoscalerStatus, out *v2beta2.HorizontalPodAutoscalerStatus, s conversion.Scope) error { - return autoConvert_autoscaling_HorizontalPodAutoscalerStatus_To_v2beta2_HorizontalPodAutoscalerStatus(in, out, s) -} - -func autoConvert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(in *v2beta2.MetricIdentifier, out *autoscaling.MetricIdentifier, s conversion.Scope) error { - out.Name = in.Name - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - return nil -} - -// Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier is an autogenerated conversion function. -func Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(in *v2beta2.MetricIdentifier, out *autoscaling.MetricIdentifier, s conversion.Scope) error { - return autoConvert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(in, out, s) -} - -func autoConvert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(in *autoscaling.MetricIdentifier, out *v2beta2.MetricIdentifier, s conversion.Scope) error { - out.Name = in.Name - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - return nil -} - -// Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier is an autogenerated conversion function. -func Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(in *autoscaling.MetricIdentifier, out *v2beta2.MetricIdentifier, s conversion.Scope) error { - return autoConvert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(in, out, s) -} - -func autoConvert_v2beta2_MetricSpec_To_autoscaling_MetricSpec(in *v2beta2.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - out.Object = (*autoscaling.ObjectMetricSource)(unsafe.Pointer(in.Object)) - out.Pods = (*autoscaling.PodsMetricSource)(unsafe.Pointer(in.Pods)) - out.Resource = (*autoscaling.ResourceMetricSource)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricSource) - if err := Convert_v2beta2_ContainerResourceMetricSource_To_autoscaling_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*autoscaling.ExternalMetricSource)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_v2beta2_MetricSpec_To_autoscaling_MetricSpec is an autogenerated conversion function. -func Convert_v2beta2_MetricSpec_To_autoscaling_MetricSpec(in *v2beta2.MetricSpec, out *autoscaling.MetricSpec, s conversion.Scope) error { - return autoConvert_v2beta2_MetricSpec_To_autoscaling_MetricSpec(in, out, s) -} - -func autoConvert_autoscaling_MetricSpec_To_v2beta2_MetricSpec(in *autoscaling.MetricSpec, out *v2beta2.MetricSpec, s conversion.Scope) error { - out.Type = v2beta2.MetricSourceType(in.Type) - out.Object = (*v2beta2.ObjectMetricSource)(unsafe.Pointer(in.Object)) - out.Pods = (*v2beta2.PodsMetricSource)(unsafe.Pointer(in.Pods)) - out.Resource = (*v2beta2.ResourceMetricSource)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v2beta2.ContainerResourceMetricSource) - if err := Convert_autoscaling_ContainerResourceMetricSource_To_v2beta2_ContainerResourceMetricSource(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*v2beta2.ExternalMetricSource)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_autoscaling_MetricSpec_To_v2beta2_MetricSpec is an autogenerated conversion function. -func Convert_autoscaling_MetricSpec_To_v2beta2_MetricSpec(in *autoscaling.MetricSpec, out *v2beta2.MetricSpec, s conversion.Scope) error { - return autoConvert_autoscaling_MetricSpec_To_v2beta2_MetricSpec(in, out, s) -} - -func autoConvert_v2beta2_MetricStatus_To_autoscaling_MetricStatus(in *v2beta2.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - out.Type = autoscaling.MetricSourceType(in.Type) - out.Object = (*autoscaling.ObjectMetricStatus)(unsafe.Pointer(in.Object)) - out.Pods = (*autoscaling.PodsMetricStatus)(unsafe.Pointer(in.Pods)) - out.Resource = (*autoscaling.ResourceMetricStatus)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(autoscaling.ContainerResourceMetricStatus) - if err := Convert_v2beta2_ContainerResourceMetricStatus_To_autoscaling_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*autoscaling.ExternalMetricStatus)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_v2beta2_MetricStatus_To_autoscaling_MetricStatus is an autogenerated conversion function. -func Convert_v2beta2_MetricStatus_To_autoscaling_MetricStatus(in *v2beta2.MetricStatus, out *autoscaling.MetricStatus, s conversion.Scope) error { - return autoConvert_v2beta2_MetricStatus_To_autoscaling_MetricStatus(in, out, s) -} - -func autoConvert_autoscaling_MetricStatus_To_v2beta2_MetricStatus(in *autoscaling.MetricStatus, out *v2beta2.MetricStatus, s conversion.Scope) error { - out.Type = v2beta2.MetricSourceType(in.Type) - out.Object = (*v2beta2.ObjectMetricStatus)(unsafe.Pointer(in.Object)) - out.Pods = (*v2beta2.PodsMetricStatus)(unsafe.Pointer(in.Pods)) - out.Resource = (*v2beta2.ResourceMetricStatus)(unsafe.Pointer(in.Resource)) - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(v2beta2.ContainerResourceMetricStatus) - if err := Convert_autoscaling_ContainerResourceMetricStatus_To_v2beta2_ContainerResourceMetricStatus(*in, *out, s); err != nil { - return err - } - } else { - out.ContainerResource = nil - } - out.External = (*v2beta2.ExternalMetricStatus)(unsafe.Pointer(in.External)) - return nil -} - -// Convert_autoscaling_MetricStatus_To_v2beta2_MetricStatus is an autogenerated conversion function. -func Convert_autoscaling_MetricStatus_To_v2beta2_MetricStatus(in *autoscaling.MetricStatus, out *v2beta2.MetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_MetricStatus_To_v2beta2_MetricStatus(in, out, s) -} - -func autoConvert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(in *v2beta2.MetricTarget, out *autoscaling.MetricTarget, s conversion.Scope) error { - out.Type = autoscaling.MetricTargetType(in.Type) - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget is an autogenerated conversion function. -func Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(in *v2beta2.MetricTarget, out *autoscaling.MetricTarget, s conversion.Scope) error { - return autoConvert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(in, out, s) -} - -func autoConvert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(in *autoscaling.MetricTarget, out *v2beta2.MetricTarget, s conversion.Scope) error { - out.Type = v2beta2.MetricTargetType(in.Type) - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget is an autogenerated conversion function. -func Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(in *autoscaling.MetricTarget, out *v2beta2.MetricTarget, s conversion.Scope) error { - return autoConvert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(in, out, s) -} - -func autoConvert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(in *v2beta2.MetricValueStatus, out *autoscaling.MetricValueStatus, s conversion.Scope) error { - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus is an autogenerated conversion function. -func Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(in *v2beta2.MetricValueStatus, out *autoscaling.MetricValueStatus, s conversion.Scope) error { - return autoConvert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(in, out, s) -} - -func autoConvert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(in *autoscaling.MetricValueStatus, out *v2beta2.MetricValueStatus, s conversion.Scope) error { - out.Value = (*resource.Quantity)(unsafe.Pointer(in.Value)) - out.AverageValue = (*resource.Quantity)(unsafe.Pointer(in.AverageValue)) - out.AverageUtilization = (*int32)(unsafe.Pointer(in.AverageUtilization)) - return nil -} - -// Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus is an autogenerated conversion function. -func Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(in *autoscaling.MetricValueStatus, out *v2beta2.MetricValueStatus, s conversion.Scope) error { - return autoConvert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(in, out, s) -} - -func autoConvert_v2beta2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *v2beta2.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - if err := Convert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - if err := Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - if err := Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_ObjectMetricSource_To_autoscaling_ObjectMetricSource is an autogenerated conversion function. -func Convert_v2beta2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in *v2beta2.ObjectMetricSource, out *autoscaling.ObjectMetricSource, s conversion.Scope) error { - return autoConvert_v2beta2_ObjectMetricSource_To_autoscaling_ObjectMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ObjectMetricSource_To_v2beta2_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *v2beta2.ObjectMetricSource, s conversion.Scope) error { - if err := Convert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ObjectMetricSource_To_v2beta2_ObjectMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ObjectMetricSource_To_v2beta2_ObjectMetricSource(in *autoscaling.ObjectMetricSource, out *v2beta2.ObjectMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ObjectMetricSource_To_v2beta2_ObjectMetricSource(in, out, s) -} - -func autoConvert_v2beta2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *v2beta2.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - if err := Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - if err := Convert_v2beta2_CrossVersionObjectReference_To_autoscaling_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus is an autogenerated conversion function. -func Convert_v2beta2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in *v2beta2.ObjectMetricStatus, out *autoscaling.ObjectMetricStatus, s conversion.Scope) error { - return autoConvert_v2beta2_ObjectMetricStatus_To_autoscaling_ObjectMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ObjectMetricStatus_To_v2beta2_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *v2beta2.ObjectMetricStatus, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - if err := Convert_autoscaling_CrossVersionObjectReference_To_v2beta2_CrossVersionObjectReference(&in.DescribedObject, &out.DescribedObject, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ObjectMetricStatus_To_v2beta2_ObjectMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ObjectMetricStatus_To_v2beta2_ObjectMetricStatus(in *autoscaling.ObjectMetricStatus, out *v2beta2.ObjectMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ObjectMetricStatus_To_v2beta2_ObjectMetricStatus(in, out, s) -} - -func autoConvert_v2beta2_PodsMetricSource_To_autoscaling_PodsMetricSource(in *v2beta2.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - if err := Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_PodsMetricSource_To_autoscaling_PodsMetricSource is an autogenerated conversion function. -func Convert_v2beta2_PodsMetricSource_To_autoscaling_PodsMetricSource(in *v2beta2.PodsMetricSource, out *autoscaling.PodsMetricSource, s conversion.Scope) error { - return autoConvert_v2beta2_PodsMetricSource_To_autoscaling_PodsMetricSource(in, out, s) -} - -func autoConvert_autoscaling_PodsMetricSource_To_v2beta2_PodsMetricSource(in *autoscaling.PodsMetricSource, out *v2beta2.PodsMetricSource, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_PodsMetricSource_To_v2beta2_PodsMetricSource is an autogenerated conversion function. -func Convert_autoscaling_PodsMetricSource_To_v2beta2_PodsMetricSource(in *autoscaling.PodsMetricSource, out *v2beta2.PodsMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_PodsMetricSource_To_v2beta2_PodsMetricSource(in, out, s) -} - -func autoConvert_v2beta2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *v2beta2.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - if err := Convert_v2beta2_MetricIdentifier_To_autoscaling_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_PodsMetricStatus_To_autoscaling_PodsMetricStatus is an autogenerated conversion function. -func Convert_v2beta2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in *v2beta2.PodsMetricStatus, out *autoscaling.PodsMetricStatus, s conversion.Scope) error { - return autoConvert_v2beta2_PodsMetricStatus_To_autoscaling_PodsMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_PodsMetricStatus_To_v2beta2_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *v2beta2.PodsMetricStatus, s conversion.Scope) error { - if err := Convert_autoscaling_MetricIdentifier_To_v2beta2_MetricIdentifier(&in.Metric, &out.Metric, s); err != nil { - return err - } - if err := Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_PodsMetricStatus_To_v2beta2_PodsMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_PodsMetricStatus_To_v2beta2_PodsMetricStatus(in *autoscaling.PodsMetricStatus, out *v2beta2.PodsMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_PodsMetricStatus_To_v2beta2_PodsMetricStatus(in, out, s) -} - -func autoConvert_v2beta2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *v2beta2.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2beta2_MetricTarget_To_autoscaling_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_ResourceMetricSource_To_autoscaling_ResourceMetricSource is an autogenerated conversion function. -func Convert_v2beta2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in *v2beta2.ResourceMetricSource, out *autoscaling.ResourceMetricSource, s conversion.Scope) error { - return autoConvert_v2beta2_ResourceMetricSource_To_autoscaling_ResourceMetricSource(in, out, s) -} - -func autoConvert_autoscaling_ResourceMetricSource_To_v2beta2_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *v2beta2.ResourceMetricSource, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - if err := Convert_autoscaling_MetricTarget_To_v2beta2_MetricTarget(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ResourceMetricSource_To_v2beta2_ResourceMetricSource is an autogenerated conversion function. -func Convert_autoscaling_ResourceMetricSource_To_v2beta2_ResourceMetricSource(in *autoscaling.ResourceMetricSource, out *v2beta2.ResourceMetricSource, s conversion.Scope) error { - return autoConvert_autoscaling_ResourceMetricSource_To_v2beta2_ResourceMetricSource(in, out, s) -} - -func autoConvert_v2beta2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *v2beta2.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - out.Name = core.ResourceName(in.Name) - if err := Convert_v2beta2_MetricValueStatus_To_autoscaling_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_v2beta2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus is an autogenerated conversion function. -func Convert_v2beta2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in *v2beta2.ResourceMetricStatus, out *autoscaling.ResourceMetricStatus, s conversion.Scope) error { - return autoConvert_v2beta2_ResourceMetricStatus_To_autoscaling_ResourceMetricStatus(in, out, s) -} - -func autoConvert_autoscaling_ResourceMetricStatus_To_v2beta2_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *v2beta2.ResourceMetricStatus, s conversion.Scope) error { - out.Name = v1.ResourceName(in.Name) - if err := Convert_autoscaling_MetricValueStatus_To_v2beta2_MetricValueStatus(&in.Current, &out.Current, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_ResourceMetricStatus_To_v2beta2_ResourceMetricStatus is an autogenerated conversion function. -func Convert_autoscaling_ResourceMetricStatus_To_v2beta2_ResourceMetricStatus(in *autoscaling.ResourceMetricStatus, out *v2beta2.ResourceMetricStatus, s conversion.Scope) error { - return autoConvert_autoscaling_ResourceMetricStatus_To_v2beta2_ResourceMetricStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/zz_generated.defaults.go deleted file mode 100644 index 297048a465..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2/zz_generated.defaults.go +++ /dev/null @@ -1,51 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v2beta2 - -import ( - v2beta2 "k8s.io/api/autoscaling/v2beta2" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v2beta2.HorizontalPodAutoscaler{}, func(obj interface{}) { - SetObjectDefaults_HorizontalPodAutoscaler(obj.(*v2beta2.HorizontalPodAutoscaler)) - }) - scheme.AddTypeDefaultingFunc(&v2beta2.HorizontalPodAutoscalerList{}, func(obj interface{}) { - SetObjectDefaults_HorizontalPodAutoscalerList(obj.(*v2beta2.HorizontalPodAutoscalerList)) - }) - return nil -} - -func SetObjectDefaults_HorizontalPodAutoscaler(in *v2beta2.HorizontalPodAutoscaler) { - SetDefaults_HorizontalPodAutoscaler(in) -} - -func SetObjectDefaults_HorizontalPodAutoscalerList(in *v2beta2.HorizontalPodAutoscalerList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_HorizontalPodAutoscaler(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/validation/validation.go deleted file mode 100644 index 2e0dea1dda..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/validation/validation.go +++ /dev/null @@ -1,471 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - pathvalidation "k8s.io/apimachinery/pkg/api/validation/path" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/apis/autoscaling" - corevalidation "k8s.io/kubernetes/pkg/apis/core/v1/validation" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/features" -) - -const ( - // MaxPeriodSeconds is the largest allowed scaling policy period (in seconds) - MaxPeriodSeconds int32 = 1800 - // MaxStabilizationWindowSeconds is the largest allowed stabilization window (in seconds) - MaxStabilizationWindowSeconds int32 = 3600 -) - -// ValidateScale validates a Scale and returns an ErrorList with any errors. -func ValidateScale(scale *autoscaling.Scale) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&scale.ObjectMeta, true, apimachineryvalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) - - if scale.Spec.Replicas < 0 { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "replicas"), scale.Spec.Replicas, "must be greater than or equal to 0")) - } - - return allErrs -} - -// ValidateHorizontalPodAutoscalerName can be used to check whether the given autoscaler name is valid. -// Prefix indicates this name will be used as part of generation, in which case trailing dashes are allowed. -var ValidateHorizontalPodAutoscalerName = apivalidation.ValidateReplicationControllerName - -func validateHorizontalPodAutoscalerSpec(autoscaler autoscaling.HorizontalPodAutoscalerSpec, fldPath *field.Path, minReplicasLowerBound int32) field.ErrorList { - allErrs := field.ErrorList{} - - if autoscaler.MinReplicas != nil && *autoscaler.MinReplicas < minReplicasLowerBound { - allErrs = append(allErrs, field.Invalid(fldPath.Child("minReplicas"), *autoscaler.MinReplicas, - fmt.Sprintf("must be greater than or equal to %d", minReplicasLowerBound))) - } - if autoscaler.MaxReplicas < 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("maxReplicas"), autoscaler.MaxReplicas, "must be greater than 0")) - } - if autoscaler.MinReplicas != nil && autoscaler.MaxReplicas < *autoscaler.MinReplicas { - allErrs = append(allErrs, field.Invalid(fldPath.Child("maxReplicas"), autoscaler.MaxReplicas, "must be greater than or equal to `minReplicas`")) - } - if refErrs := ValidateCrossVersionObjectReference(autoscaler.ScaleTargetRef, fldPath.Child("scaleTargetRef")); len(refErrs) > 0 { - allErrs = append(allErrs, refErrs...) - } - if refErrs := validateMetrics(autoscaler.Metrics, fldPath.Child("metrics"), autoscaler.MinReplicas); len(refErrs) > 0 { - allErrs = append(allErrs, refErrs...) - } - if refErrs := validateBehavior(autoscaler.Behavior, fldPath.Child("behavior")); len(refErrs) > 0 { - allErrs = append(allErrs, refErrs...) - } - return allErrs -} - -// ValidateCrossVersionObjectReference validates a CrossVersionObjectReference and returns an -// ErrorList with any errors. -func ValidateCrossVersionObjectReference(ref autoscaling.CrossVersionObjectReference, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(ref.Kind) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("kind"), "")) - } else { - for _, msg := range pathvalidation.IsValidPathSegmentName(ref.Kind) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("kind"), ref.Kind, msg)) - } - } - - if len(ref.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else { - for _, msg := range pathvalidation.IsValidPathSegmentName(ref.Name) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), ref.Name, msg)) - } - } - - return allErrs -} - -// ValidateHorizontalPodAutoscaler validates a HorizontalPodAutoscaler and returns an -// ErrorList with any errors. -func ValidateHorizontalPodAutoscaler(autoscaler *autoscaling.HorizontalPodAutoscaler) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&autoscaler.ObjectMeta, true, ValidateHorizontalPodAutoscalerName, field.NewPath("metadata")) - - // MinReplicasLowerBound represents a minimum value for minReplicas - // 0 when HPA scale-to-zero feature is enabled - var minReplicasLowerBound int32 - - if utilfeature.DefaultFeatureGate.Enabled(features.HPAScaleToZero) { - minReplicasLowerBound = 0 - } else { - minReplicasLowerBound = 1 - } - allErrs = append(allErrs, validateHorizontalPodAutoscalerSpec(autoscaler.Spec, field.NewPath("spec"), minReplicasLowerBound)...) - return allErrs -} - -// ValidateHorizontalPodAutoscalerUpdate validates an update to a HorizontalPodAutoscaler and returns an -// ErrorList with any errors. -func ValidateHorizontalPodAutoscalerUpdate(newAutoscaler, oldAutoscaler *autoscaling.HorizontalPodAutoscaler) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&newAutoscaler.ObjectMeta, &oldAutoscaler.ObjectMeta, field.NewPath("metadata")) - - // minReplicasLowerBound represents a minimum value for minReplicas - // 0 when HPA scale-to-zero feature is enabled or HPA object already has minReplicas=0 - var minReplicasLowerBound int32 - - if utilfeature.DefaultFeatureGate.Enabled(features.HPAScaleToZero) || (oldAutoscaler.Spec.MinReplicas != nil && *oldAutoscaler.Spec.MinReplicas == 0) { - minReplicasLowerBound = 0 - } else { - minReplicasLowerBound = 1 - } - - allErrs = append(allErrs, validateHorizontalPodAutoscalerSpec(newAutoscaler.Spec, field.NewPath("spec"), minReplicasLowerBound)...) - return allErrs -} - -// ValidateHorizontalPodAutoscalerStatusUpdate validates an update to status on a HorizontalPodAutoscaler and -// returns an ErrorList with any errors. -func ValidateHorizontalPodAutoscalerStatusUpdate(newAutoscaler, oldAutoscaler *autoscaling.HorizontalPodAutoscaler) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&newAutoscaler.ObjectMeta, &oldAutoscaler.ObjectMeta, field.NewPath("metadata")) - status := newAutoscaler.Status - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.CurrentReplicas), field.NewPath("status", "currentReplicas"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.DesiredReplicas), field.NewPath("status", "desiredReplicas"))...) - return allErrs -} - -func validateMetrics(metrics []autoscaling.MetricSpec, fldPath *field.Path, minReplicas *int32) field.ErrorList { - allErrs := field.ErrorList{} - hasObjectMetrics := false - hasExternalMetrics := false - - for i, metricSpec := range metrics { - idxPath := fldPath.Index(i) - if targetErrs := validateMetricSpec(metricSpec, idxPath); len(targetErrs) > 0 { - allErrs = append(allErrs, targetErrs...) - } - if metricSpec.Type == autoscaling.ObjectMetricSourceType { - hasObjectMetrics = true - } - if metricSpec.Type == autoscaling.ExternalMetricSourceType { - hasExternalMetrics = true - } - } - - if minReplicas != nil && *minReplicas == 0 { - if !hasObjectMetrics && !hasExternalMetrics { - allErrs = append(allErrs, field.Forbidden(fldPath, "must specify at least one Object or External metric to support scaling to zero replicas")) - } - } - - return allErrs -} - -func validateBehavior(behavior *autoscaling.HorizontalPodAutoscalerBehavior, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if behavior != nil { - if scaleUpErrs := validateScalingRules(behavior.ScaleUp, fldPath.Child("scaleUp")); len(scaleUpErrs) > 0 { - allErrs = append(allErrs, scaleUpErrs...) - } - if scaleDownErrs := validateScalingRules(behavior.ScaleDown, fldPath.Child("scaleDown")); len(scaleDownErrs) > 0 { - allErrs = append(allErrs, scaleDownErrs...) - } - } - return allErrs -} - -var validSelectPolicyTypes = sets.NewString(string(autoscaling.MaxPolicySelect), string(autoscaling.MinPolicySelect), string(autoscaling.DisabledPolicySelect)) -var validSelectPolicyTypesList = validSelectPolicyTypes.List() - -func validateScalingRules(rules *autoscaling.HPAScalingRules, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if rules != nil { - if rules.StabilizationWindowSeconds != nil && *rules.StabilizationWindowSeconds < 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("stabilizationWindowSeconds"), rules.StabilizationWindowSeconds, "must be greater than or equal to zero")) - } - if rules.StabilizationWindowSeconds != nil && *rules.StabilizationWindowSeconds > MaxStabilizationWindowSeconds { - allErrs = append(allErrs, field.Invalid(fldPath.Child("stabilizationWindowSeconds"), rules.StabilizationWindowSeconds, - fmt.Sprintf("must be less than or equal to %v", MaxStabilizationWindowSeconds))) - } - if rules.SelectPolicy != nil && !validSelectPolicyTypes.Has(string(*rules.SelectPolicy)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("selectPolicy"), rules.SelectPolicy, validSelectPolicyTypesList)) - } - policiesPath := fldPath.Child("policies") - if len(rules.Policies) == 0 { - allErrs = append(allErrs, field.Required(policiesPath, "must specify at least one Policy")) - } - for i, policy := range rules.Policies { - idxPath := policiesPath.Index(i) - if policyErrs := validateScalingPolicy(policy, idxPath); len(policyErrs) > 0 { - allErrs = append(allErrs, policyErrs...) - } - } - } - return allErrs -} - -var validPolicyTypes = sets.NewString(string(autoscaling.PodsScalingPolicy), string(autoscaling.PercentScalingPolicy)) -var validPolicyTypesList = validPolicyTypes.List() - -func validateScalingPolicy(policy autoscaling.HPAScalingPolicy, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if policy.Type != autoscaling.PodsScalingPolicy && policy.Type != autoscaling.PercentScalingPolicy { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), policy.Type, validPolicyTypesList)) - } - if policy.Value <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("value"), policy.Value, "must be greater than zero")) - } - if policy.PeriodSeconds <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("periodSeconds"), policy.PeriodSeconds, "must be greater than zero")) - } - if policy.PeriodSeconds > MaxPeriodSeconds { - allErrs = append(allErrs, field.Invalid(fldPath.Child("periodSeconds"), policy.PeriodSeconds, - fmt.Sprintf("must be less than or equal to %v", MaxPeriodSeconds))) - } - return allErrs -} - -var validMetricSourceTypes = sets.NewString( - string(autoscaling.ObjectMetricSourceType), string(autoscaling.PodsMetricSourceType), - string(autoscaling.ResourceMetricSourceType), string(autoscaling.ExternalMetricSourceType), - string(autoscaling.ContainerResourceMetricSourceType)) -var validMetricSourceTypesList = validMetricSourceTypes.List() - -func validateMetricSpec(spec autoscaling.MetricSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(string(spec.Type)) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("type"), "must specify a metric source type")) - } - - if !validMetricSourceTypes.Has(string(spec.Type)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), spec.Type, validMetricSourceTypesList)) - } - - typesPresent := sets.NewString() - if spec.Object != nil { - typesPresent.Insert("object") - if typesPresent.Len() == 1 { - allErrs = append(allErrs, validateObjectSource(spec.Object, fldPath.Child("object"))...) - } - } - - if spec.External != nil { - typesPresent.Insert("external") - if typesPresent.Len() == 1 { - allErrs = append(allErrs, validateExternalSource(spec.External, fldPath.Child("external"))...) - } - } - - if spec.Pods != nil { - typesPresent.Insert("pods") - if typesPresent.Len() == 1 { - allErrs = append(allErrs, validatePodsSource(spec.Pods, fldPath.Child("pods"))...) - } - } - - if spec.Resource != nil { - typesPresent.Insert("resource") - if typesPresent.Len() == 1 { - allErrs = append(allErrs, validateResourceSource(spec.Resource, fldPath.Child("resource"))...) - } - } - - if spec.ContainerResource != nil { - typesPresent.Insert("containerResource") - if typesPresent.Len() == 1 { - allErrs = append(allErrs, validateContainerResourceSource(spec.ContainerResource, fldPath.Child("containerResource"))...) - } - } - - var expectedField string - switch spec.Type { - - case autoscaling.ObjectMetricSourceType: - if spec.Object == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("object"), "must populate information for the given metric source")) - } - expectedField = "object" - case autoscaling.PodsMetricSourceType: - if spec.Pods == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("pods"), "must populate information for the given metric source")) - } - expectedField = "pods" - case autoscaling.ResourceMetricSourceType: - if spec.Resource == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("resource"), "must populate information for the given metric source")) - } - expectedField = "resource" - case autoscaling.ExternalMetricSourceType: - if spec.External == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("external"), "must populate information for the given metric source")) - } - expectedField = "external" - case autoscaling.ContainerResourceMetricSourceType: - if spec.ContainerResource == nil { - if utilfeature.DefaultFeatureGate.Enabled(features.HPAContainerMetrics) { - allErrs = append(allErrs, field.Required(fldPath.Child("containerResource"), "must populate information for the given metric source")) - } else { - allErrs = append(allErrs, field.Required(fldPath.Child("containerResource"), "must populate information for the given metric source (only allowed when HPAContainerMetrics feature is enabled)")) - } - } - expectedField = "containerResource" - default: - allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), spec.Type, validMetricSourceTypesList)) - } - - if typesPresent.Len() != 1 { - typesPresent.Delete(expectedField) - for typ := range typesPresent { - allErrs = append(allErrs, field.Forbidden(fldPath.Child(typ), "must populate the given metric source only")) - } - } - - return allErrs -} - -func validateObjectSource(src *autoscaling.ObjectMetricSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, ValidateCrossVersionObjectReference(src.DescribedObject, fldPath.Child("describedObject"))...) - allErrs = append(allErrs, validateMetricIdentifier(src.Metric, fldPath.Child("metric"))...) - allErrs = append(allErrs, validateMetricTarget(src.Target, fldPath.Child("target"))...) - - if src.Target.Value == nil && src.Target.AverageValue == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("target").Child("averageValue"), "must set either a target value or averageValue")) - } - - return allErrs -} - -func validateExternalSource(src *autoscaling.ExternalMetricSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, validateMetricIdentifier(src.Metric, fldPath.Child("metric"))...) - allErrs = append(allErrs, validateMetricTarget(src.Target, fldPath.Child("target"))...) - - if src.Target.Value == nil && src.Target.AverageValue == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("target").Child("averageValue"), "must set either a target value for metric or a per-pod target")) - } - - if src.Target.Value != nil && src.Target.AverageValue != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("target").Child("value"), "may not set both a target value for metric and a per-pod target")) - } - - return allErrs -} - -func validatePodsSource(src *autoscaling.PodsMetricSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, validateMetricIdentifier(src.Metric, fldPath.Child("metric"))...) - allErrs = append(allErrs, validateMetricTarget(src.Target, fldPath.Child("target"))...) - - if src.Target.AverageValue == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("target").Child("averageValue"), "must specify a positive target averageValue")) - } - - return allErrs -} - -func validateContainerResourceSource(src *autoscaling.ContainerResourceMetricSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(src.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "must specify a resource name")) - } else { - allErrs = append(allErrs, corevalidation.ValidateContainerResourceName(string(src.Name), fldPath.Child("name"))...) - } - - if len(src.Container) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("container"), "must specify a container")) - } else { - allErrs = append(allErrs, apivalidation.ValidateDNS1123Label(src.Container, fldPath.Child("container"))...) - } - - allErrs = append(allErrs, validateMetricTarget(src.Target, fldPath.Child("target"))...) - - if src.Target.AverageUtilization == nil && src.Target.AverageValue == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("target").Child("averageUtilization"), "must set either a target raw value or a target utilization")) - } - - if src.Target.AverageUtilization != nil && src.Target.AverageValue != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("target").Child("averageValue"), "may not set both a target raw value and a target utilization")) - } - - return allErrs -} - -func validateResourceSource(src *autoscaling.ResourceMetricSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(src.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "must specify a resource name")) - } - - allErrs = append(allErrs, validateMetricTarget(src.Target, fldPath.Child("target"))...) - - if src.Target.AverageUtilization == nil && src.Target.AverageValue == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("target").Child("averageUtilization"), "must set either a target raw value or a target utilization")) - } - - if src.Target.AverageUtilization != nil && src.Target.AverageValue != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("target").Child("averageValue"), "may not set both a target raw value and a target utilization")) - } - - return allErrs -} - -func validateMetricTarget(mt autoscaling.MetricTarget, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(mt.Type) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("type"), "must specify a metric target type")) - } - - if mt.Type != autoscaling.UtilizationMetricType && - mt.Type != autoscaling.ValueMetricType && - mt.Type != autoscaling.AverageValueMetricType { - allErrs = append(allErrs, field.Invalid(fldPath.Child("type"), mt.Type, "must be either Utilization, Value, or AverageValue")) - } - - if mt.Value != nil && mt.Value.Sign() != 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("value"), mt.Value, "must be positive")) - } - - if mt.AverageValue != nil && mt.AverageValue.Sign() != 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("averageValue"), mt.AverageValue, "must be positive")) - } - - if mt.AverageUtilization != nil && *mt.AverageUtilization < 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("averageUtilization"), mt.AverageUtilization, "must be greater than 0")) - } - - return allErrs -} - -func validateMetricIdentifier(id autoscaling.MetricIdentifier, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(id.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "must specify a metric name")) - } else { - for _, msg := range pathvalidation.IsValidPathSegmentName(id.Name) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), id.Name, msg)) - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/zz_generated.deepcopy.go deleted file mode 100644 index 9f2d6c2e54..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/autoscaling/zz_generated.deepcopy.go +++ /dev/null @@ -1,670 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package autoscaling - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerResourceMetricSource) DeepCopyInto(out *ContainerResourceMetricSource) { - *out = *in - in.Target.DeepCopyInto(&out.Target) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerResourceMetricSource. -func (in *ContainerResourceMetricSource) DeepCopy() *ContainerResourceMetricSource { - if in == nil { - return nil - } - out := new(ContainerResourceMetricSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerResourceMetricStatus) DeepCopyInto(out *ContainerResourceMetricStatus) { - *out = *in - in.Current.DeepCopyInto(&out.Current) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerResourceMetricStatus. -func (in *ContainerResourceMetricStatus) DeepCopy() *ContainerResourceMetricStatus { - if in == nil { - return nil - } - out := new(ContainerResourceMetricStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CrossVersionObjectReference) DeepCopyInto(out *CrossVersionObjectReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossVersionObjectReference. -func (in *CrossVersionObjectReference) DeepCopy() *CrossVersionObjectReference { - if in == nil { - return nil - } - out := new(CrossVersionObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExternalMetricSource) DeepCopyInto(out *ExternalMetricSource) { - *out = *in - in.Metric.DeepCopyInto(&out.Metric) - in.Target.DeepCopyInto(&out.Target) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalMetricSource. -func (in *ExternalMetricSource) DeepCopy() *ExternalMetricSource { - if in == nil { - return nil - } - out := new(ExternalMetricSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExternalMetricStatus) DeepCopyInto(out *ExternalMetricStatus) { - *out = *in - in.Metric.DeepCopyInto(&out.Metric) - in.Current.DeepCopyInto(&out.Current) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalMetricStatus. -func (in *ExternalMetricStatus) DeepCopy() *ExternalMetricStatus { - if in == nil { - return nil - } - out := new(ExternalMetricStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HPAScalingPolicy) DeepCopyInto(out *HPAScalingPolicy) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HPAScalingPolicy. -func (in *HPAScalingPolicy) DeepCopy() *HPAScalingPolicy { - if in == nil { - return nil - } - out := new(HPAScalingPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HPAScalingRules) DeepCopyInto(out *HPAScalingRules) { - *out = *in - if in.StabilizationWindowSeconds != nil { - in, out := &in.StabilizationWindowSeconds, &out.StabilizationWindowSeconds - *out = new(int32) - **out = **in - } - if in.SelectPolicy != nil { - in, out := &in.SelectPolicy, &out.SelectPolicy - *out = new(ScalingPolicySelect) - **out = **in - } - if in.Policies != nil { - in, out := &in.Policies, &out.Policies - *out = make([]HPAScalingPolicy, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HPAScalingRules. -func (in *HPAScalingRules) DeepCopy() *HPAScalingRules { - if in == nil { - return nil - } - out := new(HPAScalingRules) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HorizontalPodAutoscaler) DeepCopyInto(out *HorizontalPodAutoscaler) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HorizontalPodAutoscaler. -func (in *HorizontalPodAutoscaler) DeepCopy() *HorizontalPodAutoscaler { - if in == nil { - return nil - } - out := new(HorizontalPodAutoscaler) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *HorizontalPodAutoscaler) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HorizontalPodAutoscalerBehavior) DeepCopyInto(out *HorizontalPodAutoscalerBehavior) { - *out = *in - if in.ScaleUp != nil { - in, out := &in.ScaleUp, &out.ScaleUp - *out = new(HPAScalingRules) - (*in).DeepCopyInto(*out) - } - if in.ScaleDown != nil { - in, out := &in.ScaleDown, &out.ScaleDown - *out = new(HPAScalingRules) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HorizontalPodAutoscalerBehavior. -func (in *HorizontalPodAutoscalerBehavior) DeepCopy() *HorizontalPodAutoscalerBehavior { - if in == nil { - return nil - } - out := new(HorizontalPodAutoscalerBehavior) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HorizontalPodAutoscalerCondition) DeepCopyInto(out *HorizontalPodAutoscalerCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HorizontalPodAutoscalerCondition. -func (in *HorizontalPodAutoscalerCondition) DeepCopy() *HorizontalPodAutoscalerCondition { - if in == nil { - return nil - } - out := new(HorizontalPodAutoscalerCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HorizontalPodAutoscalerList) DeepCopyInto(out *HorizontalPodAutoscalerList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]HorizontalPodAutoscaler, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HorizontalPodAutoscalerList. -func (in *HorizontalPodAutoscalerList) DeepCopy() *HorizontalPodAutoscalerList { - if in == nil { - return nil - } - out := new(HorizontalPodAutoscalerList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *HorizontalPodAutoscalerList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HorizontalPodAutoscalerSpec) DeepCopyInto(out *HorizontalPodAutoscalerSpec) { - *out = *in - out.ScaleTargetRef = in.ScaleTargetRef - if in.MinReplicas != nil { - in, out := &in.MinReplicas, &out.MinReplicas - *out = new(int32) - **out = **in - } - if in.Metrics != nil { - in, out := &in.Metrics, &out.Metrics - *out = make([]MetricSpec, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Behavior != nil { - in, out := &in.Behavior, &out.Behavior - *out = new(HorizontalPodAutoscalerBehavior) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HorizontalPodAutoscalerSpec. -func (in *HorizontalPodAutoscalerSpec) DeepCopy() *HorizontalPodAutoscalerSpec { - if in == nil { - return nil - } - out := new(HorizontalPodAutoscalerSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HorizontalPodAutoscalerStatus) DeepCopyInto(out *HorizontalPodAutoscalerStatus) { - *out = *in - if in.ObservedGeneration != nil { - in, out := &in.ObservedGeneration, &out.ObservedGeneration - *out = new(int64) - **out = **in - } - if in.LastScaleTime != nil { - in, out := &in.LastScaleTime, &out.LastScaleTime - *out = (*in).DeepCopy() - } - if in.CurrentMetrics != nil { - in, out := &in.CurrentMetrics, &out.CurrentMetrics - *out = make([]MetricStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]HorizontalPodAutoscalerCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HorizontalPodAutoscalerStatus. -func (in *HorizontalPodAutoscalerStatus) DeepCopy() *HorizontalPodAutoscalerStatus { - if in == nil { - return nil - } - out := new(HorizontalPodAutoscalerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricIdentifier) DeepCopyInto(out *MetricIdentifier) { - *out = *in - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricIdentifier. -func (in *MetricIdentifier) DeepCopy() *MetricIdentifier { - if in == nil { - return nil - } - out := new(MetricIdentifier) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricSpec) DeepCopyInto(out *MetricSpec) { - *out = *in - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(ObjectMetricSource) - (*in).DeepCopyInto(*out) - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(PodsMetricSource) - (*in).DeepCopyInto(*out) - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(ResourceMetricSource) - (*in).DeepCopyInto(*out) - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(ContainerResourceMetricSource) - (*in).DeepCopyInto(*out) - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(ExternalMetricSource) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricSpec. -func (in *MetricSpec) DeepCopy() *MetricSpec { - if in == nil { - return nil - } - out := new(MetricSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricStatus) DeepCopyInto(out *MetricStatus) { - *out = *in - if in.Object != nil { - in, out := &in.Object, &out.Object - *out = new(ObjectMetricStatus) - (*in).DeepCopyInto(*out) - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = new(PodsMetricStatus) - (*in).DeepCopyInto(*out) - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(ResourceMetricStatus) - (*in).DeepCopyInto(*out) - } - if in.ContainerResource != nil { - in, out := &in.ContainerResource, &out.ContainerResource - *out = new(ContainerResourceMetricStatus) - (*in).DeepCopyInto(*out) - } - if in.External != nil { - in, out := &in.External, &out.External - *out = new(ExternalMetricStatus) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricStatus. -func (in *MetricStatus) DeepCopy() *MetricStatus { - if in == nil { - return nil - } - out := new(MetricStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricTarget) DeepCopyInto(out *MetricTarget) { - *out = *in - if in.Value != nil { - in, out := &in.Value, &out.Value - x := (*in).DeepCopy() - *out = &x - } - if in.AverageValue != nil { - in, out := &in.AverageValue, &out.AverageValue - x := (*in).DeepCopy() - *out = &x - } - if in.AverageUtilization != nil { - in, out := &in.AverageUtilization, &out.AverageUtilization - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricTarget. -func (in *MetricTarget) DeepCopy() *MetricTarget { - if in == nil { - return nil - } - out := new(MetricTarget) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetricValueStatus) DeepCopyInto(out *MetricValueStatus) { - *out = *in - if in.Value != nil { - in, out := &in.Value, &out.Value - x := (*in).DeepCopy() - *out = &x - } - if in.AverageValue != nil { - in, out := &in.AverageValue, &out.AverageValue - x := (*in).DeepCopy() - *out = &x - } - if in.AverageUtilization != nil { - in, out := &in.AverageUtilization, &out.AverageUtilization - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricValueStatus. -func (in *MetricValueStatus) DeepCopy() *MetricValueStatus { - if in == nil { - return nil - } - out := new(MetricValueStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectMetricSource) DeepCopyInto(out *ObjectMetricSource) { - *out = *in - out.DescribedObject = in.DescribedObject - in.Target.DeepCopyInto(&out.Target) - in.Metric.DeepCopyInto(&out.Metric) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectMetricSource. -func (in *ObjectMetricSource) DeepCopy() *ObjectMetricSource { - if in == nil { - return nil - } - out := new(ObjectMetricSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectMetricStatus) DeepCopyInto(out *ObjectMetricStatus) { - *out = *in - in.Metric.DeepCopyInto(&out.Metric) - in.Current.DeepCopyInto(&out.Current) - out.DescribedObject = in.DescribedObject - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectMetricStatus. -func (in *ObjectMetricStatus) DeepCopy() *ObjectMetricStatus { - if in == nil { - return nil - } - out := new(ObjectMetricStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodsMetricSource) DeepCopyInto(out *PodsMetricSource) { - *out = *in - in.Metric.DeepCopyInto(&out.Metric) - in.Target.DeepCopyInto(&out.Target) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodsMetricSource. -func (in *PodsMetricSource) DeepCopy() *PodsMetricSource { - if in == nil { - return nil - } - out := new(PodsMetricSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodsMetricStatus) DeepCopyInto(out *PodsMetricStatus) { - *out = *in - in.Metric.DeepCopyInto(&out.Metric) - in.Current.DeepCopyInto(&out.Current) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodsMetricStatus. -func (in *PodsMetricStatus) DeepCopy() *PodsMetricStatus { - if in == nil { - return nil - } - out := new(PodsMetricStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceMetricSource) DeepCopyInto(out *ResourceMetricSource) { - *out = *in - in.Target.DeepCopyInto(&out.Target) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceMetricSource. -func (in *ResourceMetricSource) DeepCopy() *ResourceMetricSource { - if in == nil { - return nil - } - out := new(ResourceMetricSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceMetricStatus) DeepCopyInto(out *ResourceMetricStatus) { - *out = *in - in.Current.DeepCopyInto(&out.Current) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceMetricStatus. -func (in *ResourceMetricStatus) DeepCopy() *ResourceMetricStatus { - if in == nil { - return nil - } - out := new(ResourceMetricStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Scale) DeepCopyInto(out *Scale) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Scale. -func (in *Scale) DeepCopy() *Scale { - if in == nil { - return nil - } - out := new(Scale) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Scale) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ScaleSpec) DeepCopyInto(out *ScaleSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScaleSpec. -func (in *ScaleSpec) DeepCopy() *ScaleSpec { - if in == nil { - return nil - } - out := new(ScaleSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ScaleStatus) DeepCopyInto(out *ScaleStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScaleStatus. -func (in *ScaleStatus) DeepCopy() *ScaleStatus { - if in == nil { - return nil - } - out := new(ScaleStatus) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/OWNERS deleted file mode 100644 index 885cc9f3e9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-apps-api-reviewers - - sig-apps-api-approvers -labels: - - sig/apps diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/doc.go deleted file mode 100644 index a80b3597f2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package batch // import "k8s.io/kubernetes/pkg/apis/batch" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/install/install.go deleted file mode 100644 index 8d2d0d7824..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the batch API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/batch" - "k8s.io/kubernetes/pkg/apis/batch/v1" - "k8s.io/kubernetes/pkg/apis/batch/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(batch.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/register.go deleted file mode 100644 index 3b1558ab4b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/register.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package batch - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "batch" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Job{}, - &JobList{}, - &JobTemplate{}, - &CronJob{}, - &CronJobList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/types.go deleted file mode 100644 index cd3dd9656a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/types.go +++ /dev/null @@ -1,583 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package batch - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from -// being deleted before being accounted in the Job status. -// -// Additionally, the apiserver and job controller use this string as a Job -// annotation, to mark Jobs that are being tracked using pod finalizers. -// However, this behavior is deprecated in kubernetes 1.26. This means that, in -// 1.27+, one release after JobTrackingWithFinalizers graduates to GA, the -// apiserver and job controller will ignore this annotation and they will -// always track jobs using finalizers. -const JobTrackingFinalizer = "batch.kubernetes.io/job-tracking" - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Job represents the configuration of a single job. -type Job struct { - metav1.TypeMeta - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec JobSpec - - // Current status of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Status JobStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// JobList is a collection of jobs. -type JobList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // items is the list of Jobs. - Items []Job -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// JobTemplate describes a template for creating copies of a predefined pod. -type JobTemplate struct { - metav1.TypeMeta - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Defines jobs that will be created from this template. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Template JobTemplateSpec -} - -// JobTemplateSpec describes the data a Job should have when created from a template -type JobTemplateSpec struct { - // Standard object's metadata of the jobs created from this template. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior of the job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec JobSpec -} - -// CompletionMode specifies how Pod completions of a Job are tracked. -type CompletionMode string - -const ( - // NonIndexedCompletion is a Job completion mode. In this mode, the Job is - // considered complete when there have been .spec.completions - // successfully completed Pods. Pod completions are homologous to each other. - NonIndexedCompletion CompletionMode = "NonIndexed" - - // IndexedCompletion is a Job completion mode. In this mode, the Pods of a - // Job get an associated completion index from 0 to (.spec.completions - 1). - // The Job is considered complete when a Pod completes for each completion - // index. - IndexedCompletion CompletionMode = "Indexed" -) - -// PodFailurePolicyAction specifies how a Pod failure is handled. -// +enum -type PodFailurePolicyAction string - -const ( - // This is an action which might be taken on a pod failure - mark the - // pod's job as Failed and terminate all running pods. - PodFailurePolicyActionFailJob PodFailurePolicyAction = "FailJob" - - // This is an action which might be taken on a pod failure - the counter towards - // .backoffLimit, represented by the job's .status.failed field, is not - // incremented and a replacement pod is created. - PodFailurePolicyActionIgnore PodFailurePolicyAction = "Ignore" - - // This is an action which might be taken on a pod failure - the pod failure - // is handled in the default way - the counter towards .backoffLimit, - // represented by the job's .status.failed field, is incremented. - PodFailurePolicyActionCount PodFailurePolicyAction = "Count" -) - -// +enum -type PodFailurePolicyOnExitCodesOperator string - -const ( - PodFailurePolicyOnExitCodesOpIn PodFailurePolicyOnExitCodesOperator = "In" - PodFailurePolicyOnExitCodesOpNotIn PodFailurePolicyOnExitCodesOperator = "NotIn" -) - -// PodFailurePolicyOnExitCodesRequirement describes the requirement for handling -// a failed pod based on its container exit codes. In particular, it lookups the -// .state.terminated.exitCode for each app container and init container status, -// represented by the .status.containerStatuses and .status.initContainerStatuses -// fields in the Pod status, respectively. Containers completed with success -// (exit code 0) are excluded from the requirement check. -type PodFailurePolicyOnExitCodesRequirement struct { - // Restricts the check for exit codes to the container with the - // specified name. When null, the rule applies to all containers. - // When specified, it should match one the container or initContainer - // names in the pod template. - // +optional - ContainerName *string - - // Represents the relationship between the container exit code(s) and the - // specified values. Containers completed with success (exit code 0) are - // excluded from the requirement check. Possible values are: - // - In: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is in the set of specified values. - // - NotIn: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is not in the set of specified values. - // Additional values are considered to be added in the future. Clients should - // react to an unknown operator by assuming the requirement is not satisfied. - Operator PodFailurePolicyOnExitCodesOperator - - // Specifies the set of values. Each returned container exit code (might be - // multiple in case of multiple containers) is checked against this set of - // values with respect to the operator. The list of values must be ordered - // and must not contain duplicates. Value '0' cannot be used for the In operator. - // At least one element is required. At most 255 elements are allowed. - // +listType=set - Values []int32 -} - -// PodFailurePolicyOnPodConditionsPattern describes a pattern for matching -// an actual pod condition type. -type PodFailurePolicyOnPodConditionsPattern struct { - // Specifies the required Pod condition type. To match a pod condition - // it is required that specified type equals the pod condition type. - Type api.PodConditionType - // Specifies the required Pod condition status. To match a pod condition - // it is required that the specified status equals the pod condition status. - // Defaults to True. - Status api.ConditionStatus -} - -// PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. -// One of OnExitCodes and onPodConditions, but not both, can be used in each rule. -type PodFailurePolicyRule struct { - // Specifies the action taken on a pod failure when the requirements are satisfied. - // Possible values are: - // - FailJob: indicates that the pod's job is marked as Failed and all - // running pods are terminated. - // - Ignore: indicates that the counter towards the .backoffLimit is not - // incremented and a replacement pod is created. - // - Count: indicates that the pod is handled in the default way - the - // counter towards the .backoffLimit is incremented. - // Additional values are considered to be added in the future. Clients should - // react to an unknown action by skipping the rule. - Action PodFailurePolicyAction - - // Represents the requirement on the container exit codes. - // +optional - OnExitCodes *PodFailurePolicyOnExitCodesRequirement - - // Represents the requirement on the pod conditions. The requirement is represented - // as a list of pod condition patterns. The requirement is satisfied if at - // least one pattern matches an actual pod condition. At most 20 elements are allowed. - // +listType=atomic - OnPodConditions []PodFailurePolicyOnPodConditionsPattern -} - -// PodFailurePolicy describes how failed pods influence the backoffLimit. -type PodFailurePolicy struct { - // A list of pod failure policy rules. The rules are evaluated in order. - // Once a rule matches a Pod failure, the remaining of the rules are ignored. - // When no rule matches the Pod failure, the default handling applies - the - // counter of pod failures is incremented and it is checked against - // the backoffLimit. At most 20 elements are allowed. - // +listType=atomic - Rules []PodFailurePolicyRule -} - -// JobSpec describes how the job execution will look like. -type JobSpec struct { - - // Specifies the maximum desired number of pods the job should - // run at any given time. The actual number of pods running in steady state will - // be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), - // i.e. when the work left to do is less than max parallelism. - // +optional - Parallelism *int32 - - // Specifies the desired number of successfully finished pods the - // job should be run with. Setting to nil means that the success of any - // pod signals the success of all pods, and allows parallelism to have any positive - // value. Setting to 1 means that parallelism is limited to 1 and the success of that - // pod signals the success of the job. - // +optional - Completions *int32 - - // Specifies the policy of handling failed pods. In particular, it allows to - // specify the set of actions and conditions which need to be - // satisfied to take the associated action. - // If empty, the default behaviour applies - the counter of failed pods, - // represented by the jobs's .status.failed field, is incremented and it is - // checked against the backoffLimit. This field cannot be used in combination - // with .spec.podTemplate.spec.restartPolicy=OnFailure. - // - // This field is alpha-level. To use this field, you must enable the - // `JobPodFailurePolicy` feature gate (disabled by default). - // +optional - PodFailurePolicy *PodFailurePolicy - - // Specifies the duration in seconds relative to the startTime that the job - // may be continuously active before the system tries to terminate it; value - // must be positive integer. If a Job is suspended (at creation or through an - // update), this timer will effectively be stopped and reset when the Job is - // resumed again. - // +optional - ActiveDeadlineSeconds *int64 - - // Optional number of retries before marking this job failed. - // Defaults to 6 - // +optional - BackoffLimit *int32 - - // TODO enabled it when https://github.com/kubernetes/kubernetes/issues/28486 has been fixed - // Optional number of failed pods to retain. - // +optional - // FailedPodsLimit *int32 - - // A label query over pods that should match the pod count. - // Normally, the system sets this field for you. - // +optional - Selector *metav1.LabelSelector - - // manualSelector controls generation of pod labels and pod selectors. - // Leave `manualSelector` unset unless you are certain what you are doing. - // When false or unset, the system pick labels unique to this job - // and appends those labels to the pod template. When true, - // the user is responsible for picking unique labels and specifying - // the selector. Failure to pick a unique label may cause this - // and other jobs to not function correctly. However, You may see - // `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` - // API. - // +optional - ManualSelector *bool - - // Describes the pod that will be created when executing a job. - Template api.PodTemplateSpec - - // ttlSecondsAfterFinished limits the lifetime of a Job that has finished - // execution (either Complete or Failed). If this field is set, - // ttlSecondsAfterFinished after the Job finishes, it is eligible to be - // automatically deleted. When the Job is being deleted, its lifecycle - // guarantees (e.g. finalizers) will be honored. If this field is unset, - // the Job won't be automatically deleted. If this field is set to zero, - // the Job becomes eligible to be deleted immediately after it finishes. - // +optional - TTLSecondsAfterFinished *int32 - - // CompletionMode specifies how Pod completions are tracked. It can be - // `NonIndexed` (default) or `Indexed`. - // - // `NonIndexed` means that the Job is considered complete when there have - // been .spec.completions successfully completed Pods. Each Pod completion is - // homologous to each other. - // - // `Indexed` means that the Pods of a - // Job get an associated completion index from 0 to (.spec.completions - 1), - // available in the annotation batch.kubernetes.io/job-completion-index. - // The Job is considered complete when there is one successfully completed Pod - // for each index. - // When value is `Indexed`, .spec.completions must be specified and - // `.spec.parallelism` must be less than or equal to 10^5. - // In addition, The Pod name takes the form - // `$(job-name)-$(index)-$(random-string)`, - // the Pod hostname takes the form `$(job-name)-$(index)`. - // - // More completion modes can be added in the future. - // If the Job controller observes a mode that it doesn't recognize, which - // is possible during upgrades due to version skew, the controller - // skips updates for the Job. - // +optional - CompletionMode *CompletionMode - - // Suspend specifies whether the Job controller should create Pods or not. If - // a Job is created with suspend set to true, no Pods are created by the Job - // controller. If a Job is suspended after creation (i.e. the flag goes from - // false to true), the Job controller will delete all active Pods associated - // with this Job. Users must design their workload to gracefully handle this. - // Suspending a Job will reset the StartTime field of the Job, effectively - // resetting the ActiveDeadlineSeconds timer too. Defaults to false. - // - // +optional - Suspend *bool -} - -// JobStatus represents the current state of a Job. -type JobStatus struct { - - // The latest available observations of an object's current state. When a Job - // fails, one of the conditions will have type "Failed" and status true. When - // a Job is suspended, one of the conditions will have type "Suspended" and - // status true; when the Job is resumed, the status of this condition will - // become false. When a Job is completed, one of the conditions will have - // type "Complete" and status true. - // +optional - Conditions []JobCondition - - // Represents time when the job controller started processing a job. When a - // Job is created in the suspended state, this field is not set until the - // first time it is resumed. This field is reset every time a Job is resumed - // from suspension. It is represented in RFC3339 form and is in UTC. - // +optional - StartTime *metav1.Time - - // Represents time when the job was completed. It is not guaranteed to - // be set in happens-before order across separate operations. - // It is represented in RFC3339 form and is in UTC. - // The completion time is only set when the job finishes successfully. - // +optional - CompletionTime *metav1.Time - - // The number of pending and running pods. - // +optional - Active int32 - - // The number of active pods which have a Ready condition. - // - // This field is beta-level. The job controller populates the field when - // the feature gate JobReadyPods is enabled (enabled by default). - // +optional - Ready *int32 - - // The number of pods which reached phase Succeeded. - // +optional - Succeeded int32 - - // The number of pods which reached phase Failed. - // +optional - Failed int32 - - // CompletedIndexes holds the completed indexes when .spec.completionMode = - // "Indexed" in a text format. The indexes are represented as decimal integers - // separated by commas. The numbers are listed in increasing order. Three or - // more consecutive numbers are compressed and represented by the first and - // last element of the series, separated by a hyphen. - // For example, if the completed indexes are 1, 3, 4, 5 and 7, they are - // represented as "1,3-5,7". - // +optional - CompletedIndexes string - - // UncountedTerminatedPods holds the UIDs of Pods that have terminated but - // the job controller hasn't yet accounted for in the status counters. - // - // The job controller creates pods with a finalizer. When a pod terminates - // (succeeded or failed), the controller does three steps to account for it - // in the job status: - // (1) Add the pod UID to the corresponding array in this field. - // (2) Remove the pod finalizer. - // (3) Remove the pod UID from the array while increasing the corresponding - // counter. - // - // Old jobs might not be tracked using this field, in which case the field - // remains null. - // +optional - UncountedTerminatedPods *UncountedTerminatedPods -} - -// UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't -// been accounted in Job status counters. -type UncountedTerminatedPods struct { - // Succeeded holds UIDs of succeeded Pods. - // +listType=set - // +optional - Succeeded []types.UID - - // Failed holds UIDs of failed Pods. - // +listType=set - // +optional - Failed []types.UID -} - -// JobConditionType is a valid value for JobCondition.Type -type JobConditionType string - -// These are valid conditions of a job. -const ( - // JobSuspended means the job has been suspended. - JobSuspended JobConditionType = "Suspended" - // JobComplete means the job has completed its execution. - JobComplete JobConditionType = "Complete" - // JobFailed means the job has failed its execution. - JobFailed JobConditionType = "Failed" - // FailureTarget means the job is about to fail its execution. - JobFailureTarget JobConditionType = "FailureTarget" -) - -// JobCondition describes current state of a job. -type JobCondition struct { - // Type of job condition. - Type JobConditionType - // Status of the condition, one of True, False, Unknown. - Status api.ConditionStatus - // Last time the condition was checked. - // +optional - LastProbeTime metav1.Time - // Last time the condition transit from one status to another. - // +optional - LastTransitionTime metav1.Time - // (brief) reason for the condition's last transition. - // +optional - Reason string - // Human readable message indicating details about last transition. - // +optional - Message string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CronJob represents the configuration of a single cron job. -type CronJob struct { - metav1.TypeMeta - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior of a cron job, including the schedule. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec CronJobSpec - - // Current status of a cron job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Status CronJobStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CronJobList is a collection of cron jobs. -type CronJobList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // items is the list of CronJobs. - Items []CronJob -} - -// CronJobSpec describes how the job execution will look like and when it will actually run. -type CronJobSpec struct { - - // The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. - Schedule string - - // The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - // If not specified, this will default to the time zone of the kube-controller-manager process. - // The set of valid time zone names and the time zone offset is loaded from the system-wide time zone - // database by the API server during CronJob validation and the controller manager during execution. - // If no system-wide time zone database can be found a bundled version of the database is used instead. - // If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host - // configuration, the controller will stop creating new new Jobs and will create a system event with the - // reason UnknownTimeZone. - // More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones - // This is beta field and must be enabled via the `CronJobTimeZone` feature gate. - // +optional - TimeZone *string - - // Optional deadline in seconds for starting the job if it misses scheduled - // time for any reason. Missed jobs executions will be counted as failed ones. - // +optional - StartingDeadlineSeconds *int64 - - // Specifies how to treat concurrent executions of a Job. - // Valid values are: - // - "Allow" (default): allows CronJobs to run concurrently; - // - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - // - "Replace": cancels currently running job and replaces it with a new one - // +optional - ConcurrencyPolicy ConcurrencyPolicy - - // This flag tells the controller to suspend subsequent executions, it does - // not apply to already started executions. Defaults to false. - // +optional - Suspend *bool - - // Specifies the job that will be created when executing a CronJob. - JobTemplate JobTemplateSpec - - // The number of successful finished jobs to retain. - // This is a pointer to distinguish between explicit zero and not specified. - // +optional - SuccessfulJobsHistoryLimit *int32 - - // The number of failed finished jobs to retain. - // This is a pointer to distinguish between explicit zero and not specified. - // +optional - FailedJobsHistoryLimit *int32 -} - -// ConcurrencyPolicy describes how the job will be handled. -// Only one of the following concurrent policies may be specified. -// If none of the following policies is specified, the default one -// is AllowConcurrent. -type ConcurrencyPolicy string - -const ( - // AllowConcurrent allows CronJobs to run concurrently. - AllowConcurrent ConcurrencyPolicy = "Allow" - - // ForbidConcurrent forbids concurrent runs, skipping next run if previous - // hasn't finished yet. - ForbidConcurrent ConcurrencyPolicy = "Forbid" - - // ReplaceConcurrent cancels currently running job and replaces it with a new one. - ReplaceConcurrent ConcurrencyPolicy = "Replace" -) - -// CronJobStatus represents the current state of a cron job. -type CronJobStatus struct { - // A list of pointers to currently running jobs. - // +optional - Active []api.ObjectReference - - // Information when was the last time the job was successfully scheduled. - // +optional - LastScheduleTime *metav1.Time - - // Information when was the last time the job successfully completed. - // +optional - LastSuccessfulTime *metav1.Time -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/conversion.go deleted file mode 100644 index a3a581d419..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/conversion.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - v1 "k8s.io/api/batch/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/apis/batch" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Job"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", "metadata.namespace", "status.successful": - return label, value, nil - default: - return "", "", fmt.Errorf("field label %q not supported for Job", label) - } - }) -} - -// The following functions don't do anything special, but they need to be added -// here due to the dependency of v1beta1 on v1. - -func Convert_batch_JobSpec_To_v1_JobSpec(in *batch.JobSpec, out *v1.JobSpec, s conversion.Scope) error { - return autoConvert_batch_JobSpec_To_v1_JobSpec(in, out, s) -} - -func Convert_v1_JobSpec_To_batch_JobSpec(in *v1.JobSpec, out *batch.JobSpec, s conversion.Scope) error { - return autoConvert_v1_JobSpec_To_batch_JobSpec(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/defaults.go deleted file mode 100644 index 5feda69915..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/defaults.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - batchv1 "k8s.io/api/batch/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - utilpointer "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_Job(obj *batchv1.Job) { - // For a non-parallel job, you can leave both `.spec.completions` and - // `.spec.parallelism` unset. When both are unset, both are defaulted to 1. - if obj.Spec.Completions == nil && obj.Spec.Parallelism == nil { - obj.Spec.Completions = utilpointer.Int32Ptr(1) - obj.Spec.Parallelism = utilpointer.Int32Ptr(1) - } - if obj.Spec.Parallelism == nil { - obj.Spec.Parallelism = utilpointer.Int32Ptr(1) - } - if obj.Spec.BackoffLimit == nil { - obj.Spec.BackoffLimit = utilpointer.Int32Ptr(6) - } - labels := obj.Spec.Template.Labels - if labels != nil && len(obj.Labels) == 0 { - obj.Labels = labels - } - if obj.Spec.CompletionMode == nil { - mode := batchv1.NonIndexedCompletion - obj.Spec.CompletionMode = &mode - } - if obj.Spec.Suspend == nil { - obj.Spec.Suspend = utilpointer.BoolPtr(false) - } - if obj.Spec.PodFailurePolicy != nil { - for _, rule := range obj.Spec.PodFailurePolicy.Rules { - if rule.OnPodConditions != nil { - for i, pattern := range rule.OnPodConditions { - if pattern.Status == "" { - rule.OnPodConditions[i].Status = corev1.ConditionTrue - } - } - } - } - } -} - -func SetDefaults_CronJob(obj *batchv1.CronJob) { - if obj.Spec.ConcurrencyPolicy == "" { - obj.Spec.ConcurrencyPolicy = batchv1.AllowConcurrent - } - if obj.Spec.Suspend == nil { - obj.Spec.Suspend = utilpointer.BoolPtr(false) - } - if obj.Spec.SuccessfulJobsHistoryLimit == nil { - obj.Spec.SuccessfulJobsHistoryLimit = utilpointer.Int32Ptr(3) - } - if obj.Spec.FailedJobsHistoryLimit == nil { - obj.Spec.FailedJobsHistoryLimit = utilpointer.Int32Ptr(1) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/doc.go deleted file mode 100644 index c6aafb6d66..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/batch -// +k8s:conversion-gen-external-types=k8s.io/api/batch/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/batch/v1 - -package v1 // import "k8s.io/kubernetes/pkg/apis/batch/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/register.go deleted file mode 100644 index d5d8edee74..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - batchv1 "k8s.io/api/batch/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "batch" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &batchv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/zz_generated.conversion.go deleted file mode 100644 index a7c425fc50..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/zz_generated.conversion.go +++ /dev/null @@ -1,644 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/batch/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - batch "k8s.io/kubernetes/pkg/apis/batch" - core "k8s.io/kubernetes/pkg/apis/core" - apiscorev1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.CronJob)(nil), (*batch.CronJob)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CronJob_To_batch_CronJob(a.(*v1.CronJob), b.(*batch.CronJob), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJob)(nil), (*v1.CronJob)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJob_To_v1_CronJob(a.(*batch.CronJob), b.(*v1.CronJob), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CronJobList)(nil), (*batch.CronJobList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CronJobList_To_batch_CronJobList(a.(*v1.CronJobList), b.(*batch.CronJobList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJobList)(nil), (*v1.CronJobList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJobList_To_v1_CronJobList(a.(*batch.CronJobList), b.(*v1.CronJobList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CronJobSpec)(nil), (*batch.CronJobSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CronJobSpec_To_batch_CronJobSpec(a.(*v1.CronJobSpec), b.(*batch.CronJobSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJobSpec)(nil), (*v1.CronJobSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJobSpec_To_v1_CronJobSpec(a.(*batch.CronJobSpec), b.(*v1.CronJobSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CronJobStatus)(nil), (*batch.CronJobStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CronJobStatus_To_batch_CronJobStatus(a.(*v1.CronJobStatus), b.(*batch.CronJobStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJobStatus)(nil), (*v1.CronJobStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJobStatus_To_v1_CronJobStatus(a.(*batch.CronJobStatus), b.(*v1.CronJobStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Job)(nil), (*batch.Job)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Job_To_batch_Job(a.(*v1.Job), b.(*batch.Job), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.Job)(nil), (*v1.Job)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_Job_To_v1_Job(a.(*batch.Job), b.(*v1.Job), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.JobCondition)(nil), (*batch.JobCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_JobCondition_To_batch_JobCondition(a.(*v1.JobCondition), b.(*batch.JobCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.JobCondition)(nil), (*v1.JobCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_JobCondition_To_v1_JobCondition(a.(*batch.JobCondition), b.(*v1.JobCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.JobList)(nil), (*batch.JobList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_JobList_To_batch_JobList(a.(*v1.JobList), b.(*batch.JobList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.JobList)(nil), (*v1.JobList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_JobList_To_v1_JobList(a.(*batch.JobList), b.(*v1.JobList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.JobStatus)(nil), (*batch.JobStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_JobStatus_To_batch_JobStatus(a.(*v1.JobStatus), b.(*batch.JobStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.JobStatus)(nil), (*v1.JobStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_JobStatus_To_v1_JobStatus(a.(*batch.JobStatus), b.(*v1.JobStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.JobTemplateSpec)(nil), (*batch.JobTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_JobTemplateSpec_To_batch_JobTemplateSpec(a.(*v1.JobTemplateSpec), b.(*batch.JobTemplateSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.JobTemplateSpec)(nil), (*v1.JobTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_JobTemplateSpec_To_v1_JobTemplateSpec(a.(*batch.JobTemplateSpec), b.(*v1.JobTemplateSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodFailurePolicy)(nil), (*batch.PodFailurePolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodFailurePolicy_To_batch_PodFailurePolicy(a.(*v1.PodFailurePolicy), b.(*batch.PodFailurePolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.PodFailurePolicy)(nil), (*v1.PodFailurePolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_PodFailurePolicy_To_v1_PodFailurePolicy(a.(*batch.PodFailurePolicy), b.(*v1.PodFailurePolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodFailurePolicyOnExitCodesRequirement)(nil), (*batch.PodFailurePolicyOnExitCodesRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodFailurePolicyOnExitCodesRequirement_To_batch_PodFailurePolicyOnExitCodesRequirement(a.(*v1.PodFailurePolicyOnExitCodesRequirement), b.(*batch.PodFailurePolicyOnExitCodesRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.PodFailurePolicyOnExitCodesRequirement)(nil), (*v1.PodFailurePolicyOnExitCodesRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_PodFailurePolicyOnExitCodesRequirement_To_v1_PodFailurePolicyOnExitCodesRequirement(a.(*batch.PodFailurePolicyOnExitCodesRequirement), b.(*v1.PodFailurePolicyOnExitCodesRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodFailurePolicyOnPodConditionsPattern)(nil), (*batch.PodFailurePolicyOnPodConditionsPattern)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodFailurePolicyOnPodConditionsPattern_To_batch_PodFailurePolicyOnPodConditionsPattern(a.(*v1.PodFailurePolicyOnPodConditionsPattern), b.(*batch.PodFailurePolicyOnPodConditionsPattern), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.PodFailurePolicyOnPodConditionsPattern)(nil), (*v1.PodFailurePolicyOnPodConditionsPattern)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_PodFailurePolicyOnPodConditionsPattern_To_v1_PodFailurePolicyOnPodConditionsPattern(a.(*batch.PodFailurePolicyOnPodConditionsPattern), b.(*v1.PodFailurePolicyOnPodConditionsPattern), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodFailurePolicyRule)(nil), (*batch.PodFailurePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodFailurePolicyRule_To_batch_PodFailurePolicyRule(a.(*v1.PodFailurePolicyRule), b.(*batch.PodFailurePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.PodFailurePolicyRule)(nil), (*v1.PodFailurePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_PodFailurePolicyRule_To_v1_PodFailurePolicyRule(a.(*batch.PodFailurePolicyRule), b.(*v1.PodFailurePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.UncountedTerminatedPods)(nil), (*batch.UncountedTerminatedPods)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_UncountedTerminatedPods_To_batch_UncountedTerminatedPods(a.(*v1.UncountedTerminatedPods), b.(*batch.UncountedTerminatedPods), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.UncountedTerminatedPods)(nil), (*v1.UncountedTerminatedPods)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_UncountedTerminatedPods_To_v1_UncountedTerminatedPods(a.(*batch.UncountedTerminatedPods), b.(*v1.UncountedTerminatedPods), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*batch.JobSpec)(nil), (*v1.JobSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_JobSpec_To_v1_JobSpec(a.(*batch.JobSpec), b.(*v1.JobSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.JobSpec)(nil), (*batch.JobSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_JobSpec_To_batch_JobSpec(a.(*v1.JobSpec), b.(*batch.JobSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_CronJob_To_batch_CronJob(in *v1.CronJob, out *batch.CronJob, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_CronJobSpec_To_batch_CronJobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_CronJobStatus_To_batch_CronJobStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_CronJob_To_batch_CronJob is an autogenerated conversion function. -func Convert_v1_CronJob_To_batch_CronJob(in *v1.CronJob, out *batch.CronJob, s conversion.Scope) error { - return autoConvert_v1_CronJob_To_batch_CronJob(in, out, s) -} - -func autoConvert_batch_CronJob_To_v1_CronJob(in *batch.CronJob, out *v1.CronJob, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_batch_CronJobSpec_To_v1_CronJobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_batch_CronJobStatus_To_v1_CronJobStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_batch_CronJob_To_v1_CronJob is an autogenerated conversion function. -func Convert_batch_CronJob_To_v1_CronJob(in *batch.CronJob, out *v1.CronJob, s conversion.Scope) error { - return autoConvert_batch_CronJob_To_v1_CronJob(in, out, s) -} - -func autoConvert_v1_CronJobList_To_batch_CronJobList(in *v1.CronJobList, out *batch.CronJobList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]batch.CronJob, len(*in)) - for i := range *in { - if err := Convert_v1_CronJob_To_batch_CronJob(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_CronJobList_To_batch_CronJobList is an autogenerated conversion function. -func Convert_v1_CronJobList_To_batch_CronJobList(in *v1.CronJobList, out *batch.CronJobList, s conversion.Scope) error { - return autoConvert_v1_CronJobList_To_batch_CronJobList(in, out, s) -} - -func autoConvert_batch_CronJobList_To_v1_CronJobList(in *batch.CronJobList, out *v1.CronJobList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.CronJob, len(*in)) - for i := range *in { - if err := Convert_batch_CronJob_To_v1_CronJob(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_batch_CronJobList_To_v1_CronJobList is an autogenerated conversion function. -func Convert_batch_CronJobList_To_v1_CronJobList(in *batch.CronJobList, out *v1.CronJobList, s conversion.Scope) error { - return autoConvert_batch_CronJobList_To_v1_CronJobList(in, out, s) -} - -func autoConvert_v1_CronJobSpec_To_batch_CronJobSpec(in *v1.CronJobSpec, out *batch.CronJobSpec, s conversion.Scope) error { - out.Schedule = in.Schedule - out.TimeZone = (*string)(unsafe.Pointer(in.TimeZone)) - out.StartingDeadlineSeconds = (*int64)(unsafe.Pointer(in.StartingDeadlineSeconds)) - out.ConcurrencyPolicy = batch.ConcurrencyPolicy(in.ConcurrencyPolicy) - out.Suspend = (*bool)(unsafe.Pointer(in.Suspend)) - if err := Convert_v1_JobTemplateSpec_To_batch_JobTemplateSpec(&in.JobTemplate, &out.JobTemplate, s); err != nil { - return err - } - out.SuccessfulJobsHistoryLimit = (*int32)(unsafe.Pointer(in.SuccessfulJobsHistoryLimit)) - out.FailedJobsHistoryLimit = (*int32)(unsafe.Pointer(in.FailedJobsHistoryLimit)) - return nil -} - -// Convert_v1_CronJobSpec_To_batch_CronJobSpec is an autogenerated conversion function. -func Convert_v1_CronJobSpec_To_batch_CronJobSpec(in *v1.CronJobSpec, out *batch.CronJobSpec, s conversion.Scope) error { - return autoConvert_v1_CronJobSpec_To_batch_CronJobSpec(in, out, s) -} - -func autoConvert_batch_CronJobSpec_To_v1_CronJobSpec(in *batch.CronJobSpec, out *v1.CronJobSpec, s conversion.Scope) error { - out.Schedule = in.Schedule - out.TimeZone = (*string)(unsafe.Pointer(in.TimeZone)) - out.StartingDeadlineSeconds = (*int64)(unsafe.Pointer(in.StartingDeadlineSeconds)) - out.ConcurrencyPolicy = v1.ConcurrencyPolicy(in.ConcurrencyPolicy) - out.Suspend = (*bool)(unsafe.Pointer(in.Suspend)) - if err := Convert_batch_JobTemplateSpec_To_v1_JobTemplateSpec(&in.JobTemplate, &out.JobTemplate, s); err != nil { - return err - } - out.SuccessfulJobsHistoryLimit = (*int32)(unsafe.Pointer(in.SuccessfulJobsHistoryLimit)) - out.FailedJobsHistoryLimit = (*int32)(unsafe.Pointer(in.FailedJobsHistoryLimit)) - return nil -} - -// Convert_batch_CronJobSpec_To_v1_CronJobSpec is an autogenerated conversion function. -func Convert_batch_CronJobSpec_To_v1_CronJobSpec(in *batch.CronJobSpec, out *v1.CronJobSpec, s conversion.Scope) error { - return autoConvert_batch_CronJobSpec_To_v1_CronJobSpec(in, out, s) -} - -func autoConvert_v1_CronJobStatus_To_batch_CronJobStatus(in *v1.CronJobStatus, out *batch.CronJobStatus, s conversion.Scope) error { - out.Active = *(*[]core.ObjectReference)(unsafe.Pointer(&in.Active)) - out.LastScheduleTime = (*metav1.Time)(unsafe.Pointer(in.LastScheduleTime)) - out.LastSuccessfulTime = (*metav1.Time)(unsafe.Pointer(in.LastSuccessfulTime)) - return nil -} - -// Convert_v1_CronJobStatus_To_batch_CronJobStatus is an autogenerated conversion function. -func Convert_v1_CronJobStatus_To_batch_CronJobStatus(in *v1.CronJobStatus, out *batch.CronJobStatus, s conversion.Scope) error { - return autoConvert_v1_CronJobStatus_To_batch_CronJobStatus(in, out, s) -} - -func autoConvert_batch_CronJobStatus_To_v1_CronJobStatus(in *batch.CronJobStatus, out *v1.CronJobStatus, s conversion.Scope) error { - out.Active = *(*[]corev1.ObjectReference)(unsafe.Pointer(&in.Active)) - out.LastScheduleTime = (*metav1.Time)(unsafe.Pointer(in.LastScheduleTime)) - out.LastSuccessfulTime = (*metav1.Time)(unsafe.Pointer(in.LastSuccessfulTime)) - return nil -} - -// Convert_batch_CronJobStatus_To_v1_CronJobStatus is an autogenerated conversion function. -func Convert_batch_CronJobStatus_To_v1_CronJobStatus(in *batch.CronJobStatus, out *v1.CronJobStatus, s conversion.Scope) error { - return autoConvert_batch_CronJobStatus_To_v1_CronJobStatus(in, out, s) -} - -func autoConvert_v1_Job_To_batch_Job(in *v1.Job, out *batch.Job, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_JobSpec_To_batch_JobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_JobStatus_To_batch_JobStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Job_To_batch_Job is an autogenerated conversion function. -func Convert_v1_Job_To_batch_Job(in *v1.Job, out *batch.Job, s conversion.Scope) error { - return autoConvert_v1_Job_To_batch_Job(in, out, s) -} - -func autoConvert_batch_Job_To_v1_Job(in *batch.Job, out *v1.Job, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_batch_JobSpec_To_v1_JobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_batch_JobStatus_To_v1_JobStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_batch_Job_To_v1_Job is an autogenerated conversion function. -func Convert_batch_Job_To_v1_Job(in *batch.Job, out *v1.Job, s conversion.Scope) error { - return autoConvert_batch_Job_To_v1_Job(in, out, s) -} - -func autoConvert_v1_JobCondition_To_batch_JobCondition(in *v1.JobCondition, out *batch.JobCondition, s conversion.Scope) error { - out.Type = batch.JobConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastProbeTime = in.LastProbeTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_JobCondition_To_batch_JobCondition is an autogenerated conversion function. -func Convert_v1_JobCondition_To_batch_JobCondition(in *v1.JobCondition, out *batch.JobCondition, s conversion.Scope) error { - return autoConvert_v1_JobCondition_To_batch_JobCondition(in, out, s) -} - -func autoConvert_batch_JobCondition_To_v1_JobCondition(in *batch.JobCondition, out *v1.JobCondition, s conversion.Scope) error { - out.Type = v1.JobConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - out.LastProbeTime = in.LastProbeTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_batch_JobCondition_To_v1_JobCondition is an autogenerated conversion function. -func Convert_batch_JobCondition_To_v1_JobCondition(in *batch.JobCondition, out *v1.JobCondition, s conversion.Scope) error { - return autoConvert_batch_JobCondition_To_v1_JobCondition(in, out, s) -} - -func autoConvert_v1_JobList_To_batch_JobList(in *v1.JobList, out *batch.JobList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]batch.Job, len(*in)) - for i := range *in { - if err := Convert_v1_Job_To_batch_Job(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_JobList_To_batch_JobList is an autogenerated conversion function. -func Convert_v1_JobList_To_batch_JobList(in *v1.JobList, out *batch.JobList, s conversion.Scope) error { - return autoConvert_v1_JobList_To_batch_JobList(in, out, s) -} - -func autoConvert_batch_JobList_To_v1_JobList(in *batch.JobList, out *v1.JobList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.Job, len(*in)) - for i := range *in { - if err := Convert_batch_Job_To_v1_Job(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_batch_JobList_To_v1_JobList is an autogenerated conversion function. -func Convert_batch_JobList_To_v1_JobList(in *batch.JobList, out *v1.JobList, s conversion.Scope) error { - return autoConvert_batch_JobList_To_v1_JobList(in, out, s) -} - -func autoConvert_v1_JobSpec_To_batch_JobSpec(in *v1.JobSpec, out *batch.JobSpec, s conversion.Scope) error { - out.Parallelism = (*int32)(unsafe.Pointer(in.Parallelism)) - out.Completions = (*int32)(unsafe.Pointer(in.Completions)) - out.ActiveDeadlineSeconds = (*int64)(unsafe.Pointer(in.ActiveDeadlineSeconds)) - out.PodFailurePolicy = (*batch.PodFailurePolicy)(unsafe.Pointer(in.PodFailurePolicy)) - out.BackoffLimit = (*int32)(unsafe.Pointer(in.BackoffLimit)) - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - out.ManualSelector = (*bool)(unsafe.Pointer(in.ManualSelector)) - if err := apiscorev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.TTLSecondsAfterFinished = (*int32)(unsafe.Pointer(in.TTLSecondsAfterFinished)) - out.CompletionMode = (*batch.CompletionMode)(unsafe.Pointer(in.CompletionMode)) - out.Suspend = (*bool)(unsafe.Pointer(in.Suspend)) - return nil -} - -func autoConvert_batch_JobSpec_To_v1_JobSpec(in *batch.JobSpec, out *v1.JobSpec, s conversion.Scope) error { - out.Parallelism = (*int32)(unsafe.Pointer(in.Parallelism)) - out.Completions = (*int32)(unsafe.Pointer(in.Completions)) - out.PodFailurePolicy = (*v1.PodFailurePolicy)(unsafe.Pointer(in.PodFailurePolicy)) - out.ActiveDeadlineSeconds = (*int64)(unsafe.Pointer(in.ActiveDeadlineSeconds)) - out.BackoffLimit = (*int32)(unsafe.Pointer(in.BackoffLimit)) - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - out.ManualSelector = (*bool)(unsafe.Pointer(in.ManualSelector)) - if err := apiscorev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - out.TTLSecondsAfterFinished = (*int32)(unsafe.Pointer(in.TTLSecondsAfterFinished)) - out.CompletionMode = (*v1.CompletionMode)(unsafe.Pointer(in.CompletionMode)) - out.Suspend = (*bool)(unsafe.Pointer(in.Suspend)) - return nil -} - -func autoConvert_v1_JobStatus_To_batch_JobStatus(in *v1.JobStatus, out *batch.JobStatus, s conversion.Scope) error { - out.Conditions = *(*[]batch.JobCondition)(unsafe.Pointer(&in.Conditions)) - out.StartTime = (*metav1.Time)(unsafe.Pointer(in.StartTime)) - out.CompletionTime = (*metav1.Time)(unsafe.Pointer(in.CompletionTime)) - out.Active = in.Active - out.Succeeded = in.Succeeded - out.Failed = in.Failed - out.CompletedIndexes = in.CompletedIndexes - out.UncountedTerminatedPods = (*batch.UncountedTerminatedPods)(unsafe.Pointer(in.UncountedTerminatedPods)) - out.Ready = (*int32)(unsafe.Pointer(in.Ready)) - return nil -} - -// Convert_v1_JobStatus_To_batch_JobStatus is an autogenerated conversion function. -func Convert_v1_JobStatus_To_batch_JobStatus(in *v1.JobStatus, out *batch.JobStatus, s conversion.Scope) error { - return autoConvert_v1_JobStatus_To_batch_JobStatus(in, out, s) -} - -func autoConvert_batch_JobStatus_To_v1_JobStatus(in *batch.JobStatus, out *v1.JobStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1.JobCondition)(unsafe.Pointer(&in.Conditions)) - out.StartTime = (*metav1.Time)(unsafe.Pointer(in.StartTime)) - out.CompletionTime = (*metav1.Time)(unsafe.Pointer(in.CompletionTime)) - out.Active = in.Active - out.Ready = (*int32)(unsafe.Pointer(in.Ready)) - out.Succeeded = in.Succeeded - out.Failed = in.Failed - out.CompletedIndexes = in.CompletedIndexes - out.UncountedTerminatedPods = (*v1.UncountedTerminatedPods)(unsafe.Pointer(in.UncountedTerminatedPods)) - return nil -} - -// Convert_batch_JobStatus_To_v1_JobStatus is an autogenerated conversion function. -func Convert_batch_JobStatus_To_v1_JobStatus(in *batch.JobStatus, out *v1.JobStatus, s conversion.Scope) error { - return autoConvert_batch_JobStatus_To_v1_JobStatus(in, out, s) -} - -func autoConvert_v1_JobTemplateSpec_To_batch_JobTemplateSpec(in *v1.JobTemplateSpec, out *batch.JobTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_JobSpec_To_batch_JobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1_JobTemplateSpec_To_batch_JobTemplateSpec is an autogenerated conversion function. -func Convert_v1_JobTemplateSpec_To_batch_JobTemplateSpec(in *v1.JobTemplateSpec, out *batch.JobTemplateSpec, s conversion.Scope) error { - return autoConvert_v1_JobTemplateSpec_To_batch_JobTemplateSpec(in, out, s) -} - -func autoConvert_batch_JobTemplateSpec_To_v1_JobTemplateSpec(in *batch.JobTemplateSpec, out *v1.JobTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_batch_JobSpec_To_v1_JobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_batch_JobTemplateSpec_To_v1_JobTemplateSpec is an autogenerated conversion function. -func Convert_batch_JobTemplateSpec_To_v1_JobTemplateSpec(in *batch.JobTemplateSpec, out *v1.JobTemplateSpec, s conversion.Scope) error { - return autoConvert_batch_JobTemplateSpec_To_v1_JobTemplateSpec(in, out, s) -} - -func autoConvert_v1_PodFailurePolicy_To_batch_PodFailurePolicy(in *v1.PodFailurePolicy, out *batch.PodFailurePolicy, s conversion.Scope) error { - out.Rules = *(*[]batch.PodFailurePolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1_PodFailurePolicy_To_batch_PodFailurePolicy is an autogenerated conversion function. -func Convert_v1_PodFailurePolicy_To_batch_PodFailurePolicy(in *v1.PodFailurePolicy, out *batch.PodFailurePolicy, s conversion.Scope) error { - return autoConvert_v1_PodFailurePolicy_To_batch_PodFailurePolicy(in, out, s) -} - -func autoConvert_batch_PodFailurePolicy_To_v1_PodFailurePolicy(in *batch.PodFailurePolicy, out *v1.PodFailurePolicy, s conversion.Scope) error { - out.Rules = *(*[]v1.PodFailurePolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_batch_PodFailurePolicy_To_v1_PodFailurePolicy is an autogenerated conversion function. -func Convert_batch_PodFailurePolicy_To_v1_PodFailurePolicy(in *batch.PodFailurePolicy, out *v1.PodFailurePolicy, s conversion.Scope) error { - return autoConvert_batch_PodFailurePolicy_To_v1_PodFailurePolicy(in, out, s) -} - -func autoConvert_v1_PodFailurePolicyOnExitCodesRequirement_To_batch_PodFailurePolicyOnExitCodesRequirement(in *v1.PodFailurePolicyOnExitCodesRequirement, out *batch.PodFailurePolicyOnExitCodesRequirement, s conversion.Scope) error { - out.ContainerName = (*string)(unsafe.Pointer(in.ContainerName)) - out.Operator = batch.PodFailurePolicyOnExitCodesOperator(in.Operator) - out.Values = *(*[]int32)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_v1_PodFailurePolicyOnExitCodesRequirement_To_batch_PodFailurePolicyOnExitCodesRequirement is an autogenerated conversion function. -func Convert_v1_PodFailurePolicyOnExitCodesRequirement_To_batch_PodFailurePolicyOnExitCodesRequirement(in *v1.PodFailurePolicyOnExitCodesRequirement, out *batch.PodFailurePolicyOnExitCodesRequirement, s conversion.Scope) error { - return autoConvert_v1_PodFailurePolicyOnExitCodesRequirement_To_batch_PodFailurePolicyOnExitCodesRequirement(in, out, s) -} - -func autoConvert_batch_PodFailurePolicyOnExitCodesRequirement_To_v1_PodFailurePolicyOnExitCodesRequirement(in *batch.PodFailurePolicyOnExitCodesRequirement, out *v1.PodFailurePolicyOnExitCodesRequirement, s conversion.Scope) error { - out.ContainerName = (*string)(unsafe.Pointer(in.ContainerName)) - out.Operator = v1.PodFailurePolicyOnExitCodesOperator(in.Operator) - out.Values = *(*[]int32)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_batch_PodFailurePolicyOnExitCodesRequirement_To_v1_PodFailurePolicyOnExitCodesRequirement is an autogenerated conversion function. -func Convert_batch_PodFailurePolicyOnExitCodesRequirement_To_v1_PodFailurePolicyOnExitCodesRequirement(in *batch.PodFailurePolicyOnExitCodesRequirement, out *v1.PodFailurePolicyOnExitCodesRequirement, s conversion.Scope) error { - return autoConvert_batch_PodFailurePolicyOnExitCodesRequirement_To_v1_PodFailurePolicyOnExitCodesRequirement(in, out, s) -} - -func autoConvert_v1_PodFailurePolicyOnPodConditionsPattern_To_batch_PodFailurePolicyOnPodConditionsPattern(in *v1.PodFailurePolicyOnPodConditionsPattern, out *batch.PodFailurePolicyOnPodConditionsPattern, s conversion.Scope) error { - out.Type = core.PodConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - return nil -} - -// Convert_v1_PodFailurePolicyOnPodConditionsPattern_To_batch_PodFailurePolicyOnPodConditionsPattern is an autogenerated conversion function. -func Convert_v1_PodFailurePolicyOnPodConditionsPattern_To_batch_PodFailurePolicyOnPodConditionsPattern(in *v1.PodFailurePolicyOnPodConditionsPattern, out *batch.PodFailurePolicyOnPodConditionsPattern, s conversion.Scope) error { - return autoConvert_v1_PodFailurePolicyOnPodConditionsPattern_To_batch_PodFailurePolicyOnPodConditionsPattern(in, out, s) -} - -func autoConvert_batch_PodFailurePolicyOnPodConditionsPattern_To_v1_PodFailurePolicyOnPodConditionsPattern(in *batch.PodFailurePolicyOnPodConditionsPattern, out *v1.PodFailurePolicyOnPodConditionsPattern, s conversion.Scope) error { - out.Type = corev1.PodConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - return nil -} - -// Convert_batch_PodFailurePolicyOnPodConditionsPattern_To_v1_PodFailurePolicyOnPodConditionsPattern is an autogenerated conversion function. -func Convert_batch_PodFailurePolicyOnPodConditionsPattern_To_v1_PodFailurePolicyOnPodConditionsPattern(in *batch.PodFailurePolicyOnPodConditionsPattern, out *v1.PodFailurePolicyOnPodConditionsPattern, s conversion.Scope) error { - return autoConvert_batch_PodFailurePolicyOnPodConditionsPattern_To_v1_PodFailurePolicyOnPodConditionsPattern(in, out, s) -} - -func autoConvert_v1_PodFailurePolicyRule_To_batch_PodFailurePolicyRule(in *v1.PodFailurePolicyRule, out *batch.PodFailurePolicyRule, s conversion.Scope) error { - out.Action = batch.PodFailurePolicyAction(in.Action) - out.OnExitCodes = (*batch.PodFailurePolicyOnExitCodesRequirement)(unsafe.Pointer(in.OnExitCodes)) - out.OnPodConditions = *(*[]batch.PodFailurePolicyOnPodConditionsPattern)(unsafe.Pointer(&in.OnPodConditions)) - return nil -} - -// Convert_v1_PodFailurePolicyRule_To_batch_PodFailurePolicyRule is an autogenerated conversion function. -func Convert_v1_PodFailurePolicyRule_To_batch_PodFailurePolicyRule(in *v1.PodFailurePolicyRule, out *batch.PodFailurePolicyRule, s conversion.Scope) error { - return autoConvert_v1_PodFailurePolicyRule_To_batch_PodFailurePolicyRule(in, out, s) -} - -func autoConvert_batch_PodFailurePolicyRule_To_v1_PodFailurePolicyRule(in *batch.PodFailurePolicyRule, out *v1.PodFailurePolicyRule, s conversion.Scope) error { - out.Action = v1.PodFailurePolicyAction(in.Action) - out.OnExitCodes = (*v1.PodFailurePolicyOnExitCodesRequirement)(unsafe.Pointer(in.OnExitCodes)) - out.OnPodConditions = *(*[]v1.PodFailurePolicyOnPodConditionsPattern)(unsafe.Pointer(&in.OnPodConditions)) - return nil -} - -// Convert_batch_PodFailurePolicyRule_To_v1_PodFailurePolicyRule is an autogenerated conversion function. -func Convert_batch_PodFailurePolicyRule_To_v1_PodFailurePolicyRule(in *batch.PodFailurePolicyRule, out *v1.PodFailurePolicyRule, s conversion.Scope) error { - return autoConvert_batch_PodFailurePolicyRule_To_v1_PodFailurePolicyRule(in, out, s) -} - -func autoConvert_v1_UncountedTerminatedPods_To_batch_UncountedTerminatedPods(in *v1.UncountedTerminatedPods, out *batch.UncountedTerminatedPods, s conversion.Scope) error { - out.Succeeded = *(*[]types.UID)(unsafe.Pointer(&in.Succeeded)) - out.Failed = *(*[]types.UID)(unsafe.Pointer(&in.Failed)) - return nil -} - -// Convert_v1_UncountedTerminatedPods_To_batch_UncountedTerminatedPods is an autogenerated conversion function. -func Convert_v1_UncountedTerminatedPods_To_batch_UncountedTerminatedPods(in *v1.UncountedTerminatedPods, out *batch.UncountedTerminatedPods, s conversion.Scope) error { - return autoConvert_v1_UncountedTerminatedPods_To_batch_UncountedTerminatedPods(in, out, s) -} - -func autoConvert_batch_UncountedTerminatedPods_To_v1_UncountedTerminatedPods(in *batch.UncountedTerminatedPods, out *v1.UncountedTerminatedPods, s conversion.Scope) error { - out.Succeeded = *(*[]types.UID)(unsafe.Pointer(&in.Succeeded)) - out.Failed = *(*[]types.UID)(unsafe.Pointer(&in.Failed)) - return nil -} - -// Convert_batch_UncountedTerminatedPods_To_v1_UncountedTerminatedPods is an autogenerated conversion function. -func Convert_batch_UncountedTerminatedPods_To_v1_UncountedTerminatedPods(in *batch.UncountedTerminatedPods, out *v1.UncountedTerminatedPods, s conversion.Scope) error { - return autoConvert_batch_UncountedTerminatedPods_To_v1_UncountedTerminatedPods(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/zz_generated.defaults.go deleted file mode 100644 index 409ba558ba..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1/zz_generated.defaults.go +++ /dev/null @@ -1,589 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/batch/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.CronJob{}, func(obj interface{}) { SetObjectDefaults_CronJob(obj.(*v1.CronJob)) }) - scheme.AddTypeDefaultingFunc(&v1.CronJobList{}, func(obj interface{}) { SetObjectDefaults_CronJobList(obj.(*v1.CronJobList)) }) - scheme.AddTypeDefaultingFunc(&v1.Job{}, func(obj interface{}) { SetObjectDefaults_Job(obj.(*v1.Job)) }) - scheme.AddTypeDefaultingFunc(&v1.JobList{}, func(obj interface{}) { SetObjectDefaults_JobList(obj.(*v1.JobList)) }) - return nil -} - -func SetObjectDefaults_CronJob(in *v1.CronJob) { - SetDefaults_CronJob(in) - corev1.SetDefaults_PodSpec(&in.Spec.JobTemplate.Spec.Template.Spec) - for i := range in.Spec.JobTemplate.Spec.Template.Spec.Volumes { - a := &in.Spec.JobTemplate.Spec.Template.Spec.Volumes[i] - corev1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - corev1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - corev1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - corev1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - corev1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - corev1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - corev1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - corev1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - corev1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - corev1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - corev1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - corev1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.JobTemplate.Spec.Template.Spec.InitContainers { - a := &in.Spec.JobTemplate.Spec.Template.Spec.InitContainers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.JobTemplate.Spec.Template.Spec.Containers { - a := &in.Spec.JobTemplate.Spec.Template.Spec.Containers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.JobTemplate.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.JobTemplate.Spec.Template.Spec.EphemeralContainers[i] - corev1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - corev1.SetDefaults_ResourceList(&in.Spec.JobTemplate.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_CronJobList(in *v1.CronJobList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_CronJob(a) - } -} - -func SetObjectDefaults_Job(in *v1.Job) { - SetDefaults_Job(in) - corev1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - corev1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - corev1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - corev1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - corev1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - corev1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - corev1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - corev1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - corev1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - corev1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - corev1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - corev1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - corev1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - corev1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - corev1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - corev1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - corev1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - corev1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - corev1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - corev1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - corev1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_JobList(in *v1.JobList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Job(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/conversion.go deleted file mode 100644 index c98fe65af1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/conversion.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - var err error - // Add field label conversions for kinds having selectable nothing but ObjectMeta fields. - for _, k := range []string{"Job", "JobTemplate", "CronJob"} { - kind := k // don't close over range variables - err = scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind(kind), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", "metadata.namespace", "status.successful": - return label, value, nil - default: - return "", "", fmt.Errorf("field label %q not supported for %q", label, kind) - } - }) - if err != nil { - return err - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/defaults.go deleted file mode 100644 index 58fee5f583..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/defaults.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - batchv1beta1 "k8s.io/api/batch/v1beta1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_CronJob(obj *batchv1beta1.CronJob) { - if obj.Spec.ConcurrencyPolicy == "" { - obj.Spec.ConcurrencyPolicy = batchv1beta1.AllowConcurrent - } - if obj.Spec.Suspend == nil { - obj.Spec.Suspend = new(bool) - } - if obj.Spec.SuccessfulJobsHistoryLimit == nil { - obj.Spec.SuccessfulJobsHistoryLimit = new(int32) - *obj.Spec.SuccessfulJobsHistoryLimit = 3 - } - if obj.Spec.FailedJobsHistoryLimit == nil { - obj.Spec.FailedJobsHistoryLimit = new(int32) - *obj.Spec.FailedJobsHistoryLimit = 1 - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/doc.go deleted file mode 100644 index db37207c0c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/batch -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/batch/v1 -// +k8s:conversion-gen-external-types=k8s.io/api/batch/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/batch/v1beta1 - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/batch/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/register.go deleted file mode 100644 index d90cdfbb15..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - batchv1beta1 "k8s.io/api/batch/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "batch" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &batchv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 944c06d0ef..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,293 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/batch/v1beta1" - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - batch "k8s.io/kubernetes/pkg/apis/batch" - batchv1 "k8s.io/kubernetes/pkg/apis/batch/v1" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.CronJob)(nil), (*batch.CronJob)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CronJob_To_batch_CronJob(a.(*v1beta1.CronJob), b.(*batch.CronJob), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJob)(nil), (*v1beta1.CronJob)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJob_To_v1beta1_CronJob(a.(*batch.CronJob), b.(*v1beta1.CronJob), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CronJobList)(nil), (*batch.CronJobList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CronJobList_To_batch_CronJobList(a.(*v1beta1.CronJobList), b.(*batch.CronJobList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJobList)(nil), (*v1beta1.CronJobList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJobList_To_v1beta1_CronJobList(a.(*batch.CronJobList), b.(*v1beta1.CronJobList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CronJobSpec)(nil), (*batch.CronJobSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CronJobSpec_To_batch_CronJobSpec(a.(*v1beta1.CronJobSpec), b.(*batch.CronJobSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJobSpec)(nil), (*v1beta1.CronJobSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJobSpec_To_v1beta1_CronJobSpec(a.(*batch.CronJobSpec), b.(*v1beta1.CronJobSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CronJobStatus)(nil), (*batch.CronJobStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CronJobStatus_To_batch_CronJobStatus(a.(*v1beta1.CronJobStatus), b.(*batch.CronJobStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.CronJobStatus)(nil), (*v1beta1.CronJobStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_CronJobStatus_To_v1beta1_CronJobStatus(a.(*batch.CronJobStatus), b.(*v1beta1.CronJobStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.JobTemplate)(nil), (*batch.JobTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_JobTemplate_To_batch_JobTemplate(a.(*v1beta1.JobTemplate), b.(*batch.JobTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.JobTemplate)(nil), (*v1beta1.JobTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_JobTemplate_To_v1beta1_JobTemplate(a.(*batch.JobTemplate), b.(*v1beta1.JobTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.JobTemplateSpec)(nil), (*batch.JobTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_JobTemplateSpec_To_batch_JobTemplateSpec(a.(*v1beta1.JobTemplateSpec), b.(*batch.JobTemplateSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*batch.JobTemplateSpec)(nil), (*v1beta1.JobTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_batch_JobTemplateSpec_To_v1beta1_JobTemplateSpec(a.(*batch.JobTemplateSpec), b.(*v1beta1.JobTemplateSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_CronJob_To_batch_CronJob(in *v1beta1.CronJob, out *batch.CronJob, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_CronJobSpec_To_batch_CronJobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_CronJobStatus_To_batch_CronJobStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_CronJob_To_batch_CronJob is an autogenerated conversion function. -func Convert_v1beta1_CronJob_To_batch_CronJob(in *v1beta1.CronJob, out *batch.CronJob, s conversion.Scope) error { - return autoConvert_v1beta1_CronJob_To_batch_CronJob(in, out, s) -} - -func autoConvert_batch_CronJob_To_v1beta1_CronJob(in *batch.CronJob, out *v1beta1.CronJob, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_batch_CronJobSpec_To_v1beta1_CronJobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_batch_CronJobStatus_To_v1beta1_CronJobStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_batch_CronJob_To_v1beta1_CronJob is an autogenerated conversion function. -func Convert_batch_CronJob_To_v1beta1_CronJob(in *batch.CronJob, out *v1beta1.CronJob, s conversion.Scope) error { - return autoConvert_batch_CronJob_To_v1beta1_CronJob(in, out, s) -} - -func autoConvert_v1beta1_CronJobList_To_batch_CronJobList(in *v1beta1.CronJobList, out *batch.CronJobList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]batch.CronJob, len(*in)) - for i := range *in { - if err := Convert_v1beta1_CronJob_To_batch_CronJob(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_CronJobList_To_batch_CronJobList is an autogenerated conversion function. -func Convert_v1beta1_CronJobList_To_batch_CronJobList(in *v1beta1.CronJobList, out *batch.CronJobList, s conversion.Scope) error { - return autoConvert_v1beta1_CronJobList_To_batch_CronJobList(in, out, s) -} - -func autoConvert_batch_CronJobList_To_v1beta1_CronJobList(in *batch.CronJobList, out *v1beta1.CronJobList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.CronJob, len(*in)) - for i := range *in { - if err := Convert_batch_CronJob_To_v1beta1_CronJob(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_batch_CronJobList_To_v1beta1_CronJobList is an autogenerated conversion function. -func Convert_batch_CronJobList_To_v1beta1_CronJobList(in *batch.CronJobList, out *v1beta1.CronJobList, s conversion.Scope) error { - return autoConvert_batch_CronJobList_To_v1beta1_CronJobList(in, out, s) -} - -func autoConvert_v1beta1_CronJobSpec_To_batch_CronJobSpec(in *v1beta1.CronJobSpec, out *batch.CronJobSpec, s conversion.Scope) error { - out.Schedule = in.Schedule - out.TimeZone = (*string)(unsafe.Pointer(in.TimeZone)) - out.StartingDeadlineSeconds = (*int64)(unsafe.Pointer(in.StartingDeadlineSeconds)) - out.ConcurrencyPolicy = batch.ConcurrencyPolicy(in.ConcurrencyPolicy) - out.Suspend = (*bool)(unsafe.Pointer(in.Suspend)) - if err := Convert_v1beta1_JobTemplateSpec_To_batch_JobTemplateSpec(&in.JobTemplate, &out.JobTemplate, s); err != nil { - return err - } - out.SuccessfulJobsHistoryLimit = (*int32)(unsafe.Pointer(in.SuccessfulJobsHistoryLimit)) - out.FailedJobsHistoryLimit = (*int32)(unsafe.Pointer(in.FailedJobsHistoryLimit)) - return nil -} - -// Convert_v1beta1_CronJobSpec_To_batch_CronJobSpec is an autogenerated conversion function. -func Convert_v1beta1_CronJobSpec_To_batch_CronJobSpec(in *v1beta1.CronJobSpec, out *batch.CronJobSpec, s conversion.Scope) error { - return autoConvert_v1beta1_CronJobSpec_To_batch_CronJobSpec(in, out, s) -} - -func autoConvert_batch_CronJobSpec_To_v1beta1_CronJobSpec(in *batch.CronJobSpec, out *v1beta1.CronJobSpec, s conversion.Scope) error { - out.Schedule = in.Schedule - out.TimeZone = (*string)(unsafe.Pointer(in.TimeZone)) - out.StartingDeadlineSeconds = (*int64)(unsafe.Pointer(in.StartingDeadlineSeconds)) - out.ConcurrencyPolicy = v1beta1.ConcurrencyPolicy(in.ConcurrencyPolicy) - out.Suspend = (*bool)(unsafe.Pointer(in.Suspend)) - if err := Convert_batch_JobTemplateSpec_To_v1beta1_JobTemplateSpec(&in.JobTemplate, &out.JobTemplate, s); err != nil { - return err - } - out.SuccessfulJobsHistoryLimit = (*int32)(unsafe.Pointer(in.SuccessfulJobsHistoryLimit)) - out.FailedJobsHistoryLimit = (*int32)(unsafe.Pointer(in.FailedJobsHistoryLimit)) - return nil -} - -// Convert_batch_CronJobSpec_To_v1beta1_CronJobSpec is an autogenerated conversion function. -func Convert_batch_CronJobSpec_To_v1beta1_CronJobSpec(in *batch.CronJobSpec, out *v1beta1.CronJobSpec, s conversion.Scope) error { - return autoConvert_batch_CronJobSpec_To_v1beta1_CronJobSpec(in, out, s) -} - -func autoConvert_v1beta1_CronJobStatus_To_batch_CronJobStatus(in *v1beta1.CronJobStatus, out *batch.CronJobStatus, s conversion.Scope) error { - out.Active = *(*[]core.ObjectReference)(unsafe.Pointer(&in.Active)) - out.LastScheduleTime = (*v1.Time)(unsafe.Pointer(in.LastScheduleTime)) - out.LastSuccessfulTime = (*v1.Time)(unsafe.Pointer(in.LastSuccessfulTime)) - return nil -} - -// Convert_v1beta1_CronJobStatus_To_batch_CronJobStatus is an autogenerated conversion function. -func Convert_v1beta1_CronJobStatus_To_batch_CronJobStatus(in *v1beta1.CronJobStatus, out *batch.CronJobStatus, s conversion.Scope) error { - return autoConvert_v1beta1_CronJobStatus_To_batch_CronJobStatus(in, out, s) -} - -func autoConvert_batch_CronJobStatus_To_v1beta1_CronJobStatus(in *batch.CronJobStatus, out *v1beta1.CronJobStatus, s conversion.Scope) error { - out.Active = *(*[]corev1.ObjectReference)(unsafe.Pointer(&in.Active)) - out.LastScheduleTime = (*v1.Time)(unsafe.Pointer(in.LastScheduleTime)) - out.LastSuccessfulTime = (*v1.Time)(unsafe.Pointer(in.LastSuccessfulTime)) - return nil -} - -// Convert_batch_CronJobStatus_To_v1beta1_CronJobStatus is an autogenerated conversion function. -func Convert_batch_CronJobStatus_To_v1beta1_CronJobStatus(in *batch.CronJobStatus, out *v1beta1.CronJobStatus, s conversion.Scope) error { - return autoConvert_batch_CronJobStatus_To_v1beta1_CronJobStatus(in, out, s) -} - -func autoConvert_v1beta1_JobTemplate_To_batch_JobTemplate(in *v1beta1.JobTemplate, out *batch.JobTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_JobTemplateSpec_To_batch_JobTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_JobTemplate_To_batch_JobTemplate is an autogenerated conversion function. -func Convert_v1beta1_JobTemplate_To_batch_JobTemplate(in *v1beta1.JobTemplate, out *batch.JobTemplate, s conversion.Scope) error { - return autoConvert_v1beta1_JobTemplate_To_batch_JobTemplate(in, out, s) -} - -func autoConvert_batch_JobTemplate_To_v1beta1_JobTemplate(in *batch.JobTemplate, out *v1beta1.JobTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_batch_JobTemplateSpec_To_v1beta1_JobTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_batch_JobTemplate_To_v1beta1_JobTemplate is an autogenerated conversion function. -func Convert_batch_JobTemplate_To_v1beta1_JobTemplate(in *batch.JobTemplate, out *v1beta1.JobTemplate, s conversion.Scope) error { - return autoConvert_batch_JobTemplate_To_v1beta1_JobTemplate(in, out, s) -} - -func autoConvert_v1beta1_JobTemplateSpec_To_batch_JobTemplateSpec(in *v1beta1.JobTemplateSpec, out *batch.JobTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := batchv1.Convert_v1_JobSpec_To_batch_JobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_JobTemplateSpec_To_batch_JobTemplateSpec is an autogenerated conversion function. -func Convert_v1beta1_JobTemplateSpec_To_batch_JobTemplateSpec(in *v1beta1.JobTemplateSpec, out *batch.JobTemplateSpec, s conversion.Scope) error { - return autoConvert_v1beta1_JobTemplateSpec_To_batch_JobTemplateSpec(in, out, s) -} - -func autoConvert_batch_JobTemplateSpec_To_v1beta1_JobTemplateSpec(in *batch.JobTemplateSpec, out *v1beta1.JobTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := batchv1.Convert_batch_JobSpec_To_v1_JobSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_batch_JobTemplateSpec_To_v1beta1_JobTemplateSpec is an autogenerated conversion function. -func Convert_batch_JobTemplateSpec_To_v1beta1_JobTemplateSpec(in *batch.JobTemplateSpec, out *v1beta1.JobTemplateSpec, s conversion.Scope) error { - return autoConvert_batch_JobTemplateSpec_To_v1beta1_JobTemplateSpec(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 89c08a9c3f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,580 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/batch/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.CronJob{}, func(obj interface{}) { SetObjectDefaults_CronJob(obj.(*v1beta1.CronJob)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.CronJobList{}, func(obj interface{}) { SetObjectDefaults_CronJobList(obj.(*v1beta1.CronJobList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.JobTemplate{}, func(obj interface{}) { SetObjectDefaults_JobTemplate(obj.(*v1beta1.JobTemplate)) }) - return nil -} - -func SetObjectDefaults_CronJob(in *v1beta1.CronJob) { - SetDefaults_CronJob(in) - v1.SetDefaults_PodSpec(&in.Spec.JobTemplate.Spec.Template.Spec) - for i := range in.Spec.JobTemplate.Spec.Template.Spec.Volumes { - a := &in.Spec.JobTemplate.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.JobTemplate.Spec.Template.Spec.InitContainers { - a := &in.Spec.JobTemplate.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.JobTemplate.Spec.Template.Spec.Containers { - a := &in.Spec.JobTemplate.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.JobTemplate.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.JobTemplate.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.JobTemplate.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_CronJobList(in *v1beta1.CronJobList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_CronJob(a) - } -} - -func SetObjectDefaults_JobTemplate(in *v1beta1.JobTemplate) { - v1.SetDefaults_PodSpec(&in.Template.Spec.Template.Spec) - for i := range in.Template.Spec.Template.Spec.Volumes { - a := &in.Template.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Template.Spec.Template.Spec.InitContainers { - a := &in.Template.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Template.Spec.Template.Spec.Containers { - a := &in.Template.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Template.Spec.Template.Spec.EphemeralContainers { - a := &in.Template.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Template.Spec.Template.Spec.Overhead) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/validation/validation.go deleted file mode 100644 index 2efb83bb06..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/validation/validation.go +++ /dev/null @@ -1,555 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strings" - "time" - - "github.com/robfig/cron/v3" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/sets" - apimachineryvalidation "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/batch" - api "k8s.io/kubernetes/pkg/apis/core" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/utils/pointer" -) - -// maxParallelismForIndexJob is the maximum parallelism that an Indexed Job -// is allowed to have. This threshold allows to cap the length of -// .status.completedIndexes. -const maxParallelismForIndexedJob = 100000 - -const ( - // maximum number of rules in pod failure policy - maxPodFailurePolicyRules = 20 - - // maximum number of values for a OnExitCodes requirement in pod failure policy - maxPodFailurePolicyOnExitCodesValues = 255 - - // maximum number of patterns for a OnPodConditions requirement in pod failure policy - maxPodFailurePolicyOnPodConditionsPatterns = 20 -) - -var ( - supportedPodFailurePolicyActions sets.String = sets.NewString( - string(batch.PodFailurePolicyActionCount), - string(batch.PodFailurePolicyActionFailJob), - string(batch.PodFailurePolicyActionIgnore)) - - supportedPodFailurePolicyOnExitCodesOperator sets.String = sets.NewString( - string(batch.PodFailurePolicyOnExitCodesOpIn), - string(batch.PodFailurePolicyOnExitCodesOpNotIn)) - - supportedPodFailurePolicyOnPodConditionsStatus sets.String = sets.NewString( - string(v1.ConditionFalse), - string(v1.ConditionTrue), - string(v1.ConditionUnknown)) -) - -// ValidateGeneratedSelector validates that the generated selector on a controller object match the controller object -// metadata, and the labels on the pod template are as generated. -// -// TODO: generalize for other controller objects that will follow the same pattern, such as ReplicaSet and DaemonSet, and -// move to new location. Replace batch.Job with an interface. -func ValidateGeneratedSelector(obj *batch.Job) field.ErrorList { - allErrs := field.ErrorList{} - if obj.Spec.ManualSelector != nil && *obj.Spec.ManualSelector { - return allErrs - } - - if obj.Spec.Selector == nil { - return allErrs // This case should already have been checked in caller. No need for more errors. - } - - // If somehow uid was unset then we would get "controller-uid=" as the selector - // which is bad. - if obj.ObjectMeta.UID == "" { - allErrs = append(allErrs, field.Required(field.NewPath("metadata").Child("uid"), "")) - } - - // If selector generation was requested, then expected labels must be - // present on pod template, and must match job's uid and name. The - // generated (not-manual) selectors/labels ensure no overlap with other - // controllers. The manual mode allows orphaning, adoption, - // backward-compatibility, and experimentation with new - // labeling/selection schemes. Automatic selector generation should - // have placed certain labels on the pod, but this could have failed if - // the user added coflicting labels. Validate that the expected - // generated ones are there. - - allErrs = append(allErrs, apivalidation.ValidateHasLabel(obj.Spec.Template.ObjectMeta, field.NewPath("spec").Child("template").Child("metadata"), "controller-uid", string(obj.UID))...) - allErrs = append(allErrs, apivalidation.ValidateHasLabel(obj.Spec.Template.ObjectMeta, field.NewPath("spec").Child("template").Child("metadata"), "job-name", string(obj.Name))...) - expectedLabels := make(map[string]string) - expectedLabels["controller-uid"] = string(obj.UID) - expectedLabels["job-name"] = string(obj.Name) - // Whether manually or automatically generated, the selector of the job must match the pods it will produce. - if selector, err := metav1.LabelSelectorAsSelector(obj.Spec.Selector); err == nil { - if !selector.Matches(labels.Set(expectedLabels)) { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("selector"), obj.Spec.Selector, "`selector` not auto-generated")) - } - } - - return allErrs -} - -// ValidateJob validates a Job and returns an ErrorList with any errors. -func ValidateJob(job *batch.Job, opts JobValidationOptions) field.ErrorList { - // Jobs and rcs have the same name validation - allErrs := apivalidation.ValidateObjectMeta(&job.ObjectMeta, true, apivalidation.ValidateReplicationControllerName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateGeneratedSelector(job)...) - allErrs = append(allErrs, ValidateJobSpec(&job.Spec, field.NewPath("spec"), opts.PodValidationOptions)...) - if !opts.AllowTrackingAnnotation && hasJobTrackingAnnotation(job) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("metadata").Child("annotations").Key(batch.JobTrackingFinalizer), "cannot add this annotation")) - } - if job.Spec.CompletionMode != nil && *job.Spec.CompletionMode == batch.IndexedCompletion && job.Spec.Completions != nil && *job.Spec.Completions > 0 { - // For indexed job, the job controller appends a suffix (`-$INDEX`) - // to the pod hostname when indexed job create pods. - // The index could be maximum `.spec.completions-1` - // If we don't validate this here, the indexed job will fail to create pods later. - maximumPodHostname := fmt.Sprintf("%s-%d", job.ObjectMeta.Name, *job.Spec.Completions-1) - if errs := apimachineryvalidation.IsDNS1123Label(maximumPodHostname); len(errs) > 0 { - allErrs = append(allErrs, field.Invalid(field.NewPath("metadata").Child("name"), job.ObjectMeta.Name, fmt.Sprintf("will not able to create pod with invalid DNS label: %s", maximumPodHostname))) - } - } - return allErrs -} - -func hasJobTrackingAnnotation(job *batch.Job) bool { - if job.Annotations == nil { - return false - } - _, ok := job.Annotations[batch.JobTrackingFinalizer] - return ok -} - -// ValidateJobSpec validates a JobSpec and returns an ErrorList with any errors. -func ValidateJobSpec(spec *batch.JobSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := validateJobSpec(spec, fldPath, opts) - if spec.Selector == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("selector"), "")) - } else { - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector, - } - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, labelSelectorValidationOpts, fldPath.Child("selector"))...) - } - - // Whether manually or automatically generated, the selector of the job must match the pods it will produce. - if selector, err := metav1.LabelSelectorAsSelector(spec.Selector); err == nil { - labels := labels.Set(spec.Template.Labels) - if !selector.Matches(labels) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "metadata", "labels"), spec.Template.Labels, "`selector` does not match template `labels`")) - } - } - return allErrs -} - -func validateJobSpec(spec *batch.JobSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if spec.Parallelism != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.Parallelism), fldPath.Child("parallelism"))...) - } - if spec.Completions != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.Completions), fldPath.Child("completions"))...) - } - if spec.ActiveDeadlineSeconds != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.ActiveDeadlineSeconds), fldPath.Child("activeDeadlineSeconds"))...) - } - if spec.BackoffLimit != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.BackoffLimit), fldPath.Child("backoffLimit"))...) - } - if spec.TTLSecondsAfterFinished != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.TTLSecondsAfterFinished), fldPath.Child("ttlSecondsAfterFinished"))...) - } - if spec.CompletionMode != nil { - if *spec.CompletionMode != batch.NonIndexedCompletion && *spec.CompletionMode != batch.IndexedCompletion { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("completionMode"), spec.CompletionMode, []string{string(batch.NonIndexedCompletion), string(batch.IndexedCompletion)})) - } - if *spec.CompletionMode == batch.IndexedCompletion { - if spec.Completions == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("completions"), fmt.Sprintf("when completion mode is %s", batch.IndexedCompletion))) - } - if spec.Parallelism != nil && *spec.Parallelism > maxParallelismForIndexedJob { - allErrs = append(allErrs, field.Invalid(fldPath.Child("parallelism"), *spec.Parallelism, fmt.Sprintf("must be less than or equal to %d when completion mode is %s", maxParallelismForIndexedJob, batch.IndexedCompletion))) - } - } - } - - if spec.PodFailurePolicy != nil { - allErrs = append(allErrs, validatePodFailurePolicy(spec, fldPath.Child("podFailurePolicy"))...) - } - - allErrs = append(allErrs, apivalidation.ValidatePodTemplateSpec(&spec.Template, fldPath.Child("template"), opts)...) - - // spec.Template.Spec.RestartPolicy can be defaulted as RestartPolicyAlways - // by SetDefaults_PodSpec function when the user does not explicitly specify a value for it, - // so we check both empty and RestartPolicyAlways cases here - if spec.Template.Spec.RestartPolicy == api.RestartPolicyAlways || spec.Template.Spec.RestartPolicy == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("template", "spec", "restartPolicy"), - fmt.Sprintf("valid values: %q, %q", api.RestartPolicyOnFailure, api.RestartPolicyNever))) - } else if spec.Template.Spec.RestartPolicy != api.RestartPolicyOnFailure && spec.Template.Spec.RestartPolicy != api.RestartPolicyNever { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("template", "spec", "restartPolicy"), - spec.Template.Spec.RestartPolicy, []string{string(api.RestartPolicyOnFailure), string(api.RestartPolicyNever)})) - } else if spec.PodFailurePolicy != nil && spec.Template.Spec.RestartPolicy != api.RestartPolicyNever { - allErrs = append(allErrs, field.Invalid(fldPath.Child("template", "spec", "restartPolicy"), - spec.Template.Spec.RestartPolicy, fmt.Sprintf("only %q is supported when podFailurePolicy is specified", api.RestartPolicyNever))) - } - return allErrs -} - -func validatePodFailurePolicy(spec *batch.JobSpec, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - rulesPath := fldPath.Child("rules") - if len(spec.PodFailurePolicy.Rules) > maxPodFailurePolicyRules { - allErrs = append(allErrs, field.TooMany(rulesPath, len(spec.PodFailurePolicy.Rules), maxPodFailurePolicyRules)) - } - containerNames := sets.NewString() - for _, containerSpec := range spec.Template.Spec.Containers { - containerNames.Insert(containerSpec.Name) - } - for _, containerSpec := range spec.Template.Spec.InitContainers { - containerNames.Insert(containerSpec.Name) - } - for i, rule := range spec.PodFailurePolicy.Rules { - allErrs = append(allErrs, validatePodFailurePolicyRule(&rule, rulesPath.Index(i), containerNames)...) - } - return allErrs -} - -func validatePodFailurePolicyRule(rule *batch.PodFailurePolicyRule, rulePath *field.Path, containerNames sets.String) field.ErrorList { - var allErrs field.ErrorList - actionPath := rulePath.Child("action") - if rule.Action == "" { - allErrs = append(allErrs, field.Required(actionPath, fmt.Sprintf("valid values: %q", supportedPodFailurePolicyActions.List()))) - } else if !supportedPodFailurePolicyActions.Has(string(rule.Action)) { - allErrs = append(allErrs, field.NotSupported(actionPath, rule.Action, supportedPodFailurePolicyActions.List())) - } - if rule.OnExitCodes != nil { - allErrs = append(allErrs, validatePodFailurePolicyRuleOnExitCodes(rule.OnExitCodes, rulePath.Child("onExitCodes"), containerNames)...) - } - if len(rule.OnPodConditions) > 0 { - allErrs = append(allErrs, validatePodFailurePolicyRuleOnPodConditions(rule.OnPodConditions, rulePath.Child("onPodConditions"))...) - } - if rule.OnExitCodes != nil && len(rule.OnPodConditions) > 0 { - allErrs = append(allErrs, field.Invalid(rulePath, field.OmitValueType{}, "specifying both OnExitCodes and OnPodConditions is not supported")) - } - if rule.OnExitCodes == nil && len(rule.OnPodConditions) == 0 { - allErrs = append(allErrs, field.Invalid(rulePath, field.OmitValueType{}, "specifying one of OnExitCodes and OnPodConditions is required")) - } - return allErrs -} - -func validatePodFailurePolicyRuleOnPodConditions(onPodConditions []batch.PodFailurePolicyOnPodConditionsPattern, onPodConditionsPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if len(onPodConditions) > maxPodFailurePolicyOnPodConditionsPatterns { - allErrs = append(allErrs, field.TooMany(onPodConditionsPath, len(onPodConditions), maxPodFailurePolicyOnPodConditionsPatterns)) - } - for j, pattern := range onPodConditions { - patternPath := onPodConditionsPath.Index(j) - statusPath := patternPath.Child("status") - allErrs = append(allErrs, apivalidation.ValidateQualifiedName(string(pattern.Type), patternPath.Child("type"))...) - if pattern.Status == "" { - allErrs = append(allErrs, field.Required(statusPath, fmt.Sprintf("valid values: %q", supportedPodFailurePolicyOnPodConditionsStatus.List()))) - } else if !supportedPodFailurePolicyOnPodConditionsStatus.Has(string(pattern.Status)) { - allErrs = append(allErrs, field.NotSupported(statusPath, pattern.Status, supportedPodFailurePolicyOnPodConditionsStatus.List())) - } - } - return allErrs -} - -func validatePodFailurePolicyRuleOnExitCodes(onExitCode *batch.PodFailurePolicyOnExitCodesRequirement, onExitCodesPath *field.Path, containerNames sets.String) field.ErrorList { - var allErrs field.ErrorList - operatorPath := onExitCodesPath.Child("operator") - if onExitCode.Operator == "" { - allErrs = append(allErrs, field.Required(operatorPath, fmt.Sprintf("valid values: %q", supportedPodFailurePolicyOnExitCodesOperator.List()))) - } else if !supportedPodFailurePolicyOnExitCodesOperator.Has(string(onExitCode.Operator)) { - allErrs = append(allErrs, field.NotSupported(operatorPath, onExitCode.Operator, supportedPodFailurePolicyOnExitCodesOperator.List())) - } - if onExitCode.ContainerName != nil && !containerNames.Has(*onExitCode.ContainerName) { - allErrs = append(allErrs, field.Invalid(onExitCodesPath.Child("containerName"), *onExitCode.ContainerName, "must be one of the container or initContainer names in the pod template")) - } - valuesPath := onExitCodesPath.Child("values") - if len(onExitCode.Values) == 0 { - allErrs = append(allErrs, field.Invalid(valuesPath, onExitCode.Values, "at least one value is required")) - } else if len(onExitCode.Values) > maxPodFailurePolicyOnExitCodesValues { - allErrs = append(allErrs, field.TooMany(valuesPath, len(onExitCode.Values), maxPodFailurePolicyOnExitCodesValues)) - } - isOrdered := true - uniqueValues := sets.NewInt32() - for j, exitCodeValue := range onExitCode.Values { - valuePath := valuesPath.Index(j) - if onExitCode.Operator == batch.PodFailurePolicyOnExitCodesOpIn && exitCodeValue == 0 { - allErrs = append(allErrs, field.Invalid(valuePath, exitCodeValue, "must not be 0 for the In operator")) - } - if uniqueValues.Has(exitCodeValue) { - allErrs = append(allErrs, field.Duplicate(valuePath, exitCodeValue)) - } else { - uniqueValues.Insert(exitCodeValue) - } - if j > 0 && onExitCode.Values[j-1] > exitCodeValue { - isOrdered = false - } - } - if !isOrdered { - allErrs = append(allErrs, field.Invalid(valuesPath, onExitCode.Values, "must be ordered")) - } - - return allErrs -} - -// validateJobStatus validates a JobStatus and returns an ErrorList with any errors. -func validateJobStatus(status *batch.JobStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Active), fldPath.Child("active"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Succeeded), fldPath.Child("succeeded"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.Failed), fldPath.Child("failed"))...) - if status.Ready != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*status.Ready), fldPath.Child("ready"))...) - } - if status.UncountedTerminatedPods != nil { - path := fldPath.Child("uncountedTerminatedPods") - seen := sets.NewString() - for i, k := range status.UncountedTerminatedPods.Succeeded { - p := path.Child("succeeded").Index(i) - if k == "" { - allErrs = append(allErrs, field.Invalid(p, k, "must not be empty")) - } else if seen.Has(string(k)) { - allErrs = append(allErrs, field.Duplicate(p, k)) - } else { - seen.Insert(string(k)) - } - } - for i, k := range status.UncountedTerminatedPods.Failed { - p := path.Child("failed").Index(i) - if k == "" { - allErrs = append(allErrs, field.Invalid(p, k, "must not be empty")) - } else if seen.Has(string(k)) { - allErrs = append(allErrs, field.Duplicate(p, k)) - } else { - seen.Insert(string(k)) - } - } - } - return allErrs -} - -// ValidateJobUpdate validates an update to a Job and returns an ErrorList with any errors. -func ValidateJobUpdate(job, oldJob *batch.Job, opts JobValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&job.ObjectMeta, &oldJob.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateJobSpecUpdate(job.Spec, oldJob.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateJobUpdateStatus validates an update to the status of a Job and returns an ErrorList with any errors. -func ValidateJobUpdateStatus(job, oldJob *batch.Job) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&job.ObjectMeta, &oldJob.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateJobStatusUpdate(job.Status, oldJob.Status)...) - return allErrs -} - -// ValidateJobSpecUpdate validates an update to a JobSpec and returns an ErrorList with any errors. -func ValidateJobSpecUpdate(spec, oldSpec batch.JobSpec, fldPath *field.Path, opts JobValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateJobSpec(&spec, fldPath, opts.PodValidationOptions)...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(spec.Completions, oldSpec.Completions, fldPath.Child("completions"))...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(spec.Selector, oldSpec.Selector, fldPath.Child("selector"))...) - allErrs = append(allErrs, validatePodTemplateUpdate(spec, oldSpec, fldPath, opts)...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(spec.CompletionMode, oldSpec.CompletionMode, fldPath.Child("completionMode"))...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(spec.PodFailurePolicy, oldSpec.PodFailurePolicy, fldPath.Child("podFailurePolicy"))...) - return allErrs -} - -func validatePodTemplateUpdate(spec, oldSpec batch.JobSpec, fldPath *field.Path, opts JobValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - template := &spec.Template - oldTemplate := &oldSpec.Template - if opts.AllowMutableSchedulingDirectives { - oldTemplate = oldSpec.Template.DeepCopy() // +k8s:verify-mutation:reason=clone - switch { - case template.Spec.Affinity == nil && oldTemplate.Spec.Affinity != nil: - // allow the Affinity field to be cleared if the old template had no affinity directives other than NodeAffinity - oldTemplate.Spec.Affinity.NodeAffinity = nil // +k8s:verify-mutation:reason=clone - if (*oldTemplate.Spec.Affinity) == (api.Affinity{}) { - oldTemplate.Spec.Affinity = nil // +k8s:verify-mutation:reason=clone - } - case template.Spec.Affinity != nil && oldTemplate.Spec.Affinity == nil: - // allow the NodeAffinity field to skip immutability checking - oldTemplate.Spec.Affinity = &api.Affinity{NodeAffinity: template.Spec.Affinity.NodeAffinity} // +k8s:verify-mutation:reason=clone - case template.Spec.Affinity != nil && oldTemplate.Spec.Affinity != nil: - // allow the NodeAffinity field to skip immutability checking - oldTemplate.Spec.Affinity.NodeAffinity = template.Spec.Affinity.NodeAffinity // +k8s:verify-mutation:reason=clone - } - oldTemplate.Spec.NodeSelector = template.Spec.NodeSelector // +k8s:verify-mutation:reason=clone - oldTemplate.Spec.Tolerations = template.Spec.Tolerations // +k8s:verify-mutation:reason=clone - oldTemplate.Annotations = template.Annotations // +k8s:verify-mutation:reason=clone - oldTemplate.Labels = template.Labels // +k8s:verify-mutation:reason=clone - } - allErrs = append(allErrs, apivalidation.ValidateImmutableField(template, oldTemplate, fldPath.Child("template"))...) - return allErrs -} - -// ValidateJobStatusUpdate validates an update to a JobStatus and returns an ErrorList with any errors. -func ValidateJobStatusUpdate(status, oldStatus batch.JobStatus) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validateJobStatus(&status, field.NewPath("status"))...) - return allErrs -} - -// ValidateCronJobCreate validates a CronJob on creation and returns an ErrorList with any errors. -func ValidateCronJobCreate(cronJob *batch.CronJob, opts apivalidation.PodValidationOptions) field.ErrorList { - // CronJobs and rcs have the same name validation - allErrs := apivalidation.ValidateObjectMeta(&cronJob.ObjectMeta, true, apivalidation.ValidateReplicationControllerName, field.NewPath("metadata")) - allErrs = append(allErrs, validateCronJobSpec(&cronJob.Spec, nil, field.NewPath("spec"), opts)...) - if len(cronJob.ObjectMeta.Name) > apimachineryvalidation.DNS1035LabelMaxLength-11 { - // The cronjob controller appends a 11-character suffix to the cronjob (`-$TIMESTAMP`) when - // creating a job. The job name length limit is 63 characters. - // Therefore cronjob names must have length <= 63-11=52. If we don't validate this here, - // then job creation will fail later. - allErrs = append(allErrs, field.Invalid(field.NewPath("metadata").Child("name"), cronJob.ObjectMeta.Name, "must be no more than 52 characters")) - } - return allErrs -} - -// ValidateCronJobUpdate validates an update to a CronJob and returns an ErrorList with any errors. -func ValidateCronJobUpdate(job, oldJob *batch.CronJob, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&job.ObjectMeta, &oldJob.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, validateCronJobSpec(&job.Spec, &oldJob.Spec, field.NewPath("spec"), opts)...) - - // skip the 52-character name validation limit on update validation - // to allow old cronjobs with names > 52 chars to be updated/deleted - return allErrs -} - -// validateCronJobSpec validates a CronJobSpec and returns an ErrorList with any errors. -func validateCronJobSpec(spec, oldSpec *batch.CronJobSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if len(spec.Schedule) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("schedule"), "")) - } else { - allErrs = append(allErrs, validateScheduleFormat(spec.Schedule, spec.TimeZone, fldPath.Child("schedule"))...) - } - - if spec.StartingDeadlineSeconds != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.StartingDeadlineSeconds), fldPath.Child("startingDeadlineSeconds"))...) - } - - if oldSpec == nil || !pointer.StringEqual(oldSpec.TimeZone, spec.TimeZone) { - allErrs = append(allErrs, validateTimeZone(spec.TimeZone, fldPath.Child("timeZone"))...) - } - - allErrs = append(allErrs, validateConcurrencyPolicy(&spec.ConcurrencyPolicy, fldPath.Child("concurrencyPolicy"))...) - allErrs = append(allErrs, ValidateJobTemplateSpec(&spec.JobTemplate, fldPath.Child("jobTemplate"), opts)...) - - if spec.SuccessfulJobsHistoryLimit != nil { - // zero is a valid SuccessfulJobsHistoryLimit - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.SuccessfulJobsHistoryLimit), fldPath.Child("successfulJobsHistoryLimit"))...) - } - if spec.FailedJobsHistoryLimit != nil { - // zero is a valid SuccessfulJobsHistoryLimit - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*spec.FailedJobsHistoryLimit), fldPath.Child("failedJobsHistoryLimit"))...) - } - - return allErrs -} - -func validateConcurrencyPolicy(concurrencyPolicy *batch.ConcurrencyPolicy, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - switch *concurrencyPolicy { - case batch.AllowConcurrent, batch.ForbidConcurrent, batch.ReplaceConcurrent: - break - case "": - allErrs = append(allErrs, field.Required(fldPath, "")) - default: - validValues := []string{string(batch.AllowConcurrent), string(batch.ForbidConcurrent), string(batch.ReplaceConcurrent)} - allErrs = append(allErrs, field.NotSupported(fldPath, *concurrencyPolicy, validValues)) - } - - return allErrs -} - -func validateScheduleFormat(schedule string, timeZone *string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if _, err := cron.ParseStandard(schedule); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath, schedule, err.Error())) - } - if strings.Contains(schedule, "TZ") && timeZone != nil { - allErrs = append(allErrs, field.Invalid(fldPath, schedule, "cannot use both timeZone field and TZ or CRON_TZ in schedule")) - } - - return allErrs -} - -func validateTimeZone(timeZone *string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if timeZone == nil { - return allErrs - } - - if len(*timeZone) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath, timeZone, "timeZone must be nil or non-empty string")) - return allErrs - } - - if strings.EqualFold(*timeZone, "Local") { - allErrs = append(allErrs, field.Invalid(fldPath, timeZone, "timeZone must be an explicit time zone as defined in https://www.iana.org/time-zones")) - } - - if _, err := time.LoadLocation(*timeZone); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath, timeZone, err.Error())) - } - - return allErrs -} - -// ValidateJobTemplate validates a JobTemplate and returns an ErrorList with any errors. -func ValidateJobTemplate(job *batch.JobTemplate, opts apivalidation.PodValidationOptions) field.ErrorList { - // this method should be identical to ValidateJob - allErrs := apivalidation.ValidateObjectMeta(&job.ObjectMeta, true, apivalidation.ValidateReplicationControllerName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateJobTemplateSpec(&job.Template, field.NewPath("template"), opts)...) - return allErrs -} - -// ValidateJobTemplateSpec validates a JobTemplateSpec and returns an ErrorList with any errors. -func ValidateJobTemplateSpec(spec *batch.JobTemplateSpec, fldPath *field.Path, opts apivalidation.PodValidationOptions) field.ErrorList { - allErrs := validateJobSpec(&spec.Spec, fldPath.Child("spec"), opts) - - // jobtemplate will always have the selector automatically generated - if spec.Spec.Selector != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("spec", "selector"), spec.Spec.Selector, "`selector` will be auto-generated")) - } - if spec.Spec.ManualSelector != nil && *spec.Spec.ManualSelector { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("spec", "manualSelector"), spec.Spec.ManualSelector, []string{"nil", "false"})) - } - return allErrs -} - -type JobValidationOptions struct { - apivalidation.PodValidationOptions - // Allow Job to have the annotation batch.kubernetes.io/job-tracking - AllowTrackingAnnotation bool - // Allow mutable node affinity, selector and tolerations of the template - AllowMutableSchedulingDirectives bool -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/zz_generated.deepcopy.go deleted file mode 100644 index 98b86bfcc8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/batch/zz_generated.deepcopy.go +++ /dev/null @@ -1,510 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package batch - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CronJob) DeepCopyInto(out *CronJob) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CronJob. -func (in *CronJob) DeepCopy() *CronJob { - if in == nil { - return nil - } - out := new(CronJob) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CronJob) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CronJobList) DeepCopyInto(out *CronJobList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]CronJob, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CronJobList. -func (in *CronJobList) DeepCopy() *CronJobList { - if in == nil { - return nil - } - out := new(CronJobList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CronJobList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CronJobSpec) DeepCopyInto(out *CronJobSpec) { - *out = *in - if in.TimeZone != nil { - in, out := &in.TimeZone, &out.TimeZone - *out = new(string) - **out = **in - } - if in.StartingDeadlineSeconds != nil { - in, out := &in.StartingDeadlineSeconds, &out.StartingDeadlineSeconds - *out = new(int64) - **out = **in - } - if in.Suspend != nil { - in, out := &in.Suspend, &out.Suspend - *out = new(bool) - **out = **in - } - in.JobTemplate.DeepCopyInto(&out.JobTemplate) - if in.SuccessfulJobsHistoryLimit != nil { - in, out := &in.SuccessfulJobsHistoryLimit, &out.SuccessfulJobsHistoryLimit - *out = new(int32) - **out = **in - } - if in.FailedJobsHistoryLimit != nil { - in, out := &in.FailedJobsHistoryLimit, &out.FailedJobsHistoryLimit - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CronJobSpec. -func (in *CronJobSpec) DeepCopy() *CronJobSpec { - if in == nil { - return nil - } - out := new(CronJobSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CronJobStatus) DeepCopyInto(out *CronJobStatus) { - *out = *in - if in.Active != nil { - in, out := &in.Active, &out.Active - *out = make([]core.ObjectReference, len(*in)) - copy(*out, *in) - } - if in.LastScheduleTime != nil { - in, out := &in.LastScheduleTime, &out.LastScheduleTime - *out = (*in).DeepCopy() - } - if in.LastSuccessfulTime != nil { - in, out := &in.LastSuccessfulTime, &out.LastSuccessfulTime - *out = (*in).DeepCopy() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CronJobStatus. -func (in *CronJobStatus) DeepCopy() *CronJobStatus { - if in == nil { - return nil - } - out := new(CronJobStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Job) DeepCopyInto(out *Job) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Job. -func (in *Job) DeepCopy() *Job { - if in == nil { - return nil - } - out := new(Job) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Job) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JobCondition) DeepCopyInto(out *JobCondition) { - *out = *in - in.LastProbeTime.DeepCopyInto(&out.LastProbeTime) - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobCondition. -func (in *JobCondition) DeepCopy() *JobCondition { - if in == nil { - return nil - } - out := new(JobCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JobList) DeepCopyInto(out *JobList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Job, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobList. -func (in *JobList) DeepCopy() *JobList { - if in == nil { - return nil - } - out := new(JobList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *JobList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JobSpec) DeepCopyInto(out *JobSpec) { - *out = *in - if in.Parallelism != nil { - in, out := &in.Parallelism, &out.Parallelism - *out = new(int32) - **out = **in - } - if in.Completions != nil { - in, out := &in.Completions, &out.Completions - *out = new(int32) - **out = **in - } - if in.PodFailurePolicy != nil { - in, out := &in.PodFailurePolicy, &out.PodFailurePolicy - *out = new(PodFailurePolicy) - (*in).DeepCopyInto(*out) - } - if in.ActiveDeadlineSeconds != nil { - in, out := &in.ActiveDeadlineSeconds, &out.ActiveDeadlineSeconds - *out = new(int64) - **out = **in - } - if in.BackoffLimit != nil { - in, out := &in.BackoffLimit, &out.BackoffLimit - *out = new(int32) - **out = **in - } - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.ManualSelector != nil { - in, out := &in.ManualSelector, &out.ManualSelector - *out = new(bool) - **out = **in - } - in.Template.DeepCopyInto(&out.Template) - if in.TTLSecondsAfterFinished != nil { - in, out := &in.TTLSecondsAfterFinished, &out.TTLSecondsAfterFinished - *out = new(int32) - **out = **in - } - if in.CompletionMode != nil { - in, out := &in.CompletionMode, &out.CompletionMode - *out = new(CompletionMode) - **out = **in - } - if in.Suspend != nil { - in, out := &in.Suspend, &out.Suspend - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobSpec. -func (in *JobSpec) DeepCopy() *JobSpec { - if in == nil { - return nil - } - out := new(JobSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JobStatus) DeepCopyInto(out *JobStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]JobCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.StartTime != nil { - in, out := &in.StartTime, &out.StartTime - *out = (*in).DeepCopy() - } - if in.CompletionTime != nil { - in, out := &in.CompletionTime, &out.CompletionTime - *out = (*in).DeepCopy() - } - if in.Ready != nil { - in, out := &in.Ready, &out.Ready - *out = new(int32) - **out = **in - } - if in.UncountedTerminatedPods != nil { - in, out := &in.UncountedTerminatedPods, &out.UncountedTerminatedPods - *out = new(UncountedTerminatedPods) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobStatus. -func (in *JobStatus) DeepCopy() *JobStatus { - if in == nil { - return nil - } - out := new(JobStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JobTemplate) DeepCopyInto(out *JobTemplate) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Template.DeepCopyInto(&out.Template) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobTemplate. -func (in *JobTemplate) DeepCopy() *JobTemplate { - if in == nil { - return nil - } - out := new(JobTemplate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *JobTemplate) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JobTemplateSpec) DeepCopyInto(out *JobTemplateSpec) { - *out = *in - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobTemplateSpec. -func (in *JobTemplateSpec) DeepCopy() *JobTemplateSpec { - if in == nil { - return nil - } - out := new(JobTemplateSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodFailurePolicy) DeepCopyInto(out *PodFailurePolicy) { - *out = *in - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]PodFailurePolicyRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodFailurePolicy. -func (in *PodFailurePolicy) DeepCopy() *PodFailurePolicy { - if in == nil { - return nil - } - out := new(PodFailurePolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodFailurePolicyOnExitCodesRequirement) DeepCopyInto(out *PodFailurePolicyOnExitCodesRequirement) { - *out = *in - if in.ContainerName != nil { - in, out := &in.ContainerName, &out.ContainerName - *out = new(string) - **out = **in - } - if in.Values != nil { - in, out := &in.Values, &out.Values - *out = make([]int32, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodFailurePolicyOnExitCodesRequirement. -func (in *PodFailurePolicyOnExitCodesRequirement) DeepCopy() *PodFailurePolicyOnExitCodesRequirement { - if in == nil { - return nil - } - out := new(PodFailurePolicyOnExitCodesRequirement) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodFailurePolicyOnPodConditionsPattern) DeepCopyInto(out *PodFailurePolicyOnPodConditionsPattern) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodFailurePolicyOnPodConditionsPattern. -func (in *PodFailurePolicyOnPodConditionsPattern) DeepCopy() *PodFailurePolicyOnPodConditionsPattern { - if in == nil { - return nil - } - out := new(PodFailurePolicyOnPodConditionsPattern) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodFailurePolicyRule) DeepCopyInto(out *PodFailurePolicyRule) { - *out = *in - if in.OnExitCodes != nil { - in, out := &in.OnExitCodes, &out.OnExitCodes - *out = new(PodFailurePolicyOnExitCodesRequirement) - (*in).DeepCopyInto(*out) - } - if in.OnPodConditions != nil { - in, out := &in.OnPodConditions, &out.OnPodConditions - *out = make([]PodFailurePolicyOnPodConditionsPattern, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodFailurePolicyRule. -func (in *PodFailurePolicyRule) DeepCopy() *PodFailurePolicyRule { - if in == nil { - return nil - } - out := new(PodFailurePolicyRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UncountedTerminatedPods) DeepCopyInto(out *UncountedTerminatedPods) { - *out = *in - if in.Succeeded != nil { - in, out := &in.Succeeded, &out.Succeeded - *out = make([]types.UID, len(*in)) - copy(*out, *in) - } - if in.Failed != nil { - in, out := &in.Failed, &out.Failed - *out = make([]types.UID, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UncountedTerminatedPods. -func (in *UncountedTerminatedPods) DeepCopy() *UncountedTerminatedPods { - if in == nil { - return nil - } - out := new(UncountedTerminatedPods) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/OWNERS deleted file mode 100644 index 5fd431a1b1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-certificates-approvers - - sig-auth-certificates-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/doc.go deleted file mode 100644 index c752aacaf5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=certificates.k8s.io - -package certificates // import "k8s.io/kubernetes/pkg/apis/certificates" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/helpers.go deleted file mode 100644 index b50317df27..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/helpers.go +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package certificates - -import ( - "crypto/x509" - "encoding/pem" - "errors" - "fmt" - "reflect" - "strings" - - "k8s.io/apimachinery/pkg/util/sets" -) - -// ParseCSR extracts the CSR from the bytes and decodes it. -func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error) { - block, _ := pem.Decode(pemBytes) - if block == nil || block.Type != "CERTIFICATE REQUEST" { - return nil, errors.New("PEM block type must be CERTIFICATE REQUEST") - } - csr, err := x509.ParseCertificateRequest(block.Bytes) - if err != nil { - return nil, err - } - return csr, nil -} - -var ( - organizationNotSystemNodesErr = fmt.Errorf("subject organization is not system:nodes") - commonNameNotSystemNode = fmt.Errorf("subject common name does not begin with system:node:") - dnsOrIPSANRequiredErr = fmt.Errorf("DNS or IP subjectAltName is required") - dnsSANNotAllowedErr = fmt.Errorf("DNS subjectAltNames are not allowed") - emailSANNotAllowedErr = fmt.Errorf("Email subjectAltNames are not allowed") - ipSANNotAllowedErr = fmt.Errorf("IP subjectAltNames are not allowed") - uriSANNotAllowedErr = fmt.Errorf("URI subjectAltNames are not allowed") -) - -var ( - kubeletServingRequiredUsages = sets.NewString( - string(UsageDigitalSignature), - string(UsageKeyEncipherment), - string(UsageServerAuth), - ) - kubeletServingRequiredUsagesNoRSA = sets.NewString( - string(UsageDigitalSignature), - string(UsageServerAuth), - ) -) - -func IsKubeletServingCSR(req *x509.CertificateRequest, usages sets.String, allowOmittingUsageKeyEncipherment bool) bool { - return ValidateKubeletServingCSR(req, usages, allowOmittingUsageKeyEncipherment) == nil -} -func ValidateKubeletServingCSR(req *x509.CertificateRequest, usages sets.String, allowOmittingUsageKeyEncipherment bool) error { - if !reflect.DeepEqual([]string{"system:nodes"}, req.Subject.Organization) { - return organizationNotSystemNodesErr - } - - // at least one of dnsNames or ipAddresses must be specified - if len(req.DNSNames) == 0 && len(req.IPAddresses) == 0 { - return dnsOrIPSANRequiredErr - } - - if len(req.EmailAddresses) > 0 { - return emailSANNotAllowedErr - } - if len(req.URIs) > 0 { - return uriSANNotAllowedErr - } - - if allowOmittingUsageKeyEncipherment { - if !kubeletServingRequiredUsages.Equal(usages) && !kubeletServingRequiredUsagesNoRSA.Equal(usages) { - return fmt.Errorf("usages did not match %v", kubeletServingRequiredUsages.List()) - } - } else { - if !kubeletServingRequiredUsages.Equal(usages) { - return fmt.Errorf("usages did not match %v", kubeletServingRequiredUsages.List()) - } - } - - if !strings.HasPrefix(req.Subject.CommonName, "system:node:") { - return commonNameNotSystemNode - } - - return nil -} - -var ( - kubeletClientRequiredUsagesNoRSA = sets.NewString( - string(UsageDigitalSignature), - string(UsageClientAuth), - ) - kubeletClientRequiredUsages = sets.NewString( - string(UsageDigitalSignature), - string(UsageKeyEncipherment), - string(UsageClientAuth), - ) -) - -func IsKubeletClientCSR(req *x509.CertificateRequest, usages sets.String, allowOmittingUsageKeyEncipherment bool) bool { - return ValidateKubeletClientCSR(req, usages, allowOmittingUsageKeyEncipherment) == nil -} -func ValidateKubeletClientCSR(req *x509.CertificateRequest, usages sets.String, allowOmittingUsageKeyEncipherment bool) error { - if !reflect.DeepEqual([]string{"system:nodes"}, req.Subject.Organization) { - return organizationNotSystemNodesErr - } - - if len(req.DNSNames) > 0 { - return dnsSANNotAllowedErr - } - if len(req.EmailAddresses) > 0 { - return emailSANNotAllowedErr - } - if len(req.IPAddresses) > 0 { - return ipSANNotAllowedErr - } - if len(req.URIs) > 0 { - return uriSANNotAllowedErr - } - - if !strings.HasPrefix(req.Subject.CommonName, "system:node:") { - return commonNameNotSystemNode - } - - if allowOmittingUsageKeyEncipherment { - if !kubeletClientRequiredUsages.Equal(usages) && !kubeletClientRequiredUsagesNoRSA.Equal(usages) { - return fmt.Errorf("usages did not match %v", kubeletClientRequiredUsages.List()) - } - } else { - if !kubeletClientRequiredUsages.Equal(usages) { - return fmt.Errorf("usages did not match %v", kubeletClientRequiredUsages.List()) - } - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/install/install.go deleted file mode 100644 index 26ff90e836..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the certificates API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/certificates" - v1 "k8s.io/kubernetes/pkg/apis/certificates/v1" - "k8s.io/kubernetes/pkg/apis/certificates/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(certificates.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/register.go deleted file mode 100644 index a876251ca4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/register.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package certificates - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -// GroupName is the group name use in this package -const GroupName = "certificates.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &CertificateSigningRequest{}, - &CertificateSigningRequestList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/types.go deleted file mode 100644 index 9a43f796c1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/types.go +++ /dev/null @@ -1,224 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package certificates - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Describes a certificate signing request -type CertificateSigningRequest struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // The certificate request itself and any additional information. - // +optional - Spec CertificateSigningRequestSpec - - // Derived information about the request. - // +optional - Status CertificateSigningRequestStatus -} - -// This information is immutable after the request is created. Only the Request -// and Usages fields can be set on creation, other fields are derived by -// Kubernetes and cannot be modified by users. -type CertificateSigningRequestSpec struct { - // Base64-encoded PKCS#10 CSR data - Request []byte - - // signerName indicates the requested signer, and is a qualified name. - // - // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. - // - // Well-known Kubernetes signers are: - // 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. - // Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager. - // 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. - // Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. - // Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // - // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers - // - // Custom signerNames can also be specified. The signer defines: - // 1. Trust distribution: how trust (CA bundles) are distributed. - // 2. Permitted subjects: and behavior when a disallowed subject is requested. - // 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. - // 4. Required, permitted, or forbidden key usages / extended key usages. - // 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. - // 6. Whether or not requests for CA certificates are allowed. - SignerName string - - // expirationSeconds is the requested duration of validity of the issued - // certificate. The certificate signer may issue a certificate with a different - // validity duration so a client must check the delta between the notBefore and - // and notAfter fields in the issued certificate to determine the actual duration. - // - // The v1.22+ in-tree implementations of the well-known Kubernetes signers will - // honor this field as long as the requested duration is not greater than the - // maximum duration they will honor per the --cluster-signing-duration CLI - // flag to the Kubernetes controller manager. - // - // Certificate signers may not honor this field for various reasons: - // - // 1. Old signer that is unaware of the field (such as the in-tree - // implementations prior to v1.22) - // 2. Signer whose configured maximum is shorter than the requested duration - // 3. Signer whose configured minimum is longer than the requested duration - // - // The minimum valid value for expirationSeconds is 600, i.e. 10 minutes. - // - // +optional - ExpirationSeconds *int32 - - // usages specifies a set of usage contexts the key will be - // valid for. - // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 - // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - Usages []KeyUsage - - // Information about the requesting user. - // See user.Info interface for details. - // +optional - Username string - // UID information about the requesting user. - // See user.Info interface for details. - // +optional - UID string - // Group information about the requesting user. - // See user.Info interface for details. - // +optional - Groups []string - // Extra information about the requesting user. - // See user.Info interface for details. - // +optional - Extra map[string]ExtraValue -} - -// Built in signerName values that are honoured by kube-controller-manager. -// None of these usages are related to ServiceAccount token secrets -// `.data[ca.crt]` in any way. -const ( - // Signs certificates that will be honored as client-certs by the - // kube-apiserver. Never auto-approved by kube-controller-manager. - KubeAPIServerClientSignerName = "kubernetes.io/kube-apiserver-client" - - // Signs client certificates that will be honored as client-certs by the - // kube-apiserver for a kubelet. - // May be auto-approved by kube-controller-manager. - KubeAPIServerClientKubeletSignerName = "kubernetes.io/kube-apiserver-client-kubelet" - - // Signs serving certificates that are honored as a valid kubelet serving - // certificate by the kube-apiserver, but has no other guarantees. - KubeletServingSignerName = "kubernetes.io/kubelet-serving" - - // Has no guarantees for trust at all. Some distributions may honor these - // as client certs, but that behavior is not standard kubernetes behavior. - LegacyUnknownSignerName = "kubernetes.io/legacy-unknown" -) - -// ExtraValue masks the value so protobuf can generate -type ExtraValue []string - -type CertificateSigningRequestStatus struct { - // Conditions applied to the request, such as approval or denial. - // +optional - Conditions []CertificateSigningRequestCondition - - // If request was approved, the controller will place the issued certificate here. - // +optional - Certificate []byte -} - -type RequestConditionType string - -// These are the possible conditions for a certificate request. -const ( - CertificateApproved RequestConditionType = "Approved" - CertificateDenied RequestConditionType = "Denied" - CertificateFailed RequestConditionType = "Failed" -) - -type CertificateSigningRequestCondition struct { - // type of the condition. Known conditions include "Approved", "Denied", and "Failed". - Type RequestConditionType - // Status of the condition, one of True, False, Unknown. - // Approved, Denied, and Failed conditions may not be "False" or "Unknown". - // If unset, should be treated as "True". - // +optional - Status api.ConditionStatus - // brief reason for the request state - // +optional - Reason string - // human readable message with details about the request state - // +optional - Message string - // timestamp for the last update to this condition - // +optional - LastUpdateTime metav1.Time - // lastTransitionTime is the time the condition last transitioned from one status to another. - // +optional - LastTransitionTime metav1.Time -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type CertificateSigningRequestList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // +optional - Items []CertificateSigningRequest -} - -// KeyUsages specifies valid usage contexts for keys. -// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 -// -// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 -type KeyUsage string - -const ( - UsageSigning KeyUsage = "signing" - UsageDigitalSignature KeyUsage = "digital signature" - UsageContentCommitment KeyUsage = "content commitment" - UsageKeyEncipherment KeyUsage = "key encipherment" - UsageKeyAgreement KeyUsage = "key agreement" - UsageDataEncipherment KeyUsage = "data encipherment" - UsageCertSign KeyUsage = "cert sign" - UsageCRLSign KeyUsage = "crl sign" - UsageEncipherOnly KeyUsage = "encipher only" - UsageDecipherOnly KeyUsage = "decipher only" - UsageAny KeyUsage = "any" - UsageServerAuth KeyUsage = "server auth" - UsageClientAuth KeyUsage = "client auth" - UsageCodeSigning KeyUsage = "code signing" - UsageEmailProtection KeyUsage = "email protection" - UsageSMIME KeyUsage = "s/mime" - UsageIPsecEndSystem KeyUsage = "ipsec end system" - UsageIPsecTunnel KeyUsage = "ipsec tunnel" - UsageIPsecUser KeyUsage = "ipsec user" - UsageTimestamping KeyUsage = "timestamping" - UsageOCSPSigning KeyUsage = "ocsp signing" - UsageMicrosoftSGC KeyUsage = "microsoft sgc" - UsageNetscapeSGC KeyUsage = "netscape sgc" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/conversion.go deleted file mode 100644 index f6d672b8a0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/conversion.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - // Add field conversion funcs. - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("CertificateSigningRequest"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", - "spec.signerName": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }, - ) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/defaults.go deleted file mode 100644 index b1fc88a752..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/doc.go deleted file mode 100644 index c09326b430..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/certificates -// +k8s:conversion-gen-external-types=k8s.io/api/certificates/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/certificates/v1 - -// +groupName=certificates.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/certificates/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/helpers.go deleted file mode 100644 index 94fcddfc3f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/helpers.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "crypto/x509" - "encoding/pem" - "errors" -) - -// ParseCSR decodes a PEM encoded CSR -func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error) { - // extract PEM from request object - block, _ := pem.Decode(pemBytes) - if block == nil || block.Type != "CERTIFICATE REQUEST" { - return nil, errors.New("PEM block type must be CERTIFICATE REQUEST") - } - csr, err := x509.ParseCertificateRequest(block.Bytes) - if err != nil { - return nil, err - } - return csr, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/register.go deleted file mode 100644 index 3289ab9d03..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/register.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - certificatesv1 "k8s.io/api/certificates/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "certificates.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &certificatesv1.SchemeBuilder - - // AddToScheme is a global function that registers this API group & version to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/zz_generated.conversion.go deleted file mode 100644 index 6bf1e5b30e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/zz_generated.conversion.go +++ /dev/null @@ -1,233 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/certificates/v1" - corev1 "k8s.io/api/core/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - certificates "k8s.io/kubernetes/pkg/apis/certificates" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.CertificateSigningRequest)(nil), (*certificates.CertificateSigningRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(a.(*v1.CertificateSigningRequest), b.(*certificates.CertificateSigningRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequest)(nil), (*v1.CertificateSigningRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequest_To_v1_CertificateSigningRequest(a.(*certificates.CertificateSigningRequest), b.(*v1.CertificateSigningRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CertificateSigningRequestCondition)(nil), (*certificates.CertificateSigningRequestCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(a.(*v1.CertificateSigningRequestCondition), b.(*certificates.CertificateSigningRequestCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestCondition)(nil), (*v1.CertificateSigningRequestCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestCondition_To_v1_CertificateSigningRequestCondition(a.(*certificates.CertificateSigningRequestCondition), b.(*v1.CertificateSigningRequestCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CertificateSigningRequestList)(nil), (*certificates.CertificateSigningRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(a.(*v1.CertificateSigningRequestList), b.(*certificates.CertificateSigningRequestList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestList)(nil), (*v1.CertificateSigningRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestList_To_v1_CertificateSigningRequestList(a.(*certificates.CertificateSigningRequestList), b.(*v1.CertificateSigningRequestList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CertificateSigningRequestSpec)(nil), (*certificates.CertificateSigningRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(a.(*v1.CertificateSigningRequestSpec), b.(*certificates.CertificateSigningRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestSpec)(nil), (*v1.CertificateSigningRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestSpec_To_v1_CertificateSigningRequestSpec(a.(*certificates.CertificateSigningRequestSpec), b.(*v1.CertificateSigningRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CertificateSigningRequestStatus)(nil), (*certificates.CertificateSigningRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(a.(*v1.CertificateSigningRequestStatus), b.(*certificates.CertificateSigningRequestStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestStatus)(nil), (*v1.CertificateSigningRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestStatus_To_v1_CertificateSigningRequestStatus(a.(*certificates.CertificateSigningRequestStatus), b.(*v1.CertificateSigningRequestStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in *v1.CertificateSigningRequest, out *certificates.CertificateSigningRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_CertificateSigningRequest_To_certificates_CertificateSigningRequest is an autogenerated conversion function. -func Convert_v1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in *v1.CertificateSigningRequest, out *certificates.CertificateSigningRequest, s conversion.Scope) error { - return autoConvert_v1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequest_To_v1_CertificateSigningRequest(in *certificates.CertificateSigningRequest, out *v1.CertificateSigningRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_certificates_CertificateSigningRequestSpec_To_v1_CertificateSigningRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_certificates_CertificateSigningRequestStatus_To_v1_CertificateSigningRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_certificates_CertificateSigningRequest_To_v1_CertificateSigningRequest is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequest_To_v1_CertificateSigningRequest(in *certificates.CertificateSigningRequest, out *v1.CertificateSigningRequest, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequest_To_v1_CertificateSigningRequest(in, out, s) -} - -func autoConvert_v1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in *v1.CertificateSigningRequestCondition, out *certificates.CertificateSigningRequestCondition, s conversion.Scope) error { - out.Type = certificates.RequestConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.Reason = in.Reason - out.Message = in.Message - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - return nil -} - -// Convert_v1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition is an autogenerated conversion function. -func Convert_v1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in *v1.CertificateSigningRequestCondition, out *certificates.CertificateSigningRequestCondition, s conversion.Scope) error { - return autoConvert_v1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestCondition_To_v1_CertificateSigningRequestCondition(in *certificates.CertificateSigningRequestCondition, out *v1.CertificateSigningRequestCondition, s conversion.Scope) error { - out.Type = v1.RequestConditionType(in.Type) - out.Status = corev1.ConditionStatus(in.Status) - out.Reason = in.Reason - out.Message = in.Message - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - return nil -} - -// Convert_certificates_CertificateSigningRequestCondition_To_v1_CertificateSigningRequestCondition is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestCondition_To_v1_CertificateSigningRequestCondition(in *certificates.CertificateSigningRequestCondition, out *v1.CertificateSigningRequestCondition, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestCondition_To_v1_CertificateSigningRequestCondition(in, out, s) -} - -func autoConvert_v1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in *v1.CertificateSigningRequestList, out *certificates.CertificateSigningRequestList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]certificates.CertificateSigningRequest)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList is an autogenerated conversion function. -func Convert_v1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in *v1.CertificateSigningRequestList, out *certificates.CertificateSigningRequestList, s conversion.Scope) error { - return autoConvert_v1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestList_To_v1_CertificateSigningRequestList(in *certificates.CertificateSigningRequestList, out *v1.CertificateSigningRequestList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.CertificateSigningRequest)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_certificates_CertificateSigningRequestList_To_v1_CertificateSigningRequestList is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestList_To_v1_CertificateSigningRequestList(in *certificates.CertificateSigningRequestList, out *v1.CertificateSigningRequestList, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestList_To_v1_CertificateSigningRequestList(in, out, s) -} - -func autoConvert_v1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in *v1.CertificateSigningRequestSpec, out *certificates.CertificateSigningRequestSpec, s conversion.Scope) error { - out.Request = *(*[]byte)(unsafe.Pointer(&in.Request)) - out.SignerName = in.SignerName - out.ExpirationSeconds = (*int32)(unsafe.Pointer(in.ExpirationSeconds)) - out.Usages = *(*[]certificates.KeyUsage)(unsafe.Pointer(&in.Usages)) - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]certificates.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} - -// Convert_v1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec is an autogenerated conversion function. -func Convert_v1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in *v1.CertificateSigningRequestSpec, out *certificates.CertificateSigningRequestSpec, s conversion.Scope) error { - return autoConvert_v1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestSpec_To_v1_CertificateSigningRequestSpec(in *certificates.CertificateSigningRequestSpec, out *v1.CertificateSigningRequestSpec, s conversion.Scope) error { - out.Request = *(*[]byte)(unsafe.Pointer(&in.Request)) - out.SignerName = in.SignerName - out.ExpirationSeconds = (*int32)(unsafe.Pointer(in.ExpirationSeconds)) - out.Usages = *(*[]v1.KeyUsage)(unsafe.Pointer(&in.Usages)) - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]v1.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} - -// Convert_certificates_CertificateSigningRequestSpec_To_v1_CertificateSigningRequestSpec is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestSpec_To_v1_CertificateSigningRequestSpec(in *certificates.CertificateSigningRequestSpec, out *v1.CertificateSigningRequestSpec, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestSpec_To_v1_CertificateSigningRequestSpec(in, out, s) -} - -func autoConvert_v1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in *v1.CertificateSigningRequestStatus, out *certificates.CertificateSigningRequestStatus, s conversion.Scope) error { - out.Conditions = *(*[]certificates.CertificateSigningRequestCondition)(unsafe.Pointer(&in.Conditions)) - out.Certificate = *(*[]byte)(unsafe.Pointer(&in.Certificate)) - return nil -} - -// Convert_v1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus is an autogenerated conversion function. -func Convert_v1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in *v1.CertificateSigningRequestStatus, out *certificates.CertificateSigningRequestStatus, s conversion.Scope) error { - return autoConvert_v1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestStatus_To_v1_CertificateSigningRequestStatus(in *certificates.CertificateSigningRequestStatus, out *v1.CertificateSigningRequestStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1.CertificateSigningRequestCondition)(unsafe.Pointer(&in.Conditions)) - out.Certificate = *(*[]byte)(unsafe.Pointer(&in.Certificate)) - return nil -} - -// Convert_certificates_CertificateSigningRequestStatus_To_v1_CertificateSigningRequestStatus is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestStatus_To_v1_CertificateSigningRequestStatus(in *certificates.CertificateSigningRequestStatus, out *v1.CertificateSigningRequestStatus, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestStatus_To_v1_CertificateSigningRequestStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/conversion.go deleted file mode 100644 index d4d8af9873..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/conversion.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - // Add field conversion funcs. - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("CertificateSigningRequest"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", - "spec.signerName": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }, - ) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/defaults.go deleted file mode 100644 index 4781c8f341..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/defaults.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "crypto/x509" - - certificatesv1beta1 "k8s.io/api/certificates/v1beta1" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - certificates "k8s.io/kubernetes/pkg/apis/certificates" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_CertificateSigningRequestSpec(obj *certificatesv1beta1.CertificateSigningRequestSpec) { - if obj.Usages == nil { - obj.Usages = []certificatesv1beta1.KeyUsage{certificatesv1beta1.UsageDigitalSignature, certificatesv1beta1.UsageKeyEncipherment} - } - - if obj.SignerName == nil { - signerName := DefaultSignerNameFromSpec(obj) - obj.SignerName = &signerName - } -} - -func SetDefaults_CertificateSigningRequestCondition(obj *certificatesv1beta1.CertificateSigningRequestCondition) { - if len(obj.Status) == 0 { - obj.Status = v1.ConditionTrue - } -} - -// DefaultSignerNameFromSpec will determine the signerName that should be set -// by attempting to inspect the 'request' content and the spec options. -func DefaultSignerNameFromSpec(obj *certificatesv1beta1.CertificateSigningRequestSpec) string { - csr, err := ParseCSR(obj.Request) - switch { - case err != nil: - // Set the signerName to 'legacy-unknown' as the CSR could not be - // recognised. - return certificatesv1beta1.LegacyUnknownSignerName - case IsKubeletClientCSR(csr, obj.Usages, false): - return certificatesv1beta1.KubeAPIServerClientKubeletSignerName - case IsKubeletServingCSR(csr, obj.Usages, false): - return certificatesv1beta1.KubeletServingSignerName - default: - return certificatesv1beta1.LegacyUnknownSignerName - } -} - -func IsKubeletServingCSR(req *x509.CertificateRequest, usages []certificatesv1beta1.KeyUsage, allowOmittingUsageKeyEncipherment bool) bool { - return certificates.IsKubeletServingCSR(req, usagesToSet(usages), allowOmittingUsageKeyEncipherment) -} -func ValidateKubeletServingCSR(req *x509.CertificateRequest, usages []certificatesv1beta1.KeyUsage, allowOmittingUsageKeyEncipherment bool) error { - return certificates.ValidateKubeletServingCSR(req, usagesToSet(usages), allowOmittingUsageKeyEncipherment) -} - -func IsKubeletClientCSR(req *x509.CertificateRequest, usages []certificatesv1beta1.KeyUsage, allowOmittingUsageKeyEncipherment bool) bool { - return certificates.IsKubeletClientCSR(req, usagesToSet(usages), allowOmittingUsageKeyEncipherment) -} -func ValidateKubeletClientCSR(req *x509.CertificateRequest, usages []certificatesv1beta1.KeyUsage, allowOmittingUsageKeyEncipherment bool) error { - return certificates.ValidateKubeletClientCSR(req, usagesToSet(usages), allowOmittingUsageKeyEncipherment) -} - -func usagesToSet(usages []certificatesv1beta1.KeyUsage) sets.String { - result := sets.NewString() - for _, usage := range usages { - result.Insert(string(usage)) - } - return result -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/doc.go deleted file mode 100644 index 00186b2cc8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/certificates -// +k8s:conversion-gen-external-types=k8s.io/api/certificates/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/certificates/v1beta1 - -// +groupName=certificates.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/certificates/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/helpers.go deleted file mode 100644 index 28fa53b6ef..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/helpers.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "crypto/x509" - "encoding/pem" - "errors" -) - -// ParseCSR decodes a PEM encoded CSR -func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error) { - // extract PEM from request object - block, _ := pem.Decode(pemBytes) - if block == nil || block.Type != "CERTIFICATE REQUEST" { - return nil, errors.New("PEM block type must be CERTIFICATE REQUEST") - } - csr, err := x509.ParseCertificateRequest(block.Bytes) - if err != nil { - return nil, err - } - return csr, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/register.go deleted file mode 100644 index 6f5a33a78a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - certificatesv1beta1 "k8s.io/api/certificates/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "certificates.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &certificatesv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 8cc0ea95f2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,258 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/certificates/v1beta1" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - certificates "k8s.io/kubernetes/pkg/apis/certificates" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.CertificateSigningRequest)(nil), (*certificates.CertificateSigningRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(a.(*v1beta1.CertificateSigningRequest), b.(*certificates.CertificateSigningRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequest)(nil), (*v1beta1.CertificateSigningRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequest_To_v1beta1_CertificateSigningRequest(a.(*certificates.CertificateSigningRequest), b.(*v1beta1.CertificateSigningRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CertificateSigningRequestCondition)(nil), (*certificates.CertificateSigningRequestCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(a.(*v1beta1.CertificateSigningRequestCondition), b.(*certificates.CertificateSigningRequestCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestCondition)(nil), (*v1beta1.CertificateSigningRequestCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestCondition_To_v1beta1_CertificateSigningRequestCondition(a.(*certificates.CertificateSigningRequestCondition), b.(*v1beta1.CertificateSigningRequestCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CertificateSigningRequestList)(nil), (*certificates.CertificateSigningRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(a.(*v1beta1.CertificateSigningRequestList), b.(*certificates.CertificateSigningRequestList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestList)(nil), (*v1beta1.CertificateSigningRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestList_To_v1beta1_CertificateSigningRequestList(a.(*certificates.CertificateSigningRequestList), b.(*v1beta1.CertificateSigningRequestList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CertificateSigningRequestSpec)(nil), (*certificates.CertificateSigningRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(a.(*v1beta1.CertificateSigningRequestSpec), b.(*certificates.CertificateSigningRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestSpec)(nil), (*v1beta1.CertificateSigningRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestSpec_To_v1beta1_CertificateSigningRequestSpec(a.(*certificates.CertificateSigningRequestSpec), b.(*v1beta1.CertificateSigningRequestSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CertificateSigningRequestStatus)(nil), (*certificates.CertificateSigningRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(a.(*v1beta1.CertificateSigningRequestStatus), b.(*certificates.CertificateSigningRequestStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certificates.CertificateSigningRequestStatus)(nil), (*v1beta1.CertificateSigningRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certificates_CertificateSigningRequestStatus_To_v1beta1_CertificateSigningRequestStatus(a.(*certificates.CertificateSigningRequestStatus), b.(*v1beta1.CertificateSigningRequestStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in *v1beta1.CertificateSigningRequest, out *certificates.CertificateSigningRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_CertificateSigningRequest_To_certificates_CertificateSigningRequest is an autogenerated conversion function. -func Convert_v1beta1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in *v1beta1.CertificateSigningRequest, out *certificates.CertificateSigningRequest, s conversion.Scope) error { - return autoConvert_v1beta1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequest_To_v1beta1_CertificateSigningRequest(in *certificates.CertificateSigningRequest, out *v1beta1.CertificateSigningRequest, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_certificates_CertificateSigningRequestSpec_To_v1beta1_CertificateSigningRequestSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_certificates_CertificateSigningRequestStatus_To_v1beta1_CertificateSigningRequestStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_certificates_CertificateSigningRequest_To_v1beta1_CertificateSigningRequest is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequest_To_v1beta1_CertificateSigningRequest(in *certificates.CertificateSigningRequest, out *v1beta1.CertificateSigningRequest, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequest_To_v1beta1_CertificateSigningRequest(in, out, s) -} - -func autoConvert_v1beta1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in *v1beta1.CertificateSigningRequestCondition, out *certificates.CertificateSigningRequestCondition, s conversion.Scope) error { - out.Type = certificates.RequestConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.Reason = in.Reason - out.Message = in.Message - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - return nil -} - -// Convert_v1beta1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition is an autogenerated conversion function. -func Convert_v1beta1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in *v1beta1.CertificateSigningRequestCondition, out *certificates.CertificateSigningRequestCondition, s conversion.Scope) error { - return autoConvert_v1beta1_CertificateSigningRequestCondition_To_certificates_CertificateSigningRequestCondition(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestCondition_To_v1beta1_CertificateSigningRequestCondition(in *certificates.CertificateSigningRequestCondition, out *v1beta1.CertificateSigningRequestCondition, s conversion.Scope) error { - out.Type = v1beta1.RequestConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.Reason = in.Reason - out.Message = in.Message - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - return nil -} - -// Convert_certificates_CertificateSigningRequestCondition_To_v1beta1_CertificateSigningRequestCondition is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestCondition_To_v1beta1_CertificateSigningRequestCondition(in *certificates.CertificateSigningRequestCondition, out *v1beta1.CertificateSigningRequestCondition, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestCondition_To_v1beta1_CertificateSigningRequestCondition(in, out, s) -} - -func autoConvert_v1beta1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in *v1beta1.CertificateSigningRequestList, out *certificates.CertificateSigningRequestList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]certificates.CertificateSigningRequest, len(*in)) - for i := range *in { - if err := Convert_v1beta1_CertificateSigningRequest_To_certificates_CertificateSigningRequest(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList is an autogenerated conversion function. -func Convert_v1beta1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in *v1beta1.CertificateSigningRequestList, out *certificates.CertificateSigningRequestList, s conversion.Scope) error { - return autoConvert_v1beta1_CertificateSigningRequestList_To_certificates_CertificateSigningRequestList(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestList_To_v1beta1_CertificateSigningRequestList(in *certificates.CertificateSigningRequestList, out *v1beta1.CertificateSigningRequestList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.CertificateSigningRequest, len(*in)) - for i := range *in { - if err := Convert_certificates_CertificateSigningRequest_To_v1beta1_CertificateSigningRequest(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_certificates_CertificateSigningRequestList_To_v1beta1_CertificateSigningRequestList is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestList_To_v1beta1_CertificateSigningRequestList(in *certificates.CertificateSigningRequestList, out *v1beta1.CertificateSigningRequestList, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestList_To_v1beta1_CertificateSigningRequestList(in, out, s) -} - -func autoConvert_v1beta1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in *v1beta1.CertificateSigningRequestSpec, out *certificates.CertificateSigningRequestSpec, s conversion.Scope) error { - out.Request = *(*[]byte)(unsafe.Pointer(&in.Request)) - if err := metav1.Convert_Pointer_string_To_string(&in.SignerName, &out.SignerName, s); err != nil { - return err - } - out.ExpirationSeconds = (*int32)(unsafe.Pointer(in.ExpirationSeconds)) - out.Usages = *(*[]certificates.KeyUsage)(unsafe.Pointer(&in.Usages)) - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]certificates.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} - -// Convert_v1beta1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec is an autogenerated conversion function. -func Convert_v1beta1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in *v1beta1.CertificateSigningRequestSpec, out *certificates.CertificateSigningRequestSpec, s conversion.Scope) error { - return autoConvert_v1beta1_CertificateSigningRequestSpec_To_certificates_CertificateSigningRequestSpec(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestSpec_To_v1beta1_CertificateSigningRequestSpec(in *certificates.CertificateSigningRequestSpec, out *v1beta1.CertificateSigningRequestSpec, s conversion.Scope) error { - out.Request = *(*[]byte)(unsafe.Pointer(&in.Request)) - if err := metav1.Convert_string_To_Pointer_string(&in.SignerName, &out.SignerName, s); err != nil { - return err - } - out.ExpirationSeconds = (*int32)(unsafe.Pointer(in.ExpirationSeconds)) - out.Usages = *(*[]v1beta1.KeyUsage)(unsafe.Pointer(&in.Usages)) - out.Username = in.Username - out.UID = in.UID - out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) - out.Extra = *(*map[string]v1beta1.ExtraValue)(unsafe.Pointer(&in.Extra)) - return nil -} - -// Convert_certificates_CertificateSigningRequestSpec_To_v1beta1_CertificateSigningRequestSpec is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestSpec_To_v1beta1_CertificateSigningRequestSpec(in *certificates.CertificateSigningRequestSpec, out *v1beta1.CertificateSigningRequestSpec, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestSpec_To_v1beta1_CertificateSigningRequestSpec(in, out, s) -} - -func autoConvert_v1beta1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in *v1beta1.CertificateSigningRequestStatus, out *certificates.CertificateSigningRequestStatus, s conversion.Scope) error { - out.Conditions = *(*[]certificates.CertificateSigningRequestCondition)(unsafe.Pointer(&in.Conditions)) - out.Certificate = *(*[]byte)(unsafe.Pointer(&in.Certificate)) - return nil -} - -// Convert_v1beta1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus is an autogenerated conversion function. -func Convert_v1beta1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in *v1beta1.CertificateSigningRequestStatus, out *certificates.CertificateSigningRequestStatus, s conversion.Scope) error { - return autoConvert_v1beta1_CertificateSigningRequestStatus_To_certificates_CertificateSigningRequestStatus(in, out, s) -} - -func autoConvert_certificates_CertificateSigningRequestStatus_To_v1beta1_CertificateSigningRequestStatus(in *certificates.CertificateSigningRequestStatus, out *v1beta1.CertificateSigningRequestStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1beta1.CertificateSigningRequestCondition)(unsafe.Pointer(&in.Conditions)) - out.Certificate = *(*[]byte)(unsafe.Pointer(&in.Certificate)) - return nil -} - -// Convert_certificates_CertificateSigningRequestStatus_To_v1beta1_CertificateSigningRequestStatus is an autogenerated conversion function. -func Convert_certificates_CertificateSigningRequestStatus_To_v1beta1_CertificateSigningRequestStatus(in *certificates.CertificateSigningRequestStatus, out *v1beta1.CertificateSigningRequestStatus, s conversion.Scope) error { - return autoConvert_certificates_CertificateSigningRequestStatus_To_v1beta1_CertificateSigningRequestStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 3629ea2905..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,55 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/certificates/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.CertificateSigningRequest{}, func(obj interface{}) { - SetObjectDefaults_CertificateSigningRequest(obj.(*v1beta1.CertificateSigningRequest)) - }) - scheme.AddTypeDefaultingFunc(&v1beta1.CertificateSigningRequestList{}, func(obj interface{}) { - SetObjectDefaults_CertificateSigningRequestList(obj.(*v1beta1.CertificateSigningRequestList)) - }) - return nil -} - -func SetObjectDefaults_CertificateSigningRequest(in *v1beta1.CertificateSigningRequest) { - SetDefaults_CertificateSigningRequestSpec(&in.Spec) - for i := range in.Status.Conditions { - a := &in.Status.Conditions[i] - SetDefaults_CertificateSigningRequestCondition(a) - } -} - -func SetObjectDefaults_CertificateSigningRequestList(in *v1beta1.CertificateSigningRequestList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_CertificateSigningRequest(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/validation/validation.go deleted file mode 100644 index 806e5c2d4f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/validation/validation.go +++ /dev/null @@ -1,539 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "bytes" - "crypto/x509" - "encoding/pem" - "fmt" - "strings" - - v1 "k8s.io/api/core/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/util/diff" - "k8s.io/apimachinery/pkg/util/sets" - utilvalidation "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - utilcert "k8s.io/client-go/util/cert" - "k8s.io/kubernetes/pkg/apis/certificates" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" -) - -var ( - // trueConditionTypes is the set of condition types which may only have a status of True if present - trueConditionTypes = sets.NewString( - string(certificates.CertificateApproved), - string(certificates.CertificateDenied), - string(certificates.CertificateFailed), - ) - - trueStatusOnly = sets.NewString(string(v1.ConditionTrue)) - allStatusValues = sets.NewString(string(v1.ConditionTrue), string(v1.ConditionFalse), string(v1.ConditionUnknown)) -) - -type certificateValidationOptions struct { - // The following allow modifications only permitted via certain update paths - - // allow populating/modifying Approved/Denied conditions - allowSettingApprovalConditions bool - // allow populating status.certificate - allowSettingCertificate bool - - // allow Approved and Denied conditions to be exist. - // we tolerate this when the problem is already present in the persisted object for compatibility. - allowBothApprovedAndDenied bool - - // The following are bad things we tolerate for compatibility reasons: - // * in requests made via the v1beta1 API - // * in update requests where the problem is already present in the persisted object - - // allow modifying status.certificate on an update where the old object has a different certificate - allowResettingCertificate bool - // allow the legacy-unknown signerName - allowLegacySignerName bool - // allow conditions with duplicate types - allowDuplicateConditionTypes bool - // allow conditions with "" types - allowEmptyConditionType bool - // allow arbitrary content in status.certificate - allowArbitraryCertificate bool - // allow usages values outside the known set - allowUnknownUsages bool - // allow duplicate usages values - allowDuplicateUsages bool -} - -// validateCSR validates the signature and formatting of a base64-wrapped, -// PEM-encoded PKCS#10 certificate signing request. If this is invalid, we must -// not accept the CSR for further processing. -func validateCSR(obj *certificates.CertificateSigningRequest) error { - csr, err := certificates.ParseCSR(obj.Spec.Request) - if err != nil { - return err - } - // check that the signature is valid - return csr.CheckSignature() -} - -func validateCertificate(pemData []byte) error { - if len(pemData) == 0 { - return nil - } - - blocks := 0 - for { - block, remainingData := pem.Decode(pemData) - if block == nil { - break - } - - if block.Type != utilcert.CertificateBlockType { - return fmt.Errorf("only CERTIFICATE PEM blocks are allowed, found %q", block.Type) - } - if len(block.Headers) != 0 { - return fmt.Errorf("no PEM block headers are permitted") - } - blocks++ - - certs, err := x509.ParseCertificates(block.Bytes) - if err != nil { - return err - } - if len(certs) == 0 { - return fmt.Errorf("found CERTIFICATE PEM block containing 0 certificates") - } - - pemData = remainingData - } - - if blocks == 0 { - return fmt.Errorf("must contain at least one CERTIFICATE PEM block") - } - - return nil -} - -// We don't care what you call your certificate requests. -func ValidateCertificateRequestName(name string, prefix bool) []string { - return nil -} - -func ValidateCertificateSigningRequestCreate(csr *certificates.CertificateSigningRequest) field.ErrorList { - opts := getValidationOptions(csr, nil) - return validateCertificateSigningRequest(csr, opts) -} - -var ( - allValidUsages = sets.NewString( - string(certificates.UsageSigning), - string(certificates.UsageDigitalSignature), - string(certificates.UsageContentCommitment), - string(certificates.UsageKeyEncipherment), - string(certificates.UsageKeyAgreement), - string(certificates.UsageDataEncipherment), - string(certificates.UsageCertSign), - string(certificates.UsageCRLSign), - string(certificates.UsageEncipherOnly), - string(certificates.UsageDecipherOnly), - string(certificates.UsageAny), - string(certificates.UsageServerAuth), - string(certificates.UsageClientAuth), - string(certificates.UsageCodeSigning), - string(certificates.UsageEmailProtection), - string(certificates.UsageSMIME), - string(certificates.UsageIPsecEndSystem), - string(certificates.UsageIPsecTunnel), - string(certificates.UsageIPsecUser), - string(certificates.UsageTimestamping), - string(certificates.UsageOCSPSigning), - string(certificates.UsageMicrosoftSGC), - string(certificates.UsageNetscapeSGC), - ) -) - -func validateCertificateSigningRequest(csr *certificates.CertificateSigningRequest, opts certificateValidationOptions) field.ErrorList { - isNamespaced := false - allErrs := apivalidation.ValidateObjectMeta(&csr.ObjectMeta, isNamespaced, ValidateCertificateRequestName, field.NewPath("metadata")) - - specPath := field.NewPath("spec") - err := validateCSR(csr) - if err != nil { - allErrs = append(allErrs, field.Invalid(specPath.Child("request"), csr.Spec.Request, fmt.Sprintf("%v", err))) - } - if len(csr.Spec.Usages) == 0 { - allErrs = append(allErrs, field.Required(specPath.Child("usages"), "")) - } - if !opts.allowUnknownUsages { - for i, usage := range csr.Spec.Usages { - if !allValidUsages.Has(string(usage)) { - allErrs = append(allErrs, field.NotSupported(specPath.Child("usages").Index(i), usage, allValidUsages.List())) - } - } - } - if !opts.allowDuplicateUsages { - seen := make(map[certificates.KeyUsage]bool, len(csr.Spec.Usages)) - for i, usage := range csr.Spec.Usages { - if seen[usage] { - allErrs = append(allErrs, field.Duplicate(specPath.Child("usages").Index(i), usage)) - } - seen[usage] = true - } - } - if !opts.allowLegacySignerName && csr.Spec.SignerName == certificates.LegacyUnknownSignerName { - allErrs = append(allErrs, field.Invalid(specPath.Child("signerName"), csr.Spec.SignerName, "the legacy signerName is not allowed via this API version")) - } else { - allErrs = append(allErrs, ValidateCertificateSigningRequestSignerName(specPath.Child("signerName"), csr.Spec.SignerName)...) - } - if csr.Spec.ExpirationSeconds != nil && *csr.Spec.ExpirationSeconds < 600 { - allErrs = append(allErrs, field.Invalid(specPath.Child("expirationSeconds"), *csr.Spec.ExpirationSeconds, "may not specify a duration less than 600 seconds (10 minutes)")) - } - allErrs = append(allErrs, validateConditions(field.NewPath("status", "conditions"), csr, opts)...) - - if !opts.allowArbitraryCertificate { - if err := validateCertificate(csr.Status.Certificate); err != nil { - allErrs = append(allErrs, field.Invalid(field.NewPath("status", "certificate"), "<certificate data>", err.Error())) - } - } - - return allErrs -} - -func validateConditions(fldPath *field.Path, csr *certificates.CertificateSigningRequest, opts certificateValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - seenTypes := map[certificates.RequestConditionType]bool{} - hasApproved := false - hasDenied := false - - for i, c := range csr.Status.Conditions { - - if !opts.allowEmptyConditionType { - if len(c.Type) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("type"), "")) - } - } - - allowedStatusValues := allStatusValues - if trueConditionTypes.Has(string(c.Type)) { - allowedStatusValues = trueStatusOnly - } - switch { - case c.Status == "": - allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("status"), "")) - case !allowedStatusValues.Has(string(c.Status)): - allErrs = append(allErrs, field.NotSupported(fldPath.Index(i).Child("status"), c.Status, allowedStatusValues.List())) - } - - if !opts.allowBothApprovedAndDenied { - switch c.Type { - case certificates.CertificateApproved: - hasApproved = true - if hasDenied { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("type"), c.Type, "Approved and Denied conditions are mutually exclusive")) - } - case certificates.CertificateDenied: - hasDenied = true - if hasApproved { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("type"), c.Type, "Approved and Denied conditions are mutually exclusive")) - } - } - } - - if !opts.allowDuplicateConditionTypes { - if seenTypes[c.Type] { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i).Child("type"), c.Type)) - } - seenTypes[c.Type] = true - } - } - - return allErrs -} - -// ensure signerName is of the form domain.com/something and up to 571 characters. -// This length and format is specified to accommodate signerNames like: -// <fqdn>/<resource-namespace>.<resource-name>. -// The max length of a FQDN is 253 characters (DNS1123Subdomain max length) -// The max length of a namespace name is 63 characters (DNS1123Label max length) -// The max length of a resource name is 253 characters (DNS1123Subdomain max length) -// We then add an additional 2 characters to account for the one '.' and one '/'. -func ValidateCertificateSigningRequestSignerName(fldPath *field.Path, signerName string) field.ErrorList { - var el field.ErrorList - if len(signerName) == 0 { - el = append(el, field.Required(fldPath, "")) - return el - } - - segments := strings.Split(signerName, "/") - // validate that there is one '/' in the signerName. - // we do this after validating the domain segment to provide more info to the user. - if len(segments) != 2 { - el = append(el, field.Invalid(fldPath, signerName, "must be a fully qualified domain and path of the form 'example.com/signer-name'")) - // return early here as we should not continue attempting to validate a missing or malformed path segment - // (i.e. one containing multiple or zero `/`) - return el - } - - // validate that segments[0] is less than 253 characters altogether - maxDomainSegmentLength := utilvalidation.DNS1123SubdomainMaxLength - if len(segments[0]) > maxDomainSegmentLength { - el = append(el, field.TooLong(fldPath, segments[0], maxDomainSegmentLength)) - } - // validate that segments[0] consists of valid DNS1123 labels separated by '.' - domainLabels := strings.Split(segments[0], ".") - for _, lbl := range domainLabels { - // use IsDNS1123Label as we want to ensure the max length of any single label in the domain - // is 63 characters - if errs := utilvalidation.IsDNS1123Label(lbl); len(errs) > 0 { - for _, err := range errs { - el = append(el, field.Invalid(fldPath, segments[0], fmt.Sprintf("validating label %q: %s", lbl, err))) - } - // if we encounter any errors whilst parsing the domain segment, break from - // validation as any further error messages will be duplicates, and non-distinguishable - // from each other, confusing users. - break - } - } - - // validate that there is at least one '.' in segments[0] - if len(domainLabels) < 2 { - el = append(el, field.Invalid(fldPath, segments[0], "should be a domain with at least two segments separated by dots")) - } - - // validate that segments[1] consists of valid DNS1123 subdomains separated by '.'. - pathLabels := strings.Split(segments[1], ".") - for _, lbl := range pathLabels { - // use IsDNS1123Subdomain because it enforces a length restriction of 253 characters - // which is required in order to fit a full resource name into a single 'label' - if errs := utilvalidation.IsDNS1123Subdomain(lbl); len(errs) > 0 { - for _, err := range errs { - el = append(el, field.Invalid(fldPath, segments[1], fmt.Sprintf("validating label %q: %s", lbl, err))) - } - // if we encounter any errors whilst parsing the path segment, break from - // validation as any further error messages will be duplicates, and non-distinguishable - // from each other, confusing users. - break - } - } - - // ensure that segments[1] can accommodate a dns label + dns subdomain + '.' - maxPathSegmentLength := utilvalidation.DNS1123SubdomainMaxLength + utilvalidation.DNS1123LabelMaxLength + 1 - maxSignerNameLength := maxDomainSegmentLength + maxPathSegmentLength + 1 - if len(signerName) > maxSignerNameLength { - el = append(el, field.TooLong(fldPath, signerName, maxSignerNameLength)) - } - - return el -} - -func ValidateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList { - opts := getValidationOptions(newCSR, oldCSR) - return validateCertificateSigningRequestUpdate(newCSR, oldCSR, opts) -} - -func ValidateCertificateSigningRequestStatusUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList { - opts := getValidationOptions(newCSR, oldCSR) - opts.allowSettingCertificate = true - return validateCertificateSigningRequestUpdate(newCSR, oldCSR, opts) -} - -func ValidateCertificateSigningRequestApprovalUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest) field.ErrorList { - opts := getValidationOptions(newCSR, oldCSR) - opts.allowSettingApprovalConditions = true - return validateCertificateSigningRequestUpdate(newCSR, oldCSR, opts) -} - -func validateCertificateSigningRequestUpdate(newCSR, oldCSR *certificates.CertificateSigningRequest, opts certificateValidationOptions) field.ErrorList { - validationErrorList := validateCertificateSigningRequest(newCSR, opts) - metaUpdateErrorList := apivalidation.ValidateObjectMetaUpdate(&newCSR.ObjectMeta, &oldCSR.ObjectMeta, field.NewPath("metadata")) - - // prevent removal of existing Approved/Denied/Failed conditions - for _, t := range []certificates.RequestConditionType{certificates.CertificateApproved, certificates.CertificateDenied, certificates.CertificateFailed} { - oldConditions := findConditions(oldCSR, t) - newConditions := findConditions(newCSR, t) - if len(newConditions) < len(oldConditions) { - validationErrorList = append(validationErrorList, field.Forbidden(field.NewPath("status", "conditions"), fmt.Sprintf("updates may not remove a condition of type %q", t))) - } - } - - if !opts.allowSettingApprovalConditions { - // prevent addition/removal/modification of Approved/Denied conditions - for _, t := range []certificates.RequestConditionType{certificates.CertificateApproved, certificates.CertificateDenied} { - oldConditions := findConditions(oldCSR, t) - newConditions := findConditions(newCSR, t) - switch { - case len(newConditions) < len(oldConditions): - // removals are prevented above - case len(newConditions) > len(oldConditions): - validationErrorList = append(validationErrorList, field.Forbidden(field.NewPath("status", "conditions"), fmt.Sprintf("updates may not add a condition of type %q", t))) - case !apiequality.Semantic.DeepEqual(oldConditions, newConditions): - conditionDiff := diff.ObjectDiff(oldConditions, newConditions) - validationErrorList = append(validationErrorList, field.Forbidden(field.NewPath("status", "conditions"), fmt.Sprintf("updates may not modify a condition of type %q\n%v", t, conditionDiff))) - } - } - } - - if !bytes.Equal(newCSR.Status.Certificate, oldCSR.Status.Certificate) { - if !opts.allowSettingCertificate { - validationErrorList = append(validationErrorList, field.Forbidden(field.NewPath("status", "certificate"), "updates may not set certificate content")) - } else if !opts.allowResettingCertificate && len(oldCSR.Status.Certificate) > 0 { - validationErrorList = append(validationErrorList, field.Forbidden(field.NewPath("status", "certificate"), "updates may not modify existing certificate content")) - } - } - - return append(validationErrorList, metaUpdateErrorList...) -} - -// findConditions returns all instances of conditions of the specified type -func findConditions(csr *certificates.CertificateSigningRequest, conditionType certificates.RequestConditionType) []certificates.CertificateSigningRequestCondition { - var retval []certificates.CertificateSigningRequestCondition - for i, c := range csr.Status.Conditions { - if c.Type == conditionType { - retval = append(retval, csr.Status.Conditions[i]) - } - } - return retval -} - -// getValidationOptions returns the validation options to be -// compatible with the specified version and existing CSR. -// oldCSR may be nil if this is a create request. -// validation options related to subresource-specific capabilities are set to false. -func getValidationOptions(newCSR, oldCSR *certificates.CertificateSigningRequest) certificateValidationOptions { - return certificateValidationOptions{ - allowResettingCertificate: false, - allowBothApprovedAndDenied: allowBothApprovedAndDenied(oldCSR), - allowLegacySignerName: allowLegacySignerName(oldCSR), - allowDuplicateConditionTypes: allowDuplicateConditionTypes(oldCSR), - allowEmptyConditionType: allowEmptyConditionType(oldCSR), - allowArbitraryCertificate: allowArbitraryCertificate(newCSR, oldCSR), - allowDuplicateUsages: allowDuplicateUsages(oldCSR), - allowUnknownUsages: allowUnknownUsages(oldCSR), - } -} - -func allowBothApprovedAndDenied(oldCSR *certificates.CertificateSigningRequest) bool { - if oldCSR == nil { - return false - } - approved := false - denied := false - for _, c := range oldCSR.Status.Conditions { - if c.Type == certificates.CertificateApproved { - approved = true - } else if c.Type == certificates.CertificateDenied { - denied = true - } - } - // compatibility with existing data - return approved && denied -} - -func allowLegacySignerName(oldCSR *certificates.CertificateSigningRequest) bool { - switch { - case oldCSR != nil && oldCSR.Spec.SignerName == certificates.LegacyUnknownSignerName: - return true // compatibility with existing data - default: - return false - } -} - -func allowDuplicateConditionTypes(oldCSR *certificates.CertificateSigningRequest) bool { - switch { - case oldCSR != nil && hasDuplicateConditionTypes(oldCSR): - return true // compatibility with existing data - default: - return false - } -} -func hasDuplicateConditionTypes(csr *certificates.CertificateSigningRequest) bool { - seen := map[certificates.RequestConditionType]bool{} - for _, c := range csr.Status.Conditions { - if seen[c.Type] { - return true - } - seen[c.Type] = true - } - return false -} - -func allowEmptyConditionType(oldCSR *certificates.CertificateSigningRequest) bool { - switch { - case oldCSR != nil && hasEmptyConditionType(oldCSR): - return true // compatibility with existing data - default: - return false - } -} -func hasEmptyConditionType(csr *certificates.CertificateSigningRequest) bool { - for _, c := range csr.Status.Conditions { - if len(c.Type) == 0 { - return true - } - } - return false -} - -func allowArbitraryCertificate(newCSR, oldCSR *certificates.CertificateSigningRequest) bool { - switch { - case newCSR != nil && oldCSR != nil && bytes.Equal(newCSR.Status.Certificate, oldCSR.Status.Certificate): - return true // tolerate updates that don't touch status.certificate - case oldCSR != nil && validateCertificate(oldCSR.Status.Certificate) != nil: - return true // compatibility with existing data - default: - return false - } -} - -func allowUnknownUsages(oldCSR *certificates.CertificateSigningRequest) bool { - switch { - case oldCSR != nil && hasUnknownUsage(oldCSR.Spec.Usages): - return true // compatibility with existing data - default: - return false - } -} - -func hasUnknownUsage(usages []certificates.KeyUsage) bool { - for _, usage := range usages { - if !allValidUsages.Has(string(usage)) { - return true - } - } - return false -} - -func allowDuplicateUsages(oldCSR *certificates.CertificateSigningRequest) bool { - switch { - case oldCSR != nil && hasDuplicateUsage(oldCSR.Spec.Usages): - return true // compatibility with existing data - default: - return false - } -} - -func hasDuplicateUsage(usages []certificates.KeyUsage) bool { - seen := make(map[certificates.KeyUsage]bool, len(usages)) - for _, usage := range usages { - if seen[usage] { - return true - } - seen[usage] = true - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/zz_generated.deepcopy.go deleted file mode 100644 index c5f73dad0c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/certificates/zz_generated.deepcopy.go +++ /dev/null @@ -1,204 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package certificates - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertificateSigningRequest) DeepCopyInto(out *CertificateSigningRequest) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequest. -func (in *CertificateSigningRequest) DeepCopy() *CertificateSigningRequest { - if in == nil { - return nil - } - out := new(CertificateSigningRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CertificateSigningRequest) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertificateSigningRequestCondition) DeepCopyInto(out *CertificateSigningRequestCondition) { - *out = *in - in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestCondition. -func (in *CertificateSigningRequestCondition) DeepCopy() *CertificateSigningRequestCondition { - if in == nil { - return nil - } - out := new(CertificateSigningRequestCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertificateSigningRequestList) DeepCopyInto(out *CertificateSigningRequestList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]CertificateSigningRequest, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestList. -func (in *CertificateSigningRequestList) DeepCopy() *CertificateSigningRequestList { - if in == nil { - return nil - } - out := new(CertificateSigningRequestList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CertificateSigningRequestList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertificateSigningRequestSpec) DeepCopyInto(out *CertificateSigningRequestSpec) { - *out = *in - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.ExpirationSeconds != nil { - in, out := &in.ExpirationSeconds, &out.ExpirationSeconds - *out = new(int32) - **out = **in - } - if in.Usages != nil { - in, out := &in.Usages, &out.Usages - *out = make([]KeyUsage, len(*in)) - copy(*out, *in) - } - if in.Groups != nil { - in, out := &in.Groups, &out.Groups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Extra != nil { - in, out := &in.Extra, &out.Extra - *out = make(map[string]ExtraValue, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make(ExtraValue, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestSpec. -func (in *CertificateSigningRequestSpec) DeepCopy() *CertificateSigningRequestSpec { - if in == nil { - return nil - } - out := new(CertificateSigningRequestSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertificateSigningRequestStatus) DeepCopyInto(out *CertificateSigningRequestStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]CertificateSigningRequestCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Certificate != nil { - in, out := &in.Certificate, &out.Certificate - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSigningRequestStatus. -func (in *CertificateSigningRequestStatus) DeepCopy() *CertificateSigningRequestStatus { - if in == nil { - return nil - } - out := new(CertificateSigningRequestStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in ExtraValue) DeepCopyInto(out *ExtraValue) { - { - in := &in - *out = make(ExtraValue, len(*in)) - copy(*out, *in) - return - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. -func (in ExtraValue) DeepCopy() ExtraValue { - if in == nil { - return nil - } - out := new(ExtraValue) - in.DeepCopyInto(out) - return *out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/doc.go deleted file mode 100644 index 8cce2eda25..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -// +groupName=coordination.k8s.io - -package coordination // import "k8s.io/kubernetes/pkg/apis/coordination" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/install/install.go deleted file mode 100644 index 378e50060a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the coordination API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/coordination" - v1 "k8s.io/kubernetes/pkg/apis/coordination/v1" - "k8s.io/kubernetes/pkg/apis/coordination/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(coordination.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/register.go deleted file mode 100644 index 5362c3aa73..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/register.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package coordination - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "coordination.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - // TODO this gets cleaned up when the types are fixed - scheme.AddKnownTypes(SchemeGroupVersion, - &Lease{}, - &LeaseList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/types.go deleted file mode 100644 index 7b1078a1ee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/types.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package coordination - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Lease defines a lease concept. -type Lease struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Specification of the Lease. - // +optional - Spec LeaseSpec -} - -// LeaseSpec is a specification of a Lease. -type LeaseSpec struct { - // holderIdentity contains the identity of the holder of a current lease. - // +optional - HolderIdentity *string - // leaseDurationSeconds is a duration that candidates for a lease need - // to wait to force acquire it. This is measure against time of last - // observed RenewTime. - // +optional - LeaseDurationSeconds *int32 - // acquireTime is a time when the current lease was acquired. - // +optional - AcquireTime *metav1.MicroTime - // renewTime is a time when the current holder of a lease has last - // updated the lease. - // +optional - RenewTime *metav1.MicroTime - // leaseTransitions is the number of transitions of a lease between - // holders. - // +optional - LeaseTransitions *int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// LeaseList is a list of Lease objects. -type LeaseList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // Items is a list of schema objects. - Items []Lease -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/doc.go deleted file mode 100644 index fa5c00fb3d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/coordination -// +k8s:conversion-gen-external-types=k8s.io/api/coordination/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/coordination/v1 - -// +groupName=coordination.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/coordination/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/register.go deleted file mode 100644 index 5670e9f519..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - coordinationv1 "k8s.io/api/coordination/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "coordination.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &coordinationv1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/zz_generated.conversion.go deleted file mode 100644 index 226c33f7a1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/zz_generated.conversion.go +++ /dev/null @@ -1,148 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/coordination/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - coordination "k8s.io/kubernetes/pkg/apis/coordination" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.Lease)(nil), (*coordination.Lease)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Lease_To_coordination_Lease(a.(*v1.Lease), b.(*coordination.Lease), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*coordination.Lease)(nil), (*v1.Lease)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_coordination_Lease_To_v1_Lease(a.(*coordination.Lease), b.(*v1.Lease), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LeaseList)(nil), (*coordination.LeaseList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LeaseList_To_coordination_LeaseList(a.(*v1.LeaseList), b.(*coordination.LeaseList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*coordination.LeaseList)(nil), (*v1.LeaseList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_coordination_LeaseList_To_v1_LeaseList(a.(*coordination.LeaseList), b.(*v1.LeaseList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LeaseSpec)(nil), (*coordination.LeaseSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LeaseSpec_To_coordination_LeaseSpec(a.(*v1.LeaseSpec), b.(*coordination.LeaseSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*coordination.LeaseSpec)(nil), (*v1.LeaseSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_coordination_LeaseSpec_To_v1_LeaseSpec(a.(*coordination.LeaseSpec), b.(*v1.LeaseSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_Lease_To_coordination_Lease(in *v1.Lease, out *coordination.Lease, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_LeaseSpec_To_coordination_LeaseSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Lease_To_coordination_Lease is an autogenerated conversion function. -func Convert_v1_Lease_To_coordination_Lease(in *v1.Lease, out *coordination.Lease, s conversion.Scope) error { - return autoConvert_v1_Lease_To_coordination_Lease(in, out, s) -} - -func autoConvert_coordination_Lease_To_v1_Lease(in *coordination.Lease, out *v1.Lease, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_coordination_LeaseSpec_To_v1_LeaseSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_coordination_Lease_To_v1_Lease is an autogenerated conversion function. -func Convert_coordination_Lease_To_v1_Lease(in *coordination.Lease, out *v1.Lease, s conversion.Scope) error { - return autoConvert_coordination_Lease_To_v1_Lease(in, out, s) -} - -func autoConvert_v1_LeaseList_To_coordination_LeaseList(in *v1.LeaseList, out *coordination.LeaseList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]coordination.Lease)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_LeaseList_To_coordination_LeaseList is an autogenerated conversion function. -func Convert_v1_LeaseList_To_coordination_LeaseList(in *v1.LeaseList, out *coordination.LeaseList, s conversion.Scope) error { - return autoConvert_v1_LeaseList_To_coordination_LeaseList(in, out, s) -} - -func autoConvert_coordination_LeaseList_To_v1_LeaseList(in *coordination.LeaseList, out *v1.LeaseList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.Lease)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_coordination_LeaseList_To_v1_LeaseList is an autogenerated conversion function. -func Convert_coordination_LeaseList_To_v1_LeaseList(in *coordination.LeaseList, out *v1.LeaseList, s conversion.Scope) error { - return autoConvert_coordination_LeaseList_To_v1_LeaseList(in, out, s) -} - -func autoConvert_v1_LeaseSpec_To_coordination_LeaseSpec(in *v1.LeaseSpec, out *coordination.LeaseSpec, s conversion.Scope) error { - out.HolderIdentity = (*string)(unsafe.Pointer(in.HolderIdentity)) - out.LeaseDurationSeconds = (*int32)(unsafe.Pointer(in.LeaseDurationSeconds)) - out.AcquireTime = (*metav1.MicroTime)(unsafe.Pointer(in.AcquireTime)) - out.RenewTime = (*metav1.MicroTime)(unsafe.Pointer(in.RenewTime)) - out.LeaseTransitions = (*int32)(unsafe.Pointer(in.LeaseTransitions)) - return nil -} - -// Convert_v1_LeaseSpec_To_coordination_LeaseSpec is an autogenerated conversion function. -func Convert_v1_LeaseSpec_To_coordination_LeaseSpec(in *v1.LeaseSpec, out *coordination.LeaseSpec, s conversion.Scope) error { - return autoConvert_v1_LeaseSpec_To_coordination_LeaseSpec(in, out, s) -} - -func autoConvert_coordination_LeaseSpec_To_v1_LeaseSpec(in *coordination.LeaseSpec, out *v1.LeaseSpec, s conversion.Scope) error { - out.HolderIdentity = (*string)(unsafe.Pointer(in.HolderIdentity)) - out.LeaseDurationSeconds = (*int32)(unsafe.Pointer(in.LeaseDurationSeconds)) - out.AcquireTime = (*metav1.MicroTime)(unsafe.Pointer(in.AcquireTime)) - out.RenewTime = (*metav1.MicroTime)(unsafe.Pointer(in.RenewTime)) - out.LeaseTransitions = (*int32)(unsafe.Pointer(in.LeaseTransitions)) - return nil -} - -// Convert_coordination_LeaseSpec_To_v1_LeaseSpec is an autogenerated conversion function. -func Convert_coordination_LeaseSpec_To_v1_LeaseSpec(in *coordination.LeaseSpec, out *v1.LeaseSpec, s conversion.Scope) error { - return autoConvert_coordination_LeaseSpec_To_v1_LeaseSpec(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/doc.go deleted file mode 100644 index 951c40d56d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/coordination -// +k8s:conversion-gen-external-types=k8s.io/api/coordination/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/coordination/v1beta1 - -// +groupName=coordination.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/coordination/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/register.go deleted file mode 100644 index c57a2f7d7d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - coordinationv1beta1 "k8s.io/api/coordination/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "coordination.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &coordinationv1beta1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/zz_generated.conversion.go deleted file mode 100644 index fd3f25dc26..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,148 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/coordination/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - coordination "k8s.io/kubernetes/pkg/apis/coordination" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.Lease)(nil), (*coordination.Lease)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Lease_To_coordination_Lease(a.(*v1beta1.Lease), b.(*coordination.Lease), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*coordination.Lease)(nil), (*v1beta1.Lease)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_coordination_Lease_To_v1beta1_Lease(a.(*coordination.Lease), b.(*v1beta1.Lease), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.LeaseList)(nil), (*coordination.LeaseList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_LeaseList_To_coordination_LeaseList(a.(*v1beta1.LeaseList), b.(*coordination.LeaseList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*coordination.LeaseList)(nil), (*v1beta1.LeaseList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_coordination_LeaseList_To_v1beta1_LeaseList(a.(*coordination.LeaseList), b.(*v1beta1.LeaseList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.LeaseSpec)(nil), (*coordination.LeaseSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_LeaseSpec_To_coordination_LeaseSpec(a.(*v1beta1.LeaseSpec), b.(*coordination.LeaseSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*coordination.LeaseSpec)(nil), (*v1beta1.LeaseSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_coordination_LeaseSpec_To_v1beta1_LeaseSpec(a.(*coordination.LeaseSpec), b.(*v1beta1.LeaseSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_Lease_To_coordination_Lease(in *v1beta1.Lease, out *coordination.Lease, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_LeaseSpec_To_coordination_LeaseSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_Lease_To_coordination_Lease is an autogenerated conversion function. -func Convert_v1beta1_Lease_To_coordination_Lease(in *v1beta1.Lease, out *coordination.Lease, s conversion.Scope) error { - return autoConvert_v1beta1_Lease_To_coordination_Lease(in, out, s) -} - -func autoConvert_coordination_Lease_To_v1beta1_Lease(in *coordination.Lease, out *v1beta1.Lease, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_coordination_LeaseSpec_To_v1beta1_LeaseSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_coordination_Lease_To_v1beta1_Lease is an autogenerated conversion function. -func Convert_coordination_Lease_To_v1beta1_Lease(in *coordination.Lease, out *v1beta1.Lease, s conversion.Scope) error { - return autoConvert_coordination_Lease_To_v1beta1_Lease(in, out, s) -} - -func autoConvert_v1beta1_LeaseList_To_coordination_LeaseList(in *v1beta1.LeaseList, out *coordination.LeaseList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]coordination.Lease)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_LeaseList_To_coordination_LeaseList is an autogenerated conversion function. -func Convert_v1beta1_LeaseList_To_coordination_LeaseList(in *v1beta1.LeaseList, out *coordination.LeaseList, s conversion.Scope) error { - return autoConvert_v1beta1_LeaseList_To_coordination_LeaseList(in, out, s) -} - -func autoConvert_coordination_LeaseList_To_v1beta1_LeaseList(in *coordination.LeaseList, out *v1beta1.LeaseList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.Lease)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_coordination_LeaseList_To_v1beta1_LeaseList is an autogenerated conversion function. -func Convert_coordination_LeaseList_To_v1beta1_LeaseList(in *coordination.LeaseList, out *v1beta1.LeaseList, s conversion.Scope) error { - return autoConvert_coordination_LeaseList_To_v1beta1_LeaseList(in, out, s) -} - -func autoConvert_v1beta1_LeaseSpec_To_coordination_LeaseSpec(in *v1beta1.LeaseSpec, out *coordination.LeaseSpec, s conversion.Scope) error { - out.HolderIdentity = (*string)(unsafe.Pointer(in.HolderIdentity)) - out.LeaseDurationSeconds = (*int32)(unsafe.Pointer(in.LeaseDurationSeconds)) - out.AcquireTime = (*v1.MicroTime)(unsafe.Pointer(in.AcquireTime)) - out.RenewTime = (*v1.MicroTime)(unsafe.Pointer(in.RenewTime)) - out.LeaseTransitions = (*int32)(unsafe.Pointer(in.LeaseTransitions)) - return nil -} - -// Convert_v1beta1_LeaseSpec_To_coordination_LeaseSpec is an autogenerated conversion function. -func Convert_v1beta1_LeaseSpec_To_coordination_LeaseSpec(in *v1beta1.LeaseSpec, out *coordination.LeaseSpec, s conversion.Scope) error { - return autoConvert_v1beta1_LeaseSpec_To_coordination_LeaseSpec(in, out, s) -} - -func autoConvert_coordination_LeaseSpec_To_v1beta1_LeaseSpec(in *coordination.LeaseSpec, out *v1beta1.LeaseSpec, s conversion.Scope) error { - out.HolderIdentity = (*string)(unsafe.Pointer(in.HolderIdentity)) - out.LeaseDurationSeconds = (*int32)(unsafe.Pointer(in.LeaseDurationSeconds)) - out.AcquireTime = (*v1.MicroTime)(unsafe.Pointer(in.AcquireTime)) - out.RenewTime = (*v1.MicroTime)(unsafe.Pointer(in.RenewTime)) - out.LeaseTransitions = (*int32)(unsafe.Pointer(in.LeaseTransitions)) - return nil -} - -// Convert_coordination_LeaseSpec_To_v1beta1_LeaseSpec is an autogenerated conversion function. -func Convert_coordination_LeaseSpec_To_v1beta1_LeaseSpec(in *coordination.LeaseSpec, out *v1beta1.LeaseSpec, s conversion.Scope) error { - return autoConvert_coordination_LeaseSpec_To_v1beta1_LeaseSpec(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 198b5be4af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/validation/validation.go deleted file mode 100644 index 4eae06265d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/validation/validation.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/coordination" -) - -// ValidateLease validates a Lease. -func ValidateLease(lease *coordination.Lease) field.ErrorList { - allErrs := validation.ValidateObjectMeta(&lease.ObjectMeta, true, validation.NameIsDNSSubdomain, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateLeaseSpec(&lease.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidateLeaseUpdate validates an update of Lease object. -func ValidateLeaseUpdate(lease, oldLease *coordination.Lease) field.ErrorList { - allErrs := validation.ValidateObjectMetaUpdate(&lease.ObjectMeta, &oldLease.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateLeaseSpec(&lease.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidateLeaseSpec validates spec of Lease. -func ValidateLeaseSpec(spec *coordination.LeaseSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if spec.LeaseDurationSeconds != nil && *spec.LeaseDurationSeconds <= 0 { - fld := fldPath.Child("leaseDurationSeconds") - allErrs = append(allErrs, field.Invalid(fld, spec.LeaseDurationSeconds, "must be greater than 0")) - } - if spec.LeaseTransitions != nil && *spec.LeaseTransitions < 0 { - fld := fldPath.Child("leaseTransitions") - allErrs = append(allErrs, field.Invalid(fld, spec.LeaseTransitions, "must be greater than or equal to 0")) - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/zz_generated.deepcopy.go deleted file mode 100644 index 98d1e6b612..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/coordination/zz_generated.deepcopy.go +++ /dev/null @@ -1,125 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package coordination - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Lease) DeepCopyInto(out *Lease) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Lease. -func (in *Lease) DeepCopy() *Lease { - if in == nil { - return nil - } - out := new(Lease) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Lease) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LeaseList) DeepCopyInto(out *LeaseList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Lease, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaseList. -func (in *LeaseList) DeepCopy() *LeaseList { - if in == nil { - return nil - } - out := new(LeaseList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *LeaseList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LeaseSpec) DeepCopyInto(out *LeaseSpec) { - *out = *in - if in.HolderIdentity != nil { - in, out := &in.HolderIdentity, &out.HolderIdentity - *out = new(string) - **out = **in - } - if in.LeaseDurationSeconds != nil { - in, out := &in.LeaseDurationSeconds, &out.LeaseDurationSeconds - *out = new(int32) - **out = **in - } - if in.AcquireTime != nil { - in, out := &in.AcquireTime, &out.AcquireTime - *out = (*in).DeepCopy() - } - if in.RenewTime != nil { - in, out := &in.RenewTime, &out.RenewTime - *out = (*in).DeepCopy() - } - if in.LeaseTransitions != nil { - in, out := &in.LeaseTransitions, &out.LeaseTransitions - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaseSpec. -func (in *LeaseSpec) DeepCopy() *LeaseSpec { - if in == nil { - return nil - } - out := new(LeaseSpec) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/OWNERS deleted file mode 100644 index 688ea8bd0c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -labels: - - sig/apps diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/annotation_key_constants.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/annotation_key_constants.go deleted file mode 100644 index 3053200a20..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/annotation_key_constants.go +++ /dev/null @@ -1,129 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file should be consistent with pkg/api/v1/annotation_key_constants.go. - -package core - -const ( - // ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy - // webhook backend fails. - ImagePolicyFailedOpenKey string = "alpha.image-policy.k8s.io/failed-open" - - // MirrorPodAnnotationKey represents the annotation key set by kubelets when creating mirror pods - MirrorPodAnnotationKey string = "kubernetes.io/config.mirror" - - // TolerationsAnnotationKey represents the key of tolerations data (json serialized) - // in the Annotations of a Pod. - TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations" - - // TaintsAnnotationKey represents the key of taints data (json serialized) - // in the Annotations of a Node. - TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints" - - // SeccompPodAnnotationKey represents the key of a seccomp profile applied - // to all containers of a pod. - // Deprecated: set a pod security context `seccompProfile` field. - SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod" - - // SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied - // to one container of a pod. - // Deprecated: set a container security context `seccompProfile` field. - SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/" - - // SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. - // Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. - SeccompProfileRuntimeDefault string = "runtime/default" - - // DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. - // Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. - DeprecatedSeccompProfileDockerDefault string = "docker/default" - - // PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) - // in the Annotations of a Node. - PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods" - - // ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache - // an object (e.g. secret, config map) before fetching it again from apiserver. - // This annotation can be attached to node. - ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl" - - // NonConvertibleAnnotationPrefix annotation key prefix used to identify non-convertible json paths. - NonConvertibleAnnotationPrefix = "non-convertible.kubernetes.io" - - kubectlPrefix = "kubectl.kubernetes.io/" - - // LastAppliedConfigAnnotation is the annotation used to store the previous - // configuration of a resource for use in a three way diff by UpdateApplyAnnotation. - LastAppliedConfigAnnotation = kubectlPrefix + "last-applied-configuration" - - // AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers - // - // It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to - // allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow - // access only from the CIDRs currently allocated to MIT & the USPS. - // - // Not all cloud providers support this annotation, though AWS & GCE do. - AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges" - - // EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that - // represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') - // of the last change, of some Pod or Service object, that triggered the endpoints object change. - // In other words, if a Pod / Service changed at time T0, that change was observed by endpoints - // controller at T1, and the Endpoints object was changed at T2, the - // EndpointsLastChangeTriggerTime would be set to T0. - // - // The "endpoints change trigger" here means any Pod or Service change that resulted in the - // Endpoints object change. - // - // Given the definition of the "endpoints change trigger", please note that this annotation will - // be set ONLY for endpoints object changes triggered by either Pod or Service change. If the - // Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's - // already set). - // - // This annotation will be used to compute the in-cluster network programming latency SLI, see - // https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md - EndpointsLastChangeTriggerTime = "endpoints.kubernetes.io/last-change-trigger-time" - - // EndpointsOverCapacity will be set on an Endpoints resource when it - // exceeds the maximum capacity of 1000 addresses. Initially the Endpoints - // controller will set this annotation with a value of "warning". In a - // future release, the controller may set this annotation with a value of - // "truncated" to indicate that any addresses exceeding the limit of 1000 - // have been truncated from the Endpoints resource. - EndpointsOverCapacity = "endpoints.kubernetes.io/over-capacity" - - // MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated - // list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. - // This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or - // CSI Backend for a volume plugin on a specific node. - MigratedPluginsAnnotationKey = "storage.alpha.kubernetes.io/migrated-plugins" - - // PodDeletionCost can be used to set to an int32 that represent the cost of deleting - // a pod compared to other pods belonging to the same ReplicaSet. Pods with lower - // deletion cost are preferred to be deleted before pods with higher deletion cost. - // Note that this is honored on a best-effort basis, and so it does not offer guarantees on - // pod deletion order. - // The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. - // - // This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. - PodDeletionCost = "controller.kubernetes.io/pod-deletion-cost" - - // AnnotationTopologyAwareHints can be used to enable or disable Topology - // Aware Hints for a Service. This may be set to "Auto" or "Disabled". Any - // other value is treated as "Disabled". - AnnotationTopologyAwareHints = "service.kubernetes.io/topology-aware-hints" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/doc.go deleted file mode 100644 index 6475fdab1d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -// Package core contains the latest (or "internal") version of the -// Kubernetes API objects. This is the API objects as represented in memory. -// The contract presented to clients is located in the versioned packages, -// which are sub-directories. The first one is "v1". Those packages -// describe how a particular version is serialized to storage/network. -package core // import "k8s.io/kubernetes/pkg/apis/core" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/helper/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/helper/helpers.go deleted file mode 100644 index 4cdbae9800..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/helper/helpers.go +++ /dev/null @@ -1,515 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package helper - -import ( - "encoding/json" - "fmt" - "strconv" - "strings" - - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/kubernetes/pkg/apis/core" -) - -// IsHugePageResourceName returns true if the resource name has the huge page -// resource prefix. -func IsHugePageResourceName(name core.ResourceName) bool { - return strings.HasPrefix(string(name), core.ResourceHugePagesPrefix) -} - -// IsHugePageResourceValueDivisible returns true if the resource value of storage is -// integer multiple of page size. -func IsHugePageResourceValueDivisible(name core.ResourceName, quantity resource.Quantity) bool { - pageSize, err := HugePageSizeFromResourceName(name) - if err != nil { - return false - } - - if pageSize.Sign() <= 0 || pageSize.MilliValue()%int64(1000) != int64(0) { - return false - } - - return quantity.Value()%pageSize.Value() == 0 -} - -// IsQuotaHugePageResourceName returns true if the resource name has the quota -// related huge page resource prefix. -func IsQuotaHugePageResourceName(name core.ResourceName) bool { - return strings.HasPrefix(string(name), core.ResourceHugePagesPrefix) || strings.HasPrefix(string(name), core.ResourceRequestsHugePagesPrefix) -} - -// HugePageResourceName returns a ResourceName with the canonical hugepage -// prefix prepended for the specified page size. The page size is converted -// to its canonical representation. -func HugePageResourceName(pageSize resource.Quantity) core.ResourceName { - return core.ResourceName(fmt.Sprintf("%s%s", core.ResourceHugePagesPrefix, pageSize.String())) -} - -// HugePageSizeFromResourceName returns the page size for the specified huge page -// resource name. If the specified input is not a valid huge page resource name -// an error is returned. -func HugePageSizeFromResourceName(name core.ResourceName) (resource.Quantity, error) { - if !IsHugePageResourceName(name) { - return resource.Quantity{}, fmt.Errorf("resource name: %s is an invalid hugepage name", name) - } - pageSize := strings.TrimPrefix(string(name), core.ResourceHugePagesPrefix) - return resource.ParseQuantity(pageSize) -} - -// NonConvertibleFields iterates over the provided map and filters out all but -// any keys with the "non-convertible.kubernetes.io" prefix. -func NonConvertibleFields(annotations map[string]string) map[string]string { - nonConvertibleKeys := map[string]string{} - for key, value := range annotations { - if strings.HasPrefix(key, core.NonConvertibleAnnotationPrefix) { - nonConvertibleKeys[key] = value - } - } - return nonConvertibleKeys -} - -// Semantic can do semantic deep equality checks for core objects. -// Example: apiequality.Semantic.DeepEqual(aPod, aPodWithNonNilButEmptyMaps) == true -var Semantic = conversion.EqualitiesOrDie( - func(a, b resource.Quantity) bool { - // Ignore formatting, only care that numeric value stayed the same. - // TODO: if we decide it's important, it should be safe to start comparing the format. - // - // Uninitialized quantities are equivalent to 0 quantities. - return a.Cmp(b) == 0 - }, - func(a, b metav1.MicroTime) bool { - return a.UTC() == b.UTC() - }, - func(a, b metav1.Time) bool { - return a.UTC() == b.UTC() - }, - func(a, b labels.Selector) bool { - return a.String() == b.String() - }, - func(a, b fields.Selector) bool { - return a.String() == b.String() - }, -) - -var standardResourceQuotaScopes = sets.NewString( - string(core.ResourceQuotaScopeTerminating), - string(core.ResourceQuotaScopeNotTerminating), - string(core.ResourceQuotaScopeBestEffort), - string(core.ResourceQuotaScopeNotBestEffort), - string(core.ResourceQuotaScopePriorityClass), -) - -// IsStandardResourceQuotaScope returns true if the scope is a standard value -func IsStandardResourceQuotaScope(str string) bool { - return standardResourceQuotaScopes.Has(str) || str == string(core.ResourceQuotaScopeCrossNamespacePodAffinity) -} - -var podObjectCountQuotaResources = sets.NewString( - string(core.ResourcePods), -) - -var podComputeQuotaResources = sets.NewString( - string(core.ResourceCPU), - string(core.ResourceMemory), - string(core.ResourceLimitsCPU), - string(core.ResourceLimitsMemory), - string(core.ResourceRequestsCPU), - string(core.ResourceRequestsMemory), -) - -// IsResourceQuotaScopeValidForResource returns true if the resource applies to the specified scope -func IsResourceQuotaScopeValidForResource(scope core.ResourceQuotaScope, resource string) bool { - switch scope { - case core.ResourceQuotaScopeTerminating, core.ResourceQuotaScopeNotTerminating, core.ResourceQuotaScopeNotBestEffort, - core.ResourceQuotaScopePriorityClass, core.ResourceQuotaScopeCrossNamespacePodAffinity: - return podObjectCountQuotaResources.Has(resource) || podComputeQuotaResources.Has(resource) - case core.ResourceQuotaScopeBestEffort: - return podObjectCountQuotaResources.Has(resource) - default: - return true - } -} - -var standardContainerResources = sets.NewString( - string(core.ResourceCPU), - string(core.ResourceMemory), - string(core.ResourceEphemeralStorage), -) - -// IsStandardContainerResourceName returns true if the container can make a resource request -// for the specified resource -func IsStandardContainerResourceName(str string) bool { - return standardContainerResources.Has(str) || IsHugePageResourceName(core.ResourceName(str)) -} - -// IsExtendedResourceName returns true if: -// 1. the resource name is not in the default namespace; -// 2. resource name does not have "requests." prefix, -// to avoid confusion with the convention in quota -// 3. it satisfies the rules in IsQualifiedName() after converted into quota resource name -func IsExtendedResourceName(name core.ResourceName) bool { - if IsNativeResource(name) || strings.HasPrefix(string(name), core.DefaultResourceRequestsPrefix) { - return false - } - // Ensure it satisfies the rules in IsQualifiedName() after converted into quota resource name - nameForQuota := fmt.Sprintf("%s%s", core.DefaultResourceRequestsPrefix, string(name)) - if errs := validation.IsQualifiedName(nameForQuota); len(errs) != 0 { - return false - } - return true -} - -// IsNativeResource returns true if the resource name is in the -// *kubernetes.io/ namespace. Partially-qualified (unprefixed) names are -// implicitly in the kubernetes.io/ namespace. -func IsNativeResource(name core.ResourceName) bool { - return !strings.Contains(string(name), "/") || - strings.Contains(string(name), core.ResourceDefaultNamespacePrefix) -} - -// IsOvercommitAllowed returns true if the resource is in the default -// namespace and is not hugepages. -func IsOvercommitAllowed(name core.ResourceName) bool { - return IsNativeResource(name) && - !IsHugePageResourceName(name) -} - -var standardLimitRangeTypes = sets.NewString( - string(core.LimitTypePod), - string(core.LimitTypeContainer), - string(core.LimitTypePersistentVolumeClaim), -) - -// IsStandardLimitRangeType returns true if the type is Pod or Container -func IsStandardLimitRangeType(str string) bool { - return standardLimitRangeTypes.Has(str) -} - -var standardQuotaResources = sets.NewString( - string(core.ResourceCPU), - string(core.ResourceMemory), - string(core.ResourceEphemeralStorage), - string(core.ResourceRequestsCPU), - string(core.ResourceRequestsMemory), - string(core.ResourceRequestsStorage), - string(core.ResourceRequestsEphemeralStorage), - string(core.ResourceLimitsCPU), - string(core.ResourceLimitsMemory), - string(core.ResourceLimitsEphemeralStorage), - string(core.ResourcePods), - string(core.ResourceQuotas), - string(core.ResourceServices), - string(core.ResourceReplicationControllers), - string(core.ResourceSecrets), - string(core.ResourcePersistentVolumeClaims), - string(core.ResourceConfigMaps), - string(core.ResourceServicesNodePorts), - string(core.ResourceServicesLoadBalancers), -) - -// IsStandardQuotaResourceName returns true if the resource is known to -// the quota tracking system -func IsStandardQuotaResourceName(str string) bool { - return standardQuotaResources.Has(str) || IsQuotaHugePageResourceName(core.ResourceName(str)) -} - -var standardResources = sets.NewString( - string(core.ResourceCPU), - string(core.ResourceMemory), - string(core.ResourceEphemeralStorage), - string(core.ResourceRequestsCPU), - string(core.ResourceRequestsMemory), - string(core.ResourceRequestsEphemeralStorage), - string(core.ResourceLimitsCPU), - string(core.ResourceLimitsMemory), - string(core.ResourceLimitsEphemeralStorage), - string(core.ResourcePods), - string(core.ResourceQuotas), - string(core.ResourceServices), - string(core.ResourceReplicationControllers), - string(core.ResourceSecrets), - string(core.ResourceConfigMaps), - string(core.ResourcePersistentVolumeClaims), - string(core.ResourceStorage), - string(core.ResourceRequestsStorage), - string(core.ResourceServicesNodePorts), - string(core.ResourceServicesLoadBalancers), -) - -// IsStandardResourceName returns true if the resource is known to the system -func IsStandardResourceName(str string) bool { - return standardResources.Has(str) || IsQuotaHugePageResourceName(core.ResourceName(str)) -} - -var integerResources = sets.NewString( - string(core.ResourcePods), - string(core.ResourceQuotas), - string(core.ResourceServices), - string(core.ResourceReplicationControllers), - string(core.ResourceSecrets), - string(core.ResourceConfigMaps), - string(core.ResourcePersistentVolumeClaims), - string(core.ResourceServicesNodePorts), - string(core.ResourceServicesLoadBalancers), -) - -// IsIntegerResourceName returns true if the resource is measured in integer values -func IsIntegerResourceName(str string) bool { - return integerResources.Has(str) || IsExtendedResourceName(core.ResourceName(str)) -} - -// IsServiceIPSet aims to check if the service's ClusterIP is set or not -// the objective is not to perform validation here -func IsServiceIPSet(service *core.Service) bool { - // This function assumes that the service is semantically validated - // it does not test if the IP is valid, just makes sure that it is set. - return len(service.Spec.ClusterIP) > 0 && - service.Spec.ClusterIP != core.ClusterIPNone -} - -var standardFinalizers = sets.NewString( - string(core.FinalizerKubernetes), - metav1.FinalizerOrphanDependents, - metav1.FinalizerDeleteDependents, -) - -// IsStandardFinalizerName checks if the input string is a standard finalizer name -func IsStandardFinalizerName(str string) bool { - return standardFinalizers.Has(str) -} - -// GetAccessModesAsString returns a string representation of an array of access modes. -// modes, when present, are always in the same order: RWO,ROX,RWX,RWOP. -func GetAccessModesAsString(modes []core.PersistentVolumeAccessMode) string { - modes = removeDuplicateAccessModes(modes) - modesStr := []string{} - if ContainsAccessMode(modes, core.ReadWriteOnce) { - modesStr = append(modesStr, "RWO") - } - if ContainsAccessMode(modes, core.ReadOnlyMany) { - modesStr = append(modesStr, "ROX") - } - if ContainsAccessMode(modes, core.ReadWriteMany) { - modesStr = append(modesStr, "RWX") - } - if ContainsAccessMode(modes, core.ReadWriteOncePod) { - modesStr = append(modesStr, "RWOP") - } - return strings.Join(modesStr, ",") -} - -// GetAccessModesFromString returns an array of AccessModes from a string created by GetAccessModesAsString -func GetAccessModesFromString(modes string) []core.PersistentVolumeAccessMode { - strmodes := strings.Split(modes, ",") - accessModes := []core.PersistentVolumeAccessMode{} - for _, s := range strmodes { - s = strings.Trim(s, " ") - switch { - case s == "RWO": - accessModes = append(accessModes, core.ReadWriteOnce) - case s == "ROX": - accessModes = append(accessModes, core.ReadOnlyMany) - case s == "RWX": - accessModes = append(accessModes, core.ReadWriteMany) - case s == "RWOP": - accessModes = append(accessModes, core.ReadWriteOncePod) - } - } - return accessModes -} - -// removeDuplicateAccessModes returns an array of access modes without any duplicates -func removeDuplicateAccessModes(modes []core.PersistentVolumeAccessMode) []core.PersistentVolumeAccessMode { - accessModes := []core.PersistentVolumeAccessMode{} - for _, m := range modes { - if !ContainsAccessMode(accessModes, m) { - accessModes = append(accessModes, m) - } - } - return accessModes -} - -func ContainsAccessMode(modes []core.PersistentVolumeAccessMode, mode core.PersistentVolumeAccessMode) bool { - for _, m := range modes { - if m == mode { - return true - } - } - return false -} - -// GetTolerationsFromPodAnnotations gets the json serialized tolerations data from Pod.Annotations -// and converts it to the []Toleration type in core. -func GetTolerationsFromPodAnnotations(annotations map[string]string) ([]core.Toleration, error) { - var tolerations []core.Toleration - if len(annotations) > 0 && annotations[core.TolerationsAnnotationKey] != "" { - err := json.Unmarshal([]byte(annotations[core.TolerationsAnnotationKey]), &tolerations) - if err != nil { - return tolerations, err - } - } - return tolerations, nil -} - -// AddOrUpdateTolerationInPod tries to add a toleration to the pod's toleration list. -// Returns true if something was updated, false otherwise. -func AddOrUpdateTolerationInPod(pod *core.Pod, toleration *core.Toleration) bool { - podTolerations := pod.Spec.Tolerations - - var newTolerations []core.Toleration - updated := false - for i := range podTolerations { - if toleration.MatchToleration(&podTolerations[i]) { - if Semantic.DeepEqual(toleration, podTolerations[i]) { - return false - } - newTolerations = append(newTolerations, *toleration) - updated = true - continue - } - - newTolerations = append(newTolerations, podTolerations[i]) - } - - if !updated { - newTolerations = append(newTolerations, *toleration) - } - - pod.Spec.Tolerations = newTolerations - return true -} - -// GetTaintsFromNodeAnnotations gets the json serialized taints data from Pod.Annotations -// and converts it to the []Taint type in core. -func GetTaintsFromNodeAnnotations(annotations map[string]string) ([]core.Taint, error) { - var taints []core.Taint - if len(annotations) > 0 && annotations[core.TaintsAnnotationKey] != "" { - err := json.Unmarshal([]byte(annotations[core.TaintsAnnotationKey]), &taints) - if err != nil { - return []core.Taint{}, err - } - } - return taints, nil -} - -// GetPersistentVolumeClass returns StorageClassName. -func GetPersistentVolumeClass(volume *core.PersistentVolume) string { - // Use beta annotation first - if class, found := volume.Annotations[core.BetaStorageClassAnnotation]; found { - return class - } - - return volume.Spec.StorageClassName -} - -// GetPersistentVolumeClaimClass returns StorageClassName. If no storage class was -// requested, it returns "". -func GetPersistentVolumeClaimClass(claim *core.PersistentVolumeClaim) string { - // Use beta annotation first - if class, found := claim.Annotations[core.BetaStorageClassAnnotation]; found { - return class - } - - if claim.Spec.StorageClassName != nil { - return *claim.Spec.StorageClassName - } - - return "" -} - -// PersistentVolumeClaimHasClass returns true if given claim has set StorageClassName field. -func PersistentVolumeClaimHasClass(claim *core.PersistentVolumeClaim) bool { - // Use beta annotation first - if _, found := claim.Annotations[core.BetaStorageClassAnnotation]; found { - return true - } - - if claim.Spec.StorageClassName != nil { - return true - } - - return false -} - -func toResourceNames(resources core.ResourceList) []core.ResourceName { - result := []core.ResourceName{} - for resourceName := range resources { - result = append(result, resourceName) - } - return result -} - -func toSet(resourceNames []core.ResourceName) sets.String { - result := sets.NewString() - for _, resourceName := range resourceNames { - result.Insert(string(resourceName)) - } - return result -} - -// toContainerResourcesSet returns a set of resources names in container resource requirements -func toContainerResourcesSet(ctr *core.Container) sets.String { - resourceNames := toResourceNames(ctr.Resources.Requests) - resourceNames = append(resourceNames, toResourceNames(ctr.Resources.Limits)...) - return toSet(resourceNames) -} - -// ToPodResourcesSet returns a set of resource names in all containers in a pod. -func ToPodResourcesSet(podSpec *core.PodSpec) sets.String { - result := sets.NewString() - for i := range podSpec.InitContainers { - result = result.Union(toContainerResourcesSet(&podSpec.InitContainers[i])) - } - for i := range podSpec.Containers { - result = result.Union(toContainerResourcesSet(&podSpec.Containers[i])) - } - return result -} - -// GetDeletionCostFromPodAnnotations returns the integer value of pod-deletion-cost. Returns 0 -// if not set or the value is invalid. -func GetDeletionCostFromPodAnnotations(annotations map[string]string) (int32, error) { - if value, exist := annotations[core.PodDeletionCost]; exist { - // values that start with plus sign (e.g, "+10") or leading zeros (e.g., "008") are not valid. - if !validFirstDigit(value) { - return 0, fmt.Errorf("invalid value %q", value) - } - - i, err := strconv.ParseInt(value, 10, 32) - if err != nil { - // make sure we default to 0 on error. - return 0, err - } - return int32(i), nil - } - return 0, nil -} - -func validFirstDigit(str string) bool { - if len(str) == 0 { - return false - } - return str[0] == '-' || (str[0] == '0' && str == "0") || (str[0] >= '1' && str[0] <= '9') -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/helper/qos/qos.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/helper/qos/qos.go deleted file mode 100644 index 5f9c2604f0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/helper/qos/qos.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// NOTE: DO NOT use those helper functions through client-go, the -// package path will be changed in the future. -package qos - -import ( - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/kubernetes/pkg/apis/core" -) - -var supportedQoSComputeResources = sets.NewString(string(core.ResourceCPU), string(core.ResourceMemory)) - -func isSupportedQoSComputeResource(name core.ResourceName) bool { - return supportedQoSComputeResources.Has(string(name)) -} - -// GetPodQOS returns the QoS class of a pod. -// A pod is besteffort if none of its containers have specified any requests or limits. -// A pod is guaranteed only when requests and limits are specified for all the containers and they are equal. -// A pod is burstable if limits and requests do not match across all containers. -// When this function is updated please also update staging/src/k8s.io/kubectl/pkg/util/qos/qos.go -func GetPodQOS(pod *core.Pod) core.PodQOSClass { - requests := core.ResourceList{} - limits := core.ResourceList{} - zeroQuantity := resource.MustParse("0") - isGuaranteed := true - allContainers := []core.Container{} - allContainers = append(allContainers, pod.Spec.Containers...) - allContainers = append(allContainers, pod.Spec.InitContainers...) - for _, container := range allContainers { - // process requests - for name, quantity := range container.Resources.Requests { - if !isSupportedQoSComputeResource(name) { - continue - } - if quantity.Cmp(zeroQuantity) == 1 { - delta := quantity.DeepCopy() - if _, exists := requests[name]; !exists { - requests[name] = delta - } else { - delta.Add(requests[name]) - requests[name] = delta - } - } - } - // process limits - qosLimitsFound := sets.NewString() - for name, quantity := range container.Resources.Limits { - if !isSupportedQoSComputeResource(name) { - continue - } - if quantity.Cmp(zeroQuantity) == 1 { - qosLimitsFound.Insert(string(name)) - delta := quantity.DeepCopy() - if _, exists := limits[name]; !exists { - limits[name] = delta - } else { - delta.Add(limits[name]) - limits[name] = delta - } - } - } - - if !qosLimitsFound.HasAll(string(core.ResourceMemory), string(core.ResourceCPU)) { - isGuaranteed = false - } - } - if len(requests) == 0 && len(limits) == 0 { - return core.PodQOSBestEffort - } - // Check is requests match limits for all resources. - if isGuaranteed { - for name, req := range requests { - if lim, exists := limits[name]; !exists || lim.Cmp(req) != 0 { - isGuaranteed = false - break - } - } - } - if isGuaranteed && - len(requests) == len(limits) { - return core.PodQOSGuaranteed - } - return core.PodQOSBurstable -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/install/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/install/OWNERS deleted file mode 100644 index 215733b597..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/install/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - lavalamp - - smarterclayton - - deads2k - - caesarxuchao - - liggitt - - dims diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/install/install.go deleted file mode 100644 index d2d82e27d4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/install/install.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the v1 monolithic api, making it available as an -// option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/v1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(core.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/json.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/json.go deleted file mode 100644 index 46702cb468..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/json.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import "encoding/json" - -// This file implements json marshaling/unmarshaling interfaces on objects that are currently marshaled into annotations -// to prevent anyone from marshaling these internal structs. - -var _ = json.Marshaler(&AvoidPods{}) -var _ = json.Unmarshaler(&AvoidPods{}) - -// MarshalJSON panics to prevent marshalling of internal structs -func (AvoidPods) MarshalJSON() ([]byte, error) { panic("do not marshal internal struct") } - -// UnmarshalJSON panics to prevent unmarshalling of internal structs -func (*AvoidPods) UnmarshalJSON([]byte) error { panic("do not unmarshal to internal struct") } diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/objectreference.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/objectreference.go deleted file mode 100644 index 60f7e8a88f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/objectreference.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -//TODO: consider making these methods functions, because we don't want helper -//functions in the k8s.io/api repo. - -package core - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// SetGroupVersionKind sets the API version and kind of the object reference -func (obj *ObjectReference) SetGroupVersionKind(gvk schema.GroupVersionKind) { - obj.APIVersion, obj.Kind = gvk.ToAPIVersionAndKind() -} - -// GroupVersionKind returns the API version and kind of the object reference -func (obj *ObjectReference) GroupVersionKind() schema.GroupVersionKind { - return schema.FromAPIVersionAndKind(obj.APIVersion, obj.Kind) -} - -// GetObjectKind returns the kind of object reference -func (obj *ObjectReference) GetObjectKind() schema.ObjectKind { return obj } diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/pods/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/pods/helpers.go deleted file mode 100644 index 71810c5005..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/pods/helpers.go +++ /dev/null @@ -1,96 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package pods - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/util/validation/field" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/fieldpath" -) - -// ContainerVisitorWithPath is called with each container and the field.Path to that container, -// and returns true if visiting should continue. -type ContainerVisitorWithPath func(container *api.Container, path *field.Path) bool - -// VisitContainersWithPath invokes the visitor function with a pointer to the spec -// of every container in the given pod spec and the field.Path to that container. -// If visitor returns false, visiting is short-circuited. VisitContainersWithPath returns true if visiting completes, -// false if visiting was short-circuited. -func VisitContainersWithPath(podSpec *api.PodSpec, specPath *field.Path, visitor ContainerVisitorWithPath) bool { - fldPath := specPath.Child("initContainers") - for i := range podSpec.InitContainers { - if !visitor(&podSpec.InitContainers[i], fldPath.Index(i)) { - return false - } - } - fldPath = specPath.Child("containers") - for i := range podSpec.Containers { - if !visitor(&podSpec.Containers[i], fldPath.Index(i)) { - return false - } - } - fldPath = specPath.Child("ephemeralContainers") - for i := range podSpec.EphemeralContainers { - if !visitor((*api.Container)(&podSpec.EphemeralContainers[i].EphemeralContainerCommon), fldPath.Index(i)) { - return false - } - } - return true -} - -// ConvertDownwardAPIFieldLabel converts the specified downward API field label -// and its value in the pod of the specified version to the internal version, -// and returns the converted label and value. This function returns an error if -// the conversion fails. -func ConvertDownwardAPIFieldLabel(version, label, value string) (string, string, error) { - if version != "v1" { - return "", "", fmt.Errorf("unsupported pod version: %s", version) - } - - if path, _, ok := fieldpath.SplitMaybeSubscriptedPath(label); ok { - switch path { - case "metadata.annotations", "metadata.labels": - return label, value, nil - default: - return "", "", fmt.Errorf("field label does not support subscript: %s", label) - } - } - - switch label { - case "metadata.annotations", - "metadata.labels", - "metadata.name", - "metadata.namespace", - "metadata.uid", - "spec.nodeName", - "spec.restartPolicy", - "spec.serviceAccountName", - "spec.schedulerName", - "status.phase", - "status.hostIP", - "status.podIP", - "status.podIPs": - return label, value, nil - // This is for backwards compatibility with old v1 clients which send spec.host - case "spec.host": - return "spec.nodeName", value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/register.go deleted file mode 100644 index 882f31795a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/register.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder object to register various known types - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - - // AddToScheme represents a func that can be used to apply all the registered - // funcs in a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - if err := scheme.AddIgnoredConversionType(&metav1.TypeMeta{}, &metav1.TypeMeta{}); err != nil { - return err - } - scheme.AddKnownTypes(SchemeGroupVersion, - &Pod{}, - &PodList{}, - &PodStatusResult{}, - &PodTemplate{}, - &PodTemplateList{}, - &ReplicationControllerList{}, - &ReplicationController{}, - &ServiceList{}, - &Service{}, - &ServiceProxyOptions{}, - &NodeList{}, - &Node{}, - &NodeProxyOptions{}, - &Endpoints{}, - &EndpointsList{}, - &Binding{}, - &Event{}, - &EventList{}, - &List{}, - &LimitRange{}, - &LimitRangeList{}, - &ResourceQuota{}, - &ResourceQuotaList{}, - &Namespace{}, - &NamespaceList{}, - &ServiceAccount{}, - &ServiceAccountList{}, - &Secret{}, - &SecretList{}, - &PersistentVolume{}, - &PersistentVolumeList{}, - &PersistentVolumeClaim{}, - &PersistentVolumeClaimList{}, - &PodAttachOptions{}, - &PodLogOptions{}, - &PodExecOptions{}, - &PodPortForwardOptions{}, - &PodProxyOptions{}, - &ComponentStatus{}, - &ComponentStatusList{}, - &SerializedReference{}, - &RangeAllocation{}, - &ConfigMap{}, - &ConfigMapList{}, - ) - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/resource.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/resource.go deleted file mode 100644 index bde1e24ca5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/resource.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import ( - "k8s.io/apimachinery/pkg/api/resource" -) - -func (rn ResourceName) String() string { - return string(rn) -} - -// CPU returns the CPU limit if specified. -func (rl *ResourceList) CPU() *resource.Quantity { - return rl.Name(ResourceCPU, resource.DecimalSI) -} - -// Memory returns the Memory limit if specified. -func (rl *ResourceList) Memory() *resource.Quantity { - return rl.Name(ResourceMemory, resource.BinarySI) -} - -// Storage returns the Storage limit if specified. -func (rl *ResourceList) Storage() *resource.Quantity { - return rl.Name(ResourceStorage, resource.BinarySI) -} - -// Pods returns the list of pods -func (rl *ResourceList) Pods() *resource.Quantity { - return rl.Name(ResourcePods, resource.DecimalSI) -} - -// StorageEphemeral returns the list of ephemeral storage volumes, if any -func (rl *ResourceList) StorageEphemeral() *resource.Quantity { - return rl.Name(ResourceEphemeralStorage, resource.BinarySI) -} - -// Name returns the resource with name if specified, otherwise it returns a nil quantity with default format. -func (rl *ResourceList) Name(name ResourceName, defaultFormat resource.Format) *resource.Quantity { - if val, ok := (*rl)[name]; ok { - return &val - } - return &resource.Quantity{Format: defaultFormat} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/taint.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/taint.go deleted file mode 100644 index 2c800de9b0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/taint.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -//TODO: consider making these methods functions, because we don't want helper -//functions in the k8s.io/api repo. - -package core - -import "fmt" - -// MatchTaint checks if the taint matches taintToMatch. Taints are unique by key:effect, -// if the two taints have same key:effect, regard as they match. -func (t *Taint) MatchTaint(taintToMatch Taint) bool { - return t.Key == taintToMatch.Key && t.Effect == taintToMatch.Effect -} - -// ToString converts taint struct to string in format '<key>=<value>:<effect>', '<key>=<value>:', '<key>:<effect>', or '<key>'. -func (t *Taint) ToString() string { - if len(t.Effect) == 0 { - if len(t.Value) == 0 { - return fmt.Sprintf("%v", t.Key) - } - return fmt.Sprintf("%v=%v:", t.Key, t.Value) - } - if len(t.Value) == 0 { - return fmt.Sprintf("%v:%v", t.Key, t.Effect) - } - return fmt.Sprintf("%v=%v:%v", t.Key, t.Value, t.Effect) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/toleration.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/toleration.go deleted file mode 100644 index 1dfbc9f1bb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/toleration.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -//TODO: consider making these methods functions, because we don't want helper -//functions in the k8s.io/api repo. - -package core - -// MatchToleration checks if the toleration matches tolerationToMatch. Tolerations are unique by <key,effect,operator,value>, -// if the two tolerations have same <key,effect,operator,value> combination, regard as they match. -// TODO: uniqueness check for tolerations in api validations. -func (t *Toleration) MatchToleration(tolerationToMatch *Toleration) bool { - return t.Key == tolerationToMatch.Key && - t.Effect == tolerationToMatch.Effect && - t.Operator == tolerationToMatch.Operator && - t.Value == tolerationToMatch.Value -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/types.go deleted file mode 100644 index fbbecb00d5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/types.go +++ /dev/null @@ -1,5907 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import ( - "k8s.io/apimachinery/pkg/api/resource" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/intstr" -) - -const ( - // NamespaceDefault means the object is in the default namespace which is applied when not specified by clients - NamespaceDefault = "default" - // NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces - NamespaceAll = "" - // NamespaceNone is the argument for a context when there is no namespace. - NamespaceNone = "" - // NamespaceSystem is the system namespace where we place system components. - NamespaceSystem = "kube-system" - // NamespacePublic is the namespace where we place public info (ConfigMaps) - NamespacePublic = "kube-public" - // NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) - NamespaceNodeLease = "kube-node-lease" - // TerminationMessagePathDefault means the default path to capture the application termination message running in a container - TerminationMessagePathDefault = "/dev/termination-log" -) - -// Volume represents a named volume in a pod that may be accessed by any containers in the pod. -type Volume struct { - // Required: This must be a DNS_LABEL. Each volume in a pod must have - // a unique name. - Name string - // The VolumeSource represents the location and type of a volume to mount. - // This is optional for now. If not specified, the Volume is implied to be an EmptyDir. - // This implied behavior is deprecated and will be removed in a future version. - // +optional - VolumeSource -} - -// VolumeSource represents the source location of a volume to mount. -// Only one of its members may be specified. -type VolumeSource struct { - // HostPath represents file or directory on the host machine that is - // directly exposed to the container. This is generally used for system - // agents or other privileged things that are allowed to see the host - // machine. Most containers will NOT need this. - // --- - // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - // mount host directories as read/write. - // +optional - HostPath *HostPathVolumeSource - // EmptyDir represents a temporary directory that shares a pod's lifetime. - // +optional - EmptyDir *EmptyDirVolumeSource - // GCEPersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // +optional - GCEPersistentDisk *GCEPersistentDiskVolumeSource - // AWSElasticBlockStore represents an AWS EBS disk that is attached to a - // kubelet's host machine and then exposed to the pod. - // +optional - AWSElasticBlockStore *AWSElasticBlockStoreVolumeSource - // GitRepo represents a git repository at a particular revision. - // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - // into the Pod's container. - // +optional - GitRepo *GitRepoVolumeSource - // Secret represents a secret that should populate this volume. - // +optional - Secret *SecretVolumeSource - // NFS represents an NFS mount on the host that shares a pod's lifetime - // +optional - NFS *NFSVolumeSource - // ISCSIVolumeSource represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // +optional - ISCSI *ISCSIVolumeSource - // Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime - // +optional - Glusterfs *GlusterfsVolumeSource - // PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace - // +optional - PersistentVolumeClaim *PersistentVolumeClaimVolumeSource - // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime - // +optional - RBD *RBDVolumeSource - - // Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - Quobyte *QuobyteVolumeSource - - // FlexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - FlexVolume *FlexVolumeSource - - // Cinder represents a cinder volume attached and mounted on kubelet's host machine. - // +optional - Cinder *CinderVolumeSource - - // CephFS represents a Cephfs mount on the host that shares a pod's lifetime - // +optional - CephFS *CephFSVolumeSource - - // Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - Flocker *FlockerVolumeSource - - // DownwardAPI represents metadata about the pod that should populate this volume - // +optional - DownwardAPI *DownwardAPIVolumeSource - // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - FC *FCVolumeSource - // AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - AzureFile *AzureFileVolumeSource - // ConfigMap represents a configMap that should populate this volume - // +optional - ConfigMap *ConfigMapVolumeSource - // VsphereVolume represents a vSphere volume attached and mounted on kubelet's host machine - // +optional - VsphereVolume *VsphereVirtualDiskVolumeSource - // AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - AzureDisk *AzureDiskVolumeSource - // PhotonPersistentDisk represents a Photon Controller persistent disk attached and mounted on kubelet's host machine - PhotonPersistentDisk *PhotonPersistentDiskVolumeSource - // Items for all in one resources secrets, configmaps, and downward API - Projected *ProjectedVolumeSource - // PortworxVolume represents a portworx volume attached and mounted on kubelet's host machine - // +optional - PortworxVolume *PortworxVolumeSource - // ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - ScaleIO *ScaleIOVolumeSource - // StorageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // +optional - StorageOS *StorageOSVolumeSource - // CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. - // +optional - CSI *CSIVolumeSource - // Ephemeral represents a volume that is handled by a cluster storage driver. - // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - // and deleted when the pod is removed. - // - // Use this if: - // a) the volume is only needed while the pod runs, - // b) features of normal volumes like restoring from snapshot or capacity - // tracking are needed, - // c) the storage driver is specified through a storage class, and - // d) the storage driver supports dynamic volume provisioning through - // a PersistentVolumeClaim (see EphemeralVolumeSource for more - // information on the connection between this volume type - // and PersistentVolumeClaim). - // - // Use PersistentVolumeClaim or one of the vendor-specific - // APIs for volumes that persist for longer than the lifecycle - // of an individual pod. - // - // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - // be used that way - see the documentation of the driver for - // more information. - // - // A pod can use both types of ephemeral volumes and - // persistent volumes at the same time. - // - // +optional - Ephemeral *EphemeralVolumeSource -} - -// PersistentVolumeSource is similar to VolumeSource but meant for the administrator who creates PVs. -// Exactly one of its members must be set. -type PersistentVolumeSource struct { - // GCEPersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // +optional - GCEPersistentDisk *GCEPersistentDiskVolumeSource - // AWSElasticBlockStore represents an AWS EBS disk that is attached to a - // kubelet's host machine and then exposed to the pod. - // +optional - AWSElasticBlockStore *AWSElasticBlockStoreVolumeSource - // HostPath represents a directory on the host. - // Provisioned by a developer or tester. - // This is useful for single-node development and testing only! - // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. - // +optional - HostPath *HostPathVolumeSource - // Glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod - // +optional - Glusterfs *GlusterfsPersistentVolumeSource - // NFS represents an NFS mount on the host that shares a pod's lifetime - // +optional - NFS *NFSVolumeSource - // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime - // +optional - RBD *RBDPersistentVolumeSource - // Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - Quobyte *QuobyteVolumeSource - // ISCSIPersistentVolumeSource represents an ISCSI resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // +optional - ISCSI *ISCSIPersistentVolumeSource - // FlexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - FlexVolume *FlexPersistentVolumeSource - // Cinder represents a cinder volume attached and mounted on kubelet's host machine. - // +optional - Cinder *CinderPersistentVolumeSource - // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - CephFS *CephFSPersistentVolumeSource - // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - FC *FCVolumeSource - // Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - Flocker *FlockerVolumeSource - // AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - AzureFile *AzureFilePersistentVolumeSource - // VsphereVolume represents a vSphere volume attached and mounted on kubelet's host machine - // +optional - VsphereVolume *VsphereVirtualDiskVolumeSource - // AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - AzureDisk *AzureDiskVolumeSource - // PhotonPersistentDisk represents a Photon Controller persistent disk attached and mounted on kubelet's host machine - PhotonPersistentDisk *PhotonPersistentDiskVolumeSource - // PortworxVolume represents a portworx volume attached and mounted on kubelet's host machine - // +optional - PortworxVolume *PortworxVolumeSource - // ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - ScaleIO *ScaleIOPersistentVolumeSource - // Local represents directly-attached storage with node affinity - // +optional - Local *LocalVolumeSource - // StorageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // More info: https://examples.k8s.io/volumes/storageos/README.md - // +optional - StorageOS *StorageOSPersistentVolumeSource - // CSI (Container Storage Interface) represents storage that is handled by an external CSI driver. - // +optional - CSI *CSIPersistentVolumeSource -} - -// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace -type PersistentVolumeClaimVolumeSource struct { - // ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume - ClaimName string - // Optional: Defaults to false (read/write). ReadOnly here - // will force the ReadOnly setting in VolumeMounts - // +optional - ReadOnly bool -} - -const ( - // BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. - // It's deprecated and will be removed in a future release. (#51440) - BetaStorageClassAnnotation = "volume.beta.kubernetes.io/storage-class" - - // MountOptionAnnotation defines mount option annotation used in PVs - MountOptionAnnotation = "volume.beta.kubernetes.io/mount-options" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PersistentVolume struct captures the details of the implementation of PV storage -type PersistentVolume struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines a persistent volume owned by the cluster - // +optional - Spec PersistentVolumeSpec - - // Status represents the current information about persistent volume. - // +optional - Status PersistentVolumeStatus -} - -// PersistentVolumeSpec has most of the details required to define a persistent volume -type PersistentVolumeSpec struct { - // Resources represents the actual resources of the volume - Capacity ResourceList - // Source represents the location and type of a volume to mount. - PersistentVolumeSource - // AccessModes contains all ways the volume can be mounted - // +optional - AccessModes []PersistentVolumeAccessMode - // ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. - // ClaimRef is expected to be non-nil when bound. - // claim.VolumeName is the authoritative bind between PV and PVC. - // When set to non-nil value, PVC.Spec.Selector of the referenced PVC is - // ignored, i.e. labels of this PV do not need to match PVC selector. - // +optional - ClaimRef *ObjectReference - // Optional: what happens to a persistent volume when released from its claim. - // +optional - PersistentVolumeReclaimPolicy PersistentVolumeReclaimPolicy - // Name of StorageClass to which this persistent volume belongs. Empty value - // means that this volume does not belong to any StorageClass. - // +optional - StorageClassName string - // A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will - // simply fail if one is invalid. - // +optional - MountOptions []string - // volumeMode defines if a volume is intended to be used with a formatted filesystem - // or to remain in raw block state. Value of Filesystem is implied when not included in spec. - // +optional - VolumeMode *PersistentVolumeMode - // NodeAffinity defines constraints that limit what nodes this volume can be accessed from. - // This field influences the scheduling of pods that use this volume. - // +optional - NodeAffinity *VolumeNodeAffinity -} - -// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. -type VolumeNodeAffinity struct { - // Required specifies hard node constraints that must be met. - Required *NodeSelector -} - -// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes -type PersistentVolumeReclaimPolicy string - -const ( - // PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. - // The volume plugin must support Recycling. - // DEPRECATED: The PersistentVolumeReclaimRecycle called Recycle is being deprecated. See announcement here: https://groups.google.com/forum/#!topic/kubernetes-dev/uexugCza84I - PersistentVolumeReclaimRecycle PersistentVolumeReclaimPolicy = "Recycle" - // PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. - // The volume plugin must support Deletion. - PersistentVolumeReclaimDelete PersistentVolumeReclaimPolicy = "Delete" - // PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. - // The default policy is Retain. - PersistentVolumeReclaimRetain PersistentVolumeReclaimPolicy = "Retain" -) - -// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. -type PersistentVolumeMode string - -const ( - // PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. - PersistentVolumeBlock PersistentVolumeMode = "Block" - // PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. - PersistentVolumeFilesystem PersistentVolumeMode = "Filesystem" -) - -// PersistentVolumeStatus represents the status of PV storage -type PersistentVolumeStatus struct { - // Phase indicates if a volume is available, bound to a claim, or released by a claim - // +optional - Phase PersistentVolumePhase - // A human-readable message indicating details about why the volume is in this state. - // +optional - Message string - // Reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI - // +optional - Reason string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PersistentVolumeList represents a list of PVs -type PersistentVolumeList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - Items []PersistentVolume -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PersistentVolumeClaim is a user's request for and claim to a persistent volume -type PersistentVolumeClaim struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the volume requested by a pod author - // +optional - Spec PersistentVolumeClaimSpec - - // Status represents the current information about a claim - // +optional - Status PersistentVolumeClaimStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PersistentVolumeClaimList represents the list of PV claims -type PersistentVolumeClaimList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - Items []PersistentVolumeClaim -} - -// PersistentVolumeClaimSpec describes the common attributes of storage devices -// and allows a Source for provider-specific attributes -type PersistentVolumeClaimSpec struct { - // Contains the types of access modes required - // +optional - AccessModes []PersistentVolumeAccessMode - // A label query over volumes to consider for binding. This selector is - // ignored when VolumeName is set - // +optional - Selector *metav1.LabelSelector - // Resources represents the minimum resources required - // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - // that are lower than previous value but must still be higher than capacity recorded in the - // status field of the claim. - // +optional - Resources ResourceRequirements - // VolumeName is the binding reference to the PersistentVolume backing this - // claim. When set to non-empty value Selector is not evaluated - // +optional - VolumeName string - // Name of the StorageClass required by the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 - // +optional - StorageClassName *string - // volumeMode defines what type of volume is required by the claim. - // Value of Filesystem is implied when not included in claim spec. - // +optional - VolumeMode *PersistentVolumeMode - // This field can be used to specify either: - // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - // * An existing PVC (PersistentVolumeClaim) - // If the provisioner or an external controller can support the specified data source, - // it will create a new volume based on the contents of the specified data source. - // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - // If the namespace is specified, then dataSourceRef will not be copied to dataSource. - // +optional - DataSource *TypedLocalObjectReference - // Specifies the object from which to populate the volume with data, if a non-empty - // volume is desired. This may be any object from a non-empty API group (non - // core object) or a PersistentVolumeClaim object. - // When this field is specified, volume binding will only succeed if the type of - // the specified object matches some installed volume populator or dynamic - // provisioner. - // This field will replace the functionality of the dataSource field and as such - // if both fields are non-empty, they must have the same value. For backwards - // compatibility, when namespace isn't specified in dataSourceRef, - // both fields (dataSource and dataSourceRef) will be set to the same - // value automatically if one of them is empty and the other is non-empty. - // When namespace is specified in dataSourceRef, - // dataSource isn't set to the same value and must be empty. - // There are three important differences between dataSource and dataSourceRef: - // * While dataSource only allows two specific types of objects, dataSourceRef - // allows any non-core object, as well as PersistentVolumeClaim objects. - // * While dataSource ignores disallowed values (dropping them), dataSourceRef - // preserves all values, and generates an error if a disallowed value is - // specified. - // * While dataSource only allows local objects, dataSourceRef allows objects - // in any namespaces. - // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +optional - DataSourceRef *TypedObjectReference -} - -type TypedObjectReference struct { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - APIGroup *string - // Kind is the type of resource being referenced - Kind string - // Name is the name of resource being referenced - Name string - // Namespace is the namespace of resource being referenced - // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +featureGate=CrossNamespaceVolumeDataSource - // +optional - Namespace *string -} - -// PersistentVolumeClaimConditionType defines the condition of PV claim. -// Valid values are either "Resizing" or "FileSystemResizePending". -type PersistentVolumeClaimConditionType string - -// These are valid conditions of Pvc -const ( - // An user trigger resize of pvc has been started - PersistentVolumeClaimResizing PersistentVolumeClaimConditionType = "Resizing" - // PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node - PersistentVolumeClaimFileSystemResizePending PersistentVolumeClaimConditionType = "FileSystemResizePending" -) - -// +enum -type PersistentVolumeClaimResizeStatus string - -const ( - // When expansion is complete, the empty string is set by resize controller or kubelet. - PersistentVolumeClaimNoExpansionInProgress PersistentVolumeClaimResizeStatus = "" - // State set when resize controller starts expanding the volume in control-plane - PersistentVolumeClaimControllerExpansionInProgress PersistentVolumeClaimResizeStatus = "ControllerExpansionInProgress" - // State set when expansion has failed in resize controller with a terminal error. - // Transient errors such as timeout should not set this status and should leave ResizeStatus - // unmodified, so as resize controller can resume the volume expansion. - PersistentVolumeClaimControllerExpansionFailed PersistentVolumeClaimResizeStatus = "ControllerExpansionFailed" - // State set when resize controller has finished expanding the volume but further expansion is needed on the node. - PersistentVolumeClaimNodeExpansionPending PersistentVolumeClaimResizeStatus = "NodeExpansionPending" - // State set when kubelet starts expanding the volume. - PersistentVolumeClaimNodeExpansionInProgress PersistentVolumeClaimResizeStatus = "NodeExpansionInProgress" - // State set when expansion has failed in kubelet with a terminal error. Transient errors don't set NodeExpansionFailed. - PersistentVolumeClaimNodeExpansionFailed PersistentVolumeClaimResizeStatus = "NodeExpansionFailed" -) - -// PersistentVolumeClaimCondition represents the current condition of PV claim -type PersistentVolumeClaimCondition struct { - Type PersistentVolumeClaimConditionType - Status ConditionStatus - // +optional - LastProbeTime metav1.Time - // +optional - LastTransitionTime metav1.Time - // +optional - Reason string - // +optional - Message string -} - -// PersistentVolumeClaimStatus represents the status of PV claim -type PersistentVolumeClaimStatus struct { - // Phase represents the current phase of PersistentVolumeClaim - // +optional - Phase PersistentVolumeClaimPhase - // AccessModes contains all ways the volume backing the PVC can be mounted - // +optional - AccessModes []PersistentVolumeAccessMode - // Represents the actual resources of the underlying volume - // +optional - Capacity ResourceList - // +optional - Conditions []PersistentVolumeClaimCondition - // The storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - // be larger than the actual capacity when a volume expansion operation is requested. - // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - // If a volume expansion capacity request is lowered, allocatedResources is only - // lowered if there are no expansion operations in progress and if the actual volume capacity - // is equal or lower than the requested capacity. - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - AllocatedResources ResourceList - // ResizeStatus stores status of resize operation. - // ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - // string by resize controller or kubelet. - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - ResizeStatus *PersistentVolumeClaimResizeStatus -} - -// PersistentVolumeAccessMode defines various access modes for PV. -type PersistentVolumeAccessMode string - -// These are the valid values for PersistentVolumeAccessMode -const ( - // can be mounted read/write mode to exactly 1 host - ReadWriteOnce PersistentVolumeAccessMode = "ReadWriteOnce" - // can be mounted in read-only mode to many hosts - ReadOnlyMany PersistentVolumeAccessMode = "ReadOnlyMany" - // can be mounted in read/write mode to many hosts - ReadWriteMany PersistentVolumeAccessMode = "ReadWriteMany" - // can be mounted read/write mode to exactly 1 pod - // cannot be used in combination with other access modes - ReadWriteOncePod PersistentVolumeAccessMode = "ReadWriteOncePod" -) - -// PersistentVolumePhase defines the phase in which a PV is -type PersistentVolumePhase string - -// These are the valid values for PersistentVolumePhase -const ( - // used for PersistentVolumes that are not available - VolumePending PersistentVolumePhase = "Pending" - // used for PersistentVolumes that are not yet bound - // Available volumes are held by the binder and matched to PersistentVolumeClaims - VolumeAvailable PersistentVolumePhase = "Available" - // used for PersistentVolumes that are bound - VolumeBound PersistentVolumePhase = "Bound" - // used for PersistentVolumes where the bound PersistentVolumeClaim was deleted - // released volumes must be recycled before becoming available again - // this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource - VolumeReleased PersistentVolumePhase = "Released" - // used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim - VolumeFailed PersistentVolumePhase = "Failed" -) - -// PersistentVolumeClaimPhase defines the phase of PV claim -type PersistentVolumeClaimPhase string - -// These are the valid value for PersistentVolumeClaimPhase -const ( - // used for PersistentVolumeClaims that are not yet bound - ClaimPending PersistentVolumeClaimPhase = "Pending" - // used for PersistentVolumeClaims that are bound - ClaimBound PersistentVolumeClaimPhase = "Bound" - // used for PersistentVolumeClaims that lost their underlying - // PersistentVolume. The claim was bound to a PersistentVolume and this - // volume does not exist any longer and all data on it was lost. - ClaimLost PersistentVolumeClaimPhase = "Lost" -) - -// HostPathType defines the type of host path for PV -type HostPathType string - -// These are the valid values for HostPathType -const ( - // For backwards compatible, leave it empty if unset - HostPathUnset HostPathType = "" - // If nothing exists at the given path, an empty directory will be created there - // as needed with file mode 0755, having the same group and ownership with Kubelet. - HostPathDirectoryOrCreate HostPathType = "DirectoryOrCreate" - // A directory must exist at the given path - HostPathDirectory HostPathType = "Directory" - // If nothing exists at the given path, an empty file will be created there - // as needed with file mode 0644, having the same group and ownership with Kubelet. - HostPathFileOrCreate HostPathType = "FileOrCreate" - // A file must exist at the given path - HostPathFile HostPathType = "File" - // A UNIX socket must exist at the given path - HostPathSocket HostPathType = "Socket" - // A character device must exist at the given path - HostPathCharDev HostPathType = "CharDevice" - // A block device must exist at the given path - HostPathBlockDev HostPathType = "BlockDevice" -) - -// HostPathVolumeSource represents a host path mapped into a pod. -// Host path volumes do not support ownership management or SELinux relabeling. -type HostPathVolumeSource struct { - // If the path is a symlink, it will follow the link to the real path. - Path string - // Defaults to "" - Type *HostPathType -} - -// EmptyDirVolumeSource represents an empty directory for a pod. -// Empty directory volumes support ownership management and SELinux relabeling. -type EmptyDirVolumeSource struct { - // TODO: Longer term we want to represent the selection of underlying - // media more like a scheduling problem - user says what traits they - // need, we give them a backing store that satisfies that. For now - // this will cover the most common needs. - // Optional: what type of storage medium should back this directory. - // The default is "" which means to use the node's default medium. - // +optional - Medium StorageMedium - // Total amount of local storage required for this EmptyDir volume. - // The size limit is also applicable for memory medium. - // The maximum usage on memory medium EmptyDir would be the minimum value between - // the SizeLimit specified here and the sum of memory limits of all containers in a pod. - // The default is nil which means that the limit is undefined. - // More info: http://kubernetes.io/docs/user-guide/volumes#emptydir - // +optional - SizeLimit *resource.Quantity -} - -// StorageMedium defines ways that storage can be allocated to a volume. -type StorageMedium string - -// These are the valid value for StorageMedium -const ( - StorageMediumDefault StorageMedium = "" // use whatever the default is for the node - StorageMediumMemory StorageMedium = "Memory" // use memory (tmpfs) - StorageMediumHugePages StorageMedium = "HugePages" // use hugepages - StorageMediumHugePagesPrefix StorageMedium = "HugePages-" // prefix for full medium notation HugePages-<size> -) - -// Protocol defines network protocols supported for things like container ports. -type Protocol string - -const ( - // ProtocolTCP is the TCP protocol. - ProtocolTCP Protocol = "TCP" - // ProtocolUDP is the UDP protocol. - ProtocolUDP Protocol = "UDP" - // ProtocolSCTP is the SCTP protocol. - ProtocolSCTP Protocol = "SCTP" -) - -// GCEPersistentDiskVolumeSource represents a Persistent Disk resource in Google Compute Engine. -// -// A GCE PD must exist before mounting to a container. The disk must -// also be in the same GCE project and zone as the kubelet. A GCE PD -// can only be mounted as read/write once or read-only many times. GCE -// PDs support ownership management and SELinux relabeling. -type GCEPersistentDiskVolumeSource struct { - // Unique name of the PD resource. Used to identify the disk in GCE - PDName string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - FSType string - // Optional: Partition on the disk to mount. - // If omitted, kubelet will attempt to mount the device name. - // Ex. For /dev/sda1, this field is "1", for /dev/sda, this field is 0 or empty. - // +optional - Partition int32 - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// ISCSIVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -type ISCSIVolumeSource struct { - // Required: iSCSI target portal - // the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260) - // +optional - TargetPortal string - // Required: target iSCSI Qualified Name - // +optional - IQN string - // Required: iSCSI target lun number - // +optional - Lun int32 - // Optional: Defaults to 'default' (tcp). iSCSI interface name that uses an iSCSI transport. - // +optional - ISCSIInterface string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - FSType string - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // Optional: list of iSCSI target portal ips for high availability. - // the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260) - // +optional - Portals []string - // Optional: whether support iSCSI Discovery CHAP authentication - // +optional - DiscoveryCHAPAuth bool - // Optional: whether support iSCSI Session CHAP authentication - // +optional - SessionCHAPAuth bool - // Optional: CHAP secret for iSCSI target and initiator authentication. - // The secret is used if either DiscoveryCHAPAuth or SessionCHAPAuth is true - // +optional - SecretRef *LocalObjectReference - // Optional: Custom initiator name per volume. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // <target portal>:<volume name> will be created for the connection. - // +optional - InitiatorName *string -} - -// ISCSIPersistentVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -type ISCSIPersistentVolumeSource struct { - // Required: iSCSI target portal - // the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260) - // +optional - TargetPortal string - // Required: target iSCSI Qualified Name - // +optional - IQN string - // Required: iSCSI target lun number - // +optional - Lun int32 - // Optional: Defaults to 'default' (tcp). iSCSI interface name that uses an iSCSI transport. - // +optional - ISCSIInterface string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - FSType string - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // Optional: list of iSCSI target portal ips for high availability. - // the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260) - // +optional - Portals []string - // Optional: whether support iSCSI Discovery CHAP authentication - // +optional - DiscoveryCHAPAuth bool - // Optional: whether support iSCSI Session CHAP authentication - // +optional - SessionCHAPAuth bool - // Optional: CHAP secret for iSCSI target and initiator authentication. - // The secret is used if either DiscoveryCHAPAuth or SessionCHAPAuth is true - // +optional - SecretRef *SecretReference - // Optional: Custom initiator name per volume. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // <target portal>:<volume name> will be created for the connection. - // +optional - InitiatorName *string -} - -// FCVolumeSource represents a Fibre Channel volume. -// Fibre Channel volumes can only be mounted as read/write once. -// Fibre Channel volumes support ownership management and SELinux relabeling. -type FCVolumeSource struct { - // Optional: FC target worldwide names (WWNs) - // +optional - TargetWWNs []string - // Optional: FC target lun number - // +optional - Lun *int32 - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - FSType string - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // Optional: FC volume World Wide Identifiers (WWIDs) - // Either WWIDs or TargetWWNs and Lun must be set, but not both simultaneously. - // +optional - WWIDs []string -} - -// FlexPersistentVolumeSource represents a generic persistent volume resource that is -// provisioned/attached using an exec based plugin. -type FlexPersistentVolumeSource struct { - // Driver is the name of the driver to use for this volume. - Driver string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - FSType string - // Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - SecretRef *SecretReference - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // Optional: Extra driver options if any. - // +optional - Options map[string]string -} - -// FlexVolumeSource represents a generic volume resource that is -// provisioned/attached using an exec based plugin. -type FlexVolumeSource struct { - // Driver is the name of the driver to use for this volume. - Driver string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - FSType string - // Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - SecretRef *LocalObjectReference - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // Optional: Extra driver options if any. - // +optional - Options map[string]string -} - -// AWSElasticBlockStoreVolumeSource represents a Persistent Disk resource in AWS. -// -// An AWS EBS disk must exist before mounting to a container. The disk -// must also be in the same AWS zone as the kubelet. An AWS EBS disk -// can only be mounted as read/write once. AWS EBS volumes support -// ownership management and SELinux relabeling. -type AWSElasticBlockStoreVolumeSource struct { - // Unique id of the persistent disk resource. Used to identify the disk in AWS - VolumeID string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - FSType string - // Optional: Partition on the disk to mount. - // If omitted, kubelet will attempt to mount the device name. - // Ex. For /dev/sda1, this field is "1", for /dev/sda, this field is 0 or empty. - // +optional - Partition int32 - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// GitRepoVolumeSource represents a volume that is populated with the contents of a git repository. -// Git repo volumes do not support ownership management. -// Git repo volumes support SELinux relabeling. -// -// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -// into the Pod's container. -type GitRepoVolumeSource struct { - // Repository URL - Repository string - // Commit hash, this is optional - // +optional - Revision string - // Clone target, this is optional - // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - // git repository. Otherwise, if specified, the volume will contain the git repository in - // the subdirectory with the given name. - // +optional - Directory string - // TODO: Consider credentials here. -} - -// SecretVolumeSource adapts a Secret into a volume. -// -// The contents of the target Secret's Data field will be presented in a volume -// as files using the keys in the Data field as the file names. -// Secret volumes support ownership management and SELinux relabeling. -type SecretVolumeSource struct { - // Name of the secret in the pod's namespace to use. - // +optional - SecretName string - // If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - Items []KeyToPath - // Mode bits to use on created files by default. Must be a value between - // 0 and 0777. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - DefaultMode *int32 - // Specify whether the Secret or its key must be defined - // +optional - Optional *bool -} - -// SecretProjection adapts a secret into a projected volume. -// -// The contents of the target Secret's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names. -// Note that this is identical to a secret volume source without the default -// mode. -type SecretProjection struct { - LocalObjectReference - // If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - Items []KeyToPath - // Specify whether the Secret or its key must be defined - // +optional - Optional *bool -} - -// NFSVolumeSource represents an NFS mount that lasts the lifetime of a pod. -// NFS volumes do not support ownership management or SELinux relabeling. -type NFSVolumeSource struct { - // Server is the hostname or IP address of the NFS server - Server string - - // Path is the exported NFS share - Path string - - // Optional: Defaults to false (read/write). ReadOnly here will force - // the NFS export to be mounted with read-only permissions - // +optional - ReadOnly bool -} - -// QuobyteVolumeSource represents a Quobyte mount that lasts the lifetime of a pod. -// Quobyte volumes do not support ownership management or SELinux relabeling. -type QuobyteVolumeSource struct { - // Registry represents a single or multiple Quobyte Registry services - // specified as a string as host:port pair (multiple entries are separated with commas) - // which acts as the central registry for volumes - Registry string - - // Volume is a string that references an already created Quobyte volume by name. - Volume string - - // Defaults to false (read/write). ReadOnly here will force - // the Quobyte to be mounted with read-only permissions - // +optional - ReadOnly bool - - // User to map volume access to - // Defaults to the root user - // +optional - User string - - // Group to map volume access to - // Default is no group - // +optional - Group string - - // Tenant owning the given Quobyte volume in the Backend - // Used with dynamically provisioned Quobyte volumes, value is set by the plugin - // +optional - Tenant string -} - -// GlusterfsVolumeSource represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -type GlusterfsVolumeSource struct { - // Required: EndpointsName is the endpoint name that details Glusterfs topology - EndpointsName string - - // Required: Path is the Glusterfs volume path - Path string - - // Optional: Defaults to false (read/write). ReadOnly here will force - // the Glusterfs to be mounted with read-only permissions - // +optional - ReadOnly bool -} - -// GlusterfsPersistentVolumeSource represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -type GlusterfsPersistentVolumeSource struct { - // EndpointsName is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - EndpointsName string - - // Path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - Path string - - // ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - ReadOnly bool - - // EndpointsNamespace is the namespace that contains Glusterfs endpoint. - // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - EndpointsNamespace *string -} - -// RBDVolumeSource represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -type RBDVolumeSource struct { - // Required: CephMonitors is a collection of Ceph monitors - CephMonitors []string - // Required: RBDImage is the rados image name - RBDImage string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - FSType string - // Optional: RadosPool is the rados pool name,default is rbd - // +optional - RBDPool string - // Optional: RBDUser is the rados user name, default is admin - // +optional - RadosUser string - // Optional: Keyring is the path to key ring for RBDUser, default is /etc/ceph/keyring - // +optional - Keyring string - // Optional: SecretRef is name of the authentication secret for RBDUser, default is nil. - // +optional - SecretRef *LocalObjectReference - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// RBDPersistentVolumeSource represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -type RBDPersistentVolumeSource struct { - // Required: CephMonitors is a collection of Ceph monitors - CephMonitors []string - // Required: RBDImage is the rados image name - RBDImage string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - FSType string - // Optional: RadosPool is the rados pool name,default is rbd - // +optional - RBDPool string - // Optional: RBDUser is the rados user name, default is admin - // +optional - RadosUser string - // Optional: Keyring is the path to key ring for RBDUser, default is /etc/ceph/keyring - // +optional - Keyring string - // Optional: SecretRef is reference to the authentication secret for User, default is empty. - // +optional - SecretRef *SecretReference - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// CinderVolumeSource represents a cinder volume resource in Openstack. A Cinder volume -// must exist before mounting to a container. The volume must also be -// in the same region as the kubelet. Cinder volumes support ownership -// management and SELinux relabeling. -type CinderVolumeSource struct { - // Unique id of the volume used to identify the cinder volume. - VolumeID string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - FSType string - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - SecretRef *LocalObjectReference -} - -// CinderPersistentVolumeSource represents a cinder volume resource in Openstack. A Cinder volume -// must exist before mounting to a container. The volume must also be -// in the same region as the kubelet. Cinder volumes support ownership -// management and SELinux relabeling. -type CinderPersistentVolumeSource struct { - // Unique id of the volume used to identify the cinder volume. - VolumeID string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - FSType string - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - SecretRef *SecretReference -} - -// CephFSVolumeSource represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -type CephFSVolumeSource struct { - // Required: Monitors is a collection of Ceph monitors - Monitors []string - // Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - Path string - // Optional: User is the rados user name, default is admin - // +optional - User string - // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // +optional - SecretFile string - // Optional: SecretRef is reference to the authentication secret for User, default is empty. - // +optional - SecretRef *LocalObjectReference - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// SecretReference represents a Secret Reference. It has enough information to retrieve secret -// in any namespace -type SecretReference struct { - // Name is unique within a namespace to reference a secret resource. - // +optional - Name string - // Namespace defines the space within which the secret name must be unique. - // +optional - Namespace string -} - -// CephFSPersistentVolumeSource represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -type CephFSPersistentVolumeSource struct { - // Required: Monitors is a collection of Ceph monitors - Monitors []string - // Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - Path string - // Optional: User is the rados user name, default is admin - // +optional - User string - // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // +optional - SecretFile string - // Optional: SecretRef is reference to the authentication secret for User, default is empty. - // +optional - SecretRef *SecretReference - // Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// FlockerVolumeSource represents a Flocker volume mounted by the Flocker agent. -// One and only one of datasetName and datasetUUID should be set. -// Flocker volumes do not support ownership management or SELinux relabeling. -type FlockerVolumeSource struct { - // Name of the dataset stored as metadata -> name on the dataset for Flocker - // should be considered as deprecated - // +optional - DatasetName string - // UUID of the dataset. This is unique identifier of a Flocker dataset - // +optional - DatasetUUID string -} - -// DownwardAPIVolumeSource represents a volume containing downward API info. -// Downward API volumes support ownership management and SELinux relabeling. -type DownwardAPIVolumeSource struct { - // Items is a list of DownwardAPIVolume file - // +optional - Items []DownwardAPIVolumeFile - // Mode bits to use on created files by default. Must be a value between - // 0 and 0777. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - DefaultMode *int32 -} - -// DownwardAPIVolumeFile represents a single file containing information from the downward API -type DownwardAPIVolumeFile struct { - // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - Path string - // Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. - // +optional - FieldRef *ObjectFieldSelector - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - // +optional - ResourceFieldRef *ResourceFieldSelector - // Optional: mode bits to use on this file, must be a value between 0 - // and 0777. If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - Mode *int32 -} - -// DownwardAPIProjection represents downward API info for projecting into a projected volume. -// Note that this is identical to a downwardAPI volume source without the default -// mode. -type DownwardAPIProjection struct { - // Items is a list of DownwardAPIVolume file - // +optional - Items []DownwardAPIVolumeFile -} - -// AzureFileVolumeSource azureFile represents an Azure File Service mount on the host and bind mount to the pod. -type AzureFileVolumeSource struct { - // the name of secret that contains Azure Storage Account Name and Key - SecretName string - // Share Name - ShareName string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// AzureFilePersistentVolumeSource represents an Azure File Service mount on the host and bind mount to the pod. -type AzureFilePersistentVolumeSource struct { - // the name of secret that contains Azure Storage Account Name and Key - SecretName string - // Share Name - ShareName string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // the namespace of the secret that contains Azure Storage Account Name and Key - // default is the same as the Pod - // +optional - SecretNamespace *string -} - -// VsphereVirtualDiskVolumeSource represents a vSphere volume resource. -type VsphereVirtualDiskVolumeSource struct { - // Path that identifies vSphere volume vmdk - VolumePath string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - FSType string - // Storage Policy Based Management (SPBM) profile name. - // +optional - StoragePolicyName string - // Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - // +optional - StoragePolicyID string -} - -// PhotonPersistentDiskVolumeSource represents a Photon Controller persistent disk resource. -type PhotonPersistentDiskVolumeSource struct { - // ID that identifies Photon Controller persistent disk - PdID string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - FSType string -} - -// PortworxVolumeSource represents a Portworx volume resource. -type PortworxVolumeSource struct { - // VolumeID uniquely identifies a Portworx volume - VolumeID string - // FSType represents the filesystem type to mount - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - FSType string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// AzureDataDiskCachingMode defines the caching mode for Azure data disk -type AzureDataDiskCachingMode string - -// AzureDataDiskKind defines the kind of Azure data disk -type AzureDataDiskKind string - -// Defines cache mode and kinds for Azure data disk -const ( - AzureDataDiskCachingNone AzureDataDiskCachingMode = "None" - AzureDataDiskCachingReadOnly AzureDataDiskCachingMode = "ReadOnly" - AzureDataDiskCachingReadWrite AzureDataDiskCachingMode = "ReadWrite" - - AzureSharedBlobDisk AzureDataDiskKind = "Shared" - AzureDedicatedBlobDisk AzureDataDiskKind = "Dedicated" - AzureManagedDisk AzureDataDiskKind = "Managed" -) - -// AzureDiskVolumeSource represents an Azure Data Disk mount on the host and bind mount to the pod. -type AzureDiskVolumeSource struct { - // The Name of the data disk in the blob storage - DiskName string - // The URI of the data disk in the blob storage - DataDiskURI string - // Host Caching mode: None, Read Only, Read Write. - // +optional - CachingMode *AzureDataDiskCachingMode - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - FSType *string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly *bool - // Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - Kind *AzureDataDiskKind -} - -// ScaleIOVolumeSource represents a persistent ScaleIO volume -type ScaleIOVolumeSource struct { - // The host address of the ScaleIO API Gateway. - Gateway string - // The name of the storage system as configured in ScaleIO. - System string - // SecretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - SecretRef *LocalObjectReference - // Flag to enable/disable SSL communication with Gateway, default false - // +optional - SSLEnabled bool - // The name of the ScaleIO Protection Domain for the configured storage. - // +optional - ProtectionDomain string - // The ScaleIO Storage Pool associated with the protection domain. - // +optional - StoragePool string - // Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - StorageMode string - // The name of a volume already created in the ScaleIO system - // that is associated with this volume source. - VolumeName string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - FSType string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume that can be defined -// by a an admin via a storage class, for instance. -type ScaleIOPersistentVolumeSource struct { - // The host address of the ScaleIO API Gateway. - Gateway string - // The name of the storage system as configured in ScaleIO. - System string - // SecretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - SecretRef *SecretReference - // Flag to enable/disable SSL communication with Gateway, default false - // +optional - SSLEnabled bool - // The name of the ScaleIO Protection Domain for the configured storage. - // +optional - ProtectionDomain string - // The ScaleIO Storage Pool associated with the protection domain. - // +optional - StoragePool string - // Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - StorageMode string - // The name of a volume created in the ScaleIO system - // that is associated with this volume source. - VolumeName string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - FSType string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool -} - -// StorageOSVolumeSource represents a StorageOS persistent volume resource. -type StorageOSVolumeSource struct { - // VolumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - VolumeName string - // VolumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - VolumeNamespace string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - FSType string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // SecretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - SecretRef *LocalObjectReference -} - -// StorageOSPersistentVolumeSource represents a StorageOS persistent volume resource. -type StorageOSPersistentVolumeSource struct { - // VolumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - VolumeName string - // VolumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - VolumeNamespace string - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - FSType string - // Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - ReadOnly bool - // SecretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - SecretRef *ObjectReference -} - -// ConfigMapVolumeSource adapts a ConfigMap into a volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// volume as files using the keys in the Data field as the file names, unless -// the items element is populated with specific mappings of keys to paths. -// ConfigMap volumes support ownership management and SELinux relabeling. -type ConfigMapVolumeSource struct { - LocalObjectReference - // If unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - Items []KeyToPath - // Mode bits to use on created files by default. Must be a value between - // 0 and 0777. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - DefaultMode *int32 - // Specify whether the ConfigMap or its keys must be defined - // +optional - Optional *bool -} - -// ConfigMapProjection adapts a ConfigMap into a projected volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names, -// unless the items element is populated with specific mappings of keys to paths. -// Note that this is identical to a configmap volume source without the default -// mode. -type ConfigMapProjection struct { - LocalObjectReference - // If unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - Items []KeyToPath - // Specify whether the ConfigMap or its keys must be defined - // +optional - Optional *bool -} - -// ServiceAccountTokenProjection represents a projected service account token -// volume. This projection can be used to insert a service account token into -// the pods runtime filesystem for use against APIs (Kubernetes API Server or -// otherwise). -type ServiceAccountTokenProjection struct { - // Audience is the intended audience of the token. A recipient of a token - // must identify itself with an identifier specified in the audience of the - // token, and otherwise should reject the token. The audience defaults to the - // identifier of the apiserver. - Audience string - // ExpirationSeconds is the requested duration of validity of the service - // account token. As the token approaches expiration, the kubelet volume - // plugin will proactively rotate the service account token. The kubelet will - // start trying to rotate the token if the token is older than 80 percent of - // its time to live or if the token is older than 24 hours.Defaults to 1 hour - // and must be at least 10 minutes. - ExpirationSeconds int64 - // Path is the path relative to the mount point of the file to project the - // token into. - Path string -} - -// ProjectedVolumeSource represents a projected volume source -type ProjectedVolumeSource struct { - // list of volume projections - Sources []VolumeProjection - // Mode bits to use on created files by default. Must be a value between - // 0 and 0777. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - DefaultMode *int32 -} - -// VolumeProjection that may be projected along with other supported volume types -type VolumeProjection struct { - // all types below are the supported types for projection into the same volume - - // information about the secret data to project - Secret *SecretProjection - // information about the downwardAPI data to project - DownwardAPI *DownwardAPIProjection - // information about the configMap data to project - ConfigMap *ConfigMapProjection - // information about the serviceAccountToken data to project - ServiceAccountToken *ServiceAccountTokenProjection -} - -// KeyToPath maps a string key to a path within a volume. -type KeyToPath struct { - // The key to project. - Key string - - // The relative path of the file to map the key to. - // May not be an absolute path. - // May not contain the path element '..'. - // May not start with the string '..'. - Path string - // Optional: mode bits to use on this file, should be a value between 0 - // and 0777. If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - Mode *int32 -} - -// LocalVolumeSource represents directly-attached storage with node affinity (Beta feature) -type LocalVolumeSource struct { - // The full path to the volume on the node. - // It can be either a directory or block device (disk, partition, ...). - Path string - - // Filesystem type to mount. - // It applies only when the Path is a block device. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. - // +optional - FSType *string -} - -// CSIPersistentVolumeSource represents storage that is managed by an external CSI volume driver. -type CSIPersistentVolumeSource struct { - // Driver is the name of the driver to use for this volume. - // Required. - Driver string - - // VolumeHandle is the unique volume name returned by the CSI volume - // plugin’s CreateVolume to refer to the volume on all subsequent calls. - // Required. - VolumeHandle string - - // Optional: The value to pass to ControllerPublishVolumeRequest. - // Defaults to false (read/write). - // +optional - ReadOnly bool - - // Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // +optional - FSType string - - // Attributes of the volume to publish. - // +optional - VolumeAttributes map[string]string - - // ControllerPublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerPublishVolume and ControllerUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - ControllerPublishSecretRef *SecretReference - - // NodeStageSecretRef is a reference to the secret object containing sensitive - // information to pass to the CSI driver to complete the CSI NodeStageVolume - // and NodeStageVolume and NodeUnstageVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - NodeStageSecretRef *SecretReference - - // NodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - NodePublishSecretRef *SecretReference - - // ControllerExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerExpandVolume call. - // This is an beta field and requires enabling ExpandCSIVolumes feature gate. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - ControllerExpandSecretRef *SecretReference - - // NodeExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodeExpandVolume call. - // This is an alpha field and requires enabling CSINodeExpandSecret feature gate. - // This field is optional, may be omitted if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - NodeExpandSecretRef *SecretReference -} - -// CSIVolumeSource represents a source location of a volume to mount, managed by an external CSI driver -type CSIVolumeSource struct { - // Driver is the name of the CSI driver that handles this volume. - // Consult with your admin for the correct name as registered in the cluster. - // Required. - Driver string - - // Specifies a read-only configuration for the volume. - // Defaults to false (read/write). - // +optional - ReadOnly *bool - - // Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". - // If not provided, the empty value is passed to the associated CSI driver - // which will determine the default filesystem to apply. - // +optional - FSType *string - - // VolumeAttributes stores driver-specific properties that are passed to the CSI - // driver. Consult your driver's documentation for supported values. - // +optional - VolumeAttributes map[string]string - - // NodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secret references are passed. - // +optional - NodePublishSecretRef *LocalObjectReference -} - -// EphemeralVolumeSource represents an ephemeral volume that is handled by a normal storage driver. -type EphemeralVolumeSource struct { - // VolumeClaimTemplate will be used to create a stand-alone PVC to provision the volume. - // The pod in which this EphemeralVolumeSource is embedded will be the - // owner of the PVC, i.e. the PVC will be deleted together with the - // pod. The name of the PVC will be `<pod name>-<volume name>` where - // `<volume name>` is the name from the `PodSpec.Volumes` array - // entry. Pod validation will reject the pod if the concatenated name - // is not valid for a PVC (for example, too long). - // - // An existing PVC with that name that is not owned by the pod - // will *not* be used for the pod to avoid using an unrelated - // volume by mistake. Starting the pod is then blocked until - // the unrelated PVC is removed. If such a pre-created PVC is - // meant to be used by the pod, the PVC has to updated with an - // owner reference to the pod once the pod exists. Normally - // this should not be necessary, but it may be useful when - // manually reconstructing a broken cluster. - // - // This field is read-only and no changes will be made by Kubernetes - // to the PVC after it has been created. - // - // Required, must not be nil. - VolumeClaimTemplate *PersistentVolumeClaimTemplate -} - -// PersistentVolumeClaimTemplate is used to produce -// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. -type PersistentVolumeClaimTemplate struct { - // ObjectMeta may contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // +optional - metav1.ObjectMeta - - // Spec for the PersistentVolumeClaim. The entire content is - // copied unchanged into the PVC that gets created from this - // template. The same fields as in a PersistentVolumeClaim - // are also valid here. - Spec PersistentVolumeClaimSpec -} - -// ContainerPort represents a network port in a single container -type ContainerPort struct { - // Optional: If specified, this must be an IANA_SVC_NAME Each named port - // in a pod must have a unique name. - // +optional - Name string - // Optional: If specified, this must be a valid port number, 0 < x < 65536. - // If HostNetwork is specified, this must match ContainerPort. - // +optional - HostPort int32 - // Required: This must be a valid port number, 0 < x < 65536. - ContainerPort int32 - // Required: Supports "TCP", "UDP" and "SCTP" - // +optional - Protocol Protocol - // Optional: What host IP to bind the external port to. - // +optional - HostIP string -} - -// VolumeMount describes a mounting of a Volume within a container. -type VolumeMount struct { - // Required: This must match the Name of a Volume [above]. - Name string - // Optional: Defaults to false (read-write). - // +optional - ReadOnly bool - // Required. If the path is not an absolute path (e.g. some/path) it - // will be prepended with the appropriate root prefix for the operating - // system. On Linux this is '/', on Windows this is 'C:\'. - MountPath string - // Path within the volume from which the container's volume should be mounted. - // Defaults to "" (volume's root). - // +optional - SubPath string - // mountPropagation determines how mounts are propagated from the host - // to container and the other way around. - // When not set, MountPropagationNone is used. - // This field is beta in 1.10. - // +optional - MountPropagation *MountPropagationMode - // Expanded path within the volume from which the container's volume should be mounted. - // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - // Defaults to "" (volume's root). - // SubPathExpr and SubPath are mutually exclusive. - // +optional - SubPathExpr string -} - -// MountPropagationMode describes mount propagation. -type MountPropagationMode string - -const ( - // MountPropagationNone means that the volume in a container will - // not receive new mounts from the host or other containers, and filesystems - // mounted inside the container won't be propagated to the host or other - // containers. - // Note that this mode corresponds to "private" in Linux terminology. - MountPropagationNone MountPropagationMode = "None" - // MountPropagationHostToContainer means that the volume in a container will - // receive new mounts from the host or other containers, but filesystems - // mounted inside the container won't be propagated to the host or other - // containers. - // Note that this mode is recursively applied to all mounts in the volume - // ("rslave" in Linux terminology). - MountPropagationHostToContainer MountPropagationMode = "HostToContainer" - // MountPropagationBidirectional means that the volume in a container will - // receive new mounts from the host or other containers, and its own mounts - // will be propagated from the container to the host or other containers. - // Note that this mode is recursively applied to all mounts in the volume - // ("rshared" in Linux terminology). - MountPropagationBidirectional MountPropagationMode = "Bidirectional" -) - -// VolumeDevice describes a mapping of a raw block device within a container. -type VolumeDevice struct { - // name must match the name of a persistentVolumeClaim in the pod - Name string - // devicePath is the path inside of the container that the device will be mapped to. - DevicePath string -} - -// EnvVar represents an environment variable present in a Container. -type EnvVar struct { - // Required: This must be a C_IDENTIFIER. - Name string - // Optional: no more than one of the following may be specified. - // Optional: Defaults to ""; variable references $(VAR_NAME) are expanded - // using the previously defined environment variables in the container and - // any service environment variables. If a variable cannot be resolved, - // the reference in the input string will be unchanged. Double $$ are - // reduced to a single $, which allows for escaping the $(VAR_NAME) - // syntax: i.e. "$$(VAR_NAME)" will produce the string literal - // "$(VAR_NAME)". Escaped references will never be expanded, - // regardless of whether the variable exists or not. - // +optional - Value string - // Optional: Specifies a source the value of this var should come from. - // +optional - ValueFrom *EnvVarSource -} - -// EnvVarSource represents a source for the value of an EnvVar. -// Only one of its fields may be set. -type EnvVarSource struct { - // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, - // metadata.uid, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - // +optional - FieldRef *ObjectFieldSelector - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - // +optional - ResourceFieldRef *ResourceFieldSelector - // Selects a key of a ConfigMap. - // +optional - ConfigMapKeyRef *ConfigMapKeySelector - // Selects a key of a secret in the pod's namespace. - // +optional - SecretKeyRef *SecretKeySelector -} - -// ObjectFieldSelector selects an APIVersioned field of an object. -type ObjectFieldSelector struct { - // Required: Version of the schema the FieldPath is written in terms of. - // If no value is specified, it will be defaulted to the APIVersion of the - // enclosing object. - APIVersion string - // Required: Path of the field to select in the specified API version - FieldPath string -} - -// ResourceFieldSelector represents container resources (cpu, memory) and their output format -type ResourceFieldSelector struct { - // Container name: required for volumes, optional for env vars - // +optional - ContainerName string - // Required: resource to select - Resource string - // Specifies the output format of the exposed resources, defaults to "1" - // +optional - Divisor resource.Quantity -} - -// ConfigMapKeySelector selects a key from a ConfigMap. -type ConfigMapKeySelector struct { - // The ConfigMap to select from. - LocalObjectReference - // The key to select. - Key string - // Specify whether the ConfigMap or its key must be defined - // +optional - Optional *bool -} - -// SecretKeySelector selects a key of a Secret. -type SecretKeySelector struct { - // The name of the secret in the pod's namespace to select from. - LocalObjectReference - // The key of the secret to select from. Must be a valid secret key. - Key string - // Specify whether the Secret or its key must be defined - // +optional - Optional *bool -} - -// EnvFromSource represents the source of a set of ConfigMaps -type EnvFromSource struct { - // An optional identifier to prepend to each key in the ConfigMap. - // +optional - Prefix string - // The ConfigMap to select from. - // +optional - ConfigMapRef *ConfigMapEnvSource - // The Secret to select from. - // +optional - SecretRef *SecretEnvSource -} - -// ConfigMapEnvSource selects a ConfigMap to populate the environment -// variables with. -// -// The contents of the target ConfigMap's Data field will represent the -// key-value pairs as environment variables. -type ConfigMapEnvSource struct { - // The ConfigMap to select from. - LocalObjectReference - // Specify whether the ConfigMap must be defined - // +optional - Optional *bool -} - -// SecretEnvSource selects a Secret to populate the environment -// variables with. -// -// The contents of the target Secret's Data field will represent the -// key-value pairs as environment variables. -type SecretEnvSource struct { - // The Secret to select from. - LocalObjectReference - // Specify whether the Secret must be defined - // +optional - Optional *bool -} - -// HTTPHeader describes a custom header to be used in HTTP probes -type HTTPHeader struct { - // The header field name - Name string - // The header field value - Value string -} - -// HTTPGetAction describes an action based on HTTP Get requests. -type HTTPGetAction struct { - // Optional: Path to access on the HTTP server. - // +optional - Path string - // Required: Name or number of the port to access on the container. - // +optional - Port intstr.IntOrString - // Optional: Host name to connect to, defaults to the pod IP. You - // probably want to set "Host" in httpHeaders instead. - // +optional - Host string - // Optional: Scheme to use for connecting to the host, defaults to HTTP. - // +optional - Scheme URIScheme - // Optional: Custom headers to set in the request. HTTP allows repeated headers. - // +optional - HTTPHeaders []HTTPHeader -} - -// URIScheme identifies the scheme used for connection to a host for Get actions -type URIScheme string - -const ( - // URISchemeHTTP means that the scheme used will be http:// - URISchemeHTTP URIScheme = "HTTP" - // URISchemeHTTPS means that the scheme used will be https:// - URISchemeHTTPS URIScheme = "HTTPS" -) - -// TCPSocketAction describes an action based on opening a socket -type TCPSocketAction struct { - // Required: Port to connect to. - // +optional - Port intstr.IntOrString - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - Host string -} - -// ExecAction describes a "run in container" action. -type ExecAction struct { - // Command is the command line to execute inside the container, the working directory for the - // command is root ('/') in the container's filesystem. The command is simply exec'd, it is - // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - // a shell, you need to explicitly call out to that shell. - // +optional - Command []string -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -type Probe struct { - // The action taken to determine the health of a container - ProbeHandler - // Length of time before health checking is activated. In seconds. - // +optional - InitialDelaySeconds int32 - // Length of time before health checking times out. In seconds. - // +optional - TimeoutSeconds int32 - // How often (in seconds) to perform the probe. - // +optional - PeriodSeconds int32 - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Must be 1 for liveness and startup. - // +optional - SuccessThreshold int32 - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // +optional - FailureThreshold int32 - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // +optional - TerminationGracePeriodSeconds *int64 -} - -// PullPolicy describes a policy for if/when to pull a container image -type PullPolicy string - -const ( - // PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. - PullAlways PullPolicy = "Always" - // PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present - PullNever PullPolicy = "Never" - // PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. - PullIfNotPresent PullPolicy = "IfNotPresent" -) - -// PreemptionPolicy describes a policy for if/when to preempt a pod. -type PreemptionPolicy string - -const ( - // PreemptLowerPriority means that pod can preempt other pods with lower priority. - PreemptLowerPriority PreemptionPolicy = "PreemptLowerPriority" - // PreemptNever means that pod never preempts other pods with lower priority. - PreemptNever PreemptionPolicy = "Never" -) - -// TerminationMessagePolicy describes how termination messages are retrieved from a container. -type TerminationMessagePolicy string - -const ( - // TerminationMessageReadFile is the default behavior and will set the container status message to - // the contents of the container's terminationMessagePath when the container exits. - TerminationMessageReadFile TerminationMessagePolicy = "File" - // TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs - // for the container status message when the container exits with an error and the - // terminationMessagePath has no contents. - TerminationMessageFallbackToLogsOnError TerminationMessagePolicy = "FallbackToLogsOnError" -) - -// Capability represent POSIX capabilities type -type Capability string - -// Capabilities represent POSIX capabilities that can be added or removed to a running container. -type Capabilities struct { - // Added capabilities - // +optional - Add []Capability - // Removed capabilities - // +optional - Drop []Capability -} - -// ResourceRequirements describes the compute resource requirements. -type ResourceRequirements struct { - // Limits describes the maximum amount of compute resources allowed. - // +optional - Limits ResourceList - // Requests describes the minimum amount of compute resources required. - // If Request is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value - // +optional - Requests ResourceList - // Claims lists the names of resources, defined in spec.resourceClaims, - // that are used by this container. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +featureGate=DynamicResourceAllocation - // +optional - Claims []ResourceClaim -} - -// ResourceClaim references one entry in PodSpec.ResourceClaims. -type ResourceClaim struct { - // Name must match the name of one entry in pod.spec.resourceClaims of - // the Pod where this field is used. It makes that resource available - // inside a container. - Name string -} - -// Container represents a single container that is expected to be run on the host. -type Container struct { - // Required: This must be a DNS_LABEL. Each container in a pod must - // have a unique name. - Name string - // Required. - Image string - // Optional: The container image's entrypoint is used if this is not provided; cannot be updated. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. - // +optional - Command []string - // Optional: The container image's cmd is used if this is not provided; cannot be updated. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. - // +optional - Args []string - // Optional: Defaults to the container runtime's default working directory. - // +optional - WorkingDir string - // +optional - Ports []ContainerPort - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - EnvFrom []EnvFromSource - // +optional - Env []EnvVar - // Compute resource requirements. - // +optional - Resources ResourceRequirements - // +optional - VolumeMounts []VolumeMount - // volumeDevices is the list of block devices to be used by the container. - // +optional - VolumeDevices []VolumeDevice - // +optional - LivenessProbe *Probe - // +optional - ReadinessProbe *Probe - // +optional - StartupProbe *Probe - // +optional - Lifecycle *Lifecycle - // Required. - // +optional - TerminationMessagePath string - // +optional - TerminationMessagePolicy TerminationMessagePolicy - // Required: Policy for pulling images for this container - ImagePullPolicy PullPolicy - // Optional: SecurityContext defines the security options the container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - SecurityContext *SecurityContext - - // Variables for interactive containers, these have very specialized use-cases (e.g. debugging) - // and shouldn't be used for general purpose containers. - // +optional - Stdin bool - // +optional - StdinOnce bool - // +optional - TTY bool -} - -// ProbeHandler defines a specific action that should be taken in a probe. -// One and only one of the fields must be specified. -type ProbeHandler struct { - // Exec specifies the action to take. - // +optional - Exec *ExecAction - // HTTPGet specifies the http request to perform. - // +optional - HTTPGet *HTTPGetAction - // TCPSocket specifies an action involving a TCP port. - // +optional - TCPSocket *TCPSocketAction - - // GRPC specifies an action involving a GRPC port. - // This is a beta field and requires enabling GRPCContainerProbe feature gate. - // +featureGate=GRPCContainerProbe - // +optional - GRPC *GRPCAction -} - -// LifecycleHandler defines a specific action that should be taken in a lifecycle -// hook. One and only one of the fields, except TCPSocket must be specified. -type LifecycleHandler struct { - // Exec specifies the action to take. - // +optional - Exec *ExecAction - // HTTPGet specifies the http request to perform. - // +optional - HTTPGet *HTTPGetAction - // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - // for the backward compatibility. There are no validation of this field and - // lifecycle hooks will fail in runtime when tcp handler is specified. - // +optional - TCPSocket *TCPSocketAction -} - -type GRPCAction struct { - // Port number of the gRPC service. - // Note: Number must be in the range 1 to 65535. - Port int32 - - // Service is the name of the service to place in the gRPC HealthCheckRequest - // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - // - // If this is not specified, the default behavior is to probe the server's overall health status. - // +optional - Service *string -} - -// Lifecycle describes actions that the management system should take in response to container lifecycle -// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -// until the action is complete, unless the container process fails, in which case the handler is aborted. -type Lifecycle struct { - // PostStart is called immediately after a container is created. If the handler fails, the container - // is terminated and restarted. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - PostStart *LifecycleHandler - // PreStop is called immediately before a container is terminated due to an - // API request or management event such as liveness/startup probe failure, - // preemption, resource contention, etc. The handler is not called if the - // container crashes or exits. The Pod's termination grace period countdown begins before the - // PreStop hook is executed. Regardless of the outcome of the handler, the - // container will eventually terminate within the Pod's termination grace - // period (unless delayed by finalizers). Other management of the container blocks until the hook completes - // or until the termination grace period is reached. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - PreStop *LifecycleHandler -} - -// The below types are used by kube_client and api_server. - -// ConditionStatus defines conditions of resources -type ConditionStatus string - -// These are valid condition statuses. "ConditionTrue" means a resource is in the condition; -// "ConditionFalse" means a resource is not in the condition; "ConditionUnknown" means kubernetes -// can't decide if a resource is in the condition or not. In the future, we could add other -// intermediate conditions, e.g. ConditionDegraded. -const ( - ConditionTrue ConditionStatus = "True" - ConditionFalse ConditionStatus = "False" - ConditionUnknown ConditionStatus = "Unknown" -) - -// ContainerStateWaiting represents the waiting state of a container -type ContainerStateWaiting struct { - // A brief CamelCase string indicating details about why the container is in waiting state. - // +optional - Reason string - // A human-readable message indicating details about why the container is in waiting state. - // +optional - Message string -} - -// ContainerStateRunning represents the running state of a container -type ContainerStateRunning struct { - // +optional - StartedAt metav1.Time -} - -// ContainerStateTerminated represents the terminated state of a container -type ContainerStateTerminated struct { - ExitCode int32 - // +optional - Signal int32 - // +optional - Reason string - // +optional - Message string - // +optional - StartedAt metav1.Time - // +optional - FinishedAt metav1.Time - // +optional - ContainerID string -} - -// ContainerState holds a possible state of container. -// Only one of its members may be specified. -// If none of them is specified, the default one is ContainerStateWaiting. -type ContainerState struct { - // +optional - Waiting *ContainerStateWaiting - // +optional - Running *ContainerStateRunning - // +optional - Terminated *ContainerStateTerminated -} - -// ContainerStatus represents the status of a container -type ContainerStatus struct { - // Each container in a pod must have a unique name. - Name string - // +optional - State ContainerState - // +optional - LastTerminationState ContainerState - // Ready specifies whether the container has passed its readiness check. - Ready bool - // Note that this is calculated from dead containers. But those containers are subject to - // garbage collection. This value will get capped at 5 by GC. - RestartCount int32 - Image string - ImageID string - // +optional - ContainerID string - Started *bool -} - -// PodPhase is a label for the condition of a pod at the current time. -type PodPhase string - -// These are the valid statuses of pods. -const ( - // PodPending means the pod has been accepted by the system, but one or more of the containers - // has not been started. This includes time before being bound to a node, as well as time spent - // pulling images onto the host. - PodPending PodPhase = "Pending" - // PodRunning means the pod has been bound to a node and all of the containers have been started. - // At least one container is still running or is in the process of being restarted. - PodRunning PodPhase = "Running" - // PodSucceeded means that all containers in the pod have voluntarily terminated - // with a container exit code of 0, and the system is not going to restart any of these containers. - PodSucceeded PodPhase = "Succeeded" - // PodFailed means that all containers in the pod have terminated, and at least one container has - // terminated in a failure (exited with a non-zero exit code or was stopped by the system). - PodFailed PodPhase = "Failed" - // PodUnknown means that for some reason the state of the pod could not be obtained, typically due - // to an error in communicating with the host of the pod. - // Deprecated in v1.21: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) - PodUnknown PodPhase = "Unknown" -) - -// PodConditionType defines the condition of pod -type PodConditionType string - -// These are valid conditions of pod. -const ( - // PodScheduled represents status of the scheduling process for this pod. - PodScheduled PodConditionType = "PodScheduled" - // PodReady means the pod is able to service requests and should be added to the - // load balancing pools of all matching services. - PodReady PodConditionType = "Ready" - // PodInitialized means that all init containers in the pod have started successfully. - PodInitialized PodConditionType = "Initialized" - // PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler - // can't schedule the pod right now, for example due to insufficient resources in the cluster. - PodReasonUnschedulable = "Unschedulable" - // PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler - // skips scheduling the pod because one or more scheduling gates are still present. - PodReasonSchedulingGated = "SchedulingGated" - // ContainersReady indicates whether all containers in the pod are ready. - ContainersReady PodConditionType = "ContainersReady" - // DisruptionTarget indicates the pod is about to be terminated due to a - // disruption (such as preemption, eviction API or garbage-collection). - DisruptionTarget PodConditionType = "DisruptionTarget" -) - -// PodCondition represents pod's condition -type PodCondition struct { - Type PodConditionType - Status ConditionStatus - // +optional - LastProbeTime metav1.Time - // +optional - LastTransitionTime metav1.Time - // +optional - Reason string - // +optional - Message string -} - -// RestartPolicy describes how the container should be restarted. -// Only one of the following restart policies may be specified. -// If none of the following policies is specified, the default one -// is RestartPolicyAlways. -type RestartPolicy string - -// These are valid restart policies -const ( - RestartPolicyAlways RestartPolicy = "Always" - RestartPolicyOnFailure RestartPolicy = "OnFailure" - RestartPolicyNever RestartPolicy = "Never" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodList is a list of Pods. -type PodList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Pod -} - -// DNSPolicy defines how a pod's DNS will be configured. -type DNSPolicy string - -const ( - // DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS - // first, if it is available, then fall back on the default - // (as determined by kubelet) DNS settings. - DNSClusterFirstWithHostNet DNSPolicy = "ClusterFirstWithHostNet" - - // DNSClusterFirst indicates that the pod should use cluster DNS - // first unless hostNetwork is true, if it is available, then - // fall back on the default (as determined by kubelet) DNS settings. - DNSClusterFirst DNSPolicy = "ClusterFirst" - - // DNSDefault indicates that the pod should use the default (as - // determined by kubelet) DNS settings. - DNSDefault DNSPolicy = "Default" - - // DNSNone indicates that the pod should use empty DNS settings. DNS - // parameters such as nameservers and search paths should be defined via - // DNSConfig. - DNSNone DNSPolicy = "None" -) - -// NodeSelector represents the union of the results of one or more label queries -// over a set of nodes; that is, it represents the OR of the selectors represented -// by the node selector terms. -type NodeSelector struct { - // Required. A list of node selector terms. The terms are ORed. - NodeSelectorTerms []NodeSelectorTerm -} - -// NodeSelectorTerm represents expressions and fields required to select nodes. -// A null or empty node selector term matches no objects. The requirements of -// them are ANDed. -// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -type NodeSelectorTerm struct { - // A list of node selector requirements by node's labels. - MatchExpressions []NodeSelectorRequirement - // A list of node selector requirements by node's fields. - MatchFields []NodeSelectorRequirement -} - -// NodeSelectorRequirement is a selector that contains values, a key, and an operator -// that relates the key and values. -type NodeSelectorRequirement struct { - // The label key that the selector applies to. - Key string - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - Operator NodeSelectorOperator - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, the values - // array must have a single element, which will be interpreted as an integer. - // This array is replaced during a strategic merge patch. - // +optional - Values []string -} - -// NodeSelectorOperator is the set of operators that can be used in -// a node selector requirement. -type NodeSelectorOperator string - -// These are valid values of NodeSelectorOperator -const ( - NodeSelectorOpIn NodeSelectorOperator = "In" - NodeSelectorOpNotIn NodeSelectorOperator = "NotIn" - NodeSelectorOpExists NodeSelectorOperator = "Exists" - NodeSelectorOpDoesNotExist NodeSelectorOperator = "DoesNotExist" - NodeSelectorOpGt NodeSelectorOperator = "Gt" - NodeSelectorOpLt NodeSelectorOperator = "Lt" -) - -// TopologySelectorTerm represents the result of label queries. -// A null or empty topology selector term matches no objects. -// The requirements of them are ANDed. -// It provides a subset of functionality as NodeSelectorTerm. -// This is an alpha feature and may change in the future. -type TopologySelectorTerm struct { - // A list of topology selector requirements by labels. - // +optional - MatchLabelExpressions []TopologySelectorLabelRequirement -} - -// TopologySelectorLabelRequirement is a selector that matches given label. -// This is an alpha feature and may change in the future. -type TopologySelectorLabelRequirement struct { - // The label key that the selector applies to. - Key string - // An array of string values. One value must match the label to be selected. - // Each entry in Values is ORed. - Values []string -} - -// Affinity is a group of affinity scheduling rules. -type Affinity struct { - // Describes node affinity scheduling rules for the pod. - // +optional - NodeAffinity *NodeAffinity - // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - // +optional - PodAffinity *PodAffinity - // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - // +optional - PodAntiAffinity *PodAntiAffinity -} - -// PodAffinity is a group of inter pod affinity scheduling rules. -type PodAffinity struct { - // NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system will try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - // RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm - - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - RequiredDuringSchedulingIgnoredDuringExecution []PodAffinityTerm - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - PreferredDuringSchedulingIgnoredDuringExecution []WeightedPodAffinityTerm -} - -// PodAntiAffinity is a group of inter pod anti affinity scheduling rules. -type PodAntiAffinity struct { - // NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system will try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - // RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm - - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - RequiredDuringSchedulingIgnoredDuringExecution []PodAffinityTerm - // The scheduler will prefer to schedule pods to nodes that satisfy - // the anti-affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling anti-affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - PreferredDuringSchedulingIgnoredDuringExecution []WeightedPodAffinityTerm -} - -// WeightedPodAffinityTerm represents the weights of all of the matched WeightedPodAffinityTerm -// fields are added per-node to find the most preferred node(s) -type WeightedPodAffinityTerm struct { - // weight associated with matching the corresponding podAffinityTerm, - // in the range 1-100. - Weight int32 - // Required. A pod affinity term, associated with the corresponding weight. - PodAffinityTerm PodAffinityTerm -} - -// PodAffinityTerm defines a set of pods (namely those matching the labelSelector -// relative to the given namespace(s)) that this pod should be -// co-located (affinity) or not co-located (anti-affinity) with, -// where co-located is defined as running on a node whose value of -// the label with key <topologyKey> matches that of any node on which -// a pod of the set of pods is running. -type PodAffinityTerm struct { - // A label query over a set of resources, in this case pods. - // +optional - LabelSelector *metav1.LabelSelector - // namespaces specifies a static list of namespace names that the term applies to. - // The term is applied to the union of the namespaces listed in this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means "this pod's namespace". - // +optional - Namespaces []string - // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located is defined as running on a node - // whose value of the label with key topologyKey matches that of any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - TopologyKey string - // A label query over the set of namespaces that the term applies to. - // The term is applied to the union of the namespaces selected by this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this pod's namespace". - // An empty selector ({}) matches all namespaces. - // +optional - NamespaceSelector *metav1.LabelSelector -} - -// NodeAffinity is a group of node affinity scheduling rules. -type NodeAffinity struct { - // NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // will try to eventually evict the pod from its node. - // +optional - // RequiredDuringSchedulingRequiredDuringExecution *NodeSelector - - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // may or may not try to eventually evict the pod from its node. - // +optional - RequiredDuringSchedulingIgnoredDuringExecution *NodeSelector - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node matches the corresponding matchExpressions; the - // node(s) with the highest sum are the most preferred. - // +optional - PreferredDuringSchedulingIgnoredDuringExecution []PreferredSchedulingTerm -} - -// PreferredSchedulingTerm represents an empty preferred scheduling term matches all objects with implicit weight 0 -// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -type PreferredSchedulingTerm struct { - // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - Weight int32 - // A node selector term, associated with the corresponding weight. - Preference NodeSelectorTerm -} - -// Taint represents taint that can be applied to the node. -// The node this Taint is attached to has the "effect" on -// any pod that does not tolerate the Taint. -type Taint struct { - // Required. The taint key to be applied to a node. - Key string - // Required. The taint value corresponding to the taint key. - // +optional - Value string - // Required. The effect of the taint on pods - // that do not tolerate the taint. - // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - Effect TaintEffect - // TimeAdded represents the time at which the taint was added. - // It is only written for NoExecute taints. - // +optional - TimeAdded *metav1.Time -} - -// TaintEffect defines the effects of Taint -type TaintEffect string - -// These are valid values for TaintEffect -const ( - // Do not allow new pods to schedule onto the node unless they tolerate the taint, - // but allow all pods submitted to Kubelet without going through the scheduler - // to start, and allow all already-running pods to continue running. - // Enforced by the scheduler. - TaintEffectNoSchedule TaintEffect = "NoSchedule" - // Like TaintEffectNoSchedule, but the scheduler tries not to schedule - // new pods onto the node, rather than prohibiting new pods from scheduling - // onto the node entirely. Enforced by the scheduler. - TaintEffectPreferNoSchedule TaintEffect = "PreferNoSchedule" - // NOT YET IMPLEMENTED. TODO: Uncomment field once it is implemented. - // Like TaintEffectNoSchedule, but additionally do not allow pods submitted to - // Kubelet without going through the scheduler to start. - // Enforced by Kubelet and the scheduler. - // TaintEffectNoScheduleNoAdmit TaintEffect = "NoScheduleNoAdmit" - - // Evict any already-running pods that do not tolerate the taint. - // Currently enforced by NodeController. - TaintEffectNoExecute TaintEffect = "NoExecute" -) - -// Toleration represents the toleration object that can be attached to a pod. -// The pod this Toleration is attached to tolerates any taint that matches -// the triple <key,value,effect> using the matching operator <operator>. -type Toleration struct { - // Key is the taint key that the toleration applies to. Empty means match all taint keys. - // If the key is empty, operator must be Exists; this combination means to match all values and all keys. - // +optional - Key string - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - // +optional - Operator TolerationOperator - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise just a regular string. - // +optional - Value string - // Effect indicates the taint effect to match. Empty means match all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - // +optional - Effect TaintEffect - // TolerationSeconds represents the period of time the toleration (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - // it is not set, which means tolerate the taint forever (do not evict). Zero and - // negative values will be treated as 0 (evict immediately) by the system. - // +optional - TolerationSeconds *int64 -} - -// TolerationOperator is the set of operators that can be used in a toleration. -type TolerationOperator string - -// These are valid values for TolerationOperator -const ( - TolerationOpExists TolerationOperator = "Exists" - TolerationOpEqual TolerationOperator = "Equal" -) - -// PodReadinessGate contains the reference to a pod condition -type PodReadinessGate struct { - // ConditionType refers to a condition in the pod's condition list with matching type. - ConditionType PodConditionType -} - -// PodSpec is a description of a pod -type PodSpec struct { - Volumes []Volume - // List of initialization containers belonging to the pod. - InitContainers []Container - // List of containers belonging to the pod. - Containers []Container - // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing - // pod to perform user-initiated actions such as debugging. This list cannot be specified when - // creating a pod, and it cannot be modified by updating the pod spec. In order to add an - // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - // +optional - EphemeralContainers []EphemeralContainer - // +optional - RestartPolicy RestartPolicy - // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - // Value must be non-negative integer. The value zero indicates stop immediately via the kill - // signal (no opportunity to shut down). - // If this value is nil, the default grace period will be used instead. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // +optional - TerminationGracePeriodSeconds *int64 - // Optional duration in seconds relative to the StartTime that the pod may be active on a node - // before the system actively tries to terminate the pod; value must be positive integer - // +optional - ActiveDeadlineSeconds *int64 - // Set DNS policy for the pod. - // Defaults to "ClusterFirst". - // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - // To have DNS options set along with hostNetwork, you have to specify DNS policy - // explicitly to 'ClusterFirstWithHostNet'. - // +optional - DNSPolicy DNSPolicy - // NodeSelector is a selector which must be true for the pod to fit on a node - // +optional - NodeSelector map[string]string - - // ServiceAccountName is the name of the ServiceAccount to use to run this pod - // The pod will be allowed to use secrets referenced by the ServiceAccount - ServiceAccountName string - // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - // +optional - AutomountServiceAccountToken *bool - - // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - // the scheduler simply schedules this pod onto that node, assuming that it fits resource - // requirements. - // +optional - NodeName string - // SecurityContext holds pod-level security attributes and common container settings. - // Optional: Defaults to empty. See type description for default values of each field. - // +optional - SecurityContext *PodSecurityContext - // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - // If specified, these secrets will be passed to individual puller implementations for them to use. - // +optional - ImagePullSecrets []LocalObjectReference - // Specifies the hostname of the Pod. - // If not specified, the pod's hostname will be set to a system-defined value. - // +optional - Hostname string - // If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". - // If not specified, the pod will not have a domainname at all. - // +optional - Subdomain string - // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). - // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). - // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. - // If a pod does not have FQDN, this has no effect. - // +optional - SetHostnameAsFQDN *bool - // If specified, the pod's scheduling constraints - // +optional - Affinity *Affinity - // If specified, the pod will be dispatched by specified scheduler. - // If not specified, the pod will be dispatched by default scheduler. - // +optional - SchedulerName string - // If specified, the pod's tolerations. - // +optional - Tolerations []Toleration - // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - // file if specified. This is only valid for non-hostNetwork pods. - // +optional - HostAliases []HostAlias - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - PriorityClassName string - // The priority value. Various system components use this field to find the - // priority of the pod. When Priority Admission Controller is enabled, it - // prevents users from setting this field. The admission controller populates - // this field from PriorityClassName. - // The higher the value, the higher the priority. - // +optional - Priority *int32 - // PreemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - PreemptionPolicy *PreemptionPolicy - // Specifies the DNS parameters of a pod. - // Parameters specified here will be merged to the generated DNS - // configuration based on DNSPolicy. - // +optional - DNSConfig *PodDNSConfig - // If specified, all readiness gates will be evaluated for pod readiness. - // A pod is ready when all its containers are ready AND - // all conditions specified in the readiness gates have status equal to "True" - // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - ReadinessGates []PodReadinessGate - // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - // empty definition that uses the default runtime handler. - // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - // +optional - RuntimeClassName *string - // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. - // This field will be autopopulated at admission time by the RuntimeClass admission controller. If - // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. - // The RuntimeClass admission controller will reject Pod create requests which have the overhead already - // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value - // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead - // +optional - Overhead ResourceList - // EnableServiceLinks indicates whether information about services should be injected into pod's - // environment variables, matching the syntax of Docker links. - // If not specified, the default is true. - // +optional - EnableServiceLinks *bool - // TopologySpreadConstraints describes how a group of pods ought to spread across topology - // domains. Scheduler will schedule pods in a way which abides by the constraints. - // All topologySpreadConstraints are ANDed. - // +optional - TopologySpreadConstraints []TopologySpreadConstraint - // Specifies the OS of the containers in the pod. - // Some pod and container fields are restricted if this is set. - // - // If the OS field is set to linux, the following fields must be unset: - // - securityContext.windowsOptions - // - // If the OS field is set to windows, following fields must be unset: - // - spec.hostPID - // - spec.hostIPC - // - spec.hostUsers - // - spec.securityContext.seLinuxOptions - // - spec.securityContext.seccompProfile - // - spec.securityContext.fsGroup - // - spec.securityContext.fsGroupChangePolicy - // - spec.securityContext.sysctls - // - spec.shareProcessNamespace - // - spec.securityContext.runAsUser - // - spec.securityContext.runAsGroup - // - spec.securityContext.supplementalGroups - // - spec.containers[*].securityContext.seLinuxOptions - // - spec.containers[*].securityContext.seccompProfile - // - spec.containers[*].securityContext.capabilities - // - spec.containers[*].securityContext.readOnlyRootFilesystem - // - spec.containers[*].securityContext.privileged - // - spec.containers[*].securityContext.allowPrivilegeEscalation - // - spec.containers[*].securityContext.procMount - // - spec.containers[*].securityContext.runAsUser - // - spec.containers[*].securityContext.runAsGroup - // +optional - OS *PodOS - - // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. - // More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. - // - // This is an alpha-level feature enabled by PodSchedulingReadiness feature gate. - // +optional - SchedulingGates []PodSchedulingGate - // ResourceClaims defines which ResourceClaims must be allocated - // and reserved before the Pod is allowed to start. The resources - // will be made available to those containers which consume them - // by name. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +featureGate=DynamicResourceAllocation - // +optional - ResourceClaims []PodResourceClaim -} - -// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -// Containers that need access to the ResourceClaim reference it with this name. -type PodResourceClaim struct { - // Name uniquely identifies this resource claim inside the pod. - // This must be a DNS_LABEL. - Name string - - // Source describes where to find the ResourceClaim. - Source ClaimSource -} - -// ClaimSource describes a reference to a ResourceClaim. -// -// Exactly one of these fields should be set. Consumers of this type must -// treat an empty object as if it has an unknown value. -type ClaimSource struct { - // ResourceClaimName is the name of a ResourceClaim object in the same - // namespace as this pod. - ResourceClaimName *string - - // ResourceClaimTemplateName is the name of a ResourceClaimTemplate - // object in the same namespace as this pod. - // - // The template will be used to create a new ResourceClaim, which will - // be bound to this pod. When this pod is deleted, the ResourceClaim - // will also be deleted. The name of the ResourceClaim will be <pod - // name>-<resource name>, where <resource name> is the - // PodResourceClaim.Name. Pod validation will reject the pod if the - // concatenated name is not valid for a ResourceClaim (e.g. too long). - // - // An existing ResourceClaim with that name that is not owned by the - // pod will not be used for the pod to avoid using an unrelated - // resource by mistake. Scheduling and pod startup are then blocked - // until the unrelated ResourceClaim is removed. - // - // This field is immutable and no changes will be made to the - // corresponding ResourceClaim by the control plane after creating the - // ResourceClaim. - ResourceClaimTemplateName *string -} - -// OSName is the set of OS'es that can be used in OS. -type OSName string - -// These are valid values for OSName -const ( - Linux OSName = "linux" - Windows OSName = "windows" -) - -// PodOS defines the OS parameters of a pod. -type PodOS struct { - // Name is the name of the operating system. The currently supported values are linux and windows. - // Additional value may be defined in future and can be one of: - // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - // Clients should expect to handle additional values and treat unrecognized values in this field as os: null - Name OSName -} - -// PodSchedulingGate is associated to a Pod to guard its scheduling. -type PodSchedulingGate struct { - // Name of the scheduling gate. - // Each scheduling gate must have a unique name field. - Name string -} - -// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -// pod's hosts file. -type HostAlias struct { - IP string - Hostnames []string -} - -// Sysctl defines a kernel parameter to be set -type Sysctl struct { - // Name of a property to set - Name string - // Value of a property to set - Value string -} - -// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume -// when volume is mounted. -type PodFSGroupChangePolicy string - -const ( - // FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed - // only when permission and ownership of root directory does not match with expected - // permissions on the volume. This can help shorten the time it takes to change - // ownership and permissions of a volume. - FSGroupChangeOnRootMismatch PodFSGroupChangePolicy = "OnRootMismatch" - // FSGroupChangeAlways indicates that volume's ownership and permissions - // should always be changed whenever volume is mounted inside a Pod. This the default - // behavior. - FSGroupChangeAlways PodFSGroupChangePolicy = "Always" -) - -// PodSecurityContext holds pod-level security attributes and common container settings. -// Some fields are also present in container.securityContext. Field values of -// container.securityContext take precedence over field values of PodSecurityContext. -type PodSecurityContext struct { - // Use the host's network namespace. If this option is set, the ports that will be - // used must be specified. - // Optional: Default to false - // +k8s:conversion-gen=false - // +optional - HostNetwork bool - // Use the host's pid namespace. - // Optional: Default to false. - // Note that this field cannot be set when spec.os.name is windows. - // +k8s:conversion-gen=false - // +optional - HostPID bool - // Use the host's ipc namespace. - // Optional: Default to false. - // Note that this field cannot be set when spec.os.name is windows. - // +k8s:conversion-gen=false - // +optional - HostIPC bool - // Share a single process namespace between all of the containers in a pod. - // When this is set containers will be able to view and signal processes from other containers - // in the same pod, and the first process in each container will not be assigned PID 1. - // HostPID and ShareProcessNamespace cannot both be set. - // Note that this field cannot be set when spec.os.name is windows. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - ShareProcessNamespace *bool - // Use the host's user namespace. - // Optional: Default to true. - // If set to true or not present, the pod will be run in the host user namespace, useful - // for when the pod needs a feature only available to the host user namespace, such as - // loading a kernel module with CAP_SYS_MODULE. - // When set to false, a new user namespace is created for the pod. Setting false is useful - // for mitigating container breakout vulnerabilities even allowing users to run their - // containers as root without actually having root privileges on the host. - // Note that this field cannot be set when spec.os.name is windows. - // +k8s:conversion-gen=false - // +optional - HostUsers *bool - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - SELinuxOptions *SELinuxOptions - // The Windows specific settings applied to all containers. - // If unspecified, the options within a container's SecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - WindowsOptions *WindowsSecurityContextOptions - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - RunAsUser *int64 - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - RunAsGroup *int64 - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // +optional - RunAsNonRoot *bool - // A list of groups applied to the first process run in each container, in addition - // to the container's primary GID, the fsGroup (if specified), and group memberships - // defined in the container image for the uid of the container process. If unspecified, - // no additional groups are added to any container. Note that group memberships - // defined in the container image for the uid of the container process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - SupplementalGroups []int64 - // A special supplemental group that applies to all containers in a pod. - // Some volume types allow the Kubelet to change the ownership of that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and permissions of any volume. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - FSGroup *int64 - // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and permissions). - // It will have no effect on ephemeral volume types such as: secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - FSGroupChangePolicy *PodFSGroupChangePolicy - // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - Sysctls []Sysctl - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - SeccompProfile *SeccompProfile -} - -// SeccompProfile defines a pod/container's seccomp profile settings. -// Only one profile source may be set. -// +union -type SeccompProfile struct { - // +unionDiscriminator - Type SeccompProfileType - // Load a profile defined in static file on the node. - // The profile must be preconfigured on the node to work. - // LocalhostProfile cannot be an absolute nor a descending path. - // +optional - LocalhostProfile *string -} - -// SeccompProfileType defines the supported seccomp profile types. -type SeccompProfileType string - -const ( - // SeccompProfileTypeUnconfined is when no seccomp profile is applied (A.K.A. unconfined). - SeccompProfileTypeUnconfined SeccompProfileType = "Unconfined" - // SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. - SeccompProfileTypeRuntimeDefault SeccompProfileType = "RuntimeDefault" - // SeccompProfileTypeLocalhost represents custom made profiles stored on the node's disk. - SeccompProfileTypeLocalhost SeccompProfileType = "Localhost" -) - -// PodQOSClass defines the supported qos classes of Pods. -type PodQOSClass string - -// These are valid values for PodQOSClass -const ( - // PodQOSGuaranteed is the Guaranteed qos class. - PodQOSGuaranteed PodQOSClass = "Guaranteed" - // PodQOSBurstable is the Burstable qos class. - PodQOSBurstable PodQOSClass = "Burstable" - // PodQOSBestEffort is the BestEffort qos class. - PodQOSBestEffort PodQOSClass = "BestEffort" -) - -// PodDNSConfig defines the DNS parameters of a pod in addition to -// those generated from DNSPolicy. -type PodDNSConfig struct { - // A list of DNS name server IP addresses. - // This will be appended to the base nameservers generated from DNSPolicy. - // Duplicated nameservers will be removed. - // +optional - Nameservers []string - // A list of DNS search domains for host-name lookup. - // This will be appended to the base search paths generated from DNSPolicy. - // Duplicated search paths will be removed. - // +optional - Searches []string - // A list of DNS resolver options. - // This will be merged with the base options generated from DNSPolicy. - // Duplicated entries will be removed. Resolution options given in Options - // will override those that appear in the base DNSPolicy. - // +optional - Options []PodDNSConfigOption -} - -// PodDNSConfigOption defines DNS resolver options of a pod. -type PodDNSConfigOption struct { - // Required. - Name string - // +optional - Value *string -} - -// PodIP represents the IP address of a pod. -// IP address information. Each entry includes: -// -// IP: An IP address allocated to the pod. Routable at least within -// the cluster. -type PodIP struct { - IP string -} - -// EphemeralContainerCommon is a copy of all fields in Container to be inlined in -// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer -// to Container and allows separate documentation for the fields of EphemeralContainer. -// When a new field is added to Container it must be added here as well. -type EphemeralContainerCommon struct { - // Required: This must be a DNS_LABEL. Each container in a pod must - // have a unique name. - Name string - // Required. - Image string - // Optional: The container image's entrypoint is used if this is not provided; cannot be updated. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. - // +optional - Command []string - // Optional: The container image's cmd is used if this is not provided; cannot be updated. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. - // +optional - Args []string - // Optional: Defaults to the container runtime's default working directory. - // +optional - WorkingDir string - // Ports are not allowed for ephemeral containers. - // +optional - Ports []ContainerPort - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - EnvFrom []EnvFromSource - // +optional - Env []EnvVar - // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources - // already allocated to the pod. - // +optional - Resources ResourceRequirements - // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. - // +optional - VolumeMounts []VolumeMount - // volumeDevices is the list of block devices to be used by the container. - // +optional - VolumeDevices []VolumeDevice - // Probes are not allowed for ephemeral containers. - // +optional - LivenessProbe *Probe - // Probes are not allowed for ephemeral containers. - // +optional - ReadinessProbe *Probe - // Probes are not allowed for ephemeral containers. - // +optional - StartupProbe *Probe - // Lifecycle is not allowed for ephemeral containers. - // +optional - Lifecycle *Lifecycle - // Required. - // +optional - TerminationMessagePath string - // +optional - TerminationMessagePolicy TerminationMessagePolicy - // Required: Policy for pulling images for this container - ImagePullPolicy PullPolicy - // Optional: SecurityContext defines the security options the ephemeral container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - SecurityContext *SecurityContext - - // Variables for interactive containers, these have very specialized use-cases (e.g. debugging) - // and shouldn't be used for general purpose containers. - // +optional - Stdin bool - // +optional - StdinOnce bool - // +optional - TTY bool -} - -// EphemeralContainerCommon converts to Container. All fields must be kept in sync between -// these two types. -var _ = Container(EphemeralContainerCommon{}) - -// An EphemeralContainer is a temporary container that you may add to an existing Pod for -// user-initiated activities such as debugging. Ephemeral containers have no resource or -// scheduling guarantees, and they will not be restarted when they exit or when a Pod is -// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -// Pod to exceed its resource allocation. -// -// To add an ephemeral container, use the ephemeralcontainers subresource of an existing -// Pod. Ephemeral containers may not be removed or restarted. -type EphemeralContainer struct { - // Ephemeral containers have all of the fields of Container, plus additional fields - // specific to ephemeral containers. Fields in common with Container are in the - // following inlined struct so than an EphemeralContainer may easily be converted - // to a Container. - EphemeralContainerCommon - - // If set, the name of the container from PodSpec that this ephemeral container targets. - // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. - // If not set then the ephemeral container uses the namespaces configured in the Pod spec. - // - // The container runtime must implement support for this feature. If the runtime does not - // support namespace targeting then the result of setting this field is undefined. - // +optional - TargetContainerName string -} - -// PodStatus represents information about the status of a pod. Status may trail the actual -// state of a system. -type PodStatus struct { - // +optional - Phase PodPhase - // +optional - Conditions []PodCondition - // A human readable message indicating details about why the pod is in this state. - // +optional - Message string - // A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted' - // +optional - Reason string - // nominatedNodeName is set when this pod preempts other pods on the node, but it cannot be - // scheduled right away as preemption victims receive their graceful termination periods. - // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide - // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to - // give the resources on this node to a higher priority pod that is created after preemption. - // +optional - NominatedNodeName string - // +optional - HostIP string - - // PodIPs holds all of the known IP addresses allocated to the pod. Pods may be assigned AT MOST - // one value for each of IPv4 and IPv6. - // +optional - PodIPs []PodIP - - // Date and time at which the object was acknowledged by the Kubelet. - // This is before the Kubelet pulled the container image(s) for the pod. - // +optional - StartTime *metav1.Time - // +optional - QOSClass PodQOSClass - - // The list has one entry per init container in the manifest. The most recent successful - // init container will have ready = true, the most recently started container will have - // startTime set. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status - InitContainerStatuses []ContainerStatus - // The list has one entry per app container in the manifest. - // +optional - ContainerStatuses []ContainerStatus - - // Status for any ephemeral containers that have run in this pod. - // +optional - EphemeralContainerStatuses []ContainerStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded -type PodStatusResult struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - // Status represents the current information about a pod. This data may not be up - // to date. - // +optional - Status PodStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Pod is a collection of containers, used as either input (create, update) or as output (list, get). -type Pod struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the behavior of a pod. - // +optional - Spec PodSpec - - // Status represents the current information about a pod. This data may not be up - // to date. - // +optional - Status PodStatus -} - -// PodTemplateSpec describes the data a pod should have when created from a template -type PodTemplateSpec struct { - // Metadata of the pods created from this template. - // +optional - metav1.ObjectMeta - - // Spec defines the behavior of a pod. - // +optional - Spec PodSpec -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodTemplate describes a template for creating copies of a predefined pod. -type PodTemplate struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Template defines the pods that will be created from this pod template - // +optional - Template PodTemplateSpec -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodTemplateList is a list of PodTemplates. -type PodTemplateList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []PodTemplate -} - -// ReplicationControllerSpec is the specification of a replication controller. -// As the internal representation of a replication controller, it may have either -// a TemplateRef or a Template set. -type ReplicationControllerSpec struct { - // Replicas is the number of desired replicas. - Replicas int32 - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - MinReadySeconds int32 - - // Selector is a label query over pods that should match the Replicas count. - Selector map[string]string - - // TemplateRef is a reference to an object that describes the pod that will be created if - // insufficient replicas are detected. This reference is ignored if a Template is set. - // Must be set before converting to a versioned API object - // +optional - // TemplateRef *ObjectReference - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. Internally, this takes precedence over a - // TemplateRef. - // +optional - Template *PodTemplateSpec -} - -// ReplicationControllerStatus represents the current status of a replication -// controller. -type ReplicationControllerStatus struct { - // Replicas is the number of actual replicas. - Replicas int32 - - // The number of pods that have labels matching the labels of the pod template of the replication controller. - // +optional - FullyLabeledReplicas int32 - - // The number of ready replicas for this replication controller. - // +optional - ReadyReplicas int32 - - // The number of available replicas (ready for at least minReadySeconds) for this replication controller. - // +optional - AvailableReplicas int32 - - // ObservedGeneration is the most recent generation observed by the controller. - // +optional - ObservedGeneration int64 - - // Represents the latest available observations of a replication controller's current state. - // +optional - Conditions []ReplicationControllerCondition -} - -// ReplicationControllerConditionType defines the conditions of a replication controller. -type ReplicationControllerConditionType string - -// These are valid conditions of a replication controller. -const ( - // ReplicationControllerReplicaFailure is added in a replication controller when one of its pods - // fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, - // etc. or deleted due to kubelet being down or finalizers are failing. - ReplicationControllerReplicaFailure ReplicationControllerConditionType = "ReplicaFailure" -) - -// ReplicationControllerCondition describes the state of a replication controller at a certain point. -type ReplicationControllerCondition struct { - // Type of replication controller condition. - Type ReplicationControllerConditionType - // Status of the condition, one of True, False, Unknown. - Status ConditionStatus - // The last time the condition transitioned from one status to another. - // +optional - LastTransitionTime metav1.Time - // The reason for the condition's last transition. - // +optional - Reason string - // A human readable message indicating details about the transition. - // +optional - Message string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ReplicationController represents the configuration of a replication controller. -type ReplicationController struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the desired behavior of this replication controller. - // +optional - Spec ReplicationControllerSpec - - // Status is the current status of this replication controller. This data may be - // out of date by some window of time. - // +optional - Status ReplicationControllerStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ReplicationControllerList is a collection of replication controllers. -type ReplicationControllerList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []ReplicationController -} - -const ( - // ClusterIPNone - do not assign a cluster IP - // no proxying required and no environment variables should be created for pods - ClusterIPNone = "None" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ServiceList holds a list of services. -type ServiceList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Service -} - -// ServiceAffinity Type string -type ServiceAffinity string - -const ( - // ServiceAffinityClientIP is the Client IP based. - ServiceAffinityClientIP ServiceAffinity = "ClientIP" - - // ServiceAffinityNone - no session affinity. - ServiceAffinityNone ServiceAffinity = "None" -) - -const ( - // DefaultClientIPServiceAffinitySeconds is the default timeout seconds - // of Client IP based session affinity - 3 hours. - DefaultClientIPServiceAffinitySeconds int32 = 10800 - // MaxClientIPServiceAffinitySeconds is the max timeout seconds - // of Client IP based session affinity - 1 day. - MaxClientIPServiceAffinitySeconds int32 = 86400 -) - -// SessionAffinityConfig represents the configurations of session affinity. -type SessionAffinityConfig struct { - // clientIP contains the configurations of Client IP based session affinity. - // +optional - ClientIP *ClientIPConfig -} - -// ClientIPConfig represents the configurations of Client IP based session affinity. -type ClientIPConfig struct { - // timeoutSeconds specifies the seconds of ClientIP type session sticky time. - // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - // Default value is 10800(for 3 hours). - // +optional - TimeoutSeconds *int32 -} - -// ServiceType string describes ingress methods for a service -type ServiceType string - -const ( - // ServiceTypeClusterIP means a service will only be accessible inside the - // cluster, via the ClusterIP. - ServiceTypeClusterIP ServiceType = "ClusterIP" - - // ServiceTypeNodePort means a service will be exposed on one port of - // every node, in addition to 'ClusterIP' type. - ServiceTypeNodePort ServiceType = "NodePort" - - // ServiceTypeLoadBalancer means a service will be exposed via an - // external load balancer (if the cloud provider supports it), in addition - // to 'NodePort' type. - ServiceTypeLoadBalancer ServiceType = "LoadBalancer" - - // ServiceTypeExternalName means a service consists of only a reference to - // an external name that kubedns or equivalent will return as a CNAME - // record, with no exposing or proxying of any pods involved. - ServiceTypeExternalName ServiceType = "ExternalName" -) - -// ServiceInternalTrafficPolicyType describes the endpoint-selection policy for -// traffic sent to the ClusterIP. -type ServiceInternalTrafficPolicyType string - -const ( - // ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. - ServiceInternalTrafficPolicyCluster ServiceInternalTrafficPolicyType = "Cluster" - - // ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same - // node as the traffic was received on (dropping the traffic if there are no - // local endpoints). - ServiceInternalTrafficPolicyLocal ServiceInternalTrafficPolicyType = "Local" -) - -// ServiceExternalTrafficPolicyType describes the endpoint-selection policy for -// traffic to external service entrypoints (NodePorts, ExternalIPs, and -// LoadBalancer IPs). -type ServiceExternalTrafficPolicyType string - -const ( - // ServiceExternalTrafficPolicyTypeCluster routes traffic to all endpoints. - ServiceExternalTrafficPolicyTypeCluster ServiceExternalTrafficPolicyType = "Cluster" - - // ServiceExternalTrafficPolicyTypeLocal preserves the source IP of the traffic by - // routing only to endpoints on the same node as the traffic was received on - // (dropping the traffic if there are no local endpoints). - ServiceExternalTrafficPolicyTypeLocal ServiceExternalTrafficPolicyType = "Local" -) - -// These are the valid conditions of a service. -const ( - // LoadBalancerPortsError represents the condition of the requested ports - // on the cloud load balancer instance. - LoadBalancerPortsError = "LoadBalancerPortsError" -) - -// ServiceStatus represents the current status of a service -type ServiceStatus struct { - // LoadBalancer contains the current status of the load-balancer, - // if one is present. - // +optional - LoadBalancer LoadBalancerStatus - - // Current service condition - // +optional - Conditions []metav1.Condition -} - -// LoadBalancerStatus represents the status of a load-balancer -type LoadBalancerStatus struct { - // Ingress is a list containing ingress points for the load-balancer; - // traffic intended for the service should be sent to these ingress points. - // +optional - Ingress []LoadBalancerIngress -} - -// LoadBalancerIngress represents the status of a load-balancer ingress point: -// traffic intended for the service should be sent to an ingress point. -type LoadBalancerIngress struct { - // IP is set for load-balancer ingress points that are IP based - // (typically GCE or OpenStack load-balancers) - // +optional - IP string - - // Hostname is set for load-balancer ingress points that are DNS based - // (typically AWS load-balancers) - // +optional - Hostname string - - // Ports is a list of records of service ports - // If used, every port defined in the service should have an entry in it - // +optional - Ports []PortStatus -} - -// IPFamily represents the IP Family (IPv4 or IPv6). This type is used -// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). -type IPFamily string - -const ( - // IPv4Protocol indicates that this IP is IPv4 protocol - IPv4Protocol IPFamily = "IPv4" - // IPv6Protocol indicates that this IP is IPv6 protocol - IPv6Protocol IPFamily = "IPv6" -) - -// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service -type IPFamilyPolicy string - -const ( - // IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. - // The IPFamily assigned is based on the default IPFamily used by the cluster - // or as identified by service.spec.ipFamilies field - IPFamilyPolicySingleStack IPFamilyPolicy = "SingleStack" - // IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when - // the cluster is configured for dual-stack. If the cluster is not configured - // for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not - // set in service.spec.ipFamilies then the service will be assigned the default IPFamily - // configured on the cluster - IPFamilyPolicyPreferDualStack IPFamilyPolicy = "PreferDualStack" - // IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using - // IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The - // IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If - // service.spec.ipFamilies was not provided then it will be assigned according to how they are - // configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative - // IPFamily will be added by apiserver - IPFamilyPolicyRequireDualStack IPFamilyPolicy = "RequireDualStack" -) - -// ServiceSpec describes the attributes that a user creates on a service -type ServiceSpec struct { - // Type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ExternalName" maps to the specified externalName. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing to - // endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object. If clusterIP is - // "None", no virtual IP is allocated and the endpoints are published as a - // set of endpoints rather than a stable IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the clusterIP. - // "LoadBalancer" builds on NodePort and creates an - // external load-balancer (if supported in the current cloud) which routes - // to the clusterIP. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - Type ServiceType - - // Required: The list of ports that are exposed by this service. - Ports []ServicePort - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - Selector map[string]string - - // ClusterIP is the IP address of the service and is usually assigned - // randomly by the master. If an address is specified manually and is not in - // use by others, it will be allocated to the service; otherwise, creation - // of the service will fail. This field can not be changed through updates. - // Valid values are "None", empty string (""), or a valid IP address. "None" - // can be specified for headless services when proxying is not required. - // Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if - // type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - ClusterIP string - - // ClusterIPs identifies all the ClusterIPs assigned to this - // service. ClusterIPs are assigned or reserved based on the values of - // service.spec.ipFamilies. A maximum of two entries (dual-stack IPs) are - // allowed in ClusterIPs. The IPFamily of each ClusterIP must match - // values provided in service.spec.ipFamilies. Clients using ClusterIPs must - // keep it in sync with ClusterIP (if provided) by having ClusterIP matching - // first element of ClusterIPs. - // +optional - ClusterIPs []string - - // IPFamilies identifies all the IPFamilies assigned for this Service. If a value - // was not provided for IPFamilies it will be defaulted based on the cluster - // configuration and the value of service.spec.ipFamilyPolicy. A maximum of two - // values (dual-stack IPFamilies) are allowed in IPFamilies. IPFamilies field is - // conditionally mutable: it allows for adding or removing a secondary IPFamily, - // but it does not allow changing the primary IPFamily of the service. - // +optional - IPFamilies []IPFamily - - // IPFamilyPolicy represents the dual-stack-ness requested or required by this - // Service. If there is no value provided, then this Service will be considered - // SingleStack (single IPFamily). Services can be SingleStack (single IPFamily), - // PreferDualStack (two dual-stack IPFamilies on dual-stack clusters or single - // IPFamily on single-stack clusters), or RequireDualStack (two dual-stack IPFamilies - // on dual-stack configured clusters, otherwise fail). The IPFamilies and ClusterIPs assigned - // to this service can be controlled by service.spec.ipFamilies and service.spec.clusterIPs - // respectively. - // +optional - IPFamilyPolicy *IPFamilyPolicy - - // ExternalName is the external reference that kubedns or equivalent will - // return as a CNAME record for this service. No proxying will be involved. - // Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - // and requires Type to be ExternalName. - ExternalName string - - // ExternalIPs are used by external load balancers, or can be set by - // users to handle external traffic that arrives at a node. - // +optional - ExternalIPs []string - - // Only applies to Service Type: LoadBalancer - // LoadBalancer will get created with the IP specified in this field. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // Deprecated: This field was under-specified and its meaning varies across implementations, - // and it cannot support dual-stack. - // As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. - // This field may be removed in a future API version. - // +optional - LoadBalancerIP string - - // Optional: Supports "ClientIP" and "None". Used to maintain session affinity. - // +optional - SessionAffinity ServiceAffinity - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - SessionAffinityConfig *SessionAffinityConfig - - // Optional: If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // +optional - LoadBalancerSourceRanges []string - - // externalTrafficPolicy describes how nodes distribute service traffic they - // receive on one of the Service's "externally-facing" addresses (NodePorts, - // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - // the service in a way that assumes that external load balancers will take care - // of balancing the service traffic between nodes, and so each node will deliver - // traffic only to the node-local endpoints of the service, without masquerading - // the client source IP. (Traffic mistakenly sent to a node with no endpoints will - // be dropped.) The default value, "Cluster", uses the standard behavior of - // routing to all endpoints evenly (possibly modified by topology and other - // features). Note that traffic sent to an External IP or LoadBalancer IP from - // within the cluster will always get "Cluster" semantics, but clients sending to - // a NodePort from within the cluster may need to take traffic policy into account - // when picking a node. - // +optional - ExternalTrafficPolicy ServiceExternalTrafficPolicyType - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // If not specified, HealthCheckNodePort is created by the service api - // backend with the allocated nodePort. Will use user-specified nodePort value - // if specified by the client. Only effects when Type is set to LoadBalancer - // and ExternalTrafficPolicy is set to Local. - // +optional - HealthCheckNodePort int32 - - // publishNotReadyAddresses indicates that any agent which deals with endpoints for this - // Service should disregard any indications of ready/not-ready. - // The primary use case for setting this field is for a StatefulSet's Headless Service to - // propagate SRV DNS records for its Pods for the purpose of peer discovery. - // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - // Services interpret this to mean that all endpoints are considered "ready" even if the - // Pods themselves are not. Agents which consume only Kubernetes generated endpoints - // through the Endpoints or EndpointSlice resources can safely assume this behavior. - // +optional - PublishNotReadyAddresses bool - - // allocateLoadBalancerNodePorts defines if NodePorts will be automatically - // allocated for services with type LoadBalancer. Default is "true". It - // may be set to "false" if the cluster load-balancer does not rely on - // NodePorts. If the caller requests specific NodePorts (by specifying a - // value), those requests will be respected, regardless of this field. - // This field may only be set for services with type LoadBalancer and will - // be cleared if the type is changed to any other type. - // +optional - AllocateLoadBalancerNodePorts *bool - - // loadBalancerClass is the class of the load balancer implementation this Service belongs to. - // If specified, the value of this field must be a label-style identifier, with an optional prefix, - // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - // balancer implementation is used, today this is typically done through the cloud provider integration, - // but should apply for any default implementation. If set, it is assumed that a load balancer - // implementation is watching for Services with a matching class. Any default load balancer - // implementation (e.g. cloud providers) should ignore Services that set this field. - // This field can only be set when creating or updating a Service to type 'LoadBalancer'. - // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - // +optional - LoadBalancerClass *string - - // InternalTrafficPolicy describes how nodes distribute service traffic they - // receive on the ClusterIP. If set to "Local", the proxy will assume that pods - // only want to talk to endpoints of the service on the same node as the pod, - // dropping the traffic if there are no local endpoints. The default value, - // "Cluster", uses the standard behavior of routing to all endpoints evenly - // (possibly modified by topology and other features). - // +optional - InternalTrafficPolicy *ServiceInternalTrafficPolicyType -} - -// ServicePort represents the port on which the service is exposed -type ServicePort struct { - // Optional if only one ServicePort is defined on this service: The - // name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. This maps to - // the 'Name' field in EndpointPort objects. - Name string - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - Protocol Protocol - - // The application protocol for this port. - // This field follows standard Kubernetes label syntax. - // Un-prefixed names are reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // Non-standard protocols should use prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - AppProtocol *string - - // The port that will be exposed on the service. - Port int32 - - // Optional: The target port on pods selected by this service. If this - // is a string, it will be looked up as a named port in the target - // Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - TargetPort intstr.IntOrString - - // The port on each node on which this service is exposed. - // Default is to auto-allocate a port if the ServiceType of this Service requires one. - NodePort int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Service is a named abstraction of software service (for example, mysql) consisting of local port -// (for example 3306) that the proxy listens on, and the selector that determines which pods -// will answer requests sent through the proxy. -type Service struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the behavior of a service. - // +optional - Spec ServiceSpec - - // Status represents the current status of a service. - // +optional - Status ServiceStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ServiceAccount binds together: -// * a name, understood by users, and perhaps by peripheral systems, for an identity -// * a principal that can be authenticated and authorized -// * a set of secrets -type ServiceAccount struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. - // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". - // This field should not be used to find auto-generated service account token secrets for use outside of pods. - // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. - Secrets []ObjectReference - - // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images - // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets - // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. - // +optional - ImagePullSecrets []LocalObjectReference - - // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. - // Can be overridden at the pod level. - // +optional - AutomountServiceAccountToken *bool -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ServiceAccountList is a list of ServiceAccount objects -type ServiceAccountList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []ServiceAccount -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Endpoints is a collection of endpoints that implement the actual service. Example: -// -// Name: "mysvc", -// Subsets: [ -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// }, -// { -// Addresses: [{"ip": "10.10.3.3"}], -// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] -// }, -// ] -type Endpoints struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // The set of all endpoints is the union of all subsets. - Subsets []EndpointSubset -} - -// EndpointSubset is a group of addresses with a common set of ports. The -// expanded set of endpoints is the Cartesian product of Addresses x Ports. -// For example, given: -// -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// } -// -// The resulting set of endpoints can be viewed as: -// -// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], -// b: [ 10.10.1.1:309, 10.10.2.2:309 ] -type EndpointSubset struct { - Addresses []EndpointAddress - NotReadyAddresses []EndpointAddress - Ports []EndpointPort -} - -// EndpointAddress is a tuple that describes single IP address. -type EndpointAddress struct { - // The IP of this endpoint. - // IPv6 is also accepted but not fully supported on all platforms. Also, certain - // kubernetes components, like kube-proxy, are not IPv6 ready. - // TODO: This should allow hostname or IP, see #4447. - IP string - // Optional: Hostname of this endpoint - // Meant to be used by DNS servers etc. - // +optional - Hostname string - // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. - // +optional - NodeName *string - // Optional: The kubernetes object related to the entry point. - TargetRef *ObjectReference -} - -// EndpointPort is a tuple that describes a single port. -type EndpointPort struct { - // The name of this port (corresponds to ServicePort.Name). Optional - // if only one port is defined. Must be a DNS_LABEL. - Name string - - // The port number. - Port int32 - - // The IP protocol for this port. - Protocol Protocol - - // The application protocol for this port. - // This field follows standard Kubernetes label syntax. - // Un-prefixed names are reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // Non-standard protocols should use prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - AppProtocol *string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EndpointsList is a list of endpoints. -type EndpointsList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Endpoints -} - -// NodeSpec describes the attributes that a node is created with. -type NodeSpec struct { - // PodCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. It may - // contain AT MOST one value for each of IPv4 and IPv6. - // Note: assigning IP ranges to nodes might need to be revisited when we support migratable IPs. - // +optional - PodCIDRs []string - - // ID of the node assigned by the cloud provider - // Note: format is "<ProviderName>://<ProviderSpecificNodeID>" - // +optional - ProviderID string - - // Unschedulable controls node schedulability of new pods. By default node is schedulable. - // +optional - Unschedulable bool - - // If specified, the node's taints. - // +optional - Taints []Taint - - // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. - // +optional - ConfigSource *NodeConfigSource - - // Deprecated. Not all kubelets will set this field. Remove field after 1.13. - // see: https://issues.k8s.io/61966 - // +optional - DoNotUseExternalID string -} - -// Deprecated: NodeConfigSource specifies a source of node configuration. Exactly one subfield must be non-nil. -type NodeConfigSource struct { - ConfigMap *ConfigMapNodeConfigSource -} - -// Deprecated: ConfigMapNodeConfigSource represents the config map of a node -type ConfigMapNodeConfigSource struct { - // Namespace is the metadata.namespace of the referenced ConfigMap. - // This field is required in all cases. - Namespace string - - // Name is the metadata.name of the referenced ConfigMap. - // This field is required in all cases. - Name string - - // UID is the metadata.UID of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - UID types.UID - - // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - ResourceVersion string - - // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure - // This field is required in all cases. - KubeletConfigKey string -} - -// DaemonEndpoint contains information about a single Daemon endpoint. -type DaemonEndpoint struct { - /* - The port tag was not properly in quotes in earlier releases, so it must be - uppercase for backwards compatibility (since it was falling back to var name of - 'Port'). - */ - - // Port number of the given endpoint. - Port int32 -} - -// NodeDaemonEndpoints lists ports opened by daemons running on the Node. -type NodeDaemonEndpoints struct { - // Endpoint on which Kubelet is listening. - // +optional - KubeletEndpoint DaemonEndpoint -} - -// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. -type NodeSystemInfo struct { - // MachineID reported by the node. For unique machine identification - // in the cluster this field is preferred. Learn more from man(5) - // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - MachineID string - // SystemUUID reported by the node. For unique machine identification - // MachineID is preferred. This field is specific to Red Hat hosts - // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - SystemUUID string - // Boot ID reported by the node. - BootID string - // Kernel Version reported by the node. - KernelVersion string - // OS Image reported by the node. - OSImage string - // ContainerRuntime Version reported by the node. - ContainerRuntimeVersion string - // Kubelet Version reported by the node. - KubeletVersion string - // KubeProxy Version reported by the node. - KubeProxyVersion string - // The Operating System reported by the node - OperatingSystem string - // The Architecture reported by the node - Architecture string -} - -// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. -type NodeConfigStatus struct { - // Assigned reports the checkpointed config the node will try to use. - // When Node.Spec.ConfigSource is updated, the node checkpoints the associated - // config payload to local disk, along with a record indicating intended - // config. The node refers to this record to choose its config checkpoint, and - // reports this record in Assigned. Assigned only updates in the status after - // the record has been checkpointed to disk. When the Kubelet is restarted, - // it tries to make the Assigned config the Active config by loading and - // validating the checkpointed payload identified by Assigned. - // +optional - Assigned *NodeConfigSource - // Active reports the checkpointed config the node is actively using. - // Active will represent either the current version of the Assigned config, - // or the current LastKnownGood config, depending on whether attempting to use the - // Assigned config results in an error. - // +optional - Active *NodeConfigSource - // LastKnownGood reports the checkpointed config the node will fall back to - // when it encounters an error attempting to use the Assigned config. - // The Assigned config becomes the LastKnownGood config when the node determines - // that the Assigned config is stable and correct. - // This is currently implemented as a 10-minute soak period starting when the local - // record of Assigned config is updated. If the Assigned config is Active at the end - // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is - // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, - // because the local default config is always assumed good. - // You should not make assumptions about the node's method of determining config stability - // and correctness, as this may change or become configurable in the future. - // +optional - LastKnownGood *NodeConfigSource - // Error describes any problems reconciling the Spec.ConfigSource to the Active config. - // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned - // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting - // to load or validate the Assigned config, etc. - // Errors may occur at different points while syncing config. Earlier errors (e.g. download or - // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across - // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in - // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error - // by fixing the config assigned in Spec.ConfigSource. - // You can find additional information for debugging by searching the error message in the Kubelet log. - // Error is a human-readable description of the error state; machines can check whether or not Error - // is empty, but should not rely on the stability of the Error text across Kubelet versions. - // +optional - Error string -} - -// NodeStatus is information about the current status of a node. -type NodeStatus struct { - // Capacity represents the total resources of a node. - // +optional - Capacity ResourceList - // Allocatable represents the resources of a node that are available for scheduling. - // +optional - Allocatable ResourceList - // NodePhase is the current lifecycle phase of the node. - // +optional - Phase NodePhase - // Conditions is an array of current node conditions. - // +optional - Conditions []NodeCondition - // Queried from cloud provider, if available. - // +optional - Addresses []NodeAddress - // Endpoints of daemons running on the Node. - // +optional - DaemonEndpoints NodeDaemonEndpoints - // Set of ids/uuids to uniquely identify the node. - // +optional - NodeInfo NodeSystemInfo - // List of container images on this node - // +optional - Images []ContainerImage - // List of attachable volumes in use (mounted) by the node. - // +optional - VolumesInUse []UniqueVolumeName - // List of volumes that are attached to the node. - // +optional - VolumesAttached []AttachedVolume - // Status of the config assigned to the node via the dynamic Kubelet config feature. - // +optional - Config *NodeConfigStatus -} - -// UniqueVolumeName defines the name of attached volume -type UniqueVolumeName string - -// AttachedVolume describes a volume attached to a node -type AttachedVolume struct { - // Name of the attached volume - Name UniqueVolumeName - - // DevicePath represents the device path where the volume should be available - DevicePath string -} - -// AvoidPods describes pods that should avoid this node. This is the value for a -// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and -// will eventually become a field of NodeStatus. -type AvoidPods struct { - // Bounded-sized list of signatures of pods that should avoid this node, sorted - // in timestamp order from oldest to newest. Size of the slice is unspecified. - // +optional - PreferAvoidPods []PreferAvoidPodsEntry -} - -// PreferAvoidPodsEntry describes a class of pods that should avoid this node. -type PreferAvoidPodsEntry struct { - // The class of pods. - PodSignature PodSignature - // Time at which this entry was added to the list. - // +optional - EvictionTime metav1.Time - // (brief) reason why this entry was added to the list. - // +optional - Reason string - // Human readable message indicating why this entry was added to the list. - // +optional - Message string -} - -// PodSignature describes the class of pods that should avoid this node. -// Exactly one field should be set. -type PodSignature struct { - // Reference to controller whose pods should avoid this node. - // +optional - PodController *metav1.OwnerReference -} - -// ContainerImage describe a container image -type ContainerImage struct { - // Names by which this image is known. - // +optional - Names []string - // The size of the image in bytes. - // +optional - SizeBytes int64 -} - -// NodePhase defines the phase in which a node is in -type NodePhase string - -// These are the valid phases of node. -const ( - // NodePending means the node has been created/added by the system, but not configured. - NodePending NodePhase = "Pending" - // NodeRunning means the node has been configured and has Kubernetes components running. - NodeRunning NodePhase = "Running" - // NodeTerminated means the node has been removed from the cluster. - NodeTerminated NodePhase = "Terminated" -) - -// NodeConditionType defines node's condition -type NodeConditionType string - -// These are valid conditions of node. Currently, we don't have enough information to decide -// node condition. In the future, we will add more. The proposed set of conditions are: -// NodeReady, NodeReachable -const ( - // NodeReady means kubelet is healthy and ready to accept pods. - NodeReady NodeConditionType = "Ready" - // NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. - NodeMemoryPressure NodeConditionType = "MemoryPressure" - // NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. - NodeDiskPressure NodeConditionType = "DiskPressure" - // NodeNetworkUnavailable means that network for the node is not correctly configured. - NodeNetworkUnavailable NodeConditionType = "NetworkUnavailable" -) - -// NodeCondition represents the node's condition -type NodeCondition struct { - Type NodeConditionType - Status ConditionStatus - // +optional - LastHeartbeatTime metav1.Time - // +optional - LastTransitionTime metav1.Time - // +optional - Reason string - // +optional - Message string -} - -// NodeAddressType defines the node's address type -type NodeAddressType string - -// These are valid values of node address type -const ( - // NodeHostName identifies a name of the node. Although every node can be assumed - // to have a NodeAddress of this type, its exact syntax and semantics are not - // defined, and are not consistent between different clusters. - NodeHostName NodeAddressType = "Hostname" - - // NodeInternalIP identifies an IP address which is assigned to one of the node's - // network interfaces. Every node should have at least one address of this type. - // - // An internal IP is normally expected to be reachable from every other node, but - // may not be visible to hosts outside the cluster. By default it is assumed that - // kube-apiserver can reach node internal IPs, though it is possible to configure - // clusters where this is not the case. - // - // NodeInternalIP is the default type of node IP, and does not necessarily imply - // that the IP is ONLY reachable internally. If a node has multiple internal IPs, - // no specific semantics are assigned to the additional IPs. - NodeInternalIP NodeAddressType = "InternalIP" - - // NodeExternalIP identifies an IP address which is, in some way, intended to be - // more usable from outside the cluster then an internal IP, though no specific - // semantics are defined. It may be a globally routable IP, though it is not - // required to be. - // - // External IPs may be assigned directly to an interface on the node, like a - // NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed - // to an internal node IP rather than being delivered directly (making the IP less - // efficient for node-to-node traffic than a NodeInternalIP). - NodeExternalIP NodeAddressType = "ExternalIP" - - // NodeInternalDNS identifies a DNS name which resolves to an IP address which has - // the characteristics of a NodeInternalIP. The IP it resolves to may or may not - // be a listed NodeInternalIP address. - NodeInternalDNS NodeAddressType = "InternalDNS" - - // NodeExternalDNS identifies a DNS name which resolves to an IP address which has - // the characteristics of a NodeExternalIP. The IP it resolves to may or may not - // be a listed NodeExternalIP address. - NodeExternalDNS NodeAddressType = "ExternalDNS" -) - -// NodeAddress represents node's address -type NodeAddress struct { - Type NodeAddressType - Address string -} - -// NodeResources is an object for conveying resource information about a node. -// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. -type NodeResources struct { - // Capacity represents the available resources of a node - // +optional - Capacity ResourceList -} - -// ResourceName is the name identifying various resources in a ResourceList. -type ResourceName string - -// Resource names must be not more than 63 characters, consisting of upper- or lower-case alphanumeric characters, -// with the -, _, and . characters allowed anywhere, except the first or last character. -// The default convention, matching that for annotations, is to use lower-case names, with dashes, rather than -// camel case, separating compound words. -// Fully-qualified resource typenames are constructed from a DNS-style subdomain, followed by a slash `/` and a name. -const ( - // CPU, in cores. (500m = .5 cores) - ResourceCPU ResourceName = "cpu" - // Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) - ResourceMemory ResourceName = "memory" - // Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) - ResourceStorage ResourceName = "storage" - // Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) - // The resource name for ResourceEphemeralStorage is alpha and it can change across releases. - ResourceEphemeralStorage ResourceName = "ephemeral-storage" -) - -const ( - // ResourceDefaultNamespacePrefix is the default namespace prefix. - ResourceDefaultNamespacePrefix = "kubernetes.io/" - // ResourceHugePagesPrefix is the name prefix for huge page resources (alpha). - ResourceHugePagesPrefix = "hugepages-" - // ResourceAttachableVolumesPrefix is the name prefix for storage resource limits - ResourceAttachableVolumesPrefix = "attachable-volumes-" -) - -// ResourceList is a set of (resource name, quantity) pairs. -type ResourceList map[ResourceName]resource.Quantity - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Node is a worker node in Kubernetes -// The name of the node according to etcd is in ObjectMeta.Name. -type Node struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the behavior of a node. - // +optional - Spec NodeSpec - - // Status describes the current status of a Node - // +optional - Status NodeStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NodeList is a list of nodes. -type NodeList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Node -} - -// NamespaceSpec describes the attributes on a Namespace -type NamespaceSpec struct { - // Finalizers is an opaque list of values that must be empty to permanently remove object from storage - Finalizers []FinalizerName -} - -// FinalizerName is the name identifying a finalizer during namespace lifecycle. -type FinalizerName string - -// These are internal finalizer values to Kubernetes, must be qualified name unless defined here or -// in metav1. -const ( - FinalizerKubernetes FinalizerName = "kubernetes" -) - -// NamespaceStatus is information about the current status of a Namespace. -type NamespaceStatus struct { - // Phase is the current lifecycle phase of the namespace. - // +optional - Phase NamespacePhase - // +optional - Conditions []NamespaceCondition -} - -// NamespacePhase defines the phase in which the namespace is -type NamespacePhase string - -// These are the valid phases of a namespace. -const ( - // NamespaceActive means the namespace is available for use in the system - NamespaceActive NamespacePhase = "Active" - // NamespaceTerminating means the namespace is undergoing graceful termination - NamespaceTerminating NamespacePhase = "Terminating" -) - -// NamespaceConditionType defines constants reporting on status during namespace lifetime and deletion progress -type NamespaceConditionType string - -// These are valid conditions of a namespace. -const ( - NamespaceDeletionDiscoveryFailure NamespaceConditionType = "NamespaceDeletionDiscoveryFailure" - NamespaceDeletionContentFailure NamespaceConditionType = "NamespaceDeletionContentFailure" - NamespaceDeletionGVParsingFailure NamespaceConditionType = "NamespaceDeletionGroupVersionParsingFailure" -) - -// NamespaceCondition contains details about state of namespace. -type NamespaceCondition struct { - // Type of namespace controller condition. - Type NamespaceConditionType - // Status of the condition, one of True, False, Unknown. - Status ConditionStatus - // +optional - LastTransitionTime metav1.Time - // +optional - Reason string - // +optional - Message string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Namespace provides a scope for Names. -// Use of multiple namespaces is optional -type Namespace struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the behavior of the Namespace. - // +optional - Spec NamespaceSpec - - // Status describes the current status of a Namespace - // +optional - Status NamespaceStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NamespaceList is a list of Namespaces. -type NamespaceList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Namespace -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. -// Deprecated in 1.7, please use the bindings subresource of pods instead. -type Binding struct { - metav1.TypeMeta - // ObjectMeta describes the object that is being bound. - // +optional - metav1.ObjectMeta - - // Target is the object to bind to. - Target ObjectReference -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -type Preconditions struct { - // Specifies the target UID. - // +optional - UID *types.UID -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodLogOptions is the query options for a Pod's logs REST call -type PodLogOptions struct { - metav1.TypeMeta - - // Container for which to return logs - Container string - // If true, follow the logs for the pod - Follow bool - // If true, return previous terminated container logs - Previous bool - // A relative time in seconds before the current time from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - SinceSeconds *int64 - // An RFC3339 timestamp from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - SinceTime *metav1.Time - // If true, add an RFC 3339 timestamp with 9 digits of fractional seconds at the beginning of every line - // of log output. - Timestamps bool - // If set, the number of lines from the end of the logs to show. If not specified, - // logs are shown from the creation of the container or sinceSeconds or sinceTime - TailLines *int64 - // If set, the number of bytes to read from the server before terminating the - // log output. This may not display a complete final line of logging, and may return - // slightly more or slightly less than the specified limit. - LimitBytes *int64 - - // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the - // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver - // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real - // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the - // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept - // the actual log data coming from the real kubelet). - // +optional - InsecureSkipTLSVerifyBackend bool -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodAttachOptions is the query options to a Pod's remote attach call -// TODO: merge w/ PodExecOptions below for stdin, stdout, etc -type PodAttachOptions struct { - metav1.TypeMeta - - // Stdin if true indicates that stdin is to be redirected for the attach call - // +optional - Stdin bool - - // Stdout if true indicates that stdout is to be redirected for the attach call - // +optional - Stdout bool - - // Stderr if true indicates that stderr is to be redirected for the attach call - // +optional - Stderr bool - - // TTY if true indicates that a tty will be allocated for the attach call - // +optional - TTY bool - - // Container to attach to. - // +optional - Container string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodExecOptions is the query options to a Pod's remote exec call -type PodExecOptions struct { - metav1.TypeMeta - - // Stdin if true indicates that stdin is to be redirected for the exec call - Stdin bool - - // Stdout if true indicates that stdout is to be redirected for the exec call - Stdout bool - - // Stderr if true indicates that stderr is to be redirected for the exec call - Stderr bool - - // TTY if true indicates that a tty will be allocated for the exec call - TTY bool - - // Container in which to execute the command. - Container string - - // Command is the remote command to execute; argv array; not executed within a shell. - Command []string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodPortForwardOptions is the query options to a Pod's port forward call -type PodPortForwardOptions struct { - metav1.TypeMeta - - // The list of ports to forward - // +optional - Ports []int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodProxyOptions is the query options to a Pod's proxy call -type PodProxyOptions struct { - metav1.TypeMeta - - // Path is the URL path to use for the current proxy request - Path string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NodeProxyOptions is the query options to a Node's proxy call -type NodeProxyOptions struct { - metav1.TypeMeta - - // Path is the URL path to use for the current proxy request - Path string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ServiceProxyOptions is the query options to a Service's proxy call. -type ServiceProxyOptions struct { - metav1.TypeMeta - - // Path is the part of URLs that include service endpoints, suffixes, - // and parameters to use for the current proxy request to service. - // For example, the whole request URL is - // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. - // Path is _search?q=user:kimchy. - Path string -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type ObjectReference struct { - // +optional - Kind string - // +optional - Namespace string - // +optional - Name string - // +optional - UID types.UID - // +optional - APIVersion string - // +optional - ResourceVersion string - - // Optional. If referring to a piece of an object instead of an entire object, this string - // should contain information to identify the sub-object. For example, if the object - // reference is to a container within a pod, this would take on a value like: - // "spec.containers{name}" (where "name" refers to the name of the container that triggered - // the event) or if no container name is specified "spec.containers[2]" (container with - // index 2 in this pod). This syntax is chosen only to have some well-defined way of - // referencing a part of an object. - // TODO: this design is not final and this field is subject to change in the future. - // +optional - FieldPath string -} - -// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. -type LocalObjectReference struct { - // TODO: Add other useful fields. apiVersion, kind, uid? - Name string -} - -// TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. -type TypedLocalObjectReference struct { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - APIGroup *string - // Kind is the type of resource being referenced - Kind string - // Name is the name of resource being referenced - Name string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SerializedReference represents a serialized object reference -type SerializedReference struct { - metav1.TypeMeta - // +optional - Reference ObjectReference -} - -// EventSource represents the source from which an event is generated -type EventSource struct { - // Component from which the event is generated. - // +optional - Component string - // Node name on which the event is generated. - // +optional - Host string -} - -// Valid values for event types (new types could be added in future) -const ( - // Information only and will not cause any problems - EventTypeNormal string = "Normal" - // These events are to warn that something might go wrong - EventTypeWarning string = "Warning" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Event is a report of an event somewhere in the cluster. Events -// have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -// TODO: Decide whether to store these separately or with the object they apply to. -type Event struct { - metav1.TypeMeta - - metav1.ObjectMeta - - // The object that this event is about. Mapped to events.Event.regarding - // +optional - InvolvedObject ObjectReference - - // Optional; this should be a short, machine understandable string that gives the reason - // for this event being generated. For example, if the event is reporting that a container - // can't start, the Reason might be "ImageNotFound". - // TODO: provide exact specification for format. - // +optional - Reason string - - // Optional. A human-readable description of the status of this operation. - // TODO: decide on maximum length. Mapped to events.Event.note - // +optional - Message string - - // Optional. The component reporting this event. Should be a short machine understandable string. - // +optional - Source EventSource - - // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) - // +optional - FirstTimestamp metav1.Time - - // The time at which the most recent occurrence of this event was recorded. - // +optional - LastTimestamp metav1.Time - - // The number of times this event has occurred. - // +optional - Count int32 - - // Type of this event (Normal, Warning), new types could be added in the future. - // +optional - Type string - - // Time when this Event was first observed. - // +optional - EventTime metav1.MicroTime - - // Data about the Event series this event represents or nil if it's a singleton Event. - // +optional - Series *EventSeries - - // What action was taken/failed regarding to the Regarding object. - // +optional - Action string - - // Optional secondary object for more complex actions. - // +optional - Related *ObjectReference - - // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // +optional - ReportingController string - - // ID of the controller instance, e.g. `kubelet-xyzf`. - // +optional - ReportingInstance string -} - -// EventSeries represents a series ov events -type EventSeries struct { - // Number of occurrences in this series up to the last heartbeat time - Count int32 - // Time of the last occurrence observed - LastObservedTime metav1.MicroTime -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EventList is a list of events. -type EventList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Event -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// List holds a list of objects, which may not be known by the server. -type List metainternalversion.List - -// LimitType defines a type of object that is limited -type LimitType string - -const ( - // LimitTypePod defines limit that applies to all pods in a namespace - LimitTypePod LimitType = "Pod" - // LimitTypeContainer defines limit that applies to all containers in a namespace - LimitTypeContainer LimitType = "Container" - // LimitTypePersistentVolumeClaim defines limit that applies to all persistent volume claims in a namespace - LimitTypePersistentVolumeClaim LimitType = "PersistentVolumeClaim" -) - -// LimitRangeItem defines a min/max usage limit for any resource that matches on kind -type LimitRangeItem struct { - // Type of resource that this limit applies to - // +optional - Type LimitType - // Max usage constraints on this kind by resource name - // +optional - Max ResourceList - // Min usage constraints on this kind by resource name - // +optional - Min ResourceList - // Default resource requirement limit value by resource name. - // +optional - Default ResourceList - // DefaultRequest resource requirement request value by resource name. - // +optional - DefaultRequest ResourceList - // MaxLimitRequestRatio represents the max burst value for the named resource - // +optional - MaxLimitRequestRatio ResourceList -} - -// LimitRangeSpec defines a min/max usage limit for resources that match on kind -type LimitRangeSpec struct { - // Limits is the list of LimitRangeItem objects that are enforced - Limits []LimitRangeItem -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// LimitRange sets resource usage limits for each kind of resource in a Namespace -type LimitRange struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the limits enforced - // +optional - Spec LimitRangeSpec -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// LimitRangeList is a list of LimitRange items. -type LimitRangeList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // Items is a list of LimitRange objects - Items []LimitRange -} - -// The following identify resource constants for Kubernetes object types -const ( - // Pods, number - ResourcePods ResourceName = "pods" - // Services, number - ResourceServices ResourceName = "services" - // ReplicationControllers, number - ResourceReplicationControllers ResourceName = "replicationcontrollers" - // ResourceQuotas, number - ResourceQuotas ResourceName = "resourcequotas" - // ResourceSecrets, number - ResourceSecrets ResourceName = "secrets" - // ResourceConfigMaps, number - ResourceConfigMaps ResourceName = "configmaps" - // ResourcePersistentVolumeClaims, number - ResourcePersistentVolumeClaims ResourceName = "persistentvolumeclaims" - // ResourceServicesNodePorts, number - ResourceServicesNodePorts ResourceName = "services.nodeports" - // ResourceServicesLoadBalancers, number - ResourceServicesLoadBalancers ResourceName = "services.loadbalancers" - // CPU request, in cores. (500m = .5 cores) - ResourceRequestsCPU ResourceName = "requests.cpu" - // Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) - ResourceRequestsMemory ResourceName = "requests.memory" - // Storage request, in bytes - ResourceRequestsStorage ResourceName = "requests.storage" - // Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) - ResourceRequestsEphemeralStorage ResourceName = "requests.ephemeral-storage" - // CPU limit, in cores. (500m = .5 cores) - ResourceLimitsCPU ResourceName = "limits.cpu" - // Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) - ResourceLimitsMemory ResourceName = "limits.memory" - // Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) - ResourceLimitsEphemeralStorage ResourceName = "limits.ephemeral-storage" -) - -// The following identify resource prefix for Kubernetes object types -const ( - // HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) - // As burst is not supported for HugePages, we would only quota its request, and ignore the limit. - ResourceRequestsHugePagesPrefix = "requests.hugepages-" - // Default resource requests prefix - DefaultResourceRequestsPrefix = "requests." -) - -// ResourceQuotaScope defines a filter that must match each object tracked by a quota -type ResourceQuotaScope string - -// These are valid values for resource quota spec -const ( - // Match all pod objects where spec.activeDeadlineSeconds >=0 - ResourceQuotaScopeTerminating ResourceQuotaScope = "Terminating" - // Match all pod objects where spec.activeDeadlineSeconds is nil - ResourceQuotaScopeNotTerminating ResourceQuotaScope = "NotTerminating" - // Match all pod objects that have best effort quality of service - ResourceQuotaScopeBestEffort ResourceQuotaScope = "BestEffort" - // Match all pod objects that do not have best effort quality of service - ResourceQuotaScopeNotBestEffort ResourceQuotaScope = "NotBestEffort" - // Match all pod objects that have priority class mentioned - ResourceQuotaScopePriorityClass ResourceQuotaScope = "PriorityClass" - // Match all pod objects that have cross-namespace pod (anti)affinity mentioned - ResourceQuotaScopeCrossNamespacePodAffinity ResourceQuotaScope = "CrossNamespacePodAffinity" -) - -// ResourceQuotaSpec defines the desired hard limits to enforce for Quota -type ResourceQuotaSpec struct { - // Hard is the set of desired hard limits for each named resource - // +optional - Hard ResourceList - // A collection of filters that must match each object tracked by a quota. - // If not specified, the quota matches all objects. - // +optional - Scopes []ResourceQuotaScope - // ScopeSelector is also a collection of filters like Scopes that must match each object tracked by a quota - // but expressed using ScopeSelectorOperator in combination with possible values. - // +optional - ScopeSelector *ScopeSelector -} - -// ScopeSelector represents the AND of the selectors represented -// by the scoped-resource selector terms. -type ScopeSelector struct { - // A list of scope selector requirements by scope of the resources. - // +optional - MatchExpressions []ScopedResourceSelectorRequirement -} - -// ScopedResourceSelectorRequirement is a selector that contains values, a scope name, and an operator -// that relates the scope name and values. -type ScopedResourceSelectorRequirement struct { - // The name of the scope that the selector applies to. - ScopeName ResourceQuotaScope - // Represents a scope's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. - Operator ScopeSelectorOperator - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. - // This array is replaced during a strategic merge patch. - // +optional - Values []string -} - -// ScopeSelectorOperator is the set of operators that can be used in -// a scope selector requirement. -type ScopeSelectorOperator string - -// These are the valid values for ScopeSelectorOperator -const ( - ScopeSelectorOpIn ScopeSelectorOperator = "In" - ScopeSelectorOpNotIn ScopeSelectorOperator = "NotIn" - ScopeSelectorOpExists ScopeSelectorOperator = "Exists" - ScopeSelectorOpDoesNotExist ScopeSelectorOperator = "DoesNotExist" -) - -// ResourceQuotaStatus defines the enforced hard limits and observed use -type ResourceQuotaStatus struct { - // Hard is the set of enforced hard limits for each named resource - // +optional - Hard ResourceList - // Used is the current observed total usage of the resource in the namespace - // +optional - Used ResourceList -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceQuota sets aggregate quota restrictions enforced per namespace -type ResourceQuota struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the desired quota - // +optional - Spec ResourceQuotaSpec - - // Status defines the actual enforced quota and its current usage - // +optional - Status ResourceQuotaStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceQuotaList is a list of ResourceQuota items -type ResourceQuotaList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // Items is a list of ResourceQuota objects - Items []ResourceQuota -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Secret holds secret data of a certain type. The total bytes of the values in -// the Data field must be less than MaxSecretSize bytes. -type Secret struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Immutable field, if set, ensures that data stored in the Secret cannot - // be updated (only object metadata can be modified). - // +optional - Immutable *bool - - // Data contains the secret data. Each key must consist of alphanumeric - // characters, '-', '_' or '.'. The serialized form of the secret data is a - // base64 encoded string, representing the arbitrary (possibly non-string) - // data value here. - // +optional - Data map[string][]byte `datapolicy:"password,security-key,token"` - - // Used to facilitate programmatic handling of secret data. - // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types - // +optional - Type SecretType -} - -// MaxSecretSize represents the max secret size. -const MaxSecretSize = 1 * 1024 * 1024 - -// SecretType defines the types of secrets -type SecretType string - -// These are the valid values for SecretType -const ( - // SecretTypeOpaque is the default; arbitrary user-defined data - SecretTypeOpaque SecretType = "Opaque" - - // SecretTypeServiceAccountToken contains a token that identifies a service account to the API - // - // Required fields: - // - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies - // - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies - // - Secret.Data["token"] - a token that identifies the service account to the API - SecretTypeServiceAccountToken SecretType = "kubernetes.io/service-account-token" - - // ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets - ServiceAccountNameKey = "kubernetes.io/service-account.name" - // ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets - ServiceAccountUIDKey = "kubernetes.io/service-account.uid" - // ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets - ServiceAccountTokenKey = "token" - // ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets - ServiceAccountKubeconfigKey = "kubernetes.kubeconfig" - // ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets - ServiceAccountRootCAKey = "ca.crt" - // ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls - ServiceAccountNamespaceKey = "namespace" - - // SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg - // - // Required fields: - // - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file - SecretTypeDockercfg SecretType = "kubernetes.io/dockercfg" - - // DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets - DockerConfigKey = ".dockercfg" - - // SecretTypeDockerConfigJSON contains a dockercfg file that follows the same format rules as ~/.docker/config.json - // - // Required fields: - // - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file - SecretTypeDockerConfigJSON SecretType = "kubernetes.io/dockerconfigjson" - - // DockerConfigJSONKey is the key of the required data for SecretTypeDockerConfigJson secrets - DockerConfigJSONKey = ".dockerconfigjson" - - // SecretTypeBasicAuth contains data needed for basic authentication. - // - // Required at least one of fields: - // - Secret.Data["username"] - username used for authentication - // - Secret.Data["password"] - password or token needed for authentication - SecretTypeBasicAuth SecretType = "kubernetes.io/basic-auth" - - // BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets - BasicAuthUsernameKey = "username" - // BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets - BasicAuthPasswordKey = "password" - - // SecretTypeSSHAuth contains data needed for SSH authentication. - // - // Required field: - // - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication - SecretTypeSSHAuth SecretType = "kubernetes.io/ssh-auth" - - // SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets - SSHAuthPrivateKey = "ssh-privatekey" - - // SecretTypeTLS contains information about a TLS client or server secret. It - // is primarily used with TLS termination of the Ingress resource, but may be - // used in other types. - // - // Required fields: - // - Secret.Data["tls.key"] - TLS private key. - // Secret.Data["tls.crt"] - TLS certificate. - // TODO: Consider supporting different formats, specifying CA/destinationCA. - SecretTypeTLS SecretType = "kubernetes.io/tls" - - // TLSCertKey is the key for tls certificates in a TLS secret. - TLSCertKey = "tls.crt" - // TLSPrivateKeyKey is the key for the private key field in a TLS secret. - TLSPrivateKeyKey = "tls.key" - // SecretTypeBootstrapToken is used during the automated bootstrap process (first - // implemented by kubeadm). It stores tokens that are used to sign well known - // ConfigMaps. They are used for authn. - SecretTypeBootstrapToken SecretType = "bootstrap.kubernetes.io/token" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SecretList represents the list of secrets -type SecretList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []Secret -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ConfigMap holds configuration data for components or applications to consume. -type ConfigMap struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Immutable field, if set, ensures that data stored in the ConfigMap cannot - // be updated (only object metadata can be modified). - // +optional - Immutable *bool - - // Data contains the configuration data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // Values with non-UTF-8 byte sequences must use the BinaryData field. - // The keys stored in Data must not overlap with the keys in - // the BinaryData field, this is enforced during validation process. - // +optional - Data map[string]string - - // BinaryData contains the binary data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // BinaryData can contain byte sequences that are not in the UTF-8 range. - // The keys stored in BinaryData must not overlap with the ones in - // the Data field, this is enforced during validation process. - // Using this field will require 1.10+ apiserver and - // kubelet. - // +optional - BinaryData map[string][]byte -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ConfigMapList is a resource containing a list of ConfigMap objects. -type ConfigMapList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // Items is the list of ConfigMaps. - Items []ConfigMap -} - -// These constants are for remote command execution and port forwarding and are -// used by both the client side and server side components. -// -// This is probably not the ideal place for them, but it didn't seem worth it -// to create pkg/exec and pkg/portforward just to contain a single file with -// constants in it. Suggestions for more appropriate alternatives are -// definitely welcome! -const ( - // Enable stdin for remote command execution - ExecStdinParam = "input" - // Enable stdout for remote command execution - ExecStdoutParam = "output" - // Enable stderr for remote command execution - ExecStderrParam = "error" - // Enable TTY for remote command execution - ExecTTYParam = "tty" - // Command to run for remote command execution - ExecCommandParam = "command" - - // Name of header that specifies stream type - StreamType = "streamType" - // Value for streamType header for stdin stream - StreamTypeStdin = "stdin" - // Value for streamType header for stdout stream - StreamTypeStdout = "stdout" - // Value for streamType header for stderr stream - StreamTypeStderr = "stderr" - // Value for streamType header for data stream - StreamTypeData = "data" - // Value for streamType header for error stream - StreamTypeError = "error" - // Value for streamType header for terminal resize stream - StreamTypeResize = "resize" - - // Name of header that specifies the port being forwarded - PortHeader = "port" - // Name of header that specifies a request ID used to associate the error - // and data streams for a single forwarded connection - PortForwardRequestIDHeader = "requestID" -) - -// ComponentConditionType defines type and constants for component health validation. -type ComponentConditionType string - -// These are the valid conditions for the component. -const ( - ComponentHealthy ComponentConditionType = "Healthy" -) - -// ComponentCondition represents the condition of a component -type ComponentCondition struct { - Type ComponentConditionType - Status ConditionStatus - // +optional - Message string - // +optional - Error string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ComponentStatus (and ComponentStatusList) holds the cluster validation info. -// Deprecated: This API is deprecated in v1.19+ -type ComponentStatus struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // +optional - Conditions []ComponentCondition -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ComponentStatusList represents the list of component statuses -// Deprecated: This API is deprecated in v1.19+ -type ComponentStatusList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []ComponentStatus -} - -// SecurityContext holds security configuration that will be applied to a container. -// Some fields are present in both SecurityContext and PodSecurityContext. When both -// are set, the values in SecurityContext take precedence. -type SecurityContext struct { - // The capabilities to add/drop when running containers. - // Defaults to the default set of capabilities granted by the container runtime. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - Capabilities *Capabilities - // Run container in privileged mode. - // Processes in privileged containers are essentially equivalent to root on the host. - // Defaults to false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - Privileged *bool - // The SELinux context to be applied to the container. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - SELinuxOptions *SELinuxOptions - // The Windows specific settings applied to all containers. - // If unspecified, the options from the PodSecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - WindowsOptions *WindowsSecurityContextOptions - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - RunAsUser *int64 - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - RunAsGroup *int64 - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - RunAsNonRoot *bool - // The read-only root filesystem allows you to restrict the locations that an application can write - // files to, ensuring the persistent data can only be written to mounts. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - ReadOnlyRootFilesystem *bool - // AllowPrivilegeEscalation controls whether a process can gain more - // privileges than its parent process. This bool directly controls if - // the no_new_privs flag will be set on the container process. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - AllowPrivilegeEscalation *bool - // ProcMount denotes the type of proc mount to use for the containers. - // The default is DefaultProcMount which uses the container runtime defaults for - // readonly paths and masked paths. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - ProcMount *ProcMountType - // The seccomp options to use by this container. If seccomp options are - // provided at both the pod & container level, the container options - // override the pod options. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - SeccompProfile *SeccompProfile -} - -// ProcMountType defines the type of proc mount -type ProcMountType string - -const ( - // DefaultProcMount uses the container runtime defaults for readonly and masked - // paths for /proc. Most container runtimes mask certain paths in /proc to avoid - // accidental security exposure of special devices or information. - DefaultProcMount ProcMountType = "Default" - - // UnmaskedProcMount bypasses the default masking behavior of the container - // runtime and ensures the newly created /proc the container stays intact with - // no modifications. - UnmaskedProcMount ProcMountType = "Unmasked" -) - -// SELinuxOptions are the labels to be applied to the container. -type SELinuxOptions struct { - // SELinux user label - // +optional - User string - // SELinux role label - // +optional - Role string - // SELinux type label - // +optional - Type string - // SELinux level label. - // +optional - Level string -} - -// WindowsSecurityContextOptions contain Windows-specific options and credentials. -type WindowsSecurityContextOptions struct { - // GMSACredentialSpecName is the name of the GMSA credential spec to use. - // +optional - GMSACredentialSpecName *string - - // GMSACredentialSpec is where the GMSA admission webhook - // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - // GMSA credential spec named by the GMSACredentialSpecName field. - // +optional - GMSACredentialSpec *string - - // The UserName in Windows to run the entrypoint of the container process. - // Defaults to the user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - RunAsUserName *string - - // HostProcess determines if a container should be run as a 'Host Process' container. - // This field is alpha-level and will only be honored by components that enable the - // WindowsHostProcessContainers feature flag. Setting this field without the feature - // flag will result in errors when validating the Pod. All of a Pod's containers must - // have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - // containers and non-HostProcess containers). In addition, if HostProcess is true - // then HostNetwork must also be set to true. - // +optional - HostProcess *bool -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RangeAllocation is an opaque API object (not exposed to end users) that can be persisted to record -// the global allocation state of the cluster. The schema of Range and Data generic, in that Range -// should be a string representation of the inputs to a range (for instance, for IP allocation it -// might be a CIDR) and Data is an opaque blob understood by an allocator which is typically a -// binary range. Consumers should use annotations to record additional information (schema version, -// data encoding hints). A range allocation should *ALWAYS* be recreatable at any time by observation -// of the cluster, thus the object is less strongly typed than most. -type RangeAllocation struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - // A string representing a unique label for a range of resources, such as a CIDR "10.0.0.0/8" or - // port range "10000-30000". Range is not strongly schema'd here. The Range is expected to define - // a start and end unless there is an implicit end. - Range string - // A byte array representing the serialized state of a range allocation. Additional clarifiers on - // the type or format of data should be represented with annotations. For IP allocations, this is - // represented as a bit array starting at the base IP of the CIDR in Range, with each bit representing - // a single allocated address (the fifth bit on CIDR 10.0.0.0/8 is 10.0.0.4). - Data []byte -} - -const ( - // DefaultHardPodAffinitySymmetricWeight is the weight of implicit PreferredDuringScheduling affinity rule. - // - // RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule - // corresponding to every RequiredDuringScheduling affinity rule. - // When the --hard-pod-affinity-weight scheduler flag is not specified, - // DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. - DefaultHardPodAffinitySymmetricWeight int32 = 1 -) - -// UnsatisfiableConstraintAction defines the actions that can be taken for an -// unsatisfiable constraint. -type UnsatisfiableConstraintAction string - -const ( - // DoNotSchedule instructs the scheduler not to schedule the pod - // when constraints are not satisfied. - DoNotSchedule UnsatisfiableConstraintAction = "DoNotSchedule" - // ScheduleAnyway instructs the scheduler to schedule the pod - // even if constraints are not satisfied. - ScheduleAnyway UnsatisfiableConstraintAction = "ScheduleAnyway" -) - -// NodeInclusionPolicy defines the type of node inclusion policy -// +enum -type NodeInclusionPolicy string - -const ( - // NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. - NodeInclusionPolicyIgnore NodeInclusionPolicy = "Ignore" - // NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. - NodeInclusionPolicyHonor NodeInclusionPolicy = "Honor" -) - -// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -type TopologySpreadConstraint struct { - // MaxSkew describes the degree to which pods may be unevenly distributed. - // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - // between the number of matching pods in the target topology and the global minimum. - // The global minimum is the minimum number of matching pods in an eligible domain - // or zero if the number of eligible domains is less than MinDomains. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 2/2/1: - // In this case, the global minimum is 1. - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P | - // +-------+-------+-------+ - // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - // violate MaxSkew(1). - // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - // to topologies that satisfy it. - // It's a required field. Default value is 1 and 0 is not allowed. - MaxSkew int32 - // TopologyKey is the key of node labels. Nodes that have a label with this key - // and identical values are considered to be in the same topology. - // We consider each <key, value> as a "bucket", and try to put balanced number - // of pods into each bucket. - // We define a domain as a particular instance of a topology. - // Also, we define an eligible domain as a domain whose nodes meet the requirements of - // nodeAffinityPolicy and nodeTaintsPolicy. - // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - // It's a required field. - TopologyKey string - // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - // the spread constraint. - // - DoNotSchedule (default) tells the scheduler not to schedule it. - // - ScheduleAnyway tells the scheduler to schedule the pod in any location, - // but giving higher precedence to topologies that would help reduce the - // skew. - // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assignment for that pod would violate - // "MaxSkew" on some topology. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 3/1/1: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P P | P | P | - // +-------+-------+-------+ - // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - // won't make it *more* imbalanced. - // It's a required field. - WhenUnsatisfiable UnsatisfiableConstraintAction - // LabelSelector is used to find matching pods. - // Pods that match this label selector are counted to determine the number of pods - // in their corresponding topology domain. - // +optional - LabelSelector *metav1.LabelSelector - // MinDomains indicates a minimum number of eligible domains. - // When the number of eligible domains with matching topology keys is less than minDomains, - // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - // And when the number of eligible domains with matching topology keys equals or greater than minDomains, - // this value has no effect on scheduling. - // As a result, when the number of eligible domains is less than minDomains, - // scheduler won't schedule more than maxSkew Pods to those domains. - // If value is nil, the constraint behaves as if MinDomains is equal to 1. - // Valid values are integers greater than 0. - // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - // - // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - // labelSelector spread as 2/2/2: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P P | - // +-------+-------+-------+ - // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - // In this situation, new pod with the same labelSelector cannot be scheduled, - // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - // it will violate MaxSkew. - // - // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - // +optional - MinDomains *int32 - // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - // when calculating pod topology spread skew. Options are: - // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - // - // If this value is nil, the behavior is equivalent to the Honor policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - NodeAffinityPolicy *NodeInclusionPolicy - // NodeTaintsPolicy indicates how we will treat node taints when calculating - // pod topology spread skew. Options are: - // - Honor: nodes without taints, along with tainted nodes for which the incoming pod - // has a toleration, are included. - // - Ignore: node taints are ignored. All nodes are included. - // - // If this value is nil, the behavior is equivalent to the Ignore policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - NodeTaintsPolicy *NodeInclusionPolicy - // MatchLabelKeys is a set of pod label keys to select the pods over which - // spreading will be calculated. The keys are used to lookup values from the - // incoming pod labels, those key-value labels are ANDed with labelSelector - // to select the group of existing pods over which spreading will be calculated - // for the incoming pod. Keys that don't exist in the incoming pod labels will - // be ignored. A null or empty list means only match against labelSelector. - // +listType=atomic - // +optional - MatchLabelKeys []string -} - -// These are the built-in errors for PortStatus. -const ( - // MixedProtocolNotSupported error in PortStatus means that the cloud provider - // can't ensure the port on the load balancer because mixed values of protocols - // on the same LoadBalancer type of Service are not supported by the cloud provider. - MixedProtocolNotSupported = "MixedProtocolNotSupported" -) - -// PortStatus represents the error condition of a service port -type PortStatus struct { - // Port is the port number of the service port of which status is recorded here - Port int32 - // Protocol is the protocol of the service port of which status is recorded here - Protocol Protocol - // Error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - Error *string -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/OWNERS deleted file mode 100644 index dfcc2e714b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/OWNERS +++ /dev/null @@ -1,24 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - yujuhong - - derekwaynecarr - - caesarxuchao - - mikedanese - - liggitt - - sttts - - dchen1107 - - saad-ali - - luxas - - janetkuo - - justinsb - - ncdc - - tallclair - - jsafrane - - dims - - jayunit100 diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/conversion.go deleted file mode 100644 index 7869f0389b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/conversion.go +++ /dev/null @@ -1,544 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - "reflect" - - v1 "k8s.io/api/core/v1" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/core" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - // Add field conversion funcs. - err := scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Pod"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", - "metadata.namespace", - "spec.nodeName", - "spec.restartPolicy", - "spec.schedulerName", - "spec.serviceAccountName", - "status.phase", - "status.podIP", - "status.podIPs", - "status.nominatedNodeName": - return label, value, nil - // This is for backwards compatibility with old v1 clients which send spec.host - case "spec.host": - return "spec.nodeName", value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }, - ) - if err != nil { - return err - } - err = scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Node"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name": - return label, value, nil - case "spec.unschedulable": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }, - ) - if err != nil { - return err - } - err = scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("ReplicationController"), - func(label, value string) (string, string, error) { - switch label { - case "metadata.name", - "metadata.namespace", - "status.replicas": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }) - if err != nil { - return err - } - if err := AddFieldLabelConversionsForEvent(scheme); err != nil { - return err - } - if err := AddFieldLabelConversionsForNamespace(scheme); err != nil { - return err - } - if err := AddFieldLabelConversionsForSecret(scheme); err != nil { - return err - } - return nil -} - -func Convert_v1_ReplicationController_To_apps_ReplicaSet(in *v1.ReplicationController, out *apps.ReplicaSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ReplicationControllerSpec_To_apps_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_ReplicationControllerStatus_To_apps_ReplicaSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func Convert_v1_ReplicationControllerSpec_To_apps_ReplicaSetSpec(in *v1.ReplicationControllerSpec, out *apps.ReplicaSetSpec, s conversion.Scope) error { - out.Replicas = *in.Replicas - out.MinReadySeconds = in.MinReadySeconds - if in.Selector != nil { - out.Selector = new(metav1.LabelSelector) - metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&in.Selector, out.Selector, s) - } - if in.Template != nil { - if err := Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(in.Template, &out.Template, s); err != nil { - return err - } - } - return nil -} - -func Convert_v1_ReplicationControllerStatus_To_apps_ReplicaSetStatus(in *v1.ReplicationControllerStatus, out *apps.ReplicaSetStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - for _, cond := range in.Conditions { - out.Conditions = append(out.Conditions, apps.ReplicaSetCondition{ - Type: apps.ReplicaSetConditionType(cond.Type), - Status: core.ConditionStatus(cond.Status), - LastTransitionTime: cond.LastTransitionTime, - Reason: cond.Reason, - Message: cond.Message, - }) - } - return nil -} - -func Convert_apps_ReplicaSet_To_v1_ReplicationController(in *apps.ReplicaSet, out *v1.ReplicationController, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_ReplicaSetSpec_To_v1_ReplicationControllerSpec(&in.Spec, &out.Spec, s); err != nil { - fieldErr, ok := err.(*field.Error) - if !ok { - return err - } - if out.Annotations == nil { - out.Annotations = make(map[string]string) - } - out.Annotations[v1.NonConvertibleAnnotationPrefix+"/"+fieldErr.Field] = reflect.ValueOf(fieldErr.BadValue).String() - } - if err := Convert_apps_ReplicaSetStatus_To_v1_ReplicationControllerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func Convert_apps_ReplicaSetSpec_To_v1_ReplicationControllerSpec(in *apps.ReplicaSetSpec, out *v1.ReplicationControllerSpec, s conversion.Scope) error { - out.Replicas = new(int32) - *out.Replicas = in.Replicas - out.MinReadySeconds = in.MinReadySeconds - var invalidErr error - if in.Selector != nil { - invalidErr = metav1.Convert_v1_LabelSelector_To_Map_string_To_string(in.Selector, &out.Selector, s) - } - out.Template = new(v1.PodTemplateSpec) - if err := Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, out.Template, s); err != nil { - return err - } - return invalidErr -} - -func Convert_apps_ReplicaSetStatus_To_v1_ReplicationControllerStatus(in *apps.ReplicaSetStatus, out *v1.ReplicationControllerStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - for _, cond := range in.Conditions { - out.Conditions = append(out.Conditions, v1.ReplicationControllerCondition{ - Type: v1.ReplicationControllerConditionType(cond.Type), - Status: v1.ConditionStatus(cond.Status), - LastTransitionTime: cond.LastTransitionTime, - Reason: cond.Reason, - Message: cond.Message, - }) - } - return nil -} - -func Convert_core_ReplicationControllerSpec_To_v1_ReplicationControllerSpec(in *core.ReplicationControllerSpec, out *v1.ReplicationControllerSpec, s conversion.Scope) error { - out.Replicas = &in.Replicas - out.MinReadySeconds = in.MinReadySeconds - out.Selector = in.Selector - if in.Template != nil { - out.Template = new(v1.PodTemplateSpec) - if err := Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(in.Template, out.Template, s); err != nil { - return err - } - } else { - out.Template = nil - } - return nil -} - -func Convert_v1_ReplicationControllerSpec_To_core_ReplicationControllerSpec(in *v1.ReplicationControllerSpec, out *core.ReplicationControllerSpec, s conversion.Scope) error { - if in.Replicas != nil { - out.Replicas = *in.Replicas - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = in.Selector - if in.Template != nil { - out.Template = new(core.PodTemplateSpec) - if err := Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(in.Template, out.Template, s); err != nil { - return err - } - } else { - out.Template = nil - } - return nil -} - -func Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(in *core.PodTemplateSpec, out *v1.PodTemplateSpec, s conversion.Scope) error { - if err := autoConvert_core_PodTemplateSpec_To_v1_PodTemplateSpec(in, out, s); err != nil { - return err - } - - // drop init container annotations so they don't take effect on legacy kubelets. - // remove this once the oldest supported kubelet no longer honors the annotations over the field. - out.Annotations = dropInitContainerAnnotations(out.Annotations) - - return nil -} - -func Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(in *v1.PodTemplateSpec, out *core.PodTemplateSpec, s conversion.Scope) error { - if err := autoConvert_v1_PodTemplateSpec_To_core_PodTemplateSpec(in, out, s); err != nil { - return err - } - - // drop init container annotations so they don't show up as differences when receiving requests from old clients - out.Annotations = dropInitContainerAnnotations(out.Annotations) - - return nil -} - -func Convert_v1_PodStatus_To_core_PodStatus(in *v1.PodStatus, out *core.PodStatus, s conversion.Scope) error { - if err := autoConvert_v1_PodStatus_To_core_PodStatus(in, out, s); err != nil { - return err - } - - // If both fields (v1.PodIPs and v1.PodIP) are provided and differ, then PodIP is authoritative for compatibility with older kubelets - if (len(in.PodIP) > 0 && len(in.PodIPs) > 0) && (in.PodIP != in.PodIPs[0].IP) { - out.PodIPs = []core.PodIP{ - { - IP: in.PodIP, - }, - } - } - // at the this point, autoConvert copied v1.PodIPs -> core.PodIPs - // if v1.PodIPs was empty but v1.PodIP is not, then set core.PodIPs[0] with v1.PodIP - if len(in.PodIP) > 0 && len(in.PodIPs) == 0 { - out.PodIPs = []core.PodIP{ - { - IP: in.PodIP, - }, - } - } - return nil -} - -func Convert_core_PodStatus_To_v1_PodStatus(in *core.PodStatus, out *v1.PodStatus, s conversion.Scope) error { - if err := autoConvert_core_PodStatus_To_v1_PodStatus(in, out, s); err != nil { - return err - } - // at the this point autoConvert copied core.PodIPs -> v1.PodIPs - // v1.PodIP (singular value field, which does not exist in core) needs to - // be set with core.PodIPs[0] - if len(in.PodIPs) > 0 { - out.PodIP = in.PodIPs[0].IP - } - return nil -} - -// The following two v1.PodSpec conversions are done here to support v1.ServiceAccount -// as an alias for ServiceAccountName. -func Convert_core_PodSpec_To_v1_PodSpec(in *core.PodSpec, out *v1.PodSpec, s conversion.Scope) error { - if err := autoConvert_core_PodSpec_To_v1_PodSpec(in, out, s); err != nil { - return err - } - - // DeprecatedServiceAccount is an alias for ServiceAccountName. - out.DeprecatedServiceAccount = in.ServiceAccountName - - if in.SecurityContext != nil { - // the host namespace fields have to be handled here for backward compatibility - // with v1.0.0 - out.HostPID = in.SecurityContext.HostPID - out.HostNetwork = in.SecurityContext.HostNetwork - out.HostIPC = in.SecurityContext.HostIPC - out.ShareProcessNamespace = in.SecurityContext.ShareProcessNamespace - out.HostUsers = in.SecurityContext.HostUsers - } - - return nil -} - -func Convert_core_NodeSpec_To_v1_NodeSpec(in *core.NodeSpec, out *v1.NodeSpec, s conversion.Scope) error { - if err := autoConvert_core_NodeSpec_To_v1_NodeSpec(in, out, s); err != nil { - return err - } - // at the this point autoConvert copied core.PodCIDRs -> v1.PodCIDRs - // v1.PodCIDR (singular value field, which does not exist in core) needs to - // be set with core.PodCIDRs[0] - if len(in.PodCIDRs) > 0 { - out.PodCIDR = in.PodCIDRs[0] - } - return nil -} - -func Convert_v1_NodeSpec_To_core_NodeSpec(in *v1.NodeSpec, out *core.NodeSpec, s conversion.Scope) error { - if err := autoConvert_v1_NodeSpec_To_core_NodeSpec(in, out, s); err != nil { - return err - } - // If both fields (v1.PodCIDRs and v1.PodCIDR) are provided and differ, then PodCIDR is authoritative for compatibility with older clients - if (len(in.PodCIDR) > 0 && len(in.PodCIDRs) > 0) && (in.PodCIDR != in.PodCIDRs[0]) { - out.PodCIDRs = []string{in.PodCIDR} - } - - // at the this point, autoConvert copied v1.PodCIDRs -> core.PodCIDRs - // if v1.PodCIDRs was empty but v1.PodCIDR is not, then set core.PodCIDRs[0] with v1.PodCIDR - if len(in.PodCIDR) > 0 && len(in.PodCIDRs) == 0 { - out.PodCIDRs = []string{in.PodCIDR} - } - return nil -} - -func Convert_v1_PodSpec_To_core_PodSpec(in *v1.PodSpec, out *core.PodSpec, s conversion.Scope) error { - if err := autoConvert_v1_PodSpec_To_core_PodSpec(in, out, s); err != nil { - return err - } - - // We support DeprecatedServiceAccount as an alias for ServiceAccountName. - // If both are specified, ServiceAccountName (the new field) wins. - if in.ServiceAccountName == "" { - out.ServiceAccountName = in.DeprecatedServiceAccount - } - - // the host namespace fields have to be handled specially for backward compatibility - // with v1.0.0 - if out.SecurityContext == nil { - out.SecurityContext = new(core.PodSecurityContext) - } - out.SecurityContext.HostNetwork = in.HostNetwork - out.SecurityContext.HostPID = in.HostPID - out.SecurityContext.HostIPC = in.HostIPC - out.SecurityContext.ShareProcessNamespace = in.ShareProcessNamespace - out.SecurityContext.HostUsers = in.HostUsers - - return nil -} - -func Convert_v1_Pod_To_core_Pod(in *v1.Pod, out *core.Pod, s conversion.Scope) error { - if err := autoConvert_v1_Pod_To_core_Pod(in, out, s); err != nil { - return err - } - - // drop init container annotations so they don't show up as differences when receiving requests from old clients - out.Annotations = dropInitContainerAnnotations(out.Annotations) - - return nil -} - -func Convert_core_Pod_To_v1_Pod(in *core.Pod, out *v1.Pod, s conversion.Scope) error { - if err := autoConvert_core_Pod_To_v1_Pod(in, out, s); err != nil { - return err - } - - // drop init container annotations so they don't take effect on legacy kubelets. - // remove this once the oldest supported kubelet no longer honors the annotations over the field. - out.Annotations = dropInitContainerAnnotations(out.Annotations) - - return nil -} - -func Convert_v1_Secret_To_core_Secret(in *v1.Secret, out *core.Secret, s conversion.Scope) error { - if err := autoConvert_v1_Secret_To_core_Secret(in, out, s); err != nil { - return err - } - - // StringData overwrites Data - if len(in.StringData) > 0 { - if out.Data == nil { - out.Data = map[string][]byte{} - } - for k, v := range in.StringData { - out.Data[k] = []byte(v) - } - } - - return nil -} - -// +k8s:conversion-fn=copy-only -func Convert_v1_ResourceList_To_core_ResourceList(in *v1.ResourceList, out *core.ResourceList, s conversion.Scope) error { - if *in == nil { - return nil - } - if *out == nil { - *out = make(core.ResourceList, len(*in)) - } - for key, val := range *in { - // Moved to defaults - // TODO(#18538): We round up resource values to milli scale to maintain API compatibility. - // In the future, we should instead reject values that need rounding. - // const milliScale = -3 - // val.RoundUp(milliScale) - - (*out)[core.ResourceName(key)] = val - } - return nil -} - -func AddFieldLabelConversionsForEvent(scheme *runtime.Scheme) error { - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Event"), - func(label, value string) (string, string, error) { - switch label { - case "involvedObject.kind", - "involvedObject.namespace", - "involvedObject.name", - "involvedObject.uid", - "involvedObject.apiVersion", - "involvedObject.resourceVersion", - "involvedObject.fieldPath", - "reason", - "reportingComponent", - "source", - "type", - "metadata.namespace", - "metadata.name": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }) -} - -func AddFieldLabelConversionsForNamespace(scheme *runtime.Scheme) error { - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Namespace"), - func(label, value string) (string, string, error) { - switch label { - case "status.phase", - "metadata.name": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }) -} - -func AddFieldLabelConversionsForSecret(scheme *runtime.Scheme) error { - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Secret"), - func(label, value string) (string, string, error) { - switch label { - case "type", - "metadata.namespace", - "metadata.name": - return label, value, nil - default: - return "", "", fmt.Errorf("field label not supported: %s", label) - } - }) -} - -var initContainerAnnotations = map[string]bool{ - "pod.beta.kubernetes.io/init-containers": true, - "pod.alpha.kubernetes.io/init-containers": true, - "pod.beta.kubernetes.io/init-container-statuses": true, - "pod.alpha.kubernetes.io/init-container-statuses": true, -} - -// dropInitContainerAnnotations returns a copy of the annotations with init container annotations removed, -// or the original annotations if no init container annotations were present. -// -// this can be removed once no clients prior to 1.8 are supported, and no kubelets prior to 1.8 can be run -// (we don't support kubelets older than 2 versions skewed from the apiserver, but we don't prevent them, either) -func dropInitContainerAnnotations(oldAnnotations map[string]string) map[string]string { - if len(oldAnnotations) == 0 { - return oldAnnotations - } - - found := false - for k := range initContainerAnnotations { - if _, ok := oldAnnotations[k]; ok { - found = true - break - } - } - if !found { - return oldAnnotations - } - - newAnnotations := make(map[string]string, len(oldAnnotations)) - for k, v := range oldAnnotations { - if !initContainerAnnotations[k] { - newAnnotations[k] = v - } - } - return newAnnotations -} - -// Convert_core_LoadBalancerStatus_To_v1_LoadBalancerStatus is defined outside the autogenerated file for use by other API packages -func Convert_core_LoadBalancerStatus_To_v1_LoadBalancerStatus(in *core.LoadBalancerStatus, out *v1.LoadBalancerStatus, s conversion.Scope) error { - return autoConvert_core_LoadBalancerStatus_To_v1_LoadBalancerStatus(in, out, s) -} - -// Convert_v1_LoadBalancerStatus_To_core_LoadBalancerStatus is defined outside the autogenerated file for use by other API packages -func Convert_v1_LoadBalancerStatus_To_core_LoadBalancerStatus(in *v1.LoadBalancerStatus, out *core.LoadBalancerStatus, s conversion.Scope) error { - return autoConvert_v1_LoadBalancerStatus_To_core_LoadBalancerStatus(in, out, s) -} - -// Convert_core_Volume_To_v1_Volume is defined outside the autogenerated file for use by other API packages -func Convert_core_Volume_To_v1_Volume(in *core.Volume, out *v1.Volume, s conversion.Scope) error { - return autoConvert_core_Volume_To_v1_Volume(in, out, s) -} - -// Convert_v1_Volume_To_core_Volume is defined outside the autogenerated file for use by other API packages -func Convert_v1_Volume_To_core_Volume(in *v1.Volume, out *core.Volume, s conversion.Scope) error { - return autoConvert_v1_Volume_To_core_Volume(in, out, s) -} - -// Convert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec is defined outside the autogenerated file for use by other API packages -func Convert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(in *core.PersistentVolumeSpec, out *v1.PersistentVolumeSpec, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(in, out, s) -} - -// Convert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec is defined outside the autogenerated file for use by other API packages -func Convert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(in *v1.PersistentVolumeSpec, out *core.PersistentVolumeSpec, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/defaults.go deleted file mode 100644 index b42221691f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/defaults.go +++ /dev/null @@ -1,454 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "time" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/kubernetes/pkg/util/parsers" - "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_ResourceList(obj *v1.ResourceList) { - for key, val := range *obj { - // TODO(#18538): We round up resource values to milli scale to maintain API compatibility. - // In the future, we should instead reject values that need rounding. - const milliScale = -3 - val.RoundUp(milliScale) - - (*obj)[v1.ResourceName(key)] = val - } -} - -func SetDefaults_ReplicationController(obj *v1.ReplicationController) { - var labels map[string]string - if obj.Spec.Template != nil { - labels = obj.Spec.Template.Labels - } - // TODO: support templates defined elsewhere when we support them in the API - if labels != nil { - if len(obj.Spec.Selector) == 0 { - obj.Spec.Selector = labels - } - if len(obj.Labels) == 0 { - obj.Labels = labels - } - } - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } -} -func SetDefaults_Volume(obj *v1.Volume) { - if pointer.AllPtrFieldsNil(&obj.VolumeSource) { - obj.VolumeSource = v1.VolumeSource{ - EmptyDir: &v1.EmptyDirVolumeSource{}, - } - } -} -func SetDefaults_Container(obj *v1.Container) { - if obj.ImagePullPolicy == "" { - // Ignore error and assume it has been validated elsewhere - _, tag, _, _ := parsers.ParseImageName(obj.Image) - - // Check image tag - if tag == "latest" { - obj.ImagePullPolicy = v1.PullAlways - } else { - obj.ImagePullPolicy = v1.PullIfNotPresent - } - } - if obj.TerminationMessagePath == "" { - obj.TerminationMessagePath = v1.TerminationMessagePathDefault - } - if obj.TerminationMessagePolicy == "" { - obj.TerminationMessagePolicy = v1.TerminationMessageReadFile - } -} - -func SetDefaults_EphemeralContainer(obj *v1.EphemeralContainer) { - SetDefaults_Container((*v1.Container)(&obj.EphemeralContainerCommon)) -} - -func SetDefaults_Service(obj *v1.Service) { - if obj.Spec.SessionAffinity == "" { - obj.Spec.SessionAffinity = v1.ServiceAffinityNone - } - if obj.Spec.SessionAffinity == v1.ServiceAffinityNone { - obj.Spec.SessionAffinityConfig = nil - } - if obj.Spec.SessionAffinity == v1.ServiceAffinityClientIP { - if obj.Spec.SessionAffinityConfig == nil || obj.Spec.SessionAffinityConfig.ClientIP == nil || obj.Spec.SessionAffinityConfig.ClientIP.TimeoutSeconds == nil { - timeoutSeconds := v1.DefaultClientIPServiceAffinitySeconds - obj.Spec.SessionAffinityConfig = &v1.SessionAffinityConfig{ - ClientIP: &v1.ClientIPConfig{ - TimeoutSeconds: &timeoutSeconds, - }, - } - } - } - if obj.Spec.Type == "" { - obj.Spec.Type = v1.ServiceTypeClusterIP - } - for i := range obj.Spec.Ports { - sp := &obj.Spec.Ports[i] - if sp.Protocol == "" { - sp.Protocol = v1.ProtocolTCP - } - if sp.TargetPort == intstr.FromInt(0) || sp.TargetPort == intstr.FromString("") { - sp.TargetPort = intstr.FromInt(int(sp.Port)) - } - } - // Defaults ExternalTrafficPolicy field for NodePort / LoadBalancer service - // to Global for consistency. - if (obj.Spec.Type == v1.ServiceTypeNodePort || - obj.Spec.Type == v1.ServiceTypeLoadBalancer) && - obj.Spec.ExternalTrafficPolicy == "" { - obj.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeCluster - } - - if obj.Spec.InternalTrafficPolicy == nil { - if obj.Spec.Type == v1.ServiceTypeNodePort || obj.Spec.Type == v1.ServiceTypeLoadBalancer || obj.Spec.Type == v1.ServiceTypeClusterIP { - serviceInternalTrafficPolicyCluster := v1.ServiceInternalTrafficPolicyCluster - obj.Spec.InternalTrafficPolicy = &serviceInternalTrafficPolicyCluster - } - } - - if obj.Spec.Type == v1.ServiceTypeLoadBalancer { - if obj.Spec.AllocateLoadBalancerNodePorts == nil { - obj.Spec.AllocateLoadBalancerNodePorts = pointer.BoolPtr(true) - } - } -} -func SetDefaults_Pod(obj *v1.Pod) { - // If limits are specified, but requests are not, default requests to limits - // This is done here rather than a more specific defaulting pass on v1.ResourceRequirements - // because we only want this defaulting semantic to take place on a v1.Pod and not a v1.PodTemplate - for i := range obj.Spec.Containers { - // set requests to limits if requests are not specified, but limits are - if obj.Spec.Containers[i].Resources.Limits != nil { - if obj.Spec.Containers[i].Resources.Requests == nil { - obj.Spec.Containers[i].Resources.Requests = make(v1.ResourceList) - } - for key, value := range obj.Spec.Containers[i].Resources.Limits { - if _, exists := obj.Spec.Containers[i].Resources.Requests[key]; !exists { - obj.Spec.Containers[i].Resources.Requests[key] = value.DeepCopy() - } - } - } - } - for i := range obj.Spec.InitContainers { - if obj.Spec.InitContainers[i].Resources.Limits != nil { - if obj.Spec.InitContainers[i].Resources.Requests == nil { - obj.Spec.InitContainers[i].Resources.Requests = make(v1.ResourceList) - } - for key, value := range obj.Spec.InitContainers[i].Resources.Limits { - if _, exists := obj.Spec.InitContainers[i].Resources.Requests[key]; !exists { - obj.Spec.InitContainers[i].Resources.Requests[key] = value.DeepCopy() - } - } - } - } - if obj.Spec.EnableServiceLinks == nil { - enableServiceLinks := v1.DefaultEnableServiceLinks - obj.Spec.EnableServiceLinks = &enableServiceLinks - } -} -func SetDefaults_PodSpec(obj *v1.PodSpec) { - // New fields added here will break upgrade tests: - // https://github.com/kubernetes/kubernetes/issues/69445 - // In most cases the new defaulted field can added to SetDefaults_Pod instead of here, so - // that it only materializes in the Pod object and not all objects with a PodSpec field. - if obj.DNSPolicy == "" { - obj.DNSPolicy = v1.DNSClusterFirst - } - if obj.RestartPolicy == "" { - obj.RestartPolicy = v1.RestartPolicyAlways - } - if obj.HostNetwork { - defaultHostNetworkPorts(&obj.Containers) - defaultHostNetworkPorts(&obj.InitContainers) - } - if obj.SecurityContext == nil { - obj.SecurityContext = &v1.PodSecurityContext{} - } - if obj.TerminationGracePeriodSeconds == nil { - period := int64(v1.DefaultTerminationGracePeriodSeconds) - obj.TerminationGracePeriodSeconds = &period - } - if obj.SchedulerName == "" { - obj.SchedulerName = v1.DefaultSchedulerName - } -} -func SetDefaults_Probe(obj *v1.Probe) { - if obj.TimeoutSeconds == 0 { - obj.TimeoutSeconds = 1 - } - if obj.PeriodSeconds == 0 { - obj.PeriodSeconds = 10 - } - if obj.SuccessThreshold == 0 { - obj.SuccessThreshold = 1 - } - if obj.FailureThreshold == 0 { - obj.FailureThreshold = 3 - } -} -func SetDefaults_SecretVolumeSource(obj *v1.SecretVolumeSource) { - if obj.DefaultMode == nil { - perm := int32(v1.SecretVolumeSourceDefaultMode) - obj.DefaultMode = &perm - } -} -func SetDefaults_ConfigMapVolumeSource(obj *v1.ConfigMapVolumeSource) { - if obj.DefaultMode == nil { - perm := int32(v1.ConfigMapVolumeSourceDefaultMode) - obj.DefaultMode = &perm - } -} -func SetDefaults_DownwardAPIVolumeSource(obj *v1.DownwardAPIVolumeSource) { - if obj.DefaultMode == nil { - perm := int32(v1.DownwardAPIVolumeSourceDefaultMode) - obj.DefaultMode = &perm - } -} -func SetDefaults_Secret(obj *v1.Secret) { - if obj.Type == "" { - obj.Type = v1.SecretTypeOpaque - } -} -func SetDefaults_ProjectedVolumeSource(obj *v1.ProjectedVolumeSource) { - if obj.DefaultMode == nil { - perm := int32(v1.ProjectedVolumeSourceDefaultMode) - obj.DefaultMode = &perm - } -} -func SetDefaults_ServiceAccountTokenProjection(obj *v1.ServiceAccountTokenProjection) { - hour := int64(time.Hour.Seconds()) - if obj.ExpirationSeconds == nil { - obj.ExpirationSeconds = &hour - } -} -func SetDefaults_PersistentVolume(obj *v1.PersistentVolume) { - if obj.Status.Phase == "" { - obj.Status.Phase = v1.VolumePending - } - if obj.Spec.PersistentVolumeReclaimPolicy == "" { - obj.Spec.PersistentVolumeReclaimPolicy = v1.PersistentVolumeReclaimRetain - } - if obj.Spec.VolumeMode == nil { - obj.Spec.VolumeMode = new(v1.PersistentVolumeMode) - *obj.Spec.VolumeMode = v1.PersistentVolumeFilesystem - } -} -func SetDefaults_PersistentVolumeClaim(obj *v1.PersistentVolumeClaim) { - if obj.Status.Phase == "" { - obj.Status.Phase = v1.ClaimPending - } -} -func SetDefaults_PersistentVolumeClaimSpec(obj *v1.PersistentVolumeClaimSpec) { - if obj.VolumeMode == nil { - obj.VolumeMode = new(v1.PersistentVolumeMode) - *obj.VolumeMode = v1.PersistentVolumeFilesystem - } -} -func SetDefaults_ISCSIVolumeSource(obj *v1.ISCSIVolumeSource) { - if obj.ISCSIInterface == "" { - obj.ISCSIInterface = "default" - } -} -func SetDefaults_ISCSIPersistentVolumeSource(obj *v1.ISCSIPersistentVolumeSource) { - if obj.ISCSIInterface == "" { - obj.ISCSIInterface = "default" - } -} -func SetDefaults_AzureDiskVolumeSource(obj *v1.AzureDiskVolumeSource) { - if obj.CachingMode == nil { - obj.CachingMode = new(v1.AzureDataDiskCachingMode) - *obj.CachingMode = v1.AzureDataDiskCachingReadWrite - } - if obj.Kind == nil { - obj.Kind = new(v1.AzureDataDiskKind) - *obj.Kind = v1.AzureSharedBlobDisk - } - if obj.FSType == nil { - obj.FSType = new(string) - *obj.FSType = "ext4" - } - if obj.ReadOnly == nil { - obj.ReadOnly = new(bool) - *obj.ReadOnly = false - } -} -func SetDefaults_Endpoints(obj *v1.Endpoints) { - for i := range obj.Subsets { - ss := &obj.Subsets[i] - for i := range ss.Ports { - ep := &ss.Ports[i] - if ep.Protocol == "" { - ep.Protocol = v1.ProtocolTCP - } - } - } -} -func SetDefaults_HTTPGetAction(obj *v1.HTTPGetAction) { - if obj.Path == "" { - obj.Path = "/" - } - if obj.Scheme == "" { - obj.Scheme = v1.URISchemeHTTP - } -} - -// SetDefaults_Namespace adds a default label for all namespaces -func SetDefaults_Namespace(obj *v1.Namespace) { - // we can't SetDefaults for nameless namespaces (generateName). - // This code needs to be kept in sync with the implementation that exists - // in Namespace Canonicalize strategy (pkg/registry/core/namespace) - - // note that this can result in many calls to feature enablement in some cases, but - // we assume that there's no real cost there. - if len(obj.Name) > 0 { - if obj.Labels == nil { - obj.Labels = map[string]string{} - } - obj.Labels[v1.LabelMetadataName] = obj.Name - } -} - -func SetDefaults_NamespaceStatus(obj *v1.NamespaceStatus) { - if obj.Phase == "" { - obj.Phase = v1.NamespaceActive - } -} -func SetDefaults_NodeStatus(obj *v1.NodeStatus) { - if obj.Allocatable == nil && obj.Capacity != nil { - obj.Allocatable = make(v1.ResourceList, len(obj.Capacity)) - for key, value := range obj.Capacity { - obj.Allocatable[key] = value.DeepCopy() - } - obj.Allocatable = obj.Capacity - } -} -func SetDefaults_ObjectFieldSelector(obj *v1.ObjectFieldSelector) { - if obj.APIVersion == "" { - obj.APIVersion = "v1" - } -} -func SetDefaults_LimitRangeItem(obj *v1.LimitRangeItem) { - // for container limits, we apply default values - if obj.Type == v1.LimitTypeContainer { - - if obj.Default == nil { - obj.Default = make(v1.ResourceList) - } - if obj.DefaultRequest == nil { - obj.DefaultRequest = make(v1.ResourceList) - } - - // If a default limit is unspecified, but the max is specified, default the limit to the max - for key, value := range obj.Max { - if _, exists := obj.Default[key]; !exists { - obj.Default[key] = value.DeepCopy() - } - } - // If a default limit is specified, but the default request is not, default request to limit - for key, value := range obj.Default { - if _, exists := obj.DefaultRequest[key]; !exists { - obj.DefaultRequest[key] = value.DeepCopy() - } - } - // If a default request is not specified, but the min is provided, default request to the min - for key, value := range obj.Min { - if _, exists := obj.DefaultRequest[key]; !exists { - obj.DefaultRequest[key] = value.DeepCopy() - } - } - } -} -func SetDefaults_ConfigMap(obj *v1.ConfigMap) { - if obj.Data == nil { - obj.Data = make(map[string]string) - } -} - -// With host networking default all container ports to host ports. -func defaultHostNetworkPorts(containers *[]v1.Container) { - for i := range *containers { - for j := range (*containers)[i].Ports { - if (*containers)[i].Ports[j].HostPort == 0 { - (*containers)[i].Ports[j].HostPort = (*containers)[i].Ports[j].ContainerPort - } - } - } -} - -func SetDefaults_RBDVolumeSource(obj *v1.RBDVolumeSource) { - if obj.RBDPool == "" { - obj.RBDPool = "rbd" - } - if obj.RadosUser == "" { - obj.RadosUser = "admin" - } - if obj.Keyring == "" { - obj.Keyring = "/etc/ceph/keyring" - } -} - -func SetDefaults_RBDPersistentVolumeSource(obj *v1.RBDPersistentVolumeSource) { - if obj.RBDPool == "" { - obj.RBDPool = "rbd" - } - if obj.RadosUser == "" { - obj.RadosUser = "admin" - } - if obj.Keyring == "" { - obj.Keyring = "/etc/ceph/keyring" - } -} - -func SetDefaults_ScaleIOVolumeSource(obj *v1.ScaleIOVolumeSource) { - if obj.StorageMode == "" { - obj.StorageMode = "ThinProvisioned" - } - if obj.FSType == "" { - obj.FSType = "xfs" - } -} - -func SetDefaults_ScaleIOPersistentVolumeSource(obj *v1.ScaleIOPersistentVolumeSource) { - if obj.StorageMode == "" { - obj.StorageMode = "ThinProvisioned" - } - if obj.FSType == "" { - obj.FSType = "xfs" - } -} - -func SetDefaults_HostPathVolumeSource(obj *v1.HostPathVolumeSource) { - typeVol := v1.HostPathUnset - if obj.Type == nil { - obj.Type = &typeVol - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/doc.go deleted file mode 100644 index 2dc9f4c504..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/core -// +k8s:conversion-gen-external-types=k8s.io/api/core/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/core/v1 - -// Package v1 is the v1 version of the API. -package v1 // import "k8s.io/kubernetes/pkg/apis/core/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/helper/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/helper/helpers.go deleted file mode 100644 index be33b1f94c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/helper/helpers.go +++ /dev/null @@ -1,431 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package helper - -import ( - "fmt" - "strings" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/selection" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/kubernetes/pkg/apis/core/helper" -) - -// IsExtendedResourceName returns true if: -// 1. the resource name is not in the default namespace; -// 2. resource name does not have "requests." prefix, -// to avoid confusion with the convention in quota -// 3. it satisfies the rules in IsQualifiedName() after converted into quota resource name -func IsExtendedResourceName(name v1.ResourceName) bool { - if IsNativeResource(name) || strings.HasPrefix(string(name), v1.DefaultResourceRequestsPrefix) { - return false - } - // Ensure it satisfies the rules in IsQualifiedName() after converted into quota resource name - nameForQuota := fmt.Sprintf("%s%s", v1.DefaultResourceRequestsPrefix, string(name)) - if errs := validation.IsQualifiedName(nameForQuota); len(errs) != 0 { - return false - } - return true -} - -// IsPrefixedNativeResource returns true if the resource name is in the -// *kubernetes.io/ namespace. -func IsPrefixedNativeResource(name v1.ResourceName) bool { - return strings.Contains(string(name), v1.ResourceDefaultNamespacePrefix) -} - -// IsNativeResource returns true if the resource name is in the -// *kubernetes.io/ namespace. Partially-qualified (unprefixed) names are -// implicitly in the kubernetes.io/ namespace. -func IsNativeResource(name v1.ResourceName) bool { - return !strings.Contains(string(name), "/") || - IsPrefixedNativeResource(name) -} - -// IsHugePageResourceName returns true if the resource name has the huge page -// resource prefix. -func IsHugePageResourceName(name v1.ResourceName) bool { - return strings.HasPrefix(string(name), v1.ResourceHugePagesPrefix) -} - -// HugePageResourceName returns a ResourceName with the canonical hugepage -// prefix prepended for the specified page size. The page size is converted -// to its canonical representation. -func HugePageResourceName(pageSize resource.Quantity) v1.ResourceName { - return v1.ResourceName(fmt.Sprintf("%s%s", v1.ResourceHugePagesPrefix, pageSize.String())) -} - -// HugePageSizeFromResourceName returns the page size for the specified huge page -// resource name. If the specified input is not a valid huge page resource name -// an error is returned. -func HugePageSizeFromResourceName(name v1.ResourceName) (resource.Quantity, error) { - if !IsHugePageResourceName(name) { - return resource.Quantity{}, fmt.Errorf("resource name: %s is an invalid hugepage name", name) - } - pageSize := strings.TrimPrefix(string(name), v1.ResourceHugePagesPrefix) - return resource.ParseQuantity(pageSize) -} - -// HugePageUnitSizeFromByteSize returns hugepage size has the format. -// `size` must be guaranteed to divisible into the largest units that can be expressed. -// <size><unit-prefix>B (1024 = "1KB", 1048576 = "1MB", etc). -func HugePageUnitSizeFromByteSize(size int64) (string, error) { - // hugePageSizeUnitList is borrowed from opencontainers/runc/libcontainer/cgroups/utils.go - var hugePageSizeUnitList = []string{"B", "KB", "MB", "GB", "TB", "PB"} - idx := 0 - len := len(hugePageSizeUnitList) - 1 - for size%1024 == 0 && idx < len { - size /= 1024 - idx++ - } - if size > 1024 && idx < len { - return "", fmt.Errorf("size: %d%s must be guaranteed to divisible into the largest units", size, hugePageSizeUnitList[idx]) - } - return fmt.Sprintf("%d%s", size, hugePageSizeUnitList[idx]), nil -} - -// IsHugePageMedium returns true if the volume medium is in 'HugePages[-size]' format -func IsHugePageMedium(medium v1.StorageMedium) bool { - if medium == v1.StorageMediumHugePages { - return true - } - return strings.HasPrefix(string(medium), string(v1.StorageMediumHugePagesPrefix)) -} - -// HugePageSizeFromMedium returns the page size for the specified huge page medium. -// If the specified input is not a valid huge page medium an error is returned. -func HugePageSizeFromMedium(medium v1.StorageMedium) (resource.Quantity, error) { - if !IsHugePageMedium(medium) { - return resource.Quantity{}, fmt.Errorf("medium: %s is not a hugepage medium", medium) - } - if medium == v1.StorageMediumHugePages { - return resource.Quantity{}, fmt.Errorf("medium: %s doesn't have size information", medium) - } - pageSize := strings.TrimPrefix(string(medium), string(v1.StorageMediumHugePagesPrefix)) - return resource.ParseQuantity(pageSize) -} - -// IsOvercommitAllowed returns true if the resource is in the default -// namespace and is not hugepages. -func IsOvercommitAllowed(name v1.ResourceName) bool { - return IsNativeResource(name) && - !IsHugePageResourceName(name) -} - -// IsAttachableVolumeResourceName returns true when the resource name is prefixed in attachable volume -func IsAttachableVolumeResourceName(name v1.ResourceName) bool { - return strings.HasPrefix(string(name), v1.ResourceAttachableVolumesPrefix) -} - -// IsServiceIPSet aims to check if the service's ClusterIP is set or not -// the objective is not to perform validation here -func IsServiceIPSet(service *v1.Service) bool { - return service.Spec.ClusterIP != v1.ClusterIPNone && service.Spec.ClusterIP != "" -} - -// LoadBalancerStatusEqual evaluates the given load balancers' ingress IP addresses -// and hostnames and returns true if equal or false if otherwise -// TODO: make method on LoadBalancerStatus? -func LoadBalancerStatusEqual(l, r *v1.LoadBalancerStatus) bool { - return ingressSliceEqual(l.Ingress, r.Ingress) -} - -func ingressSliceEqual(lhs, rhs []v1.LoadBalancerIngress) bool { - if len(lhs) != len(rhs) { - return false - } - for i := range lhs { - if !ingressEqual(&lhs[i], &rhs[i]) { - return false - } - } - return true -} - -func ingressEqual(lhs, rhs *v1.LoadBalancerIngress) bool { - if lhs.IP != rhs.IP { - return false - } - if lhs.Hostname != rhs.Hostname { - return false - } - return true -} - -// GetAccessModesAsString returns a string representation of an array of access modes. -// modes, when present, are always in the same order: RWO,ROX,RWX,RWOP. -func GetAccessModesAsString(modes []v1.PersistentVolumeAccessMode) string { - modes = removeDuplicateAccessModes(modes) - modesStr := []string{} - if ContainsAccessMode(modes, v1.ReadWriteOnce) { - modesStr = append(modesStr, "RWO") - } - if ContainsAccessMode(modes, v1.ReadOnlyMany) { - modesStr = append(modesStr, "ROX") - } - if ContainsAccessMode(modes, v1.ReadWriteMany) { - modesStr = append(modesStr, "RWX") - } - if ContainsAccessMode(modes, v1.ReadWriteOncePod) { - modesStr = append(modesStr, "RWOP") - } - return strings.Join(modesStr, ",") -} - -// GetAccessModesFromString returns an array of AccessModes from a string created by GetAccessModesAsString -func GetAccessModesFromString(modes string) []v1.PersistentVolumeAccessMode { - strmodes := strings.Split(modes, ",") - accessModes := []v1.PersistentVolumeAccessMode{} - for _, s := range strmodes { - s = strings.Trim(s, " ") - switch { - case s == "RWO": - accessModes = append(accessModes, v1.ReadWriteOnce) - case s == "ROX": - accessModes = append(accessModes, v1.ReadOnlyMany) - case s == "RWX": - accessModes = append(accessModes, v1.ReadWriteMany) - case s == "RWOP": - accessModes = append(accessModes, v1.ReadWriteOncePod) - } - } - return accessModes -} - -// removeDuplicateAccessModes returns an array of access modes without any duplicates -func removeDuplicateAccessModes(modes []v1.PersistentVolumeAccessMode) []v1.PersistentVolumeAccessMode { - accessModes := []v1.PersistentVolumeAccessMode{} - for _, m := range modes { - if !ContainsAccessMode(accessModes, m) { - accessModes = append(accessModes, m) - } - } - return accessModes -} - -func ContainsAccessMode(modes []v1.PersistentVolumeAccessMode, mode v1.PersistentVolumeAccessMode) bool { - for _, m := range modes { - if m == mode { - return true - } - } - return false -} - -// NodeSelectorRequirementKeysExistInNodeSelectorTerms checks if a NodeSelectorTerm with key is already specified in terms -func NodeSelectorRequirementKeysExistInNodeSelectorTerms(reqs []v1.NodeSelectorRequirement, terms []v1.NodeSelectorTerm) bool { - for _, req := range reqs { - for _, term := range terms { - for _, r := range term.MatchExpressions { - if r.Key == req.Key { - return true - } - } - } - } - return false -} - -// TopologySelectorRequirementsAsSelector converts the []TopologySelectorLabelRequirement api type into a struct -// that implements labels.Selector. -func TopologySelectorRequirementsAsSelector(tsm []v1.TopologySelectorLabelRequirement) (labels.Selector, error) { - if len(tsm) == 0 { - return labels.Nothing(), nil - } - - selector := labels.NewSelector() - for _, expr := range tsm { - r, err := labels.NewRequirement(expr.Key, selection.In, expr.Values) - if err != nil { - return nil, err - } - selector = selector.Add(*r) - } - - return selector, nil -} - -// MatchTopologySelectorTerms checks whether given labels match topology selector terms in ORed; -// nil or empty term matches no objects; while empty term list matches all objects. -func MatchTopologySelectorTerms(topologySelectorTerms []v1.TopologySelectorTerm, lbls labels.Set) bool { - if len(topologySelectorTerms) == 0 { - // empty term list matches all objects - return true - } - - for _, req := range topologySelectorTerms { - // nil or empty term selects no objects - if len(req.MatchLabelExpressions) == 0 { - continue - } - - labelSelector, err := TopologySelectorRequirementsAsSelector(req.MatchLabelExpressions) - if err != nil || !labelSelector.Matches(lbls) { - continue - } - - return true - } - - return false -} - -// AddOrUpdateTolerationInPodSpec tries to add a toleration to the toleration list in PodSpec. -// Returns true if something was updated, false otherwise. -func AddOrUpdateTolerationInPodSpec(spec *v1.PodSpec, toleration *v1.Toleration) bool { - podTolerations := spec.Tolerations - - var newTolerations []v1.Toleration - updated := false - for i := range podTolerations { - if toleration.MatchToleration(&podTolerations[i]) { - if helper.Semantic.DeepEqual(toleration, podTolerations[i]) { - return false - } - newTolerations = append(newTolerations, *toleration) - updated = true - continue - } - - newTolerations = append(newTolerations, podTolerations[i]) - } - - if !updated { - newTolerations = append(newTolerations, *toleration) - } - - spec.Tolerations = newTolerations - return true -} - -// AddOrUpdateTolerationInPod tries to add a toleration to the pod's toleration list. -// Returns true if something was updated, false otherwise. -func AddOrUpdateTolerationInPod(pod *v1.Pod, toleration *v1.Toleration) bool { - return AddOrUpdateTolerationInPodSpec(&pod.Spec, toleration) -} - -// GetMatchingTolerations returns true and list of Tolerations matching all Taints if all are tolerated, or false otherwise. -func GetMatchingTolerations(taints []v1.Taint, tolerations []v1.Toleration) (bool, []v1.Toleration) { - if len(taints) == 0 { - return true, []v1.Toleration{} - } - if len(tolerations) == 0 && len(taints) > 0 { - return false, []v1.Toleration{} - } - result := []v1.Toleration{} - for i := range taints { - tolerated := false - for j := range tolerations { - if tolerations[j].ToleratesTaint(&taints[i]) { - result = append(result, tolerations[j]) - tolerated = true - break - } - } - if !tolerated { - return false, []v1.Toleration{} - } - } - return true, result -} - -// ScopedResourceSelectorRequirementsAsSelector converts the ScopedResourceSelectorRequirement api type into a struct that implements -// labels.Selector. -func ScopedResourceSelectorRequirementsAsSelector(ssr v1.ScopedResourceSelectorRequirement) (labels.Selector, error) { - selector := labels.NewSelector() - var op selection.Operator - switch ssr.Operator { - case v1.ScopeSelectorOpIn: - op = selection.In - case v1.ScopeSelectorOpNotIn: - op = selection.NotIn - case v1.ScopeSelectorOpExists: - op = selection.Exists - case v1.ScopeSelectorOpDoesNotExist: - op = selection.DoesNotExist - default: - return nil, fmt.Errorf("%q is not a valid scope selector operator", ssr.Operator) - } - r, err := labels.NewRequirement(string(ssr.ScopeName), op, ssr.Values) - if err != nil { - return nil, err - } - selector = selector.Add(*r) - return selector, nil -} - -// nodeSelectorRequirementsAsLabelRequirements converts the NodeSelectorRequirement -// type to a labels.Requirement type. -func nodeSelectorRequirementsAsLabelRequirements(nsr v1.NodeSelectorRequirement) (*labels.Requirement, error) { - var op selection.Operator - switch nsr.Operator { - case v1.NodeSelectorOpIn: - op = selection.In - case v1.NodeSelectorOpNotIn: - op = selection.NotIn - case v1.NodeSelectorOpExists: - op = selection.Exists - case v1.NodeSelectorOpDoesNotExist: - op = selection.DoesNotExist - case v1.NodeSelectorOpGt: - op = selection.GreaterThan - case v1.NodeSelectorOpLt: - op = selection.LessThan - default: - return nil, fmt.Errorf("%q is not a valid node selector operator", nsr.Operator) - } - return labels.NewRequirement(nsr.Key, op, nsr.Values) -} - -// NodeSelectorAsSelector converts the NodeSelector api type into a struct that -// implements labels.Selector -// Note: This function should be kept in sync with the selector methods in -// pkg/labels/selector.go -func NodeSelectorAsSelector(ns *v1.NodeSelector) (labels.Selector, error) { - if ns == nil { - return labels.Nothing(), nil - } - if len(ns.NodeSelectorTerms) == 0 { - return labels.Everything(), nil - } - var requirements []labels.Requirement - - for _, nsTerm := range ns.NodeSelectorTerms { - for _, expr := range nsTerm.MatchExpressions { - req, err := nodeSelectorRequirementsAsLabelRequirements(expr) - if err != nil { - return nil, err - } - requirements = append(requirements, *req) - } - - for _, field := range nsTerm.MatchFields { - req, err := nodeSelectorRequirementsAsLabelRequirements(field) - if err != nil { - return nil, err - } - requirements = append(requirements, *req) - } - } - - selector := labels.NewSelector() - selector = selector.Add(requirements...) - return selector, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/helper/qos/qos.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/helper/qos/qos.go deleted file mode 100644 index 10a6cb0791..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/helper/qos/qos.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package qos - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/kubernetes/pkg/apis/core" -) - -var supportedQoSComputeResources = sets.NewString(string(core.ResourceCPU), string(core.ResourceMemory)) - -// QOSList is a set of (resource name, QoS class) pairs. -type QOSList map[v1.ResourceName]v1.PodQOSClass - -func isSupportedQoSComputeResource(name v1.ResourceName) bool { - return supportedQoSComputeResources.Has(string(name)) -} - -// GetPodQOS returns the QoS class of a pod. -// A pod is besteffort if none of its containers have specified any requests or limits. -// A pod is guaranteed only when requests and limits are specified for all the containers and they are equal. -// A pod is burstable if limits and requests do not match across all containers. -func GetPodQOS(pod *v1.Pod) v1.PodQOSClass { - requests := v1.ResourceList{} - limits := v1.ResourceList{} - zeroQuantity := resource.MustParse("0") - isGuaranteed := true - allContainers := []v1.Container{} - allContainers = append(allContainers, pod.Spec.Containers...) - allContainers = append(allContainers, pod.Spec.InitContainers...) - for _, container := range allContainers { - // process requests - for name, quantity := range container.Resources.Requests { - if !isSupportedQoSComputeResource(name) { - continue - } - if quantity.Cmp(zeroQuantity) == 1 { - delta := quantity.DeepCopy() - if _, exists := requests[name]; !exists { - requests[name] = delta - } else { - delta.Add(requests[name]) - requests[name] = delta - } - } - } - // process limits - qosLimitsFound := sets.NewString() - for name, quantity := range container.Resources.Limits { - if !isSupportedQoSComputeResource(name) { - continue - } - if quantity.Cmp(zeroQuantity) == 1 { - qosLimitsFound.Insert(string(name)) - delta := quantity.DeepCopy() - if _, exists := limits[name]; !exists { - limits[name] = delta - } else { - delta.Add(limits[name]) - limits[name] = delta - } - } - } - - if !qosLimitsFound.HasAll(string(v1.ResourceMemory), string(v1.ResourceCPU)) { - isGuaranteed = false - } - } - if len(requests) == 0 && len(limits) == 0 { - return v1.PodQOSBestEffort - } - // Check is requests match limits for all resources. - if isGuaranteed { - for name, req := range requests { - if lim, exists := limits[name]; !exists || lim.Cmp(req) != 0 { - isGuaranteed = false - break - } - } - } - if isGuaranteed && - len(requests) == len(limits) { - return v1.PodQOSGuaranteed - } - return v1.PodQOSBurstable -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/register.go deleted file mode 100644 index adf620fa4f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - localSchemeBuilder = &v1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} - -// TODO: remove these global variables -// GroupName is the group name use in this package -const GroupName = "" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/validation/validation.go deleted file mode 100644 index 4f7ca42e40..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/validation/validation.go +++ /dev/null @@ -1,170 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strings" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/core/helper" - v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" -) - -const isNegativeErrorMsg string = `must be greater than or equal to 0` -const isNotIntegerErrorMsg string = `must be an integer` - -// ValidateResourceRequirements will check if any of the resource -// Limits/Requests are of a valid value. Any incorrect value will be added to -// the ErrorList. -func ValidateResourceRequirements(requirements *v1.ResourceRequirements, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - limPath := fldPath.Child("limits") - reqPath := fldPath.Child("requests") - for resourceName, quantity := range requirements.Limits { - fldPath := limPath.Key(string(resourceName)) - // Validate resource name. - allErrs = append(allErrs, ValidateContainerResourceName(string(resourceName), fldPath)...) - - // Validate resource quantity. - allErrs = append(allErrs, ValidateResourceQuantityValue(string(resourceName), quantity, fldPath)...) - - } - for resourceName, quantity := range requirements.Requests { - fldPath := reqPath.Key(string(resourceName)) - // Validate resource name. - allErrs = append(allErrs, ValidateContainerResourceName(string(resourceName), fldPath)...) - // Validate resource quantity. - allErrs = append(allErrs, ValidateResourceQuantityValue(string(resourceName), quantity, fldPath)...) - - // Check that request <= limit. - limitQuantity, exists := requirements.Limits[resourceName] - if exists { - // For GPUs, not only requests can't exceed limits, they also can't be lower, i.e. must be equal. - if quantity.Cmp(limitQuantity) != 0 && !v1helper.IsOvercommitAllowed(resourceName) { - allErrs = append(allErrs, field.Invalid(reqPath, quantity.String(), fmt.Sprintf("must be equal to %s limit", resourceName))) - } else if quantity.Cmp(limitQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(reqPath, quantity.String(), fmt.Sprintf("must be less than or equal to %s limit", resourceName))) - } - } - } - - return allErrs -} - -// ValidateContainerResourceName checks the name of resource specified for a container -func ValidateContainerResourceName(value string, fldPath *field.Path) field.ErrorList { - allErrs := validateResourceName(value, fldPath) - if len(strings.Split(value, "/")) == 1 { - if !helper.IsStandardContainerResourceName(value) { - return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource for containers")) - } - } else if !v1helper.IsNativeResource(v1.ResourceName(value)) { - if !v1helper.IsExtendedResourceName(v1.ResourceName(value)) { - return append(allErrs, field.Invalid(fldPath, value, "doesn't follow extended resource name standard")) - } - } - return allErrs -} - -// ValidateResourceQuantityValue enforces that specified quantity is valid for specified resource -func ValidateResourceQuantityValue(resource string, value resource.Quantity, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateNonnegativeQuantity(value, fldPath)...) - if helper.IsIntegerResourceName(resource) { - if value.MilliValue()%int64(1000) != int64(0) { - allErrs = append(allErrs, field.Invalid(fldPath, value, isNotIntegerErrorMsg)) - } - } - return allErrs -} - -// ValidateNonnegativeQuantity checks that a Quantity is not negative. -func ValidateNonnegativeQuantity(value resource.Quantity, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if value.Cmp(resource.Quantity{}) < 0 { - allErrs = append(allErrs, field.Invalid(fldPath, value.String(), isNegativeErrorMsg)) - } - return allErrs -} - -// Validate compute resource typename. -// Refer to docs/design/resources.md for more details. -func validateResourceName(value string, fldPath *field.Path) field.ErrorList { - allErrs := apivalidation.ValidateQualifiedName(value, fldPath) - if len(allErrs) != 0 { - return allErrs - } - - if len(strings.Split(value, "/")) == 1 { - if !helper.IsStandardResourceName(value) { - return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource type or fully qualified")) - } - } - - return allErrs -} - -// ValidatePodLogOptions checks if options that are set are at the correct -// value. Any incorrect value will be returned to the ErrorList. -func ValidatePodLogOptions(opts *v1.PodLogOptions) field.ErrorList { - allErrs := field.ErrorList{} - if opts.TailLines != nil && *opts.TailLines < 0 { - allErrs = append(allErrs, field.Invalid(field.NewPath("tailLines"), *opts.TailLines, isNegativeErrorMsg)) - } - if opts.LimitBytes != nil && *opts.LimitBytes < 1 { - allErrs = append(allErrs, field.Invalid(field.NewPath("limitBytes"), *opts.LimitBytes, "must be greater than 0")) - } - switch { - case opts.SinceSeconds != nil && opts.SinceTime != nil: - allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "at most one of `sinceTime` or `sinceSeconds` may be specified")) - case opts.SinceSeconds != nil: - if *opts.SinceSeconds < 1 { - allErrs = append(allErrs, field.Invalid(field.NewPath("sinceSeconds"), *opts.SinceSeconds, "must be greater than 0")) - } - } - return allErrs -} - -// AccumulateUniqueHostPorts checks all the containers for duplicates ports. Any -// duplicate port will be returned in the ErrorList. -func AccumulateUniqueHostPorts(containers []v1.Container, accumulator *sets.String, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - for ci, ctr := range containers { - idxPath := fldPath.Index(ci) - portsPath := idxPath.Child("ports") - for pi := range ctr.Ports { - idxPath := portsPath.Index(pi) - port := ctr.Ports[pi].HostPort - if port == 0 { - continue - } - str := fmt.Sprintf("%d/%s", port, ctr.Ports[pi].Protocol) - if accumulator.Has(str) { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("hostPort"), str)) - } else { - accumulator.Insert(str) - } - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.conversion.go deleted file mode 100644 index c27a86783b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.conversion.go +++ /dev/null @@ -1,8522 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - url "net/url" - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - resource "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - apps "k8s.io/kubernetes/pkg/apis/apps" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.AWSElasticBlockStoreVolumeSource)(nil), (*core.AWSElasticBlockStoreVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AWSElasticBlockStoreVolumeSource_To_core_AWSElasticBlockStoreVolumeSource(a.(*v1.AWSElasticBlockStoreVolumeSource), b.(*core.AWSElasticBlockStoreVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.AWSElasticBlockStoreVolumeSource)(nil), (*v1.AWSElasticBlockStoreVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_AWSElasticBlockStoreVolumeSource_To_v1_AWSElasticBlockStoreVolumeSource(a.(*core.AWSElasticBlockStoreVolumeSource), b.(*v1.AWSElasticBlockStoreVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Affinity)(nil), (*core.Affinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Affinity_To_core_Affinity(a.(*v1.Affinity), b.(*core.Affinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Affinity)(nil), (*v1.Affinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Affinity_To_v1_Affinity(a.(*core.Affinity), b.(*v1.Affinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.AttachedVolume)(nil), (*core.AttachedVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AttachedVolume_To_core_AttachedVolume(a.(*v1.AttachedVolume), b.(*core.AttachedVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.AttachedVolume)(nil), (*v1.AttachedVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_AttachedVolume_To_v1_AttachedVolume(a.(*core.AttachedVolume), b.(*v1.AttachedVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.AvoidPods)(nil), (*core.AvoidPods)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AvoidPods_To_core_AvoidPods(a.(*v1.AvoidPods), b.(*core.AvoidPods), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.AvoidPods)(nil), (*v1.AvoidPods)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_AvoidPods_To_v1_AvoidPods(a.(*core.AvoidPods), b.(*v1.AvoidPods), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.AzureDiskVolumeSource)(nil), (*core.AzureDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AzureDiskVolumeSource_To_core_AzureDiskVolumeSource(a.(*v1.AzureDiskVolumeSource), b.(*core.AzureDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.AzureDiskVolumeSource)(nil), (*v1.AzureDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_AzureDiskVolumeSource_To_v1_AzureDiskVolumeSource(a.(*core.AzureDiskVolumeSource), b.(*v1.AzureDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.AzureFilePersistentVolumeSource)(nil), (*core.AzureFilePersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AzureFilePersistentVolumeSource_To_core_AzureFilePersistentVolumeSource(a.(*v1.AzureFilePersistentVolumeSource), b.(*core.AzureFilePersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.AzureFilePersistentVolumeSource)(nil), (*v1.AzureFilePersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_AzureFilePersistentVolumeSource_To_v1_AzureFilePersistentVolumeSource(a.(*core.AzureFilePersistentVolumeSource), b.(*v1.AzureFilePersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.AzureFileVolumeSource)(nil), (*core.AzureFileVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AzureFileVolumeSource_To_core_AzureFileVolumeSource(a.(*v1.AzureFileVolumeSource), b.(*core.AzureFileVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.AzureFileVolumeSource)(nil), (*v1.AzureFileVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_AzureFileVolumeSource_To_v1_AzureFileVolumeSource(a.(*core.AzureFileVolumeSource), b.(*v1.AzureFileVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Binding)(nil), (*core.Binding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Binding_To_core_Binding(a.(*v1.Binding), b.(*core.Binding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Binding)(nil), (*v1.Binding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Binding_To_v1_Binding(a.(*core.Binding), b.(*v1.Binding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSIPersistentVolumeSource)(nil), (*core.CSIPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSIPersistentVolumeSource_To_core_CSIPersistentVolumeSource(a.(*v1.CSIPersistentVolumeSource), b.(*core.CSIPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.CSIPersistentVolumeSource)(nil), (*v1.CSIPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_CSIPersistentVolumeSource_To_v1_CSIPersistentVolumeSource(a.(*core.CSIPersistentVolumeSource), b.(*v1.CSIPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSIVolumeSource)(nil), (*core.CSIVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSIVolumeSource_To_core_CSIVolumeSource(a.(*v1.CSIVolumeSource), b.(*core.CSIVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.CSIVolumeSource)(nil), (*v1.CSIVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_CSIVolumeSource_To_v1_CSIVolumeSource(a.(*core.CSIVolumeSource), b.(*v1.CSIVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Capabilities)(nil), (*core.Capabilities)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Capabilities_To_core_Capabilities(a.(*v1.Capabilities), b.(*core.Capabilities), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Capabilities)(nil), (*v1.Capabilities)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Capabilities_To_v1_Capabilities(a.(*core.Capabilities), b.(*v1.Capabilities), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CephFSPersistentVolumeSource)(nil), (*core.CephFSPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CephFSPersistentVolumeSource_To_core_CephFSPersistentVolumeSource(a.(*v1.CephFSPersistentVolumeSource), b.(*core.CephFSPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.CephFSPersistentVolumeSource)(nil), (*v1.CephFSPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_CephFSPersistentVolumeSource_To_v1_CephFSPersistentVolumeSource(a.(*core.CephFSPersistentVolumeSource), b.(*v1.CephFSPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CephFSVolumeSource)(nil), (*core.CephFSVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CephFSVolumeSource_To_core_CephFSVolumeSource(a.(*v1.CephFSVolumeSource), b.(*core.CephFSVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.CephFSVolumeSource)(nil), (*v1.CephFSVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_CephFSVolumeSource_To_v1_CephFSVolumeSource(a.(*core.CephFSVolumeSource), b.(*v1.CephFSVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CinderPersistentVolumeSource)(nil), (*core.CinderPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CinderPersistentVolumeSource_To_core_CinderPersistentVolumeSource(a.(*v1.CinderPersistentVolumeSource), b.(*core.CinderPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.CinderPersistentVolumeSource)(nil), (*v1.CinderPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_CinderPersistentVolumeSource_To_v1_CinderPersistentVolumeSource(a.(*core.CinderPersistentVolumeSource), b.(*v1.CinderPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CinderVolumeSource)(nil), (*core.CinderVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CinderVolumeSource_To_core_CinderVolumeSource(a.(*v1.CinderVolumeSource), b.(*core.CinderVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.CinderVolumeSource)(nil), (*v1.CinderVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_CinderVolumeSource_To_v1_CinderVolumeSource(a.(*core.CinderVolumeSource), b.(*v1.CinderVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ClaimSource)(nil), (*core.ClaimSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ClaimSource_To_core_ClaimSource(a.(*v1.ClaimSource), b.(*core.ClaimSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ClaimSource)(nil), (*v1.ClaimSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ClaimSource_To_v1_ClaimSource(a.(*core.ClaimSource), b.(*v1.ClaimSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ClientIPConfig)(nil), (*core.ClientIPConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ClientIPConfig_To_core_ClientIPConfig(a.(*v1.ClientIPConfig), b.(*core.ClientIPConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ClientIPConfig)(nil), (*v1.ClientIPConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ClientIPConfig_To_v1_ClientIPConfig(a.(*core.ClientIPConfig), b.(*v1.ClientIPConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ComponentCondition)(nil), (*core.ComponentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ComponentCondition_To_core_ComponentCondition(a.(*v1.ComponentCondition), b.(*core.ComponentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ComponentCondition)(nil), (*v1.ComponentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ComponentCondition_To_v1_ComponentCondition(a.(*core.ComponentCondition), b.(*v1.ComponentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ComponentStatus)(nil), (*core.ComponentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ComponentStatus_To_core_ComponentStatus(a.(*v1.ComponentStatus), b.(*core.ComponentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ComponentStatus)(nil), (*v1.ComponentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ComponentStatus_To_v1_ComponentStatus(a.(*core.ComponentStatus), b.(*v1.ComponentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ComponentStatusList)(nil), (*core.ComponentStatusList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ComponentStatusList_To_core_ComponentStatusList(a.(*v1.ComponentStatusList), b.(*core.ComponentStatusList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ComponentStatusList)(nil), (*v1.ComponentStatusList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ComponentStatusList_To_v1_ComponentStatusList(a.(*core.ComponentStatusList), b.(*v1.ComponentStatusList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ConfigMap)(nil), (*core.ConfigMap)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ConfigMap_To_core_ConfigMap(a.(*v1.ConfigMap), b.(*core.ConfigMap), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ConfigMap)(nil), (*v1.ConfigMap)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ConfigMap_To_v1_ConfigMap(a.(*core.ConfigMap), b.(*v1.ConfigMap), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ConfigMapEnvSource)(nil), (*core.ConfigMapEnvSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ConfigMapEnvSource_To_core_ConfigMapEnvSource(a.(*v1.ConfigMapEnvSource), b.(*core.ConfigMapEnvSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ConfigMapEnvSource)(nil), (*v1.ConfigMapEnvSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ConfigMapEnvSource_To_v1_ConfigMapEnvSource(a.(*core.ConfigMapEnvSource), b.(*v1.ConfigMapEnvSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ConfigMapKeySelector)(nil), (*core.ConfigMapKeySelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ConfigMapKeySelector_To_core_ConfigMapKeySelector(a.(*v1.ConfigMapKeySelector), b.(*core.ConfigMapKeySelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ConfigMapKeySelector)(nil), (*v1.ConfigMapKeySelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ConfigMapKeySelector_To_v1_ConfigMapKeySelector(a.(*core.ConfigMapKeySelector), b.(*v1.ConfigMapKeySelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ConfigMapList)(nil), (*core.ConfigMapList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ConfigMapList_To_core_ConfigMapList(a.(*v1.ConfigMapList), b.(*core.ConfigMapList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ConfigMapList)(nil), (*v1.ConfigMapList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ConfigMapList_To_v1_ConfigMapList(a.(*core.ConfigMapList), b.(*v1.ConfigMapList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ConfigMapNodeConfigSource)(nil), (*core.ConfigMapNodeConfigSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ConfigMapNodeConfigSource_To_core_ConfigMapNodeConfigSource(a.(*v1.ConfigMapNodeConfigSource), b.(*core.ConfigMapNodeConfigSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ConfigMapNodeConfigSource)(nil), (*v1.ConfigMapNodeConfigSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ConfigMapNodeConfigSource_To_v1_ConfigMapNodeConfigSource(a.(*core.ConfigMapNodeConfigSource), b.(*v1.ConfigMapNodeConfigSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ConfigMapProjection)(nil), (*core.ConfigMapProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ConfigMapProjection_To_core_ConfigMapProjection(a.(*v1.ConfigMapProjection), b.(*core.ConfigMapProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ConfigMapProjection)(nil), (*v1.ConfigMapProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ConfigMapProjection_To_v1_ConfigMapProjection(a.(*core.ConfigMapProjection), b.(*v1.ConfigMapProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ConfigMapVolumeSource)(nil), (*core.ConfigMapVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ConfigMapVolumeSource_To_core_ConfigMapVolumeSource(a.(*v1.ConfigMapVolumeSource), b.(*core.ConfigMapVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ConfigMapVolumeSource)(nil), (*v1.ConfigMapVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ConfigMapVolumeSource_To_v1_ConfigMapVolumeSource(a.(*core.ConfigMapVolumeSource), b.(*v1.ConfigMapVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Container)(nil), (*core.Container)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Container_To_core_Container(a.(*v1.Container), b.(*core.Container), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Container)(nil), (*v1.Container)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Container_To_v1_Container(a.(*core.Container), b.(*v1.Container), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ContainerImage)(nil), (*core.ContainerImage)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerImage_To_core_ContainerImage(a.(*v1.ContainerImage), b.(*core.ContainerImage), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ContainerImage)(nil), (*v1.ContainerImage)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ContainerImage_To_v1_ContainerImage(a.(*core.ContainerImage), b.(*v1.ContainerImage), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ContainerPort)(nil), (*core.ContainerPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerPort_To_core_ContainerPort(a.(*v1.ContainerPort), b.(*core.ContainerPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ContainerPort)(nil), (*v1.ContainerPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ContainerPort_To_v1_ContainerPort(a.(*core.ContainerPort), b.(*v1.ContainerPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ContainerState)(nil), (*core.ContainerState)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerState_To_core_ContainerState(a.(*v1.ContainerState), b.(*core.ContainerState), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ContainerState)(nil), (*v1.ContainerState)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ContainerState_To_v1_ContainerState(a.(*core.ContainerState), b.(*v1.ContainerState), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ContainerStateRunning)(nil), (*core.ContainerStateRunning)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerStateRunning_To_core_ContainerStateRunning(a.(*v1.ContainerStateRunning), b.(*core.ContainerStateRunning), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ContainerStateRunning)(nil), (*v1.ContainerStateRunning)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ContainerStateRunning_To_v1_ContainerStateRunning(a.(*core.ContainerStateRunning), b.(*v1.ContainerStateRunning), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ContainerStateTerminated)(nil), (*core.ContainerStateTerminated)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerStateTerminated_To_core_ContainerStateTerminated(a.(*v1.ContainerStateTerminated), b.(*core.ContainerStateTerminated), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ContainerStateTerminated)(nil), (*v1.ContainerStateTerminated)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ContainerStateTerminated_To_v1_ContainerStateTerminated(a.(*core.ContainerStateTerminated), b.(*v1.ContainerStateTerminated), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ContainerStateWaiting)(nil), (*core.ContainerStateWaiting)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerStateWaiting_To_core_ContainerStateWaiting(a.(*v1.ContainerStateWaiting), b.(*core.ContainerStateWaiting), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ContainerStateWaiting)(nil), (*v1.ContainerStateWaiting)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ContainerStateWaiting_To_v1_ContainerStateWaiting(a.(*core.ContainerStateWaiting), b.(*v1.ContainerStateWaiting), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ContainerStatus)(nil), (*core.ContainerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ContainerStatus_To_core_ContainerStatus(a.(*v1.ContainerStatus), b.(*core.ContainerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ContainerStatus)(nil), (*v1.ContainerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ContainerStatus_To_v1_ContainerStatus(a.(*core.ContainerStatus), b.(*v1.ContainerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DaemonEndpoint)(nil), (*core.DaemonEndpoint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DaemonEndpoint_To_core_DaemonEndpoint(a.(*v1.DaemonEndpoint), b.(*core.DaemonEndpoint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.DaemonEndpoint)(nil), (*v1.DaemonEndpoint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_DaemonEndpoint_To_v1_DaemonEndpoint(a.(*core.DaemonEndpoint), b.(*v1.DaemonEndpoint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DownwardAPIProjection)(nil), (*core.DownwardAPIProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DownwardAPIProjection_To_core_DownwardAPIProjection(a.(*v1.DownwardAPIProjection), b.(*core.DownwardAPIProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.DownwardAPIProjection)(nil), (*v1.DownwardAPIProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_DownwardAPIProjection_To_v1_DownwardAPIProjection(a.(*core.DownwardAPIProjection), b.(*v1.DownwardAPIProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DownwardAPIVolumeFile)(nil), (*core.DownwardAPIVolumeFile)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DownwardAPIVolumeFile_To_core_DownwardAPIVolumeFile(a.(*v1.DownwardAPIVolumeFile), b.(*core.DownwardAPIVolumeFile), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.DownwardAPIVolumeFile)(nil), (*v1.DownwardAPIVolumeFile)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_DownwardAPIVolumeFile_To_v1_DownwardAPIVolumeFile(a.(*core.DownwardAPIVolumeFile), b.(*v1.DownwardAPIVolumeFile), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.DownwardAPIVolumeSource)(nil), (*core.DownwardAPIVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_DownwardAPIVolumeSource_To_core_DownwardAPIVolumeSource(a.(*v1.DownwardAPIVolumeSource), b.(*core.DownwardAPIVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.DownwardAPIVolumeSource)(nil), (*v1.DownwardAPIVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_DownwardAPIVolumeSource_To_v1_DownwardAPIVolumeSource(a.(*core.DownwardAPIVolumeSource), b.(*v1.DownwardAPIVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EmptyDirVolumeSource)(nil), (*core.EmptyDirVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EmptyDirVolumeSource_To_core_EmptyDirVolumeSource(a.(*v1.EmptyDirVolumeSource), b.(*core.EmptyDirVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EmptyDirVolumeSource)(nil), (*v1.EmptyDirVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EmptyDirVolumeSource_To_v1_EmptyDirVolumeSource(a.(*core.EmptyDirVolumeSource), b.(*v1.EmptyDirVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointAddress)(nil), (*core.EndpointAddress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointAddress_To_core_EndpointAddress(a.(*v1.EndpointAddress), b.(*core.EndpointAddress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EndpointAddress)(nil), (*v1.EndpointAddress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EndpointAddress_To_v1_EndpointAddress(a.(*core.EndpointAddress), b.(*v1.EndpointAddress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointPort)(nil), (*core.EndpointPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointPort_To_core_EndpointPort(a.(*v1.EndpointPort), b.(*core.EndpointPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EndpointPort)(nil), (*v1.EndpointPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EndpointPort_To_v1_EndpointPort(a.(*core.EndpointPort), b.(*v1.EndpointPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointSubset)(nil), (*core.EndpointSubset)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointSubset_To_core_EndpointSubset(a.(*v1.EndpointSubset), b.(*core.EndpointSubset), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EndpointSubset)(nil), (*v1.EndpointSubset)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EndpointSubset_To_v1_EndpointSubset(a.(*core.EndpointSubset), b.(*v1.EndpointSubset), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Endpoints)(nil), (*core.Endpoints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Endpoints_To_core_Endpoints(a.(*v1.Endpoints), b.(*core.Endpoints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Endpoints)(nil), (*v1.Endpoints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Endpoints_To_v1_Endpoints(a.(*core.Endpoints), b.(*v1.Endpoints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointsList)(nil), (*core.EndpointsList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointsList_To_core_EndpointsList(a.(*v1.EndpointsList), b.(*core.EndpointsList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EndpointsList)(nil), (*v1.EndpointsList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EndpointsList_To_v1_EndpointsList(a.(*core.EndpointsList), b.(*v1.EndpointsList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EnvFromSource)(nil), (*core.EnvFromSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EnvFromSource_To_core_EnvFromSource(a.(*v1.EnvFromSource), b.(*core.EnvFromSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EnvFromSource)(nil), (*v1.EnvFromSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EnvFromSource_To_v1_EnvFromSource(a.(*core.EnvFromSource), b.(*v1.EnvFromSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EnvVar)(nil), (*core.EnvVar)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EnvVar_To_core_EnvVar(a.(*v1.EnvVar), b.(*core.EnvVar), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EnvVar)(nil), (*v1.EnvVar)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EnvVar_To_v1_EnvVar(a.(*core.EnvVar), b.(*v1.EnvVar), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EnvVarSource)(nil), (*core.EnvVarSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EnvVarSource_To_core_EnvVarSource(a.(*v1.EnvVarSource), b.(*core.EnvVarSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EnvVarSource)(nil), (*v1.EnvVarSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EnvVarSource_To_v1_EnvVarSource(a.(*core.EnvVarSource), b.(*v1.EnvVarSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EphemeralContainer)(nil), (*core.EphemeralContainer)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EphemeralContainer_To_core_EphemeralContainer(a.(*v1.EphemeralContainer), b.(*core.EphemeralContainer), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EphemeralContainer)(nil), (*v1.EphemeralContainer)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EphemeralContainer_To_v1_EphemeralContainer(a.(*core.EphemeralContainer), b.(*v1.EphemeralContainer), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EphemeralContainerCommon)(nil), (*core.EphemeralContainerCommon)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EphemeralContainerCommon_To_core_EphemeralContainerCommon(a.(*v1.EphemeralContainerCommon), b.(*core.EphemeralContainerCommon), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EphemeralContainerCommon)(nil), (*v1.EphemeralContainerCommon)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EphemeralContainerCommon_To_v1_EphemeralContainerCommon(a.(*core.EphemeralContainerCommon), b.(*v1.EphemeralContainerCommon), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EphemeralVolumeSource)(nil), (*core.EphemeralVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EphemeralVolumeSource_To_core_EphemeralVolumeSource(a.(*v1.EphemeralVolumeSource), b.(*core.EphemeralVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EphemeralVolumeSource)(nil), (*v1.EphemeralVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EphemeralVolumeSource_To_v1_EphemeralVolumeSource(a.(*core.EphemeralVolumeSource), b.(*v1.EphemeralVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Event)(nil), (*core.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Event_To_core_Event(a.(*v1.Event), b.(*core.Event), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Event)(nil), (*v1.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Event_To_v1_Event(a.(*core.Event), b.(*v1.Event), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EventList)(nil), (*core.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EventList_To_core_EventList(a.(*v1.EventList), b.(*core.EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EventList)(nil), (*v1.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EventList_To_v1_EventList(a.(*core.EventList), b.(*v1.EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EventSeries)(nil), (*core.EventSeries)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EventSeries_To_core_EventSeries(a.(*v1.EventSeries), b.(*core.EventSeries), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EventSeries)(nil), (*v1.EventSeries)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EventSeries_To_v1_EventSeries(a.(*core.EventSeries), b.(*v1.EventSeries), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EventSource)(nil), (*core.EventSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EventSource_To_core_EventSource(a.(*v1.EventSource), b.(*core.EventSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EventSource)(nil), (*v1.EventSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EventSource_To_v1_EventSource(a.(*core.EventSource), b.(*v1.EventSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ExecAction)(nil), (*core.ExecAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ExecAction_To_core_ExecAction(a.(*v1.ExecAction), b.(*core.ExecAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ExecAction)(nil), (*v1.ExecAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ExecAction_To_v1_ExecAction(a.(*core.ExecAction), b.(*v1.ExecAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.FCVolumeSource)(nil), (*core.FCVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_FCVolumeSource_To_core_FCVolumeSource(a.(*v1.FCVolumeSource), b.(*core.FCVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.FCVolumeSource)(nil), (*v1.FCVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_FCVolumeSource_To_v1_FCVolumeSource(a.(*core.FCVolumeSource), b.(*v1.FCVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.FlexPersistentVolumeSource)(nil), (*core.FlexPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_FlexPersistentVolumeSource_To_core_FlexPersistentVolumeSource(a.(*v1.FlexPersistentVolumeSource), b.(*core.FlexPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.FlexPersistentVolumeSource)(nil), (*v1.FlexPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_FlexPersistentVolumeSource_To_v1_FlexPersistentVolumeSource(a.(*core.FlexPersistentVolumeSource), b.(*v1.FlexPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.FlexVolumeSource)(nil), (*core.FlexVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_FlexVolumeSource_To_core_FlexVolumeSource(a.(*v1.FlexVolumeSource), b.(*core.FlexVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.FlexVolumeSource)(nil), (*v1.FlexVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_FlexVolumeSource_To_v1_FlexVolumeSource(a.(*core.FlexVolumeSource), b.(*v1.FlexVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.FlockerVolumeSource)(nil), (*core.FlockerVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_FlockerVolumeSource_To_core_FlockerVolumeSource(a.(*v1.FlockerVolumeSource), b.(*core.FlockerVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.FlockerVolumeSource)(nil), (*v1.FlockerVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_FlockerVolumeSource_To_v1_FlockerVolumeSource(a.(*core.FlockerVolumeSource), b.(*v1.FlockerVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.GCEPersistentDiskVolumeSource)(nil), (*core.GCEPersistentDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_GCEPersistentDiskVolumeSource_To_core_GCEPersistentDiskVolumeSource(a.(*v1.GCEPersistentDiskVolumeSource), b.(*core.GCEPersistentDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.GCEPersistentDiskVolumeSource)(nil), (*v1.GCEPersistentDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_GCEPersistentDiskVolumeSource_To_v1_GCEPersistentDiskVolumeSource(a.(*core.GCEPersistentDiskVolumeSource), b.(*v1.GCEPersistentDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.GRPCAction)(nil), (*core.GRPCAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_GRPCAction_To_core_GRPCAction(a.(*v1.GRPCAction), b.(*core.GRPCAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.GRPCAction)(nil), (*v1.GRPCAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_GRPCAction_To_v1_GRPCAction(a.(*core.GRPCAction), b.(*v1.GRPCAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.GitRepoVolumeSource)(nil), (*core.GitRepoVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_GitRepoVolumeSource_To_core_GitRepoVolumeSource(a.(*v1.GitRepoVolumeSource), b.(*core.GitRepoVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.GitRepoVolumeSource)(nil), (*v1.GitRepoVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_GitRepoVolumeSource_To_v1_GitRepoVolumeSource(a.(*core.GitRepoVolumeSource), b.(*v1.GitRepoVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.GlusterfsPersistentVolumeSource)(nil), (*core.GlusterfsPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_GlusterfsPersistentVolumeSource_To_core_GlusterfsPersistentVolumeSource(a.(*v1.GlusterfsPersistentVolumeSource), b.(*core.GlusterfsPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.GlusterfsPersistentVolumeSource)(nil), (*v1.GlusterfsPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_GlusterfsPersistentVolumeSource_To_v1_GlusterfsPersistentVolumeSource(a.(*core.GlusterfsPersistentVolumeSource), b.(*v1.GlusterfsPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.GlusterfsVolumeSource)(nil), (*core.GlusterfsVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_GlusterfsVolumeSource_To_core_GlusterfsVolumeSource(a.(*v1.GlusterfsVolumeSource), b.(*core.GlusterfsVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.GlusterfsVolumeSource)(nil), (*v1.GlusterfsVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_GlusterfsVolumeSource_To_v1_GlusterfsVolumeSource(a.(*core.GlusterfsVolumeSource), b.(*v1.GlusterfsVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.HTTPGetAction)(nil), (*core.HTTPGetAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HTTPGetAction_To_core_HTTPGetAction(a.(*v1.HTTPGetAction), b.(*core.HTTPGetAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.HTTPGetAction)(nil), (*v1.HTTPGetAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_HTTPGetAction_To_v1_HTTPGetAction(a.(*core.HTTPGetAction), b.(*v1.HTTPGetAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.HTTPHeader)(nil), (*core.HTTPHeader)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HTTPHeader_To_core_HTTPHeader(a.(*v1.HTTPHeader), b.(*core.HTTPHeader), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.HTTPHeader)(nil), (*v1.HTTPHeader)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_HTTPHeader_To_v1_HTTPHeader(a.(*core.HTTPHeader), b.(*v1.HTTPHeader), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.HostAlias)(nil), (*core.HostAlias)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HostAlias_To_core_HostAlias(a.(*v1.HostAlias), b.(*core.HostAlias), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.HostAlias)(nil), (*v1.HostAlias)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_HostAlias_To_v1_HostAlias(a.(*core.HostAlias), b.(*v1.HostAlias), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.HostPathVolumeSource)(nil), (*core.HostPathVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HostPathVolumeSource_To_core_HostPathVolumeSource(a.(*v1.HostPathVolumeSource), b.(*core.HostPathVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.HostPathVolumeSource)(nil), (*v1.HostPathVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_HostPathVolumeSource_To_v1_HostPathVolumeSource(a.(*core.HostPathVolumeSource), b.(*v1.HostPathVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ISCSIPersistentVolumeSource)(nil), (*core.ISCSIPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ISCSIPersistentVolumeSource_To_core_ISCSIPersistentVolumeSource(a.(*v1.ISCSIPersistentVolumeSource), b.(*core.ISCSIPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ISCSIPersistentVolumeSource)(nil), (*v1.ISCSIPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ISCSIPersistentVolumeSource_To_v1_ISCSIPersistentVolumeSource(a.(*core.ISCSIPersistentVolumeSource), b.(*v1.ISCSIPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ISCSIVolumeSource)(nil), (*core.ISCSIVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ISCSIVolumeSource_To_core_ISCSIVolumeSource(a.(*v1.ISCSIVolumeSource), b.(*core.ISCSIVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ISCSIVolumeSource)(nil), (*v1.ISCSIVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ISCSIVolumeSource_To_v1_ISCSIVolumeSource(a.(*core.ISCSIVolumeSource), b.(*v1.ISCSIVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.KeyToPath)(nil), (*core.KeyToPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_KeyToPath_To_core_KeyToPath(a.(*v1.KeyToPath), b.(*core.KeyToPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.KeyToPath)(nil), (*v1.KeyToPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_KeyToPath_To_v1_KeyToPath(a.(*core.KeyToPath), b.(*v1.KeyToPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Lifecycle)(nil), (*core.Lifecycle)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Lifecycle_To_core_Lifecycle(a.(*v1.Lifecycle), b.(*core.Lifecycle), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Lifecycle)(nil), (*v1.Lifecycle)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Lifecycle_To_v1_Lifecycle(a.(*core.Lifecycle), b.(*v1.Lifecycle), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LifecycleHandler)(nil), (*core.LifecycleHandler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LifecycleHandler_To_core_LifecycleHandler(a.(*v1.LifecycleHandler), b.(*core.LifecycleHandler), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LifecycleHandler)(nil), (*v1.LifecycleHandler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LifecycleHandler_To_v1_LifecycleHandler(a.(*core.LifecycleHandler), b.(*v1.LifecycleHandler), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LimitRange)(nil), (*core.LimitRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LimitRange_To_core_LimitRange(a.(*v1.LimitRange), b.(*core.LimitRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LimitRange)(nil), (*v1.LimitRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LimitRange_To_v1_LimitRange(a.(*core.LimitRange), b.(*v1.LimitRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LimitRangeItem)(nil), (*core.LimitRangeItem)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LimitRangeItem_To_core_LimitRangeItem(a.(*v1.LimitRangeItem), b.(*core.LimitRangeItem), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LimitRangeItem)(nil), (*v1.LimitRangeItem)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LimitRangeItem_To_v1_LimitRangeItem(a.(*core.LimitRangeItem), b.(*v1.LimitRangeItem), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LimitRangeList)(nil), (*core.LimitRangeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LimitRangeList_To_core_LimitRangeList(a.(*v1.LimitRangeList), b.(*core.LimitRangeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LimitRangeList)(nil), (*v1.LimitRangeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LimitRangeList_To_v1_LimitRangeList(a.(*core.LimitRangeList), b.(*v1.LimitRangeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LimitRangeSpec)(nil), (*core.LimitRangeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LimitRangeSpec_To_core_LimitRangeSpec(a.(*v1.LimitRangeSpec), b.(*core.LimitRangeSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LimitRangeSpec)(nil), (*v1.LimitRangeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LimitRangeSpec_To_v1_LimitRangeSpec(a.(*core.LimitRangeSpec), b.(*v1.LimitRangeSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.List)(nil), (*core.List)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_List_To_core_List(a.(*v1.List), b.(*core.List), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.List)(nil), (*v1.List)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_List_To_v1_List(a.(*core.List), b.(*v1.List), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LoadBalancerIngress)(nil), (*core.LoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LoadBalancerIngress_To_core_LoadBalancerIngress(a.(*v1.LoadBalancerIngress), b.(*core.LoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LoadBalancerIngress)(nil), (*v1.LoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LoadBalancerIngress_To_v1_LoadBalancerIngress(a.(*core.LoadBalancerIngress), b.(*v1.LoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LocalObjectReference)(nil), (*core.LocalObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LocalObjectReference_To_core_LocalObjectReference(a.(*v1.LocalObjectReference), b.(*core.LocalObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LocalObjectReference)(nil), (*v1.LocalObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LocalObjectReference_To_v1_LocalObjectReference(a.(*core.LocalObjectReference), b.(*v1.LocalObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.LocalVolumeSource)(nil), (*core.LocalVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LocalVolumeSource_To_core_LocalVolumeSource(a.(*v1.LocalVolumeSource), b.(*core.LocalVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.LocalVolumeSource)(nil), (*v1.LocalVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LocalVolumeSource_To_v1_LocalVolumeSource(a.(*core.LocalVolumeSource), b.(*v1.LocalVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NFSVolumeSource)(nil), (*core.NFSVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NFSVolumeSource_To_core_NFSVolumeSource(a.(*v1.NFSVolumeSource), b.(*core.NFSVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NFSVolumeSource)(nil), (*v1.NFSVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NFSVolumeSource_To_v1_NFSVolumeSource(a.(*core.NFSVolumeSource), b.(*v1.NFSVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Namespace)(nil), (*core.Namespace)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Namespace_To_core_Namespace(a.(*v1.Namespace), b.(*core.Namespace), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Namespace)(nil), (*v1.Namespace)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Namespace_To_v1_Namespace(a.(*core.Namespace), b.(*v1.Namespace), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NamespaceCondition)(nil), (*core.NamespaceCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NamespaceCondition_To_core_NamespaceCondition(a.(*v1.NamespaceCondition), b.(*core.NamespaceCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NamespaceCondition)(nil), (*v1.NamespaceCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NamespaceCondition_To_v1_NamespaceCondition(a.(*core.NamespaceCondition), b.(*v1.NamespaceCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NamespaceList)(nil), (*core.NamespaceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NamespaceList_To_core_NamespaceList(a.(*v1.NamespaceList), b.(*core.NamespaceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NamespaceList)(nil), (*v1.NamespaceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NamespaceList_To_v1_NamespaceList(a.(*core.NamespaceList), b.(*v1.NamespaceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NamespaceSpec)(nil), (*core.NamespaceSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NamespaceSpec_To_core_NamespaceSpec(a.(*v1.NamespaceSpec), b.(*core.NamespaceSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NamespaceSpec)(nil), (*v1.NamespaceSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NamespaceSpec_To_v1_NamespaceSpec(a.(*core.NamespaceSpec), b.(*v1.NamespaceSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NamespaceStatus)(nil), (*core.NamespaceStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NamespaceStatus_To_core_NamespaceStatus(a.(*v1.NamespaceStatus), b.(*core.NamespaceStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NamespaceStatus)(nil), (*v1.NamespaceStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NamespaceStatus_To_v1_NamespaceStatus(a.(*core.NamespaceStatus), b.(*v1.NamespaceStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Node)(nil), (*core.Node)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Node_To_core_Node(a.(*v1.Node), b.(*core.Node), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Node)(nil), (*v1.Node)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Node_To_v1_Node(a.(*core.Node), b.(*v1.Node), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeAddress)(nil), (*core.NodeAddress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeAddress_To_core_NodeAddress(a.(*v1.NodeAddress), b.(*core.NodeAddress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeAddress)(nil), (*v1.NodeAddress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeAddress_To_v1_NodeAddress(a.(*core.NodeAddress), b.(*v1.NodeAddress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeAffinity)(nil), (*core.NodeAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeAffinity_To_core_NodeAffinity(a.(*v1.NodeAffinity), b.(*core.NodeAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeAffinity)(nil), (*v1.NodeAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeAffinity_To_v1_NodeAffinity(a.(*core.NodeAffinity), b.(*v1.NodeAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeCondition)(nil), (*core.NodeCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeCondition_To_core_NodeCondition(a.(*v1.NodeCondition), b.(*core.NodeCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeCondition)(nil), (*v1.NodeCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeCondition_To_v1_NodeCondition(a.(*core.NodeCondition), b.(*v1.NodeCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeConfigSource)(nil), (*core.NodeConfigSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeConfigSource_To_core_NodeConfigSource(a.(*v1.NodeConfigSource), b.(*core.NodeConfigSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeConfigSource)(nil), (*v1.NodeConfigSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeConfigSource_To_v1_NodeConfigSource(a.(*core.NodeConfigSource), b.(*v1.NodeConfigSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeConfigStatus)(nil), (*core.NodeConfigStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeConfigStatus_To_core_NodeConfigStatus(a.(*v1.NodeConfigStatus), b.(*core.NodeConfigStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeConfigStatus)(nil), (*v1.NodeConfigStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeConfigStatus_To_v1_NodeConfigStatus(a.(*core.NodeConfigStatus), b.(*v1.NodeConfigStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeDaemonEndpoints)(nil), (*core.NodeDaemonEndpoints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeDaemonEndpoints_To_core_NodeDaemonEndpoints(a.(*v1.NodeDaemonEndpoints), b.(*core.NodeDaemonEndpoints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeDaemonEndpoints)(nil), (*v1.NodeDaemonEndpoints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeDaemonEndpoints_To_v1_NodeDaemonEndpoints(a.(*core.NodeDaemonEndpoints), b.(*v1.NodeDaemonEndpoints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeList)(nil), (*core.NodeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeList_To_core_NodeList(a.(*v1.NodeList), b.(*core.NodeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeList)(nil), (*v1.NodeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeList_To_v1_NodeList(a.(*core.NodeList), b.(*v1.NodeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeProxyOptions)(nil), (*core.NodeProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeProxyOptions_To_core_NodeProxyOptions(a.(*v1.NodeProxyOptions), b.(*core.NodeProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeProxyOptions)(nil), (*v1.NodeProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeProxyOptions_To_v1_NodeProxyOptions(a.(*core.NodeProxyOptions), b.(*v1.NodeProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeResources)(nil), (*core.NodeResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeResources_To_core_NodeResources(a.(*v1.NodeResources), b.(*core.NodeResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeResources)(nil), (*v1.NodeResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeResources_To_v1_NodeResources(a.(*core.NodeResources), b.(*v1.NodeResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeSelector)(nil), (*core.NodeSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeSelector_To_core_NodeSelector(a.(*v1.NodeSelector), b.(*core.NodeSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeSelector)(nil), (*v1.NodeSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeSelector_To_v1_NodeSelector(a.(*core.NodeSelector), b.(*v1.NodeSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeSelectorRequirement)(nil), (*core.NodeSelectorRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeSelectorRequirement_To_core_NodeSelectorRequirement(a.(*v1.NodeSelectorRequirement), b.(*core.NodeSelectorRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeSelectorRequirement)(nil), (*v1.NodeSelectorRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeSelectorRequirement_To_v1_NodeSelectorRequirement(a.(*core.NodeSelectorRequirement), b.(*v1.NodeSelectorRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeSelectorTerm)(nil), (*core.NodeSelectorTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeSelectorTerm_To_core_NodeSelectorTerm(a.(*v1.NodeSelectorTerm), b.(*core.NodeSelectorTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeSelectorTerm)(nil), (*v1.NodeSelectorTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeSelectorTerm_To_v1_NodeSelectorTerm(a.(*core.NodeSelectorTerm), b.(*v1.NodeSelectorTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeStatus)(nil), (*core.NodeStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeStatus_To_core_NodeStatus(a.(*v1.NodeStatus), b.(*core.NodeStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeStatus)(nil), (*v1.NodeStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeStatus_To_v1_NodeStatus(a.(*core.NodeStatus), b.(*v1.NodeStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NodeSystemInfo)(nil), (*core.NodeSystemInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeSystemInfo_To_core_NodeSystemInfo(a.(*v1.NodeSystemInfo), b.(*core.NodeSystemInfo), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.NodeSystemInfo)(nil), (*v1.NodeSystemInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeSystemInfo_To_v1_NodeSystemInfo(a.(*core.NodeSystemInfo), b.(*v1.NodeSystemInfo), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ObjectFieldSelector)(nil), (*core.ObjectFieldSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ObjectFieldSelector_To_core_ObjectFieldSelector(a.(*v1.ObjectFieldSelector), b.(*core.ObjectFieldSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ObjectFieldSelector)(nil), (*v1.ObjectFieldSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ObjectFieldSelector_To_v1_ObjectFieldSelector(a.(*core.ObjectFieldSelector), b.(*v1.ObjectFieldSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ObjectReference)(nil), (*core.ObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ObjectReference_To_core_ObjectReference(a.(*v1.ObjectReference), b.(*core.ObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ObjectReference)(nil), (*v1.ObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ObjectReference_To_v1_ObjectReference(a.(*core.ObjectReference), b.(*v1.ObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolume)(nil), (*core.PersistentVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolume_To_core_PersistentVolume(a.(*v1.PersistentVolume), b.(*core.PersistentVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolume)(nil), (*v1.PersistentVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolume_To_v1_PersistentVolume(a.(*core.PersistentVolume), b.(*v1.PersistentVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeClaim)(nil), (*core.PersistentVolumeClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeClaim_To_core_PersistentVolumeClaim(a.(*v1.PersistentVolumeClaim), b.(*core.PersistentVolumeClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeClaim)(nil), (*v1.PersistentVolumeClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeClaim_To_v1_PersistentVolumeClaim(a.(*core.PersistentVolumeClaim), b.(*v1.PersistentVolumeClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeClaimCondition)(nil), (*core.PersistentVolumeClaimCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeClaimCondition_To_core_PersistentVolumeClaimCondition(a.(*v1.PersistentVolumeClaimCondition), b.(*core.PersistentVolumeClaimCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeClaimCondition)(nil), (*v1.PersistentVolumeClaimCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeClaimCondition_To_v1_PersistentVolumeClaimCondition(a.(*core.PersistentVolumeClaimCondition), b.(*v1.PersistentVolumeClaimCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeClaimList)(nil), (*core.PersistentVolumeClaimList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeClaimList_To_core_PersistentVolumeClaimList(a.(*v1.PersistentVolumeClaimList), b.(*core.PersistentVolumeClaimList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeClaimList)(nil), (*v1.PersistentVolumeClaimList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeClaimList_To_v1_PersistentVolumeClaimList(a.(*core.PersistentVolumeClaimList), b.(*v1.PersistentVolumeClaimList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeClaimSpec)(nil), (*core.PersistentVolumeClaimSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeClaimSpec_To_core_PersistentVolumeClaimSpec(a.(*v1.PersistentVolumeClaimSpec), b.(*core.PersistentVolumeClaimSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeClaimSpec)(nil), (*v1.PersistentVolumeClaimSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeClaimSpec_To_v1_PersistentVolumeClaimSpec(a.(*core.PersistentVolumeClaimSpec), b.(*v1.PersistentVolumeClaimSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeClaimStatus)(nil), (*core.PersistentVolumeClaimStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeClaimStatus_To_core_PersistentVolumeClaimStatus(a.(*v1.PersistentVolumeClaimStatus), b.(*core.PersistentVolumeClaimStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeClaimStatus)(nil), (*v1.PersistentVolumeClaimStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeClaimStatus_To_v1_PersistentVolumeClaimStatus(a.(*core.PersistentVolumeClaimStatus), b.(*v1.PersistentVolumeClaimStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeClaimTemplate)(nil), (*core.PersistentVolumeClaimTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeClaimTemplate_To_core_PersistentVolumeClaimTemplate(a.(*v1.PersistentVolumeClaimTemplate), b.(*core.PersistentVolumeClaimTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeClaimTemplate)(nil), (*v1.PersistentVolumeClaimTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeClaimTemplate_To_v1_PersistentVolumeClaimTemplate(a.(*core.PersistentVolumeClaimTemplate), b.(*v1.PersistentVolumeClaimTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeClaimVolumeSource)(nil), (*core.PersistentVolumeClaimVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeClaimVolumeSource_To_core_PersistentVolumeClaimVolumeSource(a.(*v1.PersistentVolumeClaimVolumeSource), b.(*core.PersistentVolumeClaimVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeClaimVolumeSource)(nil), (*v1.PersistentVolumeClaimVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeClaimVolumeSource_To_v1_PersistentVolumeClaimVolumeSource(a.(*core.PersistentVolumeClaimVolumeSource), b.(*v1.PersistentVolumeClaimVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeList)(nil), (*core.PersistentVolumeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeList_To_core_PersistentVolumeList(a.(*v1.PersistentVolumeList), b.(*core.PersistentVolumeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeList)(nil), (*v1.PersistentVolumeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeList_To_v1_PersistentVolumeList(a.(*core.PersistentVolumeList), b.(*v1.PersistentVolumeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeSource)(nil), (*core.PersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeSource_To_core_PersistentVolumeSource(a.(*v1.PersistentVolumeSource), b.(*core.PersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeSource)(nil), (*v1.PersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeSource_To_v1_PersistentVolumeSource(a.(*core.PersistentVolumeSource), b.(*v1.PersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PersistentVolumeStatus)(nil), (*core.PersistentVolumeStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeStatus_To_core_PersistentVolumeStatus(a.(*v1.PersistentVolumeStatus), b.(*core.PersistentVolumeStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PersistentVolumeStatus)(nil), (*v1.PersistentVolumeStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeStatus_To_v1_PersistentVolumeStatus(a.(*core.PersistentVolumeStatus), b.(*v1.PersistentVolumeStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PhotonPersistentDiskVolumeSource)(nil), (*core.PhotonPersistentDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PhotonPersistentDiskVolumeSource_To_core_PhotonPersistentDiskVolumeSource(a.(*v1.PhotonPersistentDiskVolumeSource), b.(*core.PhotonPersistentDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PhotonPersistentDiskVolumeSource)(nil), (*v1.PhotonPersistentDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PhotonPersistentDiskVolumeSource_To_v1_PhotonPersistentDiskVolumeSource(a.(*core.PhotonPersistentDiskVolumeSource), b.(*v1.PhotonPersistentDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodAffinity)(nil), (*core.PodAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodAffinity_To_core_PodAffinity(a.(*v1.PodAffinity), b.(*core.PodAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodAffinity)(nil), (*v1.PodAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodAffinity_To_v1_PodAffinity(a.(*core.PodAffinity), b.(*v1.PodAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodAffinityTerm)(nil), (*core.PodAffinityTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodAffinityTerm_To_core_PodAffinityTerm(a.(*v1.PodAffinityTerm), b.(*core.PodAffinityTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodAffinityTerm)(nil), (*v1.PodAffinityTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodAffinityTerm_To_v1_PodAffinityTerm(a.(*core.PodAffinityTerm), b.(*v1.PodAffinityTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodAntiAffinity)(nil), (*core.PodAntiAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodAntiAffinity_To_core_PodAntiAffinity(a.(*v1.PodAntiAffinity), b.(*core.PodAntiAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodAntiAffinity)(nil), (*v1.PodAntiAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodAntiAffinity_To_v1_PodAntiAffinity(a.(*core.PodAntiAffinity), b.(*v1.PodAntiAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodAttachOptions)(nil), (*core.PodAttachOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodAttachOptions_To_core_PodAttachOptions(a.(*v1.PodAttachOptions), b.(*core.PodAttachOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodAttachOptions)(nil), (*v1.PodAttachOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodAttachOptions_To_v1_PodAttachOptions(a.(*core.PodAttachOptions), b.(*v1.PodAttachOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodCondition)(nil), (*core.PodCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodCondition_To_core_PodCondition(a.(*v1.PodCondition), b.(*core.PodCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodCondition)(nil), (*v1.PodCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodCondition_To_v1_PodCondition(a.(*core.PodCondition), b.(*v1.PodCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodDNSConfig)(nil), (*core.PodDNSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodDNSConfig_To_core_PodDNSConfig(a.(*v1.PodDNSConfig), b.(*core.PodDNSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodDNSConfig)(nil), (*v1.PodDNSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodDNSConfig_To_v1_PodDNSConfig(a.(*core.PodDNSConfig), b.(*v1.PodDNSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodDNSConfigOption)(nil), (*core.PodDNSConfigOption)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodDNSConfigOption_To_core_PodDNSConfigOption(a.(*v1.PodDNSConfigOption), b.(*core.PodDNSConfigOption), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodDNSConfigOption)(nil), (*v1.PodDNSConfigOption)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodDNSConfigOption_To_v1_PodDNSConfigOption(a.(*core.PodDNSConfigOption), b.(*v1.PodDNSConfigOption), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodExecOptions)(nil), (*core.PodExecOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodExecOptions_To_core_PodExecOptions(a.(*v1.PodExecOptions), b.(*core.PodExecOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodExecOptions)(nil), (*v1.PodExecOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodExecOptions_To_v1_PodExecOptions(a.(*core.PodExecOptions), b.(*v1.PodExecOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodIP)(nil), (*core.PodIP)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodIP_To_core_PodIP(a.(*v1.PodIP), b.(*core.PodIP), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodIP)(nil), (*v1.PodIP)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodIP_To_v1_PodIP(a.(*core.PodIP), b.(*v1.PodIP), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodList)(nil), (*core.PodList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodList_To_core_PodList(a.(*v1.PodList), b.(*core.PodList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodList)(nil), (*v1.PodList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodList_To_v1_PodList(a.(*core.PodList), b.(*v1.PodList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodLogOptions)(nil), (*core.PodLogOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodLogOptions_To_core_PodLogOptions(a.(*v1.PodLogOptions), b.(*core.PodLogOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodLogOptions)(nil), (*v1.PodLogOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodLogOptions_To_v1_PodLogOptions(a.(*core.PodLogOptions), b.(*v1.PodLogOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodOS)(nil), (*core.PodOS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodOS_To_core_PodOS(a.(*v1.PodOS), b.(*core.PodOS), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodOS)(nil), (*v1.PodOS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodOS_To_v1_PodOS(a.(*core.PodOS), b.(*v1.PodOS), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodPortForwardOptions)(nil), (*core.PodPortForwardOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodPortForwardOptions_To_core_PodPortForwardOptions(a.(*v1.PodPortForwardOptions), b.(*core.PodPortForwardOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodPortForwardOptions)(nil), (*v1.PodPortForwardOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodPortForwardOptions_To_v1_PodPortForwardOptions(a.(*core.PodPortForwardOptions), b.(*v1.PodPortForwardOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodProxyOptions)(nil), (*core.PodProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodProxyOptions_To_core_PodProxyOptions(a.(*v1.PodProxyOptions), b.(*core.PodProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodProxyOptions)(nil), (*v1.PodProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodProxyOptions_To_v1_PodProxyOptions(a.(*core.PodProxyOptions), b.(*v1.PodProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodReadinessGate)(nil), (*core.PodReadinessGate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodReadinessGate_To_core_PodReadinessGate(a.(*v1.PodReadinessGate), b.(*core.PodReadinessGate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodReadinessGate)(nil), (*v1.PodReadinessGate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodReadinessGate_To_v1_PodReadinessGate(a.(*core.PodReadinessGate), b.(*v1.PodReadinessGate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodResourceClaim)(nil), (*core.PodResourceClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodResourceClaim_To_core_PodResourceClaim(a.(*v1.PodResourceClaim), b.(*core.PodResourceClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodResourceClaim)(nil), (*v1.PodResourceClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodResourceClaim_To_v1_PodResourceClaim(a.(*core.PodResourceClaim), b.(*v1.PodResourceClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodSchedulingGate)(nil), (*core.PodSchedulingGate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodSchedulingGate_To_core_PodSchedulingGate(a.(*v1.PodSchedulingGate), b.(*core.PodSchedulingGate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodSchedulingGate)(nil), (*v1.PodSchedulingGate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodSchedulingGate_To_v1_PodSchedulingGate(a.(*core.PodSchedulingGate), b.(*v1.PodSchedulingGate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodSecurityContext)(nil), (*core.PodSecurityContext)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodSecurityContext_To_core_PodSecurityContext(a.(*v1.PodSecurityContext), b.(*core.PodSecurityContext), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodSecurityContext)(nil), (*v1.PodSecurityContext)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodSecurityContext_To_v1_PodSecurityContext(a.(*core.PodSecurityContext), b.(*v1.PodSecurityContext), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodSignature)(nil), (*core.PodSignature)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodSignature_To_core_PodSignature(a.(*v1.PodSignature), b.(*core.PodSignature), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodSignature)(nil), (*v1.PodSignature)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodSignature_To_v1_PodSignature(a.(*core.PodSignature), b.(*v1.PodSignature), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodStatusResult)(nil), (*core.PodStatusResult)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodStatusResult_To_core_PodStatusResult(a.(*v1.PodStatusResult), b.(*core.PodStatusResult), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodStatusResult)(nil), (*v1.PodStatusResult)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodStatusResult_To_v1_PodStatusResult(a.(*core.PodStatusResult), b.(*v1.PodStatusResult), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodTemplate)(nil), (*core.PodTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodTemplate_To_core_PodTemplate(a.(*v1.PodTemplate), b.(*core.PodTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodTemplate)(nil), (*v1.PodTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodTemplate_To_v1_PodTemplate(a.(*core.PodTemplate), b.(*v1.PodTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodTemplateList)(nil), (*core.PodTemplateList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodTemplateList_To_core_PodTemplateList(a.(*v1.PodTemplateList), b.(*core.PodTemplateList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PodTemplateList)(nil), (*v1.PodTemplateList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodTemplateList_To_v1_PodTemplateList(a.(*core.PodTemplateList), b.(*v1.PodTemplateList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PortStatus)(nil), (*core.PortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PortStatus_To_core_PortStatus(a.(*v1.PortStatus), b.(*core.PortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PortStatus)(nil), (*v1.PortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PortStatus_To_v1_PortStatus(a.(*core.PortStatus), b.(*v1.PortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PortworxVolumeSource)(nil), (*core.PortworxVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PortworxVolumeSource_To_core_PortworxVolumeSource(a.(*v1.PortworxVolumeSource), b.(*core.PortworxVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PortworxVolumeSource)(nil), (*v1.PortworxVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PortworxVolumeSource_To_v1_PortworxVolumeSource(a.(*core.PortworxVolumeSource), b.(*v1.PortworxVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Preconditions)(nil), (*core.Preconditions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Preconditions_To_core_Preconditions(a.(*v1.Preconditions), b.(*core.Preconditions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Preconditions)(nil), (*v1.Preconditions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Preconditions_To_v1_Preconditions(a.(*core.Preconditions), b.(*v1.Preconditions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PreferAvoidPodsEntry)(nil), (*core.PreferAvoidPodsEntry)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PreferAvoidPodsEntry_To_core_PreferAvoidPodsEntry(a.(*v1.PreferAvoidPodsEntry), b.(*core.PreferAvoidPodsEntry), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PreferAvoidPodsEntry)(nil), (*v1.PreferAvoidPodsEntry)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PreferAvoidPodsEntry_To_v1_PreferAvoidPodsEntry(a.(*core.PreferAvoidPodsEntry), b.(*v1.PreferAvoidPodsEntry), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PreferredSchedulingTerm)(nil), (*core.PreferredSchedulingTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PreferredSchedulingTerm_To_core_PreferredSchedulingTerm(a.(*v1.PreferredSchedulingTerm), b.(*core.PreferredSchedulingTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.PreferredSchedulingTerm)(nil), (*v1.PreferredSchedulingTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PreferredSchedulingTerm_To_v1_PreferredSchedulingTerm(a.(*core.PreferredSchedulingTerm), b.(*v1.PreferredSchedulingTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Probe)(nil), (*core.Probe)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Probe_To_core_Probe(a.(*v1.Probe), b.(*core.Probe), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Probe)(nil), (*v1.Probe)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Probe_To_v1_Probe(a.(*core.Probe), b.(*v1.Probe), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ProbeHandler)(nil), (*core.ProbeHandler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ProbeHandler_To_core_ProbeHandler(a.(*v1.ProbeHandler), b.(*core.ProbeHandler), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ProbeHandler)(nil), (*v1.ProbeHandler)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ProbeHandler_To_v1_ProbeHandler(a.(*core.ProbeHandler), b.(*v1.ProbeHandler), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ProjectedVolumeSource)(nil), (*core.ProjectedVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource(a.(*v1.ProjectedVolumeSource), b.(*core.ProjectedVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ProjectedVolumeSource)(nil), (*v1.ProjectedVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ProjectedVolumeSource_To_v1_ProjectedVolumeSource(a.(*core.ProjectedVolumeSource), b.(*v1.ProjectedVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.QuobyteVolumeSource)(nil), (*core.QuobyteVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_QuobyteVolumeSource_To_core_QuobyteVolumeSource(a.(*v1.QuobyteVolumeSource), b.(*core.QuobyteVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.QuobyteVolumeSource)(nil), (*v1.QuobyteVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_QuobyteVolumeSource_To_v1_QuobyteVolumeSource(a.(*core.QuobyteVolumeSource), b.(*v1.QuobyteVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RBDPersistentVolumeSource)(nil), (*core.RBDPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RBDPersistentVolumeSource_To_core_RBDPersistentVolumeSource(a.(*v1.RBDPersistentVolumeSource), b.(*core.RBDPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.RBDPersistentVolumeSource)(nil), (*v1.RBDPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_RBDPersistentVolumeSource_To_v1_RBDPersistentVolumeSource(a.(*core.RBDPersistentVolumeSource), b.(*v1.RBDPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RBDVolumeSource)(nil), (*core.RBDVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RBDVolumeSource_To_core_RBDVolumeSource(a.(*v1.RBDVolumeSource), b.(*core.RBDVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.RBDVolumeSource)(nil), (*v1.RBDVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_RBDVolumeSource_To_v1_RBDVolumeSource(a.(*core.RBDVolumeSource), b.(*v1.RBDVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RangeAllocation)(nil), (*core.RangeAllocation)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RangeAllocation_To_core_RangeAllocation(a.(*v1.RangeAllocation), b.(*core.RangeAllocation), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.RangeAllocation)(nil), (*v1.RangeAllocation)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_RangeAllocation_To_v1_RangeAllocation(a.(*core.RangeAllocation), b.(*v1.RangeAllocation), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicationController)(nil), (*core.ReplicationController)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationController_To_core_ReplicationController(a.(*v1.ReplicationController), b.(*core.ReplicationController), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ReplicationController)(nil), (*v1.ReplicationController)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ReplicationController_To_v1_ReplicationController(a.(*core.ReplicationController), b.(*v1.ReplicationController), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicationControllerCondition)(nil), (*core.ReplicationControllerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationControllerCondition_To_core_ReplicationControllerCondition(a.(*v1.ReplicationControllerCondition), b.(*core.ReplicationControllerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ReplicationControllerCondition)(nil), (*v1.ReplicationControllerCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ReplicationControllerCondition_To_v1_ReplicationControllerCondition(a.(*core.ReplicationControllerCondition), b.(*v1.ReplicationControllerCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicationControllerList)(nil), (*core.ReplicationControllerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationControllerList_To_core_ReplicationControllerList(a.(*v1.ReplicationControllerList), b.(*core.ReplicationControllerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ReplicationControllerList)(nil), (*v1.ReplicationControllerList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ReplicationControllerList_To_v1_ReplicationControllerList(a.(*core.ReplicationControllerList), b.(*v1.ReplicationControllerList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ReplicationControllerStatus)(nil), (*core.ReplicationControllerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationControllerStatus_To_core_ReplicationControllerStatus(a.(*v1.ReplicationControllerStatus), b.(*core.ReplicationControllerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ReplicationControllerStatus)(nil), (*v1.ReplicationControllerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ReplicationControllerStatus_To_v1_ReplicationControllerStatus(a.(*core.ReplicationControllerStatus), b.(*v1.ReplicationControllerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceClaim)(nil), (*core.ResourceClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceClaim_To_core_ResourceClaim(a.(*v1.ResourceClaim), b.(*core.ResourceClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ResourceClaim)(nil), (*v1.ResourceClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ResourceClaim_To_v1_ResourceClaim(a.(*core.ResourceClaim), b.(*v1.ResourceClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceFieldSelector)(nil), (*core.ResourceFieldSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceFieldSelector_To_core_ResourceFieldSelector(a.(*v1.ResourceFieldSelector), b.(*core.ResourceFieldSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ResourceFieldSelector)(nil), (*v1.ResourceFieldSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ResourceFieldSelector_To_v1_ResourceFieldSelector(a.(*core.ResourceFieldSelector), b.(*v1.ResourceFieldSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceQuota)(nil), (*core.ResourceQuota)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceQuota_To_core_ResourceQuota(a.(*v1.ResourceQuota), b.(*core.ResourceQuota), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ResourceQuota)(nil), (*v1.ResourceQuota)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ResourceQuota_To_v1_ResourceQuota(a.(*core.ResourceQuota), b.(*v1.ResourceQuota), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceQuotaList)(nil), (*core.ResourceQuotaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceQuotaList_To_core_ResourceQuotaList(a.(*v1.ResourceQuotaList), b.(*core.ResourceQuotaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ResourceQuotaList)(nil), (*v1.ResourceQuotaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ResourceQuotaList_To_v1_ResourceQuotaList(a.(*core.ResourceQuotaList), b.(*v1.ResourceQuotaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceQuotaSpec)(nil), (*core.ResourceQuotaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceQuotaSpec_To_core_ResourceQuotaSpec(a.(*v1.ResourceQuotaSpec), b.(*core.ResourceQuotaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ResourceQuotaSpec)(nil), (*v1.ResourceQuotaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ResourceQuotaSpec_To_v1_ResourceQuotaSpec(a.(*core.ResourceQuotaSpec), b.(*v1.ResourceQuotaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceQuotaStatus)(nil), (*core.ResourceQuotaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceQuotaStatus_To_core_ResourceQuotaStatus(a.(*v1.ResourceQuotaStatus), b.(*core.ResourceQuotaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ResourceQuotaStatus)(nil), (*v1.ResourceQuotaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ResourceQuotaStatus_To_v1_ResourceQuotaStatus(a.(*core.ResourceQuotaStatus), b.(*v1.ResourceQuotaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ResourceRequirements)(nil), (*core.ResourceRequirements)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceRequirements_To_core_ResourceRequirements(a.(*v1.ResourceRequirements), b.(*core.ResourceRequirements), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ResourceRequirements)(nil), (*v1.ResourceRequirements)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ResourceRequirements_To_v1_ResourceRequirements(a.(*core.ResourceRequirements), b.(*v1.ResourceRequirements), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SELinuxOptions)(nil), (*core.SELinuxOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SELinuxOptions_To_core_SELinuxOptions(a.(*v1.SELinuxOptions), b.(*core.SELinuxOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SELinuxOptions)(nil), (*v1.SELinuxOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SELinuxOptions_To_v1_SELinuxOptions(a.(*core.SELinuxOptions), b.(*v1.SELinuxOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ScaleIOPersistentVolumeSource)(nil), (*core.ScaleIOPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ScaleIOPersistentVolumeSource_To_core_ScaleIOPersistentVolumeSource(a.(*v1.ScaleIOPersistentVolumeSource), b.(*core.ScaleIOPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ScaleIOPersistentVolumeSource)(nil), (*v1.ScaleIOPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ScaleIOPersistentVolumeSource_To_v1_ScaleIOPersistentVolumeSource(a.(*core.ScaleIOPersistentVolumeSource), b.(*v1.ScaleIOPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ScaleIOVolumeSource)(nil), (*core.ScaleIOVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ScaleIOVolumeSource_To_core_ScaleIOVolumeSource(a.(*v1.ScaleIOVolumeSource), b.(*core.ScaleIOVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ScaleIOVolumeSource)(nil), (*v1.ScaleIOVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ScaleIOVolumeSource_To_v1_ScaleIOVolumeSource(a.(*core.ScaleIOVolumeSource), b.(*v1.ScaleIOVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ScopeSelector)(nil), (*core.ScopeSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ScopeSelector_To_core_ScopeSelector(a.(*v1.ScopeSelector), b.(*core.ScopeSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ScopeSelector)(nil), (*v1.ScopeSelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ScopeSelector_To_v1_ScopeSelector(a.(*core.ScopeSelector), b.(*v1.ScopeSelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ScopedResourceSelectorRequirement)(nil), (*core.ScopedResourceSelectorRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ScopedResourceSelectorRequirement_To_core_ScopedResourceSelectorRequirement(a.(*v1.ScopedResourceSelectorRequirement), b.(*core.ScopedResourceSelectorRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ScopedResourceSelectorRequirement)(nil), (*v1.ScopedResourceSelectorRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ScopedResourceSelectorRequirement_To_v1_ScopedResourceSelectorRequirement(a.(*core.ScopedResourceSelectorRequirement), b.(*v1.ScopedResourceSelectorRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SeccompProfile)(nil), (*core.SeccompProfile)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SeccompProfile_To_core_SeccompProfile(a.(*v1.SeccompProfile), b.(*core.SeccompProfile), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SeccompProfile)(nil), (*v1.SeccompProfile)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SeccompProfile_To_v1_SeccompProfile(a.(*core.SeccompProfile), b.(*v1.SeccompProfile), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Secret)(nil), (*v1.Secret)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Secret_To_v1_Secret(a.(*core.Secret), b.(*v1.Secret), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SecretEnvSource)(nil), (*core.SecretEnvSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretEnvSource_To_core_SecretEnvSource(a.(*v1.SecretEnvSource), b.(*core.SecretEnvSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SecretEnvSource)(nil), (*v1.SecretEnvSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SecretEnvSource_To_v1_SecretEnvSource(a.(*core.SecretEnvSource), b.(*v1.SecretEnvSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SecretKeySelector)(nil), (*core.SecretKeySelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretKeySelector_To_core_SecretKeySelector(a.(*v1.SecretKeySelector), b.(*core.SecretKeySelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SecretKeySelector)(nil), (*v1.SecretKeySelector)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SecretKeySelector_To_v1_SecretKeySelector(a.(*core.SecretKeySelector), b.(*v1.SecretKeySelector), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SecretList)(nil), (*core.SecretList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretList_To_core_SecretList(a.(*v1.SecretList), b.(*core.SecretList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SecretList)(nil), (*v1.SecretList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SecretList_To_v1_SecretList(a.(*core.SecretList), b.(*v1.SecretList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SecretProjection)(nil), (*core.SecretProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretProjection_To_core_SecretProjection(a.(*v1.SecretProjection), b.(*core.SecretProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SecretProjection)(nil), (*v1.SecretProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SecretProjection_To_v1_SecretProjection(a.(*core.SecretProjection), b.(*v1.SecretProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SecretReference)(nil), (*core.SecretReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretReference_To_core_SecretReference(a.(*v1.SecretReference), b.(*core.SecretReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SecretReference)(nil), (*v1.SecretReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SecretReference_To_v1_SecretReference(a.(*core.SecretReference), b.(*v1.SecretReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SecretVolumeSource)(nil), (*core.SecretVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecretVolumeSource_To_core_SecretVolumeSource(a.(*v1.SecretVolumeSource), b.(*core.SecretVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SecretVolumeSource)(nil), (*v1.SecretVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SecretVolumeSource_To_v1_SecretVolumeSource(a.(*core.SecretVolumeSource), b.(*v1.SecretVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SecurityContext)(nil), (*core.SecurityContext)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SecurityContext_To_core_SecurityContext(a.(*v1.SecurityContext), b.(*core.SecurityContext), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SecurityContext)(nil), (*v1.SecurityContext)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SecurityContext_To_v1_SecurityContext(a.(*core.SecurityContext), b.(*v1.SecurityContext), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SerializedReference)(nil), (*core.SerializedReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SerializedReference_To_core_SerializedReference(a.(*v1.SerializedReference), b.(*core.SerializedReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SerializedReference)(nil), (*v1.SerializedReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SerializedReference_To_v1_SerializedReference(a.(*core.SerializedReference), b.(*v1.SerializedReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Service)(nil), (*core.Service)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Service_To_core_Service(a.(*v1.Service), b.(*core.Service), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Service)(nil), (*v1.Service)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Service_To_v1_Service(a.(*core.Service), b.(*v1.Service), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceAccount)(nil), (*core.ServiceAccount)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceAccount_To_core_ServiceAccount(a.(*v1.ServiceAccount), b.(*core.ServiceAccount), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServiceAccount)(nil), (*v1.ServiceAccount)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServiceAccount_To_v1_ServiceAccount(a.(*core.ServiceAccount), b.(*v1.ServiceAccount), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceAccountList)(nil), (*core.ServiceAccountList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceAccountList_To_core_ServiceAccountList(a.(*v1.ServiceAccountList), b.(*core.ServiceAccountList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServiceAccountList)(nil), (*v1.ServiceAccountList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServiceAccountList_To_v1_ServiceAccountList(a.(*core.ServiceAccountList), b.(*v1.ServiceAccountList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceAccountTokenProjection)(nil), (*core.ServiceAccountTokenProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceAccountTokenProjection_To_core_ServiceAccountTokenProjection(a.(*v1.ServiceAccountTokenProjection), b.(*core.ServiceAccountTokenProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServiceAccountTokenProjection)(nil), (*v1.ServiceAccountTokenProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServiceAccountTokenProjection_To_v1_ServiceAccountTokenProjection(a.(*core.ServiceAccountTokenProjection), b.(*v1.ServiceAccountTokenProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceList)(nil), (*core.ServiceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceList_To_core_ServiceList(a.(*v1.ServiceList), b.(*core.ServiceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServiceList)(nil), (*v1.ServiceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServiceList_To_v1_ServiceList(a.(*core.ServiceList), b.(*v1.ServiceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServicePort)(nil), (*core.ServicePort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServicePort_To_core_ServicePort(a.(*v1.ServicePort), b.(*core.ServicePort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServicePort)(nil), (*v1.ServicePort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServicePort_To_v1_ServicePort(a.(*core.ServicePort), b.(*v1.ServicePort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceProxyOptions)(nil), (*core.ServiceProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceProxyOptions_To_core_ServiceProxyOptions(a.(*v1.ServiceProxyOptions), b.(*core.ServiceProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServiceProxyOptions)(nil), (*v1.ServiceProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServiceProxyOptions_To_v1_ServiceProxyOptions(a.(*core.ServiceProxyOptions), b.(*v1.ServiceProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceSpec)(nil), (*core.ServiceSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceSpec_To_core_ServiceSpec(a.(*v1.ServiceSpec), b.(*core.ServiceSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServiceSpec)(nil), (*v1.ServiceSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServiceSpec_To_v1_ServiceSpec(a.(*core.ServiceSpec), b.(*v1.ServiceSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceStatus)(nil), (*core.ServiceStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceStatus_To_core_ServiceStatus(a.(*v1.ServiceStatus), b.(*core.ServiceStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.ServiceStatus)(nil), (*v1.ServiceStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ServiceStatus_To_v1_ServiceStatus(a.(*core.ServiceStatus), b.(*v1.ServiceStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.SessionAffinityConfig)(nil), (*core.SessionAffinityConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_SessionAffinityConfig_To_core_SessionAffinityConfig(a.(*v1.SessionAffinityConfig), b.(*core.SessionAffinityConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.SessionAffinityConfig)(nil), (*v1.SessionAffinityConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_SessionAffinityConfig_To_v1_SessionAffinityConfig(a.(*core.SessionAffinityConfig), b.(*v1.SessionAffinityConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StorageOSPersistentVolumeSource)(nil), (*core.StorageOSPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StorageOSPersistentVolumeSource_To_core_StorageOSPersistentVolumeSource(a.(*v1.StorageOSPersistentVolumeSource), b.(*core.StorageOSPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.StorageOSPersistentVolumeSource)(nil), (*v1.StorageOSPersistentVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_StorageOSPersistentVolumeSource_To_v1_StorageOSPersistentVolumeSource(a.(*core.StorageOSPersistentVolumeSource), b.(*v1.StorageOSPersistentVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StorageOSVolumeSource)(nil), (*core.StorageOSVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StorageOSVolumeSource_To_core_StorageOSVolumeSource(a.(*v1.StorageOSVolumeSource), b.(*core.StorageOSVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.StorageOSVolumeSource)(nil), (*v1.StorageOSVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_StorageOSVolumeSource_To_v1_StorageOSVolumeSource(a.(*core.StorageOSVolumeSource), b.(*v1.StorageOSVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Sysctl)(nil), (*core.Sysctl)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Sysctl_To_core_Sysctl(a.(*v1.Sysctl), b.(*core.Sysctl), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Sysctl)(nil), (*v1.Sysctl)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Sysctl_To_v1_Sysctl(a.(*core.Sysctl), b.(*v1.Sysctl), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TCPSocketAction)(nil), (*core.TCPSocketAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TCPSocketAction_To_core_TCPSocketAction(a.(*v1.TCPSocketAction), b.(*core.TCPSocketAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.TCPSocketAction)(nil), (*v1.TCPSocketAction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_TCPSocketAction_To_v1_TCPSocketAction(a.(*core.TCPSocketAction), b.(*v1.TCPSocketAction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Taint)(nil), (*core.Taint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Taint_To_core_Taint(a.(*v1.Taint), b.(*core.Taint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Taint)(nil), (*v1.Taint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Taint_To_v1_Taint(a.(*core.Taint), b.(*v1.Taint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Toleration)(nil), (*core.Toleration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Toleration_To_core_Toleration(a.(*v1.Toleration), b.(*core.Toleration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.Toleration)(nil), (*v1.Toleration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Toleration_To_v1_Toleration(a.(*core.Toleration), b.(*v1.Toleration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TopologySelectorLabelRequirement)(nil), (*core.TopologySelectorLabelRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TopologySelectorLabelRequirement_To_core_TopologySelectorLabelRequirement(a.(*v1.TopologySelectorLabelRequirement), b.(*core.TopologySelectorLabelRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.TopologySelectorLabelRequirement)(nil), (*v1.TopologySelectorLabelRequirement)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_TopologySelectorLabelRequirement_To_v1_TopologySelectorLabelRequirement(a.(*core.TopologySelectorLabelRequirement), b.(*v1.TopologySelectorLabelRequirement), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TopologySelectorTerm)(nil), (*core.TopologySelectorTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TopologySelectorTerm_To_core_TopologySelectorTerm(a.(*v1.TopologySelectorTerm), b.(*core.TopologySelectorTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.TopologySelectorTerm)(nil), (*v1.TopologySelectorTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_TopologySelectorTerm_To_v1_TopologySelectorTerm(a.(*core.TopologySelectorTerm), b.(*v1.TopologySelectorTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TopologySpreadConstraint)(nil), (*core.TopologySpreadConstraint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TopologySpreadConstraint_To_core_TopologySpreadConstraint(a.(*v1.TopologySpreadConstraint), b.(*core.TopologySpreadConstraint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.TopologySpreadConstraint)(nil), (*v1.TopologySpreadConstraint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_TopologySpreadConstraint_To_v1_TopologySpreadConstraint(a.(*core.TopologySpreadConstraint), b.(*v1.TopologySpreadConstraint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TypedLocalObjectReference)(nil), (*core.TypedLocalObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TypedLocalObjectReference_To_core_TypedLocalObjectReference(a.(*v1.TypedLocalObjectReference), b.(*core.TypedLocalObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.TypedLocalObjectReference)(nil), (*v1.TypedLocalObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_TypedLocalObjectReference_To_v1_TypedLocalObjectReference(a.(*core.TypedLocalObjectReference), b.(*v1.TypedLocalObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TypedObjectReference)(nil), (*core.TypedObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TypedObjectReference_To_core_TypedObjectReference(a.(*v1.TypedObjectReference), b.(*core.TypedObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.TypedObjectReference)(nil), (*v1.TypedObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_TypedObjectReference_To_v1_TypedObjectReference(a.(*core.TypedObjectReference), b.(*v1.TypedObjectReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeDevice)(nil), (*core.VolumeDevice)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeDevice_To_core_VolumeDevice(a.(*v1.VolumeDevice), b.(*core.VolumeDevice), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.VolumeDevice)(nil), (*v1.VolumeDevice)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_VolumeDevice_To_v1_VolumeDevice(a.(*core.VolumeDevice), b.(*v1.VolumeDevice), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeMount)(nil), (*core.VolumeMount)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeMount_To_core_VolumeMount(a.(*v1.VolumeMount), b.(*core.VolumeMount), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.VolumeMount)(nil), (*v1.VolumeMount)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_VolumeMount_To_v1_VolumeMount(a.(*core.VolumeMount), b.(*v1.VolumeMount), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeNodeAffinity)(nil), (*core.VolumeNodeAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeNodeAffinity_To_core_VolumeNodeAffinity(a.(*v1.VolumeNodeAffinity), b.(*core.VolumeNodeAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.VolumeNodeAffinity)(nil), (*v1.VolumeNodeAffinity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_VolumeNodeAffinity_To_v1_VolumeNodeAffinity(a.(*core.VolumeNodeAffinity), b.(*v1.VolumeNodeAffinity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeProjection)(nil), (*core.VolumeProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeProjection_To_core_VolumeProjection(a.(*v1.VolumeProjection), b.(*core.VolumeProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.VolumeProjection)(nil), (*v1.VolumeProjection)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_VolumeProjection_To_v1_VolumeProjection(a.(*core.VolumeProjection), b.(*v1.VolumeProjection), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeSource)(nil), (*core.VolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeSource_To_core_VolumeSource(a.(*v1.VolumeSource), b.(*core.VolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.VolumeSource)(nil), (*v1.VolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_VolumeSource_To_v1_VolumeSource(a.(*core.VolumeSource), b.(*v1.VolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VsphereVirtualDiskVolumeSource)(nil), (*core.VsphereVirtualDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VsphereVirtualDiskVolumeSource_To_core_VsphereVirtualDiskVolumeSource(a.(*v1.VsphereVirtualDiskVolumeSource), b.(*core.VsphereVirtualDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.VsphereVirtualDiskVolumeSource)(nil), (*v1.VsphereVirtualDiskVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_VsphereVirtualDiskVolumeSource_To_v1_VsphereVirtualDiskVolumeSource(a.(*core.VsphereVirtualDiskVolumeSource), b.(*v1.VsphereVirtualDiskVolumeSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.WeightedPodAffinityTerm)(nil), (*core.WeightedPodAffinityTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_WeightedPodAffinityTerm_To_core_WeightedPodAffinityTerm(a.(*v1.WeightedPodAffinityTerm), b.(*core.WeightedPodAffinityTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.WeightedPodAffinityTerm)(nil), (*v1.WeightedPodAffinityTerm)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_WeightedPodAffinityTerm_To_v1_WeightedPodAffinityTerm(a.(*core.WeightedPodAffinityTerm), b.(*v1.WeightedPodAffinityTerm), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.WindowsSecurityContextOptions)(nil), (*core.WindowsSecurityContextOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_WindowsSecurityContextOptions_To_core_WindowsSecurityContextOptions(a.(*v1.WindowsSecurityContextOptions), b.(*core.WindowsSecurityContextOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.WindowsSecurityContextOptions)(nil), (*v1.WindowsSecurityContextOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_WindowsSecurityContextOptions_To_v1_WindowsSecurityContextOptions(a.(*core.WindowsSecurityContextOptions), b.(*v1.WindowsSecurityContextOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*url.Values)(nil), (*v1.NodeProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_url_Values_To_v1_NodeProxyOptions(a.(*url.Values), b.(*v1.NodeProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*url.Values)(nil), (*v1.PodAttachOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_url_Values_To_v1_PodAttachOptions(a.(*url.Values), b.(*v1.PodAttachOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*url.Values)(nil), (*v1.PodExecOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_url_Values_To_v1_PodExecOptions(a.(*url.Values), b.(*v1.PodExecOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*url.Values)(nil), (*v1.PodLogOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_url_Values_To_v1_PodLogOptions(a.(*url.Values), b.(*v1.PodLogOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*url.Values)(nil), (*v1.PodPortForwardOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_url_Values_To_v1_PodPortForwardOptions(a.(*url.Values), b.(*v1.PodPortForwardOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*url.Values)(nil), (*v1.PodProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_url_Values_To_v1_PodProxyOptions(a.(*url.Values), b.(*v1.PodProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*url.Values)(nil), (*v1.ServiceProxyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_url_Values_To_v1_ServiceProxyOptions(a.(*url.Values), b.(*v1.ServiceProxyOptions), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.ReplicaSetSpec)(nil), (*v1.ReplicationControllerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetSpec_To_v1_ReplicationControllerSpec(a.(*apps.ReplicaSetSpec), b.(*v1.ReplicationControllerSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.ReplicaSetStatus)(nil), (*v1.ReplicationControllerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetStatus_To_v1_ReplicationControllerStatus(a.(*apps.ReplicaSetStatus), b.(*v1.ReplicationControllerStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*apps.ReplicaSet)(nil), (*v1.ReplicationController)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSet_To_v1_ReplicationController(a.(*apps.ReplicaSet), b.(*v1.ReplicationController), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.LoadBalancerStatus)(nil), (*v1.LoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_LoadBalancerStatus_To_v1_LoadBalancerStatus(a.(*core.LoadBalancerStatus), b.(*v1.LoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.NodeSpec)(nil), (*v1.NodeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_NodeSpec_To_v1_NodeSpec(a.(*core.NodeSpec), b.(*v1.NodeSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.PersistentVolumeSpec)(nil), (*v1.PersistentVolumeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(a.(*core.PersistentVolumeSpec), b.(*v1.PersistentVolumeSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.PodSpec)(nil), (*v1.PodSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodSpec_To_v1_PodSpec(a.(*core.PodSpec), b.(*v1.PodSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.PodStatus)(nil), (*v1.PodStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodStatus_To_v1_PodStatus(a.(*core.PodStatus), b.(*v1.PodStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.PodTemplateSpec)(nil), (*v1.PodTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(a.(*core.PodTemplateSpec), b.(*v1.PodTemplateSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.Pod)(nil), (*v1.Pod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Pod_To_v1_Pod(a.(*core.Pod), b.(*v1.Pod), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.ReplicationControllerSpec)(nil), (*v1.ReplicationControllerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_ReplicationControllerSpec_To_v1_ReplicationControllerSpec(a.(*core.ReplicationControllerSpec), b.(*v1.ReplicationControllerSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.Volume)(nil), (*v1.Volume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Volume_To_v1_Volume(a.(*core.Volume), b.(*v1.Volume), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.LoadBalancerStatus)(nil), (*core.LoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_LoadBalancerStatus_To_core_LoadBalancerStatus(a.(*v1.LoadBalancerStatus), b.(*core.LoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.NodeSpec)(nil), (*core.NodeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NodeSpec_To_core_NodeSpec(a.(*v1.NodeSpec), b.(*core.NodeSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.PersistentVolumeSpec)(nil), (*core.PersistentVolumeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(a.(*v1.PersistentVolumeSpec), b.(*core.PersistentVolumeSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.PodSpec)(nil), (*core.PodSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodSpec_To_core_PodSpec(a.(*v1.PodSpec), b.(*core.PodSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.PodStatus)(nil), (*core.PodStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodStatus_To_core_PodStatus(a.(*v1.PodStatus), b.(*core.PodStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.PodTemplateSpec)(nil), (*core.PodTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(a.(*v1.PodTemplateSpec), b.(*core.PodTemplateSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.Pod)(nil), (*core.Pod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Pod_To_core_Pod(a.(*v1.Pod), b.(*core.Pod), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ReplicationControllerSpec)(nil), (*apps.ReplicaSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationControllerSpec_To_apps_ReplicaSetSpec(a.(*v1.ReplicationControllerSpec), b.(*apps.ReplicaSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ReplicationControllerSpec)(nil), (*core.ReplicationControllerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationControllerSpec_To_core_ReplicationControllerSpec(a.(*v1.ReplicationControllerSpec), b.(*core.ReplicationControllerSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ReplicationControllerStatus)(nil), (*apps.ReplicaSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationControllerStatus_To_apps_ReplicaSetStatus(a.(*v1.ReplicationControllerStatus), b.(*apps.ReplicaSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ReplicationController)(nil), (*apps.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ReplicationController_To_apps_ReplicaSet(a.(*v1.ReplicationController), b.(*apps.ReplicaSet), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.ResourceList)(nil), (*core.ResourceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ResourceList_To_core_ResourceList(a.(*v1.ResourceList), b.(*core.ResourceList), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.Secret)(nil), (*core.Secret)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Secret_To_core_Secret(a.(*v1.Secret), b.(*core.Secret), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.Volume)(nil), (*core.Volume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Volume_To_core_Volume(a.(*v1.Volume), b.(*core.Volume), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_AWSElasticBlockStoreVolumeSource_To_core_AWSElasticBlockStoreVolumeSource(in *v1.AWSElasticBlockStoreVolumeSource, out *core.AWSElasticBlockStoreVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.Partition = in.Partition - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_AWSElasticBlockStoreVolumeSource_To_core_AWSElasticBlockStoreVolumeSource is an autogenerated conversion function. -func Convert_v1_AWSElasticBlockStoreVolumeSource_To_core_AWSElasticBlockStoreVolumeSource(in *v1.AWSElasticBlockStoreVolumeSource, out *core.AWSElasticBlockStoreVolumeSource, s conversion.Scope) error { - return autoConvert_v1_AWSElasticBlockStoreVolumeSource_To_core_AWSElasticBlockStoreVolumeSource(in, out, s) -} - -func autoConvert_core_AWSElasticBlockStoreVolumeSource_To_v1_AWSElasticBlockStoreVolumeSource(in *core.AWSElasticBlockStoreVolumeSource, out *v1.AWSElasticBlockStoreVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.Partition = in.Partition - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_AWSElasticBlockStoreVolumeSource_To_v1_AWSElasticBlockStoreVolumeSource is an autogenerated conversion function. -func Convert_core_AWSElasticBlockStoreVolumeSource_To_v1_AWSElasticBlockStoreVolumeSource(in *core.AWSElasticBlockStoreVolumeSource, out *v1.AWSElasticBlockStoreVolumeSource, s conversion.Scope) error { - return autoConvert_core_AWSElasticBlockStoreVolumeSource_To_v1_AWSElasticBlockStoreVolumeSource(in, out, s) -} - -func autoConvert_v1_Affinity_To_core_Affinity(in *v1.Affinity, out *core.Affinity, s conversion.Scope) error { - out.NodeAffinity = (*core.NodeAffinity)(unsafe.Pointer(in.NodeAffinity)) - out.PodAffinity = (*core.PodAffinity)(unsafe.Pointer(in.PodAffinity)) - out.PodAntiAffinity = (*core.PodAntiAffinity)(unsafe.Pointer(in.PodAntiAffinity)) - return nil -} - -// Convert_v1_Affinity_To_core_Affinity is an autogenerated conversion function. -func Convert_v1_Affinity_To_core_Affinity(in *v1.Affinity, out *core.Affinity, s conversion.Scope) error { - return autoConvert_v1_Affinity_To_core_Affinity(in, out, s) -} - -func autoConvert_core_Affinity_To_v1_Affinity(in *core.Affinity, out *v1.Affinity, s conversion.Scope) error { - out.NodeAffinity = (*v1.NodeAffinity)(unsafe.Pointer(in.NodeAffinity)) - out.PodAffinity = (*v1.PodAffinity)(unsafe.Pointer(in.PodAffinity)) - out.PodAntiAffinity = (*v1.PodAntiAffinity)(unsafe.Pointer(in.PodAntiAffinity)) - return nil -} - -// Convert_core_Affinity_To_v1_Affinity is an autogenerated conversion function. -func Convert_core_Affinity_To_v1_Affinity(in *core.Affinity, out *v1.Affinity, s conversion.Scope) error { - return autoConvert_core_Affinity_To_v1_Affinity(in, out, s) -} - -func autoConvert_v1_AttachedVolume_To_core_AttachedVolume(in *v1.AttachedVolume, out *core.AttachedVolume, s conversion.Scope) error { - out.Name = core.UniqueVolumeName(in.Name) - out.DevicePath = in.DevicePath - return nil -} - -// Convert_v1_AttachedVolume_To_core_AttachedVolume is an autogenerated conversion function. -func Convert_v1_AttachedVolume_To_core_AttachedVolume(in *v1.AttachedVolume, out *core.AttachedVolume, s conversion.Scope) error { - return autoConvert_v1_AttachedVolume_To_core_AttachedVolume(in, out, s) -} - -func autoConvert_core_AttachedVolume_To_v1_AttachedVolume(in *core.AttachedVolume, out *v1.AttachedVolume, s conversion.Scope) error { - out.Name = v1.UniqueVolumeName(in.Name) - out.DevicePath = in.DevicePath - return nil -} - -// Convert_core_AttachedVolume_To_v1_AttachedVolume is an autogenerated conversion function. -func Convert_core_AttachedVolume_To_v1_AttachedVolume(in *core.AttachedVolume, out *v1.AttachedVolume, s conversion.Scope) error { - return autoConvert_core_AttachedVolume_To_v1_AttachedVolume(in, out, s) -} - -func autoConvert_v1_AvoidPods_To_core_AvoidPods(in *v1.AvoidPods, out *core.AvoidPods, s conversion.Scope) error { - out.PreferAvoidPods = *(*[]core.PreferAvoidPodsEntry)(unsafe.Pointer(&in.PreferAvoidPods)) - return nil -} - -// Convert_v1_AvoidPods_To_core_AvoidPods is an autogenerated conversion function. -func Convert_v1_AvoidPods_To_core_AvoidPods(in *v1.AvoidPods, out *core.AvoidPods, s conversion.Scope) error { - return autoConvert_v1_AvoidPods_To_core_AvoidPods(in, out, s) -} - -func autoConvert_core_AvoidPods_To_v1_AvoidPods(in *core.AvoidPods, out *v1.AvoidPods, s conversion.Scope) error { - out.PreferAvoidPods = *(*[]v1.PreferAvoidPodsEntry)(unsafe.Pointer(&in.PreferAvoidPods)) - return nil -} - -// Convert_core_AvoidPods_To_v1_AvoidPods is an autogenerated conversion function. -func Convert_core_AvoidPods_To_v1_AvoidPods(in *core.AvoidPods, out *v1.AvoidPods, s conversion.Scope) error { - return autoConvert_core_AvoidPods_To_v1_AvoidPods(in, out, s) -} - -func autoConvert_v1_AzureDiskVolumeSource_To_core_AzureDiskVolumeSource(in *v1.AzureDiskVolumeSource, out *core.AzureDiskVolumeSource, s conversion.Scope) error { - out.DiskName = in.DiskName - out.DataDiskURI = in.DataDiskURI - out.CachingMode = (*core.AzureDataDiskCachingMode)(unsafe.Pointer(in.CachingMode)) - out.FSType = (*string)(unsafe.Pointer(in.FSType)) - out.ReadOnly = (*bool)(unsafe.Pointer(in.ReadOnly)) - out.Kind = (*core.AzureDataDiskKind)(unsafe.Pointer(in.Kind)) - return nil -} - -// Convert_v1_AzureDiskVolumeSource_To_core_AzureDiskVolumeSource is an autogenerated conversion function. -func Convert_v1_AzureDiskVolumeSource_To_core_AzureDiskVolumeSource(in *v1.AzureDiskVolumeSource, out *core.AzureDiskVolumeSource, s conversion.Scope) error { - return autoConvert_v1_AzureDiskVolumeSource_To_core_AzureDiskVolumeSource(in, out, s) -} - -func autoConvert_core_AzureDiskVolumeSource_To_v1_AzureDiskVolumeSource(in *core.AzureDiskVolumeSource, out *v1.AzureDiskVolumeSource, s conversion.Scope) error { - out.DiskName = in.DiskName - out.DataDiskURI = in.DataDiskURI - out.CachingMode = (*v1.AzureDataDiskCachingMode)(unsafe.Pointer(in.CachingMode)) - out.FSType = (*string)(unsafe.Pointer(in.FSType)) - out.ReadOnly = (*bool)(unsafe.Pointer(in.ReadOnly)) - out.Kind = (*v1.AzureDataDiskKind)(unsafe.Pointer(in.Kind)) - return nil -} - -// Convert_core_AzureDiskVolumeSource_To_v1_AzureDiskVolumeSource is an autogenerated conversion function. -func Convert_core_AzureDiskVolumeSource_To_v1_AzureDiskVolumeSource(in *core.AzureDiskVolumeSource, out *v1.AzureDiskVolumeSource, s conversion.Scope) error { - return autoConvert_core_AzureDiskVolumeSource_To_v1_AzureDiskVolumeSource(in, out, s) -} - -func autoConvert_v1_AzureFilePersistentVolumeSource_To_core_AzureFilePersistentVolumeSource(in *v1.AzureFilePersistentVolumeSource, out *core.AzureFilePersistentVolumeSource, s conversion.Scope) error { - out.SecretName = in.SecretName - out.ShareName = in.ShareName - out.ReadOnly = in.ReadOnly - out.SecretNamespace = (*string)(unsafe.Pointer(in.SecretNamespace)) - return nil -} - -// Convert_v1_AzureFilePersistentVolumeSource_To_core_AzureFilePersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_AzureFilePersistentVolumeSource_To_core_AzureFilePersistentVolumeSource(in *v1.AzureFilePersistentVolumeSource, out *core.AzureFilePersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_AzureFilePersistentVolumeSource_To_core_AzureFilePersistentVolumeSource(in, out, s) -} - -func autoConvert_core_AzureFilePersistentVolumeSource_To_v1_AzureFilePersistentVolumeSource(in *core.AzureFilePersistentVolumeSource, out *v1.AzureFilePersistentVolumeSource, s conversion.Scope) error { - out.SecretName = in.SecretName - out.ShareName = in.ShareName - out.ReadOnly = in.ReadOnly - out.SecretNamespace = (*string)(unsafe.Pointer(in.SecretNamespace)) - return nil -} - -// Convert_core_AzureFilePersistentVolumeSource_To_v1_AzureFilePersistentVolumeSource is an autogenerated conversion function. -func Convert_core_AzureFilePersistentVolumeSource_To_v1_AzureFilePersistentVolumeSource(in *core.AzureFilePersistentVolumeSource, out *v1.AzureFilePersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_AzureFilePersistentVolumeSource_To_v1_AzureFilePersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_AzureFileVolumeSource_To_core_AzureFileVolumeSource(in *v1.AzureFileVolumeSource, out *core.AzureFileVolumeSource, s conversion.Scope) error { - out.SecretName = in.SecretName - out.ShareName = in.ShareName - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_AzureFileVolumeSource_To_core_AzureFileVolumeSource is an autogenerated conversion function. -func Convert_v1_AzureFileVolumeSource_To_core_AzureFileVolumeSource(in *v1.AzureFileVolumeSource, out *core.AzureFileVolumeSource, s conversion.Scope) error { - return autoConvert_v1_AzureFileVolumeSource_To_core_AzureFileVolumeSource(in, out, s) -} - -func autoConvert_core_AzureFileVolumeSource_To_v1_AzureFileVolumeSource(in *core.AzureFileVolumeSource, out *v1.AzureFileVolumeSource, s conversion.Scope) error { - out.SecretName = in.SecretName - out.ShareName = in.ShareName - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_AzureFileVolumeSource_To_v1_AzureFileVolumeSource is an autogenerated conversion function. -func Convert_core_AzureFileVolumeSource_To_v1_AzureFileVolumeSource(in *core.AzureFileVolumeSource, out *v1.AzureFileVolumeSource, s conversion.Scope) error { - return autoConvert_core_AzureFileVolumeSource_To_v1_AzureFileVolumeSource(in, out, s) -} - -func autoConvert_v1_Binding_To_core_Binding(in *v1.Binding, out *core.Binding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ObjectReference_To_core_ObjectReference(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Binding_To_core_Binding is an autogenerated conversion function. -func Convert_v1_Binding_To_core_Binding(in *v1.Binding, out *core.Binding, s conversion.Scope) error { - return autoConvert_v1_Binding_To_core_Binding(in, out, s) -} - -func autoConvert_core_Binding_To_v1_Binding(in *core.Binding, out *v1.Binding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_ObjectReference_To_v1_ObjectReference(&in.Target, &out.Target, s); err != nil { - return err - } - return nil -} - -// Convert_core_Binding_To_v1_Binding is an autogenerated conversion function. -func Convert_core_Binding_To_v1_Binding(in *core.Binding, out *v1.Binding, s conversion.Scope) error { - return autoConvert_core_Binding_To_v1_Binding(in, out, s) -} - -func autoConvert_v1_CSIPersistentVolumeSource_To_core_CSIPersistentVolumeSource(in *v1.CSIPersistentVolumeSource, out *core.CSIPersistentVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.VolumeHandle = in.VolumeHandle - out.ReadOnly = in.ReadOnly - out.FSType = in.FSType - out.VolumeAttributes = *(*map[string]string)(unsafe.Pointer(&in.VolumeAttributes)) - out.ControllerPublishSecretRef = (*core.SecretReference)(unsafe.Pointer(in.ControllerPublishSecretRef)) - out.NodeStageSecretRef = (*core.SecretReference)(unsafe.Pointer(in.NodeStageSecretRef)) - out.NodePublishSecretRef = (*core.SecretReference)(unsafe.Pointer(in.NodePublishSecretRef)) - out.ControllerExpandSecretRef = (*core.SecretReference)(unsafe.Pointer(in.ControllerExpandSecretRef)) - out.NodeExpandSecretRef = (*core.SecretReference)(unsafe.Pointer(in.NodeExpandSecretRef)) - return nil -} - -// Convert_v1_CSIPersistentVolumeSource_To_core_CSIPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_CSIPersistentVolumeSource_To_core_CSIPersistentVolumeSource(in *v1.CSIPersistentVolumeSource, out *core.CSIPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_CSIPersistentVolumeSource_To_core_CSIPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_CSIPersistentVolumeSource_To_v1_CSIPersistentVolumeSource(in *core.CSIPersistentVolumeSource, out *v1.CSIPersistentVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.VolumeHandle = in.VolumeHandle - out.ReadOnly = in.ReadOnly - out.FSType = in.FSType - out.VolumeAttributes = *(*map[string]string)(unsafe.Pointer(&in.VolumeAttributes)) - out.ControllerPublishSecretRef = (*v1.SecretReference)(unsafe.Pointer(in.ControllerPublishSecretRef)) - out.NodeStageSecretRef = (*v1.SecretReference)(unsafe.Pointer(in.NodeStageSecretRef)) - out.NodePublishSecretRef = (*v1.SecretReference)(unsafe.Pointer(in.NodePublishSecretRef)) - out.ControllerExpandSecretRef = (*v1.SecretReference)(unsafe.Pointer(in.ControllerExpandSecretRef)) - out.NodeExpandSecretRef = (*v1.SecretReference)(unsafe.Pointer(in.NodeExpandSecretRef)) - return nil -} - -// Convert_core_CSIPersistentVolumeSource_To_v1_CSIPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_CSIPersistentVolumeSource_To_v1_CSIPersistentVolumeSource(in *core.CSIPersistentVolumeSource, out *v1.CSIPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_CSIPersistentVolumeSource_To_v1_CSIPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_CSIVolumeSource_To_core_CSIVolumeSource(in *v1.CSIVolumeSource, out *core.CSIVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.ReadOnly = (*bool)(unsafe.Pointer(in.ReadOnly)) - out.FSType = (*string)(unsafe.Pointer(in.FSType)) - out.VolumeAttributes = *(*map[string]string)(unsafe.Pointer(&in.VolumeAttributes)) - out.NodePublishSecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.NodePublishSecretRef)) - return nil -} - -// Convert_v1_CSIVolumeSource_To_core_CSIVolumeSource is an autogenerated conversion function. -func Convert_v1_CSIVolumeSource_To_core_CSIVolumeSource(in *v1.CSIVolumeSource, out *core.CSIVolumeSource, s conversion.Scope) error { - return autoConvert_v1_CSIVolumeSource_To_core_CSIVolumeSource(in, out, s) -} - -func autoConvert_core_CSIVolumeSource_To_v1_CSIVolumeSource(in *core.CSIVolumeSource, out *v1.CSIVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.ReadOnly = (*bool)(unsafe.Pointer(in.ReadOnly)) - out.FSType = (*string)(unsafe.Pointer(in.FSType)) - out.VolumeAttributes = *(*map[string]string)(unsafe.Pointer(&in.VolumeAttributes)) - out.NodePublishSecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.NodePublishSecretRef)) - return nil -} - -// Convert_core_CSIVolumeSource_To_v1_CSIVolumeSource is an autogenerated conversion function. -func Convert_core_CSIVolumeSource_To_v1_CSIVolumeSource(in *core.CSIVolumeSource, out *v1.CSIVolumeSource, s conversion.Scope) error { - return autoConvert_core_CSIVolumeSource_To_v1_CSIVolumeSource(in, out, s) -} - -func autoConvert_v1_Capabilities_To_core_Capabilities(in *v1.Capabilities, out *core.Capabilities, s conversion.Scope) error { - out.Add = *(*[]core.Capability)(unsafe.Pointer(&in.Add)) - out.Drop = *(*[]core.Capability)(unsafe.Pointer(&in.Drop)) - return nil -} - -// Convert_v1_Capabilities_To_core_Capabilities is an autogenerated conversion function. -func Convert_v1_Capabilities_To_core_Capabilities(in *v1.Capabilities, out *core.Capabilities, s conversion.Scope) error { - return autoConvert_v1_Capabilities_To_core_Capabilities(in, out, s) -} - -func autoConvert_core_Capabilities_To_v1_Capabilities(in *core.Capabilities, out *v1.Capabilities, s conversion.Scope) error { - out.Add = *(*[]v1.Capability)(unsafe.Pointer(&in.Add)) - out.Drop = *(*[]v1.Capability)(unsafe.Pointer(&in.Drop)) - return nil -} - -// Convert_core_Capabilities_To_v1_Capabilities is an autogenerated conversion function. -func Convert_core_Capabilities_To_v1_Capabilities(in *core.Capabilities, out *v1.Capabilities, s conversion.Scope) error { - return autoConvert_core_Capabilities_To_v1_Capabilities(in, out, s) -} - -func autoConvert_v1_CephFSPersistentVolumeSource_To_core_CephFSPersistentVolumeSource(in *v1.CephFSPersistentVolumeSource, out *core.CephFSPersistentVolumeSource, s conversion.Scope) error { - out.Monitors = *(*[]string)(unsafe.Pointer(&in.Monitors)) - out.Path = in.Path - out.User = in.User - out.SecretFile = in.SecretFile - out.SecretRef = (*core.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_CephFSPersistentVolumeSource_To_core_CephFSPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_CephFSPersistentVolumeSource_To_core_CephFSPersistentVolumeSource(in *v1.CephFSPersistentVolumeSource, out *core.CephFSPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_CephFSPersistentVolumeSource_To_core_CephFSPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_CephFSPersistentVolumeSource_To_v1_CephFSPersistentVolumeSource(in *core.CephFSPersistentVolumeSource, out *v1.CephFSPersistentVolumeSource, s conversion.Scope) error { - out.Monitors = *(*[]string)(unsafe.Pointer(&in.Monitors)) - out.Path = in.Path - out.User = in.User - out.SecretFile = in.SecretFile - out.SecretRef = (*v1.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_CephFSPersistentVolumeSource_To_v1_CephFSPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_CephFSPersistentVolumeSource_To_v1_CephFSPersistentVolumeSource(in *core.CephFSPersistentVolumeSource, out *v1.CephFSPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_CephFSPersistentVolumeSource_To_v1_CephFSPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_CephFSVolumeSource_To_core_CephFSVolumeSource(in *v1.CephFSVolumeSource, out *core.CephFSVolumeSource, s conversion.Scope) error { - out.Monitors = *(*[]string)(unsafe.Pointer(&in.Monitors)) - out.Path = in.Path - out.User = in.User - out.SecretFile = in.SecretFile - out.SecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_CephFSVolumeSource_To_core_CephFSVolumeSource is an autogenerated conversion function. -func Convert_v1_CephFSVolumeSource_To_core_CephFSVolumeSource(in *v1.CephFSVolumeSource, out *core.CephFSVolumeSource, s conversion.Scope) error { - return autoConvert_v1_CephFSVolumeSource_To_core_CephFSVolumeSource(in, out, s) -} - -func autoConvert_core_CephFSVolumeSource_To_v1_CephFSVolumeSource(in *core.CephFSVolumeSource, out *v1.CephFSVolumeSource, s conversion.Scope) error { - out.Monitors = *(*[]string)(unsafe.Pointer(&in.Monitors)) - out.Path = in.Path - out.User = in.User - out.SecretFile = in.SecretFile - out.SecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_CephFSVolumeSource_To_v1_CephFSVolumeSource is an autogenerated conversion function. -func Convert_core_CephFSVolumeSource_To_v1_CephFSVolumeSource(in *core.CephFSVolumeSource, out *v1.CephFSVolumeSource, s conversion.Scope) error { - return autoConvert_core_CephFSVolumeSource_To_v1_CephFSVolumeSource(in, out, s) -} - -func autoConvert_v1_CinderPersistentVolumeSource_To_core_CinderPersistentVolumeSource(in *v1.CinderPersistentVolumeSource, out *core.CinderPersistentVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*core.SecretReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_v1_CinderPersistentVolumeSource_To_core_CinderPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_CinderPersistentVolumeSource_To_core_CinderPersistentVolumeSource(in *v1.CinderPersistentVolumeSource, out *core.CinderPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_CinderPersistentVolumeSource_To_core_CinderPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_CinderPersistentVolumeSource_To_v1_CinderPersistentVolumeSource(in *core.CinderPersistentVolumeSource, out *v1.CinderPersistentVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*v1.SecretReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_core_CinderPersistentVolumeSource_To_v1_CinderPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_CinderPersistentVolumeSource_To_v1_CinderPersistentVolumeSource(in *core.CinderPersistentVolumeSource, out *v1.CinderPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_CinderPersistentVolumeSource_To_v1_CinderPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_CinderVolumeSource_To_core_CinderVolumeSource(in *v1.CinderVolumeSource, out *core.CinderVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_v1_CinderVolumeSource_To_core_CinderVolumeSource is an autogenerated conversion function. -func Convert_v1_CinderVolumeSource_To_core_CinderVolumeSource(in *v1.CinderVolumeSource, out *core.CinderVolumeSource, s conversion.Scope) error { - return autoConvert_v1_CinderVolumeSource_To_core_CinderVolumeSource(in, out, s) -} - -func autoConvert_core_CinderVolumeSource_To_v1_CinderVolumeSource(in *core.CinderVolumeSource, out *v1.CinderVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_core_CinderVolumeSource_To_v1_CinderVolumeSource is an autogenerated conversion function. -func Convert_core_CinderVolumeSource_To_v1_CinderVolumeSource(in *core.CinderVolumeSource, out *v1.CinderVolumeSource, s conversion.Scope) error { - return autoConvert_core_CinderVolumeSource_To_v1_CinderVolumeSource(in, out, s) -} - -func autoConvert_v1_ClaimSource_To_core_ClaimSource(in *v1.ClaimSource, out *core.ClaimSource, s conversion.Scope) error { - out.ResourceClaimName = (*string)(unsafe.Pointer(in.ResourceClaimName)) - out.ResourceClaimTemplateName = (*string)(unsafe.Pointer(in.ResourceClaimTemplateName)) - return nil -} - -// Convert_v1_ClaimSource_To_core_ClaimSource is an autogenerated conversion function. -func Convert_v1_ClaimSource_To_core_ClaimSource(in *v1.ClaimSource, out *core.ClaimSource, s conversion.Scope) error { - return autoConvert_v1_ClaimSource_To_core_ClaimSource(in, out, s) -} - -func autoConvert_core_ClaimSource_To_v1_ClaimSource(in *core.ClaimSource, out *v1.ClaimSource, s conversion.Scope) error { - out.ResourceClaimName = (*string)(unsafe.Pointer(in.ResourceClaimName)) - out.ResourceClaimTemplateName = (*string)(unsafe.Pointer(in.ResourceClaimTemplateName)) - return nil -} - -// Convert_core_ClaimSource_To_v1_ClaimSource is an autogenerated conversion function. -func Convert_core_ClaimSource_To_v1_ClaimSource(in *core.ClaimSource, out *v1.ClaimSource, s conversion.Scope) error { - return autoConvert_core_ClaimSource_To_v1_ClaimSource(in, out, s) -} - -func autoConvert_v1_ClientIPConfig_To_core_ClientIPConfig(in *v1.ClientIPConfig, out *core.ClientIPConfig, s conversion.Scope) error { - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - return nil -} - -// Convert_v1_ClientIPConfig_To_core_ClientIPConfig is an autogenerated conversion function. -func Convert_v1_ClientIPConfig_To_core_ClientIPConfig(in *v1.ClientIPConfig, out *core.ClientIPConfig, s conversion.Scope) error { - return autoConvert_v1_ClientIPConfig_To_core_ClientIPConfig(in, out, s) -} - -func autoConvert_core_ClientIPConfig_To_v1_ClientIPConfig(in *core.ClientIPConfig, out *v1.ClientIPConfig, s conversion.Scope) error { - out.TimeoutSeconds = (*int32)(unsafe.Pointer(in.TimeoutSeconds)) - return nil -} - -// Convert_core_ClientIPConfig_To_v1_ClientIPConfig is an autogenerated conversion function. -func Convert_core_ClientIPConfig_To_v1_ClientIPConfig(in *core.ClientIPConfig, out *v1.ClientIPConfig, s conversion.Scope) error { - return autoConvert_core_ClientIPConfig_To_v1_ClientIPConfig(in, out, s) -} - -func autoConvert_v1_ComponentCondition_To_core_ComponentCondition(in *v1.ComponentCondition, out *core.ComponentCondition, s conversion.Scope) error { - out.Type = core.ComponentConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.Message = in.Message - out.Error = in.Error - return nil -} - -// Convert_v1_ComponentCondition_To_core_ComponentCondition is an autogenerated conversion function. -func Convert_v1_ComponentCondition_To_core_ComponentCondition(in *v1.ComponentCondition, out *core.ComponentCondition, s conversion.Scope) error { - return autoConvert_v1_ComponentCondition_To_core_ComponentCondition(in, out, s) -} - -func autoConvert_core_ComponentCondition_To_v1_ComponentCondition(in *core.ComponentCondition, out *v1.ComponentCondition, s conversion.Scope) error { - out.Type = v1.ComponentConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.Message = in.Message - out.Error = in.Error - return nil -} - -// Convert_core_ComponentCondition_To_v1_ComponentCondition is an autogenerated conversion function. -func Convert_core_ComponentCondition_To_v1_ComponentCondition(in *core.ComponentCondition, out *v1.ComponentCondition, s conversion.Scope) error { - return autoConvert_core_ComponentCondition_To_v1_ComponentCondition(in, out, s) -} - -func autoConvert_v1_ComponentStatus_To_core_ComponentStatus(in *v1.ComponentStatus, out *core.ComponentStatus, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Conditions = *(*[]core.ComponentCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_ComponentStatus_To_core_ComponentStatus is an autogenerated conversion function. -func Convert_v1_ComponentStatus_To_core_ComponentStatus(in *v1.ComponentStatus, out *core.ComponentStatus, s conversion.Scope) error { - return autoConvert_v1_ComponentStatus_To_core_ComponentStatus(in, out, s) -} - -func autoConvert_core_ComponentStatus_To_v1_ComponentStatus(in *core.ComponentStatus, out *v1.ComponentStatus, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Conditions = *(*[]v1.ComponentCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_core_ComponentStatus_To_v1_ComponentStatus is an autogenerated conversion function. -func Convert_core_ComponentStatus_To_v1_ComponentStatus(in *core.ComponentStatus, out *v1.ComponentStatus, s conversion.Scope) error { - return autoConvert_core_ComponentStatus_To_v1_ComponentStatus(in, out, s) -} - -func autoConvert_v1_ComponentStatusList_To_core_ComponentStatusList(in *v1.ComponentStatusList, out *core.ComponentStatusList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.ComponentStatus)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_ComponentStatusList_To_core_ComponentStatusList is an autogenerated conversion function. -func Convert_v1_ComponentStatusList_To_core_ComponentStatusList(in *v1.ComponentStatusList, out *core.ComponentStatusList, s conversion.Scope) error { - return autoConvert_v1_ComponentStatusList_To_core_ComponentStatusList(in, out, s) -} - -func autoConvert_core_ComponentStatusList_To_v1_ComponentStatusList(in *core.ComponentStatusList, out *v1.ComponentStatusList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.ComponentStatus)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_ComponentStatusList_To_v1_ComponentStatusList is an autogenerated conversion function. -func Convert_core_ComponentStatusList_To_v1_ComponentStatusList(in *core.ComponentStatusList, out *v1.ComponentStatusList, s conversion.Scope) error { - return autoConvert_core_ComponentStatusList_To_v1_ComponentStatusList(in, out, s) -} - -func autoConvert_v1_ConfigMap_To_core_ConfigMap(in *v1.ConfigMap, out *core.ConfigMap, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Immutable = (*bool)(unsafe.Pointer(in.Immutable)) - out.Data = *(*map[string]string)(unsafe.Pointer(&in.Data)) - out.BinaryData = *(*map[string][]byte)(unsafe.Pointer(&in.BinaryData)) - return nil -} - -// Convert_v1_ConfigMap_To_core_ConfigMap is an autogenerated conversion function. -func Convert_v1_ConfigMap_To_core_ConfigMap(in *v1.ConfigMap, out *core.ConfigMap, s conversion.Scope) error { - return autoConvert_v1_ConfigMap_To_core_ConfigMap(in, out, s) -} - -func autoConvert_core_ConfigMap_To_v1_ConfigMap(in *core.ConfigMap, out *v1.ConfigMap, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Immutable = (*bool)(unsafe.Pointer(in.Immutable)) - out.Data = *(*map[string]string)(unsafe.Pointer(&in.Data)) - out.BinaryData = *(*map[string][]byte)(unsafe.Pointer(&in.BinaryData)) - return nil -} - -// Convert_core_ConfigMap_To_v1_ConfigMap is an autogenerated conversion function. -func Convert_core_ConfigMap_To_v1_ConfigMap(in *core.ConfigMap, out *v1.ConfigMap, s conversion.Scope) error { - return autoConvert_core_ConfigMap_To_v1_ConfigMap(in, out, s) -} - -func autoConvert_v1_ConfigMapEnvSource_To_core_ConfigMapEnvSource(in *v1.ConfigMapEnvSource, out *core.ConfigMapEnvSource, s conversion.Scope) error { - if err := Convert_v1_LocalObjectReference_To_core_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_ConfigMapEnvSource_To_core_ConfigMapEnvSource is an autogenerated conversion function. -func Convert_v1_ConfigMapEnvSource_To_core_ConfigMapEnvSource(in *v1.ConfigMapEnvSource, out *core.ConfigMapEnvSource, s conversion.Scope) error { - return autoConvert_v1_ConfigMapEnvSource_To_core_ConfigMapEnvSource(in, out, s) -} - -func autoConvert_core_ConfigMapEnvSource_To_v1_ConfigMapEnvSource(in *core.ConfigMapEnvSource, out *v1.ConfigMapEnvSource, s conversion.Scope) error { - if err := Convert_core_LocalObjectReference_To_v1_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_ConfigMapEnvSource_To_v1_ConfigMapEnvSource is an autogenerated conversion function. -func Convert_core_ConfigMapEnvSource_To_v1_ConfigMapEnvSource(in *core.ConfigMapEnvSource, out *v1.ConfigMapEnvSource, s conversion.Scope) error { - return autoConvert_core_ConfigMapEnvSource_To_v1_ConfigMapEnvSource(in, out, s) -} - -func autoConvert_v1_ConfigMapKeySelector_To_core_ConfigMapKeySelector(in *v1.ConfigMapKeySelector, out *core.ConfigMapKeySelector, s conversion.Scope) error { - if err := Convert_v1_LocalObjectReference_To_core_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Key = in.Key - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_ConfigMapKeySelector_To_core_ConfigMapKeySelector is an autogenerated conversion function. -func Convert_v1_ConfigMapKeySelector_To_core_ConfigMapKeySelector(in *v1.ConfigMapKeySelector, out *core.ConfigMapKeySelector, s conversion.Scope) error { - return autoConvert_v1_ConfigMapKeySelector_To_core_ConfigMapKeySelector(in, out, s) -} - -func autoConvert_core_ConfigMapKeySelector_To_v1_ConfigMapKeySelector(in *core.ConfigMapKeySelector, out *v1.ConfigMapKeySelector, s conversion.Scope) error { - if err := Convert_core_LocalObjectReference_To_v1_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Key = in.Key - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_ConfigMapKeySelector_To_v1_ConfigMapKeySelector is an autogenerated conversion function. -func Convert_core_ConfigMapKeySelector_To_v1_ConfigMapKeySelector(in *core.ConfigMapKeySelector, out *v1.ConfigMapKeySelector, s conversion.Scope) error { - return autoConvert_core_ConfigMapKeySelector_To_v1_ConfigMapKeySelector(in, out, s) -} - -func autoConvert_v1_ConfigMapList_To_core_ConfigMapList(in *v1.ConfigMapList, out *core.ConfigMapList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.ConfigMap)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_ConfigMapList_To_core_ConfigMapList is an autogenerated conversion function. -func Convert_v1_ConfigMapList_To_core_ConfigMapList(in *v1.ConfigMapList, out *core.ConfigMapList, s conversion.Scope) error { - return autoConvert_v1_ConfigMapList_To_core_ConfigMapList(in, out, s) -} - -func autoConvert_core_ConfigMapList_To_v1_ConfigMapList(in *core.ConfigMapList, out *v1.ConfigMapList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.ConfigMap)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_ConfigMapList_To_v1_ConfigMapList is an autogenerated conversion function. -func Convert_core_ConfigMapList_To_v1_ConfigMapList(in *core.ConfigMapList, out *v1.ConfigMapList, s conversion.Scope) error { - return autoConvert_core_ConfigMapList_To_v1_ConfigMapList(in, out, s) -} - -func autoConvert_v1_ConfigMapNodeConfigSource_To_core_ConfigMapNodeConfigSource(in *v1.ConfigMapNodeConfigSource, out *core.ConfigMapNodeConfigSource, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - out.UID = types.UID(in.UID) - out.ResourceVersion = in.ResourceVersion - out.KubeletConfigKey = in.KubeletConfigKey - return nil -} - -// Convert_v1_ConfigMapNodeConfigSource_To_core_ConfigMapNodeConfigSource is an autogenerated conversion function. -func Convert_v1_ConfigMapNodeConfigSource_To_core_ConfigMapNodeConfigSource(in *v1.ConfigMapNodeConfigSource, out *core.ConfigMapNodeConfigSource, s conversion.Scope) error { - return autoConvert_v1_ConfigMapNodeConfigSource_To_core_ConfigMapNodeConfigSource(in, out, s) -} - -func autoConvert_core_ConfigMapNodeConfigSource_To_v1_ConfigMapNodeConfigSource(in *core.ConfigMapNodeConfigSource, out *v1.ConfigMapNodeConfigSource, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - out.UID = types.UID(in.UID) - out.ResourceVersion = in.ResourceVersion - out.KubeletConfigKey = in.KubeletConfigKey - return nil -} - -// Convert_core_ConfigMapNodeConfigSource_To_v1_ConfigMapNodeConfigSource is an autogenerated conversion function. -func Convert_core_ConfigMapNodeConfigSource_To_v1_ConfigMapNodeConfigSource(in *core.ConfigMapNodeConfigSource, out *v1.ConfigMapNodeConfigSource, s conversion.Scope) error { - return autoConvert_core_ConfigMapNodeConfigSource_To_v1_ConfigMapNodeConfigSource(in, out, s) -} - -func autoConvert_v1_ConfigMapProjection_To_core_ConfigMapProjection(in *v1.ConfigMapProjection, out *core.ConfigMapProjection, s conversion.Scope) error { - if err := Convert_v1_LocalObjectReference_To_core_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Items = *(*[]core.KeyToPath)(unsafe.Pointer(&in.Items)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_ConfigMapProjection_To_core_ConfigMapProjection is an autogenerated conversion function. -func Convert_v1_ConfigMapProjection_To_core_ConfigMapProjection(in *v1.ConfigMapProjection, out *core.ConfigMapProjection, s conversion.Scope) error { - return autoConvert_v1_ConfigMapProjection_To_core_ConfigMapProjection(in, out, s) -} - -func autoConvert_core_ConfigMapProjection_To_v1_ConfigMapProjection(in *core.ConfigMapProjection, out *v1.ConfigMapProjection, s conversion.Scope) error { - if err := Convert_core_LocalObjectReference_To_v1_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Items = *(*[]v1.KeyToPath)(unsafe.Pointer(&in.Items)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_ConfigMapProjection_To_v1_ConfigMapProjection is an autogenerated conversion function. -func Convert_core_ConfigMapProjection_To_v1_ConfigMapProjection(in *core.ConfigMapProjection, out *v1.ConfigMapProjection, s conversion.Scope) error { - return autoConvert_core_ConfigMapProjection_To_v1_ConfigMapProjection(in, out, s) -} - -func autoConvert_v1_ConfigMapVolumeSource_To_core_ConfigMapVolumeSource(in *v1.ConfigMapVolumeSource, out *core.ConfigMapVolumeSource, s conversion.Scope) error { - if err := Convert_v1_LocalObjectReference_To_core_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Items = *(*[]core.KeyToPath)(unsafe.Pointer(&in.Items)) - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_ConfigMapVolumeSource_To_core_ConfigMapVolumeSource is an autogenerated conversion function. -func Convert_v1_ConfigMapVolumeSource_To_core_ConfigMapVolumeSource(in *v1.ConfigMapVolumeSource, out *core.ConfigMapVolumeSource, s conversion.Scope) error { - return autoConvert_v1_ConfigMapVolumeSource_To_core_ConfigMapVolumeSource(in, out, s) -} - -func autoConvert_core_ConfigMapVolumeSource_To_v1_ConfigMapVolumeSource(in *core.ConfigMapVolumeSource, out *v1.ConfigMapVolumeSource, s conversion.Scope) error { - if err := Convert_core_LocalObjectReference_To_v1_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Items = *(*[]v1.KeyToPath)(unsafe.Pointer(&in.Items)) - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_ConfigMapVolumeSource_To_v1_ConfigMapVolumeSource is an autogenerated conversion function. -func Convert_core_ConfigMapVolumeSource_To_v1_ConfigMapVolumeSource(in *core.ConfigMapVolumeSource, out *v1.ConfigMapVolumeSource, s conversion.Scope) error { - return autoConvert_core_ConfigMapVolumeSource_To_v1_ConfigMapVolumeSource(in, out, s) -} - -func autoConvert_v1_Container_To_core_Container(in *v1.Container, out *core.Container, s conversion.Scope) error { - out.Name = in.Name - out.Image = in.Image - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - out.Args = *(*[]string)(unsafe.Pointer(&in.Args)) - out.WorkingDir = in.WorkingDir - out.Ports = *(*[]core.ContainerPort)(unsafe.Pointer(&in.Ports)) - out.EnvFrom = *(*[]core.EnvFromSource)(unsafe.Pointer(&in.EnvFrom)) - out.Env = *(*[]core.EnvVar)(unsafe.Pointer(&in.Env)) - if err := Convert_v1_ResourceRequirements_To_core_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { - return err - } - out.VolumeMounts = *(*[]core.VolumeMount)(unsafe.Pointer(&in.VolumeMounts)) - out.VolumeDevices = *(*[]core.VolumeDevice)(unsafe.Pointer(&in.VolumeDevices)) - out.LivenessProbe = (*core.Probe)(unsafe.Pointer(in.LivenessProbe)) - out.ReadinessProbe = (*core.Probe)(unsafe.Pointer(in.ReadinessProbe)) - out.StartupProbe = (*core.Probe)(unsafe.Pointer(in.StartupProbe)) - out.Lifecycle = (*core.Lifecycle)(unsafe.Pointer(in.Lifecycle)) - out.TerminationMessagePath = in.TerminationMessagePath - out.TerminationMessagePolicy = core.TerminationMessagePolicy(in.TerminationMessagePolicy) - out.ImagePullPolicy = core.PullPolicy(in.ImagePullPolicy) - out.SecurityContext = (*core.SecurityContext)(unsafe.Pointer(in.SecurityContext)) - out.Stdin = in.Stdin - out.StdinOnce = in.StdinOnce - out.TTY = in.TTY - return nil -} - -// Convert_v1_Container_To_core_Container is an autogenerated conversion function. -func Convert_v1_Container_To_core_Container(in *v1.Container, out *core.Container, s conversion.Scope) error { - return autoConvert_v1_Container_To_core_Container(in, out, s) -} - -func autoConvert_core_Container_To_v1_Container(in *core.Container, out *v1.Container, s conversion.Scope) error { - out.Name = in.Name - out.Image = in.Image - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - out.Args = *(*[]string)(unsafe.Pointer(&in.Args)) - out.WorkingDir = in.WorkingDir - out.Ports = *(*[]v1.ContainerPort)(unsafe.Pointer(&in.Ports)) - out.EnvFrom = *(*[]v1.EnvFromSource)(unsafe.Pointer(&in.EnvFrom)) - out.Env = *(*[]v1.EnvVar)(unsafe.Pointer(&in.Env)) - if err := Convert_core_ResourceRequirements_To_v1_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { - return err - } - out.VolumeMounts = *(*[]v1.VolumeMount)(unsafe.Pointer(&in.VolumeMounts)) - out.VolumeDevices = *(*[]v1.VolumeDevice)(unsafe.Pointer(&in.VolumeDevices)) - out.LivenessProbe = (*v1.Probe)(unsafe.Pointer(in.LivenessProbe)) - out.ReadinessProbe = (*v1.Probe)(unsafe.Pointer(in.ReadinessProbe)) - out.StartupProbe = (*v1.Probe)(unsafe.Pointer(in.StartupProbe)) - out.Lifecycle = (*v1.Lifecycle)(unsafe.Pointer(in.Lifecycle)) - out.TerminationMessagePath = in.TerminationMessagePath - out.TerminationMessagePolicy = v1.TerminationMessagePolicy(in.TerminationMessagePolicy) - out.ImagePullPolicy = v1.PullPolicy(in.ImagePullPolicy) - out.SecurityContext = (*v1.SecurityContext)(unsafe.Pointer(in.SecurityContext)) - out.Stdin = in.Stdin - out.StdinOnce = in.StdinOnce - out.TTY = in.TTY - return nil -} - -// Convert_core_Container_To_v1_Container is an autogenerated conversion function. -func Convert_core_Container_To_v1_Container(in *core.Container, out *v1.Container, s conversion.Scope) error { - return autoConvert_core_Container_To_v1_Container(in, out, s) -} - -func autoConvert_v1_ContainerImage_To_core_ContainerImage(in *v1.ContainerImage, out *core.ContainerImage, s conversion.Scope) error { - out.Names = *(*[]string)(unsafe.Pointer(&in.Names)) - out.SizeBytes = in.SizeBytes - return nil -} - -// Convert_v1_ContainerImage_To_core_ContainerImage is an autogenerated conversion function. -func Convert_v1_ContainerImage_To_core_ContainerImage(in *v1.ContainerImage, out *core.ContainerImage, s conversion.Scope) error { - return autoConvert_v1_ContainerImage_To_core_ContainerImage(in, out, s) -} - -func autoConvert_core_ContainerImage_To_v1_ContainerImage(in *core.ContainerImage, out *v1.ContainerImage, s conversion.Scope) error { - out.Names = *(*[]string)(unsafe.Pointer(&in.Names)) - out.SizeBytes = in.SizeBytes - return nil -} - -// Convert_core_ContainerImage_To_v1_ContainerImage is an autogenerated conversion function. -func Convert_core_ContainerImage_To_v1_ContainerImage(in *core.ContainerImage, out *v1.ContainerImage, s conversion.Scope) error { - return autoConvert_core_ContainerImage_To_v1_ContainerImage(in, out, s) -} - -func autoConvert_v1_ContainerPort_To_core_ContainerPort(in *v1.ContainerPort, out *core.ContainerPort, s conversion.Scope) error { - out.Name = in.Name - out.HostPort = in.HostPort - out.ContainerPort = in.ContainerPort - out.Protocol = core.Protocol(in.Protocol) - out.HostIP = in.HostIP - return nil -} - -// Convert_v1_ContainerPort_To_core_ContainerPort is an autogenerated conversion function. -func Convert_v1_ContainerPort_To_core_ContainerPort(in *v1.ContainerPort, out *core.ContainerPort, s conversion.Scope) error { - return autoConvert_v1_ContainerPort_To_core_ContainerPort(in, out, s) -} - -func autoConvert_core_ContainerPort_To_v1_ContainerPort(in *core.ContainerPort, out *v1.ContainerPort, s conversion.Scope) error { - out.Name = in.Name - out.HostPort = in.HostPort - out.ContainerPort = in.ContainerPort - out.Protocol = v1.Protocol(in.Protocol) - out.HostIP = in.HostIP - return nil -} - -// Convert_core_ContainerPort_To_v1_ContainerPort is an autogenerated conversion function. -func Convert_core_ContainerPort_To_v1_ContainerPort(in *core.ContainerPort, out *v1.ContainerPort, s conversion.Scope) error { - return autoConvert_core_ContainerPort_To_v1_ContainerPort(in, out, s) -} - -func autoConvert_v1_ContainerState_To_core_ContainerState(in *v1.ContainerState, out *core.ContainerState, s conversion.Scope) error { - out.Waiting = (*core.ContainerStateWaiting)(unsafe.Pointer(in.Waiting)) - out.Running = (*core.ContainerStateRunning)(unsafe.Pointer(in.Running)) - out.Terminated = (*core.ContainerStateTerminated)(unsafe.Pointer(in.Terminated)) - return nil -} - -// Convert_v1_ContainerState_To_core_ContainerState is an autogenerated conversion function. -func Convert_v1_ContainerState_To_core_ContainerState(in *v1.ContainerState, out *core.ContainerState, s conversion.Scope) error { - return autoConvert_v1_ContainerState_To_core_ContainerState(in, out, s) -} - -func autoConvert_core_ContainerState_To_v1_ContainerState(in *core.ContainerState, out *v1.ContainerState, s conversion.Scope) error { - out.Waiting = (*v1.ContainerStateWaiting)(unsafe.Pointer(in.Waiting)) - out.Running = (*v1.ContainerStateRunning)(unsafe.Pointer(in.Running)) - out.Terminated = (*v1.ContainerStateTerminated)(unsafe.Pointer(in.Terminated)) - return nil -} - -// Convert_core_ContainerState_To_v1_ContainerState is an autogenerated conversion function. -func Convert_core_ContainerState_To_v1_ContainerState(in *core.ContainerState, out *v1.ContainerState, s conversion.Scope) error { - return autoConvert_core_ContainerState_To_v1_ContainerState(in, out, s) -} - -func autoConvert_v1_ContainerStateRunning_To_core_ContainerStateRunning(in *v1.ContainerStateRunning, out *core.ContainerStateRunning, s conversion.Scope) error { - out.StartedAt = in.StartedAt - return nil -} - -// Convert_v1_ContainerStateRunning_To_core_ContainerStateRunning is an autogenerated conversion function. -func Convert_v1_ContainerStateRunning_To_core_ContainerStateRunning(in *v1.ContainerStateRunning, out *core.ContainerStateRunning, s conversion.Scope) error { - return autoConvert_v1_ContainerStateRunning_To_core_ContainerStateRunning(in, out, s) -} - -func autoConvert_core_ContainerStateRunning_To_v1_ContainerStateRunning(in *core.ContainerStateRunning, out *v1.ContainerStateRunning, s conversion.Scope) error { - out.StartedAt = in.StartedAt - return nil -} - -// Convert_core_ContainerStateRunning_To_v1_ContainerStateRunning is an autogenerated conversion function. -func Convert_core_ContainerStateRunning_To_v1_ContainerStateRunning(in *core.ContainerStateRunning, out *v1.ContainerStateRunning, s conversion.Scope) error { - return autoConvert_core_ContainerStateRunning_To_v1_ContainerStateRunning(in, out, s) -} - -func autoConvert_v1_ContainerStateTerminated_To_core_ContainerStateTerminated(in *v1.ContainerStateTerminated, out *core.ContainerStateTerminated, s conversion.Scope) error { - out.ExitCode = in.ExitCode - out.Signal = in.Signal - out.Reason = in.Reason - out.Message = in.Message - out.StartedAt = in.StartedAt - out.FinishedAt = in.FinishedAt - out.ContainerID = in.ContainerID - return nil -} - -// Convert_v1_ContainerStateTerminated_To_core_ContainerStateTerminated is an autogenerated conversion function. -func Convert_v1_ContainerStateTerminated_To_core_ContainerStateTerminated(in *v1.ContainerStateTerminated, out *core.ContainerStateTerminated, s conversion.Scope) error { - return autoConvert_v1_ContainerStateTerminated_To_core_ContainerStateTerminated(in, out, s) -} - -func autoConvert_core_ContainerStateTerminated_To_v1_ContainerStateTerminated(in *core.ContainerStateTerminated, out *v1.ContainerStateTerminated, s conversion.Scope) error { - out.ExitCode = in.ExitCode - out.Signal = in.Signal - out.Reason = in.Reason - out.Message = in.Message - out.StartedAt = in.StartedAt - out.FinishedAt = in.FinishedAt - out.ContainerID = in.ContainerID - return nil -} - -// Convert_core_ContainerStateTerminated_To_v1_ContainerStateTerminated is an autogenerated conversion function. -func Convert_core_ContainerStateTerminated_To_v1_ContainerStateTerminated(in *core.ContainerStateTerminated, out *v1.ContainerStateTerminated, s conversion.Scope) error { - return autoConvert_core_ContainerStateTerminated_To_v1_ContainerStateTerminated(in, out, s) -} - -func autoConvert_v1_ContainerStateWaiting_To_core_ContainerStateWaiting(in *v1.ContainerStateWaiting, out *core.ContainerStateWaiting, s conversion.Scope) error { - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_ContainerStateWaiting_To_core_ContainerStateWaiting is an autogenerated conversion function. -func Convert_v1_ContainerStateWaiting_To_core_ContainerStateWaiting(in *v1.ContainerStateWaiting, out *core.ContainerStateWaiting, s conversion.Scope) error { - return autoConvert_v1_ContainerStateWaiting_To_core_ContainerStateWaiting(in, out, s) -} - -func autoConvert_core_ContainerStateWaiting_To_v1_ContainerStateWaiting(in *core.ContainerStateWaiting, out *v1.ContainerStateWaiting, s conversion.Scope) error { - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_core_ContainerStateWaiting_To_v1_ContainerStateWaiting is an autogenerated conversion function. -func Convert_core_ContainerStateWaiting_To_v1_ContainerStateWaiting(in *core.ContainerStateWaiting, out *v1.ContainerStateWaiting, s conversion.Scope) error { - return autoConvert_core_ContainerStateWaiting_To_v1_ContainerStateWaiting(in, out, s) -} - -func autoConvert_v1_ContainerStatus_To_core_ContainerStatus(in *v1.ContainerStatus, out *core.ContainerStatus, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1_ContainerState_To_core_ContainerState(&in.State, &out.State, s); err != nil { - return err - } - if err := Convert_v1_ContainerState_To_core_ContainerState(&in.LastTerminationState, &out.LastTerminationState, s); err != nil { - return err - } - out.Ready = in.Ready - out.RestartCount = in.RestartCount - out.Image = in.Image - out.ImageID = in.ImageID - out.ContainerID = in.ContainerID - out.Started = (*bool)(unsafe.Pointer(in.Started)) - return nil -} - -// Convert_v1_ContainerStatus_To_core_ContainerStatus is an autogenerated conversion function. -func Convert_v1_ContainerStatus_To_core_ContainerStatus(in *v1.ContainerStatus, out *core.ContainerStatus, s conversion.Scope) error { - return autoConvert_v1_ContainerStatus_To_core_ContainerStatus(in, out, s) -} - -func autoConvert_core_ContainerStatus_To_v1_ContainerStatus(in *core.ContainerStatus, out *v1.ContainerStatus, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_core_ContainerState_To_v1_ContainerState(&in.State, &out.State, s); err != nil { - return err - } - if err := Convert_core_ContainerState_To_v1_ContainerState(&in.LastTerminationState, &out.LastTerminationState, s); err != nil { - return err - } - out.Ready = in.Ready - out.RestartCount = in.RestartCount - out.Image = in.Image - out.ImageID = in.ImageID - out.ContainerID = in.ContainerID - out.Started = (*bool)(unsafe.Pointer(in.Started)) - return nil -} - -// Convert_core_ContainerStatus_To_v1_ContainerStatus is an autogenerated conversion function. -func Convert_core_ContainerStatus_To_v1_ContainerStatus(in *core.ContainerStatus, out *v1.ContainerStatus, s conversion.Scope) error { - return autoConvert_core_ContainerStatus_To_v1_ContainerStatus(in, out, s) -} - -func autoConvert_v1_DaemonEndpoint_To_core_DaemonEndpoint(in *v1.DaemonEndpoint, out *core.DaemonEndpoint, s conversion.Scope) error { - out.Port = in.Port - return nil -} - -// Convert_v1_DaemonEndpoint_To_core_DaemonEndpoint is an autogenerated conversion function. -func Convert_v1_DaemonEndpoint_To_core_DaemonEndpoint(in *v1.DaemonEndpoint, out *core.DaemonEndpoint, s conversion.Scope) error { - return autoConvert_v1_DaemonEndpoint_To_core_DaemonEndpoint(in, out, s) -} - -func autoConvert_core_DaemonEndpoint_To_v1_DaemonEndpoint(in *core.DaemonEndpoint, out *v1.DaemonEndpoint, s conversion.Scope) error { - out.Port = in.Port - return nil -} - -// Convert_core_DaemonEndpoint_To_v1_DaemonEndpoint is an autogenerated conversion function. -func Convert_core_DaemonEndpoint_To_v1_DaemonEndpoint(in *core.DaemonEndpoint, out *v1.DaemonEndpoint, s conversion.Scope) error { - return autoConvert_core_DaemonEndpoint_To_v1_DaemonEndpoint(in, out, s) -} - -func autoConvert_v1_DownwardAPIProjection_To_core_DownwardAPIProjection(in *v1.DownwardAPIProjection, out *core.DownwardAPIProjection, s conversion.Scope) error { - out.Items = *(*[]core.DownwardAPIVolumeFile)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_DownwardAPIProjection_To_core_DownwardAPIProjection is an autogenerated conversion function. -func Convert_v1_DownwardAPIProjection_To_core_DownwardAPIProjection(in *v1.DownwardAPIProjection, out *core.DownwardAPIProjection, s conversion.Scope) error { - return autoConvert_v1_DownwardAPIProjection_To_core_DownwardAPIProjection(in, out, s) -} - -func autoConvert_core_DownwardAPIProjection_To_v1_DownwardAPIProjection(in *core.DownwardAPIProjection, out *v1.DownwardAPIProjection, s conversion.Scope) error { - out.Items = *(*[]v1.DownwardAPIVolumeFile)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_DownwardAPIProjection_To_v1_DownwardAPIProjection is an autogenerated conversion function. -func Convert_core_DownwardAPIProjection_To_v1_DownwardAPIProjection(in *core.DownwardAPIProjection, out *v1.DownwardAPIProjection, s conversion.Scope) error { - return autoConvert_core_DownwardAPIProjection_To_v1_DownwardAPIProjection(in, out, s) -} - -func autoConvert_v1_DownwardAPIVolumeFile_To_core_DownwardAPIVolumeFile(in *v1.DownwardAPIVolumeFile, out *core.DownwardAPIVolumeFile, s conversion.Scope) error { - out.Path = in.Path - out.FieldRef = (*core.ObjectFieldSelector)(unsafe.Pointer(in.FieldRef)) - out.ResourceFieldRef = (*core.ResourceFieldSelector)(unsafe.Pointer(in.ResourceFieldRef)) - out.Mode = (*int32)(unsafe.Pointer(in.Mode)) - return nil -} - -// Convert_v1_DownwardAPIVolumeFile_To_core_DownwardAPIVolumeFile is an autogenerated conversion function. -func Convert_v1_DownwardAPIVolumeFile_To_core_DownwardAPIVolumeFile(in *v1.DownwardAPIVolumeFile, out *core.DownwardAPIVolumeFile, s conversion.Scope) error { - return autoConvert_v1_DownwardAPIVolumeFile_To_core_DownwardAPIVolumeFile(in, out, s) -} - -func autoConvert_core_DownwardAPIVolumeFile_To_v1_DownwardAPIVolumeFile(in *core.DownwardAPIVolumeFile, out *v1.DownwardAPIVolumeFile, s conversion.Scope) error { - out.Path = in.Path - out.FieldRef = (*v1.ObjectFieldSelector)(unsafe.Pointer(in.FieldRef)) - out.ResourceFieldRef = (*v1.ResourceFieldSelector)(unsafe.Pointer(in.ResourceFieldRef)) - out.Mode = (*int32)(unsafe.Pointer(in.Mode)) - return nil -} - -// Convert_core_DownwardAPIVolumeFile_To_v1_DownwardAPIVolumeFile is an autogenerated conversion function. -func Convert_core_DownwardAPIVolumeFile_To_v1_DownwardAPIVolumeFile(in *core.DownwardAPIVolumeFile, out *v1.DownwardAPIVolumeFile, s conversion.Scope) error { - return autoConvert_core_DownwardAPIVolumeFile_To_v1_DownwardAPIVolumeFile(in, out, s) -} - -func autoConvert_v1_DownwardAPIVolumeSource_To_core_DownwardAPIVolumeSource(in *v1.DownwardAPIVolumeSource, out *core.DownwardAPIVolumeSource, s conversion.Scope) error { - out.Items = *(*[]core.DownwardAPIVolumeFile)(unsafe.Pointer(&in.Items)) - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - return nil -} - -// Convert_v1_DownwardAPIVolumeSource_To_core_DownwardAPIVolumeSource is an autogenerated conversion function. -func Convert_v1_DownwardAPIVolumeSource_To_core_DownwardAPIVolumeSource(in *v1.DownwardAPIVolumeSource, out *core.DownwardAPIVolumeSource, s conversion.Scope) error { - return autoConvert_v1_DownwardAPIVolumeSource_To_core_DownwardAPIVolumeSource(in, out, s) -} - -func autoConvert_core_DownwardAPIVolumeSource_To_v1_DownwardAPIVolumeSource(in *core.DownwardAPIVolumeSource, out *v1.DownwardAPIVolumeSource, s conversion.Scope) error { - out.Items = *(*[]v1.DownwardAPIVolumeFile)(unsafe.Pointer(&in.Items)) - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - return nil -} - -// Convert_core_DownwardAPIVolumeSource_To_v1_DownwardAPIVolumeSource is an autogenerated conversion function. -func Convert_core_DownwardAPIVolumeSource_To_v1_DownwardAPIVolumeSource(in *core.DownwardAPIVolumeSource, out *v1.DownwardAPIVolumeSource, s conversion.Scope) error { - return autoConvert_core_DownwardAPIVolumeSource_To_v1_DownwardAPIVolumeSource(in, out, s) -} - -func autoConvert_v1_EmptyDirVolumeSource_To_core_EmptyDirVolumeSource(in *v1.EmptyDirVolumeSource, out *core.EmptyDirVolumeSource, s conversion.Scope) error { - out.Medium = core.StorageMedium(in.Medium) - out.SizeLimit = (*resource.Quantity)(unsafe.Pointer(in.SizeLimit)) - return nil -} - -// Convert_v1_EmptyDirVolumeSource_To_core_EmptyDirVolumeSource is an autogenerated conversion function. -func Convert_v1_EmptyDirVolumeSource_To_core_EmptyDirVolumeSource(in *v1.EmptyDirVolumeSource, out *core.EmptyDirVolumeSource, s conversion.Scope) error { - return autoConvert_v1_EmptyDirVolumeSource_To_core_EmptyDirVolumeSource(in, out, s) -} - -func autoConvert_core_EmptyDirVolumeSource_To_v1_EmptyDirVolumeSource(in *core.EmptyDirVolumeSource, out *v1.EmptyDirVolumeSource, s conversion.Scope) error { - out.Medium = v1.StorageMedium(in.Medium) - out.SizeLimit = (*resource.Quantity)(unsafe.Pointer(in.SizeLimit)) - return nil -} - -// Convert_core_EmptyDirVolumeSource_To_v1_EmptyDirVolumeSource is an autogenerated conversion function. -func Convert_core_EmptyDirVolumeSource_To_v1_EmptyDirVolumeSource(in *core.EmptyDirVolumeSource, out *v1.EmptyDirVolumeSource, s conversion.Scope) error { - return autoConvert_core_EmptyDirVolumeSource_To_v1_EmptyDirVolumeSource(in, out, s) -} - -func autoConvert_v1_EndpointAddress_To_core_EndpointAddress(in *v1.EndpointAddress, out *core.EndpointAddress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.NodeName = (*string)(unsafe.Pointer(in.NodeName)) - out.TargetRef = (*core.ObjectReference)(unsafe.Pointer(in.TargetRef)) - return nil -} - -// Convert_v1_EndpointAddress_To_core_EndpointAddress is an autogenerated conversion function. -func Convert_v1_EndpointAddress_To_core_EndpointAddress(in *v1.EndpointAddress, out *core.EndpointAddress, s conversion.Scope) error { - return autoConvert_v1_EndpointAddress_To_core_EndpointAddress(in, out, s) -} - -func autoConvert_core_EndpointAddress_To_v1_EndpointAddress(in *core.EndpointAddress, out *v1.EndpointAddress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.NodeName = (*string)(unsafe.Pointer(in.NodeName)) - out.TargetRef = (*v1.ObjectReference)(unsafe.Pointer(in.TargetRef)) - return nil -} - -// Convert_core_EndpointAddress_To_v1_EndpointAddress is an autogenerated conversion function. -func Convert_core_EndpointAddress_To_v1_EndpointAddress(in *core.EndpointAddress, out *v1.EndpointAddress, s conversion.Scope) error { - return autoConvert_core_EndpointAddress_To_v1_EndpointAddress(in, out, s) -} - -func autoConvert_v1_EndpointPort_To_core_EndpointPort(in *v1.EndpointPort, out *core.EndpointPort, s conversion.Scope) error { - out.Name = in.Name - out.Port = in.Port - out.Protocol = core.Protocol(in.Protocol) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - return nil -} - -// Convert_v1_EndpointPort_To_core_EndpointPort is an autogenerated conversion function. -func Convert_v1_EndpointPort_To_core_EndpointPort(in *v1.EndpointPort, out *core.EndpointPort, s conversion.Scope) error { - return autoConvert_v1_EndpointPort_To_core_EndpointPort(in, out, s) -} - -func autoConvert_core_EndpointPort_To_v1_EndpointPort(in *core.EndpointPort, out *v1.EndpointPort, s conversion.Scope) error { - out.Name = in.Name - out.Port = in.Port - out.Protocol = v1.Protocol(in.Protocol) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - return nil -} - -// Convert_core_EndpointPort_To_v1_EndpointPort is an autogenerated conversion function. -func Convert_core_EndpointPort_To_v1_EndpointPort(in *core.EndpointPort, out *v1.EndpointPort, s conversion.Scope) error { - return autoConvert_core_EndpointPort_To_v1_EndpointPort(in, out, s) -} - -func autoConvert_v1_EndpointSubset_To_core_EndpointSubset(in *v1.EndpointSubset, out *core.EndpointSubset, s conversion.Scope) error { - out.Addresses = *(*[]core.EndpointAddress)(unsafe.Pointer(&in.Addresses)) - out.NotReadyAddresses = *(*[]core.EndpointAddress)(unsafe.Pointer(&in.NotReadyAddresses)) - out.Ports = *(*[]core.EndpointPort)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1_EndpointSubset_To_core_EndpointSubset is an autogenerated conversion function. -func Convert_v1_EndpointSubset_To_core_EndpointSubset(in *v1.EndpointSubset, out *core.EndpointSubset, s conversion.Scope) error { - return autoConvert_v1_EndpointSubset_To_core_EndpointSubset(in, out, s) -} - -func autoConvert_core_EndpointSubset_To_v1_EndpointSubset(in *core.EndpointSubset, out *v1.EndpointSubset, s conversion.Scope) error { - out.Addresses = *(*[]v1.EndpointAddress)(unsafe.Pointer(&in.Addresses)) - out.NotReadyAddresses = *(*[]v1.EndpointAddress)(unsafe.Pointer(&in.NotReadyAddresses)) - out.Ports = *(*[]v1.EndpointPort)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_core_EndpointSubset_To_v1_EndpointSubset is an autogenerated conversion function. -func Convert_core_EndpointSubset_To_v1_EndpointSubset(in *core.EndpointSubset, out *v1.EndpointSubset, s conversion.Scope) error { - return autoConvert_core_EndpointSubset_To_v1_EndpointSubset(in, out, s) -} - -func autoConvert_v1_Endpoints_To_core_Endpoints(in *v1.Endpoints, out *core.Endpoints, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subsets = *(*[]core.EndpointSubset)(unsafe.Pointer(&in.Subsets)) - return nil -} - -// Convert_v1_Endpoints_To_core_Endpoints is an autogenerated conversion function. -func Convert_v1_Endpoints_To_core_Endpoints(in *v1.Endpoints, out *core.Endpoints, s conversion.Scope) error { - return autoConvert_v1_Endpoints_To_core_Endpoints(in, out, s) -} - -func autoConvert_core_Endpoints_To_v1_Endpoints(in *core.Endpoints, out *v1.Endpoints, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subsets = *(*[]v1.EndpointSubset)(unsafe.Pointer(&in.Subsets)) - return nil -} - -// Convert_core_Endpoints_To_v1_Endpoints is an autogenerated conversion function. -func Convert_core_Endpoints_To_v1_Endpoints(in *core.Endpoints, out *v1.Endpoints, s conversion.Scope) error { - return autoConvert_core_Endpoints_To_v1_Endpoints(in, out, s) -} - -func autoConvert_v1_EndpointsList_To_core_EndpointsList(in *v1.EndpointsList, out *core.EndpointsList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.Endpoints)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_EndpointsList_To_core_EndpointsList is an autogenerated conversion function. -func Convert_v1_EndpointsList_To_core_EndpointsList(in *v1.EndpointsList, out *core.EndpointsList, s conversion.Scope) error { - return autoConvert_v1_EndpointsList_To_core_EndpointsList(in, out, s) -} - -func autoConvert_core_EndpointsList_To_v1_EndpointsList(in *core.EndpointsList, out *v1.EndpointsList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.Endpoints)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_EndpointsList_To_v1_EndpointsList is an autogenerated conversion function. -func Convert_core_EndpointsList_To_v1_EndpointsList(in *core.EndpointsList, out *v1.EndpointsList, s conversion.Scope) error { - return autoConvert_core_EndpointsList_To_v1_EndpointsList(in, out, s) -} - -func autoConvert_v1_EnvFromSource_To_core_EnvFromSource(in *v1.EnvFromSource, out *core.EnvFromSource, s conversion.Scope) error { - out.Prefix = in.Prefix - out.ConfigMapRef = (*core.ConfigMapEnvSource)(unsafe.Pointer(in.ConfigMapRef)) - out.SecretRef = (*core.SecretEnvSource)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_v1_EnvFromSource_To_core_EnvFromSource is an autogenerated conversion function. -func Convert_v1_EnvFromSource_To_core_EnvFromSource(in *v1.EnvFromSource, out *core.EnvFromSource, s conversion.Scope) error { - return autoConvert_v1_EnvFromSource_To_core_EnvFromSource(in, out, s) -} - -func autoConvert_core_EnvFromSource_To_v1_EnvFromSource(in *core.EnvFromSource, out *v1.EnvFromSource, s conversion.Scope) error { - out.Prefix = in.Prefix - out.ConfigMapRef = (*v1.ConfigMapEnvSource)(unsafe.Pointer(in.ConfigMapRef)) - out.SecretRef = (*v1.SecretEnvSource)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_core_EnvFromSource_To_v1_EnvFromSource is an autogenerated conversion function. -func Convert_core_EnvFromSource_To_v1_EnvFromSource(in *core.EnvFromSource, out *v1.EnvFromSource, s conversion.Scope) error { - return autoConvert_core_EnvFromSource_To_v1_EnvFromSource(in, out, s) -} - -func autoConvert_v1_EnvVar_To_core_EnvVar(in *v1.EnvVar, out *core.EnvVar, s conversion.Scope) error { - out.Name = in.Name - out.Value = in.Value - out.ValueFrom = (*core.EnvVarSource)(unsafe.Pointer(in.ValueFrom)) - return nil -} - -// Convert_v1_EnvVar_To_core_EnvVar is an autogenerated conversion function. -func Convert_v1_EnvVar_To_core_EnvVar(in *v1.EnvVar, out *core.EnvVar, s conversion.Scope) error { - return autoConvert_v1_EnvVar_To_core_EnvVar(in, out, s) -} - -func autoConvert_core_EnvVar_To_v1_EnvVar(in *core.EnvVar, out *v1.EnvVar, s conversion.Scope) error { - out.Name = in.Name - out.Value = in.Value - out.ValueFrom = (*v1.EnvVarSource)(unsafe.Pointer(in.ValueFrom)) - return nil -} - -// Convert_core_EnvVar_To_v1_EnvVar is an autogenerated conversion function. -func Convert_core_EnvVar_To_v1_EnvVar(in *core.EnvVar, out *v1.EnvVar, s conversion.Scope) error { - return autoConvert_core_EnvVar_To_v1_EnvVar(in, out, s) -} - -func autoConvert_v1_EnvVarSource_To_core_EnvVarSource(in *v1.EnvVarSource, out *core.EnvVarSource, s conversion.Scope) error { - out.FieldRef = (*core.ObjectFieldSelector)(unsafe.Pointer(in.FieldRef)) - out.ResourceFieldRef = (*core.ResourceFieldSelector)(unsafe.Pointer(in.ResourceFieldRef)) - out.ConfigMapKeyRef = (*core.ConfigMapKeySelector)(unsafe.Pointer(in.ConfigMapKeyRef)) - out.SecretKeyRef = (*core.SecretKeySelector)(unsafe.Pointer(in.SecretKeyRef)) - return nil -} - -// Convert_v1_EnvVarSource_To_core_EnvVarSource is an autogenerated conversion function. -func Convert_v1_EnvVarSource_To_core_EnvVarSource(in *v1.EnvVarSource, out *core.EnvVarSource, s conversion.Scope) error { - return autoConvert_v1_EnvVarSource_To_core_EnvVarSource(in, out, s) -} - -func autoConvert_core_EnvVarSource_To_v1_EnvVarSource(in *core.EnvVarSource, out *v1.EnvVarSource, s conversion.Scope) error { - out.FieldRef = (*v1.ObjectFieldSelector)(unsafe.Pointer(in.FieldRef)) - out.ResourceFieldRef = (*v1.ResourceFieldSelector)(unsafe.Pointer(in.ResourceFieldRef)) - out.ConfigMapKeyRef = (*v1.ConfigMapKeySelector)(unsafe.Pointer(in.ConfigMapKeyRef)) - out.SecretKeyRef = (*v1.SecretKeySelector)(unsafe.Pointer(in.SecretKeyRef)) - return nil -} - -// Convert_core_EnvVarSource_To_v1_EnvVarSource is an autogenerated conversion function. -func Convert_core_EnvVarSource_To_v1_EnvVarSource(in *core.EnvVarSource, out *v1.EnvVarSource, s conversion.Scope) error { - return autoConvert_core_EnvVarSource_To_v1_EnvVarSource(in, out, s) -} - -func autoConvert_v1_EphemeralContainer_To_core_EphemeralContainer(in *v1.EphemeralContainer, out *core.EphemeralContainer, s conversion.Scope) error { - if err := Convert_v1_EphemeralContainerCommon_To_core_EphemeralContainerCommon(&in.EphemeralContainerCommon, &out.EphemeralContainerCommon, s); err != nil { - return err - } - out.TargetContainerName = in.TargetContainerName - return nil -} - -// Convert_v1_EphemeralContainer_To_core_EphemeralContainer is an autogenerated conversion function. -func Convert_v1_EphemeralContainer_To_core_EphemeralContainer(in *v1.EphemeralContainer, out *core.EphemeralContainer, s conversion.Scope) error { - return autoConvert_v1_EphemeralContainer_To_core_EphemeralContainer(in, out, s) -} - -func autoConvert_core_EphemeralContainer_To_v1_EphemeralContainer(in *core.EphemeralContainer, out *v1.EphemeralContainer, s conversion.Scope) error { - if err := Convert_core_EphemeralContainerCommon_To_v1_EphemeralContainerCommon(&in.EphemeralContainerCommon, &out.EphemeralContainerCommon, s); err != nil { - return err - } - out.TargetContainerName = in.TargetContainerName - return nil -} - -// Convert_core_EphemeralContainer_To_v1_EphemeralContainer is an autogenerated conversion function. -func Convert_core_EphemeralContainer_To_v1_EphemeralContainer(in *core.EphemeralContainer, out *v1.EphemeralContainer, s conversion.Scope) error { - return autoConvert_core_EphemeralContainer_To_v1_EphemeralContainer(in, out, s) -} - -func autoConvert_v1_EphemeralContainerCommon_To_core_EphemeralContainerCommon(in *v1.EphemeralContainerCommon, out *core.EphemeralContainerCommon, s conversion.Scope) error { - out.Name = in.Name - out.Image = in.Image - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - out.Args = *(*[]string)(unsafe.Pointer(&in.Args)) - out.WorkingDir = in.WorkingDir - out.Ports = *(*[]core.ContainerPort)(unsafe.Pointer(&in.Ports)) - out.EnvFrom = *(*[]core.EnvFromSource)(unsafe.Pointer(&in.EnvFrom)) - out.Env = *(*[]core.EnvVar)(unsafe.Pointer(&in.Env)) - if err := Convert_v1_ResourceRequirements_To_core_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { - return err - } - out.VolumeMounts = *(*[]core.VolumeMount)(unsafe.Pointer(&in.VolumeMounts)) - out.VolumeDevices = *(*[]core.VolumeDevice)(unsafe.Pointer(&in.VolumeDevices)) - out.LivenessProbe = (*core.Probe)(unsafe.Pointer(in.LivenessProbe)) - out.ReadinessProbe = (*core.Probe)(unsafe.Pointer(in.ReadinessProbe)) - out.StartupProbe = (*core.Probe)(unsafe.Pointer(in.StartupProbe)) - out.Lifecycle = (*core.Lifecycle)(unsafe.Pointer(in.Lifecycle)) - out.TerminationMessagePath = in.TerminationMessagePath - out.TerminationMessagePolicy = core.TerminationMessagePolicy(in.TerminationMessagePolicy) - out.ImagePullPolicy = core.PullPolicy(in.ImagePullPolicy) - out.SecurityContext = (*core.SecurityContext)(unsafe.Pointer(in.SecurityContext)) - out.Stdin = in.Stdin - out.StdinOnce = in.StdinOnce - out.TTY = in.TTY - return nil -} - -// Convert_v1_EphemeralContainerCommon_To_core_EphemeralContainerCommon is an autogenerated conversion function. -func Convert_v1_EphemeralContainerCommon_To_core_EphemeralContainerCommon(in *v1.EphemeralContainerCommon, out *core.EphemeralContainerCommon, s conversion.Scope) error { - return autoConvert_v1_EphemeralContainerCommon_To_core_EphemeralContainerCommon(in, out, s) -} - -func autoConvert_core_EphemeralContainerCommon_To_v1_EphemeralContainerCommon(in *core.EphemeralContainerCommon, out *v1.EphemeralContainerCommon, s conversion.Scope) error { - out.Name = in.Name - out.Image = in.Image - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - out.Args = *(*[]string)(unsafe.Pointer(&in.Args)) - out.WorkingDir = in.WorkingDir - out.Ports = *(*[]v1.ContainerPort)(unsafe.Pointer(&in.Ports)) - out.EnvFrom = *(*[]v1.EnvFromSource)(unsafe.Pointer(&in.EnvFrom)) - out.Env = *(*[]v1.EnvVar)(unsafe.Pointer(&in.Env)) - if err := Convert_core_ResourceRequirements_To_v1_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { - return err - } - out.VolumeMounts = *(*[]v1.VolumeMount)(unsafe.Pointer(&in.VolumeMounts)) - out.VolumeDevices = *(*[]v1.VolumeDevice)(unsafe.Pointer(&in.VolumeDevices)) - out.LivenessProbe = (*v1.Probe)(unsafe.Pointer(in.LivenessProbe)) - out.ReadinessProbe = (*v1.Probe)(unsafe.Pointer(in.ReadinessProbe)) - out.StartupProbe = (*v1.Probe)(unsafe.Pointer(in.StartupProbe)) - out.Lifecycle = (*v1.Lifecycle)(unsafe.Pointer(in.Lifecycle)) - out.TerminationMessagePath = in.TerminationMessagePath - out.TerminationMessagePolicy = v1.TerminationMessagePolicy(in.TerminationMessagePolicy) - out.ImagePullPolicy = v1.PullPolicy(in.ImagePullPolicy) - out.SecurityContext = (*v1.SecurityContext)(unsafe.Pointer(in.SecurityContext)) - out.Stdin = in.Stdin - out.StdinOnce = in.StdinOnce - out.TTY = in.TTY - return nil -} - -// Convert_core_EphemeralContainerCommon_To_v1_EphemeralContainerCommon is an autogenerated conversion function. -func Convert_core_EphemeralContainerCommon_To_v1_EphemeralContainerCommon(in *core.EphemeralContainerCommon, out *v1.EphemeralContainerCommon, s conversion.Scope) error { - return autoConvert_core_EphemeralContainerCommon_To_v1_EphemeralContainerCommon(in, out, s) -} - -func autoConvert_v1_EphemeralVolumeSource_To_core_EphemeralVolumeSource(in *v1.EphemeralVolumeSource, out *core.EphemeralVolumeSource, s conversion.Scope) error { - out.VolumeClaimTemplate = (*core.PersistentVolumeClaimTemplate)(unsafe.Pointer(in.VolumeClaimTemplate)) - return nil -} - -// Convert_v1_EphemeralVolumeSource_To_core_EphemeralVolumeSource is an autogenerated conversion function. -func Convert_v1_EphemeralVolumeSource_To_core_EphemeralVolumeSource(in *v1.EphemeralVolumeSource, out *core.EphemeralVolumeSource, s conversion.Scope) error { - return autoConvert_v1_EphemeralVolumeSource_To_core_EphemeralVolumeSource(in, out, s) -} - -func autoConvert_core_EphemeralVolumeSource_To_v1_EphemeralVolumeSource(in *core.EphemeralVolumeSource, out *v1.EphemeralVolumeSource, s conversion.Scope) error { - out.VolumeClaimTemplate = (*v1.PersistentVolumeClaimTemplate)(unsafe.Pointer(in.VolumeClaimTemplate)) - return nil -} - -// Convert_core_EphemeralVolumeSource_To_v1_EphemeralVolumeSource is an autogenerated conversion function. -func Convert_core_EphemeralVolumeSource_To_v1_EphemeralVolumeSource(in *core.EphemeralVolumeSource, out *v1.EphemeralVolumeSource, s conversion.Scope) error { - return autoConvert_core_EphemeralVolumeSource_To_v1_EphemeralVolumeSource(in, out, s) -} - -func autoConvert_v1_Event_To_core_Event(in *v1.Event, out *core.Event, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ObjectReference_To_core_ObjectReference(&in.InvolvedObject, &out.InvolvedObject, s); err != nil { - return err - } - out.Reason = in.Reason - out.Message = in.Message - if err := Convert_v1_EventSource_To_core_EventSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.FirstTimestamp = in.FirstTimestamp - out.LastTimestamp = in.LastTimestamp - out.Count = in.Count - out.Type = in.Type - out.EventTime = in.EventTime - out.Series = (*core.EventSeries)(unsafe.Pointer(in.Series)) - out.Action = in.Action - out.Related = (*core.ObjectReference)(unsafe.Pointer(in.Related)) - out.ReportingController = in.ReportingController - out.ReportingInstance = in.ReportingInstance - return nil -} - -// Convert_v1_Event_To_core_Event is an autogenerated conversion function. -func Convert_v1_Event_To_core_Event(in *v1.Event, out *core.Event, s conversion.Scope) error { - return autoConvert_v1_Event_To_core_Event(in, out, s) -} - -func autoConvert_core_Event_To_v1_Event(in *core.Event, out *v1.Event, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_ObjectReference_To_v1_ObjectReference(&in.InvolvedObject, &out.InvolvedObject, s); err != nil { - return err - } - out.Reason = in.Reason - out.Message = in.Message - if err := Convert_core_EventSource_To_v1_EventSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.FirstTimestamp = in.FirstTimestamp - out.LastTimestamp = in.LastTimestamp - out.Count = in.Count - out.Type = in.Type - out.EventTime = in.EventTime - out.Series = (*v1.EventSeries)(unsafe.Pointer(in.Series)) - out.Action = in.Action - out.Related = (*v1.ObjectReference)(unsafe.Pointer(in.Related)) - out.ReportingController = in.ReportingController - out.ReportingInstance = in.ReportingInstance - return nil -} - -// Convert_core_Event_To_v1_Event is an autogenerated conversion function. -func Convert_core_Event_To_v1_Event(in *core.Event, out *v1.Event, s conversion.Scope) error { - return autoConvert_core_Event_To_v1_Event(in, out, s) -} - -func autoConvert_v1_EventList_To_core_EventList(in *v1.EventList, out *core.EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.Event)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_EventList_To_core_EventList is an autogenerated conversion function. -func Convert_v1_EventList_To_core_EventList(in *v1.EventList, out *core.EventList, s conversion.Scope) error { - return autoConvert_v1_EventList_To_core_EventList(in, out, s) -} - -func autoConvert_core_EventList_To_v1_EventList(in *core.EventList, out *v1.EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.Event)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_EventList_To_v1_EventList is an autogenerated conversion function. -func Convert_core_EventList_To_v1_EventList(in *core.EventList, out *v1.EventList, s conversion.Scope) error { - return autoConvert_core_EventList_To_v1_EventList(in, out, s) -} - -func autoConvert_v1_EventSeries_To_core_EventSeries(in *v1.EventSeries, out *core.EventSeries, s conversion.Scope) error { - out.Count = in.Count - out.LastObservedTime = in.LastObservedTime - return nil -} - -// Convert_v1_EventSeries_To_core_EventSeries is an autogenerated conversion function. -func Convert_v1_EventSeries_To_core_EventSeries(in *v1.EventSeries, out *core.EventSeries, s conversion.Scope) error { - return autoConvert_v1_EventSeries_To_core_EventSeries(in, out, s) -} - -func autoConvert_core_EventSeries_To_v1_EventSeries(in *core.EventSeries, out *v1.EventSeries, s conversion.Scope) error { - out.Count = in.Count - out.LastObservedTime = in.LastObservedTime - return nil -} - -// Convert_core_EventSeries_To_v1_EventSeries is an autogenerated conversion function. -func Convert_core_EventSeries_To_v1_EventSeries(in *core.EventSeries, out *v1.EventSeries, s conversion.Scope) error { - return autoConvert_core_EventSeries_To_v1_EventSeries(in, out, s) -} - -func autoConvert_v1_EventSource_To_core_EventSource(in *v1.EventSource, out *core.EventSource, s conversion.Scope) error { - out.Component = in.Component - out.Host = in.Host - return nil -} - -// Convert_v1_EventSource_To_core_EventSource is an autogenerated conversion function. -func Convert_v1_EventSource_To_core_EventSource(in *v1.EventSource, out *core.EventSource, s conversion.Scope) error { - return autoConvert_v1_EventSource_To_core_EventSource(in, out, s) -} - -func autoConvert_core_EventSource_To_v1_EventSource(in *core.EventSource, out *v1.EventSource, s conversion.Scope) error { - out.Component = in.Component - out.Host = in.Host - return nil -} - -// Convert_core_EventSource_To_v1_EventSource is an autogenerated conversion function. -func Convert_core_EventSource_To_v1_EventSource(in *core.EventSource, out *v1.EventSource, s conversion.Scope) error { - return autoConvert_core_EventSource_To_v1_EventSource(in, out, s) -} - -func autoConvert_v1_ExecAction_To_core_ExecAction(in *v1.ExecAction, out *core.ExecAction, s conversion.Scope) error { - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - return nil -} - -// Convert_v1_ExecAction_To_core_ExecAction is an autogenerated conversion function. -func Convert_v1_ExecAction_To_core_ExecAction(in *v1.ExecAction, out *core.ExecAction, s conversion.Scope) error { - return autoConvert_v1_ExecAction_To_core_ExecAction(in, out, s) -} - -func autoConvert_core_ExecAction_To_v1_ExecAction(in *core.ExecAction, out *v1.ExecAction, s conversion.Scope) error { - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - return nil -} - -// Convert_core_ExecAction_To_v1_ExecAction is an autogenerated conversion function. -func Convert_core_ExecAction_To_v1_ExecAction(in *core.ExecAction, out *v1.ExecAction, s conversion.Scope) error { - return autoConvert_core_ExecAction_To_v1_ExecAction(in, out, s) -} - -func autoConvert_v1_FCVolumeSource_To_core_FCVolumeSource(in *v1.FCVolumeSource, out *core.FCVolumeSource, s conversion.Scope) error { - out.TargetWWNs = *(*[]string)(unsafe.Pointer(&in.TargetWWNs)) - out.Lun = (*int32)(unsafe.Pointer(in.Lun)) - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.WWIDs = *(*[]string)(unsafe.Pointer(&in.WWIDs)) - return nil -} - -// Convert_v1_FCVolumeSource_To_core_FCVolumeSource is an autogenerated conversion function. -func Convert_v1_FCVolumeSource_To_core_FCVolumeSource(in *v1.FCVolumeSource, out *core.FCVolumeSource, s conversion.Scope) error { - return autoConvert_v1_FCVolumeSource_To_core_FCVolumeSource(in, out, s) -} - -func autoConvert_core_FCVolumeSource_To_v1_FCVolumeSource(in *core.FCVolumeSource, out *v1.FCVolumeSource, s conversion.Scope) error { - out.TargetWWNs = *(*[]string)(unsafe.Pointer(&in.TargetWWNs)) - out.Lun = (*int32)(unsafe.Pointer(in.Lun)) - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.WWIDs = *(*[]string)(unsafe.Pointer(&in.WWIDs)) - return nil -} - -// Convert_core_FCVolumeSource_To_v1_FCVolumeSource is an autogenerated conversion function. -func Convert_core_FCVolumeSource_To_v1_FCVolumeSource(in *core.FCVolumeSource, out *v1.FCVolumeSource, s conversion.Scope) error { - return autoConvert_core_FCVolumeSource_To_v1_FCVolumeSource(in, out, s) -} - -func autoConvert_v1_FlexPersistentVolumeSource_To_core_FlexPersistentVolumeSource(in *v1.FlexPersistentVolumeSource, out *core.FlexPersistentVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.FSType = in.FSType - out.SecretRef = (*core.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - out.Options = *(*map[string]string)(unsafe.Pointer(&in.Options)) - return nil -} - -// Convert_v1_FlexPersistentVolumeSource_To_core_FlexPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_FlexPersistentVolumeSource_To_core_FlexPersistentVolumeSource(in *v1.FlexPersistentVolumeSource, out *core.FlexPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_FlexPersistentVolumeSource_To_core_FlexPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_FlexPersistentVolumeSource_To_v1_FlexPersistentVolumeSource(in *core.FlexPersistentVolumeSource, out *v1.FlexPersistentVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.FSType = in.FSType - out.SecretRef = (*v1.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - out.Options = *(*map[string]string)(unsafe.Pointer(&in.Options)) - return nil -} - -// Convert_core_FlexPersistentVolumeSource_To_v1_FlexPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_FlexPersistentVolumeSource_To_v1_FlexPersistentVolumeSource(in *core.FlexPersistentVolumeSource, out *v1.FlexPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_FlexPersistentVolumeSource_To_v1_FlexPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_FlexVolumeSource_To_core_FlexVolumeSource(in *v1.FlexVolumeSource, out *core.FlexVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.FSType = in.FSType - out.SecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - out.Options = *(*map[string]string)(unsafe.Pointer(&in.Options)) - return nil -} - -// Convert_v1_FlexVolumeSource_To_core_FlexVolumeSource is an autogenerated conversion function. -func Convert_v1_FlexVolumeSource_To_core_FlexVolumeSource(in *v1.FlexVolumeSource, out *core.FlexVolumeSource, s conversion.Scope) error { - return autoConvert_v1_FlexVolumeSource_To_core_FlexVolumeSource(in, out, s) -} - -func autoConvert_core_FlexVolumeSource_To_v1_FlexVolumeSource(in *core.FlexVolumeSource, out *v1.FlexVolumeSource, s conversion.Scope) error { - out.Driver = in.Driver - out.FSType = in.FSType - out.SecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - out.Options = *(*map[string]string)(unsafe.Pointer(&in.Options)) - return nil -} - -// Convert_core_FlexVolumeSource_To_v1_FlexVolumeSource is an autogenerated conversion function. -func Convert_core_FlexVolumeSource_To_v1_FlexVolumeSource(in *core.FlexVolumeSource, out *v1.FlexVolumeSource, s conversion.Scope) error { - return autoConvert_core_FlexVolumeSource_To_v1_FlexVolumeSource(in, out, s) -} - -func autoConvert_v1_FlockerVolumeSource_To_core_FlockerVolumeSource(in *v1.FlockerVolumeSource, out *core.FlockerVolumeSource, s conversion.Scope) error { - out.DatasetName = in.DatasetName - out.DatasetUUID = in.DatasetUUID - return nil -} - -// Convert_v1_FlockerVolumeSource_To_core_FlockerVolumeSource is an autogenerated conversion function. -func Convert_v1_FlockerVolumeSource_To_core_FlockerVolumeSource(in *v1.FlockerVolumeSource, out *core.FlockerVolumeSource, s conversion.Scope) error { - return autoConvert_v1_FlockerVolumeSource_To_core_FlockerVolumeSource(in, out, s) -} - -func autoConvert_core_FlockerVolumeSource_To_v1_FlockerVolumeSource(in *core.FlockerVolumeSource, out *v1.FlockerVolumeSource, s conversion.Scope) error { - out.DatasetName = in.DatasetName - out.DatasetUUID = in.DatasetUUID - return nil -} - -// Convert_core_FlockerVolumeSource_To_v1_FlockerVolumeSource is an autogenerated conversion function. -func Convert_core_FlockerVolumeSource_To_v1_FlockerVolumeSource(in *core.FlockerVolumeSource, out *v1.FlockerVolumeSource, s conversion.Scope) error { - return autoConvert_core_FlockerVolumeSource_To_v1_FlockerVolumeSource(in, out, s) -} - -func autoConvert_v1_GCEPersistentDiskVolumeSource_To_core_GCEPersistentDiskVolumeSource(in *v1.GCEPersistentDiskVolumeSource, out *core.GCEPersistentDiskVolumeSource, s conversion.Scope) error { - out.PDName = in.PDName - out.FSType = in.FSType - out.Partition = in.Partition - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_GCEPersistentDiskVolumeSource_To_core_GCEPersistentDiskVolumeSource is an autogenerated conversion function. -func Convert_v1_GCEPersistentDiskVolumeSource_To_core_GCEPersistentDiskVolumeSource(in *v1.GCEPersistentDiskVolumeSource, out *core.GCEPersistentDiskVolumeSource, s conversion.Scope) error { - return autoConvert_v1_GCEPersistentDiskVolumeSource_To_core_GCEPersistentDiskVolumeSource(in, out, s) -} - -func autoConvert_core_GCEPersistentDiskVolumeSource_To_v1_GCEPersistentDiskVolumeSource(in *core.GCEPersistentDiskVolumeSource, out *v1.GCEPersistentDiskVolumeSource, s conversion.Scope) error { - out.PDName = in.PDName - out.FSType = in.FSType - out.Partition = in.Partition - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_GCEPersistentDiskVolumeSource_To_v1_GCEPersistentDiskVolumeSource is an autogenerated conversion function. -func Convert_core_GCEPersistentDiskVolumeSource_To_v1_GCEPersistentDiskVolumeSource(in *core.GCEPersistentDiskVolumeSource, out *v1.GCEPersistentDiskVolumeSource, s conversion.Scope) error { - return autoConvert_core_GCEPersistentDiskVolumeSource_To_v1_GCEPersistentDiskVolumeSource(in, out, s) -} - -func autoConvert_v1_GRPCAction_To_core_GRPCAction(in *v1.GRPCAction, out *core.GRPCAction, s conversion.Scope) error { - out.Port = in.Port - out.Service = (*string)(unsafe.Pointer(in.Service)) - return nil -} - -// Convert_v1_GRPCAction_To_core_GRPCAction is an autogenerated conversion function. -func Convert_v1_GRPCAction_To_core_GRPCAction(in *v1.GRPCAction, out *core.GRPCAction, s conversion.Scope) error { - return autoConvert_v1_GRPCAction_To_core_GRPCAction(in, out, s) -} - -func autoConvert_core_GRPCAction_To_v1_GRPCAction(in *core.GRPCAction, out *v1.GRPCAction, s conversion.Scope) error { - out.Port = in.Port - out.Service = (*string)(unsafe.Pointer(in.Service)) - return nil -} - -// Convert_core_GRPCAction_To_v1_GRPCAction is an autogenerated conversion function. -func Convert_core_GRPCAction_To_v1_GRPCAction(in *core.GRPCAction, out *v1.GRPCAction, s conversion.Scope) error { - return autoConvert_core_GRPCAction_To_v1_GRPCAction(in, out, s) -} - -func autoConvert_v1_GitRepoVolumeSource_To_core_GitRepoVolumeSource(in *v1.GitRepoVolumeSource, out *core.GitRepoVolumeSource, s conversion.Scope) error { - out.Repository = in.Repository - out.Revision = in.Revision - out.Directory = in.Directory - return nil -} - -// Convert_v1_GitRepoVolumeSource_To_core_GitRepoVolumeSource is an autogenerated conversion function. -func Convert_v1_GitRepoVolumeSource_To_core_GitRepoVolumeSource(in *v1.GitRepoVolumeSource, out *core.GitRepoVolumeSource, s conversion.Scope) error { - return autoConvert_v1_GitRepoVolumeSource_To_core_GitRepoVolumeSource(in, out, s) -} - -func autoConvert_core_GitRepoVolumeSource_To_v1_GitRepoVolumeSource(in *core.GitRepoVolumeSource, out *v1.GitRepoVolumeSource, s conversion.Scope) error { - out.Repository = in.Repository - out.Revision = in.Revision - out.Directory = in.Directory - return nil -} - -// Convert_core_GitRepoVolumeSource_To_v1_GitRepoVolumeSource is an autogenerated conversion function. -func Convert_core_GitRepoVolumeSource_To_v1_GitRepoVolumeSource(in *core.GitRepoVolumeSource, out *v1.GitRepoVolumeSource, s conversion.Scope) error { - return autoConvert_core_GitRepoVolumeSource_To_v1_GitRepoVolumeSource(in, out, s) -} - -func autoConvert_v1_GlusterfsPersistentVolumeSource_To_core_GlusterfsPersistentVolumeSource(in *v1.GlusterfsPersistentVolumeSource, out *core.GlusterfsPersistentVolumeSource, s conversion.Scope) error { - out.EndpointsName = in.EndpointsName - out.Path = in.Path - out.ReadOnly = in.ReadOnly - out.EndpointsNamespace = (*string)(unsafe.Pointer(in.EndpointsNamespace)) - return nil -} - -// Convert_v1_GlusterfsPersistentVolumeSource_To_core_GlusterfsPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_GlusterfsPersistentVolumeSource_To_core_GlusterfsPersistentVolumeSource(in *v1.GlusterfsPersistentVolumeSource, out *core.GlusterfsPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_GlusterfsPersistentVolumeSource_To_core_GlusterfsPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_GlusterfsPersistentVolumeSource_To_v1_GlusterfsPersistentVolumeSource(in *core.GlusterfsPersistentVolumeSource, out *v1.GlusterfsPersistentVolumeSource, s conversion.Scope) error { - out.EndpointsName = in.EndpointsName - out.Path = in.Path - out.ReadOnly = in.ReadOnly - out.EndpointsNamespace = (*string)(unsafe.Pointer(in.EndpointsNamespace)) - return nil -} - -// Convert_core_GlusterfsPersistentVolumeSource_To_v1_GlusterfsPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_GlusterfsPersistentVolumeSource_To_v1_GlusterfsPersistentVolumeSource(in *core.GlusterfsPersistentVolumeSource, out *v1.GlusterfsPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_GlusterfsPersistentVolumeSource_To_v1_GlusterfsPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_GlusterfsVolumeSource_To_core_GlusterfsVolumeSource(in *v1.GlusterfsVolumeSource, out *core.GlusterfsVolumeSource, s conversion.Scope) error { - out.EndpointsName = in.EndpointsName - out.Path = in.Path - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_GlusterfsVolumeSource_To_core_GlusterfsVolumeSource is an autogenerated conversion function. -func Convert_v1_GlusterfsVolumeSource_To_core_GlusterfsVolumeSource(in *v1.GlusterfsVolumeSource, out *core.GlusterfsVolumeSource, s conversion.Scope) error { - return autoConvert_v1_GlusterfsVolumeSource_To_core_GlusterfsVolumeSource(in, out, s) -} - -func autoConvert_core_GlusterfsVolumeSource_To_v1_GlusterfsVolumeSource(in *core.GlusterfsVolumeSource, out *v1.GlusterfsVolumeSource, s conversion.Scope) error { - out.EndpointsName = in.EndpointsName - out.Path = in.Path - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_GlusterfsVolumeSource_To_v1_GlusterfsVolumeSource is an autogenerated conversion function. -func Convert_core_GlusterfsVolumeSource_To_v1_GlusterfsVolumeSource(in *core.GlusterfsVolumeSource, out *v1.GlusterfsVolumeSource, s conversion.Scope) error { - return autoConvert_core_GlusterfsVolumeSource_To_v1_GlusterfsVolumeSource(in, out, s) -} - -func autoConvert_v1_HTTPGetAction_To_core_HTTPGetAction(in *v1.HTTPGetAction, out *core.HTTPGetAction, s conversion.Scope) error { - out.Path = in.Path - out.Port = in.Port - out.Host = in.Host - out.Scheme = core.URIScheme(in.Scheme) - out.HTTPHeaders = *(*[]core.HTTPHeader)(unsafe.Pointer(&in.HTTPHeaders)) - return nil -} - -// Convert_v1_HTTPGetAction_To_core_HTTPGetAction is an autogenerated conversion function. -func Convert_v1_HTTPGetAction_To_core_HTTPGetAction(in *v1.HTTPGetAction, out *core.HTTPGetAction, s conversion.Scope) error { - return autoConvert_v1_HTTPGetAction_To_core_HTTPGetAction(in, out, s) -} - -func autoConvert_core_HTTPGetAction_To_v1_HTTPGetAction(in *core.HTTPGetAction, out *v1.HTTPGetAction, s conversion.Scope) error { - out.Path = in.Path - out.Port = in.Port - out.Host = in.Host - out.Scheme = v1.URIScheme(in.Scheme) - out.HTTPHeaders = *(*[]v1.HTTPHeader)(unsafe.Pointer(&in.HTTPHeaders)) - return nil -} - -// Convert_core_HTTPGetAction_To_v1_HTTPGetAction is an autogenerated conversion function. -func Convert_core_HTTPGetAction_To_v1_HTTPGetAction(in *core.HTTPGetAction, out *v1.HTTPGetAction, s conversion.Scope) error { - return autoConvert_core_HTTPGetAction_To_v1_HTTPGetAction(in, out, s) -} - -func autoConvert_v1_HTTPHeader_To_core_HTTPHeader(in *v1.HTTPHeader, out *core.HTTPHeader, s conversion.Scope) error { - out.Name = in.Name - out.Value = in.Value - return nil -} - -// Convert_v1_HTTPHeader_To_core_HTTPHeader is an autogenerated conversion function. -func Convert_v1_HTTPHeader_To_core_HTTPHeader(in *v1.HTTPHeader, out *core.HTTPHeader, s conversion.Scope) error { - return autoConvert_v1_HTTPHeader_To_core_HTTPHeader(in, out, s) -} - -func autoConvert_core_HTTPHeader_To_v1_HTTPHeader(in *core.HTTPHeader, out *v1.HTTPHeader, s conversion.Scope) error { - out.Name = in.Name - out.Value = in.Value - return nil -} - -// Convert_core_HTTPHeader_To_v1_HTTPHeader is an autogenerated conversion function. -func Convert_core_HTTPHeader_To_v1_HTTPHeader(in *core.HTTPHeader, out *v1.HTTPHeader, s conversion.Scope) error { - return autoConvert_core_HTTPHeader_To_v1_HTTPHeader(in, out, s) -} - -func autoConvert_v1_HostAlias_To_core_HostAlias(in *v1.HostAlias, out *core.HostAlias, s conversion.Scope) error { - out.IP = in.IP - out.Hostnames = *(*[]string)(unsafe.Pointer(&in.Hostnames)) - return nil -} - -// Convert_v1_HostAlias_To_core_HostAlias is an autogenerated conversion function. -func Convert_v1_HostAlias_To_core_HostAlias(in *v1.HostAlias, out *core.HostAlias, s conversion.Scope) error { - return autoConvert_v1_HostAlias_To_core_HostAlias(in, out, s) -} - -func autoConvert_core_HostAlias_To_v1_HostAlias(in *core.HostAlias, out *v1.HostAlias, s conversion.Scope) error { - out.IP = in.IP - out.Hostnames = *(*[]string)(unsafe.Pointer(&in.Hostnames)) - return nil -} - -// Convert_core_HostAlias_To_v1_HostAlias is an autogenerated conversion function. -func Convert_core_HostAlias_To_v1_HostAlias(in *core.HostAlias, out *v1.HostAlias, s conversion.Scope) error { - return autoConvert_core_HostAlias_To_v1_HostAlias(in, out, s) -} - -func autoConvert_v1_HostPathVolumeSource_To_core_HostPathVolumeSource(in *v1.HostPathVolumeSource, out *core.HostPathVolumeSource, s conversion.Scope) error { - out.Path = in.Path - out.Type = (*core.HostPathType)(unsafe.Pointer(in.Type)) - return nil -} - -// Convert_v1_HostPathVolumeSource_To_core_HostPathVolumeSource is an autogenerated conversion function. -func Convert_v1_HostPathVolumeSource_To_core_HostPathVolumeSource(in *v1.HostPathVolumeSource, out *core.HostPathVolumeSource, s conversion.Scope) error { - return autoConvert_v1_HostPathVolumeSource_To_core_HostPathVolumeSource(in, out, s) -} - -func autoConvert_core_HostPathVolumeSource_To_v1_HostPathVolumeSource(in *core.HostPathVolumeSource, out *v1.HostPathVolumeSource, s conversion.Scope) error { - out.Path = in.Path - out.Type = (*v1.HostPathType)(unsafe.Pointer(in.Type)) - return nil -} - -// Convert_core_HostPathVolumeSource_To_v1_HostPathVolumeSource is an autogenerated conversion function. -func Convert_core_HostPathVolumeSource_To_v1_HostPathVolumeSource(in *core.HostPathVolumeSource, out *v1.HostPathVolumeSource, s conversion.Scope) error { - return autoConvert_core_HostPathVolumeSource_To_v1_HostPathVolumeSource(in, out, s) -} - -func autoConvert_v1_ISCSIPersistentVolumeSource_To_core_ISCSIPersistentVolumeSource(in *v1.ISCSIPersistentVolumeSource, out *core.ISCSIPersistentVolumeSource, s conversion.Scope) error { - out.TargetPortal = in.TargetPortal - out.IQN = in.IQN - out.Lun = in.Lun - out.ISCSIInterface = in.ISCSIInterface - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals)) - out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth - out.SessionCHAPAuth = in.SessionCHAPAuth - out.SecretRef = (*core.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.InitiatorName = (*string)(unsafe.Pointer(in.InitiatorName)) - return nil -} - -// Convert_v1_ISCSIPersistentVolumeSource_To_core_ISCSIPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_ISCSIPersistentVolumeSource_To_core_ISCSIPersistentVolumeSource(in *v1.ISCSIPersistentVolumeSource, out *core.ISCSIPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_ISCSIPersistentVolumeSource_To_core_ISCSIPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_ISCSIPersistentVolumeSource_To_v1_ISCSIPersistentVolumeSource(in *core.ISCSIPersistentVolumeSource, out *v1.ISCSIPersistentVolumeSource, s conversion.Scope) error { - out.TargetPortal = in.TargetPortal - out.IQN = in.IQN - out.Lun = in.Lun - out.ISCSIInterface = in.ISCSIInterface - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals)) - out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth - out.SessionCHAPAuth = in.SessionCHAPAuth - out.SecretRef = (*v1.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.InitiatorName = (*string)(unsafe.Pointer(in.InitiatorName)) - return nil -} - -// Convert_core_ISCSIPersistentVolumeSource_To_v1_ISCSIPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_ISCSIPersistentVolumeSource_To_v1_ISCSIPersistentVolumeSource(in *core.ISCSIPersistentVolumeSource, out *v1.ISCSIPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_ISCSIPersistentVolumeSource_To_v1_ISCSIPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_ISCSIVolumeSource_To_core_ISCSIVolumeSource(in *v1.ISCSIVolumeSource, out *core.ISCSIVolumeSource, s conversion.Scope) error { - out.TargetPortal = in.TargetPortal - out.IQN = in.IQN - out.Lun = in.Lun - out.ISCSIInterface = in.ISCSIInterface - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals)) - out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth - out.SessionCHAPAuth = in.SessionCHAPAuth - out.SecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.InitiatorName = (*string)(unsafe.Pointer(in.InitiatorName)) - return nil -} - -// Convert_v1_ISCSIVolumeSource_To_core_ISCSIVolumeSource is an autogenerated conversion function. -func Convert_v1_ISCSIVolumeSource_To_core_ISCSIVolumeSource(in *v1.ISCSIVolumeSource, out *core.ISCSIVolumeSource, s conversion.Scope) error { - return autoConvert_v1_ISCSIVolumeSource_To_core_ISCSIVolumeSource(in, out, s) -} - -func autoConvert_core_ISCSIVolumeSource_To_v1_ISCSIVolumeSource(in *core.ISCSIVolumeSource, out *v1.ISCSIVolumeSource, s conversion.Scope) error { - out.TargetPortal = in.TargetPortal - out.IQN = in.IQN - out.Lun = in.Lun - out.ISCSIInterface = in.ISCSIInterface - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals)) - out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth - out.SessionCHAPAuth = in.SessionCHAPAuth - out.SecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.InitiatorName = (*string)(unsafe.Pointer(in.InitiatorName)) - return nil -} - -// Convert_core_ISCSIVolumeSource_To_v1_ISCSIVolumeSource is an autogenerated conversion function. -func Convert_core_ISCSIVolumeSource_To_v1_ISCSIVolumeSource(in *core.ISCSIVolumeSource, out *v1.ISCSIVolumeSource, s conversion.Scope) error { - return autoConvert_core_ISCSIVolumeSource_To_v1_ISCSIVolumeSource(in, out, s) -} - -func autoConvert_v1_KeyToPath_To_core_KeyToPath(in *v1.KeyToPath, out *core.KeyToPath, s conversion.Scope) error { - out.Key = in.Key - out.Path = in.Path - out.Mode = (*int32)(unsafe.Pointer(in.Mode)) - return nil -} - -// Convert_v1_KeyToPath_To_core_KeyToPath is an autogenerated conversion function. -func Convert_v1_KeyToPath_To_core_KeyToPath(in *v1.KeyToPath, out *core.KeyToPath, s conversion.Scope) error { - return autoConvert_v1_KeyToPath_To_core_KeyToPath(in, out, s) -} - -func autoConvert_core_KeyToPath_To_v1_KeyToPath(in *core.KeyToPath, out *v1.KeyToPath, s conversion.Scope) error { - out.Key = in.Key - out.Path = in.Path - out.Mode = (*int32)(unsafe.Pointer(in.Mode)) - return nil -} - -// Convert_core_KeyToPath_To_v1_KeyToPath is an autogenerated conversion function. -func Convert_core_KeyToPath_To_v1_KeyToPath(in *core.KeyToPath, out *v1.KeyToPath, s conversion.Scope) error { - return autoConvert_core_KeyToPath_To_v1_KeyToPath(in, out, s) -} - -func autoConvert_v1_Lifecycle_To_core_Lifecycle(in *v1.Lifecycle, out *core.Lifecycle, s conversion.Scope) error { - out.PostStart = (*core.LifecycleHandler)(unsafe.Pointer(in.PostStart)) - out.PreStop = (*core.LifecycleHandler)(unsafe.Pointer(in.PreStop)) - return nil -} - -// Convert_v1_Lifecycle_To_core_Lifecycle is an autogenerated conversion function. -func Convert_v1_Lifecycle_To_core_Lifecycle(in *v1.Lifecycle, out *core.Lifecycle, s conversion.Scope) error { - return autoConvert_v1_Lifecycle_To_core_Lifecycle(in, out, s) -} - -func autoConvert_core_Lifecycle_To_v1_Lifecycle(in *core.Lifecycle, out *v1.Lifecycle, s conversion.Scope) error { - out.PostStart = (*v1.LifecycleHandler)(unsafe.Pointer(in.PostStart)) - out.PreStop = (*v1.LifecycleHandler)(unsafe.Pointer(in.PreStop)) - return nil -} - -// Convert_core_Lifecycle_To_v1_Lifecycle is an autogenerated conversion function. -func Convert_core_Lifecycle_To_v1_Lifecycle(in *core.Lifecycle, out *v1.Lifecycle, s conversion.Scope) error { - return autoConvert_core_Lifecycle_To_v1_Lifecycle(in, out, s) -} - -func autoConvert_v1_LifecycleHandler_To_core_LifecycleHandler(in *v1.LifecycleHandler, out *core.LifecycleHandler, s conversion.Scope) error { - out.Exec = (*core.ExecAction)(unsafe.Pointer(in.Exec)) - out.HTTPGet = (*core.HTTPGetAction)(unsafe.Pointer(in.HTTPGet)) - out.TCPSocket = (*core.TCPSocketAction)(unsafe.Pointer(in.TCPSocket)) - return nil -} - -// Convert_v1_LifecycleHandler_To_core_LifecycleHandler is an autogenerated conversion function. -func Convert_v1_LifecycleHandler_To_core_LifecycleHandler(in *v1.LifecycleHandler, out *core.LifecycleHandler, s conversion.Scope) error { - return autoConvert_v1_LifecycleHandler_To_core_LifecycleHandler(in, out, s) -} - -func autoConvert_core_LifecycleHandler_To_v1_LifecycleHandler(in *core.LifecycleHandler, out *v1.LifecycleHandler, s conversion.Scope) error { - out.Exec = (*v1.ExecAction)(unsafe.Pointer(in.Exec)) - out.HTTPGet = (*v1.HTTPGetAction)(unsafe.Pointer(in.HTTPGet)) - out.TCPSocket = (*v1.TCPSocketAction)(unsafe.Pointer(in.TCPSocket)) - return nil -} - -// Convert_core_LifecycleHandler_To_v1_LifecycleHandler is an autogenerated conversion function. -func Convert_core_LifecycleHandler_To_v1_LifecycleHandler(in *core.LifecycleHandler, out *v1.LifecycleHandler, s conversion.Scope) error { - return autoConvert_core_LifecycleHandler_To_v1_LifecycleHandler(in, out, s) -} - -func autoConvert_v1_LimitRange_To_core_LimitRange(in *v1.LimitRange, out *core.LimitRange, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_LimitRangeSpec_To_core_LimitRangeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1_LimitRange_To_core_LimitRange is an autogenerated conversion function. -func Convert_v1_LimitRange_To_core_LimitRange(in *v1.LimitRange, out *core.LimitRange, s conversion.Scope) error { - return autoConvert_v1_LimitRange_To_core_LimitRange(in, out, s) -} - -func autoConvert_core_LimitRange_To_v1_LimitRange(in *core.LimitRange, out *v1.LimitRange, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_LimitRangeSpec_To_v1_LimitRangeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_core_LimitRange_To_v1_LimitRange is an autogenerated conversion function. -func Convert_core_LimitRange_To_v1_LimitRange(in *core.LimitRange, out *v1.LimitRange, s conversion.Scope) error { - return autoConvert_core_LimitRange_To_v1_LimitRange(in, out, s) -} - -func autoConvert_v1_LimitRangeItem_To_core_LimitRangeItem(in *v1.LimitRangeItem, out *core.LimitRangeItem, s conversion.Scope) error { - out.Type = core.LimitType(in.Type) - out.Max = *(*core.ResourceList)(unsafe.Pointer(&in.Max)) - out.Min = *(*core.ResourceList)(unsafe.Pointer(&in.Min)) - out.Default = *(*core.ResourceList)(unsafe.Pointer(&in.Default)) - out.DefaultRequest = *(*core.ResourceList)(unsafe.Pointer(&in.DefaultRequest)) - out.MaxLimitRequestRatio = *(*core.ResourceList)(unsafe.Pointer(&in.MaxLimitRequestRatio)) - return nil -} - -// Convert_v1_LimitRangeItem_To_core_LimitRangeItem is an autogenerated conversion function. -func Convert_v1_LimitRangeItem_To_core_LimitRangeItem(in *v1.LimitRangeItem, out *core.LimitRangeItem, s conversion.Scope) error { - return autoConvert_v1_LimitRangeItem_To_core_LimitRangeItem(in, out, s) -} - -func autoConvert_core_LimitRangeItem_To_v1_LimitRangeItem(in *core.LimitRangeItem, out *v1.LimitRangeItem, s conversion.Scope) error { - out.Type = v1.LimitType(in.Type) - out.Max = *(*v1.ResourceList)(unsafe.Pointer(&in.Max)) - out.Min = *(*v1.ResourceList)(unsafe.Pointer(&in.Min)) - out.Default = *(*v1.ResourceList)(unsafe.Pointer(&in.Default)) - out.DefaultRequest = *(*v1.ResourceList)(unsafe.Pointer(&in.DefaultRequest)) - out.MaxLimitRequestRatio = *(*v1.ResourceList)(unsafe.Pointer(&in.MaxLimitRequestRatio)) - return nil -} - -// Convert_core_LimitRangeItem_To_v1_LimitRangeItem is an autogenerated conversion function. -func Convert_core_LimitRangeItem_To_v1_LimitRangeItem(in *core.LimitRangeItem, out *v1.LimitRangeItem, s conversion.Scope) error { - return autoConvert_core_LimitRangeItem_To_v1_LimitRangeItem(in, out, s) -} - -func autoConvert_v1_LimitRangeList_To_core_LimitRangeList(in *v1.LimitRangeList, out *core.LimitRangeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.LimitRange)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_LimitRangeList_To_core_LimitRangeList is an autogenerated conversion function. -func Convert_v1_LimitRangeList_To_core_LimitRangeList(in *v1.LimitRangeList, out *core.LimitRangeList, s conversion.Scope) error { - return autoConvert_v1_LimitRangeList_To_core_LimitRangeList(in, out, s) -} - -func autoConvert_core_LimitRangeList_To_v1_LimitRangeList(in *core.LimitRangeList, out *v1.LimitRangeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.LimitRange)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_LimitRangeList_To_v1_LimitRangeList is an autogenerated conversion function. -func Convert_core_LimitRangeList_To_v1_LimitRangeList(in *core.LimitRangeList, out *v1.LimitRangeList, s conversion.Scope) error { - return autoConvert_core_LimitRangeList_To_v1_LimitRangeList(in, out, s) -} - -func autoConvert_v1_LimitRangeSpec_To_core_LimitRangeSpec(in *v1.LimitRangeSpec, out *core.LimitRangeSpec, s conversion.Scope) error { - out.Limits = *(*[]core.LimitRangeItem)(unsafe.Pointer(&in.Limits)) - return nil -} - -// Convert_v1_LimitRangeSpec_To_core_LimitRangeSpec is an autogenerated conversion function. -func Convert_v1_LimitRangeSpec_To_core_LimitRangeSpec(in *v1.LimitRangeSpec, out *core.LimitRangeSpec, s conversion.Scope) error { - return autoConvert_v1_LimitRangeSpec_To_core_LimitRangeSpec(in, out, s) -} - -func autoConvert_core_LimitRangeSpec_To_v1_LimitRangeSpec(in *core.LimitRangeSpec, out *v1.LimitRangeSpec, s conversion.Scope) error { - out.Limits = *(*[]v1.LimitRangeItem)(unsafe.Pointer(&in.Limits)) - return nil -} - -// Convert_core_LimitRangeSpec_To_v1_LimitRangeSpec is an autogenerated conversion function. -func Convert_core_LimitRangeSpec_To_v1_LimitRangeSpec(in *core.LimitRangeSpec, out *v1.LimitRangeSpec, s conversion.Scope) error { - return autoConvert_core_LimitRangeSpec_To_v1_LimitRangeSpec(in, out, s) -} - -func autoConvert_v1_List_To_core_List(in *v1.List, out *core.List, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]runtime.Object, len(*in)) - for i := range *in { - if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_List_To_core_List is an autogenerated conversion function. -func Convert_v1_List_To_core_List(in *v1.List, out *core.List, s conversion.Scope) error { - return autoConvert_v1_List_To_core_List(in, out, s) -} - -func autoConvert_core_List_To_v1_List(in *core.List, out *v1.List, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]runtime.RawExtension, len(*in)) - for i := range *in { - if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_List_To_v1_List is an autogenerated conversion function. -func Convert_core_List_To_v1_List(in *core.List, out *v1.List, s conversion.Scope) error { - return autoConvert_core_List_To_v1_List(in, out, s) -} - -func autoConvert_v1_LoadBalancerIngress_To_core_LoadBalancerIngress(in *v1.LoadBalancerIngress, out *core.LoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]core.PortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1_LoadBalancerIngress_To_core_LoadBalancerIngress is an autogenerated conversion function. -func Convert_v1_LoadBalancerIngress_To_core_LoadBalancerIngress(in *v1.LoadBalancerIngress, out *core.LoadBalancerIngress, s conversion.Scope) error { - return autoConvert_v1_LoadBalancerIngress_To_core_LoadBalancerIngress(in, out, s) -} - -func autoConvert_core_LoadBalancerIngress_To_v1_LoadBalancerIngress(in *core.LoadBalancerIngress, out *v1.LoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]v1.PortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_core_LoadBalancerIngress_To_v1_LoadBalancerIngress is an autogenerated conversion function. -func Convert_core_LoadBalancerIngress_To_v1_LoadBalancerIngress(in *core.LoadBalancerIngress, out *v1.LoadBalancerIngress, s conversion.Scope) error { - return autoConvert_core_LoadBalancerIngress_To_v1_LoadBalancerIngress(in, out, s) -} - -func autoConvert_v1_LoadBalancerStatus_To_core_LoadBalancerStatus(in *v1.LoadBalancerStatus, out *core.LoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]core.LoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -func autoConvert_core_LoadBalancerStatus_To_v1_LoadBalancerStatus(in *core.LoadBalancerStatus, out *v1.LoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]v1.LoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -func autoConvert_v1_LocalObjectReference_To_core_LocalObjectReference(in *v1.LocalObjectReference, out *core.LocalObjectReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1_LocalObjectReference_To_core_LocalObjectReference is an autogenerated conversion function. -func Convert_v1_LocalObjectReference_To_core_LocalObjectReference(in *v1.LocalObjectReference, out *core.LocalObjectReference, s conversion.Scope) error { - return autoConvert_v1_LocalObjectReference_To_core_LocalObjectReference(in, out, s) -} - -func autoConvert_core_LocalObjectReference_To_v1_LocalObjectReference(in *core.LocalObjectReference, out *v1.LocalObjectReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_core_LocalObjectReference_To_v1_LocalObjectReference is an autogenerated conversion function. -func Convert_core_LocalObjectReference_To_v1_LocalObjectReference(in *core.LocalObjectReference, out *v1.LocalObjectReference, s conversion.Scope) error { - return autoConvert_core_LocalObjectReference_To_v1_LocalObjectReference(in, out, s) -} - -func autoConvert_v1_LocalVolumeSource_To_core_LocalVolumeSource(in *v1.LocalVolumeSource, out *core.LocalVolumeSource, s conversion.Scope) error { - out.Path = in.Path - out.FSType = (*string)(unsafe.Pointer(in.FSType)) - return nil -} - -// Convert_v1_LocalVolumeSource_To_core_LocalVolumeSource is an autogenerated conversion function. -func Convert_v1_LocalVolumeSource_To_core_LocalVolumeSource(in *v1.LocalVolumeSource, out *core.LocalVolumeSource, s conversion.Scope) error { - return autoConvert_v1_LocalVolumeSource_To_core_LocalVolumeSource(in, out, s) -} - -func autoConvert_core_LocalVolumeSource_To_v1_LocalVolumeSource(in *core.LocalVolumeSource, out *v1.LocalVolumeSource, s conversion.Scope) error { - out.Path = in.Path - out.FSType = (*string)(unsafe.Pointer(in.FSType)) - return nil -} - -// Convert_core_LocalVolumeSource_To_v1_LocalVolumeSource is an autogenerated conversion function. -func Convert_core_LocalVolumeSource_To_v1_LocalVolumeSource(in *core.LocalVolumeSource, out *v1.LocalVolumeSource, s conversion.Scope) error { - return autoConvert_core_LocalVolumeSource_To_v1_LocalVolumeSource(in, out, s) -} - -func autoConvert_v1_NFSVolumeSource_To_core_NFSVolumeSource(in *v1.NFSVolumeSource, out *core.NFSVolumeSource, s conversion.Scope) error { - out.Server = in.Server - out.Path = in.Path - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_NFSVolumeSource_To_core_NFSVolumeSource is an autogenerated conversion function. -func Convert_v1_NFSVolumeSource_To_core_NFSVolumeSource(in *v1.NFSVolumeSource, out *core.NFSVolumeSource, s conversion.Scope) error { - return autoConvert_v1_NFSVolumeSource_To_core_NFSVolumeSource(in, out, s) -} - -func autoConvert_core_NFSVolumeSource_To_v1_NFSVolumeSource(in *core.NFSVolumeSource, out *v1.NFSVolumeSource, s conversion.Scope) error { - out.Server = in.Server - out.Path = in.Path - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_NFSVolumeSource_To_v1_NFSVolumeSource is an autogenerated conversion function. -func Convert_core_NFSVolumeSource_To_v1_NFSVolumeSource(in *core.NFSVolumeSource, out *v1.NFSVolumeSource, s conversion.Scope) error { - return autoConvert_core_NFSVolumeSource_To_v1_NFSVolumeSource(in, out, s) -} - -func autoConvert_v1_Namespace_To_core_Namespace(in *v1.Namespace, out *core.Namespace, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_NamespaceSpec_To_core_NamespaceSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_NamespaceStatus_To_core_NamespaceStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Namespace_To_core_Namespace is an autogenerated conversion function. -func Convert_v1_Namespace_To_core_Namespace(in *v1.Namespace, out *core.Namespace, s conversion.Scope) error { - return autoConvert_v1_Namespace_To_core_Namespace(in, out, s) -} - -func autoConvert_core_Namespace_To_v1_Namespace(in *core.Namespace, out *v1.Namespace, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_NamespaceSpec_To_v1_NamespaceSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_NamespaceStatus_To_v1_NamespaceStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_Namespace_To_v1_Namespace is an autogenerated conversion function. -func Convert_core_Namespace_To_v1_Namespace(in *core.Namespace, out *v1.Namespace, s conversion.Scope) error { - return autoConvert_core_Namespace_To_v1_Namespace(in, out, s) -} - -func autoConvert_v1_NamespaceCondition_To_core_NamespaceCondition(in *v1.NamespaceCondition, out *core.NamespaceCondition, s conversion.Scope) error { - out.Type = core.NamespaceConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_NamespaceCondition_To_core_NamespaceCondition is an autogenerated conversion function. -func Convert_v1_NamespaceCondition_To_core_NamespaceCondition(in *v1.NamespaceCondition, out *core.NamespaceCondition, s conversion.Scope) error { - return autoConvert_v1_NamespaceCondition_To_core_NamespaceCondition(in, out, s) -} - -func autoConvert_core_NamespaceCondition_To_v1_NamespaceCondition(in *core.NamespaceCondition, out *v1.NamespaceCondition, s conversion.Scope) error { - out.Type = v1.NamespaceConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_core_NamespaceCondition_To_v1_NamespaceCondition is an autogenerated conversion function. -func Convert_core_NamespaceCondition_To_v1_NamespaceCondition(in *core.NamespaceCondition, out *v1.NamespaceCondition, s conversion.Scope) error { - return autoConvert_core_NamespaceCondition_To_v1_NamespaceCondition(in, out, s) -} - -func autoConvert_v1_NamespaceList_To_core_NamespaceList(in *v1.NamespaceList, out *core.NamespaceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.Namespace)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_NamespaceList_To_core_NamespaceList is an autogenerated conversion function. -func Convert_v1_NamespaceList_To_core_NamespaceList(in *v1.NamespaceList, out *core.NamespaceList, s conversion.Scope) error { - return autoConvert_v1_NamespaceList_To_core_NamespaceList(in, out, s) -} - -func autoConvert_core_NamespaceList_To_v1_NamespaceList(in *core.NamespaceList, out *v1.NamespaceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.Namespace)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_NamespaceList_To_v1_NamespaceList is an autogenerated conversion function. -func Convert_core_NamespaceList_To_v1_NamespaceList(in *core.NamespaceList, out *v1.NamespaceList, s conversion.Scope) error { - return autoConvert_core_NamespaceList_To_v1_NamespaceList(in, out, s) -} - -func autoConvert_v1_NamespaceSpec_To_core_NamespaceSpec(in *v1.NamespaceSpec, out *core.NamespaceSpec, s conversion.Scope) error { - out.Finalizers = *(*[]core.FinalizerName)(unsafe.Pointer(&in.Finalizers)) - return nil -} - -// Convert_v1_NamespaceSpec_To_core_NamespaceSpec is an autogenerated conversion function. -func Convert_v1_NamespaceSpec_To_core_NamespaceSpec(in *v1.NamespaceSpec, out *core.NamespaceSpec, s conversion.Scope) error { - return autoConvert_v1_NamespaceSpec_To_core_NamespaceSpec(in, out, s) -} - -func autoConvert_core_NamespaceSpec_To_v1_NamespaceSpec(in *core.NamespaceSpec, out *v1.NamespaceSpec, s conversion.Scope) error { - out.Finalizers = *(*[]v1.FinalizerName)(unsafe.Pointer(&in.Finalizers)) - return nil -} - -// Convert_core_NamespaceSpec_To_v1_NamespaceSpec is an autogenerated conversion function. -func Convert_core_NamespaceSpec_To_v1_NamespaceSpec(in *core.NamespaceSpec, out *v1.NamespaceSpec, s conversion.Scope) error { - return autoConvert_core_NamespaceSpec_To_v1_NamespaceSpec(in, out, s) -} - -func autoConvert_v1_NamespaceStatus_To_core_NamespaceStatus(in *v1.NamespaceStatus, out *core.NamespaceStatus, s conversion.Scope) error { - out.Phase = core.NamespacePhase(in.Phase) - out.Conditions = *(*[]core.NamespaceCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_NamespaceStatus_To_core_NamespaceStatus is an autogenerated conversion function. -func Convert_v1_NamespaceStatus_To_core_NamespaceStatus(in *v1.NamespaceStatus, out *core.NamespaceStatus, s conversion.Scope) error { - return autoConvert_v1_NamespaceStatus_To_core_NamespaceStatus(in, out, s) -} - -func autoConvert_core_NamespaceStatus_To_v1_NamespaceStatus(in *core.NamespaceStatus, out *v1.NamespaceStatus, s conversion.Scope) error { - out.Phase = v1.NamespacePhase(in.Phase) - out.Conditions = *(*[]v1.NamespaceCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_core_NamespaceStatus_To_v1_NamespaceStatus is an autogenerated conversion function. -func Convert_core_NamespaceStatus_To_v1_NamespaceStatus(in *core.NamespaceStatus, out *v1.NamespaceStatus, s conversion.Scope) error { - return autoConvert_core_NamespaceStatus_To_v1_NamespaceStatus(in, out, s) -} - -func autoConvert_v1_Node_To_core_Node(in *v1.Node, out *core.Node, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_NodeSpec_To_core_NodeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_NodeStatus_To_core_NodeStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Node_To_core_Node is an autogenerated conversion function. -func Convert_v1_Node_To_core_Node(in *v1.Node, out *core.Node, s conversion.Scope) error { - return autoConvert_v1_Node_To_core_Node(in, out, s) -} - -func autoConvert_core_Node_To_v1_Node(in *core.Node, out *v1.Node, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_NodeSpec_To_v1_NodeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_NodeStatus_To_v1_NodeStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_Node_To_v1_Node is an autogenerated conversion function. -func Convert_core_Node_To_v1_Node(in *core.Node, out *v1.Node, s conversion.Scope) error { - return autoConvert_core_Node_To_v1_Node(in, out, s) -} - -func autoConvert_v1_NodeAddress_To_core_NodeAddress(in *v1.NodeAddress, out *core.NodeAddress, s conversion.Scope) error { - out.Type = core.NodeAddressType(in.Type) - out.Address = in.Address - return nil -} - -// Convert_v1_NodeAddress_To_core_NodeAddress is an autogenerated conversion function. -func Convert_v1_NodeAddress_To_core_NodeAddress(in *v1.NodeAddress, out *core.NodeAddress, s conversion.Scope) error { - return autoConvert_v1_NodeAddress_To_core_NodeAddress(in, out, s) -} - -func autoConvert_core_NodeAddress_To_v1_NodeAddress(in *core.NodeAddress, out *v1.NodeAddress, s conversion.Scope) error { - out.Type = v1.NodeAddressType(in.Type) - out.Address = in.Address - return nil -} - -// Convert_core_NodeAddress_To_v1_NodeAddress is an autogenerated conversion function. -func Convert_core_NodeAddress_To_v1_NodeAddress(in *core.NodeAddress, out *v1.NodeAddress, s conversion.Scope) error { - return autoConvert_core_NodeAddress_To_v1_NodeAddress(in, out, s) -} - -func autoConvert_v1_NodeAffinity_To_core_NodeAffinity(in *v1.NodeAffinity, out *core.NodeAffinity, s conversion.Scope) error { - out.RequiredDuringSchedulingIgnoredDuringExecution = (*core.NodeSelector)(unsafe.Pointer(in.RequiredDuringSchedulingIgnoredDuringExecution)) - out.PreferredDuringSchedulingIgnoredDuringExecution = *(*[]core.PreferredSchedulingTerm)(unsafe.Pointer(&in.PreferredDuringSchedulingIgnoredDuringExecution)) - return nil -} - -// Convert_v1_NodeAffinity_To_core_NodeAffinity is an autogenerated conversion function. -func Convert_v1_NodeAffinity_To_core_NodeAffinity(in *v1.NodeAffinity, out *core.NodeAffinity, s conversion.Scope) error { - return autoConvert_v1_NodeAffinity_To_core_NodeAffinity(in, out, s) -} - -func autoConvert_core_NodeAffinity_To_v1_NodeAffinity(in *core.NodeAffinity, out *v1.NodeAffinity, s conversion.Scope) error { - out.RequiredDuringSchedulingIgnoredDuringExecution = (*v1.NodeSelector)(unsafe.Pointer(in.RequiredDuringSchedulingIgnoredDuringExecution)) - out.PreferredDuringSchedulingIgnoredDuringExecution = *(*[]v1.PreferredSchedulingTerm)(unsafe.Pointer(&in.PreferredDuringSchedulingIgnoredDuringExecution)) - return nil -} - -// Convert_core_NodeAffinity_To_v1_NodeAffinity is an autogenerated conversion function. -func Convert_core_NodeAffinity_To_v1_NodeAffinity(in *core.NodeAffinity, out *v1.NodeAffinity, s conversion.Scope) error { - return autoConvert_core_NodeAffinity_To_v1_NodeAffinity(in, out, s) -} - -func autoConvert_v1_NodeCondition_To_core_NodeCondition(in *v1.NodeCondition, out *core.NodeCondition, s conversion.Scope) error { - out.Type = core.NodeConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastHeartbeatTime = in.LastHeartbeatTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_NodeCondition_To_core_NodeCondition is an autogenerated conversion function. -func Convert_v1_NodeCondition_To_core_NodeCondition(in *v1.NodeCondition, out *core.NodeCondition, s conversion.Scope) error { - return autoConvert_v1_NodeCondition_To_core_NodeCondition(in, out, s) -} - -func autoConvert_core_NodeCondition_To_v1_NodeCondition(in *core.NodeCondition, out *v1.NodeCondition, s conversion.Scope) error { - out.Type = v1.NodeConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastHeartbeatTime = in.LastHeartbeatTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_core_NodeCondition_To_v1_NodeCondition is an autogenerated conversion function. -func Convert_core_NodeCondition_To_v1_NodeCondition(in *core.NodeCondition, out *v1.NodeCondition, s conversion.Scope) error { - return autoConvert_core_NodeCondition_To_v1_NodeCondition(in, out, s) -} - -func autoConvert_v1_NodeConfigSource_To_core_NodeConfigSource(in *v1.NodeConfigSource, out *core.NodeConfigSource, s conversion.Scope) error { - out.ConfigMap = (*core.ConfigMapNodeConfigSource)(unsafe.Pointer(in.ConfigMap)) - return nil -} - -// Convert_v1_NodeConfigSource_To_core_NodeConfigSource is an autogenerated conversion function. -func Convert_v1_NodeConfigSource_To_core_NodeConfigSource(in *v1.NodeConfigSource, out *core.NodeConfigSource, s conversion.Scope) error { - return autoConvert_v1_NodeConfigSource_To_core_NodeConfigSource(in, out, s) -} - -func autoConvert_core_NodeConfigSource_To_v1_NodeConfigSource(in *core.NodeConfigSource, out *v1.NodeConfigSource, s conversion.Scope) error { - out.ConfigMap = (*v1.ConfigMapNodeConfigSource)(unsafe.Pointer(in.ConfigMap)) - return nil -} - -// Convert_core_NodeConfigSource_To_v1_NodeConfigSource is an autogenerated conversion function. -func Convert_core_NodeConfigSource_To_v1_NodeConfigSource(in *core.NodeConfigSource, out *v1.NodeConfigSource, s conversion.Scope) error { - return autoConvert_core_NodeConfigSource_To_v1_NodeConfigSource(in, out, s) -} - -func autoConvert_v1_NodeConfigStatus_To_core_NodeConfigStatus(in *v1.NodeConfigStatus, out *core.NodeConfigStatus, s conversion.Scope) error { - out.Assigned = (*core.NodeConfigSource)(unsafe.Pointer(in.Assigned)) - out.Active = (*core.NodeConfigSource)(unsafe.Pointer(in.Active)) - out.LastKnownGood = (*core.NodeConfigSource)(unsafe.Pointer(in.LastKnownGood)) - out.Error = in.Error - return nil -} - -// Convert_v1_NodeConfigStatus_To_core_NodeConfigStatus is an autogenerated conversion function. -func Convert_v1_NodeConfigStatus_To_core_NodeConfigStatus(in *v1.NodeConfigStatus, out *core.NodeConfigStatus, s conversion.Scope) error { - return autoConvert_v1_NodeConfigStatus_To_core_NodeConfigStatus(in, out, s) -} - -func autoConvert_core_NodeConfigStatus_To_v1_NodeConfigStatus(in *core.NodeConfigStatus, out *v1.NodeConfigStatus, s conversion.Scope) error { - out.Assigned = (*v1.NodeConfigSource)(unsafe.Pointer(in.Assigned)) - out.Active = (*v1.NodeConfigSource)(unsafe.Pointer(in.Active)) - out.LastKnownGood = (*v1.NodeConfigSource)(unsafe.Pointer(in.LastKnownGood)) - out.Error = in.Error - return nil -} - -// Convert_core_NodeConfigStatus_To_v1_NodeConfigStatus is an autogenerated conversion function. -func Convert_core_NodeConfigStatus_To_v1_NodeConfigStatus(in *core.NodeConfigStatus, out *v1.NodeConfigStatus, s conversion.Scope) error { - return autoConvert_core_NodeConfigStatus_To_v1_NodeConfigStatus(in, out, s) -} - -func autoConvert_v1_NodeDaemonEndpoints_To_core_NodeDaemonEndpoints(in *v1.NodeDaemonEndpoints, out *core.NodeDaemonEndpoints, s conversion.Scope) error { - if err := Convert_v1_DaemonEndpoint_To_core_DaemonEndpoint(&in.KubeletEndpoint, &out.KubeletEndpoint, s); err != nil { - return err - } - return nil -} - -// Convert_v1_NodeDaemonEndpoints_To_core_NodeDaemonEndpoints is an autogenerated conversion function. -func Convert_v1_NodeDaemonEndpoints_To_core_NodeDaemonEndpoints(in *v1.NodeDaemonEndpoints, out *core.NodeDaemonEndpoints, s conversion.Scope) error { - return autoConvert_v1_NodeDaemonEndpoints_To_core_NodeDaemonEndpoints(in, out, s) -} - -func autoConvert_core_NodeDaemonEndpoints_To_v1_NodeDaemonEndpoints(in *core.NodeDaemonEndpoints, out *v1.NodeDaemonEndpoints, s conversion.Scope) error { - if err := Convert_core_DaemonEndpoint_To_v1_DaemonEndpoint(&in.KubeletEndpoint, &out.KubeletEndpoint, s); err != nil { - return err - } - return nil -} - -// Convert_core_NodeDaemonEndpoints_To_v1_NodeDaemonEndpoints is an autogenerated conversion function. -func Convert_core_NodeDaemonEndpoints_To_v1_NodeDaemonEndpoints(in *core.NodeDaemonEndpoints, out *v1.NodeDaemonEndpoints, s conversion.Scope) error { - return autoConvert_core_NodeDaemonEndpoints_To_v1_NodeDaemonEndpoints(in, out, s) -} - -func autoConvert_v1_NodeList_To_core_NodeList(in *v1.NodeList, out *core.NodeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.Node, len(*in)) - for i := range *in { - if err := Convert_v1_Node_To_core_Node(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_NodeList_To_core_NodeList is an autogenerated conversion function. -func Convert_v1_NodeList_To_core_NodeList(in *v1.NodeList, out *core.NodeList, s conversion.Scope) error { - return autoConvert_v1_NodeList_To_core_NodeList(in, out, s) -} - -func autoConvert_core_NodeList_To_v1_NodeList(in *core.NodeList, out *v1.NodeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.Node, len(*in)) - for i := range *in { - if err := Convert_core_Node_To_v1_Node(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_NodeList_To_v1_NodeList is an autogenerated conversion function. -func Convert_core_NodeList_To_v1_NodeList(in *core.NodeList, out *v1.NodeList, s conversion.Scope) error { - return autoConvert_core_NodeList_To_v1_NodeList(in, out, s) -} - -func autoConvert_v1_NodeProxyOptions_To_core_NodeProxyOptions(in *v1.NodeProxyOptions, out *core.NodeProxyOptions, s conversion.Scope) error { - out.Path = in.Path - return nil -} - -// Convert_v1_NodeProxyOptions_To_core_NodeProxyOptions is an autogenerated conversion function. -func Convert_v1_NodeProxyOptions_To_core_NodeProxyOptions(in *v1.NodeProxyOptions, out *core.NodeProxyOptions, s conversion.Scope) error { - return autoConvert_v1_NodeProxyOptions_To_core_NodeProxyOptions(in, out, s) -} - -func autoConvert_core_NodeProxyOptions_To_v1_NodeProxyOptions(in *core.NodeProxyOptions, out *v1.NodeProxyOptions, s conversion.Scope) error { - out.Path = in.Path - return nil -} - -// Convert_core_NodeProxyOptions_To_v1_NodeProxyOptions is an autogenerated conversion function. -func Convert_core_NodeProxyOptions_To_v1_NodeProxyOptions(in *core.NodeProxyOptions, out *v1.NodeProxyOptions, s conversion.Scope) error { - return autoConvert_core_NodeProxyOptions_To_v1_NodeProxyOptions(in, out, s) -} - -func autoConvert_url_Values_To_v1_NodeProxyOptions(in *url.Values, out *v1.NodeProxyOptions, s conversion.Scope) error { - // WARNING: Field TypeMeta does not have json tag, skipping. - - if values, ok := map[string][]string(*in)["path"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_string(&values, &out.Path, s); err != nil { - return err - } - } else { - out.Path = "" - } - return nil -} - -// Convert_url_Values_To_v1_NodeProxyOptions is an autogenerated conversion function. -func Convert_url_Values_To_v1_NodeProxyOptions(in *url.Values, out *v1.NodeProxyOptions, s conversion.Scope) error { - return autoConvert_url_Values_To_v1_NodeProxyOptions(in, out, s) -} - -func autoConvert_v1_NodeResources_To_core_NodeResources(in *v1.NodeResources, out *core.NodeResources, s conversion.Scope) error { - out.Capacity = *(*core.ResourceList)(unsafe.Pointer(&in.Capacity)) - return nil -} - -// Convert_v1_NodeResources_To_core_NodeResources is an autogenerated conversion function. -func Convert_v1_NodeResources_To_core_NodeResources(in *v1.NodeResources, out *core.NodeResources, s conversion.Scope) error { - return autoConvert_v1_NodeResources_To_core_NodeResources(in, out, s) -} - -func autoConvert_core_NodeResources_To_v1_NodeResources(in *core.NodeResources, out *v1.NodeResources, s conversion.Scope) error { - out.Capacity = *(*v1.ResourceList)(unsafe.Pointer(&in.Capacity)) - return nil -} - -// Convert_core_NodeResources_To_v1_NodeResources is an autogenerated conversion function. -func Convert_core_NodeResources_To_v1_NodeResources(in *core.NodeResources, out *v1.NodeResources, s conversion.Scope) error { - return autoConvert_core_NodeResources_To_v1_NodeResources(in, out, s) -} - -func autoConvert_v1_NodeSelector_To_core_NodeSelector(in *v1.NodeSelector, out *core.NodeSelector, s conversion.Scope) error { - out.NodeSelectorTerms = *(*[]core.NodeSelectorTerm)(unsafe.Pointer(&in.NodeSelectorTerms)) - return nil -} - -// Convert_v1_NodeSelector_To_core_NodeSelector is an autogenerated conversion function. -func Convert_v1_NodeSelector_To_core_NodeSelector(in *v1.NodeSelector, out *core.NodeSelector, s conversion.Scope) error { - return autoConvert_v1_NodeSelector_To_core_NodeSelector(in, out, s) -} - -func autoConvert_core_NodeSelector_To_v1_NodeSelector(in *core.NodeSelector, out *v1.NodeSelector, s conversion.Scope) error { - out.NodeSelectorTerms = *(*[]v1.NodeSelectorTerm)(unsafe.Pointer(&in.NodeSelectorTerms)) - return nil -} - -// Convert_core_NodeSelector_To_v1_NodeSelector is an autogenerated conversion function. -func Convert_core_NodeSelector_To_v1_NodeSelector(in *core.NodeSelector, out *v1.NodeSelector, s conversion.Scope) error { - return autoConvert_core_NodeSelector_To_v1_NodeSelector(in, out, s) -} - -func autoConvert_v1_NodeSelectorRequirement_To_core_NodeSelectorRequirement(in *v1.NodeSelectorRequirement, out *core.NodeSelectorRequirement, s conversion.Scope) error { - out.Key = in.Key - out.Operator = core.NodeSelectorOperator(in.Operator) - out.Values = *(*[]string)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_v1_NodeSelectorRequirement_To_core_NodeSelectorRequirement is an autogenerated conversion function. -func Convert_v1_NodeSelectorRequirement_To_core_NodeSelectorRequirement(in *v1.NodeSelectorRequirement, out *core.NodeSelectorRequirement, s conversion.Scope) error { - return autoConvert_v1_NodeSelectorRequirement_To_core_NodeSelectorRequirement(in, out, s) -} - -func autoConvert_core_NodeSelectorRequirement_To_v1_NodeSelectorRequirement(in *core.NodeSelectorRequirement, out *v1.NodeSelectorRequirement, s conversion.Scope) error { - out.Key = in.Key - out.Operator = v1.NodeSelectorOperator(in.Operator) - out.Values = *(*[]string)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_core_NodeSelectorRequirement_To_v1_NodeSelectorRequirement is an autogenerated conversion function. -func Convert_core_NodeSelectorRequirement_To_v1_NodeSelectorRequirement(in *core.NodeSelectorRequirement, out *v1.NodeSelectorRequirement, s conversion.Scope) error { - return autoConvert_core_NodeSelectorRequirement_To_v1_NodeSelectorRequirement(in, out, s) -} - -func autoConvert_v1_NodeSelectorTerm_To_core_NodeSelectorTerm(in *v1.NodeSelectorTerm, out *core.NodeSelectorTerm, s conversion.Scope) error { - out.MatchExpressions = *(*[]core.NodeSelectorRequirement)(unsafe.Pointer(&in.MatchExpressions)) - out.MatchFields = *(*[]core.NodeSelectorRequirement)(unsafe.Pointer(&in.MatchFields)) - return nil -} - -// Convert_v1_NodeSelectorTerm_To_core_NodeSelectorTerm is an autogenerated conversion function. -func Convert_v1_NodeSelectorTerm_To_core_NodeSelectorTerm(in *v1.NodeSelectorTerm, out *core.NodeSelectorTerm, s conversion.Scope) error { - return autoConvert_v1_NodeSelectorTerm_To_core_NodeSelectorTerm(in, out, s) -} - -func autoConvert_core_NodeSelectorTerm_To_v1_NodeSelectorTerm(in *core.NodeSelectorTerm, out *v1.NodeSelectorTerm, s conversion.Scope) error { - out.MatchExpressions = *(*[]v1.NodeSelectorRequirement)(unsafe.Pointer(&in.MatchExpressions)) - out.MatchFields = *(*[]v1.NodeSelectorRequirement)(unsafe.Pointer(&in.MatchFields)) - return nil -} - -// Convert_core_NodeSelectorTerm_To_v1_NodeSelectorTerm is an autogenerated conversion function. -func Convert_core_NodeSelectorTerm_To_v1_NodeSelectorTerm(in *core.NodeSelectorTerm, out *v1.NodeSelectorTerm, s conversion.Scope) error { - return autoConvert_core_NodeSelectorTerm_To_v1_NodeSelectorTerm(in, out, s) -} - -func autoConvert_v1_NodeSpec_To_core_NodeSpec(in *v1.NodeSpec, out *core.NodeSpec, s conversion.Scope) error { - // WARNING: in.PodCIDR requires manual conversion: does not exist in peer-type - out.PodCIDRs = *(*[]string)(unsafe.Pointer(&in.PodCIDRs)) - out.ProviderID = in.ProviderID - out.Unschedulable = in.Unschedulable - out.Taints = *(*[]core.Taint)(unsafe.Pointer(&in.Taints)) - out.ConfigSource = (*core.NodeConfigSource)(unsafe.Pointer(in.ConfigSource)) - out.DoNotUseExternalID = in.DoNotUseExternalID - return nil -} - -func autoConvert_core_NodeSpec_To_v1_NodeSpec(in *core.NodeSpec, out *v1.NodeSpec, s conversion.Scope) error { - out.PodCIDRs = *(*[]string)(unsafe.Pointer(&in.PodCIDRs)) - out.ProviderID = in.ProviderID - out.Unschedulable = in.Unschedulable - out.Taints = *(*[]v1.Taint)(unsafe.Pointer(&in.Taints)) - out.ConfigSource = (*v1.NodeConfigSource)(unsafe.Pointer(in.ConfigSource)) - out.DoNotUseExternalID = in.DoNotUseExternalID - return nil -} - -func autoConvert_v1_NodeStatus_To_core_NodeStatus(in *v1.NodeStatus, out *core.NodeStatus, s conversion.Scope) error { - out.Capacity = *(*core.ResourceList)(unsafe.Pointer(&in.Capacity)) - out.Allocatable = *(*core.ResourceList)(unsafe.Pointer(&in.Allocatable)) - out.Phase = core.NodePhase(in.Phase) - out.Conditions = *(*[]core.NodeCondition)(unsafe.Pointer(&in.Conditions)) - out.Addresses = *(*[]core.NodeAddress)(unsafe.Pointer(&in.Addresses)) - if err := Convert_v1_NodeDaemonEndpoints_To_core_NodeDaemonEndpoints(&in.DaemonEndpoints, &out.DaemonEndpoints, s); err != nil { - return err - } - if err := Convert_v1_NodeSystemInfo_To_core_NodeSystemInfo(&in.NodeInfo, &out.NodeInfo, s); err != nil { - return err - } - out.Images = *(*[]core.ContainerImage)(unsafe.Pointer(&in.Images)) - out.VolumesInUse = *(*[]core.UniqueVolumeName)(unsafe.Pointer(&in.VolumesInUse)) - out.VolumesAttached = *(*[]core.AttachedVolume)(unsafe.Pointer(&in.VolumesAttached)) - out.Config = (*core.NodeConfigStatus)(unsafe.Pointer(in.Config)) - return nil -} - -// Convert_v1_NodeStatus_To_core_NodeStatus is an autogenerated conversion function. -func Convert_v1_NodeStatus_To_core_NodeStatus(in *v1.NodeStatus, out *core.NodeStatus, s conversion.Scope) error { - return autoConvert_v1_NodeStatus_To_core_NodeStatus(in, out, s) -} - -func autoConvert_core_NodeStatus_To_v1_NodeStatus(in *core.NodeStatus, out *v1.NodeStatus, s conversion.Scope) error { - out.Capacity = *(*v1.ResourceList)(unsafe.Pointer(&in.Capacity)) - out.Allocatable = *(*v1.ResourceList)(unsafe.Pointer(&in.Allocatable)) - out.Phase = v1.NodePhase(in.Phase) - out.Conditions = *(*[]v1.NodeCondition)(unsafe.Pointer(&in.Conditions)) - out.Addresses = *(*[]v1.NodeAddress)(unsafe.Pointer(&in.Addresses)) - if err := Convert_core_NodeDaemonEndpoints_To_v1_NodeDaemonEndpoints(&in.DaemonEndpoints, &out.DaemonEndpoints, s); err != nil { - return err - } - if err := Convert_core_NodeSystemInfo_To_v1_NodeSystemInfo(&in.NodeInfo, &out.NodeInfo, s); err != nil { - return err - } - out.Images = *(*[]v1.ContainerImage)(unsafe.Pointer(&in.Images)) - out.VolumesInUse = *(*[]v1.UniqueVolumeName)(unsafe.Pointer(&in.VolumesInUse)) - out.VolumesAttached = *(*[]v1.AttachedVolume)(unsafe.Pointer(&in.VolumesAttached)) - out.Config = (*v1.NodeConfigStatus)(unsafe.Pointer(in.Config)) - return nil -} - -// Convert_core_NodeStatus_To_v1_NodeStatus is an autogenerated conversion function. -func Convert_core_NodeStatus_To_v1_NodeStatus(in *core.NodeStatus, out *v1.NodeStatus, s conversion.Scope) error { - return autoConvert_core_NodeStatus_To_v1_NodeStatus(in, out, s) -} - -func autoConvert_v1_NodeSystemInfo_To_core_NodeSystemInfo(in *v1.NodeSystemInfo, out *core.NodeSystemInfo, s conversion.Scope) error { - out.MachineID = in.MachineID - out.SystemUUID = in.SystemUUID - out.BootID = in.BootID - out.KernelVersion = in.KernelVersion - out.OSImage = in.OSImage - out.ContainerRuntimeVersion = in.ContainerRuntimeVersion - out.KubeletVersion = in.KubeletVersion - out.KubeProxyVersion = in.KubeProxyVersion - out.OperatingSystem = in.OperatingSystem - out.Architecture = in.Architecture - return nil -} - -// Convert_v1_NodeSystemInfo_To_core_NodeSystemInfo is an autogenerated conversion function. -func Convert_v1_NodeSystemInfo_To_core_NodeSystemInfo(in *v1.NodeSystemInfo, out *core.NodeSystemInfo, s conversion.Scope) error { - return autoConvert_v1_NodeSystemInfo_To_core_NodeSystemInfo(in, out, s) -} - -func autoConvert_core_NodeSystemInfo_To_v1_NodeSystemInfo(in *core.NodeSystemInfo, out *v1.NodeSystemInfo, s conversion.Scope) error { - out.MachineID = in.MachineID - out.SystemUUID = in.SystemUUID - out.BootID = in.BootID - out.KernelVersion = in.KernelVersion - out.OSImage = in.OSImage - out.ContainerRuntimeVersion = in.ContainerRuntimeVersion - out.KubeletVersion = in.KubeletVersion - out.KubeProxyVersion = in.KubeProxyVersion - out.OperatingSystem = in.OperatingSystem - out.Architecture = in.Architecture - return nil -} - -// Convert_core_NodeSystemInfo_To_v1_NodeSystemInfo is an autogenerated conversion function. -func Convert_core_NodeSystemInfo_To_v1_NodeSystemInfo(in *core.NodeSystemInfo, out *v1.NodeSystemInfo, s conversion.Scope) error { - return autoConvert_core_NodeSystemInfo_To_v1_NodeSystemInfo(in, out, s) -} - -func autoConvert_v1_ObjectFieldSelector_To_core_ObjectFieldSelector(in *v1.ObjectFieldSelector, out *core.ObjectFieldSelector, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.FieldPath = in.FieldPath - return nil -} - -// Convert_v1_ObjectFieldSelector_To_core_ObjectFieldSelector is an autogenerated conversion function. -func Convert_v1_ObjectFieldSelector_To_core_ObjectFieldSelector(in *v1.ObjectFieldSelector, out *core.ObjectFieldSelector, s conversion.Scope) error { - return autoConvert_v1_ObjectFieldSelector_To_core_ObjectFieldSelector(in, out, s) -} - -func autoConvert_core_ObjectFieldSelector_To_v1_ObjectFieldSelector(in *core.ObjectFieldSelector, out *v1.ObjectFieldSelector, s conversion.Scope) error { - out.APIVersion = in.APIVersion - out.FieldPath = in.FieldPath - return nil -} - -// Convert_core_ObjectFieldSelector_To_v1_ObjectFieldSelector is an autogenerated conversion function. -func Convert_core_ObjectFieldSelector_To_v1_ObjectFieldSelector(in *core.ObjectFieldSelector, out *v1.ObjectFieldSelector, s conversion.Scope) error { - return autoConvert_core_ObjectFieldSelector_To_v1_ObjectFieldSelector(in, out, s) -} - -func autoConvert_v1_ObjectReference_To_core_ObjectReference(in *v1.ObjectReference, out *core.ObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Namespace = in.Namespace - out.Name = in.Name - out.UID = types.UID(in.UID) - out.APIVersion = in.APIVersion - out.ResourceVersion = in.ResourceVersion - out.FieldPath = in.FieldPath - return nil -} - -// Convert_v1_ObjectReference_To_core_ObjectReference is an autogenerated conversion function. -func Convert_v1_ObjectReference_To_core_ObjectReference(in *v1.ObjectReference, out *core.ObjectReference, s conversion.Scope) error { - return autoConvert_v1_ObjectReference_To_core_ObjectReference(in, out, s) -} - -func autoConvert_core_ObjectReference_To_v1_ObjectReference(in *core.ObjectReference, out *v1.ObjectReference, s conversion.Scope) error { - out.Kind = in.Kind - out.Namespace = in.Namespace - out.Name = in.Name - out.UID = types.UID(in.UID) - out.APIVersion = in.APIVersion - out.ResourceVersion = in.ResourceVersion - out.FieldPath = in.FieldPath - return nil -} - -// Convert_core_ObjectReference_To_v1_ObjectReference is an autogenerated conversion function. -func Convert_core_ObjectReference_To_v1_ObjectReference(in *core.ObjectReference, out *v1.ObjectReference, s conversion.Scope) error { - return autoConvert_core_ObjectReference_To_v1_ObjectReference(in, out, s) -} - -func autoConvert_v1_PersistentVolume_To_core_PersistentVolume(in *v1.PersistentVolume, out *core.PersistentVolume, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_PersistentVolumeStatus_To_core_PersistentVolumeStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PersistentVolume_To_core_PersistentVolume is an autogenerated conversion function. -func Convert_v1_PersistentVolume_To_core_PersistentVolume(in *v1.PersistentVolume, out *core.PersistentVolume, s conversion.Scope) error { - return autoConvert_v1_PersistentVolume_To_core_PersistentVolume(in, out, s) -} - -func autoConvert_core_PersistentVolume_To_v1_PersistentVolume(in *core.PersistentVolume, out *v1.PersistentVolume, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_PersistentVolumeStatus_To_v1_PersistentVolumeStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_PersistentVolume_To_v1_PersistentVolume is an autogenerated conversion function. -func Convert_core_PersistentVolume_To_v1_PersistentVolume(in *core.PersistentVolume, out *v1.PersistentVolume, s conversion.Scope) error { - return autoConvert_core_PersistentVolume_To_v1_PersistentVolume(in, out, s) -} - -func autoConvert_v1_PersistentVolumeClaim_To_core_PersistentVolumeClaim(in *v1.PersistentVolumeClaim, out *core.PersistentVolumeClaim, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PersistentVolumeClaimSpec_To_core_PersistentVolumeClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_PersistentVolumeClaimStatus_To_core_PersistentVolumeClaimStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PersistentVolumeClaim_To_core_PersistentVolumeClaim is an autogenerated conversion function. -func Convert_v1_PersistentVolumeClaim_To_core_PersistentVolumeClaim(in *v1.PersistentVolumeClaim, out *core.PersistentVolumeClaim, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeClaim_To_core_PersistentVolumeClaim(in, out, s) -} - -func autoConvert_core_PersistentVolumeClaim_To_v1_PersistentVolumeClaim(in *core.PersistentVolumeClaim, out *v1.PersistentVolumeClaim, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_PersistentVolumeClaimSpec_To_v1_PersistentVolumeClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_PersistentVolumeClaimStatus_To_v1_PersistentVolumeClaimStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_PersistentVolumeClaim_To_v1_PersistentVolumeClaim is an autogenerated conversion function. -func Convert_core_PersistentVolumeClaim_To_v1_PersistentVolumeClaim(in *core.PersistentVolumeClaim, out *v1.PersistentVolumeClaim, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeClaim_To_v1_PersistentVolumeClaim(in, out, s) -} - -func autoConvert_v1_PersistentVolumeClaimCondition_To_core_PersistentVolumeClaimCondition(in *v1.PersistentVolumeClaimCondition, out *core.PersistentVolumeClaimCondition, s conversion.Scope) error { - out.Type = core.PersistentVolumeClaimConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastProbeTime = in.LastProbeTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_PersistentVolumeClaimCondition_To_core_PersistentVolumeClaimCondition is an autogenerated conversion function. -func Convert_v1_PersistentVolumeClaimCondition_To_core_PersistentVolumeClaimCondition(in *v1.PersistentVolumeClaimCondition, out *core.PersistentVolumeClaimCondition, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeClaimCondition_To_core_PersistentVolumeClaimCondition(in, out, s) -} - -func autoConvert_core_PersistentVolumeClaimCondition_To_v1_PersistentVolumeClaimCondition(in *core.PersistentVolumeClaimCondition, out *v1.PersistentVolumeClaimCondition, s conversion.Scope) error { - out.Type = v1.PersistentVolumeClaimConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastProbeTime = in.LastProbeTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_core_PersistentVolumeClaimCondition_To_v1_PersistentVolumeClaimCondition is an autogenerated conversion function. -func Convert_core_PersistentVolumeClaimCondition_To_v1_PersistentVolumeClaimCondition(in *core.PersistentVolumeClaimCondition, out *v1.PersistentVolumeClaimCondition, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeClaimCondition_To_v1_PersistentVolumeClaimCondition(in, out, s) -} - -func autoConvert_v1_PersistentVolumeClaimList_To_core_PersistentVolumeClaimList(in *v1.PersistentVolumeClaimList, out *core.PersistentVolumeClaimList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.PersistentVolumeClaim)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_PersistentVolumeClaimList_To_core_PersistentVolumeClaimList is an autogenerated conversion function. -func Convert_v1_PersistentVolumeClaimList_To_core_PersistentVolumeClaimList(in *v1.PersistentVolumeClaimList, out *core.PersistentVolumeClaimList, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeClaimList_To_core_PersistentVolumeClaimList(in, out, s) -} - -func autoConvert_core_PersistentVolumeClaimList_To_v1_PersistentVolumeClaimList(in *core.PersistentVolumeClaimList, out *v1.PersistentVolumeClaimList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.PersistentVolumeClaim)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_PersistentVolumeClaimList_To_v1_PersistentVolumeClaimList is an autogenerated conversion function. -func Convert_core_PersistentVolumeClaimList_To_v1_PersistentVolumeClaimList(in *core.PersistentVolumeClaimList, out *v1.PersistentVolumeClaimList, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeClaimList_To_v1_PersistentVolumeClaimList(in, out, s) -} - -func autoConvert_v1_PersistentVolumeClaimSpec_To_core_PersistentVolumeClaimSpec(in *v1.PersistentVolumeClaimSpec, out *core.PersistentVolumeClaimSpec, s conversion.Scope) error { - out.AccessModes = *(*[]core.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes)) - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := Convert_v1_ResourceRequirements_To_core_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { - return err - } - out.VolumeName = in.VolumeName - out.StorageClassName = (*string)(unsafe.Pointer(in.StorageClassName)) - out.VolumeMode = (*core.PersistentVolumeMode)(unsafe.Pointer(in.VolumeMode)) - out.DataSource = (*core.TypedLocalObjectReference)(unsafe.Pointer(in.DataSource)) - out.DataSourceRef = (*core.TypedObjectReference)(unsafe.Pointer(in.DataSourceRef)) - return nil -} - -// Convert_v1_PersistentVolumeClaimSpec_To_core_PersistentVolumeClaimSpec is an autogenerated conversion function. -func Convert_v1_PersistentVolumeClaimSpec_To_core_PersistentVolumeClaimSpec(in *v1.PersistentVolumeClaimSpec, out *core.PersistentVolumeClaimSpec, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeClaimSpec_To_core_PersistentVolumeClaimSpec(in, out, s) -} - -func autoConvert_core_PersistentVolumeClaimSpec_To_v1_PersistentVolumeClaimSpec(in *core.PersistentVolumeClaimSpec, out *v1.PersistentVolumeClaimSpec, s conversion.Scope) error { - out.AccessModes = *(*[]v1.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes)) - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := Convert_core_ResourceRequirements_To_v1_ResourceRequirements(&in.Resources, &out.Resources, s); err != nil { - return err - } - out.VolumeName = in.VolumeName - out.StorageClassName = (*string)(unsafe.Pointer(in.StorageClassName)) - out.VolumeMode = (*v1.PersistentVolumeMode)(unsafe.Pointer(in.VolumeMode)) - out.DataSource = (*v1.TypedLocalObjectReference)(unsafe.Pointer(in.DataSource)) - out.DataSourceRef = (*v1.TypedObjectReference)(unsafe.Pointer(in.DataSourceRef)) - return nil -} - -// Convert_core_PersistentVolumeClaimSpec_To_v1_PersistentVolumeClaimSpec is an autogenerated conversion function. -func Convert_core_PersistentVolumeClaimSpec_To_v1_PersistentVolumeClaimSpec(in *core.PersistentVolumeClaimSpec, out *v1.PersistentVolumeClaimSpec, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeClaimSpec_To_v1_PersistentVolumeClaimSpec(in, out, s) -} - -func autoConvert_v1_PersistentVolumeClaimStatus_To_core_PersistentVolumeClaimStatus(in *v1.PersistentVolumeClaimStatus, out *core.PersistentVolumeClaimStatus, s conversion.Scope) error { - out.Phase = core.PersistentVolumeClaimPhase(in.Phase) - out.AccessModes = *(*[]core.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes)) - out.Capacity = *(*core.ResourceList)(unsafe.Pointer(&in.Capacity)) - out.Conditions = *(*[]core.PersistentVolumeClaimCondition)(unsafe.Pointer(&in.Conditions)) - out.AllocatedResources = *(*core.ResourceList)(unsafe.Pointer(&in.AllocatedResources)) - out.ResizeStatus = (*core.PersistentVolumeClaimResizeStatus)(unsafe.Pointer(in.ResizeStatus)) - return nil -} - -// Convert_v1_PersistentVolumeClaimStatus_To_core_PersistentVolumeClaimStatus is an autogenerated conversion function. -func Convert_v1_PersistentVolumeClaimStatus_To_core_PersistentVolumeClaimStatus(in *v1.PersistentVolumeClaimStatus, out *core.PersistentVolumeClaimStatus, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeClaimStatus_To_core_PersistentVolumeClaimStatus(in, out, s) -} - -func autoConvert_core_PersistentVolumeClaimStatus_To_v1_PersistentVolumeClaimStatus(in *core.PersistentVolumeClaimStatus, out *v1.PersistentVolumeClaimStatus, s conversion.Scope) error { - out.Phase = v1.PersistentVolumeClaimPhase(in.Phase) - out.AccessModes = *(*[]v1.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes)) - out.Capacity = *(*v1.ResourceList)(unsafe.Pointer(&in.Capacity)) - out.Conditions = *(*[]v1.PersistentVolumeClaimCondition)(unsafe.Pointer(&in.Conditions)) - out.AllocatedResources = *(*v1.ResourceList)(unsafe.Pointer(&in.AllocatedResources)) - out.ResizeStatus = (*v1.PersistentVolumeClaimResizeStatus)(unsafe.Pointer(in.ResizeStatus)) - return nil -} - -// Convert_core_PersistentVolumeClaimStatus_To_v1_PersistentVolumeClaimStatus is an autogenerated conversion function. -func Convert_core_PersistentVolumeClaimStatus_To_v1_PersistentVolumeClaimStatus(in *core.PersistentVolumeClaimStatus, out *v1.PersistentVolumeClaimStatus, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeClaimStatus_To_v1_PersistentVolumeClaimStatus(in, out, s) -} - -func autoConvert_v1_PersistentVolumeClaimTemplate_To_core_PersistentVolumeClaimTemplate(in *v1.PersistentVolumeClaimTemplate, out *core.PersistentVolumeClaimTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PersistentVolumeClaimSpec_To_core_PersistentVolumeClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PersistentVolumeClaimTemplate_To_core_PersistentVolumeClaimTemplate is an autogenerated conversion function. -func Convert_v1_PersistentVolumeClaimTemplate_To_core_PersistentVolumeClaimTemplate(in *v1.PersistentVolumeClaimTemplate, out *core.PersistentVolumeClaimTemplate, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeClaimTemplate_To_core_PersistentVolumeClaimTemplate(in, out, s) -} - -func autoConvert_core_PersistentVolumeClaimTemplate_To_v1_PersistentVolumeClaimTemplate(in *core.PersistentVolumeClaimTemplate, out *v1.PersistentVolumeClaimTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_PersistentVolumeClaimSpec_To_v1_PersistentVolumeClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_core_PersistentVolumeClaimTemplate_To_v1_PersistentVolumeClaimTemplate is an autogenerated conversion function. -func Convert_core_PersistentVolumeClaimTemplate_To_v1_PersistentVolumeClaimTemplate(in *core.PersistentVolumeClaimTemplate, out *v1.PersistentVolumeClaimTemplate, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeClaimTemplate_To_v1_PersistentVolumeClaimTemplate(in, out, s) -} - -func autoConvert_v1_PersistentVolumeClaimVolumeSource_To_core_PersistentVolumeClaimVolumeSource(in *v1.PersistentVolumeClaimVolumeSource, out *core.PersistentVolumeClaimVolumeSource, s conversion.Scope) error { - out.ClaimName = in.ClaimName - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_PersistentVolumeClaimVolumeSource_To_core_PersistentVolumeClaimVolumeSource is an autogenerated conversion function. -func Convert_v1_PersistentVolumeClaimVolumeSource_To_core_PersistentVolumeClaimVolumeSource(in *v1.PersistentVolumeClaimVolumeSource, out *core.PersistentVolumeClaimVolumeSource, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeClaimVolumeSource_To_core_PersistentVolumeClaimVolumeSource(in, out, s) -} - -func autoConvert_core_PersistentVolumeClaimVolumeSource_To_v1_PersistentVolumeClaimVolumeSource(in *core.PersistentVolumeClaimVolumeSource, out *v1.PersistentVolumeClaimVolumeSource, s conversion.Scope) error { - out.ClaimName = in.ClaimName - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_PersistentVolumeClaimVolumeSource_To_v1_PersistentVolumeClaimVolumeSource is an autogenerated conversion function. -func Convert_core_PersistentVolumeClaimVolumeSource_To_v1_PersistentVolumeClaimVolumeSource(in *core.PersistentVolumeClaimVolumeSource, out *v1.PersistentVolumeClaimVolumeSource, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeClaimVolumeSource_To_v1_PersistentVolumeClaimVolumeSource(in, out, s) -} - -func autoConvert_v1_PersistentVolumeList_To_core_PersistentVolumeList(in *v1.PersistentVolumeList, out *core.PersistentVolumeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.PersistentVolume, len(*in)) - for i := range *in { - if err := Convert_v1_PersistentVolume_To_core_PersistentVolume(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_PersistentVolumeList_To_core_PersistentVolumeList is an autogenerated conversion function. -func Convert_v1_PersistentVolumeList_To_core_PersistentVolumeList(in *v1.PersistentVolumeList, out *core.PersistentVolumeList, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeList_To_core_PersistentVolumeList(in, out, s) -} - -func autoConvert_core_PersistentVolumeList_To_v1_PersistentVolumeList(in *core.PersistentVolumeList, out *v1.PersistentVolumeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.PersistentVolume, len(*in)) - for i := range *in { - if err := Convert_core_PersistentVolume_To_v1_PersistentVolume(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_PersistentVolumeList_To_v1_PersistentVolumeList is an autogenerated conversion function. -func Convert_core_PersistentVolumeList_To_v1_PersistentVolumeList(in *core.PersistentVolumeList, out *v1.PersistentVolumeList, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeList_To_v1_PersistentVolumeList(in, out, s) -} - -func autoConvert_v1_PersistentVolumeSource_To_core_PersistentVolumeSource(in *v1.PersistentVolumeSource, out *core.PersistentVolumeSource, s conversion.Scope) error { - out.GCEPersistentDisk = (*core.GCEPersistentDiskVolumeSource)(unsafe.Pointer(in.GCEPersistentDisk)) - out.AWSElasticBlockStore = (*core.AWSElasticBlockStoreVolumeSource)(unsafe.Pointer(in.AWSElasticBlockStore)) - out.HostPath = (*core.HostPathVolumeSource)(unsafe.Pointer(in.HostPath)) - out.Glusterfs = (*core.GlusterfsPersistentVolumeSource)(unsafe.Pointer(in.Glusterfs)) - out.NFS = (*core.NFSVolumeSource)(unsafe.Pointer(in.NFS)) - out.RBD = (*core.RBDPersistentVolumeSource)(unsafe.Pointer(in.RBD)) - out.ISCSI = (*core.ISCSIPersistentVolumeSource)(unsafe.Pointer(in.ISCSI)) - out.Cinder = (*core.CinderPersistentVolumeSource)(unsafe.Pointer(in.Cinder)) - out.CephFS = (*core.CephFSPersistentVolumeSource)(unsafe.Pointer(in.CephFS)) - out.FC = (*core.FCVolumeSource)(unsafe.Pointer(in.FC)) - out.Flocker = (*core.FlockerVolumeSource)(unsafe.Pointer(in.Flocker)) - out.FlexVolume = (*core.FlexPersistentVolumeSource)(unsafe.Pointer(in.FlexVolume)) - out.AzureFile = (*core.AzureFilePersistentVolumeSource)(unsafe.Pointer(in.AzureFile)) - out.VsphereVolume = (*core.VsphereVirtualDiskVolumeSource)(unsafe.Pointer(in.VsphereVolume)) - out.Quobyte = (*core.QuobyteVolumeSource)(unsafe.Pointer(in.Quobyte)) - out.AzureDisk = (*core.AzureDiskVolumeSource)(unsafe.Pointer(in.AzureDisk)) - out.PhotonPersistentDisk = (*core.PhotonPersistentDiskVolumeSource)(unsafe.Pointer(in.PhotonPersistentDisk)) - out.PortworxVolume = (*core.PortworxVolumeSource)(unsafe.Pointer(in.PortworxVolume)) - out.ScaleIO = (*core.ScaleIOPersistentVolumeSource)(unsafe.Pointer(in.ScaleIO)) - out.Local = (*core.LocalVolumeSource)(unsafe.Pointer(in.Local)) - out.StorageOS = (*core.StorageOSPersistentVolumeSource)(unsafe.Pointer(in.StorageOS)) - out.CSI = (*core.CSIPersistentVolumeSource)(unsafe.Pointer(in.CSI)) - return nil -} - -// Convert_v1_PersistentVolumeSource_To_core_PersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_PersistentVolumeSource_To_core_PersistentVolumeSource(in *v1.PersistentVolumeSource, out *core.PersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeSource_To_core_PersistentVolumeSource(in, out, s) -} - -func autoConvert_core_PersistentVolumeSource_To_v1_PersistentVolumeSource(in *core.PersistentVolumeSource, out *v1.PersistentVolumeSource, s conversion.Scope) error { - out.GCEPersistentDisk = (*v1.GCEPersistentDiskVolumeSource)(unsafe.Pointer(in.GCEPersistentDisk)) - out.AWSElasticBlockStore = (*v1.AWSElasticBlockStoreVolumeSource)(unsafe.Pointer(in.AWSElasticBlockStore)) - out.HostPath = (*v1.HostPathVolumeSource)(unsafe.Pointer(in.HostPath)) - out.Glusterfs = (*v1.GlusterfsPersistentVolumeSource)(unsafe.Pointer(in.Glusterfs)) - out.NFS = (*v1.NFSVolumeSource)(unsafe.Pointer(in.NFS)) - out.RBD = (*v1.RBDPersistentVolumeSource)(unsafe.Pointer(in.RBD)) - out.Quobyte = (*v1.QuobyteVolumeSource)(unsafe.Pointer(in.Quobyte)) - out.ISCSI = (*v1.ISCSIPersistentVolumeSource)(unsafe.Pointer(in.ISCSI)) - out.FlexVolume = (*v1.FlexPersistentVolumeSource)(unsafe.Pointer(in.FlexVolume)) - out.Cinder = (*v1.CinderPersistentVolumeSource)(unsafe.Pointer(in.Cinder)) - out.CephFS = (*v1.CephFSPersistentVolumeSource)(unsafe.Pointer(in.CephFS)) - out.FC = (*v1.FCVolumeSource)(unsafe.Pointer(in.FC)) - out.Flocker = (*v1.FlockerVolumeSource)(unsafe.Pointer(in.Flocker)) - out.AzureFile = (*v1.AzureFilePersistentVolumeSource)(unsafe.Pointer(in.AzureFile)) - out.VsphereVolume = (*v1.VsphereVirtualDiskVolumeSource)(unsafe.Pointer(in.VsphereVolume)) - out.AzureDisk = (*v1.AzureDiskVolumeSource)(unsafe.Pointer(in.AzureDisk)) - out.PhotonPersistentDisk = (*v1.PhotonPersistentDiskVolumeSource)(unsafe.Pointer(in.PhotonPersistentDisk)) - out.PortworxVolume = (*v1.PortworxVolumeSource)(unsafe.Pointer(in.PortworxVolume)) - out.ScaleIO = (*v1.ScaleIOPersistentVolumeSource)(unsafe.Pointer(in.ScaleIO)) - out.Local = (*v1.LocalVolumeSource)(unsafe.Pointer(in.Local)) - out.StorageOS = (*v1.StorageOSPersistentVolumeSource)(unsafe.Pointer(in.StorageOS)) - out.CSI = (*v1.CSIPersistentVolumeSource)(unsafe.Pointer(in.CSI)) - return nil -} - -// Convert_core_PersistentVolumeSource_To_v1_PersistentVolumeSource is an autogenerated conversion function. -func Convert_core_PersistentVolumeSource_To_v1_PersistentVolumeSource(in *core.PersistentVolumeSource, out *v1.PersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeSource_To_v1_PersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(in *v1.PersistentVolumeSpec, out *core.PersistentVolumeSpec, s conversion.Scope) error { - out.Capacity = *(*core.ResourceList)(unsafe.Pointer(&in.Capacity)) - if err := Convert_v1_PersistentVolumeSource_To_core_PersistentVolumeSource(&in.PersistentVolumeSource, &out.PersistentVolumeSource, s); err != nil { - return err - } - out.AccessModes = *(*[]core.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes)) - out.ClaimRef = (*core.ObjectReference)(unsafe.Pointer(in.ClaimRef)) - out.PersistentVolumeReclaimPolicy = core.PersistentVolumeReclaimPolicy(in.PersistentVolumeReclaimPolicy) - out.StorageClassName = in.StorageClassName - out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) - out.VolumeMode = (*core.PersistentVolumeMode)(unsafe.Pointer(in.VolumeMode)) - out.NodeAffinity = (*core.VolumeNodeAffinity)(unsafe.Pointer(in.NodeAffinity)) - return nil -} - -func autoConvert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(in *core.PersistentVolumeSpec, out *v1.PersistentVolumeSpec, s conversion.Scope) error { - out.Capacity = *(*v1.ResourceList)(unsafe.Pointer(&in.Capacity)) - if err := Convert_core_PersistentVolumeSource_To_v1_PersistentVolumeSource(&in.PersistentVolumeSource, &out.PersistentVolumeSource, s); err != nil { - return err - } - out.AccessModes = *(*[]v1.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes)) - out.ClaimRef = (*v1.ObjectReference)(unsafe.Pointer(in.ClaimRef)) - out.PersistentVolumeReclaimPolicy = v1.PersistentVolumeReclaimPolicy(in.PersistentVolumeReclaimPolicy) - out.StorageClassName = in.StorageClassName - out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) - out.VolumeMode = (*v1.PersistentVolumeMode)(unsafe.Pointer(in.VolumeMode)) - out.NodeAffinity = (*v1.VolumeNodeAffinity)(unsafe.Pointer(in.NodeAffinity)) - return nil -} - -func autoConvert_v1_PersistentVolumeStatus_To_core_PersistentVolumeStatus(in *v1.PersistentVolumeStatus, out *core.PersistentVolumeStatus, s conversion.Scope) error { - out.Phase = core.PersistentVolumePhase(in.Phase) - out.Message = in.Message - out.Reason = in.Reason - return nil -} - -// Convert_v1_PersistentVolumeStatus_To_core_PersistentVolumeStatus is an autogenerated conversion function. -func Convert_v1_PersistentVolumeStatus_To_core_PersistentVolumeStatus(in *v1.PersistentVolumeStatus, out *core.PersistentVolumeStatus, s conversion.Scope) error { - return autoConvert_v1_PersistentVolumeStatus_To_core_PersistentVolumeStatus(in, out, s) -} - -func autoConvert_core_PersistentVolumeStatus_To_v1_PersistentVolumeStatus(in *core.PersistentVolumeStatus, out *v1.PersistentVolumeStatus, s conversion.Scope) error { - out.Phase = v1.PersistentVolumePhase(in.Phase) - out.Message = in.Message - out.Reason = in.Reason - return nil -} - -// Convert_core_PersistentVolumeStatus_To_v1_PersistentVolumeStatus is an autogenerated conversion function. -func Convert_core_PersistentVolumeStatus_To_v1_PersistentVolumeStatus(in *core.PersistentVolumeStatus, out *v1.PersistentVolumeStatus, s conversion.Scope) error { - return autoConvert_core_PersistentVolumeStatus_To_v1_PersistentVolumeStatus(in, out, s) -} - -func autoConvert_v1_PhotonPersistentDiskVolumeSource_To_core_PhotonPersistentDiskVolumeSource(in *v1.PhotonPersistentDiskVolumeSource, out *core.PhotonPersistentDiskVolumeSource, s conversion.Scope) error { - out.PdID = in.PdID - out.FSType = in.FSType - return nil -} - -// Convert_v1_PhotonPersistentDiskVolumeSource_To_core_PhotonPersistentDiskVolumeSource is an autogenerated conversion function. -func Convert_v1_PhotonPersistentDiskVolumeSource_To_core_PhotonPersistentDiskVolumeSource(in *v1.PhotonPersistentDiskVolumeSource, out *core.PhotonPersistentDiskVolumeSource, s conversion.Scope) error { - return autoConvert_v1_PhotonPersistentDiskVolumeSource_To_core_PhotonPersistentDiskVolumeSource(in, out, s) -} - -func autoConvert_core_PhotonPersistentDiskVolumeSource_To_v1_PhotonPersistentDiskVolumeSource(in *core.PhotonPersistentDiskVolumeSource, out *v1.PhotonPersistentDiskVolumeSource, s conversion.Scope) error { - out.PdID = in.PdID - out.FSType = in.FSType - return nil -} - -// Convert_core_PhotonPersistentDiskVolumeSource_To_v1_PhotonPersistentDiskVolumeSource is an autogenerated conversion function. -func Convert_core_PhotonPersistentDiskVolumeSource_To_v1_PhotonPersistentDiskVolumeSource(in *core.PhotonPersistentDiskVolumeSource, out *v1.PhotonPersistentDiskVolumeSource, s conversion.Scope) error { - return autoConvert_core_PhotonPersistentDiskVolumeSource_To_v1_PhotonPersistentDiskVolumeSource(in, out, s) -} - -func autoConvert_v1_Pod_To_core_Pod(in *v1.Pod, out *core.Pod, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PodSpec_To_core_PodSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_PodStatus_To_core_PodStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_core_Pod_To_v1_Pod(in *core.Pod, out *v1.Pod, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_PodSpec_To_v1_PodSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_PodStatus_To_v1_PodStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1_PodAffinity_To_core_PodAffinity(in *v1.PodAffinity, out *core.PodAffinity, s conversion.Scope) error { - out.RequiredDuringSchedulingIgnoredDuringExecution = *(*[]core.PodAffinityTerm)(unsafe.Pointer(&in.RequiredDuringSchedulingIgnoredDuringExecution)) - out.PreferredDuringSchedulingIgnoredDuringExecution = *(*[]core.WeightedPodAffinityTerm)(unsafe.Pointer(&in.PreferredDuringSchedulingIgnoredDuringExecution)) - return nil -} - -// Convert_v1_PodAffinity_To_core_PodAffinity is an autogenerated conversion function. -func Convert_v1_PodAffinity_To_core_PodAffinity(in *v1.PodAffinity, out *core.PodAffinity, s conversion.Scope) error { - return autoConvert_v1_PodAffinity_To_core_PodAffinity(in, out, s) -} - -func autoConvert_core_PodAffinity_To_v1_PodAffinity(in *core.PodAffinity, out *v1.PodAffinity, s conversion.Scope) error { - out.RequiredDuringSchedulingIgnoredDuringExecution = *(*[]v1.PodAffinityTerm)(unsafe.Pointer(&in.RequiredDuringSchedulingIgnoredDuringExecution)) - out.PreferredDuringSchedulingIgnoredDuringExecution = *(*[]v1.WeightedPodAffinityTerm)(unsafe.Pointer(&in.PreferredDuringSchedulingIgnoredDuringExecution)) - return nil -} - -// Convert_core_PodAffinity_To_v1_PodAffinity is an autogenerated conversion function. -func Convert_core_PodAffinity_To_v1_PodAffinity(in *core.PodAffinity, out *v1.PodAffinity, s conversion.Scope) error { - return autoConvert_core_PodAffinity_To_v1_PodAffinity(in, out, s) -} - -func autoConvert_v1_PodAffinityTerm_To_core_PodAffinityTerm(in *v1.PodAffinityTerm, out *core.PodAffinityTerm, s conversion.Scope) error { - out.LabelSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.LabelSelector)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.TopologyKey = in.TopologyKey - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - return nil -} - -// Convert_v1_PodAffinityTerm_To_core_PodAffinityTerm is an autogenerated conversion function. -func Convert_v1_PodAffinityTerm_To_core_PodAffinityTerm(in *v1.PodAffinityTerm, out *core.PodAffinityTerm, s conversion.Scope) error { - return autoConvert_v1_PodAffinityTerm_To_core_PodAffinityTerm(in, out, s) -} - -func autoConvert_core_PodAffinityTerm_To_v1_PodAffinityTerm(in *core.PodAffinityTerm, out *v1.PodAffinityTerm, s conversion.Scope) error { - out.LabelSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.LabelSelector)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.TopologyKey = in.TopologyKey - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - return nil -} - -// Convert_core_PodAffinityTerm_To_v1_PodAffinityTerm is an autogenerated conversion function. -func Convert_core_PodAffinityTerm_To_v1_PodAffinityTerm(in *core.PodAffinityTerm, out *v1.PodAffinityTerm, s conversion.Scope) error { - return autoConvert_core_PodAffinityTerm_To_v1_PodAffinityTerm(in, out, s) -} - -func autoConvert_v1_PodAntiAffinity_To_core_PodAntiAffinity(in *v1.PodAntiAffinity, out *core.PodAntiAffinity, s conversion.Scope) error { - out.RequiredDuringSchedulingIgnoredDuringExecution = *(*[]core.PodAffinityTerm)(unsafe.Pointer(&in.RequiredDuringSchedulingIgnoredDuringExecution)) - out.PreferredDuringSchedulingIgnoredDuringExecution = *(*[]core.WeightedPodAffinityTerm)(unsafe.Pointer(&in.PreferredDuringSchedulingIgnoredDuringExecution)) - return nil -} - -// Convert_v1_PodAntiAffinity_To_core_PodAntiAffinity is an autogenerated conversion function. -func Convert_v1_PodAntiAffinity_To_core_PodAntiAffinity(in *v1.PodAntiAffinity, out *core.PodAntiAffinity, s conversion.Scope) error { - return autoConvert_v1_PodAntiAffinity_To_core_PodAntiAffinity(in, out, s) -} - -func autoConvert_core_PodAntiAffinity_To_v1_PodAntiAffinity(in *core.PodAntiAffinity, out *v1.PodAntiAffinity, s conversion.Scope) error { - out.RequiredDuringSchedulingIgnoredDuringExecution = *(*[]v1.PodAffinityTerm)(unsafe.Pointer(&in.RequiredDuringSchedulingIgnoredDuringExecution)) - out.PreferredDuringSchedulingIgnoredDuringExecution = *(*[]v1.WeightedPodAffinityTerm)(unsafe.Pointer(&in.PreferredDuringSchedulingIgnoredDuringExecution)) - return nil -} - -// Convert_core_PodAntiAffinity_To_v1_PodAntiAffinity is an autogenerated conversion function. -func Convert_core_PodAntiAffinity_To_v1_PodAntiAffinity(in *core.PodAntiAffinity, out *v1.PodAntiAffinity, s conversion.Scope) error { - return autoConvert_core_PodAntiAffinity_To_v1_PodAntiAffinity(in, out, s) -} - -func autoConvert_v1_PodAttachOptions_To_core_PodAttachOptions(in *v1.PodAttachOptions, out *core.PodAttachOptions, s conversion.Scope) error { - out.Stdin = in.Stdin - out.Stdout = in.Stdout - out.Stderr = in.Stderr - out.TTY = in.TTY - out.Container = in.Container - return nil -} - -// Convert_v1_PodAttachOptions_To_core_PodAttachOptions is an autogenerated conversion function. -func Convert_v1_PodAttachOptions_To_core_PodAttachOptions(in *v1.PodAttachOptions, out *core.PodAttachOptions, s conversion.Scope) error { - return autoConvert_v1_PodAttachOptions_To_core_PodAttachOptions(in, out, s) -} - -func autoConvert_core_PodAttachOptions_To_v1_PodAttachOptions(in *core.PodAttachOptions, out *v1.PodAttachOptions, s conversion.Scope) error { - out.Stdin = in.Stdin - out.Stdout = in.Stdout - out.Stderr = in.Stderr - out.TTY = in.TTY - out.Container = in.Container - return nil -} - -// Convert_core_PodAttachOptions_To_v1_PodAttachOptions is an autogenerated conversion function. -func Convert_core_PodAttachOptions_To_v1_PodAttachOptions(in *core.PodAttachOptions, out *v1.PodAttachOptions, s conversion.Scope) error { - return autoConvert_core_PodAttachOptions_To_v1_PodAttachOptions(in, out, s) -} - -func autoConvert_url_Values_To_v1_PodAttachOptions(in *url.Values, out *v1.PodAttachOptions, s conversion.Scope) error { - // WARNING: Field TypeMeta does not have json tag, skipping. - - if values, ok := map[string][]string(*in)["stdin"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Stdin, s); err != nil { - return err - } - } else { - out.Stdin = false - } - if values, ok := map[string][]string(*in)["stdout"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Stdout, s); err != nil { - return err - } - } else { - out.Stdout = false - } - if values, ok := map[string][]string(*in)["stderr"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Stderr, s); err != nil { - return err - } - } else { - out.Stderr = false - } - if values, ok := map[string][]string(*in)["tty"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.TTY, s); err != nil { - return err - } - } else { - out.TTY = false - } - if values, ok := map[string][]string(*in)["container"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_string(&values, &out.Container, s); err != nil { - return err - } - } else { - out.Container = "" - } - return nil -} - -// Convert_url_Values_To_v1_PodAttachOptions is an autogenerated conversion function. -func Convert_url_Values_To_v1_PodAttachOptions(in *url.Values, out *v1.PodAttachOptions, s conversion.Scope) error { - return autoConvert_url_Values_To_v1_PodAttachOptions(in, out, s) -} - -func autoConvert_v1_PodCondition_To_core_PodCondition(in *v1.PodCondition, out *core.PodCondition, s conversion.Scope) error { - out.Type = core.PodConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastProbeTime = in.LastProbeTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_PodCondition_To_core_PodCondition is an autogenerated conversion function. -func Convert_v1_PodCondition_To_core_PodCondition(in *v1.PodCondition, out *core.PodCondition, s conversion.Scope) error { - return autoConvert_v1_PodCondition_To_core_PodCondition(in, out, s) -} - -func autoConvert_core_PodCondition_To_v1_PodCondition(in *core.PodCondition, out *v1.PodCondition, s conversion.Scope) error { - out.Type = v1.PodConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastProbeTime = in.LastProbeTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_core_PodCondition_To_v1_PodCondition is an autogenerated conversion function. -func Convert_core_PodCondition_To_v1_PodCondition(in *core.PodCondition, out *v1.PodCondition, s conversion.Scope) error { - return autoConvert_core_PodCondition_To_v1_PodCondition(in, out, s) -} - -func autoConvert_v1_PodDNSConfig_To_core_PodDNSConfig(in *v1.PodDNSConfig, out *core.PodDNSConfig, s conversion.Scope) error { - out.Nameservers = *(*[]string)(unsafe.Pointer(&in.Nameservers)) - out.Searches = *(*[]string)(unsafe.Pointer(&in.Searches)) - out.Options = *(*[]core.PodDNSConfigOption)(unsafe.Pointer(&in.Options)) - return nil -} - -// Convert_v1_PodDNSConfig_To_core_PodDNSConfig is an autogenerated conversion function. -func Convert_v1_PodDNSConfig_To_core_PodDNSConfig(in *v1.PodDNSConfig, out *core.PodDNSConfig, s conversion.Scope) error { - return autoConvert_v1_PodDNSConfig_To_core_PodDNSConfig(in, out, s) -} - -func autoConvert_core_PodDNSConfig_To_v1_PodDNSConfig(in *core.PodDNSConfig, out *v1.PodDNSConfig, s conversion.Scope) error { - out.Nameservers = *(*[]string)(unsafe.Pointer(&in.Nameservers)) - out.Searches = *(*[]string)(unsafe.Pointer(&in.Searches)) - out.Options = *(*[]v1.PodDNSConfigOption)(unsafe.Pointer(&in.Options)) - return nil -} - -// Convert_core_PodDNSConfig_To_v1_PodDNSConfig is an autogenerated conversion function. -func Convert_core_PodDNSConfig_To_v1_PodDNSConfig(in *core.PodDNSConfig, out *v1.PodDNSConfig, s conversion.Scope) error { - return autoConvert_core_PodDNSConfig_To_v1_PodDNSConfig(in, out, s) -} - -func autoConvert_v1_PodDNSConfigOption_To_core_PodDNSConfigOption(in *v1.PodDNSConfigOption, out *core.PodDNSConfigOption, s conversion.Scope) error { - out.Name = in.Name - out.Value = (*string)(unsafe.Pointer(in.Value)) - return nil -} - -// Convert_v1_PodDNSConfigOption_To_core_PodDNSConfigOption is an autogenerated conversion function. -func Convert_v1_PodDNSConfigOption_To_core_PodDNSConfigOption(in *v1.PodDNSConfigOption, out *core.PodDNSConfigOption, s conversion.Scope) error { - return autoConvert_v1_PodDNSConfigOption_To_core_PodDNSConfigOption(in, out, s) -} - -func autoConvert_core_PodDNSConfigOption_To_v1_PodDNSConfigOption(in *core.PodDNSConfigOption, out *v1.PodDNSConfigOption, s conversion.Scope) error { - out.Name = in.Name - out.Value = (*string)(unsafe.Pointer(in.Value)) - return nil -} - -// Convert_core_PodDNSConfigOption_To_v1_PodDNSConfigOption is an autogenerated conversion function. -func Convert_core_PodDNSConfigOption_To_v1_PodDNSConfigOption(in *core.PodDNSConfigOption, out *v1.PodDNSConfigOption, s conversion.Scope) error { - return autoConvert_core_PodDNSConfigOption_To_v1_PodDNSConfigOption(in, out, s) -} - -func autoConvert_v1_PodExecOptions_To_core_PodExecOptions(in *v1.PodExecOptions, out *core.PodExecOptions, s conversion.Scope) error { - out.Stdin = in.Stdin - out.Stdout = in.Stdout - out.Stderr = in.Stderr - out.TTY = in.TTY - out.Container = in.Container - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - return nil -} - -// Convert_v1_PodExecOptions_To_core_PodExecOptions is an autogenerated conversion function. -func Convert_v1_PodExecOptions_To_core_PodExecOptions(in *v1.PodExecOptions, out *core.PodExecOptions, s conversion.Scope) error { - return autoConvert_v1_PodExecOptions_To_core_PodExecOptions(in, out, s) -} - -func autoConvert_core_PodExecOptions_To_v1_PodExecOptions(in *core.PodExecOptions, out *v1.PodExecOptions, s conversion.Scope) error { - out.Stdin = in.Stdin - out.Stdout = in.Stdout - out.Stderr = in.Stderr - out.TTY = in.TTY - out.Container = in.Container - out.Command = *(*[]string)(unsafe.Pointer(&in.Command)) - return nil -} - -// Convert_core_PodExecOptions_To_v1_PodExecOptions is an autogenerated conversion function. -func Convert_core_PodExecOptions_To_v1_PodExecOptions(in *core.PodExecOptions, out *v1.PodExecOptions, s conversion.Scope) error { - return autoConvert_core_PodExecOptions_To_v1_PodExecOptions(in, out, s) -} - -func autoConvert_url_Values_To_v1_PodExecOptions(in *url.Values, out *v1.PodExecOptions, s conversion.Scope) error { - // WARNING: Field TypeMeta does not have json tag, skipping. - - if values, ok := map[string][]string(*in)["stdin"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Stdin, s); err != nil { - return err - } - } else { - out.Stdin = false - } - if values, ok := map[string][]string(*in)["stdout"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Stdout, s); err != nil { - return err - } - } else { - out.Stdout = false - } - if values, ok := map[string][]string(*in)["stderr"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Stderr, s); err != nil { - return err - } - } else { - out.Stderr = false - } - if values, ok := map[string][]string(*in)["tty"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.TTY, s); err != nil { - return err - } - } else { - out.TTY = false - } - if values, ok := map[string][]string(*in)["container"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_string(&values, &out.Container, s); err != nil { - return err - } - } else { - out.Container = "" - } - if values, ok := map[string][]string(*in)["command"]; ok && len(values) > 0 { - out.Command = *(*[]string)(unsafe.Pointer(&values)) - } else { - out.Command = nil - } - return nil -} - -// Convert_url_Values_To_v1_PodExecOptions is an autogenerated conversion function. -func Convert_url_Values_To_v1_PodExecOptions(in *url.Values, out *v1.PodExecOptions, s conversion.Scope) error { - return autoConvert_url_Values_To_v1_PodExecOptions(in, out, s) -} - -func autoConvert_v1_PodIP_To_core_PodIP(in *v1.PodIP, out *core.PodIP, s conversion.Scope) error { - out.IP = in.IP - return nil -} - -// Convert_v1_PodIP_To_core_PodIP is an autogenerated conversion function. -func Convert_v1_PodIP_To_core_PodIP(in *v1.PodIP, out *core.PodIP, s conversion.Scope) error { - return autoConvert_v1_PodIP_To_core_PodIP(in, out, s) -} - -func autoConvert_core_PodIP_To_v1_PodIP(in *core.PodIP, out *v1.PodIP, s conversion.Scope) error { - out.IP = in.IP - return nil -} - -// Convert_core_PodIP_To_v1_PodIP is an autogenerated conversion function. -func Convert_core_PodIP_To_v1_PodIP(in *core.PodIP, out *v1.PodIP, s conversion.Scope) error { - return autoConvert_core_PodIP_To_v1_PodIP(in, out, s) -} - -func autoConvert_v1_PodList_To_core_PodList(in *v1.PodList, out *core.PodList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.Pod, len(*in)) - for i := range *in { - if err := Convert_v1_Pod_To_core_Pod(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_PodList_To_core_PodList is an autogenerated conversion function. -func Convert_v1_PodList_To_core_PodList(in *v1.PodList, out *core.PodList, s conversion.Scope) error { - return autoConvert_v1_PodList_To_core_PodList(in, out, s) -} - -func autoConvert_core_PodList_To_v1_PodList(in *core.PodList, out *v1.PodList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.Pod, len(*in)) - for i := range *in { - if err := Convert_core_Pod_To_v1_Pod(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_PodList_To_v1_PodList is an autogenerated conversion function. -func Convert_core_PodList_To_v1_PodList(in *core.PodList, out *v1.PodList, s conversion.Scope) error { - return autoConvert_core_PodList_To_v1_PodList(in, out, s) -} - -func autoConvert_v1_PodLogOptions_To_core_PodLogOptions(in *v1.PodLogOptions, out *core.PodLogOptions, s conversion.Scope) error { - out.Container = in.Container - out.Follow = in.Follow - out.Previous = in.Previous - out.SinceSeconds = (*int64)(unsafe.Pointer(in.SinceSeconds)) - out.SinceTime = (*metav1.Time)(unsafe.Pointer(in.SinceTime)) - out.Timestamps = in.Timestamps - out.TailLines = (*int64)(unsafe.Pointer(in.TailLines)) - out.LimitBytes = (*int64)(unsafe.Pointer(in.LimitBytes)) - out.InsecureSkipTLSVerifyBackend = in.InsecureSkipTLSVerifyBackend - return nil -} - -// Convert_v1_PodLogOptions_To_core_PodLogOptions is an autogenerated conversion function. -func Convert_v1_PodLogOptions_To_core_PodLogOptions(in *v1.PodLogOptions, out *core.PodLogOptions, s conversion.Scope) error { - return autoConvert_v1_PodLogOptions_To_core_PodLogOptions(in, out, s) -} - -func autoConvert_core_PodLogOptions_To_v1_PodLogOptions(in *core.PodLogOptions, out *v1.PodLogOptions, s conversion.Scope) error { - out.Container = in.Container - out.Follow = in.Follow - out.Previous = in.Previous - out.SinceSeconds = (*int64)(unsafe.Pointer(in.SinceSeconds)) - out.SinceTime = (*metav1.Time)(unsafe.Pointer(in.SinceTime)) - out.Timestamps = in.Timestamps - out.TailLines = (*int64)(unsafe.Pointer(in.TailLines)) - out.LimitBytes = (*int64)(unsafe.Pointer(in.LimitBytes)) - out.InsecureSkipTLSVerifyBackend = in.InsecureSkipTLSVerifyBackend - return nil -} - -// Convert_core_PodLogOptions_To_v1_PodLogOptions is an autogenerated conversion function. -func Convert_core_PodLogOptions_To_v1_PodLogOptions(in *core.PodLogOptions, out *v1.PodLogOptions, s conversion.Scope) error { - return autoConvert_core_PodLogOptions_To_v1_PodLogOptions(in, out, s) -} - -func autoConvert_url_Values_To_v1_PodLogOptions(in *url.Values, out *v1.PodLogOptions, s conversion.Scope) error { - // WARNING: Field TypeMeta does not have json tag, skipping. - - if values, ok := map[string][]string(*in)["container"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_string(&values, &out.Container, s); err != nil { - return err - } - } else { - out.Container = "" - } - if values, ok := map[string][]string(*in)["follow"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Follow, s); err != nil { - return err - } - } else { - out.Follow = false - } - if values, ok := map[string][]string(*in)["previous"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Previous, s); err != nil { - return err - } - } else { - out.Previous = false - } - if values, ok := map[string][]string(*in)["sinceSeconds"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_Pointer_int64(&values, &out.SinceSeconds, s); err != nil { - return err - } - } else { - out.SinceSeconds = nil - } - if values, ok := map[string][]string(*in)["sinceTime"]; ok && len(values) > 0 { - if err := metav1.Convert_Slice_string_To_Pointer_v1_Time(&values, &out.SinceTime, s); err != nil { - return err - } - } else { - out.SinceTime = nil - } - if values, ok := map[string][]string(*in)["timestamps"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.Timestamps, s); err != nil { - return err - } - } else { - out.Timestamps = false - } - if values, ok := map[string][]string(*in)["tailLines"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_Pointer_int64(&values, &out.TailLines, s); err != nil { - return err - } - } else { - out.TailLines = nil - } - if values, ok := map[string][]string(*in)["limitBytes"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_Pointer_int64(&values, &out.LimitBytes, s); err != nil { - return err - } - } else { - out.LimitBytes = nil - } - if values, ok := map[string][]string(*in)["insecureSkipTLSVerifyBackend"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_bool(&values, &out.InsecureSkipTLSVerifyBackend, s); err != nil { - return err - } - } else { - out.InsecureSkipTLSVerifyBackend = false - } - return nil -} - -// Convert_url_Values_To_v1_PodLogOptions is an autogenerated conversion function. -func Convert_url_Values_To_v1_PodLogOptions(in *url.Values, out *v1.PodLogOptions, s conversion.Scope) error { - return autoConvert_url_Values_To_v1_PodLogOptions(in, out, s) -} - -func autoConvert_v1_PodOS_To_core_PodOS(in *v1.PodOS, out *core.PodOS, s conversion.Scope) error { - out.Name = core.OSName(in.Name) - return nil -} - -// Convert_v1_PodOS_To_core_PodOS is an autogenerated conversion function. -func Convert_v1_PodOS_To_core_PodOS(in *v1.PodOS, out *core.PodOS, s conversion.Scope) error { - return autoConvert_v1_PodOS_To_core_PodOS(in, out, s) -} - -func autoConvert_core_PodOS_To_v1_PodOS(in *core.PodOS, out *v1.PodOS, s conversion.Scope) error { - out.Name = v1.OSName(in.Name) - return nil -} - -// Convert_core_PodOS_To_v1_PodOS is an autogenerated conversion function. -func Convert_core_PodOS_To_v1_PodOS(in *core.PodOS, out *v1.PodOS, s conversion.Scope) error { - return autoConvert_core_PodOS_To_v1_PodOS(in, out, s) -} - -func autoConvert_v1_PodPortForwardOptions_To_core_PodPortForwardOptions(in *v1.PodPortForwardOptions, out *core.PodPortForwardOptions, s conversion.Scope) error { - out.Ports = *(*[]int32)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1_PodPortForwardOptions_To_core_PodPortForwardOptions is an autogenerated conversion function. -func Convert_v1_PodPortForwardOptions_To_core_PodPortForwardOptions(in *v1.PodPortForwardOptions, out *core.PodPortForwardOptions, s conversion.Scope) error { - return autoConvert_v1_PodPortForwardOptions_To_core_PodPortForwardOptions(in, out, s) -} - -func autoConvert_core_PodPortForwardOptions_To_v1_PodPortForwardOptions(in *core.PodPortForwardOptions, out *v1.PodPortForwardOptions, s conversion.Scope) error { - out.Ports = *(*[]int32)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_core_PodPortForwardOptions_To_v1_PodPortForwardOptions is an autogenerated conversion function. -func Convert_core_PodPortForwardOptions_To_v1_PodPortForwardOptions(in *core.PodPortForwardOptions, out *v1.PodPortForwardOptions, s conversion.Scope) error { - return autoConvert_core_PodPortForwardOptions_To_v1_PodPortForwardOptions(in, out, s) -} - -func autoConvert_url_Values_To_v1_PodPortForwardOptions(in *url.Values, out *v1.PodPortForwardOptions, s conversion.Scope) error { - // WARNING: Field TypeMeta does not have json tag, skipping. - - if values, ok := map[string][]string(*in)["ports"]; ok && len(values) > 0 { - if err := metav1.Convert_Slice_string_To_Slice_int32(&values, &out.Ports, s); err != nil { - return err - } - } else { - out.Ports = nil - } - return nil -} - -// Convert_url_Values_To_v1_PodPortForwardOptions is an autogenerated conversion function. -func Convert_url_Values_To_v1_PodPortForwardOptions(in *url.Values, out *v1.PodPortForwardOptions, s conversion.Scope) error { - return autoConvert_url_Values_To_v1_PodPortForwardOptions(in, out, s) -} - -func autoConvert_v1_PodProxyOptions_To_core_PodProxyOptions(in *v1.PodProxyOptions, out *core.PodProxyOptions, s conversion.Scope) error { - out.Path = in.Path - return nil -} - -// Convert_v1_PodProxyOptions_To_core_PodProxyOptions is an autogenerated conversion function. -func Convert_v1_PodProxyOptions_To_core_PodProxyOptions(in *v1.PodProxyOptions, out *core.PodProxyOptions, s conversion.Scope) error { - return autoConvert_v1_PodProxyOptions_To_core_PodProxyOptions(in, out, s) -} - -func autoConvert_core_PodProxyOptions_To_v1_PodProxyOptions(in *core.PodProxyOptions, out *v1.PodProxyOptions, s conversion.Scope) error { - out.Path = in.Path - return nil -} - -// Convert_core_PodProxyOptions_To_v1_PodProxyOptions is an autogenerated conversion function. -func Convert_core_PodProxyOptions_To_v1_PodProxyOptions(in *core.PodProxyOptions, out *v1.PodProxyOptions, s conversion.Scope) error { - return autoConvert_core_PodProxyOptions_To_v1_PodProxyOptions(in, out, s) -} - -func autoConvert_url_Values_To_v1_PodProxyOptions(in *url.Values, out *v1.PodProxyOptions, s conversion.Scope) error { - // WARNING: Field TypeMeta does not have json tag, skipping. - - if values, ok := map[string][]string(*in)["path"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_string(&values, &out.Path, s); err != nil { - return err - } - } else { - out.Path = "" - } - return nil -} - -// Convert_url_Values_To_v1_PodProxyOptions is an autogenerated conversion function. -func Convert_url_Values_To_v1_PodProxyOptions(in *url.Values, out *v1.PodProxyOptions, s conversion.Scope) error { - return autoConvert_url_Values_To_v1_PodProxyOptions(in, out, s) -} - -func autoConvert_v1_PodReadinessGate_To_core_PodReadinessGate(in *v1.PodReadinessGate, out *core.PodReadinessGate, s conversion.Scope) error { - out.ConditionType = core.PodConditionType(in.ConditionType) - return nil -} - -// Convert_v1_PodReadinessGate_To_core_PodReadinessGate is an autogenerated conversion function. -func Convert_v1_PodReadinessGate_To_core_PodReadinessGate(in *v1.PodReadinessGate, out *core.PodReadinessGate, s conversion.Scope) error { - return autoConvert_v1_PodReadinessGate_To_core_PodReadinessGate(in, out, s) -} - -func autoConvert_core_PodReadinessGate_To_v1_PodReadinessGate(in *core.PodReadinessGate, out *v1.PodReadinessGate, s conversion.Scope) error { - out.ConditionType = v1.PodConditionType(in.ConditionType) - return nil -} - -// Convert_core_PodReadinessGate_To_v1_PodReadinessGate is an autogenerated conversion function. -func Convert_core_PodReadinessGate_To_v1_PodReadinessGate(in *core.PodReadinessGate, out *v1.PodReadinessGate, s conversion.Scope) error { - return autoConvert_core_PodReadinessGate_To_v1_PodReadinessGate(in, out, s) -} - -func autoConvert_v1_PodResourceClaim_To_core_PodResourceClaim(in *v1.PodResourceClaim, out *core.PodResourceClaim, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1_ClaimSource_To_core_ClaimSource(&in.Source, &out.Source, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PodResourceClaim_To_core_PodResourceClaim is an autogenerated conversion function. -func Convert_v1_PodResourceClaim_To_core_PodResourceClaim(in *v1.PodResourceClaim, out *core.PodResourceClaim, s conversion.Scope) error { - return autoConvert_v1_PodResourceClaim_To_core_PodResourceClaim(in, out, s) -} - -func autoConvert_core_PodResourceClaim_To_v1_PodResourceClaim(in *core.PodResourceClaim, out *v1.PodResourceClaim, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_core_ClaimSource_To_v1_ClaimSource(&in.Source, &out.Source, s); err != nil { - return err - } - return nil -} - -// Convert_core_PodResourceClaim_To_v1_PodResourceClaim is an autogenerated conversion function. -func Convert_core_PodResourceClaim_To_v1_PodResourceClaim(in *core.PodResourceClaim, out *v1.PodResourceClaim, s conversion.Scope) error { - return autoConvert_core_PodResourceClaim_To_v1_PodResourceClaim(in, out, s) -} - -func autoConvert_v1_PodSchedulingGate_To_core_PodSchedulingGate(in *v1.PodSchedulingGate, out *core.PodSchedulingGate, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1_PodSchedulingGate_To_core_PodSchedulingGate is an autogenerated conversion function. -func Convert_v1_PodSchedulingGate_To_core_PodSchedulingGate(in *v1.PodSchedulingGate, out *core.PodSchedulingGate, s conversion.Scope) error { - return autoConvert_v1_PodSchedulingGate_To_core_PodSchedulingGate(in, out, s) -} - -func autoConvert_core_PodSchedulingGate_To_v1_PodSchedulingGate(in *core.PodSchedulingGate, out *v1.PodSchedulingGate, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_core_PodSchedulingGate_To_v1_PodSchedulingGate is an autogenerated conversion function. -func Convert_core_PodSchedulingGate_To_v1_PodSchedulingGate(in *core.PodSchedulingGate, out *v1.PodSchedulingGate, s conversion.Scope) error { - return autoConvert_core_PodSchedulingGate_To_v1_PodSchedulingGate(in, out, s) -} - -func autoConvert_v1_PodSecurityContext_To_core_PodSecurityContext(in *v1.PodSecurityContext, out *core.PodSecurityContext, s conversion.Scope) error { - out.SELinuxOptions = (*core.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - out.WindowsOptions = (*core.WindowsSecurityContextOptions)(unsafe.Pointer(in.WindowsOptions)) - out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser)) - out.RunAsGroup = (*int64)(unsafe.Pointer(in.RunAsGroup)) - out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot)) - out.SupplementalGroups = *(*[]int64)(unsafe.Pointer(&in.SupplementalGroups)) - out.FSGroup = (*int64)(unsafe.Pointer(in.FSGroup)) - out.Sysctls = *(*[]core.Sysctl)(unsafe.Pointer(&in.Sysctls)) - out.FSGroupChangePolicy = (*core.PodFSGroupChangePolicy)(unsafe.Pointer(in.FSGroupChangePolicy)) - out.SeccompProfile = (*core.SeccompProfile)(unsafe.Pointer(in.SeccompProfile)) - return nil -} - -// Convert_v1_PodSecurityContext_To_core_PodSecurityContext is an autogenerated conversion function. -func Convert_v1_PodSecurityContext_To_core_PodSecurityContext(in *v1.PodSecurityContext, out *core.PodSecurityContext, s conversion.Scope) error { - return autoConvert_v1_PodSecurityContext_To_core_PodSecurityContext(in, out, s) -} - -func autoConvert_core_PodSecurityContext_To_v1_PodSecurityContext(in *core.PodSecurityContext, out *v1.PodSecurityContext, s conversion.Scope) error { - // INFO: in.HostNetwork opted out of conversion generation - // INFO: in.HostPID opted out of conversion generation - // INFO: in.HostIPC opted out of conversion generation - // INFO: in.ShareProcessNamespace opted out of conversion generation - // INFO: in.HostUsers opted out of conversion generation - out.SELinuxOptions = (*v1.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - out.WindowsOptions = (*v1.WindowsSecurityContextOptions)(unsafe.Pointer(in.WindowsOptions)) - out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser)) - out.RunAsGroup = (*int64)(unsafe.Pointer(in.RunAsGroup)) - out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot)) - out.SupplementalGroups = *(*[]int64)(unsafe.Pointer(&in.SupplementalGroups)) - out.FSGroup = (*int64)(unsafe.Pointer(in.FSGroup)) - out.FSGroupChangePolicy = (*v1.PodFSGroupChangePolicy)(unsafe.Pointer(in.FSGroupChangePolicy)) - out.Sysctls = *(*[]v1.Sysctl)(unsafe.Pointer(&in.Sysctls)) - out.SeccompProfile = (*v1.SeccompProfile)(unsafe.Pointer(in.SeccompProfile)) - return nil -} - -// Convert_core_PodSecurityContext_To_v1_PodSecurityContext is an autogenerated conversion function. -func Convert_core_PodSecurityContext_To_v1_PodSecurityContext(in *core.PodSecurityContext, out *v1.PodSecurityContext, s conversion.Scope) error { - return autoConvert_core_PodSecurityContext_To_v1_PodSecurityContext(in, out, s) -} - -func autoConvert_v1_PodSignature_To_core_PodSignature(in *v1.PodSignature, out *core.PodSignature, s conversion.Scope) error { - out.PodController = (*metav1.OwnerReference)(unsafe.Pointer(in.PodController)) - return nil -} - -// Convert_v1_PodSignature_To_core_PodSignature is an autogenerated conversion function. -func Convert_v1_PodSignature_To_core_PodSignature(in *v1.PodSignature, out *core.PodSignature, s conversion.Scope) error { - return autoConvert_v1_PodSignature_To_core_PodSignature(in, out, s) -} - -func autoConvert_core_PodSignature_To_v1_PodSignature(in *core.PodSignature, out *v1.PodSignature, s conversion.Scope) error { - out.PodController = (*metav1.OwnerReference)(unsafe.Pointer(in.PodController)) - return nil -} - -// Convert_core_PodSignature_To_v1_PodSignature is an autogenerated conversion function. -func Convert_core_PodSignature_To_v1_PodSignature(in *core.PodSignature, out *v1.PodSignature, s conversion.Scope) error { - return autoConvert_core_PodSignature_To_v1_PodSignature(in, out, s) -} - -func autoConvert_v1_PodSpec_To_core_PodSpec(in *v1.PodSpec, out *core.PodSpec, s conversion.Scope) error { - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]core.Volume, len(*in)) - for i := range *in { - if err := Convert_v1_Volume_To_core_Volume(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Volumes = nil - } - out.InitContainers = *(*[]core.Container)(unsafe.Pointer(&in.InitContainers)) - out.Containers = *(*[]core.Container)(unsafe.Pointer(&in.Containers)) - out.EphemeralContainers = *(*[]core.EphemeralContainer)(unsafe.Pointer(&in.EphemeralContainers)) - out.RestartPolicy = core.RestartPolicy(in.RestartPolicy) - out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds)) - out.ActiveDeadlineSeconds = (*int64)(unsafe.Pointer(in.ActiveDeadlineSeconds)) - out.DNSPolicy = core.DNSPolicy(in.DNSPolicy) - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.ServiceAccountName = in.ServiceAccountName - // INFO: in.DeprecatedServiceAccount opted out of conversion generation - out.AutomountServiceAccountToken = (*bool)(unsafe.Pointer(in.AutomountServiceAccountToken)) - out.NodeName = in.NodeName - // INFO: in.HostNetwork opted out of conversion generation - // INFO: in.HostPID opted out of conversion generation - // INFO: in.HostIPC opted out of conversion generation - // INFO: in.ShareProcessNamespace opted out of conversion generation - if in.SecurityContext != nil { - in, out := &in.SecurityContext, &out.SecurityContext - *out = new(core.PodSecurityContext) - if err := Convert_v1_PodSecurityContext_To_core_PodSecurityContext(*in, *out, s); err != nil { - return err - } - } else { - out.SecurityContext = nil - } - out.ImagePullSecrets = *(*[]core.LocalObjectReference)(unsafe.Pointer(&in.ImagePullSecrets)) - out.Hostname = in.Hostname - out.Subdomain = in.Subdomain - out.Affinity = (*core.Affinity)(unsafe.Pointer(in.Affinity)) - out.SchedulerName = in.SchedulerName - out.Tolerations = *(*[]core.Toleration)(unsafe.Pointer(&in.Tolerations)) - out.HostAliases = *(*[]core.HostAlias)(unsafe.Pointer(&in.HostAliases)) - out.PriorityClassName = in.PriorityClassName - out.Priority = (*int32)(unsafe.Pointer(in.Priority)) - out.DNSConfig = (*core.PodDNSConfig)(unsafe.Pointer(in.DNSConfig)) - out.ReadinessGates = *(*[]core.PodReadinessGate)(unsafe.Pointer(&in.ReadinessGates)) - out.RuntimeClassName = (*string)(unsafe.Pointer(in.RuntimeClassName)) - out.EnableServiceLinks = (*bool)(unsafe.Pointer(in.EnableServiceLinks)) - out.PreemptionPolicy = (*core.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - out.Overhead = *(*core.ResourceList)(unsafe.Pointer(&in.Overhead)) - out.TopologySpreadConstraints = *(*[]core.TopologySpreadConstraint)(unsafe.Pointer(&in.TopologySpreadConstraints)) - out.SetHostnameAsFQDN = (*bool)(unsafe.Pointer(in.SetHostnameAsFQDN)) - out.OS = (*core.PodOS)(unsafe.Pointer(in.OS)) - // INFO: in.HostUsers opted out of conversion generation - out.SchedulingGates = *(*[]core.PodSchedulingGate)(unsafe.Pointer(&in.SchedulingGates)) - out.ResourceClaims = *(*[]core.PodResourceClaim)(unsafe.Pointer(&in.ResourceClaims)) - return nil -} - -func autoConvert_core_PodSpec_To_v1_PodSpec(in *core.PodSpec, out *v1.PodSpec, s conversion.Scope) error { - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]v1.Volume, len(*in)) - for i := range *in { - if err := Convert_core_Volume_To_v1_Volume(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Volumes = nil - } - out.InitContainers = *(*[]v1.Container)(unsafe.Pointer(&in.InitContainers)) - out.Containers = *(*[]v1.Container)(unsafe.Pointer(&in.Containers)) - out.EphemeralContainers = *(*[]v1.EphemeralContainer)(unsafe.Pointer(&in.EphemeralContainers)) - out.RestartPolicy = v1.RestartPolicy(in.RestartPolicy) - out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds)) - out.ActiveDeadlineSeconds = (*int64)(unsafe.Pointer(in.ActiveDeadlineSeconds)) - out.DNSPolicy = v1.DNSPolicy(in.DNSPolicy) - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.ServiceAccountName = in.ServiceAccountName - out.AutomountServiceAccountToken = (*bool)(unsafe.Pointer(in.AutomountServiceAccountToken)) - out.NodeName = in.NodeName - if in.SecurityContext != nil { - in, out := &in.SecurityContext, &out.SecurityContext - *out = new(v1.PodSecurityContext) - if err := Convert_core_PodSecurityContext_To_v1_PodSecurityContext(*in, *out, s); err != nil { - return err - } - } else { - out.SecurityContext = nil - } - out.ImagePullSecrets = *(*[]v1.LocalObjectReference)(unsafe.Pointer(&in.ImagePullSecrets)) - out.Hostname = in.Hostname - out.Subdomain = in.Subdomain - out.SetHostnameAsFQDN = (*bool)(unsafe.Pointer(in.SetHostnameAsFQDN)) - out.Affinity = (*v1.Affinity)(unsafe.Pointer(in.Affinity)) - out.SchedulerName = in.SchedulerName - out.Tolerations = *(*[]v1.Toleration)(unsafe.Pointer(&in.Tolerations)) - out.HostAliases = *(*[]v1.HostAlias)(unsafe.Pointer(&in.HostAliases)) - out.PriorityClassName = in.PriorityClassName - out.Priority = (*int32)(unsafe.Pointer(in.Priority)) - out.PreemptionPolicy = (*v1.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - out.DNSConfig = (*v1.PodDNSConfig)(unsafe.Pointer(in.DNSConfig)) - out.ReadinessGates = *(*[]v1.PodReadinessGate)(unsafe.Pointer(&in.ReadinessGates)) - out.RuntimeClassName = (*string)(unsafe.Pointer(in.RuntimeClassName)) - out.Overhead = *(*v1.ResourceList)(unsafe.Pointer(&in.Overhead)) - out.EnableServiceLinks = (*bool)(unsafe.Pointer(in.EnableServiceLinks)) - out.TopologySpreadConstraints = *(*[]v1.TopologySpreadConstraint)(unsafe.Pointer(&in.TopologySpreadConstraints)) - out.OS = (*v1.PodOS)(unsafe.Pointer(in.OS)) - out.SchedulingGates = *(*[]v1.PodSchedulingGate)(unsafe.Pointer(&in.SchedulingGates)) - out.ResourceClaims = *(*[]v1.PodResourceClaim)(unsafe.Pointer(&in.ResourceClaims)) - return nil -} - -func autoConvert_v1_PodStatus_To_core_PodStatus(in *v1.PodStatus, out *core.PodStatus, s conversion.Scope) error { - out.Phase = core.PodPhase(in.Phase) - out.Conditions = *(*[]core.PodCondition)(unsafe.Pointer(&in.Conditions)) - out.Message = in.Message - out.Reason = in.Reason - out.NominatedNodeName = in.NominatedNodeName - out.HostIP = in.HostIP - // WARNING: in.PodIP requires manual conversion: does not exist in peer-type - out.PodIPs = *(*[]core.PodIP)(unsafe.Pointer(&in.PodIPs)) - out.StartTime = (*metav1.Time)(unsafe.Pointer(in.StartTime)) - out.InitContainerStatuses = *(*[]core.ContainerStatus)(unsafe.Pointer(&in.InitContainerStatuses)) - out.ContainerStatuses = *(*[]core.ContainerStatus)(unsafe.Pointer(&in.ContainerStatuses)) - out.QOSClass = core.PodQOSClass(in.QOSClass) - out.EphemeralContainerStatuses = *(*[]core.ContainerStatus)(unsafe.Pointer(&in.EphemeralContainerStatuses)) - return nil -} - -func autoConvert_core_PodStatus_To_v1_PodStatus(in *core.PodStatus, out *v1.PodStatus, s conversion.Scope) error { - out.Phase = v1.PodPhase(in.Phase) - out.Conditions = *(*[]v1.PodCondition)(unsafe.Pointer(&in.Conditions)) - out.Message = in.Message - out.Reason = in.Reason - out.NominatedNodeName = in.NominatedNodeName - out.HostIP = in.HostIP - out.PodIPs = *(*[]v1.PodIP)(unsafe.Pointer(&in.PodIPs)) - out.StartTime = (*metav1.Time)(unsafe.Pointer(in.StartTime)) - out.QOSClass = v1.PodQOSClass(in.QOSClass) - out.InitContainerStatuses = *(*[]v1.ContainerStatus)(unsafe.Pointer(&in.InitContainerStatuses)) - out.ContainerStatuses = *(*[]v1.ContainerStatus)(unsafe.Pointer(&in.ContainerStatuses)) - out.EphemeralContainerStatuses = *(*[]v1.ContainerStatus)(unsafe.Pointer(&in.EphemeralContainerStatuses)) - return nil -} - -func autoConvert_v1_PodStatusResult_To_core_PodStatusResult(in *v1.PodStatusResult, out *core.PodStatusResult, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PodStatus_To_core_PodStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PodStatusResult_To_core_PodStatusResult is an autogenerated conversion function. -func Convert_v1_PodStatusResult_To_core_PodStatusResult(in *v1.PodStatusResult, out *core.PodStatusResult, s conversion.Scope) error { - return autoConvert_v1_PodStatusResult_To_core_PodStatusResult(in, out, s) -} - -func autoConvert_core_PodStatusResult_To_v1_PodStatusResult(in *core.PodStatusResult, out *v1.PodStatusResult, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_PodStatus_To_v1_PodStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_PodStatusResult_To_v1_PodStatusResult is an autogenerated conversion function. -func Convert_core_PodStatusResult_To_v1_PodStatusResult(in *core.PodStatusResult, out *v1.PodStatusResult, s conversion.Scope) error { - return autoConvert_core_PodStatusResult_To_v1_PodStatusResult(in, out, s) -} - -func autoConvert_v1_PodTemplate_To_core_PodTemplate(in *v1.PodTemplate, out *core.PodTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PodTemplate_To_core_PodTemplate is an autogenerated conversion function. -func Convert_v1_PodTemplate_To_core_PodTemplate(in *v1.PodTemplate, out *core.PodTemplate, s conversion.Scope) error { - return autoConvert_v1_PodTemplate_To_core_PodTemplate(in, out, s) -} - -func autoConvert_core_PodTemplate_To_v1_PodTemplate(in *core.PodTemplate, out *v1.PodTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_core_PodTemplate_To_v1_PodTemplate is an autogenerated conversion function. -func Convert_core_PodTemplate_To_v1_PodTemplate(in *core.PodTemplate, out *v1.PodTemplate, s conversion.Scope) error { - return autoConvert_core_PodTemplate_To_v1_PodTemplate(in, out, s) -} - -func autoConvert_v1_PodTemplateList_To_core_PodTemplateList(in *v1.PodTemplateList, out *core.PodTemplateList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.PodTemplate, len(*in)) - for i := range *in { - if err := Convert_v1_PodTemplate_To_core_PodTemplate(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_PodTemplateList_To_core_PodTemplateList is an autogenerated conversion function. -func Convert_v1_PodTemplateList_To_core_PodTemplateList(in *v1.PodTemplateList, out *core.PodTemplateList, s conversion.Scope) error { - return autoConvert_v1_PodTemplateList_To_core_PodTemplateList(in, out, s) -} - -func autoConvert_core_PodTemplateList_To_v1_PodTemplateList(in *core.PodTemplateList, out *v1.PodTemplateList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.PodTemplate, len(*in)) - for i := range *in { - if err := Convert_core_PodTemplate_To_v1_PodTemplate(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_PodTemplateList_To_v1_PodTemplateList is an autogenerated conversion function. -func Convert_core_PodTemplateList_To_v1_PodTemplateList(in *core.PodTemplateList, out *v1.PodTemplateList, s conversion.Scope) error { - return autoConvert_core_PodTemplateList_To_v1_PodTemplateList(in, out, s) -} - -func autoConvert_v1_PodTemplateSpec_To_core_PodTemplateSpec(in *v1.PodTemplateSpec, out *core.PodTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PodSpec_To_core_PodSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -func autoConvert_core_PodTemplateSpec_To_v1_PodTemplateSpec(in *core.PodTemplateSpec, out *v1.PodTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_PodSpec_To_v1_PodSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1_PortStatus_To_core_PortStatus(in *v1.PortStatus, out *core.PortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = core.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_v1_PortStatus_To_core_PortStatus is an autogenerated conversion function. -func Convert_v1_PortStatus_To_core_PortStatus(in *v1.PortStatus, out *core.PortStatus, s conversion.Scope) error { - return autoConvert_v1_PortStatus_To_core_PortStatus(in, out, s) -} - -func autoConvert_core_PortStatus_To_v1_PortStatus(in *core.PortStatus, out *v1.PortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = v1.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_core_PortStatus_To_v1_PortStatus is an autogenerated conversion function. -func Convert_core_PortStatus_To_v1_PortStatus(in *core.PortStatus, out *v1.PortStatus, s conversion.Scope) error { - return autoConvert_core_PortStatus_To_v1_PortStatus(in, out, s) -} - -func autoConvert_v1_PortworxVolumeSource_To_core_PortworxVolumeSource(in *v1.PortworxVolumeSource, out *core.PortworxVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_PortworxVolumeSource_To_core_PortworxVolumeSource is an autogenerated conversion function. -func Convert_v1_PortworxVolumeSource_To_core_PortworxVolumeSource(in *v1.PortworxVolumeSource, out *core.PortworxVolumeSource, s conversion.Scope) error { - return autoConvert_v1_PortworxVolumeSource_To_core_PortworxVolumeSource(in, out, s) -} - -func autoConvert_core_PortworxVolumeSource_To_v1_PortworxVolumeSource(in *core.PortworxVolumeSource, out *v1.PortworxVolumeSource, s conversion.Scope) error { - out.VolumeID = in.VolumeID - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_PortworxVolumeSource_To_v1_PortworxVolumeSource is an autogenerated conversion function. -func Convert_core_PortworxVolumeSource_To_v1_PortworxVolumeSource(in *core.PortworxVolumeSource, out *v1.PortworxVolumeSource, s conversion.Scope) error { - return autoConvert_core_PortworxVolumeSource_To_v1_PortworxVolumeSource(in, out, s) -} - -func autoConvert_v1_Preconditions_To_core_Preconditions(in *v1.Preconditions, out *core.Preconditions, s conversion.Scope) error { - out.UID = (*types.UID)(unsafe.Pointer(in.UID)) - return nil -} - -// Convert_v1_Preconditions_To_core_Preconditions is an autogenerated conversion function. -func Convert_v1_Preconditions_To_core_Preconditions(in *v1.Preconditions, out *core.Preconditions, s conversion.Scope) error { - return autoConvert_v1_Preconditions_To_core_Preconditions(in, out, s) -} - -func autoConvert_core_Preconditions_To_v1_Preconditions(in *core.Preconditions, out *v1.Preconditions, s conversion.Scope) error { - out.UID = (*types.UID)(unsafe.Pointer(in.UID)) - return nil -} - -// Convert_core_Preconditions_To_v1_Preconditions is an autogenerated conversion function. -func Convert_core_Preconditions_To_v1_Preconditions(in *core.Preconditions, out *v1.Preconditions, s conversion.Scope) error { - return autoConvert_core_Preconditions_To_v1_Preconditions(in, out, s) -} - -func autoConvert_v1_PreferAvoidPodsEntry_To_core_PreferAvoidPodsEntry(in *v1.PreferAvoidPodsEntry, out *core.PreferAvoidPodsEntry, s conversion.Scope) error { - if err := Convert_v1_PodSignature_To_core_PodSignature(&in.PodSignature, &out.PodSignature, s); err != nil { - return err - } - out.EvictionTime = in.EvictionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_PreferAvoidPodsEntry_To_core_PreferAvoidPodsEntry is an autogenerated conversion function. -func Convert_v1_PreferAvoidPodsEntry_To_core_PreferAvoidPodsEntry(in *v1.PreferAvoidPodsEntry, out *core.PreferAvoidPodsEntry, s conversion.Scope) error { - return autoConvert_v1_PreferAvoidPodsEntry_To_core_PreferAvoidPodsEntry(in, out, s) -} - -func autoConvert_core_PreferAvoidPodsEntry_To_v1_PreferAvoidPodsEntry(in *core.PreferAvoidPodsEntry, out *v1.PreferAvoidPodsEntry, s conversion.Scope) error { - if err := Convert_core_PodSignature_To_v1_PodSignature(&in.PodSignature, &out.PodSignature, s); err != nil { - return err - } - out.EvictionTime = in.EvictionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_core_PreferAvoidPodsEntry_To_v1_PreferAvoidPodsEntry is an autogenerated conversion function. -func Convert_core_PreferAvoidPodsEntry_To_v1_PreferAvoidPodsEntry(in *core.PreferAvoidPodsEntry, out *v1.PreferAvoidPodsEntry, s conversion.Scope) error { - return autoConvert_core_PreferAvoidPodsEntry_To_v1_PreferAvoidPodsEntry(in, out, s) -} - -func autoConvert_v1_PreferredSchedulingTerm_To_core_PreferredSchedulingTerm(in *v1.PreferredSchedulingTerm, out *core.PreferredSchedulingTerm, s conversion.Scope) error { - out.Weight = in.Weight - if err := Convert_v1_NodeSelectorTerm_To_core_NodeSelectorTerm(&in.Preference, &out.Preference, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PreferredSchedulingTerm_To_core_PreferredSchedulingTerm is an autogenerated conversion function. -func Convert_v1_PreferredSchedulingTerm_To_core_PreferredSchedulingTerm(in *v1.PreferredSchedulingTerm, out *core.PreferredSchedulingTerm, s conversion.Scope) error { - return autoConvert_v1_PreferredSchedulingTerm_To_core_PreferredSchedulingTerm(in, out, s) -} - -func autoConvert_core_PreferredSchedulingTerm_To_v1_PreferredSchedulingTerm(in *core.PreferredSchedulingTerm, out *v1.PreferredSchedulingTerm, s conversion.Scope) error { - out.Weight = in.Weight - if err := Convert_core_NodeSelectorTerm_To_v1_NodeSelectorTerm(&in.Preference, &out.Preference, s); err != nil { - return err - } - return nil -} - -// Convert_core_PreferredSchedulingTerm_To_v1_PreferredSchedulingTerm is an autogenerated conversion function. -func Convert_core_PreferredSchedulingTerm_To_v1_PreferredSchedulingTerm(in *core.PreferredSchedulingTerm, out *v1.PreferredSchedulingTerm, s conversion.Scope) error { - return autoConvert_core_PreferredSchedulingTerm_To_v1_PreferredSchedulingTerm(in, out, s) -} - -func autoConvert_v1_Probe_To_core_Probe(in *v1.Probe, out *core.Probe, s conversion.Scope) error { - if err := Convert_v1_ProbeHandler_To_core_ProbeHandler(&in.ProbeHandler, &out.ProbeHandler, s); err != nil { - return err - } - out.InitialDelaySeconds = in.InitialDelaySeconds - out.TimeoutSeconds = in.TimeoutSeconds - out.PeriodSeconds = in.PeriodSeconds - out.SuccessThreshold = in.SuccessThreshold - out.FailureThreshold = in.FailureThreshold - out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds)) - return nil -} - -// Convert_v1_Probe_To_core_Probe is an autogenerated conversion function. -func Convert_v1_Probe_To_core_Probe(in *v1.Probe, out *core.Probe, s conversion.Scope) error { - return autoConvert_v1_Probe_To_core_Probe(in, out, s) -} - -func autoConvert_core_Probe_To_v1_Probe(in *core.Probe, out *v1.Probe, s conversion.Scope) error { - if err := Convert_core_ProbeHandler_To_v1_ProbeHandler(&in.ProbeHandler, &out.ProbeHandler, s); err != nil { - return err - } - out.InitialDelaySeconds = in.InitialDelaySeconds - out.TimeoutSeconds = in.TimeoutSeconds - out.PeriodSeconds = in.PeriodSeconds - out.SuccessThreshold = in.SuccessThreshold - out.FailureThreshold = in.FailureThreshold - out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds)) - return nil -} - -// Convert_core_Probe_To_v1_Probe is an autogenerated conversion function. -func Convert_core_Probe_To_v1_Probe(in *core.Probe, out *v1.Probe, s conversion.Scope) error { - return autoConvert_core_Probe_To_v1_Probe(in, out, s) -} - -func autoConvert_v1_ProbeHandler_To_core_ProbeHandler(in *v1.ProbeHandler, out *core.ProbeHandler, s conversion.Scope) error { - out.Exec = (*core.ExecAction)(unsafe.Pointer(in.Exec)) - out.HTTPGet = (*core.HTTPGetAction)(unsafe.Pointer(in.HTTPGet)) - out.TCPSocket = (*core.TCPSocketAction)(unsafe.Pointer(in.TCPSocket)) - out.GRPC = (*core.GRPCAction)(unsafe.Pointer(in.GRPC)) - return nil -} - -// Convert_v1_ProbeHandler_To_core_ProbeHandler is an autogenerated conversion function. -func Convert_v1_ProbeHandler_To_core_ProbeHandler(in *v1.ProbeHandler, out *core.ProbeHandler, s conversion.Scope) error { - return autoConvert_v1_ProbeHandler_To_core_ProbeHandler(in, out, s) -} - -func autoConvert_core_ProbeHandler_To_v1_ProbeHandler(in *core.ProbeHandler, out *v1.ProbeHandler, s conversion.Scope) error { - out.Exec = (*v1.ExecAction)(unsafe.Pointer(in.Exec)) - out.HTTPGet = (*v1.HTTPGetAction)(unsafe.Pointer(in.HTTPGet)) - out.TCPSocket = (*v1.TCPSocketAction)(unsafe.Pointer(in.TCPSocket)) - out.GRPC = (*v1.GRPCAction)(unsafe.Pointer(in.GRPC)) - return nil -} - -// Convert_core_ProbeHandler_To_v1_ProbeHandler is an autogenerated conversion function. -func Convert_core_ProbeHandler_To_v1_ProbeHandler(in *core.ProbeHandler, out *v1.ProbeHandler, s conversion.Scope) error { - return autoConvert_core_ProbeHandler_To_v1_ProbeHandler(in, out, s) -} - -func autoConvert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource(in *v1.ProjectedVolumeSource, out *core.ProjectedVolumeSource, s conversion.Scope) error { - if in.Sources != nil { - in, out := &in.Sources, &out.Sources - *out = make([]core.VolumeProjection, len(*in)) - for i := range *in { - if err := Convert_v1_VolumeProjection_To_core_VolumeProjection(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Sources = nil - } - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - return nil -} - -// Convert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource is an autogenerated conversion function. -func Convert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource(in *v1.ProjectedVolumeSource, out *core.ProjectedVolumeSource, s conversion.Scope) error { - return autoConvert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource(in, out, s) -} - -func autoConvert_core_ProjectedVolumeSource_To_v1_ProjectedVolumeSource(in *core.ProjectedVolumeSource, out *v1.ProjectedVolumeSource, s conversion.Scope) error { - if in.Sources != nil { - in, out := &in.Sources, &out.Sources - *out = make([]v1.VolumeProjection, len(*in)) - for i := range *in { - if err := Convert_core_VolumeProjection_To_v1_VolumeProjection(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Sources = nil - } - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - return nil -} - -// Convert_core_ProjectedVolumeSource_To_v1_ProjectedVolumeSource is an autogenerated conversion function. -func Convert_core_ProjectedVolumeSource_To_v1_ProjectedVolumeSource(in *core.ProjectedVolumeSource, out *v1.ProjectedVolumeSource, s conversion.Scope) error { - return autoConvert_core_ProjectedVolumeSource_To_v1_ProjectedVolumeSource(in, out, s) -} - -func autoConvert_v1_QuobyteVolumeSource_To_core_QuobyteVolumeSource(in *v1.QuobyteVolumeSource, out *core.QuobyteVolumeSource, s conversion.Scope) error { - out.Registry = in.Registry - out.Volume = in.Volume - out.ReadOnly = in.ReadOnly - out.User = in.User - out.Group = in.Group - out.Tenant = in.Tenant - return nil -} - -// Convert_v1_QuobyteVolumeSource_To_core_QuobyteVolumeSource is an autogenerated conversion function. -func Convert_v1_QuobyteVolumeSource_To_core_QuobyteVolumeSource(in *v1.QuobyteVolumeSource, out *core.QuobyteVolumeSource, s conversion.Scope) error { - return autoConvert_v1_QuobyteVolumeSource_To_core_QuobyteVolumeSource(in, out, s) -} - -func autoConvert_core_QuobyteVolumeSource_To_v1_QuobyteVolumeSource(in *core.QuobyteVolumeSource, out *v1.QuobyteVolumeSource, s conversion.Scope) error { - out.Registry = in.Registry - out.Volume = in.Volume - out.ReadOnly = in.ReadOnly - out.User = in.User - out.Group = in.Group - out.Tenant = in.Tenant - return nil -} - -// Convert_core_QuobyteVolumeSource_To_v1_QuobyteVolumeSource is an autogenerated conversion function. -func Convert_core_QuobyteVolumeSource_To_v1_QuobyteVolumeSource(in *core.QuobyteVolumeSource, out *v1.QuobyteVolumeSource, s conversion.Scope) error { - return autoConvert_core_QuobyteVolumeSource_To_v1_QuobyteVolumeSource(in, out, s) -} - -func autoConvert_v1_RBDPersistentVolumeSource_To_core_RBDPersistentVolumeSource(in *v1.RBDPersistentVolumeSource, out *core.RBDPersistentVolumeSource, s conversion.Scope) error { - out.CephMonitors = *(*[]string)(unsafe.Pointer(&in.CephMonitors)) - out.RBDImage = in.RBDImage - out.FSType = in.FSType - out.RBDPool = in.RBDPool - out.RadosUser = in.RadosUser - out.Keyring = in.Keyring - out.SecretRef = (*core.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_RBDPersistentVolumeSource_To_core_RBDPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_RBDPersistentVolumeSource_To_core_RBDPersistentVolumeSource(in *v1.RBDPersistentVolumeSource, out *core.RBDPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_RBDPersistentVolumeSource_To_core_RBDPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_RBDPersistentVolumeSource_To_v1_RBDPersistentVolumeSource(in *core.RBDPersistentVolumeSource, out *v1.RBDPersistentVolumeSource, s conversion.Scope) error { - out.CephMonitors = *(*[]string)(unsafe.Pointer(&in.CephMonitors)) - out.RBDImage = in.RBDImage - out.FSType = in.FSType - out.RBDPool = in.RBDPool - out.RadosUser = in.RadosUser - out.Keyring = in.Keyring - out.SecretRef = (*v1.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_RBDPersistentVolumeSource_To_v1_RBDPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_RBDPersistentVolumeSource_To_v1_RBDPersistentVolumeSource(in *core.RBDPersistentVolumeSource, out *v1.RBDPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_RBDPersistentVolumeSource_To_v1_RBDPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_RBDVolumeSource_To_core_RBDVolumeSource(in *v1.RBDVolumeSource, out *core.RBDVolumeSource, s conversion.Scope) error { - out.CephMonitors = *(*[]string)(unsafe.Pointer(&in.CephMonitors)) - out.RBDImage = in.RBDImage - out.FSType = in.FSType - out.RBDPool = in.RBDPool - out.RadosUser = in.RadosUser - out.Keyring = in.Keyring - out.SecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_RBDVolumeSource_To_core_RBDVolumeSource is an autogenerated conversion function. -func Convert_v1_RBDVolumeSource_To_core_RBDVolumeSource(in *v1.RBDVolumeSource, out *core.RBDVolumeSource, s conversion.Scope) error { - return autoConvert_v1_RBDVolumeSource_To_core_RBDVolumeSource(in, out, s) -} - -func autoConvert_core_RBDVolumeSource_To_v1_RBDVolumeSource(in *core.RBDVolumeSource, out *v1.RBDVolumeSource, s conversion.Scope) error { - out.CephMonitors = *(*[]string)(unsafe.Pointer(&in.CephMonitors)) - out.RBDImage = in.RBDImage - out.FSType = in.FSType - out.RBDPool = in.RBDPool - out.RadosUser = in.RadosUser - out.Keyring = in.Keyring - out.SecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_RBDVolumeSource_To_v1_RBDVolumeSource is an autogenerated conversion function. -func Convert_core_RBDVolumeSource_To_v1_RBDVolumeSource(in *core.RBDVolumeSource, out *v1.RBDVolumeSource, s conversion.Scope) error { - return autoConvert_core_RBDVolumeSource_To_v1_RBDVolumeSource(in, out, s) -} - -func autoConvert_v1_RangeAllocation_To_core_RangeAllocation(in *v1.RangeAllocation, out *core.RangeAllocation, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Range = in.Range - out.Data = *(*[]byte)(unsafe.Pointer(&in.Data)) - return nil -} - -// Convert_v1_RangeAllocation_To_core_RangeAllocation is an autogenerated conversion function. -func Convert_v1_RangeAllocation_To_core_RangeAllocation(in *v1.RangeAllocation, out *core.RangeAllocation, s conversion.Scope) error { - return autoConvert_v1_RangeAllocation_To_core_RangeAllocation(in, out, s) -} - -func autoConvert_core_RangeAllocation_To_v1_RangeAllocation(in *core.RangeAllocation, out *v1.RangeAllocation, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Range = in.Range - out.Data = *(*[]byte)(unsafe.Pointer(&in.Data)) - return nil -} - -// Convert_core_RangeAllocation_To_v1_RangeAllocation is an autogenerated conversion function. -func Convert_core_RangeAllocation_To_v1_RangeAllocation(in *core.RangeAllocation, out *v1.RangeAllocation, s conversion.Scope) error { - return autoConvert_core_RangeAllocation_To_v1_RangeAllocation(in, out, s) -} - -func autoConvert_v1_ReplicationController_To_core_ReplicationController(in *v1.ReplicationController, out *core.ReplicationController, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ReplicationControllerSpec_To_core_ReplicationControllerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_ReplicationControllerStatus_To_core_ReplicationControllerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_ReplicationController_To_core_ReplicationController is an autogenerated conversion function. -func Convert_v1_ReplicationController_To_core_ReplicationController(in *v1.ReplicationController, out *core.ReplicationController, s conversion.Scope) error { - return autoConvert_v1_ReplicationController_To_core_ReplicationController(in, out, s) -} - -func autoConvert_core_ReplicationController_To_v1_ReplicationController(in *core.ReplicationController, out *v1.ReplicationController, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_ReplicationControllerSpec_To_v1_ReplicationControllerSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_ReplicationControllerStatus_To_v1_ReplicationControllerStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_ReplicationController_To_v1_ReplicationController is an autogenerated conversion function. -func Convert_core_ReplicationController_To_v1_ReplicationController(in *core.ReplicationController, out *v1.ReplicationController, s conversion.Scope) error { - return autoConvert_core_ReplicationController_To_v1_ReplicationController(in, out, s) -} - -func autoConvert_v1_ReplicationControllerCondition_To_core_ReplicationControllerCondition(in *v1.ReplicationControllerCondition, out *core.ReplicationControllerCondition, s conversion.Scope) error { - out.Type = core.ReplicationControllerConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1_ReplicationControllerCondition_To_core_ReplicationControllerCondition is an autogenerated conversion function. -func Convert_v1_ReplicationControllerCondition_To_core_ReplicationControllerCondition(in *v1.ReplicationControllerCondition, out *core.ReplicationControllerCondition, s conversion.Scope) error { - return autoConvert_v1_ReplicationControllerCondition_To_core_ReplicationControllerCondition(in, out, s) -} - -func autoConvert_core_ReplicationControllerCondition_To_v1_ReplicationControllerCondition(in *core.ReplicationControllerCondition, out *v1.ReplicationControllerCondition, s conversion.Scope) error { - out.Type = v1.ReplicationControllerConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_core_ReplicationControllerCondition_To_v1_ReplicationControllerCondition is an autogenerated conversion function. -func Convert_core_ReplicationControllerCondition_To_v1_ReplicationControllerCondition(in *core.ReplicationControllerCondition, out *v1.ReplicationControllerCondition, s conversion.Scope) error { - return autoConvert_core_ReplicationControllerCondition_To_v1_ReplicationControllerCondition(in, out, s) -} - -func autoConvert_v1_ReplicationControllerList_To_core_ReplicationControllerList(in *v1.ReplicationControllerList, out *core.ReplicationControllerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.ReplicationController, len(*in)) - for i := range *in { - if err := Convert_v1_ReplicationController_To_core_ReplicationController(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_ReplicationControllerList_To_core_ReplicationControllerList is an autogenerated conversion function. -func Convert_v1_ReplicationControllerList_To_core_ReplicationControllerList(in *v1.ReplicationControllerList, out *core.ReplicationControllerList, s conversion.Scope) error { - return autoConvert_v1_ReplicationControllerList_To_core_ReplicationControllerList(in, out, s) -} - -func autoConvert_core_ReplicationControllerList_To_v1_ReplicationControllerList(in *core.ReplicationControllerList, out *v1.ReplicationControllerList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.ReplicationController, len(*in)) - for i := range *in { - if err := Convert_core_ReplicationController_To_v1_ReplicationController(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_ReplicationControllerList_To_v1_ReplicationControllerList is an autogenerated conversion function. -func Convert_core_ReplicationControllerList_To_v1_ReplicationControllerList(in *core.ReplicationControllerList, out *v1.ReplicationControllerList, s conversion.Scope) error { - return autoConvert_core_ReplicationControllerList_To_v1_ReplicationControllerList(in, out, s) -} - -func autoConvert_v1_ReplicationControllerSpec_To_core_ReplicationControllerSpec(in *v1.ReplicationControllerSpec, out *core.ReplicationControllerSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = *(*map[string]string)(unsafe.Pointer(&in.Selector)) - if in.Template != nil { - in, out := &in.Template, &out.Template - *out = new(core.PodTemplateSpec) - if err := Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(*in, *out, s); err != nil { - return err - } - } else { - out.Template = nil - } - return nil -} - -func autoConvert_core_ReplicationControllerSpec_To_v1_ReplicationControllerSpec(in *core.ReplicationControllerSpec, out *v1.ReplicationControllerSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = *(*map[string]string)(unsafe.Pointer(&in.Selector)) - if in.Template != nil { - in, out := &in.Template, &out.Template - *out = new(v1.PodTemplateSpec) - if err := Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(*in, *out, s); err != nil { - return err - } - } else { - out.Template = nil - } - return nil -} - -func autoConvert_v1_ReplicationControllerStatus_To_core_ReplicationControllerStatus(in *v1.ReplicationControllerStatus, out *core.ReplicationControllerStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]core.ReplicationControllerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_ReplicationControllerStatus_To_core_ReplicationControllerStatus is an autogenerated conversion function. -func Convert_v1_ReplicationControllerStatus_To_core_ReplicationControllerStatus(in *v1.ReplicationControllerStatus, out *core.ReplicationControllerStatus, s conversion.Scope) error { - return autoConvert_v1_ReplicationControllerStatus_To_core_ReplicationControllerStatus(in, out, s) -} - -func autoConvert_core_ReplicationControllerStatus_To_v1_ReplicationControllerStatus(in *core.ReplicationControllerStatus, out *v1.ReplicationControllerStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]v1.ReplicationControllerCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_core_ReplicationControllerStatus_To_v1_ReplicationControllerStatus is an autogenerated conversion function. -func Convert_core_ReplicationControllerStatus_To_v1_ReplicationControllerStatus(in *core.ReplicationControllerStatus, out *v1.ReplicationControllerStatus, s conversion.Scope) error { - return autoConvert_core_ReplicationControllerStatus_To_v1_ReplicationControllerStatus(in, out, s) -} - -func autoConvert_v1_ResourceClaim_To_core_ResourceClaim(in *v1.ResourceClaim, out *core.ResourceClaim, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1_ResourceClaim_To_core_ResourceClaim is an autogenerated conversion function. -func Convert_v1_ResourceClaim_To_core_ResourceClaim(in *v1.ResourceClaim, out *core.ResourceClaim, s conversion.Scope) error { - return autoConvert_v1_ResourceClaim_To_core_ResourceClaim(in, out, s) -} - -func autoConvert_core_ResourceClaim_To_v1_ResourceClaim(in *core.ResourceClaim, out *v1.ResourceClaim, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_core_ResourceClaim_To_v1_ResourceClaim is an autogenerated conversion function. -func Convert_core_ResourceClaim_To_v1_ResourceClaim(in *core.ResourceClaim, out *v1.ResourceClaim, s conversion.Scope) error { - return autoConvert_core_ResourceClaim_To_v1_ResourceClaim(in, out, s) -} - -func autoConvert_v1_ResourceFieldSelector_To_core_ResourceFieldSelector(in *v1.ResourceFieldSelector, out *core.ResourceFieldSelector, s conversion.Scope) error { - out.ContainerName = in.ContainerName - out.Resource = in.Resource - out.Divisor = in.Divisor - return nil -} - -// Convert_v1_ResourceFieldSelector_To_core_ResourceFieldSelector is an autogenerated conversion function. -func Convert_v1_ResourceFieldSelector_To_core_ResourceFieldSelector(in *v1.ResourceFieldSelector, out *core.ResourceFieldSelector, s conversion.Scope) error { - return autoConvert_v1_ResourceFieldSelector_To_core_ResourceFieldSelector(in, out, s) -} - -func autoConvert_core_ResourceFieldSelector_To_v1_ResourceFieldSelector(in *core.ResourceFieldSelector, out *v1.ResourceFieldSelector, s conversion.Scope) error { - out.ContainerName = in.ContainerName - out.Resource = in.Resource - out.Divisor = in.Divisor - return nil -} - -// Convert_core_ResourceFieldSelector_To_v1_ResourceFieldSelector is an autogenerated conversion function. -func Convert_core_ResourceFieldSelector_To_v1_ResourceFieldSelector(in *core.ResourceFieldSelector, out *v1.ResourceFieldSelector, s conversion.Scope) error { - return autoConvert_core_ResourceFieldSelector_To_v1_ResourceFieldSelector(in, out, s) -} - -func autoConvert_v1_ResourceQuota_To_core_ResourceQuota(in *v1.ResourceQuota, out *core.ResourceQuota, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ResourceQuotaSpec_To_core_ResourceQuotaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_ResourceQuotaStatus_To_core_ResourceQuotaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_ResourceQuota_To_core_ResourceQuota is an autogenerated conversion function. -func Convert_v1_ResourceQuota_To_core_ResourceQuota(in *v1.ResourceQuota, out *core.ResourceQuota, s conversion.Scope) error { - return autoConvert_v1_ResourceQuota_To_core_ResourceQuota(in, out, s) -} - -func autoConvert_core_ResourceQuota_To_v1_ResourceQuota(in *core.ResourceQuota, out *v1.ResourceQuota, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_ResourceQuotaSpec_To_v1_ResourceQuotaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_ResourceQuotaStatus_To_v1_ResourceQuotaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_ResourceQuota_To_v1_ResourceQuota is an autogenerated conversion function. -func Convert_core_ResourceQuota_To_v1_ResourceQuota(in *core.ResourceQuota, out *v1.ResourceQuota, s conversion.Scope) error { - return autoConvert_core_ResourceQuota_To_v1_ResourceQuota(in, out, s) -} - -func autoConvert_v1_ResourceQuotaList_To_core_ResourceQuotaList(in *v1.ResourceQuotaList, out *core.ResourceQuotaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.ResourceQuota)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_ResourceQuotaList_To_core_ResourceQuotaList is an autogenerated conversion function. -func Convert_v1_ResourceQuotaList_To_core_ResourceQuotaList(in *v1.ResourceQuotaList, out *core.ResourceQuotaList, s conversion.Scope) error { - return autoConvert_v1_ResourceQuotaList_To_core_ResourceQuotaList(in, out, s) -} - -func autoConvert_core_ResourceQuotaList_To_v1_ResourceQuotaList(in *core.ResourceQuotaList, out *v1.ResourceQuotaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.ResourceQuota)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_ResourceQuotaList_To_v1_ResourceQuotaList is an autogenerated conversion function. -func Convert_core_ResourceQuotaList_To_v1_ResourceQuotaList(in *core.ResourceQuotaList, out *v1.ResourceQuotaList, s conversion.Scope) error { - return autoConvert_core_ResourceQuotaList_To_v1_ResourceQuotaList(in, out, s) -} - -func autoConvert_v1_ResourceQuotaSpec_To_core_ResourceQuotaSpec(in *v1.ResourceQuotaSpec, out *core.ResourceQuotaSpec, s conversion.Scope) error { - out.Hard = *(*core.ResourceList)(unsafe.Pointer(&in.Hard)) - out.Scopes = *(*[]core.ResourceQuotaScope)(unsafe.Pointer(&in.Scopes)) - out.ScopeSelector = (*core.ScopeSelector)(unsafe.Pointer(in.ScopeSelector)) - return nil -} - -// Convert_v1_ResourceQuotaSpec_To_core_ResourceQuotaSpec is an autogenerated conversion function. -func Convert_v1_ResourceQuotaSpec_To_core_ResourceQuotaSpec(in *v1.ResourceQuotaSpec, out *core.ResourceQuotaSpec, s conversion.Scope) error { - return autoConvert_v1_ResourceQuotaSpec_To_core_ResourceQuotaSpec(in, out, s) -} - -func autoConvert_core_ResourceQuotaSpec_To_v1_ResourceQuotaSpec(in *core.ResourceQuotaSpec, out *v1.ResourceQuotaSpec, s conversion.Scope) error { - out.Hard = *(*v1.ResourceList)(unsafe.Pointer(&in.Hard)) - out.Scopes = *(*[]v1.ResourceQuotaScope)(unsafe.Pointer(&in.Scopes)) - out.ScopeSelector = (*v1.ScopeSelector)(unsafe.Pointer(in.ScopeSelector)) - return nil -} - -// Convert_core_ResourceQuotaSpec_To_v1_ResourceQuotaSpec is an autogenerated conversion function. -func Convert_core_ResourceQuotaSpec_To_v1_ResourceQuotaSpec(in *core.ResourceQuotaSpec, out *v1.ResourceQuotaSpec, s conversion.Scope) error { - return autoConvert_core_ResourceQuotaSpec_To_v1_ResourceQuotaSpec(in, out, s) -} - -func autoConvert_v1_ResourceQuotaStatus_To_core_ResourceQuotaStatus(in *v1.ResourceQuotaStatus, out *core.ResourceQuotaStatus, s conversion.Scope) error { - out.Hard = *(*core.ResourceList)(unsafe.Pointer(&in.Hard)) - out.Used = *(*core.ResourceList)(unsafe.Pointer(&in.Used)) - return nil -} - -// Convert_v1_ResourceQuotaStatus_To_core_ResourceQuotaStatus is an autogenerated conversion function. -func Convert_v1_ResourceQuotaStatus_To_core_ResourceQuotaStatus(in *v1.ResourceQuotaStatus, out *core.ResourceQuotaStatus, s conversion.Scope) error { - return autoConvert_v1_ResourceQuotaStatus_To_core_ResourceQuotaStatus(in, out, s) -} - -func autoConvert_core_ResourceQuotaStatus_To_v1_ResourceQuotaStatus(in *core.ResourceQuotaStatus, out *v1.ResourceQuotaStatus, s conversion.Scope) error { - out.Hard = *(*v1.ResourceList)(unsafe.Pointer(&in.Hard)) - out.Used = *(*v1.ResourceList)(unsafe.Pointer(&in.Used)) - return nil -} - -// Convert_core_ResourceQuotaStatus_To_v1_ResourceQuotaStatus is an autogenerated conversion function. -func Convert_core_ResourceQuotaStatus_To_v1_ResourceQuotaStatus(in *core.ResourceQuotaStatus, out *v1.ResourceQuotaStatus, s conversion.Scope) error { - return autoConvert_core_ResourceQuotaStatus_To_v1_ResourceQuotaStatus(in, out, s) -} - -func autoConvert_v1_ResourceRequirements_To_core_ResourceRequirements(in *v1.ResourceRequirements, out *core.ResourceRequirements, s conversion.Scope) error { - out.Limits = *(*core.ResourceList)(unsafe.Pointer(&in.Limits)) - out.Requests = *(*core.ResourceList)(unsafe.Pointer(&in.Requests)) - out.Claims = *(*[]core.ResourceClaim)(unsafe.Pointer(&in.Claims)) - return nil -} - -// Convert_v1_ResourceRequirements_To_core_ResourceRequirements is an autogenerated conversion function. -func Convert_v1_ResourceRequirements_To_core_ResourceRequirements(in *v1.ResourceRequirements, out *core.ResourceRequirements, s conversion.Scope) error { - return autoConvert_v1_ResourceRequirements_To_core_ResourceRequirements(in, out, s) -} - -func autoConvert_core_ResourceRequirements_To_v1_ResourceRequirements(in *core.ResourceRequirements, out *v1.ResourceRequirements, s conversion.Scope) error { - out.Limits = *(*v1.ResourceList)(unsafe.Pointer(&in.Limits)) - out.Requests = *(*v1.ResourceList)(unsafe.Pointer(&in.Requests)) - out.Claims = *(*[]v1.ResourceClaim)(unsafe.Pointer(&in.Claims)) - return nil -} - -// Convert_core_ResourceRequirements_To_v1_ResourceRequirements is an autogenerated conversion function. -func Convert_core_ResourceRequirements_To_v1_ResourceRequirements(in *core.ResourceRequirements, out *v1.ResourceRequirements, s conversion.Scope) error { - return autoConvert_core_ResourceRequirements_To_v1_ResourceRequirements(in, out, s) -} - -func autoConvert_v1_SELinuxOptions_To_core_SELinuxOptions(in *v1.SELinuxOptions, out *core.SELinuxOptions, s conversion.Scope) error { - out.User = in.User - out.Role = in.Role - out.Type = in.Type - out.Level = in.Level - return nil -} - -// Convert_v1_SELinuxOptions_To_core_SELinuxOptions is an autogenerated conversion function. -func Convert_v1_SELinuxOptions_To_core_SELinuxOptions(in *v1.SELinuxOptions, out *core.SELinuxOptions, s conversion.Scope) error { - return autoConvert_v1_SELinuxOptions_To_core_SELinuxOptions(in, out, s) -} - -func autoConvert_core_SELinuxOptions_To_v1_SELinuxOptions(in *core.SELinuxOptions, out *v1.SELinuxOptions, s conversion.Scope) error { - out.User = in.User - out.Role = in.Role - out.Type = in.Type - out.Level = in.Level - return nil -} - -// Convert_core_SELinuxOptions_To_v1_SELinuxOptions is an autogenerated conversion function. -func Convert_core_SELinuxOptions_To_v1_SELinuxOptions(in *core.SELinuxOptions, out *v1.SELinuxOptions, s conversion.Scope) error { - return autoConvert_core_SELinuxOptions_To_v1_SELinuxOptions(in, out, s) -} - -func autoConvert_v1_ScaleIOPersistentVolumeSource_To_core_ScaleIOPersistentVolumeSource(in *v1.ScaleIOPersistentVolumeSource, out *core.ScaleIOPersistentVolumeSource, s conversion.Scope) error { - out.Gateway = in.Gateway - out.System = in.System - out.SecretRef = (*core.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.SSLEnabled = in.SSLEnabled - out.ProtectionDomain = in.ProtectionDomain - out.StoragePool = in.StoragePool - out.StorageMode = in.StorageMode - out.VolumeName = in.VolumeName - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_ScaleIOPersistentVolumeSource_To_core_ScaleIOPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_ScaleIOPersistentVolumeSource_To_core_ScaleIOPersistentVolumeSource(in *v1.ScaleIOPersistentVolumeSource, out *core.ScaleIOPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_ScaleIOPersistentVolumeSource_To_core_ScaleIOPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_ScaleIOPersistentVolumeSource_To_v1_ScaleIOPersistentVolumeSource(in *core.ScaleIOPersistentVolumeSource, out *v1.ScaleIOPersistentVolumeSource, s conversion.Scope) error { - out.Gateway = in.Gateway - out.System = in.System - out.SecretRef = (*v1.SecretReference)(unsafe.Pointer(in.SecretRef)) - out.SSLEnabled = in.SSLEnabled - out.ProtectionDomain = in.ProtectionDomain - out.StoragePool = in.StoragePool - out.StorageMode = in.StorageMode - out.VolumeName = in.VolumeName - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_ScaleIOPersistentVolumeSource_To_v1_ScaleIOPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_ScaleIOPersistentVolumeSource_To_v1_ScaleIOPersistentVolumeSource(in *core.ScaleIOPersistentVolumeSource, out *v1.ScaleIOPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_ScaleIOPersistentVolumeSource_To_v1_ScaleIOPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_ScaleIOVolumeSource_To_core_ScaleIOVolumeSource(in *v1.ScaleIOVolumeSource, out *core.ScaleIOVolumeSource, s conversion.Scope) error { - out.Gateway = in.Gateway - out.System = in.System - out.SecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.SSLEnabled = in.SSLEnabled - out.ProtectionDomain = in.ProtectionDomain - out.StoragePool = in.StoragePool - out.StorageMode = in.StorageMode - out.VolumeName = in.VolumeName - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1_ScaleIOVolumeSource_To_core_ScaleIOVolumeSource is an autogenerated conversion function. -func Convert_v1_ScaleIOVolumeSource_To_core_ScaleIOVolumeSource(in *v1.ScaleIOVolumeSource, out *core.ScaleIOVolumeSource, s conversion.Scope) error { - return autoConvert_v1_ScaleIOVolumeSource_To_core_ScaleIOVolumeSource(in, out, s) -} - -func autoConvert_core_ScaleIOVolumeSource_To_v1_ScaleIOVolumeSource(in *core.ScaleIOVolumeSource, out *v1.ScaleIOVolumeSource, s conversion.Scope) error { - out.Gateway = in.Gateway - out.System = in.System - out.SecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - out.SSLEnabled = in.SSLEnabled - out.ProtectionDomain = in.ProtectionDomain - out.StoragePool = in.StoragePool - out.StorageMode = in.StorageMode - out.VolumeName = in.VolumeName - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_core_ScaleIOVolumeSource_To_v1_ScaleIOVolumeSource is an autogenerated conversion function. -func Convert_core_ScaleIOVolumeSource_To_v1_ScaleIOVolumeSource(in *core.ScaleIOVolumeSource, out *v1.ScaleIOVolumeSource, s conversion.Scope) error { - return autoConvert_core_ScaleIOVolumeSource_To_v1_ScaleIOVolumeSource(in, out, s) -} - -func autoConvert_v1_ScopeSelector_To_core_ScopeSelector(in *v1.ScopeSelector, out *core.ScopeSelector, s conversion.Scope) error { - out.MatchExpressions = *(*[]core.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchExpressions)) - return nil -} - -// Convert_v1_ScopeSelector_To_core_ScopeSelector is an autogenerated conversion function. -func Convert_v1_ScopeSelector_To_core_ScopeSelector(in *v1.ScopeSelector, out *core.ScopeSelector, s conversion.Scope) error { - return autoConvert_v1_ScopeSelector_To_core_ScopeSelector(in, out, s) -} - -func autoConvert_core_ScopeSelector_To_v1_ScopeSelector(in *core.ScopeSelector, out *v1.ScopeSelector, s conversion.Scope) error { - out.MatchExpressions = *(*[]v1.ScopedResourceSelectorRequirement)(unsafe.Pointer(&in.MatchExpressions)) - return nil -} - -// Convert_core_ScopeSelector_To_v1_ScopeSelector is an autogenerated conversion function. -func Convert_core_ScopeSelector_To_v1_ScopeSelector(in *core.ScopeSelector, out *v1.ScopeSelector, s conversion.Scope) error { - return autoConvert_core_ScopeSelector_To_v1_ScopeSelector(in, out, s) -} - -func autoConvert_v1_ScopedResourceSelectorRequirement_To_core_ScopedResourceSelectorRequirement(in *v1.ScopedResourceSelectorRequirement, out *core.ScopedResourceSelectorRequirement, s conversion.Scope) error { - out.ScopeName = core.ResourceQuotaScope(in.ScopeName) - out.Operator = core.ScopeSelectorOperator(in.Operator) - out.Values = *(*[]string)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_v1_ScopedResourceSelectorRequirement_To_core_ScopedResourceSelectorRequirement is an autogenerated conversion function. -func Convert_v1_ScopedResourceSelectorRequirement_To_core_ScopedResourceSelectorRequirement(in *v1.ScopedResourceSelectorRequirement, out *core.ScopedResourceSelectorRequirement, s conversion.Scope) error { - return autoConvert_v1_ScopedResourceSelectorRequirement_To_core_ScopedResourceSelectorRequirement(in, out, s) -} - -func autoConvert_core_ScopedResourceSelectorRequirement_To_v1_ScopedResourceSelectorRequirement(in *core.ScopedResourceSelectorRequirement, out *v1.ScopedResourceSelectorRequirement, s conversion.Scope) error { - out.ScopeName = v1.ResourceQuotaScope(in.ScopeName) - out.Operator = v1.ScopeSelectorOperator(in.Operator) - out.Values = *(*[]string)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_core_ScopedResourceSelectorRequirement_To_v1_ScopedResourceSelectorRequirement is an autogenerated conversion function. -func Convert_core_ScopedResourceSelectorRequirement_To_v1_ScopedResourceSelectorRequirement(in *core.ScopedResourceSelectorRequirement, out *v1.ScopedResourceSelectorRequirement, s conversion.Scope) error { - return autoConvert_core_ScopedResourceSelectorRequirement_To_v1_ScopedResourceSelectorRequirement(in, out, s) -} - -func autoConvert_v1_SeccompProfile_To_core_SeccompProfile(in *v1.SeccompProfile, out *core.SeccompProfile, s conversion.Scope) error { - out.Type = core.SeccompProfileType(in.Type) - out.LocalhostProfile = (*string)(unsafe.Pointer(in.LocalhostProfile)) - return nil -} - -// Convert_v1_SeccompProfile_To_core_SeccompProfile is an autogenerated conversion function. -func Convert_v1_SeccompProfile_To_core_SeccompProfile(in *v1.SeccompProfile, out *core.SeccompProfile, s conversion.Scope) error { - return autoConvert_v1_SeccompProfile_To_core_SeccompProfile(in, out, s) -} - -func autoConvert_core_SeccompProfile_To_v1_SeccompProfile(in *core.SeccompProfile, out *v1.SeccompProfile, s conversion.Scope) error { - out.Type = v1.SeccompProfileType(in.Type) - out.LocalhostProfile = (*string)(unsafe.Pointer(in.LocalhostProfile)) - return nil -} - -// Convert_core_SeccompProfile_To_v1_SeccompProfile is an autogenerated conversion function. -func Convert_core_SeccompProfile_To_v1_SeccompProfile(in *core.SeccompProfile, out *v1.SeccompProfile, s conversion.Scope) error { - return autoConvert_core_SeccompProfile_To_v1_SeccompProfile(in, out, s) -} - -func autoConvert_v1_Secret_To_core_Secret(in *v1.Secret, out *core.Secret, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Immutable = (*bool)(unsafe.Pointer(in.Immutable)) - out.Data = *(*map[string][]byte)(unsafe.Pointer(&in.Data)) - // INFO: in.StringData opted out of conversion generation - out.Type = core.SecretType(in.Type) - return nil -} - -func autoConvert_core_Secret_To_v1_Secret(in *core.Secret, out *v1.Secret, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Immutable = (*bool)(unsafe.Pointer(in.Immutable)) - out.Data = *(*map[string][]byte)(unsafe.Pointer(&in.Data)) - out.Type = v1.SecretType(in.Type) - return nil -} - -// Convert_core_Secret_To_v1_Secret is an autogenerated conversion function. -func Convert_core_Secret_To_v1_Secret(in *core.Secret, out *v1.Secret, s conversion.Scope) error { - return autoConvert_core_Secret_To_v1_Secret(in, out, s) -} - -func autoConvert_v1_SecretEnvSource_To_core_SecretEnvSource(in *v1.SecretEnvSource, out *core.SecretEnvSource, s conversion.Scope) error { - if err := Convert_v1_LocalObjectReference_To_core_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_SecretEnvSource_To_core_SecretEnvSource is an autogenerated conversion function. -func Convert_v1_SecretEnvSource_To_core_SecretEnvSource(in *v1.SecretEnvSource, out *core.SecretEnvSource, s conversion.Scope) error { - return autoConvert_v1_SecretEnvSource_To_core_SecretEnvSource(in, out, s) -} - -func autoConvert_core_SecretEnvSource_To_v1_SecretEnvSource(in *core.SecretEnvSource, out *v1.SecretEnvSource, s conversion.Scope) error { - if err := Convert_core_LocalObjectReference_To_v1_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_SecretEnvSource_To_v1_SecretEnvSource is an autogenerated conversion function. -func Convert_core_SecretEnvSource_To_v1_SecretEnvSource(in *core.SecretEnvSource, out *v1.SecretEnvSource, s conversion.Scope) error { - return autoConvert_core_SecretEnvSource_To_v1_SecretEnvSource(in, out, s) -} - -func autoConvert_v1_SecretKeySelector_To_core_SecretKeySelector(in *v1.SecretKeySelector, out *core.SecretKeySelector, s conversion.Scope) error { - if err := Convert_v1_LocalObjectReference_To_core_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Key = in.Key - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_SecretKeySelector_To_core_SecretKeySelector is an autogenerated conversion function. -func Convert_v1_SecretKeySelector_To_core_SecretKeySelector(in *v1.SecretKeySelector, out *core.SecretKeySelector, s conversion.Scope) error { - return autoConvert_v1_SecretKeySelector_To_core_SecretKeySelector(in, out, s) -} - -func autoConvert_core_SecretKeySelector_To_v1_SecretKeySelector(in *core.SecretKeySelector, out *v1.SecretKeySelector, s conversion.Scope) error { - if err := Convert_core_LocalObjectReference_To_v1_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Key = in.Key - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_SecretKeySelector_To_v1_SecretKeySelector is an autogenerated conversion function. -func Convert_core_SecretKeySelector_To_v1_SecretKeySelector(in *core.SecretKeySelector, out *v1.SecretKeySelector, s conversion.Scope) error { - return autoConvert_core_SecretKeySelector_To_v1_SecretKeySelector(in, out, s) -} - -func autoConvert_v1_SecretList_To_core_SecretList(in *v1.SecretList, out *core.SecretList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.Secret, len(*in)) - for i := range *in { - if err := Convert_v1_Secret_To_core_Secret(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_SecretList_To_core_SecretList is an autogenerated conversion function. -func Convert_v1_SecretList_To_core_SecretList(in *v1.SecretList, out *core.SecretList, s conversion.Scope) error { - return autoConvert_v1_SecretList_To_core_SecretList(in, out, s) -} - -func autoConvert_core_SecretList_To_v1_SecretList(in *core.SecretList, out *v1.SecretList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.Secret, len(*in)) - for i := range *in { - if err := Convert_core_Secret_To_v1_Secret(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_SecretList_To_v1_SecretList is an autogenerated conversion function. -func Convert_core_SecretList_To_v1_SecretList(in *core.SecretList, out *v1.SecretList, s conversion.Scope) error { - return autoConvert_core_SecretList_To_v1_SecretList(in, out, s) -} - -func autoConvert_v1_SecretProjection_To_core_SecretProjection(in *v1.SecretProjection, out *core.SecretProjection, s conversion.Scope) error { - if err := Convert_v1_LocalObjectReference_To_core_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Items = *(*[]core.KeyToPath)(unsafe.Pointer(&in.Items)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_SecretProjection_To_core_SecretProjection is an autogenerated conversion function. -func Convert_v1_SecretProjection_To_core_SecretProjection(in *v1.SecretProjection, out *core.SecretProjection, s conversion.Scope) error { - return autoConvert_v1_SecretProjection_To_core_SecretProjection(in, out, s) -} - -func autoConvert_core_SecretProjection_To_v1_SecretProjection(in *core.SecretProjection, out *v1.SecretProjection, s conversion.Scope) error { - if err := Convert_core_LocalObjectReference_To_v1_LocalObjectReference(&in.LocalObjectReference, &out.LocalObjectReference, s); err != nil { - return err - } - out.Items = *(*[]v1.KeyToPath)(unsafe.Pointer(&in.Items)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_SecretProjection_To_v1_SecretProjection is an autogenerated conversion function. -func Convert_core_SecretProjection_To_v1_SecretProjection(in *core.SecretProjection, out *v1.SecretProjection, s conversion.Scope) error { - return autoConvert_core_SecretProjection_To_v1_SecretProjection(in, out, s) -} - -func autoConvert_v1_SecretReference_To_core_SecretReference(in *v1.SecretReference, out *core.SecretReference, s conversion.Scope) error { - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_v1_SecretReference_To_core_SecretReference is an autogenerated conversion function. -func Convert_v1_SecretReference_To_core_SecretReference(in *v1.SecretReference, out *core.SecretReference, s conversion.Scope) error { - return autoConvert_v1_SecretReference_To_core_SecretReference(in, out, s) -} - -func autoConvert_core_SecretReference_To_v1_SecretReference(in *core.SecretReference, out *v1.SecretReference, s conversion.Scope) error { - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_core_SecretReference_To_v1_SecretReference is an autogenerated conversion function. -func Convert_core_SecretReference_To_v1_SecretReference(in *core.SecretReference, out *v1.SecretReference, s conversion.Scope) error { - return autoConvert_core_SecretReference_To_v1_SecretReference(in, out, s) -} - -func autoConvert_v1_SecretVolumeSource_To_core_SecretVolumeSource(in *v1.SecretVolumeSource, out *core.SecretVolumeSource, s conversion.Scope) error { - out.SecretName = in.SecretName - out.Items = *(*[]core.KeyToPath)(unsafe.Pointer(&in.Items)) - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_v1_SecretVolumeSource_To_core_SecretVolumeSource is an autogenerated conversion function. -func Convert_v1_SecretVolumeSource_To_core_SecretVolumeSource(in *v1.SecretVolumeSource, out *core.SecretVolumeSource, s conversion.Scope) error { - return autoConvert_v1_SecretVolumeSource_To_core_SecretVolumeSource(in, out, s) -} - -func autoConvert_core_SecretVolumeSource_To_v1_SecretVolumeSource(in *core.SecretVolumeSource, out *v1.SecretVolumeSource, s conversion.Scope) error { - out.SecretName = in.SecretName - out.Items = *(*[]v1.KeyToPath)(unsafe.Pointer(&in.Items)) - out.DefaultMode = (*int32)(unsafe.Pointer(in.DefaultMode)) - out.Optional = (*bool)(unsafe.Pointer(in.Optional)) - return nil -} - -// Convert_core_SecretVolumeSource_To_v1_SecretVolumeSource is an autogenerated conversion function. -func Convert_core_SecretVolumeSource_To_v1_SecretVolumeSource(in *core.SecretVolumeSource, out *v1.SecretVolumeSource, s conversion.Scope) error { - return autoConvert_core_SecretVolumeSource_To_v1_SecretVolumeSource(in, out, s) -} - -func autoConvert_v1_SecurityContext_To_core_SecurityContext(in *v1.SecurityContext, out *core.SecurityContext, s conversion.Scope) error { - out.Capabilities = (*core.Capabilities)(unsafe.Pointer(in.Capabilities)) - out.Privileged = (*bool)(unsafe.Pointer(in.Privileged)) - out.SELinuxOptions = (*core.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - out.WindowsOptions = (*core.WindowsSecurityContextOptions)(unsafe.Pointer(in.WindowsOptions)) - out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser)) - out.RunAsGroup = (*int64)(unsafe.Pointer(in.RunAsGroup)) - out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot)) - out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem)) - out.AllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.AllowPrivilegeEscalation)) - out.ProcMount = (*core.ProcMountType)(unsafe.Pointer(in.ProcMount)) - out.SeccompProfile = (*core.SeccompProfile)(unsafe.Pointer(in.SeccompProfile)) - return nil -} - -// Convert_v1_SecurityContext_To_core_SecurityContext is an autogenerated conversion function. -func Convert_v1_SecurityContext_To_core_SecurityContext(in *v1.SecurityContext, out *core.SecurityContext, s conversion.Scope) error { - return autoConvert_v1_SecurityContext_To_core_SecurityContext(in, out, s) -} - -func autoConvert_core_SecurityContext_To_v1_SecurityContext(in *core.SecurityContext, out *v1.SecurityContext, s conversion.Scope) error { - out.Capabilities = (*v1.Capabilities)(unsafe.Pointer(in.Capabilities)) - out.Privileged = (*bool)(unsafe.Pointer(in.Privileged)) - out.SELinuxOptions = (*v1.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - out.WindowsOptions = (*v1.WindowsSecurityContextOptions)(unsafe.Pointer(in.WindowsOptions)) - out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser)) - out.RunAsGroup = (*int64)(unsafe.Pointer(in.RunAsGroup)) - out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot)) - out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem)) - out.AllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.AllowPrivilegeEscalation)) - out.ProcMount = (*v1.ProcMountType)(unsafe.Pointer(in.ProcMount)) - out.SeccompProfile = (*v1.SeccompProfile)(unsafe.Pointer(in.SeccompProfile)) - return nil -} - -// Convert_core_SecurityContext_To_v1_SecurityContext is an autogenerated conversion function. -func Convert_core_SecurityContext_To_v1_SecurityContext(in *core.SecurityContext, out *v1.SecurityContext, s conversion.Scope) error { - return autoConvert_core_SecurityContext_To_v1_SecurityContext(in, out, s) -} - -func autoConvert_v1_SerializedReference_To_core_SerializedReference(in *v1.SerializedReference, out *core.SerializedReference, s conversion.Scope) error { - if err := Convert_v1_ObjectReference_To_core_ObjectReference(&in.Reference, &out.Reference, s); err != nil { - return err - } - return nil -} - -// Convert_v1_SerializedReference_To_core_SerializedReference is an autogenerated conversion function. -func Convert_v1_SerializedReference_To_core_SerializedReference(in *v1.SerializedReference, out *core.SerializedReference, s conversion.Scope) error { - return autoConvert_v1_SerializedReference_To_core_SerializedReference(in, out, s) -} - -func autoConvert_core_SerializedReference_To_v1_SerializedReference(in *core.SerializedReference, out *v1.SerializedReference, s conversion.Scope) error { - if err := Convert_core_ObjectReference_To_v1_ObjectReference(&in.Reference, &out.Reference, s); err != nil { - return err - } - return nil -} - -// Convert_core_SerializedReference_To_v1_SerializedReference is an autogenerated conversion function. -func Convert_core_SerializedReference_To_v1_SerializedReference(in *core.SerializedReference, out *v1.SerializedReference, s conversion.Scope) error { - return autoConvert_core_SerializedReference_To_v1_SerializedReference(in, out, s) -} - -func autoConvert_v1_Service_To_core_Service(in *v1.Service, out *core.Service, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_ServiceSpec_To_core_ServiceSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_ServiceStatus_To_core_ServiceStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Service_To_core_Service is an autogenerated conversion function. -func Convert_v1_Service_To_core_Service(in *v1.Service, out *core.Service, s conversion.Scope) error { - return autoConvert_v1_Service_To_core_Service(in, out, s) -} - -func autoConvert_core_Service_To_v1_Service(in *core.Service, out *v1.Service, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_core_ServiceSpec_To_v1_ServiceSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_core_ServiceStatus_To_v1_ServiceStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_core_Service_To_v1_Service is an autogenerated conversion function. -func Convert_core_Service_To_v1_Service(in *core.Service, out *v1.Service, s conversion.Scope) error { - return autoConvert_core_Service_To_v1_Service(in, out, s) -} - -func autoConvert_v1_ServiceAccount_To_core_ServiceAccount(in *v1.ServiceAccount, out *core.ServiceAccount, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Secrets = *(*[]core.ObjectReference)(unsafe.Pointer(&in.Secrets)) - out.ImagePullSecrets = *(*[]core.LocalObjectReference)(unsafe.Pointer(&in.ImagePullSecrets)) - out.AutomountServiceAccountToken = (*bool)(unsafe.Pointer(in.AutomountServiceAccountToken)) - return nil -} - -// Convert_v1_ServiceAccount_To_core_ServiceAccount is an autogenerated conversion function. -func Convert_v1_ServiceAccount_To_core_ServiceAccount(in *v1.ServiceAccount, out *core.ServiceAccount, s conversion.Scope) error { - return autoConvert_v1_ServiceAccount_To_core_ServiceAccount(in, out, s) -} - -func autoConvert_core_ServiceAccount_To_v1_ServiceAccount(in *core.ServiceAccount, out *v1.ServiceAccount, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Secrets = *(*[]v1.ObjectReference)(unsafe.Pointer(&in.Secrets)) - out.ImagePullSecrets = *(*[]v1.LocalObjectReference)(unsafe.Pointer(&in.ImagePullSecrets)) - out.AutomountServiceAccountToken = (*bool)(unsafe.Pointer(in.AutomountServiceAccountToken)) - return nil -} - -// Convert_core_ServiceAccount_To_v1_ServiceAccount is an autogenerated conversion function. -func Convert_core_ServiceAccount_To_v1_ServiceAccount(in *core.ServiceAccount, out *v1.ServiceAccount, s conversion.Scope) error { - return autoConvert_core_ServiceAccount_To_v1_ServiceAccount(in, out, s) -} - -func autoConvert_v1_ServiceAccountList_To_core_ServiceAccountList(in *v1.ServiceAccountList, out *core.ServiceAccountList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]core.ServiceAccount)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_ServiceAccountList_To_core_ServiceAccountList is an autogenerated conversion function. -func Convert_v1_ServiceAccountList_To_core_ServiceAccountList(in *v1.ServiceAccountList, out *core.ServiceAccountList, s conversion.Scope) error { - return autoConvert_v1_ServiceAccountList_To_core_ServiceAccountList(in, out, s) -} - -func autoConvert_core_ServiceAccountList_To_v1_ServiceAccountList(in *core.ServiceAccountList, out *v1.ServiceAccountList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.ServiceAccount)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_core_ServiceAccountList_To_v1_ServiceAccountList is an autogenerated conversion function. -func Convert_core_ServiceAccountList_To_v1_ServiceAccountList(in *core.ServiceAccountList, out *v1.ServiceAccountList, s conversion.Scope) error { - return autoConvert_core_ServiceAccountList_To_v1_ServiceAccountList(in, out, s) -} - -func autoConvert_v1_ServiceAccountTokenProjection_To_core_ServiceAccountTokenProjection(in *v1.ServiceAccountTokenProjection, out *core.ServiceAccountTokenProjection, s conversion.Scope) error { - out.Audience = in.Audience - if err := metav1.Convert_Pointer_int64_To_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil { - return err - } - out.Path = in.Path - return nil -} - -// Convert_v1_ServiceAccountTokenProjection_To_core_ServiceAccountTokenProjection is an autogenerated conversion function. -func Convert_v1_ServiceAccountTokenProjection_To_core_ServiceAccountTokenProjection(in *v1.ServiceAccountTokenProjection, out *core.ServiceAccountTokenProjection, s conversion.Scope) error { - return autoConvert_v1_ServiceAccountTokenProjection_To_core_ServiceAccountTokenProjection(in, out, s) -} - -func autoConvert_core_ServiceAccountTokenProjection_To_v1_ServiceAccountTokenProjection(in *core.ServiceAccountTokenProjection, out *v1.ServiceAccountTokenProjection, s conversion.Scope) error { - out.Audience = in.Audience - if err := metav1.Convert_int64_To_Pointer_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil { - return err - } - out.Path = in.Path - return nil -} - -// Convert_core_ServiceAccountTokenProjection_To_v1_ServiceAccountTokenProjection is an autogenerated conversion function. -func Convert_core_ServiceAccountTokenProjection_To_v1_ServiceAccountTokenProjection(in *core.ServiceAccountTokenProjection, out *v1.ServiceAccountTokenProjection, s conversion.Scope) error { - return autoConvert_core_ServiceAccountTokenProjection_To_v1_ServiceAccountTokenProjection(in, out, s) -} - -func autoConvert_v1_ServiceList_To_core_ServiceList(in *v1.ServiceList, out *core.ServiceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.Service, len(*in)) - for i := range *in { - if err := Convert_v1_Service_To_core_Service(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_ServiceList_To_core_ServiceList is an autogenerated conversion function. -func Convert_v1_ServiceList_To_core_ServiceList(in *v1.ServiceList, out *core.ServiceList, s conversion.Scope) error { - return autoConvert_v1_ServiceList_To_core_ServiceList(in, out, s) -} - -func autoConvert_core_ServiceList_To_v1_ServiceList(in *core.ServiceList, out *v1.ServiceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.Service, len(*in)) - for i := range *in { - if err := Convert_core_Service_To_v1_Service(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_ServiceList_To_v1_ServiceList is an autogenerated conversion function. -func Convert_core_ServiceList_To_v1_ServiceList(in *core.ServiceList, out *v1.ServiceList, s conversion.Scope) error { - return autoConvert_core_ServiceList_To_v1_ServiceList(in, out, s) -} - -func autoConvert_v1_ServicePort_To_core_ServicePort(in *v1.ServicePort, out *core.ServicePort, s conversion.Scope) error { - out.Name = in.Name - out.Protocol = core.Protocol(in.Protocol) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - out.Port = in.Port - out.TargetPort = in.TargetPort - out.NodePort = in.NodePort - return nil -} - -// Convert_v1_ServicePort_To_core_ServicePort is an autogenerated conversion function. -func Convert_v1_ServicePort_To_core_ServicePort(in *v1.ServicePort, out *core.ServicePort, s conversion.Scope) error { - return autoConvert_v1_ServicePort_To_core_ServicePort(in, out, s) -} - -func autoConvert_core_ServicePort_To_v1_ServicePort(in *core.ServicePort, out *v1.ServicePort, s conversion.Scope) error { - out.Name = in.Name - out.Protocol = v1.Protocol(in.Protocol) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - out.Port = in.Port - out.TargetPort = in.TargetPort - out.NodePort = in.NodePort - return nil -} - -// Convert_core_ServicePort_To_v1_ServicePort is an autogenerated conversion function. -func Convert_core_ServicePort_To_v1_ServicePort(in *core.ServicePort, out *v1.ServicePort, s conversion.Scope) error { - return autoConvert_core_ServicePort_To_v1_ServicePort(in, out, s) -} - -func autoConvert_v1_ServiceProxyOptions_To_core_ServiceProxyOptions(in *v1.ServiceProxyOptions, out *core.ServiceProxyOptions, s conversion.Scope) error { - out.Path = in.Path - return nil -} - -// Convert_v1_ServiceProxyOptions_To_core_ServiceProxyOptions is an autogenerated conversion function. -func Convert_v1_ServiceProxyOptions_To_core_ServiceProxyOptions(in *v1.ServiceProxyOptions, out *core.ServiceProxyOptions, s conversion.Scope) error { - return autoConvert_v1_ServiceProxyOptions_To_core_ServiceProxyOptions(in, out, s) -} - -func autoConvert_core_ServiceProxyOptions_To_v1_ServiceProxyOptions(in *core.ServiceProxyOptions, out *v1.ServiceProxyOptions, s conversion.Scope) error { - out.Path = in.Path - return nil -} - -// Convert_core_ServiceProxyOptions_To_v1_ServiceProxyOptions is an autogenerated conversion function. -func Convert_core_ServiceProxyOptions_To_v1_ServiceProxyOptions(in *core.ServiceProxyOptions, out *v1.ServiceProxyOptions, s conversion.Scope) error { - return autoConvert_core_ServiceProxyOptions_To_v1_ServiceProxyOptions(in, out, s) -} - -func autoConvert_url_Values_To_v1_ServiceProxyOptions(in *url.Values, out *v1.ServiceProxyOptions, s conversion.Scope) error { - // WARNING: Field TypeMeta does not have json tag, skipping. - - if values, ok := map[string][]string(*in)["path"]; ok && len(values) > 0 { - if err := runtime.Convert_Slice_string_To_string(&values, &out.Path, s); err != nil { - return err - } - } else { - out.Path = "" - } - return nil -} - -// Convert_url_Values_To_v1_ServiceProxyOptions is an autogenerated conversion function. -func Convert_url_Values_To_v1_ServiceProxyOptions(in *url.Values, out *v1.ServiceProxyOptions, s conversion.Scope) error { - return autoConvert_url_Values_To_v1_ServiceProxyOptions(in, out, s) -} - -func autoConvert_v1_ServiceSpec_To_core_ServiceSpec(in *v1.ServiceSpec, out *core.ServiceSpec, s conversion.Scope) error { - out.Ports = *(*[]core.ServicePort)(unsafe.Pointer(&in.Ports)) - out.Selector = *(*map[string]string)(unsafe.Pointer(&in.Selector)) - out.ClusterIP = in.ClusterIP - out.ClusterIPs = *(*[]string)(unsafe.Pointer(&in.ClusterIPs)) - out.Type = core.ServiceType(in.Type) - out.ExternalIPs = *(*[]string)(unsafe.Pointer(&in.ExternalIPs)) - out.SessionAffinity = core.ServiceAffinity(in.SessionAffinity) - out.LoadBalancerIP = in.LoadBalancerIP - out.LoadBalancerSourceRanges = *(*[]string)(unsafe.Pointer(&in.LoadBalancerSourceRanges)) - out.ExternalName = in.ExternalName - out.ExternalTrafficPolicy = core.ServiceExternalTrafficPolicyType(in.ExternalTrafficPolicy) - out.HealthCheckNodePort = in.HealthCheckNodePort - out.PublishNotReadyAddresses = in.PublishNotReadyAddresses - out.SessionAffinityConfig = (*core.SessionAffinityConfig)(unsafe.Pointer(in.SessionAffinityConfig)) - out.IPFamilies = *(*[]core.IPFamily)(unsafe.Pointer(&in.IPFamilies)) - out.IPFamilyPolicy = (*core.IPFamilyPolicy)(unsafe.Pointer(in.IPFamilyPolicy)) - out.AllocateLoadBalancerNodePorts = (*bool)(unsafe.Pointer(in.AllocateLoadBalancerNodePorts)) - out.LoadBalancerClass = (*string)(unsafe.Pointer(in.LoadBalancerClass)) - out.InternalTrafficPolicy = (*core.ServiceInternalTrafficPolicyType)(unsafe.Pointer(in.InternalTrafficPolicy)) - return nil -} - -// Convert_v1_ServiceSpec_To_core_ServiceSpec is an autogenerated conversion function. -func Convert_v1_ServiceSpec_To_core_ServiceSpec(in *v1.ServiceSpec, out *core.ServiceSpec, s conversion.Scope) error { - return autoConvert_v1_ServiceSpec_To_core_ServiceSpec(in, out, s) -} - -func autoConvert_core_ServiceSpec_To_v1_ServiceSpec(in *core.ServiceSpec, out *v1.ServiceSpec, s conversion.Scope) error { - out.Type = v1.ServiceType(in.Type) - out.Ports = *(*[]v1.ServicePort)(unsafe.Pointer(&in.Ports)) - out.Selector = *(*map[string]string)(unsafe.Pointer(&in.Selector)) - out.ClusterIP = in.ClusterIP - out.ClusterIPs = *(*[]string)(unsafe.Pointer(&in.ClusterIPs)) - out.IPFamilies = *(*[]v1.IPFamily)(unsafe.Pointer(&in.IPFamilies)) - out.IPFamilyPolicy = (*v1.IPFamilyPolicy)(unsafe.Pointer(in.IPFamilyPolicy)) - out.ExternalName = in.ExternalName - out.ExternalIPs = *(*[]string)(unsafe.Pointer(&in.ExternalIPs)) - out.LoadBalancerIP = in.LoadBalancerIP - out.SessionAffinity = v1.ServiceAffinity(in.SessionAffinity) - out.SessionAffinityConfig = (*v1.SessionAffinityConfig)(unsafe.Pointer(in.SessionAffinityConfig)) - out.LoadBalancerSourceRanges = *(*[]string)(unsafe.Pointer(&in.LoadBalancerSourceRanges)) - out.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyType(in.ExternalTrafficPolicy) - out.HealthCheckNodePort = in.HealthCheckNodePort - out.PublishNotReadyAddresses = in.PublishNotReadyAddresses - out.AllocateLoadBalancerNodePorts = (*bool)(unsafe.Pointer(in.AllocateLoadBalancerNodePorts)) - out.LoadBalancerClass = (*string)(unsafe.Pointer(in.LoadBalancerClass)) - out.InternalTrafficPolicy = (*v1.ServiceInternalTrafficPolicyType)(unsafe.Pointer(in.InternalTrafficPolicy)) - return nil -} - -// Convert_core_ServiceSpec_To_v1_ServiceSpec is an autogenerated conversion function. -func Convert_core_ServiceSpec_To_v1_ServiceSpec(in *core.ServiceSpec, out *v1.ServiceSpec, s conversion.Scope) error { - return autoConvert_core_ServiceSpec_To_v1_ServiceSpec(in, out, s) -} - -func autoConvert_v1_ServiceStatus_To_core_ServiceStatus(in *v1.ServiceStatus, out *core.ServiceStatus, s conversion.Scope) error { - if err := Convert_v1_LoadBalancerStatus_To_core_LoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_ServiceStatus_To_core_ServiceStatus is an autogenerated conversion function. -func Convert_v1_ServiceStatus_To_core_ServiceStatus(in *v1.ServiceStatus, out *core.ServiceStatus, s conversion.Scope) error { - return autoConvert_v1_ServiceStatus_To_core_ServiceStatus(in, out, s) -} - -func autoConvert_core_ServiceStatus_To_v1_ServiceStatus(in *core.ServiceStatus, out *v1.ServiceStatus, s conversion.Scope) error { - if err := Convert_core_LoadBalancerStatus_To_v1_LoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_core_ServiceStatus_To_v1_ServiceStatus is an autogenerated conversion function. -func Convert_core_ServiceStatus_To_v1_ServiceStatus(in *core.ServiceStatus, out *v1.ServiceStatus, s conversion.Scope) error { - return autoConvert_core_ServiceStatus_To_v1_ServiceStatus(in, out, s) -} - -func autoConvert_v1_SessionAffinityConfig_To_core_SessionAffinityConfig(in *v1.SessionAffinityConfig, out *core.SessionAffinityConfig, s conversion.Scope) error { - out.ClientIP = (*core.ClientIPConfig)(unsafe.Pointer(in.ClientIP)) - return nil -} - -// Convert_v1_SessionAffinityConfig_To_core_SessionAffinityConfig is an autogenerated conversion function. -func Convert_v1_SessionAffinityConfig_To_core_SessionAffinityConfig(in *v1.SessionAffinityConfig, out *core.SessionAffinityConfig, s conversion.Scope) error { - return autoConvert_v1_SessionAffinityConfig_To_core_SessionAffinityConfig(in, out, s) -} - -func autoConvert_core_SessionAffinityConfig_To_v1_SessionAffinityConfig(in *core.SessionAffinityConfig, out *v1.SessionAffinityConfig, s conversion.Scope) error { - out.ClientIP = (*v1.ClientIPConfig)(unsafe.Pointer(in.ClientIP)) - return nil -} - -// Convert_core_SessionAffinityConfig_To_v1_SessionAffinityConfig is an autogenerated conversion function. -func Convert_core_SessionAffinityConfig_To_v1_SessionAffinityConfig(in *core.SessionAffinityConfig, out *v1.SessionAffinityConfig, s conversion.Scope) error { - return autoConvert_core_SessionAffinityConfig_To_v1_SessionAffinityConfig(in, out, s) -} - -func autoConvert_v1_StorageOSPersistentVolumeSource_To_core_StorageOSPersistentVolumeSource(in *v1.StorageOSPersistentVolumeSource, out *core.StorageOSPersistentVolumeSource, s conversion.Scope) error { - out.VolumeName = in.VolumeName - out.VolumeNamespace = in.VolumeNamespace - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*core.ObjectReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_v1_StorageOSPersistentVolumeSource_To_core_StorageOSPersistentVolumeSource is an autogenerated conversion function. -func Convert_v1_StorageOSPersistentVolumeSource_To_core_StorageOSPersistentVolumeSource(in *v1.StorageOSPersistentVolumeSource, out *core.StorageOSPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_v1_StorageOSPersistentVolumeSource_To_core_StorageOSPersistentVolumeSource(in, out, s) -} - -func autoConvert_core_StorageOSPersistentVolumeSource_To_v1_StorageOSPersistentVolumeSource(in *core.StorageOSPersistentVolumeSource, out *v1.StorageOSPersistentVolumeSource, s conversion.Scope) error { - out.VolumeName = in.VolumeName - out.VolumeNamespace = in.VolumeNamespace - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*v1.ObjectReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_core_StorageOSPersistentVolumeSource_To_v1_StorageOSPersistentVolumeSource is an autogenerated conversion function. -func Convert_core_StorageOSPersistentVolumeSource_To_v1_StorageOSPersistentVolumeSource(in *core.StorageOSPersistentVolumeSource, out *v1.StorageOSPersistentVolumeSource, s conversion.Scope) error { - return autoConvert_core_StorageOSPersistentVolumeSource_To_v1_StorageOSPersistentVolumeSource(in, out, s) -} - -func autoConvert_v1_StorageOSVolumeSource_To_core_StorageOSVolumeSource(in *v1.StorageOSVolumeSource, out *core.StorageOSVolumeSource, s conversion.Scope) error { - out.VolumeName = in.VolumeName - out.VolumeNamespace = in.VolumeNamespace - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*core.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_v1_StorageOSVolumeSource_To_core_StorageOSVolumeSource is an autogenerated conversion function. -func Convert_v1_StorageOSVolumeSource_To_core_StorageOSVolumeSource(in *v1.StorageOSVolumeSource, out *core.StorageOSVolumeSource, s conversion.Scope) error { - return autoConvert_v1_StorageOSVolumeSource_To_core_StorageOSVolumeSource(in, out, s) -} - -func autoConvert_core_StorageOSVolumeSource_To_v1_StorageOSVolumeSource(in *core.StorageOSVolumeSource, out *v1.StorageOSVolumeSource, s conversion.Scope) error { - out.VolumeName = in.VolumeName - out.VolumeNamespace = in.VolumeNamespace - out.FSType = in.FSType - out.ReadOnly = in.ReadOnly - out.SecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.SecretRef)) - return nil -} - -// Convert_core_StorageOSVolumeSource_To_v1_StorageOSVolumeSource is an autogenerated conversion function. -func Convert_core_StorageOSVolumeSource_To_v1_StorageOSVolumeSource(in *core.StorageOSVolumeSource, out *v1.StorageOSVolumeSource, s conversion.Scope) error { - return autoConvert_core_StorageOSVolumeSource_To_v1_StorageOSVolumeSource(in, out, s) -} - -func autoConvert_v1_Sysctl_To_core_Sysctl(in *v1.Sysctl, out *core.Sysctl, s conversion.Scope) error { - out.Name = in.Name - out.Value = in.Value - return nil -} - -// Convert_v1_Sysctl_To_core_Sysctl is an autogenerated conversion function. -func Convert_v1_Sysctl_To_core_Sysctl(in *v1.Sysctl, out *core.Sysctl, s conversion.Scope) error { - return autoConvert_v1_Sysctl_To_core_Sysctl(in, out, s) -} - -func autoConvert_core_Sysctl_To_v1_Sysctl(in *core.Sysctl, out *v1.Sysctl, s conversion.Scope) error { - out.Name = in.Name - out.Value = in.Value - return nil -} - -// Convert_core_Sysctl_To_v1_Sysctl is an autogenerated conversion function. -func Convert_core_Sysctl_To_v1_Sysctl(in *core.Sysctl, out *v1.Sysctl, s conversion.Scope) error { - return autoConvert_core_Sysctl_To_v1_Sysctl(in, out, s) -} - -func autoConvert_v1_TCPSocketAction_To_core_TCPSocketAction(in *v1.TCPSocketAction, out *core.TCPSocketAction, s conversion.Scope) error { - out.Port = in.Port - out.Host = in.Host - return nil -} - -// Convert_v1_TCPSocketAction_To_core_TCPSocketAction is an autogenerated conversion function. -func Convert_v1_TCPSocketAction_To_core_TCPSocketAction(in *v1.TCPSocketAction, out *core.TCPSocketAction, s conversion.Scope) error { - return autoConvert_v1_TCPSocketAction_To_core_TCPSocketAction(in, out, s) -} - -func autoConvert_core_TCPSocketAction_To_v1_TCPSocketAction(in *core.TCPSocketAction, out *v1.TCPSocketAction, s conversion.Scope) error { - out.Port = in.Port - out.Host = in.Host - return nil -} - -// Convert_core_TCPSocketAction_To_v1_TCPSocketAction is an autogenerated conversion function. -func Convert_core_TCPSocketAction_To_v1_TCPSocketAction(in *core.TCPSocketAction, out *v1.TCPSocketAction, s conversion.Scope) error { - return autoConvert_core_TCPSocketAction_To_v1_TCPSocketAction(in, out, s) -} - -func autoConvert_v1_Taint_To_core_Taint(in *v1.Taint, out *core.Taint, s conversion.Scope) error { - out.Key = in.Key - out.Value = in.Value - out.Effect = core.TaintEffect(in.Effect) - out.TimeAdded = (*metav1.Time)(unsafe.Pointer(in.TimeAdded)) - return nil -} - -// Convert_v1_Taint_To_core_Taint is an autogenerated conversion function. -func Convert_v1_Taint_To_core_Taint(in *v1.Taint, out *core.Taint, s conversion.Scope) error { - return autoConvert_v1_Taint_To_core_Taint(in, out, s) -} - -func autoConvert_core_Taint_To_v1_Taint(in *core.Taint, out *v1.Taint, s conversion.Scope) error { - out.Key = in.Key - out.Value = in.Value - out.Effect = v1.TaintEffect(in.Effect) - out.TimeAdded = (*metav1.Time)(unsafe.Pointer(in.TimeAdded)) - return nil -} - -// Convert_core_Taint_To_v1_Taint is an autogenerated conversion function. -func Convert_core_Taint_To_v1_Taint(in *core.Taint, out *v1.Taint, s conversion.Scope) error { - return autoConvert_core_Taint_To_v1_Taint(in, out, s) -} - -func autoConvert_v1_Toleration_To_core_Toleration(in *v1.Toleration, out *core.Toleration, s conversion.Scope) error { - out.Key = in.Key - out.Operator = core.TolerationOperator(in.Operator) - out.Value = in.Value - out.Effect = core.TaintEffect(in.Effect) - out.TolerationSeconds = (*int64)(unsafe.Pointer(in.TolerationSeconds)) - return nil -} - -// Convert_v1_Toleration_To_core_Toleration is an autogenerated conversion function. -func Convert_v1_Toleration_To_core_Toleration(in *v1.Toleration, out *core.Toleration, s conversion.Scope) error { - return autoConvert_v1_Toleration_To_core_Toleration(in, out, s) -} - -func autoConvert_core_Toleration_To_v1_Toleration(in *core.Toleration, out *v1.Toleration, s conversion.Scope) error { - out.Key = in.Key - out.Operator = v1.TolerationOperator(in.Operator) - out.Value = in.Value - out.Effect = v1.TaintEffect(in.Effect) - out.TolerationSeconds = (*int64)(unsafe.Pointer(in.TolerationSeconds)) - return nil -} - -// Convert_core_Toleration_To_v1_Toleration is an autogenerated conversion function. -func Convert_core_Toleration_To_v1_Toleration(in *core.Toleration, out *v1.Toleration, s conversion.Scope) error { - return autoConvert_core_Toleration_To_v1_Toleration(in, out, s) -} - -func autoConvert_v1_TopologySelectorLabelRequirement_To_core_TopologySelectorLabelRequirement(in *v1.TopologySelectorLabelRequirement, out *core.TopologySelectorLabelRequirement, s conversion.Scope) error { - out.Key = in.Key - out.Values = *(*[]string)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_v1_TopologySelectorLabelRequirement_To_core_TopologySelectorLabelRequirement is an autogenerated conversion function. -func Convert_v1_TopologySelectorLabelRequirement_To_core_TopologySelectorLabelRequirement(in *v1.TopologySelectorLabelRequirement, out *core.TopologySelectorLabelRequirement, s conversion.Scope) error { - return autoConvert_v1_TopologySelectorLabelRequirement_To_core_TopologySelectorLabelRequirement(in, out, s) -} - -func autoConvert_core_TopologySelectorLabelRequirement_To_v1_TopologySelectorLabelRequirement(in *core.TopologySelectorLabelRequirement, out *v1.TopologySelectorLabelRequirement, s conversion.Scope) error { - out.Key = in.Key - out.Values = *(*[]string)(unsafe.Pointer(&in.Values)) - return nil -} - -// Convert_core_TopologySelectorLabelRequirement_To_v1_TopologySelectorLabelRequirement is an autogenerated conversion function. -func Convert_core_TopologySelectorLabelRequirement_To_v1_TopologySelectorLabelRequirement(in *core.TopologySelectorLabelRequirement, out *v1.TopologySelectorLabelRequirement, s conversion.Scope) error { - return autoConvert_core_TopologySelectorLabelRequirement_To_v1_TopologySelectorLabelRequirement(in, out, s) -} - -func autoConvert_v1_TopologySelectorTerm_To_core_TopologySelectorTerm(in *v1.TopologySelectorTerm, out *core.TopologySelectorTerm, s conversion.Scope) error { - out.MatchLabelExpressions = *(*[]core.TopologySelectorLabelRequirement)(unsafe.Pointer(&in.MatchLabelExpressions)) - return nil -} - -// Convert_v1_TopologySelectorTerm_To_core_TopologySelectorTerm is an autogenerated conversion function. -func Convert_v1_TopologySelectorTerm_To_core_TopologySelectorTerm(in *v1.TopologySelectorTerm, out *core.TopologySelectorTerm, s conversion.Scope) error { - return autoConvert_v1_TopologySelectorTerm_To_core_TopologySelectorTerm(in, out, s) -} - -func autoConvert_core_TopologySelectorTerm_To_v1_TopologySelectorTerm(in *core.TopologySelectorTerm, out *v1.TopologySelectorTerm, s conversion.Scope) error { - out.MatchLabelExpressions = *(*[]v1.TopologySelectorLabelRequirement)(unsafe.Pointer(&in.MatchLabelExpressions)) - return nil -} - -// Convert_core_TopologySelectorTerm_To_v1_TopologySelectorTerm is an autogenerated conversion function. -func Convert_core_TopologySelectorTerm_To_v1_TopologySelectorTerm(in *core.TopologySelectorTerm, out *v1.TopologySelectorTerm, s conversion.Scope) error { - return autoConvert_core_TopologySelectorTerm_To_v1_TopologySelectorTerm(in, out, s) -} - -func autoConvert_v1_TopologySpreadConstraint_To_core_TopologySpreadConstraint(in *v1.TopologySpreadConstraint, out *core.TopologySpreadConstraint, s conversion.Scope) error { - out.MaxSkew = in.MaxSkew - out.TopologyKey = in.TopologyKey - out.WhenUnsatisfiable = core.UnsatisfiableConstraintAction(in.WhenUnsatisfiable) - out.LabelSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.LabelSelector)) - out.MinDomains = (*int32)(unsafe.Pointer(in.MinDomains)) - out.NodeAffinityPolicy = (*core.NodeInclusionPolicy)(unsafe.Pointer(in.NodeAffinityPolicy)) - out.NodeTaintsPolicy = (*core.NodeInclusionPolicy)(unsafe.Pointer(in.NodeTaintsPolicy)) - out.MatchLabelKeys = *(*[]string)(unsafe.Pointer(&in.MatchLabelKeys)) - return nil -} - -// Convert_v1_TopologySpreadConstraint_To_core_TopologySpreadConstraint is an autogenerated conversion function. -func Convert_v1_TopologySpreadConstraint_To_core_TopologySpreadConstraint(in *v1.TopologySpreadConstraint, out *core.TopologySpreadConstraint, s conversion.Scope) error { - return autoConvert_v1_TopologySpreadConstraint_To_core_TopologySpreadConstraint(in, out, s) -} - -func autoConvert_core_TopologySpreadConstraint_To_v1_TopologySpreadConstraint(in *core.TopologySpreadConstraint, out *v1.TopologySpreadConstraint, s conversion.Scope) error { - out.MaxSkew = in.MaxSkew - out.TopologyKey = in.TopologyKey - out.WhenUnsatisfiable = v1.UnsatisfiableConstraintAction(in.WhenUnsatisfiable) - out.LabelSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.LabelSelector)) - out.MinDomains = (*int32)(unsafe.Pointer(in.MinDomains)) - out.NodeAffinityPolicy = (*v1.NodeInclusionPolicy)(unsafe.Pointer(in.NodeAffinityPolicy)) - out.NodeTaintsPolicy = (*v1.NodeInclusionPolicy)(unsafe.Pointer(in.NodeTaintsPolicy)) - out.MatchLabelKeys = *(*[]string)(unsafe.Pointer(&in.MatchLabelKeys)) - return nil -} - -// Convert_core_TopologySpreadConstraint_To_v1_TopologySpreadConstraint is an autogenerated conversion function. -func Convert_core_TopologySpreadConstraint_To_v1_TopologySpreadConstraint(in *core.TopologySpreadConstraint, out *v1.TopologySpreadConstraint, s conversion.Scope) error { - return autoConvert_core_TopologySpreadConstraint_To_v1_TopologySpreadConstraint(in, out, s) -} - -func autoConvert_v1_TypedLocalObjectReference_To_core_TypedLocalObjectReference(in *v1.TypedLocalObjectReference, out *core.TypedLocalObjectReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_v1_TypedLocalObjectReference_To_core_TypedLocalObjectReference is an autogenerated conversion function. -func Convert_v1_TypedLocalObjectReference_To_core_TypedLocalObjectReference(in *v1.TypedLocalObjectReference, out *core.TypedLocalObjectReference, s conversion.Scope) error { - return autoConvert_v1_TypedLocalObjectReference_To_core_TypedLocalObjectReference(in, out, s) -} - -func autoConvert_core_TypedLocalObjectReference_To_v1_TypedLocalObjectReference(in *core.TypedLocalObjectReference, out *v1.TypedLocalObjectReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_core_TypedLocalObjectReference_To_v1_TypedLocalObjectReference is an autogenerated conversion function. -func Convert_core_TypedLocalObjectReference_To_v1_TypedLocalObjectReference(in *core.TypedLocalObjectReference, out *v1.TypedLocalObjectReference, s conversion.Scope) error { - return autoConvert_core_TypedLocalObjectReference_To_v1_TypedLocalObjectReference(in, out, s) -} - -func autoConvert_v1_TypedObjectReference_To_core_TypedObjectReference(in *v1.TypedObjectReference, out *core.TypedObjectReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - out.Namespace = (*string)(unsafe.Pointer(in.Namespace)) - return nil -} - -// Convert_v1_TypedObjectReference_To_core_TypedObjectReference is an autogenerated conversion function. -func Convert_v1_TypedObjectReference_To_core_TypedObjectReference(in *v1.TypedObjectReference, out *core.TypedObjectReference, s conversion.Scope) error { - return autoConvert_v1_TypedObjectReference_To_core_TypedObjectReference(in, out, s) -} - -func autoConvert_core_TypedObjectReference_To_v1_TypedObjectReference(in *core.TypedObjectReference, out *v1.TypedObjectReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - out.Namespace = (*string)(unsafe.Pointer(in.Namespace)) - return nil -} - -// Convert_core_TypedObjectReference_To_v1_TypedObjectReference is an autogenerated conversion function. -func Convert_core_TypedObjectReference_To_v1_TypedObjectReference(in *core.TypedObjectReference, out *v1.TypedObjectReference, s conversion.Scope) error { - return autoConvert_core_TypedObjectReference_To_v1_TypedObjectReference(in, out, s) -} - -func autoConvert_v1_Volume_To_core_Volume(in *v1.Volume, out *core.Volume, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1_VolumeSource_To_core_VolumeSource(&in.VolumeSource, &out.VolumeSource, s); err != nil { - return err - } - return nil -} - -func autoConvert_core_Volume_To_v1_Volume(in *core.Volume, out *v1.Volume, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_core_VolumeSource_To_v1_VolumeSource(&in.VolumeSource, &out.VolumeSource, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1_VolumeDevice_To_core_VolumeDevice(in *v1.VolumeDevice, out *core.VolumeDevice, s conversion.Scope) error { - out.Name = in.Name - out.DevicePath = in.DevicePath - return nil -} - -// Convert_v1_VolumeDevice_To_core_VolumeDevice is an autogenerated conversion function. -func Convert_v1_VolumeDevice_To_core_VolumeDevice(in *v1.VolumeDevice, out *core.VolumeDevice, s conversion.Scope) error { - return autoConvert_v1_VolumeDevice_To_core_VolumeDevice(in, out, s) -} - -func autoConvert_core_VolumeDevice_To_v1_VolumeDevice(in *core.VolumeDevice, out *v1.VolumeDevice, s conversion.Scope) error { - out.Name = in.Name - out.DevicePath = in.DevicePath - return nil -} - -// Convert_core_VolumeDevice_To_v1_VolumeDevice is an autogenerated conversion function. -func Convert_core_VolumeDevice_To_v1_VolumeDevice(in *core.VolumeDevice, out *v1.VolumeDevice, s conversion.Scope) error { - return autoConvert_core_VolumeDevice_To_v1_VolumeDevice(in, out, s) -} - -func autoConvert_v1_VolumeMount_To_core_VolumeMount(in *v1.VolumeMount, out *core.VolumeMount, s conversion.Scope) error { - out.Name = in.Name - out.ReadOnly = in.ReadOnly - out.MountPath = in.MountPath - out.SubPath = in.SubPath - out.MountPropagation = (*core.MountPropagationMode)(unsafe.Pointer(in.MountPropagation)) - out.SubPathExpr = in.SubPathExpr - return nil -} - -// Convert_v1_VolumeMount_To_core_VolumeMount is an autogenerated conversion function. -func Convert_v1_VolumeMount_To_core_VolumeMount(in *v1.VolumeMount, out *core.VolumeMount, s conversion.Scope) error { - return autoConvert_v1_VolumeMount_To_core_VolumeMount(in, out, s) -} - -func autoConvert_core_VolumeMount_To_v1_VolumeMount(in *core.VolumeMount, out *v1.VolumeMount, s conversion.Scope) error { - out.Name = in.Name - out.ReadOnly = in.ReadOnly - out.MountPath = in.MountPath - out.SubPath = in.SubPath - out.MountPropagation = (*v1.MountPropagationMode)(unsafe.Pointer(in.MountPropagation)) - out.SubPathExpr = in.SubPathExpr - return nil -} - -// Convert_core_VolumeMount_To_v1_VolumeMount is an autogenerated conversion function. -func Convert_core_VolumeMount_To_v1_VolumeMount(in *core.VolumeMount, out *v1.VolumeMount, s conversion.Scope) error { - return autoConvert_core_VolumeMount_To_v1_VolumeMount(in, out, s) -} - -func autoConvert_v1_VolumeNodeAffinity_To_core_VolumeNodeAffinity(in *v1.VolumeNodeAffinity, out *core.VolumeNodeAffinity, s conversion.Scope) error { - out.Required = (*core.NodeSelector)(unsafe.Pointer(in.Required)) - return nil -} - -// Convert_v1_VolumeNodeAffinity_To_core_VolumeNodeAffinity is an autogenerated conversion function. -func Convert_v1_VolumeNodeAffinity_To_core_VolumeNodeAffinity(in *v1.VolumeNodeAffinity, out *core.VolumeNodeAffinity, s conversion.Scope) error { - return autoConvert_v1_VolumeNodeAffinity_To_core_VolumeNodeAffinity(in, out, s) -} - -func autoConvert_core_VolumeNodeAffinity_To_v1_VolumeNodeAffinity(in *core.VolumeNodeAffinity, out *v1.VolumeNodeAffinity, s conversion.Scope) error { - out.Required = (*v1.NodeSelector)(unsafe.Pointer(in.Required)) - return nil -} - -// Convert_core_VolumeNodeAffinity_To_v1_VolumeNodeAffinity is an autogenerated conversion function. -func Convert_core_VolumeNodeAffinity_To_v1_VolumeNodeAffinity(in *core.VolumeNodeAffinity, out *v1.VolumeNodeAffinity, s conversion.Scope) error { - return autoConvert_core_VolumeNodeAffinity_To_v1_VolumeNodeAffinity(in, out, s) -} - -func autoConvert_v1_VolumeProjection_To_core_VolumeProjection(in *v1.VolumeProjection, out *core.VolumeProjection, s conversion.Scope) error { - out.Secret = (*core.SecretProjection)(unsafe.Pointer(in.Secret)) - out.DownwardAPI = (*core.DownwardAPIProjection)(unsafe.Pointer(in.DownwardAPI)) - out.ConfigMap = (*core.ConfigMapProjection)(unsafe.Pointer(in.ConfigMap)) - if in.ServiceAccountToken != nil { - in, out := &in.ServiceAccountToken, &out.ServiceAccountToken - *out = new(core.ServiceAccountTokenProjection) - if err := Convert_v1_ServiceAccountTokenProjection_To_core_ServiceAccountTokenProjection(*in, *out, s); err != nil { - return err - } - } else { - out.ServiceAccountToken = nil - } - return nil -} - -// Convert_v1_VolumeProjection_To_core_VolumeProjection is an autogenerated conversion function. -func Convert_v1_VolumeProjection_To_core_VolumeProjection(in *v1.VolumeProjection, out *core.VolumeProjection, s conversion.Scope) error { - return autoConvert_v1_VolumeProjection_To_core_VolumeProjection(in, out, s) -} - -func autoConvert_core_VolumeProjection_To_v1_VolumeProjection(in *core.VolumeProjection, out *v1.VolumeProjection, s conversion.Scope) error { - out.Secret = (*v1.SecretProjection)(unsafe.Pointer(in.Secret)) - out.DownwardAPI = (*v1.DownwardAPIProjection)(unsafe.Pointer(in.DownwardAPI)) - out.ConfigMap = (*v1.ConfigMapProjection)(unsafe.Pointer(in.ConfigMap)) - if in.ServiceAccountToken != nil { - in, out := &in.ServiceAccountToken, &out.ServiceAccountToken - *out = new(v1.ServiceAccountTokenProjection) - if err := Convert_core_ServiceAccountTokenProjection_To_v1_ServiceAccountTokenProjection(*in, *out, s); err != nil { - return err - } - } else { - out.ServiceAccountToken = nil - } - return nil -} - -// Convert_core_VolumeProjection_To_v1_VolumeProjection is an autogenerated conversion function. -func Convert_core_VolumeProjection_To_v1_VolumeProjection(in *core.VolumeProjection, out *v1.VolumeProjection, s conversion.Scope) error { - return autoConvert_core_VolumeProjection_To_v1_VolumeProjection(in, out, s) -} - -func autoConvert_v1_VolumeSource_To_core_VolumeSource(in *v1.VolumeSource, out *core.VolumeSource, s conversion.Scope) error { - out.HostPath = (*core.HostPathVolumeSource)(unsafe.Pointer(in.HostPath)) - out.EmptyDir = (*core.EmptyDirVolumeSource)(unsafe.Pointer(in.EmptyDir)) - out.GCEPersistentDisk = (*core.GCEPersistentDiskVolumeSource)(unsafe.Pointer(in.GCEPersistentDisk)) - out.AWSElasticBlockStore = (*core.AWSElasticBlockStoreVolumeSource)(unsafe.Pointer(in.AWSElasticBlockStore)) - out.GitRepo = (*core.GitRepoVolumeSource)(unsafe.Pointer(in.GitRepo)) - out.Secret = (*core.SecretVolumeSource)(unsafe.Pointer(in.Secret)) - out.NFS = (*core.NFSVolumeSource)(unsafe.Pointer(in.NFS)) - out.ISCSI = (*core.ISCSIVolumeSource)(unsafe.Pointer(in.ISCSI)) - out.Glusterfs = (*core.GlusterfsVolumeSource)(unsafe.Pointer(in.Glusterfs)) - out.PersistentVolumeClaim = (*core.PersistentVolumeClaimVolumeSource)(unsafe.Pointer(in.PersistentVolumeClaim)) - out.RBD = (*core.RBDVolumeSource)(unsafe.Pointer(in.RBD)) - out.FlexVolume = (*core.FlexVolumeSource)(unsafe.Pointer(in.FlexVolume)) - out.Cinder = (*core.CinderVolumeSource)(unsafe.Pointer(in.Cinder)) - out.CephFS = (*core.CephFSVolumeSource)(unsafe.Pointer(in.CephFS)) - out.Flocker = (*core.FlockerVolumeSource)(unsafe.Pointer(in.Flocker)) - out.DownwardAPI = (*core.DownwardAPIVolumeSource)(unsafe.Pointer(in.DownwardAPI)) - out.FC = (*core.FCVolumeSource)(unsafe.Pointer(in.FC)) - out.AzureFile = (*core.AzureFileVolumeSource)(unsafe.Pointer(in.AzureFile)) - out.ConfigMap = (*core.ConfigMapVolumeSource)(unsafe.Pointer(in.ConfigMap)) - out.VsphereVolume = (*core.VsphereVirtualDiskVolumeSource)(unsafe.Pointer(in.VsphereVolume)) - out.Quobyte = (*core.QuobyteVolumeSource)(unsafe.Pointer(in.Quobyte)) - out.AzureDisk = (*core.AzureDiskVolumeSource)(unsafe.Pointer(in.AzureDisk)) - out.PhotonPersistentDisk = (*core.PhotonPersistentDiskVolumeSource)(unsafe.Pointer(in.PhotonPersistentDisk)) - if in.Projected != nil { - in, out := &in.Projected, &out.Projected - *out = new(core.ProjectedVolumeSource) - if err := Convert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource(*in, *out, s); err != nil { - return err - } - } else { - out.Projected = nil - } - out.PortworxVolume = (*core.PortworxVolumeSource)(unsafe.Pointer(in.PortworxVolume)) - out.ScaleIO = (*core.ScaleIOVolumeSource)(unsafe.Pointer(in.ScaleIO)) - out.StorageOS = (*core.StorageOSVolumeSource)(unsafe.Pointer(in.StorageOS)) - out.CSI = (*core.CSIVolumeSource)(unsafe.Pointer(in.CSI)) - out.Ephemeral = (*core.EphemeralVolumeSource)(unsafe.Pointer(in.Ephemeral)) - return nil -} - -// Convert_v1_VolumeSource_To_core_VolumeSource is an autogenerated conversion function. -func Convert_v1_VolumeSource_To_core_VolumeSource(in *v1.VolumeSource, out *core.VolumeSource, s conversion.Scope) error { - return autoConvert_v1_VolumeSource_To_core_VolumeSource(in, out, s) -} - -func autoConvert_core_VolumeSource_To_v1_VolumeSource(in *core.VolumeSource, out *v1.VolumeSource, s conversion.Scope) error { - out.HostPath = (*v1.HostPathVolumeSource)(unsafe.Pointer(in.HostPath)) - out.EmptyDir = (*v1.EmptyDirVolumeSource)(unsafe.Pointer(in.EmptyDir)) - out.GCEPersistentDisk = (*v1.GCEPersistentDiskVolumeSource)(unsafe.Pointer(in.GCEPersistentDisk)) - out.AWSElasticBlockStore = (*v1.AWSElasticBlockStoreVolumeSource)(unsafe.Pointer(in.AWSElasticBlockStore)) - out.GitRepo = (*v1.GitRepoVolumeSource)(unsafe.Pointer(in.GitRepo)) - out.Secret = (*v1.SecretVolumeSource)(unsafe.Pointer(in.Secret)) - out.NFS = (*v1.NFSVolumeSource)(unsafe.Pointer(in.NFS)) - out.ISCSI = (*v1.ISCSIVolumeSource)(unsafe.Pointer(in.ISCSI)) - out.Glusterfs = (*v1.GlusterfsVolumeSource)(unsafe.Pointer(in.Glusterfs)) - out.PersistentVolumeClaim = (*v1.PersistentVolumeClaimVolumeSource)(unsafe.Pointer(in.PersistentVolumeClaim)) - out.RBD = (*v1.RBDVolumeSource)(unsafe.Pointer(in.RBD)) - out.Quobyte = (*v1.QuobyteVolumeSource)(unsafe.Pointer(in.Quobyte)) - out.FlexVolume = (*v1.FlexVolumeSource)(unsafe.Pointer(in.FlexVolume)) - out.Cinder = (*v1.CinderVolumeSource)(unsafe.Pointer(in.Cinder)) - out.CephFS = (*v1.CephFSVolumeSource)(unsafe.Pointer(in.CephFS)) - out.Flocker = (*v1.FlockerVolumeSource)(unsafe.Pointer(in.Flocker)) - out.DownwardAPI = (*v1.DownwardAPIVolumeSource)(unsafe.Pointer(in.DownwardAPI)) - out.FC = (*v1.FCVolumeSource)(unsafe.Pointer(in.FC)) - out.AzureFile = (*v1.AzureFileVolumeSource)(unsafe.Pointer(in.AzureFile)) - out.ConfigMap = (*v1.ConfigMapVolumeSource)(unsafe.Pointer(in.ConfigMap)) - out.VsphereVolume = (*v1.VsphereVirtualDiskVolumeSource)(unsafe.Pointer(in.VsphereVolume)) - out.AzureDisk = (*v1.AzureDiskVolumeSource)(unsafe.Pointer(in.AzureDisk)) - out.PhotonPersistentDisk = (*v1.PhotonPersistentDiskVolumeSource)(unsafe.Pointer(in.PhotonPersistentDisk)) - if in.Projected != nil { - in, out := &in.Projected, &out.Projected - *out = new(v1.ProjectedVolumeSource) - if err := Convert_core_ProjectedVolumeSource_To_v1_ProjectedVolumeSource(*in, *out, s); err != nil { - return err - } - } else { - out.Projected = nil - } - out.PortworxVolume = (*v1.PortworxVolumeSource)(unsafe.Pointer(in.PortworxVolume)) - out.ScaleIO = (*v1.ScaleIOVolumeSource)(unsafe.Pointer(in.ScaleIO)) - out.StorageOS = (*v1.StorageOSVolumeSource)(unsafe.Pointer(in.StorageOS)) - out.CSI = (*v1.CSIVolumeSource)(unsafe.Pointer(in.CSI)) - out.Ephemeral = (*v1.EphemeralVolumeSource)(unsafe.Pointer(in.Ephemeral)) - return nil -} - -// Convert_core_VolumeSource_To_v1_VolumeSource is an autogenerated conversion function. -func Convert_core_VolumeSource_To_v1_VolumeSource(in *core.VolumeSource, out *v1.VolumeSource, s conversion.Scope) error { - return autoConvert_core_VolumeSource_To_v1_VolumeSource(in, out, s) -} - -func autoConvert_v1_VsphereVirtualDiskVolumeSource_To_core_VsphereVirtualDiskVolumeSource(in *v1.VsphereVirtualDiskVolumeSource, out *core.VsphereVirtualDiskVolumeSource, s conversion.Scope) error { - out.VolumePath = in.VolumePath - out.FSType = in.FSType - out.StoragePolicyName = in.StoragePolicyName - out.StoragePolicyID = in.StoragePolicyID - return nil -} - -// Convert_v1_VsphereVirtualDiskVolumeSource_To_core_VsphereVirtualDiskVolumeSource is an autogenerated conversion function. -func Convert_v1_VsphereVirtualDiskVolumeSource_To_core_VsphereVirtualDiskVolumeSource(in *v1.VsphereVirtualDiskVolumeSource, out *core.VsphereVirtualDiskVolumeSource, s conversion.Scope) error { - return autoConvert_v1_VsphereVirtualDiskVolumeSource_To_core_VsphereVirtualDiskVolumeSource(in, out, s) -} - -func autoConvert_core_VsphereVirtualDiskVolumeSource_To_v1_VsphereVirtualDiskVolumeSource(in *core.VsphereVirtualDiskVolumeSource, out *v1.VsphereVirtualDiskVolumeSource, s conversion.Scope) error { - out.VolumePath = in.VolumePath - out.FSType = in.FSType - out.StoragePolicyName = in.StoragePolicyName - out.StoragePolicyID = in.StoragePolicyID - return nil -} - -// Convert_core_VsphereVirtualDiskVolumeSource_To_v1_VsphereVirtualDiskVolumeSource is an autogenerated conversion function. -func Convert_core_VsphereVirtualDiskVolumeSource_To_v1_VsphereVirtualDiskVolumeSource(in *core.VsphereVirtualDiskVolumeSource, out *v1.VsphereVirtualDiskVolumeSource, s conversion.Scope) error { - return autoConvert_core_VsphereVirtualDiskVolumeSource_To_v1_VsphereVirtualDiskVolumeSource(in, out, s) -} - -func autoConvert_v1_WeightedPodAffinityTerm_To_core_WeightedPodAffinityTerm(in *v1.WeightedPodAffinityTerm, out *core.WeightedPodAffinityTerm, s conversion.Scope) error { - out.Weight = in.Weight - if err := Convert_v1_PodAffinityTerm_To_core_PodAffinityTerm(&in.PodAffinityTerm, &out.PodAffinityTerm, s); err != nil { - return err - } - return nil -} - -// Convert_v1_WeightedPodAffinityTerm_To_core_WeightedPodAffinityTerm is an autogenerated conversion function. -func Convert_v1_WeightedPodAffinityTerm_To_core_WeightedPodAffinityTerm(in *v1.WeightedPodAffinityTerm, out *core.WeightedPodAffinityTerm, s conversion.Scope) error { - return autoConvert_v1_WeightedPodAffinityTerm_To_core_WeightedPodAffinityTerm(in, out, s) -} - -func autoConvert_core_WeightedPodAffinityTerm_To_v1_WeightedPodAffinityTerm(in *core.WeightedPodAffinityTerm, out *v1.WeightedPodAffinityTerm, s conversion.Scope) error { - out.Weight = in.Weight - if err := Convert_core_PodAffinityTerm_To_v1_PodAffinityTerm(&in.PodAffinityTerm, &out.PodAffinityTerm, s); err != nil { - return err - } - return nil -} - -// Convert_core_WeightedPodAffinityTerm_To_v1_WeightedPodAffinityTerm is an autogenerated conversion function. -func Convert_core_WeightedPodAffinityTerm_To_v1_WeightedPodAffinityTerm(in *core.WeightedPodAffinityTerm, out *v1.WeightedPodAffinityTerm, s conversion.Scope) error { - return autoConvert_core_WeightedPodAffinityTerm_To_v1_WeightedPodAffinityTerm(in, out, s) -} - -func autoConvert_v1_WindowsSecurityContextOptions_To_core_WindowsSecurityContextOptions(in *v1.WindowsSecurityContextOptions, out *core.WindowsSecurityContextOptions, s conversion.Scope) error { - out.GMSACredentialSpecName = (*string)(unsafe.Pointer(in.GMSACredentialSpecName)) - out.GMSACredentialSpec = (*string)(unsafe.Pointer(in.GMSACredentialSpec)) - out.RunAsUserName = (*string)(unsafe.Pointer(in.RunAsUserName)) - out.HostProcess = (*bool)(unsafe.Pointer(in.HostProcess)) - return nil -} - -// Convert_v1_WindowsSecurityContextOptions_To_core_WindowsSecurityContextOptions is an autogenerated conversion function. -func Convert_v1_WindowsSecurityContextOptions_To_core_WindowsSecurityContextOptions(in *v1.WindowsSecurityContextOptions, out *core.WindowsSecurityContextOptions, s conversion.Scope) error { - return autoConvert_v1_WindowsSecurityContextOptions_To_core_WindowsSecurityContextOptions(in, out, s) -} - -func autoConvert_core_WindowsSecurityContextOptions_To_v1_WindowsSecurityContextOptions(in *core.WindowsSecurityContextOptions, out *v1.WindowsSecurityContextOptions, s conversion.Scope) error { - out.GMSACredentialSpecName = (*string)(unsafe.Pointer(in.GMSACredentialSpecName)) - out.GMSACredentialSpec = (*string)(unsafe.Pointer(in.GMSACredentialSpec)) - out.RunAsUserName = (*string)(unsafe.Pointer(in.RunAsUserName)) - out.HostProcess = (*bool)(unsafe.Pointer(in.HostProcess)) - return nil -} - -// Convert_core_WindowsSecurityContextOptions_To_v1_WindowsSecurityContextOptions is an autogenerated conversion function. -func Convert_core_WindowsSecurityContextOptions_To_v1_WindowsSecurityContextOptions(in *core.WindowsSecurityContextOptions, out *v1.WindowsSecurityContextOptions, s conversion.Scope) error { - return autoConvert_core_WindowsSecurityContextOptions_To_v1_WindowsSecurityContextOptions(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.defaults.go deleted file mode 100644 index 7706bbf9af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.defaults.go +++ /dev/null @@ -1,1040 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.ConfigMap{}, func(obj interface{}) { SetObjectDefaults_ConfigMap(obj.(*v1.ConfigMap)) }) - scheme.AddTypeDefaultingFunc(&v1.ConfigMapList{}, func(obj interface{}) { SetObjectDefaults_ConfigMapList(obj.(*v1.ConfigMapList)) }) - scheme.AddTypeDefaultingFunc(&v1.Endpoints{}, func(obj interface{}) { SetObjectDefaults_Endpoints(obj.(*v1.Endpoints)) }) - scheme.AddTypeDefaultingFunc(&v1.EndpointsList{}, func(obj interface{}) { SetObjectDefaults_EndpointsList(obj.(*v1.EndpointsList)) }) - scheme.AddTypeDefaultingFunc(&v1.LimitRange{}, func(obj interface{}) { SetObjectDefaults_LimitRange(obj.(*v1.LimitRange)) }) - scheme.AddTypeDefaultingFunc(&v1.LimitRangeList{}, func(obj interface{}) { SetObjectDefaults_LimitRangeList(obj.(*v1.LimitRangeList)) }) - scheme.AddTypeDefaultingFunc(&v1.Namespace{}, func(obj interface{}) { SetObjectDefaults_Namespace(obj.(*v1.Namespace)) }) - scheme.AddTypeDefaultingFunc(&v1.NamespaceList{}, func(obj interface{}) { SetObjectDefaults_NamespaceList(obj.(*v1.NamespaceList)) }) - scheme.AddTypeDefaultingFunc(&v1.Node{}, func(obj interface{}) { SetObjectDefaults_Node(obj.(*v1.Node)) }) - scheme.AddTypeDefaultingFunc(&v1.NodeList{}, func(obj interface{}) { SetObjectDefaults_NodeList(obj.(*v1.NodeList)) }) - scheme.AddTypeDefaultingFunc(&v1.PersistentVolume{}, func(obj interface{}) { SetObjectDefaults_PersistentVolume(obj.(*v1.PersistentVolume)) }) - scheme.AddTypeDefaultingFunc(&v1.PersistentVolumeClaim{}, func(obj interface{}) { SetObjectDefaults_PersistentVolumeClaim(obj.(*v1.PersistentVolumeClaim)) }) - scheme.AddTypeDefaultingFunc(&v1.PersistentVolumeClaimList{}, func(obj interface{}) { - SetObjectDefaults_PersistentVolumeClaimList(obj.(*v1.PersistentVolumeClaimList)) - }) - scheme.AddTypeDefaultingFunc(&v1.PersistentVolumeList{}, func(obj interface{}) { SetObjectDefaults_PersistentVolumeList(obj.(*v1.PersistentVolumeList)) }) - scheme.AddTypeDefaultingFunc(&v1.Pod{}, func(obj interface{}) { SetObjectDefaults_Pod(obj.(*v1.Pod)) }) - scheme.AddTypeDefaultingFunc(&v1.PodList{}, func(obj interface{}) { SetObjectDefaults_PodList(obj.(*v1.PodList)) }) - scheme.AddTypeDefaultingFunc(&v1.PodTemplate{}, func(obj interface{}) { SetObjectDefaults_PodTemplate(obj.(*v1.PodTemplate)) }) - scheme.AddTypeDefaultingFunc(&v1.PodTemplateList{}, func(obj interface{}) { SetObjectDefaults_PodTemplateList(obj.(*v1.PodTemplateList)) }) - scheme.AddTypeDefaultingFunc(&v1.ReplicationController{}, func(obj interface{}) { SetObjectDefaults_ReplicationController(obj.(*v1.ReplicationController)) }) - scheme.AddTypeDefaultingFunc(&v1.ReplicationControllerList{}, func(obj interface{}) { - SetObjectDefaults_ReplicationControllerList(obj.(*v1.ReplicationControllerList)) - }) - scheme.AddTypeDefaultingFunc(&v1.ResourceQuota{}, func(obj interface{}) { SetObjectDefaults_ResourceQuota(obj.(*v1.ResourceQuota)) }) - scheme.AddTypeDefaultingFunc(&v1.ResourceQuotaList{}, func(obj interface{}) { SetObjectDefaults_ResourceQuotaList(obj.(*v1.ResourceQuotaList)) }) - scheme.AddTypeDefaultingFunc(&v1.Secret{}, func(obj interface{}) { SetObjectDefaults_Secret(obj.(*v1.Secret)) }) - scheme.AddTypeDefaultingFunc(&v1.SecretList{}, func(obj interface{}) { SetObjectDefaults_SecretList(obj.(*v1.SecretList)) }) - scheme.AddTypeDefaultingFunc(&v1.Service{}, func(obj interface{}) { SetObjectDefaults_Service(obj.(*v1.Service)) }) - scheme.AddTypeDefaultingFunc(&v1.ServiceList{}, func(obj interface{}) { SetObjectDefaults_ServiceList(obj.(*v1.ServiceList)) }) - return nil -} - -func SetObjectDefaults_ConfigMap(in *v1.ConfigMap) { - SetDefaults_ConfigMap(in) -} - -func SetObjectDefaults_ConfigMapList(in *v1.ConfigMapList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ConfigMap(a) - } -} - -func SetObjectDefaults_Endpoints(in *v1.Endpoints) { - SetDefaults_Endpoints(in) -} - -func SetObjectDefaults_EndpointsList(in *v1.EndpointsList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Endpoints(a) - } -} - -func SetObjectDefaults_LimitRange(in *v1.LimitRange) { - for i := range in.Spec.Limits { - a := &in.Spec.Limits[i] - SetDefaults_LimitRangeItem(a) - SetDefaults_ResourceList(&a.Max) - SetDefaults_ResourceList(&a.Min) - SetDefaults_ResourceList(&a.Default) - SetDefaults_ResourceList(&a.DefaultRequest) - SetDefaults_ResourceList(&a.MaxLimitRequestRatio) - } -} - -func SetObjectDefaults_LimitRangeList(in *v1.LimitRangeList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_LimitRange(a) - } -} - -func SetObjectDefaults_Namespace(in *v1.Namespace) { - SetDefaults_Namespace(in) - SetDefaults_NamespaceStatus(&in.Status) -} - -func SetObjectDefaults_NamespaceList(in *v1.NamespaceList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Namespace(a) - } -} - -func SetObjectDefaults_Node(in *v1.Node) { - SetDefaults_NodeStatus(&in.Status) - SetDefaults_ResourceList(&in.Status.Capacity) - SetDefaults_ResourceList(&in.Status.Allocatable) -} - -func SetObjectDefaults_NodeList(in *v1.NodeList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Node(a) - } -} - -func SetObjectDefaults_PersistentVolume(in *v1.PersistentVolume) { - SetDefaults_PersistentVolume(in) - SetDefaults_ResourceList(&in.Spec.Capacity) - if in.Spec.PersistentVolumeSource.HostPath != nil { - SetDefaults_HostPathVolumeSource(in.Spec.PersistentVolumeSource.HostPath) - } - if in.Spec.PersistentVolumeSource.RBD != nil { - SetDefaults_RBDPersistentVolumeSource(in.Spec.PersistentVolumeSource.RBD) - } - if in.Spec.PersistentVolumeSource.ISCSI != nil { - SetDefaults_ISCSIPersistentVolumeSource(in.Spec.PersistentVolumeSource.ISCSI) - } - if in.Spec.PersistentVolumeSource.AzureDisk != nil { - SetDefaults_AzureDiskVolumeSource(in.Spec.PersistentVolumeSource.AzureDisk) - } - if in.Spec.PersistentVolumeSource.ScaleIO != nil { - SetDefaults_ScaleIOPersistentVolumeSource(in.Spec.PersistentVolumeSource.ScaleIO) - } -} - -func SetObjectDefaults_PersistentVolumeClaim(in *v1.PersistentVolumeClaim) { - SetDefaults_PersistentVolumeClaim(in) - SetDefaults_PersistentVolumeClaimSpec(&in.Spec) - SetDefaults_ResourceList(&in.Spec.Resources.Limits) - SetDefaults_ResourceList(&in.Spec.Resources.Requests) - SetDefaults_ResourceList(&in.Status.Capacity) - SetDefaults_ResourceList(&in.Status.AllocatedResources) -} - -func SetObjectDefaults_PersistentVolumeClaimList(in *v1.PersistentVolumeClaimList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PersistentVolumeClaim(a) - } -} - -func SetObjectDefaults_PersistentVolumeList(in *v1.PersistentVolumeList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PersistentVolume(a) - } -} - -func SetObjectDefaults_Pod(in *v1.Pod) { - SetDefaults_Pod(in) - SetDefaults_PodSpec(&in.Spec) - for i := range in.Spec.Volumes { - a := &in.Spec.Volumes[i] - SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.InitContainers { - a := &in.Spec.InitContainers[i] - SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.Resources.Limits) - SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Containers { - a := &in.Spec.Containers[i] - SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.Resources.Limits) - SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.EphemeralContainers { - a := &in.Spec.EphemeralContainers[i] - SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - SetDefaults_ResourceList(&in.Spec.Overhead) -} - -func SetObjectDefaults_PodList(in *v1.PodList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Pod(a) - } -} - -func SetObjectDefaults_PodTemplate(in *v1.PodTemplate) { - SetDefaults_PodSpec(&in.Template.Spec) - for i := range in.Template.Spec.Volumes { - a := &in.Template.Spec.Volumes[i] - SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Template.Spec.InitContainers { - a := &in.Template.Spec.InitContainers[i] - SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.Resources.Limits) - SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Template.Spec.Containers { - a := &in.Template.Spec.Containers[i] - SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.Resources.Limits) - SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Template.Spec.EphemeralContainers { - a := &in.Template.Spec.EphemeralContainers[i] - SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - SetDefaults_ResourceList(&in.Template.Spec.Overhead) -} - -func SetObjectDefaults_PodTemplateList(in *v1.PodTemplateList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PodTemplate(a) - } -} - -func SetObjectDefaults_ReplicationController(in *v1.ReplicationController) { - SetDefaults_ReplicationController(in) - if in.Spec.Template != nil { - SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.Resources.Limits) - SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.Resources.Limits) - SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) - } -} - -func SetObjectDefaults_ReplicationControllerList(in *v1.ReplicationControllerList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ReplicationController(a) - } -} - -func SetObjectDefaults_ResourceQuota(in *v1.ResourceQuota) { - SetDefaults_ResourceList(&in.Spec.Hard) - SetDefaults_ResourceList(&in.Status.Hard) - SetDefaults_ResourceList(&in.Status.Used) -} - -func SetObjectDefaults_ResourceQuotaList(in *v1.ResourceQuotaList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ResourceQuota(a) - } -} - -func SetObjectDefaults_Secret(in *v1.Secret) { - SetDefaults_Secret(in) -} - -func SetObjectDefaults_SecretList(in *v1.SecretList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Secret(a) - } -} - -func SetObjectDefaults_Service(in *v1.Service) { - SetDefaults_Service(in) - for i := range in.Spec.Ports { - a := &in.Spec.Ports[i] - if a.Protocol == "" { - a.Protocol = "TCP" - } - } -} - -func SetObjectDefaults_ServiceList(in *v1.ServiceList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Service(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/OWNERS deleted file mode 100644 index 054fa14fa7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/OWNERS +++ /dev/null @@ -1,22 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - yujuhong - - derekwaynecarr - - caesarxuchao - - mikedanese - - liggitt - - sttts - - dchen1107 - - janetkuo - - justinsb - - pwittrock - - tallclair - - soltysh - - jsafrane - - dims diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/doc.go deleted file mode 100644 index 0c1cfaab5a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package validation has functions for validating the correctness of api -// objects and explaining what is wrong with them when they aren't valid. -package validation // import "k8s.io/kubernetes/pkg/apis/core/validation" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/events.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/events.go deleted file mode 100644 index d2578f229e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/events.go +++ /dev/null @@ -1,193 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "reflect" - "time" - - v1 "k8s.io/api/core/v1" - eventsv1beta1 "k8s.io/api/events/v1beta1" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/core" -) - -const ( - ReportingInstanceLengthLimit = 128 - ActionLengthLimit = 128 - ReasonLengthLimit = 128 - NoteLengthLimit = 1024 -) - -func ValidateEventCreate(event *core.Event, requestVersion schema.GroupVersion) field.ErrorList { - // Make sure events always pass legacy validation. - allErrs := legacyValidateEvent(event, requestVersion) - if requestVersion == v1.SchemeGroupVersion || requestVersion == eventsv1beta1.SchemeGroupVersion { - // No further validation for backwards compatibility. - return allErrs - } - - // Strict validation applies to creation via events.k8s.io/v1 API and newer. - allErrs = append(allErrs, ValidateObjectMeta(&event.ObjectMeta, true, apimachineryvalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) - allErrs = append(allErrs, validateV1EventSeries(event)...) - zeroTime := time.Time{} - if event.EventTime.Time == zeroTime { - allErrs = append(allErrs, field.Required(field.NewPath("eventTime"), "")) - } - if event.Type != v1.EventTypeNormal && event.Type != v1.EventTypeWarning { - allErrs = append(allErrs, field.Invalid(field.NewPath("type"), "", fmt.Sprintf("has invalid value: %v", event.Type))) - } - if event.FirstTimestamp.Time != zeroTime { - allErrs = append(allErrs, field.Invalid(field.NewPath("firstTimestamp"), "", "needs to be unset")) - } - if event.LastTimestamp.Time != zeroTime { - allErrs = append(allErrs, field.Invalid(field.NewPath("lastTimestamp"), "", "needs to be unset")) - } - if event.Count != 0 { - allErrs = append(allErrs, field.Invalid(field.NewPath("count"), "", "needs to be unset")) - } - if event.Source.Component != "" || event.Source.Host != "" { - allErrs = append(allErrs, field.Invalid(field.NewPath("source"), "", "needs to be unset")) - } - return allErrs -} - -func ValidateEventUpdate(newEvent, oldEvent *core.Event, requestVersion schema.GroupVersion) field.ErrorList { - // Make sure the new event always passes legacy validation. - allErrs := legacyValidateEvent(newEvent, requestVersion) - if requestVersion == v1.SchemeGroupVersion || requestVersion == eventsv1beta1.SchemeGroupVersion { - // No further validation for backwards compatibility. - return allErrs - } - - // Strict validation applies to update via events.k8s.io/v1 API and newer. - allErrs = append(allErrs, ValidateObjectMetaUpdate(&newEvent.ObjectMeta, &oldEvent.ObjectMeta, field.NewPath("metadata"))...) - // if the series was modified, validate the new data - if !reflect.DeepEqual(newEvent.Series, oldEvent.Series) { - allErrs = append(allErrs, validateV1EventSeries(newEvent)...) - } - - allErrs = append(allErrs, ValidateImmutableField(newEvent.InvolvedObject, oldEvent.InvolvedObject, field.NewPath("involvedObject"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.Reason, oldEvent.Reason, field.NewPath("reason"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.Message, oldEvent.Message, field.NewPath("message"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.Source, oldEvent.Source, field.NewPath("source"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.FirstTimestamp, oldEvent.FirstTimestamp, field.NewPath("firstTimestamp"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.LastTimestamp, oldEvent.LastTimestamp, field.NewPath("lastTimestamp"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.Count, oldEvent.Count, field.NewPath("count"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.Reason, oldEvent.Reason, field.NewPath("reason"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.Type, oldEvent.Type, field.NewPath("type"))...) - - // Disallow changes to eventTime greater than microsecond-level precision. - // Tolerating sub-microsecond changes is required to tolerate updates - // from clients that correctly truncate to microsecond-precision when serializing, - // or from clients built with incorrect nanosecond-precision protobuf serialization. - // See https://github.com/kubernetes/kubernetes/issues/111928 - newTruncated := newEvent.EventTime.Truncate(time.Microsecond).UTC() - oldTruncated := oldEvent.EventTime.Truncate(time.Microsecond).UTC() - if newTruncated != oldTruncated { - allErrs = append(allErrs, ValidateImmutableField(newEvent.EventTime, oldEvent.EventTime, field.NewPath("eventTime"))...) - } - - allErrs = append(allErrs, ValidateImmutableField(newEvent.Action, oldEvent.Action, field.NewPath("action"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.Related, oldEvent.Related, field.NewPath("related"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.ReportingController, oldEvent.ReportingController, field.NewPath("reportingController"))...) - allErrs = append(allErrs, ValidateImmutableField(newEvent.ReportingInstance, oldEvent.ReportingInstance, field.NewPath("reportingInstance"))...) - - return allErrs -} - -func validateV1EventSeries(event *core.Event) field.ErrorList { - allErrs := field.ErrorList{} - zeroTime := time.Time{} - if event.Series != nil { - if event.Series.Count < 2 { - allErrs = append(allErrs, field.Invalid(field.NewPath("series.count"), "", "should be at least 2")) - } - if event.Series.LastObservedTime.Time == zeroTime { - allErrs = append(allErrs, field.Required(field.NewPath("series.lastObservedTime"), "")) - } - } - return allErrs -} - -// legacyValidateEvent makes sure that the event makes sense. -func legacyValidateEvent(event *core.Event, requestVersion schema.GroupVersion) field.ErrorList { - allErrs := field.ErrorList{} - // Because go - zeroTime := time.Time{} - - reportingControllerFieldName := "reportingController" - if requestVersion == v1.SchemeGroupVersion { - reportingControllerFieldName = "reportingComponent" - } - - // "New" Events need to have EventTime set, so it's validating old object. - if event.EventTime.Time == zeroTime { - // Make sure event.Namespace and the involvedInvolvedObject.Namespace agree - if len(event.InvolvedObject.Namespace) == 0 { - // event.Namespace must also be empty (or "default", for compatibility with old clients) - if event.Namespace != metav1.NamespaceNone && event.Namespace != metav1.NamespaceDefault { - allErrs = append(allErrs, field.Invalid(field.NewPath("involvedObject", "namespace"), event.InvolvedObject.Namespace, "does not match event.namespace")) - } - } else { - // event namespace must match - if event.Namespace != event.InvolvedObject.Namespace { - allErrs = append(allErrs, field.Invalid(field.NewPath("involvedObject", "namespace"), event.InvolvedObject.Namespace, "does not match event.namespace")) - } - } - - } else { - if len(event.InvolvedObject.Namespace) == 0 && event.Namespace != metav1.NamespaceDefault && event.Namespace != metav1.NamespaceSystem { - allErrs = append(allErrs, field.Invalid(field.NewPath("involvedObject", "namespace"), event.InvolvedObject.Namespace, "does not match event.namespace")) - } - if len(event.ReportingController) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath(reportingControllerFieldName), "")) - } - allErrs = append(allErrs, ValidateQualifiedName(event.ReportingController, field.NewPath(reportingControllerFieldName))...) - if len(event.ReportingInstance) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("reportingInstance"), "")) - } - if len(event.ReportingInstance) > ReportingInstanceLengthLimit { - allErrs = append(allErrs, field.Invalid(field.NewPath("reportingInstance"), "", fmt.Sprintf("can have at most %v characters", ReportingInstanceLengthLimit))) - } - if len(event.Action) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("action"), "")) - } - if len(event.Action) > ActionLengthLimit { - allErrs = append(allErrs, field.Invalid(field.NewPath("action"), "", fmt.Sprintf("can have at most %v characters", ActionLengthLimit))) - } - if len(event.Reason) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("reason"), "")) - } - if len(event.Reason) > ReasonLengthLimit { - allErrs = append(allErrs, field.Invalid(field.NewPath("reason"), "", fmt.Sprintf("can have at most %v characters", ReasonLengthLimit))) - } - if len(event.Message) > NoteLengthLimit { - allErrs = append(allErrs, field.Invalid(field.NewPath("message"), "", fmt.Sprintf("can have at most %v characters", NoteLengthLimit))) - } - } - - for _, msg := range validation.IsDNS1123Subdomain(event.Namespace) { - allErrs = append(allErrs, field.Invalid(field.NewPath("namespace"), event.Namespace, msg)) - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go deleted file mode 100644 index d53339863b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go +++ /dev/null @@ -1,7175 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "encoding/json" - "fmt" - "math" - "net" - "path" - "path/filepath" - "reflect" - "regexp" - "strings" - "unicode" - "unicode/utf8" - - "github.com/google/go-cmp/cmp" - v1 "k8s.io/api/core/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/resource" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - utilfeature "k8s.io/apiserver/pkg/util/feature" - schedulinghelper "k8s.io/component-helpers/scheduling/corev1" - apiservice "k8s.io/kubernetes/pkg/api/service" - "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper" - podshelper "k8s.io/kubernetes/pkg/apis/core/pods" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" - "k8s.io/kubernetes/pkg/capabilities" - "k8s.io/kubernetes/pkg/cluster/ports" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/fieldpath" - netutils "k8s.io/utils/net" -) - -const isNegativeErrorMsg string = apimachineryvalidation.IsNegativeErrorMsg -const isInvalidQuotaResource string = `must be a standard resource for quota` -const fieldImmutableErrorMsg string = apimachineryvalidation.FieldImmutableErrorMsg -const isNotIntegerErrorMsg string = `must be an integer` -const isNotPositiveErrorMsg string = `must be greater than zero` - -var pdPartitionErrorMsg string = validation.InclusiveRangeError(1, 255) -var fileModeErrorMsg = "must be a number between 0 and 0777 (octal), both inclusive" - -// BannedOwners is a black list of object that are not allowed to be owners. -var BannedOwners = apimachineryvalidation.BannedOwners - -var iscsiInitiatorIqnRegex = regexp.MustCompile(`iqn\.\d{4}-\d{2}\.([[:alnum:]-.]+)(:[^,;*&$|\s]+)$`) -var iscsiInitiatorEuiRegex = regexp.MustCompile(`^eui.[[:alnum:]]{16}$`) -var iscsiInitiatorNaaRegex = regexp.MustCompile(`^naa.[[:alnum:]]{32}$`) - -var allowedEphemeralContainerFields = map[string]bool{ - "Name": true, - "Image": true, - "Command": true, - "Args": true, - "WorkingDir": true, - "Ports": false, - "EnvFrom": true, - "Env": true, - "Resources": false, - "VolumeMounts": true, - "VolumeDevices": true, - "LivenessProbe": false, - "ReadinessProbe": false, - "StartupProbe": false, - "Lifecycle": false, - "TerminationMessagePath": true, - "TerminationMessagePolicy": true, - "ImagePullPolicy": true, - "SecurityContext": true, - "Stdin": true, - "StdinOnce": true, - "TTY": true, -} - -// validOS stores the set of valid OSes within pod spec. -// The valid values currently are linux, windows. -// In future, they can be expanded to values from -// https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration -var validOS = sets.NewString(string(core.Linux), string(core.Windows)) - -// ValidateHasLabel requires that metav1.ObjectMeta has a Label with key and expectedValue -func ValidateHasLabel(meta metav1.ObjectMeta, fldPath *field.Path, key, expectedValue string) field.ErrorList { - allErrs := field.ErrorList{} - actualValue, found := meta.Labels[key] - if !found { - allErrs = append(allErrs, field.Required(fldPath.Child("labels").Key(key), - fmt.Sprintf("must be '%s'", expectedValue))) - return allErrs - } - if actualValue != expectedValue { - allErrs = append(allErrs, field.Invalid(fldPath.Child("labels").Key(key), meta.Labels, - fmt.Sprintf("must be '%s'", expectedValue))) - } - return allErrs -} - -// ValidateAnnotations validates that a set of annotations are correctly defined. -func ValidateAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - return apimachineryvalidation.ValidateAnnotations(annotations, fldPath) -} - -func ValidateDNS1123Label(value string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsDNS1123Label(value) { - allErrs = append(allErrs, field.Invalid(fldPath, value, msg)) - } - return allErrs -} - -// ValidateQualifiedName validates if name is what Kubernetes calls a "qualified name". -func ValidateQualifiedName(value string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsQualifiedName(value) { - allErrs = append(allErrs, field.Invalid(fldPath, value, msg)) - } - return allErrs -} - -// ValidateDNS1123Subdomain validates that a name is a proper DNS subdomain. -func ValidateDNS1123Subdomain(value string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsDNS1123Subdomain(value) { - allErrs = append(allErrs, field.Invalid(fldPath, value, msg)) - } - return allErrs -} - -func ValidatePodSpecificAnnotations(annotations map[string]string, spec *core.PodSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if value, isMirror := annotations[core.MirrorPodAnnotationKey]; isMirror { - if len(spec.NodeName) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Key(core.MirrorPodAnnotationKey), value, "must set spec.nodeName if mirror pod annotation is set")) - } - } - - if annotations[core.TolerationsAnnotationKey] != "" { - allErrs = append(allErrs, ValidateTolerationsInPodAnnotations(annotations, fldPath)...) - } - - if !opts.AllowInvalidPodDeletionCost { - if _, err := helper.GetDeletionCostFromPodAnnotations(annotations); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Key(core.PodDeletionCost), annotations[core.PodDeletionCost], "must be a 32bit integer")) - } - } - - allErrs = append(allErrs, ValidateSeccompPodAnnotations(annotations, fldPath)...) - allErrs = append(allErrs, ValidateAppArmorPodAnnotations(annotations, spec, fldPath)...) - - return allErrs -} - -// ValidateTolerationsInPodAnnotations tests that the serialized tolerations in Pod.Annotations has valid data -func ValidateTolerationsInPodAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - tolerations, err := helper.GetTolerationsFromPodAnnotations(annotations) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath, core.TolerationsAnnotationKey, err.Error())) - return allErrs - } - - if len(tolerations) > 0 { - allErrs = append(allErrs, ValidateTolerations(tolerations, fldPath.Child(core.TolerationsAnnotationKey))...) - } - - return allErrs -} - -func ValidatePodSpecificAnnotationUpdates(newPod, oldPod *core.Pod, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - newAnnotations := newPod.Annotations - oldAnnotations := oldPod.Annotations - for k, oldVal := range oldAnnotations { - if newVal, exists := newAnnotations[k]; exists && newVal == oldVal { - continue // No change. - } - if strings.HasPrefix(k, v1.AppArmorBetaContainerAnnotationKeyPrefix) { - allErrs = append(allErrs, field.Forbidden(fldPath.Key(k), "may not remove or update AppArmor annotations")) - } - if k == core.MirrorPodAnnotationKey { - allErrs = append(allErrs, field.Forbidden(fldPath.Key(k), "may not remove or update mirror pod annotation")) - } - } - // Check for additions - for k := range newAnnotations { - if _, ok := oldAnnotations[k]; ok { - continue // No change. - } - if strings.HasPrefix(k, v1.AppArmorBetaContainerAnnotationKeyPrefix) { - allErrs = append(allErrs, field.Forbidden(fldPath.Key(k), "may not add AppArmor annotations")) - } - if k == core.MirrorPodAnnotationKey { - allErrs = append(allErrs, field.Forbidden(fldPath.Key(k), "may not add mirror pod annotation")) - } - } - allErrs = append(allErrs, ValidatePodSpecificAnnotations(newAnnotations, &newPod.Spec, fldPath, opts)...) - return allErrs -} - -func ValidateEndpointsSpecificAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - return allErrs -} - -// ValidateNameFunc validates that the provided name is valid for a given resource type. -// Not all resources have the same validation rules for names. Prefix is true -// if the name will have a value appended to it. If the name is not valid, -// this returns a list of descriptions of individual characteristics of the -// value that were not valid. Otherwise this returns an empty list or nil. -type ValidateNameFunc apimachineryvalidation.ValidateNameFunc - -// ValidatePodName can be used to check whether the given pod name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidatePodName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateReplicationControllerName can be used to check whether the given replication -// controller name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateReplicationControllerName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateServiceName can be used to check whether the given service name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateServiceName = apimachineryvalidation.NameIsDNS1035Label - -// ValidateNodeName can be used to check whether the given node name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateNodeName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateNamespaceName can be used to check whether the given namespace name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateNamespaceName = apimachineryvalidation.ValidateNamespaceName - -// ValidateLimitRangeName can be used to check whether the given limit range name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateLimitRangeName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateResourceQuotaName can be used to check whether the given -// resource quota name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateResourceQuotaName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateSecretName can be used to check whether the given secret name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateSecretName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateServiceAccountName can be used to check whether the given service account name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateServiceAccountName = apimachineryvalidation.ValidateServiceAccountName - -// ValidateEndpointsName can be used to check whether the given endpoints name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateEndpointsName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateClassName can be used to check whether the given class name is valid. -// It is defined here to avoid import cycle between pkg/apis/storage/validation -// (where it should be) and this file. -var ValidateClassName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidatePriorityClassName can be used to check whether the given priority -// class name is valid. -var ValidatePriorityClassName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateRuntimeClassName can be used to check whether the given RuntimeClass name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -func ValidateRuntimeClassName(name string, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - for _, msg := range apimachineryvalidation.NameIsDNSSubdomain(name, false) { - allErrs = append(allErrs, field.Invalid(fldPath, name, msg)) - } - return allErrs -} - -// validateOverhead can be used to check whether the given Overhead is valid. -func validateOverhead(overhead core.ResourceList, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - // reuse the ResourceRequirements validation logic - return ValidateResourceRequirements(&core.ResourceRequirements{Limits: overhead}, nil, fldPath, opts) -} - -// Validates that given value is not negative. -func ValidateNonnegativeField(value int64, fldPath *field.Path) field.ErrorList { - return apimachineryvalidation.ValidateNonnegativeField(value, fldPath) -} - -// Validates that a Quantity is not negative -func ValidateNonnegativeQuantity(value resource.Quantity, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if value.Cmp(resource.Quantity{}) < 0 { - allErrs = append(allErrs, field.Invalid(fldPath, value.String(), isNegativeErrorMsg)) - } - return allErrs -} - -// Validates that a Quantity is positive -func ValidatePositiveQuantityValue(value resource.Quantity, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if value.Cmp(resource.Quantity{}) <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath, value.String(), isNotPositiveErrorMsg)) - } - return allErrs -} - -func ValidateImmutableField(newVal, oldVal interface{}, fldPath *field.Path) field.ErrorList { - return apimachineryvalidation.ValidateImmutableField(newVal, oldVal, fldPath) -} - -func ValidateImmutableAnnotation(newVal string, oldVal string, annotation string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if oldVal != newVal { - allErrs = append(allErrs, field.Invalid(fldPath.Child("annotations", annotation), newVal, fieldImmutableErrorMsg)) - } - return allErrs -} - -// ValidateObjectMeta validates an object's metadata on creation. It expects that name generation has already -// been performed. -// It doesn't return an error for rootscoped resources with namespace, because namespace should already be cleared before. -// TODO: Remove calls to this method scattered in validations of specific resources, e.g., ValidatePodUpdate. -func ValidateObjectMeta(meta *metav1.ObjectMeta, requiresNamespace bool, nameFn ValidateNameFunc, fldPath *field.Path) field.ErrorList { - allErrs := apimachineryvalidation.ValidateObjectMeta(meta, requiresNamespace, apimachineryvalidation.ValidateNameFunc(nameFn), fldPath) - // run additional checks for the finalizer name - for i := range meta.Finalizers { - allErrs = append(allErrs, validateKubeFinalizerName(string(meta.Finalizers[i]), fldPath.Child("finalizers").Index(i))...) - } - return allErrs -} - -// ValidateObjectMetaUpdate validates an object's metadata when updated -func ValidateObjectMetaUpdate(newMeta, oldMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList { - allErrs := apimachineryvalidation.ValidateObjectMetaUpdate(newMeta, oldMeta, fldPath) - // run additional checks for the finalizer name - for i := range newMeta.Finalizers { - allErrs = append(allErrs, validateKubeFinalizerName(string(newMeta.Finalizers[i]), fldPath.Child("finalizers").Index(i))...) - } - - return allErrs -} - -func ValidateVolumes(volumes []core.Volume, podMeta *metav1.ObjectMeta, fldPath *field.Path, opts PodValidationOptions) (map[string]core.VolumeSource, field.ErrorList) { - allErrs := field.ErrorList{} - - allNames := sets.String{} - allCreatedPVCs := sets.String{} - // Determine which PVCs will be created for this pod. We need - // the exact name of the pod for this. Without it, this sanity - // check has to be skipped. - if podMeta != nil && podMeta.Name != "" { - for _, vol := range volumes { - if vol.VolumeSource.Ephemeral != nil { - allCreatedPVCs.Insert(podMeta.Name + "-" + vol.Name) - } - } - } - vols := make(map[string]core.VolumeSource) - for i, vol := range volumes { - idxPath := fldPath.Index(i) - namePath := idxPath.Child("name") - el := validateVolumeSource(&vol.VolumeSource, idxPath, vol.Name, podMeta, opts) - if len(vol.Name) == 0 { - el = append(el, field.Required(namePath, "")) - } else { - el = append(el, ValidateDNS1123Label(vol.Name, namePath)...) - } - if allNames.Has(vol.Name) { - el = append(el, field.Duplicate(namePath, vol.Name)) - } - if len(el) == 0 { - allNames.Insert(vol.Name) - vols[vol.Name] = vol.VolumeSource - } else { - allErrs = append(allErrs, el...) - } - // A PersistentVolumeClaimSource should not reference a created PVC. That doesn't - // make sense. - if vol.PersistentVolumeClaim != nil && allCreatedPVCs.Has(vol.PersistentVolumeClaim.ClaimName) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("persistentVolumeClaim").Child("claimName"), vol.PersistentVolumeClaim.ClaimName, - "must not reference a PVC that gets created for an ephemeral volume")) - } - } - - return vols, allErrs -} - -func IsMatchedVolume(name string, volumes map[string]core.VolumeSource) bool { - if _, ok := volumes[name]; ok { - return true - } - return false -} - -// isMatched checks whether the volume with the given name is used by a -// container and if so, if it involves a PVC. -func isMatchedDevice(name string, volumes map[string]core.VolumeSource) (isMatched bool, isPVC bool) { - if source, ok := volumes[name]; ok { - if source.PersistentVolumeClaim != nil || - source.Ephemeral != nil { - return true, true - } - return true, false - } - return false, false -} - -func mountNameAlreadyExists(name string, devices map[string]string) bool { - if _, ok := devices[name]; ok { - return true - } - return false -} - -func mountPathAlreadyExists(mountPath string, devices map[string]string) bool { - for _, devPath := range devices { - if mountPath == devPath { - return true - } - } - - return false -} - -func deviceNameAlreadyExists(name string, mounts map[string]string) bool { - if _, ok := mounts[name]; ok { - return true - } - return false -} - -func devicePathAlreadyExists(devicePath string, mounts map[string]string) bool { - for _, mountPath := range mounts { - if mountPath == devicePath { - return true - } - } - - return false -} - -func validateVolumeSource(source *core.VolumeSource, fldPath *field.Path, volName string, podMeta *metav1.ObjectMeta, opts PodValidationOptions) field.ErrorList { - numVolumes := 0 - allErrs := field.ErrorList{} - if source.EmptyDir != nil { - numVolumes++ - if source.EmptyDir.SizeLimit != nil && source.EmptyDir.SizeLimit.Cmp(resource.Quantity{}) < 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("emptyDir").Child("sizeLimit"), "SizeLimit field must be a valid resource quantity")) - } - } - if source.HostPath != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostPath"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateHostPathVolumeSource(source.HostPath, fldPath.Child("hostPath"))...) - } - } - if source.GitRepo != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("gitRepo"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateGitRepoVolumeSource(source.GitRepo, fldPath.Child("gitRepo"))...) - } - } - if source.GCEPersistentDisk != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("gcePersistentDisk"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateGCEPersistentDiskVolumeSource(source.GCEPersistentDisk, fldPath.Child("persistentDisk"))...) - } - } - if source.AWSElasticBlockStore != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("awsElasticBlockStore"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateAWSElasticBlockStoreVolumeSource(source.AWSElasticBlockStore, fldPath.Child("awsElasticBlockStore"))...) - } - } - if source.Secret != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("secret"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateSecretVolumeSource(source.Secret, fldPath.Child("secret"))...) - } - } - if source.NFS != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("nfs"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateNFSVolumeSource(source.NFS, fldPath.Child("nfs"))...) - } - } - if source.ISCSI != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("iscsi"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateISCSIVolumeSource(source.ISCSI, fldPath.Child("iscsi"))...) - } - if source.ISCSI.InitiatorName != nil && len(volName+":"+source.ISCSI.TargetPortal) > 64 { - tooLongErr := "Total length of <volume name>:<iscsi.targetPortal> must be under 64 characters if iscsi.initiatorName is specified." - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), volName, tooLongErr)) - } - } - if source.Glusterfs != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("glusterfs"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateGlusterfsVolumeSource(source.Glusterfs, fldPath.Child("glusterfs"))...) - } - } - if source.Flocker != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("flocker"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateFlockerVolumeSource(source.Flocker, fldPath.Child("flocker"))...) - } - } - if source.PersistentVolumeClaim != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("persistentVolumeClaim"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validatePersistentClaimVolumeSource(source.PersistentVolumeClaim, fldPath.Child("persistentVolumeClaim"))...) - } - } - if source.RBD != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("rbd"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateRBDVolumeSource(source.RBD, fldPath.Child("rbd"))...) - } - } - if source.Cinder != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("cinder"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateCinderVolumeSource(source.Cinder, fldPath.Child("cinder"))...) - } - } - if source.CephFS != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("cephFS"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateCephFSVolumeSource(source.CephFS, fldPath.Child("cephfs"))...) - } - } - if source.Quobyte != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("quobyte"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateQuobyteVolumeSource(source.Quobyte, fldPath.Child("quobyte"))...) - } - } - if source.DownwardAPI != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("downwarAPI"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateDownwardAPIVolumeSource(source.DownwardAPI, fldPath.Child("downwardAPI"), opts)...) - } - } - if source.FC != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("fc"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateFCVolumeSource(source.FC, fldPath.Child("fc"))...) - } - } - if source.FlexVolume != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("flexVolume"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateFlexVolumeSource(source.FlexVolume, fldPath.Child("flexVolume"))...) - } - } - if source.ConfigMap != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("configMap"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateConfigMapVolumeSource(source.ConfigMap, fldPath.Child("configMap"))...) - } - } - - if source.AzureFile != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("azureFile"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateAzureFile(source.AzureFile, fldPath.Child("azureFile"))...) - } - } - - if source.VsphereVolume != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("vsphereVolume"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateVsphereVolumeSource(source.VsphereVolume, fldPath.Child("vsphereVolume"))...) - } - } - if source.PhotonPersistentDisk != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("photonPersistentDisk"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validatePhotonPersistentDiskVolumeSource(source.PhotonPersistentDisk, fldPath.Child("photonPersistentDisk"))...) - } - } - if source.PortworxVolume != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("portworxVolume"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validatePortworxVolumeSource(source.PortworxVolume, fldPath.Child("portworxVolume"))...) - } - } - if source.AzureDisk != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("azureDisk"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateAzureDisk(source.AzureDisk, fldPath.Child("azureDisk"))...) - } - } - if source.StorageOS != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("storageos"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateStorageOSVolumeSource(source.StorageOS, fldPath.Child("storageos"))...) - } - } - if source.Projected != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("projected"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateProjectedVolumeSource(source.Projected, fldPath.Child("projected"), opts)...) - } - } - if source.ScaleIO != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("scaleIO"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateScaleIOVolumeSource(source.ScaleIO, fldPath.Child("scaleIO"))...) - } - } - if source.CSI != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("csi"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateCSIVolumeSource(source.CSI, fldPath.Child("csi"))...) - } - } - if source.Ephemeral != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("ephemeral"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateEphemeralVolumeSource(source.Ephemeral, fldPath.Child("ephemeral"))...) - // Check the expected name for the PVC. This gets skipped if information is missing, - // because that already gets flagged as a problem elsewhere. For example, - // ValidateObjectMeta as called by validatePodMetadataAndSpec checks that the name is set. - if podMeta != nil && podMeta.Name != "" && volName != "" { - pvcName := podMeta.Name + "-" + volName - for _, msg := range ValidatePersistentVolumeName(pvcName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), volName, fmt.Sprintf("PVC name %q: %v", pvcName, msg))) - } - } - } - } - - if numVolumes == 0 { - allErrs = append(allErrs, field.Required(fldPath, "must specify a volume type")) - } - - return allErrs -} - -func validateHostPathVolumeSource(hostPath *core.HostPathVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(hostPath.Path) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - return allErrs - } - - allErrs = append(allErrs, validatePathNoBacksteps(hostPath.Path, fldPath.Child("path"))...) - allErrs = append(allErrs, validateHostPathType(hostPath.Type, fldPath.Child("type"))...) - return allErrs -} - -func validateGitRepoVolumeSource(gitRepo *core.GitRepoVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(gitRepo.Repository) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("repository"), "")) - } - - pathErrs := validateLocalDescendingPath(gitRepo.Directory, fldPath.Child("directory")) - allErrs = append(allErrs, pathErrs...) - return allErrs -} - -func validateISCSIVolumeSource(iscsi *core.ISCSIVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(iscsi.TargetPortal) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("targetPortal"), "")) - } - if len(iscsi.IQN) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("iqn"), "")) - } else { - if !strings.HasPrefix(iscsi.IQN, "iqn") && !strings.HasPrefix(iscsi.IQN, "eui") && !strings.HasPrefix(iscsi.IQN, "naa") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format starting with iqn, eui, or naa")) - } else if strings.HasPrefix(iscsi.IQN, "iqn") && !iscsiInitiatorIqnRegex.MatchString(iscsi.IQN) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format")) - } else if strings.HasPrefix(iscsi.IQN, "eui") && !iscsiInitiatorEuiRegex.MatchString(iscsi.IQN) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format")) - } else if strings.HasPrefix(iscsi.IQN, "naa") && !iscsiInitiatorNaaRegex.MatchString(iscsi.IQN) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format")) - } - } - if iscsi.Lun < 0 || iscsi.Lun > 255 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), iscsi.Lun, validation.InclusiveRangeError(0, 255))) - } - if (iscsi.DiscoveryCHAPAuth || iscsi.SessionCHAPAuth) && iscsi.SecretRef == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef"), "")) - } - if iscsi.InitiatorName != nil { - initiator := *iscsi.InitiatorName - if !strings.HasPrefix(initiator, "iqn") && !strings.HasPrefix(initiator, "eui") && !strings.HasPrefix(initiator, "naa") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format starting with iqn, eui, or naa")) - } - if strings.HasPrefix(initiator, "iqn") && !iscsiInitiatorIqnRegex.MatchString(initiator) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format")) - } else if strings.HasPrefix(initiator, "eui") && !iscsiInitiatorEuiRegex.MatchString(initiator) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format")) - } else if strings.HasPrefix(initiator, "naa") && !iscsiInitiatorNaaRegex.MatchString(initiator) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format")) - } - } - return allErrs -} - -func validateISCSIPersistentVolumeSource(iscsi *core.ISCSIPersistentVolumeSource, pvName string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(iscsi.TargetPortal) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("targetPortal"), "")) - } - if iscsi.InitiatorName != nil && len(pvName+":"+iscsi.TargetPortal) > 64 { - tooLongErr := "Total length of <volume name>:<iscsi.targetPortal> must be under 64 characters if iscsi.initiatorName is specified." - allErrs = append(allErrs, field.Invalid(fldPath.Child("targetportal"), iscsi.TargetPortal, tooLongErr)) - } - if len(iscsi.IQN) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("iqn"), "")) - } else { - if !strings.HasPrefix(iscsi.IQN, "iqn") && !strings.HasPrefix(iscsi.IQN, "eui") && !strings.HasPrefix(iscsi.IQN, "naa") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format")) - } else if strings.HasPrefix(iscsi.IQN, "iqn") && !iscsiInitiatorIqnRegex.MatchString(iscsi.IQN) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format")) - } else if strings.HasPrefix(iscsi.IQN, "eui") && !iscsiInitiatorEuiRegex.MatchString(iscsi.IQN) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format")) - } else if strings.HasPrefix(iscsi.IQN, "naa") && !iscsiInitiatorNaaRegex.MatchString(iscsi.IQN) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("iqn"), iscsi.IQN, "must be valid format")) - } - } - if iscsi.Lun < 0 || iscsi.Lun > 255 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), iscsi.Lun, validation.InclusiveRangeError(0, 255))) - } - if (iscsi.DiscoveryCHAPAuth || iscsi.SessionCHAPAuth) && iscsi.SecretRef == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef"), "")) - } - if iscsi.SecretRef != nil { - if len(iscsi.SecretRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "")) - } - } - if iscsi.InitiatorName != nil { - initiator := *iscsi.InitiatorName - if !strings.HasPrefix(initiator, "iqn") && !strings.HasPrefix(initiator, "eui") && !strings.HasPrefix(initiator, "naa") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format")) - } - if strings.HasPrefix(initiator, "iqn") && !iscsiInitiatorIqnRegex.MatchString(initiator) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format")) - } else if strings.HasPrefix(initiator, "eui") && !iscsiInitiatorEuiRegex.MatchString(initiator) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format")) - } else if strings.HasPrefix(initiator, "naa") && !iscsiInitiatorNaaRegex.MatchString(initiator) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("initiatorname"), initiator, "must be valid format")) - } - } - return allErrs -} - -func validateFCVolumeSource(fc *core.FCVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(fc.TargetWWNs) < 1 && len(fc.WWIDs) < 1 { - allErrs = append(allErrs, field.Required(fldPath.Child("targetWWNs"), "must specify either targetWWNs or wwids, but not both")) - } - - if len(fc.TargetWWNs) != 0 && len(fc.WWIDs) != 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("targetWWNs"), fc.TargetWWNs, "targetWWNs and wwids can not be specified simultaneously")) - } - - if len(fc.TargetWWNs) != 0 { - if fc.Lun == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("lun"), "lun is required if targetWWNs is specified")) - } else { - if *fc.Lun < 0 || *fc.Lun > 255 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), fc.Lun, validation.InclusiveRangeError(0, 255))) - } - } - } - return allErrs -} - -func validateGCEPersistentDiskVolumeSource(pd *core.GCEPersistentDiskVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(pd.PDName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("pdName"), "")) - } - if pd.Partition < 0 || pd.Partition > 255 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("partition"), pd.Partition, pdPartitionErrorMsg)) - } - return allErrs -} - -func validateAWSElasticBlockStoreVolumeSource(PD *core.AWSElasticBlockStoreVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(PD.VolumeID) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), "")) - } - if PD.Partition < 0 || PD.Partition > 255 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("partition"), PD.Partition, pdPartitionErrorMsg)) - } - return allErrs -} - -func validateSecretVolumeSource(secretSource *core.SecretVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(secretSource.SecretName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretName"), "")) - } - - secretMode := secretSource.DefaultMode - if secretMode != nil && (*secretMode > 0777 || *secretMode < 0) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("defaultMode"), *secretMode, fileModeErrorMsg)) - } - - itemsPath := fldPath.Child("items") - for i, kp := range secretSource.Items { - itemPath := itemsPath.Index(i) - allErrs = append(allErrs, validateKeyToPath(&kp, itemPath)...) - } - return allErrs -} - -func validateConfigMapVolumeSource(configMapSource *core.ConfigMapVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(configMapSource.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - - configMapMode := configMapSource.DefaultMode - if configMapMode != nil && (*configMapMode > 0777 || *configMapMode < 0) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("defaultMode"), *configMapMode, fileModeErrorMsg)) - } - - itemsPath := fldPath.Child("items") - for i, kp := range configMapSource.Items { - itemPath := itemsPath.Index(i) - allErrs = append(allErrs, validateKeyToPath(&kp, itemPath)...) - } - return allErrs -} - -func validateKeyToPath(kp *core.KeyToPath, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(kp.Key) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("key"), "")) - } - if len(kp.Path) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - } - allErrs = append(allErrs, validateLocalNonReservedPath(kp.Path, fldPath.Child("path"))...) - if kp.Mode != nil && (*kp.Mode > 0777 || *kp.Mode < 0) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("mode"), *kp.Mode, fileModeErrorMsg)) - } - - return allErrs -} - -func validatePersistentClaimVolumeSource(claim *core.PersistentVolumeClaimVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(claim.ClaimName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("claimName"), "")) - } - return allErrs -} - -func validateNFSVolumeSource(nfs *core.NFSVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(nfs.Server) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("server"), "")) - } - if len(nfs.Path) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - } - if !path.IsAbs(nfs.Path) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("path"), nfs.Path, "must be an absolute path")) - } - return allErrs -} - -func validateQuobyteVolumeSource(quobyte *core.QuobyteVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(quobyte.Registry) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("registry"), "must be a host:port pair or multiple pairs separated by commas")) - } else if len(quobyte.Tenant) >= 65 { - allErrs = append(allErrs, field.Required(fldPath.Child("tenant"), "must be a UUID and may not exceed a length of 64 characters")) - } else { - for _, hostPortPair := range strings.Split(quobyte.Registry, ",") { - if _, _, err := net.SplitHostPort(hostPortPair); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("registry"), quobyte.Registry, "must be a host:port pair or multiple pairs separated by commas")) - } - } - } - - if len(quobyte.Volume) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volume"), "")) - } - return allErrs -} - -func validateGlusterfsVolumeSource(glusterfs *core.GlusterfsVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(glusterfs.EndpointsName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("endpoints"), "")) - } - if len(glusterfs.Path) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - } - return allErrs -} -func validateGlusterfsPersistentVolumeSource(glusterfs *core.GlusterfsPersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(glusterfs.EndpointsName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("endpoints"), "")) - } - if len(glusterfs.Path) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - } - if glusterfs.EndpointsNamespace != nil { - endpointNs := glusterfs.EndpointsNamespace - if *endpointNs == "" { - allErrs = append(allErrs, field.Invalid(fldPath.Child("endpointsNamespace"), *endpointNs, "if the endpointnamespace is set, it must be a valid namespace name")) - } else { - for _, msg := range ValidateNamespaceName(*endpointNs, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("endpointsNamespace"), *endpointNs, msg)) - } - } - } - return allErrs -} - -func validateFlockerVolumeSource(flocker *core.FlockerVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(flocker.DatasetName) == 0 && len(flocker.DatasetUUID) == 0 { - // TODO: consider adding a RequiredOneOf() error for this and similar cases - allErrs = append(allErrs, field.Required(fldPath, "one of datasetName and datasetUUID is required")) - } - if len(flocker.DatasetName) != 0 && len(flocker.DatasetUUID) != 0 { - allErrs = append(allErrs, field.Invalid(fldPath, "resource", "datasetName and datasetUUID can not be specified simultaneously")) - } - if strings.Contains(flocker.DatasetName, "/") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("datasetName"), flocker.DatasetName, "must not contain '/'")) - } - return allErrs -} - -var validVolumeDownwardAPIFieldPathExpressions = sets.NewString( - "metadata.name", - "metadata.namespace", - "metadata.labels", - "metadata.annotations", - "metadata.uid") - -func validateDownwardAPIVolumeFile(file *core.DownwardAPIVolumeFile, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if len(file.Path) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - } - allErrs = append(allErrs, validateLocalNonReservedPath(file.Path, fldPath.Child("path"))...) - if file.FieldRef != nil { - allErrs = append(allErrs, validateObjectFieldSelector(file.FieldRef, &validVolumeDownwardAPIFieldPathExpressions, fldPath.Child("fieldRef"))...) - if file.ResourceFieldRef != nil { - allErrs = append(allErrs, field.Invalid(fldPath, "resource", "fieldRef and resourceFieldRef can not be specified simultaneously")) - } - } else if file.ResourceFieldRef != nil { - localValidContainerResourceFieldPathPrefixes := validContainerResourceFieldPathPrefixes - if opts.AllowDownwardAPIHugePages { - localValidContainerResourceFieldPathPrefixes = validContainerResourceFieldPathPrefixesWithDownwardAPIHugePages - } - allErrs = append(allErrs, validateContainerResourceFieldSelector(file.ResourceFieldRef, &validContainerResourceFieldPathExpressions, &localValidContainerResourceFieldPathPrefixes, fldPath.Child("resourceFieldRef"), true)...) - } else { - allErrs = append(allErrs, field.Required(fldPath, "one of fieldRef and resourceFieldRef is required")) - } - if file.Mode != nil && (*file.Mode > 0777 || *file.Mode < 0) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("mode"), *file.Mode, fileModeErrorMsg)) - } - - return allErrs -} - -func validateDownwardAPIVolumeSource(downwardAPIVolume *core.DownwardAPIVolumeSource, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - downwardAPIMode := downwardAPIVolume.DefaultMode - if downwardAPIMode != nil && (*downwardAPIMode > 0777 || *downwardAPIMode < 0) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("defaultMode"), *downwardAPIMode, fileModeErrorMsg)) - } - - for _, file := range downwardAPIVolume.Items { - allErrs = append(allErrs, validateDownwardAPIVolumeFile(&file, fldPath, opts)...) - } - return allErrs -} - -func validateProjectionSources(projection *core.ProjectedVolumeSource, projectionMode *int32, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allPaths := sets.String{} - - for i, source := range projection.Sources { - numSources := 0 - srcPath := fldPath.Child("sources").Index(i) - if projPath := srcPath.Child("secret"); source.Secret != nil { - numSources++ - if len(source.Secret.Name) == 0 { - allErrs = append(allErrs, field.Required(projPath.Child("name"), "")) - } - itemsPath := projPath.Child("items") - for i, kp := range source.Secret.Items { - itemPath := itemsPath.Index(i) - allErrs = append(allErrs, validateKeyToPath(&kp, itemPath)...) - if len(kp.Path) > 0 { - curPath := kp.Path - if !allPaths.Has(curPath) { - allPaths.Insert(curPath) - } else { - allErrs = append(allErrs, field.Invalid(fldPath, source.Secret.Name, "conflicting duplicate paths")) - } - } - } - } - if projPath := srcPath.Child("configMap"); source.ConfigMap != nil { - numSources++ - if len(source.ConfigMap.Name) == 0 { - allErrs = append(allErrs, field.Required(projPath.Child("name"), "")) - } - itemsPath := projPath.Child("items") - for i, kp := range source.ConfigMap.Items { - itemPath := itemsPath.Index(i) - allErrs = append(allErrs, validateKeyToPath(&kp, itemPath)...) - if len(kp.Path) > 0 { - curPath := kp.Path - if !allPaths.Has(curPath) { - allPaths.Insert(curPath) - } else { - allErrs = append(allErrs, field.Invalid(fldPath, source.ConfigMap.Name, "conflicting duplicate paths")) - } - } - } - } - if projPath := srcPath.Child("downwardAPI"); source.DownwardAPI != nil { - numSources++ - for _, file := range source.DownwardAPI.Items { - allErrs = append(allErrs, validateDownwardAPIVolumeFile(&file, projPath, opts)...) - if len(file.Path) > 0 { - curPath := file.Path - if !allPaths.Has(curPath) { - allPaths.Insert(curPath) - } else { - allErrs = append(allErrs, field.Invalid(fldPath, curPath, "conflicting duplicate paths")) - } - } - } - } - if projPath := srcPath.Child("serviceAccountToken"); source.ServiceAccountToken != nil { - numSources++ - if source.ServiceAccountToken.ExpirationSeconds < 10*60 { - allErrs = append(allErrs, field.Invalid(projPath.Child("expirationSeconds"), source.ServiceAccountToken.ExpirationSeconds, "may not specify a duration less than 10 minutes")) - } - if source.ServiceAccountToken.ExpirationSeconds > 1<<32 { - allErrs = append(allErrs, field.Invalid(projPath.Child("expirationSeconds"), source.ServiceAccountToken.ExpirationSeconds, "may not specify a duration larger than 2^32 seconds")) - } - if source.ServiceAccountToken.Path == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - } - } - if numSources > 1 { - allErrs = append(allErrs, field.Forbidden(srcPath, "may not specify more than 1 volume type")) - } - } - return allErrs -} - -func validateProjectedVolumeSource(projection *core.ProjectedVolumeSource, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - projectionMode := projection.DefaultMode - if projectionMode != nil && (*projectionMode > 0777 || *projectionMode < 0) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("defaultMode"), *projectionMode, fileModeErrorMsg)) - } - - allErrs = append(allErrs, validateProjectionSources(projection, projectionMode, fldPath, opts)...) - return allErrs -} - -var supportedHostPathTypes = sets.NewString( - string(core.HostPathUnset), - string(core.HostPathDirectoryOrCreate), - string(core.HostPathDirectory), - string(core.HostPathFileOrCreate), - string(core.HostPathFile), - string(core.HostPathSocket), - string(core.HostPathCharDev), - string(core.HostPathBlockDev)) - -func validateHostPathType(hostPathType *core.HostPathType, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if hostPathType != nil && !supportedHostPathTypes.Has(string(*hostPathType)) { - allErrs = append(allErrs, field.NotSupported(fldPath, hostPathType, supportedHostPathTypes.List())) - } - - return allErrs -} - -// This validate will make sure targetPath: -// 1. is not abs path -// 2. does not have any element which is ".." -func validateLocalDescendingPath(targetPath string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if path.IsAbs(targetPath) { - allErrs = append(allErrs, field.Invalid(fldPath, targetPath, "must be a relative path")) - } - - allErrs = append(allErrs, validatePathNoBacksteps(targetPath, fldPath)...) - - return allErrs -} - -// validatePathNoBacksteps makes sure the targetPath does not have any `..` path elements when split -// -// This assumes the OS of the apiserver and the nodes are the same. The same check should be done -// on the node to ensure there are no backsteps. -func validatePathNoBacksteps(targetPath string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - parts := strings.Split(filepath.ToSlash(targetPath), "/") - for _, item := range parts { - if item == ".." { - allErrs = append(allErrs, field.Invalid(fldPath, targetPath, "must not contain '..'")) - break // even for `../../..`, one error is sufficient to make the point - } - } - return allErrs -} - -// validateMountPropagation verifies that MountPropagation field is valid and -// allowed for given container. -func validateMountPropagation(mountPropagation *core.MountPropagationMode, container *core.Container, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if mountPropagation == nil { - return allErrs - } - - supportedMountPropagations := sets.NewString(string(core.MountPropagationBidirectional), string(core.MountPropagationHostToContainer), string(core.MountPropagationNone)) - if !supportedMountPropagations.Has(string(*mountPropagation)) { - allErrs = append(allErrs, field.NotSupported(fldPath, *mountPropagation, supportedMountPropagations.List())) - } - - if container == nil { - // The container is not available yet. - // Stop validation now, Pod validation will refuse final - // Pods with Bidirectional propagation in non-privileged containers. - return allErrs - } - - privileged := container.SecurityContext != nil && container.SecurityContext.Privileged != nil && *container.SecurityContext.Privileged - if *mountPropagation == core.MountPropagationBidirectional && !privileged { - allErrs = append(allErrs, field.Forbidden(fldPath, "Bidirectional mount propagation is available only to privileged containers")) - } - return allErrs -} - -// This validate will make sure targetPath: -// 1. is not abs path -// 2. does not contain any '..' elements -// 3. does not start with '..' -func validateLocalNonReservedPath(targetPath string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validateLocalDescendingPath(targetPath, fldPath)...) - // Don't report this error if the check for .. elements already caught it. - if strings.HasPrefix(targetPath, "..") && !strings.HasPrefix(targetPath, "../") { - allErrs = append(allErrs, field.Invalid(fldPath, targetPath, "must not start with '..'")) - } - return allErrs -} - -func validateRBDVolumeSource(rbd *core.RBDVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(rbd.CephMonitors) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), "")) - } - if len(rbd.RBDImage) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("image"), "")) - } - return allErrs -} - -func validateRBDPersistentVolumeSource(rbd *core.RBDPersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(rbd.CephMonitors) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), "")) - } - if len(rbd.RBDImage) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("image"), "")) - } - return allErrs -} - -func validateCinderVolumeSource(cd *core.CinderVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(cd.VolumeID) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), "")) - } - if cd.SecretRef != nil { - if len(cd.SecretRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "")) - } - } - return allErrs -} - -func validateCinderPersistentVolumeSource(cd *core.CinderPersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(cd.VolumeID) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), "")) - } - if cd.SecretRef != nil { - if len(cd.SecretRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "")) - } - if len(cd.SecretRef.Namespace) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "namespace"), "")) - } - } - return allErrs -} - -func validateCephFSVolumeSource(cephfs *core.CephFSVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(cephfs.Monitors) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), "")) - } - return allErrs -} - -func validateCephFSPersistentVolumeSource(cephfs *core.CephFSPersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(cephfs.Monitors) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("monitors"), "")) - } - return allErrs -} - -func validateFlexVolumeSource(fv *core.FlexVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(fv.Driver) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("driver"), "")) - } - - // Make sure user-specified options don't use kubernetes namespaces - for k := range fv.Options { - namespace := k - if parts := strings.SplitN(k, "/", 2); len(parts) == 2 { - namespace = parts[0] - } - normalized := "." + strings.ToLower(namespace) - if strings.HasSuffix(normalized, ".kubernetes.io") || strings.HasSuffix(normalized, ".k8s.io") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("options").Key(k), k, "kubernetes.io and k8s.io namespaces are reserved")) - } - } - - return allErrs -} - -func validateFlexPersistentVolumeSource(fv *core.FlexPersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(fv.Driver) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("driver"), "")) - } - - // Make sure user-specified options don't use kubernetes namespaces - for k := range fv.Options { - namespace := k - if parts := strings.SplitN(k, "/", 2); len(parts) == 2 { - namespace = parts[0] - } - normalized := "." + strings.ToLower(namespace) - if strings.HasSuffix(normalized, ".kubernetes.io") || strings.HasSuffix(normalized, ".k8s.io") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("options").Key(k), k, "kubernetes.io and k8s.io namespaces are reserved")) - } - } - - return allErrs -} - -func validateAzureFile(azure *core.AzureFileVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if azure.SecretName == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("secretName"), "")) - } - if azure.ShareName == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("shareName"), "")) - } - return allErrs -} - -func validateAzureFilePV(azure *core.AzureFilePersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if azure.SecretName == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("secretName"), "")) - } - if azure.ShareName == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("shareName"), "")) - } - if azure.SecretNamespace != nil { - if len(*azure.SecretNamespace) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretNamespace"), "")) - } - } - return allErrs -} - -func validateAzureDisk(azure *core.AzureDiskVolumeSource, fldPath *field.Path) field.ErrorList { - var supportedCachingModes = sets.NewString(string(core.AzureDataDiskCachingNone), string(core.AzureDataDiskCachingReadOnly), string(core.AzureDataDiskCachingReadWrite)) - var supportedDiskKinds = sets.NewString(string(core.AzureSharedBlobDisk), string(core.AzureDedicatedBlobDisk), string(core.AzureManagedDisk)) - - diskURISupportedManaged := []string{"/subscriptions/{sub-id}/resourcegroups/{group-name}/providers/microsoft.compute/disks/{disk-id}"} - diskURISupportedblob := []string{"https://{account-name}.blob.core.windows.net/{container-name}/{disk-name}.vhd"} - - allErrs := field.ErrorList{} - if azure.DiskName == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("diskName"), "")) - } - - if azure.DataDiskURI == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("diskURI"), "")) - } - - if azure.CachingMode != nil && !supportedCachingModes.Has(string(*azure.CachingMode)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("cachingMode"), *azure.CachingMode, supportedCachingModes.List())) - } - - if azure.Kind != nil && !supportedDiskKinds.Has(string(*azure.Kind)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("kind"), *azure.Kind, supportedDiskKinds.List())) - } - - // validate that DiskUri is the correct format - if azure.Kind != nil && *azure.Kind == core.AzureManagedDisk && strings.Index(azure.DataDiskURI, "/subscriptions/") != 0 { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("diskURI"), azure.DataDiskURI, diskURISupportedManaged)) - } - - if azure.Kind != nil && *azure.Kind != core.AzureManagedDisk && strings.Index(azure.DataDiskURI, "https://") != 0 { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("diskURI"), azure.DataDiskURI, diskURISupportedblob)) - } - - return allErrs -} - -func validateVsphereVolumeSource(cd *core.VsphereVirtualDiskVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(cd.VolumePath) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumePath"), "")) - } - return allErrs -} - -func validatePhotonPersistentDiskVolumeSource(cd *core.PhotonPersistentDiskVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(cd.PdID) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("pdID"), "")) - } - return allErrs -} - -func validatePortworxVolumeSource(pwx *core.PortworxVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(pwx.VolumeID) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeID"), "")) - } - return allErrs -} - -func validateScaleIOVolumeSource(sio *core.ScaleIOVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if sio.Gateway == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("gateway"), "")) - } - if sio.System == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("system"), "")) - } - if sio.VolumeName == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeName"), "")) - } - return allErrs -} - -func validateScaleIOPersistentVolumeSource(sio *core.ScaleIOPersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if sio.Gateway == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("gateway"), "")) - } - if sio.System == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("system"), "")) - } - if sio.VolumeName == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeName"), "")) - } - return allErrs -} - -func validateLocalVolumeSource(ls *core.LocalVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if ls.Path == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("path"), "")) - return allErrs - } - - allErrs = append(allErrs, validatePathNoBacksteps(ls.Path, fldPath.Child("path"))...) - return allErrs -} - -func validateStorageOSVolumeSource(storageos *core.StorageOSVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(storageos.VolumeName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeName"), "")) - } else { - allErrs = append(allErrs, ValidateDNS1123Label(storageos.VolumeName, fldPath.Child("volumeName"))...) - } - if len(storageos.VolumeNamespace) > 0 { - allErrs = append(allErrs, ValidateDNS1123Label(storageos.VolumeNamespace, fldPath.Child("volumeNamespace"))...) - } - if storageos.SecretRef != nil { - if len(storageos.SecretRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "")) - } - } - return allErrs -} - -func validateStorageOSPersistentVolumeSource(storageos *core.StorageOSPersistentVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(storageos.VolumeName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeName"), "")) - } else { - allErrs = append(allErrs, ValidateDNS1123Label(storageos.VolumeName, fldPath.Child("volumeName"))...) - } - if len(storageos.VolumeNamespace) > 0 { - allErrs = append(allErrs, ValidateDNS1123Label(storageos.VolumeNamespace, fldPath.Child("volumeNamespace"))...) - } - if storageos.SecretRef != nil { - if len(storageos.SecretRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "name"), "")) - } - if len(storageos.SecretRef.Namespace) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("secretRef", "namespace"), "")) - } - } - return allErrs -} - -// validatePVSecretReference check whether provided SecretReference object is valid in terms of secret name and namespace. - -func validatePVSecretReference(secretRef *core.SecretReference, allowDNSSubDomainSecretName bool, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if len(secretRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else if allowDNSSubDomainSecretName { - allErrs = append(allErrs, ValidateDNS1123Subdomain(secretRef.Name, fldPath.Child("name"))...) - } else { - allErrs = append(allErrs, ValidateDNS1123Label(secretRef.Name, fldPath.Child("name"))...) - } - - if len(secretRef.Namespace) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), "")) - } else { - allErrs = append(allErrs, ValidateDNS1123Label(secretRef.Namespace, fldPath.Child("namespace"))...) - } - return allErrs -} - -func ValidateCSIDriverName(driverName string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(driverName) == 0 { - allErrs = append(allErrs, field.Required(fldPath, "")) - } - - if len(driverName) > 63 { - allErrs = append(allErrs, field.TooLong(fldPath, driverName, 63)) - } - - for _, msg := range validation.IsDNS1123Subdomain(strings.ToLower(driverName)) { - allErrs = append(allErrs, field.Invalid(fldPath, driverName, msg)) - } - - return allErrs -} - -func validateCSIPersistentVolumeSource(csi *core.CSIPersistentVolumeSource, allowDNSSubDomainSecretName bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, ValidateCSIDriverName(csi.Driver, fldPath.Child("driver"))...) - - if len(csi.VolumeHandle) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeHandle"), "")) - } - if csi.ControllerPublishSecretRef != nil { - allErrs = append(allErrs, validatePVSecretReference(csi.ControllerPublishSecretRef, allowDNSSubDomainSecretName, fldPath.Child("controllerPublishSecretRef"))...) - } - if csi.ControllerExpandSecretRef != nil { - allErrs = append(allErrs, validatePVSecretReference(csi.ControllerExpandSecretRef, allowDNSSubDomainSecretName, fldPath.Child("controllerExpandSecretRef"))...) - } - if csi.NodePublishSecretRef != nil { - allErrs = append(allErrs, validatePVSecretReference(csi.NodePublishSecretRef, allowDNSSubDomainSecretName, fldPath.Child("nodePublishSecretRef"))...) - } - if csi.NodeExpandSecretRef != nil { - allErrs = append(allErrs, validatePVSecretReference(csi.NodeExpandSecretRef, allowDNSSubDomainSecretName, fldPath.Child("nodeExpandSecretRef"))...) - } - return allErrs -} - -func validateCSIVolumeSource(csi *core.CSIVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateCSIDriverName(csi.Driver, fldPath.Child("driver"))...) - - if csi.NodePublishSecretRef != nil { - if len(csi.NodePublishSecretRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("nodePublishSecretRef", "name"), "")) - } else { - for _, msg := range ValidateSecretName(csi.NodePublishSecretRef.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), csi.NodePublishSecretRef.Name, msg)) - } - } - } - - return allErrs -} - -func validateEphemeralVolumeSource(ephemeral *core.EphemeralVolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if ephemeral.VolumeClaimTemplate == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("volumeClaimTemplate"), "")) - } else { - opts := ValidationOptionsForPersistentVolumeClaimTemplate(ephemeral.VolumeClaimTemplate, nil) - allErrs = append(allErrs, ValidatePersistentVolumeClaimTemplate(ephemeral.VolumeClaimTemplate, fldPath.Child("volumeClaimTemplate"), opts)...) - } - return allErrs -} - -// ValidatePersistentVolumeClaimTemplate verifies that the embedded object meta and spec are valid. -// Checking of the object data is very minimal because only labels and annotations are used. -func ValidatePersistentVolumeClaimTemplate(claimTemplate *core.PersistentVolumeClaimTemplate, fldPath *field.Path, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList { - allErrs := ValidateTemplateObjectMeta(&claimTemplate.ObjectMeta, fldPath.Child("metadata")) - allErrs = append(allErrs, ValidatePersistentVolumeClaimSpec(&claimTemplate.Spec, fldPath.Child("spec"), opts)...) - return allErrs -} - -func ValidateTemplateObjectMeta(objMeta *metav1.ObjectMeta, fldPath *field.Path) field.ErrorList { - allErrs := apimachineryvalidation.ValidateAnnotations(objMeta.Annotations, fldPath.Child("annotations")) - allErrs = append(allErrs, unversionedvalidation.ValidateLabels(objMeta.Labels, fldPath.Child("labels"))...) - // All other fields are not supported and thus must not be set - // to avoid confusion. We could reject individual fields, - // but then adding a new one to ObjectMeta wouldn't be checked - // unless this code gets updated. Instead, we ensure that - // only allowed fields are set via reflection. - allErrs = append(allErrs, validateFieldAllowList(*objMeta, allowedTemplateObjectMetaFields, "cannot be set", fldPath)...) - return allErrs -} - -var allowedTemplateObjectMetaFields = map[string]bool{ - "Annotations": true, - "Labels": true, -} - -// PersistentVolumeSpecValidationOptions contains the different settings for PeristentVolume validation -type PersistentVolumeSpecValidationOptions struct { - // Allow spec to contain the "ReadWiteOncePod" access mode - AllowReadWriteOncePod bool - // Allow the secretRef Name field to be of DNSSubDomain Format - AllowDNSSubDomainSecretName bool -} - -// ValidatePersistentVolumeName checks that a name is appropriate for a -// PersistentVolumeName object. -var ValidatePersistentVolumeName = apimachineryvalidation.NameIsDNSSubdomain - -var supportedAccessModes = sets.NewString(string(core.ReadWriteOnce), string(core.ReadOnlyMany), string(core.ReadWriteMany)) - -var supportedReclaimPolicy = sets.NewString(string(core.PersistentVolumeReclaimDelete), string(core.PersistentVolumeReclaimRecycle), string(core.PersistentVolumeReclaimRetain)) - -var supportedVolumeModes = sets.NewString(string(core.PersistentVolumeBlock), string(core.PersistentVolumeFilesystem)) - -func ValidationOptionsForPersistentVolume(pv, oldPv *core.PersistentVolume) PersistentVolumeSpecValidationOptions { - opts := PersistentVolumeSpecValidationOptions{ - AllowReadWriteOncePod: utilfeature.DefaultFeatureGate.Enabled(features.ReadWriteOncePod), - AllowDNSSubDomainSecretName: false, - } - if oldPv == nil { - // If there's no old PV, use the options based solely on feature enablement - return opts - } - if helper.ContainsAccessMode(oldPv.Spec.AccessModes, core.ReadWriteOncePod) { - // If the old object allowed "ReadWriteOncePod", continue to allow it in the new object - opts.AllowReadWriteOncePod = true - } - if oldCSI := oldPv.Spec.CSI; oldCSI != nil { - opts.AllowDNSSubDomainSecretName = - secretRefRequiresSubdomainSecretName(oldCSI.ControllerExpandSecretRef) || - secretRefRequiresSubdomainSecretName(oldCSI.ControllerPublishSecretRef) || - secretRefRequiresSubdomainSecretName(oldCSI.NodeStageSecretRef) || - secretRefRequiresSubdomainSecretName(oldCSI.NodePublishSecretRef) - } - return opts -} - -func secretRefRequiresSubdomainSecretName(secretRef *core.SecretReference) bool { - // ref and name were specified and name didn't fit within label validation - return secretRef != nil && len(secretRef.Name) > 0 && len(validation.IsDNS1123Label(secretRef.Name)) > 0 -} - -func ValidatePersistentVolumeSpec(pvSpec *core.PersistentVolumeSpec, pvName string, validateInlinePersistentVolumeSpec bool, fldPath *field.Path, opts PersistentVolumeSpecValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if validateInlinePersistentVolumeSpec { - if pvSpec.ClaimRef != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("claimRef"), "may not be specified in the context of inline volumes")) - } - if len(pvSpec.Capacity) != 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("capacity"), "may not be specified in the context of inline volumes")) - } - if pvSpec.CSI == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("csi"), "has to be specified in the context of inline volumes")) - } - } - - if len(pvSpec.AccessModes) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("accessModes"), "")) - } - - expandedSupportedAccessModes := sets.StringKeySet(supportedAccessModes) - if opts.AllowReadWriteOncePod { - expandedSupportedAccessModes.Insert(string(core.ReadWriteOncePod)) - } - - foundReadWriteOncePod, foundNonReadWriteOncePod := false, false - for _, mode := range pvSpec.AccessModes { - if !expandedSupportedAccessModes.Has(string(mode)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("accessModes"), mode, expandedSupportedAccessModes.List())) - } - - if mode == core.ReadWriteOncePod { - foundReadWriteOncePod = true - } else if supportedAccessModes.Has(string(mode)) { - foundNonReadWriteOncePod = true - } - } - if foundReadWriteOncePod && foundNonReadWriteOncePod { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("accessModes"), "may not use ReadWriteOncePod with other access modes")) - } - - if !validateInlinePersistentVolumeSpec { - if len(pvSpec.Capacity) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("capacity"), "")) - } - - if _, ok := pvSpec.Capacity[core.ResourceStorage]; !ok || len(pvSpec.Capacity) > 1 { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("capacity"), pvSpec.Capacity, []string{string(core.ResourceStorage)})) - } - capPath := fldPath.Child("capacity") - for r, qty := range pvSpec.Capacity { - allErrs = append(allErrs, validateBasicResource(qty, capPath.Key(string(r)))...) - allErrs = append(allErrs, ValidatePositiveQuantityValue(qty, capPath.Key(string(r)))...) - } - } - - if len(string(pvSpec.PersistentVolumeReclaimPolicy)) > 0 { - if validateInlinePersistentVolumeSpec { - if pvSpec.PersistentVolumeReclaimPolicy != core.PersistentVolumeReclaimRetain { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("persistentVolumeReclaimPolicy"), "may only be "+string(core.PersistentVolumeReclaimRetain)+" in the context of inline volumes")) - } - } else { - if !supportedReclaimPolicy.Has(string(pvSpec.PersistentVolumeReclaimPolicy)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("persistentVolumeReclaimPolicy"), pvSpec.PersistentVolumeReclaimPolicy, supportedReclaimPolicy.List())) - } - } - } - - var nodeAffinitySpecified bool - var errs field.ErrorList - if pvSpec.NodeAffinity != nil { - if validateInlinePersistentVolumeSpec { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("nodeAffinity"), "may not be specified in the context of inline volumes")) - } else { - nodeAffinitySpecified, errs = validateVolumeNodeAffinity(pvSpec.NodeAffinity, fldPath.Child("nodeAffinity")) - allErrs = append(allErrs, errs...) - } - } - numVolumes := 0 - if pvSpec.HostPath != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostPath"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateHostPathVolumeSource(pvSpec.HostPath, fldPath.Child("hostPath"))...) - } - } - if pvSpec.GCEPersistentDisk != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("gcePersistentDisk"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateGCEPersistentDiskVolumeSource(pvSpec.GCEPersistentDisk, fldPath.Child("persistentDisk"))...) - } - } - if pvSpec.AWSElasticBlockStore != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("awsElasticBlockStore"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateAWSElasticBlockStoreVolumeSource(pvSpec.AWSElasticBlockStore, fldPath.Child("awsElasticBlockStore"))...) - } - } - if pvSpec.Glusterfs != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("glusterfs"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateGlusterfsPersistentVolumeSource(pvSpec.Glusterfs, fldPath.Child("glusterfs"))...) - } - } - if pvSpec.Flocker != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("flocker"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateFlockerVolumeSource(pvSpec.Flocker, fldPath.Child("flocker"))...) - } - } - if pvSpec.NFS != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("nfs"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateNFSVolumeSource(pvSpec.NFS, fldPath.Child("nfs"))...) - } - } - if pvSpec.RBD != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("rbd"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateRBDPersistentVolumeSource(pvSpec.RBD, fldPath.Child("rbd"))...) - } - } - if pvSpec.Quobyte != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("quobyte"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateQuobyteVolumeSource(pvSpec.Quobyte, fldPath.Child("quobyte"))...) - } - } - if pvSpec.CephFS != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("cephFS"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateCephFSPersistentVolumeSource(pvSpec.CephFS, fldPath.Child("cephfs"))...) - } - } - if pvSpec.ISCSI != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("iscsi"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateISCSIPersistentVolumeSource(pvSpec.ISCSI, pvName, fldPath.Child("iscsi"))...) - } - } - if pvSpec.Cinder != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("cinder"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateCinderPersistentVolumeSource(pvSpec.Cinder, fldPath.Child("cinder"))...) - } - } - if pvSpec.FC != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("fc"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateFCVolumeSource(pvSpec.FC, fldPath.Child("fc"))...) - } - } - if pvSpec.FlexVolume != nil { - numVolumes++ - allErrs = append(allErrs, validateFlexPersistentVolumeSource(pvSpec.FlexVolume, fldPath.Child("flexVolume"))...) - } - if pvSpec.AzureFile != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("azureFile"), "may not specify more than 1 volume type")) - - } else { - numVolumes++ - allErrs = append(allErrs, validateAzureFilePV(pvSpec.AzureFile, fldPath.Child("azureFile"))...) - } - } - - if pvSpec.VsphereVolume != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("vsphereVolume"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateVsphereVolumeSource(pvSpec.VsphereVolume, fldPath.Child("vsphereVolume"))...) - } - } - if pvSpec.PhotonPersistentDisk != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("photonPersistentDisk"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validatePhotonPersistentDiskVolumeSource(pvSpec.PhotonPersistentDisk, fldPath.Child("photonPersistentDisk"))...) - } - } - if pvSpec.PortworxVolume != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("portworxVolume"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validatePortworxVolumeSource(pvSpec.PortworxVolume, fldPath.Child("portworxVolume"))...) - } - } - if pvSpec.AzureDisk != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("azureDisk"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateAzureDisk(pvSpec.AzureDisk, fldPath.Child("azureDisk"))...) - } - } - if pvSpec.ScaleIO != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("scaleIO"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateScaleIOPersistentVolumeSource(pvSpec.ScaleIO, fldPath.Child("scaleIO"))...) - } - } - if pvSpec.Local != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("local"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateLocalVolumeSource(pvSpec.Local, fldPath.Child("local"))...) - // NodeAffinity is required - if !nodeAffinitySpecified { - allErrs = append(allErrs, field.Required(fldPath.Child("nodeAffinity"), "Local volume requires node affinity")) - } - } - } - if pvSpec.StorageOS != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("storageos"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateStorageOSPersistentVolumeSource(pvSpec.StorageOS, fldPath.Child("storageos"))...) - } - } - - if pvSpec.CSI != nil { - if numVolumes > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("csi"), "may not specify more than 1 volume type")) - } else { - numVolumes++ - allErrs = append(allErrs, validateCSIPersistentVolumeSource(pvSpec.CSI, opts.AllowDNSSubDomainSecretName, fldPath.Child("csi"))...) - } - } - - if numVolumes == 0 { - allErrs = append(allErrs, field.Required(fldPath, "must specify a volume type")) - } - - // do not allow hostPath mounts of '/' to have a 'recycle' reclaim policy - if pvSpec.HostPath != nil && path.Clean(pvSpec.HostPath.Path) == "/" && pvSpec.PersistentVolumeReclaimPolicy == core.PersistentVolumeReclaimRecycle { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("persistentVolumeReclaimPolicy"), "may not be 'recycle' for a hostPath mount of '/'")) - } - - if len(pvSpec.StorageClassName) > 0 { - if validateInlinePersistentVolumeSpec { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("storageClassName"), "may not be specified in the context of inline volumes")) - } else { - for _, msg := range ValidateClassName(pvSpec.StorageClassName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("storageClassName"), pvSpec.StorageClassName, msg)) - } - } - } - if pvSpec.VolumeMode != nil { - if validateInlinePersistentVolumeSpec { - if *pvSpec.VolumeMode != core.PersistentVolumeFilesystem { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("volumeMode"), "may not specify volumeMode other than "+string(core.PersistentVolumeFilesystem)+" in the context of inline volumes")) - } - } else { - if !supportedVolumeModes.Has(string(*pvSpec.VolumeMode)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("volumeMode"), *pvSpec.VolumeMode, supportedVolumeModes.List())) - } - } - } - return allErrs -} - -func ValidatePersistentVolume(pv *core.PersistentVolume, opts PersistentVolumeSpecValidationOptions) field.ErrorList { - metaPath := field.NewPath("metadata") - allErrs := ValidateObjectMeta(&pv.ObjectMeta, false, ValidatePersistentVolumeName, metaPath) - allErrs = append(allErrs, ValidatePersistentVolumeSpec(&pv.Spec, pv.ObjectMeta.Name, false, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidatePersistentVolumeUpdate tests to see if the update is legal for an end user to make. -// newPv is updated with fields that cannot be changed. -func ValidatePersistentVolumeUpdate(newPv, oldPv *core.PersistentVolume, opts PersistentVolumeSpecValidationOptions) field.ErrorList { - allErrs := ValidatePersistentVolume(newPv, opts) - - // if oldPV does not have ControllerExpandSecretRef then allow it to be set - if (oldPv.Spec.CSI != nil && oldPv.Spec.CSI.ControllerExpandSecretRef == nil) && - (newPv.Spec.CSI != nil && newPv.Spec.CSI.ControllerExpandSecretRef != nil) { - newPv = newPv.DeepCopy() - newPv.Spec.CSI.ControllerExpandSecretRef = nil - } - - // PersistentVolumeSource should be immutable after creation. - if !apiequality.Semantic.DeepEqual(newPv.Spec.PersistentVolumeSource, oldPv.Spec.PersistentVolumeSource) { - pvcSourceDiff := cmp.Diff(oldPv.Spec.PersistentVolumeSource, newPv.Spec.PersistentVolumeSource) - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "persistentvolumesource"), fmt.Sprintf("spec.persistentvolumesource is immutable after creation\n%v", pvcSourceDiff))) - } - allErrs = append(allErrs, ValidateImmutableField(newPv.Spec.VolumeMode, oldPv.Spec.VolumeMode, field.NewPath("volumeMode"))...) - - // Allow setting NodeAffinity if oldPv NodeAffinity was not set - if oldPv.Spec.NodeAffinity != nil { - allErrs = append(allErrs, ValidateImmutableField(newPv.Spec.NodeAffinity, oldPv.Spec.NodeAffinity, field.NewPath("nodeAffinity"))...) - } - - return allErrs -} - -// ValidatePersistentVolumeStatusUpdate tests to see if the status update is legal for an end user to make. -func ValidatePersistentVolumeStatusUpdate(newPv, oldPv *core.PersistentVolume) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newPv.ObjectMeta, &oldPv.ObjectMeta, field.NewPath("metadata")) - if len(newPv.ResourceVersion) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), "")) - } - return allErrs -} - -type PersistentVolumeClaimSpecValidationOptions struct { - // Allow spec to contain the "ReadWiteOncePod" access mode - AllowReadWriteOncePod bool - // Allow users to recover from previously failing expansion operation - EnableRecoverFromExpansionFailure bool - // Allow assigning StorageClass to unbound PVCs retroactively - EnableRetroactiveDefaultStorageClass bool - // Allow to validate the label value of the label selector - AllowInvalidLabelValueInSelector bool -} - -func ValidationOptionsForPersistentVolumeClaim(pvc, oldPvc *core.PersistentVolumeClaim) PersistentVolumeClaimSpecValidationOptions { - opts := PersistentVolumeClaimSpecValidationOptions{ - AllowReadWriteOncePod: utilfeature.DefaultFeatureGate.Enabled(features.ReadWriteOncePod), - EnableRecoverFromExpansionFailure: utilfeature.DefaultFeatureGate.Enabled(features.RecoverVolumeExpansionFailure), - EnableRetroactiveDefaultStorageClass: utilfeature.DefaultFeatureGate.Enabled(features.RetroactiveDefaultStorageClass), - AllowInvalidLabelValueInSelector: false, - } - if oldPvc == nil { - // If there's no old PVC, use the options based solely on feature enablement - return opts - } - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector, - } - if len(unversionedvalidation.ValidateLabelSelector(oldPvc.Spec.Selector, labelSelectorValidationOpts, nil)) > 0 { - // If the old object had an invalid label selector, continue to allow it in the new object - opts.AllowInvalidLabelValueInSelector = true - } - - if helper.ContainsAccessMode(oldPvc.Spec.AccessModes, core.ReadWriteOncePod) { - // If the old object allowed "ReadWriteOncePod", continue to allow it in the new object - opts.AllowReadWriteOncePod = true - } - return opts -} - -func ValidationOptionsForPersistentVolumeClaimTemplate(claimTemplate, oldClaimTemplate *core.PersistentVolumeClaimTemplate) PersistentVolumeClaimSpecValidationOptions { - opts := PersistentVolumeClaimSpecValidationOptions{ - AllowReadWriteOncePod: utilfeature.DefaultFeatureGate.Enabled(features.ReadWriteOncePod), - AllowInvalidLabelValueInSelector: false, - } - if oldClaimTemplate == nil { - // If there's no old PVC template, use the options based solely on feature enablement - return opts - } - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector, - } - if len(unversionedvalidation.ValidateLabelSelector(oldClaimTemplate.Spec.Selector, labelSelectorValidationOpts, nil)) > 0 { - // If the old object had an invalid label selector, continue to allow it in the new object - opts.AllowInvalidLabelValueInSelector = true - } - if helper.ContainsAccessMode(oldClaimTemplate.Spec.AccessModes, core.ReadWriteOncePod) { - // If the old object allowed "ReadWriteOncePod", continue to allow it in the new object - opts.AllowReadWriteOncePod = true - } - return opts -} - -// ValidatePersistentVolumeClaim validates a PersistentVolumeClaim -func ValidatePersistentVolumeClaim(pvc *core.PersistentVolumeClaim, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList { - allErrs := ValidateObjectMeta(&pvc.ObjectMeta, true, ValidatePersistentVolumeName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidatePersistentVolumeClaimSpec(&pvc.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// validateDataSource validates a DataSource/DataSourceRef in a PersistentVolumeClaimSpec -func validateDataSource(dataSource *core.TypedLocalObjectReference, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(dataSource.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - if len(dataSource.Kind) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("kind"), "")) - } - apiGroup := "" - if dataSource.APIGroup != nil { - apiGroup = *dataSource.APIGroup - } - if len(apiGroup) == 0 && dataSource.Kind != "PersistentVolumeClaim" { - allErrs = append(allErrs, field.Invalid(fldPath, dataSource.Kind, "must be 'PersistentVolumeClaim' when referencing the default apiGroup")) - } - - return allErrs -} - -// validateDataSourceRef validates a DataSourceRef in a PersistentVolumeClaimSpec -func validateDataSourceRef(dataSourceRef *core.TypedObjectReference, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(dataSourceRef.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - if len(dataSourceRef.Kind) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("kind"), "")) - } - apiGroup := "" - if dataSourceRef.APIGroup != nil { - apiGroup = *dataSourceRef.APIGroup - } - if len(apiGroup) == 0 && dataSourceRef.Kind != "PersistentVolumeClaim" { - allErrs = append(allErrs, field.Invalid(fldPath, dataSourceRef.Kind, "must be 'PersistentVolumeClaim' when referencing the default apiGroup")) - } - - if dataSourceRef.Namespace != nil && len(*dataSourceRef.Namespace) > 0 { - for _, msg := range ValidateNameFunc(ValidateNamespaceName)(*dataSourceRef.Namespace, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), *dataSourceRef.Namespace, msg)) - } - } - - return allErrs -} - -// ValidatePersistentVolumeClaimSpec validates a PersistentVolumeClaimSpec -func ValidatePersistentVolumeClaimSpec(spec *core.PersistentVolumeClaimSpec, fldPath *field.Path, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if len(spec.AccessModes) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("accessModes"), "at least 1 access mode is required")) - } - if spec.Selector != nil { - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector, - } - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, labelSelectorValidationOpts, fldPath.Child("selector"))...) - } - - expandedSupportedAccessModes := sets.StringKeySet(supportedAccessModes) - if opts.AllowReadWriteOncePod { - expandedSupportedAccessModes.Insert(string(core.ReadWriteOncePod)) - } - - foundReadWriteOncePod, foundNonReadWriteOncePod := false, false - for _, mode := range spec.AccessModes { - if !expandedSupportedAccessModes.Has(string(mode)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("accessModes"), mode, expandedSupportedAccessModes.List())) - } - - if mode == core.ReadWriteOncePod { - foundReadWriteOncePod = true - } else if supportedAccessModes.Has(string(mode)) { - foundNonReadWriteOncePod = true - } - } - if foundReadWriteOncePod && foundNonReadWriteOncePod { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("accessModes"), "may not use ReadWriteOncePod with other access modes")) - } - - storageValue, ok := spec.Resources.Requests[core.ResourceStorage] - if !ok { - allErrs = append(allErrs, field.Required(fldPath.Child("resources").Key(string(core.ResourceStorage)), "")) - } else if errs := ValidatePositiveQuantityValue(storageValue, fldPath.Child("resources").Key(string(core.ResourceStorage))); len(errs) > 0 { - allErrs = append(allErrs, errs...) - } else { - allErrs = append(allErrs, ValidateResourceQuantityValue(string(core.ResourceStorage), storageValue, fldPath.Child("resources").Key(string(core.ResourceStorage)))...) - } - - if spec.StorageClassName != nil && len(*spec.StorageClassName) > 0 { - for _, msg := range ValidateClassName(*spec.StorageClassName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("storageClassName"), *spec.StorageClassName, msg)) - } - } - if spec.VolumeMode != nil && !supportedVolumeModes.Has(string(*spec.VolumeMode)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("volumeMode"), *spec.VolumeMode, supportedVolumeModes.List())) - } - - if spec.DataSource != nil { - allErrs = append(allErrs, validateDataSource(spec.DataSource, fldPath.Child("dataSource"))...) - } - if spec.DataSourceRef != nil { - allErrs = append(allErrs, validateDataSourceRef(spec.DataSourceRef, fldPath.Child("dataSourceRef"))...) - } - if spec.DataSourceRef != nil && spec.DataSourceRef.Namespace != nil && len(*spec.DataSourceRef.Namespace) > 0 { - if spec.DataSource != nil { - allErrs = append(allErrs, field.Invalid(fldPath, fldPath.Child("dataSource"), - "may not be specified when dataSourceRef.namespace is specified")) - } - } else if spec.DataSource != nil && spec.DataSourceRef != nil { - if !isDataSourceEqualDataSourceRef(spec.DataSource, spec.DataSourceRef) { - allErrs = append(allErrs, field.Invalid(fldPath, fldPath.Child("dataSource"), - "must match dataSourceRef")) - } - } - - return allErrs -} - -func isDataSourceEqualDataSourceRef(dataSource *core.TypedLocalObjectReference, dataSourceRef *core.TypedObjectReference) bool { - return reflect.DeepEqual(dataSource.APIGroup, dataSourceRef.APIGroup) && dataSource.Kind == dataSourceRef.Kind && dataSource.Name == dataSourceRef.Name -} - -// ValidatePersistentVolumeClaimUpdate validates an update to a PersistentVolumeClaim -func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, opts PersistentVolumeClaimSpecValidationOptions) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newPvc.ObjectMeta, &oldPvc.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidatePersistentVolumeClaim(newPvc, opts)...) - newPvcClone := newPvc.DeepCopy() - oldPvcClone := oldPvc.DeepCopy() - - // PVController needs to update PVC.Spec w/ VolumeName. - // Claims are immutable in order to enforce quota, range limits, etc. without gaming the system. - if len(oldPvc.Spec.VolumeName) == 0 { - // volumeName changes are allowed once. - oldPvcClone.Spec.VolumeName = newPvcClone.Spec.VolumeName // +k8s:verify-mutation:reason=clone - } - - if validateStorageClassUpgradeFromAnnotation(oldPvcClone.Annotations, newPvcClone.Annotations, - oldPvcClone.Spec.StorageClassName, newPvcClone.Spec.StorageClassName) { - newPvcClone.Spec.StorageClassName = nil - metav1.SetMetaDataAnnotation(&newPvcClone.ObjectMeta, core.BetaStorageClassAnnotation, oldPvcClone.Annotations[core.BetaStorageClassAnnotation]) - } else { - // storageclass annotation should be immutable after creation - // TODO: remove Beta when no longer needed - allErrs = append(allErrs, ValidateImmutableAnnotation(newPvc.ObjectMeta.Annotations[v1.BetaStorageClassAnnotation], oldPvc.ObjectMeta.Annotations[v1.BetaStorageClassAnnotation], v1.BetaStorageClassAnnotation, field.NewPath("metadata"))...) - - // If update from annotation to attribute failed we can attempt try to validate update from nil value. - if validateStorageClassUpgradeFromNil(oldPvc.Annotations, oldPvc.Spec.StorageClassName, newPvc.Spec.StorageClassName, opts) { - newPvcClone.Spec.StorageClassName = oldPvcClone.Spec.StorageClassName // +k8s:verify-mutation:reason=clone - } - // TODO: add a specific error with a hint that storage class name can not be changed - // (instead of letting spec comparison below return generic field forbidden error) - } - - // lets make sure storage values are same. - if newPvc.Status.Phase == core.ClaimBound && newPvcClone.Spec.Resources.Requests != nil { - newPvcClone.Spec.Resources.Requests["storage"] = oldPvc.Spec.Resources.Requests["storage"] // +k8s:verify-mutation:reason=clone - } - - oldSize := oldPvc.Spec.Resources.Requests["storage"] - newSize := newPvc.Spec.Resources.Requests["storage"] - statusSize := oldPvc.Status.Capacity["storage"] - - if !apiequality.Semantic.DeepEqual(newPvcClone.Spec, oldPvcClone.Spec) { - specDiff := cmp.Diff(oldPvcClone.Spec, newPvcClone.Spec) - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), fmt.Sprintf("spec is immutable after creation except resources.requests for bound claims\n%v", specDiff))) - } - if newSize.Cmp(oldSize) < 0 { - if !opts.EnableRecoverFromExpansionFailure { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "resources", "requests", "storage"), "field can not be less than previous value")) - } else { - // This validation permits reducing pvc requested size up to capacity recorded in pvc.status - // so that users can recover from volume expansion failure, but Kubernetes does not actually - // support volume shrinking - if newSize.Cmp(statusSize) <= 0 { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "resources", "requests", "storage"), "field can not be less than status.capacity")) - } - } - } - - allErrs = append(allErrs, ValidateImmutableField(newPvc.Spec.VolumeMode, oldPvc.Spec.VolumeMode, field.NewPath("volumeMode"))...) - - return allErrs -} - -// Provide an upgrade path from PVC with storage class specified in beta -// annotation to storage class specified in attribute. We allow update of -// StorageClassName only if following four conditions are met at the same time: -// 1. The old pvc's StorageClassAnnotation is set -// 2. The old pvc's StorageClassName is not set -// 3. The new pvc's StorageClassName is set and equal to the old value in annotation -// 4. If the new pvc's StorageClassAnnotation is set,it must be equal to the old pv/pvc's StorageClassAnnotation -func validateStorageClassUpgradeFromAnnotation(oldAnnotations, newAnnotations map[string]string, oldScName, newScName *string) bool { - oldSc, oldAnnotationExist := oldAnnotations[core.BetaStorageClassAnnotation] - newScInAnnotation, newAnnotationExist := newAnnotations[core.BetaStorageClassAnnotation] - return oldAnnotationExist /* condition 1 */ && - oldScName == nil /* condition 2*/ && - (newScName != nil && *newScName == oldSc) /* condition 3 */ && - (!newAnnotationExist || newScInAnnotation == oldSc) /* condition 4 */ -} - -// Provide an upgrade path from PVC with nil storage class. We allow update of -// StorageClassName only if following four conditions are met at the same time: -// 1. RetroactiveDefaultStorageClass FeatureGate is enabled -// 2. The new pvc's StorageClassName is not nil -// 3. The old pvc's StorageClassName is nil -// 4. The old pvc either does not have beta annotation set, or the beta annotation matches new pvc's StorageClassName -func validateStorageClassUpgradeFromNil(oldAnnotations map[string]string, oldScName, newScName *string, opts PersistentVolumeClaimSpecValidationOptions) bool { - oldAnnotation, oldAnnotationExist := oldAnnotations[core.BetaStorageClassAnnotation] - return opts.EnableRetroactiveDefaultStorageClass /* condition 1 */ && - newScName != nil /* condition 2 */ && - oldScName == nil /* condition 3 */ && - (!oldAnnotationExist || *newScName == oldAnnotation) /* condition 4 */ -} - -var resizeStatusSet = sets.NewString(string(core.PersistentVolumeClaimNoExpansionInProgress), - string(core.PersistentVolumeClaimControllerExpansionInProgress), - string(core.PersistentVolumeClaimControllerExpansionFailed), - string(core.PersistentVolumeClaimNodeExpansionPending), - string(core.PersistentVolumeClaimNodeExpansionInProgress), - string(core.PersistentVolumeClaimNodeExpansionFailed)) - -// ValidatePersistentVolumeClaimStatusUpdate validates an update to status of a PersistentVolumeClaim -func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, validationOpts PersistentVolumeClaimSpecValidationOptions) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newPvc.ObjectMeta, &oldPvc.ObjectMeta, field.NewPath("metadata")) - if len(newPvc.ResourceVersion) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), "")) - } - if len(newPvc.Spec.AccessModes) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("Spec", "accessModes"), "")) - } - - capPath := field.NewPath("status", "capacity") - for r, qty := range newPvc.Status.Capacity { - allErrs = append(allErrs, validateBasicResource(qty, capPath.Key(string(r)))...) - } - if validationOpts.EnableRecoverFromExpansionFailure { - resizeStatusPath := field.NewPath("status", "resizeStatus") - if newPvc.Status.ResizeStatus != nil { - resizeStatus := *newPvc.Status.ResizeStatus - if !resizeStatusSet.Has(string(resizeStatus)) { - allErrs = append(allErrs, field.NotSupported(resizeStatusPath, resizeStatus, resizeStatusSet.List())) - } - } - allocPath := field.NewPath("status", "allocatedResources") - for r, qty := range newPvc.Status.AllocatedResources { - if r != core.ResourceStorage { - allErrs = append(allErrs, field.NotSupported(allocPath, r, []string{string(core.ResourceStorage)})) - continue - } - if errs := validateBasicResource(qty, allocPath.Key(string(r))); len(errs) > 0 { - allErrs = append(allErrs, errs...) - } else { - allErrs = append(allErrs, ValidateResourceQuantityValue(string(core.ResourceStorage), qty, allocPath.Key(string(r)))...) - } - } - } - return allErrs -} - -var supportedPortProtocols = sets.NewString(string(core.ProtocolTCP), string(core.ProtocolUDP), string(core.ProtocolSCTP)) - -func validateContainerPorts(ports []core.ContainerPort, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allNames := sets.String{} - for i, port := range ports { - idxPath := fldPath.Index(i) - if len(port.Name) > 0 { - if msgs := validation.IsValidPortName(port.Name); len(msgs) != 0 { - for i = range msgs { - allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), port.Name, msgs[i])) - } - } else if allNames.Has(port.Name) { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("name"), port.Name)) - } else { - allNames.Insert(port.Name) - } - } - if port.ContainerPort == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("containerPort"), "")) - } else { - for _, msg := range validation.IsValidPortNum(int(port.ContainerPort)) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("containerPort"), port.ContainerPort, msg)) - } - } - if port.HostPort != 0 { - for _, msg := range validation.IsValidPortNum(int(port.HostPort)) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("hostPort"), port.HostPort, msg)) - } - } - if len(port.Protocol) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("protocol"), "")) - } else if !supportedPortProtocols.Has(string(port.Protocol)) { - allErrs = append(allErrs, field.NotSupported(idxPath.Child("protocol"), port.Protocol, supportedPortProtocols.List())) - } - } - return allErrs -} - -// ValidateEnv validates env vars -func ValidateEnv(vars []core.EnvVar, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - for i, ev := range vars { - idxPath := fldPath.Index(i) - if len(ev.Name) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("name"), "")) - } else { - for _, msg := range validation.IsEnvVarName(ev.Name) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), ev.Name, msg)) - } - } - allErrs = append(allErrs, validateEnvVarValueFrom(ev, idxPath.Child("valueFrom"), opts)...) - } - return allErrs -} - -var validEnvDownwardAPIFieldPathExpressions = sets.NewString( - "metadata.name", - "metadata.namespace", - "metadata.uid", - "spec.nodeName", - "spec.serviceAccountName", - "status.hostIP", - "status.podIP", - "status.podIPs") - -var validContainerResourceFieldPathExpressions = sets.NewString("limits.cpu", "limits.memory", "limits.ephemeral-storage", "requests.cpu", "requests.memory", "requests.ephemeral-storage") - -// NOTE: this is only valid with DownwardAPIHugePages enabled -var validContainerResourceFieldPathPrefixes = sets.NewString() -var validContainerResourceFieldPathPrefixesWithDownwardAPIHugePages = sets.NewString(hugepagesRequestsPrefixDownwardAPI, hugepagesLimitsPrefixDownwardAPI) - -const hugepagesRequestsPrefixDownwardAPI string = `requests.hugepages-` -const hugepagesLimitsPrefixDownwardAPI string = `limits.hugepages-` - -func validateEnvVarValueFrom(ev core.EnvVar, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if ev.ValueFrom == nil { - return allErrs - } - - numSources := 0 - - if ev.ValueFrom.FieldRef != nil { - numSources++ - allErrs = append(allErrs, validateObjectFieldSelector(ev.ValueFrom.FieldRef, &validEnvDownwardAPIFieldPathExpressions, fldPath.Child("fieldRef"))...) - } - if ev.ValueFrom.ResourceFieldRef != nil { - numSources++ - localValidContainerResourceFieldPathPrefixes := validContainerResourceFieldPathPrefixes - if opts.AllowDownwardAPIHugePages { - localValidContainerResourceFieldPathPrefixes = validContainerResourceFieldPathPrefixesWithDownwardAPIHugePages - } - allErrs = append(allErrs, validateContainerResourceFieldSelector(ev.ValueFrom.ResourceFieldRef, &validContainerResourceFieldPathExpressions, &localValidContainerResourceFieldPathPrefixes, fldPath.Child("resourceFieldRef"), false)...) - } - if ev.ValueFrom.ConfigMapKeyRef != nil { - numSources++ - allErrs = append(allErrs, validateConfigMapKeySelector(ev.ValueFrom.ConfigMapKeyRef, fldPath.Child("configMapKeyRef"))...) - } - if ev.ValueFrom.SecretKeyRef != nil { - numSources++ - allErrs = append(allErrs, validateSecretKeySelector(ev.ValueFrom.SecretKeyRef, fldPath.Child("secretKeyRef"))...) - } - - if numSources == 0 { - allErrs = append(allErrs, field.Invalid(fldPath, "", "must specify one of: `fieldRef`, `resourceFieldRef`, `configMapKeyRef` or `secretKeyRef`")) - } else if len(ev.Value) != 0 { - if numSources != 0 { - allErrs = append(allErrs, field.Invalid(fldPath, "", "may not be specified when `value` is not empty")) - } - } else if numSources > 1 { - allErrs = append(allErrs, field.Invalid(fldPath, "", "may not have more than one field specified at a time")) - } - - return allErrs -} - -func validateObjectFieldSelector(fs *core.ObjectFieldSelector, expressions *sets.String, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(fs.APIVersion) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("apiVersion"), "")) - return allErrs - } - if len(fs.FieldPath) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("fieldPath"), "")) - return allErrs - } - - internalFieldPath, _, err := podshelper.ConvertDownwardAPIFieldLabel(fs.APIVersion, fs.FieldPath, "") - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("fieldPath"), fs.FieldPath, fmt.Sprintf("error converting fieldPath: %v", err))) - return allErrs - } - - if path, subscript, ok := fieldpath.SplitMaybeSubscriptedPath(internalFieldPath); ok { - switch path { - case "metadata.annotations": - allErrs = append(allErrs, ValidateQualifiedName(strings.ToLower(subscript), fldPath)...) - case "metadata.labels": - allErrs = append(allErrs, ValidateQualifiedName(subscript, fldPath)...) - default: - allErrs = append(allErrs, field.Invalid(fldPath, path, "does not support subscript")) - } - } else if !expressions.Has(path) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("fieldPath"), path, expressions.List())) - return allErrs - } - - return allErrs -} - -func validateContainerResourceFieldSelector(fs *core.ResourceFieldSelector, expressions *sets.String, prefixes *sets.String, fldPath *field.Path, volume bool) field.ErrorList { - allErrs := field.ErrorList{} - - if volume && len(fs.ContainerName) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("containerName"), "")) - } else if len(fs.Resource) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("resource"), "")) - } else if !expressions.Has(fs.Resource) { - // check if the prefix is present - foundPrefix := false - if prefixes != nil { - for _, prefix := range prefixes.List() { - if strings.HasPrefix(fs.Resource, prefix) { - foundPrefix = true - } - } - } - if !foundPrefix { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("resource"), fs.Resource, expressions.List())) - } - } - allErrs = append(allErrs, validateContainerResourceDivisor(fs.Resource, fs.Divisor, fldPath)...) - return allErrs -} - -func ValidateEnvFrom(vars []core.EnvFromSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i, ev := range vars { - idxPath := fldPath.Index(i) - if len(ev.Prefix) > 0 { - for _, msg := range validation.IsEnvVarName(ev.Prefix) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("prefix"), ev.Prefix, msg)) - } - } - - numSources := 0 - if ev.ConfigMapRef != nil { - numSources++ - allErrs = append(allErrs, validateConfigMapEnvSource(ev.ConfigMapRef, idxPath.Child("configMapRef"))...) - } - if ev.SecretRef != nil { - numSources++ - allErrs = append(allErrs, validateSecretEnvSource(ev.SecretRef, idxPath.Child("secretRef"))...) - } - - if numSources == 0 { - allErrs = append(allErrs, field.Invalid(fldPath, "", "must specify one of: `configMapRef` or `secretRef`")) - } else if numSources > 1 { - allErrs = append(allErrs, field.Invalid(fldPath, "", "may not have more than one field specified at a time")) - } - } - return allErrs -} - -func validateConfigMapEnvSource(configMapSource *core.ConfigMapEnvSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(configMapSource.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else { - for _, msg := range ValidateConfigMapName(configMapSource.Name, true) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), configMapSource.Name, msg)) - } - } - return allErrs -} - -func validateSecretEnvSource(secretSource *core.SecretEnvSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(secretSource.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else { - for _, msg := range ValidateSecretName(secretSource.Name, true) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), secretSource.Name, msg)) - } - } - return allErrs -} - -var validContainerResourceDivisorForCPU = sets.NewString("1m", "1") -var validContainerResourceDivisorForMemory = sets.NewString("1", "1k", "1M", "1G", "1T", "1P", "1E", "1Ki", "1Mi", "1Gi", "1Ti", "1Pi", "1Ei") -var validContainerResourceDivisorForHugePages = sets.NewString("1", "1k", "1M", "1G", "1T", "1P", "1E", "1Ki", "1Mi", "1Gi", "1Ti", "1Pi", "1Ei") -var validContainerResourceDivisorForEphemeralStorage = sets.NewString("1", "1k", "1M", "1G", "1T", "1P", "1E", "1Ki", "1Mi", "1Gi", "1Ti", "1Pi", "1Ei") - -func validateContainerResourceDivisor(rName string, divisor resource.Quantity, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - unsetDivisor := resource.Quantity{} - if unsetDivisor.Cmp(divisor) == 0 { - return allErrs - } - switch rName { - case "limits.cpu", "requests.cpu": - if !validContainerResourceDivisorForCPU.Has(divisor.String()) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("divisor"), rName, "only divisor's values 1m and 1 are supported with the cpu resource")) - } - case "limits.memory", "requests.memory": - if !validContainerResourceDivisorForMemory.Has(divisor.String()) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("divisor"), rName, "only divisor's values 1, 1k, 1M, 1G, 1T, 1P, 1E, 1Ki, 1Mi, 1Gi, 1Ti, 1Pi, 1Ei are supported with the memory resource")) - } - case "limits.ephemeral-storage", "requests.ephemeral-storage": - if !validContainerResourceDivisorForEphemeralStorage.Has(divisor.String()) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("divisor"), rName, "only divisor's values 1, 1k, 1M, 1G, 1T, 1P, 1E, 1Ki, 1Mi, 1Gi, 1Ti, 1Pi, 1Ei are supported with the local ephemeral storage resource")) - } - } - if strings.HasPrefix(rName, hugepagesRequestsPrefixDownwardAPI) || strings.HasPrefix(rName, hugepagesLimitsPrefixDownwardAPI) { - if !validContainerResourceDivisorForHugePages.Has(divisor.String()) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("divisor"), rName, "only divisor's values 1, 1k, 1M, 1G, 1T, 1P, 1E, 1Ki, 1Mi, 1Gi, 1Ti, 1Pi, 1Ei are supported with the hugepages resource")) - } - } - return allErrs -} - -func validateConfigMapKeySelector(s *core.ConfigMapKeySelector, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - nameFn := ValidateNameFunc(ValidateSecretName) - for _, msg := range nameFn(s.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), s.Name, msg)) - } - if len(s.Key) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("key"), "")) - } else { - for _, msg := range validation.IsConfigMapKey(s.Key) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("key"), s.Key, msg)) - } - } - - return allErrs -} - -func validateSecretKeySelector(s *core.SecretKeySelector, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - nameFn := ValidateNameFunc(ValidateSecretName) - for _, msg := range nameFn(s.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), s.Name, msg)) - } - if len(s.Key) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("key"), "")) - } else { - for _, msg := range validation.IsConfigMapKey(s.Key) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("key"), s.Key, msg)) - } - } - - return allErrs -} - -func GetVolumeMountMap(mounts []core.VolumeMount) map[string]string { - volmounts := make(map[string]string) - - for _, mnt := range mounts { - volmounts[mnt.Name] = mnt.MountPath - } - - return volmounts -} - -func GetVolumeDeviceMap(devices []core.VolumeDevice) map[string]string { - volDevices := make(map[string]string) - - for _, dev := range devices { - volDevices[dev.Name] = dev.DevicePath - } - - return volDevices -} - -func ValidateVolumeMounts(mounts []core.VolumeMount, voldevices map[string]string, volumes map[string]core.VolumeSource, container *core.Container, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - mountpoints := sets.NewString() - - for i, mnt := range mounts { - idxPath := fldPath.Index(i) - if len(mnt.Name) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("name"), "")) - } - if !IsMatchedVolume(mnt.Name, volumes) { - allErrs = append(allErrs, field.NotFound(idxPath.Child("name"), mnt.Name)) - } - if len(mnt.MountPath) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("mountPath"), "")) - } - if mountpoints.Has(mnt.MountPath) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("mountPath"), mnt.MountPath, "must be unique")) - } - mountpoints.Insert(mnt.MountPath) - - // check for overlap with VolumeDevice - if mountNameAlreadyExists(mnt.Name, voldevices) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), mnt.Name, "must not already exist in volumeDevices")) - } - if mountPathAlreadyExists(mnt.MountPath, voldevices) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("mountPath"), mnt.MountPath, "must not already exist as a path in volumeDevices")) - } - - if len(mnt.SubPath) > 0 { - allErrs = append(allErrs, validateLocalDescendingPath(mnt.SubPath, fldPath.Child("subPath"))...) - } - - if len(mnt.SubPathExpr) > 0 { - if len(mnt.SubPath) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("subPathExpr"), mnt.SubPathExpr, "subPathExpr and subPath are mutually exclusive")) - } - - allErrs = append(allErrs, validateLocalDescendingPath(mnt.SubPathExpr, fldPath.Child("subPathExpr"))...) - } - - if mnt.MountPropagation != nil { - allErrs = append(allErrs, validateMountPropagation(mnt.MountPropagation, container, fldPath.Child("mountPropagation"))...) - } - } - return allErrs -} - -func ValidateVolumeDevices(devices []core.VolumeDevice, volmounts map[string]string, volumes map[string]core.VolumeSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - devicepath := sets.NewString() - devicename := sets.NewString() - - for i, dev := range devices { - idxPath := fldPath.Index(i) - devName := dev.Name - devPath := dev.DevicePath - didMatch, isPVC := isMatchedDevice(devName, volumes) - if len(devName) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("name"), "")) - } - if devicename.Has(devName) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "must be unique")) - } - // Must be based on PersistentVolumeClaim (PVC reference or generic ephemeral inline volume) - if didMatch && !isPVC { - allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "can only use volume source type of PersistentVolumeClaim or Ephemeral for block mode")) - } - if !didMatch { - allErrs = append(allErrs, field.NotFound(idxPath.Child("name"), devName)) - } - if len(devPath) == 0 { - allErrs = append(allErrs, field.Required(idxPath.Child("devicePath"), "")) - } - if devicepath.Has(devPath) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("devicePath"), devPath, "must be unique")) - } - if len(devPath) > 0 && len(validatePathNoBacksteps(devPath, fldPath.Child("devicePath"))) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("devicePath"), devPath, "can not contain backsteps ('..')")) - } else { - devicepath.Insert(devPath) - } - // check for overlap with VolumeMount - if deviceNameAlreadyExists(devName, volmounts) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "must not already exist in volumeMounts")) - } - if devicePathAlreadyExists(devPath, volmounts) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("devicePath"), devPath, "must not already exist as a path in volumeMounts")) - } - if len(devName) > 0 { - devicename.Insert(devName) - } - } - return allErrs -} - -func validatePodResourceClaims(claims []core.PodResourceClaim, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - podClaimNames := sets.NewString() - for i, claim := range claims { - allErrs = append(allErrs, validatePodResourceClaim(claim, &podClaimNames, fldPath.Index(i))...) - } - return allErrs -} - -// gatherPodResourceClaimNames returns a set of all non-empty -// PodResourceClaim.Name values. Validation that those names are valid is -// handled by validatePodResourceClaims. -func gatherPodResourceClaimNames(claims []core.PodResourceClaim) sets.String { - podClaimNames := sets.String{} - for _, claim := range claims { - if claim.Name != "" { - podClaimNames.Insert(claim.Name) - } - } - return podClaimNames -} - -func validatePodResourceClaim(claim core.PodResourceClaim, podClaimNames *sets.String, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if claim.Name == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else if podClaimNames.Has(claim.Name) { - allErrs = append(allErrs, field.Duplicate(fldPath.Child("name"), claim.Name)) - } else { - allErrs = append(allErrs, ValidateDNS1123Label(claim.Name, fldPath.Child("name"))...) - podClaimNames.Insert(claim.Name) - } - allErrs = append(allErrs, validatePodResourceClaimSource(claim.Source, fldPath.Child("source"))...) - - return allErrs -} - -func validatePodResourceClaimSource(claimSource core.ClaimSource, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if claimSource.ResourceClaimName != nil && claimSource.ResourceClaimTemplateName != nil { - allErrs = append(allErrs, field.Invalid(fldPath, claimSource, "at most one of `resourceClaimName` or `resourceClaimTemplateName` may be specified")) - } - if claimSource.ResourceClaimName == nil && claimSource.ResourceClaimTemplateName == nil { - allErrs = append(allErrs, field.Invalid(fldPath, claimSource, "must specify one of: `resourceClaimName`, `resourceClaimTemplateName`")) - } - return allErrs -} - -func validateProbe(probe *core.Probe, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if probe == nil { - return allErrs - } - allErrs = append(allErrs, validateHandler(handlerFromProbe(&probe.ProbeHandler), fldPath)...) - - allErrs = append(allErrs, ValidateNonnegativeField(int64(probe.InitialDelaySeconds), fldPath.Child("initialDelaySeconds"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(probe.TimeoutSeconds), fldPath.Child("timeoutSeconds"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(probe.PeriodSeconds), fldPath.Child("periodSeconds"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(probe.SuccessThreshold), fldPath.Child("successThreshold"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(probe.FailureThreshold), fldPath.Child("failureThreshold"))...) - if probe.TerminationGracePeriodSeconds != nil && *probe.TerminationGracePeriodSeconds <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("terminationGracePeriodSeconds"), *probe.TerminationGracePeriodSeconds, "must be greater than 0")) - } - return allErrs -} - -type commonHandler struct { - Exec *core.ExecAction - HTTPGet *core.HTTPGetAction - TCPSocket *core.TCPSocketAction - GRPC *core.GRPCAction -} - -func handlerFromProbe(ph *core.ProbeHandler) commonHandler { - return commonHandler{ - Exec: ph.Exec, - HTTPGet: ph.HTTPGet, - TCPSocket: ph.TCPSocket, - GRPC: ph.GRPC, - } -} - -func handlerFromLifecycle(lh *core.LifecycleHandler) commonHandler { - return commonHandler{ - Exec: lh.Exec, - HTTPGet: lh.HTTPGet, - TCPSocket: lh.TCPSocket, - } -} - -func validateClientIPAffinityConfig(config *core.SessionAffinityConfig, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if config == nil { - allErrs = append(allErrs, field.Required(fldPath, fmt.Sprintf("when session affinity type is %s", core.ServiceAffinityClientIP))) - return allErrs - } - if config.ClientIP == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("clientIP"), fmt.Sprintf("when session affinity type is %s", core.ServiceAffinityClientIP))) - return allErrs - } - if config.ClientIP.TimeoutSeconds == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("clientIP").Child("timeoutSeconds"), fmt.Sprintf("when session affinity type is %s", core.ServiceAffinityClientIP))) - return allErrs - } - allErrs = append(allErrs, validateAffinityTimeout(config.ClientIP.TimeoutSeconds, fldPath.Child("clientIP").Child("timeoutSeconds"))...) - - return allErrs -} - -func validateAffinityTimeout(timeout *int32, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if *timeout <= 0 || *timeout > core.MaxClientIPServiceAffinitySeconds { - allErrs = append(allErrs, field.Invalid(fldPath, timeout, fmt.Sprintf("must be greater than 0 and less than %d", core.MaxClientIPServiceAffinitySeconds))) - } - return allErrs -} - -// AccumulateUniqueHostPorts extracts each HostPort of each Container, -// accumulating the results and returning an error if any ports conflict. -func AccumulateUniqueHostPorts(containers []core.Container, accumulator *sets.String, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - for ci, ctr := range containers { - idxPath := fldPath.Index(ci) - portsPath := idxPath.Child("ports") - for pi := range ctr.Ports { - idxPath := portsPath.Index(pi) - port := ctr.Ports[pi].HostPort - if port == 0 { - continue - } - str := fmt.Sprintf("%s/%s/%d", ctr.Ports[pi].Protocol, ctr.Ports[pi].HostIP, port) - if accumulator.Has(str) { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("hostPort"), str)) - } else { - accumulator.Insert(str) - } - } - } - return allErrs -} - -// checkHostPortConflicts checks for colliding Port.HostPort values across -// a slice of containers. -func checkHostPortConflicts(containers []core.Container, fldPath *field.Path) field.ErrorList { - allPorts := sets.String{} - return AccumulateUniqueHostPorts(containers, &allPorts, fldPath) -} - -func validateExecAction(exec *core.ExecAction, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - if len(exec.Command) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("command"), "")) - } - return allErrors -} - -var supportedHTTPSchemes = sets.NewString(string(core.URISchemeHTTP), string(core.URISchemeHTTPS)) - -func validateHTTPGetAction(http *core.HTTPGetAction, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - if len(http.Path) == 0 { - allErrors = append(allErrors, field.Required(fldPath.Child("path"), "")) - } - allErrors = append(allErrors, ValidatePortNumOrName(http.Port, fldPath.Child("port"))...) - if !supportedHTTPSchemes.Has(string(http.Scheme)) { - allErrors = append(allErrors, field.NotSupported(fldPath.Child("scheme"), http.Scheme, supportedHTTPSchemes.List())) - } - for _, header := range http.HTTPHeaders { - for _, msg := range validation.IsHTTPHeaderName(header.Name) { - allErrors = append(allErrors, field.Invalid(fldPath.Child("httpHeaders"), header.Name, msg)) - } - } - return allErrors -} - -func ValidatePortNumOrName(port intstr.IntOrString, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if port.Type == intstr.Int { - for _, msg := range validation.IsValidPortNum(port.IntValue()) { - allErrs = append(allErrs, field.Invalid(fldPath, port.IntValue(), msg)) - } - } else if port.Type == intstr.String { - for _, msg := range validation.IsValidPortName(port.StrVal) { - allErrs = append(allErrs, field.Invalid(fldPath, port.StrVal, msg)) - } - } else { - allErrs = append(allErrs, field.InternalError(fldPath, fmt.Errorf("unknown type: %v", port.Type))) - } - return allErrs -} - -func validateTCPSocketAction(tcp *core.TCPSocketAction, fldPath *field.Path) field.ErrorList { - return ValidatePortNumOrName(tcp.Port, fldPath.Child("port")) -} -func validateGRPCAction(grpc *core.GRPCAction, fldPath *field.Path) field.ErrorList { - return ValidatePortNumOrName(intstr.FromInt(int(grpc.Port)), fldPath.Child("port")) -} -func validateHandler(handler commonHandler, fldPath *field.Path) field.ErrorList { - numHandlers := 0 - allErrors := field.ErrorList{} - if handler.Exec != nil { - if numHandlers > 0 { - allErrors = append(allErrors, field.Forbidden(fldPath.Child("exec"), "may not specify more than 1 handler type")) - } else { - numHandlers++ - allErrors = append(allErrors, validateExecAction(handler.Exec, fldPath.Child("exec"))...) - } - } - if handler.HTTPGet != nil { - if numHandlers > 0 { - allErrors = append(allErrors, field.Forbidden(fldPath.Child("httpGet"), "may not specify more than 1 handler type")) - } else { - numHandlers++ - allErrors = append(allErrors, validateHTTPGetAction(handler.HTTPGet, fldPath.Child("httpGet"))...) - } - } - if handler.TCPSocket != nil { - if numHandlers > 0 { - allErrors = append(allErrors, field.Forbidden(fldPath.Child("tcpSocket"), "may not specify more than 1 handler type")) - } else { - numHandlers++ - allErrors = append(allErrors, validateTCPSocketAction(handler.TCPSocket, fldPath.Child("tcpSocket"))...) - } - } - if handler.GRPC != nil { - if numHandlers > 0 { - allErrors = append(allErrors, field.Forbidden(fldPath.Child("grpc"), "may not specify more than 1 handler type")) - } else { - numHandlers++ - allErrors = append(allErrors, validateGRPCAction(handler.GRPC, fldPath.Child("grpc"))...) - } - } - if numHandlers == 0 { - allErrors = append(allErrors, field.Required(fldPath, "must specify a handler type")) - } - return allErrors -} - -func validateLifecycle(lifecycle *core.Lifecycle, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if lifecycle.PostStart != nil { - allErrs = append(allErrs, validateHandler(handlerFromLifecycle(lifecycle.PostStart), fldPath.Child("postStart"))...) - } - if lifecycle.PreStop != nil { - allErrs = append(allErrs, validateHandler(handlerFromLifecycle(lifecycle.PreStop), fldPath.Child("preStop"))...) - } - return allErrs -} - -var supportedPullPolicies = sets.NewString(string(core.PullAlways), string(core.PullIfNotPresent), string(core.PullNever)) - -func validatePullPolicy(policy core.PullPolicy, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - - switch policy { - case core.PullAlways, core.PullIfNotPresent, core.PullNever: - break - case "": - allErrors = append(allErrors, field.Required(fldPath, "")) - default: - allErrors = append(allErrors, field.NotSupported(fldPath, policy, supportedPullPolicies.List())) - } - - return allErrors -} - -// validateEphemeralContainers is called by pod spec and template validation to validate the list of ephemeral containers. -// Note that this is called for pod template even though ephemeral containers aren't allowed in pod templates. -func validateEphemeralContainers(ephemeralContainers []core.EphemeralContainer, containers, initContainers []core.Container, volumes map[string]core.VolumeSource, podClaimNames sets.String, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - var allErrs field.ErrorList - - if len(ephemeralContainers) == 0 { - return allErrs - } - - otherNames, allNames := sets.String{}, sets.String{} - for _, c := range containers { - otherNames.Insert(c.Name) - allNames.Insert(c.Name) - } - for _, c := range initContainers { - otherNames.Insert(c.Name) - allNames.Insert(c.Name) - } - - for i, ec := range ephemeralContainers { - idxPath := fldPath.Index(i) - - c := (*core.Container)(&ec.EphemeralContainerCommon) - allErrs = append(allErrs, validateContainerCommon(c, volumes, podClaimNames, idxPath, opts)...) - // Ephemeral containers don't need looser constraints for pod templates, so it's convenient to apply both validations - // here where we've already converted EphemeralContainerCommon to Container. - allErrs = append(allErrs, validateContainerOnlyForPod(c, idxPath)...) - - // Ephemeral containers must have a name unique across all container types. - if allNames.Has(ec.Name) { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("name"), ec.Name)) - } else { - allNames.Insert(ec.Name) - } - - // The target container name must exist and be non-ephemeral. - if ec.TargetContainerName != "" && !otherNames.Has(ec.TargetContainerName) { - allErrs = append(allErrs, field.NotFound(idxPath.Child("targetContainerName"), ec.TargetContainerName)) - } - - // Ephemeral containers should not be relied upon for fundamental pod services, so fields such as - // Lifecycle, probes, resources and ports should be disallowed. This is implemented as a list - // of allowed fields so that new fields will be given consideration prior to inclusion in ephemeral containers. - allErrs = append(allErrs, validateFieldAllowList(ec.EphemeralContainerCommon, allowedEphemeralContainerFields, "cannot be set for an Ephemeral Container", idxPath)...) - - // VolumeMount subpaths have the potential to leak resources since they're implemented with bind mounts - // that aren't cleaned up until the pod exits. Since they also imply that the container is being used - // as part of the workload, they're disallowed entirely. - for i, vm := range ec.VolumeMounts { - if vm.SubPath != "" { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("volumeMounts").Index(i).Child("subPath"), "cannot be set for an Ephemeral Container")) - } - if vm.SubPathExpr != "" { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("volumeMounts").Index(i).Child("subPathExpr"), "cannot be set for an Ephemeral Container")) - } - } - } - - return allErrs -} - -// ValidateFieldAcceptList checks that only allowed fields are set. -// The value must be a struct (not a pointer to a struct!). -func validateFieldAllowList(value interface{}, allowedFields map[string]bool, errorText string, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - reflectType, reflectValue := reflect.TypeOf(value), reflect.ValueOf(value) - for i := 0; i < reflectType.NumField(); i++ { - f := reflectType.Field(i) - if allowedFields[f.Name] { - continue - } - - // Compare the value of this field to its zero value to determine if it has been set - if !reflect.DeepEqual(reflectValue.Field(i).Interface(), reflect.Zero(f.Type).Interface()) { - r, n := utf8.DecodeRuneInString(f.Name) - lcName := string(unicode.ToLower(r)) + f.Name[n:] - allErrs = append(allErrs, field.Forbidden(fldPath.Child(lcName), errorText)) - } - } - - return allErrs -} - -// validateInitContainers is called by pod spec and template validation to validate the list of init containers -func validateInitContainers(containers []core.Container, regularContainers []core.Container, volumes map[string]core.VolumeSource, podClaimNames sets.String, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - var allErrs field.ErrorList - - allNames := sets.String{} - for _, ctr := range regularContainers { - allNames.Insert(ctr.Name) - } - for i, ctr := range containers { - idxPath := fldPath.Index(i) - - // Apply the validation common to all container types - allErrs = append(allErrs, validateContainerCommon(&ctr, volumes, podClaimNames, idxPath, opts)...) - - // Names must be unique within regular and init containers. Collisions with ephemeral containers - // will be detected by validateEphemeralContainers(). - if allNames.Has(ctr.Name) { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("name"), ctr.Name)) - } else if len(ctr.Name) > 0 { - allNames.Insert(ctr.Name) - } - - // Check for port conflicts in init containers individually since init containers run one-by-one. - allErrs = append(allErrs, checkHostPortConflicts([]core.Container{ctr}, fldPath)...) - - // These fields are disallowed for init containers. - if ctr.Lifecycle != nil { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("lifecycle"), "may not be set for init containers")) - } - if ctr.LivenessProbe != nil { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("livenessProbe"), "may not be set for init containers")) - } - if ctr.ReadinessProbe != nil { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("readinessProbe"), "may not be set for init containers")) - } - if ctr.StartupProbe != nil { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("startupProbe"), "may not be set for init containers")) - } - } - - return allErrs -} - -// validateContainerCommon applies validation common to all container types. It's called by regular, init, and ephemeral -// container list validation to require a properly formatted name, image, etc. -func validateContainerCommon(ctr *core.Container, volumes map[string]core.VolumeSource, podClaimNames sets.String, path *field.Path, opts PodValidationOptions) field.ErrorList { - var allErrs field.ErrorList - - namePath := path.Child("name") - if len(ctr.Name) == 0 { - allErrs = append(allErrs, field.Required(namePath, "")) - } else { - allErrs = append(allErrs, ValidateDNS1123Label(ctr.Name, namePath)...) - } - - // TODO: do not validate leading and trailing whitespace to preserve backward compatibility. - // for example: https://github.com/openshift/origin/issues/14659 image = " " is special token in pod template - // others may have done similar - if len(ctr.Image) == 0 { - allErrs = append(allErrs, field.Required(path.Child("image"), "")) - } - - switch ctr.TerminationMessagePolicy { - case core.TerminationMessageReadFile, core.TerminationMessageFallbackToLogsOnError: - case "": - allErrs = append(allErrs, field.Required(path.Child("terminationMessagePolicy"), "")) - default: - supported := []string{ - string(core.TerminationMessageReadFile), - string(core.TerminationMessageFallbackToLogsOnError), - } - allErrs = append(allErrs, field.NotSupported(path.Child("terminationMessagePolicy"), ctr.TerminationMessagePolicy, supported)) - } - - volMounts := GetVolumeMountMap(ctr.VolumeMounts) - volDevices := GetVolumeDeviceMap(ctr.VolumeDevices) - allErrs = append(allErrs, validateContainerPorts(ctr.Ports, path.Child("ports"))...) - allErrs = append(allErrs, ValidateEnv(ctr.Env, path.Child("env"), opts)...) - allErrs = append(allErrs, ValidateEnvFrom(ctr.EnvFrom, path.Child("envFrom"))...) - allErrs = append(allErrs, ValidateVolumeMounts(ctr.VolumeMounts, volDevices, volumes, ctr, path.Child("volumeMounts"))...) - allErrs = append(allErrs, ValidateVolumeDevices(ctr.VolumeDevices, volMounts, volumes, path.Child("volumeDevices"))...) - allErrs = append(allErrs, validatePullPolicy(ctr.ImagePullPolicy, path.Child("imagePullPolicy"))...) - allErrs = append(allErrs, ValidateResourceRequirements(&ctr.Resources, podClaimNames, path.Child("resources"), opts)...) - allErrs = append(allErrs, ValidateSecurityContext(ctr.SecurityContext, path.Child("securityContext"))...) - return allErrs -} - -func validateHostUsers(spec *core.PodSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - // Only make the following checks if hostUsers is false (otherwise, the container uses the - // same userns as the host, and so there isn't anything to check). - if spec.SecurityContext == nil || spec.SecurityContext.HostUsers == nil || *spec.SecurityContext.HostUsers == true { - return allErrs - } - - // For now only these volumes are supported: - // - configmap - // - secret - // - downwardAPI - // - emptyDir - // - projected - // So reject anything else. - for i, vol := range spec.Volumes { - switch { - case vol.EmptyDir != nil: - case vol.Secret != nil: - case vol.DownwardAPI != nil: - case vol.ConfigMap != nil: - case vol.Projected != nil: - default: - allErrs = append(allErrs, field.Forbidden(fldPath.Child("volumes").Index(i), "volume type not supported when `pod.Spec.HostUsers` is false")) - } - } - - // We decided to restrict the usage of userns with other host namespaces: - // https://github.com/kubernetes/kubernetes/pull/111090#discussion_r935994282 - // The tl;dr is: you can easily run into permission issues that seem unexpected, we don't - // know of any good use case and we can always enable them later. - - // Note we already validated above spec.SecurityContext is not nil. - if spec.SecurityContext.HostNetwork { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostNetwork"), "when `pod.Spec.HostUsers` is false")) - } - if spec.SecurityContext.HostPID { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("HostPID"), "when `pod.Spec.HostUsers` is false")) - } - if spec.SecurityContext.HostIPC { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("HostIPC"), "when `pod.Spec.HostUsers` is false")) - } - - return allErrs -} - -// validateContainers is called by pod spec and template validation to validate the list of regular containers. -func validateContainers(containers []core.Container, volumes map[string]core.VolumeSource, podClaimNames sets.String, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if len(containers) == 0 { - return append(allErrs, field.Required(fldPath, "")) - } - - allNames := sets.String{} - for i, ctr := range containers { - path := fldPath.Index(i) - - // Apply validation common to all containers - allErrs = append(allErrs, validateContainerCommon(&ctr, volumes, podClaimNames, path, opts)...) - - // Container names must be unique within the list of regular containers. - // Collisions with init or ephemeral container names will be detected by the init or ephemeral - // container validation to prevent duplicate error messages. - if allNames.Has(ctr.Name) { - allErrs = append(allErrs, field.Duplicate(path.Child("name"), ctr.Name)) - } else { - allNames.Insert(ctr.Name) - } - - // These fields are only allowed for regular containers, so only check supported values here. - // Init and ephemeral container validation will return field.Forbidden() for these paths. - if ctr.Lifecycle != nil { - allErrs = append(allErrs, validateLifecycle(ctr.Lifecycle, path.Child("lifecycle"))...) - } - allErrs = append(allErrs, validateProbe(ctr.LivenessProbe, path.Child("livenessProbe"))...) - if ctr.LivenessProbe != nil && ctr.LivenessProbe.SuccessThreshold != 1 { - allErrs = append(allErrs, field.Invalid(path.Child("livenessProbe", "successThreshold"), ctr.LivenessProbe.SuccessThreshold, "must be 1")) - } - allErrs = append(allErrs, validateProbe(ctr.ReadinessProbe, path.Child("readinessProbe"))...) - if ctr.ReadinessProbe != nil && ctr.ReadinessProbe.TerminationGracePeriodSeconds != nil { - allErrs = append(allErrs, field.Invalid(path.Child("readinessProbe", "terminationGracePeriodSeconds"), ctr.ReadinessProbe.TerminationGracePeriodSeconds, "must not be set for readinessProbes")) - } - allErrs = append(allErrs, validateProbe(ctr.StartupProbe, path.Child("startupProbe"))...) - if ctr.StartupProbe != nil && ctr.StartupProbe.SuccessThreshold != 1 { - allErrs = append(allErrs, field.Invalid(path.Child("startupProbe", "successThreshold"), ctr.StartupProbe.SuccessThreshold, "must be 1")) - } - } - - // Port conflicts are checked across all containers - allErrs = append(allErrs, checkHostPortConflicts(containers, fldPath)...) - - return allErrs -} - -func validateRestartPolicy(restartPolicy *core.RestartPolicy, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - switch *restartPolicy { - case core.RestartPolicyAlways, core.RestartPolicyOnFailure, core.RestartPolicyNever: - break - case "": - allErrors = append(allErrors, field.Required(fldPath, "")) - default: - validValues := []string{string(core.RestartPolicyAlways), string(core.RestartPolicyOnFailure), string(core.RestartPolicyNever)} - allErrors = append(allErrors, field.NotSupported(fldPath, *restartPolicy, validValues)) - } - - return allErrors -} - -func ValidatePreemptionPolicy(preemptionPolicy *core.PreemptionPolicy, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - switch *preemptionPolicy { - case core.PreemptLowerPriority, core.PreemptNever: - case "": - allErrors = append(allErrors, field.Required(fldPath, "")) - default: - validValues := []string{string(core.PreemptLowerPriority), string(core.PreemptNever)} - allErrors = append(allErrors, field.NotSupported(fldPath, preemptionPolicy, validValues)) - } - return allErrors -} - -func validateDNSPolicy(dnsPolicy *core.DNSPolicy, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - switch *dnsPolicy { - case core.DNSClusterFirstWithHostNet, core.DNSClusterFirst, core.DNSDefault, core.DNSNone: - case "": - allErrors = append(allErrors, field.Required(fldPath, "")) - default: - validValues := []string{string(core.DNSClusterFirstWithHostNet), string(core.DNSClusterFirst), string(core.DNSDefault), string(core.DNSNone)} - allErrors = append(allErrors, field.NotSupported(fldPath, dnsPolicy, validValues)) - } - return allErrors -} - -var validFSGroupChangePolicies = sets.NewString(string(core.FSGroupChangeOnRootMismatch), string(core.FSGroupChangeAlways)) - -func validateFSGroupChangePolicy(fsGroupPolicy *core.PodFSGroupChangePolicy, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - if !validFSGroupChangePolicies.Has(string(*fsGroupPolicy)) { - allErrors = append(allErrors, field.NotSupported(fldPath, fsGroupPolicy, validFSGroupChangePolicies.List())) - } - return allErrors -} - -const ( - // Limits on various DNS parameters. These are derived from - // restrictions in Linux libc name resolution handling. - // Max number of DNS name servers. - MaxDNSNameservers = 3 - // Expanded max number of domains in the search path list. - MaxDNSSearchPathsExpanded = 32 - // Expanded max number of characters in the search path. - MaxDNSSearchListCharsExpanded = 2048 - // Max number of domains in the search path list. - MaxDNSSearchPathsLegacy = 6 - // Max number of characters in the search path list. - MaxDNSSearchListCharsLegacy = 256 -) - -func validateReadinessGates(readinessGates []core.PodReadinessGate, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i, value := range readinessGates { - allErrs = append(allErrs, ValidateQualifiedName(string(value.ConditionType), fldPath.Index(i).Child("conditionType"))...) - } - return allErrs -} - -func validateSchedulingGates(schedulingGates []core.PodSchedulingGate, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // There should be no duplicates in the list of scheduling gates. - seen := sets.String{} - for i, schedulingGate := range schedulingGates { - if schedulingGate.Name == "" { - allErrs = append(allErrs, field.Required(fldPath.Index(i), "must not be empty")) - } - if seen.Has(schedulingGate.Name) { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i), schedulingGate.Name)) - } - seen.Insert(schedulingGate.Name) - } - return allErrs -} - -func validatePodDNSConfig(dnsConfig *core.PodDNSConfig, dnsPolicy *core.DNSPolicy, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - // Validate DNSNone case. Must provide at least one DNS name server. - if dnsPolicy != nil && *dnsPolicy == core.DNSNone { - if dnsConfig == nil { - return append(allErrs, field.Required(fldPath, fmt.Sprintf("must provide `dnsConfig` when `dnsPolicy` is %s", core.DNSNone))) - } - if len(dnsConfig.Nameservers) == 0 { - return append(allErrs, field.Required(fldPath.Child("nameservers"), fmt.Sprintf("must provide at least one DNS nameserver when `dnsPolicy` is %s", core.DNSNone))) - } - } - - if dnsConfig != nil { - // Validate nameservers. - if len(dnsConfig.Nameservers) > MaxDNSNameservers { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nameservers"), dnsConfig.Nameservers, fmt.Sprintf("must not have more than %v nameservers", MaxDNSNameservers))) - } - for i, ns := range dnsConfig.Nameservers { - if ip := netutils.ParseIPSloppy(ns); ip == nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nameservers").Index(i), ns, "must be valid IP address")) - } - } - // Validate searches. - maxDNSSearchPaths, maxDNSSearchListChars := MaxDNSSearchPathsLegacy, MaxDNSSearchListCharsLegacy - if opts.AllowExpandedDNSConfig { - maxDNSSearchPaths, maxDNSSearchListChars = MaxDNSSearchPathsExpanded, MaxDNSSearchListCharsExpanded - } - if len(dnsConfig.Searches) > maxDNSSearchPaths { - allErrs = append(allErrs, field.Invalid(fldPath.Child("searches"), dnsConfig.Searches, fmt.Sprintf("must not have more than %v search paths", maxDNSSearchPaths))) - } - // Include the space between search paths. - if len(strings.Join(dnsConfig.Searches, " ")) > maxDNSSearchListChars { - allErrs = append(allErrs, field.Invalid(fldPath.Child("searches"), dnsConfig.Searches, fmt.Sprintf("must not have more than %v characters (including spaces) in the search list", maxDNSSearchListChars))) - } - for i, search := range dnsConfig.Searches { - // it is fine to have a trailing dot - search = strings.TrimSuffix(search, ".") - allErrs = append(allErrs, ValidateDNS1123Subdomain(search, fldPath.Child("searches").Index(i))...) - } - // Validate options. - for i, option := range dnsConfig.Options { - if len(option.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("options").Index(i), "must not be empty")) - } - } - } - return allErrs -} - -func validateHostNetwork(hostNetwork bool, containers []core.Container, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - if hostNetwork { - for i, container := range containers { - portsPath := fldPath.Index(i).Child("ports") - for i, port := range container.Ports { - idxPath := portsPath.Index(i) - if port.HostPort != port.ContainerPort { - allErrors = append(allErrors, field.Invalid(idxPath.Child("containerPort"), port.ContainerPort, "must match `hostPort` when `hostNetwork` is true")) - } - } - } - } - return allErrors -} - -// validateImagePullSecrets checks to make sure the pull secrets are well -// formed. Right now, we only expect name to be set (it's the only field). If -// this ever changes and someone decides to set those fields, we'd like to -// know. -func validateImagePullSecrets(imagePullSecrets []core.LocalObjectReference, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - for i, currPullSecret := range imagePullSecrets { - idxPath := fldPath.Index(i) - strippedRef := core.LocalObjectReference{Name: currPullSecret.Name} - if !reflect.DeepEqual(strippedRef, currPullSecret) { - allErrors = append(allErrors, field.Invalid(idxPath, currPullSecret, "only name may be set")) - } - } - return allErrors -} - -// validateAffinity checks if given affinities are valid -func validateAffinity(affinity *core.Affinity, opts PodValidationOptions, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if affinity != nil { - if affinity.NodeAffinity != nil { - allErrs = append(allErrs, validateNodeAffinity(affinity.NodeAffinity, fldPath.Child("nodeAffinity"))...) - } - if affinity.PodAffinity != nil { - allErrs = append(allErrs, validatePodAffinity(affinity.PodAffinity, opts.AllowInvalidLabelValueInSelector, fldPath.Child("podAffinity"))...) - } - if affinity.PodAntiAffinity != nil { - allErrs = append(allErrs, validatePodAntiAffinity(affinity.PodAntiAffinity, opts.AllowInvalidLabelValueInSelector, fldPath.Child("podAntiAffinity"))...) - } - } - - return allErrs -} - -func validateTaintEffect(effect *core.TaintEffect, allowEmpty bool, fldPath *field.Path) field.ErrorList { - if !allowEmpty && len(*effect) == 0 { - return field.ErrorList{field.Required(fldPath, "")} - } - - allErrors := field.ErrorList{} - switch *effect { - // TODO: Replace next line with subsequent commented-out line when implement TaintEffectNoScheduleNoAdmit. - case core.TaintEffectNoSchedule, core.TaintEffectPreferNoSchedule, core.TaintEffectNoExecute: - // case core.TaintEffectNoSchedule, core.TaintEffectPreferNoSchedule, core.TaintEffectNoScheduleNoAdmit, core.TaintEffectNoExecute: - default: - validValues := []string{ - string(core.TaintEffectNoSchedule), - string(core.TaintEffectPreferNoSchedule), - string(core.TaintEffectNoExecute), - // TODO: Uncomment this block when implement TaintEffectNoScheduleNoAdmit. - // string(core.TaintEffectNoScheduleNoAdmit), - } - allErrors = append(allErrors, field.NotSupported(fldPath, *effect, validValues)) - } - return allErrors -} - -// validateOnlyAddedTolerations validates updated pod tolerations. -func validateOnlyAddedTolerations(newTolerations []core.Toleration, oldTolerations []core.Toleration, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, old := range oldTolerations { - found := false - oldTolerationClone := old.DeepCopy() - for _, newToleration := range newTolerations { - // assign to our clone before doing a deep equal so we can allow tolerationseconds to change. - oldTolerationClone.TolerationSeconds = newToleration.TolerationSeconds // +k8s:verify-mutation:reason=clone - if reflect.DeepEqual(*oldTolerationClone, newToleration) { - found = true - break - } - } - if !found { - allErrs = append(allErrs, field.Forbidden(fldPath, "existing toleration can not be modified except its tolerationSeconds")) - return allErrs - } - } - - allErrs = append(allErrs, ValidateTolerations(newTolerations, fldPath)...) - return allErrs -} - -func validateOnlyDeletedSchedulingGates(newGates, oldGates []core.PodSchedulingGate, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(newGates) == 0 { - return allErrs - } - - additionalGates := make(map[string]int) - for i, newGate := range newGates { - additionalGates[newGate.Name] = i - } - - for _, oldGate := range oldGates { - delete(additionalGates, oldGate.Name) - } - - for gate, i := range additionalGates { - allErrs = append(allErrs, field.Forbidden(fldPath.Index(i).Child("name"), fmt.Sprintf("only deletion is allowed, but found new scheduling gate '%s'", gate))) - } - - return allErrs -} - -func ValidateHostAliases(hostAliases []core.HostAlias, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, hostAlias := range hostAliases { - if ip := netutils.ParseIPSloppy(hostAlias.IP); ip == nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("ip"), hostAlias.IP, "must be valid IP address")) - } - for _, hostname := range hostAlias.Hostnames { - allErrs = append(allErrs, ValidateDNS1123Subdomain(hostname, fldPath.Child("hostnames"))...) - } - } - return allErrs -} - -// ValidateTolerations tests if given tolerations have valid data. -func ValidateTolerations(tolerations []core.Toleration, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - for i, toleration := range tolerations { - idxPath := fldPath.Index(i) - // validate the toleration key - if len(toleration.Key) > 0 { - allErrors = append(allErrors, unversionedvalidation.ValidateLabelName(toleration.Key, idxPath.Child("key"))...) - } - - // empty toleration key with Exists operator and empty value means match all taints - if len(toleration.Key) == 0 && toleration.Operator != core.TolerationOpExists { - allErrors = append(allErrors, field.Invalid(idxPath.Child("operator"), toleration.Operator, - "operator must be Exists when `key` is empty, which means \"match all values and all keys\"")) - } - - if toleration.TolerationSeconds != nil && toleration.Effect != core.TaintEffectNoExecute { - allErrors = append(allErrors, field.Invalid(idxPath.Child("effect"), toleration.Effect, - "effect must be 'NoExecute' when `tolerationSeconds` is set")) - } - - // validate toleration operator and value - switch toleration.Operator { - // empty operator means Equal - case core.TolerationOpEqual, "": - if errs := validation.IsValidLabelValue(toleration.Value); len(errs) != 0 { - allErrors = append(allErrors, field.Invalid(idxPath.Child("operator"), toleration.Value, strings.Join(errs, ";"))) - } - case core.TolerationOpExists: - if len(toleration.Value) > 0 { - allErrors = append(allErrors, field.Invalid(idxPath.Child("operator"), toleration, "value must be empty when `operator` is 'Exists'")) - } - default: - validValues := []string{string(core.TolerationOpEqual), string(core.TolerationOpExists)} - allErrors = append(allErrors, field.NotSupported(idxPath.Child("operator"), toleration.Operator, validValues)) - } - - // validate toleration effect, empty toleration effect means match all taint effects - if len(toleration.Effect) > 0 { - allErrors = append(allErrors, validateTaintEffect(&toleration.Effect, true, idxPath.Child("effect"))...) - } - } - return allErrors -} - -// validateContainersOnlyForPod does additional validation for containers on a pod versus a pod template -// it only does additive validation of fields not covered in validateContainers and is not called for -// ephemeral containers which require a conversion to core.Container. -func validateContainersOnlyForPod(containers []core.Container, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i, ctr := range containers { - allErrs = append(allErrs, validateContainerOnlyForPod(&ctr, fldPath.Index(i))...) - } - return allErrs -} - -// validateContainerOnlyForPod does pod-only (i.e. not pod template) validation for a single container. -// This is called by validateContainersOnlyForPod and validateEphemeralContainers directly. -func validateContainerOnlyForPod(ctr *core.Container, path *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(ctr.Image) != len(strings.TrimSpace(ctr.Image)) { - allErrs = append(allErrs, field.Invalid(path.Child("image"), ctr.Image, "must not have leading or trailing whitespace")) - } - return allErrs -} - -// PodValidationOptions contains the different settings for pod validation -type PodValidationOptions struct { - // Allow pod spec to use hugepages in downward API - AllowDownwardAPIHugePages bool - // Allow invalid pod-deletion-cost annotation value for backward compatibility. - AllowInvalidPodDeletionCost bool - // Allow invalid label-value in LabelSelector - AllowInvalidLabelValueInSelector bool - // Allow pod spec to use non-integer multiple of huge page unit size - AllowIndivisibleHugePagesValues bool - // Allow more DNSSearchPaths and longer DNSSearchListChars - AllowExpandedDNSConfig bool -} - -// validatePodMetadataAndSpec tests if required fields in the pod.metadata and pod.spec are set, -// and is called by ValidatePodCreate and ValidatePodUpdate. -func validatePodMetadataAndSpec(pod *core.Pod, opts PodValidationOptions) field.ErrorList { - fldPath := field.NewPath("metadata") - allErrs := ValidateObjectMeta(&pod.ObjectMeta, true, ValidatePodName, fldPath) - allErrs = append(allErrs, ValidatePodSpecificAnnotations(pod.ObjectMeta.Annotations, &pod.Spec, fldPath.Child("annotations"), opts)...) - allErrs = append(allErrs, ValidatePodSpec(&pod.Spec, &pod.ObjectMeta, field.NewPath("spec"), opts)...) - - // we do additional validation only pertinent for pods and not pod templates - // this was done to preserve backwards compatibility - specPath := field.NewPath("spec") - - if pod.Spec.ServiceAccountName == "" { - for vi, volume := range pod.Spec.Volumes { - path := specPath.Child("volumes").Index(vi).Child("projected") - if volume.Projected != nil { - for si, source := range volume.Projected.Sources { - saPath := path.Child("sources").Index(si).Child("serviceAccountToken") - if source.ServiceAccountToken != nil { - allErrs = append(allErrs, field.Forbidden(saPath, "must not be specified when serviceAccountName is not set")) - } - } - } - } - } - - allErrs = append(allErrs, validateContainersOnlyForPod(pod.Spec.Containers, specPath.Child("containers"))...) - allErrs = append(allErrs, validateContainersOnlyForPod(pod.Spec.InitContainers, specPath.Child("initContainers"))...) - // validateContainersOnlyForPod() is checked for ephemeral containers by validateEphemeralContainers() - - return allErrs -} - -// validatePodIPs validates IPs in pod status -func validatePodIPs(pod *core.Pod) field.ErrorList { - allErrs := field.ErrorList{} - - podIPsField := field.NewPath("status", "podIPs") - - // all PodIPs must be valid IPs - for i, podIP := range pod.Status.PodIPs { - for _, msg := range validation.IsValidIP(podIP.IP) { - allErrs = append(allErrs, field.Invalid(podIPsField.Index(i), podIP.IP, msg)) - } - } - - // if we have more than one Pod.PodIP then - // - validate for dual stack - // - validate for duplication - if len(pod.Status.PodIPs) > 1 { - podIPs := make([]string, 0, len(pod.Status.PodIPs)) - for _, podIP := range pod.Status.PodIPs { - podIPs = append(podIPs, podIP.IP) - } - - dualStack, err := netutils.IsDualStackIPStrings(podIPs) - if err != nil { - allErrs = append(allErrs, field.InternalError(podIPsField, fmt.Errorf("failed to check for dual stack with error:%v", err))) - } - - // We only support one from each IP family (i.e. max two IPs in this list). - if !dualStack || len(podIPs) > 2 { - allErrs = append(allErrs, field.Invalid(podIPsField, pod.Status.PodIPs, "may specify no more than one IP for each IP family")) - } - - // There should be no duplicates in list of Pod.PodIPs - seen := sets.String{} // := make(map[string]int) - for i, podIP := range pod.Status.PodIPs { - if seen.Has(podIP.IP) { - allErrs = append(allErrs, field.Duplicate(podIPsField.Index(i), podIP)) - } - seen.Insert(podIP.IP) - } - } - - return allErrs -} - -// ValidatePodSpec tests that the specified PodSpec has valid data. -// This includes checking formatting and uniqueness. It also canonicalizes the -// structure by setting default values and implementing any backwards-compatibility -// tricks. -// The pod metadata is needed to validate generic ephemeral volumes. It is optional -// and should be left empty unless the spec is from a real pod object. -func ValidatePodSpec(spec *core.PodSpec, podMeta *metav1.ObjectMeta, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - vols, vErrs := ValidateVolumes(spec.Volumes, podMeta, fldPath.Child("volumes"), opts) - allErrs = append(allErrs, vErrs...) - podClaimNames := gatherPodResourceClaimNames(spec.ResourceClaims) - allErrs = append(allErrs, validatePodResourceClaims(spec.ResourceClaims, fldPath.Child("resourceClaims"))...) - allErrs = append(allErrs, validateContainers(spec.Containers, vols, podClaimNames, fldPath.Child("containers"), opts)...) - allErrs = append(allErrs, validateInitContainers(spec.InitContainers, spec.Containers, vols, podClaimNames, fldPath.Child("initContainers"), opts)...) - allErrs = append(allErrs, validateEphemeralContainers(spec.EphemeralContainers, spec.Containers, spec.InitContainers, vols, podClaimNames, fldPath.Child("ephemeralContainers"), opts)...) - allErrs = append(allErrs, validateRestartPolicy(&spec.RestartPolicy, fldPath.Child("restartPolicy"))...) - allErrs = append(allErrs, validateDNSPolicy(&spec.DNSPolicy, fldPath.Child("dnsPolicy"))...) - allErrs = append(allErrs, unversionedvalidation.ValidateLabels(spec.NodeSelector, fldPath.Child("nodeSelector"))...) - allErrs = append(allErrs, ValidatePodSecurityContext(spec.SecurityContext, spec, fldPath, fldPath.Child("securityContext"), opts)...) - allErrs = append(allErrs, validateImagePullSecrets(spec.ImagePullSecrets, fldPath.Child("imagePullSecrets"))...) - allErrs = append(allErrs, validateAffinity(spec.Affinity, opts, fldPath.Child("affinity"))...) - allErrs = append(allErrs, validatePodDNSConfig(spec.DNSConfig, &spec.DNSPolicy, fldPath.Child("dnsConfig"), opts)...) - allErrs = append(allErrs, validateReadinessGates(spec.ReadinessGates, fldPath.Child("readinessGates"))...) - allErrs = append(allErrs, validateSchedulingGates(spec.SchedulingGates, fldPath.Child("schedulingGates"))...) - allErrs = append(allErrs, validateTopologySpreadConstraints(spec.TopologySpreadConstraints, fldPath.Child("topologySpreadConstraints"))...) - allErrs = append(allErrs, validateWindowsHostProcessPod(spec, fldPath)...) - allErrs = append(allErrs, validateHostUsers(spec, fldPath)...) - if len(spec.ServiceAccountName) > 0 { - for _, msg := range ValidateServiceAccountName(spec.ServiceAccountName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("serviceAccountName"), spec.ServiceAccountName, msg)) - } - } - - if len(spec.NodeName) > 0 { - for _, msg := range ValidateNodeName(spec.NodeName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nodeName"), spec.NodeName, msg)) - } - } - - if spec.ActiveDeadlineSeconds != nil { - value := *spec.ActiveDeadlineSeconds - if value < 1 || value > math.MaxInt32 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("activeDeadlineSeconds"), value, validation.InclusiveRangeError(1, math.MaxInt32))) - } - } - - if len(spec.Hostname) > 0 { - allErrs = append(allErrs, ValidateDNS1123Label(spec.Hostname, fldPath.Child("hostname"))...) - } - - if len(spec.Subdomain) > 0 { - allErrs = append(allErrs, ValidateDNS1123Label(spec.Subdomain, fldPath.Child("subdomain"))...) - } - - if len(spec.Tolerations) > 0 { - allErrs = append(allErrs, ValidateTolerations(spec.Tolerations, fldPath.Child("tolerations"))...) - } - - if len(spec.HostAliases) > 0 { - allErrs = append(allErrs, ValidateHostAliases(spec.HostAliases, fldPath.Child("hostAliases"))...) - } - - if len(spec.PriorityClassName) > 0 { - for _, msg := range ValidatePriorityClassName(spec.PriorityClassName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("priorityClassName"), spec.PriorityClassName, msg)) - } - } - - if spec.RuntimeClassName != nil { - allErrs = append(allErrs, ValidateRuntimeClassName(*spec.RuntimeClassName, fldPath.Child("runtimeClassName"))...) - } - - if spec.PreemptionPolicy != nil { - allErrs = append(allErrs, ValidatePreemptionPolicy(spec.PreemptionPolicy, fldPath.Child("preemptionPolicy"))...) - } - - if spec.Overhead != nil { - allErrs = append(allErrs, validateOverhead(spec.Overhead, fldPath.Child("overhead"), opts)...) - } - - if spec.OS != nil { - osErrs := validateOS(spec, fldPath.Child("os"), opts) - switch { - case len(osErrs) > 0: - allErrs = append(allErrs, osErrs...) - case spec.OS.Name == core.Linux: - allErrs = append(allErrs, validateLinux(spec, fldPath)...) - case spec.OS.Name == core.Windows: - allErrs = append(allErrs, validateWindows(spec, fldPath)...) - } - } - return allErrs -} - -func validateLinux(spec *core.PodSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - securityContext := spec.SecurityContext - if securityContext != nil && securityContext.WindowsOptions != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("windowsOptions"), "windows options cannot be set for a linux pod")) - } - podshelper.VisitContainersWithPath(spec, fldPath, func(c *core.Container, cFldPath *field.Path) bool { - sc := c.SecurityContext - if sc != nil && sc.WindowsOptions != nil { - fldPath := cFldPath.Child("securityContext") - allErrs = append(allErrs, field.Forbidden(fldPath.Child("windowsOptions"), "windows options cannot be set for a linux pod")) - } - return true - }) - return allErrs -} - -func validateWindows(spec *core.PodSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - securityContext := spec.SecurityContext - // validate Pod SecurityContext - if securityContext != nil { - if securityContext.SELinuxOptions != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("seLinuxOptions"), "cannot be set for a windows pod")) - } - if securityContext.HostUsers != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostUsers"), "cannot be set for a windows pod")) - } - if securityContext.HostPID { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostPID"), "cannot be set for a windows pod")) - } - if securityContext.HostIPC { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostIPC"), "cannot be set for a windows pod")) - } - if securityContext.SeccompProfile != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("seccompProfile"), "cannot be set for a windows pod")) - } - if securityContext.FSGroup != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("fsGroup"), "cannot be set for a windows pod")) - } - if securityContext.FSGroupChangePolicy != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("fsGroupChangePolicy"), "cannot be set for a windows pod")) - } - if len(securityContext.Sysctls) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("sysctls"), "cannot be set for a windows pod")) - } - if securityContext.ShareProcessNamespace != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("shareProcessNamespace"), "cannot be set for a windows pod")) - } - if securityContext.RunAsUser != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("runAsUser"), "cannot be set for a windows pod")) - } - if securityContext.RunAsGroup != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("runAsGroup"), "cannot be set for a windows pod")) - } - if securityContext.SupplementalGroups != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("supplementalGroups"), "cannot be set for a windows pod")) - } - } - podshelper.VisitContainersWithPath(spec, fldPath, func(c *core.Container, cFldPath *field.Path) bool { - // validate container security context - sc := c.SecurityContext - // OS based podSecurityContext validation - // There is some naming overlap between Windows and Linux Security Contexts but all the Windows Specific options - // are set via securityContext.WindowsOptions which we validate below - // TODO: Think if we need to relax this restriction or some of the restrictions - if sc != nil { - fldPath := cFldPath.Child("securityContext") - if sc.SELinuxOptions != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("seLinuxOptions"), "cannot be set for a windows pod")) - } - if sc.SeccompProfile != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("seccompProfile"), "cannot be set for a windows pod")) - } - if sc.Capabilities != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("capabilities"), "cannot be set for a windows pod")) - } - if sc.ReadOnlyRootFilesystem != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("readOnlyRootFilesystem"), "cannot be set for a windows pod")) - } - if sc.Privileged != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "cannot be set for a windows pod")) - } - if sc.AllowPrivilegeEscalation != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("allowPrivilegeEscalation"), "cannot be set for a windows pod")) - } - if sc.ProcMount != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("procMount"), "cannot be set for a windows pod")) - } - if sc.RunAsUser != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("runAsUser"), "cannot be set for a windows pod")) - } - if sc.RunAsGroup != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("runAsGroup"), "cannot be set for a windows pod")) - } - } - return true - }) - return allErrs -} - -// ValidateNodeSelectorRequirement tests that the specified NodeSelectorRequirement fields has valid data -func ValidateNodeSelectorRequirement(rq core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - switch rq.Operator { - case core.NodeSelectorOpIn, core.NodeSelectorOpNotIn: - if len(rq.Values) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("values"), "must be specified when `operator` is 'In' or 'NotIn'")) - } - case core.NodeSelectorOpExists, core.NodeSelectorOpDoesNotExist: - if len(rq.Values) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("values"), "may not be specified when `operator` is 'Exists' or 'DoesNotExist'")) - } - - case core.NodeSelectorOpGt, core.NodeSelectorOpLt: - if len(rq.Values) != 1 { - allErrs = append(allErrs, field.Required(fldPath.Child("values"), "must be specified single value when `operator` is 'Lt' or 'Gt'")) - } - default: - allErrs = append(allErrs, field.Invalid(fldPath.Child("operator"), rq.Operator, "not a valid selector operator")) - } - - allErrs = append(allErrs, unversionedvalidation.ValidateLabelName(rq.Key, fldPath.Child("key"))...) - - return allErrs -} - -var nodeFieldSelectorValidators = map[string]func(string, bool) []string{ - metav1.ObjectNameField: ValidateNodeName, -} - -// ValidateNodeFieldSelectorRequirement tests that the specified NodeSelectorRequirement fields has valid data -func ValidateNodeFieldSelectorRequirement(req core.NodeSelectorRequirement, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - switch req.Operator { - case core.NodeSelectorOpIn, core.NodeSelectorOpNotIn: - if len(req.Values) != 1 { - allErrs = append(allErrs, field.Required(fldPath.Child("values"), - "must be only one value when `operator` is 'In' or 'NotIn' for node field selector")) - } - default: - allErrs = append(allErrs, field.Invalid(fldPath.Child("operator"), req.Operator, "not a valid selector operator")) - } - - if vf, found := nodeFieldSelectorValidators[req.Key]; !found { - allErrs = append(allErrs, field.Invalid(fldPath.Child("key"), req.Key, "not a valid field selector key")) - } else { - for i, v := range req.Values { - for _, msg := range vf(v, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("values").Index(i), v, msg)) - } - } - } - - return allErrs -} - -// ValidateNodeSelectorTerm tests that the specified node selector term has valid data -func ValidateNodeSelectorTerm(term core.NodeSelectorTerm, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - for j, req := range term.MatchExpressions { - allErrs = append(allErrs, ValidateNodeSelectorRequirement(req, fldPath.Child("matchExpressions").Index(j))...) - } - - for j, req := range term.MatchFields { - allErrs = append(allErrs, ValidateNodeFieldSelectorRequirement(req, fldPath.Child("matchFields").Index(j))...) - } - - return allErrs -} - -// ValidateNodeSelector tests that the specified nodeSelector fields has valid data -func ValidateNodeSelector(nodeSelector *core.NodeSelector, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - termFldPath := fldPath.Child("nodeSelectorTerms") - if len(nodeSelector.NodeSelectorTerms) == 0 { - return append(allErrs, field.Required(termFldPath, "must have at least one node selector term")) - } - - for i, term := range nodeSelector.NodeSelectorTerms { - allErrs = append(allErrs, ValidateNodeSelectorTerm(term, termFldPath.Index(i))...) - } - - return allErrs -} - -// validateTopologySelectorLabelRequirement tests that the specified TopologySelectorLabelRequirement fields has valid data, -// and constructs a set containing all of its Values. -func validateTopologySelectorLabelRequirement(rq core.TopologySelectorLabelRequirement, fldPath *field.Path) (sets.String, field.ErrorList) { - allErrs := field.ErrorList{} - valueSet := make(sets.String) - valuesPath := fldPath.Child("values") - if len(rq.Values) == 0 { - allErrs = append(allErrs, field.Required(valuesPath, "")) - } - - // Validate set property of Values field - for i, value := range rq.Values { - if valueSet.Has(value) { - allErrs = append(allErrs, field.Duplicate(valuesPath.Index(i), value)) - } - valueSet.Insert(value) - } - - allErrs = append(allErrs, unversionedvalidation.ValidateLabelName(rq.Key, fldPath.Child("key"))...) - - return valueSet, allErrs -} - -// ValidateTopologySelectorTerm tests that the specified topology selector term has valid data, -// and constructs a map representing the term in raw form. -func ValidateTopologySelectorTerm(term core.TopologySelectorTerm, fldPath *field.Path) (map[string]sets.String, field.ErrorList) { - allErrs := field.ErrorList{} - exprMap := make(map[string]sets.String) - exprPath := fldPath.Child("matchLabelExpressions") - - // Allow empty MatchLabelExpressions, in case this field becomes optional in the future. - for i, req := range term.MatchLabelExpressions { - idxPath := exprPath.Index(i) - valueSet, exprErrs := validateTopologySelectorLabelRequirement(req, idxPath) - allErrs = append(allErrs, exprErrs...) - - // Validate no duplicate keys exist. - if _, exists := exprMap[req.Key]; exists { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("key"), req.Key)) - } - exprMap[req.Key] = valueSet - } - - return exprMap, allErrs -} - -// ValidateAvoidPodsInNodeAnnotations tests that the serialized AvoidPods in Node.Annotations has valid data -func ValidateAvoidPodsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - v1Avoids, err := schedulinghelper.GetAvoidPodsFromNodeAnnotations(annotations) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("AvoidPods"), core.PreferAvoidPodsAnnotationKey, err.Error())) - return allErrs - } - var avoids core.AvoidPods - if err := corev1.Convert_v1_AvoidPods_To_core_AvoidPods(&v1Avoids, &avoids, nil); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("AvoidPods"), core.PreferAvoidPodsAnnotationKey, err.Error())) - return allErrs - } - - if len(avoids.PreferAvoidPods) != 0 { - for i, pa := range avoids.PreferAvoidPods { - idxPath := fldPath.Child(core.PreferAvoidPodsAnnotationKey).Index(i) - allErrs = append(allErrs, validatePreferAvoidPodsEntry(pa, idxPath)...) - } - } - - return allErrs -} - -// validatePreferAvoidPodsEntry tests if given PreferAvoidPodsEntry has valid data. -func validatePreferAvoidPodsEntry(avoidPodEntry core.PreferAvoidPodsEntry, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - if avoidPodEntry.PodSignature.PodController == nil { - allErrors = append(allErrors, field.Required(fldPath.Child("PodSignature"), "")) - } else { - if !*(avoidPodEntry.PodSignature.PodController.Controller) { - allErrors = append(allErrors, - field.Invalid(fldPath.Child("PodSignature").Child("PodController").Child("Controller"), - *(avoidPodEntry.PodSignature.PodController.Controller), "must point to a controller")) - } - } - return allErrors -} - -// ValidatePreferredSchedulingTerms tests that the specified SoftNodeAffinity fields has valid data -func ValidatePreferredSchedulingTerms(terms []core.PreferredSchedulingTerm, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - for i, term := range terms { - if term.Weight <= 0 || term.Weight > 100 { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("weight"), term.Weight, "must be in the range 1-100")) - } - - allErrs = append(allErrs, ValidateNodeSelectorTerm(term.Preference, fldPath.Index(i).Child("preference"))...) - } - return allErrs -} - -// validatePodAffinityTerm tests that the specified podAffinityTerm fields have valid data -func validatePodAffinityTerm(podAffinityTerm core.PodAffinityTerm, allowInvalidLabelValueInSelector bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, ValidatePodAffinityTermSelector(podAffinityTerm, allowInvalidLabelValueInSelector, fldPath)...) - for _, name := range podAffinityTerm.Namespaces { - for _, msg := range ValidateNamespaceName(name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), name, msg)) - } - } - if len(podAffinityTerm.TopologyKey) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("topologyKey"), "can not be empty")) - } - return append(allErrs, unversionedvalidation.ValidateLabelName(podAffinityTerm.TopologyKey, fldPath.Child("topologyKey"))...) -} - -// validatePodAffinityTerms tests that the specified podAffinityTerms fields have valid data -func validatePodAffinityTerms(podAffinityTerms []core.PodAffinityTerm, allowInvalidLabelValueInSelector bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i, podAffinityTerm := range podAffinityTerms { - allErrs = append(allErrs, validatePodAffinityTerm(podAffinityTerm, allowInvalidLabelValueInSelector, fldPath.Index(i))...) - } - return allErrs -} - -// validateWeightedPodAffinityTerms tests that the specified weightedPodAffinityTerms fields have valid data -func validateWeightedPodAffinityTerms(weightedPodAffinityTerms []core.WeightedPodAffinityTerm, allowInvalidLabelValueInSelector bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for j, weightedTerm := range weightedPodAffinityTerms { - if weightedTerm.Weight <= 0 || weightedTerm.Weight > 100 { - allErrs = append(allErrs, field.Invalid(fldPath.Index(j).Child("weight"), weightedTerm.Weight, "must be in the range 1-100")) - } - allErrs = append(allErrs, validatePodAffinityTerm(weightedTerm.PodAffinityTerm, allowInvalidLabelValueInSelector, fldPath.Index(j).Child("podAffinityTerm"))...) - } - return allErrs -} - -// validatePodAntiAffinity tests that the specified podAntiAffinity fields have valid data -func validatePodAntiAffinity(podAntiAffinity *core.PodAntiAffinity, allowInvalidLabelValueInSelector bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // TODO:Uncomment below code once RequiredDuringSchedulingRequiredDuringExecution is implemented. - // if podAntiAffinity.RequiredDuringSchedulingRequiredDuringExecution != nil { - // allErrs = append(allErrs, validatePodAffinityTerms(podAntiAffinity.RequiredDuringSchedulingRequiredDuringExecution, false, - // fldPath.Child("requiredDuringSchedulingRequiredDuringExecution"))...) - // } - if podAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution != nil { - allErrs = append(allErrs, validatePodAffinityTerms(podAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution, allowInvalidLabelValueInSelector, - fldPath.Child("requiredDuringSchedulingIgnoredDuringExecution"))...) - } - if podAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution != nil { - allErrs = append(allErrs, validateWeightedPodAffinityTerms(podAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution, allowInvalidLabelValueInSelector, - fldPath.Child("preferredDuringSchedulingIgnoredDuringExecution"))...) - } - return allErrs -} - -// validateNodeAffinity tests that the specified nodeAffinity fields have valid data -func validateNodeAffinity(na *core.NodeAffinity, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // TODO: Uncomment the next three lines once RequiredDuringSchedulingRequiredDuringExecution is implemented. - // if na.RequiredDuringSchedulingRequiredDuringExecution != nil { - // allErrs = append(allErrs, ValidateNodeSelector(na.RequiredDuringSchedulingRequiredDuringExecution, fldPath.Child("requiredDuringSchedulingRequiredDuringExecution"))...) - // } - if na.RequiredDuringSchedulingIgnoredDuringExecution != nil { - allErrs = append(allErrs, ValidateNodeSelector(na.RequiredDuringSchedulingIgnoredDuringExecution, fldPath.Child("requiredDuringSchedulingIgnoredDuringExecution"))...) - } - if len(na.PreferredDuringSchedulingIgnoredDuringExecution) > 0 { - allErrs = append(allErrs, ValidatePreferredSchedulingTerms(na.PreferredDuringSchedulingIgnoredDuringExecution, fldPath.Child("preferredDuringSchedulingIgnoredDuringExecution"))...) - } - return allErrs -} - -// validatePodAffinity tests that the specified podAffinity fields have valid data -func validatePodAffinity(podAffinity *core.PodAffinity, allowInvalidLabelValueInSelector bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // TODO:Uncomment below code once RequiredDuringSchedulingRequiredDuringExecution is implemented. - // if podAffinity.RequiredDuringSchedulingRequiredDuringExecution != nil { - // allErrs = append(allErrs, validatePodAffinityTerms(podAffinity.RequiredDuringSchedulingRequiredDuringExecution, false, - // fldPath.Child("requiredDuringSchedulingRequiredDuringExecution"))...) - // } - if podAffinity.RequiredDuringSchedulingIgnoredDuringExecution != nil { - allErrs = append(allErrs, validatePodAffinityTerms(podAffinity.RequiredDuringSchedulingIgnoredDuringExecution, allowInvalidLabelValueInSelector, - fldPath.Child("requiredDuringSchedulingIgnoredDuringExecution"))...) - } - if podAffinity.PreferredDuringSchedulingIgnoredDuringExecution != nil { - allErrs = append(allErrs, validateWeightedPodAffinityTerms(podAffinity.PreferredDuringSchedulingIgnoredDuringExecution, allowInvalidLabelValueInSelector, - fldPath.Child("preferredDuringSchedulingIgnoredDuringExecution"))...) - } - return allErrs -} - -func validateSeccompProfileField(sp *core.SeccompProfile, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if sp == nil { - return allErrs - } - - if err := validateSeccompProfileType(fldPath.Child("type"), sp.Type); err != nil { - allErrs = append(allErrs, err) - } - - if sp.Type == core.SeccompProfileTypeLocalhost { - if sp.LocalhostProfile == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("localhostProfile"), "must be set when seccomp type is Localhost")) - } else { - allErrs = append(allErrs, validateLocalDescendingPath(*sp.LocalhostProfile, fldPath.Child("localhostProfile"))...) - } - } else { - if sp.LocalhostProfile != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("localhostProfile"), sp, "can only be set when seccomp type is Localhost")) - } - } - - return allErrs -} - -func ValidateSeccompProfile(p string, fldPath *field.Path) field.ErrorList { - if p == core.SeccompProfileRuntimeDefault || p == core.DeprecatedSeccompProfileDockerDefault { - return nil - } - if p == v1.SeccompProfileNameUnconfined { - return nil - } - if strings.HasPrefix(p, v1.SeccompLocalhostProfileNamePrefix) { - return validateLocalDescendingPath(strings.TrimPrefix(p, v1.SeccompLocalhostProfileNamePrefix), fldPath) - } - return field.ErrorList{field.Invalid(fldPath, p, "must be a valid seccomp profile")} -} - -func ValidateSeccompPodAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if p, exists := annotations[core.SeccompPodAnnotationKey]; exists { - allErrs = append(allErrs, ValidateSeccompProfile(p, fldPath.Child(core.SeccompPodAnnotationKey))...) - } - for k, p := range annotations { - if strings.HasPrefix(k, core.SeccompContainerAnnotationKeyPrefix) { - allErrs = append(allErrs, ValidateSeccompProfile(p, fldPath.Child(k))...) - } - } - - return allErrs -} - -// ValidateSeccompProfileType tests that the argument is a valid SeccompProfileType. -func validateSeccompProfileType(fldPath *field.Path, seccompProfileType core.SeccompProfileType) *field.Error { - switch seccompProfileType { - case core.SeccompProfileTypeLocalhost, core.SeccompProfileTypeRuntimeDefault, core.SeccompProfileTypeUnconfined: - return nil - case "": - return field.Required(fldPath, "type is required when seccompProfile is set") - default: - return field.NotSupported(fldPath, seccompProfileType, []string{string(core.SeccompProfileTypeLocalhost), string(core.SeccompProfileTypeRuntimeDefault), string(core.SeccompProfileTypeUnconfined)}) - } -} - -func ValidateAppArmorPodAnnotations(annotations map[string]string, spec *core.PodSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for k, p := range annotations { - if !strings.HasPrefix(k, v1.AppArmorBetaContainerAnnotationKeyPrefix) { - continue - } - containerName := strings.TrimPrefix(k, v1.AppArmorBetaContainerAnnotationKeyPrefix) - if !podSpecHasContainer(spec, containerName) { - allErrs = append(allErrs, field.Invalid(fldPath.Key(k), containerName, "container not found")) - } - - if err := ValidateAppArmorProfileFormat(p); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Key(k), p, err.Error())) - } - } - - return allErrs -} - -func ValidateAppArmorProfileFormat(profile string) error { - if profile == "" || profile == v1.AppArmorBetaProfileRuntimeDefault || profile == v1.AppArmorBetaProfileNameUnconfined { - return nil - } - if !strings.HasPrefix(profile, v1.AppArmorBetaProfileNamePrefix) { - return fmt.Errorf("invalid AppArmor profile name: %q", profile) - } - return nil -} - -func podSpecHasContainer(spec *core.PodSpec, containerName string) bool { - var hasContainer bool - podshelper.VisitContainersWithPath(spec, field.NewPath("spec"), func(c *core.Container, _ *field.Path) bool { - if c.Name == containerName { - hasContainer = true - return false - } - return true - }) - return hasContainer -} - -const ( - // a sysctl segment regex, concatenated with dots to form a sysctl name - SysctlSegmentFmt string = "[a-z0-9]([-_a-z0-9]*[a-z0-9])?" - - // a sysctl name regex with slash allowed - SysctlContainSlashFmt string = "(" + SysctlSegmentFmt + "[\\./])*" + SysctlSegmentFmt - - // the maximal length of a sysctl name - SysctlMaxLength int = 253 -) - -var sysctlContainSlashRegexp = regexp.MustCompile("^" + SysctlContainSlashFmt + "$") - -// IsValidSysctlName checks that the given string is a valid sysctl name, -// i.e. matches SysctlContainSlashFmt. -// More info: -// -// https://man7.org/linux/man-pages/man8/sysctl.8.html -// https://man7.org/linux/man-pages/man5/sysctl.d.5.html -func IsValidSysctlName(name string) bool { - if len(name) > SysctlMaxLength { - return false - } - return sysctlContainSlashRegexp.MatchString(name) -} - -func validateSysctls(sysctls []core.Sysctl, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - names := make(map[string]struct{}) - for i, s := range sysctls { - if len(s.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("name"), "")) - } else if !IsValidSysctlName(s.Name) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("name"), s.Name, fmt.Sprintf("must have at most %d characters and match regex %s", SysctlMaxLength, sysctlContainSlashRegexp))) - } else if _, ok := names[s.Name]; ok { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i).Child("name"), s.Name)) - } - names[s.Name] = struct{}{} - } - return allErrs -} - -// ValidatePodSecurityContext test that the specified PodSecurityContext has valid data. -func ValidatePodSecurityContext(securityContext *core.PodSecurityContext, spec *core.PodSpec, specPath, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if securityContext != nil { - allErrs = append(allErrs, validateHostNetwork(securityContext.HostNetwork, spec.Containers, specPath.Child("containers"))...) - if securityContext.FSGroup != nil { - for _, msg := range validation.IsValidGroupID(*securityContext.FSGroup) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("fsGroup"), *(securityContext.FSGroup), msg)) - } - } - if securityContext.RunAsUser != nil { - for _, msg := range validation.IsValidUserID(*securityContext.RunAsUser) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *(securityContext.RunAsUser), msg)) - } - } - if securityContext.RunAsGroup != nil { - for _, msg := range validation.IsValidGroupID(*securityContext.RunAsGroup) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsGroup"), *(securityContext.RunAsGroup), msg)) - } - } - for g, gid := range securityContext.SupplementalGroups { - for _, msg := range validation.IsValidGroupID(gid) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("supplementalGroups").Index(g), gid, msg)) - } - } - if securityContext.ShareProcessNamespace != nil && securityContext.HostPID && *securityContext.ShareProcessNamespace { - allErrs = append(allErrs, field.Invalid(fldPath.Child("shareProcessNamespace"), *securityContext.ShareProcessNamespace, "ShareProcessNamespace and HostPID cannot both be enabled")) - } - - if len(securityContext.Sysctls) != 0 { - allErrs = append(allErrs, validateSysctls(securityContext.Sysctls, fldPath.Child("sysctls"))...) - } - - if securityContext.FSGroupChangePolicy != nil { - allErrs = append(allErrs, validateFSGroupChangePolicy(securityContext.FSGroupChangePolicy, fldPath.Child("fsGroupChangePolicy"))...) - } - - allErrs = append(allErrs, validateSeccompProfileField(securityContext.SeccompProfile, fldPath.Child("seccompProfile"))...) - allErrs = append(allErrs, validateWindowsSecurityContextOptions(securityContext.WindowsOptions, fldPath.Child("windowsOptions"))...) - } - - return allErrs -} - -func ValidateContainerUpdates(newContainers, oldContainers []core.Container, fldPath *field.Path) (allErrs field.ErrorList, stop bool) { - allErrs = field.ErrorList{} - if len(newContainers) != len(oldContainers) { - // TODO: Pinpoint the specific container that causes the invalid error after we have strategic merge diff - allErrs = append(allErrs, field.Forbidden(fldPath, "pod updates may not add or remove containers")) - return allErrs, true - } - - // validate updated container images - for i, ctr := range newContainers { - if len(ctr.Image) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("image"), "")) - } - // this is only called from ValidatePodUpdate so its safe to check leading/trailing whitespace. - if len(strings.TrimSpace(ctr.Image)) != len(ctr.Image) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("image"), ctr.Image, "must not have leading or trailing whitespace")) - } - } - return allErrs, false -} - -// ValidatePodCreate validates a pod in the context of its initial create -func ValidatePodCreate(pod *core.Pod, opts PodValidationOptions) field.ErrorList { - allErrs := validatePodMetadataAndSpec(pod, opts) - - fldPath := field.NewPath("spec") - // EphemeralContainers can only be set on update using the ephemeralcontainers subresource - if len(pod.Spec.EphemeralContainers) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("ephemeralContainers"), "cannot be set on create")) - } - // A Pod cannot be assigned a Node if there are remaining scheduling gates. - if utilfeature.DefaultFeatureGate.Enabled(features.PodSchedulingReadiness) && - pod.Spec.NodeName != "" && len(pod.Spec.SchedulingGates) != 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("nodeName"), "cannot be set until all schedulingGates have been cleared")) - } - allErrs = append(allErrs, validateSeccompAnnotationsAndFields(pod.ObjectMeta, &pod.Spec, fldPath)...) - - return allErrs -} - -// validateSeccompAnnotationsAndFields iterates through all containers and ensure that when both seccompProfile and seccomp annotations exist they match. -func validateSeccompAnnotationsAndFields(objectMeta metav1.ObjectMeta, podSpec *core.PodSpec, specPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if podSpec.SecurityContext != nil && podSpec.SecurityContext.SeccompProfile != nil { - // If both seccomp annotations and fields are specified, the values must match. - if annotation, found := objectMeta.Annotations[v1.SeccompPodAnnotationKey]; found { - seccompPath := specPath.Child("securityContext").Child("seccompProfile") - err := validateSeccompAnnotationsAndFieldsMatch(annotation, podSpec.SecurityContext.SeccompProfile, seccompPath) - if err != nil { - allErrs = append(allErrs, err) - } - } - } - - podshelper.VisitContainersWithPath(podSpec, specPath, func(c *core.Container, cFldPath *field.Path) bool { - var field *core.SeccompProfile - if c.SecurityContext != nil { - field = c.SecurityContext.SeccompProfile - } - - if field == nil { - return true - } - - key := v1.SeccompContainerAnnotationKeyPrefix + c.Name - if annotation, found := objectMeta.Annotations[key]; found { - seccompPath := cFldPath.Child("securityContext").Child("seccompProfile") - err := validateSeccompAnnotationsAndFieldsMatch(annotation, field, seccompPath) - if err != nil { - allErrs = append(allErrs, err) - } - } - return true - }) - - return allErrs -} - -func validateSeccompAnnotationsAndFieldsMatch(annotationValue string, seccompField *core.SeccompProfile, fldPath *field.Path) *field.Error { - if seccompField == nil { - return nil - } - - switch seccompField.Type { - case core.SeccompProfileTypeUnconfined: - if annotationValue != v1.SeccompProfileNameUnconfined { - return field.Forbidden(fldPath.Child("type"), "seccomp type in annotation and field must match") - } - - case core.SeccompProfileTypeRuntimeDefault: - if annotationValue != v1.SeccompProfileRuntimeDefault && annotationValue != v1.DeprecatedSeccompProfileDockerDefault { - return field.Forbidden(fldPath.Child("type"), "seccomp type in annotation and field must match") - } - - case core.SeccompProfileTypeLocalhost: - if !strings.HasPrefix(annotationValue, v1.SeccompLocalhostProfileNamePrefix) { - return field.Forbidden(fldPath.Child("type"), "seccomp type in annotation and field must match") - } else if seccompField.LocalhostProfile == nil || strings.TrimPrefix(annotationValue, v1.SeccompLocalhostProfileNamePrefix) != *seccompField.LocalhostProfile { - return field.Forbidden(fldPath.Child("localhostProfile"), "seccomp profile in annotation and field must match") - } - } - - return nil -} - -// ValidatePodUpdate tests to see if the update is legal for an end user to make. newPod is updated with fields -// that cannot be changed. -func ValidatePodUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList { - fldPath := field.NewPath("metadata") - allErrs := ValidateObjectMetaUpdate(&newPod.ObjectMeta, &oldPod.ObjectMeta, fldPath) - allErrs = append(allErrs, validatePodMetadataAndSpec(newPod, opts)...) - allErrs = append(allErrs, ValidatePodSpecificAnnotationUpdates(newPod, oldPod, fldPath.Child("annotations"), opts)...) - specPath := field.NewPath("spec") - - // validate updateable fields: - // 1. spec.containers[*].image - // 2. spec.initContainers[*].image - // 3. spec.activeDeadlineSeconds - // 4. spec.terminationGracePeriodSeconds - // 5. spec.schedulingGates - - containerErrs, stop := ValidateContainerUpdates(newPod.Spec.Containers, oldPod.Spec.Containers, specPath.Child("containers")) - allErrs = append(allErrs, containerErrs...) - if stop { - return allErrs - } - containerErrs, stop = ValidateContainerUpdates(newPod.Spec.InitContainers, oldPod.Spec.InitContainers, specPath.Child("initContainers")) - allErrs = append(allErrs, containerErrs...) - if stop { - return allErrs - } - - // validate updated spec.activeDeadlineSeconds. two types of updates are allowed: - // 1. from nil to a positive value - // 2. from a positive value to a lesser, non-negative value - if newPod.Spec.ActiveDeadlineSeconds != nil { - newActiveDeadlineSeconds := *newPod.Spec.ActiveDeadlineSeconds - if newActiveDeadlineSeconds < 0 || newActiveDeadlineSeconds > math.MaxInt32 { - allErrs = append(allErrs, field.Invalid(specPath.Child("activeDeadlineSeconds"), newActiveDeadlineSeconds, validation.InclusiveRangeError(0, math.MaxInt32))) - return allErrs - } - if oldPod.Spec.ActiveDeadlineSeconds != nil { - oldActiveDeadlineSeconds := *oldPod.Spec.ActiveDeadlineSeconds - if oldActiveDeadlineSeconds < newActiveDeadlineSeconds { - allErrs = append(allErrs, field.Invalid(specPath.Child("activeDeadlineSeconds"), newActiveDeadlineSeconds, "must be less than or equal to previous value")) - return allErrs - } - } - } else if oldPod.Spec.ActiveDeadlineSeconds != nil { - allErrs = append(allErrs, field.Invalid(specPath.Child("activeDeadlineSeconds"), newPod.Spec.ActiveDeadlineSeconds, "must not update from a positive integer to nil value")) - } - - // Allow only additions to tolerations updates. - allErrs = append(allErrs, validateOnlyAddedTolerations(newPod.Spec.Tolerations, oldPod.Spec.Tolerations, specPath.Child("tolerations"))...) - - // Allow only deletions to schedulingGates updates. - allErrs = append(allErrs, validateOnlyDeletedSchedulingGates(newPod.Spec.SchedulingGates, oldPod.Spec.SchedulingGates, specPath.Child("schedulingGates"))...) - - // the last thing to check is pod spec equality. If the pod specs are equal, then we can simply return the errors we have - // so far and save the cost of a deep copy. - if apiequality.Semantic.DeepEqual(newPod.Spec, oldPod.Spec) { - return allErrs - } - - // handle updateable fields by munging those fields prior to deep equal comparison. - mungedPodSpec := *newPod.Spec.DeepCopy() - // munge spec.containers[*].image - var newContainers []core.Container - for ix, container := range mungedPodSpec.Containers { - container.Image = oldPod.Spec.Containers[ix].Image // +k8s:verify-mutation:reason=clone - newContainers = append(newContainers, container) - } - mungedPodSpec.Containers = newContainers - // munge spec.initContainers[*].image - var newInitContainers []core.Container - for ix, container := range mungedPodSpec.InitContainers { - container.Image = oldPod.Spec.InitContainers[ix].Image // +k8s:verify-mutation:reason=clone - newInitContainers = append(newInitContainers, container) - } - mungedPodSpec.InitContainers = newInitContainers - // munge spec.activeDeadlineSeconds - mungedPodSpec.ActiveDeadlineSeconds = nil - if oldPod.Spec.ActiveDeadlineSeconds != nil { - activeDeadlineSeconds := *oldPod.Spec.ActiveDeadlineSeconds - mungedPodSpec.ActiveDeadlineSeconds = &activeDeadlineSeconds - } - // munge spec.schedulingGates - mungedPodSpec.SchedulingGates = oldPod.Spec.SchedulingGates // +k8s:verify-mutation:reason=clone - // tolerations are checked before the deep copy, so munge those too - mungedPodSpec.Tolerations = oldPod.Spec.Tolerations // +k8s:verify-mutation:reason=clone - - // Relax validation of immutable fields to allow it to be set to 1 if it was previously negative. - if oldPod.Spec.TerminationGracePeriodSeconds != nil && *oldPod.Spec.TerminationGracePeriodSeconds < 0 && - mungedPodSpec.TerminationGracePeriodSeconds != nil && *mungedPodSpec.TerminationGracePeriodSeconds == 1 { - mungedPodSpec.TerminationGracePeriodSeconds = oldPod.Spec.TerminationGracePeriodSeconds // +k8s:verify-mutation:reason=clone - } - - if !apiequality.Semantic.DeepEqual(mungedPodSpec, oldPod.Spec) { - // This diff isn't perfect, but it's a helluva lot better an "I'm not going to tell you what the difference is". - // TODO: Pinpoint the specific field that causes the invalid error after we have strategic merge diff - specDiff := cmp.Diff(oldPod.Spec, mungedPodSpec) - allErrs = append(allErrs, field.Forbidden(specPath, fmt.Sprintf("pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds`, `spec.tolerations` (only additions to existing tolerations) or `spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)\n%v", specDiff))) - } - - return allErrs -} - -// ValidateContainerStateTransition test to if any illegal container state transitions are being attempted -func ValidateContainerStateTransition(newStatuses, oldStatuses []core.ContainerStatus, fldpath *field.Path, restartPolicy core.RestartPolicy) field.ErrorList { - allErrs := field.ErrorList{} - // If we should always restart, containers are allowed to leave the terminated state - if restartPolicy == core.RestartPolicyAlways { - return allErrs - } - for i, oldStatus := range oldStatuses { - // Skip any container that is not terminated - if oldStatus.State.Terminated == nil { - continue - } - // Skip any container that failed but is allowed to restart - if oldStatus.State.Terminated.ExitCode != 0 && restartPolicy == core.RestartPolicyOnFailure { - continue - } - for _, newStatus := range newStatuses { - if oldStatus.Name == newStatus.Name && newStatus.State.Terminated == nil { - allErrs = append(allErrs, field.Forbidden(fldpath.Index(i).Child("state"), "may not be transitioned to non-terminated state")) - } - } - } - return allErrs -} - -// ValidatePodStatusUpdate checks for changes to status that shouldn't occur in normal operation. -func ValidatePodStatusUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList { - fldPath := field.NewPath("metadata") - allErrs := ValidateObjectMetaUpdate(&newPod.ObjectMeta, &oldPod.ObjectMeta, fldPath) - allErrs = append(allErrs, ValidatePodSpecificAnnotationUpdates(newPod, oldPod, fldPath.Child("annotations"), opts)...) - allErrs = append(allErrs, validatePodConditions(newPod.Status.Conditions, fldPath.Child("conditions"))...) - - fldPath = field.NewPath("status") - if newPod.Spec.NodeName != oldPod.Spec.NodeName { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("nodeName"), "may not be changed directly")) - } - - if newPod.Status.NominatedNodeName != oldPod.Status.NominatedNodeName && len(newPod.Status.NominatedNodeName) > 0 { - for _, msg := range ValidateNodeName(newPod.Status.NominatedNodeName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nominatedNodeName"), newPod.Status.NominatedNodeName, msg)) - } - } - - // If pod should not restart, make sure the status update does not transition - // any terminated containers to a non-terminated state. - allErrs = append(allErrs, ValidateContainerStateTransition(newPod.Status.ContainerStatuses, oldPod.Status.ContainerStatuses, fldPath.Child("containerStatuses"), oldPod.Spec.RestartPolicy)...) - allErrs = append(allErrs, ValidateContainerStateTransition(newPod.Status.InitContainerStatuses, oldPod.Status.InitContainerStatuses, fldPath.Child("initContainerStatuses"), oldPod.Spec.RestartPolicy)...) - // The kubelet will never restart ephemeral containers, so treat them like they have an implicit RestartPolicyNever. - allErrs = append(allErrs, ValidateContainerStateTransition(newPod.Status.EphemeralContainerStatuses, oldPod.Status.EphemeralContainerStatuses, fldPath.Child("ephemeralContainerStatuses"), core.RestartPolicyNever)...) - - if newIPErrs := validatePodIPs(newPod); len(newIPErrs) > 0 { - allErrs = append(allErrs, newIPErrs...) - } - - return allErrs -} - -// validatePodConditions tests if the custom pod conditions are valid. -func validatePodConditions(conditions []core.PodCondition, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - systemConditions := sets.NewString(string(core.PodScheduled), string(core.PodReady), string(core.PodInitialized)) - for i, condition := range conditions { - if systemConditions.Has(string(condition.Type)) { - continue - } - allErrs = append(allErrs, ValidateQualifiedName(string(condition.Type), fldPath.Index(i).Child("Type"))...) - } - return allErrs -} - -// ValidatePodEphemeralContainersUpdate tests that a user update to EphemeralContainers is valid. -// newPod and oldPod must only differ in their EphemeralContainers. -func ValidatePodEphemeralContainersUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList { - // Part 1: Validate newPod's spec and updates to metadata - fldPath := field.NewPath("metadata") - allErrs := ValidateObjectMetaUpdate(&newPod.ObjectMeta, &oldPod.ObjectMeta, fldPath) - allErrs = append(allErrs, validatePodMetadataAndSpec(newPod, opts)...) - allErrs = append(allErrs, ValidatePodSpecificAnnotationUpdates(newPod, oldPod, fldPath.Child("annotations"), opts)...) - - // Part 2: Validate that the changes between oldPod.Spec.EphemeralContainers and - // newPod.Spec.EphemeralContainers are allowed. - // - // Existing EphemeralContainers may not be changed. Order isn't preserved by patch, so check each individually. - newContainerIndex := make(map[string]*core.EphemeralContainer) - specPath := field.NewPath("spec").Child("ephemeralContainers") - for i := range newPod.Spec.EphemeralContainers { - newContainerIndex[newPod.Spec.EphemeralContainers[i].Name] = &newPod.Spec.EphemeralContainers[i] - } - for _, old := range oldPod.Spec.EphemeralContainers { - if new, ok := newContainerIndex[old.Name]; !ok { - allErrs = append(allErrs, field.Forbidden(specPath, fmt.Sprintf("existing ephemeral containers %q may not be removed\n", old.Name))) - } else if !apiequality.Semantic.DeepEqual(old, *new) { - specDiff := cmp.Diff(old, *new) - allErrs = append(allErrs, field.Forbidden(specPath, fmt.Sprintf("existing ephemeral containers %q may not be changed\n%v", old.Name, specDiff))) - } - } - - return allErrs -} - -// ValidatePodBinding tests if required fields in the pod binding are legal. -func ValidatePodBinding(binding *core.Binding) field.ErrorList { - allErrs := field.ErrorList{} - - if len(binding.Target.Kind) != 0 && binding.Target.Kind != "Node" { - // TODO: When validation becomes versioned, this gets more complicated. - allErrs = append(allErrs, field.NotSupported(field.NewPath("target", "kind"), binding.Target.Kind, []string{"Node", "<empty>"})) - } - if len(binding.Target.Name) == 0 { - // TODO: When validation becomes versioned, this gets more complicated. - allErrs = append(allErrs, field.Required(field.NewPath("target", "name"), "")) - } - - return allErrs -} - -// ValidatePodTemplate tests if required fields in the pod template are set. -func ValidatePodTemplate(pod *core.PodTemplate, opts PodValidationOptions) field.ErrorList { - allErrs := ValidateObjectMeta(&pod.ObjectMeta, true, ValidatePodName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidatePodTemplateSpec(&pod.Template, field.NewPath("template"), opts)...) - return allErrs -} - -// ValidatePodTemplateUpdate tests to see if the update is legal for an end user to make. newPod is updated with fields -// that cannot be changed. -func ValidatePodTemplateUpdate(newPod, oldPod *core.PodTemplate, opts PodValidationOptions) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newPod.ObjectMeta, &oldPod.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidatePodTemplateSpec(&newPod.Template, field.NewPath("template"), opts)...) - return allErrs -} - -var supportedSessionAffinityType = sets.NewString(string(core.ServiceAffinityClientIP), string(core.ServiceAffinityNone)) -var supportedServiceType = sets.NewString(string(core.ServiceTypeClusterIP), string(core.ServiceTypeNodePort), - string(core.ServiceTypeLoadBalancer), string(core.ServiceTypeExternalName)) - -var supportedServiceInternalTrafficPolicy = sets.NewString(string(core.ServiceInternalTrafficPolicyCluster), string(core.ServiceExternalTrafficPolicyTypeLocal)) - -var supportedServiceIPFamily = sets.NewString(string(core.IPv4Protocol), string(core.IPv6Protocol)) -var supportedServiceIPFamilyPolicy = sets.NewString(string(core.IPFamilyPolicySingleStack), string(core.IPFamilyPolicyPreferDualStack), string(core.IPFamilyPolicyRequireDualStack)) - -// ValidateService tests if required fields/annotations of a Service are valid. -func ValidateService(service *core.Service) field.ErrorList { - allErrs := ValidateObjectMeta(&service.ObjectMeta, true, ValidateServiceName, field.NewPath("metadata")) - - specPath := field.NewPath("spec") - - if len(service.Spec.Ports) == 0 && !isHeadlessService(service) && service.Spec.Type != core.ServiceTypeExternalName { - allErrs = append(allErrs, field.Required(specPath.Child("ports"), "")) - } - switch service.Spec.Type { - case core.ServiceTypeLoadBalancer: - for ix := range service.Spec.Ports { - port := &service.Spec.Ports[ix] - // This is a workaround for broken cloud environments that - // over-open firewalls. Hopefully it can go away when more clouds - // understand containers better. - if port.Port == ports.KubeletPort { - portPath := specPath.Child("ports").Index(ix) - allErrs = append(allErrs, field.Invalid(portPath, port.Port, fmt.Sprintf("may not expose port %v externally since it is used by kubelet", ports.KubeletPort))) - } - } - if isHeadlessService(service) { - allErrs = append(allErrs, field.Invalid(specPath.Child("clusterIPs").Index(0), service.Spec.ClusterIPs[0], "may not be set to 'None' for LoadBalancer services")) - } - case core.ServiceTypeNodePort: - if isHeadlessService(service) { - allErrs = append(allErrs, field.Invalid(specPath.Child("clusterIPs").Index(0), service.Spec.ClusterIPs[0], "may not be set to 'None' for NodePort services")) - } - case core.ServiceTypeExternalName: - // must have len(.spec.ClusterIPs) == 0 // note: strategy sets ClusterIPs based on ClusterIP - if len(service.Spec.ClusterIPs) > 0 { - allErrs = append(allErrs, field.Forbidden(specPath.Child("clusterIPs"), "may not be set for ExternalName services")) - } - - // must have nil families and nil policy - if len(service.Spec.IPFamilies) > 0 { - allErrs = append(allErrs, field.Forbidden(specPath.Child("ipFamilies"), "may not be set for ExternalName services")) - } - if service.Spec.IPFamilyPolicy != nil { - allErrs = append(allErrs, field.Forbidden(specPath.Child("ipFamilyPolicy"), "may not be set for ExternalName services")) - } - - // The value (a CNAME) may have a trailing dot to denote it as fully qualified - cname := strings.TrimSuffix(service.Spec.ExternalName, ".") - if len(cname) > 0 { - allErrs = append(allErrs, ValidateDNS1123Subdomain(cname, specPath.Child("externalName"))...) - } else { - allErrs = append(allErrs, field.Required(specPath.Child("externalName"), "")) - } - } - - allPortNames := sets.String{} - portsPath := specPath.Child("ports") - for i := range service.Spec.Ports { - portPath := portsPath.Index(i) - allErrs = append(allErrs, validateServicePort(&service.Spec.Ports[i], len(service.Spec.Ports) > 1, isHeadlessService(service), &allPortNames, portPath)...) - } - - if service.Spec.Selector != nil { - allErrs = append(allErrs, unversionedvalidation.ValidateLabels(service.Spec.Selector, specPath.Child("selector"))...) - } - - if len(service.Spec.SessionAffinity) == 0 { - allErrs = append(allErrs, field.Required(specPath.Child("sessionAffinity"), "")) - } else if !supportedSessionAffinityType.Has(string(service.Spec.SessionAffinity)) { - allErrs = append(allErrs, field.NotSupported(specPath.Child("sessionAffinity"), service.Spec.SessionAffinity, supportedSessionAffinityType.List())) - } - - if service.Spec.SessionAffinity == core.ServiceAffinityClientIP { - allErrs = append(allErrs, validateClientIPAffinityConfig(service.Spec.SessionAffinityConfig, specPath.Child("sessionAffinityConfig"))...) - } else if service.Spec.SessionAffinity == core.ServiceAffinityNone { - if service.Spec.SessionAffinityConfig != nil { - allErrs = append(allErrs, field.Forbidden(specPath.Child("sessionAffinityConfig"), fmt.Sprintf("must not be set when session affinity is %s", string(core.ServiceAffinityNone)))) - } - } - - // dualstack <-> ClusterIPs <-> ipfamilies - allErrs = append(allErrs, ValidateServiceClusterIPsRelatedFields(service)...) - - ipPath := specPath.Child("externalIPs") - for i, ip := range service.Spec.ExternalIPs { - idxPath := ipPath.Index(i) - if msgs := validation.IsValidIP(ip); len(msgs) != 0 { - for i := range msgs { - allErrs = append(allErrs, field.Invalid(idxPath, ip, msgs[i])) - } - } else { - allErrs = append(allErrs, ValidateNonSpecialIP(ip, idxPath)...) - } - } - - if len(service.Spec.Type) == 0 { - allErrs = append(allErrs, field.Required(specPath.Child("type"), "")) - } else if !supportedServiceType.Has(string(service.Spec.Type)) { - allErrs = append(allErrs, field.NotSupported(specPath.Child("type"), service.Spec.Type, supportedServiceType.List())) - } - - if service.Spec.Type == core.ServiceTypeClusterIP { - portsPath := specPath.Child("ports") - for i := range service.Spec.Ports { - portPath := portsPath.Index(i) - if service.Spec.Ports[i].NodePort != 0 { - allErrs = append(allErrs, field.Forbidden(portPath.Child("nodePort"), "may not be used when `type` is 'ClusterIP'")) - } - } - } - - // Check for duplicate NodePorts, considering (protocol,port) pairs - portsPath = specPath.Child("ports") - nodePorts := make(map[core.ServicePort]bool) - for i := range service.Spec.Ports { - port := &service.Spec.Ports[i] - if port.NodePort == 0 { - continue - } - portPath := portsPath.Index(i) - var key core.ServicePort - key.Protocol = port.Protocol - key.NodePort = port.NodePort - _, found := nodePorts[key] - if found { - allErrs = append(allErrs, field.Duplicate(portPath.Child("nodePort"), port.NodePort)) - } - nodePorts[key] = true - } - - // Check for duplicate Ports, considering (protocol,port) pairs - portsPath = specPath.Child("ports") - ports := make(map[core.ServicePort]bool) - for i, port := range service.Spec.Ports { - portPath := portsPath.Index(i) - key := core.ServicePort{Protocol: port.Protocol, Port: port.Port} - _, found := ports[key] - if found { - allErrs = append(allErrs, field.Duplicate(portPath, key)) - } - ports[key] = true - } - - // Validate SourceRange field and annotation - _, ok := service.Annotations[core.AnnotationLoadBalancerSourceRangesKey] - if len(service.Spec.LoadBalancerSourceRanges) > 0 || ok { - var fieldPath *field.Path - var val string - if len(service.Spec.LoadBalancerSourceRanges) > 0 { - fieldPath = specPath.Child("LoadBalancerSourceRanges") - val = fmt.Sprintf("%v", service.Spec.LoadBalancerSourceRanges) - } else { - fieldPath = field.NewPath("metadata", "annotations").Key(core.AnnotationLoadBalancerSourceRangesKey) - val = service.Annotations[core.AnnotationLoadBalancerSourceRangesKey] - } - if service.Spec.Type != core.ServiceTypeLoadBalancer { - allErrs = append(allErrs, field.Forbidden(fieldPath, "may only be used when `type` is 'LoadBalancer'")) - } - _, err := apiservice.GetLoadBalancerSourceRanges(service) - if err != nil { - allErrs = append(allErrs, field.Invalid(fieldPath, val, "must be a list of IP ranges. For example, 10.240.0.0/24,10.250.0.0/24 ")) - } - } - - if service.Spec.AllocateLoadBalancerNodePorts != nil && service.Spec.Type != core.ServiceTypeLoadBalancer { - allErrs = append(allErrs, field.Forbidden(specPath.Child("allocateLoadBalancerNodePorts"), "may only be used when `type` is 'LoadBalancer'")) - } - - if service.Spec.Type == core.ServiceTypeLoadBalancer && service.Spec.AllocateLoadBalancerNodePorts == nil { - allErrs = append(allErrs, field.Required(field.NewPath("allocateLoadBalancerNodePorts"), "")) - } - - // validate LoadBalancerClass field - allErrs = append(allErrs, validateLoadBalancerClassField(nil, service)...) - - // external traffic policy fields - allErrs = append(allErrs, validateServiceExternalTrafficPolicy(service)...) - - // internal traffic policy field - allErrs = append(allErrs, validateServiceInternalTrafficFieldsValue(service)...) - - return allErrs -} - -func validateServicePort(sp *core.ServicePort, requireName, isHeadlessService bool, allNames *sets.String, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if requireName && len(sp.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else if len(sp.Name) != 0 { - allErrs = append(allErrs, ValidateDNS1123Label(sp.Name, fldPath.Child("name"))...) - if allNames.Has(sp.Name) { - allErrs = append(allErrs, field.Duplicate(fldPath.Child("name"), sp.Name)) - } else { - allNames.Insert(sp.Name) - } - } - - for _, msg := range validation.IsValidPortNum(int(sp.Port)) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("port"), sp.Port, msg)) - } - - if len(sp.Protocol) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("protocol"), "")) - } else if !supportedPortProtocols.Has(string(sp.Protocol)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("protocol"), sp.Protocol, supportedPortProtocols.List())) - } - - allErrs = append(allErrs, ValidatePortNumOrName(sp.TargetPort, fldPath.Child("targetPort"))...) - - if sp.AppProtocol != nil { - allErrs = append(allErrs, ValidateQualifiedName(*sp.AppProtocol, fldPath.Child("appProtocol"))...) - } - - // in the v1 API, targetPorts on headless services were tolerated. - // once we have version-specific validation, we can reject this on newer API versions, but until then, we have to tolerate it for compatibility. - // - // if isHeadlessService { - // if sp.TargetPort.Type == intstr.String || (sp.TargetPort.Type == intstr.Int && sp.Port != sp.TargetPort.IntValue()) { - // allErrs = append(allErrs, field.Invalid(fldPath.Child("targetPort"), sp.TargetPort, "must be equal to the value of 'port' when clusterIP = None")) - // } - // } - - return allErrs -} - -func needsExternalTrafficPolicy(svc *core.Service) bool { - return svc.Spec.Type == core.ServiceTypeLoadBalancer || svc.Spec.Type == core.ServiceTypeNodePort -} - -var validExternalTrafficPolicies = sets.NewString( - string(core.ServiceExternalTrafficPolicyTypeCluster), - string(core.ServiceExternalTrafficPolicyTypeLocal)) - -func validateServiceExternalTrafficPolicy(service *core.Service) field.ErrorList { - allErrs := field.ErrorList{} - - fldPath := field.NewPath("spec") - - if !needsExternalTrafficPolicy(service) { - if service.Spec.ExternalTrafficPolicy != "" { - allErrs = append(allErrs, field.Invalid(fldPath.Child("externalTrafficPolicy"), service.Spec.ExternalTrafficPolicy, - "may only be set when `type` is 'NodePort' or 'LoadBalancer'")) - } - } else { - if service.Spec.ExternalTrafficPolicy == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("externalTrafficPolicy"), "")) - } else if !validExternalTrafficPolicies.Has(string(service.Spec.ExternalTrafficPolicy)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("externalTrafficPolicy"), - service.Spec.ExternalTrafficPolicy, validExternalTrafficPolicies.List())) - } - } - - if !apiservice.NeedsHealthCheck(service) { - if service.Spec.HealthCheckNodePort != 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("healthCheckNodePort"), service.Spec.HealthCheckNodePort, - "may only be set when `type` is 'LoadBalancer' and `externalTrafficPolicy` is 'Local'")) - } - } else { - if service.Spec.HealthCheckNodePort == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("healthCheckNodePort"), "")) - } else { - for _, msg := range validation.IsValidPortNum(int(service.Spec.HealthCheckNodePort)) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("healthCheckNodePort"), service.Spec.HealthCheckNodePort, msg)) - } - } - } - - return allErrs -} - -func validateServiceExternalTrafficFieldsUpdate(before, after *core.Service) field.ErrorList { - allErrs := field.ErrorList{} - - if apiservice.NeedsHealthCheck(before) && apiservice.NeedsHealthCheck(after) { - if after.Spec.HealthCheckNodePort != before.Spec.HealthCheckNodePort { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "healthCheckNodePort"), "field is immutable")) - } - } - - return allErrs -} - -// validateServiceInternalTrafficFieldsValue validates InternalTraffic related -// spec have legal value. -func validateServiceInternalTrafficFieldsValue(service *core.Service) field.ErrorList { - allErrs := field.ErrorList{} - - if service.Spec.InternalTrafficPolicy == nil { - // We do not forbid internalTrafficPolicy on other Service types because of historical reasons. - // We did not check that before it went beta and we don't want to invalidate existing stored objects. - if service.Spec.Type == core.ServiceTypeNodePort || - service.Spec.Type == core.ServiceTypeLoadBalancer || service.Spec.Type == core.ServiceTypeClusterIP { - allErrs = append(allErrs, field.Required(field.NewPath("spec").Child("internalTrafficPolicy"), "")) - } - } - - if service.Spec.InternalTrafficPolicy != nil && !supportedServiceInternalTrafficPolicy.Has(string(*service.Spec.InternalTrafficPolicy)) { - allErrs = append(allErrs, field.NotSupported(field.NewPath("spec").Child("internalTrafficPolicy"), *service.Spec.InternalTrafficPolicy, supportedServiceInternalTrafficPolicy.List())) - } - - return allErrs -} - -// ValidateServiceCreate validates Services as they are created. -func ValidateServiceCreate(service *core.Service) field.ErrorList { - return ValidateService(service) -} - -// ValidateServiceUpdate tests if required fields in the service are set during an update -func ValidateServiceUpdate(service, oldService *core.Service) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&service.ObjectMeta, &oldService.ObjectMeta, field.NewPath("metadata")) - - // User can upgrade (add another clusterIP or ipFamily) - // can downgrade (remove secondary clusterIP or ipFamily) - // but *CAN NOT* change primary/secondary clusterIP || ipFamily *UNLESS* - // they are changing from/to/ON ExternalName - - upgradeDowngradeClusterIPsErrs := validateUpgradeDowngradeClusterIPs(oldService, service) - allErrs = append(allErrs, upgradeDowngradeClusterIPsErrs...) - - upgradeDowngradeIPFamiliesErrs := validateUpgradeDowngradeIPFamilies(oldService, service) - allErrs = append(allErrs, upgradeDowngradeIPFamiliesErrs...) - - upgradeDowngradeLoadBalancerClassErrs := validateLoadBalancerClassField(oldService, service) - allErrs = append(allErrs, upgradeDowngradeLoadBalancerClassErrs...) - - allErrs = append(allErrs, validateServiceExternalTrafficFieldsUpdate(oldService, service)...) - - return append(allErrs, ValidateService(service)...) -} - -// ValidateServiceStatusUpdate tests if required fields in the Service are set when updating status. -func ValidateServiceStatusUpdate(service, oldService *core.Service) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&service.ObjectMeta, &oldService.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateLoadBalancerStatus(&service.Status.LoadBalancer, field.NewPath("status", "loadBalancer"))...) - return allErrs -} - -// ValidateReplicationController tests if required fields in the replication controller are set. -func ValidateReplicationController(controller *core.ReplicationController, opts PodValidationOptions) field.ErrorList { - allErrs := ValidateObjectMeta(&controller.ObjectMeta, true, ValidateReplicationControllerName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateReplicationControllerSpec(&controller.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateReplicationControllerUpdate tests if required fields in the replication controller are set. -func ValidateReplicationControllerUpdate(controller, oldController *core.ReplicationController, opts PodValidationOptions) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&controller.ObjectMeta, &oldController.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateReplicationControllerSpec(&controller.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateReplicationControllerStatusUpdate tests if required fields in the replication controller are set. -func ValidateReplicationControllerStatusUpdate(controller, oldController *core.ReplicationController) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&controller.ObjectMeta, &oldController.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateReplicationControllerStatus(controller.Status, field.NewPath("status"))...) - return allErrs -} - -func ValidateReplicationControllerStatus(status core.ReplicationControllerStatus, statusPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateNonnegativeField(int64(status.Replicas), statusPath.Child("replicas"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(status.FullyLabeledReplicas), statusPath.Child("fullyLabeledReplicas"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(status.ReadyReplicas), statusPath.Child("readyReplicas"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(status.AvailableReplicas), statusPath.Child("availableReplicas"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(status.ObservedGeneration), statusPath.Child("observedGeneration"))...) - msg := "cannot be greater than status.replicas" - if status.FullyLabeledReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(statusPath.Child("fullyLabeledReplicas"), status.FullyLabeledReplicas, msg)) - } - if status.ReadyReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(statusPath.Child("readyReplicas"), status.ReadyReplicas, msg)) - } - if status.AvailableReplicas > status.Replicas { - allErrs = append(allErrs, field.Invalid(statusPath.Child("availableReplicas"), status.AvailableReplicas, msg)) - } - if status.AvailableReplicas > status.ReadyReplicas { - allErrs = append(allErrs, field.Invalid(statusPath.Child("availableReplicas"), status.AvailableReplicas, "cannot be greater than readyReplicas")) - } - return allErrs -} - -// Validates that the given selector is non-empty. -func ValidateNonEmptySelector(selectorMap map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - selector := labels.Set(selectorMap).AsSelector() - if selector.Empty() { - allErrs = append(allErrs, field.Required(fldPath, "")) - } - return allErrs -} - -// Validates the given template and ensures that it is in accordance with the desired selector and replicas. -func ValidatePodTemplateSpecForRC(template *core.PodTemplateSpec, selectorMap map[string]string, replicas int32, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if template == nil { - allErrs = append(allErrs, field.Required(fldPath, "")) - } else { - selector := labels.Set(selectorMap).AsSelector() - if !selector.Empty() { - // Verify that the RC selector matches the labels in template. - labels := labels.Set(template.Labels) - if !selector.Matches(labels) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata", "labels"), template.Labels, "`selector` does not match template `labels`")) - } - } - allErrs = append(allErrs, ValidatePodTemplateSpec(template, fldPath, opts)...) - if replicas > 1 { - allErrs = append(allErrs, ValidateReadOnlyPersistentDisks(template.Spec.Volumes, fldPath.Child("spec", "volumes"))...) - } - // RestartPolicy has already been first-order validated as per ValidatePodTemplateSpec(). - if template.Spec.RestartPolicy != core.RestartPolicyAlways { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("spec", "restartPolicy"), template.Spec.RestartPolicy, []string{string(core.RestartPolicyAlways)})) - } - if template.Spec.ActiveDeadlineSeconds != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("spec", "activeDeadlineSeconds"), "activeDeadlineSeconds in ReplicationController is not Supported")) - } - } - return allErrs -} - -// ValidateReplicationControllerSpec tests if required fields in the replication controller spec are set. -func ValidateReplicationControllerSpec(spec *core.ReplicationControllerSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateNonnegativeField(int64(spec.MinReadySeconds), fldPath.Child("minReadySeconds"))...) - allErrs = append(allErrs, ValidateNonEmptySelector(spec.Selector, fldPath.Child("selector"))...) - allErrs = append(allErrs, ValidateNonnegativeField(int64(spec.Replicas), fldPath.Child("replicas"))...) - allErrs = append(allErrs, ValidatePodTemplateSpecForRC(spec.Template, spec.Selector, spec.Replicas, fldPath.Child("template"), opts)...) - return allErrs -} - -// ValidatePodTemplateSpec validates the spec of a pod template -func ValidatePodTemplateSpec(spec *core.PodTemplateSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, unversionedvalidation.ValidateLabels(spec.Labels, fldPath.Child("labels"))...) - allErrs = append(allErrs, ValidateAnnotations(spec.Annotations, fldPath.Child("annotations"))...) - allErrs = append(allErrs, ValidatePodSpecificAnnotations(spec.Annotations, &spec.Spec, fldPath.Child("annotations"), opts)...) - allErrs = append(allErrs, ValidatePodSpec(&spec.Spec, nil, fldPath.Child("spec"), opts)...) - allErrs = append(allErrs, validateSeccompAnnotationsAndFields(spec.ObjectMeta, &spec.Spec, fldPath.Child("spec"))...) - - if len(spec.Spec.EphemeralContainers) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("spec", "ephemeralContainers"), "ephemeral containers not allowed in pod template")) - } - - return allErrs -} - -func ValidateReadOnlyPersistentDisks(volumes []core.Volume, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i := range volumes { - vol := &volumes[i] - idxPath := fldPath.Index(i) - if vol.GCEPersistentDisk != nil { - if !vol.GCEPersistentDisk.ReadOnly { - allErrs = append(allErrs, field.Invalid(idxPath.Child("gcePersistentDisk", "readOnly"), false, "must be true for replicated pods > 1; GCE PD can only be mounted on multiple machines if it is read-only")) - } - } - // TODO: What to do for AWS? It doesn't support replicas - } - return allErrs -} - -// ValidateTaintsInNodeAnnotations tests that the serialized taints in Node.Annotations has valid data -func ValidateTaintsInNodeAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - taints, err := helper.GetTaintsFromNodeAnnotations(annotations) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath, core.TaintsAnnotationKey, err.Error())) - return allErrs - } - - if len(taints) > 0 { - allErrs = append(allErrs, validateNodeTaints(taints, fldPath.Child(core.TaintsAnnotationKey))...) - } - - return allErrs -} - -// validateNodeTaints tests if given taints have valid data. -func validateNodeTaints(taints []core.Taint, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - - uniqueTaints := map[core.TaintEffect]sets.String{} - - for i, currTaint := range taints { - idxPath := fldPath.Index(i) - // validate the taint key - allErrors = append(allErrors, unversionedvalidation.ValidateLabelName(currTaint.Key, idxPath.Child("key"))...) - // validate the taint value - if errs := validation.IsValidLabelValue(currTaint.Value); len(errs) != 0 { - allErrors = append(allErrors, field.Invalid(idxPath.Child("value"), currTaint.Value, strings.Join(errs, ";"))) - } - // validate the taint effect - allErrors = append(allErrors, validateTaintEffect(&currTaint.Effect, false, idxPath.Child("effect"))...) - - // validate if taint is unique by <key, effect> - if len(uniqueTaints[currTaint.Effect]) > 0 && uniqueTaints[currTaint.Effect].Has(currTaint.Key) { - duplicatedError := field.Duplicate(idxPath, currTaint) - duplicatedError.Detail = "taints must be unique by key and effect pair" - allErrors = append(allErrors, duplicatedError) - continue - } - - // add taint to existingTaints for uniqueness check - if len(uniqueTaints[currTaint.Effect]) == 0 { - uniqueTaints[currTaint.Effect] = sets.String{} - } - uniqueTaints[currTaint.Effect].Insert(currTaint.Key) - } - return allErrors -} - -func ValidateNodeSpecificAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if annotations[core.TaintsAnnotationKey] != "" { - allErrs = append(allErrs, ValidateTaintsInNodeAnnotations(annotations, fldPath)...) - } - - if annotations[core.PreferAvoidPodsAnnotationKey] != "" { - allErrs = append(allErrs, ValidateAvoidPodsInNodeAnnotations(annotations, fldPath)...) - } - return allErrs -} - -// ValidateNode tests if required fields in the node are set. -func ValidateNode(node *core.Node) field.ErrorList { - fldPath := field.NewPath("metadata") - allErrs := ValidateObjectMeta(&node.ObjectMeta, false, ValidateNodeName, fldPath) - allErrs = append(allErrs, ValidateNodeSpecificAnnotations(node.ObjectMeta.Annotations, fldPath.Child("annotations"))...) - if len(node.Spec.Taints) > 0 { - allErrs = append(allErrs, validateNodeTaints(node.Spec.Taints, fldPath.Child("taints"))...) - } - - // Only validate spec. - // All status fields are optional and can be updated later. - // That said, if specified, we need to ensure they are valid. - allErrs = append(allErrs, ValidateNodeResources(node)...) - - // validate PodCIDRS only if we need to - if len(node.Spec.PodCIDRs) > 0 { - podCIDRsField := field.NewPath("spec", "podCIDRs") - - // all PodCIDRs should be valid ones - for idx, value := range node.Spec.PodCIDRs { - if _, err := ValidateCIDR(value); err != nil { - allErrs = append(allErrs, field.Invalid(podCIDRsField.Index(idx), node.Spec.PodCIDRs, "must be valid CIDR")) - } - } - - // if more than PodCIDR then - // - validate for dual stack - // - validate for duplication - if len(node.Spec.PodCIDRs) > 1 { - dualStack, err := netutils.IsDualStackCIDRStrings(node.Spec.PodCIDRs) - if err != nil { - allErrs = append(allErrs, field.InternalError(podCIDRsField, fmt.Errorf("invalid PodCIDRs. failed to check with dual stack with error:%v", err))) - } - if !dualStack || len(node.Spec.PodCIDRs) > 2 { - allErrs = append(allErrs, field.Invalid(podCIDRsField, node.Spec.PodCIDRs, "may specify no more than one CIDR for each IP family")) - } - - // PodCIDRs must not contain duplicates - seen := sets.String{} - for i, value := range node.Spec.PodCIDRs { - if seen.Has(value) { - allErrs = append(allErrs, field.Duplicate(podCIDRsField.Index(i), value)) - } - seen.Insert(value) - } - } - } - - return allErrs -} - -// ValidateNodeResources is used to make sure a node has valid capacity and allocatable values. -func ValidateNodeResources(node *core.Node) field.ErrorList { - allErrs := field.ErrorList{} - - // Validate resource quantities in capacity. - for k, v := range node.Status.Capacity { - resPath := field.NewPath("status", "capacity", string(k)) - allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, resPath)...) - } - - // Validate resource quantities in allocatable. - for k, v := range node.Status.Allocatable { - resPath := field.NewPath("status", "allocatable", string(k)) - allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, resPath)...) - } - return allErrs -} - -// ValidateNodeUpdate tests to make sure a node update can be applied. Modifies oldNode. -func ValidateNodeUpdate(node, oldNode *core.Node) field.ErrorList { - fldPath := field.NewPath("metadata") - allErrs := ValidateObjectMetaUpdate(&node.ObjectMeta, &oldNode.ObjectMeta, fldPath) - allErrs = append(allErrs, ValidateNodeSpecificAnnotations(node.ObjectMeta.Annotations, fldPath.Child("annotations"))...) - - // TODO: Enable the code once we have better core object.status update model. Currently, - // anyone can update node status. - // if !apiequality.Semantic.DeepEqual(node.Status, core.NodeStatus{}) { - // allErrs = append(allErrs, field.Invalid("status", node.Status, "must be empty")) - // } - - allErrs = append(allErrs, ValidateNodeResources(node)...) - - // Validate no duplicate addresses in node status. - addresses := make(map[core.NodeAddress]bool) - for i, address := range node.Status.Addresses { - if _, ok := addresses[address]; ok { - allErrs = append(allErrs, field.Duplicate(field.NewPath("status", "addresses").Index(i), address)) - } - addresses[address] = true - } - - // Allow the controller manager to assign a CIDR to a node if it doesn't have one. - if len(oldNode.Spec.PodCIDRs) > 0 { - // compare the entire slice - if len(oldNode.Spec.PodCIDRs) != len(node.Spec.PodCIDRs) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "podCIDRs"), "node updates may not change podCIDR except from \"\" to valid")) - } else { - for idx, value := range oldNode.Spec.PodCIDRs { - if value != node.Spec.PodCIDRs[idx] { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "podCIDRs"), "node updates may not change podCIDR except from \"\" to valid")) - } - } - } - } - - // Allow controller manager updating provider ID when not set - if len(oldNode.Spec.ProviderID) > 0 && oldNode.Spec.ProviderID != node.Spec.ProviderID { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "providerID"), "node updates may not change providerID except from \"\" to valid")) - } - - if node.Spec.ConfigSource != nil { - allErrs = append(allErrs, validateNodeConfigSourceSpec(node.Spec.ConfigSource, field.NewPath("spec", "configSource"))...) - } - if node.Status.Config != nil { - allErrs = append(allErrs, validateNodeConfigStatus(node.Status.Config, field.NewPath("status", "config"))...) - } - - // update taints - if len(node.Spec.Taints) > 0 { - allErrs = append(allErrs, validateNodeTaints(node.Spec.Taints, fldPath.Child("taints"))...) - } - - if node.Spec.DoNotUseExternalID != oldNode.Spec.DoNotUseExternalID { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "externalID"), "may not be updated")) - } - - // status and metadata are allowed change (barring restrictions above), so separately test spec field. - // spec only has a few fields, so check the ones we don't allow changing - // 1. PodCIDRs - immutable after first set - checked above - // 2. ProviderID - immutable after first set - checked above - // 3. Unschedulable - allowed to change - // 4. Taints - allowed to change - // 5. ConfigSource - allowed to change (and checked above) - // 6. DoNotUseExternalID - immutable - checked above - - return allErrs -} - -// validation specific to Node.Spec.ConfigSource -// The field ConfigSource is deprecated and will not be used. The validation is kept in place -// for the backward compatibility -func validateNodeConfigSourceSpec(source *core.NodeConfigSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - count := int(0) - if source.ConfigMap != nil { - count++ - allErrs = append(allErrs, validateConfigMapNodeConfigSourceSpec(source.ConfigMap, fldPath.Child("configMap"))...) - } - // add more subfields here in the future as they are added to NodeConfigSource - - // exactly one reference subfield must be non-nil - if count != 1 { - allErrs = append(allErrs, field.Invalid(fldPath, source, "exactly one reference subfield must be non-nil")) - } - return allErrs -} - -// validation specific to Node.Spec.ConfigSource.ConfigMap -// The field ConfigSource is deprecated and will not be used. The validation is kept in place -// for the backward compatibility -func validateConfigMapNodeConfigSourceSpec(source *core.ConfigMapNodeConfigSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // uid and resourceVersion must not be set in spec - if string(source.UID) != "" { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("uid"), "uid must not be set in spec")) - } - if source.ResourceVersion != "" { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("resourceVersion"), "resourceVersion must not be set in spec")) - } - return append(allErrs, validateConfigMapNodeConfigSource(source, fldPath)...) -} - -// validation specififc to Node.Status.Config -func validateNodeConfigStatus(status *core.NodeConfigStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if status.Assigned != nil { - allErrs = append(allErrs, validateNodeConfigSourceStatus(status.Assigned, fldPath.Child("assigned"))...) - } - if status.Active != nil { - allErrs = append(allErrs, validateNodeConfigSourceStatus(status.Active, fldPath.Child("active"))...) - } - if status.LastKnownGood != nil { - allErrs = append(allErrs, validateNodeConfigSourceStatus(status.LastKnownGood, fldPath.Child("lastKnownGood"))...) - } - return allErrs -} - -// validation specific to Node.Status.Config.(Active|Assigned|LastKnownGood) -func validateNodeConfigSourceStatus(source *core.NodeConfigSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - count := int(0) - if source.ConfigMap != nil { - count++ - allErrs = append(allErrs, validateConfigMapNodeConfigSourceStatus(source.ConfigMap, fldPath.Child("configMap"))...) - } - // add more subfields here in the future as they are added to NodeConfigSource - - // exactly one reference subfield must be non-nil - if count != 1 { - allErrs = append(allErrs, field.Invalid(fldPath, source, "exactly one reference subfield must be non-nil")) - } - return allErrs -} - -// validation specific to Node.Status.Config.(Active|Assigned|LastKnownGood).ConfigMap -func validateConfigMapNodeConfigSourceStatus(source *core.ConfigMapNodeConfigSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // uid and resourceVersion must be set in status - if string(source.UID) == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("uid"), "uid must be set in status")) - } - if source.ResourceVersion == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("resourceVersion"), "resourceVersion must be set in status")) - } - return append(allErrs, validateConfigMapNodeConfigSource(source, fldPath)...) -} - -// common validation -func validateConfigMapNodeConfigSource(source *core.ConfigMapNodeConfigSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // validate target configmap namespace - if source.Namespace == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), "namespace must be set")) - } else { - for _, msg := range ValidateNameFunc(ValidateNamespaceName)(source.Namespace, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), source.Namespace, msg)) - } - } - // validate target configmap name - if source.Name == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "name must be set")) - } else { - for _, msg := range ValidateNameFunc(ValidateConfigMapName)(source.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), source.Name, msg)) - } - } - // validate kubeletConfigKey against rules for configMap key names - if source.KubeletConfigKey == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("kubeletConfigKey"), "kubeletConfigKey must be set")) - } else { - for _, msg := range validation.IsConfigMapKey(source.KubeletConfigKey) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("kubeletConfigKey"), source.KubeletConfigKey, msg)) - } - } - return allErrs -} - -// Validate compute resource typename. -// Refer to docs/design/resources.md for more details. -func validateResourceName(value string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsQualifiedName(value) { - allErrs = append(allErrs, field.Invalid(fldPath, value, msg)) - } - if len(allErrs) != 0 { - return allErrs - } - - if len(strings.Split(value, "/")) == 1 { - if !helper.IsStandardResourceName(value) { - return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource type or fully qualified")) - } - } - - return allErrs -} - -// Validate container resource name -// Refer to docs/design/resources.md for more details. -func validateContainerResourceName(value string, fldPath *field.Path) field.ErrorList { - allErrs := validateResourceName(value, fldPath) - - if len(strings.Split(value, "/")) == 1 { - if !helper.IsStandardContainerResourceName(value) { - return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource for containers")) - } - } else if !helper.IsNativeResource(core.ResourceName(value)) { - if !helper.IsExtendedResourceName(core.ResourceName(value)) { - return append(allErrs, field.Invalid(fldPath, value, "doesn't follow extended resource name standard")) - } - } - return allErrs -} - -// Validate resource names that can go in a resource quota -// Refer to docs/design/resources.md for more details. -func ValidateResourceQuotaResourceName(value string, fldPath *field.Path) field.ErrorList { - allErrs := validateResourceName(value, fldPath) - - if len(strings.Split(value, "/")) == 1 { - if !helper.IsStandardQuotaResourceName(value) { - return append(allErrs, field.Invalid(fldPath, value, isInvalidQuotaResource)) - } - } - return allErrs -} - -// Validate limit range types -func validateLimitRangeTypeName(value string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsQualifiedName(value) { - allErrs = append(allErrs, field.Invalid(fldPath, value, msg)) - } - if len(allErrs) != 0 { - return allErrs - } - - if len(strings.Split(value, "/")) == 1 { - if !helper.IsStandardLimitRangeType(value) { - return append(allErrs, field.Invalid(fldPath, value, "must be a standard limit type or fully qualified")) - } - } - - return allErrs -} - -// Validate limit range resource name -// limit types (other than Pod/Container) could contain storage not just cpu or memory -func validateLimitRangeResourceName(limitType core.LimitType, value string, fldPath *field.Path) field.ErrorList { - switch limitType { - case core.LimitTypePod, core.LimitTypeContainer: - return validateContainerResourceName(value, fldPath) - default: - return validateResourceName(value, fldPath) - } -} - -// ValidateLimitRange tests if required fields in the LimitRange are set. -func ValidateLimitRange(limitRange *core.LimitRange) field.ErrorList { - allErrs := ValidateObjectMeta(&limitRange.ObjectMeta, true, ValidateLimitRangeName, field.NewPath("metadata")) - - // ensure resource names are properly qualified per docs/design/resources.md - limitTypeSet := map[core.LimitType]bool{} - fldPath := field.NewPath("spec", "limits") - for i := range limitRange.Spec.Limits { - idxPath := fldPath.Index(i) - limit := &limitRange.Spec.Limits[i] - allErrs = append(allErrs, validateLimitRangeTypeName(string(limit.Type), idxPath.Child("type"))...) - - _, found := limitTypeSet[limit.Type] - if found { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("type"), limit.Type)) - } - limitTypeSet[limit.Type] = true - - keys := sets.String{} - min := map[string]resource.Quantity{} - max := map[string]resource.Quantity{} - defaults := map[string]resource.Quantity{} - defaultRequests := map[string]resource.Quantity{} - maxLimitRequestRatios := map[string]resource.Quantity{} - - for k, q := range limit.Max { - allErrs = append(allErrs, validateLimitRangeResourceName(limit.Type, string(k), idxPath.Child("max").Key(string(k)))...) - keys.Insert(string(k)) - max[string(k)] = q - } - for k, q := range limit.Min { - allErrs = append(allErrs, validateLimitRangeResourceName(limit.Type, string(k), idxPath.Child("min").Key(string(k)))...) - keys.Insert(string(k)) - min[string(k)] = q - } - - if limit.Type == core.LimitTypePod { - if len(limit.Default) > 0 { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("default"), "may not be specified when `type` is 'Pod'")) - } - if len(limit.DefaultRequest) > 0 { - allErrs = append(allErrs, field.Forbidden(idxPath.Child("defaultRequest"), "may not be specified when `type` is 'Pod'")) - } - } else { - for k, q := range limit.Default { - allErrs = append(allErrs, validateLimitRangeResourceName(limit.Type, string(k), idxPath.Child("default").Key(string(k)))...) - keys.Insert(string(k)) - defaults[string(k)] = q - } - for k, q := range limit.DefaultRequest { - allErrs = append(allErrs, validateLimitRangeResourceName(limit.Type, string(k), idxPath.Child("defaultRequest").Key(string(k)))...) - keys.Insert(string(k)) - defaultRequests[string(k)] = q - } - } - - if limit.Type == core.LimitTypePersistentVolumeClaim { - _, minQuantityFound := limit.Min[core.ResourceStorage] - _, maxQuantityFound := limit.Max[core.ResourceStorage] - if !minQuantityFound && !maxQuantityFound { - allErrs = append(allErrs, field.Required(idxPath.Child("limits"), "either minimum or maximum storage value is required, but neither was provided")) - } - } - - for k, q := range limit.MaxLimitRequestRatio { - allErrs = append(allErrs, validateLimitRangeResourceName(limit.Type, string(k), idxPath.Child("maxLimitRequestRatio").Key(string(k)))...) - keys.Insert(string(k)) - maxLimitRequestRatios[string(k)] = q - } - - for k := range keys { - minQuantity, minQuantityFound := min[k] - maxQuantity, maxQuantityFound := max[k] - defaultQuantity, defaultQuantityFound := defaults[k] - defaultRequestQuantity, defaultRequestQuantityFound := defaultRequests[k] - maxRatio, maxRatioFound := maxLimitRequestRatios[k] - - if minQuantityFound && maxQuantityFound && minQuantity.Cmp(maxQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("min").Key(string(k)), minQuantity, fmt.Sprintf("min value %s is greater than max value %s", minQuantity.String(), maxQuantity.String()))) - } - - if defaultRequestQuantityFound && minQuantityFound && minQuantity.Cmp(defaultRequestQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("defaultRequest").Key(string(k)), defaultRequestQuantity, fmt.Sprintf("min value %s is greater than default request value %s", minQuantity.String(), defaultRequestQuantity.String()))) - } - - if defaultRequestQuantityFound && maxQuantityFound && defaultRequestQuantity.Cmp(maxQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("defaultRequest").Key(string(k)), defaultRequestQuantity, fmt.Sprintf("default request value %s is greater than max value %s", defaultRequestQuantity.String(), maxQuantity.String()))) - } - - if defaultRequestQuantityFound && defaultQuantityFound && defaultRequestQuantity.Cmp(defaultQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("defaultRequest").Key(string(k)), defaultRequestQuantity, fmt.Sprintf("default request value %s is greater than default limit value %s", defaultRequestQuantity.String(), defaultQuantity.String()))) - } - - if defaultQuantityFound && minQuantityFound && minQuantity.Cmp(defaultQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("default").Key(string(k)), minQuantity, fmt.Sprintf("min value %s is greater than default value %s", minQuantity.String(), defaultQuantity.String()))) - } - - if defaultQuantityFound && maxQuantityFound && defaultQuantity.Cmp(maxQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("default").Key(string(k)), maxQuantity, fmt.Sprintf("default value %s is greater than max value %s", defaultQuantity.String(), maxQuantity.String()))) - } - if maxRatioFound && maxRatio.Cmp(*resource.NewQuantity(1, resource.DecimalSI)) < 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("maxLimitRequestRatio").Key(string(k)), maxRatio, fmt.Sprintf("ratio %s is less than 1", maxRatio.String()))) - } - if maxRatioFound && minQuantityFound && maxQuantityFound { - maxRatioValue := float64(maxRatio.Value()) - minQuantityValue := minQuantity.Value() - maxQuantityValue := maxQuantity.Value() - if maxRatio.Value() < resource.MaxMilliValue && minQuantityValue < resource.MaxMilliValue && maxQuantityValue < resource.MaxMilliValue { - maxRatioValue = float64(maxRatio.MilliValue()) / 1000 - minQuantityValue = minQuantity.MilliValue() - maxQuantityValue = maxQuantity.MilliValue() - } - maxRatioLimit := float64(maxQuantityValue) / float64(minQuantityValue) - if maxRatioValue > maxRatioLimit { - allErrs = append(allErrs, field.Invalid(idxPath.Child("maxLimitRequestRatio").Key(string(k)), maxRatio, fmt.Sprintf("ratio %s is greater than max/min = %f", maxRatio.String(), maxRatioLimit))) - } - } - - // for GPU, hugepages and other resources that are not allowed to overcommit, - // the default value and defaultRequest value must match if both are specified - if !helper.IsOvercommitAllowed(core.ResourceName(k)) && defaultQuantityFound && defaultRequestQuantityFound && defaultQuantity.Cmp(defaultRequestQuantity) != 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("defaultRequest").Key(string(k)), defaultRequestQuantity, fmt.Sprintf("default value %s must equal to defaultRequest value %s in %s", defaultQuantity.String(), defaultRequestQuantity.String(), k))) - } - } - } - - return allErrs -} - -// ValidateServiceAccount tests if required fields in the ServiceAccount are set. -func ValidateServiceAccount(serviceAccount *core.ServiceAccount) field.ErrorList { - allErrs := ValidateObjectMeta(&serviceAccount.ObjectMeta, true, ValidateServiceAccountName, field.NewPath("metadata")) - return allErrs -} - -// ValidateServiceAccountUpdate tests if required fields in the ServiceAccount are set. -func ValidateServiceAccountUpdate(newServiceAccount, oldServiceAccount *core.ServiceAccount) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newServiceAccount.ObjectMeta, &oldServiceAccount.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateServiceAccount(newServiceAccount)...) - return allErrs -} - -// ValidateSecret tests if required fields in the Secret are set. -func ValidateSecret(secret *core.Secret) field.ErrorList { - allErrs := ValidateObjectMeta(&secret.ObjectMeta, true, ValidateSecretName, field.NewPath("metadata")) - - dataPath := field.NewPath("data") - totalSize := 0 - for key, value := range secret.Data { - for _, msg := range validation.IsConfigMapKey(key) { - allErrs = append(allErrs, field.Invalid(dataPath.Key(key), key, msg)) - } - totalSize += len(value) - } - if totalSize > core.MaxSecretSize { - allErrs = append(allErrs, field.TooLong(dataPath, "", core.MaxSecretSize)) - } - - switch secret.Type { - case core.SecretTypeServiceAccountToken: - // Only require Annotations[kubernetes.io/service-account.name] - // Additional fields (like Annotations[kubernetes.io/service-account.uid] and Data[token]) might be contributed later by a controller loop - if value := secret.Annotations[core.ServiceAccountNameKey]; len(value) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("metadata", "annotations").Key(core.ServiceAccountNameKey), "")) - } - case core.SecretTypeOpaque, "": - // no-op - case core.SecretTypeDockercfg: - dockercfgBytes, exists := secret.Data[core.DockerConfigKey] - if !exists { - allErrs = append(allErrs, field.Required(dataPath.Key(core.DockerConfigKey), "")) - break - } - - // make sure that the content is well-formed json. - if err := json.Unmarshal(dockercfgBytes, &map[string]interface{}{}); err != nil { - allErrs = append(allErrs, field.Invalid(dataPath.Key(core.DockerConfigKey), "<secret contents redacted>", err.Error())) - } - case core.SecretTypeDockerConfigJSON: - dockerConfigJSONBytes, exists := secret.Data[core.DockerConfigJSONKey] - if !exists { - allErrs = append(allErrs, field.Required(dataPath.Key(core.DockerConfigJSONKey), "")) - break - } - - // make sure that the content is well-formed json. - if err := json.Unmarshal(dockerConfigJSONBytes, &map[string]interface{}{}); err != nil { - allErrs = append(allErrs, field.Invalid(dataPath.Key(core.DockerConfigJSONKey), "<secret contents redacted>", err.Error())) - } - case core.SecretTypeBasicAuth: - _, usernameFieldExists := secret.Data[core.BasicAuthUsernameKey] - _, passwordFieldExists := secret.Data[core.BasicAuthPasswordKey] - - // username or password might be empty, but the field must be present - if !usernameFieldExists && !passwordFieldExists { - allErrs = append(allErrs, field.Required(dataPath.Key(core.BasicAuthUsernameKey), "")) - allErrs = append(allErrs, field.Required(dataPath.Key(core.BasicAuthPasswordKey), "")) - break - } - case core.SecretTypeSSHAuth: - if len(secret.Data[core.SSHAuthPrivateKey]) == 0 { - allErrs = append(allErrs, field.Required(dataPath.Key(core.SSHAuthPrivateKey), "")) - break - } - - case core.SecretTypeTLS: - if _, exists := secret.Data[core.TLSCertKey]; !exists { - allErrs = append(allErrs, field.Required(dataPath.Key(core.TLSCertKey), "")) - } - if _, exists := secret.Data[core.TLSPrivateKeyKey]; !exists { - allErrs = append(allErrs, field.Required(dataPath.Key(core.TLSPrivateKeyKey), "")) - } - // TODO: Verify that the key matches the cert. - default: - // no-op - } - - return allErrs -} - -// ValidateSecretUpdate tests if required fields in the Secret are set. -func ValidateSecretUpdate(newSecret, oldSecret *core.Secret) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newSecret.ObjectMeta, &oldSecret.ObjectMeta, field.NewPath("metadata")) - - allErrs = append(allErrs, ValidateImmutableField(newSecret.Type, oldSecret.Type, field.NewPath("type"))...) - if oldSecret.Immutable != nil && *oldSecret.Immutable { - if newSecret.Immutable == nil || !*newSecret.Immutable { - allErrs = append(allErrs, field.Forbidden(field.NewPath("immutable"), "field is immutable when `immutable` is set")) - } - if !reflect.DeepEqual(newSecret.Data, oldSecret.Data) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("data"), "field is immutable when `immutable` is set")) - } - // We don't validate StringData, as it was already converted back to Data - // before validation is happening. - } - - allErrs = append(allErrs, ValidateSecret(newSecret)...) - return allErrs -} - -// ValidateConfigMapName can be used to check whether the given ConfigMap name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidateConfigMapName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateConfigMap tests whether required fields in the ConfigMap are set. -func ValidateConfigMap(cfg *core.ConfigMap) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateObjectMeta(&cfg.ObjectMeta, true, ValidateConfigMapName, field.NewPath("metadata"))...) - - totalSize := 0 - - for key, value := range cfg.Data { - for _, msg := range validation.IsConfigMapKey(key) { - allErrs = append(allErrs, field.Invalid(field.NewPath("data").Key(key), key, msg)) - } - // check if we have a duplicate key in the other bag - if _, isValue := cfg.BinaryData[key]; isValue { - msg := "duplicate of key present in binaryData" - allErrs = append(allErrs, field.Invalid(field.NewPath("data").Key(key), key, msg)) - } - totalSize += len(value) - } - for key, value := range cfg.BinaryData { - for _, msg := range validation.IsConfigMapKey(key) { - allErrs = append(allErrs, field.Invalid(field.NewPath("binaryData").Key(key), key, msg)) - } - totalSize += len(value) - } - if totalSize > core.MaxSecretSize { - // pass back "" to indicate that the error refers to the whole object. - allErrs = append(allErrs, field.TooLong(field.NewPath(""), cfg, core.MaxSecretSize)) - } - - return allErrs -} - -// ValidateConfigMapUpdate tests if required fields in the ConfigMap are set. -func ValidateConfigMapUpdate(newCfg, oldCfg *core.ConfigMap) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateObjectMetaUpdate(&newCfg.ObjectMeta, &oldCfg.ObjectMeta, field.NewPath("metadata"))...) - - if oldCfg.Immutable != nil && *oldCfg.Immutable { - if newCfg.Immutable == nil || !*newCfg.Immutable { - allErrs = append(allErrs, field.Forbidden(field.NewPath("immutable"), "field is immutable when `immutable` is set")) - } - if !reflect.DeepEqual(newCfg.Data, oldCfg.Data) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("data"), "field is immutable when `immutable` is set")) - } - if !reflect.DeepEqual(newCfg.BinaryData, oldCfg.BinaryData) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("binaryData"), "field is immutable when `immutable` is set")) - } - } - - allErrs = append(allErrs, ValidateConfigMap(newCfg)...) - return allErrs -} - -func validateBasicResource(quantity resource.Quantity, fldPath *field.Path) field.ErrorList { - if quantity.Value() < 0 { - return field.ErrorList{field.Invalid(fldPath, quantity.Value(), "must be a valid resource quantity")} - } - return field.ErrorList{} -} - -// Validates resource requirement spec. -func ValidateResourceRequirements(requirements *core.ResourceRequirements, podClaimNames sets.String, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - limPath := fldPath.Child("limits") - reqPath := fldPath.Child("requests") - limContainsCPUOrMemory := false - reqContainsCPUOrMemory := false - limContainsHugePages := false - reqContainsHugePages := false - supportedQoSComputeResources := sets.NewString(string(core.ResourceCPU), string(core.ResourceMemory)) - for resourceName, quantity := range requirements.Limits { - - fldPath := limPath.Key(string(resourceName)) - // Validate resource name. - allErrs = append(allErrs, validateContainerResourceName(string(resourceName), fldPath)...) - - // Validate resource quantity. - allErrs = append(allErrs, ValidateResourceQuantityValue(string(resourceName), quantity, fldPath)...) - - if helper.IsHugePageResourceName(resourceName) { - limContainsHugePages = true - if err := validateResourceQuantityHugePageValue(resourceName, quantity, opts); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), err.Error())) - } - } - - if supportedQoSComputeResources.Has(string(resourceName)) { - limContainsCPUOrMemory = true - } - } - for resourceName, quantity := range requirements.Requests { - fldPath := reqPath.Key(string(resourceName)) - // Validate resource name. - allErrs = append(allErrs, validateContainerResourceName(string(resourceName), fldPath)...) - // Validate resource quantity. - allErrs = append(allErrs, ValidateResourceQuantityValue(string(resourceName), quantity, fldPath)...) - - // Check that request <= limit. - limitQuantity, exists := requirements.Limits[resourceName] - if exists { - // For non overcommitable resources, not only requests can't exceed limits, they also can't be lower, i.e. must be equal. - if quantity.Cmp(limitQuantity) != 0 && !helper.IsOvercommitAllowed(resourceName) { - allErrs = append(allErrs, field.Invalid(reqPath, quantity.String(), fmt.Sprintf("must be equal to %s limit", resourceName))) - } else if quantity.Cmp(limitQuantity) > 0 { - allErrs = append(allErrs, field.Invalid(reqPath, quantity.String(), fmt.Sprintf("must be less than or equal to %s limit", resourceName))) - } - } else if !helper.IsOvercommitAllowed(resourceName) { - allErrs = append(allErrs, field.Required(limPath, "Limit must be set for non overcommitable resources")) - } - if helper.IsHugePageResourceName(resourceName) { - reqContainsHugePages = true - if err := validateResourceQuantityHugePageValue(resourceName, quantity, opts); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), err.Error())) - } - } - if supportedQoSComputeResources.Has(string(resourceName)) { - reqContainsCPUOrMemory = true - } - - } - if !limContainsCPUOrMemory && !reqContainsCPUOrMemory && (reqContainsHugePages || limContainsHugePages) { - allErrs = append(allErrs, field.Forbidden(fldPath, "HugePages require cpu or memory")) - } - - allErrs = append(allErrs, validateResourceClaimNames(requirements.Claims, podClaimNames, fldPath.Child("claims"))...) - - return allErrs -} - -// validateResourceClaimNames checks that the names in -// ResourceRequirements.Claims have a corresponding entry in -// PodSpec.ResourceClaims. -func validateResourceClaimNames(claims []core.ResourceClaim, podClaimNames sets.String, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - names := sets.String{} - for i, claim := range claims { - name := claim.Name - if name == "" { - allErrs = append(allErrs, field.Required(fldPath.Index(i), "")) - } else { - if names.Has(name) { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i), name)) - } else { - names.Insert(name) - } - if !podClaimNames.Has(name) { - // field.NotFound doesn't accept an - // explanation. Adding one here is more - // user-friendly. - error := field.NotFound(fldPath.Index(i), name) - error.Detail = "must be one of the names in pod.spec.resourceClaims" - if len(podClaimNames) == 0 { - error.Detail += " which is empty" - } else { - error.Detail += ": " + strings.Join(podClaimNames.List(), ", ") - } - allErrs = append(allErrs, error) - } - } - } - return allErrs -} - -func validateResourceQuantityHugePageValue(name core.ResourceName, quantity resource.Quantity, opts PodValidationOptions) error { - if !helper.IsHugePageResourceName(name) { - return nil - } - - if !opts.AllowIndivisibleHugePagesValues && !helper.IsHugePageResourceValueDivisible(name, quantity) { - return fmt.Errorf("%s is not positive integer multiple of %s", quantity.String(), name) - } - - return nil -} - -// validateResourceQuotaScopes ensures that each enumerated hard resource constraint is valid for set of scopes -func validateResourceQuotaScopes(resourceQuotaSpec *core.ResourceQuotaSpec, fld *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(resourceQuotaSpec.Scopes) == 0 { - return allErrs - } - hardLimits := sets.NewString() - for k := range resourceQuotaSpec.Hard { - hardLimits.Insert(string(k)) - } - fldPath := fld.Child("scopes") - scopeSet := sets.NewString() - for _, scope := range resourceQuotaSpec.Scopes { - if !helper.IsStandardResourceQuotaScope(string(scope)) { - allErrs = append(allErrs, field.Invalid(fldPath, resourceQuotaSpec.Scopes, "unsupported scope")) - } - for _, k := range hardLimits.List() { - if helper.IsStandardQuotaResourceName(k) && !helper.IsResourceQuotaScopeValidForResource(scope, k) { - allErrs = append(allErrs, field.Invalid(fldPath, resourceQuotaSpec.Scopes, "unsupported scope applied to resource")) - } - } - scopeSet.Insert(string(scope)) - } - invalidScopePairs := []sets.String{ - sets.NewString(string(core.ResourceQuotaScopeBestEffort), string(core.ResourceQuotaScopeNotBestEffort)), - sets.NewString(string(core.ResourceQuotaScopeTerminating), string(core.ResourceQuotaScopeNotTerminating)), - } - for _, invalidScopePair := range invalidScopePairs { - if scopeSet.HasAll(invalidScopePair.List()...) { - allErrs = append(allErrs, field.Invalid(fldPath, resourceQuotaSpec.Scopes, "conflicting scopes")) - } - } - return allErrs -} - -// validateScopedResourceSelectorRequirement tests that the match expressions has valid data -func validateScopedResourceSelectorRequirement(resourceQuotaSpec *core.ResourceQuotaSpec, fld *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - hardLimits := sets.NewString() - for k := range resourceQuotaSpec.Hard { - hardLimits.Insert(string(k)) - } - fldPath := fld.Child("matchExpressions") - scopeSet := sets.NewString() - for _, req := range resourceQuotaSpec.ScopeSelector.MatchExpressions { - if !helper.IsStandardResourceQuotaScope(string(req.ScopeName)) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("scopeName"), req.ScopeName, "unsupported scope")) - } - for _, k := range hardLimits.List() { - if helper.IsStandardQuotaResourceName(k) && !helper.IsResourceQuotaScopeValidForResource(req.ScopeName, k) { - allErrs = append(allErrs, field.Invalid(fldPath, resourceQuotaSpec.ScopeSelector, "unsupported scope applied to resource")) - } - } - switch req.ScopeName { - case core.ResourceQuotaScopeBestEffort, core.ResourceQuotaScopeNotBestEffort, core.ResourceQuotaScopeTerminating, core.ResourceQuotaScopeNotTerminating, core.ResourceQuotaScopeCrossNamespacePodAffinity: - if req.Operator != core.ScopeSelectorOpExists { - allErrs = append(allErrs, field.Invalid(fldPath.Child("operator"), req.Operator, - "must be 'Exist' when scope is any of ResourceQuotaScopeTerminating, ResourceQuotaScopeNotTerminating, ResourceQuotaScopeBestEffort, ResourceQuotaScopeNotBestEffort or ResourceQuotaScopeCrossNamespacePodAffinity")) - } - } - - switch req.Operator { - case core.ScopeSelectorOpIn, core.ScopeSelectorOpNotIn: - if len(req.Values) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("values"), - "must be at least one value when `operator` is 'In' or 'NotIn' for scope selector")) - } - case core.ScopeSelectorOpExists, core.ScopeSelectorOpDoesNotExist: - if len(req.Values) != 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("values"), req.Values, - "must be no value when `operator` is 'Exist' or 'DoesNotExist' for scope selector")) - } - default: - allErrs = append(allErrs, field.Invalid(fldPath.Child("operator"), req.Operator, "not a valid selector operator")) - } - scopeSet.Insert(string(req.ScopeName)) - } - invalidScopePairs := []sets.String{ - sets.NewString(string(core.ResourceQuotaScopeBestEffort), string(core.ResourceQuotaScopeNotBestEffort)), - sets.NewString(string(core.ResourceQuotaScopeTerminating), string(core.ResourceQuotaScopeNotTerminating)), - } - for _, invalidScopePair := range invalidScopePairs { - if scopeSet.HasAll(invalidScopePair.List()...) { - allErrs = append(allErrs, field.Invalid(fldPath, resourceQuotaSpec.Scopes, "conflicting scopes")) - } - } - - return allErrs -} - -// validateScopeSelector tests that the specified scope selector has valid data -func validateScopeSelector(resourceQuotaSpec *core.ResourceQuotaSpec, fld *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if resourceQuotaSpec.ScopeSelector == nil { - return allErrs - } - allErrs = append(allErrs, validateScopedResourceSelectorRequirement(resourceQuotaSpec, fld.Child("scopeSelector"))...) - return allErrs -} - -// ValidateResourceQuota tests if required fields in the ResourceQuota are set. -func ValidateResourceQuota(resourceQuota *core.ResourceQuota) field.ErrorList { - allErrs := ValidateObjectMeta(&resourceQuota.ObjectMeta, true, ValidateResourceQuotaName, field.NewPath("metadata")) - - allErrs = append(allErrs, ValidateResourceQuotaSpec(&resourceQuota.Spec, field.NewPath("spec"))...) - allErrs = append(allErrs, ValidateResourceQuotaStatus(&resourceQuota.Status, field.NewPath("status"))...) - - return allErrs -} - -func ValidateResourceQuotaStatus(status *core.ResourceQuotaStatus, fld *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - fldPath := fld.Child("hard") - for k, v := range status.Hard { - resPath := fldPath.Key(string(k)) - allErrs = append(allErrs, ValidateResourceQuotaResourceName(string(k), resPath)...) - allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, resPath)...) - } - fldPath = fld.Child("used") - for k, v := range status.Used { - resPath := fldPath.Key(string(k)) - allErrs = append(allErrs, ValidateResourceQuotaResourceName(string(k), resPath)...) - allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, resPath)...) - } - - return allErrs -} - -func ValidateResourceQuotaSpec(resourceQuotaSpec *core.ResourceQuotaSpec, fld *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - fldPath := fld.Child("hard") - for k, v := range resourceQuotaSpec.Hard { - resPath := fldPath.Key(string(k)) - allErrs = append(allErrs, ValidateResourceQuotaResourceName(string(k), resPath)...) - allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, resPath)...) - } - - allErrs = append(allErrs, validateResourceQuotaScopes(resourceQuotaSpec, fld)...) - allErrs = append(allErrs, validateScopeSelector(resourceQuotaSpec, fld)...) - - return allErrs -} - -// ValidateResourceQuantityValue enforces that specified quantity is valid for specified resource -func ValidateResourceQuantityValue(resource string, value resource.Quantity, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, ValidateNonnegativeQuantity(value, fldPath)...) - if helper.IsIntegerResourceName(resource) { - if value.MilliValue()%int64(1000) != int64(0) { - allErrs = append(allErrs, field.Invalid(fldPath, value, isNotIntegerErrorMsg)) - } - } - return allErrs -} - -// ValidateResourceQuotaUpdate tests to see if the update is legal for an end user to make. -func ValidateResourceQuotaUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newResourceQuota.ObjectMeta, &oldResourceQuota.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateResourceQuotaSpec(&newResourceQuota.Spec, field.NewPath("spec"))...) - - // ensure scopes cannot change, and that resources are still valid for scope - fldPath := field.NewPath("spec", "scopes") - oldScopes := sets.NewString() - newScopes := sets.NewString() - for _, scope := range newResourceQuota.Spec.Scopes { - newScopes.Insert(string(scope)) - } - for _, scope := range oldResourceQuota.Spec.Scopes { - oldScopes.Insert(string(scope)) - } - if !oldScopes.Equal(newScopes) { - allErrs = append(allErrs, field.Invalid(fldPath, newResourceQuota.Spec.Scopes, fieldImmutableErrorMsg)) - } - - return allErrs -} - -// ValidateResourceQuotaStatusUpdate tests to see if the status update is legal for an end user to make. -func ValidateResourceQuotaStatusUpdate(newResourceQuota, oldResourceQuota *core.ResourceQuota) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newResourceQuota.ObjectMeta, &oldResourceQuota.ObjectMeta, field.NewPath("metadata")) - if len(newResourceQuota.ResourceVersion) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), "")) - } - fldPath := field.NewPath("status", "hard") - for k, v := range newResourceQuota.Status.Hard { - resPath := fldPath.Key(string(k)) - allErrs = append(allErrs, ValidateResourceQuotaResourceName(string(k), resPath)...) - allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, resPath)...) - } - fldPath = field.NewPath("status", "used") - for k, v := range newResourceQuota.Status.Used { - resPath := fldPath.Key(string(k)) - allErrs = append(allErrs, ValidateResourceQuotaResourceName(string(k), resPath)...) - allErrs = append(allErrs, ValidateResourceQuantityValue(string(k), v, resPath)...) - } - return allErrs -} - -// ValidateNamespace tests if required fields are set. -func ValidateNamespace(namespace *core.Namespace) field.ErrorList { - allErrs := ValidateObjectMeta(&namespace.ObjectMeta, false, ValidateNamespaceName, field.NewPath("metadata")) - for i := range namespace.Spec.Finalizers { - allErrs = append(allErrs, validateFinalizerName(string(namespace.Spec.Finalizers[i]), field.NewPath("spec", "finalizers"))...) - } - return allErrs -} - -// Validate finalizer names -func validateFinalizerName(stringValue string, fldPath *field.Path) field.ErrorList { - allErrs := apimachineryvalidation.ValidateFinalizerName(stringValue, fldPath) - allErrs = append(allErrs, validateKubeFinalizerName(stringValue, fldPath)...) - return allErrs -} - -// validateKubeFinalizerName checks for "standard" names of legacy finalizer -func validateKubeFinalizerName(stringValue string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(strings.Split(stringValue, "/")) == 1 { - if !helper.IsStandardFinalizerName(stringValue) { - return append(allErrs, field.Invalid(fldPath, stringValue, "name is neither a standard finalizer name nor is it fully qualified")) - } - } - - return allErrs -} - -// ValidateNamespaceUpdate tests to make sure a namespace update can be applied. -func ValidateNamespaceUpdate(newNamespace *core.Namespace, oldNamespace *core.Namespace) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newNamespace.ObjectMeta, &oldNamespace.ObjectMeta, field.NewPath("metadata")) - return allErrs -} - -// ValidateNamespaceStatusUpdate tests to see if the update is legal for an end user to make. -func ValidateNamespaceStatusUpdate(newNamespace, oldNamespace *core.Namespace) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newNamespace.ObjectMeta, &oldNamespace.ObjectMeta, field.NewPath("metadata")) - if newNamespace.DeletionTimestamp.IsZero() { - if newNamespace.Status.Phase != core.NamespaceActive { - allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be 'Active' if `deletionTimestamp` is empty")) - } - } else { - if newNamespace.Status.Phase != core.NamespaceTerminating { - allErrs = append(allErrs, field.Invalid(field.NewPath("status", "Phase"), newNamespace.Status.Phase, "may only be 'Terminating' if `deletionTimestamp` is not empty")) - } - } - return allErrs -} - -// ValidateNamespaceFinalizeUpdate tests to see if the update is legal for an end user to make. -func ValidateNamespaceFinalizeUpdate(newNamespace, oldNamespace *core.Namespace) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newNamespace.ObjectMeta, &oldNamespace.ObjectMeta, field.NewPath("metadata")) - - fldPath := field.NewPath("spec", "finalizers") - for i := range newNamespace.Spec.Finalizers { - idxPath := fldPath.Index(i) - allErrs = append(allErrs, validateFinalizerName(string(newNamespace.Spec.Finalizers[i]), idxPath)...) - } - return allErrs -} - -// ValidateEndpoints validates Endpoints on create and update. -func ValidateEndpoints(endpoints *core.Endpoints) field.ErrorList { - allErrs := ValidateObjectMeta(&endpoints.ObjectMeta, true, ValidateEndpointsName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateEndpointsSpecificAnnotations(endpoints.Annotations, field.NewPath("annotations"))...) - allErrs = append(allErrs, validateEndpointSubsets(endpoints.Subsets, field.NewPath("subsets"))...) - return allErrs -} - -// ValidateEndpointsCreate validates Endpoints on create. -func ValidateEndpointsCreate(endpoints *core.Endpoints) field.ErrorList { - return ValidateEndpoints(endpoints) -} - -// ValidateEndpointsUpdate validates Endpoints on update. NodeName changes are -// allowed during update to accommodate the case where nodeIP or PodCIDR is -// reused. An existing endpoint ip will have a different nodeName if this -// happens. -func ValidateEndpointsUpdate(newEndpoints, oldEndpoints *core.Endpoints) field.ErrorList { - allErrs := ValidateObjectMetaUpdate(&newEndpoints.ObjectMeta, &oldEndpoints.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateEndpoints(newEndpoints)...) - return allErrs -} - -func validateEndpointSubsets(subsets []core.EndpointSubset, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i := range subsets { - ss := &subsets[i] - idxPath := fldPath.Index(i) - - // EndpointSubsets must include endpoint address. For headless service, we allow its endpoints not to have ports. - if len(ss.Addresses) == 0 && len(ss.NotReadyAddresses) == 0 { - // TODO: consider adding a RequiredOneOf() error for this and similar cases - allErrs = append(allErrs, field.Required(idxPath, "must specify `addresses` or `notReadyAddresses`")) - } - for addr := range ss.Addresses { - allErrs = append(allErrs, validateEndpointAddress(&ss.Addresses[addr], idxPath.Child("addresses").Index(addr))...) - } - for addr := range ss.NotReadyAddresses { - allErrs = append(allErrs, validateEndpointAddress(&ss.NotReadyAddresses[addr], idxPath.Child("notReadyAddresses").Index(addr))...) - } - for port := range ss.Ports { - allErrs = append(allErrs, validateEndpointPort(&ss.Ports[port], len(ss.Ports) > 1, idxPath.Child("ports").Index(port))...) - } - } - - return allErrs -} - -func validateEndpointAddress(address *core.EndpointAddress, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range validation.IsValidIP(address.IP) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("ip"), address.IP, msg)) - } - if len(address.Hostname) > 0 { - allErrs = append(allErrs, ValidateDNS1123Label(address.Hostname, fldPath.Child("hostname"))...) - } - // During endpoint update, verify that NodeName is a DNS subdomain and transition rules allow the update - if address.NodeName != nil { - for _, msg := range ValidateNodeName(*address.NodeName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nodeName"), *address.NodeName, msg)) - } - } - allErrs = append(allErrs, ValidateNonSpecialIP(address.IP, fldPath.Child("ip"))...) - return allErrs -} - -// ValidateNonSpecialIP is used to validate Endpoints, EndpointSlices, and -// external IPs. Specifically, this disallows unspecified and loopback addresses -// are nonsensical and link-local addresses tend to be used for node-centric -// purposes (e.g. metadata service). -// -// IPv6 references -// - https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml -// - https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml -func ValidateNonSpecialIP(ipAddress string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - ip := netutils.ParseIPSloppy(ipAddress) - if ip == nil { - allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "must be a valid IP address")) - return allErrs - } - if ip.IsUnspecified() { - allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, fmt.Sprintf("may not be unspecified (%v)", ipAddress))) - } - if ip.IsLoopback() { - allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the loopback range (127.0.0.0/8, ::1/128)")) - } - if ip.IsLinkLocalUnicast() { - allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the link-local range (169.254.0.0/16, fe80::/10)")) - } - if ip.IsLinkLocalMulticast() { - allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "may not be in the link-local multicast range (224.0.0.0/24, ff02::/10)")) - } - return allErrs -} - -func validateEndpointPort(port *core.EndpointPort, requireName bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if requireName && len(port.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else if len(port.Name) != 0 { - allErrs = append(allErrs, ValidateDNS1123Label(port.Name, fldPath.Child("name"))...) - } - for _, msg := range validation.IsValidPortNum(int(port.Port)) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("port"), port.Port, msg)) - } - if len(port.Protocol) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("protocol"), "")) - } else if !supportedPortProtocols.Has(string(port.Protocol)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("protocol"), port.Protocol, supportedPortProtocols.List())) - } - if port.AppProtocol != nil { - allErrs = append(allErrs, ValidateQualifiedName(*port.AppProtocol, fldPath.Child("appProtocol"))...) - } - return allErrs -} - -// ValidateSecurityContext ensures the security context contains valid settings -func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - // this should only be true for testing since SecurityContext is defaulted by the core - if sc == nil { - return allErrs - } - - if sc.Privileged != nil { - if *sc.Privileged && !capabilities.Get().AllowPrivileged { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "disallowed by cluster policy")) - } - } - - if sc.RunAsUser != nil { - for _, msg := range validation.IsValidUserID(*sc.RunAsUser) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsUser"), *sc.RunAsUser, msg)) - } - } - - if sc.RunAsGroup != nil { - for _, msg := range validation.IsValidGroupID(*sc.RunAsGroup) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("runAsGroup"), *sc.RunAsGroup, msg)) - } - } - - if sc.ProcMount != nil { - if err := ValidateProcMountType(fldPath.Child("procMount"), *sc.ProcMount); err != nil { - allErrs = append(allErrs, err) - } - - } - allErrs = append(allErrs, validateSeccompProfileField(sc.SeccompProfile, fldPath.Child("seccompProfile"))...) - if sc.AllowPrivilegeEscalation != nil && !*sc.AllowPrivilegeEscalation { - if sc.Privileged != nil && *sc.Privileged { - allErrs = append(allErrs, field.Invalid(fldPath, sc, "cannot set `allowPrivilegeEscalation` to false and `privileged` to true")) - } - - if sc.Capabilities != nil { - for _, cap := range sc.Capabilities.Add { - if string(cap) == "CAP_SYS_ADMIN" { - allErrs = append(allErrs, field.Invalid(fldPath, sc, "cannot set `allowPrivilegeEscalation` to false and `capabilities.Add` CAP_SYS_ADMIN")) - } - } - } - } - - allErrs = append(allErrs, validateWindowsSecurityContextOptions(sc.WindowsOptions, fldPath.Child("windowsOptions"))...) - - return allErrs -} - -// maxGMSACredentialSpecLength is the max length, in bytes, for the actual contents -// of a GMSA cred spec. In general, those shouldn't be more than a few hundred bytes, -// so we want to give plenty of room here while still providing an upper bound. -// The runAsUserName field will be used to execute the given container's entrypoint, and -// it can be formatted as "DOMAIN/USER", where the DOMAIN is optional, maxRunAsUserNameDomainLength -// is the max character length for the user's DOMAIN, and maxRunAsUserNameUserLength -// is the max character length for the USER itself. Both the DOMAIN and USER have their -// own restrictions, and more information about them can be found here: -// https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and -// https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb726984(v=technet.10) -const ( - maxGMSACredentialSpecLengthInKiB = 64 - maxGMSACredentialSpecLength = maxGMSACredentialSpecLengthInKiB * 1024 - maxRunAsUserNameDomainLength = 256 - maxRunAsUserNameUserLength = 104 -) - -var ( - // control characters are not permitted in the runAsUserName field. - ctrlRegex = regexp.MustCompile(`[[:cntrl:]]+`) - - // a valid NetBios Domain name cannot start with a dot, has at least 1 character, - // at most 15 characters, and it cannot the characters: \ / : * ? " < > | - validNetBiosRegex = regexp.MustCompile(`^[^\\/:\*\?"<>|\.][^\\/:\*\?"<>|]{0,14}$`) - - // a valid DNS name contains only alphanumeric characters, dots, and dashes. - dnsLabelFormat = `[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?` - dnsSubdomainFormat = fmt.Sprintf(`^%s(?:\.%s)*$`, dnsLabelFormat, dnsLabelFormat) - validWindowsUserDomainDNSRegex = regexp.MustCompile(dnsSubdomainFormat) - - // a username is invalid if it contains the characters: " / \ [ ] : ; | = , + * ? < > @ - // or it contains only dots or spaces. - invalidUserNameCharsRegex = regexp.MustCompile(`["/\\:;|=,\+\*\?<>@\[\]]`) - invalidUserNameDotsSpacesRegex = regexp.MustCompile(`^[\. ]+$`) -) - -func validateWindowsSecurityContextOptions(windowsOptions *core.WindowsSecurityContextOptions, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if windowsOptions == nil { - return allErrs - } - - if windowsOptions.GMSACredentialSpecName != nil { - // gmsaCredentialSpecName must be the name of a custom resource - for _, msg := range validation.IsDNS1123Subdomain(*windowsOptions.GMSACredentialSpecName) { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("gmsaCredentialSpecName"), windowsOptions.GMSACredentialSpecName, msg)) - } - } - - if windowsOptions.GMSACredentialSpec != nil { - if l := len(*windowsOptions.GMSACredentialSpec); l == 0 { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("gmsaCredentialSpec"), windowsOptions.GMSACredentialSpec, "gmsaCredentialSpec cannot be an empty string")) - } else if l > maxGMSACredentialSpecLength { - errMsg := fmt.Sprintf("gmsaCredentialSpec size must be under %d KiB", maxGMSACredentialSpecLengthInKiB) - allErrs = append(allErrs, field.Invalid(fieldPath.Child("gmsaCredentialSpec"), windowsOptions.GMSACredentialSpec, errMsg)) - } - } - - if windowsOptions.RunAsUserName != nil { - if l := len(*windowsOptions.RunAsUserName); l == 0 { - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, "runAsUserName cannot be an empty string")) - } else if ctrlRegex.MatchString(*windowsOptions.RunAsUserName) { - errMsg := "runAsUserName cannot contain control characters" - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } else if parts := strings.Split(*windowsOptions.RunAsUserName, "\\"); len(parts) > 2 { - errMsg := "runAsUserName cannot contain more than one backslash" - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } else { - var ( - hasDomain = false - domain = "" - user string - ) - if len(parts) == 1 { - user = parts[0] - } else { - hasDomain = true - domain = parts[0] - user = parts[1] - } - - if len(domain) >= maxRunAsUserNameDomainLength { - errMsg := fmt.Sprintf("runAsUserName's Domain length must be under %d characters", maxRunAsUserNameDomainLength) - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } - - if hasDomain && !(validNetBiosRegex.MatchString(domain) || validWindowsUserDomainDNSRegex.MatchString(domain)) { - errMsg := "runAsUserName's Domain doesn't match the NetBios nor the DNS format" - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } - - if l := len(user); l == 0 { - errMsg := "runAsUserName's User cannot be empty" - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } else if l > maxRunAsUserNameUserLength { - errMsg := fmt.Sprintf("runAsUserName's User length must not be longer than %d characters", maxRunAsUserNameUserLength) - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } - - if invalidUserNameDotsSpacesRegex.MatchString(user) { - errMsg := `runAsUserName's User cannot contain only periods or spaces` - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } - - if invalidUserNameCharsRegex.MatchString(user) { - errMsg := `runAsUserName's User cannot contain the following characters: "/\:;|=,+*?<>@[]` - allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) - } - } - } - - return allErrs -} - -func validateWindowsHostProcessPod(podSpec *core.PodSpec, fieldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - // Keep track of container and hostProcess container count for validate - containerCount := 0 - hostProcessContainerCount := 0 - - var podHostProcess *bool - if podSpec.SecurityContext != nil && podSpec.SecurityContext.WindowsOptions != nil { - podHostProcess = podSpec.SecurityContext.WindowsOptions.HostProcess - } - - hostNetwork := false - if podSpec.SecurityContext != nil { - hostNetwork = podSpec.SecurityContext.HostNetwork - } - - podshelper.VisitContainersWithPath(podSpec, fieldPath, func(c *core.Container, cFieldPath *field.Path) bool { - containerCount++ - - var containerHostProcess *bool = nil - if c.SecurityContext != nil && c.SecurityContext.WindowsOptions != nil { - containerHostProcess = c.SecurityContext.WindowsOptions.HostProcess - } - - if podHostProcess != nil && containerHostProcess != nil && *podHostProcess != *containerHostProcess { - errMsg := fmt.Sprintf("pod hostProcess value must be identical if both are specified, was %v", *podHostProcess) - allErrs = append(allErrs, field.Invalid(cFieldPath.Child("securityContext", "windowsOptions", "hostProcess"), *containerHostProcess, errMsg)) - } - - switch { - case containerHostProcess != nil && *containerHostProcess: - // Container explicitly sets hostProcess=true - hostProcessContainerCount++ - case containerHostProcess == nil && podHostProcess != nil && *podHostProcess: - // Container inherits hostProcess=true from pod settings - hostProcessContainerCount++ - } - - return true - }) - - if hostProcessContainerCount > 0 { - // At present, if a Windows Pods contains any HostProcess containers than all containers must be - // HostProcess containers (explicitly set or inherited). - if hostProcessContainerCount != containerCount { - errMsg := "If pod contains any hostProcess containers then all containers must be HostProcess containers" - allErrs = append(allErrs, field.Invalid(fieldPath, "", errMsg)) - } - - // At present Windows Pods which contain HostProcess containers must also set HostNetwork. - if !hostNetwork { - errMsg := "hostNetwork must be true if pod contains any hostProcess containers" - allErrs = append(allErrs, field.Invalid(fieldPath.Child("hostNetwork"), hostNetwork, errMsg)) - } - - if !capabilities.Get().AllowPrivileged { - errMsg := "hostProcess containers are disallowed by cluster policy" - allErrs = append(allErrs, field.Forbidden(fieldPath, errMsg)) - } - } - - return allErrs -} - -// validateOS validates the OS field within pod spec -func validateOS(podSpec *core.PodSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - os := podSpec.OS - if os == nil { - return allErrs - } - if len(os.Name) == 0 { - return append(allErrs, field.Required(fldPath.Child("name"), "cannot be empty")) - } - osName := string(os.Name) - if !validOS.Has(osName) { - allErrs = append(allErrs, field.NotSupported(fldPath, osName, validOS.List())) - } - return allErrs -} - -func ValidatePodLogOptions(opts *core.PodLogOptions) field.ErrorList { - allErrs := field.ErrorList{} - if opts.TailLines != nil && *opts.TailLines < 0 { - allErrs = append(allErrs, field.Invalid(field.NewPath("tailLines"), *opts.TailLines, isNegativeErrorMsg)) - } - if opts.LimitBytes != nil && *opts.LimitBytes < 1 { - allErrs = append(allErrs, field.Invalid(field.NewPath("limitBytes"), *opts.LimitBytes, "must be greater than 0")) - } - switch { - case opts.SinceSeconds != nil && opts.SinceTime != nil: - allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "at most one of `sinceTime` or `sinceSeconds` may be specified")) - case opts.SinceSeconds != nil: - if *opts.SinceSeconds < 1 { - allErrs = append(allErrs, field.Invalid(field.NewPath("sinceSeconds"), *opts.SinceSeconds, "must be greater than 0")) - } - } - return allErrs -} - -// ValidateLoadBalancerStatus validates required fields on a LoadBalancerStatus -func ValidateLoadBalancerStatus(status *core.LoadBalancerStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i, ingress := range status.Ingress { - idxPath := fldPath.Child("ingress").Index(i) - if len(ingress.IP) > 0 { - if isIP := (netutils.ParseIPSloppy(ingress.IP) != nil); !isIP { - allErrs = append(allErrs, field.Invalid(idxPath.Child("ip"), ingress.IP, "must be a valid IP address")) - } - } - if len(ingress.Hostname) > 0 { - for _, msg := range validation.IsDNS1123Subdomain(ingress.Hostname) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("hostname"), ingress.Hostname, msg)) - } - if isIP := (netutils.ParseIPSloppy(ingress.Hostname) != nil); isIP { - allErrs = append(allErrs, field.Invalid(idxPath.Child("hostname"), ingress.Hostname, "must be a DNS name, not an IP address")) - } - } - } - return allErrs -} - -// validateVolumeNodeAffinity tests that the PersistentVolume.NodeAffinity has valid data -// returns: -// - true if volumeNodeAffinity is set -// - errorList if there are validation errors -func validateVolumeNodeAffinity(nodeAffinity *core.VolumeNodeAffinity, fldPath *field.Path) (bool, field.ErrorList) { - allErrs := field.ErrorList{} - - if nodeAffinity == nil { - return false, allErrs - } - - if nodeAffinity.Required != nil { - allErrs = append(allErrs, ValidateNodeSelector(nodeAffinity.Required, fldPath.Child("required"))...) - } else { - allErrs = append(allErrs, field.Required(fldPath.Child("required"), "must specify required node constraints")) - } - - return true, allErrs -} - -// ValidateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR -func ValidateCIDR(cidr string) (*net.IPNet, error) { - _, net, err := netutils.ParseCIDRSloppy(cidr) - if err != nil { - return nil, err - } - return net, nil -} - -func IsDecremented(update, old *int32) bool { - if update == nil && old != nil { - return true - } - if update == nil || old == nil { - return false - } - return *update < *old -} - -// ValidateProcMountType tests that the argument is a valid ProcMountType. -func ValidateProcMountType(fldPath *field.Path, procMountType core.ProcMountType) *field.Error { - switch procMountType { - case core.DefaultProcMount, core.UnmaskedProcMount: - return nil - default: - return field.NotSupported(fldPath, procMountType, []string{string(core.DefaultProcMount), string(core.UnmaskedProcMount)}) - } -} - -var ( - supportedScheduleActions = sets.NewString(string(core.DoNotSchedule), string(core.ScheduleAnyway)) -) - -// validateTopologySpreadConstraints validates given TopologySpreadConstraints. -func validateTopologySpreadConstraints(constraints []core.TopologySpreadConstraint, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - for i, constraint := range constraints { - subFldPath := fldPath.Index(i) - if err := ValidateMaxSkew(subFldPath.Child("maxSkew"), constraint.MaxSkew); err != nil { - allErrs = append(allErrs, err) - } - if err := ValidateTopologyKey(subFldPath.Child("topologyKey"), constraint.TopologyKey); err != nil { - allErrs = append(allErrs, err) - } - if err := ValidateWhenUnsatisfiable(subFldPath.Child("whenUnsatisfiable"), constraint.WhenUnsatisfiable); err != nil { - allErrs = append(allErrs, err) - } - // tuple {topologyKey, whenUnsatisfiable} denotes one kind of spread constraint - if err := ValidateSpreadConstraintNotRepeat(subFldPath.Child("{topologyKey, whenUnsatisfiable}"), constraint, constraints[i+1:]); err != nil { - allErrs = append(allErrs, err) - } - allErrs = append(allErrs, validateMinDomains(subFldPath.Child("minDomains"), constraint.MinDomains, constraint.WhenUnsatisfiable)...) - if err := validateNodeInclusionPolicy(subFldPath.Child("nodeAffinityPolicy"), constraint.NodeAffinityPolicy); err != nil { - allErrs = append(allErrs, err) - } - if err := validateNodeInclusionPolicy(subFldPath.Child("nodeTaintsPolicy"), constraint.NodeTaintsPolicy); err != nil { - allErrs = append(allErrs, err) - } - allErrs = append(allErrs, validateMatchLabelKeys(subFldPath.Child("matchLabelKeys"), constraint.MatchLabelKeys, constraint.LabelSelector)...) - } - - return allErrs -} - -// ValidateMaxSkew tests that the argument is a valid MaxSkew. -func ValidateMaxSkew(fldPath *field.Path, maxSkew int32) *field.Error { - if maxSkew <= 0 { - return field.Invalid(fldPath, maxSkew, isNotPositiveErrorMsg) - } - return nil -} - -// validateMinDomains tests that the argument is a valid MinDomains. -func validateMinDomains(fldPath *field.Path, minDomains *int32, action core.UnsatisfiableConstraintAction) field.ErrorList { - if minDomains == nil { - return nil - } - var allErrs field.ErrorList - if *minDomains <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath, minDomains, isNotPositiveErrorMsg)) - } - // When MinDomains is non-nil, whenUnsatisfiable must be DoNotSchedule. - if action != core.DoNotSchedule { - allErrs = append(allErrs, field.Invalid(fldPath, minDomains, fmt.Sprintf("can only use minDomains if whenUnsatisfiable=%s, not %s", string(core.DoNotSchedule), string(action)))) - } - return allErrs -} - -// ValidateTopologyKey tests that the argument is a valid TopologyKey. -func ValidateTopologyKey(fldPath *field.Path, topologyKey string) *field.Error { - if len(topologyKey) == 0 { - return field.Required(fldPath, "can not be empty") - } - return nil -} - -// ValidateWhenUnsatisfiable tests that the argument is a valid UnsatisfiableConstraintAction. -func ValidateWhenUnsatisfiable(fldPath *field.Path, action core.UnsatisfiableConstraintAction) *field.Error { - if !supportedScheduleActions.Has(string(action)) { - return field.NotSupported(fldPath, action, supportedScheduleActions.List()) - } - return nil -} - -// ValidateSpreadConstraintNotRepeat tests that if `constraint` duplicates with `existingConstraintPairs` -// on TopologyKey and WhenUnsatisfiable fields. -func ValidateSpreadConstraintNotRepeat(fldPath *field.Path, constraint core.TopologySpreadConstraint, restingConstraints []core.TopologySpreadConstraint) *field.Error { - for _, restingConstraint := range restingConstraints { - if constraint.TopologyKey == restingConstraint.TopologyKey && - constraint.WhenUnsatisfiable == restingConstraint.WhenUnsatisfiable { - return field.Duplicate(fldPath, fmt.Sprintf("{%v, %v}", constraint.TopologyKey, constraint.WhenUnsatisfiable)) - } - } - return nil -} - -var ( - supportedPodTopologySpreadNodePolicies = sets.NewString(string(core.NodeInclusionPolicyIgnore), string(core.NodeInclusionPolicyHonor)) -) - -// validateNodeAffinityPolicy tests that the argument is a valid NodeInclusionPolicy. -func validateNodeInclusionPolicy(fldPath *field.Path, policy *core.NodeInclusionPolicy) *field.Error { - if policy == nil { - return nil - } - - if !supportedPodTopologySpreadNodePolicies.Has(string(*policy)) { - return field.NotSupported(fldPath, policy, supportedPodTopologySpreadNodePolicies.List()) - } - return nil -} - -// validateMatchLabelKeys tests that the elements are a valid label name and are not already included in labelSelector. -func validateMatchLabelKeys(fldPath *field.Path, matchLabelKeys []string, labelSelector *metav1.LabelSelector) field.ErrorList { - if len(matchLabelKeys) == 0 { - return nil - } - - labelSelectorKeys := sets.String{} - if labelSelector != nil { - for key := range labelSelector.MatchLabels { - labelSelectorKeys.Insert(key) - } - for _, matchExpression := range labelSelector.MatchExpressions { - labelSelectorKeys.Insert(matchExpression.Key) - } - } - - allErrs := field.ErrorList{} - for i, key := range matchLabelKeys { - allErrs = append(allErrs, unversionedvalidation.ValidateLabelName(key, fldPath.Index(i))...) - if labelSelectorKeys.Has(key) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i), key, "exists in both matchLabelKeys and labelSelector")) - } - } - - return allErrs -} - -// ValidateServiceClusterIPsRelatedFields validates .spec.ClusterIPs,, -// .spec.IPFamilies, .spec.ipFamilyPolicy. This is exported because it is used -// during IP init and allocation. -func ValidateServiceClusterIPsRelatedFields(service *core.Service) field.ErrorList { - // ClusterIP, ClusterIPs, IPFamilyPolicy and IPFamilies are validated prior (all must be unset) for ExternalName service - if service.Spec.Type == core.ServiceTypeExternalName { - return field.ErrorList{} - } - - allErrs := field.ErrorList{} - hasInvalidIPs := false - - specPath := field.NewPath("spec") - clusterIPsField := specPath.Child("clusterIPs") - ipFamiliesField := specPath.Child("ipFamilies") - ipFamilyPolicyField := specPath.Child("ipFamilyPolicy") - - // Make sure ClusterIP and ClusterIPs are synced. For most cases users can - // just manage one or the other and we'll handle the rest (see PrepareFor* - // in strategy). - if len(service.Spec.ClusterIP) != 0 { - // If ClusterIP is set, ClusterIPs[0] must match. - if len(service.Spec.ClusterIPs) == 0 { - allErrs = append(allErrs, field.Required(clusterIPsField, "")) - } else if service.Spec.ClusterIPs[0] != service.Spec.ClusterIP { - allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "first value must match `clusterIP`")) - } - } else { // ClusterIP == "" - // If ClusterIP is not set, ClusterIPs must also be unset. - if len(service.Spec.ClusterIPs) != 0 { - allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "must be empty when `clusterIP` is not specified")) - } - } - - // ipfamilies stand alone validation - // must be either IPv4 or IPv6 - seen := sets.String{} - for i, ipFamily := range service.Spec.IPFamilies { - if !supportedServiceIPFamily.Has(string(ipFamily)) { - allErrs = append(allErrs, field.NotSupported(ipFamiliesField.Index(i), ipFamily, supportedServiceIPFamily.List())) - } - // no duplicate check also ensures that ipfamilies is dualstacked, in any order - if seen.Has(string(ipFamily)) { - allErrs = append(allErrs, field.Duplicate(ipFamiliesField.Index(i), ipFamily)) - } - seen.Insert(string(ipFamily)) - } - - // IPFamilyPolicy stand alone validation - // note: nil is ok, defaulted in alloc check registry/core/service/* - if service.Spec.IPFamilyPolicy != nil { - // must have a supported value - if !supportedServiceIPFamilyPolicy.Has(string(*(service.Spec.IPFamilyPolicy))) { - allErrs = append(allErrs, field.NotSupported(ipFamilyPolicyField, service.Spec.IPFamilyPolicy, supportedServiceIPFamilyPolicy.List())) - } - } - - // clusterIPs stand alone validation - // valid ips with None and empty string handling - // duplication check is done as part of DualStackvalidation below - for i, clusterIP := range service.Spec.ClusterIPs { - // valid at first location only. if and only if len(clusterIPs) == 1 - if i == 0 && clusterIP == core.ClusterIPNone { - if len(service.Spec.ClusterIPs) > 1 { - hasInvalidIPs = true - allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "'None' must be the first and only value")) - } - continue - } - - // is it valid ip? - errorMessages := validation.IsValidIP(clusterIP) - hasInvalidIPs = (len(errorMessages) != 0) || hasInvalidIPs - for _, msg := range errorMessages { - allErrs = append(allErrs, field.Invalid(clusterIPsField.Index(i), clusterIP, msg)) - } - } - - // max two - if len(service.Spec.ClusterIPs) > 2 { - allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "may only hold up to 2 values")) - } - - // at this stage if there is an invalid ip or misplaced none/empty string - // it will skew the error messages (bad index || dualstackness of already bad ips). so we - // stop here if there are errors in clusterIPs validation - if hasInvalidIPs { - return allErrs - } - - // must be dual stacked ips if they are more than one ip - if len(service.Spec.ClusterIPs) > 1 /* meaning: it does not have a None or empty string */ { - dualStack, err := netutils.IsDualStackIPStrings(service.Spec.ClusterIPs) - if err != nil { // though we check for that earlier. safe > sorry - allErrs = append(allErrs, field.InternalError(clusterIPsField, fmt.Errorf("failed to check for dual stack with error:%v", err))) - } - - // We only support one from each IP family (i.e. max two IPs in this list). - if !dualStack { - allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "may specify no more than one IP for each IP family")) - } - } - - // match clusterIPs to their families, if they were provided - if !isHeadlessService(service) && len(service.Spec.ClusterIPs) > 0 && len(service.Spec.IPFamilies) > 0 { - for i, ip := range service.Spec.ClusterIPs { - if i > (len(service.Spec.IPFamilies) - 1) { - break // no more families to check - } - - // 4=>6 - if service.Spec.IPFamilies[i] == core.IPv4Protocol && netutils.IsIPv6String(ip) { - allErrs = append(allErrs, field.Invalid(clusterIPsField.Index(i), ip, fmt.Sprintf("expected an IPv4 value as indicated by `ipFamilies[%v]`", i))) - } - // 6=>4 - if service.Spec.IPFamilies[i] == core.IPv6Protocol && !netutils.IsIPv6String(ip) { - allErrs = append(allErrs, field.Invalid(clusterIPsField.Index(i), ip, fmt.Sprintf("expected an IPv6 value as indicated by `ipFamilies[%v]`", i))) - } - } - } - - return allErrs -} - -// specific validation for clusterIPs in cases of user upgrading or downgrading to/from dualstack -func validateUpgradeDowngradeClusterIPs(oldService, service *core.Service) field.ErrorList { - allErrs := make(field.ErrorList, 0) - - // bail out early for ExternalName - if service.Spec.Type == core.ServiceTypeExternalName || oldService.Spec.Type == core.ServiceTypeExternalName { - return allErrs - } - newIsHeadless := isHeadlessService(service) - oldIsHeadless := isHeadlessService(oldService) - - if oldIsHeadless && newIsHeadless { - return allErrs - } - - switch { - // no change in ClusterIP lengths - // compare each - case len(oldService.Spec.ClusterIPs) == len(service.Spec.ClusterIPs): - for i, ip := range oldService.Spec.ClusterIPs { - if ip != service.Spec.ClusterIPs[i] { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "clusterIPs").Index(i), service.Spec.ClusterIPs, "may not change once set")) - } - } - - // something has been released (downgraded) - case len(oldService.Spec.ClusterIPs) > len(service.Spec.ClusterIPs): - // primary ClusterIP has been released - if len(service.Spec.ClusterIPs) == 0 { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "clusterIPs").Index(0), service.Spec.ClusterIPs, "primary clusterIP can not be unset")) - } - - // test if primary clusterIP has changed - if len(oldService.Spec.ClusterIPs) > 0 && - len(service.Spec.ClusterIPs) > 0 && - service.Spec.ClusterIPs[0] != oldService.Spec.ClusterIPs[0] { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "clusterIPs").Index(0), service.Spec.ClusterIPs, "may not change once set")) - } - - // test if secondary ClusterIP has been released. has this service been downgraded correctly? - // user *must* set IPFamilyPolicy == SingleStack - if len(service.Spec.ClusterIPs) == 1 { - if service.Spec.IPFamilyPolicy == nil || *(service.Spec.IPFamilyPolicy) != core.IPFamilyPolicySingleStack { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, "must be set to 'SingleStack' when releasing the secondary clusterIP")) - } - } - case len(oldService.Spec.ClusterIPs) < len(service.Spec.ClusterIPs): - // something has been added (upgraded) - // test if primary clusterIP has changed - if len(oldService.Spec.ClusterIPs) > 0 && - service.Spec.ClusterIPs[0] != oldService.Spec.ClusterIPs[0] { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "clusterIPs").Index(0), service.Spec.ClusterIPs, "may not change once set")) - } - // we don't check for Policy == RequireDualStack here since, Validation/Creation func takes care of it - } - return allErrs -} - -// specific validation for ipFamilies in cases of user upgrading or downgrading to/from dualstack -func validateUpgradeDowngradeIPFamilies(oldService, service *core.Service) field.ErrorList { - allErrs := make(field.ErrorList, 0) - // bail out early for ExternalName - if service.Spec.Type == core.ServiceTypeExternalName || oldService.Spec.Type == core.ServiceTypeExternalName { - return allErrs - } - - oldIsHeadless := isHeadlessService(oldService) - newIsHeadless := isHeadlessService(service) - - // if changed to/from headless, then bail out - if newIsHeadless != oldIsHeadless { - return allErrs - } - // headless can change families - if newIsHeadless { - return allErrs - } - - switch { - case len(oldService.Spec.IPFamilies) == len(service.Spec.IPFamilies): - // no change in ClusterIP lengths - // compare each - - for i, ip := range oldService.Spec.IPFamilies { - if ip != service.Spec.IPFamilies[i] { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilies").Index(0), service.Spec.IPFamilies, "may not change once set")) - } - } - - case len(oldService.Spec.IPFamilies) > len(service.Spec.IPFamilies): - // something has been released (downgraded) - - // test if primary ipfamily has been released - if len(service.Spec.ClusterIPs) == 0 { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilies").Index(0), service.Spec.IPFamilies, "primary ipFamily can not be unset")) - } - - // test if primary ipFamily has changed - if len(service.Spec.IPFamilies) > 0 && - service.Spec.IPFamilies[0] != oldService.Spec.IPFamilies[0] { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilies").Index(0), service.Spec.ClusterIPs, "may not change once set")) - } - - // test if secondary IPFamily has been released. has this service been downgraded correctly? - // user *must* set IPFamilyPolicy == SingleStack - if len(service.Spec.IPFamilies) == 1 { - if service.Spec.IPFamilyPolicy == nil || *(service.Spec.IPFamilyPolicy) != core.IPFamilyPolicySingleStack { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, "must be set to 'SingleStack' when releasing the secondary ipFamily")) - } - } - case len(oldService.Spec.IPFamilies) < len(service.Spec.IPFamilies): - // something has been added (upgraded) - - // test if primary ipFamily has changed - if len(oldService.Spec.IPFamilies) > 0 && - len(service.Spec.IPFamilies) > 0 && - service.Spec.IPFamilies[0] != oldService.Spec.IPFamilies[0] { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilies").Index(0), service.Spec.ClusterIPs, "may not change once set")) - } - // we don't check for Policy == RequireDualStack here since, Validation/Creation func takes care of it - } - return allErrs -} - -func isHeadlessService(service *core.Service) bool { - return service != nil && - len(service.Spec.ClusterIPs) == 1 && - service.Spec.ClusterIPs[0] == core.ClusterIPNone -} - -// validateLoadBalancerClassField validation for loadBalancerClass -func validateLoadBalancerClassField(oldService, service *core.Service) field.ErrorList { - allErrs := make(field.ErrorList, 0) - if oldService != nil { - // validate update op - if isTypeLoadBalancer(oldService) && isTypeLoadBalancer(service) { - // old and new are both LoadBalancer - if !sameLoadBalancerClass(oldService, service) { - // can't change loadBalancerClass - allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "loadBalancerClass"), service.Spec.LoadBalancerClass, "may not change once set")) - } - } - } - - if isTypeLoadBalancer(service) { - // check LoadBalancerClass format - if service.Spec.LoadBalancerClass != nil { - allErrs = append(allErrs, ValidateQualifiedName(*service.Spec.LoadBalancerClass, field.NewPath("spec", "loadBalancerClass"))...) - } - } else { - // check if LoadBalancerClass set for non LoadBalancer type of service - if service.Spec.LoadBalancerClass != nil { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "loadBalancerClass"), "may only be used when `type` is 'LoadBalancer'")) - } - } - return allErrs -} - -// isTypeLoadBalancer tests service type is loadBalancer or not -func isTypeLoadBalancer(service *core.Service) bool { - return service.Spec.Type == core.ServiceTypeLoadBalancer -} - -// sameLoadBalancerClass check two services have the same loadBalancerClass or not -func sameLoadBalancerClass(oldService, service *core.Service) bool { - if oldService.Spec.LoadBalancerClass == nil && service.Spec.LoadBalancerClass == nil { - return true - } - if oldService.Spec.LoadBalancerClass == nil || service.Spec.LoadBalancerClass == nil { - return false - } - return *oldService.Spec.LoadBalancerClass == *service.Spec.LoadBalancerClass -} - -func ValidatePodAffinityTermSelector(podAffinityTerm core.PodAffinityTerm, allowInvalidLabelValueInSelector bool, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - labelSelectorValidationOptions := unversionedvalidation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: allowInvalidLabelValueInSelector} - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(podAffinityTerm.LabelSelector, labelSelectorValidationOptions, fldPath.Child("labelSelector"))...) - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(podAffinityTerm.NamespaceSelector, labelSelectorValidationOptions, fldPath.Child("namespaceSelector"))...) - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/zz_generated.deepcopy.go deleted file mode 100644 index 857843371a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/core/zz_generated.deepcopy.go +++ /dev/null @@ -1,6153 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package core - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AWSElasticBlockStoreVolumeSource) DeepCopyInto(out *AWSElasticBlockStoreVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSElasticBlockStoreVolumeSource. -func (in *AWSElasticBlockStoreVolumeSource) DeepCopy() *AWSElasticBlockStoreVolumeSource { - if in == nil { - return nil - } - out := new(AWSElasticBlockStoreVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Affinity) DeepCopyInto(out *Affinity) { - *out = *in - if in.NodeAffinity != nil { - in, out := &in.NodeAffinity, &out.NodeAffinity - *out = new(NodeAffinity) - (*in).DeepCopyInto(*out) - } - if in.PodAffinity != nil { - in, out := &in.PodAffinity, &out.PodAffinity - *out = new(PodAffinity) - (*in).DeepCopyInto(*out) - } - if in.PodAntiAffinity != nil { - in, out := &in.PodAntiAffinity, &out.PodAntiAffinity - *out = new(PodAntiAffinity) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Affinity. -func (in *Affinity) DeepCopy() *Affinity { - if in == nil { - return nil - } - out := new(Affinity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AttachedVolume) DeepCopyInto(out *AttachedVolume) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachedVolume. -func (in *AttachedVolume) DeepCopy() *AttachedVolume { - if in == nil { - return nil - } - out := new(AttachedVolume) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AvoidPods) DeepCopyInto(out *AvoidPods) { - *out = *in - if in.PreferAvoidPods != nil { - in, out := &in.PreferAvoidPods, &out.PreferAvoidPods - *out = make([]PreferAvoidPodsEntry, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvoidPods. -func (in *AvoidPods) DeepCopy() *AvoidPods { - if in == nil { - return nil - } - out := new(AvoidPods) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AzureDiskVolumeSource) DeepCopyInto(out *AzureDiskVolumeSource) { - *out = *in - if in.CachingMode != nil { - in, out := &in.CachingMode, &out.CachingMode - *out = new(AzureDataDiskCachingMode) - **out = **in - } - if in.FSType != nil { - in, out := &in.FSType, &out.FSType - *out = new(string) - **out = **in - } - if in.ReadOnly != nil { - in, out := &in.ReadOnly, &out.ReadOnly - *out = new(bool) - **out = **in - } - if in.Kind != nil { - in, out := &in.Kind, &out.Kind - *out = new(AzureDataDiskKind) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureDiskVolumeSource. -func (in *AzureDiskVolumeSource) DeepCopy() *AzureDiskVolumeSource { - if in == nil { - return nil - } - out := new(AzureDiskVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AzureFilePersistentVolumeSource) DeepCopyInto(out *AzureFilePersistentVolumeSource) { - *out = *in - if in.SecretNamespace != nil { - in, out := &in.SecretNamespace, &out.SecretNamespace - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFilePersistentVolumeSource. -func (in *AzureFilePersistentVolumeSource) DeepCopy() *AzureFilePersistentVolumeSource { - if in == nil { - return nil - } - out := new(AzureFilePersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AzureFileVolumeSource) DeepCopyInto(out *AzureFileVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFileVolumeSource. -func (in *AzureFileVolumeSource) DeepCopy() *AzureFileVolumeSource { - if in == nil { - return nil - } - out := new(AzureFileVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Binding) DeepCopyInto(out *Binding) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Target = in.Target - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Binding. -func (in *Binding) DeepCopy() *Binding { - if in == nil { - return nil - } - out := new(Binding) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Binding) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIPersistentVolumeSource) DeepCopyInto(out *CSIPersistentVolumeSource) { - *out = *in - if in.VolumeAttributes != nil { - in, out := &in.VolumeAttributes, &out.VolumeAttributes - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.ControllerPublishSecretRef != nil { - in, out := &in.ControllerPublishSecretRef, &out.ControllerPublishSecretRef - *out = new(SecretReference) - **out = **in - } - if in.NodeStageSecretRef != nil { - in, out := &in.NodeStageSecretRef, &out.NodeStageSecretRef - *out = new(SecretReference) - **out = **in - } - if in.NodePublishSecretRef != nil { - in, out := &in.NodePublishSecretRef, &out.NodePublishSecretRef - *out = new(SecretReference) - **out = **in - } - if in.ControllerExpandSecretRef != nil { - in, out := &in.ControllerExpandSecretRef, &out.ControllerExpandSecretRef - *out = new(SecretReference) - **out = **in - } - if in.NodeExpandSecretRef != nil { - in, out := &in.NodeExpandSecretRef, &out.NodeExpandSecretRef - *out = new(SecretReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIPersistentVolumeSource. -func (in *CSIPersistentVolumeSource) DeepCopy() *CSIPersistentVolumeSource { - if in == nil { - return nil - } - out := new(CSIPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIVolumeSource) DeepCopyInto(out *CSIVolumeSource) { - *out = *in - if in.ReadOnly != nil { - in, out := &in.ReadOnly, &out.ReadOnly - *out = new(bool) - **out = **in - } - if in.FSType != nil { - in, out := &in.FSType, &out.FSType - *out = new(string) - **out = **in - } - if in.VolumeAttributes != nil { - in, out := &in.VolumeAttributes, &out.VolumeAttributes - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.NodePublishSecretRef != nil { - in, out := &in.NodePublishSecretRef, &out.NodePublishSecretRef - *out = new(LocalObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIVolumeSource. -func (in *CSIVolumeSource) DeepCopy() *CSIVolumeSource { - if in == nil { - return nil - } - out := new(CSIVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Capabilities) DeepCopyInto(out *Capabilities) { - *out = *in - if in.Add != nil { - in, out := &in.Add, &out.Add - *out = make([]Capability, len(*in)) - copy(*out, *in) - } - if in.Drop != nil { - in, out := &in.Drop, &out.Drop - *out = make([]Capability, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Capabilities. -func (in *Capabilities) DeepCopy() *Capabilities { - if in == nil { - return nil - } - out := new(Capabilities) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CephFSPersistentVolumeSource) DeepCopyInto(out *CephFSPersistentVolumeSource) { - *out = *in - if in.Monitors != nil { - in, out := &in.Monitors, &out.Monitors - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CephFSPersistentVolumeSource. -func (in *CephFSPersistentVolumeSource) DeepCopy() *CephFSPersistentVolumeSource { - if in == nil { - return nil - } - out := new(CephFSPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CephFSVolumeSource) DeepCopyInto(out *CephFSVolumeSource) { - *out = *in - if in.Monitors != nil { - in, out := &in.Monitors, &out.Monitors - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(LocalObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CephFSVolumeSource. -func (in *CephFSVolumeSource) DeepCopy() *CephFSVolumeSource { - if in == nil { - return nil - } - out := new(CephFSVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CinderPersistentVolumeSource) DeepCopyInto(out *CinderPersistentVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CinderPersistentVolumeSource. -func (in *CinderPersistentVolumeSource) DeepCopy() *CinderPersistentVolumeSource { - if in == nil { - return nil - } - out := new(CinderPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CinderVolumeSource) DeepCopyInto(out *CinderVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(LocalObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CinderVolumeSource. -func (in *CinderVolumeSource) DeepCopy() *CinderVolumeSource { - if in == nil { - return nil - } - out := new(CinderVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClaimSource) DeepCopyInto(out *ClaimSource) { - *out = *in - if in.ResourceClaimName != nil { - in, out := &in.ResourceClaimName, &out.ResourceClaimName - *out = new(string) - **out = **in - } - if in.ResourceClaimTemplateName != nil { - in, out := &in.ResourceClaimTemplateName, &out.ResourceClaimTemplateName - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimSource. -func (in *ClaimSource) DeepCopy() *ClaimSource { - if in == nil { - return nil - } - out := new(ClaimSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClientIPConfig) DeepCopyInto(out *ClientIPConfig) { - *out = *in - if in.TimeoutSeconds != nil { - in, out := &in.TimeoutSeconds, &out.TimeoutSeconds - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientIPConfig. -func (in *ClientIPConfig) DeepCopy() *ClientIPConfig { - if in == nil { - return nil - } - out := new(ClientIPConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ComponentCondition) DeepCopyInto(out *ComponentCondition) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentCondition. -func (in *ComponentCondition) DeepCopy() *ComponentCondition { - if in == nil { - return nil - } - out := new(ComponentCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ComponentStatus) DeepCopyInto(out *ComponentStatus) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]ComponentCondition, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentStatus. -func (in *ComponentStatus) DeepCopy() *ComponentStatus { - if in == nil { - return nil - } - out := new(ComponentStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ComponentStatus) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ComponentStatusList) DeepCopyInto(out *ComponentStatusList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ComponentStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentStatusList. -func (in *ComponentStatusList) DeepCopy() *ComponentStatusList { - if in == nil { - return nil - } - out := new(ComponentStatusList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ComponentStatusList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMap) DeepCopyInto(out *ConfigMap) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Immutable != nil { - in, out := &in.Immutable, &out.Immutable - *out = new(bool) - **out = **in - } - if in.Data != nil { - in, out := &in.Data, &out.Data - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.BinaryData != nil { - in, out := &in.BinaryData, &out.BinaryData - *out = make(map[string][]byte, len(*in)) - for key, val := range *in { - var outVal []byte - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make([]byte, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMap. -func (in *ConfigMap) DeepCopy() *ConfigMap { - if in == nil { - return nil - } - out := new(ConfigMap) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ConfigMap) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapEnvSource) DeepCopyInto(out *ConfigMapEnvSource) { - *out = *in - out.LocalObjectReference = in.LocalObjectReference - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapEnvSource. -func (in *ConfigMapEnvSource) DeepCopy() *ConfigMapEnvSource { - if in == nil { - return nil - } - out := new(ConfigMapEnvSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapKeySelector) DeepCopyInto(out *ConfigMapKeySelector) { - *out = *in - out.LocalObjectReference = in.LocalObjectReference - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapKeySelector. -func (in *ConfigMapKeySelector) DeepCopy() *ConfigMapKeySelector { - if in == nil { - return nil - } - out := new(ConfigMapKeySelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapList) DeepCopyInto(out *ConfigMapList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ConfigMap, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapList. -func (in *ConfigMapList) DeepCopy() *ConfigMapList { - if in == nil { - return nil - } - out := new(ConfigMapList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ConfigMapList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapNodeConfigSource) DeepCopyInto(out *ConfigMapNodeConfigSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapNodeConfigSource. -func (in *ConfigMapNodeConfigSource) DeepCopy() *ConfigMapNodeConfigSource { - if in == nil { - return nil - } - out := new(ConfigMapNodeConfigSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapProjection) DeepCopyInto(out *ConfigMapProjection) { - *out = *in - out.LocalObjectReference = in.LocalObjectReference - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]KeyToPath, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapProjection. -func (in *ConfigMapProjection) DeepCopy() *ConfigMapProjection { - if in == nil { - return nil - } - out := new(ConfigMapProjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapVolumeSource) DeepCopyInto(out *ConfigMapVolumeSource) { - *out = *in - out.LocalObjectReference = in.LocalObjectReference - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]KeyToPath, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.DefaultMode != nil { - in, out := &in.DefaultMode, &out.DefaultMode - *out = new(int32) - **out = **in - } - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapVolumeSource. -func (in *ConfigMapVolumeSource) DeepCopy() *ConfigMapVolumeSource { - if in == nil { - return nil - } - out := new(ConfigMapVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Container) DeepCopyInto(out *Container) { - *out = *in - if in.Command != nil { - in, out := &in.Command, &out.Command - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Args != nil { - in, out := &in.Args, &out.Args - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]ContainerPort, len(*in)) - copy(*out, *in) - } - if in.EnvFrom != nil { - in, out := &in.EnvFrom, &out.EnvFrom - *out = make([]EnvFromSource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]EnvVar, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - in.Resources.DeepCopyInto(&out.Resources) - if in.VolumeMounts != nil { - in, out := &in.VolumeMounts, &out.VolumeMounts - *out = make([]VolumeMount, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.VolumeDevices != nil { - in, out := &in.VolumeDevices, &out.VolumeDevices - *out = make([]VolumeDevice, len(*in)) - copy(*out, *in) - } - if in.LivenessProbe != nil { - in, out := &in.LivenessProbe, &out.LivenessProbe - *out = new(Probe) - (*in).DeepCopyInto(*out) - } - if in.ReadinessProbe != nil { - in, out := &in.ReadinessProbe, &out.ReadinessProbe - *out = new(Probe) - (*in).DeepCopyInto(*out) - } - if in.StartupProbe != nil { - in, out := &in.StartupProbe, &out.StartupProbe - *out = new(Probe) - (*in).DeepCopyInto(*out) - } - if in.Lifecycle != nil { - in, out := &in.Lifecycle, &out.Lifecycle - *out = new(Lifecycle) - (*in).DeepCopyInto(*out) - } - if in.SecurityContext != nil { - in, out := &in.SecurityContext, &out.SecurityContext - *out = new(SecurityContext) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Container. -func (in *Container) DeepCopy() *Container { - if in == nil { - return nil - } - out := new(Container) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerImage) DeepCopyInto(out *ContainerImage) { - *out = *in - if in.Names != nil { - in, out := &in.Names, &out.Names - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerImage. -func (in *ContainerImage) DeepCopy() *ContainerImage { - if in == nil { - return nil - } - out := new(ContainerImage) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerPort) DeepCopyInto(out *ContainerPort) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerPort. -func (in *ContainerPort) DeepCopy() *ContainerPort { - if in == nil { - return nil - } - out := new(ContainerPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerState) DeepCopyInto(out *ContainerState) { - *out = *in - if in.Waiting != nil { - in, out := &in.Waiting, &out.Waiting - *out = new(ContainerStateWaiting) - **out = **in - } - if in.Running != nil { - in, out := &in.Running, &out.Running - *out = new(ContainerStateRunning) - (*in).DeepCopyInto(*out) - } - if in.Terminated != nil { - in, out := &in.Terminated, &out.Terminated - *out = new(ContainerStateTerminated) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerState. -func (in *ContainerState) DeepCopy() *ContainerState { - if in == nil { - return nil - } - out := new(ContainerState) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerStateRunning) DeepCopyInto(out *ContainerStateRunning) { - *out = *in - in.StartedAt.DeepCopyInto(&out.StartedAt) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerStateRunning. -func (in *ContainerStateRunning) DeepCopy() *ContainerStateRunning { - if in == nil { - return nil - } - out := new(ContainerStateRunning) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerStateTerminated) DeepCopyInto(out *ContainerStateTerminated) { - *out = *in - in.StartedAt.DeepCopyInto(&out.StartedAt) - in.FinishedAt.DeepCopyInto(&out.FinishedAt) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerStateTerminated. -func (in *ContainerStateTerminated) DeepCopy() *ContainerStateTerminated { - if in == nil { - return nil - } - out := new(ContainerStateTerminated) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerStateWaiting) DeepCopyInto(out *ContainerStateWaiting) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerStateWaiting. -func (in *ContainerStateWaiting) DeepCopy() *ContainerStateWaiting { - if in == nil { - return nil - } - out := new(ContainerStateWaiting) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerStatus) DeepCopyInto(out *ContainerStatus) { - *out = *in - in.State.DeepCopyInto(&out.State) - in.LastTerminationState.DeepCopyInto(&out.LastTerminationState) - if in.Started != nil { - in, out := &in.Started, &out.Started - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerStatus. -func (in *ContainerStatus) DeepCopy() *ContainerStatus { - if in == nil { - return nil - } - out := new(ContainerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DaemonEndpoint) DeepCopyInto(out *DaemonEndpoint) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonEndpoint. -func (in *DaemonEndpoint) DeepCopy() *DaemonEndpoint { - if in == nil { - return nil - } - out := new(DaemonEndpoint) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DownwardAPIProjection) DeepCopyInto(out *DownwardAPIProjection) { - *out = *in - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]DownwardAPIVolumeFile, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DownwardAPIProjection. -func (in *DownwardAPIProjection) DeepCopy() *DownwardAPIProjection { - if in == nil { - return nil - } - out := new(DownwardAPIProjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DownwardAPIVolumeFile) DeepCopyInto(out *DownwardAPIVolumeFile) { - *out = *in - if in.FieldRef != nil { - in, out := &in.FieldRef, &out.FieldRef - *out = new(ObjectFieldSelector) - **out = **in - } - if in.ResourceFieldRef != nil { - in, out := &in.ResourceFieldRef, &out.ResourceFieldRef - *out = new(ResourceFieldSelector) - (*in).DeepCopyInto(*out) - } - if in.Mode != nil { - in, out := &in.Mode, &out.Mode - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DownwardAPIVolumeFile. -func (in *DownwardAPIVolumeFile) DeepCopy() *DownwardAPIVolumeFile { - if in == nil { - return nil - } - out := new(DownwardAPIVolumeFile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DownwardAPIVolumeSource) DeepCopyInto(out *DownwardAPIVolumeSource) { - *out = *in - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]DownwardAPIVolumeFile, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.DefaultMode != nil { - in, out := &in.DefaultMode, &out.DefaultMode - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DownwardAPIVolumeSource. -func (in *DownwardAPIVolumeSource) DeepCopy() *DownwardAPIVolumeSource { - if in == nil { - return nil - } - out := new(DownwardAPIVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EmptyDirVolumeSource) DeepCopyInto(out *EmptyDirVolumeSource) { - *out = *in - if in.SizeLimit != nil { - in, out := &in.SizeLimit, &out.SizeLimit - x := (*in).DeepCopy() - *out = &x - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmptyDirVolumeSource. -func (in *EmptyDirVolumeSource) DeepCopy() *EmptyDirVolumeSource { - if in == nil { - return nil - } - out := new(EmptyDirVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointAddress) DeepCopyInto(out *EndpointAddress) { - *out = *in - if in.NodeName != nil { - in, out := &in.NodeName, &out.NodeName - *out = new(string) - **out = **in - } - if in.TargetRef != nil { - in, out := &in.TargetRef, &out.TargetRef - *out = new(ObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointAddress. -func (in *EndpointAddress) DeepCopy() *EndpointAddress { - if in == nil { - return nil - } - out := new(EndpointAddress) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointPort) DeepCopyInto(out *EndpointPort) { - *out = *in - if in.AppProtocol != nil { - in, out := &in.AppProtocol, &out.AppProtocol - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointPort. -func (in *EndpointPort) DeepCopy() *EndpointPort { - if in == nil { - return nil - } - out := new(EndpointPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointSubset) DeepCopyInto(out *EndpointSubset) { - *out = *in - if in.Addresses != nil { - in, out := &in.Addresses, &out.Addresses - *out = make([]EndpointAddress, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.NotReadyAddresses != nil { - in, out := &in.NotReadyAddresses, &out.NotReadyAddresses - *out = make([]EndpointAddress, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]EndpointPort, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointSubset. -func (in *EndpointSubset) DeepCopy() *EndpointSubset { - if in == nil { - return nil - } - out := new(EndpointSubset) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Endpoints) DeepCopyInto(out *Endpoints) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Subsets != nil { - in, out := &in.Subsets, &out.Subsets - *out = make([]EndpointSubset, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoints. -func (in *Endpoints) DeepCopy() *Endpoints { - if in == nil { - return nil - } - out := new(Endpoints) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Endpoints) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointsList) DeepCopyInto(out *EndpointsList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Endpoints, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointsList. -func (in *EndpointsList) DeepCopy() *EndpointsList { - if in == nil { - return nil - } - out := new(EndpointsList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EndpointsList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvFromSource) DeepCopyInto(out *EnvFromSource) { - *out = *in - if in.ConfigMapRef != nil { - in, out := &in.ConfigMapRef, &out.ConfigMapRef - *out = new(ConfigMapEnvSource) - (*in).DeepCopyInto(*out) - } - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretEnvSource) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvFromSource. -func (in *EnvFromSource) DeepCopy() *EnvFromSource { - if in == nil { - return nil - } - out := new(EnvFromSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvVar) DeepCopyInto(out *EnvVar) { - *out = *in - if in.ValueFrom != nil { - in, out := &in.ValueFrom, &out.ValueFrom - *out = new(EnvVarSource) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvVar. -func (in *EnvVar) DeepCopy() *EnvVar { - if in == nil { - return nil - } - out := new(EnvVar) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EnvVarSource) DeepCopyInto(out *EnvVarSource) { - *out = *in - if in.FieldRef != nil { - in, out := &in.FieldRef, &out.FieldRef - *out = new(ObjectFieldSelector) - **out = **in - } - if in.ResourceFieldRef != nil { - in, out := &in.ResourceFieldRef, &out.ResourceFieldRef - *out = new(ResourceFieldSelector) - (*in).DeepCopyInto(*out) - } - if in.ConfigMapKeyRef != nil { - in, out := &in.ConfigMapKeyRef, &out.ConfigMapKeyRef - *out = new(ConfigMapKeySelector) - (*in).DeepCopyInto(*out) - } - if in.SecretKeyRef != nil { - in, out := &in.SecretKeyRef, &out.SecretKeyRef - *out = new(SecretKeySelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvVarSource. -func (in *EnvVarSource) DeepCopy() *EnvVarSource { - if in == nil { - return nil - } - out := new(EnvVarSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EphemeralContainer) DeepCopyInto(out *EphemeralContainer) { - *out = *in - in.EphemeralContainerCommon.DeepCopyInto(&out.EphemeralContainerCommon) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralContainer. -func (in *EphemeralContainer) DeepCopy() *EphemeralContainer { - if in == nil { - return nil - } - out := new(EphemeralContainer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EphemeralContainerCommon) DeepCopyInto(out *EphemeralContainerCommon) { - *out = *in - if in.Command != nil { - in, out := &in.Command, &out.Command - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Args != nil { - in, out := &in.Args, &out.Args - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]ContainerPort, len(*in)) - copy(*out, *in) - } - if in.EnvFrom != nil { - in, out := &in.EnvFrom, &out.EnvFrom - *out = make([]EnvFromSource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]EnvVar, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - in.Resources.DeepCopyInto(&out.Resources) - if in.VolumeMounts != nil { - in, out := &in.VolumeMounts, &out.VolumeMounts - *out = make([]VolumeMount, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.VolumeDevices != nil { - in, out := &in.VolumeDevices, &out.VolumeDevices - *out = make([]VolumeDevice, len(*in)) - copy(*out, *in) - } - if in.LivenessProbe != nil { - in, out := &in.LivenessProbe, &out.LivenessProbe - *out = new(Probe) - (*in).DeepCopyInto(*out) - } - if in.ReadinessProbe != nil { - in, out := &in.ReadinessProbe, &out.ReadinessProbe - *out = new(Probe) - (*in).DeepCopyInto(*out) - } - if in.StartupProbe != nil { - in, out := &in.StartupProbe, &out.StartupProbe - *out = new(Probe) - (*in).DeepCopyInto(*out) - } - if in.Lifecycle != nil { - in, out := &in.Lifecycle, &out.Lifecycle - *out = new(Lifecycle) - (*in).DeepCopyInto(*out) - } - if in.SecurityContext != nil { - in, out := &in.SecurityContext, &out.SecurityContext - *out = new(SecurityContext) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralContainerCommon. -func (in *EphemeralContainerCommon) DeepCopy() *EphemeralContainerCommon { - if in == nil { - return nil - } - out := new(EphemeralContainerCommon) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EphemeralVolumeSource) DeepCopyInto(out *EphemeralVolumeSource) { - *out = *in - if in.VolumeClaimTemplate != nil { - in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate - *out = new(PersistentVolumeClaimTemplate) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralVolumeSource. -func (in *EphemeralVolumeSource) DeepCopy() *EphemeralVolumeSource { - if in == nil { - return nil - } - out := new(EphemeralVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Event) DeepCopyInto(out *Event) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.InvolvedObject = in.InvolvedObject - out.Source = in.Source - in.FirstTimestamp.DeepCopyInto(&out.FirstTimestamp) - in.LastTimestamp.DeepCopyInto(&out.LastTimestamp) - in.EventTime.DeepCopyInto(&out.EventTime) - if in.Series != nil { - in, out := &in.Series, &out.Series - *out = new(EventSeries) - (*in).DeepCopyInto(*out) - } - if in.Related != nil { - in, out := &in.Related, &out.Related - *out = new(ObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event. -func (in *Event) DeepCopy() *Event { - if in == nil { - return nil - } - out := new(Event) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Event) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventList) DeepCopyInto(out *EventList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Event, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList. -func (in *EventList) DeepCopy() *EventList { - if in == nil { - return nil - } - out := new(EventList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EventList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventSeries) DeepCopyInto(out *EventSeries) { - *out = *in - in.LastObservedTime.DeepCopyInto(&out.LastObservedTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventSeries. -func (in *EventSeries) DeepCopy() *EventSeries { - if in == nil { - return nil - } - out := new(EventSeries) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EventSource) DeepCopyInto(out *EventSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventSource. -func (in *EventSource) DeepCopy() *EventSource { - if in == nil { - return nil - } - out := new(EventSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecAction) DeepCopyInto(out *ExecAction) { - *out = *in - if in.Command != nil { - in, out := &in.Command, &out.Command - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAction. -func (in *ExecAction) DeepCopy() *ExecAction { - if in == nil { - return nil - } - out := new(ExecAction) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FCVolumeSource) DeepCopyInto(out *FCVolumeSource) { - *out = *in - if in.TargetWWNs != nil { - in, out := &in.TargetWWNs, &out.TargetWWNs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Lun != nil { - in, out := &in.Lun, &out.Lun - *out = new(int32) - **out = **in - } - if in.WWIDs != nil { - in, out := &in.WWIDs, &out.WWIDs - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FCVolumeSource. -func (in *FCVolumeSource) DeepCopy() *FCVolumeSource { - if in == nil { - return nil - } - out := new(FCVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlexPersistentVolumeSource) DeepCopyInto(out *FlexPersistentVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretReference) - **out = **in - } - if in.Options != nil { - in, out := &in.Options, &out.Options - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlexPersistentVolumeSource. -func (in *FlexPersistentVolumeSource) DeepCopy() *FlexPersistentVolumeSource { - if in == nil { - return nil - } - out := new(FlexPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlexVolumeSource) DeepCopyInto(out *FlexVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(LocalObjectReference) - **out = **in - } - if in.Options != nil { - in, out := &in.Options, &out.Options - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlexVolumeSource. -func (in *FlexVolumeSource) DeepCopy() *FlexVolumeSource { - if in == nil { - return nil - } - out := new(FlexVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlockerVolumeSource) DeepCopyInto(out *FlockerVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlockerVolumeSource. -func (in *FlockerVolumeSource) DeepCopy() *FlockerVolumeSource { - if in == nil { - return nil - } - out := new(FlockerVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GCEPersistentDiskVolumeSource) DeepCopyInto(out *GCEPersistentDiskVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCEPersistentDiskVolumeSource. -func (in *GCEPersistentDiskVolumeSource) DeepCopy() *GCEPersistentDiskVolumeSource { - if in == nil { - return nil - } - out := new(GCEPersistentDiskVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GRPCAction) DeepCopyInto(out *GRPCAction) { - *out = *in - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCAction. -func (in *GRPCAction) DeepCopy() *GRPCAction { - if in == nil { - return nil - } - out := new(GRPCAction) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GitRepoVolumeSource) DeepCopyInto(out *GitRepoVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRepoVolumeSource. -func (in *GitRepoVolumeSource) DeepCopy() *GitRepoVolumeSource { - if in == nil { - return nil - } - out := new(GitRepoVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GlusterfsPersistentVolumeSource) DeepCopyInto(out *GlusterfsPersistentVolumeSource) { - *out = *in - if in.EndpointsNamespace != nil { - in, out := &in.EndpointsNamespace, &out.EndpointsNamespace - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlusterfsPersistentVolumeSource. -func (in *GlusterfsPersistentVolumeSource) DeepCopy() *GlusterfsPersistentVolumeSource { - if in == nil { - return nil - } - out := new(GlusterfsPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GlusterfsVolumeSource) DeepCopyInto(out *GlusterfsVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlusterfsVolumeSource. -func (in *GlusterfsVolumeSource) DeepCopy() *GlusterfsVolumeSource { - if in == nil { - return nil - } - out := new(GlusterfsVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPGetAction) DeepCopyInto(out *HTTPGetAction) { - *out = *in - out.Port = in.Port - if in.HTTPHeaders != nil { - in, out := &in.HTTPHeaders, &out.HTTPHeaders - *out = make([]HTTPHeader, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPGetAction. -func (in *HTTPGetAction) DeepCopy() *HTTPGetAction { - if in == nil { - return nil - } - out := new(HTTPGetAction) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. -func (in *HTTPHeader) DeepCopy() *HTTPHeader { - if in == nil { - return nil - } - out := new(HTTPHeader) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostAlias) DeepCopyInto(out *HostAlias) { - *out = *in - if in.Hostnames != nil { - in, out := &in.Hostnames, &out.Hostnames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostAlias. -func (in *HostAlias) DeepCopy() *HostAlias { - if in == nil { - return nil - } - out := new(HostAlias) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostPathVolumeSource) DeepCopyInto(out *HostPathVolumeSource) { - *out = *in - if in.Type != nil { - in, out := &in.Type, &out.Type - *out = new(HostPathType) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPathVolumeSource. -func (in *HostPathVolumeSource) DeepCopy() *HostPathVolumeSource { - if in == nil { - return nil - } - out := new(HostPathVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ISCSIPersistentVolumeSource) DeepCopyInto(out *ISCSIPersistentVolumeSource) { - *out = *in - if in.Portals != nil { - in, out := &in.Portals, &out.Portals - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretReference) - **out = **in - } - if in.InitiatorName != nil { - in, out := &in.InitiatorName, &out.InitiatorName - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ISCSIPersistentVolumeSource. -func (in *ISCSIPersistentVolumeSource) DeepCopy() *ISCSIPersistentVolumeSource { - if in == nil { - return nil - } - out := new(ISCSIPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ISCSIVolumeSource) DeepCopyInto(out *ISCSIVolumeSource) { - *out = *in - if in.Portals != nil { - in, out := &in.Portals, &out.Portals - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(LocalObjectReference) - **out = **in - } - if in.InitiatorName != nil { - in, out := &in.InitiatorName, &out.InitiatorName - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ISCSIVolumeSource. -func (in *ISCSIVolumeSource) DeepCopy() *ISCSIVolumeSource { - if in == nil { - return nil - } - out := new(ISCSIVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeyToPath) DeepCopyInto(out *KeyToPath) { - *out = *in - if in.Mode != nil { - in, out := &in.Mode, &out.Mode - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyToPath. -func (in *KeyToPath) DeepCopy() *KeyToPath { - if in == nil { - return nil - } - out := new(KeyToPath) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Lifecycle) DeepCopyInto(out *Lifecycle) { - *out = *in - if in.PostStart != nil { - in, out := &in.PostStart, &out.PostStart - *out = new(LifecycleHandler) - (*in).DeepCopyInto(*out) - } - if in.PreStop != nil { - in, out := &in.PreStop, &out.PreStop - *out = new(LifecycleHandler) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Lifecycle. -func (in *Lifecycle) DeepCopy() *Lifecycle { - if in == nil { - return nil - } - out := new(Lifecycle) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LifecycleHandler) DeepCopyInto(out *LifecycleHandler) { - *out = *in - if in.Exec != nil { - in, out := &in.Exec, &out.Exec - *out = new(ExecAction) - (*in).DeepCopyInto(*out) - } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = new(HTTPGetAction) - (*in).DeepCopyInto(*out) - } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = new(TCPSocketAction) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LifecycleHandler. -func (in *LifecycleHandler) DeepCopy() *LifecycleHandler { - if in == nil { - return nil - } - out := new(LifecycleHandler) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitRange) DeepCopyInto(out *LimitRange) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitRange. -func (in *LimitRange) DeepCopy() *LimitRange { - if in == nil { - return nil - } - out := new(LimitRange) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *LimitRange) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitRangeItem) DeepCopyInto(out *LimitRangeItem) { - *out = *in - if in.Max != nil { - in, out := &in.Max, &out.Max - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Min != nil { - in, out := &in.Min, &out.Min - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Default != nil { - in, out := &in.Default, &out.Default - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.DefaultRequest != nil { - in, out := &in.DefaultRequest, &out.DefaultRequest - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.MaxLimitRequestRatio != nil { - in, out := &in.MaxLimitRequestRatio, &out.MaxLimitRequestRatio - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitRangeItem. -func (in *LimitRangeItem) DeepCopy() *LimitRangeItem { - if in == nil { - return nil - } - out := new(LimitRangeItem) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitRangeList) DeepCopyInto(out *LimitRangeList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]LimitRange, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitRangeList. -func (in *LimitRangeList) DeepCopy() *LimitRangeList { - if in == nil { - return nil - } - out := new(LimitRangeList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *LimitRangeList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitRangeSpec) DeepCopyInto(out *LimitRangeSpec) { - *out = *in - if in.Limits != nil { - in, out := &in.Limits, &out.Limits - *out = make([]LimitRangeItem, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitRangeSpec. -func (in *LimitRangeSpec) DeepCopy() *LimitRangeSpec { - if in == nil { - return nil - } - out := new(LimitRangeSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *List) DeepCopyInto(out *List) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]runtime.Object, len(*in)) - for i := range *in { - if (*in)[i] != nil { - (*out)[i] = (*in)[i].DeepCopyObject() - } - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new List. -func (in *List) DeepCopy() *List { - if in == nil { - return nil - } - out := new(List) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *List) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LoadBalancerIngress) DeepCopyInto(out *LoadBalancerIngress) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]PortStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerIngress. -func (in *LoadBalancerIngress) DeepCopy() *LoadBalancerIngress { - if in == nil { - return nil - } - out := new(LoadBalancerIngress) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LoadBalancerStatus) DeepCopyInto(out *LoadBalancerStatus) { - *out = *in - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]LoadBalancerIngress, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerStatus. -func (in *LoadBalancerStatus) DeepCopy() *LoadBalancerStatus { - if in == nil { - return nil - } - out := new(LoadBalancerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference. -func (in *LocalObjectReference) DeepCopy() *LocalObjectReference { - if in == nil { - return nil - } - out := new(LocalObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LocalVolumeSource) DeepCopyInto(out *LocalVolumeSource) { - *out = *in - if in.FSType != nil { - in, out := &in.FSType, &out.FSType - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalVolumeSource. -func (in *LocalVolumeSource) DeepCopy() *LocalVolumeSource { - if in == nil { - return nil - } - out := new(LocalVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NFSVolumeSource) DeepCopyInto(out *NFSVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NFSVolumeSource. -func (in *NFSVolumeSource) DeepCopy() *NFSVolumeSource { - if in == nil { - return nil - } - out := new(NFSVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Namespace) DeepCopyInto(out *Namespace) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Namespace. -func (in *Namespace) DeepCopy() *Namespace { - if in == nil { - return nil - } - out := new(Namespace) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Namespace) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamespaceCondition) DeepCopyInto(out *NamespaceCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceCondition. -func (in *NamespaceCondition) DeepCopy() *NamespaceCondition { - if in == nil { - return nil - } - out := new(NamespaceCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamespaceList) DeepCopyInto(out *NamespaceList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Namespace, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceList. -func (in *NamespaceList) DeepCopy() *NamespaceList { - if in == nil { - return nil - } - out := new(NamespaceList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NamespaceList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamespaceSpec) DeepCopyInto(out *NamespaceSpec) { - *out = *in - if in.Finalizers != nil { - in, out := &in.Finalizers, &out.Finalizers - *out = make([]FinalizerName, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSpec. -func (in *NamespaceSpec) DeepCopy() *NamespaceSpec { - if in == nil { - return nil - } - out := new(NamespaceSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamespaceStatus) DeepCopyInto(out *NamespaceStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]NamespaceCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceStatus. -func (in *NamespaceStatus) DeepCopy() *NamespaceStatus { - if in == nil { - return nil - } - out := new(NamespaceStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Node) DeepCopyInto(out *Node) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Node. -func (in *Node) DeepCopy() *Node { - if in == nil { - return nil - } - out := new(Node) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Node) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeAddress) DeepCopyInto(out *NodeAddress) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeAddress. -func (in *NodeAddress) DeepCopy() *NodeAddress { - if in == nil { - return nil - } - out := new(NodeAddress) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeAffinity) DeepCopyInto(out *NodeAffinity) { - *out = *in - if in.RequiredDuringSchedulingIgnoredDuringExecution != nil { - in, out := &in.RequiredDuringSchedulingIgnoredDuringExecution, &out.RequiredDuringSchedulingIgnoredDuringExecution - *out = new(NodeSelector) - (*in).DeepCopyInto(*out) - } - if in.PreferredDuringSchedulingIgnoredDuringExecution != nil { - in, out := &in.PreferredDuringSchedulingIgnoredDuringExecution, &out.PreferredDuringSchedulingIgnoredDuringExecution - *out = make([]PreferredSchedulingTerm, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeAffinity. -func (in *NodeAffinity) DeepCopy() *NodeAffinity { - if in == nil { - return nil - } - out := new(NodeAffinity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeCondition) DeepCopyInto(out *NodeCondition) { - *out = *in - in.LastHeartbeatTime.DeepCopyInto(&out.LastHeartbeatTime) - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeCondition. -func (in *NodeCondition) DeepCopy() *NodeCondition { - if in == nil { - return nil - } - out := new(NodeCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeConfigSource) DeepCopyInto(out *NodeConfigSource) { - *out = *in - if in.ConfigMap != nil { - in, out := &in.ConfigMap, &out.ConfigMap - *out = new(ConfigMapNodeConfigSource) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigSource. -func (in *NodeConfigSource) DeepCopy() *NodeConfigSource { - if in == nil { - return nil - } - out := new(NodeConfigSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeConfigStatus) DeepCopyInto(out *NodeConfigStatus) { - *out = *in - if in.Assigned != nil { - in, out := &in.Assigned, &out.Assigned - *out = new(NodeConfigSource) - (*in).DeepCopyInto(*out) - } - if in.Active != nil { - in, out := &in.Active, &out.Active - *out = new(NodeConfigSource) - (*in).DeepCopyInto(*out) - } - if in.LastKnownGood != nil { - in, out := &in.LastKnownGood, &out.LastKnownGood - *out = new(NodeConfigSource) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigStatus. -func (in *NodeConfigStatus) DeepCopy() *NodeConfigStatus { - if in == nil { - return nil - } - out := new(NodeConfigStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeDaemonEndpoints) DeepCopyInto(out *NodeDaemonEndpoints) { - *out = *in - out.KubeletEndpoint = in.KubeletEndpoint - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDaemonEndpoints. -func (in *NodeDaemonEndpoints) DeepCopy() *NodeDaemonEndpoints { - if in == nil { - return nil - } - out := new(NodeDaemonEndpoints) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeList) DeepCopyInto(out *NodeList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Node, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeList. -func (in *NodeList) DeepCopy() *NodeList { - if in == nil { - return nil - } - out := new(NodeList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NodeList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeProxyOptions) DeepCopyInto(out *NodeProxyOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeProxyOptions. -func (in *NodeProxyOptions) DeepCopy() *NodeProxyOptions { - if in == nil { - return nil - } - out := new(NodeProxyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NodeProxyOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeResources) DeepCopyInto(out *NodeResources) { - *out = *in - if in.Capacity != nil { - in, out := &in.Capacity, &out.Capacity - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeResources. -func (in *NodeResources) DeepCopy() *NodeResources { - if in == nil { - return nil - } - out := new(NodeResources) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeSelector) DeepCopyInto(out *NodeSelector) { - *out = *in - if in.NodeSelectorTerms != nil { - in, out := &in.NodeSelectorTerms, &out.NodeSelectorTerms - *out = make([]NodeSelectorTerm, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSelector. -func (in *NodeSelector) DeepCopy() *NodeSelector { - if in == nil { - return nil - } - out := new(NodeSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeSelectorRequirement) DeepCopyInto(out *NodeSelectorRequirement) { - *out = *in - if in.Values != nil { - in, out := &in.Values, &out.Values - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSelectorRequirement. -func (in *NodeSelectorRequirement) DeepCopy() *NodeSelectorRequirement { - if in == nil { - return nil - } - out := new(NodeSelectorRequirement) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeSelectorTerm) DeepCopyInto(out *NodeSelectorTerm) { - *out = *in - if in.MatchExpressions != nil { - in, out := &in.MatchExpressions, &out.MatchExpressions - *out = make([]NodeSelectorRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.MatchFields != nil { - in, out := &in.MatchFields, &out.MatchFields - *out = make([]NodeSelectorRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSelectorTerm. -func (in *NodeSelectorTerm) DeepCopy() *NodeSelectorTerm { - if in == nil { - return nil - } - out := new(NodeSelectorTerm) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeSpec) DeepCopyInto(out *NodeSpec) { - *out = *in - if in.PodCIDRs != nil { - in, out := &in.PodCIDRs, &out.PodCIDRs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Taints != nil { - in, out := &in.Taints, &out.Taints - *out = make([]Taint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ConfigSource != nil { - in, out := &in.ConfigSource, &out.ConfigSource - *out = new(NodeConfigSource) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSpec. -func (in *NodeSpec) DeepCopy() *NodeSpec { - if in == nil { - return nil - } - out := new(NodeSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeStatus) DeepCopyInto(out *NodeStatus) { - *out = *in - if in.Capacity != nil { - in, out := &in.Capacity, &out.Capacity - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Allocatable != nil { - in, out := &in.Allocatable, &out.Allocatable - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]NodeCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Addresses != nil { - in, out := &in.Addresses, &out.Addresses - *out = make([]NodeAddress, len(*in)) - copy(*out, *in) - } - out.DaemonEndpoints = in.DaemonEndpoints - out.NodeInfo = in.NodeInfo - if in.Images != nil { - in, out := &in.Images, &out.Images - *out = make([]ContainerImage, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.VolumesInUse != nil { - in, out := &in.VolumesInUse, &out.VolumesInUse - *out = make([]UniqueVolumeName, len(*in)) - copy(*out, *in) - } - if in.VolumesAttached != nil { - in, out := &in.VolumesAttached, &out.VolumesAttached - *out = make([]AttachedVolume, len(*in)) - copy(*out, *in) - } - if in.Config != nil { - in, out := &in.Config, &out.Config - *out = new(NodeConfigStatus) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeStatus. -func (in *NodeStatus) DeepCopy() *NodeStatus { - if in == nil { - return nil - } - out := new(NodeStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeSystemInfo) DeepCopyInto(out *NodeSystemInfo) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSystemInfo. -func (in *NodeSystemInfo) DeepCopy() *NodeSystemInfo { - if in == nil { - return nil - } - out := new(NodeSystemInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectFieldSelector) DeepCopyInto(out *ObjectFieldSelector) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectFieldSelector. -func (in *ObjectFieldSelector) DeepCopy() *ObjectFieldSelector { - if in == nil { - return nil - } - out := new(ObjectFieldSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. -func (in *ObjectReference) DeepCopy() *ObjectReference { - if in == nil { - return nil - } - out := new(ObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ObjectReference) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolume) DeepCopyInto(out *PersistentVolume) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolume. -func (in *PersistentVolume) DeepCopy() *PersistentVolume { - if in == nil { - return nil - } - out := new(PersistentVolume) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PersistentVolume) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaim) DeepCopyInto(out *PersistentVolumeClaim) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaim. -func (in *PersistentVolumeClaim) DeepCopy() *PersistentVolumeClaim { - if in == nil { - return nil - } - out := new(PersistentVolumeClaim) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PersistentVolumeClaim) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimCondition) DeepCopyInto(out *PersistentVolumeClaimCondition) { - *out = *in - in.LastProbeTime.DeepCopyInto(&out.LastProbeTime) - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimCondition. -func (in *PersistentVolumeClaimCondition) DeepCopy() *PersistentVolumeClaimCondition { - if in == nil { - return nil - } - out := new(PersistentVolumeClaimCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimList) DeepCopyInto(out *PersistentVolumeClaimList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PersistentVolumeClaim, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimList. -func (in *PersistentVolumeClaimList) DeepCopy() *PersistentVolumeClaimList { - if in == nil { - return nil - } - out := new(PersistentVolumeClaimList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PersistentVolumeClaimList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimSpec) DeepCopyInto(out *PersistentVolumeClaimSpec) { - *out = *in - if in.AccessModes != nil { - in, out := &in.AccessModes, &out.AccessModes - *out = make([]PersistentVolumeAccessMode, len(*in)) - copy(*out, *in) - } - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - in.Resources.DeepCopyInto(&out.Resources) - if in.StorageClassName != nil { - in, out := &in.StorageClassName, &out.StorageClassName - *out = new(string) - **out = **in - } - if in.VolumeMode != nil { - in, out := &in.VolumeMode, &out.VolumeMode - *out = new(PersistentVolumeMode) - **out = **in - } - if in.DataSource != nil { - in, out := &in.DataSource, &out.DataSource - *out = new(TypedLocalObjectReference) - (*in).DeepCopyInto(*out) - } - if in.DataSourceRef != nil { - in, out := &in.DataSourceRef, &out.DataSourceRef - *out = new(TypedObjectReference) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimSpec. -func (in *PersistentVolumeClaimSpec) DeepCopy() *PersistentVolumeClaimSpec { - if in == nil { - return nil - } - out := new(PersistentVolumeClaimSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimStatus) DeepCopyInto(out *PersistentVolumeClaimStatus) { - *out = *in - if in.AccessModes != nil { - in, out := &in.AccessModes, &out.AccessModes - *out = make([]PersistentVolumeAccessMode, len(*in)) - copy(*out, *in) - } - if in.Capacity != nil { - in, out := &in.Capacity, &out.Capacity - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]PersistentVolumeClaimCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.AllocatedResources != nil { - in, out := &in.AllocatedResources, &out.AllocatedResources - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.ResizeStatus != nil { - in, out := &in.ResizeStatus, &out.ResizeStatus - *out = new(PersistentVolumeClaimResizeStatus) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimStatus. -func (in *PersistentVolumeClaimStatus) DeepCopy() *PersistentVolumeClaimStatus { - if in == nil { - return nil - } - out := new(PersistentVolumeClaimStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimTemplate) DeepCopyInto(out *PersistentVolumeClaimTemplate) { - *out = *in - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimTemplate. -func (in *PersistentVolumeClaimTemplate) DeepCopy() *PersistentVolumeClaimTemplate { - if in == nil { - return nil - } - out := new(PersistentVolumeClaimTemplate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimVolumeSource) DeepCopyInto(out *PersistentVolumeClaimVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimVolumeSource. -func (in *PersistentVolumeClaimVolumeSource) DeepCopy() *PersistentVolumeClaimVolumeSource { - if in == nil { - return nil - } - out := new(PersistentVolumeClaimVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeList) DeepCopyInto(out *PersistentVolumeList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PersistentVolume, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeList. -func (in *PersistentVolumeList) DeepCopy() *PersistentVolumeList { - if in == nil { - return nil - } - out := new(PersistentVolumeList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PersistentVolumeList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeSource) DeepCopyInto(out *PersistentVolumeSource) { - *out = *in - if in.GCEPersistentDisk != nil { - in, out := &in.GCEPersistentDisk, &out.GCEPersistentDisk - *out = new(GCEPersistentDiskVolumeSource) - **out = **in - } - if in.AWSElasticBlockStore != nil { - in, out := &in.AWSElasticBlockStore, &out.AWSElasticBlockStore - *out = new(AWSElasticBlockStoreVolumeSource) - **out = **in - } - if in.HostPath != nil { - in, out := &in.HostPath, &out.HostPath - *out = new(HostPathVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Glusterfs != nil { - in, out := &in.Glusterfs, &out.Glusterfs - *out = new(GlusterfsPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.NFS != nil { - in, out := &in.NFS, &out.NFS - *out = new(NFSVolumeSource) - **out = **in - } - if in.RBD != nil { - in, out := &in.RBD, &out.RBD - *out = new(RBDPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Quobyte != nil { - in, out := &in.Quobyte, &out.Quobyte - *out = new(QuobyteVolumeSource) - **out = **in - } - if in.ISCSI != nil { - in, out := &in.ISCSI, &out.ISCSI - *out = new(ISCSIPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.FlexVolume != nil { - in, out := &in.FlexVolume, &out.FlexVolume - *out = new(FlexPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Cinder != nil { - in, out := &in.Cinder, &out.Cinder - *out = new(CinderPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.CephFS != nil { - in, out := &in.CephFS, &out.CephFS - *out = new(CephFSPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.FC != nil { - in, out := &in.FC, &out.FC - *out = new(FCVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Flocker != nil { - in, out := &in.Flocker, &out.Flocker - *out = new(FlockerVolumeSource) - **out = **in - } - if in.AzureFile != nil { - in, out := &in.AzureFile, &out.AzureFile - *out = new(AzureFilePersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.VsphereVolume != nil { - in, out := &in.VsphereVolume, &out.VsphereVolume - *out = new(VsphereVirtualDiskVolumeSource) - **out = **in - } - if in.AzureDisk != nil { - in, out := &in.AzureDisk, &out.AzureDisk - *out = new(AzureDiskVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.PhotonPersistentDisk != nil { - in, out := &in.PhotonPersistentDisk, &out.PhotonPersistentDisk - *out = new(PhotonPersistentDiskVolumeSource) - **out = **in - } - if in.PortworxVolume != nil { - in, out := &in.PortworxVolume, &out.PortworxVolume - *out = new(PortworxVolumeSource) - **out = **in - } - if in.ScaleIO != nil { - in, out := &in.ScaleIO, &out.ScaleIO - *out = new(ScaleIOPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Local != nil { - in, out := &in.Local, &out.Local - *out = new(LocalVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.StorageOS != nil { - in, out := &in.StorageOS, &out.StorageOS - *out = new(StorageOSPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.CSI != nil { - in, out := &in.CSI, &out.CSI - *out = new(CSIPersistentVolumeSource) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeSource. -func (in *PersistentVolumeSource) DeepCopy() *PersistentVolumeSource { - if in == nil { - return nil - } - out := new(PersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeSpec) DeepCopyInto(out *PersistentVolumeSpec) { - *out = *in - if in.Capacity != nil { - in, out := &in.Capacity, &out.Capacity - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - in.PersistentVolumeSource.DeepCopyInto(&out.PersistentVolumeSource) - if in.AccessModes != nil { - in, out := &in.AccessModes, &out.AccessModes - *out = make([]PersistentVolumeAccessMode, len(*in)) - copy(*out, *in) - } - if in.ClaimRef != nil { - in, out := &in.ClaimRef, &out.ClaimRef - *out = new(ObjectReference) - **out = **in - } - if in.MountOptions != nil { - in, out := &in.MountOptions, &out.MountOptions - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.VolumeMode != nil { - in, out := &in.VolumeMode, &out.VolumeMode - *out = new(PersistentVolumeMode) - **out = **in - } - if in.NodeAffinity != nil { - in, out := &in.NodeAffinity, &out.NodeAffinity - *out = new(VolumeNodeAffinity) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeSpec. -func (in *PersistentVolumeSpec) DeepCopy() *PersistentVolumeSpec { - if in == nil { - return nil - } - out := new(PersistentVolumeSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeStatus) DeepCopyInto(out *PersistentVolumeStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeStatus. -func (in *PersistentVolumeStatus) DeepCopy() *PersistentVolumeStatus { - if in == nil { - return nil - } - out := new(PersistentVolumeStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PhotonPersistentDiskVolumeSource) DeepCopyInto(out *PhotonPersistentDiskVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhotonPersistentDiskVolumeSource. -func (in *PhotonPersistentDiskVolumeSource) DeepCopy() *PhotonPersistentDiskVolumeSource { - if in == nil { - return nil - } - out := new(PhotonPersistentDiskVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Pod) DeepCopyInto(out *Pod) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Pod. -func (in *Pod) DeepCopy() *Pod { - if in == nil { - return nil - } - out := new(Pod) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Pod) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodAffinity) DeepCopyInto(out *PodAffinity) { - *out = *in - if in.RequiredDuringSchedulingIgnoredDuringExecution != nil { - in, out := &in.RequiredDuringSchedulingIgnoredDuringExecution, &out.RequiredDuringSchedulingIgnoredDuringExecution - *out = make([]PodAffinityTerm, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.PreferredDuringSchedulingIgnoredDuringExecution != nil { - in, out := &in.PreferredDuringSchedulingIgnoredDuringExecution, &out.PreferredDuringSchedulingIgnoredDuringExecution - *out = make([]WeightedPodAffinityTerm, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAffinity. -func (in *PodAffinity) DeepCopy() *PodAffinity { - if in == nil { - return nil - } - out := new(PodAffinity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodAffinityTerm) DeepCopyInto(out *PodAffinityTerm) { - *out = *in - if in.LabelSelector != nil { - in, out := &in.LabelSelector, &out.LabelSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAffinityTerm. -func (in *PodAffinityTerm) DeepCopy() *PodAffinityTerm { - if in == nil { - return nil - } - out := new(PodAffinityTerm) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodAntiAffinity) DeepCopyInto(out *PodAntiAffinity) { - *out = *in - if in.RequiredDuringSchedulingIgnoredDuringExecution != nil { - in, out := &in.RequiredDuringSchedulingIgnoredDuringExecution, &out.RequiredDuringSchedulingIgnoredDuringExecution - *out = make([]PodAffinityTerm, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.PreferredDuringSchedulingIgnoredDuringExecution != nil { - in, out := &in.PreferredDuringSchedulingIgnoredDuringExecution, &out.PreferredDuringSchedulingIgnoredDuringExecution - *out = make([]WeightedPodAffinityTerm, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAntiAffinity. -func (in *PodAntiAffinity) DeepCopy() *PodAntiAffinity { - if in == nil { - return nil - } - out := new(PodAntiAffinity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodAttachOptions) DeepCopyInto(out *PodAttachOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAttachOptions. -func (in *PodAttachOptions) DeepCopy() *PodAttachOptions { - if in == nil { - return nil - } - out := new(PodAttachOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodAttachOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodCondition) DeepCopyInto(out *PodCondition) { - *out = *in - in.LastProbeTime.DeepCopyInto(&out.LastProbeTime) - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodCondition. -func (in *PodCondition) DeepCopy() *PodCondition { - if in == nil { - return nil - } - out := new(PodCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodDNSConfig) DeepCopyInto(out *PodDNSConfig) { - *out = *in - if in.Nameservers != nil { - in, out := &in.Nameservers, &out.Nameservers - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Searches != nil { - in, out := &in.Searches, &out.Searches - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Options != nil { - in, out := &in.Options, &out.Options - *out = make([]PodDNSConfigOption, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDNSConfig. -func (in *PodDNSConfig) DeepCopy() *PodDNSConfig { - if in == nil { - return nil - } - out := new(PodDNSConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodDNSConfigOption) DeepCopyInto(out *PodDNSConfigOption) { - *out = *in - if in.Value != nil { - in, out := &in.Value, &out.Value - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDNSConfigOption. -func (in *PodDNSConfigOption) DeepCopy() *PodDNSConfigOption { - if in == nil { - return nil - } - out := new(PodDNSConfigOption) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodExecOptions) DeepCopyInto(out *PodExecOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Command != nil { - in, out := &in.Command, &out.Command - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodExecOptions. -func (in *PodExecOptions) DeepCopy() *PodExecOptions { - if in == nil { - return nil - } - out := new(PodExecOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodExecOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodIP) DeepCopyInto(out *PodIP) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodIP. -func (in *PodIP) DeepCopy() *PodIP { - if in == nil { - return nil - } - out := new(PodIP) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodList) DeepCopyInto(out *PodList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Pod, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodList. -func (in *PodList) DeepCopy() *PodList { - if in == nil { - return nil - } - out := new(PodList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodLogOptions) DeepCopyInto(out *PodLogOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.SinceSeconds != nil { - in, out := &in.SinceSeconds, &out.SinceSeconds - *out = new(int64) - **out = **in - } - if in.SinceTime != nil { - in, out := &in.SinceTime, &out.SinceTime - *out = (*in).DeepCopy() - } - if in.TailLines != nil { - in, out := &in.TailLines, &out.TailLines - *out = new(int64) - **out = **in - } - if in.LimitBytes != nil { - in, out := &in.LimitBytes, &out.LimitBytes - *out = new(int64) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodLogOptions. -func (in *PodLogOptions) DeepCopy() *PodLogOptions { - if in == nil { - return nil - } - out := new(PodLogOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodLogOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodOS) DeepCopyInto(out *PodOS) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodOS. -func (in *PodOS) DeepCopy() *PodOS { - if in == nil { - return nil - } - out := new(PodOS) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodPortForwardOptions) DeepCopyInto(out *PodPortForwardOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]int32, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodPortForwardOptions. -func (in *PodPortForwardOptions) DeepCopy() *PodPortForwardOptions { - if in == nil { - return nil - } - out := new(PodPortForwardOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodPortForwardOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodProxyOptions) DeepCopyInto(out *PodProxyOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodProxyOptions. -func (in *PodProxyOptions) DeepCopy() *PodProxyOptions { - if in == nil { - return nil - } - out := new(PodProxyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodProxyOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodReadinessGate) DeepCopyInto(out *PodReadinessGate) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodReadinessGate. -func (in *PodReadinessGate) DeepCopy() *PodReadinessGate { - if in == nil { - return nil - } - out := new(PodReadinessGate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodResourceClaim) DeepCopyInto(out *PodResourceClaim) { - *out = *in - in.Source.DeepCopyInto(&out.Source) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodResourceClaim. -func (in *PodResourceClaim) DeepCopy() *PodResourceClaim { - if in == nil { - return nil - } - out := new(PodResourceClaim) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSchedulingGate) DeepCopyInto(out *PodSchedulingGate) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSchedulingGate. -func (in *PodSchedulingGate) DeepCopy() *PodSchedulingGate { - if in == nil { - return nil - } - out := new(PodSchedulingGate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityContext) DeepCopyInto(out *PodSecurityContext) { - *out = *in - if in.ShareProcessNamespace != nil { - in, out := &in.ShareProcessNamespace, &out.ShareProcessNamespace - *out = new(bool) - **out = **in - } - if in.HostUsers != nil { - in, out := &in.HostUsers, &out.HostUsers - *out = new(bool) - **out = **in - } - if in.SELinuxOptions != nil { - in, out := &in.SELinuxOptions, &out.SELinuxOptions - *out = new(SELinuxOptions) - **out = **in - } - if in.WindowsOptions != nil { - in, out := &in.WindowsOptions, &out.WindowsOptions - *out = new(WindowsSecurityContextOptions) - (*in).DeepCopyInto(*out) - } - if in.RunAsUser != nil { - in, out := &in.RunAsUser, &out.RunAsUser - *out = new(int64) - **out = **in - } - if in.RunAsGroup != nil { - in, out := &in.RunAsGroup, &out.RunAsGroup - *out = new(int64) - **out = **in - } - if in.RunAsNonRoot != nil { - in, out := &in.RunAsNonRoot, &out.RunAsNonRoot - *out = new(bool) - **out = **in - } - if in.SupplementalGroups != nil { - in, out := &in.SupplementalGroups, &out.SupplementalGroups - *out = make([]int64, len(*in)) - copy(*out, *in) - } - if in.FSGroup != nil { - in, out := &in.FSGroup, &out.FSGroup - *out = new(int64) - **out = **in - } - if in.FSGroupChangePolicy != nil { - in, out := &in.FSGroupChangePolicy, &out.FSGroupChangePolicy - *out = new(PodFSGroupChangePolicy) - **out = **in - } - if in.Sysctls != nil { - in, out := &in.Sysctls, &out.Sysctls - *out = make([]Sysctl, len(*in)) - copy(*out, *in) - } - if in.SeccompProfile != nil { - in, out := &in.SeccompProfile, &out.SeccompProfile - *out = new(SeccompProfile) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityContext. -func (in *PodSecurityContext) DeepCopy() *PodSecurityContext { - if in == nil { - return nil - } - out := new(PodSecurityContext) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSignature) DeepCopyInto(out *PodSignature) { - *out = *in - if in.PodController != nil { - in, out := &in.PodController, &out.PodController - *out = new(v1.OwnerReference) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSignature. -func (in *PodSignature) DeepCopy() *PodSignature { - if in == nil { - return nil - } - out := new(PodSignature) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSpec) DeepCopyInto(out *PodSpec) { - *out = *in - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]Volume, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.InitContainers != nil { - in, out := &in.InitContainers, &out.InitContainers - *out = make([]Container, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = make([]Container, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EphemeralContainers != nil { - in, out := &in.EphemeralContainers, &out.EphemeralContainers - *out = make([]EphemeralContainer, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.TerminationGracePeriodSeconds != nil { - in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds - *out = new(int64) - **out = **in - } - if in.ActiveDeadlineSeconds != nil { - in, out := &in.ActiveDeadlineSeconds, &out.ActiveDeadlineSeconds - *out = new(int64) - **out = **in - } - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.AutomountServiceAccountToken != nil { - in, out := &in.AutomountServiceAccountToken, &out.AutomountServiceAccountToken - *out = new(bool) - **out = **in - } - if in.SecurityContext != nil { - in, out := &in.SecurityContext, &out.SecurityContext - *out = new(PodSecurityContext) - (*in).DeepCopyInto(*out) - } - if in.ImagePullSecrets != nil { - in, out := &in.ImagePullSecrets, &out.ImagePullSecrets - *out = make([]LocalObjectReference, len(*in)) - copy(*out, *in) - } - if in.SetHostnameAsFQDN != nil { - in, out := &in.SetHostnameAsFQDN, &out.SetHostnameAsFQDN - *out = new(bool) - **out = **in - } - if in.Affinity != nil { - in, out := &in.Affinity, &out.Affinity - *out = new(Affinity) - (*in).DeepCopyInto(*out) - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.HostAliases != nil { - in, out := &in.HostAliases, &out.HostAliases - *out = make([]HostAlias, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Priority != nil { - in, out := &in.Priority, &out.Priority - *out = new(int32) - **out = **in - } - if in.PreemptionPolicy != nil { - in, out := &in.PreemptionPolicy, &out.PreemptionPolicy - *out = new(PreemptionPolicy) - **out = **in - } - if in.DNSConfig != nil { - in, out := &in.DNSConfig, &out.DNSConfig - *out = new(PodDNSConfig) - (*in).DeepCopyInto(*out) - } - if in.ReadinessGates != nil { - in, out := &in.ReadinessGates, &out.ReadinessGates - *out = make([]PodReadinessGate, len(*in)) - copy(*out, *in) - } - if in.RuntimeClassName != nil { - in, out := &in.RuntimeClassName, &out.RuntimeClassName - *out = new(string) - **out = **in - } - if in.Overhead != nil { - in, out := &in.Overhead, &out.Overhead - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.EnableServiceLinks != nil { - in, out := &in.EnableServiceLinks, &out.EnableServiceLinks - *out = new(bool) - **out = **in - } - if in.TopologySpreadConstraints != nil { - in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints - *out = make([]TopologySpreadConstraint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.OS != nil { - in, out := &in.OS, &out.OS - *out = new(PodOS) - **out = **in - } - if in.SchedulingGates != nil { - in, out := &in.SchedulingGates, &out.SchedulingGates - *out = make([]PodSchedulingGate, len(*in)) - copy(*out, *in) - } - if in.ResourceClaims != nil { - in, out := &in.ResourceClaims, &out.ResourceClaims - *out = make([]PodResourceClaim, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSpec. -func (in *PodSpec) DeepCopy() *PodSpec { - if in == nil { - return nil - } - out := new(PodSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodStatus) DeepCopyInto(out *PodStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]PodCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.PodIPs != nil { - in, out := &in.PodIPs, &out.PodIPs - *out = make([]PodIP, len(*in)) - copy(*out, *in) - } - if in.StartTime != nil { - in, out := &in.StartTime, &out.StartTime - *out = (*in).DeepCopy() - } - if in.InitContainerStatuses != nil { - in, out := &in.InitContainerStatuses, &out.InitContainerStatuses - *out = make([]ContainerStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ContainerStatuses != nil { - in, out := &in.ContainerStatuses, &out.ContainerStatuses - *out = make([]ContainerStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EphemeralContainerStatuses != nil { - in, out := &in.EphemeralContainerStatuses, &out.EphemeralContainerStatuses - *out = make([]ContainerStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodStatus. -func (in *PodStatus) DeepCopy() *PodStatus { - if in == nil { - return nil - } - out := new(PodStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodStatusResult) DeepCopyInto(out *PodStatusResult) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodStatusResult. -func (in *PodStatusResult) DeepCopy() *PodStatusResult { - if in == nil { - return nil - } - out := new(PodStatusResult) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodStatusResult) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodTemplate) DeepCopyInto(out *PodTemplate) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Template.DeepCopyInto(&out.Template) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodTemplate. -func (in *PodTemplate) DeepCopy() *PodTemplate { - if in == nil { - return nil - } - out := new(PodTemplate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodTemplate) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodTemplateList) DeepCopyInto(out *PodTemplateList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PodTemplate, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodTemplateList. -func (in *PodTemplateList) DeepCopy() *PodTemplateList { - if in == nil { - return nil - } - out := new(PodTemplateList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodTemplateList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodTemplateSpec) DeepCopyInto(out *PodTemplateSpec) { - *out = *in - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodTemplateSpec. -func (in *PodTemplateSpec) DeepCopy() *PodTemplateSpec { - if in == nil { - return nil - } - out := new(PodTemplateSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PortStatus) DeepCopyInto(out *PortStatus) { - *out = *in - if in.Error != nil { - in, out := &in.Error, &out.Error - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortStatus. -func (in *PortStatus) DeepCopy() *PortStatus { - if in == nil { - return nil - } - out := new(PortStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PortworxVolumeSource) DeepCopyInto(out *PortworxVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortworxVolumeSource. -func (in *PortworxVolumeSource) DeepCopy() *PortworxVolumeSource { - if in == nil { - return nil - } - out := new(PortworxVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Preconditions) DeepCopyInto(out *Preconditions) { - *out = *in - if in.UID != nil { - in, out := &in.UID, &out.UID - *out = new(types.UID) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Preconditions. -func (in *Preconditions) DeepCopy() *Preconditions { - if in == nil { - return nil - } - out := new(Preconditions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PreferAvoidPodsEntry) DeepCopyInto(out *PreferAvoidPodsEntry) { - *out = *in - in.PodSignature.DeepCopyInto(&out.PodSignature) - in.EvictionTime.DeepCopyInto(&out.EvictionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreferAvoidPodsEntry. -func (in *PreferAvoidPodsEntry) DeepCopy() *PreferAvoidPodsEntry { - if in == nil { - return nil - } - out := new(PreferAvoidPodsEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PreferredSchedulingTerm) DeepCopyInto(out *PreferredSchedulingTerm) { - *out = *in - in.Preference.DeepCopyInto(&out.Preference) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreferredSchedulingTerm. -func (in *PreferredSchedulingTerm) DeepCopy() *PreferredSchedulingTerm { - if in == nil { - return nil - } - out := new(PreferredSchedulingTerm) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Probe) DeepCopyInto(out *Probe) { - *out = *in - in.ProbeHandler.DeepCopyInto(&out.ProbeHandler) - if in.TerminationGracePeriodSeconds != nil { - in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds - *out = new(int64) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Probe. -func (in *Probe) DeepCopy() *Probe { - if in == nil { - return nil - } - out := new(Probe) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProbeHandler) DeepCopyInto(out *ProbeHandler) { - *out = *in - if in.Exec != nil { - in, out := &in.Exec, &out.Exec - *out = new(ExecAction) - (*in).DeepCopyInto(*out) - } - if in.HTTPGet != nil { - in, out := &in.HTTPGet, &out.HTTPGet - *out = new(HTTPGetAction) - (*in).DeepCopyInto(*out) - } - if in.TCPSocket != nil { - in, out := &in.TCPSocket, &out.TCPSocket - *out = new(TCPSocketAction) - **out = **in - } - if in.GRPC != nil { - in, out := &in.GRPC, &out.GRPC - *out = new(GRPCAction) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProbeHandler. -func (in *ProbeHandler) DeepCopy() *ProbeHandler { - if in == nil { - return nil - } - out := new(ProbeHandler) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectedVolumeSource) DeepCopyInto(out *ProjectedVolumeSource) { - *out = *in - if in.Sources != nil { - in, out := &in.Sources, &out.Sources - *out = make([]VolumeProjection, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.DefaultMode != nil { - in, out := &in.DefaultMode, &out.DefaultMode - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectedVolumeSource. -func (in *ProjectedVolumeSource) DeepCopy() *ProjectedVolumeSource { - if in == nil { - return nil - } - out := new(ProjectedVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *QuobyteVolumeSource) DeepCopyInto(out *QuobyteVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuobyteVolumeSource. -func (in *QuobyteVolumeSource) DeepCopy() *QuobyteVolumeSource { - if in == nil { - return nil - } - out := new(QuobyteVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RBDPersistentVolumeSource) DeepCopyInto(out *RBDPersistentVolumeSource) { - *out = *in - if in.CephMonitors != nil { - in, out := &in.CephMonitors, &out.CephMonitors - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RBDPersistentVolumeSource. -func (in *RBDPersistentVolumeSource) DeepCopy() *RBDPersistentVolumeSource { - if in == nil { - return nil - } - out := new(RBDPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RBDVolumeSource) DeepCopyInto(out *RBDVolumeSource) { - *out = *in - if in.CephMonitors != nil { - in, out := &in.CephMonitors, &out.CephMonitors - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(LocalObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RBDVolumeSource. -func (in *RBDVolumeSource) DeepCopy() *RBDVolumeSource { - if in == nil { - return nil - } - out := new(RBDVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RangeAllocation) DeepCopyInto(out *RangeAllocation) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Data != nil { - in, out := &in.Data, &out.Data - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RangeAllocation. -func (in *RangeAllocation) DeepCopy() *RangeAllocation { - if in == nil { - return nil - } - out := new(RangeAllocation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RangeAllocation) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicationController) DeepCopyInto(out *ReplicationController) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicationController. -func (in *ReplicationController) DeepCopy() *ReplicationController { - if in == nil { - return nil - } - out := new(ReplicationController) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ReplicationController) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicationControllerCondition) DeepCopyInto(out *ReplicationControllerCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicationControllerCondition. -func (in *ReplicationControllerCondition) DeepCopy() *ReplicationControllerCondition { - if in == nil { - return nil - } - out := new(ReplicationControllerCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicationControllerList) DeepCopyInto(out *ReplicationControllerList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ReplicationController, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicationControllerList. -func (in *ReplicationControllerList) DeepCopy() *ReplicationControllerList { - if in == nil { - return nil - } - out := new(ReplicationControllerList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ReplicationControllerList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicationControllerSpec) DeepCopyInto(out *ReplicationControllerSpec) { - *out = *in - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Template != nil { - in, out := &in.Template, &out.Template - *out = new(PodTemplateSpec) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicationControllerSpec. -func (in *ReplicationControllerSpec) DeepCopy() *ReplicationControllerSpec { - if in == nil { - return nil - } - out := new(ReplicationControllerSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ReplicationControllerStatus) DeepCopyInto(out *ReplicationControllerStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]ReplicationControllerCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicationControllerStatus. -func (in *ReplicationControllerStatus) DeepCopy() *ReplicationControllerStatus { - if in == nil { - return nil - } - out := new(ReplicationControllerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaim) DeepCopyInto(out *ResourceClaim) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaim. -func (in *ResourceClaim) DeepCopy() *ResourceClaim { - if in == nil { - return nil - } - out := new(ResourceClaim) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceFieldSelector) DeepCopyInto(out *ResourceFieldSelector) { - *out = *in - out.Divisor = in.Divisor.DeepCopy() - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceFieldSelector. -func (in *ResourceFieldSelector) DeepCopy() *ResourceFieldSelector { - if in == nil { - return nil - } - out := new(ResourceFieldSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in ResourceList) DeepCopyInto(out *ResourceList) { - { - in := &in - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - return - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceList. -func (in ResourceList) DeepCopy() ResourceList { - if in == nil { - return nil - } - out := new(ResourceList) - in.DeepCopyInto(out) - return *out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceQuota) DeepCopyInto(out *ResourceQuota) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceQuota. -func (in *ResourceQuota) DeepCopy() *ResourceQuota { - if in == nil { - return nil - } - out := new(ResourceQuota) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceQuota) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceQuotaList) DeepCopyInto(out *ResourceQuotaList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ResourceQuota, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceQuotaList. -func (in *ResourceQuotaList) DeepCopy() *ResourceQuotaList { - if in == nil { - return nil - } - out := new(ResourceQuotaList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceQuotaList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceQuotaSpec) DeepCopyInto(out *ResourceQuotaSpec) { - *out = *in - if in.Hard != nil { - in, out := &in.Hard, &out.Hard - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ResourceQuotaScope, len(*in)) - copy(*out, *in) - } - if in.ScopeSelector != nil { - in, out := &in.ScopeSelector, &out.ScopeSelector - *out = new(ScopeSelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceQuotaSpec. -func (in *ResourceQuotaSpec) DeepCopy() *ResourceQuotaSpec { - if in == nil { - return nil - } - out := new(ResourceQuotaSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceQuotaStatus) DeepCopyInto(out *ResourceQuotaStatus) { - *out = *in - if in.Hard != nil { - in, out := &in.Hard, &out.Hard - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Used != nil { - in, out := &in.Used, &out.Used - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceQuotaStatus. -func (in *ResourceQuotaStatus) DeepCopy() *ResourceQuotaStatus { - if in == nil { - return nil - } - out := new(ResourceQuotaStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements) { - *out = *in - if in.Limits != nil { - in, out := &in.Limits, &out.Limits - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Requests != nil { - in, out := &in.Requests, &out.Requests - *out = make(ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - if in.Claims != nil { - in, out := &in.Claims, &out.Claims - *out = make([]ResourceClaim, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements. -func (in *ResourceRequirements) DeepCopy() *ResourceRequirements { - if in == nil { - return nil - } - out := new(ResourceRequirements) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SELinuxOptions) DeepCopyInto(out *SELinuxOptions) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxOptions. -func (in *SELinuxOptions) DeepCopy() *SELinuxOptions { - if in == nil { - return nil - } - out := new(SELinuxOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ScaleIOPersistentVolumeSource) DeepCopyInto(out *ScaleIOPersistentVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScaleIOPersistentVolumeSource. -func (in *ScaleIOPersistentVolumeSource) DeepCopy() *ScaleIOPersistentVolumeSource { - if in == nil { - return nil - } - out := new(ScaleIOPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ScaleIOVolumeSource) DeepCopyInto(out *ScaleIOVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(LocalObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScaleIOVolumeSource. -func (in *ScaleIOVolumeSource) DeepCopy() *ScaleIOVolumeSource { - if in == nil { - return nil - } - out := new(ScaleIOVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ScopeSelector) DeepCopyInto(out *ScopeSelector) { - *out = *in - if in.MatchExpressions != nil { - in, out := &in.MatchExpressions, &out.MatchExpressions - *out = make([]ScopedResourceSelectorRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScopeSelector. -func (in *ScopeSelector) DeepCopy() *ScopeSelector { - if in == nil { - return nil - } - out := new(ScopeSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ScopedResourceSelectorRequirement) DeepCopyInto(out *ScopedResourceSelectorRequirement) { - *out = *in - if in.Values != nil { - in, out := &in.Values, &out.Values - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScopedResourceSelectorRequirement. -func (in *ScopedResourceSelectorRequirement) DeepCopy() *ScopedResourceSelectorRequirement { - if in == nil { - return nil - } - out := new(ScopedResourceSelectorRequirement) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SeccompProfile) DeepCopyInto(out *SeccompProfile) { - *out = *in - if in.LocalhostProfile != nil { - in, out := &in.LocalhostProfile, &out.LocalhostProfile - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeccompProfile. -func (in *SeccompProfile) DeepCopy() *SeccompProfile { - if in == nil { - return nil - } - out := new(SeccompProfile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Secret) DeepCopyInto(out *Secret) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Immutable != nil { - in, out := &in.Immutable, &out.Immutable - *out = new(bool) - **out = **in - } - if in.Data != nil { - in, out := &in.Data, &out.Data - *out = make(map[string][]byte, len(*in)) - for key, val := range *in { - var outVal []byte - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make([]byte, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Secret. -func (in *Secret) DeepCopy() *Secret { - if in == nil { - return nil - } - out := new(Secret) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Secret) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretEnvSource) DeepCopyInto(out *SecretEnvSource) { - *out = *in - out.LocalObjectReference = in.LocalObjectReference - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEnvSource. -func (in *SecretEnvSource) DeepCopy() *SecretEnvSource { - if in == nil { - return nil - } - out := new(SecretEnvSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { - *out = *in - out.LocalObjectReference = in.LocalObjectReference - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. -func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { - if in == nil { - return nil - } - out := new(SecretKeySelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretList) DeepCopyInto(out *SecretList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Secret, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretList. -func (in *SecretList) DeepCopy() *SecretList { - if in == nil { - return nil - } - out := new(SecretList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SecretList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretProjection) DeepCopyInto(out *SecretProjection) { - *out = *in - out.LocalObjectReference = in.LocalObjectReference - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]KeyToPath, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretProjection. -func (in *SecretProjection) DeepCopy() *SecretProjection { - if in == nil { - return nil - } - out := new(SecretProjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretReference) DeepCopyInto(out *SecretReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference. -func (in *SecretReference) DeepCopy() *SecretReference { - if in == nil { - return nil - } - out := new(SecretReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretVolumeSource) DeepCopyInto(out *SecretVolumeSource) { - *out = *in - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]KeyToPath, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.DefaultMode != nil { - in, out := &in.DefaultMode, &out.DefaultMode - *out = new(int32) - **out = **in - } - if in.Optional != nil { - in, out := &in.Optional, &out.Optional - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretVolumeSource. -func (in *SecretVolumeSource) DeepCopy() *SecretVolumeSource { - if in == nil { - return nil - } - out := new(SecretVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecurityContext) DeepCopyInto(out *SecurityContext) { - *out = *in - if in.Capabilities != nil { - in, out := &in.Capabilities, &out.Capabilities - *out = new(Capabilities) - (*in).DeepCopyInto(*out) - } - if in.Privileged != nil { - in, out := &in.Privileged, &out.Privileged - *out = new(bool) - **out = **in - } - if in.SELinuxOptions != nil { - in, out := &in.SELinuxOptions, &out.SELinuxOptions - *out = new(SELinuxOptions) - **out = **in - } - if in.WindowsOptions != nil { - in, out := &in.WindowsOptions, &out.WindowsOptions - *out = new(WindowsSecurityContextOptions) - (*in).DeepCopyInto(*out) - } - if in.RunAsUser != nil { - in, out := &in.RunAsUser, &out.RunAsUser - *out = new(int64) - **out = **in - } - if in.RunAsGroup != nil { - in, out := &in.RunAsGroup, &out.RunAsGroup - *out = new(int64) - **out = **in - } - if in.RunAsNonRoot != nil { - in, out := &in.RunAsNonRoot, &out.RunAsNonRoot - *out = new(bool) - **out = **in - } - if in.ReadOnlyRootFilesystem != nil { - in, out := &in.ReadOnlyRootFilesystem, &out.ReadOnlyRootFilesystem - *out = new(bool) - **out = **in - } - if in.AllowPrivilegeEscalation != nil { - in, out := &in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation - *out = new(bool) - **out = **in - } - if in.ProcMount != nil { - in, out := &in.ProcMount, &out.ProcMount - *out = new(ProcMountType) - **out = **in - } - if in.SeccompProfile != nil { - in, out := &in.SeccompProfile, &out.SeccompProfile - *out = new(SeccompProfile) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContext. -func (in *SecurityContext) DeepCopy() *SecurityContext { - if in == nil { - return nil - } - out := new(SecurityContext) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SerializedReference) DeepCopyInto(out *SerializedReference) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Reference = in.Reference - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SerializedReference. -func (in *SerializedReference) DeepCopy() *SerializedReference { - if in == nil { - return nil - } - out := new(SerializedReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SerializedReference) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Service) DeepCopyInto(out *Service) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service. -func (in *Service) DeepCopy() *Service { - if in == nil { - return nil - } - out := new(Service) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Service) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceAccount) DeepCopyInto(out *ServiceAccount) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Secrets != nil { - in, out := &in.Secrets, &out.Secrets - *out = make([]ObjectReference, len(*in)) - copy(*out, *in) - } - if in.ImagePullSecrets != nil { - in, out := &in.ImagePullSecrets, &out.ImagePullSecrets - *out = make([]LocalObjectReference, len(*in)) - copy(*out, *in) - } - if in.AutomountServiceAccountToken != nil { - in, out := &in.AutomountServiceAccountToken, &out.AutomountServiceAccountToken - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccount. -func (in *ServiceAccount) DeepCopy() *ServiceAccount { - if in == nil { - return nil - } - out := new(ServiceAccount) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ServiceAccount) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceAccountList) DeepCopyInto(out *ServiceAccountList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ServiceAccount, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountList. -func (in *ServiceAccountList) DeepCopy() *ServiceAccountList { - if in == nil { - return nil - } - out := new(ServiceAccountList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ServiceAccountList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceAccountTokenProjection) DeepCopyInto(out *ServiceAccountTokenProjection) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountTokenProjection. -func (in *ServiceAccountTokenProjection) DeepCopy() *ServiceAccountTokenProjection { - if in == nil { - return nil - } - out := new(ServiceAccountTokenProjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceList) DeepCopyInto(out *ServiceList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Service, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceList. -func (in *ServiceList) DeepCopy() *ServiceList { - if in == nil { - return nil - } - out := new(ServiceList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ServiceList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServicePort) DeepCopyInto(out *ServicePort) { - *out = *in - if in.AppProtocol != nil { - in, out := &in.AppProtocol, &out.AppProtocol - *out = new(string) - **out = **in - } - out.TargetPort = in.TargetPort - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. -func (in *ServicePort) DeepCopy() *ServicePort { - if in == nil { - return nil - } - out := new(ServicePort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceProxyOptions) DeepCopyInto(out *ServiceProxyOptions) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceProxyOptions. -func (in *ServiceProxyOptions) DeepCopy() *ServiceProxyOptions { - if in == nil { - return nil - } - out := new(ServiceProxyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ServiceProxyOptions) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceSpec) DeepCopyInto(out *ServiceSpec) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]ServicePort, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.ClusterIPs != nil { - in, out := &in.ClusterIPs, &out.ClusterIPs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.IPFamilies != nil { - in, out := &in.IPFamilies, &out.IPFamilies - *out = make([]IPFamily, len(*in)) - copy(*out, *in) - } - if in.IPFamilyPolicy != nil { - in, out := &in.IPFamilyPolicy, &out.IPFamilyPolicy - *out = new(IPFamilyPolicy) - **out = **in - } - if in.ExternalIPs != nil { - in, out := &in.ExternalIPs, &out.ExternalIPs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SessionAffinityConfig != nil { - in, out := &in.SessionAffinityConfig, &out.SessionAffinityConfig - *out = new(SessionAffinityConfig) - (*in).DeepCopyInto(*out) - } - if in.LoadBalancerSourceRanges != nil { - in, out := &in.LoadBalancerSourceRanges, &out.LoadBalancerSourceRanges - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.AllocateLoadBalancerNodePorts != nil { - in, out := &in.AllocateLoadBalancerNodePorts, &out.AllocateLoadBalancerNodePorts - *out = new(bool) - **out = **in - } - if in.LoadBalancerClass != nil { - in, out := &in.LoadBalancerClass, &out.LoadBalancerClass - *out = new(string) - **out = **in - } - if in.InternalTrafficPolicy != nil { - in, out := &in.InternalTrafficPolicy, &out.InternalTrafficPolicy - *out = new(ServiceInternalTrafficPolicyType) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceSpec. -func (in *ServiceSpec) DeepCopy() *ServiceSpec { - if in == nil { - return nil - } - out := new(ServiceSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceStatus) DeepCopyInto(out *ServiceStatus) { - *out = *in - in.LoadBalancer.DeepCopyInto(&out.LoadBalancer) - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceStatus. -func (in *ServiceStatus) DeepCopy() *ServiceStatus { - if in == nil { - return nil - } - out := new(ServiceStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SessionAffinityConfig) DeepCopyInto(out *SessionAffinityConfig) { - *out = *in - if in.ClientIP != nil { - in, out := &in.ClientIP, &out.ClientIP - *out = new(ClientIPConfig) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionAffinityConfig. -func (in *SessionAffinityConfig) DeepCopy() *SessionAffinityConfig { - if in == nil { - return nil - } - out := new(SessionAffinityConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageOSPersistentVolumeSource) DeepCopyInto(out *StorageOSPersistentVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(ObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageOSPersistentVolumeSource. -func (in *StorageOSPersistentVolumeSource) DeepCopy() *StorageOSPersistentVolumeSource { - if in == nil { - return nil - } - out := new(StorageOSPersistentVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageOSVolumeSource) DeepCopyInto(out *StorageOSVolumeSource) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(LocalObjectReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageOSVolumeSource. -func (in *StorageOSVolumeSource) DeepCopy() *StorageOSVolumeSource { - if in == nil { - return nil - } - out := new(StorageOSVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Sysctl) DeepCopyInto(out *Sysctl) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sysctl. -func (in *Sysctl) DeepCopy() *Sysctl { - if in == nil { - return nil - } - out := new(Sysctl) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPSocketAction) DeepCopyInto(out *TCPSocketAction) { - *out = *in - out.Port = in.Port - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPSocketAction. -func (in *TCPSocketAction) DeepCopy() *TCPSocketAction { - if in == nil { - return nil - } - out := new(TCPSocketAction) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Taint) DeepCopyInto(out *Taint) { - *out = *in - if in.TimeAdded != nil { - in, out := &in.TimeAdded, &out.TimeAdded - *out = (*in).DeepCopy() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Taint. -func (in *Taint) DeepCopy() *Taint { - if in == nil { - return nil - } - out := new(Taint) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Toleration) DeepCopyInto(out *Toleration) { - *out = *in - if in.TolerationSeconds != nil { - in, out := &in.TolerationSeconds, &out.TolerationSeconds - *out = new(int64) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Toleration. -func (in *Toleration) DeepCopy() *Toleration { - if in == nil { - return nil - } - out := new(Toleration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TopologySelectorLabelRequirement) DeepCopyInto(out *TopologySelectorLabelRequirement) { - *out = *in - if in.Values != nil { - in, out := &in.Values, &out.Values - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologySelectorLabelRequirement. -func (in *TopologySelectorLabelRequirement) DeepCopy() *TopologySelectorLabelRequirement { - if in == nil { - return nil - } - out := new(TopologySelectorLabelRequirement) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TopologySelectorTerm) DeepCopyInto(out *TopologySelectorTerm) { - *out = *in - if in.MatchLabelExpressions != nil { - in, out := &in.MatchLabelExpressions, &out.MatchLabelExpressions - *out = make([]TopologySelectorLabelRequirement, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologySelectorTerm. -func (in *TopologySelectorTerm) DeepCopy() *TopologySelectorTerm { - if in == nil { - return nil - } - out := new(TopologySelectorTerm) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TopologySpreadConstraint) DeepCopyInto(out *TopologySpreadConstraint) { - *out = *in - if in.LabelSelector != nil { - in, out := &in.LabelSelector, &out.LabelSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.MinDomains != nil { - in, out := &in.MinDomains, &out.MinDomains - *out = new(int32) - **out = **in - } - if in.NodeAffinityPolicy != nil { - in, out := &in.NodeAffinityPolicy, &out.NodeAffinityPolicy - *out = new(NodeInclusionPolicy) - **out = **in - } - if in.NodeTaintsPolicy != nil { - in, out := &in.NodeTaintsPolicy, &out.NodeTaintsPolicy - *out = new(NodeInclusionPolicy) - **out = **in - } - if in.MatchLabelKeys != nil { - in, out := &in.MatchLabelKeys, &out.MatchLabelKeys - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologySpreadConstraint. -func (in *TopologySpreadConstraint) DeepCopy() *TopologySpreadConstraint { - if in == nil { - return nil - } - out := new(TopologySpreadConstraint) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TypedLocalObjectReference) DeepCopyInto(out *TypedLocalObjectReference) { - *out = *in - if in.APIGroup != nil { - in, out := &in.APIGroup, &out.APIGroup - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TypedLocalObjectReference. -func (in *TypedLocalObjectReference) DeepCopy() *TypedLocalObjectReference { - if in == nil { - return nil - } - out := new(TypedLocalObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TypedObjectReference) DeepCopyInto(out *TypedObjectReference) { - *out = *in - if in.APIGroup != nil { - in, out := &in.APIGroup, &out.APIGroup - *out = new(string) - **out = **in - } - if in.Namespace != nil { - in, out := &in.Namespace, &out.Namespace - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TypedObjectReference. -func (in *TypedObjectReference) DeepCopy() *TypedObjectReference { - if in == nil { - return nil - } - out := new(TypedObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Volume) DeepCopyInto(out *Volume) { - *out = *in - in.VolumeSource.DeepCopyInto(&out.VolumeSource) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Volume. -func (in *Volume) DeepCopy() *Volume { - if in == nil { - return nil - } - out := new(Volume) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeDevice) DeepCopyInto(out *VolumeDevice) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeDevice. -func (in *VolumeDevice) DeepCopy() *VolumeDevice { - if in == nil { - return nil - } - out := new(VolumeDevice) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeMount) DeepCopyInto(out *VolumeMount) { - *out = *in - if in.MountPropagation != nil { - in, out := &in.MountPropagation, &out.MountPropagation - *out = new(MountPropagationMode) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeMount. -func (in *VolumeMount) DeepCopy() *VolumeMount { - if in == nil { - return nil - } - out := new(VolumeMount) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeNodeAffinity) DeepCopyInto(out *VolumeNodeAffinity) { - *out = *in - if in.Required != nil { - in, out := &in.Required, &out.Required - *out = new(NodeSelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeNodeAffinity. -func (in *VolumeNodeAffinity) DeepCopy() *VolumeNodeAffinity { - if in == nil { - return nil - } - out := new(VolumeNodeAffinity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeProjection) DeepCopyInto(out *VolumeProjection) { - *out = *in - if in.Secret != nil { - in, out := &in.Secret, &out.Secret - *out = new(SecretProjection) - (*in).DeepCopyInto(*out) - } - if in.DownwardAPI != nil { - in, out := &in.DownwardAPI, &out.DownwardAPI - *out = new(DownwardAPIProjection) - (*in).DeepCopyInto(*out) - } - if in.ConfigMap != nil { - in, out := &in.ConfigMap, &out.ConfigMap - *out = new(ConfigMapProjection) - (*in).DeepCopyInto(*out) - } - if in.ServiceAccountToken != nil { - in, out := &in.ServiceAccountToken, &out.ServiceAccountToken - *out = new(ServiceAccountTokenProjection) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeProjection. -func (in *VolumeProjection) DeepCopy() *VolumeProjection { - if in == nil { - return nil - } - out := new(VolumeProjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeSource) DeepCopyInto(out *VolumeSource) { - *out = *in - if in.HostPath != nil { - in, out := &in.HostPath, &out.HostPath - *out = new(HostPathVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.EmptyDir != nil { - in, out := &in.EmptyDir, &out.EmptyDir - *out = new(EmptyDirVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.GCEPersistentDisk != nil { - in, out := &in.GCEPersistentDisk, &out.GCEPersistentDisk - *out = new(GCEPersistentDiskVolumeSource) - **out = **in - } - if in.AWSElasticBlockStore != nil { - in, out := &in.AWSElasticBlockStore, &out.AWSElasticBlockStore - *out = new(AWSElasticBlockStoreVolumeSource) - **out = **in - } - if in.GitRepo != nil { - in, out := &in.GitRepo, &out.GitRepo - *out = new(GitRepoVolumeSource) - **out = **in - } - if in.Secret != nil { - in, out := &in.Secret, &out.Secret - *out = new(SecretVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.NFS != nil { - in, out := &in.NFS, &out.NFS - *out = new(NFSVolumeSource) - **out = **in - } - if in.ISCSI != nil { - in, out := &in.ISCSI, &out.ISCSI - *out = new(ISCSIVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Glusterfs != nil { - in, out := &in.Glusterfs, &out.Glusterfs - *out = new(GlusterfsVolumeSource) - **out = **in - } - if in.PersistentVolumeClaim != nil { - in, out := &in.PersistentVolumeClaim, &out.PersistentVolumeClaim - *out = new(PersistentVolumeClaimVolumeSource) - **out = **in - } - if in.RBD != nil { - in, out := &in.RBD, &out.RBD - *out = new(RBDVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Quobyte != nil { - in, out := &in.Quobyte, &out.Quobyte - *out = new(QuobyteVolumeSource) - **out = **in - } - if in.FlexVolume != nil { - in, out := &in.FlexVolume, &out.FlexVolume - *out = new(FlexVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Cinder != nil { - in, out := &in.Cinder, &out.Cinder - *out = new(CinderVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.CephFS != nil { - in, out := &in.CephFS, &out.CephFS - *out = new(CephFSVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Flocker != nil { - in, out := &in.Flocker, &out.Flocker - *out = new(FlockerVolumeSource) - **out = **in - } - if in.DownwardAPI != nil { - in, out := &in.DownwardAPI, &out.DownwardAPI - *out = new(DownwardAPIVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.FC != nil { - in, out := &in.FC, &out.FC - *out = new(FCVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.AzureFile != nil { - in, out := &in.AzureFile, &out.AzureFile - *out = new(AzureFileVolumeSource) - **out = **in - } - if in.ConfigMap != nil { - in, out := &in.ConfigMap, &out.ConfigMap - *out = new(ConfigMapVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.VsphereVolume != nil { - in, out := &in.VsphereVolume, &out.VsphereVolume - *out = new(VsphereVirtualDiskVolumeSource) - **out = **in - } - if in.AzureDisk != nil { - in, out := &in.AzureDisk, &out.AzureDisk - *out = new(AzureDiskVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.PhotonPersistentDisk != nil { - in, out := &in.PhotonPersistentDisk, &out.PhotonPersistentDisk - *out = new(PhotonPersistentDiskVolumeSource) - **out = **in - } - if in.Projected != nil { - in, out := &in.Projected, &out.Projected - *out = new(ProjectedVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.PortworxVolume != nil { - in, out := &in.PortworxVolume, &out.PortworxVolume - *out = new(PortworxVolumeSource) - **out = **in - } - if in.ScaleIO != nil { - in, out := &in.ScaleIO, &out.ScaleIO - *out = new(ScaleIOVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.StorageOS != nil { - in, out := &in.StorageOS, &out.StorageOS - *out = new(StorageOSVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.CSI != nil { - in, out := &in.CSI, &out.CSI - *out = new(CSIVolumeSource) - (*in).DeepCopyInto(*out) - } - if in.Ephemeral != nil { - in, out := &in.Ephemeral, &out.Ephemeral - *out = new(EphemeralVolumeSource) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeSource. -func (in *VolumeSource) DeepCopy() *VolumeSource { - if in == nil { - return nil - } - out := new(VolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VsphereVirtualDiskVolumeSource) DeepCopyInto(out *VsphereVirtualDiskVolumeSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VsphereVirtualDiskVolumeSource. -func (in *VsphereVirtualDiskVolumeSource) DeepCopy() *VsphereVirtualDiskVolumeSource { - if in == nil { - return nil - } - out := new(VsphereVirtualDiskVolumeSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WeightedPodAffinityTerm) DeepCopyInto(out *WeightedPodAffinityTerm) { - *out = *in - in.PodAffinityTerm.DeepCopyInto(&out.PodAffinityTerm) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WeightedPodAffinityTerm. -func (in *WeightedPodAffinityTerm) DeepCopy() *WeightedPodAffinityTerm { - if in == nil { - return nil - } - out := new(WeightedPodAffinityTerm) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WindowsSecurityContextOptions) DeepCopyInto(out *WindowsSecurityContextOptions) { - *out = *in - if in.GMSACredentialSpecName != nil { - in, out := &in.GMSACredentialSpecName, &out.GMSACredentialSpecName - *out = new(string) - **out = **in - } - if in.GMSACredentialSpec != nil { - in, out := &in.GMSACredentialSpec, &out.GMSACredentialSpec - *out = new(string) - **out = **in - } - if in.RunAsUserName != nil { - in, out := &in.RunAsUserName, &out.RunAsUserName - *out = new(string) - **out = **in - } - if in.HostProcess != nil { - in, out := &in.HostProcess, &out.HostProcess - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WindowsSecurityContextOptions. -func (in *WindowsSecurityContextOptions) DeepCopy() *WindowsSecurityContextOptions { - if in == nil { - return nil - } - out := new(WindowsSecurityContextOptions) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/doc.go deleted file mode 100644 index 5aef88fbac..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=discovery.k8s.io - -package discovery diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/install/install.go deleted file mode 100644 index 996ce278d0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the discovery API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/discovery" - v1 "k8s.io/kubernetes/pkg/apis/discovery/v1" - "k8s.io/kubernetes/pkg/apis/discovery/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(discovery.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion, v1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/register.go deleted file mode 100644 index 42d3a4898e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/register.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name used in this package -const GroupName = "discovery.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a global function that registers this API group & version to a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &EndpointSlice{}, - &EndpointSliceList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/types.go deleted file mode 100644 index 8b4dc265a6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/types.go +++ /dev/null @@ -1,182 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package discovery - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EndpointSlice represents a subset of the endpoints that implement a service. -// For a given service there may be multiple EndpointSlice objects, selected by -// labels, which must be joined to produce the full set of endpoints. -type EndpointSlice struct { - metav1.TypeMeta - // Standard object's metadata. - // +optional - metav1.ObjectMeta - // addressType specifies the type of address carried by this EndpointSlice. - // All addresses in this slice must be the same type. This field is - // immutable after creation. The following address types are currently - // supported: - // * IPv4: Represents an IPv4 Address. - // * IPv6: Represents an IPv6 Address. - // * FQDN: Represents a Fully Qualified Domain Name. - AddressType AddressType - // endpoints is a list of unique endpoints in this slice. Each slice may - // include a maximum of 1000 endpoints. - // +listType=atomic - Endpoints []Endpoint - // ports specifies the list of network ports exposed by each endpoint in - // this slice. Each port must have a unique name. When ports is empty, it - // indicates that there are no defined ports. When a port is defined with a - // nil port value, it indicates "all ports". Each slice may include a - // maximum of 100 ports. - // +optional - // +listType=atomic - Ports []EndpointPort -} - -// AddressType represents the type of address referred to by an endpoint. -type AddressType string - -const ( - // AddressTypeIPv4 represents an IPv4 Address. - AddressTypeIPv4 = AddressType(api.IPv4Protocol) - // AddressTypeIPv6 represents an IPv6 Address. - AddressTypeIPv6 = AddressType(api.IPv6Protocol) - // AddressTypeFQDN represents a FQDN. - AddressTypeFQDN = AddressType("FQDN") -) - -// Endpoint represents a single logical "backend" implementing a service. -type Endpoint struct { - // addresses of this endpoint. The contents of this field are interpreted - // according to the corresponding EndpointSlice addressType field. Consumers - // must handle different types of addresses in the context of their own - // capabilities. This must contain at least one address but no more than - // 100. - // +listType=set - Addresses []string - // conditions contains information about the current status of the endpoint. - Conditions EndpointConditions - // hostname of this endpoint. This field may be used by consumers of - // endpoints to distinguish endpoints from each other (e.g. in DNS names). - // Multiple endpoints which use the same hostname should be considered - // fungible (e.g. multiple A values in DNS). Must pass DNS Label (RFC 1123) - // validation. - // +optional - Hostname *string - // targetRef is a reference to a Kubernetes object that represents this - // endpoint. - // +optional - TargetRef *api.ObjectReference - // deprecatedTopology is deprecated and only retained for round-trip - // compatibility with v1beta1 Topology field. When v1beta1 is removed, this - // should be removed, too. - // +optional - DeprecatedTopology map[string]string - // nodeName represents the name of the Node hosting this endpoint. This can - // be used to determine endpoints local to a Node. - // +optional - NodeName *string - // zone is the name of the Zone this endpoint exists in. - // +optional - Zone *string - // hints contains information associated with how an endpoint should be - // consumed. - // +featureGate=TopologyAwareHints - // +optional - Hints *EndpointHints -} - -// EndpointConditions represents the current condition of an endpoint. -type EndpointConditions struct { - // ready indicates that this endpoint is prepared to receive traffic, - // according to whatever system is managing the endpoint. A nil value - // indicates an unknown state. In most cases consumers should interpret this - // unknown state as ready. For compatibility reasons, ready should never be - // "true" for terminating endpoints. - Ready *bool - - // serving is identical to ready except that it is set regardless of the - // terminating state of endpoints. This condition should be set to true for - // a ready endpoint that is terminating. If nil, consumers should defer to - // the ready condition. - // +optional - Serving *bool - - // terminating indicates that this endpoint is terminating. A nil value - // indicates an unknown state. Consumers should interpret this unknown state - // to mean that the endpoint is not terminating. - // +optional - Terminating *bool -} - -// EndpointHints provides hints describing how an endpoint should be consumed. -type EndpointHints struct { - // forZones indicates the zone(s) this endpoint should be consumed by to - // enable topology aware routing. May contain a maximum of 8 entries. - ForZones []ForZone -} - -// ForZone provides information about which zones should consume this endpoint. -type ForZone struct { - // name represents the name of the zone. - Name string -} - -// EndpointPort represents a Port used by an EndpointSlice. -type EndpointPort struct { - // The name of this port. All ports in an EndpointSlice must have a unique - // name. If the EndpointSlice is derived from a Kubernetes service, this - // corresponds to the Service.ports[].name. - // Name must either be an empty string or pass DNS_LABEL validation: - // * must be no more than 63 characters long. - // * must consist of lower case alphanumeric characters or '-'. - // * must start and end with an alphanumeric character. - Name *string - // The IP protocol for this port. - // Must be UDP, TCP, or SCTP. - Protocol *api.Protocol - // The port number of the endpoint. - // If this is not specified, ports are not restricted and must be - // interpreted in the context of the specific consumer. - Port *int32 - // The application protocol for this port. - // This field follows standard Kubernetes label syntax. - // Un-prefixed names are reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // Non-standard protocols should use prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - AppProtocol *string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// EndpointSliceList represents a list of endpoint slices. -type EndpointSliceList struct { - metav1.TypeMeta - // Standard list metadata. - // +optional - metav1.ListMeta - // List of endpoint slices - Items []EndpointSlice -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/defaults.go deleted file mode 100644 index edcf180b5d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/defaults.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -var ( - defaultPortName = "" - defaultProtocol = v1.ProtocolTCP -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_EndpointPort(obj *discoveryv1.EndpointPort) { - if obj.Name == nil { - obj.Name = &defaultPortName - } - - if obj.Protocol == nil { - obj.Protocol = &defaultProtocol - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/doc.go deleted file mode 100644 index 96243473ff..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/discovery -// +k8s:conversion-gen-external-types=k8s.io/api/discovery/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/discovery/v1 - -package v1 // import "k8s.io/kubernetes/pkg/apis/discovery/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/register.go deleted file mode 100644 index 13c9a00682..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - discoveryv1 "k8s.io/api/discovery/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name used in this package -const GroupName = "discovery.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &discoveryv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/zz_generated.conversion.go deleted file mode 100644 index 1ccb7e8ee4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/zz_generated.conversion.go +++ /dev/null @@ -1,289 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/discovery/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - discovery "k8s.io/kubernetes/pkg/apis/discovery" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.Endpoint)(nil), (*discovery.Endpoint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Endpoint_To_discovery_Endpoint(a.(*v1.Endpoint), b.(*discovery.Endpoint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.Endpoint)(nil), (*v1.Endpoint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_Endpoint_To_v1_Endpoint(a.(*discovery.Endpoint), b.(*v1.Endpoint), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointConditions)(nil), (*discovery.EndpointConditions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointConditions_To_discovery_EndpointConditions(a.(*v1.EndpointConditions), b.(*discovery.EndpointConditions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointConditions)(nil), (*v1.EndpointConditions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointConditions_To_v1_EndpointConditions(a.(*discovery.EndpointConditions), b.(*v1.EndpointConditions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointHints)(nil), (*discovery.EndpointHints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointHints_To_discovery_EndpointHints(a.(*v1.EndpointHints), b.(*discovery.EndpointHints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointHints)(nil), (*v1.EndpointHints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointHints_To_v1_EndpointHints(a.(*discovery.EndpointHints), b.(*v1.EndpointHints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointPort)(nil), (*discovery.EndpointPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointPort_To_discovery_EndpointPort(a.(*v1.EndpointPort), b.(*discovery.EndpointPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointPort)(nil), (*v1.EndpointPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointPort_To_v1_EndpointPort(a.(*discovery.EndpointPort), b.(*v1.EndpointPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointSlice)(nil), (*discovery.EndpointSlice)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointSlice_To_discovery_EndpointSlice(a.(*v1.EndpointSlice), b.(*discovery.EndpointSlice), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointSlice)(nil), (*v1.EndpointSlice)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointSlice_To_v1_EndpointSlice(a.(*discovery.EndpointSlice), b.(*v1.EndpointSlice), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EndpointSliceList)(nil), (*discovery.EndpointSliceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EndpointSliceList_To_discovery_EndpointSliceList(a.(*v1.EndpointSliceList), b.(*discovery.EndpointSliceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointSliceList)(nil), (*v1.EndpointSliceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointSliceList_To_v1_EndpointSliceList(a.(*discovery.EndpointSliceList), b.(*v1.EndpointSliceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ForZone)(nil), (*discovery.ForZone)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ForZone_To_discovery_ForZone(a.(*v1.ForZone), b.(*discovery.ForZone), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.ForZone)(nil), (*v1.ForZone)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_ForZone_To_v1_ForZone(a.(*discovery.ForZone), b.(*v1.ForZone), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_Endpoint_To_discovery_Endpoint(in *v1.Endpoint, out *discovery.Endpoint, s conversion.Scope) error { - out.Addresses = *(*[]string)(unsafe.Pointer(&in.Addresses)) - if err := Convert_v1_EndpointConditions_To_discovery_EndpointConditions(&in.Conditions, &out.Conditions, s); err != nil { - return err - } - out.Hostname = (*string)(unsafe.Pointer(in.Hostname)) - out.TargetRef = (*core.ObjectReference)(unsafe.Pointer(in.TargetRef)) - out.DeprecatedTopology = *(*map[string]string)(unsafe.Pointer(&in.DeprecatedTopology)) - out.NodeName = (*string)(unsafe.Pointer(in.NodeName)) - out.Zone = (*string)(unsafe.Pointer(in.Zone)) - out.Hints = (*discovery.EndpointHints)(unsafe.Pointer(in.Hints)) - return nil -} - -// Convert_v1_Endpoint_To_discovery_Endpoint is an autogenerated conversion function. -func Convert_v1_Endpoint_To_discovery_Endpoint(in *v1.Endpoint, out *discovery.Endpoint, s conversion.Scope) error { - return autoConvert_v1_Endpoint_To_discovery_Endpoint(in, out, s) -} - -func autoConvert_discovery_Endpoint_To_v1_Endpoint(in *discovery.Endpoint, out *v1.Endpoint, s conversion.Scope) error { - out.Addresses = *(*[]string)(unsafe.Pointer(&in.Addresses)) - if err := Convert_discovery_EndpointConditions_To_v1_EndpointConditions(&in.Conditions, &out.Conditions, s); err != nil { - return err - } - out.Hostname = (*string)(unsafe.Pointer(in.Hostname)) - out.TargetRef = (*corev1.ObjectReference)(unsafe.Pointer(in.TargetRef)) - out.DeprecatedTopology = *(*map[string]string)(unsafe.Pointer(&in.DeprecatedTopology)) - out.NodeName = (*string)(unsafe.Pointer(in.NodeName)) - out.Zone = (*string)(unsafe.Pointer(in.Zone)) - out.Hints = (*v1.EndpointHints)(unsafe.Pointer(in.Hints)) - return nil -} - -// Convert_discovery_Endpoint_To_v1_Endpoint is an autogenerated conversion function. -func Convert_discovery_Endpoint_To_v1_Endpoint(in *discovery.Endpoint, out *v1.Endpoint, s conversion.Scope) error { - return autoConvert_discovery_Endpoint_To_v1_Endpoint(in, out, s) -} - -func autoConvert_v1_EndpointConditions_To_discovery_EndpointConditions(in *v1.EndpointConditions, out *discovery.EndpointConditions, s conversion.Scope) error { - out.Ready = (*bool)(unsafe.Pointer(in.Ready)) - out.Serving = (*bool)(unsafe.Pointer(in.Serving)) - out.Terminating = (*bool)(unsafe.Pointer(in.Terminating)) - return nil -} - -// Convert_v1_EndpointConditions_To_discovery_EndpointConditions is an autogenerated conversion function. -func Convert_v1_EndpointConditions_To_discovery_EndpointConditions(in *v1.EndpointConditions, out *discovery.EndpointConditions, s conversion.Scope) error { - return autoConvert_v1_EndpointConditions_To_discovery_EndpointConditions(in, out, s) -} - -func autoConvert_discovery_EndpointConditions_To_v1_EndpointConditions(in *discovery.EndpointConditions, out *v1.EndpointConditions, s conversion.Scope) error { - out.Ready = (*bool)(unsafe.Pointer(in.Ready)) - out.Serving = (*bool)(unsafe.Pointer(in.Serving)) - out.Terminating = (*bool)(unsafe.Pointer(in.Terminating)) - return nil -} - -// Convert_discovery_EndpointConditions_To_v1_EndpointConditions is an autogenerated conversion function. -func Convert_discovery_EndpointConditions_To_v1_EndpointConditions(in *discovery.EndpointConditions, out *v1.EndpointConditions, s conversion.Scope) error { - return autoConvert_discovery_EndpointConditions_To_v1_EndpointConditions(in, out, s) -} - -func autoConvert_v1_EndpointHints_To_discovery_EndpointHints(in *v1.EndpointHints, out *discovery.EndpointHints, s conversion.Scope) error { - out.ForZones = *(*[]discovery.ForZone)(unsafe.Pointer(&in.ForZones)) - return nil -} - -// Convert_v1_EndpointHints_To_discovery_EndpointHints is an autogenerated conversion function. -func Convert_v1_EndpointHints_To_discovery_EndpointHints(in *v1.EndpointHints, out *discovery.EndpointHints, s conversion.Scope) error { - return autoConvert_v1_EndpointHints_To_discovery_EndpointHints(in, out, s) -} - -func autoConvert_discovery_EndpointHints_To_v1_EndpointHints(in *discovery.EndpointHints, out *v1.EndpointHints, s conversion.Scope) error { - out.ForZones = *(*[]v1.ForZone)(unsafe.Pointer(&in.ForZones)) - return nil -} - -// Convert_discovery_EndpointHints_To_v1_EndpointHints is an autogenerated conversion function. -func Convert_discovery_EndpointHints_To_v1_EndpointHints(in *discovery.EndpointHints, out *v1.EndpointHints, s conversion.Scope) error { - return autoConvert_discovery_EndpointHints_To_v1_EndpointHints(in, out, s) -} - -func autoConvert_v1_EndpointPort_To_discovery_EndpointPort(in *v1.EndpointPort, out *discovery.EndpointPort, s conversion.Scope) error { - out.Name = (*string)(unsafe.Pointer(in.Name)) - out.Protocol = (*core.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*int32)(unsafe.Pointer(in.Port)) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - return nil -} - -// Convert_v1_EndpointPort_To_discovery_EndpointPort is an autogenerated conversion function. -func Convert_v1_EndpointPort_To_discovery_EndpointPort(in *v1.EndpointPort, out *discovery.EndpointPort, s conversion.Scope) error { - return autoConvert_v1_EndpointPort_To_discovery_EndpointPort(in, out, s) -} - -func autoConvert_discovery_EndpointPort_To_v1_EndpointPort(in *discovery.EndpointPort, out *v1.EndpointPort, s conversion.Scope) error { - out.Name = (*string)(unsafe.Pointer(in.Name)) - out.Protocol = (*corev1.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*int32)(unsafe.Pointer(in.Port)) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - return nil -} - -// Convert_discovery_EndpointPort_To_v1_EndpointPort is an autogenerated conversion function. -func Convert_discovery_EndpointPort_To_v1_EndpointPort(in *discovery.EndpointPort, out *v1.EndpointPort, s conversion.Scope) error { - return autoConvert_discovery_EndpointPort_To_v1_EndpointPort(in, out, s) -} - -func autoConvert_v1_EndpointSlice_To_discovery_EndpointSlice(in *v1.EndpointSlice, out *discovery.EndpointSlice, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.AddressType = discovery.AddressType(in.AddressType) - out.Endpoints = *(*[]discovery.Endpoint)(unsafe.Pointer(&in.Endpoints)) - out.Ports = *(*[]discovery.EndpointPort)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1_EndpointSlice_To_discovery_EndpointSlice is an autogenerated conversion function. -func Convert_v1_EndpointSlice_To_discovery_EndpointSlice(in *v1.EndpointSlice, out *discovery.EndpointSlice, s conversion.Scope) error { - return autoConvert_v1_EndpointSlice_To_discovery_EndpointSlice(in, out, s) -} - -func autoConvert_discovery_EndpointSlice_To_v1_EndpointSlice(in *discovery.EndpointSlice, out *v1.EndpointSlice, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.AddressType = v1.AddressType(in.AddressType) - out.Endpoints = *(*[]v1.Endpoint)(unsafe.Pointer(&in.Endpoints)) - out.Ports = *(*[]v1.EndpointPort)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_discovery_EndpointSlice_To_v1_EndpointSlice is an autogenerated conversion function. -func Convert_discovery_EndpointSlice_To_v1_EndpointSlice(in *discovery.EndpointSlice, out *v1.EndpointSlice, s conversion.Scope) error { - return autoConvert_discovery_EndpointSlice_To_v1_EndpointSlice(in, out, s) -} - -func autoConvert_v1_EndpointSliceList_To_discovery_EndpointSliceList(in *v1.EndpointSliceList, out *discovery.EndpointSliceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]discovery.EndpointSlice)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_EndpointSliceList_To_discovery_EndpointSliceList is an autogenerated conversion function. -func Convert_v1_EndpointSliceList_To_discovery_EndpointSliceList(in *v1.EndpointSliceList, out *discovery.EndpointSliceList, s conversion.Scope) error { - return autoConvert_v1_EndpointSliceList_To_discovery_EndpointSliceList(in, out, s) -} - -func autoConvert_discovery_EndpointSliceList_To_v1_EndpointSliceList(in *discovery.EndpointSliceList, out *v1.EndpointSliceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.EndpointSlice)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_discovery_EndpointSliceList_To_v1_EndpointSliceList is an autogenerated conversion function. -func Convert_discovery_EndpointSliceList_To_v1_EndpointSliceList(in *discovery.EndpointSliceList, out *v1.EndpointSliceList, s conversion.Scope) error { - return autoConvert_discovery_EndpointSliceList_To_v1_EndpointSliceList(in, out, s) -} - -func autoConvert_v1_ForZone_To_discovery_ForZone(in *v1.ForZone, out *discovery.ForZone, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1_ForZone_To_discovery_ForZone is an autogenerated conversion function. -func Convert_v1_ForZone_To_discovery_ForZone(in *v1.ForZone, out *discovery.ForZone, s conversion.Scope) error { - return autoConvert_v1_ForZone_To_discovery_ForZone(in, out, s) -} - -func autoConvert_discovery_ForZone_To_v1_ForZone(in *discovery.ForZone, out *v1.ForZone, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_discovery_ForZone_To_v1_ForZone is an autogenerated conversion function. -func Convert_discovery_ForZone_To_v1_ForZone(in *discovery.ForZone, out *v1.ForZone, s conversion.Scope) error { - return autoConvert_discovery_ForZone_To_v1_ForZone(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/zz_generated.defaults.go deleted file mode 100644 index b92f28fa02..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1/zz_generated.defaults.go +++ /dev/null @@ -1,50 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/discovery/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.EndpointSlice{}, func(obj interface{}) { SetObjectDefaults_EndpointSlice(obj.(*v1.EndpointSlice)) }) - scheme.AddTypeDefaultingFunc(&v1.EndpointSliceList{}, func(obj interface{}) { SetObjectDefaults_EndpointSliceList(obj.(*v1.EndpointSliceList)) }) - return nil -} - -func SetObjectDefaults_EndpointSlice(in *v1.EndpointSlice) { - for i := range in.Ports { - a := &in.Ports[i] - SetDefaults_EndpointPort(a) - } -} - -func SetObjectDefaults_EndpointSliceList(in *v1.EndpointSliceList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_EndpointSlice(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/conversion.go deleted file mode 100644 index 9b316df5b6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/conversion.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - corev1 "k8s.io/api/core/v1" - "k8s.io/api/discovery/v1beta1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/discovery" -) - -func Convert_v1beta1_Endpoint_To_discovery_Endpoint(in *v1beta1.Endpoint, out *discovery.Endpoint, s conversion.Scope) error { - if err := autoConvert_v1beta1_Endpoint_To_discovery_Endpoint(in, out, s); err != nil { - return err - } - if in.Topology != nil { - // Copy Topology into Deprecated Topology - out.DeprecatedTopology = make(map[string]string, len(in.Topology)) - for k, v := range in.Topology { - out.DeprecatedTopology[k] = v - } - - // Move zone from the topology map into a field - if zone, ok := in.Topology[corev1.LabelTopologyZone]; ok { - out.Zone = &zone - delete(out.DeprecatedTopology, corev1.LabelTopologyZone) - } - - // Remove hostname from the topology map ONLY IF it is the same value as - // nodeName. This preserves the (rather odd) ability to have different - // values for topology[hostname] and nodename in v1beta1, without showing - // duplicate values in v1. - if node, ok := in.Topology[corev1.LabelHostname]; ok { - if out.NodeName != nil && node == *out.NodeName { - delete(out.DeprecatedTopology, corev1.LabelHostname) - } - } - - // If zone & hostname were the only field in the map or topology was empty - // set DeprecatedTopology to nil - if len(out.DeprecatedTopology) == 0 { - out.DeprecatedTopology = nil - } - } - - return nil -} - -func Convert_discovery_Endpoint_To_v1beta1_Endpoint(in *discovery.Endpoint, out *v1beta1.Endpoint, s conversion.Scope) error { - if err := autoConvert_discovery_Endpoint_To_v1beta1_Endpoint(in, out, s); err != nil { - return err - } - - // If no deprecated topology, zone or node field, no conversion is necessary - if in.DeprecatedTopology == nil && in.Zone == nil && in.NodeName == nil { - return nil - } - - // Copy Deprecated Topology into Topology - out.Topology = make(map[string]string, len(in.DeprecatedTopology)) - for k, v := range in.DeprecatedTopology { - out.Topology[k] = v - } - - // Add zone field into the topology map - if in.Zone != nil { - out.Topology[corev1.LabelTopologyZone] = *in.Zone - } - - // Add hostname into the topology map ONLY IF it is not already present. - // This preserves the (rather odd) ability to have different values for - // topology[hostname] and nodename in v1beta1. - if in.NodeName != nil && out.Topology[corev1.LabelHostname] == "" { - out.Topology[corev1.LabelHostname] = *in.NodeName - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/defaults.go deleted file mode 100644 index 47161f1f1c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/defaults.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - v1 "k8s.io/api/core/v1" - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - "k8s.io/apimachinery/pkg/runtime" -) - -var ( - defaultPortName = "" - defaultProtocol = v1.ProtocolTCP -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_EndpointPort(obj *discoveryv1beta1.EndpointPort) { - if obj.Name == nil { - obj.Name = &defaultPortName - } - - if obj.Protocol == nil { - obj.Protocol = &defaultProtocol - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/doc.go deleted file mode 100644 index 2cddd16dca..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/discovery -// +k8s:conversion-gen-external-types=k8s.io/api/discovery/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/discovery/v1beta1 - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/discovery/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/register.go deleted file mode 100644 index 4f696ca1dd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name used in this package -const GroupName = "discovery.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &discoveryv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 1de9976bbd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,318 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/discovery/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - discovery "k8s.io/kubernetes/pkg/apis/discovery" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.EndpointConditions)(nil), (*discovery.EndpointConditions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EndpointConditions_To_discovery_EndpointConditions(a.(*v1beta1.EndpointConditions), b.(*discovery.EndpointConditions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointConditions)(nil), (*v1beta1.EndpointConditions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointConditions_To_v1beta1_EndpointConditions(a.(*discovery.EndpointConditions), b.(*v1beta1.EndpointConditions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.EndpointHints)(nil), (*discovery.EndpointHints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EndpointHints_To_discovery_EndpointHints(a.(*v1beta1.EndpointHints), b.(*discovery.EndpointHints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointHints)(nil), (*v1beta1.EndpointHints)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointHints_To_v1beta1_EndpointHints(a.(*discovery.EndpointHints), b.(*v1beta1.EndpointHints), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.EndpointPort)(nil), (*discovery.EndpointPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EndpointPort_To_discovery_EndpointPort(a.(*v1beta1.EndpointPort), b.(*discovery.EndpointPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointPort)(nil), (*v1beta1.EndpointPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointPort_To_v1beta1_EndpointPort(a.(*discovery.EndpointPort), b.(*v1beta1.EndpointPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.EndpointSlice)(nil), (*discovery.EndpointSlice)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EndpointSlice_To_discovery_EndpointSlice(a.(*v1beta1.EndpointSlice), b.(*discovery.EndpointSlice), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointSlice)(nil), (*v1beta1.EndpointSlice)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointSlice_To_v1beta1_EndpointSlice(a.(*discovery.EndpointSlice), b.(*v1beta1.EndpointSlice), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.EndpointSliceList)(nil), (*discovery.EndpointSliceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EndpointSliceList_To_discovery_EndpointSliceList(a.(*v1beta1.EndpointSliceList), b.(*discovery.EndpointSliceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.EndpointSliceList)(nil), (*v1beta1.EndpointSliceList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_EndpointSliceList_To_v1beta1_EndpointSliceList(a.(*discovery.EndpointSliceList), b.(*v1beta1.EndpointSliceList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ForZone)(nil), (*discovery.ForZone)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ForZone_To_discovery_ForZone(a.(*v1beta1.ForZone), b.(*discovery.ForZone), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*discovery.ForZone)(nil), (*v1beta1.ForZone)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_ForZone_To_v1beta1_ForZone(a.(*discovery.ForZone), b.(*v1beta1.ForZone), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*discovery.Endpoint)(nil), (*v1beta1.Endpoint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_discovery_Endpoint_To_v1beta1_Endpoint(a.(*discovery.Endpoint), b.(*v1beta1.Endpoint), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.Endpoint)(nil), (*discovery.Endpoint)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Endpoint_To_discovery_Endpoint(a.(*v1beta1.Endpoint), b.(*discovery.Endpoint), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_Endpoint_To_discovery_Endpoint(in *v1beta1.Endpoint, out *discovery.Endpoint, s conversion.Scope) error { - out.Addresses = *(*[]string)(unsafe.Pointer(&in.Addresses)) - if err := Convert_v1beta1_EndpointConditions_To_discovery_EndpointConditions(&in.Conditions, &out.Conditions, s); err != nil { - return err - } - out.Hostname = (*string)(unsafe.Pointer(in.Hostname)) - out.TargetRef = (*core.ObjectReference)(unsafe.Pointer(in.TargetRef)) - // WARNING: in.Topology requires manual conversion: does not exist in peer-type - out.NodeName = (*string)(unsafe.Pointer(in.NodeName)) - out.Hints = (*discovery.EndpointHints)(unsafe.Pointer(in.Hints)) - return nil -} - -func autoConvert_discovery_Endpoint_To_v1beta1_Endpoint(in *discovery.Endpoint, out *v1beta1.Endpoint, s conversion.Scope) error { - out.Addresses = *(*[]string)(unsafe.Pointer(&in.Addresses)) - if err := Convert_discovery_EndpointConditions_To_v1beta1_EndpointConditions(&in.Conditions, &out.Conditions, s); err != nil { - return err - } - out.Hostname = (*string)(unsafe.Pointer(in.Hostname)) - out.TargetRef = (*v1.ObjectReference)(unsafe.Pointer(in.TargetRef)) - // WARNING: in.DeprecatedTopology requires manual conversion: does not exist in peer-type - out.NodeName = (*string)(unsafe.Pointer(in.NodeName)) - // WARNING: in.Zone requires manual conversion: does not exist in peer-type - out.Hints = (*v1beta1.EndpointHints)(unsafe.Pointer(in.Hints)) - return nil -} - -func autoConvert_v1beta1_EndpointConditions_To_discovery_EndpointConditions(in *v1beta1.EndpointConditions, out *discovery.EndpointConditions, s conversion.Scope) error { - out.Ready = (*bool)(unsafe.Pointer(in.Ready)) - out.Serving = (*bool)(unsafe.Pointer(in.Serving)) - out.Terminating = (*bool)(unsafe.Pointer(in.Terminating)) - return nil -} - -// Convert_v1beta1_EndpointConditions_To_discovery_EndpointConditions is an autogenerated conversion function. -func Convert_v1beta1_EndpointConditions_To_discovery_EndpointConditions(in *v1beta1.EndpointConditions, out *discovery.EndpointConditions, s conversion.Scope) error { - return autoConvert_v1beta1_EndpointConditions_To_discovery_EndpointConditions(in, out, s) -} - -func autoConvert_discovery_EndpointConditions_To_v1beta1_EndpointConditions(in *discovery.EndpointConditions, out *v1beta1.EndpointConditions, s conversion.Scope) error { - out.Ready = (*bool)(unsafe.Pointer(in.Ready)) - out.Serving = (*bool)(unsafe.Pointer(in.Serving)) - out.Terminating = (*bool)(unsafe.Pointer(in.Terminating)) - return nil -} - -// Convert_discovery_EndpointConditions_To_v1beta1_EndpointConditions is an autogenerated conversion function. -func Convert_discovery_EndpointConditions_To_v1beta1_EndpointConditions(in *discovery.EndpointConditions, out *v1beta1.EndpointConditions, s conversion.Scope) error { - return autoConvert_discovery_EndpointConditions_To_v1beta1_EndpointConditions(in, out, s) -} - -func autoConvert_v1beta1_EndpointHints_To_discovery_EndpointHints(in *v1beta1.EndpointHints, out *discovery.EndpointHints, s conversion.Scope) error { - out.ForZones = *(*[]discovery.ForZone)(unsafe.Pointer(&in.ForZones)) - return nil -} - -// Convert_v1beta1_EndpointHints_To_discovery_EndpointHints is an autogenerated conversion function. -func Convert_v1beta1_EndpointHints_To_discovery_EndpointHints(in *v1beta1.EndpointHints, out *discovery.EndpointHints, s conversion.Scope) error { - return autoConvert_v1beta1_EndpointHints_To_discovery_EndpointHints(in, out, s) -} - -func autoConvert_discovery_EndpointHints_To_v1beta1_EndpointHints(in *discovery.EndpointHints, out *v1beta1.EndpointHints, s conversion.Scope) error { - out.ForZones = *(*[]v1beta1.ForZone)(unsafe.Pointer(&in.ForZones)) - return nil -} - -// Convert_discovery_EndpointHints_To_v1beta1_EndpointHints is an autogenerated conversion function. -func Convert_discovery_EndpointHints_To_v1beta1_EndpointHints(in *discovery.EndpointHints, out *v1beta1.EndpointHints, s conversion.Scope) error { - return autoConvert_discovery_EndpointHints_To_v1beta1_EndpointHints(in, out, s) -} - -func autoConvert_v1beta1_EndpointPort_To_discovery_EndpointPort(in *v1beta1.EndpointPort, out *discovery.EndpointPort, s conversion.Scope) error { - out.Name = (*string)(unsafe.Pointer(in.Name)) - out.Protocol = (*core.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*int32)(unsafe.Pointer(in.Port)) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - return nil -} - -// Convert_v1beta1_EndpointPort_To_discovery_EndpointPort is an autogenerated conversion function. -func Convert_v1beta1_EndpointPort_To_discovery_EndpointPort(in *v1beta1.EndpointPort, out *discovery.EndpointPort, s conversion.Scope) error { - return autoConvert_v1beta1_EndpointPort_To_discovery_EndpointPort(in, out, s) -} - -func autoConvert_discovery_EndpointPort_To_v1beta1_EndpointPort(in *discovery.EndpointPort, out *v1beta1.EndpointPort, s conversion.Scope) error { - out.Name = (*string)(unsafe.Pointer(in.Name)) - out.Protocol = (*v1.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*int32)(unsafe.Pointer(in.Port)) - out.AppProtocol = (*string)(unsafe.Pointer(in.AppProtocol)) - return nil -} - -// Convert_discovery_EndpointPort_To_v1beta1_EndpointPort is an autogenerated conversion function. -func Convert_discovery_EndpointPort_To_v1beta1_EndpointPort(in *discovery.EndpointPort, out *v1beta1.EndpointPort, s conversion.Scope) error { - return autoConvert_discovery_EndpointPort_To_v1beta1_EndpointPort(in, out, s) -} - -func autoConvert_v1beta1_EndpointSlice_To_discovery_EndpointSlice(in *v1beta1.EndpointSlice, out *discovery.EndpointSlice, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.AddressType = discovery.AddressType(in.AddressType) - if in.Endpoints != nil { - in, out := &in.Endpoints, &out.Endpoints - *out = make([]discovery.Endpoint, len(*in)) - for i := range *in { - if err := Convert_v1beta1_Endpoint_To_discovery_Endpoint(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Endpoints = nil - } - out.Ports = *(*[]discovery.EndpointPort)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1beta1_EndpointSlice_To_discovery_EndpointSlice is an autogenerated conversion function. -func Convert_v1beta1_EndpointSlice_To_discovery_EndpointSlice(in *v1beta1.EndpointSlice, out *discovery.EndpointSlice, s conversion.Scope) error { - return autoConvert_v1beta1_EndpointSlice_To_discovery_EndpointSlice(in, out, s) -} - -func autoConvert_discovery_EndpointSlice_To_v1beta1_EndpointSlice(in *discovery.EndpointSlice, out *v1beta1.EndpointSlice, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.AddressType = v1beta1.AddressType(in.AddressType) - if in.Endpoints != nil { - in, out := &in.Endpoints, &out.Endpoints - *out = make([]v1beta1.Endpoint, len(*in)) - for i := range *in { - if err := Convert_discovery_Endpoint_To_v1beta1_Endpoint(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Endpoints = nil - } - out.Ports = *(*[]v1beta1.EndpointPort)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_discovery_EndpointSlice_To_v1beta1_EndpointSlice is an autogenerated conversion function. -func Convert_discovery_EndpointSlice_To_v1beta1_EndpointSlice(in *discovery.EndpointSlice, out *v1beta1.EndpointSlice, s conversion.Scope) error { - return autoConvert_discovery_EndpointSlice_To_v1beta1_EndpointSlice(in, out, s) -} - -func autoConvert_v1beta1_EndpointSliceList_To_discovery_EndpointSliceList(in *v1beta1.EndpointSliceList, out *discovery.EndpointSliceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]discovery.EndpointSlice, len(*in)) - for i := range *in { - if err := Convert_v1beta1_EndpointSlice_To_discovery_EndpointSlice(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_EndpointSliceList_To_discovery_EndpointSliceList is an autogenerated conversion function. -func Convert_v1beta1_EndpointSliceList_To_discovery_EndpointSliceList(in *v1beta1.EndpointSliceList, out *discovery.EndpointSliceList, s conversion.Scope) error { - return autoConvert_v1beta1_EndpointSliceList_To_discovery_EndpointSliceList(in, out, s) -} - -func autoConvert_discovery_EndpointSliceList_To_v1beta1_EndpointSliceList(in *discovery.EndpointSliceList, out *v1beta1.EndpointSliceList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.EndpointSlice, len(*in)) - for i := range *in { - if err := Convert_discovery_EndpointSlice_To_v1beta1_EndpointSlice(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_discovery_EndpointSliceList_To_v1beta1_EndpointSliceList is an autogenerated conversion function. -func Convert_discovery_EndpointSliceList_To_v1beta1_EndpointSliceList(in *discovery.EndpointSliceList, out *v1beta1.EndpointSliceList, s conversion.Scope) error { - return autoConvert_discovery_EndpointSliceList_To_v1beta1_EndpointSliceList(in, out, s) -} - -func autoConvert_v1beta1_ForZone_To_discovery_ForZone(in *v1beta1.ForZone, out *discovery.ForZone, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta1_ForZone_To_discovery_ForZone is an autogenerated conversion function. -func Convert_v1beta1_ForZone_To_discovery_ForZone(in *v1beta1.ForZone, out *discovery.ForZone, s conversion.Scope) error { - return autoConvert_v1beta1_ForZone_To_discovery_ForZone(in, out, s) -} - -func autoConvert_discovery_ForZone_To_v1beta1_ForZone(in *discovery.ForZone, out *v1beta1.ForZone, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_discovery_ForZone_To_v1beta1_ForZone is an autogenerated conversion function. -func Convert_discovery_ForZone_To_v1beta1_ForZone(in *discovery.ForZone, out *v1beta1.ForZone, s conversion.Scope) error { - return autoConvert_discovery_ForZone_To_v1beta1_ForZone(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/zz_generated.defaults.go deleted file mode 100644 index c3742e8198..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,50 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/discovery/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.EndpointSlice{}, func(obj interface{}) { SetObjectDefaults_EndpointSlice(obj.(*v1beta1.EndpointSlice)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.EndpointSliceList{}, func(obj interface{}) { SetObjectDefaults_EndpointSliceList(obj.(*v1beta1.EndpointSliceList)) }) - return nil -} - -func SetObjectDefaults_EndpointSlice(in *v1beta1.EndpointSlice) { - for i := range in.Ports { - a := &in.Ports[i] - SetDefaults_EndpointPort(a) - } -} - -func SetObjectDefaults_EndpointSliceList(in *v1beta1.EndpointSliceList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_EndpointSlice(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/validation/validation.go deleted file mode 100644 index a514ef77d8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/validation/validation.go +++ /dev/null @@ -1,212 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - metavalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - api "k8s.io/kubernetes/pkg/apis/core" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/discovery" -) - -var ( - supportedAddressTypes = sets.NewString( - string(discovery.AddressTypeIPv4), - string(discovery.AddressTypeIPv6), - string(discovery.AddressTypeFQDN), - ) - supportedPortProtocols = sets.NewString( - string(api.ProtocolTCP), - string(api.ProtocolUDP), - string(api.ProtocolSCTP), - ) - maxTopologyLabels = 16 - maxAddresses = 100 - maxPorts = 20000 - maxEndpoints = 1000 - maxZoneHints = 8 -) - -// ValidateEndpointSliceName can be used to check whether the given endpoint -// slice name is valid. Prefix indicates this name will be used as part of -// generation, in which case trailing dashes are allowed. -var ValidateEndpointSliceName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateEndpointSlice validates an EndpointSlice. -func ValidateEndpointSlice(endpointSlice *discovery.EndpointSlice) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&endpointSlice.ObjectMeta, true, ValidateEndpointSliceName, field.NewPath("metadata")) - allErrs = append(allErrs, validateAddressType(endpointSlice.AddressType)...) - allErrs = append(allErrs, validateEndpoints(endpointSlice.Endpoints, endpointSlice.AddressType, field.NewPath("endpoints"))...) - allErrs = append(allErrs, validatePorts(endpointSlice.Ports, field.NewPath("ports"))...) - - return allErrs -} - -// ValidateEndpointSliceCreate validates an EndpointSlice when it is created. -func ValidateEndpointSliceCreate(endpointSlice *discovery.EndpointSlice) field.ErrorList { - return ValidateEndpointSlice(endpointSlice) -} - -// ValidateEndpointSliceUpdate validates an EndpointSlice when it is updated. -func ValidateEndpointSliceUpdate(newEndpointSlice, oldEndpointSlice *discovery.EndpointSlice) field.ErrorList { - allErrs := ValidateEndpointSlice(newEndpointSlice) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(newEndpointSlice.AddressType, oldEndpointSlice.AddressType, field.NewPath("addressType"))...) - - return allErrs -} - -func validateEndpoints(endpoints []discovery.Endpoint, addrType discovery.AddressType, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(endpoints) > maxEndpoints { - allErrs = append(allErrs, field.TooMany(fldPath, len(endpoints), maxEndpoints)) - return allErrs - } - - for i, endpoint := range endpoints { - idxPath := fldPath.Index(i) - addressPath := idxPath.Child("addresses") - - if len(endpoint.Addresses) == 0 { - allErrs = append(allErrs, field.Required(addressPath, "must contain at least 1 address")) - } else if len(endpoint.Addresses) > maxAddresses { - allErrs = append(allErrs, field.TooMany(addressPath, len(endpoint.Addresses), maxAddresses)) - } - - for i, address := range endpoint.Addresses { - // This validates known address types, unknown types fall through - // and do not get validated. - switch addrType { - case discovery.AddressTypeIPv4: - allErrs = append(allErrs, validation.IsValidIPv4Address(addressPath.Index(i), address)...) - allErrs = append(allErrs, apivalidation.ValidateNonSpecialIP(address, addressPath.Index(i))...) - case discovery.AddressTypeIPv6: - allErrs = append(allErrs, validation.IsValidIPv6Address(addressPath.Index(i), address)...) - allErrs = append(allErrs, apivalidation.ValidateNonSpecialIP(address, addressPath.Index(i))...) - case discovery.AddressTypeFQDN: - allErrs = append(allErrs, validation.IsFullyQualifiedDomainName(addressPath.Index(i), address)...) - } - } - - if endpoint.NodeName != nil { - nnPath := idxPath.Child("nodeName") - for _, msg := range apivalidation.ValidateNodeName(*endpoint.NodeName, false) { - allErrs = append(allErrs, field.Invalid(nnPath, *endpoint.NodeName, msg)) - } - } - - topologyPath := idxPath.Child("deprecatedTopology") - if len(endpoint.DeprecatedTopology) > maxTopologyLabels { - allErrs = append(allErrs, field.TooMany(topologyPath, len(endpoint.DeprecatedTopology), maxTopologyLabels)) - } - allErrs = append(allErrs, metavalidation.ValidateLabels(endpoint.DeprecatedTopology, topologyPath)...) - if _, found := endpoint.DeprecatedTopology[corev1.LabelTopologyZone]; found { - allErrs = append(allErrs, field.InternalError(topologyPath.Key(corev1.LabelTopologyZone), fmt.Errorf("reserved key was not removed in conversion"))) - } - - if endpoint.Hostname != nil { - allErrs = append(allErrs, apivalidation.ValidateDNS1123Label(*endpoint.Hostname, idxPath.Child("hostname"))...) - } - - if endpoint.Hints != nil { - allErrs = append(allErrs, validateHints(endpoint.Hints, idxPath.Child("hints"))...) - } - } - - return allErrs -} - -func validatePorts(endpointPorts []discovery.EndpointPort, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(endpointPorts) > maxPorts { - allErrs = append(allErrs, field.TooMany(fldPath, len(endpointPorts), maxPorts)) - return allErrs - } - - portNames := sets.String{} - for i, endpointPort := range endpointPorts { - idxPath := fldPath.Index(i) - - if len(*endpointPort.Name) > 0 { - allErrs = append(allErrs, apivalidation.ValidateDNS1123Label(*endpointPort.Name, idxPath.Child("name"))...) - } - - if portNames.Has(*endpointPort.Name) { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("name"), endpointPort.Name)) - } else { - portNames.Insert(*endpointPort.Name) - } - - if endpointPort.Protocol == nil { - allErrs = append(allErrs, field.Required(idxPath.Child("protocol"), "")) - } else if !supportedPortProtocols.Has(string(*endpointPort.Protocol)) { - allErrs = append(allErrs, field.NotSupported(idxPath.Child("protocol"), *endpointPort.Protocol, supportedPortProtocols.List())) - } - - if endpointPort.AppProtocol != nil { - allErrs = append(allErrs, apivalidation.ValidateQualifiedName(*endpointPort.AppProtocol, idxPath.Child("appProtocol"))...) - } - } - - return allErrs -} - -func validateAddressType(addressType discovery.AddressType) field.ErrorList { - allErrs := field.ErrorList{} - - if addressType == "" { - allErrs = append(allErrs, field.Required(field.NewPath("addressType"), "")) - } else if !supportedAddressTypes.Has(string(addressType)) { - allErrs = append(allErrs, field.NotSupported(field.NewPath("addressType"), addressType, supportedAddressTypes.List())) - } - - return allErrs -} - -func validateHints(endpointHints *discovery.EndpointHints, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - fzPath := fldPath.Child("forZones") - if len(endpointHints.ForZones) > maxZoneHints { - allErrs = append(allErrs, field.TooMany(fzPath, len(endpointHints.ForZones), maxZoneHints)) - return allErrs - } - - zoneNames := sets.String{} - for i, forZone := range endpointHints.ForZones { - zonePath := fzPath.Index(i).Child("name") - if zoneNames.Has(forZone.Name) { - allErrs = append(allErrs, field.Duplicate(zonePath, forZone.Name)) - } else { - zoneNames.Insert(forZone.Name) - } - - for _, msg := range validation.IsValidLabelValue(forZone.Name) { - allErrs = append(allErrs, field.Invalid(zonePath, forZone.Name, msg)) - } - } - - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/zz_generated.deepcopy.go deleted file mode 100644 index c2c0550eab..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/discovery/zz_generated.deepcopy.go +++ /dev/null @@ -1,258 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package discovery - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Endpoint) DeepCopyInto(out *Endpoint) { - *out = *in - if in.Addresses != nil { - in, out := &in.Addresses, &out.Addresses - *out = make([]string, len(*in)) - copy(*out, *in) - } - in.Conditions.DeepCopyInto(&out.Conditions) - if in.Hostname != nil { - in, out := &in.Hostname, &out.Hostname - *out = new(string) - **out = **in - } - if in.TargetRef != nil { - in, out := &in.TargetRef, &out.TargetRef - *out = new(core.ObjectReference) - **out = **in - } - if in.DeprecatedTopology != nil { - in, out := &in.DeprecatedTopology, &out.DeprecatedTopology - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.NodeName != nil { - in, out := &in.NodeName, &out.NodeName - *out = new(string) - **out = **in - } - if in.Zone != nil { - in, out := &in.Zone, &out.Zone - *out = new(string) - **out = **in - } - if in.Hints != nil { - in, out := &in.Hints, &out.Hints - *out = new(EndpointHints) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoint. -func (in *Endpoint) DeepCopy() *Endpoint { - if in == nil { - return nil - } - out := new(Endpoint) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointConditions) DeepCopyInto(out *EndpointConditions) { - *out = *in - if in.Ready != nil { - in, out := &in.Ready, &out.Ready - *out = new(bool) - **out = **in - } - if in.Serving != nil { - in, out := &in.Serving, &out.Serving - *out = new(bool) - **out = **in - } - if in.Terminating != nil { - in, out := &in.Terminating, &out.Terminating - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointConditions. -func (in *EndpointConditions) DeepCopy() *EndpointConditions { - if in == nil { - return nil - } - out := new(EndpointConditions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointHints) DeepCopyInto(out *EndpointHints) { - *out = *in - if in.ForZones != nil { - in, out := &in.ForZones, &out.ForZones - *out = make([]ForZone, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointHints. -func (in *EndpointHints) DeepCopy() *EndpointHints { - if in == nil { - return nil - } - out := new(EndpointHints) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointPort) DeepCopyInto(out *EndpointPort) { - *out = *in - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Protocol != nil { - in, out := &in.Protocol, &out.Protocol - *out = new(core.Protocol) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(int32) - **out = **in - } - if in.AppProtocol != nil { - in, out := &in.AppProtocol, &out.AppProtocol - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointPort. -func (in *EndpointPort) DeepCopy() *EndpointPort { - if in == nil { - return nil - } - out := new(EndpointPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointSlice) DeepCopyInto(out *EndpointSlice) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Endpoints != nil { - in, out := &in.Endpoints, &out.Endpoints - *out = make([]Endpoint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]EndpointPort, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointSlice. -func (in *EndpointSlice) DeepCopy() *EndpointSlice { - if in == nil { - return nil - } - out := new(EndpointSlice) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EndpointSlice) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EndpointSliceList) DeepCopyInto(out *EndpointSliceList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]EndpointSlice, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointSliceList. -func (in *EndpointSliceList) DeepCopy() *EndpointSliceList { - if in == nil { - return nil - } - out := new(EndpointSliceList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *EndpointSliceList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ForZone) DeepCopyInto(out *ForZone) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForZone. -func (in *ForZone) DeepCopy() *ForZone { - if in == nil { - return nil - } - out := new(ForZone) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/doc.go deleted file mode 100644 index a2a963f7fc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +groupName=events.k8s.io - -package events // import "k8s.io/kubernetes/pkg/apis/events" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/install/install.go deleted file mode 100644 index c2f7a42361..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/install/install.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the events API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/events" - "k8s.io/kubernetes/pkg/apis/events/v1" - "k8s.io/kubernetes/pkg/apis/events/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(events.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/register.go deleted file mode 100644 index 4bd99c1a55..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/register.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package events - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/kubernetes/pkg/apis/core" -) - -// GroupName is the group name use in this package -const GroupName = "events.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &core.Event{}, - &core.EventList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/conversion.go deleted file mode 100644 index a45baf2f61..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/conversion.go +++ /dev/null @@ -1,87 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - v1 "k8s.io/api/events/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - k8s_api "k8s.io/kubernetes/pkg/apis/core" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -func Convert_v1_Event_To_core_Event(in *v1.Event, out *k8s_api.Event, s conversion.Scope) error { - if err := autoConvert_v1_Event_To_core_Event(in, out, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_v1_ObjectReference_To_core_ObjectReference(&in.Regarding, &out.InvolvedObject, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_v1_EventSource_To_core_EventSource(&in.DeprecatedSource, &out.Source, s); err != nil { - return err - } - out.Message = in.Note - out.FirstTimestamp = in.DeprecatedFirstTimestamp - out.LastTimestamp = in.DeprecatedLastTimestamp - out.Count = in.DeprecatedCount - return nil -} - -func Convert_core_Event_To_v1_Event(in *k8s_api.Event, out *v1.Event, s conversion.Scope) error { - if err := autoConvert_core_Event_To_v1_Event(in, out, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_core_ObjectReference_To_v1_ObjectReference(&in.InvolvedObject, &out.Regarding, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_core_EventSource_To_v1_EventSource(&in.Source, &out.DeprecatedSource, s); err != nil { - return err - } - out.Note = in.Message - out.DeprecatedFirstTimestamp = in.FirstTimestamp - out.DeprecatedLastTimestamp = in.LastTimestamp - out.DeprecatedCount = in.Count - return nil -} - -func AddFieldLabelConversionsForEvent(scheme *runtime.Scheme) error { - mapping := map[string]string{ - "reason": "reason", - "regarding.kind": "involvedObject.kind", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.namespace": "involvedObject.namespace", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.name": "involvedObject.name", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.uid": "involvedObject.uid", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.apiVersion": "involvedObject.apiVersion", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.resourceVersion": "involvedObject.resourceVersion", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.fieldPath": "involvedObject.fieldPath", // map events.k8s.io field to fieldset returned by ToSelectableFields - "reportingController": "reportingComponent", // map events.k8s.io field to fieldset returned by ToSelectableFields - "type": "type", - "metadata.namespace": "metadata.namespace", - "metadata.name": "metadata.name", - } - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Event"), - func(label, value string) (string, string, error) { - mappedLabel, ok := mapping[label] - if !ok { - return "", "", fmt.Errorf("field label not supported: %s", label) - } - return mappedLabel, value, nil - }, - ) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/doc.go deleted file mode 100644 index 6bbbd94d52..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/events -// +k8s:conversion-gen-external-types=k8s.io/api/events/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/events/v1 - -// +groupName=events.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/events/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/register.go deleted file mode 100644 index 958d433d6f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - eventsv1 "k8s.io/api/events/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "events.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &eventsv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults, AddFieldLabelConversionsForEvent) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/zz_generated.conversion.go deleted file mode 100644 index 4cf267098f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/zz_generated.conversion.go +++ /dev/null @@ -1,174 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/events/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.EventList)(nil), (*core.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EventList_To_core_EventList(a.(*v1.EventList), b.(*core.EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EventList)(nil), (*v1.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EventList_To_v1_EventList(a.(*core.EventList), b.(*v1.EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.EventSeries)(nil), (*core.EventSeries)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_EventSeries_To_core_EventSeries(a.(*v1.EventSeries), b.(*core.EventSeries), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EventSeries)(nil), (*v1.EventSeries)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EventSeries_To_v1_EventSeries(a.(*core.EventSeries), b.(*v1.EventSeries), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.Event)(nil), (*v1.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Event_To_v1_Event(a.(*core.Event), b.(*v1.Event), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.Event)(nil), (*core.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Event_To_core_Event(a.(*v1.Event), b.(*core.Event), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_Event_To_core_Event(in *v1.Event, out *core.Event, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.EventTime = in.EventTime - out.Series = (*core.EventSeries)(unsafe.Pointer(in.Series)) - out.ReportingController = in.ReportingController - out.ReportingInstance = in.ReportingInstance - out.Action = in.Action - out.Reason = in.Reason - // WARNING: in.Regarding requires manual conversion: does not exist in peer-type - out.Related = (*core.ObjectReference)(unsafe.Pointer(in.Related)) - // WARNING: in.Note requires manual conversion: does not exist in peer-type - out.Type = in.Type - // WARNING: in.DeprecatedSource requires manual conversion: does not exist in peer-type - // WARNING: in.DeprecatedFirstTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.DeprecatedLastTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.DeprecatedCount requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_core_Event_To_v1_Event(in *core.Event, out *v1.Event, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - // WARNING: in.InvolvedObject requires manual conversion: does not exist in peer-type - out.Reason = in.Reason - // WARNING: in.Message requires manual conversion: does not exist in peer-type - // WARNING: in.Source requires manual conversion: does not exist in peer-type - // WARNING: in.FirstTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.LastTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.Count requires manual conversion: does not exist in peer-type - out.Type = in.Type - out.EventTime = in.EventTime - out.Series = (*v1.EventSeries)(unsafe.Pointer(in.Series)) - out.Action = in.Action - out.Related = (*corev1.ObjectReference)(unsafe.Pointer(in.Related)) - out.ReportingController = in.ReportingController - out.ReportingInstance = in.ReportingInstance - return nil -} - -func autoConvert_v1_EventList_To_core_EventList(in *v1.EventList, out *core.EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.Event, len(*in)) - for i := range *in { - if err := Convert_v1_Event_To_core_Event(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_EventList_To_core_EventList is an autogenerated conversion function. -func Convert_v1_EventList_To_core_EventList(in *v1.EventList, out *core.EventList, s conversion.Scope) error { - return autoConvert_v1_EventList_To_core_EventList(in, out, s) -} - -func autoConvert_core_EventList_To_v1_EventList(in *core.EventList, out *v1.EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.Event, len(*in)) - for i := range *in { - if err := Convert_core_Event_To_v1_Event(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_EventList_To_v1_EventList is an autogenerated conversion function. -func Convert_core_EventList_To_v1_EventList(in *core.EventList, out *v1.EventList, s conversion.Scope) error { - return autoConvert_core_EventList_To_v1_EventList(in, out, s) -} - -func autoConvert_v1_EventSeries_To_core_EventSeries(in *v1.EventSeries, out *core.EventSeries, s conversion.Scope) error { - out.Count = in.Count - out.LastObservedTime = in.LastObservedTime - return nil -} - -// Convert_v1_EventSeries_To_core_EventSeries is an autogenerated conversion function. -func Convert_v1_EventSeries_To_core_EventSeries(in *v1.EventSeries, out *core.EventSeries, s conversion.Scope) error { - return autoConvert_v1_EventSeries_To_core_EventSeries(in, out, s) -} - -func autoConvert_core_EventSeries_To_v1_EventSeries(in *core.EventSeries, out *v1.EventSeries, s conversion.Scope) error { - out.Count = in.Count - out.LastObservedTime = in.LastObservedTime - return nil -} - -// Convert_core_EventSeries_To_v1_EventSeries is an autogenerated conversion function. -func Convert_core_EventSeries_To_v1_EventSeries(in *core.EventSeries, out *v1.EventSeries, s conversion.Scope) error { - return autoConvert_core_EventSeries_To_v1_EventSeries(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/conversion.go deleted file mode 100644 index 8c28cd7e58..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/conversion.go +++ /dev/null @@ -1,87 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - v1beta1 "k8s.io/api/events/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - k8s_api "k8s.io/kubernetes/pkg/apis/core" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -func Convert_v1beta1_Event_To_core_Event(in *v1beta1.Event, out *k8s_api.Event, s conversion.Scope) error { - if err := autoConvert_v1beta1_Event_To_core_Event(in, out, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_v1_ObjectReference_To_core_ObjectReference(&in.Regarding, &out.InvolvedObject, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_v1_EventSource_To_core_EventSource(&in.DeprecatedSource, &out.Source, s); err != nil { - return err - } - out.Message = in.Note - out.FirstTimestamp = in.DeprecatedFirstTimestamp - out.LastTimestamp = in.DeprecatedLastTimestamp - out.Count = in.DeprecatedCount - return nil -} - -func Convert_core_Event_To_v1beta1_Event(in *k8s_api.Event, out *v1beta1.Event, s conversion.Scope) error { - if err := autoConvert_core_Event_To_v1beta1_Event(in, out, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_core_ObjectReference_To_v1_ObjectReference(&in.InvolvedObject, &out.Regarding, s); err != nil { - return err - } - if err := k8s_api_v1.Convert_core_EventSource_To_v1_EventSource(&in.Source, &out.DeprecatedSource, s); err != nil { - return err - } - out.Note = in.Message - out.DeprecatedFirstTimestamp = in.FirstTimestamp - out.DeprecatedLastTimestamp = in.LastTimestamp - out.DeprecatedCount = in.Count - return nil -} - -func AddFieldLabelConversionsForEvent(scheme *runtime.Scheme) error { - mapping := map[string]string{ - "reason": "reason", - "regarding.kind": "involvedObject.kind", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.namespace": "involvedObject.namespace", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.name": "involvedObject.name", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.uid": "involvedObject.uid", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.apiVersion": "involvedObject.apiVersion", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.resourceVersion": "involvedObject.resourceVersion", // map events.k8s.io field to fieldset returned by ToSelectableFields - "regarding.fieldPath": "involvedObject.fieldPath", // map events.k8s.io field to fieldset returned by ToSelectableFields - "reportingController": "reportingComponent", // map events.k8s.io field to fieldset returned by ToSelectableFields - "type": "type", - "metadata.namespace": "metadata.namespace", - "metadata.name": "metadata.name", - } - return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("Event"), - func(label, value string) (string, string, error) { - mappedLabel, ok := mapping[label] - if !ok { - return "", "", fmt.Errorf("field label not supported: %s", label) - } - return mappedLabel, value, nil - }, - ) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/doc.go deleted file mode 100644 index dab7736e95..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/events -// +k8s:conversion-gen-external-types=k8s.io/api/events/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/events/v1beta1 - -// +groupName=events.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/events/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/register.go deleted file mode 100644 index d4d5d44f64..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - eventsv1beta1 "k8s.io/api/events/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "events.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &eventsv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults, AddFieldLabelConversionsForEvent) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/zz_generated.conversion.go deleted file mode 100644 index e58c1099e2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,174 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/events/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.EventList)(nil), (*core.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EventList_To_core_EventList(a.(*v1beta1.EventList), b.(*core.EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EventList)(nil), (*v1beta1.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EventList_To_v1beta1_EventList(a.(*core.EventList), b.(*v1beta1.EventList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.EventSeries)(nil), (*core.EventSeries)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_EventSeries_To_core_EventSeries(a.(*v1beta1.EventSeries), b.(*core.EventSeries), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*core.EventSeries)(nil), (*v1beta1.EventSeries)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_EventSeries_To_v1beta1_EventSeries(a.(*core.EventSeries), b.(*v1beta1.EventSeries), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*core.Event)(nil), (*v1beta1.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_core_Event_To_v1beta1_Event(a.(*core.Event), b.(*v1beta1.Event), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.Event)(nil), (*core.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Event_To_core_Event(a.(*v1beta1.Event), b.(*core.Event), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_Event_To_core_Event(in *v1beta1.Event, out *core.Event, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.EventTime = in.EventTime - out.Series = (*core.EventSeries)(unsafe.Pointer(in.Series)) - out.ReportingController = in.ReportingController - out.ReportingInstance = in.ReportingInstance - out.Action = in.Action - out.Reason = in.Reason - // WARNING: in.Regarding requires manual conversion: does not exist in peer-type - out.Related = (*core.ObjectReference)(unsafe.Pointer(in.Related)) - // WARNING: in.Note requires manual conversion: does not exist in peer-type - out.Type = in.Type - // WARNING: in.DeprecatedSource requires manual conversion: does not exist in peer-type - // WARNING: in.DeprecatedFirstTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.DeprecatedLastTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.DeprecatedCount requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_core_Event_To_v1beta1_Event(in *core.Event, out *v1beta1.Event, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - // WARNING: in.InvolvedObject requires manual conversion: does not exist in peer-type - out.Reason = in.Reason - // WARNING: in.Message requires manual conversion: does not exist in peer-type - // WARNING: in.Source requires manual conversion: does not exist in peer-type - // WARNING: in.FirstTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.LastTimestamp requires manual conversion: does not exist in peer-type - // WARNING: in.Count requires manual conversion: does not exist in peer-type - out.Type = in.Type - out.EventTime = in.EventTime - out.Series = (*v1beta1.EventSeries)(unsafe.Pointer(in.Series)) - out.Action = in.Action - out.Related = (*v1.ObjectReference)(unsafe.Pointer(in.Related)) - out.ReportingController = in.ReportingController - out.ReportingInstance = in.ReportingInstance - return nil -} - -func autoConvert_v1beta1_EventList_To_core_EventList(in *v1beta1.EventList, out *core.EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]core.Event, len(*in)) - for i := range *in { - if err := Convert_v1beta1_Event_To_core_Event(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_EventList_To_core_EventList is an autogenerated conversion function. -func Convert_v1beta1_EventList_To_core_EventList(in *v1beta1.EventList, out *core.EventList, s conversion.Scope) error { - return autoConvert_v1beta1_EventList_To_core_EventList(in, out, s) -} - -func autoConvert_core_EventList_To_v1beta1_EventList(in *core.EventList, out *v1beta1.EventList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.Event, len(*in)) - for i := range *in { - if err := Convert_core_Event_To_v1beta1_Event(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_core_EventList_To_v1beta1_EventList is an autogenerated conversion function. -func Convert_core_EventList_To_v1beta1_EventList(in *core.EventList, out *v1beta1.EventList, s conversion.Scope) error { - return autoConvert_core_EventList_To_v1beta1_EventList(in, out, s) -} - -func autoConvert_v1beta1_EventSeries_To_core_EventSeries(in *v1beta1.EventSeries, out *core.EventSeries, s conversion.Scope) error { - out.Count = in.Count - out.LastObservedTime = in.LastObservedTime - return nil -} - -// Convert_v1beta1_EventSeries_To_core_EventSeries is an autogenerated conversion function. -func Convert_v1beta1_EventSeries_To_core_EventSeries(in *v1beta1.EventSeries, out *core.EventSeries, s conversion.Scope) error { - return autoConvert_v1beta1_EventSeries_To_core_EventSeries(in, out, s) -} - -func autoConvert_core_EventSeries_To_v1beta1_EventSeries(in *core.EventSeries, out *v1beta1.EventSeries, s conversion.Scope) error { - out.Count = in.Count - out.LastObservedTime = in.LastObservedTime - return nil -} - -// Convert_core_EventSeries_To_v1beta1_EventSeries is an autogenerated conversion function. -func Convert_core_EventSeries_To_v1beta1_EventSeries(in *core.EventSeries, out *v1beta1.EventSeries, s conversion.Scope) error { - return autoConvert_core_EventSeries_To_v1beta1_EventSeries(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 198b5be4af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/events/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/OWNERS deleted file mode 100644 index e559bf2aee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/OWNERS +++ /dev/null @@ -1,23 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - derekwaynecarr - - caesarxuchao - - mikedanese - - liggitt - - sttts - - saad-ali - - janetkuo - - justinsb - - ncdc - - tallclair - - mwielgus - - soltysh - - dims -labels: - - sig/apps diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/doc.go deleted file mode 100644 index d97cffdbcb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package extensions // import "k8s.io/kubernetes/pkg/apis/extensions" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/install/install.go deleted file mode 100644 index c22ad59012..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/install/install.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/kubernetes/pkg/apis/extensions/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(extensions.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/register.go deleted file mode 100644 index 4abb1afa23..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/register.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package extensions - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/apis/policy" -) - -// GroupName is the group name use in this package -const GroupName = "extensions" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -// Builds new Scheme of known types -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - // TODO this gets cleaned up when the types are fixed - scheme.AddKnownTypes(SchemeGroupVersion, - &apps.Deployment{}, - &apps.DeploymentList{}, - &apps.DeploymentRollback{}, - &apps.DaemonSetList{}, - &apps.DaemonSet{}, - &networking.Ingress{}, - &networking.IngressList{}, - &apps.ReplicaSet{}, - &apps.ReplicaSetList{}, - &policy.PodSecurityPolicy{}, - &policy.PodSecurityPolicyList{}, - &autoscaling.Scale{}, - &networking.NetworkPolicy{}, - &networking.NetworkPolicyList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/types.go deleted file mode 100644 index e7390a066e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/types.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -/* -This file (together with pkg/apis/extensions/v1beta1/types.go) contain the experimental -types in kubernetes. These API objects are experimental, meaning that the -APIs may be broken at any time by the kubernetes team. - -DISCLAIMER: The implementation of the experimental API group itself is -a temporary one meant as a stopgap solution until kubernetes has proper -support for multiple API groups. The transition may require changes -beyond registration differences. In other words, experimental API group -support is experimental. -*/ - -package extensions diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/conversion.go deleted file mode 100644 index 5ea5285605..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/conversion.go +++ /dev/null @@ -1,214 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/networking" -) - -func Convert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(in *autoscaling.ScaleStatus, out *extensionsv1beta1.ScaleStatus, s conversion.Scope) error { - out.Replicas = int32(in.Replicas) - out.TargetSelector = in.Selector - - out.Selector = nil - selector, err := metav1.ParseToLabelSelector(in.Selector) - if err != nil { - return fmt.Errorf("failed to parse selector: %v", err) - } - if len(selector.MatchExpressions) == 0 { - out.Selector = selector.MatchLabels - } - - return nil -} - -func Convert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(in *extensionsv1beta1.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - - if in.TargetSelector != "" { - out.Selector = in.TargetSelector - } else if in.Selector != nil { - set := labels.Set{} - for key, val := range in.Selector { - set[key] = val - } - out.Selector = labels.SelectorFromSet(set).String() - } else { - out.Selector = "" - } - return nil -} - -func Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in *extensionsv1beta1.NetworkPolicySpec, out *networking.NetworkPolicySpec, s conversion.Scope) error { - if err := autoConvert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in, out, s); err != nil { - return err - } - if out.Ingress == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Ingress = make([]networking.NetworkPolicyIngressRule, 0) - } - if out.Egress == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Egress = make([]networking.NetworkPolicyEgressRule, 0) - } - return nil -} - -func Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(in *networking.NetworkPolicySpec, out *extensionsv1beta1.NetworkPolicySpec, s conversion.Scope) error { - if err := autoConvert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(in, out, s); err != nil { - return err - } - if out.Ingress == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Ingress = make([]extensionsv1beta1.NetworkPolicyIngressRule, 0) - } - if out.Egress == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Egress = make([]extensionsv1beta1.NetworkPolicyEgressRule, 0) - } - return nil -} - -func Convert_v1beta1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(in *extensionsv1beta1.NetworkPolicyIngressRule, out *networking.NetworkPolicyIngressRule, s conversion.Scope) error { - if err := autoConvert_v1beta1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(in, out, s); err != nil { - return err - } - if out.Ports == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Ports = make([]networking.NetworkPolicyPort, 0) - } - return nil -} - -func Convert_networking_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(in *networking.NetworkPolicyIngressRule, out *extensionsv1beta1.NetworkPolicyIngressRule, s conversion.Scope) error { - if err := autoConvert_networking_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(in, out, s); err != nil { - return err - } - if out.Ports == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Ports = make([]extensionsv1beta1.NetworkPolicyPort, 0) - } - return nil -} - -func Convert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in *extensionsv1beta1.NetworkPolicyEgressRule, out *networking.NetworkPolicyEgressRule, s conversion.Scope) error { - if err := autoConvert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in, out, s); err != nil { - return err - } - if out.Ports == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Ports = make([]networking.NetworkPolicyPort, 0) - } - if out.To == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.To = make([]networking.NetworkPolicyPeer, 0) - } - return nil -} - -func Convert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule(in *networking.NetworkPolicyEgressRule, out *extensionsv1beta1.NetworkPolicyEgressRule, s conversion.Scope) error { - if err := autoConvert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule(in, out, s); err != nil { - return err - } - if out.Ports == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.Ports = make([]extensionsv1beta1.NetworkPolicyPort, 0) - } - if out.To == nil { - // Produce a zero-length non-nil slice for compatibility with previous manual conversion. - out.To = make([]extensionsv1beta1.NetworkPolicyPeer, 0) - } - return nil -} - -func Convert_v1beta1_IPBlock_To_networking_IPBlock(in *extensionsv1beta1.IPBlock, out *networking.IPBlock, s conversion.Scope) error { - out.CIDR = in.CIDR - - out.Except = make([]string, len(in.Except)) - copy(out.Except, in.Except) - return nil -} - -func Convert_networking_IPBlock_To_v1beta1_IPBlock(in *networking.IPBlock, out *extensionsv1beta1.IPBlock, s conversion.Scope) error { - out.CIDR = in.CIDR - - out.Except = make([]string, len(in.Except)) - copy(out.Except, in.Except) - return nil -} - -func Convert_v1beta1_IngressBackend_To_networking_IngressBackend(in *extensionsv1beta1.IngressBackend, out *networking.IngressBackend, s conversion.Scope) error { - if err := autoConvert_v1beta1_IngressBackend_To_networking_IngressBackend(in, out, s); err != nil { - return err - } - if len(in.ServiceName) > 0 || in.ServicePort.IntVal != 0 || in.ServicePort.StrVal != "" || in.ServicePort.Type == intstr.String { - out.Service = &networking.IngressServiceBackend{} - out.Service.Name = in.ServiceName - out.Service.Port.Name = in.ServicePort.StrVal - out.Service.Port.Number = in.ServicePort.IntVal - } - return nil -} - -func Convert_networking_IngressBackend_To_v1beta1_IngressBackend(in *networking.IngressBackend, out *extensionsv1beta1.IngressBackend, s conversion.Scope) error { - if err := autoConvert_networking_IngressBackend_To_v1beta1_IngressBackend(in, out, s); err != nil { - return err - } - if in.Service != nil { - out.ServiceName = in.Service.Name - if len(in.Service.Port.Name) > 0 { - out.ServicePort = intstr.FromString(in.Service.Port.Name) - } else { - out.ServicePort = intstr.FromInt(int(in.Service.Port.Number)) - } - } - return nil -} - -func Convert_v1beta1_IngressSpec_To_networking_IngressSpec(in *extensionsv1beta1.IngressSpec, out *networking.IngressSpec, s conversion.Scope) error { - if err := autoConvert_v1beta1_IngressSpec_To_networking_IngressSpec(in, out, s); err != nil { - return err - } - if in.Backend != nil { - out.DefaultBackend = &networking.IngressBackend{} - if err := Convert_v1beta1_IngressBackend_To_networking_IngressBackend(in.Backend, out.DefaultBackend, s); err != nil { - return err - } - } - return nil -} - -func Convert_networking_IngressSpec_To_v1beta1_IngressSpec(in *networking.IngressSpec, out *extensionsv1beta1.IngressSpec, s conversion.Scope) error { - if err := autoConvert_networking_IngressSpec_To_v1beta1_IngressSpec(in, out, s); err != nil { - return err - } - if in.DefaultBackend != nil { - out.Backend = &extensionsv1beta1.IngressBackend{} - if err := Convert_networking_IngressBackend_To_v1beta1_IngressBackend(in.DefaultBackend, out.Backend, s); err != nil { - return err - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/defaults.go deleted file mode 100644 index 1ba702ccc4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/defaults.go +++ /dev/null @@ -1,179 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "math" - - v1 "k8s.io/api/core/v1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_DaemonSet(obj *extensionsv1beta1.DaemonSet) { - labels := obj.Spec.Template.Labels - - // TODO: support templates defined elsewhere when we support them in the API - if labels != nil { - if obj.Spec.Selector == nil { - obj.Spec.Selector = &metav1.LabelSelector{ - MatchLabels: labels, - } - } - if len(obj.Labels) == 0 { - obj.Labels = labels - } - } - updateStrategy := &obj.Spec.UpdateStrategy - if updateStrategy.Type == "" { - updateStrategy.Type = extensionsv1beta1.OnDeleteDaemonSetStrategyType - } - if updateStrategy.Type == extensionsv1beta1.RollingUpdateDaemonSetStrategyType { - if updateStrategy.RollingUpdate == nil { - rollingUpdate := extensionsv1beta1.RollingUpdateDaemonSet{} - updateStrategy.RollingUpdate = &rollingUpdate - } - if updateStrategy.RollingUpdate.MaxUnavailable == nil { - // Set default MaxUnavailable as 1 by default. - maxUnavailable := intstr.FromInt(1) - updateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - if updateStrategy.RollingUpdate.MaxSurge == nil { - // Set default MaxSurge as 0 by default. - maxSurge := intstr.FromInt(0) - updateStrategy.RollingUpdate.MaxSurge = &maxSurge - } - } - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = 10 - } -} - -func SetDefaults_PodSecurityPolicySpec(obj *extensionsv1beta1.PodSecurityPolicySpec) { - // This field was added after PodSecurityPolicy was released. - // Policies that do not include this field must remain as permissive as they were prior to the introduction of this field. - if obj.AllowPrivilegeEscalation == nil { - t := true - obj.AllowPrivilegeEscalation = &t - } -} - -func SetDefaults_Deployment(obj *extensionsv1beta1.Deployment) { - // Default labels and selector to labels from pod template spec. - labels := obj.Spec.Template.Labels - - if labels != nil { - if obj.Spec.Selector == nil { - obj.Spec.Selector = &metav1.LabelSelector{MatchLabels: labels} - } - if len(obj.Labels) == 0 { - obj.Labels = labels - } - } - // Set extensionsv1beta1.DeploymentSpec.Replicas to 1 if it is not set. - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } - strategy := &obj.Spec.Strategy - // Set default extensionsv1beta1.DeploymentStrategyType as RollingUpdate. - if strategy.Type == "" { - strategy.Type = extensionsv1beta1.RollingUpdateDeploymentStrategyType - } - if strategy.Type == extensionsv1beta1.RollingUpdateDeploymentStrategyType || strategy.RollingUpdate != nil { - if strategy.RollingUpdate == nil { - rollingUpdate := extensionsv1beta1.RollingUpdateDeployment{} - strategy.RollingUpdate = &rollingUpdate - } - if strategy.RollingUpdate.MaxUnavailable == nil { - // Set default MaxUnavailable as 1 by default. - maxUnavailable := intstr.FromInt(1) - strategy.RollingUpdate.MaxUnavailable = &maxUnavailable - } - if strategy.RollingUpdate.MaxSurge == nil { - // Set default MaxSurge as 1 by default. - maxSurge := intstr.FromInt(1) - strategy.RollingUpdate.MaxSurge = &maxSurge - } - } - // Set extensionsv1beta1.DeploymentSpec.ProgressDeadlineSeconds to MaxInt, - // which has the same meaning as unset. - if obj.Spec.ProgressDeadlineSeconds == nil { - obj.Spec.ProgressDeadlineSeconds = new(int32) - *obj.Spec.ProgressDeadlineSeconds = math.MaxInt32 - } - // Set extensionsv1beta1.DeploymentSpec.RevisionHistoryLimit to MaxInt32, - // which has the same meaning as unset. - if obj.Spec.RevisionHistoryLimit == nil { - obj.Spec.RevisionHistoryLimit = new(int32) - *obj.Spec.RevisionHistoryLimit = math.MaxInt32 - } -} - -func SetDefaults_ReplicaSet(obj *extensionsv1beta1.ReplicaSet) { - labels := obj.Spec.Template.Labels - - // TODO: support templates defined elsewhere when we support them in the API - if labels != nil { - if obj.Spec.Selector == nil { - obj.Spec.Selector = &metav1.LabelSelector{ - MatchLabels: labels, - } - } - if len(obj.Labels) == 0 { - obj.Labels = labels - } - } - if obj.Spec.Replicas == nil { - obj.Spec.Replicas = new(int32) - *obj.Spec.Replicas = 1 - } -} - -func SetDefaults_NetworkPolicy(obj *extensionsv1beta1.NetworkPolicy) { - // Default any undefined Protocol fields to TCP. - for _, i := range obj.Spec.Ingress { - for _, p := range i.Ports { - if p.Protocol == nil { - proto := v1.ProtocolTCP - p.Protocol = &proto - } - } - } - - if len(obj.Spec.PolicyTypes) == 0 { - // Any policy that does not specify policyTypes implies at least "Ingress". - obj.Spec.PolicyTypes = []extensionsv1beta1.PolicyType{extensionsv1beta1.PolicyTypeIngress} - if len(obj.Spec.Egress) != 0 { - obj.Spec.PolicyTypes = append(obj.Spec.PolicyTypes, extensionsv1beta1.PolicyTypeEgress) - } - } -} - -func SetDefaults_HTTPIngressPath(obj *extensionsv1beta1.HTTPIngressPath) { - var defaultPathType = extensionsv1beta1.PathTypeImplementationSpecific - if obj.PathType == nil { - obj.PathType = &defaultPathType - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/doc.go deleted file mode 100644 index 7e65ac71cc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/doc.go +++ /dev/null @@ -1,26 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/apps -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/policy -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/networking -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/autoscaling -// +k8s:conversion-gen-external-types=k8s.io/api/extensions/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/extensions/v1beta1 - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/extensions/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/register.go deleted file mode 100644 index 2b5773c158..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "extensions" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &extensionsv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 12fc5f4ed8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,2477 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/extensions/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - apps "k8s.io/kubernetes/pkg/apis/apps" - autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling" - core "k8s.io/kubernetes/pkg/apis/core" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" - networking "k8s.io/kubernetes/pkg/apis/networking" - policy "k8s.io/kubernetes/pkg/apis/policy" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedCSIDriver)(nil), (*policy.AllowedCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(a.(*v1beta1.AllowedCSIDriver), b.(*policy.AllowedCSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.AllowedCSIDriver)(nil), (*v1beta1.AllowedCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(a.(*policy.AllowedCSIDriver), b.(*v1beta1.AllowedCSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedFlexVolume)(nil), (*policy.AllowedFlexVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(a.(*v1beta1.AllowedFlexVolume), b.(*policy.AllowedFlexVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.AllowedFlexVolume)(nil), (*v1beta1.AllowedFlexVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(a.(*policy.AllowedFlexVolume), b.(*v1beta1.AllowedFlexVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedHostPath)(nil), (*policy.AllowedHostPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(a.(*v1beta1.AllowedHostPath), b.(*policy.AllowedHostPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.AllowedHostPath)(nil), (*v1beta1.AllowedHostPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(a.(*policy.AllowedHostPath), b.(*v1beta1.AllowedHostPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DaemonSet)(nil), (*apps.DaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DaemonSet_To_apps_DaemonSet(a.(*v1beta1.DaemonSet), b.(*apps.DaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSet)(nil), (*v1beta1.DaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSet_To_v1beta1_DaemonSet(a.(*apps.DaemonSet), b.(*v1beta1.DaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DaemonSetCondition)(nil), (*apps.DaemonSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DaemonSetCondition_To_apps_DaemonSetCondition(a.(*v1beta1.DaemonSetCondition), b.(*apps.DaemonSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetCondition)(nil), (*v1beta1.DaemonSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetCondition_To_v1beta1_DaemonSetCondition(a.(*apps.DaemonSetCondition), b.(*v1beta1.DaemonSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DaemonSetList)(nil), (*apps.DaemonSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DaemonSetList_To_apps_DaemonSetList(a.(*v1beta1.DaemonSetList), b.(*apps.DaemonSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetList)(nil), (*v1beta1.DaemonSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetList_To_v1beta1_DaemonSetList(a.(*apps.DaemonSetList), b.(*v1beta1.DaemonSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DaemonSetSpec)(nil), (*apps.DaemonSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DaemonSetSpec_To_apps_DaemonSetSpec(a.(*v1beta1.DaemonSetSpec), b.(*apps.DaemonSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetSpec)(nil), (*v1beta1.DaemonSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetSpec_To_v1beta1_DaemonSetSpec(a.(*apps.DaemonSetSpec), b.(*v1beta1.DaemonSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DaemonSetStatus)(nil), (*apps.DaemonSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DaemonSetStatus_To_apps_DaemonSetStatus(a.(*v1beta1.DaemonSetStatus), b.(*apps.DaemonSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetStatus)(nil), (*v1beta1.DaemonSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetStatus_To_v1beta1_DaemonSetStatus(a.(*apps.DaemonSetStatus), b.(*v1beta1.DaemonSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DaemonSetUpdateStrategy)(nil), (*apps.DaemonSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(a.(*v1beta1.DaemonSetUpdateStrategy), b.(*apps.DaemonSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DaemonSetUpdateStrategy)(nil), (*v1beta1.DaemonSetUpdateStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DaemonSetUpdateStrategy_To_v1beta1_DaemonSetUpdateStrategy(a.(*apps.DaemonSetUpdateStrategy), b.(*v1beta1.DaemonSetUpdateStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Deployment)(nil), (*apps.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Deployment_To_apps_Deployment(a.(*v1beta1.Deployment), b.(*apps.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.Deployment)(nil), (*v1beta1.Deployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_Deployment_To_v1beta1_Deployment(a.(*apps.Deployment), b.(*v1beta1.Deployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentCondition)(nil), (*apps.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(a.(*v1beta1.DeploymentCondition), b.(*apps.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentCondition)(nil), (*v1beta1.DeploymentCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(a.(*apps.DeploymentCondition), b.(*v1beta1.DeploymentCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentList)(nil), (*apps.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentList_To_apps_DeploymentList(a.(*v1beta1.DeploymentList), b.(*apps.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentList)(nil), (*v1beta1.DeploymentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentList_To_v1beta1_DeploymentList(a.(*apps.DeploymentList), b.(*v1beta1.DeploymentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentRollback)(nil), (*apps.DeploymentRollback)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(a.(*v1beta1.DeploymentRollback), b.(*apps.DeploymentRollback), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentRollback)(nil), (*v1beta1.DeploymentRollback)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(a.(*apps.DeploymentRollback), b.(*v1beta1.DeploymentRollback), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentSpec)(nil), (*apps.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(a.(*v1beta1.DeploymentSpec), b.(*apps.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentSpec)(nil), (*v1beta1.DeploymentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(a.(*apps.DeploymentSpec), b.(*v1beta1.DeploymentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentStatus)(nil), (*apps.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(a.(*v1beta1.DeploymentStatus), b.(*apps.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStatus)(nil), (*v1beta1.DeploymentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(a.(*apps.DeploymentStatus), b.(*v1beta1.DeploymentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.DeploymentStrategy)(nil), (*apps.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(a.(*v1beta1.DeploymentStrategy), b.(*apps.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.DeploymentStrategy)(nil), (*v1beta1.DeploymentStrategy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(a.(*apps.DeploymentStrategy), b.(*v1beta1.DeploymentStrategy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.FSGroupStrategyOptions)(nil), (*policy.FSGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(a.(*v1beta1.FSGroupStrategyOptions), b.(*policy.FSGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.FSGroupStrategyOptions)(nil), (*v1beta1.FSGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(a.(*policy.FSGroupStrategyOptions), b.(*v1beta1.FSGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.HTTPIngressPath)(nil), (*networking.HTTPIngressPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(a.(*v1beta1.HTTPIngressPath), b.(*networking.HTTPIngressPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.HTTPIngressPath)(nil), (*v1beta1.HTTPIngressPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(a.(*networking.HTTPIngressPath), b.(*v1beta1.HTTPIngressPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.HTTPIngressRuleValue)(nil), (*networking.HTTPIngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(a.(*v1beta1.HTTPIngressRuleValue), b.(*networking.HTTPIngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.HTTPIngressRuleValue)(nil), (*v1beta1.HTTPIngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(a.(*networking.HTTPIngressRuleValue), b.(*v1beta1.HTTPIngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.HostPortRange)(nil), (*policy.HostPortRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_HostPortRange_To_policy_HostPortRange(a.(*v1beta1.HostPortRange), b.(*policy.HostPortRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.HostPortRange)(nil), (*v1beta1.HostPortRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_HostPortRange_To_v1beta1_HostPortRange(a.(*policy.HostPortRange), b.(*v1beta1.HostPortRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IDRange)(nil), (*policy.IDRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IDRange_To_policy_IDRange(a.(*v1beta1.IDRange), b.(*policy.IDRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.IDRange)(nil), (*v1beta1.IDRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_IDRange_To_v1beta1_IDRange(a.(*policy.IDRange), b.(*v1beta1.IDRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Ingress)(nil), (*networking.Ingress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Ingress_To_networking_Ingress(a.(*v1beta1.Ingress), b.(*networking.Ingress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.Ingress)(nil), (*v1beta1.Ingress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_Ingress_To_v1beta1_Ingress(a.(*networking.Ingress), b.(*v1beta1.Ingress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressList)(nil), (*networking.IngressList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressList_To_networking_IngressList(a.(*v1beta1.IngressList), b.(*networking.IngressList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressList)(nil), (*v1beta1.IngressList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressList_To_v1beta1_IngressList(a.(*networking.IngressList), b.(*v1beta1.IngressList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressLoadBalancerIngress)(nil), (*networking.IngressLoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(a.(*v1beta1.IngressLoadBalancerIngress), b.(*networking.IngressLoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressLoadBalancerIngress)(nil), (*v1beta1.IngressLoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(a.(*networking.IngressLoadBalancerIngress), b.(*v1beta1.IngressLoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressLoadBalancerStatus)(nil), (*networking.IngressLoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(a.(*v1beta1.IngressLoadBalancerStatus), b.(*networking.IngressLoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressLoadBalancerStatus)(nil), (*v1beta1.IngressLoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(a.(*networking.IngressLoadBalancerStatus), b.(*v1beta1.IngressLoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressPortStatus)(nil), (*networking.IngressPortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(a.(*v1beta1.IngressPortStatus), b.(*networking.IngressPortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressPortStatus)(nil), (*v1beta1.IngressPortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(a.(*networking.IngressPortStatus), b.(*v1beta1.IngressPortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressRule)(nil), (*networking.IngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressRule_To_networking_IngressRule(a.(*v1beta1.IngressRule), b.(*networking.IngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressRule)(nil), (*v1beta1.IngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressRule_To_v1beta1_IngressRule(a.(*networking.IngressRule), b.(*v1beta1.IngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressRuleValue)(nil), (*networking.IngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(a.(*v1beta1.IngressRuleValue), b.(*networking.IngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressRuleValue)(nil), (*v1beta1.IngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(a.(*networking.IngressRuleValue), b.(*v1beta1.IngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressStatus)(nil), (*networking.IngressStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressStatus_To_networking_IngressStatus(a.(*v1beta1.IngressStatus), b.(*networking.IngressStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressStatus)(nil), (*v1beta1.IngressStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressStatus_To_v1beta1_IngressStatus(a.(*networking.IngressStatus), b.(*v1beta1.IngressStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressTLS)(nil), (*networking.IngressTLS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressTLS_To_networking_IngressTLS(a.(*v1beta1.IngressTLS), b.(*networking.IngressTLS), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressTLS)(nil), (*v1beta1.IngressTLS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressTLS_To_v1beta1_IngressTLS(a.(*networking.IngressTLS), b.(*v1beta1.IngressTLS), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NetworkPolicy)(nil), (*networking.NetworkPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicy_To_networking_NetworkPolicy(a.(*v1beta1.NetworkPolicy), b.(*networking.NetworkPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicy)(nil), (*v1beta1.NetworkPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicy_To_v1beta1_NetworkPolicy(a.(*networking.NetworkPolicy), b.(*v1beta1.NetworkPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NetworkPolicyList)(nil), (*networking.NetworkPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicyList_To_networking_NetworkPolicyList(a.(*v1beta1.NetworkPolicyList), b.(*networking.NetworkPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyList)(nil), (*v1beta1.NetworkPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyList_To_v1beta1_NetworkPolicyList(a.(*networking.NetworkPolicyList), b.(*v1beta1.NetworkPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NetworkPolicyPeer)(nil), (*networking.NetworkPolicyPeer)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(a.(*v1beta1.NetworkPolicyPeer), b.(*networking.NetworkPolicyPeer), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyPeer)(nil), (*v1beta1.NetworkPolicyPeer)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(a.(*networking.NetworkPolicyPeer), b.(*v1beta1.NetworkPolicyPeer), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NetworkPolicyPort)(nil), (*networking.NetworkPolicyPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicyPort_To_networking_NetworkPolicyPort(a.(*v1beta1.NetworkPolicyPort), b.(*networking.NetworkPolicyPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyPort)(nil), (*v1beta1.NetworkPolicyPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(a.(*networking.NetworkPolicyPort), b.(*v1beta1.NetworkPolicyPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NetworkPolicyStatus)(nil), (*networking.NetworkPolicyStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(a.(*v1beta1.NetworkPolicyStatus), b.(*networking.NetworkPolicyStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyStatus)(nil), (*v1beta1.NetworkPolicyStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus(a.(*networking.NetworkPolicyStatus), b.(*v1beta1.NetworkPolicyStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicy)(nil), (*policy.PodSecurityPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(a.(*v1beta1.PodSecurityPolicy), b.(*policy.PodSecurityPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicy)(nil), (*v1beta1.PodSecurityPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(a.(*policy.PodSecurityPolicy), b.(*v1beta1.PodSecurityPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicyList)(nil), (*policy.PodSecurityPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(a.(*v1beta1.PodSecurityPolicyList), b.(*policy.PodSecurityPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicyList)(nil), (*v1beta1.PodSecurityPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(a.(*policy.PodSecurityPolicyList), b.(*v1beta1.PodSecurityPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicySpec)(nil), (*policy.PodSecurityPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(a.(*v1beta1.PodSecurityPolicySpec), b.(*policy.PodSecurityPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicySpec)(nil), (*v1beta1.PodSecurityPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(a.(*policy.PodSecurityPolicySpec), b.(*v1beta1.PodSecurityPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ReplicaSet)(nil), (*apps.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ReplicaSet_To_apps_ReplicaSet(a.(*v1beta1.ReplicaSet), b.(*apps.ReplicaSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSet)(nil), (*v1beta1.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSet_To_v1beta1_ReplicaSet(a.(*apps.ReplicaSet), b.(*v1beta1.ReplicaSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ReplicaSetCondition)(nil), (*apps.ReplicaSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ReplicaSetCondition_To_apps_ReplicaSetCondition(a.(*v1beta1.ReplicaSetCondition), b.(*apps.ReplicaSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetCondition)(nil), (*v1beta1.ReplicaSetCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetCondition_To_v1beta1_ReplicaSetCondition(a.(*apps.ReplicaSetCondition), b.(*v1beta1.ReplicaSetCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ReplicaSetList)(nil), (*apps.ReplicaSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ReplicaSetList_To_apps_ReplicaSetList(a.(*v1beta1.ReplicaSetList), b.(*apps.ReplicaSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetList)(nil), (*v1beta1.ReplicaSetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetList_To_v1beta1_ReplicaSetList(a.(*apps.ReplicaSetList), b.(*v1beta1.ReplicaSetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ReplicaSetSpec)(nil), (*apps.ReplicaSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ReplicaSetSpec_To_apps_ReplicaSetSpec(a.(*v1beta1.ReplicaSetSpec), b.(*apps.ReplicaSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetSpec)(nil), (*v1beta1.ReplicaSetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetSpec_To_v1beta1_ReplicaSetSpec(a.(*apps.ReplicaSetSpec), b.(*v1beta1.ReplicaSetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ReplicaSetStatus)(nil), (*apps.ReplicaSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ReplicaSetStatus_To_apps_ReplicaSetStatus(a.(*v1beta1.ReplicaSetStatus), b.(*apps.ReplicaSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.ReplicaSetStatus)(nil), (*v1beta1.ReplicaSetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_ReplicaSetStatus_To_v1beta1_ReplicaSetStatus(a.(*apps.ReplicaSetStatus), b.(*v1beta1.ReplicaSetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RollbackConfig)(nil), (*apps.RollbackConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig(a.(*v1beta1.RollbackConfig), b.(*apps.RollbackConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollbackConfig)(nil), (*v1beta1.RollbackConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig(a.(*apps.RollbackConfig), b.(*v1beta1.RollbackConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RollingUpdateDaemonSet)(nil), (*apps.RollingUpdateDaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(a.(*v1beta1.RollingUpdateDaemonSet), b.(*apps.RollingUpdateDaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateDaemonSet)(nil), (*v1beta1.RollingUpdateDaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateDaemonSet_To_v1beta1_RollingUpdateDaemonSet(a.(*apps.RollingUpdateDaemonSet), b.(*v1beta1.RollingUpdateDaemonSet), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RollingUpdateDeployment)(nil), (*apps.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(a.(*v1beta1.RollingUpdateDeployment), b.(*apps.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*apps.RollingUpdateDeployment)(nil), (*v1beta1.RollingUpdateDeployment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(a.(*apps.RollingUpdateDeployment), b.(*v1beta1.RollingUpdateDeployment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsGroupStrategyOptions)(nil), (*policy.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(a.(*v1beta1.RunAsGroupStrategyOptions), b.(*policy.RunAsGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.RunAsGroupStrategyOptions)(nil), (*v1beta1.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(a.(*policy.RunAsGroupStrategyOptions), b.(*v1beta1.RunAsGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsUserStrategyOptions)(nil), (*policy.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(a.(*v1beta1.RunAsUserStrategyOptions), b.(*policy.RunAsUserStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.RunAsUserStrategyOptions)(nil), (*v1beta1.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(a.(*policy.RunAsUserStrategyOptions), b.(*v1beta1.RunAsUserStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RuntimeClassStrategyOptions)(nil), (*policy.RuntimeClassStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(a.(*v1beta1.RuntimeClassStrategyOptions), b.(*policy.RuntimeClassStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.RuntimeClassStrategyOptions)(nil), (*v1beta1.RuntimeClassStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(a.(*policy.RuntimeClassStrategyOptions), b.(*v1beta1.RuntimeClassStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SELinuxStrategyOptions)(nil), (*policy.SELinuxStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(a.(*v1beta1.SELinuxStrategyOptions), b.(*policy.SELinuxStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.SELinuxStrategyOptions)(nil), (*v1beta1.SELinuxStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(a.(*policy.SELinuxStrategyOptions), b.(*v1beta1.SELinuxStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Scale)(nil), (*autoscaling.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Scale_To_autoscaling_Scale(a.(*v1beta1.Scale), b.(*autoscaling.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.Scale)(nil), (*v1beta1.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_Scale_To_v1beta1_Scale(a.(*autoscaling.Scale), b.(*v1beta1.Scale), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ScaleSpec)(nil), (*autoscaling.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(a.(*v1beta1.ScaleSpec), b.(*autoscaling.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*autoscaling.ScaleSpec)(nil), (*v1beta1.ScaleSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(a.(*autoscaling.ScaleSpec), b.(*v1beta1.ScaleSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SupplementalGroupsStrategyOptions)(nil), (*policy.SupplementalGroupsStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(a.(*v1beta1.SupplementalGroupsStrategyOptions), b.(*policy.SupplementalGroupsStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.SupplementalGroupsStrategyOptions)(nil), (*v1beta1.SupplementalGroupsStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(a.(*policy.SupplementalGroupsStrategyOptions), b.(*v1beta1.SupplementalGroupsStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*autoscaling.ScaleStatus)(nil), (*v1beta1.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(a.(*autoscaling.ScaleStatus), b.(*v1beta1.ScaleStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.IPBlock)(nil), (*v1beta1.IPBlock)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IPBlock_To_v1beta1_IPBlock(a.(*networking.IPBlock), b.(*v1beta1.IPBlock), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.IngressBackend)(nil), (*v1beta1.IngressBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressBackend_To_v1beta1_IngressBackend(a.(*networking.IngressBackend), b.(*v1beta1.IngressBackend), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.IngressSpec)(nil), (*v1beta1.IngressSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressSpec_To_v1beta1_IngressSpec(a.(*networking.IngressSpec), b.(*v1beta1.IngressSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.NetworkPolicyEgressRule)(nil), (*v1beta1.NetworkPolicyEgressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule(a.(*networking.NetworkPolicyEgressRule), b.(*v1beta1.NetworkPolicyEgressRule), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.NetworkPolicyIngressRule)(nil), (*v1beta1.NetworkPolicyIngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(a.(*networking.NetworkPolicyIngressRule), b.(*v1beta1.NetworkPolicyIngressRule), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.NetworkPolicySpec)(nil), (*v1beta1.NetworkPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(a.(*networking.NetworkPolicySpec), b.(*v1beta1.NetworkPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.IPBlock)(nil), (*networking.IPBlock)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IPBlock_To_networking_IPBlock(a.(*v1beta1.IPBlock), b.(*networking.IPBlock), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.IngressBackend)(nil), (*networking.IngressBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressBackend_To_networking_IngressBackend(a.(*v1beta1.IngressBackend), b.(*networking.IngressBackend), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.IngressSpec)(nil), (*networking.IngressSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressSpec_To_networking_IngressSpec(a.(*v1beta1.IngressSpec), b.(*networking.IngressSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.NetworkPolicyEgressRule)(nil), (*networking.NetworkPolicyEgressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(a.(*v1beta1.NetworkPolicyEgressRule), b.(*networking.NetworkPolicyEgressRule), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.NetworkPolicyIngressRule)(nil), (*networking.NetworkPolicyIngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(a.(*v1beta1.NetworkPolicyIngressRule), b.(*networking.NetworkPolicyIngressRule), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.NetworkPolicySpec)(nil), (*networking.NetworkPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec(a.(*v1beta1.NetworkPolicySpec), b.(*networking.NetworkPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.ScaleStatus)(nil), (*autoscaling.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(a.(*v1beta1.ScaleStatus), b.(*autoscaling.ScaleStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in *v1beta1.AllowedCSIDriver, out *policy.AllowedCSIDriver, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver is an autogenerated conversion function. -func Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in *v1beta1.AllowedCSIDriver, out *policy.AllowedCSIDriver, s conversion.Scope) error { - return autoConvert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in, out, s) -} - -func autoConvert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in *policy.AllowedCSIDriver, out *v1beta1.AllowedCSIDriver, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver is an autogenerated conversion function. -func Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in *policy.AllowedCSIDriver, out *v1beta1.AllowedCSIDriver, s conversion.Scope) error { - return autoConvert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in, out, s) -} - -func autoConvert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *policy.AllowedFlexVolume, s conversion.Scope) error { - out.Driver = in.Driver - return nil -} - -// Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume is an autogenerated conversion function. -func Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *policy.AllowedFlexVolume, s conversion.Scope) error { - return autoConvert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in, out, s) -} - -func autoConvert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *policy.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error { - out.Driver = in.Driver - return nil -} - -// Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume is an autogenerated conversion function. -func Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *policy.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error { - return autoConvert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in, out, s) -} - -func autoConvert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in *v1beta1.AllowedHostPath, out *policy.AllowedHostPath, s conversion.Scope) error { - out.PathPrefix = in.PathPrefix - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath is an autogenerated conversion function. -func Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in *v1beta1.AllowedHostPath, out *policy.AllowedHostPath, s conversion.Scope) error { - return autoConvert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in, out, s) -} - -func autoConvert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in *policy.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error { - out.PathPrefix = in.PathPrefix - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath is an autogenerated conversion function. -func Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in *policy.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error { - return autoConvert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in, out, s) -} - -func autoConvert_v1beta1_DaemonSet_To_apps_DaemonSet(in *v1beta1.DaemonSet, out *apps.DaemonSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_DaemonSetSpec_To_apps_DaemonSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_DaemonSetStatus_To_apps_DaemonSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_DaemonSet_To_apps_DaemonSet is an autogenerated conversion function. -func Convert_v1beta1_DaemonSet_To_apps_DaemonSet(in *v1beta1.DaemonSet, out *apps.DaemonSet, s conversion.Scope) error { - return autoConvert_v1beta1_DaemonSet_To_apps_DaemonSet(in, out, s) -} - -func autoConvert_apps_DaemonSet_To_v1beta1_DaemonSet(in *apps.DaemonSet, out *v1beta1.DaemonSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_DaemonSetSpec_To_v1beta1_DaemonSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_DaemonSetStatus_To_v1beta1_DaemonSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_DaemonSet_To_v1beta1_DaemonSet is an autogenerated conversion function. -func Convert_apps_DaemonSet_To_v1beta1_DaemonSet(in *apps.DaemonSet, out *v1beta1.DaemonSet, s conversion.Scope) error { - return autoConvert_apps_DaemonSet_To_v1beta1_DaemonSet(in, out, s) -} - -func autoConvert_v1beta1_DaemonSetCondition_To_apps_DaemonSetCondition(in *v1beta1.DaemonSetCondition, out *apps.DaemonSetCondition, s conversion.Scope) error { - out.Type = apps.DaemonSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta1_DaemonSetCondition_To_apps_DaemonSetCondition is an autogenerated conversion function. -func Convert_v1beta1_DaemonSetCondition_To_apps_DaemonSetCondition(in *v1beta1.DaemonSetCondition, out *apps.DaemonSetCondition, s conversion.Scope) error { - return autoConvert_v1beta1_DaemonSetCondition_To_apps_DaemonSetCondition(in, out, s) -} - -func autoConvert_apps_DaemonSetCondition_To_v1beta1_DaemonSetCondition(in *apps.DaemonSetCondition, out *v1beta1.DaemonSetCondition, s conversion.Scope) error { - out.Type = v1beta1.DaemonSetConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_DaemonSetCondition_To_v1beta1_DaemonSetCondition is an autogenerated conversion function. -func Convert_apps_DaemonSetCondition_To_v1beta1_DaemonSetCondition(in *apps.DaemonSetCondition, out *v1beta1.DaemonSetCondition, s conversion.Scope) error { - return autoConvert_apps_DaemonSetCondition_To_v1beta1_DaemonSetCondition(in, out, s) -} - -func autoConvert_v1beta1_DaemonSetList_To_apps_DaemonSetList(in *v1beta1.DaemonSetList, out *apps.DaemonSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.DaemonSet, len(*in)) - for i := range *in { - if err := Convert_v1beta1_DaemonSet_To_apps_DaemonSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_DaemonSetList_To_apps_DaemonSetList is an autogenerated conversion function. -func Convert_v1beta1_DaemonSetList_To_apps_DaemonSetList(in *v1beta1.DaemonSetList, out *apps.DaemonSetList, s conversion.Scope) error { - return autoConvert_v1beta1_DaemonSetList_To_apps_DaemonSetList(in, out, s) -} - -func autoConvert_apps_DaemonSetList_To_v1beta1_DaemonSetList(in *apps.DaemonSetList, out *v1beta1.DaemonSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.DaemonSet, len(*in)) - for i := range *in { - if err := Convert_apps_DaemonSet_To_v1beta1_DaemonSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_DaemonSetList_To_v1beta1_DaemonSetList is an autogenerated conversion function. -func Convert_apps_DaemonSetList_To_v1beta1_DaemonSetList(in *apps.DaemonSetList, out *v1beta1.DaemonSetList, s conversion.Scope) error { - return autoConvert_apps_DaemonSetList_To_v1beta1_DaemonSetList(in, out, s) -} - -func autoConvert_v1beta1_DaemonSetSpec_To_apps_DaemonSetSpec(in *v1beta1.DaemonSetSpec, out *apps.DaemonSetSpec, s conversion.Scope) error { - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_v1beta1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.TemplateGeneration = in.TemplateGeneration - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - return nil -} - -// Convert_v1beta1_DaemonSetSpec_To_apps_DaemonSetSpec is an autogenerated conversion function. -func Convert_v1beta1_DaemonSetSpec_To_apps_DaemonSetSpec(in *v1beta1.DaemonSetSpec, out *apps.DaemonSetSpec, s conversion.Scope) error { - return autoConvert_v1beta1_DaemonSetSpec_To_apps_DaemonSetSpec(in, out, s) -} - -func autoConvert_apps_DaemonSetSpec_To_v1beta1_DaemonSetSpec(in *apps.DaemonSetSpec, out *v1beta1.DaemonSetSpec, s conversion.Scope) error { - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_apps_DaemonSetUpdateStrategy_To_v1beta1_DaemonSetUpdateStrategy(&in.UpdateStrategy, &out.UpdateStrategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.TemplateGeneration = in.TemplateGeneration - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - return nil -} - -// Convert_apps_DaemonSetSpec_To_v1beta1_DaemonSetSpec is an autogenerated conversion function. -func Convert_apps_DaemonSetSpec_To_v1beta1_DaemonSetSpec(in *apps.DaemonSetSpec, out *v1beta1.DaemonSetSpec, s conversion.Scope) error { - return autoConvert_apps_DaemonSetSpec_To_v1beta1_DaemonSetSpec(in, out, s) -} - -func autoConvert_v1beta1_DaemonSetStatus_To_apps_DaemonSetStatus(in *v1beta1.DaemonSetStatus, out *apps.DaemonSetStatus, s conversion.Scope) error { - out.CurrentNumberScheduled = in.CurrentNumberScheduled - out.NumberMisscheduled = in.NumberMisscheduled - out.DesiredNumberScheduled = in.DesiredNumberScheduled - out.NumberReady = in.NumberReady - out.ObservedGeneration = in.ObservedGeneration - out.UpdatedNumberScheduled = in.UpdatedNumberScheduled - out.NumberAvailable = in.NumberAvailable - out.NumberUnavailable = in.NumberUnavailable - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]apps.DaemonSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta1_DaemonSetStatus_To_apps_DaemonSetStatus is an autogenerated conversion function. -func Convert_v1beta1_DaemonSetStatus_To_apps_DaemonSetStatus(in *v1beta1.DaemonSetStatus, out *apps.DaemonSetStatus, s conversion.Scope) error { - return autoConvert_v1beta1_DaemonSetStatus_To_apps_DaemonSetStatus(in, out, s) -} - -func autoConvert_apps_DaemonSetStatus_To_v1beta1_DaemonSetStatus(in *apps.DaemonSetStatus, out *v1beta1.DaemonSetStatus, s conversion.Scope) error { - out.CurrentNumberScheduled = in.CurrentNumberScheduled - out.NumberMisscheduled = in.NumberMisscheduled - out.DesiredNumberScheduled = in.DesiredNumberScheduled - out.NumberReady = in.NumberReady - out.ObservedGeneration = in.ObservedGeneration - out.UpdatedNumberScheduled = in.UpdatedNumberScheduled - out.NumberAvailable = in.NumberAvailable - out.NumberUnavailable = in.NumberUnavailable - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - out.Conditions = *(*[]v1beta1.DaemonSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_apps_DaemonSetStatus_To_v1beta1_DaemonSetStatus is an autogenerated conversion function. -func Convert_apps_DaemonSetStatus_To_v1beta1_DaemonSetStatus(in *apps.DaemonSetStatus, out *v1beta1.DaemonSetStatus, s conversion.Scope) error { - return autoConvert_apps_DaemonSetStatus_To_v1beta1_DaemonSetStatus(in, out, s) -} - -func autoConvert_v1beta1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in *v1beta1.DaemonSetUpdateStrategy, out *apps.DaemonSetUpdateStrategy, s conversion.Scope) error { - out.Type = apps.DaemonSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateDaemonSet) - if err := Convert_v1beta1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1beta1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy is an autogenerated conversion function. -func Convert_v1beta1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in *v1beta1.DaemonSetUpdateStrategy, out *apps.DaemonSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_v1beta1_DaemonSetUpdateStrategy_To_apps_DaemonSetUpdateStrategy(in, out, s) -} - -func autoConvert_apps_DaemonSetUpdateStrategy_To_v1beta1_DaemonSetUpdateStrategy(in *apps.DaemonSetUpdateStrategy, out *v1beta1.DaemonSetUpdateStrategy, s conversion.Scope) error { - out.Type = v1beta1.DaemonSetUpdateStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1beta1.RollingUpdateDaemonSet) - if err := Convert_apps_RollingUpdateDaemonSet_To_v1beta1_RollingUpdateDaemonSet(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_DaemonSetUpdateStrategy_To_v1beta1_DaemonSetUpdateStrategy is an autogenerated conversion function. -func Convert_apps_DaemonSetUpdateStrategy_To_v1beta1_DaemonSetUpdateStrategy(in *apps.DaemonSetUpdateStrategy, out *v1beta1.DaemonSetUpdateStrategy, s conversion.Scope) error { - return autoConvert_apps_DaemonSetUpdateStrategy_To_v1beta1_DaemonSetUpdateStrategy(in, out, s) -} - -func autoConvert_v1beta1_Deployment_To_apps_Deployment(in *v1beta1.Deployment, out *apps.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_Deployment_To_apps_Deployment is an autogenerated conversion function. -func Convert_v1beta1_Deployment_To_apps_Deployment(in *v1beta1.Deployment, out *apps.Deployment, s conversion.Scope) error { - return autoConvert_v1beta1_Deployment_To_apps_Deployment(in, out, s) -} - -func autoConvert_apps_Deployment_To_v1beta1_Deployment(in *apps.Deployment, out *v1beta1.Deployment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_Deployment_To_v1beta1_Deployment is an autogenerated conversion function. -func Convert_apps_Deployment_To_v1beta1_Deployment(in *apps.Deployment, out *v1beta1.Deployment, s conversion.Scope) error { - return autoConvert_apps_Deployment_To_v1beta1_Deployment(in, out, s) -} - -func autoConvert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(in *v1beta1.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - out.Type = apps.DeploymentConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition is an autogenerated conversion function. -func Convert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(in *v1beta1.DeploymentCondition, out *apps.DeploymentCondition, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentCondition_To_apps_DeploymentCondition(in, out, s) -} - -func autoConvert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(in *apps.DeploymentCondition, out *v1beta1.DeploymentCondition, s conversion.Scope) error { - out.Type = v1beta1.DeploymentConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastUpdateTime = in.LastUpdateTime - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition is an autogenerated conversion function. -func Convert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(in *apps.DeploymentCondition, out *v1beta1.DeploymentCondition, s conversion.Scope) error { - return autoConvert_apps_DeploymentCondition_To_v1beta1_DeploymentCondition(in, out, s) -} - -func autoConvert_v1beta1_DeploymentList_To_apps_DeploymentList(in *v1beta1.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.Deployment, len(*in)) - for i := range *in { - if err := Convert_v1beta1_Deployment_To_apps_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_DeploymentList_To_apps_DeploymentList is an autogenerated conversion function. -func Convert_v1beta1_DeploymentList_To_apps_DeploymentList(in *v1beta1.DeploymentList, out *apps.DeploymentList, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentList_To_apps_DeploymentList(in, out, s) -} - -func autoConvert_apps_DeploymentList_To_v1beta1_DeploymentList(in *apps.DeploymentList, out *v1beta1.DeploymentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.Deployment, len(*in)) - for i := range *in { - if err := Convert_apps_Deployment_To_v1beta1_Deployment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_DeploymentList_To_v1beta1_DeploymentList is an autogenerated conversion function. -func Convert_apps_DeploymentList_To_v1beta1_DeploymentList(in *apps.DeploymentList, out *v1beta1.DeploymentList, s conversion.Scope) error { - return autoConvert_apps_DeploymentList_To_v1beta1_DeploymentList(in, out, s) -} - -func autoConvert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(in *v1beta1.DeploymentRollback, out *apps.DeploymentRollback, s conversion.Scope) error { - out.Name = in.Name - out.UpdatedAnnotations = *(*map[string]string)(unsafe.Pointer(&in.UpdatedAnnotations)) - if err := Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig(&in.RollbackTo, &out.RollbackTo, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback is an autogenerated conversion function. -func Convert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(in *v1beta1.DeploymentRollback, out *apps.DeploymentRollback, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentRollback_To_apps_DeploymentRollback(in, out, s) -} - -func autoConvert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(in *apps.DeploymentRollback, out *v1beta1.DeploymentRollback, s conversion.Scope) error { - out.Name = in.Name - out.UpdatedAnnotations = *(*map[string]string)(unsafe.Pointer(&in.UpdatedAnnotations)) - if err := Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig(&in.RollbackTo, &out.RollbackTo, s); err != nil { - return err - } - return nil -} - -// Convert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback is an autogenerated conversion function. -func Convert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(in *apps.DeploymentRollback, out *v1beta1.DeploymentRollback, s conversion.Scope) error { - return autoConvert_apps_DeploymentRollback_To_v1beta1_DeploymentRollback(in, out, s) -} - -func autoConvert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(in *v1beta1.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - out.RollbackTo = (*apps.RollbackConfig)(unsafe.Pointer(in.RollbackTo)) - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -// Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec is an autogenerated conversion function. -func Convert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(in *v1beta1.DeploymentSpec, out *apps.DeploymentSpec, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentSpec_To_apps_DeploymentSpec(in, out, s) -} - -func autoConvert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(in *apps.DeploymentSpec, out *v1beta1.DeploymentSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - if err := Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(&in.Strategy, &out.Strategy, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.RevisionHistoryLimit = (*int32)(unsafe.Pointer(in.RevisionHistoryLimit)) - out.Paused = in.Paused - out.RollbackTo = (*v1beta1.RollbackConfig)(unsafe.Pointer(in.RollbackTo)) - out.ProgressDeadlineSeconds = (*int32)(unsafe.Pointer(in.ProgressDeadlineSeconds)) - return nil -} - -// Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec is an autogenerated conversion function. -func Convert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(in *apps.DeploymentSpec, out *v1beta1.DeploymentSpec, s conversion.Scope) error { - return autoConvert_apps_DeploymentSpec_To_v1beta1_DeploymentSpec(in, out, s) -} - -func autoConvert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(in *v1beta1.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]apps.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus is an autogenerated conversion function. -func Convert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(in *v1beta1.DeploymentStatus, out *apps.DeploymentStatus, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentStatus_To_apps_DeploymentStatus(in, out, s) -} - -func autoConvert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(in *apps.DeploymentStatus, out *v1beta1.DeploymentStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.Replicas = in.Replicas - out.UpdatedReplicas = in.UpdatedReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.UnavailableReplicas = in.UnavailableReplicas - out.Conditions = *(*[]v1beta1.DeploymentCondition)(unsafe.Pointer(&in.Conditions)) - out.CollisionCount = (*int32)(unsafe.Pointer(in.CollisionCount)) - return nil -} - -// Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus is an autogenerated conversion function. -func Convert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(in *apps.DeploymentStatus, out *v1beta1.DeploymentStatus, s conversion.Scope) error { - return autoConvert_apps_DeploymentStatus_To_v1beta1_DeploymentStatus(in, out, s) -} - -func autoConvert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1beta1.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - out.Type = apps.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(apps.RollingUpdateDeployment) - if err := Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy is an autogenerated conversion function. -func Convert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(in *v1beta1.DeploymentStrategy, out *apps.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_v1beta1_DeploymentStrategy_To_apps_DeploymentStrategy(in, out, s) -} - -func autoConvert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1beta1.DeploymentStrategy, s conversion.Scope) error { - out.Type = v1beta1.DeploymentStrategyType(in.Type) - if in.RollingUpdate != nil { - in, out := &in.RollingUpdate, &out.RollingUpdate - *out = new(v1beta1.RollingUpdateDeployment) - if err := Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(*in, *out, s); err != nil { - return err - } - } else { - out.RollingUpdate = nil - } - return nil -} - -// Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy is an autogenerated conversion function. -func Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in *apps.DeploymentStrategy, out *v1beta1.DeploymentStrategy, s conversion.Scope) error { - return autoConvert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in, out, s) -} - -func autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error { - out.Rule = policy.FSGroupStrategyType(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in, out, s) -} - -func autoConvert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *policy.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.FSGroupStrategyType(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions is an autogenerated conversion function. -func Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *policy.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(in *v1beta1.HTTPIngressPath, out *networking.HTTPIngressPath, s conversion.Scope) error { - out.Path = in.Path - out.PathType = (*networking.PathType)(unsafe.Pointer(in.PathType)) - if err := Convert_v1beta1_IngressBackend_To_networking_IngressBackend(&in.Backend, &out.Backend, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath is an autogenerated conversion function. -func Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(in *v1beta1.HTTPIngressPath, out *networking.HTTPIngressPath, s conversion.Scope) error { - return autoConvert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(in, out, s) -} - -func autoConvert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(in *networking.HTTPIngressPath, out *v1beta1.HTTPIngressPath, s conversion.Scope) error { - out.Path = in.Path - out.PathType = (*v1beta1.PathType)(unsafe.Pointer(in.PathType)) - if err := Convert_networking_IngressBackend_To_v1beta1_IngressBackend(&in.Backend, &out.Backend, s); err != nil { - return err - } - return nil -} - -// Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath is an autogenerated conversion function. -func Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(in *networking.HTTPIngressPath, out *v1beta1.HTTPIngressPath, s conversion.Scope) error { - return autoConvert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(in, out, s) -} - -func autoConvert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in *v1beta1.HTTPIngressRuleValue, out *networking.HTTPIngressRuleValue, s conversion.Scope) error { - if in.Paths != nil { - in, out := &in.Paths, &out.Paths - *out = make([]networking.HTTPIngressPath, len(*in)) - for i := range *in { - if err := Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Paths = nil - } - return nil -} - -// Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue is an autogenerated conversion function. -func Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in *v1beta1.HTTPIngressRuleValue, out *networking.HTTPIngressRuleValue, s conversion.Scope) error { - return autoConvert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in, out, s) -} - -func autoConvert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in *networking.HTTPIngressRuleValue, out *v1beta1.HTTPIngressRuleValue, s conversion.Scope) error { - if in.Paths != nil { - in, out := &in.Paths, &out.Paths - *out = make([]v1beta1.HTTPIngressPath, len(*in)) - for i := range *in { - if err := Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Paths = nil - } - return nil -} - -// Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue is an autogenerated conversion function. -func Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in *networking.HTTPIngressRuleValue, out *v1beta1.HTTPIngressRuleValue, s conversion.Scope) error { - return autoConvert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in, out, s) -} - -func autoConvert_v1beta1_HostPortRange_To_policy_HostPortRange(in *v1beta1.HostPortRange, out *policy.HostPortRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_v1beta1_HostPortRange_To_policy_HostPortRange is an autogenerated conversion function. -func Convert_v1beta1_HostPortRange_To_policy_HostPortRange(in *v1beta1.HostPortRange, out *policy.HostPortRange, s conversion.Scope) error { - return autoConvert_v1beta1_HostPortRange_To_policy_HostPortRange(in, out, s) -} - -func autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_policy_HostPortRange_To_v1beta1_HostPortRange is an autogenerated conversion function. -func Convert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error { - return autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in, out, s) -} - -func autoConvert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_v1beta1_IDRange_To_policy_IDRange is an autogenerated conversion function. -func Convert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error { - return autoConvert_v1beta1_IDRange_To_policy_IDRange(in, out, s) -} - -func autoConvert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_policy_IDRange_To_v1beta1_IDRange is an autogenerated conversion function. -func Convert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error { - return autoConvert_policy_IDRange_To_v1beta1_IDRange(in, out, s) -} - -func autoConvert_v1beta1_IPBlock_To_networking_IPBlock(in *v1beta1.IPBlock, out *networking.IPBlock, s conversion.Scope) error { - out.CIDR = in.CIDR - out.Except = *(*[]string)(unsafe.Pointer(&in.Except)) - return nil -} - -func autoConvert_networking_IPBlock_To_v1beta1_IPBlock(in *networking.IPBlock, out *v1beta1.IPBlock, s conversion.Scope) error { - out.CIDR = in.CIDR - out.Except = *(*[]string)(unsafe.Pointer(&in.Except)) - return nil -} - -func autoConvert_v1beta1_Ingress_To_networking_Ingress(in *v1beta1.Ingress, out *networking.Ingress, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_IngressSpec_To_networking_IngressSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_IngressStatus_To_networking_IngressStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_Ingress_To_networking_Ingress is an autogenerated conversion function. -func Convert_v1beta1_Ingress_To_networking_Ingress(in *v1beta1.Ingress, out *networking.Ingress, s conversion.Scope) error { - return autoConvert_v1beta1_Ingress_To_networking_Ingress(in, out, s) -} - -func autoConvert_networking_Ingress_To_v1beta1_Ingress(in *networking.Ingress, out *v1beta1.Ingress, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_IngressSpec_To_v1beta1_IngressSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_networking_IngressStatus_To_v1beta1_IngressStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_networking_Ingress_To_v1beta1_Ingress is an autogenerated conversion function. -func Convert_networking_Ingress_To_v1beta1_Ingress(in *networking.Ingress, out *v1beta1.Ingress, s conversion.Scope) error { - return autoConvert_networking_Ingress_To_v1beta1_Ingress(in, out, s) -} - -func autoConvert_v1beta1_IngressBackend_To_networking_IngressBackend(in *v1beta1.IngressBackend, out *networking.IngressBackend, s conversion.Scope) error { - // WARNING: in.ServiceName requires manual conversion: does not exist in peer-type - // WARNING: in.ServicePort requires manual conversion: does not exist in peer-type - out.Resource = (*core.TypedLocalObjectReference)(unsafe.Pointer(in.Resource)) - return nil -} - -func autoConvert_networking_IngressBackend_To_v1beta1_IngressBackend(in *networking.IngressBackend, out *v1beta1.IngressBackend, s conversion.Scope) error { - // WARNING: in.Service requires manual conversion: does not exist in peer-type - out.Resource = (*v1.TypedLocalObjectReference)(unsafe.Pointer(in.Resource)) - return nil -} - -func autoConvert_v1beta1_IngressList_To_networking_IngressList(in *v1beta1.IngressList, out *networking.IngressList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]networking.Ingress, len(*in)) - for i := range *in { - if err := Convert_v1beta1_Ingress_To_networking_Ingress(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_IngressList_To_networking_IngressList is an autogenerated conversion function. -func Convert_v1beta1_IngressList_To_networking_IngressList(in *v1beta1.IngressList, out *networking.IngressList, s conversion.Scope) error { - return autoConvert_v1beta1_IngressList_To_networking_IngressList(in, out, s) -} - -func autoConvert_networking_IngressList_To_v1beta1_IngressList(in *networking.IngressList, out *v1beta1.IngressList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.Ingress, len(*in)) - for i := range *in { - if err := Convert_networking_Ingress_To_v1beta1_Ingress(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_networking_IngressList_To_v1beta1_IngressList is an autogenerated conversion function. -func Convert_networking_IngressList_To_v1beta1_IngressList(in *networking.IngressList, out *v1beta1.IngressList, s conversion.Scope) error { - return autoConvert_networking_IngressList_To_v1beta1_IngressList(in, out, s) -} - -func autoConvert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in *v1beta1.IngressLoadBalancerIngress, out *networking.IngressLoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]networking.IngressPortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress is an autogenerated conversion function. -func Convert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in *v1beta1.IngressLoadBalancerIngress, out *networking.IngressLoadBalancerIngress, s conversion.Scope) error { - return autoConvert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in, out, s) -} - -func autoConvert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(in *networking.IngressLoadBalancerIngress, out *v1beta1.IngressLoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]v1beta1.IngressPortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress is an autogenerated conversion function. -func Convert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(in *networking.IngressLoadBalancerIngress, out *v1beta1.IngressLoadBalancerIngress, s conversion.Scope) error { - return autoConvert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(in, out, s) -} - -func autoConvert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in *v1beta1.IngressLoadBalancerStatus, out *networking.IngressLoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]networking.IngressLoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus is an autogenerated conversion function. -func Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in *v1beta1.IngressLoadBalancerStatus, out *networking.IngressLoadBalancerStatus, s conversion.Scope) error { - return autoConvert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in, out, s) -} - -func autoConvert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(in *networking.IngressLoadBalancerStatus, out *v1beta1.IngressLoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]v1beta1.IngressLoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus is an autogenerated conversion function. -func Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(in *networking.IngressLoadBalancerStatus, out *v1beta1.IngressLoadBalancerStatus, s conversion.Scope) error { - return autoConvert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(in, out, s) -} - -func autoConvert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(in *v1beta1.IngressPortStatus, out *networking.IngressPortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = core.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus is an autogenerated conversion function. -func Convert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(in *v1beta1.IngressPortStatus, out *networking.IngressPortStatus, s conversion.Scope) error { - return autoConvert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(in, out, s) -} - -func autoConvert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(in *networking.IngressPortStatus, out *v1beta1.IngressPortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = v1.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus is an autogenerated conversion function. -func Convert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(in *networking.IngressPortStatus, out *v1beta1.IngressPortStatus, s conversion.Scope) error { - return autoConvert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(in, out, s) -} - -func autoConvert_v1beta1_IngressRule_To_networking_IngressRule(in *v1beta1.IngressRule, out *networking.IngressRule, s conversion.Scope) error { - out.Host = in.Host - if err := Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(&in.IngressRuleValue, &out.IngressRuleValue, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_IngressRule_To_networking_IngressRule is an autogenerated conversion function. -func Convert_v1beta1_IngressRule_To_networking_IngressRule(in *v1beta1.IngressRule, out *networking.IngressRule, s conversion.Scope) error { - return autoConvert_v1beta1_IngressRule_To_networking_IngressRule(in, out, s) -} - -func autoConvert_networking_IngressRule_To_v1beta1_IngressRule(in *networking.IngressRule, out *v1beta1.IngressRule, s conversion.Scope) error { - out.Host = in.Host - if err := Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(&in.IngressRuleValue, &out.IngressRuleValue, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressRule_To_v1beta1_IngressRule is an autogenerated conversion function. -func Convert_networking_IngressRule_To_v1beta1_IngressRule(in *networking.IngressRule, out *v1beta1.IngressRule, s conversion.Scope) error { - return autoConvert_networking_IngressRule_To_v1beta1_IngressRule(in, out, s) -} - -func autoConvert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(in *v1beta1.IngressRuleValue, out *networking.IngressRuleValue, s conversion.Scope) error { - if in.HTTP != nil { - in, out := &in.HTTP, &out.HTTP - *out = new(networking.HTTPIngressRuleValue) - if err := Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(*in, *out, s); err != nil { - return err - } - } else { - out.HTTP = nil - } - return nil -} - -// Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue is an autogenerated conversion function. -func Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(in *v1beta1.IngressRuleValue, out *networking.IngressRuleValue, s conversion.Scope) error { - return autoConvert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(in, out, s) -} - -func autoConvert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(in *networking.IngressRuleValue, out *v1beta1.IngressRuleValue, s conversion.Scope) error { - if in.HTTP != nil { - in, out := &in.HTTP, &out.HTTP - *out = new(v1beta1.HTTPIngressRuleValue) - if err := Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(*in, *out, s); err != nil { - return err - } - } else { - out.HTTP = nil - } - return nil -} - -// Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue is an autogenerated conversion function. -func Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(in *networking.IngressRuleValue, out *v1beta1.IngressRuleValue, s conversion.Scope) error { - return autoConvert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(in, out, s) -} - -func autoConvert_v1beta1_IngressSpec_To_networking_IngressSpec(in *v1beta1.IngressSpec, out *networking.IngressSpec, s conversion.Scope) error { - out.IngressClassName = (*string)(unsafe.Pointer(in.IngressClassName)) - // WARNING: in.Backend requires manual conversion: does not exist in peer-type - out.TLS = *(*[]networking.IngressTLS)(unsafe.Pointer(&in.TLS)) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]networking.IngressRule, len(*in)) - for i := range *in { - if err := Convert_v1beta1_IngressRule_To_networking_IngressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - return nil -} - -func autoConvert_networking_IngressSpec_To_v1beta1_IngressSpec(in *networking.IngressSpec, out *v1beta1.IngressSpec, s conversion.Scope) error { - out.IngressClassName = (*string)(unsafe.Pointer(in.IngressClassName)) - // WARNING: in.DefaultBackend requires manual conversion: does not exist in peer-type - out.TLS = *(*[]v1beta1.IngressTLS)(unsafe.Pointer(&in.TLS)) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]v1beta1.IngressRule, len(*in)) - for i := range *in { - if err := Convert_networking_IngressRule_To_v1beta1_IngressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - return nil -} - -func autoConvert_v1beta1_IngressStatus_To_networking_IngressStatus(in *v1beta1.IngressStatus, out *networking.IngressStatus, s conversion.Scope) error { - if err := Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_IngressStatus_To_networking_IngressStatus is an autogenerated conversion function. -func Convert_v1beta1_IngressStatus_To_networking_IngressStatus(in *v1beta1.IngressStatus, out *networking.IngressStatus, s conversion.Scope) error { - return autoConvert_v1beta1_IngressStatus_To_networking_IngressStatus(in, out, s) -} - -func autoConvert_networking_IngressStatus_To_v1beta1_IngressStatus(in *networking.IngressStatus, out *v1beta1.IngressStatus, s conversion.Scope) error { - if err := Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressStatus_To_v1beta1_IngressStatus is an autogenerated conversion function. -func Convert_networking_IngressStatus_To_v1beta1_IngressStatus(in *networking.IngressStatus, out *v1beta1.IngressStatus, s conversion.Scope) error { - return autoConvert_networking_IngressStatus_To_v1beta1_IngressStatus(in, out, s) -} - -func autoConvert_v1beta1_IngressTLS_To_networking_IngressTLS(in *v1beta1.IngressTLS, out *networking.IngressTLS, s conversion.Scope) error { - out.Hosts = *(*[]string)(unsafe.Pointer(&in.Hosts)) - out.SecretName = in.SecretName - return nil -} - -// Convert_v1beta1_IngressTLS_To_networking_IngressTLS is an autogenerated conversion function. -func Convert_v1beta1_IngressTLS_To_networking_IngressTLS(in *v1beta1.IngressTLS, out *networking.IngressTLS, s conversion.Scope) error { - return autoConvert_v1beta1_IngressTLS_To_networking_IngressTLS(in, out, s) -} - -func autoConvert_networking_IngressTLS_To_v1beta1_IngressTLS(in *networking.IngressTLS, out *v1beta1.IngressTLS, s conversion.Scope) error { - out.Hosts = *(*[]string)(unsafe.Pointer(&in.Hosts)) - out.SecretName = in.SecretName - return nil -} - -// Convert_networking_IngressTLS_To_v1beta1_IngressTLS is an autogenerated conversion function. -func Convert_networking_IngressTLS_To_v1beta1_IngressTLS(in *networking.IngressTLS, out *v1beta1.IngressTLS, s conversion.Scope) error { - return autoConvert_networking_IngressTLS_To_v1beta1_IngressTLS(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicy_To_networking_NetworkPolicy(in *v1beta1.NetworkPolicy, out *networking.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_NetworkPolicy_To_networking_NetworkPolicy is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicy_To_networking_NetworkPolicy(in *v1beta1.NetworkPolicy, out *networking.NetworkPolicy, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicy_To_networking_NetworkPolicy(in, out, s) -} - -func autoConvert_networking_NetworkPolicy_To_v1beta1_NetworkPolicy(in *networking.NetworkPolicy, out *v1beta1.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_networking_NetworkPolicy_To_v1beta1_NetworkPolicy is an autogenerated conversion function. -func Convert_networking_NetworkPolicy_To_v1beta1_NetworkPolicy(in *networking.NetworkPolicy, out *v1beta1.NetworkPolicy, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicy_To_v1beta1_NetworkPolicy(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in *v1beta1.NetworkPolicyEgressRule, out *networking.NetworkPolicyEgressRule, s conversion.Scope) error { - out.Ports = *(*[]networking.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - if in.To != nil { - in, out := &in.To, &out.To - *out = make([]networking.NetworkPolicyPeer, len(*in)) - for i := range *in { - if err := Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.To = nil - } - return nil -} - -func autoConvert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule(in *networking.NetworkPolicyEgressRule, out *v1beta1.NetworkPolicyEgressRule, s conversion.Scope) error { - out.Ports = *(*[]v1beta1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - if in.To != nil { - in, out := &in.To, &out.To - *out = make([]v1beta1.NetworkPolicyPeer, len(*in)) - for i := range *in { - if err := Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.To = nil - } - return nil -} - -func autoConvert_v1beta1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(in *v1beta1.NetworkPolicyIngressRule, out *networking.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = *(*[]networking.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - if in.From != nil { - in, out := &in.From, &out.From - *out = make([]networking.NetworkPolicyPeer, len(*in)) - for i := range *in { - if err := Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.From = nil - } - return nil -} - -func autoConvert_networking_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(in *networking.NetworkPolicyIngressRule, out *v1beta1.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = *(*[]v1beta1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - if in.From != nil { - in, out := &in.From, &out.From - *out = make([]v1beta1.NetworkPolicyPeer, len(*in)) - for i := range *in { - if err := Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.From = nil - } - return nil -} - -func autoConvert_v1beta1_NetworkPolicyList_To_networking_NetworkPolicyList(in *v1beta1.NetworkPolicyList, out *networking.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]networking.NetworkPolicy, len(*in)) - for i := range *in { - if err := Convert_v1beta1_NetworkPolicy_To_networking_NetworkPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_NetworkPolicyList_To_networking_NetworkPolicyList is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyList_To_networking_NetworkPolicyList(in *v1beta1.NetworkPolicyList, out *networking.NetworkPolicyList, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyList_To_networking_NetworkPolicyList(in, out, s) -} - -func autoConvert_networking_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in *networking.NetworkPolicyList, out *v1beta1.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.NetworkPolicy, len(*in)) - for i := range *in { - if err := Convert_networking_NetworkPolicy_To_v1beta1_NetworkPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_networking_NetworkPolicyList_To_v1beta1_NetworkPolicyList is an autogenerated conversion function. -func Convert_networking_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in *networking.NetworkPolicyList, out *v1beta1.NetworkPolicyList, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1beta1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error { - out.PodSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.PodSelector)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - if in.IPBlock != nil { - in, out := &in.IPBlock, &out.IPBlock - *out = new(networking.IPBlock) - if err := Convert_v1beta1_IPBlock_To_networking_IPBlock(*in, *out, s); err != nil { - return err - } - } else { - out.IPBlock = nil - } - return nil -} - -// Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1beta1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in, out, s) -} - -func autoConvert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in *networking.NetworkPolicyPeer, out *v1beta1.NetworkPolicyPeer, s conversion.Scope) error { - out.PodSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.PodSelector)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - if in.IPBlock != nil { - in, out := &in.IPBlock, &out.IPBlock - *out = new(v1beta1.IPBlock) - if err := Convert_networking_IPBlock_To_v1beta1_IPBlock(*in, *out, s); err != nil { - return err - } - } else { - out.IPBlock = nil - } - return nil -} - -// Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer is an autogenerated conversion function. -func Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in *networking.NetworkPolicyPeer, out *v1beta1.NetworkPolicyPeer, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicyPort_To_networking_NetworkPolicyPort(in *v1beta1.NetworkPolicyPort, out *networking.NetworkPolicyPort, s conversion.Scope) error { - out.Protocol = (*core.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*intstr.IntOrString)(unsafe.Pointer(in.Port)) - out.EndPort = (*int32)(unsafe.Pointer(in.EndPort)) - return nil -} - -// Convert_v1beta1_NetworkPolicyPort_To_networking_NetworkPolicyPort is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyPort_To_networking_NetworkPolicyPort(in *v1beta1.NetworkPolicyPort, out *networking.NetworkPolicyPort, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyPort_To_networking_NetworkPolicyPort(in, out, s) -} - -func autoConvert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(in *networking.NetworkPolicyPort, out *v1beta1.NetworkPolicyPort, s conversion.Scope) error { - out.Protocol = (*v1.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*intstr.IntOrString)(unsafe.Pointer(in.Port)) - out.EndPort = (*int32)(unsafe.Pointer(in.EndPort)) - return nil -} - -// Convert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort is an autogenerated conversion function. -func Convert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(in *networking.NetworkPolicyPort, out *v1beta1.NetworkPolicyPort, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in *v1beta1.NetworkPolicySpec, out *networking.NetworkPolicySpec, s conversion.Scope) error { - out.PodSelector = in.PodSelector - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]networking.NetworkPolicyIngressRule, len(*in)) - for i := range *in { - if err := Convert_v1beta1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Ingress = nil - } - if in.Egress != nil { - in, out := &in.Egress, &out.Egress - *out = make([]networking.NetworkPolicyEgressRule, len(*in)) - for i := range *in { - if err := Convert_v1beta1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Egress = nil - } - out.PolicyTypes = *(*[]networking.PolicyType)(unsafe.Pointer(&in.PolicyTypes)) - return nil -} - -func autoConvert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(in *networking.NetworkPolicySpec, out *v1beta1.NetworkPolicySpec, s conversion.Scope) error { - out.PodSelector = in.PodSelector - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]v1beta1.NetworkPolicyIngressRule, len(*in)) - for i := range *in { - if err := Convert_networking_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Ingress = nil - } - if in.Egress != nil { - in, out := &in.Egress, &out.Egress - *out = make([]v1beta1.NetworkPolicyEgressRule, len(*in)) - for i := range *in { - if err := Convert_networking_NetworkPolicyEgressRule_To_v1beta1_NetworkPolicyEgressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Egress = nil - } - out.PolicyTypes = *(*[]v1beta1.PolicyType)(unsafe.Pointer(&in.PolicyTypes)) - return nil -} - -func autoConvert_v1beta1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(in *v1beta1.NetworkPolicyStatus, out *networking.NetworkPolicyStatus, s conversion.Scope) error { - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(in *v1beta1.NetworkPolicyStatus, out *networking.NetworkPolicyStatus, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(in, out, s) -} - -func autoConvert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus(in *networking.NetworkPolicyStatus, out *v1beta1.NetworkPolicyStatus, s conversion.Scope) error { - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus is an autogenerated conversion function. -func Convert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus(in *networking.NetworkPolicyStatus, out *v1beta1.NetworkPolicyStatus, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *policy.PodSecurityPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *policy.PodSecurityPolicy, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in, out, s) -} - -func autoConvert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *policy.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy is an autogenerated conversion function. -func Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *policy.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error { - return autoConvert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *policy.PodSecurityPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]policy.PodSecurityPolicy, len(*in)) - for i := range *in { - if err := Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *policy.PodSecurityPolicyList, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in, out, s) -} - -func autoConvert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *policy.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.PodSecurityPolicy, len(*in)) - for i := range *in { - if err := Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList is an autogenerated conversion function. -func Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *policy.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error { - return autoConvert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *policy.PodSecurityPolicySpec, s conversion.Scope) error { - out.Privileged = in.Privileged - out.DefaultAddCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities)) - out.RequiredDropCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities)) - out.AllowedCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.AllowedCapabilities)) - out.Volumes = *(*[]policy.FSType)(unsafe.Pointer(&in.Volumes)) - out.HostNetwork = in.HostNetwork - out.HostPorts = *(*[]policy.HostPortRange)(unsafe.Pointer(&in.HostPorts)) - out.HostPID = in.HostPID - out.HostIPC = in.HostIPC - if err := Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil { - return err - } - if err := Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil { - return err - } - out.RunAsGroup = (*policy.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup)) - if err := Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil { - return err - } - if err := Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil { - return err - } - out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem - out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation)) - if err := metav1.Convert_Pointer_bool_To_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil { - return err - } - out.AllowedHostPaths = *(*[]policy.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths)) - out.AllowedFlexVolumes = *(*[]policy.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes)) - out.AllowedCSIDrivers = *(*[]policy.AllowedCSIDriver)(unsafe.Pointer(&in.AllowedCSIDrivers)) - out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) - out.ForbiddenSysctls = *(*[]string)(unsafe.Pointer(&in.ForbiddenSysctls)) - out.AllowedProcMountTypes = *(*[]core.ProcMountType)(unsafe.Pointer(&in.AllowedProcMountTypes)) - out.RuntimeClass = (*policy.RuntimeClassStrategyOptions)(unsafe.Pointer(in.RuntimeClass)) - return nil -} - -// Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *policy.PodSecurityPolicySpec, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in, out, s) -} - -func autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *policy.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error { - out.Privileged = in.Privileged - out.DefaultAddCapabilities = *(*[]v1.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities)) - out.RequiredDropCapabilities = *(*[]v1.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities)) - out.AllowedCapabilities = *(*[]v1.Capability)(unsafe.Pointer(&in.AllowedCapabilities)) - out.Volumes = *(*[]v1beta1.FSType)(unsafe.Pointer(&in.Volumes)) - out.HostNetwork = in.HostNetwork - out.HostPorts = *(*[]v1beta1.HostPortRange)(unsafe.Pointer(&in.HostPorts)) - out.HostPID = in.HostPID - out.HostIPC = in.HostIPC - if err := Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil { - return err - } - if err := Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil { - return err - } - out.RunAsGroup = (*v1beta1.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup)) - if err := Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil { - return err - } - if err := Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil { - return err - } - out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem - out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation)) - if err := metav1.Convert_bool_To_Pointer_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil { - return err - } - out.AllowedHostPaths = *(*[]v1beta1.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths)) - out.AllowedFlexVolumes = *(*[]v1beta1.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes)) - out.AllowedCSIDrivers = *(*[]v1beta1.AllowedCSIDriver)(unsafe.Pointer(&in.AllowedCSIDrivers)) - out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) - out.ForbiddenSysctls = *(*[]string)(unsafe.Pointer(&in.ForbiddenSysctls)) - out.AllowedProcMountTypes = *(*[]v1.ProcMountType)(unsafe.Pointer(&in.AllowedProcMountTypes)) - out.RuntimeClass = (*v1beta1.RuntimeClassStrategyOptions)(unsafe.Pointer(in.RuntimeClass)) - return nil -} - -// Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec is an autogenerated conversion function. -func Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *policy.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error { - return autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s) -} - -func autoConvert_v1beta1_ReplicaSet_To_apps_ReplicaSet(in *v1beta1.ReplicaSet, out *apps.ReplicaSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_ReplicaSetSpec_To_apps_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_ReplicaSetStatus_To_apps_ReplicaSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_ReplicaSet_To_apps_ReplicaSet is an autogenerated conversion function. -func Convert_v1beta1_ReplicaSet_To_apps_ReplicaSet(in *v1beta1.ReplicaSet, out *apps.ReplicaSet, s conversion.Scope) error { - return autoConvert_v1beta1_ReplicaSet_To_apps_ReplicaSet(in, out, s) -} - -func autoConvert_apps_ReplicaSet_To_v1beta1_ReplicaSet(in *apps.ReplicaSet, out *v1beta1.ReplicaSet, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_apps_ReplicaSetSpec_To_v1beta1_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_apps_ReplicaSetStatus_To_v1beta1_ReplicaSetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_apps_ReplicaSet_To_v1beta1_ReplicaSet is an autogenerated conversion function. -func Convert_apps_ReplicaSet_To_v1beta1_ReplicaSet(in *apps.ReplicaSet, out *v1beta1.ReplicaSet, s conversion.Scope) error { - return autoConvert_apps_ReplicaSet_To_v1beta1_ReplicaSet(in, out, s) -} - -func autoConvert_v1beta1_ReplicaSetCondition_To_apps_ReplicaSetCondition(in *v1beta1.ReplicaSetCondition, out *apps.ReplicaSetCondition, s conversion.Scope) error { - out.Type = apps.ReplicaSetConditionType(in.Type) - out.Status = core.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta1_ReplicaSetCondition_To_apps_ReplicaSetCondition is an autogenerated conversion function. -func Convert_v1beta1_ReplicaSetCondition_To_apps_ReplicaSetCondition(in *v1beta1.ReplicaSetCondition, out *apps.ReplicaSetCondition, s conversion.Scope) error { - return autoConvert_v1beta1_ReplicaSetCondition_To_apps_ReplicaSetCondition(in, out, s) -} - -func autoConvert_apps_ReplicaSetCondition_To_v1beta1_ReplicaSetCondition(in *apps.ReplicaSetCondition, out *v1beta1.ReplicaSetCondition, s conversion.Scope) error { - out.Type = v1beta1.ReplicaSetConditionType(in.Type) - out.Status = v1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_apps_ReplicaSetCondition_To_v1beta1_ReplicaSetCondition is an autogenerated conversion function. -func Convert_apps_ReplicaSetCondition_To_v1beta1_ReplicaSetCondition(in *apps.ReplicaSetCondition, out *v1beta1.ReplicaSetCondition, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetCondition_To_v1beta1_ReplicaSetCondition(in, out, s) -} - -func autoConvert_v1beta1_ReplicaSetList_To_apps_ReplicaSetList(in *v1beta1.ReplicaSetList, out *apps.ReplicaSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]apps.ReplicaSet, len(*in)) - for i := range *in { - if err := Convert_v1beta1_ReplicaSet_To_apps_ReplicaSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_ReplicaSetList_To_apps_ReplicaSetList is an autogenerated conversion function. -func Convert_v1beta1_ReplicaSetList_To_apps_ReplicaSetList(in *v1beta1.ReplicaSetList, out *apps.ReplicaSetList, s conversion.Scope) error { - return autoConvert_v1beta1_ReplicaSetList_To_apps_ReplicaSetList(in, out, s) -} - -func autoConvert_apps_ReplicaSetList_To_v1beta1_ReplicaSetList(in *apps.ReplicaSetList, out *v1beta1.ReplicaSetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.ReplicaSet, len(*in)) - for i := range *in { - if err := Convert_apps_ReplicaSet_To_v1beta1_ReplicaSet(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_apps_ReplicaSetList_To_v1beta1_ReplicaSetList is an autogenerated conversion function. -func Convert_apps_ReplicaSetList_To_v1beta1_ReplicaSetList(in *apps.ReplicaSetList, out *v1beta1.ReplicaSetList, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetList_To_v1beta1_ReplicaSetList(in, out, s) -} - -func autoConvert_v1beta1_ReplicaSetSpec_To_apps_ReplicaSetSpec(in *v1beta1.ReplicaSetSpec, out *apps.ReplicaSetSpec, s conversion.Scope) error { - if err := metav1.Convert_Pointer_int32_To_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_v1_PodTemplateSpec_To_core_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_ReplicaSetSpec_To_apps_ReplicaSetSpec is an autogenerated conversion function. -func Convert_v1beta1_ReplicaSetSpec_To_apps_ReplicaSetSpec(in *v1beta1.ReplicaSetSpec, out *apps.ReplicaSetSpec, s conversion.Scope) error { - return autoConvert_v1beta1_ReplicaSetSpec_To_apps_ReplicaSetSpec(in, out, s) -} - -func autoConvert_apps_ReplicaSetSpec_To_v1beta1_ReplicaSetSpec(in *apps.ReplicaSetSpec, out *v1beta1.ReplicaSetSpec, s conversion.Scope) error { - if err := metav1.Convert_int32_To_Pointer_int32(&in.Replicas, &out.Replicas, s); err != nil { - return err - } - out.MinReadySeconds = in.MinReadySeconds - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - if err := corev1.Convert_core_PodTemplateSpec_To_v1_PodTemplateSpec(&in.Template, &out.Template, s); err != nil { - return err - } - return nil -} - -// Convert_apps_ReplicaSetSpec_To_v1beta1_ReplicaSetSpec is an autogenerated conversion function. -func Convert_apps_ReplicaSetSpec_To_v1beta1_ReplicaSetSpec(in *apps.ReplicaSetSpec, out *v1beta1.ReplicaSetSpec, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetSpec_To_v1beta1_ReplicaSetSpec(in, out, s) -} - -func autoConvert_v1beta1_ReplicaSetStatus_To_apps_ReplicaSetStatus(in *v1beta1.ReplicaSetStatus, out *apps.ReplicaSetStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]apps.ReplicaSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta1_ReplicaSetStatus_To_apps_ReplicaSetStatus is an autogenerated conversion function. -func Convert_v1beta1_ReplicaSetStatus_To_apps_ReplicaSetStatus(in *v1beta1.ReplicaSetStatus, out *apps.ReplicaSetStatus, s conversion.Scope) error { - return autoConvert_v1beta1_ReplicaSetStatus_To_apps_ReplicaSetStatus(in, out, s) -} - -func autoConvert_apps_ReplicaSetStatus_To_v1beta1_ReplicaSetStatus(in *apps.ReplicaSetStatus, out *v1beta1.ReplicaSetStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - out.FullyLabeledReplicas = in.FullyLabeledReplicas - out.ReadyReplicas = in.ReadyReplicas - out.AvailableReplicas = in.AvailableReplicas - out.ObservedGeneration = in.ObservedGeneration - out.Conditions = *(*[]v1beta1.ReplicaSetCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_apps_ReplicaSetStatus_To_v1beta1_ReplicaSetStatus is an autogenerated conversion function. -func Convert_apps_ReplicaSetStatus_To_v1beta1_ReplicaSetStatus(in *apps.ReplicaSetStatus, out *v1beta1.ReplicaSetStatus, s conversion.Scope) error { - return autoConvert_apps_ReplicaSetStatus_To_v1beta1_ReplicaSetStatus(in, out, s) -} - -func autoConvert_v1beta1_RollbackConfig_To_apps_RollbackConfig(in *v1beta1.RollbackConfig, out *apps.RollbackConfig, s conversion.Scope) error { - out.Revision = in.Revision - return nil -} - -// Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig is an autogenerated conversion function. -func Convert_v1beta1_RollbackConfig_To_apps_RollbackConfig(in *v1beta1.RollbackConfig, out *apps.RollbackConfig, s conversion.Scope) error { - return autoConvert_v1beta1_RollbackConfig_To_apps_RollbackConfig(in, out, s) -} - -func autoConvert_apps_RollbackConfig_To_v1beta1_RollbackConfig(in *apps.RollbackConfig, out *v1beta1.RollbackConfig, s conversion.Scope) error { - out.Revision = in.Revision - return nil -} - -// Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig is an autogenerated conversion function. -func Convert_apps_RollbackConfig_To_v1beta1_RollbackConfig(in *apps.RollbackConfig, out *v1beta1.RollbackConfig, s conversion.Scope) error { - return autoConvert_apps_RollbackConfig_To_v1beta1_RollbackConfig(in, out, s) -} - -func autoConvert_v1beta1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in *v1beta1.RollingUpdateDaemonSet, out *apps.RollingUpdateDaemonSet, s conversion.Scope) error { - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet is an autogenerated conversion function. -func Convert_v1beta1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in *v1beta1.RollingUpdateDaemonSet, out *apps.RollingUpdateDaemonSet, s conversion.Scope) error { - return autoConvert_v1beta1_RollingUpdateDaemonSet_To_apps_RollingUpdateDaemonSet(in, out, s) -} - -func autoConvert_apps_RollingUpdateDaemonSet_To_v1beta1_RollingUpdateDaemonSet(in *apps.RollingUpdateDaemonSet, out *v1beta1.RollingUpdateDaemonSet, s conversion.Scope) error { - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_apps_RollingUpdateDaemonSet_To_v1beta1_RollingUpdateDaemonSet is an autogenerated conversion function. -func Convert_apps_RollingUpdateDaemonSet_To_v1beta1_RollingUpdateDaemonSet(in *apps.RollingUpdateDaemonSet, out *v1beta1.RollingUpdateDaemonSet, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateDaemonSet_To_v1beta1_RollingUpdateDaemonSet(in, out, s) -} - -func autoConvert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1beta1.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_Pointer_intstr_IntOrString_To_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in *v1beta1.RollingUpdateDeployment, out *apps.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_v1beta1_RollingUpdateDeployment_To_apps_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1beta1.RollingUpdateDeployment, s conversion.Scope) error { - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxUnavailable, &out.MaxUnavailable, s); err != nil { - return err - } - if err := metav1.Convert_intstr_IntOrString_To_Pointer_intstr_IntOrString(&in.MaxSurge, &out.MaxSurge, s); err != nil { - return err - } - return nil -} - -// Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment is an autogenerated conversion function. -func Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in *apps.RollingUpdateDeployment, out *v1beta1.RollingUpdateDeployment, s conversion.Scope) error { - return autoConvert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in, out, s) -} - -func autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error { - out.Rule = policy.RunAsGroupStrategy(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in, out, s) -} - -func autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.RunAsGroupStrategy(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions is an autogenerated conversion function. -func Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error { - out.Rule = policy.RunAsUserStrategy(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in, out, s) -} - -func autoConvert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *policy.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.RunAsUserStrategy(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions is an autogenerated conversion function. -func Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *policy.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in *v1beta1.RuntimeClassStrategyOptions, out *policy.RuntimeClassStrategyOptions, s conversion.Scope) error { - out.AllowedRuntimeClassNames = *(*[]string)(unsafe.Pointer(&in.AllowedRuntimeClassNames)) - out.DefaultRuntimeClassName = (*string)(unsafe.Pointer(in.DefaultRuntimeClassName)) - return nil -} - -// Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in *v1beta1.RuntimeClassStrategyOptions, out *policy.RuntimeClassStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in, out, s) -} - -func autoConvert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in *policy.RuntimeClassStrategyOptions, out *v1beta1.RuntimeClassStrategyOptions, s conversion.Scope) error { - out.AllowedRuntimeClassNames = *(*[]string)(unsafe.Pointer(&in.AllowedRuntimeClassNames)) - out.DefaultRuntimeClassName = (*string)(unsafe.Pointer(in.DefaultRuntimeClassName)) - return nil -} - -// Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions is an autogenerated conversion function. -func Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in *policy.RuntimeClassStrategyOptions, out *v1beta1.RuntimeClassStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *policy.SELinuxStrategyOptions, s conversion.Scope) error { - out.Rule = policy.SELinuxStrategy(in.Rule) - out.SELinuxOptions = (*core.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - return nil -} - -// Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *policy.SELinuxStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in, out, s) -} - -func autoConvert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *policy.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.SELinuxStrategy(in.Rule) - out.SELinuxOptions = (*v1.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - return nil -} - -// Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions is an autogenerated conversion function. -func Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *policy.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_Scale_To_autoscaling_Scale(in *v1beta1.Scale, out *autoscaling.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_Scale_To_autoscaling_Scale is an autogenerated conversion function. -func Convert_v1beta1_Scale_To_autoscaling_Scale(in *v1beta1.Scale, out *autoscaling.Scale, s conversion.Scope) error { - return autoConvert_v1beta1_Scale_To_autoscaling_Scale(in, out, s) -} - -func autoConvert_autoscaling_Scale_To_v1beta1_Scale(in *autoscaling.Scale, out *v1beta1.Scale, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_autoscaling_Scale_To_v1beta1_Scale is an autogenerated conversion function. -func Convert_autoscaling_Scale_To_v1beta1_Scale(in *autoscaling.Scale, out *v1beta1.Scale, s conversion.Scope) error { - return autoConvert_autoscaling_Scale_To_v1beta1_Scale(in, out, s) -} - -func autoConvert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(in *v1beta1.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec is an autogenerated conversion function. -func Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(in *v1beta1.ScaleSpec, out *autoscaling.ScaleSpec, s conversion.Scope) error { - return autoConvert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(in, out, s) -} - -func autoConvert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(in *autoscaling.ScaleSpec, out *v1beta1.ScaleSpec, s conversion.Scope) error { - out.Replicas = in.Replicas - return nil -} - -// Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec is an autogenerated conversion function. -func Convert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(in *autoscaling.ScaleSpec, out *v1beta1.ScaleSpec, s conversion.Scope) error { - return autoConvert_autoscaling_ScaleSpec_To_v1beta1_ScaleSpec(in, out, s) -} - -func autoConvert_v1beta1_ScaleStatus_To_autoscaling_ScaleStatus(in *v1beta1.ScaleStatus, out *autoscaling.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - // WARNING: in.Selector requires manual conversion: inconvertible types (map[string]string vs string) - // WARNING: in.TargetSelector requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(in *autoscaling.ScaleStatus, out *v1beta1.ScaleStatus, s conversion.Scope) error { - out.Replicas = in.Replicas - // WARNING: in.Selector requires manual conversion: inconvertible types (string vs map[string]string) - return nil -} - -func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - out.Rule = policy.SupplementalGroupsStrategyType(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in, out, s) -} - -func autoConvert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *policy.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.SupplementalGroupsStrategyType(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions is an autogenerated conversion function. -func Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *policy.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/zz_generated.defaults.go deleted file mode 100644 index ade8b18422..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,913 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/extensions/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.DaemonSet{}, func(obj interface{}) { SetObjectDefaults_DaemonSet(obj.(*v1beta1.DaemonSet)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.DaemonSetList{}, func(obj interface{}) { SetObjectDefaults_DaemonSetList(obj.(*v1beta1.DaemonSetList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.Deployment{}, func(obj interface{}) { SetObjectDefaults_Deployment(obj.(*v1beta1.Deployment)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.DeploymentList{}, func(obj interface{}) { SetObjectDefaults_DeploymentList(obj.(*v1beta1.DeploymentList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.Ingress{}, func(obj interface{}) { SetObjectDefaults_Ingress(obj.(*v1beta1.Ingress)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.IngressList{}, func(obj interface{}) { SetObjectDefaults_IngressList(obj.(*v1beta1.IngressList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.NetworkPolicy{}, func(obj interface{}) { SetObjectDefaults_NetworkPolicy(obj.(*v1beta1.NetworkPolicy)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.NetworkPolicyList{}, func(obj interface{}) { SetObjectDefaults_NetworkPolicyList(obj.(*v1beta1.NetworkPolicyList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicy{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicy(obj.(*v1beta1.PodSecurityPolicy)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicyList{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicyList(obj.(*v1beta1.PodSecurityPolicyList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.ReplicaSet{}, func(obj interface{}) { SetObjectDefaults_ReplicaSet(obj.(*v1beta1.ReplicaSet)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.ReplicaSetList{}, func(obj interface{}) { SetObjectDefaults_ReplicaSetList(obj.(*v1beta1.ReplicaSetList)) }) - return nil -} - -func SetObjectDefaults_DaemonSet(in *v1beta1.DaemonSet) { - SetDefaults_DaemonSet(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_DaemonSetList(in *v1beta1.DaemonSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_DaemonSet(a) - } -} - -func SetObjectDefaults_Deployment(in *v1beta1.Deployment) { - SetDefaults_Deployment(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_DeploymentList(in *v1beta1.DeploymentList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Deployment(a) - } -} - -func SetObjectDefaults_Ingress(in *v1beta1.Ingress) { - for i := range in.Spec.Rules { - a := &in.Spec.Rules[i] - if a.IngressRuleValue.HTTP != nil { - for j := range a.IngressRuleValue.HTTP.Paths { - b := &a.IngressRuleValue.HTTP.Paths[j] - SetDefaults_HTTPIngressPath(b) - } - } - } -} - -func SetObjectDefaults_IngressList(in *v1beta1.IngressList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Ingress(a) - } -} - -func SetObjectDefaults_NetworkPolicy(in *v1beta1.NetworkPolicy) { - SetDefaults_NetworkPolicy(in) -} - -func SetObjectDefaults_NetworkPolicyList(in *v1beta1.NetworkPolicyList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_NetworkPolicy(a) - } -} - -func SetObjectDefaults_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy) { - SetDefaults_PodSecurityPolicySpec(&in.Spec) -} - -func SetObjectDefaults_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PodSecurityPolicy(a) - } -} - -func SetObjectDefaults_ReplicaSet(in *v1beta1.ReplicaSet) { - SetDefaults_ReplicaSet(in) - v1.SetDefaults_PodSpec(&in.Spec.Template.Spec) - for i := range in.Spec.Template.Spec.Volumes { - a := &in.Spec.Template.Spec.Volumes[i] - v1.SetDefaults_Volume(a) - if a.VolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(a.VolumeSource.HostPath) - } - if a.VolumeSource.Secret != nil { - v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret) - } - if a.VolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI) - } - if a.VolumeSource.RBD != nil { - v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD) - } - if a.VolumeSource.DownwardAPI != nil { - v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI) - for j := range a.VolumeSource.DownwardAPI.Items { - b := &a.VolumeSource.DownwardAPI.Items[j] - if b.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.FieldRef) - } - } - } - if a.VolumeSource.ConfigMap != nil { - v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap) - } - if a.VolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk) - } - if a.VolumeSource.Projected != nil { - v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected) - for j := range a.VolumeSource.Projected.Sources { - b := &a.VolumeSource.Projected.Sources[j] - if b.DownwardAPI != nil { - for k := range b.DownwardAPI.Items { - c := &b.DownwardAPI.Items[k] - if c.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(c.FieldRef) - } - } - } - if b.ServiceAccountToken != nil { - v1.SetDefaults_ServiceAccountTokenProjection(b.ServiceAccountToken) - } - } - } - if a.VolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO) - } - if a.VolumeSource.Ephemeral != nil { - if a.VolumeSource.Ephemeral.VolumeClaimTemplate != nil { - v1.SetDefaults_PersistentVolumeClaimSpec(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Limits) - v1.SetDefaults_ResourceList(&a.VolumeSource.Ephemeral.VolumeClaimTemplate.Spec.Resources.Requests) - } - } - } - for i := range in.Spec.Template.Spec.InitContainers { - a := &in.Spec.Template.Spec.InitContainers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.Containers { - a := &in.Spec.Template.Spec.Containers[i] - v1.SetDefaults_Container(a) - for j := range a.Ports { - b := &a.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.Env { - b := &a.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.Resources.Limits) - v1.SetDefaults_ResourceList(&a.Resources.Requests) - if a.LivenessProbe != nil { - v1.SetDefaults_Probe(a.LivenessProbe) - if a.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.LivenessProbe.ProbeHandler.GRPC != nil { - if a.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.ReadinessProbe) - if a.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.StartupProbe != nil { - v1.SetDefaults_Probe(a.StartupProbe) - if a.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet) - } - if a.StartupProbe.ProbeHandler.GRPC != nil { - if a.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.Lifecycle != nil { - if a.Lifecycle.PostStart != nil { - if a.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PostStart.HTTPGet) - } - } - if a.Lifecycle.PreStop != nil { - if a.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.Lifecycle.PreStop.HTTPGet) - } - } - } - } - for i := range in.Spec.Template.Spec.EphemeralContainers { - a := &in.Spec.Template.Spec.EphemeralContainers[i] - v1.SetDefaults_EphemeralContainer(a) - for j := range a.EphemeralContainerCommon.Ports { - b := &a.EphemeralContainerCommon.Ports[j] - if b.Protocol == "" { - b.Protocol = "TCP" - } - } - for j := range a.EphemeralContainerCommon.Env { - b := &a.EphemeralContainerCommon.Env[j] - if b.ValueFrom != nil { - if b.ValueFrom.FieldRef != nil { - v1.SetDefaults_ObjectFieldSelector(b.ValueFrom.FieldRef) - } - } - } - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Limits) - v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests) - if a.EphemeralContainerCommon.LivenessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe) - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.ReadinessProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe) - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.StartupProbe != nil { - v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe) - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet) - } - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil { - if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil { - var ptrVar1 string = "" - a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1 - } - } - } - if a.EphemeralContainerCommon.Lifecycle != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart != nil { - if a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PostStart.HTTPGet) - } - } - if a.EphemeralContainerCommon.Lifecycle.PreStop != nil { - if a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet != nil { - v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.Lifecycle.PreStop.HTTPGet) - } - } - } - } - v1.SetDefaults_ResourceList(&in.Spec.Template.Spec.Overhead) -} - -func SetObjectDefaults_ReplicaSetList(in *v1beta1.ReplicaSetList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ReplicaSet(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/zz_generated.deepcopy.go deleted file mode 100644 index 51b916f6a7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/extensions/zz_generated.deepcopy.go +++ /dev/null @@ -1,22 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package extensions diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/doc.go deleted file mode 100644 index 33730efe58..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=flowcontrol.apiserver.k8s.io - -// Package flowcontrol provides api definitions for the "flowcontrol.apiserver.k8s.io" api group. -package flowcontrol // import "k8s.io/kubernetes/pkg/apis/flowcontrol" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/install/install.go deleted file mode 100644 index 658e1d108e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/install/install.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - flowcontrolv1alpha1 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1" - flowcontrolv1beta1 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1" - flowcontrolv1beta2 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2" - flowcontrolv1beta3 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(flowcontrol.AddToScheme(scheme)) - utilruntime.Must(flowcontrolv1alpha1.AddToScheme(scheme)) - utilruntime.Must(flowcontrolv1beta1.AddToScheme(scheme)) - utilruntime.Must(flowcontrolv1beta2.AddToScheme(scheme)) - utilruntime.Must(flowcontrolv1beta3.AddToScheme(scheme)) - // TODO(#112512): This controls serialization order, for 1.26, we can - // set the serialization version to v1beta2 because vN-1 understands that - // level. In 1.27, we should set the serialization version to v1beta3. - utilruntime.Must(scheme.SetVersionPriority(flowcontrolv1beta2.SchemeGroupVersion, flowcontrolv1beta3.SchemeGroupVersion, - flowcontrolv1beta1.SchemeGroupVersion, flowcontrolv1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/internalbootstrap/default-internal.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/internalbootstrap/default-internal.go deleted file mode 100644 index b939de136a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/internalbootstrap/default-internal.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internalbootstrap - -import ( - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - "k8s.io/kubernetes/pkg/apis/flowcontrol/install" -) - -// MandatoryFlowSchemas holds the untyped renditions of the mandatory -// flow schemas. In this map the key is the schema's name and the -// value is the `*FlowSchema`. Nobody should mutate anything -// reachable from this map. -var MandatoryFlowSchemas = internalizeFSes(bootstrap.MandatoryFlowSchemas) - -// MandatoryPriorityLevelConfigurations holds the untyped renditions of the -// mandatory priority level configuration objects. In this map the -// key is the object's name and the value is the -// `*PriorityLevelConfiguration`. Nobody should mutate anything -// reachable from this map. -var MandatoryPriorityLevelConfigurations = internalizePLs(bootstrap.MandatoryPriorityLevelConfigurations) - -// NewAPFScheme constructs and returns a Scheme configured to handle -// the API object types that are used to configure API Priority and -// Fairness -func NewAPFScheme() *runtime.Scheme { - scheme := runtime.NewScheme() - install.Install(scheme) - return scheme -} - -func internalizeFSes(exts []*flowcontrolv1beta3.FlowSchema) map[string]*flowcontrol.FlowSchema { - ans := make(map[string]*flowcontrol.FlowSchema, len(exts)) - scheme := NewAPFScheme() - for _, ext := range exts { - var untyped flowcontrol.FlowSchema - if err := scheme.Convert(ext, &untyped, nil); err != nil { - panic(err) - } - ans[ext.Name] = &untyped - } - return ans -} - -func internalizePLs(exts []*flowcontrolv1beta3.PriorityLevelConfiguration) map[string]*flowcontrol.PriorityLevelConfiguration { - ans := make(map[string]*flowcontrol.PriorityLevelConfiguration, len(exts)) - scheme := NewAPFScheme() - for _, ext := range exts { - var untyped flowcontrol.PriorityLevelConfiguration - if err := scheme.Convert(ext, &untyped, nil); err != nil { - panic(err) - } - ans[ext.Name] = &untyped - } - return ans -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/register.go deleted file mode 100644 index 7419c39a7a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/register.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the name of api group -const GroupName = "flowcontrol.apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder installs the api group to a scheme - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme adds api to a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &FlowSchema{}, - &FlowSchemaList{}, - &PriorityLevelConfiguration{}, - &PriorityLevelConfigurationList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/types.go deleted file mode 100644 index b62e481c83..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/types.go +++ /dev/null @@ -1,556 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// These are valid wildcards. -const ( - APIGroupAll = "*" - ResourceAll = "*" - VerbAll = "*" - NonResourceAll = "*" - NameAll = "*" - - NamespaceEvery = "*" // matches every particular namespace -) - -// System preset priority level names -const ( - PriorityLevelConfigurationNameExempt = "exempt" - PriorityLevelConfigurationNameCatchAll = "catch-all" - FlowSchemaNameExempt = "exempt" - FlowSchemaNameCatchAll = "catch-all" -) - -// Conditions -const ( - FlowSchemaConditionDangling = "Dangling" - - PriorityLevelConfigurationConditionConcurrencyShared = "ConcurrencyShared" -) - -// Constants used by api validation. -const ( - FlowSchemaMaxMatchingPrecedence int32 = 10000 -) - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with -// similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". -type FlowSchema struct { - metav1.TypeMeta - // `metadata` is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - // `spec` is the specification of the desired behavior of a FlowSchema. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec FlowSchemaSpec - // `status` is the current status of a FlowSchema. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Status FlowSchemaStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// FlowSchemaList is a list of FlowSchema objects. -type FlowSchemaList struct { - metav1.TypeMeta - // `metadata` is the standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // `items` is a list of FlowSchemas. - Items []FlowSchema -} - -// FlowSchemaSpec describes how the FlowSchema's specification looks like. -type FlowSchemaSpec struct { - // `priorityLevelConfiguration` should reference a PriorityLevelConfiguration in the cluster. If the reference cannot - // be resolved, the FlowSchema will be ignored and marked as invalid in its status. - // Required. - PriorityLevelConfiguration PriorityLevelConfigurationReference - // `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen - // FlowSchema is among those with the numerically lowest (which we take to be logically highest) - // MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. - // Note that if the precedence is not specified, it will be set to 1000 as default. - // +optional - MatchingPrecedence int32 - // `distinguisherMethod` defines how to compute the flow distinguisher for requests that match this schema. - // `nil` specifies that the distinguisher is disabled and thus will always be the empty string. - // +optional - DistinguisherMethod *FlowDistinguisherMethod - // `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if - // at least one member of rules matches the request. - // if it is an empty slice, there will be no requests matching the FlowSchema. - // +listType=set - // +optional - Rules []PolicyRulesWithSubjects -} - -// FlowDistinguisherMethodType is the type of flow distinguisher method -type FlowDistinguisherMethodType string - -// These are valid flow-distinguisher methods. -const ( - // FlowDistinguisherMethodByUserType specifies that the flow distinguisher is the username in the request. - // This type is used to provide some insulation between users. - FlowDistinguisherMethodByUserType FlowDistinguisherMethodType = "ByUser" - - // FlowDistinguisherMethodByNamespaceType specifies that the flow distinguisher is the namespace of the - // object that the request acts upon. If the object is not namespaced, or if the request is a non-resource - // request, then the distinguisher will be the empty string. An example usage of this type is to provide - // some insulation between tenants in a situation where there are multiple tenants and each namespace - // is dedicated to a tenant. - FlowDistinguisherMethodByNamespaceType FlowDistinguisherMethodType = "ByNamespace" -) - -// FlowDistinguisherMethod specifies the method of a flow distinguisher. -type FlowDistinguisherMethod struct { - // `type` is the type of flow distinguisher method - // The supported types are "ByUser" and "ByNamespace". - // Required. - Type FlowDistinguisherMethodType -} - -// PriorityLevelConfigurationReference contains information that points to the "request-priority" being used. -type PriorityLevelConfigurationReference struct { - // `name` is the name of the priority level configuration being referenced - // Required. - Name string -} - -// PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject -// making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches -// a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member -// of resourceRules or nonResourceRules matches the request. -type PolicyRulesWithSubjects struct { - // subjects is the list of normal user, serviceaccount, or group that this rule cares about. - // There must be at least one member in this slice. - // A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. - // +listType=set - // Required. - Subjects []Subject - // `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the - // target resource. - // At least one of `resourceRules` and `nonResourceRules` has to be non-empty. - // +listType=set - // +optional - ResourceRules []ResourcePolicyRule - // `nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb - // and the target non-resource URL. - // +listType=set - // +optional - NonResourceRules []NonResourcePolicyRule -} - -// Subject matches the originator of a request, as identified by the request authentication system. There are three -// ways of matching an originator; by user, group, or service account. -// +union -type Subject struct { - // `kind` indicates which one of the other fields is non-empty. - // Required - // +unionDiscriminator - Kind SubjectKind - // `user` matches based on username. - // +optional - User *UserSubject - // `group` matches based on user group name. - // +optional - Group *GroupSubject - // `serviceAccount` matches ServiceAccounts. - // +optional - ServiceAccount *ServiceAccountSubject -} - -// SubjectKind is the kind of subject. -type SubjectKind string - -// Supported subject's kinds. -const ( - SubjectKindUser SubjectKind = "User" - SubjectKindGroup SubjectKind = "Group" - SubjectKindServiceAccount SubjectKind = "ServiceAccount" -) - -// UserSubject holds detailed information for user-kind subject. -type UserSubject struct { - // `name` is the username that matches, or "*" to match all usernames. - // Required. - Name string -} - -// GroupSubject holds detailed information for group-kind subject. -type GroupSubject struct { - // name is the user group that matches, or "*" to match all user groups. - // See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some - // well-known group names. - // Required. - Name string -} - -// ServiceAccountSubject holds detailed information for service-account-kind subject. -type ServiceAccountSubject struct { - // `namespace` is the namespace of matching ServiceAccount objects. - // Required. - Namespace string - // `name` is the name of matching ServiceAccount objects, or "*" to match regardless of name. - // Required. - Name string -} - -// ResourcePolicyRule is a predicate that matches some resource -// requests, testing the request's verb and the target resource. A -// ResourcePolicyRule matches a resource request if and only if: (a) -// at least one member of verbs matches the request, (b) at least one -// member of apiGroups matches the request, (c) at least one member of -// resources matches the request, and (d) least one member of -// namespaces matches the request. -type ResourcePolicyRule struct { - // `verbs` is a list of matching verbs and may not be empty. - // "*" matches all verbs and, if present, must be the only entry. - // +listType=set - // Required. - Verbs []string - - // `apiGroups` is a list of matching API groups and may not be empty. - // "*" matches all API groups and, if present, must be the only entry. - // +listType=set - // Required. - APIGroups []string - - // `resources` is a list of matching resources (i.e., lowercase - // and plural) with, if desired, subresource. For example, [ - // "services", "nodes/status" ]. This list may not be empty. - // "*" matches all resources and, if present, must be the only entry. - // Required. - // +listType=set - Resources []string - - // `clusterScope` indicates whether to match requests that do not - // specify a namespace (which happens either because the resource - // is not namespaced or the request targets all namespaces). - // If this field is omitted or false then the `namespaces` field - // must contain a non-empty list. - // +optional - ClusterScope bool - - // `namespaces` is a list of target namespaces that restricts - // matches. A request that specifies a target namespace matches - // only if either (a) this list contains that target namespace or - // (b) this list contains "*". Note that "*" matches any - // specified namespace but does not match a request that _does - // not specify_ a namespace (see the `clusterScope` field for - // that). - // This list may be empty, but only if `clusterScope` is true. - // +optional - // +listType=set - Namespaces []string -} - -// NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the -// target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member -// of verbs matches the request and (b) at least one member of nonResourceURLs matches the request. -type NonResourcePolicyRule struct { - // `verbs` is a list of matching verbs and may not be empty. - // "*" matches all verbs. If it is present, it must be the only entry. - // +listType=set - // Required. - Verbs []string - // `nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty. - // For example: - // - "/healthz" is legal - // - "/hea*" is illegal - // - "/hea" is legal but matches nothing - // - "/hea/*" also matches nothing - // - "/healthz/*" matches all per-component health checks. - // "*" matches all non-resource urls. if it is present, it must be the only entry. - // +listType=set - // Required. - NonResourceURLs []string -} - -// FlowSchemaStatus represents the current state of a FlowSchema. -type FlowSchemaStatus struct { - // `conditions` is a list of the current states of FlowSchema. - // +listType=map - // +listMapKey=type - // +patchMergeKey=type - // +patchStrategy=merge - // +optional - Conditions []FlowSchemaCondition -} - -// FlowSchemaCondition describes conditions for a FlowSchema. -type FlowSchemaCondition struct { - // `type` is the type of the condition. - // Required. - Type FlowSchemaConditionType - // `status` is the status of the condition. - // Can be True, False, Unknown. - // Required. - Status ConditionStatus - // `lastTransitionTime` is the last time the condition transitioned from one status to another. - LastTransitionTime metav1.Time - // `reason` is a unique, one-word, CamelCase reason for the condition's last transition. - Reason string - // `message` is a human-readable message indicating details about last transition. - Message string -} - -// FlowSchemaConditionType is a valid value for FlowSchemaStatusCondition.Type -type FlowSchemaConditionType string - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PriorityLevelConfiguration represents the configuration of a priority level. -type PriorityLevelConfiguration struct { - metav1.TypeMeta - // `metadata` is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - // `spec` is the specification of the desired behavior of a "request-priority". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec PriorityLevelConfigurationSpec - // `status` is the current status of a "request-priority". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Status PriorityLevelConfigurationStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects. -type PriorityLevelConfigurationList struct { - metav1.TypeMeta - // `metadata` is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - // `items` is a list of request-priorities. - Items []PriorityLevelConfiguration -} - -// PriorityLevelConfigurationSpec specifies the configuration of a priority level. -// +union -type PriorityLevelConfigurationSpec struct { - // `type` indicates whether this priority level is subject to - // limitation on request execution. A value of `"Exempt"` means - // that requests of this priority level are not subject to a limit - // (and thus are never queued) and do not detract from the - // capacity made available to other priority levels. A value of - // `"Limited"` means that (a) requests of this priority level - // _are_ subject to limits and (b) some of the server's limited - // capacity is made available exclusively to this priority level. - // Required. - // +unionDiscriminator - Type PriorityLevelEnablement - - // `limited` specifies how requests are handled for a Limited priority level. - // This field must be non-empty if and only if `type` is `"Limited"`. - // +optional - Limited *LimitedPriorityLevelConfiguration -} - -// PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level -type PriorityLevelEnablement string - -// Supported priority level enablement values. -const ( - // PriorityLevelEnablementExempt means that requests are not subject to limits - PriorityLevelEnablementExempt PriorityLevelEnablement = "Exempt" - - // PriorityLevelEnablementLimited means that requests are subject to limits - PriorityLevelEnablementLimited PriorityLevelEnablement = "Limited" -) - -// LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. -// It addresses two issues: -// - How are requests for this priority level limited? -// - What should be done with requests that exceed the limit? -type LimitedPriorityLevelConfiguration struct { - // `nominalConcurrencyShares` (NCS) contributes to the computation of the - // NominalConcurrencyLimit (NominalCL) of this level. - // This is the number of execution seats available at this priority level. - // This is used both for requests dispatched from this priority level - // as well as requests dispatched from other priority levels - // borrowing seats from this level. - // The server's concurrency limit (ServerCL) is divided among the - // Limited priority levels in proportion to their NCS values: - // - // NominalCL(i) = ceil( ServerCL * NCS(i) / sum_ncs ) - // sum_ncs = sum[limited priority level k] NCS(k) - // - // Bigger numbers mean a larger nominal concurrency limit, - // at the expense of every other Limited priority level. - // This field has a default value of 30. - // +optional - NominalConcurrencyShares int32 - - // `limitResponse` indicates what to do with requests that can not be executed right now - LimitResponse LimitResponse - - // `lendablePercent` prescribes the fraction of the level's NominalCL that - // can be borrowed by other priority levels. The value of this - // field must be between 0 and 100, inclusive, and it defaults to 0. - // The number of seats that other levels can borrow from this level, known - // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows. - // - // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 ) - // - // +optional - LendablePercent *int32 - - // `borrowingLimitPercent`, if present, configures a limit on how many - // seats this priority level can borrow from other priority levels. - // The limit is known as this level's BorrowingConcurrencyLimit - // (BorrowingCL) and is a limit on the total number of seats that this - // level may borrow at any one time. - // This field holds the ratio of that limit to the level's nominal - // concurrency limit. When this field is non-nil, it must hold a - // non-negative integer and the limit is calculated as follows. - // - // BorrowingCL(i) = round( NominalCL(i) * borrowingLimitPercent(i)/100.0 ) - // - // The value of this field can be more than 100, implying that this - // priority level can borrow a number of seats that is greater than - // its own nominal concurrency limit (NominalCL). - // When this field is left `nil`, the limit is effectively infinite. - // +optional - BorrowingLimitPercent *int32 -} - -// LimitResponse defines how to handle requests that can not be executed right now. -// +union -type LimitResponse struct { - // `type` is "Queue" or "Reject". - // "Queue" means that requests that can not be executed upon arrival - // are held in a queue until they can be executed or a queuing limit - // is reached. - // "Reject" means that requests that can not be executed upon arrival - // are rejected. - // Required. - // +unionDiscriminator - Type LimitResponseType - - // `queuing` holds the configuration parameters for queuing. - // This field may be non-empty only if `type` is `"Queue"`. - // +optional - Queuing *QueuingConfiguration -} - -// LimitResponseType identifies how a Limited priority level handles a request that can not be executed right now -type LimitResponseType string - -// Supported limit responses. -const ( - // LimitResponseTypeQueue means that requests that can not be executed right now are queued until they can be executed or a queuing limit is hit - LimitResponseTypeQueue LimitResponseType = "Queue" - - // LimitResponseTypeReject means that requests that can not be executed right now are rejected - LimitResponseTypeReject LimitResponseType = "Reject" -) - -// QueuingConfiguration holds the configuration parameters for queuing -type QueuingConfiguration struct { - // `queues` is the number of queues for this priority level. The - // queues exist independently at each apiserver. The value must be - // positive. Setting it to 1 effectively precludes - // shufflesharding and thus makes the distinguisher method of - // associated flow schemas irrelevant. This field has a default - // value of 64. - // +optional - Queues int32 - - // `handSize` is a small positive number that configures the - // shuffle sharding of requests into queues. When enqueuing a request - // at this priority level the request's flow identifier (a string - // pair) is hashed and the hash value is used to shuffle the list - // of queues and deal a hand of the size specified here. The - // request is put into one of the shortest queues in that hand. - // `handSize` must be no larger than `queues`, and should be - // significantly smaller (so that a few heavy flows do not - // saturate most of the queues). See the user-facing - // documentation for more extensive guidance on setting this - // field. This field has a default value of 8. - // +optional - HandSize int32 - - // `queueLengthLimit` is the maximum number of requests allowed to - // be waiting in a given queue of this priority level at a time; - // excess requests are rejected. This value must be positive. If - // not specified, it will be defaulted to 50. - // +optional - QueueLengthLimit int32 -} - -// PriorityLevelConfigurationConditionType is a valid value for PriorityLevelConfigurationStatusCondition.Type -type PriorityLevelConfigurationConditionType string - -// PriorityLevelConfigurationStatus represents the current state of a "request-priority". -type PriorityLevelConfigurationStatus struct { - // `conditions` is the current state of "request-priority". - // +listType=map - // +listMapKey=type - // +patchMergeKey=type - // +patchStrategy=merge - // +optional - Conditions []PriorityLevelConfigurationCondition -} - -// PriorityLevelConfigurationCondition defines the condition of priority level. -type PriorityLevelConfigurationCondition struct { - // `type` is the type of the condition. - // Required. - Type PriorityLevelConfigurationConditionType - // `status` is the status of the condition. - // Can be True, False, Unknown. - // Required. - Status ConditionStatus - // `lastTransitionTime` is the last time the condition transitioned from one status to another. - LastTransitionTime metav1.Time - // `reason` is a unique, one-word, CamelCase reason for the condition's last transition. - Reason string - // `message` is a human-readable message indicating details about last transition. - Message string -} - -// ConditionStatus is the status of the condition. -type ConditionStatus string - -// These are valid condition statuses. "ConditionTrue" means a resource is in the condition. -// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes -// can't decide if a resource is in the condition or not. In the future, we could add other -// intermediate conditions, e.g. ConditionDegraded. -const ( - ConditionTrue ConditionStatus = "True" - ConditionFalse ConditionStatus = "False" - ConditionUnknown ConditionStatus = "Unknown" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/util/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/util/helpers.go deleted file mode 100644 index 2122cdd978..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/util/helpers.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "sort" - - "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -var _ sort.Interface = FlowSchemaSequence{} - -// FlowSchemaSequence holds sorted set of pointers to FlowSchema objects. -// FlowSchemaSequence implements `sort.Interface` -type FlowSchemaSequence []*flowcontrol.FlowSchema - -func (s FlowSchemaSequence) Len() int { - return len(s) -} - -func (s FlowSchemaSequence) Less(i, j int) bool { - // the flow-schema w/ lower matching-precedence is prior - if ip, jp := s[i].Spec.MatchingPrecedence, s[j].Spec.MatchingPrecedence; ip != jp { - return ip < jp - } - // sort alphabetically - return s[i].Name < s[j].Name -} - -func (s FlowSchemaSequence) Swap(i, j int) { - s[i], s[j] = s[j], s[i] -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/conversion.go deleted file mode 100644 index 8c6f644db0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/conversion.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/api/flowcontrol/v1alpha1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -// LimitedPriorityLevelConfiguration.AssuredConcurrencyShares has been -// renamed to NominalConcurrencyShares in v1beta3. -func Convert_v1alpha1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1alpha1.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - if err := autoConvert_v1alpha1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in, out, nil); err != nil { - return err - } - - out.NominalConcurrencyShares = in.AssuredConcurrencyShares - return nil -} - -// LimitedPriorityLevelConfiguration.AssuredConcurrencyShares has been -// renamed to NominalConcurrencyShares in v1beta3. -func Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1alpha1_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1alpha1.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - if err := autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1alpha1_LimitedPriorityLevelConfiguration(in, out, nil); err != nil { - return err - } - - out.AssuredConcurrencyShares = in.NominalConcurrencyShares - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/defaults.go deleted file mode 100644 index 1c85f6c6f7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/defaults.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/api/flowcontrol/v1alpha1" -) - -// Default settings for flow-schema -const ( - FlowSchemaDefaultMatchingPrecedence int32 = 1000 -) - -// Default settings for priority-level-configuration -const ( - PriorityLevelConfigurationDefaultHandSize int32 = 8 - PriorityLevelConfigurationDefaultQueues int32 = 64 - PriorityLevelConfigurationDefaultQueueLengthLimit int32 = 50 - PriorityLevelConfigurationDefaultAssuredConcurrencyShares int32 = 30 -) - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_FlowSchemaSpec(spec *v1alpha1.FlowSchemaSpec) { - if spec.MatchingPrecedence == 0 { - spec.MatchingPrecedence = FlowSchemaDefaultMatchingPrecedence - } -} - -func SetDefaults_LimitedPriorityLevelConfiguration(lplc *v1alpha1.LimitedPriorityLevelConfiguration) { - if lplc.AssuredConcurrencyShares == 0 { - lplc.AssuredConcurrencyShares = PriorityLevelConfigurationDefaultAssuredConcurrencyShares - } - if lplc.LendablePercent == nil { - lplc.LendablePercent = new(int32) - *lplc.LendablePercent = 0 - } -} - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_QueuingConfiguration(cfg *v1alpha1.QueuingConfiguration) { - if cfg.HandSize == 0 { - cfg.HandSize = PriorityLevelConfigurationDefaultHandSize - } - if cfg.Queues == 0 { - cfg.Queues = PriorityLevelConfigurationDefaultQueues - } - if cfg.QueueLengthLimit == 0 { - cfg.QueueLengthLimit = PriorityLevelConfigurationDefaultQueueLengthLimit - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/doc.go deleted file mode 100644 index a3e71627af..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/flowcontrol -// +k8s:conversion-gen-external-types=k8s.io/api/flowcontrol/v1alpha1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/flowcontrol/v1alpha1 - -// +groupName=flowcontrol.apiserver.k8s.io - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/register.go deleted file mode 100644 index 6708038b40..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "flowcontrol.apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &flowcontrolv1alpha1.SchemeBuilder - // AddToScheme adds api to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 99be4acf4a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,821 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - flowcontrol "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.FlowDistinguisherMethod)(nil), (*flowcontrol.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(a.(*v1alpha1.FlowDistinguisherMethod), b.(*flowcontrol.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowDistinguisherMethod)(nil), (*v1alpha1.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowDistinguisherMethod_To_v1alpha1_FlowDistinguisherMethod(a.(*flowcontrol.FlowDistinguisherMethod), b.(*v1alpha1.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.FlowSchema)(nil), (*flowcontrol.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FlowSchema_To_flowcontrol_FlowSchema(a.(*v1alpha1.FlowSchema), b.(*flowcontrol.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchema)(nil), (*v1alpha1.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchema_To_v1alpha1_FlowSchema(a.(*flowcontrol.FlowSchema), b.(*v1alpha1.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.FlowSchemaCondition)(nil), (*flowcontrol.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(a.(*v1alpha1.FlowSchemaCondition), b.(*flowcontrol.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaCondition)(nil), (*v1alpha1.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaCondition_To_v1alpha1_FlowSchemaCondition(a.(*flowcontrol.FlowSchemaCondition), b.(*v1alpha1.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.FlowSchemaList)(nil), (*flowcontrol.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FlowSchemaList_To_flowcontrol_FlowSchemaList(a.(*v1alpha1.FlowSchemaList), b.(*flowcontrol.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaList)(nil), (*v1alpha1.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaList_To_v1alpha1_FlowSchemaList(a.(*flowcontrol.FlowSchemaList), b.(*v1alpha1.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.FlowSchemaSpec)(nil), (*flowcontrol.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(a.(*v1alpha1.FlowSchemaSpec), b.(*flowcontrol.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaSpec)(nil), (*v1alpha1.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaSpec_To_v1alpha1_FlowSchemaSpec(a.(*flowcontrol.FlowSchemaSpec), b.(*v1alpha1.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.FlowSchemaStatus)(nil), (*flowcontrol.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(a.(*v1alpha1.FlowSchemaStatus), b.(*flowcontrol.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaStatus)(nil), (*v1alpha1.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaStatus_To_v1alpha1_FlowSchemaStatus(a.(*flowcontrol.FlowSchemaStatus), b.(*v1alpha1.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.GroupSubject)(nil), (*flowcontrol.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_GroupSubject_To_flowcontrol_GroupSubject(a.(*v1alpha1.GroupSubject), b.(*flowcontrol.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.GroupSubject)(nil), (*v1alpha1.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_GroupSubject_To_v1alpha1_GroupSubject(a.(*flowcontrol.GroupSubject), b.(*v1alpha1.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.LimitResponse)(nil), (*flowcontrol.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_LimitResponse_To_flowcontrol_LimitResponse(a.(*v1alpha1.LimitResponse), b.(*flowcontrol.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.LimitResponse)(nil), (*v1alpha1.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitResponse_To_v1alpha1_LimitResponse(a.(*flowcontrol.LimitResponse), b.(*v1alpha1.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.NonResourcePolicyRule)(nil), (*flowcontrol.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(a.(*v1alpha1.NonResourcePolicyRule), b.(*flowcontrol.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.NonResourcePolicyRule)(nil), (*v1alpha1.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_NonResourcePolicyRule_To_v1alpha1_NonResourcePolicyRule(a.(*flowcontrol.NonResourcePolicyRule), b.(*v1alpha1.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PolicyRulesWithSubjects)(nil), (*flowcontrol.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(a.(*v1alpha1.PolicyRulesWithSubjects), b.(*flowcontrol.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PolicyRulesWithSubjects)(nil), (*v1alpha1.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PolicyRulesWithSubjects_To_v1alpha1_PolicyRulesWithSubjects(a.(*flowcontrol.PolicyRulesWithSubjects), b.(*v1alpha1.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityLevelConfiguration)(nil), (*flowcontrol.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(a.(*v1alpha1.PriorityLevelConfiguration), b.(*flowcontrol.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfiguration)(nil), (*v1alpha1.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfiguration_To_v1alpha1_PriorityLevelConfiguration(a.(*flowcontrol.PriorityLevelConfiguration), b.(*v1alpha1.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityLevelConfigurationCondition)(nil), (*flowcontrol.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(a.(*v1alpha1.PriorityLevelConfigurationCondition), b.(*flowcontrol.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationCondition)(nil), (*v1alpha1.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1alpha1_PriorityLevelConfigurationCondition(a.(*flowcontrol.PriorityLevelConfigurationCondition), b.(*v1alpha1.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityLevelConfigurationList)(nil), (*flowcontrol.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(a.(*v1alpha1.PriorityLevelConfigurationList), b.(*flowcontrol.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationList)(nil), (*v1alpha1.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationList_To_v1alpha1_PriorityLevelConfigurationList(a.(*flowcontrol.PriorityLevelConfigurationList), b.(*v1alpha1.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityLevelConfigurationReference)(nil), (*flowcontrol.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(a.(*v1alpha1.PriorityLevelConfigurationReference), b.(*flowcontrol.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationReference)(nil), (*v1alpha1.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1alpha1_PriorityLevelConfigurationReference(a.(*flowcontrol.PriorityLevelConfigurationReference), b.(*v1alpha1.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityLevelConfigurationSpec)(nil), (*flowcontrol.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(a.(*v1alpha1.PriorityLevelConfigurationSpec), b.(*flowcontrol.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationSpec)(nil), (*v1alpha1.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1alpha1_PriorityLevelConfigurationSpec(a.(*flowcontrol.PriorityLevelConfigurationSpec), b.(*v1alpha1.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityLevelConfigurationStatus)(nil), (*flowcontrol.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(a.(*v1alpha1.PriorityLevelConfigurationStatus), b.(*flowcontrol.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationStatus)(nil), (*v1alpha1.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1alpha1_PriorityLevelConfigurationStatus(a.(*flowcontrol.PriorityLevelConfigurationStatus), b.(*v1alpha1.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.QueuingConfiguration)(nil), (*flowcontrol.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(a.(*v1alpha1.QueuingConfiguration), b.(*flowcontrol.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.QueuingConfiguration)(nil), (*v1alpha1.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_QueuingConfiguration_To_v1alpha1_QueuingConfiguration(a.(*flowcontrol.QueuingConfiguration), b.(*v1alpha1.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourcePolicyRule)(nil), (*flowcontrol.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(a.(*v1alpha1.ResourcePolicyRule), b.(*flowcontrol.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ResourcePolicyRule)(nil), (*v1alpha1.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ResourcePolicyRule_To_v1alpha1_ResourcePolicyRule(a.(*flowcontrol.ResourcePolicyRule), b.(*v1alpha1.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ServiceAccountSubject)(nil), (*flowcontrol.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(a.(*v1alpha1.ServiceAccountSubject), b.(*flowcontrol.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ServiceAccountSubject)(nil), (*v1alpha1.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ServiceAccountSubject_To_v1alpha1_ServiceAccountSubject(a.(*flowcontrol.ServiceAccountSubject), b.(*v1alpha1.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.Subject)(nil), (*flowcontrol.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Subject_To_flowcontrol_Subject(a.(*v1alpha1.Subject), b.(*flowcontrol.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.Subject)(nil), (*v1alpha1.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_Subject_To_v1alpha1_Subject(a.(*flowcontrol.Subject), b.(*v1alpha1.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.UserSubject)(nil), (*flowcontrol.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_UserSubject_To_flowcontrol_UserSubject(a.(*v1alpha1.UserSubject), b.(*flowcontrol.UserSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.UserSubject)(nil), (*v1alpha1.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_UserSubject_To_v1alpha1_UserSubject(a.(*flowcontrol.UserSubject), b.(*v1alpha1.UserSubject), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*flowcontrol.LimitedPriorityLevelConfiguration)(nil), (*v1alpha1.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1alpha1_LimitedPriorityLevelConfiguration(a.(*flowcontrol.LimitedPriorityLevelConfiguration), b.(*v1alpha1.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1alpha1.LimitedPriorityLevelConfiguration)(nil), (*flowcontrol.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(a.(*v1alpha1.LimitedPriorityLevelConfiguration), b.(*flowcontrol.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1alpha1.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = flowcontrol.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_v1alpha1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_v1alpha1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1alpha1.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_v1alpha1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1alpha1_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1alpha1.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = v1alpha1.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_flowcontrol_FlowDistinguisherMethod_To_v1alpha1_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_flowcontrol_FlowDistinguisherMethod_To_v1alpha1_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1alpha1.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1alpha1_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_v1alpha1_FlowSchema_To_flowcontrol_FlowSchema(in *v1alpha1.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_FlowSchema_To_flowcontrol_FlowSchema is an autogenerated conversion function. -func Convert_v1alpha1_FlowSchema_To_flowcontrol_FlowSchema(in *v1alpha1.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - return autoConvert_v1alpha1_FlowSchema_To_flowcontrol_FlowSchema(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchema_To_v1alpha1_FlowSchema(in *flowcontrol.FlowSchema, out *v1alpha1.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_FlowSchemaSpec_To_v1alpha1_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_FlowSchemaStatus_To_v1alpha1_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_FlowSchema_To_v1alpha1_FlowSchema is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchema_To_v1alpha1_FlowSchema(in *flowcontrol.FlowSchema, out *v1alpha1.FlowSchema, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchema_To_v1alpha1_FlowSchema(in, out, s) -} - -func autoConvert_v1alpha1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1alpha1.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - out.Type = flowcontrol.FlowSchemaConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1alpha1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition is an autogenerated conversion function. -func Convert_v1alpha1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1alpha1.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_v1alpha1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaCondition_To_v1alpha1_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1alpha1.FlowSchemaCondition, s conversion.Scope) error { - out.Type = v1alpha1.FlowSchemaConditionType(in.Type) - out.Status = v1alpha1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_FlowSchemaCondition_To_v1alpha1_FlowSchemaCondition is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaCondition_To_v1alpha1_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1alpha1.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaCondition_To_v1alpha1_FlowSchemaCondition(in, out, s) -} - -func autoConvert_v1alpha1_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1alpha1.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]flowcontrol.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_FlowSchemaList_To_flowcontrol_FlowSchemaList is an autogenerated conversion function. -func Convert_v1alpha1_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1alpha1.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - return autoConvert_v1alpha1_FlowSchemaList_To_flowcontrol_FlowSchemaList(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaList_To_v1alpha1_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1alpha1.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_flowcontrol_FlowSchemaList_To_v1alpha1_FlowSchemaList is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaList_To_v1alpha1_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1alpha1.FlowSchemaList, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaList_To_v1alpha1_FlowSchemaList(in, out, s) -} - -func autoConvert_v1alpha1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1alpha1.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_v1alpha1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*flowcontrol.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]flowcontrol.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1alpha1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec is an autogenerated conversion function. -func Convert_v1alpha1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1alpha1.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaSpec_To_v1alpha1_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1alpha1.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1alpha1_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*v1alpha1.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]v1alpha1.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_flowcontrol_FlowSchemaSpec_To_v1alpha1_FlowSchemaSpec is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaSpec_To_v1alpha1_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1alpha1.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaSpec_To_v1alpha1_FlowSchemaSpec(in, out, s) -} - -func autoConvert_v1alpha1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1alpha1.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1alpha1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus is an autogenerated conversion function. -func Convert_v1alpha1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1alpha1.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaStatus_To_v1alpha1_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1alpha1.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1alpha1.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_FlowSchemaStatus_To_v1alpha1_FlowSchemaStatus is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaStatus_To_v1alpha1_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1alpha1.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaStatus_To_v1alpha1_FlowSchemaStatus(in, out, s) -} - -func autoConvert_v1alpha1_GroupSubject_To_flowcontrol_GroupSubject(in *v1alpha1.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_GroupSubject_To_flowcontrol_GroupSubject is an autogenerated conversion function. -func Convert_v1alpha1_GroupSubject_To_flowcontrol_GroupSubject(in *v1alpha1.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - return autoConvert_v1alpha1_GroupSubject_To_flowcontrol_GroupSubject(in, out, s) -} - -func autoConvert_flowcontrol_GroupSubject_To_v1alpha1_GroupSubject(in *flowcontrol.GroupSubject, out *v1alpha1.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_GroupSubject_To_v1alpha1_GroupSubject is an autogenerated conversion function. -func Convert_flowcontrol_GroupSubject_To_v1alpha1_GroupSubject(in *flowcontrol.GroupSubject, out *v1alpha1.GroupSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_GroupSubject_To_v1alpha1_GroupSubject(in, out, s) -} - -func autoConvert_v1alpha1_LimitResponse_To_flowcontrol_LimitResponse(in *v1alpha1.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - out.Type = flowcontrol.LimitResponseType(in.Type) - out.Queuing = (*flowcontrol.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_v1alpha1_LimitResponse_To_flowcontrol_LimitResponse is an autogenerated conversion function. -func Convert_v1alpha1_LimitResponse_To_flowcontrol_LimitResponse(in *v1alpha1.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - return autoConvert_v1alpha1_LimitResponse_To_flowcontrol_LimitResponse(in, out, s) -} - -func autoConvert_flowcontrol_LimitResponse_To_v1alpha1_LimitResponse(in *flowcontrol.LimitResponse, out *v1alpha1.LimitResponse, s conversion.Scope) error { - out.Type = v1alpha1.LimitResponseType(in.Type) - out.Queuing = (*v1alpha1.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_flowcontrol_LimitResponse_To_v1alpha1_LimitResponse is an autogenerated conversion function. -func Convert_flowcontrol_LimitResponse_To_v1alpha1_LimitResponse(in *flowcontrol.LimitResponse, out *v1alpha1.LimitResponse, s conversion.Scope) error { - return autoConvert_flowcontrol_LimitResponse_To_v1alpha1_LimitResponse(in, out, s) -} - -func autoConvert_v1alpha1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1alpha1.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - // WARNING: in.AssuredConcurrencyShares requires manual conversion: does not exist in peer-type - if err := Convert_v1alpha1_LimitResponse_To_flowcontrol_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -func autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1alpha1_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1alpha1.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - // WARNING: in.NominalConcurrencyShares requires manual conversion: does not exist in peer-type - if err := Convert_flowcontrol_LimitResponse_To_v1alpha1_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -func autoConvert_v1alpha1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1alpha1.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1alpha1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_v1alpha1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1alpha1.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1alpha1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_NonResourcePolicyRule_To_v1alpha1_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1alpha1.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_flowcontrol_NonResourcePolicyRule_To_v1alpha1_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_NonResourcePolicyRule_To_v1alpha1_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1alpha1.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_NonResourcePolicyRule_To_v1alpha1_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_v1alpha1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1alpha1.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]flowcontrol.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]flowcontrol.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]flowcontrol.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_v1alpha1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_v1alpha1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1alpha1.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_v1alpha1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1alpha1_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1alpha1.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]v1alpha1.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]v1alpha1.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]v1alpha1.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_flowcontrol_PolicyRulesWithSubjects_To_v1alpha1_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_flowcontrol_PolicyRulesWithSubjects_To_v1alpha1_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1alpha1.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1alpha1_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_v1alpha1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1alpha1.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1alpha1.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1alpha1_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1alpha1.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1alpha1_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1alpha1_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfiguration_To_v1alpha1_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfiguration_To_v1alpha1_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1alpha1.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1alpha1_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1alpha1.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelConfigurationConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1alpha1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_v1alpha1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1alpha1.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1alpha1_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1alpha1.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = v1alpha1.PriorityLevelConfigurationConditionType(in.Type) - out.Status = v1alpha1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1alpha1_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1alpha1_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1alpha1.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1alpha1_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_v1alpha1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1alpha1.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]flowcontrol.PriorityLevelConfiguration, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1alpha1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_v1alpha1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1alpha1.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1alpha1_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1alpha1.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1alpha1.PriorityLevelConfiguration, len(*in)) - for i := range *in { - if err := Convert_flowcontrol_PriorityLevelConfiguration_To_v1alpha1_PriorityLevelConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationList_To_v1alpha1_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationList_To_v1alpha1_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1alpha1.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1alpha1_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_v1alpha1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1alpha1.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_v1alpha1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1alpha1.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1alpha1_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1alpha1.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1alpha1_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1alpha1_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1alpha1.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1alpha1_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_v1alpha1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1alpha1.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelEnablement(in.Type) - if in.Limited != nil { - in, out := &in.Limited, &out.Limited - *out = new(flowcontrol.LimitedPriorityLevelConfiguration) - if err := Convert_v1alpha1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(*in, *out, s); err != nil { - return err - } - } else { - out.Limited = nil - } - return nil -} - -// Convert_v1alpha1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_v1alpha1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1alpha1.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1alpha1_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1alpha1.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = v1alpha1.PriorityLevelEnablement(in.Type) - if in.Limited != nil { - in, out := &in.Limited, &out.Limited - *out = new(v1alpha1.LimitedPriorityLevelConfiguration) - if err := Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1alpha1_LimitedPriorityLevelConfiguration(*in, *out, s); err != nil { - return err - } - } else { - out.Limited = nil - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1alpha1_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1alpha1_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1alpha1.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1alpha1_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_v1alpha1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1alpha1.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1alpha1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_v1alpha1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1alpha1.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1alpha1_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1alpha1.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1alpha1.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1alpha1_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1alpha1_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1alpha1.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1alpha1_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_v1alpha1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1alpha1.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_v1alpha1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1alpha1.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_QueuingConfiguration_To_v1alpha1_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1alpha1.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_flowcontrol_QueuingConfiguration_To_v1alpha1_QueuingConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_QueuingConfiguration_To_v1alpha1_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1alpha1.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_QueuingConfiguration_To_v1alpha1_QueuingConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1alpha1.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_v1alpha1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule is an autogenerated conversion function. -func Convert_v1alpha1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1alpha1.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_ResourcePolicyRule_To_v1alpha1_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1alpha1.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_flowcontrol_ResourcePolicyRule_To_v1alpha1_ResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_ResourcePolicyRule_To_v1alpha1_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1alpha1.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_ResourcePolicyRule_To_v1alpha1_ResourcePolicyRule(in, out, s) -} - -func autoConvert_v1alpha1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1alpha1.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject is an autogenerated conversion function. -func Convert_v1alpha1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1alpha1.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_v1alpha1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in, out, s) -} - -func autoConvert_flowcontrol_ServiceAccountSubject_To_v1alpha1_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1alpha1.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_ServiceAccountSubject_To_v1alpha1_ServiceAccountSubject is an autogenerated conversion function. -func Convert_flowcontrol_ServiceAccountSubject_To_v1alpha1_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1alpha1.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_ServiceAccountSubject_To_v1alpha1_ServiceAccountSubject(in, out, s) -} - -func autoConvert_v1alpha1_Subject_To_flowcontrol_Subject(in *v1alpha1.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - out.Kind = flowcontrol.SubjectKind(in.Kind) - out.User = (*flowcontrol.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*flowcontrol.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*flowcontrol.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_v1alpha1_Subject_To_flowcontrol_Subject is an autogenerated conversion function. -func Convert_v1alpha1_Subject_To_flowcontrol_Subject(in *v1alpha1.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - return autoConvert_v1alpha1_Subject_To_flowcontrol_Subject(in, out, s) -} - -func autoConvert_flowcontrol_Subject_To_v1alpha1_Subject(in *flowcontrol.Subject, out *v1alpha1.Subject, s conversion.Scope) error { - out.Kind = v1alpha1.SubjectKind(in.Kind) - out.User = (*v1alpha1.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*v1alpha1.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*v1alpha1.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_flowcontrol_Subject_To_v1alpha1_Subject is an autogenerated conversion function. -func Convert_flowcontrol_Subject_To_v1alpha1_Subject(in *flowcontrol.Subject, out *v1alpha1.Subject, s conversion.Scope) error { - return autoConvert_flowcontrol_Subject_To_v1alpha1_Subject(in, out, s) -} - -func autoConvert_v1alpha1_UserSubject_To_flowcontrol_UserSubject(in *v1alpha1.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_UserSubject_To_flowcontrol_UserSubject is an autogenerated conversion function. -func Convert_v1alpha1_UserSubject_To_flowcontrol_UserSubject(in *v1alpha1.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - return autoConvert_v1alpha1_UserSubject_To_flowcontrol_UserSubject(in, out, s) -} - -func autoConvert_flowcontrol_UserSubject_To_v1alpha1_UserSubject(in *flowcontrol.UserSubject, out *v1alpha1.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_UserSubject_To_v1alpha1_UserSubject is an autogenerated conversion function. -func Convert_flowcontrol_UserSubject_To_v1alpha1_UserSubject(in *flowcontrol.UserSubject, out *v1alpha1.UserSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_UserSubject_To_v1alpha1_UserSubject(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 447f5249ef..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,69 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1alpha1.FlowSchema{}, func(obj interface{}) { SetObjectDefaults_FlowSchema(obj.(*v1alpha1.FlowSchema)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.FlowSchemaList{}, func(obj interface{}) { SetObjectDefaults_FlowSchemaList(obj.(*v1alpha1.FlowSchemaList)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.PriorityLevelConfiguration{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfiguration(obj.(*v1alpha1.PriorityLevelConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1alpha1.PriorityLevelConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfigurationList(obj.(*v1alpha1.PriorityLevelConfigurationList)) - }) - return nil -} - -func SetObjectDefaults_FlowSchema(in *v1alpha1.FlowSchema) { - SetDefaults_FlowSchemaSpec(&in.Spec) -} - -func SetObjectDefaults_FlowSchemaList(in *v1alpha1.FlowSchemaList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_FlowSchema(a) - } -} - -func SetObjectDefaults_PriorityLevelConfiguration(in *v1alpha1.PriorityLevelConfiguration) { - if in.Spec.Limited != nil { - SetDefaults_LimitedPriorityLevelConfiguration(in.Spec.Limited) - if in.Spec.Limited.LimitResponse.Queuing != nil { - SetDefaults_QueuingConfiguration(in.Spec.Limited.LimitResponse.Queuing) - } - } -} - -func SetObjectDefaults_PriorityLevelConfigurationList(in *v1alpha1.PriorityLevelConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PriorityLevelConfiguration(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/conversion.go deleted file mode 100644 index 20a2b528b0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/conversion.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/api/flowcontrol/v1beta1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -// LimitedPriorityLevelConfiguration.AssuredConcurrencyShares has been -// renamed to NominalConcurrencyShares in v1beta3. -func Convert_v1beta1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1beta1.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - if err := autoConvert_v1beta1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in, out, nil); err != nil { - return err - } - - out.NominalConcurrencyShares = in.AssuredConcurrencyShares - return nil -} - -// LimitedPriorityLevelConfiguration.AssuredConcurrencyShares has been -// renamed to NominalConcurrencyShares in v1beta3. -func Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta1_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1beta1.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - if err := autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta1_LimitedPriorityLevelConfiguration(in, out, nil); err != nil { - return err - } - - out.AssuredConcurrencyShares = in.NominalConcurrencyShares - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/defaults.go deleted file mode 100644 index a8ee8a784b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/defaults.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/api/flowcontrol/v1beta1" -) - -// Default settings for flow-schema -const ( - FlowSchemaDefaultMatchingPrecedence int32 = 1000 -) - -// Default settings for priority-level-configuration -const ( - PriorityLevelConfigurationDefaultHandSize int32 = 8 - PriorityLevelConfigurationDefaultQueues int32 = 64 - PriorityLevelConfigurationDefaultQueueLengthLimit int32 = 50 - PriorityLevelConfigurationDefaultAssuredConcurrencyShares int32 = 30 -) - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_FlowSchemaSpec(spec *v1beta1.FlowSchemaSpec) { - if spec.MatchingPrecedence == 0 { - spec.MatchingPrecedence = FlowSchemaDefaultMatchingPrecedence - } -} - -func SetDefaults_LimitedPriorityLevelConfiguration(lplc *v1beta1.LimitedPriorityLevelConfiguration) { - if lplc.AssuredConcurrencyShares == 0 { - lplc.AssuredConcurrencyShares = PriorityLevelConfigurationDefaultAssuredConcurrencyShares - } - if lplc.LendablePercent == nil { - lplc.LendablePercent = new(int32) - *lplc.LendablePercent = 0 - } -} - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_QueuingConfiguration(cfg *v1beta1.QueuingConfiguration) { - if cfg.HandSize == 0 { - cfg.HandSize = PriorityLevelConfigurationDefaultHandSize - } - if cfg.Queues == 0 { - cfg.Queues = PriorityLevelConfigurationDefaultQueues - } - if cfg.QueueLengthLimit == 0 { - cfg.QueueLengthLimit = PriorityLevelConfigurationDefaultQueueLengthLimit - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/doc.go deleted file mode 100644 index cbced4e6cc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/flowcontrol -// +k8s:conversion-gen-external-types=k8s.io/api/flowcontrol/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/flowcontrol/v1beta1 - -// +groupName=flowcontrol.apiserver.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/register.go deleted file mode 100644 index 6ab29c5f46..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "flowcontrol.apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &flowcontrolv1beta1.SchemeBuilder - // AddToScheme adds api to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/zz_generated.conversion.go deleted file mode 100644 index d2ff1c082b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,821 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/flowcontrol/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - flowcontrol "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.FlowDistinguisherMethod)(nil), (*flowcontrol.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(a.(*v1beta1.FlowDistinguisherMethod), b.(*flowcontrol.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowDistinguisherMethod)(nil), (*v1beta1.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta1_FlowDistinguisherMethod(a.(*flowcontrol.FlowDistinguisherMethod), b.(*v1beta1.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.FlowSchema)(nil), (*flowcontrol.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FlowSchema_To_flowcontrol_FlowSchema(a.(*v1beta1.FlowSchema), b.(*flowcontrol.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchema)(nil), (*v1beta1.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchema_To_v1beta1_FlowSchema(a.(*flowcontrol.FlowSchema), b.(*v1beta1.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.FlowSchemaCondition)(nil), (*flowcontrol.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(a.(*v1beta1.FlowSchemaCondition), b.(*flowcontrol.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaCondition)(nil), (*v1beta1.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaCondition_To_v1beta1_FlowSchemaCondition(a.(*flowcontrol.FlowSchemaCondition), b.(*v1beta1.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.FlowSchemaList)(nil), (*flowcontrol.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FlowSchemaList_To_flowcontrol_FlowSchemaList(a.(*v1beta1.FlowSchemaList), b.(*flowcontrol.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaList)(nil), (*v1beta1.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaList_To_v1beta1_FlowSchemaList(a.(*flowcontrol.FlowSchemaList), b.(*v1beta1.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.FlowSchemaSpec)(nil), (*flowcontrol.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(a.(*v1beta1.FlowSchemaSpec), b.(*flowcontrol.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaSpec)(nil), (*v1beta1.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaSpec_To_v1beta1_FlowSchemaSpec(a.(*flowcontrol.FlowSchemaSpec), b.(*v1beta1.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.FlowSchemaStatus)(nil), (*flowcontrol.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(a.(*v1beta1.FlowSchemaStatus), b.(*flowcontrol.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaStatus)(nil), (*v1beta1.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaStatus_To_v1beta1_FlowSchemaStatus(a.(*flowcontrol.FlowSchemaStatus), b.(*v1beta1.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.GroupSubject)(nil), (*flowcontrol.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_GroupSubject_To_flowcontrol_GroupSubject(a.(*v1beta1.GroupSubject), b.(*flowcontrol.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.GroupSubject)(nil), (*v1beta1.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_GroupSubject_To_v1beta1_GroupSubject(a.(*flowcontrol.GroupSubject), b.(*v1beta1.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.LimitResponse)(nil), (*flowcontrol.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_LimitResponse_To_flowcontrol_LimitResponse(a.(*v1beta1.LimitResponse), b.(*flowcontrol.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.LimitResponse)(nil), (*v1beta1.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitResponse_To_v1beta1_LimitResponse(a.(*flowcontrol.LimitResponse), b.(*v1beta1.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.NonResourcePolicyRule)(nil), (*flowcontrol.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(a.(*v1beta1.NonResourcePolicyRule), b.(*flowcontrol.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.NonResourcePolicyRule)(nil), (*v1beta1.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_NonResourcePolicyRule_To_v1beta1_NonResourcePolicyRule(a.(*flowcontrol.NonResourcePolicyRule), b.(*v1beta1.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PolicyRulesWithSubjects)(nil), (*flowcontrol.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(a.(*v1beta1.PolicyRulesWithSubjects), b.(*flowcontrol.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PolicyRulesWithSubjects)(nil), (*v1beta1.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta1_PolicyRulesWithSubjects(a.(*flowcontrol.PolicyRulesWithSubjects), b.(*v1beta1.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityLevelConfiguration)(nil), (*flowcontrol.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(a.(*v1beta1.PriorityLevelConfiguration), b.(*flowcontrol.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfiguration)(nil), (*v1beta1.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta1_PriorityLevelConfiguration(a.(*flowcontrol.PriorityLevelConfiguration), b.(*v1beta1.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityLevelConfigurationCondition)(nil), (*flowcontrol.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(a.(*v1beta1.PriorityLevelConfigurationCondition), b.(*flowcontrol.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationCondition)(nil), (*v1beta1.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta1_PriorityLevelConfigurationCondition(a.(*flowcontrol.PriorityLevelConfigurationCondition), b.(*v1beta1.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityLevelConfigurationList)(nil), (*flowcontrol.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(a.(*v1beta1.PriorityLevelConfigurationList), b.(*flowcontrol.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationList)(nil), (*v1beta1.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta1_PriorityLevelConfigurationList(a.(*flowcontrol.PriorityLevelConfigurationList), b.(*v1beta1.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityLevelConfigurationReference)(nil), (*flowcontrol.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(a.(*v1beta1.PriorityLevelConfigurationReference), b.(*flowcontrol.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationReference)(nil), (*v1beta1.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta1_PriorityLevelConfigurationReference(a.(*flowcontrol.PriorityLevelConfigurationReference), b.(*v1beta1.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityLevelConfigurationSpec)(nil), (*flowcontrol.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(a.(*v1beta1.PriorityLevelConfigurationSpec), b.(*flowcontrol.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationSpec)(nil), (*v1beta1.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta1_PriorityLevelConfigurationSpec(a.(*flowcontrol.PriorityLevelConfigurationSpec), b.(*v1beta1.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityLevelConfigurationStatus)(nil), (*flowcontrol.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(a.(*v1beta1.PriorityLevelConfigurationStatus), b.(*flowcontrol.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationStatus)(nil), (*v1beta1.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta1_PriorityLevelConfigurationStatus(a.(*flowcontrol.PriorityLevelConfigurationStatus), b.(*v1beta1.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.QueuingConfiguration)(nil), (*flowcontrol.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(a.(*v1beta1.QueuingConfiguration), b.(*flowcontrol.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.QueuingConfiguration)(nil), (*v1beta1.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_QueuingConfiguration_To_v1beta1_QueuingConfiguration(a.(*flowcontrol.QueuingConfiguration), b.(*v1beta1.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ResourcePolicyRule)(nil), (*flowcontrol.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(a.(*v1beta1.ResourcePolicyRule), b.(*flowcontrol.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ResourcePolicyRule)(nil), (*v1beta1.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ResourcePolicyRule_To_v1beta1_ResourcePolicyRule(a.(*flowcontrol.ResourcePolicyRule), b.(*v1beta1.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ServiceAccountSubject)(nil), (*flowcontrol.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(a.(*v1beta1.ServiceAccountSubject), b.(*flowcontrol.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ServiceAccountSubject)(nil), (*v1beta1.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ServiceAccountSubject_To_v1beta1_ServiceAccountSubject(a.(*flowcontrol.ServiceAccountSubject), b.(*v1beta1.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Subject)(nil), (*flowcontrol.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Subject_To_flowcontrol_Subject(a.(*v1beta1.Subject), b.(*flowcontrol.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.Subject)(nil), (*v1beta1.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_Subject_To_v1beta1_Subject(a.(*flowcontrol.Subject), b.(*v1beta1.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.UserSubject)(nil), (*flowcontrol.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_UserSubject_To_flowcontrol_UserSubject(a.(*v1beta1.UserSubject), b.(*flowcontrol.UserSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.UserSubject)(nil), (*v1beta1.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_UserSubject_To_v1beta1_UserSubject(a.(*flowcontrol.UserSubject), b.(*v1beta1.UserSubject), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*flowcontrol.LimitedPriorityLevelConfiguration)(nil), (*v1beta1.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta1_LimitedPriorityLevelConfiguration(a.(*flowcontrol.LimitedPriorityLevelConfiguration), b.(*v1beta1.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.LimitedPriorityLevelConfiguration)(nil), (*flowcontrol.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(a.(*v1beta1.LimitedPriorityLevelConfiguration), b.(*flowcontrol.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1beta1.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = flowcontrol.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_v1beta1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_v1beta1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1beta1.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_v1beta1_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1beta1_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1beta1.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = v1beta1.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta1_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta1_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1beta1.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1beta1_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_v1beta1_FlowSchema_To_flowcontrol_FlowSchema(in *v1beta1.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_FlowSchema_To_flowcontrol_FlowSchema is an autogenerated conversion function. -func Convert_v1beta1_FlowSchema_To_flowcontrol_FlowSchema(in *v1beta1.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - return autoConvert_v1beta1_FlowSchema_To_flowcontrol_FlowSchema(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchema_To_v1beta1_FlowSchema(in *flowcontrol.FlowSchema, out *v1beta1.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_FlowSchemaSpec_To_v1beta1_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_FlowSchemaStatus_To_v1beta1_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_FlowSchema_To_v1beta1_FlowSchema is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchema_To_v1beta1_FlowSchema(in *flowcontrol.FlowSchema, out *v1beta1.FlowSchema, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchema_To_v1beta1_FlowSchema(in, out, s) -} - -func autoConvert_v1beta1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1beta1.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - out.Type = flowcontrol.FlowSchemaConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition is an autogenerated conversion function. -func Convert_v1beta1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1beta1.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_v1beta1_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaCondition_To_v1beta1_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1beta1.FlowSchemaCondition, s conversion.Scope) error { - out.Type = v1beta1.FlowSchemaConditionType(in.Type) - out.Status = v1beta1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_FlowSchemaCondition_To_v1beta1_FlowSchemaCondition is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaCondition_To_v1beta1_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1beta1.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaCondition_To_v1beta1_FlowSchemaCondition(in, out, s) -} - -func autoConvert_v1beta1_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1beta1.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]flowcontrol.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_FlowSchemaList_To_flowcontrol_FlowSchemaList is an autogenerated conversion function. -func Convert_v1beta1_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1beta1.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - return autoConvert_v1beta1_FlowSchemaList_To_flowcontrol_FlowSchemaList(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaList_To_v1beta1_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1beta1.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_flowcontrol_FlowSchemaList_To_v1beta1_FlowSchemaList is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaList_To_v1beta1_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1beta1.FlowSchemaList, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaList_To_v1beta1_FlowSchemaList(in, out, s) -} - -func autoConvert_v1beta1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1beta1.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_v1beta1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*flowcontrol.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]flowcontrol.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1beta1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec is an autogenerated conversion function. -func Convert_v1beta1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1beta1.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_v1beta1_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaSpec_To_v1beta1_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1beta1.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta1_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*v1beta1.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]v1beta1.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_flowcontrol_FlowSchemaSpec_To_v1beta1_FlowSchemaSpec is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaSpec_To_v1beta1_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1beta1.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaSpec_To_v1beta1_FlowSchemaSpec(in, out, s) -} - -func autoConvert_v1beta1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1beta1.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus is an autogenerated conversion function. -func Convert_v1beta1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1beta1.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_v1beta1_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaStatus_To_v1beta1_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1beta1.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1beta1.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_FlowSchemaStatus_To_v1beta1_FlowSchemaStatus is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaStatus_To_v1beta1_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1beta1.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaStatus_To_v1beta1_FlowSchemaStatus(in, out, s) -} - -func autoConvert_v1beta1_GroupSubject_To_flowcontrol_GroupSubject(in *v1beta1.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta1_GroupSubject_To_flowcontrol_GroupSubject is an autogenerated conversion function. -func Convert_v1beta1_GroupSubject_To_flowcontrol_GroupSubject(in *v1beta1.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - return autoConvert_v1beta1_GroupSubject_To_flowcontrol_GroupSubject(in, out, s) -} - -func autoConvert_flowcontrol_GroupSubject_To_v1beta1_GroupSubject(in *flowcontrol.GroupSubject, out *v1beta1.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_GroupSubject_To_v1beta1_GroupSubject is an autogenerated conversion function. -func Convert_flowcontrol_GroupSubject_To_v1beta1_GroupSubject(in *flowcontrol.GroupSubject, out *v1beta1.GroupSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_GroupSubject_To_v1beta1_GroupSubject(in, out, s) -} - -func autoConvert_v1beta1_LimitResponse_To_flowcontrol_LimitResponse(in *v1beta1.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - out.Type = flowcontrol.LimitResponseType(in.Type) - out.Queuing = (*flowcontrol.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_v1beta1_LimitResponse_To_flowcontrol_LimitResponse is an autogenerated conversion function. -func Convert_v1beta1_LimitResponse_To_flowcontrol_LimitResponse(in *v1beta1.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - return autoConvert_v1beta1_LimitResponse_To_flowcontrol_LimitResponse(in, out, s) -} - -func autoConvert_flowcontrol_LimitResponse_To_v1beta1_LimitResponse(in *flowcontrol.LimitResponse, out *v1beta1.LimitResponse, s conversion.Scope) error { - out.Type = v1beta1.LimitResponseType(in.Type) - out.Queuing = (*v1beta1.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_flowcontrol_LimitResponse_To_v1beta1_LimitResponse is an autogenerated conversion function. -func Convert_flowcontrol_LimitResponse_To_v1beta1_LimitResponse(in *flowcontrol.LimitResponse, out *v1beta1.LimitResponse, s conversion.Scope) error { - return autoConvert_flowcontrol_LimitResponse_To_v1beta1_LimitResponse(in, out, s) -} - -func autoConvert_v1beta1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1beta1.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - // WARNING: in.AssuredConcurrencyShares requires manual conversion: does not exist in peer-type - if err := Convert_v1beta1_LimitResponse_To_flowcontrol_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -func autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta1_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1beta1.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - // WARNING: in.NominalConcurrencyShares requires manual conversion: does not exist in peer-type - if err := Convert_flowcontrol_LimitResponse_To_v1beta1_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -func autoConvert_v1beta1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1beta1.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1beta1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_v1beta1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1beta1.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1beta1_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_NonResourcePolicyRule_To_v1beta1_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1beta1.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_flowcontrol_NonResourcePolicyRule_To_v1beta1_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_NonResourcePolicyRule_To_v1beta1_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1beta1.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_NonResourcePolicyRule_To_v1beta1_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_v1beta1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1beta1.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]flowcontrol.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]flowcontrol.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]flowcontrol.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_v1beta1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_v1beta1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1beta1.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_v1beta1_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1beta1_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1beta1.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]v1beta1.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]v1beta1.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]v1beta1.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta1_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta1_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1beta1.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1beta1_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_v1beta1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1beta1.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_v1beta1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1beta1.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1beta1_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1beta1.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta1_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta1_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta1_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta1_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1beta1.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1beta1_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_v1beta1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1beta1.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelConfigurationConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_v1beta1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1beta1.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta1_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1beta1.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = v1beta1.PriorityLevelConfigurationConditionType(in.Type) - out.Status = v1beta1.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta1_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta1_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1beta1.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta1_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_v1beta1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1beta1.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]flowcontrol.PriorityLevelConfiguration, len(*in)) - for i := range *in { - if err := Convert_v1beta1_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_v1beta1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1beta1.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1beta1_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1beta1.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.PriorityLevelConfiguration, len(*in)) - for i := range *in { - if err := Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta1_PriorityLevelConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta1_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta1_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1beta1.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1beta1_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_v1beta1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1beta1.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_v1beta1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1beta1.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta1_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1beta1.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta1_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta1_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1beta1.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta1_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_v1beta1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1beta1.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelEnablement(in.Type) - if in.Limited != nil { - in, out := &in.Limited, &out.Limited - *out = new(flowcontrol.LimitedPriorityLevelConfiguration) - if err := Convert_v1beta1_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(*in, *out, s); err != nil { - return err - } - } else { - out.Limited = nil - } - return nil -} - -// Convert_v1beta1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_v1beta1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1beta1.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta1_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1beta1.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = v1beta1.PriorityLevelEnablement(in.Type) - if in.Limited != nil { - in, out := &in.Limited, &out.Limited - *out = new(v1beta1.LimitedPriorityLevelConfiguration) - if err := Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta1_LimitedPriorityLevelConfiguration(*in, *out, s); err != nil { - return err - } - } else { - out.Limited = nil - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta1_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta1_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1beta1.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta1_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_v1beta1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1beta1.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_v1beta1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1beta1.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta1_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1beta1.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1beta1.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta1_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta1_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1beta1.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta1_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_v1beta1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1beta1.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_v1beta1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration is an autogenerated conversion function. -func Convert_v1beta1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1beta1.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_v1beta1_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_QueuingConfiguration_To_v1beta1_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1beta1.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_flowcontrol_QueuingConfiguration_To_v1beta1_QueuingConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_QueuingConfiguration_To_v1beta1_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1beta1.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_QueuingConfiguration_To_v1beta1_QueuingConfiguration(in, out, s) -} - -func autoConvert_v1beta1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1beta1.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_v1beta1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule is an autogenerated conversion function. -func Convert_v1beta1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1beta1.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1beta1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_ResourcePolicyRule_To_v1beta1_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1beta1.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_flowcontrol_ResourcePolicyRule_To_v1beta1_ResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_ResourcePolicyRule_To_v1beta1_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1beta1.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_ResourcePolicyRule_To_v1beta1_ResourcePolicyRule(in, out, s) -} - -func autoConvert_v1beta1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1beta1.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_v1beta1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject is an autogenerated conversion function. -func Convert_v1beta1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1beta1.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_v1beta1_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in, out, s) -} - -func autoConvert_flowcontrol_ServiceAccountSubject_To_v1beta1_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1beta1.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_ServiceAccountSubject_To_v1beta1_ServiceAccountSubject is an autogenerated conversion function. -func Convert_flowcontrol_ServiceAccountSubject_To_v1beta1_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1beta1.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_ServiceAccountSubject_To_v1beta1_ServiceAccountSubject(in, out, s) -} - -func autoConvert_v1beta1_Subject_To_flowcontrol_Subject(in *v1beta1.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - out.Kind = flowcontrol.SubjectKind(in.Kind) - out.User = (*flowcontrol.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*flowcontrol.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*flowcontrol.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_v1beta1_Subject_To_flowcontrol_Subject is an autogenerated conversion function. -func Convert_v1beta1_Subject_To_flowcontrol_Subject(in *v1beta1.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - return autoConvert_v1beta1_Subject_To_flowcontrol_Subject(in, out, s) -} - -func autoConvert_flowcontrol_Subject_To_v1beta1_Subject(in *flowcontrol.Subject, out *v1beta1.Subject, s conversion.Scope) error { - out.Kind = v1beta1.SubjectKind(in.Kind) - out.User = (*v1beta1.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*v1beta1.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*v1beta1.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_flowcontrol_Subject_To_v1beta1_Subject is an autogenerated conversion function. -func Convert_flowcontrol_Subject_To_v1beta1_Subject(in *flowcontrol.Subject, out *v1beta1.Subject, s conversion.Scope) error { - return autoConvert_flowcontrol_Subject_To_v1beta1_Subject(in, out, s) -} - -func autoConvert_v1beta1_UserSubject_To_flowcontrol_UserSubject(in *v1beta1.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta1_UserSubject_To_flowcontrol_UserSubject is an autogenerated conversion function. -func Convert_v1beta1_UserSubject_To_flowcontrol_UserSubject(in *v1beta1.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - return autoConvert_v1beta1_UserSubject_To_flowcontrol_UserSubject(in, out, s) -} - -func autoConvert_flowcontrol_UserSubject_To_v1beta1_UserSubject(in *flowcontrol.UserSubject, out *v1beta1.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_UserSubject_To_v1beta1_UserSubject is an autogenerated conversion function. -func Convert_flowcontrol_UserSubject_To_v1beta1_UserSubject(in *flowcontrol.UserSubject, out *v1beta1.UserSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_UserSubject_To_v1beta1_UserSubject(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 1f724eb1c7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,69 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/flowcontrol/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.FlowSchema{}, func(obj interface{}) { SetObjectDefaults_FlowSchema(obj.(*v1beta1.FlowSchema)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.FlowSchemaList{}, func(obj interface{}) { SetObjectDefaults_FlowSchemaList(obj.(*v1beta1.FlowSchemaList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.PriorityLevelConfiguration{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfiguration(obj.(*v1beta1.PriorityLevelConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1beta1.PriorityLevelConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfigurationList(obj.(*v1beta1.PriorityLevelConfigurationList)) - }) - return nil -} - -func SetObjectDefaults_FlowSchema(in *v1beta1.FlowSchema) { - SetDefaults_FlowSchemaSpec(&in.Spec) -} - -func SetObjectDefaults_FlowSchemaList(in *v1beta1.FlowSchemaList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_FlowSchema(a) - } -} - -func SetObjectDefaults_PriorityLevelConfiguration(in *v1beta1.PriorityLevelConfiguration) { - if in.Spec.Limited != nil { - SetDefaults_LimitedPriorityLevelConfiguration(in.Spec.Limited) - if in.Spec.Limited.LimitResponse.Queuing != nil { - SetDefaults_QueuingConfiguration(in.Spec.Limited.LimitResponse.Queuing) - } - } -} - -func SetObjectDefaults_PriorityLevelConfigurationList(in *v1beta1.PriorityLevelConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PriorityLevelConfiguration(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/conversion.go deleted file mode 100644 index 9c9c9e15eb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/conversion.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - "k8s.io/api/flowcontrol/v1beta2" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -// LimitedPriorityLevelConfiguration.AssuredConcurrencyShares has been -// renamed to NominalConcurrencyShares in v1beta3. -func Convert_v1beta2_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1beta2.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - if err := autoConvert_v1beta2_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in, out, nil); err != nil { - return err - } - - out.NominalConcurrencyShares = in.AssuredConcurrencyShares - return nil -} - -// LimitedPriorityLevelConfiguration.AssuredConcurrencyShares has been -// renamed to NominalConcurrencyShares in v1beta3. -func Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta2_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1beta2.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - if err := autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta2_LimitedPriorityLevelConfiguration(in, out, nil); err != nil { - return err - } - - out.AssuredConcurrencyShares = in.NominalConcurrencyShares - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/defaults.go deleted file mode 100644 index 389995bd09..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/defaults.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - "k8s.io/api/flowcontrol/v1beta2" -) - -// Default settings for flow-schema -const ( - FlowSchemaDefaultMatchingPrecedence int32 = 1000 -) - -// Default settings for priority-level-configuration -const ( - PriorityLevelConfigurationDefaultHandSize int32 = 8 - PriorityLevelConfigurationDefaultQueues int32 = 64 - PriorityLevelConfigurationDefaultQueueLengthLimit int32 = 50 - PriorityLevelConfigurationDefaultAssuredConcurrencyShares int32 = 30 -) - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_FlowSchemaSpec(spec *v1beta2.FlowSchemaSpec) { - if spec.MatchingPrecedence == 0 { - spec.MatchingPrecedence = FlowSchemaDefaultMatchingPrecedence - } -} - -func SetDefaults_LimitedPriorityLevelConfiguration(lplc *v1beta2.LimitedPriorityLevelConfiguration) { - if lplc.AssuredConcurrencyShares == 0 { - lplc.AssuredConcurrencyShares = PriorityLevelConfigurationDefaultAssuredConcurrencyShares - } - if lplc.LendablePercent == nil { - lplc.LendablePercent = new(int32) - *lplc.LendablePercent = 0 - } -} - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_QueuingConfiguration(cfg *v1beta2.QueuingConfiguration) { - if cfg.HandSize == 0 { - cfg.HandSize = PriorityLevelConfigurationDefaultHandSize - } - if cfg.Queues == 0 { - cfg.Queues = PriorityLevelConfigurationDefaultQueues - } - if cfg.QueueLengthLimit == 0 { - cfg.QueueLengthLimit = PriorityLevelConfigurationDefaultQueueLengthLimit - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/doc.go deleted file mode 100644 index 9a5f82fb86..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/flowcontrol -// +k8s:conversion-gen-external-types=k8s.io/api/flowcontrol/v1beta2 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/flowcontrol/v1beta2 - -// +groupName=flowcontrol.apiserver.k8s.io - -package v1beta2 // import "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/register.go deleted file mode 100644 index 957fb1e6d6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta2 - -import ( - flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "flowcontrol.apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta2"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &flowcontrolv1beta2.SchemeBuilder - // AddToScheme adds api to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/zz_generated.conversion.go deleted file mode 100644 index fd20d70a31..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/zz_generated.conversion.go +++ /dev/null @@ -1,821 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta2 - -import ( - unsafe "unsafe" - - v1beta2 "k8s.io/api/flowcontrol/v1beta2" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - flowcontrol "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta2.FlowDistinguisherMethod)(nil), (*flowcontrol.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(a.(*v1beta2.FlowDistinguisherMethod), b.(*flowcontrol.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowDistinguisherMethod)(nil), (*v1beta2.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta2_FlowDistinguisherMethod(a.(*flowcontrol.FlowDistinguisherMethod), b.(*v1beta2.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.FlowSchema)(nil), (*flowcontrol.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_FlowSchema_To_flowcontrol_FlowSchema(a.(*v1beta2.FlowSchema), b.(*flowcontrol.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchema)(nil), (*v1beta2.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchema_To_v1beta2_FlowSchema(a.(*flowcontrol.FlowSchema), b.(*v1beta2.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.FlowSchemaCondition)(nil), (*flowcontrol.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(a.(*v1beta2.FlowSchemaCondition), b.(*flowcontrol.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaCondition)(nil), (*v1beta2.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaCondition_To_v1beta2_FlowSchemaCondition(a.(*flowcontrol.FlowSchemaCondition), b.(*v1beta2.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.FlowSchemaList)(nil), (*flowcontrol.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_FlowSchemaList_To_flowcontrol_FlowSchemaList(a.(*v1beta2.FlowSchemaList), b.(*flowcontrol.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaList)(nil), (*v1beta2.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaList_To_v1beta2_FlowSchemaList(a.(*flowcontrol.FlowSchemaList), b.(*v1beta2.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.FlowSchemaSpec)(nil), (*flowcontrol.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(a.(*v1beta2.FlowSchemaSpec), b.(*flowcontrol.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaSpec)(nil), (*v1beta2.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaSpec_To_v1beta2_FlowSchemaSpec(a.(*flowcontrol.FlowSchemaSpec), b.(*v1beta2.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.FlowSchemaStatus)(nil), (*flowcontrol.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(a.(*v1beta2.FlowSchemaStatus), b.(*flowcontrol.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaStatus)(nil), (*v1beta2.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaStatus_To_v1beta2_FlowSchemaStatus(a.(*flowcontrol.FlowSchemaStatus), b.(*v1beta2.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.GroupSubject)(nil), (*flowcontrol.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_GroupSubject_To_flowcontrol_GroupSubject(a.(*v1beta2.GroupSubject), b.(*flowcontrol.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.GroupSubject)(nil), (*v1beta2.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_GroupSubject_To_v1beta2_GroupSubject(a.(*flowcontrol.GroupSubject), b.(*v1beta2.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.LimitResponse)(nil), (*flowcontrol.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_LimitResponse_To_flowcontrol_LimitResponse(a.(*v1beta2.LimitResponse), b.(*flowcontrol.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.LimitResponse)(nil), (*v1beta2.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitResponse_To_v1beta2_LimitResponse(a.(*flowcontrol.LimitResponse), b.(*v1beta2.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.NonResourcePolicyRule)(nil), (*flowcontrol.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(a.(*v1beta2.NonResourcePolicyRule), b.(*flowcontrol.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.NonResourcePolicyRule)(nil), (*v1beta2.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_NonResourcePolicyRule_To_v1beta2_NonResourcePolicyRule(a.(*flowcontrol.NonResourcePolicyRule), b.(*v1beta2.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.PolicyRulesWithSubjects)(nil), (*flowcontrol.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(a.(*v1beta2.PolicyRulesWithSubjects), b.(*flowcontrol.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PolicyRulesWithSubjects)(nil), (*v1beta2.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta2_PolicyRulesWithSubjects(a.(*flowcontrol.PolicyRulesWithSubjects), b.(*v1beta2.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.PriorityLevelConfiguration)(nil), (*flowcontrol.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(a.(*v1beta2.PriorityLevelConfiguration), b.(*flowcontrol.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfiguration)(nil), (*v1beta2.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta2_PriorityLevelConfiguration(a.(*flowcontrol.PriorityLevelConfiguration), b.(*v1beta2.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.PriorityLevelConfigurationCondition)(nil), (*flowcontrol.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(a.(*v1beta2.PriorityLevelConfigurationCondition), b.(*flowcontrol.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationCondition)(nil), (*v1beta2.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta2_PriorityLevelConfigurationCondition(a.(*flowcontrol.PriorityLevelConfigurationCondition), b.(*v1beta2.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.PriorityLevelConfigurationList)(nil), (*flowcontrol.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(a.(*v1beta2.PriorityLevelConfigurationList), b.(*flowcontrol.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationList)(nil), (*v1beta2.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta2_PriorityLevelConfigurationList(a.(*flowcontrol.PriorityLevelConfigurationList), b.(*v1beta2.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.PriorityLevelConfigurationReference)(nil), (*flowcontrol.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(a.(*v1beta2.PriorityLevelConfigurationReference), b.(*flowcontrol.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationReference)(nil), (*v1beta2.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta2_PriorityLevelConfigurationReference(a.(*flowcontrol.PriorityLevelConfigurationReference), b.(*v1beta2.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.PriorityLevelConfigurationSpec)(nil), (*flowcontrol.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(a.(*v1beta2.PriorityLevelConfigurationSpec), b.(*flowcontrol.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationSpec)(nil), (*v1beta2.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta2_PriorityLevelConfigurationSpec(a.(*flowcontrol.PriorityLevelConfigurationSpec), b.(*v1beta2.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.PriorityLevelConfigurationStatus)(nil), (*flowcontrol.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(a.(*v1beta2.PriorityLevelConfigurationStatus), b.(*flowcontrol.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationStatus)(nil), (*v1beta2.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta2_PriorityLevelConfigurationStatus(a.(*flowcontrol.PriorityLevelConfigurationStatus), b.(*v1beta2.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.QueuingConfiguration)(nil), (*flowcontrol.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(a.(*v1beta2.QueuingConfiguration), b.(*flowcontrol.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.QueuingConfiguration)(nil), (*v1beta2.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_QueuingConfiguration_To_v1beta2_QueuingConfiguration(a.(*flowcontrol.QueuingConfiguration), b.(*v1beta2.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ResourcePolicyRule)(nil), (*flowcontrol.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(a.(*v1beta2.ResourcePolicyRule), b.(*flowcontrol.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ResourcePolicyRule)(nil), (*v1beta2.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ResourcePolicyRule_To_v1beta2_ResourcePolicyRule(a.(*flowcontrol.ResourcePolicyRule), b.(*v1beta2.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.ServiceAccountSubject)(nil), (*flowcontrol.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(a.(*v1beta2.ServiceAccountSubject), b.(*flowcontrol.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ServiceAccountSubject)(nil), (*v1beta2.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ServiceAccountSubject_To_v1beta2_ServiceAccountSubject(a.(*flowcontrol.ServiceAccountSubject), b.(*v1beta2.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.Subject)(nil), (*flowcontrol.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_Subject_To_flowcontrol_Subject(a.(*v1beta2.Subject), b.(*flowcontrol.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.Subject)(nil), (*v1beta2.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_Subject_To_v1beta2_Subject(a.(*flowcontrol.Subject), b.(*v1beta2.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta2.UserSubject)(nil), (*flowcontrol.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_UserSubject_To_flowcontrol_UserSubject(a.(*v1beta2.UserSubject), b.(*flowcontrol.UserSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.UserSubject)(nil), (*v1beta2.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_UserSubject_To_v1beta2_UserSubject(a.(*flowcontrol.UserSubject), b.(*v1beta2.UserSubject), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*flowcontrol.LimitedPriorityLevelConfiguration)(nil), (*v1beta2.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta2_LimitedPriorityLevelConfiguration(a.(*flowcontrol.LimitedPriorityLevelConfiguration), b.(*v1beta2.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta2.LimitedPriorityLevelConfiguration)(nil), (*flowcontrol.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta2_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(a.(*v1beta2.LimitedPriorityLevelConfiguration), b.(*flowcontrol.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta2_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1beta2.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = flowcontrol.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_v1beta2_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_v1beta2_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1beta2.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_v1beta2_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1beta2_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1beta2.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = v1beta2.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta2_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta2_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1beta2.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1beta2_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_v1beta2_FlowSchema_To_flowcontrol_FlowSchema(in *v1beta2.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta2_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta2_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_FlowSchema_To_flowcontrol_FlowSchema is an autogenerated conversion function. -func Convert_v1beta2_FlowSchema_To_flowcontrol_FlowSchema(in *v1beta2.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - return autoConvert_v1beta2_FlowSchema_To_flowcontrol_FlowSchema(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchema_To_v1beta2_FlowSchema(in *flowcontrol.FlowSchema, out *v1beta2.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_FlowSchemaSpec_To_v1beta2_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_FlowSchemaStatus_To_v1beta2_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_FlowSchema_To_v1beta2_FlowSchema is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchema_To_v1beta2_FlowSchema(in *flowcontrol.FlowSchema, out *v1beta2.FlowSchema, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchema_To_v1beta2_FlowSchema(in, out, s) -} - -func autoConvert_v1beta2_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1beta2.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - out.Type = flowcontrol.FlowSchemaConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta2_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition is an autogenerated conversion function. -func Convert_v1beta2_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1beta2.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_v1beta2_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaCondition_To_v1beta2_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1beta2.FlowSchemaCondition, s conversion.Scope) error { - out.Type = v1beta2.FlowSchemaConditionType(in.Type) - out.Status = v1beta2.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_FlowSchemaCondition_To_v1beta2_FlowSchemaCondition is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaCondition_To_v1beta2_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1beta2.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaCondition_To_v1beta2_FlowSchemaCondition(in, out, s) -} - -func autoConvert_v1beta2_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1beta2.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]flowcontrol.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta2_FlowSchemaList_To_flowcontrol_FlowSchemaList is an autogenerated conversion function. -func Convert_v1beta2_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1beta2.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - return autoConvert_v1beta2_FlowSchemaList_To_flowcontrol_FlowSchemaList(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaList_To_v1beta2_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1beta2.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta2.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_flowcontrol_FlowSchemaList_To_v1beta2_FlowSchemaList is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaList_To_v1beta2_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1beta2.FlowSchemaList, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaList_To_v1beta2_FlowSchemaList(in, out, s) -} - -func autoConvert_v1beta2_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1beta2.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_v1beta2_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*flowcontrol.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]flowcontrol.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1beta2_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec is an autogenerated conversion function. -func Convert_v1beta2_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1beta2.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_v1beta2_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaSpec_To_v1beta2_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1beta2.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta2_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*v1beta2.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]v1beta2.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_flowcontrol_FlowSchemaSpec_To_v1beta2_FlowSchemaSpec is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaSpec_To_v1beta2_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1beta2.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaSpec_To_v1beta2_FlowSchemaSpec(in, out, s) -} - -func autoConvert_v1beta2_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1beta2.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta2_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus is an autogenerated conversion function. -func Convert_v1beta2_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1beta2.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_v1beta2_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaStatus_To_v1beta2_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1beta2.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1beta2.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_FlowSchemaStatus_To_v1beta2_FlowSchemaStatus is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaStatus_To_v1beta2_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1beta2.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaStatus_To_v1beta2_FlowSchemaStatus(in, out, s) -} - -func autoConvert_v1beta2_GroupSubject_To_flowcontrol_GroupSubject(in *v1beta2.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta2_GroupSubject_To_flowcontrol_GroupSubject is an autogenerated conversion function. -func Convert_v1beta2_GroupSubject_To_flowcontrol_GroupSubject(in *v1beta2.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - return autoConvert_v1beta2_GroupSubject_To_flowcontrol_GroupSubject(in, out, s) -} - -func autoConvert_flowcontrol_GroupSubject_To_v1beta2_GroupSubject(in *flowcontrol.GroupSubject, out *v1beta2.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_GroupSubject_To_v1beta2_GroupSubject is an autogenerated conversion function. -func Convert_flowcontrol_GroupSubject_To_v1beta2_GroupSubject(in *flowcontrol.GroupSubject, out *v1beta2.GroupSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_GroupSubject_To_v1beta2_GroupSubject(in, out, s) -} - -func autoConvert_v1beta2_LimitResponse_To_flowcontrol_LimitResponse(in *v1beta2.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - out.Type = flowcontrol.LimitResponseType(in.Type) - out.Queuing = (*flowcontrol.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_v1beta2_LimitResponse_To_flowcontrol_LimitResponse is an autogenerated conversion function. -func Convert_v1beta2_LimitResponse_To_flowcontrol_LimitResponse(in *v1beta2.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - return autoConvert_v1beta2_LimitResponse_To_flowcontrol_LimitResponse(in, out, s) -} - -func autoConvert_flowcontrol_LimitResponse_To_v1beta2_LimitResponse(in *flowcontrol.LimitResponse, out *v1beta2.LimitResponse, s conversion.Scope) error { - out.Type = v1beta2.LimitResponseType(in.Type) - out.Queuing = (*v1beta2.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_flowcontrol_LimitResponse_To_v1beta2_LimitResponse is an autogenerated conversion function. -func Convert_flowcontrol_LimitResponse_To_v1beta2_LimitResponse(in *flowcontrol.LimitResponse, out *v1beta2.LimitResponse, s conversion.Scope) error { - return autoConvert_flowcontrol_LimitResponse_To_v1beta2_LimitResponse(in, out, s) -} - -func autoConvert_v1beta2_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1beta2.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - // WARNING: in.AssuredConcurrencyShares requires manual conversion: does not exist in peer-type - if err := Convert_v1beta2_LimitResponse_To_flowcontrol_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -func autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta2_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1beta2.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - // WARNING: in.NominalConcurrencyShares requires manual conversion: does not exist in peer-type - if err := Convert_flowcontrol_LimitResponse_To_v1beta2_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -func autoConvert_v1beta2_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1beta2.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1beta2_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_v1beta2_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1beta2.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1beta2_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_NonResourcePolicyRule_To_v1beta2_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1beta2.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_flowcontrol_NonResourcePolicyRule_To_v1beta2_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_NonResourcePolicyRule_To_v1beta2_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1beta2.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_NonResourcePolicyRule_To_v1beta2_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_v1beta2_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1beta2.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]flowcontrol.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]flowcontrol.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]flowcontrol.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_v1beta2_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_v1beta2_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1beta2.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_v1beta2_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1beta2_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1beta2.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]v1beta2.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]v1beta2.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]v1beta2.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta2_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta2_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1beta2.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1beta2_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_v1beta2_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1beta2.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta2_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta2_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta2_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_v1beta2_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1beta2.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_v1beta2_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1beta2_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1beta2.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta2_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta2_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta2_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta2_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1beta2.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1beta2_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_v1beta2_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1beta2.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelConfigurationConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta2_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_v1beta2_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1beta2.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_v1beta2_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta2_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1beta2.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = v1beta2.PriorityLevelConfigurationConditionType(in.Type) - out.Status = v1beta2.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta2_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta2_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1beta2.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta2_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_v1beta2_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1beta2.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]flowcontrol.PriorityLevelConfiguration, len(*in)) - for i := range *in { - if err := Convert_v1beta2_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta2_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_v1beta2_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1beta2.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_v1beta2_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1beta2_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1beta2.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta2.PriorityLevelConfiguration, len(*in)) - for i := range *in { - if err := Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta2_PriorityLevelConfiguration(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta2_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta2_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1beta2.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1beta2_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_v1beta2_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1beta2.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta2_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_v1beta2_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1beta2.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_v1beta2_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta2_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1beta2.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta2_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta2_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1beta2.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta2_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_v1beta2_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1beta2.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelEnablement(in.Type) - if in.Limited != nil { - in, out := &in.Limited, &out.Limited - *out = new(flowcontrol.LimitedPriorityLevelConfiguration) - if err := Convert_v1beta2_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(*in, *out, s); err != nil { - return err - } - } else { - out.Limited = nil - } - return nil -} - -// Convert_v1beta2_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_v1beta2_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1beta2.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_v1beta2_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta2_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1beta2.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = v1beta2.PriorityLevelEnablement(in.Type) - if in.Limited != nil { - in, out := &in.Limited, &out.Limited - *out = new(v1beta2.LimitedPriorityLevelConfiguration) - if err := Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta2_LimitedPriorityLevelConfiguration(*in, *out, s); err != nil { - return err - } - } else { - out.Limited = nil - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta2_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta2_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1beta2.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta2_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_v1beta2_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1beta2.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta2_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_v1beta2_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1beta2.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_v1beta2_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta2_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1beta2.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1beta2.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta2_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta2_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1beta2.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta2_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_v1beta2_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1beta2.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_v1beta2_QueuingConfiguration_To_flowcontrol_QueuingConfiguration is an autogenerated conversion function. -func Convert_v1beta2_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1beta2.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_v1beta2_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_QueuingConfiguration_To_v1beta2_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1beta2.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_flowcontrol_QueuingConfiguration_To_v1beta2_QueuingConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_QueuingConfiguration_To_v1beta2_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1beta2.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_QueuingConfiguration_To_v1beta2_QueuingConfiguration(in, out, s) -} - -func autoConvert_v1beta2_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1beta2.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_v1beta2_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule is an autogenerated conversion function. -func Convert_v1beta2_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1beta2.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1beta2_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_ResourcePolicyRule_To_v1beta2_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1beta2.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_flowcontrol_ResourcePolicyRule_To_v1beta2_ResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_ResourcePolicyRule_To_v1beta2_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1beta2.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_ResourcePolicyRule_To_v1beta2_ResourcePolicyRule(in, out, s) -} - -func autoConvert_v1beta2_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1beta2.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_v1beta2_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject is an autogenerated conversion function. -func Convert_v1beta2_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1beta2.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_v1beta2_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in, out, s) -} - -func autoConvert_flowcontrol_ServiceAccountSubject_To_v1beta2_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1beta2.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_ServiceAccountSubject_To_v1beta2_ServiceAccountSubject is an autogenerated conversion function. -func Convert_flowcontrol_ServiceAccountSubject_To_v1beta2_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1beta2.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_ServiceAccountSubject_To_v1beta2_ServiceAccountSubject(in, out, s) -} - -func autoConvert_v1beta2_Subject_To_flowcontrol_Subject(in *v1beta2.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - out.Kind = flowcontrol.SubjectKind(in.Kind) - out.User = (*flowcontrol.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*flowcontrol.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*flowcontrol.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_v1beta2_Subject_To_flowcontrol_Subject is an autogenerated conversion function. -func Convert_v1beta2_Subject_To_flowcontrol_Subject(in *v1beta2.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - return autoConvert_v1beta2_Subject_To_flowcontrol_Subject(in, out, s) -} - -func autoConvert_flowcontrol_Subject_To_v1beta2_Subject(in *flowcontrol.Subject, out *v1beta2.Subject, s conversion.Scope) error { - out.Kind = v1beta2.SubjectKind(in.Kind) - out.User = (*v1beta2.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*v1beta2.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*v1beta2.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_flowcontrol_Subject_To_v1beta2_Subject is an autogenerated conversion function. -func Convert_flowcontrol_Subject_To_v1beta2_Subject(in *flowcontrol.Subject, out *v1beta2.Subject, s conversion.Scope) error { - return autoConvert_flowcontrol_Subject_To_v1beta2_Subject(in, out, s) -} - -func autoConvert_v1beta2_UserSubject_To_flowcontrol_UserSubject(in *v1beta2.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta2_UserSubject_To_flowcontrol_UserSubject is an autogenerated conversion function. -func Convert_v1beta2_UserSubject_To_flowcontrol_UserSubject(in *v1beta2.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - return autoConvert_v1beta2_UserSubject_To_flowcontrol_UserSubject(in, out, s) -} - -func autoConvert_flowcontrol_UserSubject_To_v1beta2_UserSubject(in *flowcontrol.UserSubject, out *v1beta2.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_UserSubject_To_v1beta2_UserSubject is an autogenerated conversion function. -func Convert_flowcontrol_UserSubject_To_v1beta2_UserSubject(in *flowcontrol.UserSubject, out *v1beta2.UserSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_UserSubject_To_v1beta2_UserSubject(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/zz_generated.defaults.go deleted file mode 100644 index 4f5f02e914..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2/zz_generated.defaults.go +++ /dev/null @@ -1,69 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta2 - -import ( - v1beta2 "k8s.io/api/flowcontrol/v1beta2" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta2.FlowSchema{}, func(obj interface{}) { SetObjectDefaults_FlowSchema(obj.(*v1beta2.FlowSchema)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.FlowSchemaList{}, func(obj interface{}) { SetObjectDefaults_FlowSchemaList(obj.(*v1beta2.FlowSchemaList)) }) - scheme.AddTypeDefaultingFunc(&v1beta2.PriorityLevelConfiguration{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfiguration(obj.(*v1beta2.PriorityLevelConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1beta2.PriorityLevelConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfigurationList(obj.(*v1beta2.PriorityLevelConfigurationList)) - }) - return nil -} - -func SetObjectDefaults_FlowSchema(in *v1beta2.FlowSchema) { - SetDefaults_FlowSchemaSpec(&in.Spec) -} - -func SetObjectDefaults_FlowSchemaList(in *v1beta2.FlowSchemaList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_FlowSchema(a) - } -} - -func SetObjectDefaults_PriorityLevelConfiguration(in *v1beta2.PriorityLevelConfiguration) { - if in.Spec.Limited != nil { - SetDefaults_LimitedPriorityLevelConfiguration(in.Spec.Limited) - if in.Spec.Limited.LimitResponse.Queuing != nil { - SetDefaults_QueuingConfiguration(in.Spec.Limited.LimitResponse.Queuing) - } - } -} - -func SetObjectDefaults_PriorityLevelConfigurationList(in *v1beta2.PriorityLevelConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PriorityLevelConfiguration(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/defaults.go deleted file mode 100644 index b590bfb529..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/defaults.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta3 - -import ( - "k8s.io/api/flowcontrol/v1beta3" -) - -// Default settings for flow-schema -const ( - FlowSchemaDefaultMatchingPrecedence int32 = 1000 -) - -// Default settings for priority-level-configuration -const ( - PriorityLevelConfigurationDefaultHandSize int32 = 8 - PriorityLevelConfigurationDefaultQueues int32 = 64 - PriorityLevelConfigurationDefaultQueueLengthLimit int32 = 50 - PriorityLevelConfigurationDefaultNominalConcurrencyShares int32 = 30 -) - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_FlowSchemaSpec(spec *v1beta3.FlowSchemaSpec) { - if spec.MatchingPrecedence == 0 { - spec.MatchingPrecedence = FlowSchemaDefaultMatchingPrecedence - } -} - -func SetDefaults_LimitedPriorityLevelConfiguration(lplc *v1beta3.LimitedPriorityLevelConfiguration) { - if lplc.NominalConcurrencyShares == 0 { - lplc.NominalConcurrencyShares = PriorityLevelConfigurationDefaultNominalConcurrencyShares - } - if lplc.LendablePercent == nil { - lplc.LendablePercent = new(int32) - *lplc.LendablePercent = 0 - } -} - -// SetDefaults_FlowSchema sets default values for flow schema -func SetDefaults_QueuingConfiguration(cfg *v1beta3.QueuingConfiguration) { - if cfg.HandSize == 0 { - cfg.HandSize = PriorityLevelConfigurationDefaultHandSize - } - if cfg.Queues == 0 { - cfg.Queues = PriorityLevelConfigurationDefaultQueues - } - if cfg.QueueLengthLimit == 0 { - cfg.QueueLengthLimit = PriorityLevelConfigurationDefaultQueueLengthLimit - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/doc.go deleted file mode 100644 index 5ba8cbf3e9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/flowcontrol -// +k8s:conversion-gen-external-types=k8s.io/api/flowcontrol/v1beta3 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/flowcontrol/v1beta3 - -// +groupName=flowcontrol.apiserver.k8s.io - -package v1beta3 // import "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/register.go deleted file mode 100644 index 8a93764317..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta3 - -import ( - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "flowcontrol.apiserver.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta3"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &flowcontrolv1beta3.SchemeBuilder - // AddToScheme adds api to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/zz_generated.conversion.go deleted file mode 100644 index 6839bfdb4a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/zz_generated.conversion.go +++ /dev/null @@ -1,795 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta3 - -import ( - unsafe "unsafe" - - v1beta3 "k8s.io/api/flowcontrol/v1beta3" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - flowcontrol "k8s.io/kubernetes/pkg/apis/flowcontrol" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta3.FlowDistinguisherMethod)(nil), (*flowcontrol.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(a.(*v1beta3.FlowDistinguisherMethod), b.(*flowcontrol.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowDistinguisherMethod)(nil), (*v1beta3.FlowDistinguisherMethod)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta3_FlowDistinguisherMethod(a.(*flowcontrol.FlowDistinguisherMethod), b.(*v1beta3.FlowDistinguisherMethod), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.FlowSchema)(nil), (*flowcontrol.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_FlowSchema_To_flowcontrol_FlowSchema(a.(*v1beta3.FlowSchema), b.(*flowcontrol.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchema)(nil), (*v1beta3.FlowSchema)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchema_To_v1beta3_FlowSchema(a.(*flowcontrol.FlowSchema), b.(*v1beta3.FlowSchema), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.FlowSchemaCondition)(nil), (*flowcontrol.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(a.(*v1beta3.FlowSchemaCondition), b.(*flowcontrol.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaCondition)(nil), (*v1beta3.FlowSchemaCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaCondition_To_v1beta3_FlowSchemaCondition(a.(*flowcontrol.FlowSchemaCondition), b.(*v1beta3.FlowSchemaCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.FlowSchemaList)(nil), (*flowcontrol.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_FlowSchemaList_To_flowcontrol_FlowSchemaList(a.(*v1beta3.FlowSchemaList), b.(*flowcontrol.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaList)(nil), (*v1beta3.FlowSchemaList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaList_To_v1beta3_FlowSchemaList(a.(*flowcontrol.FlowSchemaList), b.(*v1beta3.FlowSchemaList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.FlowSchemaSpec)(nil), (*flowcontrol.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(a.(*v1beta3.FlowSchemaSpec), b.(*flowcontrol.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaSpec)(nil), (*v1beta3.FlowSchemaSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaSpec_To_v1beta3_FlowSchemaSpec(a.(*flowcontrol.FlowSchemaSpec), b.(*v1beta3.FlowSchemaSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.FlowSchemaStatus)(nil), (*flowcontrol.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(a.(*v1beta3.FlowSchemaStatus), b.(*flowcontrol.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.FlowSchemaStatus)(nil), (*v1beta3.FlowSchemaStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_FlowSchemaStatus_To_v1beta3_FlowSchemaStatus(a.(*flowcontrol.FlowSchemaStatus), b.(*v1beta3.FlowSchemaStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.GroupSubject)(nil), (*flowcontrol.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_GroupSubject_To_flowcontrol_GroupSubject(a.(*v1beta3.GroupSubject), b.(*flowcontrol.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.GroupSubject)(nil), (*v1beta3.GroupSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_GroupSubject_To_v1beta3_GroupSubject(a.(*flowcontrol.GroupSubject), b.(*v1beta3.GroupSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.LimitResponse)(nil), (*flowcontrol.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_LimitResponse_To_flowcontrol_LimitResponse(a.(*v1beta3.LimitResponse), b.(*flowcontrol.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.LimitResponse)(nil), (*v1beta3.LimitResponse)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitResponse_To_v1beta3_LimitResponse(a.(*flowcontrol.LimitResponse), b.(*v1beta3.LimitResponse), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.LimitedPriorityLevelConfiguration)(nil), (*flowcontrol.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(a.(*v1beta3.LimitedPriorityLevelConfiguration), b.(*flowcontrol.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.LimitedPriorityLevelConfiguration)(nil), (*v1beta3.LimitedPriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta3_LimitedPriorityLevelConfiguration(a.(*flowcontrol.LimitedPriorityLevelConfiguration), b.(*v1beta3.LimitedPriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.NonResourcePolicyRule)(nil), (*flowcontrol.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(a.(*v1beta3.NonResourcePolicyRule), b.(*flowcontrol.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.NonResourcePolicyRule)(nil), (*v1beta3.NonResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_NonResourcePolicyRule_To_v1beta3_NonResourcePolicyRule(a.(*flowcontrol.NonResourcePolicyRule), b.(*v1beta3.NonResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.PolicyRulesWithSubjects)(nil), (*flowcontrol.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(a.(*v1beta3.PolicyRulesWithSubjects), b.(*flowcontrol.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PolicyRulesWithSubjects)(nil), (*v1beta3.PolicyRulesWithSubjects)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta3_PolicyRulesWithSubjects(a.(*flowcontrol.PolicyRulesWithSubjects), b.(*v1beta3.PolicyRulesWithSubjects), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.PriorityLevelConfiguration)(nil), (*flowcontrol.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(a.(*v1beta3.PriorityLevelConfiguration), b.(*flowcontrol.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfiguration)(nil), (*v1beta3.PriorityLevelConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta3_PriorityLevelConfiguration(a.(*flowcontrol.PriorityLevelConfiguration), b.(*v1beta3.PriorityLevelConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.PriorityLevelConfigurationCondition)(nil), (*flowcontrol.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(a.(*v1beta3.PriorityLevelConfigurationCondition), b.(*flowcontrol.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationCondition)(nil), (*v1beta3.PriorityLevelConfigurationCondition)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta3_PriorityLevelConfigurationCondition(a.(*flowcontrol.PriorityLevelConfigurationCondition), b.(*v1beta3.PriorityLevelConfigurationCondition), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.PriorityLevelConfigurationList)(nil), (*flowcontrol.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(a.(*v1beta3.PriorityLevelConfigurationList), b.(*flowcontrol.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationList)(nil), (*v1beta3.PriorityLevelConfigurationList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta3_PriorityLevelConfigurationList(a.(*flowcontrol.PriorityLevelConfigurationList), b.(*v1beta3.PriorityLevelConfigurationList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.PriorityLevelConfigurationReference)(nil), (*flowcontrol.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(a.(*v1beta3.PriorityLevelConfigurationReference), b.(*flowcontrol.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationReference)(nil), (*v1beta3.PriorityLevelConfigurationReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta3_PriorityLevelConfigurationReference(a.(*flowcontrol.PriorityLevelConfigurationReference), b.(*v1beta3.PriorityLevelConfigurationReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.PriorityLevelConfigurationSpec)(nil), (*flowcontrol.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(a.(*v1beta3.PriorityLevelConfigurationSpec), b.(*flowcontrol.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationSpec)(nil), (*v1beta3.PriorityLevelConfigurationSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta3_PriorityLevelConfigurationSpec(a.(*flowcontrol.PriorityLevelConfigurationSpec), b.(*v1beta3.PriorityLevelConfigurationSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.PriorityLevelConfigurationStatus)(nil), (*flowcontrol.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(a.(*v1beta3.PriorityLevelConfigurationStatus), b.(*flowcontrol.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.PriorityLevelConfigurationStatus)(nil), (*v1beta3.PriorityLevelConfigurationStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta3_PriorityLevelConfigurationStatus(a.(*flowcontrol.PriorityLevelConfigurationStatus), b.(*v1beta3.PriorityLevelConfigurationStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.QueuingConfiguration)(nil), (*flowcontrol.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(a.(*v1beta3.QueuingConfiguration), b.(*flowcontrol.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.QueuingConfiguration)(nil), (*v1beta3.QueuingConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_QueuingConfiguration_To_v1beta3_QueuingConfiguration(a.(*flowcontrol.QueuingConfiguration), b.(*v1beta3.QueuingConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.ResourcePolicyRule)(nil), (*flowcontrol.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(a.(*v1beta3.ResourcePolicyRule), b.(*flowcontrol.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ResourcePolicyRule)(nil), (*v1beta3.ResourcePolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ResourcePolicyRule_To_v1beta3_ResourcePolicyRule(a.(*flowcontrol.ResourcePolicyRule), b.(*v1beta3.ResourcePolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.ServiceAccountSubject)(nil), (*flowcontrol.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(a.(*v1beta3.ServiceAccountSubject), b.(*flowcontrol.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.ServiceAccountSubject)(nil), (*v1beta3.ServiceAccountSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_ServiceAccountSubject_To_v1beta3_ServiceAccountSubject(a.(*flowcontrol.ServiceAccountSubject), b.(*v1beta3.ServiceAccountSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.Subject)(nil), (*flowcontrol.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_Subject_To_flowcontrol_Subject(a.(*v1beta3.Subject), b.(*flowcontrol.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.Subject)(nil), (*v1beta3.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_Subject_To_v1beta3_Subject(a.(*flowcontrol.Subject), b.(*v1beta3.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta3.UserSubject)(nil), (*flowcontrol.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_UserSubject_To_flowcontrol_UserSubject(a.(*v1beta3.UserSubject), b.(*flowcontrol.UserSubject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*flowcontrol.UserSubject)(nil), (*v1beta3.UserSubject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_flowcontrol_UserSubject_To_v1beta3_UserSubject(a.(*flowcontrol.UserSubject), b.(*v1beta3.UserSubject), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta3_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1beta3.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = flowcontrol.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_v1beta3_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_v1beta3_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in *v1beta3.FlowDistinguisherMethod, out *flowcontrol.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_v1beta3_FlowDistinguisherMethod_To_flowcontrol_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1beta3_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1beta3.FlowDistinguisherMethod, s conversion.Scope) error { - out.Type = v1beta3.FlowDistinguisherMethodType(in.Type) - return nil -} - -// Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta3_FlowDistinguisherMethod is an autogenerated conversion function. -func Convert_flowcontrol_FlowDistinguisherMethod_To_v1beta3_FlowDistinguisherMethod(in *flowcontrol.FlowDistinguisherMethod, out *v1beta3.FlowDistinguisherMethod, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowDistinguisherMethod_To_v1beta3_FlowDistinguisherMethod(in, out, s) -} - -func autoConvert_v1beta3_FlowSchema_To_flowcontrol_FlowSchema(in *v1beta3.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta3_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta3_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta3_FlowSchema_To_flowcontrol_FlowSchema is an autogenerated conversion function. -func Convert_v1beta3_FlowSchema_To_flowcontrol_FlowSchema(in *v1beta3.FlowSchema, out *flowcontrol.FlowSchema, s conversion.Scope) error { - return autoConvert_v1beta3_FlowSchema_To_flowcontrol_FlowSchema(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchema_To_v1beta3_FlowSchema(in *flowcontrol.FlowSchema, out *v1beta3.FlowSchema, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_FlowSchemaSpec_To_v1beta3_FlowSchemaSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_FlowSchemaStatus_To_v1beta3_FlowSchemaStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_FlowSchema_To_v1beta3_FlowSchema is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchema_To_v1beta3_FlowSchema(in *flowcontrol.FlowSchema, out *v1beta3.FlowSchema, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchema_To_v1beta3_FlowSchema(in, out, s) -} - -func autoConvert_v1beta3_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1beta3.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - out.Type = flowcontrol.FlowSchemaConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta3_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition is an autogenerated conversion function. -func Convert_v1beta3_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in *v1beta3.FlowSchemaCondition, out *flowcontrol.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_v1beta3_FlowSchemaCondition_To_flowcontrol_FlowSchemaCondition(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaCondition_To_v1beta3_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1beta3.FlowSchemaCondition, s conversion.Scope) error { - out.Type = v1beta3.FlowSchemaConditionType(in.Type) - out.Status = v1beta3.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_FlowSchemaCondition_To_v1beta3_FlowSchemaCondition is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaCondition_To_v1beta3_FlowSchemaCondition(in *flowcontrol.FlowSchemaCondition, out *v1beta3.FlowSchemaCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaCondition_To_v1beta3_FlowSchemaCondition(in, out, s) -} - -func autoConvert_v1beta3_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1beta3.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]flowcontrol.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta3_FlowSchemaList_To_flowcontrol_FlowSchemaList is an autogenerated conversion function. -func Convert_v1beta3_FlowSchemaList_To_flowcontrol_FlowSchemaList(in *v1beta3.FlowSchemaList, out *flowcontrol.FlowSchemaList, s conversion.Scope) error { - return autoConvert_v1beta3_FlowSchemaList_To_flowcontrol_FlowSchemaList(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaList_To_v1beta3_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1beta3.FlowSchemaList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta3.FlowSchema)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_flowcontrol_FlowSchemaList_To_v1beta3_FlowSchemaList is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaList_To_v1beta3_FlowSchemaList(in *flowcontrol.FlowSchemaList, out *v1beta3.FlowSchemaList, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaList_To_v1beta3_FlowSchemaList(in, out, s) -} - -func autoConvert_v1beta3_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1beta3.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_v1beta3_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*flowcontrol.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]flowcontrol.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1beta3_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec is an autogenerated conversion function. -func Convert_v1beta3_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in *v1beta3.FlowSchemaSpec, out *flowcontrol.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_v1beta3_FlowSchemaSpec_To_flowcontrol_FlowSchemaSpec(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaSpec_To_v1beta3_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1beta3.FlowSchemaSpec, s conversion.Scope) error { - if err := Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta3_PriorityLevelConfigurationReference(&in.PriorityLevelConfiguration, &out.PriorityLevelConfiguration, s); err != nil { - return err - } - out.MatchingPrecedence = in.MatchingPrecedence - out.DistinguisherMethod = (*v1beta3.FlowDistinguisherMethod)(unsafe.Pointer(in.DistinguisherMethod)) - out.Rules = *(*[]v1beta3.PolicyRulesWithSubjects)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_flowcontrol_FlowSchemaSpec_To_v1beta3_FlowSchemaSpec is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaSpec_To_v1beta3_FlowSchemaSpec(in *flowcontrol.FlowSchemaSpec, out *v1beta3.FlowSchemaSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaSpec_To_v1beta3_FlowSchemaSpec(in, out, s) -} - -func autoConvert_v1beta3_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1beta3.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta3_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus is an autogenerated conversion function. -func Convert_v1beta3_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in *v1beta3.FlowSchemaStatus, out *flowcontrol.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_v1beta3_FlowSchemaStatus_To_flowcontrol_FlowSchemaStatus(in, out, s) -} - -func autoConvert_flowcontrol_FlowSchemaStatus_To_v1beta3_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1beta3.FlowSchemaStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1beta3.FlowSchemaCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_FlowSchemaStatus_To_v1beta3_FlowSchemaStatus is an autogenerated conversion function. -func Convert_flowcontrol_FlowSchemaStatus_To_v1beta3_FlowSchemaStatus(in *flowcontrol.FlowSchemaStatus, out *v1beta3.FlowSchemaStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_FlowSchemaStatus_To_v1beta3_FlowSchemaStatus(in, out, s) -} - -func autoConvert_v1beta3_GroupSubject_To_flowcontrol_GroupSubject(in *v1beta3.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta3_GroupSubject_To_flowcontrol_GroupSubject is an autogenerated conversion function. -func Convert_v1beta3_GroupSubject_To_flowcontrol_GroupSubject(in *v1beta3.GroupSubject, out *flowcontrol.GroupSubject, s conversion.Scope) error { - return autoConvert_v1beta3_GroupSubject_To_flowcontrol_GroupSubject(in, out, s) -} - -func autoConvert_flowcontrol_GroupSubject_To_v1beta3_GroupSubject(in *flowcontrol.GroupSubject, out *v1beta3.GroupSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_GroupSubject_To_v1beta3_GroupSubject is an autogenerated conversion function. -func Convert_flowcontrol_GroupSubject_To_v1beta3_GroupSubject(in *flowcontrol.GroupSubject, out *v1beta3.GroupSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_GroupSubject_To_v1beta3_GroupSubject(in, out, s) -} - -func autoConvert_v1beta3_LimitResponse_To_flowcontrol_LimitResponse(in *v1beta3.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - out.Type = flowcontrol.LimitResponseType(in.Type) - out.Queuing = (*flowcontrol.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_v1beta3_LimitResponse_To_flowcontrol_LimitResponse is an autogenerated conversion function. -func Convert_v1beta3_LimitResponse_To_flowcontrol_LimitResponse(in *v1beta3.LimitResponse, out *flowcontrol.LimitResponse, s conversion.Scope) error { - return autoConvert_v1beta3_LimitResponse_To_flowcontrol_LimitResponse(in, out, s) -} - -func autoConvert_flowcontrol_LimitResponse_To_v1beta3_LimitResponse(in *flowcontrol.LimitResponse, out *v1beta3.LimitResponse, s conversion.Scope) error { - out.Type = v1beta3.LimitResponseType(in.Type) - out.Queuing = (*v1beta3.QueuingConfiguration)(unsafe.Pointer(in.Queuing)) - return nil -} - -// Convert_flowcontrol_LimitResponse_To_v1beta3_LimitResponse is an autogenerated conversion function. -func Convert_flowcontrol_LimitResponse_To_v1beta3_LimitResponse(in *flowcontrol.LimitResponse, out *v1beta3.LimitResponse, s conversion.Scope) error { - return autoConvert_flowcontrol_LimitResponse_To_v1beta3_LimitResponse(in, out, s) -} - -func autoConvert_v1beta3_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1beta3.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - out.NominalConcurrencyShares = in.NominalConcurrencyShares - if err := Convert_v1beta3_LimitResponse_To_flowcontrol_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -// Convert_v1beta3_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration is an autogenerated conversion function. -func Convert_v1beta3_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in *v1beta3.LimitedPriorityLevelConfiguration, out *flowcontrol.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_v1beta3_LimitedPriorityLevelConfiguration_To_flowcontrol_LimitedPriorityLevelConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta3_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1beta3.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - out.NominalConcurrencyShares = in.NominalConcurrencyShares - if err := Convert_flowcontrol_LimitResponse_To_v1beta3_LimitResponse(&in.LimitResponse, &out.LimitResponse, s); err != nil { - return err - } - out.LendablePercent = (*int32)(unsafe.Pointer(in.LendablePercent)) - out.BorrowingLimitPercent = (*int32)(unsafe.Pointer(in.BorrowingLimitPercent)) - return nil -} - -// Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta3_LimitedPriorityLevelConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta3_LimitedPriorityLevelConfiguration(in *flowcontrol.LimitedPriorityLevelConfiguration, out *v1beta3.LimitedPriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_LimitedPriorityLevelConfiguration_To_v1beta3_LimitedPriorityLevelConfiguration(in, out, s) -} - -func autoConvert_v1beta3_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1beta3.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1beta3_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_v1beta3_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in *v1beta3.NonResourcePolicyRule, out *flowcontrol.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1beta3_NonResourcePolicyRule_To_flowcontrol_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_NonResourcePolicyRule_To_v1beta3_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1beta3.NonResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_flowcontrol_NonResourcePolicyRule_To_v1beta3_NonResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_NonResourcePolicyRule_To_v1beta3_NonResourcePolicyRule(in *flowcontrol.NonResourcePolicyRule, out *v1beta3.NonResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_NonResourcePolicyRule_To_v1beta3_NonResourcePolicyRule(in, out, s) -} - -func autoConvert_v1beta3_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1beta3.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]flowcontrol.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]flowcontrol.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]flowcontrol.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_v1beta3_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_v1beta3_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in *v1beta3.PolicyRulesWithSubjects, out *flowcontrol.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_v1beta3_PolicyRulesWithSubjects_To_flowcontrol_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1beta3_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1beta3.PolicyRulesWithSubjects, s conversion.Scope) error { - out.Subjects = *(*[]v1beta3.Subject)(unsafe.Pointer(&in.Subjects)) - out.ResourceRules = *(*[]v1beta3.ResourcePolicyRule)(unsafe.Pointer(&in.ResourceRules)) - out.NonResourceRules = *(*[]v1beta3.NonResourcePolicyRule)(unsafe.Pointer(&in.NonResourceRules)) - return nil -} - -// Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta3_PolicyRulesWithSubjects is an autogenerated conversion function. -func Convert_flowcontrol_PolicyRulesWithSubjects_To_v1beta3_PolicyRulesWithSubjects(in *flowcontrol.PolicyRulesWithSubjects, out *v1beta3.PolicyRulesWithSubjects, s conversion.Scope) error { - return autoConvert_flowcontrol_PolicyRulesWithSubjects_To_v1beta3_PolicyRulesWithSubjects(in, out, s) -} - -func autoConvert_v1beta3_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1beta3.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta3_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta3_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta3_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_v1beta3_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in *v1beta3.PriorityLevelConfiguration, out *flowcontrol.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_v1beta3_PriorityLevelConfiguration_To_flowcontrol_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1beta3_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1beta3.PriorityLevelConfiguration, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta3_PriorityLevelConfigurationSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta3_PriorityLevelConfigurationStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta3_PriorityLevelConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfiguration_To_v1beta3_PriorityLevelConfiguration(in *flowcontrol.PriorityLevelConfiguration, out *v1beta3.PriorityLevelConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfiguration_To_v1beta3_PriorityLevelConfiguration(in, out, s) -} - -func autoConvert_v1beta3_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1beta3.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelConfigurationConditionType(in.Type) - out.Status = flowcontrol.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_v1beta3_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_v1beta3_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in *v1beta3.PriorityLevelConfigurationCondition, out *flowcontrol.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_v1beta3_PriorityLevelConfigurationCondition_To_flowcontrol_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta3_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1beta3.PriorityLevelConfigurationCondition, s conversion.Scope) error { - out.Type = v1beta3.PriorityLevelConfigurationConditionType(in.Type) - out.Status = v1beta3.ConditionStatus(in.Status) - out.LastTransitionTime = in.LastTransitionTime - out.Reason = in.Reason - out.Message = in.Message - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta3_PriorityLevelConfigurationCondition is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta3_PriorityLevelConfigurationCondition(in *flowcontrol.PriorityLevelConfigurationCondition, out *v1beta3.PriorityLevelConfigurationCondition, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationCondition_To_v1beta3_PriorityLevelConfigurationCondition(in, out, s) -} - -func autoConvert_v1beta3_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1beta3.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]flowcontrol.PriorityLevelConfiguration)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta3_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_v1beta3_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in *v1beta3.PriorityLevelConfigurationList, out *flowcontrol.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_v1beta3_PriorityLevelConfigurationList_To_flowcontrol_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1beta3_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1beta3.PriorityLevelConfigurationList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta3.PriorityLevelConfiguration)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta3_PriorityLevelConfigurationList is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationList_To_v1beta3_PriorityLevelConfigurationList(in *flowcontrol.PriorityLevelConfigurationList, out *v1beta3.PriorityLevelConfigurationList, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationList_To_v1beta3_PriorityLevelConfigurationList(in, out, s) -} - -func autoConvert_v1beta3_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1beta3.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta3_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_v1beta3_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in *v1beta3.PriorityLevelConfigurationReference, out *flowcontrol.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_v1beta3_PriorityLevelConfigurationReference_To_flowcontrol_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta3_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1beta3.PriorityLevelConfigurationReference, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta3_PriorityLevelConfigurationReference is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta3_PriorityLevelConfigurationReference(in *flowcontrol.PriorityLevelConfigurationReference, out *v1beta3.PriorityLevelConfigurationReference, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationReference_To_v1beta3_PriorityLevelConfigurationReference(in, out, s) -} - -func autoConvert_v1beta3_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1beta3.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = flowcontrol.PriorityLevelEnablement(in.Type) - out.Limited = (*flowcontrol.LimitedPriorityLevelConfiguration)(unsafe.Pointer(in.Limited)) - return nil -} - -// Convert_v1beta3_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_v1beta3_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in *v1beta3.PriorityLevelConfigurationSpec, out *flowcontrol.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_v1beta3_PriorityLevelConfigurationSpec_To_flowcontrol_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta3_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1beta3.PriorityLevelConfigurationSpec, s conversion.Scope) error { - out.Type = v1beta3.PriorityLevelEnablement(in.Type) - out.Limited = (*v1beta3.LimitedPriorityLevelConfiguration)(unsafe.Pointer(in.Limited)) - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta3_PriorityLevelConfigurationSpec is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta3_PriorityLevelConfigurationSpec(in *flowcontrol.PriorityLevelConfigurationSpec, out *v1beta3.PriorityLevelConfigurationSpec, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationSpec_To_v1beta3_PriorityLevelConfigurationSpec(in, out, s) -} - -func autoConvert_v1beta3_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1beta3.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]flowcontrol.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta3_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_v1beta3_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in *v1beta3.PriorityLevelConfigurationStatus, out *flowcontrol.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_v1beta3_PriorityLevelConfigurationStatus_To_flowcontrol_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta3_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1beta3.PriorityLevelConfigurationStatus, s conversion.Scope) error { - out.Conditions = *(*[]v1beta3.PriorityLevelConfigurationCondition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta3_PriorityLevelConfigurationStatus is an autogenerated conversion function. -func Convert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta3_PriorityLevelConfigurationStatus(in *flowcontrol.PriorityLevelConfigurationStatus, out *v1beta3.PriorityLevelConfigurationStatus, s conversion.Scope) error { - return autoConvert_flowcontrol_PriorityLevelConfigurationStatus_To_v1beta3_PriorityLevelConfigurationStatus(in, out, s) -} - -func autoConvert_v1beta3_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1beta3.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_v1beta3_QueuingConfiguration_To_flowcontrol_QueuingConfiguration is an autogenerated conversion function. -func Convert_v1beta3_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in *v1beta3.QueuingConfiguration, out *flowcontrol.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_v1beta3_QueuingConfiguration_To_flowcontrol_QueuingConfiguration(in, out, s) -} - -func autoConvert_flowcontrol_QueuingConfiguration_To_v1beta3_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1beta3.QueuingConfiguration, s conversion.Scope) error { - out.Queues = in.Queues - out.HandSize = in.HandSize - out.QueueLengthLimit = in.QueueLengthLimit - return nil -} - -// Convert_flowcontrol_QueuingConfiguration_To_v1beta3_QueuingConfiguration is an autogenerated conversion function. -func Convert_flowcontrol_QueuingConfiguration_To_v1beta3_QueuingConfiguration(in *flowcontrol.QueuingConfiguration, out *v1beta3.QueuingConfiguration, s conversion.Scope) error { - return autoConvert_flowcontrol_QueuingConfiguration_To_v1beta3_QueuingConfiguration(in, out, s) -} - -func autoConvert_v1beta3_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1beta3.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_v1beta3_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule is an autogenerated conversion function. -func Convert_v1beta3_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in *v1beta3.ResourcePolicyRule, out *flowcontrol.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_v1beta3_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(in, out, s) -} - -func autoConvert_flowcontrol_ResourcePolicyRule_To_v1beta3_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1beta3.ResourcePolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ClusterScope = in.ClusterScope - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - return nil -} - -// Convert_flowcontrol_ResourcePolicyRule_To_v1beta3_ResourcePolicyRule is an autogenerated conversion function. -func Convert_flowcontrol_ResourcePolicyRule_To_v1beta3_ResourcePolicyRule(in *flowcontrol.ResourcePolicyRule, out *v1beta3.ResourcePolicyRule, s conversion.Scope) error { - return autoConvert_flowcontrol_ResourcePolicyRule_To_v1beta3_ResourcePolicyRule(in, out, s) -} - -func autoConvert_v1beta3_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1beta3.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_v1beta3_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject is an autogenerated conversion function. -func Convert_v1beta3_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in *v1beta3.ServiceAccountSubject, out *flowcontrol.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_v1beta3_ServiceAccountSubject_To_flowcontrol_ServiceAccountSubject(in, out, s) -} - -func autoConvert_flowcontrol_ServiceAccountSubject_To_v1beta3_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1beta3.ServiceAccountSubject, s conversion.Scope) error { - out.Namespace = in.Namespace - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_ServiceAccountSubject_To_v1beta3_ServiceAccountSubject is an autogenerated conversion function. -func Convert_flowcontrol_ServiceAccountSubject_To_v1beta3_ServiceAccountSubject(in *flowcontrol.ServiceAccountSubject, out *v1beta3.ServiceAccountSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_ServiceAccountSubject_To_v1beta3_ServiceAccountSubject(in, out, s) -} - -func autoConvert_v1beta3_Subject_To_flowcontrol_Subject(in *v1beta3.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - out.Kind = flowcontrol.SubjectKind(in.Kind) - out.User = (*flowcontrol.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*flowcontrol.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*flowcontrol.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_v1beta3_Subject_To_flowcontrol_Subject is an autogenerated conversion function. -func Convert_v1beta3_Subject_To_flowcontrol_Subject(in *v1beta3.Subject, out *flowcontrol.Subject, s conversion.Scope) error { - return autoConvert_v1beta3_Subject_To_flowcontrol_Subject(in, out, s) -} - -func autoConvert_flowcontrol_Subject_To_v1beta3_Subject(in *flowcontrol.Subject, out *v1beta3.Subject, s conversion.Scope) error { - out.Kind = v1beta3.SubjectKind(in.Kind) - out.User = (*v1beta3.UserSubject)(unsafe.Pointer(in.User)) - out.Group = (*v1beta3.GroupSubject)(unsafe.Pointer(in.Group)) - out.ServiceAccount = (*v1beta3.ServiceAccountSubject)(unsafe.Pointer(in.ServiceAccount)) - return nil -} - -// Convert_flowcontrol_Subject_To_v1beta3_Subject is an autogenerated conversion function. -func Convert_flowcontrol_Subject_To_v1beta3_Subject(in *flowcontrol.Subject, out *v1beta3.Subject, s conversion.Scope) error { - return autoConvert_flowcontrol_Subject_To_v1beta3_Subject(in, out, s) -} - -func autoConvert_v1beta3_UserSubject_To_flowcontrol_UserSubject(in *v1beta3.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta3_UserSubject_To_flowcontrol_UserSubject is an autogenerated conversion function. -func Convert_v1beta3_UserSubject_To_flowcontrol_UserSubject(in *v1beta3.UserSubject, out *flowcontrol.UserSubject, s conversion.Scope) error { - return autoConvert_v1beta3_UserSubject_To_flowcontrol_UserSubject(in, out, s) -} - -func autoConvert_flowcontrol_UserSubject_To_v1beta3_UserSubject(in *flowcontrol.UserSubject, out *v1beta3.UserSubject, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_flowcontrol_UserSubject_To_v1beta3_UserSubject is an autogenerated conversion function. -func Convert_flowcontrol_UserSubject_To_v1beta3_UserSubject(in *flowcontrol.UserSubject, out *v1beta3.UserSubject, s conversion.Scope) error { - return autoConvert_flowcontrol_UserSubject_To_v1beta3_UserSubject(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/zz_generated.defaults.go deleted file mode 100644 index 093b92d265..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3/zz_generated.defaults.go +++ /dev/null @@ -1,69 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta3 - -import ( - v1beta3 "k8s.io/api/flowcontrol/v1beta3" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta3.FlowSchema{}, func(obj interface{}) { SetObjectDefaults_FlowSchema(obj.(*v1beta3.FlowSchema)) }) - scheme.AddTypeDefaultingFunc(&v1beta3.FlowSchemaList{}, func(obj interface{}) { SetObjectDefaults_FlowSchemaList(obj.(*v1beta3.FlowSchemaList)) }) - scheme.AddTypeDefaultingFunc(&v1beta3.PriorityLevelConfiguration{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfiguration(obj.(*v1beta3.PriorityLevelConfiguration)) - }) - scheme.AddTypeDefaultingFunc(&v1beta3.PriorityLevelConfigurationList{}, func(obj interface{}) { - SetObjectDefaults_PriorityLevelConfigurationList(obj.(*v1beta3.PriorityLevelConfigurationList)) - }) - return nil -} - -func SetObjectDefaults_FlowSchema(in *v1beta3.FlowSchema) { - SetDefaults_FlowSchemaSpec(&in.Spec) -} - -func SetObjectDefaults_FlowSchemaList(in *v1beta3.FlowSchemaList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_FlowSchema(a) - } -} - -func SetObjectDefaults_PriorityLevelConfiguration(in *v1beta3.PriorityLevelConfiguration) { - if in.Spec.Limited != nil { - SetDefaults_LimitedPriorityLevelConfiguration(in.Spec.Limited) - if in.Spec.Limited.LimitResponse.Queuing != nil { - SetDefaults_QueuingConfiguration(in.Spec.Limited.LimitResponse.Queuing) - } - } -} - -func SetObjectDefaults_PriorityLevelConfigurationList(in *v1beta3.PriorityLevelConfigurationList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PriorityLevelConfiguration(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/validation/validation.go deleted file mode 100644 index f83b2cbff6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/validation/validation.go +++ /dev/null @@ -1,528 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strings" - - flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1" - flowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2" - apiequality "k8s.io/apimachinery/pkg/api/equality" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/util/shufflesharding" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - "k8s.io/kubernetes/pkg/apis/flowcontrol/internalbootstrap" -) - -// ValidateFlowSchemaName validates name for flow-schema. -var ValidateFlowSchemaName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidatePriorityLevelConfigurationName validates name for priority-level-configuration. -var ValidatePriorityLevelConfigurationName = apimachineryvalidation.NameIsDNSSubdomain - -var supportedDistinguisherMethods = sets.NewString( - string(flowcontrol.FlowDistinguisherMethodByNamespaceType), - string(flowcontrol.FlowDistinguisherMethodByUserType), -) - -var priorityLevelConfigurationQueuingMaxQueues int32 = 10 * 1000 * 1000 // 10^7 - -var supportedVerbs = sets.NewString( - "get", - "list", - "create", - "update", - "delete", - "deletecollection", - "patch", - "watch", - "proxy", -) - -var supportedSubjectKinds = sets.NewString( - string(flowcontrol.SubjectKindServiceAccount), - string(flowcontrol.SubjectKindGroup), - string(flowcontrol.SubjectKindUser), -) - -var supportedPriorityLevelEnablement = sets.NewString( - string(flowcontrol.PriorityLevelEnablementExempt), - string(flowcontrol.PriorityLevelEnablementLimited), -) - -var supportedLimitResponseType = sets.NewString( - string(flowcontrol.LimitResponseTypeQueue), - string(flowcontrol.LimitResponseTypeReject), -) - -// ValidateFlowSchema validates the content of flow-schema -func ValidateFlowSchema(fs *flowcontrol.FlowSchema) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&fs.ObjectMeta, false, ValidateFlowSchemaName, field.NewPath("metadata")) - specPath := field.NewPath("spec") - allErrs = append(allErrs, ValidateFlowSchemaSpec(fs.Name, &fs.Spec, specPath)...) - if mand, ok := internalbootstrap.MandatoryFlowSchemas[fs.Name]; ok { - // Check for almost exact equality. This is a pretty - // strict test, and it is OK in this context because both - // sides of this comparison are intended to ultimately - // come from the same code. - if !apiequality.Semantic.DeepEqual(fs.Spec, mand.Spec) { - allErrs = append(allErrs, field.Invalid(specPath, fs.Spec, fmt.Sprintf("spec of '%s' must equal the fixed value", fs.Name))) - } - } - allErrs = append(allErrs, ValidateFlowSchemaStatus(&fs.Status, field.NewPath("status"))...) - return allErrs -} - -// ValidateFlowSchemaUpdate validates the update of flow-schema -func ValidateFlowSchemaUpdate(old, fs *flowcontrol.FlowSchema) field.ErrorList { - return ValidateFlowSchema(fs) -} - -// ValidateFlowSchemaSpec validates the content of flow-schema's spec -func ValidateFlowSchemaSpec(fsName string, spec *flowcontrol.FlowSchemaSpec, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if spec.MatchingPrecedence <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("matchingPrecedence"), spec.MatchingPrecedence, "must be a positive value")) - } - if spec.MatchingPrecedence > flowcontrol.FlowSchemaMaxMatchingPrecedence { - allErrs = append(allErrs, field.Invalid(fldPath.Child("matchingPrecedence"), spec.MatchingPrecedence, fmt.Sprintf("must not be greater than %v", flowcontrol.FlowSchemaMaxMatchingPrecedence))) - } - if (spec.MatchingPrecedence == 1) && (fsName != flowcontrol.FlowSchemaNameExempt) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("matchingPrecedence"), spec.MatchingPrecedence, "only the schema named 'exempt' may have matchingPrecedence 1")) - } - if spec.DistinguisherMethod != nil { - if !supportedDistinguisherMethods.Has(string(spec.DistinguisherMethod.Type)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("distinguisherMethod").Child("type"), spec.DistinguisherMethod, supportedDistinguisherMethods.List())) - } - } - if len(spec.PriorityLevelConfiguration.Name) > 0 { - for _, msg := range ValidatePriorityLevelConfigurationName(spec.PriorityLevelConfiguration.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("priorityLevelConfiguration").Child("name"), spec.PriorityLevelConfiguration.Name, msg)) - } - } else { - allErrs = append(allErrs, field.Required(fldPath.Child("priorityLevelConfiguration").Child("name"), "must reference a priority level")) - } - for i, rule := range spec.Rules { - allErrs = append(allErrs, ValidateFlowSchemaPolicyRulesWithSubjects(&rule, fldPath.Child("rules").Index(i))...) - } - return allErrs -} - -// ValidateFlowSchemaPolicyRulesWithSubjects validates policy-rule-with-subjects object. -func ValidateFlowSchemaPolicyRulesWithSubjects(rule *flowcontrol.PolicyRulesWithSubjects, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if len(rule.Subjects) > 0 { - for i, subject := range rule.Subjects { - allErrs = append(allErrs, ValidateFlowSchemaSubject(&subject, fldPath.Child("subjects").Index(i))...) - } - } else { - allErrs = append(allErrs, field.Required(fldPath.Child("subjects"), "subjects must contain at least one value")) - } - - if len(rule.ResourceRules) == 0 && len(rule.NonResourceRules) == 0 { - allErrs = append(allErrs, field.Required(fldPath, "at least one of resourceRules and nonResourceRules has to be non-empty")) - } - for i, resourceRule := range rule.ResourceRules { - allErrs = append(allErrs, ValidateFlowSchemaResourcePolicyRule(&resourceRule, fldPath.Child("resourceRules").Index(i))...) - } - for i, nonResourceRule := range rule.NonResourceRules { - allErrs = append(allErrs, ValidateFlowSchemaNonResourcePolicyRule(&nonResourceRule, fldPath.Child("nonResourceRules").Index(i))...) - } - return allErrs -} - -// ValidateFlowSchemaSubject validates flow-schema's subject object. -func ValidateFlowSchemaSubject(subject *flowcontrol.Subject, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - switch subject.Kind { - case flowcontrol.SubjectKindServiceAccount: - allErrs = append(allErrs, ValidateServiceAccountSubject(subject.ServiceAccount, fldPath.Child("serviceAccount"))...) - if subject.User != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("user"), "user is forbidden when subject kind is not 'User'")) - } - if subject.Group != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("group"), "group is forbidden when subject kind is not 'Group'")) - } - case flowcontrol.SubjectKindUser: - allErrs = append(allErrs, ValidateUserSubject(subject.User, fldPath.Child("user"))...) - if subject.ServiceAccount != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("serviceAccount"), "serviceAccount is forbidden when subject kind is not 'ServiceAccount'")) - } - if subject.Group != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("group"), "group is forbidden when subject kind is not 'Group'")) - } - case flowcontrol.SubjectKindGroup: - allErrs = append(allErrs, ValidateGroupSubject(subject.Group, fldPath.Child("group"))...) - if subject.ServiceAccount != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("serviceAccount"), "serviceAccount is forbidden when subject kind is not 'ServiceAccount'")) - } - if subject.User != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("user"), "user is forbidden when subject kind is not 'User'")) - } - default: - allErrs = append(allErrs, field.NotSupported(fldPath.Child("kind"), subject.Kind, supportedSubjectKinds.List())) - } - return allErrs -} - -// ValidateServiceAccountSubject validates subject of "ServiceAccount" kind -func ValidateServiceAccountSubject(subject *flowcontrol.ServiceAccountSubject, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if subject == nil { - return append(allErrs, field.Required(fldPath, "serviceAccount is required when subject kind is 'ServiceAccount'")) - } - if len(subject.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } else if subject.Name != flowcontrol.NameAll { - for _, msg := range apimachineryvalidation.ValidateServiceAccountName(subject.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), subject.Name, msg)) - } - } - - if len(subject.Namespace) > 0 { - for _, msg := range apimachineryvalidation.ValidateNamespaceName(subject.Namespace, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), subject.Namespace, msg)) - } - } else { - allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), "must specify namespace for service account")) - } - - return allErrs -} - -// ValidateUserSubject validates subject of "User" kind -func ValidateUserSubject(subject *flowcontrol.UserSubject, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if subject == nil { - return append(allErrs, field.Required(fldPath, "user is required when subject kind is 'User'")) - } - if len(subject.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - return allErrs -} - -// ValidateGroupSubject validates subject of "Group" kind -func ValidateGroupSubject(subject *flowcontrol.GroupSubject, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if subject == nil { - return append(allErrs, field.Required(fldPath, "group is required when subject kind is 'Group'")) - } - if len(subject.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - return allErrs -} - -// ValidateFlowSchemaNonResourcePolicyRule validates non-resource policy-rule in the flow-schema. -func ValidateFlowSchemaNonResourcePolicyRule(rule *flowcontrol.NonResourcePolicyRule, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - if len(rule.Verbs) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("verbs"), "verbs must contain at least one value")) - } else if hasWildcard(rule.Verbs) { - if len(rule.Verbs) > 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("verbs"), rule.Verbs, "if '*' is present, must not specify other verbs")) - } - } else if !supportedVerbs.IsSuperset(sets.NewString(rule.Verbs...)) { - // only supported verbs are allowed - allErrs = append(allErrs, field.NotSupported(fldPath.Child("verbs"), rule.Verbs, supportedVerbs.List())) - } - - if len(rule.NonResourceURLs) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("nonResourceURLs"), "nonResourceURLs must contain at least one value")) - } else if hasWildcard(rule.NonResourceURLs) { - if len(rule.NonResourceURLs) > 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceURLs"), rule.NonResourceURLs, "if '*' is present, must not specify other non-resource URLs")) - } - } else { - for i, nonResourceURL := range rule.NonResourceURLs { - if err := ValidateNonResourceURLPath(nonResourceURL, fldPath.Child("nonResourceURLs").Index(i)); err != nil { - allErrs = append(allErrs, err) - } - } - } - - return allErrs -} - -// ValidateFlowSchemaResourcePolicyRule validates resource policy-rule in the flow-schema. -func ValidateFlowSchemaResourcePolicyRule(rule *flowcontrol.ResourcePolicyRule, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - if len(rule.Verbs) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("verbs"), "verbs must contain at least one value")) - } else if hasWildcard(rule.Verbs) { - if len(rule.Verbs) > 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("verbs"), rule.Verbs, "if '*' is present, must not specify other verbs")) - } - } else if !supportedVerbs.IsSuperset(sets.NewString(rule.Verbs...)) { - // only supported verbs are allowed - allErrs = append(allErrs, field.NotSupported(fldPath.Child("verbs"), rule.Verbs, supportedVerbs.List())) - } - - if len(rule.APIGroups) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("apiGroups"), "resource rules must supply at least one api group")) - } else if len(rule.APIGroups) > 1 && hasWildcard(rule.APIGroups) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("apiGroups"), rule.APIGroups, "if '*' is present, must not specify other api groups")) - } - - if len(rule.Resources) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("resources"), "resource rules must supply at least one resource")) - } else if len(rule.Resources) > 1 && hasWildcard(rule.Resources) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("resources"), rule.Resources, "if '*' is present, must not specify other resources")) - } - - if len(rule.Namespaces) == 0 && !rule.ClusterScope { - allErrs = append(allErrs, field.Required(fldPath.Child("namespaces"), "resource rules that are not cluster scoped must supply at least one namespace")) - } else if hasWildcard(rule.Namespaces) { - if len(rule.Namespaces) > 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespaces"), rule.Namespaces, "if '*' is present, must not specify other namespaces")) - } - } else { - for idx, tgtNS := range rule.Namespaces { - for _, msg := range apimachineryvalidation.ValidateNamespaceName(tgtNS, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespaces").Index(idx), tgtNS, nsErrIntro+msg)) - } - } - } - - return allErrs -} - -const nsErrIntro = "each member of this list must be '*' or a DNS-1123 label; " - -// ValidateFlowSchemaStatus validates status for the flow-schema. -func ValidateFlowSchemaStatus(status *flowcontrol.FlowSchemaStatus, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - keys := sets.NewString() - for i, condition := range status.Conditions { - if keys.Has(string(condition.Type)) { - allErrs = append(allErrs, field.Duplicate(fldPath.Child("conditions").Index(i).Child("type"), condition.Type)) - } - keys.Insert(string(condition.Type)) - allErrs = append(allErrs, ValidateFlowSchemaCondition(&condition, fldPath.Child("conditions").Index(i))...) - } - return allErrs -} - -// ValidateFlowSchemaStatusUpdate validates the update of status for the flow-schema. -func ValidateFlowSchemaStatusUpdate(old, fs *flowcontrol.FlowSchema) field.ErrorList { - return ValidateFlowSchemaStatus(&fs.Status, field.NewPath("status")) -} - -// ValidateFlowSchemaCondition validates condition in the flow-schema's status. -func ValidateFlowSchemaCondition(condition *flowcontrol.FlowSchemaCondition, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if len(condition.Type) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("type"), "must not be empty")) - } - return allErrs -} - -// ValidatePriorityLevelConfiguration validates priority-level-configuration. -func ValidatePriorityLevelConfiguration(pl *flowcontrol.PriorityLevelConfiguration, requestGV schema.GroupVersion) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&pl.ObjectMeta, false, ValidatePriorityLevelConfigurationName, field.NewPath("metadata")) - specPath := field.NewPath("spec") - allErrs = append(allErrs, ValidatePriorityLevelConfigurationSpec(&pl.Spec, requestGV, pl.Name, specPath)...) - if mand, ok := internalbootstrap.MandatoryPriorityLevelConfigurations[pl.Name]; ok { - // Check for almost exact equality. This is a pretty - // strict test, and it is OK in this context because both - // sides of this comparison are intended to ultimately - // come from the same code. - if !apiequality.Semantic.DeepEqual(pl.Spec, mand.Spec) { - allErrs = append(allErrs, field.Invalid(specPath, pl.Spec, fmt.Sprintf("spec of '%s' must equal the fixed value", pl.Name))) - } - } - allErrs = append(allErrs, ValidatePriorityLevelConfigurationStatus(&pl.Status, field.NewPath("status"))...) - return allErrs -} - -// ValidatePriorityLevelConfigurationSpec validates priority-level-configuration's spec. -func ValidatePriorityLevelConfigurationSpec(spec *flowcontrol.PriorityLevelConfigurationSpec, requestGV schema.GroupVersion, name string, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if (name == flowcontrol.PriorityLevelConfigurationNameExempt) != (spec.Type == flowcontrol.PriorityLevelEnablementExempt) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("type"), spec.Type, "type must be 'Exempt' if and only if name is 'exempt'")) - } - switch spec.Type { - case flowcontrol.PriorityLevelEnablementExempt: - if spec.Limited != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("limited"), "must be nil if the type is not Limited")) - } - case flowcontrol.PriorityLevelEnablementLimited: - if spec.Limited == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("limited"), "must not be empty when type is Limited")) - } else { - allErrs = append(allErrs, ValidateLimitedPriorityLevelConfiguration(spec.Limited, requestGV, fldPath.Child("limited"))...) - } - default: - allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), spec.Type, supportedPriorityLevelEnablement.List())) - } - return allErrs -} - -// ValidateLimitedPriorityLevelConfiguration validates the configuration for an execution-limited priority level -func ValidateLimitedPriorityLevelConfiguration(lplc *flowcontrol.LimitedPriorityLevelConfiguration, requestGV schema.GroupVersion, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if lplc.NominalConcurrencyShares <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child(getVersionedFieldNameForConcurrencyShares(requestGV)), lplc.NominalConcurrencyShares, "must be positive")) - } - allErrs = append(allErrs, ValidateLimitResponse(lplc.LimitResponse, fldPath.Child("limitResponse"))...) - - if lplc.LendablePercent != nil && !(*lplc.LendablePercent >= 0 && *lplc.LendablePercent <= 100) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("lendablePercent"), *lplc.LendablePercent, "must be between 0 and 100, inclusive")) - } - if lplc.BorrowingLimitPercent != nil && *lplc.BorrowingLimitPercent < 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("borrowingLimitPercent"), *lplc.BorrowingLimitPercent, "if specified, must be a non-negative integer")) - } - - return allErrs -} - -func getVersionedFieldNameForConcurrencyShares(requestGV schema.GroupVersion) string { - switch { - case requestGV == flowcontrolv1alpha1.SchemeGroupVersion || - requestGV == flowcontrolv1beta1.SchemeGroupVersion || - requestGV == flowcontrolv1beta2.SchemeGroupVersion: - return "assuredConcurrencyShares" - default: - return "nominalConcurrencyShares" - } -} - -// ValidateLimitResponse validates a LimitResponse -func ValidateLimitResponse(lr flowcontrol.LimitResponse, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - switch lr.Type { - case flowcontrol.LimitResponseTypeReject: - if lr.Queuing != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("queuing"), "must be nil if limited.limitResponse.type is not Limited")) - } - case flowcontrol.LimitResponseTypeQueue: - if lr.Queuing == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("queuing"), "must not be empty if limited.limitResponse.type is Limited")) - } else { - allErrs = append(allErrs, ValidatePriorityLevelQueuingConfiguration(lr.Queuing, fldPath.Child("queuing"))...) - } - default: - allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), lr.Type, supportedLimitResponseType.List())) - } - return allErrs -} - -// ValidatePriorityLevelQueuingConfiguration validates queuing-configuration for a priority-level -func ValidatePriorityLevelQueuingConfiguration(queuing *flowcontrol.QueuingConfiguration, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if queuing.QueueLengthLimit <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("queueLengthLimit"), queuing.QueueLengthLimit, "must be positive")) - } - - // validate input arguments for shuffle-sharding - if queuing.Queues <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("queues"), queuing.Queues, "must be positive")) - } else if queuing.Queues > priorityLevelConfigurationQueuingMaxQueues { - allErrs = append(allErrs, field.Invalid(fldPath.Child("queues"), queuing.Queues, - fmt.Sprintf("must not be greater than %d", priorityLevelConfigurationQueuingMaxQueues))) - } - - if queuing.HandSize <= 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("handSize"), queuing.HandSize, "must be positive")) - } else if queuing.HandSize > queuing.Queues { - allErrs = append(allErrs, field.Invalid(fldPath.Child("handSize"), queuing.HandSize, - fmt.Sprintf("should not be greater than queues (%d)", queuing.Queues))) - } else if entropy := shufflesharding.RequiredEntropyBits(int(queuing.Queues), int(queuing.HandSize)); entropy > shufflesharding.MaxHashBits { - allErrs = append(allErrs, field.Invalid(fldPath.Child("handSize"), queuing.HandSize, - fmt.Sprintf("required entropy bits of deckSize %d and handSize %d should not be greater than %d", queuing.Queues, queuing.HandSize, shufflesharding.MaxHashBits))) - } - return allErrs -} - -// ValidatePriorityLevelConfigurationStatus validates priority-level-configuration's status. -func ValidatePriorityLevelConfigurationStatus(status *flowcontrol.PriorityLevelConfigurationStatus, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - keys := sets.NewString() - for i, condition := range status.Conditions { - if keys.Has(string(condition.Type)) { - allErrs = append(allErrs, field.Duplicate(fldPath.Child("conditions").Index(i).Child("type"), condition.Type)) - } - keys.Insert(string(condition.Type)) - allErrs = append(allErrs, ValidatePriorityLevelConfigurationCondition(&condition, fldPath.Child("conditions").Index(i))...) - } - return allErrs -} - -// ValidatePriorityLevelConfigurationStatusUpdate validates the update of priority-level-configuration's status. -func ValidatePriorityLevelConfigurationStatusUpdate(old, pl *flowcontrol.PriorityLevelConfiguration) field.ErrorList { - return ValidatePriorityLevelConfigurationStatus(&pl.Status, field.NewPath("status")) -} - -// ValidatePriorityLevelConfigurationCondition validates condition in priority-level-configuration's status. -func ValidatePriorityLevelConfigurationCondition(condition *flowcontrol.PriorityLevelConfigurationCondition, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if len(condition.Type) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("type"), "must not be empty")) - } - return allErrs -} - -// ValidateNonResourceURLPath validates non-resource-url path by following rules: -// 1. Slash must be the leading character of the path -// 2. White-space is forbidden in the path -// 3. Continuous/double slash is forbidden in the path -// 4. Wildcard "*" should only do suffix glob matching. Note that wildcard also matches slashes. -func ValidateNonResourceURLPath(path string, fldPath *field.Path) *field.Error { - if len(path) == 0 { - return field.Invalid(fldPath, path, "must not be empty") - } - if path == "/" { // root path - return nil - } - - if !strings.HasPrefix(path, "/") { - return field.Invalid(fldPath, path, "must start with slash") - } - if strings.Contains(path, " ") { - return field.Invalid(fldPath, path, "must not contain white-space") - } - if strings.Contains(path, "//") { - return field.Invalid(fldPath, path, "must not contain double slash") - } - wildcardCount := strings.Count(path, "*") - if wildcardCount > 1 || (wildcardCount == 1 && path[len(path)-2:] != "/*") { - return field.Invalid(fldPath, path, "wildcard can only do suffix matching") - } - return nil -} - -func hasWildcard(operations []string) bool { - return memberInList("*", operations...) -} - -func memberInList(seek string, a ...string) bool { - for _, ai := range a { - if ai == seek { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/zz_generated.deepcopy.go deleted file mode 100644 index 95832ca892..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/flowcontrol/zz_generated.deepcopy.go +++ /dev/null @@ -1,552 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package flowcontrol - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowDistinguisherMethod. -func (in *FlowDistinguisherMethod) DeepCopy() *FlowDistinguisherMethod { - if in == nil { - return nil - } - out := new(FlowDistinguisherMethod) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowSchema) DeepCopyInto(out *FlowSchema) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchema. -func (in *FlowSchema) DeepCopy() *FlowSchema { - if in == nil { - return nil - } - out := new(FlowSchema) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *FlowSchema) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowSchemaCondition) DeepCopyInto(out *FlowSchemaCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaCondition. -func (in *FlowSchemaCondition) DeepCopy() *FlowSchemaCondition { - if in == nil { - return nil - } - out := new(FlowSchemaCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowSchemaList) DeepCopyInto(out *FlowSchemaList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]FlowSchema, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaList. -func (in *FlowSchemaList) DeepCopy() *FlowSchemaList { - if in == nil { - return nil - } - out := new(FlowSchemaList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *FlowSchemaList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowSchemaSpec) DeepCopyInto(out *FlowSchemaSpec) { - *out = *in - out.PriorityLevelConfiguration = in.PriorityLevelConfiguration - if in.DistinguisherMethod != nil { - in, out := &in.DistinguisherMethod, &out.DistinguisherMethod - *out = new(FlowDistinguisherMethod) - **out = **in - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]PolicyRulesWithSubjects, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaSpec. -func (in *FlowSchemaSpec) DeepCopy() *FlowSchemaSpec { - if in == nil { - return nil - } - out := new(FlowSchemaSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FlowSchemaStatus) DeepCopyInto(out *FlowSchemaStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]FlowSchemaCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowSchemaStatus. -func (in *FlowSchemaStatus) DeepCopy() *FlowSchemaStatus { - if in == nil { - return nil - } - out := new(FlowSchemaStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GroupSubject) DeepCopyInto(out *GroupSubject) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSubject. -func (in *GroupSubject) DeepCopy() *GroupSubject { - if in == nil { - return nil - } - out := new(GroupSubject) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitResponse) DeepCopyInto(out *LimitResponse) { - *out = *in - if in.Queuing != nil { - in, out := &in.Queuing, &out.Queuing - *out = new(QueuingConfiguration) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitResponse. -func (in *LimitResponse) DeepCopy() *LimitResponse { - if in == nil { - return nil - } - out := new(LimitResponse) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LimitedPriorityLevelConfiguration) DeepCopyInto(out *LimitedPriorityLevelConfiguration) { - *out = *in - in.LimitResponse.DeepCopyInto(&out.LimitResponse) - if in.LendablePercent != nil { - in, out := &in.LendablePercent, &out.LendablePercent - *out = new(int32) - **out = **in - } - if in.BorrowingLimitPercent != nil { - in, out := &in.BorrowingLimitPercent, &out.BorrowingLimitPercent - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitedPriorityLevelConfiguration. -func (in *LimitedPriorityLevelConfiguration) DeepCopy() *LimitedPriorityLevelConfiguration { - if in == nil { - return nil - } - out := new(LimitedPriorityLevelConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NonResourcePolicyRule) DeepCopyInto(out *NonResourcePolicyRule) { - *out = *in - if in.Verbs != nil { - in, out := &in.Verbs, &out.Verbs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.NonResourceURLs != nil { - in, out := &in.NonResourceURLs, &out.NonResourceURLs - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonResourcePolicyRule. -func (in *NonResourcePolicyRule) DeepCopy() *NonResourcePolicyRule { - if in == nil { - return nil - } - out := new(NonResourcePolicyRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyRulesWithSubjects) DeepCopyInto(out *PolicyRulesWithSubjects) { - *out = *in - if in.Subjects != nil { - in, out := &in.Subjects, &out.Subjects - *out = make([]Subject, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ResourceRules != nil { - in, out := &in.ResourceRules, &out.ResourceRules - *out = make([]ResourcePolicyRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.NonResourceRules != nil { - in, out := &in.NonResourceRules, &out.NonResourceRules - *out = make([]NonResourcePolicyRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRulesWithSubjects. -func (in *PolicyRulesWithSubjects) DeepCopy() *PolicyRulesWithSubjects { - if in == nil { - return nil - } - out := new(PolicyRulesWithSubjects) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityLevelConfiguration) DeepCopyInto(out *PriorityLevelConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfiguration. -func (in *PriorityLevelConfiguration) DeepCopy() *PriorityLevelConfiguration { - if in == nil { - return nil - } - out := new(PriorityLevelConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PriorityLevelConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityLevelConfigurationCondition) DeepCopyInto(out *PriorityLevelConfigurationCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationCondition. -func (in *PriorityLevelConfigurationCondition) DeepCopy() *PriorityLevelConfigurationCondition { - if in == nil { - return nil - } - out := new(PriorityLevelConfigurationCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityLevelConfigurationList) DeepCopyInto(out *PriorityLevelConfigurationList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PriorityLevelConfiguration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationList. -func (in *PriorityLevelConfigurationList) DeepCopy() *PriorityLevelConfigurationList { - if in == nil { - return nil - } - out := new(PriorityLevelConfigurationList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PriorityLevelConfigurationList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityLevelConfigurationReference) DeepCopyInto(out *PriorityLevelConfigurationReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationReference. -func (in *PriorityLevelConfigurationReference) DeepCopy() *PriorityLevelConfigurationReference { - if in == nil { - return nil - } - out := new(PriorityLevelConfigurationReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigurationSpec) { - *out = *in - if in.Limited != nil { - in, out := &in.Limited, &out.Limited - *out = new(LimitedPriorityLevelConfiguration) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationSpec. -func (in *PriorityLevelConfigurationSpec) DeepCopy() *PriorityLevelConfigurationSpec { - if in == nil { - return nil - } - out := new(PriorityLevelConfigurationSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityLevelConfigurationStatus) DeepCopyInto(out *PriorityLevelConfigurationStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]PriorityLevelConfigurationCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityLevelConfigurationStatus. -func (in *PriorityLevelConfigurationStatus) DeepCopy() *PriorityLevelConfigurationStatus { - if in == nil { - return nil - } - out := new(PriorityLevelConfigurationStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *QueuingConfiguration) DeepCopyInto(out *QueuingConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueuingConfiguration. -func (in *QueuingConfiguration) DeepCopy() *QueuingConfiguration { - if in == nil { - return nil - } - out := new(QueuingConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourcePolicyRule) DeepCopyInto(out *ResourcePolicyRule) { - *out = *in - if in.Verbs != nil { - in, out := &in.Verbs, &out.Verbs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.APIGroups != nil { - in, out := &in.APIGroups, &out.APIGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyRule. -func (in *ResourcePolicyRule) DeepCopy() *ResourcePolicyRule { - if in == nil { - return nil - } - out := new(ResourcePolicyRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceAccountSubject) DeepCopyInto(out *ServiceAccountSubject) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountSubject. -func (in *ServiceAccountSubject) DeepCopy() *ServiceAccountSubject { - if in == nil { - return nil - } - out := new(ServiceAccountSubject) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Subject) DeepCopyInto(out *Subject) { - *out = *in - if in.User != nil { - in, out := &in.User, &out.User - *out = new(UserSubject) - **out = **in - } - if in.Group != nil { - in, out := &in.Group, &out.Group - *out = new(GroupSubject) - **out = **in - } - if in.ServiceAccount != nil { - in, out := &in.ServiceAccount, &out.ServiceAccount - *out = new(ServiceAccountSubject) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject. -func (in *Subject) DeepCopy() *Subject { - if in == nil { - return nil - } - out := new(Subject) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UserSubject) DeepCopyInto(out *UserSubject) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserSubject. -func (in *UserSubject) DeepCopy() *UserSubject { - if in == nil { - return nil - } - out := new(UserSubject) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/OWNERS deleted file mode 100644 index 59ee7e4862..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-policy-approvers - - sig-auth-policy-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/doc.go deleted file mode 100644 index bfcdee2a48..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=imagepolicy.k8s.io - -package imagepolicy // import "k8s.io/kubernetes/pkg/apis/imagepolicy" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/install/install.go deleted file mode 100644 index f4937181c9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/install/install.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/imagepolicy" - "k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(imagepolicy.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/register.go deleted file mode 100644 index 67d42c375d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package imagepolicy - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "imagepolicy.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ImageReview{}, - ) - // metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/types.go deleted file mode 100644 index 1117094073..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/types.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package imagepolicy - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ImageReview checks if the set of images in a pod are allowed. -type ImageReview struct { - metav1.TypeMeta - metav1.ObjectMeta - - // Spec holds information about the pod being evaluated - Spec ImageReviewSpec - - // Status is filled in by the backend and indicates whether the pod should be allowed. - Status ImageReviewStatus -} - -// ImageReviewSpec is a description of the pod creation request. -type ImageReviewSpec struct { - // Containers is a list of a subset of the information in each container of the Pod being created. - Containers []ImageReviewContainerSpec - // Annotations is a list of key-value pairs extracted from the Pod's annotations. - // It only includes keys which match the pattern `*.image-policy.k8s.io/*`. - // It is up to each webhook backend to determine how to interpret these annotations, if at all. - Annotations map[string]string - // Namespace is the namespace the pod is being created in. - Namespace string -} - -// ImageReviewContainerSpec is a description of a container within the pod creation request. -type ImageReviewContainerSpec struct { - // This can be in the form image:tag or image@SHA:012345679abcdef. - Image string - // In future, we may add command line overrides, exec health check command lines, and so on. -} - -// ImageReviewStatus is the result of the review for the pod creation request. -type ImageReviewStatus struct { - // Allowed indicates that all images were allowed to be run. - Allowed bool - // Reason should be empty unless Allowed is false in which case it - // may contain a short description of what is wrong. Kubernetes - // may truncate excessively long errors when displaying to the user. - Reason string - // AuditAnnotations will be added to the attributes object of the - // admission controller request using 'AddAnnotation'. The keys should - // be prefix-less (i.e., the admission controller will add an - // appropriate prefix). - AuditAnnotations map[string]string -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/doc.go deleted file mode 100644 index ee89ed219d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/imagepolicy -// +k8s:conversion-gen-external-types=k8s.io/api/imagepolicy/v1alpha1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/imagepolicy/v1alpha1 - -// +groupName=imagepolicy.k8s.io - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/register.go deleted file mode 100644 index 0f7ef7a23b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - imagepolicyv1alpha1 "k8s.io/api/imagepolicy/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name for this API. -const GroupName = "imagepolicy.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &imagepolicyv1alpha1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 466f8edf56..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,181 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1alpha1 "k8s.io/api/imagepolicy/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - imagepolicy "k8s.io/kubernetes/pkg/apis/imagepolicy" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.ImageReview)(nil), (*imagepolicy.ImageReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ImageReview_To_imagepolicy_ImageReview(a.(*v1alpha1.ImageReview), b.(*imagepolicy.ImageReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*imagepolicy.ImageReview)(nil), (*v1alpha1.ImageReview)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_imagepolicy_ImageReview_To_v1alpha1_ImageReview(a.(*imagepolicy.ImageReview), b.(*v1alpha1.ImageReview), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ImageReviewContainerSpec)(nil), (*imagepolicy.ImageReviewContainerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ImageReviewContainerSpec_To_imagepolicy_ImageReviewContainerSpec(a.(*v1alpha1.ImageReviewContainerSpec), b.(*imagepolicy.ImageReviewContainerSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*imagepolicy.ImageReviewContainerSpec)(nil), (*v1alpha1.ImageReviewContainerSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_imagepolicy_ImageReviewContainerSpec_To_v1alpha1_ImageReviewContainerSpec(a.(*imagepolicy.ImageReviewContainerSpec), b.(*v1alpha1.ImageReviewContainerSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ImageReviewSpec)(nil), (*imagepolicy.ImageReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ImageReviewSpec_To_imagepolicy_ImageReviewSpec(a.(*v1alpha1.ImageReviewSpec), b.(*imagepolicy.ImageReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*imagepolicy.ImageReviewSpec)(nil), (*v1alpha1.ImageReviewSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_imagepolicy_ImageReviewSpec_To_v1alpha1_ImageReviewSpec(a.(*imagepolicy.ImageReviewSpec), b.(*v1alpha1.ImageReviewSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ImageReviewStatus)(nil), (*imagepolicy.ImageReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ImageReviewStatus_To_imagepolicy_ImageReviewStatus(a.(*v1alpha1.ImageReviewStatus), b.(*imagepolicy.ImageReviewStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*imagepolicy.ImageReviewStatus)(nil), (*v1alpha1.ImageReviewStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_imagepolicy_ImageReviewStatus_To_v1alpha1_ImageReviewStatus(a.(*imagepolicy.ImageReviewStatus), b.(*v1alpha1.ImageReviewStatus), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_ImageReview_To_imagepolicy_ImageReview(in *v1alpha1.ImageReview, out *imagepolicy.ImageReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_ImageReviewSpec_To_imagepolicy_ImageReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_ImageReviewStatus_To_imagepolicy_ImageReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ImageReview_To_imagepolicy_ImageReview is an autogenerated conversion function. -func Convert_v1alpha1_ImageReview_To_imagepolicy_ImageReview(in *v1alpha1.ImageReview, out *imagepolicy.ImageReview, s conversion.Scope) error { - return autoConvert_v1alpha1_ImageReview_To_imagepolicy_ImageReview(in, out, s) -} - -func autoConvert_imagepolicy_ImageReview_To_v1alpha1_ImageReview(in *imagepolicy.ImageReview, out *v1alpha1.ImageReview, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_imagepolicy_ImageReviewSpec_To_v1alpha1_ImageReviewSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_imagepolicy_ImageReviewStatus_To_v1alpha1_ImageReviewStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_imagepolicy_ImageReview_To_v1alpha1_ImageReview is an autogenerated conversion function. -func Convert_imagepolicy_ImageReview_To_v1alpha1_ImageReview(in *imagepolicy.ImageReview, out *v1alpha1.ImageReview, s conversion.Scope) error { - return autoConvert_imagepolicy_ImageReview_To_v1alpha1_ImageReview(in, out, s) -} - -func autoConvert_v1alpha1_ImageReviewContainerSpec_To_imagepolicy_ImageReviewContainerSpec(in *v1alpha1.ImageReviewContainerSpec, out *imagepolicy.ImageReviewContainerSpec, s conversion.Scope) error { - out.Image = in.Image - return nil -} - -// Convert_v1alpha1_ImageReviewContainerSpec_To_imagepolicy_ImageReviewContainerSpec is an autogenerated conversion function. -func Convert_v1alpha1_ImageReviewContainerSpec_To_imagepolicy_ImageReviewContainerSpec(in *v1alpha1.ImageReviewContainerSpec, out *imagepolicy.ImageReviewContainerSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ImageReviewContainerSpec_To_imagepolicy_ImageReviewContainerSpec(in, out, s) -} - -func autoConvert_imagepolicy_ImageReviewContainerSpec_To_v1alpha1_ImageReviewContainerSpec(in *imagepolicy.ImageReviewContainerSpec, out *v1alpha1.ImageReviewContainerSpec, s conversion.Scope) error { - out.Image = in.Image - return nil -} - -// Convert_imagepolicy_ImageReviewContainerSpec_To_v1alpha1_ImageReviewContainerSpec is an autogenerated conversion function. -func Convert_imagepolicy_ImageReviewContainerSpec_To_v1alpha1_ImageReviewContainerSpec(in *imagepolicy.ImageReviewContainerSpec, out *v1alpha1.ImageReviewContainerSpec, s conversion.Scope) error { - return autoConvert_imagepolicy_ImageReviewContainerSpec_To_v1alpha1_ImageReviewContainerSpec(in, out, s) -} - -func autoConvert_v1alpha1_ImageReviewSpec_To_imagepolicy_ImageReviewSpec(in *v1alpha1.ImageReviewSpec, out *imagepolicy.ImageReviewSpec, s conversion.Scope) error { - out.Containers = *(*[]imagepolicy.ImageReviewContainerSpec)(unsafe.Pointer(&in.Containers)) - out.Annotations = *(*map[string]string)(unsafe.Pointer(&in.Annotations)) - out.Namespace = in.Namespace - return nil -} - -// Convert_v1alpha1_ImageReviewSpec_To_imagepolicy_ImageReviewSpec is an autogenerated conversion function. -func Convert_v1alpha1_ImageReviewSpec_To_imagepolicy_ImageReviewSpec(in *v1alpha1.ImageReviewSpec, out *imagepolicy.ImageReviewSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ImageReviewSpec_To_imagepolicy_ImageReviewSpec(in, out, s) -} - -func autoConvert_imagepolicy_ImageReviewSpec_To_v1alpha1_ImageReviewSpec(in *imagepolicy.ImageReviewSpec, out *v1alpha1.ImageReviewSpec, s conversion.Scope) error { - out.Containers = *(*[]v1alpha1.ImageReviewContainerSpec)(unsafe.Pointer(&in.Containers)) - out.Annotations = *(*map[string]string)(unsafe.Pointer(&in.Annotations)) - out.Namespace = in.Namespace - return nil -} - -// Convert_imagepolicy_ImageReviewSpec_To_v1alpha1_ImageReviewSpec is an autogenerated conversion function. -func Convert_imagepolicy_ImageReviewSpec_To_v1alpha1_ImageReviewSpec(in *imagepolicy.ImageReviewSpec, out *v1alpha1.ImageReviewSpec, s conversion.Scope) error { - return autoConvert_imagepolicy_ImageReviewSpec_To_v1alpha1_ImageReviewSpec(in, out, s) -} - -func autoConvert_v1alpha1_ImageReviewStatus_To_imagepolicy_ImageReviewStatus(in *v1alpha1.ImageReviewStatus, out *imagepolicy.ImageReviewStatus, s conversion.Scope) error { - out.Allowed = in.Allowed - out.Reason = in.Reason - out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations)) - return nil -} - -// Convert_v1alpha1_ImageReviewStatus_To_imagepolicy_ImageReviewStatus is an autogenerated conversion function. -func Convert_v1alpha1_ImageReviewStatus_To_imagepolicy_ImageReviewStatus(in *v1alpha1.ImageReviewStatus, out *imagepolicy.ImageReviewStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_ImageReviewStatus_To_imagepolicy_ImageReviewStatus(in, out, s) -} - -func autoConvert_imagepolicy_ImageReviewStatus_To_v1alpha1_ImageReviewStatus(in *imagepolicy.ImageReviewStatus, out *v1alpha1.ImageReviewStatus, s conversion.Scope) error { - out.Allowed = in.Allowed - out.Reason = in.Reason - out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations)) - return nil -} - -// Convert_imagepolicy_ImageReviewStatus_To_v1alpha1_ImageReviewStatus is an autogenerated conversion function. -func Convert_imagepolicy_ImageReviewStatus_To_v1alpha1_ImageReviewStatus(in *imagepolicy.ImageReviewStatus, out *v1alpha1.ImageReviewStatus, s conversion.Scope) error { - return autoConvert_imagepolicy_ImageReviewStatus_To_v1alpha1_ImageReviewStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/zz_generated.deepcopy.go deleted file mode 100644 index d59c9ddcae..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/imagepolicy/zz_generated.deepcopy.go +++ /dev/null @@ -1,121 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package imagepolicy - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageReview) DeepCopyInto(out *ImageReview) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReview. -func (in *ImageReview) DeepCopy() *ImageReview { - if in == nil { - return nil - } - out := new(ImageReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImageReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageReviewContainerSpec) DeepCopyInto(out *ImageReviewContainerSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReviewContainerSpec. -func (in *ImageReviewContainerSpec) DeepCopy() *ImageReviewContainerSpec { - if in == nil { - return nil - } - out := new(ImageReviewContainerSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageReviewSpec) DeepCopyInto(out *ImageReviewSpec) { - *out = *in - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = make([]ImageReviewContainerSpec, len(*in)) - copy(*out, *in) - } - if in.Annotations != nil { - in, out := &in.Annotations, &out.Annotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReviewSpec. -func (in *ImageReviewSpec) DeepCopy() *ImageReviewSpec { - if in == nil { - return nil - } - out := new(ImageReviewSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageReviewStatus) DeepCopyInto(out *ImageReviewStatus) { - *out = *in - if in.AuditAnnotations != nil { - in, out := &in.AuditAnnotations, &out.AuditAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReviewStatus. -func (in *ImageReviewStatus) DeepCopy() *ImageReviewStatus { - if in == nil { - return nil - } - out := new(ImageReviewStatus) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/OWNERS deleted file mode 100644 index 4d2b7f556f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-network-api-approvers -reviewers: - - sig-network-api-reviewers -labels: - - sig/network diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/doc.go deleted file mode 100644 index 218cd6c2f7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=networking.k8s.io - -package networking // import "k8s.io/kubernetes/pkg/apis/networking" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/install/install.go deleted file mode 100644 index c29708f2cb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/apis/networking/v1" - "k8s.io/kubernetes/pkg/apis/networking/v1alpha1" - "k8s.io/kubernetes/pkg/apis/networking/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(networking.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion, v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/register.go deleted file mode 100644 index 486bf834bf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/register.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networking - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "networking.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &NetworkPolicy{}, - &NetworkPolicyList{}, - &Ingress{}, - &IngressList{}, - &IngressClass{}, - &IngressClassList{}, - &ClusterCIDR{}, - &ClusterCIDRList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/types.go deleted file mode 100644 index 7edd4cb34d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/types.go +++ /dev/null @@ -1,687 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networking - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkPolicy describes what network traffic is allowed for a set of Pods -type NetworkPolicy struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior for this NetworkPolicy. - // +optional - Spec NetworkPolicySpec - - // Status is the current state of the NetworkPolicy. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Status NetworkPolicyStatus -} - -// PolicyType describes the NetworkPolicy type -// This type is beta-level in 1.8 -type PolicyType string - -const ( - // PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods - PolicyTypeIngress PolicyType = "Ingress" - // PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods - PolicyTypeEgress PolicyType = "Egress" -) - -// NetworkPolicySpec provides the specification of a NetworkPolicy -type NetworkPolicySpec struct { - // Selects the pods to which this NetworkPolicy object applies. The array of - // ingress rules is applied to any pods selected by this field. Multiple network - // policies can select the same set of pods. In this case, the ingress rules for - // each are combined additively. This field is NOT optional and follows standard - // label selector semantics. An empty podSelector matches all pods in this - // namespace. - PodSelector metav1.LabelSelector - - // List of ingress rules to be applied to the selected pods. Traffic is allowed to - // a pod if there are no NetworkPolicies selecting the pod - // (and cluster policy otherwise allows the traffic), OR if the traffic source is - // the pod's local node, OR if the traffic matches at least one ingress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy does not allow any traffic (and serves - // solely to ensure that the pods it selects are isolated by default) - // +optional - Ingress []NetworkPolicyIngressRule - - // List of egress rules to be applied to the selected pods. Outgoing traffic is - // allowed if there are no NetworkPolicies selecting the pod (and cluster policy - // otherwise allows the traffic), OR if the traffic matches at least one egress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves - // solely to ensure that the pods it selects are isolated by default). - // This field is beta-level in 1.8 - // +optional - Egress []NetworkPolicyEgressRule - - // List of rule types that the NetworkPolicy relates to. - // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. - // If this field is not specified, it will default based on the existence of Ingress or Egress rules; - // policies that contain an Egress section are assumed to affect Egress, and all policies - // (whether or not they contain an Ingress section) are assumed to affect Ingress. - // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. - // Likewise, if you want to write a policy that specifies that no egress is allowed, - // you must specify a policyTypes value that include "Egress" (since such a policy would not include - // an Egress section and would otherwise default to just [ "Ingress" ]). - // This field is beta-level in 1.8 - // +optional - PolicyTypes []PolicyType -} - -// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from. -type NetworkPolicyIngressRule struct { - // List of ports which should be made accessible on the pods selected for this - // rule. Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - Ports []NetworkPolicyPort - - // List of sources which should be able to access the pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all sources (traffic not restricted by - // source). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the from list. - // +optional - From []NetworkPolicyPeer -} - -// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. -// This type is beta-level in 1.8 -type NetworkPolicyEgressRule struct { - // List of destination ports for outgoing traffic. - // Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - Ports []NetworkPolicyPort - - // List of destinations for outgoing traffic of pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all destinations (traffic not restricted by - // destination). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the to list. - // +optional - To []NetworkPolicyPeer -} - -// NetworkPolicyPort describes a port to allow traffic on -type NetworkPolicyPort struct { - // The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this - // field defaults to TCP. - // +optional - Protocol *api.Protocol - - // The port on the given protocol. This can either be a numerical or named - // port on a pod. If this field is not provided, this matches all port names and - // numbers. - // If present, only traffic on the specified protocol AND port will be matched. - // +optional - Port *intstr.IntOrString - - // If set, indicates that the range of ports from port to endPort, inclusive, - // should be allowed by the policy. This field cannot be defined if the port field - // is not defined or if the port field is defined as a named (string) port. - // The endPort must be equal or greater than port. - // +optional - EndPort *int32 -} - -// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed -// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs -// that should not be included within this rule. -type IPBlock struct { - // CIDR is a string representing the IP Block - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - CIDR string - // Except is a slice of CIDRs that should not be included within an IP Block - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - // Except values will be rejected if they are outside the CIDR range - // +optional - Except []string -} - -// NetworkPolicyPeer describes a peer to allow traffic to/from. -type NetworkPolicyPeer struct { - // This is a label selector which selects Pods. This field follows standard label - // selector semantics; if present but empty, it selects all pods. - // - // If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects - // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. - // Otherwise it selects the Pods matching PodSelector in the policy's own Namespace. - // +optional - PodSelector *metav1.LabelSelector - - // Selects Namespaces using cluster-scoped labels. This field follows standard label - // selector semantics; if present but empty, it selects all namespaces. - // - // If PodSelector is also set, then the NetworkPolicyPeer as a whole selects - // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. - // Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector. - // +optional - NamespaceSelector *metav1.LabelSelector - - // IPBlock defines policy on a particular IPBlock. If this field is set then - // neither of the other fields can be. - // +optional - IPBlock *IPBlock -} - -// NetworkPolicyConditionType is the type for status conditions on -// a NetworkPolicy. This type should be used with the -// NetworkPolicyStatus.Conditions field. -type NetworkPolicyConditionType string - -const ( - // NetworkPolicyConditionStatusAccepted represents status of a Network Policy that could be properly parsed by - // the Network Policy provider and will be implemented in the cluster - NetworkPolicyConditionStatusAccepted NetworkPolicyConditionType = "Accepted" - - // NetworkPolicyConditionStatusPartialFailure represents status of a Network Policy that could be partially - // parsed by the Network Policy provider and may not be completely implemented due to a lack of a feature or some - // other condition - NetworkPolicyConditionStatusPartialFailure NetworkPolicyConditionType = "PartialFailure" - - // NetworkPolicyConditionStatusFailure represents status of a Network Policy that could not be parsed by the - // Network Policy provider and will not be implemented in the cluster - NetworkPolicyConditionStatusFailure NetworkPolicyConditionType = "Failure" -) - -// NetworkPolicyConditionReason defines the set of reasons that explain why a -// particular NetworkPolicy condition type has been raised. -type NetworkPolicyConditionReason string - -const ( - // NetworkPolicyConditionReasonFeatureNotSupported represents a reason where the Network Policy may not have been - // implemented in the cluster due to a lack of some feature not supported by the Network Policy provider - NetworkPolicyConditionReasonFeatureNotSupported NetworkPolicyConditionReason = "FeatureNotSupported" -) - -// NetworkPolicyStatus describe the current state of the NetworkPolicy. -type NetworkPolicyStatus struct { - // Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. - Conditions []metav1.Condition -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkPolicyList is a list of NetworkPolicy objects. -type NetworkPolicyList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []NetworkPolicy -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Ingress is a collection of rules that allow inbound connections to reach the -// endpoints defined by a backend. An Ingress can be configured to give services -// externally-reachable urls, load balance traffic, terminate SSL, offer name -// based virtual hosting etc. -type Ingress struct { - metav1.TypeMeta - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Spec is the desired state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec IngressSpec - - // Status is the current state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Status IngressStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// IngressList is a collection of Ingress. -type IngressList struct { - metav1.TypeMeta - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // Items is the list of Ingress. - Items []Ingress -} - -// IngressSpec describes the Ingress the user wishes to exist. -type IngressSpec struct { - // IngressClassName is the name of the IngressClass cluster resource. The - // associated IngressClass defines which controller will implement the - // resource. This replaces the deprecated `kubernetes.io/ingress.class` - // annotation. For backwards compatibility, when that annotation is set, it - // must be given precedence over this field. The controller may emit a - // warning if the field and annotation have different values. - // Implementations of this API should ignore Ingresses without a class - // specified. An IngressClass resource may be marked as default, which can - // be used to set a default value for this field. For more information, - // refer to the IngressClass documentation. - // +optional - IngressClassName *string - - // DefaultBackend is the backend that should handle requests that don't - // match any rule. If Rules are not specified, DefaultBackend must be specified. - // If DefaultBackend is not set, the handling of requests that do not match any - // of the rules will be up to the Ingress controller. - // +optional - DefaultBackend *IngressBackend - - // TLS configuration. Currently the Ingress only supports a single TLS - // port, 443. If multiple members of this list specify different hosts, they - // will be multiplexed on the same port according to the hostname specified - // through the SNI TLS extension, if the ingress controller fulfilling the - // ingress supports SNI. - // +listType=atomic - // +optional - TLS []IngressTLS - - // A list of host rules used to configure the Ingress. If unspecified, or - // no rule matches, all traffic is sent to the default backend. - // +listType=atomic - // +optional - Rules []IngressRule -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// IngressClass represents the class of the Ingress, referenced by the Ingress -// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be -// used to indicate that an IngressClass should be considered default. When a -// single IngressClass resource has this annotation set to true, new Ingress -// resources without a class specified will be assigned this default class. -type IngressClass struct { - metav1.TypeMeta - metav1.ObjectMeta - - // Spec is the desired state of the IngressClass. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - Spec IngressClassSpec -} - -// IngressClassSpec provides information about the class of an Ingress. -type IngressClassSpec struct { - // Controller refers to the name of the controller that should handle this - // class. This allows for different "flavors" that are controlled by the - // same controller. For example, you may have different Parameters for the - // same implementing controller. This should be specified as a - // domain-prefixed path no more than 250 characters in length, e.g. - // "acme.io/ingress-controller". This field is immutable. - Controller string - - // Parameters is a link to a custom resource containing additional - // configuration for the controller. This is optional if the controller does - // not require extra parameters. - // +optional - Parameters *IngressClassParametersReference -} - -const ( - // IngressClassParametersReferenceScopeNamespace indicates that the - // referenced Parameters resource is namespace-scoped. - IngressClassParametersReferenceScopeNamespace = "Namespace" - // IngressClassParametersReferenceScopeCluster indicates that the - // referenced Parameters resource is cluster-scoped. - IngressClassParametersReferenceScopeCluster = "Cluster" -) - -// IngressClassParametersReference identifies an API object. This can be used -// to specify a cluster or namespace-scoped resource. -type IngressClassParametersReference struct { - // APIGroup is the group for the resource being referenced. If APIGroup is - // not specified, the specified Kind must be in the core API group. For any - // other third-party types, APIGroup is required. - // +optional - APIGroup *string - // Kind is the type of resource being referenced. - Kind string - // Name is the name of resource being referenced. - Name string - // Scope represents if this refers to a cluster or namespace scoped resource. - // This may be set to "Cluster" (default) or "Namespace". - // +optional - Scope *string - // Namespace is the namespace of the resource being referenced. This field is - // required when scope is set to "Namespace" and must be unset when scope is set to - // "Cluster". - // +optional - Namespace *string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// IngressClassList is a collection of IngressClasses. -type IngressClassList struct { - metav1.TypeMeta - // Standard object's metadata. - // +optional - metav1.ListMeta - - // Items is the list of IngressClasses. - Items []IngressClass -} - -// IngressTLS describes the transport layer security associated with an Ingress. -type IngressTLS struct { - // Hosts are a list of hosts included in the TLS certificate. The values in - // this list must match the name/s used in the tlsSecret. Defaults to the - // wildcard host setting for the loadbalancer controller fulfilling this - // Ingress, if left unspecified. - // +listType=atomic - // +optional - Hosts []string - // SecretName is the name of the secret used to terminate TLS traffic on - // port 443. Field is left optional to allow TLS routing based on SNI - // hostname alone. If the SNI host in a listener conflicts with the "Host" - // header field used by an IngressRule, the SNI host is used for termination - // and value of the Host header is used for routing. - // +optional - SecretName string - // TODO: Consider specifying different modes of termination, protocols etc. -} - -// IngressStatus describe the current state of the Ingress. -type IngressStatus struct { - // LoadBalancer contains the current status of the load-balancer. - // +optional - LoadBalancer IngressLoadBalancerStatus -} - -// IngressLoadBalancerStatus represents the status of a load-balancer -type IngressLoadBalancerStatus struct { - // Ingress is a list containing ingress points for the load-balancer. - // +optional - Ingress []IngressLoadBalancerIngress -} - -// IngressLoadBalancerIngress represents the status of a load-balancer ingress point. -type IngressLoadBalancerIngress struct { - // IP is set for load-balancer ingress points that are IP based. - // +optional - IP string - - // Hostname is set for load-balancer ingress points that are DNS based. - // +optional - Hostname string - - // Ports provides information about the ports exposed by this LoadBalancer. - // +optional - Ports []IngressPortStatus -} - -// IngressPortStatus represents the error condition of an ingress port -type IngressPortStatus struct { - // Port is the port number of the ingress port. - Port int32 - - // Protocol is the protocol of the ingress port. - Protocol api.Protocol - - // Error indicates a problem on this port. - // The format of the error must comply with the following rules: - // - Kubernetes-defined error values use CamelCase names - // - Provider-specific error values must follow label-name style (e.g. - // example.com/name). - Error *string -} - -// IngressRule represents the rules mapping the paths under a specified host to -// the related backend services. Incoming requests are first evaluated for a -// host match, then routed to the backend associated with the matching -// IngressRuleValue. -type IngressRule struct { - // Host is the fully qualified domain name of a network host, as defined by RFC 3986. - // Note the following deviations from the "host" part of the - // URI as defined in RFC 3986: - // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to - // the IP in the Spec of the parent Ingress. - // 2. The `:` delimiter is not respected because ports are not allowed. - // Currently the port of an Ingress is implicitly :80 for http and - // :443 for https. - // Both these may change in the future. - // Incoming requests are matched against the host before the - // IngressRuleValue. If the host is unspecified, the Ingress routes all - // traffic based on the specified IngressRuleValue. - // - // Host can be "precise" which is a domain name without the terminating dot of - // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name - // prefixed with a single wildcard label (e.g. "*.foo.com"). - // The wildcard character '*' must appear by itself as the first DNS label and - // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). - // Requests will be matched against the Host field in the following way: - // 1. If Host is precise, the request matches this rule if the http host header is equal to Host. - // 2. If Host is a wildcard, then the request matches this rule if the http host header - // is to equal to the suffix (removing the first label) of the wildcard rule. - // +optional - Host string - // IngressRuleValue represents a rule to route requests for this - // IngressRule. If unspecified, the rule defaults to a http catch-all. - // Whether that sends just traffic matching the host to the default backend - // or all traffic to the default backend, is left to the controller - // fulfilling the Ingress. Http is currently the only supported - // IngressRuleValue. - // +optional - IngressRuleValue -} - -// IngressRuleValue represents a rule to apply against incoming requests. If the -// rule is satisfied, the request is routed to the specified backend. Currently -// mixing different types of rules in a single Ingress is disallowed, so exactly -// one of the following must be set. -type IngressRuleValue struct { - //TODO: - // 1. Consider renaming this resource and the associated rules so they - // aren't tied to Ingress. They can be used to route intra-cluster traffic. - // 2. Consider adding fields for ingress-type specific global options - // usable by a loadbalancer, like http keep-alive. - - // +optional - HTTP *HTTPIngressRuleValue -} - -// HTTPIngressRuleValue is a list of http selectors pointing to backends. -// In the example: http://<host>/<path>?<searchpart> -> backend where -// where parts of the url correspond to RFC 3986, this resource will be used -// to match against everything after the last '/' and before the first '?' -// or '#'. -type HTTPIngressRuleValue struct { - // A collection of paths that map requests to backends. - // +listType=atomic - Paths []HTTPIngressPath - // TODO: Consider adding fields for ingress-type specific global - // options usable by a loadbalancer, like http keep-alive. -} - -// PathType represents the type of path referred to by a HTTPIngressPath. -type PathType string - -const ( - // PathTypeExact matches the URL path exactly and with case sensitivity. - PathTypeExact = PathType("Exact") - - // PathTypePrefix matches based on a URL path prefix split by '/'. Matching - // is case sensitive and done on a path element by element basis. A path - // element refers to the list of labels in the path split by the '/' - // separator. A request is a match for path p if every p is an element-wise - // prefix of p of the request path. Note that if the last element of the - // path is a substring of the last element in request path, it is not a - // match (e.g. /foo/bar matches /foo/bar/baz, but does not match - // /foo/barbaz). If multiple matching paths exist in an Ingress spec, the - // longest matching path is given priority. - // Examples: - // - /foo/bar does not match requests to /foo/barbaz - // - /foo/bar matches request to /foo/bar and /foo/bar/baz - // - /foo and /foo/ both match requests to /foo and /foo/. If both paths are - // present in an Ingress spec, the longest matching path (/foo/) is given - // priority. - PathTypePrefix = PathType("Prefix") - - // PathTypeImplementationSpecific matching is up to the IngressClass. - // Implementations can treat this as a separate PathType or treat it - // identically to Prefix or Exact path types. - PathTypeImplementationSpecific = PathType("ImplementationSpecific") -) - -// HTTPIngressPath associates a path with a backend. Incoming urls matching the -// path are forwarded to the backend. -type HTTPIngressPath struct { - // Path is matched against the path of an incoming request. Currently it can - // contain characters disallowed from the conventional "path" part of a URL - // as defined by RFC 3986. Paths must begin with a '/' and must be present - // when using PathType with value "Exact" or "Prefix". - // +optional - Path string - - // PathType determines the interpretation of the Path matching. PathType can - // be one of Exact, Prefix, or ImplementationSpecific. Implementations are - // required to support all path types. - // +optional - PathType *PathType - - // Backend defines the referenced service endpoint to which the traffic - // will be forwarded to. - Backend IngressBackend -} - -// IngressBackend describes all endpoints for a given service and port. -type IngressBackend struct { - // Service references a Service as a Backend. - // This is a mutually exclusive setting with "Resource". - // +optional - Service *IngressServiceBackend - - // Resource is an ObjectRef to another Kubernetes resource in the namespace - // of the Ingress object. If resource is specified, a service.Name and - // service.Port must not be specified. - // This is a mutually exclusive setting with "Service". - // +optional - Resource *api.TypedLocalObjectReference -} - -// IngressServiceBackend references a Kubernetes Service as a Backend. -type IngressServiceBackend struct { - // Name is the referenced service. The service must exist in - // the same namespace as the Ingress object. - Name string - - // Port of the referenced service. A port name or port number - // is required for a IngressServiceBackend. - Port ServiceBackendPort -} - -// ServiceBackendPort is the service port being referenced. -type ServiceBackendPort struct { - // Name is the name of the port on the Service. - // This must be an IANA_SVC_NAME (following RFC6335). - // This is a mutually exclusive setting with "Number". - // +optional - Name string - - // Number is the numerical port number (e.g. 80) on the Service. - // This is a mutually exclusive setting with "Name". - // +optional - Number int32 -} - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterCIDR represents a single configuration for per-Node Pod CIDR -// allocations when the MultiCIDRRangeAllocator is enabled (see the config for -// kube-controller-manager). A cluster may have any number of ClusterCIDR -// resources, all of which will be considered when allocating a CIDR for a -// Node. A ClusterCIDR is eligible to be used for a given Node when the node -// selector matches the node in question and has free CIDRs to allocate. In -// case of multiple matching ClusterCIDR resources, the allocator will attempt -// to break ties using internal heuristics, but any ClusterCIDR whose node -// selector matches the Node may be used. -type ClusterCIDR struct { - metav1.TypeMeta - metav1.ObjectMeta - - Spec ClusterCIDRSpec -} - -// ClusterCIDRSpec defines the desired state of ClusterCIDR. -type ClusterCIDRSpec struct { - // NodeSelector defines which nodes the config is applicable to. - // An empty or nil NodeSelector selects all nodes. - // This field is immutable. - // +optional - NodeSelector *api.NodeSelector - - // PerNodeHostBits defines the number of host bits to be configured per node. - // A subnet mask determines how much of the address is used for network bits - // and host bits. For example an IPv4 address of 192.168.0.0/24, splits the - // address into 24 bits for the network portion and 8 bits for the host portion. - // To allocate 256 IPs, set this field to 8 (a /24 mask for IPv4 or a /120 for IPv6). - // Minimum value is 4 (16 IPs). - // This field is immutable. - // +required - PerNodeHostBits int32 - - // IPv4 defines an IPv4 IP block in CIDR notation(e.g. "10.0.0.0/8"). - // At least one of IPv4 and IPv6 must be specified. - // This field is immutable. - // +optional - IPv4 string - - // IPv6 defines an IPv6 IP block in CIDR notation(e.g. "2001:db8::/64"). - // At least one of IPv4 and IPv6 must be specified. - // This field is immutable. - // +optional - IPv6 string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterCIDRList contains a list of ClusterCIDRs. -type ClusterCIDRList struct { - metav1.TypeMeta - - // +optional - metav1.ListMeta - - // Items is the list of ClusterCIDRs. - Items []ClusterCIDR -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/defaults.go deleted file mode 100644 index b021083bfc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/defaults.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/runtime" - utilpointer "k8s.io/utils/pointer" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_NetworkPolicyPort(obj *networkingv1.NetworkPolicyPort) { - // Default any undefined Protocol fields to TCP. - if obj.Protocol == nil { - proto := v1.ProtocolTCP - obj.Protocol = &proto - } -} - -func SetDefaults_NetworkPolicy(obj *networkingv1.NetworkPolicy) { - if len(obj.Spec.PolicyTypes) == 0 { - // Any policy that does not specify policyTypes implies at least "Ingress". - obj.Spec.PolicyTypes = []networkingv1.PolicyType{networkingv1.PolicyTypeIngress} - if len(obj.Spec.Egress) != 0 { - obj.Spec.PolicyTypes = append(obj.Spec.PolicyTypes, networkingv1.PolicyTypeEgress) - } - } -} - -func SetDefaults_IngressClass(obj *networkingv1.IngressClass) { - if obj.Spec.Parameters != nil && obj.Spec.Parameters.Scope == nil { - obj.Spec.Parameters.Scope = utilpointer.StringPtr(networkingv1.IngressClassParametersReferenceScopeCluster) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/doc.go deleted file mode 100644 index 763495d338..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/networking -// +k8s:conversion-gen-external-types=k8s.io/api/networking/v1 -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/networking/v1 -// +groupName=networking.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/networking/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/register.go deleted file mode 100644 index 35a60bd8df..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - networkingv1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "networking.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &networkingv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/zz_generated.conversion.go deleted file mode 100644 index 124c4031c6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/zz_generated.conversion.go +++ /dev/null @@ -1,995 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - core "k8s.io/kubernetes/pkg/apis/core" - networking "k8s.io/kubernetes/pkg/apis/networking" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.HTTPIngressPath)(nil), (*networking.HTTPIngressPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HTTPIngressPath_To_networking_HTTPIngressPath(a.(*v1.HTTPIngressPath), b.(*networking.HTTPIngressPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.HTTPIngressPath)(nil), (*v1.HTTPIngressPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_HTTPIngressPath_To_v1_HTTPIngressPath(a.(*networking.HTTPIngressPath), b.(*v1.HTTPIngressPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.HTTPIngressRuleValue)(nil), (*networking.HTTPIngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(a.(*v1.HTTPIngressRuleValue), b.(*networking.HTTPIngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.HTTPIngressRuleValue)(nil), (*v1.HTTPIngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_HTTPIngressRuleValue_To_v1_HTTPIngressRuleValue(a.(*networking.HTTPIngressRuleValue), b.(*v1.HTTPIngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IPBlock)(nil), (*networking.IPBlock)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IPBlock_To_networking_IPBlock(a.(*v1.IPBlock), b.(*networking.IPBlock), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IPBlock)(nil), (*v1.IPBlock)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IPBlock_To_v1_IPBlock(a.(*networking.IPBlock), b.(*v1.IPBlock), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Ingress)(nil), (*networking.Ingress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Ingress_To_networking_Ingress(a.(*v1.Ingress), b.(*networking.Ingress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.Ingress)(nil), (*v1.Ingress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_Ingress_To_v1_Ingress(a.(*networking.Ingress), b.(*v1.Ingress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressBackend)(nil), (*networking.IngressBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressBackend_To_networking_IngressBackend(a.(*v1.IngressBackend), b.(*networking.IngressBackend), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressBackend)(nil), (*v1.IngressBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressBackend_To_v1_IngressBackend(a.(*networking.IngressBackend), b.(*v1.IngressBackend), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressClass)(nil), (*networking.IngressClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressClass_To_networking_IngressClass(a.(*v1.IngressClass), b.(*networking.IngressClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClass)(nil), (*v1.IngressClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClass_To_v1_IngressClass(a.(*networking.IngressClass), b.(*v1.IngressClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressClassList)(nil), (*networking.IngressClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressClassList_To_networking_IngressClassList(a.(*v1.IngressClassList), b.(*networking.IngressClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClassList)(nil), (*v1.IngressClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClassList_To_v1_IngressClassList(a.(*networking.IngressClassList), b.(*v1.IngressClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressClassParametersReference)(nil), (*networking.IngressClassParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressClassParametersReference_To_networking_IngressClassParametersReference(a.(*v1.IngressClassParametersReference), b.(*networking.IngressClassParametersReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClassParametersReference)(nil), (*v1.IngressClassParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClassParametersReference_To_v1_IngressClassParametersReference(a.(*networking.IngressClassParametersReference), b.(*v1.IngressClassParametersReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressClassSpec)(nil), (*networking.IngressClassSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressClassSpec_To_networking_IngressClassSpec(a.(*v1.IngressClassSpec), b.(*networking.IngressClassSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClassSpec)(nil), (*v1.IngressClassSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClassSpec_To_v1_IngressClassSpec(a.(*networking.IngressClassSpec), b.(*v1.IngressClassSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressList)(nil), (*networking.IngressList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressList_To_networking_IngressList(a.(*v1.IngressList), b.(*networking.IngressList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressList)(nil), (*v1.IngressList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressList_To_v1_IngressList(a.(*networking.IngressList), b.(*v1.IngressList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressLoadBalancerIngress)(nil), (*networking.IngressLoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(a.(*v1.IngressLoadBalancerIngress), b.(*networking.IngressLoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressLoadBalancerIngress)(nil), (*v1.IngressLoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressLoadBalancerIngress_To_v1_IngressLoadBalancerIngress(a.(*networking.IngressLoadBalancerIngress), b.(*v1.IngressLoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressLoadBalancerStatus)(nil), (*networking.IngressLoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(a.(*v1.IngressLoadBalancerStatus), b.(*networking.IngressLoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressLoadBalancerStatus)(nil), (*v1.IngressLoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressLoadBalancerStatus_To_v1_IngressLoadBalancerStatus(a.(*networking.IngressLoadBalancerStatus), b.(*v1.IngressLoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressPortStatus)(nil), (*networking.IngressPortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressPortStatus_To_networking_IngressPortStatus(a.(*v1.IngressPortStatus), b.(*networking.IngressPortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressPortStatus)(nil), (*v1.IngressPortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressPortStatus_To_v1_IngressPortStatus(a.(*networking.IngressPortStatus), b.(*v1.IngressPortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressRule)(nil), (*networking.IngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressRule_To_networking_IngressRule(a.(*v1.IngressRule), b.(*networking.IngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressRule)(nil), (*v1.IngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressRule_To_v1_IngressRule(a.(*networking.IngressRule), b.(*v1.IngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressRuleValue)(nil), (*networking.IngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressRuleValue_To_networking_IngressRuleValue(a.(*v1.IngressRuleValue), b.(*networking.IngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressRuleValue)(nil), (*v1.IngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressRuleValue_To_v1_IngressRuleValue(a.(*networking.IngressRuleValue), b.(*v1.IngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressServiceBackend)(nil), (*networking.IngressServiceBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressServiceBackend_To_networking_IngressServiceBackend(a.(*v1.IngressServiceBackend), b.(*networking.IngressServiceBackend), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressServiceBackend)(nil), (*v1.IngressServiceBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressServiceBackend_To_v1_IngressServiceBackend(a.(*networking.IngressServiceBackend), b.(*v1.IngressServiceBackend), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressSpec)(nil), (*networking.IngressSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressSpec_To_networking_IngressSpec(a.(*v1.IngressSpec), b.(*networking.IngressSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressSpec)(nil), (*v1.IngressSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressSpec_To_v1_IngressSpec(a.(*networking.IngressSpec), b.(*v1.IngressSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressStatus)(nil), (*networking.IngressStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressStatus_To_networking_IngressStatus(a.(*v1.IngressStatus), b.(*networking.IngressStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressStatus)(nil), (*v1.IngressStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressStatus_To_v1_IngressStatus(a.(*networking.IngressStatus), b.(*v1.IngressStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.IngressTLS)(nil), (*networking.IngressTLS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_IngressTLS_To_networking_IngressTLS(a.(*v1.IngressTLS), b.(*networking.IngressTLS), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressTLS)(nil), (*v1.IngressTLS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressTLS_To_v1_IngressTLS(a.(*networking.IngressTLS), b.(*v1.IngressTLS), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicy)(nil), (*networking.NetworkPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicy_To_networking_NetworkPolicy(a.(*v1.NetworkPolicy), b.(*networking.NetworkPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicy)(nil), (*v1.NetworkPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicy_To_v1_NetworkPolicy(a.(*networking.NetworkPolicy), b.(*v1.NetworkPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicyEgressRule)(nil), (*networking.NetworkPolicyEgressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(a.(*v1.NetworkPolicyEgressRule), b.(*networking.NetworkPolicyEgressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyEgressRule)(nil), (*v1.NetworkPolicyEgressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule(a.(*networking.NetworkPolicyEgressRule), b.(*v1.NetworkPolicyEgressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicyIngressRule)(nil), (*networking.NetworkPolicyIngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(a.(*v1.NetworkPolicyIngressRule), b.(*networking.NetworkPolicyIngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyIngressRule)(nil), (*v1.NetworkPolicyIngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(a.(*networking.NetworkPolicyIngressRule), b.(*v1.NetworkPolicyIngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicyList)(nil), (*networking.NetworkPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicyList_To_networking_NetworkPolicyList(a.(*v1.NetworkPolicyList), b.(*networking.NetworkPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyList)(nil), (*v1.NetworkPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyList_To_v1_NetworkPolicyList(a.(*networking.NetworkPolicyList), b.(*v1.NetworkPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicyPeer)(nil), (*networking.NetworkPolicyPeer)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(a.(*v1.NetworkPolicyPeer), b.(*networking.NetworkPolicyPeer), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyPeer)(nil), (*v1.NetworkPolicyPeer)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(a.(*networking.NetworkPolicyPeer), b.(*v1.NetworkPolicyPeer), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicyPort)(nil), (*networking.NetworkPolicyPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicyPort_To_networking_NetworkPolicyPort(a.(*v1.NetworkPolicyPort), b.(*networking.NetworkPolicyPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyPort)(nil), (*v1.NetworkPolicyPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyPort_To_v1_NetworkPolicyPort(a.(*networking.NetworkPolicyPort), b.(*v1.NetworkPolicyPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicySpec)(nil), (*networking.NetworkPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(a.(*v1.NetworkPolicySpec), b.(*networking.NetworkPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicySpec)(nil), (*v1.NetworkPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicySpec_To_v1_NetworkPolicySpec(a.(*networking.NetworkPolicySpec), b.(*v1.NetworkPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.NetworkPolicyStatus)(nil), (*networking.NetworkPolicyStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(a.(*v1.NetworkPolicyStatus), b.(*networking.NetworkPolicyStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.NetworkPolicyStatus)(nil), (*v1.NetworkPolicyStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_NetworkPolicyStatus_To_v1_NetworkPolicyStatus(a.(*networking.NetworkPolicyStatus), b.(*v1.NetworkPolicyStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ServiceBackendPort)(nil), (*networking.ServiceBackendPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ServiceBackendPort_To_networking_ServiceBackendPort(a.(*v1.ServiceBackendPort), b.(*networking.ServiceBackendPort), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.ServiceBackendPort)(nil), (*v1.ServiceBackendPort)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_ServiceBackendPort_To_v1_ServiceBackendPort(a.(*networking.ServiceBackendPort), b.(*v1.ServiceBackendPort), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_HTTPIngressPath_To_networking_HTTPIngressPath(in *v1.HTTPIngressPath, out *networking.HTTPIngressPath, s conversion.Scope) error { - out.Path = in.Path - out.PathType = (*networking.PathType)(unsafe.Pointer(in.PathType)) - if err := Convert_v1_IngressBackend_To_networking_IngressBackend(&in.Backend, &out.Backend, s); err != nil { - return err - } - return nil -} - -// Convert_v1_HTTPIngressPath_To_networking_HTTPIngressPath is an autogenerated conversion function. -func Convert_v1_HTTPIngressPath_To_networking_HTTPIngressPath(in *v1.HTTPIngressPath, out *networking.HTTPIngressPath, s conversion.Scope) error { - return autoConvert_v1_HTTPIngressPath_To_networking_HTTPIngressPath(in, out, s) -} - -func autoConvert_networking_HTTPIngressPath_To_v1_HTTPIngressPath(in *networking.HTTPIngressPath, out *v1.HTTPIngressPath, s conversion.Scope) error { - out.Path = in.Path - out.PathType = (*v1.PathType)(unsafe.Pointer(in.PathType)) - if err := Convert_networking_IngressBackend_To_v1_IngressBackend(&in.Backend, &out.Backend, s); err != nil { - return err - } - return nil -} - -// Convert_networking_HTTPIngressPath_To_v1_HTTPIngressPath is an autogenerated conversion function. -func Convert_networking_HTTPIngressPath_To_v1_HTTPIngressPath(in *networking.HTTPIngressPath, out *v1.HTTPIngressPath, s conversion.Scope) error { - return autoConvert_networking_HTTPIngressPath_To_v1_HTTPIngressPath(in, out, s) -} - -func autoConvert_v1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in *v1.HTTPIngressRuleValue, out *networking.HTTPIngressRuleValue, s conversion.Scope) error { - out.Paths = *(*[]networking.HTTPIngressPath)(unsafe.Pointer(&in.Paths)) - return nil -} - -// Convert_v1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue is an autogenerated conversion function. -func Convert_v1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in *v1.HTTPIngressRuleValue, out *networking.HTTPIngressRuleValue, s conversion.Scope) error { - return autoConvert_v1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in, out, s) -} - -func autoConvert_networking_HTTPIngressRuleValue_To_v1_HTTPIngressRuleValue(in *networking.HTTPIngressRuleValue, out *v1.HTTPIngressRuleValue, s conversion.Scope) error { - out.Paths = *(*[]v1.HTTPIngressPath)(unsafe.Pointer(&in.Paths)) - return nil -} - -// Convert_networking_HTTPIngressRuleValue_To_v1_HTTPIngressRuleValue is an autogenerated conversion function. -func Convert_networking_HTTPIngressRuleValue_To_v1_HTTPIngressRuleValue(in *networking.HTTPIngressRuleValue, out *v1.HTTPIngressRuleValue, s conversion.Scope) error { - return autoConvert_networking_HTTPIngressRuleValue_To_v1_HTTPIngressRuleValue(in, out, s) -} - -func autoConvert_v1_IPBlock_To_networking_IPBlock(in *v1.IPBlock, out *networking.IPBlock, s conversion.Scope) error { - out.CIDR = in.CIDR - out.Except = *(*[]string)(unsafe.Pointer(&in.Except)) - return nil -} - -// Convert_v1_IPBlock_To_networking_IPBlock is an autogenerated conversion function. -func Convert_v1_IPBlock_To_networking_IPBlock(in *v1.IPBlock, out *networking.IPBlock, s conversion.Scope) error { - return autoConvert_v1_IPBlock_To_networking_IPBlock(in, out, s) -} - -func autoConvert_networking_IPBlock_To_v1_IPBlock(in *networking.IPBlock, out *v1.IPBlock, s conversion.Scope) error { - out.CIDR = in.CIDR - out.Except = *(*[]string)(unsafe.Pointer(&in.Except)) - return nil -} - -// Convert_networking_IPBlock_To_v1_IPBlock is an autogenerated conversion function. -func Convert_networking_IPBlock_To_v1_IPBlock(in *networking.IPBlock, out *v1.IPBlock, s conversion.Scope) error { - return autoConvert_networking_IPBlock_To_v1_IPBlock(in, out, s) -} - -func autoConvert_v1_Ingress_To_networking_Ingress(in *v1.Ingress, out *networking.Ingress, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_IngressSpec_To_networking_IngressSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_IngressStatus_To_networking_IngressStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_Ingress_To_networking_Ingress is an autogenerated conversion function. -func Convert_v1_Ingress_To_networking_Ingress(in *v1.Ingress, out *networking.Ingress, s conversion.Scope) error { - return autoConvert_v1_Ingress_To_networking_Ingress(in, out, s) -} - -func autoConvert_networking_Ingress_To_v1_Ingress(in *networking.Ingress, out *v1.Ingress, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_IngressSpec_To_v1_IngressSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_networking_IngressStatus_To_v1_IngressStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_networking_Ingress_To_v1_Ingress is an autogenerated conversion function. -func Convert_networking_Ingress_To_v1_Ingress(in *networking.Ingress, out *v1.Ingress, s conversion.Scope) error { - return autoConvert_networking_Ingress_To_v1_Ingress(in, out, s) -} - -func autoConvert_v1_IngressBackend_To_networking_IngressBackend(in *v1.IngressBackend, out *networking.IngressBackend, s conversion.Scope) error { - out.Service = (*networking.IngressServiceBackend)(unsafe.Pointer(in.Service)) - out.Resource = (*core.TypedLocalObjectReference)(unsafe.Pointer(in.Resource)) - return nil -} - -// Convert_v1_IngressBackend_To_networking_IngressBackend is an autogenerated conversion function. -func Convert_v1_IngressBackend_To_networking_IngressBackend(in *v1.IngressBackend, out *networking.IngressBackend, s conversion.Scope) error { - return autoConvert_v1_IngressBackend_To_networking_IngressBackend(in, out, s) -} - -func autoConvert_networking_IngressBackend_To_v1_IngressBackend(in *networking.IngressBackend, out *v1.IngressBackend, s conversion.Scope) error { - out.Service = (*v1.IngressServiceBackend)(unsafe.Pointer(in.Service)) - out.Resource = (*corev1.TypedLocalObjectReference)(unsafe.Pointer(in.Resource)) - return nil -} - -// Convert_networking_IngressBackend_To_v1_IngressBackend is an autogenerated conversion function. -func Convert_networking_IngressBackend_To_v1_IngressBackend(in *networking.IngressBackend, out *v1.IngressBackend, s conversion.Scope) error { - return autoConvert_networking_IngressBackend_To_v1_IngressBackend(in, out, s) -} - -func autoConvert_v1_IngressClass_To_networking_IngressClass(in *v1.IngressClass, out *networking.IngressClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_IngressClassSpec_To_networking_IngressClassSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1_IngressClass_To_networking_IngressClass is an autogenerated conversion function. -func Convert_v1_IngressClass_To_networking_IngressClass(in *v1.IngressClass, out *networking.IngressClass, s conversion.Scope) error { - return autoConvert_v1_IngressClass_To_networking_IngressClass(in, out, s) -} - -func autoConvert_networking_IngressClass_To_v1_IngressClass(in *networking.IngressClass, out *v1.IngressClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_IngressClassSpec_To_v1_IngressClassSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressClass_To_v1_IngressClass is an autogenerated conversion function. -func Convert_networking_IngressClass_To_v1_IngressClass(in *networking.IngressClass, out *v1.IngressClass, s conversion.Scope) error { - return autoConvert_networking_IngressClass_To_v1_IngressClass(in, out, s) -} - -func autoConvert_v1_IngressClassList_To_networking_IngressClassList(in *v1.IngressClassList, out *networking.IngressClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]networking.IngressClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_IngressClassList_To_networking_IngressClassList is an autogenerated conversion function. -func Convert_v1_IngressClassList_To_networking_IngressClassList(in *v1.IngressClassList, out *networking.IngressClassList, s conversion.Scope) error { - return autoConvert_v1_IngressClassList_To_networking_IngressClassList(in, out, s) -} - -func autoConvert_networking_IngressClassList_To_v1_IngressClassList(in *networking.IngressClassList, out *v1.IngressClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.IngressClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_networking_IngressClassList_To_v1_IngressClassList is an autogenerated conversion function. -func Convert_networking_IngressClassList_To_v1_IngressClassList(in *networking.IngressClassList, out *v1.IngressClassList, s conversion.Scope) error { - return autoConvert_networking_IngressClassList_To_v1_IngressClassList(in, out, s) -} - -func autoConvert_v1_IngressClassParametersReference_To_networking_IngressClassParametersReference(in *v1.IngressClassParametersReference, out *networking.IngressClassParametersReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - out.Scope = (*string)(unsafe.Pointer(in.Scope)) - out.Namespace = (*string)(unsafe.Pointer(in.Namespace)) - return nil -} - -// Convert_v1_IngressClassParametersReference_To_networking_IngressClassParametersReference is an autogenerated conversion function. -func Convert_v1_IngressClassParametersReference_To_networking_IngressClassParametersReference(in *v1.IngressClassParametersReference, out *networking.IngressClassParametersReference, s conversion.Scope) error { - return autoConvert_v1_IngressClassParametersReference_To_networking_IngressClassParametersReference(in, out, s) -} - -func autoConvert_networking_IngressClassParametersReference_To_v1_IngressClassParametersReference(in *networking.IngressClassParametersReference, out *v1.IngressClassParametersReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - out.Scope = (*string)(unsafe.Pointer(in.Scope)) - out.Namespace = (*string)(unsafe.Pointer(in.Namespace)) - return nil -} - -// Convert_networking_IngressClassParametersReference_To_v1_IngressClassParametersReference is an autogenerated conversion function. -func Convert_networking_IngressClassParametersReference_To_v1_IngressClassParametersReference(in *networking.IngressClassParametersReference, out *v1.IngressClassParametersReference, s conversion.Scope) error { - return autoConvert_networking_IngressClassParametersReference_To_v1_IngressClassParametersReference(in, out, s) -} - -func autoConvert_v1_IngressClassSpec_To_networking_IngressClassSpec(in *v1.IngressClassSpec, out *networking.IngressClassSpec, s conversion.Scope) error { - out.Controller = in.Controller - out.Parameters = (*networking.IngressClassParametersReference)(unsafe.Pointer(in.Parameters)) - return nil -} - -// Convert_v1_IngressClassSpec_To_networking_IngressClassSpec is an autogenerated conversion function. -func Convert_v1_IngressClassSpec_To_networking_IngressClassSpec(in *v1.IngressClassSpec, out *networking.IngressClassSpec, s conversion.Scope) error { - return autoConvert_v1_IngressClassSpec_To_networking_IngressClassSpec(in, out, s) -} - -func autoConvert_networking_IngressClassSpec_To_v1_IngressClassSpec(in *networking.IngressClassSpec, out *v1.IngressClassSpec, s conversion.Scope) error { - out.Controller = in.Controller - out.Parameters = (*v1.IngressClassParametersReference)(unsafe.Pointer(in.Parameters)) - return nil -} - -// Convert_networking_IngressClassSpec_To_v1_IngressClassSpec is an autogenerated conversion function. -func Convert_networking_IngressClassSpec_To_v1_IngressClassSpec(in *networking.IngressClassSpec, out *v1.IngressClassSpec, s conversion.Scope) error { - return autoConvert_networking_IngressClassSpec_To_v1_IngressClassSpec(in, out, s) -} - -func autoConvert_v1_IngressList_To_networking_IngressList(in *v1.IngressList, out *networking.IngressList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]networking.Ingress)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_IngressList_To_networking_IngressList is an autogenerated conversion function. -func Convert_v1_IngressList_To_networking_IngressList(in *v1.IngressList, out *networking.IngressList, s conversion.Scope) error { - return autoConvert_v1_IngressList_To_networking_IngressList(in, out, s) -} - -func autoConvert_networking_IngressList_To_v1_IngressList(in *networking.IngressList, out *v1.IngressList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.Ingress)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_networking_IngressList_To_v1_IngressList is an autogenerated conversion function. -func Convert_networking_IngressList_To_v1_IngressList(in *networking.IngressList, out *v1.IngressList, s conversion.Scope) error { - return autoConvert_networking_IngressList_To_v1_IngressList(in, out, s) -} - -func autoConvert_v1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in *v1.IngressLoadBalancerIngress, out *networking.IngressLoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]networking.IngressPortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress is an autogenerated conversion function. -func Convert_v1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in *v1.IngressLoadBalancerIngress, out *networking.IngressLoadBalancerIngress, s conversion.Scope) error { - return autoConvert_v1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in, out, s) -} - -func autoConvert_networking_IngressLoadBalancerIngress_To_v1_IngressLoadBalancerIngress(in *networking.IngressLoadBalancerIngress, out *v1.IngressLoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]v1.IngressPortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_networking_IngressLoadBalancerIngress_To_v1_IngressLoadBalancerIngress is an autogenerated conversion function. -func Convert_networking_IngressLoadBalancerIngress_To_v1_IngressLoadBalancerIngress(in *networking.IngressLoadBalancerIngress, out *v1.IngressLoadBalancerIngress, s conversion.Scope) error { - return autoConvert_networking_IngressLoadBalancerIngress_To_v1_IngressLoadBalancerIngress(in, out, s) -} - -func autoConvert_v1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in *v1.IngressLoadBalancerStatus, out *networking.IngressLoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]networking.IngressLoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_v1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus is an autogenerated conversion function. -func Convert_v1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in *v1.IngressLoadBalancerStatus, out *networking.IngressLoadBalancerStatus, s conversion.Scope) error { - return autoConvert_v1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in, out, s) -} - -func autoConvert_networking_IngressLoadBalancerStatus_To_v1_IngressLoadBalancerStatus(in *networking.IngressLoadBalancerStatus, out *v1.IngressLoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]v1.IngressLoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_networking_IngressLoadBalancerStatus_To_v1_IngressLoadBalancerStatus is an autogenerated conversion function. -func Convert_networking_IngressLoadBalancerStatus_To_v1_IngressLoadBalancerStatus(in *networking.IngressLoadBalancerStatus, out *v1.IngressLoadBalancerStatus, s conversion.Scope) error { - return autoConvert_networking_IngressLoadBalancerStatus_To_v1_IngressLoadBalancerStatus(in, out, s) -} - -func autoConvert_v1_IngressPortStatus_To_networking_IngressPortStatus(in *v1.IngressPortStatus, out *networking.IngressPortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = core.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_v1_IngressPortStatus_To_networking_IngressPortStatus is an autogenerated conversion function. -func Convert_v1_IngressPortStatus_To_networking_IngressPortStatus(in *v1.IngressPortStatus, out *networking.IngressPortStatus, s conversion.Scope) error { - return autoConvert_v1_IngressPortStatus_To_networking_IngressPortStatus(in, out, s) -} - -func autoConvert_networking_IngressPortStatus_To_v1_IngressPortStatus(in *networking.IngressPortStatus, out *v1.IngressPortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = corev1.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_networking_IngressPortStatus_To_v1_IngressPortStatus is an autogenerated conversion function. -func Convert_networking_IngressPortStatus_To_v1_IngressPortStatus(in *networking.IngressPortStatus, out *v1.IngressPortStatus, s conversion.Scope) error { - return autoConvert_networking_IngressPortStatus_To_v1_IngressPortStatus(in, out, s) -} - -func autoConvert_v1_IngressRule_To_networking_IngressRule(in *v1.IngressRule, out *networking.IngressRule, s conversion.Scope) error { - out.Host = in.Host - if err := Convert_v1_IngressRuleValue_To_networking_IngressRuleValue(&in.IngressRuleValue, &out.IngressRuleValue, s); err != nil { - return err - } - return nil -} - -// Convert_v1_IngressRule_To_networking_IngressRule is an autogenerated conversion function. -func Convert_v1_IngressRule_To_networking_IngressRule(in *v1.IngressRule, out *networking.IngressRule, s conversion.Scope) error { - return autoConvert_v1_IngressRule_To_networking_IngressRule(in, out, s) -} - -func autoConvert_networking_IngressRule_To_v1_IngressRule(in *networking.IngressRule, out *v1.IngressRule, s conversion.Scope) error { - out.Host = in.Host - if err := Convert_networking_IngressRuleValue_To_v1_IngressRuleValue(&in.IngressRuleValue, &out.IngressRuleValue, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressRule_To_v1_IngressRule is an autogenerated conversion function. -func Convert_networking_IngressRule_To_v1_IngressRule(in *networking.IngressRule, out *v1.IngressRule, s conversion.Scope) error { - return autoConvert_networking_IngressRule_To_v1_IngressRule(in, out, s) -} - -func autoConvert_v1_IngressRuleValue_To_networking_IngressRuleValue(in *v1.IngressRuleValue, out *networking.IngressRuleValue, s conversion.Scope) error { - out.HTTP = (*networking.HTTPIngressRuleValue)(unsafe.Pointer(in.HTTP)) - return nil -} - -// Convert_v1_IngressRuleValue_To_networking_IngressRuleValue is an autogenerated conversion function. -func Convert_v1_IngressRuleValue_To_networking_IngressRuleValue(in *v1.IngressRuleValue, out *networking.IngressRuleValue, s conversion.Scope) error { - return autoConvert_v1_IngressRuleValue_To_networking_IngressRuleValue(in, out, s) -} - -func autoConvert_networking_IngressRuleValue_To_v1_IngressRuleValue(in *networking.IngressRuleValue, out *v1.IngressRuleValue, s conversion.Scope) error { - out.HTTP = (*v1.HTTPIngressRuleValue)(unsafe.Pointer(in.HTTP)) - return nil -} - -// Convert_networking_IngressRuleValue_To_v1_IngressRuleValue is an autogenerated conversion function. -func Convert_networking_IngressRuleValue_To_v1_IngressRuleValue(in *networking.IngressRuleValue, out *v1.IngressRuleValue, s conversion.Scope) error { - return autoConvert_networking_IngressRuleValue_To_v1_IngressRuleValue(in, out, s) -} - -func autoConvert_v1_IngressServiceBackend_To_networking_IngressServiceBackend(in *v1.IngressServiceBackend, out *networking.IngressServiceBackend, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_v1_ServiceBackendPort_To_networking_ServiceBackendPort(&in.Port, &out.Port, s); err != nil { - return err - } - return nil -} - -// Convert_v1_IngressServiceBackend_To_networking_IngressServiceBackend is an autogenerated conversion function. -func Convert_v1_IngressServiceBackend_To_networking_IngressServiceBackend(in *v1.IngressServiceBackend, out *networking.IngressServiceBackend, s conversion.Scope) error { - return autoConvert_v1_IngressServiceBackend_To_networking_IngressServiceBackend(in, out, s) -} - -func autoConvert_networking_IngressServiceBackend_To_v1_IngressServiceBackend(in *networking.IngressServiceBackend, out *v1.IngressServiceBackend, s conversion.Scope) error { - out.Name = in.Name - if err := Convert_networking_ServiceBackendPort_To_v1_ServiceBackendPort(&in.Port, &out.Port, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressServiceBackend_To_v1_IngressServiceBackend is an autogenerated conversion function. -func Convert_networking_IngressServiceBackend_To_v1_IngressServiceBackend(in *networking.IngressServiceBackend, out *v1.IngressServiceBackend, s conversion.Scope) error { - return autoConvert_networking_IngressServiceBackend_To_v1_IngressServiceBackend(in, out, s) -} - -func autoConvert_v1_IngressSpec_To_networking_IngressSpec(in *v1.IngressSpec, out *networking.IngressSpec, s conversion.Scope) error { - out.IngressClassName = (*string)(unsafe.Pointer(in.IngressClassName)) - out.DefaultBackend = (*networking.IngressBackend)(unsafe.Pointer(in.DefaultBackend)) - out.TLS = *(*[]networking.IngressTLS)(unsafe.Pointer(&in.TLS)) - out.Rules = *(*[]networking.IngressRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1_IngressSpec_To_networking_IngressSpec is an autogenerated conversion function. -func Convert_v1_IngressSpec_To_networking_IngressSpec(in *v1.IngressSpec, out *networking.IngressSpec, s conversion.Scope) error { - return autoConvert_v1_IngressSpec_To_networking_IngressSpec(in, out, s) -} - -func autoConvert_networking_IngressSpec_To_v1_IngressSpec(in *networking.IngressSpec, out *v1.IngressSpec, s conversion.Scope) error { - out.IngressClassName = (*string)(unsafe.Pointer(in.IngressClassName)) - out.DefaultBackend = (*v1.IngressBackend)(unsafe.Pointer(in.DefaultBackend)) - out.TLS = *(*[]v1.IngressTLS)(unsafe.Pointer(&in.TLS)) - out.Rules = *(*[]v1.IngressRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_networking_IngressSpec_To_v1_IngressSpec is an autogenerated conversion function. -func Convert_networking_IngressSpec_To_v1_IngressSpec(in *networking.IngressSpec, out *v1.IngressSpec, s conversion.Scope) error { - return autoConvert_networking_IngressSpec_To_v1_IngressSpec(in, out, s) -} - -func autoConvert_v1_IngressStatus_To_networking_IngressStatus(in *v1.IngressStatus, out *networking.IngressStatus, s conversion.Scope) error { - if err := Convert_v1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - return nil -} - -// Convert_v1_IngressStatus_To_networking_IngressStatus is an autogenerated conversion function. -func Convert_v1_IngressStatus_To_networking_IngressStatus(in *v1.IngressStatus, out *networking.IngressStatus, s conversion.Scope) error { - return autoConvert_v1_IngressStatus_To_networking_IngressStatus(in, out, s) -} - -func autoConvert_networking_IngressStatus_To_v1_IngressStatus(in *networking.IngressStatus, out *v1.IngressStatus, s conversion.Scope) error { - if err := Convert_networking_IngressLoadBalancerStatus_To_v1_IngressLoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressStatus_To_v1_IngressStatus is an autogenerated conversion function. -func Convert_networking_IngressStatus_To_v1_IngressStatus(in *networking.IngressStatus, out *v1.IngressStatus, s conversion.Scope) error { - return autoConvert_networking_IngressStatus_To_v1_IngressStatus(in, out, s) -} - -func autoConvert_v1_IngressTLS_To_networking_IngressTLS(in *v1.IngressTLS, out *networking.IngressTLS, s conversion.Scope) error { - out.Hosts = *(*[]string)(unsafe.Pointer(&in.Hosts)) - out.SecretName = in.SecretName - return nil -} - -// Convert_v1_IngressTLS_To_networking_IngressTLS is an autogenerated conversion function. -func Convert_v1_IngressTLS_To_networking_IngressTLS(in *v1.IngressTLS, out *networking.IngressTLS, s conversion.Scope) error { - return autoConvert_v1_IngressTLS_To_networking_IngressTLS(in, out, s) -} - -func autoConvert_networking_IngressTLS_To_v1_IngressTLS(in *networking.IngressTLS, out *v1.IngressTLS, s conversion.Scope) error { - out.Hosts = *(*[]string)(unsafe.Pointer(&in.Hosts)) - out.SecretName = in.SecretName - return nil -} - -// Convert_networking_IngressTLS_To_v1_IngressTLS is an autogenerated conversion function. -func Convert_networking_IngressTLS_To_v1_IngressTLS(in *networking.IngressTLS, out *v1.IngressTLS, s conversion.Scope) error { - return autoConvert_networking_IngressTLS_To_v1_IngressTLS(in, out, s) -} - -func autoConvert_v1_NetworkPolicy_To_networking_NetworkPolicy(in *v1.NetworkPolicy, out *networking.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_NetworkPolicy_To_networking_NetworkPolicy is an autogenerated conversion function. -func Convert_v1_NetworkPolicy_To_networking_NetworkPolicy(in *v1.NetworkPolicy, out *networking.NetworkPolicy, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicy_To_networking_NetworkPolicy(in, out, s) -} - -func autoConvert_networking_NetworkPolicy_To_v1_NetworkPolicy(in *networking.NetworkPolicy, out *v1.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_NetworkPolicySpec_To_v1_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_networking_NetworkPolicyStatus_To_v1_NetworkPolicyStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_networking_NetworkPolicy_To_v1_NetworkPolicy is an autogenerated conversion function. -func Convert_networking_NetworkPolicy_To_v1_NetworkPolicy(in *networking.NetworkPolicy, out *v1.NetworkPolicy, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicy_To_v1_NetworkPolicy(in, out, s) -} - -func autoConvert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in *v1.NetworkPolicyEgressRule, out *networking.NetworkPolicyEgressRule, s conversion.Scope) error { - out.Ports = *(*[]networking.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - out.To = *(*[]networking.NetworkPolicyPeer)(unsafe.Pointer(&in.To)) - return nil -} - -// Convert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule is an autogenerated conversion function. -func Convert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in *v1.NetworkPolicyEgressRule, out *networking.NetworkPolicyEgressRule, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicyEgressRule_To_networking_NetworkPolicyEgressRule(in, out, s) -} - -func autoConvert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule(in *networking.NetworkPolicyEgressRule, out *v1.NetworkPolicyEgressRule, s conversion.Scope) error { - out.Ports = *(*[]v1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - out.To = *(*[]v1.NetworkPolicyPeer)(unsafe.Pointer(&in.To)) - return nil -} - -// Convert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule is an autogenerated conversion function. -func Convert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule(in *networking.NetworkPolicyEgressRule, out *v1.NetworkPolicyEgressRule, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyEgressRule_To_v1_NetworkPolicyEgressRule(in, out, s) -} - -func autoConvert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(in *v1.NetworkPolicyIngressRule, out *networking.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = *(*[]networking.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - out.From = *(*[]networking.NetworkPolicyPeer)(unsafe.Pointer(&in.From)) - return nil -} - -// Convert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule is an autogenerated conversion function. -func Convert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(in *v1.NetworkPolicyIngressRule, out *networking.NetworkPolicyIngressRule, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule(in, out, s) -} - -func autoConvert_networking_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(in *networking.NetworkPolicyIngressRule, out *v1.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = *(*[]v1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - out.From = *(*[]v1.NetworkPolicyPeer)(unsafe.Pointer(&in.From)) - return nil -} - -// Convert_networking_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule is an autogenerated conversion function. -func Convert_networking_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(in *networking.NetworkPolicyIngressRule, out *v1.NetworkPolicyIngressRule, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(in, out, s) -} - -func autoConvert_v1_NetworkPolicyList_To_networking_NetworkPolicyList(in *v1.NetworkPolicyList, out *networking.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]networking.NetworkPolicy)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_NetworkPolicyList_To_networking_NetworkPolicyList is an autogenerated conversion function. -func Convert_v1_NetworkPolicyList_To_networking_NetworkPolicyList(in *v1.NetworkPolicyList, out *networking.NetworkPolicyList, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicyList_To_networking_NetworkPolicyList(in, out, s) -} - -func autoConvert_networking_NetworkPolicyList_To_v1_NetworkPolicyList(in *networking.NetworkPolicyList, out *v1.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.NetworkPolicy)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_networking_NetworkPolicyList_To_v1_NetworkPolicyList is an autogenerated conversion function. -func Convert_networking_NetworkPolicyList_To_v1_NetworkPolicyList(in *networking.NetworkPolicyList, out *v1.NetworkPolicyList, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyList_To_v1_NetworkPolicyList(in, out, s) -} - -func autoConvert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error { - out.PodSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.PodSelector)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.IPBlock = (*networking.IPBlock)(unsafe.Pointer(in.IPBlock)) - return nil -} - -// Convert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer is an autogenerated conversion function. -func Convert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in, out, s) -} - -func autoConvert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *networking.NetworkPolicyPeer, out *v1.NetworkPolicyPeer, s conversion.Scope) error { - out.PodSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.PodSelector)) - out.NamespaceSelector = (*metav1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - out.IPBlock = (*v1.IPBlock)(unsafe.Pointer(in.IPBlock)) - return nil -} - -// Convert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer is an autogenerated conversion function. -func Convert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *networking.NetworkPolicyPeer, out *v1.NetworkPolicyPeer, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in, out, s) -} - -func autoConvert_v1_NetworkPolicyPort_To_networking_NetworkPolicyPort(in *v1.NetworkPolicyPort, out *networking.NetworkPolicyPort, s conversion.Scope) error { - out.Protocol = (*core.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*intstr.IntOrString)(unsafe.Pointer(in.Port)) - out.EndPort = (*int32)(unsafe.Pointer(in.EndPort)) - return nil -} - -// Convert_v1_NetworkPolicyPort_To_networking_NetworkPolicyPort is an autogenerated conversion function. -func Convert_v1_NetworkPolicyPort_To_networking_NetworkPolicyPort(in *v1.NetworkPolicyPort, out *networking.NetworkPolicyPort, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicyPort_To_networking_NetworkPolicyPort(in, out, s) -} - -func autoConvert_networking_NetworkPolicyPort_To_v1_NetworkPolicyPort(in *networking.NetworkPolicyPort, out *v1.NetworkPolicyPort, s conversion.Scope) error { - out.Protocol = (*corev1.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*intstr.IntOrString)(unsafe.Pointer(in.Port)) - out.EndPort = (*int32)(unsafe.Pointer(in.EndPort)) - return nil -} - -// Convert_networking_NetworkPolicyPort_To_v1_NetworkPolicyPort is an autogenerated conversion function. -func Convert_networking_NetworkPolicyPort_To_v1_NetworkPolicyPort(in *networking.NetworkPolicyPort, out *v1.NetworkPolicyPort, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyPort_To_v1_NetworkPolicyPort(in, out, s) -} - -func autoConvert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in *v1.NetworkPolicySpec, out *networking.NetworkPolicySpec, s conversion.Scope) error { - out.PodSelector = in.PodSelector - out.Ingress = *(*[]networking.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress)) - out.Egress = *(*[]networking.NetworkPolicyEgressRule)(unsafe.Pointer(&in.Egress)) - out.PolicyTypes = *(*[]networking.PolicyType)(unsafe.Pointer(&in.PolicyTypes)) - return nil -} - -// Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec is an autogenerated conversion function. -func Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in *v1.NetworkPolicySpec, out *networking.NetworkPolicySpec, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(in, out, s) -} - -func autoConvert_networking_NetworkPolicySpec_To_v1_NetworkPolicySpec(in *networking.NetworkPolicySpec, out *v1.NetworkPolicySpec, s conversion.Scope) error { - out.PodSelector = in.PodSelector - out.Ingress = *(*[]v1.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress)) - out.Egress = *(*[]v1.NetworkPolicyEgressRule)(unsafe.Pointer(&in.Egress)) - out.PolicyTypes = *(*[]v1.PolicyType)(unsafe.Pointer(&in.PolicyTypes)) - return nil -} - -// Convert_networking_NetworkPolicySpec_To_v1_NetworkPolicySpec is an autogenerated conversion function. -func Convert_networking_NetworkPolicySpec_To_v1_NetworkPolicySpec(in *networking.NetworkPolicySpec, out *v1.NetworkPolicySpec, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicySpec_To_v1_NetworkPolicySpec(in, out, s) -} - -func autoConvert_v1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(in *v1.NetworkPolicyStatus, out *networking.NetworkPolicyStatus, s conversion.Scope) error { - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus is an autogenerated conversion function. -func Convert_v1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(in *v1.NetworkPolicyStatus, out *networking.NetworkPolicyStatus, s conversion.Scope) error { - return autoConvert_v1_NetworkPolicyStatus_To_networking_NetworkPolicyStatus(in, out, s) -} - -func autoConvert_networking_NetworkPolicyStatus_To_v1_NetworkPolicyStatus(in *networking.NetworkPolicyStatus, out *v1.NetworkPolicyStatus, s conversion.Scope) error { - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_networking_NetworkPolicyStatus_To_v1_NetworkPolicyStatus is an autogenerated conversion function. -func Convert_networking_NetworkPolicyStatus_To_v1_NetworkPolicyStatus(in *networking.NetworkPolicyStatus, out *v1.NetworkPolicyStatus, s conversion.Scope) error { - return autoConvert_networking_NetworkPolicyStatus_To_v1_NetworkPolicyStatus(in, out, s) -} - -func autoConvert_v1_ServiceBackendPort_To_networking_ServiceBackendPort(in *v1.ServiceBackendPort, out *networking.ServiceBackendPort, s conversion.Scope) error { - out.Name = in.Name - out.Number = in.Number - return nil -} - -// Convert_v1_ServiceBackendPort_To_networking_ServiceBackendPort is an autogenerated conversion function. -func Convert_v1_ServiceBackendPort_To_networking_ServiceBackendPort(in *v1.ServiceBackendPort, out *networking.ServiceBackendPort, s conversion.Scope) error { - return autoConvert_v1_ServiceBackendPort_To_networking_ServiceBackendPort(in, out, s) -} - -func autoConvert_networking_ServiceBackendPort_To_v1_ServiceBackendPort(in *networking.ServiceBackendPort, out *v1.ServiceBackendPort, s conversion.Scope) error { - out.Name = in.Name - out.Number = in.Number - return nil -} - -// Convert_networking_ServiceBackendPort_To_v1_ServiceBackendPort is an autogenerated conversion function. -func Convert_networking_ServiceBackendPort_To_v1_ServiceBackendPort(in *networking.ServiceBackendPort, out *v1.ServiceBackendPort, s conversion.Scope) error { - return autoConvert_networking_ServiceBackendPort_To_v1_ServiceBackendPort(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/zz_generated.defaults.go deleted file mode 100644 index d5f1290eb3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1/zz_generated.defaults.go +++ /dev/null @@ -1,74 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/networking/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.IngressClass{}, func(obj interface{}) { SetObjectDefaults_IngressClass(obj.(*v1.IngressClass)) }) - scheme.AddTypeDefaultingFunc(&v1.IngressClassList{}, func(obj interface{}) { SetObjectDefaults_IngressClassList(obj.(*v1.IngressClassList)) }) - scheme.AddTypeDefaultingFunc(&v1.NetworkPolicy{}, func(obj interface{}) { SetObjectDefaults_NetworkPolicy(obj.(*v1.NetworkPolicy)) }) - scheme.AddTypeDefaultingFunc(&v1.NetworkPolicyList{}, func(obj interface{}) { SetObjectDefaults_NetworkPolicyList(obj.(*v1.NetworkPolicyList)) }) - return nil -} - -func SetObjectDefaults_IngressClass(in *v1.IngressClass) { - SetDefaults_IngressClass(in) -} - -func SetObjectDefaults_IngressClassList(in *v1.IngressClassList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_IngressClass(a) - } -} - -func SetObjectDefaults_NetworkPolicy(in *v1.NetworkPolicy) { - SetDefaults_NetworkPolicy(in) - for i := range in.Spec.Ingress { - a := &in.Spec.Ingress[i] - for j := range a.Ports { - b := &a.Ports[j] - SetDefaults_NetworkPolicyPort(b) - } - } - for i := range in.Spec.Egress { - a := &in.Spec.Egress[i] - for j := range a.Ports { - b := &a.Ports[j] - SetDefaults_NetworkPolicyPort(b) - } - } -} - -func SetObjectDefaults_NetworkPolicyList(in *v1.NetworkPolicyList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_NetworkPolicy(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/defaults.go deleted file mode 100644 index c0de82c4bb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/doc.go deleted file mode 100644 index 8f7931ecef..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/networking -// +k8s:conversion-gen-external-types=k8s.io/api/networking/v1alpha1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/networking/v1alpha1 -// +groupName=networking.k8s.io - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/networking/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/register.go deleted file mode 100644 index 729909ba9a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - networkingv1alpha1 "k8s.io/api/networking/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package. -const GroupName = "networking.k8s.io" - -// SchemeGroupVersion is group version used to register these objects. -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource. -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &networkingv1alpha1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 01a5d2d1e8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,147 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1alpha1 "k8s.io/api/networking/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - networking "k8s.io/kubernetes/pkg/apis/networking" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.ClusterCIDR)(nil), (*networking.ClusterCIDR)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ClusterCIDR_To_networking_ClusterCIDR(a.(*v1alpha1.ClusterCIDR), b.(*networking.ClusterCIDR), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.ClusterCIDR)(nil), (*v1alpha1.ClusterCIDR)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_ClusterCIDR_To_v1alpha1_ClusterCIDR(a.(*networking.ClusterCIDR), b.(*v1alpha1.ClusterCIDR), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ClusterCIDRList)(nil), (*networking.ClusterCIDRList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ClusterCIDRList_To_networking_ClusterCIDRList(a.(*v1alpha1.ClusterCIDRList), b.(*networking.ClusterCIDRList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.ClusterCIDRList)(nil), (*v1alpha1.ClusterCIDRList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_ClusterCIDRList_To_v1alpha1_ClusterCIDRList(a.(*networking.ClusterCIDRList), b.(*v1alpha1.ClusterCIDRList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ClusterCIDRSpec)(nil), (*networking.ClusterCIDRSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ClusterCIDRSpec_To_networking_ClusterCIDRSpec(a.(*v1alpha1.ClusterCIDRSpec), b.(*networking.ClusterCIDRSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.ClusterCIDRSpec)(nil), (*v1alpha1.ClusterCIDRSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_ClusterCIDRSpec_To_v1alpha1_ClusterCIDRSpec(a.(*networking.ClusterCIDRSpec), b.(*v1alpha1.ClusterCIDRSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_ClusterCIDR_To_networking_ClusterCIDR(in *v1alpha1.ClusterCIDR, out *networking.ClusterCIDR, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_ClusterCIDRSpec_To_networking_ClusterCIDRSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ClusterCIDR_To_networking_ClusterCIDR is an autogenerated conversion function. -func Convert_v1alpha1_ClusterCIDR_To_networking_ClusterCIDR(in *v1alpha1.ClusterCIDR, out *networking.ClusterCIDR, s conversion.Scope) error { - return autoConvert_v1alpha1_ClusterCIDR_To_networking_ClusterCIDR(in, out, s) -} - -func autoConvert_networking_ClusterCIDR_To_v1alpha1_ClusterCIDR(in *networking.ClusterCIDR, out *v1alpha1.ClusterCIDR, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_ClusterCIDRSpec_To_v1alpha1_ClusterCIDRSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_networking_ClusterCIDR_To_v1alpha1_ClusterCIDR is an autogenerated conversion function. -func Convert_networking_ClusterCIDR_To_v1alpha1_ClusterCIDR(in *networking.ClusterCIDR, out *v1alpha1.ClusterCIDR, s conversion.Scope) error { - return autoConvert_networking_ClusterCIDR_To_v1alpha1_ClusterCIDR(in, out, s) -} - -func autoConvert_v1alpha1_ClusterCIDRList_To_networking_ClusterCIDRList(in *v1alpha1.ClusterCIDRList, out *networking.ClusterCIDRList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]networking.ClusterCIDR)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_ClusterCIDRList_To_networking_ClusterCIDRList is an autogenerated conversion function. -func Convert_v1alpha1_ClusterCIDRList_To_networking_ClusterCIDRList(in *v1alpha1.ClusterCIDRList, out *networking.ClusterCIDRList, s conversion.Scope) error { - return autoConvert_v1alpha1_ClusterCIDRList_To_networking_ClusterCIDRList(in, out, s) -} - -func autoConvert_networking_ClusterCIDRList_To_v1alpha1_ClusterCIDRList(in *networking.ClusterCIDRList, out *v1alpha1.ClusterCIDRList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.ClusterCIDR)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_networking_ClusterCIDRList_To_v1alpha1_ClusterCIDRList is an autogenerated conversion function. -func Convert_networking_ClusterCIDRList_To_v1alpha1_ClusterCIDRList(in *networking.ClusterCIDRList, out *v1alpha1.ClusterCIDRList, s conversion.Scope) error { - return autoConvert_networking_ClusterCIDRList_To_v1alpha1_ClusterCIDRList(in, out, s) -} - -func autoConvert_v1alpha1_ClusterCIDRSpec_To_networking_ClusterCIDRSpec(in *v1alpha1.ClusterCIDRSpec, out *networking.ClusterCIDRSpec, s conversion.Scope) error { - out.NodeSelector = (*core.NodeSelector)(unsafe.Pointer(in.NodeSelector)) - out.PerNodeHostBits = in.PerNodeHostBits - out.IPv4 = in.IPv4 - out.IPv6 = in.IPv6 - return nil -} - -// Convert_v1alpha1_ClusterCIDRSpec_To_networking_ClusterCIDRSpec is an autogenerated conversion function. -func Convert_v1alpha1_ClusterCIDRSpec_To_networking_ClusterCIDRSpec(in *v1alpha1.ClusterCIDRSpec, out *networking.ClusterCIDRSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ClusterCIDRSpec_To_networking_ClusterCIDRSpec(in, out, s) -} - -func autoConvert_networking_ClusterCIDRSpec_To_v1alpha1_ClusterCIDRSpec(in *networking.ClusterCIDRSpec, out *v1alpha1.ClusterCIDRSpec, s conversion.Scope) error { - out.NodeSelector = (*v1.NodeSelector)(unsafe.Pointer(in.NodeSelector)) - out.PerNodeHostBits = in.PerNodeHostBits - out.IPv4 = in.IPv4 - out.IPv6 = in.IPv6 - return nil -} - -// Convert_networking_ClusterCIDRSpec_To_v1alpha1_ClusterCIDRSpec is an autogenerated conversion function. -func Convert_networking_ClusterCIDRSpec_To_v1alpha1_ClusterCIDRSpec(in *networking.ClusterCIDRSpec, out *v1alpha1.ClusterCIDRSpec, s conversion.Scope) error { - return autoConvert_networking_ClusterCIDRSpec_To_v1alpha1_ClusterCIDRSpec(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/conversion.go deleted file mode 100644 index 5f4553cfe0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/conversion.go +++ /dev/null @@ -1,77 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/networking/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/util/intstr" - networking "k8s.io/kubernetes/pkg/apis/networking" -) - -func Convert_v1beta1_IngressBackend_To_networking_IngressBackend(in *v1beta1.IngressBackend, out *networking.IngressBackend, s conversion.Scope) error { - if err := autoConvert_v1beta1_IngressBackend_To_networking_IngressBackend(in, out, s); err != nil { - return err - } - if len(in.ServiceName) > 0 || in.ServicePort.IntVal != 0 || in.ServicePort.StrVal != "" || in.ServicePort.Type == intstr.String { - out.Service = &networking.IngressServiceBackend{} - out.Service.Name = in.ServiceName - out.Service.Port.Name = in.ServicePort.StrVal - out.Service.Port.Number = in.ServicePort.IntVal - } - return nil -} - -func Convert_networking_IngressBackend_To_v1beta1_IngressBackend(in *networking.IngressBackend, out *v1beta1.IngressBackend, s conversion.Scope) error { - if err := autoConvert_networking_IngressBackend_To_v1beta1_IngressBackend(in, out, s); err != nil { - return err - } - if in.Service != nil { - out.ServiceName = in.Service.Name - if len(in.Service.Port.Name) > 0 { - out.ServicePort = intstr.FromString(in.Service.Port.Name) - } else { - out.ServicePort = intstr.FromInt(int(in.Service.Port.Number)) - } - } - return nil -} -func Convert_v1beta1_IngressSpec_To_networking_IngressSpec(in *v1beta1.IngressSpec, out *networking.IngressSpec, s conversion.Scope) error { - if err := autoConvert_v1beta1_IngressSpec_To_networking_IngressSpec(in, out, s); err != nil { - return err - } - if in.Backend != nil { - out.DefaultBackend = &networking.IngressBackend{} - if err := Convert_v1beta1_IngressBackend_To_networking_IngressBackend(in.Backend, out.DefaultBackend, s); err != nil { - return err - } - } - return nil -} - -func Convert_networking_IngressSpec_To_v1beta1_IngressSpec(in *networking.IngressSpec, out *v1beta1.IngressSpec, s conversion.Scope) error { - if err := autoConvert_networking_IngressSpec_To_v1beta1_IngressSpec(in, out, s); err != nil { - return err - } - if in.DefaultBackend != nil { - out.Backend = &v1beta1.IngressBackend{} - if err := Convert_networking_IngressBackend_To_v1beta1_IngressBackend(in.DefaultBackend, out.Backend, s); err != nil { - return err - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/defaults.go deleted file mode 100644 index 0b7b3acff0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - networkingv1beta1 "k8s.io/api/networking/v1beta1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_HTTPIngressPath(obj *networkingv1beta1.HTTPIngressPath) { - var defaultPathType = networkingv1beta1.PathTypeImplementationSpecific - if obj.PathType == nil { - obj.PathType = &defaultPathType - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/doc.go deleted file mode 100644 index 72ad2ef46f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/networking -// +k8s:conversion-gen-external-types=k8s.io/api/networking/v1beta1 -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/networking/v1beta1 -// +groupName=networking.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/networking/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/register.go deleted file mode 100644 index 24f55f4ca2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/register.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - networkingv1beta1 "k8s.io/api/networking/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "networking.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &networkingv1beta1.SchemeBuilder - - // AddToScheme adds the types of this group into the given scheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/zz_generated.conversion.go deleted file mode 100644 index b5a1a7cb4c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,678 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/networking/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - networking "k8s.io/kubernetes/pkg/apis/networking" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.HTTPIngressPath)(nil), (*networking.HTTPIngressPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(a.(*v1beta1.HTTPIngressPath), b.(*networking.HTTPIngressPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.HTTPIngressPath)(nil), (*v1beta1.HTTPIngressPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(a.(*networking.HTTPIngressPath), b.(*v1beta1.HTTPIngressPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.HTTPIngressRuleValue)(nil), (*networking.HTTPIngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(a.(*v1beta1.HTTPIngressRuleValue), b.(*networking.HTTPIngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.HTTPIngressRuleValue)(nil), (*v1beta1.HTTPIngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(a.(*networking.HTTPIngressRuleValue), b.(*v1beta1.HTTPIngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Ingress)(nil), (*networking.Ingress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Ingress_To_networking_Ingress(a.(*v1beta1.Ingress), b.(*networking.Ingress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.Ingress)(nil), (*v1beta1.Ingress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_Ingress_To_v1beta1_Ingress(a.(*networking.Ingress), b.(*v1beta1.Ingress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressClass)(nil), (*networking.IngressClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressClass_To_networking_IngressClass(a.(*v1beta1.IngressClass), b.(*networking.IngressClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClass)(nil), (*v1beta1.IngressClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClass_To_v1beta1_IngressClass(a.(*networking.IngressClass), b.(*v1beta1.IngressClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressClassList)(nil), (*networking.IngressClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressClassList_To_networking_IngressClassList(a.(*v1beta1.IngressClassList), b.(*networking.IngressClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClassList)(nil), (*v1beta1.IngressClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClassList_To_v1beta1_IngressClassList(a.(*networking.IngressClassList), b.(*v1beta1.IngressClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressClassParametersReference)(nil), (*networking.IngressClassParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressClassParametersReference_To_networking_IngressClassParametersReference(a.(*v1beta1.IngressClassParametersReference), b.(*networking.IngressClassParametersReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClassParametersReference)(nil), (*v1beta1.IngressClassParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClassParametersReference_To_v1beta1_IngressClassParametersReference(a.(*networking.IngressClassParametersReference), b.(*v1beta1.IngressClassParametersReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressClassSpec)(nil), (*networking.IngressClassSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressClassSpec_To_networking_IngressClassSpec(a.(*v1beta1.IngressClassSpec), b.(*networking.IngressClassSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressClassSpec)(nil), (*v1beta1.IngressClassSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressClassSpec_To_v1beta1_IngressClassSpec(a.(*networking.IngressClassSpec), b.(*v1beta1.IngressClassSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressList)(nil), (*networking.IngressList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressList_To_networking_IngressList(a.(*v1beta1.IngressList), b.(*networking.IngressList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressList)(nil), (*v1beta1.IngressList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressList_To_v1beta1_IngressList(a.(*networking.IngressList), b.(*v1beta1.IngressList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressLoadBalancerIngress)(nil), (*networking.IngressLoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(a.(*v1beta1.IngressLoadBalancerIngress), b.(*networking.IngressLoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressLoadBalancerIngress)(nil), (*v1beta1.IngressLoadBalancerIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(a.(*networking.IngressLoadBalancerIngress), b.(*v1beta1.IngressLoadBalancerIngress), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressLoadBalancerStatus)(nil), (*networking.IngressLoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(a.(*v1beta1.IngressLoadBalancerStatus), b.(*networking.IngressLoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressLoadBalancerStatus)(nil), (*v1beta1.IngressLoadBalancerStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(a.(*networking.IngressLoadBalancerStatus), b.(*v1beta1.IngressLoadBalancerStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressPortStatus)(nil), (*networking.IngressPortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(a.(*v1beta1.IngressPortStatus), b.(*networking.IngressPortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressPortStatus)(nil), (*v1beta1.IngressPortStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(a.(*networking.IngressPortStatus), b.(*v1beta1.IngressPortStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressRule)(nil), (*networking.IngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressRule_To_networking_IngressRule(a.(*v1beta1.IngressRule), b.(*networking.IngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressRule)(nil), (*v1beta1.IngressRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressRule_To_v1beta1_IngressRule(a.(*networking.IngressRule), b.(*v1beta1.IngressRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressRuleValue)(nil), (*networking.IngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(a.(*v1beta1.IngressRuleValue), b.(*networking.IngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressRuleValue)(nil), (*v1beta1.IngressRuleValue)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(a.(*networking.IngressRuleValue), b.(*v1beta1.IngressRuleValue), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressStatus)(nil), (*networking.IngressStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressStatus_To_networking_IngressStatus(a.(*v1beta1.IngressStatus), b.(*networking.IngressStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressStatus)(nil), (*v1beta1.IngressStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressStatus_To_v1beta1_IngressStatus(a.(*networking.IngressStatus), b.(*v1beta1.IngressStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IngressTLS)(nil), (*networking.IngressTLS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressTLS_To_networking_IngressTLS(a.(*v1beta1.IngressTLS), b.(*networking.IngressTLS), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*networking.IngressTLS)(nil), (*v1beta1.IngressTLS)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressTLS_To_v1beta1_IngressTLS(a.(*networking.IngressTLS), b.(*v1beta1.IngressTLS), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.IngressBackend)(nil), (*v1beta1.IngressBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressBackend_To_v1beta1_IngressBackend(a.(*networking.IngressBackend), b.(*v1beta1.IngressBackend), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*networking.IngressSpec)(nil), (*v1beta1.IngressSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_networking_IngressSpec_To_v1beta1_IngressSpec(a.(*networking.IngressSpec), b.(*v1beta1.IngressSpec), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.IngressBackend)(nil), (*networking.IngressBackend)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressBackend_To_networking_IngressBackend(a.(*v1beta1.IngressBackend), b.(*networking.IngressBackend), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.IngressSpec)(nil), (*networking.IngressSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IngressSpec_To_networking_IngressSpec(a.(*v1beta1.IngressSpec), b.(*networking.IngressSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(in *v1beta1.HTTPIngressPath, out *networking.HTTPIngressPath, s conversion.Scope) error { - out.Path = in.Path - out.PathType = (*networking.PathType)(unsafe.Pointer(in.PathType)) - if err := Convert_v1beta1_IngressBackend_To_networking_IngressBackend(&in.Backend, &out.Backend, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath is an autogenerated conversion function. -func Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(in *v1beta1.HTTPIngressPath, out *networking.HTTPIngressPath, s conversion.Scope) error { - return autoConvert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(in, out, s) -} - -func autoConvert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(in *networking.HTTPIngressPath, out *v1beta1.HTTPIngressPath, s conversion.Scope) error { - out.Path = in.Path - out.PathType = (*v1beta1.PathType)(unsafe.Pointer(in.PathType)) - if err := Convert_networking_IngressBackend_To_v1beta1_IngressBackend(&in.Backend, &out.Backend, s); err != nil { - return err - } - return nil -} - -// Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath is an autogenerated conversion function. -func Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(in *networking.HTTPIngressPath, out *v1beta1.HTTPIngressPath, s conversion.Scope) error { - return autoConvert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(in, out, s) -} - -func autoConvert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in *v1beta1.HTTPIngressRuleValue, out *networking.HTTPIngressRuleValue, s conversion.Scope) error { - if in.Paths != nil { - in, out := &in.Paths, &out.Paths - *out = make([]networking.HTTPIngressPath, len(*in)) - for i := range *in { - if err := Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Paths = nil - } - return nil -} - -// Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue is an autogenerated conversion function. -func Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in *v1beta1.HTTPIngressRuleValue, out *networking.HTTPIngressRuleValue, s conversion.Scope) error { - return autoConvert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(in, out, s) -} - -func autoConvert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in *networking.HTTPIngressRuleValue, out *v1beta1.HTTPIngressRuleValue, s conversion.Scope) error { - if in.Paths != nil { - in, out := &in.Paths, &out.Paths - *out = make([]v1beta1.HTTPIngressPath, len(*in)) - for i := range *in { - if err := Convert_networking_HTTPIngressPath_To_v1beta1_HTTPIngressPath(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Paths = nil - } - return nil -} - -// Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue is an autogenerated conversion function. -func Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in *networking.HTTPIngressRuleValue, out *v1beta1.HTTPIngressRuleValue, s conversion.Scope) error { - return autoConvert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in, out, s) -} - -func autoConvert_v1beta1_Ingress_To_networking_Ingress(in *v1beta1.Ingress, out *networking.Ingress, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_IngressSpec_To_networking_IngressSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_IngressStatus_To_networking_IngressStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_Ingress_To_networking_Ingress is an autogenerated conversion function. -func Convert_v1beta1_Ingress_To_networking_Ingress(in *v1beta1.Ingress, out *networking.Ingress, s conversion.Scope) error { - return autoConvert_v1beta1_Ingress_To_networking_Ingress(in, out, s) -} - -func autoConvert_networking_Ingress_To_v1beta1_Ingress(in *networking.Ingress, out *v1beta1.Ingress, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_IngressSpec_To_v1beta1_IngressSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_networking_IngressStatus_To_v1beta1_IngressStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_networking_Ingress_To_v1beta1_Ingress is an autogenerated conversion function. -func Convert_networking_Ingress_To_v1beta1_Ingress(in *networking.Ingress, out *v1beta1.Ingress, s conversion.Scope) error { - return autoConvert_networking_Ingress_To_v1beta1_Ingress(in, out, s) -} - -func autoConvert_v1beta1_IngressBackend_To_networking_IngressBackend(in *v1beta1.IngressBackend, out *networking.IngressBackend, s conversion.Scope) error { - // WARNING: in.ServiceName requires manual conversion: does not exist in peer-type - // WARNING: in.ServicePort requires manual conversion: does not exist in peer-type - out.Resource = (*core.TypedLocalObjectReference)(unsafe.Pointer(in.Resource)) - return nil -} - -func autoConvert_networking_IngressBackend_To_v1beta1_IngressBackend(in *networking.IngressBackend, out *v1beta1.IngressBackend, s conversion.Scope) error { - // WARNING: in.Service requires manual conversion: does not exist in peer-type - out.Resource = (*v1.TypedLocalObjectReference)(unsafe.Pointer(in.Resource)) - return nil -} - -func autoConvert_v1beta1_IngressClass_To_networking_IngressClass(in *v1beta1.IngressClass, out *networking.IngressClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_IngressClassSpec_To_networking_IngressClassSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_IngressClass_To_networking_IngressClass is an autogenerated conversion function. -func Convert_v1beta1_IngressClass_To_networking_IngressClass(in *v1beta1.IngressClass, out *networking.IngressClass, s conversion.Scope) error { - return autoConvert_v1beta1_IngressClass_To_networking_IngressClass(in, out, s) -} - -func autoConvert_networking_IngressClass_To_v1beta1_IngressClass(in *networking.IngressClass, out *v1beta1.IngressClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_networking_IngressClassSpec_To_v1beta1_IngressClassSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressClass_To_v1beta1_IngressClass is an autogenerated conversion function. -func Convert_networking_IngressClass_To_v1beta1_IngressClass(in *networking.IngressClass, out *v1beta1.IngressClass, s conversion.Scope) error { - return autoConvert_networking_IngressClass_To_v1beta1_IngressClass(in, out, s) -} - -func autoConvert_v1beta1_IngressClassList_To_networking_IngressClassList(in *v1beta1.IngressClassList, out *networking.IngressClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]networking.IngressClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_IngressClassList_To_networking_IngressClassList is an autogenerated conversion function. -func Convert_v1beta1_IngressClassList_To_networking_IngressClassList(in *v1beta1.IngressClassList, out *networking.IngressClassList, s conversion.Scope) error { - return autoConvert_v1beta1_IngressClassList_To_networking_IngressClassList(in, out, s) -} - -func autoConvert_networking_IngressClassList_To_v1beta1_IngressClassList(in *networking.IngressClassList, out *v1beta1.IngressClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.IngressClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_networking_IngressClassList_To_v1beta1_IngressClassList is an autogenerated conversion function. -func Convert_networking_IngressClassList_To_v1beta1_IngressClassList(in *networking.IngressClassList, out *v1beta1.IngressClassList, s conversion.Scope) error { - return autoConvert_networking_IngressClassList_To_v1beta1_IngressClassList(in, out, s) -} - -func autoConvert_v1beta1_IngressClassParametersReference_To_networking_IngressClassParametersReference(in *v1beta1.IngressClassParametersReference, out *networking.IngressClassParametersReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - out.Scope = (*string)(unsafe.Pointer(in.Scope)) - out.Namespace = (*string)(unsafe.Pointer(in.Namespace)) - return nil -} - -// Convert_v1beta1_IngressClassParametersReference_To_networking_IngressClassParametersReference is an autogenerated conversion function. -func Convert_v1beta1_IngressClassParametersReference_To_networking_IngressClassParametersReference(in *v1beta1.IngressClassParametersReference, out *networking.IngressClassParametersReference, s conversion.Scope) error { - return autoConvert_v1beta1_IngressClassParametersReference_To_networking_IngressClassParametersReference(in, out, s) -} - -func autoConvert_networking_IngressClassParametersReference_To_v1beta1_IngressClassParametersReference(in *networking.IngressClassParametersReference, out *v1beta1.IngressClassParametersReference, s conversion.Scope) error { - out.APIGroup = (*string)(unsafe.Pointer(in.APIGroup)) - out.Kind = in.Kind - out.Name = in.Name - out.Scope = (*string)(unsafe.Pointer(in.Scope)) - out.Namespace = (*string)(unsafe.Pointer(in.Namespace)) - return nil -} - -// Convert_networking_IngressClassParametersReference_To_v1beta1_IngressClassParametersReference is an autogenerated conversion function. -func Convert_networking_IngressClassParametersReference_To_v1beta1_IngressClassParametersReference(in *networking.IngressClassParametersReference, out *v1beta1.IngressClassParametersReference, s conversion.Scope) error { - return autoConvert_networking_IngressClassParametersReference_To_v1beta1_IngressClassParametersReference(in, out, s) -} - -func autoConvert_v1beta1_IngressClassSpec_To_networking_IngressClassSpec(in *v1beta1.IngressClassSpec, out *networking.IngressClassSpec, s conversion.Scope) error { - out.Controller = in.Controller - out.Parameters = (*networking.IngressClassParametersReference)(unsafe.Pointer(in.Parameters)) - return nil -} - -// Convert_v1beta1_IngressClassSpec_To_networking_IngressClassSpec is an autogenerated conversion function. -func Convert_v1beta1_IngressClassSpec_To_networking_IngressClassSpec(in *v1beta1.IngressClassSpec, out *networking.IngressClassSpec, s conversion.Scope) error { - return autoConvert_v1beta1_IngressClassSpec_To_networking_IngressClassSpec(in, out, s) -} - -func autoConvert_networking_IngressClassSpec_To_v1beta1_IngressClassSpec(in *networking.IngressClassSpec, out *v1beta1.IngressClassSpec, s conversion.Scope) error { - out.Controller = in.Controller - out.Parameters = (*v1beta1.IngressClassParametersReference)(unsafe.Pointer(in.Parameters)) - return nil -} - -// Convert_networking_IngressClassSpec_To_v1beta1_IngressClassSpec is an autogenerated conversion function. -func Convert_networking_IngressClassSpec_To_v1beta1_IngressClassSpec(in *networking.IngressClassSpec, out *v1beta1.IngressClassSpec, s conversion.Scope) error { - return autoConvert_networking_IngressClassSpec_To_v1beta1_IngressClassSpec(in, out, s) -} - -func autoConvert_v1beta1_IngressList_To_networking_IngressList(in *v1beta1.IngressList, out *networking.IngressList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]networking.Ingress, len(*in)) - for i := range *in { - if err := Convert_v1beta1_Ingress_To_networking_Ingress(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_IngressList_To_networking_IngressList is an autogenerated conversion function. -func Convert_v1beta1_IngressList_To_networking_IngressList(in *v1beta1.IngressList, out *networking.IngressList, s conversion.Scope) error { - return autoConvert_v1beta1_IngressList_To_networking_IngressList(in, out, s) -} - -func autoConvert_networking_IngressList_To_v1beta1_IngressList(in *networking.IngressList, out *v1beta1.IngressList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.Ingress, len(*in)) - for i := range *in { - if err := Convert_networking_Ingress_To_v1beta1_Ingress(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_networking_IngressList_To_v1beta1_IngressList is an autogenerated conversion function. -func Convert_networking_IngressList_To_v1beta1_IngressList(in *networking.IngressList, out *v1beta1.IngressList, s conversion.Scope) error { - return autoConvert_networking_IngressList_To_v1beta1_IngressList(in, out, s) -} - -func autoConvert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in *v1beta1.IngressLoadBalancerIngress, out *networking.IngressLoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]networking.IngressPortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress is an autogenerated conversion function. -func Convert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in *v1beta1.IngressLoadBalancerIngress, out *networking.IngressLoadBalancerIngress, s conversion.Scope) error { - return autoConvert_v1beta1_IngressLoadBalancerIngress_To_networking_IngressLoadBalancerIngress(in, out, s) -} - -func autoConvert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(in *networking.IngressLoadBalancerIngress, out *v1beta1.IngressLoadBalancerIngress, s conversion.Scope) error { - out.IP = in.IP - out.Hostname = in.Hostname - out.Ports = *(*[]v1beta1.IngressPortStatus)(unsafe.Pointer(&in.Ports)) - return nil -} - -// Convert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress is an autogenerated conversion function. -func Convert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(in *networking.IngressLoadBalancerIngress, out *v1beta1.IngressLoadBalancerIngress, s conversion.Scope) error { - return autoConvert_networking_IngressLoadBalancerIngress_To_v1beta1_IngressLoadBalancerIngress(in, out, s) -} - -func autoConvert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in *v1beta1.IngressLoadBalancerStatus, out *networking.IngressLoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]networking.IngressLoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus is an autogenerated conversion function. -func Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in *v1beta1.IngressLoadBalancerStatus, out *networking.IngressLoadBalancerStatus, s conversion.Scope) error { - return autoConvert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(in, out, s) -} - -func autoConvert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(in *networking.IngressLoadBalancerStatus, out *v1beta1.IngressLoadBalancerStatus, s conversion.Scope) error { - out.Ingress = *(*[]v1beta1.IngressLoadBalancerIngress)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus is an autogenerated conversion function. -func Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(in *networking.IngressLoadBalancerStatus, out *v1beta1.IngressLoadBalancerStatus, s conversion.Scope) error { - return autoConvert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(in, out, s) -} - -func autoConvert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(in *v1beta1.IngressPortStatus, out *networking.IngressPortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = core.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus is an autogenerated conversion function. -func Convert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(in *v1beta1.IngressPortStatus, out *networking.IngressPortStatus, s conversion.Scope) error { - return autoConvert_v1beta1_IngressPortStatus_To_networking_IngressPortStatus(in, out, s) -} - -func autoConvert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(in *networking.IngressPortStatus, out *v1beta1.IngressPortStatus, s conversion.Scope) error { - out.Port = in.Port - out.Protocol = v1.Protocol(in.Protocol) - out.Error = (*string)(unsafe.Pointer(in.Error)) - return nil -} - -// Convert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus is an autogenerated conversion function. -func Convert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(in *networking.IngressPortStatus, out *v1beta1.IngressPortStatus, s conversion.Scope) error { - return autoConvert_networking_IngressPortStatus_To_v1beta1_IngressPortStatus(in, out, s) -} - -func autoConvert_v1beta1_IngressRule_To_networking_IngressRule(in *v1beta1.IngressRule, out *networking.IngressRule, s conversion.Scope) error { - out.Host = in.Host - if err := Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(&in.IngressRuleValue, &out.IngressRuleValue, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_IngressRule_To_networking_IngressRule is an autogenerated conversion function. -func Convert_v1beta1_IngressRule_To_networking_IngressRule(in *v1beta1.IngressRule, out *networking.IngressRule, s conversion.Scope) error { - return autoConvert_v1beta1_IngressRule_To_networking_IngressRule(in, out, s) -} - -func autoConvert_networking_IngressRule_To_v1beta1_IngressRule(in *networking.IngressRule, out *v1beta1.IngressRule, s conversion.Scope) error { - out.Host = in.Host - if err := Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(&in.IngressRuleValue, &out.IngressRuleValue, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressRule_To_v1beta1_IngressRule is an autogenerated conversion function. -func Convert_networking_IngressRule_To_v1beta1_IngressRule(in *networking.IngressRule, out *v1beta1.IngressRule, s conversion.Scope) error { - return autoConvert_networking_IngressRule_To_v1beta1_IngressRule(in, out, s) -} - -func autoConvert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(in *v1beta1.IngressRuleValue, out *networking.IngressRuleValue, s conversion.Scope) error { - if in.HTTP != nil { - in, out := &in.HTTP, &out.HTTP - *out = new(networking.HTTPIngressRuleValue) - if err := Convert_v1beta1_HTTPIngressRuleValue_To_networking_HTTPIngressRuleValue(*in, *out, s); err != nil { - return err - } - } else { - out.HTTP = nil - } - return nil -} - -// Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue is an autogenerated conversion function. -func Convert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(in *v1beta1.IngressRuleValue, out *networking.IngressRuleValue, s conversion.Scope) error { - return autoConvert_v1beta1_IngressRuleValue_To_networking_IngressRuleValue(in, out, s) -} - -func autoConvert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(in *networking.IngressRuleValue, out *v1beta1.IngressRuleValue, s conversion.Scope) error { - if in.HTTP != nil { - in, out := &in.HTTP, &out.HTTP - *out = new(v1beta1.HTTPIngressRuleValue) - if err := Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(*in, *out, s); err != nil { - return err - } - } else { - out.HTTP = nil - } - return nil -} - -// Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue is an autogenerated conversion function. -func Convert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(in *networking.IngressRuleValue, out *v1beta1.IngressRuleValue, s conversion.Scope) error { - return autoConvert_networking_IngressRuleValue_To_v1beta1_IngressRuleValue(in, out, s) -} - -func autoConvert_v1beta1_IngressSpec_To_networking_IngressSpec(in *v1beta1.IngressSpec, out *networking.IngressSpec, s conversion.Scope) error { - out.IngressClassName = (*string)(unsafe.Pointer(in.IngressClassName)) - // WARNING: in.Backend requires manual conversion: does not exist in peer-type - out.TLS = *(*[]networking.IngressTLS)(unsafe.Pointer(&in.TLS)) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]networking.IngressRule, len(*in)) - for i := range *in { - if err := Convert_v1beta1_IngressRule_To_networking_IngressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - return nil -} - -func autoConvert_networking_IngressSpec_To_v1beta1_IngressSpec(in *networking.IngressSpec, out *v1beta1.IngressSpec, s conversion.Scope) error { - out.IngressClassName = (*string)(unsafe.Pointer(in.IngressClassName)) - // WARNING: in.DefaultBackend requires manual conversion: does not exist in peer-type - out.TLS = *(*[]v1beta1.IngressTLS)(unsafe.Pointer(&in.TLS)) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]v1beta1.IngressRule, len(*in)) - for i := range *in { - if err := Convert_networking_IngressRule_To_v1beta1_IngressRule(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Rules = nil - } - return nil -} - -func autoConvert_v1beta1_IngressStatus_To_networking_IngressStatus(in *v1beta1.IngressStatus, out *networking.IngressStatus, s conversion.Scope) error { - if err := Convert_v1beta1_IngressLoadBalancerStatus_To_networking_IngressLoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_IngressStatus_To_networking_IngressStatus is an autogenerated conversion function. -func Convert_v1beta1_IngressStatus_To_networking_IngressStatus(in *v1beta1.IngressStatus, out *networking.IngressStatus, s conversion.Scope) error { - return autoConvert_v1beta1_IngressStatus_To_networking_IngressStatus(in, out, s) -} - -func autoConvert_networking_IngressStatus_To_v1beta1_IngressStatus(in *networking.IngressStatus, out *v1beta1.IngressStatus, s conversion.Scope) error { - if err := Convert_networking_IngressLoadBalancerStatus_To_v1beta1_IngressLoadBalancerStatus(&in.LoadBalancer, &out.LoadBalancer, s); err != nil { - return err - } - return nil -} - -// Convert_networking_IngressStatus_To_v1beta1_IngressStatus is an autogenerated conversion function. -func Convert_networking_IngressStatus_To_v1beta1_IngressStatus(in *networking.IngressStatus, out *v1beta1.IngressStatus, s conversion.Scope) error { - return autoConvert_networking_IngressStatus_To_v1beta1_IngressStatus(in, out, s) -} - -func autoConvert_v1beta1_IngressTLS_To_networking_IngressTLS(in *v1beta1.IngressTLS, out *networking.IngressTLS, s conversion.Scope) error { - out.Hosts = *(*[]string)(unsafe.Pointer(&in.Hosts)) - out.SecretName = in.SecretName - return nil -} - -// Convert_v1beta1_IngressTLS_To_networking_IngressTLS is an autogenerated conversion function. -func Convert_v1beta1_IngressTLS_To_networking_IngressTLS(in *v1beta1.IngressTLS, out *networking.IngressTLS, s conversion.Scope) error { - return autoConvert_v1beta1_IngressTLS_To_networking_IngressTLS(in, out, s) -} - -func autoConvert_networking_IngressTLS_To_v1beta1_IngressTLS(in *networking.IngressTLS, out *v1beta1.IngressTLS, s conversion.Scope) error { - out.Hosts = *(*[]string)(unsafe.Pointer(&in.Hosts)) - out.SecretName = in.SecretName - return nil -} - -// Convert_networking_IngressTLS_To_v1beta1_IngressTLS is an autogenerated conversion function. -func Convert_networking_IngressTLS_To_v1beta1_IngressTLS(in *networking.IngressTLS, out *v1beta1.IngressTLS, s conversion.Scope) error { - return autoConvert_networking_IngressTLS_To_v1beta1_IngressTLS(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/zz_generated.defaults.go deleted file mode 100644 index ee9c3f4b20..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,55 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/networking/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.Ingress{}, func(obj interface{}) { SetObjectDefaults_Ingress(obj.(*v1beta1.Ingress)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.IngressList{}, func(obj interface{}) { SetObjectDefaults_IngressList(obj.(*v1beta1.IngressList)) }) - return nil -} - -func SetObjectDefaults_Ingress(in *v1beta1.Ingress) { - for i := range in.Spec.Rules { - a := &in.Spec.Rules[i] - if a.IngressRuleValue.HTTP != nil { - for j := range a.IngressRuleValue.HTTP.Paths { - b := &a.IngressRuleValue.HTTP.Paths[j] - SetDefaults_HTTPIngressPath(b) - } - } - } -} - -func SetObjectDefaults_IngressList(in *v1beta1.IngressList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_Ingress(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/validation/validation.go deleted file mode 100644 index ca9bbaafa0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/validation/validation.go +++ /dev/null @@ -1,743 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strings" - - v1 "k8s.io/api/core/v1" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - pathvalidation "k8s.io/apimachinery/pkg/api/validation/path" - unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - api "k8s.io/kubernetes/pkg/apis/core" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/networking" - netutils "k8s.io/utils/net" - utilpointer "k8s.io/utils/pointer" -) - -const ( - annotationIngressClass = "kubernetes.io/ingress.class" - maxLenIngressClassController = 250 -) - -var ( - supportedPathTypes = sets.NewString( - string(networking.PathTypeExact), - string(networking.PathTypePrefix), - string(networking.PathTypeImplementationSpecific), - ) - invalidPathSequences = []string{"//", "/./", "/../", "%2f", "%2F"} - invalidPathSuffixes = []string{"/..", "/."} - - supportedIngressClassParametersReferenceScopes = sets.NewString( - networking.IngressClassParametersReferenceScopeNamespace, - networking.IngressClassParametersReferenceScopeCluster, - ) -) - -type NetworkPolicyValidationOptions struct { - AllowInvalidLabelValueInSelector bool -} - -// ValidateNetworkPolicyName can be used to check whether the given networkpolicy -// name is valid. -func ValidateNetworkPolicyName(name string, prefix bool) []string { - return apimachineryvalidation.NameIsDNSSubdomain(name, prefix) -} - -// ValidateNetworkPolicyPort validates a NetworkPolicyPort -func ValidateNetworkPolicyPort(port *networking.NetworkPolicyPort, portPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if port.Protocol != nil && *port.Protocol != api.ProtocolTCP && *port.Protocol != api.ProtocolUDP && *port.Protocol != api.ProtocolSCTP { - allErrs = append(allErrs, field.NotSupported(portPath.Child("protocol"), *port.Protocol, []string{string(api.ProtocolTCP), string(api.ProtocolUDP), string(api.ProtocolSCTP)})) - } - if port.Port != nil { - if port.Port.Type == intstr.Int { - for _, msg := range validation.IsValidPortNum(int(port.Port.IntVal)) { - allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.IntVal, msg)) - } - if port.EndPort != nil { - if *port.EndPort < port.Port.IntVal { - allErrs = append(allErrs, field.Invalid(portPath.Child("endPort"), port.Port.IntVal, "must be greater than or equal to `port`")) - } - for _, msg := range validation.IsValidPortNum(int(*port.EndPort)) { - allErrs = append(allErrs, field.Invalid(portPath.Child("endPort"), *port.EndPort, msg)) - } - } - } else { - if port.EndPort != nil { - allErrs = append(allErrs, field.Invalid(portPath.Child("endPort"), *port.EndPort, "may not be specified when `port` is non-numeric")) - } - for _, msg := range validation.IsValidPortName(port.Port.StrVal) { - allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.StrVal, msg)) - } - } - } else { - if port.EndPort != nil { - allErrs = append(allErrs, field.Invalid(portPath.Child("endPort"), *port.EndPort, "may not be specified when `port` is not specified")) - } - } - - return allErrs -} - -// ValidateNetworkPolicyPeer validates a NetworkPolicyPeer -func ValidateNetworkPolicyPeer(peer *networking.NetworkPolicyPeer, opts NetworkPolicyValidationOptions, peerPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - numPeers := 0 - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector, - } - - if peer.PodSelector != nil { - numPeers++ - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(peer.PodSelector, labelSelectorValidationOpts, peerPath.Child("podSelector"))...) - } - if peer.NamespaceSelector != nil { - numPeers++ - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(peer.NamespaceSelector, labelSelectorValidationOpts, peerPath.Child("namespaceSelector"))...) - } - if peer.IPBlock != nil { - numPeers++ - allErrs = append(allErrs, ValidateIPBlock(peer.IPBlock, peerPath.Child("ipBlock"))...) - } - - if numPeers == 0 { - allErrs = append(allErrs, field.Required(peerPath, "must specify a peer")) - } else if numPeers > 1 && peer.IPBlock != nil { - allErrs = append(allErrs, field.Forbidden(peerPath, "may not specify both ipBlock and another peer")) - } - - return allErrs -} - -// ValidateNetworkPolicySpec tests if required fields in the networkpolicy spec are set. -func ValidateNetworkPolicySpec(spec *networking.NetworkPolicySpec, opts NetworkPolicyValidationOptions, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector, - } - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector( - &spec.PodSelector, - labelSelectorValidationOpts, - fldPath.Child("podSelector"), - )...) - - // Validate ingress rules. - for i, ingress := range spec.Ingress { - ingressPath := fldPath.Child("ingress").Index(i) - for i, port := range ingress.Ports { - portPath := ingressPath.Child("ports").Index(i) - allErrs = append(allErrs, ValidateNetworkPolicyPort(&port, portPath)...) - } - for i, from := range ingress.From { - fromPath := ingressPath.Child("from").Index(i) - allErrs = append(allErrs, ValidateNetworkPolicyPeer(&from, opts, fromPath)...) - } - } - // Validate egress rules - for i, egress := range spec.Egress { - egressPath := fldPath.Child("egress").Index(i) - for i, port := range egress.Ports { - portPath := egressPath.Child("ports").Index(i) - allErrs = append(allErrs, ValidateNetworkPolicyPort(&port, portPath)...) - } - for i, to := range egress.To { - toPath := egressPath.Child("to").Index(i) - allErrs = append(allErrs, ValidateNetworkPolicyPeer(&to, opts, toPath)...) - } - } - // Validate PolicyTypes - allowed := sets.NewString(string(networking.PolicyTypeIngress), string(networking.PolicyTypeEgress)) - if len(spec.PolicyTypes) > len(allowed) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("policyTypes"), &spec.PolicyTypes, "may not specify more than two policyTypes")) - return allErrs - } - for i, pType := range spec.PolicyTypes { - policyPath := fldPath.Child("policyTypes").Index(i) - if !allowed.Has(string(pType)) { - allErrs = append(allErrs, field.NotSupported(policyPath, pType, []string{string(networking.PolicyTypeIngress), string(networking.PolicyTypeEgress)})) - } - } - return allErrs -} - -// ValidateNetworkPolicy validates a networkpolicy. -func ValidateNetworkPolicy(np *networking.NetworkPolicy, opts NetworkPolicyValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&np.ObjectMeta, true, ValidateNetworkPolicyName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateNetworkPolicySpec(&np.Spec, opts, field.NewPath("spec"))...) - return allErrs -} - -// ValidationOptionsForNetworking generates NetworkPolicyValidationOptions for Networking -func ValidationOptionsForNetworking(new, old *networking.NetworkPolicy) NetworkPolicyValidationOptions { - opts := NetworkPolicyValidationOptions{ - AllowInvalidLabelValueInSelector: false, - } - if old != nil { - labelSelectorValidationOpts := unversionedvalidation.LabelSelectorValidationOptions{ - AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector, - } - if len(unversionedvalidation.ValidateLabelSelector(&old.Spec.PodSelector, labelSelectorValidationOpts, nil)) > 0 { - opts.AllowInvalidLabelValueInSelector = true - } - } - return opts -} - -// ValidateNetworkPolicyUpdate tests if an update to a NetworkPolicy is valid. -func ValidateNetworkPolicyUpdate(update, old *networking.NetworkPolicy, opts NetworkPolicyValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) - allErrs = append(allErrs, ValidateNetworkPolicySpec(&update.Spec, opts, field.NewPath("spec"))...) - return allErrs -} - -// ValidateNetworkPolicyStatusUpdate tests if an update to a NetworkPolicy status is valid -func ValidateNetworkPolicyStatusUpdate(status, oldstatus networking.NetworkPolicyStatus, fldPath *field.Path) field.ErrorList { - return unversionedvalidation.ValidateConditions(status.Conditions, fldPath.Child("conditions")) -} - -// ValidateIPBlock validates a cidr and the except fields of an IpBlock NetworkPolicyPeer -func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(ipb.CIDR) == 0 || ipb.CIDR == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("cidr"), "")) - return allErrs - } - cidrIPNet, err := apivalidation.ValidateCIDR(ipb.CIDR) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child("cidr"), ipb.CIDR, "not a valid CIDR")) - return allErrs - } - exceptCIDR := ipb.Except - for i, exceptIP := range exceptCIDR { - exceptPath := fldPath.Child("except").Index(i) - exceptCIDR, err := apivalidation.ValidateCIDR(exceptIP) - if err != nil { - allErrs = append(allErrs, field.Invalid(exceptPath, exceptIP, "not a valid CIDR")) - return allErrs - } - cidrMaskLen, _ := cidrIPNet.Mask.Size() - exceptMaskLen, _ := exceptCIDR.Mask.Size() - if !cidrIPNet.Contains(exceptCIDR.IP) || cidrMaskLen >= exceptMaskLen { - allErrs = append(allErrs, field.Invalid(exceptPath, exceptIP, "must be a strict subset of `cidr`")) - } - } - return allErrs -} - -// ValidateIngressName validates that the given name can be used as an Ingress -// name. -var ValidateIngressName = apimachineryvalidation.NameIsDNSSubdomain - -// IngressValidationOptions cover beta to GA transitions for HTTP PathType -type IngressValidationOptions struct { - // AllowInvalidSecretName indicates whether spec.tls[*].secretName values that are not valid Secret names should be allowed - AllowInvalidSecretName bool - - // AllowInvalidWildcardHostRule indicates whether invalid rule values are allowed in rules with wildcard hostnames - AllowInvalidWildcardHostRule bool -} - -// ValidateIngress validates Ingresses on create and update. -func validateIngress(ingress *networking.Ingress, opts IngressValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&ingress.ObjectMeta, true, ValidateIngressName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateIngressSpec(&ingress.Spec, field.NewPath("spec"), opts)...) - return allErrs -} - -// ValidateIngressCreate validates Ingresses on create. -func ValidateIngressCreate(ingress *networking.Ingress) field.ErrorList { - allErrs := field.ErrorList{} - opts := IngressValidationOptions{ - AllowInvalidSecretName: false, - AllowInvalidWildcardHostRule: false, - } - allErrs = append(allErrs, validateIngress(ingress, opts)...) - annotationVal, annotationIsSet := ingress.Annotations[annotationIngressClass] - if annotationIsSet && ingress.Spec.IngressClassName != nil { - annotationPath := field.NewPath("annotations").Child(annotationIngressClass) - allErrs = append(allErrs, field.Invalid(annotationPath, annotationVal, "can not be set when the class field is also set")) - } - return allErrs -} - -// ValidateIngressUpdate validates ingresses on update. -func ValidateIngressUpdate(ingress, oldIngress *networking.Ingress) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&ingress.ObjectMeta, &oldIngress.ObjectMeta, field.NewPath("metadata")) - opts := IngressValidationOptions{ - AllowInvalidSecretName: allowInvalidSecretName(oldIngress), - AllowInvalidWildcardHostRule: allowInvalidWildcardHostRule(oldIngress), - } - - allErrs = append(allErrs, validateIngress(ingress, opts)...) - return allErrs -} - -func validateIngressTLS(spec *networking.IngressSpec, fldPath *field.Path, opts IngressValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - // TODO: Perform a more thorough validation of spec.TLS.Hosts that takes - // the wildcard spec from RFC 6125 into account. - for tlsIndex, itls := range spec.TLS { - for i, host := range itls.Hosts { - if strings.Contains(host, "*") { - for _, msg := range validation.IsWildcardDNS1123Subdomain(host) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(tlsIndex).Child("hosts").Index(i), host, msg)) - } - continue - } - for _, msg := range validation.IsDNS1123Subdomain(host) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(tlsIndex).Child("hosts").Index(i), host, msg)) - } - } - - if !opts.AllowInvalidSecretName { - for _, msg := range validateTLSSecretName(itls.SecretName) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(tlsIndex).Child("secretName"), itls.SecretName, msg)) - } - } - } - - return allErrs -} - -// ValidateIngressSpec tests if required fields in the IngressSpec are set. -func ValidateIngressSpec(spec *networking.IngressSpec, fldPath *field.Path, opts IngressValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if len(spec.Rules) == 0 && spec.DefaultBackend == nil { - errMsg := fmt.Sprintf("either `%s` or `rules` must be specified", "defaultBackend") - allErrs = append(allErrs, field.Invalid(fldPath, spec.Rules, errMsg)) - } - if spec.DefaultBackend != nil { - allErrs = append(allErrs, validateIngressBackend(spec.DefaultBackend, fldPath.Child("defaultBackend"), opts)...) - } - if len(spec.Rules) > 0 { - allErrs = append(allErrs, validateIngressRules(spec.Rules, fldPath.Child("rules"), opts)...) - } - if len(spec.TLS) > 0 { - allErrs = append(allErrs, validateIngressTLS(spec, fldPath.Child("tls"), opts)...) - } - if spec.IngressClassName != nil { - for _, msg := range ValidateIngressClassName(*spec.IngressClassName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("ingressClassName"), *spec.IngressClassName, msg)) - } - } - return allErrs -} - -// ValidateIngressStatusUpdate tests if required fields in the Ingress are set when updating status. -func ValidateIngressStatusUpdate(ingress, oldIngress *networking.Ingress) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&ingress.ObjectMeta, &oldIngress.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateIngressLoadBalancerStatus(&ingress.Status.LoadBalancer, field.NewPath("status", "loadBalancer"))...) - return allErrs -} - -// ValidateLIngressoadBalancerStatus validates required fields on an IngressLoadBalancerStatus -func ValidateIngressLoadBalancerStatus(status *networking.IngressLoadBalancerStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for i, ingress := range status.Ingress { - idxPath := fldPath.Child("ingress").Index(i) - if len(ingress.IP) > 0 { - if isIP := (netutils.ParseIPSloppy(ingress.IP) != nil); !isIP { - allErrs = append(allErrs, field.Invalid(idxPath.Child("ip"), ingress.IP, "must be a valid IP address")) - } - } - if len(ingress.Hostname) > 0 { - for _, msg := range validation.IsDNS1123Subdomain(ingress.Hostname) { - allErrs = append(allErrs, field.Invalid(idxPath.Child("hostname"), ingress.Hostname, msg)) - } - if isIP := (netutils.ParseIPSloppy(ingress.Hostname) != nil); isIP { - allErrs = append(allErrs, field.Invalid(idxPath.Child("hostname"), ingress.Hostname, "must be a DNS name, not an IP address")) - } - } - } - return allErrs -} - -func validateIngressRules(ingressRules []networking.IngressRule, fldPath *field.Path, opts IngressValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if len(ingressRules) == 0 { - return append(allErrs, field.Required(fldPath, "")) - } - for i, ih := range ingressRules { - wildcardHost := false - if len(ih.Host) > 0 { - if isIP := (netutils.ParseIPSloppy(ih.Host) != nil); isIP { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("host"), ih.Host, "must be a DNS name, not an IP address")) - } - // TODO: Ports and ips are allowed in the host part of a url - // according to RFC 3986, consider allowing them. - if strings.Contains(ih.Host, "*") { - for _, msg := range validation.IsWildcardDNS1123Subdomain(ih.Host) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("host"), ih.Host, msg)) - } - wildcardHost = true - } else { - for _, msg := range validation.IsDNS1123Subdomain(ih.Host) { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("host"), ih.Host, msg)) - } - } - } - - if !wildcardHost || !opts.AllowInvalidWildcardHostRule { - allErrs = append(allErrs, validateIngressRuleValue(&ih.IngressRuleValue, fldPath.Index(i), opts)...) - } - } - return allErrs -} - -func validateIngressRuleValue(ingressRule *networking.IngressRuleValue, fldPath *field.Path, opts IngressValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if ingressRule.HTTP != nil { - allErrs = append(allErrs, validateHTTPIngressRuleValue(ingressRule.HTTP, fldPath.Child("http"), opts)...) - } - return allErrs -} - -func validateHTTPIngressRuleValue(httpIngressRuleValue *networking.HTTPIngressRuleValue, fldPath *field.Path, opts IngressValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - if len(httpIngressRuleValue.Paths) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("paths"), "")) - } - for i, path := range httpIngressRuleValue.Paths { - allErrs = append(allErrs, validateHTTPIngressPath(&path, fldPath.Child("paths").Index(i), opts)...) - } - return allErrs -} - -func validateHTTPIngressPath(path *networking.HTTPIngressPath, fldPath *field.Path, opts IngressValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - if path.PathType == nil { - return append(allErrs, field.Required(fldPath.Child("pathType"), "pathType must be specified")) - } - - switch *path.PathType { - case networking.PathTypeExact, networking.PathTypePrefix: - if !strings.HasPrefix(path.Path, "/") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("path"), path.Path, "must be an absolute path")) - } - if len(path.Path) > 0 { - for _, invalidSeq := range invalidPathSequences { - if strings.Contains(path.Path, invalidSeq) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("path"), path.Path, fmt.Sprintf("must not contain '%s'", invalidSeq))) - } - } - - for _, invalidSuff := range invalidPathSuffixes { - if strings.HasSuffix(path.Path, invalidSuff) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("path"), path.Path, fmt.Sprintf("cannot end with '%s'", invalidSuff))) - } - } - } - case networking.PathTypeImplementationSpecific: - if len(path.Path) > 0 { - if !strings.HasPrefix(path.Path, "/") { - allErrs = append(allErrs, field.Invalid(fldPath.Child("path"), path.Path, "must be an absolute path")) - } - } - default: - allErrs = append(allErrs, field.NotSupported(fldPath.Child("pathType"), *path.PathType, supportedPathTypes.List())) - } - allErrs = append(allErrs, validateIngressBackend(&path.Backend, fldPath.Child("backend"), opts)...) - return allErrs -} - -// validateIngressBackend tests if a given backend is valid. -func validateIngressBackend(backend *networking.IngressBackend, fldPath *field.Path, opts IngressValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - hasResourceBackend := backend.Resource != nil - hasServiceBackend := backend.Service != nil - - switch { - case hasResourceBackend && hasServiceBackend: - return append(allErrs, field.Invalid(fldPath, "", "cannot set both resource and service backends")) - case hasResourceBackend: - allErrs = append(allErrs, validateIngressTypedLocalObjectReference(backend.Resource, fldPath.Child("resource"))...) - case hasServiceBackend: - - if len(backend.Service.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("service", "name"), "")) - } else { - for _, msg := range apivalidation.ValidateServiceName(backend.Service.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("service", "name"), backend.Service.Name, msg)) - } - } - - hasPortName := len(backend.Service.Port.Name) > 0 - hasPortNumber := backend.Service.Port.Number != 0 - if hasPortName && hasPortNumber { - allErrs = append(allErrs, field.Invalid(fldPath, "", "cannot set both port name & port number")) - } else if hasPortName { - for _, msg := range validation.IsValidPortName(backend.Service.Port.Name) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("service", "port", "name"), backend.Service.Port.Name, msg)) - } - } else if hasPortNumber { - for _, msg := range validation.IsValidPortNum(int(backend.Service.Port.Number)) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("service", "port", "number"), backend.Service.Port.Number, msg)) - } - } else { - allErrs = append(allErrs, field.Required(fldPath, "port name or number is required")) - } - default: - allErrs = append(allErrs, field.Invalid(fldPath, "", "resource or service backend is required")) - } - return allErrs -} - -// ValidateIngressClassName validates that the given name can be used as an -// IngressClass name. -var ValidateIngressClassName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateIngressClass ensures that IngressClass resources are valid. -func ValidateIngressClass(ingressClass *networking.IngressClass) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&ingressClass.ObjectMeta, false, ValidateIngressClassName, field.NewPath("metadata")) - allErrs = append(allErrs, validateIngressClassSpec(&ingressClass.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidateIngressClassUpdate ensures that IngressClass updates are valid. -func ValidateIngressClassUpdate(newIngressClass, oldIngressClass *networking.IngressClass) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&newIngressClass.ObjectMeta, &oldIngressClass.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, validateIngressClassSpecUpdate(&newIngressClass.Spec, &oldIngressClass.Spec, field.NewPath("spec"))...) - allErrs = append(allErrs, ValidateIngressClass(newIngressClass)...) - return allErrs -} - -// validateIngressClassSpec ensures that IngressClassSpec fields are valid. -func validateIngressClassSpec(spec *networking.IngressClassSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(spec.Controller) > maxLenIngressClassController { - allErrs = append(allErrs, field.TooLong(fldPath.Child("controller"), spec.Controller, maxLenIngressClassController)) - } - allErrs = append(allErrs, validation.IsDomainPrefixedPath(fldPath.Child("controller"), spec.Controller)...) - allErrs = append(allErrs, validateIngressClassParametersReference(spec.Parameters, fldPath.Child("parameters"))...) - return allErrs -} - -// validateIngressClassSpecUpdate ensures that IngressClassSpec updates are -// valid. -func validateIngressClassSpecUpdate(newSpec, oldSpec *networking.IngressClassSpec, fldPath *field.Path) field.ErrorList { - return apivalidation.ValidateImmutableField(newSpec.Controller, oldSpec.Controller, fldPath.Child("controller")) -} - -// validateIngressTypedLocalObjectReference ensures that Parameters fields are valid. -func validateIngressTypedLocalObjectReference(params *api.TypedLocalObjectReference, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if params == nil { - return allErrs - } - - if params.APIGroup != nil { - for _, msg := range validation.IsDNS1123Subdomain(*params.APIGroup) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("apiGroup"), *params.APIGroup, msg)) - } - } - - if params.Kind == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("kind"), "kind is required")) - } else { - for _, msg := range pathvalidation.IsValidPathSegmentName(params.Kind) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("kind"), params.Kind, msg)) - } - } - - if params.Name == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "name is required")) - } else { - for _, msg := range pathvalidation.IsValidPathSegmentName(params.Name) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), params.Name, msg)) - } - } - - return allErrs -} - -// validateIngressClassParametersReference ensures that Parameters fields are valid. -// Parameters was previously of type `TypedLocalObjectReference` and used -// `validateIngressTypedLocalObjectReference()`. This function extends validation -// for additional fields introduced for namespace-scoped references. -func validateIngressClassParametersReference(params *networking.IngressClassParametersReference, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if params == nil { - return allErrs - } - - allErrs = append(allErrs, validateIngressTypedLocalObjectReference(&api.TypedLocalObjectReference{ - APIGroup: params.APIGroup, - Kind: params.Kind, - Name: params.Name, - }, fldPath)...) - - if params.Scope == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("scope"), "")) - return allErrs - } - - if params.Scope != nil || params.Namespace != nil { - scope := utilpointer.StringPtrDerefOr(params.Scope, "") - - if !supportedIngressClassParametersReferenceScopes.Has(scope) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("scope"), scope, - supportedIngressClassParametersReferenceScopes.List())) - } else { - - if scope == networking.IngressClassParametersReferenceScopeNamespace { - if params.Namespace == nil { - allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), "`parameters.scope` is set to 'Namespace'")) - } else { - for _, msg := range apivalidation.ValidateNamespaceName(*params.Namespace, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), *params.Namespace, msg)) - } - } - } - - if scope == networking.IngressClassParametersReferenceScopeCluster && params.Namespace != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("namespace"), "`parameters.scope` is set to 'Cluster'")) - } - } - } - - return allErrs -} - -func allowInvalidSecretName(oldIngress *networking.Ingress) bool { - if oldIngress != nil { - for _, tls := range oldIngress.Spec.TLS { - if len(validateTLSSecretName(tls.SecretName)) > 0 { - // backwards compatibility with existing persisted object - return true - } - } - } - return false -} - -func validateTLSSecretName(name string) []string { - if len(name) == 0 { - return nil - } - return apivalidation.ValidateSecretName(name, false) -} - -func allowInvalidWildcardHostRule(oldIngress *networking.Ingress) bool { - if oldIngress != nil { - for _, rule := range oldIngress.Spec.Rules { - if strings.Contains(rule.Host, "*") && len(validateIngressRuleValue(&rule.IngressRuleValue, nil, IngressValidationOptions{})) > 0 { - // backwards compatibility with existing invalid data - return true - } - } - } - return false -} - -// ValidateClusterCIDRName validates that the given name can be used as an -// ClusterCIDR name. -var ValidateClusterCIDRName = apimachineryvalidation.NameIsDNSLabel - -// ValidateClusterCIDR validates a ClusterCIDR. -func ValidateClusterCIDR(cc *networking.ClusterCIDR) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&cc.ObjectMeta, false, ValidateClusterCIDRName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateClusterCIDRSpec(&cc.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidateClusterCIDRSpec validates ClusterCIDR Spec. -func ValidateClusterCIDRSpec(spec *networking.ClusterCIDRSpec, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if spec.NodeSelector != nil { - allErrs = append(allErrs, apivalidation.ValidateNodeSelector(spec.NodeSelector, fldPath.Child("nodeSelector"))...) - } - - // Validate if CIDR is specified for at least one IP Family(IPv4/IPv6). - if spec.IPv4 == "" && spec.IPv6 == "" { - allErrs = append(allErrs, field.Required(fldPath, "one or both of `ipv4` and `ipv6` must be specified")) - return allErrs - } - - // Validate specified IPv4 CIDR and PerNodeHostBits. - if spec.IPv4 != "" { - allErrs = append(allErrs, validateCIDRConfig(spec.IPv4, spec.PerNodeHostBits, 32, v1.IPv4Protocol, fldPath)...) - } - - // Validate specified IPv6 CIDR and PerNodeHostBits. - if spec.IPv6 != "" { - allErrs = append(allErrs, validateCIDRConfig(spec.IPv6, spec.PerNodeHostBits, 128, v1.IPv6Protocol, fldPath)...) - } - - return allErrs -} - -func validateCIDRConfig(configCIDR string, perNodeHostBits, maxMaskSize int32, ipFamily v1.IPFamily, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - minPerNodeHostBits := int32(4) - - ip, ipNet, err := netutils.ParseCIDRSloppy(configCIDR) - if err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Child(string(ipFamily)), configCIDR, fmt.Sprintf("must be a valid CIDR: %s", configCIDR))) - return allErrs - } - - if ipFamily == v1.IPv4Protocol && !netutils.IsIPv4(ip) { - allErrs = append(allErrs, field.Invalid(fldPath.Child(string(ipFamily)), configCIDR, "must be a valid IPv4 CIDR")) - } - if ipFamily == v1.IPv6Protocol && !netutils.IsIPv6(ip) { - allErrs = append(allErrs, field.Invalid(fldPath.Child(string(ipFamily)), configCIDR, "must be a valid IPv6 CIDR")) - } - - // Validate PerNodeHostBits - maskSize, _ := ipNet.Mask.Size() - maxPerNodeHostBits := maxMaskSize - int32(maskSize) - - if perNodeHostBits < minPerNodeHostBits { - allErrs = append(allErrs, field.Invalid(fldPath.Child("perNodeHostBits"), perNodeHostBits, fmt.Sprintf("must be greater than or equal to %d", minPerNodeHostBits))) - } - if perNodeHostBits > maxPerNodeHostBits { - allErrs = append(allErrs, field.Invalid(fldPath.Child("perNodeHostBits"), perNodeHostBits, fmt.Sprintf("must be less than or equal to %d", maxPerNodeHostBits))) - } - return allErrs -} - -// ValidateClusterCIDRUpdate tests if an update to a ClusterCIDR is valid. -func ValidateClusterCIDRUpdate(update, old *networking.ClusterCIDR) field.ErrorList { - var allErrs field.ErrorList - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) - allErrs = append(allErrs, validateClusterCIDRUpdateSpec(&update.Spec, &old.Spec, field.NewPath("spec"))...) - return allErrs -} - -func validateClusterCIDRUpdateSpec(update, old *networking.ClusterCIDRSpec, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - - allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.NodeSelector, old.NodeSelector, fldPath.Child("nodeSelector"))...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.PerNodeHostBits, old.PerNodeHostBits, fldPath.Child("perNodeHostBits"))...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.IPv4, old.IPv4, fldPath.Child("ipv4"))...) - allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.IPv6, old.IPv6, fldPath.Child("ipv6"))...) - - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/zz_generated.deepcopy.go deleted file mode 100644 index 57deaa2396..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/networking/zz_generated.deepcopy.go +++ /dev/null @@ -1,833 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package networking - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterCIDR) DeepCopyInto(out *ClusterCIDR) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCIDR. -func (in *ClusterCIDR) DeepCopy() *ClusterCIDR { - if in == nil { - return nil - } - out := new(ClusterCIDR) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterCIDR) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterCIDRList) DeepCopyInto(out *ClusterCIDRList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterCIDR, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCIDRList. -func (in *ClusterCIDRList) DeepCopy() *ClusterCIDRList { - if in == nil { - return nil - } - out := new(ClusterCIDRList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterCIDRList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterCIDRSpec) DeepCopyInto(out *ClusterCIDRSpec) { - *out = *in - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = new(core.NodeSelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCIDRSpec. -func (in *ClusterCIDRSpec) DeepCopy() *ClusterCIDRSpec { - if in == nil { - return nil - } - out := new(ClusterCIDRSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPIngressPath) DeepCopyInto(out *HTTPIngressPath) { - *out = *in - if in.PathType != nil { - in, out := &in.PathType, &out.PathType - *out = new(PathType) - **out = **in - } - in.Backend.DeepCopyInto(&out.Backend) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressPath. -func (in *HTTPIngressPath) DeepCopy() *HTTPIngressPath { - if in == nil { - return nil - } - out := new(HTTPIngressPath) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPIngressRuleValue) DeepCopyInto(out *HTTPIngressRuleValue) { - *out = *in - if in.Paths != nil { - in, out := &in.Paths, &out.Paths - *out = make([]HTTPIngressPath, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressRuleValue. -func (in *HTTPIngressRuleValue) DeepCopy() *HTTPIngressRuleValue { - if in == nil { - return nil - } - out := new(HTTPIngressRuleValue) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IPBlock) DeepCopyInto(out *IPBlock) { - *out = *in - if in.Except != nil { - in, out := &in.Except, &out.Except - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock. -func (in *IPBlock) DeepCopy() *IPBlock { - if in == nil { - return nil - } - out := new(IPBlock) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Ingress) DeepCopyInto(out *Ingress) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress. -func (in *Ingress) DeepCopy() *Ingress { - if in == nil { - return nil - } - out := new(Ingress) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Ingress) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressBackend) DeepCopyInto(out *IngressBackend) { - *out = *in - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = new(IngressServiceBackend) - **out = **in - } - if in.Resource != nil { - in, out := &in.Resource, &out.Resource - *out = new(core.TypedLocalObjectReference) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressBackend. -func (in *IngressBackend) DeepCopy() *IngressBackend { - if in == nil { - return nil - } - out := new(IngressBackend) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressClass) DeepCopyInto(out *IngressClass) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressClass. -func (in *IngressClass) DeepCopy() *IngressClass { - if in == nil { - return nil - } - out := new(IngressClass) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IngressClass) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressClassList) DeepCopyInto(out *IngressClassList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]IngressClass, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressClassList. -func (in *IngressClassList) DeepCopy() *IngressClassList { - if in == nil { - return nil - } - out := new(IngressClassList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IngressClassList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressClassParametersReference) DeepCopyInto(out *IngressClassParametersReference) { - *out = *in - if in.APIGroup != nil { - in, out := &in.APIGroup, &out.APIGroup - *out = new(string) - **out = **in - } - if in.Scope != nil { - in, out := &in.Scope, &out.Scope - *out = new(string) - **out = **in - } - if in.Namespace != nil { - in, out := &in.Namespace, &out.Namespace - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressClassParametersReference. -func (in *IngressClassParametersReference) DeepCopy() *IngressClassParametersReference { - if in == nil { - return nil - } - out := new(IngressClassParametersReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressClassSpec) DeepCopyInto(out *IngressClassSpec) { - *out = *in - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = new(IngressClassParametersReference) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressClassSpec. -func (in *IngressClassSpec) DeepCopy() *IngressClassSpec { - if in == nil { - return nil - } - out := new(IngressClassSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressList) DeepCopyInto(out *IngressList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Ingress, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList. -func (in *IngressList) DeepCopy() *IngressList { - if in == nil { - return nil - } - out := new(IngressList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IngressList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressLoadBalancerIngress) DeepCopyInto(out *IngressLoadBalancerIngress) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]IngressPortStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressLoadBalancerIngress. -func (in *IngressLoadBalancerIngress) DeepCopy() *IngressLoadBalancerIngress { - if in == nil { - return nil - } - out := new(IngressLoadBalancerIngress) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressLoadBalancerStatus) DeepCopyInto(out *IngressLoadBalancerStatus) { - *out = *in - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]IngressLoadBalancerIngress, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressLoadBalancerStatus. -func (in *IngressLoadBalancerStatus) DeepCopy() *IngressLoadBalancerStatus { - if in == nil { - return nil - } - out := new(IngressLoadBalancerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressPortStatus) DeepCopyInto(out *IngressPortStatus) { - *out = *in - if in.Error != nil { - in, out := &in.Error, &out.Error - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressPortStatus. -func (in *IngressPortStatus) DeepCopy() *IngressPortStatus { - if in == nil { - return nil - } - out := new(IngressPortStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressRule) DeepCopyInto(out *IngressRule) { - *out = *in - in.IngressRuleValue.DeepCopyInto(&out.IngressRuleValue) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRule. -func (in *IngressRule) DeepCopy() *IngressRule { - if in == nil { - return nil - } - out := new(IngressRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressRuleValue) DeepCopyInto(out *IngressRuleValue) { - *out = *in - if in.HTTP != nil { - in, out := &in.HTTP, &out.HTTP - *out = new(HTTPIngressRuleValue) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRuleValue. -func (in *IngressRuleValue) DeepCopy() *IngressRuleValue { - if in == nil { - return nil - } - out := new(IngressRuleValue) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressServiceBackend) DeepCopyInto(out *IngressServiceBackend) { - *out = *in - out.Port = in.Port - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressServiceBackend. -func (in *IngressServiceBackend) DeepCopy() *IngressServiceBackend { - if in == nil { - return nil - } - out := new(IngressServiceBackend) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressSpec) DeepCopyInto(out *IngressSpec) { - *out = *in - if in.IngressClassName != nil { - in, out := &in.IngressClassName, &out.IngressClassName - *out = new(string) - **out = **in - } - if in.DefaultBackend != nil { - in, out := &in.DefaultBackend, &out.DefaultBackend - *out = new(IngressBackend) - (*in).DeepCopyInto(*out) - } - if in.TLS != nil { - in, out := &in.TLS, &out.TLS - *out = make([]IngressTLS, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]IngressRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec. -func (in *IngressSpec) DeepCopy() *IngressSpec { - if in == nil { - return nil - } - out := new(IngressSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressStatus) DeepCopyInto(out *IngressStatus) { - *out = *in - in.LoadBalancer.DeepCopyInto(&out.LoadBalancer) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus. -func (in *IngressStatus) DeepCopy() *IngressStatus { - if in == nil { - return nil - } - out := new(IngressStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressTLS) DeepCopyInto(out *IngressTLS) { - *out = *in - if in.Hosts != nil { - in, out := &in.Hosts, &out.Hosts - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressTLS. -func (in *IngressTLS) DeepCopy() *IngressTLS { - if in == nil { - return nil - } - out := new(IngressTLS) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy. -func (in *NetworkPolicy) DeepCopy() *NetworkPolicy { - if in == nil { - return nil - } - out := new(NetworkPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkPolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyEgressRule) DeepCopyInto(out *NetworkPolicyEgressRule) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]NetworkPolicyPort, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.To != nil { - in, out := &in.To, &out.To - *out = make([]NetworkPolicyPeer, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyEgressRule. -func (in *NetworkPolicyEgressRule) DeepCopy() *NetworkPolicyEgressRule { - if in == nil { - return nil - } - out := new(NetworkPolicyEgressRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyIngressRule) DeepCopyInto(out *NetworkPolicyIngressRule) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]NetworkPolicyPort, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.From != nil { - in, out := &in.From, &out.From - *out = make([]NetworkPolicyPeer, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyIngressRule. -func (in *NetworkPolicyIngressRule) DeepCopy() *NetworkPolicyIngressRule { - if in == nil { - return nil - } - out := new(NetworkPolicyIngressRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]NetworkPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList. -func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList { - if in == nil { - return nil - } - out := new(NetworkPolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkPolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) { - *out = *in - if in.PodSelector != nil { - in, out := &in.PodSelector, &out.PodSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.IPBlock != nil { - in, out := &in.IPBlock, &out.IPBlock - *out = new(IPBlock) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer. -func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer { - if in == nil { - return nil - } - out := new(NetworkPolicyPeer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort) { - *out = *in - if in.Protocol != nil { - in, out := &in.Protocol, &out.Protocol - *out = new(core.Protocol) - **out = **in - } - if in.Port != nil { - in, out := &in.Port, &out.Port - *out = new(intstr.IntOrString) - **out = **in - } - if in.EndPort != nil { - in, out := &in.EndPort, &out.EndPort - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort. -func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort { - if in == nil { - return nil - } - out := new(NetworkPolicyPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec) { - *out = *in - in.PodSelector.DeepCopyInto(&out.PodSelector) - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]NetworkPolicyIngressRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Egress != nil { - in, out := &in.Egress, &out.Egress - *out = make([]NetworkPolicyEgressRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.PolicyTypes != nil { - in, out := &in.PolicyTypes, &out.PolicyTypes - *out = make([]PolicyType, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec. -func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec { - if in == nil { - return nil - } - out := new(NetworkPolicySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus. -func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus { - if in == nil { - return nil - } - out := new(NetworkPolicyStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServiceBackendPort) DeepCopyInto(out *ServiceBackendPort) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceBackendPort. -func (in *ServiceBackendPort) DeepCopy() *ServiceBackendPort { - if in == nil { - return nil - } - out := new(ServiceBackendPort) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/doc.go deleted file mode 100644 index 639d61262a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=node.k8s.io - -package node // import "k8s.io/kubernetes/pkg/apis/node" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/install/install.go deleted file mode 100644 index 7c5ebcb93d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install adds the node API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/node" - v1 "k8s.io/kubernetes/pkg/apis/node/v1" - "k8s.io/kubernetes/pkg/apis/node/v1alpha1" - "k8s.io/kubernetes/pkg/apis/node/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(node.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/register.go deleted file mode 100644 index 062ad1e0e8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/register.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "node.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder for node api registration. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme for node api registration. - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to api.Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &RuntimeClass{}, - &RuntimeClassList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/types.go deleted file mode 100644 index baee7c1642..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/types.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RuntimeClass defines a class of container runtime supported in the cluster. -// The RuntimeClass is used to determine which container runtime is used to run -// all containers in a pod. RuntimeClasses are (currently) manually defined by a -// user or cluster provisioner, and referenced in the PodSpec. The Kubelet is -// responsible for resolving the RuntimeClassName reference before running the -// pod. For more details, see -// https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class/README.md -type RuntimeClass struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Handler specifies the underlying runtime and configuration that the CRI - // implementation will use to handle pods of this class. The possible values - // are specific to the node & CRI configuration. It is assumed that all - // handlers are available on every node, and handlers of the same name are - // equivalent on every node. - // For example, a handler called "runc" might specify that the runc OCI - // runtime (using native Linux containers) will be used to run the containers - // in a pod. - // The Handler must conform to the DNS Label (RFC 1123) requirements, and is - // immutable. - Handler string - - // Overhead represents the resource overhead associated with running a pod for a - // given RuntimeClass. For more details, see - // https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - Overhead *Overhead - - // Scheduling holds the scheduling constraints to ensure that pods running - // with this RuntimeClass are scheduled to nodes that support it. - // If scheduling is nil, this RuntimeClass is assumed to be supported by all - // nodes. - // +optional - Scheduling *Scheduling -} - -// Overhead structure represents the resource overhead associated with running a pod. -type Overhead struct { - // PodFixed represents the fixed resource overhead associated with running a pod. - // +optional - PodFixed core.ResourceList -} - -// Scheduling specifies the scheduling constraints for nodes supporting a -// RuntimeClass. -type Scheduling struct { - // nodeSelector lists labels that must be present on nodes that support this - // RuntimeClass. Pods using this RuntimeClass can only be scheduled to a - // node matched by this selector. The RuntimeClass nodeSelector is merged - // with a pod's existing nodeSelector. Any conflicts will cause the pod to - // be rejected in admission. - // +optional - NodeSelector map[string]string - - // tolerations are appended (excluding duplicates) to pods running with this - // RuntimeClass during admission, effectively unioning the set of nodes - // tolerated by the pod and the RuntimeClass. - // +optional - Tolerations []core.Toleration -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RuntimeClassList is a list of RuntimeClass objects. -type RuntimeClassList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - // Items is a list of schema objects. - Items []RuntimeClass -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/doc.go deleted file mode 100644 index 1eb5f2fd04..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/node -// +k8s:conversion-gen-external-types=k8s.io/api/node/v1 - -// +groupName=node.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/node/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/register.go deleted file mode 100644 index b7757bc48f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/register.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - nodev1 "k8s.io/api/node/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName for node API -const GroupName = "node.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &nodev1.SchemeBuilder - // AddToScheme node API registration - AddToScheme = localSchemeBuilder.AddToScheme -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/zz_generated.conversion.go deleted file mode 100644 index de408fbdf6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1/zz_generated.conversion.go +++ /dev/null @@ -1,173 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/node/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - node "k8s.io/kubernetes/pkg/apis/node" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.Overhead)(nil), (*node.Overhead)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Overhead_To_node_Overhead(a.(*v1.Overhead), b.(*node.Overhead), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.Overhead)(nil), (*v1.Overhead)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_Overhead_To_v1_Overhead(a.(*node.Overhead), b.(*v1.Overhead), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RuntimeClass)(nil), (*node.RuntimeClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RuntimeClass_To_node_RuntimeClass(a.(*v1.RuntimeClass), b.(*node.RuntimeClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.RuntimeClass)(nil), (*v1.RuntimeClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_RuntimeClass_To_v1_RuntimeClass(a.(*node.RuntimeClass), b.(*v1.RuntimeClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RuntimeClassList)(nil), (*node.RuntimeClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RuntimeClassList_To_node_RuntimeClassList(a.(*v1.RuntimeClassList), b.(*node.RuntimeClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.RuntimeClassList)(nil), (*v1.RuntimeClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_RuntimeClassList_To_v1_RuntimeClassList(a.(*node.RuntimeClassList), b.(*v1.RuntimeClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Scheduling)(nil), (*node.Scheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Scheduling_To_node_Scheduling(a.(*v1.Scheduling), b.(*node.Scheduling), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.Scheduling)(nil), (*v1.Scheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_Scheduling_To_v1_Scheduling(a.(*node.Scheduling), b.(*v1.Scheduling), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_Overhead_To_node_Overhead(in *v1.Overhead, out *node.Overhead, s conversion.Scope) error { - out.PodFixed = *(*core.ResourceList)(unsafe.Pointer(&in.PodFixed)) - return nil -} - -// Convert_v1_Overhead_To_node_Overhead is an autogenerated conversion function. -func Convert_v1_Overhead_To_node_Overhead(in *v1.Overhead, out *node.Overhead, s conversion.Scope) error { - return autoConvert_v1_Overhead_To_node_Overhead(in, out, s) -} - -func autoConvert_node_Overhead_To_v1_Overhead(in *node.Overhead, out *v1.Overhead, s conversion.Scope) error { - out.PodFixed = *(*corev1.ResourceList)(unsafe.Pointer(&in.PodFixed)) - return nil -} - -// Convert_node_Overhead_To_v1_Overhead is an autogenerated conversion function. -func Convert_node_Overhead_To_v1_Overhead(in *node.Overhead, out *v1.Overhead, s conversion.Scope) error { - return autoConvert_node_Overhead_To_v1_Overhead(in, out, s) -} - -func autoConvert_v1_RuntimeClass_To_node_RuntimeClass(in *v1.RuntimeClass, out *node.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Handler = in.Handler - out.Overhead = (*node.Overhead)(unsafe.Pointer(in.Overhead)) - out.Scheduling = (*node.Scheduling)(unsafe.Pointer(in.Scheduling)) - return nil -} - -// Convert_v1_RuntimeClass_To_node_RuntimeClass is an autogenerated conversion function. -func Convert_v1_RuntimeClass_To_node_RuntimeClass(in *v1.RuntimeClass, out *node.RuntimeClass, s conversion.Scope) error { - return autoConvert_v1_RuntimeClass_To_node_RuntimeClass(in, out, s) -} - -func autoConvert_node_RuntimeClass_To_v1_RuntimeClass(in *node.RuntimeClass, out *v1.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Handler = in.Handler - out.Overhead = (*v1.Overhead)(unsafe.Pointer(in.Overhead)) - out.Scheduling = (*v1.Scheduling)(unsafe.Pointer(in.Scheduling)) - return nil -} - -// Convert_node_RuntimeClass_To_v1_RuntimeClass is an autogenerated conversion function. -func Convert_node_RuntimeClass_To_v1_RuntimeClass(in *node.RuntimeClass, out *v1.RuntimeClass, s conversion.Scope) error { - return autoConvert_node_RuntimeClass_To_v1_RuntimeClass(in, out, s) -} - -func autoConvert_v1_RuntimeClassList_To_node_RuntimeClassList(in *v1.RuntimeClassList, out *node.RuntimeClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]node.RuntimeClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_RuntimeClassList_To_node_RuntimeClassList is an autogenerated conversion function. -func Convert_v1_RuntimeClassList_To_node_RuntimeClassList(in *v1.RuntimeClassList, out *node.RuntimeClassList, s conversion.Scope) error { - return autoConvert_v1_RuntimeClassList_To_node_RuntimeClassList(in, out, s) -} - -func autoConvert_node_RuntimeClassList_To_v1_RuntimeClassList(in *node.RuntimeClassList, out *v1.RuntimeClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.RuntimeClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_node_RuntimeClassList_To_v1_RuntimeClassList is an autogenerated conversion function. -func Convert_node_RuntimeClassList_To_v1_RuntimeClassList(in *node.RuntimeClassList, out *v1.RuntimeClassList, s conversion.Scope) error { - return autoConvert_node_RuntimeClassList_To_v1_RuntimeClassList(in, out, s) -} - -func autoConvert_v1_Scheduling_To_node_Scheduling(in *v1.Scheduling, out *node.Scheduling, s conversion.Scope) error { - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.Tolerations = *(*[]core.Toleration)(unsafe.Pointer(&in.Tolerations)) - return nil -} - -// Convert_v1_Scheduling_To_node_Scheduling is an autogenerated conversion function. -func Convert_v1_Scheduling_To_node_Scheduling(in *v1.Scheduling, out *node.Scheduling, s conversion.Scope) error { - return autoConvert_v1_Scheduling_To_node_Scheduling(in, out, s) -} - -func autoConvert_node_Scheduling_To_v1_Scheduling(in *node.Scheduling, out *v1.Scheduling, s conversion.Scope) error { - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.Tolerations = *(*[]corev1.Toleration)(unsafe.Pointer(&in.Tolerations)) - return nil -} - -// Convert_node_Scheduling_To_v1_Scheduling is an autogenerated conversion function. -func Convert_node_Scheduling_To_v1_Scheduling(in *node.Scheduling, out *v1.Scheduling, s conversion.Scope) error { - return autoConvert_node_Scheduling_To_v1_Scheduling(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/conversion.go deleted file mode 100644 index 5036b62b1f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/conversion.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/node/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - node "k8s.io/kubernetes/pkg/apis/node" -) - -// Convert_v1alpha1_RuntimeClass_To_node_RuntimeClass must override the automatic -// conversion since we unnested the spec struct after v1alpha1 -func Convert_v1alpha1_RuntimeClass_To_node_RuntimeClass(in *v1alpha1.RuntimeClass, out *node.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Handler = in.Spec.RuntimeHandler - - if in.Spec.Overhead != nil { - out.Overhead = &node.Overhead{} - if err := Convert_v1alpha1_Overhead_To_node_Overhead(in.Spec.Overhead, out.Overhead, s); err != nil { - return err - } - } - if in.Spec.Scheduling != nil { - out.Scheduling = &node.Scheduling{} - if err := Convert_v1alpha1_Scheduling_To_node_Scheduling(in.Spec.Scheduling, out.Scheduling, s); err != nil { - return err - } - } - return nil -} - -// Convert_node_RuntimeClass_To_v1alpha1_RuntimeClass must override the automatic -// conversion since we unnested the spec struct after v1alpha1 -func Convert_node_RuntimeClass_To_v1alpha1_RuntimeClass(in *node.RuntimeClass, out *v1alpha1.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Spec.RuntimeHandler = in.Handler - - if in.Overhead != nil { - out.Spec.Overhead = &v1alpha1.Overhead{} - if err := Convert_node_Overhead_To_v1alpha1_Overhead(in.Overhead, out.Spec.Overhead, s); err != nil { - return err - } - } - if in.Scheduling != nil { - out.Spec.Scheduling = &v1alpha1.Scheduling{} - if err := Convert_node_Scheduling_To_v1alpha1_Scheduling(in.Scheduling, out.Spec.Scheduling, s); err != nil { - return err - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/doc.go deleted file mode 100644 index 1c2e143195..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/node -// +k8s:conversion-gen-external-types=k8s.io/api/node/v1alpha1 - -// +groupName=node.k8s.io - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/node/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/register.go deleted file mode 100644 index ae147feb41..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - nodev1alpha1 "k8s.io/api/node/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName for node API -const GroupName = "node.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &nodev1alpha1.SchemeBuilder - // AddToScheme node API registration - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index bc5b438984..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,181 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1alpha1 "k8s.io/api/node/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - node "k8s.io/kubernetes/pkg/apis/node" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.Overhead)(nil), (*node.Overhead)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Overhead_To_node_Overhead(a.(*v1alpha1.Overhead), b.(*node.Overhead), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.Overhead)(nil), (*v1alpha1.Overhead)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_Overhead_To_v1alpha1_Overhead(a.(*node.Overhead), b.(*v1alpha1.Overhead), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.RuntimeClassList)(nil), (*node.RuntimeClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_RuntimeClassList_To_node_RuntimeClassList(a.(*v1alpha1.RuntimeClassList), b.(*node.RuntimeClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.RuntimeClassList)(nil), (*v1alpha1.RuntimeClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_RuntimeClassList_To_v1alpha1_RuntimeClassList(a.(*node.RuntimeClassList), b.(*v1alpha1.RuntimeClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.Scheduling)(nil), (*node.Scheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Scheduling_To_node_Scheduling(a.(*v1alpha1.Scheduling), b.(*node.Scheduling), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.Scheduling)(nil), (*v1alpha1.Scheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_Scheduling_To_v1alpha1_Scheduling(a.(*node.Scheduling), b.(*v1alpha1.Scheduling), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*node.RuntimeClass)(nil), (*v1alpha1.RuntimeClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_RuntimeClass_To_v1alpha1_RuntimeClass(a.(*node.RuntimeClass), b.(*v1alpha1.RuntimeClass), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1alpha1.RuntimeClass)(nil), (*node.RuntimeClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_RuntimeClass_To_node_RuntimeClass(a.(*v1alpha1.RuntimeClass), b.(*node.RuntimeClass), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_Overhead_To_node_Overhead(in *v1alpha1.Overhead, out *node.Overhead, s conversion.Scope) error { - out.PodFixed = *(*core.ResourceList)(unsafe.Pointer(&in.PodFixed)) - return nil -} - -// Convert_v1alpha1_Overhead_To_node_Overhead is an autogenerated conversion function. -func Convert_v1alpha1_Overhead_To_node_Overhead(in *v1alpha1.Overhead, out *node.Overhead, s conversion.Scope) error { - return autoConvert_v1alpha1_Overhead_To_node_Overhead(in, out, s) -} - -func autoConvert_node_Overhead_To_v1alpha1_Overhead(in *node.Overhead, out *v1alpha1.Overhead, s conversion.Scope) error { - out.PodFixed = *(*v1.ResourceList)(unsafe.Pointer(&in.PodFixed)) - return nil -} - -// Convert_node_Overhead_To_v1alpha1_Overhead is an autogenerated conversion function. -func Convert_node_Overhead_To_v1alpha1_Overhead(in *node.Overhead, out *v1alpha1.Overhead, s conversion.Scope) error { - return autoConvert_node_Overhead_To_v1alpha1_Overhead(in, out, s) -} - -func autoConvert_v1alpha1_RuntimeClass_To_node_RuntimeClass(in *v1alpha1.RuntimeClass, out *node.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - // WARNING: in.Spec requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_node_RuntimeClass_To_v1alpha1_RuntimeClass(in *node.RuntimeClass, out *v1alpha1.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - // WARNING: in.Handler requires manual conversion: does not exist in peer-type - // WARNING: in.Overhead requires manual conversion: does not exist in peer-type - // WARNING: in.Scheduling requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1alpha1_RuntimeClassList_To_node_RuntimeClassList(in *v1alpha1.RuntimeClassList, out *node.RuntimeClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]node.RuntimeClass, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_RuntimeClass_To_node_RuntimeClass(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1alpha1_RuntimeClassList_To_node_RuntimeClassList is an autogenerated conversion function. -func Convert_v1alpha1_RuntimeClassList_To_node_RuntimeClassList(in *v1alpha1.RuntimeClassList, out *node.RuntimeClassList, s conversion.Scope) error { - return autoConvert_v1alpha1_RuntimeClassList_To_node_RuntimeClassList(in, out, s) -} - -func autoConvert_node_RuntimeClassList_To_v1alpha1_RuntimeClassList(in *node.RuntimeClassList, out *v1alpha1.RuntimeClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1alpha1.RuntimeClass, len(*in)) - for i := range *in { - if err := Convert_node_RuntimeClass_To_v1alpha1_RuntimeClass(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_node_RuntimeClassList_To_v1alpha1_RuntimeClassList is an autogenerated conversion function. -func Convert_node_RuntimeClassList_To_v1alpha1_RuntimeClassList(in *node.RuntimeClassList, out *v1alpha1.RuntimeClassList, s conversion.Scope) error { - return autoConvert_node_RuntimeClassList_To_v1alpha1_RuntimeClassList(in, out, s) -} - -func autoConvert_v1alpha1_Scheduling_To_node_Scheduling(in *v1alpha1.Scheduling, out *node.Scheduling, s conversion.Scope) error { - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.Tolerations = *(*[]core.Toleration)(unsafe.Pointer(&in.Tolerations)) - return nil -} - -// Convert_v1alpha1_Scheduling_To_node_Scheduling is an autogenerated conversion function. -func Convert_v1alpha1_Scheduling_To_node_Scheduling(in *v1alpha1.Scheduling, out *node.Scheduling, s conversion.Scope) error { - return autoConvert_v1alpha1_Scheduling_To_node_Scheduling(in, out, s) -} - -func autoConvert_node_Scheduling_To_v1alpha1_Scheduling(in *node.Scheduling, out *v1alpha1.Scheduling, s conversion.Scope) error { - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.Tolerations = *(*[]v1.Toleration)(unsafe.Pointer(&in.Tolerations)) - return nil -} - -// Convert_node_Scheduling_To_v1alpha1_Scheduling is an autogenerated conversion function. -func Convert_node_Scheduling_To_v1alpha1_Scheduling(in *node.Scheduling, out *v1alpha1.Scheduling, s conversion.Scope) error { - return autoConvert_node_Scheduling_To_v1alpha1_Scheduling(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/doc.go deleted file mode 100644 index 5883bc5050..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/node -// +k8s:conversion-gen-external-types=k8s.io/api/node/v1beta1 - -// +groupName=node.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/node/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/register.go deleted file mode 100644 index e018e3b70e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/register.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - nodev1beta1 "k8s.io/api/node/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName for node API -const GroupName = "node.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &nodev1beta1.SchemeBuilder - // AddToScheme node API registration - AddToScheme = localSchemeBuilder.AddToScheme -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 1ef600ab6d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,173 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/node/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - node "k8s.io/kubernetes/pkg/apis/node" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.Overhead)(nil), (*node.Overhead)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Overhead_To_node_Overhead(a.(*v1beta1.Overhead), b.(*node.Overhead), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.Overhead)(nil), (*v1beta1.Overhead)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_Overhead_To_v1beta1_Overhead(a.(*node.Overhead), b.(*v1beta1.Overhead), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RuntimeClass)(nil), (*node.RuntimeClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RuntimeClass_To_node_RuntimeClass(a.(*v1beta1.RuntimeClass), b.(*node.RuntimeClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.RuntimeClass)(nil), (*v1beta1.RuntimeClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_RuntimeClass_To_v1beta1_RuntimeClass(a.(*node.RuntimeClass), b.(*v1beta1.RuntimeClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RuntimeClassList)(nil), (*node.RuntimeClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RuntimeClassList_To_node_RuntimeClassList(a.(*v1beta1.RuntimeClassList), b.(*node.RuntimeClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.RuntimeClassList)(nil), (*v1beta1.RuntimeClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_RuntimeClassList_To_v1beta1_RuntimeClassList(a.(*node.RuntimeClassList), b.(*v1beta1.RuntimeClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Scheduling)(nil), (*node.Scheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Scheduling_To_node_Scheduling(a.(*v1beta1.Scheduling), b.(*node.Scheduling), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*node.Scheduling)(nil), (*v1beta1.Scheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_node_Scheduling_To_v1beta1_Scheduling(a.(*node.Scheduling), b.(*v1beta1.Scheduling), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_Overhead_To_node_Overhead(in *v1beta1.Overhead, out *node.Overhead, s conversion.Scope) error { - out.PodFixed = *(*core.ResourceList)(unsafe.Pointer(&in.PodFixed)) - return nil -} - -// Convert_v1beta1_Overhead_To_node_Overhead is an autogenerated conversion function. -func Convert_v1beta1_Overhead_To_node_Overhead(in *v1beta1.Overhead, out *node.Overhead, s conversion.Scope) error { - return autoConvert_v1beta1_Overhead_To_node_Overhead(in, out, s) -} - -func autoConvert_node_Overhead_To_v1beta1_Overhead(in *node.Overhead, out *v1beta1.Overhead, s conversion.Scope) error { - out.PodFixed = *(*v1.ResourceList)(unsafe.Pointer(&in.PodFixed)) - return nil -} - -// Convert_node_Overhead_To_v1beta1_Overhead is an autogenerated conversion function. -func Convert_node_Overhead_To_v1beta1_Overhead(in *node.Overhead, out *v1beta1.Overhead, s conversion.Scope) error { - return autoConvert_node_Overhead_To_v1beta1_Overhead(in, out, s) -} - -func autoConvert_v1beta1_RuntimeClass_To_node_RuntimeClass(in *v1beta1.RuntimeClass, out *node.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Handler = in.Handler - out.Overhead = (*node.Overhead)(unsafe.Pointer(in.Overhead)) - out.Scheduling = (*node.Scheduling)(unsafe.Pointer(in.Scheduling)) - return nil -} - -// Convert_v1beta1_RuntimeClass_To_node_RuntimeClass is an autogenerated conversion function. -func Convert_v1beta1_RuntimeClass_To_node_RuntimeClass(in *v1beta1.RuntimeClass, out *node.RuntimeClass, s conversion.Scope) error { - return autoConvert_v1beta1_RuntimeClass_To_node_RuntimeClass(in, out, s) -} - -func autoConvert_node_RuntimeClass_To_v1beta1_RuntimeClass(in *node.RuntimeClass, out *v1beta1.RuntimeClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Handler = in.Handler - out.Overhead = (*v1beta1.Overhead)(unsafe.Pointer(in.Overhead)) - out.Scheduling = (*v1beta1.Scheduling)(unsafe.Pointer(in.Scheduling)) - return nil -} - -// Convert_node_RuntimeClass_To_v1beta1_RuntimeClass is an autogenerated conversion function. -func Convert_node_RuntimeClass_To_v1beta1_RuntimeClass(in *node.RuntimeClass, out *v1beta1.RuntimeClass, s conversion.Scope) error { - return autoConvert_node_RuntimeClass_To_v1beta1_RuntimeClass(in, out, s) -} - -func autoConvert_v1beta1_RuntimeClassList_To_node_RuntimeClassList(in *v1beta1.RuntimeClassList, out *node.RuntimeClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]node.RuntimeClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_RuntimeClassList_To_node_RuntimeClassList is an autogenerated conversion function. -func Convert_v1beta1_RuntimeClassList_To_node_RuntimeClassList(in *v1beta1.RuntimeClassList, out *node.RuntimeClassList, s conversion.Scope) error { - return autoConvert_v1beta1_RuntimeClassList_To_node_RuntimeClassList(in, out, s) -} - -func autoConvert_node_RuntimeClassList_To_v1beta1_RuntimeClassList(in *node.RuntimeClassList, out *v1beta1.RuntimeClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.RuntimeClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_node_RuntimeClassList_To_v1beta1_RuntimeClassList is an autogenerated conversion function. -func Convert_node_RuntimeClassList_To_v1beta1_RuntimeClassList(in *node.RuntimeClassList, out *v1beta1.RuntimeClassList, s conversion.Scope) error { - return autoConvert_node_RuntimeClassList_To_v1beta1_RuntimeClassList(in, out, s) -} - -func autoConvert_v1beta1_Scheduling_To_node_Scheduling(in *v1beta1.Scheduling, out *node.Scheduling, s conversion.Scope) error { - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.Tolerations = *(*[]core.Toleration)(unsafe.Pointer(&in.Tolerations)) - return nil -} - -// Convert_v1beta1_Scheduling_To_node_Scheduling is an autogenerated conversion function. -func Convert_v1beta1_Scheduling_To_node_Scheduling(in *v1beta1.Scheduling, out *node.Scheduling, s conversion.Scope) error { - return autoConvert_v1beta1_Scheduling_To_node_Scheduling(in, out, s) -} - -func autoConvert_node_Scheduling_To_v1beta1_Scheduling(in *node.Scheduling, out *v1beta1.Scheduling, s conversion.Scope) error { - out.NodeSelector = *(*map[string]string)(unsafe.Pointer(&in.NodeSelector)) - out.Tolerations = *(*[]v1.Toleration)(unsafe.Pointer(&in.Tolerations)) - return nil -} - -// Convert_node_Scheduling_To_v1beta1_Scheduling is an autogenerated conversion function. -func Convert_node_Scheduling_To_v1beta1_Scheduling(in *node.Scheduling, out *v1beta1.Scheduling, s conversion.Scope) error { - return autoConvert_node_Scheduling_To_v1beta1_Scheduling(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/validation/validation.go deleted file mode 100644 index 4e0a20aaf1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/validation/validation.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - apivalidation "k8s.io/apimachinery/pkg/api/validation" - unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/core" - corevalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/node" -) - -// ValidateRuntimeClass validates the RuntimeClass -func ValidateRuntimeClass(rc *node.RuntimeClass) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&rc.ObjectMeta, false, apivalidation.NameIsDNSSubdomain, field.NewPath("metadata")) - - for _, msg := range apivalidation.NameIsDNSLabel(rc.Handler, false) { - allErrs = append(allErrs, field.Invalid(field.NewPath("handler"), rc.Handler, msg)) - } - - if rc.Overhead != nil { - allErrs = append(allErrs, validateOverhead(rc.Overhead, field.NewPath("overhead"))...) - } - if rc.Scheduling != nil { - allErrs = append(allErrs, validateScheduling(rc.Scheduling, field.NewPath("scheduling"))...) - } - - return allErrs -} - -// ValidateRuntimeClassUpdate validates an update to the object -func ValidateRuntimeClassUpdate(new, old *node.RuntimeClass) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata")) - - allErrs = append(allErrs, apivalidation.ValidateImmutableField(new.Handler, old.Handler, field.NewPath("handler"))...) - - return allErrs -} - -func validateOverhead(overhead *node.Overhead, fldPath *field.Path) field.ErrorList { - // reuse the ResourceRequirements validation logic - return corevalidation.ValidateResourceRequirements(&core.ResourceRequirements{Limits: overhead.PodFixed}, nil, fldPath, - corevalidation.PodValidationOptions{}) -} - -func validateScheduling(s *node.Scheduling, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if s.NodeSelector != nil { - allErrs = append(allErrs, unversionedvalidation.ValidateLabels(s.NodeSelector, fldPath.Child("nodeSelector"))...) - } - allErrs = append(allErrs, validateTolerations(s.Tolerations, fldPath.Child("tolerations"))...) - return allErrs -} - -func validateTolerations(tolerations []core.Toleration, fldPath *field.Path) field.ErrorList { - allErrs := corevalidation.ValidateTolerations(tolerations, fldPath.Child("tolerations")) - // Ensure uniquenes of tolerations. - tolerationSet := map[core.Toleration]bool{} - for i, t := range tolerations { - // listKey includes the toleration fields identified as listKeys in the API. - listKey := core.Toleration{ - Key: t.Key, - Operator: t.Operator, - Value: t.Value, - Effect: t.Effect, - } - if tolerationSet[listKey] { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i), t)) - } else { - tolerationSet[listKey] = true - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/zz_generated.deepcopy.go deleted file mode 100644 index a56e0faaad..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/node/zz_generated.deepcopy.go +++ /dev/null @@ -1,149 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package node - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Overhead) DeepCopyInto(out *Overhead) { - *out = *in - if in.PodFixed != nil { - in, out := &in.PodFixed, &out.PodFixed - *out = make(core.ResourceList, len(*in)) - for key, val := range *in { - (*out)[key] = val.DeepCopy() - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Overhead. -func (in *Overhead) DeepCopy() *Overhead { - if in == nil { - return nil - } - out := new(Overhead) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RuntimeClass) DeepCopyInto(out *RuntimeClass) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Overhead != nil { - in, out := &in.Overhead, &out.Overhead - *out = new(Overhead) - (*in).DeepCopyInto(*out) - } - if in.Scheduling != nil { - in, out := &in.Scheduling, &out.Scheduling - *out = new(Scheduling) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuntimeClass. -func (in *RuntimeClass) DeepCopy() *RuntimeClass { - if in == nil { - return nil - } - out := new(RuntimeClass) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RuntimeClass) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RuntimeClassList) DeepCopyInto(out *RuntimeClassList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]RuntimeClass, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuntimeClassList. -func (in *RuntimeClassList) DeepCopy() *RuntimeClassList { - if in == nil { - return nil - } - out := new(RuntimeClassList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RuntimeClassList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Scheduling) DeepCopyInto(out *Scheduling) { - *out = *in - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]core.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Scheduling. -func (in *Scheduling) DeepCopy() *Scheduling { - if in == nil { - return nil - } - out := new(Scheduling) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/OWNERS deleted file mode 100644 index 55cce6cfbe..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-apps-api-reviewers - - sig-apps-api-approvers - - sig-auth-policy-approvers - - sig-auth-policy-reviewers -labels: - - sig/auth - - sig/apps diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/doc.go deleted file mode 100644 index e8e081e7a3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package policy // import "k8s.io/kubernetes/pkg/apis/policy" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/helper.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/helper.go deleted file mode 100644 index 4dd1658abc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/helper.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - PDBV1beta1Label = "pdb.kubernetes.io/deprecated-v1beta1-empty-selector-match" -) - -var ( - NonV1beta1MatchAllSelector = &metav1.LabelSelector{} - NonV1beta1MatchNoneSelector = &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{Key: PDBV1beta1Label, Operator: metav1.LabelSelectorOpExists}}, - } - - V1beta1MatchNoneSelector = &metav1.LabelSelector{} - V1beta1MatchAllSelector = &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{Key: PDBV1beta1Label, Operator: metav1.LabelSelectorOpDoesNotExist}}, - } -) - -func StripPDBV1beta1Label(selector *metav1.LabelSelector) { - if selector == nil { - return - } - - trimmedMatchExpressions := selector.MatchExpressions[:0] - for _, exp := range selector.MatchExpressions { - if exp.Key != PDBV1beta1Label { - trimmedMatchExpressions = append(trimmedMatchExpressions, exp) - } - } - selector.MatchExpressions = trimmedMatchExpressions -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/install/install.go deleted file mode 100644 index b3e2475e91..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/install/install.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/apis/policy/v1" - "k8s.io/kubernetes/pkg/apis/policy/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(policy.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - // TODO (mortent): priority should change after 1.21. See https://github.com/kubernetes/kubernetes/pull/95718#discussion_r520969477 - utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion, v1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/register.go deleted file mode 100644 index 1de340f662..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/register.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "policy" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a global function that registers this API group & version to a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - // TODO this gets cleaned up when the types are fixed - scheme.AddKnownTypes(SchemeGroupVersion, - &PodDisruptionBudget{}, - &PodDisruptionBudgetList{}, - &PodSecurityPolicy{}, - &PodSecurityPolicyList{}, - &Eviction{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/types.go deleted file mode 100644 index b83ebd390d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/types.go +++ /dev/null @@ -1,529 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget. -type PodDisruptionBudgetSpec struct { - // An eviction is allowed if at least "minAvailable" pods selected by - // "selector" will still be available after the eviction, i.e. even in the - // absence of the evicted pod. So for example you can prevent all voluntary - // evictions by specifying "100%". - // +optional - MinAvailable *intstr.IntOrString - - // Label query over pods whose evictions are managed by the disruption - // budget. - // +optional - Selector *metav1.LabelSelector - - // An eviction is allowed if at most "maxUnavailable" pods selected by - // "selector" are unavailable after the eviction, i.e. even in absence of - // the evicted pod. For example, one can prevent all voluntary evictions - // by specifying 0. This is a mutually exclusive setting with "minAvailable". - // +optional - MaxUnavailable *intstr.IntOrString - - // UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods - // should be considered for eviction. Current implementation considers healthy pods, - // as pods that have status.conditions item with type="Ready",status="True". - // - // Valid policies are IfHealthyBudget and AlwaysAllow. - // If no policy is specified, the default behavior will be used, - // which corresponds to the IfHealthyBudget policy. - // - // IfHealthyBudget policy means that running pods (status.phase="Running"), - // but not yet healthy can be evicted only if the guarded application is not - // disrupted (status.currentHealthy is at least equal to status.desiredHealthy). - // Healthy pods will be subject to the PDB for eviction. - // - // AlwaysAllow policy means that all running pods (status.phase="Running"), - // but not yet healthy are considered disrupted and can be evicted regardless - // of whether the criteria in a PDB is met. This means perspective running - // pods of a disrupted application might not get a chance to become healthy. - // Healthy pods will be subject to the PDB for eviction. - // - // Additional policies may be added in the future. - // Clients making eviction decisions should disallow eviction of unhealthy pods - // if they encounter an unrecognized policy in this field. - // - // This field is alpha-level. The eviction API uses this field when - // the feature gate PDBUnhealthyPodEvictionPolicy is enabled (disabled by default). - // +optional - UnhealthyPodEvictionPolicy *UnhealthyPodEvictionPolicyType -} - -// UnhealthyPodEvictionPolicyType defines the criteria for when unhealthy pods -// should be considered for eviction. -// +enum -type UnhealthyPodEvictionPolicyType string - -const ( - // IfHealthyBudget policy means that running pods (status.phase="Running"), - // but not yet healthy can be evicted only if the guarded application is not - // disrupted (status.currentHealthy is at least equal to status.desiredHealthy). - // Healthy pods will be subject to the PDB for eviction. - IfHealthyBudget UnhealthyPodEvictionPolicyType = "IfHealthyBudget" - - // AlwaysAllow policy means that all running pods (status.phase="Running"), - // but not yet healthy are considered disrupted and can be evicted regardless - // of whether the criteria in a PDB is met. This means perspective running - // pods of a disrupted application might not get a chance to become healthy. - // Healthy pods will be subject to the PDB for eviction. - AlwaysAllow UnhealthyPodEvictionPolicyType = "AlwaysAllow" -) - -// PodDisruptionBudgetStatus represents information about the status of a -// PodDisruptionBudget. Status may trail the actual state of a system. -type PodDisruptionBudgetStatus struct { - // Most recent generation observed when updating this PDB status. DisruptionsAllowed and other - // status information is valid only if observedGeneration equals to PDB's object generation. - // +optional - ObservedGeneration int64 - - // DisruptedPods contains information about pods whose eviction was - // processed by the API server eviction subresource handler but has not - // yet been observed by the PodDisruptionBudget controller. - // A pod will be in this map from the time when the API server processed the - // eviction request to the time when the pod is seen by PDB controller - // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod - // and the value is the time when the API server processed the eviction request. If - // the deletion didn't occur and a pod is still there it will be removed from - // the list automatically by PodDisruptionBudget controller after some time. - // If everything goes smooth this map should be empty for the most of the time. - // Large number of entries in the map may indicate problems with pod deletions. - // +optional - DisruptedPods map[string]metav1.Time - - // Number of pod disruptions that are currently allowed. - DisruptionsAllowed int32 - - // current number of healthy pods - CurrentHealthy int32 - - // minimum desired number of healthy pods - DesiredHealthy int32 - - // total number of pods counted by this disruption budget - ExpectedPods int32 - - // Conditions contain conditions for PDB - // +optional - Conditions []metav1.Condition -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods -type PodDisruptionBudget struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior of the PodDisruptionBudget. - // +optional - Spec PodDisruptionBudgetSpec - // Most recently observed status of the PodDisruptionBudget. - // +optional - Status PodDisruptionBudgetStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodDisruptionBudgetList is a collection of PodDisruptionBudgets. -type PodDisruptionBudgetList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - Items []PodDisruptionBudget -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Eviction evicts a pod from its node subject to certain policies and safety constraints. -// This is a subresource of Pod. A request to cause such an eviction is -// created by POSTing to .../pods/<pod name>/eviction. -type Eviction struct { - metav1.TypeMeta - - // ObjectMeta describes the pod that is being evicted. - // +optional - metav1.ObjectMeta - - // DeleteOptions may be provided - // +optional - DeleteOptions *metav1.DeleteOptions -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodSecurityPolicy governs the ability to make requests that affect the SecurityContext -// that will be applied to a pod and container. -type PodSecurityPolicy struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Spec defines the policy enforced. - // +optional - Spec PodSecurityPolicySpec -} - -// PodSecurityPolicySpec defines the policy enforced. -type PodSecurityPolicySpec struct { - // Privileged determines if a pod can request to be run as privileged. - // +optional - Privileged bool - // DefaultAddCapabilities is the default set of capabilities that will be added to the container - // unless the pod spec specifically drops the capability. You may not list a capability in both - // DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly - // allowed, and need not be included in the AllowedCapabilities list. - // +optional - DefaultAddCapabilities []api.Capability - // RequiredDropCapabilities are the capabilities that will be dropped from the container. These - // are required to be dropped and cannot be added. - // +optional - RequiredDropCapabilities []api.Capability - // AllowedCapabilities is a list of capabilities that can be requested to add to the container. - // Capabilities in this field may be added at the pod author's discretion. - // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. - // To allow all capabilities you may use '*'. - // +optional - AllowedCapabilities []api.Capability - // Volumes is an allowlist of volume plugins. Empty indicates that - // no volumes may be used. To allow all volumes you may use '*'. - // +optional - Volumes []FSType - // HostNetwork determines if the policy allows the use of HostNetwork in the pod spec. - // +optional - HostNetwork bool - // HostPorts determines which host port ranges are allowed to be exposed. - // +optional - HostPorts []HostPortRange - // HostPID determines if the policy allows the use of HostPID in the pod spec. - // +optional - HostPID bool - // HostIPC determines if the policy allows the use of HostIPC in the pod spec. - // +optional - HostIPC bool - // SELinux is the strategy that will dictate the allowable labels that may be set. - SELinux SELinuxStrategyOptions - // RunAsUser is the strategy that will dictate the allowable RunAsUser values that may be set. - RunAsUser RunAsUserStrategyOptions - // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. - // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the - // RunAsGroup feature gate to be enabled. - RunAsGroup *RunAsGroupStrategyOptions - // SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. - SupplementalGroups SupplementalGroupsStrategyOptions - // FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. - FSGroup FSGroupStrategyOptions - // ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file - // system. If the container specifically requests to run with a non-read only root file system - // the PSP should deny the pod. - // If set to false the container may run with a read only root file system if it wishes but it - // will not be forced to. - // +optional - ReadOnlyRootFilesystem bool - // DefaultAllowPrivilegeEscalation controls the default setting for whether a - // process can gain more privileges than its parent process. - // +optional - DefaultAllowPrivilegeEscalation *bool - // AllowPrivilegeEscalation determines if a pod can request to allow - // privilege escalation. If unspecified, defaults to true. - // +optional - AllowPrivilegeEscalation bool - // AllowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used. - // +optional - AllowedHostPaths []AllowedHostPath - // AllowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all - // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes - // is allowed in the "Volumes" field. - // +optional - AllowedFlexVolumes []AllowedFlexVolume - // AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. - // An empty value indicates that any CSI driver can be used for inline ephemeral volumes. - // +optional - AllowedCSIDrivers []AllowedCSIDriver - // AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. - // Each entry is either a plain sysctl name or ends in "*" in which case it is considered - // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. - // Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection. - // - // Examples: - // e.g. "foo/*" allows "foo/bar", "foo/baz", etc. - // e.g. "foo.*" allows "foo.bar", "foo.baz", etc. - // +optional - AllowedUnsafeSysctls []string - // ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. - // Each entry is either a plain sysctl name or ends in "*" in which case it is considered - // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. - // - // Examples: - // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. - // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. - // +optional - ForbiddenSysctls []string - // AllowedProcMountTypes is an allowlist of ProcMountTypes. - // Empty or nil indicates that only the DefaultProcMountType may be used. - // +optional - AllowedProcMountTypes []api.ProcMountType - // runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. - // If this field is omitted, the pod's runtimeClassName field is unrestricted. - // Enforcement of this field depends on the RuntimeClass feature gate being enabled. - // +optional - RuntimeClass *RuntimeClassStrategyOptions -} - -// AllowedHostPath defines the host volume conditions that will be enabled by a policy -// for pods to use. It requires the path prefix to be defined. -type AllowedHostPath struct { - // PathPrefix is the path prefix that the host volume must match. - // PathPrefix does not support `*`. - // Trailing slashes are trimmed when validating the path prefix with a host path. - // - // Examples: - // `/foo` would allow `/foo`, `/foo/` and `/foo/bar` - // `/foo` would not allow `/food` or `/etc/foo` - PathPrefix string - - // when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly. - ReadOnly bool -} - -// HostPortRange defines a range of host ports that will be enabled by a policy -// for pods to use. It requires both the start and end to be defined. -type HostPortRange struct { - // Min is the start of the range, inclusive. - Min int32 - // Max is the end of the range, inclusive. - Max int32 -} - -// AllowAllCapabilities can be used as a value for the PodSecurityPolicy.AllowAllCapabilities -// field and means that any capabilities are allowed to be requested. -var AllowAllCapabilities api.Capability = "*" - -// FSType gives strong typing to different file systems that are used by volumes. -type FSType string - -// Exported FSTypes. -const ( - AzureFile FSType = "azureFile" - Flocker FSType = "flocker" - FlexVolume FSType = "flexVolume" - HostPath FSType = "hostPath" - EmptyDir FSType = "emptyDir" - GCEPersistentDisk FSType = "gcePersistentDisk" - AWSElasticBlockStore FSType = "awsElasticBlockStore" - GitRepo FSType = "gitRepo" - Secret FSType = "secret" - NFS FSType = "nfs" - ISCSI FSType = "iscsi" - Glusterfs FSType = "glusterfs" - PersistentVolumeClaim FSType = "persistentVolumeClaim" - RBD FSType = "rbd" - Cinder FSType = "cinder" - CephFS FSType = "cephFS" - DownwardAPI FSType = "downwardAPI" - FC FSType = "fc" - ConfigMap FSType = "configMap" - VsphereVolume FSType = "vsphereVolume" - Quobyte FSType = "quobyte" - AzureDisk FSType = "azureDisk" - PhotonPersistentDisk FSType = "photonPersistentDisk" - StorageOS FSType = "storageos" - Projected FSType = "projected" - PortworxVolume FSType = "portworxVolume" - ScaleIO FSType = "scaleIO" - CSI FSType = "csi" - Ephemeral FSType = "ephemeral" - All FSType = "*" -) - -// AllowedFlexVolume represents a single Flexvolume that is allowed to be used. -type AllowedFlexVolume struct { - // Driver is the name of the Flexvolume driver. - Driver string -} - -// AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used. -type AllowedCSIDriver struct { - // Name is the registered name of the CSI driver - Name string -} - -// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy. -type SELinuxStrategyOptions struct { - // Rule is the strategy that will dictate the allowable labels that may be set. - Rule SELinuxStrategy - // SELinuxOptions required to run as; required for MustRunAs - // More info: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#selinux - // +optional - SELinuxOptions *api.SELinuxOptions -} - -// SELinuxStrategy denotes strategy types for generating SELinux options for a -// Security. -type SELinuxStrategy string - -const ( - // SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied. - SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs" - // SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels. - SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny" -) - -// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. -type RunAsUserStrategyOptions struct { - // Rule is the strategy that will dictate the allowable RunAsUser values that may be set. - Rule RunAsUserStrategy - // Ranges are the allowed ranges of uids that may be used. If you would like to force a single uid - // then supply a single range with the same start and end. Required for MustRunAs. - // +optional - Ranges []IDRange -} - -// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. -type RunAsGroupStrategyOptions struct { - // Rule is the strategy that will dictate the allowable RunAsGroup values that may be set. - Rule RunAsGroupStrategy - // Ranges are the allowed ranges of gids that may be used. If you would like to force a single gid - // then supply a single range with the same start and end. Required for MustRunAs. - // +optional - Ranges []IDRange -} - -// IDRange provides a min/max of an allowed range of IDs. -type IDRange struct { - // Min is the start of the range, inclusive. - Min int64 - // Max is the end of the range, inclusive. - Max int64 -} - -// RunAsUserStrategy denotes strategy types for generating RunAsUser values for a -// SecurityContext. -type RunAsUserStrategy string - -const ( - // RunAsUserStrategyMustRunAs means that container must run as a particular uid. - RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs" - // RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid - RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot" - // RunAsUserStrategyRunAsAny means that container may make requests for any uid. - RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny" -) - -// RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a -// SecurityContext. -type RunAsGroupStrategy string - -const ( - // RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid. - // However, when RunAsGroup are specified, they have to fall in the defined range. - RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs" - // RunAsGroupStrategyMustRunAs means that container must run as a particular gid. - RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs" - // RunAsGroupStrategyRunAsAny means that container may make requests for any gid. - RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny" -) - -// FSGroupStrategyOptions defines the strategy type and options used to create the strategy. -type FSGroupStrategyOptions struct { - // Rule is the strategy that will dictate what FSGroup is used in the SecurityContext. - // +optional - Rule FSGroupStrategyType - // Ranges are the allowed ranges of fs groups. If you would like to force a single - // fs group then supply a single range with the same start and end. Required for MustRunAs. - // +optional - Ranges []IDRange -} - -// FSGroupStrategyType denotes strategy types for generating FSGroup values for a -// SecurityContext -type FSGroupStrategyType string - -const ( - // FSGroupStrategyMayRunAs means that container does not need to have FSGroup of X applied. - // However, when FSGroups are specified, they have to fall in the defined range. - FSGroupStrategyMayRunAs FSGroupStrategyType = "MayRunAs" - // FSGroupStrategyMustRunAs means that container must have FSGroup of X applied. - FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs" - // FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels. - FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny" -) - -// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. -type SupplementalGroupsStrategyOptions struct { - // Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext. - // +optional - Rule SupplementalGroupsStrategyType - // Ranges are the allowed ranges of supplemental groups. If you would like to force a single - // supplemental group then supply a single range with the same start and end. Required for MustRunAs. - // +optional - Ranges []IDRange -} - -// SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental -// groups for a SecurityContext. -type SupplementalGroupsStrategyType string - -const ( - // SupplementalGroupsStrategyMayRunAs means that container does not need to run with a particular gid. - // However, when gids are specified, they have to fall in the defined range. - SupplementalGroupsStrategyMayRunAs SupplementalGroupsStrategyType = "MayRunAs" - // SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid. - SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs" - // SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid. - SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny" -) - -// RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses -// for a pod. -type RuntimeClassStrategyOptions struct { - // allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. - // A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the - // list. An empty list requires the RuntimeClassName field to be unset. - AllowedRuntimeClassNames []string - // defaultRuntimeClassName is the default RuntimeClassName to set on the pod. - // The default MUST be allowed by the allowedRuntimeClassNames list. - // A value of nil does not mutate the Pod. - // +optional - DefaultRuntimeClassName *string -} - -// AllowAllRuntimeClassNames can be used as a value for the -// RuntimeClassStrategyOptions.allowedRuntimeClassNames field and means that any runtimeClassName is -// allowed. -const AllowAllRuntimeClassNames = "*" - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodSecurityPolicyList is a list of PodSecurityPolicy objects. -type PodSecurityPolicyList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []PodSecurityPolicy -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/conversion.go deleted file mode 100644 index d3aedbd634..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/conversion.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/api/policy/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/policy" -) - -func Convert_v1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in *v1.PodDisruptionBudget, out *policy.PodDisruptionBudget, s conversion.Scope) error { - if err := autoConvert_v1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in, out, s); err != nil { - return err - } - - switch { - case apiequality.Semantic.DeepEqual(in.Spec.Selector, policy.NonV1beta1MatchNoneSelector): - // no-op, preserve - case apiequality.Semantic.DeepEqual(in.Spec.Selector, policy.NonV1beta1MatchAllSelector): - // no-op, preserve - default: - // otherwise, make sure the label intended to be used in a match-all or match-none selector - // never gets combined with user-specified fields - policy.StripPDBV1beta1Label(out.Spec.Selector) - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/doc.go deleted file mode 100644 index aeb7667d2f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/policy -// +k8s:conversion-gen-external-types=k8s.io/api/policy/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/policy/v1 - -// Package policy is for any kind of policy object. Currently, this only -// includes policyv1.PodDisruptionBudget -package v1 // import "k8s.io/kubernetes/pkg/apis/policy/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/register.go deleted file mode 100644 index bd3f8f379a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - policyv1 "k8s.io/api/policy/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "policy" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &policyv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/zz_generated.conversion.go deleted file mode 100644 index 6b11a4f966..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/zz_generated.conversion.go +++ /dev/null @@ -1,242 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/policy/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - policy "k8s.io/kubernetes/pkg/apis/policy" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.Eviction)(nil), (*policy.Eviction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Eviction_To_policy_Eviction(a.(*v1.Eviction), b.(*policy.Eviction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.Eviction)(nil), (*v1.Eviction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_Eviction_To_v1_Eviction(a.(*policy.Eviction), b.(*v1.Eviction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodDisruptionBudget)(nil), (*v1.PodDisruptionBudget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudget_To_v1_PodDisruptionBudget(a.(*policy.PodDisruptionBudget), b.(*v1.PodDisruptionBudget), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodDisruptionBudgetList)(nil), (*policy.PodDisruptionBudgetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(a.(*v1.PodDisruptionBudgetList), b.(*policy.PodDisruptionBudgetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodDisruptionBudgetList)(nil), (*v1.PodDisruptionBudgetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudgetList_To_v1_PodDisruptionBudgetList(a.(*policy.PodDisruptionBudgetList), b.(*v1.PodDisruptionBudgetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodDisruptionBudgetSpec)(nil), (*policy.PodDisruptionBudgetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(a.(*v1.PodDisruptionBudgetSpec), b.(*policy.PodDisruptionBudgetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodDisruptionBudgetSpec)(nil), (*v1.PodDisruptionBudgetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudgetSpec_To_v1_PodDisruptionBudgetSpec(a.(*policy.PodDisruptionBudgetSpec), b.(*v1.PodDisruptionBudgetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PodDisruptionBudgetStatus)(nil), (*policy.PodDisruptionBudgetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(a.(*v1.PodDisruptionBudgetStatus), b.(*policy.PodDisruptionBudgetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodDisruptionBudgetStatus)(nil), (*v1.PodDisruptionBudgetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudgetStatus_To_v1_PodDisruptionBudgetStatus(a.(*policy.PodDisruptionBudgetStatus), b.(*v1.PodDisruptionBudgetStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1.PodDisruptionBudget)(nil), (*policy.PodDisruptionBudget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodDisruptionBudget_To_policy_PodDisruptionBudget(a.(*v1.PodDisruptionBudget), b.(*policy.PodDisruptionBudget), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_Eviction_To_policy_Eviction(in *v1.Eviction, out *policy.Eviction, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.DeleteOptions = (*metav1.DeleteOptions)(unsafe.Pointer(in.DeleteOptions)) - return nil -} - -// Convert_v1_Eviction_To_policy_Eviction is an autogenerated conversion function. -func Convert_v1_Eviction_To_policy_Eviction(in *v1.Eviction, out *policy.Eviction, s conversion.Scope) error { - return autoConvert_v1_Eviction_To_policy_Eviction(in, out, s) -} - -func autoConvert_policy_Eviction_To_v1_Eviction(in *policy.Eviction, out *v1.Eviction, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.DeleteOptions = (*metav1.DeleteOptions)(unsafe.Pointer(in.DeleteOptions)) - return nil -} - -// Convert_policy_Eviction_To_v1_Eviction is an autogenerated conversion function. -func Convert_policy_Eviction_To_v1_Eviction(in *policy.Eviction, out *v1.Eviction, s conversion.Scope) error { - return autoConvert_policy_Eviction_To_v1_Eviction(in, out, s) -} - -func autoConvert_v1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in *v1.PodDisruptionBudget, out *policy.PodDisruptionBudget, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_policy_PodDisruptionBudget_To_v1_PodDisruptionBudget(in *policy.PodDisruptionBudget, out *v1.PodDisruptionBudget, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_policy_PodDisruptionBudgetSpec_To_v1_PodDisruptionBudgetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_policy_PodDisruptionBudgetStatus_To_v1_PodDisruptionBudgetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_policy_PodDisruptionBudget_To_v1_PodDisruptionBudget is an autogenerated conversion function. -func Convert_policy_PodDisruptionBudget_To_v1_PodDisruptionBudget(in *policy.PodDisruptionBudget, out *v1.PodDisruptionBudget, s conversion.Scope) error { - return autoConvert_policy_PodDisruptionBudget_To_v1_PodDisruptionBudget(in, out, s) -} - -func autoConvert_v1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(in *v1.PodDisruptionBudgetList, out *policy.PodDisruptionBudgetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]policy.PodDisruptionBudget, len(*in)) - for i := range *in { - if err := Convert_v1_PodDisruptionBudget_To_policy_PodDisruptionBudget(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList is an autogenerated conversion function. -func Convert_v1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(in *v1.PodDisruptionBudgetList, out *policy.PodDisruptionBudgetList, s conversion.Scope) error { - return autoConvert_v1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(in, out, s) -} - -func autoConvert_policy_PodDisruptionBudgetList_To_v1_PodDisruptionBudgetList(in *policy.PodDisruptionBudgetList, out *v1.PodDisruptionBudgetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.PodDisruptionBudget, len(*in)) - for i := range *in { - if err := Convert_policy_PodDisruptionBudget_To_v1_PodDisruptionBudget(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_policy_PodDisruptionBudgetList_To_v1_PodDisruptionBudgetList is an autogenerated conversion function. -func Convert_policy_PodDisruptionBudgetList_To_v1_PodDisruptionBudgetList(in *policy.PodDisruptionBudgetList, out *v1.PodDisruptionBudgetList, s conversion.Scope) error { - return autoConvert_policy_PodDisruptionBudgetList_To_v1_PodDisruptionBudgetList(in, out, s) -} - -func autoConvert_v1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(in *v1.PodDisruptionBudgetSpec, out *policy.PodDisruptionBudgetSpec, s conversion.Scope) error { - out.MinAvailable = (*intstr.IntOrString)(unsafe.Pointer(in.MinAvailable)) - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - out.UnhealthyPodEvictionPolicy = (*policy.UnhealthyPodEvictionPolicyType)(unsafe.Pointer(in.UnhealthyPodEvictionPolicy)) - return nil -} - -// Convert_v1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec is an autogenerated conversion function. -func Convert_v1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(in *v1.PodDisruptionBudgetSpec, out *policy.PodDisruptionBudgetSpec, s conversion.Scope) error { - return autoConvert_v1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(in, out, s) -} - -func autoConvert_policy_PodDisruptionBudgetSpec_To_v1_PodDisruptionBudgetSpec(in *policy.PodDisruptionBudgetSpec, out *v1.PodDisruptionBudgetSpec, s conversion.Scope) error { - out.MinAvailable = (*intstr.IntOrString)(unsafe.Pointer(in.MinAvailable)) - out.Selector = (*metav1.LabelSelector)(unsafe.Pointer(in.Selector)) - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - out.UnhealthyPodEvictionPolicy = (*v1.UnhealthyPodEvictionPolicyType)(unsafe.Pointer(in.UnhealthyPodEvictionPolicy)) - return nil -} - -// Convert_policy_PodDisruptionBudgetSpec_To_v1_PodDisruptionBudgetSpec is an autogenerated conversion function. -func Convert_policy_PodDisruptionBudgetSpec_To_v1_PodDisruptionBudgetSpec(in *policy.PodDisruptionBudgetSpec, out *v1.PodDisruptionBudgetSpec, s conversion.Scope) error { - return autoConvert_policy_PodDisruptionBudgetSpec_To_v1_PodDisruptionBudgetSpec(in, out, s) -} - -func autoConvert_v1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(in *v1.PodDisruptionBudgetStatus, out *policy.PodDisruptionBudgetStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.DisruptedPods = *(*map[string]metav1.Time)(unsafe.Pointer(&in.DisruptedPods)) - out.DisruptionsAllowed = in.DisruptionsAllowed - out.CurrentHealthy = in.CurrentHealthy - out.DesiredHealthy = in.DesiredHealthy - out.ExpectedPods = in.ExpectedPods - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus is an autogenerated conversion function. -func Convert_v1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(in *v1.PodDisruptionBudgetStatus, out *policy.PodDisruptionBudgetStatus, s conversion.Scope) error { - return autoConvert_v1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(in, out, s) -} - -func autoConvert_policy_PodDisruptionBudgetStatus_To_v1_PodDisruptionBudgetStatus(in *policy.PodDisruptionBudgetStatus, out *v1.PodDisruptionBudgetStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.DisruptedPods = *(*map[string]metav1.Time)(unsafe.Pointer(&in.DisruptedPods)) - out.DisruptionsAllowed = in.DisruptionsAllowed - out.CurrentHealthy = in.CurrentHealthy - out.DesiredHealthy = in.DesiredHealthy - out.ExpectedPods = in.ExpectedPods - out.Conditions = *(*[]metav1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_policy_PodDisruptionBudgetStatus_To_v1_PodDisruptionBudgetStatus is an autogenerated conversion function. -func Convert_policy_PodDisruptionBudgetStatus_To_v1_PodDisruptionBudgetStatus(in *policy.PodDisruptionBudgetStatus, out *v1.PodDisruptionBudgetStatus, s conversion.Scope) error { - return autoConvert_policy_PodDisruptionBudgetStatus_To_v1_PodDisruptionBudgetStatus(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/zz_generated.defaults.go deleted file mode 100644 index dac177e93b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/conversion.go deleted file mode 100644 index 0164fbfe1c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/conversion.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/api/policy/v1beta1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/kubernetes/pkg/apis/policy" -) - -func Convert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in *v1beta1.PodDisruptionBudget, out *policy.PodDisruptionBudget, s conversion.Scope) error { - if err := autoConvert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in, out, s); err != nil { - return err - } - - switch { - case apiequality.Semantic.DeepEqual(in.Spec.Selector, policy.V1beta1MatchNoneSelector): - // If the v1beta1 version has a non-nil but empty selector, it should be - // selecting no pods, even when used with the internal or v1 api. We - // add a selector that is non-empty but will never match any pods. - out.Spec.Selector = policy.NonV1beta1MatchNoneSelector.DeepCopy() - case apiequality.Semantic.DeepEqual(in.Spec.Selector, policy.V1beta1MatchAllSelector): - // If the v1beta1 version has our v1beta1-specific "match-all" selector, - // swap that out for a simpler empty "match-all" selector for v1 - out.Spec.Selector = policy.NonV1beta1MatchAllSelector.DeepCopy() - default: - // otherwise, make sure the label intended to be used in a match-all or match-none selector - // never gets combined with user-specified fields - policy.StripPDBV1beta1Label(out.Spec.Selector) - } - return nil -} - -func Convert_policy_PodDisruptionBudget_To_v1beta1_PodDisruptionBudget(in *policy.PodDisruptionBudget, out *v1beta1.PodDisruptionBudget, s conversion.Scope) error { - if err := autoConvert_policy_PodDisruptionBudget_To_v1beta1_PodDisruptionBudget(in, out, s); err != nil { - return err - } - - switch { - case apiequality.Semantic.DeepEqual(in.Spec.Selector, policy.NonV1beta1MatchNoneSelector): - // If the internal version has our v1beta1-specific "match-none" selector, - // swap that out for a simpler empty "match-none" selector for v1beta1 - out.Spec.Selector = policy.V1beta1MatchNoneSelector.DeepCopy() - case apiequality.Semantic.DeepEqual(in.Spec.Selector, policy.NonV1beta1MatchAllSelector): - // If the internal version has a non-nil but empty selector, we want it to - // select all pods. We make sure this happens even with the v1beta1 api by - // adding a non-empty selector that selects all pods. - out.Spec.Selector = policy.V1beta1MatchAllSelector.DeepCopy() - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/defaults.go deleted file mode 100644 index 6403387d6d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/defaults.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - policyv1beta1 "k8s.io/api/policy/v1beta1" -) - -func SetDefaults_PodSecurityPolicySpec(obj *policyv1beta1.PodSecurityPolicySpec) { - // This field was added after PodSecurityPolicy was released. - // Policies that do not include this field must remain as permissive as they were prior to the introduction of this field. - if obj.AllowPrivilegeEscalation == nil { - t := true - obj.AllowPrivilegeEscalation = &t - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/doc.go deleted file mode 100644 index b7dfdffbe3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/doc.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/policy -// +k8s:conversion-gen-external-types=k8s.io/api/policy/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/policy/v1beta1 - -// Package policy is for any kind of policy object. Suitable examples, even if -// they aren't all here, are policyv1beta1.PodDisruptionBudget, PodSecurityPolicy, -// NetworkPolicy, etc. -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/policy/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/register.go deleted file mode 100644 index c0b0507ac4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - policyv1beta1 "k8s.io/api/policy/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "policy" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &policyv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(RegisterDefaults) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 637a37da87..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,771 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/policy/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - core "k8s.io/kubernetes/pkg/apis/core" - policy "k8s.io/kubernetes/pkg/apis/policy" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedCSIDriver)(nil), (*policy.AllowedCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(a.(*v1beta1.AllowedCSIDriver), b.(*policy.AllowedCSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.AllowedCSIDriver)(nil), (*v1beta1.AllowedCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(a.(*policy.AllowedCSIDriver), b.(*v1beta1.AllowedCSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedFlexVolume)(nil), (*policy.AllowedFlexVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(a.(*v1beta1.AllowedFlexVolume), b.(*policy.AllowedFlexVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.AllowedFlexVolume)(nil), (*v1beta1.AllowedFlexVolume)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(a.(*policy.AllowedFlexVolume), b.(*v1beta1.AllowedFlexVolume), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedHostPath)(nil), (*policy.AllowedHostPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(a.(*v1beta1.AllowedHostPath), b.(*policy.AllowedHostPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.AllowedHostPath)(nil), (*v1beta1.AllowedHostPath)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(a.(*policy.AllowedHostPath), b.(*v1beta1.AllowedHostPath), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Eviction)(nil), (*policy.Eviction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Eviction_To_policy_Eviction(a.(*v1beta1.Eviction), b.(*policy.Eviction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.Eviction)(nil), (*v1beta1.Eviction)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_Eviction_To_v1beta1_Eviction(a.(*policy.Eviction), b.(*v1beta1.Eviction), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.FSGroupStrategyOptions)(nil), (*policy.FSGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(a.(*v1beta1.FSGroupStrategyOptions), b.(*policy.FSGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.FSGroupStrategyOptions)(nil), (*v1beta1.FSGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(a.(*policy.FSGroupStrategyOptions), b.(*v1beta1.FSGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.HostPortRange)(nil), (*policy.HostPortRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_HostPortRange_To_policy_HostPortRange(a.(*v1beta1.HostPortRange), b.(*policy.HostPortRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.HostPortRange)(nil), (*v1beta1.HostPortRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_HostPortRange_To_v1beta1_HostPortRange(a.(*policy.HostPortRange), b.(*v1beta1.HostPortRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.IDRange)(nil), (*policy.IDRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_IDRange_To_policy_IDRange(a.(*v1beta1.IDRange), b.(*policy.IDRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.IDRange)(nil), (*v1beta1.IDRange)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_IDRange_To_v1beta1_IDRange(a.(*policy.IDRange), b.(*v1beta1.IDRange), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodDisruptionBudgetList)(nil), (*policy.PodDisruptionBudgetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(a.(*v1beta1.PodDisruptionBudgetList), b.(*policy.PodDisruptionBudgetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodDisruptionBudgetList)(nil), (*v1beta1.PodDisruptionBudgetList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudgetList_To_v1beta1_PodDisruptionBudgetList(a.(*policy.PodDisruptionBudgetList), b.(*v1beta1.PodDisruptionBudgetList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodDisruptionBudgetSpec)(nil), (*policy.PodDisruptionBudgetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(a.(*v1beta1.PodDisruptionBudgetSpec), b.(*policy.PodDisruptionBudgetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodDisruptionBudgetSpec)(nil), (*v1beta1.PodDisruptionBudgetSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudgetSpec_To_v1beta1_PodDisruptionBudgetSpec(a.(*policy.PodDisruptionBudgetSpec), b.(*v1beta1.PodDisruptionBudgetSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodDisruptionBudgetStatus)(nil), (*policy.PodDisruptionBudgetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(a.(*v1beta1.PodDisruptionBudgetStatus), b.(*policy.PodDisruptionBudgetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodDisruptionBudgetStatus)(nil), (*v1beta1.PodDisruptionBudgetStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus(a.(*policy.PodDisruptionBudgetStatus), b.(*v1beta1.PodDisruptionBudgetStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicy)(nil), (*policy.PodSecurityPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(a.(*v1beta1.PodSecurityPolicy), b.(*policy.PodSecurityPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicy)(nil), (*v1beta1.PodSecurityPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(a.(*policy.PodSecurityPolicy), b.(*v1beta1.PodSecurityPolicy), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicyList)(nil), (*policy.PodSecurityPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(a.(*v1beta1.PodSecurityPolicyList), b.(*policy.PodSecurityPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicyList)(nil), (*v1beta1.PodSecurityPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(a.(*policy.PodSecurityPolicyList), b.(*v1beta1.PodSecurityPolicyList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicySpec)(nil), (*policy.PodSecurityPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(a.(*v1beta1.PodSecurityPolicySpec), b.(*policy.PodSecurityPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicySpec)(nil), (*v1beta1.PodSecurityPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(a.(*policy.PodSecurityPolicySpec), b.(*v1beta1.PodSecurityPolicySpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsGroupStrategyOptions)(nil), (*policy.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(a.(*v1beta1.RunAsGroupStrategyOptions), b.(*policy.RunAsGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.RunAsGroupStrategyOptions)(nil), (*v1beta1.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(a.(*policy.RunAsGroupStrategyOptions), b.(*v1beta1.RunAsGroupStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsUserStrategyOptions)(nil), (*policy.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(a.(*v1beta1.RunAsUserStrategyOptions), b.(*policy.RunAsUserStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.RunAsUserStrategyOptions)(nil), (*v1beta1.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(a.(*policy.RunAsUserStrategyOptions), b.(*v1beta1.RunAsUserStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RuntimeClassStrategyOptions)(nil), (*policy.RuntimeClassStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(a.(*v1beta1.RuntimeClassStrategyOptions), b.(*policy.RuntimeClassStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.RuntimeClassStrategyOptions)(nil), (*v1beta1.RuntimeClassStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(a.(*policy.RuntimeClassStrategyOptions), b.(*v1beta1.RuntimeClassStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SELinuxStrategyOptions)(nil), (*policy.SELinuxStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(a.(*v1beta1.SELinuxStrategyOptions), b.(*policy.SELinuxStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.SELinuxStrategyOptions)(nil), (*v1beta1.SELinuxStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(a.(*policy.SELinuxStrategyOptions), b.(*v1beta1.SELinuxStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.SupplementalGroupsStrategyOptions)(nil), (*policy.SupplementalGroupsStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(a.(*v1beta1.SupplementalGroupsStrategyOptions), b.(*policy.SupplementalGroupsStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*policy.SupplementalGroupsStrategyOptions)(nil), (*v1beta1.SupplementalGroupsStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(a.(*policy.SupplementalGroupsStrategyOptions), b.(*v1beta1.SupplementalGroupsStrategyOptions), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*policy.PodDisruptionBudget)(nil), (*v1beta1.PodDisruptionBudget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_policy_PodDisruptionBudget_To_v1beta1_PodDisruptionBudget(a.(*policy.PodDisruptionBudget), b.(*v1beta1.PodDisruptionBudget), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1beta1.PodDisruptionBudget)(nil), (*policy.PodDisruptionBudget)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget(a.(*v1beta1.PodDisruptionBudget), b.(*policy.PodDisruptionBudget), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in *v1beta1.AllowedCSIDriver, out *policy.AllowedCSIDriver, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver is an autogenerated conversion function. -func Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in *v1beta1.AllowedCSIDriver, out *policy.AllowedCSIDriver, s conversion.Scope) error { - return autoConvert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in, out, s) -} - -func autoConvert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in *policy.AllowedCSIDriver, out *v1beta1.AllowedCSIDriver, s conversion.Scope) error { - out.Name = in.Name - return nil -} - -// Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver is an autogenerated conversion function. -func Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in *policy.AllowedCSIDriver, out *v1beta1.AllowedCSIDriver, s conversion.Scope) error { - return autoConvert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in, out, s) -} - -func autoConvert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *policy.AllowedFlexVolume, s conversion.Scope) error { - out.Driver = in.Driver - return nil -} - -// Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume is an autogenerated conversion function. -func Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *policy.AllowedFlexVolume, s conversion.Scope) error { - return autoConvert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in, out, s) -} - -func autoConvert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *policy.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error { - out.Driver = in.Driver - return nil -} - -// Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume is an autogenerated conversion function. -func Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *policy.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error { - return autoConvert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in, out, s) -} - -func autoConvert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in *v1beta1.AllowedHostPath, out *policy.AllowedHostPath, s conversion.Scope) error { - out.PathPrefix = in.PathPrefix - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath is an autogenerated conversion function. -func Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in *v1beta1.AllowedHostPath, out *policy.AllowedHostPath, s conversion.Scope) error { - return autoConvert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in, out, s) -} - -func autoConvert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in *policy.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error { - out.PathPrefix = in.PathPrefix - out.ReadOnly = in.ReadOnly - return nil -} - -// Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath is an autogenerated conversion function. -func Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in *policy.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error { - return autoConvert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in, out, s) -} - -func autoConvert_v1beta1_Eviction_To_policy_Eviction(in *v1beta1.Eviction, out *policy.Eviction, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.DeleteOptions = (*v1.DeleteOptions)(unsafe.Pointer(in.DeleteOptions)) - return nil -} - -// Convert_v1beta1_Eviction_To_policy_Eviction is an autogenerated conversion function. -func Convert_v1beta1_Eviction_To_policy_Eviction(in *v1beta1.Eviction, out *policy.Eviction, s conversion.Scope) error { - return autoConvert_v1beta1_Eviction_To_policy_Eviction(in, out, s) -} - -func autoConvert_policy_Eviction_To_v1beta1_Eviction(in *policy.Eviction, out *v1beta1.Eviction, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.DeleteOptions = (*v1.DeleteOptions)(unsafe.Pointer(in.DeleteOptions)) - return nil -} - -// Convert_policy_Eviction_To_v1beta1_Eviction is an autogenerated conversion function. -func Convert_policy_Eviction_To_v1beta1_Eviction(in *policy.Eviction, out *v1beta1.Eviction, s conversion.Scope) error { - return autoConvert_policy_Eviction_To_v1beta1_Eviction(in, out, s) -} - -func autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error { - out.Rule = policy.FSGroupStrategyType(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in, out, s) -} - -func autoConvert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *policy.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.FSGroupStrategyType(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions is an autogenerated conversion function. -func Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *policy.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_HostPortRange_To_policy_HostPortRange(in *v1beta1.HostPortRange, out *policy.HostPortRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_v1beta1_HostPortRange_To_policy_HostPortRange is an autogenerated conversion function. -func Convert_v1beta1_HostPortRange_To_policy_HostPortRange(in *v1beta1.HostPortRange, out *policy.HostPortRange, s conversion.Scope) error { - return autoConvert_v1beta1_HostPortRange_To_policy_HostPortRange(in, out, s) -} - -func autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_policy_HostPortRange_To_v1beta1_HostPortRange is an autogenerated conversion function. -func Convert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error { - return autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in, out, s) -} - -func autoConvert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_v1beta1_IDRange_To_policy_IDRange is an autogenerated conversion function. -func Convert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error { - return autoConvert_v1beta1_IDRange_To_policy_IDRange(in, out, s) -} - -func autoConvert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error { - out.Min = in.Min - out.Max = in.Max - return nil -} - -// Convert_policy_IDRange_To_v1beta1_IDRange is an autogenerated conversion function. -func Convert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error { - return autoConvert_policy_IDRange_To_v1beta1_IDRange(in, out, s) -} - -func autoConvert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget(in *v1beta1.PodDisruptionBudget, out *policy.PodDisruptionBudget, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_policy_PodDisruptionBudget_To_v1beta1_PodDisruptionBudget(in *policy.PodDisruptionBudget, out *v1beta1.PodDisruptionBudget, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_policy_PodDisruptionBudgetSpec_To_v1beta1_PodDisruptionBudgetSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(in *v1beta1.PodDisruptionBudgetList, out *policy.PodDisruptionBudgetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]policy.PodDisruptionBudget, len(*in)) - for i := range *in { - if err := Convert_v1beta1_PodDisruptionBudget_To_policy_PodDisruptionBudget(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList is an autogenerated conversion function. -func Convert_v1beta1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(in *v1beta1.PodDisruptionBudgetList, out *policy.PodDisruptionBudgetList, s conversion.Scope) error { - return autoConvert_v1beta1_PodDisruptionBudgetList_To_policy_PodDisruptionBudgetList(in, out, s) -} - -func autoConvert_policy_PodDisruptionBudgetList_To_v1beta1_PodDisruptionBudgetList(in *policy.PodDisruptionBudgetList, out *v1beta1.PodDisruptionBudgetList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.PodDisruptionBudget, len(*in)) - for i := range *in { - if err := Convert_policy_PodDisruptionBudget_To_v1beta1_PodDisruptionBudget(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_policy_PodDisruptionBudgetList_To_v1beta1_PodDisruptionBudgetList is an autogenerated conversion function. -func Convert_policy_PodDisruptionBudgetList_To_v1beta1_PodDisruptionBudgetList(in *policy.PodDisruptionBudgetList, out *v1beta1.PodDisruptionBudgetList, s conversion.Scope) error { - return autoConvert_policy_PodDisruptionBudgetList_To_v1beta1_PodDisruptionBudgetList(in, out, s) -} - -func autoConvert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(in *v1beta1.PodDisruptionBudgetSpec, out *policy.PodDisruptionBudgetSpec, s conversion.Scope) error { - out.MinAvailable = (*intstr.IntOrString)(unsafe.Pointer(in.MinAvailable)) - out.Selector = (*v1.LabelSelector)(unsafe.Pointer(in.Selector)) - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - out.UnhealthyPodEvictionPolicy = (*policy.UnhealthyPodEvictionPolicyType)(unsafe.Pointer(in.UnhealthyPodEvictionPolicy)) - return nil -} - -// Convert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec is an autogenerated conversion function. -func Convert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(in *v1beta1.PodDisruptionBudgetSpec, out *policy.PodDisruptionBudgetSpec, s conversion.Scope) error { - return autoConvert_v1beta1_PodDisruptionBudgetSpec_To_policy_PodDisruptionBudgetSpec(in, out, s) -} - -func autoConvert_policy_PodDisruptionBudgetSpec_To_v1beta1_PodDisruptionBudgetSpec(in *policy.PodDisruptionBudgetSpec, out *v1beta1.PodDisruptionBudgetSpec, s conversion.Scope) error { - out.MinAvailable = (*intstr.IntOrString)(unsafe.Pointer(in.MinAvailable)) - out.Selector = (*v1.LabelSelector)(unsafe.Pointer(in.Selector)) - out.MaxUnavailable = (*intstr.IntOrString)(unsafe.Pointer(in.MaxUnavailable)) - out.UnhealthyPodEvictionPolicy = (*v1beta1.UnhealthyPodEvictionPolicyType)(unsafe.Pointer(in.UnhealthyPodEvictionPolicy)) - return nil -} - -// Convert_policy_PodDisruptionBudgetSpec_To_v1beta1_PodDisruptionBudgetSpec is an autogenerated conversion function. -func Convert_policy_PodDisruptionBudgetSpec_To_v1beta1_PodDisruptionBudgetSpec(in *policy.PodDisruptionBudgetSpec, out *v1beta1.PodDisruptionBudgetSpec, s conversion.Scope) error { - return autoConvert_policy_PodDisruptionBudgetSpec_To_v1beta1_PodDisruptionBudgetSpec(in, out, s) -} - -func autoConvert_v1beta1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(in *v1beta1.PodDisruptionBudgetStatus, out *policy.PodDisruptionBudgetStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.DisruptedPods = *(*map[string]v1.Time)(unsafe.Pointer(&in.DisruptedPods)) - out.DisruptionsAllowed = in.DisruptionsAllowed - out.CurrentHealthy = in.CurrentHealthy - out.DesiredHealthy = in.DesiredHealthy - out.ExpectedPods = in.ExpectedPods - out.Conditions = *(*[]v1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_v1beta1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus is an autogenerated conversion function. -func Convert_v1beta1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(in *v1beta1.PodDisruptionBudgetStatus, out *policy.PodDisruptionBudgetStatus, s conversion.Scope) error { - return autoConvert_v1beta1_PodDisruptionBudgetStatus_To_policy_PodDisruptionBudgetStatus(in, out, s) -} - -func autoConvert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus(in *policy.PodDisruptionBudgetStatus, out *v1beta1.PodDisruptionBudgetStatus, s conversion.Scope) error { - out.ObservedGeneration = in.ObservedGeneration - out.DisruptedPods = *(*map[string]v1.Time)(unsafe.Pointer(&in.DisruptedPods)) - out.DisruptionsAllowed = in.DisruptionsAllowed - out.CurrentHealthy = in.CurrentHealthy - out.DesiredHealthy = in.DesiredHealthy - out.ExpectedPods = in.ExpectedPods - out.Conditions = *(*[]v1.Condition)(unsafe.Pointer(&in.Conditions)) - return nil -} - -// Convert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus is an autogenerated conversion function. -func Convert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus(in *policy.PodDisruptionBudgetStatus, out *v1beta1.PodDisruptionBudgetStatus, s conversion.Scope) error { - return autoConvert_policy_PodDisruptionBudgetStatus_To_v1beta1_PodDisruptionBudgetStatus(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *policy.PodSecurityPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *policy.PodSecurityPolicy, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in, out, s) -} - -func autoConvert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *policy.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy is an autogenerated conversion function. -func Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *policy.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error { - return autoConvert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *policy.PodSecurityPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]policy.PodSecurityPolicy, len(*in)) - for i := range *in { - if err := Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *policy.PodSecurityPolicyList, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in, out, s) -} - -func autoConvert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *policy.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.PodSecurityPolicy, len(*in)) - for i := range *in { - if err := Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList is an autogenerated conversion function. -func Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *policy.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error { - return autoConvert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *policy.PodSecurityPolicySpec, s conversion.Scope) error { - out.Privileged = in.Privileged - out.DefaultAddCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities)) - out.RequiredDropCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities)) - out.AllowedCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.AllowedCapabilities)) - out.Volumes = *(*[]policy.FSType)(unsafe.Pointer(&in.Volumes)) - out.HostNetwork = in.HostNetwork - out.HostPorts = *(*[]policy.HostPortRange)(unsafe.Pointer(&in.HostPorts)) - out.HostPID = in.HostPID - out.HostIPC = in.HostIPC - if err := Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil { - return err - } - if err := Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil { - return err - } - out.RunAsGroup = (*policy.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup)) - if err := Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil { - return err - } - if err := Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil { - return err - } - out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem - out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation)) - if err := v1.Convert_Pointer_bool_To_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil { - return err - } - out.AllowedHostPaths = *(*[]policy.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths)) - out.AllowedFlexVolumes = *(*[]policy.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes)) - out.AllowedCSIDrivers = *(*[]policy.AllowedCSIDriver)(unsafe.Pointer(&in.AllowedCSIDrivers)) - out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) - out.ForbiddenSysctls = *(*[]string)(unsafe.Pointer(&in.ForbiddenSysctls)) - out.AllowedProcMountTypes = *(*[]core.ProcMountType)(unsafe.Pointer(&in.AllowedProcMountTypes)) - out.RuntimeClass = (*policy.RuntimeClassStrategyOptions)(unsafe.Pointer(in.RuntimeClass)) - return nil -} - -// Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *policy.PodSecurityPolicySpec, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in, out, s) -} - -func autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *policy.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error { - out.Privileged = in.Privileged - out.DefaultAddCapabilities = *(*[]corev1.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities)) - out.RequiredDropCapabilities = *(*[]corev1.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities)) - out.AllowedCapabilities = *(*[]corev1.Capability)(unsafe.Pointer(&in.AllowedCapabilities)) - out.Volumes = *(*[]v1beta1.FSType)(unsafe.Pointer(&in.Volumes)) - out.HostNetwork = in.HostNetwork - out.HostPorts = *(*[]v1beta1.HostPortRange)(unsafe.Pointer(&in.HostPorts)) - out.HostPID = in.HostPID - out.HostIPC = in.HostIPC - if err := Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil { - return err - } - if err := Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil { - return err - } - out.RunAsGroup = (*v1beta1.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup)) - if err := Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil { - return err - } - if err := Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil { - return err - } - out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem - out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation)) - if err := v1.Convert_bool_To_Pointer_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil { - return err - } - out.AllowedHostPaths = *(*[]v1beta1.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths)) - out.AllowedFlexVolumes = *(*[]v1beta1.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes)) - out.AllowedCSIDrivers = *(*[]v1beta1.AllowedCSIDriver)(unsafe.Pointer(&in.AllowedCSIDrivers)) - out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) - out.ForbiddenSysctls = *(*[]string)(unsafe.Pointer(&in.ForbiddenSysctls)) - out.AllowedProcMountTypes = *(*[]corev1.ProcMountType)(unsafe.Pointer(&in.AllowedProcMountTypes)) - out.RuntimeClass = (*v1beta1.RuntimeClassStrategyOptions)(unsafe.Pointer(in.RuntimeClass)) - return nil -} - -// Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec is an autogenerated conversion function. -func Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *policy.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error { - return autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s) -} - -func autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error { - out.Rule = policy.RunAsGroupStrategy(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in, out, s) -} - -func autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.RunAsGroupStrategy(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions is an autogenerated conversion function. -func Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error { - out.Rule = policy.RunAsUserStrategy(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in, out, s) -} - -func autoConvert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *policy.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.RunAsUserStrategy(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions is an autogenerated conversion function. -func Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *policy.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in *v1beta1.RuntimeClassStrategyOptions, out *policy.RuntimeClassStrategyOptions, s conversion.Scope) error { - out.AllowedRuntimeClassNames = *(*[]string)(unsafe.Pointer(&in.AllowedRuntimeClassNames)) - out.DefaultRuntimeClassName = (*string)(unsafe.Pointer(in.DefaultRuntimeClassName)) - return nil -} - -// Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in *v1beta1.RuntimeClassStrategyOptions, out *policy.RuntimeClassStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in, out, s) -} - -func autoConvert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in *policy.RuntimeClassStrategyOptions, out *v1beta1.RuntimeClassStrategyOptions, s conversion.Scope) error { - out.AllowedRuntimeClassNames = *(*[]string)(unsafe.Pointer(&in.AllowedRuntimeClassNames)) - out.DefaultRuntimeClassName = (*string)(unsafe.Pointer(in.DefaultRuntimeClassName)) - return nil -} - -// Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions is an autogenerated conversion function. -func Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in *policy.RuntimeClassStrategyOptions, out *v1beta1.RuntimeClassStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *policy.SELinuxStrategyOptions, s conversion.Scope) error { - out.Rule = policy.SELinuxStrategy(in.Rule) - out.SELinuxOptions = (*core.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - return nil -} - -// Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *policy.SELinuxStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in, out, s) -} - -func autoConvert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *policy.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.SELinuxStrategy(in.Rule) - out.SELinuxOptions = (*corev1.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions)) - return nil -} - -// Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions is an autogenerated conversion function. -func Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *policy.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in, out, s) -} - -func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - out.Rule = policy.SupplementalGroupsStrategyType(in.Rule) - out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions is an autogenerated conversion function. -func Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - return autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in, out, s) -} - -func autoConvert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *policy.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - out.Rule = v1beta1.SupplementalGroupsStrategyType(in.Rule) - out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges)) - return nil -} - -// Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions is an autogenerated conversion function. -func Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *policy.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error { - return autoConvert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 5dbe17b713..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,47 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/policy/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicy{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicy(obj.(*v1beta1.PodSecurityPolicy)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicyList{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicyList(obj.(*v1beta1.PodSecurityPolicyList)) }) - return nil -} - -func SetObjectDefaults_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy) { - SetDefaults_PodSecurityPolicySpec(&in.Spec) -} - -func SetObjectDefaults_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PodSecurityPolicy(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/validation/validation.go deleted file mode 100644 index 8f2ad4ff4d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/validation/validation.go +++ /dev/null @@ -1,602 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "path/filepath" - "regexp" - "strings" - - v1 "k8s.io/api/core/v1" - policyapiv1beta1 "k8s.io/api/policy/v1beta1" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - appsvalidation "k8s.io/kubernetes/pkg/apis/apps/validation" - "k8s.io/kubernetes/pkg/apis/core" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/policy" -) - -const ( - // AllowAny is the wildcard used to allow any profile. - seccompAllowAny = "*" - // DefaultProfileAnnotationKey specifies the default seccomp profile. - seccompDefaultProfileAnnotationKey = "seccomp.security.alpha.kubernetes.io/defaultProfileName" - // AllowedProfilesAnnotationKey specifies the allowed seccomp profiles. - seccompAllowedProfilesAnnotationKey = "seccomp.security.alpha.kubernetes.io/allowedProfileNames" -) - -var supportedUnhealthyPodEvictionPolicies = sets.NewString( - string(policy.IfHealthyBudget), - string(policy.AlwaysAllow), -) - -type PodDisruptionBudgetValidationOptions struct { - AllowInvalidLabelValueInSelector bool -} - -// ValidatePodDisruptionBudget validates a PodDisruptionBudget and returns an ErrorList -// with any errors. -func ValidatePodDisruptionBudget(pdb *policy.PodDisruptionBudget, opts PodDisruptionBudgetValidationOptions) field.ErrorList { - allErrs := ValidatePodDisruptionBudgetSpec(pdb.Spec, opts, field.NewPath("spec")) - return allErrs -} - -// ValidatePodDisruptionBudgetSpec validates a PodDisruptionBudgetSpec and returns an ErrorList -// with any errors. -func ValidatePodDisruptionBudgetSpec(spec policy.PodDisruptionBudgetSpec, opts PodDisruptionBudgetValidationOptions, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if spec.MinAvailable != nil && spec.MaxUnavailable != nil { - allErrs = append(allErrs, field.Invalid(fldPath, spec, "minAvailable and maxUnavailable cannot be both set")) - } - - if spec.MinAvailable != nil { - allErrs = append(allErrs, appsvalidation.ValidatePositiveIntOrPercent(*spec.MinAvailable, fldPath.Child("minAvailable"))...) - allErrs = append(allErrs, appsvalidation.IsNotMoreThan100Percent(*spec.MinAvailable, fldPath.Child("minAvailable"))...) - } - - if spec.MaxUnavailable != nil { - allErrs = append(allErrs, appsvalidation.ValidatePositiveIntOrPercent(*spec.MaxUnavailable, fldPath.Child("maxUnavailable"))...) - allErrs = append(allErrs, appsvalidation.IsNotMoreThan100Percent(*spec.MaxUnavailable, fldPath.Child("maxUnavailable"))...) - } - - labelSelectorValidationOptions := unversionedvalidation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector} - - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(spec.Selector, labelSelectorValidationOptions, fldPath.Child("selector"))...) - - if spec.UnhealthyPodEvictionPolicy != nil && !supportedUnhealthyPodEvictionPolicies.Has(string(*spec.UnhealthyPodEvictionPolicy)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("unhealthyPodEvictionPolicy"), *spec.UnhealthyPodEvictionPolicy, supportedUnhealthyPodEvictionPolicies.List())) - } - - return allErrs -} - -// ValidatePodDisruptionBudgetStatusUpdate validates a PodDisruptionBudgetStatus and returns an ErrorList -// with any errors. -func ValidatePodDisruptionBudgetStatusUpdate(status, oldStatus policy.PodDisruptionBudgetStatus, fldPath *field.Path, apiVersion schema.GroupVersion) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, unversionedvalidation.ValidateConditions(status.Conditions, fldPath.Child("conditions"))...) - // Don't run other validations for v1beta1 since we don't want to introduce - // new validations retroactively. - if apiVersion == policyapiv1beta1.SchemeGroupVersion { - return allErrs - } - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.DisruptionsAllowed), fldPath.Child("disruptionsAllowed"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.CurrentHealthy), fldPath.Child("currentHealthy"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.DesiredHealthy), fldPath.Child("desiredHealthy"))...) - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(status.ExpectedPods), fldPath.Child("expectedPods"))...) - return allErrs -} - -// ValidatePodSecurityPolicyName can be used to check whether the given -// pod security policy name is valid. -// Prefix indicates this name will be used as part of generation, in which case -// trailing dashes are allowed. -var ValidatePodSecurityPolicyName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidatePodSecurityPolicy validates a PodSecurityPolicy and returns an ErrorList -// with any errors. -func ValidatePodSecurityPolicy(psp *policy.PodSecurityPolicy) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&psp.ObjectMeta, false, ValidatePodSecurityPolicyName, field.NewPath("metadata"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpecificAnnotations(psp.Annotations, field.NewPath("metadata").Child("annotations"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&psp.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidatePodSecurityPolicySpec validates a PodSecurityPolicySpec and returns an ErrorList -// with any errors. -func ValidatePodSecurityPolicySpec(spec *policy.PodSecurityPolicySpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, validatePSPRunAsUser(fldPath.Child("runAsUser"), &spec.RunAsUser)...) - allErrs = append(allErrs, validatePSPRunAsGroup(fldPath.Child("runAsGroup"), spec.RunAsGroup)...) - allErrs = append(allErrs, validatePSPSELinux(fldPath.Child("seLinux"), &spec.SELinux)...) - allErrs = append(allErrs, validatePSPSupplementalGroup(fldPath.Child("supplementalGroups"), &spec.SupplementalGroups)...) - allErrs = append(allErrs, validatePSPFSGroup(fldPath.Child("fsGroup"), &spec.FSGroup)...) - allErrs = append(allErrs, validatePodSecurityPolicyVolumes(fldPath, spec.Volumes)...) - if len(spec.RequiredDropCapabilities) > 0 && hasCap(policy.AllowAllCapabilities, spec.AllowedCapabilities) { - allErrs = append(allErrs, field.Invalid(field.NewPath("requiredDropCapabilities"), spec.RequiredDropCapabilities, - "must be empty when all capabilities are allowed by a wildcard")) - } - allErrs = append(allErrs, validatePSPCapsAgainstDrops(spec.RequiredDropCapabilities, spec.DefaultAddCapabilities, field.NewPath("defaultAddCapabilities"))...) - allErrs = append(allErrs, validatePSPCapsAgainstDrops(spec.RequiredDropCapabilities, spec.AllowedCapabilities, field.NewPath("allowedCapabilities"))...) - allErrs = append(allErrs, validatePSPDefaultAllowPrivilegeEscalation(fldPath.Child("defaultAllowPrivilegeEscalation"), spec.DefaultAllowPrivilegeEscalation, spec.AllowPrivilegeEscalation)...) - allErrs = append(allErrs, validatePSPAllowedProcMountTypes(fldPath.Child("allowedProcMountTypes"), spec.AllowedProcMountTypes)...) - allErrs = append(allErrs, validatePSPAllowedHostPaths(fldPath.Child("allowedHostPaths"), spec.AllowedHostPaths)...) - allErrs = append(allErrs, validatePSPAllowedFlexVolumes(fldPath.Child("allowedFlexVolumes"), spec.AllowedFlexVolumes)...) - allErrs = append(allErrs, validatePSPAllowedCSIDrivers(fldPath.Child("allowedCSIDrivers"), spec.AllowedCSIDrivers)...) - allErrs = append(allErrs, validatePodSecurityPolicySysctls(fldPath.Child("allowedUnsafeSysctls"), spec.AllowedUnsafeSysctls)...) - allErrs = append(allErrs, validatePodSecurityPolicySysctls(fldPath.Child("forbiddenSysctls"), spec.ForbiddenSysctls)...) - allErrs = append(allErrs, validatePodSecurityPolicySysctlListsDoNotOverlap(fldPath.Child("allowedUnsafeSysctls"), fldPath.Child("forbiddenSysctls"), spec.AllowedUnsafeSysctls, spec.ForbiddenSysctls)...) - allErrs = append(allErrs, validateRuntimeClassStrategy(fldPath.Child("runtimeClass"), spec.RuntimeClass)...) - - return allErrs -} - -// ValidatePodSecurityPolicySpecificAnnotations validates annotations and returns an ErrorList -// with any errors. -func ValidatePodSecurityPolicySpecificAnnotations(annotations map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if p := annotations[v1.AppArmorBetaDefaultProfileAnnotationKey]; p != "" { - if err := apivalidation.ValidateAppArmorProfileFormat(p); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Key(v1.AppArmorBetaDefaultProfileAnnotationKey), p, err.Error())) - } - } - if allowed := annotations[v1.AppArmorBetaAllowedProfilesAnnotationKey]; allowed != "" { - for _, p := range strings.Split(allowed, ",") { - if err := apivalidation.ValidateAppArmorProfileFormat(p); err != nil { - allErrs = append(allErrs, field.Invalid(fldPath.Key(v1.AppArmorBetaAllowedProfilesAnnotationKey), allowed, err.Error())) - } - } - } - - if p := annotations[seccompDefaultProfileAnnotationKey]; p != "" { - allErrs = append(allErrs, apivalidation.ValidateSeccompProfile(p, fldPath.Key(seccompDefaultProfileAnnotationKey))...) - } - if allowed := annotations[seccompAllowedProfilesAnnotationKey]; allowed != "" { - for _, p := range strings.Split(allowed, ",") { - if p == seccompAllowAny { - continue - } - allErrs = append(allErrs, apivalidation.ValidateSeccompProfile(p, fldPath.Key(seccompAllowedProfilesAnnotationKey))...) - } - } - return allErrs -} - -// validatePSPAllowedHostPaths makes sure all allowed host paths follow: -// 1. path prefix is required -// 2. path prefix does not have any element which is ".." -func validatePSPAllowedHostPaths(fldPath *field.Path, allowedHostPaths []policy.AllowedHostPath) field.ErrorList { - allErrs := field.ErrorList{} - - for i, target := range allowedHostPaths { - if target.PathPrefix == "" { - allErrs = append(allErrs, field.Required(fldPath.Index(i), "is required")) - break - } - parts := strings.Split(filepath.ToSlash(target.PathPrefix), "/") - for _, item := range parts { - if item == ".." { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i), target.PathPrefix, "must not contain '..'")) - break // even for `../../..`, one error is sufficient to make the point - } - } - } - - return allErrs -} - -func validatePSPAllowedFlexVolumes(fldPath *field.Path, flexVolumes []policy.AllowedFlexVolume) field.ErrorList { - allErrs := field.ErrorList{} - if len(flexVolumes) > 0 { - for idx, fv := range flexVolumes { - if len(fv.Driver) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("allowedFlexVolumes").Index(idx).Child("driver"), - "must specify a driver")) - } - } - } - return allErrs -} - -func validatePSPAllowedCSIDrivers(fldPath *field.Path, csiDrivers []policy.AllowedCSIDriver) field.ErrorList { - allErrs := field.ErrorList{} - if len(csiDrivers) > 0 { - for idx, csiDriver := range csiDrivers { - fieldPath := fldPath.Child("allowedCSIDriver").Index(idx).Child("name") - allErrs = append(allErrs, apivalidation.ValidateCSIDriverName(csiDriver.Name, fieldPath)...) - } - } - return allErrs -} - -// validatePSPSELinux validates the SELinux fields of PodSecurityPolicy. -func validatePSPSELinux(fldPath *field.Path, seLinux *policy.SELinuxStrategyOptions) field.ErrorList { - allErrs := field.ErrorList{} - - // ensure the selinux strategy has a valid rule - supportedSELinuxRules := sets.NewString( - string(policy.SELinuxStrategyMustRunAs), - string(policy.SELinuxStrategyRunAsAny), - ) - if !supportedSELinuxRules.Has(string(seLinux.Rule)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("rule"), seLinux.Rule, supportedSELinuxRules.List())) - } - - return allErrs -} - -// validatePSPRunAsUser validates the RunAsUser fields of PodSecurityPolicy. -func validatePSPRunAsUser(fldPath *field.Path, runAsUser *policy.RunAsUserStrategyOptions) field.ErrorList { - allErrs := field.ErrorList{} - - // ensure the user strategy has a valid rule - supportedRunAsUserRules := sets.NewString( - string(policy.RunAsUserStrategyMustRunAs), - string(policy.RunAsUserStrategyMustRunAsNonRoot), - string(policy.RunAsUserStrategyRunAsAny), - ) - if !supportedRunAsUserRules.Has(string(runAsUser.Rule)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("rule"), runAsUser.Rule, supportedRunAsUserRules.List())) - } - - // validate range settings - for idx, rng := range runAsUser.Ranges { - allErrs = append(allErrs, validateUserIDRange(fldPath.Child("ranges").Index(idx), rng)...) - } - - return allErrs -} - -// validatePSPRunAsGroup validates the RunAsGroup fields of PodSecurityPolicy. -func validatePSPRunAsGroup(fldPath *field.Path, runAsGroup *policy.RunAsGroupStrategyOptions) field.ErrorList { - var allErrs field.ErrorList - - if runAsGroup == nil { - return allErrs - } - - switch runAsGroup.Rule { - case policy.RunAsGroupStrategyRunAsAny: - if len(runAsGroup.Ranges) != 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("ranges"), runAsGroup.Ranges, "Ranges must be empty")) - } - case policy.RunAsGroupStrategyMustRunAs, policy.RunAsGroupStrategyMayRunAs: - if len(runAsGroup.Ranges) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("ranges"), runAsGroup.Ranges, "must provide at least one range")) - } - // validate range settings - for idx, rng := range runAsGroup.Ranges { - allErrs = append(allErrs, validateGroupIDRange(fldPath.Child("ranges").Index(idx), rng)...) - } - default: - supportedRunAsGroupRules := []string{ - string(policy.RunAsGroupStrategyMustRunAs), - string(policy.RunAsGroupStrategyRunAsAny), - string(policy.RunAsGroupStrategyMayRunAs), - } - allErrs = append(allErrs, field.NotSupported(fldPath.Child("rule"), runAsGroup.Rule, supportedRunAsGroupRules)) - } - return allErrs -} - -// validatePSPFSGroup validates the FSGroupStrategyOptions fields of the PodSecurityPolicy. -func validatePSPFSGroup(fldPath *field.Path, groupOptions *policy.FSGroupStrategyOptions) field.ErrorList { - allErrs := field.ErrorList{} - - supportedRules := sets.NewString( - string(policy.FSGroupStrategyMustRunAs), - string(policy.FSGroupStrategyMayRunAs), - string(policy.FSGroupStrategyRunAsAny), - ) - if !supportedRules.Has(string(groupOptions.Rule)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("rule"), groupOptions.Rule, supportedRules.List())) - } - - for idx, rng := range groupOptions.Ranges { - allErrs = append(allErrs, validateGroupIDRange(fldPath.Child("ranges").Index(idx), rng)...) - } - return allErrs -} - -// validatePSPSupplementalGroup validates the SupplementalGroupsStrategyOptions fields of the PodSecurityPolicy. -func validatePSPSupplementalGroup(fldPath *field.Path, groupOptions *policy.SupplementalGroupsStrategyOptions) field.ErrorList { - allErrs := field.ErrorList{} - - supportedRules := sets.NewString( - string(policy.SupplementalGroupsStrategyRunAsAny), - string(policy.SupplementalGroupsStrategyMayRunAs), - string(policy.SupplementalGroupsStrategyMustRunAs), - ) - if !supportedRules.Has(string(groupOptions.Rule)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("rule"), groupOptions.Rule, supportedRules.List())) - } - - for idx, rng := range groupOptions.Ranges { - allErrs = append(allErrs, validateGroupIDRange(fldPath.Child("ranges").Index(idx), rng)...) - } - return allErrs -} - -// validatePodSecurityPolicyVolumes validates the volume fields of PodSecurityPolicy. -func validatePodSecurityPolicyVolumes(fldPath *field.Path, volumes []policy.FSType) field.ErrorList { - allErrs := field.ErrorList{} - allowed := getAllFSTypesAsSet() - // add in the * value since that is a pseudo type that is not included by default - allowed.Insert(string(policy.All)) - for _, v := range volumes { - if !allowed.Has(string(v)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("volumes"), v, allowed.List())) - } - } - return allErrs -} - -// getAllFSTypesAsSet returns all actual volume types, regardless -// of feature gates. The special policy.All pseudo type is not included. -func getAllFSTypesAsSet() sets.String { - fstypes := sets.NewString() - fstypes.Insert( - string(policy.HostPath), - string(policy.AzureFile), - string(policy.Flocker), - string(policy.FlexVolume), - string(policy.EmptyDir), - string(policy.GCEPersistentDisk), - string(policy.AWSElasticBlockStore), - string(policy.GitRepo), - string(policy.Secret), - string(policy.NFS), - string(policy.ISCSI), - string(policy.Glusterfs), - string(policy.PersistentVolumeClaim), - string(policy.RBD), - string(policy.Cinder), - string(policy.CephFS), - string(policy.DownwardAPI), - string(policy.FC), - string(policy.ConfigMap), - string(policy.VsphereVolume), - string(policy.Quobyte), - string(policy.AzureDisk), - string(policy.PhotonPersistentDisk), - string(policy.StorageOS), - string(policy.Projected), - string(policy.PortworxVolume), - string(policy.ScaleIO), - string(policy.CSI), - string(policy.Ephemeral), - ) - return fstypes -} - -// validatePSPDefaultAllowPrivilegeEscalation validates the DefaultAllowPrivilegeEscalation field against the AllowPrivilegeEscalation field of a PodSecurityPolicy. -func validatePSPDefaultAllowPrivilegeEscalation(fldPath *field.Path, defaultAllowPrivilegeEscalation *bool, allowPrivilegeEscalation bool) field.ErrorList { - allErrs := field.ErrorList{} - if defaultAllowPrivilegeEscalation != nil && *defaultAllowPrivilegeEscalation && !allowPrivilegeEscalation { - allErrs = append(allErrs, field.Invalid(fldPath, defaultAllowPrivilegeEscalation, "Cannot set DefaultAllowPrivilegeEscalation to true without also setting AllowPrivilegeEscalation to true")) - } - - return allErrs -} - -// validatePSPAllowedProcMountTypes validates the DefaultAllowPrivilegeEscalation field against the AllowPrivilegeEscalation field of a PodSecurityPolicy. -func validatePSPAllowedProcMountTypes(fldPath *field.Path, allowedProcMountTypes []core.ProcMountType) field.ErrorList { - allErrs := field.ErrorList{} - for i, procMountType := range allowedProcMountTypes { - if err := apivalidation.ValidateProcMountType(fldPath.Index(i), procMountType); err != nil { - allErrs = append(allErrs, err) - } - } - return allErrs -} - -const sysctlPatternSegmentFmt string = "([a-z0-9][-_a-z0-9]*)?[a-z0-9*]" - -// SysctlContainSlashPatternFmt is a regex that contains a slash used for matching valid sysctl patterns. -const SysctlContainSlashPatternFmt string = "(" + apivalidation.SysctlSegmentFmt + "[\\./])*" + sysctlPatternSegmentFmt - -var sysctlContainSlashPatternRegexp = regexp.MustCompile("^" + SysctlContainSlashPatternFmt + "$") - -// IsValidSysctlPattern checks if name is a valid sysctl pattern. -// i.e. matches sysctlContainSlashPatternRegexp. -// More info: -// -// https://man7.org/linux/man-pages/man8/sysctl.8.html -// https://man7.org/linux/man-pages/man5/sysctl.d.5.html -func IsValidSysctlPattern(name string) bool { - if len(name) > apivalidation.SysctlMaxLength { - return false - } - return sysctlContainSlashPatternRegexp.MatchString(name) -} - -func validatePodSecurityPolicySysctlListsDoNotOverlap(allowedSysctlsFldPath, forbiddenSysctlsFldPath *field.Path, allowedUnsafeSysctls, forbiddenSysctls []string) field.ErrorList { - allErrs := field.ErrorList{} - for i, allowedSysctl := range allowedUnsafeSysctls { - isAllowedSysctlPattern := false - allowedSysctlPrefix := "" - if strings.HasSuffix(allowedSysctl, "*") { - isAllowedSysctlPattern = true - allowedSysctlPrefix = strings.TrimSuffix(allowedSysctl, "*") - } - for j, forbiddenSysctl := range forbiddenSysctls { - isForbiddenSysctlPattern := false - forbiddenSysctlPrefix := "" - if strings.HasSuffix(forbiddenSysctl, "*") { - isForbiddenSysctlPattern = true - forbiddenSysctlPrefix = strings.TrimSuffix(forbiddenSysctl, "*") - } - switch { - case isAllowedSysctlPattern && isForbiddenSysctlPattern: - if strings.HasPrefix(allowedSysctlPrefix, forbiddenSysctlPrefix) { - allErrs = append(allErrs, field.Invalid(allowedSysctlsFldPath.Index(i), allowedUnsafeSysctls[i], fmt.Sprintf("sysctl overlaps with %v", forbiddenSysctl))) - } else if strings.HasPrefix(forbiddenSysctlPrefix, allowedSysctlPrefix) { - allErrs = append(allErrs, field.Invalid(forbiddenSysctlsFldPath.Index(j), forbiddenSysctls[j], fmt.Sprintf("sysctl overlaps with %v", allowedSysctl))) - } - case isAllowedSysctlPattern: - if strings.HasPrefix(forbiddenSysctl, allowedSysctlPrefix) { - allErrs = append(allErrs, field.Invalid(forbiddenSysctlsFldPath.Index(j), forbiddenSysctls[j], fmt.Sprintf("sysctl overlaps with %v", allowedSysctl))) - } - case isForbiddenSysctlPattern: - if strings.HasPrefix(allowedSysctl, forbiddenSysctlPrefix) { - allErrs = append(allErrs, field.Invalid(allowedSysctlsFldPath.Index(i), allowedUnsafeSysctls[i], fmt.Sprintf("sysctl overlaps with %v", forbiddenSysctl))) - } - default: - if allowedSysctl == forbiddenSysctl { - allErrs = append(allErrs, field.Invalid(allowedSysctlsFldPath.Index(i), allowedUnsafeSysctls[i], fmt.Sprintf("sysctl overlaps with %v", forbiddenSysctl))) - } - } - } - } - return allErrs -} - -// validatePodSecurityPolicySysctls validates the sysctls fields of PodSecurityPolicy. -func validatePodSecurityPolicySysctls(fldPath *field.Path, sysctls []string) field.ErrorList { - allErrs := field.ErrorList{} - - if len(sysctls) == 0 { - return allErrs - } - - coversAll := false - for i, s := range sysctls { - if len(s) == 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Index(i), sysctls[i], "empty sysctl not allowed")) - } else if !IsValidSysctlPattern(string(s)) { - allErrs = append( - allErrs, - field.Invalid(fldPath.Index(i), sysctls[i], fmt.Sprintf("must have at most %d characters and match regex %s", - apivalidation.SysctlMaxLength, - SysctlContainSlashPatternFmt, - )), - ) - } else if s[0] == '*' { - coversAll = true - } - } - - if coversAll && len(sysctls) > 1 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("items"), "if '*' is present, must not specify other sysctls")) - } - - return allErrs -} - -func validateUserIDRange(fldPath *field.Path, rng policy.IDRange) field.ErrorList { - return validateIDRanges(fldPath, rng.Min, rng.Max) -} - -func validateGroupIDRange(fldPath *field.Path, rng policy.IDRange) field.ErrorList { - return validateIDRanges(fldPath, rng.Min, rng.Max) -} - -// validateIDRanges ensures the range is valid. -func validateIDRanges(fldPath *field.Path, min, max int64) field.ErrorList { - allErrs := field.ErrorList{} - - // if 0 <= Min <= Max then we do not need to validate max. It is always greater than or - // equal to 0 and Min. - if min < 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("min"), min, "min cannot be negative")) - } - if max < 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("max"), max, "max cannot be negative")) - } - if min > max { - allErrs = append(allErrs, field.Invalid(fldPath.Child("min"), min, "min cannot be greater than max")) - } - - return allErrs -} - -// validatePSPCapsAgainstDrops ensures an allowed cap is not listed in the required drops. -func validatePSPCapsAgainstDrops(requiredDrops []core.Capability, capsToCheck []core.Capability, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if requiredDrops == nil { - return allErrs - } - for _, cap := range capsToCheck { - if hasCap(cap, requiredDrops) { - allErrs = append(allErrs, field.Invalid(fldPath, cap, - fmt.Sprintf("capability is listed in %s and requiredDropCapabilities", fldPath.String()))) - } - } - return allErrs -} - -// validateRuntimeClassStrategy ensures all the RuntimeClass restrictions are valid. -func validateRuntimeClassStrategy(fldPath *field.Path, rc *policy.RuntimeClassStrategyOptions) field.ErrorList { - if rc == nil { - return nil - } - - var allErrs field.ErrorList - - allowed := map[string]bool{} - for i, name := range rc.AllowedRuntimeClassNames { - if name != policy.AllowAllRuntimeClassNames { - allErrs = append(allErrs, apivalidation.ValidateRuntimeClassName(name, fldPath.Child("allowedRuntimeClassNames").Index(i))...) - } - if allowed[name] { - allErrs = append(allErrs, field.Duplicate(fldPath.Child("allowedRuntimeClassNames").Index(i), name)) - } - allowed[name] = true - } - - if rc.DefaultRuntimeClassName != nil { - allErrs = append(allErrs, apivalidation.ValidateRuntimeClassName(*rc.DefaultRuntimeClassName, fldPath.Child("defaultRuntimeClassName"))...) - if !allowed[*rc.DefaultRuntimeClassName] && !allowed[policy.AllowAllRuntimeClassNames] { - allErrs = append(allErrs, field.Required(fldPath.Child("allowedRuntimeClassNames"), - fmt.Sprintf("default %q must be allowed", *rc.DefaultRuntimeClassName))) - } - } - - if allowed[policy.AllowAllRuntimeClassNames] && len(rc.AllowedRuntimeClassNames) > 1 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("allowedRuntimeClassNames"), rc.AllowedRuntimeClassNames, "if '*' is present, must not specify other RuntimeClass names")) - } - - return allErrs -} - -// ValidatePodSecurityPolicyUpdate validates a PSP for updates. -func ValidatePodSecurityPolicyUpdate(old *policy.PodSecurityPolicy, new *policy.PodSecurityPolicy) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpecificAnnotations(new.Annotations, field.NewPath("metadata").Child("annotations"))...) - allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, field.NewPath("spec"))...) - return allErrs -} - -// hasCap checks for needle in haystack. -func hasCap(needle core.Capability, haystack []core.Capability) bool { - for _, c := range haystack { - if needle == c { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/zz_generated.deepcopy.go deleted file mode 100644 index 972599147a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/policy/zz_generated.deepcopy.go +++ /dev/null @@ -1,548 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package policy - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AllowedCSIDriver) DeepCopyInto(out *AllowedCSIDriver) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedCSIDriver. -func (in *AllowedCSIDriver) DeepCopy() *AllowedCSIDriver { - if in == nil { - return nil - } - out := new(AllowedCSIDriver) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume. -func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume { - if in == nil { - return nil - } - out := new(AllowedFlexVolume) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedHostPath. -func (in *AllowedHostPath) DeepCopy() *AllowedHostPath { - if in == nil { - return nil - } - out := new(AllowedHostPath) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Eviction) DeepCopyInto(out *Eviction) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.DeleteOptions != nil { - in, out := &in.DeleteOptions, &out.DeleteOptions - *out = new(v1.DeleteOptions) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Eviction. -func (in *Eviction) DeepCopy() *Eviction { - if in == nil { - return nil - } - out := new(Eviction) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Eviction) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions) { - *out = *in - if in.Ranges != nil { - in, out := &in.Ranges, &out.Ranges - *out = make([]IDRange, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions. -func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions { - if in == nil { - return nil - } - out := new(FSGroupStrategyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostPortRange) DeepCopyInto(out *HostPortRange) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortRange. -func (in *HostPortRange) DeepCopy() *HostPortRange { - if in == nil { - return nil - } - out := new(HostPortRange) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IDRange) DeepCopyInto(out *IDRange) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange. -func (in *IDRange) DeepCopy() *IDRange { - if in == nil { - return nil - } - out := new(IDRange) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudget. -func (in *PodDisruptionBudget) DeepCopy() *PodDisruptionBudget { - if in == nil { - return nil - } - out := new(PodDisruptionBudget) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodDisruptionBudget) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodDisruptionBudgetList) DeepCopyInto(out *PodDisruptionBudgetList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PodDisruptionBudget, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetList. -func (in *PodDisruptionBudgetList) DeepCopy() *PodDisruptionBudgetList { - if in == nil { - return nil - } - out := new(PodDisruptionBudgetList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodDisruptionBudgetList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodDisruptionBudgetSpec) DeepCopyInto(out *PodDisruptionBudgetSpec) { - *out = *in - if in.MinAvailable != nil { - in, out := &in.MinAvailable, &out.MinAvailable - *out = new(intstr.IntOrString) - **out = **in - } - if in.Selector != nil { - in, out := &in.Selector, &out.Selector - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.MaxUnavailable != nil { - in, out := &in.MaxUnavailable, &out.MaxUnavailable - *out = new(intstr.IntOrString) - **out = **in - } - if in.UnhealthyPodEvictionPolicy != nil { - in, out := &in.UnhealthyPodEvictionPolicy, &out.UnhealthyPodEvictionPolicy - *out = new(UnhealthyPodEvictionPolicyType) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetSpec. -func (in *PodDisruptionBudgetSpec) DeepCopy() *PodDisruptionBudgetSpec { - if in == nil { - return nil - } - out := new(PodDisruptionBudgetSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodDisruptionBudgetStatus) DeepCopyInto(out *PodDisruptionBudgetStatus) { - *out = *in - if in.DisruptedPods != nil { - in, out := &in.DisruptedPods, &out.DisruptedPods - *out = make(map[string]v1.Time, len(*in)) - for key, val := range *in { - (*out)[key] = *val.DeepCopy() - } - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetStatus. -func (in *PodDisruptionBudgetStatus) DeepCopy() *PodDisruptionBudgetStatus { - if in == nil { - return nil - } - out := new(PodDisruptionBudgetStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicy. -func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy { - if in == nil { - return nil - } - out := new(PodSecurityPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PodSecurityPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyList. -func (in *PodSecurityPolicyList) DeepCopy() *PodSecurityPolicyList { - if in == nil { - return nil - } - out := new(PodSecurityPolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) { - *out = *in - if in.DefaultAddCapabilities != nil { - in, out := &in.DefaultAddCapabilities, &out.DefaultAddCapabilities - *out = make([]core.Capability, len(*in)) - copy(*out, *in) - } - if in.RequiredDropCapabilities != nil { - in, out := &in.RequiredDropCapabilities, &out.RequiredDropCapabilities - *out = make([]core.Capability, len(*in)) - copy(*out, *in) - } - if in.AllowedCapabilities != nil { - in, out := &in.AllowedCapabilities, &out.AllowedCapabilities - *out = make([]core.Capability, len(*in)) - copy(*out, *in) - } - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]FSType, len(*in)) - copy(*out, *in) - } - if in.HostPorts != nil { - in, out := &in.HostPorts, &out.HostPorts - *out = make([]HostPortRange, len(*in)) - copy(*out, *in) - } - in.SELinux.DeepCopyInto(&out.SELinux) - in.RunAsUser.DeepCopyInto(&out.RunAsUser) - if in.RunAsGroup != nil { - in, out := &in.RunAsGroup, &out.RunAsGroup - *out = new(RunAsGroupStrategyOptions) - (*in).DeepCopyInto(*out) - } - in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups) - in.FSGroup.DeepCopyInto(&out.FSGroup) - if in.DefaultAllowPrivilegeEscalation != nil { - in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation - *out = new(bool) - **out = **in - } - if in.AllowedHostPaths != nil { - in, out := &in.AllowedHostPaths, &out.AllowedHostPaths - *out = make([]AllowedHostPath, len(*in)) - copy(*out, *in) - } - if in.AllowedFlexVolumes != nil { - in, out := &in.AllowedFlexVolumes, &out.AllowedFlexVolumes - *out = make([]AllowedFlexVolume, len(*in)) - copy(*out, *in) - } - if in.AllowedCSIDrivers != nil { - in, out := &in.AllowedCSIDrivers, &out.AllowedCSIDrivers - *out = make([]AllowedCSIDriver, len(*in)) - copy(*out, *in) - } - if in.AllowedUnsafeSysctls != nil { - in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ForbiddenSysctls != nil { - in, out := &in.ForbiddenSysctls, &out.ForbiddenSysctls - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.AllowedProcMountTypes != nil { - in, out := &in.AllowedProcMountTypes, &out.AllowedProcMountTypes - *out = make([]core.ProcMountType, len(*in)) - copy(*out, *in) - } - if in.RuntimeClass != nil { - in, out := &in.RuntimeClass, &out.RuntimeClass - *out = new(RuntimeClassStrategyOptions) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySpec. -func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec { - if in == nil { - return nil - } - out := new(PodSecurityPolicySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions) { - *out = *in - if in.Ranges != nil { - in, out := &in.Ranges, &out.Ranges - *out = make([]IDRange, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions. -func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions { - if in == nil { - return nil - } - out := new(RunAsGroupStrategyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions) { - *out = *in - if in.Ranges != nil { - in, out := &in.Ranges, &out.Ranges - *out = make([]IDRange, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions. -func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions { - if in == nil { - return nil - } - out := new(RunAsUserStrategyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RuntimeClassStrategyOptions) DeepCopyInto(out *RuntimeClassStrategyOptions) { - *out = *in - if in.AllowedRuntimeClassNames != nil { - in, out := &in.AllowedRuntimeClassNames, &out.AllowedRuntimeClassNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.DefaultRuntimeClassName != nil { - in, out := &in.DefaultRuntimeClassName, &out.DefaultRuntimeClassName - *out = new(string) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuntimeClassStrategyOptions. -func (in *RuntimeClassStrategyOptions) DeepCopy() *RuntimeClassStrategyOptions { - if in == nil { - return nil - } - out := new(RuntimeClassStrategyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions) { - *out = *in - if in.SELinuxOptions != nil { - in, out := &in.SELinuxOptions, &out.SELinuxOptions - *out = new(core.SELinuxOptions) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxStrategyOptions. -func (in *SELinuxStrategyOptions) DeepCopy() *SELinuxStrategyOptions { - if in == nil { - return nil - } - out := new(SELinuxStrategyOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions) { - *out = *in - if in.Ranges != nil { - in, out := &in.Ranges, &out.Ranges - *out = make([]IDRange, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions. -func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions { - if in == nil { - return nil - } - out := new(SupplementalGroupsStrategyOptions) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/OWNERS deleted file mode 100644 index 2fa50ca5bd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: - - sig-auth-authorizers-approvers - - sig-auth-authorizers-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/doc.go deleted file mode 100644 index ea2309eea7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=rbac.authorization.k8s.io - -package rbac // import "k8s.io/kubernetes/pkg/apis/rbac" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/helpers.go deleted file mode 100644 index 00aa4cae17..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/helpers.go +++ /dev/null @@ -1,375 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "fmt" - "strings" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" -) - -// ResourceMatches returns the result of the rule.Resources matching. -func ResourceMatches(rule *PolicyRule, combinedRequestedResource, requestedSubresource string) bool { - for _, ruleResource := range rule.Resources { - // if everything is allowed, we match - if ruleResource == ResourceAll { - return true - } - // if we have an exact match, we match - if ruleResource == combinedRequestedResource { - return true - } - - // We can also match a */subresource. - // if there isn't a subresource, then continue - if len(requestedSubresource) == 0 { - continue - } - // if the rule isn't in the format */subresource, then we don't match, continue - if len(ruleResource) == len(requestedSubresource)+2 && - strings.HasPrefix(ruleResource, "*/") && - strings.HasSuffix(ruleResource, requestedSubresource) { - return true - - } - } - - return false -} - -// SubjectsStrings returns users, groups, serviceaccounts, unknown for display purposes. -func SubjectsStrings(subjects []Subject) ([]string, []string, []string, []string) { - users := []string{} - groups := []string{} - sas := []string{} - others := []string{} - - for _, subject := range subjects { - switch subject.Kind { - case ServiceAccountKind: - sas = append(sas, fmt.Sprintf("%s/%s", subject.Namespace, subject.Name)) - - case UserKind: - users = append(users, subject.Name) - - case GroupKind: - groups = append(groups, subject.Name) - - default: - others = append(others, fmt.Sprintf("%s/%s/%s", subject.Kind, subject.Namespace, subject.Name)) - } - } - - return users, groups, sas, others -} - -func (r PolicyRule) String() string { - return "PolicyRule" + r.CompactString() -} - -// CompactString exposes a compact string representation for use in escalation error messages -func (r PolicyRule) CompactString() string { - formatStringParts := []string{} - formatArgs := []interface{}{} - if len(r.APIGroups) > 0 { - formatStringParts = append(formatStringParts, "APIGroups:%q") - formatArgs = append(formatArgs, r.APIGroups) - } - if len(r.Resources) > 0 { - formatStringParts = append(formatStringParts, "Resources:%q") - formatArgs = append(formatArgs, r.Resources) - } - if len(r.NonResourceURLs) > 0 { - formatStringParts = append(formatStringParts, "NonResourceURLs:%q") - formatArgs = append(formatArgs, r.NonResourceURLs) - } - if len(r.ResourceNames) > 0 { - formatStringParts = append(formatStringParts, "ResourceNames:%q") - formatArgs = append(formatArgs, r.ResourceNames) - } - if len(r.Verbs) > 0 { - formatStringParts = append(formatStringParts, "Verbs:%q") - formatArgs = append(formatArgs, r.Verbs) - } - formatString := "{" + strings.Join(formatStringParts, ", ") + "}" - return fmt.Sprintf(formatString, formatArgs...) -} - -// PolicyRuleBuilder let's us attach methods. A no-no for API types. -// We use it to construct rules in code. It's more compact than trying to write them -// out in a literal and allows us to perform some basic checking during construction -// +k8s:deepcopy-gen=false -type PolicyRuleBuilder struct { - PolicyRule PolicyRule -} - -// NewRule returns new PolicyRule made by input verbs. -func NewRule(verbs ...string) *PolicyRuleBuilder { - return &PolicyRuleBuilder{ - PolicyRule: PolicyRule{Verbs: sets.NewString(verbs...).List()}, - } -} - -// Groups combines the PolicyRule.APIGroups and input groups. -func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder { - r.PolicyRule.APIGroups = combine(r.PolicyRule.APIGroups, groups) - return r -} - -// Resources combines the PolicyRule.Rule and input resources. -func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder { - r.PolicyRule.Resources = combine(r.PolicyRule.Resources, resources) - return r -} - -// Names combines the PolicyRule.ResourceNames and input names. -func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder { - r.PolicyRule.ResourceNames = combine(r.PolicyRule.ResourceNames, names) - return r -} - -// URLs combines the PolicyRule.NonResourceURLs and input urls. -func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder { - r.PolicyRule.NonResourceURLs = combine(r.PolicyRule.NonResourceURLs, urls) - return r -} - -// RuleOrDie calls the binding method and panics if there is an error. -func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule { - ret, err := r.Rule() - if err != nil { - panic(err) - } - return ret -} - -func combine(s1, s2 []string) []string { - s := sets.NewString(s1...) - s.Insert(s2...) - return s.List() -} - -// Rule returns PolicyRule and error. -func (r *PolicyRuleBuilder) Rule() (PolicyRule, error) { - if len(r.PolicyRule.Verbs) == 0 { - return PolicyRule{}, fmt.Errorf("verbs are required: %#v", r.PolicyRule) - } - - switch { - case len(r.PolicyRule.NonResourceURLs) > 0: - if len(r.PolicyRule.APIGroups) != 0 || len(r.PolicyRule.Resources) != 0 || len(r.PolicyRule.ResourceNames) != 0 { - return PolicyRule{}, fmt.Errorf("non-resource rule may not have apiGroups, resources, or resourceNames: %#v", r.PolicyRule) - } - case len(r.PolicyRule.Resources) > 0: - // resource rule may not have nonResourceURLs - - if len(r.PolicyRule.APIGroups) == 0 { - // this a common bug - return PolicyRule{}, fmt.Errorf("resource rule must have apiGroups: %#v", r.PolicyRule) - } - // if resource names are set, then the verb must not be list, watch, create, or deletecollection - // since verbs are largely opaque, we don't want to accidentally prevent things like "impersonate", so - // we will backlist common mistakes, not whitelist acceptable options. - if len(r.PolicyRule.ResourceNames) != 0 { - illegalVerbs := []string{} - for _, verb := range r.PolicyRule.Verbs { - switch verb { - case "list", "watch", "create", "deletecollection": - illegalVerbs = append(illegalVerbs, verb) - } - } - if len(illegalVerbs) > 0 { - return PolicyRule{}, fmt.Errorf("verbs %v do not have names available: %#v", illegalVerbs, r.PolicyRule) - } - } - - default: - return PolicyRule{}, fmt.Errorf("a rule must have either nonResourceURLs or resources: %#v", r.PolicyRule) - } - - return r.PolicyRule, nil -} - -// ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. -// We use it to construct bindings in code. It's more compact than trying to write them -// out in a literal. -// +k8s:deepcopy-gen=false -type ClusterRoleBindingBuilder struct { - ClusterRoleBinding ClusterRoleBinding -} - -// NewClusterBinding creates a ClusterRoleBinding builder that can be used -// to define the subjects of a cluster role binding. At least one of -// the `Groups`, `Users` or `SAs` method must be called before -// calling the `Binding*` methods. -func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder { - return &ClusterRoleBindingBuilder{ - ClusterRoleBinding: ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}, - RoleRef: RoleRef{ - APIGroup: GroupName, - Kind: "ClusterRole", - Name: clusterRoleName, - }, - }, - } -} - -// Groups adds the specified groups as the subjects of the ClusterRoleBinding. -func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder { - for _, group := range groups { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: GroupKind, APIGroup: GroupName, Name: group}) - } - return r -} - -// Users adds the specified users as the subjects of the ClusterRoleBinding. -func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder { - for _, user := range users { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: UserKind, APIGroup: GroupName, Name: user}) - } - return r -} - -// SAs adds the specified sas as the subjects of the ClusterRoleBinding. -func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder { - for _, saName := range serviceAccountNames { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: ServiceAccountKind, Namespace: namespace, Name: saName}) - } - return r -} - -// BindingOrDie calls the binding method and panics if there is an error. -func (r *ClusterRoleBindingBuilder) BindingOrDie() ClusterRoleBinding { - ret, err := r.Binding() - if err != nil { - panic(err) - } - return ret -} - -// Binding builds and returns the ClusterRoleBinding API object from the builder -// object. -func (r *ClusterRoleBindingBuilder) Binding() (ClusterRoleBinding, error) { - if len(r.ClusterRoleBinding.Subjects) == 0 { - return ClusterRoleBinding{}, fmt.Errorf("subjects are required: %#v", r.ClusterRoleBinding) - } - - return r.ClusterRoleBinding, nil -} - -// RoleBindingBuilder let's us attach methods. It is similar to -// ClusterRoleBindingBuilder above. -// +k8s:deepcopy-gen=false -type RoleBindingBuilder struct { - RoleBinding RoleBinding -} - -// NewRoleBinding creates a RoleBinding builder that can be used -// to define the subjects of a role binding. At least one of -// the `Groups`, `Users` or `SAs` method must be called before -// calling the `Binding*` methods. -func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder { - return &RoleBindingBuilder{ - RoleBinding: RoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: roleName, - Namespace: namespace, - }, - RoleRef: RoleRef{ - APIGroup: GroupName, - Kind: "Role", - Name: roleName, - }, - }, - } -} - -// NewRoleBindingForClusterRole creates a RoleBinding builder that can be used -// to define the subjects of a cluster role binding. At least one of -// the `Groups`, `Users` or `SAs` method must be called before -// calling the `Binding*` methods. -func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder { - return &RoleBindingBuilder{ - RoleBinding: RoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: roleName, - Namespace: namespace, - }, - RoleRef: RoleRef{ - APIGroup: GroupName, - Kind: "ClusterRole", - Name: roleName, - }, - }, - } -} - -// Groups adds the specified groups as the subjects of the RoleBinding. -func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder { - for _, group := range groups { - r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, Subject{Kind: GroupKind, APIGroup: GroupName, Name: group}) - } - return r -} - -// Users adds the specified users as the subjects of the RoleBinding. -func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder { - for _, user := range users { - r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, Subject{Kind: UserKind, APIGroup: GroupName, Name: user}) - } - return r -} - -// SAs adds the specified service accounts as the subjects of the -// RoleBinding. -func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder { - for _, saName := range serviceAccountNames { - r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, Subject{Kind: ServiceAccountKind, Namespace: namespace, Name: saName}) - } - return r -} - -// BindingOrDie calls the binding method and panics if there is an error. -func (r *RoleBindingBuilder) BindingOrDie() RoleBinding { - ret, err := r.Binding() - if err != nil { - panic(err) - } - return ret -} - -// Binding builds and returns the RoleBinding API object from the builder -// object. -func (r *RoleBindingBuilder) Binding() (RoleBinding, error) { - if len(r.RoleBinding.Subjects) == 0 { - return RoleBinding{}, fmt.Errorf("subjects are required: %#v", r.RoleBinding) - } - - return r.RoleBinding, nil -} - -// SortableRuleSlice is the slice of PolicyRule. -type SortableRuleSlice []PolicyRule - -func (s SortableRuleSlice) Len() int { return len(s) } -func (s SortableRuleSlice) Swap(i, j int) { s[i], s[j] = s[j], s[i] } -func (s SortableRuleSlice) Less(i, j int) bool { - return strings.Compare(s[i].String(), s[j].String()) < 0 -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/install/install.go deleted file mode 100644 index 545523d0a5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the batch API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/apis/rbac/v1" - "k8s.io/kubernetes/pkg/apis/rbac/v1alpha1" - "k8s.io/kubernetes/pkg/apis/rbac/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(rbac.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion, v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/register.go deleted file mode 100644 index 48f5f6e742..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/register.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the name of this API group. -const GroupName = "rbac.authorization.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -// SchemeBuilder is a function that calls Register for you. -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Role{}, - &RoleBinding{}, - &RoleBindingList{}, - &RoleList{}, - - &ClusterRole{}, - &ClusterRoleBinding{}, - &ClusterRoleBindingList{}, - &ClusterRoleList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/types.go deleted file mode 100644 index ab10b0461c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/types.go +++ /dev/null @@ -1,208 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// Authorization is calculated against -// 1. evaluation of ClusterRoleBindings - short circuit on match -// 2. evaluation of RoleBindings in the namespace requested - short circuit on match -// 3. deny by default - -// APIGroupAll and these consts are default values for rbac authorization. -const ( - APIGroupAll = "*" - ResourceAll = "*" - VerbAll = "*" - NonResourceAll = "*" - - GroupKind = "Group" - ServiceAccountKind = "ServiceAccount" - UserKind = "User" - - // AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" - AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate" -) - -// PolicyRule holds information that describes a policy rule, but does not contain information -// about who the rule applies to or which namespace the rule applies to. -type PolicyRule struct { - // Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. - Verbs []string - - // APIGroups is the name of the APIGroup that contains the resources. - // If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - APIGroups []string - // Resources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups. - // '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups. - Resources []string - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - ResourceNames []string - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path - // If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match. - // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. - // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - NonResourceURLs []string -} - -// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -// or a value for non-objects such as user and group names. -type Subject struct { - // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - // If the Authorizer does not recognized the kind value, the Authorizer should report an error. - Kind string - // APIGroup holds the API group of the referenced subject. - // Defaults to "" for ServiceAccount subjects. - // Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - APIGroup string - // Name of the object being referenced. - Name string - // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - // the Authorizer should report an error. - Namespace string -} - -// RoleRef contains information that points to the role being used -type RoleRef struct { - // APIGroup is the group for the resource being referenced - APIGroup string - // Kind is the type of resource being referenced - Kind string - // Name is the name of resource being referenced - Name string -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. -type Role struct { - metav1.TypeMeta - // Standard object's metadata. - metav1.ObjectMeta - - // Rules holds all the PolicyRules for this Role - Rules []PolicyRule -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. -// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given -// namespace only have effect in that namespace. -type RoleBinding struct { - metav1.TypeMeta - metav1.ObjectMeta - - // Subjects holds references to the objects the role applies to. - Subjects []Subject - - // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - RoleRef RoleRef -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RoleBindingList is a collection of RoleBindings -type RoleBindingList struct { - metav1.TypeMeta - // Standard object's metadata. - metav1.ListMeta - - // Items is a list of roleBindings - Items []RoleBinding -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RoleList is a collection of Roles -type RoleList struct { - metav1.TypeMeta - // Standard object's metadata. - metav1.ListMeta - - // Items is a list of roles - Items []Role -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. -type ClusterRole struct { - metav1.TypeMeta - // Standard object's metadata. - metav1.ObjectMeta - - // Rules holds all the PolicyRules for this ClusterRole - Rules []PolicyRule - - // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. - // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be - // stomped by the controller. - AggregationRule *AggregationRule -} - -// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole -type AggregationRule struct { - // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. - // If any of the selectors match, then the ClusterRole's permissions will be added - ClusterRoleSelectors []metav1.LabelSelector -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, -// and adds who information via Subject. -type ClusterRoleBinding struct { - metav1.TypeMeta - // Standard object's metadata. - metav1.ObjectMeta - - // Subjects holds references to the objects the role applies to. - Subjects []Subject - - // RoleRef can only reference a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - RoleRef RoleRef -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRoleBindingList is a collection of ClusterRoleBindings -type ClusterRoleBindingList struct { - metav1.TypeMeta - // Standard object's metadata. - metav1.ListMeta - - // Items is a list of ClusterRoleBindings - Items []ClusterRoleBinding -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRoleList is a collection of ClusterRoles -type ClusterRoleList struct { - metav1.TypeMeta - // Standard object's metadata. - metav1.ListMeta - - // Items is a list of ClusterRoles - Items []ClusterRole -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/defaults.go deleted file mode 100644 index 7d285a8574..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/defaults.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_ClusterRoleBinding(obj *rbacv1.ClusterRoleBinding) { - if len(obj.RoleRef.APIGroup) == 0 { - obj.RoleRef.APIGroup = GroupName - } -} -func SetDefaults_RoleBinding(obj *rbacv1.RoleBinding) { - if len(obj.RoleRef.APIGroup) == 0 { - obj.RoleRef.APIGroup = GroupName - } -} -func SetDefaults_Subject(obj *rbacv1.Subject) { - if len(obj.APIGroup) == 0 { - switch obj.Kind { - case rbacv1.ServiceAccountKind: - obj.APIGroup = "" - case rbacv1.UserKind: - obj.APIGroup = GroupName - case rbacv1.GroupKind: - obj.APIGroup = GroupName - } - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/doc.go deleted file mode 100644 index ceed839b70..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/doc.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/rbac -// +k8s:conversion-gen-external-types=k8s.io/api/rbac/v1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/rbac/v1 -// +k8s:deepcopy-gen=package - -// +groupName=rbac.authorization.k8s.io - -package v1 // import "k8s.io/kubernetes/pkg/apis/rbac/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/evaluation_helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/evaluation_helpers.go deleted file mode 100644 index 3707760bf5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/evaluation_helpers.go +++ /dev/null @@ -1,179 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - "strings" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -func RoleRefGroupKind(roleRef rbacv1.RoleRef) schema.GroupKind { - return schema.GroupKind{Group: roleRef.APIGroup, Kind: roleRef.Kind} -} - -func VerbMatches(rule *rbacv1.PolicyRule, requestedVerb string) bool { - for _, ruleVerb := range rule.Verbs { - if ruleVerb == rbacv1.VerbAll { - return true - } - if ruleVerb == requestedVerb { - return true - } - } - - return false -} - -func APIGroupMatches(rule *rbacv1.PolicyRule, requestedGroup string) bool { - for _, ruleGroup := range rule.APIGroups { - if ruleGroup == rbacv1.APIGroupAll { - return true - } - if ruleGroup == requestedGroup { - return true - } - } - - return false -} - -func ResourceMatches(rule *rbacv1.PolicyRule, combinedRequestedResource, requestedSubresource string) bool { - for _, ruleResource := range rule.Resources { - // if everything is allowed, we match - if ruleResource == rbacv1.ResourceAll { - return true - } - // if we have an exact match, we match - if ruleResource == combinedRequestedResource { - return true - } - - // We can also match a */subresource. - // if there isn't a subresource, then continue - if len(requestedSubresource) == 0 { - continue - } - // if the rule isn't in the format */subresource, then we don't match, continue - if len(ruleResource) == len(requestedSubresource)+2 && - strings.HasPrefix(ruleResource, "*/") && - strings.HasSuffix(ruleResource, requestedSubresource) { - return true - - } - } - - return false -} - -func ResourceNameMatches(rule *rbacv1.PolicyRule, requestedName string) bool { - if len(rule.ResourceNames) == 0 { - return true - } - - for _, ruleName := range rule.ResourceNames { - if ruleName == requestedName { - return true - } - } - - return false -} - -func NonResourceURLMatches(rule *rbacv1.PolicyRule, requestedURL string) bool { - for _, ruleURL := range rule.NonResourceURLs { - if ruleURL == rbacv1.NonResourceAll { - return true - } - if ruleURL == requestedURL { - return true - } - if strings.HasSuffix(ruleURL, "*") && strings.HasPrefix(requestedURL, strings.TrimRight(ruleURL, "*")) { - return true - } - } - - return false -} - -// subjectsStrings returns users, groups, serviceaccounts, unknown for display purposes. -func SubjectsStrings(subjects []rbacv1.Subject) ([]string, []string, []string, []string) { - users := []string{} - groups := []string{} - sas := []string{} - others := []string{} - - for _, subject := range subjects { - switch subject.Kind { - case rbacv1.ServiceAccountKind: - sas = append(sas, fmt.Sprintf("%s/%s", subject.Namespace, subject.Name)) - - case rbacv1.UserKind: - users = append(users, subject.Name) - - case rbacv1.GroupKind: - groups = append(groups, subject.Name) - - default: - others = append(others, fmt.Sprintf("%s/%s/%s", subject.Kind, subject.Namespace, subject.Name)) - } - } - - return users, groups, sas, others -} - -func String(r rbacv1.PolicyRule) string { - return "PolicyRule" + CompactString(r) -} - -// CompactString exposes a compact string representation for use in escalation error messages -func CompactString(r rbacv1.PolicyRule) string { - formatStringParts := []string{} - formatArgs := []interface{}{} - if len(r.APIGroups) > 0 { - formatStringParts = append(formatStringParts, "APIGroups:%q") - formatArgs = append(formatArgs, r.APIGroups) - } - if len(r.Resources) > 0 { - formatStringParts = append(formatStringParts, "Resources:%q") - formatArgs = append(formatArgs, r.Resources) - } - if len(r.NonResourceURLs) > 0 { - formatStringParts = append(formatStringParts, "NonResourceURLs:%q") - formatArgs = append(formatArgs, r.NonResourceURLs) - } - if len(r.ResourceNames) > 0 { - formatStringParts = append(formatStringParts, "ResourceNames:%q") - formatArgs = append(formatArgs, r.ResourceNames) - } - if len(r.Verbs) > 0 { - formatStringParts = append(formatStringParts, "Verbs:%q") - formatArgs = append(formatArgs, r.Verbs) - } - formatString := "{" + strings.Join(formatStringParts, ", ") + "}" - return fmt.Sprintf(formatString, formatArgs...) -} - -type SortableRuleSlice []rbacv1.PolicyRule - -func (s SortableRuleSlice) Len() int { return len(s) } -func (s SortableRuleSlice) Swap(i, j int) { s[i], s[j] = s[j], s[i] } -func (s SortableRuleSlice) Less(i, j int) bool { - return strings.Compare(s[i].String(), s[j].String()) < 0 -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go deleted file mode 100644 index 539fe85b46..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/helpers.go +++ /dev/null @@ -1,247 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - - rbacv1 "k8s.io/api/rbac/v1" - - "sort" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen=false - -// PolicyRuleBuilder let's us attach methods. A no-no for API types. -// We use it to construct rules in code. It's more compact than trying to write them -// out in a literal and allows us to perform some basic checking during construction -type PolicyRuleBuilder struct { - PolicyRule rbacv1.PolicyRule `protobuf:"bytes,1,opt,name=policyRule"` -} - -func NewRule(verbs ...string) *PolicyRuleBuilder { - return &PolicyRuleBuilder{ - PolicyRule: rbacv1.PolicyRule{Verbs: verbs}, - } -} - -func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder { - r.PolicyRule.APIGroups = append(r.PolicyRule.APIGroups, groups...) - return r -} - -func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder { - r.PolicyRule.Resources = append(r.PolicyRule.Resources, resources...) - return r -} - -func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder { - r.PolicyRule.ResourceNames = append(r.PolicyRule.ResourceNames, names...) - return r -} - -func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder { - r.PolicyRule.NonResourceURLs = append(r.PolicyRule.NonResourceURLs, urls...) - return r -} - -func (r *PolicyRuleBuilder) RuleOrDie() rbacv1.PolicyRule { - ret, err := r.Rule() - if err != nil { - panic(err) - } - return ret -} - -func (r *PolicyRuleBuilder) Rule() (rbacv1.PolicyRule, error) { - if len(r.PolicyRule.Verbs) == 0 { - return rbacv1.PolicyRule{}, fmt.Errorf("verbs are required: %#v", r.PolicyRule) - } - - switch { - case len(r.PolicyRule.NonResourceURLs) > 0: - if len(r.PolicyRule.APIGroups) != 0 || len(r.PolicyRule.Resources) != 0 || len(r.PolicyRule.ResourceNames) != 0 { - return rbacv1.PolicyRule{}, fmt.Errorf("non-resource rule may not have apiGroups, resources, or resourceNames: %#v", r.PolicyRule) - } - case len(r.PolicyRule.Resources) > 0: - if len(r.PolicyRule.NonResourceURLs) != 0 { - return rbacv1.PolicyRule{}, fmt.Errorf("resource rule may not have nonResourceURLs: %#v", r.PolicyRule) - } - if len(r.PolicyRule.APIGroups) == 0 { - // this a common bug - return rbacv1.PolicyRule{}, fmt.Errorf("resource rule must have apiGroups: %#v", r.PolicyRule) - } - default: - return rbacv1.PolicyRule{}, fmt.Errorf("a rule must have either nonResourceURLs or resources: %#v", r.PolicyRule) - } - - sort.Strings(r.PolicyRule.Resources) - sort.Strings(r.PolicyRule.ResourceNames) - sort.Strings(r.PolicyRule.APIGroups) - sort.Strings(r.PolicyRule.NonResourceURLs) - sort.Strings(r.PolicyRule.Verbs) - return r.PolicyRule, nil -} - -// +k8s:deepcopy-gen=false - -// ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. -// We use it to construct bindings in code. It's more compact than trying to write them -// out in a literal. -type ClusterRoleBindingBuilder struct { - ClusterRoleBinding rbacv1.ClusterRoleBinding `protobuf:"bytes,1,opt,name=clusterRoleBinding"` -} - -func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder { - return &ClusterRoleBindingBuilder{ - ClusterRoleBinding: rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}, - RoleRef: rbacv1.RoleRef{ - APIGroup: GroupName, - Kind: "ClusterRole", - Name: clusterRoleName, - }, - }, - } -} - -func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder { - for _, group := range groups { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1.Subject{APIGroup: rbacv1.GroupName, Kind: rbacv1.GroupKind, Name: group}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder { - for _, user := range users { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1.Subject{APIGroup: rbacv1.GroupName, Kind: rbacv1.UserKind, Name: user}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder { - for _, saName := range serviceAccountNames { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1.Subject{Kind: rbacv1.ServiceAccountKind, Namespace: namespace, Name: saName}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) BindingOrDie() rbacv1.ClusterRoleBinding { - ret, err := r.Binding() - if err != nil { - panic(err) - } - return ret -} - -func (r *ClusterRoleBindingBuilder) Binding() (rbacv1.ClusterRoleBinding, error) { - if len(r.ClusterRoleBinding.Subjects) == 0 { - return rbacv1.ClusterRoleBinding{}, fmt.Errorf("subjects are required: %#v", r.ClusterRoleBinding) - } - - return r.ClusterRoleBinding, nil -} - -// +k8s:deepcopy-gen=false - -// RoleBindingBuilder let's us attach methods. It is similar to -// ClusterRoleBindingBuilder above. -type RoleBindingBuilder struct { - RoleBinding rbacv1.RoleBinding -} - -// NewRoleBinding creates a RoleBinding builder that can be used -// to define the subjects of a role binding. At least one of -// the `Groups`, `Users` or `SAs` method must be called before -// calling the `Binding*` methods. -func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder { - return &RoleBindingBuilder{ - RoleBinding: rbacv1.RoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: roleName, - Namespace: namespace, - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: GroupName, - Kind: "Role", - Name: roleName, - }, - }, - } -} - -func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder { - return &RoleBindingBuilder{ - RoleBinding: rbacv1.RoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: roleName, - Namespace: namespace, - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: GroupName, - Kind: "ClusterRole", - Name: roleName, - }, - }, - } -} - -// Groups adds the specified groups as the subjects of the RoleBinding. -func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder { - for _, group := range groups { - r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, rbacv1.Subject{Kind: rbacv1.GroupKind, APIGroup: GroupName, Name: group}) - } - return r -} - -// Users adds the specified users as the subjects of the RoleBinding. -func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder { - for _, user := range users { - r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, rbacv1.Subject{Kind: rbacv1.UserKind, APIGroup: GroupName, Name: user}) - } - return r -} - -// SAs adds the specified service accounts as the subjects of the -// RoleBinding. -func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder { - for _, saName := range serviceAccountNames { - r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, rbacv1.Subject{Kind: rbacv1.ServiceAccountKind, Namespace: namespace, Name: saName}) - } - return r -} - -// BindingOrDie calls the binding method and panics if there is an error. -func (r *RoleBindingBuilder) BindingOrDie() rbacv1.RoleBinding { - ret, err := r.Binding() - if err != nil { - panic(err) - } - return ret -} - -// Binding builds and returns the RoleBinding API object from the builder -// object. -func (r *RoleBindingBuilder) Binding() (rbacv1.RoleBinding, error) { - if len(r.RoleBinding.Subjects) == 0 { - return rbacv1.RoleBinding{}, fmt.Errorf("subjects are required: %#v", r.RoleBinding) - } - - return r.RoleBinding, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/register.go deleted file mode 100644 index ae138c8883..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/register.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const GroupName = "rbac.authorization.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &rbacv1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.conversion.go deleted file mode 100644 index 424829d41f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.conversion.go +++ /dev/null @@ -1,450 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - rbac "k8s.io/kubernetes/pkg/apis/rbac" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.AggregationRule)(nil), (*rbac.AggregationRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_AggregationRule_To_rbac_AggregationRule(a.(*v1.AggregationRule), b.(*rbac.AggregationRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.AggregationRule)(nil), (*v1.AggregationRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_AggregationRule_To_v1_AggregationRule(a.(*rbac.AggregationRule), b.(*v1.AggregationRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ClusterRole)(nil), (*rbac.ClusterRole)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ClusterRole_To_rbac_ClusterRole(a.(*v1.ClusterRole), b.(*rbac.ClusterRole), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRole)(nil), (*v1.ClusterRole)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRole_To_v1_ClusterRole(a.(*rbac.ClusterRole), b.(*v1.ClusterRole), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ClusterRoleBinding)(nil), (*rbac.ClusterRoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(a.(*v1.ClusterRoleBinding), b.(*rbac.ClusterRoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleBinding)(nil), (*v1.ClusterRoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleBinding_To_v1_ClusterRoleBinding(a.(*rbac.ClusterRoleBinding), b.(*v1.ClusterRoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ClusterRoleBindingList)(nil), (*rbac.ClusterRoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(a.(*v1.ClusterRoleBindingList), b.(*rbac.ClusterRoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleBindingList)(nil), (*v1.ClusterRoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleBindingList_To_v1_ClusterRoleBindingList(a.(*rbac.ClusterRoleBindingList), b.(*v1.ClusterRoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.ClusterRoleList)(nil), (*rbac.ClusterRoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_ClusterRoleList_To_rbac_ClusterRoleList(a.(*v1.ClusterRoleList), b.(*rbac.ClusterRoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleList)(nil), (*v1.ClusterRoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleList_To_v1_ClusterRoleList(a.(*rbac.ClusterRoleList), b.(*v1.ClusterRoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PolicyRule)(nil), (*rbac.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PolicyRule_To_rbac_PolicyRule(a.(*v1.PolicyRule), b.(*rbac.PolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.PolicyRule)(nil), (*v1.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_PolicyRule_To_v1_PolicyRule(a.(*rbac.PolicyRule), b.(*v1.PolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Role)(nil), (*rbac.Role)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Role_To_rbac_Role(a.(*v1.Role), b.(*rbac.Role), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.Role)(nil), (*v1.Role)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_Role_To_v1_Role(a.(*rbac.Role), b.(*v1.Role), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RoleBinding)(nil), (*rbac.RoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RoleBinding_To_rbac_RoleBinding(a.(*v1.RoleBinding), b.(*rbac.RoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleBinding)(nil), (*v1.RoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleBinding_To_v1_RoleBinding(a.(*rbac.RoleBinding), b.(*v1.RoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RoleBindingList)(nil), (*rbac.RoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RoleBindingList_To_rbac_RoleBindingList(a.(*v1.RoleBindingList), b.(*rbac.RoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleBindingList)(nil), (*v1.RoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleBindingList_To_v1_RoleBindingList(a.(*rbac.RoleBindingList), b.(*v1.RoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RoleList)(nil), (*rbac.RoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RoleList_To_rbac_RoleList(a.(*v1.RoleList), b.(*rbac.RoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleList)(nil), (*v1.RoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleList_To_v1_RoleList(a.(*rbac.RoleList), b.(*v1.RoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.RoleRef)(nil), (*rbac.RoleRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_RoleRef_To_rbac_RoleRef(a.(*v1.RoleRef), b.(*rbac.RoleRef), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleRef)(nil), (*v1.RoleRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleRef_To_v1_RoleRef(a.(*rbac.RoleRef), b.(*v1.RoleRef), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.Subject)(nil), (*rbac.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_Subject_To_rbac_Subject(a.(*v1.Subject), b.(*rbac.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.Subject)(nil), (*v1.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_Subject_To_v1_Subject(a.(*rbac.Subject), b.(*v1.Subject), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_AggregationRule_To_rbac_AggregationRule(in *v1.AggregationRule, out *rbac.AggregationRule, s conversion.Scope) error { - out.ClusterRoleSelectors = *(*[]metav1.LabelSelector)(unsafe.Pointer(&in.ClusterRoleSelectors)) - return nil -} - -// Convert_v1_AggregationRule_To_rbac_AggregationRule is an autogenerated conversion function. -func Convert_v1_AggregationRule_To_rbac_AggregationRule(in *v1.AggregationRule, out *rbac.AggregationRule, s conversion.Scope) error { - return autoConvert_v1_AggregationRule_To_rbac_AggregationRule(in, out, s) -} - -func autoConvert_rbac_AggregationRule_To_v1_AggregationRule(in *rbac.AggregationRule, out *v1.AggregationRule, s conversion.Scope) error { - out.ClusterRoleSelectors = *(*[]metav1.LabelSelector)(unsafe.Pointer(&in.ClusterRoleSelectors)) - return nil -} - -// Convert_rbac_AggregationRule_To_v1_AggregationRule is an autogenerated conversion function. -func Convert_rbac_AggregationRule_To_v1_AggregationRule(in *rbac.AggregationRule, out *v1.AggregationRule, s conversion.Scope) error { - return autoConvert_rbac_AggregationRule_To_v1_AggregationRule(in, out, s) -} - -func autoConvert_v1_ClusterRole_To_rbac_ClusterRole(in *v1.ClusterRole, out *rbac.ClusterRole, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]rbac.PolicyRule)(unsafe.Pointer(&in.Rules)) - out.AggregationRule = (*rbac.AggregationRule)(unsafe.Pointer(in.AggregationRule)) - return nil -} - -// Convert_v1_ClusterRole_To_rbac_ClusterRole is an autogenerated conversion function. -func Convert_v1_ClusterRole_To_rbac_ClusterRole(in *v1.ClusterRole, out *rbac.ClusterRole, s conversion.Scope) error { - return autoConvert_v1_ClusterRole_To_rbac_ClusterRole(in, out, s) -} - -func autoConvert_rbac_ClusterRole_To_v1_ClusterRole(in *rbac.ClusterRole, out *v1.ClusterRole, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]v1.PolicyRule)(unsafe.Pointer(&in.Rules)) - out.AggregationRule = (*v1.AggregationRule)(unsafe.Pointer(in.AggregationRule)) - return nil -} - -// Convert_rbac_ClusterRole_To_v1_ClusterRole is an autogenerated conversion function. -func Convert_rbac_ClusterRole_To_v1_ClusterRole(in *rbac.ClusterRole, out *v1.ClusterRole, s conversion.Scope) error { - return autoConvert_rbac_ClusterRole_To_v1_ClusterRole(in, out, s) -} - -func autoConvert_v1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in *v1.ClusterRoleBinding, out *rbac.ClusterRoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]rbac.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_v1_RoleRef_To_rbac_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_v1_ClusterRoleBinding_To_rbac_ClusterRoleBinding is an autogenerated conversion function. -func Convert_v1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in *v1.ClusterRoleBinding, out *rbac.ClusterRoleBinding, s conversion.Scope) error { - return autoConvert_v1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in, out, s) -} - -func autoConvert_rbac_ClusterRoleBinding_To_v1_ClusterRoleBinding(in *rbac.ClusterRoleBinding, out *v1.ClusterRoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]v1.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_rbac_RoleRef_To_v1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_rbac_ClusterRoleBinding_To_v1_ClusterRoleBinding is an autogenerated conversion function. -func Convert_rbac_ClusterRoleBinding_To_v1_ClusterRoleBinding(in *rbac.ClusterRoleBinding, out *v1.ClusterRoleBinding, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleBinding_To_v1_ClusterRoleBinding(in, out, s) -} - -func autoConvert_v1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in *v1.ClusterRoleBindingList, out *rbac.ClusterRoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.ClusterRoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList is an autogenerated conversion function. -func Convert_v1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in *v1.ClusterRoleBindingList, out *rbac.ClusterRoleBindingList, s conversion.Scope) error { - return autoConvert_v1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in, out, s) -} - -func autoConvert_rbac_ClusterRoleBindingList_To_v1_ClusterRoleBindingList(in *rbac.ClusterRoleBindingList, out *v1.ClusterRoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.ClusterRoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_ClusterRoleBindingList_To_v1_ClusterRoleBindingList is an autogenerated conversion function. -func Convert_rbac_ClusterRoleBindingList_To_v1_ClusterRoleBindingList(in *rbac.ClusterRoleBindingList, out *v1.ClusterRoleBindingList, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleBindingList_To_v1_ClusterRoleBindingList(in, out, s) -} - -func autoConvert_v1_ClusterRoleList_To_rbac_ClusterRoleList(in *v1.ClusterRoleList, out *rbac.ClusterRoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.ClusterRole)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_ClusterRoleList_To_rbac_ClusterRoleList is an autogenerated conversion function. -func Convert_v1_ClusterRoleList_To_rbac_ClusterRoleList(in *v1.ClusterRoleList, out *rbac.ClusterRoleList, s conversion.Scope) error { - return autoConvert_v1_ClusterRoleList_To_rbac_ClusterRoleList(in, out, s) -} - -func autoConvert_rbac_ClusterRoleList_To_v1_ClusterRoleList(in *rbac.ClusterRoleList, out *v1.ClusterRoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.ClusterRole)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_ClusterRoleList_To_v1_ClusterRoleList is an autogenerated conversion function. -func Convert_rbac_ClusterRoleList_To_v1_ClusterRoleList(in *rbac.ClusterRoleList, out *v1.ClusterRoleList, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleList_To_v1_ClusterRoleList(in, out, s) -} - -func autoConvert_v1_PolicyRule_To_rbac_PolicyRule(in *v1.PolicyRule, out *rbac.PolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1_PolicyRule_To_rbac_PolicyRule is an autogenerated conversion function. -func Convert_v1_PolicyRule_To_rbac_PolicyRule(in *v1.PolicyRule, out *rbac.PolicyRule, s conversion.Scope) error { - return autoConvert_v1_PolicyRule_To_rbac_PolicyRule(in, out, s) -} - -func autoConvert_rbac_PolicyRule_To_v1_PolicyRule(in *rbac.PolicyRule, out *v1.PolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_rbac_PolicyRule_To_v1_PolicyRule is an autogenerated conversion function. -func Convert_rbac_PolicyRule_To_v1_PolicyRule(in *rbac.PolicyRule, out *v1.PolicyRule, s conversion.Scope) error { - return autoConvert_rbac_PolicyRule_To_v1_PolicyRule(in, out, s) -} - -func autoConvert_v1_Role_To_rbac_Role(in *v1.Role, out *rbac.Role, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]rbac.PolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1_Role_To_rbac_Role is an autogenerated conversion function. -func Convert_v1_Role_To_rbac_Role(in *v1.Role, out *rbac.Role, s conversion.Scope) error { - return autoConvert_v1_Role_To_rbac_Role(in, out, s) -} - -func autoConvert_rbac_Role_To_v1_Role(in *rbac.Role, out *v1.Role, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]v1.PolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_rbac_Role_To_v1_Role is an autogenerated conversion function. -func Convert_rbac_Role_To_v1_Role(in *rbac.Role, out *v1.Role, s conversion.Scope) error { - return autoConvert_rbac_Role_To_v1_Role(in, out, s) -} - -func autoConvert_v1_RoleBinding_To_rbac_RoleBinding(in *v1.RoleBinding, out *rbac.RoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]rbac.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_v1_RoleRef_To_rbac_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_v1_RoleBinding_To_rbac_RoleBinding is an autogenerated conversion function. -func Convert_v1_RoleBinding_To_rbac_RoleBinding(in *v1.RoleBinding, out *rbac.RoleBinding, s conversion.Scope) error { - return autoConvert_v1_RoleBinding_To_rbac_RoleBinding(in, out, s) -} - -func autoConvert_rbac_RoleBinding_To_v1_RoleBinding(in *rbac.RoleBinding, out *v1.RoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]v1.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_rbac_RoleRef_To_v1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_rbac_RoleBinding_To_v1_RoleBinding is an autogenerated conversion function. -func Convert_rbac_RoleBinding_To_v1_RoleBinding(in *rbac.RoleBinding, out *v1.RoleBinding, s conversion.Scope) error { - return autoConvert_rbac_RoleBinding_To_v1_RoleBinding(in, out, s) -} - -func autoConvert_v1_RoleBindingList_To_rbac_RoleBindingList(in *v1.RoleBindingList, out *rbac.RoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.RoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_RoleBindingList_To_rbac_RoleBindingList is an autogenerated conversion function. -func Convert_v1_RoleBindingList_To_rbac_RoleBindingList(in *v1.RoleBindingList, out *rbac.RoleBindingList, s conversion.Scope) error { - return autoConvert_v1_RoleBindingList_To_rbac_RoleBindingList(in, out, s) -} - -func autoConvert_rbac_RoleBindingList_To_v1_RoleBindingList(in *rbac.RoleBindingList, out *v1.RoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.RoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_RoleBindingList_To_v1_RoleBindingList is an autogenerated conversion function. -func Convert_rbac_RoleBindingList_To_v1_RoleBindingList(in *rbac.RoleBindingList, out *v1.RoleBindingList, s conversion.Scope) error { - return autoConvert_rbac_RoleBindingList_To_v1_RoleBindingList(in, out, s) -} - -func autoConvert_v1_RoleList_To_rbac_RoleList(in *v1.RoleList, out *rbac.RoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.Role)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_RoleList_To_rbac_RoleList is an autogenerated conversion function. -func Convert_v1_RoleList_To_rbac_RoleList(in *v1.RoleList, out *rbac.RoleList, s conversion.Scope) error { - return autoConvert_v1_RoleList_To_rbac_RoleList(in, out, s) -} - -func autoConvert_rbac_RoleList_To_v1_RoleList(in *rbac.RoleList, out *v1.RoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.Role)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_RoleList_To_v1_RoleList is an autogenerated conversion function. -func Convert_rbac_RoleList_To_v1_RoleList(in *rbac.RoleList, out *v1.RoleList, s conversion.Scope) error { - return autoConvert_rbac_RoleList_To_v1_RoleList(in, out, s) -} - -func autoConvert_v1_RoleRef_To_rbac_RoleRef(in *v1.RoleRef, out *rbac.RoleRef, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_v1_RoleRef_To_rbac_RoleRef is an autogenerated conversion function. -func Convert_v1_RoleRef_To_rbac_RoleRef(in *v1.RoleRef, out *rbac.RoleRef, s conversion.Scope) error { - return autoConvert_v1_RoleRef_To_rbac_RoleRef(in, out, s) -} - -func autoConvert_rbac_RoleRef_To_v1_RoleRef(in *rbac.RoleRef, out *v1.RoleRef, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_rbac_RoleRef_To_v1_RoleRef is an autogenerated conversion function. -func Convert_rbac_RoleRef_To_v1_RoleRef(in *rbac.RoleRef, out *v1.RoleRef, s conversion.Scope) error { - return autoConvert_rbac_RoleRef_To_v1_RoleRef(in, out, s) -} - -func autoConvert_v1_Subject_To_rbac_Subject(in *v1.Subject, out *rbac.Subject, s conversion.Scope) error { - out.Kind = in.Kind - out.APIGroup = in.APIGroup - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_v1_Subject_To_rbac_Subject is an autogenerated conversion function. -func Convert_v1_Subject_To_rbac_Subject(in *v1.Subject, out *rbac.Subject, s conversion.Scope) error { - return autoConvert_v1_Subject_To_rbac_Subject(in, out, s) -} - -func autoConvert_rbac_Subject_To_v1_Subject(in *rbac.Subject, out *v1.Subject, s conversion.Scope) error { - out.Kind = in.Kind - out.APIGroup = in.APIGroup - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_rbac_Subject_To_v1_Subject is an autogenerated conversion function. -func Convert_rbac_Subject_To_v1_Subject(in *rbac.Subject, out *v1.Subject, s conversion.Scope) error { - return autoConvert_rbac_Subject_To_v1_Subject(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.deepcopy.go deleted file mode 100644 index a4ff45d659..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,44 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in SortableRuleSlice) DeepCopyInto(out *SortableRuleSlice) { - { - in := &in - *out = make(SortableRuleSlice, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - return - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SortableRuleSlice. -func (in SortableRuleSlice) DeepCopy() SortableRuleSlice { - if in == nil { - return nil - } - out := new(SortableRuleSlice) - in.DeepCopyInto(out) - return *out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.defaults.go deleted file mode 100644 index ba7fdabd85..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1/zz_generated.defaults.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/rbac/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.ClusterRoleBinding{}, func(obj interface{}) { SetObjectDefaults_ClusterRoleBinding(obj.(*v1.ClusterRoleBinding)) }) - scheme.AddTypeDefaultingFunc(&v1.ClusterRoleBindingList{}, func(obj interface{}) { SetObjectDefaults_ClusterRoleBindingList(obj.(*v1.ClusterRoleBindingList)) }) - scheme.AddTypeDefaultingFunc(&v1.RoleBinding{}, func(obj interface{}) { SetObjectDefaults_RoleBinding(obj.(*v1.RoleBinding)) }) - scheme.AddTypeDefaultingFunc(&v1.RoleBindingList{}, func(obj interface{}) { SetObjectDefaults_RoleBindingList(obj.(*v1.RoleBindingList)) }) - return nil -} - -func SetObjectDefaults_ClusterRoleBinding(in *v1.ClusterRoleBinding) { - SetDefaults_ClusterRoleBinding(in) - for i := range in.Subjects { - a := &in.Subjects[i] - SetDefaults_Subject(a) - } -} - -func SetObjectDefaults_ClusterRoleBindingList(in *v1.ClusterRoleBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ClusterRoleBinding(a) - } -} - -func SetObjectDefaults_RoleBinding(in *v1.RoleBinding) { - SetDefaults_RoleBinding(in) - for i := range in.Subjects { - a := &in.Subjects[i] - SetDefaults_Subject(a) - } -} - -func SetObjectDefaults_RoleBindingList(in *v1.RoleBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_RoleBinding(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/conversion.go deleted file mode 100644 index c9e5fbc81f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/conversion.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime/schema" - api "k8s.io/kubernetes/pkg/apis/rbac" -) - -// allAuthenticated matches k8s.io/apiserver/pkg/authentication/user.AllAuthenticated, -// but we don't want an client library (which must include types), depending on a server library -const allAuthenticated = "system:authenticated" - -func Convert_v1alpha1_Subject_To_rbac_Subject(in *rbacv1alpha1.Subject, out *api.Subject, s conversion.Scope) error { - if err := autoConvert_v1alpha1_Subject_To_rbac_Subject(in, out, s); err != nil { - return err - } - - // specifically set the APIGroup for the three subjects recognized in v1alpha1 - switch { - case in.Kind == rbacv1alpha1.ServiceAccountKind: - out.APIGroup = "" - case in.Kind == rbacv1alpha1.UserKind: - out.APIGroup = GroupName - case in.Kind == rbacv1alpha1.GroupKind: - out.APIGroup = GroupName - default: - // For unrecognized kinds, use the group portion of the APIVersion if we can get it - if gv, err := schema.ParseGroupVersion(in.APIVersion); err == nil { - out.APIGroup = gv.Group - } - } - - // User * in v1alpha1 will only match all authenticated users - // This is only for compatibility with old RBAC bindings - // Special treatment for * should not be included in v1beta1 - if out.Kind == rbacv1alpha1.UserKind && out.APIGroup == GroupName && out.Name == "*" { - out.Kind = rbacv1alpha1.GroupKind - out.Name = allAuthenticated - } - - return nil -} - -func Convert_rbac_Subject_To_v1alpha1_Subject(in *api.Subject, out *rbacv1alpha1.Subject, s conversion.Scope) error { - if err := autoConvert_rbac_Subject_To_v1alpha1_Subject(in, out, s); err != nil { - return err - } - - switch { - case in.Kind == rbacv1alpha1.ServiceAccountKind && in.APIGroup == "": - // Make service accounts v1 - out.APIVersion = "v1" - case in.Kind == rbacv1alpha1.UserKind && in.APIGroup == GroupName: - // users in the rbac API group get v1alpha - out.APIVersion = SchemeGroupVersion.String() - case in.Kind == rbacv1alpha1.GroupKind && in.APIGroup == GroupName: - // groups in the rbac API group get v1alpha - out.APIVersion = SchemeGroupVersion.String() - default: - // otherwise, they get an unspecified version of a group - out.APIVersion = schema.GroupVersion{Group: in.APIGroup}.String() - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/defaults.go deleted file mode 100644 index b42851861f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/defaults.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_ClusterRoleBinding(obj *rbacv1alpha1.ClusterRoleBinding) { - if len(obj.RoleRef.APIGroup) == 0 { - obj.RoleRef.APIGroup = GroupName - } -} -func SetDefaults_RoleBinding(obj *rbacv1alpha1.RoleBinding) { - if len(obj.RoleRef.APIGroup) == 0 { - obj.RoleRef.APIGroup = GroupName - } -} -func SetDefaults_Subject(obj *rbacv1alpha1.Subject) { - if len(obj.APIVersion) == 0 { - switch obj.Kind { - case rbacv1alpha1.ServiceAccountKind: - obj.APIVersion = "v1" - case rbacv1alpha1.UserKind: - obj.APIVersion = SchemeGroupVersion.String() - case rbacv1alpha1.GroupKind: - obj.APIVersion = SchemeGroupVersion.String() - } - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/doc.go deleted file mode 100644 index 3d68009ef6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/rbac -// +k8s:conversion-gen-external-types=k8s.io/api/rbac/v1alpha1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/rbac/v1alpha1 - -// +groupName=rbac.authorization.k8s.io - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/rbac/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/helpers.go deleted file mode 100644 index 7a9e087fb5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/helpers.go +++ /dev/null @@ -1,148 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "fmt" - - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// PolicyRuleBuilder let's us attach methods. A no-no for API types. -// We use it to construct rules in code. It's more compact than trying to write them -// out in a literal and allows us to perform some basic checking during construction -type PolicyRuleBuilder struct { - PolicyRule rbacv1alpha1.PolicyRule `protobuf:"bytes,1,opt,name=policyRule"` -} - -func NewRule(verbs ...string) *PolicyRuleBuilder { - return &PolicyRuleBuilder{ - PolicyRule: rbacv1alpha1.PolicyRule{Verbs: verbs}, - } -} - -func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder { - r.PolicyRule.APIGroups = append(r.PolicyRule.APIGroups, groups...) - return r -} - -func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder { - r.PolicyRule.Resources = append(r.PolicyRule.Resources, resources...) - return r -} - -func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder { - r.PolicyRule.ResourceNames = append(r.PolicyRule.ResourceNames, names...) - return r -} - -func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder { - r.PolicyRule.NonResourceURLs = append(r.PolicyRule.NonResourceURLs, urls...) - return r -} - -func (r *PolicyRuleBuilder) RuleOrDie() rbacv1alpha1.PolicyRule { - ret, err := r.Rule() - if err != nil { - panic(err) - } - return ret -} - -func (r *PolicyRuleBuilder) Rule() (rbacv1alpha1.PolicyRule, error) { - if len(r.PolicyRule.Verbs) == 0 { - return rbacv1alpha1.PolicyRule{}, fmt.Errorf("verbs are required: %#v", r.PolicyRule) - } - - switch { - case len(r.PolicyRule.NonResourceURLs) > 0: - if len(r.PolicyRule.APIGroups) != 0 || len(r.PolicyRule.Resources) != 0 || len(r.PolicyRule.ResourceNames) != 0 { - return rbacv1alpha1.PolicyRule{}, fmt.Errorf("non-resource rule may not have apiGroups, resources, or resourceNames: %#v", r.PolicyRule) - } - case len(r.PolicyRule.Resources) > 0: - if len(r.PolicyRule.NonResourceURLs) != 0 { - return rbacv1alpha1.PolicyRule{}, fmt.Errorf("resource rule may not have nonResourceURLs: %#v", r.PolicyRule) - } - if len(r.PolicyRule.APIGroups) == 0 { - // this a common bug - return rbacv1alpha1.PolicyRule{}, fmt.Errorf("resource rule must have apiGroups: %#v", r.PolicyRule) - } - default: - return rbacv1alpha1.PolicyRule{}, fmt.Errorf("a rule must have either nonResourceURLs or resources: %#v", r.PolicyRule) - } - - return r.PolicyRule, nil -} - -// ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. -// We use it to construct bindings in code. It's more compact than trying to write them -// out in a literal. -type ClusterRoleBindingBuilder struct { - ClusterRoleBinding rbacv1alpha1.ClusterRoleBinding `protobuf:"bytes,1,opt,name=clusterRoleBinding"` -} - -func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder { - return &ClusterRoleBindingBuilder{ - ClusterRoleBinding: rbacv1alpha1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}, - RoleRef: rbacv1alpha1.RoleRef{ - APIGroup: GroupName, - Kind: "ClusterRole", - Name: clusterRoleName, - }, - }, - } -} - -func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder { - for _, group := range groups { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1alpha1.Subject{Kind: rbacv1alpha1.GroupKind, Name: group}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder { - for _, user := range users { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1alpha1.Subject{Kind: rbacv1alpha1.UserKind, Name: user}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder { - for _, saName := range serviceAccountNames { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1alpha1.Subject{Kind: rbacv1alpha1.ServiceAccountKind, Namespace: namespace, Name: saName}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) BindingOrDie() rbacv1alpha1.ClusterRoleBinding { - ret, err := r.Binding() - if err != nil { - panic(err) - } - return ret -} - -func (r *ClusterRoleBindingBuilder) Binding() (rbacv1alpha1.ClusterRoleBinding, error) { - if len(r.ClusterRoleBinding.Subjects) == 0 { - return rbacv1alpha1.ClusterRoleBinding{}, fmt.Errorf("subjects are required: %#v", r.ClusterRoleBinding) - } - - return r.ClusterRoleBinding, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/register.go deleted file mode 100644 index 195366bf41..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/register.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const GroupName = "rbac.authorization.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &rbacv1alpha1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 220a0bc6a0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,520 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1alpha1 "k8s.io/api/rbac/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - rbac "k8s.io/kubernetes/pkg/apis/rbac" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.AggregationRule)(nil), (*rbac.AggregationRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AggregationRule_To_rbac_AggregationRule(a.(*v1alpha1.AggregationRule), b.(*rbac.AggregationRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.AggregationRule)(nil), (*v1alpha1.AggregationRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_AggregationRule_To_v1alpha1_AggregationRule(a.(*rbac.AggregationRule), b.(*v1alpha1.AggregationRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ClusterRole)(nil), (*rbac.ClusterRole)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ClusterRole_To_rbac_ClusterRole(a.(*v1alpha1.ClusterRole), b.(*rbac.ClusterRole), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRole)(nil), (*v1alpha1.ClusterRole)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRole_To_v1alpha1_ClusterRole(a.(*rbac.ClusterRole), b.(*v1alpha1.ClusterRole), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ClusterRoleBinding)(nil), (*rbac.ClusterRoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(a.(*v1alpha1.ClusterRoleBinding), b.(*rbac.ClusterRoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleBinding)(nil), (*v1alpha1.ClusterRoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleBinding_To_v1alpha1_ClusterRoleBinding(a.(*rbac.ClusterRoleBinding), b.(*v1alpha1.ClusterRoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ClusterRoleBindingList)(nil), (*rbac.ClusterRoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(a.(*v1alpha1.ClusterRoleBindingList), b.(*rbac.ClusterRoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleBindingList)(nil), (*v1alpha1.ClusterRoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleBindingList_To_v1alpha1_ClusterRoleBindingList(a.(*rbac.ClusterRoleBindingList), b.(*v1alpha1.ClusterRoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ClusterRoleList)(nil), (*rbac.ClusterRoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ClusterRoleList_To_rbac_ClusterRoleList(a.(*v1alpha1.ClusterRoleList), b.(*rbac.ClusterRoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleList)(nil), (*v1alpha1.ClusterRoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleList_To_v1alpha1_ClusterRoleList(a.(*rbac.ClusterRoleList), b.(*v1alpha1.ClusterRoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PolicyRule)(nil), (*rbac.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PolicyRule_To_rbac_PolicyRule(a.(*v1alpha1.PolicyRule), b.(*rbac.PolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.PolicyRule)(nil), (*v1alpha1.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_PolicyRule_To_v1alpha1_PolicyRule(a.(*rbac.PolicyRule), b.(*v1alpha1.PolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.Role)(nil), (*rbac.Role)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Role_To_rbac_Role(a.(*v1alpha1.Role), b.(*rbac.Role), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.Role)(nil), (*v1alpha1.Role)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_Role_To_v1alpha1_Role(a.(*rbac.Role), b.(*v1alpha1.Role), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.RoleBinding)(nil), (*rbac.RoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_RoleBinding_To_rbac_RoleBinding(a.(*v1alpha1.RoleBinding), b.(*rbac.RoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleBinding)(nil), (*v1alpha1.RoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleBinding_To_v1alpha1_RoleBinding(a.(*rbac.RoleBinding), b.(*v1alpha1.RoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.RoleBindingList)(nil), (*rbac.RoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_RoleBindingList_To_rbac_RoleBindingList(a.(*v1alpha1.RoleBindingList), b.(*rbac.RoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleBindingList)(nil), (*v1alpha1.RoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleBindingList_To_v1alpha1_RoleBindingList(a.(*rbac.RoleBindingList), b.(*v1alpha1.RoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.RoleList)(nil), (*rbac.RoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_RoleList_To_rbac_RoleList(a.(*v1alpha1.RoleList), b.(*rbac.RoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleList)(nil), (*v1alpha1.RoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleList_To_v1alpha1_RoleList(a.(*rbac.RoleList), b.(*v1alpha1.RoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.RoleRef)(nil), (*rbac.RoleRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_RoleRef_To_rbac_RoleRef(a.(*v1alpha1.RoleRef), b.(*rbac.RoleRef), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleRef)(nil), (*v1alpha1.RoleRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleRef_To_v1alpha1_RoleRef(a.(*rbac.RoleRef), b.(*v1alpha1.RoleRef), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*rbac.Subject)(nil), (*v1alpha1.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_Subject_To_v1alpha1_Subject(a.(*rbac.Subject), b.(*v1alpha1.Subject), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*v1alpha1.Subject)(nil), (*rbac.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Subject_To_rbac_Subject(a.(*v1alpha1.Subject), b.(*rbac.Subject), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_AggregationRule_To_rbac_AggregationRule(in *v1alpha1.AggregationRule, out *rbac.AggregationRule, s conversion.Scope) error { - out.ClusterRoleSelectors = *(*[]v1.LabelSelector)(unsafe.Pointer(&in.ClusterRoleSelectors)) - return nil -} - -// Convert_v1alpha1_AggregationRule_To_rbac_AggregationRule is an autogenerated conversion function. -func Convert_v1alpha1_AggregationRule_To_rbac_AggregationRule(in *v1alpha1.AggregationRule, out *rbac.AggregationRule, s conversion.Scope) error { - return autoConvert_v1alpha1_AggregationRule_To_rbac_AggregationRule(in, out, s) -} - -func autoConvert_rbac_AggregationRule_To_v1alpha1_AggregationRule(in *rbac.AggregationRule, out *v1alpha1.AggregationRule, s conversion.Scope) error { - out.ClusterRoleSelectors = *(*[]v1.LabelSelector)(unsafe.Pointer(&in.ClusterRoleSelectors)) - return nil -} - -// Convert_rbac_AggregationRule_To_v1alpha1_AggregationRule is an autogenerated conversion function. -func Convert_rbac_AggregationRule_To_v1alpha1_AggregationRule(in *rbac.AggregationRule, out *v1alpha1.AggregationRule, s conversion.Scope) error { - return autoConvert_rbac_AggregationRule_To_v1alpha1_AggregationRule(in, out, s) -} - -func autoConvert_v1alpha1_ClusterRole_To_rbac_ClusterRole(in *v1alpha1.ClusterRole, out *rbac.ClusterRole, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]rbac.PolicyRule)(unsafe.Pointer(&in.Rules)) - out.AggregationRule = (*rbac.AggregationRule)(unsafe.Pointer(in.AggregationRule)) - return nil -} - -// Convert_v1alpha1_ClusterRole_To_rbac_ClusterRole is an autogenerated conversion function. -func Convert_v1alpha1_ClusterRole_To_rbac_ClusterRole(in *v1alpha1.ClusterRole, out *rbac.ClusterRole, s conversion.Scope) error { - return autoConvert_v1alpha1_ClusterRole_To_rbac_ClusterRole(in, out, s) -} - -func autoConvert_rbac_ClusterRole_To_v1alpha1_ClusterRole(in *rbac.ClusterRole, out *v1alpha1.ClusterRole, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]v1alpha1.PolicyRule)(unsafe.Pointer(&in.Rules)) - out.AggregationRule = (*v1alpha1.AggregationRule)(unsafe.Pointer(in.AggregationRule)) - return nil -} - -// Convert_rbac_ClusterRole_To_v1alpha1_ClusterRole is an autogenerated conversion function. -func Convert_rbac_ClusterRole_To_v1alpha1_ClusterRole(in *rbac.ClusterRole, out *v1alpha1.ClusterRole, s conversion.Scope) error { - return autoConvert_rbac_ClusterRole_To_v1alpha1_ClusterRole(in, out, s) -} - -func autoConvert_v1alpha1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in *v1alpha1.ClusterRoleBinding, out *rbac.ClusterRoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Subjects != nil { - in, out := &in.Subjects, &out.Subjects - *out = make([]rbac.Subject, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_Subject_To_rbac_Subject(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Subjects = nil - } - if err := Convert_v1alpha1_RoleRef_To_rbac_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ClusterRoleBinding_To_rbac_ClusterRoleBinding is an autogenerated conversion function. -func Convert_v1alpha1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in *v1alpha1.ClusterRoleBinding, out *rbac.ClusterRoleBinding, s conversion.Scope) error { - return autoConvert_v1alpha1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in, out, s) -} - -func autoConvert_rbac_ClusterRoleBinding_To_v1alpha1_ClusterRoleBinding(in *rbac.ClusterRoleBinding, out *v1alpha1.ClusterRoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Subjects != nil { - in, out := &in.Subjects, &out.Subjects - *out = make([]v1alpha1.Subject, len(*in)) - for i := range *in { - if err := Convert_rbac_Subject_To_v1alpha1_Subject(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Subjects = nil - } - if err := Convert_rbac_RoleRef_To_v1alpha1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_rbac_ClusterRoleBinding_To_v1alpha1_ClusterRoleBinding is an autogenerated conversion function. -func Convert_rbac_ClusterRoleBinding_To_v1alpha1_ClusterRoleBinding(in *rbac.ClusterRoleBinding, out *v1alpha1.ClusterRoleBinding, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleBinding_To_v1alpha1_ClusterRoleBinding(in, out, s) -} - -func autoConvert_v1alpha1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in *v1alpha1.ClusterRoleBindingList, out *rbac.ClusterRoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]rbac.ClusterRoleBinding, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1alpha1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList is an autogenerated conversion function. -func Convert_v1alpha1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in *v1alpha1.ClusterRoleBindingList, out *rbac.ClusterRoleBindingList, s conversion.Scope) error { - return autoConvert_v1alpha1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in, out, s) -} - -func autoConvert_rbac_ClusterRoleBindingList_To_v1alpha1_ClusterRoleBindingList(in *rbac.ClusterRoleBindingList, out *v1alpha1.ClusterRoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1alpha1.ClusterRoleBinding, len(*in)) - for i := range *in { - if err := Convert_rbac_ClusterRoleBinding_To_v1alpha1_ClusterRoleBinding(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_rbac_ClusterRoleBindingList_To_v1alpha1_ClusterRoleBindingList is an autogenerated conversion function. -func Convert_rbac_ClusterRoleBindingList_To_v1alpha1_ClusterRoleBindingList(in *rbac.ClusterRoleBindingList, out *v1alpha1.ClusterRoleBindingList, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleBindingList_To_v1alpha1_ClusterRoleBindingList(in, out, s) -} - -func autoConvert_v1alpha1_ClusterRoleList_To_rbac_ClusterRoleList(in *v1alpha1.ClusterRoleList, out *rbac.ClusterRoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.ClusterRole)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_ClusterRoleList_To_rbac_ClusterRoleList is an autogenerated conversion function. -func Convert_v1alpha1_ClusterRoleList_To_rbac_ClusterRoleList(in *v1alpha1.ClusterRoleList, out *rbac.ClusterRoleList, s conversion.Scope) error { - return autoConvert_v1alpha1_ClusterRoleList_To_rbac_ClusterRoleList(in, out, s) -} - -func autoConvert_rbac_ClusterRoleList_To_v1alpha1_ClusterRoleList(in *rbac.ClusterRoleList, out *v1alpha1.ClusterRoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.ClusterRole)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_ClusterRoleList_To_v1alpha1_ClusterRoleList is an autogenerated conversion function. -func Convert_rbac_ClusterRoleList_To_v1alpha1_ClusterRoleList(in *rbac.ClusterRoleList, out *v1alpha1.ClusterRoleList, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleList_To_v1alpha1_ClusterRoleList(in, out, s) -} - -func autoConvert_v1alpha1_PolicyRule_To_rbac_PolicyRule(in *v1alpha1.PolicyRule, out *rbac.PolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1alpha1_PolicyRule_To_rbac_PolicyRule is an autogenerated conversion function. -func Convert_v1alpha1_PolicyRule_To_rbac_PolicyRule(in *v1alpha1.PolicyRule, out *rbac.PolicyRule, s conversion.Scope) error { - return autoConvert_v1alpha1_PolicyRule_To_rbac_PolicyRule(in, out, s) -} - -func autoConvert_rbac_PolicyRule_To_v1alpha1_PolicyRule(in *rbac.PolicyRule, out *v1alpha1.PolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_rbac_PolicyRule_To_v1alpha1_PolicyRule is an autogenerated conversion function. -func Convert_rbac_PolicyRule_To_v1alpha1_PolicyRule(in *rbac.PolicyRule, out *v1alpha1.PolicyRule, s conversion.Scope) error { - return autoConvert_rbac_PolicyRule_To_v1alpha1_PolicyRule(in, out, s) -} - -func autoConvert_v1alpha1_Role_To_rbac_Role(in *v1alpha1.Role, out *rbac.Role, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]rbac.PolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1alpha1_Role_To_rbac_Role is an autogenerated conversion function. -func Convert_v1alpha1_Role_To_rbac_Role(in *v1alpha1.Role, out *rbac.Role, s conversion.Scope) error { - return autoConvert_v1alpha1_Role_To_rbac_Role(in, out, s) -} - -func autoConvert_rbac_Role_To_v1alpha1_Role(in *rbac.Role, out *v1alpha1.Role, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]v1alpha1.PolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_rbac_Role_To_v1alpha1_Role is an autogenerated conversion function. -func Convert_rbac_Role_To_v1alpha1_Role(in *rbac.Role, out *v1alpha1.Role, s conversion.Scope) error { - return autoConvert_rbac_Role_To_v1alpha1_Role(in, out, s) -} - -func autoConvert_v1alpha1_RoleBinding_To_rbac_RoleBinding(in *v1alpha1.RoleBinding, out *rbac.RoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Subjects != nil { - in, out := &in.Subjects, &out.Subjects - *out = make([]rbac.Subject, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_Subject_To_rbac_Subject(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Subjects = nil - } - if err := Convert_v1alpha1_RoleRef_To_rbac_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_RoleBinding_To_rbac_RoleBinding is an autogenerated conversion function. -func Convert_v1alpha1_RoleBinding_To_rbac_RoleBinding(in *v1alpha1.RoleBinding, out *rbac.RoleBinding, s conversion.Scope) error { - return autoConvert_v1alpha1_RoleBinding_To_rbac_RoleBinding(in, out, s) -} - -func autoConvert_rbac_RoleBinding_To_v1alpha1_RoleBinding(in *rbac.RoleBinding, out *v1alpha1.RoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if in.Subjects != nil { - in, out := &in.Subjects, &out.Subjects - *out = make([]v1alpha1.Subject, len(*in)) - for i := range *in { - if err := Convert_rbac_Subject_To_v1alpha1_Subject(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Subjects = nil - } - if err := Convert_rbac_RoleRef_To_v1alpha1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_rbac_RoleBinding_To_v1alpha1_RoleBinding is an autogenerated conversion function. -func Convert_rbac_RoleBinding_To_v1alpha1_RoleBinding(in *rbac.RoleBinding, out *v1alpha1.RoleBinding, s conversion.Scope) error { - return autoConvert_rbac_RoleBinding_To_v1alpha1_RoleBinding(in, out, s) -} - -func autoConvert_v1alpha1_RoleBindingList_To_rbac_RoleBindingList(in *v1alpha1.RoleBindingList, out *rbac.RoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]rbac.RoleBinding, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_RoleBinding_To_rbac_RoleBinding(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1alpha1_RoleBindingList_To_rbac_RoleBindingList is an autogenerated conversion function. -func Convert_v1alpha1_RoleBindingList_To_rbac_RoleBindingList(in *v1alpha1.RoleBindingList, out *rbac.RoleBindingList, s conversion.Scope) error { - return autoConvert_v1alpha1_RoleBindingList_To_rbac_RoleBindingList(in, out, s) -} - -func autoConvert_rbac_RoleBindingList_To_v1alpha1_RoleBindingList(in *rbac.RoleBindingList, out *v1alpha1.RoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1alpha1.RoleBinding, len(*in)) - for i := range *in { - if err := Convert_rbac_RoleBinding_To_v1alpha1_RoleBinding(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_rbac_RoleBindingList_To_v1alpha1_RoleBindingList is an autogenerated conversion function. -func Convert_rbac_RoleBindingList_To_v1alpha1_RoleBindingList(in *rbac.RoleBindingList, out *v1alpha1.RoleBindingList, s conversion.Scope) error { - return autoConvert_rbac_RoleBindingList_To_v1alpha1_RoleBindingList(in, out, s) -} - -func autoConvert_v1alpha1_RoleList_To_rbac_RoleList(in *v1alpha1.RoleList, out *rbac.RoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.Role)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_RoleList_To_rbac_RoleList is an autogenerated conversion function. -func Convert_v1alpha1_RoleList_To_rbac_RoleList(in *v1alpha1.RoleList, out *rbac.RoleList, s conversion.Scope) error { - return autoConvert_v1alpha1_RoleList_To_rbac_RoleList(in, out, s) -} - -func autoConvert_rbac_RoleList_To_v1alpha1_RoleList(in *rbac.RoleList, out *v1alpha1.RoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.Role)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_RoleList_To_v1alpha1_RoleList is an autogenerated conversion function. -func Convert_rbac_RoleList_To_v1alpha1_RoleList(in *rbac.RoleList, out *v1alpha1.RoleList, s conversion.Scope) error { - return autoConvert_rbac_RoleList_To_v1alpha1_RoleList(in, out, s) -} - -func autoConvert_v1alpha1_RoleRef_To_rbac_RoleRef(in *v1alpha1.RoleRef, out *rbac.RoleRef, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_RoleRef_To_rbac_RoleRef is an autogenerated conversion function. -func Convert_v1alpha1_RoleRef_To_rbac_RoleRef(in *v1alpha1.RoleRef, out *rbac.RoleRef, s conversion.Scope) error { - return autoConvert_v1alpha1_RoleRef_To_rbac_RoleRef(in, out, s) -} - -func autoConvert_rbac_RoleRef_To_v1alpha1_RoleRef(in *rbac.RoleRef, out *v1alpha1.RoleRef, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_rbac_RoleRef_To_v1alpha1_RoleRef is an autogenerated conversion function. -func Convert_rbac_RoleRef_To_v1alpha1_RoleRef(in *rbac.RoleRef, out *v1alpha1.RoleRef, s conversion.Scope) error { - return autoConvert_rbac_RoleRef_To_v1alpha1_RoleRef(in, out, s) -} - -func autoConvert_v1alpha1_Subject_To_rbac_Subject(in *v1alpha1.Subject, out *rbac.Subject, s conversion.Scope) error { - out.Kind = in.Kind - // INFO: in.APIVersion opted out of conversion generation - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -func autoConvert_rbac_Subject_To_v1alpha1_Subject(in *rbac.Subject, out *v1alpha1.Subject, s conversion.Scope) error { - out.Kind = in.Kind - // WARNING: in.APIGroup requires manual conversion: does not exist in peer-type - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 93c541694c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,70 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/rbac/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1alpha1.ClusterRoleBinding{}, func(obj interface{}) { SetObjectDefaults_ClusterRoleBinding(obj.(*v1alpha1.ClusterRoleBinding)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.ClusterRoleBindingList{}, func(obj interface{}) { - SetObjectDefaults_ClusterRoleBindingList(obj.(*v1alpha1.ClusterRoleBindingList)) - }) - scheme.AddTypeDefaultingFunc(&v1alpha1.RoleBinding{}, func(obj interface{}) { SetObjectDefaults_RoleBinding(obj.(*v1alpha1.RoleBinding)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.RoleBindingList{}, func(obj interface{}) { SetObjectDefaults_RoleBindingList(obj.(*v1alpha1.RoleBindingList)) }) - return nil -} - -func SetObjectDefaults_ClusterRoleBinding(in *v1alpha1.ClusterRoleBinding) { - SetDefaults_ClusterRoleBinding(in) - for i := range in.Subjects { - a := &in.Subjects[i] - SetDefaults_Subject(a) - } -} - -func SetObjectDefaults_ClusterRoleBindingList(in *v1alpha1.ClusterRoleBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ClusterRoleBinding(a) - } -} - -func SetObjectDefaults_RoleBinding(in *v1alpha1.RoleBinding) { - SetDefaults_RoleBinding(in) - for i := range in.Subjects { - a := &in.Subjects[i] - SetDefaults_Subject(a) - } -} - -func SetObjectDefaults_RoleBindingList(in *v1alpha1.RoleBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_RoleBinding(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/defaults.go deleted file mode 100644 index 0fdbb40e72..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/defaults.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_ClusterRoleBinding(obj *rbacv1beta1.ClusterRoleBinding) { - if len(obj.RoleRef.APIGroup) == 0 { - obj.RoleRef.APIGroup = GroupName - } -} -func SetDefaults_RoleBinding(obj *rbacv1beta1.RoleBinding) { - if len(obj.RoleRef.APIGroup) == 0 { - obj.RoleRef.APIGroup = GroupName - } -} -func SetDefaults_Subject(obj *rbacv1beta1.Subject) { - if len(obj.APIGroup) == 0 { - switch obj.Kind { - case rbacv1beta1.ServiceAccountKind: - obj.APIGroup = "" - case rbacv1beta1.UserKind: - obj.APIGroup = GroupName - case rbacv1beta1.GroupKind: - obj.APIGroup = GroupName - } - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/doc.go deleted file mode 100644 index 8ff9ee11d1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/rbac -// +k8s:conversion-gen-external-types=k8s.io/api/rbac/v1beta1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/rbac/v1beta1 - -// +groupName=rbac.authorization.k8s.io - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/rbac/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/helpers.go deleted file mode 100644 index e80ca84e88..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/helpers.go +++ /dev/null @@ -1,148 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "fmt" - - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// PolicyRuleBuilder let's us attach methods. A no-no for API types. -// We use it to construct rules in code. It's more compact than trying to write them -// out in a literal and allows us to perform some basic checking during construction -type PolicyRuleBuilder struct { - PolicyRule rbacv1beta1.PolicyRule `protobuf:"bytes,1,opt,name=policyRule"` -} - -func NewRule(verbs ...string) *PolicyRuleBuilder { - return &PolicyRuleBuilder{ - PolicyRule: rbacv1beta1.PolicyRule{Verbs: verbs}, - } -} - -func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder { - r.PolicyRule.APIGroups = append(r.PolicyRule.APIGroups, groups...) - return r -} - -func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder { - r.PolicyRule.Resources = append(r.PolicyRule.Resources, resources...) - return r -} - -func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder { - r.PolicyRule.ResourceNames = append(r.PolicyRule.ResourceNames, names...) - return r -} - -func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder { - r.PolicyRule.NonResourceURLs = append(r.PolicyRule.NonResourceURLs, urls...) - return r -} - -func (r *PolicyRuleBuilder) RuleOrDie() rbacv1beta1.PolicyRule { - ret, err := r.Rule() - if err != nil { - panic(err) - } - return ret -} - -func (r *PolicyRuleBuilder) Rule() (rbacv1beta1.PolicyRule, error) { - if len(r.PolicyRule.Verbs) == 0 { - return rbacv1beta1.PolicyRule{}, fmt.Errorf("verbs are required: %#v", r.PolicyRule) - } - - switch { - case len(r.PolicyRule.NonResourceURLs) > 0: - if len(r.PolicyRule.APIGroups) != 0 || len(r.PolicyRule.Resources) != 0 || len(r.PolicyRule.ResourceNames) != 0 { - return rbacv1beta1.PolicyRule{}, fmt.Errorf("non-resource rule may not have apiGroups, resources, or resourceNames: %#v", r.PolicyRule) - } - case len(r.PolicyRule.Resources) > 0: - if len(r.PolicyRule.NonResourceURLs) != 0 { - return rbacv1beta1.PolicyRule{}, fmt.Errorf("resource rule may not have nonResourceURLs: %#v", r.PolicyRule) - } - if len(r.PolicyRule.APIGroups) == 0 { - // this a common bug - return rbacv1beta1.PolicyRule{}, fmt.Errorf("resource rule must have apiGroups: %#v", r.PolicyRule) - } - default: - return rbacv1beta1.PolicyRule{}, fmt.Errorf("a rule must have either nonResourceURLs or resources: %#v", r.PolicyRule) - } - - return r.PolicyRule, nil -} - -// ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. -// We use it to construct bindings in code. It's more compact than trying to write them -// out in a literal. -type ClusterRoleBindingBuilder struct { - ClusterRoleBinding rbacv1beta1.ClusterRoleBinding `protobuf:"bytes,1,opt,name=clusterRoleBinding"` -} - -func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder { - return &ClusterRoleBindingBuilder{ - ClusterRoleBinding: rbacv1beta1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}, - RoleRef: rbacv1beta1.RoleRef{ - APIGroup: GroupName, - Kind: "ClusterRole", - Name: clusterRoleName, - }, - }, - } -} - -func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder { - for _, group := range groups { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1beta1.Subject{Kind: rbacv1beta1.GroupKind, Name: group}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder { - for _, user := range users { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1beta1.Subject{Kind: rbacv1beta1.UserKind, Name: user}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder { - for _, saName := range serviceAccountNames { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1beta1.Subject{Kind: rbacv1beta1.ServiceAccountKind, Namespace: namespace, Name: saName}) - } - return r -} - -func (r *ClusterRoleBindingBuilder) BindingOrDie() rbacv1beta1.ClusterRoleBinding { - ret, err := r.Binding() - if err != nil { - panic(err) - } - return ret -} - -func (r *ClusterRoleBindingBuilder) Binding() (rbacv1beta1.ClusterRoleBinding, error) { - if len(r.ClusterRoleBinding.Subjects) == 0 { - return rbacv1beta1.ClusterRoleBinding{}, fmt.Errorf("subjects are required: %#v", r.ClusterRoleBinding) - } - - return r.ClusterRoleBinding, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/register.go deleted file mode 100644 index f258be56fb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/register.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const GroupName = "rbac.authorization.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &rbacv1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 350984bc83..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,450 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1beta1 "k8s.io/api/rbac/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - rbac "k8s.io/kubernetes/pkg/apis/rbac" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.AggregationRule)(nil), (*rbac.AggregationRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_AggregationRule_To_rbac_AggregationRule(a.(*v1beta1.AggregationRule), b.(*rbac.AggregationRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.AggregationRule)(nil), (*v1beta1.AggregationRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_AggregationRule_To_v1beta1_AggregationRule(a.(*rbac.AggregationRule), b.(*v1beta1.AggregationRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ClusterRole)(nil), (*rbac.ClusterRole)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ClusterRole_To_rbac_ClusterRole(a.(*v1beta1.ClusterRole), b.(*rbac.ClusterRole), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRole)(nil), (*v1beta1.ClusterRole)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRole_To_v1beta1_ClusterRole(a.(*rbac.ClusterRole), b.(*v1beta1.ClusterRole), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ClusterRoleBinding)(nil), (*rbac.ClusterRoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(a.(*v1beta1.ClusterRoleBinding), b.(*rbac.ClusterRoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleBinding)(nil), (*v1beta1.ClusterRoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleBinding_To_v1beta1_ClusterRoleBinding(a.(*rbac.ClusterRoleBinding), b.(*v1beta1.ClusterRoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ClusterRoleBindingList)(nil), (*rbac.ClusterRoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(a.(*v1beta1.ClusterRoleBindingList), b.(*rbac.ClusterRoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleBindingList)(nil), (*v1beta1.ClusterRoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleBindingList_To_v1beta1_ClusterRoleBindingList(a.(*rbac.ClusterRoleBindingList), b.(*v1beta1.ClusterRoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.ClusterRoleList)(nil), (*rbac.ClusterRoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ClusterRoleList_To_rbac_ClusterRoleList(a.(*v1beta1.ClusterRoleList), b.(*rbac.ClusterRoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.ClusterRoleList)(nil), (*v1beta1.ClusterRoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_ClusterRoleList_To_v1beta1_ClusterRoleList(a.(*rbac.ClusterRoleList), b.(*v1beta1.ClusterRoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PolicyRule)(nil), (*rbac.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PolicyRule_To_rbac_PolicyRule(a.(*v1beta1.PolicyRule), b.(*rbac.PolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.PolicyRule)(nil), (*v1beta1.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_PolicyRule_To_v1beta1_PolicyRule(a.(*rbac.PolicyRule), b.(*v1beta1.PolicyRule), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Role)(nil), (*rbac.Role)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Role_To_rbac_Role(a.(*v1beta1.Role), b.(*rbac.Role), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.Role)(nil), (*v1beta1.Role)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_Role_To_v1beta1_Role(a.(*rbac.Role), b.(*v1beta1.Role), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RoleBinding)(nil), (*rbac.RoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RoleBinding_To_rbac_RoleBinding(a.(*v1beta1.RoleBinding), b.(*rbac.RoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleBinding)(nil), (*v1beta1.RoleBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleBinding_To_v1beta1_RoleBinding(a.(*rbac.RoleBinding), b.(*v1beta1.RoleBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RoleBindingList)(nil), (*rbac.RoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RoleBindingList_To_rbac_RoleBindingList(a.(*v1beta1.RoleBindingList), b.(*rbac.RoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleBindingList)(nil), (*v1beta1.RoleBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleBindingList_To_v1beta1_RoleBindingList(a.(*rbac.RoleBindingList), b.(*v1beta1.RoleBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RoleList)(nil), (*rbac.RoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RoleList_To_rbac_RoleList(a.(*v1beta1.RoleList), b.(*rbac.RoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleList)(nil), (*v1beta1.RoleList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleList_To_v1beta1_RoleList(a.(*rbac.RoleList), b.(*v1beta1.RoleList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.RoleRef)(nil), (*rbac.RoleRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_RoleRef_To_rbac_RoleRef(a.(*v1beta1.RoleRef), b.(*rbac.RoleRef), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.RoleRef)(nil), (*v1beta1.RoleRef)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_RoleRef_To_v1beta1_RoleRef(a.(*rbac.RoleRef), b.(*v1beta1.RoleRef), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.Subject)(nil), (*rbac.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_Subject_To_rbac_Subject(a.(*v1beta1.Subject), b.(*rbac.Subject), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*rbac.Subject)(nil), (*v1beta1.Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_rbac_Subject_To_v1beta1_Subject(a.(*rbac.Subject), b.(*v1beta1.Subject), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_AggregationRule_To_rbac_AggregationRule(in *v1beta1.AggregationRule, out *rbac.AggregationRule, s conversion.Scope) error { - out.ClusterRoleSelectors = *(*[]v1.LabelSelector)(unsafe.Pointer(&in.ClusterRoleSelectors)) - return nil -} - -// Convert_v1beta1_AggregationRule_To_rbac_AggregationRule is an autogenerated conversion function. -func Convert_v1beta1_AggregationRule_To_rbac_AggregationRule(in *v1beta1.AggregationRule, out *rbac.AggregationRule, s conversion.Scope) error { - return autoConvert_v1beta1_AggregationRule_To_rbac_AggregationRule(in, out, s) -} - -func autoConvert_rbac_AggregationRule_To_v1beta1_AggregationRule(in *rbac.AggregationRule, out *v1beta1.AggregationRule, s conversion.Scope) error { - out.ClusterRoleSelectors = *(*[]v1.LabelSelector)(unsafe.Pointer(&in.ClusterRoleSelectors)) - return nil -} - -// Convert_rbac_AggregationRule_To_v1beta1_AggregationRule is an autogenerated conversion function. -func Convert_rbac_AggregationRule_To_v1beta1_AggregationRule(in *rbac.AggregationRule, out *v1beta1.AggregationRule, s conversion.Scope) error { - return autoConvert_rbac_AggregationRule_To_v1beta1_AggregationRule(in, out, s) -} - -func autoConvert_v1beta1_ClusterRole_To_rbac_ClusterRole(in *v1beta1.ClusterRole, out *rbac.ClusterRole, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]rbac.PolicyRule)(unsafe.Pointer(&in.Rules)) - out.AggregationRule = (*rbac.AggregationRule)(unsafe.Pointer(in.AggregationRule)) - return nil -} - -// Convert_v1beta1_ClusterRole_To_rbac_ClusterRole is an autogenerated conversion function. -func Convert_v1beta1_ClusterRole_To_rbac_ClusterRole(in *v1beta1.ClusterRole, out *rbac.ClusterRole, s conversion.Scope) error { - return autoConvert_v1beta1_ClusterRole_To_rbac_ClusterRole(in, out, s) -} - -func autoConvert_rbac_ClusterRole_To_v1beta1_ClusterRole(in *rbac.ClusterRole, out *v1beta1.ClusterRole, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]v1beta1.PolicyRule)(unsafe.Pointer(&in.Rules)) - out.AggregationRule = (*v1beta1.AggregationRule)(unsafe.Pointer(in.AggregationRule)) - return nil -} - -// Convert_rbac_ClusterRole_To_v1beta1_ClusterRole is an autogenerated conversion function. -func Convert_rbac_ClusterRole_To_v1beta1_ClusterRole(in *rbac.ClusterRole, out *v1beta1.ClusterRole, s conversion.Scope) error { - return autoConvert_rbac_ClusterRole_To_v1beta1_ClusterRole(in, out, s) -} - -func autoConvert_v1beta1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in *v1beta1.ClusterRoleBinding, out *rbac.ClusterRoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]rbac.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_v1beta1_RoleRef_To_rbac_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_ClusterRoleBinding_To_rbac_ClusterRoleBinding is an autogenerated conversion function. -func Convert_v1beta1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in *v1beta1.ClusterRoleBinding, out *rbac.ClusterRoleBinding, s conversion.Scope) error { - return autoConvert_v1beta1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in, out, s) -} - -func autoConvert_rbac_ClusterRoleBinding_To_v1beta1_ClusterRoleBinding(in *rbac.ClusterRoleBinding, out *v1beta1.ClusterRoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]v1beta1.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_rbac_RoleRef_To_v1beta1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_rbac_ClusterRoleBinding_To_v1beta1_ClusterRoleBinding is an autogenerated conversion function. -func Convert_rbac_ClusterRoleBinding_To_v1beta1_ClusterRoleBinding(in *rbac.ClusterRoleBinding, out *v1beta1.ClusterRoleBinding, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleBinding_To_v1beta1_ClusterRoleBinding(in, out, s) -} - -func autoConvert_v1beta1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in *v1beta1.ClusterRoleBindingList, out *rbac.ClusterRoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.ClusterRoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList is an autogenerated conversion function. -func Convert_v1beta1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in *v1beta1.ClusterRoleBindingList, out *rbac.ClusterRoleBindingList, s conversion.Scope) error { - return autoConvert_v1beta1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in, out, s) -} - -func autoConvert_rbac_ClusterRoleBindingList_To_v1beta1_ClusterRoleBindingList(in *rbac.ClusterRoleBindingList, out *v1beta1.ClusterRoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.ClusterRoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_ClusterRoleBindingList_To_v1beta1_ClusterRoleBindingList is an autogenerated conversion function. -func Convert_rbac_ClusterRoleBindingList_To_v1beta1_ClusterRoleBindingList(in *rbac.ClusterRoleBindingList, out *v1beta1.ClusterRoleBindingList, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleBindingList_To_v1beta1_ClusterRoleBindingList(in, out, s) -} - -func autoConvert_v1beta1_ClusterRoleList_To_rbac_ClusterRoleList(in *v1beta1.ClusterRoleList, out *rbac.ClusterRoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.ClusterRole)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_ClusterRoleList_To_rbac_ClusterRoleList is an autogenerated conversion function. -func Convert_v1beta1_ClusterRoleList_To_rbac_ClusterRoleList(in *v1beta1.ClusterRoleList, out *rbac.ClusterRoleList, s conversion.Scope) error { - return autoConvert_v1beta1_ClusterRoleList_To_rbac_ClusterRoleList(in, out, s) -} - -func autoConvert_rbac_ClusterRoleList_To_v1beta1_ClusterRoleList(in *rbac.ClusterRoleList, out *v1beta1.ClusterRoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.ClusterRole)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_ClusterRoleList_To_v1beta1_ClusterRoleList is an autogenerated conversion function. -func Convert_rbac_ClusterRoleList_To_v1beta1_ClusterRoleList(in *rbac.ClusterRoleList, out *v1beta1.ClusterRoleList, s conversion.Scope) error { - return autoConvert_rbac_ClusterRoleList_To_v1beta1_ClusterRoleList(in, out, s) -} - -func autoConvert_v1beta1_PolicyRule_To_rbac_PolicyRule(in *v1beta1.PolicyRule, out *rbac.PolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_v1beta1_PolicyRule_To_rbac_PolicyRule is an autogenerated conversion function. -func Convert_v1beta1_PolicyRule_To_rbac_PolicyRule(in *v1beta1.PolicyRule, out *rbac.PolicyRule, s conversion.Scope) error { - return autoConvert_v1beta1_PolicyRule_To_rbac_PolicyRule(in, out, s) -} - -func autoConvert_rbac_PolicyRule_To_v1beta1_PolicyRule(in *rbac.PolicyRule, out *v1beta1.PolicyRule, s conversion.Scope) error { - out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) - out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups)) - out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) - out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) - out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) - return nil -} - -// Convert_rbac_PolicyRule_To_v1beta1_PolicyRule is an autogenerated conversion function. -func Convert_rbac_PolicyRule_To_v1beta1_PolicyRule(in *rbac.PolicyRule, out *v1beta1.PolicyRule, s conversion.Scope) error { - return autoConvert_rbac_PolicyRule_To_v1beta1_PolicyRule(in, out, s) -} - -func autoConvert_v1beta1_Role_To_rbac_Role(in *v1beta1.Role, out *rbac.Role, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]rbac.PolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_v1beta1_Role_To_rbac_Role is an autogenerated conversion function. -func Convert_v1beta1_Role_To_rbac_Role(in *v1beta1.Role, out *rbac.Role, s conversion.Scope) error { - return autoConvert_v1beta1_Role_To_rbac_Role(in, out, s) -} - -func autoConvert_rbac_Role_To_v1beta1_Role(in *rbac.Role, out *v1beta1.Role, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Rules = *(*[]v1beta1.PolicyRule)(unsafe.Pointer(&in.Rules)) - return nil -} - -// Convert_rbac_Role_To_v1beta1_Role is an autogenerated conversion function. -func Convert_rbac_Role_To_v1beta1_Role(in *rbac.Role, out *v1beta1.Role, s conversion.Scope) error { - return autoConvert_rbac_Role_To_v1beta1_Role(in, out, s) -} - -func autoConvert_v1beta1_RoleBinding_To_rbac_RoleBinding(in *v1beta1.RoleBinding, out *rbac.RoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]rbac.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_v1beta1_RoleRef_To_rbac_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_RoleBinding_To_rbac_RoleBinding is an autogenerated conversion function. -func Convert_v1beta1_RoleBinding_To_rbac_RoleBinding(in *v1beta1.RoleBinding, out *rbac.RoleBinding, s conversion.Scope) error { - return autoConvert_v1beta1_RoleBinding_To_rbac_RoleBinding(in, out, s) -} - -func autoConvert_rbac_RoleBinding_To_v1beta1_RoleBinding(in *rbac.RoleBinding, out *v1beta1.RoleBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Subjects = *(*[]v1beta1.Subject)(unsafe.Pointer(&in.Subjects)) - if err := Convert_rbac_RoleRef_To_v1beta1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil { - return err - } - return nil -} - -// Convert_rbac_RoleBinding_To_v1beta1_RoleBinding is an autogenerated conversion function. -func Convert_rbac_RoleBinding_To_v1beta1_RoleBinding(in *rbac.RoleBinding, out *v1beta1.RoleBinding, s conversion.Scope) error { - return autoConvert_rbac_RoleBinding_To_v1beta1_RoleBinding(in, out, s) -} - -func autoConvert_v1beta1_RoleBindingList_To_rbac_RoleBindingList(in *v1beta1.RoleBindingList, out *rbac.RoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.RoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_RoleBindingList_To_rbac_RoleBindingList is an autogenerated conversion function. -func Convert_v1beta1_RoleBindingList_To_rbac_RoleBindingList(in *v1beta1.RoleBindingList, out *rbac.RoleBindingList, s conversion.Scope) error { - return autoConvert_v1beta1_RoleBindingList_To_rbac_RoleBindingList(in, out, s) -} - -func autoConvert_rbac_RoleBindingList_To_v1beta1_RoleBindingList(in *rbac.RoleBindingList, out *v1beta1.RoleBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.RoleBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_RoleBindingList_To_v1beta1_RoleBindingList is an autogenerated conversion function. -func Convert_rbac_RoleBindingList_To_v1beta1_RoleBindingList(in *rbac.RoleBindingList, out *v1beta1.RoleBindingList, s conversion.Scope) error { - return autoConvert_rbac_RoleBindingList_To_v1beta1_RoleBindingList(in, out, s) -} - -func autoConvert_v1beta1_RoleList_To_rbac_RoleList(in *v1beta1.RoleList, out *rbac.RoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]rbac.Role)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_RoleList_To_rbac_RoleList is an autogenerated conversion function. -func Convert_v1beta1_RoleList_To_rbac_RoleList(in *v1beta1.RoleList, out *rbac.RoleList, s conversion.Scope) error { - return autoConvert_v1beta1_RoleList_To_rbac_RoleList(in, out, s) -} - -func autoConvert_rbac_RoleList_To_v1beta1_RoleList(in *rbac.RoleList, out *v1beta1.RoleList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.Role)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_rbac_RoleList_To_v1beta1_RoleList is an autogenerated conversion function. -func Convert_rbac_RoleList_To_v1beta1_RoleList(in *rbac.RoleList, out *v1beta1.RoleList, s conversion.Scope) error { - return autoConvert_rbac_RoleList_To_v1beta1_RoleList(in, out, s) -} - -func autoConvert_v1beta1_RoleRef_To_rbac_RoleRef(in *v1beta1.RoleRef, out *rbac.RoleRef, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_v1beta1_RoleRef_To_rbac_RoleRef is an autogenerated conversion function. -func Convert_v1beta1_RoleRef_To_rbac_RoleRef(in *v1beta1.RoleRef, out *rbac.RoleRef, s conversion.Scope) error { - return autoConvert_v1beta1_RoleRef_To_rbac_RoleRef(in, out, s) -} - -func autoConvert_rbac_RoleRef_To_v1beta1_RoleRef(in *rbac.RoleRef, out *v1beta1.RoleRef, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_rbac_RoleRef_To_v1beta1_RoleRef is an autogenerated conversion function. -func Convert_rbac_RoleRef_To_v1beta1_RoleRef(in *rbac.RoleRef, out *v1beta1.RoleRef, s conversion.Scope) error { - return autoConvert_rbac_RoleRef_To_v1beta1_RoleRef(in, out, s) -} - -func autoConvert_v1beta1_Subject_To_rbac_Subject(in *v1beta1.Subject, out *rbac.Subject, s conversion.Scope) error { - out.Kind = in.Kind - out.APIGroup = in.APIGroup - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_v1beta1_Subject_To_rbac_Subject is an autogenerated conversion function. -func Convert_v1beta1_Subject_To_rbac_Subject(in *v1beta1.Subject, out *rbac.Subject, s conversion.Scope) error { - return autoConvert_v1beta1_Subject_To_rbac_Subject(in, out, s) -} - -func autoConvert_rbac_Subject_To_v1beta1_Subject(in *rbac.Subject, out *v1beta1.Subject, s conversion.Scope) error { - out.Kind = in.Kind - out.APIGroup = in.APIGroup - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_rbac_Subject_To_v1beta1_Subject is an autogenerated conversion function. -func Convert_rbac_Subject_To_v1beta1_Subject(in *rbac.Subject, out *v1beta1.Subject, s conversion.Scope) error { - return autoConvert_rbac_Subject_To_v1beta1_Subject(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.defaults.go deleted file mode 100644 index b4665dfe25..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/rbac/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.ClusterRoleBinding{}, func(obj interface{}) { SetObjectDefaults_ClusterRoleBinding(obj.(*v1beta1.ClusterRoleBinding)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.ClusterRoleBindingList{}, func(obj interface{}) { SetObjectDefaults_ClusterRoleBindingList(obj.(*v1beta1.ClusterRoleBindingList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.RoleBinding{}, func(obj interface{}) { SetObjectDefaults_RoleBinding(obj.(*v1beta1.RoleBinding)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.RoleBindingList{}, func(obj interface{}) { SetObjectDefaults_RoleBindingList(obj.(*v1beta1.RoleBindingList)) }) - return nil -} - -func SetObjectDefaults_ClusterRoleBinding(in *v1beta1.ClusterRoleBinding) { - SetDefaults_ClusterRoleBinding(in) - for i := range in.Subjects { - a := &in.Subjects[i] - SetDefaults_Subject(a) - } -} - -func SetObjectDefaults_ClusterRoleBindingList(in *v1beta1.ClusterRoleBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ClusterRoleBinding(a) - } -} - -func SetObjectDefaults_RoleBinding(in *v1beta1.RoleBinding) { - SetDefaults_RoleBinding(in) - for i := range in.Subjects { - a := &in.Subjects[i] - SetDefaults_Subject(a) - } -} - -func SetObjectDefaults_RoleBindingList(in *v1beta1.RoleBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_RoleBinding(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/validation/validation.go deleted file mode 100644 index b65ac19f72..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/validation/validation.go +++ /dev/null @@ -1,255 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "k8s.io/apimachinery/pkg/api/validation/path" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/rbac" -) - -// ValidateRBACName is exported to allow types outside of the RBAC API group to reuse this validation logic -// Minimal validation of names for roles and bindings. Identical to the validation for Openshift. See: -// * https://github.com/kubernetes/kubernetes/blob/60db507b279ce45bd16ea3db49bf181f2aeb3c3d/pkg/api/validation/name.go -// * https://github.com/openshift/origin/blob/388478c40e751c4295dcb9a44dd69e5ac65d0e3b/pkg/api/helpers.go -func ValidateRBACName(name string, prefix bool) []string { - return path.IsValidPathSegmentName(name) -} - -func ValidateRole(role *rbac.Role) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validation.ValidateObjectMeta(&role.ObjectMeta, true, ValidateRBACName, field.NewPath("metadata"))...) - - for i, rule := range role.Rules { - if err := ValidatePolicyRule(rule, true, field.NewPath("rules").Index(i)); err != nil { - allErrs = append(allErrs, err...) - } - } - if len(allErrs) != 0 { - return allErrs - } - return nil -} - -func ValidateRoleUpdate(role *rbac.Role, oldRole *rbac.Role) field.ErrorList { - allErrs := ValidateRole(role) - allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&role.ObjectMeta, &oldRole.ObjectMeta, field.NewPath("metadata"))...) - - return allErrs -} - -type ClusterRoleValidationOptions struct { - AllowInvalidLabelValueInSelector bool -} - -func ValidateClusterRole(role *rbac.ClusterRole, opts ClusterRoleValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validation.ValidateObjectMeta(&role.ObjectMeta, false, ValidateRBACName, field.NewPath("metadata"))...) - - for i, rule := range role.Rules { - if err := ValidatePolicyRule(rule, false, field.NewPath("rules").Index(i)); err != nil { - allErrs = append(allErrs, err...) - } - } - - labelSelectorValidationOptions := unversionedvalidation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector} - - if role.AggregationRule != nil { - if len(role.AggregationRule.ClusterRoleSelectors) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("aggregationRule", "clusterRoleSelectors"), "at least one clusterRoleSelector required if aggregationRule is non-nil")) - } - for i, selector := range role.AggregationRule.ClusterRoleSelectors { - fieldPath := field.NewPath("aggregationRule", "clusterRoleSelectors").Index(i) - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(&selector, labelSelectorValidationOptions, fieldPath)...) - - selector, err := metav1.LabelSelectorAsSelector(&selector) - if err != nil { - allErrs = append(allErrs, field.Invalid(fieldPath, selector, "invalid label selector.")) - } - } - } - - if len(allErrs) != 0 { - return allErrs - } - return nil -} - -func ValidateClusterRoleUpdate(role *rbac.ClusterRole, oldRole *rbac.ClusterRole, opts ClusterRoleValidationOptions) field.ErrorList { - allErrs := ValidateClusterRole(role, opts) - allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&role.ObjectMeta, &oldRole.ObjectMeta, field.NewPath("metadata"))...) - - return allErrs -} - -// ValidatePolicyRule is exported to allow types outside of the RBAC API group to embed a rbac.PolicyRule and reuse this validation logic -func ValidatePolicyRule(rule rbac.PolicyRule, isNamespaced bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(rule.Verbs) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("verbs"), "verbs must contain at least one value")) - } - - if len(rule.NonResourceURLs) > 0 { - if isNamespaced { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceURLs"), rule.NonResourceURLs, "namespaced rules cannot apply to non-resource URLs")) - } - if len(rule.APIGroups) > 0 || len(rule.Resources) > 0 || len(rule.ResourceNames) > 0 { - allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceURLs"), rule.NonResourceURLs, "rules cannot apply to both regular resources and non-resource URLs")) - } - return allErrs - } - - if len(rule.APIGroups) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("apiGroups"), "resource rules must supply at least one api group")) - } - if len(rule.Resources) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("resources"), "resource rules must supply at least one resource")) - } - return allErrs -} - -func ValidateRoleBinding(roleBinding *rbac.RoleBinding) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, true, ValidateRBACName, field.NewPath("metadata"))...) - - // TODO allow multiple API groups. For now, restrict to one, but I can envision other experimental roles in other groups taking - // advantage of the binding infrastructure - if roleBinding.RoleRef.APIGroup != rbac.GroupName { - allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "apiGroup"), roleBinding.RoleRef.APIGroup, []string{rbac.GroupName})) - } - - switch roleBinding.RoleRef.Kind { - case "Role", "ClusterRole": - default: - allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "kind"), roleBinding.RoleRef.Kind, []string{"Role", "ClusterRole"})) - - } - - if len(roleBinding.RoleRef.Name) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("roleRef", "name"), "")) - } else { - for _, msg := range ValidateRBACName(roleBinding.RoleRef.Name, false) { - allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef", "name"), roleBinding.RoleRef.Name, msg)) - } - } - - subjectsPath := field.NewPath("subjects") - for i, subject := range roleBinding.Subjects { - allErrs = append(allErrs, ValidateRoleBindingSubject(subject, true, subjectsPath.Index(i))...) - } - - return allErrs -} - -func ValidateRoleBindingUpdate(roleBinding *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding) field.ErrorList { - allErrs := ValidateRoleBinding(roleBinding) - allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&roleBinding.ObjectMeta, &oldRoleBinding.ObjectMeta, field.NewPath("metadata"))...) - - if oldRoleBinding.RoleRef != roleBinding.RoleRef { - allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef"), roleBinding.RoleRef, "cannot change roleRef")) - } - - return allErrs -} - -func ValidateClusterRoleBinding(roleBinding *rbac.ClusterRoleBinding) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, false, ValidateRBACName, field.NewPath("metadata"))...) - - // TODO allow multiple API groups. For now, restrict to one, but I can envision other experimental roles in other groups taking - // advantage of the binding infrastructure - if roleBinding.RoleRef.APIGroup != rbac.GroupName { - allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "apiGroup"), roleBinding.RoleRef.APIGroup, []string{rbac.GroupName})) - } - - switch roleBinding.RoleRef.Kind { - case "ClusterRole": - default: - allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "kind"), roleBinding.RoleRef.Kind, []string{"ClusterRole"})) - - } - - if len(roleBinding.RoleRef.Name) == 0 { - allErrs = append(allErrs, field.Required(field.NewPath("roleRef", "name"), "")) - } else { - for _, msg := range ValidateRBACName(roleBinding.RoleRef.Name, false) { - allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef", "name"), roleBinding.RoleRef.Name, msg)) - } - } - - subjectsPath := field.NewPath("subjects") - for i, subject := range roleBinding.Subjects { - allErrs = append(allErrs, ValidateRoleBindingSubject(subject, false, subjectsPath.Index(i))...) - } - - return allErrs -} - -func ValidateClusterRoleBindingUpdate(roleBinding *rbac.ClusterRoleBinding, oldRoleBinding *rbac.ClusterRoleBinding) field.ErrorList { - allErrs := ValidateClusterRoleBinding(roleBinding) - allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&roleBinding.ObjectMeta, &oldRoleBinding.ObjectMeta, field.NewPath("metadata"))...) - - if oldRoleBinding.RoleRef != roleBinding.RoleRef { - allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef"), roleBinding.RoleRef, "cannot change roleRef")) - } - - return allErrs -} - -// ValidateRoleBindingSubject is exported to allow types outside of the RBAC API group to embed a rbac.Subject and reuse this validation logic -func ValidateRoleBindingSubject(subject rbac.Subject, isNamespaced bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(subject.Name) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - - switch subject.Kind { - case rbac.ServiceAccountKind: - if len(subject.Name) > 0 { - for _, msg := range validation.ValidateServiceAccountName(subject.Name, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), subject.Name, msg)) - } - } - if len(subject.APIGroup) > 0 { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("apiGroup"), subject.APIGroup, []string{""})) - } - if !isNamespaced && len(subject.Namespace) == 0 { - allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), "")) - } - - case rbac.UserKind: - // TODO(ericchiang): What other restrictions on user name are there? - if subject.APIGroup != rbac.GroupName { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("apiGroup"), subject.APIGroup, []string{rbac.GroupName})) - } - - case rbac.GroupKind: - // TODO(ericchiang): What other restrictions on group name are there? - if subject.APIGroup != rbac.GroupName { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("apiGroup"), subject.APIGroup, []string{rbac.GroupName})) - } - - default: - allErrs = append(allErrs, field.NotSupported(fldPath.Child("kind"), subject.Kind, []string{rbac.ServiceAccountKind, rbac.UserKind, rbac.GroupKind})) - } - - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/zz_generated.deepcopy.go deleted file mode 100644 index 0f7023a2db..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/rbac/zz_generated.deepcopy.go +++ /dev/null @@ -1,412 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package rbac - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AggregationRule) DeepCopyInto(out *AggregationRule) { - *out = *in - if in.ClusterRoleSelectors != nil { - in, out := &in.ClusterRoleSelectors, &out.ClusterRoleSelectors - *out = make([]v1.LabelSelector, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AggregationRule. -func (in *AggregationRule) DeepCopy() *AggregationRule { - if in == nil { - return nil - } - out := new(AggregationRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterRole) DeepCopyInto(out *ClusterRole) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]PolicyRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.AggregationRule != nil { - in, out := &in.AggregationRule, &out.AggregationRule - *out = new(AggregationRule) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRole. -func (in *ClusterRole) DeepCopy() *ClusterRole { - if in == nil { - return nil - } - out := new(ClusterRole) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterRole) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterRoleBinding) DeepCopyInto(out *ClusterRoleBinding) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Subjects != nil { - in, out := &in.Subjects, &out.Subjects - *out = make([]Subject, len(*in)) - copy(*out, *in) - } - out.RoleRef = in.RoleRef - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBinding. -func (in *ClusterRoleBinding) DeepCopy() *ClusterRoleBinding { - if in == nil { - return nil - } - out := new(ClusterRoleBinding) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterRoleBinding) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterRoleBindingList) DeepCopyInto(out *ClusterRoleBindingList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterRoleBinding, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBindingList. -func (in *ClusterRoleBindingList) DeepCopy() *ClusterRoleBindingList { - if in == nil { - return nil - } - out := new(ClusterRoleBindingList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterRoleBindingList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterRoleList) DeepCopyInto(out *ClusterRoleList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterRole, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleList. -func (in *ClusterRoleList) DeepCopy() *ClusterRoleList { - if in == nil { - return nil - } - out := new(ClusterRoleList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterRoleList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyRule) DeepCopyInto(out *PolicyRule) { - *out = *in - if in.Verbs != nil { - in, out := &in.Verbs, &out.Verbs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.APIGroups != nil { - in, out := &in.APIGroups, &out.APIGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ResourceNames != nil { - in, out := &in.ResourceNames, &out.ResourceNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.NonResourceURLs != nil { - in, out := &in.NonResourceURLs, &out.NonResourceURLs - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule. -func (in *PolicyRule) DeepCopy() *PolicyRule { - if in == nil { - return nil - } - out := new(PolicyRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Role) DeepCopyInto(out *Role) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]PolicyRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role. -func (in *Role) DeepCopy() *Role { - if in == nil { - return nil - } - out := new(Role) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Role) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RoleBinding) DeepCopyInto(out *RoleBinding) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Subjects != nil { - in, out := &in.Subjects, &out.Subjects - *out = make([]Subject, len(*in)) - copy(*out, *in) - } - out.RoleRef = in.RoleRef - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBinding. -func (in *RoleBinding) DeepCopy() *RoleBinding { - if in == nil { - return nil - } - out := new(RoleBinding) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RoleBinding) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RoleBindingList) DeepCopyInto(out *RoleBindingList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]RoleBinding, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBindingList. -func (in *RoleBindingList) DeepCopy() *RoleBindingList { - if in == nil { - return nil - } - out := new(RoleBindingList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RoleBindingList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RoleList) DeepCopyInto(out *RoleList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Role, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleList. -func (in *RoleList) DeepCopy() *RoleList { - if in == nil { - return nil - } - out := new(RoleList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *RoleList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RoleRef) DeepCopyInto(out *RoleRef) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRef. -func (in *RoleRef) DeepCopy() *RoleRef { - if in == nil { - return nil - } - out := new(RoleRef) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in SortableRuleSlice) DeepCopyInto(out *SortableRuleSlice) { - { - in := &in - *out = make(SortableRuleSlice, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - return - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SortableRuleSlice. -func (in SortableRuleSlice) DeepCopy() SortableRuleSlice { - if in == nil { - return nil - } - out := new(SortableRuleSlice) - in.DeepCopyInto(out) - return *out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Subject) DeepCopyInto(out *Subject) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject. -func (in *Subject) DeepCopy() *Subject { - if in == nil { - return nil - } - out := new(Subject) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/OWNERS deleted file mode 100644 index 98397072ae..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - bart0sh - - klueska - - pohly diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/doc.go deleted file mode 100644 index f798bef1f9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -// Package resource contains the latest (or "internal") version of the -// Kubernetes resource API objects. -package resource // import "k8s.io/kubernetes/pkg/apis/resource" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/install/install.go deleted file mode 100644 index f0495e7468..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/install/install.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the resource API, making it available as an -// option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/apis/resource/v1alpha1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(resource.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/register.go deleted file mode 100644 index 35b89de0fb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/register.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resource - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "resource.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder object to register various known types - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - - // AddToScheme represents a func that can be used to apply all the registered - // funcs in a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - if err := scheme.AddIgnoredConversionType(&metav1.TypeMeta{}, &metav1.TypeMeta{}); err != nil { - return err - } - scheme.AddKnownTypes(SchemeGroupVersion, - &ResourceClass{}, - &ResourceClassList{}, - &ResourceClaim{}, - &ResourceClaimList{}, - &ResourceClaimTemplate{}, - &ResourceClaimTemplateList{}, - &PodScheduling{}, - &PodSchedulingList{}, - ) - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/types.go deleted file mode 100644 index 627a09cb42..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/types.go +++ /dev/null @@ -1,404 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resource - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceClaim describes which resources are needed by a resource consumer. -// Its status tracks whether the resource has been allocated and what the -// resulting attributes are. -// -// This is an alpha type and requires enabling the DynamicResourceAllocation -// feature gate. -type ResourceClaim struct { - metav1.TypeMeta - // Standard object metadata - // +optional - metav1.ObjectMeta - - // Spec describes the desired attributes of a resource that then needs - // to be allocated. It can only be set once when creating the - // ResourceClaim. - Spec ResourceClaimSpec - - // Status describes whether the resource is available and with which - // attributes. - // +optional - Status ResourceClaimStatus -} - -// ResourceClaimSpec defines how a resource is to be allocated. -type ResourceClaimSpec struct { - // ResourceClassName references the driver and additional parameters - // via the name of a ResourceClass that was created as part of the - // driver deployment. - ResourceClassName string - - // ParametersRef references a separate object with arbitrary parameters - // that will be used by the driver when allocating a resource for the - // claim. - // - // The object must be in the same namespace as the ResourceClaim. - // +optional - ParametersRef *ResourceClaimParametersReference - - // Allocation can start immediately or when a Pod wants to use the - // resource. "WaitForFirstConsumer" is the default. - // +optional - AllocationMode AllocationMode -} - -// AllocationMode describes whether a ResourceClaim gets allocated immediately -// when it gets created (AllocationModeImmediate) or whether allocation is -// delayed until it is needed for a Pod -// (AllocationModeWaitForFirstConsumer). Other modes might get added in the -// future. -type AllocationMode string - -const ( - // When a ResourceClaim has AllocationModeWaitForFirstConsumer, allocation is - // delayed until a Pod gets scheduled that needs the ResourceClaim. The - // scheduler will consider all resource requirements of that Pod and - // trigger allocation for a node that fits the Pod. - AllocationModeWaitForFirstConsumer AllocationMode = "WaitForFirstConsumer" - - // When a ResourceClaim has AllocationModeImmediate, allocation starts - // as soon as the ResourceClaim gets created. This is done without - // considering the needs of Pods that will use the ResourceClaim - // because those Pods are not known yet. - AllocationModeImmediate AllocationMode = "Immediate" -) - -// ResourceClaimStatus tracks whether the resource has been allocated and what -// the resulting attributes are. -type ResourceClaimStatus struct { - // DriverName is a copy of the driver name from the ResourceClass at - // the time when allocation started. - // +optional - DriverName string - - // Allocation is set by the resource driver once a resource has been - // allocated successfully. If this is not specified, the resource is - // not yet allocated. - // +optional - Allocation *AllocationResult - - // ReservedFor indicates which entities are currently allowed to use - // the claim. A Pod which references a ResourceClaim which is not - // reserved for that Pod will not be started. - // - // There can be at most 32 such reservations. This may get increased in - // the future, but not reduced. - // +optional - ReservedFor []ResourceClaimConsumerReference - - // DeallocationRequested indicates that a ResourceClaim is to be - // deallocated. - // - // The driver then must deallocate this claim and reset the field - // together with clearing the Allocation field. - // - // While DeallocationRequested is set, no new consumers may be added to - // ReservedFor. - // +optional - DeallocationRequested bool -} - -// ReservedForMaxSize is the maximum number of entries in -// claim.status.reservedFor. -const ResourceClaimReservedForMaxSize = 32 - -// AllocationResult contains attributed of an allocated resource. -type AllocationResult struct { - // ResourceHandle contains arbitrary data returned by the driver after a - // successful allocation. This is opaque for - // Kubernetes. Driver documentation may explain to users how to - // interpret this data if needed. - // - // The maximum size of this field is 16KiB. This may get - // increased in the future, but not reduced. - // +optional - ResourceHandle string - - // This field will get set by the resource driver after it has - // allocated the resource driver to inform the scheduler where it can - // schedule Pods using the ResourceClaim. - // - // Setting this field is optional. If null, the resource is available - // everywhere. - // +optional - AvailableOnNodes *core.NodeSelector - - // Shareable determines whether the resource supports more - // than one consumer at a time. - // +optional - Shareable bool -} - -// ResourceHandleMaxSize is the maximum size of allocation.resourceHandle. -const ResourceHandleMaxSize = 16 * 1024 - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceClaimList is a collection of claims. -type ResourceClaimList struct { - metav1.TypeMeta - // Standard list metadata - // +optional - metav1.ListMeta - - // Items is the list of resource claims. - Items []ResourceClaim -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodScheduling objects hold information that is needed to schedule -// a Pod with ResourceClaims that use "WaitForFirstConsumer" allocation -// mode. -// -// This is an alpha type and requires enabling the DynamicResourceAllocation -// feature gate. -type PodScheduling struct { - metav1.TypeMeta - // Standard object metadata - // +optional - metav1.ObjectMeta - - // Spec describes where resources for the Pod are needed. - Spec PodSchedulingSpec - - // Status describes where resources for the Pod can be allocated. - Status PodSchedulingStatus -} - -// PodSchedulingSpec describes where resources for the Pod are needed. -type PodSchedulingSpec struct { - // SelectedNode is the node for which allocation of ResourceClaims that - // are referenced by the Pod and that use "WaitForFirstConsumer" - // allocation is to be attempted. - SelectedNode string - - // PotentialNodes lists nodes where the Pod might be able to run. - // - // The size of this field is limited to 128. This is large enough for - // many clusters. Larger clusters may need more attempts to find a node - // that suits all pending resources. This may get increased in the - // future, but not reduced. - // +optional - PotentialNodes []string -} - -// PodSchedulingStatus describes where resources for the Pod can be allocated. -type PodSchedulingStatus struct { - // ResourceClaims describes resource availability for each - // pod.spec.resourceClaim entry where the corresponding ResourceClaim - // uses "WaitForFirstConsumer" allocation mode. - // +optional - ResourceClaims []ResourceClaimSchedulingStatus - - // If there ever is a need to support other kinds of resources - // than ResourceClaim, then new fields could get added here - // for those other resources. -} - -// ResourceClaimSchedulingStatus contains information about one particular -// ResourceClaim with "WaitForFirstConsumer" allocation mode. -type ResourceClaimSchedulingStatus struct { - // Name matches the pod.spec.resourceClaims[*].Name field. - Name string - - // UnsuitableNodes lists nodes that the ResourceClaim cannot be - // allocated for. - // - // The size of this field is limited to 128, the same as for - // PodSchedulingSpec.PotentialNodes. This may get increased in the - // future, but not reduced. - // +optional - UnsuitableNodes []string -} - -// PodSchedulingNodeListMaxSize defines the maximum number of entries in the -// node lists that are stored in PodScheduling objects. This limit is part -// of the API. -const PodSchedulingNodeListMaxSize = 128 - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodSchedulingList is a collection of Pod scheduling objects. -type PodSchedulingList struct { - metav1.TypeMeta - // Standard list metadata - // +optional - metav1.ListMeta - - // Items is the list of PodScheduling objects. - Items []PodScheduling -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceClass is used by administrators to influence how resources -// are allocated. -// -// This is an alpha type and requires enabling the DynamicResourceAllocation -// feature gate. -type ResourceClass struct { - metav1.TypeMeta - // Standard object metadata - // +optional - metav1.ObjectMeta - - // DriverName defines the name of the dynamic resource driver that is - // used for allocation of a ResourceClaim that uses this class. - // - // Resource drivers have a unique name in forward domain order - // (acme.example.com). - DriverName string - - // ParametersRef references an arbitrary separate object that may hold - // parameters that will be used by the driver when allocating a - // resource that uses this class. A dynamic resource driver can - // distinguish between parameters stored here and and those stored in - // ResourceClaimSpec. - // +optional - ParametersRef *ResourceClassParametersReference - - // Only nodes matching the selector will be considered by the scheduler - // when trying to find a Node that fits a Pod when that Pod uses - // a ResourceClaim that has not been allocated yet. - // - // Setting this field is optional. If null, all nodes are candidates. - // +optional - SuitableNodes *core.NodeSelector -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceClassList is a collection of classes. -type ResourceClassList struct { - metav1.TypeMeta - // Standard list metadata - // +optional - metav1.ListMeta - - // Items is the list of resource classes. - Items []ResourceClass -} - -// ResourceClassParametersReference contains enough information to let you -// locate the parameters for a ResourceClass. -type ResourceClassParametersReference struct { - // APIGroup is the group for the resource being referenced. It is - // empty for the core API. This matches the group in the APIVersion - // that is used when creating the resources. - // +optional - APIGroup string - // Kind is the type of resource being referenced. This is the same - // value as in the parameter object's metadata. - Kind string - // Name is the name of resource being referenced. - Name string - // Namespace that contains the referenced resource. Must be empty - // for cluster-scoped resources and non-empty for namespaced - // resources. - // +optional - Namespace string -} - -// ResourceClaimParametersReference contains enough information to let you -// locate the parameters for a ResourceClaim. The object must be in the same -// namespace as the ResourceClaim. -type ResourceClaimParametersReference struct { - // APIGroup is the group for the resource being referenced. It is - // empty for the core API. This matches the group in the APIVersion - // that is used when creating the resources. - // +optional - APIGroup string - // Kind is the type of resource being referenced. This is the same - // value as in the parameter object's metadata, for example "ConfigMap". - Kind string - // Name is the name of resource being referenced. - Name string -} - -// ResourceClaimConsumerReference contains enough information to let you -// locate the consumer of a ResourceClaim. The user must be a resource in the same -// namespace as the ResourceClaim. -type ResourceClaimConsumerReference struct { - // APIGroup is the group for the resource being referenced. It is - // empty for the core API. This matches the group in the APIVersion - // that is used when creating the resources. - // +optional - APIGroup string - // Resource is the type of resource being referenced, for example "pods". - Resource string - // Name is the name of resource being referenced. - Name string - // UID identifies exactly one incarnation of the resource. - UID types.UID -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceClaimTemplate is used to produce ResourceClaim objects. -type ResourceClaimTemplate struct { - metav1.TypeMeta - // Standard object metadata - // +optional - metav1.ObjectMeta - - // Describes the ResourceClaim that is to be generated. - // - // This field is immutable. A ResourceClaim will get created by the - // control plane for a Pod when needed and then not get updated - // anymore. - Spec ResourceClaimTemplateSpec -} - -// ResourceClaimTemplateSpec contains the metadata and fields for a ResourceClaim. -type ResourceClaimTemplateSpec struct { - // ObjectMeta may contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // +optional - metav1.ObjectMeta - - // Spec for the ResourceClaim. The entire content is copied unchanged - // into the ResourceClaim that gets created from this template. The - // same fields as in a ResourceClaim are also valid here. - Spec ResourceClaimSpec -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ResourceClaimTemplateList is a collection of claim templates. -type ResourceClaimTemplateList struct { - metav1.TypeMeta - // Standard list metadata - // +optional - metav1.ListMeta - - // Items is the list of resource claim templates. - Items []ResourceClaimTemplate -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/conversion.go deleted file mode 100644 index 25db58993f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/conversion.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/defaults.go deleted file mode 100644 index 8bc728f389..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/defaults.go +++ /dev/null @@ -1,32 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/api/resource/v1alpha1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_ResourceClaimSpec(obj *v1alpha1.ResourceClaimSpec) { - if obj.AllocationMode == "" { - obj.AllocationMode = v1alpha1.AllocationModeWaitForFirstConsumer - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/doc.go deleted file mode 100644 index 77afe07224..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/resource -// +k8s:conversion-gen-external-types=k8s.io/api/resource/v1alpha1 -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/resource/v1alpha1 - -// Package v1alpha1 is the v1alpha1 version of the resource API. -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/resource/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/register.go deleted file mode 100644 index cd225b259d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/api/resource/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - localSchemeBuilder = &v1alpha1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) -} - -// TODO: remove these global variables -// GroupName is the group name use in this package -const GroupName = "resource.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index da556bcae1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,668 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1alpha1 "k8s.io/api/resource/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - types "k8s.io/apimachinery/pkg/types" - core "k8s.io/kubernetes/pkg/apis/core" - resource "k8s.io/kubernetes/pkg/apis/resource" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.AllocationResult)(nil), (*resource.AllocationResult)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_AllocationResult_To_resource_AllocationResult(a.(*v1alpha1.AllocationResult), b.(*resource.AllocationResult), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.AllocationResult)(nil), (*v1alpha1.AllocationResult)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_AllocationResult_To_v1alpha1_AllocationResult(a.(*resource.AllocationResult), b.(*v1alpha1.AllocationResult), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PodScheduling)(nil), (*resource.PodScheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PodScheduling_To_resource_PodScheduling(a.(*v1alpha1.PodScheduling), b.(*resource.PodScheduling), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.PodScheduling)(nil), (*v1alpha1.PodScheduling)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_PodScheduling_To_v1alpha1_PodScheduling(a.(*resource.PodScheduling), b.(*v1alpha1.PodScheduling), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PodSchedulingList)(nil), (*resource.PodSchedulingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PodSchedulingList_To_resource_PodSchedulingList(a.(*v1alpha1.PodSchedulingList), b.(*resource.PodSchedulingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.PodSchedulingList)(nil), (*v1alpha1.PodSchedulingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_PodSchedulingList_To_v1alpha1_PodSchedulingList(a.(*resource.PodSchedulingList), b.(*v1alpha1.PodSchedulingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PodSchedulingSpec)(nil), (*resource.PodSchedulingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PodSchedulingSpec_To_resource_PodSchedulingSpec(a.(*v1alpha1.PodSchedulingSpec), b.(*resource.PodSchedulingSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.PodSchedulingSpec)(nil), (*v1alpha1.PodSchedulingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_PodSchedulingSpec_To_v1alpha1_PodSchedulingSpec(a.(*resource.PodSchedulingSpec), b.(*v1alpha1.PodSchedulingSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PodSchedulingStatus)(nil), (*resource.PodSchedulingStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PodSchedulingStatus_To_resource_PodSchedulingStatus(a.(*v1alpha1.PodSchedulingStatus), b.(*resource.PodSchedulingStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.PodSchedulingStatus)(nil), (*v1alpha1.PodSchedulingStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_PodSchedulingStatus_To_v1alpha1_PodSchedulingStatus(a.(*resource.PodSchedulingStatus), b.(*v1alpha1.PodSchedulingStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaim)(nil), (*resource.ResourceClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaim_To_resource_ResourceClaim(a.(*v1alpha1.ResourceClaim), b.(*resource.ResourceClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaim)(nil), (*v1alpha1.ResourceClaim)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaim_To_v1alpha1_ResourceClaim(a.(*resource.ResourceClaim), b.(*v1alpha1.ResourceClaim), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimConsumerReference)(nil), (*resource.ResourceClaimConsumerReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimConsumerReference_To_resource_ResourceClaimConsumerReference(a.(*v1alpha1.ResourceClaimConsumerReference), b.(*resource.ResourceClaimConsumerReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimConsumerReference)(nil), (*v1alpha1.ResourceClaimConsumerReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimConsumerReference_To_v1alpha1_ResourceClaimConsumerReference(a.(*resource.ResourceClaimConsumerReference), b.(*v1alpha1.ResourceClaimConsumerReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimList)(nil), (*resource.ResourceClaimList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimList_To_resource_ResourceClaimList(a.(*v1alpha1.ResourceClaimList), b.(*resource.ResourceClaimList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimList)(nil), (*v1alpha1.ResourceClaimList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimList_To_v1alpha1_ResourceClaimList(a.(*resource.ResourceClaimList), b.(*v1alpha1.ResourceClaimList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimParametersReference)(nil), (*resource.ResourceClaimParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimParametersReference_To_resource_ResourceClaimParametersReference(a.(*v1alpha1.ResourceClaimParametersReference), b.(*resource.ResourceClaimParametersReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimParametersReference)(nil), (*v1alpha1.ResourceClaimParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimParametersReference_To_v1alpha1_ResourceClaimParametersReference(a.(*resource.ResourceClaimParametersReference), b.(*v1alpha1.ResourceClaimParametersReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimSchedulingStatus)(nil), (*resource.ResourceClaimSchedulingStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimSchedulingStatus_To_resource_ResourceClaimSchedulingStatus(a.(*v1alpha1.ResourceClaimSchedulingStatus), b.(*resource.ResourceClaimSchedulingStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimSchedulingStatus)(nil), (*v1alpha1.ResourceClaimSchedulingStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimSchedulingStatus_To_v1alpha1_ResourceClaimSchedulingStatus(a.(*resource.ResourceClaimSchedulingStatus), b.(*v1alpha1.ResourceClaimSchedulingStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimSpec)(nil), (*resource.ResourceClaimSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimSpec_To_resource_ResourceClaimSpec(a.(*v1alpha1.ResourceClaimSpec), b.(*resource.ResourceClaimSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimSpec)(nil), (*v1alpha1.ResourceClaimSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimSpec_To_v1alpha1_ResourceClaimSpec(a.(*resource.ResourceClaimSpec), b.(*v1alpha1.ResourceClaimSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimStatus)(nil), (*resource.ResourceClaimStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimStatus_To_resource_ResourceClaimStatus(a.(*v1alpha1.ResourceClaimStatus), b.(*resource.ResourceClaimStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimStatus)(nil), (*v1alpha1.ResourceClaimStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimStatus_To_v1alpha1_ResourceClaimStatus(a.(*resource.ResourceClaimStatus), b.(*v1alpha1.ResourceClaimStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimTemplate)(nil), (*resource.ResourceClaimTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimTemplate_To_resource_ResourceClaimTemplate(a.(*v1alpha1.ResourceClaimTemplate), b.(*resource.ResourceClaimTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimTemplate)(nil), (*v1alpha1.ResourceClaimTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimTemplate_To_v1alpha1_ResourceClaimTemplate(a.(*resource.ResourceClaimTemplate), b.(*v1alpha1.ResourceClaimTemplate), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimTemplateList)(nil), (*resource.ResourceClaimTemplateList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimTemplateList_To_resource_ResourceClaimTemplateList(a.(*v1alpha1.ResourceClaimTemplateList), b.(*resource.ResourceClaimTemplateList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimTemplateList)(nil), (*v1alpha1.ResourceClaimTemplateList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimTemplateList_To_v1alpha1_ResourceClaimTemplateList(a.(*resource.ResourceClaimTemplateList), b.(*v1alpha1.ResourceClaimTemplateList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClaimTemplateSpec)(nil), (*resource.ResourceClaimTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClaimTemplateSpec_To_resource_ResourceClaimTemplateSpec(a.(*v1alpha1.ResourceClaimTemplateSpec), b.(*resource.ResourceClaimTemplateSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClaimTemplateSpec)(nil), (*v1alpha1.ResourceClaimTemplateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClaimTemplateSpec_To_v1alpha1_ResourceClaimTemplateSpec(a.(*resource.ResourceClaimTemplateSpec), b.(*v1alpha1.ResourceClaimTemplateSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClass)(nil), (*resource.ResourceClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClass_To_resource_ResourceClass(a.(*v1alpha1.ResourceClass), b.(*resource.ResourceClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClass)(nil), (*v1alpha1.ResourceClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClass_To_v1alpha1_ResourceClass(a.(*resource.ResourceClass), b.(*v1alpha1.ResourceClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClassList)(nil), (*resource.ResourceClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClassList_To_resource_ResourceClassList(a.(*v1alpha1.ResourceClassList), b.(*resource.ResourceClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClassList)(nil), (*v1alpha1.ResourceClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClassList_To_v1alpha1_ResourceClassList(a.(*resource.ResourceClassList), b.(*v1alpha1.ResourceClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.ResourceClassParametersReference)(nil), (*resource.ResourceClassParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ResourceClassParametersReference_To_resource_ResourceClassParametersReference(a.(*v1alpha1.ResourceClassParametersReference), b.(*resource.ResourceClassParametersReference), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*resource.ResourceClassParametersReference)(nil), (*v1alpha1.ResourceClassParametersReference)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_resource_ResourceClassParametersReference_To_v1alpha1_ResourceClassParametersReference(a.(*resource.ResourceClassParametersReference), b.(*v1alpha1.ResourceClassParametersReference), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_AllocationResult_To_resource_AllocationResult(in *v1alpha1.AllocationResult, out *resource.AllocationResult, s conversion.Scope) error { - out.ResourceHandle = in.ResourceHandle - out.AvailableOnNodes = (*core.NodeSelector)(unsafe.Pointer(in.AvailableOnNodes)) - out.Shareable = in.Shareable - return nil -} - -// Convert_v1alpha1_AllocationResult_To_resource_AllocationResult is an autogenerated conversion function. -func Convert_v1alpha1_AllocationResult_To_resource_AllocationResult(in *v1alpha1.AllocationResult, out *resource.AllocationResult, s conversion.Scope) error { - return autoConvert_v1alpha1_AllocationResult_To_resource_AllocationResult(in, out, s) -} - -func autoConvert_resource_AllocationResult_To_v1alpha1_AllocationResult(in *resource.AllocationResult, out *v1alpha1.AllocationResult, s conversion.Scope) error { - out.ResourceHandle = in.ResourceHandle - out.AvailableOnNodes = (*v1.NodeSelector)(unsafe.Pointer(in.AvailableOnNodes)) - out.Shareable = in.Shareable - return nil -} - -// Convert_resource_AllocationResult_To_v1alpha1_AllocationResult is an autogenerated conversion function. -func Convert_resource_AllocationResult_To_v1alpha1_AllocationResult(in *resource.AllocationResult, out *v1alpha1.AllocationResult, s conversion.Scope) error { - return autoConvert_resource_AllocationResult_To_v1alpha1_AllocationResult(in, out, s) -} - -func autoConvert_v1alpha1_PodScheduling_To_resource_PodScheduling(in *v1alpha1.PodScheduling, out *resource.PodScheduling, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_PodSchedulingSpec_To_resource_PodSchedulingSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_PodSchedulingStatus_To_resource_PodSchedulingStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_PodScheduling_To_resource_PodScheduling is an autogenerated conversion function. -func Convert_v1alpha1_PodScheduling_To_resource_PodScheduling(in *v1alpha1.PodScheduling, out *resource.PodScheduling, s conversion.Scope) error { - return autoConvert_v1alpha1_PodScheduling_To_resource_PodScheduling(in, out, s) -} - -func autoConvert_resource_PodScheduling_To_v1alpha1_PodScheduling(in *resource.PodScheduling, out *v1alpha1.PodScheduling, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_resource_PodSchedulingSpec_To_v1alpha1_PodSchedulingSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_resource_PodSchedulingStatus_To_v1alpha1_PodSchedulingStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_resource_PodScheduling_To_v1alpha1_PodScheduling is an autogenerated conversion function. -func Convert_resource_PodScheduling_To_v1alpha1_PodScheduling(in *resource.PodScheduling, out *v1alpha1.PodScheduling, s conversion.Scope) error { - return autoConvert_resource_PodScheduling_To_v1alpha1_PodScheduling(in, out, s) -} - -func autoConvert_v1alpha1_PodSchedulingList_To_resource_PodSchedulingList(in *v1alpha1.PodSchedulingList, out *resource.PodSchedulingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]resource.PodScheduling)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_PodSchedulingList_To_resource_PodSchedulingList is an autogenerated conversion function. -func Convert_v1alpha1_PodSchedulingList_To_resource_PodSchedulingList(in *v1alpha1.PodSchedulingList, out *resource.PodSchedulingList, s conversion.Scope) error { - return autoConvert_v1alpha1_PodSchedulingList_To_resource_PodSchedulingList(in, out, s) -} - -func autoConvert_resource_PodSchedulingList_To_v1alpha1_PodSchedulingList(in *resource.PodSchedulingList, out *v1alpha1.PodSchedulingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.PodScheduling)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_resource_PodSchedulingList_To_v1alpha1_PodSchedulingList is an autogenerated conversion function. -func Convert_resource_PodSchedulingList_To_v1alpha1_PodSchedulingList(in *resource.PodSchedulingList, out *v1alpha1.PodSchedulingList, s conversion.Scope) error { - return autoConvert_resource_PodSchedulingList_To_v1alpha1_PodSchedulingList(in, out, s) -} - -func autoConvert_v1alpha1_PodSchedulingSpec_To_resource_PodSchedulingSpec(in *v1alpha1.PodSchedulingSpec, out *resource.PodSchedulingSpec, s conversion.Scope) error { - out.SelectedNode = in.SelectedNode - out.PotentialNodes = *(*[]string)(unsafe.Pointer(&in.PotentialNodes)) - return nil -} - -// Convert_v1alpha1_PodSchedulingSpec_To_resource_PodSchedulingSpec is an autogenerated conversion function. -func Convert_v1alpha1_PodSchedulingSpec_To_resource_PodSchedulingSpec(in *v1alpha1.PodSchedulingSpec, out *resource.PodSchedulingSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_PodSchedulingSpec_To_resource_PodSchedulingSpec(in, out, s) -} - -func autoConvert_resource_PodSchedulingSpec_To_v1alpha1_PodSchedulingSpec(in *resource.PodSchedulingSpec, out *v1alpha1.PodSchedulingSpec, s conversion.Scope) error { - out.SelectedNode = in.SelectedNode - out.PotentialNodes = *(*[]string)(unsafe.Pointer(&in.PotentialNodes)) - return nil -} - -// Convert_resource_PodSchedulingSpec_To_v1alpha1_PodSchedulingSpec is an autogenerated conversion function. -func Convert_resource_PodSchedulingSpec_To_v1alpha1_PodSchedulingSpec(in *resource.PodSchedulingSpec, out *v1alpha1.PodSchedulingSpec, s conversion.Scope) error { - return autoConvert_resource_PodSchedulingSpec_To_v1alpha1_PodSchedulingSpec(in, out, s) -} - -func autoConvert_v1alpha1_PodSchedulingStatus_To_resource_PodSchedulingStatus(in *v1alpha1.PodSchedulingStatus, out *resource.PodSchedulingStatus, s conversion.Scope) error { - out.ResourceClaims = *(*[]resource.ResourceClaimSchedulingStatus)(unsafe.Pointer(&in.ResourceClaims)) - return nil -} - -// Convert_v1alpha1_PodSchedulingStatus_To_resource_PodSchedulingStatus is an autogenerated conversion function. -func Convert_v1alpha1_PodSchedulingStatus_To_resource_PodSchedulingStatus(in *v1alpha1.PodSchedulingStatus, out *resource.PodSchedulingStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_PodSchedulingStatus_To_resource_PodSchedulingStatus(in, out, s) -} - -func autoConvert_resource_PodSchedulingStatus_To_v1alpha1_PodSchedulingStatus(in *resource.PodSchedulingStatus, out *v1alpha1.PodSchedulingStatus, s conversion.Scope) error { - out.ResourceClaims = *(*[]v1alpha1.ResourceClaimSchedulingStatus)(unsafe.Pointer(&in.ResourceClaims)) - return nil -} - -// Convert_resource_PodSchedulingStatus_To_v1alpha1_PodSchedulingStatus is an autogenerated conversion function. -func Convert_resource_PodSchedulingStatus_To_v1alpha1_PodSchedulingStatus(in *resource.PodSchedulingStatus, out *v1alpha1.PodSchedulingStatus, s conversion.Scope) error { - return autoConvert_resource_PodSchedulingStatus_To_v1alpha1_PodSchedulingStatus(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaim_To_resource_ResourceClaim(in *v1alpha1.ResourceClaim, out *resource.ResourceClaim, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_ResourceClaimSpec_To_resource_ResourceClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_ResourceClaimStatus_To_resource_ResourceClaimStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ResourceClaim_To_resource_ResourceClaim is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaim_To_resource_ResourceClaim(in *v1alpha1.ResourceClaim, out *resource.ResourceClaim, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaim_To_resource_ResourceClaim(in, out, s) -} - -func autoConvert_resource_ResourceClaim_To_v1alpha1_ResourceClaim(in *resource.ResourceClaim, out *v1alpha1.ResourceClaim, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_resource_ResourceClaimSpec_To_v1alpha1_ResourceClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_resource_ResourceClaimStatus_To_v1alpha1_ResourceClaimStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_resource_ResourceClaim_To_v1alpha1_ResourceClaim is an autogenerated conversion function. -func Convert_resource_ResourceClaim_To_v1alpha1_ResourceClaim(in *resource.ResourceClaim, out *v1alpha1.ResourceClaim, s conversion.Scope) error { - return autoConvert_resource_ResourceClaim_To_v1alpha1_ResourceClaim(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimConsumerReference_To_resource_ResourceClaimConsumerReference(in *v1alpha1.ResourceClaimConsumerReference, out *resource.ResourceClaimConsumerReference, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.Name = in.Name - out.UID = types.UID(in.UID) - return nil -} - -// Convert_v1alpha1_ResourceClaimConsumerReference_To_resource_ResourceClaimConsumerReference is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimConsumerReference_To_resource_ResourceClaimConsumerReference(in *v1alpha1.ResourceClaimConsumerReference, out *resource.ResourceClaimConsumerReference, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimConsumerReference_To_resource_ResourceClaimConsumerReference(in, out, s) -} - -func autoConvert_resource_ResourceClaimConsumerReference_To_v1alpha1_ResourceClaimConsumerReference(in *resource.ResourceClaimConsumerReference, out *v1alpha1.ResourceClaimConsumerReference, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Resource = in.Resource - out.Name = in.Name - out.UID = types.UID(in.UID) - return nil -} - -// Convert_resource_ResourceClaimConsumerReference_To_v1alpha1_ResourceClaimConsumerReference is an autogenerated conversion function. -func Convert_resource_ResourceClaimConsumerReference_To_v1alpha1_ResourceClaimConsumerReference(in *resource.ResourceClaimConsumerReference, out *v1alpha1.ResourceClaimConsumerReference, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimConsumerReference_To_v1alpha1_ResourceClaimConsumerReference(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimList_To_resource_ResourceClaimList(in *v1alpha1.ResourceClaimList, out *resource.ResourceClaimList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]resource.ResourceClaim)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_ResourceClaimList_To_resource_ResourceClaimList is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimList_To_resource_ResourceClaimList(in *v1alpha1.ResourceClaimList, out *resource.ResourceClaimList, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimList_To_resource_ResourceClaimList(in, out, s) -} - -func autoConvert_resource_ResourceClaimList_To_v1alpha1_ResourceClaimList(in *resource.ResourceClaimList, out *v1alpha1.ResourceClaimList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.ResourceClaim)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_resource_ResourceClaimList_To_v1alpha1_ResourceClaimList is an autogenerated conversion function. -func Convert_resource_ResourceClaimList_To_v1alpha1_ResourceClaimList(in *resource.ResourceClaimList, out *v1alpha1.ResourceClaimList, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimList_To_v1alpha1_ResourceClaimList(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimParametersReference_To_resource_ResourceClaimParametersReference(in *v1alpha1.ResourceClaimParametersReference, out *resource.ResourceClaimParametersReference, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_v1alpha1_ResourceClaimParametersReference_To_resource_ResourceClaimParametersReference is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimParametersReference_To_resource_ResourceClaimParametersReference(in *v1alpha1.ResourceClaimParametersReference, out *resource.ResourceClaimParametersReference, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimParametersReference_To_resource_ResourceClaimParametersReference(in, out, s) -} - -func autoConvert_resource_ResourceClaimParametersReference_To_v1alpha1_ResourceClaimParametersReference(in *resource.ResourceClaimParametersReference, out *v1alpha1.ResourceClaimParametersReference, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - return nil -} - -// Convert_resource_ResourceClaimParametersReference_To_v1alpha1_ResourceClaimParametersReference is an autogenerated conversion function. -func Convert_resource_ResourceClaimParametersReference_To_v1alpha1_ResourceClaimParametersReference(in *resource.ResourceClaimParametersReference, out *v1alpha1.ResourceClaimParametersReference, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimParametersReference_To_v1alpha1_ResourceClaimParametersReference(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimSchedulingStatus_To_resource_ResourceClaimSchedulingStatus(in *v1alpha1.ResourceClaimSchedulingStatus, out *resource.ResourceClaimSchedulingStatus, s conversion.Scope) error { - out.Name = in.Name - out.UnsuitableNodes = *(*[]string)(unsafe.Pointer(&in.UnsuitableNodes)) - return nil -} - -// Convert_v1alpha1_ResourceClaimSchedulingStatus_To_resource_ResourceClaimSchedulingStatus is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimSchedulingStatus_To_resource_ResourceClaimSchedulingStatus(in *v1alpha1.ResourceClaimSchedulingStatus, out *resource.ResourceClaimSchedulingStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimSchedulingStatus_To_resource_ResourceClaimSchedulingStatus(in, out, s) -} - -func autoConvert_resource_ResourceClaimSchedulingStatus_To_v1alpha1_ResourceClaimSchedulingStatus(in *resource.ResourceClaimSchedulingStatus, out *v1alpha1.ResourceClaimSchedulingStatus, s conversion.Scope) error { - out.Name = in.Name - out.UnsuitableNodes = *(*[]string)(unsafe.Pointer(&in.UnsuitableNodes)) - return nil -} - -// Convert_resource_ResourceClaimSchedulingStatus_To_v1alpha1_ResourceClaimSchedulingStatus is an autogenerated conversion function. -func Convert_resource_ResourceClaimSchedulingStatus_To_v1alpha1_ResourceClaimSchedulingStatus(in *resource.ResourceClaimSchedulingStatus, out *v1alpha1.ResourceClaimSchedulingStatus, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimSchedulingStatus_To_v1alpha1_ResourceClaimSchedulingStatus(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimSpec_To_resource_ResourceClaimSpec(in *v1alpha1.ResourceClaimSpec, out *resource.ResourceClaimSpec, s conversion.Scope) error { - out.ResourceClassName = in.ResourceClassName - out.ParametersRef = (*resource.ResourceClaimParametersReference)(unsafe.Pointer(in.ParametersRef)) - out.AllocationMode = resource.AllocationMode(in.AllocationMode) - return nil -} - -// Convert_v1alpha1_ResourceClaimSpec_To_resource_ResourceClaimSpec is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimSpec_To_resource_ResourceClaimSpec(in *v1alpha1.ResourceClaimSpec, out *resource.ResourceClaimSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimSpec_To_resource_ResourceClaimSpec(in, out, s) -} - -func autoConvert_resource_ResourceClaimSpec_To_v1alpha1_ResourceClaimSpec(in *resource.ResourceClaimSpec, out *v1alpha1.ResourceClaimSpec, s conversion.Scope) error { - out.ResourceClassName = in.ResourceClassName - out.ParametersRef = (*v1alpha1.ResourceClaimParametersReference)(unsafe.Pointer(in.ParametersRef)) - out.AllocationMode = v1alpha1.AllocationMode(in.AllocationMode) - return nil -} - -// Convert_resource_ResourceClaimSpec_To_v1alpha1_ResourceClaimSpec is an autogenerated conversion function. -func Convert_resource_ResourceClaimSpec_To_v1alpha1_ResourceClaimSpec(in *resource.ResourceClaimSpec, out *v1alpha1.ResourceClaimSpec, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimSpec_To_v1alpha1_ResourceClaimSpec(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimStatus_To_resource_ResourceClaimStatus(in *v1alpha1.ResourceClaimStatus, out *resource.ResourceClaimStatus, s conversion.Scope) error { - out.DriverName = in.DriverName - out.Allocation = (*resource.AllocationResult)(unsafe.Pointer(in.Allocation)) - out.ReservedFor = *(*[]resource.ResourceClaimConsumerReference)(unsafe.Pointer(&in.ReservedFor)) - out.DeallocationRequested = in.DeallocationRequested - return nil -} - -// Convert_v1alpha1_ResourceClaimStatus_To_resource_ResourceClaimStatus is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimStatus_To_resource_ResourceClaimStatus(in *v1alpha1.ResourceClaimStatus, out *resource.ResourceClaimStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimStatus_To_resource_ResourceClaimStatus(in, out, s) -} - -func autoConvert_resource_ResourceClaimStatus_To_v1alpha1_ResourceClaimStatus(in *resource.ResourceClaimStatus, out *v1alpha1.ResourceClaimStatus, s conversion.Scope) error { - out.DriverName = in.DriverName - out.Allocation = (*v1alpha1.AllocationResult)(unsafe.Pointer(in.Allocation)) - out.ReservedFor = *(*[]v1alpha1.ResourceClaimConsumerReference)(unsafe.Pointer(&in.ReservedFor)) - out.DeallocationRequested = in.DeallocationRequested - return nil -} - -// Convert_resource_ResourceClaimStatus_To_v1alpha1_ResourceClaimStatus is an autogenerated conversion function. -func Convert_resource_ResourceClaimStatus_To_v1alpha1_ResourceClaimStatus(in *resource.ResourceClaimStatus, out *v1alpha1.ResourceClaimStatus, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimStatus_To_v1alpha1_ResourceClaimStatus(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimTemplate_To_resource_ResourceClaimTemplate(in *v1alpha1.ResourceClaimTemplate, out *resource.ResourceClaimTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_ResourceClaimTemplateSpec_To_resource_ResourceClaimTemplateSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ResourceClaimTemplate_To_resource_ResourceClaimTemplate is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimTemplate_To_resource_ResourceClaimTemplate(in *v1alpha1.ResourceClaimTemplate, out *resource.ResourceClaimTemplate, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimTemplate_To_resource_ResourceClaimTemplate(in, out, s) -} - -func autoConvert_resource_ResourceClaimTemplate_To_v1alpha1_ResourceClaimTemplate(in *resource.ResourceClaimTemplate, out *v1alpha1.ResourceClaimTemplate, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_resource_ResourceClaimTemplateSpec_To_v1alpha1_ResourceClaimTemplateSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_resource_ResourceClaimTemplate_To_v1alpha1_ResourceClaimTemplate is an autogenerated conversion function. -func Convert_resource_ResourceClaimTemplate_To_v1alpha1_ResourceClaimTemplate(in *resource.ResourceClaimTemplate, out *v1alpha1.ResourceClaimTemplate, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimTemplate_To_v1alpha1_ResourceClaimTemplate(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimTemplateList_To_resource_ResourceClaimTemplateList(in *v1alpha1.ResourceClaimTemplateList, out *resource.ResourceClaimTemplateList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]resource.ResourceClaimTemplate)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_ResourceClaimTemplateList_To_resource_ResourceClaimTemplateList is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimTemplateList_To_resource_ResourceClaimTemplateList(in *v1alpha1.ResourceClaimTemplateList, out *resource.ResourceClaimTemplateList, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimTemplateList_To_resource_ResourceClaimTemplateList(in, out, s) -} - -func autoConvert_resource_ResourceClaimTemplateList_To_v1alpha1_ResourceClaimTemplateList(in *resource.ResourceClaimTemplateList, out *v1alpha1.ResourceClaimTemplateList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.ResourceClaimTemplate)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_resource_ResourceClaimTemplateList_To_v1alpha1_ResourceClaimTemplateList is an autogenerated conversion function. -func Convert_resource_ResourceClaimTemplateList_To_v1alpha1_ResourceClaimTemplateList(in *resource.ResourceClaimTemplateList, out *v1alpha1.ResourceClaimTemplateList, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimTemplateList_To_v1alpha1_ResourceClaimTemplateList(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClaimTemplateSpec_To_resource_ResourceClaimTemplateSpec(in *v1alpha1.ResourceClaimTemplateSpec, out *resource.ResourceClaimTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_ResourceClaimSpec_To_resource_ResourceClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_ResourceClaimTemplateSpec_To_resource_ResourceClaimTemplateSpec is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClaimTemplateSpec_To_resource_ResourceClaimTemplateSpec(in *v1alpha1.ResourceClaimTemplateSpec, out *resource.ResourceClaimTemplateSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClaimTemplateSpec_To_resource_ResourceClaimTemplateSpec(in, out, s) -} - -func autoConvert_resource_ResourceClaimTemplateSpec_To_v1alpha1_ResourceClaimTemplateSpec(in *resource.ResourceClaimTemplateSpec, out *v1alpha1.ResourceClaimTemplateSpec, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_resource_ResourceClaimSpec_To_v1alpha1_ResourceClaimSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_resource_ResourceClaimTemplateSpec_To_v1alpha1_ResourceClaimTemplateSpec is an autogenerated conversion function. -func Convert_resource_ResourceClaimTemplateSpec_To_v1alpha1_ResourceClaimTemplateSpec(in *resource.ResourceClaimTemplateSpec, out *v1alpha1.ResourceClaimTemplateSpec, s conversion.Scope) error { - return autoConvert_resource_ResourceClaimTemplateSpec_To_v1alpha1_ResourceClaimTemplateSpec(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClass_To_resource_ResourceClass(in *v1alpha1.ResourceClass, out *resource.ResourceClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.DriverName = in.DriverName - out.ParametersRef = (*resource.ResourceClassParametersReference)(unsafe.Pointer(in.ParametersRef)) - out.SuitableNodes = (*core.NodeSelector)(unsafe.Pointer(in.SuitableNodes)) - return nil -} - -// Convert_v1alpha1_ResourceClass_To_resource_ResourceClass is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClass_To_resource_ResourceClass(in *v1alpha1.ResourceClass, out *resource.ResourceClass, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClass_To_resource_ResourceClass(in, out, s) -} - -func autoConvert_resource_ResourceClass_To_v1alpha1_ResourceClass(in *resource.ResourceClass, out *v1alpha1.ResourceClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.DriverName = in.DriverName - out.ParametersRef = (*v1alpha1.ResourceClassParametersReference)(unsafe.Pointer(in.ParametersRef)) - out.SuitableNodes = (*v1.NodeSelector)(unsafe.Pointer(in.SuitableNodes)) - return nil -} - -// Convert_resource_ResourceClass_To_v1alpha1_ResourceClass is an autogenerated conversion function. -func Convert_resource_ResourceClass_To_v1alpha1_ResourceClass(in *resource.ResourceClass, out *v1alpha1.ResourceClass, s conversion.Scope) error { - return autoConvert_resource_ResourceClass_To_v1alpha1_ResourceClass(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClassList_To_resource_ResourceClassList(in *v1alpha1.ResourceClassList, out *resource.ResourceClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]resource.ResourceClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_ResourceClassList_To_resource_ResourceClassList is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClassList_To_resource_ResourceClassList(in *v1alpha1.ResourceClassList, out *resource.ResourceClassList, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClassList_To_resource_ResourceClassList(in, out, s) -} - -func autoConvert_resource_ResourceClassList_To_v1alpha1_ResourceClassList(in *resource.ResourceClassList, out *v1alpha1.ResourceClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.ResourceClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_resource_ResourceClassList_To_v1alpha1_ResourceClassList is an autogenerated conversion function. -func Convert_resource_ResourceClassList_To_v1alpha1_ResourceClassList(in *resource.ResourceClassList, out *v1alpha1.ResourceClassList, s conversion.Scope) error { - return autoConvert_resource_ResourceClassList_To_v1alpha1_ResourceClassList(in, out, s) -} - -func autoConvert_v1alpha1_ResourceClassParametersReference_To_resource_ResourceClassParametersReference(in *v1alpha1.ResourceClassParametersReference, out *resource.ResourceClassParametersReference, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_v1alpha1_ResourceClassParametersReference_To_resource_ResourceClassParametersReference is an autogenerated conversion function. -func Convert_v1alpha1_ResourceClassParametersReference_To_resource_ResourceClassParametersReference(in *v1alpha1.ResourceClassParametersReference, out *resource.ResourceClassParametersReference, s conversion.Scope) error { - return autoConvert_v1alpha1_ResourceClassParametersReference_To_resource_ResourceClassParametersReference(in, out, s) -} - -func autoConvert_resource_ResourceClassParametersReference_To_v1alpha1_ResourceClassParametersReference(in *resource.ResourceClassParametersReference, out *v1alpha1.ResourceClassParametersReference, s conversion.Scope) error { - out.APIGroup = in.APIGroup - out.Kind = in.Kind - out.Name = in.Name - out.Namespace = in.Namespace - return nil -} - -// Convert_resource_ResourceClassParametersReference_To_v1alpha1_ResourceClassParametersReference is an autogenerated conversion function. -func Convert_resource_ResourceClassParametersReference_To_v1alpha1_ResourceClassParametersReference(in *resource.ResourceClassParametersReference, out *v1alpha1.ResourceClassParametersReference, s conversion.Scope) error { - return autoConvert_resource_ResourceClassParametersReference_To_v1alpha1_ResourceClassParametersReference(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index e93e4a988a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,62 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/resource/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1alpha1.ResourceClaim{}, func(obj interface{}) { SetObjectDefaults_ResourceClaim(obj.(*v1alpha1.ResourceClaim)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.ResourceClaimList{}, func(obj interface{}) { SetObjectDefaults_ResourceClaimList(obj.(*v1alpha1.ResourceClaimList)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.ResourceClaimTemplate{}, func(obj interface{}) { SetObjectDefaults_ResourceClaimTemplate(obj.(*v1alpha1.ResourceClaimTemplate)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.ResourceClaimTemplateList{}, func(obj interface{}) { - SetObjectDefaults_ResourceClaimTemplateList(obj.(*v1alpha1.ResourceClaimTemplateList)) - }) - return nil -} - -func SetObjectDefaults_ResourceClaim(in *v1alpha1.ResourceClaim) { - SetDefaults_ResourceClaimSpec(&in.Spec) -} - -func SetObjectDefaults_ResourceClaimList(in *v1alpha1.ResourceClaimList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ResourceClaim(a) - } -} - -func SetObjectDefaults_ResourceClaimTemplate(in *v1alpha1.ResourceClaimTemplate) { - SetDefaults_ResourceClaimSpec(&in.Spec.Spec) -} - -func SetObjectDefaults_ResourceClaimTemplateList(in *v1alpha1.ResourceClaimTemplateList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_ResourceClaimTemplate(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/validation/validation.go deleted file mode 100644 index fcbf8c55c1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/validation/validation.go +++ /dev/null @@ -1,310 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - corevalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/resource" -) - -// validateResourceClaimName can be used to check whether the given -// name for a ResourceClaim is valid. -var validateResourceClaimName = apimachineryvalidation.NameIsDNSSubdomain - -// validateResourceClaimTemplateName can be used to check whether the given -// name for a ResourceClaimTemplate is valid. -var validateResourceClaimTemplateName = apimachineryvalidation.NameIsDNSSubdomain - -// validateResourceDriverName reuses the validation of a CSI driver because -// the allowed values are exactly the same. -var validateResourceDriverName = corevalidation.ValidateCSIDriverName - -// ValidateClaim validates a ResourceClaim. -func ValidateClaim(resourceClaim *resource.ResourceClaim) field.ErrorList { - allErrs := corevalidation.ValidateObjectMeta(&resourceClaim.ObjectMeta, true, validateResourceClaimName, field.NewPath("metadata")) - allErrs = append(allErrs, validateResourceClaimSpec(&resourceClaim.Spec, field.NewPath("spec"))...) - return allErrs -} - -func validateResourceClaimSpec(spec *resource.ResourceClaimSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range corevalidation.ValidateClassName(spec.ResourceClassName, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceClassName"), spec.ResourceClassName, msg)) - } - allErrs = append(allErrs, validateResourceClaimParameters(spec.ParametersRef, fldPath.Child("parametersRef"))...) - if !supportedAllocationModes.Has(string(spec.AllocationMode)) { - allErrs = append(allErrs, field.NotSupported(fldPath.Child("allocationMode"), spec.AllocationMode, supportedAllocationModes.List())) - } - return allErrs -} - -var supportedAllocationModes = sets.NewString(string(resource.AllocationModeImmediate), string(resource.AllocationModeWaitForFirstConsumer)) - -// It would have been nice to use Go generics to reuse the same validation -// function for Kind and Name in both types, but generics cannot be used to -// access common fields in structs. - -func validateResourceClaimParameters(ref *resource.ResourceClaimParametersReference, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if ref != nil { - if ref.Kind == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("kind"), "")) - } - if ref.Name == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - } - return allErrs -} - -func validateClassParameters(ref *resource.ResourceClassParametersReference, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if ref != nil { - if ref.Kind == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("kind"), "")) - } - if ref.Name == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - if ref.Namespace != "" { - for _, msg := range apimachineryvalidation.ValidateNamespaceName(ref.Namespace, false) { - allErrs = append(allErrs, field.Invalid(fldPath.Child("namespace"), ref.Namespace, msg)) - } - } - } - return allErrs -} - -// ValidateClass validates a ResourceClass. -func ValidateClass(resourceClass *resource.ResourceClass) field.ErrorList { - allErrs := corevalidation.ValidateObjectMeta(&resourceClass.ObjectMeta, false, corevalidation.ValidateClassName, field.NewPath("metadata")) - allErrs = append(allErrs, validateResourceDriverName(resourceClass.DriverName, field.NewPath("driverName"))...) - allErrs = append(allErrs, validateClassParameters(resourceClass.ParametersRef, field.NewPath("parametersRef"))...) - if resourceClass.SuitableNodes != nil { - allErrs = append(allErrs, corevalidation.ValidateNodeSelector(resourceClass.SuitableNodes, field.NewPath("suitableNodes"))...) - } - - return allErrs -} - -// ValidateClassUpdate tests if an update to ResourceClass is valid. -func ValidateClassUpdate(resourceClass, oldClass *resource.ResourceClass) field.ErrorList { - allErrs := corevalidation.ValidateObjectMetaUpdate(&resourceClass.ObjectMeta, &oldClass.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateClass(resourceClass)...) - return allErrs -} - -// ValidateClaimUpdate tests if an update to ResourceClaim is valid. -func ValidateClaimUpdate(resourceClaim, oldClaim *resource.ResourceClaim) field.ErrorList { - allErrs := corevalidation.ValidateObjectMetaUpdate(&resourceClaim.ObjectMeta, &oldClaim.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, apimachineryvalidation.ValidateImmutableField(resourceClaim.Spec, oldClaim.Spec, field.NewPath("spec"))...) - allErrs = append(allErrs, ValidateClaim(resourceClaim)...) - return allErrs -} - -// ValidateClaimStatusUpdate tests if an update to the status of a ResourceClaim is valid. -func ValidateClaimStatusUpdate(resourceClaim, oldClaim *resource.ResourceClaim) field.ErrorList { - allErrs := corevalidation.ValidateObjectMetaUpdate(&resourceClaim.ObjectMeta, &oldClaim.ObjectMeta, field.NewPath("metadata")) - fldPath := field.NewPath("status") - // The name might not be set yet. - if resourceClaim.Status.DriverName != "" { - allErrs = append(allErrs, validateResourceDriverName(resourceClaim.Status.DriverName, fldPath.Child("driverName"))...) - } else if resourceClaim.Status.Allocation != nil { - allErrs = append(allErrs, field.Required(fldPath.Child("driverName"), "must be specified when `allocation` is set")) - } - - allErrs = append(allErrs, validateAllocationResult(resourceClaim.Status.Allocation, fldPath.Child("allocation"))...) - allErrs = append(allErrs, validateSliceIsASet(resourceClaim.Status.ReservedFor, resource.ResourceClaimReservedForMaxSize, - validateResourceClaimUserReference, fldPath.Child("reservedFor"))...) - - // Now check for invariants that must be valid for a ResourceClaim. - if len(resourceClaim.Status.ReservedFor) > 0 { - if resourceClaim.Status.Allocation == nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("reservedFor"), "may not be specified when `allocated` is not set")) - } else { - if !resourceClaim.Status.Allocation.Shareable && len(resourceClaim.Status.ReservedFor) > 1 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("reservedFor"), "may not be reserved more than once")) - } - // Items may be removed from ReservedFor while the claim is meant to be deallocated, - // but not added. - if resourceClaim.DeletionTimestamp != nil || resourceClaim.Status.DeallocationRequested { - oldSet := sets.New(oldClaim.Status.ReservedFor...) - newSet := sets.New(resourceClaim.Status.ReservedFor...) - newItems := newSet.Difference(oldSet) - if len(newItems) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("reservedFor"), "new entries may not be added while `deallocationRequested` or `deletionTimestamp` are set")) - } - } - } - } - - if !oldClaim.Status.DeallocationRequested && - resourceClaim.Status.DeallocationRequested && - len(resourceClaim.Status.ReservedFor) > 0 { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("deallocationRequested"), "deallocation cannot be requested while `reservedFor` is set")) - } - - if resourceClaim.Status.Allocation == nil && - resourceClaim.Status.DeallocationRequested { - // Either one or the other field was modified incorrectly. - // For the sake of simplicity this only reports the invalid - // end result. - allErrs = append(allErrs, field.Forbidden(fldPath, "`allocation` must be set when `deallocationRequested` is set")) - } - - // Once deallocation has been requested, that request cannot be removed - // anymore because the deallocation may already have started. The field - // can only get reset by the driver together with removing the - // allocation. - if oldClaim.Status.DeallocationRequested && - !resourceClaim.Status.DeallocationRequested && - resourceClaim.Status.Allocation != nil { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("deallocationRequested"), "may not be cleared when `allocation` is set")) - } - - return allErrs -} - -func validateAllocationResult(allocation *resource.AllocationResult, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if allocation != nil { - if len(allocation.ResourceHandle) > resource.ResourceHandleMaxSize { - allErrs = append(allErrs, field.TooLongMaxLength(fldPath.Child("resourceHandle"), len(allocation.ResourceHandle), resource.ResourceHandleMaxSize)) - } - if allocation.AvailableOnNodes != nil { - allErrs = append(allErrs, corevalidation.ValidateNodeSelector(allocation.AvailableOnNodes, fldPath.Child("availableOnNodes"))...) - } - } - return allErrs -} - -func validateResourceClaimUserReference(ref resource.ResourceClaimConsumerReference, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - if ref.Resource == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("resource"), "")) - } - if ref.Name == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("name"), "")) - } - if ref.UID == "" { - allErrs = append(allErrs, field.Required(fldPath.Child("uid"), "")) - } - return allErrs -} - -// validateSliceIsASet ensures that a slice contains no duplicates and does not exceed a certain maximum size. -func validateSliceIsASet[T comparable](slice []T, maxSize int, validateItem func(item T, fldPath *field.Path) field.ErrorList, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - allItems := sets.New[T]() - for i, item := range slice { - idxPath := fldPath.Index(i) - if allItems.Has(item) { - allErrs = append(allErrs, field.Duplicate(idxPath, item)) - } else { - allErrs = append(allErrs, validateItem(item, idxPath)...) - allItems.Insert(item) - } - } - if len(slice) > maxSize { - // Dumping the entire field into the error message is likely to be too long, - // in particular when it is already beyond the maximum size. Instead this - // just shows the number of entries. - allErrs = append(allErrs, field.TooLongMaxLength(fldPath, len(slice), maxSize)) - } - return allErrs -} - -// ValidatePodScheduling validates a PodScheduling. -func ValidatePodScheduling(resourceClaim *resource.PodScheduling) field.ErrorList { - allErrs := corevalidation.ValidateObjectMeta(&resourceClaim.ObjectMeta, true, corevalidation.ValidatePodName, field.NewPath("metadata")) - allErrs = append(allErrs, validatePodSchedulingSpec(&resourceClaim.Spec, field.NewPath("spec"))...) - return allErrs -} - -func validatePodSchedulingSpec(spec *resource.PodSchedulingSpec, fldPath *field.Path) field.ErrorList { - allErrs := validateSliceIsASet(spec.PotentialNodes, resource.PodSchedulingNodeListMaxSize, validateNodeName, fldPath.Child("potentialNodes")) - return allErrs -} - -// ValidatePodSchedulingUpdate tests if an update to PodScheduling is valid. -func ValidatePodSchedulingUpdate(resourceClaim, oldPodScheduling *resource.PodScheduling) field.ErrorList { - allErrs := corevalidation.ValidateObjectMetaUpdate(&resourceClaim.ObjectMeta, &oldPodScheduling.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, ValidatePodScheduling(resourceClaim)...) - return allErrs -} - -// ValidatePodSchedulingStatusUpdate tests if an update to the status of a PodScheduling is valid. -func ValidatePodSchedulingStatusUpdate(resourceClaim, oldPodScheduling *resource.PodScheduling) field.ErrorList { - allErrs := corevalidation.ValidateObjectMetaUpdate(&resourceClaim.ObjectMeta, &oldPodScheduling.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, validatePodSchedulingStatus(&resourceClaim.Status, field.NewPath("status"))...) - return allErrs -} - -func validatePodSchedulingStatus(status *resource.PodSchedulingStatus, fldPath *field.Path) field.ErrorList { - return validatePodSchedulingClaims(status.ResourceClaims, fldPath.Child("claims")) -} - -func validatePodSchedulingClaims(claimStatuses []resource.ResourceClaimSchedulingStatus, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - names := sets.NewString() - for i, claimStatus := range claimStatuses { - allErrs = append(allErrs, validatePodSchedulingClaim(claimStatus, fldPath.Index(i))...) - if names.Has(claimStatus.Name) { - allErrs = append(allErrs, field.Duplicate(fldPath.Index(i), claimStatus.Name)) - } else { - names.Insert(claimStatus.Name) - } - } - return allErrs -} - -func validatePodSchedulingClaim(status resource.ResourceClaimSchedulingStatus, fldPath *field.Path) field.ErrorList { - allErrs := validateSliceIsASet(status.UnsuitableNodes, resource.PodSchedulingNodeListMaxSize, validateNodeName, fldPath.Child("unsuitableNodes")) - return allErrs -} - -// ValidateClaimTemplace validates a ResourceClaimTemplate. -func ValidateClaimTemplate(template *resource.ResourceClaimTemplate) field.ErrorList { - allErrs := corevalidation.ValidateObjectMeta(&template.ObjectMeta, true, validateResourceClaimTemplateName, field.NewPath("metadata")) - allErrs = append(allErrs, validateResourceClaimTemplateSpec(&template.Spec, field.NewPath("spec"))...) - return allErrs -} - -func validateResourceClaimTemplateSpec(spec *resource.ResourceClaimTemplateSpec, fldPath *field.Path) field.ErrorList { - allErrs := corevalidation.ValidateTemplateObjectMeta(&spec.ObjectMeta, fldPath.Child("metadata")) - allErrs = append(allErrs, validateResourceClaimSpec(&spec.Spec, fldPath.Child("spec"))...) - return allErrs -} - -// ValidateClaimTemplateUpdate tests if an update to template is valid. -func ValidateClaimTemplateUpdate(template, oldTemplate *resource.ResourceClaimTemplate) field.ErrorList { - allErrs := corevalidation.ValidateObjectMetaUpdate(&template.ObjectMeta, &oldTemplate.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, apimachineryvalidation.ValidateImmutableField(template.Spec, oldTemplate.Spec, field.NewPath("spec"))...) - allErrs = append(allErrs, ValidateClaimTemplate(template)...) - return allErrs -} - -func validateNodeName(name string, fldPath *field.Path) field.ErrorList { - var allErrs field.ErrorList - for _, msg := range corevalidation.ValidateNodeName(name, false) { - allErrs = append(allErrs, field.Invalid(fldPath, name, msg)) - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/zz_generated.deepcopy.go deleted file mode 100644 index d5810b3b5e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/resource/zz_generated.deepcopy.go +++ /dev/null @@ -1,477 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package resource - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AllocationResult) DeepCopyInto(out *AllocationResult) { - *out = *in - if in.AvailableOnNodes != nil { - in, out := &in.AvailableOnNodes, &out.AvailableOnNodes - *out = new(core.NodeSelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllocationResult. -func (in *AllocationResult) DeepCopy() *AllocationResult { - if in == nil { - return nil - } - out := new(AllocationResult) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodScheduling) DeepCopyInto(out *PodScheduling) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodScheduling. -func (in *PodScheduling) DeepCopy() *PodScheduling { - if in == nil { - return nil - } - out := new(PodScheduling) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodScheduling) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSchedulingList) DeepCopyInto(out *PodSchedulingList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PodScheduling, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSchedulingList. -func (in *PodSchedulingList) DeepCopy() *PodSchedulingList { - if in == nil { - return nil - } - out := new(PodSchedulingList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodSchedulingList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSchedulingSpec) DeepCopyInto(out *PodSchedulingSpec) { - *out = *in - if in.PotentialNodes != nil { - in, out := &in.PotentialNodes, &out.PotentialNodes - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSchedulingSpec. -func (in *PodSchedulingSpec) DeepCopy() *PodSchedulingSpec { - if in == nil { - return nil - } - out := new(PodSchedulingSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSchedulingStatus) DeepCopyInto(out *PodSchedulingStatus) { - *out = *in - if in.ResourceClaims != nil { - in, out := &in.ResourceClaims, &out.ResourceClaims - *out = make([]ResourceClaimSchedulingStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSchedulingStatus. -func (in *PodSchedulingStatus) DeepCopy() *PodSchedulingStatus { - if in == nil { - return nil - } - out := new(PodSchedulingStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaim) DeepCopyInto(out *ResourceClaim) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaim. -func (in *ResourceClaim) DeepCopy() *ResourceClaim { - if in == nil { - return nil - } - out := new(ResourceClaim) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceClaim) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimConsumerReference) DeepCopyInto(out *ResourceClaimConsumerReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimConsumerReference. -func (in *ResourceClaimConsumerReference) DeepCopy() *ResourceClaimConsumerReference { - if in == nil { - return nil - } - out := new(ResourceClaimConsumerReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimList) DeepCopyInto(out *ResourceClaimList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ResourceClaim, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimList. -func (in *ResourceClaimList) DeepCopy() *ResourceClaimList { - if in == nil { - return nil - } - out := new(ResourceClaimList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceClaimList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimParametersReference) DeepCopyInto(out *ResourceClaimParametersReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimParametersReference. -func (in *ResourceClaimParametersReference) DeepCopy() *ResourceClaimParametersReference { - if in == nil { - return nil - } - out := new(ResourceClaimParametersReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimSchedulingStatus) DeepCopyInto(out *ResourceClaimSchedulingStatus) { - *out = *in - if in.UnsuitableNodes != nil { - in, out := &in.UnsuitableNodes, &out.UnsuitableNodes - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimSchedulingStatus. -func (in *ResourceClaimSchedulingStatus) DeepCopy() *ResourceClaimSchedulingStatus { - if in == nil { - return nil - } - out := new(ResourceClaimSchedulingStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimSpec) DeepCopyInto(out *ResourceClaimSpec) { - *out = *in - if in.ParametersRef != nil { - in, out := &in.ParametersRef, &out.ParametersRef - *out = new(ResourceClaimParametersReference) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimSpec. -func (in *ResourceClaimSpec) DeepCopy() *ResourceClaimSpec { - if in == nil { - return nil - } - out := new(ResourceClaimSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimStatus) DeepCopyInto(out *ResourceClaimStatus) { - *out = *in - if in.Allocation != nil { - in, out := &in.Allocation, &out.Allocation - *out = new(AllocationResult) - (*in).DeepCopyInto(*out) - } - if in.ReservedFor != nil { - in, out := &in.ReservedFor, &out.ReservedFor - *out = make([]ResourceClaimConsumerReference, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimStatus. -func (in *ResourceClaimStatus) DeepCopy() *ResourceClaimStatus { - if in == nil { - return nil - } - out := new(ResourceClaimStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimTemplate) DeepCopyInto(out *ResourceClaimTemplate) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimTemplate. -func (in *ResourceClaimTemplate) DeepCopy() *ResourceClaimTemplate { - if in == nil { - return nil - } - out := new(ResourceClaimTemplate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceClaimTemplate) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimTemplateList) DeepCopyInto(out *ResourceClaimTemplateList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ResourceClaimTemplate, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimTemplateList. -func (in *ResourceClaimTemplateList) DeepCopy() *ResourceClaimTemplateList { - if in == nil { - return nil - } - out := new(ResourceClaimTemplateList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceClaimTemplateList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClaimTemplateSpec) DeepCopyInto(out *ResourceClaimTemplateSpec) { - *out = *in - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClaimTemplateSpec. -func (in *ResourceClaimTemplateSpec) DeepCopy() *ResourceClaimTemplateSpec { - if in == nil { - return nil - } - out := new(ResourceClaimTemplateSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClass) DeepCopyInto(out *ResourceClass) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.ParametersRef != nil { - in, out := &in.ParametersRef, &out.ParametersRef - *out = new(ResourceClassParametersReference) - **out = **in - } - if in.SuitableNodes != nil { - in, out := &in.SuitableNodes, &out.SuitableNodes - *out = new(core.NodeSelector) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClass. -func (in *ResourceClass) DeepCopy() *ResourceClass { - if in == nil { - return nil - } - out := new(ResourceClass) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceClass) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClassList) DeepCopyInto(out *ResourceClassList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ResourceClass, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClassList. -func (in *ResourceClassList) DeepCopy() *ResourceClassList { - if in == nil { - return nil - } - out := new(ResourceClassList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ResourceClassList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceClassParametersReference) DeepCopyInto(out *ResourceClassParametersReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceClassParametersReference. -func (in *ResourceClassParametersReference) DeepCopy() *ResourceClassParametersReference { - if in == nil { - return nil - } - out := new(ResourceClassParametersReference) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/doc.go deleted file mode 100644 index bab0ae332a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=scheduling.k8s.io - -package scheduling // import "k8s.io/kubernetes/pkg/apis/scheduling" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/install/install.go deleted file mode 100644 index e40810b333..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/scheduling" - "k8s.io/kubernetes/pkg/apis/scheduling/v1" - "k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1" - "k8s.io/kubernetes/pkg/apis/scheduling/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(scheduling.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion, v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/register.go deleted file mode 100644 index 664b5bd251..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package scheduling - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "scheduling.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &PriorityClass{}, - &PriorityClassList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/types.go deleted file mode 100644 index 5a3d533a7f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/types.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package scheduling - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/kubernetes/pkg/apis/core" -) - -const ( - // DefaultPriorityWhenNoDefaultClassExists is used to set priority of pods - // that do not specify any priority class and there is no priority class - // marked as default. - DefaultPriorityWhenNoDefaultClassExists = 0 - // HighestUserDefinablePriority is the highest priority for user defined priority classes. Priority values larger than 1 billion are reserved for Kubernetes system use. - HighestUserDefinablePriority = int32(1000000000) - // SystemCriticalPriority is the beginning of the range of priority values for critical system components. - SystemCriticalPriority = 2 * HighestUserDefinablePriority - // SystemPriorityClassPrefix is the prefix reserved for system priority class names. Other priority - // classes are not allowed to start with this prefix. - // NOTE: In order to avoid conflict of names with user-defined priority classes, all the names must - // start with SystemPriorityClassPrefix. - SystemPriorityClassPrefix = "system-" - // SystemClusterCritical is the system priority class name that represents cluster-critical. - SystemClusterCritical = SystemPriorityClassPrefix + "cluster-critical" - // SystemNodeCritical is the system priority class name that represents node-critical. - SystemNodeCritical = SystemPriorityClassPrefix + "node-critical" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PriorityClass defines the mapping from a priority class name to the priority -// integer value. The value can be any valid integer. -type PriorityClass struct { - metav1.TypeMeta - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metav1.ObjectMeta - - // The value of this priority class. This is the actual priority that pods - // receive when they have the name of this class in their pod spec. - Value int32 - - // globalDefault specifies whether this PriorityClass should be considered as - // the default priority for pods that do not have any priority class. - // Only one PriorityClass can be marked as `globalDefault`. However, if more than - // one PriorityClasses exists with their `globalDefault` field set to true, - // the smallest value of such global default PriorityClasses will be used as the default priority. - // +optional - GlobalDefault bool - - // Description is an arbitrary string that usually provides guidelines on - // when this priority class should be used. - // +optional - Description string - - // PreemptionPolicy it the Policy for preempting pods with lower priority. - // This field is beta-level. - // +optional - PreemptionPolicy *core.PreemptionPolicy -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PriorityClassList is a collection of priority classes. -type PriorityClassList struct { - metav1.TypeMeta - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metav1.ListMeta - - // Items is the list of PriorityClasses. - Items []PriorityClass -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/defaults.go deleted file mode 100644 index fe4e9b77dd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/defaults.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - apiv1 "k8s.io/api/core/v1" - v1 "k8s.io/api/scheduling/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_PriorityClass sets additional defaults compared to its counterpart -// in extensions. -func SetDefaults_PriorityClass(obj *v1.PriorityClass) { - if obj.PreemptionPolicy == nil { - preemptLowerPriority := apiv1.PreemptLowerPriority - obj.PreemptionPolicy = &preemptLowerPriority - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/doc.go deleted file mode 100644 index dd8b748693..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/scheduling -// +k8s:conversion-gen-external-types=k8s.io/api/scheduling/v1 -// +groupName=scheduling.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/scheduling/v1 - -package v1 // import "k8s.io/kubernetes/pkg/apis/scheduling/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/helpers.go deleted file mode 100644 index d4af4933cf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/helpers.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "fmt" - "k8s.io/api/scheduling/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/kubernetes/pkg/apis/scheduling" -) - -// SystemPriorityClasses define system priority classes that are auto-created at cluster bootstrapping. -// Our API validation logic ensures that any priority class that has a system prefix or its value -// is higher than HighestUserDefinablePriority is equal to one of these SystemPriorityClasses. -var systemPriorityClasses = []*v1.PriorityClass{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: scheduling.SystemNodeCritical, - }, - Value: scheduling.SystemCriticalPriority + 1000, - Description: "Used for system critical pods that must not be moved from their current node.", - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: scheduling.SystemClusterCritical, - }, - Value: scheduling.SystemCriticalPriority, - Description: "Used for system critical pods that must run in the cluster, but can be moved to another node if necessary.", - }, -} - -// SystemPriorityClasses returns the list of system priority classes. -// NOTE: be careful not to modify any of elements of the returned array directly. -func SystemPriorityClasses() []*v1.PriorityClass { - return systemPriorityClasses -} - -// IsKnownSystemPriorityClass returns true if there's any of the system priority classes exactly -// matches "name", "value", "globalDefault". otherwise it will return an error. -func IsKnownSystemPriorityClass(name string, value int32, globalDefault bool) (bool, error) { - for _, spc := range SystemPriorityClasses() { - if spc.Name == name { - if spc.Value != value { - return false, fmt.Errorf("value of %v PriorityClass must be %v", spc.Name, spc.Value) - } - if spc.GlobalDefault != globalDefault { - return false, fmt.Errorf("globalDefault of %v PriorityClass must be %v", spc.Name, spc.GlobalDefault) - } - return true, nil - } - } - return false, fmt.Errorf("%v is not a known system priority class", name) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/register.go deleted file mode 100644 index e4dfca8c6f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - schedulingv1 "k8s.io/api/scheduling/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "scheduling.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &schedulingv1.SchemeBuilder - // AddToScheme applies all the stored functions to the scheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/zz_generated.conversion.go deleted file mode 100644 index ae142545db..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/zz_generated.conversion.go +++ /dev/null @@ -1,113 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/scheduling/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - scheduling "k8s.io/kubernetes/pkg/apis/scheduling" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.PriorityClass)(nil), (*scheduling.PriorityClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PriorityClass_To_scheduling_PriorityClass(a.(*v1.PriorityClass), b.(*scheduling.PriorityClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*scheduling.PriorityClass)(nil), (*v1.PriorityClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_scheduling_PriorityClass_To_v1_PriorityClass(a.(*scheduling.PriorityClass), b.(*v1.PriorityClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.PriorityClassList)(nil), (*scheduling.PriorityClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PriorityClassList_To_scheduling_PriorityClassList(a.(*v1.PriorityClassList), b.(*scheduling.PriorityClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*scheduling.PriorityClassList)(nil), (*v1.PriorityClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_scheduling_PriorityClassList_To_v1_PriorityClassList(a.(*scheduling.PriorityClassList), b.(*v1.PriorityClassList), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_PriorityClass_To_scheduling_PriorityClass(in *v1.PriorityClass, out *scheduling.PriorityClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Value = in.Value - out.GlobalDefault = in.GlobalDefault - out.Description = in.Description - out.PreemptionPolicy = (*core.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - return nil -} - -// Convert_v1_PriorityClass_To_scheduling_PriorityClass is an autogenerated conversion function. -func Convert_v1_PriorityClass_To_scheduling_PriorityClass(in *v1.PriorityClass, out *scheduling.PriorityClass, s conversion.Scope) error { - return autoConvert_v1_PriorityClass_To_scheduling_PriorityClass(in, out, s) -} - -func autoConvert_scheduling_PriorityClass_To_v1_PriorityClass(in *scheduling.PriorityClass, out *v1.PriorityClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Value = in.Value - out.GlobalDefault = in.GlobalDefault - out.Description = in.Description - out.PreemptionPolicy = (*corev1.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - return nil -} - -// Convert_scheduling_PriorityClass_To_v1_PriorityClass is an autogenerated conversion function. -func Convert_scheduling_PriorityClass_To_v1_PriorityClass(in *scheduling.PriorityClass, out *v1.PriorityClass, s conversion.Scope) error { - return autoConvert_scheduling_PriorityClass_To_v1_PriorityClass(in, out, s) -} - -func autoConvert_v1_PriorityClassList_To_scheduling_PriorityClassList(in *v1.PriorityClassList, out *scheduling.PriorityClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]scheduling.PriorityClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_PriorityClassList_To_scheduling_PriorityClassList is an autogenerated conversion function. -func Convert_v1_PriorityClassList_To_scheduling_PriorityClassList(in *v1.PriorityClassList, out *scheduling.PriorityClassList, s conversion.Scope) error { - return autoConvert_v1_PriorityClassList_To_scheduling_PriorityClassList(in, out, s) -} - -func autoConvert_scheduling_PriorityClassList_To_v1_PriorityClassList(in *scheduling.PriorityClassList, out *v1.PriorityClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.PriorityClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_scheduling_PriorityClassList_To_v1_PriorityClassList is an autogenerated conversion function. -func Convert_scheduling_PriorityClassList_To_v1_PriorityClassList(in *scheduling.PriorityClassList, out *v1.PriorityClassList, s conversion.Scope) error { - return autoConvert_scheduling_PriorityClassList_To_v1_PriorityClassList(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/zz_generated.defaults.go deleted file mode 100644 index 3d2ca77371..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1/zz_generated.defaults.go +++ /dev/null @@ -1,47 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/scheduling/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.PriorityClass{}, func(obj interface{}) { SetObjectDefaults_PriorityClass(obj.(*v1.PriorityClass)) }) - scheme.AddTypeDefaultingFunc(&v1.PriorityClassList{}, func(obj interface{}) { SetObjectDefaults_PriorityClassList(obj.(*v1.PriorityClassList)) }) - return nil -} - -func SetObjectDefaults_PriorityClass(in *v1.PriorityClass) { - SetDefaults_PriorityClass(in) -} - -func SetObjectDefaults_PriorityClassList(in *v1.PriorityClassList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PriorityClass(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/defaults.go deleted file mode 100644 index 5340007a5e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/defaults.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - apiv1 "k8s.io/api/core/v1" - "k8s.io/api/scheduling/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_PriorityClass sets additional defaults compared to its counterpart -// in extensions. -func SetDefaults_PriorityClass(obj *v1alpha1.PriorityClass) { - if obj.PreemptionPolicy == nil { - preemptLowerPriority := apiv1.PreemptLowerPriority - obj.PreemptionPolicy = &preemptLowerPriority - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/doc.go deleted file mode 100644 index 82194ba882..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/scheduling -// +k8s:conversion-gen-external-types=k8s.io/api/scheduling/v1alpha1 -// +groupName=scheduling.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/scheduling/v1alpha1 - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/register.go deleted file mode 100644 index ed40537986..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - schedulingv1alpha1 "k8s.io/api/scheduling/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "scheduling.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &schedulingv1alpha1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index ec75d81d75..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,113 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1alpha1 "k8s.io/api/scheduling/v1alpha1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - scheduling "k8s.io/kubernetes/pkg/apis/scheduling" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityClass)(nil), (*scheduling.PriorityClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityClass_To_scheduling_PriorityClass(a.(*v1alpha1.PriorityClass), b.(*scheduling.PriorityClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*scheduling.PriorityClass)(nil), (*v1alpha1.PriorityClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_scheduling_PriorityClass_To_v1alpha1_PriorityClass(a.(*scheduling.PriorityClass), b.(*v1alpha1.PriorityClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.PriorityClassList)(nil), (*scheduling.PriorityClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PriorityClassList_To_scheduling_PriorityClassList(a.(*v1alpha1.PriorityClassList), b.(*scheduling.PriorityClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*scheduling.PriorityClassList)(nil), (*v1alpha1.PriorityClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_scheduling_PriorityClassList_To_v1alpha1_PriorityClassList(a.(*scheduling.PriorityClassList), b.(*v1alpha1.PriorityClassList), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_PriorityClass_To_scheduling_PriorityClass(in *v1alpha1.PriorityClass, out *scheduling.PriorityClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Value = in.Value - out.GlobalDefault = in.GlobalDefault - out.Description = in.Description - out.PreemptionPolicy = (*core.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - return nil -} - -// Convert_v1alpha1_PriorityClass_To_scheduling_PriorityClass is an autogenerated conversion function. -func Convert_v1alpha1_PriorityClass_To_scheduling_PriorityClass(in *v1alpha1.PriorityClass, out *scheduling.PriorityClass, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityClass_To_scheduling_PriorityClass(in, out, s) -} - -func autoConvert_scheduling_PriorityClass_To_v1alpha1_PriorityClass(in *scheduling.PriorityClass, out *v1alpha1.PriorityClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Value = in.Value - out.GlobalDefault = in.GlobalDefault - out.Description = in.Description - out.PreemptionPolicy = (*v1.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - return nil -} - -// Convert_scheduling_PriorityClass_To_v1alpha1_PriorityClass is an autogenerated conversion function. -func Convert_scheduling_PriorityClass_To_v1alpha1_PriorityClass(in *scheduling.PriorityClass, out *v1alpha1.PriorityClass, s conversion.Scope) error { - return autoConvert_scheduling_PriorityClass_To_v1alpha1_PriorityClass(in, out, s) -} - -func autoConvert_v1alpha1_PriorityClassList_To_scheduling_PriorityClassList(in *v1alpha1.PriorityClassList, out *scheduling.PriorityClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]scheduling.PriorityClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_PriorityClassList_To_scheduling_PriorityClassList is an autogenerated conversion function. -func Convert_v1alpha1_PriorityClassList_To_scheduling_PriorityClassList(in *v1alpha1.PriorityClassList, out *scheduling.PriorityClassList, s conversion.Scope) error { - return autoConvert_v1alpha1_PriorityClassList_To_scheduling_PriorityClassList(in, out, s) -} - -func autoConvert_scheduling_PriorityClassList_To_v1alpha1_PriorityClassList(in *scheduling.PriorityClassList, out *v1alpha1.PriorityClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.PriorityClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_scheduling_PriorityClassList_To_v1alpha1_PriorityClassList is an autogenerated conversion function. -func Convert_scheduling_PriorityClassList_To_v1alpha1_PriorityClassList(in *scheduling.PriorityClassList, out *v1alpha1.PriorityClassList, s conversion.Scope) error { - return autoConvert_scheduling_PriorityClassList_To_v1alpha1_PriorityClassList(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index af14a4b9b6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,47 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/scheduling/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1alpha1.PriorityClass{}, func(obj interface{}) { SetObjectDefaults_PriorityClass(obj.(*v1alpha1.PriorityClass)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.PriorityClassList{}, func(obj interface{}) { SetObjectDefaults_PriorityClassList(obj.(*v1alpha1.PriorityClassList)) }) - return nil -} - -func SetObjectDefaults_PriorityClass(in *v1alpha1.PriorityClass) { - SetDefaults_PriorityClass(in) -} - -func SetObjectDefaults_PriorityClassList(in *v1alpha1.PriorityClassList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PriorityClass(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/defaults.go deleted file mode 100644 index dc9db335e6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/defaults.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - apiv1 "k8s.io/api/core/v1" - "k8s.io/api/scheduling/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -// SetDefaults_PriorityClass sets additional defaults compared to its counterpart -// in extensions. -func SetDefaults_PriorityClass(obj *v1beta1.PriorityClass) { - if obj.PreemptionPolicy == nil { - preemptLowerPriority := apiv1.PreemptLowerPriority - obj.PreemptionPolicy = &preemptLowerPriority - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/doc.go deleted file mode 100644 index 580f555124..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/scheduling -// +k8s:conversion-gen-external-types=k8s.io/api/scheduling/v1beta1 -// +groupName=scheduling.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/scheduling/v1beta1 - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/scheduling/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/register.go deleted file mode 100644 index a786bd4745..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - schedulingv1beta1 "k8s.io/api/scheduling/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "scheduling.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &schedulingv1beta1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/zz_generated.conversion.go deleted file mode 100644 index bc029e8be5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,113 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/scheduling/v1beta1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - scheduling "k8s.io/kubernetes/pkg/apis/scheduling" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityClass)(nil), (*scheduling.PriorityClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityClass_To_scheduling_PriorityClass(a.(*v1beta1.PriorityClass), b.(*scheduling.PriorityClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*scheduling.PriorityClass)(nil), (*v1beta1.PriorityClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_scheduling_PriorityClass_To_v1beta1_PriorityClass(a.(*scheduling.PriorityClass), b.(*v1beta1.PriorityClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.PriorityClassList)(nil), (*scheduling.PriorityClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PriorityClassList_To_scheduling_PriorityClassList(a.(*v1beta1.PriorityClassList), b.(*scheduling.PriorityClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*scheduling.PriorityClassList)(nil), (*v1beta1.PriorityClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_scheduling_PriorityClassList_To_v1beta1_PriorityClassList(a.(*scheduling.PriorityClassList), b.(*v1beta1.PriorityClassList), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_PriorityClass_To_scheduling_PriorityClass(in *v1beta1.PriorityClass, out *scheduling.PriorityClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Value = in.Value - out.GlobalDefault = in.GlobalDefault - out.Description = in.Description - out.PreemptionPolicy = (*core.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - return nil -} - -// Convert_v1beta1_PriorityClass_To_scheduling_PriorityClass is an autogenerated conversion function. -func Convert_v1beta1_PriorityClass_To_scheduling_PriorityClass(in *v1beta1.PriorityClass, out *scheduling.PriorityClass, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityClass_To_scheduling_PriorityClass(in, out, s) -} - -func autoConvert_scheduling_PriorityClass_To_v1beta1_PriorityClass(in *scheduling.PriorityClass, out *v1beta1.PriorityClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Value = in.Value - out.GlobalDefault = in.GlobalDefault - out.Description = in.Description - out.PreemptionPolicy = (*v1.PreemptionPolicy)(unsafe.Pointer(in.PreemptionPolicy)) - return nil -} - -// Convert_scheduling_PriorityClass_To_v1beta1_PriorityClass is an autogenerated conversion function. -func Convert_scheduling_PriorityClass_To_v1beta1_PriorityClass(in *scheduling.PriorityClass, out *v1beta1.PriorityClass, s conversion.Scope) error { - return autoConvert_scheduling_PriorityClass_To_v1beta1_PriorityClass(in, out, s) -} - -func autoConvert_v1beta1_PriorityClassList_To_scheduling_PriorityClassList(in *v1beta1.PriorityClassList, out *scheduling.PriorityClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]scheduling.PriorityClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_PriorityClassList_To_scheduling_PriorityClassList is an autogenerated conversion function. -func Convert_v1beta1_PriorityClassList_To_scheduling_PriorityClassList(in *v1beta1.PriorityClassList, out *scheduling.PriorityClassList, s conversion.Scope) error { - return autoConvert_v1beta1_PriorityClassList_To_scheduling_PriorityClassList(in, out, s) -} - -func autoConvert_scheduling_PriorityClassList_To_v1beta1_PriorityClassList(in *scheduling.PriorityClassList, out *v1beta1.PriorityClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.PriorityClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_scheduling_PriorityClassList_To_v1beta1_PriorityClassList is an autogenerated conversion function. -func Convert_scheduling_PriorityClassList_To_v1beta1_PriorityClassList(in *scheduling.PriorityClassList, out *v1beta1.PriorityClassList, s conversion.Scope) error { - return autoConvert_scheduling_PriorityClassList_To_v1beta1_PriorityClassList(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 5380bf56ab..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,47 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/scheduling/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.PriorityClass{}, func(obj interface{}) { SetObjectDefaults_PriorityClass(obj.(*v1beta1.PriorityClass)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.PriorityClassList{}, func(obj interface{}) { SetObjectDefaults_PriorityClassList(obj.(*v1beta1.PriorityClassList)) }) - return nil -} - -func SetObjectDefaults_PriorityClass(in *v1beta1.PriorityClass) { - SetDefaults_PriorityClass(in) -} - -func SetObjectDefaults_PriorityClassList(in *v1beta1.PriorityClassList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_PriorityClass(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/validation/validation.go deleted file mode 100644 index 2812f9acbf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/validation/validation.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "strings" - - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/util/validation/field" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/scheduling" - schedulingapiv1 "k8s.io/kubernetes/pkg/apis/scheduling/v1" -) - -// ValidatePriorityClass tests whether required fields in the PriorityClass are -// set correctly. -func ValidatePriorityClass(pc *scheduling.PriorityClass) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&pc.ObjectMeta, false, apimachineryvalidation.NameIsDNSSubdomain, field.NewPath("metadata"))...) - // If the priorityClass starts with a system prefix, it must be one of the - // predefined system priority classes. - if strings.HasPrefix(pc.Name, scheduling.SystemPriorityClassPrefix) { - if is, err := schedulingapiv1.IsKnownSystemPriorityClass(pc.Name, pc.Value, pc.GlobalDefault); !is { - allErrs = append(allErrs, field.Forbidden(field.NewPath("metadata", "name"), "priority class names with '"+scheduling.SystemPriorityClassPrefix+"' prefix are reserved for system use only. error: "+err.Error())) - } - } else if pc.Value > scheduling.HighestUserDefinablePriority { - // Non-system critical priority classes are not allowed to have a value larger than HighestUserDefinablePriority. - allErrs = append(allErrs, field.Forbidden(field.NewPath("value"), fmt.Sprintf("maximum allowed value of a user defined priority is %v", scheduling.HighestUserDefinablePriority))) - } - if pc.PreemptionPolicy != nil { - allErrs = append(allErrs, apivalidation.ValidatePreemptionPolicy(pc.PreemptionPolicy, field.NewPath("preemptionPolicy"))...) - } - return allErrs -} - -// ValidatePriorityClassUpdate tests if required fields in the PriorityClass are -// set and are valid. PriorityClass does not allow updating name, value, and preemptionPolicy. -func ValidatePriorityClassUpdate(pc, oldPc *scheduling.PriorityClass) field.ErrorList { - // name is immutable and is checked by the ObjectMeta validator. - allErrs := apivalidation.ValidateObjectMetaUpdate(&pc.ObjectMeta, &oldPc.ObjectMeta, field.NewPath("metadata")) - // value is immutable. - if pc.Value != oldPc.Value { - allErrs = append(allErrs, field.Forbidden(field.NewPath("value"), "may not be changed in an update.")) - } - // preemptionPolicy is immutable. - allErrs = append(allErrs, apivalidation.ValidateImmutableField(pc.PreemptionPolicy, oldPc.PreemptionPolicy, field.NewPath("preemptionPolicy"))...) - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/zz_generated.deepcopy.go deleted file mode 100644 index 04ab256185..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/scheduling/zz_generated.deepcopy.go +++ /dev/null @@ -1,91 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package scheduling - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityClass) DeepCopyInto(out *PriorityClass) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.PreemptionPolicy != nil { - in, out := &in.PreemptionPolicy, &out.PreemptionPolicy - *out = new(core.PreemptionPolicy) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityClass. -func (in *PriorityClass) DeepCopy() *PriorityClass { - if in == nil { - return nil - } - out := new(PriorityClass) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PriorityClass) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PriorityClassList) DeepCopyInto(out *PriorityClassList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]PriorityClass, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PriorityClassList. -func (in *PriorityClassList) DeepCopy() *PriorityClassList { - if in == nil { - return nil - } - out := new(PriorityClassList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PriorityClassList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/OWNERS deleted file mode 100644 index b475ebf798..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-storage-api-approvers -reviewers: - - sig-storage-api-reviewers -labels: - - sig/storage diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/doc.go deleted file mode 100644 index 52b2c2d822..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=storage.k8s.io - -package storage // import "k8s.io/kubernetes/pkg/apis/storage" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/install/install.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/install/install.go deleted file mode 100644 index 8ebe9e8b77..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/install/install.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/apis/storage/v1" - "k8s.io/kubernetes/pkg/apis/storage/v1alpha1" - "k8s.io/kubernetes/pkg/apis/storage/v1beta1" -) - -func init() { - Install(legacyscheme.Scheme) -} - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(storage.AddToScheme(scheme)) - utilruntime.Must(v1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion, v1beta1.SchemeGroupVersion, v1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/register.go deleted file mode 100644 index bf59e88cd1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/register.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "storage.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &StorageClass{}, - &StorageClassList{}, - &VolumeAttachment{}, - &VolumeAttachmentList{}, - &CSINode{}, - &CSINodeList{}, - &CSIDriver{}, - &CSIDriverList{}, - &CSIStorageCapacity{}, - &CSIStorageCapacityList{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/types.go deleted file mode 100644 index bde08724a7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/types.go +++ /dev/null @@ -1,673 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// StorageClass describes a named "class" of storage offered in a cluster. -// Different classes might map to quality-of-service levels, or to backup policies, -// or to arbitrary policies determined by the cluster administrators. Kubernetes -// itself is unopinionated about what classes represent. This concept is sometimes -// called "profiles" in other storage systems. -// The name of a StorageClass object is significant, and is how users can request a particular class. -type StorageClass struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // provisioner is the driver expected to handle this StorageClass. - // This is an optionally-prefixed name, like a label key. - // For example: "kubernetes.io/gce-pd" or "kubernetes.io/aws-ebs". - // This value may not be empty. - Provisioner string - - // parameters holds parameters for the provisioner. - // These values are opaque to the system and are passed directly - // to the provisioner. The only validation done on keys is that they are - // not empty. The maximum number of parameters is - // 512, with a cumulative max size of 256K - // +optional - Parameters map[string]string - - // reclaimPolicy is the reclaim policy that dynamically provisioned - // PersistentVolumes of this storage class are created with - // +optional - ReclaimPolicy *api.PersistentVolumeReclaimPolicy - - // mountOptions are the mount options that dynamically provisioned - // PersistentVolumes of this storage class are created with - // +optional - MountOptions []string - - // AllowVolumeExpansion shows whether the storage class allow volume expand - // If the field is nil or not set, it would amount to expansion disabled - // for all PVs created from this storageclass. - // +optional - AllowVolumeExpansion *bool - - // VolumeBindingMode indicates how PersistentVolumeClaims should be - // provisioned and bound. When unset, VolumeBindingImmediate is used. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - VolumeBindingMode *VolumeBindingMode - - // Restrict the node topologies where volumes can be dynamically provisioned. - // Each volume plugin defines its own supported topology specifications. - // An empty TopologySelectorTerm list means there is no topology restriction. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - AllowedTopologies []api.TopologySelectorTerm -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// StorageClassList is a collection of storage classes. -type StorageClassList struct { - metav1.TypeMeta - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // Items is the list of StorageClasses - Items []StorageClass -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Captures the intent to attach or detach the specified volume to/from -// the specified node. -// -// VolumeAttachment objects are non-namespaced. -type VolumeAttachment struct { - metav1.TypeMeta - - // Standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // Specification of the desired attach/detach volume behavior. - // Populated by the Kubernetes system. - Spec VolumeAttachmentSpec - - // Status of the VolumeAttachment request. - // Populated by the entity completing the attach or detach - // operation, i.e. the external-attacher. - // +optional - Status VolumeAttachmentStatus -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// VolumeAttachmentList is a collection of VolumeAttachment objects. -type VolumeAttachmentList struct { - metav1.TypeMeta - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // Items is the list of VolumeAttachments - Items []VolumeAttachment -} - -// The specification of a VolumeAttachment request. -type VolumeAttachmentSpec struct { - // Attacher indicates the name of the volume driver that MUST handle this - // request. This is the name returned by GetPluginName(). - Attacher string - - // Source represents the volume that should be attached. - Source VolumeAttachmentSource - - // The node that the volume should be attached to. - NodeName string -} - -// VolumeAttachmentSource represents a volume that should be attached. -// Right now persistent volumes as well as inline volumes (only in -// CSI Migration scenarios) can be attached via external attacher. -// Exactly one member can be set. -type VolumeAttachmentSource struct { - // Name of the persistent volume to attach. - // +optional - PersistentVolumeName *string - - // inlineVolumeSpec contains all the information necessary to attach - // a persistent volume defined by a pod's inline VolumeSource. This field - // is populated only for the CSIMigration feature. It contains - // translated fields from a pod's inline VolumeSource to a - // PersistentVolumeSpec. This field is beta-level and is only - // honored by servers that enabled the CSIMigration feature. - // +optional - InlineVolumeSpec *api.PersistentVolumeSpec -} - -// The status of a VolumeAttachment request. -type VolumeAttachmentStatus struct { - // Indicates the volume is successfully attached. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - Attached bool - - // Upon successful attach, this field is populated with any - // information returned by the attach operation that must be passed - // into subsequent WaitForAttach or Mount calls. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - AttachmentMetadata map[string]string - - // The last error encountered during attach operation, if any. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - AttachError *VolumeError - - // The last error encountered during detach operation, if any. - // This field must only be set by the entity completing the detach - // operation, i.e. the external-attacher. - // +optional - DetachError *VolumeError -} - -// Captures an error encountered during a volume operation. -type VolumeError struct { - // Time the error was encountered. - // +optional - Time metav1.Time - - // String detailing the error encountered during Attach or Detach operation. - // This string may be logged, so it should not contain sensitive - // information. - // +optional - Message string -} - -// VolumeBindingMode indicates how PersistentVolumeClaims should be bound. -type VolumeBindingMode string - -const ( - // VolumeBindingImmediate indicates that PersistentVolumeClaims should be - // immediately provisioned and bound. - VolumeBindingImmediate VolumeBindingMode = "Immediate" - - // VolumeBindingWaitForFirstConsumer indicates that PersistentVolumeClaims - // should not be provisioned and bound until the first Pod is created that - // references the PeristentVolumeClaim. The volume provisioning and - // binding will occur during Pod scheduing. - VolumeBindingWaitForFirstConsumer VolumeBindingMode = "WaitForFirstConsumer" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CSIDriver captures information about a Container Storage Interface (CSI) -// volume driver deployed on the cluster. -// CSI drivers do not need to create the CSIDriver object directly. Instead they may use the -// cluster-driver-registrar sidecar container. When deployed with a CSI driver it automatically -// creates a CSIDriver object representing the driver. -// Kubernetes attach detach controller uses this object to determine whether attach is required. -// Kubelet uses this object to determine whether pod information needs to be passed on mount. -// CSIDriver objects are non-namespaced. -type CSIDriver struct { - metav1.TypeMeta - - // Standard object metadata. - // metadata.Name indicates the name of the CSI driver that this object - // refers to; it MUST be the same name returned by the CSI GetPluginName() - // call for that driver. - // The driver name must be 63 characters or less, beginning and ending with - // an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and - // alphanumerics between. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ObjectMeta - - // Specification of the CSI Driver. - Spec CSIDriverSpec -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CSIDriverList is a collection of CSIDriver objects. -type CSIDriverList struct { - metav1.TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // items is the list of CSIDriver - Items []CSIDriver -} - -// CSIDriverSpec is the specification of a CSIDriver. -type CSIDriverSpec struct { - // attachRequired indicates this CSI volume driver requires an attach - // operation (because it implements the CSI ControllerPublishVolume() - // method), and that the Kubernetes attach detach controller should call - // the attach volume interface which checks the volumeattachment status - // and waits until the volume is attached before proceeding to mounting. - // The CSI external-attacher coordinates with CSI volume driver and updates - // the volumeattachment status when the attach operation is complete. - // If the CSIDriverRegistry feature gate is enabled and the value is - // specified to false, the attach operation will be skipped. - // Otherwise the attach operation will be called. - // - // This field is immutable. - // - // +optional - AttachRequired *bool - - // Defines if the underlying volume supports changing ownership and - // permission of the volume before being mounted. - // Refer to the specific FSGroupPolicy values for additional details. - // - // This field is immutable. - // - // Defaults to ReadWriteOnceWithFSType, which will examine each volume - // to determine if Kubernetes should modify ownership and permissions of the volume. - // With the default policy the defined fsGroup will only be applied - // if a fstype is defined and the volume's access mode contains ReadWriteOnce. - // +optional - FSGroupPolicy *FSGroupPolicy - - // If set to true, podInfoOnMount indicates this CSI volume driver - // requires additional pod information (like podName, podUID, etc.) during - // mount operations. - // If set to false, pod information will not be passed on mount. - // Default is false. - // The CSI driver specifies podInfoOnMount as part of driver deployment. - // If true, Kubelet will pass pod information as VolumeContext in the CSI - // NodePublishVolume() calls. - // The CSI driver is responsible for parsing and validating the information - // passed in as VolumeContext. - // The following VolumeConext will be passed if podInfoOnMount is set to true. - // This list might grow, but the prefix will be used. - // "csi.storage.k8s.io/pod.name": pod.Name - // "csi.storage.k8s.io/pod.namespace": pod.Namespace - // "csi.storage.k8s.io/pod.uid": string(pod.UID) - // "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume - // defined by a CSIVolumeSource, otherwise "false" - // - // "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only - // required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. - // Other drivers can leave pod info disabled and/or ignore this field. - // As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when - // deployed on such a cluster and the deployment determines which mode that is, for example - // via a command line parameter of the driver. - // - // This field is immutable. - // - // +optional - PodInfoOnMount *bool - - // VolumeLifecycleModes defines what kind of volumes this CSI volume driver supports. - // The default if the list is empty is "Persistent", which is the usage - // defined by the CSI specification and implemented in Kubernetes via the usual - // PV/PVC mechanism. - // The other mode is "Ephemeral". In this mode, volumes are defined inline - // inside the pod spec with CSIVolumeSource and their lifecycle is tied to - // the lifecycle of that pod. A driver has to be aware of this - // because it is only going to get a NodePublishVolume call for such a volume. - // For more information about implementing this mode, see - // https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html - // A driver can support one or more of these mode and - // more modes may be added in the future. - // - // This field is immutable. - // - // +optional - VolumeLifecycleModes []VolumeLifecycleMode - - // If set to true, storageCapacity indicates that the CSI - // volume driver wants pod scheduling to consider the storage - // capacity that the driver deployment will report by creating - // CSIStorageCapacity objects with capacity information. - // - // The check can be enabled immediately when deploying a driver. - // In that case, provisioning new volumes with late binding - // will pause until the driver deployment has published - // some suitable CSIStorageCapacity object. - // - // Alternatively, the driver can be deployed with the field - // unset or false and it can be flipped later when storage - // capacity information has been published. - // - // This field was immutable in Kubernetes <= 1.22 and now is mutable. - // - // +optional - StorageCapacity *bool - - // TokenRequests indicates the CSI driver needs pods' service account - // tokens it is mounting volume for to do necessary authentication. Kubelet - // will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. - // The CSI driver should parse and validate the following VolumeContext: - // "csi.storage.k8s.io/serviceAccount.tokens": { - // "<audience>": { - // "token": <token>, - // "expirationTimestamp": <expiration timestamp in RFC3339>, - // }, - // ... - // } - // - // Note: Audience in each TokenRequest should be different and at - // most one token is empty string. To receive a new token after expiry, - // RequiresRepublish can be used to trigger NodePublishVolume periodically. - // - // +optional - // +listType=atomic - TokenRequests []TokenRequest - - // RequiresRepublish indicates the CSI driver wants `NodePublishVolume` - // being periodically called to reflect any possible change in the mounted - // volume. This field defaults to false. - // - // Note: After a successful initial NodePublishVolume call, subsequent calls - // to NodePublishVolume should only update the contents of the volume. New - // mount points will not be seen by a running container. - // - // +optional - RequiresRepublish *bool - - // SELinuxMount specifies if the CSI driver supports "-o context" - // mount option. - // - // When "true", the CSI driver must ensure that all volumes provided by this CSI - // driver can be mounted separately with different `-o context` options. This is - // typical for storage backends that provide volumes as filesystems on block - // devices or as independent shared volumes. - // Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount - // option when mounting a ReadWriteOncePod volume used in Pod that has - // explicitly set SELinux context. In the future, it may be expanded to other - // volume AccessModes. In any case, Kubernetes will ensure that the volume is - // mounted only with a single SELinux context. - // - // When "false", Kubernetes won't pass any special SELinux mount options to the driver. - // This is typical for volumes that represent subdirectories of a bigger shared filesystem. - // - // Default is "false". - // - // +optional - SELinuxMount *bool -} - -// FSGroupPolicy specifies if a CSI Driver supports modifying -// volume ownership and permissions of the volume to be mounted. -// More modes may be added in the future. -type FSGroupPolicy string - -const ( - // ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined - // to determine if the volume ownership and permissions - // should be modified. If a fstype is defined and the volume's access mode - // contains ReadWriteOnce, then the defined fsGroup will be applied. - // This mode should be defined if it's expected that the - // fsGroup may need to be modified depending on the pod's SecurityPolicy. - // This is the default behavior if no other FSGroupPolicy is defined. - ReadWriteOnceWithFSTypeFSGroupPolicy FSGroupPolicy = "ReadWriteOnceWithFSType" - - // FileFSGroupPolicy indicates that CSI driver supports volume ownership - // and permission change via fsGroup, and Kubernetes will change the permissions - // and ownership of every file in the volume to match the user requested fsGroup in - // the pod's SecurityPolicy regardless of fstype or access mode. - // Use this mode if Kubernetes should modify the permissions and ownership - // of the volume. - FileFSGroupPolicy FSGroupPolicy = "File" - - // NoneFSGroupPolicy indicates that volumes will be mounted without performing - // any ownership or permission modifications, as the CSIDriver does not support - // these operations. - // This mode should be selected if the CSIDriver does not support fsGroup modifications, - // for example when Kubernetes cannot change ownership and permissions on a volume due - // to root-squash settings on a NFS volume. - NoneFSGroupPolicy FSGroupPolicy = "None" -) - -// VolumeLifecycleMode specifies how a CSI volume is used in Kubernetes. -// More modes may be added in the future. -type VolumeLifecycleMode string - -// TokenRequest contains parameters of a service account token. -type TokenRequest struct { - // Audience is the intended audience of the token in "TokenRequestSpec". - // It will default to the audiences of kube apiserver. - // - Audience string - - // ExpirationSeconds is the duration of validity of the token in "TokenRequestSpec". - // It has the same default value of "ExpirationSeconds" in "TokenRequestSpec." - // - // +optional - ExpirationSeconds *int64 -} - -const ( - // VolumeLifecyclePersistent explicitly confirms that the driver implements - // the full CSI spec. It is the default when CSIDriverSpec.VolumeLifecycleModes is not - // set. Such volumes are managed in Kubernetes via the persistent volume - // claim mechanism and have a lifecycle that is independent of the pods which - // use them. - VolumeLifecyclePersistent VolumeLifecycleMode = "Persistent" - // VolumeLifecycleEphemeral indicates that the driver can be used for - // ephemeral inline volumes. Such volumes are specified inside the pod - // spec with a CSIVolumeSource and, as far as Kubernetes is concerned, have - // a lifecycle that is tied to the lifecycle of the pod. For example, such - // a volume might contain data that gets created specifically for that pod, - // like secrets. - // But how the volume actually gets created and managed is entirely up to - // the driver. It might also use reference counting to share the same volume - // instance among different pods if the CSIVolumeSource of those pods is - // identical. - VolumeLifecycleEphemeral VolumeLifecycleMode = "Ephemeral" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CSINode holds information about all CSI drivers installed on a node. -// CSI drivers do not need to create the CSINode object directly. As long as -// they use the node-driver-registrar sidecar container, the kubelet will -// automatically populate the CSINode object for the CSI driver as part of -// kubelet plugin registration. -// CSINode has the same name as a node. If the object is missing, it means either -// there are no CSI Drivers available on the node, or the Kubelet version is low -// enough that it doesn't create this object. -// CSINode has an OwnerReference that points to the corresponding node object. -type CSINode struct { - metav1.TypeMeta - - // metadata.name must be the Kubernetes node name. - metav1.ObjectMeta - - // spec is the specification of CSINode - Spec CSINodeSpec -} - -// CSINodeSpec holds information about the specification of all CSI drivers installed on a node -type CSINodeSpec struct { - // drivers is a list of information of all CSI Drivers existing on a node. - // If all drivers in the list are uninstalled, this can become empty. - // +patchMergeKey=name - // +patchStrategy=merge - Drivers []CSINodeDriver -} - -// CSINodeDriver holds information about the specification of one CSI driver installed on a node -type CSINodeDriver struct { - // This is the name of the CSI driver that this object refers to. - // This MUST be the same name returned by the CSI GetPluginName() call for - // that driver. - Name string - - // nodeID of the node from the driver point of view. - // This field enables Kubernetes to communicate with storage systems that do - // not share the same nomenclature for nodes. For example, Kubernetes may - // refer to a given node as "node1", but the storage system may refer to - // the same node as "nodeA". When Kubernetes issues a command to the storage - // system to attach a volume to a specific node, it can use this field to - // refer to the node name using the ID that the storage system will - // understand, e.g. "nodeA" instead of "node1". This field is required. - NodeID string - - // topologyKeys is the list of keys supported by the driver. - // When a driver is initialized on a cluster, it provides a set of topology - // keys that it understands (e.g. "company.com/zone", "company.com/region"). - // When a driver is initialized on a node, it provides the same topology keys - // along with values. Kubelet will expose these topology keys as labels - // on its own node object. - // When Kubernetes does topology aware provisioning, it can use this list to - // determine which labels it should retrieve from the node object and pass - // back to the driver. - // It is possible for different nodes to use different topology keys. - // This can be empty if driver does not support topology. - // +optional - TopologyKeys []string - - // allocatable represents the volume resources of a node that are available for scheduling. - // +optional - Allocatable *VolumeNodeResources -} - -// VolumeNodeResources is a set of resource limits for scheduling of volumes. -type VolumeNodeResources struct { - // Maximum number of unique volumes managed by the CSI driver that can be used on a node. - // A volume that is both attached and mounted on a node is considered to be used once, not twice. - // The same rule applies for a unique volume that is shared among multiple pods on the same node. - // If this field is not specified, then the supported number of volumes on this node is unbounded. - // +optional - Count *int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CSINodeList is a collection of CSINode objects. -type CSINodeList struct { - metav1.TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // items is the list of CSINode - Items []CSINode -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CSIStorageCapacity stores the result of one CSI GetCapacity call. -// For a given StorageClass, this describes the available capacity in a -// particular topology segment. This can be used when considering where to -// instantiate new PersistentVolumes. -// -// For example this can express things like: -// - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1" -// - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123" -// -// The following three cases all imply that no capacity is available for -// a certain combination: -// - no object exists with suitable topology and storage class name -// - such an object exists, but the capacity is unset -// - such an object exists, but the capacity is zero -// -// The producer of these objects can decide which approach is more suitable. -// -// They are consumed by the kube-scheduler when a CSI driver opts into -// capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler -// compares the MaximumVolumeSize against the requested size of pending volumes -// to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back -// to a comparison against the less precise Capacity. If that is also unset, -// the scheduler assumes that capacity is insufficient and tries some other -// node. -type CSIStorageCapacity struct { - metav1.TypeMeta - // Standard object's metadata. The name has no particular meaning. It must be - // be a DNS subdomain (dots allowed, 253 characters). To ensure that - // there are no conflicts with other CSI drivers on the cluster, the recommendation - // is to use csisc-<uuid>, a generated name, or a reverse-domain name which ends - // with the unique CSI driver name. - // - // Objects are namespaced. - // - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta - - // NodeTopology defines which nodes have access to the storage - // for which capacity was reported. If not set, the storage is - // not accessible from any node in the cluster. If empty, the - // storage is accessible from all nodes. This field is - // immutable. - // - // +optional - NodeTopology *metav1.LabelSelector - - // The name of the StorageClass that the reported capacity applies to. - // It must meet the same requirements as the name of a StorageClass - // object (non-empty, DNS subdomain). If that object no longer exists, - // the CSIStorageCapacity object is obsolete and should be removed by its - // creator. - // This field is immutable. - StorageClassName string - - // Capacity is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // The semantic is currently (CSI spec 1.2) defined as: - // The available capacity, in bytes, of the storage that can be used - // to provision volumes. If not set, that information is currently - // unavailable. - // - // +optional - Capacity *resource.Quantity - - // MaximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // This is defined since CSI spec 1.4.0 as the largest size - // that may be used in a - // CreateVolumeRequest.capacity_range.required_bytes field to - // create a volume with the same parameters as those in - // GetCapacityRequest. The corresponding value in the Kubernetes - // API is ResourceRequirements.Requests in a volume claim. - // - // +optional - MaximumVolumeSize *resource.Quantity -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// CSIStorageCapacityList is a collection of CSIStorageCapacity objects. -type CSIStorageCapacityList struct { - metav1.TypeMeta - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ListMeta - - // Items is the list of CSIStorageCapacity objects. - Items []CSIStorageCapacity -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/util/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/util/helpers.go deleted file mode 100644 index 69dcf57ac9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/util/helpers.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// IsDefaultStorageClassAnnotation represents a StorageClass annotation that -// marks a class as the default StorageClass -const IsDefaultStorageClassAnnotation = "storageclass.kubernetes.io/is-default-class" - -// BetaIsDefaultStorageClassAnnotation is the beta version of IsDefaultStorageClassAnnotation. -// TODO: remove Beta when no longer used -const BetaIsDefaultStorageClassAnnotation = "storageclass.beta.kubernetes.io/is-default-class" - -// IsDefaultAnnotationText returns a pretty Yes/No String if -// the annotation is set -// TODO: remove Beta when no longer needed -func IsDefaultAnnotationText(obj metav1.ObjectMeta) string { - if obj.Annotations[IsDefaultStorageClassAnnotation] == "true" { - return "Yes" - } - if obj.Annotations[BetaIsDefaultStorageClassAnnotation] == "true" { - return "Yes" - } - - return "No" -} - -// IsDefaultAnnotation returns a boolean if -// the annotation is set -// TODO: remove Beta when no longer needed -func IsDefaultAnnotation(obj metav1.ObjectMeta) bool { - if obj.Annotations[IsDefaultStorageClassAnnotation] == "true" { - return true - } - if obj.Annotations[BetaIsDefaultStorageClassAnnotation] == "true" { - return true - } - - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/defaults.go deleted file mode 100644 index 9377281d6c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/defaults.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - v1 "k8s.io/api/core/v1" - storagev1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/runtime" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/features" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_StorageClass(obj *storagev1.StorageClass) { - if obj.ReclaimPolicy == nil { - obj.ReclaimPolicy = new(v1.PersistentVolumeReclaimPolicy) - *obj.ReclaimPolicy = v1.PersistentVolumeReclaimDelete - } - - if obj.VolumeBindingMode == nil { - obj.VolumeBindingMode = new(storagev1.VolumeBindingMode) - *obj.VolumeBindingMode = storagev1.VolumeBindingImmediate - } -} - -func SetDefaults_CSIDriver(obj *storagev1.CSIDriver) { - if obj.Spec.AttachRequired == nil { - obj.Spec.AttachRequired = new(bool) - *(obj.Spec.AttachRequired) = true - } - if obj.Spec.PodInfoOnMount == nil { - obj.Spec.PodInfoOnMount = new(bool) - *(obj.Spec.PodInfoOnMount) = false - } - if obj.Spec.StorageCapacity == nil { - obj.Spec.StorageCapacity = new(bool) - *(obj.Spec.StorageCapacity) = false - } - if obj.Spec.FSGroupPolicy == nil { - obj.Spec.FSGroupPolicy = new(storagev1.FSGroupPolicy) - *obj.Spec.FSGroupPolicy = storagev1.ReadWriteOnceWithFSTypeFSGroupPolicy - } - if len(obj.Spec.VolumeLifecycleModes) == 0 { - obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1.VolumeLifecyclePersistent) - } - if obj.Spec.RequiresRepublish == nil { - obj.Spec.RequiresRepublish = new(bool) - *(obj.Spec.RequiresRepublish) = false - } - if obj.Spec.SELinuxMount == nil && utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - obj.Spec.SELinuxMount = new(bool) - *(obj.Spec.SELinuxMount) = false - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/doc.go deleted file mode 100644 index 0bb97d8a65..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/storage -// +k8s:conversion-gen-external-types=k8s.io/api/storage/v1 -// +groupName=storage.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/storage/v1 - -package v1 // import "k8s.io/kubernetes/pkg/apis/storage/v1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/register.go deleted file mode 100644 index f56f75d58b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - storagev1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "storage.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &storagev1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/zz_generated.conversion.go deleted file mode 100644 index 8fefe5fefd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/zz_generated.conversion.go +++ /dev/null @@ -1,768 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/storage/v1" - resource "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - apiscorev1 "k8s.io/kubernetes/pkg/apis/core/v1" - storage "k8s.io/kubernetes/pkg/apis/storage" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1.CSIDriver)(nil), (*storage.CSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSIDriver_To_storage_CSIDriver(a.(*v1.CSIDriver), b.(*storage.CSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIDriver)(nil), (*v1.CSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIDriver_To_v1_CSIDriver(a.(*storage.CSIDriver), b.(*v1.CSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSIDriverList)(nil), (*storage.CSIDriverList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSIDriverList_To_storage_CSIDriverList(a.(*v1.CSIDriverList), b.(*storage.CSIDriverList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIDriverList)(nil), (*v1.CSIDriverList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIDriverList_To_v1_CSIDriverList(a.(*storage.CSIDriverList), b.(*v1.CSIDriverList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSIDriverSpec)(nil), (*storage.CSIDriverSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSIDriverSpec_To_storage_CSIDriverSpec(a.(*v1.CSIDriverSpec), b.(*storage.CSIDriverSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIDriverSpec)(nil), (*v1.CSIDriverSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIDriverSpec_To_v1_CSIDriverSpec(a.(*storage.CSIDriverSpec), b.(*v1.CSIDriverSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSINode)(nil), (*storage.CSINode)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSINode_To_storage_CSINode(a.(*v1.CSINode), b.(*storage.CSINode), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINode)(nil), (*v1.CSINode)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINode_To_v1_CSINode(a.(*storage.CSINode), b.(*v1.CSINode), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSINodeDriver)(nil), (*storage.CSINodeDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSINodeDriver_To_storage_CSINodeDriver(a.(*v1.CSINodeDriver), b.(*storage.CSINodeDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINodeDriver)(nil), (*v1.CSINodeDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINodeDriver_To_v1_CSINodeDriver(a.(*storage.CSINodeDriver), b.(*v1.CSINodeDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSINodeList)(nil), (*storage.CSINodeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSINodeList_To_storage_CSINodeList(a.(*v1.CSINodeList), b.(*storage.CSINodeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINodeList)(nil), (*v1.CSINodeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINodeList_To_v1_CSINodeList(a.(*storage.CSINodeList), b.(*v1.CSINodeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSINodeSpec)(nil), (*storage.CSINodeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSINodeSpec_To_storage_CSINodeSpec(a.(*v1.CSINodeSpec), b.(*storage.CSINodeSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINodeSpec)(nil), (*v1.CSINodeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINodeSpec_To_v1_CSINodeSpec(a.(*storage.CSINodeSpec), b.(*v1.CSINodeSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSIStorageCapacity)(nil), (*storage.CSIStorageCapacity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSIStorageCapacity_To_storage_CSIStorageCapacity(a.(*v1.CSIStorageCapacity), b.(*storage.CSIStorageCapacity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIStorageCapacity)(nil), (*v1.CSIStorageCapacity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIStorageCapacity_To_v1_CSIStorageCapacity(a.(*storage.CSIStorageCapacity), b.(*v1.CSIStorageCapacity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.CSIStorageCapacityList)(nil), (*storage.CSIStorageCapacityList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(a.(*v1.CSIStorageCapacityList), b.(*storage.CSIStorageCapacityList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIStorageCapacityList)(nil), (*v1.CSIStorageCapacityList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIStorageCapacityList_To_v1_CSIStorageCapacityList(a.(*storage.CSIStorageCapacityList), b.(*v1.CSIStorageCapacityList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StorageClass)(nil), (*storage.StorageClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StorageClass_To_storage_StorageClass(a.(*v1.StorageClass), b.(*storage.StorageClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.StorageClass)(nil), (*v1.StorageClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_StorageClass_To_v1_StorageClass(a.(*storage.StorageClass), b.(*v1.StorageClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.StorageClassList)(nil), (*storage.StorageClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_StorageClassList_To_storage_StorageClassList(a.(*v1.StorageClassList), b.(*storage.StorageClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.StorageClassList)(nil), (*v1.StorageClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_StorageClassList_To_v1_StorageClassList(a.(*storage.StorageClassList), b.(*v1.StorageClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.TokenRequest)(nil), (*storage.TokenRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_TokenRequest_To_storage_TokenRequest(a.(*v1.TokenRequest), b.(*storage.TokenRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.TokenRequest)(nil), (*v1.TokenRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_TokenRequest_To_v1_TokenRequest(a.(*storage.TokenRequest), b.(*v1.TokenRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeAttachment)(nil), (*storage.VolumeAttachment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeAttachment_To_storage_VolumeAttachment(a.(*v1.VolumeAttachment), b.(*storage.VolumeAttachment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachment)(nil), (*v1.VolumeAttachment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachment_To_v1_VolumeAttachment(a.(*storage.VolumeAttachment), b.(*v1.VolumeAttachment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeAttachmentList)(nil), (*storage.VolumeAttachmentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeAttachmentList_To_storage_VolumeAttachmentList(a.(*v1.VolumeAttachmentList), b.(*storage.VolumeAttachmentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentList)(nil), (*v1.VolumeAttachmentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentList_To_v1_VolumeAttachmentList(a.(*storage.VolumeAttachmentList), b.(*v1.VolumeAttachmentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeAttachmentSource)(nil), (*storage.VolumeAttachmentSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(a.(*v1.VolumeAttachmentSource), b.(*storage.VolumeAttachmentSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentSource)(nil), (*v1.VolumeAttachmentSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentSource_To_v1_VolumeAttachmentSource(a.(*storage.VolumeAttachmentSource), b.(*v1.VolumeAttachmentSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeAttachmentSpec)(nil), (*storage.VolumeAttachmentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(a.(*v1.VolumeAttachmentSpec), b.(*storage.VolumeAttachmentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentSpec)(nil), (*v1.VolumeAttachmentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentSpec_To_v1_VolumeAttachmentSpec(a.(*storage.VolumeAttachmentSpec), b.(*v1.VolumeAttachmentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeAttachmentStatus)(nil), (*storage.VolumeAttachmentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(a.(*v1.VolumeAttachmentStatus), b.(*storage.VolumeAttachmentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentStatus)(nil), (*v1.VolumeAttachmentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentStatus_To_v1_VolumeAttachmentStatus(a.(*storage.VolumeAttachmentStatus), b.(*v1.VolumeAttachmentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeError)(nil), (*storage.VolumeError)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeError_To_storage_VolumeError(a.(*v1.VolumeError), b.(*storage.VolumeError), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeError)(nil), (*v1.VolumeError)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeError_To_v1_VolumeError(a.(*storage.VolumeError), b.(*v1.VolumeError), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1.VolumeNodeResources)(nil), (*storage.VolumeNodeResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_VolumeNodeResources_To_storage_VolumeNodeResources(a.(*v1.VolumeNodeResources), b.(*storage.VolumeNodeResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeNodeResources)(nil), (*v1.VolumeNodeResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeNodeResources_To_v1_VolumeNodeResources(a.(*storage.VolumeNodeResources), b.(*v1.VolumeNodeResources), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_CSIDriver_To_storage_CSIDriver(in *v1.CSIDriver, out *storage.CSIDriver, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_CSIDriverSpec_To_storage_CSIDriverSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1_CSIDriver_To_storage_CSIDriver is an autogenerated conversion function. -func Convert_v1_CSIDriver_To_storage_CSIDriver(in *v1.CSIDriver, out *storage.CSIDriver, s conversion.Scope) error { - return autoConvert_v1_CSIDriver_To_storage_CSIDriver(in, out, s) -} - -func autoConvert_storage_CSIDriver_To_v1_CSIDriver(in *storage.CSIDriver, out *v1.CSIDriver, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_storage_CSIDriverSpec_To_v1_CSIDriverSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_storage_CSIDriver_To_v1_CSIDriver is an autogenerated conversion function. -func Convert_storage_CSIDriver_To_v1_CSIDriver(in *storage.CSIDriver, out *v1.CSIDriver, s conversion.Scope) error { - return autoConvert_storage_CSIDriver_To_v1_CSIDriver(in, out, s) -} - -func autoConvert_v1_CSIDriverList_To_storage_CSIDriverList(in *v1.CSIDriverList, out *storage.CSIDriverList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]storage.CSIDriver, len(*in)) - for i := range *in { - if err := Convert_v1_CSIDriver_To_storage_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_CSIDriverList_To_storage_CSIDriverList is an autogenerated conversion function. -func Convert_v1_CSIDriverList_To_storage_CSIDriverList(in *v1.CSIDriverList, out *storage.CSIDriverList, s conversion.Scope) error { - return autoConvert_v1_CSIDriverList_To_storage_CSIDriverList(in, out, s) -} - -func autoConvert_storage_CSIDriverList_To_v1_CSIDriverList(in *storage.CSIDriverList, out *v1.CSIDriverList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.CSIDriver, len(*in)) - for i := range *in { - if err := Convert_storage_CSIDriver_To_v1_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_storage_CSIDriverList_To_v1_CSIDriverList is an autogenerated conversion function. -func Convert_storage_CSIDriverList_To_v1_CSIDriverList(in *storage.CSIDriverList, out *v1.CSIDriverList, s conversion.Scope) error { - return autoConvert_storage_CSIDriverList_To_v1_CSIDriverList(in, out, s) -} - -func autoConvert_v1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1.CSIDriverSpec, out *storage.CSIDriverSpec, s conversion.Scope) error { - out.AttachRequired = (*bool)(unsafe.Pointer(in.AttachRequired)) - out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) - out.VolumeLifecycleModes = *(*[]storage.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) - out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) - out.FSGroupPolicy = (*storage.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) - out.TokenRequests = *(*[]storage.TokenRequest)(unsafe.Pointer(&in.TokenRequests)) - out.RequiresRepublish = (*bool)(unsafe.Pointer(in.RequiresRepublish)) - out.SELinuxMount = (*bool)(unsafe.Pointer(in.SELinuxMount)) - return nil -} - -// Convert_v1_CSIDriverSpec_To_storage_CSIDriverSpec is an autogenerated conversion function. -func Convert_v1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1.CSIDriverSpec, out *storage.CSIDriverSpec, s conversion.Scope) error { - return autoConvert_v1_CSIDriverSpec_To_storage_CSIDriverSpec(in, out, s) -} - -func autoConvert_storage_CSIDriverSpec_To_v1_CSIDriverSpec(in *storage.CSIDriverSpec, out *v1.CSIDriverSpec, s conversion.Scope) error { - out.AttachRequired = (*bool)(unsafe.Pointer(in.AttachRequired)) - out.FSGroupPolicy = (*v1.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) - out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) - out.VolumeLifecycleModes = *(*[]v1.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) - out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) - out.TokenRequests = *(*[]v1.TokenRequest)(unsafe.Pointer(&in.TokenRequests)) - out.RequiresRepublish = (*bool)(unsafe.Pointer(in.RequiresRepublish)) - out.SELinuxMount = (*bool)(unsafe.Pointer(in.SELinuxMount)) - return nil -} - -// Convert_storage_CSIDriverSpec_To_v1_CSIDriverSpec is an autogenerated conversion function. -func Convert_storage_CSIDriverSpec_To_v1_CSIDriverSpec(in *storage.CSIDriverSpec, out *v1.CSIDriverSpec, s conversion.Scope) error { - return autoConvert_storage_CSIDriverSpec_To_v1_CSIDriverSpec(in, out, s) -} - -func autoConvert_v1_CSINode_To_storage_CSINode(in *v1.CSINode, out *storage.CSINode, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_CSINodeSpec_To_storage_CSINodeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1_CSINode_To_storage_CSINode is an autogenerated conversion function. -func Convert_v1_CSINode_To_storage_CSINode(in *v1.CSINode, out *storage.CSINode, s conversion.Scope) error { - return autoConvert_v1_CSINode_To_storage_CSINode(in, out, s) -} - -func autoConvert_storage_CSINode_To_v1_CSINode(in *storage.CSINode, out *v1.CSINode, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_storage_CSINodeSpec_To_v1_CSINodeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_storage_CSINode_To_v1_CSINode is an autogenerated conversion function. -func Convert_storage_CSINode_To_v1_CSINode(in *storage.CSINode, out *v1.CSINode, s conversion.Scope) error { - return autoConvert_storage_CSINode_To_v1_CSINode(in, out, s) -} - -func autoConvert_v1_CSINodeDriver_To_storage_CSINodeDriver(in *v1.CSINodeDriver, out *storage.CSINodeDriver, s conversion.Scope) error { - out.Name = in.Name - out.NodeID = in.NodeID - out.TopologyKeys = *(*[]string)(unsafe.Pointer(&in.TopologyKeys)) - out.Allocatable = (*storage.VolumeNodeResources)(unsafe.Pointer(in.Allocatable)) - return nil -} - -// Convert_v1_CSINodeDriver_To_storage_CSINodeDriver is an autogenerated conversion function. -func Convert_v1_CSINodeDriver_To_storage_CSINodeDriver(in *v1.CSINodeDriver, out *storage.CSINodeDriver, s conversion.Scope) error { - return autoConvert_v1_CSINodeDriver_To_storage_CSINodeDriver(in, out, s) -} - -func autoConvert_storage_CSINodeDriver_To_v1_CSINodeDriver(in *storage.CSINodeDriver, out *v1.CSINodeDriver, s conversion.Scope) error { - out.Name = in.Name - out.NodeID = in.NodeID - out.TopologyKeys = *(*[]string)(unsafe.Pointer(&in.TopologyKeys)) - out.Allocatable = (*v1.VolumeNodeResources)(unsafe.Pointer(in.Allocatable)) - return nil -} - -// Convert_storage_CSINodeDriver_To_v1_CSINodeDriver is an autogenerated conversion function. -func Convert_storage_CSINodeDriver_To_v1_CSINodeDriver(in *storage.CSINodeDriver, out *v1.CSINodeDriver, s conversion.Scope) error { - return autoConvert_storage_CSINodeDriver_To_v1_CSINodeDriver(in, out, s) -} - -func autoConvert_v1_CSINodeList_To_storage_CSINodeList(in *v1.CSINodeList, out *storage.CSINodeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]storage.CSINode)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_CSINodeList_To_storage_CSINodeList is an autogenerated conversion function. -func Convert_v1_CSINodeList_To_storage_CSINodeList(in *v1.CSINodeList, out *storage.CSINodeList, s conversion.Scope) error { - return autoConvert_v1_CSINodeList_To_storage_CSINodeList(in, out, s) -} - -func autoConvert_storage_CSINodeList_To_v1_CSINodeList(in *storage.CSINodeList, out *v1.CSINodeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.CSINode)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_storage_CSINodeList_To_v1_CSINodeList is an autogenerated conversion function. -func Convert_storage_CSINodeList_To_v1_CSINodeList(in *storage.CSINodeList, out *v1.CSINodeList, s conversion.Scope) error { - return autoConvert_storage_CSINodeList_To_v1_CSINodeList(in, out, s) -} - -func autoConvert_v1_CSINodeSpec_To_storage_CSINodeSpec(in *v1.CSINodeSpec, out *storage.CSINodeSpec, s conversion.Scope) error { - out.Drivers = *(*[]storage.CSINodeDriver)(unsafe.Pointer(&in.Drivers)) - return nil -} - -// Convert_v1_CSINodeSpec_To_storage_CSINodeSpec is an autogenerated conversion function. -func Convert_v1_CSINodeSpec_To_storage_CSINodeSpec(in *v1.CSINodeSpec, out *storage.CSINodeSpec, s conversion.Scope) error { - return autoConvert_v1_CSINodeSpec_To_storage_CSINodeSpec(in, out, s) -} - -func autoConvert_storage_CSINodeSpec_To_v1_CSINodeSpec(in *storage.CSINodeSpec, out *v1.CSINodeSpec, s conversion.Scope) error { - out.Drivers = *(*[]v1.CSINodeDriver)(unsafe.Pointer(&in.Drivers)) - return nil -} - -// Convert_storage_CSINodeSpec_To_v1_CSINodeSpec is an autogenerated conversion function. -func Convert_storage_CSINodeSpec_To_v1_CSINodeSpec(in *storage.CSINodeSpec, out *v1.CSINodeSpec, s conversion.Scope) error { - return autoConvert_storage_CSINodeSpec_To_v1_CSINodeSpec(in, out, s) -} - -func autoConvert_v1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in *v1.CSIStorageCapacity, out *storage.CSIStorageCapacity, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.NodeTopology = (*metav1.LabelSelector)(unsafe.Pointer(in.NodeTopology)) - out.StorageClassName = in.StorageClassName - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - out.MaximumVolumeSize = (*resource.Quantity)(unsafe.Pointer(in.MaximumVolumeSize)) - return nil -} - -// Convert_v1_CSIStorageCapacity_To_storage_CSIStorageCapacity is an autogenerated conversion function. -func Convert_v1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in *v1.CSIStorageCapacity, out *storage.CSIStorageCapacity, s conversion.Scope) error { - return autoConvert_v1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in, out, s) -} - -func autoConvert_storage_CSIStorageCapacity_To_v1_CSIStorageCapacity(in *storage.CSIStorageCapacity, out *v1.CSIStorageCapacity, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.NodeTopology = (*metav1.LabelSelector)(unsafe.Pointer(in.NodeTopology)) - out.StorageClassName = in.StorageClassName - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - out.MaximumVolumeSize = (*resource.Quantity)(unsafe.Pointer(in.MaximumVolumeSize)) - return nil -} - -// Convert_storage_CSIStorageCapacity_To_v1_CSIStorageCapacity is an autogenerated conversion function. -func Convert_storage_CSIStorageCapacity_To_v1_CSIStorageCapacity(in *storage.CSIStorageCapacity, out *v1.CSIStorageCapacity, s conversion.Scope) error { - return autoConvert_storage_CSIStorageCapacity_To_v1_CSIStorageCapacity(in, out, s) -} - -func autoConvert_v1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in *v1.CSIStorageCapacityList, out *storage.CSIStorageCapacityList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]storage.CSIStorageCapacity)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList is an autogenerated conversion function. -func Convert_v1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in *v1.CSIStorageCapacityList, out *storage.CSIStorageCapacityList, s conversion.Scope) error { - return autoConvert_v1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in, out, s) -} - -func autoConvert_storage_CSIStorageCapacityList_To_v1_CSIStorageCapacityList(in *storage.CSIStorageCapacityList, out *v1.CSIStorageCapacityList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.CSIStorageCapacity)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_storage_CSIStorageCapacityList_To_v1_CSIStorageCapacityList is an autogenerated conversion function. -func Convert_storage_CSIStorageCapacityList_To_v1_CSIStorageCapacityList(in *storage.CSIStorageCapacityList, out *v1.CSIStorageCapacityList, s conversion.Scope) error { - return autoConvert_storage_CSIStorageCapacityList_To_v1_CSIStorageCapacityList(in, out, s) -} - -func autoConvert_v1_StorageClass_To_storage_StorageClass(in *v1.StorageClass, out *storage.StorageClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Provisioner = in.Provisioner - out.Parameters = *(*map[string]string)(unsafe.Pointer(&in.Parameters)) - out.ReclaimPolicy = (*core.PersistentVolumeReclaimPolicy)(unsafe.Pointer(in.ReclaimPolicy)) - out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) - out.AllowVolumeExpansion = (*bool)(unsafe.Pointer(in.AllowVolumeExpansion)) - out.VolumeBindingMode = (*storage.VolumeBindingMode)(unsafe.Pointer(in.VolumeBindingMode)) - out.AllowedTopologies = *(*[]core.TopologySelectorTerm)(unsafe.Pointer(&in.AllowedTopologies)) - return nil -} - -// Convert_v1_StorageClass_To_storage_StorageClass is an autogenerated conversion function. -func Convert_v1_StorageClass_To_storage_StorageClass(in *v1.StorageClass, out *storage.StorageClass, s conversion.Scope) error { - return autoConvert_v1_StorageClass_To_storage_StorageClass(in, out, s) -} - -func autoConvert_storage_StorageClass_To_v1_StorageClass(in *storage.StorageClass, out *v1.StorageClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Provisioner = in.Provisioner - out.Parameters = *(*map[string]string)(unsafe.Pointer(&in.Parameters)) - out.ReclaimPolicy = (*corev1.PersistentVolumeReclaimPolicy)(unsafe.Pointer(in.ReclaimPolicy)) - out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) - out.AllowVolumeExpansion = (*bool)(unsafe.Pointer(in.AllowVolumeExpansion)) - out.VolumeBindingMode = (*v1.VolumeBindingMode)(unsafe.Pointer(in.VolumeBindingMode)) - out.AllowedTopologies = *(*[]corev1.TopologySelectorTerm)(unsafe.Pointer(&in.AllowedTopologies)) - return nil -} - -// Convert_storage_StorageClass_To_v1_StorageClass is an autogenerated conversion function. -func Convert_storage_StorageClass_To_v1_StorageClass(in *storage.StorageClass, out *v1.StorageClass, s conversion.Scope) error { - return autoConvert_storage_StorageClass_To_v1_StorageClass(in, out, s) -} - -func autoConvert_v1_StorageClassList_To_storage_StorageClassList(in *v1.StorageClassList, out *storage.StorageClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]storage.StorageClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1_StorageClassList_To_storage_StorageClassList is an autogenerated conversion function. -func Convert_v1_StorageClassList_To_storage_StorageClassList(in *v1.StorageClassList, out *storage.StorageClassList, s conversion.Scope) error { - return autoConvert_v1_StorageClassList_To_storage_StorageClassList(in, out, s) -} - -func autoConvert_storage_StorageClassList_To_v1_StorageClassList(in *storage.StorageClassList, out *v1.StorageClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1.StorageClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_storage_StorageClassList_To_v1_StorageClassList is an autogenerated conversion function. -func Convert_storage_StorageClassList_To_v1_StorageClassList(in *storage.StorageClassList, out *v1.StorageClassList, s conversion.Scope) error { - return autoConvert_storage_StorageClassList_To_v1_StorageClassList(in, out, s) -} - -func autoConvert_v1_TokenRequest_To_storage_TokenRequest(in *v1.TokenRequest, out *storage.TokenRequest, s conversion.Scope) error { - out.Audience = in.Audience - out.ExpirationSeconds = (*int64)(unsafe.Pointer(in.ExpirationSeconds)) - return nil -} - -// Convert_v1_TokenRequest_To_storage_TokenRequest is an autogenerated conversion function. -func Convert_v1_TokenRequest_To_storage_TokenRequest(in *v1.TokenRequest, out *storage.TokenRequest, s conversion.Scope) error { - return autoConvert_v1_TokenRequest_To_storage_TokenRequest(in, out, s) -} - -func autoConvert_storage_TokenRequest_To_v1_TokenRequest(in *storage.TokenRequest, out *v1.TokenRequest, s conversion.Scope) error { - out.Audience = in.Audience - out.ExpirationSeconds = (*int64)(unsafe.Pointer(in.ExpirationSeconds)) - return nil -} - -// Convert_storage_TokenRequest_To_v1_TokenRequest is an autogenerated conversion function. -func Convert_storage_TokenRequest_To_v1_TokenRequest(in *storage.TokenRequest, out *v1.TokenRequest, s conversion.Scope) error { - return autoConvert_storage_TokenRequest_To_v1_TokenRequest(in, out, s) -} - -func autoConvert_v1_VolumeAttachment_To_storage_VolumeAttachment(in *v1.VolumeAttachment, out *storage.VolumeAttachment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1_VolumeAttachment_To_storage_VolumeAttachment is an autogenerated conversion function. -func Convert_v1_VolumeAttachment_To_storage_VolumeAttachment(in *v1.VolumeAttachment, out *storage.VolumeAttachment, s conversion.Scope) error { - return autoConvert_v1_VolumeAttachment_To_storage_VolumeAttachment(in, out, s) -} - -func autoConvert_storage_VolumeAttachment_To_v1_VolumeAttachment(in *storage.VolumeAttachment, out *v1.VolumeAttachment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_storage_VolumeAttachmentSpec_To_v1_VolumeAttachmentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_storage_VolumeAttachmentStatus_To_v1_VolumeAttachmentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_storage_VolumeAttachment_To_v1_VolumeAttachment is an autogenerated conversion function. -func Convert_storage_VolumeAttachment_To_v1_VolumeAttachment(in *storage.VolumeAttachment, out *v1.VolumeAttachment, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachment_To_v1_VolumeAttachment(in, out, s) -} - -func autoConvert_v1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in *v1.VolumeAttachmentList, out *storage.VolumeAttachmentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]storage.VolumeAttachment, len(*in)) - for i := range *in { - if err := Convert_v1_VolumeAttachment_To_storage_VolumeAttachment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1_VolumeAttachmentList_To_storage_VolumeAttachmentList is an autogenerated conversion function. -func Convert_v1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in *v1.VolumeAttachmentList, out *storage.VolumeAttachmentList, s conversion.Scope) error { - return autoConvert_v1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentList_To_v1_VolumeAttachmentList(in *storage.VolumeAttachmentList, out *v1.VolumeAttachmentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1.VolumeAttachment, len(*in)) - for i := range *in { - if err := Convert_storage_VolumeAttachment_To_v1_VolumeAttachment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_storage_VolumeAttachmentList_To_v1_VolumeAttachmentList is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentList_To_v1_VolumeAttachmentList(in *storage.VolumeAttachmentList, out *v1.VolumeAttachmentList, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentList_To_v1_VolumeAttachmentList(in, out, s) -} - -func autoConvert_v1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in *v1.VolumeAttachmentSource, out *storage.VolumeAttachmentSource, s conversion.Scope) error { - out.PersistentVolumeName = (*string)(unsafe.Pointer(in.PersistentVolumeName)) - if in.InlineVolumeSpec != nil { - in, out := &in.InlineVolumeSpec, &out.InlineVolumeSpec - *out = new(core.PersistentVolumeSpec) - if err := apiscorev1.Convert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(*in, *out, s); err != nil { - return err - } - } else { - out.InlineVolumeSpec = nil - } - return nil -} - -// Convert_v1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource is an autogenerated conversion function. -func Convert_v1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in *v1.VolumeAttachmentSource, out *storage.VolumeAttachmentSource, s conversion.Scope) error { - return autoConvert_v1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentSource_To_v1_VolumeAttachmentSource(in *storage.VolumeAttachmentSource, out *v1.VolumeAttachmentSource, s conversion.Scope) error { - out.PersistentVolumeName = (*string)(unsafe.Pointer(in.PersistentVolumeName)) - if in.InlineVolumeSpec != nil { - in, out := &in.InlineVolumeSpec, &out.InlineVolumeSpec - *out = new(corev1.PersistentVolumeSpec) - if err := apiscorev1.Convert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(*in, *out, s); err != nil { - return err - } - } else { - out.InlineVolumeSpec = nil - } - return nil -} - -// Convert_storage_VolumeAttachmentSource_To_v1_VolumeAttachmentSource is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentSource_To_v1_VolumeAttachmentSource(in *storage.VolumeAttachmentSource, out *v1.VolumeAttachmentSource, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentSource_To_v1_VolumeAttachmentSource(in, out, s) -} - -func autoConvert_v1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in *v1.VolumeAttachmentSpec, out *storage.VolumeAttachmentSpec, s conversion.Scope) error { - out.Attacher = in.Attacher - if err := Convert_v1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.NodeName = in.NodeName - return nil -} - -// Convert_v1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec is an autogenerated conversion function. -func Convert_v1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in *v1.VolumeAttachmentSpec, out *storage.VolumeAttachmentSpec, s conversion.Scope) error { - return autoConvert_v1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentSpec_To_v1_VolumeAttachmentSpec(in *storage.VolumeAttachmentSpec, out *v1.VolumeAttachmentSpec, s conversion.Scope) error { - out.Attacher = in.Attacher - if err := Convert_storage_VolumeAttachmentSource_To_v1_VolumeAttachmentSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.NodeName = in.NodeName - return nil -} - -// Convert_storage_VolumeAttachmentSpec_To_v1_VolumeAttachmentSpec is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentSpec_To_v1_VolumeAttachmentSpec(in *storage.VolumeAttachmentSpec, out *v1.VolumeAttachmentSpec, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentSpec_To_v1_VolumeAttachmentSpec(in, out, s) -} - -func autoConvert_v1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in *v1.VolumeAttachmentStatus, out *storage.VolumeAttachmentStatus, s conversion.Scope) error { - out.Attached = in.Attached - out.AttachmentMetadata = *(*map[string]string)(unsafe.Pointer(&in.AttachmentMetadata)) - out.AttachError = (*storage.VolumeError)(unsafe.Pointer(in.AttachError)) - out.DetachError = (*storage.VolumeError)(unsafe.Pointer(in.DetachError)) - return nil -} - -// Convert_v1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus is an autogenerated conversion function. -func Convert_v1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in *v1.VolumeAttachmentStatus, out *storage.VolumeAttachmentStatus, s conversion.Scope) error { - return autoConvert_v1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentStatus_To_v1_VolumeAttachmentStatus(in *storage.VolumeAttachmentStatus, out *v1.VolumeAttachmentStatus, s conversion.Scope) error { - out.Attached = in.Attached - out.AttachmentMetadata = *(*map[string]string)(unsafe.Pointer(&in.AttachmentMetadata)) - out.AttachError = (*v1.VolumeError)(unsafe.Pointer(in.AttachError)) - out.DetachError = (*v1.VolumeError)(unsafe.Pointer(in.DetachError)) - return nil -} - -// Convert_storage_VolumeAttachmentStatus_To_v1_VolumeAttachmentStatus is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentStatus_To_v1_VolumeAttachmentStatus(in *storage.VolumeAttachmentStatus, out *v1.VolumeAttachmentStatus, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentStatus_To_v1_VolumeAttachmentStatus(in, out, s) -} - -func autoConvert_v1_VolumeError_To_storage_VolumeError(in *v1.VolumeError, out *storage.VolumeError, s conversion.Scope) error { - out.Time = in.Time - out.Message = in.Message - return nil -} - -// Convert_v1_VolumeError_To_storage_VolumeError is an autogenerated conversion function. -func Convert_v1_VolumeError_To_storage_VolumeError(in *v1.VolumeError, out *storage.VolumeError, s conversion.Scope) error { - return autoConvert_v1_VolumeError_To_storage_VolumeError(in, out, s) -} - -func autoConvert_storage_VolumeError_To_v1_VolumeError(in *storage.VolumeError, out *v1.VolumeError, s conversion.Scope) error { - out.Time = in.Time - out.Message = in.Message - return nil -} - -// Convert_storage_VolumeError_To_v1_VolumeError is an autogenerated conversion function. -func Convert_storage_VolumeError_To_v1_VolumeError(in *storage.VolumeError, out *v1.VolumeError, s conversion.Scope) error { - return autoConvert_storage_VolumeError_To_v1_VolumeError(in, out, s) -} - -func autoConvert_v1_VolumeNodeResources_To_storage_VolumeNodeResources(in *v1.VolumeNodeResources, out *storage.VolumeNodeResources, s conversion.Scope) error { - out.Count = (*int32)(unsafe.Pointer(in.Count)) - return nil -} - -// Convert_v1_VolumeNodeResources_To_storage_VolumeNodeResources is an autogenerated conversion function. -func Convert_v1_VolumeNodeResources_To_storage_VolumeNodeResources(in *v1.VolumeNodeResources, out *storage.VolumeNodeResources, s conversion.Scope) error { - return autoConvert_v1_VolumeNodeResources_To_storage_VolumeNodeResources(in, out, s) -} - -func autoConvert_storage_VolumeNodeResources_To_v1_VolumeNodeResources(in *storage.VolumeNodeResources, out *v1.VolumeNodeResources, s conversion.Scope) error { - out.Count = (*int32)(unsafe.Pointer(in.Count)) - return nil -} - -// Convert_storage_VolumeNodeResources_To_v1_VolumeNodeResources is an autogenerated conversion function. -func Convert_storage_VolumeNodeResources_To_v1_VolumeNodeResources(in *storage.VolumeNodeResources, out *v1.VolumeNodeResources, s conversion.Scope) error { - return autoConvert_storage_VolumeNodeResources_To_v1_VolumeNodeResources(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/zz_generated.defaults.go deleted file mode 100644 index 26dd21c398..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1/zz_generated.defaults.go +++ /dev/null @@ -1,91 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - v1 "k8s.io/api/storage/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1.CSIDriver{}, func(obj interface{}) { SetObjectDefaults_CSIDriver(obj.(*v1.CSIDriver)) }) - scheme.AddTypeDefaultingFunc(&v1.CSIDriverList{}, func(obj interface{}) { SetObjectDefaults_CSIDriverList(obj.(*v1.CSIDriverList)) }) - scheme.AddTypeDefaultingFunc(&v1.StorageClass{}, func(obj interface{}) { SetObjectDefaults_StorageClass(obj.(*v1.StorageClass)) }) - scheme.AddTypeDefaultingFunc(&v1.StorageClassList{}, func(obj interface{}) { SetObjectDefaults_StorageClassList(obj.(*v1.StorageClassList)) }) - scheme.AddTypeDefaultingFunc(&v1.VolumeAttachment{}, func(obj interface{}) { SetObjectDefaults_VolumeAttachment(obj.(*v1.VolumeAttachment)) }) - scheme.AddTypeDefaultingFunc(&v1.VolumeAttachmentList{}, func(obj interface{}) { SetObjectDefaults_VolumeAttachmentList(obj.(*v1.VolumeAttachmentList)) }) - return nil -} - -func SetObjectDefaults_CSIDriver(in *v1.CSIDriver) { - SetDefaults_CSIDriver(in) -} - -func SetObjectDefaults_CSIDriverList(in *v1.CSIDriverList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_CSIDriver(a) - } -} - -func SetObjectDefaults_StorageClass(in *v1.StorageClass) { - SetDefaults_StorageClass(in) -} - -func SetObjectDefaults_StorageClassList(in *v1.StorageClassList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_StorageClass(a) - } -} - -func SetObjectDefaults_VolumeAttachment(in *v1.VolumeAttachment) { - if in.Spec.Source.InlineVolumeSpec != nil { - corev1.SetDefaults_ResourceList(&in.Spec.Source.InlineVolumeSpec.Capacity) - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.HostPath != nil { - corev1.SetDefaults_HostPathVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.HostPath) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.RBD != nil { - corev1.SetDefaults_RBDPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.RBD) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ISCSI != nil { - corev1.SetDefaults_ISCSIPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ISCSI) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.AzureDisk != nil { - corev1.SetDefaults_AzureDiskVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.AzureDisk) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ScaleIO != nil { - corev1.SetDefaults_ScaleIOPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ScaleIO) - } - } -} - -func SetObjectDefaults_VolumeAttachmentList(in *v1.VolumeAttachmentList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_VolumeAttachment(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/doc.go deleted file mode 100644 index 34925a851a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/storage -// +k8s:conversion-gen-external-types=k8s.io/api/storage/v1alpha1 -// +groupName=storage.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/storage/v1alpha1 - -package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/storage/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/register.go deleted file mode 100644 index b0919ad75a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/register.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - storagev1alpha1 "k8s.io/api/storage/v1alpha1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "storage.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &storagev1alpha1.SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme - AddToScheme = localSchemeBuilder.AddToScheme -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 5dad2b6182..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,364 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - apicorev1 "k8s.io/api/core/v1" - v1alpha1 "k8s.io/api/storage/v1alpha1" - resource "k8s.io/apimachinery/pkg/api/resource" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - corev1 "k8s.io/kubernetes/pkg/apis/core/v1" - storage "k8s.io/kubernetes/pkg/apis/storage" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.CSIStorageCapacity)(nil), (*storage.CSIStorageCapacity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CSIStorageCapacity_To_storage_CSIStorageCapacity(a.(*v1alpha1.CSIStorageCapacity), b.(*storage.CSIStorageCapacity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIStorageCapacity)(nil), (*v1alpha1.CSIStorageCapacity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIStorageCapacity_To_v1alpha1_CSIStorageCapacity(a.(*storage.CSIStorageCapacity), b.(*v1alpha1.CSIStorageCapacity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.CSIStorageCapacityList)(nil), (*storage.CSIStorageCapacityList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(a.(*v1alpha1.CSIStorageCapacityList), b.(*storage.CSIStorageCapacityList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIStorageCapacityList)(nil), (*v1alpha1.CSIStorageCapacityList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIStorageCapacityList_To_v1alpha1_CSIStorageCapacityList(a.(*storage.CSIStorageCapacityList), b.(*v1alpha1.CSIStorageCapacityList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeAttachment)(nil), (*storage.VolumeAttachment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VolumeAttachment_To_storage_VolumeAttachment(a.(*v1alpha1.VolumeAttachment), b.(*storage.VolumeAttachment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachment)(nil), (*v1alpha1.VolumeAttachment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachment_To_v1alpha1_VolumeAttachment(a.(*storage.VolumeAttachment), b.(*v1alpha1.VolumeAttachment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeAttachmentList)(nil), (*storage.VolumeAttachmentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VolumeAttachmentList_To_storage_VolumeAttachmentList(a.(*v1alpha1.VolumeAttachmentList), b.(*storage.VolumeAttachmentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentList)(nil), (*v1alpha1.VolumeAttachmentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentList_To_v1alpha1_VolumeAttachmentList(a.(*storage.VolumeAttachmentList), b.(*v1alpha1.VolumeAttachmentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeAttachmentSource)(nil), (*storage.VolumeAttachmentSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(a.(*v1alpha1.VolumeAttachmentSource), b.(*storage.VolumeAttachmentSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentSource)(nil), (*v1alpha1.VolumeAttachmentSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentSource_To_v1alpha1_VolumeAttachmentSource(a.(*storage.VolumeAttachmentSource), b.(*v1alpha1.VolumeAttachmentSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeAttachmentSpec)(nil), (*storage.VolumeAttachmentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(a.(*v1alpha1.VolumeAttachmentSpec), b.(*storage.VolumeAttachmentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentSpec)(nil), (*v1alpha1.VolumeAttachmentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentSpec_To_v1alpha1_VolumeAttachmentSpec(a.(*storage.VolumeAttachmentSpec), b.(*v1alpha1.VolumeAttachmentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeAttachmentStatus)(nil), (*storage.VolumeAttachmentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(a.(*v1alpha1.VolumeAttachmentStatus), b.(*storage.VolumeAttachmentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentStatus)(nil), (*v1alpha1.VolumeAttachmentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentStatus_To_v1alpha1_VolumeAttachmentStatus(a.(*storage.VolumeAttachmentStatus), b.(*v1alpha1.VolumeAttachmentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeError)(nil), (*storage.VolumeError)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_VolumeError_To_storage_VolumeError(a.(*v1alpha1.VolumeError), b.(*storage.VolumeError), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeError)(nil), (*v1alpha1.VolumeError)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeError_To_v1alpha1_VolumeError(a.(*storage.VolumeError), b.(*v1alpha1.VolumeError), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in *v1alpha1.CSIStorageCapacity, out *storage.CSIStorageCapacity, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.NodeTopology = (*v1.LabelSelector)(unsafe.Pointer(in.NodeTopology)) - out.StorageClassName = in.StorageClassName - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - out.MaximumVolumeSize = (*resource.Quantity)(unsafe.Pointer(in.MaximumVolumeSize)) - return nil -} - -// Convert_v1alpha1_CSIStorageCapacity_To_storage_CSIStorageCapacity is an autogenerated conversion function. -func Convert_v1alpha1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in *v1alpha1.CSIStorageCapacity, out *storage.CSIStorageCapacity, s conversion.Scope) error { - return autoConvert_v1alpha1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in, out, s) -} - -func autoConvert_storage_CSIStorageCapacity_To_v1alpha1_CSIStorageCapacity(in *storage.CSIStorageCapacity, out *v1alpha1.CSIStorageCapacity, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.NodeTopology = (*v1.LabelSelector)(unsafe.Pointer(in.NodeTopology)) - out.StorageClassName = in.StorageClassName - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - out.MaximumVolumeSize = (*resource.Quantity)(unsafe.Pointer(in.MaximumVolumeSize)) - return nil -} - -// Convert_storage_CSIStorageCapacity_To_v1alpha1_CSIStorageCapacity is an autogenerated conversion function. -func Convert_storage_CSIStorageCapacity_To_v1alpha1_CSIStorageCapacity(in *storage.CSIStorageCapacity, out *v1alpha1.CSIStorageCapacity, s conversion.Scope) error { - return autoConvert_storage_CSIStorageCapacity_To_v1alpha1_CSIStorageCapacity(in, out, s) -} - -func autoConvert_v1alpha1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in *v1alpha1.CSIStorageCapacityList, out *storage.CSIStorageCapacityList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]storage.CSIStorageCapacity)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList is an autogenerated conversion function. -func Convert_v1alpha1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in *v1alpha1.CSIStorageCapacityList, out *storage.CSIStorageCapacityList, s conversion.Scope) error { - return autoConvert_v1alpha1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in, out, s) -} - -func autoConvert_storage_CSIStorageCapacityList_To_v1alpha1_CSIStorageCapacityList(in *storage.CSIStorageCapacityList, out *v1alpha1.CSIStorageCapacityList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha1.CSIStorageCapacity)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_storage_CSIStorageCapacityList_To_v1alpha1_CSIStorageCapacityList is an autogenerated conversion function. -func Convert_storage_CSIStorageCapacityList_To_v1alpha1_CSIStorageCapacityList(in *storage.CSIStorageCapacityList, out *v1alpha1.CSIStorageCapacityList, s conversion.Scope) error { - return autoConvert_storage_CSIStorageCapacityList_To_v1alpha1_CSIStorageCapacityList(in, out, s) -} - -func autoConvert_v1alpha1_VolumeAttachment_To_storage_VolumeAttachment(in *v1alpha1.VolumeAttachment, out *storage.VolumeAttachment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1alpha1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_VolumeAttachment_To_storage_VolumeAttachment is an autogenerated conversion function. -func Convert_v1alpha1_VolumeAttachment_To_storage_VolumeAttachment(in *v1alpha1.VolumeAttachment, out *storage.VolumeAttachment, s conversion.Scope) error { - return autoConvert_v1alpha1_VolumeAttachment_To_storage_VolumeAttachment(in, out, s) -} - -func autoConvert_storage_VolumeAttachment_To_v1alpha1_VolumeAttachment(in *storage.VolumeAttachment, out *v1alpha1.VolumeAttachment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_storage_VolumeAttachmentSpec_To_v1alpha1_VolumeAttachmentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_storage_VolumeAttachmentStatus_To_v1alpha1_VolumeAttachmentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_storage_VolumeAttachment_To_v1alpha1_VolumeAttachment is an autogenerated conversion function. -func Convert_storage_VolumeAttachment_To_v1alpha1_VolumeAttachment(in *storage.VolumeAttachment, out *v1alpha1.VolumeAttachment, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachment_To_v1alpha1_VolumeAttachment(in, out, s) -} - -func autoConvert_v1alpha1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in *v1alpha1.VolumeAttachmentList, out *storage.VolumeAttachmentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]storage.VolumeAttachment, len(*in)) - for i := range *in { - if err := Convert_v1alpha1_VolumeAttachment_To_storage_VolumeAttachment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1alpha1_VolumeAttachmentList_To_storage_VolumeAttachmentList is an autogenerated conversion function. -func Convert_v1alpha1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in *v1alpha1.VolumeAttachmentList, out *storage.VolumeAttachmentList, s conversion.Scope) error { - return autoConvert_v1alpha1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentList_To_v1alpha1_VolumeAttachmentList(in *storage.VolumeAttachmentList, out *v1alpha1.VolumeAttachmentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1alpha1.VolumeAttachment, len(*in)) - for i := range *in { - if err := Convert_storage_VolumeAttachment_To_v1alpha1_VolumeAttachment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_storage_VolumeAttachmentList_To_v1alpha1_VolumeAttachmentList is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentList_To_v1alpha1_VolumeAttachmentList(in *storage.VolumeAttachmentList, out *v1alpha1.VolumeAttachmentList, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentList_To_v1alpha1_VolumeAttachmentList(in, out, s) -} - -func autoConvert_v1alpha1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in *v1alpha1.VolumeAttachmentSource, out *storage.VolumeAttachmentSource, s conversion.Scope) error { - out.PersistentVolumeName = (*string)(unsafe.Pointer(in.PersistentVolumeName)) - if in.InlineVolumeSpec != nil { - in, out := &in.InlineVolumeSpec, &out.InlineVolumeSpec - *out = new(core.PersistentVolumeSpec) - if err := corev1.Convert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(*in, *out, s); err != nil { - return err - } - } else { - out.InlineVolumeSpec = nil - } - return nil -} - -// Convert_v1alpha1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource is an autogenerated conversion function. -func Convert_v1alpha1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in *v1alpha1.VolumeAttachmentSource, out *storage.VolumeAttachmentSource, s conversion.Scope) error { - return autoConvert_v1alpha1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentSource_To_v1alpha1_VolumeAttachmentSource(in *storage.VolumeAttachmentSource, out *v1alpha1.VolumeAttachmentSource, s conversion.Scope) error { - out.PersistentVolumeName = (*string)(unsafe.Pointer(in.PersistentVolumeName)) - if in.InlineVolumeSpec != nil { - in, out := &in.InlineVolumeSpec, &out.InlineVolumeSpec - *out = new(apicorev1.PersistentVolumeSpec) - if err := corev1.Convert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(*in, *out, s); err != nil { - return err - } - } else { - out.InlineVolumeSpec = nil - } - return nil -} - -// Convert_storage_VolumeAttachmentSource_To_v1alpha1_VolumeAttachmentSource is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentSource_To_v1alpha1_VolumeAttachmentSource(in *storage.VolumeAttachmentSource, out *v1alpha1.VolumeAttachmentSource, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentSource_To_v1alpha1_VolumeAttachmentSource(in, out, s) -} - -func autoConvert_v1alpha1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in *v1alpha1.VolumeAttachmentSpec, out *storage.VolumeAttachmentSpec, s conversion.Scope) error { - out.Attacher = in.Attacher - if err := Convert_v1alpha1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.NodeName = in.NodeName - return nil -} - -// Convert_v1alpha1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec is an autogenerated conversion function. -func Convert_v1alpha1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in *v1alpha1.VolumeAttachmentSpec, out *storage.VolumeAttachmentSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentSpec_To_v1alpha1_VolumeAttachmentSpec(in *storage.VolumeAttachmentSpec, out *v1alpha1.VolumeAttachmentSpec, s conversion.Scope) error { - out.Attacher = in.Attacher - if err := Convert_storage_VolumeAttachmentSource_To_v1alpha1_VolumeAttachmentSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.NodeName = in.NodeName - return nil -} - -// Convert_storage_VolumeAttachmentSpec_To_v1alpha1_VolumeAttachmentSpec is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentSpec_To_v1alpha1_VolumeAttachmentSpec(in *storage.VolumeAttachmentSpec, out *v1alpha1.VolumeAttachmentSpec, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentSpec_To_v1alpha1_VolumeAttachmentSpec(in, out, s) -} - -func autoConvert_v1alpha1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in *v1alpha1.VolumeAttachmentStatus, out *storage.VolumeAttachmentStatus, s conversion.Scope) error { - out.Attached = in.Attached - out.AttachmentMetadata = *(*map[string]string)(unsafe.Pointer(&in.AttachmentMetadata)) - out.AttachError = (*storage.VolumeError)(unsafe.Pointer(in.AttachError)) - out.DetachError = (*storage.VolumeError)(unsafe.Pointer(in.DetachError)) - return nil -} - -// Convert_v1alpha1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus is an autogenerated conversion function. -func Convert_v1alpha1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in *v1alpha1.VolumeAttachmentStatus, out *storage.VolumeAttachmentStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentStatus_To_v1alpha1_VolumeAttachmentStatus(in *storage.VolumeAttachmentStatus, out *v1alpha1.VolumeAttachmentStatus, s conversion.Scope) error { - out.Attached = in.Attached - out.AttachmentMetadata = *(*map[string]string)(unsafe.Pointer(&in.AttachmentMetadata)) - out.AttachError = (*v1alpha1.VolumeError)(unsafe.Pointer(in.AttachError)) - out.DetachError = (*v1alpha1.VolumeError)(unsafe.Pointer(in.DetachError)) - return nil -} - -// Convert_storage_VolumeAttachmentStatus_To_v1alpha1_VolumeAttachmentStatus is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentStatus_To_v1alpha1_VolumeAttachmentStatus(in *storage.VolumeAttachmentStatus, out *v1alpha1.VolumeAttachmentStatus, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentStatus_To_v1alpha1_VolumeAttachmentStatus(in, out, s) -} - -func autoConvert_v1alpha1_VolumeError_To_storage_VolumeError(in *v1alpha1.VolumeError, out *storage.VolumeError, s conversion.Scope) error { - out.Time = in.Time - out.Message = in.Message - return nil -} - -// Convert_v1alpha1_VolumeError_To_storage_VolumeError is an autogenerated conversion function. -func Convert_v1alpha1_VolumeError_To_storage_VolumeError(in *v1alpha1.VolumeError, out *storage.VolumeError, s conversion.Scope) error { - return autoConvert_v1alpha1_VolumeError_To_storage_VolumeError(in, out, s) -} - -func autoConvert_storage_VolumeError_To_v1alpha1_VolumeError(in *storage.VolumeError, out *v1alpha1.VolumeError, s conversion.Scope) error { - out.Time = in.Time - out.Message = in.Message - return nil -} - -// Convert_storage_VolumeError_To_v1alpha1_VolumeError is an autogenerated conversion function. -func Convert_storage_VolumeError_To_v1alpha1_VolumeError(in *storage.VolumeError, out *v1alpha1.VolumeError, s conversion.Scope) error { - return autoConvert_storage_VolumeError_To_v1alpha1_VolumeError(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index a3af949b3b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,65 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "k8s.io/api/storage/v1alpha1" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1alpha1.VolumeAttachment{}, func(obj interface{}) { SetObjectDefaults_VolumeAttachment(obj.(*v1alpha1.VolumeAttachment)) }) - scheme.AddTypeDefaultingFunc(&v1alpha1.VolumeAttachmentList{}, func(obj interface{}) { SetObjectDefaults_VolumeAttachmentList(obj.(*v1alpha1.VolumeAttachmentList)) }) - return nil -} - -func SetObjectDefaults_VolumeAttachment(in *v1alpha1.VolumeAttachment) { - if in.Spec.Source.InlineVolumeSpec != nil { - v1.SetDefaults_ResourceList(&in.Spec.Source.InlineVolumeSpec.Capacity) - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.HostPath) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.RBD != nil { - v1.SetDefaults_RBDPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.RBD) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ISCSI) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.AzureDisk) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ScaleIO) - } - } -} - -func SetObjectDefaults_VolumeAttachmentList(in *v1alpha1.VolumeAttachmentList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_VolumeAttachment(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/defaults.go deleted file mode 100644 index 75a39a5fd6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/defaults.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - v1 "k8s.io/api/core/v1" - storagev1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apimachinery/pkg/runtime" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/features" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_StorageClass(obj *storagev1beta1.StorageClass) { - if obj.ReclaimPolicy == nil { - obj.ReclaimPolicy = new(v1.PersistentVolumeReclaimPolicy) - *obj.ReclaimPolicy = v1.PersistentVolumeReclaimDelete - } - - if obj.VolumeBindingMode == nil { - obj.VolumeBindingMode = new(storagev1beta1.VolumeBindingMode) - *obj.VolumeBindingMode = storagev1beta1.VolumeBindingImmediate - } -} - -func SetDefaults_CSIDriver(obj *storagev1beta1.CSIDriver) { - if obj.Spec.AttachRequired == nil { - obj.Spec.AttachRequired = new(bool) - *(obj.Spec.AttachRequired) = true - } - if obj.Spec.PodInfoOnMount == nil { - obj.Spec.PodInfoOnMount = new(bool) - *(obj.Spec.PodInfoOnMount) = false - } - if obj.Spec.StorageCapacity == nil { - obj.Spec.StorageCapacity = new(bool) - *(obj.Spec.StorageCapacity) = false - } - if obj.Spec.FSGroupPolicy == nil { - obj.Spec.FSGroupPolicy = new(storagev1beta1.FSGroupPolicy) - *obj.Spec.FSGroupPolicy = storagev1beta1.ReadWriteOnceWithFSTypeFSGroupPolicy - } - if len(obj.Spec.VolumeLifecycleModes) == 0 { - obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1beta1.VolumeLifecyclePersistent) - } - if obj.Spec.RequiresRepublish == nil { - obj.Spec.RequiresRepublish = new(bool) - *(obj.Spec.RequiresRepublish) = false - } - if obj.Spec.SELinuxMount == nil && utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - obj.Spec.SELinuxMount = new(bool) - *(obj.Spec.SELinuxMount) = false - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/doc.go deleted file mode 100644 index 9cb4513435..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/storage -// +k8s:conversion-gen-external-types=k8s.io/api/storage/v1beta1 -// +groupName=storage.k8s.io -// +k8s:defaulter-gen=TypeMeta -// +k8s:defaulter-gen-input=k8s.io/api/storage/v1beta1 - -package v1beta1 // import "k8s.io/kubernetes/pkg/apis/storage/v1beta1" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/register.go deleted file mode 100644 index 961f75c003..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/register.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - storagev1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "storage.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - localSchemeBuilder = &storagev1beta1.SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 6b3580aa0d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,768 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - corev1 "k8s.io/api/core/v1" - v1beta1 "k8s.io/api/storage/v1beta1" - resource "k8s.io/apimachinery/pkg/api/resource" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - apiscorev1 "k8s.io/kubernetes/pkg/apis/core/v1" - storage "k8s.io/kubernetes/pkg/apis/storage" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1beta1.CSIDriver)(nil), (*storage.CSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSIDriver_To_storage_CSIDriver(a.(*v1beta1.CSIDriver), b.(*storage.CSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIDriver)(nil), (*v1beta1.CSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIDriver_To_v1beta1_CSIDriver(a.(*storage.CSIDriver), b.(*v1beta1.CSIDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSIDriverList)(nil), (*storage.CSIDriverList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSIDriverList_To_storage_CSIDriverList(a.(*v1beta1.CSIDriverList), b.(*storage.CSIDriverList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIDriverList)(nil), (*v1beta1.CSIDriverList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIDriverList_To_v1beta1_CSIDriverList(a.(*storage.CSIDriverList), b.(*v1beta1.CSIDriverList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSIDriverSpec)(nil), (*storage.CSIDriverSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec(a.(*v1beta1.CSIDriverSpec), b.(*storage.CSIDriverSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIDriverSpec)(nil), (*v1beta1.CSIDriverSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIDriverSpec_To_v1beta1_CSIDriverSpec(a.(*storage.CSIDriverSpec), b.(*v1beta1.CSIDriverSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSINode)(nil), (*storage.CSINode)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSINode_To_storage_CSINode(a.(*v1beta1.CSINode), b.(*storage.CSINode), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINode)(nil), (*v1beta1.CSINode)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINode_To_v1beta1_CSINode(a.(*storage.CSINode), b.(*v1beta1.CSINode), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSINodeDriver)(nil), (*storage.CSINodeDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSINodeDriver_To_storage_CSINodeDriver(a.(*v1beta1.CSINodeDriver), b.(*storage.CSINodeDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINodeDriver)(nil), (*v1beta1.CSINodeDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINodeDriver_To_v1beta1_CSINodeDriver(a.(*storage.CSINodeDriver), b.(*v1beta1.CSINodeDriver), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSINodeList)(nil), (*storage.CSINodeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSINodeList_To_storage_CSINodeList(a.(*v1beta1.CSINodeList), b.(*storage.CSINodeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINodeList)(nil), (*v1beta1.CSINodeList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINodeList_To_v1beta1_CSINodeList(a.(*storage.CSINodeList), b.(*v1beta1.CSINodeList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSINodeSpec)(nil), (*storage.CSINodeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSINodeSpec_To_storage_CSINodeSpec(a.(*v1beta1.CSINodeSpec), b.(*storage.CSINodeSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSINodeSpec)(nil), (*v1beta1.CSINodeSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSINodeSpec_To_v1beta1_CSINodeSpec(a.(*storage.CSINodeSpec), b.(*v1beta1.CSINodeSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSIStorageCapacity)(nil), (*storage.CSIStorageCapacity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSIStorageCapacity_To_storage_CSIStorageCapacity(a.(*v1beta1.CSIStorageCapacity), b.(*storage.CSIStorageCapacity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIStorageCapacity)(nil), (*v1beta1.CSIStorageCapacity)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIStorageCapacity_To_v1beta1_CSIStorageCapacity(a.(*storage.CSIStorageCapacity), b.(*v1beta1.CSIStorageCapacity), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.CSIStorageCapacityList)(nil), (*storage.CSIStorageCapacityList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(a.(*v1beta1.CSIStorageCapacityList), b.(*storage.CSIStorageCapacityList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.CSIStorageCapacityList)(nil), (*v1beta1.CSIStorageCapacityList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_CSIStorageCapacityList_To_v1beta1_CSIStorageCapacityList(a.(*storage.CSIStorageCapacityList), b.(*v1beta1.CSIStorageCapacityList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StorageClass)(nil), (*storage.StorageClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StorageClass_To_storage_StorageClass(a.(*v1beta1.StorageClass), b.(*storage.StorageClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.StorageClass)(nil), (*v1beta1.StorageClass)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_StorageClass_To_v1beta1_StorageClass(a.(*storage.StorageClass), b.(*v1beta1.StorageClass), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.StorageClassList)(nil), (*storage.StorageClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_StorageClassList_To_storage_StorageClassList(a.(*v1beta1.StorageClassList), b.(*storage.StorageClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.StorageClassList)(nil), (*v1beta1.StorageClassList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_StorageClassList_To_v1beta1_StorageClassList(a.(*storage.StorageClassList), b.(*v1beta1.StorageClassList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.TokenRequest)(nil), (*storage.TokenRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_TokenRequest_To_storage_TokenRequest(a.(*v1beta1.TokenRequest), b.(*storage.TokenRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.TokenRequest)(nil), (*v1beta1.TokenRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_TokenRequest_To_v1beta1_TokenRequest(a.(*storage.TokenRequest), b.(*v1beta1.TokenRequest), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.VolumeAttachment)(nil), (*storage.VolumeAttachment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_VolumeAttachment_To_storage_VolumeAttachment(a.(*v1beta1.VolumeAttachment), b.(*storage.VolumeAttachment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachment)(nil), (*v1beta1.VolumeAttachment)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachment_To_v1beta1_VolumeAttachment(a.(*storage.VolumeAttachment), b.(*v1beta1.VolumeAttachment), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.VolumeAttachmentList)(nil), (*storage.VolumeAttachmentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_VolumeAttachmentList_To_storage_VolumeAttachmentList(a.(*v1beta1.VolumeAttachmentList), b.(*storage.VolumeAttachmentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentList)(nil), (*v1beta1.VolumeAttachmentList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentList_To_v1beta1_VolumeAttachmentList(a.(*storage.VolumeAttachmentList), b.(*v1beta1.VolumeAttachmentList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.VolumeAttachmentSource)(nil), (*storage.VolumeAttachmentSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(a.(*v1beta1.VolumeAttachmentSource), b.(*storage.VolumeAttachmentSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentSource)(nil), (*v1beta1.VolumeAttachmentSource)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentSource_To_v1beta1_VolumeAttachmentSource(a.(*storage.VolumeAttachmentSource), b.(*v1beta1.VolumeAttachmentSource), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.VolumeAttachmentSpec)(nil), (*storage.VolumeAttachmentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(a.(*v1beta1.VolumeAttachmentSpec), b.(*storage.VolumeAttachmentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentSpec)(nil), (*v1beta1.VolumeAttachmentSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentSpec_To_v1beta1_VolumeAttachmentSpec(a.(*storage.VolumeAttachmentSpec), b.(*v1beta1.VolumeAttachmentSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.VolumeAttachmentStatus)(nil), (*storage.VolumeAttachmentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(a.(*v1beta1.VolumeAttachmentStatus), b.(*storage.VolumeAttachmentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeAttachmentStatus)(nil), (*v1beta1.VolumeAttachmentStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeAttachmentStatus_To_v1beta1_VolumeAttachmentStatus(a.(*storage.VolumeAttachmentStatus), b.(*v1beta1.VolumeAttachmentStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.VolumeError)(nil), (*storage.VolumeError)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_VolumeError_To_storage_VolumeError(a.(*v1beta1.VolumeError), b.(*storage.VolumeError), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeError)(nil), (*v1beta1.VolumeError)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeError_To_v1beta1_VolumeError(a.(*storage.VolumeError), b.(*v1beta1.VolumeError), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1beta1.VolumeNodeResources)(nil), (*storage.VolumeNodeResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_VolumeNodeResources_To_storage_VolumeNodeResources(a.(*v1beta1.VolumeNodeResources), b.(*storage.VolumeNodeResources), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*storage.VolumeNodeResources)(nil), (*v1beta1.VolumeNodeResources)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_storage_VolumeNodeResources_To_v1beta1_VolumeNodeResources(a.(*storage.VolumeNodeResources), b.(*v1beta1.VolumeNodeResources), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_CSIDriver_To_storage_CSIDriver(in *v1beta1.CSIDriver, out *storage.CSIDriver, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_CSIDriver_To_storage_CSIDriver is an autogenerated conversion function. -func Convert_v1beta1_CSIDriver_To_storage_CSIDriver(in *v1beta1.CSIDriver, out *storage.CSIDriver, s conversion.Scope) error { - return autoConvert_v1beta1_CSIDriver_To_storage_CSIDriver(in, out, s) -} - -func autoConvert_storage_CSIDriver_To_v1beta1_CSIDriver(in *storage.CSIDriver, out *v1beta1.CSIDriver, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_storage_CSIDriverSpec_To_v1beta1_CSIDriverSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_storage_CSIDriver_To_v1beta1_CSIDriver is an autogenerated conversion function. -func Convert_storage_CSIDriver_To_v1beta1_CSIDriver(in *storage.CSIDriver, out *v1beta1.CSIDriver, s conversion.Scope) error { - return autoConvert_storage_CSIDriver_To_v1beta1_CSIDriver(in, out, s) -} - -func autoConvert_v1beta1_CSIDriverList_To_storage_CSIDriverList(in *v1beta1.CSIDriverList, out *storage.CSIDriverList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]storage.CSIDriver, len(*in)) - for i := range *in { - if err := Convert_v1beta1_CSIDriver_To_storage_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_CSIDriverList_To_storage_CSIDriverList is an autogenerated conversion function. -func Convert_v1beta1_CSIDriverList_To_storage_CSIDriverList(in *v1beta1.CSIDriverList, out *storage.CSIDriverList, s conversion.Scope) error { - return autoConvert_v1beta1_CSIDriverList_To_storage_CSIDriverList(in, out, s) -} - -func autoConvert_storage_CSIDriverList_To_v1beta1_CSIDriverList(in *storage.CSIDriverList, out *v1beta1.CSIDriverList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.CSIDriver, len(*in)) - for i := range *in { - if err := Convert_storage_CSIDriver_To_v1beta1_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_storage_CSIDriverList_To_v1beta1_CSIDriverList is an autogenerated conversion function. -func Convert_storage_CSIDriverList_To_v1beta1_CSIDriverList(in *storage.CSIDriverList, out *v1beta1.CSIDriverList, s conversion.Scope) error { - return autoConvert_storage_CSIDriverList_To_v1beta1_CSIDriverList(in, out, s) -} - -func autoConvert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1beta1.CSIDriverSpec, out *storage.CSIDriverSpec, s conversion.Scope) error { - out.AttachRequired = (*bool)(unsafe.Pointer(in.AttachRequired)) - out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) - out.VolumeLifecycleModes = *(*[]storage.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) - out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) - out.FSGroupPolicy = (*storage.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) - out.TokenRequests = *(*[]storage.TokenRequest)(unsafe.Pointer(&in.TokenRequests)) - out.RequiresRepublish = (*bool)(unsafe.Pointer(in.RequiresRepublish)) - out.SELinuxMount = (*bool)(unsafe.Pointer(in.SELinuxMount)) - return nil -} - -// Convert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec is an autogenerated conversion function. -func Convert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1beta1.CSIDriverSpec, out *storage.CSIDriverSpec, s conversion.Scope) error { - return autoConvert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec(in, out, s) -} - -func autoConvert_storage_CSIDriverSpec_To_v1beta1_CSIDriverSpec(in *storage.CSIDriverSpec, out *v1beta1.CSIDriverSpec, s conversion.Scope) error { - out.AttachRequired = (*bool)(unsafe.Pointer(in.AttachRequired)) - out.FSGroupPolicy = (*v1beta1.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) - out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) - out.VolumeLifecycleModes = *(*[]v1beta1.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) - out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) - out.TokenRequests = *(*[]v1beta1.TokenRequest)(unsafe.Pointer(&in.TokenRequests)) - out.RequiresRepublish = (*bool)(unsafe.Pointer(in.RequiresRepublish)) - out.SELinuxMount = (*bool)(unsafe.Pointer(in.SELinuxMount)) - return nil -} - -// Convert_storage_CSIDriverSpec_To_v1beta1_CSIDriverSpec is an autogenerated conversion function. -func Convert_storage_CSIDriverSpec_To_v1beta1_CSIDriverSpec(in *storage.CSIDriverSpec, out *v1beta1.CSIDriverSpec, s conversion.Scope) error { - return autoConvert_storage_CSIDriverSpec_To_v1beta1_CSIDriverSpec(in, out, s) -} - -func autoConvert_v1beta1_CSINode_To_storage_CSINode(in *v1beta1.CSINode, out *storage.CSINode, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_CSINodeSpec_To_storage_CSINodeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_CSINode_To_storage_CSINode is an autogenerated conversion function. -func Convert_v1beta1_CSINode_To_storage_CSINode(in *v1beta1.CSINode, out *storage.CSINode, s conversion.Scope) error { - return autoConvert_v1beta1_CSINode_To_storage_CSINode(in, out, s) -} - -func autoConvert_storage_CSINode_To_v1beta1_CSINode(in *storage.CSINode, out *v1beta1.CSINode, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_storage_CSINodeSpec_To_v1beta1_CSINodeSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_storage_CSINode_To_v1beta1_CSINode is an autogenerated conversion function. -func Convert_storage_CSINode_To_v1beta1_CSINode(in *storage.CSINode, out *v1beta1.CSINode, s conversion.Scope) error { - return autoConvert_storage_CSINode_To_v1beta1_CSINode(in, out, s) -} - -func autoConvert_v1beta1_CSINodeDriver_To_storage_CSINodeDriver(in *v1beta1.CSINodeDriver, out *storage.CSINodeDriver, s conversion.Scope) error { - out.Name = in.Name - out.NodeID = in.NodeID - out.TopologyKeys = *(*[]string)(unsafe.Pointer(&in.TopologyKeys)) - out.Allocatable = (*storage.VolumeNodeResources)(unsafe.Pointer(in.Allocatable)) - return nil -} - -// Convert_v1beta1_CSINodeDriver_To_storage_CSINodeDriver is an autogenerated conversion function. -func Convert_v1beta1_CSINodeDriver_To_storage_CSINodeDriver(in *v1beta1.CSINodeDriver, out *storage.CSINodeDriver, s conversion.Scope) error { - return autoConvert_v1beta1_CSINodeDriver_To_storage_CSINodeDriver(in, out, s) -} - -func autoConvert_storage_CSINodeDriver_To_v1beta1_CSINodeDriver(in *storage.CSINodeDriver, out *v1beta1.CSINodeDriver, s conversion.Scope) error { - out.Name = in.Name - out.NodeID = in.NodeID - out.TopologyKeys = *(*[]string)(unsafe.Pointer(&in.TopologyKeys)) - out.Allocatable = (*v1beta1.VolumeNodeResources)(unsafe.Pointer(in.Allocatable)) - return nil -} - -// Convert_storage_CSINodeDriver_To_v1beta1_CSINodeDriver is an autogenerated conversion function. -func Convert_storage_CSINodeDriver_To_v1beta1_CSINodeDriver(in *storage.CSINodeDriver, out *v1beta1.CSINodeDriver, s conversion.Scope) error { - return autoConvert_storage_CSINodeDriver_To_v1beta1_CSINodeDriver(in, out, s) -} - -func autoConvert_v1beta1_CSINodeList_To_storage_CSINodeList(in *v1beta1.CSINodeList, out *storage.CSINodeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]storage.CSINode)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_CSINodeList_To_storage_CSINodeList is an autogenerated conversion function. -func Convert_v1beta1_CSINodeList_To_storage_CSINodeList(in *v1beta1.CSINodeList, out *storage.CSINodeList, s conversion.Scope) error { - return autoConvert_v1beta1_CSINodeList_To_storage_CSINodeList(in, out, s) -} - -func autoConvert_storage_CSINodeList_To_v1beta1_CSINodeList(in *storage.CSINodeList, out *v1beta1.CSINodeList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.CSINode)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_storage_CSINodeList_To_v1beta1_CSINodeList is an autogenerated conversion function. -func Convert_storage_CSINodeList_To_v1beta1_CSINodeList(in *storage.CSINodeList, out *v1beta1.CSINodeList, s conversion.Scope) error { - return autoConvert_storage_CSINodeList_To_v1beta1_CSINodeList(in, out, s) -} - -func autoConvert_v1beta1_CSINodeSpec_To_storage_CSINodeSpec(in *v1beta1.CSINodeSpec, out *storage.CSINodeSpec, s conversion.Scope) error { - out.Drivers = *(*[]storage.CSINodeDriver)(unsafe.Pointer(&in.Drivers)) - return nil -} - -// Convert_v1beta1_CSINodeSpec_To_storage_CSINodeSpec is an autogenerated conversion function. -func Convert_v1beta1_CSINodeSpec_To_storage_CSINodeSpec(in *v1beta1.CSINodeSpec, out *storage.CSINodeSpec, s conversion.Scope) error { - return autoConvert_v1beta1_CSINodeSpec_To_storage_CSINodeSpec(in, out, s) -} - -func autoConvert_storage_CSINodeSpec_To_v1beta1_CSINodeSpec(in *storage.CSINodeSpec, out *v1beta1.CSINodeSpec, s conversion.Scope) error { - out.Drivers = *(*[]v1beta1.CSINodeDriver)(unsafe.Pointer(&in.Drivers)) - return nil -} - -// Convert_storage_CSINodeSpec_To_v1beta1_CSINodeSpec is an autogenerated conversion function. -func Convert_storage_CSINodeSpec_To_v1beta1_CSINodeSpec(in *storage.CSINodeSpec, out *v1beta1.CSINodeSpec, s conversion.Scope) error { - return autoConvert_storage_CSINodeSpec_To_v1beta1_CSINodeSpec(in, out, s) -} - -func autoConvert_v1beta1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in *v1beta1.CSIStorageCapacity, out *storage.CSIStorageCapacity, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.NodeTopology = (*v1.LabelSelector)(unsafe.Pointer(in.NodeTopology)) - out.StorageClassName = in.StorageClassName - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - out.MaximumVolumeSize = (*resource.Quantity)(unsafe.Pointer(in.MaximumVolumeSize)) - return nil -} - -// Convert_v1beta1_CSIStorageCapacity_To_storage_CSIStorageCapacity is an autogenerated conversion function. -func Convert_v1beta1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in *v1beta1.CSIStorageCapacity, out *storage.CSIStorageCapacity, s conversion.Scope) error { - return autoConvert_v1beta1_CSIStorageCapacity_To_storage_CSIStorageCapacity(in, out, s) -} - -func autoConvert_storage_CSIStorageCapacity_To_v1beta1_CSIStorageCapacity(in *storage.CSIStorageCapacity, out *v1beta1.CSIStorageCapacity, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.NodeTopology = (*v1.LabelSelector)(unsafe.Pointer(in.NodeTopology)) - out.StorageClassName = in.StorageClassName - out.Capacity = (*resource.Quantity)(unsafe.Pointer(in.Capacity)) - out.MaximumVolumeSize = (*resource.Quantity)(unsafe.Pointer(in.MaximumVolumeSize)) - return nil -} - -// Convert_storage_CSIStorageCapacity_To_v1beta1_CSIStorageCapacity is an autogenerated conversion function. -func Convert_storage_CSIStorageCapacity_To_v1beta1_CSIStorageCapacity(in *storage.CSIStorageCapacity, out *v1beta1.CSIStorageCapacity, s conversion.Scope) error { - return autoConvert_storage_CSIStorageCapacity_To_v1beta1_CSIStorageCapacity(in, out, s) -} - -func autoConvert_v1beta1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in *v1beta1.CSIStorageCapacityList, out *storage.CSIStorageCapacityList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]storage.CSIStorageCapacity)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList is an autogenerated conversion function. -func Convert_v1beta1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in *v1beta1.CSIStorageCapacityList, out *storage.CSIStorageCapacityList, s conversion.Scope) error { - return autoConvert_v1beta1_CSIStorageCapacityList_To_storage_CSIStorageCapacityList(in, out, s) -} - -func autoConvert_storage_CSIStorageCapacityList_To_v1beta1_CSIStorageCapacityList(in *storage.CSIStorageCapacityList, out *v1beta1.CSIStorageCapacityList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.CSIStorageCapacity)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_storage_CSIStorageCapacityList_To_v1beta1_CSIStorageCapacityList is an autogenerated conversion function. -func Convert_storage_CSIStorageCapacityList_To_v1beta1_CSIStorageCapacityList(in *storage.CSIStorageCapacityList, out *v1beta1.CSIStorageCapacityList, s conversion.Scope) error { - return autoConvert_storage_CSIStorageCapacityList_To_v1beta1_CSIStorageCapacityList(in, out, s) -} - -func autoConvert_v1beta1_StorageClass_To_storage_StorageClass(in *v1beta1.StorageClass, out *storage.StorageClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Provisioner = in.Provisioner - out.Parameters = *(*map[string]string)(unsafe.Pointer(&in.Parameters)) - out.ReclaimPolicy = (*core.PersistentVolumeReclaimPolicy)(unsafe.Pointer(in.ReclaimPolicy)) - out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) - out.AllowVolumeExpansion = (*bool)(unsafe.Pointer(in.AllowVolumeExpansion)) - out.VolumeBindingMode = (*storage.VolumeBindingMode)(unsafe.Pointer(in.VolumeBindingMode)) - out.AllowedTopologies = *(*[]core.TopologySelectorTerm)(unsafe.Pointer(&in.AllowedTopologies)) - return nil -} - -// Convert_v1beta1_StorageClass_To_storage_StorageClass is an autogenerated conversion function. -func Convert_v1beta1_StorageClass_To_storage_StorageClass(in *v1beta1.StorageClass, out *storage.StorageClass, s conversion.Scope) error { - return autoConvert_v1beta1_StorageClass_To_storage_StorageClass(in, out, s) -} - -func autoConvert_storage_StorageClass_To_v1beta1_StorageClass(in *storage.StorageClass, out *v1beta1.StorageClass, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - out.Provisioner = in.Provisioner - out.Parameters = *(*map[string]string)(unsafe.Pointer(&in.Parameters)) - out.ReclaimPolicy = (*corev1.PersistentVolumeReclaimPolicy)(unsafe.Pointer(in.ReclaimPolicy)) - out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) - out.AllowVolumeExpansion = (*bool)(unsafe.Pointer(in.AllowVolumeExpansion)) - out.VolumeBindingMode = (*v1beta1.VolumeBindingMode)(unsafe.Pointer(in.VolumeBindingMode)) - out.AllowedTopologies = *(*[]corev1.TopologySelectorTerm)(unsafe.Pointer(&in.AllowedTopologies)) - return nil -} - -// Convert_storage_StorageClass_To_v1beta1_StorageClass is an autogenerated conversion function. -func Convert_storage_StorageClass_To_v1beta1_StorageClass(in *storage.StorageClass, out *v1beta1.StorageClass, s conversion.Scope) error { - return autoConvert_storage_StorageClass_To_v1beta1_StorageClass(in, out, s) -} - -func autoConvert_v1beta1_StorageClassList_To_storage_StorageClassList(in *v1beta1.StorageClassList, out *storage.StorageClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]storage.StorageClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_StorageClassList_To_storage_StorageClassList is an autogenerated conversion function. -func Convert_v1beta1_StorageClassList_To_storage_StorageClassList(in *v1beta1.StorageClassList, out *storage.StorageClassList, s conversion.Scope) error { - return autoConvert_v1beta1_StorageClassList_To_storage_StorageClassList(in, out, s) -} - -func autoConvert_storage_StorageClassList_To_v1beta1_StorageClassList(in *storage.StorageClassList, out *v1beta1.StorageClassList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.StorageClass)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_storage_StorageClassList_To_v1beta1_StorageClassList is an autogenerated conversion function. -func Convert_storage_StorageClassList_To_v1beta1_StorageClassList(in *storage.StorageClassList, out *v1beta1.StorageClassList, s conversion.Scope) error { - return autoConvert_storage_StorageClassList_To_v1beta1_StorageClassList(in, out, s) -} - -func autoConvert_v1beta1_TokenRequest_To_storage_TokenRequest(in *v1beta1.TokenRequest, out *storage.TokenRequest, s conversion.Scope) error { - out.Audience = in.Audience - out.ExpirationSeconds = (*int64)(unsafe.Pointer(in.ExpirationSeconds)) - return nil -} - -// Convert_v1beta1_TokenRequest_To_storage_TokenRequest is an autogenerated conversion function. -func Convert_v1beta1_TokenRequest_To_storage_TokenRequest(in *v1beta1.TokenRequest, out *storage.TokenRequest, s conversion.Scope) error { - return autoConvert_v1beta1_TokenRequest_To_storage_TokenRequest(in, out, s) -} - -func autoConvert_storage_TokenRequest_To_v1beta1_TokenRequest(in *storage.TokenRequest, out *v1beta1.TokenRequest, s conversion.Scope) error { - out.Audience = in.Audience - out.ExpirationSeconds = (*int64)(unsafe.Pointer(in.ExpirationSeconds)) - return nil -} - -// Convert_storage_TokenRequest_To_v1beta1_TokenRequest is an autogenerated conversion function. -func Convert_storage_TokenRequest_To_v1beta1_TokenRequest(in *storage.TokenRequest, out *v1beta1.TokenRequest, s conversion.Scope) error { - return autoConvert_storage_TokenRequest_To_v1beta1_TokenRequest(in, out, s) -} - -func autoConvert_v1beta1_VolumeAttachment_To_storage_VolumeAttachment(in *v1beta1.VolumeAttachment, out *storage.VolumeAttachment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_v1beta1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_VolumeAttachment_To_storage_VolumeAttachment is an autogenerated conversion function. -func Convert_v1beta1_VolumeAttachment_To_storage_VolumeAttachment(in *v1beta1.VolumeAttachment, out *storage.VolumeAttachment, s conversion.Scope) error { - return autoConvert_v1beta1_VolumeAttachment_To_storage_VolumeAttachment(in, out, s) -} - -func autoConvert_storage_VolumeAttachment_To_v1beta1_VolumeAttachment(in *storage.VolumeAttachment, out *v1beta1.VolumeAttachment, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_storage_VolumeAttachmentSpec_To_v1beta1_VolumeAttachmentSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - if err := Convert_storage_VolumeAttachmentStatus_To_v1beta1_VolumeAttachmentStatus(&in.Status, &out.Status, s); err != nil { - return err - } - return nil -} - -// Convert_storage_VolumeAttachment_To_v1beta1_VolumeAttachment is an autogenerated conversion function. -func Convert_storage_VolumeAttachment_To_v1beta1_VolumeAttachment(in *storage.VolumeAttachment, out *v1beta1.VolumeAttachment, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachment_To_v1beta1_VolumeAttachment(in, out, s) -} - -func autoConvert_v1beta1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in *v1beta1.VolumeAttachmentList, out *storage.VolumeAttachmentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]storage.VolumeAttachment, len(*in)) - for i := range *in { - if err := Convert_v1beta1_VolumeAttachment_To_storage_VolumeAttachment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_v1beta1_VolumeAttachmentList_To_storage_VolumeAttachmentList is an autogenerated conversion function. -func Convert_v1beta1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in *v1beta1.VolumeAttachmentList, out *storage.VolumeAttachmentList, s conversion.Scope) error { - return autoConvert_v1beta1_VolumeAttachmentList_To_storage_VolumeAttachmentList(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentList_To_v1beta1_VolumeAttachmentList(in *storage.VolumeAttachmentList, out *v1beta1.VolumeAttachmentList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]v1beta1.VolumeAttachment, len(*in)) - for i := range *in { - if err := Convert_storage_VolumeAttachment_To_v1beta1_VolumeAttachment(&(*in)[i], &(*out)[i], s); err != nil { - return err - } - } - } else { - out.Items = nil - } - return nil -} - -// Convert_storage_VolumeAttachmentList_To_v1beta1_VolumeAttachmentList is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentList_To_v1beta1_VolumeAttachmentList(in *storage.VolumeAttachmentList, out *v1beta1.VolumeAttachmentList, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentList_To_v1beta1_VolumeAttachmentList(in, out, s) -} - -func autoConvert_v1beta1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in *v1beta1.VolumeAttachmentSource, out *storage.VolumeAttachmentSource, s conversion.Scope) error { - out.PersistentVolumeName = (*string)(unsafe.Pointer(in.PersistentVolumeName)) - if in.InlineVolumeSpec != nil { - in, out := &in.InlineVolumeSpec, &out.InlineVolumeSpec - *out = new(core.PersistentVolumeSpec) - if err := apiscorev1.Convert_v1_PersistentVolumeSpec_To_core_PersistentVolumeSpec(*in, *out, s); err != nil { - return err - } - } else { - out.InlineVolumeSpec = nil - } - return nil -} - -// Convert_v1beta1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource is an autogenerated conversion function. -func Convert_v1beta1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in *v1beta1.VolumeAttachmentSource, out *storage.VolumeAttachmentSource, s conversion.Scope) error { - return autoConvert_v1beta1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentSource_To_v1beta1_VolumeAttachmentSource(in *storage.VolumeAttachmentSource, out *v1beta1.VolumeAttachmentSource, s conversion.Scope) error { - out.PersistentVolumeName = (*string)(unsafe.Pointer(in.PersistentVolumeName)) - if in.InlineVolumeSpec != nil { - in, out := &in.InlineVolumeSpec, &out.InlineVolumeSpec - *out = new(corev1.PersistentVolumeSpec) - if err := apiscorev1.Convert_core_PersistentVolumeSpec_To_v1_PersistentVolumeSpec(*in, *out, s); err != nil { - return err - } - } else { - out.InlineVolumeSpec = nil - } - return nil -} - -// Convert_storage_VolumeAttachmentSource_To_v1beta1_VolumeAttachmentSource is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentSource_To_v1beta1_VolumeAttachmentSource(in *storage.VolumeAttachmentSource, out *v1beta1.VolumeAttachmentSource, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentSource_To_v1beta1_VolumeAttachmentSource(in, out, s) -} - -func autoConvert_v1beta1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in *v1beta1.VolumeAttachmentSpec, out *storage.VolumeAttachmentSpec, s conversion.Scope) error { - out.Attacher = in.Attacher - if err := Convert_v1beta1_VolumeAttachmentSource_To_storage_VolumeAttachmentSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.NodeName = in.NodeName - return nil -} - -// Convert_v1beta1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec is an autogenerated conversion function. -func Convert_v1beta1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in *v1beta1.VolumeAttachmentSpec, out *storage.VolumeAttachmentSpec, s conversion.Scope) error { - return autoConvert_v1beta1_VolumeAttachmentSpec_To_storage_VolumeAttachmentSpec(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentSpec_To_v1beta1_VolumeAttachmentSpec(in *storage.VolumeAttachmentSpec, out *v1beta1.VolumeAttachmentSpec, s conversion.Scope) error { - out.Attacher = in.Attacher - if err := Convert_storage_VolumeAttachmentSource_To_v1beta1_VolumeAttachmentSource(&in.Source, &out.Source, s); err != nil { - return err - } - out.NodeName = in.NodeName - return nil -} - -// Convert_storage_VolumeAttachmentSpec_To_v1beta1_VolumeAttachmentSpec is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentSpec_To_v1beta1_VolumeAttachmentSpec(in *storage.VolumeAttachmentSpec, out *v1beta1.VolumeAttachmentSpec, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentSpec_To_v1beta1_VolumeAttachmentSpec(in, out, s) -} - -func autoConvert_v1beta1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in *v1beta1.VolumeAttachmentStatus, out *storage.VolumeAttachmentStatus, s conversion.Scope) error { - out.Attached = in.Attached - out.AttachmentMetadata = *(*map[string]string)(unsafe.Pointer(&in.AttachmentMetadata)) - out.AttachError = (*storage.VolumeError)(unsafe.Pointer(in.AttachError)) - out.DetachError = (*storage.VolumeError)(unsafe.Pointer(in.DetachError)) - return nil -} - -// Convert_v1beta1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus is an autogenerated conversion function. -func Convert_v1beta1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in *v1beta1.VolumeAttachmentStatus, out *storage.VolumeAttachmentStatus, s conversion.Scope) error { - return autoConvert_v1beta1_VolumeAttachmentStatus_To_storage_VolumeAttachmentStatus(in, out, s) -} - -func autoConvert_storage_VolumeAttachmentStatus_To_v1beta1_VolumeAttachmentStatus(in *storage.VolumeAttachmentStatus, out *v1beta1.VolumeAttachmentStatus, s conversion.Scope) error { - out.Attached = in.Attached - out.AttachmentMetadata = *(*map[string]string)(unsafe.Pointer(&in.AttachmentMetadata)) - out.AttachError = (*v1beta1.VolumeError)(unsafe.Pointer(in.AttachError)) - out.DetachError = (*v1beta1.VolumeError)(unsafe.Pointer(in.DetachError)) - return nil -} - -// Convert_storage_VolumeAttachmentStatus_To_v1beta1_VolumeAttachmentStatus is an autogenerated conversion function. -func Convert_storage_VolumeAttachmentStatus_To_v1beta1_VolumeAttachmentStatus(in *storage.VolumeAttachmentStatus, out *v1beta1.VolumeAttachmentStatus, s conversion.Scope) error { - return autoConvert_storage_VolumeAttachmentStatus_To_v1beta1_VolumeAttachmentStatus(in, out, s) -} - -func autoConvert_v1beta1_VolumeError_To_storage_VolumeError(in *v1beta1.VolumeError, out *storage.VolumeError, s conversion.Scope) error { - out.Time = in.Time - out.Message = in.Message - return nil -} - -// Convert_v1beta1_VolumeError_To_storage_VolumeError is an autogenerated conversion function. -func Convert_v1beta1_VolumeError_To_storage_VolumeError(in *v1beta1.VolumeError, out *storage.VolumeError, s conversion.Scope) error { - return autoConvert_v1beta1_VolumeError_To_storage_VolumeError(in, out, s) -} - -func autoConvert_storage_VolumeError_To_v1beta1_VolumeError(in *storage.VolumeError, out *v1beta1.VolumeError, s conversion.Scope) error { - out.Time = in.Time - out.Message = in.Message - return nil -} - -// Convert_storage_VolumeError_To_v1beta1_VolumeError is an autogenerated conversion function. -func Convert_storage_VolumeError_To_v1beta1_VolumeError(in *storage.VolumeError, out *v1beta1.VolumeError, s conversion.Scope) error { - return autoConvert_storage_VolumeError_To_v1beta1_VolumeError(in, out, s) -} - -func autoConvert_v1beta1_VolumeNodeResources_To_storage_VolumeNodeResources(in *v1beta1.VolumeNodeResources, out *storage.VolumeNodeResources, s conversion.Scope) error { - out.Count = (*int32)(unsafe.Pointer(in.Count)) - return nil -} - -// Convert_v1beta1_VolumeNodeResources_To_storage_VolumeNodeResources is an autogenerated conversion function. -func Convert_v1beta1_VolumeNodeResources_To_storage_VolumeNodeResources(in *v1beta1.VolumeNodeResources, out *storage.VolumeNodeResources, s conversion.Scope) error { - return autoConvert_v1beta1_VolumeNodeResources_To_storage_VolumeNodeResources(in, out, s) -} - -func autoConvert_storage_VolumeNodeResources_To_v1beta1_VolumeNodeResources(in *storage.VolumeNodeResources, out *v1beta1.VolumeNodeResources, s conversion.Scope) error { - out.Count = (*int32)(unsafe.Pointer(in.Count)) - return nil -} - -// Convert_storage_VolumeNodeResources_To_v1beta1_VolumeNodeResources is an autogenerated conversion function. -func Convert_storage_VolumeNodeResources_To_v1beta1_VolumeNodeResources(in *storage.VolumeNodeResources, out *v1beta1.VolumeNodeResources, s conversion.Scope) error { - return autoConvert_storage_VolumeNodeResources_To_v1beta1_VolumeNodeResources(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 764c0d0eee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,91 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "k8s.io/api/storage/v1beta1" - runtime "k8s.io/apimachinery/pkg/runtime" - v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&v1beta1.CSIDriver{}, func(obj interface{}) { SetObjectDefaults_CSIDriver(obj.(*v1beta1.CSIDriver)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.CSIDriverList{}, func(obj interface{}) { SetObjectDefaults_CSIDriverList(obj.(*v1beta1.CSIDriverList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.StorageClass{}, func(obj interface{}) { SetObjectDefaults_StorageClass(obj.(*v1beta1.StorageClass)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.StorageClassList{}, func(obj interface{}) { SetObjectDefaults_StorageClassList(obj.(*v1beta1.StorageClassList)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.VolumeAttachment{}, func(obj interface{}) { SetObjectDefaults_VolumeAttachment(obj.(*v1beta1.VolumeAttachment)) }) - scheme.AddTypeDefaultingFunc(&v1beta1.VolumeAttachmentList{}, func(obj interface{}) { SetObjectDefaults_VolumeAttachmentList(obj.(*v1beta1.VolumeAttachmentList)) }) - return nil -} - -func SetObjectDefaults_CSIDriver(in *v1beta1.CSIDriver) { - SetDefaults_CSIDriver(in) -} - -func SetObjectDefaults_CSIDriverList(in *v1beta1.CSIDriverList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_CSIDriver(a) - } -} - -func SetObjectDefaults_StorageClass(in *v1beta1.StorageClass) { - SetDefaults_StorageClass(in) -} - -func SetObjectDefaults_StorageClassList(in *v1beta1.StorageClassList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_StorageClass(a) - } -} - -func SetObjectDefaults_VolumeAttachment(in *v1beta1.VolumeAttachment) { - if in.Spec.Source.InlineVolumeSpec != nil { - v1.SetDefaults_ResourceList(&in.Spec.Source.InlineVolumeSpec.Capacity) - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.HostPath != nil { - v1.SetDefaults_HostPathVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.HostPath) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.RBD != nil { - v1.SetDefaults_RBDPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.RBD) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ISCSI != nil { - v1.SetDefaults_ISCSIPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ISCSI) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.AzureDisk != nil { - v1.SetDefaults_AzureDiskVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.AzureDisk) - } - if in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ScaleIO != nil { - v1.SetDefaults_ScaleIOPersistentVolumeSource(in.Spec.Source.InlineVolumeSpec.PersistentVolumeSource.ScaleIO) - } - } -} - -func SetObjectDefaults_VolumeAttachmentList(in *v1beta1.VolumeAttachmentList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_VolumeAttachment(a) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/validation/validation.go deleted file mode 100644 index 7339223228..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/validation/validation.go +++ /dev/null @@ -1,572 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - "reflect" - "strings" - "time" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" - metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/storage" -) - -const ( - maxProvisionerParameterSize = 256 * (1 << 10) // 256 kB - maxProvisionerParameterLen = 512 - - maxAttachedVolumeMetadataSize = 256 * (1 << 10) // 256 kB - maxVolumeErrorMessageSize = 1024 - - csiNodeIDMaxLength = 192 - csiNodeIDLongerMaxLength = 256 -) - -// CSINodeValidationOptions contains the validation options for validating CSINode -type CSINodeValidationOptions struct { - AllowLongNodeID bool -} - -// ValidateStorageClass validates a StorageClass. -func ValidateStorageClass(storageClass *storage.StorageClass) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&storageClass.ObjectMeta, false, apivalidation.ValidateClassName, field.NewPath("metadata")) - allErrs = append(allErrs, validateProvisioner(storageClass.Provisioner, field.NewPath("provisioner"))...) - allErrs = append(allErrs, validateParameters(storageClass.Parameters, field.NewPath("parameters"))...) - allErrs = append(allErrs, validateReclaimPolicy(storageClass.ReclaimPolicy, field.NewPath("reclaimPolicy"))...) - allErrs = append(allErrs, validateVolumeBindingMode(storageClass.VolumeBindingMode, field.NewPath("volumeBindingMode"))...) - allErrs = append(allErrs, validateAllowedTopologies(storageClass.AllowedTopologies, field.NewPath("allowedTopologies"))...) - - return allErrs -} - -// ValidateStorageClassUpdate tests if an update to StorageClass is valid. -func ValidateStorageClassUpdate(storageClass, oldStorageClass *storage.StorageClass) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&storageClass.ObjectMeta, &oldStorageClass.ObjectMeta, field.NewPath("metadata")) - if !reflect.DeepEqual(oldStorageClass.Parameters, storageClass.Parameters) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("parameters"), "updates to parameters are forbidden.")) - } - - if storageClass.Provisioner != oldStorageClass.Provisioner { - allErrs = append(allErrs, field.Forbidden(field.NewPath("provisioner"), "updates to provisioner are forbidden.")) - } - - if *storageClass.ReclaimPolicy != *oldStorageClass.ReclaimPolicy { - allErrs = append(allErrs, field.Forbidden(field.NewPath("reclaimPolicy"), "updates to reclaimPolicy are forbidden.")) - } - - allErrs = append(allErrs, apivalidation.ValidateImmutableField(storageClass.VolumeBindingMode, oldStorageClass.VolumeBindingMode, field.NewPath("volumeBindingMode"))...) - return allErrs -} - -// validateProvisioner tests if provisioner is a valid qualified name. -func validateProvisioner(provisioner string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(provisioner) == 0 { - allErrs = append(allErrs, field.Required(fldPath, provisioner)) - } - if len(provisioner) > 0 { - allErrs = append(allErrs, apivalidation.ValidateQualifiedName(strings.ToLower(provisioner), fldPath)...) - } - return allErrs -} - -// validateParameters tests that keys are qualified names and that provisionerParameter are < 256kB. -func validateParameters(params map[string]string, fldPath *field.Path) field.ErrorList { - var totalSize int64 - allErrs := field.ErrorList{} - - if len(params) > maxProvisionerParameterLen { - allErrs = append(allErrs, field.TooLong(fldPath, "Provisioner Parameters exceeded max allowed", maxProvisionerParameterLen)) - return allErrs - } - - for k, v := range params { - if len(k) < 1 { - allErrs = append(allErrs, field.Invalid(fldPath, k, "field can not be empty.")) - } - totalSize += (int64)(len(k)) + (int64)(len(v)) - } - - if totalSize > maxProvisionerParameterSize { - allErrs = append(allErrs, field.TooLong(fldPath, "", maxProvisionerParameterSize)) - } - return allErrs -} - -var supportedReclaimPolicy = sets.NewString(string(api.PersistentVolumeReclaimDelete), string(api.PersistentVolumeReclaimRetain)) - -// validateReclaimPolicy tests that the reclaim policy is one of the supported. It is up to the volume plugin to reject -// provisioning for storage classes with impossible reclaim policies, e.g. EBS is not Recyclable -func validateReclaimPolicy(reclaimPolicy *api.PersistentVolumeReclaimPolicy, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(string(*reclaimPolicy)) > 0 { - if !supportedReclaimPolicy.Has(string(*reclaimPolicy)) { - allErrs = append(allErrs, field.NotSupported(fldPath, reclaimPolicy, supportedReclaimPolicy.List())) - } - } - return allErrs -} - -// ValidateVolumeAttachment validates a VolumeAttachment. This function is common for v1 and v1beta1 objects, -func ValidateVolumeAttachment(volumeAttachment *storage.VolumeAttachment) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&volumeAttachment.ObjectMeta, false, apivalidation.ValidateClassName, field.NewPath("metadata")) - allErrs = append(allErrs, validateVolumeAttachmentSpec(&volumeAttachment.Spec, field.NewPath("spec"))...) - allErrs = append(allErrs, validateVolumeAttachmentStatus(&volumeAttachment.Status, field.NewPath("status"))...) - return allErrs -} - -// ValidateVolumeAttachmentV1 validates a v1/VolumeAttachment. It contains only extra checks missing in -// ValidateVolumeAttachment. -func ValidateVolumeAttachmentV1(volumeAttachment *storage.VolumeAttachment) field.ErrorList { - allErrs := apivalidation.ValidateCSIDriverName(volumeAttachment.Spec.Attacher, field.NewPath("spec.attacher")) - - if volumeAttachment.Spec.Source.PersistentVolumeName != nil { - pvName := *volumeAttachment.Spec.Source.PersistentVolumeName - for _, msg := range apivalidation.ValidatePersistentVolumeName(pvName, false) { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec.source.persistentVolumeName"), pvName, msg)) - } - } - return allErrs -} - -// ValidateVolumeAttachmentSpec tests that the specified VolumeAttachmentSpec -// has valid data. -func validateVolumeAttachmentSpec( - spec *storage.VolumeAttachmentSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validateAttacher(spec.Attacher, fldPath.Child("attacher"))...) - allErrs = append(allErrs, validateVolumeAttachmentSource(&spec.Source, fldPath.Child("source"))...) - allErrs = append(allErrs, validateNodeName(spec.NodeName, fldPath.Child("nodeName"))...) - return allErrs -} - -// validateAttacher tests if attacher is a valid qualified name. -func validateAttacher(attacher string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if len(attacher) == 0 { - allErrs = append(allErrs, field.Required(fldPath, attacher)) - } - return allErrs -} - -// validateSource tests if the source is valid for VolumeAttachment. -func validateVolumeAttachmentSource(source *storage.VolumeAttachmentSource, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - switch { - case source.InlineVolumeSpec == nil && source.PersistentVolumeName == nil: - allErrs = append(allErrs, field.Required(fldPath, "must specify exactly one of inlineVolumeSpec and persistentVolumeName")) - case source.InlineVolumeSpec != nil && source.PersistentVolumeName != nil: - allErrs = append(allErrs, field.Forbidden(fldPath, "must specify exactly one of inlineVolumeSpec and persistentVolumeName")) - case source.PersistentVolumeName != nil: - if len(*source.PersistentVolumeName) == 0 { - // Invalid err - allErrs = append(allErrs, field.Required(fldPath.Child("persistentVolumeName"), "must specify non empty persistentVolumeName")) - } - case source.InlineVolumeSpec != nil: - opts := apivalidation.PersistentVolumeSpecValidationOptions{} - allErrs = append(allErrs, apivalidation.ValidatePersistentVolumeSpec(source.InlineVolumeSpec, "", true, fldPath.Child("inlineVolumeSpec"), opts)...) - } - return allErrs -} - -// validateNodeName tests if the nodeName is valid for VolumeAttachment. -func validateNodeName(nodeName string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, msg := range apivalidation.ValidateNodeName(nodeName, false /* prefix */) { - allErrs = append(allErrs, field.Invalid(fldPath, nodeName, msg)) - } - return allErrs -} - -// validaVolumeAttachmentStatus tests if volumeAttachmentStatus is valid. -func validateVolumeAttachmentStatus(status *storage.VolumeAttachmentStatus, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validateAttachmentMetadata(status.AttachmentMetadata, fldPath.Child("attachmentMetadata"))...) - allErrs = append(allErrs, validateVolumeError(status.AttachError, fldPath.Child("attachError"))...) - allErrs = append(allErrs, validateVolumeError(status.DetachError, fldPath.Child("detachError"))...) - return allErrs -} - -func validateAttachmentMetadata(metadata map[string]string, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - var size int64 - for k, v := range metadata { - size += (int64)(len(k)) + (int64)(len(v)) - } - if size > maxAttachedVolumeMetadataSize { - allErrs = append(allErrs, field.TooLong(fldPath, metadata, maxAttachedVolumeMetadataSize)) - } - return allErrs -} - -func validateVolumeError(e *storage.VolumeError, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if e == nil { - return allErrs - } - if len(e.Message) > maxVolumeErrorMessageSize { - allErrs = append(allErrs, field.TooLong(fldPath.Child("message"), e.Message, maxAttachedVolumeMetadataSize)) - } - return allErrs -} - -// ValidateVolumeAttachmentUpdate validates a VolumeAttachment. -func ValidateVolumeAttachmentUpdate(new, old *storage.VolumeAttachment) field.ErrorList { - allErrs := ValidateVolumeAttachment(new) - - // Spec is read-only - // If this ever relaxes in the future, make sure to increment the Generation number in PrepareForUpdate - if !apiequality.Semantic.DeepEqual(old.Spec, new.Spec) { - allErrs = append(allErrs, field.Invalid(field.NewPath("spec"), new.Spec, "field is immutable")) - } - return allErrs -} - -var supportedVolumeBindingModes = sets.NewString(string(storage.VolumeBindingImmediate), string(storage.VolumeBindingWaitForFirstConsumer)) - -// validateVolumeBindingMode tests that VolumeBindingMode specifies valid values. -func validateVolumeBindingMode(mode *storage.VolumeBindingMode, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if mode == nil { - allErrs = append(allErrs, field.Required(fldPath, "")) - } else if !supportedVolumeBindingModes.Has(string(*mode)) { - allErrs = append(allErrs, field.NotSupported(fldPath, mode, supportedVolumeBindingModes.List())) - } - - return allErrs -} - -// validateAllowedTopology tests that AllowedTopologies specifies valid values. -func validateAllowedTopologies(topologies []api.TopologySelectorTerm, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if len(topologies) == 0 { - return allErrs - } - - rawTopologies := make([]map[string]sets.String, len(topologies)) - for i, term := range topologies { - idxPath := fldPath.Index(i) - exprMap, termErrs := apivalidation.ValidateTopologySelectorTerm(term, fldPath.Index(i)) - allErrs = append(allErrs, termErrs...) - - // TODO (verult) consider improving runtime - for _, t := range rawTopologies { - if helper.Semantic.DeepEqual(exprMap, t) { - allErrs = append(allErrs, field.Duplicate(idxPath.Child("matchLabelExpressions"), "")) - } - } - - rawTopologies = append(rawTopologies, exprMap) - } - - return allErrs -} - -// ValidateCSINode validates a CSINode. -func ValidateCSINode(csiNode *storage.CSINode, validationOpts CSINodeValidationOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&csiNode.ObjectMeta, false, apivalidation.ValidateNodeName, field.NewPath("metadata")) - allErrs = append(allErrs, validateCSINodeSpec(&csiNode.Spec, field.NewPath("spec"), validationOpts)...) - return allErrs -} - -// ValidateCSINodeUpdate validates a CSINode. -func ValidateCSINodeUpdate(new, old *storage.CSINode, validationOpts CSINodeValidationOptions) field.ErrorList { - allErrs := ValidateCSINode(new, validationOpts) - - // Validate modifying fields inside an existing CSINodeDriver entry is not allowed - for _, oldDriver := range old.Spec.Drivers { - for _, newDriver := range new.Spec.Drivers { - if oldDriver.Name == newDriver.Name { - if !apiequality.Semantic.DeepEqual(oldDriver, newDriver) { - allErrs = append(allErrs, field.Invalid(field.NewPath("CSINodeDriver"), newDriver, "field is immutable")) - } - } - } - } - - return allErrs -} - -// ValidateCSINodeSpec tests that the specified CSINodeSpec has valid data. -func validateCSINodeSpec( - spec *storage.CSINodeSpec, fldPath *field.Path, validationOpts CSINodeValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validateCSINodeDrivers(spec.Drivers, fldPath.Child("drivers"), validationOpts)...) - return allErrs -} - -// ValidateCSINodeDrivers tests that the specified CSINodeDrivers have valid data. -func validateCSINodeDrivers(drivers []storage.CSINodeDriver, fldPath *field.Path, validationOpts CSINodeValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - driverNamesInSpecs := make(sets.String) - for i, driver := range drivers { - idxPath := fldPath.Index(i) - allErrs = append(allErrs, validateCSINodeDriver(driver, driverNamesInSpecs, idxPath, validationOpts)...) - } - - return allErrs -} - -// validateCSINodeDriverNodeID tests if Name in CSINodeDriver is a valid node id. -func validateCSINodeDriverNodeID(nodeID string, fldPath *field.Path, validationOpts CSINodeValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - // nodeID is always required - if len(nodeID) == 0 { - allErrs = append(allErrs, field.Required(fldPath, nodeID)) - } - maxLength := csiNodeIDMaxLength - if validationOpts.AllowLongNodeID { - maxLength = csiNodeIDLongerMaxLength - } - if len(nodeID) > maxLength { - allErrs = append(allErrs, field.Invalid(fldPath, nodeID, fmt.Sprintf("must be %d characters or less", maxLength))) - } - return allErrs -} - -// CSINodeLongerID will check if the nodeID is longer than csiNodeIDMaxLength -func CSINodeLongerID(nodeID string) bool { - return len(nodeID) > csiNodeIDMaxLength -} - -// validateCSINodeDriverAllocatable tests if Allocatable in CSINodeDriver has valid volume limits. -func validateCSINodeDriverAllocatable(a *storage.VolumeNodeResources, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - - if a == nil || a.Count == nil { - return allErrs - } - - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(*a.Count), fldPath.Child("count"))...) - return allErrs -} - -// validateCSINodeDriver tests if CSINodeDriver has valid entries -func validateCSINodeDriver(driver storage.CSINodeDriver, driverNamesInSpecs sets.String, fldPath *field.Path, - validationOpts CSINodeValidationOptions) field.ErrorList { - allErrs := field.ErrorList{} - - allErrs = append(allErrs, apivalidation.ValidateCSIDriverName(driver.Name, fldPath.Child("name"))...) - allErrs = append(allErrs, validateCSINodeDriverNodeID(driver.NodeID, fldPath.Child("nodeID"), validationOpts)...) - allErrs = append(allErrs, validateCSINodeDriverAllocatable(driver.Allocatable, fldPath.Child("allocatable"))...) - - // check for duplicate entries for the same driver in specs - if driverNamesInSpecs.Has(driver.Name) { - allErrs = append(allErrs, field.Duplicate(fldPath.Child("name"), driver.Name)) - } - driverNamesInSpecs.Insert(driver.Name) - topoKeys := make(sets.String) - for _, key := range driver.TopologyKeys { - if len(key) == 0 { - allErrs = append(allErrs, field.Required(fldPath, key)) - } - - if topoKeys.Has(key) { - allErrs = append(allErrs, field.Duplicate(fldPath, key)) - } - topoKeys.Insert(key) - - allErrs = append(allErrs, apivalidation.ValidateQualifiedName(key, fldPath)...) - } - - return allErrs -} - -// ValidateCSIDriverName checks that a name is appropriate for a -// CSIDriver object. -var ValidateCSIDriverName = apimachineryvalidation.NameIsDNSSubdomain - -// ValidateCSIDriver validates a CSIDriver. -func ValidateCSIDriver(csiDriver *storage.CSIDriver) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&csiDriver.ObjectMeta, false, ValidateCSIDriverName, field.NewPath("metadata")) - - allErrs = append(allErrs, validateCSIDriverSpec(&csiDriver.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidateCSIDriverUpdate validates a CSIDriver. -func ValidateCSIDriverUpdate(new, old *storage.CSIDriver) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&new.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata")) - allErrs = append(allErrs, validateCSIDriverSpec(&new.Spec, field.NewPath("spec"))...) - - // immutable fields should not be mutated. - allErrs = append(allErrs, apimachineryvalidation.ValidateImmutableField(new.Spec.AttachRequired, old.Spec.AttachRequired, field.NewPath("spec", "attachedRequired"))...) - allErrs = append(allErrs, apimachineryvalidation.ValidateImmutableField(new.Spec.FSGroupPolicy, old.Spec.FSGroupPolicy, field.NewPath("spec", "fsGroupPolicy"))...) - allErrs = append(allErrs, apimachineryvalidation.ValidateImmutableField(new.Spec.PodInfoOnMount, old.Spec.PodInfoOnMount, field.NewPath("spec", "podInfoOnMount"))...) - allErrs = append(allErrs, apimachineryvalidation.ValidateImmutableField(new.Spec.VolumeLifecycleModes, old.Spec.VolumeLifecycleModes, field.NewPath("spec", "volumeLifecycleModes"))...) - - allErrs = append(allErrs, validateTokenRequests(new.Spec.TokenRequests, field.NewPath("spec", "tokenRequests"))...) - return allErrs -} - -// ValidateCSIDriverSpec tests that the specified CSIDriverSpec -// has valid data. -func validateCSIDriverSpec( - spec *storage.CSIDriverSpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, validateAttachRequired(spec.AttachRequired, fldPath.Child("attachedRequired"))...) - allErrs = append(allErrs, validatePodInfoOnMount(spec.PodInfoOnMount, fldPath.Child("podInfoOnMount"))...) - allErrs = append(allErrs, validateStorageCapacity(spec.StorageCapacity, fldPath.Child("storageCapacity"))...) - allErrs = append(allErrs, validateFSGroupPolicy(spec.FSGroupPolicy, fldPath.Child("fsGroupPolicy"))...) - allErrs = append(allErrs, validateTokenRequests(spec.TokenRequests, fldPath.Child("tokenRequests"))...) - allErrs = append(allErrs, validateVolumeLifecycleModes(spec.VolumeLifecycleModes, fldPath.Child("volumeLifecycleModes"))...) - return allErrs -} - -// validateAttachRequired tests if attachRequired is set for CSIDriver. -func validateAttachRequired(attachRequired *bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if attachRequired == nil { - allErrs = append(allErrs, field.Required(fldPath, "")) - } - - return allErrs -} - -// validatePodInfoOnMount tests if podInfoOnMount is set for CSIDriver. -func validatePodInfoOnMount(podInfoOnMount *bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if podInfoOnMount == nil { - allErrs = append(allErrs, field.Required(fldPath, "")) - } - - return allErrs -} - -// validateStorageCapacity tests if storageCapacity is set for CSIDriver. -func validateStorageCapacity(storageCapacity *bool, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if storageCapacity == nil { - allErrs = append(allErrs, field.Required(fldPath, "")) - } - - return allErrs -} - -var supportedFSGroupPolicy = sets.NewString(string(storage.ReadWriteOnceWithFSTypeFSGroupPolicy), string(storage.FileFSGroupPolicy), string(storage.NoneFSGroupPolicy)) - -// validateFSGroupPolicy tests if FSGroupPolicy contains an appropriate value. -func validateFSGroupPolicy(fsGroupPolicy *storage.FSGroupPolicy, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - if fsGroupPolicy == nil { - // This is not a required field, so if nothing is provided simply return - return allErrs - } - - if !supportedFSGroupPolicy.Has(string(*fsGroupPolicy)) { - allErrs = append(allErrs, field.NotSupported(fldPath, fsGroupPolicy, supportedFSGroupPolicy.List())) - } - - return allErrs -} - -// validateTokenRequests tests if the Audience in each TokenRequest are different. -// Besides, at most one TokenRequest can ignore Audience. -func validateTokenRequests(tokenRequests []storage.TokenRequest, fldPath *field.Path) field.ErrorList { - const min = 10 * time.Minute - allErrs := field.ErrorList{} - audiences := make(map[string]bool) - for i, tokenRequest := range tokenRequests { - path := fldPath.Index(i) - audience := tokenRequest.Audience - if _, ok := audiences[audience]; ok { - allErrs = append(allErrs, field.Duplicate(path.Child("audience"), audience)) - continue - } - audiences[audience] = true - - if tokenRequest.ExpirationSeconds == nil { - continue - } - if *tokenRequest.ExpirationSeconds < int64(min.Seconds()) { - allErrs = append(allErrs, field.Invalid(path.Child("expirationSeconds"), *tokenRequest.ExpirationSeconds, "may not specify a duration less than 10 minutes")) - } - if *tokenRequest.ExpirationSeconds > 1<<32 { - allErrs = append(allErrs, field.Invalid(path.Child("expirationSeconds"), *tokenRequest.ExpirationSeconds, "may not specify a duration larger than 2^32 seconds")) - } - } - - return allErrs -} - -// validateVolumeLifecycleModes tests if mode has one of the allowed values. -func validateVolumeLifecycleModes(modes []storage.VolumeLifecycleMode, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - for _, mode := range modes { - switch mode { - case storage.VolumeLifecyclePersistent, storage.VolumeLifecycleEphemeral: - default: - allErrs = append(allErrs, field.NotSupported(fldPath, mode, - []string{ - string(storage.VolumeLifecyclePersistent), - string(storage.VolumeLifecycleEphemeral), - })) - } - } - - return allErrs -} - -// ValidateStorageCapacityName checks that a name is appropriate for a -// CSIStorageCapacity object. -var ValidateStorageCapacityName = apimachineryvalidation.NameIsDNSSubdomain - -type CSIStorageCapacityValidateOptions struct { - AllowInvalidLabelValueInSelector bool -} - -// ValidateCSIStorageCapacity validates a CSIStorageCapacity. -func ValidateCSIStorageCapacity(capacity *storage.CSIStorageCapacity, opts CSIStorageCapacityValidateOptions) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&capacity.ObjectMeta, true, ValidateStorageCapacityName, field.NewPath("metadata")) - labelSelectorValidationOptions := metav1validation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: opts.AllowInvalidLabelValueInSelector} - allErrs = append(allErrs, metav1validation.ValidateLabelSelector(capacity.NodeTopology, labelSelectorValidationOptions, field.NewPath("nodeTopology"))...) - for _, msg := range apivalidation.ValidateClassName(capacity.StorageClassName, false) { - allErrs = append(allErrs, field.Invalid(field.NewPath("storageClassName"), capacity.StorageClassName, msg)) - } - if capacity.Capacity != nil { - allErrs = append(allErrs, apivalidation.ValidateNonnegativeQuantity(*capacity.Capacity, field.NewPath("capacity"))...) - } - return allErrs -} - -// ValidateCSIStorageCapacityUpdate tests if an update to CSIStorageCapacity is valid. -func ValidateCSIStorageCapacityUpdate(capacity, oldCapacity *storage.CSIStorageCapacity) field.ErrorList { - allErrs := apivalidation.ValidateObjectMetaUpdate(&capacity.ObjectMeta, &oldCapacity.ObjectMeta, field.NewPath("metadata")) - - // Input fields for CSI GetCapacity are immutable. - // If this ever relaxes in the future, make sure to increment the Generation number in PrepareForUpdate - if !apiequality.Semantic.DeepEqual(capacity.NodeTopology, oldCapacity.NodeTopology) { - allErrs = append(allErrs, field.Invalid(field.NewPath("nodeTopology"), capacity.NodeTopology, "field is immutable")) - } - if capacity.StorageClassName != oldCapacity.StorageClassName { - allErrs = append(allErrs, field.Invalid(field.NewPath("storageClassName"), capacity.StorageClassName, "field is immutable")) - } - - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/zz_generated.deepcopy.go deleted file mode 100644 index 661df7a349..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/apis/storage/zz_generated.deepcopy.go +++ /dev/null @@ -1,618 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package storage - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIDriver) DeepCopyInto(out *CSIDriver) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIDriver. -func (in *CSIDriver) DeepCopy() *CSIDriver { - if in == nil { - return nil - } - out := new(CSIDriver) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CSIDriver) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIDriverList) DeepCopyInto(out *CSIDriverList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]CSIDriver, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIDriverList. -func (in *CSIDriverList) DeepCopy() *CSIDriverList { - if in == nil { - return nil - } - out := new(CSIDriverList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CSIDriverList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIDriverSpec) DeepCopyInto(out *CSIDriverSpec) { - *out = *in - if in.AttachRequired != nil { - in, out := &in.AttachRequired, &out.AttachRequired - *out = new(bool) - **out = **in - } - if in.FSGroupPolicy != nil { - in, out := &in.FSGroupPolicy, &out.FSGroupPolicy - *out = new(FSGroupPolicy) - **out = **in - } - if in.PodInfoOnMount != nil { - in, out := &in.PodInfoOnMount, &out.PodInfoOnMount - *out = new(bool) - **out = **in - } - if in.VolumeLifecycleModes != nil { - in, out := &in.VolumeLifecycleModes, &out.VolumeLifecycleModes - *out = make([]VolumeLifecycleMode, len(*in)) - copy(*out, *in) - } - if in.StorageCapacity != nil { - in, out := &in.StorageCapacity, &out.StorageCapacity - *out = new(bool) - **out = **in - } - if in.TokenRequests != nil { - in, out := &in.TokenRequests, &out.TokenRequests - *out = make([]TokenRequest, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.RequiresRepublish != nil { - in, out := &in.RequiresRepublish, &out.RequiresRepublish - *out = new(bool) - **out = **in - } - if in.SELinuxMount != nil { - in, out := &in.SELinuxMount, &out.SELinuxMount - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIDriverSpec. -func (in *CSIDriverSpec) DeepCopy() *CSIDriverSpec { - if in == nil { - return nil - } - out := new(CSIDriverSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSINode) DeepCopyInto(out *CSINode) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSINode. -func (in *CSINode) DeepCopy() *CSINode { - if in == nil { - return nil - } - out := new(CSINode) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CSINode) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSINodeDriver) DeepCopyInto(out *CSINodeDriver) { - *out = *in - if in.TopologyKeys != nil { - in, out := &in.TopologyKeys, &out.TopologyKeys - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Allocatable != nil { - in, out := &in.Allocatable, &out.Allocatable - *out = new(VolumeNodeResources) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSINodeDriver. -func (in *CSINodeDriver) DeepCopy() *CSINodeDriver { - if in == nil { - return nil - } - out := new(CSINodeDriver) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSINodeList) DeepCopyInto(out *CSINodeList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]CSINode, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSINodeList. -func (in *CSINodeList) DeepCopy() *CSINodeList { - if in == nil { - return nil - } - out := new(CSINodeList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CSINodeList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSINodeSpec) DeepCopyInto(out *CSINodeSpec) { - *out = *in - if in.Drivers != nil { - in, out := &in.Drivers, &out.Drivers - *out = make([]CSINodeDriver, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSINodeSpec. -func (in *CSINodeSpec) DeepCopy() *CSINodeSpec { - if in == nil { - return nil - } - out := new(CSINodeSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIStorageCapacity) DeepCopyInto(out *CSIStorageCapacity) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.NodeTopology != nil { - in, out := &in.NodeTopology, &out.NodeTopology - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - if in.Capacity != nil { - in, out := &in.Capacity, &out.Capacity - x := (*in).DeepCopy() - *out = &x - } - if in.MaximumVolumeSize != nil { - in, out := &in.MaximumVolumeSize, &out.MaximumVolumeSize - x := (*in).DeepCopy() - *out = &x - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIStorageCapacity. -func (in *CSIStorageCapacity) DeepCopy() *CSIStorageCapacity { - if in == nil { - return nil - } - out := new(CSIStorageCapacity) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CSIStorageCapacity) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIStorageCapacityList) DeepCopyInto(out *CSIStorageCapacityList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]CSIStorageCapacity, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIStorageCapacityList. -func (in *CSIStorageCapacityList) DeepCopy() *CSIStorageCapacityList { - if in == nil { - return nil - } - out := new(CSIStorageCapacityList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CSIStorageCapacityList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageClass) DeepCopyInto(out *StorageClass) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - if in.Parameters != nil { - in, out := &in.Parameters, &out.Parameters - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.ReclaimPolicy != nil { - in, out := &in.ReclaimPolicy, &out.ReclaimPolicy - *out = new(core.PersistentVolumeReclaimPolicy) - **out = **in - } - if in.MountOptions != nil { - in, out := &in.MountOptions, &out.MountOptions - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.AllowVolumeExpansion != nil { - in, out := &in.AllowVolumeExpansion, &out.AllowVolumeExpansion - *out = new(bool) - **out = **in - } - if in.VolumeBindingMode != nil { - in, out := &in.VolumeBindingMode, &out.VolumeBindingMode - *out = new(VolumeBindingMode) - **out = **in - } - if in.AllowedTopologies != nil { - in, out := &in.AllowedTopologies, &out.AllowedTopologies - *out = make([]core.TopologySelectorTerm, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageClass. -func (in *StorageClass) DeepCopy() *StorageClass { - if in == nil { - return nil - } - out := new(StorageClass) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *StorageClass) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StorageClassList) DeepCopyInto(out *StorageClassList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]StorageClass, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageClassList. -func (in *StorageClassList) DeepCopy() *StorageClassList { - if in == nil { - return nil - } - out := new(StorageClassList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *StorageClassList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenRequest) DeepCopyInto(out *TokenRequest) { - *out = *in - if in.ExpirationSeconds != nil { - in, out := &in.ExpirationSeconds, &out.ExpirationSeconds - *out = new(int64) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest. -func (in *TokenRequest) DeepCopy() *TokenRequest { - if in == nil { - return nil - } - out := new(TokenRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeAttachment) DeepCopyInto(out *VolumeAttachment) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeAttachment. -func (in *VolumeAttachment) DeepCopy() *VolumeAttachment { - if in == nil { - return nil - } - out := new(VolumeAttachment) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *VolumeAttachment) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeAttachmentList) DeepCopyInto(out *VolumeAttachmentList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]VolumeAttachment, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeAttachmentList. -func (in *VolumeAttachmentList) DeepCopy() *VolumeAttachmentList { - if in == nil { - return nil - } - out := new(VolumeAttachmentList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *VolumeAttachmentList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeAttachmentSource) DeepCopyInto(out *VolumeAttachmentSource) { - *out = *in - if in.PersistentVolumeName != nil { - in, out := &in.PersistentVolumeName, &out.PersistentVolumeName - *out = new(string) - **out = **in - } - if in.InlineVolumeSpec != nil { - in, out := &in.InlineVolumeSpec, &out.InlineVolumeSpec - *out = new(core.PersistentVolumeSpec) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeAttachmentSource. -func (in *VolumeAttachmentSource) DeepCopy() *VolumeAttachmentSource { - if in == nil { - return nil - } - out := new(VolumeAttachmentSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeAttachmentSpec) DeepCopyInto(out *VolumeAttachmentSpec) { - *out = *in - in.Source.DeepCopyInto(&out.Source) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeAttachmentSpec. -func (in *VolumeAttachmentSpec) DeepCopy() *VolumeAttachmentSpec { - if in == nil { - return nil - } - out := new(VolumeAttachmentSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeAttachmentStatus) DeepCopyInto(out *VolumeAttachmentStatus) { - *out = *in - if in.AttachmentMetadata != nil { - in, out := &in.AttachmentMetadata, &out.AttachmentMetadata - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.AttachError != nil { - in, out := &in.AttachError, &out.AttachError - *out = new(VolumeError) - (*in).DeepCopyInto(*out) - } - if in.DetachError != nil { - in, out := &in.DetachError, &out.DetachError - *out = new(VolumeError) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeAttachmentStatus. -func (in *VolumeAttachmentStatus) DeepCopy() *VolumeAttachmentStatus { - if in == nil { - return nil - } - out := new(VolumeAttachmentStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeError) DeepCopyInto(out *VolumeError) { - *out = *in - in.Time.DeepCopyInto(&out.Time) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeError. -func (in *VolumeError) DeepCopy() *VolumeError { - if in == nil { - return nil - } - out := new(VolumeError) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeNodeResources) DeepCopyInto(out *VolumeNodeResources) { - *out = *in - if in.Count != nil { - in, out := &in.Count, &out.Count - *out = new(int32) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeNodeResources. -func (in *VolumeNodeResources) DeepCopy() *VolumeNodeResources { - if in == nil { - return nil - } - out := new(VolumeNodeResources) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/auth/authorizer/abac/abac.go b/etcd/vendor/k8s.io/kubernetes/pkg/auth/authorizer/abac/abac.go deleted file mode 100644 index b69c14419b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/auth/authorizer/abac/abac.go +++ /dev/null @@ -1,279 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package abac authorizes Kubernetes API actions using an Attribute-based access control scheme. -package abac - -import ( - "bufio" - "context" - "fmt" - "os" - "strings" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/kubernetes/pkg/apis/abac" - - // Import latest API for init/side-effects - _ "k8s.io/kubernetes/pkg/apis/abac/latest" - "k8s.io/kubernetes/pkg/apis/abac/v0" -) - -type policyLoadError struct { - path string - line int - data []byte - err error -} - -func (p policyLoadError) Error() string { - if p.line >= 0 { - return fmt.Sprintf("error reading policy file %s, line %d: %s: %v", p.path, p.line, string(p.data), p.err) - } - return fmt.Sprintf("error reading policy file %s: %v", p.path, p.err) -} - -// PolicyList is simply a slice of Policy structs. -type PolicyList []*abac.Policy - -// NewFromFile attempts to create a policy list from the given file. -// -// TODO: Have policies be created via an API call and stored in REST storage. -func NewFromFile(path string) (PolicyList, error) { - // File format is one map per line. This allows easy concatenation of files, - // comments in files, and identification of errors by line number. - file, err := os.Open(path) - if err != nil { - return nil, err - } - defer file.Close() - - scanner := bufio.NewScanner(file) - pl := make(PolicyList, 0) - - decoder := abac.Codecs.UniversalDecoder() - - i := 0 - unversionedLines := 0 - for scanner.Scan() { - i++ - p := &abac.Policy{} - b := scanner.Bytes() - - // skip comment lines and blank lines - trimmed := strings.TrimSpace(string(b)) - if len(trimmed) == 0 || strings.HasPrefix(trimmed, "#") { - continue - } - - decodedObj, _, err := decoder.Decode(b, nil, nil) - if err != nil { - if !(runtime.IsMissingVersion(err) || runtime.IsMissingKind(err) || runtime.IsNotRegisteredError(err)) { - return nil, policyLoadError{path, i, b, err} - } - unversionedLines++ - // Migrate unversioned policy object - oldPolicy := &v0.Policy{} - if err := runtime.DecodeInto(decoder, b, oldPolicy); err != nil { - return nil, policyLoadError{path, i, b, err} - } - if err := abac.Scheme.Convert(oldPolicy, p, nil); err != nil { - return nil, policyLoadError{path, i, b, err} - } - pl = append(pl, p) - continue - } - - decodedPolicy, ok := decodedObj.(*abac.Policy) - if !ok { - return nil, policyLoadError{path, i, b, fmt.Errorf("unrecognized object: %#v", decodedObj)} - } - pl = append(pl, decodedPolicy) - } - - if unversionedLines > 0 { - klog.Warningf("Policy file %s contained unversioned rules. See docs/admin/authorization.md#abac-mode for ABAC file format details.", path) - } - - if err := scanner.Err(); err != nil { - return nil, policyLoadError{path, -1, nil, err} - } - return pl, nil -} - -func matches(p abac.Policy, a authorizer.Attributes) bool { - if subjectMatches(p, a.GetUser()) { - if verbMatches(p, a) { - // Resource and non-resource requests are mutually exclusive, at most one will match a policy - if resourceMatches(p, a) { - return true - } - if nonResourceMatches(p, a) { - return true - } - } - } - return false -} - -// subjectMatches returns true if specified user and group properties in the policy match the attributes -func subjectMatches(p abac.Policy, user user.Info) bool { - matched := false - - if user == nil { - return false - } - username := user.GetName() - groups := user.GetGroups() - - // If the policy specified a user, ensure it matches - if len(p.Spec.User) > 0 { - if p.Spec.User == "*" { - matched = true - } else { - matched = p.Spec.User == username - if !matched { - return false - } - } - } - - // If the policy specified a group, ensure it matches - if len(p.Spec.Group) > 0 { - if p.Spec.Group == "*" { - matched = true - } else { - matched = false - for _, group := range groups { - if p.Spec.Group == group { - matched = true - break - } - } - if !matched { - return false - } - } - } - - return matched -} - -func verbMatches(p abac.Policy, a authorizer.Attributes) bool { - // TODO: match on verb - - // All policies allow read only requests - if a.IsReadOnly() { - return true - } - - // Allow if policy is not readonly - if !p.Spec.Readonly { - return true - } - - return false -} - -func nonResourceMatches(p abac.Policy, a authorizer.Attributes) bool { - // A non-resource policy cannot match a resource request - if !a.IsResourceRequest() { - // Allow wildcard match - if p.Spec.NonResourcePath == "*" { - return true - } - // Allow exact match - if p.Spec.NonResourcePath == a.GetPath() { - return true - } - // Allow a trailing * subpath match - if strings.HasSuffix(p.Spec.NonResourcePath, "*") && strings.HasPrefix(a.GetPath(), strings.TrimRight(p.Spec.NonResourcePath, "*")) { - return true - } - } - return false -} - -func resourceMatches(p abac.Policy, a authorizer.Attributes) bool { - // A resource policy cannot match a non-resource request - if a.IsResourceRequest() { - if p.Spec.Namespace == "*" || p.Spec.Namespace == a.GetNamespace() { - if p.Spec.Resource == "*" || p.Spec.Resource == a.GetResource() { - if p.Spec.APIGroup == "*" || p.Spec.APIGroup == a.GetAPIGroup() { - return true - } - } - } - } - return false -} - -// Authorize implements authorizer.Authorize -func (pl PolicyList) Authorize(ctx context.Context, a authorizer.Attributes) (authorizer.Decision, string, error) { - for _, p := range pl { - if matches(*p, a) { - return authorizer.DecisionAllow, "", nil - } - } - return authorizer.DecisionNoOpinion, "No policy matched.", nil - // TODO: Benchmark how much time policy matching takes with a medium size - // policy file, compared to other steps such as encoding/decoding. - // Then, add Caching only if needed. -} - -// RulesFor returns rules for the given user and namespace. -func (pl PolicyList) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { - var ( - resourceRules []authorizer.ResourceRuleInfo - nonResourceRules []authorizer.NonResourceRuleInfo - ) - - for _, p := range pl { - if subjectMatches(*p, user) { - if p.Spec.Namespace == "*" || p.Spec.Namespace == namespace { - if len(p.Spec.Resource) > 0 { - r := authorizer.DefaultResourceRuleInfo{ - Verbs: getVerbs(p.Spec.Readonly), - APIGroups: []string{p.Spec.APIGroup}, - Resources: []string{p.Spec.Resource}, - } - var resourceRule authorizer.ResourceRuleInfo = &r - resourceRules = append(resourceRules, resourceRule) - } - if len(p.Spec.NonResourcePath) > 0 { - r := authorizer.DefaultNonResourceRuleInfo{ - Verbs: getVerbs(p.Spec.Readonly), - NonResourceURLs: []string{p.Spec.NonResourcePath}, - } - var nonResourceRule authorizer.NonResourceRuleInfo = &r - nonResourceRules = append(nonResourceRules, nonResourceRule) - } - } - } - } - return resourceRules, nonResourceRules, false, nil -} - -func getVerbs(isReadOnly bool) []string { - if isReadOnly { - return []string{"get", "list", "watch"} - } - return []string{"*"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/auth/authorizer/abac/example_policy_file.jsonl b/etcd/vendor/k8s.io/kubernetes/pkg/auth/authorizer/abac/example_policy_file.jsonl deleted file mode 100644 index 14993be27b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/auth/authorizer/abac/example_policy_file.jsonl +++ /dev/null @@ -1,11 +0,0 @@ -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated", "nonResourcePath": "*", "readonly": true}} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:unauthenticated", "nonResourcePath": "*", "readonly": true}} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*" }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"scheduler", "namespace": "*", "resource": "pods", "readonly": true }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"scheduler", "namespace": "*", "resource": "bindings" }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "pods", "readonly": true }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "services", "readonly": true }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "endpoints", "readonly": true }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "events" }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"alice", "namespace": "projectCaribou", "resource": "*", "apiGroup": "*" }} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"bob", "namespace": "projectCaribou", "resource": "*", "apiGroup": "*", "readonly": true }} \ No newline at end of file diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/auth/nodeidentifier/default.go b/etcd/vendor/k8s.io/kubernetes/pkg/auth/nodeidentifier/default.go deleted file mode 100644 index 5fa994c73e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/auth/nodeidentifier/default.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package nodeidentifier - -import ( - "strings" - - "k8s.io/apiserver/pkg/authentication/user" -) - -// NewDefaultNodeIdentifier returns a default NodeIdentifier implementation, -// which returns isNode=true if the user groups contain the system:nodes group -// and the user name matches the format system:node:<nodeName>, and populates -// nodeName if isNode is true -func NewDefaultNodeIdentifier() NodeIdentifier { - return defaultNodeIdentifier{} -} - -// defaultNodeIdentifier implements NodeIdentifier -type defaultNodeIdentifier struct{} - -// nodeUserNamePrefix is the prefix for usernames in the form `system:node:<nodeName>` -const nodeUserNamePrefix = "system:node:" - -// NodeIdentity returns isNode=true if the user groups contain the system:nodes -// group and the user name matches the format system:node:<nodeName>, and -// populates nodeName if isNode is true -func (defaultNodeIdentifier) NodeIdentity(u user.Info) (string, bool) { - // Make sure we're a node, and can parse the node name - if u == nil { - return "", false - } - - userName := u.GetName() - if !strings.HasPrefix(userName, nodeUserNamePrefix) { - return "", false - } - - isNode := false - for _, g := range u.GetGroups() { - if g == user.NodesGroup { - isNode = true - break - } - } - if !isNode { - return "", false - } - - nodeName := strings.TrimPrefix(userName, nodeUserNamePrefix) - return nodeName, true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/auth/nodeidentifier/interfaces.go b/etcd/vendor/k8s.io/kubernetes/pkg/auth/nodeidentifier/interfaces.go deleted file mode 100644 index df10a88a84..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/auth/nodeidentifier/interfaces.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package nodeidentifier - -import ( - "k8s.io/apiserver/pkg/authentication/user" -) - -// NodeIdentifier determines node information from a given user -type NodeIdentifier interface { - // NodeIdentity determines node information from the given user.Info. - // nodeName is the name of the Node API object associated with the user.Info, - // and may be empty if a specific node cannot be determined. - // isNode is true if the user.Info represents an identity issued to a node. - NodeIdentity(user.Info) (nodeName string, isNode bool) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/capabilities/capabilities.go b/etcd/vendor/k8s.io/kubernetes/pkg/capabilities/capabilities.go deleted file mode 100644 index eac7560ad3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/capabilities/capabilities.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package capabilities - -import ( - "sync" -) - -// Capabilities defines the set of capabilities available within the system. -// For now these are global. Eventually they may be per-user -type Capabilities struct { - AllowPrivileged bool - - // Pod sources from which to allow privileged capabilities like host networking, sharing the host - // IPC namespace, and sharing the host PID namespace. - PrivilegedSources PrivilegedSources - - // PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach) - PerConnectionBandwidthLimitBytesPerSec int64 -} - -// PrivilegedSources defines the pod sources allowed to make privileged requests for certain types -// of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace. -type PrivilegedSources struct { - // List of pod sources for which using host network is allowed. - HostNetworkSources []string - - // List of pod sources for which using host pid namespace is allowed. - HostPIDSources []string - - // List of pod sources for which using host ipc is allowed. - HostIPCSources []string -} - -var capInstance struct { - once sync.Once - lock sync.Mutex - capabilities *Capabilities -} - -// Initialize the capability set. This can only be done once per binary, subsequent calls are ignored. -func Initialize(c Capabilities) { - // Only do this once - capInstance.once.Do(func() { - capInstance.capabilities = &c - }) -} - -// Setup the capability set. It wraps Initialize for improving usability. -func Setup(allowPrivileged bool, perConnectionBytesPerSec int64) { - Initialize(Capabilities{ - AllowPrivileged: allowPrivileged, - PerConnectionBandwidthLimitBytesPerSec: perConnectionBytesPerSec, - }) -} - -// SetForTests sets capabilities for tests. Convenience method for testing. This should only be called from tests. -func SetForTests(c Capabilities) { - capInstance.lock.Lock() - defer capInstance.lock.Unlock() - capInstance.capabilities = &c -} - -// Get returns a read-only copy of the system capabilities. -func Get() Capabilities { - capInstance.lock.Lock() - defer capInstance.lock.Unlock() - // This check prevents clobbering of capabilities that might've been set via SetForTests - if capInstance.capabilities == nil { - Initialize(Capabilities{ - AllowPrivileged: false, - PrivilegedSources: PrivilegedSources{ - HostNetworkSources: []string{}, - HostPIDSources: []string{}, - HostIPCSources: []string{}, - }, - }) - } - return *capInstance.capabilities -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/capabilities/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/capabilities/doc.go deleted file mode 100644 index e8d3aa3e52..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/capabilities/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package capabilities manages system level capabilities -package capabilities // import "k8s.io/kubernetes/pkg/capabilities" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/cluster/ports/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/cluster/ports/doc.go deleted file mode 100644 index 0810294e0d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/cluster/ports/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package ports defines ports used by various pieces of the kubernetes -// infrastructure. -package ports // import "k8s.io/kubernetes/pkg/cluster/ports" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/cluster/ports/ports.go b/etcd/vendor/k8s.io/kubernetes/pkg/cluster/ports/ports.go deleted file mode 100644 index 10ded2ad79..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/cluster/ports/ports.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ports - -// In this file, we can see all default port of cluster. -// It's also an important documentation for us. So don't remove them easily. -const ( - // ProxyStatusPort is the default port for the proxy metrics server. - // May be overridden by a flag at startup. - ProxyStatusPort = 10249 - // KubeletPort is the default port for the kubelet server on each host machine. - // May be overridden by a flag at startup. - KubeletPort = 10250 - // KubeletReadOnlyPort exposes basic read-only services from the kubelet. - // May be overridden by a flag at startup. - // This is necessary for heapster to collect monitoring stats from the kubelet - // until heapster can transition to using the SSL endpoint. - // TODO(roberthbailey): Remove this once we have a better solution for heapster. - KubeletReadOnlyPort = 10255 - // KubeletHealthzPort exposes a healthz endpoint from the kubelet. - // May be overridden by a flag at startup. - KubeletHealthzPort = 10248 - // ProxyHealthzPort is the default port for the proxy healthz server. - // May be overridden by a flag at startup. - ProxyHealthzPort = 10256 - // KubeControllerManagerPort is the default port for the controller manager status server. - // May be overridden by a flag at startup. - KubeControllerManagerPort = 10257 - // CloudControllerManagerPort is the default port for the cloud controller manager server. - // This value may be overridden by a flag at startup. - CloudControllerManagerPort = 10258 -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/OWNERS deleted file mode 100644 index e9f4e0b724..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-serviceaccounts-approvers -reviewers: - - sig-auth-serviceaccounts-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/doc.go deleted file mode 100644 index 9aa9063278..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package serviceaccount provides implementations -// to manage service accounts and service account tokens -package serviceaccount // import "k8s.io/kubernetes/pkg/controller/serviceaccount" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/serviceaccounts_controller.go b/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/serviceaccounts_controller.go deleted file mode 100644 index 4ba2741e66..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/serviceaccounts_controller.go +++ /dev/null @@ -1,219 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "context" - "fmt" - "time" - - "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - coreinformers "k8s.io/client-go/informers/core/v1" - clientset "k8s.io/client-go/kubernetes" - corelisters "k8s.io/client-go/listers/core/v1" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -// ServiceAccountsControllerOptions contains options for running a ServiceAccountsController -type ServiceAccountsControllerOptions struct { - // ServiceAccounts is the list of service accounts to ensure exist in every namespace - ServiceAccounts []v1.ServiceAccount - - // ServiceAccountResync is the interval between full resyncs of ServiceAccounts. - // If non-zero, all service accounts will be re-listed this often. - // Otherwise, re-list will be delayed as long as possible (until the watch is closed or times out). - ServiceAccountResync time.Duration - - // NamespaceResync is the interval between full resyncs of Namespaces. - // If non-zero, all namespaces will be re-listed this often. - // Otherwise, re-list will be delayed as long as possible (until the watch is closed or times out). - NamespaceResync time.Duration -} - -// DefaultServiceAccountsControllerOptions returns the default options for creating a ServiceAccountsController. -func DefaultServiceAccountsControllerOptions() ServiceAccountsControllerOptions { - return ServiceAccountsControllerOptions{ - ServiceAccounts: []v1.ServiceAccount{ - {ObjectMeta: metav1.ObjectMeta{Name: "default"}}, - }, - } -} - -// NewServiceAccountsController returns a new *ServiceAccountsController. -func NewServiceAccountsController(saInformer coreinformers.ServiceAccountInformer, nsInformer coreinformers.NamespaceInformer, cl clientset.Interface, options ServiceAccountsControllerOptions) (*ServiceAccountsController, error) { - e := &ServiceAccountsController{ - client: cl, - serviceAccountsToEnsure: options.ServiceAccounts, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "serviceaccount"), - } - - saInformer.Informer().AddEventHandlerWithResyncPeriod(cache.ResourceEventHandlerFuncs{ - DeleteFunc: e.serviceAccountDeleted, - }, options.ServiceAccountResync) - e.saLister = saInformer.Lister() - e.saListerSynced = saInformer.Informer().HasSynced - - nsInformer.Informer().AddEventHandlerWithResyncPeriod(cache.ResourceEventHandlerFuncs{ - AddFunc: e.namespaceAdded, - UpdateFunc: e.namespaceUpdated, - }, options.NamespaceResync) - e.nsLister = nsInformer.Lister() - e.nsListerSynced = nsInformer.Informer().HasSynced - - e.syncHandler = e.syncNamespace - - return e, nil -} - -// ServiceAccountsController manages ServiceAccount objects inside Namespaces -type ServiceAccountsController struct { - client clientset.Interface - serviceAccountsToEnsure []v1.ServiceAccount - - // To allow injection for testing. - syncHandler func(ctx context.Context, key string) error - - saLister corelisters.ServiceAccountLister - saListerSynced cache.InformerSynced - - nsLister corelisters.NamespaceLister - nsListerSynced cache.InformerSynced - - queue workqueue.RateLimitingInterface -} - -// Run runs the ServiceAccountsController blocks until receiving signal from stopCh. -func (c *ServiceAccountsController) Run(ctx context.Context, workers int) { - defer utilruntime.HandleCrash() - defer c.queue.ShutDown() - - klog.Infof("Starting service account controller") - defer klog.Infof("Shutting down service account controller") - - if !cache.WaitForNamedCacheSync("service account", ctx.Done(), c.saListerSynced, c.nsListerSynced) { - return - } - - for i := 0; i < workers; i++ { - go wait.UntilWithContext(ctx, c.runWorker, time.Second) - } - - <-ctx.Done() -} - -// serviceAccountDeleted reacts to a ServiceAccount deletion by recreating a default ServiceAccount in the namespace if needed -func (c *ServiceAccountsController) serviceAccountDeleted(obj interface{}) { - sa, ok := obj.(*v1.ServiceAccount) - if !ok { - tombstone, ok := obj.(cache.DeletedFinalStateUnknown) - if !ok { - utilruntime.HandleError(fmt.Errorf("Couldn't get object from tombstone %#v", obj)) - return - } - sa, ok = tombstone.Obj.(*v1.ServiceAccount) - if !ok { - utilruntime.HandleError(fmt.Errorf("Tombstone contained object that is not a ServiceAccount %#v", obj)) - return - } - } - c.queue.Add(sa.Namespace) -} - -// namespaceAdded reacts to a Namespace creation by creating a default ServiceAccount object -func (c *ServiceAccountsController) namespaceAdded(obj interface{}) { - namespace := obj.(*v1.Namespace) - c.queue.Add(namespace.Name) -} - -// namespaceUpdated reacts to a Namespace update (or re-list) by creating a default ServiceAccount in the namespace if needed -func (c *ServiceAccountsController) namespaceUpdated(oldObj interface{}, newObj interface{}) { - newNamespace := newObj.(*v1.Namespace) - c.queue.Add(newNamespace.Name) -} - -func (c *ServiceAccountsController) runWorker(ctx context.Context) { - for c.processNextWorkItem(ctx) { - } -} - -// processNextWorkItem deals with one key off the queue. It returns false when it's time to quit. -func (c *ServiceAccountsController) processNextWorkItem(ctx context.Context) bool { - key, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(key) - - err := c.syncHandler(ctx, key.(string)) - if err == nil { - c.queue.Forget(key) - return true - } - - utilruntime.HandleError(fmt.Errorf("%v failed with : %v", key, err)) - c.queue.AddRateLimited(key) - - return true -} -func (c *ServiceAccountsController) syncNamespace(ctx context.Context, key string) error { - startTime := time.Now() - defer func() { - klog.V(4).Infof("Finished syncing namespace %q (%v)", key, time.Since(startTime)) - }() - - ns, err := c.nsLister.Get(key) - if apierrors.IsNotFound(err) { - return nil - } - if err != nil { - return err - } - if ns.Status.Phase != v1.NamespaceActive { - // If namespace is not active, we shouldn't try to create anything - return nil - } - - createFailures := []error{} - for _, sa := range c.serviceAccountsToEnsure { - switch _, err := c.saLister.ServiceAccounts(ns.Name).Get(sa.Name); { - case err == nil: - continue - case apierrors.IsNotFound(err): - case err != nil: - return err - } - // this is only safe because we never read it and we always write it - // TODO eliminate this once the fake client can handle creation without NS - sa.Namespace = ns.Name - - if _, err := c.client.CoreV1().ServiceAccounts(ns.Name).Create(ctx, &sa, metav1.CreateOptions{}); err != nil && !apierrors.IsAlreadyExists(err) { - // we can safely ignore terminating namespace errors - if !apierrors.HasStatusCause(err, v1.NamespaceTerminatingCause) { - createFailures = append(createFailures, err) - } - } - } - - return utilerrors.Flatten(utilerrors.NewAggregate(createFailures)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/tokengetter.go b/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/tokengetter.go deleted file mode 100644 index f2c3c307a8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/tokengetter.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "context" - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - clientset "k8s.io/client-go/kubernetes" - v1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/kubernetes/pkg/serviceaccount" -) - -// clientGetter implements ServiceAccountTokenGetter using a clientset.Interface -type clientGetter struct { - client clientset.Interface - secretLister v1listers.SecretLister - serviceAccountLister v1listers.ServiceAccountLister - podLister v1listers.PodLister -} - -// NewGetterFromClient returns a ServiceAccountTokenGetter that -// uses the specified client to retrieve service accounts and secrets. -// The client should NOT authenticate using a service account token -// the returned getter will be used to retrieve, or recursion will result. -func NewGetterFromClient(c clientset.Interface, secretLister v1listers.SecretLister, serviceAccountLister v1listers.ServiceAccountLister, podLister v1listers.PodLister) serviceaccount.ServiceAccountTokenGetter { - return clientGetter{c, secretLister, serviceAccountLister, podLister} -} - -func (c clientGetter) GetServiceAccount(namespace, name string) (*v1.ServiceAccount, error) { - if serviceAccount, err := c.serviceAccountLister.ServiceAccounts(namespace).Get(name); err == nil { - return serviceAccount, nil - } - return c.client.CoreV1().ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{}) -} - -func (c clientGetter) GetPod(namespace, name string) (*v1.Pod, error) { - if pod, err := c.podLister.Pods(namespace).Get(name); err == nil { - return pod, nil - } - return c.client.CoreV1().Pods(namespace).Get(context.TODO(), name, metav1.GetOptions{}) -} - -func (c clientGetter) GetSecret(namespace, name string) (*v1.Secret, error) { - if secret, err := c.secretLister.Secrets(namespace).Get(name); err == nil { - return secret, nil - } - return c.client.CoreV1().Secrets(namespace).Get(context.TODO(), name, metav1.GetOptions{}) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go b/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go deleted file mode 100644 index eee7a0ad9e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go +++ /dev/null @@ -1,775 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "bytes" - "context" - "fmt" - "time" - - v1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount" - informers "k8s.io/client-go/informers/core/v1" - clientset "k8s.io/client-go/kubernetes" - listersv1 "k8s.io/client-go/listers/core/v1" - "k8s.io/client-go/tools/cache" - clientretry "k8s.io/client-go/util/retry" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/registry/core/secret" - "k8s.io/kubernetes/pkg/serviceaccount" -) - -// RemoveTokenBackoff is the recommended (empirical) retry interval for removing -// a secret reference from a service account when the secret is deleted. It is -// exported for use by custom secret controllers. -var RemoveTokenBackoff = wait.Backoff{ - Steps: 10, - Duration: 100 * time.Millisecond, - Jitter: 1.0, -} - -// TokensControllerOptions contains options for the TokensController -type TokensControllerOptions struct { - // TokenGenerator is the generator to use to create new tokens - TokenGenerator serviceaccount.TokenGenerator - // ServiceAccountResync is the time.Duration at which to fully re-list service accounts. - // If zero, re-list will be delayed as long as possible - ServiceAccountResync time.Duration - // SecretResync is the time.Duration at which to fully re-list secrets. - // If zero, re-list will be delayed as long as possible - SecretResync time.Duration - // This CA will be added in the secrets of service accounts - RootCA []byte - - // MaxRetries controls the maximum number of times a particular key is retried before giving up - // If zero, a default max is used - MaxRetries int - - // AutoGenerate decides the auto-generation of secret-based token for service accounts. - AutoGenerate bool -} - -// NewTokensController returns a new *TokensController. -func NewTokensController(serviceAccounts informers.ServiceAccountInformer, secrets informers.SecretInformer, cl clientset.Interface, options TokensControllerOptions) (*TokensController, error) { - maxRetries := options.MaxRetries - if maxRetries == 0 { - maxRetries = 10 - } - - e := &TokensController{ - client: cl, - token: options.TokenGenerator, - rootCA: options.RootCA, - - syncServiceAccountQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "serviceaccount_tokens_service"), - syncSecretQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "serviceaccount_tokens_secret"), - - maxRetries: maxRetries, - autoGenerate: options.AutoGenerate, - } - - e.serviceAccounts = serviceAccounts.Lister() - e.serviceAccountSynced = serviceAccounts.Informer().HasSynced - serviceAccounts.Informer().AddEventHandlerWithResyncPeriod( - cache.ResourceEventHandlerFuncs{ - AddFunc: e.queueServiceAccountSync, - UpdateFunc: e.queueServiceAccountUpdateSync, - DeleteFunc: e.queueServiceAccountSync, - }, - options.ServiceAccountResync, - ) - - secretCache := secrets.Informer().GetIndexer() - e.updatedSecrets = cache.NewIntegerResourceVersionMutationCache(secretCache, secretCache, 60*time.Second, true) - e.secretSynced = secrets.Informer().HasSynced - secrets.Informer().AddEventHandlerWithResyncPeriod( - cache.FilteringResourceEventHandler{ - FilterFunc: func(obj interface{}) bool { - switch t := obj.(type) { - case *v1.Secret: - return t.Type == v1.SecretTypeServiceAccountToken - default: - utilruntime.HandleError(fmt.Errorf("object passed to %T that is not expected: %T", e, obj)) - return false - } - }, - Handler: cache.ResourceEventHandlerFuncs{ - AddFunc: e.queueSecretSync, - UpdateFunc: e.queueSecretUpdateSync, - DeleteFunc: e.queueSecretSync, - }, - }, - options.SecretResync, - ) - - return e, nil -} - -// TokensController manages ServiceAccountToken secrets for ServiceAccount objects -type TokensController struct { - client clientset.Interface - token serviceaccount.TokenGenerator - - rootCA []byte - - serviceAccounts listersv1.ServiceAccountLister - // updatedSecrets is a wrapper around the shared cache which allows us to record - // and return our local mutations (since we're very likely to act on an updated - // secret before the watch reports it). - updatedSecrets cache.MutationCache - - // Since we join two objects, we'll watch both of them with controllers. - serviceAccountSynced cache.InformerSynced - secretSynced cache.InformerSynced - - // syncServiceAccountQueue handles service account events: - // * ensures a referenced token exists for service accounts which still exist - // * ensures tokens are removed for service accounts which no longer exist - // key is "<namespace>/<name>/<uid>" - syncServiceAccountQueue workqueue.RateLimitingInterface - - // syncSecretQueue handles secret events: - // * deletes tokens whose service account no longer exists - // * updates tokens with missing token or namespace data, or mismatched ca data - // * ensures service account secret references are removed for tokens which are deleted - // key is a secretQueueKey{} - syncSecretQueue workqueue.RateLimitingInterface - - maxRetries int - autoGenerate bool -} - -// Run runs controller blocks until stopCh is closed -func (e *TokensController) Run(workers int, stopCh <-chan struct{}) { - // Shut down queues - defer utilruntime.HandleCrash() - defer e.syncServiceAccountQueue.ShutDown() - defer e.syncSecretQueue.ShutDown() - - if !cache.WaitForNamedCacheSync("tokens", stopCh, e.serviceAccountSynced, e.secretSynced) { - return - } - - klog.V(5).Infof("Starting workers") - for i := 0; i < workers; i++ { - go wait.Until(e.syncServiceAccount, 0, stopCh) - go wait.Until(e.syncSecret, 0, stopCh) - } - <-stopCh - klog.V(1).Infof("Shutting down") -} - -func (e *TokensController) queueServiceAccountSync(obj interface{}) { - if serviceAccount, ok := obj.(*v1.ServiceAccount); ok { - e.syncServiceAccountQueue.Add(makeServiceAccountKey(serviceAccount)) - } -} - -func (e *TokensController) queueServiceAccountUpdateSync(oldObj interface{}, newObj interface{}) { - if serviceAccount, ok := newObj.(*v1.ServiceAccount); ok { - e.syncServiceAccountQueue.Add(makeServiceAccountKey(serviceAccount)) - } -} - -// complete optionally requeues key, then calls queue.Done(key) -func (e *TokensController) retryOrForget(queue workqueue.RateLimitingInterface, key interface{}, requeue bool) { - if !requeue { - queue.Forget(key) - return - } - - requeueCount := queue.NumRequeues(key) - if requeueCount < e.maxRetries { - queue.AddRateLimited(key) - return - } - - klog.V(4).Infof("retried %d times: %#v", requeueCount, key) - queue.Forget(key) -} - -func (e *TokensController) queueSecretSync(obj interface{}) { - if secret, ok := obj.(*v1.Secret); ok { - e.syncSecretQueue.Add(makeSecretQueueKey(secret)) - } -} - -func (e *TokensController) queueSecretUpdateSync(oldObj interface{}, newObj interface{}) { - if secret, ok := newObj.(*v1.Secret); ok { - e.syncSecretQueue.Add(makeSecretQueueKey(secret)) - } -} - -func (e *TokensController) syncServiceAccount() { - key, quit := e.syncServiceAccountQueue.Get() - if quit { - return - } - defer e.syncServiceAccountQueue.Done(key) - - retry := false - defer func() { - e.retryOrForget(e.syncServiceAccountQueue, key, retry) - }() - - saInfo, err := parseServiceAccountKey(key) - if err != nil { - klog.Error(err) - return - } - - sa, err := e.getServiceAccount(saInfo.namespace, saInfo.name, saInfo.uid, false) - switch { - case err != nil: - klog.Error(err) - retry = true - case sa == nil: - // service account no longer exists, so delete related tokens - klog.V(4).Infof("syncServiceAccount(%s/%s), service account deleted, removing tokens", saInfo.namespace, saInfo.name) - sa = &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Namespace: saInfo.namespace, Name: saInfo.name, UID: saInfo.uid}} - retry, err = e.deleteTokens(sa) - if err != nil { - klog.Errorf("error deleting serviceaccount tokens for %s/%s: %v", saInfo.namespace, saInfo.name, err) - } - case e.autoGenerate: - // ensure a token exists and is referenced by this service account - retry, err = e.ensureReferencedToken(sa) - if err != nil { - klog.Errorf("error synchronizing serviceaccount %s/%s: %v", saInfo.namespace, saInfo.name, err) - } - } -} - -func (e *TokensController) syncSecret() { - key, quit := e.syncSecretQueue.Get() - if quit { - return - } - defer e.syncSecretQueue.Done(key) - - // Track whether or not we should retry this sync - retry := false - defer func() { - e.retryOrForget(e.syncSecretQueue, key, retry) - }() - - secretInfo, err := parseSecretQueueKey(key) - if err != nil { - klog.Error(err) - return - } - - secret, err := e.getSecret(secretInfo.namespace, secretInfo.name, secretInfo.uid, false) - switch { - case err != nil: - klog.Error(err) - retry = true - case secret == nil: - // If the service account exists - if sa, saErr := e.getServiceAccount(secretInfo.namespace, secretInfo.saName, secretInfo.saUID, false); saErr == nil && sa != nil { - // secret no longer exists, so delete references to this secret from the service account - if err := clientretry.RetryOnConflict(RemoveTokenBackoff, func() error { - return e.removeSecretReference(secretInfo.namespace, secretInfo.saName, secretInfo.saUID, secretInfo.name) - }); err != nil { - klog.Error(err) - } - } - default: - // Ensure service account exists - sa, saErr := e.getServiceAccount(secretInfo.namespace, secretInfo.saName, secretInfo.saUID, true) - switch { - case saErr != nil: - klog.Error(saErr) - retry = true - case sa == nil: - // Delete token - klog.V(4).Infof("syncSecret(%s/%s), service account does not exist, deleting token", secretInfo.namespace, secretInfo.name) - if retriable, err := e.deleteToken(secretInfo.namespace, secretInfo.name, secretInfo.uid); err != nil { - klog.Errorf("error deleting serviceaccount token %s/%s for service account %s: %v", secretInfo.namespace, secretInfo.name, secretInfo.saName, err) - retry = retriable - } - default: - // Update token if needed - if retriable, err := e.generateTokenIfNeeded(sa, secret); err != nil { - klog.Errorf("error populating serviceaccount token %s/%s for service account %s: %v", secretInfo.namespace, secretInfo.name, secretInfo.saName, err) - retry = retriable - } - } - } -} - -func (e *TokensController) deleteTokens(serviceAccount *v1.ServiceAccount) ( /*retry*/ bool, error) { - tokens, err := e.listTokenSecrets(serviceAccount) - if err != nil { - // don't retry on cache lookup errors - return false, err - } - retry := false - errs := []error{} - for _, token := range tokens { - r, err := e.deleteToken(token.Namespace, token.Name, token.UID) - if err != nil { - errs = append(errs, err) - } - if r { - retry = true - } - } - return retry, utilerrors.NewAggregate(errs) -} - -func (e *TokensController) deleteToken(ns, name string, uid types.UID) ( /*retry*/ bool, error) { - var opts metav1.DeleteOptions - if len(uid) > 0 { - opts.Preconditions = &metav1.Preconditions{UID: &uid} - } - err := e.client.CoreV1().Secrets(ns).Delete(context.TODO(), name, opts) - // NotFound doesn't need a retry (it's already been deleted) - // Conflict doesn't need a retry (the UID precondition failed) - if err == nil || apierrors.IsNotFound(err) || apierrors.IsConflict(err) { - return false, nil - } - // Retry for any other error - return true, err -} - -// ensureReferencedToken makes sure at least one ServiceAccountToken secret exists, and is included in the serviceAccount's Secrets list -func (e *TokensController) ensureReferencedToken(serviceAccount *v1.ServiceAccount) ( /* retry */ bool, error) { - if hasToken, err := e.hasReferencedToken(serviceAccount); err != nil { - // Don't retry cache lookup errors - return false, err - } else if hasToken { - // A service account token already exists, and is referenced, short-circuit - return false, nil - } - - // We don't want to update the cache's copy of the service account - // so add the secret to a freshly retrieved copy of the service account - serviceAccounts := e.client.CoreV1().ServiceAccounts(serviceAccount.Namespace) - liveServiceAccount, err := serviceAccounts.Get(context.TODO(), serviceAccount.Name, metav1.GetOptions{}) - if err != nil { - // Retry if we cannot fetch the live service account (for a NotFound error, either the live lookup or our cache are stale) - return true, err - } - if liveServiceAccount.ResourceVersion != serviceAccount.ResourceVersion { - // Retry if our liveServiceAccount doesn't match our cache's resourceVersion (either the live lookup or our cache are stale) - klog.V(4).Infof("liveServiceAccount.ResourceVersion (%s) does not match cache (%s), retrying", liveServiceAccount.ResourceVersion, serviceAccount.ResourceVersion) - return true, nil - } - - // Build the secret - secret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: secret.Strategy.GenerateName(fmt.Sprintf("%s-token-", serviceAccount.Name)), - Namespace: serviceAccount.Namespace, - Annotations: map[string]string{ - v1.ServiceAccountNameKey: serviceAccount.Name, - v1.ServiceAccountUIDKey: string(serviceAccount.UID), - }, - }, - Type: v1.SecretTypeServiceAccountToken, - Data: map[string][]byte{}, - } - - // Generate the token - token, err := e.token.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *secret)) - if err != nil { - // retriable error - return true, err - } - secret.Data[v1.ServiceAccountTokenKey] = []byte(token) - secret.Data[v1.ServiceAccountNamespaceKey] = []byte(serviceAccount.Namespace) - if e.rootCA != nil && len(e.rootCA) > 0 { - secret.Data[v1.ServiceAccountRootCAKey] = e.rootCA - } - - // Save the secret - createdToken, err := e.client.CoreV1().Secrets(serviceAccount.Namespace).Create(context.TODO(), secret, metav1.CreateOptions{}) - if err != nil { - // if the namespace is being terminated, create will fail no matter what - if apierrors.HasStatusCause(err, v1.NamespaceTerminatingCause) { - return false, err - } - // retriable error - return true, err - } - // Manually add the new token to the cache store. - // This prevents the service account update (below) triggering another token creation, if the referenced token couldn't be found in the store - e.updatedSecrets.Mutation(createdToken) - - // Try to add a reference to the newly created token to the service account - addedReference := false - err = clientretry.RetryOnConflict(clientretry.DefaultRetry, func() error { - // refresh liveServiceAccount on every retry - defer func() { liveServiceAccount = nil }() - - // fetch the live service account if needed, and verify the UID matches and that we still need a token - if liveServiceAccount == nil { - liveServiceAccount, err = serviceAccounts.Get(context.TODO(), serviceAccount.Name, metav1.GetOptions{}) - if err != nil { - return err - } - - if liveServiceAccount.UID != serviceAccount.UID { - // If we don't have the same service account, stop trying to add a reference to the token made for the old service account. - return nil - } - - if hasToken, err := e.hasReferencedToken(liveServiceAccount); err != nil { - // Don't retry cache lookup errors - return nil - } else if hasToken { - // A service account token already exists, and is referenced, short-circuit - return nil - } - } - - // Try to add a reference to the token - liveServiceAccount.Secrets = append(liveServiceAccount.Secrets, v1.ObjectReference{Name: secret.Name}) - if _, err := serviceAccounts.Update(context.TODO(), liveServiceAccount, metav1.UpdateOptions{}); err != nil { - return err - } - - addedReference = true - return nil - }) - - if !addedReference { - // we weren't able to use the token, try to clean it up. - klog.V(2).Infof("deleting secret %s/%s because reference couldn't be added (%v)", secret.Namespace, secret.Name, err) - deleteOpts := metav1.DeleteOptions{Preconditions: &metav1.Preconditions{UID: &createdToken.UID}} - if err := e.client.CoreV1().Secrets(createdToken.Namespace).Delete(context.TODO(), createdToken.Name, deleteOpts); err != nil { - klog.Error(err) // if we fail, just log it - } - } - - if err != nil { - if apierrors.IsConflict(err) || apierrors.IsNotFound(err) { - // if we got a Conflict error, the service account was updated by someone else, and we'll get an update notification later - // if we got a NotFound error, the service account no longer exists, and we don't need to create a token for it - return false, nil - } - // retry in all other cases - return true, err - } - - // success! - return false, nil -} - -// hasReferencedToken returns true if the serviceAccount references a service account token secret -func (e *TokensController) hasReferencedToken(serviceAccount *v1.ServiceAccount) (bool, error) { - if len(serviceAccount.Secrets) == 0 { - return false, nil - } - allSecrets, err := e.listTokenSecrets(serviceAccount) - if err != nil { - return false, err - } - referencedSecrets := getSecretReferences(serviceAccount) - for _, secret := range allSecrets { - if referencedSecrets.Has(secret.Name) { - return true, nil - } - } - return false, nil -} - -func (e *TokensController) secretUpdateNeeded(secret *v1.Secret) (bool, bool, bool) { - caData := secret.Data[v1.ServiceAccountRootCAKey] - needsCA := len(e.rootCA) > 0 && !bytes.Equal(caData, e.rootCA) - - needsNamespace := len(secret.Data[v1.ServiceAccountNamespaceKey]) == 0 - - tokenData := secret.Data[v1.ServiceAccountTokenKey] - needsToken := len(tokenData) == 0 - - return needsCA, needsNamespace, needsToken -} - -// generateTokenIfNeeded populates the token data for the given Secret if not already set -func (e *TokensController) generateTokenIfNeeded(serviceAccount *v1.ServiceAccount, cachedSecret *v1.Secret) ( /* retry */ bool, error) { - // Check the cached secret to see if changes are needed - if needsCA, needsNamespace, needsToken := e.secretUpdateNeeded(cachedSecret); !needsCA && !needsToken && !needsNamespace { - return false, nil - } - - // We don't want to update the cache's copy of the secret - // so add the token to a freshly retrieved copy of the secret - secrets := e.client.CoreV1().Secrets(cachedSecret.Namespace) - liveSecret, err := secrets.Get(context.TODO(), cachedSecret.Name, metav1.GetOptions{}) - if err != nil { - // Retry for any error other than a NotFound - return !apierrors.IsNotFound(err), err - } - if liveSecret.ResourceVersion != cachedSecret.ResourceVersion { - // our view of the secret is not up to date - // we'll get notified of an update event later and get to try again - klog.V(2).Infof("secret %s/%s is not up to date, skipping token population", liveSecret.Namespace, liveSecret.Name) - return false, nil - } - - needsCA, needsNamespace, needsToken := e.secretUpdateNeeded(liveSecret) - if !needsCA && !needsToken && !needsNamespace { - return false, nil - } - - if liveSecret.Annotations == nil { - liveSecret.Annotations = map[string]string{} - } - if liveSecret.Data == nil { - liveSecret.Data = map[string][]byte{} - } - - // Set the CA - if needsCA { - liveSecret.Data[v1.ServiceAccountRootCAKey] = e.rootCA - } - // Set the namespace - if needsNamespace { - liveSecret.Data[v1.ServiceAccountNamespaceKey] = []byte(liveSecret.Namespace) - } - - // Generate the token - if needsToken { - token, err := e.token.GenerateToken(serviceaccount.LegacyClaims(*serviceAccount, *liveSecret)) - if err != nil { - return false, err - } - liveSecret.Data[v1.ServiceAccountTokenKey] = []byte(token) - } - - // Set annotations - liveSecret.Annotations[v1.ServiceAccountNameKey] = serviceAccount.Name - liveSecret.Annotations[v1.ServiceAccountUIDKey] = string(serviceAccount.UID) - - // Save the secret - _, err = secrets.Update(context.TODO(), liveSecret, metav1.UpdateOptions{}) - if apierrors.IsConflict(err) || apierrors.IsNotFound(err) { - // if we got a Conflict error, the secret was updated by someone else, and we'll get an update notification later - // if we got a NotFound error, the secret no longer exists, and we don't need to populate a token - return false, nil - } - if err != nil { - return true, err - } - return false, nil -} - -// removeSecretReference updates the given ServiceAccount to remove a reference to the given secretName if needed. -func (e *TokensController) removeSecretReference(saNamespace string, saName string, saUID types.UID, secretName string) error { - // We don't want to update the cache's copy of the service account - // so remove the secret from a freshly retrieved copy of the service account - serviceAccounts := e.client.CoreV1().ServiceAccounts(saNamespace) - serviceAccount, err := serviceAccounts.Get(context.TODO(), saName, metav1.GetOptions{}) - // Ignore NotFound errors when attempting to remove a reference - if apierrors.IsNotFound(err) { - return nil - } - if err != nil { - return err - } - - // Short-circuit if the UID doesn't match - if len(saUID) > 0 && saUID != serviceAccount.UID { - return nil - } - - // Short-circuit if the secret is no longer referenced - if !getSecretReferences(serviceAccount).Has(secretName) { - return nil - } - - // Remove the secret - secrets := []v1.ObjectReference{} - for _, s := range serviceAccount.Secrets { - if s.Name != secretName { - secrets = append(secrets, s) - } - } - serviceAccount.Secrets = secrets - _, err = serviceAccounts.Update(context.TODO(), serviceAccount, metav1.UpdateOptions{}) - // Ignore NotFound errors when attempting to remove a reference - if apierrors.IsNotFound(err) { - return nil - } - return err -} - -func (e *TokensController) getServiceAccount(ns string, name string, uid types.UID, fetchOnCacheMiss bool) (*v1.ServiceAccount, error) { - // Look up in cache - sa, err := e.serviceAccounts.ServiceAccounts(ns).Get(name) - if err != nil && !apierrors.IsNotFound(err) { - return nil, err - } - if sa != nil { - // Ensure UID matches if given - if len(uid) == 0 || uid == sa.UID { - return sa, nil - } - } - - if !fetchOnCacheMiss { - return nil, nil - } - - // Live lookup - sa, err = e.client.CoreV1().ServiceAccounts(ns).Get(context.TODO(), name, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - return nil, nil - } - if err != nil { - return nil, err - } - // Ensure UID matches if given - if len(uid) == 0 || uid == sa.UID { - return sa, nil - } - return nil, nil -} - -func (e *TokensController) getSecret(ns string, name string, uid types.UID, fetchOnCacheMiss bool) (*v1.Secret, error) { - // Look up in cache - obj, exists, err := e.updatedSecrets.GetByKey(makeCacheKey(ns, name)) - if err != nil { - return nil, err - } - if exists { - secret, ok := obj.(*v1.Secret) - if !ok { - return nil, fmt.Errorf("expected *v1.Secret, got %#v", secret) - } - // Ensure UID matches if given - if len(uid) == 0 || uid == secret.UID { - return secret, nil - } - } - - if !fetchOnCacheMiss { - return nil, nil - } - - // Live lookup - secret, err := e.client.CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - return nil, nil - } - if err != nil { - return nil, err - } - // Ensure UID matches if given - if len(uid) == 0 || uid == secret.UID { - return secret, nil - } - return nil, nil -} - -// listTokenSecrets returns a list of all of the ServiceAccountToken secrets that -// reference the given service account's name and uid -func (e *TokensController) listTokenSecrets(serviceAccount *v1.ServiceAccount) ([]*v1.Secret, error) { - namespaceSecrets, err := e.updatedSecrets.ByIndex("namespace", serviceAccount.Namespace) - if err != nil { - return nil, err - } - - items := []*v1.Secret{} - for _, obj := range namespaceSecrets { - secret := obj.(*v1.Secret) - - if apiserverserviceaccount.IsServiceAccountToken(secret, serviceAccount) { - items = append(items, secret) - } - } - return items, nil -} - -func getSecretReferences(serviceAccount *v1.ServiceAccount) sets.String { - references := sets.NewString() - for _, secret := range serviceAccount.Secrets { - references.Insert(secret.Name) - } - return references -} - -// serviceAccountQueueKey holds information we need to sync a service account. -// It contains enough information to look up the cached service account, -// or delete owned tokens if the service account no longer exists. -type serviceAccountQueueKey struct { - namespace string - name string - uid types.UID -} - -func makeServiceAccountKey(sa *v1.ServiceAccount) interface{} { - return serviceAccountQueueKey{ - namespace: sa.Namespace, - name: sa.Name, - uid: sa.UID, - } -} - -func parseServiceAccountKey(key interface{}) (serviceAccountQueueKey, error) { - queueKey, ok := key.(serviceAccountQueueKey) - if !ok || len(queueKey.namespace) == 0 || len(queueKey.name) == 0 || len(queueKey.uid) == 0 { - return serviceAccountQueueKey{}, fmt.Errorf("invalid serviceaccount key: %#v", key) - } - return queueKey, nil -} - -// secretQueueKey holds information we need to sync a service account token secret. -// It contains enough information to look up the cached service account, -// or delete the secret reference if the secret no longer exists. -type secretQueueKey struct { - namespace string - name string - uid types.UID - saName string - // optional, will be blank when syncing tokens missing the service account uid annotation - saUID types.UID -} - -func makeSecretQueueKey(secret *v1.Secret) interface{} { - return secretQueueKey{ - namespace: secret.Namespace, - name: secret.Name, - uid: secret.UID, - saName: secret.Annotations[v1.ServiceAccountNameKey], - saUID: types.UID(secret.Annotations[v1.ServiceAccountUIDKey]), - } -} - -func parseSecretQueueKey(key interface{}) (secretQueueKey, error) { - queueKey, ok := key.(secretQueueKey) - if !ok || len(queueKey.namespace) == 0 || len(queueKey.name) == 0 || len(queueKey.uid) == 0 || len(queueKey.saName) == 0 { - return secretQueueKey{}, fmt.Errorf("invalid secret key: %#v", key) - } - return queueKey, nil -} - -// produce the same key format as cache.MetaNamespaceKeyFunc -func makeCacheKey(namespace, name string) string { - return namespace + "/" + name -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/OWNERS deleted file mode 100644 index 80fc5e816c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/OWNERS +++ /dev/null @@ -1,34 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - deads2k - - derekwaynecarr - - lavalamp - - mikedanese - - sttts - - wojtek-t -reviewers: - - thockin - - lavalamp - - smarterclayton - - wojtek-t - - deads2k - - yujuhong - - derekwaynecarr - - caesarxuchao - - mikedanese - - liggitt - - sttts - - dchen1107 - - saad-ali - - luxas - - janetkuo - - justinsb - - ncdc - - mwielgus - - soltysh - - enj -labels: - - sig/api-machinery -emeritus_approvers: - - nikhiljindal diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/client_util.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/client_util.go deleted file mode 100644 index 20bf644b3c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/client_util.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controlplane - -import ( - "context" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" -) - -func createNamespaceIfNeeded(c corev1client.NamespacesGetter, ns string) error { - if _, err := c.Namespaces().Get(context.TODO(), ns, metav1.GetOptions{}); err == nil { - // the namespace already exists - return nil - } - newNs := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: ns, - Namespace: "", - }, - } - _, err := c.Namespaces().Create(context.TODO(), newNs, metav1.CreateOptions{}) - if err != nil && errors.IsAlreadyExists(err) { - err = nil - } - return err -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller.go deleted file mode 100644 index 6e0756883d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller.go +++ /dev/null @@ -1,376 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controlplane - -import ( - "context" - "fmt" - "net" - "net/http" - "sync" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - genericapiserver "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/storage" - "k8s.io/client-go/kubernetes" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/controlplane/reconcilers" - "k8s.io/kubernetes/pkg/registry/core/rangeallocation" - corerest "k8s.io/kubernetes/pkg/registry/core/rest" - servicecontroller "k8s.io/kubernetes/pkg/registry/core/service/ipallocator/controller" - portallocatorcontroller "k8s.io/kubernetes/pkg/registry/core/service/portallocator/controller" - "k8s.io/kubernetes/pkg/util/async" - netutils "k8s.io/utils/net" -) - -const ( - kubernetesServiceName = "kubernetes" -) - -// Controller is the controller manager for the core bootstrap Kubernetes -// controller loops, which manage creating the "kubernetes" service, the -// "default", "kube-system" and "kube-public" namespaces, and provide the IP -// repair check on service IPs -type Controller struct { - client kubernetes.Interface - - ServiceClusterIPRegistry rangeallocation.RangeRegistry - ServiceClusterIPRange net.IPNet - SecondaryServiceClusterIPRegistry rangeallocation.RangeRegistry - SecondaryServiceClusterIPRange net.IPNet - - ServiceClusterIPInterval time.Duration - - ServiceNodePortRegistry rangeallocation.RangeRegistry - ServiceNodePortInterval time.Duration - ServiceNodePortRange utilnet.PortRange - - EndpointReconciler reconcilers.EndpointReconciler - EndpointInterval time.Duration - - SystemNamespaces []string - SystemNamespacesInterval time.Duration - - PublicIP net.IP - - // ServiceIP indicates where the kubernetes service will live. It may not be nil. - ServiceIP net.IP - ServicePort int - PublicServicePort int - KubernetesServiceNodePort int - - runner *async.Runner -} - -// NewBootstrapController returns a controller for watching the core capabilities of the master -func (c *completedConfig) NewBootstrapController(legacyRESTStorage corerest.LegacyRESTStorage, client kubernetes.Interface) (*Controller, error) { - _, publicServicePort, err := c.GenericConfig.SecureServing.HostPort() - if err != nil { - return nil, fmt.Errorf("failed to get listener address: %w", err) - } - - // The "kubernetes.default" Service is SingleStack based on the configured ServiceIPRange. - // If the bootstrap controller reconcile the kubernetes.default Service and Endpoints, it must - // guarantee that the Service ClusterIP and the associated Endpoints have the same IP family, or - // it will not work for clients because of the IP family mismatch. - // TODO: revisit for dual-stack https://github.com/kubernetes/enhancements/issues/2438 - if c.ExtraConfig.EndpointReconcilerType != reconcilers.NoneEndpointReconcilerType { - if netutils.IsIPv4CIDR(&c.ExtraConfig.ServiceIPRange) != netutils.IsIPv4(c.GenericConfig.PublicAddress) { - return nil, fmt.Errorf("service IP family %q must match public address family %q", c.ExtraConfig.ServiceIPRange.String(), c.GenericConfig.PublicAddress.String()) - } - } - - systemNamespaces := []string{metav1.NamespaceSystem, metav1.NamespacePublic, corev1.NamespaceNodeLease} - - return &Controller{ - client: client, - - EndpointReconciler: c.ExtraConfig.EndpointReconcilerConfig.Reconciler, - EndpointInterval: c.ExtraConfig.EndpointReconcilerConfig.Interval, - - SystemNamespaces: systemNamespaces, - SystemNamespacesInterval: 1 * time.Minute, - - ServiceClusterIPRegistry: legacyRESTStorage.ServiceClusterIPAllocator, - ServiceClusterIPRange: c.ExtraConfig.ServiceIPRange, - SecondaryServiceClusterIPRegistry: legacyRESTStorage.SecondaryServiceClusterIPAllocator, - SecondaryServiceClusterIPRange: c.ExtraConfig.SecondaryServiceIPRange, - - ServiceClusterIPInterval: c.ExtraConfig.RepairServicesInterval, - - ServiceNodePortRegistry: legacyRESTStorage.ServiceNodePortAllocator, - ServiceNodePortRange: c.ExtraConfig.ServiceNodePortRange, - ServiceNodePortInterval: c.ExtraConfig.RepairServicesInterval, - - PublicIP: c.GenericConfig.PublicAddress, - - ServiceIP: c.ExtraConfig.APIServerServiceIP, - ServicePort: c.ExtraConfig.APIServerServicePort, - PublicServicePort: publicServicePort, - KubernetesServiceNodePort: c.ExtraConfig.KubernetesServiceNodePort, - }, nil -} - -// PostStartHook initiates the core controller loops that must exist for bootstrapping. -func (c *Controller) PostStartHook(hookContext genericapiserver.PostStartHookContext) error { - c.Start() - return nil -} - -// PreShutdownHook triggers the actions needed to shut down the API Server cleanly. -func (c *Controller) PreShutdownHook() error { - c.Stop() - return nil -} - -// Start begins the core controller loops that must exist for bootstrapping -// a cluster. -func (c *Controller) Start() { - if c.runner != nil { - return - } - - // Reconcile during first run removing itself until server is ready. - endpointPorts := createEndpointPortSpec(c.PublicServicePort, "https") - if err := c.EndpointReconciler.RemoveEndpoints(kubernetesServiceName, c.PublicIP, endpointPorts); err == nil { - klog.Error("Found stale data, removed previous endpoints on kubernetes service, apiserver didn't exit successfully previously") - } else if !storage.IsNotFound(err) { - klog.Errorf("Error removing old endpoints from kubernetes service: %v", err) - } - - repairClusterIPs := servicecontroller.NewRepair(c.ServiceClusterIPInterval, c.client.CoreV1(), c.client.EventsV1(), &c.ServiceClusterIPRange, c.ServiceClusterIPRegistry, &c.SecondaryServiceClusterIPRange, c.SecondaryServiceClusterIPRegistry) - repairNodePorts := portallocatorcontroller.NewRepair(c.ServiceNodePortInterval, c.client.CoreV1(), c.client.EventsV1(), c.ServiceNodePortRange, c.ServiceNodePortRegistry) - - // We start both repairClusterIPs and repairNodePorts to ensure repair - // loops of ClusterIPs and NodePorts. - // We run both repair loops using RunUntil public interface. - // However, we want to fail liveness/readiness until the first - // successful repair loop, so we basically pass appropriate - // callbacks to RunUtil methods. - // Additionally, we ensure that we don't wait for it for longer - // than 1 minute for backward compatibility of failing the whole - // apiserver if we can't repair them. - wg := sync.WaitGroup{} - wg.Add(2) - - runRepairClusterIPs := func(stopCh chan struct{}) { - repairClusterIPs.RunUntil(wg.Done, stopCh) - } - runRepairNodePorts := func(stopCh chan struct{}) { - repairNodePorts.RunUntil(wg.Done, stopCh) - } - - c.runner = async.NewRunner(c.RunKubernetesNamespaces, c.RunKubernetesService, runRepairClusterIPs, runRepairNodePorts) - c.runner.Start() - - // For backward compatibility, we ensure that if we never are able - // to repair clusterIPs and/or nodeports, we not only fail the liveness - // and/or readiness, but also explicitly fail. - done := make(chan struct{}) - go func() { - defer close(done) - wg.Wait() - }() - select { - case <-done: - case <-time.After(time.Minute): - klog.Fatalf("Unable to perform initial IP and Port allocation check") - } -} - -// Stop cleans up this API Servers endpoint reconciliation leases so another master can take over more quickly. -func (c *Controller) Stop() { - if c.runner != nil { - c.runner.Stop() - } - endpointPorts := createEndpointPortSpec(c.PublicServicePort, "https") - finishedReconciling := make(chan struct{}) - go func() { - defer close(finishedReconciling) - klog.Infof("Shutting down kubernetes service endpoint reconciler") - c.EndpointReconciler.StopReconciling() - if err := c.EndpointReconciler.RemoveEndpoints(kubernetesServiceName, c.PublicIP, endpointPorts); err != nil { - klog.Errorf("Unable to remove endpoints from kubernetes service: %v", err) - } - c.EndpointReconciler.Destroy() - }() - - select { - case <-finishedReconciling: - // done - case <-time.After(2 * c.EndpointInterval): - // don't block server shutdown forever if we can't reach etcd to remove ourselves - klog.Warning("RemoveEndpoints() timed out") - } -} - -// RunKubernetesNamespaces periodically makes sure that all internal namespaces exist -func (c *Controller) RunKubernetesNamespaces(ch chan struct{}) { - wait.Until(func() { - // Loop the system namespace list, and create them if they do not exist - for _, ns := range c.SystemNamespaces { - if err := createNamespaceIfNeeded(c.client.CoreV1(), ns); err != nil { - runtime.HandleError(fmt.Errorf("unable to create required kubernetes system namespace %s: %v", ns, err)) - } - } - }, c.SystemNamespacesInterval, ch) -} - -// RunKubernetesService periodically updates the kubernetes service -func (c *Controller) RunKubernetesService(ch chan struct{}) { - // wait until process is ready - wait.PollImmediateUntil(100*time.Millisecond, func() (bool, error) { - var code int - c.client.CoreV1().RESTClient().Get().AbsPath("/readyz").Do(context.TODO()).StatusCode(&code) - return code == http.StatusOK, nil - }, ch) - - wait.NonSlidingUntil(func() { - // Service definition is not reconciled after first - // run, ports and type will be corrected only during - // start. - if err := c.UpdateKubernetesService(false); err != nil { - runtime.HandleError(fmt.Errorf("unable to sync kubernetes service: %v", err)) - } - }, c.EndpointInterval, ch) -} - -// UpdateKubernetesService attempts to update the default Kube service. -func (c *Controller) UpdateKubernetesService(reconcile bool) error { - // Update service & endpoint records. - // TODO: when it becomes possible to change this stuff, - // stop polling and start watching. - // TODO: add endpoints of all replicas, not just the elected master. - if err := createNamespaceIfNeeded(c.client.CoreV1(), metav1.NamespaceDefault); err != nil { - return err - } - - servicePorts, serviceType := createPortAndServiceSpec(c.ServicePort, c.PublicServicePort, c.KubernetesServiceNodePort, "https") - if err := c.CreateOrUpdateMasterServiceIfNeeded(kubernetesServiceName, c.ServiceIP, servicePorts, serviceType, reconcile); err != nil { - return err - } - endpointPorts := createEndpointPortSpec(c.PublicServicePort, "https") - if err := c.EndpointReconciler.ReconcileEndpoints(kubernetesServiceName, c.PublicIP, endpointPorts, reconcile); err != nil { - return err - } - return nil -} - -// createPortAndServiceSpec creates an array of service ports. -// If the NodePort value is 0, just the servicePort is used, otherwise, a node port is exposed. -func createPortAndServiceSpec(servicePort int, targetServicePort int, nodePort int, servicePortName string) ([]corev1.ServicePort, corev1.ServiceType) { - // Use the Cluster IP type for the service port if NodePort isn't provided. - // Otherwise, we will be binding the master service to a NodePort. - servicePorts := []corev1.ServicePort{{ - Protocol: corev1.ProtocolTCP, - Port: int32(servicePort), - Name: servicePortName, - TargetPort: intstr.FromInt(targetServicePort), - }} - serviceType := corev1.ServiceTypeClusterIP - if nodePort > 0 { - servicePorts[0].NodePort = int32(nodePort) - serviceType = corev1.ServiceTypeNodePort - } - return servicePorts, serviceType -} - -// createEndpointPortSpec creates the endpoint ports -func createEndpointPortSpec(endpointPort int, endpointPortName string) []corev1.EndpointPort { - return []corev1.EndpointPort{{ - Protocol: corev1.ProtocolTCP, - Port: int32(endpointPort), - Name: endpointPortName, - }} -} - -// CreateOrUpdateMasterServiceIfNeeded will create the specified service if it -// doesn't already exist. -func (c *Controller) CreateOrUpdateMasterServiceIfNeeded(serviceName string, serviceIP net.IP, servicePorts []corev1.ServicePort, serviceType corev1.ServiceType, reconcile bool) error { - if s, err := c.client.CoreV1().Services(metav1.NamespaceDefault).Get(context.TODO(), serviceName, metav1.GetOptions{}); err == nil { - // The service already exists. - if reconcile { - if svc, updated := getMasterServiceUpdateIfNeeded(s, servicePorts, serviceType); updated { - klog.Warningf("Resetting master service %q to %#v", serviceName, svc) - _, err := c.client.CoreV1().Services(metav1.NamespaceDefault).Update(context.TODO(), svc, metav1.UpdateOptions{}) - return err - } - } - return nil - } - singleStack := corev1.IPFamilyPolicySingleStack - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: serviceName, - Namespace: metav1.NamespaceDefault, - Labels: map[string]string{"provider": "kubernetes", "component": "apiserver"}, - }, - Spec: corev1.ServiceSpec{ - Ports: servicePorts, - // maintained by this code, not by the pod selector - Selector: nil, - ClusterIP: serviceIP.String(), - IPFamilyPolicy: &singleStack, - SessionAffinity: corev1.ServiceAffinityNone, - Type: serviceType, - }, - } - - _, err := c.client.CoreV1().Services(metav1.NamespaceDefault).Create(context.TODO(), svc, metav1.CreateOptions{}) - if errors.IsAlreadyExists(err) { - return c.CreateOrUpdateMasterServiceIfNeeded(serviceName, serviceIP, servicePorts, serviceType, reconcile) - } - return err -} - -// getMasterServiceUpdateIfNeeded sets service attributes for the given apiserver service. -func getMasterServiceUpdateIfNeeded(svc *corev1.Service, servicePorts []corev1.ServicePort, serviceType corev1.ServiceType) (s *corev1.Service, updated bool) { - // Determine if the service is in the format we expect - // (servicePorts are present and service type matches) - formatCorrect := checkServiceFormat(svc, servicePorts, serviceType) - if formatCorrect { - return svc, false - } - svc.Spec.Ports = servicePorts - svc.Spec.Type = serviceType - return svc, true -} - -// Determine if the service is in the correct format -// getMasterServiceUpdateIfNeeded expects (servicePorts are correct -// and service type matches). -func checkServiceFormat(s *corev1.Service, ports []corev1.ServicePort, serviceType corev1.ServiceType) (formatCorrect bool) { - if s.Spec.Type != serviceType { - return false - } - if len(ports) != len(s.Spec.Ports) { - return false - } - for i, port := range ports { - if port != s.Spec.Ports[i] { - return false - } - } - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/apiserverleasegc/gc_controller.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/apiserverleasegc/gc_controller.go deleted file mode 100644 index 814fedad1b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/apiserverleasegc/gc_controller.go +++ /dev/null @@ -1,143 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package apiserverleasegc - -import ( - "context" - "fmt" - "time" - - v1 "k8s.io/api/coordination/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - informers "k8s.io/client-go/informers/coordination/v1" - "k8s.io/client-go/kubernetes" - listers "k8s.io/client-go/listers/coordination/v1" - "k8s.io/client-go/tools/cache" - - "k8s.io/klog/v2" -) - -// Controller deletes expired apiserver leases. -type Controller struct { - kubeclientset kubernetes.Interface - - leaseLister listers.LeaseLister - leaseInformer cache.SharedIndexInformer - leasesSynced cache.InformerSynced - - leaseNamespace string - - gcCheckPeriod time.Duration -} - -// NewAPIServerLeaseGC creates a new Controller. -func NewAPIServerLeaseGC(clientset kubernetes.Interface, gcCheckPeriod time.Duration, leaseNamespace, leaseLabelSelector string) *Controller { - // we construct our own informer because we need such a small subset of the information available. - // Just one namespace with label selection. - leaseInformer := informers.NewFilteredLeaseInformer( - clientset, - leaseNamespace, - 0, - cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, - func(listOptions *metav1.ListOptions) { - listOptions.LabelSelector = leaseLabelSelector - }) - return &Controller{ - kubeclientset: clientset, - leaseLister: listers.NewLeaseLister(leaseInformer.GetIndexer()), - leaseInformer: leaseInformer, - leasesSynced: leaseInformer.HasSynced, - leaseNamespace: leaseNamespace, - gcCheckPeriod: gcCheckPeriod, - } -} - -// Run starts one worker. -func (c *Controller) Run(stopCh <-chan struct{}) { - defer utilruntime.HandleCrash() - defer klog.Infof("Shutting down apiserver lease garbage collector") - - klog.Infof("Starting apiserver lease garbage collector") - - // we have a personal informer that is narrowly scoped, start it. - go c.leaseInformer.Run(stopCh) - - if !cache.WaitForCacheSync(stopCh, c.leasesSynced) { - utilruntime.HandleError(fmt.Errorf("timed out waiting for caches to sync")) - return - } - - go wait.Until(c.gc, c.gcCheckPeriod, stopCh) - - <-stopCh -} - -func (c *Controller) gc() { - leases, err := c.leaseLister.Leases(c.leaseNamespace).List(labels.Everything()) - if err != nil { - klog.ErrorS(err, "Error while listing apiserver leases") - return - } - for _, lease := range leases { - // evaluate lease from cache - if !isLeaseExpired(lease) { - continue - } - // double check latest lease from apiserver before deleting - lease, err := c.kubeclientset.CoordinationV1().Leases(c.leaseNamespace).Get(context.TODO(), lease.Name, metav1.GetOptions{}) - if err != nil && !errors.IsNotFound(err) { - klog.ErrorS(err, "Error getting lease") - continue - } - if errors.IsNotFound(err) || lease == nil { - // In an HA cluster, this can happen if the lease was deleted - // by the same GC controller in another apiserver, which is legit. - // We don't expect other components to delete the lease. - klog.V(4).InfoS("Cannot find apiserver lease", "err", err) - continue - } - // evaluate lease from apiserver - if !isLeaseExpired(lease) { - continue - } - if err := c.kubeclientset.CoordinationV1().Leases(c.leaseNamespace).Delete( - context.TODO(), lease.Name, metav1.DeleteOptions{}); err != nil { - if errors.IsNotFound(err) { - // In an HA cluster, this can happen if the lease was deleted - // by the same GC controller in another apiserver, which is legit. - // We don't expect other components to delete the lease. - klog.V(4).InfoS("Apiserver lease is gone already", "err", err) - } else { - klog.ErrorS(err, "Error deleting lease") - } - } - } -} - -func isLeaseExpired(lease *v1.Lease) bool { - currentTime := time.Now() - // Leases created by the apiserver lease controller should have non-nil renew time - // and lease duration set. Leases without these fields set are invalid and should - // be GC'ed. - return lease.Spec.RenewTime == nil || - lease.Spec.LeaseDurationSeconds == nil || - lease.Spec.RenewTime.Add(time.Duration(*lease.Spec.LeaseDurationSeconds)*time.Second).Before(currentTime) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go deleted file mode 100644 index dcfb67d388..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go +++ /dev/null @@ -1,516 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clusterauthenticationtrust - -import ( - "bytes" - "context" - "crypto/x509" - "encoding/json" - "encoding/pem" - "fmt" - "reflect" - "strings" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/equality" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/request/headerrequest" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - corev1informers "k8s.io/client-go/informers/core/v1" - "k8s.io/client-go/kubernetes" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - corev1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/cert" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" -) - -const ( - configMapNamespace = "kube-system" - configMapName = "extension-apiserver-authentication" -) - -// Controller holds the running state for the controller -type Controller struct { - requiredAuthenticationData ClusterAuthenticationInfo - - configMapLister corev1listers.ConfigMapLister - configMapClient corev1client.ConfigMapsGetter - namespaceClient corev1client.NamespacesGetter - - // queue is where incoming work is placed to de-dup and to allow "easy" rate limited requeues on errors. - // we only ever place one entry in here, but it is keyed as usual: namespace/name - queue workqueue.RateLimitingInterface - - // kubeSystemConfigMapInformer is tracked so that we can start these on Run - kubeSystemConfigMapInformer cache.SharedIndexInformer - - // preRunCaches are the caches to sync before starting the work of this control loop - preRunCaches []cache.InformerSynced -} - -// ClusterAuthenticationInfo holds the information that will included in public configmap. -type ClusterAuthenticationInfo struct { - // ClientCA is the CA that can be used to verify the identity of normal clients - ClientCA dynamiccertificates.CAContentProvider - - // RequestHeaderUsernameHeaders are the headers used by this kube-apiserver to determine username - RequestHeaderUsernameHeaders headerrequest.StringSliceProvider - // RequestHeaderGroupHeaders are the headers used by this kube-apiserver to determine groups - RequestHeaderGroupHeaders headerrequest.StringSliceProvider - // RequestHeaderExtraHeaderPrefixes are the headers used by this kube-apiserver to determine user.extra - RequestHeaderExtraHeaderPrefixes headerrequest.StringSliceProvider - // RequestHeaderAllowedNames are the sujbects allowed to act as a front proxy - RequestHeaderAllowedNames headerrequest.StringSliceProvider - // RequestHeaderCA is the CA that can be used to verify the front proxy - RequestHeaderCA dynamiccertificates.CAContentProvider -} - -// NewClusterAuthenticationTrustController returns a controller that will maintain the kube-system configmap/extension-apiserver-authentication -// that holds information about how to aggregated apiservers are recommended (but not required) to configure themselves. -func NewClusterAuthenticationTrustController(requiredAuthenticationData ClusterAuthenticationInfo, kubeClient kubernetes.Interface) *Controller { - // we construct our own informer because we need such a small subset of the information available. Just one namespace. - kubeSystemConfigMapInformer := corev1informers.NewConfigMapInformer(kubeClient, configMapNamespace, 12*time.Hour, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}) - - c := &Controller{ - requiredAuthenticationData: requiredAuthenticationData, - configMapLister: corev1listers.NewConfigMapLister(kubeSystemConfigMapInformer.GetIndexer()), - configMapClient: kubeClient.CoreV1(), - namespaceClient: kubeClient.CoreV1(), - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "cluster_authentication_trust_controller"), - preRunCaches: []cache.InformerSynced{kubeSystemConfigMapInformer.HasSynced}, - kubeSystemConfigMapInformer: kubeSystemConfigMapInformer, - } - - kubeSystemConfigMapInformer.AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: func(obj interface{}) bool { - if cast, ok := obj.(*corev1.ConfigMap); ok { - return cast.Name == configMapName - } - if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok { - if cast, ok := tombstone.Obj.(*corev1.ConfigMap); ok { - return cast.Name == configMapName - } - } - return true // always return true just in case. The checks are fairly cheap - }, - Handler: cache.ResourceEventHandlerFuncs{ - // we have a filter, so any time we're called, we may as well queue. We only ever check one configmap - // so we don't have to be choosy about our key. - AddFunc: func(obj interface{}) { - c.queue.Add(keyFn()) - }, - UpdateFunc: func(oldObj, newObj interface{}) { - c.queue.Add(keyFn()) - }, - DeleteFunc: func(obj interface{}) { - c.queue.Add(keyFn()) - }, - }, - }) - - return c -} - -func (c *Controller) syncConfigMap() error { - originalAuthConfigMap, err := c.configMapLister.ConfigMaps(configMapNamespace).Get(configMapName) - if apierrors.IsNotFound(err) { - originalAuthConfigMap = &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{Namespace: configMapNamespace, Name: configMapName}, - } - } else if err != nil { - return err - } - // keep the original to diff against later before updating - authConfigMap := originalAuthConfigMap.DeepCopy() - - existingAuthenticationInfo, err := getClusterAuthenticationInfoFor(originalAuthConfigMap.Data) - if err != nil { - return err - } - combinedInfo, err := combinedClusterAuthenticationInfo(existingAuthenticationInfo, c.requiredAuthenticationData) - if err != nil { - return err - } - authConfigMap.Data, err = getConfigMapDataFor(combinedInfo) - if err != nil { - return err - } - - if equality.Semantic.DeepEqual(authConfigMap, originalAuthConfigMap) { - klog.V(5).Info("no changes to configmap") - return nil - } - klog.V(2).Infof("writing updated authentication info to %s configmaps/%s", configMapNamespace, configMapName) - - if err := createNamespaceIfNeeded(c.namespaceClient, authConfigMap.Namespace); err != nil { - return err - } - if err := writeConfigMap(c.configMapClient, authConfigMap); err != nil { - return err - } - - return nil -} - -func createNamespaceIfNeeded(nsClient corev1client.NamespacesGetter, ns string) error { - if _, err := nsClient.Namespaces().Get(context.TODO(), ns, metav1.GetOptions{}); err == nil { - // the namespace already exists - return nil - } - newNs := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: ns, - Namespace: "", - }, - } - _, err := nsClient.Namespaces().Create(context.TODO(), newNs, metav1.CreateOptions{}) - if err != nil && apierrors.IsAlreadyExists(err) { - err = nil - } - return err -} - -func writeConfigMap(configMapClient corev1client.ConfigMapsGetter, required *corev1.ConfigMap) error { - _, err := configMapClient.ConfigMaps(required.Namespace).Update(context.TODO(), required, metav1.UpdateOptions{}) - if apierrors.IsNotFound(err) { - _, err := configMapClient.ConfigMaps(required.Namespace).Create(context.TODO(), required, metav1.CreateOptions{}) - return err - } - - // If the configmap is too big, clear the entire thing and count on this controller (or another one) to add the correct data back. - // We return the original error which causes the controller to re-queue. - // Too big means - // 1. request is so big the generic request catcher finds it - // 2. the content is so large that that the server sends a validation error "Too long: must have at most 1048576 characters" - if apierrors.IsRequestEntityTooLargeError(err) || (apierrors.IsInvalid(err) && strings.Contains(err.Error(), "Too long")) { - if deleteErr := configMapClient.ConfigMaps(required.Namespace).Delete(context.TODO(), required.Name, metav1.DeleteOptions{}); deleteErr != nil { - return deleteErr - } - return err - } - - return err -} - -// combinedClusterAuthenticationInfo combines two sets of authentication information into a new one -func combinedClusterAuthenticationInfo(lhs, rhs ClusterAuthenticationInfo) (ClusterAuthenticationInfo, error) { - ret := ClusterAuthenticationInfo{ - RequestHeaderAllowedNames: combineUniqueStringSlices(lhs.RequestHeaderAllowedNames, rhs.RequestHeaderAllowedNames), - RequestHeaderExtraHeaderPrefixes: combineUniqueStringSlices(lhs.RequestHeaderExtraHeaderPrefixes, rhs.RequestHeaderExtraHeaderPrefixes), - RequestHeaderGroupHeaders: combineUniqueStringSlices(lhs.RequestHeaderGroupHeaders, rhs.RequestHeaderGroupHeaders), - RequestHeaderUsernameHeaders: combineUniqueStringSlices(lhs.RequestHeaderUsernameHeaders, rhs.RequestHeaderUsernameHeaders), - } - - var err error - ret.ClientCA, err = combineCertLists(lhs.ClientCA, rhs.ClientCA) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - ret.RequestHeaderCA, err = combineCertLists(lhs.RequestHeaderCA, rhs.RequestHeaderCA) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - - return ret, nil -} - -func getConfigMapDataFor(authenticationInfo ClusterAuthenticationInfo) (map[string]string, error) { - data := map[string]string{} - if authenticationInfo.ClientCA != nil { - if caBytes := authenticationInfo.ClientCA.CurrentCABundleContent(); len(caBytes) > 0 { - data["client-ca-file"] = string(caBytes) - } - } - - if authenticationInfo.RequestHeaderCA == nil { - return data, nil - } - - if caBytes := authenticationInfo.RequestHeaderCA.CurrentCABundleContent(); len(caBytes) > 0 { - var err error - - // encoding errors aren't going to get better, so just fail on them. - data["requestheader-username-headers"], err = jsonSerializeStringSlice(authenticationInfo.RequestHeaderUsernameHeaders.Value()) - if err != nil { - return nil, err - } - data["requestheader-group-headers"], err = jsonSerializeStringSlice(authenticationInfo.RequestHeaderGroupHeaders.Value()) - if err != nil { - return nil, err - } - data["requestheader-extra-headers-prefix"], err = jsonSerializeStringSlice(authenticationInfo.RequestHeaderExtraHeaderPrefixes.Value()) - if err != nil { - return nil, err - } - - data["requestheader-client-ca-file"] = string(caBytes) - data["requestheader-allowed-names"], err = jsonSerializeStringSlice(authenticationInfo.RequestHeaderAllowedNames.Value()) - if err != nil { - return nil, err - } - } - - return data, nil -} - -func getClusterAuthenticationInfoFor(data map[string]string) (ClusterAuthenticationInfo, error) { - ret := ClusterAuthenticationInfo{} - - var err error - ret.RequestHeaderGroupHeaders, err = jsonDeserializeStringSlice(data["requestheader-group-headers"]) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - ret.RequestHeaderExtraHeaderPrefixes, err = jsonDeserializeStringSlice(data["requestheader-extra-headers-prefix"]) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - ret.RequestHeaderAllowedNames, err = jsonDeserializeStringSlice(data["requestheader-allowed-names"]) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - ret.RequestHeaderUsernameHeaders, err = jsonDeserializeStringSlice(data["requestheader-username-headers"]) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - - if caBundle := data["requestheader-client-ca-file"]; len(caBundle) > 0 { - ret.RequestHeaderCA, err = dynamiccertificates.NewStaticCAContent("existing", []byte(caBundle)) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - } - - if caBundle := data["client-ca-file"]; len(caBundle) > 0 { - ret.ClientCA, err = dynamiccertificates.NewStaticCAContent("existing", []byte(caBundle)) - if err != nil { - return ClusterAuthenticationInfo{}, err - } - } - - return ret, nil -} - -func jsonSerializeStringSlice(in []string) (string, error) { - out, err := json.Marshal(in) - if err != nil { - return "", err - } - return string(out), err -} - -func jsonDeserializeStringSlice(in string) (headerrequest.StringSliceProvider, error) { - if len(in) == 0 { - return nil, nil - } - - out := []string{} - if err := json.Unmarshal([]byte(in), &out); err != nil { - return nil, err - } - return headerrequest.StaticStringSlice(out), nil -} - -func combineUniqueStringSlices(lhs, rhs headerrequest.StringSliceProvider) headerrequest.StringSliceProvider { - ret := []string{} - present := sets.String{} - - if lhs != nil { - for _, curr := range lhs.Value() { - if present.Has(curr) { - continue - } - ret = append(ret, curr) - present.Insert(curr) - } - } - - if rhs != nil { - for _, curr := range rhs.Value() { - if present.Has(curr) { - continue - } - ret = append(ret, curr) - present.Insert(curr) - } - } - - return headerrequest.StaticStringSlice(ret) -} - -func combineCertLists(lhs, rhs dynamiccertificates.CAContentProvider) (dynamiccertificates.CAContentProvider, error) { - certificates := []*x509.Certificate{} - - if lhs != nil { - lhsCABytes := lhs.CurrentCABundleContent() - lhsCAs, err := cert.ParseCertsPEM(lhsCABytes) - if err != nil { - return nil, err - } - certificates = append(certificates, lhsCAs...) - } - if rhs != nil { - rhsCABytes := rhs.CurrentCABundleContent() - rhsCAs, err := cert.ParseCertsPEM(rhsCABytes) - if err != nil { - return nil, err - } - certificates = append(certificates, rhsCAs...) - } - - certificates = filterExpiredCerts(certificates...) - - finalCertificates := []*x509.Certificate{} - // now check for duplicates. n^2, but super simple - for i := range certificates { - found := false - for j := range finalCertificates { - if reflect.DeepEqual(certificates[i].Raw, finalCertificates[j].Raw) { - found = true - break - } - } - if !found { - finalCertificates = append(finalCertificates, certificates[i]) - } - } - - finalCABytes, err := encodeCertificates(finalCertificates...) - if err != nil { - return nil, err - } - - if len(finalCABytes) == 0 { - return nil, nil - } - // it makes sense for this list to be static because the combination of sources is only used just before writing and - // is recalculated - return dynamiccertificates.NewStaticCAContent("combined", finalCABytes) -} - -// filterExpiredCerts checks are all certificates in the bundle valid, i.e. they have not expired. -// The function returns new bundle with only valid certificates or error if no valid certificate is found. -// We allow five minutes of slack for NotAfter comparisons -func filterExpiredCerts(certs ...*x509.Certificate) []*x509.Certificate { - fiveMinutesAgo := time.Now().Add(-5 * time.Minute) - - var validCerts []*x509.Certificate - for _, c := range certs { - if c.NotAfter.After(fiveMinutesAgo) { - validCerts = append(validCerts, c) - } - } - - return validCerts -} - -// Enqueue a method to allow separate control loops to cause the controller to trigger and reconcile content. -func (c *Controller) Enqueue() { - c.queue.Add(keyFn()) -} - -// Run the controller until stopped. -func (c *Controller) Run(ctx context.Context, workers int) { - defer utilruntime.HandleCrash() - // make sure the work queue is shutdown which will trigger workers to end - defer c.queue.ShutDown() - - klog.Infof("Starting cluster_authentication_trust_controller controller") - defer klog.Infof("Shutting down cluster_authentication_trust_controller controller") - - // we have a personal informer that is narrowly scoped, start it. - go c.kubeSystemConfigMapInformer.Run(ctx.Done()) - - // wait for your secondary caches to fill before starting your work - if !cache.WaitForNamedCacheSync("cluster_authentication_trust_controller", ctx.Done(), c.preRunCaches...) { - return - } - - // only run one worker - go wait.Until(c.runWorker, time.Second, ctx.Done()) - - // checks are cheap. run once a minute just to be sure we stay in sync in case fsnotify fails again - // start timer that rechecks every minute, just in case. this also serves to prime the controller quickly. - _ = wait.PollImmediateUntil(1*time.Minute, func() (bool, error) { - c.queue.Add(keyFn()) - return false, nil - }, ctx.Done()) - - // wait until we're told to stop - <-ctx.Done() -} - -func (c *Controller) runWorker() { - // hot loop until we're told to stop. processNextWorkItem will automatically wait until there's work - // available, so we don't worry about secondary waits - for c.processNextWorkItem() { - } -} - -// processNextWorkItem deals with one key off the queue. It returns false when it's time to quit. -func (c *Controller) processNextWorkItem() bool { - // pull the next work item from queue. It should be a key we use to lookup something in a cache - key, quit := c.queue.Get() - if quit { - return false - } - // you always have to indicate to the queue that you've completed a piece of work - defer c.queue.Done(key) - - // do your work on the key. This method will contains your "do stuff" logic - err := c.syncConfigMap() - if err == nil { - // if you had no error, tell the queue to stop tracking history for your key. This will - // reset things like failure counts for per-item rate limiting - c.queue.Forget(key) - return true - } - - // there was a failure so be sure to report it. This method allows for pluggable error handling - // which can be used for things like cluster-monitoring - utilruntime.HandleError(fmt.Errorf("%v failed with : %v", key, err)) - // since we failed, we should requeue the item to work on later. This method will add a backoff - // to avoid hotlooping on particular items (they're probably still not going to work right away) - // and overall controller protection (everything I've done is broken, this controller needs to - // calm down or it can starve other useful work) cases. - c.queue.AddRateLimited(key) - - return true -} - -func keyFn() string { - // this format matches DeletionHandlingMetaNamespaceKeyFunc for our single key - return configMapNamespace + "/" + configMapName -} - -func encodeCertificates(certs ...*x509.Certificate) ([]byte, error) { - b := bytes.Buffer{} - for _, cert := range certs { - if err := pem.Encode(&b, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}); err != nil { - return []byte{}, err - } - } - return b.Bytes(), nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/legacytokentracking/controller.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/legacytokentracking/controller.go deleted file mode 100644 index f5719e03ce..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/controller/legacytokentracking/controller.go +++ /dev/null @@ -1,211 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package legacytokentracking - -import ( - "context" - "fmt" - "time" - - "golang.org/x/time/rate" - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - utilfeature "k8s.io/apiserver/pkg/util/feature" - corev1informers "k8s.io/client-go/informers/core/v1" - "k8s.io/client-go/kubernetes" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/util/workqueue" - "k8s.io/klog/v2" - kubefeatures "k8s.io/kubernetes/pkg/features" - "k8s.io/utils/clock" -) - -const ( - ConfigMapName = "kube-apiserver-legacy-service-account-token-tracking" - ConfigMapDataKey = "since" - dateFormat = "2006-01-02" -) - -var ( - queueKey = metav1.NamespaceSystem + "/" + ConfigMapName -) - -// Controller maintains a timestamp value configmap `kube-apiserver-legacy-service-account-token-tracking` -// in `kube-system` to indicates if the tracking for legacy tokens is enabled in -// the cluster. For HA clusters, the configmap will be eventually created after -// all controller instances have enabled the feature. When disabling this -// feature, existing configmap will be deleted. -type Controller struct { - configMapClient corev1client.ConfigMapsGetter - configMapInformer cache.SharedIndexInformer - configMapCache cache.Indexer - configMapSynced cache.InformerSynced - queue workqueue.RateLimitingInterface - - // enabled controls the behavior of the controller: if enabled is true, the - //configmap will be created; otherwise, the configmap will be deleted. - enabled bool - // rate limiter controls the rate limit of the creation of the configmap. - // this is useful in multi-apiserver cluster to prevent config existing in a - // cluster with mixed enabled/disabled controllers. otherwise, those - // apiservers will fight to create/delete until all apiservers are enabled - // or disabled. - creationRatelimiter *rate.Limiter - clock clock.Clock -} - -// NewController returns a Controller struct. -func NewController(cs kubernetes.Interface) *Controller { - return newController(cs, clock.RealClock{}, rate.NewLimiter(rate.Every(30*time.Minute), 1)) -} - -func newController(cs kubernetes.Interface, cl clock.Clock, limiter *rate.Limiter) *Controller { - informer := corev1informers.NewFilteredConfigMapInformer(cs, metav1.NamespaceSystem, 12*time.Hour, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, func(options *metav1.ListOptions) { - options.FieldSelector = fields.OneTermEqualSelector("metadata.name", ConfigMapName).String() - }) - - c := &Controller{ - configMapClient: cs.CoreV1(), - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "legacy_token_tracking_controller"), - configMapInformer: informer, - configMapCache: informer.GetIndexer(), - configMapSynced: informer.HasSynced, - enabled: utilfeature.DefaultFeatureGate.Enabled(kubefeatures.LegacyServiceAccountTokenTracking), - creationRatelimiter: limiter, - clock: cl, - } - - informer.AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { - c.enqueue() - }, - UpdateFunc: func(oldObj, newObj interface{}) { - c.enqueue() - }, - DeleteFunc: func(obj interface{}) { - c.enqueue() - }, - }) - - return c -} - -func (c *Controller) enqueue() { - c.queue.Add(queueKey) -} - -// Run starts the controller sync loop. -func (c *Controller) Run(stopCh <-chan struct{}) { - defer utilruntime.HandleCrash() - defer c.queue.ShutDown() - - klog.Info("Starting legacy_token_tracking_controller") - defer klog.Infof("Shutting down legacy_token_tracking_controller") - - go c.configMapInformer.Run(stopCh) - if !cache.WaitForNamedCacheSync("configmaps", stopCh, c.configMapSynced) { - return - } - - go wait.Until(c.runWorker, time.Second, stopCh) - - c.queue.Add(queueKey) - - <-stopCh - klog.Info("Ending legacy_token_tracking_controller") -} - -func (c *Controller) runWorker() { - for c.processNext() { - } -} - -func (c *Controller) processNext() bool { - key, quit := c.queue.Get() - if quit { - return false - } - defer c.queue.Done(key) - - if err := c.syncConfigMap(); err != nil { - utilruntime.HandleError(fmt.Errorf("while syncing ConfigMap %q, err: %w", key, err)) - c.queue.AddRateLimited(key) - return true - } - c.queue.Forget(key) - return true -} - -func (c *Controller) syncConfigMap() error { - obj, exists, err := c.configMapCache.GetByKey(queueKey) - if err != nil { - return err - } - - now := c.clock.Now() - switch { - case c.enabled: - if !exists { - r := c.creationRatelimiter.ReserveN(now, 1) - if delay := r.DelayFrom(now); delay > 0 { - c.queue.AddAfter(queueKey, delay) - r.CancelAt(now) - return nil - } - - if _, err = c.configMapClient.ConfigMaps(metav1.NamespaceSystem).Create(context.TODO(), &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: ConfigMapName}, - Data: map[string]string{ConfigMapDataKey: now.UTC().Format(dateFormat)}, - }, metav1.CreateOptions{}); err != nil { - if apierrors.IsAlreadyExists(err) { - return nil - } - // don't consume the creationRatelimiter for an unsuccessful attempt - r.CancelAt(now) - return err - } - } else { - configMap := obj.(*corev1.ConfigMap) - if _, err = time.Parse(dateFormat, configMap.Data[ConfigMapDataKey]); err != nil { - configMap := configMap.DeepCopy() - configMap.Data[ConfigMapDataKey] = now.UTC().Format(dateFormat) - if _, err = c.configMapClient.ConfigMaps(metav1.NamespaceSystem).Update(context.TODO(), configMap, metav1.UpdateOptions{}); err != nil { - if apierrors.IsNotFound(err) || apierrors.IsConflict(err) { - return nil - } - return err - } - } - } - - case !c.enabled: - if exists && obj.(*corev1.ConfigMap).DeletionTimestamp == nil { - if err := c.configMapClient.ConfigMaps(metav1.NamespaceSystem).Delete(context.TODO(), ConfigMapName, metav1.DeleteOptions{}); err != nil { - if apierrors.IsNotFound(err) { - return nil - } - return err - } - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/doc.go deleted file mode 100644 index 9bb34fa9a9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package controlplane contains code for setting up and running a Kubernetes -// cluster control plane API server. -package controlplane // import "k8s.io/kubernetes/pkg/controlplane" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/import_known_versions.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/import_known_versions.go deleted file mode 100644 index 6c39ea577f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/import_known_versions.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controlplane - -import ( - // These imports are the API groups the API server will support. - _ "k8s.io/kubernetes/pkg/apis/admission/install" - _ "k8s.io/kubernetes/pkg/apis/admissionregistration/install" - _ "k8s.io/kubernetes/pkg/apis/apiserverinternal/install" - _ "k8s.io/kubernetes/pkg/apis/apps/install" - _ "k8s.io/kubernetes/pkg/apis/authentication/install" - _ "k8s.io/kubernetes/pkg/apis/authorization/install" - _ "k8s.io/kubernetes/pkg/apis/autoscaling/install" - _ "k8s.io/kubernetes/pkg/apis/batch/install" - _ "k8s.io/kubernetes/pkg/apis/certificates/install" - _ "k8s.io/kubernetes/pkg/apis/coordination/install" - _ "k8s.io/kubernetes/pkg/apis/core/install" - _ "k8s.io/kubernetes/pkg/apis/discovery/install" - _ "k8s.io/kubernetes/pkg/apis/events/install" - _ "k8s.io/kubernetes/pkg/apis/extensions/install" - _ "k8s.io/kubernetes/pkg/apis/flowcontrol/install" - _ "k8s.io/kubernetes/pkg/apis/imagepolicy/install" - _ "k8s.io/kubernetes/pkg/apis/networking/install" - _ "k8s.io/kubernetes/pkg/apis/node/install" - _ "k8s.io/kubernetes/pkg/apis/policy/install" - _ "k8s.io/kubernetes/pkg/apis/rbac/install" - _ "k8s.io/kubernetes/pkg/apis/resource/install" - _ "k8s.io/kubernetes/pkg/apis/scheduling/install" - _ "k8s.io/kubernetes/pkg/apis/storage/install" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/instance.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/instance.go deleted file mode 100644 index 8936ceea41..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/instance.go +++ /dev/null @@ -1,731 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controlplane - -import ( - "context" - "fmt" - "net" - "net/http" - "os" - "reflect" - "strconv" - "time" - - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - appsv1 "k8s.io/api/apps/v1" - authenticationv1 "k8s.io/api/authentication/v1" - authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1" - authorizationapiv1 "k8s.io/api/authorization/v1" - autoscalingapiv1 "k8s.io/api/autoscaling/v1" - autoscalingapiv2 "k8s.io/api/autoscaling/v2" - autoscalingapiv2beta1 "k8s.io/api/autoscaling/v2beta1" - autoscalingapiv2beta2 "k8s.io/api/autoscaling/v2beta2" - batchapiv1 "k8s.io/api/batch/v1" - batchapiv1beta1 "k8s.io/api/batch/v1beta1" - certificatesapiv1 "k8s.io/api/certificates/v1" - coordinationapiv1 "k8s.io/api/coordination/v1" - apiv1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - eventsv1 "k8s.io/api/events/v1" - eventsv1beta1 "k8s.io/api/events/v1beta1" - flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - networkingapiv1 "k8s.io/api/networking/v1" - networkingapiv1alpha1 "k8s.io/api/networking/v1alpha1" - nodev1 "k8s.io/api/node/v1" - nodev1beta1 "k8s.io/api/node/v1beta1" - policyapiv1 "k8s.io/api/policy/v1" - policyapiv1beta1 "k8s.io/api/policy/v1beta1" - rbacv1 "k8s.io/api/rbac/v1" - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - schedulingapiv1 "k8s.io/api/scheduling/v1" - storageapiv1 "k8s.io/api/storage/v1" - storageapiv1alpha1 "k8s.io/api/storage/v1alpha1" - storageapiv1beta1 "k8s.io/api/storage/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/uuid" - "k8s.io/apiserver/pkg/endpoints/discovery" - apiserverfeatures "k8s.io/apiserver/pkg/features" - "k8s.io/apiserver/pkg/registry/generic" - genericapiserver "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - serverstorage "k8s.io/apiserver/pkg/server/storage" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - discoveryclient "k8s.io/client-go/kubernetes/typed/discovery/v1" - "k8s.io/component-helpers/apimachinery/lease" - "k8s.io/klog/v2" - api "k8s.io/kubernetes/pkg/apis/core" - flowcontrolv1beta1 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1" - flowcontrolv1beta2 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2" - flowcontrolv1beta3 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3" - "k8s.io/kubernetes/pkg/controlplane/controller/apiserverleasegc" - "k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust" - "k8s.io/kubernetes/pkg/controlplane/controller/legacytokentracking" - "k8s.io/kubernetes/pkg/controlplane/reconcilers" - kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options" - kubeletclient "k8s.io/kubernetes/pkg/kubelet/client" - "k8s.io/kubernetes/pkg/routes" - "k8s.io/kubernetes/pkg/serviceaccount" - "k8s.io/utils/clock" - - // RESTStorage installers - admissionregistrationrest "k8s.io/kubernetes/pkg/registry/admissionregistration/rest" - apiserverinternalrest "k8s.io/kubernetes/pkg/registry/apiserverinternal/rest" - appsrest "k8s.io/kubernetes/pkg/registry/apps/rest" - authenticationrest "k8s.io/kubernetes/pkg/registry/authentication/rest" - authorizationrest "k8s.io/kubernetes/pkg/registry/authorization/rest" - autoscalingrest "k8s.io/kubernetes/pkg/registry/autoscaling/rest" - batchrest "k8s.io/kubernetes/pkg/registry/batch/rest" - certificatesrest "k8s.io/kubernetes/pkg/registry/certificates/rest" - coordinationrest "k8s.io/kubernetes/pkg/registry/coordination/rest" - corerest "k8s.io/kubernetes/pkg/registry/core/rest" - discoveryrest "k8s.io/kubernetes/pkg/registry/discovery/rest" - eventsrest "k8s.io/kubernetes/pkg/registry/events/rest" - flowcontrolrest "k8s.io/kubernetes/pkg/registry/flowcontrol/rest" - networkingrest "k8s.io/kubernetes/pkg/registry/networking/rest" - noderest "k8s.io/kubernetes/pkg/registry/node/rest" - policyrest "k8s.io/kubernetes/pkg/registry/policy/rest" - rbacrest "k8s.io/kubernetes/pkg/registry/rbac/rest" - resourcerest "k8s.io/kubernetes/pkg/registry/resource/rest" - schedulingrest "k8s.io/kubernetes/pkg/registry/scheduling/rest" - storagerest "k8s.io/kubernetes/pkg/registry/storage/rest" -) - -const ( - // DefaultEndpointReconcilerInterval is the default amount of time for how often the endpoints for - // the kubernetes Service are reconciled. - DefaultEndpointReconcilerInterval = 10 * time.Second - // DefaultEndpointReconcilerTTL is the default TTL timeout for the storage layer - DefaultEndpointReconcilerTTL = 15 * time.Second - // IdentityLeaseComponentLabelKey is used to apply a component label to identity lease objects, indicating: - // 1. the lease is an identity lease (different from leader election leases) - // 2. which component owns this lease - IdentityLeaseComponentLabelKey = "k8s.io/component" - // KubeAPIServer defines variable used internally when referring to kube-apiserver component - KubeAPIServer = "kube-apiserver" - // KubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases - KubeAPIServerIdentityLeaseLabelSelector = IdentityLeaseComponentLabelKey + "=" + KubeAPIServer - // repairLoopInterval defines the interval used to run the Services ClusterIP and NodePort repair loops - repairLoopInterval = 3 * time.Minute -) - -var ( - // IdentityLeaseGCPeriod is the interval which the lease GC controller checks for expired leases - // IdentityLeaseGCPeriod is exposed so integration tests can tune this value. - IdentityLeaseGCPeriod = 3600 * time.Second - // IdentityLeaseDurationSeconds is the duration of kube-apiserver lease in seconds - // IdentityLeaseDurationSeconds is exposed so integration tests can tune this value. - IdentityLeaseDurationSeconds = 3600 - // IdentityLeaseRenewIntervalSeconds is the interval of kube-apiserver renewing its lease in seconds - // IdentityLeaseRenewIntervalSeconds is exposed so integration tests can tune this value. - IdentityLeaseRenewIntervalPeriod = 10 * time.Second -) - -// ExtraConfig defines extra configuration for the master -type ExtraConfig struct { - ClusterAuthenticationInfo clusterauthenticationtrust.ClusterAuthenticationInfo - - APIResourceConfigSource serverstorage.APIResourceConfigSource - StorageFactory serverstorage.StorageFactory - EndpointReconcilerConfig EndpointReconcilerConfig - EventTTL time.Duration - KubeletClientConfig kubeletclient.KubeletClientConfig - - EnableLogsSupport bool - ProxyTransport *http.Transport - - // Values to build the IP addresses used by discovery - // The range of IPs to be assigned to services with type=ClusterIP or greater - ServiceIPRange net.IPNet - // The IP address for the GenericAPIServer service (must be inside ServiceIPRange) - APIServerServiceIP net.IP - - // dual stack services, the range represents an alternative IP range for service IP - // must be of different family than primary (ServiceIPRange) - SecondaryServiceIPRange net.IPNet - // the secondary IP address the GenericAPIServer service (must be inside SecondaryServiceIPRange) - SecondaryAPIServerServiceIP net.IP - - // Port for the apiserver service. - APIServerServicePort int - - // TODO, we can probably group service related items into a substruct to make it easier to configure - // the API server items and `Extra*` fields likely fit nicely together. - - // The range of ports to be assigned to services with type=NodePort or greater - ServiceNodePortRange utilnet.PortRange - // If non-zero, the "kubernetes" services uses this port as NodePort. - KubernetesServiceNodePort int - - // Number of masters running; all masters must be started with the - // same value for this field. (Numbers > 1 currently untested.) - MasterCount int - - // MasterEndpointReconcileTTL sets the time to live in seconds of an - // endpoint record recorded by each master. The endpoints are checked at an - // interval that is 2/3 of this value and this value defaults to 15s if - // unset. In very large clusters, this value may be increased to reduce the - // possibility that the master endpoint record expires (due to other load - // on the etcd server) and causes masters to drop in and out of the - // kubernetes service record. It is not recommended to set this value below - // 15s. - MasterEndpointReconcileTTL time.Duration - - // Selects which reconciler to use - EndpointReconcilerType reconcilers.Type - - ServiceAccountIssuer serviceaccount.TokenGenerator - ServiceAccountMaxExpiration time.Duration - ExtendExpiration bool - - // ServiceAccountIssuerDiscovery - ServiceAccountIssuerURL string - ServiceAccountJWKSURI string - ServiceAccountPublicKeys []interface{} - - VersionedInformers informers.SharedInformerFactory - - // RepairServicesInterval interval used by the repair loops for - // the Services NodePort and ClusterIP resources - RepairServicesInterval time.Duration -} - -// Config defines configuration for the master -type Config struct { - GenericConfig *genericapiserver.Config - ExtraConfig ExtraConfig -} - -type completedConfig struct { - GenericConfig genericapiserver.CompletedConfig - ExtraConfig *ExtraConfig -} - -// CompletedConfig embeds a private pointer that cannot be instantiated outside of this package -type CompletedConfig struct { - *completedConfig -} - -// EndpointReconcilerConfig holds the endpoint reconciler and endpoint reconciliation interval to be -// used by the master. -type EndpointReconcilerConfig struct { - Reconciler reconcilers.EndpointReconciler - Interval time.Duration -} - -// Instance contains state for a Kubernetes cluster api server instance. -type Instance struct { - GenericAPIServer *genericapiserver.GenericAPIServer - - ClusterAuthenticationInfo clusterauthenticationtrust.ClusterAuthenticationInfo -} - -func (c *Config) createMasterCountReconciler() reconcilers.EndpointReconciler { - endpointClient := corev1client.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig) - endpointSliceClient := discoveryclient.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig) - endpointsAdapter := reconcilers.NewEndpointsAdapter(endpointClient, endpointSliceClient) - - return reconcilers.NewMasterCountEndpointReconciler(c.ExtraConfig.MasterCount, endpointsAdapter) -} - -func (c *Config) createNoneReconciler() reconcilers.EndpointReconciler { - return reconcilers.NewNoneEndpointReconciler() -} - -func (c *Config) createLeaseReconciler() reconcilers.EndpointReconciler { - endpointClient := corev1client.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig) - endpointSliceClient := discoveryclient.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig) - endpointsAdapter := reconcilers.NewEndpointsAdapter(endpointClient, endpointSliceClient) - - ttl := c.ExtraConfig.MasterEndpointReconcileTTL - config, err := c.ExtraConfig.StorageFactory.NewConfig(api.Resource("apiServerIPInfo")) - if err != nil { - klog.Fatalf("Error creating storage factory config: %v", err) - } - masterLeases, err := reconcilers.NewLeases(config, "/masterleases/", ttl) - if err != nil { - klog.Fatalf("Error creating leases: %v", err) - } - - return reconcilers.NewLeaseEndpointReconciler(endpointsAdapter, masterLeases) -} - -func (c *Config) createEndpointReconciler() reconcilers.EndpointReconciler { - klog.Infof("Using reconciler: %v", c.ExtraConfig.EndpointReconcilerType) - switch c.ExtraConfig.EndpointReconcilerType { - // there are numerous test dependencies that depend on a default controller - case reconcilers.MasterCountReconcilerType: - return c.createMasterCountReconciler() - case "", reconcilers.LeaseEndpointReconcilerType: - return c.createLeaseReconciler() - case reconcilers.NoneEndpointReconcilerType: - return c.createNoneReconciler() - default: - klog.Fatalf("Reconciler not implemented: %v", c.ExtraConfig.EndpointReconcilerType) - } - return nil -} - -// Complete fills in any fields not set that are required to have valid data. It's mutating the receiver. -func (c *Config) Complete() CompletedConfig { - cfg := completedConfig{ - c.GenericConfig.Complete(c.ExtraConfig.VersionedInformers), - &c.ExtraConfig, - } - - serviceIPRange, apiServerServiceIP, err := ServiceIPRange(cfg.ExtraConfig.ServiceIPRange) - if err != nil { - klog.Fatalf("Error determining service IP ranges: %v", err) - } - if cfg.ExtraConfig.ServiceIPRange.IP == nil { - cfg.ExtraConfig.ServiceIPRange = serviceIPRange - } - if cfg.ExtraConfig.APIServerServiceIP == nil { - cfg.ExtraConfig.APIServerServiceIP = apiServerServiceIP - } - - discoveryAddresses := discovery.DefaultAddresses{DefaultAddress: cfg.GenericConfig.ExternalAddress} - discoveryAddresses.CIDRRules = append(discoveryAddresses.CIDRRules, - discovery.CIDRRule{IPRange: cfg.ExtraConfig.ServiceIPRange, Address: net.JoinHostPort(cfg.ExtraConfig.APIServerServiceIP.String(), strconv.Itoa(cfg.ExtraConfig.APIServerServicePort))}) - cfg.GenericConfig.DiscoveryAddresses = discoveryAddresses - - if cfg.ExtraConfig.ServiceNodePortRange.Size == 0 { - // TODO: Currently no way to specify an empty range (do we need to allow this?) - // We should probably allow this for clouds that don't require NodePort to do load-balancing (GCE) - // but then that breaks the strict nestedness of ServiceType. - // Review post-v1 - cfg.ExtraConfig.ServiceNodePortRange = kubeoptions.DefaultServiceNodePortRange - klog.Infof("Node port range unspecified. Defaulting to %v.", cfg.ExtraConfig.ServiceNodePortRange) - } - - if cfg.ExtraConfig.EndpointReconcilerConfig.Interval == 0 { - cfg.ExtraConfig.EndpointReconcilerConfig.Interval = DefaultEndpointReconcilerInterval - } - - if cfg.ExtraConfig.MasterEndpointReconcileTTL == 0 { - cfg.ExtraConfig.MasterEndpointReconcileTTL = DefaultEndpointReconcilerTTL - } - - if cfg.ExtraConfig.EndpointReconcilerConfig.Reconciler == nil { - cfg.ExtraConfig.EndpointReconcilerConfig.Reconciler = c.createEndpointReconciler() - } - - if cfg.ExtraConfig.RepairServicesInterval == 0 { - cfg.ExtraConfig.RepairServicesInterval = repairLoopInterval - } - - return CompletedConfig{&cfg} -} - -// New returns a new instance of Master from the given config. -// Certain config fields will be set to a default value if unset. -// Certain config fields must be specified, including: -// -// KubeletClientConfig -func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*Instance, error) { - if reflect.DeepEqual(c.ExtraConfig.KubeletClientConfig, kubeletclient.KubeletClientConfig{}) { - return nil, fmt.Errorf("Master.New() called with empty config.KubeletClientConfig") - } - - s, err := c.GenericConfig.New("kube-apiserver", delegationTarget) - if err != nil { - return nil, err - } - - if c.ExtraConfig.EnableLogsSupport { - routes.Logs{}.Install(s.Handler.GoRestfulContainer) - } - - // Metadata and keys are expected to only change across restarts at present, - // so we just marshal immediately and serve the cached JSON bytes. - md, err := serviceaccount.NewOpenIDMetadata( - c.ExtraConfig.ServiceAccountIssuerURL, - c.ExtraConfig.ServiceAccountJWKSURI, - c.GenericConfig.ExternalAddress, - c.ExtraConfig.ServiceAccountPublicKeys, - ) - if err != nil { - // If there was an error, skip installing the endpoints and log the - // error, but continue on. We don't return the error because the - // metadata responses require additional, backwards incompatible - // validation of command-line options. - msg := fmt.Sprintf("Could not construct pre-rendered responses for"+ - " ServiceAccountIssuerDiscovery endpoints. Endpoints will not be"+ - " enabled. Error: %v", err) - if c.ExtraConfig.ServiceAccountIssuerURL != "" { - // The user likely expects this feature to be enabled if issuer URL is - // set and the feature gate is enabled. In the future, if there is no - // longer a feature gate and issuer URL is not set, the user may not - // expect this feature to be enabled. We log the former case as an Error - // and the latter case as an Info. - klog.Error(msg) - } else { - klog.Info(msg) - } - } else { - routes.NewOpenIDMetadataServer(md.ConfigJSON, md.PublicKeysetJSON). - Install(s.Handler.GoRestfulContainer) - } - - m := &Instance{ - GenericAPIServer: s, - ClusterAuthenticationInfo: c.ExtraConfig.ClusterAuthenticationInfo, - } - - // install legacy rest storage - - if err := m.InstallLegacyAPI(&c, c.GenericConfig.RESTOptionsGetter); err != nil { - return nil, err - } - - clientset, err := kubernetes.NewForConfig(c.GenericConfig.LoopbackClientConfig) - if err != nil { - return nil, err - } - - // TODO: update to a version that caches success but will recheck on failure, unlike memcache discovery - discoveryClientForAdmissionRegistration := clientset.Discovery() - - // The order here is preserved in discovery. - // If resources with identical names exist in more than one of these groups (e.g. "deployments.apps"" and "deployments.extensions"), - // the order of this list determines which group an unqualified resource name (e.g. "deployments") should prefer. - // This priority order is used for local discovery, but it ends up aggregated in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go - // with specific priorities. - // TODO: describe the priority all the way down in the RESTStorageProviders and plumb it back through the various discovery - // handlers that we have. - restStorageProviders := []RESTStorageProvider{ - apiserverinternalrest.StorageProvider{}, - authenticationrest.RESTStorageProvider{Authenticator: c.GenericConfig.Authentication.Authenticator, APIAudiences: c.GenericConfig.Authentication.APIAudiences}, - authorizationrest.RESTStorageProvider{Authorizer: c.GenericConfig.Authorization.Authorizer, RuleResolver: c.GenericConfig.RuleResolver}, - autoscalingrest.RESTStorageProvider{}, - batchrest.RESTStorageProvider{}, - certificatesrest.RESTStorageProvider{}, - coordinationrest.RESTStorageProvider{}, - discoveryrest.StorageProvider{}, - networkingrest.RESTStorageProvider{}, - noderest.RESTStorageProvider{}, - policyrest.RESTStorageProvider{}, - rbacrest.RESTStorageProvider{Authorizer: c.GenericConfig.Authorization.Authorizer}, - schedulingrest.RESTStorageProvider{}, - storagerest.RESTStorageProvider{}, - flowcontrolrest.RESTStorageProvider{InformerFactory: c.GenericConfig.SharedInformerFactory}, - // keep apps after extensions so legacy clients resolve the extensions versions of shared resource names. - // See https://github.com/kubernetes/kubernetes/issues/42392 - appsrest.StorageProvider{}, - admissionregistrationrest.RESTStorageProvider{Authorizer: c.GenericConfig.Authorization.Authorizer, DiscoveryClient: discoveryClientForAdmissionRegistration}, - eventsrest.RESTStorageProvider{TTL: c.ExtraConfig.EventTTL}, - resourcerest.RESTStorageProvider{}, - } - if err := m.InstallAPIs(c.ExtraConfig.APIResourceConfigSource, c.GenericConfig.RESTOptionsGetter, restStorageProviders...); err != nil { - return nil, err - } - - m.GenericAPIServer.AddPostStartHookOrDie("start-cluster-authentication-info-controller", func(hookContext genericapiserver.PostStartHookContext) error { - kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - return err - } - controller := clusterauthenticationtrust.NewClusterAuthenticationTrustController(m.ClusterAuthenticationInfo, kubeClient) - - // generate a context from stopCh. This is to avoid modifying files which are relying on apiserver - // TODO: See if we can pass ctx to the current method - ctx, cancel := context.WithCancel(context.Background()) - go func() { - select { - case <-hookContext.StopCh: - cancel() // stopCh closed, so cancel our context - case <-ctx.Done(): - } - }() - - // prime values and start listeners - if m.ClusterAuthenticationInfo.ClientCA != nil { - m.ClusterAuthenticationInfo.ClientCA.AddListener(controller) - if controller, ok := m.ClusterAuthenticationInfo.ClientCA.(dynamiccertificates.ControllerRunner); ok { - // runonce to be sure that we have a value. - if err := controller.RunOnce(ctx); err != nil { - runtime.HandleError(err) - } - go controller.Run(ctx, 1) - } - } - if m.ClusterAuthenticationInfo.RequestHeaderCA != nil { - m.ClusterAuthenticationInfo.RequestHeaderCA.AddListener(controller) - if controller, ok := m.ClusterAuthenticationInfo.RequestHeaderCA.(dynamiccertificates.ControllerRunner); ok { - // runonce to be sure that we have a value. - if err := controller.RunOnce(ctx); err != nil { - runtime.HandleError(err) - } - go controller.Run(ctx, 1) - } - } - - go controller.Run(ctx, 1) - return nil - }) - - if utilfeature.DefaultFeatureGate.Enabled(apiserverfeatures.APIServerIdentity) { - m.GenericAPIServer.AddPostStartHookOrDie("start-kube-apiserver-identity-lease-controller", func(hookContext genericapiserver.PostStartHookContext) error { - kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - return err - } - - leaseName := m.GenericAPIServer.APIServerID - holderIdentity := m.GenericAPIServer.APIServerID + "_" + string(uuid.NewUUID()) - - controller := lease.NewController( - clock.RealClock{}, - kubeClient, - holderIdentity, - int32(IdentityLeaseDurationSeconds), - nil, - IdentityLeaseRenewIntervalPeriod, - leaseName, - metav1.NamespaceSystem, - labelAPIServerHeartbeat) - go controller.Run(hookContext.StopCh) - return nil - }) - m.GenericAPIServer.AddPostStartHookOrDie("start-kube-apiserver-identity-lease-garbage-collector", func(hookContext genericapiserver.PostStartHookContext) error { - kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - return err - } - go apiserverleasegc.NewAPIServerLeaseGC( - kubeClient, - IdentityLeaseGCPeriod, - metav1.NamespaceSystem, - KubeAPIServerIdentityLeaseLabelSelector, - ).Run(hookContext.StopCh) - return nil - }) - } - - m.GenericAPIServer.AddPostStartHookOrDie("start-legacy-token-tracking-controller", func(hookContext genericapiserver.PostStartHookContext) error { - kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - return err - } - go legacytokentracking.NewController(kubeClient).Run(hookContext.StopCh) - return nil - }) - - return m, nil -} - -func labelAPIServerHeartbeat(lease *coordinationapiv1.Lease) error { - if lease.Labels == nil { - lease.Labels = map[string]string{} - } - // This label indicates that kube-apiserver owns this identity lease object - lease.Labels[IdentityLeaseComponentLabelKey] = KubeAPIServer - - hostname, err := os.Hostname() - if err != nil { - return err - } - - // convenience label to easily map a lease object to a specific apiserver - lease.Labels[apiv1.LabelHostname] = hostname - return nil -} - -// InstallLegacyAPI will install the legacy APIs for the restStorageProviders if they are enabled. -func (m *Instance) InstallLegacyAPI(c *completedConfig, restOptionsGetter generic.RESTOptionsGetter) error { - legacyRESTStorageProvider := corerest.LegacyRESTStorageProvider{ - StorageFactory: c.ExtraConfig.StorageFactory, - ProxyTransport: c.ExtraConfig.ProxyTransport, - KubeletClientConfig: c.ExtraConfig.KubeletClientConfig, - EventTTL: c.ExtraConfig.EventTTL, - ServiceIPRange: c.ExtraConfig.ServiceIPRange, - SecondaryServiceIPRange: c.ExtraConfig.SecondaryServiceIPRange, - ServiceNodePortRange: c.ExtraConfig.ServiceNodePortRange, - LoopbackClientConfig: c.GenericConfig.LoopbackClientConfig, - ServiceAccountIssuer: c.ExtraConfig.ServiceAccountIssuer, - ExtendExpiration: c.ExtraConfig.ExtendExpiration, - ServiceAccountMaxExpiration: c.ExtraConfig.ServiceAccountMaxExpiration, - APIAudiences: c.GenericConfig.Authentication.APIAudiences, - } - legacyRESTStorage, apiGroupInfo, err := legacyRESTStorageProvider.NewLegacyRESTStorage(c.ExtraConfig.APIResourceConfigSource, restOptionsGetter) - if err != nil { - return fmt.Errorf("error building core storage: %v", err) - } - if len(apiGroupInfo.VersionedResourcesStorageMap) == 0 { // if all core storage is disabled, return. - return nil - } - - controllerName := "bootstrap-controller" - client := kubernetes.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig) - bootstrapController, err := c.NewBootstrapController(legacyRESTStorage, client) - if err != nil { - return fmt.Errorf("error creating bootstrap controller: %v", err) - } - m.GenericAPIServer.AddPostStartHookOrDie(controllerName, bootstrapController.PostStartHook) - m.GenericAPIServer.AddPreShutdownHookOrDie(controllerName, bootstrapController.PreShutdownHook) - - if err := m.GenericAPIServer.InstallLegacyAPIGroup(genericapiserver.DefaultLegacyAPIPrefix, &apiGroupInfo); err != nil { - return fmt.Errorf("error in registering group versions: %v", err) - } - return nil -} - -// RESTStorageProvider is a factory type for REST storage. -type RESTStorageProvider interface { - GroupName() string - NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) -} - -// InstallAPIs will install the APIs for the restStorageProviders if they are enabled. -func (m *Instance) InstallAPIs(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter, restStorageProviders ...RESTStorageProvider) error { - apiGroupsInfo := []*genericapiserver.APIGroupInfo{} - - // used later in the loop to filter the served resource by those that have expired. - resourceExpirationEvaluator, err := genericapiserver.NewResourceExpirationEvaluator(*m.GenericAPIServer.Version) - if err != nil { - return err - } - - for _, restStorageBuilder := range restStorageProviders { - groupName := restStorageBuilder.GroupName() - apiGroupInfo, err := restStorageBuilder.NewRESTStorage(apiResourceConfigSource, restOptionsGetter) - if err != nil { - return fmt.Errorf("problem initializing API group %q : %v", groupName, err) - } - if len(apiGroupInfo.VersionedResourcesStorageMap) == 0 { - // If we have no storage for any resource configured, this API group is effectively disabled. - // This can happen when an entire API group, version, or development-stage (alpha, beta, GA) is disabled. - klog.Infof("API group %q is not enabled, skipping.", groupName) - continue - } - - // Remove resources that serving kinds that are removed. - // We do this here so that we don't accidentally serve versions without resources or openapi information that for kinds we don't serve. - // This is a spot above the construction of individual storage handlers so that no sig accidentally forgets to check. - resourceExpirationEvaluator.RemoveDeletedKinds(groupName, apiGroupInfo.Scheme, apiGroupInfo.VersionedResourcesStorageMap) - if len(apiGroupInfo.VersionedResourcesStorageMap) == 0 { - klog.V(1).Infof("Removing API group %v because it is time to stop serving it because it has no versions per APILifecycle.", groupName) - continue - } - - klog.V(1).Infof("Enabling API group %q.", groupName) - - if postHookProvider, ok := restStorageBuilder.(genericapiserver.PostStartHookProvider); ok { - name, hook, err := postHookProvider.PostStartHook() - if err != nil { - klog.Fatalf("Error building PostStartHook: %v", err) - } - m.GenericAPIServer.AddPostStartHookOrDie(name, hook) - } - - apiGroupsInfo = append(apiGroupsInfo, &apiGroupInfo) - } - - if err := m.GenericAPIServer.InstallAPIGroups(apiGroupsInfo...); err != nil { - return fmt.Errorf("error in registering group versions: %v", err) - } - return nil -} - -var ( - // stableAPIGroupVersionsEnabledByDefault is a list of our stable versions. - stableAPIGroupVersionsEnabledByDefault = []schema.GroupVersion{ - admissionregistrationv1.SchemeGroupVersion, - apiv1.SchemeGroupVersion, - appsv1.SchemeGroupVersion, - authenticationv1.SchemeGroupVersion, - authorizationapiv1.SchemeGroupVersion, - autoscalingapiv1.SchemeGroupVersion, - autoscalingapiv2.SchemeGroupVersion, - batchapiv1.SchemeGroupVersion, - certificatesapiv1.SchemeGroupVersion, - coordinationapiv1.SchemeGroupVersion, - discoveryv1.SchemeGroupVersion, - eventsv1.SchemeGroupVersion, - networkingapiv1.SchemeGroupVersion, - nodev1.SchemeGroupVersion, - policyapiv1.SchemeGroupVersion, - rbacv1.SchemeGroupVersion, - storageapiv1.SchemeGroupVersion, - schedulingapiv1.SchemeGroupVersion, - } - - // legacyBetaEnabledByDefaultResources is the list of beta resources we enable. You may only add to this list - // if your resource is already enabled by default in a beta level we still serve AND there is no stable API for it. - // see https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/3136-beta-apis-off-by-default - // for more details. - legacyBetaEnabledByDefaultResources = []schema.GroupVersionResource{ - autoscalingapiv2beta2.SchemeGroupVersion.WithResource("horizontalpodautoscalers"), // remove in 1.26 - storageapiv1beta1.SchemeGroupVersion.WithResource("csistoragecapacities"), // remove in 1.27 - flowcontrolv1beta1.SchemeGroupVersion.WithResource("flowschemas"), // remove in 1.26 - flowcontrolv1beta1.SchemeGroupVersion.WithResource("prioritylevelconfigurations"), // remove in 1.26 - flowcontrolv1beta2.SchemeGroupVersion.WithResource("flowschemas"), // remove in 1.29 - flowcontrolv1beta2.SchemeGroupVersion.WithResource("prioritylevelconfigurations"), // remove in 1.29 - flowcontrolv1beta3.SchemeGroupVersion.WithResource("flowschemas"), // deprecate in 1.29, remove in 1.32 - flowcontrolv1beta3.SchemeGroupVersion.WithResource("prioritylevelconfigurations"), // deprecate in 1.29, remove in 1.32 - } - // betaAPIGroupVersionsDisabledByDefault is for all future beta groupVersions. - betaAPIGroupVersionsDisabledByDefault = []schema.GroupVersion{ - autoscalingapiv2beta1.SchemeGroupVersion, - autoscalingapiv2beta2.SchemeGroupVersion, - batchapiv1beta1.SchemeGroupVersion, - discoveryv1beta1.SchemeGroupVersion, - eventsv1beta1.SchemeGroupVersion, - nodev1beta1.SchemeGroupVersion, // remove in 1.26 - policyapiv1beta1.SchemeGroupVersion, - storageapiv1beta1.SchemeGroupVersion, - flowcontrolv1beta1.SchemeGroupVersion, - flowcontrolv1beta2.SchemeGroupVersion, - flowcontrolv1beta3.SchemeGroupVersion, - } - - // alphaAPIGroupVersionsDisabledByDefault holds the alpha APIs we have. They are always disabled by default. - alphaAPIGroupVersionsDisabledByDefault = []schema.GroupVersion{ - admissionregistrationv1alpha1.SchemeGroupVersion, - apiserverinternalv1alpha1.SchemeGroupVersion, - authenticationv1alpha1.SchemeGroupVersion, - resourcev1alpha1.SchemeGroupVersion, - networkingapiv1alpha1.SchemeGroupVersion, - storageapiv1alpha1.SchemeGroupVersion, - flowcontrolv1alpha1.SchemeGroupVersion, - } -) - -// DefaultAPIResourceConfigSource returns default configuration for an APIResource. -func DefaultAPIResourceConfigSource() *serverstorage.ResourceConfig { - ret := serverstorage.NewResourceConfig() - // NOTE: GroupVersions listed here will be enabled by default. Don't put alpha or beta versions in the list. - ret.EnableVersions(stableAPIGroupVersionsEnabledByDefault...) - - // disable alpha and beta versions explicitly so we have a full list of what's possible to serve - ret.DisableVersions(betaAPIGroupVersionsDisabledByDefault...) - ret.DisableVersions(alphaAPIGroupVersionsDisabledByDefault...) - - // enable the legacy beta resources that were present before stopped serving new beta APIs by default. - ret.EnableResources(legacyBetaEnabledByDefaultResources...) - - return ret -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/doc.go deleted file mode 100644 index d397aab778..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package reconcilers provides objects for managing the list of active masters. -// NOTE: The Lease reconciler is not the intended way for any apiserver other -// than kube-apiserver to accomplish the task of Endpoint registration. This is -// a special case for the time being. -package reconcilers diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/endpointsadapter.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/endpointsadapter.go deleted file mode 100644 index e1350fac21..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/endpointsadapter.go +++ /dev/null @@ -1,206 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconcilers - -import ( - "context" - - corev1 "k8s.io/api/core/v1" - discovery "k8s.io/api/discovery/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - discoveryclient "k8s.io/client-go/kubernetes/typed/discovery/v1" - utilnet "k8s.io/utils/net" -) - -// EndpointsAdapter provides a simple interface for reading and writing both -// Endpoints and Endpoint Slices. -// NOTE: This is an incomplete adapter implementation that is only suitable for -// use in this package. This takes advantage of the Endpoints used in this -// package always having a consistent set of ports, a single subset, and a small -// set of addresses. Any more complex Endpoints resource would likely translate -// into multiple Endpoint Slices creating significantly more complexity instead -// of the 1:1 mapping this allows. -type EndpointsAdapter struct { - endpointClient corev1client.EndpointsGetter - endpointSliceClient discoveryclient.EndpointSlicesGetter -} - -// NewEndpointsAdapter returns a new EndpointsAdapter. -func NewEndpointsAdapter(endpointClient corev1client.EndpointsGetter, endpointSliceClient discoveryclient.EndpointSlicesGetter) EndpointsAdapter { - return EndpointsAdapter{ - endpointClient: endpointClient, - endpointSliceClient: endpointSliceClient, - } -} - -// Get takes the name and namespace of the Endpoints resource, and returns a -// corresponding Endpoints object if it exists, and an error if there is any. -func (adapter *EndpointsAdapter) Get(namespace, name string, getOpts metav1.GetOptions) (*corev1.Endpoints, error) { - return adapter.endpointClient.Endpoints(namespace).Get(context.TODO(), name, getOpts) -} - -// Create accepts a namespace and Endpoints object and creates the Endpoints -// object and matching EndpointSlice. The created Endpoints object or an error will be -// returned. -func (adapter *EndpointsAdapter) Create(namespace string, endpoints *corev1.Endpoints) (*corev1.Endpoints, error) { - endpoints, err := adapter.endpointClient.Endpoints(namespace).Create(context.TODO(), endpoints, metav1.CreateOptions{}) - if err == nil { - err = adapter.EnsureEndpointSliceFromEndpoints(namespace, endpoints) - } - return endpoints, err -} - -// Update accepts a namespace and Endpoints object and updates it and its -// matching EndpointSlice. The updated Endpoints object or an error will be returned. -func (adapter *EndpointsAdapter) Update(namespace string, endpoints *corev1.Endpoints) (*corev1.Endpoints, error) { - endpoints, err := adapter.endpointClient.Endpoints(namespace).Update(context.TODO(), endpoints, metav1.UpdateOptions{}) - if err == nil { - err = adapter.EnsureEndpointSliceFromEndpoints(namespace, endpoints) - } - return endpoints, err -} - -// EnsureEndpointSliceFromEndpoints accepts a namespace and Endpoints resource -// and creates or updates a corresponding EndpointSlice. An error will be returned -// if it fails to sync the EndpointSlice. -func (adapter *EndpointsAdapter) EnsureEndpointSliceFromEndpoints(namespace string, endpoints *corev1.Endpoints) error { - endpointSlice := endpointSliceFromEndpoints(endpoints) - currentEndpointSlice, err := adapter.endpointSliceClient.EndpointSlices(namespace).Get(context.TODO(), endpointSlice.Name, metav1.GetOptions{}) - - if err != nil { - if errors.IsNotFound(err) { - if _, err = adapter.endpointSliceClient.EndpointSlices(namespace).Create(context.TODO(), endpointSlice, metav1.CreateOptions{}); errors.IsAlreadyExists(err) { - err = nil - } - } - return err - } - - // required for transition from IP to IPv4 address type. - if currentEndpointSlice.AddressType != endpointSlice.AddressType { - err = adapter.endpointSliceClient.EndpointSlices(namespace).Delete(context.TODO(), endpointSlice.Name, metav1.DeleteOptions{}) - if err != nil { - return err - } - _, err = adapter.endpointSliceClient.EndpointSlices(namespace).Create(context.TODO(), endpointSlice, metav1.CreateOptions{}) - return err - } - - if apiequality.Semantic.DeepEqual(currentEndpointSlice.Endpoints, endpointSlice.Endpoints) && - apiequality.Semantic.DeepEqual(currentEndpointSlice.Ports, endpointSlice.Ports) && - apiequality.Semantic.DeepEqual(currentEndpointSlice.Labels, endpointSlice.Labels) { - return nil - } - - _, err = adapter.endpointSliceClient.EndpointSlices(namespace).Update(context.TODO(), endpointSlice, metav1.UpdateOptions{}) - return err -} - -// endpointSliceFromEndpoints generates an EndpointSlice from an Endpoints -// resource. -func endpointSliceFromEndpoints(endpoints *corev1.Endpoints) *discovery.EndpointSlice { - endpointSlice := &discovery.EndpointSlice{} - endpointSlice.Name = endpoints.Name - endpointSlice.Namespace = endpoints.Namespace - endpointSlice.Labels = map[string]string{discovery.LabelServiceName: endpoints.Name} - - // TODO: Add support for dual stack here (and in the rest of - // EndpointsAdapter). - endpointSlice.AddressType = discovery.AddressTypeIPv4 - - if len(endpoints.Subsets) > 0 { - subset := endpoints.Subsets[0] - for i := range subset.Ports { - endpointSlice.Ports = append(endpointSlice.Ports, discovery.EndpointPort{ - Port: &subset.Ports[i].Port, - Name: &subset.Ports[i].Name, - Protocol: &subset.Ports[i].Protocol, - }) - } - - if allAddressesIPv6(append(subset.Addresses, subset.NotReadyAddresses...)) { - endpointSlice.AddressType = discovery.AddressTypeIPv6 - } - - endpointSlice.Endpoints = append(endpointSlice.Endpoints, getEndpointsFromAddresses(subset.Addresses, endpointSlice.AddressType, true)...) - endpointSlice.Endpoints = append(endpointSlice.Endpoints, getEndpointsFromAddresses(subset.NotReadyAddresses, endpointSlice.AddressType, false)...) - } - - return endpointSlice -} - -// getEndpointsFromAddresses returns a list of Endpoints from addresses that -// match the provided address type. -func getEndpointsFromAddresses(addresses []corev1.EndpointAddress, addressType discovery.AddressType, ready bool) []discovery.Endpoint { - endpoints := []discovery.Endpoint{} - isIPv6AddressType := addressType == discovery.AddressTypeIPv6 - - for _, address := range addresses { - if utilnet.IsIPv6String(address.IP) == isIPv6AddressType { - endpoints = append(endpoints, endpointFromAddress(address, ready)) - } - } - - return endpoints -} - -// endpointFromAddress generates an Endpoint from an EndpointAddress resource. -func endpointFromAddress(address corev1.EndpointAddress, ready bool) discovery.Endpoint { - ep := discovery.Endpoint{ - Addresses: []string{address.IP}, - Conditions: discovery.EndpointConditions{Ready: &ready}, - TargetRef: address.TargetRef, - } - - if address.NodeName != nil { - ep.NodeName = address.NodeName - } - - return ep -} - -// allAddressesIPv6 returns true if all provided addresses are IPv6. -func allAddressesIPv6(addresses []corev1.EndpointAddress) bool { - if len(addresses) == 0 { - return false - } - - for _, address := range addresses { - if !utilnet.IsIPv6String(address.IP) { - return false - } - } - - return true -} - -// setSkipMirrorTrue sets endpointslice.kubernetes.io/skip-mirror to true. It -// returns true if this has resulted in a change to the Endpoints resource. -func setSkipMirrorTrue(e *corev1.Endpoints) bool { - skipMirrorVal, ok := e.Labels[discovery.LabelSkipMirror] - if !ok || skipMirrorVal != "true" { - if e.Labels == nil { - e.Labels = map[string]string{} - } - e.Labels[discovery.LabelSkipMirror] = "true" - return true - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/instancecount.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/instancecount.go deleted file mode 100644 index 6b6282800a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/instancecount.go +++ /dev/null @@ -1,219 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package reconcilers master count based reconciler -package reconcilers - -import ( - "net" - "sync" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/util/retry" - "k8s.io/klog/v2" - endpointsv1 "k8s.io/kubernetes/pkg/api/v1/endpoints" -) - -// masterCountEndpointReconciler reconciles endpoints based on a specified expected number of -// masters. masterCountEndpointReconciler implements EndpointReconciler. -type masterCountEndpointReconciler struct { - masterCount int - epAdapter EndpointsAdapter - stopReconcilingCalled bool - reconcilingLock sync.Mutex -} - -// NewMasterCountEndpointReconciler creates a new EndpointReconciler that reconciles based on a -// specified expected number of masters. -func NewMasterCountEndpointReconciler(masterCount int, epAdapter EndpointsAdapter) EndpointReconciler { - return &masterCountEndpointReconciler{ - masterCount: masterCount, - epAdapter: epAdapter, - } -} - -// ReconcileEndpoints sets the endpoints for the given apiserver service (ro or rw). -// ReconcileEndpoints expects that the endpoints objects it manages will all be -// managed only by ReconcileEndpoints; therefore, to understand this, you need only -// understand the requirements and the body of this function. -// -// Requirements: -// - All apiservers MUST use the same ports for their {rw, ro} services. -// - All apiservers MUST use ReconcileEndpoints and only ReconcileEndpoints to manage the -// endpoints for their {rw, ro} services. -// - All apiservers MUST know and agree on the number of apiservers expected -// to be running (c.masterCount). -// - ReconcileEndpoints is called periodically from all apiservers. -func (r *masterCountEndpointReconciler) ReconcileEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort, reconcilePorts bool) error { - r.reconcilingLock.Lock() - defer r.reconcilingLock.Unlock() - - if r.stopReconcilingCalled { - return nil - } - - e, err := r.epAdapter.Get(metav1.NamespaceDefault, serviceName, metav1.GetOptions{}) - if err != nil { - e = &corev1.Endpoints{ - ObjectMeta: metav1.ObjectMeta{ - Name: serviceName, - Namespace: metav1.NamespaceDefault, - }, - } - } - - // Don't use the EndpointSliceMirroring controller to mirror this to - // EndpointSlices. This may change in the future. - skipMirrorChanged := setSkipMirrorTrue(e) - - if errors.IsNotFound(err) { - // Simply create non-existing endpoints for the service. - e.Subsets = []corev1.EndpointSubset{{ - Addresses: []corev1.EndpointAddress{{IP: ip.String()}}, - Ports: endpointPorts, - }} - _, err = r.epAdapter.Create(metav1.NamespaceDefault, e) - return err - } - - // First, determine if the endpoint is in the format we expect (one - // subset, ports matching endpointPorts, N IP addresses). - formatCorrect, ipCorrect, portsCorrect := checkEndpointSubsetFormat(e, ip.String(), endpointPorts, r.masterCount, reconcilePorts) - if !formatCorrect { - // Something is egregiously wrong, just re-make the endpoints record. - e.Subsets = []corev1.EndpointSubset{{ - Addresses: []corev1.EndpointAddress{{IP: ip.String()}}, - Ports: endpointPorts, - }} - klog.Warningf("Resetting endpoints for master service %q to %#v", serviceName, e) - _, err = r.epAdapter.Update(metav1.NamespaceDefault, e) - return err - } - - if !skipMirrorChanged && ipCorrect && portsCorrect { - return r.epAdapter.EnsureEndpointSliceFromEndpoints(metav1.NamespaceDefault, e) - } - if !ipCorrect { - // We *always* add our own IP address. - e.Subsets[0].Addresses = append(e.Subsets[0].Addresses, corev1.EndpointAddress{IP: ip.String()}) - - // Lexicographic order is retained by this step. - e.Subsets = endpointsv1.RepackSubsets(e.Subsets) - - // If too many IP addresses, remove the ones lexicographically after our - // own IP address. Given the requirements stated at the top of - // this function, this should cause the list of IP addresses to - // become eventually correct. - if addrs := &e.Subsets[0].Addresses; len(*addrs) > r.masterCount { - // addrs is a pointer because we're going to mutate it. - for i, addr := range *addrs { - if addr.IP == ip.String() { - for len(*addrs) > r.masterCount { - // wrap around if necessary. - remove := (i + 1) % len(*addrs) - *addrs = append((*addrs)[:remove], (*addrs)[remove+1:]...) - } - break - } - } - } - } - if !portsCorrect { - // Reset ports. - e.Subsets[0].Ports = endpointPorts - } - klog.Warningf("Resetting endpoints for master service %q to %v", serviceName, e) - _, err = r.epAdapter.Update(metav1.NamespaceDefault, e) - return err -} - -func (r *masterCountEndpointReconciler) RemoveEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort) error { - r.reconcilingLock.Lock() - defer r.reconcilingLock.Unlock() - - e, err := r.epAdapter.Get(metav1.NamespaceDefault, serviceName, metav1.GetOptions{}) - if err != nil { - if errors.IsNotFound(err) { - // Endpoint doesn't exist - return nil - } - return err - } - - if len(e.Subsets) == 0 { - // no action is needed to remove the endpoint - return nil - } - // Remove our IP from the list of addresses - new := []corev1.EndpointAddress{} - for _, addr := range e.Subsets[0].Addresses { - if addr.IP != ip.String() { - new = append(new, addr) - } - } - e.Subsets[0].Addresses = new - e.Subsets = endpointsv1.RepackSubsets(e.Subsets) - err = retry.RetryOnConflict(retry.DefaultBackoff, func() error { - _, err := r.epAdapter.Update(metav1.NamespaceDefault, e) - return err - }) - return err -} - -func (r *masterCountEndpointReconciler) StopReconciling() { - r.reconcilingLock.Lock() - defer r.reconcilingLock.Unlock() - r.stopReconcilingCalled = true -} - -func (r *masterCountEndpointReconciler) Destroy() { -} - -// Determine if the endpoint is in the format ReconcileEndpoints expects. -// -// Return values: -// - formatCorrect is true if exactly one subset is found. -// - ipCorrect is true when current master's IP is found and the number -// of addresses is less than or equal to the master count. -// - portsCorrect is true when endpoint ports exactly match provided ports. -// portsCorrect is only evaluated when reconcilePorts is set to true. -func checkEndpointSubsetFormat(e *corev1.Endpoints, ip string, ports []corev1.EndpointPort, count int, reconcilePorts bool) (formatCorrect bool, ipCorrect bool, portsCorrect bool) { - if len(e.Subsets) != 1 { - return false, false, false - } - sub := &e.Subsets[0] - portsCorrect = true - if reconcilePorts { - if len(sub.Ports) != len(ports) { - portsCorrect = false - } - for i, port := range ports { - if len(sub.Ports) <= i || port != sub.Ports[i] { - portsCorrect = false - break - } - } - } - for _, addr := range sub.Addresses { - if addr.IP == ip { - ipCorrect = len(sub.Addresses) <= count - break - } - } - return true, ipCorrect, portsCorrect -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/lease.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/lease.go deleted file mode 100644 index 9911d6a427..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/lease.go +++ /dev/null @@ -1,331 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconcilers - -/* -Original Source: -https://github.com/openshift/origin/blob/bb340c5dd5ff72718be86fb194dedc0faed7f4c7/pkg/cmd/server/election/lease_endpoint_reconciler.go -*/ - -import ( - "fmt" - "net" - "path" - "sync" - "time" - - "k8s.io/klog/v2" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - kruntime "k8s.io/apimachinery/pkg/runtime" - apirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/storagebackend" - storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory" - endpointsv1 "k8s.io/kubernetes/pkg/api/v1/endpoints" -) - -// Leases is an interface which assists in managing the set of active masters -type Leases interface { - // ListLeases retrieves a list of the current master IPs - ListLeases() ([]string, error) - - // UpdateLease adds or refreshes a master's lease - UpdateLease(ip string) error - - // RemoveLease removes a master's lease - RemoveLease(ip string) error - - // Destroy cleans up everything on shutdown. - Destroy() -} - -type storageLeases struct { - storage storage.Interface - destroyFn func() - baseKey string - leaseTime time.Duration -} - -var _ Leases = &storageLeases{} - -// ListLeases retrieves a list of the current master IPs from storage -func (s *storageLeases) ListLeases() ([]string, error) { - ipInfoList := &corev1.EndpointsList{} - storageOpts := storage.ListOptions{ - ResourceVersion: "0", - ResourceVersionMatch: metav1.ResourceVersionMatchNotOlderThan, - Predicate: storage.Everything, - Recursive: true, - } - if err := s.storage.GetList(apirequest.NewDefaultContext(), s.baseKey, storageOpts, ipInfoList); err != nil { - return nil, err - } - - ipList := make([]string, 0, len(ipInfoList.Items)) - for _, ip := range ipInfoList.Items { - if len(ip.Subsets) > 0 && len(ip.Subsets[0].Addresses) > 0 && len(ip.Subsets[0].Addresses[0].IP) > 0 { - ipList = append(ipList, ip.Subsets[0].Addresses[0].IP) - } - } - - klog.V(6).Infof("Current master IPs listed in storage are %v", ipList) - - return ipList, nil -} - -// UpdateLease resets the TTL on a master IP in storage -func (s *storageLeases) UpdateLease(ip string) error { - key := path.Join(s.baseKey, ip) - return s.storage.GuaranteedUpdate(apirequest.NewDefaultContext(), key, &corev1.Endpoints{}, true, nil, func(input kruntime.Object, respMeta storage.ResponseMeta) (kruntime.Object, *uint64, error) { - // just make sure we've got the right IP set, and then refresh the TTL - existing := input.(*corev1.Endpoints) - existing.Subsets = []corev1.EndpointSubset{ - { - Addresses: []corev1.EndpointAddress{{IP: ip}}, - }, - } - - // leaseTime needs to be in seconds - leaseTime := uint64(s.leaseTime / time.Second) - - // NB: GuaranteedUpdate does not perform the store operation unless - // something changed between load and store (not including resource - // version), meaning we can't refresh the TTL without actually - // changing a field. - existing.Generation++ - - klog.V(6).Infof("Resetting TTL on master IP %q listed in storage to %v", ip, leaseTime) - - return existing, &leaseTime, nil - }, nil) -} - -// RemoveLease removes the lease on a master IP in storage -func (s *storageLeases) RemoveLease(ip string) error { - key := path.Join(s.baseKey, ip) - return s.storage.Delete(apirequest.NewDefaultContext(), key, &corev1.Endpoints{}, nil, rest.ValidateAllObjectFunc, nil) -} - -func (s *storageLeases) Destroy() { - s.destroyFn() -} - -// NewLeases creates a new etcd-based Leases implementation. -func NewLeases(config *storagebackend.ConfigForResource, baseKey string, leaseTime time.Duration) (Leases, error) { - leaseStorage, destroyFn, err := storagefactory.Create(*config, nil) - if err != nil { - return nil, fmt.Errorf("error creating storage factory: %v", err) - } - var once sync.Once - return &storageLeases{ - storage: leaseStorage, - destroyFn: func() { once.Do(destroyFn) }, - baseKey: baseKey, - leaseTime: leaseTime, - }, nil -} - -type leaseEndpointReconciler struct { - epAdapter EndpointsAdapter - masterLeases Leases - stopReconcilingCalled bool - reconcilingLock sync.Mutex -} - -// NewLeaseEndpointReconciler creates a new LeaseEndpoint reconciler -func NewLeaseEndpointReconciler(epAdapter EndpointsAdapter, masterLeases Leases) EndpointReconciler { - return &leaseEndpointReconciler{ - epAdapter: epAdapter, - masterLeases: masterLeases, - stopReconcilingCalled: false, - } -} - -// ReconcileEndpoints lists keys in a special etcd directory. -// Each key is expected to have a TTL of R+n, where R is the refresh interval -// at which this function is called, and n is some small value. If an -// apiserver goes down, it will fail to refresh its key's TTL and the key will -// expire. ReconcileEndpoints will notice that the endpoints object is -// different from the directory listing, and update the endpoints object -// accordingly. -func (r *leaseEndpointReconciler) ReconcileEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort, reconcilePorts bool) error { - r.reconcilingLock.Lock() - defer r.reconcilingLock.Unlock() - - if r.stopReconcilingCalled { - return nil - } - - // Refresh the TTL on our key, independently of whether any error or - // update conflict happens below. This makes sure that at least some of - // the masters will add our endpoint. - if err := r.masterLeases.UpdateLease(ip.String()); err != nil { - return err - } - - return r.doReconcile(serviceName, endpointPorts, reconcilePorts) -} - -func (r *leaseEndpointReconciler) doReconcile(serviceName string, endpointPorts []corev1.EndpointPort, reconcilePorts bool) error { - e, err := r.epAdapter.Get(corev1.NamespaceDefault, serviceName, metav1.GetOptions{}) - shouldCreate := false - if err != nil { - if !errors.IsNotFound(err) { - return err - } - - shouldCreate = true - e = &corev1.Endpoints{ - ObjectMeta: metav1.ObjectMeta{ - Name: serviceName, - Namespace: corev1.NamespaceDefault, - }, - } - } - - // ... and the list of master IP keys from etcd - masterIPs, err := r.masterLeases.ListLeases() - if err != nil { - return err - } - - // Since we just refreshed our own key, assume that zero endpoints - // returned from storage indicates an issue or invalid state, and thus do - // not update the endpoints list based on the result. - if len(masterIPs) == 0 { - return fmt.Errorf("no master IPs were listed in storage, refusing to erase all endpoints for the kubernetes service") - } - - // Don't use the EndpointSliceMirroring controller to mirror this to - // EndpointSlices. This may change in the future. - skipMirrorChanged := setSkipMirrorTrue(e) - - // Next, we compare the current list of endpoints with the list of master IP keys - formatCorrect, ipCorrect, portsCorrect := checkEndpointSubsetFormatWithLease(e, masterIPs, endpointPorts, reconcilePorts) - if !skipMirrorChanged && formatCorrect && ipCorrect && portsCorrect { - return r.epAdapter.EnsureEndpointSliceFromEndpoints(corev1.NamespaceDefault, e) - } - - if !formatCorrect { - // Something is egregiously wrong, just re-make the endpoints record. - e.Subsets = []corev1.EndpointSubset{{ - Addresses: []corev1.EndpointAddress{}, - Ports: endpointPorts, - }} - } - - if !formatCorrect || !ipCorrect { - // repopulate the addresses according to the expected IPs from etcd - e.Subsets[0].Addresses = make([]corev1.EndpointAddress, len(masterIPs)) - for ind, ip := range masterIPs { - e.Subsets[0].Addresses[ind] = corev1.EndpointAddress{IP: ip} - } - - // Lexicographic order is retained by this step. - e.Subsets = endpointsv1.RepackSubsets(e.Subsets) - } - - if !portsCorrect { - // Reset ports. - e.Subsets[0].Ports = endpointPorts - } - - klog.Warningf("Resetting endpoints for master service %q to %v", serviceName, masterIPs) - if shouldCreate { - if _, err = r.epAdapter.Create(corev1.NamespaceDefault, e); errors.IsAlreadyExists(err) { - err = nil - } - } else { - _, err = r.epAdapter.Update(corev1.NamespaceDefault, e) - } - return err -} - -// checkEndpointSubsetFormatWithLease determines if the endpoint is in the -// format ReconcileEndpoints expects when the controller is using leases. -// -// Return values: -// - formatCorrect is true if exactly one subset is found. -// - ipsCorrect when the addresses in the endpoints match the expected addresses list -// - portsCorrect is true when endpoint ports exactly match provided ports. -// portsCorrect is only evaluated when reconcilePorts is set to true. -func checkEndpointSubsetFormatWithLease(e *corev1.Endpoints, expectedIPs []string, ports []corev1.EndpointPort, reconcilePorts bool) (formatCorrect bool, ipsCorrect bool, portsCorrect bool) { - if len(e.Subsets) != 1 { - return false, false, false - } - sub := &e.Subsets[0] - portsCorrect = true - if reconcilePorts { - if len(sub.Ports) != len(ports) { - portsCorrect = false - } else { - for i, port := range ports { - if port != sub.Ports[i] { - portsCorrect = false - break - } - } - } - } - - ipsCorrect = true - if len(sub.Addresses) != len(expectedIPs) { - ipsCorrect = false - } else { - // check the actual content of the addresses - // present addrs is used as a set (the keys) and to indicate if a - // value was already found (the values) - presentAddrs := make(map[string]bool, len(expectedIPs)) - for _, ip := range expectedIPs { - presentAddrs[ip] = false - } - - // uniqueness is assumed amongst all Addresses. - for _, addr := range sub.Addresses { - if alreadySeen, ok := presentAddrs[addr.IP]; alreadySeen || !ok { - ipsCorrect = false - break - } - - presentAddrs[addr.IP] = true - } - } - - return true, ipsCorrect, portsCorrect -} - -func (r *leaseEndpointReconciler) RemoveEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort) error { - if err := r.masterLeases.RemoveLease(ip.String()); err != nil { - return err - } - - return r.doReconcile(serviceName, endpointPorts, true) -} - -func (r *leaseEndpointReconciler) StopReconciling() { - r.reconcilingLock.Lock() - defer r.reconcilingLock.Unlock() - r.stopReconcilingCalled = true -} - -func (r *leaseEndpointReconciler) Destroy() { - r.masterLeases.Destroy() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/none.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/none.go deleted file mode 100644 index e7ff7ea7e3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/none.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package reconcilers a noop based reconciler -package reconcilers - -import ( - "net" - - corev1 "k8s.io/api/core/v1" -) - -// NoneEndpointReconciler allows for the endpoint reconciler to be disabled -type noneEndpointReconciler struct{} - -// NewNoneEndpointReconciler creates a new EndpointReconciler that reconciles based on a -// nothing. It is a no-op. -func NewNoneEndpointReconciler() EndpointReconciler { - return &noneEndpointReconciler{} -} - -// ReconcileEndpoints noop reconcile -func (r *noneEndpointReconciler) ReconcileEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort, reconcilePorts bool) error { - return nil -} - -// RemoveEndpoints noop reconcile -func (r *noneEndpointReconciler) RemoveEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort) error { - return nil -} - -func (r *noneEndpointReconciler) StopReconciling() { -} - -func (r *noneEndpointReconciler) Destroy() { -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/reconcilers.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/reconcilers.go deleted file mode 100644 index b0dcd465ee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/reconcilers/reconcilers.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package reconcilers Endpoint Reconcilers for the apiserver -package reconcilers - -import ( - "net" - - corev1 "k8s.io/api/core/v1" -) - -// EndpointReconciler knows how to reconcile the endpoints for the apiserver service. -type EndpointReconciler interface { - // ReconcileEndpoints sets the endpoints for the given apiserver service (ro or rw). - // ReconcileEndpoints expects that the endpoints objects it manages will all be - // managed only by ReconcileEndpoints; therefore, to understand this, you need only - // understand the requirements. - // - // Requirements: - // * All apiservers MUST use the same ports for their {rw, ro} services. - // * All apiservers MUST use ReconcileEndpoints and only ReconcileEndpoints to manage the - // endpoints for their {rw, ro} services. - // * ReconcileEndpoints is called periodically from all apiservers. - ReconcileEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort, reconcilePorts bool) error - // RemoveEndpoints removes this apiserver's lease. - RemoveEndpoints(serviceName string, ip net.IP, endpointPorts []corev1.EndpointPort) error - // StopReconciling turns any later ReconcileEndpoints call into a noop. - StopReconciling() - // Destroy shuts down all internal structures. - // Destroy needs to be implemented in thread-safe way and be prepared for being - // called more than once. - Destroy() -} - -// Type the reconciler type -type Type string - -const ( - // MasterCountReconcilerType will select the original reconciler - MasterCountReconcilerType Type = "master-count" - // LeaseEndpointReconcilerType will select a storage based reconciler - LeaseEndpointReconcilerType Type = "lease" - // NoneEndpointReconcilerType will turn off the endpoint reconciler - NoneEndpointReconcilerType Type = "none" -) - -// Types an array of reconciler types -type Types []Type - -// AllTypes export all reconcilers -var AllTypes = Types{ - MasterCountReconcilerType, - LeaseEndpointReconcilerType, - NoneEndpointReconcilerType, -} - -// Names returns a slice of all the reconciler names -func (t Types) Names() []string { - strs := make([]string, len(t)) - for i, v := range t { - strs[i] = string(v) - } - return strs -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/services.go b/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/services.go deleted file mode 100644 index ca895764b4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/controlplane/services.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controlplane - -import ( - "fmt" - "net" - - "k8s.io/klog/v2" - "k8s.io/utils/integer" - utilnet "k8s.io/utils/net" - - kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options" -) - -// ServiceIPRange checks if the serviceClusterIPRange flag is nil, raising a warning if so and -// setting service ip range to the default value in kubeoptions.DefaultServiceIPCIDR -// for now until the default is removed per the deprecation timeline guidelines. -// Returns service ip range, api server service IP, and an error -func ServiceIPRange(passedServiceClusterIPRange net.IPNet) (net.IPNet, net.IP, error) { - serviceClusterIPRange := passedServiceClusterIPRange - if passedServiceClusterIPRange.IP == nil { - klog.Warningf("No CIDR for service cluster IPs specified. Default value which was %s is deprecated and will be removed in future releases. Please specify it using --service-cluster-ip-range on kube-apiserver.", kubeoptions.DefaultServiceIPCIDR.String()) - serviceClusterIPRange = kubeoptions.DefaultServiceIPCIDR - } - - size := integer.Int64Min(utilnet.RangeSize(&serviceClusterIPRange), 1<<16) - if size < 8 { - return net.IPNet{}, net.IP{}, fmt.Errorf("the service cluster IP range must be at least %d IP addresses", 8) - } - - // Select the first valid IP from ServiceClusterIPRange to use as the GenericAPIServer service IP. - apiServerServiceIP, err := utilnet.GetIndexedIP(&serviceClusterIPRange, 1) - if err != nil { - return net.IPNet{}, net.IP{}, err - } - klog.V(4).Infof("Setting service IP to %q (read-write).", apiServerServiceIP) - - return serviceClusterIPRange, apiServerServiceIP, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/features/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/features/OWNERS deleted file mode 100644 index 3e1dd9f081..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/features/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - feature-approvers diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/etcd/vendor/k8s.io/kubernetes/pkg/features/kube_features.go deleted file mode 100644 index 8847b83094..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ /dev/null @@ -1,1190 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package features - -import ( - "k8s.io/apimachinery/pkg/util/runtime" - genericfeatures "k8s.io/apiserver/pkg/features" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/component-base/featuregate" -) - -const ( - // Every feature gate should add method here following this template: - // - // // owner: @username - // // kep: https://kep.k8s.io/NNN - // // alpha: v1.X - // MyFeature featuregate.Feature = "MyFeature" - // - // Feature gates should be listed in alphabetical, case-sensitive - // (upper before any lower case character) order. This reduces the risk - // of code conflicts because changes are more likely to be scattered - // across the file. - - // owner: @ttakahashi21 @mkimuram - // kep: https://kep.k8s.io/3294 - // alpha: v1.26 - // - // Enable usage of Provision of PVCs from snapshots in other namespaces - CrossNamespaceVolumeDataSource featuregate.Feature = "CrossNamespaceVolumeDataSource" - - // owner: @bswartz - // alpha: v1.18 - // beta: v1.24 - // - // Enables usage of any object for volume data source in PVCs - AnyVolumeDataSource featuregate.Feature = "AnyVolumeDataSource" - - // owner: @nabokihms - // alpha: v1.26 - // - // Enables API to get self subject attributes after authentication. - APISelfSubjectReview featuregate.Feature = "APISelfSubjectReview" - - // owner: @tallclair - // beta: v1.4 - AppArmor featuregate.Feature = "AppArmor" - - // owner: @szuecs - // alpha: v1.12 - // - // Enable nodes to change CPUCFSQuotaPeriod - CPUCFSQuotaPeriod featuregate.Feature = "CustomCPUCFSQuotaPeriod" - - // owner: @ConnorDoyle, @fromanirh (only for GA graduation) - // alpha: v1.8 - // beta: v1.10 - // GA: v1.26 - // - // Alternative container-level CPU affinity policies. - CPUManager featuregate.Feature = "CPUManager" - - // owner: @fromanirh - // alpha: v1.23 - // beta: see below. - // - // Allow fine-tuning of cpumanager policies, experimental, alpha-quality options - // Per https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // We want to avoid a proliferation of feature gates. This feature gate: - // - will guard *a group* of cpumanager options whose quality level is alpha. - // - will never graduate to beta or stable. - // See https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // for details about the removal of this feature gate. - CPUManagerPolicyAlphaOptions featuregate.Feature = "CPUManagerPolicyAlphaOptions" - - // owner: @fromanirh - // beta: v1.23 - // beta: see below. - // - // Allow fine-tuning of cpumanager policies, experimental, beta-quality options - // Per https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // We want to avoid a proliferation of feature gates. This feature gate: - // - will guard *a group* of cpumanager options whose quality level is beta. - // - is thus *introduced* as beta - // - will never graduate to stable. - // See https://groups.google.com/g/kubernetes-sig-architecture/c/Nxsc7pfe5rw/m/vF2djJh0BAAJ - // for details about the removal of this feature gate. - CPUManagerPolicyBetaOptions featuregate.Feature = "CPUManagerPolicyBetaOptions" - - // owner: @fromanirh - // alpha: v1.22 - // beta: v1.23 - // - // Allow the usage of options to fine-tune the cpumanager policies. - CPUManagerPolicyOptions featuregate.Feature = "CPUManagerPolicyOptions" - - // owner: @pohly - // alpha: v1.14 - // beta: v1.16 - // GA: v1.25 - // - // Enables CSI Inline volumes support for pods - CSIInlineVolume featuregate.Feature = "CSIInlineVolume" - - // owner: @davidz627 - // alpha: v1.14 - // beta: v1.17 - // - // Enables the in-tree storage to CSI Plugin migration feature. - CSIMigration featuregate.Feature = "CSIMigration" - - // owner: @leakingtapan - // alpha: v1.14 - // beta: v1.17 - // GA: v1.25 - // - // Enables the AWS EBS in-tree driver to AWS EBS CSI Driver migration feature. - CSIMigrationAWS featuregate.Feature = "CSIMigrationAWS" - - // owner: @andyzhangx - // alpha: v1.15 - // beta: v1.19 - // GA: v1.24 - // - // Enables the Azure Disk in-tree driver to Azure Disk Driver migration feature. - CSIMigrationAzureDisk featuregate.Feature = "CSIMigrationAzureDisk" - - // owner: @andyzhangx - // alpha: v1.15 - // beta: v1.21 - // GA: v1.26 - // - // Enables the Azure File in-tree driver to Azure File Driver migration feature. - CSIMigrationAzureFile featuregate.Feature = "CSIMigrationAzureFile" - - // owner: @davidz627 - // alpha: v1.14 - // beta: v1.17 - // GA: 1.25 - // - // Enables the GCE PD in-tree driver to GCE CSI Driver migration feature. - CSIMigrationGCE featuregate.Feature = "CSIMigrationGCE" - - // owner: @trierra - // alpha: v1.23 - // - // Enables the Portworx in-tree driver to Portworx migration feature. - CSIMigrationPortworx featuregate.Feature = "CSIMigrationPortworx" - - // owner: @humblec - // alpha: v1.23 - // - // Enables the RBD in-tree driver to RBD CSI Driver migration feature. - CSIMigrationRBD featuregate.Feature = "CSIMigrationRBD" - - // owner: @divyenpatel - // beta: v1.19 (requires: vSphere vCenter/ESXi Version: 7.0u2, HW Version: VM version 15) - // GA: 1.26 - // Enables the vSphere in-tree driver to vSphere CSI Driver migration feature. - CSIMigrationvSphere featuregate.Feature = "CSIMigrationvSphere" - - // owner: @humblec, @zhucan - // kep: https://kep.k8s.io/3171 - // alpha: v1.25 - // - // Enables SecretRef field in CSI NodeExpandVolume request. - CSINodeExpandSecret featuregate.Feature = "CSINodeExpandSecret" - - // owner: @pohly - // alpha: v1.19 - // beta: v1.21 - // GA: v1.24 - // - // Enables tracking of available storage capacity that CSI drivers provide. - CSIStorageCapacity featuregate.Feature = "CSIStorageCapacity" - - // owner: @fengzixu - // alpha: v1.21 - // - // Enables kubelet to detect CSI volume condition and send the event of the abnormal volume to the corresponding pod that is using it. - CSIVolumeHealth featuregate.Feature = "CSIVolumeHealth" - - // owner: @adrianreber - // kep: https://kep.k8s.io/2008 - // alpha: v1.25 - // - // Enables container Checkpoint support in the kubelet - ContainerCheckpoint featuregate.Feature = "ContainerCheckpoint" - - // owner: @bhcleek @wzshiming - // GA: v1.25 - // - // Normalize HttpGet URL and Header passing for lifecycle handlers with probers. - ConsistentHTTPGetHandlers featuregate.Feature = "ConsistentHTTPGetHandlers" - - // owner: @jiahuif - // alpha: v1.21 - // beta: v1.22 - // GA: v1.24 - // - // Enables Leader Migration for kube-controller-manager and cloud-controller-manager - ControllerManagerLeaderMigration featuregate.Feature = "ControllerManagerLeaderMigration" - - // owner: @deejross, @soltysh - // kep: https://kep.k8s.io/3140 - // alpha: v1.24 - // beta: v1.25 - // - // Enables support for time zones in CronJobs. - CronJobTimeZone featuregate.Feature = "CronJobTimeZone" - - // owner: @smarterclayton - // alpha: v1.21 - // beta: v1.22 - // GA: v1.25 - // DaemonSets allow workloads to maintain availability during update per node - DaemonSetUpdateSurge featuregate.Feature = "DaemonSetUpdateSurge" - - // owner: @gnufied, @verult, @bertinatto - // alpha: v1.22 - // beta: v1.23 - // GA: v1.26 - // If supported by the CSI driver, delegates the role of applying FSGroup to - // the driver by passing FSGroup through the NodeStageVolume and - // NodePublishVolume calls. - DelegateFSGroupToCSIDriver featuregate.Feature = "DelegateFSGroupToCSIDriver" - - // owner: @jiayingz, @swatisehgal (for GA graduation) - // alpha: v1.8 - // beta: v1.10 - // GA: v1.26 - // - // Enables support for Device Plugins - DevicePlugins featuregate.Feature = "DevicePlugins" - - // owner: @RenaudWasTaken @dashpole - // alpha: v1.19 - // beta: v1.20 - // ga: v1.25 - // - // Disables Accelerator Metrics Collected by Kubelet - DisableAcceleratorUsageMetrics featuregate.Feature = "DisableAcceleratorUsageMetrics" - - // owner: @andrewsykim - // alpha: v1.22 - // - // Disable any functionality in kube-apiserver, kube-controller-manager and kubelet related to the `--cloud-provider` component flag. - DisableCloudProviders featuregate.Feature = "DisableCloudProviders" - - // owner: @andrewsykim - // alpha: v1.23 - // - // Disable in-tree functionality in kubelet to authenticate to cloud provider container registries for image pull credentials. - DisableKubeletCloudCredentialProviders featuregate.Feature = "DisableKubeletCloudCredentialProviders" - - // owner: @derekwaynecarr - // alpha: v1.20 - // beta: v1.21 (off by default until 1.22) - // - // Enables usage of hugepages-<size> in downward API. - DownwardAPIHugePages featuregate.Feature = "DownwardAPIHugePages" - - // owner: @pohly - // kep: http://kep.k8s.io/3063 - // alpha: v1.26 - // - // Enables support for resources with custom parameters and a lifecycle - // that is independent of a Pod. - DynamicResourceAllocation featuregate.Feature = "DynamicResourceAllocation" - - // owner: @andrewsykim - // kep: https://kep.k8s.io/1672 - // alpha: v1.20 - // beta: v1.22 - // GA: v1.26 - // - // Enable Terminating condition in Endpoint Slices. - EndpointSliceTerminatingCondition featuregate.Feature = "EndpointSliceTerminatingCondition" - - // owner: @verb - // alpha: v1.16 - // beta: v1.23 - // GA: v1.25 - // - // Allows running an ephemeral container in pod namespaces to troubleshoot a running pod. - EphemeralContainers featuregate.Feature = "EphemeralContainers" - - // owner: @harche - // kep: http://kep.k8s.io/3386 - // alpha: v1.25 - // - // Allows using event-driven PLEG (pod lifecycle event generator) through kubelet - // which avoids frequent relisting of containers which helps optimize performance. - EventedPLEG featuregate.Feature = "EventedPLEG" - - // owner: @andrewsykim @SergeyKanzhelev - // GA: v1.20 - // - // Ensure kubelet respects exec probe timeouts. Feature gate exists in-case existing workloads - // may depend on old behavior where exec probe timeouts were ignored. - // Lock to default and remove after v1.22 based on user feedback that should be reflected in KEP #1972 update - ExecProbeTimeout featuregate.Feature = "ExecProbeTimeout" - - // owner: @gnufied - // alpha: v1.14 - // beta: v1.16 - // GA: 1.24 - // Ability to expand CSI volumes - ExpandCSIVolumes featuregate.Feature = "ExpandCSIVolumes" - - // owner: @mlmhl @gnufied - // beta: v1.15 - // GA: 1.24 - // Ability to expand persistent volumes' file system without unmounting volumes. - ExpandInUsePersistentVolumes featuregate.Feature = "ExpandInUsePersistentVolumes" - - // owner: @gnufied - // beta: v1.11 - // GA: 1.24 - // Ability to Expand persistent volumes - ExpandPersistentVolumes featuregate.Feature = "ExpandPersistentVolumes" - - // owner: @gjkim42 - // kep: https://kep.k8s.io/2595 - // alpha: v1.22 - // beta: v1.26 - // - // Enables apiserver and kubelet to allow up to 32 DNSSearchPaths and up to 2048 DNSSearchListChars. - ExpandedDNSConfig featuregate.Feature = "ExpandedDNSConfig" - - // owner: @pweil- - // alpha: v1.5 - // - // Default userns=host for containers that are using other host namespaces, host mounts, the pod - // contains a privileged container, or specific non-namespaced capabilities (MKNOD, SYS_MODULE, - // SYS_TIME). This should only be enabled if user namespace remapping is enabled in the docker daemon. - ExperimentalHostUserNamespaceDefaultingGate featuregate.Feature = "ExperimentalHostUserNamespaceDefaulting" - - // owner: @yuzhiquan, @bowei, @PxyUp, @SergeyKanzhelev - // kep: https://kep.k8s.io/2727 - // alpha: v1.23 - // beta: v1.24 - // - // Enables GRPC probe method for {Liveness,Readiness,Startup}Probe. - GRPCContainerProbe featuregate.Feature = "GRPCContainerProbe" - - // owner: @bobbypage - // alpha: v1.20 - // beta: v1.21 - // Adds support for kubelet to detect node shutdown and gracefully terminate pods prior to the node being shutdown. - GracefulNodeShutdown featuregate.Feature = "GracefulNodeShutdown" - - // owner: @wzshiming - // alpha: v1.23 - // beta: v1.24 - // Make the kubelet use shutdown configuration based on pod priority values for graceful shutdown. - GracefulNodeShutdownBasedOnPodPriority featuregate.Feature = "GracefulNodeShutdownBasedOnPodPriority" - - // owner: @arjunrn @mwielgus @josephburnett - // alpha: v1.20 - // - // Add support for the HPA to scale based on metrics from individual containers - // in target pods - HPAContainerMetrics featuregate.Feature = "HPAContainerMetrics" - - // owner: @dxist - // alpha: v1.16 - // - // Enables support of HPA scaling to zero pods when an object or custom metric is configured. - HPAScaleToZero featuregate.Feature = "HPAScaleToZero" - - // owner: @deepakkinni @xing-yang - // kep: https://kep.k8s.io/2680 - // alpha: v1.23 - // - // Honor Persistent Volume Reclaim Policy when it is "Delete" irrespective of PV-PVC - // deletion ordering. - HonorPVReclaimPolicy featuregate.Feature = "HonorPVReclaimPolicy" - - // owner: @ravig - // alpha: v1.23 - // beta: v1.24 - // GA: v1.25 - // IdentifyPodOS allows user to specify OS on which they'd like the Pod run. The user should still set the nodeSelector - // with appropriate `kubernetes.io/os` label for scheduler to identify appropriate node for the pod to run. - IdentifyPodOS featuregate.Feature = "IdentifyPodOS" - - // owner: @leakingtapan - // alpha: v1.21 - // - // Disables the AWS EBS in-tree driver. - InTreePluginAWSUnregister featuregate.Feature = "InTreePluginAWSUnregister" - - // owner: @andyzhangx - // alpha: v1.21 - // - // Disables the Azure Disk in-tree driver. - InTreePluginAzureDiskUnregister featuregate.Feature = "InTreePluginAzureDiskUnregister" - - // owner: @andyzhangx - // alpha: v1.21 - // - // Disables the Azure File in-tree driver. - InTreePluginAzureFileUnregister featuregate.Feature = "InTreePluginAzureFileUnregister" - - // owner: @Jiawei0227 - // alpha: v1.21 - // - // Disables the GCE PD in-tree driver. - InTreePluginGCEUnregister featuregate.Feature = "InTreePluginGCEUnregister" - - // owner: @adisky - // alpha: v1.21 - // - // Disables the OpenStack Cinder in-tree driver. - InTreePluginOpenStackUnregister featuregate.Feature = "InTreePluginOpenStackUnregister" - - // owner: @trierra - // alpha: v1.23 - // - // Disables the Portworx in-tree driver. - InTreePluginPortworxUnregister featuregate.Feature = "InTreePluginPortworxUnregister" - - // owner: @humblec - // alpha: v1.23 - // - // Disables the RBD in-tree driver. - InTreePluginRBDUnregister featuregate.Feature = "InTreePluginRBDUnregister" - - // owner: @divyenpatel - // alpha: v1.21 - // - // Disables the vSphere in-tree driver. - InTreePluginvSphereUnregister featuregate.Feature = "InTreePluginvSphereUnregister" - - // owner: @danwinship - // kep: https://kep.k8s.io/3178 - // alpha: v1.25 - // - // Causes kubelet to no longer create legacy IPTables rules - IPTablesOwnershipCleanup featuregate.Feature = "IPTablesOwnershipCleanup" - - // owner: @mimowo - // kep: https://kep.k8s.io/3329 - // alpha: v1.25 - // beta: v1.26 - // - // Allow users to specify handling of pod failures based on container exit codes - // and pod conditions. - JobPodFailurePolicy featuregate.Feature = "JobPodFailurePolicy" - - // owner: @ahg - // beta: v1.23 - // - // Allow updating node scheduling directives in the pod template of jobs. Specifically, - // node affinity, selector and tolerations. This is allowed only for suspended jobs - // that have never been unsuspended before. - JobMutableNodeSchedulingDirectives featuregate.Feature = "JobMutableNodeSchedulingDirectives" - - // owner: @alculquicondor - // alpha: v1.23 - // beta: v1.24 - // - // Track the number of pods with Ready condition in the Job status. - JobReadyPods featuregate.Feature = "JobReadyPods" - - // owner: @alculquicondor - // alpha: v1.22 - // beta: v1.23 - // stable: v1.26 - // - // Track Job completion without relying on Pod remaining in the cluster - // indefinitely. Pod finalizers, in addition to a field in the Job status - // allow the Job controller to keep track of Pods that it didn't account for - // yet. - JobTrackingWithFinalizers featuregate.Feature = "JobTrackingWithFinalizers" - - // owner: @andrewsykim @adisky @ndixita - // alpha: v1.20 - // beta: v1.24 - // GA: v1.26 - // - // Enable kubelet exec plugins for image pull credentials. - KubeletCredentialProviders featuregate.Feature = "KubeletCredentialProviders" - - // owner: @AkihiroSuda - // alpha: v1.22 - // - // Enables support for running kubelet in a user namespace. - // The user namespace has to be created before running kubelet. - // All the node components such as CRI need to be running in the same user namespace. - KubeletInUserNamespace featuregate.Feature = "KubeletInUserNamespace" - - // owner: @dashpole - // alpha: v1.13 - // beta: v1.15 - // - // Enables the kubelet's pod resources grpc endpoint - KubeletPodResources featuregate.Feature = "KubeletPodResources" - - // owner: @fromanirh - // alpha: v1.21 - // beta: v1.23 - // Enable POD resources API to return allocatable resources - KubeletPodResourcesGetAllocatable featuregate.Feature = "KubeletPodResourcesGetAllocatable" - - // owner: @sallyom - // kep: https://kep.k8s.io/2832 - // alpha: v1.25 - // - // Add support for distributed tracing in the kubelet - KubeletTracing featuregate.Feature = "KubeletTracing" - - // owner: @zshihang - // kep: https://kep.k8s.io/2800 - // beta: v1.24 - // - // Stop auto-generation of secret-based service account tokens. - LegacyServiceAccountTokenNoAutoGeneration featuregate.Feature = "LegacyServiceAccountTokenNoAutoGeneration" - - // owner: @zshihang - // kep: http://kep.k8s.io/2800 - // alpha: v1.25 - // - // Enables tracking of secret-based service account tokens usage. - LegacyServiceAccountTokenTracking featuregate.Feature = "LegacyServiceAccountTokenTracking" - - // owner: @jinxu - // beta: v1.10 - // stable: v1.25 - // - // Support local ephemeral storage types for local storage capacity isolation feature. - LocalStorageCapacityIsolation featuregate.Feature = "LocalStorageCapacityIsolation" - - // owner: @RobertKrawitz - // alpha: v1.15 - // - // Allow use of filesystems for ephemeral storage monitoring. - // Only applies if LocalStorageCapacityIsolation is set. - LocalStorageCapacityIsolationFSQuotaMonitoring featuregate.Feature = "LocalStorageCapacityIsolationFSQuotaMonitoring" - - // owner: @damemi - // alpha: v1.21 - // beta: v1.22 - // - // Enables scaling down replicas via logarithmic comparison of creation/ready timestamps - LogarithmicScaleDown featuregate.Feature = "LogarithmicScaleDown" - - // owner: @denkensk - // kep: https://kep.k8s.io/3243 - // alpha: v1.25 - // - // Enable MatchLabelKeys in PodTopologySpread. - MatchLabelKeysInPodTopologySpread featuregate.Feature = "MatchLabelKeysInPodTopologySpread" - - // owner: @krmayankk - // alpha: v1.24 - // - // Enables maxUnavailable for StatefulSet - MaxUnavailableStatefulSet featuregate.Feature = "MaxUnavailableStatefulSet" - - // owner: @cynepco3hahue(alukiano) @cezaryzukowski @k-wiatrzyk - // alpha: v1.21 - // beta: v1.22 - // Allows setting memory affinity for a container based on NUMA topology - MemoryManager featuregate.Feature = "MemoryManager" - - // owner: @xiaoxubeii - // kep: https://kep.k8s.io/2570 - // alpha: v1.22 - // - // Enables kubelet to support memory QoS with cgroups v2. - MemoryQoS featuregate.Feature = "MemoryQoS" - - // owner: @sanposhiho - // kep: https://kep.k8s.io/3022 - // alpha: v1.24 - // beta: v1.25 - // - // Enable MinDomains in Pod Topology Spread. - MinDomainsInPodTopologySpread featuregate.Feature = "MinDomainsInPodTopologySpread" - - // owner: @danwinship - // kep: http://kep.k8s.io/3453 - // alpha: v1.26 - // - // Enables new performance-improving code in kube-proxy iptables mode - MinimizeIPTablesRestore featuregate.Feature = "MinimizeIPTablesRestore" - - // owner: @janosi @bridgetkromhout - // kep: https://kep.k8s.io/1435 - // alpha: v1.20 - // beta: v1.24 - // ga: v1.26 - // - // Enables the usage of different protocols in the same Service with type=LoadBalancer - MixedProtocolLBService featuregate.Feature = "MixedProtocolLBService" - - // owner: @sarveshr7 - // kep: https://kep.k8s.io/2593 - // alpha: v1.25 - // - // Enables the MultiCIDR Range allocator. - MultiCIDRRangeAllocator featuregate.Feature = "MultiCIDRRangeAllocator" - - // owner: @rikatz - // kep: https://kep.k8s.io/2079 - // alpha: v1.21 - // beta: v1.22 - // ga: v1.25 - // - // Enables the endPort field in NetworkPolicy to enable a Port Range behavior in Network Policies. - NetworkPolicyEndPort featuregate.Feature = "NetworkPolicyEndPort" - - // owner: @rikatz - // kep: https://kep.k8s.io/2943 - // alpha: v1.24 - // - // Enables NetworkPolicy status subresource - NetworkPolicyStatus featuregate.Feature = "NetworkPolicyStatus" - - // owner: @xing-yang @sonasingh46 - // kep: https://kep.k8s.io/2268 - // alpha: v1.24 - // beta: v1.26 - // - // Allow pods to failover to a different node in case of non graceful node shutdown - NodeOutOfServiceVolumeDetach featuregate.Feature = "NodeOutOfServiceVolumeDetach" - - // owner: @ehashman - // alpha: v1.22 - // - // Permits kubelet to run with swap enabled - NodeSwap featuregate.Feature = "NodeSwap" - - // owner: @mortent, @atiratree, @ravig - // kep: http://kep.k8s.io/3018 - // alpha: v1.26 - // - // Enables PDBUnhealthyPodEvictionPolicy for PodDisruptionBudgets - PDBUnhealthyPodEvictionPolicy featuregate.Feature = "PDBUnhealthyPodEvictionPolicy" - - // owner: @haircommander - // kep: https://kep.k8s.io/2364 - // alpha: v1.23 - // - // Configures the Kubelet to use the CRI to populate pod and container stats, instead of supplimenting with stats from cAdvisor. - // Requires the CRI implementation supports supplying the required stats. - PodAndContainerStatsFromCRI featuregate.Feature = "PodAndContainerStatsFromCRI" - - // owner: @ahg-g - // alpha: v1.21 - // beta: v1.22 - // - // Enables controlling pod ranking on replicaset scale-down. - PodDeletionCost featuregate.Feature = "PodDeletionCost" - - // owner: @mimowo - // kep: https://kep.k8s.io/3329 - // alpha: v1.25 - // beta: v1.26 - // - // Enables support for appending a dedicated pod condition indicating that - // the pod is being deleted due to a disruption. - PodDisruptionConditions featuregate.Feature = "PodDisruptionConditions" - - // owner: @ddebroy - // alpha: v1.25 - // - // Enables reporting of PodHasNetwork condition in pod status after pod - // sandbox creation and network configuration completes successfully - PodHasNetworkCondition featuregate.Feature = "PodHasNetworkCondition" - - // owner: @Huang-Wei - // kep: https://kep.k8s.io/3521 - // alpha: v1.26 - // - // Enable users to specify when a Pod is ready for scheduling. - PodSchedulingReadiness featuregate.Feature = "PodSchedulingReadiness" - - // owner: @liggitt, @tallclair, sig-auth - // alpha: v1.22 - // beta: v1.23 - // ga: v1.25 - // - // Enables the PodSecurity admission plugin - PodSecurity featuregate.Feature = "PodSecurity" - - // owner: @ehashman - // alpha: v1.21 - // beta: v1.22 - // - // Allows user to override pod-level terminationGracePeriod for probes - ProbeTerminationGracePeriod featuregate.Feature = "ProbeTerminationGracePeriod" - - // owner: @jessfraz - // alpha: v1.12 - // - // Enables control over ProcMountType for containers. - ProcMountType featuregate.Feature = "ProcMountType" - - // owner: @andrewsykim - // kep: https://kep.k8s.io/1669 - // alpha: v1.22 - // beta: v1.26 - // - // Enable kube-proxy to handle terminating ednpoints when externalTrafficPolicy=Local - ProxyTerminatingEndpoints featuregate.Feature = "ProxyTerminatingEndpoints" - - // owner: @sjenning - // alpha: v1.11 - // - // Allows resource reservations at the QoS level preventing pods at lower QoS levels from - // bursting into resources requested at higher QoS levels (memory only for now) - QOSReserved featuregate.Feature = "QOSReserved" - - // owner: @chrishenzie - // alpha: v1.22 - // - // Enables usage of the ReadWriteOncePod PersistentVolume access mode. - ReadWriteOncePod featuregate.Feature = "ReadWriteOncePod" - - // owner: @gnufied - // kep: https://kep.k8s.io/1790 - // alpha: v1.23 - // - // Allow users to recover from volume expansion failure - RecoverVolumeExpansionFailure featuregate.Feature = "RecoverVolumeExpansionFailure" - - // owner: @RomanBednar - // kep: https://kep.k8s.io/3333 - // alpha: v1.25 - // - // Allow assigning StorageClass to unbound PVCs retroactively - RetroactiveDefaultStorageClass featuregate.Feature = "RetroactiveDefaultStorageClass" - - // owner: @mikedanese - // alpha: v1.7 - // beta: v1.12 - // - // Gets a server certificate for the kubelet from the Certificate Signing - // Request API instead of generating one self signed and auto rotates the - // certificate as expiration approaches. - RotateKubeletServerCertificate featuregate.Feature = "RotateKubeletServerCertificate" - - // owner: @saschagrunert - // kep: https://kep.k8s.io/2413 - // alpha: v1.22 - // beta: v1.25 - // - // Enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. - SeccompDefault featuregate.Feature = "SeccompDefault" - - // owner: @maplain @andrewsykim - // kep: https://kep.k8s.io/2086 - // alpha: v1.21 - // beta: v1.22 - // GA: v1.26 - // - // Enables node-local routing for Service internal traffic - ServiceInternalTrafficPolicy featuregate.Feature = "ServiceInternalTrafficPolicy" - - // owner: @aojea - // kep: https://kep.k8s.io/3070 - // alpha: v1.24 - // beta: v1.25 - // ga: v1.26 - // - // Subdivide the ClusterIP range for dynamic and static IP allocation. - ServiceIPStaticSubrange featuregate.Feature = "ServiceIPStaticSubrange" - - // owner: @derekwaynecarr - // alpha: v1.20 - // beta: v1.22 - // - // Enables kubelet support to size memory backed volumes - SizeMemoryBackedVolumes featuregate.Feature = "SizeMemoryBackedVolumes" - - // owner: @mattcary - // alpha: v1.22 - // - // Enables policies controlling deletion of PVCs created by a StatefulSet. - StatefulSetAutoDeletePVC featuregate.Feature = "StatefulSetAutoDeletePVC" - - // owner: @ravig - // kep: https://kep.k8s.io/2607 - // alpha: v1.22 - // beta: v1.23 - // GA: v1.25 - // StatefulSetMinReadySeconds allows minReadySeconds to be respected by StatefulSet controller - StatefulSetMinReadySeconds featuregate.Feature = "StatefulSetMinReadySeconds" - - // owner: @psch - // alpha: v1.26 - // - // Enables a StatefulSet to start from an arbitrary non zero ordinal - StatefulSetStartOrdinal featuregate.Feature = "StatefulSetStartOrdinal" - - // owner: @robscott - // kep: https://kep.k8s.io/2433 - // alpha: v1.21 - // beta: v1.23 - // - // Enables topology aware hints for EndpointSlices - TopologyAwareHints featuregate.Feature = "TopologyAwareHints" - - // owner: @lmdaly - // alpha: v1.16 - // beta: v1.18 - // - // Enable resource managers to make NUMA aligned decisions - TopologyManager featuregate.Feature = "TopologyManager" - - // owner: @PiotrProkop - // kep: https://kep.k8s.io/3545 - // alpha: v1.26 - // - // Allow fine-tuning of topology manager policies with alpha options. - // This feature gate: - // - will guard *a group* of topology manager options whose quality level is alpha. - // - will never graduate to beta or stable. - TopologyManagerPolicyAlphaOptions featuregate.Feature = "TopologyManagerPolicyAlphaOptions" - - // owner: @PiotrProkop - // kep: https://kep.k8s.io/3545 - // alpha: v1.26 - // - // Allow fine-tuning of topology manager policies with beta options. - // This feature gate: - // - will guard *a group* of topology manager options whose quality level is beta. - // - is thus *introduced* as beta - // - will never graduate to stable. - TopologyManagerPolicyBetaOptions featuregate.Feature = "TopologyManagerPolicyBetaOptions" - - // owner: @PiotrProkop - // kep: https://kep.k8s.io/3545 - // alpha: v1.26 - // - // Allow the usage of options to fine-tune the topology manager policies. - TopologyManagerPolicyOptions featuregate.Feature = "TopologyManagerPolicyOptions" - - // owner: @rata, @giuseppe - // kep: https://kep.k8s.io/127 - // alpha: v1.25 - // - // Enables user namespace support for stateless pods. - UserNamespacesStatelessPodsSupport featuregate.Feature = "UserNamespacesStatelessPodsSupport" - - // owner: @cofyc - // alpha: v1.21 - VolumeCapacityPriority featuregate.Feature = "VolumeCapacityPriority" - - // owner: @ksubrmnn - // alpha: v1.14 - // - // Allows kube-proxy to create DSR loadbalancers for Windows - WinDSR featuregate.Feature = "WinDSR" - - // owner: @ksubrmnn - // alpha: v1.14 - // beta: v1.20 - // - // Allows kube-proxy to run in Overlay mode for Windows - WinOverlay featuregate.Feature = "WinOverlay" - - // owner: @marosset - // kep: https://kep.k8s.io/3503 - // alpha: v1.26 - // - // Enables support for joining Windows containers to a hosts' network namespace. - WindowsHostNetwork featuregate.Feature = "WindowsHostNetwork" - - // owner: @marosset - // alpha: v1.22 - // beta: v1.23 - // GA: v1.26 - // - // Enables support for 'HostProcess' containers on Windows nodes. - WindowsHostProcessContainers featuregate.Feature = "WindowsHostProcessContainers" - - // owner: @kerthcet - // kep: https://kep.k8s.io/3094 - // alpha: v1.25 - // beta: v1.26 - // - // Allow users to specify whether to take nodeAffinity/nodeTaint into consideration when - // calculating pod topology spread skew. - NodeInclusionPolicyInPodTopologySpread featuregate.Feature = "NodeInclusionPolicyInPodTopologySpread" - - // owner: @jsafrane - // kep: https://kep.k8s.io/1710 - // alpha: v1.25 - // Speed up container startup by mounting volumes with the correct SELinux label - // instead of changing each file on the volumes recursively. - // Initial implementation focused on ReadWriteOncePod volumes. - SELinuxMountReadWriteOncePod featuregate.Feature = "SELinuxMountReadWriteOncePod" -) - -func init() { - runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates)) -} - -// defaultKubernetesFeatureGates consists of all known Kubernetes-specific feature keys. -// To add a new feature, define a key for it above and add it here. The features will be -// available throughout Kubernetes binaries. -// -// Entries are separated from each other with blank lines to avoid sweeping gofmt changes -// when adding or removing one entry. -var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - CrossNamespaceVolumeDataSource: {Default: false, PreRelease: featuregate.Alpha}, - - AnyVolumeDataSource: {Default: true, PreRelease: featuregate.Beta}, // on by default in 1.24 - - APISelfSubjectReview: {Default: false, PreRelease: featuregate.Alpha}, - - AppArmor: {Default: true, PreRelease: featuregate.Beta}, - - CPUCFSQuotaPeriod: {Default: false, PreRelease: featuregate.Alpha}, - - CPUManager: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // GA in 1.26 - - CPUManagerPolicyAlphaOptions: {Default: false, PreRelease: featuregate.Alpha}, - - CPUManagerPolicyBetaOptions: {Default: true, PreRelease: featuregate.Beta}, - - CPUManagerPolicyOptions: {Default: true, PreRelease: featuregate.Beta}, - - CSIInlineVolume: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - CSIMigration: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - CSIMigrationAWS: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - CSIMigrationAzureDisk: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.26 - - CSIMigrationAzureFile: {Default: true, PreRelease: featuregate.GA}, // remove in 1.28 - - CSIMigrationGCE: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - CSIMigrationPortworx: {Default: false, PreRelease: featuregate.Beta}, // Off by default (requires Portworx CSI driver) - - CSIMigrationRBD: {Default: false, PreRelease: featuregate.Alpha}, // Off by default (requires RBD CSI driver) - - CSIMigrationvSphere: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - CSINodeExpandSecret: {Default: false, PreRelease: featuregate.Alpha}, - - CSIStorageCapacity: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.26 - - CSIVolumeHealth: {Default: false, PreRelease: featuregate.Alpha}, - - ContainerCheckpoint: {Default: false, PreRelease: featuregate.Alpha}, - - ConsistentHTTPGetHandlers: {Default: true, PreRelease: featuregate.GA}, - - ControllerManagerLeaderMigration: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.26 - - CronJobTimeZone: {Default: true, PreRelease: featuregate.Beta}, - - DaemonSetUpdateSurge: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - DelegateFSGroupToCSIDriver: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - DevicePlugins: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // GA in 1.26 - - DisableAcceleratorUsageMetrics: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - DisableCloudProviders: {Default: false, PreRelease: featuregate.Alpha}, - - DisableKubeletCloudCredentialProviders: {Default: false, PreRelease: featuregate.Alpha}, - - DownwardAPIHugePages: {Default: true, PreRelease: featuregate.Beta}, // on by default in 1.22 - - EndpointSliceTerminatingCondition: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in v1.28 - - DynamicResourceAllocation: {Default: false, PreRelease: featuregate.Alpha}, - - EphemeralContainers: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - EventedPLEG: {Default: false, PreRelease: featuregate.Alpha}, - - ExecProbeTimeout: {Default: true, PreRelease: featuregate.GA}, // lock to default and remove after v1.22 based on KEP #1972 update - - ExpandCSIVolumes: {Default: true, PreRelease: featuregate.GA}, // remove in 1.26 - - ExpandInUsePersistentVolumes: {Default: true, PreRelease: featuregate.GA}, // remove in 1.26 - - ExpandPersistentVolumes: {Default: true, PreRelease: featuregate.GA}, // remove in 1.26 - - ExpandedDNSConfig: {Default: true, PreRelease: featuregate.Beta}, - - ExperimentalHostUserNamespaceDefaultingGate: {Default: false, PreRelease: featuregate.Beta}, - - GRPCContainerProbe: {Default: true, PreRelease: featuregate.Beta}, - - GracefulNodeShutdown: {Default: true, PreRelease: featuregate.Beta}, - - GracefulNodeShutdownBasedOnPodPriority: {Default: true, PreRelease: featuregate.Beta}, - - HPAContainerMetrics: {Default: false, PreRelease: featuregate.Alpha}, - - HonorPVReclaimPolicy: {Default: false, PreRelease: featuregate.Alpha}, - - IdentifyPodOS: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - InTreePluginAWSUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginAzureDiskUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginAzureFileUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginGCEUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginOpenStackUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginPortworxUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginRBDUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - InTreePluginvSphereUnregister: {Default: false, PreRelease: featuregate.Alpha}, - - IPTablesOwnershipCleanup: {Default: false, PreRelease: featuregate.Alpha}, - - JobPodFailurePolicy: {Default: true, PreRelease: featuregate.Beta}, - - JobMutableNodeSchedulingDirectives: {Default: true, PreRelease: featuregate.Beta}, - - JobReadyPods: {Default: true, PreRelease: featuregate.Beta}, - - JobTrackingWithFinalizers: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - KubeletCredentialProviders: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - KubeletInUserNamespace: {Default: false, PreRelease: featuregate.Alpha}, - - KubeletPodResources: {Default: true, PreRelease: featuregate.Beta}, - - KubeletPodResourcesGetAllocatable: {Default: true, PreRelease: featuregate.Beta}, - - KubeletTracing: {Default: false, PreRelease: featuregate.Alpha}, - - LegacyServiceAccountTokenNoAutoGeneration: {Default: true, PreRelease: featuregate.GA}, - - LegacyServiceAccountTokenTracking: {Default: false, PreRelease: featuregate.Alpha}, - - LocalStorageCapacityIsolation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha}, - - LogarithmicScaleDown: {Default: true, PreRelease: featuregate.Beta}, - - MatchLabelKeysInPodTopologySpread: {Default: false, PreRelease: featuregate.Alpha}, - - MaxUnavailableStatefulSet: {Default: false, PreRelease: featuregate.Alpha}, - - MemoryManager: {Default: true, PreRelease: featuregate.Beta}, - - MemoryQoS: {Default: false, PreRelease: featuregate.Alpha}, - - MinDomainsInPodTopologySpread: {Default: false, PreRelease: featuregate.Beta}, - - MinimizeIPTablesRestore: {Default: false, PreRelease: featuregate.Alpha}, - - MixedProtocolLBService: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - MultiCIDRRangeAllocator: {Default: false, PreRelease: featuregate.Alpha}, - - NetworkPolicyEndPort: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - NetworkPolicyStatus: {Default: false, PreRelease: featuregate.Alpha}, - - NodeOutOfServiceVolumeDetach: {Default: true, PreRelease: featuregate.Beta}, - - NodeSwap: {Default: false, PreRelease: featuregate.Alpha}, - - PDBUnhealthyPodEvictionPolicy: {Default: false, PreRelease: featuregate.Alpha}, - - PodAndContainerStatsFromCRI: {Default: false, PreRelease: featuregate.Alpha}, - - PodDeletionCost: {Default: true, PreRelease: featuregate.Beta}, - - PodDisruptionConditions: {Default: true, PreRelease: featuregate.Beta}, - - PodHasNetworkCondition: {Default: false, PreRelease: featuregate.Alpha}, - - PodSchedulingReadiness: {Default: false, PreRelease: featuregate.Alpha}, - - PodSecurity: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - - ProbeTerminationGracePeriod: {Default: true, PreRelease: featuregate.Beta}, // Default to true in beta 1.25 - - ProcMountType: {Default: false, PreRelease: featuregate.Alpha}, - - ProxyTerminatingEndpoints: {Default: true, PreRelease: featuregate.Beta}, - - QOSReserved: {Default: false, PreRelease: featuregate.Alpha}, - - ReadWriteOncePod: {Default: false, PreRelease: featuregate.Alpha}, - - RecoverVolumeExpansionFailure: {Default: false, PreRelease: featuregate.Alpha}, - - RetroactiveDefaultStorageClass: {Default: true, PreRelease: featuregate.Beta}, - - RotateKubeletServerCertificate: {Default: true, PreRelease: featuregate.Beta}, - - SeccompDefault: {Default: true, PreRelease: featuregate.Beta}, - - ServiceIPStaticSubrange: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - ServiceInternalTrafficPolicy: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - SizeMemoryBackedVolumes: {Default: true, PreRelease: featuregate.Beta}, - - StatefulSetAutoDeletePVC: {Default: false, PreRelease: featuregate.Alpha}, - - StatefulSetMinReadySeconds: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27 - - StatefulSetStartOrdinal: {Default: false, PreRelease: featuregate.Alpha}, - - TopologyAwareHints: {Default: true, PreRelease: featuregate.Beta}, - - TopologyManager: {Default: true, PreRelease: featuregate.Beta}, - - TopologyManagerPolicyAlphaOptions: {Default: false, PreRelease: featuregate.Alpha}, - - TopologyManagerPolicyBetaOptions: {Default: false, PreRelease: featuregate.Beta}, - - TopologyManagerPolicyOptions: {Default: false, PreRelease: featuregate.Alpha}, - - VolumeCapacityPriority: {Default: false, PreRelease: featuregate.Alpha}, - - UserNamespacesStatelessPodsSupport: {Default: false, PreRelease: featuregate.Alpha}, - - WinDSR: {Default: false, PreRelease: featuregate.Alpha}, - - WinOverlay: {Default: true, PreRelease: featuregate.Beta}, - - WindowsHostNetwork: {Default: true, PreRelease: featuregate.Alpha}, - - WindowsHostProcessContainers: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - NodeInclusionPolicyInPodTopologySpread: {Default: true, PreRelease: featuregate.Beta}, - - SELinuxMountReadWriteOncePod: {Default: false, PreRelease: featuregate.Alpha}, - - // inherited features from generic apiserver, relisted here to get a conflict if it is changed - // unintentionally on either side: - - genericfeatures.AggregatedDiscoveryEndpoint: {Default: false, PreRelease: featuregate.Alpha}, - - genericfeatures.APIListChunking: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.APIPriorityAndFairness: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.AdvancedAuditing: {Default: true, PreRelease: featuregate.GA}, - - genericfeatures.ValidatingAdmissionPolicy: {Default: false, PreRelease: featuregate.Alpha}, - - genericfeatures.CustomResourceValidationExpressions: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.DryRun: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.28 - - genericfeatures.OpenAPIEnums: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.OpenAPIV3: {Default: true, PreRelease: featuregate.Beta}, - - genericfeatures.ServerSideApply: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 - - genericfeatures.ServerSideFieldValidation: {Default: true, PreRelease: featuregate.Beta}, - - // features that enable backwards compatibility but are scheduled to be removed - // ... - HPAScaleToZero: {Default: false, PreRelease: featuregate.Alpha}, -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/fieldpath/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/fieldpath/doc.go deleted file mode 100644 index 400d001e7f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/fieldpath/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package fieldpath supplies methods for extracting fields from objects -// given a path to a field. -package fieldpath // import "k8s.io/kubernetes/pkg/fieldpath" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/fieldpath/fieldpath.go b/etcd/vendor/k8s.io/kubernetes/pkg/fieldpath/fieldpath.go deleted file mode 100644 index 20fa8eaaaa..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/fieldpath/fieldpath.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fieldpath - -import ( - "fmt" - "strings" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" -) - -// FormatMap formats map[string]string to a string. -func FormatMap(m map[string]string) (fmtStr string) { - // output with keys in sorted order to provide stable output - keys := sets.NewString() - for key := range m { - keys.Insert(key) - } - for _, key := range keys.List() { - fmtStr += fmt.Sprintf("%v=%q\n", key, m[key]) - } - fmtStr = strings.TrimSuffix(fmtStr, "\n") - - return -} - -// ExtractFieldPathAsString extracts the field from the given object -// and returns it as a string. The object must be a pointer to an -// API type. -func ExtractFieldPathAsString(obj interface{}, fieldPath string) (string, error) { - accessor, err := meta.Accessor(obj) - if err != nil { - return "", err - } - - if path, subscript, ok := SplitMaybeSubscriptedPath(fieldPath); ok { - switch path { - case "metadata.annotations": - if errs := validation.IsQualifiedName(strings.ToLower(subscript)); len(errs) != 0 { - return "", fmt.Errorf("invalid key subscript in %s: %s", fieldPath, strings.Join(errs, ";")) - } - return accessor.GetAnnotations()[subscript], nil - case "metadata.labels": - if errs := validation.IsQualifiedName(subscript); len(errs) != 0 { - return "", fmt.Errorf("invalid key subscript in %s: %s", fieldPath, strings.Join(errs, ";")) - } - return accessor.GetLabels()[subscript], nil - default: - return "", fmt.Errorf("fieldPath %q does not support subscript", fieldPath) - } - } - - switch fieldPath { - case "metadata.annotations": - return FormatMap(accessor.GetAnnotations()), nil - case "metadata.labels": - return FormatMap(accessor.GetLabels()), nil - case "metadata.name": - return accessor.GetName(), nil - case "metadata.namespace": - return accessor.GetNamespace(), nil - case "metadata.uid": - return string(accessor.GetUID()), nil - } - - return "", fmt.Errorf("unsupported fieldPath: %v", fieldPath) -} - -// SplitMaybeSubscriptedPath checks whether the specified fieldPath is -// subscripted, and -// - if yes, this function splits the fieldPath into path and subscript, and -// returns (path, subscript, true). -// - if no, this function returns (fieldPath, "", false). -// -// Example inputs and outputs: -// -// "metadata.annotations['myKey']" --> ("metadata.annotations", "myKey", true) -// "metadata.annotations['a[b]c']" --> ("metadata.annotations", "a[b]c", true) -// "metadata.labels['']" --> ("metadata.labels", "", true) -// "metadata.labels" --> ("metadata.labels", "", false) -func SplitMaybeSubscriptedPath(fieldPath string) (string, string, bool) { - if !strings.HasSuffix(fieldPath, "']") { - return fieldPath, "", false - } - s := strings.TrimSuffix(fieldPath, "']") - parts := strings.SplitN(s, "['", 2) - if len(parts) < 2 { - return fieldPath, "", false - } - if len(parts[0]) == 0 { - return fieldPath, "", false - } - return parts[0], parts[1], true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/admission/config.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/admission/config.go deleted file mode 100644 index 6717f839a6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/admission/config.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "io/ioutil" - "net/http" - "time" - - "k8s.io/klog/v2" - - "go.opentelemetry.io/otel/trace" - - utilwait "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/admission" - webhookinit "k8s.io/apiserver/pkg/admission/plugin/webhook/initializer" - genericapiserver "k8s.io/apiserver/pkg/server" - egressselector "k8s.io/apiserver/pkg/server/egressselector" - "k8s.io/apiserver/pkg/util/webhook" - cacheddiscovery "k8s.io/client-go/discovery/cached/memory" - externalinformers "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - "k8s.io/client-go/restmapper" - quotainstall "k8s.io/kubernetes/pkg/quota/v1/install" -) - -// Config holds the configuration needed to for initialize the admission plugins -type Config struct { - CloudConfigFile string - LoopbackClientConfig *rest.Config - ExternalInformers externalinformers.SharedInformerFactory -} - -// New sets up the plugins and admission start hooks needed for admission -func (c *Config) New(proxyTransport *http.Transport, egressSelector *egressselector.EgressSelector, serviceResolver webhook.ServiceResolver, tp trace.TracerProvider) ([]admission.PluginInitializer, genericapiserver.PostStartHookFunc, error) { - webhookAuthResolverWrapper := webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, egressSelector, c.LoopbackClientConfig, tp) - webhookPluginInitializer := webhookinit.NewPluginInitializer(webhookAuthResolverWrapper, serviceResolver) - - var cloudConfig []byte - if c.CloudConfigFile != "" { - var err error - cloudConfig, err = ioutil.ReadFile(c.CloudConfigFile) - if err != nil { - klog.Fatalf("Error reading from cloud configuration file %s: %#v", c.CloudConfigFile, err) - } - } - clientset, err := kubernetes.NewForConfig(c.LoopbackClientConfig) - if err != nil { - return nil, nil, err - } - - discoveryClient := cacheddiscovery.NewMemCacheClient(clientset.Discovery()) - discoveryRESTMapper := restmapper.NewDeferredDiscoveryRESTMapper(discoveryClient) - kubePluginInitializer := NewPluginInitializer( - cloudConfig, - discoveryRESTMapper, - quotainstall.NewQuotaConfigurationForAdmission(), - ) - - admissionPostStartHook := func(context genericapiserver.PostStartHookContext) error { - discoveryRESTMapper.Reset() - go utilwait.Until(discoveryRESTMapper.Reset, 30*time.Second, context.StopCh) - return nil - } - - return []admission.PluginInitializer{webhookPluginInitializer, kubePluginInitializer}, admissionPostStartHook, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/admission/initializer.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/admission/initializer.go deleted file mode 100644 index 0ba97b5427..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/admission/initializer.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/initializer" - quota "k8s.io/apiserver/pkg/quota/v1" -) - -// TODO add a `WantsToRun` which takes a stopCh. Might make it generic. - -// WantsCloudConfig defines a function which sets CloudConfig for admission plugins that need it. -type WantsCloudConfig interface { - SetCloudConfig([]byte) -} - -// PluginInitializer is used for initialization of the Kubernetes specific admission plugins. -type PluginInitializer struct { - cloudConfig []byte - restMapper meta.RESTMapper - quotaConfiguration quota.Configuration -} - -var _ admission.PluginInitializer = &PluginInitializer{} - -// NewPluginInitializer constructs new instance of PluginInitializer -// TODO: switch these parameters to use the builder pattern or just make them -// all public, this construction method is pointless boilerplate. -func NewPluginInitializer( - cloudConfig []byte, - restMapper meta.RESTMapper, - quotaConfiguration quota.Configuration, -) *PluginInitializer { - return &PluginInitializer{ - cloudConfig: cloudConfig, - restMapper: restMapper, - quotaConfiguration: quotaConfiguration, - } -} - -// Initialize checks the initialization interfaces implemented by each plugin -// and provide the appropriate initialization data -func (i *PluginInitializer) Initialize(plugin admission.Interface) { - if wants, ok := plugin.(WantsCloudConfig); ok { - wants.SetCloudConfig(i.cloudConfig) - } - - if wants, ok := plugin.(initializer.WantsRESTMapper); ok { - wants.SetRESTMapper(i.restMapper) - } - - if wants, ok := plugin.(initializer.WantsQuotaConfiguration); ok { - wants.SetQuotaConfiguration(i.quotaConfiguration) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authenticator/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authenticator/OWNERS deleted file mode 100644 index c4ea6463df..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authenticator/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-authenticators-approvers -reviewers: - - sig-auth-authenticators-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authenticator/config.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authenticator/config.go deleted file mode 100644 index e10c76384f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authenticator/config.go +++ /dev/null @@ -1,315 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticator - -import ( - "errors" - "time" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/authenticatorfactory" - "k8s.io/apiserver/pkg/authentication/group" - "k8s.io/apiserver/pkg/authentication/request/anonymous" - "k8s.io/apiserver/pkg/authentication/request/bearertoken" - "k8s.io/apiserver/pkg/authentication/request/headerrequest" - "k8s.io/apiserver/pkg/authentication/request/union" - "k8s.io/apiserver/pkg/authentication/request/websocket" - "k8s.io/apiserver/pkg/authentication/request/x509" - tokencache "k8s.io/apiserver/pkg/authentication/token/cache" - "k8s.io/apiserver/pkg/authentication/token/tokenfile" - tokenunion "k8s.io/apiserver/pkg/authentication/token/union" - "k8s.io/apiserver/pkg/server/dynamiccertificates" - webhookutil "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/apiserver/plugin/pkg/authenticator/token/oidc" - "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook" - typedv1core "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/kube-openapi/pkg/validation/spec" - - // Initialize all known client auth plugins. - _ "k8s.io/client-go/plugin/pkg/client/auth" - "k8s.io/client-go/util/keyutil" - "k8s.io/kubernetes/pkg/serviceaccount" -) - -// Config contains the data on how to authenticate a request to the Kube API Server -type Config struct { - Anonymous bool - BootstrapToken bool - - TokenAuthFile string - OIDCIssuerURL string - OIDCClientID string - OIDCCAFile string - OIDCUsernameClaim string - OIDCUsernamePrefix string - OIDCGroupsClaim string - OIDCGroupsPrefix string - OIDCSigningAlgs []string - OIDCRequiredClaims map[string]string - ServiceAccountKeyFiles []string - ServiceAccountLookup bool - ServiceAccountIssuers []string - APIAudiences authenticator.Audiences - WebhookTokenAuthnConfigFile string - WebhookTokenAuthnVersion string - WebhookTokenAuthnCacheTTL time.Duration - // WebhookRetryBackoff specifies the backoff parameters for the authentication webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - WebhookRetryBackoff *wait.Backoff - - TokenSuccessCacheTTL time.Duration - TokenFailureCacheTTL time.Duration - - RequestHeaderConfig *authenticatorfactory.RequestHeaderConfig - - // TODO, this is the only non-serializable part of the entire config. Factor it out into a clientconfig - ServiceAccountTokenGetter serviceaccount.ServiceAccountTokenGetter - SecretsWriter typedv1core.SecretsGetter - BootstrapTokenAuthenticator authenticator.Token - // ClientCAContentProvider are the options for verifying incoming connections using mTLS and directly assigning to users. - // Generally this is the CA bundle file used to authenticate client certificates - // If this value is nil, then mutual TLS is disabled. - ClientCAContentProvider dynamiccertificates.CAContentProvider - - // Optional field, custom dial function used to connect to webhook - CustomDial utilnet.DialFunc -} - -// New returns an authenticator.Request or an error that supports the standard -// Kubernetes authentication mechanisms. -func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error) { - var authenticators []authenticator.Request - var tokenAuthenticators []authenticator.Token - securityDefinitions := spec.SecurityDefinitions{} - - // front-proxy, BasicAuth methods, local first, then remote - // Add the front proxy authenticator if requested - if config.RequestHeaderConfig != nil { - requestHeaderAuthenticator := headerrequest.NewDynamicVerifyOptionsSecure( - config.RequestHeaderConfig.CAContentProvider.VerifyOptions, - config.RequestHeaderConfig.AllowedClientNames, - config.RequestHeaderConfig.UsernameHeaders, - config.RequestHeaderConfig.GroupHeaders, - config.RequestHeaderConfig.ExtraHeaderPrefixes, - ) - authenticators = append(authenticators, authenticator.WrapAudienceAgnosticRequest(config.APIAudiences, requestHeaderAuthenticator)) - } - - // X509 methods - if config.ClientCAContentProvider != nil { - certAuth := x509.NewDynamic(config.ClientCAContentProvider.VerifyOptions, x509.CommonNameUserConversion) - authenticators = append(authenticators, certAuth) - } - - // Bearer token methods, local first, then remote - if len(config.TokenAuthFile) > 0 { - tokenAuth, err := newAuthenticatorFromTokenFile(config.TokenAuthFile) - if err != nil { - return nil, nil, err - } - tokenAuthenticators = append(tokenAuthenticators, authenticator.WrapAudienceAgnosticToken(config.APIAudiences, tokenAuth)) - } - if len(config.ServiceAccountKeyFiles) > 0 { - serviceAccountAuth, err := newLegacyServiceAccountAuthenticator(config.ServiceAccountKeyFiles, config.ServiceAccountLookup, config.APIAudiences, config.ServiceAccountTokenGetter, config.SecretsWriter) - if err != nil { - return nil, nil, err - } - tokenAuthenticators = append(tokenAuthenticators, serviceAccountAuth) - } - if len(config.ServiceAccountIssuers) > 0 { - serviceAccountAuth, err := newServiceAccountAuthenticator(config.ServiceAccountIssuers, config.ServiceAccountKeyFiles, config.APIAudiences, config.ServiceAccountTokenGetter) - if err != nil { - return nil, nil, err - } - tokenAuthenticators = append(tokenAuthenticators, serviceAccountAuth) - } - if config.BootstrapToken { - if config.BootstrapTokenAuthenticator != nil { - // TODO: This can sometimes be nil because of - tokenAuthenticators = append(tokenAuthenticators, authenticator.WrapAudienceAgnosticToken(config.APIAudiences, config.BootstrapTokenAuthenticator)) - } - } - // NOTE(ericchiang): Keep the OpenID Connect after Service Accounts. - // - // Because both plugins verify JWTs whichever comes first in the union experiences - // cache misses for all requests using the other. While the service account plugin - // simply returns an error, the OpenID Connect plugin may query the provider to - // update the keys, causing performance hits. - if len(config.OIDCIssuerURL) > 0 && len(config.OIDCClientID) > 0 { - // TODO(enj): wire up the Notifier and ControllerRunner bits when OIDC supports CA reload - var oidcCAContent oidc.CAContentProvider - if len(config.OIDCCAFile) != 0 { - var oidcCAErr error - oidcCAContent, oidcCAErr = dynamiccertificates.NewDynamicCAContentFromFile("oidc-authenticator", config.OIDCCAFile) - if oidcCAErr != nil { - return nil, nil, oidcCAErr - } - } - - oidcAuth, err := newAuthenticatorFromOIDCIssuerURL(oidc.Options{ - IssuerURL: config.OIDCIssuerURL, - ClientID: config.OIDCClientID, - CAContentProvider: oidcCAContent, - UsernameClaim: config.OIDCUsernameClaim, - UsernamePrefix: config.OIDCUsernamePrefix, - GroupsClaim: config.OIDCGroupsClaim, - GroupsPrefix: config.OIDCGroupsPrefix, - SupportedSigningAlgs: config.OIDCSigningAlgs, - RequiredClaims: config.OIDCRequiredClaims, - }) - if err != nil { - return nil, nil, err - } - tokenAuthenticators = append(tokenAuthenticators, authenticator.WrapAudienceAgnosticToken(config.APIAudiences, oidcAuth)) - } - if len(config.WebhookTokenAuthnConfigFile) > 0 { - webhookTokenAuth, err := newWebhookTokenAuthenticator(config) - if err != nil { - return nil, nil, err - } - - tokenAuthenticators = append(tokenAuthenticators, webhookTokenAuth) - } - - if len(tokenAuthenticators) > 0 { - // Union the token authenticators - tokenAuth := tokenunion.New(tokenAuthenticators...) - // Optionally cache authentication results - if config.TokenSuccessCacheTTL > 0 || config.TokenFailureCacheTTL > 0 { - tokenAuth = tokencache.New(tokenAuth, true, config.TokenSuccessCacheTTL, config.TokenFailureCacheTTL) - } - authenticators = append(authenticators, bearertoken.New(tokenAuth), websocket.NewProtocolAuthenticator(tokenAuth)) - securityDefinitions["BearerToken"] = &spec.SecurityScheme{ - SecuritySchemeProps: spec.SecuritySchemeProps{ - Type: "apiKey", - Name: "authorization", - In: "header", - Description: "Bearer Token authentication", - }, - } - } - - if len(authenticators) == 0 { - if config.Anonymous { - return anonymous.NewAuthenticator(), &securityDefinitions, nil - } - return nil, &securityDefinitions, nil - } - - authenticator := union.New(authenticators...) - - authenticator = group.NewAuthenticatedGroupAdder(authenticator) - - if config.Anonymous { - // If the authenticator chain returns an error, return an error (don't consider a bad bearer token - // or invalid username/password combination anonymous). - authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator()) - } - - return authenticator, &securityDefinitions, nil -} - -// IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file -func IsValidServiceAccountKeyFile(file string) bool { - _, err := keyutil.PublicKeysFromFile(file) - return err == nil -} - -// newAuthenticatorFromTokenFile returns an authenticator.Token or an error -func newAuthenticatorFromTokenFile(tokenAuthFile string) (authenticator.Token, error) { - tokenAuthenticator, err := tokenfile.NewCSV(tokenAuthFile) - if err != nil { - return nil, err - } - - return tokenAuthenticator, nil -} - -// newAuthenticatorFromOIDCIssuerURL returns an authenticator.Token or an error. -func newAuthenticatorFromOIDCIssuerURL(opts oidc.Options) (authenticator.Token, error) { - const noUsernamePrefix = "-" - - if opts.UsernamePrefix == "" && opts.UsernameClaim != "email" { - // Old behavior. If a usernamePrefix isn't provided, prefix all claims other than "email" - // with the issuerURL. - // - // See https://github.com/kubernetes/kubernetes/issues/31380 - opts.UsernamePrefix = opts.IssuerURL + "#" - } - - if opts.UsernamePrefix == noUsernamePrefix { - // Special value indicating usernames shouldn't be prefixed. - opts.UsernamePrefix = "" - } - - tokenAuthenticator, err := oidc.New(opts) - if err != nil { - return nil, err - } - - return tokenAuthenticator, nil -} - -// newLegacyServiceAccountAuthenticator returns an authenticator.Token or an error -func newLegacyServiceAccountAuthenticator(keyfiles []string, lookup bool, apiAudiences authenticator.Audiences, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter, secretsWriter typedv1core.SecretsGetter) (authenticator.Token, error) { - allPublicKeys := []interface{}{} - for _, keyfile := range keyfiles { - publicKeys, err := keyutil.PublicKeysFromFile(keyfile) - if err != nil { - return nil, err - } - allPublicKeys = append(allPublicKeys, publicKeys...) - } - - tokenAuthenticator := serviceaccount.JWTTokenAuthenticator([]string{serviceaccount.LegacyIssuer}, allPublicKeys, apiAudiences, serviceaccount.NewLegacyValidator(lookup, serviceAccountGetter, secretsWriter)) - return tokenAuthenticator, nil -} - -// newServiceAccountAuthenticator returns an authenticator.Token or an error -func newServiceAccountAuthenticator(issuers []string, keyfiles []string, apiAudiences authenticator.Audiences, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter) (authenticator.Token, error) { - allPublicKeys := []interface{}{} - for _, keyfile := range keyfiles { - publicKeys, err := keyutil.PublicKeysFromFile(keyfile) - if err != nil { - return nil, err - } - allPublicKeys = append(allPublicKeys, publicKeys...) - } - - tokenAuthenticator := serviceaccount.JWTTokenAuthenticator(issuers, allPublicKeys, apiAudiences, serviceaccount.NewValidator(serviceAccountGetter)) - return tokenAuthenticator, nil -} - -func newWebhookTokenAuthenticator(config Config) (authenticator.Token, error) { - if config.WebhookRetryBackoff == nil { - return nil, errors.New("retry backoff parameters for authentication webhook has not been specified") - } - - clientConfig, err := webhookutil.LoadKubeconfig(config.WebhookTokenAuthnConfigFile, config.CustomDial) - if err != nil { - return nil, err - } - webhookTokenAuthenticator, err := webhook.New(clientConfig, config.WebhookTokenAuthnVersion, config.APIAudiences, *config.WebhookRetryBackoff) - if err != nil { - return nil, err - } - - return tokencache.New(webhookTokenAuthenticator, false, config.WebhookTokenAuthnCacheTTL, config.WebhookTokenAuthnCacheTTL), nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/OWNERS deleted file mode 100644 index 55d3fb23c0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-authorizers-approvers -reviewers: - - sig-auth-authorizers-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/config.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/config.go deleted file mode 100644 index f9c6aeabc8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/config.go +++ /dev/null @@ -1,153 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authorizer - -import ( - "errors" - "fmt" - "time" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/authorization/authorizerfactory" - "k8s.io/apiserver/pkg/authorization/union" - webhookutil "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/apiserver/plugin/pkg/authorizer/webhook" - versionedinformers "k8s.io/client-go/informers" - "k8s.io/kubernetes/pkg/auth/authorizer/abac" - "k8s.io/kubernetes/pkg/auth/nodeidentifier" - "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes" - "k8s.io/kubernetes/plugin/pkg/auth/authorizer/node" - "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac" - "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy" -) - -// Config contains the data on how to authorize a request to the Kube API Server -type Config struct { - AuthorizationModes []string - - // Options for ModeABAC - - // Path to an ABAC policy file. - PolicyFile string - - // Options for ModeWebhook - - // Kubeconfig file for Webhook authorization plugin. - WebhookConfigFile string - // API version of subject access reviews to send to the webhook (e.g. "v1", "v1beta1") - WebhookVersion string - // TTL for caching of authorized responses from the webhook server. - WebhookCacheAuthorizedTTL time.Duration - // TTL for caching of unauthorized responses from the webhook server. - WebhookCacheUnauthorizedTTL time.Duration - // WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - WebhookRetryBackoff *wait.Backoff - - VersionedInformerFactory versionedinformers.SharedInformerFactory - - // Optional field, custom dial function used to connect to webhook - CustomDial utilnet.DialFunc -} - -// New returns the right sort of union of multiple authorizer.Authorizer objects -// based on the authorizationMode or an error. -func (config Config) New() (authorizer.Authorizer, authorizer.RuleResolver, error) { - if len(config.AuthorizationModes) == 0 { - return nil, nil, fmt.Errorf("at least one authorization mode must be passed") - } - - var ( - authorizers []authorizer.Authorizer - ruleResolvers []authorizer.RuleResolver - ) - - // Add SystemPrivilegedGroup as an authorizing group - superuserAuthorizer := authorizerfactory.NewPrivilegedGroups(user.SystemPrivilegedGroup) - authorizers = append(authorizers, superuserAuthorizer) - - for _, authorizationMode := range config.AuthorizationModes { - // Keep cases in sync with constant list in k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go. - switch authorizationMode { - case modes.ModeNode: - node.RegisterMetrics() - graph := node.NewGraph() - node.AddGraphEventHandlers( - graph, - config.VersionedInformerFactory.Core().V1().Nodes(), - config.VersionedInformerFactory.Core().V1().Pods(), - config.VersionedInformerFactory.Core().V1().PersistentVolumes(), - config.VersionedInformerFactory.Storage().V1().VolumeAttachments(), - ) - nodeAuthorizer := node.NewAuthorizer(graph, nodeidentifier.NewDefaultNodeIdentifier(), bootstrappolicy.NodeRules()) - authorizers = append(authorizers, nodeAuthorizer) - ruleResolvers = append(ruleResolvers, nodeAuthorizer) - - case modes.ModeAlwaysAllow: - alwaysAllowAuthorizer := authorizerfactory.NewAlwaysAllowAuthorizer() - authorizers = append(authorizers, alwaysAllowAuthorizer) - ruleResolvers = append(ruleResolvers, alwaysAllowAuthorizer) - case modes.ModeAlwaysDeny: - alwaysDenyAuthorizer := authorizerfactory.NewAlwaysDenyAuthorizer() - authorizers = append(authorizers, alwaysDenyAuthorizer) - ruleResolvers = append(ruleResolvers, alwaysDenyAuthorizer) - case modes.ModeABAC: - abacAuthorizer, err := abac.NewFromFile(config.PolicyFile) - if err != nil { - return nil, nil, err - } - authorizers = append(authorizers, abacAuthorizer) - ruleResolvers = append(ruleResolvers, abacAuthorizer) - case modes.ModeWebhook: - if config.WebhookRetryBackoff == nil { - return nil, nil, errors.New("retry backoff parameters for authorization webhook has not been specified") - } - clientConfig, err := webhookutil.LoadKubeconfig(config.WebhookConfigFile, config.CustomDial) - if err != nil { - return nil, nil, err - } - webhookAuthorizer, err := webhook.New(clientConfig, - config.WebhookVersion, - config.WebhookCacheAuthorizedTTL, - config.WebhookCacheUnauthorizedTTL, - *config.WebhookRetryBackoff, - ) - if err != nil { - return nil, nil, err - } - authorizers = append(authorizers, webhookAuthorizer) - ruleResolvers = append(ruleResolvers, webhookAuthorizer) - case modes.ModeRBAC: - rbacAuthorizer := rbac.New( - &rbac.RoleGetter{Lister: config.VersionedInformerFactory.Rbac().V1().Roles().Lister()}, - &rbac.RoleBindingLister{Lister: config.VersionedInformerFactory.Rbac().V1().RoleBindings().Lister()}, - &rbac.ClusterRoleGetter{Lister: config.VersionedInformerFactory.Rbac().V1().ClusterRoles().Lister()}, - &rbac.ClusterRoleBindingLister{Lister: config.VersionedInformerFactory.Rbac().V1().ClusterRoleBindings().Lister()}, - ) - authorizers = append(authorizers, rbacAuthorizer) - ruleResolvers = append(ruleResolvers, rbacAuthorizer) - default: - return nil, nil, fmt.Errorf("unknown authorization mode %s specified", authorizationMode) - } - } - - return union.New(authorizers...), union.NewRuleResolvers(ruleResolvers...), nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go deleted file mode 100644 index 501b98a95c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package modes - -import "k8s.io/apimachinery/pkg/util/sets" - -const ( - // ModeAlwaysAllow is the mode to set all requests as authorized - ModeAlwaysAllow string = "AlwaysAllow" - // ModeAlwaysDeny is the mode to set no requests as authorized - ModeAlwaysDeny string = "AlwaysDeny" - // ModeABAC is the mode to use Attribute Based Access Control to authorize - ModeABAC string = "ABAC" - // ModeWebhook is the mode to make an external webhook call to authorize - ModeWebhook string = "Webhook" - // ModeRBAC is the mode to use Role Based Access Control to authorize - ModeRBAC string = "RBAC" - // ModeNode is an authorization mode that authorizes API requests made by kubelets. - ModeNode string = "Node" -) - -// AuthorizationModeChoices is the list of supported authorization modes -var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC, ModeWebhook, ModeRBAC, ModeNode} - -// IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver -func IsValidAuthorizationMode(authzMode string) bool { - return sets.NewString(AuthorizationModeChoices...).Has(authzMode) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/admission.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/admission.go deleted file mode 100644 index 3d8c8ce2ad..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/admission.go +++ /dev/null @@ -1,130 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "strings" - - "github.com/spf13/pflag" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/server" - genericoptions "k8s.io/apiserver/pkg/server/options" - "k8s.io/client-go/informers" - "k8s.io/client-go/rest" - "k8s.io/component-base/featuregate" -) - -// AdmissionOptions holds the admission options. -// It is a wrap of generic AdmissionOptions. -type AdmissionOptions struct { - // GenericAdmission holds the generic admission options. - GenericAdmission *genericoptions.AdmissionOptions - // DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins. - // They are mutually exclusive, specify both will lead to an error. - PluginNames []string -} - -// NewAdmissionOptions creates a new instance of AdmissionOptions -// Note: -// -// In addition it calls RegisterAllAdmissionPlugins to register -// all kube-apiserver admission plugins. -// -// Provides the list of RecommendedPluginOrder that holds sane values -// that can be used by servers that don't care about admission chain. -// Servers that do care can overwrite/append that field after creation. -func NewAdmissionOptions() *AdmissionOptions { - options := genericoptions.NewAdmissionOptions() - // register all admission plugins - RegisterAllAdmissionPlugins(options.Plugins) - // set RecommendedPluginOrder - options.RecommendedPluginOrder = AllOrderedPlugins - // set DefaultOffPlugins - options.DefaultOffPlugins = DefaultOffAdmissionPlugins() - - return &AdmissionOptions{ - GenericAdmission: options, - } -} - -// AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet -func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringSliceVar(&a.PluginNames, "admission-control", a.PluginNames, ""+ - "Admission is divided into two phases. "+ - "In the first phase, only mutating admission plugins run. "+ - "In the second phase, only validating admission plugins run. "+ - "The names in the below list may represent a validating plugin, a mutating plugin, or both. "+ - "The order of plugins in which they are passed to this flag does not matter. "+ - "Comma-delimited list of: "+strings.Join(a.GenericAdmission.Plugins.Registered(), ", ")+".") - fs.MarkDeprecated("admission-control", "Use --enable-admission-plugins or --disable-admission-plugins instead. Will be removed in a future version.") - fs.Lookup("admission-control").Hidden = false - - a.GenericAdmission.AddFlags(fs) -} - -// Validate verifies flags passed to kube-apiserver AdmissionOptions. -// Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate. -func (a *AdmissionOptions) Validate() []error { - if a == nil { - return nil - } - var errs []error - if a.PluginNames != nil && - (a.GenericAdmission.EnablePlugins != nil || a.GenericAdmission.DisablePlugins != nil) { - errs = append(errs, fmt.Errorf("admission-control and enable-admission-plugins/disable-admission-plugins flags are mutually exclusive")) - } - - registeredPlugins := sets.NewString(a.GenericAdmission.Plugins.Registered()...) - for _, name := range a.PluginNames { - if !registeredPlugins.Has(name) { - errs = append(errs, fmt.Errorf("admission-control plugin %q is unknown", name)) - } - } - - errs = append(errs, a.GenericAdmission.Validate()...) - - return errs -} - -// ApplyTo adds the admission chain to the server configuration. -// Kube-apiserver just call generic AdmissionOptions.ApplyTo. -func (a *AdmissionOptions) ApplyTo( - c *server.Config, - informers informers.SharedInformerFactory, - kubeAPIServerClientConfig *rest.Config, - features featuregate.FeatureGate, - pluginInitializers ...admission.PluginInitializer, -) error { - if a == nil { - return nil - } - - if a.PluginNames != nil { - // pass PluginNames to generic AdmissionOptions - a.GenericAdmission.EnablePlugins, a.GenericAdmission.DisablePlugins = computePluginNames(a.PluginNames, a.GenericAdmission.RecommendedPluginOrder) - } - - return a.GenericAdmission.ApplyTo(c, informers, kubeAPIServerClientConfig, features, pluginInitializers...) -} - -// explicitly disable all plugins that are not in the enabled list -func computePluginNames(explicitlyEnabled []string, all []string) (enabled []string, disabled []string) { - return explicitlyEnabled, sets.NewString(all...).Difference(sets.NewString(explicitlyEnabled...)).List() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go deleted file mode 100644 index cb5b586ce5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authentication.go +++ /dev/null @@ -1,523 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "errors" - "fmt" - "net/url" - "strings" - "time" - - "github.com/spf13/pflag" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authentication/authenticator" - genericapiserver "k8s.io/apiserver/pkg/server" - "k8s.io/apiserver/pkg/server/egressselector" - genericoptions "k8s.io/apiserver/pkg/server/options" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - cliflag "k8s.io/component-base/cli/flag" - "k8s.io/klog/v2" - openapicommon "k8s.io/kube-openapi/pkg/common" - serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount" - kubeauthenticator "k8s.io/kubernetes/pkg/kubeapiserver/authenticator" - authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes" - "k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap" -) - -// BuiltInAuthenticationOptions contains all build-in authentication options for API Server -type BuiltInAuthenticationOptions struct { - APIAudiences []string - Anonymous *AnonymousAuthenticationOptions - BootstrapToken *BootstrapTokenAuthenticationOptions - ClientCert *genericoptions.ClientCertAuthenticationOptions - OIDC *OIDCAuthenticationOptions - RequestHeader *genericoptions.RequestHeaderAuthenticationOptions - ServiceAccounts *ServiceAccountAuthenticationOptions - TokenFile *TokenFileAuthenticationOptions - WebHook *WebHookAuthenticationOptions - - TokenSuccessCacheTTL time.Duration - TokenFailureCacheTTL time.Duration -} - -// AnonymousAuthenticationOptions contains anonymous authentication options for API Server -type AnonymousAuthenticationOptions struct { - Allow bool -} - -// BootstrapTokenAuthenticationOptions contains bootstrap token authentication options for API Server -type BootstrapTokenAuthenticationOptions struct { - Enable bool -} - -// OIDCAuthenticationOptions contains OIDC authentication options for API Server -type OIDCAuthenticationOptions struct { - CAFile string - ClientID string - IssuerURL string - UsernameClaim string - UsernamePrefix string - GroupsClaim string - GroupsPrefix string - SigningAlgs []string - RequiredClaims map[string]string -} - -// ServiceAccountAuthenticationOptions contains service account authentication options for API Server -type ServiceAccountAuthenticationOptions struct { - KeyFiles []string - Lookup bool - Issuers []string - JWKSURI string - MaxExpiration time.Duration - ExtendExpiration bool -} - -// TokenFileAuthenticationOptions contains token file authentication options for API Server -type TokenFileAuthenticationOptions struct { - TokenFile string -} - -// WebHookAuthenticationOptions contains web hook authentication options for API Server -type WebHookAuthenticationOptions struct { - ConfigFile string - Version string - CacheTTL time.Duration - - // RetryBackoff specifies the backoff parameters for the authentication webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - RetryBackoff *wait.Backoff -} - -// NewBuiltInAuthenticationOptions create a new BuiltInAuthenticationOptions, just set default token cache TTL -func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions { - return &BuiltInAuthenticationOptions{ - TokenSuccessCacheTTL: 10 * time.Second, - TokenFailureCacheTTL: 0 * time.Second, - } -} - -// WithAll set default value for every build-in authentication option -func (o *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions { - return o. - WithAnonymous(). - WithBootstrapToken(). - WithClientCert(). - WithOIDC(). - WithRequestHeader(). - WithServiceAccounts(). - WithTokenFile(). - WithWebHook() -} - -// WithAnonymous set default value for anonymous authentication -func (o *BuiltInAuthenticationOptions) WithAnonymous() *BuiltInAuthenticationOptions { - o.Anonymous = &AnonymousAuthenticationOptions{Allow: true} - return o -} - -// WithBootstrapToken set default value for bootstrap token authentication -func (o *BuiltInAuthenticationOptions) WithBootstrapToken() *BuiltInAuthenticationOptions { - o.BootstrapToken = &BootstrapTokenAuthenticationOptions{} - return o -} - -// WithClientCert set default value for client cert -func (o *BuiltInAuthenticationOptions) WithClientCert() *BuiltInAuthenticationOptions { - o.ClientCert = &genericoptions.ClientCertAuthenticationOptions{} - return o -} - -// WithOIDC set default value for OIDC authentication -func (o *BuiltInAuthenticationOptions) WithOIDC() *BuiltInAuthenticationOptions { - o.OIDC = &OIDCAuthenticationOptions{} - return o -} - -// WithRequestHeader set default value for request header authentication -func (o *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticationOptions { - o.RequestHeader = &genericoptions.RequestHeaderAuthenticationOptions{} - return o -} - -// WithServiceAccounts set default value for service account authentication -func (o *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions { - o.ServiceAccounts = &ServiceAccountAuthenticationOptions{Lookup: true, ExtendExpiration: true} - return o -} - -// WithTokenFile set default value for token file authentication -func (o *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions { - o.TokenFile = &TokenFileAuthenticationOptions{} - return o -} - -// WithWebHook set default value for web hook authentication -func (o *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions { - o.WebHook = &WebHookAuthenticationOptions{ - Version: "v1beta1", - CacheTTL: 2 * time.Minute, - RetryBackoff: genericoptions.DefaultAuthWebhookRetryBackoff(), - } - return o -} - -// Validate checks invalid config combination -func (o *BuiltInAuthenticationOptions) Validate() []error { - var allErrors []error - - if o.OIDC != nil && (len(o.OIDC.IssuerURL) > 0) != (len(o.OIDC.ClientID) > 0) { - allErrors = append(allErrors, fmt.Errorf("oidc-issuer-url and oidc-client-id should be specified together")) - } - - if o.ServiceAccounts != nil && len(o.ServiceAccounts.Issuers) > 0 { - seen := make(map[string]bool) - for _, issuer := range o.ServiceAccounts.Issuers { - if strings.Contains(issuer, ":") { - if _, err := url.Parse(issuer); err != nil { - allErrors = append(allErrors, fmt.Errorf("service-account-issuer %q contained a ':' but was not a valid URL: %v", issuer, err)) - continue - } - } - if issuer == "" { - allErrors = append(allErrors, fmt.Errorf("service-account-issuer should not be an empty string")) - continue - } - if seen[issuer] { - allErrors = append(allErrors, fmt.Errorf("service-account-issuer %q is already specified", issuer)) - continue - } - seen[issuer] = true - } - } - - if o.ServiceAccounts != nil { - if len(o.ServiceAccounts.Issuers) == 0 { - allErrors = append(allErrors, errors.New("service-account-issuer is a required flag")) - } - if len(o.ServiceAccounts.KeyFiles) == 0 { - allErrors = append(allErrors, errors.New("service-account-key-file is a required flag")) - } - - // Validate the JWKS URI when it is explicitly set. - // When unset, it is later derived from ExternalHost. - if o.ServiceAccounts.JWKSURI != "" { - if u, err := url.Parse(o.ServiceAccounts.JWKSURI); err != nil { - allErrors = append(allErrors, fmt.Errorf("service-account-jwks-uri must be a valid URL: %v", err)) - } else if u.Scheme != "https" { - allErrors = append(allErrors, fmt.Errorf("service-account-jwks-uri requires https scheme, parsed as: %v", u.String())) - } - } - } - - if o.WebHook != nil { - retryBackoff := o.WebHook.RetryBackoff - if retryBackoff != nil && retryBackoff.Steps <= 0 { - allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 0, but is: %d", retryBackoff.Steps)) - } - } - - return allErrors -} - -// AddFlags returns flags of authentication for a API Server -func (o *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringSliceVar(&o.APIAudiences, "api-audiences", o.APIAudiences, ""+ - "Identifiers of the API. The service account token authenticator will validate that "+ - "tokens used against the API are bound to at least one of these audiences. If the "+ - "--service-account-issuer flag is configured and this flag is not, this field "+ - "defaults to a single element list containing the issuer URL.") - - if o.Anonymous != nil { - fs.BoolVar(&o.Anonymous.Allow, "anonymous-auth", o.Anonymous.Allow, ""+ - "Enables anonymous requests to the secure port of the API server. "+ - "Requests that are not rejected by another authentication method are treated as anonymous requests. "+ - "Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated.") - } - - if o.BootstrapToken != nil { - fs.BoolVar(&o.BootstrapToken.Enable, "enable-bootstrap-token-auth", o.BootstrapToken.Enable, ""+ - "Enable to allow secrets of type 'bootstrap.kubernetes.io/token' in the 'kube-system' "+ - "namespace to be used for TLS bootstrapping authentication.") - } - - if o.ClientCert != nil { - o.ClientCert.AddFlags(fs) - } - - if o.OIDC != nil { - fs.StringVar(&o.OIDC.IssuerURL, "oidc-issuer-url", o.OIDC.IssuerURL, ""+ - "The URL of the OpenID issuer, only HTTPS scheme will be accepted. "+ - "If set, it will be used to verify the OIDC JSON Web Token (JWT).") - - fs.StringVar(&o.OIDC.ClientID, "oidc-client-id", o.OIDC.ClientID, - "The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.") - - fs.StringVar(&o.OIDC.CAFile, "oidc-ca-file", o.OIDC.CAFile, ""+ - "If set, the OpenID server's certificate will be verified by one of the authorities "+ - "in the oidc-ca-file, otherwise the host's root CA set will be used.") - - fs.StringVar(&o.OIDC.UsernameClaim, "oidc-username-claim", "sub", ""+ - "The OpenID claim to use as the user name. Note that claims other than the default ('sub') "+ - "is not guaranteed to be unique and immutable. This flag is experimental, please see "+ - "the authentication documentation for further details.") - - fs.StringVar(&o.OIDC.UsernamePrefix, "oidc-username-prefix", "", ""+ - "If provided, all usernames will be prefixed with this value. If not provided, "+ - "username claims other than 'email' are prefixed by the issuer URL to avoid "+ - "clashes. To skip any prefixing, provide the value '-'.") - - fs.StringVar(&o.OIDC.GroupsClaim, "oidc-groups-claim", "", ""+ - "If provided, the name of a custom OpenID Connect claim for specifying user groups. "+ - "The claim value is expected to be a string or array of strings. This flag is experimental, "+ - "please see the authentication documentation for further details.") - - fs.StringVar(&o.OIDC.GroupsPrefix, "oidc-groups-prefix", "", ""+ - "If provided, all groups will be prefixed with this value to prevent conflicts with "+ - "other authentication strategies.") - - fs.StringSliceVar(&o.OIDC.SigningAlgs, "oidc-signing-algs", []string{"RS256"}, ""+ - "Comma-separated list of allowed JOSE asymmetric signing algorithms. JWTs with a "+ - "supported 'alg' header values are: RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512. "+ - "Values are defined by RFC 7518 https://tools.ietf.org/html/rfc7518#section-3.1.") - - fs.Var(cliflag.NewMapStringStringNoSplit(&o.OIDC.RequiredClaims), "oidc-required-claim", ""+ - "A key=value pair that describes a required claim in the ID Token. "+ - "If set, the claim is verified to be present in the ID Token with a matching value. "+ - "Repeat this flag to specify multiple claims.") - } - - if o.RequestHeader != nil { - o.RequestHeader.AddFlags(fs) - } - - if o.ServiceAccounts != nil { - fs.StringArrayVar(&o.ServiceAccounts.KeyFiles, "service-account-key-file", o.ServiceAccounts.KeyFiles, ""+ - "File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify "+ - "ServiceAccount tokens. The specified file can contain multiple keys, and the flag can "+ - "be specified multiple times with different files. If unspecified, "+ - "--tls-private-key-file is used. Must be specified when "+ - "--service-account-signing-key-file is provided") - - fs.BoolVar(&o.ServiceAccounts.Lookup, "service-account-lookup", o.ServiceAccounts.Lookup, - "If true, validate ServiceAccount tokens exist in etcd as part of authentication.") - - fs.StringArrayVar(&o.ServiceAccounts.Issuers, "service-account-issuer", o.ServiceAccounts.Issuers, ""+ - "Identifier of the service account token issuer. The issuer will assert this identifier "+ - "in \"iss\" claim of issued tokens. This value is a string or URI. If this option is not "+ - "a valid URI per the OpenID Discovery 1.0 spec, the ServiceAccountIssuerDiscovery feature "+ - "will remain disabled, even if the feature gate is set to true. It is highly recommended "+ - "that this value comply with the OpenID spec: https://openid.net/specs/openid-connect-discovery-1_0.html. "+ - "In practice, this means that service-account-issuer must be an https URL. It is also highly "+ - "recommended that this URL be capable of serving OpenID discovery documents at "+ - "{service-account-issuer}/.well-known/openid-configuration. "+ - "When this flag is specified multiple times, the first is used to generate tokens "+ - "and all are used to determine which issuers are accepted.") - - fs.StringVar(&o.ServiceAccounts.JWKSURI, "service-account-jwks-uri", o.ServiceAccounts.JWKSURI, ""+ - "Overrides the URI for the JSON Web Key Set in the discovery doc served at "+ - "/.well-known/openid-configuration. This flag is useful if the discovery doc"+ - "and key set are served to relying parties from a URL other than the "+ - "API server's external (as auto-detected or overridden with external-hostname). ") - - fs.DurationVar(&o.ServiceAccounts.MaxExpiration, "service-account-max-token-expiration", o.ServiceAccounts.MaxExpiration, ""+ - "The maximum validity duration of a token created by the service account token issuer. If an otherwise valid "+ - "TokenRequest with a validity duration larger than this value is requested, a token will be issued with a validity duration of this value.") - - fs.BoolVar(&o.ServiceAccounts.ExtendExpiration, "service-account-extend-token-expiration", o.ServiceAccounts.ExtendExpiration, ""+ - "Turns on projected service account expiration extension during token generation, "+ - "which helps safe transition from legacy token to bound service account token feature. "+ - "If this flag is enabled, admission injected tokens would be extended up to 1 year to "+ - "prevent unexpected failure during transition, ignoring value of service-account-max-token-expiration.") - } - - if o.TokenFile != nil { - fs.StringVar(&o.TokenFile.TokenFile, "token-auth-file", o.TokenFile.TokenFile, ""+ - "If set, the file that will be used to secure the secure port of the API server "+ - "via token authentication.") - } - - if o.WebHook != nil { - fs.StringVar(&o.WebHook.ConfigFile, "authentication-token-webhook-config-file", o.WebHook.ConfigFile, ""+ - "File with webhook configuration for token authentication in kubeconfig format. "+ - "The API server will query the remote service to determine authentication for bearer tokens.") - - fs.StringVar(&o.WebHook.Version, "authentication-token-webhook-version", o.WebHook.Version, ""+ - "The API version of the authentication.k8s.io TokenReview to send to and expect from the webhook.") - - fs.DurationVar(&o.WebHook.CacheTTL, "authentication-token-webhook-cache-ttl", o.WebHook.CacheTTL, - "The duration to cache responses from the webhook token authenticator.") - } -} - -// ToAuthenticationConfig convert BuiltInAuthenticationOptions to kubeauthenticator.Config -func (o *BuiltInAuthenticationOptions) ToAuthenticationConfig() (kubeauthenticator.Config, error) { - ret := kubeauthenticator.Config{ - TokenSuccessCacheTTL: o.TokenSuccessCacheTTL, - TokenFailureCacheTTL: o.TokenFailureCacheTTL, - } - - if o.Anonymous != nil { - ret.Anonymous = o.Anonymous.Allow - } - - if o.BootstrapToken != nil { - ret.BootstrapToken = o.BootstrapToken.Enable - } - - if o.ClientCert != nil { - var err error - ret.ClientCAContentProvider, err = o.ClientCert.GetClientCAContentProvider() - if err != nil { - return kubeauthenticator.Config{}, err - } - } - - if o.OIDC != nil { - ret.OIDCCAFile = o.OIDC.CAFile - ret.OIDCClientID = o.OIDC.ClientID - ret.OIDCGroupsClaim = o.OIDC.GroupsClaim - ret.OIDCGroupsPrefix = o.OIDC.GroupsPrefix - ret.OIDCIssuerURL = o.OIDC.IssuerURL - ret.OIDCUsernameClaim = o.OIDC.UsernameClaim - ret.OIDCUsernamePrefix = o.OIDC.UsernamePrefix - ret.OIDCSigningAlgs = o.OIDC.SigningAlgs - ret.OIDCRequiredClaims = o.OIDC.RequiredClaims - } - - if o.RequestHeader != nil { - var err error - ret.RequestHeaderConfig, err = o.RequestHeader.ToAuthenticationRequestHeaderConfig() - if err != nil { - return kubeauthenticator.Config{}, err - } - } - - ret.APIAudiences = o.APIAudiences - if o.ServiceAccounts != nil { - if len(o.ServiceAccounts.Issuers) != 0 && len(o.APIAudiences) == 0 { - ret.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers) - } - ret.ServiceAccountKeyFiles = o.ServiceAccounts.KeyFiles - ret.ServiceAccountIssuers = o.ServiceAccounts.Issuers - ret.ServiceAccountLookup = o.ServiceAccounts.Lookup - } - - if o.TokenFile != nil { - ret.TokenAuthFile = o.TokenFile.TokenFile - } - - if o.WebHook != nil { - ret.WebhookTokenAuthnConfigFile = o.WebHook.ConfigFile - ret.WebhookTokenAuthnVersion = o.WebHook.Version - ret.WebhookTokenAuthnCacheTTL = o.WebHook.CacheTTL - ret.WebhookRetryBackoff = o.WebHook.RetryBackoff - - if len(o.WebHook.ConfigFile) > 0 && o.WebHook.CacheTTL > 0 { - if o.TokenSuccessCacheTTL > 0 && o.WebHook.CacheTTL < o.TokenSuccessCacheTTL { - klog.Warningf("the webhook cache ttl of %s is shorter than the overall cache ttl of %s for successful token authentication attempts.", o.WebHook.CacheTTL, o.TokenSuccessCacheTTL) - } - if o.TokenFailureCacheTTL > 0 && o.WebHook.CacheTTL < o.TokenFailureCacheTTL { - klog.Warningf("the webhook cache ttl of %s is shorter than the overall cache ttl of %s for failed token authentication attempts.", o.WebHook.CacheTTL, o.TokenFailureCacheTTL) - } - } - } - - return ret, nil -} - -// ApplyTo requires already applied OpenAPIConfig and EgressSelector if present. -func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.AuthenticationInfo, secureServing *genericapiserver.SecureServingInfo, egressSelector *egressselector.EgressSelector, openAPIConfig *openapicommon.Config, openAPIV3Config *openapicommon.Config, extclient kubernetes.Interface, versionedInformer informers.SharedInformerFactory) error { - if o == nil { - return nil - } - - if openAPIConfig == nil { - return errors.New("uninitialized OpenAPIConfig") - } - - authenticatorConfig, err := o.ToAuthenticationConfig() - if err != nil { - return err - } - - if authenticatorConfig.ClientCAContentProvider != nil { - if err = authInfo.ApplyClientCert(authenticatorConfig.ClientCAContentProvider, secureServing); err != nil { - return fmt.Errorf("unable to load client CA file: %v", err) - } - } - if authenticatorConfig.RequestHeaderConfig != nil && authenticatorConfig.RequestHeaderConfig.CAContentProvider != nil { - if err = authInfo.ApplyClientCert(authenticatorConfig.RequestHeaderConfig.CAContentProvider, secureServing); err != nil { - return fmt.Errorf("unable to load client CA file: %v", err) - } - } - - authInfo.APIAudiences = o.APIAudiences - if o.ServiceAccounts != nil && len(o.ServiceAccounts.Issuers) != 0 && len(o.APIAudiences) == 0 { - authInfo.APIAudiences = authenticator.Audiences(o.ServiceAccounts.Issuers) - } - - authenticatorConfig.ServiceAccountTokenGetter = serviceaccountcontroller.NewGetterFromClient( - extclient, - versionedInformer.Core().V1().Secrets().Lister(), - versionedInformer.Core().V1().ServiceAccounts().Lister(), - versionedInformer.Core().V1().Pods().Lister(), - ) - authenticatorConfig.SecretsWriter = extclient.CoreV1() - - authenticatorConfig.BootstrapTokenAuthenticator = bootstrap.NewTokenAuthenticator( - versionedInformer.Core().V1().Secrets().Lister().Secrets(metav1.NamespaceSystem), - ) - - if egressSelector != nil { - egressDialer, err := egressSelector.Lookup(egressselector.ControlPlane.AsNetworkContext()) - if err != nil { - return err - } - authenticatorConfig.CustomDial = egressDialer - } - - authInfo.Authenticator, openAPIConfig.SecurityDefinitions, err = authenticatorConfig.New() - if openAPIV3Config != nil { - openAPIV3Config.SecurityDefinitions = openAPIConfig.SecurityDefinitions - } - if err != nil { - return err - } - - return nil -} - -// ApplyAuthorization will conditionally modify the authentication options based on the authorization options -func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions) { - if o == nil || authorization == nil || o.Anonymous == nil { - return - } - - // authorization ModeAlwaysAllow cannot be combined with AnonymousAuth. - // in such a case the AnonymousAuth is stomped to false and you get a message - if o.Anonymous.Allow && sets.NewString(authorization.Modes...).Has(authzmodes.ModeAlwaysAllow) { - klog.Warningf("AnonymousAuth is not allowed with the AlwaysAllow authorizer. Resetting AnonymousAuth to false. You should use a different authorizer") - o.Anonymous.Allow = false - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authorization.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authorization.go deleted file mode 100644 index 778ca1210d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/authorization.go +++ /dev/null @@ -1,139 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "fmt" - "strings" - "time" - - "github.com/spf13/pflag" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - genericoptions "k8s.io/apiserver/pkg/server/options" - versionedinformers "k8s.io/client-go/informers" - "k8s.io/kubernetes/pkg/kubeapiserver/authorizer" - authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes" -) - -// BuiltInAuthorizationOptions contains all build-in authorization options for API Server -type BuiltInAuthorizationOptions struct { - Modes []string - PolicyFile string - WebhookConfigFile string - WebhookVersion string - WebhookCacheAuthorizedTTL time.Duration - WebhookCacheUnauthorizedTTL time.Duration - // WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic. - // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed - // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. - WebhookRetryBackoff *wait.Backoff -} - -// NewBuiltInAuthorizationOptions create a BuiltInAuthorizationOptions with default value -func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions { - return &BuiltInAuthorizationOptions{ - Modes: []string{authzmodes.ModeAlwaysAllow}, - WebhookVersion: "v1beta1", - WebhookCacheAuthorizedTTL: 5 * time.Minute, - WebhookCacheUnauthorizedTTL: 30 * time.Second, - WebhookRetryBackoff: genericoptions.DefaultAuthWebhookRetryBackoff(), - } -} - -// Validate checks invalid config combination -func (o *BuiltInAuthorizationOptions) Validate() []error { - if o == nil { - return nil - } - var allErrors []error - - if len(o.Modes) == 0 { - allErrors = append(allErrors, fmt.Errorf("at least one authorization-mode must be passed")) - } - - modes := sets.NewString(o.Modes...) - for _, mode := range o.Modes { - if !authzmodes.IsValidAuthorizationMode(mode) { - allErrors = append(allErrors, fmt.Errorf("authorization-mode %q is not a valid mode", mode)) - } - if mode == authzmodes.ModeABAC && o.PolicyFile == "" { - allErrors = append(allErrors, fmt.Errorf("authorization-mode ABAC's authorization policy file not passed")) - } - if mode == authzmodes.ModeWebhook && o.WebhookConfigFile == "" { - allErrors = append(allErrors, fmt.Errorf("authorization-mode Webhook's authorization config file not passed")) - } - } - - if o.PolicyFile != "" && !modes.Has(authzmodes.ModeABAC) { - allErrors = append(allErrors, fmt.Errorf("cannot specify --authorization-policy-file without mode ABAC")) - } - - if o.WebhookConfigFile != "" && !modes.Has(authzmodes.ModeWebhook) { - allErrors = append(allErrors, fmt.Errorf("cannot specify --authorization-webhook-config-file without mode Webhook")) - } - - if len(o.Modes) != modes.Len() { - allErrors = append(allErrors, fmt.Errorf("authorization-mode %q has mode specified more than once", o.Modes)) - } - - if o.WebhookRetryBackoff != nil && o.WebhookRetryBackoff.Steps <= 0 { - allErrors = append(allErrors, fmt.Errorf("number of webhook retry attempts must be greater than 0, but is: %d", o.WebhookRetryBackoff.Steps)) - } - - return allErrors -} - -// AddFlags returns flags of authorization for a API Server -func (o *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringSliceVar(&o.Modes, "authorization-mode", o.Modes, ""+ - "Ordered list of plug-ins to do authorization on secure port. Comma-delimited list of: "+ - strings.Join(authzmodes.AuthorizationModeChoices, ",")+".") - - fs.StringVar(&o.PolicyFile, "authorization-policy-file", o.PolicyFile, ""+ - "File with authorization policy in json line by line format, used with --authorization-mode=ABAC, on the secure port.") - - fs.StringVar(&o.WebhookConfigFile, "authorization-webhook-config-file", o.WebhookConfigFile, ""+ - "File with webhook configuration in kubeconfig format, used with --authorization-mode=Webhook. "+ - "The API server will query the remote service to determine access on the API server's secure port.") - - fs.StringVar(&o.WebhookVersion, "authorization-webhook-version", o.WebhookVersion, ""+ - "The API version of the authorization.k8s.io SubjectAccessReview to send to and expect from the webhook.") - - fs.DurationVar(&o.WebhookCacheAuthorizedTTL, "authorization-webhook-cache-authorized-ttl", - o.WebhookCacheAuthorizedTTL, - "The duration to cache 'authorized' responses from the webhook authorizer.") - - fs.DurationVar(&o.WebhookCacheUnauthorizedTTL, - "authorization-webhook-cache-unauthorized-ttl", o.WebhookCacheUnauthorizedTTL, - "The duration to cache 'unauthorized' responses from the webhook authorizer.") -} - -// ToAuthorizationConfig convert BuiltInAuthorizationOptions to authorizer.Config -func (o *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config { - return authorizer.Config{ - AuthorizationModes: o.Modes, - PolicyFile: o.PolicyFile, - WebhookConfigFile: o.WebhookConfigFile, - WebhookVersion: o.WebhookVersion, - WebhookCacheAuthorizedTTL: o.WebhookCacheAuthorizedTTL, - WebhookCacheUnauthorizedTTL: o.WebhookCacheUnauthorizedTTL, - VersionedInformerFactory: versionedInformerFactory, - WebhookRetryBackoff: o.WebhookRetryBackoff, - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/cloudprovider.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/cloudprovider.go deleted file mode 100644 index 9df580ac81..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/cloudprovider.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "github.com/spf13/pflag" -) - -// CloudProviderOptions contains cloud provider config -type CloudProviderOptions struct { - CloudConfigFile string - CloudProvider string -} - -// NewCloudProviderOptions creates a default CloudProviderOptions -func NewCloudProviderOptions() *CloudProviderOptions { - return &CloudProviderOptions{} -} - -// Validate checks invalid config -func (s *CloudProviderOptions) Validate() []error { - allErrors := []error{} - return allErrors -} - -// AddFlags returns flags of cloud provider for a API Server -func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringVar(&s.CloudProvider, "cloud-provider", s.CloudProvider, - "The provider for cloud services. Empty string for no provider.") - - fs.StringVar(&s.CloudConfigFile, "cloud-config", s.CloudConfigFile, - "The path to the cloud provider configuration file. Empty string for no configuration file.") -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/options.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/options.go deleted file mode 100644 index 7f172208bc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/options.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "net" - - utilnet "k8s.io/apimachinery/pkg/util/net" - netutils "k8s.io/utils/net" -) - -// DefaultServiceNodePortRange is the default port range for NodePort services. -var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768} - -// DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs -var DefaultServiceIPCIDR = net.IPNet{IP: netutils.ParseIPSloppy("10.0.0.0"), Mask: net.CIDRMask(24, 32)} - -// DefaultEtcdPathPrefix is the default key prefix of etcd for API Server -const DefaultEtcdPathPrefix = "/registry" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/plugins.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/plugins.go deleted file mode 100644 index ddca695345..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/plugins.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -// This file exists to force the desired plugin implementations to be linked. -// This should probably be part of some configuration fed into the build for a -// given binary target. -import ( - "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy" - // Admission policies - "k8s.io/kubernetes/plugin/pkg/admission/admit" - "k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages" - "k8s.io/kubernetes/plugin/pkg/admission/antiaffinity" - certapproval "k8s.io/kubernetes/plugin/pkg/admission/certificates/approval" - certsigning "k8s.io/kubernetes/plugin/pkg/admission/certificates/signing" - certsubjectrestriction "k8s.io/kubernetes/plugin/pkg/admission/certificates/subjectrestriction" - "k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds" - "k8s.io/kubernetes/plugin/pkg/admission/deny" - "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit" - "k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration" - "k8s.io/kubernetes/plugin/pkg/admission/gc" - "k8s.io/kubernetes/plugin/pkg/admission/imagepolicy" - "k8s.io/kubernetes/plugin/pkg/admission/limitranger" - "k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision" - "k8s.io/kubernetes/plugin/pkg/admission/namespace/exists" - "k8s.io/kubernetes/plugin/pkg/admission/network/defaultingressclass" - "k8s.io/kubernetes/plugin/pkg/admission/network/denyserviceexternalips" - "k8s.io/kubernetes/plugin/pkg/admission/noderestriction" - "k8s.io/kubernetes/plugin/pkg/admission/nodetaint" - "k8s.io/kubernetes/plugin/pkg/admission/podnodeselector" - "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction" - podpriority "k8s.io/kubernetes/plugin/pkg/admission/priority" - "k8s.io/kubernetes/plugin/pkg/admission/runtimeclass" - "k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity" - "k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny" - "k8s.io/kubernetes/plugin/pkg/admission/serviceaccount" - "k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label" - "k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize" - "k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault" - "k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle" - "k8s.io/apiserver/pkg/admission/plugin/resourcequota" - mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating" - validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating" -) - -// AllOrderedPlugins is the list of all the plugins in order. -var AllOrderedPlugins = []string{ - admit.PluginName, // AlwaysAdmit - autoprovision.PluginName, // NamespaceAutoProvision - lifecycle.PluginName, // NamespaceLifecycle - exists.PluginName, // NamespaceExists - scdeny.PluginName, // SecurityContextDeny - antiaffinity.PluginName, // LimitPodHardAntiAffinityTopology - limitranger.PluginName, // LimitRanger - serviceaccount.PluginName, // ServiceAccount - noderestriction.PluginName, // NodeRestriction - nodetaint.PluginName, // TaintNodesByCondition - alwayspullimages.PluginName, // AlwaysPullImages - imagepolicy.PluginName, // ImagePolicyWebhook - podsecurity.PluginName, // PodSecurity - podnodeselector.PluginName, // PodNodeSelector - podpriority.PluginName, // Priority - defaulttolerationseconds.PluginName, // DefaultTolerationSeconds - podtolerationrestriction.PluginName, // PodTolerationRestriction - eventratelimit.PluginName, // EventRateLimit - extendedresourcetoleration.PluginName, // ExtendedResourceToleration - label.PluginName, // PersistentVolumeLabel - setdefault.PluginName, // DefaultStorageClass - storageobjectinuseprotection.PluginName, // StorageObjectInUseProtection - gc.PluginName, // OwnerReferencesPermissionEnforcement - resize.PluginName, // PersistentVolumeClaimResize - runtimeclass.PluginName, // RuntimeClass - certapproval.PluginName, // CertificateApproval - certsigning.PluginName, // CertificateSigning - certsubjectrestriction.PluginName, // CertificateSubjectRestriction - defaultingressclass.PluginName, // DefaultIngressClass - denyserviceexternalips.PluginName, // DenyServiceExternalIPs - - // new admission plugins should generally be inserted above here - // webhook, resourcequota, and deny plugins must go at the end - - mutatingwebhook.PluginName, // MutatingAdmissionWebhook - validatingadmissionpolicy.PluginName, // ValidatingAdmissionPolicy - validatingwebhook.PluginName, // ValidatingAdmissionWebhook - resourcequota.PluginName, // ResourceQuota - deny.PluginName, // AlwaysDeny -} - -// RegisterAllAdmissionPlugins registers all admission plugins. -// The order of registration is irrelevant, see AllOrderedPlugins for execution order. -func RegisterAllAdmissionPlugins(plugins *admission.Plugins) { - admit.Register(plugins) // DEPRECATED as no real meaning - alwayspullimages.Register(plugins) - antiaffinity.Register(plugins) - defaulttolerationseconds.Register(plugins) - defaultingressclass.Register(plugins) - denyserviceexternalips.Register(plugins) - deny.Register(plugins) // DEPRECATED as no real meaning - eventratelimit.Register(plugins) - extendedresourcetoleration.Register(plugins) - gc.Register(plugins) - imagepolicy.Register(plugins) - limitranger.Register(plugins) - autoprovision.Register(plugins) - exists.Register(plugins) - noderestriction.Register(plugins) - nodetaint.Register(plugins) - label.Register(plugins) // DEPRECATED, future PVs should not rely on labels for zone topology - podnodeselector.Register(plugins) - podtolerationrestriction.Register(plugins) - runtimeclass.Register(plugins) - resourcequota.Register(plugins) - podsecurity.Register(plugins) - podpriority.Register(plugins) - scdeny.Register(plugins) - serviceaccount.Register(plugins) - setdefault.Register(plugins) - resize.Register(plugins) - storageobjectinuseprotection.Register(plugins) - certapproval.Register(plugins) - certsigning.Register(plugins) - certsubjectrestriction.Register(plugins) -} - -// DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver. -func DefaultOffAdmissionPlugins() sets.String { - defaultOnPlugins := sets.NewString( - lifecycle.PluginName, // NamespaceLifecycle - limitranger.PluginName, // LimitRanger - serviceaccount.PluginName, // ServiceAccount - setdefault.PluginName, // DefaultStorageClass - resize.PluginName, // PersistentVolumeClaimResize - defaulttolerationseconds.PluginName, // DefaultTolerationSeconds - mutatingwebhook.PluginName, // MutatingAdmissionWebhook - validatingwebhook.PluginName, // ValidatingAdmissionWebhook - resourcequota.PluginName, // ResourceQuota - storageobjectinuseprotection.PluginName, // StorageObjectInUseProtection - podpriority.PluginName, // Priority - nodetaint.PluginName, // TaintNodesByCondition - runtimeclass.PluginName, // RuntimeClass - certapproval.PluginName, // CertificateApproval - certsigning.PluginName, // CertificateSigning - certsubjectrestriction.PluginName, // CertificateSubjectRestriction - defaultingressclass.PluginName, // DefaultIngressClass - podsecurity.PluginName, // PodSecurity - validatingadmissionpolicy.PluginName, // ValidatingAdmissionPolicy, only active when feature gate ValidatingAdmissionPolicy is enabled - ) - - return sets.NewString(AllOrderedPlugins...).Difference(defaultOnPlugins) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/serving.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/serving.go deleted file mode 100644 index 29d9415d41..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/serving.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package options contains flags and options for initializing kube-apiserver -package options - -import ( - genericoptions "k8s.io/apiserver/pkg/server/options" - netutils "k8s.io/utils/net" -) - -// NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by -// "normal" API servers running on the platform -func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback { - o := genericoptions.SecureServingOptions{ - BindAddress: netutils.ParseIPSloppy("0.0.0.0"), - BindPort: 6443, - Required: true, - ServerCert: genericoptions.GeneratableKeyCert{ - PairName: "apiserver", - CertDirectory: "/var/run/kubernetes", - }, - } - return o.WithLoopback() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubelet/client/kubelet_client.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubelet/client/kubelet_client.go deleted file mode 100644 index a377d5c14f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubelet/client/kubelet_client.go +++ /dev/null @@ -1,227 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package client - -import ( - "context" - "fmt" - "net/http" - "strconv" - "time" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/server/egressselector" - restclient "k8s.io/client-go/rest" - "k8s.io/client-go/transport" - nodeutil "k8s.io/kubernetes/pkg/util/node" -) - -// KubeletClientConfig defines config parameters for the kubelet client -type KubeletClientConfig struct { - // Port specifies the default port - used if no information about Kubelet port can be found in Node.NodeStatus.DaemonEndpoints. - Port uint - - // ReadOnlyPort specifies the Port for ReadOnly communications. - ReadOnlyPort uint - - // PreferredAddressTypes - used to select an address from Node.NodeStatus.Addresses - PreferredAddressTypes []string - - // TLSClientConfig contains settings to enable transport layer security - restclient.TLSClientConfig - - // Server requires Bearer authentication - BearerToken string `datapolicy:"token"` - - // HTTPTimeout is used by the client to timeout http requests to Kubelet. - HTTPTimeout time.Duration - - // Dial is a custom dialer used for the client - Dial utilnet.DialFunc - - // Lookup will give us a dialer if the egress selector is configured for it - Lookup egressselector.Lookup -} - -// ConnectionInfo provides the information needed to connect to a kubelet -type ConnectionInfo struct { - Scheme string - Hostname string - Port string - Transport http.RoundTripper - InsecureSkipTLSVerifyTransport http.RoundTripper -} - -// ConnectionInfoGetter provides ConnectionInfo for the kubelet running on a named node -type ConnectionInfoGetter interface { - GetConnectionInfo(ctx context.Context, nodeName types.NodeName) (*ConnectionInfo, error) -} - -// MakeTransport creates a secure RoundTripper for HTTP Transport. -func MakeTransport(config *KubeletClientConfig) (http.RoundTripper, error) { - return makeTransport(config, false) -} - -// MakeInsecureTransport creates an insecure RoundTripper for HTTP Transport. -func MakeInsecureTransport(config *KubeletClientConfig) (http.RoundTripper, error) { - return makeTransport(config, true) -} - -// makeTransport creates a RoundTripper for HTTP Transport. -func makeTransport(config *KubeletClientConfig, insecureSkipTLSVerify bool) (http.RoundTripper, error) { - // do the insecureSkipTLSVerify on the pre-transport *before* we go get a potentially cached connection. - // transportConfig always produces a new struct pointer. - preTLSConfig := config.transportConfig() - if insecureSkipTLSVerify && preTLSConfig != nil { - preTLSConfig.TLS.Insecure = true - preTLSConfig.TLS.CAData = nil - preTLSConfig.TLS.CAFile = "" - } - - tlsConfig, err := transport.TLSConfigFor(preTLSConfig) - if err != nil { - return nil, err - } - - rt := http.DefaultTransport - dialer := config.Dial - if dialer == nil && config.Lookup != nil { - // Assuming EgressSelector if SSHTunnel is not turned on. - // We will not get a dialer if egress selector is disabled. - networkContext := egressselector.Cluster.AsNetworkContext() - dialer, err = config.Lookup(networkContext) - if err != nil { - return nil, fmt.Errorf("failed to get context dialer for 'cluster': got %v", err) - } - } - if dialer != nil || tlsConfig != nil { - // If SSH Tunnel is turned on - rt = utilnet.SetOldTransportDefaults(&http.Transport{ - DialContext: dialer, - TLSClientConfig: tlsConfig, - }) - } - - return transport.HTTPWrappersForConfig(config.transportConfig(), rt) -} - -// transportConfig converts a client config to an appropriate transport config. -func (c *KubeletClientConfig) transportConfig() *transport.Config { - cfg := &transport.Config{ - TLS: transport.TLSConfig{ - CAFile: c.CAFile, - CAData: c.CAData, - CertFile: c.CertFile, - CertData: c.CertData, - KeyFile: c.KeyFile, - KeyData: c.KeyData, - NextProtos: c.NextProtos, - }, - BearerToken: c.BearerToken, - } - if !cfg.HasCA() { - cfg.TLS.Insecure = true - } - return cfg -} - -// NodeGetter defines an interface for looking up a node by name -type NodeGetter interface { - Get(ctx context.Context, name string, options metav1.GetOptions) (*v1.Node, error) -} - -// NodeGetterFunc allows implementing NodeGetter with a function -type NodeGetterFunc func(ctx context.Context, name string, options metav1.GetOptions) (*v1.Node, error) - -// Get fetches information via NodeGetterFunc. -func (f NodeGetterFunc) Get(ctx context.Context, name string, options metav1.GetOptions) (*v1.Node, error) { - return f(ctx, name, options) -} - -// NodeConnectionInfoGetter obtains connection info from the status of a Node API object -type NodeConnectionInfoGetter struct { - // nodes is used to look up Node objects - nodes NodeGetter - // scheme is the scheme to use to connect to all kubelets - scheme string - // defaultPort is the port to use if no Kubelet endpoint port is recorded in the node status - defaultPort int - // transport is the transport to use to send a request to all kubelets - transport http.RoundTripper - // insecureSkipTLSVerifyTransport is the transport to use if the kube-apiserver wants to skip verifying the TLS certificate of the kubelet - insecureSkipTLSVerifyTransport http.RoundTripper - // preferredAddressTypes specifies the preferred order to use to find a node address - preferredAddressTypes []v1.NodeAddressType -} - -// NewNodeConnectionInfoGetter creates a new NodeConnectionInfoGetter. -func NewNodeConnectionInfoGetter(nodes NodeGetter, config KubeletClientConfig) (ConnectionInfoGetter, error) { - transport, err := MakeTransport(&config) - if err != nil { - return nil, err - } - insecureSkipTLSVerifyTransport, err := MakeInsecureTransport(&config) - if err != nil { - return nil, err - } - - types := []v1.NodeAddressType{} - for _, t := range config.PreferredAddressTypes { - types = append(types, v1.NodeAddressType(t)) - } - - return &NodeConnectionInfoGetter{ - nodes: nodes, - scheme: "https", - defaultPort: int(config.Port), - transport: transport, - insecureSkipTLSVerifyTransport: insecureSkipTLSVerifyTransport, - - preferredAddressTypes: types, - }, nil -} - -// GetConnectionInfo retrieves connection info from the status of a Node API object. -func (k *NodeConnectionInfoGetter) GetConnectionInfo(ctx context.Context, nodeName types.NodeName) (*ConnectionInfo, error) { - node, err := k.nodes.Get(ctx, string(nodeName), metav1.GetOptions{}) - if err != nil { - return nil, err - } - - // Find a kubelet-reported address, using preferred address type - host, err := nodeutil.GetPreferredNodeAddress(node, k.preferredAddressTypes) - if err != nil { - return nil, err - } - - // Use the kubelet-reported port, if present - port := int(node.Status.DaemonEndpoints.KubeletEndpoint.Port) - if port <= 0 { - port = k.defaultPort - } - - return &ConnectionInfo{ - Scheme: k.scheme, - Hostname: host, - Port: strconv.Itoa(port), - Transport: k.transport, - InsecureSkipTLSVerifyTransport: k.insecureSkipTLSVerifyTransport, - }, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/kubelet/server/metrics/metrics.go b/etcd/vendor/k8s.io/kubernetes/pkg/kubelet/server/metrics/metrics.go deleted file mode 100644 index e9a2b5fca7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/kubelet/server/metrics/metrics.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "sync" - "time" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const ( - kubeletSubsystem = "kubelet" -) - -var ( - // HTTPRequests tracks the number of the http requests received since the server started. - HTTPRequests = metrics.NewCounterVec( - &metrics.CounterOpts{ - Subsystem: kubeletSubsystem, - Name: "http_requests_total", - Help: "Number of the http requests received since the server started", - StabilityLevel: metrics.ALPHA, - }, - // server_type aims to differentiate the readonly server and the readwrite server. - // long_running marks whether the request is long-running or not. - // Currently, long-running requests include exec/attach/portforward/debug. - []string{"method", "path", "server_type", "long_running"}, - ) - // HTTPRequestsDuration tracks the duration in seconds to serve http requests. - HTTPRequestsDuration = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Subsystem: kubeletSubsystem, - Name: "http_requests_duration_seconds", - Help: "Duration in seconds to serve http requests", - // Use DefBuckets for now, will customize the buckets if necessary. - Buckets: metrics.DefBuckets, - StabilityLevel: metrics.ALPHA, - }, - []string{"method", "path", "server_type", "long_running"}, - ) - // HTTPInflightRequests tracks the number of the inflight http requests. - HTTPInflightRequests = metrics.NewGaugeVec( - &metrics.GaugeOpts{ - Subsystem: kubeletSubsystem, - Name: "http_inflight_requests", - Help: "Number of the inflight http requests", - StabilityLevel: metrics.ALPHA, - }, - []string{"method", "path", "server_type", "long_running"}, - ) - // VolumeStatCalDuration tracks the duration in seconds to calculate volume stats. - // this metric is mainly for comparison between fsquota monitoring and `du` for disk usage. - VolumeStatCalDuration = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Subsystem: kubeletSubsystem, - Name: "volume_metric_collection_duration_seconds", - Help: "Duration in seconds to calculate volume stats", - Buckets: metrics.DefBuckets, - StabilityLevel: metrics.ALPHA, - }, - []string{"metric_source"}, - ) -) - -var registerMetrics sync.Once - -// Register all metrics. -func Register() { - registerMetrics.Do(func() { - legacyregistry.MustRegister(HTTPRequests) - legacyregistry.MustRegister(HTTPRequestsDuration) - legacyregistry.MustRegister(HTTPInflightRequests) - legacyregistry.MustRegister(VolumeStatCalDuration) - }) -} - -// SinceInSeconds gets the time since the specified start in seconds. -func SinceInSeconds(start time.Time) float64 { - return time.Since(start).Seconds() -} - -// CollectVolumeStatCalDuration collects the duration in seconds to calculate volume stats. -func CollectVolumeStatCalDuration(metricSource string, start time.Time) { - VolumeStatCalDuration.WithLabelValues(metricSource).Observe(SinceInSeconds(start)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/.import-restrictions b/etcd/vendor/k8s.io/kubernetes/pkg/printers/.import-restrictions deleted file mode 100644 index 7c3e43275d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/.import-restrictions +++ /dev/null @@ -1,5 +0,0 @@ -rules: - # Discourage import of k8s.io/kubernetes/pkg/{api|apis} - - selectorRegexp: "k8s[.]io/kubernetes/pkg/(api$|apis/)" - forbiddenPrefixes: - - "" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/printers/OWNERS deleted file mode 100644 index f6484ae81c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - smarterclayton - - sig-cli-maintainers -reviewers: - - smarterclayton - - sig-cli-reviewers diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/interface.go b/etcd/vendor/k8s.io/kubernetes/pkg/printers/interface.go deleted file mode 100644 index 1da68dee21..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/interface.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package printers - -import ( - "io" - - "k8s.io/apimachinery/pkg/runtime" -) - -// ResourcePrinter is an interface that knows how to print runtime objects. -type ResourcePrinter interface { - // Print receives a runtime object, formats it and prints it to a writer. - PrintObj(runtime.Object, io.Writer) error -} - -// ResourcePrinterFunc is a function that can print objects -type ResourcePrinterFunc func(runtime.Object, io.Writer) error - -// PrintObj implements ResourcePrinter -func (fn ResourcePrinterFunc) PrintObj(obj runtime.Object, w io.Writer) error { - return fn(obj, w) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/.import-restrictions b/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/.import-restrictions deleted file mode 100644 index a93b60f96f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/.import-restrictions +++ /dev/null @@ -1,5 +0,0 @@ -rules: - # Allow imports of k8s.io/kubernetes/pkg/{api|apis} - - selectorRegexp: "k8s[.]io/kubernetes/pkg/(api$|apis/)" - allowedPrefixes: - - "" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/import_known_versions.go b/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/import_known_versions.go deleted file mode 100644 index c9c2674475..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/import_known_versions.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internalversion - -import ( - // These imports are the API groups the client will support. - // TODO: Remove these manual install once we don't need legacy scheme in get command - _ "k8s.io/kubernetes/pkg/apis/apps/install" - _ "k8s.io/kubernetes/pkg/apis/authentication/install" - _ "k8s.io/kubernetes/pkg/apis/authorization/install" - _ "k8s.io/kubernetes/pkg/apis/autoscaling/install" - _ "k8s.io/kubernetes/pkg/apis/batch/install" - _ "k8s.io/kubernetes/pkg/apis/certificates/install" - _ "k8s.io/kubernetes/pkg/apis/coordination/install" - _ "k8s.io/kubernetes/pkg/apis/core/install" - _ "k8s.io/kubernetes/pkg/apis/discovery/install" - _ "k8s.io/kubernetes/pkg/apis/events/install" - _ "k8s.io/kubernetes/pkg/apis/extensions/install" - _ "k8s.io/kubernetes/pkg/apis/policy/install" - _ "k8s.io/kubernetes/pkg/apis/rbac/install" - _ "k8s.io/kubernetes/pkg/apis/resource/install" - _ "k8s.io/kubernetes/pkg/apis/scheduling/install" - _ "k8s.io/kubernetes/pkg/apis/storage/install" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/printers.go b/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/printers.go deleted file mode 100644 index 13adc81612..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/internalversion/printers.go +++ /dev/null @@ -1,2970 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internalversion - -import ( - "bytes" - "fmt" - "net" - "sort" - "strconv" - "strings" - "time" - - apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - appsv1beta1 "k8s.io/api/apps/v1beta1" - autoscalingv1 "k8s.io/api/autoscaling/v1" - autoscalingv2beta1 "k8s.io/api/autoscaling/v2beta1" - batchv1 "k8s.io/api/batch/v1" - batchv1beta1 "k8s.io/api/batch/v1beta1" - certificatesv1beta1 "k8s.io/api/certificates/v1beta1" - coordinationv1 "k8s.io/api/coordination/v1" - apiv1 "k8s.io/api/core/v1" - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - networkingv1alpha1 "k8s.io/api/networking/v1alpha1" - policyv1beta1 "k8s.io/api/policy/v1beta1" - rbacv1beta1 "k8s.io/api/rbac/v1beta1" - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - schedulingv1 "k8s.io/api/scheduling/v1" - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/duration" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/client-go/util/certificate/csr" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/apis/apiserverinternal" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/batch" - "k8s.io/kubernetes/pkg/apis/certificates" - "k8s.io/kubernetes/pkg/apis/coordination" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper" - "k8s.io/kubernetes/pkg/apis/discovery" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - apihelpers "k8s.io/kubernetes/pkg/apis/flowcontrol/util" - "k8s.io/kubernetes/pkg/apis/networking" - nodeapi "k8s.io/kubernetes/pkg/apis/node" - "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/apis/scheduling" - "k8s.io/kubernetes/pkg/apis/storage" - storageutil "k8s.io/kubernetes/pkg/apis/storage/util" - "k8s.io/kubernetes/pkg/printers" - "k8s.io/kubernetes/pkg/util/node" -) - -const ( - loadBalancerWidth = 16 - - // labelNodeRolePrefix is a label prefix for node roles - // It's copied over to here until it's merged in core: https://github.com/kubernetes/kubernetes/pull/39112 - labelNodeRolePrefix = "node-role.kubernetes.io/" - - // nodeLabelRole specifies the role of a node - nodeLabelRole = "kubernetes.io/role" -) - -// AddHandlers adds print handlers for default Kubernetes types dealing with internal versions. -// TODO: handle errors from Handler -func AddHandlers(h printers.PrintHandler) { - podColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Ready", Type: "string", Description: "The aggregate readiness state of this pod for accepting traffic."}, - {Name: "Status", Type: "string", Description: "The aggregate status of the containers in this pod."}, - {Name: "Restarts", Type: "string", Description: "The number of times the containers in this pod have been restarted and when the last container in this pod has restarted."}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "IP", Type: "string", Priority: 1, Description: apiv1.PodStatus{}.SwaggerDoc()["podIP"]}, - {Name: "Node", Type: "string", Priority: 1, Description: apiv1.PodSpec{}.SwaggerDoc()["nodeName"]}, - {Name: "Nominated Node", Type: "string", Priority: 1, Description: apiv1.PodStatus{}.SwaggerDoc()["nominatedNodeName"]}, - {Name: "Readiness Gates", Type: "string", Priority: 1, Description: apiv1.PodSpec{}.SwaggerDoc()["readinessGates"]}, - } - h.TableHandler(podColumnDefinitions, printPodList) - h.TableHandler(podColumnDefinitions, printPod) - - podTemplateColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Containers", Type: "string", Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Description: "Images referenced by each container in the template."}, - {Name: "Pod Labels", Type: "string", Description: "The labels for the pod template."}, - } - h.TableHandler(podTemplateColumnDefinitions, printPodTemplate) - h.TableHandler(podTemplateColumnDefinitions, printPodTemplateList) - - podDisruptionBudgetColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Min Available", Type: "string", Description: "The minimum number of pods that must be available."}, - {Name: "Max Unavailable", Type: "string", Description: "The maximum number of pods that may be unavailable."}, - {Name: "Allowed Disruptions", Type: "integer", Description: "Calculated number of pods that may be disrupted at this time."}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(podDisruptionBudgetColumnDefinitions, printPodDisruptionBudget) - h.TableHandler(podDisruptionBudgetColumnDefinitions, printPodDisruptionBudgetList) - - replicationControllerColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Desired", Type: "integer", Description: apiv1.ReplicationControllerSpec{}.SwaggerDoc()["replicas"]}, - {Name: "Current", Type: "integer", Description: apiv1.ReplicationControllerStatus{}.SwaggerDoc()["replicas"]}, - {Name: "Ready", Type: "integer", Description: apiv1.ReplicationControllerStatus{}.SwaggerDoc()["readyReplicas"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Containers", Type: "string", Priority: 1, Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Priority: 1, Description: "Images referenced by each container in the template."}, - {Name: "Selector", Type: "string", Priority: 1, Description: apiv1.ReplicationControllerSpec{}.SwaggerDoc()["selector"]}, - } - h.TableHandler(replicationControllerColumnDefinitions, printReplicationController) - h.TableHandler(replicationControllerColumnDefinitions, printReplicationControllerList) - - replicaSetColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Desired", Type: "integer", Description: extensionsv1beta1.ReplicaSetSpec{}.SwaggerDoc()["replicas"]}, - {Name: "Current", Type: "integer", Description: extensionsv1beta1.ReplicaSetStatus{}.SwaggerDoc()["replicas"]}, - {Name: "Ready", Type: "integer", Description: extensionsv1beta1.ReplicaSetStatus{}.SwaggerDoc()["readyReplicas"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Containers", Type: "string", Priority: 1, Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Priority: 1, Description: "Images referenced by each container in the template."}, - {Name: "Selector", Type: "string", Priority: 1, Description: extensionsv1beta1.ReplicaSetSpec{}.SwaggerDoc()["selector"]}, - } - h.TableHandler(replicaSetColumnDefinitions, printReplicaSet) - h.TableHandler(replicaSetColumnDefinitions, printReplicaSetList) - - daemonSetColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Desired", Type: "integer", Description: extensionsv1beta1.DaemonSetStatus{}.SwaggerDoc()["desiredNumberScheduled"]}, - {Name: "Current", Type: "integer", Description: extensionsv1beta1.DaemonSetStatus{}.SwaggerDoc()["currentNumberScheduled"]}, - {Name: "Ready", Type: "integer", Description: extensionsv1beta1.DaemonSetStatus{}.SwaggerDoc()["numberReady"]}, - {Name: "Up-to-date", Type: "integer", Description: extensionsv1beta1.DaemonSetStatus{}.SwaggerDoc()["updatedNumberScheduled"]}, - {Name: "Available", Type: "integer", Description: extensionsv1beta1.DaemonSetStatus{}.SwaggerDoc()["numberAvailable"]}, - {Name: "Node Selector", Type: "string", Description: apiv1.PodSpec{}.SwaggerDoc()["nodeSelector"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Containers", Type: "string", Priority: 1, Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Priority: 1, Description: "Images referenced by each container in the template."}, - {Name: "Selector", Type: "string", Priority: 1, Description: extensionsv1beta1.DaemonSetSpec{}.SwaggerDoc()["selector"]}, - } - h.TableHandler(daemonSetColumnDefinitions, printDaemonSet) - h.TableHandler(daemonSetColumnDefinitions, printDaemonSetList) - - jobColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Completions", Type: "string", Description: batchv1.JobStatus{}.SwaggerDoc()["succeeded"]}, - {Name: "Duration", Type: "string", Description: "Time required to complete the job."}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Containers", Type: "string", Priority: 1, Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Priority: 1, Description: "Images referenced by each container in the template."}, - {Name: "Selector", Type: "string", Priority: 1, Description: batchv1.JobSpec{}.SwaggerDoc()["selector"]}, - } - h.TableHandler(jobColumnDefinitions, printJob) - h.TableHandler(jobColumnDefinitions, printJobList) - - cronJobColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Schedule", Type: "string", Description: batchv1beta1.CronJobSpec{}.SwaggerDoc()["schedule"]}, - {Name: "Suspend", Type: "boolean", Description: batchv1beta1.CronJobSpec{}.SwaggerDoc()["suspend"]}, - {Name: "Active", Type: "integer", Description: batchv1beta1.CronJobStatus{}.SwaggerDoc()["active"]}, - {Name: "Last Schedule", Type: "string", Description: batchv1beta1.CronJobStatus{}.SwaggerDoc()["lastScheduleTime"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Containers", Type: "string", Priority: 1, Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Priority: 1, Description: "Images referenced by each container in the template."}, - {Name: "Selector", Type: "string", Priority: 1, Description: batchv1.JobSpec{}.SwaggerDoc()["selector"]}, - } - h.TableHandler(cronJobColumnDefinitions, printCronJob) - h.TableHandler(cronJobColumnDefinitions, printCronJobList) - - serviceColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Type", Type: "string", Description: apiv1.ServiceSpec{}.SwaggerDoc()["type"]}, - {Name: "Cluster-IP", Type: "string", Description: apiv1.ServiceSpec{}.SwaggerDoc()["clusterIP"]}, - {Name: "External-IP", Type: "string", Description: apiv1.ServiceSpec{}.SwaggerDoc()["externalIPs"]}, - {Name: "Port(s)", Type: "string", Description: apiv1.ServiceSpec{}.SwaggerDoc()["ports"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Selector", Type: "string", Priority: 1, Description: apiv1.ServiceSpec{}.SwaggerDoc()["selector"]}, - } - - h.TableHandler(serviceColumnDefinitions, printService) - h.TableHandler(serviceColumnDefinitions, printServiceList) - - ingressColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Class", Type: "string", Description: "The name of the IngressClass resource that should be used for additional configuration"}, - {Name: "Hosts", Type: "string", Description: "Hosts that incoming requests are matched against before the ingress rule"}, - {Name: "Address", Type: "string", Description: "Address is a list containing ingress points for the load-balancer"}, - {Name: "Ports", Type: "string", Description: "Ports of TLS configurations that open"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(ingressColumnDefinitions, printIngress) - h.TableHandler(ingressColumnDefinitions, printIngressList) - - ingressClassColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Controller", Type: "string", Description: "Controller that is responsible for handling this class"}, - {Name: "Parameters", Type: "string", Description: "A reference to a resource with additional parameters"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(ingressClassColumnDefinitions, printIngressClass) - h.TableHandler(ingressClassColumnDefinitions, printIngressClassList) - - statefulSetColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Ready", Type: "string", Description: "Number of the pod with ready state"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Containers", Type: "string", Priority: 1, Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Priority: 1, Description: "Images referenced by each container in the template."}, - } - h.TableHandler(statefulSetColumnDefinitions, printStatefulSet) - h.TableHandler(statefulSetColumnDefinitions, printStatefulSetList) - - endpointColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Endpoints", Type: "string", Description: apiv1.Endpoints{}.SwaggerDoc()["subsets"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(endpointColumnDefinitions, printEndpoints) - h.TableHandler(endpointColumnDefinitions, printEndpointsList) - - nodeColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Status", Type: "string", Description: "The status of the node"}, - {Name: "Roles", Type: "string", Description: "The roles of the node"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Version", Type: "string", Description: apiv1.NodeSystemInfo{}.SwaggerDoc()["kubeletVersion"]}, - {Name: "Internal-IP", Type: "string", Priority: 1, Description: apiv1.NodeStatus{}.SwaggerDoc()["addresses"]}, - {Name: "External-IP", Type: "string", Priority: 1, Description: apiv1.NodeStatus{}.SwaggerDoc()["addresses"]}, - {Name: "OS-Image", Type: "string", Priority: 1, Description: apiv1.NodeSystemInfo{}.SwaggerDoc()["osImage"]}, - {Name: "Kernel-Version", Type: "string", Priority: 1, Description: apiv1.NodeSystemInfo{}.SwaggerDoc()["kernelVersion"]}, - {Name: "Container-Runtime", Type: "string", Priority: 1, Description: apiv1.NodeSystemInfo{}.SwaggerDoc()["containerRuntimeVersion"]}, - } - - h.TableHandler(nodeColumnDefinitions, printNode) - h.TableHandler(nodeColumnDefinitions, printNodeList) - - eventColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Last Seen", Type: "string", Description: apiv1.Event{}.SwaggerDoc()["lastTimestamp"]}, - {Name: "Type", Type: "string", Description: apiv1.Event{}.SwaggerDoc()["type"]}, - {Name: "Reason", Type: "string", Description: apiv1.Event{}.SwaggerDoc()["reason"]}, - {Name: "Object", Type: "string", Description: apiv1.Event{}.SwaggerDoc()["involvedObject"]}, - {Name: "Subobject", Type: "string", Priority: 1, Description: apiv1.Event{}.InvolvedObject.SwaggerDoc()["fieldPath"]}, - {Name: "Source", Type: "string", Priority: 1, Description: apiv1.Event{}.SwaggerDoc()["source"]}, - {Name: "Message", Type: "string", Description: apiv1.Event{}.SwaggerDoc()["message"]}, - {Name: "First Seen", Type: "string", Priority: 1, Description: apiv1.Event{}.SwaggerDoc()["firstTimestamp"]}, - {Name: "Count", Type: "string", Priority: 1, Description: apiv1.Event{}.SwaggerDoc()["count"]}, - {Name: "Name", Type: "string", Priority: 1, Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - } - h.TableHandler(eventColumnDefinitions, printEvent) - h.TableHandler(eventColumnDefinitions, printEventList) - - namespaceColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Status", Type: "string", Description: "The status of the namespace"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(namespaceColumnDefinitions, printNamespace) - h.TableHandler(namespaceColumnDefinitions, printNamespaceList) - - secretColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Type", Type: "string", Description: apiv1.Secret{}.SwaggerDoc()["type"]}, - {Name: "Data", Type: "string", Description: apiv1.Secret{}.SwaggerDoc()["data"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(secretColumnDefinitions, printSecret) - h.TableHandler(secretColumnDefinitions, printSecretList) - - serviceAccountColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Secrets", Type: "string", Description: apiv1.ServiceAccount{}.SwaggerDoc()["secrets"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(serviceAccountColumnDefinitions, printServiceAccount) - h.TableHandler(serviceAccountColumnDefinitions, printServiceAccountList) - - persistentVolumeColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Capacity", Type: "string", Description: apiv1.PersistentVolumeSpec{}.SwaggerDoc()["capacity"]}, - {Name: "Access Modes", Type: "string", Description: apiv1.PersistentVolumeSpec{}.SwaggerDoc()["accessModes"]}, - {Name: "Reclaim Policy", Type: "string", Description: apiv1.PersistentVolumeSpec{}.SwaggerDoc()["persistentVolumeReclaimPolicy"]}, - {Name: "Status", Type: "string", Description: apiv1.PersistentVolumeStatus{}.SwaggerDoc()["phase"]}, - {Name: "Claim", Type: "string", Description: apiv1.PersistentVolumeSpec{}.SwaggerDoc()["claimRef"]}, - {Name: "StorageClass", Type: "string", Description: "StorageClass of the pv"}, - {Name: "Reason", Type: "string", Description: apiv1.PersistentVolumeStatus{}.SwaggerDoc()["reason"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "VolumeMode", Type: "string", Priority: 1, Description: apiv1.PersistentVolumeSpec{}.SwaggerDoc()["volumeMode"]}, - } - h.TableHandler(persistentVolumeColumnDefinitions, printPersistentVolume) - h.TableHandler(persistentVolumeColumnDefinitions, printPersistentVolumeList) - - persistentVolumeClaimColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Status", Type: "string", Description: apiv1.PersistentVolumeClaimStatus{}.SwaggerDoc()["phase"]}, - {Name: "Volume", Type: "string", Description: apiv1.PersistentVolumeClaimSpec{}.SwaggerDoc()["volumeName"]}, - {Name: "Capacity", Type: "string", Description: apiv1.PersistentVolumeClaimStatus{}.SwaggerDoc()["capacity"]}, - {Name: "Access Modes", Type: "string", Description: apiv1.PersistentVolumeClaimStatus{}.SwaggerDoc()["accessModes"]}, - {Name: "StorageClass", Type: "string", Description: "StorageClass of the pvc"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "VolumeMode", Type: "string", Priority: 1, Description: apiv1.PersistentVolumeClaimSpec{}.SwaggerDoc()["volumeMode"]}, - } - h.TableHandler(persistentVolumeClaimColumnDefinitions, printPersistentVolumeClaim) - h.TableHandler(persistentVolumeClaimColumnDefinitions, printPersistentVolumeClaimList) - - componentStatusColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Status", Type: "string", Description: "Status of the component conditions"}, - {Name: "Message", Type: "string", Description: "Message of the component conditions"}, - {Name: "Error", Type: "string", Description: "Error of the component conditions"}, - } - h.TableHandler(componentStatusColumnDefinitions, printComponentStatus) - h.TableHandler(componentStatusColumnDefinitions, printComponentStatusList) - - deploymentColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Ready", Type: "string", Description: "Number of the pod with ready state"}, - {Name: "Up-to-date", Type: "string", Description: extensionsv1beta1.DeploymentStatus{}.SwaggerDoc()["updatedReplicas"]}, - {Name: "Available", Type: "string", Description: extensionsv1beta1.DeploymentStatus{}.SwaggerDoc()["availableReplicas"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Containers", Type: "string", Priority: 1, Description: "Names of each container in the template."}, - {Name: "Images", Type: "string", Priority: 1, Description: "Images referenced by each container in the template."}, - {Name: "Selector", Type: "string", Priority: 1, Description: extensionsv1beta1.DeploymentSpec{}.SwaggerDoc()["selector"]}, - } - h.TableHandler(deploymentColumnDefinitions, printDeployment) - h.TableHandler(deploymentColumnDefinitions, printDeploymentList) - - horizontalPodAutoscalerColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Reference", Type: "string", Description: autoscalingv2beta1.HorizontalPodAutoscalerSpec{}.SwaggerDoc()["scaleTargetRef"]}, - {Name: "Targets", Type: "string", Description: autoscalingv2beta1.HorizontalPodAutoscalerSpec{}.SwaggerDoc()["metrics"]}, - {Name: "MinPods", Type: "string", Description: autoscalingv2beta1.HorizontalPodAutoscalerSpec{}.SwaggerDoc()["minReplicas"]}, - {Name: "MaxPods", Type: "string", Description: autoscalingv2beta1.HorizontalPodAutoscalerSpec{}.SwaggerDoc()["maxReplicas"]}, - {Name: "Replicas", Type: "string", Description: autoscalingv2beta1.HorizontalPodAutoscalerStatus{}.SwaggerDoc()["currentReplicas"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(horizontalPodAutoscalerColumnDefinitions, printHorizontalPodAutoscaler) - h.TableHandler(horizontalPodAutoscalerColumnDefinitions, printHorizontalPodAutoscalerList) - - configMapColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Data", Type: "string", Description: apiv1.ConfigMap{}.SwaggerDoc()["data"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(configMapColumnDefinitions, printConfigMap) - h.TableHandler(configMapColumnDefinitions, printConfigMapList) - - podSecurityPolicyColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Priv", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["privileged"]}, - {Name: "Caps", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["allowedCapabilities"]}, - {Name: "SELinux", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["seLinux"]}, - {Name: "RunAsUser", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["runAsUser"]}, - {Name: "FsGroup", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["fsGroup"]}, - {Name: "SupGroup", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["supplementalGroups"]}, - {Name: "ReadOnlyRootFs", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["readOnlyRootFilesystem"]}, - {Name: "Volumes", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["volumes"]}, - } - h.TableHandler(podSecurityPolicyColumnDefinitions, printPodSecurityPolicy) - h.TableHandler(podSecurityPolicyColumnDefinitions, printPodSecurityPolicyList) - - networkPolicyColumnDefinitioins := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Pod-Selector", Type: "string", Description: extensionsv1beta1.NetworkPolicySpec{}.SwaggerDoc()["podSelector"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicy) - h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicyList) - - roleBindingsColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Role", Type: "string", Description: rbacv1beta1.RoleBinding{}.SwaggerDoc()["roleRef"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Users", Type: "string", Priority: 1, Description: "Users in the roleBinding"}, - {Name: "Groups", Type: "string", Priority: 1, Description: "Groups in the roleBinding"}, - {Name: "ServiceAccounts", Type: "string", Priority: 1, Description: "ServiceAccounts in the roleBinding"}, - } - h.TableHandler(roleBindingsColumnDefinitions, printRoleBinding) - h.TableHandler(roleBindingsColumnDefinitions, printRoleBindingList) - - clusterRoleBindingsColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Role", Type: "string", Description: rbacv1beta1.ClusterRoleBinding{}.SwaggerDoc()["roleRef"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Users", Type: "string", Priority: 1, Description: "Users in the clusterRoleBinding"}, - {Name: "Groups", Type: "string", Priority: 1, Description: "Groups in the clusterRoleBinding"}, - {Name: "ServiceAccounts", Type: "string", Priority: 1, Description: "ServiceAccounts in the clusterRoleBinding"}, - } - h.TableHandler(clusterRoleBindingsColumnDefinitions, printClusterRoleBinding) - h.TableHandler(clusterRoleBindingsColumnDefinitions, printClusterRoleBindingList) - - certificateSigningRequestColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "SignerName", Type: "string", Description: certificatesv1beta1.CertificateSigningRequestSpec{}.SwaggerDoc()["signerName"]}, - {Name: "Requestor", Type: "string", Description: certificatesv1beta1.CertificateSigningRequestSpec{}.SwaggerDoc()["request"]}, - {Name: "RequestedDuration", Type: "string", Description: certificatesv1beta1.CertificateSigningRequestSpec{}.SwaggerDoc()["expirationSeconds"]}, - {Name: "Condition", Type: "string", Description: certificatesv1beta1.CertificateSigningRequestStatus{}.SwaggerDoc()["conditions"]}, - } - h.TableHandler(certificateSigningRequestColumnDefinitions, printCertificateSigningRequest) - h.TableHandler(certificateSigningRequestColumnDefinitions, printCertificateSigningRequestList) - - leaseColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Holder", Type: "string", Description: coordinationv1.LeaseSpec{}.SwaggerDoc()["holderIdentity"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(leaseColumnDefinitions, printLease) - h.TableHandler(leaseColumnDefinitions, printLeaseList) - - storageClassColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Provisioner", Type: "string", Description: storagev1.StorageClass{}.SwaggerDoc()["provisioner"]}, - {Name: "ReclaimPolicy", Type: "string", Description: storagev1.StorageClass{}.SwaggerDoc()["reclaimPolicy"]}, - {Name: "VolumeBindingMode", Type: "string", Description: storagev1.StorageClass{}.SwaggerDoc()["volumeBindingMode"]}, - {Name: "AllowVolumeExpansion", Type: "string", Description: storagev1.StorageClass{}.SwaggerDoc()["allowVolumeExpansion"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - - h.TableHandler(storageClassColumnDefinitions, printStorageClass) - h.TableHandler(storageClassColumnDefinitions, printStorageClassList) - - statusColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Status", Type: "string", Description: metav1.Status{}.SwaggerDoc()["status"]}, - {Name: "Reason", Type: "string", Description: metav1.Status{}.SwaggerDoc()["reason"]}, - {Name: "Message", Type: "string", Description: metav1.Status{}.SwaggerDoc()["Message"]}, - } - - h.TableHandler(statusColumnDefinitions, printStatus) - - controllerRevisionColumnDefinition := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Controller", Type: "string", Description: "Controller of the object"}, - {Name: "Revision", Type: "string", Description: appsv1beta1.ControllerRevision{}.SwaggerDoc()["revision"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(controllerRevisionColumnDefinition, printControllerRevision) - h.TableHandler(controllerRevisionColumnDefinition, printControllerRevisionList) - - resourceQuotaColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "Request", Type: "string", Description: "Request represents a minimum amount of cpu/memory that a container may consume."}, - {Name: "Limit", Type: "string", Description: "Limits control the maximum amount of cpu/memory that a container may use independent of contention on the node."}, - } - h.TableHandler(resourceQuotaColumnDefinitions, printResourceQuota) - h.TableHandler(resourceQuotaColumnDefinitions, printResourceQuotaList) - - priorityClassColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Value", Type: "integer", Description: schedulingv1.PriorityClass{}.SwaggerDoc()["value"]}, - {Name: "Global-Default", Type: "boolean", Description: schedulingv1.PriorityClass{}.SwaggerDoc()["globalDefault"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(priorityClassColumnDefinitions, printPriorityClass) - h.TableHandler(priorityClassColumnDefinitions, printPriorityClassList) - - runtimeClassColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Handler", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["handler"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(runtimeClassColumnDefinitions, printRuntimeClass) - h.TableHandler(runtimeClassColumnDefinitions, printRuntimeClassList) - - volumeAttachmentColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Attacher", Type: "string", Format: "name", Description: storagev1.VolumeAttachmentSpec{}.SwaggerDoc()["attacher"]}, - {Name: "PV", Type: "string", Description: storagev1.VolumeAttachmentSource{}.SwaggerDoc()["persistentVolumeName"]}, - {Name: "Node", Type: "string", Description: storagev1.VolumeAttachmentSpec{}.SwaggerDoc()["nodeName"]}, - {Name: "Attached", Type: "boolean", Description: storagev1.VolumeAttachmentStatus{}.SwaggerDoc()["attached"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(volumeAttachmentColumnDefinitions, printVolumeAttachment) - h.TableHandler(volumeAttachmentColumnDefinitions, printVolumeAttachmentList) - - endpointSliceColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "AddressType", Type: "string", Description: discoveryv1beta1.EndpointSlice{}.SwaggerDoc()["addressType"]}, - {Name: "Ports", Type: "string", Description: discoveryv1beta1.EndpointSlice{}.SwaggerDoc()["ports"]}, - {Name: "Endpoints", Type: "string", Description: discoveryv1beta1.EndpointSlice{}.SwaggerDoc()["endpoints"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(endpointSliceColumnDefinitions, printEndpointSlice) - h.TableHandler(endpointSliceColumnDefinitions, printEndpointSliceList) - - csiNodeColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Drivers", Type: "integer", Description: "Drivers indicates the number of CSI drivers registered on the node"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(csiNodeColumnDefinitions, printCSINode) - h.TableHandler(csiNodeColumnDefinitions, printCSINodeList) - - csiDriverColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "AttachRequired", Type: "boolean", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["attachRequired"]}, - {Name: "PodInfoOnMount", Type: "boolean", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["podInfoOnMount"]}, - {Name: "StorageCapacity", Type: "boolean", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["storageCapacity"]}, - } - csiDriverColumnDefinitions = append(csiDriverColumnDefinitions, []metav1.TableColumnDefinition{ - {Name: "TokenRequests", Type: "string", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["tokenRequests"]}, - {Name: "RequiresRepublish", Type: "boolean", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["requiresRepublish"]}, - }...) - - csiDriverColumnDefinitions = append(csiDriverColumnDefinitions, []metav1.TableColumnDefinition{ - {Name: "Modes", Type: "string", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["volumeLifecycleModes"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - }...) - h.TableHandler(csiDriverColumnDefinitions, printCSIDriver) - h.TableHandler(csiDriverColumnDefinitions, printCSIDriverList) - - csiStorageCapacityColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "StorageClassName", Type: "string", Description: storagev1.CSIStorageCapacity{}.SwaggerDoc()["storageClassName"]}, - {Name: "Capacity", Type: "string", Description: storagev1.CSIStorageCapacity{}.SwaggerDoc()["capacity"]}, - } - h.TableHandler(csiStorageCapacityColumnDefinitions, printCSIStorageCapacity) - h.TableHandler(csiStorageCapacityColumnDefinitions, printCSIStorageCapacityList) - - mutatingWebhookColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Webhooks", Type: "integer", Description: "Webhooks indicates the number of webhooks registered in this configuration"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(mutatingWebhookColumnDefinitions, printMutatingWebhook) - h.TableHandler(mutatingWebhookColumnDefinitions, printMutatingWebhookList) - - validatingWebhookColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Webhooks", Type: "integer", Description: "Webhooks indicates the number of webhooks registered in this configuration"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(validatingWebhookColumnDefinitions, printValidatingWebhook) - h.TableHandler(validatingWebhookColumnDefinitions, printValidatingWebhookList) - - validatingAdmissionPolicy := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Validations", Type: "integer", Description: "Validations indicates the number of validation rules defined in this configuration"}, - {Name: "ParamKind", Type: "string", Description: "ParamKind specifies the kind of resources used to parameterize this policy"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(validatingAdmissionPolicy, printValidatingAdmissionPolicy) - h.TableHandler(validatingAdmissionPolicy, printValidatingAdmissionPolicyList) - - validatingAdmissionPolicyBinding := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "PolicyName", Type: "string", Description: "PolicyName indicates the policy definition which the policy binding binded to"}, - {Name: "ParamRef", Type: "string", Description: "ParamRef indicates the param resource which sets the configration param"}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(validatingAdmissionPolicyBinding, printValidatingAdmissionPolicyBinding) - h.TableHandler(validatingAdmissionPolicyBinding, printValidatingAdmissionPolicyBindingList) - - flowSchemaColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "PriorityLevel", Type: "string", Description: flowcontrolv1beta3.PriorityLevelConfigurationReference{}.SwaggerDoc()["name"]}, - {Name: "MatchingPrecedence", Type: "string", Description: flowcontrolv1beta3.FlowSchemaSpec{}.SwaggerDoc()["matchingPrecedence"]}, - {Name: "DistinguisherMethod", Type: "string", Description: flowcontrolv1beta3.FlowSchemaSpec{}.SwaggerDoc()["distinguisherMethod"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "MissingPL", Type: "string", Description: "references a broken or non-existent PriorityLevelConfiguration"}, - } - h.TableHandler(flowSchemaColumnDefinitions, printFlowSchema) - h.TableHandler(flowSchemaColumnDefinitions, printFlowSchemaList) - - priorityLevelColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Type", Type: "string", Description: flowcontrolv1beta3.PriorityLevelConfigurationSpec{}.SwaggerDoc()["type"]}, - {Name: "NominalConcurrencyShares", Type: "string", Description: flowcontrolv1beta3.LimitedPriorityLevelConfiguration{}.SwaggerDoc()["nominalConcurrencyShares"]}, - {Name: "Queues", Type: "string", Description: flowcontrolv1beta3.QueuingConfiguration{}.SwaggerDoc()["queues"]}, - {Name: "HandSize", Type: "string", Description: flowcontrolv1beta3.QueuingConfiguration{}.SwaggerDoc()["handSize"]}, - {Name: "QueueLengthLimit", Type: "string", Description: flowcontrolv1beta3.QueuingConfiguration{}.SwaggerDoc()["queueLengthLimit"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(priorityLevelColumnDefinitions, printPriorityLevelConfiguration) - h.TableHandler(priorityLevelColumnDefinitions, printPriorityLevelConfigurationList) - - storageVersionColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "CommonEncodingVersion", Type: "string", Description: apiserverinternalv1alpha1.StorageVersionStatus{}.SwaggerDoc()["commonEncodingVersion"]}, - {Name: "StorageVersions", Type: "string", Description: apiserverinternalv1alpha1.StorageVersionStatus{}.SwaggerDoc()["storageVersions"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(storageVersionColumnDefinitions, printStorageVersion) - h.TableHandler(storageVersionColumnDefinitions, printStorageVersionList) - - scaleColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "Desired", Type: "integer", Description: autoscalingv1.ScaleSpec{}.SwaggerDoc()["replicas"]}, - {Name: "Available", Type: "integer", Description: autoscalingv1.ScaleStatus{}.SwaggerDoc()["replicas"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - h.TableHandler(scaleColumnDefinitions, printScale) - - clusterCIDRColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "PerNodeHostBits", Type: "string", Description: networkingv1alpha1.ClusterCIDRSpec{}.SwaggerDoc()["perNodeHostBits"]}, - {Name: "IPv4", Type: "string", Description: networkingv1alpha1.ClusterCIDRSpec{}.SwaggerDoc()["ipv4"]}, - {Name: "IPv6", Type: "string", Description: networkingv1alpha1.ClusterCIDRSpec{}.SwaggerDoc()["ipv6"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - {Name: "NodeSelector", Type: "string", Priority: 1, Description: networkingv1alpha1.ClusterCIDRSpec{}.SwaggerDoc()["nodeSelector"]}, - } - - h.TableHandler(clusterCIDRColumnDefinitions, printClusterCIDR) - h.TableHandler(clusterCIDRColumnDefinitions, printClusterCIDRList) - - resourceClassColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "DriverName", Type: "string", Description: resourcev1alpha1.ResourceClass{}.SwaggerDoc()["driverName"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - _ = h.TableHandler(resourceClassColumnDefinitions, printResourceClass) - _ = h.TableHandler(resourceClassColumnDefinitions, printResourceClassList) - - resourceClaimColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "ResourceClassName", Type: "string", Description: resourcev1alpha1.ResourceClaimSpec{}.SwaggerDoc()["resourceClassName"]}, - {Name: "AllocationMode", Type: "string", Description: resourcev1alpha1.ResourceClaimSpec{}.SwaggerDoc()["allocationMode"]}, - {Name: "State", Type: "string", Description: "A summary of the current state (allocated, pending, reserved, etc.)."}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - _ = h.TableHandler(resourceClaimColumnDefinitions, printResourceClaim) - _ = h.TableHandler(resourceClaimColumnDefinitions, printResourceClaimList) - - resourceClaimTemplateColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "ResourceClassName", Type: "string", Description: resourcev1alpha1.ResourceClaimSpec{}.SwaggerDoc()["resourceClassName"]}, - {Name: "AllocationMode", Type: "string", Description: resourcev1alpha1.ResourceClaimSpec{}.SwaggerDoc()["allocationMode"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - _ = h.TableHandler(resourceClaimTemplateColumnDefinitions, printResourceClaimTemplate) - _ = h.TableHandler(resourceClaimTemplateColumnDefinitions, printResourceClaimTemplateList) - - podSchedulingColumnDefinitions := []metav1.TableColumnDefinition{ - {Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]}, - {Name: "SelectedNode", Type: "string", Description: resourcev1alpha1.PodSchedulingSpec{}.SwaggerDoc()["selectedNode"]}, - {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, - } - _ = h.TableHandler(podSchedulingColumnDefinitions, printPodScheduling) - _ = h.TableHandler(podSchedulingColumnDefinitions, printPodSchedulingList) -} - -// Pass ports=nil for all ports. -func formatEndpoints(endpoints *api.Endpoints, ports sets.String) string { - if len(endpoints.Subsets) == 0 { - return "<none>" - } - list := []string{} - max := 3 - more := false - count := 0 - for i := range endpoints.Subsets { - ss := &endpoints.Subsets[i] - if len(ss.Ports) == 0 { - // It's possible to have headless services with no ports. - count += len(ss.Addresses) - for i := range ss.Addresses { - if len(list) == max { - more = true - // the next loop is redundant - break - } - list = append(list, ss.Addresses[i].IP) - } - // avoid nesting code too deeply - continue - } - - // "Normal" services with ports defined. - for i := range ss.Ports { - port := &ss.Ports[i] - if ports == nil || ports.Has(port.Name) { - count += len(ss.Addresses) - for i := range ss.Addresses { - if len(list) == max { - more = true - // the next loop is redundant - break - } - addr := &ss.Addresses[i] - hostPort := net.JoinHostPort(addr.IP, strconv.Itoa(int(port.Port))) - list = append(list, hostPort) - } - } - } - } - - ret := strings.Join(list, ",") - if more { - return fmt.Sprintf("%s + %d more...", ret, count-max) - } - return ret -} - -func formatDiscoveryPorts(ports []discovery.EndpointPort) string { - list := []string{} - max := 3 - more := false - count := 0 - for _, port := range ports { - if len(list) < max { - portNum := "*" - if port.Port != nil { - portNum = strconv.Itoa(int(*port.Port)) - } else if port.Name != nil { - portNum = *port.Name - } - list = append(list, portNum) - } else if len(list) == max { - more = true - } - count++ - } - return listWithMoreString(list, more, count, max) -} - -func formatDiscoveryEndpoints(endpoints []discovery.Endpoint) string { - list := []string{} - max := 3 - more := false - count := 0 - for _, endpoint := range endpoints { - for _, address := range endpoint.Addresses { - if len(list) < max { - list = append(list, address) - } else if len(list) == max { - more = true - } - count++ - } - } - return listWithMoreString(list, more, count, max) -} - -func listWithMoreString(list []string, more bool, count, max int) string { - ret := strings.Join(list, ",") - if more { - return fmt.Sprintf("%s + %d more...", ret, count-max) - } - if ret == "" { - ret = "<unset>" - } - return ret -} - -// translateMicroTimestampSince returns the elapsed time since timestamp in -// human-readable approximation. -func translateMicroTimestampSince(timestamp metav1.MicroTime) string { - if timestamp.IsZero() { - return "<unknown>" - } - - return duration.HumanDuration(time.Since(timestamp.Time)) -} - -// translateTimestampSince returns the elapsed time since timestamp in -// human-readable approximation. -func translateTimestampSince(timestamp metav1.Time) string { - if timestamp.IsZero() { - return "<unknown>" - } - - return duration.HumanDuration(time.Since(timestamp.Time)) -} - -// translateTimestampUntil returns the elapsed time until timestamp in -// human-readable approximation. -func translateTimestampUntil(timestamp metav1.Time) string { - if timestamp.IsZero() { - return "<unknown>" - } - - return duration.HumanDuration(time.Until(timestamp.Time)) -} - -var ( - podSuccessConditions = []metav1.TableRowCondition{{Type: metav1.RowCompleted, Status: metav1.ConditionTrue, Reason: string(api.PodSucceeded), Message: "The pod has completed successfully."}} - podFailedConditions = []metav1.TableRowCondition{{Type: metav1.RowCompleted, Status: metav1.ConditionTrue, Reason: string(api.PodFailed), Message: "The pod failed."}} -) - -func printPodList(podList *api.PodList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(podList.Items)) - for i := range podList.Items { - r, err := printPod(&podList.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPod(pod *api.Pod, options printers.GenerateOptions) ([]metav1.TableRow, error) { - restarts := 0 - totalContainers := len(pod.Spec.Containers) - readyContainers := 0 - lastRestartDate := metav1.NewTime(time.Time{}) - - reason := string(pod.Status.Phase) - if pod.Status.Reason != "" { - reason = pod.Status.Reason - } - - // If the Pod carries {type:PodScheduled, reason:WaitingForGates}, set reason to 'SchedulingGated'. - for _, condition := range pod.Status.Conditions { - if condition.Type == api.PodScheduled && condition.Reason == api.PodReasonSchedulingGated { - reason = api.PodReasonSchedulingGated - } - } - - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: pod}, - } - - switch pod.Status.Phase { - case api.PodSucceeded: - row.Conditions = podSuccessConditions - case api.PodFailed: - row.Conditions = podFailedConditions - } - - initializing := false - for i := range pod.Status.InitContainerStatuses { - container := pod.Status.InitContainerStatuses[i] - restarts += int(container.RestartCount) - if container.LastTerminationState.Terminated != nil { - terminatedDate := container.LastTerminationState.Terminated.FinishedAt - if lastRestartDate.Before(&terminatedDate) { - lastRestartDate = terminatedDate - } - } - switch { - case container.State.Terminated != nil && container.State.Terminated.ExitCode == 0: - continue - case container.State.Terminated != nil: - // initialization is failed - if len(container.State.Terminated.Reason) == 0 { - if container.State.Terminated.Signal != 0 { - reason = fmt.Sprintf("Init:Signal:%d", container.State.Terminated.Signal) - } else { - reason = fmt.Sprintf("Init:ExitCode:%d", container.State.Terminated.ExitCode) - } - } else { - reason = "Init:" + container.State.Terminated.Reason - } - initializing = true - case container.State.Waiting != nil && len(container.State.Waiting.Reason) > 0 && container.State.Waiting.Reason != "PodInitializing": - reason = "Init:" + container.State.Waiting.Reason - initializing = true - default: - reason = fmt.Sprintf("Init:%d/%d", i, len(pod.Spec.InitContainers)) - initializing = true - } - break - } - if !initializing { - restarts = 0 - hasRunning := false - for i := len(pod.Status.ContainerStatuses) - 1; i >= 0; i-- { - container := pod.Status.ContainerStatuses[i] - - restarts += int(container.RestartCount) - if container.LastTerminationState.Terminated != nil { - terminatedDate := container.LastTerminationState.Terminated.FinishedAt - if lastRestartDate.Before(&terminatedDate) { - lastRestartDate = terminatedDate - } - } - if container.State.Waiting != nil && container.State.Waiting.Reason != "" { - reason = container.State.Waiting.Reason - } else if container.State.Terminated != nil && container.State.Terminated.Reason != "" { - reason = container.State.Terminated.Reason - } else if container.State.Terminated != nil && container.State.Terminated.Reason == "" { - if container.State.Terminated.Signal != 0 { - reason = fmt.Sprintf("Signal:%d", container.State.Terminated.Signal) - } else { - reason = fmt.Sprintf("ExitCode:%d", container.State.Terminated.ExitCode) - } - } else if container.Ready && container.State.Running != nil { - hasRunning = true - readyContainers++ - } - } - - // change pod status back to "Running" if there is at least one container still reporting as "Running" status - if reason == "Completed" && hasRunning { - if hasPodReadyCondition(pod.Status.Conditions) { - reason = "Running" - } else { - reason = "NotReady" - } - } - } - - if pod.DeletionTimestamp != nil && pod.Status.Reason == node.NodeUnreachablePodReason { - reason = "Unknown" - } else if pod.DeletionTimestamp != nil { - reason = "Terminating" - } - - restartsStr := strconv.Itoa(restarts) - if !lastRestartDate.IsZero() { - restartsStr = fmt.Sprintf("%d (%s ago)", restarts, translateTimestampSince(lastRestartDate)) - } - - row.Cells = append(row.Cells, pod.Name, fmt.Sprintf("%d/%d", readyContainers, totalContainers), reason, restartsStr, translateTimestampSince(pod.CreationTimestamp)) - if options.Wide { - nodeName := pod.Spec.NodeName - nominatedNodeName := pod.Status.NominatedNodeName - podIP := "" - if len(pod.Status.PodIPs) > 0 { - podIP = pod.Status.PodIPs[0].IP - } - - if podIP == "" { - podIP = "<none>" - } - if nodeName == "" { - nodeName = "<none>" - } - if nominatedNodeName == "" { - nominatedNodeName = "<none>" - } - - readinessGates := "<none>" - if len(pod.Spec.ReadinessGates) > 0 { - trueConditions := 0 - for _, readinessGate := range pod.Spec.ReadinessGates { - conditionType := readinessGate.ConditionType - for _, condition := range pod.Status.Conditions { - if condition.Type == conditionType { - if condition.Status == api.ConditionTrue { - trueConditions++ - } - break - } - } - } - readinessGates = fmt.Sprintf("%d/%d", trueConditions, len(pod.Spec.ReadinessGates)) - } - row.Cells = append(row.Cells, podIP, nodeName, nominatedNodeName, readinessGates) - } - - return []metav1.TableRow{row}, nil -} - -func hasPodReadyCondition(conditions []api.PodCondition) bool { - for _, condition := range conditions { - if condition.Type == api.PodReady && condition.Status == api.ConditionTrue { - return true - } - } - return false -} - -func printPodTemplate(obj *api.PodTemplate, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - names, images := layoutContainerCells(obj.Template.Spec.Containers) - row.Cells = append(row.Cells, obj.Name, names, images, labels.FormatLabels(obj.Template.Labels)) - return []metav1.TableRow{row}, nil -} - -func printPodTemplateList(list *api.PodTemplateList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPodTemplate(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPodDisruptionBudget(obj *policy.PodDisruptionBudget, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - var minAvailable string - var maxUnavailable string - if obj.Spec.MinAvailable != nil { - minAvailable = obj.Spec.MinAvailable.String() - } else { - minAvailable = "N/A" - } - - if obj.Spec.MaxUnavailable != nil { - maxUnavailable = obj.Spec.MaxUnavailable.String() - } else { - maxUnavailable = "N/A" - } - - row.Cells = append(row.Cells, obj.Name, minAvailable, maxUnavailable, int64(obj.Status.DisruptionsAllowed), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printPodDisruptionBudgetList(list *policy.PodDisruptionBudgetList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPodDisruptionBudget(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -// TODO(AdoHe): try to put wide output in a single method -func printReplicationController(obj *api.ReplicationController, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - desiredReplicas := obj.Spec.Replicas - currentReplicas := obj.Status.Replicas - readyReplicas := obj.Status.ReadyReplicas - - row.Cells = append(row.Cells, obj.Name, int64(desiredReplicas), int64(currentReplicas), int64(readyReplicas), translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - names, images := layoutContainerCells(obj.Spec.Template.Spec.Containers) - row.Cells = append(row.Cells, names, images, labels.FormatLabels(obj.Spec.Selector)) - } - return []metav1.TableRow{row}, nil -} - -func printReplicationControllerList(list *api.ReplicationControllerList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printReplicationController(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printReplicaSet(obj *apps.ReplicaSet, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - desiredReplicas := obj.Spec.Replicas - currentReplicas := obj.Status.Replicas - readyReplicas := obj.Status.ReadyReplicas - - row.Cells = append(row.Cells, obj.Name, int64(desiredReplicas), int64(currentReplicas), int64(readyReplicas), translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - names, images := layoutContainerCells(obj.Spec.Template.Spec.Containers) - row.Cells = append(row.Cells, names, images, metav1.FormatLabelSelector(obj.Spec.Selector)) - } - return []metav1.TableRow{row}, nil -} - -func printReplicaSetList(list *apps.ReplicaSetList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printReplicaSet(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printJob(obj *batch.Job, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - var completions string - if obj.Spec.Completions != nil { - completions = fmt.Sprintf("%d/%d", obj.Status.Succeeded, *obj.Spec.Completions) - } else { - parallelism := int32(0) - if obj.Spec.Parallelism != nil { - parallelism = *obj.Spec.Parallelism - } - if parallelism > 1 { - completions = fmt.Sprintf("%d/1 of %d", obj.Status.Succeeded, parallelism) - } else { - completions = fmt.Sprintf("%d/1", obj.Status.Succeeded) - } - } - var jobDuration string - switch { - case obj.Status.StartTime == nil: - case obj.Status.CompletionTime == nil: - jobDuration = duration.HumanDuration(time.Since(obj.Status.StartTime.Time)) - default: - jobDuration = duration.HumanDuration(obj.Status.CompletionTime.Sub(obj.Status.StartTime.Time)) - } - - row.Cells = append(row.Cells, obj.Name, completions, jobDuration, translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - names, images := layoutContainerCells(obj.Spec.Template.Spec.Containers) - row.Cells = append(row.Cells, names, images, metav1.FormatLabelSelector(obj.Spec.Selector)) - } - return []metav1.TableRow{row}, nil -} - -func printJobList(list *batch.JobList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printJob(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printCronJob(obj *batch.CronJob, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - lastScheduleTime := "<none>" - if obj.Status.LastScheduleTime != nil { - lastScheduleTime = translateTimestampSince(*obj.Status.LastScheduleTime) - } - - row.Cells = append(row.Cells, obj.Name, obj.Spec.Schedule, printBoolPtr(obj.Spec.Suspend), int64(len(obj.Status.Active)), lastScheduleTime, translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - names, images := layoutContainerCells(obj.Spec.JobTemplate.Spec.Template.Spec.Containers) - row.Cells = append(row.Cells, names, images, metav1.FormatLabelSelector(obj.Spec.JobTemplate.Spec.Selector)) - } - return []metav1.TableRow{row}, nil -} - -func printCronJobList(list *batch.CronJobList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printCronJob(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -// loadBalancerStatusStringer behaves mostly like a string interface and converts the given status to a string. -// `wide` indicates whether the returned value is meant for --o=wide output. If not, it's clipped to 16 bytes. -func loadBalancerStatusStringer(s api.LoadBalancerStatus, wide bool) string { - ingress := s.Ingress - result := sets.NewString() - for i := range ingress { - if ingress[i].IP != "" { - result.Insert(ingress[i].IP) - } else if ingress[i].Hostname != "" { - result.Insert(ingress[i].Hostname) - } - } - - r := strings.Join(result.List(), ",") - if !wide && len(r) > loadBalancerWidth { - r = r[0:(loadBalancerWidth-3)] + "..." - } - return r -} - -func getServiceExternalIP(svc *api.Service, wide bool) string { - switch svc.Spec.Type { - case api.ServiceTypeClusterIP: - if len(svc.Spec.ExternalIPs) > 0 { - return strings.Join(svc.Spec.ExternalIPs, ",") - } - return "<none>" - case api.ServiceTypeNodePort: - if len(svc.Spec.ExternalIPs) > 0 { - return strings.Join(svc.Spec.ExternalIPs, ",") - } - return "<none>" - case api.ServiceTypeLoadBalancer: - lbIps := loadBalancerStatusStringer(svc.Status.LoadBalancer, wide) - if len(svc.Spec.ExternalIPs) > 0 { - results := []string{} - if len(lbIps) > 0 { - results = append(results, strings.Split(lbIps, ",")...) - } - results = append(results, svc.Spec.ExternalIPs...) - return strings.Join(results, ",") - } - if len(lbIps) > 0 { - return lbIps - } - return "<pending>" - case api.ServiceTypeExternalName: - return svc.Spec.ExternalName - } - return "<unknown>" -} - -func makePortString(ports []api.ServicePort) string { - pieces := make([]string, len(ports)) - for ix := range ports { - port := &ports[ix] - pieces[ix] = fmt.Sprintf("%d/%s", port.Port, port.Protocol) - if port.NodePort > 0 { - pieces[ix] = fmt.Sprintf("%d:%d/%s", port.Port, port.NodePort, port.Protocol) - } - } - return strings.Join(pieces, ",") -} - -func printService(obj *api.Service, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - svcType := obj.Spec.Type - internalIP := "<none>" - if len(obj.Spec.ClusterIPs) > 0 { - internalIP = obj.Spec.ClusterIPs[0] - } - - externalIP := getServiceExternalIP(obj, options.Wide) - svcPorts := makePortString(obj.Spec.Ports) - if len(svcPorts) == 0 { - svcPorts = "<none>" - } - - row.Cells = append(row.Cells, obj.Name, string(svcType), internalIP, externalIP, svcPorts, translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - row.Cells = append(row.Cells, labels.FormatLabels(obj.Spec.Selector)) - } - - return []metav1.TableRow{row}, nil -} - -func printServiceList(list *api.ServiceList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printService(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func formatHosts(rules []networking.IngressRule) string { - list := []string{} - max := 3 - more := false - for _, rule := range rules { - if len(list) == max { - more = true - } - if !more && len(rule.Host) != 0 { - list = append(list, rule.Host) - } - } - if len(list) == 0 { - return "*" - } - ret := strings.Join(list, ",") - if more { - return fmt.Sprintf("%s + %d more...", ret, len(rules)-max) - } - return ret -} - -func formatPorts(tls []networking.IngressTLS) string { - if len(tls) != 0 { - return "80, 443" - } - return "80" -} - -func printIngress(obj *networking.Ingress, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - className := "<none>" - if obj.Spec.IngressClassName != nil { - className = *obj.Spec.IngressClassName - } - hosts := formatHosts(obj.Spec.Rules) - address := ingressLoadBalancerStatusStringer(obj.Status.LoadBalancer, options.Wide) - ports := formatPorts(obj.Spec.TLS) - createTime := translateTimestampSince(obj.CreationTimestamp) - row.Cells = append(row.Cells, obj.Name, className, hosts, address, ports, createTime) - return []metav1.TableRow{row}, nil -} - -// ingressLoadBalancerStatusStringer behaves mostly like a string interface and converts the given status to a string. -// `wide` indicates whether the returned value is meant for --o=wide output. If not, it's clipped to 16 bytes. -func ingressLoadBalancerStatusStringer(s networking.IngressLoadBalancerStatus, wide bool) string { - ingress := s.Ingress - result := sets.NewString() - for i := range ingress { - if ingress[i].IP != "" { - result.Insert(ingress[i].IP) - } else if ingress[i].Hostname != "" { - result.Insert(ingress[i].Hostname) - } - } - - r := strings.Join(result.List(), ",") - if !wide && len(r) > loadBalancerWidth { - r = r[0:(loadBalancerWidth-3)] + "..." - } - return r -} - -func printIngressList(list *networking.IngressList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printIngress(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printIngressClass(obj *networking.IngressClass, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - parameters := "<none>" - if obj.Spec.Parameters != nil { - parameters = obj.Spec.Parameters.Kind - if obj.Spec.Parameters.APIGroup != nil { - parameters = parameters + "." + *obj.Spec.Parameters.APIGroup - } - parameters = parameters + "/" + obj.Spec.Parameters.Name - } - createTime := translateTimestampSince(obj.CreationTimestamp) - row.Cells = append(row.Cells, obj.Name, obj.Spec.Controller, parameters, createTime) - return []metav1.TableRow{row}, nil -} - -func printIngressClassList(list *networking.IngressClassList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printIngressClass(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printStatefulSet(obj *apps.StatefulSet, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - desiredReplicas := obj.Spec.Replicas - readyReplicas := obj.Status.ReadyReplicas - createTime := translateTimestampSince(obj.CreationTimestamp) - row.Cells = append(row.Cells, obj.Name, fmt.Sprintf("%d/%d", int64(readyReplicas), int64(desiredReplicas)), createTime) - if options.Wide { - names, images := layoutContainerCells(obj.Spec.Template.Spec.Containers) - row.Cells = append(row.Cells, names, images) - } - return []metav1.TableRow{row}, nil -} - -func printStatefulSetList(list *apps.StatefulSetList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printStatefulSet(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printDaemonSet(obj *apps.DaemonSet, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - desiredScheduled := obj.Status.DesiredNumberScheduled - currentScheduled := obj.Status.CurrentNumberScheduled - numberReady := obj.Status.NumberReady - numberUpdated := obj.Status.UpdatedNumberScheduled - numberAvailable := obj.Status.NumberAvailable - - row.Cells = append(row.Cells, obj.Name, int64(desiredScheduled), int64(currentScheduled), int64(numberReady), int64(numberUpdated), int64(numberAvailable), labels.FormatLabels(obj.Spec.Template.Spec.NodeSelector), translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - names, images := layoutContainerCells(obj.Spec.Template.Spec.Containers) - row.Cells = append(row.Cells, names, images, metav1.FormatLabelSelector(obj.Spec.Selector)) - } - return []metav1.TableRow{row}, nil -} - -func printDaemonSetList(list *apps.DaemonSetList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printDaemonSet(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printEndpoints(obj *api.Endpoints, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, formatEndpoints(obj, nil), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printEndpointsList(list *api.EndpointsList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printEndpoints(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printEndpointSlice(obj *discovery.EndpointSlice, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, string(obj.AddressType), formatDiscoveryPorts(obj.Ports), formatDiscoveryEndpoints(obj.Endpoints), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printEndpointSliceList(list *discovery.EndpointSliceList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printEndpointSlice(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printCSINode(obj *storage.CSINode, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, int64(len(obj.Spec.Drivers)), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printCSINodeList(list *storage.CSINodeList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printCSINode(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printCSIDriver(obj *storage.CSIDriver, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - attachRequired := true - if obj.Spec.AttachRequired != nil { - attachRequired = *obj.Spec.AttachRequired - } - podInfoOnMount := false - if obj.Spec.PodInfoOnMount != nil { - podInfoOnMount = *obj.Spec.PodInfoOnMount - } - allModes := []string{} - for _, mode := range obj.Spec.VolumeLifecycleModes { - allModes = append(allModes, string(mode)) - } - modes := strings.Join(allModes, ",") - if len(modes) == 0 { - modes = "<none>" - } - - row.Cells = append(row.Cells, obj.Name, attachRequired, podInfoOnMount) - storageCapacity := false - if obj.Spec.StorageCapacity != nil { - storageCapacity = *obj.Spec.StorageCapacity - } - row.Cells = append(row.Cells, storageCapacity) - - tokenRequests := "<unset>" - if obj.Spec.TokenRequests != nil { - audiences := []string{} - for _, t := range obj.Spec.TokenRequests { - audiences = append(audiences, t.Audience) - } - tokenRequests = strings.Join(audiences, ",") - } - requiresRepublish := false - if obj.Spec.RequiresRepublish != nil { - requiresRepublish = *obj.Spec.RequiresRepublish - } - row.Cells = append(row.Cells, tokenRequests, requiresRepublish) - - row.Cells = append(row.Cells, modes, translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printCSIDriverList(list *storage.CSIDriverList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printCSIDriver(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printCSIStorageCapacity(obj *storage.CSIStorageCapacity, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - capacity := "<unset>" - if obj.Capacity != nil { - capacity = obj.Capacity.String() - } - - row.Cells = append(row.Cells, obj.Name, obj.StorageClassName, capacity) - return []metav1.TableRow{row}, nil -} - -func printCSIStorageCapacityList(list *storage.CSIStorageCapacityList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printCSIStorageCapacity(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printMutatingWebhook(obj *admissionregistration.MutatingWebhookConfiguration, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, int64(len(obj.Webhooks)), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printMutatingWebhookList(list *admissionregistration.MutatingWebhookConfigurationList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printMutatingWebhook(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printValidatingWebhook(obj *admissionregistration.ValidatingWebhookConfiguration, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, int64(len(obj.Webhooks)), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printValidatingWebhookList(list *admissionregistration.ValidatingWebhookConfigurationList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printValidatingWebhook(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printValidatingAdmissionPolicy(obj *admissionregistration.ValidatingAdmissionPolicy, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - paramKind := "<unset>" - if obj.Spec.ParamKind != nil { - paramKind = obj.Spec.ParamKind.APIVersion + "/" + obj.Spec.ParamKind.Kind - } - row.Cells = append(row.Cells, obj.Name, int64(len(obj.Spec.Validations)), paramKind, translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printValidatingAdmissionPolicyList(list *admissionregistration.ValidatingAdmissionPolicyList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printValidatingAdmissionPolicy(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printValidatingAdmissionPolicyBinding(obj *admissionregistration.ValidatingAdmissionPolicyBinding, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - paramName := "<unset>" - if obj.Spec.ParamRef != nil { - if obj.Spec.ParamRef.Namespace != "" { - paramName = obj.Spec.ParamRef.Namespace + "/" + obj.Spec.ParamRef.Name - } else { - paramName = obj.Spec.ParamRef.Name - } - - } - row.Cells = append(row.Cells, obj.Name, obj.Spec.PolicyName, paramName, translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printValidatingAdmissionPolicyBindingList(list *admissionregistration.ValidatingAdmissionPolicyBindingList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printValidatingAdmissionPolicyBinding(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printNamespace(obj *api.Namespace, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, string(obj.Status.Phase), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printNamespaceList(list *api.NamespaceList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printNamespace(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printSecret(obj *api.Secret, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, string(obj.Type), int64(len(obj.Data)), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printSecretList(list *api.SecretList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printSecret(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printServiceAccount(obj *api.ServiceAccount, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, int64(len(obj.Secrets)), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printServiceAccountList(list *api.ServiceAccountList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printServiceAccount(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printNode(obj *api.Node, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - conditionMap := make(map[api.NodeConditionType]*api.NodeCondition) - NodeAllConditions := []api.NodeConditionType{api.NodeReady} - for i := range obj.Status.Conditions { - cond := obj.Status.Conditions[i] - conditionMap[cond.Type] = &cond - } - var status []string - for _, validCondition := range NodeAllConditions { - if condition, ok := conditionMap[validCondition]; ok { - if condition.Status == api.ConditionTrue { - status = append(status, string(condition.Type)) - } else { - status = append(status, "Not"+string(condition.Type)) - } - } - } - if len(status) == 0 { - status = append(status, "Unknown") - } - if obj.Spec.Unschedulable { - status = append(status, "SchedulingDisabled") - } - - roles := strings.Join(findNodeRoles(obj), ",") - if len(roles) == 0 { - roles = "<none>" - } - - row.Cells = append(row.Cells, obj.Name, strings.Join(status, ","), roles, translateTimestampSince(obj.CreationTimestamp), obj.Status.NodeInfo.KubeletVersion) - if options.Wide { - osImage, kernelVersion, crVersion := obj.Status.NodeInfo.OSImage, obj.Status.NodeInfo.KernelVersion, obj.Status.NodeInfo.ContainerRuntimeVersion - if osImage == "" { - osImage = "<unknown>" - } - if kernelVersion == "" { - kernelVersion = "<unknown>" - } - if crVersion == "" { - crVersion = "<unknown>" - } - row.Cells = append(row.Cells, getNodeInternalIP(obj), getNodeExternalIP(obj), osImage, kernelVersion, crVersion) - } - - return []metav1.TableRow{row}, nil -} - -// Returns first external ip of the node or "<none>" if none is found. -func getNodeExternalIP(node *api.Node) string { - for _, address := range node.Status.Addresses { - if address.Type == api.NodeExternalIP { - return address.Address - } - } - - return "<none>" -} - -// Returns the internal IP of the node or "<none>" if none is found. -func getNodeInternalIP(node *api.Node) string { - for _, address := range node.Status.Addresses { - if address.Type == api.NodeInternalIP { - return address.Address - } - } - - return "<none>" -} - -// findNodeRoles returns the roles of a given node. -// The roles are determined by looking for: -// * a node-role.kubernetes.io/<role>="" label -// * a kubernetes.io/role="<role>" label -func findNodeRoles(node *api.Node) []string { - roles := sets.NewString() - for k, v := range node.Labels { - switch { - case strings.HasPrefix(k, labelNodeRolePrefix): - if role := strings.TrimPrefix(k, labelNodeRolePrefix); len(role) > 0 { - roles.Insert(role) - } - - case k == nodeLabelRole && v != "": - roles.Insert(v) - } - } - return roles.List() -} - -func printNodeList(list *api.NodeList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printNode(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPersistentVolume(obj *api.PersistentVolume, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - claimRefUID := "" - if obj.Spec.ClaimRef != nil { - claimRefUID += obj.Spec.ClaimRef.Namespace - claimRefUID += "/" - claimRefUID += obj.Spec.ClaimRef.Name - } - - modesStr := helper.GetAccessModesAsString(obj.Spec.AccessModes) - reclaimPolicyStr := string(obj.Spec.PersistentVolumeReclaimPolicy) - - aQty := obj.Spec.Capacity[api.ResourceStorage] - aSize := aQty.String() - - phase := obj.Status.Phase - if obj.ObjectMeta.DeletionTimestamp != nil { - phase = "Terminating" - } - volumeMode := "<unset>" - if obj.Spec.VolumeMode != nil { - volumeMode = string(*obj.Spec.VolumeMode) - } - - row.Cells = append(row.Cells, obj.Name, aSize, modesStr, reclaimPolicyStr, - string(phase), claimRefUID, helper.GetPersistentVolumeClass(obj), - obj.Status.Reason, translateTimestampSince(obj.CreationTimestamp), volumeMode) - return []metav1.TableRow{row}, nil -} - -func printPersistentVolumeList(list *api.PersistentVolumeList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPersistentVolume(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPersistentVolumeClaim(obj *api.PersistentVolumeClaim, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - phase := obj.Status.Phase - if obj.ObjectMeta.DeletionTimestamp != nil { - phase = "Terminating" - } - - storage := obj.Spec.Resources.Requests[api.ResourceStorage] - capacity := "" - accessModes := "" - volumeMode := "<unset>" - if obj.Spec.VolumeName != "" { - accessModes = helper.GetAccessModesAsString(obj.Status.AccessModes) - storage = obj.Status.Capacity[api.ResourceStorage] - capacity = storage.String() - } - - if obj.Spec.VolumeMode != nil { - volumeMode = string(*obj.Spec.VolumeMode) - } - - row.Cells = append(row.Cells, obj.Name, string(phase), obj.Spec.VolumeName, capacity, accessModes, - helper.GetPersistentVolumeClaimClass(obj), translateTimestampSince(obj.CreationTimestamp), volumeMode) - return []metav1.TableRow{row}, nil -} - -func printPersistentVolumeClaimList(list *api.PersistentVolumeClaimList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPersistentVolumeClaim(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printEvent(obj *api.Event, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - firstTimestamp := translateTimestampSince(obj.FirstTimestamp) - if obj.FirstTimestamp.IsZero() { - firstTimestamp = translateMicroTimestampSince(obj.EventTime) - } - - lastTimestamp := translateTimestampSince(obj.LastTimestamp) - if obj.LastTimestamp.IsZero() { - lastTimestamp = firstTimestamp - } - - count := obj.Count - if obj.Series != nil { - lastTimestamp = translateMicroTimestampSince(obj.Series.LastObservedTime) - count = obj.Series.Count - } else if count == 0 { - // Singleton events don't have a count set in the new API. - count = 1 - } - - var target string - if len(obj.InvolvedObject.Name) > 0 { - target = fmt.Sprintf("%s/%s", strings.ToLower(obj.InvolvedObject.Kind), obj.InvolvedObject.Name) - } else { - target = strings.ToLower(obj.InvolvedObject.Kind) - } - if options.Wide { - row.Cells = append(row.Cells, - lastTimestamp, - obj.Type, - obj.Reason, - target, - obj.InvolvedObject.FieldPath, - formatEventSource(obj.Source, obj.ReportingController, obj.ReportingInstance), - strings.TrimSpace(obj.Message), - firstTimestamp, - int64(count), - obj.Name, - ) - } else { - row.Cells = append(row.Cells, - lastTimestamp, - obj.Type, - obj.Reason, - target, - strings.TrimSpace(obj.Message), - ) - } - - return []metav1.TableRow{row}, nil -} - -// Sorts and prints the EventList in a human-friendly format. -func printEventList(list *api.EventList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printEvent(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printRoleBinding(obj *rbac.RoleBinding, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - roleRef := fmt.Sprintf("%s/%s", obj.RoleRef.Kind, obj.RoleRef.Name) - row.Cells = append(row.Cells, obj.Name, roleRef, translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - users, groups, sas, _ := rbac.SubjectsStrings(obj.Subjects) - row.Cells = append(row.Cells, strings.Join(users, ", "), strings.Join(groups, ", "), strings.Join(sas, ", ")) - } - return []metav1.TableRow{row}, nil -} - -// Prints the RoleBinding in a human-friendly format. -func printRoleBindingList(list *rbac.RoleBindingList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printRoleBinding(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printClusterRoleBinding(obj *rbac.ClusterRoleBinding, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - roleRef := fmt.Sprintf("%s/%s", obj.RoleRef.Kind, obj.RoleRef.Name) - row.Cells = append(row.Cells, obj.Name, roleRef, translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - users, groups, sas, _ := rbac.SubjectsStrings(obj.Subjects) - row.Cells = append(row.Cells, strings.Join(users, ", "), strings.Join(groups, ", "), strings.Join(sas, ", ")) - } - return []metav1.TableRow{row}, nil -} - -// Prints the ClusterRoleBinding in a human-friendly format. -func printClusterRoleBindingList(list *rbac.ClusterRoleBindingList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printClusterRoleBinding(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printCertificateSigningRequest(obj *certificates.CertificateSigningRequest, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - status := extractCSRStatus(obj) - signerName := "<none>" - if obj.Spec.SignerName != "" { - signerName = obj.Spec.SignerName - } - requestedDuration := "<none>" - if obj.Spec.ExpirationSeconds != nil { - requestedDuration = duration.HumanDuration(csr.ExpirationSecondsToDuration(*obj.Spec.ExpirationSeconds)) - } - row.Cells = append(row.Cells, obj.Name, translateTimestampSince(obj.CreationTimestamp), signerName, obj.Spec.Username, requestedDuration, status) - return []metav1.TableRow{row}, nil -} - -func extractCSRStatus(csr *certificates.CertificateSigningRequest) string { - var approved, denied, failed bool - for _, c := range csr.Status.Conditions { - switch c.Type { - case certificates.CertificateApproved: - approved = true - case certificates.CertificateDenied: - denied = true - case certificates.CertificateFailed: - failed = true - } - } - var status string - // must be in order of presidence - if denied { - status += "Denied" - } else if approved { - status += "Approved" - } else { - status += "Pending" - } - if failed { - status += ",Failed" - } - if len(csr.Status.Certificate) > 0 { - status += ",Issued" - } - return status -} - -func printCertificateSigningRequestList(list *certificates.CertificateSigningRequestList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printCertificateSigningRequest(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printComponentStatus(obj *api.ComponentStatus, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - status := "Unknown" - message := "" - error := "" - for _, condition := range obj.Conditions { - if condition.Type == api.ComponentHealthy { - if condition.Status == api.ConditionTrue { - status = "Healthy" - } else { - status = "Unhealthy" - } - message = condition.Message - error = condition.Error - break - } - } - row.Cells = append(row.Cells, obj.Name, status, message, error) - return []metav1.TableRow{row}, nil -} - -func printComponentStatusList(list *api.ComponentStatusList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printComponentStatus(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printDeployment(obj *apps.Deployment, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - desiredReplicas := obj.Spec.Replicas - updatedReplicas := obj.Status.UpdatedReplicas - readyReplicas := obj.Status.ReadyReplicas - availableReplicas := obj.Status.AvailableReplicas - age := translateTimestampSince(obj.CreationTimestamp) - containers := obj.Spec.Template.Spec.Containers - selector, err := metav1.LabelSelectorAsSelector(obj.Spec.Selector) - selectorString := "" - if err != nil { - selectorString = "<invalid>" - } else { - selectorString = selector.String() - } - row.Cells = append(row.Cells, obj.Name, fmt.Sprintf("%d/%d", int64(readyReplicas), int64(desiredReplicas)), int64(updatedReplicas), int64(availableReplicas), age) - if options.Wide { - containers, images := layoutContainerCells(containers) - row.Cells = append(row.Cells, containers, images, selectorString) - } - return []metav1.TableRow{row}, nil -} - -func printDeploymentList(list *apps.DeploymentList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printDeployment(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func formatHPAMetrics(specs []autoscaling.MetricSpec, statuses []autoscaling.MetricStatus) string { - if len(specs) == 0 { - return "<none>" - } - list := []string{} - max := 2 - more := false - count := 0 - for i, spec := range specs { - switch spec.Type { - case autoscaling.ExternalMetricSourceType: - if spec.External.Target.AverageValue != nil { - current := "<unknown>" - if len(statuses) > i && statuses[i].External != nil && statuses[i].External.Current.AverageValue != nil { - current = statuses[i].External.Current.AverageValue.String() - } - list = append(list, fmt.Sprintf("%s/%s (avg)", current, spec.External.Target.AverageValue.String())) - } else { - current := "<unknown>" - if len(statuses) > i && statuses[i].External != nil { - current = statuses[i].External.Current.Value.String() - } - list = append(list, fmt.Sprintf("%s/%s", current, spec.External.Target.Value.String())) - } - case autoscaling.PodsMetricSourceType: - current := "<unknown>" - if len(statuses) > i && statuses[i].Pods != nil { - current = statuses[i].Pods.Current.AverageValue.String() - } - list = append(list, fmt.Sprintf("%s/%s", current, spec.Pods.Target.AverageValue.String())) - case autoscaling.ObjectMetricSourceType: - if spec.Object.Target.AverageValue != nil { - current := "<unknown>" - if len(statuses) > i && statuses[i].Object != nil && statuses[i].Object.Current.AverageValue != nil { - current = statuses[i].Object.Current.AverageValue.String() - } - list = append(list, fmt.Sprintf("%s/%s (avg)", current, spec.Object.Target.AverageValue.String())) - } else { - current := "<unknown>" - if len(statuses) > i && statuses[i].Object != nil { - current = statuses[i].Object.Current.Value.String() - } - list = append(list, fmt.Sprintf("%s/%s", current, spec.Object.Target.Value.String())) - } - case autoscaling.ResourceMetricSourceType: - if spec.Resource.Target.AverageValue != nil { - current := "<unknown>" - if len(statuses) > i && statuses[i].Resource != nil { - current = statuses[i].Resource.Current.AverageValue.String() - } - list = append(list, fmt.Sprintf("%s/%s", current, spec.Resource.Target.AverageValue.String())) - } else { - current := "<unknown>" - if len(statuses) > i && statuses[i].Resource != nil && statuses[i].Resource.Current.AverageUtilization != nil { - current = fmt.Sprintf("%d%%", *statuses[i].Resource.Current.AverageUtilization) - } - - target := "<auto>" - if spec.Resource.Target.AverageUtilization != nil { - target = fmt.Sprintf("%d%%", *spec.Resource.Target.AverageUtilization) - } - list = append(list, fmt.Sprintf("%s/%s", current, target)) - } - case autoscaling.ContainerResourceMetricSourceType: - if spec.ContainerResource.Target.AverageValue != nil { - current := "<unknown>" - if len(statuses) > i && statuses[i].ContainerResource != nil { - current = statuses[i].ContainerResource.Current.AverageValue.String() - } - list = append(list, fmt.Sprintf("%s/%s", current, spec.ContainerResource.Target.AverageValue.String())) - } else { - current := "<unknown>" - if len(statuses) > i && statuses[i].ContainerResource != nil && statuses[i].ContainerResource.Current.AverageUtilization != nil { - current = fmt.Sprintf("%d%%", *statuses[i].ContainerResource.Current.AverageUtilization) - } - - target := "<auto>" - if spec.ContainerResource.Target.AverageUtilization != nil { - target = fmt.Sprintf("%d%%", *spec.ContainerResource.Target.AverageUtilization) - } - list = append(list, fmt.Sprintf("%s/%s", current, target)) - } - default: - list = append(list, "<unknown type>") - } - - count++ - } - - if count > max { - list = list[:max] - more = true - } - - ret := strings.Join(list, ", ") - if more { - return fmt.Sprintf("%s + %d more...", ret, count-max) - } - return ret -} - -func printHorizontalPodAutoscaler(obj *autoscaling.HorizontalPodAutoscaler, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - reference := fmt.Sprintf("%s/%s", - obj.Spec.ScaleTargetRef.Kind, - obj.Spec.ScaleTargetRef.Name) - minPods := "<unset>" - metrics := formatHPAMetrics(obj.Spec.Metrics, obj.Status.CurrentMetrics) - if obj.Spec.MinReplicas != nil { - minPods = fmt.Sprintf("%d", *obj.Spec.MinReplicas) - } - maxPods := obj.Spec.MaxReplicas - currentReplicas := obj.Status.CurrentReplicas - row.Cells = append(row.Cells, obj.Name, reference, metrics, minPods, int64(maxPods), int64(currentReplicas), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printHorizontalPodAutoscalerList(list *autoscaling.HorizontalPodAutoscalerList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printHorizontalPodAutoscaler(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printConfigMap(obj *api.ConfigMap, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, int64(len(obj.Data)+len(obj.BinaryData)), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printConfigMapList(list *api.ConfigMapList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printConfigMap(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPodSecurityPolicy(obj *policy.PodSecurityPolicy, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - capabilities := make([]string, len(obj.Spec.AllowedCapabilities)) - for i, c := range obj.Spec.AllowedCapabilities { - capabilities[i] = string(c) - } - volumes := make([]string, len(obj.Spec.Volumes)) - for i, v := range obj.Spec.Volumes { - volumes[i] = string(v) - } - row.Cells = append(row.Cells, obj.Name, fmt.Sprintf("%v", obj.Spec.Privileged), - strings.Join(capabilities, ","), string(obj.Spec.SELinux.Rule), - string(obj.Spec.RunAsUser.Rule), string(obj.Spec.FSGroup.Rule), - string(obj.Spec.SupplementalGroups.Rule), obj.Spec.ReadOnlyRootFilesystem, - strings.Join(volumes, ",")) - return []metav1.TableRow{row}, nil -} - -func printPodSecurityPolicyList(list *policy.PodSecurityPolicyList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPodSecurityPolicy(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printNetworkPolicy(obj *networking.NetworkPolicy, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, metav1.FormatLabelSelector(&obj.Spec.PodSelector), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printNetworkPolicyList(list *networking.NetworkPolicyList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printNetworkPolicy(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printStorageClass(obj *storage.StorageClass, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - name := obj.Name - if storageutil.IsDefaultAnnotation(obj.ObjectMeta) { - name += " (default)" - } - provtype := obj.Provisioner - reclaimPolicy := string(api.PersistentVolumeReclaimDelete) - if obj.ReclaimPolicy != nil { - reclaimPolicy = string(*obj.ReclaimPolicy) - } - - volumeBindingMode := string(storage.VolumeBindingImmediate) - if obj.VolumeBindingMode != nil { - volumeBindingMode = string(*obj.VolumeBindingMode) - } - - allowVolumeExpansion := false - if obj.AllowVolumeExpansion != nil { - allowVolumeExpansion = *obj.AllowVolumeExpansion - } - - row.Cells = append(row.Cells, name, provtype, reclaimPolicy, volumeBindingMode, allowVolumeExpansion, - translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printStorageClassList(list *storage.StorageClassList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printStorageClass(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printLease(obj *coordination.Lease, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - var holderIdentity string - if obj.Spec.HolderIdentity != nil { - holderIdentity = *obj.Spec.HolderIdentity - } - row.Cells = append(row.Cells, obj.Name, holderIdentity, translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printLeaseList(list *coordination.LeaseList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printLease(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printStatus(obj *metav1.Status, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Status, string(obj.Reason), obj.Message) - - return []metav1.TableRow{row}, nil -} - -// Lay out all the containers on one line if use wide output. -func layoutContainerCells(containers []api.Container) (names string, images string) { - var namesBuffer bytes.Buffer - var imagesBuffer bytes.Buffer - - for i, container := range containers { - namesBuffer.WriteString(container.Name) - imagesBuffer.WriteString(container.Image) - if i != len(containers)-1 { - namesBuffer.WriteString(",") - imagesBuffer.WriteString(",") - } - } - return namesBuffer.String(), imagesBuffer.String() -} - -// formatEventSource formats EventSource as a comma separated string excluding Host when empty. -// It uses reportingController when Source.Component is empty and reportingInstance when Source.Host is empty -func formatEventSource(es api.EventSource, reportingController, reportingInstance string) string { - return formatEventSourceComponentInstance( - firstNonEmpty(es.Component, reportingController), - firstNonEmpty(es.Host, reportingInstance), - ) -} - -func firstNonEmpty(ss ...string) string { - for _, s := range ss { - if len(s) > 0 { - return s - } - } - return "" -} - -func formatEventSourceComponentInstance(component, instance string) string { - if len(instance) == 0 { - return component - } - return component + ", " + instance -} - -func printControllerRevision(obj *apps.ControllerRevision, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - controllerRef := metav1.GetControllerOf(obj) - controllerName := "<none>" - if controllerRef != nil { - withKind := true - gv, err := schema.ParseGroupVersion(controllerRef.APIVersion) - if err != nil { - return nil, err - } - gvk := gv.WithKind(controllerRef.Kind) - controllerName = formatResourceName(gvk.GroupKind(), controllerRef.Name, withKind) - } - revision := obj.Revision - age := translateTimestampSince(obj.CreationTimestamp) - row.Cells = append(row.Cells, obj.Name, controllerName, revision, age) - return []metav1.TableRow{row}, nil -} - -func printControllerRevisionList(list *apps.ControllerRevisionList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printControllerRevision(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -// formatResourceName receives a resource kind, name, and boolean specifying -// whether or not to update the current name to "kind/name" -func formatResourceName(kind schema.GroupKind, name string, withKind bool) string { - if !withKind || kind.Empty() { - return name - } - - return strings.ToLower(kind.String()) + "/" + name -} - -func printResourceQuota(resourceQuota *api.ResourceQuota, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: resourceQuota}, - } - - resources := make([]api.ResourceName, 0, len(resourceQuota.Status.Hard)) - for resource := range resourceQuota.Status.Hard { - resources = append(resources, resource) - } - sort.Sort(SortableResourceNames(resources)) - - requestColumn := bytes.NewBuffer([]byte{}) - limitColumn := bytes.NewBuffer([]byte{}) - for i := range resources { - w := requestColumn - resource := resources[i] - usedQuantity := resourceQuota.Status.Used[resource] - hardQuantity := resourceQuota.Status.Hard[resource] - - // use limitColumn writer if a resource name prefixed with "limits" is found - if pieces := strings.Split(resource.String(), "."); len(pieces) > 1 && pieces[0] == "limits" { - w = limitColumn - } - - fmt.Fprintf(w, "%s: %s/%s, ", resource, usedQuantity.String(), hardQuantity.String()) - } - - age := translateTimestampSince(resourceQuota.CreationTimestamp) - row.Cells = append(row.Cells, resourceQuota.Name, age, strings.TrimSuffix(requestColumn.String(), ", "), strings.TrimSuffix(limitColumn.String(), ", ")) - return []metav1.TableRow{row}, nil -} - -func printResourceQuotaList(list *api.ResourceQuotaList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printResourceQuota(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPriorityClass(obj *scheduling.PriorityClass, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - name := obj.Name - value := obj.Value - globalDefault := obj.GlobalDefault - row.Cells = append(row.Cells, name, int64(value), globalDefault, translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printPriorityClassList(list *scheduling.PriorityClassList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPriorityClass(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printRuntimeClass(obj *nodeapi.RuntimeClass, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - name := obj.Name - handler := obj.Handler - row.Cells = append(row.Cells, name, handler, translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printRuntimeClassList(list *nodeapi.RuntimeClassList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printRuntimeClass(&list.Items[i], options) - - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printVolumeAttachment(obj *storage.VolumeAttachment, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - name := obj.Name - pvName := "" - if obj.Spec.Source.PersistentVolumeName != nil { - pvName = *obj.Spec.Source.PersistentVolumeName - } - row.Cells = append(row.Cells, name, obj.Spec.Attacher, pvName, obj.Spec.NodeName, obj.Status.Attached, translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printVolumeAttachmentList(list *storage.VolumeAttachmentList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printVolumeAttachment(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printFlowSchema(obj *flowcontrol.FlowSchema, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - - name := obj.Name - plName := obj.Spec.PriorityLevelConfiguration.Name - distinguisherMethod := "<none>" - if obj.Spec.DistinguisherMethod != nil { - distinguisherMethod = string(obj.Spec.DistinguisherMethod.Type) - } - badPLRef := "?" - for _, cond := range obj.Status.Conditions { - if cond.Type == flowcontrol.FlowSchemaConditionDangling { - badPLRef = string(cond.Status) - break - } - } - row.Cells = append(row.Cells, name, plName, int64(obj.Spec.MatchingPrecedence), distinguisherMethod, translateTimestampSince(obj.CreationTimestamp), badPLRef) - - return []metav1.TableRow{row}, nil -} - -func printFlowSchemaList(list *flowcontrol.FlowSchemaList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - fsSeq := make(apihelpers.FlowSchemaSequence, len(list.Items)) - for i := range list.Items { - fsSeq[i] = &list.Items[i] - } - sort.Sort(fsSeq) - for i := range fsSeq { - r, err := printFlowSchema(fsSeq[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printStorageVersion(obj *apiserverinternal.StorageVersion, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - commonEncodingVersion := "<unset>" - if obj.Status.CommonEncodingVersion != nil { - commonEncodingVersion = *obj.Status.CommonEncodingVersion - } - row.Cells = append(row.Cells, obj.Name, commonEncodingVersion, formatStorageVersions(obj.Status.StorageVersions), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func formatStorageVersions(storageVersions []apiserverinternal.ServerStorageVersion) string { - list := []string{} - max := 3 - more := false - count := 0 - for _, sv := range storageVersions { - if len(list) < max { - list = append(list, fmt.Sprintf("%s=%s", sv.APIServerID, sv.EncodingVersion)) - } else if len(list) == max { - more = true - } - count++ - } - return listWithMoreString(list, more, count, max) -} - -func printStorageVersionList(list *apiserverinternal.StorageVersionList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printStorageVersion(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPriorityLevelConfiguration(obj *flowcontrol.PriorityLevelConfiguration, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - name := obj.Name - ncs := interface{}("<none>") - queues := interface{}("<none>") - handSize := interface{}("<none>") - queueLengthLimit := interface{}("<none>") - if obj.Spec.Limited != nil { - ncs = obj.Spec.Limited.NominalConcurrencyShares - if qc := obj.Spec.Limited.LimitResponse.Queuing; qc != nil { - queues = qc.Queues - handSize = qc.HandSize - queueLengthLimit = qc.QueueLengthLimit - } - } - row.Cells = append(row.Cells, name, string(obj.Spec.Type), ncs, queues, handSize, queueLengthLimit, translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printPriorityLevelConfigurationList(list *flowcontrol.PriorityLevelConfigurationList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPriorityLevelConfiguration(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printClusterCIDR(obj *networking.ClusterCIDR, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - ipv4 := "<none>" - ipv6 := "<none>" - - if obj.Spec.IPv4 != "" { - ipv4 = obj.Spec.IPv4 - } - if obj.Spec.IPv6 != "" { - ipv6 = obj.Spec.IPv6 - } - - row.Cells = append(row.Cells, obj.Name, fmt.Sprint(obj.Spec.PerNodeHostBits), ipv4, ipv6, translateTimestampSince(obj.CreationTimestamp)) - if options.Wide { - nodeSelector := "<none>" - if obj.Spec.NodeSelector != nil { - allTerms := make([]string, 0) - for _, term := range obj.Spec.NodeSelector.NodeSelectorTerms { - if len(term.MatchExpressions) > 0 { - matchExpressions := fmt.Sprintf("MatchExpressions: %v", term.MatchExpressions) - allTerms = append(allTerms, matchExpressions) - } - - if len(term.MatchFields) > 0 { - matchFields := fmt.Sprintf("MatchFields: %v", term.MatchFields) - allTerms = append(allTerms, matchFields) - } - } - nodeSelector = strings.Join(allTerms, ",") - } - - row.Cells = append(row.Cells, nodeSelector) - } - - return []metav1.TableRow{row}, nil -} - -func printClusterCIDRList(list *networking.ClusterCIDRList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printClusterCIDR(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printScale(obj *autoscaling.Scale, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, int64(obj.Spec.Replicas), int64(obj.Status.Replicas), translateTimestampSince(obj.CreationTimestamp)) - return []metav1.TableRow{row}, nil -} - -func printResourceClass(obj *resource.ResourceClass, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, obj.DriverName, translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printResourceClassList(list *resource.ResourceClassList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printResourceClass(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printResourceClaim(obj *resource.ResourceClaim, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, obj.Spec.ResourceClassName, string(obj.Spec.AllocationMode), resourceClaimState(obj), translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func resourceClaimState(obj *resource.ResourceClaim) string { - var states []string - if obj.DeletionTimestamp != nil { - states = append(states, "deleted") - } - if obj.Status.Allocation == nil { - if obj.DeletionTimestamp == nil { - states = append(states, "pending") - } - } else { - states = append(states, "allocated") - if len(obj.Status.ReservedFor) > 0 { - states = append(states, "reserved") - } else if obj.DeletionTimestamp != nil || obj.Status.DeallocationRequested { - states = append(states, "deallocating") - } - } - return strings.Join(states, ",") -} - -func printResourceClaimList(list *resource.ResourceClaimList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printResourceClaim(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printResourceClaimTemplate(obj *resource.ResourceClaimTemplate, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, obj.Spec.Spec.ResourceClassName, string(obj.Spec.Spec.AllocationMode), translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printResourceClaimTemplateList(list *resource.ResourceClaimTemplateList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printResourceClaimTemplate(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printPodScheduling(obj *resource.PodScheduling, options printers.GenerateOptions) ([]metav1.TableRow, error) { - row := metav1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, obj.Spec.SelectedNode, translateTimestampSince(obj.CreationTimestamp)) - - return []metav1.TableRow{row}, nil -} - -func printPodSchedulingList(list *resource.PodSchedulingList, options printers.GenerateOptions) ([]metav1.TableRow, error) { - rows := make([]metav1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printPodScheduling(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - -func printBoolPtr(value *bool) string { - if value != nil { - return printBool(*value) - } - - return "<unset>" -} - -func printBool(value bool) string { - if value { - return "True" - } - - return "False" -} - -// SortableResourceNames - An array of sortable resource names -type SortableResourceNames []api.ResourceName - -func (list SortableResourceNames) Len() int { - return len(list) -} - -func (list SortableResourceNames) Swap(i, j int) { - list[i], list[j] = list[j], list[i] -} - -func (list SortableResourceNames) Less(i, j int) bool { - return list[i] < list[j] -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/printers/storage/storage.go deleted file mode 100644 index 57c0865cdc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/storage/storage.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/printers" -) - -// TableConvertor struct - converts objects to metav1.Table using printers.TableGenerator -type TableConvertor struct { - printers.TableGenerator -} - -// ConvertToTable method - converts objects to metav1.Table objects using TableGenerator -func (c TableConvertor) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - noHeaders := false - if tableOptions != nil { - switch t := tableOptions.(type) { - case *metav1.TableOptions: - if t != nil { - noHeaders = t.NoHeaders - } - default: - return nil, fmt.Errorf("unrecognized type %T for table options, can't display tabular output", tableOptions) - } - } - return c.TableGenerator.GenerateTable(obj, printers.GenerateOptions{Wide: true, NoHeaders: noHeaders}) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/printers/tablegenerator.go b/etcd/vendor/k8s.io/kubernetes/pkg/printers/tablegenerator.go deleted file mode 100644 index 735c032467..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/printers/tablegenerator.go +++ /dev/null @@ -1,171 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package printers - -import ( - "fmt" - "reflect" - - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -// GenerateOptions encapsulates attributes for table generation. -type GenerateOptions struct { - NoHeaders bool - Wide bool -} - -// TableGenerator - an interface for generating metav1.Table provided a runtime.Object -type TableGenerator interface { - GenerateTable(obj runtime.Object, options GenerateOptions) (*metav1.Table, error) -} - -// PrintHandler - interface to handle printing provided an array of metav1.TableColumnDefinition -type PrintHandler interface { - TableHandler(columns []metav1.TableColumnDefinition, printFunc interface{}) error -} - -type handlerEntry struct { - columnDefinitions []metav1.TableColumnDefinition - printFunc reflect.Value -} - -// HumanReadableGenerator is an implementation of TableGenerator used to generate -// a table for a specific resource. The table is printed with a TablePrinter using -// PrintObj(). -type HumanReadableGenerator struct { - handlerMap map[reflect.Type]*handlerEntry -} - -var _ TableGenerator = &HumanReadableGenerator{} -var _ PrintHandler = &HumanReadableGenerator{} - -// NewTableGenerator creates a HumanReadableGenerator suitable for calling GenerateTable(). -func NewTableGenerator() *HumanReadableGenerator { - return &HumanReadableGenerator{ - handlerMap: make(map[reflect.Type]*handlerEntry), - } -} - -// With method - accepts a list of builder functions that modify HumanReadableGenerator -func (h *HumanReadableGenerator) With(fns ...func(PrintHandler)) *HumanReadableGenerator { - for _, fn := range fns { - fn(h) - } - return h -} - -// GenerateTable returns a table for the provided object, using the printer registered for that type. It returns -// a table that includes all of the information requested by options, but will not remove rows or columns. The -// caller is responsible for applying rules related to filtering rows or columns. -func (h *HumanReadableGenerator) GenerateTable(obj runtime.Object, options GenerateOptions) (*metav1.Table, error) { - t := reflect.TypeOf(obj) - handler, ok := h.handlerMap[t] - if !ok { - return nil, fmt.Errorf("no table handler registered for this type %v", t) - } - - args := []reflect.Value{reflect.ValueOf(obj), reflect.ValueOf(options)} - results := handler.printFunc.Call(args) - if !results[1].IsNil() { - return nil, results[1].Interface().(error) - } - - var columns []metav1.TableColumnDefinition - if !options.NoHeaders { - columns = handler.columnDefinitions - if !options.Wide { - columns = make([]metav1.TableColumnDefinition, 0, len(handler.columnDefinitions)) - for i := range handler.columnDefinitions { - if handler.columnDefinitions[i].Priority != 0 { - continue - } - columns = append(columns, handler.columnDefinitions[i]) - } - } - } - table := &metav1.Table{ - ListMeta: metav1.ListMeta{ - ResourceVersion: "", - }, - ColumnDefinitions: columns, - Rows: results[0].Interface().([]metav1.TableRow), - } - if m, err := meta.ListAccessor(obj); err == nil { - table.ResourceVersion = m.GetResourceVersion() - table.Continue = m.GetContinue() - table.RemainingItemCount = m.GetRemainingItemCount() - } else { - if m, err := meta.CommonAccessor(obj); err == nil { - table.ResourceVersion = m.GetResourceVersion() - } - } - return table, nil -} - -// TableHandler adds a print handler with a given set of columns to HumanReadableGenerator instance. -// See ValidateRowPrintHandlerFunc for required method signature. -func (h *HumanReadableGenerator) TableHandler(columnDefinitions []metav1.TableColumnDefinition, printFunc interface{}) error { - printFuncValue := reflect.ValueOf(printFunc) - if err := ValidateRowPrintHandlerFunc(printFuncValue); err != nil { - utilruntime.HandleError(fmt.Errorf("unable to register print function: %v", err)) - return err - } - entry := &handlerEntry{ - columnDefinitions: columnDefinitions, - printFunc: printFuncValue, - } - - objType := printFuncValue.Type().In(0) - if _, ok := h.handlerMap[objType]; ok { - err := fmt.Errorf("registered duplicate printer for %v", objType) - utilruntime.HandleError(err) - return err - } - h.handlerMap[objType] = entry - return nil -} - -// ValidateRowPrintHandlerFunc validates print handler signature. -// printFunc is the function that will be called to print an object. -// It must be of the following type: -// -// func printFunc(object ObjectType, options GenerateOptions) ([]metav1.TableRow, error) -// -// where ObjectType is the type of the object that will be printed, and the first -// return value is an array of rows, with each row containing a number of cells that -// match the number of columns defined for that printer function. -func ValidateRowPrintHandlerFunc(printFunc reflect.Value) error { - if printFunc.Kind() != reflect.Func { - return fmt.Errorf("invalid print handler. %#v is not a function", printFunc) - } - funcType := printFunc.Type() - if funcType.NumIn() != 2 || funcType.NumOut() != 2 { - return fmt.Errorf("invalid print handler." + - "Must accept 2 parameters and return 2 value") - } - if funcType.In(1) != reflect.TypeOf((*GenerateOptions)(nil)).Elem() || - funcType.Out(0) != reflect.TypeOf((*[]metav1.TableRow)(nil)).Elem() || - funcType.Out(1) != reflect.TypeOf((*error)(nil)).Elem() { - return fmt.Errorf("invalid print handler. The expected signature is: "+ - "func handler(obj %v, options GenerateOptions) ([]metav1.TableRow, error)", funcType.In(0)) - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/probe/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/probe/OWNERS deleted file mode 100644 index 65e322510c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/probe/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-node-approvers -reviewers: - - sig-node-reviewers -labels: - - sig/node diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/probe/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/probe/doc.go deleted file mode 100644 index 10fad97067..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/probe/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package probe contains utilities for health probing, as well as health status information. -package probe // import "k8s.io/kubernetes/pkg/probe" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/probe/http/http.go b/etcd/vendor/k8s.io/kubernetes/pkg/probe/http/http.go deleted file mode 100644 index 025418becb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/probe/http/http.go +++ /dev/null @@ -1,137 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package http - -import ( - "crypto/tls" - "errors" - "fmt" - "net/http" - "time" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/kubernetes/pkg/probe" - - "k8s.io/klog/v2" - utilio "k8s.io/utils/io" -) - -const ( - maxRespBodyLength = 10 * 1 << 10 // 10KB -) - -// New creates Prober that will skip TLS verification while probing. -// followNonLocalRedirects configures whether the prober should follow redirects to a different hostname. -// -// If disabled, redirects to other hosts will trigger a warning result. -func New(followNonLocalRedirects bool) Prober { - tlsConfig := &tls.Config{InsecureSkipVerify: true} - return NewWithTLSConfig(tlsConfig, followNonLocalRedirects) -} - -// NewWithTLSConfig takes tls config as parameter. -// followNonLocalRedirects configures whether the prober should follow redirects to a different hostname. -// -// If disabled, redirects to other hosts will trigger a warning result. -func NewWithTLSConfig(config *tls.Config, followNonLocalRedirects bool) Prober { - // We do not want the probe use node's local proxy set. - transport := utilnet.SetTransportDefaults( - &http.Transport{ - TLSClientConfig: config, - DisableKeepAlives: true, - Proxy: http.ProxyURL(nil), - DisableCompression: true, // removes Accept-Encoding header - }) - return httpProber{transport, followNonLocalRedirects} -} - -// Prober is an interface that defines the Probe function for doing HTTP readiness/liveness checks. -type Prober interface { - Probe(req *http.Request, timeout time.Duration) (probe.Result, string, error) -} - -type httpProber struct { - transport *http.Transport - followNonLocalRedirects bool -} - -// Probe returns a ProbeRunner capable of running an HTTP check. -func (pr httpProber) Probe(req *http.Request, timeout time.Duration) (probe.Result, string, error) { - client := &http.Client{ - Timeout: timeout, - Transport: pr.transport, - CheckRedirect: RedirectChecker(pr.followNonLocalRedirects), - } - return DoHTTPProbe(req, client) -} - -// GetHTTPInterface is an interface for making HTTP requests, that returns a response and error. -type GetHTTPInterface interface { - Do(req *http.Request) (*http.Response, error) -} - -// DoHTTPProbe checks if a GET request to the url succeeds. -// If the HTTP response code is successful (i.e. 400 > code >= 200), it returns Success. -// If the HTTP response code is unsuccessful or HTTP communication fails, it returns Failure. -// This is exported because some other packages may want to do direct HTTP probes. -func DoHTTPProbe(req *http.Request, client GetHTTPInterface) (probe.Result, string, error) { - url := req.URL - headers := req.Header - res, err := client.Do(req) - if err != nil { - // Convert errors into failures to catch timeouts. - return probe.Failure, err.Error(), nil - } - defer res.Body.Close() - b, err := utilio.ReadAtMost(res.Body, maxRespBodyLength) - if err != nil { - if err == utilio.ErrLimitReached { - klog.V(4).Infof("Non fatal body truncation for %s, Response: %v", url.String(), *res) - } else { - return probe.Failure, "", err - } - } - body := string(b) - if res.StatusCode >= http.StatusOK && res.StatusCode < http.StatusBadRequest { - if res.StatusCode >= http.StatusMultipleChoices { // Redirect - klog.V(4).Infof("Probe terminated redirects for %s, Response: %v", url.String(), *res) - return probe.Warning, fmt.Sprintf("Probe terminated redirects, Response body: %v", body), nil - } - klog.V(4).Infof("Probe succeeded for %s, Response: %v", url.String(), *res) - return probe.Success, body, nil - } - klog.V(4).Infof("Probe failed for %s with request headers %v, response body: %v", url.String(), headers, body) - return probe.Failure, fmt.Sprintf("HTTP probe failed with statuscode: %d", res.StatusCode), nil -} - -// RedirectChecker returns a function that can be used to check HTTP redirects. -func RedirectChecker(followNonLocalRedirects bool) func(*http.Request, []*http.Request) error { - if followNonLocalRedirects { - return nil // Use the default http client checker. - } - - return func(req *http.Request, via []*http.Request) error { - if req.URL.Hostname() != via[0].URL.Hostname() { - return http.ErrUseLastResponse - } - // Default behavior: stop after 10 redirects. - if len(via) >= 10 { - return errors.New("stopped after 10 redirects") - } - return nil - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/probe/http/request.go b/etcd/vendor/k8s.io/kubernetes/pkg/probe/http/request.go deleted file mode 100644 index 4285c0a4cc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/probe/http/request.go +++ /dev/null @@ -1,119 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package http - -import ( - "fmt" - "net" - "net/http" - "net/url" - "strconv" - "strings" - - v1 "k8s.io/api/core/v1" - "k8s.io/component-base/version" - "k8s.io/kubernetes/pkg/probe" -) - -// NewProbeRequest returns an http.Request suitable for use as a request for a -// probe. -func NewProbeRequest(url *url.URL, headers http.Header) (*http.Request, error) { - return newProbeRequest(url, headers, "probe") -} - -// NewRequestForHTTPGetAction returns an http.Request derived from httpGet. -// When httpGet.Host is empty, podIP will be used instead. -func NewRequestForHTTPGetAction(httpGet *v1.HTTPGetAction, container *v1.Container, podIP string, userAgentFragment string) (*http.Request, error) { - scheme := strings.ToLower(string(httpGet.Scheme)) - if scheme == "" { - scheme = "http" - } - - host := httpGet.Host - if host == "" { - host = podIP - } - - port, err := probe.ResolveContainerPort(httpGet.Port, container) - if err != nil { - return nil, err - } - - path := httpGet.Path - url := formatURL(scheme, host, port, path) - headers := v1HeaderToHTTPHeader(httpGet.HTTPHeaders) - - return newProbeRequest(url, headers, userAgentFragment) -} - -func newProbeRequest(url *url.URL, headers http.Header, userAgentFragment string) (*http.Request, error) { - req, err := http.NewRequest("GET", url.String(), nil) - if err != nil { - return nil, err - } - - if headers == nil { - headers = http.Header{} - } - if _, ok := headers["User-Agent"]; !ok { - // User-Agent header was not defined, set it - headers.Set("User-Agent", userAgent(userAgentFragment)) - } - if _, ok := headers["Accept"]; !ok { - // Accept header was not defined. accept all - headers.Set("Accept", "*/*") - } else if headers.Get("Accept") == "" { - // Accept header was overridden but is empty. removing - headers.Del("Accept") - } - req.Header = headers - req.Host = headers.Get("Host") - - return req, nil -} - -func userAgent(purpose string) string { - v := version.Get() - return fmt.Sprintf("kube-%s/%s.%s", purpose, v.Major, v.Minor) -} - -// formatURL formats a URL from args. For testability. -func formatURL(scheme string, host string, port int, path string) *url.URL { - u, err := url.Parse(path) - // Something is busted with the path, but it's too late to reject it. Pass it along as is. - // - // This construction of a URL may be wrong in some cases, but it preserves - // legacy prober behavior. - if err != nil { - u = &url.URL{ - Path: path, - } - } - u.Scheme = scheme - u.Host = net.JoinHostPort(host, strconv.Itoa(port)) - return u -} - -// v1HeaderToHTTPHeader takes a list of HTTPHeader <name, value> string pairs -// and returns a populated string->[]string http.Header map. -func v1HeaderToHTTPHeader(headerList []v1.HTTPHeader) http.Header { - headers := make(http.Header) - for _, header := range headerList { - headers[header.Name] = append(headers[header.Name], header.Value) - } - return headers -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/probe/probe.go b/etcd/vendor/k8s.io/kubernetes/pkg/probe/probe.go deleted file mode 100644 index c47b6c2fef..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/probe/probe.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package probe - -// Result is a string used to handle the results for probing container readiness/liveness -type Result string - -const ( - // Success Result - Success Result = "success" - // Warning Result. Logically success, but with additional debugging information attached. - Warning Result = "warning" - // Failure Result - Failure Result = "failure" - // Unknown Result - Unknown Result = "unknown" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/probe/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/probe/util.go deleted file mode 100644 index cb25128745..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/probe/util.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package probe - -import ( - "fmt" - "strconv" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -func ResolveContainerPort(param intstr.IntOrString, container *v1.Container) (int, error) { - port := -1 - var err error - switch param.Type { - case intstr.Int: - port = param.IntValue() - case intstr.String: - if port, err = findPortByName(container, param.StrVal); err != nil { - // Last ditch effort - maybe it was an int stored as string? - if port, err = strconv.Atoi(param.StrVal); err != nil { - return port, err - } - } - default: - return port, fmt.Errorf("intOrString had no kind: %+v", param) - } - if port > 0 && port < 65536 { - return port, nil - } - return port, fmt.Errorf("invalid port number: %v", port) -} - -// findPortByName is a helper function to look up a port in a container by name. -func findPortByName(container *v1.Container, portName string) (int, error) { - for _, port := range container.Ports { - if port.Name == portName { - return int(port.ContainerPort), nil - } - } - return 0, fmt.Errorf("port %s not found", portName) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/endpoints.go b/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/endpoints.go deleted file mode 100644 index d5e08e4c1b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/endpoints.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "net" - "strconv" - - "k8s.io/klog/v2" - netutils "k8s.io/utils/net" -) - -// IPPart returns just the IP part of an IP or IP:port or endpoint string. If the IP -// part is an IPv6 address enclosed in brackets (e.g. "[fd00:1::5]:9999"), -// then the brackets are stripped as well. -func IPPart(s string) string { - if ip := netutils.ParseIPSloppy(s); ip != nil { - // IP address without port - return s - } - // Must be IP:port - host, _, err := net.SplitHostPort(s) - if err != nil { - klog.ErrorS(err, "Failed to parse host-port", "input", s) - return "" - } - // Check if host string is a valid IP address - ip := netutils.ParseIPSloppy(host) - if ip == nil { - klog.ErrorS(nil, "Failed to parse IP", "input", host) - return "" - } - return ip.String() -} - -// PortPart returns just the port part of an endpoint string. -func PortPart(s string) (int, error) { - // Must be IP:port - _, port, err := net.SplitHostPort(s) - if err != nil { - klog.ErrorS(err, "Failed to parse host-port", "input", s) - return -1, err - } - portNumber, err := strconv.Atoi(port) - if err != nil { - klog.ErrorS(err, "Failed to parse port", "input", port) - return -1, err - } - return portNumber, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/network.go b/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/network.go deleted file mode 100644 index 9d46da0397..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/network.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "net" -) - -// NetworkInterfacer defines an interface for several net library functions. Production -// code will forward to net library functions, and unit tests will override the methods -// for testing purposes. -type NetworkInterfacer interface { - InterfaceAddrs() ([]net.Addr, error) -} - -// RealNetwork implements the NetworkInterfacer interface for production code, just -// wrapping the underlying net library function calls. -type RealNetwork struct{} - -// InterfaceAddrs wraps net.InterfaceAddrs(), it's a part of NetworkInterfacer interface. -func (RealNetwork) InterfaceAddrs() ([]net.Addr, error) { - return net.InterfaceAddrs() -} - -var _ NetworkInterfacer = &RealNetwork{} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/utils.go b/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/utils.go deleted file mode 100644 index 92ef465808..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/proxy/util/utils.go +++ /dev/null @@ -1,598 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "bytes" - "context" - "errors" - "fmt" - "net" - "net/http" - "strconv" - "strings" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" - utilrand "k8s.io/apimachinery/pkg/util/rand" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/client-go/tools/events" - utilsysctl "k8s.io/component-helpers/node/util/sysctl" - helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" - netutils "k8s.io/utils/net" - - "k8s.io/klog/v2" -) - -const ( - // IPv4ZeroCIDR is the CIDR block for the whole IPv4 address space - IPv4ZeroCIDR = "0.0.0.0/0" - - // IPv6ZeroCIDR is the CIDR block for the whole IPv6 address space - IPv6ZeroCIDR = "::/0" -) - -var ( - // ErrAddressNotAllowed indicates the address is not allowed - ErrAddressNotAllowed = errors.New("address not allowed") - - // ErrNoAddresses indicates there are no addresses for the hostname - ErrNoAddresses = errors.New("no addresses for hostname") -) - -// isValidEndpoint checks that the given host / port pair are valid endpoint -func isValidEndpoint(host string, port int) bool { - return host != "" && port > 0 -} - -// BuildPortsToEndpointsMap builds a map of portname -> all ip:ports for that -// portname. Explode Endpoints.Subsets[*] into this structure. -func BuildPortsToEndpointsMap(endpoints *v1.Endpoints) map[string][]string { - portsToEndpoints := map[string][]string{} - for i := range endpoints.Subsets { - ss := &endpoints.Subsets[i] - for i := range ss.Ports { - port := &ss.Ports[i] - for i := range ss.Addresses { - addr := &ss.Addresses[i] - if isValidEndpoint(addr.IP, int(port.Port)) { - portsToEndpoints[port.Name] = append(portsToEndpoints[port.Name], net.JoinHostPort(addr.IP, strconv.Itoa(int(port.Port)))) - } - } - } - } - return portsToEndpoints -} - -// ContainsIPv4Loopback returns true if the input is empty or one of the CIDR contains an IPv4 loopback address. -func ContainsIPv4Loopback(cidrStrings []string) bool { - if len(cidrStrings) == 0 { - return true - } - // RFC 5735 127.0.0.0/8 - This block is assigned for use as the Internet host loopback address - ipv4LoopbackStart := netutils.ParseIPSloppy("127.0.0.0") - for _, cidr := range cidrStrings { - if IsZeroCIDR(cidr) { - return true - } - - ip, ipnet, err := netutils.ParseCIDRSloppy(cidr) - if err != nil { - continue - } - - if netutils.IsIPv6CIDR(ipnet) { - continue - } - - if ip.IsLoopback() { - return true - } - if ipnet.Contains(ipv4LoopbackStart) { - return true - } - } - return false -} - -// IsZeroCIDR checks whether the input CIDR string is either -// the IPv4 or IPv6 zero CIDR -func IsZeroCIDR(cidr string) bool { - if cidr == IPv4ZeroCIDR || cidr == IPv6ZeroCIDR { - return true - } - return false -} - -// IsLoopBack checks if a given IP address is a loopback address. -func IsLoopBack(ip string) bool { - netIP := netutils.ParseIPSloppy(ip) - if netIP != nil { - return netIP.IsLoopback() - } - return false -} - -// IsProxyableIP checks if a given IP address is permitted to be proxied -func IsProxyableIP(ip string) error { - netIP := netutils.ParseIPSloppy(ip) - if netIP == nil { - return ErrAddressNotAllowed - } - return isProxyableIP(netIP) -} - -func isProxyableIP(ip net.IP) error { - if !ip.IsGlobalUnicast() { - return ErrAddressNotAllowed - } - return nil -} - -// Resolver is an interface for net.Resolver -type Resolver interface { - LookupIPAddr(ctx context.Context, host string) ([]net.IPAddr, error) -} - -// IsProxyableHostname checks if the IP addresses for a given hostname are permitted to be proxied -func IsProxyableHostname(ctx context.Context, resolv Resolver, hostname string) error { - resp, err := resolv.LookupIPAddr(ctx, hostname) - if err != nil { - return err - } - - if len(resp) == 0 { - return ErrNoAddresses - } - - for _, host := range resp { - if err := isProxyableIP(host.IP); err != nil { - return err - } - } - return nil -} - -// IsAllowedHost checks if the given IP host address is in a network in the denied list. -func IsAllowedHost(host net.IP, denied []*net.IPNet) error { - for _, ipNet := range denied { - if ipNet.Contains(host) { - return ErrAddressNotAllowed - } - } - return nil -} - -// GetLocalAddrs returns a list of all network addresses on the local system -func GetLocalAddrs() ([]net.IP, error) { - var localAddrs []net.IP - - addrs, err := net.InterfaceAddrs() - if err != nil { - return nil, err - } - - for _, addr := range addrs { - ip, _, err := netutils.ParseCIDRSloppy(addr.String()) - if err != nil { - return nil, err - } - - localAddrs = append(localAddrs, ip) - } - - return localAddrs, nil -} - -// GetLocalAddrSet return a local IPSet. -// If failed to get local addr, will assume no local ips. -func GetLocalAddrSet() netutils.IPSet { - localAddrs, err := GetLocalAddrs() - if err != nil { - klog.ErrorS(err, "Failed to get local addresses assuming no local IPs") - } else if len(localAddrs) == 0 { - klog.InfoS("No local addresses were found") - } - - localAddrSet := netutils.IPSet{} - localAddrSet.Insert(localAddrs...) - return localAddrSet -} - -// ShouldSkipService checks if a given service should skip proxying -func ShouldSkipService(service *v1.Service) bool { - // if ClusterIP is "None" or empty, skip proxying - if !helper.IsServiceIPSet(service) { - klog.V(3).InfoS("Skipping service due to cluster IP", "service", klog.KObj(service), "clusterIP", service.Spec.ClusterIP) - return true - } - // Even if ClusterIP is set, ServiceTypeExternalName services don't get proxied - if service.Spec.Type == v1.ServiceTypeExternalName { - klog.V(3).InfoS("Skipping service due to Type=ExternalName", "service", klog.KObj(service)) - return true - } - return false -} - -// GetNodeAddresses return all matched node IP addresses based on given cidr slice. -// Some callers, e.g. IPVS proxier, need concrete IPs, not ranges, which is why this exists. -// NetworkInterfacer is injected for test purpose. -// We expect the cidrs passed in is already validated. -// Given an empty input `[]`, it will return `0.0.0.0/0` and `::/0` directly. -// If multiple cidrs is given, it will return the minimal IP sets, e.g. given input `[1.2.0.0/16, 0.0.0.0/0]`, it will -// only return `0.0.0.0/0`. -// NOTE: GetNodeAddresses only accepts CIDRs, if you want concrete IPs, e.g. 1.2.3.4, then the input should be 1.2.3.4/32. -func GetNodeAddresses(cidrs []string, nw NetworkInterfacer) (sets.String, error) { - uniqueAddressList := sets.NewString() - if len(cidrs) == 0 { - uniqueAddressList.Insert(IPv4ZeroCIDR) - uniqueAddressList.Insert(IPv6ZeroCIDR) - return uniqueAddressList, nil - } - // First round of iteration to pick out `0.0.0.0/0` or `::/0` for the sake of excluding non-zero IPs. - for _, cidr := range cidrs { - if IsZeroCIDR(cidr) { - uniqueAddressList.Insert(cidr) - } - } - - addrs, err := nw.InterfaceAddrs() - if err != nil { - return nil, fmt.Errorf("error listing all interfaceAddrs from host, error: %v", err) - } - - // Second round of iteration to parse IPs based on cidr. - for _, cidr := range cidrs { - if IsZeroCIDR(cidr) { - continue - } - - _, ipNet, _ := netutils.ParseCIDRSloppy(cidr) - for _, addr := range addrs { - var ip net.IP - // nw.InterfaceAddrs may return net.IPAddr or net.IPNet on windows, and it will return net.IPNet on linux. - switch v := addr.(type) { - case *net.IPAddr: - ip = v.IP - case *net.IPNet: - ip = v.IP - default: - continue - } - - if ipNet.Contains(ip) { - if netutils.IsIPv6(ip) && !uniqueAddressList.Has(IPv6ZeroCIDR) { - uniqueAddressList.Insert(ip.String()) - } - if !netutils.IsIPv6(ip) && !uniqueAddressList.Has(IPv4ZeroCIDR) { - uniqueAddressList.Insert(ip.String()) - } - } - } - } - - if uniqueAddressList.Len() == 0 { - return nil, fmt.Errorf("no addresses found for cidrs %v", cidrs) - } - - return uniqueAddressList, nil -} - -// AddressSet validates the addresses in the slice using the "isValid" function. -// Addresses that pass the validation are returned as a string Set. -func AddressSet(isValid func(ip net.IP) bool, addrs []net.Addr) sets.String { - ips := sets.NewString() - for _, a := range addrs { - var ip net.IP - switch v := a.(type) { - case *net.IPAddr: - ip = v.IP - case *net.IPNet: - ip = v.IP - default: - continue - } - if isValid(ip) { - ips.Insert(ip.String()) - } - } - return ips -} - -// LogAndEmitIncorrectIPVersionEvent logs and emits incorrect IP version event. -func LogAndEmitIncorrectIPVersionEvent(recorder events.EventRecorder, fieldName, fieldValue, svcNamespace, svcName string, svcUID types.UID) { - errMsg := fmt.Sprintf("%s in %s has incorrect IP version", fieldValue, fieldName) - klog.ErrorS(nil, "Incorrect IP version", "service", klog.KRef(svcNamespace, svcName), "field", fieldName, "value", fieldValue) - if recorder != nil { - recorder.Eventf( - &v1.ObjectReference{ - Kind: "Service", - Name: svcName, - Namespace: svcNamespace, - UID: svcUID, - }, nil, v1.EventTypeWarning, "KubeProxyIncorrectIPVersion", "GatherEndpoints", errMsg) - } -} - -// MapIPsByIPFamily maps a slice of IPs to their respective IP families (v4 or v6) -func MapIPsByIPFamily(ipStrings []string) map[v1.IPFamily][]string { - ipFamilyMap := map[v1.IPFamily][]string{} - for _, ip := range ipStrings { - // Handle only the valid IPs - if ipFamily, err := getIPFamilyFromIP(ip); err == nil { - ipFamilyMap[ipFamily] = append(ipFamilyMap[ipFamily], ip) - } else { - // this function is called in multiple places. All of which - // have sanitized data. Except the case of ExternalIPs which is - // not validated by api-server. Specifically empty strings - // validation. Which yields into a lot of bad error logs. - // check for empty string - if len(strings.TrimSpace(ip)) != 0 { - klog.ErrorS(nil, "Skipping invalid IP", "ip", ip) - - } - } - } - return ipFamilyMap -} - -// MapCIDRsByIPFamily maps a slice of IPs to their respective IP families (v4 or v6) -func MapCIDRsByIPFamily(cidrStrings []string) map[v1.IPFamily][]string { - ipFamilyMap := map[v1.IPFamily][]string{} - for _, cidr := range cidrStrings { - // Handle only the valid CIDRs - if ipFamily, err := getIPFamilyFromCIDR(cidr); err == nil { - ipFamilyMap[ipFamily] = append(ipFamilyMap[ipFamily], cidr) - } else { - klog.ErrorS(nil, "Skipping invalid CIDR", "cidr", cidr) - } - } - return ipFamilyMap -} - -func getIPFamilyFromIP(ipStr string) (v1.IPFamily, error) { - netIP := netutils.ParseIPSloppy(ipStr) - if netIP == nil { - return "", ErrAddressNotAllowed - } - - if netutils.IsIPv6(netIP) { - return v1.IPv6Protocol, nil - } - return v1.IPv4Protocol, nil -} - -func getIPFamilyFromCIDR(cidrStr string) (v1.IPFamily, error) { - _, netCIDR, err := netutils.ParseCIDRSloppy(cidrStr) - if err != nil { - return "", ErrAddressNotAllowed - } - if netutils.IsIPv6CIDR(netCIDR) { - return v1.IPv6Protocol, nil - } - return v1.IPv4Protocol, nil -} - -// OtherIPFamily returns the other ip family -func OtherIPFamily(ipFamily v1.IPFamily) v1.IPFamily { - if ipFamily == v1.IPv6Protocol { - return v1.IPv4Protocol - } - - return v1.IPv6Protocol -} - -// AppendPortIfNeeded appends the given port to IP address unless it is already in -// "ipv4:port" or "[ipv6]:port" format. -func AppendPortIfNeeded(addr string, port int32) string { - // Return if address is already in "ipv4:port" or "[ipv6]:port" format. - if _, _, err := net.SplitHostPort(addr); err == nil { - return addr - } - - // Simply return for invalid case. This should be caught by validation instead. - ip := netutils.ParseIPSloppy(addr) - if ip == nil { - return addr - } - - // Append port to address. - if ip.To4() != nil { - return fmt.Sprintf("%s:%d", addr, port) - } - return fmt.Sprintf("[%s]:%d", addr, port) -} - -// ShuffleStrings copies strings from the specified slice into a copy in random -// order. It returns a new slice. -func ShuffleStrings(s []string) []string { - if s == nil { - return nil - } - shuffled := make([]string, len(s)) - perm := utilrand.Perm(len(s)) - for i, j := range perm { - shuffled[j] = s[i] - } - return shuffled -} - -// EnsureSysctl sets a kernel sysctl to a given numeric value. -func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error { - if oldVal, _ := sysctl.GetSysctl(name); oldVal != newVal { - if err := sysctl.SetSysctl(name, newVal); err != nil { - return fmt.Errorf("can't set sysctl %s to %d: %v", name, newVal, err) - } - klog.V(1).InfoS("Changed sysctl", "name", name, "before", oldVal, "after", newVal) - } - return nil -} - -// DialContext is a dial function matching the signature of net.Dialer.DialContext. -type DialContext = func(context.Context, string, string) (net.Conn, error) - -// FilteredDialOptions configures how a DialContext is wrapped by NewFilteredDialContext. -type FilteredDialOptions struct { - // DialHostIPDenylist restricts hosts from being dialed. - DialHostCIDRDenylist []*net.IPNet - // AllowLocalLoopback controls connections to local loopback hosts (as defined by - // IsProxyableIP). - AllowLocalLoopback bool -} - -// NewFilteredDialContext returns a DialContext function that filters connections based on a FilteredDialOptions. -func NewFilteredDialContext(wrapped DialContext, resolv Resolver, opts *FilteredDialOptions) DialContext { - if wrapped == nil { - wrapped = http.DefaultTransport.(*http.Transport).DialContext - } - if opts == nil { - // Do no filtering - return wrapped - } - if resolv == nil { - resolv = net.DefaultResolver - } - if len(opts.DialHostCIDRDenylist) == 0 && opts.AllowLocalLoopback { - // Do no filtering. - return wrapped - } - return func(ctx context.Context, network, address string) (net.Conn, error) { - // DialContext is given host:port. LookupIPAddress expects host. - addressToResolve, _, err := net.SplitHostPort(address) - if err != nil { - addressToResolve = address - } - - resp, err := resolv.LookupIPAddr(ctx, addressToResolve) - if err != nil { - return nil, err - } - - if len(resp) == 0 { - return nil, ErrNoAddresses - } - - for _, host := range resp { - if !opts.AllowLocalLoopback { - if err := isProxyableIP(host.IP); err != nil { - return nil, err - } - } - if opts.DialHostCIDRDenylist != nil { - if err := IsAllowedHost(host.IP, opts.DialHostCIDRDenylist); err != nil { - return nil, err - } - } - } - return wrapped(ctx, network, address) - } -} - -// GetClusterIPByFamily returns a service clusterip by family -func GetClusterIPByFamily(ipFamily v1.IPFamily, service *v1.Service) string { - // allowing skew - if len(service.Spec.IPFamilies) == 0 { - if len(service.Spec.ClusterIP) == 0 || service.Spec.ClusterIP == v1.ClusterIPNone { - return "" - } - - IsIPv6Family := (ipFamily == v1.IPv6Protocol) - if IsIPv6Family == netutils.IsIPv6String(service.Spec.ClusterIP) { - return service.Spec.ClusterIP - } - - return "" - } - - for idx, family := range service.Spec.IPFamilies { - if family == ipFamily { - if idx < len(service.Spec.ClusterIPs) { - return service.Spec.ClusterIPs[idx] - } - } - } - - return "" -} - -type LineBuffer struct { - b bytes.Buffer - lines int -} - -// Write takes a list of arguments, each a string or []string, joins all the -// individual strings with spaces, terminates with newline, and writes to buf. -// Any other argument type will panic. -func (buf *LineBuffer) Write(args ...interface{}) { - for i, arg := range args { - if i > 0 { - buf.b.WriteByte(' ') - } - switch x := arg.(type) { - case string: - buf.b.WriteString(x) - case []string: - for j, s := range x { - if j > 0 { - buf.b.WriteByte(' ') - } - buf.b.WriteString(s) - } - default: - panic(fmt.Sprintf("unknown argument type: %T", x)) - } - } - buf.b.WriteByte('\n') - buf.lines++ -} - -// WriteBytes writes bytes to buffer, and terminates with newline. -func (buf *LineBuffer) WriteBytes(bytes []byte) { - buf.b.Write(bytes) - buf.b.WriteByte('\n') - buf.lines++ -} - -// Reset clears buf -func (buf *LineBuffer) Reset() { - buf.b.Reset() - buf.lines = 0 -} - -// Bytes returns the contents of buf as a []byte -func (buf *LineBuffer) Bytes() []byte { - return buf.b.Bytes() -} - -// Lines returns the number of lines in buf. Note that more precisely, this returns the -// number of times Write() or WriteBytes() was called; it assumes that you never wrote -// any newlines to the buffer yourself. -func (buf *LineBuffer) Lines() int { - return buf.lines -} - -// RevertPorts is closing ports in replacementPortsMap but not in originalPortsMap. In other words, it only -// closes the ports opened in this sync. -func RevertPorts(replacementPortsMap, originalPortsMap map[netutils.LocalPort]netutils.Closeable) { - for k, v := range replacementPortsMap { - // Only close newly opened local ports - leave ones that were open before this update - if originalPortsMap[k] == nil { - klog.V(2).InfoS("Closing local port", "port", k.String()) - v.Close() - } - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/doc.go deleted file mode 100644 index cd8e000dd6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package core contains modules that interface with the core api group -package core // import "k8s.io/kubernetes/pkg/quota/v1/evaluator/core" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/persistent_volume_claims.go b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/persistent_volume_claims.go deleted file mode 100644 index 059dd6d154..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/persistent_volume_claims.go +++ /dev/null @@ -1,237 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/apiserver/pkg/quota/v1/generic" - utilfeature "k8s.io/apiserver/pkg/util/feature" - storagehelpers "k8s.io/component-helpers/storage/volume" - api "k8s.io/kubernetes/pkg/apis/core" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" - k8sfeatures "k8s.io/kubernetes/pkg/features" -) - -// the name used for object count quota -var pvcObjectCountName = generic.ObjectCountQuotaResourceNameFor(corev1.SchemeGroupVersion.WithResource("persistentvolumeclaims").GroupResource()) - -// pvcResources are the set of static resources managed by quota associated with pvcs. -// for each resource in this list, it may be refined dynamically based on storage class. -var pvcResources = []corev1.ResourceName{ - corev1.ResourcePersistentVolumeClaims, - corev1.ResourceRequestsStorage, -} - -// storageClassSuffix is the suffix to the qualified portion of storage class resource name. -// For example, if you want to quota storage by storage class, you would have a declaration -// that follows <storage-class>.storageclass.storage.k8s.io/<resource>. -// For example: -// * gold.storageclass.storage.k8s.io/: 500Gi -// * bronze.storageclass.storage.k8s.io/requests.storage: 500Gi -const storageClassSuffix string = ".storageclass.storage.k8s.io/" - -/* TODO: prune? -// ResourceByStorageClass returns a quota resource name by storage class. -func ResourceByStorageClass(storageClass string, resourceName corev1.ResourceName) corev1.ResourceName { - return corev1.ResourceName(string(storageClass + storageClassSuffix + string(resourceName))) -} -*/ - -// V1ResourceByStorageClass returns a quota resource name by storage class. -func V1ResourceByStorageClass(storageClass string, resourceName corev1.ResourceName) corev1.ResourceName { - return corev1.ResourceName(string(storageClass + storageClassSuffix + string(resourceName))) -} - -// NewPersistentVolumeClaimEvaluator returns an evaluator that can evaluate persistent volume claims -func NewPersistentVolumeClaimEvaluator(f quota.ListerForResourceFunc) quota.Evaluator { - listFuncByNamespace := generic.ListResourceUsingListerFunc(f, corev1.SchemeGroupVersion.WithResource("persistentvolumeclaims")) - pvcEvaluator := &pvcEvaluator{listFuncByNamespace: listFuncByNamespace} - return pvcEvaluator -} - -// pvcEvaluator knows how to evaluate quota usage for persistent volume claims -type pvcEvaluator struct { - // listFuncByNamespace knows how to list pvc claims - listFuncByNamespace generic.ListFuncByNamespace -} - -// Constraints verifies that all required resources are present on the item. -func (p *pvcEvaluator) Constraints(required []corev1.ResourceName, item runtime.Object) error { - // no-op for persistent volume claims - return nil -} - -// GroupResource that this evaluator tracks -func (p *pvcEvaluator) GroupResource() schema.GroupResource { - return corev1.SchemeGroupVersion.WithResource("persistentvolumeclaims").GroupResource() -} - -// Handles returns true if the evaluator should handle the specified operation. -func (p *pvcEvaluator) Handles(a admission.Attributes) bool { - op := a.GetOperation() - if op == admission.Create { - return true - } - if op == admission.Update { - return true - } - return false -} - -// Matches returns true if the evaluator matches the specified quota with the provided input item -func (p *pvcEvaluator) Matches(resourceQuota *corev1.ResourceQuota, item runtime.Object) (bool, error) { - return generic.Matches(resourceQuota, item, p.MatchingResources, generic.MatchesNoScopeFunc) -} - -// MatchingScopes takes the input specified list of scopes and input object. Returns the set of scopes resource matches. -func (p *pvcEvaluator) MatchingScopes(item runtime.Object, scopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - return []corev1.ScopedResourceSelectorRequirement{}, nil -} - -// UncoveredQuotaScopes takes the input matched scopes which are limited by configuration and the matched quota scopes. -// It returns the scopes which are in limited scopes but don't have a corresponding covering quota scope -func (p *pvcEvaluator) UncoveredQuotaScopes(limitedScopes []corev1.ScopedResourceSelectorRequirement, matchedQuotaScopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - return []corev1.ScopedResourceSelectorRequirement{}, nil -} - -// MatchingResources takes the input specified list of resources and returns the set of resources it matches. -func (p *pvcEvaluator) MatchingResources(items []corev1.ResourceName) []corev1.ResourceName { - result := []corev1.ResourceName{} - for _, item := range items { - // match object count quota fields - if quota.Contains([]corev1.ResourceName{pvcObjectCountName}, item) { - result = append(result, item) - continue - } - // match pvc resources - if quota.Contains(pvcResources, item) { - result = append(result, item) - continue - } - // match pvc resources scoped by storage class (<storage-class-name>.storageclass.storage.k8s.io/<resource>) - for _, resource := range pvcResources { - byStorageClass := storageClassSuffix + string(resource) - if strings.HasSuffix(string(item), byStorageClass) { - result = append(result, item) - break - } - } - } - return result -} - -// Usage knows how to measure usage associated with item. -func (p *pvcEvaluator) Usage(item runtime.Object) (corev1.ResourceList, error) { - result := corev1.ResourceList{} - pvc, err := toExternalPersistentVolumeClaimOrError(item) - if err != nil { - return result, err - } - - // charge for claim - result[corev1.ResourcePersistentVolumeClaims] = *(resource.NewQuantity(1, resource.DecimalSI)) - result[pvcObjectCountName] = *(resource.NewQuantity(1, resource.DecimalSI)) - storageClassRef := storagehelpers.GetPersistentVolumeClaimClass(pvc) - if len(storageClassRef) > 0 { - storageClassClaim := corev1.ResourceName(storageClassRef + storageClassSuffix + string(corev1.ResourcePersistentVolumeClaims)) - result[storageClassClaim] = *(resource.NewQuantity(1, resource.DecimalSI)) - } - - requestedStorage := p.getStorageUsage(pvc) - if requestedStorage != nil { - result[corev1.ResourceRequestsStorage] = *requestedStorage - // charge usage to the storage class (if present) - if len(storageClassRef) > 0 { - storageClassStorage := corev1.ResourceName(storageClassRef + storageClassSuffix + string(corev1.ResourceRequestsStorage)) - result[storageClassStorage] = *requestedStorage - } - } - - return result, nil -} - -func (p *pvcEvaluator) getStorageUsage(pvc *corev1.PersistentVolumeClaim) *resource.Quantity { - var result *resource.Quantity - roundUpFunc := func(i *resource.Quantity) *resource.Quantity { - roundedRequest := i.DeepCopy() - if !roundedRequest.RoundUp(0) { - // Ensure storage requests are counted as whole byte values, to pass resourcequota validation. - // See https://issue.k8s.io/94313 - return &roundedRequest - } - return i - } - - if userRequest, ok := pvc.Spec.Resources.Requests[corev1.ResourceStorage]; ok { - result = roundUpFunc(&userRequest) - } - - if utilfeature.DefaultFeatureGate.Enabled(k8sfeatures.RecoverVolumeExpansionFailure) && result != nil { - if len(pvc.Status.AllocatedResources) == 0 { - return result - } - - // if AllocatedResources is set and is greater than user request, we should use it. - if allocatedRequest, ok := pvc.Status.AllocatedResources[corev1.ResourceStorage]; ok { - if allocatedRequest.Cmp(*result) > 0 { - result = roundUpFunc(&allocatedRequest) - } - } - } - return result -} - -// UsageStats calculates aggregate usage for the object. -func (p *pvcEvaluator) UsageStats(options quota.UsageStatsOptions) (quota.UsageStats, error) { - return generic.CalculateUsageStats(options, p.listFuncByNamespace, generic.MatchesNoScopeFunc, p.Usage) -} - -// ensure we implement required interface -var _ quota.Evaluator = &pvcEvaluator{} - -func toExternalPersistentVolumeClaimOrError(obj runtime.Object) (*corev1.PersistentVolumeClaim, error) { - pvc := &corev1.PersistentVolumeClaim{} - switch t := obj.(type) { - case *corev1.PersistentVolumeClaim: - pvc = t - case *api.PersistentVolumeClaim: - if err := k8s_api_v1.Convert_core_PersistentVolumeClaim_To_v1_PersistentVolumeClaim(t, pvc, nil); err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("expect *api.PersistentVolumeClaim or *v1.PersistentVolumeClaim, got %v", t) - } - return pvc, nil -} - -// RequiresQuotaReplenish enables quota monitoring for PVCs. -func RequiresQuotaReplenish(pvc, oldPVC *corev1.PersistentVolumeClaim) bool { - if utilfeature.DefaultFeatureGate.Enabled(k8sfeatures.RecoverVolumeExpansionFailure) { - if oldPVC.Status.AllocatedResources.Storage() != pvc.Status.AllocatedResources.Storage() { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go deleted file mode 100644 index f85fbde45d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/pods.go +++ /dev/null @@ -1,472 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import ( - "fmt" - "strings" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/apiserver/pkg/quota/v1/generic" - api "k8s.io/kubernetes/pkg/apis/core" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" - "k8s.io/kubernetes/pkg/apis/core/v1/helper" - "k8s.io/kubernetes/pkg/apis/core/v1/helper/qos" - "k8s.io/utils/clock" -) - -// the name used for object count quota -var podObjectCountName = generic.ObjectCountQuotaResourceNameFor(corev1.SchemeGroupVersion.WithResource("pods").GroupResource()) - -// podResources are the set of resources managed by quota associated with pods. -var podResources = []corev1.ResourceName{ - podObjectCountName, - corev1.ResourceCPU, - corev1.ResourceMemory, - corev1.ResourceEphemeralStorage, - corev1.ResourceRequestsCPU, - corev1.ResourceRequestsMemory, - corev1.ResourceRequestsEphemeralStorage, - corev1.ResourceLimitsCPU, - corev1.ResourceLimitsMemory, - corev1.ResourceLimitsEphemeralStorage, - corev1.ResourcePods, -} - -// podResourcePrefixes are the set of prefixes for resources (Hugepages, and other -// potential extended resources with specific prefix) managed by quota associated with pods. -var podResourcePrefixes = []string{ - corev1.ResourceHugePagesPrefix, - corev1.ResourceRequestsHugePagesPrefix, -} - -// requestedResourcePrefixes are the set of prefixes for resources -// that might be declared in pod's Resources.Requests/Limits -var requestedResourcePrefixes = []string{ - corev1.ResourceHugePagesPrefix, -} - -// maskResourceWithPrefix mask resource with certain prefix -// e.g. hugepages-XXX -> requests.hugepages-XXX -func maskResourceWithPrefix(resource corev1.ResourceName, prefix string) corev1.ResourceName { - return corev1.ResourceName(fmt.Sprintf("%s%s", prefix, string(resource))) -} - -// isExtendedResourceNameForQuota returns true if the extended resource name -// has the quota related resource prefix. -func isExtendedResourceNameForQuota(name corev1.ResourceName) bool { - // As overcommit is not supported by extended resources for now, - // only quota objects in format of "requests.resourceName" is allowed. - return !helper.IsNativeResource(name) && strings.HasPrefix(string(name), corev1.DefaultResourceRequestsPrefix) -} - -// NOTE: it was a mistake, but if a quota tracks cpu or memory related resources, -// the incoming pod is required to have those values set. we should not repeat -// this mistake for other future resources (gpus, ephemeral-storage,etc). -// do not add more resources to this list! -var validationSet = sets.NewString( - string(corev1.ResourceCPU), - string(corev1.ResourceMemory), - string(corev1.ResourceRequestsCPU), - string(corev1.ResourceRequestsMemory), - string(corev1.ResourceLimitsCPU), - string(corev1.ResourceLimitsMemory), -) - -// NewPodEvaluator returns an evaluator that can evaluate pods -func NewPodEvaluator(f quota.ListerForResourceFunc, clock clock.Clock) quota.Evaluator { - listFuncByNamespace := generic.ListResourceUsingListerFunc(f, corev1.SchemeGroupVersion.WithResource("pods")) - podEvaluator := &podEvaluator{listFuncByNamespace: listFuncByNamespace, clock: clock} - return podEvaluator -} - -// podEvaluator knows how to measure usage of pods. -type podEvaluator struct { - // knows how to list pods - listFuncByNamespace generic.ListFuncByNamespace - // used to track time - clock clock.Clock -} - -// Constraints verifies that all required resources are present on the pod -// In addition, it validates that the resources are valid (i.e. requests < limits) -func (p *podEvaluator) Constraints(required []corev1.ResourceName, item runtime.Object) error { - pod, err := toExternalPodOrError(item) - if err != nil { - return err - } - - // BACKWARD COMPATIBILITY REQUIREMENT: if we quota cpu or memory, then each container - // must make an explicit request for the resource. this was a mistake. it coupled - // validation with resource counting, but we did this before QoS was even defined. - // let's not make that mistake again with other resources now that QoS is defined. - requiredSet := quota.ToSet(required).Intersection(validationSet) - missingSetResourceToContainerNames := make(map[string]sets.String) - for i := range pod.Spec.Containers { - enforcePodContainerConstraints(&pod.Spec.Containers[i], requiredSet, missingSetResourceToContainerNames) - } - for i := range pod.Spec.InitContainers { - enforcePodContainerConstraints(&pod.Spec.InitContainers[i], requiredSet, missingSetResourceToContainerNames) - } - if len(missingSetResourceToContainerNames) == 0 { - return nil - } - var resources = sets.NewString() - for resource := range missingSetResourceToContainerNames { - resources.Insert(resource) - } - var errorMessages = make([]string, 0, len(missingSetResourceToContainerNames)) - for _, resource := range resources.List() { - errorMessages = append(errorMessages, fmt.Sprintf("%s for: %s", resource, strings.Join(missingSetResourceToContainerNames[resource].List(), ","))) - } - return fmt.Errorf("must specify %s", strings.Join(errorMessages, "; ")) -} - -// GroupResource that this evaluator tracks -func (p *podEvaluator) GroupResource() schema.GroupResource { - return corev1.SchemeGroupVersion.WithResource("pods").GroupResource() -} - -// Handles returns true if the evaluator should handle the specified attributes. -func (p *podEvaluator) Handles(a admission.Attributes) bool { - op := a.GetOperation() - if op == admission.Create { - return true - } - return false -} - -// Matches returns true if the evaluator matches the specified quota with the provided input item -func (p *podEvaluator) Matches(resourceQuota *corev1.ResourceQuota, item runtime.Object) (bool, error) { - return generic.Matches(resourceQuota, item, p.MatchingResources, podMatchesScopeFunc) -} - -// MatchingResources takes the input specified list of resources and returns the set of resources it matches. -func (p *podEvaluator) MatchingResources(input []corev1.ResourceName) []corev1.ResourceName { - result := quota.Intersection(input, podResources) - for _, resource := range input { - // for resources with certain prefix, e.g. hugepages - if quota.ContainsPrefix(podResourcePrefixes, resource) { - result = append(result, resource) - } - // for extended resources - if isExtendedResourceNameForQuota(resource) { - result = append(result, resource) - } - } - - return result -} - -// MatchingScopes takes the input specified list of scopes and pod object. Returns the set of scope selectors pod matches. -func (p *podEvaluator) MatchingScopes(item runtime.Object, scopeSelectors []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - matchedScopes := []corev1.ScopedResourceSelectorRequirement{} - for _, selector := range scopeSelectors { - match, err := podMatchesScopeFunc(selector, item) - if err != nil { - return []corev1.ScopedResourceSelectorRequirement{}, fmt.Errorf("error on matching scope %v: %v", selector, err) - } - if match { - matchedScopes = append(matchedScopes, selector) - } - } - return matchedScopes, nil -} - -// UncoveredQuotaScopes takes the input matched scopes which are limited by configuration and the matched quota scopes. -// It returns the scopes which are in limited scopes but don't have a corresponding covering quota scope -func (p *podEvaluator) UncoveredQuotaScopes(limitedScopes []corev1.ScopedResourceSelectorRequirement, matchedQuotaScopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - uncoveredScopes := []corev1.ScopedResourceSelectorRequirement{} - for _, selector := range limitedScopes { - isCovered := false - for _, matchedScopeSelector := range matchedQuotaScopes { - if matchedScopeSelector.ScopeName == selector.ScopeName { - isCovered = true - break - } - } - - if !isCovered { - uncoveredScopes = append(uncoveredScopes, selector) - } - } - return uncoveredScopes, nil -} - -// Usage knows how to measure usage associated with pods -func (p *podEvaluator) Usage(item runtime.Object) (corev1.ResourceList, error) { - // delegate to normal usage - return PodUsageFunc(item, p.clock) -} - -// UsageStats calculates aggregate usage for the object. -func (p *podEvaluator) UsageStats(options quota.UsageStatsOptions) (quota.UsageStats, error) { - return generic.CalculateUsageStats(options, p.listFuncByNamespace, podMatchesScopeFunc, p.Usage) -} - -// verifies we implement the required interface. -var _ quota.Evaluator = &podEvaluator{} - -// enforcePodContainerConstraints checks for required resources that are not set on this container and -// adds them to missingSet. -func enforcePodContainerConstraints(container *corev1.Container, requiredSet sets.String, missingSetResourceToContainerNames map[string]sets.String) { - requests := container.Resources.Requests - limits := container.Resources.Limits - containerUsage := podComputeUsageHelper(requests, limits) - containerSet := quota.ToSet(quota.ResourceNames(containerUsage)) - if !containerSet.Equal(requiredSet) { - if difference := requiredSet.Difference(containerSet); difference.Len() != 0 { - for _, diff := range difference.List() { - if _, ok := missingSetResourceToContainerNames[diff]; !ok { - missingSetResourceToContainerNames[diff] = sets.NewString(container.Name) - } else { - missingSetResourceToContainerNames[diff].Insert(container.Name) - } - } - } - } -} - -// podComputeUsageHelper can summarize the pod compute quota usage based on requests and limits -func podComputeUsageHelper(requests corev1.ResourceList, limits corev1.ResourceList) corev1.ResourceList { - result := corev1.ResourceList{} - result[corev1.ResourcePods] = resource.MustParse("1") - if request, found := requests[corev1.ResourceCPU]; found { - result[corev1.ResourceCPU] = request - result[corev1.ResourceRequestsCPU] = request - } - if limit, found := limits[corev1.ResourceCPU]; found { - result[corev1.ResourceLimitsCPU] = limit - } - if request, found := requests[corev1.ResourceMemory]; found { - result[corev1.ResourceMemory] = request - result[corev1.ResourceRequestsMemory] = request - } - if limit, found := limits[corev1.ResourceMemory]; found { - result[corev1.ResourceLimitsMemory] = limit - } - if request, found := requests[corev1.ResourceEphemeralStorage]; found { - result[corev1.ResourceEphemeralStorage] = request - result[corev1.ResourceRequestsEphemeralStorage] = request - } - if limit, found := limits[corev1.ResourceEphemeralStorage]; found { - result[corev1.ResourceLimitsEphemeralStorage] = limit - } - for resource, request := range requests { - // for resources with certain prefix, e.g. hugepages - if quota.ContainsPrefix(requestedResourcePrefixes, resource) { - result[resource] = request - result[maskResourceWithPrefix(resource, corev1.DefaultResourceRequestsPrefix)] = request - } - // for extended resources - if helper.IsExtendedResourceName(resource) { - // only quota objects in format of "requests.resourceName" is allowed for extended resource. - result[maskResourceWithPrefix(resource, corev1.DefaultResourceRequestsPrefix)] = request - } - } - - return result -} - -func toExternalPodOrError(obj runtime.Object) (*corev1.Pod, error) { - pod := &corev1.Pod{} - switch t := obj.(type) { - case *corev1.Pod: - pod = t - case *api.Pod: - if err := k8s_api_v1.Convert_core_Pod_To_v1_Pod(t, pod, nil); err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("expect *api.Pod or *v1.Pod, got %v", t) - } - return pod, nil -} - -// podMatchesScopeFunc is a function that knows how to evaluate if a pod matches a scope -func podMatchesScopeFunc(selector corev1.ScopedResourceSelectorRequirement, object runtime.Object) (bool, error) { - pod, err := toExternalPodOrError(object) - if err != nil { - return false, err - } - switch selector.ScopeName { - case corev1.ResourceQuotaScopeTerminating: - return isTerminating(pod), nil - case corev1.ResourceQuotaScopeNotTerminating: - return !isTerminating(pod), nil - case corev1.ResourceQuotaScopeBestEffort: - return isBestEffort(pod), nil - case corev1.ResourceQuotaScopeNotBestEffort: - return !isBestEffort(pod), nil - case corev1.ResourceQuotaScopePriorityClass: - return podMatchesSelector(pod, selector) - case corev1.ResourceQuotaScopeCrossNamespacePodAffinity: - return usesCrossNamespacePodAffinity(pod), nil - } - return false, nil -} - -// PodUsageFunc returns the quota usage for a pod. -// A pod is charged for quota if the following are not true. -// - pod has a terminal phase (failed or succeeded) -// - pod has been marked for deletion and grace period has expired -func PodUsageFunc(obj runtime.Object, clock clock.Clock) (corev1.ResourceList, error) { - pod, err := toExternalPodOrError(obj) - if err != nil { - return corev1.ResourceList{}, err - } - - // always quota the object count (even if the pod is end of life) - // object count quotas track all objects that are in storage. - // where "pods" tracks all pods that have not reached a terminal state, - // count/pods tracks all pods independent of state. - result := corev1.ResourceList{ - podObjectCountName: *(resource.NewQuantity(1, resource.DecimalSI)), - } - - // by convention, we do not quota compute resources that have reached end-of life - // note: the "pods" resource is considered a compute resource since it is tied to life-cycle. - if !QuotaV1Pod(pod, clock) { - return result, nil - } - - requests := corev1.ResourceList{} - limits := corev1.ResourceList{} - // TODO: ideally, we have pod level requests and limits in the future. - for i := range pod.Spec.Containers { - requests = quota.Add(requests, pod.Spec.Containers[i].Resources.Requests) - limits = quota.Add(limits, pod.Spec.Containers[i].Resources.Limits) - } - // InitContainers are run sequentially before other containers start, so the highest - // init container resource is compared against the sum of app containers to determine - // the effective usage for both requests and limits. - for i := range pod.Spec.InitContainers { - requests = quota.Max(requests, pod.Spec.InitContainers[i].Resources.Requests) - limits = quota.Max(limits, pod.Spec.InitContainers[i].Resources.Limits) - } - - requests = quota.Add(requests, pod.Spec.Overhead) - limits = quota.Add(limits, pod.Spec.Overhead) - - result = quota.Add(result, podComputeUsageHelper(requests, limits)) - return result, nil -} - -func isBestEffort(pod *corev1.Pod) bool { - return qos.GetPodQOS(pod) == corev1.PodQOSBestEffort -} - -func isTerminating(pod *corev1.Pod) bool { - if pod.Spec.ActiveDeadlineSeconds != nil && *pod.Spec.ActiveDeadlineSeconds >= int64(0) { - return true - } - return false -} - -func podMatchesSelector(pod *corev1.Pod, selector corev1.ScopedResourceSelectorRequirement) (bool, error) { - labelSelector, err := helper.ScopedResourceSelectorRequirementsAsSelector(selector) - if err != nil { - return false, fmt.Errorf("failed to parse and convert selector: %v", err) - } - var m map[string]string - if len(pod.Spec.PriorityClassName) != 0 { - m = map[string]string{string(corev1.ResourceQuotaScopePriorityClass): pod.Spec.PriorityClassName} - } - if labelSelector.Matches(labels.Set(m)) { - return true, nil - } - return false, nil -} - -func crossNamespacePodAffinityTerm(term *corev1.PodAffinityTerm) bool { - return len(term.Namespaces) != 0 || term.NamespaceSelector != nil -} - -func crossNamespacePodAffinityTerms(terms []corev1.PodAffinityTerm) bool { - for _, t := range terms { - if crossNamespacePodAffinityTerm(&t) { - return true - } - } - return false -} - -func crossNamespaceWeightedPodAffinityTerms(terms []corev1.WeightedPodAffinityTerm) bool { - for _, t := range terms { - if crossNamespacePodAffinityTerm(&t.PodAffinityTerm) { - return true - } - } - return false -} - -func usesCrossNamespacePodAffinity(pod *corev1.Pod) bool { - if pod == nil || pod.Spec.Affinity == nil { - return false - } - - affinity := pod.Spec.Affinity.PodAffinity - if affinity != nil { - if crossNamespacePodAffinityTerms(affinity.RequiredDuringSchedulingIgnoredDuringExecution) { - return true - } - if crossNamespaceWeightedPodAffinityTerms(affinity.PreferredDuringSchedulingIgnoredDuringExecution) { - return true - } - } - - antiAffinity := pod.Spec.Affinity.PodAntiAffinity - if antiAffinity != nil { - if crossNamespacePodAffinityTerms(antiAffinity.RequiredDuringSchedulingIgnoredDuringExecution) { - return true - } - if crossNamespaceWeightedPodAffinityTerms(antiAffinity.PreferredDuringSchedulingIgnoredDuringExecution) { - return true - } - } - - return false -} - -// QuotaV1Pod returns true if the pod is eligible to track against a quota -// if it's not in a terminal state according to its phase. -func QuotaV1Pod(pod *corev1.Pod, clock clock.Clock) bool { - // if pod is terminal, ignore it for quota - if corev1.PodFailed == pod.Status.Phase || corev1.PodSucceeded == pod.Status.Phase { - return false - } - // if pods are stuck terminating (for example, a node is lost), we do not want - // to charge the user for that pod in quota because it could prevent them from - // scaling up new pods to service their application. - if pod.DeletionTimestamp != nil && pod.DeletionGracePeriodSeconds != nil { - now := clock.Now() - deletionTime := pod.DeletionTimestamp.Time - gracePeriod := time.Duration(*pod.DeletionGracePeriodSeconds) * time.Second - if now.After(deletionTime.Add(gracePeriod)) { - return false - } - } - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/registry.go b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/registry.go deleted file mode 100644 index e6ee598539..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/registry.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import ( - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/apiserver/pkg/quota/v1/generic" - "k8s.io/utils/clock" -) - -// legacyObjectCountAliases are what we used to do simple object counting quota with mapped to alias -var legacyObjectCountAliases = map[schema.GroupVersionResource]corev1.ResourceName{ - corev1.SchemeGroupVersion.WithResource("configmaps"): corev1.ResourceConfigMaps, - corev1.SchemeGroupVersion.WithResource("resourcequotas"): corev1.ResourceQuotas, - corev1.SchemeGroupVersion.WithResource("replicationcontrollers"): corev1.ResourceReplicationControllers, - corev1.SchemeGroupVersion.WithResource("secrets"): corev1.ResourceSecrets, -} - -// NewEvaluators returns the list of static evaluators that manage more than counts -func NewEvaluators(f quota.ListerForResourceFunc) []quota.Evaluator { - // these evaluators have special logic - result := []quota.Evaluator{ - NewPodEvaluator(f, clock.RealClock{}), - NewServiceEvaluator(f), - NewPersistentVolumeClaimEvaluator(f), - } - // these evaluators require an alias for backwards compatibility - for gvr, alias := range legacyObjectCountAliases { - result = append(result, - generic.NewObjectCountEvaluator(gvr.GroupResource(), generic.ListResourceUsingListerFunc(f, gvr), alias)) - } - return result -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/services.go b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/services.go deleted file mode 100644 index b681a853ac..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/evaluator/core/services.go +++ /dev/null @@ -1,173 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package core - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/apiserver/pkg/quota/v1/generic" - api "k8s.io/kubernetes/pkg/apis/core" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" -) - -// the name used for object count quota -var serviceObjectCountName = generic.ObjectCountQuotaResourceNameFor(corev1.SchemeGroupVersion.WithResource("services").GroupResource()) - -// serviceResources are the set of resources managed by quota associated with services. -var serviceResources = []corev1.ResourceName{ - serviceObjectCountName, - corev1.ResourceServices, - corev1.ResourceServicesNodePorts, - corev1.ResourceServicesLoadBalancers, -} - -// NewServiceEvaluator returns an evaluator that can evaluate services. -func NewServiceEvaluator(f quota.ListerForResourceFunc) quota.Evaluator { - listFuncByNamespace := generic.ListResourceUsingListerFunc(f, corev1.SchemeGroupVersion.WithResource("services")) - serviceEvaluator := &serviceEvaluator{listFuncByNamespace: listFuncByNamespace} - return serviceEvaluator -} - -// serviceEvaluator knows how to measure usage for services. -type serviceEvaluator struct { - // knows how to list items by namespace - listFuncByNamespace generic.ListFuncByNamespace -} - -// Constraints verifies that all required resources are present on the item -func (p *serviceEvaluator) Constraints(required []corev1.ResourceName, item runtime.Object) error { - // this is a no-op for services - return nil -} - -// GroupResource that this evaluator tracks -func (p *serviceEvaluator) GroupResource() schema.GroupResource { - return corev1.SchemeGroupVersion.WithResource("services").GroupResource() -} - -// Handles returns true of the evaluator should handle the specified operation. -func (p *serviceEvaluator) Handles(a admission.Attributes) bool { - operation := a.GetOperation() - // We handle create and update because a service type can change. - return admission.Create == operation || admission.Update == operation -} - -// Matches returns true if the evaluator matches the specified quota with the provided input item -func (p *serviceEvaluator) Matches(resourceQuota *corev1.ResourceQuota, item runtime.Object) (bool, error) { - return generic.Matches(resourceQuota, item, p.MatchingResources, generic.MatchesNoScopeFunc) -} - -// MatchingResources takes the input specified list of resources and returns the set of resources it matches. -func (p *serviceEvaluator) MatchingResources(input []corev1.ResourceName) []corev1.ResourceName { - return quota.Intersection(input, serviceResources) -} - -// MatchingScopes takes the input specified list of scopes and input object. Returns the set of scopes resource matches. -func (p *serviceEvaluator) MatchingScopes(item runtime.Object, scopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - return []corev1.ScopedResourceSelectorRequirement{}, nil -} - -// UncoveredQuotaScopes takes the input matched scopes which are limited by configuration and the matched quota scopes. -// It returns the scopes which are in limited scopes but don't have a corresponding covering quota scope -func (p *serviceEvaluator) UncoveredQuotaScopes(limitedScopes []corev1.ScopedResourceSelectorRequirement, matchedQuotaScopes []corev1.ScopedResourceSelectorRequirement) ([]corev1.ScopedResourceSelectorRequirement, error) { - return []corev1.ScopedResourceSelectorRequirement{}, nil -} - -// convert the input object to an internal service object or error. -func toExternalServiceOrError(obj runtime.Object) (*corev1.Service, error) { - svc := &corev1.Service{} - switch t := obj.(type) { - case *corev1.Service: - svc = t - case *api.Service: - if err := k8s_api_v1.Convert_core_Service_To_v1_Service(t, svc, nil); err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("expect *api.Service or *v1.Service, got %v", t) - } - return svc, nil -} - -// Usage knows how to measure usage associated with services -func (p *serviceEvaluator) Usage(item runtime.Object) (corev1.ResourceList, error) { - result := corev1.ResourceList{} - svc, err := toExternalServiceOrError(item) - if err != nil { - return result, err - } - ports := len(svc.Spec.Ports) - // default service usage - result[serviceObjectCountName] = *(resource.NewQuantity(1, resource.DecimalSI)) - result[corev1.ResourceServices] = *(resource.NewQuantity(1, resource.DecimalSI)) - result[corev1.ResourceServicesLoadBalancers] = resource.Quantity{Format: resource.DecimalSI} - result[corev1.ResourceServicesNodePorts] = resource.Quantity{Format: resource.DecimalSI} - switch svc.Spec.Type { - case corev1.ServiceTypeNodePort: - // node port services need to count node ports - value := resource.NewQuantity(int64(ports), resource.DecimalSI) - result[corev1.ResourceServicesNodePorts] = *value - case corev1.ServiceTypeLoadBalancer: - // load balancer services need to count node ports. If creation of node ports - // is suppressed only ports with explicit NodePort values are counted. - // nodeports won't be allocated yet, so we can't simply count the actual values. - // We need to look at the intent. - if svc.Spec.AllocateLoadBalancerNodePorts != nil && - *svc.Spec.AllocateLoadBalancerNodePorts == false { - result[corev1.ResourceServicesNodePorts] = *portsWithNodePorts(svc) - } else { - value := resource.NewQuantity(int64(ports), resource.DecimalSI) - result[corev1.ResourceServicesNodePorts] = *value - } - result[corev1.ResourceServicesLoadBalancers] = *(resource.NewQuantity(1, resource.DecimalSI)) - } - return result, nil -} - -func portsWithNodePorts(svc *corev1.Service) *resource.Quantity { - count := 0 - for _, p := range svc.Spec.Ports { - if p.NodePort != 0 { - count++ - } - } - return resource.NewQuantity(int64(count), resource.DecimalSI) -} - -// UsageStats calculates aggregate usage for the object. -func (p *serviceEvaluator) UsageStats(options quota.UsageStatsOptions) (quota.UsageStats, error) { - return generic.CalculateUsageStats(options, p.listFuncByNamespace, generic.MatchesNoScopeFunc, p.Usage) -} - -var _ quota.Evaluator = &serviceEvaluator{} - -// GetQuotaServiceType returns ServiceType if the service type is eligible to track against a quota, nor return "" -func GetQuotaServiceType(service *corev1.Service) corev1.ServiceType { - switch service.Spec.Type { - case corev1.ServiceTypeNodePort: - return corev1.ServiceTypeNodePort - case corev1.ServiceTypeLoadBalancer: - return corev1.ServiceTypeLoadBalancer - } - return corev1.ServiceType("") -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/OWNERS deleted file mode 100644 index 05ce8bf5e7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - derekwaynecarr diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/registry.go b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/registry.go deleted file mode 100644 index 15d41ffaae..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/registry.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package install - -import ( - eventv1 "k8s.io/api/events/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - quota "k8s.io/apiserver/pkg/quota/v1" - "k8s.io/apiserver/pkg/quota/v1/generic" - "k8s.io/kubernetes/pkg/apis/authentication" - "k8s.io/kubernetes/pkg/apis/authorization" - "k8s.io/kubernetes/pkg/quota/v1/evaluator/core" -) - -// NewQuotaConfigurationForAdmission returns a quota configuration for admission control. -func NewQuotaConfigurationForAdmission() quota.Configuration { - evaluators := core.NewEvaluators(nil) - return generic.NewConfiguration(evaluators, DefaultIgnoredResources()) -} - -// NewQuotaConfigurationForControllers returns a quota configuration for controllers. -func NewQuotaConfigurationForControllers(f quota.ListerForResourceFunc) quota.Configuration { - evaluators := core.NewEvaluators(f) - return generic.NewConfiguration(evaluators, DefaultIgnoredResources()) -} - -// ignoredResources are ignored by quota by default -var ignoredResources = map[schema.GroupResource]struct{}{ - // virtual resources that aren't stored and shouldn't be quota-ed - {Group: "", Resource: "bindings"}: {}, - {Group: "", Resource: "componentstatuses"}: {}, - {Group: authentication.GroupName, Resource: "tokenreviews"}: {}, - {Group: authentication.GroupName, Resource: "selfsubjectreviews"}: {}, - {Group: authorization.GroupName, Resource: "subjectaccessreviews"}: {}, - {Group: authorization.GroupName, Resource: "selfsubjectaccessreviews"}: {}, - {Group: authorization.GroupName, Resource: "localsubjectaccessreviews"}: {}, - {Group: authorization.GroupName, Resource: "selfsubjectrulesreviews"}: {}, - - // events haven't been quota-ed before - {Group: "", Resource: "events"}: {}, - {Group: eventv1.GroupName, Resource: "events"}: {}, -} - -// DefaultIgnoredResources returns the default set of resources that quota system -// should ignore. This is exposed so downstream integrators can have access to them. -func DefaultIgnoredResources() map[schema.GroupResource]struct{} { - return ignoredResources -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/update_filter.go b/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/update_filter.go deleted file mode 100644 index eca16ec8fc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/quota/v1/install/update_filter.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package install - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/kubernetes/pkg/quota/v1/evaluator/core" - "k8s.io/utils/clock" -) - -// DefaultUpdateFilter returns the default update filter for resource update events for consideration for quota. -func DefaultUpdateFilter() func(resource schema.GroupVersionResource, oldObj, newObj interface{}) bool { - return func(resource schema.GroupVersionResource, oldObj, newObj interface{}) bool { - switch resource.GroupResource() { - case schema.GroupResource{Resource: "pods"}: - oldPod := oldObj.(*v1.Pod) - newPod := newObj.(*v1.Pod) - return core.QuotaV1Pod(oldPod, clock.RealClock{}) && !core.QuotaV1Pod(newPod, clock.RealClock{}) - case schema.GroupResource{Resource: "services"}: - oldService := oldObj.(*v1.Service) - newService := newObj.(*v1.Service) - return core.GetQuotaServiceType(oldService) != core.GetQuotaServiceType(newService) - case schema.GroupResource{Resource: "persistentvolumeclaims"}: - oldPVC := oldObj.(*v1.PersistentVolumeClaim) - newPVC := newObj.(*v1.PersistentVolumeClaim) - return core.RequiresQuotaReplenish(newPVC, oldPVC) - } - - return false - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/doc.go deleted file mode 100644 index 1c56651af1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mutatingwebhookconfiguration // import "k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/storage/storage.go deleted file mode 100644 index 54207b6242..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/storage/storage.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration" -) - -// REST implements a RESTStorage for mutatingWebhookConfiguration against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against mutatingWebhookConfiguration. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &admissionregistration.MutatingWebhookConfiguration{} }, - NewListFunc: func() runtime.Object { return &admissionregistration.MutatingWebhookConfigurationList{} }, - ObjectNameFunc: func(obj runtime.Object) (string, error) { - return obj.(*admissionregistration.MutatingWebhookConfiguration).Name, nil - }, - DefaultQualifiedResource: admissionregistration.Resource("mutatingwebhookconfigurations"), - - CreateStrategy: mutatingwebhookconfiguration.Strategy, - UpdateStrategy: mutatingwebhookconfiguration.Strategy, - DeleteStrategy: mutatingwebhookconfiguration.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"api-extensions"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/strategy.go deleted file mode 100644 index 0ae88c5dd6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/strategy.go +++ /dev/null @@ -1,98 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mutatingwebhookconfiguration - -import ( - "context" - "reflect" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/apis/admissionregistration/validation" -) - -// mutatingWebhookConfigurationStrategy implements verification logic for mutatingWebhookConfiguration. -type mutatingWebhookConfigurationStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating mutatingWebhookConfiguration objects. -var Strategy = mutatingWebhookConfigurationStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because MutatingWebhookConfiguration is cluster-scoped resource. -func (mutatingWebhookConfigurationStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate clears the status of an mutatingWebhookConfiguration before creation. -func (mutatingWebhookConfigurationStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - ic := obj.(*admissionregistration.MutatingWebhookConfiguration) - ic.Generation = 1 -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (mutatingWebhookConfigurationStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (mutatingWebhookConfigurationStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newIC := obj.(*admissionregistration.MutatingWebhookConfiguration) - oldIC := old.(*admissionregistration.MutatingWebhookConfiguration) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !reflect.DeepEqual(oldIC.Webhooks, newIC.Webhooks) { - newIC.Generation = oldIC.Generation + 1 - } -} - -// Validate validates a new mutatingWebhookConfiguration. -func (mutatingWebhookConfigurationStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - ic := obj.(*admissionregistration.MutatingWebhookConfiguration) - return validation.ValidateMutatingWebhookConfiguration(ic) -} - -// Canonicalize normalizes the object after validation. -func (mutatingWebhookConfigurationStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is true for mutatingWebhookConfiguration; this means you may create one with a PUT request. -func (mutatingWebhookConfigurationStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (mutatingWebhookConfigurationStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateMutatingWebhookConfigurationUpdate(obj.(*admissionregistration.MutatingWebhookConfiguration), old.(*admissionregistration.MutatingWebhookConfiguration)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (mutatingWebhookConfigurationStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for mutatingWebhookConfiguration objects. Status update should -// only be allowed if version match. -func (mutatingWebhookConfigurationStrategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/resolver/resolver.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/resolver/resolver.go deleted file mode 100644 index 2f18d01dcd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/resolver/resolver.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resolver - -import ( - "strings" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/discovery" -) - -type ResourceResolver interface { - Resolve(gvk schema.GroupVersionKind) (schema.GroupVersionResource, error) -} - -type discoveryResourceResolver struct { - client discovery.DiscoveryInterface -} - -func (d *discoveryResourceResolver) Resolve(gvk schema.GroupVersionKind) (schema.GroupVersionResource, error) { - gv := gvk.GroupVersion() - // TODO: refactor this into an efficient gvk --> gvr resolver that remembers hits and re-resolves group/version info on misses - resources, err := d.client.ServerResourcesForGroupVersion(gv.String()) - if err != nil { - return schema.GroupVersionResource{}, err - } - for _, resource := range resources.APIResources { - if resource.Kind != gvk.Kind { - // ignore unrelated kinds - continue - } - if strings.Contains(resource.Name, "/") { - // ignore subresources - continue - } - if resource.Group != "" && resource.Group != gvk.Group { - // group didn't match - continue - } - if resource.Version != "" && resource.Version != gvk.Version { - // version didn't match - continue - } - return gv.WithResource(resource.Name), nil - } - return schema.GroupVersionResource{}, &meta.NoKindMatchError{GroupKind: gvk.GroupKind(), SearchedVersions: []string{gvk.Version}} -} - -func NewDiscoveryResourceResolver(client discovery.DiscoveryInterface) (ResourceResolver, error) { - return &discoveryResourceResolver{client: client}, nil -} - -type ResourceResolverFunc func(gvk schema.GroupVersionKind) (schema.GroupVersionResource, error) - -func (f ResourceResolverFunc) Resolve(gvk schema.GroupVersionKind) (schema.GroupVersionResource, error) { - return f(gvk) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/rest/storage_apiserver.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/rest/storage_apiserver.go deleted file mode 100644 index 49dd31f028..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/rest/storage_apiserver.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/client-go/discovery" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - mutatingwebhookconfigurationstorage "k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/storage" - "k8s.io/kubernetes/pkg/registry/admissionregistration/resolver" - validatingadmissionpolicystorage "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/storage" - policybindingstorage "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/storage" - validatingwebhookconfigurationstorage "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/storage" -) - -type RESTStorageProvider struct { - Authorizer authorizer.Authorizer - DiscoveryClient discovery.DiscoveryInterface -} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(admissionregistration.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[admissionregistrationv1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[admissionregistrationv1alpha1.SchemeGroupVersion.Version] = storageMap - } - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // validatingwebhookconfigurations - if resource := "validatingwebhookconfigurations"; apiResourceConfigSource.ResourceEnabled(admissionregistrationv1.SchemeGroupVersion.WithResource(resource)) { - validatingStorage, err := validatingwebhookconfigurationstorage.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = validatingStorage - } - - // mutatingwebhookconfigurations - if resource := "mutatingwebhookconfigurations"; apiResourceConfigSource.ResourceEnabled(admissionregistrationv1.SchemeGroupVersion.WithResource(resource)) { - mutatingStorage, err := mutatingwebhookconfigurationstorage.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = mutatingStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // use a simple wrapper so that initialization order won't cause a nil getter - var policyGetter rest.Getter - - r, err := resolver.NewDiscoveryResourceResolver(p.DiscoveryClient) - if err != nil { - return storage, err - } - - // validatingadmissionpolicies - if resource := "validatingadmissionpolicies"; apiResourceConfigSource.ResourceEnabled(admissionregistrationv1alpha1.SchemeGroupVersion.WithResource(resource)) { - policyStorage, err := validatingadmissionpolicystorage.NewREST(restOptionsGetter, p.Authorizer, r) - if err != nil { - return storage, err - } - policyGetter = policyStorage - storage[resource] = policyStorage - } - - // validatingadmissionpolicybindings - if resource := "validatingadmissionpolicybindings"; apiResourceConfigSource.ResourceEnabled(admissionregistrationv1alpha1.SchemeGroupVersion.WithResource(resource)) { - policyBindingStorage, err := policybindingstorage.NewREST(restOptionsGetter, p.Authorizer, &policybindingstorage.DefaultPolicyGetter{Getter: policyGetter}, r) - if err != nil { - return storage, err - } - storage[resource] = policyBindingStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return admissionregistration.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/authz.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/authz.go deleted file mode 100644 index 772d3a000c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/authz.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - rbacregistry "k8s.io/kubernetes/pkg/registry/rbac" -) - -func (v *validatingAdmissionPolicyStrategy) authorizeCreate(ctx context.Context, obj runtime.Object) error { - policy := obj.(*admissionregistration.ValidatingAdmissionPolicy) - if policy.Spec.ParamKind == nil { - // no paramRef in new object - return nil - } - - return v.authorize(ctx, policy) -} - -func (v *validatingAdmissionPolicyStrategy) authorizeUpdate(ctx context.Context, obj, old runtime.Object) error { - policy := obj.(*admissionregistration.ValidatingAdmissionPolicy) - if policy.Spec.ParamKind == nil { - // no paramRef in new object - return nil - } - - oldPolicy := old.(*admissionregistration.ValidatingAdmissionPolicy) - if oldPolicy.Spec.ParamKind != nil && *oldPolicy.Spec.ParamKind == *policy.Spec.ParamKind { - // identical paramKind to old object - return nil - } - - return v.authorize(ctx, policy) -} - -func (v *validatingAdmissionPolicyStrategy) authorize(ctx context.Context, policy *admissionregistration.ValidatingAdmissionPolicy) error { - if v.authorizer == nil || policy.Spec.ParamKind == nil { - return nil - } - - // for superuser, skip all checks - if rbacregistry.EscalationAllowed(ctx) { - return nil - } - - user, ok := genericapirequest.UserFrom(ctx) - if !ok { - return fmt.Errorf("cannot identify user to authorize read access to paramKind resources") - } - - paramKind := policy.Spec.ParamKind - // default to requiring permissions on all group/version/resources - resource, apiGroup, apiVersion := "*", "*", "*" - if gv, err := schema.ParseGroupVersion(paramKind.APIVersion); err == nil { - // we only need to authorize the parsed group/version - apiGroup = gv.Group - apiVersion = gv.Version - if gvr, err := v.resourceResolver.Resolve(gv.WithKind(paramKind.Kind)); err == nil { - // we only need to authorize the resolved resource - resource = gvr.Resource - } - } - - // require that the user can read (verb "get") the referred kind. - attrs := authorizer.AttributesRecord{ - User: user, - Verb: "get", - ResourceRequest: true, - Name: "*", - Namespace: "*", - APIGroup: apiGroup, - APIVersion: apiVersion, - Resource: resource, - } - - d, _, err := v.authorizer.Authorize(ctx, attrs) - if err != nil { - return err - } - if d != authorizer.DecisionAllow { - return fmt.Errorf(`user %v must have "get" permission on all objects of the referenced paramKind (kind=%s, apiVersion=%s)`, user, paramKind.Kind, paramKind.APIVersion) - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/doc.go deleted file mode 100644 index 217ee93f46..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy // import "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/storage/storage.go deleted file mode 100644 index 2c2f765e74..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/storage/storage.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/admissionregistration/resolver" - "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy" -) - -// REST implements a RESTStorage for validatingAdmissionPolicy against etcd -type REST struct { - *genericregistry.Store -} - -var groupResource = admissionregistration.Resource("validatingadmissionpolicies") - -// NewREST returns a RESTStorage object that will work against validatingAdmissionPolicy. -func NewREST(optsGetter generic.RESTOptionsGetter, authorizer authorizer.Authorizer, resourceResolver resolver.ResourceResolver) (*REST, error) { - r := &REST{} - strategy := validatingadmissionpolicy.NewStrategy(authorizer, resourceResolver) - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &admissionregistration.ValidatingAdmissionPolicy{} }, - NewListFunc: func() runtime.Object { return &admissionregistration.ValidatingAdmissionPolicyList{} }, - ObjectNameFunc: func(obj runtime.Object) (string, error) { - return obj.(*admissionregistration.ValidatingAdmissionPolicy).Name, nil - }, - DefaultQualifiedResource: groupResource, - - CreateStrategy: strategy, - UpdateStrategy: strategy, - DeleteStrategy: strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - r.Store = store - return r, nil -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"api-extensions"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/strategy.go deleted file mode 100644 index 70bc547048..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/strategy.go +++ /dev/null @@ -1,122 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicy - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/apis/admissionregistration/validation" - "k8s.io/kubernetes/pkg/registry/admissionregistration/resolver" -) - -// validatingAdmissionPolicyStrategy implements verification logic for ValidatingAdmissionPolicy. -type validatingAdmissionPolicyStrategy struct { - runtime.ObjectTyper - names.NameGenerator - authorizer authorizer.Authorizer - resourceResolver resolver.ResourceResolver -} - -// NewStrategy is the default logic that applies when creating and updating validatingAdmissionPolicy objects. -func NewStrategy(authorizer authorizer.Authorizer, resourceResolver resolver.ResourceResolver) *validatingAdmissionPolicyStrategy { - return &validatingAdmissionPolicyStrategy{ - ObjectTyper: legacyscheme.Scheme, - NameGenerator: names.SimpleNameGenerator, - authorizer: authorizer, - resourceResolver: resourceResolver, - } -} - -// NamespaceScoped returns false because ValidatingAdmissionPolicy is cluster-scoped resource. -func (v *validatingAdmissionPolicyStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate clears the status of an validatingAdmissionPolicy before creation. -func (v *validatingAdmissionPolicyStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - ic := obj.(*admissionregistration.ValidatingAdmissionPolicy) - ic.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (v *validatingAdmissionPolicyStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newIC := obj.(*admissionregistration.ValidatingAdmissionPolicy) - oldIC := old.(*admissionregistration.ValidatingAdmissionPolicy) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldIC.Spec, newIC.Spec) { - newIC.Generation = oldIC.Generation + 1 - } -} - -// Validate validates a new validatingAdmissionPolicy. -func (v *validatingAdmissionPolicyStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - errs := validation.ValidateValidatingAdmissionPolicy(obj.(*admissionregistration.ValidatingAdmissionPolicy)) - if len(errs) == 0 { - // if the object is well-formed, also authorize the paramKind - if err := v.authorizeCreate(ctx, obj); err != nil { - errs = append(errs, field.Forbidden(field.NewPath("spec", "paramKind"), err.Error())) - } - } - return errs -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (v *validatingAdmissionPolicyStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (v *validatingAdmissionPolicyStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is true for validatingAdmissionPolicy; this means you may create one with a PUT request. -func (v *validatingAdmissionPolicyStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (v *validatingAdmissionPolicyStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - errs := validation.ValidateValidatingAdmissionPolicyUpdate(obj.(*admissionregistration.ValidatingAdmissionPolicy), old.(*admissionregistration.ValidatingAdmissionPolicy)) - if len(errs) == 0 { - // if the object is well-formed, also authorize the paramKind - if err := v.authorizeUpdate(ctx, obj, old); err != nil { - errs = append(errs, field.Forbidden(field.NewPath("spec", "paramKind"), err.Error())) - } - } - return errs -} - -// WarningsOnUpdate returns warnings for the given update. -func (v *validatingAdmissionPolicyStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for validatingAdmissionPolicy objects. Status update should -// only be allowed if version match. -func (v *validatingAdmissionPolicyStrategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/authz.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/authz.go deleted file mode 100644 index a68e6c727e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/authz.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicybinding - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - rbacregistry "k8s.io/kubernetes/pkg/registry/rbac" -) - -func (v *validatingAdmissionPolicyBindingStrategy) authorizeCreate(ctx context.Context, obj runtime.Object) error { - binding := obj.(*admissionregistration.ValidatingAdmissionPolicyBinding) - if binding.Spec.ParamRef == nil { - // no paramRef in new object - return nil - } - - return v.authorize(ctx, binding) -} - -func (v *validatingAdmissionPolicyBindingStrategy) authorizeUpdate(ctx context.Context, obj, old runtime.Object) error { - binding := obj.(*admissionregistration.ValidatingAdmissionPolicyBinding) - if binding.Spec.ParamRef == nil { - // no paramRef in new object - return nil - } - - oldBinding := old.(*admissionregistration.ValidatingAdmissionPolicyBinding) - if oldBinding.Spec.ParamRef != nil && *oldBinding.Spec.ParamRef == *binding.Spec.ParamRef && oldBinding.Spec.PolicyName == binding.Spec.PolicyName { - // identical paramRef and policy to old object - return nil - } - - return v.authorize(ctx, binding) -} - -func (v *validatingAdmissionPolicyBindingStrategy) authorize(ctx context.Context, binding *admissionregistration.ValidatingAdmissionPolicyBinding) error { - if v.authorizer == nil || v.resourceResolver == nil || binding.Spec.ParamRef == nil { - return nil - } - - // for superuser, skip all checks - if rbacregistry.EscalationAllowed(ctx) { - return nil - } - - user, ok := genericapirequest.UserFrom(ctx) - if !ok { - return fmt.Errorf("cannot identify user to authorize read access to paramRef object") - } - - // default to requiring permissions on all group/version/resources - resource, apiGroup, apiVersion := "*", "*", "*" - - if policy, err := v.policyGetter.GetValidatingAdmissionPolicy(ctx, binding.Spec.PolicyName); err == nil && policy.Spec.ParamKind != nil { - paramKind := policy.Spec.ParamKind - if gv, err := schema.ParseGroupVersion(paramKind.APIVersion); err == nil { - // we only need to authorize the parsed group/version - apiGroup = gv.Group - apiVersion = gv.Version - if gvr, err := v.resourceResolver.Resolve(gv.WithKind(paramKind.Kind)); err == nil { - // we only need to authorize the resolved resource - resource = gvr.Resource - } - } - } - - paramRef := binding.Spec.ParamRef - - // require that the user can read (verb "get") the referred resource. - attrs := authorizer.AttributesRecord{ - User: user, - Verb: "get", - ResourceRequest: true, - Name: paramRef.Name, - Namespace: paramRef.Namespace, - APIGroup: apiGroup, - APIVersion: apiVersion, - Resource: resource, - } - - d, _, err := v.authorizer.Authorize(ctx, attrs) - if err != nil { - return err - } - if d != authorizer.DecisionAllow { - return fmt.Errorf(`user %v does not have "get" permission on the object referenced by paramRef`, user) - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/doc.go deleted file mode 100644 index fac83d6a1a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicybinding // import "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/storage/storage.go deleted file mode 100644 index 0f0afa4b39..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/storage/storage.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/admissionregistration/resolver" - "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding" -) - -// REST implements a RESTStorage for policyBinding against etcd -type REST struct { - *genericregistry.Store -} - -var groupResource = admissionregistration.Resource("validatingadmissionpolicybindings") - -// NewREST returns a RESTStorage object that will work against policyBinding. -func NewREST(optsGetter generic.RESTOptionsGetter, authorizer authorizer.Authorizer, policyGetter PolicyGetter, resourceResolver resolver.ResourceResolver) (*REST, error) { - r := &REST{} - strategy := validatingadmissionpolicybinding.NewStrategy(authorizer, policyGetter, resourceResolver) - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &admissionregistration.ValidatingAdmissionPolicyBinding{} }, - NewListFunc: func() runtime.Object { return &admissionregistration.ValidatingAdmissionPolicyBindingList{} }, - ObjectNameFunc: func(obj runtime.Object) (string, error) { - return obj.(*admissionregistration.ValidatingAdmissionPolicyBinding).Name, nil - }, - DefaultQualifiedResource: groupResource, - - CreateStrategy: strategy, - UpdateStrategy: strategy, - DeleteStrategy: strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - r.Store = store - return r, nil -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"api-extensions"} -} - -type PolicyGetter interface { - // GetValidatingAdmissionPolicy returns a GetValidatingAdmissionPolicy - // by its name. There is no namespace because it is cluster-scoped. - GetValidatingAdmissionPolicy(ctx context.Context, name string) (*admissionregistration.ValidatingAdmissionPolicy, error) -} - -type DefaultPolicyGetter struct { - Getter rest.Getter -} - -func (g *DefaultPolicyGetter) GetValidatingAdmissionPolicy(ctx context.Context, name string) (*admissionregistration.ValidatingAdmissionPolicy, error) { - p, err := g.Getter.Get(ctx, name, &metav1.GetOptions{}) - if err != nil { - return nil, err - } - return p.(*admissionregistration.ValidatingAdmissionPolicy), err -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/strategy.go deleted file mode 100644 index 9c43c7855f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/strategy.go +++ /dev/null @@ -1,130 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingadmissionpolicybinding - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/apis/admissionregistration/validation" - "k8s.io/kubernetes/pkg/registry/admissionregistration/resolver" -) - -// validatingAdmissionPolicyBindingStrategy implements verification logic for ValidatingAdmissionPolicyBinding. -type validatingAdmissionPolicyBindingStrategy struct { - runtime.ObjectTyper - names.NameGenerator - authorizer authorizer.Authorizer - policyGetter PolicyGetter - resourceResolver resolver.ResourceResolver -} - -type PolicyGetter interface { - // GetValidatingAdmissionPolicy returns a GetValidatingAdmissionPolicy - // by its name. There is no namespace because it is cluster-scoped. - GetValidatingAdmissionPolicy(ctx context.Context, name string) (*admissionregistration.ValidatingAdmissionPolicy, error) -} - -// NewStrategy is the default logic that applies when creating and updating ValidatingAdmissionPolicyBinding objects. -func NewStrategy(authorizer authorizer.Authorizer, policyGetter PolicyGetter, resourceResolver resolver.ResourceResolver) *validatingAdmissionPolicyBindingStrategy { - return &validatingAdmissionPolicyBindingStrategy{ - ObjectTyper: legacyscheme.Scheme, - NameGenerator: names.SimpleNameGenerator, - authorizer: authorizer, - policyGetter: policyGetter, - resourceResolver: resourceResolver, - } -} - -// NamespaceScoped returns false because ValidatingAdmissionPolicyBinding is cluster-scoped resource. -func (v *validatingAdmissionPolicyBindingStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate clears the status of an ValidatingAdmissionPolicyBinding before creation. -func (v *validatingAdmissionPolicyBindingStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - ic := obj.(*admissionregistration.ValidatingAdmissionPolicyBinding) - ic.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (v *validatingAdmissionPolicyBindingStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newIC := obj.(*admissionregistration.ValidatingAdmissionPolicyBinding) - oldIC := old.(*admissionregistration.ValidatingAdmissionPolicyBinding) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldIC.Spec, newIC.Spec) { - newIC.Generation = oldIC.Generation + 1 - } -} - -// Validate validates a new ValidatingAdmissionPolicyBinding. -func (v *validatingAdmissionPolicyBindingStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - errs := validation.ValidateValidatingAdmissionPolicyBinding(obj.(*admissionregistration.ValidatingAdmissionPolicyBinding)) - if len(errs) == 0 { - // if the object is well-formed, also authorize the paramRef - if err := v.authorizeCreate(ctx, obj); err != nil { - errs = append(errs, field.Forbidden(field.NewPath("spec", "paramRef"), err.Error())) - } - } - return errs -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (v *validatingAdmissionPolicyBindingStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (v *validatingAdmissionPolicyBindingStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is true for ValidatingAdmissionPolicyBinding; this means you may create one with a PUT request. -func (v *validatingAdmissionPolicyBindingStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (v *validatingAdmissionPolicyBindingStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - errs := validation.ValidateValidatingAdmissionPolicyBindingUpdate(obj.(*admissionregistration.ValidatingAdmissionPolicyBinding), old.(*admissionregistration.ValidatingAdmissionPolicyBinding)) - if len(errs) == 0 { - // if the object is well-formed, also authorize the paramRef - if err := v.authorizeUpdate(ctx, obj, old); err != nil { - errs = append(errs, field.Forbidden(field.NewPath("spec", "paramRef"), err.Error())) - } - } - return errs -} - -// WarningsOnUpdate returns warnings for the given update. -func (v *validatingAdmissionPolicyBindingStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for ValidatingAdmissionPolicyBinding objects. Status update should -// only be allowed if version match. -func (v *validatingAdmissionPolicyBindingStrategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/doc.go deleted file mode 100644 index d23152a4b4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingwebhookconfiguration // import "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/storage/storage.go deleted file mode 100644 index 507c0d9e75..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/storage/storage.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration" -) - -// REST implements a RESTStorage for validatingWebhookConfiguration against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against validatingWebhookConfiguration. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &admissionregistration.ValidatingWebhookConfiguration{} }, - NewListFunc: func() runtime.Object { return &admissionregistration.ValidatingWebhookConfigurationList{} }, - ObjectNameFunc: func(obj runtime.Object) (string, error) { - return obj.(*admissionregistration.ValidatingWebhookConfiguration).Name, nil - }, - DefaultQualifiedResource: admissionregistration.Resource("validatingwebhookconfigurations"), - - CreateStrategy: validatingwebhookconfiguration.Strategy, - UpdateStrategy: validatingwebhookconfiguration.Strategy, - DeleteStrategy: validatingwebhookconfiguration.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"api-extensions"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/strategy.go deleted file mode 100644 index 20bc653eea..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/strategy.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validatingwebhookconfiguration - -import ( - "context" - "reflect" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/admissionregistration" - "k8s.io/kubernetes/pkg/apis/admissionregistration/validation" -) - -// validatingWebhookConfigurationStrategy implements verification logic for validatingWebhookConfiguration. -type validatingWebhookConfigurationStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating validatingWebhookConfiguration objects. -var Strategy = validatingWebhookConfigurationStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because ValidatingWebhookConfiguration is cluster-scoped resource. -func (validatingWebhookConfigurationStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate clears the status of an validatingWebhookConfiguration before creation. -func (validatingWebhookConfigurationStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - ic := obj.(*admissionregistration.ValidatingWebhookConfiguration) - ic.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (validatingWebhookConfigurationStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newIC := obj.(*admissionregistration.ValidatingWebhookConfiguration) - oldIC := old.(*admissionregistration.ValidatingWebhookConfiguration) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !reflect.DeepEqual(oldIC.Webhooks, newIC.Webhooks) { - newIC.Generation = oldIC.Generation + 1 - } -} - -// Validate validates a new validatingWebhookConfiguration. -func (validatingWebhookConfigurationStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - return validation.ValidateValidatingWebhookConfiguration(obj.(*admissionregistration.ValidatingWebhookConfiguration)) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (validatingWebhookConfigurationStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (validatingWebhookConfigurationStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is true for validatingWebhookConfiguration; this means you may create one with a PUT request. -func (validatingWebhookConfigurationStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (validatingWebhookConfigurationStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateValidatingWebhookConfigurationUpdate(obj.(*admissionregistration.ValidatingWebhookConfiguration), old.(*admissionregistration.ValidatingWebhookConfiguration)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (validatingWebhookConfigurationStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for validatingWebhookConfiguration objects. Status update should -// only be allowed if version match. -func (validatingWebhookConfigurationStrategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/rest/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/rest/storage.go deleted file mode 100644 index 602d51f68a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/rest/storage.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - apiserverv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/apiserverinternal" - storageversionstorage "k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/storage" -) - -// StorageProvider is a REST storage provider for internal.apiserver.k8s.io -type StorageProvider struct{} - -// NewRESTStorage returns a StorageProvider -func (p StorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(apiserverinternal.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - - if storageMap, err := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[apiserverv1alpha1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p StorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - if resource := "storageversions"; apiResourceConfigSource.ResourceEnabled(apiserverv1alpha1.SchemeGroupVersion.WithResource(resource)) { - s, status, err := storageversionstorage.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = s - storage[resource+"/status"] = status - } - - return storage, nil -} - -// GroupName is the group name for the storage provider -func (p StorageProvider) GroupName() string { - return apiserverinternal.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/doc.go deleted file mode 100644 index eb2775dc11..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package storageversion provides Registry interface and it's RESTStorage -// implementation for storing StorageVersion api objects. -package storageversion // import "k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/storage/storage.go deleted file mode 100644 index 7bb55c31ed..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/storage/storage.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/apiserverinternal" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - strategy "k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for storage version against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against storageVersions -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &apiserverinternal.StorageVersion{} }, - NewListFunc: func() runtime.Object { return &apiserverinternal.StorageVersionList{} }, - ObjectNameFunc: func(obj runtime.Object) (string, error) { - return obj.(*apiserverinternal.StorageVersion).Name, nil - }, - DefaultQualifiedResource: apiserverinternal.Resource("storageversions"), - - CreateStrategy: strategy.Strategy, - UpdateStrategy: strategy.Strategy, - DeleteStrategy: strategy.Strategy, - ResetFieldsStrategy: strategy.Strategy, - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - statusStore := *store - statusStore.UpdateStrategy = strategy.StatusStrategy - statusStore.ResetFieldsStrategy = strategy.StatusStrategy - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// StatusREST implements the REST endpoint for changing the status of a storageVersion -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new StorageVersion object. -func (r *StatusREST) New() runtime.Object { - return &apiserverinternal.StorageVersion{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/strategy.go deleted file mode 100644 index 93ab981376..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/strategy.go +++ /dev/null @@ -1,144 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storageversion - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/apiserverinternal" - "k8s.io/kubernetes/pkg/apis/apiserverinternal/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// storageVersionStrategy implements verification logic for StorageVersion. -type storageVersionStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating StorageVersion objects. -var Strategy = storageVersionStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because all StorageVersion's need to be cluster scoped -func (storageVersionStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (storageVersionStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "internal.apiserver.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of an StorageVersion before creation. -func (storageVersionStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - sv := obj.(*apiserverinternal.StorageVersion) - sv.Status = apiserverinternal.StorageVersionStatus{} -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (storageVersionStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - sv := obj.(*apiserverinternal.StorageVersion) - sv.Status = old.(*apiserverinternal.StorageVersion).Status -} - -// Validate validates a new storageVersion. -func (storageVersionStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - sv := obj.(*apiserverinternal.StorageVersion) - return validation.ValidateStorageVersion(sv) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (storageVersionStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (storageVersionStrategy) Canonicalize(obj runtime.Object) { -} - -// Does not allow creating a StorageVersion object with a PUT request. -func (storageVersionStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (storageVersionStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newStorageVersion := obj.(*apiserverinternal.StorageVersion) - oldStorageVersion := old.(*apiserverinternal.StorageVersion) - validationErrorList := validation.ValidateStorageVersionUpdate(newStorageVersion, oldStorageVersion) - return validationErrorList -} - -// WarningsOnUpdate returns warnings for the given update. -func (storageVersionStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for storageVersion objects. Status update should -// only be allowed if version match. -func (storageVersionStrategy) AllowUnconditionalUpdate() bool { - return false -} - -type storageVersionStatusStrategy struct { - storageVersionStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = storageVersionStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (storageVersionStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "internal.apiserver.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("metadata"), - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -func (storageVersionStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newSV := obj.(*apiserverinternal.StorageVersion) - oldSV := old.(*apiserverinternal.StorageVersion) - - newSV.Spec = oldSV.Spec - metav1.ResetObjectMetaForStatus(&newSV.ObjectMeta, &oldSV.ObjectMeta) -} - -func (storageVersionStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateStorageVersionStatusUpdate(obj.(*apiserverinternal.StorageVersion), old.(*apiserverinternal.StorageVersion)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (storageVersionStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/doc.go deleted file mode 100644 index 9c10c8e87c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllerrevision // import "k8s.io/kubernetes/pkg/registry/apps/controllerrevision" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/storage/storage.go deleted file mode 100644 index f00f1b8099..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/storage/storage.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/apps/controllerrevision" -) - -// REST implements a RESTStorage for ControllerRevision -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work with ControllerRevision objects. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &apps.ControllerRevision{} }, - NewListFunc: func() runtime.Object { return &apps.ControllerRevisionList{} }, - DefaultQualifiedResource: apps.Resource("controllerrevisions"), - - CreateStrategy: controllerrevision.Strategy, - UpdateStrategy: controllerrevision.Strategy, - DeleteStrategy: controllerrevision.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/strategy.go deleted file mode 100644 index 250f0ed9eb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/controllerrevision/strategy.go +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllerrevision - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/apps/validation" -) - -// strategy implements behavior for ConfigMap objects -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating ControllerRevision -// objects via the REST API. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Strategy should implement rest.RESTCreateStrategy -var _ rest.RESTCreateStrategy = Strategy - -// Strategy should implement rest.RESTUpdateStrategy -var _ rest.RESTUpdateStrategy = Strategy - -func (strategy) NamespaceScoped() bool { - return true -} - -func (strategy) Canonicalize(obj runtime.Object) { -} - -func (strategy) AllowCreateOnUpdate() bool { - return false -} - -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - _ = obj.(*apps.ControllerRevision) -} - -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - revision := obj.(*apps.ControllerRevision) - - return validation.ValidateControllerRevision(revision) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -func (strategy) PrepareForUpdate(ctx context.Context, newObj, oldObj runtime.Object) { - _ = oldObj.(*apps.ControllerRevision) - _ = newObj.(*apps.ControllerRevision) -} - -func (strategy) AllowUnconditionalUpdate() bool { - return true -} - -func (strategy) ValidateUpdate(ctx context.Context, newObj, oldObj runtime.Object) field.ErrorList { - oldRevision, newRevision := oldObj.(*apps.ControllerRevision), newObj.(*apps.ControllerRevision) - return validation.ValidateControllerRevisionUpdate(newRevision, oldRevision) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { return nil } diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/doc.go deleted file mode 100644 index b8f7f2c70b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package daemonset provides Registry interface and its RESTStorage -// implementation for storing DaemonSet api objects. -package daemonset // import "k8s.io/kubernetes/pkg/registry/apps/daemonset" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/storage/storage.go deleted file mode 100644 index 84df245028..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/storage/storage.go +++ /dev/null @@ -1,116 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/apps/daemonset" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for DaemonSets -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against DaemonSets. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &apps.DaemonSet{} }, - NewListFunc: func() runtime.Object { return &apps.DaemonSetList{} }, - DefaultQualifiedResource: apps.Resource("daemonsets"), - - CreateStrategy: daemonset.Strategy, - UpdateStrategy: daemonset.Strategy, - DeleteStrategy: daemonset.Strategy, - ResetFieldsStrategy: daemonset.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = daemonset.StatusStrategy - statusStore.ResetFieldsStrategy = daemonset.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"ds"} -} - -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// StatusREST implements the REST endpoint for changing the status of a daemonset -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new DaemonSet object. -func (r *StatusREST) New() runtime.Object { - return &apps.DaemonSet{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/strategy.go deleted file mode 100644 index 32665566fa..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/daemonset/strategy.go +++ /dev/null @@ -1,218 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package daemonset - -import ( - "context" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - apivalidation "k8s.io/apimachinery/pkg/api/validation" - metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/api/pod" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/apps/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// daemonSetStrategy implements verification logic for daemon sets. -type daemonSetStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating DaemonSet objects. -var Strategy = daemonSetStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Make sure we correctly implement the interface. -var _ = rest.GarbageCollectionDeleteStrategy(Strategy) - -// DefaultGarbageCollectionPolicy returns DeleteDependents for all currently served versions. -func (daemonSetStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - return rest.DeleteDependents -} - -// NamespaceScoped returns true because all DaemonSets need to be within a namespace. -func (daemonSetStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (daemonSetStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of a daemon set before creation. -func (daemonSetStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - daemonSet := obj.(*apps.DaemonSet) - daemonSet.Status = apps.DaemonSetStatus{} - - daemonSet.Generation = 1 - if daemonSet.Spec.TemplateGeneration < 1 { - daemonSet.Spec.TemplateGeneration = 1 - } - - pod.DropDisabledTemplateFields(&daemonSet.Spec.Template, nil) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (daemonSetStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newDaemonSet := obj.(*apps.DaemonSet) - oldDaemonSet := old.(*apps.DaemonSet) - - pod.DropDisabledTemplateFields(&newDaemonSet.Spec.Template, &oldDaemonSet.Spec.Template) - - // update is not allowed to set status - newDaemonSet.Status = oldDaemonSet.Status - - // update is not allowed to set TemplateGeneration - newDaemonSet.Spec.TemplateGeneration = oldDaemonSet.Spec.TemplateGeneration - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. We push - // the burden of managing the status onto the clients because we can't (in general) - // know here what version of spec the writer of the status has seen. It may seem like - // we can at first -- since obj contains spec -- but in the future we will probably make - // status its own object, and even if we don't, writes may be the result of a - // read-update-write loop, so the contents of spec may not actually be the spec that - // the manager has *seen*. - // - // TODO: Any changes to a part of the object that represents desired state (labels, - // annotations etc) should also increment the generation. - if !apiequality.Semantic.DeepEqual(oldDaemonSet.Spec.Template, newDaemonSet.Spec.Template) { - newDaemonSet.Spec.TemplateGeneration = oldDaemonSet.Spec.TemplateGeneration + 1 - newDaemonSet.Generation = oldDaemonSet.Generation + 1 - return - } - if !apiequality.Semantic.DeepEqual(oldDaemonSet.Spec, newDaemonSet.Spec) { - newDaemonSet.Generation = oldDaemonSet.Generation + 1 - } -} - -// Validate validates a new daemon set. -func (daemonSetStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - daemonSet := obj.(*apps.DaemonSet) - opts := pod.GetValidationOptionsFromPodTemplate(&daemonSet.Spec.Template, nil) - return validation.ValidateDaemonSet(daemonSet, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (daemonSetStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newDaemonSet := obj.(*apps.DaemonSet) - return pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newDaemonSet.Spec.Template, nil) -} - -// Canonicalize normalizes the object after validation. -func (daemonSetStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for daemon set; this means a POST is -// needed to create one -func (daemonSetStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (daemonSetStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newDaemonSet := obj.(*apps.DaemonSet) - oldDaemonSet := old.(*apps.DaemonSet) - - opts := pod.GetValidationOptionsFromPodTemplate(&newDaemonSet.Spec.Template, &oldDaemonSet.Spec.Template) - opts.AllowInvalidLabelValueInSelector = opts.AllowInvalidLabelValueInSelector || metav1validation.LabelSelectorHasInvalidLabelValue(oldDaemonSet.Spec.Selector) - - allErrs := validation.ValidateDaemonSet(obj.(*apps.DaemonSet), opts) - allErrs = append(allErrs, validation.ValidateDaemonSetUpdate(newDaemonSet, oldDaemonSet, opts)...) - - // Update is not allowed to set Spec.Selector for apps/v1 and apps/v1beta2 (allowed for extensions/v1beta1). - // If RequestInfo is nil, it is better to revert to old behavior (i.e. allow update to set Spec.Selector) - // to prevent unintentionally breaking users who may rely on the old behavior. - // TODO(#50791): after extensions/v1beta1 is removed, move selector immutability check inside ValidateDaemonSetUpdate(). - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - groupVersion := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - switch groupVersion { - case extensionsv1beta1.SchemeGroupVersion: - // no-op for compatibility - default: - // disallow mutation of selector - allErrs = append(allErrs, apivalidation.ValidateImmutableField(newDaemonSet.Spec.Selector, oldDaemonSet.Spec.Selector, field.NewPath("spec").Child("selector"))...) - } - } - - return allErrs -} - -// WarningsOnUpdate returns warnings for the given update. -func (daemonSetStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - newDaemonSet := obj.(*apps.DaemonSet) - oldDaemonSet := old.(*apps.DaemonSet) - if newDaemonSet.Spec.TemplateGeneration != oldDaemonSet.Spec.TemplateGeneration { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newDaemonSet.Spec.Template, &oldDaemonSet.Spec.Template) - } - return warnings -} - -// AllowUnconditionalUpdate is the default update policy for daemon set objects. -func (daemonSetStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type daemonSetStatusStrategy struct { - daemonSetStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = daemonSetStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (daemonSetStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } -} - -func (daemonSetStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newDaemonSet := obj.(*apps.DaemonSet) - oldDaemonSet := old.(*apps.DaemonSet) - newDaemonSet.Spec = oldDaemonSet.Spec -} - -func (daemonSetStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateDaemonSetStatusUpdate(obj.(*apps.DaemonSet), old.(*apps.DaemonSet)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (daemonSetStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/doc.go deleted file mode 100644 index bc2a79604d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package deployment // import "k8s.io/kubernetes/pkg/registry/apps/deployment" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/storage/storage.go deleted file mode 100644 index 8b05dd0b66..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/storage/storage.go +++ /dev/null @@ -1,479 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - "net/http" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - storeerr "k8s.io/apiserver/pkg/storage/errors" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/apis/apps" - appsv1beta1 "k8s.io/kubernetes/pkg/apis/apps/v1beta1" - appsv1beta2 "k8s.io/kubernetes/pkg/apis/apps/v1beta2" - appsvalidation "k8s.io/kubernetes/pkg/apis/apps/validation" - "k8s.io/kubernetes/pkg/apis/autoscaling" - autoscalingv1 "k8s.io/kubernetes/pkg/apis/autoscaling/v1" - autoscalingvalidation "k8s.io/kubernetes/pkg/apis/autoscaling/validation" - extensionsv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/apps/deployment" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// DeploymentStorage includes dummy storage for Deployments and for Scale subresource. -type DeploymentStorage struct { - Deployment *REST - Status *StatusREST - Scale *ScaleREST - Rollback *RollbackREST -} - -// ReplicasPathMappings returns the mappings between each group version and a replicas path -func ReplicasPathMappings() fieldmanager.ResourcePathMappings { - return replicasPathInDeployment -} - -// maps a group version to the replicas path in a deployment object -var replicasPathInDeployment = fieldmanager.ResourcePathMappings{ - schema.GroupVersion{Group: "apps", Version: "v1beta1"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), - schema.GroupVersion{Group: "apps", Version: "v1beta2"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), - schema.GroupVersion{Group: "apps", Version: "v1"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), -} - -// NewStorage returns new instance of DeploymentStorage. -func NewStorage(optsGetter generic.RESTOptionsGetter) (DeploymentStorage, error) { - deploymentRest, deploymentStatusRest, deploymentRollbackRest, err := NewREST(optsGetter) - if err != nil { - return DeploymentStorage{}, err - } - - return DeploymentStorage{ - Deployment: deploymentRest, - Status: deploymentStatusRest, - Scale: &ScaleREST{store: deploymentRest.Store}, - Rollback: deploymentRollbackRest, - }, nil -} - -// REST implements a RESTStorage for Deployments. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against deployments. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, *RollbackREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &apps.Deployment{} }, - NewListFunc: func() runtime.Object { return &apps.DeploymentList{} }, - DefaultQualifiedResource: apps.Resource("deployments"), - - CreateStrategy: deployment.Strategy, - UpdateStrategy: deployment.Strategy, - DeleteStrategy: deployment.Strategy, - ResetFieldsStrategy: deployment.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = deployment.StatusStrategy - statusStore.ResetFieldsStrategy = deployment.StatusStrategy - return &REST{store}, &StatusREST{store: &statusStore}, &RollbackREST{store: store}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"deploy"} -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// StatusREST implements the REST endpoint for changing the status of a deployment -type StatusREST struct { - store *genericregistry.Store -} - -// New returns empty Deployment object. -func (r *StatusREST) New() runtime.Object { - return &apps.Deployment{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -// RollbackREST implements the REST endpoint for initiating the rollback of a deployment -type RollbackREST struct { - store *genericregistry.Store -} - -// ProducesMIMETypes returns a list of the MIME types the specified HTTP verb (GET, POST, DELETE, -// PATCH) can respond with. -func (r *RollbackREST) ProducesMIMETypes(verb string) []string { - return nil -} - -// ProducesObject returns an object the specified HTTP verb respond with. It will overwrite storage object if -// it is not nil. Only the type of the return object matters, the value will be ignored. -func (r *RollbackREST) ProducesObject(verb string) interface{} { - return metav1.Status{} -} - -var _ = rest.StorageMetadata(&RollbackREST{}) - -// New creates a rollback -func (r *RollbackREST) New() runtime.Object { - return &apps.DeploymentRollback{} -} - -// Destroy cleans up resources on shutdown. -func (r *RollbackREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -var _ = rest.NamedCreater(&RollbackREST{}) - -// Create runs rollback for deployment -func (r *RollbackREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - rollback, ok := obj.(*apps.DeploymentRollback) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("not a DeploymentRollback: %#v", obj)) - } - - if errs := appsvalidation.ValidateDeploymentRollback(rollback); len(errs) != 0 { - return nil, errors.NewInvalid(apps.Kind("DeploymentRollback"), rollback.Name, errs) - } - if name != rollback.Name { - return nil, errors.NewBadRequest("name in URL does not match name in DeploymentRollback object") - } - - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - // Update the Deployment with information in DeploymentRollback to trigger rollback - err := r.rollbackDeployment(ctx, rollback.Name, &rollback.RollbackTo, rollback.UpdatedAnnotations, dryrun.IsDryRun(options.DryRun)) - if err != nil { - return nil, err - } - return &metav1.Status{ - Status: metav1.StatusSuccess, - Message: fmt.Sprintf("rollback request for deployment %q succeeded", rollback.Name), - Code: http.StatusOK, - }, nil -} - -func (r *RollbackREST) rollbackDeployment(ctx context.Context, deploymentID string, config *apps.RollbackConfig, annotations map[string]string, dryRun bool) error { - if _, err := r.setDeploymentRollback(ctx, deploymentID, config, annotations, dryRun); err != nil { - err = storeerr.InterpretGetError(err, apps.Resource("deployments"), deploymentID) - err = storeerr.InterpretUpdateError(err, apps.Resource("deployments"), deploymentID) - if _, ok := err.(*errors.StatusError); !ok { - err = errors.NewInternalError(err) - } - return err - } - return nil -} - -func (r *RollbackREST) setDeploymentRollback(ctx context.Context, deploymentID string, config *apps.RollbackConfig, annotations map[string]string, dryRun bool) (*apps.Deployment, error) { - dKey, err := r.store.KeyFunc(ctx, deploymentID) - if err != nil { - return nil, err - } - var finalDeployment *apps.Deployment - err = r.store.Storage.GuaranteedUpdate(ctx, dKey, &apps.Deployment{}, false, nil, storage.SimpleUpdate(func(obj runtime.Object) (runtime.Object, error) { - d, ok := obj.(*apps.Deployment) - if !ok { - return nil, fmt.Errorf("unexpected object: %#v", obj) - } - if d.Annotations == nil { - d.Annotations = make(map[string]string) - } - for k, v := range annotations { - d.Annotations[k] = v - } - d.Spec.RollbackTo = config - finalDeployment = d - return d, nil - }), dryRun, nil) - return finalDeployment, err -} - -// ScaleREST implements a Scale for Deployment. -type ScaleREST struct { - store *genericregistry.Store -} - -// ScaleREST implements Patcher -var _ = rest.Patcher(&ScaleREST{}) -var _ = rest.GroupVersionKindProvider(&ScaleREST{}) - -// GroupVersionKind returns GroupVersionKind for Deployment Scale object -func (r *ScaleREST) GroupVersionKind(containingGV schema.GroupVersion) schema.GroupVersionKind { - switch containingGV { - case extensionsv1beta1.SchemeGroupVersion: - return extensionsv1beta1.SchemeGroupVersion.WithKind("Scale") - case appsv1beta1.SchemeGroupVersion: - return appsv1beta1.SchemeGroupVersion.WithKind("Scale") - case appsv1beta2.SchemeGroupVersion: - return appsv1beta2.SchemeGroupVersion.WithKind("Scale") - default: - return autoscalingv1.SchemeGroupVersion.WithKind("Scale") - } -} - -// New creates a new Scale object -func (r *ScaleREST) New() runtime.Object { - return &autoscaling.Scale{} -} - -// Destroy cleans up resources on shutdown. -func (r *ScaleREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves object from Scale storage. -func (r *ScaleREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - obj, err := r.store.Get(ctx, name, options) - if err != nil { - return nil, errors.NewNotFound(apps.Resource("deployments/scale"), name) - } - deployment := obj.(*apps.Deployment) - scale, err := scaleFromDeployment(deployment) - if err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("%v", err)) - } - return scale, nil -} - -// Update alters scale subset of Deployment object. -func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - obj, _, err := r.store.Update( - ctx, - name, - &scaleUpdatedObjectInfo{name, objInfo}, - toScaleCreateValidation(createValidation), - toScaleUpdateValidation(updateValidation), - false, - options, - ) - if err != nil { - return nil, false, err - } - deployment := obj.(*apps.Deployment) - newScale, err := scaleFromDeployment(deployment) - if err != nil { - return nil, false, errors.NewBadRequest(fmt.Sprintf("%v", err)) - } - return newScale, false, nil -} - -func (r *ScaleREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc { - return func(ctx context.Context, obj runtime.Object) error { - scale, err := scaleFromDeployment(obj.(*apps.Deployment)) - if err != nil { - return err - } - return f(ctx, scale) - } -} - -func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc { - return func(ctx context.Context, obj, old runtime.Object) error { - newScale, err := scaleFromDeployment(obj.(*apps.Deployment)) - if err != nil { - return err - } - oldScale, err := scaleFromDeployment(old.(*apps.Deployment)) - if err != nil { - return err - } - return f(ctx, newScale, oldScale) - } -} - -// scaleFromDeployment returns a scale subresource for a deployment. -func scaleFromDeployment(deployment *apps.Deployment) (*autoscaling.Scale, error) { - selector, err := metav1.LabelSelectorAsSelector(deployment.Spec.Selector) - if err != nil { - return nil, err - } - - return &autoscaling.Scale{ - // TODO: Create a variant of ObjectMeta type that only contains the fields below. - ObjectMeta: metav1.ObjectMeta{ - Name: deployment.Name, - Namespace: deployment.Namespace, - UID: deployment.UID, - ResourceVersion: deployment.ResourceVersion, - CreationTimestamp: deployment.CreationTimestamp, - }, - Spec: autoscaling.ScaleSpec{ - Replicas: deployment.Spec.Replicas, - }, - Status: autoscaling.ScaleStatus{ - Replicas: deployment.Status.Replicas, - Selector: selector.String(), - }, - }, nil -} - -// scaleUpdatedObjectInfo transforms existing deployment -> existing scale -> new scale -> new deployment -type scaleUpdatedObjectInfo struct { - name string - reqObjInfo rest.UpdatedObjectInfo -} - -func (i *scaleUpdatedObjectInfo) Preconditions() *metav1.Preconditions { - return i.reqObjInfo.Preconditions() -} - -func (i *scaleUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj runtime.Object) (runtime.Object, error) { - deployment, ok := oldObj.DeepCopyObject().(*apps.Deployment) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected existing object type to be Deployment, got %T", deployment)) - } - // if zero-value, the existing object does not exist - if len(deployment.ResourceVersion) == 0 { - return nil, errors.NewNotFound(apps.Resource("deployments/scale"), i.name) - } - - groupVersion := schema.GroupVersion{Group: "apps", Version: "v1"} - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - requestGroupVersion := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - if _, ok := replicasPathInDeployment[requestGroupVersion.String()]; ok { - groupVersion = requestGroupVersion - } else { - klog.Fatalf("Unrecognized group/version in request info %q", requestGroupVersion.String()) - } - } - - managedFieldsHandler := fieldmanager.NewScaleHandler( - deployment.ManagedFields, - groupVersion, - replicasPathInDeployment, - ) - - // deployment -> old scale - oldScale, err := scaleFromDeployment(deployment) - if err != nil { - return nil, err - } - scaleManagedFields, err := managedFieldsHandler.ToSubresource() - if err != nil { - return nil, err - } - oldScale.ManagedFields = scaleManagedFields - - // old scale -> new scale - newScaleObj, err := i.reqObjInfo.UpdatedObject(ctx, oldScale) - if err != nil { - return nil, err - } - if newScaleObj == nil { - return nil, errors.NewBadRequest("nil update passed to Scale") - } - scale, ok := newScaleObj.(*autoscaling.Scale) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected input object type to be Scale, but %T", newScaleObj)) - } - - // validate - if errs := autoscalingvalidation.ValidateScale(scale); len(errs) > 0 { - return nil, errors.NewInvalid(autoscaling.Kind("Scale"), deployment.Name, errs) - } - - // validate precondition if specified (resourceVersion matching is handled by storage) - if len(scale.UID) > 0 && scale.UID != deployment.UID { - return nil, errors.NewConflict( - apps.Resource("deployments/scale"), - deployment.Name, - fmt.Errorf("Precondition failed: UID in precondition: %v, UID in object meta: %v", scale.UID, deployment.UID), - ) - } - - // move replicas/resourceVersion fields to object and return - deployment.Spec.Replicas = scale.Spec.Replicas - deployment.ResourceVersion = scale.ResourceVersion - - updatedEntries, err := managedFieldsHandler.ToParent(scale.ManagedFields) - if err != nil { - return nil, err - } - deployment.ManagedFields = updatedEntries - - return deployment, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/strategy.go deleted file mode 100644 index 71938f3280..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/deployment/strategy.go +++ /dev/null @@ -1,198 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package deployment - -import ( - "context" - - appsv1beta1 "k8s.io/api/apps/v1beta1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - apivalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/api/pod" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/apps/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// deploymentStrategy implements behavior for Deployments. -type deploymentStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Deployment -// objects via the REST API. -var Strategy = deploymentStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Make sure we correctly implement the interface. -var _ = rest.GarbageCollectionDeleteStrategy(Strategy) - -// DefaultGarbageCollectionPolicy returns DeleteDependents for all currently served versions. -func (deploymentStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - return rest.DeleteDependents -} - -// NamespaceScoped is true for deployment. -func (deploymentStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (deploymentStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (deploymentStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - deployment := obj.(*apps.Deployment) - deployment.Status = apps.DeploymentStatus{} - deployment.Generation = 1 - - pod.DropDisabledTemplateFields(&deployment.Spec.Template, nil) -} - -// Validate validates a new deployment. -func (deploymentStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - deployment := obj.(*apps.Deployment) - opts := pod.GetValidationOptionsFromPodTemplate(&deployment.Spec.Template, nil) - return validation.ValidateDeployment(deployment, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (deploymentStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newDeployment := obj.(*apps.Deployment) - return pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newDeployment.Spec.Template, nil) -} - -// Canonicalize normalizes the object after validation. -func (deploymentStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for deployments. -func (deploymentStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (deploymentStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newDeployment := obj.(*apps.Deployment) - oldDeployment := old.(*apps.Deployment) - newDeployment.Status = oldDeployment.Status - - pod.DropDisabledTemplateFields(&newDeployment.Spec.Template, &oldDeployment.Spec.Template) - - // Spec updates bump the generation so that we can distinguish between - // scaling events and template changes, annotation updates bump the generation - // because annotations are copied from deployments to their replica sets. - if !apiequality.Semantic.DeepEqual(newDeployment.Spec, oldDeployment.Spec) || - !apiequality.Semantic.DeepEqual(newDeployment.Annotations, oldDeployment.Annotations) { - newDeployment.Generation = oldDeployment.Generation + 1 - } -} - -// ValidateUpdate is the default update validation for an end user. -func (deploymentStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newDeployment := obj.(*apps.Deployment) - oldDeployment := old.(*apps.Deployment) - - opts := pod.GetValidationOptionsFromPodTemplate(&newDeployment.Spec.Template, &oldDeployment.Spec.Template) - allErrs := validation.ValidateDeploymentUpdate(newDeployment, oldDeployment, opts) - - // Update is not allowed to set Spec.Selector for all groups/versions except extensions/v1beta1. - // If RequestInfo is nil, it is better to revert to old behavior (i.e. allow update to set Spec.Selector) - // to prevent unintentionally breaking users who may rely on the old behavior. - // TODO(#50791): after apps/v1beta1 and extensions/v1beta1 are removed, - // move selector immutability check inside ValidateDeploymentUpdate(). - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - groupVersion := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - switch groupVersion { - case appsv1beta1.SchemeGroupVersion, extensionsv1beta1.SchemeGroupVersion: - // no-op for compatibility - default: - // disallow mutation of selector - allErrs = append(allErrs, apivalidation.ValidateImmutableField(newDeployment.Spec.Selector, oldDeployment.Spec.Selector, field.NewPath("spec").Child("selector"))...) - } - } - - return allErrs -} - -// WarningsOnUpdate returns warnings for the given update. -func (deploymentStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - newDeployment := obj.(*apps.Deployment) - oldDeployment := old.(*apps.Deployment) - if newDeployment.Generation != oldDeployment.Generation { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newDeployment.Spec.Template, &oldDeployment.Spec.Template) - } - return warnings -} - -func (deploymentStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type deploymentStatusStrategy struct { - deploymentStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = deploymentStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (deploymentStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("metadata", "labels"), - ), - } -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update of status -func (deploymentStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newDeployment := obj.(*apps.Deployment) - oldDeployment := old.(*apps.Deployment) - newDeployment.Spec = oldDeployment.Spec - newDeployment.Labels = oldDeployment.Labels -} - -// ValidateUpdate is the default update validation for an end user updating status -func (deploymentStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateDeploymentStatusUpdate(obj.(*apps.Deployment), old.(*apps.Deployment)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (deploymentStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/doc.go deleted file mode 100644 index 722893d222..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package replicaset provides Registry interface and it's RESTStorage -// implementation for storing ReplicaSet api objects. -package replicaset // import "k8s.io/kubernetes/pkg/registry/apps/replicaset" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/storage/storage.go deleted file mode 100644 index 0c467d3732..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/storage/storage.go +++ /dev/null @@ -1,375 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// If you make changes to this file, you should also make the corresponding change in ReplicationController. - -package storage - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/apis/apps" - appsv1beta1 "k8s.io/kubernetes/pkg/apis/apps/v1beta1" - appsv1beta2 "k8s.io/kubernetes/pkg/apis/apps/v1beta2" - "k8s.io/kubernetes/pkg/apis/autoscaling" - autoscalingv1 "k8s.io/kubernetes/pkg/apis/autoscaling/v1" - autoscalingvalidation "k8s.io/kubernetes/pkg/apis/autoscaling/validation" - extensionsv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/apps/replicaset" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// ReplicaSetStorage includes dummy storage for ReplicaSets and for Scale subresource. -type ReplicaSetStorage struct { - ReplicaSet *REST - Status *StatusREST - Scale *ScaleREST -} - -// ReplicasPathMappings returns the mappings between each group version and a replicas path -func ReplicasPathMappings() fieldmanager.ResourcePathMappings { - return replicasPathInReplicaSet -} - -// maps a group version to the replicas path in a replicaset object -var replicasPathInReplicaSet = fieldmanager.ResourcePathMappings{ - schema.GroupVersion{Group: "apps", Version: "v1beta2"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), - schema.GroupVersion{Group: "apps", Version: "v1"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), -} - -// NewStorage returns new instance of ReplicaSetStorage. -func NewStorage(optsGetter generic.RESTOptionsGetter) (ReplicaSetStorage, error) { - replicaSetRest, replicaSetStatusRest, err := NewREST(optsGetter) - if err != nil { - return ReplicaSetStorage{}, err - } - - return ReplicaSetStorage{ - ReplicaSet: replicaSetRest, - Status: replicaSetStatusRest, - Scale: &ScaleREST{store: replicaSetRest.Store}, - }, nil -} - -// REST implements a RESTStorage for ReplicaSet. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against ReplicaSet. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &apps.ReplicaSet{} }, - NewListFunc: func() runtime.Object { return &apps.ReplicaSetList{} }, - PredicateFunc: replicaset.MatchReplicaSet, - DefaultQualifiedResource: apps.Resource("replicasets"), - - CreateStrategy: replicaset.Strategy, - UpdateStrategy: replicaset.Strategy, - DeleteStrategy: replicaset.Strategy, - ResetFieldsStrategy: replicaset.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: replicaset.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = replicaset.StatusStrategy - statusStore.ResetFieldsStrategy = replicaset.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"rs"} -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// StatusREST implements the REST endpoint for changing the status of a ReplicaSet -type StatusREST struct { - store *genericregistry.Store -} - -// New returns empty ReplicaSet object. -func (r *StatusREST) New() runtime.Object { - return &apps.ReplicaSet{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -// ScaleREST implements a Scale for ReplicaSet. -type ScaleREST struct { - store *genericregistry.Store -} - -// ScaleREST implements Patcher -var _ = rest.Patcher(&ScaleREST{}) -var _ = rest.GroupVersionKindProvider(&ScaleREST{}) - -// GroupVersionKind returns GroupVersionKind for ReplicaSet Scale object -func (r *ScaleREST) GroupVersionKind(containingGV schema.GroupVersion) schema.GroupVersionKind { - switch containingGV { - case extensionsv1beta1.SchemeGroupVersion: - return extensionsv1beta1.SchemeGroupVersion.WithKind("Scale") - case appsv1beta1.SchemeGroupVersion: - return appsv1beta1.SchemeGroupVersion.WithKind("Scale") - case appsv1beta2.SchemeGroupVersion: - return appsv1beta2.SchemeGroupVersion.WithKind("Scale") - default: - return autoscalingv1.SchemeGroupVersion.WithKind("Scale") - } -} - -// New creates a new Scale object -func (r *ScaleREST) New() runtime.Object { - return &autoscaling.Scale{} -} - -// Destroy cleans up resources on shutdown. -func (r *ScaleREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves object from Scale storage. -func (r *ScaleREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - obj, err := r.store.Get(ctx, name, options) - if err != nil { - return nil, errors.NewNotFound(apps.Resource("replicasets/scale"), name) - } - rs := obj.(*apps.ReplicaSet) - scale, err := scaleFromReplicaSet(rs) - if err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("%v", err)) - } - return scale, err -} - -// Update alters scale subset of ReplicaSet object. -func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - obj, _, err := r.store.Update( - ctx, - name, - &scaleUpdatedObjectInfo{name, objInfo}, - toScaleCreateValidation(createValidation), - toScaleUpdateValidation(updateValidation), - false, - options, - ) - if err != nil { - return nil, false, err - } - rs := obj.(*apps.ReplicaSet) - newScale, err := scaleFromReplicaSet(rs) - if err != nil { - return nil, false, errors.NewBadRequest(fmt.Sprintf("%v", err)) - } - return newScale, false, err -} - -func (r *ScaleREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc { - return func(ctx context.Context, obj runtime.Object) error { - scale, err := scaleFromReplicaSet(obj.(*apps.ReplicaSet)) - if err != nil { - return err - } - return f(ctx, scale) - } -} - -func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc { - return func(ctx context.Context, obj, old runtime.Object) error { - newScale, err := scaleFromReplicaSet(obj.(*apps.ReplicaSet)) - if err != nil { - return err - } - oldScale, err := scaleFromReplicaSet(old.(*apps.ReplicaSet)) - if err != nil { - return err - } - return f(ctx, newScale, oldScale) - } -} - -// scaleFromReplicaSet returns a scale subresource for a replica set. -func scaleFromReplicaSet(rs *apps.ReplicaSet) (*autoscaling.Scale, error) { - selector, err := metav1.LabelSelectorAsSelector(rs.Spec.Selector) - if err != nil { - return nil, err - } - return &autoscaling.Scale{ - // TODO: Create a variant of ObjectMeta type that only contains the fields below. - ObjectMeta: metav1.ObjectMeta{ - Name: rs.Name, - Namespace: rs.Namespace, - UID: rs.UID, - ResourceVersion: rs.ResourceVersion, - CreationTimestamp: rs.CreationTimestamp, - }, - Spec: autoscaling.ScaleSpec{ - Replicas: rs.Spec.Replicas, - }, - Status: autoscaling.ScaleStatus{ - Replicas: rs.Status.Replicas, - Selector: selector.String(), - }, - }, nil -} - -// scaleUpdatedObjectInfo transforms existing replicaset -> existing scale -> new scale -> new replicaset -type scaleUpdatedObjectInfo struct { - name string - reqObjInfo rest.UpdatedObjectInfo -} - -func (i *scaleUpdatedObjectInfo) Preconditions() *metav1.Preconditions { - return i.reqObjInfo.Preconditions() -} - -func (i *scaleUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj runtime.Object) (runtime.Object, error) { - replicaset, ok := oldObj.DeepCopyObject().(*apps.ReplicaSet) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected existing object type to be ReplicaSet, got %T", replicaset)) - } - // if zero-value, the existing object does not exist - if len(replicaset.ResourceVersion) == 0 { - return nil, errors.NewNotFound(apps.Resource("replicasets/scale"), i.name) - } - - groupVersion := schema.GroupVersion{Group: "apps", Version: "v1"} - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - requestGroupVersion := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - if _, ok := replicasPathInReplicaSet[requestGroupVersion.String()]; ok { - groupVersion = requestGroupVersion - } else { - klog.Fatalf("Unrecognized group/version in request info %q", requestGroupVersion.String()) - } - } - - managedFieldsHandler := fieldmanager.NewScaleHandler( - replicaset.ManagedFields, - groupVersion, - replicasPathInReplicaSet, - ) - - // replicaset -> old scale - oldScale, err := scaleFromReplicaSet(replicaset) - if err != nil { - return nil, err - } - - scaleManagedFields, err := managedFieldsHandler.ToSubresource() - if err != nil { - return nil, err - } - oldScale.ManagedFields = scaleManagedFields - - // old scale -> new scale - newScaleObj, err := i.reqObjInfo.UpdatedObject(ctx, oldScale) - if err != nil { - return nil, err - } - if newScaleObj == nil { - return nil, errors.NewBadRequest("nil update passed to Scale") - } - scale, ok := newScaleObj.(*autoscaling.Scale) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected input object type to be Scale, but %T", newScaleObj)) - } - - // validate - if errs := autoscalingvalidation.ValidateScale(scale); len(errs) > 0 { - return nil, errors.NewInvalid(autoscaling.Kind("Scale"), replicaset.Name, errs) - } - - // validate precondition if specified (resourceVersion matching is handled by storage) - if len(scale.UID) > 0 && scale.UID != replicaset.UID { - return nil, errors.NewConflict( - apps.Resource("replicasets/scale"), - replicaset.Name, - fmt.Errorf("Precondition failed: UID in precondition: %v, UID in object meta: %v", scale.UID, replicaset.UID), - ) - } - - // move replicas/resourceVersion fields to object and return - replicaset.Spec.Replicas = scale.Spec.Replicas - replicaset.ResourceVersion = scale.ResourceVersion - - updatedEntries, err := managedFieldsHandler.ToParent(scale.ManagedFields) - if err != nil { - return nil, err - } - replicaset.ManagedFields = updatedEntries - - return replicaset, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/strategy.go deleted file mode 100644 index add8c23927..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/replicaset/strategy.go +++ /dev/null @@ -1,237 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// If you make changes to this file, you should also make the corresponding change in ReplicationController. - -package replicaset - -import ( - "context" - "fmt" - "strconv" - - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - apivalidation "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - apistorage "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/api/pod" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/apps/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// rsStrategy implements verification logic for ReplicaSets. -type rsStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating ReplicaSet objects. -var Strategy = rsStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Make sure we correctly implement the interface. -var _ = rest.GarbageCollectionDeleteStrategy(Strategy) - -// DefaultGarbageCollectionPolicy returns DeleteDependents for all currently served versions. -func (rsStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - return rest.DeleteDependents -} - -// NamespaceScoped returns true because all ReplicaSets need to be within a namespace. -func (rsStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (rsStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of a ReplicaSet before creation. -func (rsStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - rs := obj.(*apps.ReplicaSet) - rs.Status = apps.ReplicaSetStatus{} - - rs.Generation = 1 - - pod.DropDisabledTemplateFields(&rs.Spec.Template, nil) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (rsStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newRS := obj.(*apps.ReplicaSet) - oldRS := old.(*apps.ReplicaSet) - // update is not allowed to set status - newRS.Status = oldRS.Status - - pod.DropDisabledTemplateFields(&newRS.Spec.Template, &oldRS.Spec.Template) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. We push - // the burden of managing the status onto the clients because we can't (in general) - // know here what version of spec the writer of the status has seen. It may seem like - // we can at first -- since obj contains spec -- but in the future we will probably make - // status its own object, and even if we don't, writes may be the result of a - // read-update-write loop, so the contents of spec may not actually be the spec that - // the ReplicaSet has *seen*. - if !apiequality.Semantic.DeepEqual(oldRS.Spec, newRS.Spec) { - newRS.Generation = oldRS.Generation + 1 - } -} - -// Validate validates a new ReplicaSet. -func (rsStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - rs := obj.(*apps.ReplicaSet) - opts := pod.GetValidationOptionsFromPodTemplate(&rs.Spec.Template, nil) - return validation.ValidateReplicaSet(rs, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (rsStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newRS := obj.(*apps.ReplicaSet) - return pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newRS.Spec.Template, nil) -} - -// Canonicalize normalizes the object after validation. -func (rsStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for ReplicaSets; this means a POST is -// needed to create one. -func (rsStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (rsStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newReplicaSet := obj.(*apps.ReplicaSet) - oldReplicaSet := old.(*apps.ReplicaSet) - - opts := pod.GetValidationOptionsFromPodTemplate(&newReplicaSet.Spec.Template, &oldReplicaSet.Spec.Template) - allErrs := validation.ValidateReplicaSet(obj.(*apps.ReplicaSet), opts) - allErrs = append(allErrs, validation.ValidateReplicaSetUpdate(newReplicaSet, oldReplicaSet, opts)...) - - // Update is not allowed to set Spec.Selector for all groups/versions except extensions/v1beta1. - // If RequestInfo is nil, it is better to revert to old behavior (i.e. allow update to set Spec.Selector) - // to prevent unintentionally breaking users who may rely on the old behavior. - // TODO(#50791): after extensions/v1beta1 is removed, move selector immutability check inside ValidateReplicaSetUpdate(). - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - groupVersion := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - switch groupVersion { - case extensionsv1beta1.SchemeGroupVersion: - // no-op for compatibility - default: - // disallow mutation of selector - allErrs = append(allErrs, apivalidation.ValidateImmutableField(newReplicaSet.Spec.Selector, oldReplicaSet.Spec.Selector, field.NewPath("spec").Child("selector"))...) - } - } - - return allErrs -} - -// WarningsOnUpdate returns warnings for the given update. -func (rsStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - newReplicaSet := obj.(*apps.ReplicaSet) - oldReplicaSet := old.(*apps.ReplicaSet) - if newReplicaSet.Generation != oldReplicaSet.Generation { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newReplicaSet.Spec.Template, &oldReplicaSet.Spec.Template) - } - return warnings -} - -func (rsStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// ToSelectableFields returns a field set that represents the object. -func ToSelectableFields(rs *apps.ReplicaSet) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&rs.ObjectMeta, true) - rsSpecificFieldsSet := fields.Set{ - "status.replicas": strconv.Itoa(int(rs.Status.Replicas)), - } - return generic.MergeFieldsSets(objectMetaFieldsSet, rsSpecificFieldsSet) -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - rs, ok := obj.(*apps.ReplicaSet) - if !ok { - return nil, nil, fmt.Errorf("given object is not a ReplicaSet") - } - return labels.Set(rs.ObjectMeta.Labels), ToSelectableFields(rs), nil -} - -// MatchReplicaSet is the filter used by the generic etcd backend to route -// watch events from etcd to clients of the apiserver only interested in specific -// labels/fields. -func MatchReplicaSet(label labels.Selector, field fields.Selector) apistorage.SelectionPredicate { - return apistorage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -type rsStatusStrategy struct { - rsStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = rsStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (rsStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } -} - -func (rsStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newRS := obj.(*apps.ReplicaSet) - oldRS := old.(*apps.ReplicaSet) - // update is not allowed to set spec - newRS.Spec = oldRS.Spec -} - -func (rsStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateReplicaSetStatusUpdate(obj.(*apps.ReplicaSet), old.(*apps.ReplicaSet)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (rsStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/rest/storage_apps.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/rest/storage_apps.go deleted file mode 100644 index d8357fe659..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/rest/storage_apps.go +++ /dev/null @@ -1,113 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - appsapiv1 "k8s.io/api/apps/v1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/apps" - controllerrevisionsstore "k8s.io/kubernetes/pkg/registry/apps/controllerrevision/storage" - daemonsetstore "k8s.io/kubernetes/pkg/registry/apps/daemonset/storage" - deploymentstore "k8s.io/kubernetes/pkg/registry/apps/deployment/storage" - replicasetstore "k8s.io/kubernetes/pkg/registry/apps/replicaset/storage" - statefulsetstore "k8s.io/kubernetes/pkg/registry/apps/statefulset/storage" -) - -// StorageProvider is a struct for apps REST storage. -type StorageProvider struct{} - -// NewRESTStorage returns APIGroupInfo object. -func (p StorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(apps.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[appsapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p StorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // deployments - if resource := "deployments"; apiResourceConfigSource.ResourceEnabled(appsapiv1.SchemeGroupVersion.WithResource(resource)) { - deploymentStorage, err := deploymentstore.NewStorage(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = deploymentStorage.Deployment - storage[resource+"/status"] = deploymentStorage.Status - storage[resource+"/scale"] = deploymentStorage.Scale - } - - // statefulsets - if resource := "statefulsets"; apiResourceConfigSource.ResourceEnabled(appsapiv1.SchemeGroupVersion.WithResource(resource)) { - statefulSetStorage, err := statefulsetstore.NewStorage(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = statefulSetStorage.StatefulSet - storage[resource+"/status"] = statefulSetStorage.Status - storage[resource+"/scale"] = statefulSetStorage.Scale - } - - // daemonsets - if resource := "daemonsets"; apiResourceConfigSource.ResourceEnabled(appsapiv1.SchemeGroupVersion.WithResource(resource)) { - daemonSetStorage, daemonSetStatusStorage, err := daemonsetstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = daemonSetStorage - storage[resource+"/status"] = daemonSetStatusStorage - } - - // replicasets - if resource := "replicasets"; apiResourceConfigSource.ResourceEnabled(appsapiv1.SchemeGroupVersion.WithResource(resource)) { - replicaSetStorage, err := replicasetstore.NewStorage(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = replicaSetStorage.ReplicaSet - storage[resource+"/status"] = replicaSetStorage.Status - storage[resource+"/scale"] = replicaSetStorage.Scale - } - - // controllerrevisions - if resource := "controllerrevisions"; apiResourceConfigSource.ResourceEnabled(appsapiv1.SchemeGroupVersion.WithResource(resource)) { - historyStorage, err := controllerrevisionsstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = historyStorage - } - - return storage, nil -} - -// GroupName returns name of the group -func (p StorageProvider) GroupName() string { - return apps.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/doc.go deleted file mode 100644 index b99adae811..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package statefulset // import "k8s.io/kubernetes/pkg/registry/apps/statefulset" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/storage/storage.go deleted file mode 100644 index 47558534cd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/storage/storage.go +++ /dev/null @@ -1,368 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/apis/apps" - appsv1beta1 "k8s.io/kubernetes/pkg/apis/apps/v1beta1" - appsv1beta2 "k8s.io/kubernetes/pkg/apis/apps/v1beta2" - "k8s.io/kubernetes/pkg/apis/autoscaling" - autoscalingv1 "k8s.io/kubernetes/pkg/apis/autoscaling/v1" - autoscalingvalidation "k8s.io/kubernetes/pkg/apis/autoscaling/validation" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/apps/statefulset" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// StatefulSetStorage includes dummy storage for StatefulSets, and their Status and Scale subresource. -type StatefulSetStorage struct { - StatefulSet *REST - Status *StatusREST - Scale *ScaleREST -} - -// ReplicasPathMappings returns the mappings between each group version and a replicas path -func ReplicasPathMappings() fieldmanager.ResourcePathMappings { - return replicasPathInStatefulSet -} - -// maps a group version to the replicas path in a statefulset object -var replicasPathInStatefulSet = fieldmanager.ResourcePathMappings{ - schema.GroupVersion{Group: "apps", Version: "v1beta1"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), - schema.GroupVersion{Group: "apps", Version: "v1beta2"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), - schema.GroupVersion{Group: "apps", Version: "v1"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), -} - -// NewStorage returns new instance of StatefulSetStorage. -func NewStorage(optsGetter generic.RESTOptionsGetter) (StatefulSetStorage, error) { - statefulSetRest, statefulSetStatusRest, err := NewREST(optsGetter) - if err != nil { - return StatefulSetStorage{}, err - } - - return StatefulSetStorage{ - StatefulSet: statefulSetRest, - Status: statefulSetStatusRest, - Scale: &ScaleREST{store: statefulSetRest.Store}, - }, nil -} - -// REST implements a RESTStorage for statefulsets against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against statefulsets. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &apps.StatefulSet{} }, - NewListFunc: func() runtime.Object { return &apps.StatefulSetList{} }, - DefaultQualifiedResource: apps.Resource("statefulsets"), - - CreateStrategy: statefulset.Strategy, - UpdateStrategy: statefulset.Strategy, - DeleteStrategy: statefulset.Strategy, - ResetFieldsStrategy: statefulset.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = statefulset.StatusStrategy - statusStore.ResetFieldsStrategy = statefulset.StatusStrategy - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// StatusREST implements the REST endpoint for changing the status of an statefulSet -type StatusREST struct { - store *genericregistry.Store -} - -// New returns empty StatefulSet object. -func (r *StatusREST) New() runtime.Object { - return &apps.StatefulSet{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"sts"} -} - -// ScaleREST implements a Scale for Deployment. -type ScaleREST struct { - store *genericregistry.Store -} - -// ScaleREST implements Patcher -var _ = rest.Patcher(&ScaleREST{}) -var _ = rest.GroupVersionKindProvider(&ScaleREST{}) - -// GroupVersionKind returns GroupVersionKind for StatefulSet Scale object -func (r *ScaleREST) GroupVersionKind(containingGV schema.GroupVersion) schema.GroupVersionKind { - switch containingGV { - case appsv1beta1.SchemeGroupVersion: - return appsv1beta1.SchemeGroupVersion.WithKind("Scale") - case appsv1beta2.SchemeGroupVersion: - return appsv1beta2.SchemeGroupVersion.WithKind("Scale") - default: - return autoscalingv1.SchemeGroupVersion.WithKind("Scale") - } -} - -// New creates a new Scale object -func (r *ScaleREST) New() runtime.Object { - return &autoscaling.Scale{} -} - -// Destroy cleans up resources on shutdown. -func (r *ScaleREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves object from Scale storage. -func (r *ScaleREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - obj, err := r.store.Get(ctx, name, options) - if err != nil { - return nil, err - } - ss := obj.(*apps.StatefulSet) - scale, err := scaleFromStatefulSet(ss) - if err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("%v", err)) - } - return scale, err -} - -// Update alters scale subset of StatefulSet object. -func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - obj, _, err := r.store.Update( - ctx, - name, - &scaleUpdatedObjectInfo{name, objInfo}, - toScaleCreateValidation(createValidation), - toScaleUpdateValidation(updateValidation), - false, - options, - ) - if err != nil { - return nil, false, err - } - ss := obj.(*apps.StatefulSet) - newScale, err := scaleFromStatefulSet(ss) - if err != nil { - return nil, false, errors.NewBadRequest(fmt.Sprintf("%v", err)) - } - return newScale, false, err -} - -func (r *ScaleREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc { - return func(ctx context.Context, obj runtime.Object) error { - scale, err := scaleFromStatefulSet(obj.(*apps.StatefulSet)) - if err != nil { - return err - } - return f(ctx, scale) - } -} - -func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc { - return func(ctx context.Context, obj, old runtime.Object) error { - newScale, err := scaleFromStatefulSet(obj.(*apps.StatefulSet)) - if err != nil { - return err - } - oldScale, err := scaleFromStatefulSet(old.(*apps.StatefulSet)) - if err != nil { - return err - } - return f(ctx, newScale, oldScale) - } -} - -// scaleFromStatefulSet returns a scale subresource for a statefulset. -func scaleFromStatefulSet(ss *apps.StatefulSet) (*autoscaling.Scale, error) { - selector, err := metav1.LabelSelectorAsSelector(ss.Spec.Selector) - if err != nil { - return nil, err - } - return &autoscaling.Scale{ - // TODO: Create a variant of ObjectMeta type that only contains the fields below. - ObjectMeta: metav1.ObjectMeta{ - Name: ss.Name, - Namespace: ss.Namespace, - UID: ss.UID, - ResourceVersion: ss.ResourceVersion, - CreationTimestamp: ss.CreationTimestamp, - }, - Spec: autoscaling.ScaleSpec{ - Replicas: ss.Spec.Replicas, - }, - Status: autoscaling.ScaleStatus{ - Replicas: ss.Status.Replicas, - Selector: selector.String(), - }, - }, nil -} - -// scaleUpdatedObjectInfo transforms existing statefulset -> existing scale -> new scale -> new statefulset -type scaleUpdatedObjectInfo struct { - name string - reqObjInfo rest.UpdatedObjectInfo -} - -func (i *scaleUpdatedObjectInfo) Preconditions() *metav1.Preconditions { - return i.reqObjInfo.Preconditions() -} - -func (i *scaleUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj runtime.Object) (runtime.Object, error) { - statefulset, ok := oldObj.DeepCopyObject().(*apps.StatefulSet) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected existing object type to be StatefulSet, got %T", statefulset)) - } - // if zero-value, the existing object does not exist - if len(statefulset.ResourceVersion) == 0 { - return nil, errors.NewNotFound(apps.Resource("statefulsets/scale"), i.name) - } - - groupVersion := schema.GroupVersion{Group: "apps", Version: "v1"} - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - requestGroupVersion := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - if _, ok := replicasPathInStatefulSet[requestGroupVersion.String()]; ok { - groupVersion = requestGroupVersion - } else { - klog.Fatalf("Unrecognized group/version in request info %q", requestGroupVersion.String()) - } - } - - managedFieldsHandler := fieldmanager.NewScaleHandler( - statefulset.ManagedFields, - groupVersion, - replicasPathInStatefulSet, - ) - - // statefulset -> old scale - oldScale, err := scaleFromStatefulSet(statefulset) - if err != nil { - return nil, err - } - scaleManagedFields, err := managedFieldsHandler.ToSubresource() - if err != nil { - return nil, err - } - oldScale.ManagedFields = scaleManagedFields - - // old scale -> new scale - newScaleObj, err := i.reqObjInfo.UpdatedObject(ctx, oldScale) - if err != nil { - return nil, err - } - if newScaleObj == nil { - return nil, errors.NewBadRequest("nil update passed to Scale") - } - scale, ok := newScaleObj.(*autoscaling.Scale) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected input object type to be Scale, but %T", newScaleObj)) - } - - // validate - if errs := autoscalingvalidation.ValidateScale(scale); len(errs) > 0 { - return nil, errors.NewInvalid(autoscaling.Kind("Scale"), statefulset.Name, errs) - } - - // validate precondition if specified (resourceVersion matching is handled by storage) - if len(scale.UID) > 0 && scale.UID != statefulset.UID { - return nil, errors.NewConflict( - apps.Resource("statefulsets/scale"), - statefulset.Name, - fmt.Errorf("Precondition failed: UID in precondition: %v, UID in object meta: %v", scale.UID, statefulset.UID), - ) - } - - // move replicas/resourceVersion fields to object and return - statefulset.Spec.Replicas = scale.Spec.Replicas - statefulset.ResourceVersion = scale.ResourceVersion - - updatedEntries, err := managedFieldsHandler.ToParent(scale.ManagedFields) - if err != nil { - return nil, err - } - statefulset.ManagedFields = updatedEntries - - return statefulset, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/strategy.go deleted file mode 100644 index e650001258..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/apps/statefulset/strategy.go +++ /dev/null @@ -1,228 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package statefulset - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - pvcutil "k8s.io/kubernetes/pkg/api/persistentvolumeclaim" - "k8s.io/kubernetes/pkg/api/pod" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/apps/validation" - "k8s.io/kubernetes/pkg/features" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// statefulSetStrategy implements verification logic for Replication StatefulSets. -type statefulSetStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Replication StatefulSet objects. -var Strategy = statefulSetStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Make sure we correctly implement the interface. -var _ = rest.GarbageCollectionDeleteStrategy(Strategy) - -// DefaultGarbageCollectionPolicy returns DeleteDependents for all currently served versions. -func (statefulSetStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - return rest.DeleteDependents -} - -// NamespaceScoped returns true because all StatefulSet' need to be within a namespace. -func (statefulSetStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (statefulSetStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of an StatefulSet before creation. -func (statefulSetStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - statefulSet := obj.(*apps.StatefulSet) - // create cannot set status - statefulSet.Status = apps.StatefulSetStatus{} - - statefulSet.Generation = 1 - - dropStatefulSetDisabledFields(statefulSet, nil) - pod.DropDisabledTemplateFields(&statefulSet.Spec.Template, nil) -} - -// maxUnavailableInUse returns true if StatefulSet's maxUnavailable set(used) -func maxUnavailableInUse(statefulset *apps.StatefulSet) bool { - if statefulset == nil { - return false - } - if statefulset.Spec.UpdateStrategy.RollingUpdate == nil { - return false - } - - return statefulset.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable != nil -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (statefulSetStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newStatefulSet := obj.(*apps.StatefulSet) - oldStatefulSet := old.(*apps.StatefulSet) - // Update is not allowed to set status - newStatefulSet.Status = oldStatefulSet.Status - - dropStatefulSetDisabledFields(newStatefulSet, oldStatefulSet) - pod.DropDisabledTemplateFields(&newStatefulSet.Spec.Template, &oldStatefulSet.Spec.Template) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldStatefulSet.Spec, newStatefulSet.Spec) { - newStatefulSet.Generation = oldStatefulSet.Generation + 1 - } -} - -// dropStatefulSetDisabledFields drops fields that are not used if their associated feature gates -// are not enabled. -// The typical pattern is: -// -// if !utilfeature.DefaultFeatureGate.Enabled(features.MyFeature) && !myFeatureInUse(oldSvc) { -// newSvc.Spec.MyFeature = nil -// } -func dropStatefulSetDisabledFields(newSS *apps.StatefulSet, oldSS *apps.StatefulSet) { - if !utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoDeletePVC) { - if oldSS == nil || oldSS.Spec.PersistentVolumeClaimRetentionPolicy == nil { - newSS.Spec.PersistentVolumeClaimRetentionPolicy = nil - } - } - if !utilfeature.DefaultFeatureGate.Enabled(features.MaxUnavailableStatefulSet) && !maxUnavailableInUse(oldSS) { - if newSS.Spec.UpdateStrategy.RollingUpdate != nil { - newSS.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable = nil - } - } - if !utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) { - if oldSS == nil || oldSS.Spec.Ordinals == nil { - // Reset Spec.Ordinals to the default value (nil). - newSS.Spec.Ordinals = nil - } - } -} - -// Validate validates a new StatefulSet. -func (statefulSetStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - statefulSet := obj.(*apps.StatefulSet) - opts := pod.GetValidationOptionsFromPodTemplate(&statefulSet.Spec.Template, nil) - return validation.ValidateStatefulSet(statefulSet, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (statefulSetStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newStatefulSet := obj.(*apps.StatefulSet) - warnings := pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newStatefulSet.Spec.Template, nil) - for i, pvc := range newStatefulSet.Spec.VolumeClaimTemplates { - warnings = append(warnings, pvcutil.GetWarningsForPersistentVolumeClaimSpec(field.NewPath("spec", "volumeClaimTemplates").Index(i), pvc.Spec)...) - } - return warnings -} - -// Canonicalize normalizes the object after validation. -func (statefulSetStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for StatefulSet; this means POST is needed to create one. -func (statefulSetStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (statefulSetStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newStatefulSet := obj.(*apps.StatefulSet) - oldStatefulSet := old.(*apps.StatefulSet) - - opts := pod.GetValidationOptionsFromPodTemplate(&newStatefulSet.Spec.Template, &oldStatefulSet.Spec.Template) - return validation.ValidateStatefulSetUpdate(newStatefulSet, oldStatefulSet, opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (statefulSetStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - newStatefulSet := obj.(*apps.StatefulSet) - oldStatefulSet := old.(*apps.StatefulSet) - if newStatefulSet.Generation != oldStatefulSet.Generation { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newStatefulSet.Spec.Template, &oldStatefulSet.Spec.Template) - } - for i, pvc := range newStatefulSet.Spec.VolumeClaimTemplates { - warnings = append(warnings, pvcutil.GetWarningsForPersistentVolumeClaimSpec(field.NewPath("spec", "volumeClaimTemplates").Index(i).Child("Spec"), pvc.Spec)...) - } - - return warnings -} - -// AllowUnconditionalUpdate is the default update policy for StatefulSet objects. -func (statefulSetStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type statefulSetStatusStrategy struct { - statefulSetStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = statefulSetStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (statefulSetStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "apps/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update of status -func (statefulSetStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newStatefulSet := obj.(*apps.StatefulSet) - oldStatefulSet := old.(*apps.StatefulSet) - // status changes are not allowed to update spec - newStatefulSet.Spec = oldStatefulSet.Spec -} - -// ValidateUpdate is the default update validation for an end user updating status -func (statefulSetStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - // TODO: Validate status updates. - return validation.ValidateStatefulSetStatusUpdate(obj.(*apps.StatefulSet), old.(*apps.StatefulSet)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (statefulSetStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/rest/storage_authentication.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/rest/storage_authentication.go deleted file mode 100644 index 35e0794812..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/rest/storage_authentication.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - authenticationv1 "k8s.io/api/authentication/v1" - authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/authentication" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/registry/authentication/selfsubjectreview" - "k8s.io/kubernetes/pkg/registry/authentication/tokenreview" -) - -type RESTStorageProvider struct { - Authenticator authenticator.Request - APIAudiences authenticator.Audiences -} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - // TODO figure out how to make the swagger generation stable, while allowing this endpoint to be disabled. - // if p.Authenticator == nil { - // return genericapiserver.APIGroupInfo{}, false - // } - - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(authentication.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[authenticationv1alpha1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap := p.v1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[authenticationv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { - storage := map[string]rest.Storage{} - - // tokenreviews - if resource := "tokenreviews"; apiResourceConfigSource.ResourceEnabled(authenticationv1.SchemeGroupVersion.WithResource(resource)) { - tokenReviewStorage := tokenreview.NewREST(p.Authenticator, p.APIAudiences) - storage[resource] = tokenReviewStorage - } - - return storage -} - -func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { - storage := map[string]rest.Storage{} - - // selfsubjectreviews - if resource := "selfsubjectreviews"; apiResourceConfigSource.ResourceEnabled(authenticationv1alpha1.SchemeGroupVersion.WithResource(resource)) { - if utilfeature.DefaultFeatureGate.Enabled(features.APISelfSubjectReview) { - selfSRStorage := selfsubjectreview.NewREST() - storage[resource] = selfSRStorage - } else { - klog.Warningln("SelfSubjectReview API is disabled because corresponding feature gate APISelfSubjectReview is not enabled.") - } - } - return storage -} - -func (p RESTStorageProvider) GroupName() string { - return authentication.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/selfsubjectreview/rest.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/selfsubjectreview/rest.go deleted file mode 100644 index 8d502315df..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/selfsubjectreview/rest.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package selfsubjectreview - -import ( - "context" - "fmt" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - authenticationapi "k8s.io/kubernetes/pkg/apis/authentication" -) - -// REST implements a RESTStorage for selfsubjectreviews. -type REST struct { -} - -// NewREST returns a RESTStorage object that will work against selfsubjectrulesreviews. -func NewREST() *REST { - return &REST{} -} - -// NamespaceScoped fulfill rest.Scoper -func (r *REST) NamespaceScoped() bool { - return false -} - -// New creates a new selfsubjectrulesreview object. -func (r *REST) New() runtime.Object { - return &authenticationapi.SelfSubjectReview{} -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -// Create returns attributes of the subject making the request. -func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - _, ok := obj.(*authenticationapi.SelfSubjectReview) - if !ok { - return nil, apierrors.NewBadRequest(fmt.Sprintf("not a SelfSubjectReview: %#v", obj)) - } - - user, ok := genericapirequest.UserFrom(ctx) - if !ok { - return nil, apierrors.NewBadRequest("no user present on request") - } - - extra := user.GetExtra() - - selfSAR := &authenticationapi.SelfSubjectReview{ - ObjectMeta: metav1.ObjectMeta{ - CreationTimestamp: metav1.NewTime(time.Now()), - }, - Status: authenticationapi.SelfSubjectReviewStatus{ - UserInfo: authenticationapi.UserInfo{ - Username: user.GetName(), - UID: user.GetUID(), - Groups: user.GetGroups(), - Extra: make(map[string]authenticationapi.ExtraValue, len(extra)), - }, - }, - } - for key, attr := range extra { - selfSAR.Status.UserInfo.Extra[key] = attr - } - - return selfSAR, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/tokenreview/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/tokenreview/storage.go deleted file mode 100644 index 46f3e00f1a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authentication/tokenreview/storage.go +++ /dev/null @@ -1,124 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package tokenreview - -import ( - "context" - "errors" - "fmt" - "net/http" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authentication/authenticator" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/apis/authentication" -) - -var badAuthenticatorAuds = apierrors.NewInternalError(errors.New("error validating audiences")) - -type REST struct { - tokenAuthenticator authenticator.Request - apiAudiences []string -} - -func NewREST(tokenAuthenticator authenticator.Request, apiAudiences []string) *REST { - return &REST{ - tokenAuthenticator: tokenAuthenticator, - apiAudiences: apiAudiences, - } -} - -func (r *REST) NamespaceScoped() bool { - return false -} - -func (r *REST) New() runtime.Object { - return &authentication.TokenReview{} -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - tokenReview, ok := obj.(*authentication.TokenReview) - if !ok { - return nil, apierrors.NewBadRequest(fmt.Sprintf("not a TokenReview: %#v", obj)) - } - namespace := genericapirequest.NamespaceValue(ctx) - if len(namespace) != 0 { - return nil, apierrors.NewBadRequest(fmt.Sprintf("namespace is not allowed on this type: %v", namespace)) - } - - if len(tokenReview.Spec.Token) == 0 { - return nil, apierrors.NewBadRequest(fmt.Sprintf("token is required for TokenReview in authentication")) - } - - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - if r.tokenAuthenticator == nil { - return tokenReview, nil - } - - // create a header that contains nothing but the token - fakeReq := &http.Request{Header: http.Header{}} - fakeReq.Header.Add("Authorization", "Bearer "+tokenReview.Spec.Token) - - auds := tokenReview.Spec.Audiences - if len(auds) == 0 { - auds = r.apiAudiences - } - if len(auds) > 0 { - fakeReq = fakeReq.WithContext(authenticator.WithAudiences(fakeReq.Context(), auds)) - } - - resp, ok, err := r.tokenAuthenticator.AuthenticateRequest(fakeReq) - tokenReview.Status.Authenticated = ok - if err != nil { - tokenReview.Status.Error = err.Error() - } - - if len(auds) > 0 && resp != nil && len(authenticator.Audiences(auds).Intersect(resp.Audiences)) == 0 { - klog.Errorf("error validating audience. want=%q got=%q", auds, resp.Audiences) - return nil, badAuthenticatorAuds - } - - if resp != nil && resp.User != nil { - tokenReview.Status.User = authentication.UserInfo{ - Username: resp.User.GetName(), - UID: resp.User.GetUID(), - Groups: resp.User.GetGroups(), - Extra: map[string]authentication.ExtraValue{}, - } - for k, v := range resp.User.GetExtra() { - tokenReview.Status.User.Extra[k] = authentication.ExtraValue(v) - } - tokenReview.Status.Audiences = resp.Audiences - } - - return tokenReview, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview/rest.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview/rest.go deleted file mode 100644 index e28b03dc36..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview/rest.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package localsubjectaccessreview - -import ( - "context" - "fmt" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - authorizationapi "k8s.io/kubernetes/pkg/apis/authorization" - authorizationvalidation "k8s.io/kubernetes/pkg/apis/authorization/validation" - authorizationutil "k8s.io/kubernetes/pkg/registry/authorization/util" -) - -type REST struct { - authorizer authorizer.Authorizer -} - -func NewREST(authorizer authorizer.Authorizer) *REST { - return &REST{authorizer} -} - -func (r *REST) NamespaceScoped() bool { - return true -} - -func (r *REST) New() runtime.Object { - return &authorizationapi.LocalSubjectAccessReview{} -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - localSubjectAccessReview, ok := obj.(*authorizationapi.LocalSubjectAccessReview) - if !ok { - return nil, apierrors.NewBadRequest(fmt.Sprintf("not a LocaLocalSubjectAccessReview: %#v", obj)) - } - if errs := authorizationvalidation.ValidateLocalSubjectAccessReview(localSubjectAccessReview); len(errs) > 0 { - return nil, apierrors.NewInvalid(authorizationapi.Kind(localSubjectAccessReview.Kind), "", errs) - } - namespace := genericapirequest.NamespaceValue(ctx) - if len(namespace) == 0 { - return nil, apierrors.NewBadRequest(fmt.Sprintf("namespace is required on this type: %v", namespace)) - } - if namespace != localSubjectAccessReview.Namespace { - return nil, apierrors.NewBadRequest(fmt.Sprintf("spec.resourceAttributes.namespace must match namespace: %v", namespace)) - } - - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - authorizationAttributes := authorizationutil.AuthorizationAttributesFrom(localSubjectAccessReview.Spec) - decision, reason, evaluationErr := r.authorizer.Authorize(ctx, authorizationAttributes) - - localSubjectAccessReview.Status = authorizationapi.SubjectAccessReviewStatus{ - Allowed: (decision == authorizer.DecisionAllow), - Denied: (decision == authorizer.DecisionDeny), - Reason: reason, - } - if evaluationErr != nil { - localSubjectAccessReview.Status.EvaluationError = evaluationErr.Error() - } - - return localSubjectAccessReview, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/rest/storage_authorization.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/rest/storage_authorization.go deleted file mode 100644 index 4f17771bba..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/rest/storage_authorization.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - authorizationv1 "k8s.io/api/authorization/v1" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/authorization" - "k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview" - "k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview" - "k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview" - "k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview" -) - -type RESTStorageProvider struct { - Authorizer authorizer.Authorizer - RuleResolver authorizer.RuleResolver -} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - if p.Authorizer == nil { - return genericapiserver.APIGroupInfo{}, nil - } - - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(authorization.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap := p.v1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[authorizationv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { - storage := map[string]rest.Storage{} - - // subjectaccessreviews - if resource := "subjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = subjectaccessreview.NewREST(p.Authorizer) - } - - // selfsubjectaccessreviews - if resource := "selfsubjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = selfsubjectaccessreview.NewREST(p.Authorizer) - } - - // localsubjectaccessreviews - if resource := "localsubjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = localsubjectaccessreview.NewREST(p.Authorizer) - } - - // selfsubjectrulesreviews - if resource := "selfsubjectrulesreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = selfsubjectrulesreview.NewREST(p.RuleResolver) - } - - return storage -} - -func (p RESTStorageProvider) GroupName() string { - return authorization.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest.go deleted file mode 100644 index f2c3a9a0b3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview/rest.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package selfsubjectaccessreview - -import ( - "context" - "fmt" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - authorizationapi "k8s.io/kubernetes/pkg/apis/authorization" - authorizationvalidation "k8s.io/kubernetes/pkg/apis/authorization/validation" - authorizationutil "k8s.io/kubernetes/pkg/registry/authorization/util" -) - -type REST struct { - authorizer authorizer.Authorizer -} - -func NewREST(authorizer authorizer.Authorizer) *REST { - return &REST{authorizer} -} - -func (r *REST) NamespaceScoped() bool { - return false -} - -func (r *REST) New() runtime.Object { - return &authorizationapi.SelfSubjectAccessReview{} -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - selfSAR, ok := obj.(*authorizationapi.SelfSubjectAccessReview) - if !ok { - return nil, apierrors.NewBadRequest(fmt.Sprintf("not a SelfSubjectAccessReview: %#v", obj)) - } - if errs := authorizationvalidation.ValidateSelfSubjectAccessReview(selfSAR); len(errs) > 0 { - return nil, apierrors.NewInvalid(authorizationapi.Kind(selfSAR.Kind), "", errs) - } - userToCheck, exists := genericapirequest.UserFrom(ctx) - if !exists { - return nil, apierrors.NewBadRequest("no user present on request") - } - - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - var authorizationAttributes authorizer.AttributesRecord - if selfSAR.Spec.ResourceAttributes != nil { - authorizationAttributes = authorizationutil.ResourceAttributesFrom(userToCheck, *selfSAR.Spec.ResourceAttributes) - } else { - authorizationAttributes = authorizationutil.NonResourceAttributesFrom(userToCheck, *selfSAR.Spec.NonResourceAttributes) - } - - decision, reason, evaluationErr := r.authorizer.Authorize(ctx, authorizationAttributes) - - selfSAR.Status = authorizationapi.SubjectAccessReviewStatus{ - Allowed: (decision == authorizer.DecisionAllow), - Denied: (decision == authorizer.DecisionDeny), - Reason: reason, - } - if evaluationErr != nil { - selfSAR.Status.EvaluationError = evaluationErr.Error() - } - - return selfSAR, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview/rest.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview/rest.go deleted file mode 100644 index f1c3a9f86c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview/rest.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package selfsubjectrulesreview - -import ( - "context" - "fmt" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - authorizationapi "k8s.io/kubernetes/pkg/apis/authorization" -) - -// REST implements a RESTStorage for selfsubjectrulesreview. -type REST struct { - ruleResolver authorizer.RuleResolver -} - -// NewREST returns a RESTStorage object that will work against selfsubjectrulesreview. -func NewREST(ruleResolver authorizer.RuleResolver) *REST { - return &REST{ruleResolver} -} - -// NamespaceScoped fulfill rest.Scoper -func (r *REST) NamespaceScoped() bool { - return false -} - -// New creates a new selfsubjectrulesreview object. -func (r *REST) New() runtime.Object { - return &authorizationapi.SelfSubjectRulesReview{} -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -// Create attempts to get self subject rules in specific namespace. -func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - selfSRR, ok := obj.(*authorizationapi.SelfSubjectRulesReview) - if !ok { - return nil, apierrors.NewBadRequest(fmt.Sprintf("not a SelfSubjectRulesReview: %#v", obj)) - } - - user, ok := genericapirequest.UserFrom(ctx) - if !ok { - return nil, apierrors.NewBadRequest("no user present on request") - } - - namespace := selfSRR.Spec.Namespace - if namespace == "" { - return nil, apierrors.NewBadRequest("no namespace on request") - } - - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - resourceInfo, nonResourceInfo, incomplete, err := r.ruleResolver.RulesFor(user, namespace) - - ret := &authorizationapi.SelfSubjectRulesReview{ - Status: authorizationapi.SubjectRulesReviewStatus{ - ResourceRules: getResourceRules(resourceInfo), - NonResourceRules: getNonResourceRules(nonResourceInfo), - Incomplete: incomplete, - }, - } - - if err != nil { - ret.Status.EvaluationError = err.Error() - } - - return ret, nil -} - -func getResourceRules(infos []authorizer.ResourceRuleInfo) []authorizationapi.ResourceRule { - rules := make([]authorizationapi.ResourceRule, len(infos)) - for i, info := range infos { - rules[i] = authorizationapi.ResourceRule{ - Verbs: info.GetVerbs(), - APIGroups: info.GetAPIGroups(), - Resources: info.GetResources(), - ResourceNames: info.GetResourceNames(), - } - } - return rules -} - -func getNonResourceRules(infos []authorizer.NonResourceRuleInfo) []authorizationapi.NonResourceRule { - rules := make([]authorizationapi.NonResourceRule, len(infos)) - for i, info := range infos { - rules[i] = authorizationapi.NonResourceRule{ - Verbs: info.GetVerbs(), - NonResourceURLs: info.GetNonResourceURLs(), - } - } - return rules -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview/rest.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview/rest.go deleted file mode 100644 index 4bb2072a5f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview/rest.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package subjectaccessreview - -import ( - "context" - "fmt" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/rest" - authorizationapi "k8s.io/kubernetes/pkg/apis/authorization" - authorizationvalidation "k8s.io/kubernetes/pkg/apis/authorization/validation" - authorizationutil "k8s.io/kubernetes/pkg/registry/authorization/util" -) - -type REST struct { - authorizer authorizer.Authorizer -} - -func NewREST(authorizer authorizer.Authorizer) *REST { - return &REST{authorizer} -} - -func (r *REST) NamespaceScoped() bool { - return false -} - -func (r *REST) New() runtime.Object { - return &authorizationapi.SubjectAccessReview{} -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - subjectAccessReview, ok := obj.(*authorizationapi.SubjectAccessReview) - if !ok { - return nil, apierrors.NewBadRequest(fmt.Sprintf("not a SubjectAccessReview: %#v", obj)) - } - if errs := authorizationvalidation.ValidateSubjectAccessReview(subjectAccessReview); len(errs) > 0 { - return nil, apierrors.NewInvalid(authorizationapi.Kind(subjectAccessReview.Kind), "", errs) - } - - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - authorizationAttributes := authorizationutil.AuthorizationAttributesFrom(subjectAccessReview.Spec) - decision, reason, evaluationErr := r.authorizer.Authorize(ctx, authorizationAttributes) - - subjectAccessReview.Status = authorizationapi.SubjectAccessReviewStatus{ - Allowed: (decision == authorizer.DecisionAllow), - Denied: (decision == authorizer.DecisionDeny), - Reason: reason, - } - if evaluationErr != nil { - subjectAccessReview.Status.EvaluationError = evaluationErr.Error() - } - - return subjectAccessReview, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/util/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/util/helpers.go deleted file mode 100644 index c9187f481d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/authorization/util/helpers.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - authorizationapi "k8s.io/kubernetes/pkg/apis/authorization" -) - -// ResourceAttributesFrom combines the API object information and the user.Info from the context to build a full authorizer.AttributesRecord for resource access -func ResourceAttributesFrom(user user.Info, in authorizationapi.ResourceAttributes) authorizer.AttributesRecord { - return authorizer.AttributesRecord{ - User: user, - Verb: in.Verb, - Namespace: in.Namespace, - APIGroup: in.Group, - APIVersion: in.Version, - Resource: in.Resource, - Subresource: in.Subresource, - Name: in.Name, - ResourceRequest: true, - } -} - -// NonResourceAttributesFrom combines the API object information and the user.Info from the context to build a full authorizer.AttributesRecord for non resource access -func NonResourceAttributesFrom(user user.Info, in authorizationapi.NonResourceAttributes) authorizer.AttributesRecord { - return authorizer.AttributesRecord{ - User: user, - ResourceRequest: false, - Path: in.Path, - Verb: in.Verb, - } -} - -func convertToUserInfoExtra(extra map[string]authorizationapi.ExtraValue) map[string][]string { - if extra == nil { - return nil - } - ret := map[string][]string{} - for k, v := range extra { - ret[k] = []string(v) - } - - return ret -} - -// AuthorizationAttributesFrom takes a spec and returns the proper authz attributes to check it. -func AuthorizationAttributesFrom(spec authorizationapi.SubjectAccessReviewSpec) authorizer.AttributesRecord { - userToCheck := &user.DefaultInfo{ - Name: spec.User, - Groups: spec.Groups, - UID: spec.UID, - Extra: convertToUserInfoExtra(spec.Extra), - } - - var authorizationAttributes authorizer.AttributesRecord - if spec.ResourceAttributes != nil { - authorizationAttributes = ResourceAttributesFrom(userToCheck, *spec.ResourceAttributes) - } else { - authorizationAttributes = NonResourceAttributesFrom(userToCheck, *spec.NonResourceAttributes) - } - - return authorizationAttributes -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/doc.go deleted file mode 100644 index 4fb09da365..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package horizontalpodautoscaler // import "k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go deleted file mode 100644 index 03171ed1ff..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/storage/storage.go +++ /dev/null @@ -1,116 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for pod disruption budgets against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against horizontal pod autoscalers. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &autoscaling.HorizontalPodAutoscaler{} }, - NewListFunc: func() runtime.Object { return &autoscaling.HorizontalPodAutoscalerList{} }, - DefaultQualifiedResource: autoscaling.Resource("horizontalpodautoscalers"), - - CreateStrategy: horizontalpodautoscaler.Strategy, - UpdateStrategy: horizontalpodautoscaler.Strategy, - DeleteStrategy: horizontalpodautoscaler.Strategy, - ResetFieldsStrategy: horizontalpodautoscaler.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = horizontalpodautoscaler.StatusStrategy - statusStore.ResetFieldsStrategy = horizontalpodautoscaler.StatusStrategy - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"hpa"} -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// StatusREST implements the REST endpoint for changing the status of a daemonset -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new HorizontalPodAutoscaler object. -func (r *StatusREST) New() runtime.Object { - return &autoscaling.HorizontalPodAutoscaler{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/strategy.go deleted file mode 100644 index 7e6fadf662..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/strategy.go +++ /dev/null @@ -1,185 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package horizontalpodautoscaler - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/autoscaling" - "k8s.io/kubernetes/pkg/apis/autoscaling/validation" - "k8s.io/kubernetes/pkg/features" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// autoscalerStrategy implements behavior for HorizontalPodAutoscalers -type autoscalerStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating HorizontalPodAutoscaler -// objects via the REST API. -var Strategy = autoscalerStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is true for autoscaler. -func (autoscalerStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (autoscalerStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "autoscaling/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "autoscaling/v2": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "autoscaling/v2beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "autoscaling/v2beta2": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (autoscalerStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - newHPA := obj.(*autoscaling.HorizontalPodAutoscaler) - - // create cannot set status - newHPA.Status = autoscaling.HorizontalPodAutoscalerStatus{} - - if !utilfeature.DefaultFeatureGate.Enabled(features.HPAContainerMetrics) { - dropContainerMetricSources(newHPA.Spec.Metrics) - } -} - -// Validate validates a new autoscaler. -func (autoscalerStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - autoscaler := obj.(*autoscaling.HorizontalPodAutoscaler) - return validation.ValidateHorizontalPodAutoscaler(autoscaler) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (autoscalerStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (autoscalerStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for autoscalers. -func (autoscalerStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (autoscalerStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newHPA := obj.(*autoscaling.HorizontalPodAutoscaler) - oldHPA := old.(*autoscaling.HorizontalPodAutoscaler) - if !utilfeature.DefaultFeatureGate.Enabled(features.HPAContainerMetrics) && !hasContainerMetricSources(oldHPA) { - dropContainerMetricSources(newHPA.Spec.Metrics) - } - // Update is not allowed to set status - newHPA.Status = oldHPA.Status -} - -// dropContainerMetricSources ensures all container resource metric sources are nil -func dropContainerMetricSources(metrics []autoscaling.MetricSpec) { - for i := range metrics { - metrics[i].ContainerResource = nil - } -} - -// hasContainerMetricSources returns true if the hpa has any container resource metric sources -func hasContainerMetricSources(hpa *autoscaling.HorizontalPodAutoscaler) bool { - for i := range hpa.Spec.Metrics { - if hpa.Spec.Metrics[i].ContainerResource != nil { - return true - } - } - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (autoscalerStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateHorizontalPodAutoscalerUpdate(obj.(*autoscaling.HorizontalPodAutoscaler), old.(*autoscaling.HorizontalPodAutoscaler)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (autoscalerStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (autoscalerStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type autoscalerStatusStrategy struct { - autoscalerStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = autoscalerStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (autoscalerStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "autoscaling/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "autoscaling/v2": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "autoscaling/v2beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "autoscaling/v2beta2": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -func (autoscalerStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newAutoscaler := obj.(*autoscaling.HorizontalPodAutoscaler) - oldAutoscaler := old.(*autoscaling.HorizontalPodAutoscaler) - // status changes are not allowed to update spec - newAutoscaler.Spec = oldAutoscaler.Spec -} - -func (autoscalerStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateHorizontalPodAutoscalerStatusUpdate(obj.(*autoscaling.HorizontalPodAutoscaler), old.(*autoscaling.HorizontalPodAutoscaler)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (autoscalerStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/rest/storage_autoscaling.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/rest/storage_autoscaling.go deleted file mode 100644 index c4fa097ade..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/autoscaling/rest/storage_autoscaling.go +++ /dev/null @@ -1,132 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - autoscalingapiv1 "k8s.io/api/autoscaling/v1" - autoscalingapiv2beta1 "k8s.io/api/autoscaling/v2beta1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/autoscaling" - autoscalingapiv2 "k8s.io/kubernetes/pkg/apis/autoscaling/v2" - autoscalingapiv2beta2 "k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2" - horizontalpodautoscalerstore "k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/storage" -) - -type RESTStorageProvider struct{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(autoscaling.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v2beta2Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[autoscalingapiv2beta2.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v2Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[autoscalingapiv2.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v2beta1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[autoscalingapiv2beta1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[autoscalingapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // horizontalpodautoscalers - if resource := "horizontalpodautoscalers"; apiResourceConfigSource.ResourceEnabled(autoscalingapiv1.SchemeGroupVersion.WithResource(resource)) { - hpaStorage, hpaStatusStorage, err := horizontalpodautoscalerstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = hpaStorage - storage[resource+"/status"] = hpaStatusStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) v2beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // horizontalpodautoscalers - if resource := "horizontalpodautoscalers"; apiResourceConfigSource.ResourceEnabled(autoscalingapiv2beta1.SchemeGroupVersion.WithResource(resource)) { - hpaStorage, hpaStatusStorage, err := horizontalpodautoscalerstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = hpaStorage - storage[resource+"/status"] = hpaStatusStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) v2beta2Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // horizontalpodautoscalers - if resource := "horizontalpodautoscalers"; apiResourceConfigSource.ResourceEnabled(autoscalingapiv2beta2.SchemeGroupVersion.WithResource(resource)) { - hpaStorage, hpaStatusStorage, err := horizontalpodautoscalerstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = hpaStorage - storage[resource+"/status"] = hpaStatusStorage - } - return storage, nil -} - -func (p RESTStorageProvider) v2Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // horizontalpodautoscalers - if resource := "horizontalpodautoscalers"; apiResourceConfigSource.ResourceEnabled(autoscalingapiv2.SchemeGroupVersion.WithResource(resource)) { - hpaStorage, hpaStatusStorage, err := horizontalpodautoscalerstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = hpaStorage - storage[resource+"/status"] = hpaStatusStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return autoscaling.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/doc.go deleted file mode 100644 index 679ad9b9df..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package cronjob provides Registry interface and it's RESTStorage -// implementation for storing CronJob api objects. -package cronjob // import "k8s.io/kubernetes/pkg/registry/batch/cronjob" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/storage/storage.go deleted file mode 100644 index 637dc8f375..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/storage/storage.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/batch" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/batch/cronjob" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for scheduled jobs against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against CronJobs. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &batch.CronJob{} }, - NewListFunc: func() runtime.Object { return &batch.CronJobList{} }, - DefaultQualifiedResource: batch.Resource("cronjobs"), - - CreateStrategy: cronjob.Strategy, - UpdateStrategy: cronjob.Strategy, - DeleteStrategy: cronjob.Strategy, - ResetFieldsStrategy: cronjob.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = cronjob.StatusStrategy - statusStore.ResetFieldsStrategy = cronjob.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -var _ rest.CategoriesProvider = &REST{} -var _ rest.ShortNamesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"cj"} -} - -// StatusREST implements the REST endpoint for changing the status of a resourcequota. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new CronJob object. -func (r *StatusREST) New() runtime.Object { - return &batch.CronJob{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/strategy.go deleted file mode 100644 index c1d42d1ae0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/cronjob/strategy.go +++ /dev/null @@ -1,205 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cronjob - -import ( - "context" - "fmt" - "strings" - - batchv1beta1 "k8s.io/api/batch/v1beta1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/api/pod" - "k8s.io/kubernetes/pkg/apis/batch" - "k8s.io/kubernetes/pkg/apis/batch/validation" - "k8s.io/kubernetes/pkg/features" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// cronJobStrategy implements verification logic for Replication Controllers. -type cronJobStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating CronJob objects. -var Strategy = cronJobStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// DefaultGarbageCollectionPolicy returns OrphanDependents for batch/v1beta1 for backwards compatibility, -// and DeleteDependents for all other versions. -func (cronJobStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - var groupVersion schema.GroupVersion - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - groupVersion = schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - } - switch groupVersion { - case batchv1beta1.SchemeGroupVersion: - // for back compatibility - return rest.OrphanDependents - default: - return rest.DeleteDependents - } -} - -// NamespaceScoped returns true because all scheduled jobs need to be within a namespace. -func (cronJobStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (cronJobStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "batch/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "batch/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of a scheduled job before creation. -func (cronJobStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - cronJob := obj.(*batch.CronJob) - cronJob.Status = batch.CronJobStatus{} - - cronJob.Generation = 1 - - if !utilfeature.DefaultFeatureGate.Enabled(features.CronJobTimeZone) { - cronJob.Spec.TimeZone = nil - } - - pod.DropDisabledTemplateFields(&cronJob.Spec.JobTemplate.Spec.Template, nil) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (cronJobStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newCronJob := obj.(*batch.CronJob) - oldCronJob := old.(*batch.CronJob) - newCronJob.Status = oldCronJob.Status - - if !utilfeature.DefaultFeatureGate.Enabled(features.CronJobTimeZone) && oldCronJob.Spec.TimeZone == nil { - newCronJob.Spec.TimeZone = nil - } - - pod.DropDisabledTemplateFields(&newCronJob.Spec.JobTemplate.Spec.Template, &oldCronJob.Spec.JobTemplate.Spec.Template) - - // Any changes to the spec increment the generation number. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(newCronJob.Spec, oldCronJob.Spec) { - newCronJob.Generation = oldCronJob.Generation + 1 - } -} - -// Validate validates a new scheduled job. -func (cronJobStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - cronJob := obj.(*batch.CronJob) - opts := pod.GetValidationOptionsFromPodTemplate(&cronJob.Spec.JobTemplate.Spec.Template, nil) - return validation.ValidateCronJobCreate(cronJob, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (cronJobStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newCronJob := obj.(*batch.CronJob) - warnings := pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "jobTemplate", "spec", "template"), &newCronJob.Spec.JobTemplate.Spec.Template, nil) - if strings.Contains(newCronJob.Spec.Schedule, "TZ") { - warnings = append(warnings, fmt.Sprintf("CRON_TZ or TZ used in %s is not officially supported, see https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ for more details", field.NewPath("spec", "spec", "schedule"))) - } - return warnings -} - -// Canonicalize normalizes the object after validation. -func (cronJobStrategy) Canonicalize(obj runtime.Object) { -} - -func (cronJobStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// AllowCreateOnUpdate is false for scheduled jobs; this means a POST is needed to create one. -func (cronJobStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (cronJobStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newCronJob := obj.(*batch.CronJob) - oldCronJob := old.(*batch.CronJob) - - opts := pod.GetValidationOptionsFromPodTemplate(&newCronJob.Spec.JobTemplate.Spec.Template, &oldCronJob.Spec.JobTemplate.Spec.Template) - return validation.ValidateCronJobUpdate(newCronJob, oldCronJob, opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (cronJobStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - newCronJob := obj.(*batch.CronJob) - oldCronJob := old.(*batch.CronJob) - if newCronJob.Generation != oldCronJob.Generation { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "jobTemplate", "spec", "template"), &newCronJob.Spec.JobTemplate.Spec.Template, &oldCronJob.Spec.JobTemplate.Spec.Template) - } - if strings.Contains(newCronJob.Spec.Schedule, "TZ") { - warnings = append(warnings, fmt.Sprintf("CRON_TZ or TZ used in %s is not officially supported, see https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ for more details", field.NewPath("spec", "spec", "schedule"))) - } - return warnings -} - -type cronJobStatusStrategy struct { - cronJobStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = cronJobStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (cronJobStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "batch/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "batch/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } -} - -func (cronJobStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newJob := obj.(*batch.CronJob) - oldJob := old.(*batch.CronJob) - newJob.Spec = oldJob.Spec -} - -func (cronJobStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return field.ErrorList{} -} - -// WarningsOnUpdate returns warnings for the given update. -func (cronJobStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/doc.go deleted file mode 100644 index a6dab82896..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package job provides Registry interface and it's RESTStorage -// implementation for storing Job api objects. -package job // import "k8s.io/kubernetes/pkg/registry/batch/job" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/storage/storage.go deleted file mode 100644 index f6cfa67953..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/storage/storage.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/warning" - "k8s.io/kubernetes/pkg/apis/batch" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/batch/job" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// JobStorage includes dummy storage for Job. -type JobStorage struct { - Job *REST - Status *StatusREST -} - -// NewStorage creates a new JobStorage against etcd. -func NewStorage(optsGetter generic.RESTOptionsGetter) (JobStorage, error) { - jobRest, jobStatusRest, err := NewREST(optsGetter) - if err != nil { - return JobStorage{}, err - } - - return JobStorage{ - Job: jobRest, - Status: jobStatusRest, - }, nil -} - -var deleteOptionWarnings = "child pods are preserved by default when jobs are deleted; " + - "set propagationPolicy=Background to remove them or set propagationPolicy=Orphan to suppress this warning" - -// REST implements a RESTStorage for jobs against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against Jobs. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &batch.Job{} }, - NewListFunc: func() runtime.Object { return &batch.JobList{} }, - PredicateFunc: job.MatchJob, - DefaultQualifiedResource: batch.Resource("jobs"), - - CreateStrategy: job.Strategy, - UpdateStrategy: job.Strategy, - DeleteStrategy: job.Strategy, - ResetFieldsStrategy: job.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: job.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = job.StatusStrategy - statusStore.ResetFieldsStrategy = job.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error) { - //nolint:staticcheck // SA1019 backwards compatibility - //nolint: staticcheck - if options != nil && options.PropagationPolicy == nil && options.OrphanDependents == nil && - job.Strategy.DefaultGarbageCollectionPolicy(ctx) == rest.OrphanDependents { - // Throw a warning if delete options are not explicitly set as Job deletion strategy by default is orphaning - // pods in v1. - warning.AddWarning(ctx, "", deleteOptionWarnings) - } - return r.Store.Delete(ctx, name, deleteValidation, options) -} - -func (r *REST) DeleteCollection(ctx context.Context, deleteValidation rest.ValidateObjectFunc, deleteOptions *metav1.DeleteOptions, listOptions *internalversion.ListOptions) (runtime.Object, error) { - //nolint:staticcheck // SA1019 backwards compatibility - if deleteOptions.PropagationPolicy == nil && deleteOptions.OrphanDependents == nil && - job.Strategy.DefaultGarbageCollectionPolicy(ctx) == rest.OrphanDependents { - // Throw a warning if delete options are not explicitly set as Job deletion strategy by default is orphaning - // pods in v1. - warning.AddWarning(ctx, "", deleteOptionWarnings) - } - return r.Store.DeleteCollection(ctx, deleteValidation, deleteOptions, listOptions) -} - -// StatusREST implements the REST endpoint for changing the status of a resourcequota. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new Job object. -func (r *StatusREST) New() runtime.Object { - return &batch.Job{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/strategy.go deleted file mode 100644 index ceae5bb687..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/job/strategy.go +++ /dev/null @@ -1,341 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package job - -import ( - "context" - "fmt" - "strconv" - - batchv1 "k8s.io/api/batch/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/api/pod" - "k8s.io/kubernetes/pkg/apis/batch" - "k8s.io/kubernetes/pkg/apis/batch/validation" - "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/features" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// jobStrategy implements verification logic for Replication Controllers. -type jobStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Replication Controller objects. -var Strategy = jobStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// DefaultGarbageCollectionPolicy returns OrphanDependents for batch/v1 for backwards compatibility, -// and DeleteDependents for all other versions. -func (jobStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - var groupVersion schema.GroupVersion - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - groupVersion = schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - } - switch groupVersion { - case batchv1.SchemeGroupVersion: - // for back compatibility - return rest.OrphanDependents - default: - return rest.DeleteDependents - } -} - -// NamespaceScoped returns true because all jobs need to be within a namespace. -func (jobStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (jobStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "batch/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of a job before creation. -func (jobStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - job := obj.(*batch.Job) - job.Status = batch.JobStatus{} - - job.Generation = 1 - - // While legacy tracking is supported, we use an annotation to mark whether - // jobs are tracked with finalizers. - addJobTrackingAnnotation(job) - - if !utilfeature.DefaultFeatureGate.Enabled(features.JobPodFailurePolicy) { - job.Spec.PodFailurePolicy = nil - } - - pod.DropDisabledTemplateFields(&job.Spec.Template, nil) -} - -func addJobTrackingAnnotation(job *batch.Job) { - if job.Annotations == nil { - job.Annotations = map[string]string{} - } - job.Annotations[batchv1.JobTrackingFinalizer] = "" -} - -func hasJobTrackingAnnotation(job *batch.Job) bool { - if job.Annotations == nil { - return false - } - _, ok := job.Annotations[batchv1.JobTrackingFinalizer] - return ok -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (jobStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newJob := obj.(*batch.Job) - oldJob := old.(*batch.Job) - newJob.Status = oldJob.Status - - if !utilfeature.DefaultFeatureGate.Enabled(features.JobPodFailurePolicy) && oldJob.Spec.PodFailurePolicy == nil { - newJob.Spec.PodFailurePolicy = nil - } - - pod.DropDisabledTemplateFields(&newJob.Spec.Template, &oldJob.Spec.Template) - - // Any changes to the spec increment the generation number. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(newJob.Spec, oldJob.Spec) { - newJob.Generation = oldJob.Generation + 1 - } - - // While legacy tracking is supported, we use an annotation to mark whether - // jobs are tracked with finalizers. This annotation cannot be removed by - // users. - if hasJobTrackingAnnotation(oldJob) { - addJobTrackingAnnotation(newJob) - } -} - -// Validate validates a new job. -func (jobStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - job := obj.(*batch.Job) - // TODO: move UID generation earlier and do this in defaulting logic? - if job.Spec.ManualSelector == nil || *job.Spec.ManualSelector == false { - generateSelector(job) - } - opts := validationOptionsForJob(job, nil) - return validation.ValidateJob(job, opts) -} - -func validationOptionsForJob(newJob, oldJob *batch.Job) validation.JobValidationOptions { - var newPodTemplate, oldPodTemplate *core.PodTemplateSpec - if newJob != nil { - newPodTemplate = &newJob.Spec.Template - } - if oldJob != nil { - oldPodTemplate = &oldJob.Spec.Template - } - opts := validation.JobValidationOptions{ - PodValidationOptions: pod.GetValidationOptionsFromPodTemplate(newPodTemplate, oldPodTemplate), - AllowTrackingAnnotation: true, - } - if oldJob != nil { - opts.AllowInvalidLabelValueInSelector = opts.AllowInvalidLabelValueInSelector || metav1validation.LabelSelectorHasInvalidLabelValue(oldJob.Spec.Selector) - - // Because we don't support the tracking with finalizers for already - // existing jobs, we allow the annotation only if the Job already had it, - // regardless of the feature gate. - opts.AllowTrackingAnnotation = hasJobTrackingAnnotation(oldJob) - - // Updating node affinity, node selector and tolerations is allowed - // only for suspended jobs that never started before. - suspended := oldJob.Spec.Suspend != nil && *oldJob.Spec.Suspend - notStarted := oldJob.Status.StartTime == nil - opts.AllowMutableSchedulingDirectives = utilfeature.DefaultFeatureGate.Enabled(features.JobMutableNodeSchedulingDirectives) && - suspended && notStarted - - } - - return opts -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (jobStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newJob := obj.(*batch.Job) - return pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newJob.Spec.Template, nil) -} - -// generateSelector adds a selector to a job and labels to its template -// which can be used to uniquely identify the pods created by that job, -// if the user has requested this behavior. -func generateSelector(obj *batch.Job) { - if obj.Spec.Template.Labels == nil { - obj.Spec.Template.Labels = make(map[string]string) - } - // The job-name label is unique except in cases that are expected to be - // quite uncommon, and is more user friendly than uid. So, we add it as - // a label. - _, found := obj.Spec.Template.Labels["job-name"] - if found { - // User asked us to not automatically generate a selector and labels, - // but set a possibly conflicting value. If there is a conflict, - // we will reject in validation. - } else { - obj.Spec.Template.Labels["job-name"] = string(obj.ObjectMeta.Name) - } - // The controller-uid label makes the pods that belong to this job - // only match this job. - _, found = obj.Spec.Template.Labels["controller-uid"] - if found { - // User asked us to automatically generate a selector and labels, - // but set a possibly conflicting value. If there is a conflict, - // we will reject in validation. - } else { - obj.Spec.Template.Labels["controller-uid"] = string(obj.ObjectMeta.UID) - } - // Select the controller-uid label. This is sufficient for uniqueness. - if obj.Spec.Selector == nil { - obj.Spec.Selector = &metav1.LabelSelector{} - } - if obj.Spec.Selector.MatchLabels == nil { - obj.Spec.Selector.MatchLabels = make(map[string]string) - } - if _, found := obj.Spec.Selector.MatchLabels["controller-uid"]; !found { - obj.Spec.Selector.MatchLabels["controller-uid"] = string(obj.ObjectMeta.UID) - } - // If the user specified matchLabel controller-uid=$WRONGUID, then it should fail - // in validation, either because the selector does not match the pod template - // (controller-uid=$WRONGUID does not match controller-uid=$UID, which we applied - // above, or we will reject in validation because the template has the wrong - // labels. -} - -// TODO: generalize generateSelector so it can work for other controller -// objects such as ReplicaSet. Can use pkg/api/meta to generically get the -// UID, but need some way to generically access the selector and pod labels -// fields. - -// Canonicalize normalizes the object after validation. -func (jobStrategy) Canonicalize(obj runtime.Object) { -} - -func (jobStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// AllowCreateOnUpdate is false for jobs; this means a POST is needed to create one. -func (jobStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (jobStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - job := obj.(*batch.Job) - oldJob := old.(*batch.Job) - - opts := validationOptionsForJob(job, oldJob) - validationErrorList := validation.ValidateJob(job, opts) - updateErrorList := validation.ValidateJobUpdate(job, oldJob, opts) - return append(validationErrorList, updateErrorList...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (jobStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - newJob := obj.(*batch.Job) - oldJob := old.(*batch.Job) - if newJob.Generation != oldJob.Generation { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), &newJob.Spec.Template, &oldJob.Spec.Template) - } - return warnings -} - -type jobStatusStrategy struct { - jobStrategy -} - -var StatusStrategy = jobStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (jobStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "batch/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } -} - -func (jobStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newJob := obj.(*batch.Job) - oldJob := old.(*batch.Job) - newJob.Spec = oldJob.Spec -} - -func (jobStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateJobUpdateStatus(obj.(*batch.Job), old.(*batch.Job)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (jobStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// JobSelectableFields returns a field set that represents the object for matching purposes. -func JobToSelectableFields(job *batch.Job) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&job.ObjectMeta, true) - specificFieldsSet := fields.Set{ - "status.successful": strconv.Itoa(int(job.Status.Succeeded)), - } - return generic.MergeFieldsSets(objectMetaFieldsSet, specificFieldsSet) -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - job, ok := obj.(*batch.Job) - if !ok { - return nil, nil, fmt.Errorf("given object is not a job.") - } - return labels.Set(job.ObjectMeta.Labels), JobToSelectableFields(job), nil -} - -// MatchJob is the filter used by the generic etcd backend to route -// watch events from etcd to clients of the apiserver only interested in specific -// labels/fields. -func MatchJob(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/rest/storage_batch.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/rest/storage_batch.go deleted file mode 100644 index d76c748d57..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/batch/rest/storage_batch.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - batchapiv1 "k8s.io/api/batch/v1" - batchapiv1beta1 "k8s.io/api/batch/v1beta1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/batch" - cronjobstore "k8s.io/kubernetes/pkg/registry/batch/cronjob/storage" - jobstore "k8s.io/kubernetes/pkg/registry/batch/job/storage" -) - -type RESTStorageProvider struct{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(batch.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[batchapiv1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[batchapiv1beta1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // jobs - if resource := "jobs"; apiResourceConfigSource.ResourceEnabled(batchapiv1.SchemeGroupVersion.WithResource(resource)) { - jobsStorage, jobsStatusStorage, err := jobstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = jobsStorage - storage[resource+"/status"] = jobsStatusStorage - } - - // cronjobs - if resource := "cronjobs"; apiResourceConfigSource.ResourceEnabled(batchapiv1.SchemeGroupVersion.WithResource(resource)) { - cronJobsStorage, cronJobsStatusStorage, err := cronjobstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = cronJobsStorage - storage[resource+"/status"] = cronJobsStatusStorage - } - return storage, nil -} - -func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // cronjobs - if resource := "cronjobs"; apiResourceConfigSource.ResourceEnabled(batchapiv1beta1.SchemeGroupVersion.WithResource(resource)) { - cronJobsStorage, cronJobsStatusStorage, err := cronjobstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = cronJobsStorage - storage[resource+"/status"] = cronJobsStatusStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return batch.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/doc.go deleted file mode 100644 index 73d6fe2469..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package certificates provides Registry interface and its RESTStorage -// implementation for storing CertificateSigningRequest objects. -package certificates // import "k8s.io/kubernetes/pkg/registry/certificates/certificates" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/metrics.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/metrics.go deleted file mode 100644 index c1551d9059..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/metrics.go +++ /dev/null @@ -1,163 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - "strings" - "sync" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/client-go/util/cert" - "k8s.io/client-go/util/certificate/csr" - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" - "k8s.io/kubernetes/pkg/apis/certificates" -) - -const ( - namespace = "apiserver" - subsystem = "certificates_registry" -) - -var ( - // csrDurationRequested counts and categorizes how many certificates were issued when the client requested a duration. - csrDurationRequested = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "csr_requested_duration_total", - Help: "Total number of issued CSRs with a requested duration, sliced by signer (only kubernetes.io signer names are specifically identified)", - StabilityLevel: metrics.ALPHA, - }, - []string{"signerName"}, - ) - - // csrDurationHonored counts and categorizes how many certificates were issued when the client requested a duration and the signer honored it. - csrDurationHonored = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "csr_honored_duration_total", - Help: "Total number of issued CSRs with a requested duration that was honored, sliced by signer (only kubernetes.io signer names are specifically identified)", - StabilityLevel: metrics.ALPHA, - }, - []string{"signerName"}, - ) -) - -func init() { - registerMetricsOnce.Do(func() { - legacyregistry.MustRegister(csrDurationRequested) - legacyregistry.MustRegister(csrDurationHonored) - }) -} - -var registerMetricsOnce sync.Once - -type counterVecMetric interface { - WithLabelValues(...string) metrics.CounterMetric -} - -func countCSRDurationMetric(requested, honored counterVecMetric) genericregistry.BeginUpdateFunc { - return func(ctx context.Context, obj, old runtime.Object, options *metav1.UpdateOptions) (genericregistry.FinishFunc, error) { - return func(ctx context.Context, success bool) { - if !success { - return // ignore failures - } - - if dryrun.IsDryRun(options.DryRun) { - return // ignore things that would not get persisted - } - - oldCSR, ok := old.(*certificates.CertificateSigningRequest) - if !ok { - return - } - - // if the old CSR already has a certificate, do not double count it - if len(oldCSR.Status.Certificate) > 0 { - return - } - - if oldCSR.Spec.ExpirationSeconds == nil { - return // ignore CSRs that are not using the CSR duration feature - } - - newCSR, ok := obj.(*certificates.CertificateSigningRequest) - if !ok { - return - } - issuedCert := newCSR.Status.Certificate - - // new CSR has no issued certificate yet so do not count it. - // note that this means that we will ignore CSRs that set a duration - // but never get approved/signed. this is fine because the point - // of these metrics is to understand if the duration is honored - // by the signer. we are not checking the behavior of the approver. - if len(issuedCert) == 0 { - return - } - - signer := compressSignerName(oldCSR.Spec.SignerName) - - // at this point we know that this CSR is going to be persisted and - // the cert was just issued and the client requested a duration - requested.WithLabelValues(signer).Inc() - - certs, err := cert.ParseCertsPEM(issuedCert) - if err != nil { - utilruntime.HandleError(fmt.Errorf("metrics recording failed to parse certificate for CSR %s: %w", oldCSR.Name, err)) - return - } - - // now we check to see if the signer honored the requested duration - certificate := certs[0] - wantDuration := csr.ExpirationSecondsToDuration(*oldCSR.Spec.ExpirationSeconds) - actualDuration := certificate.NotAfter.Sub(certificate.NotBefore) - if isDurationHonored(wantDuration, actualDuration) { - honored.WithLabelValues(signer).Inc() - } - }, nil - } -} - -func isDurationHonored(want, got time.Duration) bool { - delta := want - got - if delta < 0 { - delta = -delta - } - - // short-lived cert backdating + 5% of want - maxDelta := 5*time.Minute + (want / 20) - - return delta < maxDelta -} - -func compressSignerName(name string) string { - if strings.HasPrefix(name, "kubernetes.io/") { - return name - } - - return "other" -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/storage.go deleted file mode 100644 index 8de7828efd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/storage.go +++ /dev/null @@ -1,154 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/certificates" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - csrregistry "k8s.io/kubernetes/pkg/registry/certificates/certificates" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for CertificateSigningRequest. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a registry which will store CertificateSigningRequest in the given helper. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, *ApprovalREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &certificates.CertificateSigningRequest{} }, - NewListFunc: func() runtime.Object { return &certificates.CertificateSigningRequestList{} }, - DefaultQualifiedResource: certificates.Resource("certificatesigningrequests"), - - CreateStrategy: csrregistry.Strategy, - UpdateStrategy: csrregistry.Strategy, - DeleteStrategy: csrregistry.Strategy, - ResetFieldsStrategy: csrregistry.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: csrregistry.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, nil, err - } - - // Subresources use the same store and creation strategy, which only - // allows empty subs. Updates to an existing subresource are handled by - // dedicated strategies. - statusStore := *store - statusStore.UpdateStrategy = csrregistry.StatusStrategy - statusStore.ResetFieldsStrategy = csrregistry.StatusStrategy - statusStore.BeginUpdate = countCSRDurationMetric(csrDurationRequested, csrDurationHonored) - - approvalStore := *store - approvalStore.UpdateStrategy = csrregistry.ApprovalStrategy - approvalStore.ResetFieldsStrategy = csrregistry.ApprovalStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, &ApprovalREST{store: &approvalStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"csr"} -} - -// StatusREST implements the REST endpoint for changing the status of a CSR. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new CertificateSigningRequest object. -func (r *StatusREST) New() runtime.Object { - return &certificates.CertificateSigningRequest{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -var _ = rest.Patcher(&StatusREST{}) - -// ApprovalREST implements the REST endpoint for changing the approval state of a CSR. -type ApprovalREST struct { - store *genericregistry.Store -} - -// New creates a new CertificateSigningRequest object. -func (r *ApprovalREST) New() runtime.Object { - return &certificates.CertificateSigningRequest{} -} - -// Destroy cleans up resources on shutdown. -func (r *ApprovalREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *ApprovalREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the approval subset of an object. -func (r *ApprovalREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *ApprovalREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -var _ = rest.Patcher(&ApprovalREST{}) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go deleted file mode 100644 index 3f63ac528b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go +++ /dev/null @@ -1,317 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package certificates - -import ( - "context" - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/certificates" - "k8s.io/kubernetes/pkg/apis/certificates/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// csrStrategy implements behavior for CSRs -type csrStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// csrStrategy is the default logic that applies when creating and updating -// CSR objects. -var Strategy = csrStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is false for CSRs. -func (csrStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (csrStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "certificates.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("status"), - ), - "certificates.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// AllowCreateOnUpdate is false for CSRs. -func (csrStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForCreate clears fields that are not allowed to be set by end users -// on creation. -func (csrStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - csr := obj.(*certificates.CertificateSigningRequest) - - // Clear any user-specified info - csr.Spec.Username = "" - csr.Spec.UID = "" - csr.Spec.Groups = nil - csr.Spec.Extra = nil - // Inject user.Info from request context - if user, ok := genericapirequest.UserFrom(ctx); ok { - csr.Spec.Username = user.GetName() - csr.Spec.UID = user.GetUID() - csr.Spec.Groups = user.GetGroups() - if extra := user.GetExtra(); len(extra) > 0 { - csr.Spec.Extra = map[string]certificates.ExtraValue{} - for k, v := range extra { - csr.Spec.Extra[k] = v - } - } - } - - // Be explicit that users cannot create pre-approved certificate requests. - csr.Status = certificates.CertificateSigningRequestStatus{} - csr.Status.Conditions = []certificates.CertificateSigningRequestCondition{} -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users -// on update. Certificate requests are immutable after creation except via subresources. -func (csrStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newCSR := obj.(*certificates.CertificateSigningRequest) - oldCSR := old.(*certificates.CertificateSigningRequest) - - newCSR.Spec = oldCSR.Spec - newCSR.Status = oldCSR.Status -} - -// Validate validates a new CSR. Validation must check for a correct signature. -func (csrStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - csr := obj.(*certificates.CertificateSigningRequest) - return validation.ValidateCertificateSigningRequestCreate(csr) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (csrStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation (which includes a signature check). -func (csrStrategy) Canonicalize(obj runtime.Object) {} - -// ValidateUpdate is the default update validation for an end user. -func (csrStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - oldCSR := old.(*certificates.CertificateSigningRequest) - newCSR := obj.(*certificates.CertificateSigningRequest) - return validation.ValidateCertificateSigningRequestUpdate(newCSR, oldCSR) -} - -// WarningsOnUpdate returns warnings for the given update. -func (csrStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// If AllowUnconditionalUpdate() is true and the object specified by -// the user does not have a resource version, then generic Update() -// populates it with the latest version. Else, it checks that the -// version specified by the user matches the version of latest etcd -// object. -func (csrStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// Storage strategy for the Status subresource -type csrStatusStrategy struct { - csrStrategy -} - -var StatusStrategy = csrStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (csrStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "certificates.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("status", "conditions"), - ), - "certificates.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("status", "conditions"), - ), - } - - return fields -} - -func (csrStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newCSR := obj.(*certificates.CertificateSigningRequest) - oldCSR := old.(*certificates.CertificateSigningRequest) - - // Updating /status should not modify spec - newCSR.Spec = oldCSR.Spec - - // Specifically preserve existing Approved/Denied conditions. - // Adding/removing Approved/Denied conditions will cause these to fail, - // and the change in Approved/Denied conditions will produce a validation error - preserveConditionInstances(newCSR, oldCSR, certificates.CertificateApproved) - preserveConditionInstances(newCSR, oldCSR, certificates.CertificateDenied) - - populateConditionTimestamps(newCSR, oldCSR) -} - -// preserveConditionInstances copies instances of the specified condition type from oldCSR to newCSR. -// or returns false if the newCSR added or removed instances -func preserveConditionInstances(newCSR, oldCSR *certificates.CertificateSigningRequest, conditionType certificates.RequestConditionType) bool { - oldIndices := findConditionIndices(oldCSR, conditionType) - newIndices := findConditionIndices(newCSR, conditionType) - if len(oldIndices) != len(newIndices) { - // instances were added or removed, we cannot preserve the existing values - return false - } - // preserve the old condition values - for i, oldIndex := range oldIndices { - newCSR.Status.Conditions[newIndices[i]] = oldCSR.Status.Conditions[oldIndex] - } - return true -} - -// findConditionIndices returns the indices of instances of the specified condition type -func findConditionIndices(csr *certificates.CertificateSigningRequest, conditionType certificates.RequestConditionType) []int { - var retval []int - for i, c := range csr.Status.Conditions { - if c.Type == conditionType { - retval = append(retval, i) - } - } - return retval -} - -// nowFunc allows overriding for unit tests -var nowFunc = metav1.Now - -// populateConditionTimestamps sets LastUpdateTime and LastTransitionTime in newCSR if missing -func populateConditionTimestamps(newCSR, oldCSR *certificates.CertificateSigningRequest) { - now := nowFunc() - for i := range newCSR.Status.Conditions { - if newCSR.Status.Conditions[i].LastUpdateTime.IsZero() { - newCSR.Status.Conditions[i].LastUpdateTime = now - } - - // preserve existing lastTransitionTime if the condition with this type/status already exists, - // otherwise set to now. - if newCSR.Status.Conditions[i].LastTransitionTime.IsZero() { - lastTransition := now - for _, oldCondition := range oldCSR.Status.Conditions { - if oldCondition.Type == newCSR.Status.Conditions[i].Type && - oldCondition.Status == newCSR.Status.Conditions[i].Status && - !oldCondition.LastTransitionTime.IsZero() { - lastTransition = oldCondition.LastTransitionTime - break - } - } - newCSR.Status.Conditions[i].LastTransitionTime = lastTransition - } - } -} - -func (csrStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateCertificateSigningRequestStatusUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (csrStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (csrStatusStrategy) Canonicalize(obj runtime.Object) { -} - -// Storage strategy for the Approval subresource -type csrApprovalStrategy struct { - csrStrategy -} - -var ApprovalStrategy = csrApprovalStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (csrApprovalStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "certificates.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("status", "certificate"), - ), - "certificates.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("status", "certificate"), - ), - } - - return fields -} - -// PrepareForUpdate prepares the new certificate signing request by limiting -// the data that is updated to only the conditions and populating condition timestamps -func (csrApprovalStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newCSR := obj.(*certificates.CertificateSigningRequest) - oldCSR := old.(*certificates.CertificateSigningRequest) - - populateConditionTimestamps(newCSR, oldCSR) - newConditions := newCSR.Status.Conditions - - // Updating the approval should only update the conditions. - newCSR.Spec = oldCSR.Spec - newCSR.Status = oldCSR.Status - newCSR.Status.Conditions = newConditions -} - -func (csrApprovalStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateCertificateSigningRequestApprovalUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (csrApprovalStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - csr, ok := obj.(*certificates.CertificateSigningRequest) - if !ok { - return nil, nil, fmt.Errorf("not a certificatesigningrequest") - } - return labels.Set(csr.Labels), SelectableFields(csr), nil -} - -// SelectableFields returns a field set that can be used for filter selection -func SelectableFields(obj *certificates.CertificateSigningRequest) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&obj.ObjectMeta, false) - csrSpecificFieldsSet := fields.Set{ - "spec.signerName": obj.Spec.SignerName, - } - return generic.MergeFieldsSets(objectMetaFieldsSet, csrSpecificFieldsSet) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/storage_certificates.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/storage_certificates.go deleted file mode 100644 index ce65458e49..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/storage_certificates.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - certificatesapiv1 "k8s.io/api/certificates/v1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/certificates" - certificatestore "k8s.io/kubernetes/pkg/registry/certificates/certificates/storage" -) - -type RESTStorageProvider struct{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(certificates.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[certificatesapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // certificatesigningrequests - if resource := "certificatesigningrequests"; apiResourceConfigSource.ResourceEnabled(certificatesapiv1.SchemeGroupVersion.WithResource(resource)) { - csrStorage, csrStatusStorage, csrApprovalStorage, err := certificatestore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = csrStorage - storage[resource+"/status"] = csrStatusStorage - storage[resource+"/approval"] = csrApprovalStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return certificates.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/doc.go deleted file mode 100644 index f744241447..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package lease diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/storage/storage.go deleted file mode 100644 index 8989a293a6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/storage/storage.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - coordinationapi "k8s.io/kubernetes/pkg/apis/coordination" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/coordination/lease" -) - -// REST implements a RESTStorage for leases against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against leases. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &coordinationapi.Lease{} }, - NewListFunc: func() runtime.Object { return &coordinationapi.LeaseList{} }, - DefaultQualifiedResource: coordinationapi.Resource("leases"), - - CreateStrategy: lease.Strategy, - UpdateStrategy: lease.Strategy, - DeleteStrategy: lease.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/strategy.go deleted file mode 100644 index 042a3a9d7f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/lease/strategy.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package lease - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/coordination" - "k8s.io/kubernetes/pkg/apis/coordination/validation" -) - -// leaseStrategy implements verification logic for Leases. -type leaseStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Lease objects. -var Strategy = leaseStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns true because all Lease' need to be within a namespace. -func (leaseStrategy) NamespaceScoped() bool { - return true -} - -// PrepareForCreate prepares Lease for creation. -func (leaseStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (leaseStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -// Validate validates a new Lease. -func (leaseStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - lease := obj.(*coordination.Lease) - return validation.ValidateLease(lease) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (leaseStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (leaseStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is true for Lease; this means you may create one with a PUT request. -func (leaseStrategy) AllowCreateOnUpdate() bool { - return true -} - -// ValidateUpdate is the default update validation for an end user. -func (leaseStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateLeaseUpdate(obj.(*coordination.Lease), old.(*coordination.Lease)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (leaseStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for Lease objects. -func (leaseStrategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/rest/storage_coordination.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/rest/storage_coordination.go deleted file mode 100644 index 3cfe51d304..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/coordination/rest/storage_coordination.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - coordinationv1 "k8s.io/api/coordination/v1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/coordination" - leasestorage "k8s.io/kubernetes/pkg/registry/coordination/lease/storage" -) - -type RESTStorageProvider struct{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(coordination.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[coordinationv1.SchemeGroupVersion.Version] = storageMap - } - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // leases - if resource := "leases"; apiResourceConfigSource.ResourceEnabled(coordinationv1.SchemeGroupVersion.WithResource(resource)) { - leaseStorage, err := leasestorage.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = leaseStorage - } - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return coordination.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/doc.go deleted file mode 100644 index cd75f22d28..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package componentstatus provides interfaces and implementation for retrieving cluster -// component status. -package componentstatus // import "k8s.io/kubernetes/pkg/registry/core/componentstatus" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/rest.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/rest.go deleted file mode 100644 index 22fe41a0c8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/rest.go +++ /dev/null @@ -1,179 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package componentstatus - -import ( - "context" - "fmt" - "sync" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/probe" -) - -type REST struct { - GetServersToValidate func() map[string]*Server - rest.TableConvertor -} - -// NewStorage returns a new REST. -func NewStorage(serverRetriever func() map[string]*Server) *REST { - return &REST{ - GetServersToValidate: serverRetriever, - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } -} - -func (*REST) NamespaceScoped() bool { - return false -} - -func (rs *REST) New() runtime.Object { - return &api.ComponentStatus{} -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -func (rs *REST) NewList() runtime.Object { - return &api.ComponentStatusList{} -} - -// Returns the list of component status. Note that the label and field are both ignored. -// Note that this call doesn't support labels or selectors. -func (rs *REST) List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) { - servers := rs.GetServersToValidate() - - wait := sync.WaitGroup{} - wait.Add(len(servers)) - statuses := make(chan api.ComponentStatus, len(servers)) - for k, v := range servers { - go func(name string, server *Server) { - defer wait.Done() - status := rs.getComponentStatus(name, server) - statuses <- *status - }(k, v) - } - wait.Wait() - close(statuses) - - pred := componentStatusPredicate(options) - - reply := []api.ComponentStatus{} - for status := range statuses { - // ComponentStatus resources currently (v1.14) do not support labeling, however the filtering is executed - // nonetheless in case the request contains Label or Field selectors (which will effectively filter out - // all of the results and return an empty response). - if matched := matchesPredicate(status, &pred); matched { - reply = append(reply, status) - } - } - return &api.ComponentStatusList{Items: reply}, nil -} - -func componentStatusPredicate(options *metainternalversion.ListOptions) storage.SelectionPredicate { - pred := storage.SelectionPredicate{ - Label: labels.Everything(), - Field: fields.Everything(), - GetAttrs: nil, - IndexFields: []string{}, - } - if options != nil { - if options.LabelSelector != nil { - pred.Label = options.LabelSelector - } - if options.FieldSelector != nil { - pred.Field = options.FieldSelector - } - } - return pred -} - -func matchesPredicate(status api.ComponentStatus, pred *storage.SelectionPredicate) bool { - // currently no fields except the generic meta fields are supported for predicate matching - fieldsSet := generic.AddObjectMetaFieldsSet(make(fields.Set, 2), &status.ObjectMeta, true) - return pred.MatchesObjectAttributes( - status.ObjectMeta.Labels, - fieldsSet, - ) -} - -func (rs *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - servers := rs.GetServersToValidate() - - if server, ok := servers[name]; !ok { - return nil, fmt.Errorf("Component not found: %s", name) - } else { - return rs.getComponentStatus(name, server), nil - } -} - -func ToConditionStatus(s probe.Result) api.ConditionStatus { - switch s { - case probe.Success: - return api.ConditionTrue - case probe.Failure: - return api.ConditionFalse - default: - return api.ConditionUnknown - } -} - -func (rs *REST) getComponentStatus(name string, server *Server) *api.ComponentStatus { - status, msg, err := server.DoServerCheck() - errorMsg := "" - if err != nil { - errorMsg = err.Error() - } - - c := &api.ComponentCondition{ - Type: api.ComponentHealthy, - Status: ToConditionStatus(status), - Message: msg, - Error: errorMsg, - } - - retVal := &api.ComponentStatus{ - Conditions: []api.ComponentCondition{*c}, - } - retVal.Name = name - - return retVal -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"cs"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/validator.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/validator.go deleted file mode 100644 index a38730dc1b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/componentstatus/validator.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package componentstatus - -import ( - "crypto/tls" - "fmt" - "sync" - "time" - - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/kubernetes/pkg/probe" - httpprober "k8s.io/kubernetes/pkg/probe/http" -) - -const ( - probeTimeOut = 20 * time.Second -) - -type ValidatorFn func([]byte) error - -type Server struct { - Addr string - Port int - Path string - EnableHTTPS bool - TLSConfig *tls.Config - Validate ValidatorFn - Prober httpprober.Prober - Once sync.Once -} - -type ServerStatus struct { - // +optional - Component string `json:"component,omitempty"` - // +optional - Health string `json:"health,omitempty"` - // +optional - HealthCode probe.Result `json:"healthCode,omitempty"` - // +optional - Msg string `json:"msg,omitempty"` - // +optional - Err string `json:"err,omitempty"` -} - -func (server *Server) DoServerCheck() (probe.Result, string, error) { - // setup the prober - server.Once.Do(func() { - if server.Prober != nil { - return - } - const followNonLocalRedirects = true - server.Prober = httpprober.NewWithTLSConfig(server.TLSConfig, followNonLocalRedirects) - }) - - scheme := "http" - if server.EnableHTTPS { - scheme = "https" - } - url := utilnet.FormatURL(scheme, server.Addr, server.Port, server.Path) - - req, err := httpprober.NewProbeRequest(url, nil) - if err != nil { - return probe.Unknown, "", fmt.Errorf("failed to construct probe request: %w", err) - } - result, data, err := server.Prober.Probe(req, probeTimeOut) - - if err != nil { - return probe.Unknown, "", err - } - if result == probe.Failure { - return probe.Failure, data, err - } - if server.Validate != nil { - if err := server.Validate([]byte(data)); err != nil { - return probe.Failure, data, err - } - } - return result, data, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/doc.go deleted file mode 100644 index 8abd47c038..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package configmap provides Registry interface -// and its REST implementation for storing -// ConfigMap API objects. -package configmap // import "k8s.io/kubernetes/pkg/registry/core/configmap" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/storage/storage.go deleted file mode 100644 index 8180c56e83..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/storage/storage.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/configmap" -) - -// REST implements a RESTStorage for ConfigMap -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work with ConfigMap objects. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.ConfigMap{} }, - NewListFunc: func() runtime.Object { return &api.ConfigMapList{} }, - PredicateFunc: configmap.Matcher, - DefaultQualifiedResource: api.Resource("configmaps"), - - CreateStrategy: configmap.Strategy, - UpdateStrategy: configmap.Strategy, - DeleteStrategy: configmap.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{ - RESTOptions: optsGetter, - AttrFunc: configmap.GetAttrs, - TriggerFunc: map[string]storage.IndexerFunc{"metadata.name": configmap.NameTriggerFunc}, - } - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"cm"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/strategy.go deleted file mode 100644 index a78bc5d4ce..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/configmap/strategy.go +++ /dev/null @@ -1,127 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package configmap - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - pkgstorage "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" -) - -// strategy implements behavior for ConfigMap objects -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating ConfigMap -// objects via the REST API. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Strategy should implement rest.RESTCreateStrategy -var _ rest.RESTCreateStrategy = Strategy - -// Strategy should implement rest.RESTUpdateStrategy -var _ rest.RESTUpdateStrategy = Strategy - -func (strategy) NamespaceScoped() bool { - return true -} - -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - configMap := obj.(*api.ConfigMap) - dropDisabledFields(configMap, nil) -} - -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - cfg := obj.(*api.ConfigMap) - - return validation.ValidateConfigMap(cfg) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (strategy) Canonicalize(obj runtime.Object) { -} - -func (strategy) AllowCreateOnUpdate() bool { - return false -} - -func (strategy) PrepareForUpdate(ctx context.Context, newObj, oldObj runtime.Object) { - oldConfigMap := oldObj.(*api.ConfigMap) - newConfigMap := newObj.(*api.ConfigMap) - dropDisabledFields(newConfigMap, oldConfigMap) -} - -func (strategy) ValidateUpdate(ctx context.Context, newObj, oldObj runtime.Object) field.ErrorList { - oldCfg, newCfg := oldObj.(*api.ConfigMap), newObj.(*api.ConfigMap) - - return validation.ValidateConfigMapUpdate(newCfg, oldCfg) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { return nil } - -func dropDisabledFields(configMap *api.ConfigMap, oldConfigMap *api.ConfigMap) { -} - -func (strategy) AllowUnconditionalUpdate() bool { - return true -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - configMap, ok := obj.(*api.ConfigMap) - if !ok { - return nil, nil, fmt.Errorf("not a configmap") - } - return labels.Set(configMap.Labels), SelectableFields(configMap), nil -} - -// Matcher returns a selection predicate for a given label and field selector. -func Matcher(label labels.Selector, field fields.Selector) pkgstorage.SelectionPredicate { - return pkgstorage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - IndexFields: []string{"metadata.name"}, - } -} - -// NameTriggerFunc returns value metadata.namespace of given object. -func NameTriggerFunc(obj runtime.Object) string { - return obj.(*api.ConfigMap).ObjectMeta.Name -} - -// SelectableFields returns a field set that can be used for filter selection -func SelectableFields(obj *api.ConfigMap) fields.Set { - return generic.ObjectMetaFieldsSet(&obj.ObjectMeta, true) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/doc.go deleted file mode 100644 index ff0f678d9b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package endpoint provides Registry interface and it's RESTStorage -// implementation for storing Endpoint api objects. -package endpoint // import "k8s.io/kubernetes/pkg/registry/core/endpoint" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/storage/storage.go deleted file mode 100644 index ff082994ce..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/storage/storage.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/endpoint" -) - -// REST implements a RESTStorage for endpoints. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against endpoints. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.Endpoints{} }, - NewListFunc: func() runtime.Object { return &api.EndpointsList{} }, - DefaultQualifiedResource: api.Resource("endpoints"), - - CreateStrategy: endpoint.Strategy, - UpdateStrategy: endpoint.Strategy, - DeleteStrategy: endpoint.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"ep"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/strategy.go deleted file mode 100644 index 3e0f5d3021..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/endpoint/strategy.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package endpoint - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" -) - -// endpointsStrategy implements behavior for Endpoints -type endpointsStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Endpoint -// objects via the REST API. -var Strategy = endpointsStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is true for endpoints. -func (endpointsStrategy) NamespaceScoped() bool { - return true -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (endpointsStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (endpointsStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -// Validate validates a new endpoints. -func (endpointsStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - return validation.ValidateEndpointsCreate(obj.(*api.Endpoints)) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (endpointsStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (endpointsStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is true for endpoints. -func (endpointsStrategy) AllowCreateOnUpdate() bool { - return true -} - -// ValidateUpdate is the default update validation for an end user. -func (endpointsStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateEndpointsUpdate(obj.(*api.Endpoints), old.(*api.Endpoints)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (endpointsStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (endpointsStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/doc.go deleted file mode 100644 index af702d55de..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package event provides Registry interface and it's REST -// implementation for storing Event api objects. -package event // import "k8s.io/kubernetes/pkg/registry/core/event" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/storage/storage.go deleted file mode 100644 index ee4498934d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/storage/storage.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/event" -) - -// REST implements a RESTStorage for events. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against events. -func NewREST(optsGetter generic.RESTOptionsGetter, ttl uint64) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.Event{} }, - NewListFunc: func() runtime.Object { return &api.EventList{} }, - PredicateFunc: event.Matcher, - TTLFunc: func(runtime.Object, uint64, bool) (uint64, error) { - return ttl, nil - }, - DefaultQualifiedResource: api.Resource("events"), - - CreateStrategy: event.Strategy, - UpdateStrategy: event.Strategy, - DeleteStrategy: event.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: event.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"ev"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/strategy.go deleted file mode 100644 index 94f76598f1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/event/strategy.go +++ /dev/null @@ -1,141 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package event - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" -) - -type eventStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// Event objects via the REST API. -var Strategy = eventStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (eventStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - return rest.Unsupported -} - -func (eventStrategy) NamespaceScoped() bool { - return true -} - -func (eventStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -func (eventStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -func (eventStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - groupVersion := requestGroupVersion(ctx) - event := obj.(*api.Event) - return validation.ValidateEventCreate(event, groupVersion) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (eventStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (eventStrategy) Canonicalize(obj runtime.Object) { -} - -func (eventStrategy) AllowCreateOnUpdate() bool { - return true -} - -func (eventStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - groupVersion := requestGroupVersion(ctx) - event := obj.(*api.Event) - oldEvent := old.(*api.Event) - return validation.ValidateEventUpdate(event, oldEvent, groupVersion) -} - -// WarningsOnUpdate returns warnings for the given update. -func (eventStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (eventStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - event, ok := obj.(*api.Event) - if !ok { - return nil, nil, fmt.Errorf("not an event") - } - return labels.Set(event.Labels), ToSelectableFields(event), nil -} - -// Matcher returns a selection predicate for a given label and field selector. -func Matcher(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -// ToSelectableFields returns a field set that represents the object. -func ToSelectableFields(event *api.Event) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&event.ObjectMeta, true) - source := event.Source.Component - if source == "" { - source = event.ReportingController - } - specificFieldsSet := fields.Set{ - "involvedObject.kind": event.InvolvedObject.Kind, - "involvedObject.namespace": event.InvolvedObject.Namespace, - "involvedObject.name": event.InvolvedObject.Name, - "involvedObject.uid": string(event.InvolvedObject.UID), - "involvedObject.apiVersion": event.InvolvedObject.APIVersion, - "involvedObject.resourceVersion": event.InvolvedObject.ResourceVersion, - "involvedObject.fieldPath": event.InvolvedObject.FieldPath, - "reason": event.Reason, - "reportingComponent": event.ReportingController, // use the core/v1 field name - "source": source, - "type": event.Type, - } - return generic.MergeFieldsSets(specificFieldsSet, objectMetaFieldsSet) -} - -// requestGroupVersion returns the group/version associated with the given context, or a zero-value group/version. -func requestGroupVersion(ctx context.Context) schema.GroupVersion { - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - return schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - } - return schema.GroupVersion{} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/doc.go deleted file mode 100644 index 3bfae45cb6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package limitrange provides Registry interface and it's REST -// implementation for storing LimitRange api objects. -package limitrange // import "k8s.io/kubernetes/pkg/registry/core/limitrange" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/storage/storage.go deleted file mode 100644 index b3fd401f70..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/storage/storage.go +++ /dev/null @@ -1,60 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/registry/core/limitrange" -) - -// REST implements a RESTStorage for limit ranges. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against limit ranges. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.LimitRange{} }, - NewListFunc: func() runtime.Object { return &api.LimitRangeList{} }, - DefaultQualifiedResource: api.Resource("limitranges"), - - CreateStrategy: limitrange.Strategy, - UpdateStrategy: limitrange.Strategy, - DeleteStrategy: limitrange.Strategy, - - // TODO: define table converter that exposes more than name/creation timestamp - TableConvertor: rest.NewDefaultTableConvertor(api.Resource("limitranges")), - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"limits"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/strategy.go deleted file mode 100644 index 479d958ca7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/limitrange/strategy.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package limitrange - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/uuid" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" -) - -type limitrangeStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// LimitRange objects via the REST API. -var Strategy = limitrangeStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (limitrangeStrategy) NamespaceScoped() bool { - return true -} - -func (limitrangeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - limitRange := obj.(*api.LimitRange) - if len(limitRange.Name) == 0 { - limitRange.Name = string(uuid.NewUUID()) - } -} - -func (limitrangeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -func (limitrangeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - limitRange := obj.(*api.LimitRange) - return validation.ValidateLimitRange(limitRange) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (limitrangeStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (limitrangeStrategy) Canonicalize(obj runtime.Object) { -} - -func (limitrangeStrategy) AllowCreateOnUpdate() bool { - return true -} - -func (limitrangeStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - limitRange := obj.(*api.LimitRange) - return validation.ValidateLimitRange(limitRange) -} - -// WarningsOnUpdate returns warnings for the given update. -func (limitrangeStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (limitrangeStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/doc.go deleted file mode 100644 index a01a2e5f9e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package namespace provides Registry interface and it's REST -// implementation for storing Namespace api objects. -package namespace // import "k8s.io/kubernetes/pkg/registry/core/namespace" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/storage/storage.go deleted file mode 100644 index 37b130092c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/storage/storage.go +++ /dev/null @@ -1,355 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - storageerr "k8s.io/apiserver/pkg/storage/errors" - "k8s.io/apiserver/pkg/util/dryrun" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/namespace" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// rest implements a RESTStorage for namespaces -type REST struct { - store *genericregistry.Store - status *genericregistry.Store -} - -// StatusREST implements the REST endpoint for changing the status of a namespace. -type StatusREST struct { - store *genericregistry.Store -} - -// FinalizeREST implements the REST endpoint for finalizing a namespace. -type FinalizeREST struct { - store *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against namespaces. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, *FinalizeREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.Namespace{} }, - NewListFunc: func() runtime.Object { return &api.NamespaceList{} }, - PredicateFunc: namespace.MatchNamespace, - DefaultQualifiedResource: api.Resource("namespaces"), - - CreateStrategy: namespace.Strategy, - UpdateStrategy: namespace.Strategy, - DeleteStrategy: namespace.Strategy, - ResetFieldsStrategy: namespace.Strategy, - ReturnDeletedObject: true, - - ShouldDeleteDuringUpdate: ShouldDeleteNamespaceDuringUpdate, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: namespace.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = namespace.StatusStrategy - statusStore.ResetFieldsStrategy = namespace.StatusStrategy - - finalizeStore := *store - finalizeStore.UpdateStrategy = namespace.FinalizeStrategy - finalizeStore.ResetFieldsStrategy = namespace.FinalizeStrategy - - return &REST{store: store, status: &statusStore}, &StatusREST{store: &statusStore}, &FinalizeREST{store: &finalizeStore}, nil -} - -func (r *REST) NamespaceScoped() bool { - return r.store.NamespaceScoped() -} - -func (r *REST) New() runtime.Object { - return r.store.New() -} - -// Destroy cleans up resources on shutdown. -func (r *REST) Destroy() { - r.store.Destroy() -} - -func (r *REST) NewList() runtime.Object { - return r.store.NewList() -} - -func (r *REST) List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) { - return r.store.List(ctx, options) -} - -func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - return r.store.Create(ctx, obj, createValidation, options) -} - -func (r *REST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, forceAllowCreate, options) -} - -func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptions) (watch.Interface, error) { - return r.store.Watch(ctx, options) -} - -// Delete enforces life-cycle rules for namespace termination -func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error) { - nsObj, err := r.Get(ctx, name, &metav1.GetOptions{}) - if err != nil { - return nil, false, err - } - - namespace := nsObj.(*api.Namespace) - - // Ensure we have a UID precondition - if options == nil { - options = metav1.NewDeleteOptions(0) - } - if options.Preconditions == nil { - options.Preconditions = &metav1.Preconditions{} - } - if options.Preconditions.UID == nil { - options.Preconditions.UID = &namespace.UID - } else if *options.Preconditions.UID != namespace.UID { - err = apierrors.NewConflict( - api.Resource("namespaces"), - name, - fmt.Errorf("Precondition failed: UID in precondition: %v, UID in object meta: %v", *options.Preconditions.UID, namespace.UID), - ) - return nil, false, err - } - if options.Preconditions.ResourceVersion != nil && *options.Preconditions.ResourceVersion != namespace.ResourceVersion { - err = apierrors.NewConflict( - api.Resource("namespaces"), - name, - fmt.Errorf("Precondition failed: ResourceVersion in precondition: %v, ResourceVersion in object meta: %v", *options.Preconditions.ResourceVersion, namespace.ResourceVersion), - ) - return nil, false, err - } - - // upon first request to delete, we switch the phase to start namespace termination - // TODO: enhance graceful deletion's calls to DeleteStrategy to allow phase change and finalizer patterns - if namespace.DeletionTimestamp.IsZero() { - key, err := r.store.KeyFunc(ctx, name) - if err != nil { - return nil, false, err - } - - preconditions := storage.Preconditions{UID: options.Preconditions.UID, ResourceVersion: options.Preconditions.ResourceVersion} - - out := r.store.NewFunc() - err = r.store.Storage.GuaranteedUpdate( - ctx, key, out, false, &preconditions, - storage.SimpleUpdate(func(existing runtime.Object) (runtime.Object, error) { - existingNamespace, ok := existing.(*api.Namespace) - if !ok { - // wrong type - return nil, fmt.Errorf("expected *api.Namespace, got %v", existing) - } - if err := deleteValidation(ctx, existingNamespace); err != nil { - return nil, err - } - // Set the deletion timestamp if needed - if existingNamespace.DeletionTimestamp.IsZero() { - now := metav1.Now() - existingNamespace.DeletionTimestamp = &now - } - // Set the namespace phase to terminating, if needed - if existingNamespace.Status.Phase != api.NamespaceTerminating { - existingNamespace.Status.Phase = api.NamespaceTerminating - } - - // the current finalizers which are on namespace - currentFinalizers := map[string]bool{} - for _, f := range existingNamespace.Finalizers { - currentFinalizers[f] = true - } - // the finalizers we should ensure on namespace - shouldHaveFinalizers := map[string]bool{ - metav1.FinalizerOrphanDependents: shouldHaveOrphanFinalizer(options, currentFinalizers[metav1.FinalizerOrphanDependents]), - metav1.FinalizerDeleteDependents: shouldHaveDeleteDependentsFinalizer(options, currentFinalizers[metav1.FinalizerDeleteDependents]), - } - // determine whether there are changes - changeNeeded := false - for finalizer, shouldHave := range shouldHaveFinalizers { - changeNeeded = currentFinalizers[finalizer] != shouldHave || changeNeeded - if shouldHave { - currentFinalizers[finalizer] = true - } else { - delete(currentFinalizers, finalizer) - } - } - // make the changes if needed - if changeNeeded { - newFinalizers := []string{} - for f := range currentFinalizers { - newFinalizers = append(newFinalizers, f) - } - existingNamespace.Finalizers = newFinalizers - } - return existingNamespace, nil - }), - dryrun.IsDryRun(options.DryRun), - nil, - ) - - if err != nil { - err = storageerr.InterpretGetError(err, api.Resource("namespaces"), name) - err = storageerr.InterpretUpdateError(err, api.Resource("namespaces"), name) - if _, ok := err.(*apierrors.StatusError); !ok { - err = apierrors.NewInternalError(err) - } - return nil, false, err - } - - return out, false, nil - } - - // prior to final deletion, we must ensure that finalizers is empty - if len(namespace.Spec.Finalizers) != 0 { - return namespace, false, nil - } - return r.store.Delete(ctx, name, deleteValidation, options) -} - -// ShouldDeleteNamespaceDuringUpdate adds namespace-specific spec.finalizer checks on top of the default generic ShouldDeleteDuringUpdate behavior -func ShouldDeleteNamespaceDuringUpdate(ctx context.Context, key string, obj, existing runtime.Object) bool { - ns, ok := obj.(*api.Namespace) - if !ok { - utilruntime.HandleError(fmt.Errorf("unexpected type %T", obj)) - return false - } - return len(ns.Spec.Finalizers) == 0 && genericregistry.ShouldDeleteDuringUpdate(ctx, key, obj, existing) -} - -func shouldHaveOrphanFinalizer(options *metav1.DeleteOptions, haveOrphanFinalizer bool) bool { - //nolint:staticcheck // SA1019 backwards compatibility - if options.OrphanDependents != nil { - return *options.OrphanDependents - } - if options.PropagationPolicy != nil { - return *options.PropagationPolicy == metav1.DeletePropagationOrphan - } - return haveOrphanFinalizer -} - -func shouldHaveDeleteDependentsFinalizer(options *metav1.DeleteOptions, haveDeleteDependentsFinalizer bool) bool { - //nolint:staticcheck // SA1019 backwards compatibility - if options.OrphanDependents != nil { - return *options.OrphanDependents == false - } - if options.PropagationPolicy != nil { - return *options.PropagationPolicy == metav1.DeletePropagationForeground - } - return haveDeleteDependentsFinalizer -} - -func (e *REST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return e.store.ConvertToTable(ctx, object, tableOptions) -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"ns"} -} - -var _ rest.StorageVersionProvider = &REST{} - -func (r *REST) StorageVersion() runtime.GroupVersioner { - return r.store.StorageVersion() -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *REST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} -func (r *StatusREST) New() runtime.Object { - return r.store.New() -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -func (r *FinalizeREST) New() runtime.Object { - return r.store.New() -} - -// Destroy cleans up resources on shutdown. -func (r *FinalizeREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Update alters the status finalizers subset of an object. -func (r *FinalizeREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *FinalizeREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/strategy.go deleted file mode 100644 index e172a589da..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/namespace/strategy.go +++ /dev/null @@ -1,242 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package namespace - -import ( - "context" - "fmt" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - apistorage "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// namespaceStrategy implements behavior for Namespaces -type namespaceStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Namespace -// objects via the REST API. -var Strategy = namespaceStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is false for namespaces. -func (namespaceStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (namespaceStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (namespaceStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - // on create, status is active - namespace := obj.(*api.Namespace) - namespace.Status = api.NamespaceStatus{ - Phase: api.NamespaceActive, - } - // on create, we require the kubernetes value - // we cannot use this in defaults conversion because we let it get removed over life of object - hasKubeFinalizer := false - for i := range namespace.Spec.Finalizers { - if namespace.Spec.Finalizers[i] == api.FinalizerKubernetes { - hasKubeFinalizer = true - break - } - } - if !hasKubeFinalizer { - if len(namespace.Spec.Finalizers) == 0 { - namespace.Spec.Finalizers = []api.FinalizerName{api.FinalizerKubernetes} - } else { - namespace.Spec.Finalizers = append(namespace.Spec.Finalizers, api.FinalizerKubernetes) - } - } -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (namespaceStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNamespace := obj.(*api.Namespace) - oldNamespace := old.(*api.Namespace) - newNamespace.Spec.Finalizers = oldNamespace.Spec.Finalizers - newNamespace.Status = oldNamespace.Status -} - -// Validate validates a new namespace. -func (namespaceStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - namespace := obj.(*api.Namespace) - return validation.ValidateNamespace(namespace) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (namespaceStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (namespaceStrategy) Canonicalize(obj runtime.Object) { - // Ensure the label matches the name for namespaces just created using GenerateName, - // where the final name wasn't available for defaulting to make this change. - // This code needs to be kept in sync with the implementation that exists - // in Namespace defaulting (pkg/apis/core/v1) - // Why this hook *and* defaults.go? - // - // CREATE: - // Defaulting and PrepareForCreate happen before generateName is completed - // (i.e. the name is not yet known). Validation happens after generateName - // but should not modify objects. Canonicalize happens later, which makes - // it the best hook for setting the label. - // - // UPDATE: - // Defaulting and Canonicalize will both trigger with the full name. - // - // GET: - // Only defaulting will be applied. - ns := obj.(*api.Namespace) - if ns.Labels == nil { - ns.Labels = map[string]string{} - } - ns.Labels[v1.LabelMetadataName] = ns.Name -} - -// AllowCreateOnUpdate is false for namespaces. -func (namespaceStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (namespaceStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - errorList := validation.ValidateNamespace(obj.(*api.Namespace)) - return append(errorList, validation.ValidateNamespaceUpdate(obj.(*api.Namespace), old.(*api.Namespace))...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (namespaceStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (namespaceStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type namespaceStatusStrategy struct { - namespaceStrategy -} - -var StatusStrategy = namespaceStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (namespaceStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } -} - -func (namespaceStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNamespace := obj.(*api.Namespace) - oldNamespace := old.(*api.Namespace) - newNamespace.Spec = oldNamespace.Spec -} - -func (namespaceStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateNamespaceStatusUpdate(obj.(*api.Namespace), old.(*api.Namespace)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (namespaceStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -type namespaceFinalizeStrategy struct { - namespaceStrategy -} - -var FinalizeStrategy = namespaceFinalizeStrategy{Strategy} - -func (namespaceFinalizeStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateNamespaceFinalizeUpdate(obj.(*api.Namespace), old.(*api.Namespace)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (namespaceFinalizeStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (namespaceFinalizeStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (namespaceFinalizeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNamespace := obj.(*api.Namespace) - oldNamespace := old.(*api.Namespace) - newNamespace.Status = oldNamespace.Status -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - namespaceObj, ok := obj.(*api.Namespace) - if !ok { - return nil, nil, fmt.Errorf("not a namespace") - } - return labels.Set(namespaceObj.Labels), NamespaceToSelectableFields(namespaceObj), nil -} - -// MatchNamespace returns a generic matcher for a given label and field selector. -func MatchNamespace(label labels.Selector, field fields.Selector) apistorage.SelectionPredicate { - return apistorage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -// NamespaceToSelectableFields returns a field set that represents the object -func NamespaceToSelectableFields(namespace *api.Namespace) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&namespace.ObjectMeta, false) - specificFieldsSet := fields.Set{ - "status.phase": string(namespace.Status.Phase), - // This is a bug, but we need to support it for backward compatibility. - "name": namespace.Name, - } - return generic.MergeFieldsSets(objectMetaFieldsSet, specificFieldsSet) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/doc.go deleted file mode 100644 index 35afe9968d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package node provides Registry interface and implementation for storing Nodes. -package node // import "k8s.io/kubernetes/pkg/registry/core/node" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/rest/proxy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/rest/proxy.go deleted file mode 100644 index 40e6431b40..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/rest/proxy.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "context" - "fmt" - "net/http" - "net/url" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/proxy" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/capabilities" - "k8s.io/kubernetes/pkg/kubelet/client" - "k8s.io/kubernetes/pkg/registry/core/node" -) - -// ProxyREST implements the proxy subresource for a Node -type ProxyREST struct { - Store *genericregistry.Store - Connection client.ConnectionInfoGetter - ProxyTransport http.RoundTripper -} - -// Implement Connecter -var _ = rest.Connecter(&ProxyREST{}) - -var proxyMethods = []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"} - -// New returns an empty nodeProxyOptions object. -func (r *ProxyREST) New() runtime.Object { - return &api.NodeProxyOptions{} -} - -// Destroy cleans up resources on shutdown. -func (r *ProxyREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// ConnectMethods returns the list of HTTP methods that can be proxied -func (r *ProxyREST) ConnectMethods() []string { - return proxyMethods -} - -// NewConnectOptions returns versioned resource that represents proxy parameters -func (r *ProxyREST) NewConnectOptions() (runtime.Object, bool, string) { - return &api.NodeProxyOptions{}, true, "path" -} - -// Connect returns a handler for the node proxy -func (r *ProxyREST) Connect(ctx context.Context, id string, opts runtime.Object, responder rest.Responder) (http.Handler, error) { - proxyOpts, ok := opts.(*api.NodeProxyOptions) - if !ok { - return nil, fmt.Errorf("Invalid options object: %#v", opts) - } - location, transport, err := node.ResourceLocation(r.Store, r.Connection, r.ProxyTransport, ctx, id) - if err != nil { - return nil, err - } - location.Path = net.JoinPreservingTrailingSlash(location.Path, proxyOpts.Path) - // Return a proxy handler that uses the desired transport, wrapped with additional proxy handling (to get URL rewriting, X-Forwarded-* headers, etc) - return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, responder), nil -} - -func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder rest.Responder) *proxy.UpgradeAwareHandler { - handler := proxy.NewUpgradeAwareHandler(location, transport, wrapTransport, upgradeRequired, proxy.NewErrorResponder(responder)) - handler.MaxBytesPerSec = capabilities.Get().PerConnectionBandwidthLimitBytesPerSec - return handler -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/storage/storage.go deleted file mode 100644 index 56e806770f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/storage/storage.go +++ /dev/null @@ -1,173 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - "net/http" - "net/url" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - api "k8s.io/kubernetes/pkg/apis/core" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" - "k8s.io/kubernetes/pkg/kubelet/client" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/node" - noderest "k8s.io/kubernetes/pkg/registry/core/node/rest" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// NodeStorage includes storage for nodes and all sub resources. -type NodeStorage struct { - Node *REST - Status *StatusREST - Proxy *noderest.ProxyREST - - KubeletConnectionInfo client.ConnectionInfoGetter -} - -// REST implements a RESTStorage for nodes. -type REST struct { - *genericregistry.Store - connection client.ConnectionInfoGetter - proxyTransport http.RoundTripper -} - -// StatusREST implements the REST endpoint for changing the status of a node. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new Node object. -func (r *StatusREST) New() runtime.Object { - return &api.Node{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -// NewStorage returns a NodeStorage object that will work against nodes. -func NewStorage(optsGetter generic.RESTOptionsGetter, kubeletClientConfig client.KubeletClientConfig, proxyTransport http.RoundTripper) (*NodeStorage, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.Node{} }, - NewListFunc: func() runtime.Object { return &api.NodeList{} }, - PredicateFunc: node.MatchNode, - DefaultQualifiedResource: api.Resource("nodes"), - - CreateStrategy: node.Strategy, - UpdateStrategy: node.Strategy, - DeleteStrategy: node.Strategy, - ResetFieldsStrategy: node.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{ - RESTOptions: optsGetter, - AttrFunc: node.GetAttrs, - TriggerFunc: map[string]storage.IndexerFunc{"metadata.name": node.NameTriggerFunc}, - } - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = node.StatusStrategy - statusStore.ResetFieldsStrategy = node.StatusStrategy - - // Set up REST handlers - nodeREST := &REST{Store: store, proxyTransport: proxyTransport} - statusREST := &StatusREST{store: &statusStore} - proxyREST := &noderest.ProxyREST{Store: store, ProxyTransport: proxyTransport} - - // Build a NodeGetter that looks up nodes using the REST handler - nodeGetter := client.NodeGetterFunc(func(ctx context.Context, nodeName string, options metav1.GetOptions) (*v1.Node, error) { - obj, err := nodeREST.Get(ctx, nodeName, &options) - if err != nil { - return nil, err - } - node, ok := obj.(*api.Node) - if !ok { - return nil, fmt.Errorf("unexpected type %T", obj) - } - // TODO: Remove the conversion. Consider only return the NodeAddresses - externalNode := &v1.Node{} - err = k8s_api_v1.Convert_core_Node_To_v1_Node(node, externalNode, nil) - if err != nil { - return nil, fmt.Errorf("failed to convert to v1.Node: %v", err) - } - return externalNode, nil - }) - connectionInfoGetter, err := client.NewNodeConnectionInfoGetter(nodeGetter, kubeletClientConfig) - if err != nil { - return nil, err - } - nodeREST.connection = connectionInfoGetter - proxyREST.Connection = connectionInfoGetter - - return &NodeStorage{ - Node: nodeREST, - Status: statusREST, - Proxy: proxyREST, - KubeletConnectionInfo: connectionInfoGetter, - }, nil -} - -// Implement Redirector. -var _ = rest.Redirector(&REST{}) - -// ResourceLocation returns a URL to which one can send traffic for the specified node. -func (r *REST) ResourceLocation(ctx context.Context, id string) (*url.URL, http.RoundTripper, error) { - return node.ResourceLocation(r, r.connection, r.proxyTransport, ctx, id) -} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"no"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/strategy.go deleted file mode 100644 index 562c6e2db3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/node/strategy.go +++ /dev/null @@ -1,279 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "context" - "fmt" - "net" - "net/http" - "net/url" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - pkgstorage "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/kubelet/client" - proxyutil "k8s.io/kubernetes/pkg/proxy/util" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// nodeStrategy implements behavior for nodes -type nodeStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Nodes is the default logic that applies when creating and updating Node -// objects. -var Strategy = nodeStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is false for nodes. -func (nodeStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (nodeStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// AllowCreateOnUpdate is false for nodes. -func (nodeStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (nodeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - node := obj.(*api.Node) - dropDisabledFields(node, nil) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (nodeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNode := obj.(*api.Node) - oldNode := old.(*api.Node) - newNode.Status = oldNode.Status - - dropDisabledFields(newNode, oldNode) -} - -func dropDisabledFields(node *api.Node, oldNode *api.Node) { - // Nodes allow *all* fields, including status, to be set on create. - // for create - if oldNode == nil { - node.Spec.ConfigSource = nil - node.Status.Config = nil - } - - // for update - if !nodeConfigSourceInUse(oldNode) && oldNode != nil { - node.Spec.ConfigSource = nil - } - -} - -// nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used) -func nodeConfigSourceInUse(node *api.Node) bool { - if node == nil { - return false - } - if node.Spec.ConfigSource != nil { - return true - } - return false -} - -// Validate validates a new node. -func (nodeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - node := obj.(*api.Node) - return validation.ValidateNode(node) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (nodeStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return dynamicKubeletConfigIsDeprecatedWarning(obj) -} - -// Canonicalize normalizes the object after validation. -func (nodeStrategy) Canonicalize(obj runtime.Object) { -} - -// ValidateUpdate is the default update validation for an end user. -func (nodeStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - errorList := validation.ValidateNode(obj.(*api.Node)) - return append(errorList, validation.ValidateNodeUpdate(obj.(*api.Node), old.(*api.Node))...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (nodeStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return dynamicKubeletConfigIsDeprecatedWarning(obj) -} - -func (nodeStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type nodeStatusStrategy struct { - nodeStrategy -} - -var StatusStrategy = nodeStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (nodeStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -func (nodeStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNode := obj.(*api.Node) - oldNode := old.(*api.Node) - newNode.Spec = oldNode.Spec - - if !nodeStatusConfigInUse(oldNode) { - newNode.Status.Config = nil - } -} - -// nodeStatusConfigInUse returns true if node's Status Config is set(used) -func nodeStatusConfigInUse(node *api.Node) bool { - if node == nil { - return false - } - if node.Status.Config != nil { - return true - } - return false -} - -func (nodeStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateNodeUpdate(obj.(*api.Node), old.(*api.Node)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (nodeStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (nodeStatusStrategy) Canonicalize(obj runtime.Object) { -} - -// ResourceGetter is an interface for retrieving resources by ResourceLocation. -type ResourceGetter interface { - Get(context.Context, string, *metav1.GetOptions) (runtime.Object, error) -} - -// NodeToSelectableFields returns a field set that represents the object. -func NodeToSelectableFields(node *api.Node) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&node.ObjectMeta, false) - specificFieldsSet := fields.Set{ - "spec.unschedulable": fmt.Sprint(node.Spec.Unschedulable), - } - return generic.MergeFieldsSets(objectMetaFieldsSet, specificFieldsSet) -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - nodeObj, ok := obj.(*api.Node) - if !ok { - return nil, nil, fmt.Errorf("not a node") - } - return labels.Set(nodeObj.ObjectMeta.Labels), NodeToSelectableFields(nodeObj), nil -} - -// MatchNode returns a generic matcher for a given label and field selector. -func MatchNode(label labels.Selector, field fields.Selector) pkgstorage.SelectionPredicate { - return pkgstorage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - IndexFields: []string{"metadata.name"}, - } -} - -// NameTriggerFunc returns value metadata.namespace of given object. -func NameTriggerFunc(obj runtime.Object) string { - return obj.(*api.Node).ObjectMeta.Name -} - -// ResourceLocation returns a URL and transport which one can use to send traffic for the specified node. -func ResourceLocation(getter ResourceGetter, connection client.ConnectionInfoGetter, proxyTransport http.RoundTripper, ctx context.Context, id string) (*url.URL, http.RoundTripper, error) { - schemeReq, name, portReq, valid := utilnet.SplitSchemeNamePort(id) - if !valid { - return nil, nil, errors.NewBadRequest(fmt.Sprintf("invalid node request %q", id)) - } - - info, err := connection.GetConnectionInfo(ctx, types.NodeName(name)) - if err != nil { - return nil, nil, err - } - - if err := proxyutil.IsProxyableHostname(ctx, &net.Resolver{}, info.Hostname); err != nil { - return nil, nil, errors.NewBadRequest(err.Error()) - } - - // We check if we want to get a default Kubelet's transport. It happens if either: - // - no port is specified in request (Kubelet's port is default) - // - the requested port matches the kubelet port for this node - if portReq == "" || portReq == info.Port { - return &url.URL{ - Scheme: info.Scheme, - Host: net.JoinHostPort(info.Hostname, info.Port), - }, - info.Transport, - nil - } - - // Otherwise, return the requested scheme and port, and the proxy transport - return &url.URL{Scheme: schemeReq, Host: net.JoinHostPort(info.Hostname, portReq)}, proxyTransport, nil -} - -func dynamicKubeletConfigIsDeprecatedWarning(obj runtime.Object) []string { - newNode := obj.(*api.Node) - if newNode.Spec.ConfigSource != nil { - var warnings []string - // KEP https://github.com/kubernetes/enhancements/issues/281 - warnings = append(warnings, "spec.configSource: the feature is removed") - return warnings - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/doc.go deleted file mode 100644 index 17cfef1533..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package persistentvolume // import "k8s.io/kubernetes/pkg/registry/core/persistentvolume" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/storage/storage.go deleted file mode 100644 index df65eabc87..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/storage/storage.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/persistentvolume" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for persistent volumes. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against persistent volumes. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.PersistentVolume{} }, - NewListFunc: func() runtime.Object { return &api.PersistentVolumeList{} }, - PredicateFunc: persistentvolume.MatchPersistentVolumes, - DefaultQualifiedResource: api.Resource("persistentvolumes"), - - CreateStrategy: persistentvolume.Strategy, - UpdateStrategy: persistentvolume.Strategy, - DeleteStrategy: persistentvolume.Strategy, - ReturnDeletedObject: true, - ResetFieldsStrategy: persistentvolume.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: persistentvolume.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = persistentvolume.StatusStrategy - statusStore.ResetFieldsStrategy = persistentvolume.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"pv"} -} - -// StatusREST implements the REST endpoint for changing the status of a persistentvolume. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new PersistentVolume object. -func (r *StatusREST) New() runtime.Object { - return &api.PersistentVolume{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/strategy.go deleted file mode 100644 index e175a4097a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolume/strategy.go +++ /dev/null @@ -1,179 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package persistentvolume - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - pvutil "k8s.io/kubernetes/pkg/api/persistentvolume" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - volumevalidation "k8s.io/kubernetes/pkg/volume/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// persistentvolumeStrategy implements behavior for PersistentVolume objects -type persistentvolumeStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating PersistentVolume -// objects via the REST API. -var Strategy = persistentvolumeStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (persistentvolumeStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (persistentvolumeStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// ResetBeforeCreate clears the Status field which is not allowed to be set by end users on creation. -func (persistentvolumeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - pv := obj.(*api.PersistentVolume) - pv.Status = api.PersistentVolumeStatus{} - - pvutil.DropDisabledFields(&pv.Spec, nil) -} - -func (persistentvolumeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - persistentvolume := obj.(*api.PersistentVolume) - opts := validation.ValidationOptionsForPersistentVolume(persistentvolume, nil) - errorList := validation.ValidatePersistentVolume(persistentvolume, opts) - return append(errorList, volumevalidation.ValidatePersistentVolume(persistentvolume)...) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (persistentvolumeStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return pvutil.GetWarningsForPersistentVolume(obj.(*api.PersistentVolume)) -} - -// Canonicalize normalizes the object after validation. -func (persistentvolumeStrategy) Canonicalize(obj runtime.Object) { -} - -func (persistentvolumeStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate sets the Status fields which is not allowed to be set by an end user updating a PV -func (persistentvolumeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPv := obj.(*api.PersistentVolume) - oldPv := old.(*api.PersistentVolume) - newPv.Status = oldPv.Status - - pvutil.DropDisabledFields(&newPv.Spec, &oldPv.Spec) -} - -func (persistentvolumeStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newPv := obj.(*api.PersistentVolume) - oldPv := old.(*api.PersistentVolume) - opts := validation.ValidationOptionsForPersistentVolume(newPv, oldPv) - errorList := validation.ValidatePersistentVolume(newPv, opts) - errorList = append(errorList, volumevalidation.ValidatePersistentVolume(newPv)...) - return append(errorList, validation.ValidatePersistentVolumeUpdate(newPv, oldPv, opts)...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (persistentvolumeStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return pvutil.GetWarningsForPersistentVolume(obj.(*api.PersistentVolume)) -} - -func (persistentvolumeStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type persistentvolumeStatusStrategy struct { - persistentvolumeStrategy -} - -var StatusStrategy = persistentvolumeStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (persistentvolumeStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -// PrepareForUpdate sets the Spec field which is not allowed to be changed when updating a PV's Status -func (persistentvolumeStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPv := obj.(*api.PersistentVolume) - oldPv := old.(*api.PersistentVolume) - newPv.Spec = oldPv.Spec -} - -func (persistentvolumeStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidatePersistentVolumeStatusUpdate(obj.(*api.PersistentVolume), old.(*api.PersistentVolume)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (persistentvolumeStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - persistentvolumeObj, ok := obj.(*api.PersistentVolume) - if !ok { - return nil, nil, fmt.Errorf("not a persistentvolume") - } - return labels.Set(persistentvolumeObj.Labels), PersistentVolumeToSelectableFields(persistentvolumeObj), nil -} - -// MatchPersistentVolume returns a generic matcher for a given label and field selector. -func MatchPersistentVolumes(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -// PersistentVolumeToSelectableFields returns a field set that represents the object -func PersistentVolumeToSelectableFields(persistentvolume *api.PersistentVolume) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&persistentvolume.ObjectMeta, false) - specificFieldsSet := fields.Set{ - // This is a bug, but we need to support it for backward compatibility. - "name": persistentvolume.Name, - } - return generic.MergeFieldsSets(objectMetaFieldsSet, specificFieldsSet) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/doc.go deleted file mode 100644 index 91dbc298dc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package persistentvolumeclaim // import "k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/storage/storage.go deleted file mode 100644 index d472bbd8ef..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/storage/storage.go +++ /dev/null @@ -1,155 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - pvcutil "k8s.io/kubernetes/pkg/api/persistentvolumeclaim" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for persistent volume claims. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against persistent volume claims. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.PersistentVolumeClaim{} }, - NewListFunc: func() runtime.Object { return &api.PersistentVolumeClaimList{} }, - PredicateFunc: persistentvolumeclaim.MatchPersistentVolumeClaim, - DefaultQualifiedResource: api.Resource("persistentvolumeclaims"), - - CreateStrategy: persistentvolumeclaim.Strategy, - UpdateStrategy: persistentvolumeclaim.Strategy, - DeleteStrategy: persistentvolumeclaim.Strategy, - ReturnDeletedObject: true, - ResetFieldsStrategy: persistentvolumeclaim.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: persistentvolumeclaim.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = persistentvolumeclaim.StatusStrategy - statusStore.ResetFieldsStrategy = persistentvolumeclaim.StatusStrategy - - rest := &REST{store} - store.Decorator = rest.defaultOnRead - - return rest, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"pvc"} -} - -// defaultOnRead sets interlinked fields that were not previously set on read. -// We can't do this in the normal defaulting path because that same logic -// applies on Get, Create, and Update, but we need to distinguish between them. -// -// This will be called on both PersistentVolumeClaim and PersistentVolumeClaimList types. -func (r *REST) defaultOnRead(obj runtime.Object) { - switch s := obj.(type) { - case *api.PersistentVolumeClaim: - r.defaultOnReadPvc(s) - case *api.PersistentVolumeClaimList: - r.defaultOnReadPvcList(s) - default: - // This was not an object we can default. This is not an error, as the - // caching layer can pass through here, too. - } -} - -// defaultOnReadPvcList defaults a PersistentVolumeClaimList. -func (r *REST) defaultOnReadPvcList(pvcList *api.PersistentVolumeClaimList) { - if pvcList == nil { - return - } - - for i := range pvcList.Items { - r.defaultOnReadPvc(&pvcList.Items[i]) - } -} - -// defaultOnReadPvc defaults a single PersistentVolumeClaim. -func (r *REST) defaultOnReadPvc(pvc *api.PersistentVolumeClaim) { - if pvc == nil { - return - } - - // We set dataSourceRef to the same value as dataSource at creation time now, - // but for pre-existing PVCs with data sources, the dataSourceRef field will - // be blank, so we fill it in here at read time. - pvcutil.NormalizeDataSources(&pvc.Spec) -} - -// StatusREST implements the REST endpoint for changing the status of a persistentvolumeclaim. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new PersistentVolumeClaim object. -func (r *StatusREST) New() runtime.Object { - return &api.PersistentVolumeClaim{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/strategy.go deleted file mode 100644 index 2352c8edc4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/strategy.go +++ /dev/null @@ -1,202 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package persistentvolumeclaim - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - - "k8s.io/kubernetes/pkg/api/legacyscheme" - pvcutil "k8s.io/kubernetes/pkg/api/persistentvolumeclaim" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" -) - -// persistentvolumeclaimStrategy implements behavior for PersistentVolumeClaim objects -type persistentvolumeclaimStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating PersistentVolumeClaim -// objects via the REST API. -var Strategy = persistentvolumeclaimStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (persistentvolumeclaimStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (persistentvolumeclaimStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the Status field which is not allowed to be set by end users on creation. -func (persistentvolumeclaimStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - pvc := obj.(*api.PersistentVolumeClaim) - pvc.Status = api.PersistentVolumeClaimStatus{} - pvcutil.DropDisabledFields(&pvc.Spec, nil) - - // For data sources, we need to do 2 things to implement KEP 1495 - - // First drop invalid values from spec.dataSource (anything other than PVC or - // VolumeSnapshot) if certain conditions are met. - pvcutil.EnforceDataSourceBackwardsCompatibility(&pvc.Spec, nil) - - // Second copy dataSource -> dataSourceRef or dataSourceRef -> dataSource if one of them - // is nil and the other is non-nil - pvcutil.NormalizeDataSources(&pvc.Spec) -} - -func (persistentvolumeclaimStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - pvc := obj.(*api.PersistentVolumeClaim) - opts := validation.ValidationOptionsForPersistentVolumeClaim(pvc, nil) - return validation.ValidatePersistentVolumeClaim(pvc, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (persistentvolumeclaimStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return pvcutil.GetWarningsForPersistentVolumeClaim(obj.(*api.PersistentVolumeClaim)) -} - -// Canonicalize normalizes the object after validation. -func (persistentvolumeclaimStrategy) Canonicalize(obj runtime.Object) { -} - -func (persistentvolumeclaimStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate sets the Status field which is not allowed to be set by end users on update -func (persistentvolumeclaimStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPvc := obj.(*api.PersistentVolumeClaim) - oldPvc := old.(*api.PersistentVolumeClaim) - newPvc.Status = oldPvc.Status - - pvcutil.DropDisabledFields(&newPvc.Spec, &oldPvc.Spec) - - // We need to use similar logic to PrepareForCreate here both to preserve backwards - // compatibility with the old behavior (ignoring of garbage dataSources at both create - // and update time) and also for compatibility with older clients, that might omit - // the dataSourceRef field which we filled in automatically, so we have to fill it - // in again here. - pvcutil.EnforceDataSourceBackwardsCompatibility(&newPvc.Spec, &oldPvc.Spec) - pvcutil.NormalizeDataSources(&newPvc.Spec) - - // We also normalize the data source fields of the old PVC, so that objects saved - // from an earlier version will pass validation. - pvcutil.NormalizeDataSources(&oldPvc.Spec) -} - -func (persistentvolumeclaimStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newPvc := obj.(*api.PersistentVolumeClaim) - oldPvc := old.(*api.PersistentVolumeClaim) - opts := validation.ValidationOptionsForPersistentVolumeClaim(newPvc, oldPvc) - errorList := validation.ValidatePersistentVolumeClaim(newPvc, opts) - return append(errorList, validation.ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc, opts)...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (persistentvolumeclaimStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return pvcutil.GetWarningsForPersistentVolumeClaim(obj.(*api.PersistentVolumeClaim)) -} - -func (persistentvolumeclaimStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type persistentvolumeclaimStatusStrategy struct { - persistentvolumeclaimStrategy -} - -var StatusStrategy = persistentvolumeclaimStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (persistentvolumeclaimStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -// PrepareForUpdate sets the Spec field which is not allowed to be changed when updating a PV's Status -func (persistentvolumeclaimStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPVC := obj.(*api.PersistentVolumeClaim) - oldPVC := old.(*api.PersistentVolumeClaim) - newPVC.Spec = oldPVC.Spec - pvcutil.DropDisabledFieldsFromStatus(newPVC, oldPVC) -} - -func (persistentvolumeclaimStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newPvc := obj.(*api.PersistentVolumeClaim) - oldPvc := old.(*api.PersistentVolumeClaim) - opts := validation.ValidationOptionsForPersistentVolumeClaim(newPvc, oldPvc) - return validation.ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc, opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (persistentvolumeclaimStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - persistentvolumeclaimObj, ok := obj.(*api.PersistentVolumeClaim) - if !ok { - return nil, nil, fmt.Errorf("not a persistentvolumeclaim") - } - return labels.Set(persistentvolumeclaimObj.Labels), PersistentVolumeClaimToSelectableFields(persistentvolumeclaimObj), nil -} - -// MatchPersistentVolumeClaim returns a generic matcher for a given label and field selector. -func MatchPersistentVolumeClaim(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -// PersistentVolumeClaimToSelectableFields returns a field set that represents the object -func PersistentVolumeClaimToSelectableFields(persistentvolumeclaim *api.PersistentVolumeClaim) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&persistentvolumeclaim.ObjectMeta, true) - specificFieldsSet := fields.Set{ - // This is a bug, but we need to support it for backward compatibility. - "name": persistentvolumeclaim.Name, - } - return generic.MergeFieldsSets(objectMetaFieldsSet, specificFieldsSet) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/doc.go deleted file mode 100644 index 7a922302c0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package pod provides Registry interface and it's RESTStorage -// implementation for storing Pod api objects. -package pod // import "k8s.io/kubernetes/pkg/registry/core/pod" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/log.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/log.go deleted file mode 100644 index e6b02069b2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/log.go +++ /dev/null @@ -1,135 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - genericrest "k8s.io/apiserver/pkg/registry/generic/rest" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/kubelet/client" - "k8s.io/kubernetes/pkg/registry/core/pod" - - // ensure types are installed - _ "k8s.io/kubernetes/pkg/apis/core/install" -) - -// LogREST implements the log endpoint for a Pod -type LogREST struct { - KubeletConn client.ConnectionInfoGetter - Store *genericregistry.Store -} - -// LogREST implements GetterWithOptions -var _ = rest.GetterWithOptions(&LogREST{}) - -// New creates a new Pod log options object -func (r *LogREST) New() runtime.Object { - // TODO - return a resource that represents a log - return &api.Pod{} -} - -// Destroy cleans up resources on shutdown. -func (r *LogREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// ProducesMIMETypes returns a list of the MIME types the specified HTTP verb (GET, POST, DELETE, -// PATCH) can respond with. -func (r *LogREST) ProducesMIMETypes(verb string) []string { - // Since the default list does not include "plain/text", we need to - // explicitly override ProducesMIMETypes, so that it gets added to - // the "produces" section for pods/{name}/log - return []string{ - "text/plain", - } -} - -// ProducesObject returns an object the specified HTTP verb respond with. It will overwrite storage object if -// it is not nil. Only the type of the return object matters, the value will be ignored. -func (r *LogREST) ProducesObject(verb string) interface{} { - return "" -} - -// Get retrieves a runtime.Object that will stream the contents of the pod log -func (r *LogREST) Get(ctx context.Context, name string, opts runtime.Object) (runtime.Object, error) { - // register the metrics if the context is used. This assumes sync.Once is fast. If it's not, it could be an init block. - registerMetrics() - - logOpts, ok := opts.(*api.PodLogOptions) - if !ok { - return nil, fmt.Errorf("invalid options object: %#v", opts) - } - - countSkipTLSMetric(logOpts.InsecureSkipTLSVerifyBackend) - - if errs := validation.ValidatePodLogOptions(logOpts); len(errs) > 0 { - return nil, errors.NewInvalid(api.Kind("PodLogOptions"), name, errs) - } - location, transport, err := pod.LogLocation(ctx, r.Store, r.KubeletConn, name, logOpts) - if err != nil { - return nil, err - } - return &genericrest.LocationStreamer{ - Location: location, - Transport: transport, - ContentType: "text/plain", - Flush: logOpts.Follow, - ResponseChecker: genericrest.NewGenericHttpResponseChecker(api.Resource("pods/log"), name), - RedirectChecker: genericrest.PreventRedirects, - TLSVerificationErrorCounter: podLogsTLSFailure, - }, nil -} - -func countSkipTLSMetric(insecureSkipTLSVerifyBackend bool) { - usageType := usageEnforce - if insecureSkipTLSVerifyBackend { - usageType = usageSkipAllowed - } - - counter, err := podLogsUsage.GetMetricWithLabelValues(usageType) - if err != nil { - utilruntime.HandleError(err) - return - } - counter.Inc() -} - -// NewGetOptions creates a new options object -func (r *LogREST) NewGetOptions() (runtime.Object, bool, string) { - return &api.PodLogOptions{}, false, "" -} - -// OverrideMetricsVerb override the GET verb to CONNECT for pod log resource -func (r *LogREST) OverrideMetricsVerb(oldVerb string) (newVerb string) { - newVerb = oldVerb - - if oldVerb == "GET" { - newVerb = "CONNECT" - } - - return -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/metrics.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/metrics.go deleted file mode 100644 index 5b8bf7d91a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/metrics.go +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "sync" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const ( - namespace = "kube_apiserver" - subsystem = "pod_logs" - - usageEnforce = "enforce_tls" - usageSkipAllowed = "skip_tls_allowed" -) - -var ( - // podLogsUsage counts and categorizes how the insecure backend skip TLS option is used and allowed. - podLogsUsage = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "pods_logs_insecure_backend_total", - Help: "Total number of requests for pods/logs sliced by usage type: enforce_tls, skip_tls_allowed, skip_tls_denied", - StabilityLevel: metrics.ALPHA, - }, - []string{"usage"}, - ) - - // podLogsTLSFailure counts how many attempts to get pod logs fail on tls verification - podLogsTLSFailure = metrics.NewCounter( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "pods_logs_backend_tls_failure_total", - Help: "Total number of requests for pods/logs that failed due to kubelet server TLS verification", - StabilityLevel: metrics.ALPHA, - }, - ) -) - -var registerMetricsOnce sync.Once - -func registerMetrics() { - registerMetricsOnce.Do(func() { - legacyregistry.MustRegister(podLogsUsage) - legacyregistry.MustRegister(podLogsTLSFailure) - }) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/subresources.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/subresources.go deleted file mode 100644 index 76e0cdd4ff..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/rest/subresources.go +++ /dev/null @@ -1,220 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - "net/http" - "net/url" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/proxy" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/capabilities" - "k8s.io/kubernetes/pkg/kubelet/client" - "k8s.io/kubernetes/pkg/registry/core/pod" -) - -// ProxyREST implements the proxy subresource for a Pod -type ProxyREST struct { - Store *genericregistry.Store - ProxyTransport http.RoundTripper -} - -// Implement Connecter -var _ = rest.Connecter(&ProxyREST{}) - -var proxyMethods = []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"} - -// New returns an empty podProxyOptions object. -func (r *ProxyREST) New() runtime.Object { - return &api.PodProxyOptions{} -} - -// Destroy cleans up resources on shutdown. -func (r *ProxyREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// ConnectMethods returns the list of HTTP methods that can be proxied -func (r *ProxyREST) ConnectMethods() []string { - return proxyMethods -} - -// NewConnectOptions returns versioned resource that represents proxy parameters -func (r *ProxyREST) NewConnectOptions() (runtime.Object, bool, string) { - return &api.PodProxyOptions{}, true, "path" -} - -// Connect returns a handler for the pod proxy -func (r *ProxyREST) Connect(ctx context.Context, id string, opts runtime.Object, responder rest.Responder) (http.Handler, error) { - proxyOpts, ok := opts.(*api.PodProxyOptions) - if !ok { - return nil, fmt.Errorf("Invalid options object: %#v", opts) - } - location, transport, err := pod.ResourceLocation(ctx, r.Store, r.ProxyTransport, id) - if err != nil { - return nil, err - } - location.Path = net.JoinPreservingTrailingSlash(location.Path, proxyOpts.Path) - // Return a proxy handler that uses the desired transport, wrapped with additional proxy handling (to get URL rewriting, X-Forwarded-* headers, etc) - return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, responder), nil -} - -// Support both GET and POST methods. We must support GET for browsers that want to use WebSockets. -var upgradeableMethods = []string{"GET", "POST"} - -// AttachREST implements the attach subresource for a Pod -type AttachREST struct { - Store *genericregistry.Store - KubeletConn client.ConnectionInfoGetter -} - -// Implement Connecter -var _ = rest.Connecter(&AttachREST{}) - -// New creates a new podAttachOptions object. -func (r *AttachREST) New() runtime.Object { - return &api.PodAttachOptions{} -} - -// Destroy cleans up resources on shutdown. -func (r *AttachREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Connect returns a handler for the pod exec proxy -func (r *AttachREST) Connect(ctx context.Context, name string, opts runtime.Object, responder rest.Responder) (http.Handler, error) { - attachOpts, ok := opts.(*api.PodAttachOptions) - if !ok { - return nil, fmt.Errorf("Invalid options object: %#v", opts) - } - location, transport, err := pod.AttachLocation(ctx, r.Store, r.KubeletConn, name, attachOpts) - if err != nil { - return nil, err - } - return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil -} - -// NewConnectOptions returns the versioned object that represents exec parameters -func (r *AttachREST) NewConnectOptions() (runtime.Object, bool, string) { - return &api.PodAttachOptions{}, false, "" -} - -// ConnectMethods returns the methods supported by exec -func (r *AttachREST) ConnectMethods() []string { - return upgradeableMethods -} - -// ExecREST implements the exec subresource for a Pod -type ExecREST struct { - Store *genericregistry.Store - KubeletConn client.ConnectionInfoGetter -} - -// Implement Connecter -var _ = rest.Connecter(&ExecREST{}) - -// New creates a new podExecOptions object. -func (r *ExecREST) New() runtime.Object { - return &api.PodExecOptions{} -} - -// Destroy cleans up resources on shutdown. -func (r *ExecREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Connect returns a handler for the pod exec proxy -func (r *ExecREST) Connect(ctx context.Context, name string, opts runtime.Object, responder rest.Responder) (http.Handler, error) { - execOpts, ok := opts.(*api.PodExecOptions) - if !ok { - return nil, fmt.Errorf("invalid options object: %#v", opts) - } - location, transport, err := pod.ExecLocation(ctx, r.Store, r.KubeletConn, name, execOpts) - if err != nil { - return nil, err - } - return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil -} - -// NewConnectOptions returns the versioned object that represents exec parameters -func (r *ExecREST) NewConnectOptions() (runtime.Object, bool, string) { - return &api.PodExecOptions{}, false, "" -} - -// ConnectMethods returns the methods supported by exec -func (r *ExecREST) ConnectMethods() []string { - return upgradeableMethods -} - -// PortForwardREST implements the portforward subresource for a Pod -type PortForwardREST struct { - Store *genericregistry.Store - KubeletConn client.ConnectionInfoGetter -} - -// Implement Connecter -var _ = rest.Connecter(&PortForwardREST{}) - -// New returns an empty podPortForwardOptions object -func (r *PortForwardREST) New() runtime.Object { - return &api.PodPortForwardOptions{} -} - -// Destroy cleans up resources on shutdown. -func (r *PortForwardREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// NewConnectOptions returns the versioned object that represents the -// portforward parameters -func (r *PortForwardREST) NewConnectOptions() (runtime.Object, bool, string) { - return &api.PodPortForwardOptions{}, false, "" -} - -// ConnectMethods returns the methods supported by portforward -func (r *PortForwardREST) ConnectMethods() []string { - return upgradeableMethods -} - -// Connect returns a handler for the pod portforward proxy -func (r *PortForwardREST) Connect(ctx context.Context, name string, opts runtime.Object, responder rest.Responder) (http.Handler, error) { - portForwardOpts, ok := opts.(*api.PodPortForwardOptions) - if !ok { - return nil, fmt.Errorf("invalid options object: %#v", opts) - } - location, transport, err := pod.PortForwardLocation(ctx, r.Store, r.KubeletConn, name, portForwardOpts) - if err != nil { - return nil, err - } - return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil -} - -func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder rest.Responder) *proxy.UpgradeAwareHandler { - handler := proxy.NewUpgradeAwareHandler(location, transport, wrapTransport, upgradeRequired, proxy.NewErrorResponder(responder)) - handler.MaxBytesPerSec = capabilities.Get().PerConnectionBandwidthLimitBytesPerSec - return handler -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/eviction.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/eviction.go deleted file mode 100644 index ee8182c413..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/eviction.go +++ /dev/null @@ -1,456 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - "reflect" - "time" - - policyv1 "k8s.io/api/policy/v1" - policyv1beta1 "k8s.io/api/policy/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/apiserver/pkg/util/feature" - policyclient "k8s.io/client-go/kubernetes/typed/policy/v1" - "k8s.io/client-go/util/retry" - pdbhelper "k8s.io/component-helpers/apps/poddisruptionbudget" - podutil "k8s.io/kubernetes/pkg/api/pod" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/features" -) - -const ( - // MaxDisruptedPodSize is the max size of PodDisruptionBudgetStatus.DisruptedPods. API server eviction - // subresource handler will refuse to evict pods covered by the corresponding PDB - // if the size of the map exceeds this value. It means a large number of - // evictions have been approved by the API server but not noticed by the PDB controller yet. - // This situation should self-correct because the PDB controller removes - // entries from the map automatically after the PDB DeletionTimeout regardless. - MaxDisruptedPodSize = 2000 -) - -// EvictionsRetry is the retry for a conflict where multiple clients -// are making changes to the same resource. -var EvictionsRetry = wait.Backoff{ - Steps: 20, - Duration: 500 * time.Millisecond, - Factor: 1.0, - Jitter: 0.1, -} - -func newEvictionStorage(store rest.StandardStorage, podDisruptionBudgetClient policyclient.PodDisruptionBudgetsGetter) *EvictionREST { - return &EvictionREST{store: store, podDisruptionBudgetClient: podDisruptionBudgetClient} -} - -// EvictionREST implements the REST endpoint for evicting pods from nodes -type EvictionREST struct { - store rest.StandardStorage - podDisruptionBudgetClient policyclient.PodDisruptionBudgetsGetter -} - -var _ = rest.NamedCreater(&EvictionREST{}) -var _ = rest.GroupVersionKindProvider(&EvictionREST{}) -var _ = rest.GroupVersionAcceptor(&EvictionREST{}) - -var v1Eviction = schema.GroupVersionKind{Group: "policy", Version: "v1", Kind: "Eviction"} - -// GroupVersionKind specifies a particular GroupVersionKind to discovery -func (r *EvictionREST) GroupVersionKind(containingGV schema.GroupVersion) schema.GroupVersionKind { - return v1Eviction -} - -// AcceptsGroupVersion indicates both v1 and v1beta1 Eviction objects are acceptable -func (r *EvictionREST) AcceptsGroupVersion(gv schema.GroupVersion) bool { - switch gv { - case policyv1.SchemeGroupVersion, policyv1beta1.SchemeGroupVersion: - return true - default: - return false - } -} - -// New creates a new eviction resource -func (r *EvictionREST) New() runtime.Object { - return &policy.Eviction{} -} - -// Destroy cleans up resources on shutdown. -func (r *EvictionREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Propagate dry-run takes the dry-run option from the request and pushes it into the eviction object. -// It returns an error if they have non-matching dry-run options. -func propagateDryRun(eviction *policy.Eviction, options *metav1.CreateOptions) (*metav1.DeleteOptions, error) { - if eviction.DeleteOptions == nil { - return &metav1.DeleteOptions{DryRun: options.DryRun}, nil - } - if len(eviction.DeleteOptions.DryRun) == 0 { - eviction.DeleteOptions.DryRun = options.DryRun - return eviction.DeleteOptions, nil - } - if len(options.DryRun) == 0 { - return eviction.DeleteOptions, nil - } - - if !reflect.DeepEqual(options.DryRun, eviction.DeleteOptions.DryRun) { - return nil, fmt.Errorf("Non-matching dry-run options in request and content: %v and %v", options.DryRun, eviction.DeleteOptions.DryRun) - } - return eviction.DeleteOptions, nil -} - -// Create attempts to create a new eviction. That is, it tries to evict a pod. -func (r *EvictionREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - eviction, ok := obj.(*policy.Eviction) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("not a Eviction object: %T", obj)) - } - - if name != eviction.Name { - return nil, errors.NewBadRequest("name in URL does not match name in Eviction object") - } - - originalDeleteOptions, err := propagateDryRun(eviction, options) - if err != nil { - return nil, err - } - - if createValidation != nil { - if err := createValidation(ctx, eviction.DeepCopyObject()); err != nil { - return nil, err - } - } - - var pod *api.Pod - deletedPod := false - // by default, retry conflict errors - shouldRetry := errors.IsConflict - if !resourceVersionIsUnset(originalDeleteOptions) { - // if the original options included a resourceVersion precondition, don't retry - shouldRetry = func(err error) bool { return false } - } - - err = retry.OnError(EvictionsRetry, shouldRetry, func() error { - pod, err = getPod(r, ctx, eviction.Name) - if err != nil { - return err - } - - // Evicting a terminal pod should result in direct deletion of pod as it already caused disruption by the time we are evicting. - // There is no need to check for pdb. - if !canIgnorePDB(pod) { - // Pod is not in a state where we can skip checking PDBs, exit the loop, and continue to PDB checks. - return nil - } - - // the PDB can be ignored, so delete the pod - deleteOptions := originalDeleteOptions - - // We should check if resourceVersion is already set by the requestor - // as it might be older than the pod we just fetched and should be - // honored. - if shouldEnforceResourceVersion(pod) && resourceVersionIsUnset(originalDeleteOptions) { - // Set deleteOptions.Preconditions.ResourceVersion to ensure we're not - // racing with another PDB-impacting process elsewhere. - deleteOptions = deleteOptions.DeepCopy() - setPreconditionsResourceVersion(deleteOptions, &pod.ResourceVersion) - } - err = addConditionAndDeletePod(r, ctx, eviction.Name, rest.ValidateAllObjectFunc, deleteOptions) - if err != nil { - return err - } - deletedPod = true - return nil - }) - switch { - case err != nil: - // this can happen in cases where the PDB can be ignored, but there was a problem issuing the pod delete: - // maybe we conflicted too many times or we didn't have permission or something else weird. - return nil, err - - case deletedPod: - // this happens when we successfully deleted the pod. In this case, we're done executing because we've evicted/deleted the pod - return &metav1.Status{Status: metav1.StatusSuccess}, nil - - default: - // this happens when we didn't have an error and we didn't delete the pod. The only branch that happens on is when - // we cannot ignored the PDB for this pod, so this is the fall through case. - } - - var rtStatus *metav1.Status - var pdbName string - updateDeletionOptions := false - - err = func() error { - pdbs, err := r.getPodDisruptionBudgets(ctx, pod) - if err != nil { - return err - } - - if len(pdbs) > 1 { - rtStatus = &metav1.Status{ - Status: metav1.StatusFailure, - Message: "This pod has more than one PodDisruptionBudget, which the eviction subresource does not support.", - Code: 500, - } - return nil - } - if len(pdbs) == 0 { - return nil - } - - pdb := &pdbs[0] - pdbName = pdb.Name - - // IsPodReady is the current implementation of IsHealthy - // If the pod is healthy, it should be guarded by the PDB. - if !podutil.IsPodReady(pod) { - if feature.DefaultFeatureGate.Enabled(features.PDBUnhealthyPodEvictionPolicy) { - if pdb.Spec.UnhealthyPodEvictionPolicy != nil && *pdb.Spec.UnhealthyPodEvictionPolicy == policyv1.AlwaysAllow { - // Delete the unhealthy pod, it doesn't count towards currentHealthy and desiredHealthy and we should not decrement disruptionsAllowed. - updateDeletionOptions = true - return nil - } - } - // default nil and IfHealthyBudget policy - if pdb.Status.CurrentHealthy >= pdb.Status.DesiredHealthy && pdb.Status.DesiredHealthy > 0 { - // Delete the unhealthy pod, it doesn't count towards currentHealthy and desiredHealthy and we should not decrement disruptionsAllowed. - // Application guarded by the PDB is not disrupted at the moment and deleting unhealthy (unready) pod will not disrupt it. - updateDeletionOptions = true - return nil - } - // confirm no disruptions allowed in checkAndDecrement - } - - refresh := false - err = retry.RetryOnConflict(EvictionsRetry, func() error { - if refresh { - pdb, err = r.podDisruptionBudgetClient.PodDisruptionBudgets(pod.Namespace).Get(context.TODO(), pdbName, metav1.GetOptions{}) - if err != nil { - return err - } - } - // Try to verify-and-decrement - - // If it was false already, or if it becomes false during the course of our retries, - // raise an error marked as a 429. - if err = r.checkAndDecrement(pod.Namespace, pod.Name, *pdb, dryrun.IsDryRun(originalDeleteOptions.DryRun)); err != nil { - refresh = true - return err - } - return nil - }) - return err - }() - if err == wait.ErrWaitTimeout { - err = errors.NewTimeoutError(fmt.Sprintf("couldn't update PodDisruptionBudget %q due to conflicts", pdbName), 10) - } - if err != nil { - return nil, err - } - - if rtStatus != nil { - return rtStatus, nil - } - - // At this point there was either no PDB or we succeeded in decrementing or - // the pod was unhealthy (unready) and we have enough healthy replicas - - deleteOptions := originalDeleteOptions - - // Set deleteOptions.Preconditions.ResourceVersion to ensure - // the pod hasn't been considered healthy (ready) since we calculated - if updateDeletionOptions { - // Take a copy so we can compare to client-provied Options later. - deleteOptions = deleteOptions.DeepCopy() - setPreconditionsResourceVersion(deleteOptions, &pod.ResourceVersion) - } - - // Try the delete - err = addConditionAndDeletePod(r, ctx, eviction.Name, rest.ValidateAllObjectFunc, deleteOptions) - if err != nil { - if errors.IsConflict(err) && updateDeletionOptions && - (originalDeleteOptions.Preconditions == nil || originalDeleteOptions.Preconditions.ResourceVersion == nil) { - // If we encounter a resource conflict error, we updated the deletion options to include them, - // and the original deletion options did not specify ResourceVersion, we send back - // TooManyRequests so clients will retry. - return nil, createTooManyRequestsError(pdbName) - } - return nil, err - } - - // Success! - return &metav1.Status{Status: metav1.StatusSuccess}, nil -} - -func addConditionAndDeletePod(r *EvictionREST, ctx context.Context, name string, validation rest.ValidateObjectFunc, options *metav1.DeleteOptions) error { - if feature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { - pod, err := getPod(r, ctx, name) - if err != nil { - return err - } - conditionAppender := func(_ context.Context, newObj, _ runtime.Object) (runtime.Object, error) { - podObj := newObj.(*api.Pod) - podutil.UpdatePodCondition(&podObj.Status, &api.PodCondition{ - Type: api.DisruptionTarget, - Status: api.ConditionTrue, - Reason: "EvictionByEvictionAPI", - Message: "Eviction API: evicting", - }) - return podObj, nil - } - - podCopyUpdated := rest.DefaultUpdatedObjectInfo(pod, conditionAppender) - - if _, _, err = r.store.Update(ctx, name, podCopyUpdated, rest.ValidateAllObjectFunc, rest.ValidateAllObjectUpdateFunc, false, &metav1.UpdateOptions{}); err != nil { - return err - } - } - _, _, err := r.store.Delete(ctx, name, rest.ValidateAllObjectFunc, options) - return err -} - -func getPod(r *EvictionREST, ctx context.Context, name string) (*api.Pod, error) { - obj, err := r.store.Get(ctx, name, &metav1.GetOptions{}) - if err != nil { - return nil, err - } - return obj.(*api.Pod), nil -} - -func setPreconditionsResourceVersion(deleteOptions *metav1.DeleteOptions, resourceVersion *string) { - if deleteOptions.Preconditions == nil { - deleteOptions.Preconditions = &metav1.Preconditions{} - } - deleteOptions.Preconditions.ResourceVersion = resourceVersion -} - -// canIgnorePDB returns true for pod conditions that allow the pod to be deleted -// without checking PDBs. -func canIgnorePDB(pod *api.Pod) bool { - if pod.Status.Phase == api.PodSucceeded || pod.Status.Phase == api.PodFailed || - pod.Status.Phase == api.PodPending || !pod.ObjectMeta.DeletionTimestamp.IsZero() { - return true - } - return false -} - -func shouldEnforceResourceVersion(pod *api.Pod) bool { - // We don't need to enforce ResourceVersion for terminal pods - if pod.Status.Phase == api.PodSucceeded || pod.Status.Phase == api.PodFailed || !pod.ObjectMeta.DeletionTimestamp.IsZero() { - return false - } - // Return true for all other pods to ensure we don't race against a pod becoming - // healthy (ready) and violating PDBs. - return true -} - -func resourceVersionIsUnset(options *metav1.DeleteOptions) bool { - return options.Preconditions == nil || options.Preconditions.ResourceVersion == nil -} - -func createTooManyRequestsError(name string) error { - // TODO: Once there are time-based - // budgets, we can sometimes compute a sensible suggested value. But - // even without that, we can give a suggestion (even if small) that - // prevents well-behaved clients from hammering us. - err := errors.NewTooManyRequests("Cannot evict pod as it would violate the pod's disruption budget.", 10) - err.ErrStatus.Details.Causes = append(err.ErrStatus.Details.Causes, metav1.StatusCause{Type: policyv1.DisruptionBudgetCause, Message: fmt.Sprintf("The disruption budget %s is still being processed by the server.", name)}) - return err -} - -// checkAndDecrement checks if the provided PodDisruptionBudget allows any disruption. -func (r *EvictionREST) checkAndDecrement(namespace string, podName string, pdb policyv1.PodDisruptionBudget, dryRun bool) error { - if pdb.Status.ObservedGeneration < pdb.Generation { - - return createTooManyRequestsError(pdb.Name) - } - if pdb.Status.DisruptionsAllowed < 0 { - return errors.NewForbidden(policy.Resource("poddisruptionbudget"), pdb.Name, fmt.Errorf("pdb disruptions allowed is negative")) - } - if len(pdb.Status.DisruptedPods) > MaxDisruptedPodSize { - return errors.NewForbidden(policy.Resource("poddisruptionbudget"), pdb.Name, fmt.Errorf("DisruptedPods map too big - too many evictions not confirmed by PDB controller")) - } - if pdb.Status.DisruptionsAllowed == 0 { - err := errors.NewTooManyRequests("Cannot evict pod as it would violate the pod's disruption budget.", 0) - err.ErrStatus.Details.Causes = append(err.ErrStatus.Details.Causes, metav1.StatusCause{Type: policyv1.DisruptionBudgetCause, Message: fmt.Sprintf("The disruption budget %s needs %d healthy pods and has %d currently", pdb.Name, pdb.Status.DesiredHealthy, pdb.Status.CurrentHealthy)}) - return err - } - - pdb.Status.DisruptionsAllowed-- - if pdb.Status.DisruptionsAllowed == 0 { - pdbhelper.UpdateDisruptionAllowedCondition(&pdb) - } - - // If this is a dry-run, we don't need to go any further than that. - if dryRun == true { - return nil - } - - if pdb.Status.DisruptedPods == nil { - pdb.Status.DisruptedPods = make(map[string]metav1.Time) - } - - // Eviction handler needs to inform the PDB controller that it is about to delete a pod - // so it should not consider it as available in calculations when updating PodDisruptions allowed. - // If the pod is not deleted within a reasonable time limit PDB controller will assume that it won't - // be deleted at all and remove it from DisruptedPod map. - pdb.Status.DisruptedPods[podName] = metav1.Time{Time: time.Now()} - if _, err := r.podDisruptionBudgetClient.PodDisruptionBudgets(namespace).UpdateStatus(context.TODO(), &pdb, metav1.UpdateOptions{}); err != nil { - return err - } - - return nil -} - -// getPodDisruptionBudgets returns any PDBs that match the pod or err if there's an error. -func (r *EvictionREST) getPodDisruptionBudgets(ctx context.Context, pod *api.Pod) ([]policyv1.PodDisruptionBudget, error) { - pdbList, err := r.podDisruptionBudgetClient.PodDisruptionBudgets(pod.Namespace).List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return nil, err - } - - var pdbs []policyv1.PodDisruptionBudget - for _, pdb := range pdbList.Items { - if pdb.Namespace != pod.Namespace { - continue - } - selector, err := metav1.LabelSelectorAsSelector(pdb.Spec.Selector) - if err != nil { - // This object has an invalid selector, it does not match the pod - continue - } - // If a PDB with a nil or empty selector creeps in, it should match nothing, not everything. - if selector.Empty() || !selector.Matches(labels.Set(pod.Labels)) { - continue - } - - pdbs = append(pdbs, pdb) - } - - return pdbs, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go deleted file mode 100644 index 3960918de6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/storage/storage.go +++ /dev/null @@ -1,356 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - "net/http" - "net/url" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage" - storeerr "k8s.io/apiserver/pkg/storage/errors" - "k8s.io/apiserver/pkg/util/dryrun" - utilfeature "k8s.io/apiserver/pkg/util/feature" - policyclient "k8s.io/client-go/kubernetes/typed/policy/v1" - podutil "k8s.io/kubernetes/pkg/api/pod" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/kubelet/client" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - registrypod "k8s.io/kubernetes/pkg/registry/core/pod" - podrest "k8s.io/kubernetes/pkg/registry/core/pod/rest" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// PodStorage includes storage for pods and all sub resources -type PodStorage struct { - Pod *REST - Binding *BindingREST - LegacyBinding *LegacyBindingREST - Eviction *EvictionREST - Status *StatusREST - EphemeralContainers *EphemeralContainersREST - Log *podrest.LogREST - Proxy *podrest.ProxyREST - Exec *podrest.ExecREST - Attach *podrest.AttachREST - PortForward *podrest.PortForwardREST -} - -// REST implements a RESTStorage for pods -type REST struct { - *genericregistry.Store - proxyTransport http.RoundTripper -} - -// NewStorage returns a RESTStorage object that will work against pods. -func NewStorage(optsGetter generic.RESTOptionsGetter, k client.ConnectionInfoGetter, proxyTransport http.RoundTripper, podDisruptionBudgetClient policyclient.PodDisruptionBudgetsGetter) (PodStorage, error) { - - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.Pod{} }, - NewListFunc: func() runtime.Object { return &api.PodList{} }, - PredicateFunc: registrypod.MatchPod, - DefaultQualifiedResource: api.Resource("pods"), - - CreateStrategy: registrypod.Strategy, - UpdateStrategy: registrypod.Strategy, - DeleteStrategy: registrypod.Strategy, - ResetFieldsStrategy: registrypod.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{ - RESTOptions: optsGetter, - AttrFunc: registrypod.GetAttrs, - TriggerFunc: map[string]storage.IndexerFunc{"spec.nodeName": registrypod.NodeNameTriggerFunc}, - Indexers: registrypod.Indexers(), - } - if err := store.CompleteWithOptions(options); err != nil { - return PodStorage{}, err - } - - statusStore := *store - statusStore.UpdateStrategy = registrypod.StatusStrategy - statusStore.ResetFieldsStrategy = registrypod.StatusStrategy - ephemeralContainersStore := *store - ephemeralContainersStore.UpdateStrategy = registrypod.EphemeralContainersStrategy - - bindingREST := &BindingREST{store: store} - return PodStorage{ - Pod: &REST{store, proxyTransport}, - Binding: &BindingREST{store: store}, - LegacyBinding: &LegacyBindingREST{bindingREST}, - Eviction: newEvictionStorage(&statusStore, podDisruptionBudgetClient), - Status: &StatusREST{store: &statusStore}, - EphemeralContainers: &EphemeralContainersREST{store: &ephemeralContainersStore}, - Log: &podrest.LogREST{Store: store, KubeletConn: k}, - Proxy: &podrest.ProxyREST{Store: store, ProxyTransport: proxyTransport}, - Exec: &podrest.ExecREST{Store: store, KubeletConn: k}, - Attach: &podrest.AttachREST{Store: store, KubeletConn: k}, - PortForward: &podrest.PortForwardREST{Store: store, KubeletConn: k}, - }, nil -} - -// Implement Redirector. -var _ = rest.Redirector(&REST{}) - -// ResourceLocation returns a pods location from its HostIP -func (r *REST) ResourceLocation(ctx context.Context, name string) (*url.URL, http.RoundTripper, error) { - return registrypod.ResourceLocation(ctx, r, r.proxyTransport, name) -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"po"} -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// BindingREST implements the REST endpoint for binding pods to nodes when etcd is in use. -type BindingREST struct { - store *genericregistry.Store -} - -// NamespaceScoped fulfill rest.Scoper -func (r *BindingREST) NamespaceScoped() bool { - return r.store.NamespaceScoped() -} - -// New creates a new binding resource -func (r *BindingREST) New() runtime.Object { - return &api.Binding{} -} - -// Destroy cleans up resources on shutdown. -func (r *BindingREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -var _ = rest.NamedCreater(&BindingREST{}) - -// Create ensures a pod is bound to a specific host. -func (r *BindingREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (out runtime.Object, err error) { - binding, ok := obj.(*api.Binding) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("not a Binding object: %#v", obj)) - } - - if name != binding.Name { - return nil, errors.NewBadRequest("name in URL does not match name in Binding object") - } - - // TODO: move me to a binding strategy - if errs := validation.ValidatePodBinding(binding); len(errs) != 0 { - return nil, errs.ToAggregate() - } - - if createValidation != nil { - if err := createValidation(ctx, binding.DeepCopyObject()); err != nil { - return nil, err - } - } - - err = r.assignPod(ctx, binding.UID, binding.ResourceVersion, binding.Name, binding.Target.Name, binding.Annotations, dryrun.IsDryRun(options.DryRun)) - out = &metav1.Status{Status: metav1.StatusSuccess} - return -} - -// setPodHostAndAnnotations sets the given pod's host to 'machine' if and only if -// the pod is unassigned and merges the provided annotations with those of the pod. -// Returns the current state of the pod, or an error. -func (r *BindingREST) setPodHostAndAnnotations(ctx context.Context, podUID types.UID, podResourceVersion, podID, machine string, annotations map[string]string, dryRun bool) (finalPod *api.Pod, err error) { - podKey, err := r.store.KeyFunc(ctx, podID) - if err != nil { - return nil, err - } - - var preconditions *storage.Preconditions - if podUID != "" || podResourceVersion != "" { - preconditions = &storage.Preconditions{} - if podUID != "" { - preconditions.UID = &podUID - } - if podResourceVersion != "" { - preconditions.ResourceVersion = &podResourceVersion - } - } - - err = r.store.Storage.GuaranteedUpdate(ctx, podKey, &api.Pod{}, false, preconditions, storage.SimpleUpdate(func(obj runtime.Object) (runtime.Object, error) { - pod, ok := obj.(*api.Pod) - if !ok { - return nil, fmt.Errorf("unexpected object: %#v", obj) - } - if pod.DeletionTimestamp != nil { - return nil, fmt.Errorf("pod %s is being deleted, cannot be assigned to a host", pod.Name) - } - if pod.Spec.NodeName != "" { - return nil, fmt.Errorf("pod %v is already assigned to node %q", pod.Name, pod.Spec.NodeName) - } - // Reject binding to a scheduling un-ready Pod. - if utilfeature.DefaultFeatureGate.Enabled(features.PodSchedulingReadiness) && len(pod.Spec.SchedulingGates) != 0 { - return nil, fmt.Errorf("pod %v has non-empty .spec.schedulingGates", pod.Name) - } - pod.Spec.NodeName = machine - if pod.Annotations == nil { - pod.Annotations = make(map[string]string) - } - for k, v := range annotations { - pod.Annotations[k] = v - } - podutil.UpdatePodCondition(&pod.Status, &api.PodCondition{ - Type: api.PodScheduled, - Status: api.ConditionTrue, - }) - finalPod = pod - return pod, nil - }), dryRun, nil) - return finalPod, err -} - -// assignPod assigns the given pod to the given machine. -func (r *BindingREST) assignPod(ctx context.Context, podUID types.UID, podResourceVersion, podID string, machine string, annotations map[string]string, dryRun bool) (err error) { - if _, err = r.setPodHostAndAnnotations(ctx, podUID, podResourceVersion, podID, machine, annotations, dryRun); err != nil { - err = storeerr.InterpretGetError(err, api.Resource("pods"), podID) - err = storeerr.InterpretUpdateError(err, api.Resource("pods"), podID) - if _, ok := err.(*errors.StatusError); !ok { - err = errors.NewConflict(api.Resource("pods/binding"), podID, err) - } - } - return -} - -var _ = rest.Creater(&LegacyBindingREST{}) - -// LegacyBindingREST implements the REST endpoint for binding pods to nodes when etcd is in use. -type LegacyBindingREST struct { - bindingRest *BindingREST -} - -// NamespaceScoped fulfill rest.Scoper -func (r *LegacyBindingREST) NamespaceScoped() bool { - return r.bindingRest.NamespaceScoped() -} - -// New creates a new binding resource -func (r *LegacyBindingREST) New() runtime.Object { - return r.bindingRest.New() -} - -// Destroy cleans up resources on shutdown. -func (r *LegacyBindingREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Create ensures a pod is bound to a specific host. -func (r *LegacyBindingREST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (out runtime.Object, err error) { - metadata, err := meta.Accessor(obj) - if err != nil { - return nil, errors.NewBadRequest(fmt.Sprintf("not a Binding object: %T", obj)) - } - return r.bindingRest.Create(ctx, metadata.GetName(), obj, createValidation, options) -} - -// StatusREST implements the REST endpoint for changing the status of a pod. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new pod resource -func (r *StatusREST) New() runtime.Object { - return &api.Pod{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -// EphemeralContainersREST implements the REST endpoint for adding EphemeralContainers -type EphemeralContainersREST struct { - store *genericregistry.Store -} - -var _ = rest.Patcher(&EphemeralContainersREST{}) - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *EphemeralContainersREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// New creates a new pod resource -func (r *EphemeralContainersREST) New() runtime.Object { - return &api.Pod{} -} - -// Destroy cleans up resources on shutdown. -func (r *EphemeralContainersREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Update alters the EphemeralContainers field in PodSpec -func (r *EphemeralContainersREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/strategy.go deleted file mode 100644 index 4021b4eb4f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/pod/strategy.go +++ /dev/null @@ -1,752 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package pod - -import ( - "context" - "fmt" - "net" - "net/http" - "net/url" - "strconv" - "strings" - "time" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/client-go/tools/cache" - "k8s.io/kubernetes/pkg/api/legacyscheme" - podutil "k8s.io/kubernetes/pkg/api/pod" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper/qos" - "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/kubelet/client" - proxyutil "k8s.io/kubernetes/pkg/proxy/util" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// podStrategy implements behavior for Pods -type podStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Pod -// objects via the REST API. -var Strategy = podStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is true for pods. -func (podStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (podStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (podStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - pod := obj.(*api.Pod) - pod.Status = api.PodStatus{ - Phase: api.PodPending, - QOSClass: qos.GetPodQOS(pod), - } - - podutil.DropDisabledPodFields(pod, nil) - - applySeccompVersionSkew(pod) - applyWaitingForSchedulingGatesCondition(pod) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (podStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPod := obj.(*api.Pod) - oldPod := old.(*api.Pod) - newPod.Status = oldPod.Status - - podutil.DropDisabledPodFields(newPod, oldPod) -} - -// Validate validates a new pod. -func (podStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - pod := obj.(*api.Pod) - opts := podutil.GetValidationOptionsFromPodSpecAndMeta(&pod.Spec, nil, &pod.ObjectMeta, nil) - return validation.ValidatePodCreate(pod, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (podStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return podutil.GetWarningsForPod(ctx, obj.(*api.Pod), nil) -} - -// Canonicalize normalizes the object after validation. -func (podStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for pods. -func (podStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (podStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - // Allow downward api usage of hugepages on pod update if feature is enabled or if the old pod already had used them. - pod := obj.(*api.Pod) - oldPod := old.(*api.Pod) - opts := podutil.GetValidationOptionsFromPodSpecAndMeta(&pod.Spec, &oldPod.Spec, &pod.ObjectMeta, &oldPod.ObjectMeta) - return validation.ValidatePodUpdate(obj.(*api.Pod), old.(*api.Pod), opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (podStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - // skip warnings on pod update, since humans don't typically interact directly with pods, - // and we don't want to pay the evaluation cost on what might be a high-frequency update path - return nil -} - -// AllowUnconditionalUpdate allows pods to be overwritten -func (podStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// CheckGracefulDelete allows a pod to be gracefully deleted. It updates the DeleteOptions to -// reflect the desired grace value. -func (podStrategy) CheckGracefulDelete(ctx context.Context, obj runtime.Object, options *metav1.DeleteOptions) bool { - if options == nil { - return false - } - pod := obj.(*api.Pod) - period := int64(0) - // user has specified a value - if options.GracePeriodSeconds != nil { - period = *options.GracePeriodSeconds - } else { - // use the default value if set, or deletes the pod immediately (0) - if pod.Spec.TerminationGracePeriodSeconds != nil { - period = *pod.Spec.TerminationGracePeriodSeconds - } - } - // if the pod is not scheduled, delete immediately - if len(pod.Spec.NodeName) == 0 { - period = 0 - } - // if the pod is already terminated, delete immediately - if pod.Status.Phase == api.PodFailed || pod.Status.Phase == api.PodSucceeded { - period = 0 - } - - if period < 0 { - period = 1 - } - - // ensure the options and the pod are in sync - options.GracePeriodSeconds = &period - return true -} - -type podStatusStrategy struct { - podStrategy -} - -// StatusStrategy wraps and exports the used podStrategy for the storage package. -var StatusStrategy = podStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (podStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("metadata", "deletionTimestamp"), - fieldpath.MakePathOrDie("metadata", "ownerReferences"), - ), - } -} - -func (podStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPod := obj.(*api.Pod) - oldPod := old.(*api.Pod) - newPod.Spec = oldPod.Spec - newPod.DeletionTimestamp = nil - - // don't allow the pods/status endpoint to touch owner references since old kubelets corrupt them in a way - // that breaks garbage collection - newPod.OwnerReferences = oldPod.OwnerReferences -} - -func (podStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - pod := obj.(*api.Pod) - oldPod := old.(*api.Pod) - opts := podutil.GetValidationOptionsFromPodSpecAndMeta(&pod.Spec, &oldPod.Spec, &pod.ObjectMeta, &oldPod.ObjectMeta) - - return validation.ValidatePodStatusUpdate(obj.(*api.Pod), old.(*api.Pod), opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (podStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -type podEphemeralContainersStrategy struct { - podStrategy -} - -// EphemeralContainersStrategy wraps and exports the used podStrategy for the storage package. -var EphemeralContainersStrategy = podEphemeralContainersStrategy{Strategy} - -// dropNonEphemeralContainerUpdates discards all changes except for pod.Spec.EphemeralContainers and certain metadata -func dropNonEphemeralContainerUpdates(newPod, oldPod *api.Pod) *api.Pod { - pod := oldPod.DeepCopy() - pod.Name = newPod.Name - pod.Namespace = newPod.Namespace - pod.ResourceVersion = newPod.ResourceVersion - pod.UID = newPod.UID - pod.Spec.EphemeralContainers = newPod.Spec.EphemeralContainers - return pod -} - -func (podEphemeralContainersStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPod := obj.(*api.Pod) - oldPod := old.(*api.Pod) - - *newPod = *dropNonEphemeralContainerUpdates(newPod, oldPod) - podutil.DropDisabledPodFields(newPod, oldPod) -} - -func (podEphemeralContainersStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newPod := obj.(*api.Pod) - oldPod := old.(*api.Pod) - opts := podutil.GetValidationOptionsFromPodSpecAndMeta(&newPod.Spec, &oldPod.Spec, &newPod.ObjectMeta, &oldPod.ObjectMeta) - return validation.ValidatePodEphemeralContainersUpdate(newPod, oldPod, opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (podEphemeralContainersStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - pod, ok := obj.(*api.Pod) - if !ok { - return nil, nil, fmt.Errorf("not a pod") - } - return labels.Set(pod.ObjectMeta.Labels), ToSelectableFields(pod), nil -} - -// MatchPod returns a generic matcher for a given label and field selector. -func MatchPod(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - IndexFields: []string{"spec.nodeName"}, - } -} - -// NodeNameTriggerFunc returns value spec.nodename of given object. -func NodeNameTriggerFunc(obj runtime.Object) string { - return obj.(*api.Pod).Spec.NodeName -} - -// NodeNameIndexFunc return value spec.nodename of given object. -func NodeNameIndexFunc(obj interface{}) ([]string, error) { - pod, ok := obj.(*api.Pod) - if !ok { - return nil, fmt.Errorf("not a pod") - } - return []string{pod.Spec.NodeName}, nil -} - -// Indexers returns the indexers for pod storage. -func Indexers() *cache.Indexers { - return &cache.Indexers{ - storage.FieldIndex("spec.nodeName"): NodeNameIndexFunc, - } -} - -// ToSelectableFields returns a field set that represents the object -// TODO: fields are not labels, and the validation rules for them do not apply. -func ToSelectableFields(pod *api.Pod) fields.Set { - // The purpose of allocation with a given number of elements is to reduce - // amount of allocations needed to create the fields.Set. If you add any - // field here or the number of object-meta related fields changes, this should - // be adjusted. - podSpecificFieldsSet := make(fields.Set, 9) - podSpecificFieldsSet["spec.nodeName"] = pod.Spec.NodeName - podSpecificFieldsSet["spec.restartPolicy"] = string(pod.Spec.RestartPolicy) - podSpecificFieldsSet["spec.schedulerName"] = string(pod.Spec.SchedulerName) - podSpecificFieldsSet["spec.serviceAccountName"] = string(pod.Spec.ServiceAccountName) - podSpecificFieldsSet["status.phase"] = string(pod.Status.Phase) - // TODO: add podIPs as a downward API value(s) with proper format - podIP := "" - if len(pod.Status.PodIPs) > 0 { - podIP = string(pod.Status.PodIPs[0].IP) - } - podSpecificFieldsSet["status.podIP"] = podIP - podSpecificFieldsSet["status.nominatedNodeName"] = string(pod.Status.NominatedNodeName) - return generic.AddObjectMetaFieldsSet(podSpecificFieldsSet, &pod.ObjectMeta, true) -} - -// ResourceGetter is an interface for retrieving resources by ResourceLocation. -type ResourceGetter interface { - Get(context.Context, string, *metav1.GetOptions) (runtime.Object, error) -} - -func getPod(ctx context.Context, getter ResourceGetter, name string) (*api.Pod, error) { - obj, err := getter.Get(ctx, name, &metav1.GetOptions{}) - if err != nil { - return nil, err - } - pod := obj.(*api.Pod) - if pod == nil { - return nil, fmt.Errorf("Unexpected object type: %#v", pod) - } - return pod, nil -} - -// getPodIP returns primary IP for a Pod -func getPodIP(pod *api.Pod) string { - if pod == nil { - return "" - } - if len(pod.Status.PodIPs) > 0 { - return pod.Status.PodIPs[0].IP - } - - return "" -} - -// ResourceLocation returns a URL to which one can send traffic for the specified pod. -func ResourceLocation(ctx context.Context, getter ResourceGetter, rt http.RoundTripper, id string) (*url.URL, http.RoundTripper, error) { - // Allow ID as "podname" or "podname:port" or "scheme:podname:port". - // If port is not specified, try to use the first defined port on the pod. - scheme, name, port, valid := utilnet.SplitSchemeNamePort(id) - if !valid { - return nil, nil, errors.NewBadRequest(fmt.Sprintf("invalid pod request %q", id)) - } - - pod, err := getPod(ctx, getter, name) - if err != nil { - return nil, nil, err - } - - // Try to figure out a port. - if port == "" { - for i := range pod.Spec.Containers { - if len(pod.Spec.Containers[i].Ports) > 0 { - port = fmt.Sprintf("%d", pod.Spec.Containers[i].Ports[0].ContainerPort) - break - } - } - } - podIP := getPodIP(pod) - if err := proxyutil.IsProxyableIP(podIP); err != nil { - return nil, nil, errors.NewBadRequest(err.Error()) - } - - loc := &url.URL{ - Scheme: scheme, - } - if port == "" { - // when using an ipv6 IP as a hostname in a URL, it must be wrapped in [...] - // net.JoinHostPort does this for you. - if strings.Contains(podIP, ":") { - loc.Host = "[" + podIP + "]" - } else { - loc.Host = podIP - } - } else { - loc.Host = net.JoinHostPort(podIP, port) - } - return loc, rt, nil -} - -// LogLocation returns the log URL for a pod container. If opts.Container is blank -// and only one container is present in the pod, that container is used. -func LogLocation( - ctx context.Context, getter ResourceGetter, - connInfo client.ConnectionInfoGetter, - name string, - opts *api.PodLogOptions, -) (*url.URL, http.RoundTripper, error) { - pod, err := getPod(ctx, getter, name) - if err != nil { - return nil, nil, err - } - - // Try to figure out a container - // If a container was provided, it must be valid - container := opts.Container - container, err = validateContainer(container, pod) - if err != nil { - return nil, nil, err - } - nodeName := types.NodeName(pod.Spec.NodeName) - if len(nodeName) == 0 { - // If pod has not been assigned a host, return an empty location - return nil, nil, nil - } - nodeInfo, err := connInfo.GetConnectionInfo(ctx, nodeName) - if err != nil { - return nil, nil, err - } - params := url.Values{} - if opts.Follow { - params.Add("follow", "true") - } - if opts.Previous { - params.Add("previous", "true") - } - if opts.Timestamps { - params.Add("timestamps", "true") - } - if opts.SinceSeconds != nil { - params.Add("sinceSeconds", strconv.FormatInt(*opts.SinceSeconds, 10)) - } - if opts.SinceTime != nil { - params.Add("sinceTime", opts.SinceTime.Format(time.RFC3339)) - } - if opts.TailLines != nil { - params.Add("tailLines", strconv.FormatInt(*opts.TailLines, 10)) - } - if opts.LimitBytes != nil { - params.Add("limitBytes", strconv.FormatInt(*opts.LimitBytes, 10)) - } - loc := &url.URL{ - Scheme: nodeInfo.Scheme, - Host: net.JoinHostPort(nodeInfo.Hostname, nodeInfo.Port), - Path: fmt.Sprintf("/containerLogs/%s/%s/%s", pod.Namespace, pod.Name, container), - RawQuery: params.Encode(), - } - - if opts.InsecureSkipTLSVerifyBackend { - return loc, nodeInfo.InsecureSkipTLSVerifyTransport, nil - } - return loc, nodeInfo.Transport, nil -} - -func podHasContainerWithName(pod *api.Pod, containerName string) bool { - var hasContainer bool - podutil.VisitContainers(&pod.Spec, podutil.AllFeatureEnabledContainers(), func(c *api.Container, containerType podutil.ContainerType) bool { - if c.Name == containerName { - hasContainer = true - return false - } - return true - }) - return hasContainer -} - -func streamParams(params url.Values, opts runtime.Object) error { - switch opts := opts.(type) { - case *api.PodExecOptions: - if opts.Stdin { - params.Add(api.ExecStdinParam, "1") - } - if opts.Stdout { - params.Add(api.ExecStdoutParam, "1") - } - if opts.Stderr { - params.Add(api.ExecStderrParam, "1") - } - if opts.TTY { - params.Add(api.ExecTTYParam, "1") - } - for _, c := range opts.Command { - params.Add("command", c) - } - case *api.PodAttachOptions: - if opts.Stdin { - params.Add(api.ExecStdinParam, "1") - } - if opts.Stdout { - params.Add(api.ExecStdoutParam, "1") - } - if opts.Stderr { - params.Add(api.ExecStderrParam, "1") - } - if opts.TTY { - params.Add(api.ExecTTYParam, "1") - } - case *api.PodPortForwardOptions: - if len(opts.Ports) > 0 { - ports := make([]string, len(opts.Ports)) - for i, p := range opts.Ports { - ports[i] = strconv.FormatInt(int64(p), 10) - } - params.Add(api.PortHeader, strings.Join(ports, ",")) - } - default: - return fmt.Errorf("Unknown object for streaming: %v", opts) - } - return nil -} - -// AttachLocation returns the attach URL for a pod container. If opts.Container is blank -// and only one container is present in the pod, that container is used. -func AttachLocation( - ctx context.Context, - getter ResourceGetter, - connInfo client.ConnectionInfoGetter, - name string, - opts *api.PodAttachOptions, -) (*url.URL, http.RoundTripper, error) { - return streamLocation(ctx, getter, connInfo, name, opts, opts.Container, "attach") -} - -// ExecLocation returns the exec URL for a pod container. If opts.Container is blank -// and only one container is present in the pod, that container is used. -func ExecLocation( - ctx context.Context, - getter ResourceGetter, - connInfo client.ConnectionInfoGetter, - name string, - opts *api.PodExecOptions, -) (*url.URL, http.RoundTripper, error) { - return streamLocation(ctx, getter, connInfo, name, opts, opts.Container, "exec") -} - -func streamLocation( - ctx context.Context, - getter ResourceGetter, - connInfo client.ConnectionInfoGetter, - name string, - opts runtime.Object, - container, - path string, -) (*url.URL, http.RoundTripper, error) { - pod, err := getPod(ctx, getter, name) - if err != nil { - return nil, nil, err - } - - // Try to figure out a container - // If a container was provided, it must be valid - container, err = validateContainer(container, pod) - if err != nil { - return nil, nil, err - } - - nodeName := types.NodeName(pod.Spec.NodeName) - if len(nodeName) == 0 { - // If pod has not been assigned a host, return an empty location - return nil, nil, errors.NewBadRequest(fmt.Sprintf("pod %s does not have a host assigned", name)) - } - nodeInfo, err := connInfo.GetConnectionInfo(ctx, nodeName) - if err != nil { - return nil, nil, err - } - params := url.Values{} - if err := streamParams(params, opts); err != nil { - return nil, nil, err - } - loc := &url.URL{ - Scheme: nodeInfo.Scheme, - Host: net.JoinHostPort(nodeInfo.Hostname, nodeInfo.Port), - Path: fmt.Sprintf("/%s/%s/%s/%s", path, pod.Namespace, pod.Name, container), - RawQuery: params.Encode(), - } - return loc, nodeInfo.Transport, nil -} - -// PortForwardLocation returns the port-forward URL for a pod. -func PortForwardLocation( - ctx context.Context, - getter ResourceGetter, - connInfo client.ConnectionInfoGetter, - name string, - opts *api.PodPortForwardOptions, -) (*url.URL, http.RoundTripper, error) { - pod, err := getPod(ctx, getter, name) - if err != nil { - return nil, nil, err - } - - nodeName := types.NodeName(pod.Spec.NodeName) - if len(nodeName) == 0 { - // If pod has not been assigned a host, return an empty location - return nil, nil, errors.NewBadRequest(fmt.Sprintf("pod %s does not have a host assigned", name)) - } - nodeInfo, err := connInfo.GetConnectionInfo(ctx, nodeName) - if err != nil { - return nil, nil, err - } - params := url.Values{} - if err := streamParams(params, opts); err != nil { - return nil, nil, err - } - loc := &url.URL{ - Scheme: nodeInfo.Scheme, - Host: net.JoinHostPort(nodeInfo.Hostname, nodeInfo.Port), - Path: fmt.Sprintf("/portForward/%s/%s", pod.Namespace, pod.Name), - RawQuery: params.Encode(), - } - return loc, nodeInfo.Transport, nil -} - -// validateContainer validate container is valid for pod, return valid container -func validateContainer(container string, pod *api.Pod) (string, error) { - if len(container) == 0 { - switch len(pod.Spec.Containers) { - case 1: - container = pod.Spec.Containers[0].Name - case 0: - return "", errors.NewBadRequest(fmt.Sprintf("a container name must be specified for pod %s", pod.Name)) - default: - var containerNames []string - podutil.VisitContainers(&pod.Spec, podutil.AllFeatureEnabledContainers(), func(c *api.Container, containerType podutil.ContainerType) bool { - containerNames = append(containerNames, c.Name) - return true - }) - errStr := fmt.Sprintf("a container name must be specified for pod %s, choose one of: %s", pod.Name, containerNames) - return "", errors.NewBadRequest(errStr) - } - } else { - if !podHasContainerWithName(pod, container) { - return "", errors.NewBadRequest(fmt.Sprintf("container %s is not valid for pod %s", container, pod.Name)) - } - } - - return container, nil -} - -// applyWaitingForSchedulingGatesCondition adds a {type:PodScheduled, reason:WaitingForGates} condition -// to a new-created Pod if necessary. -func applyWaitingForSchedulingGatesCondition(pod *api.Pod) { - if !utilfeature.DefaultFeatureGate.Enabled(features.PodSchedulingReadiness) || - len(pod.Spec.SchedulingGates) == 0 { - return - } - - // If found a condition with type PodScheduled, return. - for _, condition := range pod.Status.Conditions { - if condition.Type == api.PodScheduled { - return - } - } - - pod.Status.Conditions = append(pod.Status.Conditions, api.PodCondition{ - Type: api.PodScheduled, - Status: api.ConditionFalse, - Reason: api.PodReasonSchedulingGated, - Message: "Scheduling is blocked due to non-empty scheduling gates", - }) -} - -// applySeccompVersionSkew implements the version skew behavior described in: -// https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/135-seccomp#version-skew-strategy -// Note that we dropped copying the field to annotation synchronization in -// v1.25 with the functional removal of the annotations. -func applySeccompVersionSkew(pod *api.Pod) { - // get possible annotation and field - annotation, hasAnnotation := pod.Annotations[v1.SeccompPodAnnotationKey] - hasField := false - - if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.SeccompProfile != nil { - hasField = true - } - - // sync field and annotation - if hasAnnotation && !hasField { - newField := seccompFieldForAnnotation(annotation) - - if newField != nil { - if pod.Spec.SecurityContext == nil { - pod.Spec.SecurityContext = &api.PodSecurityContext{} - } - pod.Spec.SecurityContext.SeccompProfile = newField - } - } - - // Handle the containers of the pod - podutil.VisitContainers(&pod.Spec, podutil.AllFeatureEnabledContainers(), - func(ctr *api.Container, _ podutil.ContainerType) bool { - // get possible annotation and field - key := api.SeccompContainerAnnotationKeyPrefix + ctr.Name - annotation, hasAnnotation := pod.Annotations[key] - - hasField := false - if ctr.SecurityContext != nil && ctr.SecurityContext.SeccompProfile != nil { - hasField = true - } - - // sync field and annotation - if hasAnnotation && !hasField { - newField := seccompFieldForAnnotation(annotation) - - if newField != nil { - if ctr.SecurityContext == nil { - ctr.SecurityContext = &api.SecurityContext{} - } - ctr.SecurityContext.SeccompProfile = newField - } - } - - return true - }) -} - -// seccompFieldForAnnotation takes a pod annotation and returns the converted -// seccomp profile field. -func seccompFieldForAnnotation(annotation string) *api.SeccompProfile { - // If only seccomp annotations are specified, copy the values into the - // corresponding fields. This ensures that existing applications continue - // to enforce seccomp, and prevents the kubelet from needing to resolve - // annotations & fields. - if annotation == v1.SeccompProfileNameUnconfined { - return &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined} - } - - if annotation == api.SeccompProfileRuntimeDefault || annotation == api.DeprecatedSeccompProfileDockerDefault { - return &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault} - } - - if strings.HasPrefix(annotation, v1.SeccompLocalhostProfileNamePrefix) { - localhostProfile := strings.TrimPrefix(annotation, v1.SeccompLocalhostProfileNamePrefix) - if localhostProfile != "" { - return &api.SeccompProfile{ - Type: api.SeccompProfileTypeLocalhost, - LocalhostProfile: &localhostProfile, - } - } - } - - // we can only reach this code path if the localhostProfile name has a zero - // length or if the annotation has an unrecognized value - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/doc.go deleted file mode 100644 index c0c2939d07..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package podtemplate provides RESTStorage implementations for storing PodTemplate API objects. -package podtemplate // import "k8s.io/kubernetes/pkg/registry/core/podtemplate" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/storage/storage.go deleted file mode 100644 index d7dca23868..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/storage/storage.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/podtemplate" -) - -// REST implements a RESTStorage for pod templates. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against pod templates. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.PodTemplate{} }, - NewListFunc: func() runtime.Object { return &api.PodTemplateList{} }, - DefaultQualifiedResource: api.Resource("podtemplates"), - - CreateStrategy: podtemplate.Strategy, - UpdateStrategy: podtemplate.Strategy, - DeleteStrategy: podtemplate.Strategy, - - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/strategy.go deleted file mode 100644 index 24cdb6438a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/podtemplate/strategy.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podtemplate - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/api/pod" - api "k8s.io/kubernetes/pkg/apis/core" - corevalidation "k8s.io/kubernetes/pkg/apis/core/validation" -) - -// podTemplateStrategy implements behavior for PodTemplates -type podTemplateStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating PodTemplate -// objects via the REST API. -var Strategy = podTemplateStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is true for pod templates. -func (podTemplateStrategy) NamespaceScoped() bool { - return true -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (podTemplateStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - template := obj.(*api.PodTemplate) - template.Generation = 1 - pod.DropDisabledTemplateFields(&template.Template, nil) -} - -// Validate validates a new pod template. -func (podTemplateStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - template := obj.(*api.PodTemplate) - opts := pod.GetValidationOptionsFromPodTemplate(&template.Template, nil) - return corevalidation.ValidatePodTemplate(template, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (podTemplateStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newPodTemplate := obj.(*api.PodTemplate) - return pod.GetWarningsForPodTemplate(ctx, field.NewPath("template"), &newPodTemplate.Template, nil) -} - -// Canonicalize normalizes the object after validation. -func (podTemplateStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for pod templates. -func (podTemplateStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (podTemplateStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newTemplate := obj.(*api.PodTemplate) - oldTemplate := old.(*api.PodTemplate) - - pod.DropDisabledTemplateFields(&newTemplate.Template, &oldTemplate.Template) - - // Any changes to the template increment the generation number. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(newTemplate.Template, oldTemplate.Template) { - newTemplate.Generation = oldTemplate.Generation + 1 - } - -} - -// ValidateUpdate is the default update validation for an end user. -func (podTemplateStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - template := obj.(*api.PodTemplate) - oldTemplate := old.(*api.PodTemplate) - - // Allow downward api usage of hugepages on pod update if feature is enabled or if the old pod already had used them. - opts := pod.GetValidationOptionsFromPodTemplate(&template.Template, &oldTemplate.Template) - return corevalidation.ValidatePodTemplateUpdate(template, oldTemplate, opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (podTemplateStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - newTemplate := obj.(*api.PodTemplate) - oldTemplate := old.(*api.PodTemplate) - if newTemplate.Generation != oldTemplate.Generation { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("template"), &newTemplate.Template, &oldTemplate.Template) - } - return warnings -} - -func (podTemplateStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rangeallocation/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rangeallocation/doc.go deleted file mode 100644 index fad697557e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rangeallocation/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package rangeallocation provides the Registry interface for storing RangeAllocation -// api objects. -package rangeallocation diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rangeallocation/registry.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rangeallocation/registry.go deleted file mode 100644 index d67b52f86f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rangeallocation/registry.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rangeallocation - -import ( - api "k8s.io/kubernetes/pkg/apis/core" -) - -// RangeRegistry is a registry that can retrieve or persist a RangeAllocation object. -type RangeRegistry interface { - // Get returns the latest allocation, an empty object if no allocation has been made, - // or an error if the allocation could not be retrieved. - Get() (*api.RangeAllocation, error) - // CreateOrUpdate should create or update the provide allocation, unless a conflict - // has occurred since the item was last created. - CreateOrUpdate(*api.RangeAllocation) error -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/doc.go deleted file mode 100644 index c9d419a25e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package replicationcontroller provides Registry interface and it's RESTStorage -// implementation for storing ReplicationController api objects. -package replicationcontroller // import "k8s.io/kubernetes/pkg/registry/core/replicationcontroller" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/storage/storage.go deleted file mode 100644 index 39a59f4a73..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/storage/storage.go +++ /dev/null @@ -1,337 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// If you make changes to this file, you should also make the corresponding change in ReplicaSet. - -package storage - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/apis/autoscaling" - autoscalingv1 "k8s.io/kubernetes/pkg/apis/autoscaling/v1" - "k8s.io/kubernetes/pkg/apis/autoscaling/validation" - api "k8s.io/kubernetes/pkg/apis/core" - extensionsv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/replicationcontroller" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// ControllerStorage includes dummy storage for Replication Controllers and for Scale subresource. -type ControllerStorage struct { - Controller *REST - Status *StatusREST - Scale *ScaleREST -} - -// ReplicasPathMappings returns the mappings between each group version and a replicas path -func ReplicasPathMappings() fieldmanager.ResourcePathMappings { - return replicasPathInReplicationController -} - -// maps a group version to the replicas path in a deployment object -var replicasPathInReplicationController = fieldmanager.ResourcePathMappings{ - schema.GroupVersion{Group: "", Version: "v1"}.String(): fieldpath.MakePathOrDie("spec", "replicas"), -} - -func NewStorage(optsGetter generic.RESTOptionsGetter) (ControllerStorage, error) { - controllerREST, statusREST, err := NewREST(optsGetter) - if err != nil { - return ControllerStorage{}, err - } - - return ControllerStorage{ - Controller: controllerREST, - Status: statusREST, - Scale: &ScaleREST{store: controllerREST.Store}, - }, nil -} - -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against replication controllers. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.ReplicationController{} }, - NewListFunc: func() runtime.Object { return &api.ReplicationControllerList{} }, - PredicateFunc: replicationcontroller.MatchController, - DefaultQualifiedResource: api.Resource("replicationcontrollers"), - - CreateStrategy: replicationcontroller.Strategy, - UpdateStrategy: replicationcontroller.Strategy, - DeleteStrategy: replicationcontroller.Strategy, - ResetFieldsStrategy: replicationcontroller.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: replicationcontroller.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = replicationcontroller.StatusStrategy - statusStore.ResetFieldsStrategy = replicationcontroller.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"rc"} -} - -// Implement CategoriesProvider -var _ rest.CategoriesProvider = &REST{} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// StatusREST implements the REST endpoint for changing the status of a replication controller -type StatusREST struct { - store *genericregistry.Store -} - -func (r *StatusREST) New() runtime.Object { - return &api.ReplicationController{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -type ScaleREST struct { - store *genericregistry.Store -} - -// ScaleREST implements Patcher -var _ = rest.Patcher(&ScaleREST{}) -var _ = rest.GroupVersionKindProvider(&ScaleREST{}) - -func (r *ScaleREST) GroupVersionKind(containingGV schema.GroupVersion) schema.GroupVersionKind { - switch containingGV { - case extensionsv1beta1.SchemeGroupVersion: - return extensionsv1beta1.SchemeGroupVersion.WithKind("Scale") - default: - return autoscalingv1.SchemeGroupVersion.WithKind("Scale") - } -} - -// New creates a new Scale object -func (r *ScaleREST) New() runtime.Object { - return &autoscaling.Scale{} -} - -// Destroy cleans up resources on shutdown. -func (r *ScaleREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -func (r *ScaleREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - obj, err := r.store.Get(ctx, name, options) - if err != nil { - return nil, errors.NewNotFound(autoscaling.Resource("replicationcontrollers/scale"), name) - } - rc := obj.(*api.ReplicationController) - return scaleFromRC(rc), nil -} - -func (r *ScaleREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - obj, _, err := r.store.Update( - ctx, - name, - &scaleUpdatedObjectInfo{name, objInfo}, - toScaleCreateValidation(createValidation), - toScaleUpdateValidation(updateValidation), - false, - options, - ) - if err != nil { - return nil, false, err - } - rc := obj.(*api.ReplicationController) - return scaleFromRC(rc), false, nil -} - -func (r *ScaleREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -func toScaleCreateValidation(f rest.ValidateObjectFunc) rest.ValidateObjectFunc { - return func(ctx context.Context, obj runtime.Object) error { - return f(ctx, scaleFromRC(obj.(*api.ReplicationController))) - } -} - -func toScaleUpdateValidation(f rest.ValidateObjectUpdateFunc) rest.ValidateObjectUpdateFunc { - return func(ctx context.Context, obj, old runtime.Object) error { - return f( - ctx, - scaleFromRC(obj.(*api.ReplicationController)), - scaleFromRC(old.(*api.ReplicationController)), - ) - } -} - -// scaleFromRC returns a scale subresource for a replication controller. -func scaleFromRC(rc *api.ReplicationController) *autoscaling.Scale { - return &autoscaling.Scale{ - ObjectMeta: metav1.ObjectMeta{ - Name: rc.Name, - Namespace: rc.Namespace, - UID: rc.UID, - ResourceVersion: rc.ResourceVersion, - CreationTimestamp: rc.CreationTimestamp, - }, - Spec: autoscaling.ScaleSpec{ - Replicas: rc.Spec.Replicas, - }, - Status: autoscaling.ScaleStatus{ - Replicas: rc.Status.Replicas, - Selector: labels.SelectorFromSet(rc.Spec.Selector).String(), - }, - } -} - -// scaleUpdatedObjectInfo transforms existing replication controller -> existing scale -> new scale -> new replication controller -type scaleUpdatedObjectInfo struct { - name string - reqObjInfo rest.UpdatedObjectInfo -} - -func (i *scaleUpdatedObjectInfo) Preconditions() *metav1.Preconditions { - return i.reqObjInfo.Preconditions() -} - -func (i *scaleUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj runtime.Object) (runtime.Object, error) { - replicationcontroller, ok := oldObj.DeepCopyObject().(*api.ReplicationController) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected existing object type to be ReplicationController, got %T", replicationcontroller)) - } - // if zero-value, the existing object does not exist - if len(replicationcontroller.ResourceVersion) == 0 { - return nil, errors.NewNotFound(api.Resource("replicationcontrollers/scale"), i.name) - } - - groupVersion := schema.GroupVersion{Group: "", Version: "v1"} - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - requestGroupVersion := schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - if _, ok := replicasPathInReplicationController[requestGroupVersion.String()]; ok { - groupVersion = requestGroupVersion - } else { - klog.Fatalf("Unrecognized group/version in request info %q", requestGroupVersion.String()) - } - } - - managedFieldsHandler := fieldmanager.NewScaleHandler( - replicationcontroller.ManagedFields, - groupVersion, - replicasPathInReplicationController, - ) - - // replicationcontroller -> old scale - oldScale := scaleFromRC(replicationcontroller) - scaleManagedFields, err := managedFieldsHandler.ToSubresource() - if err != nil { - return nil, err - } - oldScale.ManagedFields = scaleManagedFields - - // old scale -> new scale - newScaleObj, err := i.reqObjInfo.UpdatedObject(ctx, oldScale) - if err != nil { - return nil, err - } - if newScaleObj == nil { - return nil, errors.NewBadRequest("nil update passed to Scale") - } - scale, ok := newScaleObj.(*autoscaling.Scale) - if !ok { - return nil, errors.NewBadRequest(fmt.Sprintf("expected input object type to be Scale, but %T", newScaleObj)) - } - - // validate - if errs := validation.ValidateScale(scale); len(errs) > 0 { - return nil, errors.NewInvalid(autoscaling.Kind("Scale"), replicationcontroller.Name, errs) - } - - // validate precondition if specified (resourceVersion matching is handled by storage) - if len(scale.UID) > 0 && scale.UID != replicationcontroller.UID { - return nil, errors.NewConflict( - api.Resource("replicationcontrollers/scale"), - replicationcontroller.Name, - fmt.Errorf("Precondition failed: UID in precondition: %v, UID in object meta: %v", scale.UID, replicationcontroller.UID), - ) - } - - // move replicas/resourceVersion fields to object and return - replicationcontroller.Spec.Replicas = scale.Spec.Replicas - replicationcontroller.ResourceVersion = scale.ResourceVersion - - updatedEntries, err := managedFieldsHandler.ToParent(scale.ManagedFields) - if err != nil { - return nil, err - } - replicationcontroller.ManagedFields = updatedEntries - - return replicationcontroller, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/strategy.go deleted file mode 100644 index be056a32cf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/replicationcontroller/strategy.go +++ /dev/null @@ -1,249 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// If you make changes to this file, you should also make the corresponding change in ReplicaSet. - -package replicationcontroller - -import ( - "context" - "fmt" - "strconv" - "strings" - - corev1 "k8s.io/api/core/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - apistorage "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/api/pod" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper" - "k8s.io/kubernetes/pkg/apis/core/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// rcStrategy implements verification logic for Replication Controllers. -type rcStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Replication Controller objects. -var Strategy = rcStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// DefaultGarbageCollectionPolicy returns OrphanDependents for v1 for backwards compatibility, -// and DeleteDependents for all other versions. -func (rcStrategy) DefaultGarbageCollectionPolicy(ctx context.Context) rest.GarbageCollectionPolicy { - var groupVersion schema.GroupVersion - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - groupVersion = schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - } - switch groupVersion { - case corev1.SchemeGroupVersion: - // for back compatibility - return rest.OrphanDependents - default: - return rest.DeleteDependents - } -} - -// NamespaceScoped returns true because all Replication Controllers need to be within a namespace. -func (rcStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (rcStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of a replication controller before creation. -func (rcStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - controller := obj.(*api.ReplicationController) - controller.Status = api.ReplicationControllerStatus{} - - controller.Generation = 1 - - pod.DropDisabledTemplateFields(controller.Spec.Template, nil) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (rcStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newController := obj.(*api.ReplicationController) - oldController := old.(*api.ReplicationController) - // update is not allowed to set status - newController.Status = oldController.Status - - pod.DropDisabledTemplateFields(newController.Spec.Template, oldController.Spec.Template) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. We push - // the burden of managing the status onto the clients because we can't (in general) - // know here what version of spec the writer of the status has seen. It may seem like - // we can at first -- since obj contains spec -- but in the future we will probably make - // status its own object, and even if we don't, writes may be the result of a - // read-update-write loop, so the contents of spec may not actually be the spec that - // the controller has *seen*. - if !apiequality.Semantic.DeepEqual(oldController.Spec, newController.Spec) { - newController.Generation = oldController.Generation + 1 - } -} - -// Validate validates a new replication controller. -func (rcStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - controller := obj.(*api.ReplicationController) - opts := pod.GetValidationOptionsFromPodTemplate(controller.Spec.Template, nil) - return validation.ValidateReplicationController(controller, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (rcStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - newRC := obj.(*api.ReplicationController) - return pod.GetWarningsForPodTemplate(ctx, field.NewPath("template"), newRC.Spec.Template, nil) -} - -// Canonicalize normalizes the object after validation. -func (rcStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for replication controllers; this means a POST is -// needed to create one. -func (rcStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (rcStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - oldRc := old.(*api.ReplicationController) - newRc := obj.(*api.ReplicationController) - - opts := pod.GetValidationOptionsFromPodTemplate(newRc.Spec.Template, oldRc.Spec.Template) - validationErrorList := validation.ValidateReplicationController(newRc, opts) - updateErrorList := validation.ValidateReplicationControllerUpdate(newRc, oldRc, opts) - errs := append(validationErrorList, updateErrorList...) - - for key, value := range helper.NonConvertibleFields(oldRc.Annotations) { - parts := strings.Split(key, "/") - if len(parts) != 2 { - continue - } - brokenField := parts[1] - - switch { - case strings.Contains(brokenField, "selector"): - if !apiequality.Semantic.DeepEqual(oldRc.Spec.Selector, newRc.Spec.Selector) { - errs = append(errs, field.Invalid(field.NewPath("spec").Child("selector"), newRc.Spec.Selector, "cannot update non-convertible selector")) - } - default: - errs = append(errs, &field.Error{Type: field.ErrorTypeNotFound, BadValue: value, Field: brokenField, Detail: "unknown non-convertible field"}) - } - } - - return errs -} - -// WarningsOnUpdate returns warnings for the given update. -func (rcStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - var warnings []string - oldRc := old.(*api.ReplicationController) - newRc := obj.(*api.ReplicationController) - if oldRc.Generation != newRc.Generation { - warnings = pod.GetWarningsForPodTemplate(ctx, field.NewPath("spec", "template"), oldRc.Spec.Template, newRc.Spec.Template) - } - return warnings -} - -func (rcStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// ControllerToSelectableFields returns a field set that represents the object. -func ControllerToSelectableFields(controller *api.ReplicationController) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&controller.ObjectMeta, true) - controllerSpecificFieldsSet := fields.Set{ - "status.replicas": strconv.Itoa(int(controller.Status.Replicas)), - } - return generic.MergeFieldsSets(objectMetaFieldsSet, controllerSpecificFieldsSet) -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - rc, ok := obj.(*api.ReplicationController) - if !ok { - return nil, nil, fmt.Errorf("given object is not a replication controller") - } - return labels.Set(rc.ObjectMeta.Labels), ControllerToSelectableFields(rc), nil -} - -// MatchController is the filter used by the generic etcd backend to route -// watch events from etcd to clients of the apiserver only interested in specific -// labels/fields. -func MatchController(label labels.Selector, field fields.Selector) apistorage.SelectionPredicate { - return apistorage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -type rcStatusStrategy struct { - rcStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = rcStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (rcStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } -} - -func (rcStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newRc := obj.(*api.ReplicationController) - oldRc := old.(*api.ReplicationController) - // update is not allowed to set spec - newRc.Spec = oldRc.Spec -} - -func (rcStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateReplicationControllerStatusUpdate(obj.(*api.ReplicationController), old.(*api.ReplicationController)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (rcStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/doc.go deleted file mode 100644 index 4f4052f13c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package resourcequota provides Registry interface and it's REST -// implementation for storing ResourceQuota api objects. -package resourcequota // import "k8s.io/kubernetes/pkg/registry/core/resourcequota" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/storage/storage.go deleted file mode 100644 index d438ec792e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/storage/storage.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/resourcequota" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for resource quotas. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against resource quotas. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.ResourceQuota{} }, - NewListFunc: func() runtime.Object { return &api.ResourceQuotaList{} }, - DefaultQualifiedResource: api.Resource("resourcequotas"), - - CreateStrategy: resourcequota.Strategy, - UpdateStrategy: resourcequota.Strategy, - DeleteStrategy: resourcequota.Strategy, - ResetFieldsStrategy: resourcequota.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = resourcequota.StatusStrategy - statusStore.ResetFieldsStrategy = resourcequota.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"quota"} -} - -// StatusREST implements the REST endpoint for changing the status of a resourcequota. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new ResourceQuota object. -func (r *StatusREST) New() runtime.Object { - return &api.ResourceQuota{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/strategy.go deleted file mode 100644 index a8a3c65c6e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/resourcequota/strategy.go +++ /dev/null @@ -1,138 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcequota - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// resourcequotaStrategy implements behavior for ResourceQuota objects -type resourcequotaStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating ResourceQuota -// objects via the REST API. -var Strategy = resourcequotaStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is true for resourcequotas. -func (resourcequotaStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (resourcequotaStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears fields that are not allowed to be set by end users on creation. -func (resourcequotaStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - resourcequota := obj.(*api.ResourceQuota) - resourcequota.Status = api.ResourceQuotaStatus{} -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (resourcequotaStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newResourcequota := obj.(*api.ResourceQuota) - oldResourcequota := old.(*api.ResourceQuota) - newResourcequota.Status = oldResourcequota.Status -} - -// Validate validates a new resourcequota. -func (resourcequotaStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - resourcequota := obj.(*api.ResourceQuota) - return validation.ValidateResourceQuota(resourcequota) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (resourcequotaStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (resourcequotaStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for resourcequotas. -func (resourcequotaStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (resourcequotaStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newObj, oldObj := obj.(*api.ResourceQuota), old.(*api.ResourceQuota) - return validation.ValidateResourceQuotaUpdate(newObj, oldObj) -} - -// WarningsOnUpdate returns warnings for the given update. -func (resourcequotaStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (resourcequotaStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type resourcequotaStatusStrategy struct { - resourcequotaStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = resourcequotaStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (resourcequotaStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -func (resourcequotaStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newResourcequota := obj.(*api.ResourceQuota) - oldResourcequota := old.(*api.ResourceQuota) - newResourcequota.Spec = oldResourcequota.Spec -} - -func (resourcequotaStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateResourceQuotaStatusUpdate(obj.(*api.ResourceQuota), old.(*api.ResourceQuota)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (resourcequotaStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rest/storage_core.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rest/storage_core.go deleted file mode 100644 index 206e87e890..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/rest/storage_core.go +++ /dev/null @@ -1,429 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "crypto/tls" - "fmt" - "net" - "net/http" - "net/url" - "strings" - "time" - - "k8s.io/klog/v2" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/apiserver/pkg/storage/etcd3" - policyclient "k8s.io/client-go/kubernetes/typed/policy/v1" - restclient "k8s.io/client-go/rest" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/cluster/ports" - kubeletclient "k8s.io/kubernetes/pkg/kubelet/client" - "k8s.io/kubernetes/pkg/registry/core/componentstatus" - configmapstore "k8s.io/kubernetes/pkg/registry/core/configmap/storage" - endpointsstore "k8s.io/kubernetes/pkg/registry/core/endpoint/storage" - eventstore "k8s.io/kubernetes/pkg/registry/core/event/storage" - limitrangestore "k8s.io/kubernetes/pkg/registry/core/limitrange/storage" - namespacestore "k8s.io/kubernetes/pkg/registry/core/namespace/storage" - nodestore "k8s.io/kubernetes/pkg/registry/core/node/storage" - pvstore "k8s.io/kubernetes/pkg/registry/core/persistentvolume/storage" - pvcstore "k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/storage" - podstore "k8s.io/kubernetes/pkg/registry/core/pod/storage" - podtemplatestore "k8s.io/kubernetes/pkg/registry/core/podtemplate/storage" - "k8s.io/kubernetes/pkg/registry/core/rangeallocation" - controllerstore "k8s.io/kubernetes/pkg/registry/core/replicationcontroller/storage" - resourcequotastore "k8s.io/kubernetes/pkg/registry/core/resourcequota/storage" - secretstore "k8s.io/kubernetes/pkg/registry/core/secret/storage" - "k8s.io/kubernetes/pkg/registry/core/service/allocator" - serviceallocator "k8s.io/kubernetes/pkg/registry/core/service/allocator/storage" - "k8s.io/kubernetes/pkg/registry/core/service/ipallocator" - "k8s.io/kubernetes/pkg/registry/core/service/portallocator" - servicestore "k8s.io/kubernetes/pkg/registry/core/service/storage" - serviceaccountstore "k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage" - kubeschedulerconfig "k8s.io/kubernetes/pkg/scheduler/apis/config" - "k8s.io/kubernetes/pkg/serviceaccount" - utilsnet "k8s.io/utils/net" -) - -// LegacyRESTStorageProvider provides information needed to build RESTStorage for core, but -// does NOT implement the "normal" RESTStorageProvider (yet!) -type LegacyRESTStorageProvider struct { - StorageFactory serverstorage.StorageFactory - // Used for custom proxy dialing, and proxy TLS options - ProxyTransport http.RoundTripper - KubeletClientConfig kubeletclient.KubeletClientConfig - EventTTL time.Duration - - // ServiceIPRange is used to build cluster IPs for discovery. - ServiceIPRange net.IPNet - // allocates ips for secondary service cidr in dual stack clusters - SecondaryServiceIPRange net.IPNet - ServiceNodePortRange utilnet.PortRange - - ServiceAccountIssuer serviceaccount.TokenGenerator - ServiceAccountMaxExpiration time.Duration - ExtendExpiration bool - - APIAudiences authenticator.Audiences - - LoopbackClientConfig *restclient.Config -} - -// LegacyRESTStorage returns stateful information about particular instances of REST storage to -// master.go for wiring controllers. -// TODO remove this by running the controller as a poststarthook -type LegacyRESTStorage struct { - ServiceClusterIPAllocator rangeallocation.RangeRegistry - SecondaryServiceClusterIPAllocator rangeallocation.RangeRegistry - ServiceNodePortAllocator rangeallocation.RangeRegistry -} - -func (c LegacyRESTStorageProvider) NewLegacyRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (LegacyRESTStorage, genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.APIGroupInfo{ - PrioritizedVersions: legacyscheme.Scheme.PrioritizedVersionsForGroup(""), - VersionedResourcesStorageMap: map[string]map[string]rest.Storage{}, - Scheme: legacyscheme.Scheme, - ParameterCodec: legacyscheme.ParameterCodec, - NegotiatedSerializer: legacyscheme.Codecs, - } - - podDisruptionClient, err := policyclient.NewForConfig(c.LoopbackClientConfig) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - restStorage := LegacyRESTStorage{} - - podTemplateStorage, err := podtemplatestore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - eventStorage, err := eventstore.NewREST(restOptionsGetter, uint64(c.EventTTL.Seconds())) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - limitRangeStorage, err := limitrangestore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - resourceQuotaStorage, resourceQuotaStatusStorage, err := resourcequotastore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - secretStorage, err := secretstore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - persistentVolumeStorage, persistentVolumeStatusStorage, err := pvstore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - persistentVolumeClaimStorage, persistentVolumeClaimStatusStorage, err := pvcstore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - configMapStorage, err := configmapstore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - namespaceStorage, namespaceStatusStorage, namespaceFinalizeStorage, err := namespacestore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - endpointsStorage, err := endpointsstore.NewREST(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - nodeStorage, err := nodestore.NewStorage(restOptionsGetter, c.KubeletClientConfig, c.ProxyTransport) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - podStorage, err := podstore.NewStorage( - restOptionsGetter, - nodeStorage.KubeletConnectionInfo, - c.ProxyTransport, - podDisruptionClient, - ) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - var serviceAccountStorage *serviceaccountstore.REST - if c.ServiceAccountIssuer != nil { - serviceAccountStorage, err = serviceaccountstore.NewREST(restOptionsGetter, c.ServiceAccountIssuer, c.APIAudiences, c.ServiceAccountMaxExpiration, podStorage.Pod.Store, secretStorage.Store, c.ExtendExpiration) - } else { - serviceAccountStorage, err = serviceaccountstore.NewREST(restOptionsGetter, nil, nil, 0, nil, nil, false) - } - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - var serviceClusterIPRegistry rangeallocation.RangeRegistry - serviceClusterIPRange := c.ServiceIPRange - if serviceClusterIPRange.IP == nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, fmt.Errorf("service clusterIPRange is missing") - } - - serviceStorageConfig, err := c.StorageFactory.NewConfig(api.Resource("services")) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - serviceClusterIPAllocator, err := ipallocator.New(&serviceClusterIPRange, func(max int, rangeSpec string, offset int) (allocator.Interface, error) { - var mem allocator.Snapshottable - mem = allocator.NewAllocationMapWithOffset(max, rangeSpec, offset) - // TODO etcdallocator package to return a storage interface via the storageFactory - etcd, err := serviceallocator.NewEtcd(mem, "/ranges/serviceips", serviceStorageConfig.ForResource(api.Resource("serviceipallocations"))) - if err != nil { - return nil, err - } - serviceClusterIPRegistry = etcd - return etcd, nil - }) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, fmt.Errorf("cannot create cluster IP allocator: %v", err) - } - serviceClusterIPAllocator.EnableMetrics() - restStorage.ServiceClusterIPAllocator = serviceClusterIPRegistry - - // allocator for secondary service ip range - var secondaryServiceClusterIPAllocator ipallocator.Interface - if c.SecondaryServiceIPRange.IP != nil { - var secondaryServiceClusterIPRegistry rangeallocation.RangeRegistry - secondaryServiceClusterIPAllocator, err = ipallocator.New(&c.SecondaryServiceIPRange, func(max int, rangeSpec string, offset int) (allocator.Interface, error) { - var mem allocator.Snapshottable - mem = allocator.NewAllocationMapWithOffset(max, rangeSpec, offset) - // TODO etcdallocator package to return a storage interface via the storageFactory - etcd, err := serviceallocator.NewEtcd(mem, "/ranges/secondaryserviceips", serviceStorageConfig.ForResource(api.Resource("serviceipallocations"))) - if err != nil { - return nil, err - } - secondaryServiceClusterIPRegistry = etcd - return etcd, nil - }) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, fmt.Errorf("cannot create cluster secondary IP allocator: %v", err) - } - secondaryServiceClusterIPAllocator.EnableMetrics() - restStorage.SecondaryServiceClusterIPAllocator = secondaryServiceClusterIPRegistry - } - - var serviceNodePortRegistry rangeallocation.RangeRegistry - serviceNodePortAllocator, err := portallocator.New(c.ServiceNodePortRange, func(max int, rangeSpec string) (allocator.Interface, error) { - mem := allocator.NewAllocationMap(max, rangeSpec) - // TODO etcdallocator package to return a storage interface via the storageFactory - etcd, err := serviceallocator.NewEtcd(mem, "/ranges/servicenodeports", serviceStorageConfig.ForResource(api.Resource("servicenodeportallocations"))) - if err != nil { - return nil, err - } - serviceNodePortRegistry = etcd - return etcd, nil - }) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, fmt.Errorf("cannot create cluster port allocator: %v", err) - } - restStorage.ServiceNodePortAllocator = serviceNodePortRegistry - - controllerStorage, err := controllerstore.NewStorage(restOptionsGetter) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - serviceIPAllocators := map[api.IPFamily]ipallocator.Interface{ - serviceClusterIPAllocator.IPFamily(): serviceClusterIPAllocator, - } - if secondaryServiceClusterIPAllocator != nil { - serviceIPAllocators[secondaryServiceClusterIPAllocator.IPFamily()] = secondaryServiceClusterIPAllocator - } - - serviceRESTStorage, serviceStatusStorage, serviceRESTProxy, err := servicestore.NewREST( - restOptionsGetter, - serviceClusterIPAllocator.IPFamily(), - serviceIPAllocators, - serviceNodePortAllocator, - endpointsStorage, - podStorage.Pod, - c.ProxyTransport) - if err != nil { - return LegacyRESTStorage{}, genericapiserver.APIGroupInfo{}, err - } - - storage := map[string]rest.Storage{} - if resource := "pods"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = podStorage.Pod - storage[resource+"/attach"] = podStorage.Attach - storage[resource+"/status"] = podStorage.Status - storage[resource+"/log"] = podStorage.Log - storage[resource+"/exec"] = podStorage.Exec - storage[resource+"/portforward"] = podStorage.PortForward - storage[resource+"/proxy"] = podStorage.Proxy - storage[resource+"/binding"] = podStorage.Binding - if podStorage.Eviction != nil { - storage[resource+"/eviction"] = podStorage.Eviction - } - storage[resource+"/ephemeralcontainers"] = podStorage.EphemeralContainers - - } - if resource := "bindings"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = podStorage.LegacyBinding - } - - if resource := "podtemplates"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = podTemplateStorage - } - - if resource := "replicationcontrollers"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = controllerStorage.Controller - storage[resource+"/status"] = controllerStorage.Status - if legacyscheme.Scheme.IsVersionRegistered(schema.GroupVersion{Group: "autoscaling", Version: "v1"}) { - storage[resource+"/scale"] = controllerStorage.Scale - } - } - - if resource := "services"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = serviceRESTStorage - storage[resource+"/proxy"] = serviceRESTProxy - storage[resource+"/status"] = serviceStatusStorage - } - - if resource := "endpoints"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = endpointsStorage - } - - if resource := "nodes"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = nodeStorage.Node - storage[resource+"/proxy"] = nodeStorage.Proxy - storage[resource+"/status"] = nodeStorage.Status - } - - if resource := "events"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = eventStorage - } - - if resource := "limitranges"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = limitRangeStorage - } - - if resource := "resourcequotas"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = resourceQuotaStorage - storage[resource+"/status"] = resourceQuotaStatusStorage - } - - if resource := "namespaces"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = namespaceStorage - storage[resource+"/status"] = namespaceStatusStorage - storage[resource+"/finalize"] = namespaceFinalizeStorage - } - - if resource := "secrets"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = secretStorage - } - - if resource := "serviceaccounts"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = serviceAccountStorage - if serviceAccountStorage.Token != nil { - storage[resource+"/token"] = serviceAccountStorage.Token - } - } - - if resource := "persistentvolumes"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = persistentVolumeStorage - storage[resource+"/status"] = persistentVolumeStatusStorage - } - - if resource := "persistentvolumeclaims"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = persistentVolumeClaimStorage - storage[resource+"/status"] = persistentVolumeClaimStatusStorage - } - - if resource := "configmaps"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = configMapStorage - } - - if resource := "componentstatuses"; apiResourceConfigSource.ResourceEnabled(corev1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = componentstatus.NewStorage(componentStatusStorage{c.StorageFactory}.serversToValidate) - } - - if len(storage) > 0 { - apiGroupInfo.VersionedResourcesStorageMap["v1"] = storage - } - - return restStorage, apiGroupInfo, nil -} - -func (p LegacyRESTStorageProvider) GroupName() string { - return api.GroupName -} - -type componentStatusStorage struct { - storageFactory serverstorage.StorageFactory -} - -func (s componentStatusStorage) serversToValidate() map[string]*componentstatus.Server { - // this is fragile, which assumes that the default port is being used - // TODO: switch to secure port until these components remove the ability to serve insecurely. - serversToValidate := map[string]*componentstatus.Server{ - "controller-manager": {EnableHTTPS: true, TLSConfig: &tls.Config{InsecureSkipVerify: true}, Addr: "127.0.0.1", Port: ports.KubeControllerManagerPort, Path: "/healthz"}, - "scheduler": {EnableHTTPS: true, TLSConfig: &tls.Config{InsecureSkipVerify: true}, Addr: "127.0.0.1", Port: kubeschedulerconfig.DefaultKubeSchedulerPort, Path: "/healthz"}, - } - - for ix, machine := range s.storageFactory.Backends() { - etcdUrl, err := url.Parse(machine.Server) - if err != nil { - klog.Errorf("Failed to parse etcd url for validation: %v", err) - continue - } - var port int - var addr string - if strings.Contains(etcdUrl.Host, ":") { - var portString string - addr, portString, err = net.SplitHostPort(etcdUrl.Host) - if err != nil { - klog.Errorf("Failed to split host/port: %s (%v)", etcdUrl.Host, err) - continue - } - port, _ = utilsnet.ParsePort(portString, true) - } else { - addr = etcdUrl.Host - port = 2379 - } - // TODO: etcd health checking should be abstracted in the storage tier - serversToValidate[fmt.Sprintf("etcd-%d", ix)] = &componentstatus.Server{ - Addr: addr, - EnableHTTPS: etcdUrl.Scheme == "https", - TLSConfig: machine.TLSConfig, - Port: port, - Path: "/health", - Validate: etcd3.EtcdHealthCheck, - } - } - return serversToValidate -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/doc.go deleted file mode 100644 index 5b150f76b6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package secrets provides Registry interface and its REST -// implementation for storing Secret api objects. -package secret // import "k8s.io/kubernetes/pkg/registry/core/secret" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/storage/storage.go deleted file mode 100644 index 81e2892df5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/storage/storage.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/storage" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/secret" -) - -// REST defines the RESTStorage object that will work against secrets. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against secrets. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.Secret{} }, - NewListFunc: func() runtime.Object { return &api.SecretList{} }, - PredicateFunc: secret.Matcher, - DefaultQualifiedResource: api.Resource("secrets"), - - CreateStrategy: secret.Strategy, - UpdateStrategy: secret.Strategy, - DeleteStrategy: secret.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{ - RESTOptions: optsGetter, - AttrFunc: secret.GetAttrs, - TriggerFunc: map[string]storage.IndexerFunc{"metadata.name": secret.NameTriggerFunc}, - } - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/strategy.go deleted file mode 100644 index 3339704449..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/secret/strategy.go +++ /dev/null @@ -1,132 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package secret - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - pkgstorage "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" -) - -// strategy implements behavior for Secret objects -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Secret -// objects via the REST API. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -var _ = rest.RESTCreateStrategy(Strategy) - -var _ = rest.RESTUpdateStrategy(Strategy) - -func (strategy) NamespaceScoped() bool { - return true -} - -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - secret := obj.(*api.Secret) - dropDisabledFields(secret, nil) -} - -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - return validation.ValidateSecret(obj.(*api.Secret)) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -func (strategy) Canonicalize(obj runtime.Object) { -} - -func (strategy) AllowCreateOnUpdate() bool { - return false -} - -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newSecret := obj.(*api.Secret) - oldSecret := old.(*api.Secret) - - // this is weird, but consistent with what the validatedUpdate function used to do. - if len(newSecret.Type) == 0 { - newSecret.Type = oldSecret.Type - } - - dropDisabledFields(newSecret, oldSecret) -} - -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateSecretUpdate(obj.(*api.Secret), old.(*api.Secret)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func dropDisabledFields(secret *api.Secret, oldSecret *api.Secret) { -} - -func (strategy) AllowUnconditionalUpdate() bool { - return true -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - secret, ok := obj.(*api.Secret) - if !ok { - return nil, nil, fmt.Errorf("not a secret") - } - return labels.Set(secret.Labels), SelectableFields(secret), nil -} - -// Matcher returns a selection predicate for a given label and field selector. -func Matcher(label labels.Selector, field fields.Selector) pkgstorage.SelectionPredicate { - return pkgstorage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - IndexFields: []string{"metadata.name"}, - } -} - -// NameTriggerFunc returns value metadata.namespace of given object. -func NameTriggerFunc(obj runtime.Object) string { - return obj.(*api.Secret).ObjectMeta.Name -} - -// SelectableFields returns a field set that can be used for filter selection -func SelectableFields(obj *api.Secret) fields.Set { - objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&obj.ObjectMeta, true) - secretSpecificFieldsSet := fields.Set{ - "type": string(obj.Type), - } - return generic.MergeFieldsSets(objectMetaFieldsSet, secretSpecificFieldsSet) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/bitmap.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/bitmap.go deleted file mode 100644 index b492b4a1bb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/bitmap.go +++ /dev/null @@ -1,263 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package allocator - -import ( - "errors" - "fmt" - "math/big" - "math/rand" - "sync" - "time" -) - -// AllocationBitmap is a contiguous block of resources that can be allocated atomically. -// -// Each resource has an offset. The internal structure is a bitmap, with a bit for each offset. -// -// If a resource is taken, the bit at that offset is set to one. -// r.count is always equal to the number of set bits and can be recalculated at any time -// by counting the set bits in r.allocated. -// -// TODO: use RLE and compact the allocator to minimize space. -type AllocationBitmap struct { - // strategy carries the details of how to choose the next available item out of the range - strategy bitAllocator - // max is the maximum size of the usable items in the range - max int - // rangeSpec is the range specifier, matching RangeAllocation.Range - rangeSpec string - - // lock guards the following members - lock sync.Mutex - // count is the number of currently allocated elements in the range - count int - // allocated is a bit array of the allocated items in the range - allocated *big.Int -} - -// AllocationBitmap implements Interface and Snapshottable -var _ Interface = &AllocationBitmap{} -var _ Snapshottable = &AllocationBitmap{} - -// bitAllocator represents a search strategy in the allocation map for a valid item. -type bitAllocator interface { - AllocateBit(allocated *big.Int, max, count int) (int, bool) -} - -// NewAllocationMap creates an allocation bitmap using the random scan strategy. -func NewAllocationMap(max int, rangeSpec string) *AllocationBitmap { - return NewAllocationMapWithOffset(max, rangeSpec, 0) -} - -// NewAllocationMapWithOffset creates an allocation bitmap using a random scan strategy that -// allows to pass an offset that divides the allocation bitmap in two blocks. -// The first block of values will not be used for random value assigned by the AllocateNext() -// method until the second block of values has been exhausted. -func NewAllocationMapWithOffset(max int, rangeSpec string, offset int) *AllocationBitmap { - a := AllocationBitmap{ - strategy: randomScanStrategyWithOffset{ - rand: rand.New(rand.NewSource(time.Now().UnixNano())), - offset: offset, - }, - allocated: big.NewInt(0), - count: 0, - max: max, - rangeSpec: rangeSpec, - } - - return &a -} - -// Allocate attempts to reserve the provided item. -// Returns true if it was allocated, false if it was already in use -func (r *AllocationBitmap) Allocate(offset int) (bool, error) { - r.lock.Lock() - defer r.lock.Unlock() - - // max is the maximum size of the usable items in the range - if offset < 0 || offset >= r.max { - return false, fmt.Errorf("offset %d out of range [0,%d]", offset, r.max) - } - if r.allocated.Bit(offset) == 1 { - return false, nil - } - r.allocated = r.allocated.SetBit(r.allocated, offset, 1) - r.count++ - return true, nil -} - -// AllocateNext reserves one of the items from the pool. -// (0, false, nil) may be returned if there are no items left. -func (r *AllocationBitmap) AllocateNext() (int, bool, error) { - r.lock.Lock() - defer r.lock.Unlock() - - next, ok := r.strategy.AllocateBit(r.allocated, r.max, r.count) - if !ok { - return 0, false, nil - } - r.count++ - r.allocated = r.allocated.SetBit(r.allocated, next, 1) - return next, true, nil -} - -// Release releases the item back to the pool. Releasing an -// unallocated item or an item out of the range is a no-op and -// returns no error. -func (r *AllocationBitmap) Release(offset int) error { - r.lock.Lock() - defer r.lock.Unlock() - - if r.allocated.Bit(offset) == 0 { - return nil - } - - r.allocated = r.allocated.SetBit(r.allocated, offset, 0) - r.count-- - return nil -} - -const ( - // Find the size of a big.Word in bytes. - notZero = uint64(^big.Word(0)) - wordPower = (notZero>>8)&1 + (notZero>>16)&1 + (notZero>>32)&1 - wordSize = 1 << wordPower -) - -// ForEach calls the provided function for each allocated bit. The -// AllocationBitmap may not be modified while this loop is running. -func (r *AllocationBitmap) ForEach(fn func(int)) { - r.lock.Lock() - defer r.lock.Unlock() - - words := r.allocated.Bits() - for wordIdx, word := range words { - bit := 0 - for word > 0 { - if (word & 1) != 0 { - fn((wordIdx * wordSize * 8) + bit) - word = word &^ 1 - } - bit++ - word = word >> 1 - } - } -} - -// Has returns true if the provided item is already allocated and a call -// to Allocate(offset) would fail. -func (r *AllocationBitmap) Has(offset int) bool { - r.lock.Lock() - defer r.lock.Unlock() - - return r.allocated.Bit(offset) == 1 -} - -// Free returns the count of items left in the range. -func (r *AllocationBitmap) Free() int { - r.lock.Lock() - defer r.lock.Unlock() - return r.max - r.count -} - -// Snapshot saves the current state of the pool. -func (r *AllocationBitmap) Snapshot() (string, []byte) { - r.lock.Lock() - defer r.lock.Unlock() - - return r.rangeSpec, r.allocated.Bytes() -} - -// Restore restores the pool to the previously captured state. -func (r *AllocationBitmap) Restore(rangeSpec string, data []byte) error { - r.lock.Lock() - defer r.lock.Unlock() - - if r.rangeSpec != rangeSpec { - return errors.New("the provided range does not match the current range") - } - - r.allocated = big.NewInt(0).SetBytes(data) - r.count = countBits(r.allocated) - - return nil -} - -// Destroy cleans up everything on shutdown. -func (r *AllocationBitmap) Destroy() { -} - -// randomScanStrategy chooses a random address from the provided big.Int, and then -// scans forward looking for the next available address (it will wrap the range if -// necessary). -type randomScanStrategy struct { - rand *rand.Rand -} - -func (rss randomScanStrategy) AllocateBit(allocated *big.Int, max, count int) (int, bool) { - if count >= max { - return 0, false - } - offset := rss.rand.Intn(max) - for i := 0; i < max; i++ { - at := (offset + i) % max - if allocated.Bit(at) == 0 { - return at, true - } - } - return 0, false -} - -var _ bitAllocator = randomScanStrategy{} - -// randomScanStrategyWithOffset choose a random address from the provided big.Int and then scans -// forward looking for the next available address. The big.Int range is subdivided so it will try -// to allocate first from the reserved upper range of addresses (it will wrap the upper subrange if necessary). -// If there is no free address it will try to allocate one from the lower range too. -type randomScanStrategyWithOffset struct { - rand *rand.Rand - offset int -} - -func (rss randomScanStrategyWithOffset) AllocateBit(allocated *big.Int, max, count int) (int, bool) { - if count >= max { - return 0, false - } - // size of the upper subrange, prioritized for random allocation - subrangeMax := max - rss.offset - // try to get a value from the upper range [rss.reserved, max] - start := rss.rand.Intn(subrangeMax) - for i := 0; i < subrangeMax; i++ { - at := rss.offset + ((start + i) % subrangeMax) - if allocated.Bit(at) == 0 { - return at, true - } - } - - start = rss.rand.Intn(rss.offset) - // subrange full, try to get the value from the first block before giving up. - for i := 0; i < rss.offset; i++ { - at := (start + i) % rss.offset - if allocated.Bit(at) == 0 { - return at, true - } - } - return 0, false -} - -var _ bitAllocator = randomScanStrategyWithOffset{} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/interfaces.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/interfaces.go deleted file mode 100644 index 41f966858b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/interfaces.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package allocator - -// Interface manages the allocation of items out of a range. Interface -// should be threadsafe. -type Interface interface { - Allocate(int) (bool, error) - AllocateNext() (int, bool, error) - Release(int) error - ForEach(func(int)) - - // For testing - Has(int) bool - - // For testing - Free() int - - // Destroy shuts down all internal structures. - // Destroy needs to be implemented in thread-safe way and be prepared for being - // called more than once. - Destroy() -} - -// Snapshottable is an Interface that can be snapshotted and restored. Snapshottable -// should be threadsafe. -type Snapshottable interface { - Interface - Snapshot() (string, []byte) - Restore(string, []byte) error -} - -type AllocatorFactory func(max int, rangeSpec string) (Interface, error) - -type AllocatorWithOffsetFactory func(max int, rangeSpec string, offset int) (Interface, error) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/storage/storage.go deleted file mode 100644 index 93cc0b055b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/storage/storage.go +++ /dev/null @@ -1,240 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "errors" - "fmt" - "sync" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - storeerr "k8s.io/apiserver/pkg/storage/errors" - "k8s.io/apiserver/pkg/storage/storagebackend" - api "k8s.io/kubernetes/pkg/apis/core" - _ "k8s.io/kubernetes/pkg/apis/core/install" - "k8s.io/kubernetes/pkg/registry/core/rangeallocation" - "k8s.io/kubernetes/pkg/registry/core/service/allocator" -) - -var ( - errorUnableToAllocate = errors.New("unable to allocate") -) - -// Etcd exposes a service.Allocator -// TODO: allow multiple allocations to be tried at once -// TODO: subdivide the keyspace to reduce conflicts -// TODO: investigate issuing a CAS without reading first -type Etcd struct { - lock sync.Mutex - - alloc allocator.Snapshottable - storage storage.Interface - last string - - baseKey string - resource schema.GroupResource - - destroyFn func() -} - -// Etcd implements allocator.Interface and rangeallocation.RangeRegistry -var _ allocator.Interface = &Etcd{} -var _ rangeallocation.RangeRegistry = &Etcd{} - -// NewEtcd returns an allocator that is backed by Etcd and can manage -// persisting the snapshot state of allocation after each allocation is made. -func NewEtcd(alloc allocator.Snapshottable, baseKey string, config *storagebackend.ConfigForResource) (*Etcd, error) { - storage, d, err := generic.NewRawStorage(config, nil) - if err != nil { - return nil, err - } - - var once sync.Once - return &Etcd{ - alloc: alloc, - storage: storage, - baseKey: baseKey, - resource: config.GroupResource, - destroyFn: func() { once.Do(d) }, - }, nil -} - -// Allocate attempts to allocate the item. -func (e *Etcd) Allocate(offset int) (bool, error) { - e.lock.Lock() - defer e.lock.Unlock() - - err := e.tryUpdate(func() error { - ok, err := e.alloc.Allocate(offset) - if err != nil { - return err - } - if !ok { - return errorUnableToAllocate - } - return nil - }) - if err != nil { - if err == errorUnableToAllocate { - return false, nil - } - return false, err - } - return true, nil -} - -// AllocateNext attempts to allocate the next item. -func (e *Etcd) AllocateNext() (int, bool, error) { - e.lock.Lock() - defer e.lock.Unlock() - var offset int - var ok bool - var err error - - err = e.tryUpdate(func() error { - // update the offset here - offset, ok, err = e.alloc.AllocateNext() - if err != nil { - return err - } - if !ok { - return errorUnableToAllocate - } - return nil - }) - - if err != nil { - if err == errorUnableToAllocate { - return offset, false, nil - } - return offset, false, err - } - return offset, true, nil -} - -// Release attempts to release the provided item. -func (e *Etcd) Release(item int) error { - e.lock.Lock() - defer e.lock.Unlock() - - return e.tryUpdate(func() error { - return e.alloc.Release(item) - }) - -} - -func (e *Etcd) ForEach(fn func(int)) { - e.lock.Lock() - defer e.lock.Unlock() - e.alloc.ForEach(fn) -} - -// tryUpdate performs a read-update to persist the latest snapshot state of allocation. -func (e *Etcd) tryUpdate(fn func() error) error { - err := e.storage.GuaranteedUpdate(context.TODO(), e.baseKey, &api.RangeAllocation{}, true, nil, - storage.SimpleUpdate(func(input runtime.Object) (output runtime.Object, err error) { - existing := input.(*api.RangeAllocation) - if len(existing.ResourceVersion) == 0 { - return nil, fmt.Errorf("cannot allocate resources of type %s at this time", e.resource.String()) - } - if existing.ResourceVersion != e.last { - if err := e.alloc.Restore(existing.Range, existing.Data); err != nil { - return nil, err - } - } - if err := fn(); err != nil { - return nil, err - } - e.last = existing.ResourceVersion - rangeSpec, data := e.alloc.Snapshot() - existing.Range = rangeSpec - existing.Data = data - return existing, nil - }), - nil, - ) - return storeerr.InterpretUpdateError(err, e.resource, "") -} - -// Get returns an api.RangeAllocation that represents the current state in -// etcd. If the key does not exist, the object will have an empty ResourceVersion. -func (e *Etcd) Get() (*api.RangeAllocation, error) { - existing := &api.RangeAllocation{} - if err := e.storage.Get(context.TODO(), e.baseKey, storage.GetOptions{IgnoreNotFound: true}, existing); err != nil { - return nil, storeerr.InterpretGetError(err, e.resource, "") - } - return existing, nil -} - -// CreateOrUpdate attempts to update the current etcd state with the provided -// allocation. -func (e *Etcd) CreateOrUpdate(snapshot *api.RangeAllocation) error { - e.lock.Lock() - defer e.lock.Unlock() - - last := "" - err := e.storage.GuaranteedUpdate(context.TODO(), e.baseKey, &api.RangeAllocation{}, true, nil, - storage.SimpleUpdate(func(input runtime.Object) (output runtime.Object, err error) { - existing := input.(*api.RangeAllocation) - switch { - case len(snapshot.ResourceVersion) != 0 && len(existing.ResourceVersion) != 0: - if snapshot.ResourceVersion != existing.ResourceVersion { - return nil, apierrors.NewConflict(e.resource, "", fmt.Errorf("the provided resource version does not match")) - } - case len(existing.ResourceVersion) != 0: - return nil, apierrors.NewConflict(e.resource, "", fmt.Errorf("another caller has already initialized the resource")) - } - last = snapshot.ResourceVersion - return snapshot, nil - }), - nil, - ) - if err != nil { - return storeerr.InterpretUpdateError(err, e.resource, "") - } - err = e.alloc.Restore(snapshot.Range, snapshot.Data) - if err == nil { - e.last = last - } - return err -} - -// Has implements allocator.Interface::Has -func (e *Etcd) Has(item int) bool { - e.lock.Lock() - defer e.lock.Unlock() - - return e.alloc.Has(item) -} - -// Free implements allocator.Interface::Free -func (e *Etcd) Free() int { - e.lock.Lock() - defer e.lock.Unlock() - - return e.alloc.Free() -} - -// Destroy implement allocator.Interface::Destroy -func (e *Etcd) Destroy() { - e.destroyFn() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/utils.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/utils.go deleted file mode 100644 index c034f51e6c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/allocator/utils.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package allocator - -import ( - "math/big" - "math/bits" -) - -// countBits returns the number of set bits in n -func countBits(n *big.Int) int { - var count int = 0 - for _, w := range n.Bits() { - count += bits.OnesCount64(uint64(w)) - } - return count -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/doc.go deleted file mode 100644 index 3e523a8599..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package service provides the Registry interface and its RESTStorage -// implementation for storing Service api objects. -package service // import "k8s.io/kubernetes/pkg/registry/core/service" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/allocator.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/allocator.go deleted file mode 100644 index df47297950..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/allocator.go +++ /dev/null @@ -1,446 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ipallocator - -import ( - "errors" - "fmt" - "math/big" - "net" - - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/registry/core/service/allocator" - netutils "k8s.io/utils/net" -) - -// Interface manages the allocation of IP addresses out of a range. Interface -// should be threadsafe. -type Interface interface { - Allocate(net.IP) error - AllocateNext() (net.IP, error) - Release(net.IP) error - ForEach(func(net.IP)) - CIDR() net.IPNet - IPFamily() api.IPFamily - Has(ip net.IP) bool - Destroy() - EnableMetrics() - - // DryRun offers a way to try operations without persisting them. - DryRun() Interface -} - -var ( - ErrFull = errors.New("range is full") - ErrAllocated = errors.New("provided IP is already allocated") - ErrMismatchedNetwork = errors.New("the provided network does not match the current range") -) - -type ErrNotInRange struct { - IP net.IP - ValidRange string -} - -func (e *ErrNotInRange) Error() string { - return fmt.Sprintf("the provided IP (%v) is not in the valid range. The range of valid IPs is %s", e.IP, e.ValidRange) -} - -// Range is a contiguous block of IPs that can be allocated atomically. -// -// The internal structure of the range is: -// -// For CIDR 10.0.0.0/24 -// 254 addresses usable out of 256 total (minus base and broadcast IPs) -// The number of usable addresses is r.max -// -// CIDR base IP CIDR broadcast IP -// 10.0.0.0 10.0.0.255 -// | | -// 0 1 2 3 4 5 ... ... 253 254 255 -// | | -// r.base r.base + r.max -// | | -// offset #0 of r.allocated last offset of r.allocated -type Range struct { - net *net.IPNet - // base is a cached version of the start IP in the CIDR range as a *big.Int - base *big.Int - // max is the maximum size of the usable addresses in the range - max int - // family is the IP family of this range - family api.IPFamily - - alloc allocator.Interface - // metrics is a metrics recorder that can be disabled - metrics metricsRecorderInterface -} - -// New creates a Range over a net.IPNet, calling allocatorFactory to construct the backing store. -func New(cidr *net.IPNet, allocatorFactory allocator.AllocatorWithOffsetFactory) (*Range, error) { - max := netutils.RangeSize(cidr) - base := netutils.BigForIP(cidr.IP) - rangeSpec := cidr.String() - var family api.IPFamily - - if netutils.IsIPv6CIDR(cidr) { - family = api.IPv6Protocol - // Limit the max size, since the allocator keeps a bitmap of that size. - if max > 65536 { - max = 65536 - } - } else { - family = api.IPv4Protocol - // Don't use the IPv4 network's broadcast address, but don't just - // Allocate() it - we don't ever want to be able to release it. - max-- - } - - // Don't use the network's ".0" address, but don't just Allocate() it - we - // don't ever want to be able to release it. - base.Add(base, big.NewInt(1)) - max-- - - r := Range{ - net: cidr, - base: base, - max: maximum(0, int(max)), - family: family, - metrics: &emptyMetricsRecorder{}, // disabled by default - } - - offset := calculateRangeOffset(cidr) - - var err error - r.alloc, err = allocatorFactory(r.max, rangeSpec, offset) - if err != nil { - return nil, err - } - return &r, nil -} - -// NewInMemory creates an in-memory allocator. -func NewInMemory(cidr *net.IPNet) (*Range, error) { - return New(cidr, func(max int, rangeSpec string, offset int) (allocator.Interface, error) { - return allocator.NewAllocationMapWithOffset(max, rangeSpec, offset), nil - }) -} - -// NewFromSnapshot allocates a Range and initializes it from a snapshot. -func NewFromSnapshot(snap *api.RangeAllocation) (*Range, error) { - _, ipnet, err := netutils.ParseCIDRSloppy(snap.Range) - if err != nil { - return nil, err - } - r, err := NewInMemory(ipnet) - if err != nil { - return nil, err - } - if err := r.Restore(ipnet, snap.Data); err != nil { - return nil, err - } - return r, nil -} - -func maximum(a, b int) int { - if a > b { - return a - } - return b -} - -// Free returns the count of IP addresses left in the range. -func (r *Range) Free() int { - return r.alloc.Free() -} - -// Used returns the count of IP addresses used in the range. -func (r *Range) Used() int { - return r.max - r.alloc.Free() -} - -// CIDR returns the CIDR covered by the range. -func (r *Range) CIDR() net.IPNet { - return *r.net -} - -// DryRun returns a non-persisting form of this Range. -func (r *Range) DryRun() Interface { - return dryRunRange{r} -} - -// For clearer code. -const dryRunTrue = true -const dryRunFalse = false - -// Allocate attempts to reserve the provided IP. ErrNotInRange or -// ErrAllocated will be returned if the IP is not valid for this range -// or has already been reserved. ErrFull will be returned if there -// are no addresses left. -func (r *Range) Allocate(ip net.IP) error { - return r.allocate(ip, dryRunFalse) -} - -func (r *Range) allocate(ip net.IP, dryRun bool) error { - label := r.CIDR() - ok, offset := r.contains(ip) - if !ok { - if !dryRun { - // update metrics - r.metrics.incrementAllocationErrors(label.String(), "static") - } - return &ErrNotInRange{ip, r.net.String()} - } - if dryRun { - // Don't bother to check whether the IP is actually free. It's racy and - // not worth the effort to plumb any further. - return nil - } - - allocated, err := r.alloc.Allocate(offset) - if err != nil { - // update metrics - r.metrics.incrementAllocationErrors(label.String(), "static") - - return err - } - if !allocated { - // update metrics - r.metrics.incrementAllocationErrors(label.String(), "static") - - return ErrAllocated - } - // update metrics - r.metrics.incrementAllocations(label.String(), "static") - r.metrics.setAllocated(label.String(), r.Used()) - r.metrics.setAvailable(label.String(), r.Free()) - - return nil -} - -// AllocateNext reserves one of the IPs from the pool. ErrFull may -// be returned if there are no addresses left. -func (r *Range) AllocateNext() (net.IP, error) { - return r.allocateNext(dryRunFalse) -} - -func (r *Range) allocateNext(dryRun bool) (net.IP, error) { - label := r.CIDR() - if dryRun { - // Don't bother finding a free value. It's racy and not worth the - // effort to plumb any further. - return r.CIDR().IP, nil - } - - offset, ok, err := r.alloc.AllocateNext() - if err != nil { - // update metrics - r.metrics.incrementAllocationErrors(label.String(), "dynamic") - - return nil, err - } - if !ok { - // update metrics - r.metrics.incrementAllocationErrors(label.String(), "dynamic") - - return nil, ErrFull - } - // update metrics - r.metrics.incrementAllocations(label.String(), "dynamic") - r.metrics.setAllocated(label.String(), r.Used()) - r.metrics.setAvailable(label.String(), r.Free()) - - return netutils.AddIPOffset(r.base, offset), nil -} - -// Release releases the IP back to the pool. Releasing an -// unallocated IP or an IP out of the range is a no-op and -// returns no error. -func (r *Range) Release(ip net.IP) error { - return r.release(ip, dryRunFalse) -} - -func (r *Range) release(ip net.IP, dryRun bool) error { - ok, offset := r.contains(ip) - if !ok { - return nil - } - if dryRun { - return nil - } - - err := r.alloc.Release(offset) - if err == nil { - // update metrics - label := r.CIDR() - r.metrics.setAllocated(label.String(), r.Used()) - r.metrics.setAvailable(label.String(), r.Free()) - } - return err -} - -// ForEach calls the provided function for each allocated IP. -func (r *Range) ForEach(fn func(net.IP)) { - r.alloc.ForEach(func(offset int) { - ip, _ := netutils.GetIndexedIP(r.net, offset+1) // +1 because Range doesn't store IP 0 - fn(ip) - }) -} - -// Has returns true if the provided IP is already allocated and a call -// to Allocate(ip) would fail with ErrAllocated. -func (r *Range) Has(ip net.IP) bool { - ok, offset := r.contains(ip) - if !ok { - return false - } - - return r.alloc.Has(offset) -} - -// IPFamily returns the IP family of this range. -func (r *Range) IPFamily() api.IPFamily { - return r.family -} - -// Snapshot saves the current state of the pool. -func (r *Range) Snapshot(dst *api.RangeAllocation) error { - snapshottable, ok := r.alloc.(allocator.Snapshottable) - if !ok { - return fmt.Errorf("not a snapshottable allocator") - } - rangeString, data := snapshottable.Snapshot() - dst.Range = rangeString - dst.Data = data - return nil -} - -// Restore restores the pool to the previously captured state. ErrMismatchedNetwork -// is returned if the provided IPNet range doesn't exactly match the previous range. -func (r *Range) Restore(net *net.IPNet, data []byte) error { - if !net.IP.Equal(r.net.IP) || net.Mask.String() != r.net.Mask.String() { - return ErrMismatchedNetwork - } - snapshottable, ok := r.alloc.(allocator.Snapshottable) - if !ok { - return fmt.Errorf("not a snapshottable allocator") - } - if err := snapshottable.Restore(net.String(), data); err != nil { - return fmt.Errorf("restoring snapshot encountered %v", err) - } - return nil -} - -// contains returns true and the offset if the ip is in the range, and false -// and nil otherwise. The first and last addresses of the CIDR are omitted. -func (r *Range) contains(ip net.IP) (bool, int) { - if !r.net.Contains(ip) { - return false, 0 - } - - offset := calculateIPOffset(r.base, ip) - if offset < 0 || offset >= r.max { - return false, 0 - } - return true, offset -} - -// Destroy shuts down internal allocator. -func (r *Range) Destroy() { - r.alloc.Destroy() -} - -// EnableMetrics enables metrics recording. -func (r *Range) EnableMetrics() { - registerMetrics() - r.metrics = &metricsRecorder{} -} - -// calculateIPOffset calculates the integer offset of ip from base such that -// base + offset = ip. It requires ip >= base. -func calculateIPOffset(base *big.Int, ip net.IP) int { - return int(big.NewInt(0).Sub(netutils.BigForIP(ip), base).Int64()) -} - -// calculateRangeOffset estimates the offset used on the range for statically allocation based on -// the following formula `min(max($min, cidrSize/$step), $max)`, described as ~never less than -// $min or more than $max, with a graduated step function between them~. The function returns 0 -// if any of the parameters is invalid. -func calculateRangeOffset(cidr *net.IPNet) int { - // default values for min(max($min, cidrSize/$step), $max) - const ( - min = 16 - max = 256 - step = 16 - ) - - cidrSize := netutils.RangeSize(cidr) - if cidrSize < min { - return 0 - } - - offset := cidrSize / step - if offset < min { - return min - } - if offset > max { - return max - } - return int(offset) -} - -// dryRunRange is a shim to satisfy Interface without persisting state. -type dryRunRange struct { - real *Range -} - -func (dry dryRunRange) Allocate(ip net.IP) error { - return dry.real.allocate(ip, dryRunTrue) -} - -func (dry dryRunRange) AllocateNext() (net.IP, error) { - return dry.real.allocateNext(dryRunTrue) -} - -func (dry dryRunRange) Release(ip net.IP) error { - return dry.real.release(ip, dryRunTrue) -} - -func (dry dryRunRange) ForEach(cb func(net.IP)) { - dry.real.ForEach(cb) -} - -func (dry dryRunRange) CIDR() net.IPNet { - return dry.real.CIDR() -} - -func (dry dryRunRange) IPFamily() api.IPFamily { - return dry.real.IPFamily() -} - -func (dry dryRunRange) DryRun() Interface { - return dry -} - -func (dry dryRunRange) Has(ip net.IP) bool { - return dry.real.Has(ip) -} - -func (dry dryRunRange) Destroy() { -} - -func (dry dryRunRange) EnableMetrics() { -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/controller/repair.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/controller/repair.go deleted file mode 100644 index f568e4fdb5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/controller/repair.go +++ /dev/null @@ -1,324 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "context" - "fmt" - "net" - "sync" - "time" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - eventsv1client "k8s.io/client-go/kubernetes/typed/events/v1" - "k8s.io/client-go/tools/events" - "k8s.io/client-go/util/retry" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/v1/helper" - "k8s.io/kubernetes/pkg/registry/core/rangeallocation" - "k8s.io/kubernetes/pkg/registry/core/service/ipallocator" - netutils "k8s.io/utils/net" -) - -// Repair is a controller loop that periodically examines all service ClusterIP allocations -// and logs any errors, and then sets the compacted and accurate list of all allocated IPs. -// -// Handles: -// * Duplicate ClusterIP assignments caused by operator action or undetected race conditions -// * ClusterIPs that do not match the currently configured range -// * Allocations to services that were not actually created due to a crash or powerloss -// * Migrates old versions of Kubernetes services into the atomic ipallocator model automatically -// -// Can be run at infrequent intervals, and is best performed on startup of the master. -// Is level driven and idempotent - all valid ClusterIPs will be updated into the ipallocator -// map at the end of a single execution loop if no race is encountered. -// -// TODO: allocate new IPs if necessary -// TODO: perform repair? -type Repair struct { - interval time.Duration - serviceClient corev1client.ServicesGetter - - networkByFamily map[v1.IPFamily]*net.IPNet // networks we operate on, by their family - allocatorByFamily map[v1.IPFamily]rangeallocation.RangeRegistry // allocators we use, by their family - - leaksByFamily map[v1.IPFamily]map[string]int // counter per leaked IP per family - broadcaster events.EventBroadcaster - recorder events.EventRecorder -} - -// How many times we need to detect a leak before we clean up. This is to -// avoid races between allocating an IP and using it. -const numRepairsBeforeLeakCleanup = 3 - -// NewRepair creates a controller that periodically ensures that all clusterIPs are uniquely allocated across the cluster -// and generates informational warnings for a cluster that is not in sync. -func NewRepair(interval time.Duration, serviceClient corev1client.ServicesGetter, eventClient eventsv1client.EventsV1Interface, network *net.IPNet, alloc rangeallocation.RangeRegistry, secondaryNetwork *net.IPNet, secondaryAlloc rangeallocation.RangeRegistry) *Repair { - eventBroadcaster := events.NewBroadcaster(&events.EventSinkImpl{Interface: eventClient}) - recorder := eventBroadcaster.NewRecorder(legacyscheme.Scheme, "ipallocator-repair-controller") - - // build *ByFamily struct members - networkByFamily := make(map[v1.IPFamily]*net.IPNet) - allocatorByFamily := make(map[v1.IPFamily]rangeallocation.RangeRegistry) - leaksByFamily := make(map[v1.IPFamily]map[string]int) - - primary := v1.IPv4Protocol - secondary := v1.IPv6Protocol - if netutils.IsIPv6(network.IP) { - primary = v1.IPv6Protocol - } - - networkByFamily[primary] = network - allocatorByFamily[primary] = alloc - leaksByFamily[primary] = make(map[string]int) - - if secondaryNetwork != nil && secondaryNetwork.IP != nil { - if primary == v1.IPv6Protocol { - secondary = v1.IPv4Protocol - } - networkByFamily[secondary] = secondaryNetwork - allocatorByFamily[secondary] = secondaryAlloc - leaksByFamily[secondary] = make(map[string]int) - } - - return &Repair{ - interval: interval, - serviceClient: serviceClient, - - networkByFamily: networkByFamily, - allocatorByFamily: allocatorByFamily, - - leaksByFamily: leaksByFamily, - broadcaster: eventBroadcaster, - recorder: recorder, - } -} - -// RunUntil starts the controller until the provided ch is closed. -func (c *Repair) RunUntil(onFirstSuccess func(), stopCh chan struct{}) { - c.broadcaster.StartRecordingToSink(stopCh) - defer c.broadcaster.Shutdown() - - var once sync.Once - wait.Until(func() { - if err := c.runOnce(); err != nil { - runtime.HandleError(err) - return - } - once.Do(onFirstSuccess) - }, c.interval, stopCh) -} - -// runOnce verifies the state of the cluster IP allocations and returns an error if an unrecoverable problem occurs. -func (c *Repair) runOnce() error { - return retry.RetryOnConflict(retry.DefaultBackoff, c.doRunOnce) -} - -// doRunOnce verifies the state of the cluster IP allocations and returns an error if an unrecoverable problem occurs. -func (c *Repair) doRunOnce() error { - // TODO: (per smarterclayton) if Get() or ListServices() is a weak consistency read, - // or if they are executed against different leaders, - // the ordering guarantee required to ensure no IP is allocated twice is violated. - // ListServices must return a ResourceVersion higher than the etcd index Get triggers, - // and the release code must not release services that have had IPs allocated but not yet been created - // See #8295 - - // If etcd server is not running we should wait for some time and fail only then. This is particularly - // important when we start apiserver and etcd at the same time. - snapshotByFamily := make(map[v1.IPFamily]*api.RangeAllocation) - storedByFamily := make(map[v1.IPFamily]ipallocator.Interface) - - err := wait.PollImmediate(time.Second, 10*time.Second, func() (bool, error) { - for family, allocator := range c.allocatorByFamily { - // get snapshot if it is not there - if _, ok := snapshotByFamily[family]; !ok { - snapshot, err := allocator.Get() - if err != nil { - return false, err - } - - snapshotByFamily[family] = snapshot - } - } - return true, nil - }) - - if err != nil { - return fmt.Errorf("unable to refresh the service IP block: %v", err) - } - - // ensure that ranges are assigned - for family, snapshot := range snapshotByFamily { - if snapshot.Range == "" { - snapshot.Range = c.networkByFamily[family].String() - } - } - - // Create an allocator because it is easy to use. - for family, snapshot := range snapshotByFamily { - stored, err := ipallocator.NewFromSnapshot(snapshot) - if err != nil { - return fmt.Errorf("unable to rebuild allocator from snapshots for family:%v with error:%v", family, err) - } - - storedByFamily[family] = stored - } - - rebuiltByFamily := make(map[v1.IPFamily]*ipallocator.Range) - - for family, network := range c.networkByFamily { - rebuilt, err := ipallocator.NewInMemory(network) - if err != nil { - return fmt.Errorf("unable to create CIDR range for family %v: %v", family, err) - } - - rebuiltByFamily[family] = rebuilt - } - // We explicitly send no resource version, since the resource version - // of 'snapshot' is from a different collection, it's not comparable to - // the service collection. The caching layer keeps per-collection RVs, - // and this is proper, since in theory the collections could be hosted - // in separate etcd (or even non-etcd) instances. - list, err := c.serviceClient.Services(metav1.NamespaceAll).List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return fmt.Errorf("unable to refresh the service IP block: %v", err) - } - - getFamilyByIP := func(ip net.IP) v1.IPFamily { - if netutils.IsIPv6(ip) { - return v1.IPv6Protocol - } - return v1.IPv4Protocol - } - - // Check every Service's ClusterIP, and rebuild the state as we think it should be. - for _, svc := range list.Items { - if !helper.IsServiceIPSet(&svc) { - // didn't need a cluster IP - continue - } - - for _, ip := range svc.Spec.ClusterIPs { - ip := netutils.ParseIPSloppy(ip) - if ip == nil { - // cluster IP is corrupt - c.recorder.Eventf(&svc, nil, v1.EventTypeWarning, "ClusterIPNotValid", "ClusterIPValidation", "Cluster IP %s is not a valid IP; please recreate service", ip) - runtime.HandleError(fmt.Errorf("the cluster IP %s for service %s/%s is not a valid IP; please recreate", ip, svc.Name, svc.Namespace)) - continue - } - - family := getFamilyByIP(ip) - if _, ok := rebuiltByFamily[family]; !ok { - // this service is using an IPFamily no longer configured on cluster - c.recorder.Eventf(&svc, nil, v1.EventTypeWarning, "ClusterIPNotValid", "ClusterIPValidation", "Cluster IP %s(%s) is of ip family that is no longer configured on cluster; please recreate service", ip, family) - runtime.HandleError(fmt.Errorf("the cluster IP %s(%s) for service %s/%s is of ip family that is no longer configured on cluster; please recreate", ip, family, svc.Name, svc.Namespace)) - continue - } - - // mark it as in-use - actualAlloc := rebuiltByFamily[family] - switch err := actualAlloc.Allocate(ip); err { - case nil: - actualStored := storedByFamily[family] - if actualStored.Has(ip) { - // remove it from the old set, so we can find leaks - actualStored.Release(ip) - } else { - // cluster IP doesn't seem to be allocated - c.recorder.Eventf(&svc, nil, v1.EventTypeWarning, "ClusterIPNotAllocated", "ClusterIPAllocation", "Cluster IP [%v]:%s is not allocated; repairing", family, ip) - runtime.HandleError(fmt.Errorf("the cluster IP [%v]:%s for service %s/%s is not allocated; repairing", family, ip, svc.Name, svc.Namespace)) - } - delete(c.leaksByFamily[family], ip.String()) // it is used, so it can't be leaked - case ipallocator.ErrAllocated: - // cluster IP is duplicate - c.recorder.Eventf(&svc, nil, v1.EventTypeWarning, "ClusterIPAlreadyAllocated", "ClusterIPAllocation", "Cluster IP [%v]:%s was assigned to multiple services; please recreate service", family, ip) - runtime.HandleError(fmt.Errorf("the cluster IP [%v]:%s for service %s/%s was assigned to multiple services; please recreate", family, ip, svc.Name, svc.Namespace)) - case err.(*ipallocator.ErrNotInRange): - // cluster IP is out of range - c.recorder.Eventf(&svc, nil, v1.EventTypeWarning, "ClusterIPOutOfRange", "ClusterIPAllocation", "Cluster IP [%v]:%s is not within the service CIDR %s; please recreate service", family, ip, c.networkByFamily[family]) - runtime.HandleError(fmt.Errorf("the cluster IP [%v]:%s for service %s/%s is not within the service CIDR %s; please recreate", family, ip, svc.Name, svc.Namespace, c.networkByFamily[family])) - case ipallocator.ErrFull: - // somehow we are out of IPs - cidr := actualAlloc.CIDR() - c.recorder.Eventf(&svc, nil, v1.EventTypeWarning, "ServiceCIDRFull", "ClusterIPAllocation", "Service CIDR %v is full; you must widen the CIDR in order to create new services for Cluster IP [%v]:%s", cidr, family, ip) - return fmt.Errorf("the service CIDR %v is full; you must widen the CIDR in order to create new services for Cluster IP [%v]:%s", cidr, family, ip) - default: - c.recorder.Eventf(&svc, nil, v1.EventTypeWarning, "UnknownError", "ClusterIPAllocation", "Unable to allocate cluster IP [%v]:%s due to an unknown error", family, ip) - return fmt.Errorf("unable to allocate cluster IP [%v]:%s for service %s/%s due to an unknown error, exiting: %v", family, ip, svc.Name, svc.Namespace, err) - } - } - } - - // leak check - for family, leaks := range c.leaksByFamily { - c.checkLeaked(leaks, storedByFamily[family], rebuiltByFamily[family]) - } - - // save logic - // Blast the rebuilt state into storage. - for family, rebuilt := range rebuiltByFamily { - err = c.saveSnapShot(rebuilt, c.allocatorByFamily[family], snapshotByFamily[family]) - if err != nil { - return err - } - } - - return nil -} - -func (c *Repair) saveSnapShot(rebuilt *ipallocator.Range, alloc rangeallocation.RangeRegistry, snapshot *api.RangeAllocation) error { - if err := rebuilt.Snapshot(snapshot); err != nil { - return fmt.Errorf("unable to snapshot the updated service IP allocations: %v", err) - } - if err := alloc.CreateOrUpdate(snapshot); err != nil { - if errors.IsConflict(err) { - return err - } - return fmt.Errorf("unable to persist the updated service IP allocations: %v", err) - } - - return nil -} - -func (c *Repair) checkLeaked(leaks map[string]int, stored ipallocator.Interface, rebuilt *ipallocator.Range) { - // Check for IPs that are left in the old set. They appear to have been leaked. - stored.ForEach(func(ip net.IP) { - count, found := leaks[ip.String()] - switch { - case !found: - // flag it to be cleaned up after any races (hopefully) are gone - runtime.HandleError(fmt.Errorf("the cluster IP %s may have leaked: flagging for later clean up", ip)) - count = numRepairsBeforeLeakCleanup - 1 - fallthrough - case count > 0: - // pretend it is still in use until count expires - leaks[ip.String()] = count - 1 - if err := rebuilt.Allocate(ip); err != nil { - runtime.HandleError(fmt.Errorf("the cluster IP %s may have leaked, but can not be allocated: %v", ip, err)) - } - default: - // do not add it to the rebuilt set, which means it will be available for reuse - runtime.HandleError(fmt.Errorf("the cluster IP %s appears to have leaked: cleaning up", ip)) - } - }) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/metrics.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/metrics.go deleted file mode 100644 index d672aa213a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/ipallocator/metrics.go +++ /dev/null @@ -1,122 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ipallocator - -import ( - "sync" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const ( - namespace = "kube_apiserver" - subsystem = "clusterip_allocator" -) - -var ( - // clusterIPAllocated indicates the amount of cluster IP allocated by Service CIDR. - clusterIPAllocated = metrics.NewGaugeVec( - &metrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "allocated_ips", - Help: "Gauge measuring the number of allocated IPs for Services", - StabilityLevel: metrics.ALPHA, - }, - []string{"cidr"}, - ) - // clusterIPAvailable indicates the amount of cluster IP available by Service CIDR. - clusterIPAvailable = metrics.NewGaugeVec( - &metrics.GaugeOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "available_ips", - Help: "Gauge measuring the number of available IPs for Services", - StabilityLevel: metrics.ALPHA, - }, - []string{"cidr"}, - ) - // clusterIPAllocation counts the total number of ClusterIP allocation and allocation mode: static or dynamic. - clusterIPAllocations = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "allocation_total", - Help: "Number of Cluster IPs allocations", - StabilityLevel: metrics.ALPHA, - }, - []string{"cidr", "scope"}, - ) - // clusterIPAllocationErrors counts the number of error trying to allocate a ClusterIP and allocation mode: static or dynamic. - clusterIPAllocationErrors = metrics.NewCounterVec( - &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "allocation_errors_total", - Help: "Number of errors trying to allocate Cluster IPs", - StabilityLevel: metrics.ALPHA, - }, - []string{"cidr", "scope"}, - ) -) - -var registerMetricsOnce sync.Once - -func registerMetrics() { - registerMetricsOnce.Do(func() { - legacyregistry.MustRegister(clusterIPAllocated) - legacyregistry.MustRegister(clusterIPAvailable) - legacyregistry.MustRegister(clusterIPAllocations) - legacyregistry.MustRegister(clusterIPAllocationErrors) - }) -} - -// metricsRecorderInterface is the interface to record metrics. -type metricsRecorderInterface interface { - setAllocated(cidr string, allocated int) - setAvailable(cidr string, available int) - incrementAllocations(cidr, scope string) - incrementAllocationErrors(cidr, scope string) -} - -// metricsRecorder implements metricsRecorderInterface. -type metricsRecorder struct{} - -func (m *metricsRecorder) setAllocated(cidr string, allocated int) { - clusterIPAllocated.WithLabelValues(cidr).Set(float64(allocated)) -} - -func (m *metricsRecorder) setAvailable(cidr string, available int) { - clusterIPAvailable.WithLabelValues(cidr).Set(float64(available)) -} - -func (m *metricsRecorder) incrementAllocations(cidr, scope string) { - clusterIPAllocations.WithLabelValues(cidr, scope).Inc() -} - -func (m *metricsRecorder) incrementAllocationErrors(cidr, scope string) { - clusterIPAllocationErrors.WithLabelValues(cidr, scope).Inc() -} - -// emptyMetricsRecorder is a null object implements metricsRecorderInterface. -type emptyMetricsRecorder struct{} - -func (*emptyMetricsRecorder) setAllocated(cidr string, allocated int) {} -func (*emptyMetricsRecorder) setAvailable(cidr string, available int) {} -func (*emptyMetricsRecorder) incrementAllocations(cidr, scope string) {} -func (*emptyMetricsRecorder) incrementAllocationErrors(cidr, scope string) {} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/allocator.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/allocator.go deleted file mode 100644 index 4f6cb68caf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/allocator.go +++ /dev/null @@ -1,215 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package portallocator - -import ( - "errors" - "fmt" - - "k8s.io/apimachinery/pkg/util/net" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/registry/core/service/allocator" - - "k8s.io/klog/v2" -) - -// Interface manages the allocation of ports out of a range. Interface -// should be threadsafe. -type Interface interface { - Allocate(int) error - AllocateNext() (int, error) - Release(int) error - ForEach(func(int)) - Has(int) bool - Destroy() -} - -var ( - ErrFull = errors.New("range is full") - ErrAllocated = errors.New("provided port is already allocated") - ErrMismatchedNetwork = errors.New("the provided port range does not match the current port range") -) - -type ErrNotInRange struct { - ValidPorts string -} - -func (e *ErrNotInRange) Error() string { - return fmt.Sprintf("provided port is not in the valid range. The range of valid ports is %s", e.ValidPorts) -} - -type PortAllocator struct { - portRange net.PortRange - - alloc allocator.Interface -} - -// PortAllocator implements Interface and Snapshottable -var _ Interface = &PortAllocator{} - -// New creates a PortAllocator over a net.PortRange, calling allocatorFactory to construct the backing store. -func New(pr net.PortRange, allocatorFactory allocator.AllocatorFactory) (*PortAllocator, error) { - max := pr.Size - rangeSpec := pr.String() - - a := &PortAllocator{ - portRange: pr, - } - var err error - a.alloc, err = allocatorFactory(max, rangeSpec) - return a, err -} - -// NewInMemory creates an in-memory allocator. -func NewInMemory(pr net.PortRange) (*PortAllocator, error) { - return New(pr, func(max int, rangeSpec string) (allocator.Interface, error) { - return allocator.NewAllocationMap(max, rangeSpec), nil - }) -} - -// NewFromSnapshot allocates a PortAllocator and initializes it from a snapshot. -func NewFromSnapshot(snap *api.RangeAllocation) (*PortAllocator, error) { - pr, err := net.ParsePortRange(snap.Range) - if err != nil { - return nil, err - } - r, err := NewInMemory(*pr) - if err != nil { - return nil, err - } - if err := r.Restore(*pr, snap.Data); err != nil { - return nil, err - } - return r, nil -} - -// Free returns the count of port left in the range. -func (r *PortAllocator) Free() int { - return r.alloc.Free() -} - -// Used returns the count of ports used in the range. -func (r *PortAllocator) Used() int { - return r.portRange.Size - r.alloc.Free() -} - -// Allocate attempts to reserve the provided port. ErrNotInRange or -// ErrAllocated will be returned if the port is not valid for this range -// or has already been reserved. ErrFull will be returned if there -// are no ports left. -func (r *PortAllocator) Allocate(port int) error { - ok, offset := r.contains(port) - if !ok { - // include valid port range in error - validPorts := r.portRange.String() - return &ErrNotInRange{validPorts} - } - - allocated, err := r.alloc.Allocate(offset) - if err != nil { - return err - } - if !allocated { - return ErrAllocated - } - return nil -} - -// AllocateNext reserves one of the ports from the pool. ErrFull may -// be returned if there are no ports left. -func (r *PortAllocator) AllocateNext() (int, error) { - offset, ok, err := r.alloc.AllocateNext() - if err != nil { - return 0, err - } - if !ok { - return 0, ErrFull - } - return r.portRange.Base + offset, nil -} - -// ForEach calls the provided function for each allocated port. -func (r *PortAllocator) ForEach(fn func(int)) { - r.alloc.ForEach(func(offset int) { - fn(r.portRange.Base + offset) - }) -} - -// Release releases the port back to the pool. Releasing an -// unallocated port or a port out of the range is a no-op and -// returns no error. -func (r *PortAllocator) Release(port int) error { - ok, offset := r.contains(port) - if !ok { - klog.Warningf("port is not in the range when release it. port: %v", port) - return nil - } - - return r.alloc.Release(offset) -} - -// Has returns true if the provided port is already allocated and a call -// to Allocate(port) would fail with ErrAllocated. -func (r *PortAllocator) Has(port int) bool { - ok, offset := r.contains(port) - if !ok { - return false - } - - return r.alloc.Has(offset) -} - -// Snapshot saves the current state of the pool. -func (r *PortAllocator) Snapshot(dst *api.RangeAllocation) error { - snapshottable, ok := r.alloc.(allocator.Snapshottable) - if !ok { - return fmt.Errorf("not a snapshottable allocator") - } - rangeString, data := snapshottable.Snapshot() - dst.Range = rangeString - dst.Data = data - return nil -} - -// Restore restores the pool to the previously captured state. ErrMismatchedNetwork -// is returned if the provided port range doesn't exactly match the previous range. -func (r *PortAllocator) Restore(pr net.PortRange, data []byte) error { - if pr.String() != r.portRange.String() { - return ErrMismatchedNetwork - } - snapshottable, ok := r.alloc.(allocator.Snapshottable) - if !ok { - return fmt.Errorf("not a snapshottable allocator") - } - return snapshottable.Restore(pr.String(), data) -} - -// contains returns true and the offset if the port is in the range, and false -// and nil otherwise. -func (r *PortAllocator) contains(port int) (bool, int) { - if !r.portRange.Contains(port) { - return false, 0 - } - - offset := port - r.portRange.Base - return true, offset -} - -// Destroy shuts down internal allocator. -func (r *PortAllocator) Destroy() { - r.alloc.Destroy() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/controller/repair.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/controller/repair.go deleted file mode 100644 index fa87076049..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/controller/repair.go +++ /dev/null @@ -1,250 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "context" - "fmt" - "sync" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - eventsv1client "k8s.io/client-go/kubernetes/typed/events/v1" - "k8s.io/client-go/tools/events" - "k8s.io/client-go/util/retry" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/registry/core/rangeallocation" - "k8s.io/kubernetes/pkg/registry/core/service/portallocator" -) - -// See ipallocator/controller/repair.go; this is a copy for ports. -type Repair struct { - interval time.Duration - serviceClient corev1client.ServicesGetter - portRange net.PortRange - alloc rangeallocation.RangeRegistry - leaks map[int]int // counter per leaked port - - broadcaster events.EventBroadcaster - recorder events.EventRecorder -} - -// How many times we need to detect a leak before we clean up. This is to -// avoid races between allocating a ports and using it. -const numRepairsBeforeLeakCleanup = 3 - -// NewRepair creates a controller that periodically ensures that all ports are uniquely allocated across the cluster -// and generates informational warnings for a cluster that is not in sync. -func NewRepair(interval time.Duration, serviceClient corev1client.ServicesGetter, eventClient eventsv1client.EventsV1Interface, portRange net.PortRange, alloc rangeallocation.RangeRegistry) *Repair { - eventBroadcaster := events.NewBroadcaster(&events.EventSinkImpl{Interface: eventClient}) - recorder := eventBroadcaster.NewRecorder(legacyscheme.Scheme, "portallocator-repair-controller") - - return &Repair{ - interval: interval, - serviceClient: serviceClient, - portRange: portRange, - alloc: alloc, - leaks: map[int]int{}, - broadcaster: eventBroadcaster, - recorder: recorder, - } -} - -// RunUntil starts the controller until the provided ch is closed. -func (c *Repair) RunUntil(onFirstSuccess func(), stopCh chan struct{}) { - c.broadcaster.StartRecordingToSink(stopCh) - defer c.broadcaster.Shutdown() - - var once sync.Once - wait.Until(func() { - if err := c.runOnce(); err != nil { - runtime.HandleError(err) - return - } - once.Do(onFirstSuccess) - }, c.interval, stopCh) -} - -// runOnce verifies the state of the port allocations and returns an error if an unrecoverable problem occurs. -func (c *Repair) runOnce() error { - return retry.RetryOnConflict(retry.DefaultBackoff, c.doRunOnce) -} - -// doRunOnce verifies the state of the port allocations and returns an error if an unrecoverable problem occurs. -func (c *Repair) doRunOnce() error { - // TODO: (per smarterclayton) if Get() or ListServices() is a weak consistency read, - // or if they are executed against different leaders, - // the ordering guarantee required to ensure no port is allocated twice is violated. - // ListServices must return a ResourceVersion higher than the etcd index Get triggers, - // and the release code must not release services that have had ports allocated but not yet been created - // See #8295 - - // If etcd server is not running we should wait for some time and fail only then. This is particularly - // important when we start apiserver and etcd at the same time. - var snapshot *api.RangeAllocation - - err := wait.PollImmediate(time.Second, 10*time.Second, func() (bool, error) { - var err error - snapshot, err = c.alloc.Get() - return err == nil, err - }) - if err != nil { - return fmt.Errorf("unable to refresh the port allocations: %v", err) - } - // If not yet initialized. - if snapshot.Range == "" { - snapshot.Range = c.portRange.String() - } - // Create an allocator because it is easy to use. - stored, err := portallocator.NewFromSnapshot(snapshot) - if err != nil { - return fmt.Errorf("unable to rebuild allocator from snapshot: %v", err) - } - - // We explicitly send no resource version, since the resource version - // of 'snapshot' is from a different collection, it's not comparable to - // the service collection. The caching layer keeps per-collection RVs, - // and this is proper, since in theory the collections could be hosted - // in separate etcd (or even non-etcd) instances. - list, err := c.serviceClient.Services(metav1.NamespaceAll).List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return fmt.Errorf("unable to refresh the port block: %v", err) - } - - rebuilt, err := portallocator.NewInMemory(c.portRange) - if err != nil { - return fmt.Errorf("unable to create port allocator: %v", err) - } - // Check every Service's ports, and rebuild the state as we think it should be. - for i := range list.Items { - svc := &list.Items[i] - ports := collectServiceNodePorts(svc) - if len(ports) == 0 { - continue - } - - for _, port := range ports { - switch err := rebuilt.Allocate(port); err { - case nil: - if stored.Has(port) { - // remove it from the old set, so we can find leaks - stored.Release(port) - } else { - // doesn't seem to be allocated - c.recorder.Eventf(svc, nil, corev1.EventTypeWarning, "PortNotAllocated", "PortAllocation", "Port %d is not allocated; repairing", port) - runtime.HandleError(fmt.Errorf("the node port %d for service %s/%s is not allocated; repairing", port, svc.Name, svc.Namespace)) - } - delete(c.leaks, port) // it is used, so it can't be leaked - case portallocator.ErrAllocated: - // port is duplicate, reallocate - c.recorder.Eventf(svc, nil, corev1.EventTypeWarning, "PortAlreadyAllocated", "PortAllocation", "Port %d was assigned to multiple services; please recreate service", port) - runtime.HandleError(fmt.Errorf("the node port %d for service %s/%s was assigned to multiple services; please recreate", port, svc.Name, svc.Namespace)) - case err.(*portallocator.ErrNotInRange): - // port is out of range, reallocate - c.recorder.Eventf(svc, nil, corev1.EventTypeWarning, "PortOutOfRange", "PortAllocation", "Port %d is not within the port range %s; please recreate service", port, c.portRange) - runtime.HandleError(fmt.Errorf("the port %d for service %s/%s is not within the port range %s; please recreate", port, svc.Name, svc.Namespace, c.portRange)) - case portallocator.ErrFull: - // somehow we are out of ports - c.recorder.Eventf(svc, nil, corev1.EventTypeWarning, "PortRangeFull", "PortAllocation", "Port range %s is full; you must widen the port range in order to create new services", c.portRange) - return fmt.Errorf("the port range %s is full; you must widen the port range in order to create new services", c.portRange) - default: - c.recorder.Eventf(svc, nil, corev1.EventTypeWarning, "UnknownError", "PortAllocation", "Unable to allocate port %d due to an unknown error", port) - return fmt.Errorf("unable to allocate port %d for service %s/%s due to an unknown error, exiting: %v", port, svc.Name, svc.Namespace, err) - } - } - } - - // Check for ports that are left in the old set. They appear to have been leaked. - stored.ForEach(func(port int) { - count, found := c.leaks[port] - switch { - case !found: - // flag it to be cleaned up after any races (hopefully) are gone - runtime.HandleError(fmt.Errorf("the node port %d may have leaked: flagging for later clean up", port)) - count = numRepairsBeforeLeakCleanup - 1 - fallthrough - case count > 0: - // pretend it is still in use until count expires - c.leaks[port] = count - 1 - if err := rebuilt.Allocate(port); err != nil { - runtime.HandleError(fmt.Errorf("the node port %d may have leaked, but can not be allocated: %v", port, err)) - } - default: - // do not add it to the rebuilt set, which means it will be available for reuse - runtime.HandleError(fmt.Errorf("the node port %d appears to have leaked: cleaning up", port)) - } - }) - - // Blast the rebuilt state into storage. - if err := rebuilt.Snapshot(snapshot); err != nil { - return fmt.Errorf("unable to snapshot the updated port allocations: %v", err) - } - - if err := c.alloc.CreateOrUpdate(snapshot); err != nil { - if errors.IsConflict(err) { - return err - } - return fmt.Errorf("unable to persist the updated port allocations: %v", err) - } - return nil -} - -// collectServiceNodePorts returns nodePorts specified in the Service. -// Please note that: -// 1. same nodePort with *same* protocol will be duplicated as it is -// 2. same nodePort with *different* protocol will be deduplicated -func collectServiceNodePorts(service *corev1.Service) []int { - var servicePorts []int - // map from nodePort to set of protocols - seen := make(map[int]sets.String) - for _, port := range service.Spec.Ports { - nodePort := int(port.NodePort) - if nodePort == 0 { - continue - } - proto := string(port.Protocol) - s := seen[nodePort] - if s == nil { // have not seen this nodePort before - s = sets.NewString(proto) - servicePorts = append(servicePorts, nodePort) - } else if s.Has(proto) { // same nodePort with same protocol - servicePorts = append(servicePorts, nodePort) - } else { // same nodePort with different protocol - s.Insert(proto) - } - seen[nodePort] = s - } - - healthPort := int(service.Spec.HealthCheckNodePort) - if healthPort != 0 { - s := seen[healthPort] - // TODO: is it safe to assume the protocol is always TCP? - if s == nil || s.Has(string(corev1.ProtocolTCP)) { - servicePorts = append(servicePorts, healthPort) - } - } - - return servicePorts -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/operation.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/operation.go deleted file mode 100644 index 07ec744bd4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/portallocator/operation.go +++ /dev/null @@ -1,170 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package portallocator - -// Encapsulates the semantics of a port allocation 'transaction': -// It is better to leak ports than to double-allocate them, -// so we allocate immediately, but defer release. -// On commit we best-effort release the deferred releases. -// On rollback we best-effort release any allocations we did. -// -// Pattern for use: -// -// op := StartPortAllocationOperation(...) -// defer op.Finish -// ... -// write(updatedOwner) -// -// / op.Commit() -type PortAllocationOperation struct { - pa Interface - allocated []int - releaseDeferred []int - shouldRollback bool - dryRun bool -} - -// Creates a portAllocationOperation, tracking a set of allocations & releases -// If dryRun is specified, never actually allocate or release anything -func StartOperation(pa Interface, dryRun bool) *PortAllocationOperation { - op := &PortAllocationOperation{} - op.pa = pa - op.allocated = []int{} - op.releaseDeferred = []int{} - op.shouldRollback = true - op.dryRun = dryRun - return op -} - -// Will rollback unless marked as shouldRollback = false by a Commit(). Call from a defer block -func (op *PortAllocationOperation) Finish() { - if op.shouldRollback { - op.Rollback() - } -} - -// (Try to) undo any operations we did -func (op *PortAllocationOperation) Rollback() []error { - if op.dryRun { - return nil - } - - errors := []error{} - - for _, allocated := range op.allocated { - err := op.pa.Release(allocated) - if err != nil { - errors = append(errors, err) - } - } - - if len(errors) == 0 { - return nil - } - return errors -} - -// (Try to) perform any deferred operations. -// Note that even if this fails, we don't rollback; we always want to err on the side of over-allocation, -// and Commit should be called _after_ the owner is written -func (op *PortAllocationOperation) Commit() []error { - if op.dryRun { - return nil - } - - errors := []error{} - - for _, release := range op.releaseDeferred { - err := op.pa.Release(release) - if err != nil { - errors = append(errors, err) - } - } - - // Even on error, we don't rollback - // Problems should be fixed by an eventual reconciliation / restart - op.shouldRollback = false - - if len(errors) == 0 { - return nil - } - - return errors -} - -// Allocates a port, and record it for future rollback -func (op *PortAllocationOperation) Allocate(port int) error { - if op.dryRun { - if op.pa.Has(port) { - return ErrAllocated - } - for _, a := range op.allocated { - if port == a { - return ErrAllocated - } - } - op.allocated = append(op.allocated, port) - return nil - } - - err := op.pa.Allocate(port) - if err == nil { - op.allocated = append(op.allocated, port) - } - return err -} - -// Allocates a port, and record it for future rollback -func (op *PortAllocationOperation) AllocateNext() (int, error) { - if op.dryRun { - // Find the max element of the allocated ports array. - // If no ports are already being allocated by this operation, - // then choose a sensible guess for a dummy port number - var lastPort int - for _, allocatedPort := range op.allocated { - if allocatedPort > lastPort { - lastPort = allocatedPort - } - } - if len(op.allocated) == 0 { - lastPort = 32768 - } - - // Try to find the next non allocated port. - // If too many ports are full, just reuse one, - // since this is just a dummy value. - for port := lastPort + 1; port < 100; port++ { - err := op.Allocate(port) - if err == nil { - return port, nil - } - } - op.allocated = append(op.allocated, lastPort+1) - return lastPort + 1, nil - } - - port, err := op.pa.AllocateNext() - if err == nil { - op.allocated = append(op.allocated, port) - } - return port, err -} - -// Marks a port so that it will be released if this operation Commits -func (op *PortAllocationOperation) ReleaseDeferred(port int) { - op.releaseDeferred = append(op.releaseDeferred, port) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/proxy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/proxy.go deleted file mode 100644 index f0eb9d0788..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/proxy.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package service - -import ( - "context" - "fmt" - "net/http" - "net/url" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/proxy" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/capabilities" -) - -// ProxyREST implements the proxy subresource for a Service -type ProxyREST struct { - Redirector rest.Redirector - ProxyTransport http.RoundTripper -} - -// Implement Connecter -var _ = rest.Connecter(&ProxyREST{}) - -var proxyMethods = []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"} - -// New returns an empty service resource -func (r *ProxyREST) New() runtime.Object { - return &api.ServiceProxyOptions{} -} - -// Destroy cleans up resources on shutdown. -func (r *ProxyREST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -// ConnectMethods returns the list of HTTP methods that can be proxied -func (r *ProxyREST) ConnectMethods() []string { - return proxyMethods -} - -// NewConnectOptions returns versioned resource that represents proxy parameters -func (r *ProxyREST) NewConnectOptions() (runtime.Object, bool, string) { - return &api.ServiceProxyOptions{}, true, "path" -} - -// Connect returns a handler for the service proxy -func (r *ProxyREST) Connect(ctx context.Context, id string, opts runtime.Object, responder rest.Responder) (http.Handler, error) { - proxyOpts, ok := opts.(*api.ServiceProxyOptions) - if !ok { - return nil, fmt.Errorf("Invalid options object: %#v", opts) - } - location, transport, err := r.Redirector.ResourceLocation(ctx, id) - if err != nil { - return nil, err - } - location.Path = net.JoinPreservingTrailingSlash(location.Path, proxyOpts.Path) - // Return a proxy handler that uses the desired transport, wrapped with additional proxy handling (to get URL rewriting, X-Forwarded-* headers, etc) - return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, responder), nil -} - -func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder rest.Responder) *proxy.UpgradeAwareHandler { - handler := proxy.NewUpgradeAwareHandler(location, transport, wrapTransport, upgradeRequired, proxy.NewErrorResponder(responder)) - handler.MaxBytesPerSec = capabilities.Get().PerConnectionBandwidthLimitBytesPerSec - return handler -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/alloc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/alloc.go deleted file mode 100644 index b87e2be27c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/alloc.go +++ /dev/null @@ -1,1077 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/klog/v2" - apiservice "k8s.io/kubernetes/pkg/api/service" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/registry/core/service/ipallocator" - "k8s.io/kubernetes/pkg/registry/core/service/portallocator" - netutils "k8s.io/utils/net" -) - -// Allocators encapsulates the various allocators (IPs, ports) used in -// Services. -type Allocators struct { - serviceIPAllocatorsByFamily map[api.IPFamily]ipallocator.Interface - defaultServiceIPFamily api.IPFamily // --service-cluster-ip-range[0] - serviceNodePorts portallocator.Interface -} - -// ServiceNodePort includes protocol and port number of a service NodePort. -type ServiceNodePort struct { - // The IP protocol for this port. Supports "TCP" and "UDP". - Protocol api.Protocol - - // The port on each node on which this service is exposed. - // Default is to auto-allocate a port if the ServiceType of this Service requires one. - NodePort int32 -} - -// This is a trasitionary function to facilitate service REST flattening. -func makeAlloc(defaultFamily api.IPFamily, ipAllocs map[api.IPFamily]ipallocator.Interface, portAlloc portallocator.Interface) Allocators { - return Allocators{ - defaultServiceIPFamily: defaultFamily, - serviceIPAllocatorsByFamily: ipAllocs, - serviceNodePorts: portAlloc, - } -} - -func (al *Allocators) allocateCreate(service *api.Service, dryRun bool) (transaction, error) { - result := metaTransaction{} - success := false - - defer func() { - if !success { - result.Revert() - } - }() - - // Ensure IP family fields are correctly initialized. We do it here, since - // we want this to be visible even when dryRun == true. - if err := al.initIPFamilyFields(After{service}, Before{nil}); err != nil { - return nil, err - } - - // Allocate ClusterIPs - //TODO(thockin): validation should not pass with empty clusterIP, but it - //does (and is tested!). Fixing that all is a big PR and will have to - //happen later. - if txn, err := al.txnAllocClusterIPs(service, dryRun); err != nil { - return nil, err - } else { - result = append(result, txn) - } - - // Allocate ports - if txn, err := al.txnAllocNodePorts(service, dryRun); err != nil { - return nil, err - } else { - result = append(result, txn) - } - - success = true - return result, nil -} - -// attempts to default service ip families according to cluster configuration -// while ensuring that provided families are configured on cluster. -func (al *Allocators) initIPFamilyFields(after After, before Before) error { - oldService, service := before.Service, after.Service - - // can not do anything here - if service.Spec.Type == api.ServiceTypeExternalName { - return nil - } - - // We don't want to auto-upgrade (add an IP) or downgrade (remove an IP) - // PreferDualStack services following a cluster change to/from - // dual-stackness. - // - // That means a PreferDualStack service will only be upgraded/downgraded - // when: - // - changing ipFamilyPolicy to "RequireDualStack" or "SingleStack" AND - // - adding or removing a secondary clusterIP or ipFamily - if isMatchingPreferDualStackClusterIPFields(after, before) { - return nil // nothing more to do. - } - - // If the user didn't specify ipFamilyPolicy, we can infer a default. We - // don't want a static default because we want to make sure that we never - // change between single- and dual-stack modes with explicit direction, as - // provided by ipFamilyPolicy. Consider these cases: - // * Create (POST): If they didn't specify a policy we can assume it's - // always SingleStack. - // * Update (PUT): If they didn't specify a policy we need to adopt the - // policy from before. This is better than always assuming SingleStack - // because a PUT that changes clusterIPs from 2 to 1 value but doesn't - // specify ipFamily would work. - // * Update (PATCH): If they didn't specify a policy it will adopt the - // policy from before. - if service.Spec.IPFamilyPolicy == nil { - if oldService != nil && oldService.Spec.IPFamilyPolicy != nil { - // Update from an object with policy, use the old policy - service.Spec.IPFamilyPolicy = oldService.Spec.IPFamilyPolicy - } else if service.Spec.ClusterIP == api.ClusterIPNone && len(service.Spec.Selector) == 0 { - // Special-case: headless + selectorless defaults to dual. - requireDualStack := api.IPFamilyPolicyRequireDualStack - service.Spec.IPFamilyPolicy = &requireDualStack - } else { - // create or update from an object without policy (e.g. - // ExternalName) to one that needs policy - singleStack := api.IPFamilyPolicySingleStack - service.Spec.IPFamilyPolicy = &singleStack - } - } - // Henceforth we can assume ipFamilyPolicy is set. - - // Do some loose pre-validation of the input. This makes it easier in the - // rest of allocation code to not have to consider corner cases. - // TODO(thockin): when we tighten validation (e.g. to require IPs) we will - // need a "strict" and a "loose" form of this. - if el := validation.ValidateServiceClusterIPsRelatedFields(service); len(el) != 0 { - return errors.NewInvalid(api.Kind("Service"), service.Name, el) - } - - //TODO(thockin): Move this logic to validation? - el := make(field.ErrorList, 0) - - // Update-only prep work. - if oldService != nil { - if getIPFamilyPolicy(service) == api.IPFamilyPolicySingleStack { - // As long as ClusterIPs and IPFamilies have not changed, setting - // the policy to single-stack is clear intent. - // ClusterIPs[0] is immutable, so it is safe to keep. - if sameClusterIPs(oldService, service) && len(service.Spec.ClusterIPs) > 1 { - service.Spec.ClusterIPs = service.Spec.ClusterIPs[0:1] - } - if sameIPFamilies(oldService, service) && len(service.Spec.IPFamilies) > 1 { - service.Spec.IPFamilies = service.Spec.IPFamilies[0:1] - } - } else { - // If the policy is anything but single-stack AND they reduced these - // fields, it's an error. They need to specify policy. - if reducedClusterIPs(After{service}, Before{oldService}) { - el = append(el, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, - "must be 'SingleStack' to release the secondary cluster IP")) - } - if reducedIPFamilies(After{service}, Before{oldService}) { - el = append(el, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, - "must be 'SingleStack' to release the secondary IP family")) - } - } - } - - // Make sure ipFamilyPolicy makes sense for the provided ipFamilies and - // clusterIPs. Further checks happen below - after the special cases. - if getIPFamilyPolicy(service) == api.IPFamilyPolicySingleStack { - if len(service.Spec.ClusterIPs) == 2 { - el = append(el, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, - "must be 'RequireDualStack' or 'PreferDualStack' when multiple cluster IPs are specified")) - } - if len(service.Spec.IPFamilies) == 2 { - el = append(el, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, - "must be 'RequireDualStack' or 'PreferDualStack' when multiple IP families are specified")) - } - } - - // Infer IPFamilies[] from ClusterIPs[]. Further checks happen below, - // after the special cases. - for i, ip := range service.Spec.ClusterIPs { - if ip == api.ClusterIPNone { - break - } - - // We previously validated that IPs are well-formed and that if an - // ipFamilies[] entry exists it matches the IP. - fam := familyOf(ip) - - // If the corresponding family is not specified, add it. - if i >= len(service.Spec.IPFamilies) { - // Families are checked more later, but this is a better error in - // this specific case (indicating the user-provided IP, rather - // than than the auto-assigned family). - if _, found := al.serviceIPAllocatorsByFamily[fam]; !found { - el = append(el, field.Invalid(field.NewPath("spec", "clusterIPs").Index(i), service.Spec.ClusterIPs, - fmt.Sprintf("%s is not configured on this cluster", fam))) - } else { - // OK to infer. - service.Spec.IPFamilies = append(service.Spec.IPFamilies, fam) - } - } - } - - // If we have validation errors, bail out now so we don't make them worse. - if len(el) > 0 { - return errors.NewInvalid(api.Kind("Service"), service.Name, el) - } - - // Special-case: headless + selectorless. This has to happen before other - // checks because it explicitly allows combinations of inputs that would - // otherwise be errors. - if service.Spec.ClusterIP == api.ClusterIPNone && len(service.Spec.Selector) == 0 { - // If IPFamilies was not set by the user, start with the default - // family. - if len(service.Spec.IPFamilies) == 0 { - service.Spec.IPFamilies = []api.IPFamily{al.defaultServiceIPFamily} - } - - // this follows headful services. With one exception on a single stack - // cluster the user is allowed to create headless services that has multi families - // the validation allows it - if len(service.Spec.IPFamilies) < 2 { - if *(service.Spec.IPFamilyPolicy) != api.IPFamilyPolicySingleStack { - // add the alt ipfamily - if service.Spec.IPFamilies[0] == api.IPv4Protocol { - service.Spec.IPFamilies = append(service.Spec.IPFamilies, api.IPv6Protocol) - } else { - service.Spec.IPFamilies = append(service.Spec.IPFamilies, api.IPv4Protocol) - } - } - } - - // nothing more needed here - return nil - } - - // - // Everything below this MUST happen *after* the above special cases. - // - - // Demanding dual-stack on a non dual-stack cluster. - if getIPFamilyPolicy(service) == api.IPFamilyPolicyRequireDualStack { - if len(al.serviceIPAllocatorsByFamily) < 2 { - el = append(el, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, - "this cluster is not configured for dual-stack services")) - } - } - - // If there is a family requested then it has to be configured on cluster. - for i, ipFamily := range service.Spec.IPFamilies { - if _, found := al.serviceIPAllocatorsByFamily[ipFamily]; !found { - el = append(el, field.Invalid(field.NewPath("spec", "ipFamilies").Index(i), ipFamily, "not configured on this cluster")) - } - } - - // If we have validation errors, don't bother with the rest. - if len(el) > 0 { - return errors.NewInvalid(api.Kind("Service"), service.Name, el) - } - - // nil families, gets cluster default - if len(service.Spec.IPFamilies) == 0 { - service.Spec.IPFamilies = []api.IPFamily{al.defaultServiceIPFamily} - } - - // If this service is looking for dual-stack and this cluster does have two - // families, append the missing family. - if *(service.Spec.IPFamilyPolicy) != api.IPFamilyPolicySingleStack && - len(service.Spec.IPFamilies) == 1 && - len(al.serviceIPAllocatorsByFamily) == 2 { - - if service.Spec.IPFamilies[0] == api.IPv4Protocol { - service.Spec.IPFamilies = append(service.Spec.IPFamilies, api.IPv6Protocol) - } else if service.Spec.IPFamilies[0] == api.IPv6Protocol { - service.Spec.IPFamilies = append(service.Spec.IPFamilies, api.IPv4Protocol) - } - } - - return nil -} - -func (al *Allocators) txnAllocClusterIPs(service *api.Service, dryRun bool) (transaction, error) { - // clusterIPs that were allocated may need to be released in case of - // failure at a higher level. - allocated, err := al.allocClusterIPs(service, dryRun) - if err != nil { - return nil, err - } - - txn := callbackTransaction{ - revert: func() { - if dryRun { - return - } - actuallyReleased, err := al.releaseIPs(allocated) - if err != nil { - klog.ErrorS(err, "failed to clean up after failed service create", - "service", klog.KObj(service), - "shouldRelease", allocated, - "released", actuallyReleased) - } - }, - commit: func() { - if !dryRun { - if len(allocated) > 0 { - klog.InfoS("allocated clusterIPs", - "service", klog.KObj(service), - "clusterIPs", allocated) - } - } - }, - } - return txn, nil -} - -// allocates ClusterIPs for a service -func (al *Allocators) allocClusterIPs(service *api.Service, dryRun bool) (map[api.IPFamily]string, error) { - // external name don't get ClusterIPs - if service.Spec.Type == api.ServiceTypeExternalName { - return nil, nil - } - - // headless don't get ClusterIPs - if len(service.Spec.ClusterIPs) > 0 && service.Spec.ClusterIPs[0] == api.ClusterIPNone { - return nil, nil - } - - toAlloc := make(map[api.IPFamily]string) - // at this stage, the only fact we know is that service has correct ip families - // assigned to it. It may have partial assigned ClusterIPs (Upgrade to dual stack) - // may have no ips at all. The below loop is meant to fix this - // (we also know that this cluster has these families) - - // if there is no slice to work with - if service.Spec.ClusterIPs == nil { - service.Spec.ClusterIPs = make([]string, 0, len(service.Spec.IPFamilies)) - } - - for i, ipFamily := range service.Spec.IPFamilies { - if i > (len(service.Spec.ClusterIPs) - 1) { - service.Spec.ClusterIPs = append(service.Spec.ClusterIPs, "" /* just a marker */) - } - - toAlloc[ipFamily] = service.Spec.ClusterIPs[i] - } - - // allocate - allocated, err := al.allocIPs(service, toAlloc, dryRun) - - // set if successful - if err == nil { - for family, ip := range allocated { - for i, check := range service.Spec.IPFamilies { - if family == check { - service.Spec.ClusterIPs[i] = ip - // while we technically don't need to do that testing rest does not - // go through conversion logic but goes through validation *sigh*. - // so we set ClusterIP here as well - // because the testing code expects valid (as they are output-ed from conversion) - // as it patches fields - if i == 0 { - service.Spec.ClusterIP = ip - } - } - } - } - } - - return allocated, err -} - -func (al *Allocators) allocIPs(service *api.Service, toAlloc map[api.IPFamily]string, dryRun bool) (map[api.IPFamily]string, error) { - allocated := make(map[api.IPFamily]string) - - for family, ip := range toAlloc { - allocator := al.serviceIPAllocatorsByFamily[family] // should always be there, as we pre validate - if dryRun { - allocator = allocator.DryRun() - } - if ip == "" { - allocatedIP, err := allocator.AllocateNext() - if err != nil { - return allocated, errors.NewInternalError(fmt.Errorf("failed to allocate a serviceIP: %v", err)) - } - allocated[family] = allocatedIP.String() - } else { - parsedIP := netutils.ParseIPSloppy(ip) - if parsedIP == nil { - return allocated, errors.NewInternalError(fmt.Errorf("failed to parse service IP %q", ip)) - } - if err := allocator.Allocate(parsedIP); err != nil { - el := field.ErrorList{field.Invalid(field.NewPath("spec", "clusterIPs"), service.Spec.ClusterIPs, fmt.Sprintf("failed to allocate IP %v: %v", ip, err))} - return allocated, errors.NewInvalid(api.Kind("Service"), service.Name, el) - } - allocated[family] = ip - } - } - return allocated, nil -} - -// releases clusterIPs per family -func (al *Allocators) releaseIPs(toRelease map[api.IPFamily]string) (map[api.IPFamily]string, error) { - if toRelease == nil { - return nil, nil - } - - released := make(map[api.IPFamily]string) - for family, ip := range toRelease { - allocator, ok := al.serviceIPAllocatorsByFamily[family] - if !ok { - // Maybe the cluster was previously configured for dual-stack, - // then switched to single-stack? - klog.InfoS("Not releasing ClusterIP because related family is not enabled", "clusterIP", ip, "family", family) - continue - } - - parsedIP := netutils.ParseIPSloppy(ip) - if parsedIP == nil { - return released, errors.NewInternalError(fmt.Errorf("failed to parse service IP %q", ip)) - } - if err := allocator.Release(parsedIP); err != nil { - return released, err - } - released[family] = ip - } - - return released, nil -} - -func (al *Allocators) txnAllocNodePorts(service *api.Service, dryRun bool) (transaction, error) { - // The allocator tracks dry-run-ness internally. - nodePortOp := portallocator.StartOperation(al.serviceNodePorts, dryRun) - - txn := callbackTransaction{ - commit: func() { - nodePortOp.Commit() - // We don't NEED to call Finish() here, but for that package says - // to, so for future-safety, we will. - nodePortOp.Finish() - }, - revert: func() { - // Weirdly named but this will revert if commit wasn't called - nodePortOp.Finish() - }, - } - - // Allocate NodePorts, if needed. - if service.Spec.Type == api.ServiceTypeNodePort || service.Spec.Type == api.ServiceTypeLoadBalancer { - if err := initNodePorts(service, nodePortOp); err != nil { - txn.Revert() - return nil, err - } - } - - // Handle ExternalTraffic related fields during service creation. - if apiservice.NeedsHealthCheck(service) { - if err := al.allocHealthCheckNodePort(service, nodePortOp); err != nil { - txn.Revert() - return nil, errors.NewInternalError(err) - } - } - - return txn, nil -} - -func initNodePorts(service *api.Service, nodePortOp *portallocator.PortAllocationOperation) error { - svcPortToNodePort := map[int]int{} - for i := range service.Spec.Ports { - servicePort := &service.Spec.Ports[i] - if servicePort.NodePort == 0 && !shouldAllocateNodePorts(service) { - // Don't allocate new ports, but do respect specific requests. - continue - } - allocatedNodePort := svcPortToNodePort[int(servicePort.Port)] - if allocatedNodePort == 0 { - // This will only scan forward in the service.Spec.Ports list because any matches - // before the current port would have been found in svcPortToNodePort. This is really - // looking for any user provided values. - np := findRequestedNodePort(int(servicePort.Port), service.Spec.Ports) - if np != 0 { - err := nodePortOp.Allocate(np) - if err != nil { - // TODO: when validation becomes versioned, this gets more complicated. - el := field.ErrorList{field.Invalid(field.NewPath("spec", "ports").Index(i).Child("nodePort"), np, err.Error())} - return errors.NewInvalid(api.Kind("Service"), service.Name, el) - } - servicePort.NodePort = int32(np) - svcPortToNodePort[int(servicePort.Port)] = np - } else { - nodePort, err := nodePortOp.AllocateNext() - if err != nil { - // TODO: what error should be returned here? It's not a - // field-level validation failure (the field is valid), and it's - // not really an internal error. - return errors.NewInternalError(fmt.Errorf("failed to allocate a nodePort: %v", err)) - } - servicePort.NodePort = int32(nodePort) - svcPortToNodePort[int(servicePort.Port)] = nodePort - } - } else if int(servicePort.NodePort) != allocatedNodePort { - // TODO(xiangpengzhao): do we need to allocate a new NodePort in this case? - // Note: the current implementation is better, because it saves a NodePort. - if servicePort.NodePort == 0 { - servicePort.NodePort = int32(allocatedNodePort) - } else { - err := nodePortOp.Allocate(int(servicePort.NodePort)) - if err != nil { - // TODO: when validation becomes versioned, this gets more complicated. - el := field.ErrorList{field.Invalid(field.NewPath("spec", "ports").Index(i).Child("nodePort"), servicePort.NodePort, err.Error())} - return errors.NewInvalid(api.Kind("Service"), service.Name, el) - } - } - } - } - - return nil -} - -// allocHealthCheckNodePort allocates health check node port to service. -func (al *Allocators) allocHealthCheckNodePort(service *api.Service, nodePortOp *portallocator.PortAllocationOperation) error { - healthCheckNodePort := service.Spec.HealthCheckNodePort - if healthCheckNodePort != 0 { - // If the request has a health check nodePort in mind, attempt to reserve it. - err := nodePortOp.Allocate(int(healthCheckNodePort)) - if err != nil { - return fmt.Errorf("failed to allocate requested HealthCheck NodePort %v: %v", - healthCheckNodePort, err) - } - } else { - // If the request has no health check nodePort specified, allocate any. - healthCheckNodePort, err := nodePortOp.AllocateNext() - if err != nil { - return fmt.Errorf("failed to allocate a HealthCheck NodePort %v: %v", healthCheckNodePort, err) - } - service.Spec.HealthCheckNodePort = int32(healthCheckNodePort) - } - return nil -} - -func (al *Allocators) allocateUpdate(after After, before Before, dryRun bool) (transaction, error) { - result := metaTransaction{} - success := false - - defer func() { - if !success { - result.Revert() - } - }() - - // Ensure IP family fields are correctly initialized. We do it here, since - // we want this to be visible even when dryRun == true. - if err := al.initIPFamilyFields(after, before); err != nil { - return nil, err - } - - // Allocate ClusterIPs - //TODO(thockin): validation should not pass with empty clusterIP, but it - //does (and is tested!). Fixing that all is a big PR and will have to - //happen later. - if txn, err := al.txnUpdateClusterIPs(after, before, dryRun); err != nil { - return nil, err - } else { - result = append(result, txn) - } - - // Allocate ports - if txn, err := al.txnUpdateNodePorts(after, before, dryRun); err != nil { - return nil, err - } else { - result = append(result, txn) - } - - success = true - return result, nil -} - -func (al *Allocators) txnUpdateClusterIPs(after After, before Before, dryRun bool) (transaction, error) { - service := after.Service - - allocated, released, err := al.updateClusterIPs(after, before, dryRun) - if err != nil { - return nil, err - } - - // on failure: Any newly allocated IP must be released back - // on failure: Any previously allocated IP that would have been released, - // must *not* be released - // on success: Any previously allocated IP that should be released, will be - // released - txn := callbackTransaction{ - commit: func() { - if dryRun { - return - } - if len(allocated) > 0 { - klog.InfoS("allocated clusterIPs", - "service", klog.KObj(service), - "clusterIPs", allocated) - } - if actuallyReleased, err := al.releaseIPs(released); err != nil { - klog.ErrorS(err, "failed to clean up after successful service update", - "service", klog.KObj(service), - "shouldRelease", released, - "released", actuallyReleased) - } - }, - revert: func() { - if dryRun { - return - } - if actuallyReleased, err := al.releaseIPs(allocated); err != nil { - klog.ErrorS(err, "failed to clean up after failed service update", - "service", klog.KObj(service), - "shouldRelease", allocated, - "released", actuallyReleased) - } - }, - } - return txn, nil -} - -// handles type change/upgrade/downgrade change type for an update service -// this func does not perform actual release of clusterIPs. it returns -// a map[family]ip for the caller to release when everything else has -// executed successfully -func (al *Allocators) updateClusterIPs(after After, before Before, dryRun bool) (allocated map[api.IPFamily]string, toRelease map[api.IPFamily]string, err error) { - oldService, service := before.Service, after.Service - - // We don't want to auto-upgrade (add an IP) or downgrade (remove an IP) - // PreferDualStack services following a cluster change to/from - // dual-stackness. - // - // That means a PreferDualStack service will only be upgraded/downgraded - // when: - // - changing ipFamilyPolicy to "RequireDualStack" or "SingleStack" AND - // - adding or removing a secondary clusterIP or ipFamily - if isMatchingPreferDualStackClusterIPFields(after, before) { - return allocated, toRelease, nil // nothing more to do. - } - - // use cases: - // A: service changing types from ExternalName TO ClusterIP types ==> allocate all new - // B: service changing types from ClusterIP types TO ExternalName ==> release all allocated - // C: Service upgrading to dual stack ==> partial allocation - // D: service downgrading from dual stack ==> partial release - - // CASE A: - // Update service from ExternalName to non-ExternalName, should initialize ClusterIP. - if oldService.Spec.Type == api.ServiceTypeExternalName && service.Spec.Type != api.ServiceTypeExternalName { - allocated, err := al.allocClusterIPs(service, dryRun) - return allocated, nil, err - } - - // if headless service then we bail out early (no clusterIPs management needed) - if len(oldService.Spec.ClusterIPs) > 0 && oldService.Spec.ClusterIPs[0] == api.ClusterIPNone { - return nil, nil, nil - } - - // CASE B: - // Update service from non-ExternalName to ExternalName, should release ClusterIP if exists. - if oldService.Spec.Type != api.ServiceTypeExternalName && service.Spec.Type == api.ServiceTypeExternalName { - toRelease = make(map[api.IPFamily]string) - for i, family := range oldService.Spec.IPFamilies { - toRelease[family] = oldService.Spec.ClusterIPs[i] - } - return nil, toRelease, nil - } - - upgraded := len(oldService.Spec.IPFamilies) == 1 && len(service.Spec.IPFamilies) == 2 - downgraded := len(oldService.Spec.IPFamilies) == 2 && len(service.Spec.IPFamilies) == 1 - - // CASE C: - if upgraded { - toAllocate := make(map[api.IPFamily]string) - // if secondary ip was named, just get it. if not add a marker - if len(service.Spec.ClusterIPs) < 2 { - service.Spec.ClusterIPs = append(service.Spec.ClusterIPs, "" /* marker */) - } - - toAllocate[service.Spec.IPFamilies[1]] = service.Spec.ClusterIPs[1] - - // allocate - allocated, err := al.allocIPs(service, toAllocate, dryRun) - // set if successful - if err == nil { - service.Spec.ClusterIPs[1] = allocated[service.Spec.IPFamilies[1]] - } - - return allocated, nil, err - } - - // CASE D: - if downgraded { - toRelease = make(map[api.IPFamily]string) - toRelease[oldService.Spec.IPFamilies[1]] = oldService.Spec.ClusterIPs[1] - // note: we don't release clusterIP, this is left to clean up in the action itself - return nil, toRelease, err - } - // it was not an upgrade nor downgrade - return nil, nil, nil -} - -func (al *Allocators) txnUpdateNodePorts(after After, before Before, dryRun bool) (transaction, error) { - oldService, service := before.Service, after.Service - - // The allocator tracks dry-run-ness internally. - nodePortOp := portallocator.StartOperation(al.serviceNodePorts, dryRun) - - txn := callbackTransaction{ - commit: func() { - nodePortOp.Commit() - // We don't NEED to call Finish() here, but for that package says - // to, so for future-safety, we will. - nodePortOp.Finish() - }, - revert: func() { - // Weirdly named but this will revert if commit wasn't called - nodePortOp.Finish() - }, - } - - // Update service from NodePort or LoadBalancer to ExternalName or ClusterIP, should release NodePort if exists. - if (oldService.Spec.Type == api.ServiceTypeNodePort || oldService.Spec.Type == api.ServiceTypeLoadBalancer) && - (service.Spec.Type == api.ServiceTypeExternalName || service.Spec.Type == api.ServiceTypeClusterIP) { - al.releaseNodePorts(oldService, nodePortOp) - } - - // Update service from any type to NodePort or LoadBalancer, should update NodePort. - if service.Spec.Type == api.ServiceTypeNodePort || service.Spec.Type == api.ServiceTypeLoadBalancer { - if err := al.updateNodePorts(After{service}, Before{oldService}, nodePortOp); err != nil { - txn.Revert() - return nil, err - } - } - - // Handle ExternalTraffic related updates. - success, err := al.updateHealthCheckNodePort(After{service}, Before{oldService}, nodePortOp) - if !success || err != nil { - txn.Revert() - return nil, err - } - - return txn, nil -} - -func (al *Allocators) releaseNodePorts(service *api.Service, nodePortOp *portallocator.PortAllocationOperation) { - nodePorts := collectServiceNodePorts(service) - - for _, nodePort := range nodePorts { - nodePortOp.ReleaseDeferred(nodePort) - } -} - -func (al *Allocators) updateNodePorts(after After, before Before, nodePortOp *portallocator.PortAllocationOperation) error { - oldService, newService := before.Service, after.Service - - oldNodePortsNumbers := collectServiceNodePorts(oldService) - newNodePorts := []ServiceNodePort{} - portAllocated := map[int]bool{} - - for i := range newService.Spec.Ports { - servicePort := &newService.Spec.Ports[i] - if servicePort.NodePort == 0 && !shouldAllocateNodePorts(newService) { - // Don't allocate new ports, but do respect specific requests. - continue - } - nodePort := ServiceNodePort{Protocol: servicePort.Protocol, NodePort: servicePort.NodePort} - if nodePort.NodePort != 0 { - if !containsNumber(oldNodePortsNumbers, int(nodePort.NodePort)) && !portAllocated[int(nodePort.NodePort)] { - err := nodePortOp.Allocate(int(nodePort.NodePort)) - if err != nil { - el := field.ErrorList{field.Invalid(field.NewPath("spec", "ports").Index(i).Child("nodePort"), nodePort.NodePort, err.Error())} - return errors.NewInvalid(api.Kind("Service"), newService.Name, el) - } - portAllocated[int(nodePort.NodePort)] = true - } - } else { - nodePortNumber, err := nodePortOp.AllocateNext() - if err != nil { - // TODO: what error should be returned here? It's not a - // field-level validation failure (the field is valid), and it's - // not really an internal error. - return errors.NewInternalError(fmt.Errorf("failed to allocate a nodePort: %v", err)) - } - servicePort.NodePort = int32(nodePortNumber) - nodePort.NodePort = servicePort.NodePort - } - if containsNodePort(newNodePorts, nodePort) { - return fmt.Errorf("duplicate nodePort: %v", nodePort) - } - newNodePorts = append(newNodePorts, nodePort) - } - - newNodePortsNumbers := collectServiceNodePorts(newService) - - // The comparison loops are O(N^2), but we don't expect N to be huge - // (there's a hard-limit at 2^16, because they're ports; and even 4 ports would be a lot) - for _, oldNodePortNumber := range oldNodePortsNumbers { - if containsNumber(newNodePortsNumbers, oldNodePortNumber) { - continue - } - nodePortOp.ReleaseDeferred(int(oldNodePortNumber)) - } - - return nil -} - -// updateHealthCheckNodePort handles HealthCheckNodePort allocation/release -// and adjusts HealthCheckNodePort during service update if needed. -func (al *Allocators) updateHealthCheckNodePort(after After, before Before, nodePortOp *portallocator.PortAllocationOperation) (bool, error) { - oldService, service := before.Service, after.Service - - neededHealthCheckNodePort := apiservice.NeedsHealthCheck(oldService) - oldHealthCheckNodePort := oldService.Spec.HealthCheckNodePort - - needsHealthCheckNodePort := apiservice.NeedsHealthCheck(service) - - switch { - // Case 1: Transition from don't need HealthCheckNodePort to needs HealthCheckNodePort. - // Allocate a health check node port or attempt to reserve the user-specified one if provided. - // Insert health check node port into the service's HealthCheckNodePort field if needed. - case !neededHealthCheckNodePort && needsHealthCheckNodePort: - if err := al.allocHealthCheckNodePort(service, nodePortOp); err != nil { - return false, errors.NewInternalError(err) - } - - // Case 2: Transition from needs HealthCheckNodePort to don't need HealthCheckNodePort. - // Free the existing healthCheckNodePort and clear the HealthCheckNodePort field. - case neededHealthCheckNodePort && !needsHealthCheckNodePort: - nodePortOp.ReleaseDeferred(int(oldHealthCheckNodePort)) - } - return true, nil -} - -func (al *Allocators) releaseAllocatedResources(svc *api.Service) { - al.releaseClusterIPs(svc) - - for _, nodePort := range collectServiceNodePorts(svc) { - err := al.serviceNodePorts.Release(nodePort) - if err != nil { - // these should be caught by an eventual reconciliation / restart - utilruntime.HandleError(fmt.Errorf("Error releasing service %s node port %d: %v", svc.Name, nodePort, err)) - } - } - - if apiservice.NeedsHealthCheck(svc) { - nodePort := svc.Spec.HealthCheckNodePort - if nodePort > 0 { - err := al.serviceNodePorts.Release(int(nodePort)) - if err != nil { - // these should be caught by an eventual reconciliation / restart - utilruntime.HandleError(fmt.Errorf("Error releasing service %s health check node port %d: %v", svc.Name, nodePort, err)) - } - } - } -} - -// releases allocated ClusterIPs for service that is about to be deleted -func (al *Allocators) releaseClusterIPs(service *api.Service) (released map[api.IPFamily]string, err error) { - // external name don't get ClusterIPs - if service.Spec.Type == api.ServiceTypeExternalName { - return nil, nil - } - - // headless don't get ClusterIPs - if len(service.Spec.ClusterIPs) > 0 && service.Spec.ClusterIPs[0] == api.ClusterIPNone { - return nil, nil - } - - toRelease := make(map[api.IPFamily]string) - for _, ip := range service.Spec.ClusterIPs { - if netutils.IsIPv6String(ip) { - toRelease[api.IPv6Protocol] = ip - } else { - toRelease[api.IPv4Protocol] = ip - } - } - return al.releaseIPs(toRelease) -} - -func (al *Allocators) Destroy() { - al.serviceNodePorts.Destroy() - for _, a := range al.serviceIPAllocatorsByFamily { - a.Destroy() - } -} - -// This is O(N), but we expect haystack to be small; -// so small that we expect a linear search to be faster -func containsNumber(haystack []int, needle int) bool { - for _, v := range haystack { - if v == needle { - return true - } - } - return false -} - -// This is O(N), but we expect serviceNodePorts to be small; -// so small that we expect a linear search to be faster -func containsNodePort(serviceNodePorts []ServiceNodePort, serviceNodePort ServiceNodePort) bool { - for _, snp := range serviceNodePorts { - if snp == serviceNodePort { - return true - } - } - return false -} - -// Loop through the service ports list, find one with the same port number and -// NodePort specified, return this NodePort otherwise return 0. -func findRequestedNodePort(port int, servicePorts []api.ServicePort) int { - for i := range servicePorts { - servicePort := servicePorts[i] - if port == int(servicePort.Port) && servicePort.NodePort != 0 { - return int(servicePort.NodePort) - } - } - return 0 -} - -func shouldAllocateNodePorts(service *api.Service) bool { - if service.Spec.Type == api.ServiceTypeNodePort { - return true - } - if service.Spec.Type == api.ServiceTypeLoadBalancer { - return *service.Spec.AllocateLoadBalancerNodePorts - } - return false -} - -func collectServiceNodePorts(service *api.Service) []int { - servicePorts := []int{} - for i := range service.Spec.Ports { - servicePort := &service.Spec.Ports[i] - if servicePort.NodePort != 0 { - servicePorts = append(servicePorts, int(servicePort.NodePort)) - } - } - return servicePorts -} - -// tests if two preferred dual-stack service have matching ClusterIPFields -// assumption: old service is a valid, default service (e.g., loaded from store) -func isMatchingPreferDualStackClusterIPFields(after After, before Before) bool { - oldService, service := before.Service, after.Service - - if oldService == nil { - return false - } - - if service.Spec.IPFamilyPolicy == nil { - return false - } - - // if type mutated then it is an update - // that needs to run through the entire process. - if oldService.Spec.Type != service.Spec.Type { - return false - } - // both must be type that gets an IP assigned - if service.Spec.Type != api.ServiceTypeClusterIP && - service.Spec.Type != api.ServiceTypeNodePort && - service.Spec.Type != api.ServiceTypeLoadBalancer { - return false - } - - // both must be of IPFamilyPolicy==PreferDualStack - if service.Spec.IPFamilyPolicy != nil && *(service.Spec.IPFamilyPolicy) != api.IPFamilyPolicyPreferDualStack { - return false - } - - if oldService.Spec.IPFamilyPolicy != nil && *(oldService.Spec.IPFamilyPolicy) != api.IPFamilyPolicyPreferDualStack { - return false - } - - if !sameClusterIPs(oldService, service) { - return false - } - - if !sameIPFamilies(oldService, service) { - return false - } - - // they match on - // Policy: preferDualStack - // ClusterIPs - // IPFamilies - return true -} - -// Helper to avoid nil-checks all over. Callers of this need to be checking -// for an exact value. -func getIPFamilyPolicy(svc *api.Service) api.IPFamilyPolicy { - if svc.Spec.IPFamilyPolicy == nil { - return "" // callers need to handle this - } - return *svc.Spec.IPFamilyPolicy -} - -func sameClusterIPs(lhs, rhs *api.Service) bool { - if len(rhs.Spec.ClusterIPs) != len(lhs.Spec.ClusterIPs) { - return false - } - - for i, ip := range rhs.Spec.ClusterIPs { - if lhs.Spec.ClusterIPs[i] != ip { - return false - } - } - - return true -} - -func reducedClusterIPs(after After, before Before) bool { - oldSvc, newSvc := before.Service, after.Service - - if len(newSvc.Spec.ClusterIPs) == 0 { // Not specified - return false - } - return len(newSvc.Spec.ClusterIPs) < len(oldSvc.Spec.ClusterIPs) -} - -func sameIPFamilies(lhs, rhs *api.Service) bool { - if len(rhs.Spec.IPFamilies) != len(lhs.Spec.IPFamilies) { - return false - } - - for i, family := range rhs.Spec.IPFamilies { - if lhs.Spec.IPFamilies[i] != family { - return false - } - } - - return true -} - -func reducedIPFamilies(after After, before Before) bool { - oldSvc, newSvc := before.Service, after.Service - - if len(newSvc.Spec.IPFamilies) == 0 { // Not specified - return false - } - return len(newSvc.Spec.IPFamilies) < len(oldSvc.Spec.IPFamilies) -} - -// Helper to get the IP family of a given IP. -func familyOf(ip string) api.IPFamily { - if netutils.IsIPv4String(ip) { - return api.IPv4Protocol - } - if netutils.IsIPv6String(ip) { - return api.IPv6Protocol - } - return api.IPFamily("unknown") -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/storage.go deleted file mode 100644 index 4ee5428e81..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/storage.go +++ /dev/null @@ -1,659 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - "math/rand" - "net" - "net/http" - "net/url" - "strconv" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - utilnet "k8s.io/apimachinery/pkg/util/net" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/sets" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/util/dryrun" - "k8s.io/klog/v2" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - svcreg "k8s.io/kubernetes/pkg/registry/core/service" - "k8s.io/kubernetes/pkg/registry/core/service/ipallocator" - "k8s.io/kubernetes/pkg/registry/core/service/portallocator" - netutil "k8s.io/utils/net" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -type EndpointsStorage interface { - rest.Getter - rest.GracefulDeleter -} - -type PodStorage interface { - rest.Getter -} - -type REST struct { - *genericregistry.Store - primaryIPFamily api.IPFamily - secondaryIPFamily api.IPFamily - alloc Allocators - endpoints EndpointsStorage - pods PodStorage - proxyTransport http.RoundTripper -} - -var ( - _ rest.CategoriesProvider = &REST{} - _ rest.ShortNamesProvider = &REST{} - _ rest.StorageVersionProvider = &REST{} - _ rest.ResetFieldsStrategy = &REST{} - _ rest.Redirector = &REST{} -) - -// NewREST returns a REST object that will work against services. -func NewREST( - optsGetter generic.RESTOptionsGetter, - serviceIPFamily api.IPFamily, - ipAllocs map[api.IPFamily]ipallocator.Interface, - portAlloc portallocator.Interface, - endpoints EndpointsStorage, - pods PodStorage, - proxyTransport http.RoundTripper) (*REST, *StatusREST, *svcreg.ProxyREST, error) { - - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.Service{} }, - NewListFunc: func() runtime.Object { return &api.ServiceList{} }, - DefaultQualifiedResource: api.Resource("services"), - ReturnDeletedObject: true, - - CreateStrategy: svcreg.Strategy, - UpdateStrategy: svcreg.Strategy, - DeleteStrategy: svcreg.Strategy, - ResetFieldsStrategy: svcreg.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = svcreg.StatusStrategy - statusStore.ResetFieldsStrategy = svcreg.StatusStrategy - - var primaryIPFamily api.IPFamily = serviceIPFamily - var secondaryIPFamily api.IPFamily = "" // sentinel value - if len(ipAllocs) > 1 { - secondaryIPFamily = otherFamily(serviceIPFamily) - } - genericStore := &REST{ - Store: store, - primaryIPFamily: primaryIPFamily, - secondaryIPFamily: secondaryIPFamily, - alloc: makeAlloc(serviceIPFamily, ipAllocs, portAlloc), - endpoints: endpoints, - pods: pods, - proxyTransport: proxyTransport, - } - store.Decorator = genericStore.defaultOnRead - store.AfterDelete = genericStore.afterDelete - store.BeginCreate = genericStore.beginCreate - store.BeginUpdate = genericStore.beginUpdate - - return genericStore, &StatusREST{store: &statusStore}, &svcreg.ProxyREST{Redirector: genericStore, ProxyTransport: proxyTransport}, nil -} - -// otherFamily returns the non-selected IPFamily. This assumes the input is -// valid. -func otherFamily(fam api.IPFamily) api.IPFamily { - if fam == api.IPv4Protocol { - return api.IPv6Protocol - } - return api.IPv4Protocol -} - -var ( - _ rest.ShortNamesProvider = &REST{} - _ rest.CategoriesProvider = &REST{} -) - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"svc"} -} - -// Categories implements the CategoriesProvider interface. Returns a list of categories a resource is part of. -func (r *REST) Categories() []string { - return []string{"all"} -} - -// Destroy cleans up everything on shutdown. -func (r *REST) Destroy() { - r.Store.Destroy() - r.alloc.Destroy() -} - -// StatusREST implements the REST endpoint for changing the status of a service. -type StatusREST struct { - store *genericregistry.Store -} - -func (r *StatusREST) New() runtime.Object { - return &api.Service{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -// We have a lot of functions that take a pair of "before" and "after" or -// "oldSvc" and "newSvc" args. Convention across the codebase is to pass them -// as (new, old), but it's easy to screw up when they are the same type. -// -// These types force us to pay attention. If the order of the arguments -// matters, please receive them as: -// func something(after After, before Before) { -// oldSvc, newSvc := before.Service, after.Service -// -// If the order of arguments DOES NOT matter, please receive them as: -// func something(lhs, rhs *api.Service) { - -type Before struct { - *api.Service -} -type After struct { - *api.Service -} - -// defaultOnRead sets interlinked fields that were not previously set on read. -// We can't do this in the normal defaulting path because that same logic -// applies on Get, Create, and Update, but we need to distinguish between them. -// -// This will be called on both Service and ServiceList types. -func (r *REST) defaultOnRead(obj runtime.Object) { - switch s := obj.(type) { - case *api.Service: - r.defaultOnReadService(s) - case *api.ServiceList: - r.defaultOnReadServiceList(s) - default: - // This was not an object we can default. This is not an error, as the - // caching layer can pass through here, too. - } -} - -// defaultOnReadServiceList defaults a ServiceList. -func (r *REST) defaultOnReadServiceList(serviceList *api.ServiceList) { - if serviceList == nil { - return - } - - for i := range serviceList.Items { - r.defaultOnReadService(&serviceList.Items[i]) - } -} - -// defaultOnReadService defaults a single Service. -func (r *REST) defaultOnReadService(service *api.Service) { - if service == nil { - return - } - - // We might find Services that were written before ClusterIP became plural. - // We still want to present a consistent view of them. - normalizeClusterIPs(After{service}, Before{nil}) - - // Set ipFamilies and ipFamilyPolicy if needed. - r.defaultOnReadIPFamilies(service) - - // We unintentionally defaulted internalTrafficPolicy when it's not needed - // for the ExternalName type. It's too late to change the field in storage, - // but we can drop the field when read. - defaultOnReadInternalTrafficPolicy(service) -} - -func defaultOnReadInternalTrafficPolicy(service *api.Service) { - if service.Spec.Type == api.ServiceTypeExternalName { - service.Spec.InternalTrafficPolicy = nil - } -} - -func (r *REST) defaultOnReadIPFamilies(service *api.Service) { - // ExternalName does not need this. - if !needsClusterIP(service) { - return - } - - // If IPFamilies is set, we assume IPFamilyPolicy is also set (it should - // not be possible to have one and not the other), and therefore we don't - // need further defaulting. Likewise, if IPFamilies is *not* set, we - // assume IPFamilyPolicy can't be set either. - if len(service.Spec.IPFamilies) > 0 { - return - } - - singleStack := api.IPFamilyPolicySingleStack - requireDualStack := api.IPFamilyPolicyRequireDualStack - - if service.Spec.ClusterIP == api.ClusterIPNone { - // Headless. - if len(service.Spec.Selector) == 0 { - // Headless + selectorless is a special-case. - // - // At this stage we don't know what kind of endpoints (specifically - // their IPFamilies) the user has assigned to this selectorless - // service. We assume it has dual-stack and we default it to - // RequireDualStack on any cluster (single- or dual-stack - // configured). - service.Spec.IPFamilyPolicy = &requireDualStack - service.Spec.IPFamilies = []api.IPFamily{r.primaryIPFamily, otherFamily(r.primaryIPFamily)} - } else { - // Headless + selector - default to single. - service.Spec.IPFamilyPolicy = &singleStack - service.Spec.IPFamilies = []api.IPFamily{r.primaryIPFamily} - } - } else { - // Headful: init ipFamilies from clusterIPs. - service.Spec.IPFamilies = make([]api.IPFamily, len(service.Spec.ClusterIPs)) - for idx, ip := range service.Spec.ClusterIPs { - if netutil.IsIPv6String(ip) { - service.Spec.IPFamilies[idx] = api.IPv6Protocol - } else { - service.Spec.IPFamilies[idx] = api.IPv4Protocol - } - } - if len(service.Spec.IPFamilies) == 1 { - service.Spec.IPFamilyPolicy = &singleStack - } else if len(service.Spec.IPFamilies) == 2 { - // It shouldn't be possible to get here, but just in case. - service.Spec.IPFamilyPolicy = &requireDualStack - } - } -} - -func (r *REST) afterDelete(obj runtime.Object, options *metav1.DeleteOptions) { - svc := obj.(*api.Service) - - // Normally this defaulting is done automatically, but the hook (Decorator) - // is called at the end of this process, and we want the fully-formed - // object. - r.defaultOnReadService(svc) - - // Only perform the cleanup if this is a non-dryrun deletion - if !dryrun.IsDryRun(options.DryRun) { - // It would be better if we had the caller context, but that changes - // this hook signature. - ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), svc.Namespace) - // TODO: This is clumsy. It was added for fear that the endpoints - // controller might lag, and we could end up rusing the service name - // with old endpoints. We should solve that better and remove this, or - // else we should do this for EndpointSlice, too. - _, _, err := r.endpoints.Delete(ctx, svc.Name, rest.ValidateAllObjectFunc, &metav1.DeleteOptions{}) - if err != nil && !errors.IsNotFound(err) { - klog.Errorf("delete service endpoints %s/%s failed: %v", svc.Name, svc.Namespace, err) - } - - r.alloc.releaseAllocatedResources(svc) - } -} - -func (r *REST) beginCreate(ctx context.Context, obj runtime.Object, options *metav1.CreateOptions) (genericregistry.FinishFunc, error) { - svc := obj.(*api.Service) - - // Make sure ClusterIP and ClusterIPs are in sync. This has to happen - // early, before anyone looks at them. - normalizeClusterIPs(After{svc}, Before{nil}) - - // Allocate IPs and ports. If we had a transactional store, this would just - // be part of the larger transaction. We don't have that, so we have to do - // it manually. This has to happen here and not in any earlier hooks (e.g. - // defaulting) because it needs to be aware of flags and be able to access - // API storage. - txn, err := r.alloc.allocateCreate(svc, dryrun.IsDryRun(options.DryRun)) - if err != nil { - return nil, err - } - - // Our cleanup callback - finish := func(_ context.Context, success bool) { - if success { - txn.Commit() - } else { - txn.Revert() - } - } - - return finish, nil -} - -func (r *REST) beginUpdate(ctx context.Context, obj, oldObj runtime.Object, options *metav1.UpdateOptions) (genericregistry.FinishFunc, error) { - newSvc := obj.(*api.Service) - oldSvc := oldObj.(*api.Service) - - // Make sure the existing object has all fields we expect to be defaulted. - // This might not be true if the saved object predates these fields (the - // Decorator hook is not called on 'old' in the update path. - r.defaultOnReadService(oldSvc) - - // Fix up allocated values that the client may have not specified (for - // idempotence). - patchAllocatedValues(After{newSvc}, Before{oldSvc}) - - // Make sure ClusterIP and ClusterIPs are in sync. This has to happen - // early, before anyone looks at them. - normalizeClusterIPs(After{newSvc}, Before{oldSvc}) - - // Allocate and initialize fields. - txn, err := r.alloc.allocateUpdate(After{newSvc}, Before{oldSvc}, dryrun.IsDryRun(options.DryRun)) - if err != nil { - return nil, err - } - - // Our cleanup callback - finish := func(_ context.Context, success bool) { - if success { - txn.Commit() - } else { - txn.Revert() - } - } - - return finish, nil -} - -// ResourceLocation returns a URL to which one can send traffic for the specified service. -func (r *REST) ResourceLocation(ctx context.Context, id string) (*url.URL, http.RoundTripper, error) { - // Allow ID as "svcname", "svcname:port", or "scheme:svcname:port". - svcScheme, svcName, portStr, valid := utilnet.SplitSchemeNamePort(id) - if !valid { - return nil, nil, errors.NewBadRequest(fmt.Sprintf("invalid service request %q", id)) - } - - // If a port *number* was specified, find the corresponding service port name - if portNum, err := strconv.ParseInt(portStr, 10, 64); err == nil { - obj, err := r.Get(ctx, svcName, &metav1.GetOptions{}) - if err != nil { - return nil, nil, err - } - svc := obj.(*api.Service) - found := false - for _, svcPort := range svc.Spec.Ports { - if int64(svcPort.Port) == portNum { - // use the declared port's name - portStr = svcPort.Name - found = true - break - } - } - if !found { - return nil, nil, errors.NewServiceUnavailable(fmt.Sprintf("no service port %d found for service %q", portNum, svcName)) - } - } - - obj, err := r.endpoints.Get(ctx, svcName, &metav1.GetOptions{}) - if err != nil { - return nil, nil, err - } - eps := obj.(*api.Endpoints) - if len(eps.Subsets) == 0 { - return nil, nil, errors.NewServiceUnavailable(fmt.Sprintf("no endpoints available for service %q", svcName)) - } - // Pick a random Subset to start searching from. - ssSeed := rand.Intn(len(eps.Subsets)) - // Find a Subset that has the port. - for ssi := 0; ssi < len(eps.Subsets); ssi++ { - ss := &eps.Subsets[(ssSeed+ssi)%len(eps.Subsets)] - if len(ss.Addresses) == 0 { - continue - } - for i := range ss.Ports { - if ss.Ports[i].Name == portStr { - addrSeed := rand.Intn(len(ss.Addresses)) - // This is a little wonky, but it's expensive to test for the presence of a Pod - // So we repeatedly try at random and validate it, this means that for an invalid - // service with a lot of endpoints we're going to potentially make a lot of calls, - // but in the expected case we'll only make one. - for try := 0; try < len(ss.Addresses); try++ { - addr := ss.Addresses[(addrSeed+try)%len(ss.Addresses)] - // TODO(thockin): do we really need this check? - if err := isValidAddress(ctx, &addr, r.pods); err != nil { - utilruntime.HandleError(fmt.Errorf("Address %v isn't valid (%v)", addr, err)) - continue - } - ip := addr.IP - port := int(ss.Ports[i].Port) - return &url.URL{ - Scheme: svcScheme, - Host: net.JoinHostPort(ip, strconv.Itoa(port)), - }, r.proxyTransport, nil - } - utilruntime.HandleError(fmt.Errorf("Failed to find a valid address, skipping subset: %v", ss)) - } - } - } - return nil, nil, errors.NewServiceUnavailable(fmt.Sprintf("no endpoints available for service %q", id)) -} - -func isValidAddress(ctx context.Context, addr *api.EndpointAddress, pods rest.Getter) error { - if addr.TargetRef == nil { - return fmt.Errorf("Address has no target ref, skipping: %v", addr) - } - if genericapirequest.NamespaceValue(ctx) != addr.TargetRef.Namespace { - return fmt.Errorf("Address namespace doesn't match context namespace") - } - obj, err := pods.Get(ctx, addr.TargetRef.Name, &metav1.GetOptions{}) - if err != nil { - return err - } - pod, ok := obj.(*api.Pod) - if !ok { - return fmt.Errorf("failed to cast to pod: %v", obj) - } - if pod == nil { - return fmt.Errorf("pod is missing, skipping (%s/%s)", addr.TargetRef.Namespace, addr.TargetRef.Name) - } - for _, podIP := range pod.Status.PodIPs { - if podIP.IP == addr.IP { - return nil - } - } - return fmt.Errorf("pod ip(s) doesn't match endpoint ip, skipping: %v vs %s (%s/%s)", pod.Status.PodIPs, addr.IP, addr.TargetRef.Namespace, addr.TargetRef.Name) -} - -// normalizeClusterIPs adjust clusterIPs based on ClusterIP. This must not -// consider any other fields. -func normalizeClusterIPs(after After, before Before) { - oldSvc, newSvc := before.Service, after.Service - - // In all cases here, we don't need to over-think the inputs. Validation - // will be called on the new object soon enough. All this needs to do is - // try to divine what user meant with these linked fields. The below - // is verbosely written for clarity. - - // **** IMPORTANT ***** - // as a governing rule. User must (either) - // -- Use singular only (old client) - // -- singular and plural fields (new clients) - - if oldSvc == nil { - // This was a create operation. - // User specified singular and not plural (e.g. an old client), so init - // plural for them. - if len(newSvc.Spec.ClusterIP) > 0 && len(newSvc.Spec.ClusterIPs) == 0 { - newSvc.Spec.ClusterIPs = []string{newSvc.Spec.ClusterIP} - return - } - - // we don't init singular based on plural because - // new client must use both fields - - // Either both were not specified (will be allocated) or both were - // specified (will be validated). - return - } - - // This was an update operation - - // ClusterIPs were cleared by an old client which was trying to patch - // some field and didn't provide ClusterIPs - if len(oldSvc.Spec.ClusterIPs) > 0 && len(newSvc.Spec.ClusterIPs) == 0 { - // if ClusterIP is the same, then it is an old client trying to - // patch service and didn't provide ClusterIPs - if oldSvc.Spec.ClusterIP == newSvc.Spec.ClusterIP { - newSvc.Spec.ClusterIPs = oldSvc.Spec.ClusterIPs - } - } - - // clusterIP is not the same - if oldSvc.Spec.ClusterIP != newSvc.Spec.ClusterIP { - // this is a client trying to clear it - if len(oldSvc.Spec.ClusterIP) > 0 && len(newSvc.Spec.ClusterIP) == 0 { - // if clusterIPs are the same, then clear on their behalf - if sameClusterIPs(oldSvc, newSvc) { - newSvc.Spec.ClusterIPs = nil - } - - // if they provided nil, then we are fine (handled by patching case above) - // if they changed it then validation will catch it - } else { - // ClusterIP has changed but not cleared *and* ClusterIPs are the same - // then we set ClusterIPs based on ClusterIP - if sameClusterIPs(oldSvc, newSvc) { - newSvc.Spec.ClusterIPs = []string{newSvc.Spec.ClusterIP} - } - } - } -} - -// patchAllocatedValues allows clients to avoid a read-modify-write cycle while -// preserving values that we allocated on their behalf. For example, they -// might create a Service without specifying the ClusterIP, in which case we -// allocate one. If they resubmit that same YAML, we want it to succeed. -func patchAllocatedValues(after After, before Before) { - oldSvc, newSvc := before.Service, after.Service - - if needsClusterIP(oldSvc) && needsClusterIP(newSvc) { - if newSvc.Spec.ClusterIP == "" { - newSvc.Spec.ClusterIP = oldSvc.Spec.ClusterIP - } - if len(newSvc.Spec.ClusterIPs) == 0 && len(oldSvc.Spec.ClusterIPs) > 0 { - newSvc.Spec.ClusterIPs = oldSvc.Spec.ClusterIPs - } - } - - if needsNodePort(oldSvc) && needsNodePort(newSvc) { - nodePortsUsed := func(svc *api.Service) sets.Int32 { - used := sets.NewInt32() - for _, p := range svc.Spec.Ports { - if p.NodePort != 0 { - used.Insert(p.NodePort) - } - } - return used - } - - // Build a set of all the ports in oldSvc that are also in newSvc. We know - // we can't patch these values. - used := nodePortsUsed(oldSvc).Intersection(nodePortsUsed(newSvc)) - - // Map NodePorts by name. The user may have changed other properties - // of the port, but we won't see that here. - np := map[string]int32{} - for i := range oldSvc.Spec.Ports { - p := &oldSvc.Spec.Ports[i] - np[p.Name] = p.NodePort - } - - // If newSvc is missing values, try to patch them in when we know them and - // they haven't been used for another port. - - for i := range newSvc.Spec.Ports { - p := &newSvc.Spec.Ports[i] - if p.NodePort == 0 { - oldVal := np[p.Name] - if !used.Has(oldVal) { - p.NodePort = oldVal - } - } - } - } - - if needsHCNodePort(oldSvc) && needsHCNodePort(newSvc) { - if newSvc.Spec.HealthCheckNodePort == 0 { - newSvc.Spec.HealthCheckNodePort = oldSvc.Spec.HealthCheckNodePort - } - } -} - -func needsClusterIP(svc *api.Service) bool { - if svc.Spec.Type == api.ServiceTypeExternalName { - return false - } - return true -} - -func needsNodePort(svc *api.Service) bool { - if svc.Spec.Type == api.ServiceTypeNodePort || svc.Spec.Type == api.ServiceTypeLoadBalancer { - return true - } - return false -} - -func needsHCNodePort(svc *api.Service) bool { - if svc.Spec.Type != api.ServiceTypeLoadBalancer { - return false - } - if svc.Spec.ExternalTrafficPolicy != api.ServiceExternalTrafficPolicyTypeLocal { - return false - } - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/transaction.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/transaction.go deleted file mode 100644 index 417e57323b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/storage/transaction.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -// transaction represents something that may need to be finalized on success or -// failure of the larger transaction. -type transaction interface { - // Commit tells the transaction to finalize any changes it may have - // pending. This cannot fail, so errors must be handled internally. - Commit() - - // Revert tells the transaction to abandon or undo any changes it may have - // pending. This cannot fail, so errors must be handled internally. - Revert() -} - -// metaTransaction is a collection of transactions. -type metaTransaction []transaction - -func (mt metaTransaction) Commit() { - for _, t := range mt { - t.Commit() - } -} - -func (mt metaTransaction) Revert() { - for _, t := range mt { - t.Revert() - } -} - -// callbackTransaction is a transaction which calls arbitrary functions. -type callbackTransaction struct { - commit func() - revert func() -} - -func (cb callbackTransaction) Commit() { - if cb.commit != nil { - cb.commit() - } -} - -func (cb callbackTransaction) Revert() { - if cb.revert != nil { - cb.revert() - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/strategy.go deleted file mode 100644 index fbbf7ce7a7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/service/strategy.go +++ /dev/null @@ -1,350 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package service - -import ( - "context" - "reflect" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// svcStrategy implements behavior for Services -type svcStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Services -// objects via the REST API. -var Strategy = svcStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped is true for services. -func (svcStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (svcStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate sets contextual defaults and clears fields that are not allowed to be set by end users on creation. -func (svcStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - service := obj.(*api.Service) - service.Status = api.ServiceStatus{} - - dropServiceDisabledFields(service, nil) -} - -// PrepareForUpdate sets contextual defaults and clears fields that are not allowed to be set by end users on update. -func (svcStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newService := obj.(*api.Service) - oldService := old.(*api.Service) - newService.Status = oldService.Status - - dropServiceDisabledFields(newService, oldService) - dropTypeDependentFields(newService, oldService) -} - -// Validate validates a new service. -func (svcStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - service := obj.(*api.Service) - allErrs := validation.ValidateServiceCreate(service) - return allErrs -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (svcStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (svcStrategy) Canonicalize(obj runtime.Object) { -} - -func (svcStrategy) AllowCreateOnUpdate() bool { - return true -} - -func (strategy svcStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - allErrs := validation.ValidateServiceUpdate(obj.(*api.Service), old.(*api.Service)) - return allErrs -} - -// WarningsOnUpdate returns warnings for the given update. -func (svcStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (svcStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// dropServiceDisabledFields drops fields that are not used if their associated feature gates -// are not enabled. The typical pattern is: -// -// if !utilfeature.DefaultFeatureGate.Enabled(features.MyFeature) && !myFeatureInUse(oldSvc) { -// newSvc.Spec.MyFeature = nil -// } -func dropServiceDisabledFields(newSvc *api.Service, oldSvc *api.Service) { - -} - -type serviceStatusStrategy struct { - svcStrategy -} - -// StatusStrategy wraps and exports the used svcStrategy for the storage package. -var StatusStrategy = serviceStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (serviceStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update of status -func (serviceStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newService := obj.(*api.Service) - oldService := old.(*api.Service) - // status changes are not allowed to update spec - newService.Spec = oldService.Spec -} - -// ValidateUpdate is the default update validation for an end user updating status -func (serviceStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateServiceStatusUpdate(obj.(*api.Service), old.(*api.Service)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (serviceStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func sameStringSlice(a []string, b []string) bool { - if len(a) != len(b) { - return false - } - for i := range a { - if a[i] != b[i] { - return false - } - } - return true -} - -// This is an unusual case. Service has a number of inter-related fields and -// in order to avoid breaking clients we try really hard to infer what users -// mean when they change them. -// -// Services are effectively a discriminated union, where `type` is the -// discriminator. Some fields just don't make sense with some types, so we -// clear them. -// -// As a rule, we almost never change user input. This can get tricky when APIs -// evolve and new dependent fields are added. This specific case includes -// fields that are allocated from a pool and need to be released. Anyone who -// is contemplating copying this pattern should think REALLY hard about almost -// any other option. -func dropTypeDependentFields(newSvc *api.Service, oldSvc *api.Service) { - // For now we are only wiping on updates. This minimizes potential - // confusion since many of the cases we are handling here are pretty niche. - if oldSvc == nil { - return - } - - // In all of these cases we only want to wipe a field if we a) know it no - // longer applies; b) might have initialized it automatically; c) know the - // user did not ALSO try to change it (in which case it should fail in - // validation). - - // If the user is switching to a type that does not need a value in - // clusterIP/clusterIPs (even "None" counts as a value), we might be able - // to wipe some fields. - if needsClusterIP(oldSvc) && !needsClusterIP(newSvc) { - if sameClusterIPs(oldSvc, newSvc) { - // These will be deallocated later. - newSvc.Spec.ClusterIP = "" - newSvc.Spec.ClusterIPs = nil - } - if sameIPFamilies(oldSvc, newSvc) { - newSvc.Spec.IPFamilies = nil - } - if sameIPFamilyPolicy(oldSvc, newSvc) { - newSvc.Spec.IPFamilyPolicy = nil - } - } - - // If the user is switching to a type that doesn't use NodePorts AND they - // did not change any NodePort values, we can wipe them. They will be - // deallocated later. - if needsNodePort(oldSvc) && !needsNodePort(newSvc) && sameNodePorts(oldSvc, newSvc) { - for i := range newSvc.Spec.Ports { - newSvc.Spec.Ports[i].NodePort = 0 - } - } - - // If the user is switching to a case that doesn't use HealthCheckNodePort AND they - // did not change the HealthCheckNodePort value, we can wipe it. It will - // be deallocated later. - if needsHCNodePort(oldSvc) && !needsHCNodePort(newSvc) && sameHCNodePort(oldSvc, newSvc) { - newSvc.Spec.HealthCheckNodePort = 0 - } - - // If a user is switching to a type that doesn't need allocatedLoadBalancerNodePorts AND they did not change - // this field, it is safe to drop it. - if oldSvc.Spec.Type == api.ServiceTypeLoadBalancer && newSvc.Spec.Type != api.ServiceTypeLoadBalancer { - if newSvc.Spec.AllocateLoadBalancerNodePorts != nil && oldSvc.Spec.AllocateLoadBalancerNodePorts != nil { - if *oldSvc.Spec.AllocateLoadBalancerNodePorts == *newSvc.Spec.AllocateLoadBalancerNodePorts { - newSvc.Spec.AllocateLoadBalancerNodePorts = nil - } - } - } - - // If a user is switching to a type that doesn't need LoadBalancerClass AND they did not change - // this field, it is safe to drop it. - if canSetLoadBalancerClass(oldSvc) && !canSetLoadBalancerClass(newSvc) && sameLoadBalancerClass(oldSvc, newSvc) { - newSvc.Spec.LoadBalancerClass = nil - } - - // If a user is switching to a type that doesn't need ExternalTrafficPolicy - // AND they did not change this field, it is safe to drop it. - if needsExternalTrafficPolicy(oldSvc) && !needsExternalTrafficPolicy(newSvc) && sameExternalTrafficPolicy(oldSvc, newSvc) { - newSvc.Spec.ExternalTrafficPolicy = api.ServiceExternalTrafficPolicyType("") - } - - // NOTE: there are other fields like `selector` which we could wipe. - // Historically we did not wipe them and they are not allocated from - // finite pools, so we are (currently) choosing to leave them alone. - - // Clear the load-balancer status if it is no longer appropriate. Although - // LB de-provisioning is actually asynchronous, we don't need to expose the - // user to that complexity. - if newSvc.Spec.Type != api.ServiceTypeLoadBalancer { - newSvc.Status.LoadBalancer = api.LoadBalancerStatus{} - } -} - -func needsClusterIP(svc *api.Service) bool { - if svc.Spec.Type == api.ServiceTypeExternalName { - return false - } - return true -} - -func sameClusterIPs(oldSvc, newSvc *api.Service) bool { - sameSingular := oldSvc.Spec.ClusterIP == newSvc.Spec.ClusterIP - samePlural := sameStringSlice(oldSvc.Spec.ClusterIPs, newSvc.Spec.ClusterIPs) - return sameSingular && samePlural -} - -func sameIPFamilies(oldSvc, newSvc *api.Service) bool { - return reflect.DeepEqual(oldSvc.Spec.IPFamilies, newSvc.Spec.IPFamilies) -} - -func getIPFamilyPolicy(svc *api.Service) string { - if svc.Spec.IPFamilyPolicy == nil { - return "" - } - return string(*svc.Spec.IPFamilyPolicy) -} - -func sameIPFamilyPolicy(oldSvc, newSvc *api.Service) bool { - return getIPFamilyPolicy(oldSvc) == getIPFamilyPolicy(newSvc) -} - -func needsNodePort(svc *api.Service) bool { - if svc.Spec.Type == api.ServiceTypeNodePort || svc.Spec.Type == api.ServiceTypeLoadBalancer { - return true - } - return false -} - -func sameNodePorts(oldSvc, newSvc *api.Service) bool { - // Helper to make a set of NodePort values. - allNodePorts := func(svc *api.Service) sets.Int { - out := sets.NewInt() - for i := range svc.Spec.Ports { - if svc.Spec.Ports[i].NodePort != 0 { - out.Insert(int(svc.Spec.Ports[i].NodePort)) - } - } - return out - } - - oldPorts := allNodePorts(oldSvc) - newPorts := allNodePorts(newSvc) - - // Users can add, remove, or modify ports, as long as they don't add any - // net-new NodePorts. - return oldPorts.IsSuperset(newPorts) -} - -func needsHCNodePort(svc *api.Service) bool { - if svc.Spec.Type != api.ServiceTypeLoadBalancer { - return false - } - if svc.Spec.ExternalTrafficPolicy != api.ServiceExternalTrafficPolicyTypeLocal { - return false - } - return true -} - -func sameHCNodePort(oldSvc, newSvc *api.Service) bool { - return oldSvc.Spec.HealthCheckNodePort == newSvc.Spec.HealthCheckNodePort -} - -func canSetLoadBalancerClass(svc *api.Service) bool { - return svc.Spec.Type == api.ServiceTypeLoadBalancer -} - -func sameLoadBalancerClass(oldSvc, newSvc *api.Service) bool { - if (oldSvc.Spec.LoadBalancerClass == nil) != (newSvc.Spec.LoadBalancerClass == nil) { - return false - } - if oldSvc.Spec.LoadBalancerClass == nil { - return true // both are nil - } - return *oldSvc.Spec.LoadBalancerClass == *newSvc.Spec.LoadBalancerClass -} - -func needsExternalTrafficPolicy(svc *api.Service) bool { - return svc.Spec.Type == api.ServiceTypeNodePort || svc.Spec.Type == api.ServiceTypeLoadBalancer -} - -func sameExternalTrafficPolicy(oldSvc, newSvc *api.Service) bool { - return oldSvc.Spec.ExternalTrafficPolicy == newSvc.Spec.ExternalTrafficPolicy -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/OWNERS deleted file mode 100644 index e9f4e0b724..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-serviceaccounts-approvers -reviewers: - - sig-auth-serviceaccounts-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/doc.go deleted file mode 100644 index a53e249dba..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package serviceaccount provides a Registry interface and a strategy -// implementation for storing ServiceAccount API objects. -package serviceaccount // import "k8s.io/kubernetes/pkg/registry/core/serviceaccount" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage/storage.go deleted file mode 100644 index 60f83b7413..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage/storage.go +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "time" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/core/serviceaccount" - token "k8s.io/kubernetes/pkg/serviceaccount" -) - -type REST struct { - *genericregistry.Store - Token *TokenREST -} - -// NewREST returns a RESTStorage object that will work against service accounts. -func NewREST(optsGetter generic.RESTOptionsGetter, issuer token.TokenGenerator, auds authenticator.Audiences, max time.Duration, podStorage, secretStorage *genericregistry.Store, extendExpiration bool) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &api.ServiceAccount{} }, - NewListFunc: func() runtime.Object { return &api.ServiceAccountList{} }, - DefaultQualifiedResource: api.Resource("serviceaccounts"), - - CreateStrategy: serviceaccount.Strategy, - UpdateStrategy: serviceaccount.Strategy, - DeleteStrategy: serviceaccount.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - var trest *TokenREST - if issuer != nil && podStorage != nil && secretStorage != nil { - trest = &TokenREST{ - svcaccts: store, - pods: podStorage, - secrets: secretStorage, - issuer: issuer, - auds: auds, - audsSet: sets.NewString(auds...), - maxExpirationSeconds: int64(max.Seconds()), - extendExpiration: extendExpiration, - } - } - - return &REST{ - Store: store, - Token: trest, - }, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"sa"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage/token.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage/token.go deleted file mode 100644 index 6f840e5315..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage/token.go +++ /dev/null @@ -1,228 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "fmt" - "time" - - authenticationapiv1 "k8s.io/api/authentication/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/authentication/authenticator" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/warning" - authenticationapi "k8s.io/kubernetes/pkg/apis/authentication" - authenticationvalidation "k8s.io/kubernetes/pkg/apis/authentication/validation" - api "k8s.io/kubernetes/pkg/apis/core" - token "k8s.io/kubernetes/pkg/serviceaccount" -) - -func (r *TokenREST) New() runtime.Object { - return &authenticationapi.TokenRequest{} -} - -// Destroy cleans up resources on shutdown. -func (r *TokenREST) Destroy() { - // Given no underlying store, we don't destroy anything - // here explicitly. -} - -type TokenREST struct { - svcaccts getter - pods getter - secrets getter - issuer token.TokenGenerator - auds authenticator.Audiences - audsSet sets.String - maxExpirationSeconds int64 - extendExpiration bool -} - -var _ = rest.NamedCreater(&TokenREST{}) -var _ = rest.GroupVersionKindProvider(&TokenREST{}) - -var gvk = schema.GroupVersionKind{ - Group: authenticationapiv1.SchemeGroupVersion.Group, - Version: authenticationapiv1.SchemeGroupVersion.Version, - Kind: "TokenRequest", -} - -func (r *TokenREST) Create(ctx context.Context, name string, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - req := obj.(*authenticationapi.TokenRequest) - - // Get the namespace from the context (populated from the URL). - namespace, ok := genericapirequest.NamespaceFrom(ctx) - if !ok { - return nil, errors.NewBadRequest("namespace is required") - } - - // require name/namespace in the body to match URL if specified - if len(req.Name) > 0 && req.Name != name { - errs := field.ErrorList{field.Invalid(field.NewPath("metadata").Child("name"), req.Name, "must match the service account name if specified")} - return nil, errors.NewInvalid(gvk.GroupKind(), name, errs) - } - if len(req.Namespace) > 0 && req.Namespace != namespace { - errs := field.ErrorList{field.Invalid(field.NewPath("metadata").Child("namespace"), req.Namespace, "must match the service account namespace if specified")} - return nil, errors.NewInvalid(gvk.GroupKind(), name, errs) - } - - // Lookup service account - svcacctObj, err := r.svcaccts.Get(ctx, name, &metav1.GetOptions{}) - if err != nil { - return nil, err - } - svcacct := svcacctObj.(*api.ServiceAccount) - - // Default unset spec audiences to API server audiences based on server config - if len(req.Spec.Audiences) == 0 { - req.Spec.Audiences = r.auds - } - // Populate metadata fields if not set - if len(req.Name) == 0 { - req.Name = svcacct.Name - } - if len(req.Namespace) == 0 { - req.Namespace = svcacct.Namespace - } - - // Save current time before building the token, to make sure the expiration - // returned in TokenRequestStatus would be <= the exp field in token. - nowTime := time.Now() - req.CreationTimestamp = metav1.NewTime(nowTime) - - // Clear status - req.Status = authenticationapi.TokenRequestStatus{} - - // call static validation, then validating admission - if errs := authenticationvalidation.ValidateTokenRequest(req); len(errs) != 0 { - return nil, errors.NewInvalid(gvk.GroupKind(), "", errs) - } - if createValidation != nil { - if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { - return nil, err - } - } - - var ( - pod *api.Pod - secret *api.Secret - ) - - if ref := req.Spec.BoundObjectRef; ref != nil { - var uid types.UID - - gvk := schema.FromAPIVersionAndKind(ref.APIVersion, ref.Kind) - switch { - case gvk.Group == "" && gvk.Kind == "Pod": - newCtx := newContext(ctx, "pods", ref.Name, gvk) - podObj, err := r.pods.Get(newCtx, ref.Name, &metav1.GetOptions{}) - if err != nil { - return nil, err - } - pod = podObj.(*api.Pod) - if name != pod.Spec.ServiceAccountName { - return nil, errors.NewBadRequest(fmt.Sprintf("cannot bind token for serviceaccount %q to pod running with different serviceaccount name.", name)) - } - uid = pod.UID - case gvk.Group == "" && gvk.Kind == "Secret": - newCtx := newContext(ctx, "secrets", ref.Name, gvk) - secretObj, err := r.secrets.Get(newCtx, ref.Name, &metav1.GetOptions{}) - if err != nil { - return nil, err - } - secret = secretObj.(*api.Secret) - uid = secret.UID - default: - return nil, errors.NewBadRequest(fmt.Sprintf("cannot bind token to object of type %s", gvk.String())) - } - if ref.UID != "" && uid != ref.UID { - return nil, errors.NewConflict(schema.GroupResource{Group: gvk.Group, Resource: gvk.Kind}, ref.Name, fmt.Errorf("the UID in the bound object reference (%s) does not match the UID in record. The object might have been deleted and then recreated", ref.UID)) - } - } - - if r.maxExpirationSeconds > 0 && req.Spec.ExpirationSeconds > r.maxExpirationSeconds { - //only positive value is valid - warning.AddWarning(ctx, "", fmt.Sprintf("requested expiration of %d seconds shortened to %d seconds", req.Spec.ExpirationSeconds, r.maxExpirationSeconds)) - req.Spec.ExpirationSeconds = r.maxExpirationSeconds - } - - // Tweak expiration for safe transition of projected service account token. - // Warn (instead of fail) after requested expiration time. - // Fail after hard-coded extended expiration time. - // Only perform the extension when token is pod-bound. - var warnAfter int64 - exp := req.Spec.ExpirationSeconds - if r.extendExpiration && pod != nil && req.Spec.ExpirationSeconds == token.WarnOnlyBoundTokenExpirationSeconds && r.isKubeAudiences(req.Spec.Audiences) { - warnAfter = exp - exp = token.ExpirationExtensionSeconds - } - - sc, pc := token.Claims(*svcacct, pod, secret, exp, warnAfter, req.Spec.Audiences) - tokdata, err := r.issuer.GenerateToken(sc, pc) - if err != nil { - return nil, fmt.Errorf("failed to generate token: %v", err) - } - - // populate status - out := req.DeepCopy() - out.Status = authenticationapi.TokenRequestStatus{ - Token: tokdata, - ExpirationTimestamp: metav1.Time{Time: nowTime.Add(time.Duration(out.Spec.ExpirationSeconds) * time.Second)}, - } - return out, nil -} - -func (r *TokenREST) GroupVersionKind(schema.GroupVersion) schema.GroupVersionKind { - return gvk -} - -type getter interface { - Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) -} - -// newContext return a copy of ctx in which new RequestInfo is set -func newContext(ctx context.Context, resource, name string, gvk schema.GroupVersionKind) context.Context { - oldInfo, found := genericapirequest.RequestInfoFrom(ctx) - if !found { - return ctx - } - newInfo := genericapirequest.RequestInfo{ - IsResourceRequest: true, - Verb: "get", - Namespace: oldInfo.Namespace, - Resource: resource, - Name: name, - Parts: []string{resource, name}, - APIGroup: gvk.Group, - APIVersion: gvk.Version, - } - return genericapirequest.WithRequestInfo(ctx, &newInfo) -} - -// isKubeAudiences returns true if the tokenaudiences is a strict subset of apiserver audiences. -func (r *TokenREST) isKubeAudiences(tokenAudience []string) bool { - // tokenAudiences must be a strict subset of apiserver audiences - return r.audsSet.HasAll(tokenAudience...) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/strategy.go deleted file mode 100644 index cad6da26fb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/core/serviceaccount/strategy.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/validation" -) - -// strategy implements behavior for ServiceAccount objects -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating ServiceAccount -// objects via the REST API. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (strategy) NamespaceScoped() bool { - return true -} - -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - cleanSecretReferences(obj.(*api.ServiceAccount)) -} - -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - return validation.ValidateServiceAccount(obj.(*api.ServiceAccount)) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (strategy) Canonicalize(obj runtime.Object) { -} - -func (strategy) AllowCreateOnUpdate() bool { - return false -} - -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - cleanSecretReferences(obj.(*api.ServiceAccount)) -} - -func cleanSecretReferences(serviceAccount *api.ServiceAccount) { - for i, secret := range serviceAccount.Secrets { - serviceAccount.Secrets[i] = api.ObjectReference{Name: secret.Name} - } -} - -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateServiceAccountUpdate(obj.(*api.ServiceAccount), old.(*api.ServiceAccount)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (strategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/doc.go deleted file mode 100644 index 670128e8a8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package endpointslice // import "k8s.io/kubernetes/pkg/registry/discovery/endpointslice" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/storage/storage.go deleted file mode 100644 index 756553ad58..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/storage/storage.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/discovery" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/discovery/endpointslice" -) - -// REST implements a RESTStorage for EndpointSlice against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against endpoint slices. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &discovery.EndpointSlice{} }, - NewListFunc: func() runtime.Object { return &discovery.EndpointSliceList{} }, - DefaultQualifiedResource: discovery.Resource("endpointslices"), - - CreateStrategy: endpointslice.Strategy, - UpdateStrategy: endpointslice.Strategy, - DeleteStrategy: endpointslice.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/strategy.go deleted file mode 100644 index 6bb8359f1e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/endpointslice/strategy.go +++ /dev/null @@ -1,209 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package endpointslice - -import ( - "context" - - corev1 "k8s.io/api/core/v1" - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/apis/discovery" - "k8s.io/kubernetes/pkg/apis/discovery/validation" - "k8s.io/kubernetes/pkg/features" -) - -// endpointSliceStrategy implements verification logic for Replication. -type endpointSliceStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Replication EndpointSlice objects. -var Strategy = endpointSliceStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns true because all EndpointSlices need to be within a namespace. -func (endpointSliceStrategy) NamespaceScoped() bool { - return true -} - -// PrepareForCreate clears the status of an EndpointSlice before creation. -func (endpointSliceStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - endpointSlice := obj.(*discovery.EndpointSlice) - endpointSlice.Generation = 1 - - dropDisabledFieldsOnCreate(endpointSlice) - dropTopologyOnV1(ctx, nil, endpointSlice) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (endpointSliceStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newEPS := obj.(*discovery.EndpointSlice) - oldEPS := old.(*discovery.EndpointSlice) - - // Increment generation if anything other than meta changed - // This needs to be changed if a status attribute is added to EndpointSlice - ogNewMeta := newEPS.ObjectMeta - ogOldMeta := oldEPS.ObjectMeta - newEPS.ObjectMeta = metav1.ObjectMeta{} - oldEPS.ObjectMeta = metav1.ObjectMeta{} - - if !apiequality.Semantic.DeepEqual(newEPS, oldEPS) || !apiequality.Semantic.DeepEqual(ogNewMeta.Labels, ogOldMeta.Labels) { - ogNewMeta.Generation = ogOldMeta.Generation + 1 - } - - newEPS.ObjectMeta = ogNewMeta - oldEPS.ObjectMeta = ogOldMeta - - dropDisabledFieldsOnUpdate(oldEPS, newEPS) - dropTopologyOnV1(ctx, oldEPS, newEPS) -} - -// Validate validates a new EndpointSlice. -func (endpointSliceStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - endpointSlice := obj.(*discovery.EndpointSlice) - err := validation.ValidateEndpointSliceCreate(endpointSlice) - return err -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (endpointSliceStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (endpointSliceStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for EndpointSlice; this means POST is needed to create one. -func (endpointSliceStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (endpointSliceStrategy) ValidateUpdate(ctx context.Context, new, old runtime.Object) field.ErrorList { - newEPS := new.(*discovery.EndpointSlice) - oldEPS := old.(*discovery.EndpointSlice) - return validation.ValidateEndpointSliceUpdate(newEPS, oldEPS) -} - -// WarningsOnUpdate returns warnings for the given update. -func (endpointSliceStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for EndpointSlice objects. -func (endpointSliceStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// dropDisabledConditionsOnCreate will drop any fields that are disabled. -func dropDisabledFieldsOnCreate(endpointSlice *discovery.EndpointSlice) { - dropHints := !utilfeature.DefaultFeatureGate.Enabled(features.TopologyAwareHints) - - if dropHints { - for i := range endpointSlice.Endpoints { - if dropHints { - endpointSlice.Endpoints[i].Hints = nil - } - } - } -} - -// dropDisabledFieldsOnUpdate will drop any disable fields that have not already -// been set on the EndpointSlice. -func dropDisabledFieldsOnUpdate(oldEPS, newEPS *discovery.EndpointSlice) { - dropHints := !utilfeature.DefaultFeatureGate.Enabled(features.TopologyAwareHints) - if dropHints { - for _, ep := range oldEPS.Endpoints { - if ep.Hints != nil { - dropHints = false - break - } - } - } - - if dropHints { - for i := range newEPS.Endpoints { - if dropHints { - newEPS.Endpoints[i].Hints = nil - } - } - } -} - -// dropTopologyOnV1 on V1 request wipes the DeprecatedTopology field and copies -// the NodeName value into DeprecatedTopology -func dropTopologyOnV1(ctx context.Context, oldEPS, newEPS *discovery.EndpointSlice) { - if info, ok := genericapirequest.RequestInfoFrom(ctx); ok { - requestGV := schema.GroupVersion{Group: info.APIGroup, Version: info.APIVersion} - if requestGV == discoveryv1beta1.SchemeGroupVersion { - return - } - - // do not drop topology if endpoints have not been changed - if oldEPS != nil && apiequality.Semantic.DeepEqual(oldEPS.Endpoints, newEPS.Endpoints) { - return - } - - // Only node names that exist in previous version of the EndpointSlice - // deprecatedTopology fields may be retained in new version of the - // EndpointSlice. - prevNodeNames := getDeprecatedTopologyNodeNames(oldEPS) - - for i := range newEPS.Endpoints { - ep := &newEPS.Endpoints[i] - - newTopologyNodeName, ok := ep.DeprecatedTopology[corev1.LabelHostname] - if ep.NodeName == nil && ok && prevNodeNames.Has(newTopologyNodeName) && len(apivalidation.ValidateNodeName(newTopologyNodeName, false)) == 0 { - // Copy the label previously used to store the node name into the nodeName field, - // in order to make partial updates preserve previous node info - ep.NodeName = &newTopologyNodeName - } - // Drop writes to this field via the v1 API as documented - ep.DeprecatedTopology = nil - } - } -} - -// getDeprecatedTopologyNodeNames returns a set of node names present in -// deprecatedTopology fields within the provided EndpointSlice. -func getDeprecatedTopologyNodeNames(eps *discovery.EndpointSlice) sets.String { - if eps == nil { - return nil - } - var names sets.String - for _, ep := range eps.Endpoints { - if nodeName, ok := ep.DeprecatedTopology[corev1.LabelHostname]; ok && len(nodeName) > 0 { - if names == nil { - names = sets.NewString() - } - names.Insert(nodeName) - } - } - return names -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/rest/storage_discovery.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/rest/storage_discovery.go deleted file mode 100644 index 02f76a139a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/discovery/rest/storage_discovery.go +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - discoveryv1 "k8s.io/api/discovery/v1" - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/discovery" - endpointslicestorage "k8s.io/kubernetes/pkg/registry/discovery/endpointslice/storage" -) - -// StorageProvider is a REST storage provider for discovery.k8s.io. -type StorageProvider struct{} - -// NewRESTStorage returns a new storage provider. -func (p StorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(discovery.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[discoveryv1beta1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[discoveryv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p StorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - if resource := "endpointslices"; apiResourceConfigSource.ResourceEnabled(discoveryv1beta1.SchemeGroupVersion.WithResource(resource)) { - endpointSliceStorage, err := endpointslicestorage.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = endpointSliceStorage - } - - return storage, nil -} - -func (p StorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - if resource := "endpointslices"; apiResourceConfigSource.ResourceEnabled(discoveryv1.SchemeGroupVersion.WithResource(resource)) { - endpointSliceStorage, err := endpointslicestorage.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = endpointSliceStorage - } - - return storage, nil -} - -// GroupName is the group name for the storage provider. -func (p StorageProvider) GroupName() string { - return discovery.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/events/rest/storage_events.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/events/rest/storage_events.go deleted file mode 100644 index 147e1d5c1c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/events/rest/storage_events.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "time" - - eventsapiv1 "k8s.io/api/events/v1" - eventsapiv1beta1 "k8s.io/api/events/v1beta1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/events" - eventstore "k8s.io/kubernetes/pkg/registry/core/event/storage" -) - -type RESTStorageProvider struct { - TTL time.Duration -} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(events.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[eventsapiv1beta1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[eventsapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // events - if resource := "events"; apiResourceConfigSource.ResourceEnabled(eventsapiv1beta1.SchemeGroupVersion.WithResource(resource)) { - eventsStorage, err := eventstore.NewREST(restOptionsGetter, uint64(p.TTL.Seconds())) - if err != nil { - return storage, err - } - storage[resource] = eventsStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // events - if resource := "events"; apiResourceConfigSource.ResourceEnabled(eventsapiv1.SchemeGroupVersion.WithResource(resource)) { - eventsStorage, err := eventstore.NewREST(restOptionsGetter, uint64(p.TTL.Seconds())) - if err != nil { - return storage, err - } - storage[resource] = eventsStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return events.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/flowschema.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/flowschema.go deleted file mode 100644 index 4dbfb19c45..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/flowschema.go +++ /dev/null @@ -1,208 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ensurer - -import ( - "context" - "errors" - "fmt" - - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - flowcontrolclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3" - flowcontrollisters "k8s.io/client-go/listers/flowcontrol/v1beta3" - flowcontrolapisv1beta3 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3" -) - -var ( - errObjectNotFlowSchema = errors.New("object is not a FlowSchema type") -) - -// FlowSchemaEnsurer ensures the specified bootstrap configuration objects -type FlowSchemaEnsurer interface { - Ensure([]*flowcontrolv1beta3.FlowSchema) error -} - -// FlowSchemaRemover is the interface that wraps the -// RemoveAutoUpdateEnabledObjects method. -// -// RemoveAutoUpdateEnabledObjects removes a set of bootstrap FlowSchema -// objects specified via their names. The function removes an object -// only if automatic update of the spec is enabled for it. -type FlowSchemaRemover interface { - RemoveAutoUpdateEnabledObjects([]string) error -} - -// NewSuggestedFlowSchemaEnsurer returns a FlowSchemaEnsurer instance that -// can be used to ensure a set of suggested FlowSchema configuration objects. -func NewSuggestedFlowSchemaEnsurer(client flowcontrolclient.FlowSchemaInterface, lister flowcontrollisters.FlowSchemaLister) FlowSchemaEnsurer { - wrapper := &flowSchemaWrapper{ - client: client, - lister: lister, - } - return &fsEnsurer{ - strategy: newSuggestedEnsureStrategy(wrapper), - wrapper: wrapper, - } -} - -// NewMandatoryFlowSchemaEnsurer returns a FlowSchemaEnsurer instance that -// can be used to ensure a set of mandatory FlowSchema configuration objects. -func NewMandatoryFlowSchemaEnsurer(client flowcontrolclient.FlowSchemaInterface, lister flowcontrollisters.FlowSchemaLister) FlowSchemaEnsurer { - wrapper := &flowSchemaWrapper{ - client: client, - lister: lister, - } - return &fsEnsurer{ - strategy: newMandatoryEnsureStrategy(wrapper), - wrapper: wrapper, - } -} - -// NewFlowSchemaRemover returns a FlowSchemaRemover instance that -// can be used to remove a set of FlowSchema configuration objects. -func NewFlowSchemaRemover(client flowcontrolclient.FlowSchemaInterface, lister flowcontrollisters.FlowSchemaLister) FlowSchemaRemover { - return &fsEnsurer{ - wrapper: &flowSchemaWrapper{ - client: client, - lister: lister, - }, - } -} - -// GetFlowSchemaRemoveCandidates returns a list of FlowSchema object -// names that are candidates for deletion from the cluster. -// bootstrap: a set of hard coded FlowSchema configuration objects -// kube-apiserver maintains in-memory. -func GetFlowSchemaRemoveCandidates(lister flowcontrollisters.FlowSchemaLister, bootstrap []*flowcontrolv1beta3.FlowSchema) ([]string, error) { - fsList, err := lister.List(labels.Everything()) - if err != nil { - return nil, fmt.Errorf("failed to list FlowSchema - %w", err) - } - - bootstrapNames := sets.String{} - for i := range bootstrap { - bootstrapNames.Insert(bootstrap[i].GetName()) - } - - currentObjects := make([]metav1.Object, len(fsList)) - for i := range fsList { - currentObjects[i] = fsList[i] - } - - return getDanglingBootstrapObjectNames(bootstrapNames, currentObjects), nil -} - -type fsEnsurer struct { - strategy ensureStrategy - wrapper configurationWrapper -} - -func (e *fsEnsurer) Ensure(flowSchemas []*flowcontrolv1beta3.FlowSchema) error { - for _, flowSchema := range flowSchemas { - if err := ensureConfiguration(e.wrapper, e.strategy, flowSchema); err != nil { - return err - } - } - - return nil -} - -func (e *fsEnsurer) RemoveAutoUpdateEnabledObjects(flowSchemas []string) error { - for _, flowSchema := range flowSchemas { - if err := removeAutoUpdateEnabledConfiguration(e.wrapper, flowSchema); err != nil { - return err - } - } - - return nil -} - -// flowSchemaWrapper abstracts all FlowSchema specific logic, with this -// we can manage all boiler plate code in one place. -type flowSchemaWrapper struct { - client flowcontrolclient.FlowSchemaInterface - lister flowcontrollisters.FlowSchemaLister -} - -func (fs *flowSchemaWrapper) TypeName() string { - return "FlowSchema" -} - -func (fs *flowSchemaWrapper) Create(object runtime.Object) (runtime.Object, error) { - fsObject, ok := object.(*flowcontrolv1beta3.FlowSchema) - if !ok { - return nil, errObjectNotFlowSchema - } - - return fs.client.Create(context.TODO(), fsObject, metav1.CreateOptions{FieldManager: fieldManager}) -} - -func (fs *flowSchemaWrapper) Update(object runtime.Object) (runtime.Object, error) { - fsObject, ok := object.(*flowcontrolv1beta3.FlowSchema) - if !ok { - return nil, errObjectNotFlowSchema - } - - return fs.client.Update(context.TODO(), fsObject, metav1.UpdateOptions{FieldManager: fieldManager}) -} - -func (fs *flowSchemaWrapper) Get(name string) (configurationObject, error) { - return fs.lister.Get(name) -} - -func (fs *flowSchemaWrapper) Delete(name string) error { - return fs.client.Delete(context.TODO(), name, metav1.DeleteOptions{}) -} - -func (fs *flowSchemaWrapper) CopySpec(bootstrap, current runtime.Object) error { - bootstrapFS, ok := bootstrap.(*flowcontrolv1beta3.FlowSchema) - if !ok { - return errObjectNotFlowSchema - } - currentFS, ok := current.(*flowcontrolv1beta3.FlowSchema) - if !ok { - return errObjectNotFlowSchema - } - - specCopy := bootstrapFS.Spec.DeepCopy() - currentFS.Spec = *specCopy - return nil -} - -func (fs *flowSchemaWrapper) HasSpecChanged(bootstrap, current runtime.Object) (bool, error) { - bootstrapFS, ok := bootstrap.(*flowcontrolv1beta3.FlowSchema) - if !ok { - return false, errObjectNotFlowSchema - } - currentFS, ok := current.(*flowcontrolv1beta3.FlowSchema) - if !ok { - return false, errObjectNotFlowSchema - } - - return flowSchemaSpecChanged(bootstrapFS, currentFS), nil -} - -func flowSchemaSpecChanged(expected, actual *flowcontrolv1beta3.FlowSchema) bool { - copiedExpectedFlowSchema := expected.DeepCopy() - flowcontrolapisv1beta3.SetObjectDefaults_FlowSchema(copiedExpectedFlowSchema) - return !equality.Semantic.DeepEqual(copiedExpectedFlowSchema.Spec, actual.Spec) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/prioritylevelconfiguration.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/prioritylevelconfiguration.go deleted file mode 100644 index 4da5bc92c4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/prioritylevelconfiguration.go +++ /dev/null @@ -1,209 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ensurer - -import ( - "context" - "errors" - "fmt" - - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - flowcontrolclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3" - flowcontrollisters "k8s.io/client-go/listers/flowcontrol/v1beta3" - flowcontrolapisv1beta3 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3" -) - -var ( - errObjectNotPriorityLevel = errors.New("object is not a PriorityLevelConfiguration type") -) - -// PriorityLevelEnsurer ensures the specified bootstrap configuration objects -type PriorityLevelEnsurer interface { - Ensure([]*flowcontrolv1beta3.PriorityLevelConfiguration) error -} - -// PriorityLevelRemover is the interface that wraps the -// RemoveAutoUpdateEnabledObjects method. -// -// RemoveAutoUpdateEnabledObjects removes a set of bootstrap -// PriorityLevelConfiguration objects specified via their names. -// The function removes an object only if automatic update -// of the spec is enabled for it. -type PriorityLevelRemover interface { - RemoveAutoUpdateEnabledObjects([]string) error -} - -// NewSuggestedPriorityLevelEnsurerEnsurer returns a PriorityLevelEnsurer instance that -// can be used to ensure a set of suggested PriorityLevelConfiguration configuration objects. -func NewSuggestedPriorityLevelEnsurerEnsurer(client flowcontrolclient.PriorityLevelConfigurationInterface, lister flowcontrollisters.PriorityLevelConfigurationLister) PriorityLevelEnsurer { - wrapper := &priorityLevelConfigurationWrapper{ - client: client, - lister: lister, - } - return &plEnsurer{ - strategy: newSuggestedEnsureStrategy(wrapper), - wrapper: wrapper, - } -} - -// NewMandatoryPriorityLevelEnsurer returns a PriorityLevelEnsurer instance that -// can be used to ensure a set of mandatory PriorityLevelConfiguration configuration objects. -func NewMandatoryPriorityLevelEnsurer(client flowcontrolclient.PriorityLevelConfigurationInterface, lister flowcontrollisters.PriorityLevelConfigurationLister) PriorityLevelEnsurer { - wrapper := &priorityLevelConfigurationWrapper{ - client: client, - lister: lister, - } - return &plEnsurer{ - strategy: newMandatoryEnsureStrategy(wrapper), - wrapper: wrapper, - } -} - -// NewPriorityLevelRemover returns a PriorityLevelRemover instance that -// can be used to remove a set of PriorityLevelConfiguration configuration objects. -func NewPriorityLevelRemover(client flowcontrolclient.PriorityLevelConfigurationInterface, lister flowcontrollisters.PriorityLevelConfigurationLister) PriorityLevelRemover { - return &plEnsurer{ - wrapper: &priorityLevelConfigurationWrapper{ - client: client, - lister: lister, - }, - } -} - -// GetPriorityLevelRemoveCandidates returns a list of PriorityLevelConfiguration -// names that are candidates for removal from the cluster. -// bootstrap: a set of hard coded PriorityLevelConfiguration configuration -// objects kube-apiserver maintains in-memory. -func GetPriorityLevelRemoveCandidates(lister flowcontrollisters.PriorityLevelConfigurationLister, bootstrap []*flowcontrolv1beta3.PriorityLevelConfiguration) ([]string, error) { - plList, err := lister.List(labels.Everything()) - if err != nil { - return nil, fmt.Errorf("failed to list PriorityLevelConfiguration - %w", err) - } - - bootstrapNames := sets.String{} - for i := range bootstrap { - bootstrapNames.Insert(bootstrap[i].GetName()) - } - - currentObjects := make([]metav1.Object, len(plList)) - for i := range plList { - currentObjects[i] = plList[i] - } - - return getDanglingBootstrapObjectNames(bootstrapNames, currentObjects), nil -} - -type plEnsurer struct { - strategy ensureStrategy - wrapper configurationWrapper -} - -func (e *plEnsurer) Ensure(priorityLevels []*flowcontrolv1beta3.PriorityLevelConfiguration) error { - for _, priorityLevel := range priorityLevels { - if err := ensureConfiguration(e.wrapper, e.strategy, priorityLevel); err != nil { - return err - } - } - - return nil -} - -func (e *plEnsurer) RemoveAutoUpdateEnabledObjects(priorityLevels []string) error { - for _, priorityLevel := range priorityLevels { - if err := removeAutoUpdateEnabledConfiguration(e.wrapper, priorityLevel); err != nil { - return err - } - } - - return nil -} - -// priorityLevelConfigurationWrapper abstracts all PriorityLevelConfiguration specific logic, -// with this we can manage all boiler plate code in one place. -type priorityLevelConfigurationWrapper struct { - client flowcontrolclient.PriorityLevelConfigurationInterface - lister flowcontrollisters.PriorityLevelConfigurationLister -} - -func (fs *priorityLevelConfigurationWrapper) TypeName() string { - return "PriorityLevelConfiguration" -} - -func (fs *priorityLevelConfigurationWrapper) Create(object runtime.Object) (runtime.Object, error) { - plObject, ok := object.(*flowcontrolv1beta3.PriorityLevelConfiguration) - if !ok { - return nil, errObjectNotPriorityLevel - } - - return fs.client.Create(context.TODO(), plObject, metav1.CreateOptions{FieldManager: fieldManager}) -} - -func (fs *priorityLevelConfigurationWrapper) Update(object runtime.Object) (runtime.Object, error) { - fsObject, ok := object.(*flowcontrolv1beta3.PriorityLevelConfiguration) - if !ok { - return nil, errObjectNotPriorityLevel - } - - return fs.client.Update(context.TODO(), fsObject, metav1.UpdateOptions{FieldManager: fieldManager}) -} - -func (fs *priorityLevelConfigurationWrapper) Get(name string) (configurationObject, error) { - return fs.lister.Get(name) -} - -func (fs *priorityLevelConfigurationWrapper) Delete(name string) error { - return fs.client.Delete(context.TODO(), name, metav1.DeleteOptions{}) -} - -func (fs *priorityLevelConfigurationWrapper) CopySpec(bootstrap, current runtime.Object) error { - bootstrapFS, ok := bootstrap.(*flowcontrolv1beta3.PriorityLevelConfiguration) - if !ok { - return errObjectNotPriorityLevel - } - currentFS, ok := current.(*flowcontrolv1beta3.PriorityLevelConfiguration) - if !ok { - return errObjectNotPriorityLevel - } - - specCopy := bootstrapFS.Spec.DeepCopy() - currentFS.Spec = *specCopy - return nil -} - -func (fs *priorityLevelConfigurationWrapper) HasSpecChanged(bootstrap, current runtime.Object) (bool, error) { - bootstrapFS, ok := bootstrap.(*flowcontrolv1beta3.PriorityLevelConfiguration) - if !ok { - return false, errObjectNotPriorityLevel - } - currentFS, ok := current.(*flowcontrolv1beta3.PriorityLevelConfiguration) - if !ok { - return false, errObjectNotPriorityLevel - } - - return priorityLevelSpecChanged(bootstrapFS, currentFS), nil -} - -func priorityLevelSpecChanged(expected, actual *flowcontrolv1beta3.PriorityLevelConfiguration) bool { - copiedExpectedPriorityLevel := expected.DeepCopy() - flowcontrolapisv1beta3.SetObjectDefaults_PriorityLevelConfiguration(copiedExpectedPriorityLevel) - return !equality.Semantic.DeepEqual(copiedExpectedPriorityLevel.Spec, actual.Spec) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/strategy.go deleted file mode 100644 index a46d097a79..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer/strategy.go +++ /dev/null @@ -1,344 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ensurer - -import ( - "errors" - "fmt" - "strconv" - - flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/klog/v2" - - "github.com/google/go-cmp/cmp" -) - -const ( - fieldManager = "api-priority-and-fairness-config-producer-v1" -) - -// ensureStrategy provides a strategy for ensuring apf bootstrap configurationWrapper. -// We have two types of configurationWrapper objects: -// -// - mandatory: the mandatory configurationWrapper objects are about ensuring that the P&F -// system itself won't crash; we have to be sure there's 'catch-all' place for -// everything to go. Any changes made by the cluster operators to these -// configurationWrapper objects will be stomped by the apiserver. -// -// - suggested: additional configurationWrapper objects for initial behavior. -// the cluster operators have an option to edit or delete these configurationWrapper objects. -type ensureStrategy interface { - // Name of the strategy, for now we have two: 'mandatory' and 'suggested'. - // This comes handy in logging. - Name() string - - // ShouldUpdate accepts the current and the bootstrap configuration and determines - // whether an update is necessary. - // current is the existing in-cluster configuration object. - // bootstrap is the configuration the kube-apiserver maintains in-memory. - // - // ok: true if auto update is required, otherwise false - // object: the new object represents the new configuration to be stored in-cluster. - // err: err is set when the function runs into an error and can not - // determine if auto update is needed. - ShouldUpdate(current, bootstrap configurationObject) (object runtime.Object, ok bool, err error) -} - -// this internal interface provides abstraction for dealing with the `Spec` -// of both 'FlowSchema' and 'PriorityLevelConfiguration' objects. -// Since the ensure logic for both types is common, we use a few internal interfaces -// to abstract out the differences of these two types. -type specCopier interface { - // HasSpecChanged returns true if the spec of both the bootstrap and - // the current configuration object is same, otherwise false. - HasSpecChanged(bootstrap, current runtime.Object) (bool, error) - - // CopySpec makes a deep copy the spec of the bootstrap object - // and copies it to that of the current object. - // CopySpec assumes that the current object is safe to mutate, so it - // rests with the caller to make a deep copy of the current. - CopySpec(bootstrap, current runtime.Object) error -} - -// this internal interface provides abstraction for CRUD operation -// related to both 'FlowSchema' and 'PriorityLevelConfiguration' objects. -// Since the ensure logic for both types is common, we use a few internal interfaces -// to abstract out the differences of these two types. -type configurationClient interface { - Create(object runtime.Object) (runtime.Object, error) - Update(object runtime.Object) (runtime.Object, error) - Get(name string) (configurationObject, error) - Delete(name string) error -} - -type configurationWrapper interface { - // TypeName returns the type of the configuration that this interface deals with. - // We use it to log the type name of the configuration object being ensured. - // It is either 'PriorityLevelConfiguration' or 'FlowSchema' - TypeName() string - - configurationClient - specCopier -} - -// A convenient wrapper interface that is used by the ensure logic. -type configurationObject interface { - metav1.Object - runtime.Object -} - -func newSuggestedEnsureStrategy(copier specCopier) ensureStrategy { - return &strategy{ - copier: copier, - alwaysAutoUpdateSpec: false, - name: "suggested", - } -} - -func newMandatoryEnsureStrategy(copier specCopier) ensureStrategy { - return &strategy{ - copier: copier, - alwaysAutoUpdateSpec: true, - name: "mandatory", - } -} - -// auto-update strategy for the configuration objects -type strategy struct { - copier specCopier - alwaysAutoUpdateSpec bool - name string -} - -func (s *strategy) Name() string { - return s.name -} - -func (s *strategy) ShouldUpdate(current, bootstrap configurationObject) (runtime.Object, bool, error) { - if current == nil || bootstrap == nil { - return nil, false, nil - } - - autoUpdateSpec := s.alwaysAutoUpdateSpec - if !autoUpdateSpec { - autoUpdateSpec = shouldUpdateSpec(current) - } - updateAnnotation := shouldUpdateAnnotation(current, autoUpdateSpec) - - var specChanged bool - if autoUpdateSpec { - changed, err := s.copier.HasSpecChanged(bootstrap, current) - if err != nil { - return nil, false, fmt.Errorf("failed to compare spec - %w", err) - } - specChanged = changed - } - - if !(updateAnnotation || specChanged) { - // the annotation key is up to date and the spec has not changed, no update is necessary - return nil, false, nil - } - - // if we are here, either we need to update the annotation key or the spec. - copy, ok := current.DeepCopyObject().(configurationObject) - if !ok { - // we should never be here - return nil, false, errors.New("incompatible object type") - } - - if updateAnnotation { - setAutoUpdateAnnotation(copy, autoUpdateSpec) - } - if specChanged { - s.copier.CopySpec(bootstrap, copy) - } - - return copy, true, nil -} - -// shouldUpdateSpec inspects the auto-update annotation key and generation field to determine -// whether the configurationWrapper object should be auto-updated. -func shouldUpdateSpec(accessor metav1.Object) bool { - value, _ := accessor.GetAnnotations()[flowcontrolv1beta3.AutoUpdateAnnotationKey] - if autoUpdate, err := strconv.ParseBool(value); err == nil { - return autoUpdate - } - - // We are here because of either a or b: - // a. the annotation key is missing. - // b. the annotation key is present but the value does not represent a boolean. - // In either case, if the operator hasn't changed the spec, we can safely auto update. - // Please note that we can't protect the changes made by the operator in the following scenario: - // - The operator deletes and recreates the same object with a variant spec (generation resets to 1). - if accessor.GetGeneration() == 1 { - return true - } - return false -} - -// shouldUpdateAnnotation determines whether the current value of the auto-update annotation -// key matches the desired value. -func shouldUpdateAnnotation(accessor metav1.Object, desired bool) bool { - if value, ok := accessor.GetAnnotations()[flowcontrolv1beta3.AutoUpdateAnnotationKey]; ok { - if current, err := strconv.ParseBool(value); err == nil && current == desired { - return false - } - } - - return true -} - -// setAutoUpdateAnnotation sets the auto-update annotation key to the specified value. -func setAutoUpdateAnnotation(accessor metav1.Object, autoUpdate bool) { - if accessor.GetAnnotations() == nil { - accessor.SetAnnotations(map[string]string{}) - } - - accessor.GetAnnotations()[flowcontrolv1beta3.AutoUpdateAnnotationKey] = strconv.FormatBool(autoUpdate) -} - -// ensureConfiguration ensures the boostrap configurationWrapper on the cluster based on the specified strategy. -func ensureConfiguration(wrapper configurationWrapper, strategy ensureStrategy, bootstrap configurationObject) error { - name := bootstrap.GetName() - configurationType := strategy.Name() - - var current configurationObject - var err error - for { - current, err = wrapper.Get(bootstrap.GetName()) - if err == nil { - break - } - if !apierrors.IsNotFound(err) { - return fmt.Errorf("failed to retrieve %s type=%s name=%q error=%w", wrapper.TypeName(), configurationType, name, err) - } - - // we always re-create a missing configuration object - if _, err = wrapper.Create(bootstrap); err == nil { - klog.V(2).InfoS(fmt.Sprintf("Successfully created %s", wrapper.TypeName()), "type", configurationType, "name", name) - return nil - } - - if !apierrors.IsAlreadyExists(err) { - return fmt.Errorf("cannot create %s type=%s name=%q error=%w", wrapper.TypeName(), configurationType, name, err) - } - klog.V(5).InfoS(fmt.Sprintf("Something created the %s concurrently", wrapper.TypeName()), "type", configurationType, "name", name) - } - - klog.V(5).InfoS(fmt.Sprintf("The %s already exists, checking whether it is up to date", wrapper.TypeName()), "type", configurationType, "name", name) - newObject, update, err := strategy.ShouldUpdate(current, bootstrap) - if err != nil { - return fmt.Errorf("failed to determine whether auto-update is required for %s type=%s name=%q error=%w", wrapper.TypeName(), configurationType, name, err) - } - if !update { - if klogV := klog.V(5); klogV.Enabled() { - klogV.InfoS("No update required", "wrapper", wrapper.TypeName(), "type", configurationType, "name", name, - "diff", cmp.Diff(current, bootstrap)) - } - return nil - } - - if _, err = wrapper.Update(newObject); err == nil { - klog.V(2).Infof("Updated the %s type=%s name=%q diff: %s", wrapper.TypeName(), configurationType, name, cmp.Diff(current, newObject)) - return nil - } - - if apierrors.IsConflict(err) { - klog.V(2).InfoS(fmt.Sprintf("Something updated the %s concurrently, I will check its spec later", wrapper.TypeName()), "type", configurationType, "name", name) - return nil - } - - return fmt.Errorf("failed to update the %s, will retry later type=%s name=%q error=%w", wrapper.TypeName(), configurationType, name, err) -} - -// removeAutoUpdateEnabledConfiguration makes an attempt to remove the given -// configuration object if automatic update of the spec is enabled for this object. -func removeAutoUpdateEnabledConfiguration(wrapper configurationWrapper, name string) error { - current, err := wrapper.Get(name) - if err != nil { - if apierrors.IsNotFound(err) { - return nil - } - - return fmt.Errorf("failed to retrieve the %s, will retry later name=%q error=%w", wrapper.TypeName(), name, err) - } - - value := current.GetAnnotations()[flowcontrolv1beta3.AutoUpdateAnnotationKey] - autoUpdate, err := strconv.ParseBool(value) - if err != nil { - klog.ErrorS(err, fmt.Sprintf("Skipping deletion of the %s", wrapper.TypeName()), "name", name) - - // This may need manual intervention, in case the annotation value is malformed, - // so don't return an error, that might trigger futile retry loop. - return nil - } - if !autoUpdate { - klog.V(5).InfoS(fmt.Sprintf("Skipping deletion of the %s", wrapper.TypeName()), "name", name) - return nil - } - - if err := wrapper.Delete(name); err != nil { - if apierrors.IsNotFound(err) { - klog.V(5).InfoS(fmt.Sprintf("Something concurrently deleted the %s", wrapper.TypeName()), "name", name) - return nil - } - - return fmt.Errorf("failed to delete the %s, will retry later name=%q error=%w", wrapper.TypeName(), name, err) - } - - klog.V(2).InfoS(fmt.Sprintf("Successfully deleted the %s", wrapper.TypeName()), "name", name) - return nil -} - -// getDanglingBootstrapObjectNames returns a list of names of bootstrap -// configuration objects that are potentially candidates for deletion from -// the cluster, given a set of bootstrap and current configuration. -// - bootstrap: a set of hard coded configuration kube-apiserver maintains in-memory. -// - current: a set of configuration objects that exist on the cluster -// -// Any object present in current is added to the list if both a and b are true: -// -// a. the object in current is missing from the bootstrap configuration -// b. the object has the designated auto-update annotation key -// -// This function shares the common logic for both FlowSchema and -// PriorityLevelConfiguration type and hence it accepts metav1.Object only. -func getDanglingBootstrapObjectNames(bootstrap sets.String, current []metav1.Object) []string { - if len(current) == 0 { - return nil - } - - candidates := make([]string, 0) - for i := range current { - object := current[i] - if _, ok := object.GetAnnotations()[flowcontrolv1beta3.AutoUpdateAnnotationKey]; !ok { - // the configuration object does not have the annotation key, - // it's probably a user defined configuration object, - // so we can skip it. - continue - } - - if _, ok := bootstrap[object.GetName()]; !ok { - candidates = append(candidates, object.GetName()) - } - } - return candidates -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/doc.go deleted file mode 100644 index 074b2aecd9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package flowschema provides model implementation of flow-schema api -package flowschema // import "k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/storage/storage.go deleted file mode 100644 index d1d287e735..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/storage/storage.go +++ /dev/null @@ -1,109 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// FlowSchemaStorage implements storage for flow schema. -type FlowSchemaStorage struct { - FlowSchema *REST - Status *StatusREST -} - -// REST implements a RESTStorage for flow schema against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against flow schemas. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &flowcontrol.FlowSchema{} }, - NewListFunc: func() runtime.Object { return &flowcontrol.FlowSchemaList{} }, - DefaultQualifiedResource: flowcontrol.Resource("flowschemas"), - - CreateStrategy: flowschema.Strategy, - UpdateStrategy: flowschema.Strategy, - DeleteStrategy: flowschema.Strategy, - ResetFieldsStrategy: flowschema.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.CreateStrategy = nil - statusStore.UpdateStrategy = flowschema.StatusStrategy - statusStore.DeleteStrategy = nil - statusStore.ResetFieldsStrategy = flowschema.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// StatusREST implements the REST endpoint for changing the status of a flow schema. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new flow schema object. -func (r *StatusREST) New() runtime.Object { - return &flowcontrol.FlowSchema{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/strategy.go deleted file mode 100644 index fa9774ef0f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/strategy.go +++ /dev/null @@ -1,170 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowschema - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - "k8s.io/kubernetes/pkg/apis/flowcontrol/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// flowSchemaStrategy implements verification logic for FlowSchema. -type flowSchemaStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating flow schema objects. -var Strategy = flowSchemaStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because all PriorityClasses are global. -func (flowSchemaStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (flowSchemaStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "flowcontrol.apiserver.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "flowcontrol.apiserver.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "flowcontrol.apiserver.k8s.io/v1beta2": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "flowcontrol.apiserver.k8s.io/v1beta3": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of a flow-schema before creation. -func (flowSchemaStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - fl := obj.(*flowcontrol.FlowSchema) - fl.Status = flowcontrol.FlowSchemaStatus{} - fl.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (flowSchemaStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newFlowSchema := obj.(*flowcontrol.FlowSchema) - oldFlowSchema := old.(*flowcontrol.FlowSchema) - - // Spec updates bump the generation so that we can distinguish between status updates. - if !apiequality.Semantic.DeepEqual(newFlowSchema.Spec, oldFlowSchema.Spec) { - newFlowSchema.Generation = oldFlowSchema.Generation + 1 - } - newFlowSchema.Status = oldFlowSchema.Status -} - -// Validate validates a new flow-schema. -func (flowSchemaStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - return validation.ValidateFlowSchema(obj.(*flowcontrol.FlowSchema)) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (flowSchemaStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (flowSchemaStrategy) Canonicalize(obj runtime.Object) { -} - -func (flowSchemaStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// AllowCreateOnUpdate is false for flow-schemas; this means a POST is needed to create one. -func (flowSchemaStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (flowSchemaStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateFlowSchemaUpdate(old.(*flowcontrol.FlowSchema), obj.(*flowcontrol.FlowSchema)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (flowSchemaStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -type flowSchemaStatusStrategy struct { - flowSchemaStrategy -} - -// StatusStrategy is the default logic that applies when updating flow-schema objects' status. -var StatusStrategy = flowSchemaStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (flowSchemaStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "flowcontrol.apiserver.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("metadata"), - fieldpath.MakePathOrDie("spec"), - ), - "flowcontrol.apiserver.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("metadata"), - fieldpath.MakePathOrDie("spec"), - ), - "flowcontrol.apiserver.k8s.io/v1beta2": fieldpath.NewSet( - fieldpath.MakePathOrDie("metadata"), - fieldpath.MakePathOrDie("spec"), - ), - "flowcontrol.apiserver.k8s.io/v1beta3": fieldpath.NewSet( - fieldpath.MakePathOrDie("metadata"), - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -func (flowSchemaStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newFlowSchema := obj.(*flowcontrol.FlowSchema) - oldFlowSchema := old.(*flowcontrol.FlowSchema) - - // managedFields must be preserved since it's been modified to - // track changed fields in the status update. - managedFields := newFlowSchema.ManagedFields - newFlowSchema.ObjectMeta = oldFlowSchema.ObjectMeta - newFlowSchema.ManagedFields = managedFields - newFlowSchema.Spec = oldFlowSchema.Spec -} - -func (flowSchemaStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateFlowSchemaStatusUpdate(old.(*flowcontrol.FlowSchema), obj.(*flowcontrol.FlowSchema)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (flowSchemaStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/doc.go deleted file mode 100644 index 57c8c47a9e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package prioritylevelconfiguration provides model implementation of priority-level-configuration api -package prioritylevelconfiguration // import "k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/storage/storage.go deleted file mode 100644 index defbd608b6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/storage/storage.go +++ /dev/null @@ -1,109 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// PriorityLevelConfigurationStorage implements storage for priority level configuration. -type PriorityLevelConfigurationStorage struct { - PriorityLevelConfiguration *REST - Status *StatusREST -} - -// REST implements a RESTStorage for priority level configuration against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against priority level configuration. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &flowcontrol.PriorityLevelConfiguration{} }, - NewListFunc: func() runtime.Object { return &flowcontrol.PriorityLevelConfigurationList{} }, - DefaultQualifiedResource: flowcontrol.Resource("prioritylevelconfigurations"), - - CreateStrategy: prioritylevelconfiguration.Strategy, - UpdateStrategy: prioritylevelconfiguration.Strategy, - DeleteStrategy: prioritylevelconfiguration.Strategy, - ResetFieldsStrategy: prioritylevelconfiguration.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.CreateStrategy = nil - statusStore.UpdateStrategy = prioritylevelconfiguration.StatusStrategy - statusStore.DeleteStrategy = nil - statusStore.ResetFieldsStrategy = prioritylevelconfiguration.StatusStrategy - - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// StatusREST implements the REST endpoint for changing the status of a priority level configuration. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new priority level configuration object. -func (r *StatusREST) New() runtime.Object { - return &flowcontrol.PriorityLevelConfiguration{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/strategy.go deleted file mode 100644 index 1ab004c74f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/strategy.go +++ /dev/null @@ -1,179 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prioritylevelconfiguration - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - "k8s.io/kubernetes/pkg/apis/flowcontrol/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// priorityLevelConfigurationStrategy implements verification logic for priority level configurations. -type priorityLevelConfigurationStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating priority level configuration objects. -var Strategy = priorityLevelConfigurationStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because all PriorityClasses are global. -func (priorityLevelConfigurationStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (priorityLevelConfigurationStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "flowcontrol.apiserver.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "flowcontrol.apiserver.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "flowcontrol.apiserver.k8s.io/v1beta2": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "flowcontrol.apiserver.k8s.io/v1beta3": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of a priority-level-configuration before creation. -func (priorityLevelConfigurationStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - pl := obj.(*flowcontrol.PriorityLevelConfiguration) - pl.Status = flowcontrol.PriorityLevelConfigurationStatus{} - pl.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (priorityLevelConfigurationStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPriorityLevelConfiguration := obj.(*flowcontrol.PriorityLevelConfiguration) - oldPriorityLevelConfiguration := old.(*flowcontrol.PriorityLevelConfiguration) - - // Spec updates bump the generation so that we can distinguish between status updates. - if !apiequality.Semantic.DeepEqual(newPriorityLevelConfiguration.Spec, oldPriorityLevelConfiguration.Spec) { - newPriorityLevelConfiguration.Generation = oldPriorityLevelConfiguration.Generation + 1 - } - newPriorityLevelConfiguration.Status = oldPriorityLevelConfiguration.Status -} - -// Validate validates a new priority-level. -func (priorityLevelConfigurationStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - return validation.ValidatePriorityLevelConfiguration(obj.(*flowcontrol.PriorityLevelConfiguration), getRequestGroupVersion(ctx)) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (priorityLevelConfigurationStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (priorityLevelConfigurationStrategy) Canonicalize(obj runtime.Object) { -} - -func (priorityLevelConfigurationStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// AllowCreateOnUpdate is false for priority-level-configurations; this means a POST is needed to create one. -func (priorityLevelConfigurationStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (priorityLevelConfigurationStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidatePriorityLevelConfiguration(obj.(*flowcontrol.PriorityLevelConfiguration), getRequestGroupVersion(ctx)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (priorityLevelConfigurationStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -type priorityLevelConfigurationStatusStrategy struct { - priorityLevelConfigurationStrategy -} - -// StatusStrategy is the default logic that applies when updating priority level configuration objects' status. -var StatusStrategy = priorityLevelConfigurationStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (priorityLevelConfigurationStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "flowcontrol.apiserver.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("metadata"), - ), - "flowcontrol.apiserver.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("metadata"), - ), - "flowcontrol.apiserver.k8s.io/v1beta2": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("metadata"), - ), - "flowcontrol.apiserver.k8s.io/v1beta3": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - fieldpath.MakePathOrDie("metadata"), - ), - } - - return fields -} - -func (priorityLevelConfigurationStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPriorityLevelConfiguration := obj.(*flowcontrol.PriorityLevelConfiguration) - oldPriorityLevelConfiguration := old.(*flowcontrol.PriorityLevelConfiguration) - - // managedFields must be preserved since it's been modified to - // track changed fields in the status update. - managedFields := newPriorityLevelConfiguration.ManagedFields - newPriorityLevelConfiguration.ObjectMeta = oldPriorityLevelConfiguration.ObjectMeta - newPriorityLevelConfiguration.ManagedFields = managedFields - newPriorityLevelConfiguration.Spec = oldPriorityLevelConfiguration.Spec -} - -func (priorityLevelConfigurationStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidatePriorityLevelConfigurationStatusUpdate(old.(*flowcontrol.PriorityLevelConfiguration), obj.(*flowcontrol.PriorityLevelConfiguration)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (priorityLevelConfigurationStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func getRequestGroupVersion(ctx context.Context) schema.GroupVersion { - if requestInfo, exists := genericapirequest.RequestInfoFrom(ctx); exists { - return schema.GroupVersion{Group: requestInfo.APIGroup, Version: requestInfo.APIVersion} - } - return schema.GroupVersion{} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/rest/storage_flowcontrol.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/rest/storage_flowcontrol.go deleted file mode 100644 index 5fed585a57..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/flowcontrol/rest/storage_flowcontrol.go +++ /dev/null @@ -1,284 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - "time" - - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/wait" - flowcontrolbootstrap "k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/client-go/informers" - flowcontrolclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3" - flowcontrollisters "k8s.io/client-go/listers/flowcontrol/v1beta3" - "k8s.io/client-go/tools/cache" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/flowcontrol" - flowcontrolapisv1alpha1 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1" - flowcontrolapisv1beta1 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1" - flowcontrolapisv1beta2 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2" - flowcontrolapisv1beta3 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3" - "k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer" - flowschemastore "k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/storage" - prioritylevelconfigurationstore "k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/storage" -) - -var _ genericapiserver.PostStartHookProvider = RESTStorageProvider{} - -// RESTStorageProvider is a provider of REST storage -type RESTStorageProvider struct { - InformerFactory informers.SharedInformerFactory -} - -// PostStartHookName is the name of the post-start-hook provided by flow-control storage -const PostStartHookName = "priority-and-fairness-config-producer" - -// NewRESTStorage creates a new rest storage for flow-control api models. -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(flowcontrol.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - - if storageMap, err := p.storage(apiResourceConfigSource, restOptionsGetter, flowcontrolapisv1alpha1.SchemeGroupVersion); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[flowcontrolapisv1alpha1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.storage(apiResourceConfigSource, restOptionsGetter, flowcontrolapisv1beta1.SchemeGroupVersion); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[flowcontrolapisv1beta1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.storage(apiResourceConfigSource, restOptionsGetter, flowcontrolapisv1beta2.SchemeGroupVersion); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[flowcontrolapisv1beta2.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.storage(apiResourceConfigSource, restOptionsGetter, flowcontrolapisv1beta3.SchemeGroupVersion); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[flowcontrolapisv1beta3.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter, groupVersion schema.GroupVersion) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // flow-schema - if resource := "flowschemas"; apiResourceConfigSource.ResourceEnabled(groupVersion.WithResource(resource)) { - flowSchemaStorage, flowSchemaStatusStorage, err := flowschemastore.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = flowSchemaStorage - storage[resource+"/status"] = flowSchemaStatusStorage - } - - // priority-level-configuration - if resource := "prioritylevelconfigurations"; apiResourceConfigSource.ResourceEnabled(groupVersion.WithResource(resource)) { - priorityLevelConfigurationStorage, priorityLevelConfigurationStatusStorage, err := prioritylevelconfigurationstore.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = priorityLevelConfigurationStorage - storage[resource+"/status"] = priorityLevelConfigurationStatusStorage - } - - return storage, nil -} - -// GroupName returns group name of the storage -func (p RESTStorageProvider) GroupName() string { - return flowcontrol.GroupName -} - -// PostStartHook returns the hook func that launches the config provider -func (p RESTStorageProvider) PostStartHook() (string, genericapiserver.PostStartHookFunc, error) { - bce := &bootstrapConfigurationEnsurer{ - informersSynced: []cache.InformerSynced{ - p.InformerFactory.Flowcontrol().V1beta3().PriorityLevelConfigurations().Informer().HasSynced, - p.InformerFactory.Flowcontrol().V1beta3().FlowSchemas().Informer().HasSynced, - }, - fsLister: p.InformerFactory.Flowcontrol().V1beta3().FlowSchemas().Lister(), - plcLister: p.InformerFactory.Flowcontrol().V1beta3().PriorityLevelConfigurations().Lister(), - } - return PostStartHookName, bce.ensureAPFBootstrapConfiguration, nil -} - -type bootstrapConfigurationEnsurer struct { - informersSynced []cache.InformerSynced - fsLister flowcontrollisters.FlowSchemaLister - plcLister flowcontrollisters.PriorityLevelConfigurationLister -} - -func (bce *bootstrapConfigurationEnsurer) ensureAPFBootstrapConfiguration(hookContext genericapiserver.PostStartHookContext) error { - clientset, err := flowcontrolclient.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - return fmt.Errorf("failed to initialize clientset for APF - %w", err) - } - - // get a derived context that gets cancelled after 5m or - // when the StopCh gets closed, whichever happens first. - ctx, cancel := contextFromChannelAndMaxWaitDuration(hookContext.StopCh, 5*time.Minute) - defer cancel() - - if !cache.WaitForCacheSync(ctx.Done(), bce.informersSynced...) { - return fmt.Errorf("APF bootstrap ensurer timed out waiting for cache sync") - } - - err = wait.PollImmediateUntilWithContext( - ctx, - time.Second, - func(context.Context) (bool, error) { - if err := ensure(clientset, bce.fsLister, bce.plcLister); err != nil { - klog.ErrorS(err, "APF bootstrap ensurer ran into error, will retry later") - return false, nil - } - return true, nil - }) - if err != nil { - return fmt.Errorf("unable to initialize APF bootstrap configuration") - } - - // we have successfully initialized the bootstrap configuration, now we - // spin up a goroutine which reconciles the bootstrap configuration periodically. - go func() { - wait.PollImmediateUntil( - time.Minute, - func() (bool, error) { - if err := ensure(clientset, bce.fsLister, bce.plcLister); err != nil { - klog.ErrorS(err, "APF bootstrap ensurer ran into error, will retry later") - } - // always auto update both suggested and mandatory configuration - return false, nil - }, hookContext.StopCh) - klog.Info("APF bootstrap ensurer is exiting") - }() - - return nil -} - -func ensure(clientset flowcontrolclient.FlowcontrolV1beta3Interface, fsLister flowcontrollisters.FlowSchemaLister, plcLister flowcontrollisters.PriorityLevelConfigurationLister) error { - if err := ensureSuggestedConfiguration(clientset, fsLister, plcLister); err != nil { - // We should not attempt creation of mandatory objects if ensuring the suggested - // configuration resulted in an error. - // This only happens when the stop channel is closed. - return fmt.Errorf("failed ensuring suggested settings - %w", err) - } - - if err := ensureMandatoryConfiguration(clientset, fsLister, plcLister); err != nil { - return fmt.Errorf("failed ensuring mandatory settings - %w", err) - } - - if err := removeDanglingBootstrapConfiguration(clientset, fsLister, plcLister); err != nil { - return fmt.Errorf("failed to delete removed settings - %w", err) - } - - return nil -} - -func ensureSuggestedConfiguration(clientset flowcontrolclient.FlowcontrolV1beta3Interface, fsLister flowcontrollisters.FlowSchemaLister, plcLister flowcontrollisters.PriorityLevelConfigurationLister) error { - plEnsurer := ensurer.NewSuggestedPriorityLevelEnsurerEnsurer(clientset.PriorityLevelConfigurations(), plcLister) - if err := plEnsurer.Ensure(flowcontrolbootstrap.SuggestedPriorityLevelConfigurations); err != nil { - return err - } - - fsEnsurer := ensurer.NewSuggestedFlowSchemaEnsurer(clientset.FlowSchemas(), fsLister) - return fsEnsurer.Ensure(flowcontrolbootstrap.SuggestedFlowSchemas) -} - -func ensureMandatoryConfiguration(clientset flowcontrolclient.FlowcontrolV1beta3Interface, fsLister flowcontrollisters.FlowSchemaLister, plcLister flowcontrollisters.PriorityLevelConfigurationLister) error { - fsEnsurer := ensurer.NewMandatoryFlowSchemaEnsurer(clientset.FlowSchemas(), fsLister) - if err := fsEnsurer.Ensure(flowcontrolbootstrap.MandatoryFlowSchemas); err != nil { - return err - } - - plEnsurer := ensurer.NewMandatoryPriorityLevelEnsurer(clientset.PriorityLevelConfigurations(), plcLister) - return plEnsurer.Ensure(flowcontrolbootstrap.MandatoryPriorityLevelConfigurations) -} - -func removeDanglingBootstrapConfiguration(clientset flowcontrolclient.FlowcontrolV1beta3Interface, fsLister flowcontrollisters.FlowSchemaLister, plcLister flowcontrollisters.PriorityLevelConfigurationLister) error { - if err := removeDanglingBootstrapFlowSchema(clientset.FlowSchemas(), fsLister); err != nil { - return err - } - - return removeDanglingBootstrapPriorityLevel(clientset.PriorityLevelConfigurations(), plcLister) -} - -func removeDanglingBootstrapFlowSchema(client flowcontrolclient.FlowSchemaInterface, lister flowcontrollisters.FlowSchemaLister) error { - bootstrap := append(flowcontrolbootstrap.MandatoryFlowSchemas, flowcontrolbootstrap.SuggestedFlowSchemas...) - candidates, err := ensurer.GetFlowSchemaRemoveCandidates(lister, bootstrap) - if err != nil { - return err - } - if len(candidates) == 0 { - return nil - } - - fsRemover := ensurer.NewFlowSchemaRemover(client, lister) - return fsRemover.RemoveAutoUpdateEnabledObjects(candidates) -} - -func removeDanglingBootstrapPriorityLevel(client flowcontrolclient.PriorityLevelConfigurationInterface, lister flowcontrollisters.PriorityLevelConfigurationLister) error { - bootstrap := append(flowcontrolbootstrap.MandatoryPriorityLevelConfigurations, flowcontrolbootstrap.SuggestedPriorityLevelConfigurations...) - candidates, err := ensurer.GetPriorityLevelRemoveCandidates(lister, bootstrap) - if err != nil { - return err - } - if len(candidates) == 0 { - return nil - } - - plRemover := ensurer.NewPriorityLevelRemover(client, lister) - return plRemover.RemoveAutoUpdateEnabledObjects(candidates) -} - -// contextFromChannelAndMaxWaitDuration returns a Context that is bound to the -// specified channel and the wait duration. The derived context will be -// cancelled when the specified channel stopCh is closed or the maximum wait -// duration specified in maxWait elapses, whichever happens first. -// -// Note the caller must *always* call the CancelFunc, otherwise resources may be leaked. -func contextFromChannelAndMaxWaitDuration(stopCh <-chan struct{}, maxWait time.Duration) (context.Context, context.CancelFunc) { - ctx, cancel := context.WithCancel(context.Background()) - - go func() { - defer cancel() - - select { - case <-stopCh: - case <-time.After(maxWait): - - // the caller can explicitly cancel the context which is an - // indication to us to exit the goroutine immediately. - // Note that we are calling cancel more than once when we are here, - // CancelFunc is idempotent and we expect no ripple effects here. - case <-ctx.Done(): - } - }() - return ctx, cancel -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/doc.go deleted file mode 100644 index ebd30f6330..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clustercidr // import "k8s.io/kubernetes/pkg/registry/networking/clustercidr" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/storage/storage.go deleted file mode 100644 index 36e93efc06..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/storage/storage.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - networkingapi "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/networking/clustercidr" -) - -// REST implements a RESTStorage for ClusterCIDRs against etcd. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against ClusterCIDRs. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &networkingapi.ClusterCIDR{} }, - NewListFunc: func() runtime.Object { return &networkingapi.ClusterCIDRList{} }, - DefaultQualifiedResource: networkingapi.Resource("clustercidrs"), - - CreateStrategy: clustercidr.Strategy, - UpdateStrategy: clustercidr.Strategy, - DeleteStrategy: clustercidr.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} - -// Implement ShortNamesProvider. -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"cc"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/strategy.go deleted file mode 100644 index a69a5f9041..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/clustercidr/strategy.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clustercidr - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/apis/networking/validation" -) - -// clusterCIDRStrategy implements verification logic for ClusterCIDRs. -type clusterCIDRStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating clusterCIDR objects. -var Strategy = clusterCIDRStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because all clusterCIDRs do not need to be within a namespace. -func (clusterCIDRStrategy) NamespaceScoped() bool { - return false -} - -func (clusterCIDRStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {} - -func (clusterCIDRStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {} - -// Validate validates a new ClusterCIDR. -func (clusterCIDRStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - clusterCIDR := obj.(*networking.ClusterCIDR) - return validation.ValidateClusterCIDR(clusterCIDR) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (clusterCIDRStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (clusterCIDRStrategy) Canonicalize(obj runtime.Object) {} - -// AllowCreateOnUpdate is false for ClusterCIDR; this means POST is needed to create one. -func (clusterCIDRStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (clusterCIDRStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - validationErrorList := validation.ValidateClusterCIDR(obj.(*networking.ClusterCIDR)) - updateErrorList := validation.ValidateClusterCIDRUpdate(obj.(*networking.ClusterCIDR), old.(*networking.ClusterCIDR)) - return append(validationErrorList, updateErrorList...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (clusterCIDRStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for ClusterCIDR objects. -func (clusterCIDRStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/doc.go deleted file mode 100644 index c89d1f09e4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ingress // import "k8s.io/kubernetes/pkg/registry/networking/ingress" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/storage/storage.go deleted file mode 100644 index 71ab37c455..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/storage/storage.go +++ /dev/null @@ -1,108 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/networking/ingress" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for replication controllers -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against replication controllers. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &networking.Ingress{} }, - NewListFunc: func() runtime.Object { return &networking.IngressList{} }, - DefaultQualifiedResource: networking.Resource("ingresses"), - - CreateStrategy: ingress.Strategy, - UpdateStrategy: ingress.Strategy, - DeleteStrategy: ingress.Strategy, - ResetFieldsStrategy: ingress.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = ingress.StatusStrategy - statusStore.ResetFieldsStrategy = ingress.StatusStrategy - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"ing"} -} - -// StatusREST implements the REST endpoint for changing the status of an ingress -type StatusREST struct { - store *genericregistry.Store -} - -// New creates an instance of the StatusREST object -func (r *StatusREST) New() runtime.Object { - return &networking.Ingress{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/strategy.go deleted file mode 100644 index fc934d796d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingress/strategy.go +++ /dev/null @@ -1,163 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ingress - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/apis/networking/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// ingressStrategy implements verification logic for Replication Ingress. -type ingressStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating Replication Ingress objects. -var Strategy = ingressStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns true because all Ingress' need to be within a namespace. -func (ingressStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (ingressStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "extensions/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "networking.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "networking.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of an Ingress before creation. -func (ingressStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - ingress := obj.(*networking.Ingress) - // create cannot set status - ingress.Status = networking.IngressStatus{} - - ingress.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (ingressStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newIngress := obj.(*networking.Ingress) - oldIngress := old.(*networking.Ingress) - // Update is not allowed to set status - newIngress.Status = oldIngress.Status - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldIngress.Spec, newIngress.Spec) { - newIngress.Generation = oldIngress.Generation + 1 - } - -} - -// Validate validates ingresses on create. -func (ingressStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - ingress := obj.(*networking.Ingress) - return validation.ValidateIngressCreate(ingress) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (ingressStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (ingressStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for Ingress; this means POST is needed to create one. -func (ingressStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate validates ingresses on update. -func (ingressStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateIngressUpdate(obj.(*networking.Ingress), old.(*networking.Ingress)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (ingressStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for Ingress objects. -func (ingressStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type ingressStatusStrategy struct { - ingressStrategy -} - -// StatusStrategy implements logic used to validate and prepare for updates of the status subresource -var StatusStrategy = ingressStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (ingressStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "extensions/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "networking.k8s.io/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "networking.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update of status -func (ingressStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newIngress := obj.(*networking.Ingress) - oldIngress := old.(*networking.Ingress) - // status changes are not allowed to update spec - newIngress.Spec = oldIngress.Spec -} - -// ValidateUpdate is the default update validation for an end user updating status -func (ingressStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateIngressStatusUpdate(obj.(*networking.Ingress), old.(*networking.Ingress)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (ingressStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/doc.go deleted file mode 100644 index 37c3d071b2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ingressclass // import "k8s.io/kubernetes/pkg/registry/networking/ingressclass" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/storage/storage.go deleted file mode 100644 index 187c7317cb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/storage/storage.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/networking/ingressclass" -) - -// REST implements a RESTStorage for replication controllers -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against replication controllers. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &networking.IngressClass{} }, - NewListFunc: func() runtime.Object { return &networking.IngressClassList{} }, - DefaultQualifiedResource: networking.Resource("ingressclasses"), - - CreateStrategy: ingressclass.Strategy, - UpdateStrategy: ingressclass.Strategy, - DeleteStrategy: ingressclass.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/strategy.go deleted file mode 100644 index 4e1b22688c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/ingressclass/strategy.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ingressclass - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/apis/networking/validation" -) - -// ingressClassStrategy implements verification logic for IngressClass -// resources. -type ingressClassStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// IngressClass objects. -var Strategy = ingressClassStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because IngressClass is a non-namespaced -// resource. -func (ingressClassStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate prepares an IngressClass for creation. -func (ingressClassStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - ingressClass := obj.(*networking.IngressClass) - ingressClass.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on -// update. -func (ingressClassStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newIngressClass := obj.(*networking.IngressClass) - oldIngressClass := old.(*networking.IngressClass) - - // Any changes to the spec increment the generation number. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldIngressClass.Spec, newIngressClass.Spec) { - newIngressClass.Generation = oldIngressClass.Generation + 1 - } -} - -// Validate validates a new IngressClass. -func (ingressClassStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - ingressClass := obj.(*networking.IngressClass) - return validation.ValidateIngressClass(ingressClass) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (ingressClassStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (ingressClassStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for IngressClass; this means POST is needed to -// create one. -func (ingressClassStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (ingressClassStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newIngressClass := obj.(*networking.IngressClass) - oldIngressClass := old.(*networking.IngressClass) - - return validation.ValidateIngressClassUpdate(newIngressClass, oldIngressClass) -} - -// WarningsOnUpdate returns warnings for the given update. -func (ingressClassStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for IngressClass -// objects. -func (ingressClassStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/doc.go deleted file mode 100644 index 7b338bc5e8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy // import "k8s.io/kubernetes/pkg/registry/networking/networkpolicy" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage/storage.go deleted file mode 100644 index 0101077b66..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage/storage.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - networkingapi "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/networking/networkpolicy" -) - -// REST implements a RESTStorage for NetworkPolicies against etcd. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against NetworkPolicies. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &networkingapi.NetworkPolicy{} }, - NewListFunc: func() runtime.Object { return &networkingapi.NetworkPolicyList{} }, - DefaultQualifiedResource: networkingapi.Resource("networkpolicies"), - - CreateStrategy: networkpolicy.Strategy, - UpdateStrategy: networkpolicy.Strategy, - DeleteStrategy: networkpolicy.Strategy, - ResetFieldsStrategy: networkpolicy.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = networkpolicy.StatusStrategy - statusStore.ResetFieldsStrategy = networkpolicy.StatusStrategy - return &REST{store}, &StatusREST{store: &statusStore}, nil - -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"netpol"} -} - -// StatusREST implements the REST endpoint for changing the status of an ingress -type StatusREST struct { - store *genericregistry.Store -} - -// New creates an instance of the StatusREST object -func (r *StatusREST) New() runtime.Object { - return &networkingapi.NetworkPolicy{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/strategy.go deleted file mode 100644 index 692ce54168..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/networkpolicy/strategy.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy - -import ( - "context" - "reflect" - - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/networking" - "k8s.io/kubernetes/pkg/apis/networking/validation" - "k8s.io/kubernetes/pkg/features" -) - -// networkPolicyStrategy implements verification logic for NetworkPolicies -type networkPolicyStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating NetworkPolicy objects. -var Strategy = networkPolicyStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns true because all NetworkPolicies need to be within a namespace. -func (networkPolicyStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (networkPolicyStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "extensions/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "networking.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - return fields -} - -// PrepareForCreate clears the status of a NetworkPolicy before creation. -func (networkPolicyStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - networkPolicy := obj.(*networking.NetworkPolicy) - - if utilfeature.DefaultFeatureGate.Enabled(features.NetworkPolicyStatus) { - // Create does not set a status when operation is not directed to status subresource - networkPolicy.Status = networking.NetworkPolicyStatus{} - } - - networkPolicy.Generation = 1 - -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (networkPolicyStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNetworkPolicy := obj.(*networking.NetworkPolicy) - oldNetworkPolicy := old.(*networking.NetworkPolicy) - - // We copy the status if the FG is enabled, or if previously there was already data on the conditions field - // As soon as the FeatureGate is removed, the whole if statement should be removed as well - if utilfeature.DefaultFeatureGate.Enabled(features.NetworkPolicyStatus) || len(oldNetworkPolicy.Status.Conditions) > 0 { - // Update is not allowed to set status when the operation is not directed to status subresource - newNetworkPolicy.Status = oldNetworkPolicy.Status - } - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !reflect.DeepEqual(oldNetworkPolicy.Spec, newNetworkPolicy.Spec) { - newNetworkPolicy.Generation = oldNetworkPolicy.Generation + 1 - } -} - -// Validate validates a new NetworkPolicy. -func (networkPolicyStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - networkPolicy := obj.(*networking.NetworkPolicy) - ops := validation.ValidationOptionsForNetworking(networkPolicy, nil) - return validation.ValidateNetworkPolicy(networkPolicy, ops) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (networkPolicyStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (networkPolicyStrategy) Canonicalize(obj runtime.Object) {} - -// AllowCreateOnUpdate is false for NetworkPolicy; this means POST is needed to create one. -func (networkPolicyStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (networkPolicyStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - opts := validation.ValidationOptionsForNetworking(obj.(*networking.NetworkPolicy), old.(*networking.NetworkPolicy)) - validationErrorList := validation.ValidateNetworkPolicy(obj.(*networking.NetworkPolicy), opts) - updateErrorList := validation.ValidateNetworkPolicyUpdate(obj.(*networking.NetworkPolicy), old.(*networking.NetworkPolicy), opts) - return append(validationErrorList, updateErrorList...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (networkPolicyStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for NetworkPolicy objects. -func (networkPolicyStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type networkPolicyStatusStrategy struct { - networkPolicyStrategy -} - -// StatusStrategy implements logic used to validate and prepare for updates of the status subresource -var StatusStrategy = networkPolicyStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (networkPolicyStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "extensions/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "networking.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - return fields -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update of status -func (networkPolicyStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newNetworkPolicy := obj.(*networking.NetworkPolicy) - oldNetworkPolicy := old.(*networking.NetworkPolicy) - // status changes are not allowed to update spec - newNetworkPolicy.Spec = oldNetworkPolicy.Spec - - if !utilfeature.DefaultFeatureGate.Enabled(features.NetworkPolicyStatus) { - // As network policy status is composed only of an array of conditions, we can say that the status - // is in use if the condition array is bigger than 0. - // quoting @thockin: "we generally keep data in this case, but no updates except to clear it" - if len(newNetworkPolicy.Status.Conditions) == 0 { - newNetworkPolicy.Status = networking.NetworkPolicyStatus{} - } else { - // keep the old status in case of the update is not to clear it - newNetworkPolicy.Status = oldNetworkPolicy.Status - } - } -} - -// ValidateUpdate is the default update validation for an end user updating status -func (networkPolicyStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidateNetworkPolicyStatusUpdate(obj.(*networking.NetworkPolicy).Status, - old.(*networking.NetworkPolicy).Status, field.NewPath("status")) -} - -// WarningsOnUpdate returns warnings for the given update. -func (networkPolicyStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/rest/storage_settings.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/rest/storage_settings.go deleted file mode 100644 index 82d9d14a9a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/networking/rest/storage_settings.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - networkingapiv1 "k8s.io/api/networking/v1" - networkingapiv1alpha1 "k8s.io/api/networking/v1alpha1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/networking" - clustercidrstore "k8s.io/kubernetes/pkg/registry/networking/clustercidr/storage" - ingressstore "k8s.io/kubernetes/pkg/registry/networking/ingress/storage" - ingressclassstore "k8s.io/kubernetes/pkg/registry/networking/ingressclass/storage" - networkpolicystore "k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage" -) - -type RESTStorageProvider struct{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(networking.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[networkingapiv1alpha1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[networkingapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // networkpolicies - if resource := "networkpolicies"; apiResourceConfigSource.ResourceEnabled(networkingapiv1.SchemeGroupVersion.WithResource(resource)) { - networkPolicyStorage, networkPolicyStatusStorage, err := networkpolicystore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = networkPolicyStorage - storage[resource+"/status"] = networkPolicyStatusStorage - } - - // ingresses - if resource := "ingresses"; apiResourceConfigSource.ResourceEnabled(networkingapiv1.SchemeGroupVersion.WithResource(resource)) { - ingressStorage, ingressStatusStorage, err := ingressstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = ingressStorage - storage[resource+"/status"] = ingressStatusStorage - } - - // ingressclasses - if resource := "ingressclasses"; apiResourceConfigSource.ResourceEnabled(networkingapiv1.SchemeGroupVersion.WithResource(resource)) { - ingressClassStorage, err := ingressclassstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = ingressClassStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - // clustercidrs - if resource := "clustercidrs"; apiResourceConfigSource.ResourceEnabled(networkingapiv1alpha1.SchemeGroupVersion.WithResource(resource)) { - clusterCIDRCStorage, err := clustercidrstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = clusterCIDRCStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return networking.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/rest/runtime_class.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/rest/runtime_class.go deleted file mode 100644 index 0252d1d0f9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/rest/runtime_class.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - nodev1 "k8s.io/api/node/v1" - nodev1beta1 "k8s.io/api/node/v1beta1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - nodeinternal "k8s.io/kubernetes/pkg/apis/node" - runtimeclassstorage "k8s.io/kubernetes/pkg/registry/node/runtimeclass/storage" -) - -// RESTStorageProvider is a REST storage provider for node.k8s.io -type RESTStorageProvider struct{} - -// NewRESTStorage returns a RESTStorageProvider -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(nodeinternal.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - - if storageMap, err := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - // remove in 1.26 - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[nodev1beta1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[nodev1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - if resource := "runtimeclasses"; apiResourceConfigSource.ResourceEnabled(nodev1beta1.SchemeGroupVersion.WithResource(resource)) { - s, err := runtimeclassstorage.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = s - } - - return storage, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - if resource := "runtimeclasses"; apiResourceConfigSource.ResourceEnabled(nodev1.SchemeGroupVersion.WithResource(resource)) { - s, err := runtimeclassstorage.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = s - } - - return storage, nil -} - -// GroupName is the group name for the storage provider -func (p RESTStorageProvider) GroupName() string { - return nodeinternal.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/doc.go deleted file mode 100644 index 3540f2014b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package runtimeclass // import "k8s.io/kubernetes/pkg/registry/node/runtimeclass" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/storage/storage.go deleted file mode 100644 index 0d2fb4ae93..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/storage/storage.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/node" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/node/runtimeclass" -) - -// REST implements a RESTStorage for RuntimeClass against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against runtime classes. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &node.RuntimeClass{} }, - NewListFunc: func() runtime.Object { return &node.RuntimeClassList{} }, - ObjectNameFunc: func(obj runtime.Object) (string, error) { - return obj.(*node.RuntimeClass).Name, nil - }, - DefaultQualifiedResource: node.Resource("runtimeclasses"), - - CreateStrategy: runtimeclass.Strategy, - UpdateStrategy: runtimeclass.Strategy, - DeleteStrategy: runtimeclass.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/strategy.go deleted file mode 100644 index 6acc70d9b3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/node/runtimeclass/strategy.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package runtimeclass - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - nodeapi "k8s.io/kubernetes/pkg/api/node" - "k8s.io/kubernetes/pkg/apis/node" - "k8s.io/kubernetes/pkg/apis/node/validation" -) - -// strategy implements verification logic for RuntimeClass. -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating RuntimeClass objects. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Strategy should implement rest.RESTCreateStrategy -var _ rest.RESTCreateStrategy = Strategy - -// Strategy should implement rest.RESTUpdateStrategy -var _ rest.RESTUpdateStrategy = Strategy - -// NamespaceScoped is false for RuntimeClasses -func (strategy) NamespaceScoped() bool { - return false -} - -// AllowCreateOnUpdate is true for RuntimeClasses. -func (strategy) AllowCreateOnUpdate() bool { - return true -} - -// PrepareForCreate clears fields that are not allowed to be set by end users -// on creation. -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newRuntimeClass := obj.(*node.RuntimeClass) - oldRuntimeClass := old.(*node.RuntimeClass) - - _, _ = newRuntimeClass, oldRuntimeClass -} - -// Validate validates a new RuntimeClass. Validation must check for a correct signature. -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - runtimeClass := obj.(*node.RuntimeClass) - return validation.ValidateRuntimeClass(runtimeClass) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nodeapi.GetWarningsForRuntimeClass(obj.(*node.RuntimeClass)) -} - -// Canonicalize normalizes the object after validation. -func (strategy) Canonicalize(obj runtime.Object) { - _ = obj.(*node.RuntimeClass) -} - -// ValidateUpdate is the default update validation for an end user. -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newObj := obj.(*node.RuntimeClass) - errorList := validation.ValidateRuntimeClass(newObj) - return append(errorList, validation.ValidateRuntimeClassUpdate(newObj, old.(*node.RuntimeClass))...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nodeapi.GetWarningsForRuntimeClass(obj.(*node.RuntimeClass)) -} - -// If AllowUnconditionalUpdate() is true and the object specified by -// the user does not have a resource version, then generic Update() -// populates it with the latest version. Else, it checks that the -// version specified by the user matches the version of latest etcd -// object. -func (strategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/doc.go deleted file mode 100644 index 72e569b578..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package poddisruptionbudget // import "k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage/storage.go deleted file mode 100644 index 4af2ea2429..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage/storage.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - policyapi "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for pod disruption budgets against etcd. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against pod disruption budgets. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &policyapi.PodDisruptionBudget{} }, - NewListFunc: func() runtime.Object { return &policyapi.PodDisruptionBudgetList{} }, - DefaultQualifiedResource: policyapi.Resource("poddisruptionbudgets"), - - CreateStrategy: poddisruptionbudget.Strategy, - UpdateStrategy: poddisruptionbudget.Strategy, - DeleteStrategy: poddisruptionbudget.Strategy, - ResetFieldsStrategy: poddisruptionbudget.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = poddisruptionbudget.StatusStrategy - statusStore.ResetFieldsStrategy = poddisruptionbudget.StatusStrategy - return &REST{store}, &StatusREST{store: &statusStore}, nil -} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"pdb"} -} - -// StatusREST implements the REST endpoint for changing the status of an podDisruptionBudget. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new PodDisruptionBudget object. -func (r *StatusREST) New() runtime.Object { - return &policyapi.PodDisruptionBudget{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/strategy.go deleted file mode 100644 index 4938929cd3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/strategy.go +++ /dev/null @@ -1,210 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package poddisruptionbudget - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/apis/policy/validation" - "k8s.io/kubernetes/pkg/features" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// podDisruptionBudgetStrategy implements verification logic for PodDisruptionBudgets. -type podDisruptionBudgetStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating PodDisruptionBudget objects. -var Strategy = podDisruptionBudgetStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns true because all PodDisruptionBudget' need to be within a namespace. -func (podDisruptionBudgetStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (podDisruptionBudgetStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "policy/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - "policy/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// PrepareForCreate clears the status of an PodDisruptionBudget before creation. -func (podDisruptionBudgetStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - podDisruptionBudget := obj.(*policy.PodDisruptionBudget) - // create cannot set status - podDisruptionBudget.Status = policy.PodDisruptionBudgetStatus{} - - podDisruptionBudget.Generation = 1 - - dropDisabledFields(&podDisruptionBudget.Spec, nil) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (podDisruptionBudgetStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPodDisruptionBudget := obj.(*policy.PodDisruptionBudget) - oldPodDisruptionBudget := old.(*policy.PodDisruptionBudget) - // Update is not allowed to set status - newPodDisruptionBudget.Status = oldPodDisruptionBudget.Status - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldPodDisruptionBudget.Spec, newPodDisruptionBudget.Spec) { - newPodDisruptionBudget.Generation = oldPodDisruptionBudget.Generation + 1 - } - - dropDisabledFields(&newPodDisruptionBudget.Spec, &oldPodDisruptionBudget.Spec) -} - -// Validate validates a new PodDisruptionBudget. -func (podDisruptionBudgetStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - podDisruptionBudget := obj.(*policy.PodDisruptionBudget) - opts := validation.PodDisruptionBudgetValidationOptions{ - AllowInvalidLabelValueInSelector: false, - } - return validation.ValidatePodDisruptionBudget(podDisruptionBudget, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (podDisruptionBudgetStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (podDisruptionBudgetStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is true for PodDisruptionBudget; this means you may create one with a PUT request. -func (podDisruptionBudgetStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (podDisruptionBudgetStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - opts := validation.PodDisruptionBudgetValidationOptions{ - AllowInvalidLabelValueInSelector: hasInvalidLabelValueInLabelSelector(old.(*policy.PodDisruptionBudget)), - } - return validation.ValidatePodDisruptionBudget(obj.(*policy.PodDisruptionBudget), opts) -} - -// WarningsOnUpdate returns warnings for the given update. -func (podDisruptionBudgetStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for PodDisruptionBudget objects. Status update should -// only be allowed if version match. -func (podDisruptionBudgetStrategy) AllowUnconditionalUpdate() bool { - return false -} - -type podDisruptionBudgetStatusStrategy struct { - podDisruptionBudgetStrategy -} - -// StatusStrategy is the default logic invoked when updating object status. -var StatusStrategy = podDisruptionBudgetStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (podDisruptionBudgetStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "policy/v1beta1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - "policy/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update of status -func (podDisruptionBudgetStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPodDisruptionBudget := obj.(*policy.PodDisruptionBudget) - oldPodDisruptionBudget := old.(*policy.PodDisruptionBudget) - // status changes are not allowed to update spec - newPodDisruptionBudget.Spec = oldPodDisruptionBudget.Spec -} - -// ValidateUpdate is the default update validation for an end user updating status -func (podDisruptionBudgetStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - var apiVersion schema.GroupVersion - if requestInfo, found := genericapirequest.RequestInfoFrom(ctx); found { - apiVersion = schema.GroupVersion{ - Group: requestInfo.APIGroup, - Version: requestInfo.APIVersion, - } - } - return validation.ValidatePodDisruptionBudgetStatusUpdate(obj.(*policy.PodDisruptionBudget).Status, - old.(*policy.PodDisruptionBudget).Status, field.NewPath("status"), apiVersion) -} - -// WarningsOnUpdate returns warnings for the given update. -func (podDisruptionBudgetStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func hasInvalidLabelValueInLabelSelector(pdb *policy.PodDisruptionBudget) bool { - if pdb.Spec.Selector != nil { - labelSelectorValidationOptions := metav1validation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false} - return len(metav1validation.ValidateLabelSelector(pdb.Spec.Selector, labelSelectorValidationOptions, nil)) > 0 - } - return false -} - -// dropDisabledFields removes disabled fields from the pod disruption budget spec. -// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pod disruption budget spec. -func dropDisabledFields(pdbSpec, oldPDBSpec *policy.PodDisruptionBudgetSpec) { - if !utilfeature.DefaultFeatureGate.Enabled(features.PDBUnhealthyPodEvictionPolicy) { - if !unhealthyPodEvictionPolicyInUse(oldPDBSpec) { - pdbSpec.UnhealthyPodEvictionPolicy = nil - } - } -} - -func unhealthyPodEvictionPolicyInUse(oldPDBSpec *policy.PodDisruptionBudgetSpec) bool { - if oldPDBSpec == nil { - return false - } - if oldPDBSpec.UnhealthyPodEvictionPolicy != nil { - return true - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/doc.go deleted file mode 100644 index 160901d962..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package podsecuritypolicy provides Registry interface and its REST -// implementation for storing PodSecurityPolicy api objects. -package podsecuritypolicy // import "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage/storage.go deleted file mode 100644 index 1b916ad6ce..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage/storage.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy" -) - -// REST implements a RESTStorage for PodSecurityPolicies. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against PodSecurityPolicy objects. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &policy.PodSecurityPolicy{} }, - NewListFunc: func() runtime.Object { return &policy.PodSecurityPolicyList{} }, - DefaultQualifiedResource: policy.Resource("podsecuritypolicies"), - - CreateStrategy: podsecuritypolicy.Strategy, - UpdateStrategy: podsecuritypolicy.Strategy, - DeleteStrategy: podsecuritypolicy.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - return &REST{store}, nil -} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"psp"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/strategy.go deleted file mode 100644 index 3654ebd8f8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/strategy.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podsecuritypolicy - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - psputil "k8s.io/kubernetes/pkg/api/podsecuritypolicy" - "k8s.io/kubernetes/pkg/apis/policy" - "k8s.io/kubernetes/pkg/apis/policy/validation" -) - -// strategy implements behavior for PodSecurityPolicy objects -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating PodSecurityPolicy -// objects via the REST API. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -var _ = rest.RESTCreateStrategy(Strategy) - -var _ = rest.RESTUpdateStrategy(Strategy) - -func (strategy) NamespaceScoped() bool { - return false -} - -func (strategy) AllowCreateOnUpdate() bool { - return false -} - -func (strategy) AllowUnconditionalUpdate() bool { - return true -} - -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - psp := obj.(*policy.PodSecurityPolicy) - - psputil.DropDisabledFields(&psp.Spec, nil) -} - -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newPsp := obj.(*policy.PodSecurityPolicy) - oldPsp := old.(*policy.PodSecurityPolicy) - - psputil.DropDisabledFields(&newPsp.Spec, &oldPsp.Spec) -} - -func (strategy) Canonicalize(obj runtime.Object) { -} - -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy)) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/rest/storage_policy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/rest/storage_policy.go deleted file mode 100644 index 49ac0f2f59..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/policy/rest/storage_policy.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - policyapiv1 "k8s.io/api/policy/v1" - policyapiv1beta1 "k8s.io/api/policy/v1beta1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/policy" - poddisruptionbudgetstore "k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage" - pspstore "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage" -) - -type RESTStorageProvider struct{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(policy.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[policyapiv1beta1.SchemeGroupVersion.Version] = storageMap - } - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[policyapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // poddisruptionbudgets - if resource := "poddisruptionbudgets"; apiResourceConfigSource.ResourceEnabled(policyapiv1beta1.SchemeGroupVersion.WithResource(resource)) { - poddisruptionbudgetStorage, poddisruptionbudgetStatusStorage, err := poddisruptionbudgetstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = poddisruptionbudgetStorage - storage[resource+"/status"] = poddisruptionbudgetStatusStorage - } - - if resource := "podsecuritypolicies"; apiResourceConfigSource.ResourceEnabled(policyapiv1beta1.SchemeGroupVersion.WithResource(resource)) { - rest, err := pspstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = rest - } - - return storage, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - if resource := "poddisruptionbudgets"; apiResourceConfigSource.ResourceEnabled(policyapiv1.SchemeGroupVersion.WithResource(resource)) { - poddisruptionbudgetStorage, poddisruptionbudgetStatusStorage, err := poddisruptionbudgetstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = poddisruptionbudgetStorage - storage[resource+"/status"] = poddisruptionbudgetStatusStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return policy.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/OWNERS deleted file mode 100644 index 55d3fb23c0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-authorizers-approvers -reviewers: - - sig-auth-authorizers-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/doc.go deleted file mode 100644 index bc1745ec17..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package clusterrole provides Registry interface and its RESTStorage -// implementation for storing ClusterRole objects. -package clusterrole // import "k8s.io/kubernetes/pkg/registry/rbac/clusterrole" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/policybased/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/policybased/storage.go deleted file mode 100644 index 047630732d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/policybased/storage.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package policybased implements a standard storage for ClusterRole that prevents privilege escalation. -package policybased - -import ( - "context" - "errors" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/rest" - kapihelper "k8s.io/kubernetes/pkg/apis/core/helper" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacregistry "k8s.io/kubernetes/pkg/registry/rbac" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" -) - -var groupResource = rbac.Resource("clusterroles") - -type Storage struct { - rest.StandardStorage - - authorizer authorizer.Authorizer - - ruleResolver rbacregistryvalidation.AuthorizationRuleResolver -} - -func NewStorage(s rest.StandardStorage, authorizer authorizer.Authorizer, ruleResolver rbacregistryvalidation.AuthorizationRuleResolver) *Storage { - return &Storage{s, authorizer, ruleResolver} -} - -// Destroy cleans up resources on shutdown. -func (r *Storage) Destroy() { - r.StandardStorage.Destroy() -} - -func (r *Storage) NamespaceScoped() bool { - return false -} - -func (r *Storage) StorageVersion() runtime.GroupVersioner { - svp, ok := r.StandardStorage.(rest.StorageVersionProvider) - if !ok { - return nil - } - return svp.StorageVersion() -} - -var _ rest.StorageVersionProvider = &Storage{} - -var fullAuthority = []rbac.PolicyRule{ - rbac.NewRule("*").Groups("*").Resources("*").RuleOrDie(), - rbac.NewRule("*").URLs("*").RuleOrDie(), -} - -func (s *Storage) Create(ctx context.Context, obj runtime.Object, createValidatingAdmission rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - if rbacregistry.EscalationAllowed(ctx) || rbacregistry.RoleEscalationAuthorized(ctx, s.authorizer) { - return s.StandardStorage.Create(ctx, obj, createValidatingAdmission, options) - } - - clusterRole := obj.(*rbac.ClusterRole) - rules := clusterRole.Rules - if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, rules); err != nil { - return nil, apierrors.NewForbidden(groupResource, clusterRole.Name, err) - } - // to set the aggregation rule, since it can gather anything, requires * on *.* - if hasAggregationRule(clusterRole) { - if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, fullAuthority); err != nil { - return nil, apierrors.NewForbidden(groupResource, clusterRole.Name, errors.New("must have cluster-admin privileges to use the aggregationRule")) - } - } - - return s.StandardStorage.Create(ctx, obj, createValidatingAdmission, options) -} - -func (s *Storage) Update(ctx context.Context, name string, obj rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - if rbacregistry.EscalationAllowed(ctx) || rbacregistry.RoleEscalationAuthorized(ctx, s.authorizer) { - return s.StandardStorage.Update(ctx, name, obj, createValidation, updateValidation, forceAllowCreate, options) - } - - nonEscalatingInfo := rest.WrapUpdatedObjectInfo(obj, func(ctx context.Context, obj runtime.Object, oldObj runtime.Object) (runtime.Object, error) { - clusterRole := obj.(*rbac.ClusterRole) - oldClusterRole := oldObj.(*rbac.ClusterRole) - - // if we're only mutating fields needed for the GC to eventually delete this obj, return - if rbacregistry.IsOnlyMutatingGCFields(obj, oldObj, kapihelper.Semantic) { - return obj, nil - } - - rules := clusterRole.Rules - if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, rules); err != nil { - return nil, apierrors.NewForbidden(groupResource, clusterRole.Name, err) - } - // to change the aggregation rule, since it can gather anything and prevent tightening, requires * on *.* - if hasAggregationRule(clusterRole) || hasAggregationRule(oldClusterRole) { - if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, fullAuthority); err != nil { - return nil, apierrors.NewForbidden(groupResource, clusterRole.Name, errors.New("must have cluster-admin privileges to use the aggregationRule")) - } - } - - return obj, nil - }) - - return s.StandardStorage.Update(ctx, name, nonEscalatingInfo, createValidation, updateValidation, forceAllowCreate, options) -} - -func hasAggregationRule(clusterRole *rbac.ClusterRole) bool { - return clusterRole.AggregationRule != nil && len(clusterRole.AggregationRule.ClusterRoleSelectors) > 0 -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/registry.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/registry.go deleted file mode 100644 index 1c572d1af9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/registry.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clusterrole - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" -) - -// Registry is an interface for things that know how to store ClusterRoles. -type Registry interface { - GetClusterRole(ctx context.Context, name string, options *metav1.GetOptions) (*rbacv1.ClusterRole, error) -} - -// storage puts strong typing around storage calls -type storage struct { - rest.Getter -} - -// NewRegistry returns a new Registry interface for the given Storage. Any mismatched -// types will panic. -func NewRegistry(s rest.StandardStorage) Registry { - return &storage{s} -} - -func (s *storage) GetClusterRole(ctx context.Context, name string, options *metav1.GetOptions) (*rbacv1.ClusterRole, error) { - obj, err := s.Get(ctx, name, options) - if err != nil { - return nil, err - } - - ret := &rbacv1.ClusterRole{} - if err := rbacv1helpers.Convert_rbac_ClusterRole_To_v1_ClusterRole(obj.(*rbac.ClusterRole), ret, nil); err != nil { - return nil, err - } - return ret, nil -} - -// AuthorizerAdapter adapts the registry to the authorizer interface -type AuthorizerAdapter struct { - Registry Registry -} - -// GetClusterRole returns the corresponding ClusterRole by name -func (a AuthorizerAdapter) GetClusterRole(name string) (*rbacv1.ClusterRole, error) { - return a.Registry.GetClusterRole(genericapirequest.NewContext(), name, &metav1.GetOptions{}) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/storage/storage.go deleted file mode 100644 index 59347f767a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/storage/storage.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/registry/rbac/clusterrole" -) - -// REST implements a RESTStorage for ClusterRole -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against ClusterRole objects. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &rbac.ClusterRole{} }, - NewListFunc: func() runtime.Object { return &rbac.ClusterRoleList{} }, - DefaultQualifiedResource: rbac.Resource("clusterroles"), - - CreateStrategy: clusterrole.Strategy, - UpdateStrategy: clusterrole.Strategy, - DeleteStrategy: clusterrole.Strategy, - - // TODO: define table converter that exposes more than name/creation timestamp? - TableConvertor: rest.NewDefaultTableConvertor(rbac.Resource("clusterroles")), - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/strategy.go deleted file mode 100644 index ab5d6fcda0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrole/strategy.go +++ /dev/null @@ -1,124 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clusterrole - -import ( - "context" - - metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/apis/rbac/validation" -) - -// strategy implements behavior for ClusterRoles -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// ClusterRole objects. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Strategy should implement rest.RESTCreateStrategy -var _ rest.RESTCreateStrategy = Strategy - -// Strategy should implement rest.RESTUpdateStrategy -var _ rest.RESTUpdateStrategy = Strategy - -// NamespaceScoped is false for ClusterRoles. -func (strategy) NamespaceScoped() bool { - return false -} - -// AllowCreateOnUpdate is true for ClusterRoles. -func (strategy) AllowCreateOnUpdate() bool { - return true -} - -// PrepareForCreate clears fields that are not allowed to be set by end users -// on creation. -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - _ = obj.(*rbac.ClusterRole) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newClusterRole := obj.(*rbac.ClusterRole) - oldClusterRole := old.(*rbac.ClusterRole) - - _, _ = newClusterRole, oldClusterRole -} - -// Validate validates a new ClusterRole. Validation must check for a correct signature. -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - clusterRole := obj.(*rbac.ClusterRole) - opts := validation.ClusterRoleValidationOptions{ - AllowInvalidLabelValueInSelector: false, - } - return validation.ValidateClusterRole(clusterRole, opts) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (strategy) Canonicalize(obj runtime.Object) { - _ = obj.(*rbac.ClusterRole) -} - -// ValidateUpdate is the default update validation for an end user. -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newObj := obj.(*rbac.ClusterRole) - oldObj := old.(*rbac.ClusterRole) - opts := validation.ClusterRoleValidationOptions{ - AllowInvalidLabelValueInSelector: hasInvalidLabelValueInLabelSelector(oldObj), - } - errorList := validation.ValidateClusterRole(newObj, opts) - return append(errorList, validation.ValidateClusterRoleUpdate(newObj, old.(*rbac.ClusterRole), opts)...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// If AllowUnconditionalUpdate() is true and the object specified by -// the user does not have a resource version, then generic Update() -// populates it with the latest version. Else, it checks that the -// version specified by the user matches the version of latest etcd -// object. -func (strategy) AllowUnconditionalUpdate() bool { - return true -} - -func hasInvalidLabelValueInLabelSelector(role *rbac.ClusterRole) bool { - if role.AggregationRule != nil { - labelSelectorValidationOptions := metav1validation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false} - for _, selector := range role.AggregationRule.ClusterRoleSelectors { - if len(metav1validation.ValidateLabelSelector(&selector, labelSelectorValidationOptions, nil)) > 0 { - return true - } - } - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/doc.go deleted file mode 100644 index 67b88a7ed5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package certificates provides Registry interface and its RESTStorage -// implementation for storing ClusterRoleBinding objects. -package clusterrolebinding // import "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/policybased/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/policybased/storage.go deleted file mode 100644 index ad2de28e00..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/policybased/storage.go +++ /dev/null @@ -1,129 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package policybased implements a standard storage for ClusterRoleBinding that prevents privilege escalation. -package policybased - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/rest" - kapihelper "k8s.io/kubernetes/pkg/apis/core/helper" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" - rbacregistry "k8s.io/kubernetes/pkg/registry/rbac" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" -) - -var groupResource = rbac.Resource("clusterrolebindings") - -type Storage struct { - rest.StandardStorage - - authorizer authorizer.Authorizer - - ruleResolver rbacregistryvalidation.AuthorizationRuleResolver -} - -func NewStorage(s rest.StandardStorage, authorizer authorizer.Authorizer, ruleResolver rbacregistryvalidation.AuthorizationRuleResolver) *Storage { - return &Storage{s, authorizer, ruleResolver} -} - -// Destroy cleans up resources on shutdown. -func (r *Storage) Destroy() { - r.StandardStorage.Destroy() -} - -func (r *Storage) NamespaceScoped() bool { - return false -} - -func (r *Storage) StorageVersion() runtime.GroupVersioner { - svp, ok := r.StandardStorage.(rest.StorageVersionProvider) - if !ok { - return nil - } - return svp.StorageVersion() -} - -var _ rest.StorageVersionProvider = &Storage{} - -func (s *Storage) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - if rbacregistry.EscalationAllowed(ctx) { - return s.StandardStorage.Create(ctx, obj, createValidation, options) - } - - clusterRoleBinding := obj.(*rbac.ClusterRoleBinding) - if rbacregistry.BindingAuthorized(ctx, clusterRoleBinding.RoleRef, metav1.NamespaceNone, s.authorizer) { - return s.StandardStorage.Create(ctx, obj, createValidation, options) - } - - v1RoleRef := rbacv1.RoleRef{} - err := rbacv1helpers.Convert_rbac_RoleRef_To_v1_RoleRef(&clusterRoleBinding.RoleRef, &v1RoleRef, nil) - if err != nil { - return nil, err - } - rules, err := s.ruleResolver.GetRoleReferenceRules(v1RoleRef, metav1.NamespaceNone) - if err != nil { - return nil, err - } - if err := rbacregistryvalidation.ConfirmNoEscalation(ctx, s.ruleResolver, rules); err != nil { - return nil, errors.NewForbidden(groupResource, clusterRoleBinding.Name, err) - } - return s.StandardStorage.Create(ctx, obj, createValidation, options) -} - -func (s *Storage) Update(ctx context.Context, name string, obj rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - if rbacregistry.EscalationAllowed(ctx) { - return s.StandardStorage.Update(ctx, name, obj, createValidation, updateValidation, forceAllowCreate, options) - } - - nonEscalatingInfo := rest.WrapUpdatedObjectInfo(obj, func(ctx context.Context, obj runtime.Object, oldObj runtime.Object) (runtime.Object, error) { - clusterRoleBinding := obj.(*rbac.ClusterRoleBinding) - - // if we're only mutating fields needed for the GC to eventually delete this obj, return - if rbacregistry.IsOnlyMutatingGCFields(obj, oldObj, kapihelper.Semantic) { - return obj, nil - } - - // if we're explicitly authorized to bind this clusterrole, return - if rbacregistry.BindingAuthorized(ctx, clusterRoleBinding.RoleRef, metav1.NamespaceNone, s.authorizer) { - return obj, nil - } - - // Otherwise, see if we already have all the permissions contained in the referenced clusterrole - v1RoleRef := rbacv1.RoleRef{} - err := rbacv1helpers.Convert_rbac_RoleRef_To_v1_RoleRef(&clusterRoleBinding.RoleRef, &v1RoleRef, nil) - if err != nil { - return nil, err - } - rules, err := s.ruleResolver.GetRoleReferenceRules(v1RoleRef, metav1.NamespaceNone) - if err != nil { - return nil, err - } - if err := rbacregistryvalidation.ConfirmNoEscalation(ctx, s.ruleResolver, rules); err != nil { - return nil, errors.NewForbidden(groupResource, clusterRoleBinding.Name, err) - } - return obj, nil - }) - - return s.StandardStorage.Update(ctx, name, nonEscalatingInfo, createValidation, updateValidation, forceAllowCreate, options) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/registry.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/registry.go deleted file mode 100644 index 34f5b73a9e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/registry.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clusterrolebinding - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" -) - -// Registry is an interface for things that know how to store ClusterRoleBindings. -type Registry interface { - ListClusterRoleBindings(ctx context.Context, options *metainternalversion.ListOptions) (*rbacv1.ClusterRoleBindingList, error) -} - -// storage puts strong typing around storage calls -type storage struct { - rest.Lister -} - -// NewRegistry returns a new Registry interface for the given Storage. Any mismatched -// types will panic. -func NewRegistry(s rest.StandardStorage) Registry { - return &storage{s} -} - -func (s *storage) ListClusterRoleBindings(ctx context.Context, options *metainternalversion.ListOptions) (*rbacv1.ClusterRoleBindingList, error) { - obj, err := s.List(ctx, options) - if err != nil { - return nil, err - } - - ret := &rbacv1.ClusterRoleBindingList{} - if err := rbacv1helpers.Convert_rbac_ClusterRoleBindingList_To_v1_ClusterRoleBindingList(obj.(*rbac.ClusterRoleBindingList), ret, nil); err != nil { - return nil, err - } - return ret, nil -} - -// AuthorizerAdapter adapts the registry to the authorizer interface -type AuthorizerAdapter struct { - Registry Registry -} - -func (a AuthorizerAdapter) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error) { - list, err := a.Registry.ListClusterRoleBindings(genericapirequest.NewContext(), &metainternalversion.ListOptions{}) - if err != nil { - return nil, err - } - - ret := []*rbacv1.ClusterRoleBinding{} - for i := range list.Items { - ret = append(ret, &list.Items[i]) - } - return ret, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/storage/storage.go deleted file mode 100644 index 762730788b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/storage/storage.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding" -) - -// REST implements a RESTStorage for ClusterRoleBinding -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against ClusterRoleBinding objects. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &rbac.ClusterRoleBinding{} }, - NewListFunc: func() runtime.Object { return &rbac.ClusterRoleBindingList{} }, - DefaultQualifiedResource: rbac.Resource("clusterrolebindings"), - - CreateStrategy: clusterrolebinding.Strategy, - UpdateStrategy: clusterrolebinding.Strategy, - DeleteStrategy: clusterrolebinding.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/strategy.go deleted file mode 100644 index 83f0a54fad..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/strategy.go +++ /dev/null @@ -1,104 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clusterrolebinding - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/apis/rbac/validation" -) - -// strategy implements behavior for ClusterRoleBindings -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// strategy is the default logic that applies when creating and updating -// ClusterRoleBinding objects. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Strategy should implement rest.RESTCreateStrategy -var _ rest.RESTCreateStrategy = Strategy - -// Strategy should implement rest.RESTUpdateStrategy -var _ rest.RESTUpdateStrategy = Strategy - -// NamespaceScoped is false for ClusterRoleBindings. -func (strategy) NamespaceScoped() bool { - return false -} - -// AllowCreateOnUpdate is true for ClusterRoleBindings. -func (strategy) AllowCreateOnUpdate() bool { - return true -} - -// PrepareForCreate clears fields that are not allowed to be set by end users -// on creation. -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - _ = obj.(*rbac.ClusterRoleBinding) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newClusterRoleBinding := obj.(*rbac.ClusterRoleBinding) - oldClusterRoleBinding := old.(*rbac.ClusterRoleBinding) - - _, _ = newClusterRoleBinding, oldClusterRoleBinding -} - -// Validate validates a new ClusterRoleBinding. Validation must check for a correct signature. -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - clusterRoleBinding := obj.(*rbac.ClusterRoleBinding) - return validation.ValidateClusterRoleBinding(clusterRoleBinding) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (strategy) Canonicalize(obj runtime.Object) { - _ = obj.(*rbac.ClusterRoleBinding) -} - -// ValidateUpdate is the default update validation for an end user. -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newObj := obj.(*rbac.ClusterRoleBinding) - errorList := validation.ValidateClusterRoleBinding(newObj) - return append(errorList, validation.ValidateClusterRoleBindingUpdate(newObj, old.(*rbac.ClusterRoleBinding))...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// If AllowUnconditionalUpdate() is true and the object specified by -// the user does not have a resource version, then generic Update() -// populates it with the latest version. Else, it checks that the -// version specified by the user matches the version of latest etcd -// object. -func (strategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/escalation_check.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/escalation_check.go deleted file mode 100644 index 252c3e4e41..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/escalation_check.go +++ /dev/null @@ -1,146 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/kubernetes/pkg/apis/rbac" -) - -// EscalationAllowed checks if the user associated with the context is a superuser -func EscalationAllowed(ctx context.Context) bool { - u, ok := genericapirequest.UserFrom(ctx) - if !ok { - return false - } - - // system:masters is special because the API server uses it for privileged loopback connections - // therefore we know that a member of system:masters can always do anything - for _, group := range u.GetGroups() { - if group == user.SystemPrivilegedGroup { - return true - } - } - - return false -} - -var roleResources = map[schema.GroupResource]bool{ - rbac.SchemeGroupVersion.WithResource("clusterroles").GroupResource(): true, - rbac.SchemeGroupVersion.WithResource("roles").GroupResource(): true, -} - -// RoleEscalationAuthorized checks if the user associated with the context is explicitly authorized to escalate the role resource associated with the context -func RoleEscalationAuthorized(ctx context.Context, a authorizer.Authorizer) bool { - if a == nil { - return false - } - - user, ok := genericapirequest.UserFrom(ctx) - if !ok { - return false - } - - requestInfo, ok := genericapirequest.RequestInfoFrom(ctx) - if !ok { - return false - } - - if !requestInfo.IsResourceRequest { - return false - } - - requestResource := schema.GroupResource{Group: requestInfo.APIGroup, Resource: requestInfo.Resource} - if !roleResources[requestResource] { - return false - } - - attrs := authorizer.AttributesRecord{ - User: user, - Verb: "escalate", - APIGroup: requestInfo.APIGroup, - APIVersion: "*", - Resource: requestInfo.Resource, - Name: requestInfo.Name, - Namespace: requestInfo.Namespace, - ResourceRequest: true, - } - - decision, _, err := a.Authorize(ctx, attrs) - if err != nil { - utilruntime.HandleError(fmt.Errorf( - "error authorizing user %#v to escalate %#v named %q in namespace %q: %v", - user, requestResource, requestInfo.Name, requestInfo.Namespace, err, - )) - } - return decision == authorizer.DecisionAllow -} - -// BindingAuthorized returns true if the user associated with the context is explicitly authorized to bind the specified roleRef -func BindingAuthorized(ctx context.Context, roleRef rbac.RoleRef, bindingNamespace string, a authorizer.Authorizer) bool { - if a == nil { - return false - } - - user, ok := genericapirequest.UserFrom(ctx) - if !ok { - return false - } - - attrs := authorizer.AttributesRecord{ - User: user, - Verb: "bind", - // check against the namespace where the binding is being created (or the empty namespace for clusterrolebindings). - // this allows delegation to bind particular clusterroles in rolebindings within particular namespaces, - // and to authorize binding a clusterrole across all namespaces in a clusterrolebinding. - Namespace: bindingNamespace, - ResourceRequest: true, - } - - // This occurs after defaulting and conversion, so values pulled from the roleRef won't change - // Invalid APIGroup or Name values will fail validation - switch roleRef.Kind { - case "ClusterRole": - attrs.APIGroup = roleRef.APIGroup - attrs.APIVersion = "*" - attrs.Resource = "clusterroles" - attrs.Name = roleRef.Name - case "Role": - attrs.APIGroup = roleRef.APIGroup - attrs.APIVersion = "*" - attrs.Resource = "roles" - attrs.Name = roleRef.Name - default: - return false - } - - decision, _, err := a.Authorize(ctx, attrs) - if err != nil { - utilruntime.HandleError(fmt.Errorf( - "error authorizing user %#v to bind %#v in namespace %s: %v", - user, roleRef, bindingNamespace, err, - )) - } - return decision == authorizer.DecisionAllow -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/helpers.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/helpers.go deleted file mode 100644 index 76f7e7eee8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/helpers.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "reflect" - - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" -) - -// IsOnlyMutatingGCFields checks finalizers and ownerrefs which GC manipulates -// and indicates that only those fields are changing -func IsOnlyMutatingGCFields(obj, old runtime.Object, equalities conversion.Equalities) bool { - if old == nil || reflect.ValueOf(old).IsNil() { - return false - } - - // make a copy of the newObj so that we can stomp for comparison - copied := obj.DeepCopyObject() - copiedMeta, err := meta.Accessor(copied) - if err != nil { - return false - } - oldMeta, err := meta.Accessor(old) - if err != nil { - return false - } - copiedMeta.SetOwnerReferences(oldMeta.GetOwnerReferences()) - copiedMeta.SetFinalizers(oldMeta.GetFinalizers()) - copiedMeta.SetSelfLink(oldMeta.GetSelfLink()) - copiedMeta.SetManagedFields(oldMeta.GetManagedFields()) - - return equalities.DeepEqual(copied, old) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rest/storage_rbac.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rest/storage_rbac.go deleted file mode 100644 index 16502c476c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rest/storage_rbac.go +++ /dev/null @@ -1,415 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - "time" - - "k8s.io/klog/v2" - - rbacapiv1 "k8s.io/api/rbac/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - clientset "k8s.io/client-go/kubernetes" - rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" - "k8s.io/client-go/util/retry" - "k8s.io/component-helpers/auth/rbac/reconciliation" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/registry/rbac/clusterrole" - clusterrolepolicybased "k8s.io/kubernetes/pkg/registry/rbac/clusterrole/policybased" - clusterrolestore "k8s.io/kubernetes/pkg/registry/rbac/clusterrole/storage" - "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding" - clusterrolebindingpolicybased "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/policybased" - clusterrolebindingstore "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/storage" - "k8s.io/kubernetes/pkg/registry/rbac/role" - rolepolicybased "k8s.io/kubernetes/pkg/registry/rbac/role/policybased" - rolestore "k8s.io/kubernetes/pkg/registry/rbac/role/storage" - "k8s.io/kubernetes/pkg/registry/rbac/rolebinding" - rolebindingpolicybased "k8s.io/kubernetes/pkg/registry/rbac/rolebinding/policybased" - rolebindingstore "k8s.io/kubernetes/pkg/registry/rbac/rolebinding/storage" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" - "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy" -) - -const PostStartHookName = "rbac/bootstrap-roles" - -type RESTStorageProvider struct { - Authorizer authorizer.Authorizer -} - -var _ genericapiserver.PostStartHookProvider = RESTStorageProvider{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(rbac.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.storage(rbacapiv1.SchemeGroupVersion, apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[rbacapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) storage(version schema.GroupVersion, apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - rolesStorage, err := rolestore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - roleBindingsStorage, err := rolebindingstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - clusterRolesStorage, err := clusterrolestore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - clusterRoleBindingsStorage, err := clusterrolebindingstore.NewREST(restOptionsGetter) - if err != nil { - return storage, err - } - - authorizationRuleResolver := rbacregistryvalidation.NewDefaultRuleResolver( - role.AuthorizerAdapter{Registry: role.NewRegistry(rolesStorage)}, - rolebinding.AuthorizerAdapter{Registry: rolebinding.NewRegistry(roleBindingsStorage)}, - clusterrole.AuthorizerAdapter{Registry: clusterrole.NewRegistry(clusterRolesStorage)}, - clusterrolebinding.AuthorizerAdapter{Registry: clusterrolebinding.NewRegistry(clusterRoleBindingsStorage)}, - ) - - // roles - if resource := "roles"; apiResourceConfigSource.ResourceEnabled(rbacapiv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = rolepolicybased.NewStorage(rolesStorage, p.Authorizer, authorizationRuleResolver) - } - - // rolebindings - if resource := "rolebindings"; apiResourceConfigSource.ResourceEnabled(rbacapiv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = rolebindingpolicybased.NewStorage(roleBindingsStorage, p.Authorizer, authorizationRuleResolver) - } - - // clusterroles - if resource := "clusterroles"; apiResourceConfigSource.ResourceEnabled(rbacapiv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = clusterrolepolicybased.NewStorage(clusterRolesStorage, p.Authorizer, authorizationRuleResolver) - } - - // clusterrolebindings - if resource := "clusterrolebindings"; apiResourceConfigSource.ResourceEnabled(rbacapiv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = clusterrolebindingpolicybased.NewStorage(clusterRoleBindingsStorage, p.Authorizer, authorizationRuleResolver) - } - - return storage, nil -} - -func (p RESTStorageProvider) PostStartHook() (string, genericapiserver.PostStartHookFunc, error) { - policy := &PolicyData{ - ClusterRoles: append(bootstrappolicy.ClusterRoles(), bootstrappolicy.ControllerRoles()...), - ClusterRoleBindings: append(bootstrappolicy.ClusterRoleBindings(), bootstrappolicy.ControllerRoleBindings()...), - Roles: bootstrappolicy.NamespaceRoles(), - RoleBindings: bootstrappolicy.NamespaceRoleBindings(), - ClusterRolesToAggregate: bootstrappolicy.ClusterRolesToAggregate(), - ClusterRoleBindingsToSplit: bootstrappolicy.ClusterRoleBindingsToSplit(), - } - return PostStartHookName, policy.EnsureRBACPolicy(), nil -} - -type PolicyData struct { - ClusterRoles []rbacapiv1.ClusterRole - ClusterRoleBindings []rbacapiv1.ClusterRoleBinding - Roles map[string][]rbacapiv1.Role - RoleBindings map[string][]rbacapiv1.RoleBinding - // ClusterRolesToAggregate maps from previous clusterrole name to the new clusterrole name - ClusterRolesToAggregate map[string]string - // ClusterRoleBindingsToSplit maps from previous ClusterRoleBinding Name to a template for the new ClusterRoleBinding - ClusterRoleBindingsToSplit map[string]rbacapiv1.ClusterRoleBinding -} - -func isConflictOrServiceUnavailable(err error) bool { - return apierrors.IsConflict(err) || apierrors.IsServiceUnavailable(err) -} - -func retryOnConflictOrServiceUnavailable(backoff wait.Backoff, fn func() error) error { - return retry.OnError(backoff, isConflictOrServiceUnavailable, fn) -} - -func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc { - return func(hookContext genericapiserver.PostStartHookContext) error { - // initializing roles is really important. On some e2e runs, we've seen cases where etcd is down when the server - // starts, the roles don't initialize, and nothing works. - err := wait.Poll(1*time.Second, 30*time.Second, func() (done bool, err error) { - client, err := clientset.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - utilruntime.HandleError(fmt.Errorf("unable to initialize client set: %v", err)) - return false, nil - } - return ensureRBACPolicy(p, client) - }) - // if we're never able to make it through initialization, kill the API server - if err != nil { - return fmt.Errorf("unable to initialize roles: %v", err) - } - - return nil - } -} - -func ensureRBACPolicy(p *PolicyData, client clientset.Interface) (done bool, err error) { - failedReconciliation := false - // Make sure etcd is responding before we start reconciling - if _, err := client.RbacV1().ClusterRoles().List(context.TODO(), metav1.ListOptions{}); err != nil { - utilruntime.HandleError(fmt.Errorf("unable to initialize clusterroles: %v", err)) - return false, nil - } - if _, err := client.RbacV1().ClusterRoleBindings().List(context.TODO(), metav1.ListOptions{}); err != nil { - utilruntime.HandleError(fmt.Errorf("unable to initialize clusterrolebindings: %v", err)) - return false, nil - } - - // if the new cluster roles to aggregate do not yet exist, then we need to copy the old roles if they don't exist - // in new locations - if err := primeAggregatedClusterRoles(p.ClusterRolesToAggregate, client.RbacV1()); err != nil { - utilruntime.HandleError(fmt.Errorf("unable to prime aggregated clusterroles: %v", err)) - return false, nil - } - - if err := primeSplitClusterRoleBindings(p.ClusterRoleBindingsToSplit, client.RbacV1()); err != nil { - utilruntime.HandleError(fmt.Errorf("unable to prime split ClusterRoleBindings: %v", err)) - return false, nil - } - - // ensure bootstrap roles are created or reconciled - for _, clusterRole := range p.ClusterRoles { - opts := reconciliation.ReconcileRoleOptions{ - Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: &clusterRole}, - Client: reconciliation.ClusterRoleModifier{Client: client.RbacV1().ClusterRoles()}, - Confirm: true, - } - // ServiceUnavailble error is returned when the API server is blocked by storage version updates - err := retryOnConflictOrServiceUnavailable(retry.DefaultBackoff, func() error { - result, err := opts.Run() - if err != nil { - return err - } - switch { - case result.Protected && result.Operation != reconciliation.ReconcileNone: - klog.Warningf("skipped reconcile-protected clusterrole.%s/%s with missing permissions: %v", rbac.GroupName, clusterRole.Name, result.MissingRules) - case result.Operation == reconciliation.ReconcileUpdate: - klog.V(2).Infof("updated clusterrole.%s/%s with additional permissions: %v", rbac.GroupName, clusterRole.Name, result.MissingRules) - case result.Operation == reconciliation.ReconcileCreate: - klog.V(2).Infof("created clusterrole.%s/%s", rbac.GroupName, clusterRole.Name) - } - return nil - }) - if err != nil { - // don't fail on failures, try to create as many as you can - utilruntime.HandleError(fmt.Errorf("unable to reconcile clusterrole.%s/%s: %v", rbac.GroupName, clusterRole.Name, err)) - failedReconciliation = true - } - } - - // ensure bootstrap rolebindings are created or reconciled - for _, clusterRoleBinding := range p.ClusterRoleBindings { - opts := reconciliation.ReconcileRoleBindingOptions{ - RoleBinding: reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: &clusterRoleBinding}, - Client: reconciliation.ClusterRoleBindingClientAdapter{Client: client.RbacV1().ClusterRoleBindings()}, - Confirm: true, - } - // ServiceUnavailble error is returned when the API server is blocked by storage version updates - err := retryOnConflictOrServiceUnavailable(retry.DefaultBackoff, func() error { - result, err := opts.Run() - if err != nil { - return err - } - switch { - case result.Protected && result.Operation != reconciliation.ReconcileNone: - klog.Warningf("skipped reconcile-protected clusterrolebinding.%s/%s with missing subjects: %v", rbac.GroupName, clusterRoleBinding.Name, result.MissingSubjects) - case result.Operation == reconciliation.ReconcileUpdate: - klog.V(2).Infof("updated clusterrolebinding.%s/%s with additional subjects: %v", rbac.GroupName, clusterRoleBinding.Name, result.MissingSubjects) - case result.Operation == reconciliation.ReconcileCreate: - klog.V(2).Infof("created clusterrolebinding.%s/%s", rbac.GroupName, clusterRoleBinding.Name) - case result.Operation == reconciliation.ReconcileRecreate: - klog.V(2).Infof("recreated clusterrolebinding.%s/%s", rbac.GroupName, clusterRoleBinding.Name) - } - return nil - }) - if err != nil { - // don't fail on failures, try to create as many as you can - utilruntime.HandleError(fmt.Errorf("unable to reconcile clusterrolebinding.%s/%s: %v", rbac.GroupName, clusterRoleBinding.Name, err)) - failedReconciliation = true - } - } - - // ensure bootstrap namespaced roles are created or reconciled - for namespace, roles := range p.Roles { - for _, role := range roles { - opts := reconciliation.ReconcileRoleOptions{ - Role: reconciliation.RoleRuleOwner{Role: &role}, - Client: reconciliation.RoleModifier{Client: client.RbacV1(), NamespaceClient: client.CoreV1().Namespaces()}, - Confirm: true, - } - // ServiceUnavailble error is returned when the API server is blocked by storage version updates - err := retryOnConflictOrServiceUnavailable(retry.DefaultBackoff, func() error { - result, err := opts.Run() - if err != nil { - return err - } - switch { - case result.Protected && result.Operation != reconciliation.ReconcileNone: - klog.Warningf("skipped reconcile-protected role.%s/%s in %v with missing permissions: %v", rbac.GroupName, role.Name, namespace, result.MissingRules) - case result.Operation == reconciliation.ReconcileUpdate: - klog.V(2).Infof("updated role.%s/%s in %v with additional permissions: %v", rbac.GroupName, role.Name, namespace, result.MissingRules) - case result.Operation == reconciliation.ReconcileCreate: - klog.V(2).Infof("created role.%s/%s in %v", rbac.GroupName, role.Name, namespace) - } - return nil - }) - if err != nil { - // don't fail on failures, try to create as many as you can - utilruntime.HandleError(fmt.Errorf("unable to reconcile role.%s/%s in %v: %v", rbac.GroupName, role.Name, namespace, err)) - failedReconciliation = true - } - } - } - - // ensure bootstrap namespaced rolebindings are created or reconciled - for namespace, roleBindings := range p.RoleBindings { - for _, roleBinding := range roleBindings { - opts := reconciliation.ReconcileRoleBindingOptions{ - RoleBinding: reconciliation.RoleBindingAdapter{RoleBinding: &roleBinding}, - Client: reconciliation.RoleBindingClientAdapter{Client: client.RbacV1(), NamespaceClient: client.CoreV1().Namespaces()}, - Confirm: true, - } - // ServiceUnavailble error is returned when the API server is blocked by storage version updates - err := retryOnConflictOrServiceUnavailable(retry.DefaultBackoff, func() error { - result, err := opts.Run() - if err != nil { - return err - } - switch { - case result.Protected && result.Operation != reconciliation.ReconcileNone: - klog.Warningf("skipped reconcile-protected rolebinding.%s/%s in %v with missing subjects: %v", rbac.GroupName, roleBinding.Name, namespace, result.MissingSubjects) - case result.Operation == reconciliation.ReconcileUpdate: - klog.V(2).Infof("updated rolebinding.%s/%s in %v with additional subjects: %v", rbac.GroupName, roleBinding.Name, namespace, result.MissingSubjects) - case result.Operation == reconciliation.ReconcileCreate: - klog.V(2).Infof("created rolebinding.%s/%s in %v", rbac.GroupName, roleBinding.Name, namespace) - case result.Operation == reconciliation.ReconcileRecreate: - klog.V(2).Infof("recreated rolebinding.%s/%s in %v", rbac.GroupName, roleBinding.Name, namespace) - } - return nil - }) - if err != nil { - // don't fail on failures, try to create as many as you can - utilruntime.HandleError(fmt.Errorf("unable to reconcile rolebinding.%s/%s in %v: %v", rbac.GroupName, roleBinding.Name, namespace, err)) - failedReconciliation = true - } - } - } - // failed to reconcile some objects, retry - if failedReconciliation { - return false, nil - } - - return true, nil -} - -func (p RESTStorageProvider) GroupName() string { - return rbac.GroupName -} - -// primeAggregatedClusterRoles copies roles that have transitioned to aggregated roles and may need to pick up changes -// that were done to the legacy roles. -func primeAggregatedClusterRoles(clusterRolesToAggregate map[string]string, clusterRoleClient rbacv1client.ClusterRolesGetter) error { - for oldName, newName := range clusterRolesToAggregate { - _, err := clusterRoleClient.ClusterRoles().Get(context.TODO(), newName, metav1.GetOptions{}) - if err == nil { - continue - } - if !apierrors.IsNotFound(err) { - return err - } - - existingRole, err := clusterRoleClient.ClusterRoles().Get(context.TODO(), oldName, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - continue - } - if err != nil { - return err - } - if existingRole.AggregationRule != nil { - // the old role already moved to an aggregated role, so there are no custom rules to migrate at this point - return nil - } - klog.V(1).Infof("migrating %v to %v", existingRole.Name, newName) - existingRole.Name = newName - existingRole.ResourceVersion = "" // clear this so the object can be created. - if _, err := clusterRoleClient.ClusterRoles().Create(context.TODO(), existingRole, metav1.CreateOptions{}); err != nil && !apierrors.IsAlreadyExists(err) { - return err - } - } - - return nil -} - -// primeSplitClusterRoleBindings ensures the existence of target ClusterRoleBindings -// by copying Subjects, Annotations, and Labels from the specified source -// ClusterRoleBinding, if present. -func primeSplitClusterRoleBindings(clusterRoleBindingToSplit map[string]rbacapiv1.ClusterRoleBinding, clusterRoleBindingClient rbacv1client.ClusterRoleBindingsGetter) error { - for existingBindingName, clusterRoleBindingToCreate := range clusterRoleBindingToSplit { - // If source ClusterRoleBinding does not exist, do nothing. - existingRoleBinding, err := clusterRoleBindingClient.ClusterRoleBindings().Get(context.TODO(), existingBindingName, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - continue - } - if err != nil { - return err - } - - // If the target ClusterRoleBinding already exists, do nothing. - _, err = clusterRoleBindingClient.ClusterRoleBindings().Get(context.TODO(), clusterRoleBindingToCreate.Name, metav1.GetOptions{}) - if err == nil { - continue - } - if !apierrors.IsNotFound(err) { - return err - } - - // If the source exists, but the target does not, - // copy the subjects, labels, and annotations from the former to create the latter. - klog.V(1).Infof("copying subjects, labels, and annotations from ClusterRoleBinding %q to template %q", existingBindingName, clusterRoleBindingToCreate.Name) - newCRB := clusterRoleBindingToCreate.DeepCopy() - newCRB.Subjects = existingRoleBinding.Subjects - newCRB.Labels = existingRoleBinding.Labels - newCRB.Annotations = existingRoleBinding.Annotations - if _, err := clusterRoleBindingClient.ClusterRoleBindings().Create(context.TODO(), newCRB, metav1.CreateOptions{}); err != nil && !apierrors.IsAlreadyExists(err) { - return err - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/doc.go deleted file mode 100644 index c98942ccbf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package role provides Registry interface and its RESTStorage -// implementation for storing Role objects. -package role // import "k8s.io/kubernetes/pkg/registry/rbac/role" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/policybased/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/policybased/storage.go deleted file mode 100644 index c113e1d0f8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/policybased/storage.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package policybased implements a standard storage for Role that prevents privilege escalation. -package policybased - -import ( - "context" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/apiserver/pkg/registry/rest" - kapihelper "k8s.io/kubernetes/pkg/apis/core/helper" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacregistry "k8s.io/kubernetes/pkg/registry/rbac" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" -) - -var groupResource = rbac.Resource("roles") - -type Storage struct { - rest.StandardStorage - - authorizer authorizer.Authorizer - - ruleResolver rbacregistryvalidation.AuthorizationRuleResolver -} - -func NewStorage(s rest.StandardStorage, authorizer authorizer.Authorizer, ruleResolver rbacregistryvalidation.AuthorizationRuleResolver) *Storage { - return &Storage{s, authorizer, ruleResolver} -} - -// Destroy cleans up resources on shutdown. -func (r *Storage) Destroy() { - r.StandardStorage.Destroy() -} - -func (r *Storage) NamespaceScoped() bool { - return true -} - -func (r *Storage) StorageVersion() runtime.GroupVersioner { - svp, ok := r.StandardStorage.(rest.StorageVersionProvider) - if !ok { - return nil - } - return svp.StorageVersion() -} - -var _ rest.StorageVersionProvider = &Storage{} - -func (s *Storage) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - if rbacregistry.EscalationAllowed(ctx) || rbacregistry.RoleEscalationAuthorized(ctx, s.authorizer) { - return s.StandardStorage.Create(ctx, obj, createValidation, options) - } - - role := obj.(*rbac.Role) - rules := role.Rules - if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, rules); err != nil { - return nil, errors.NewForbidden(groupResource, role.Name, err) - } - return s.StandardStorage.Create(ctx, obj, createValidation, options) -} - -func (s *Storage) Update(ctx context.Context, name string, obj rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - if rbacregistry.EscalationAllowed(ctx) || rbacregistry.RoleEscalationAuthorized(ctx, s.authorizer) { - return s.StandardStorage.Update(ctx, name, obj, createValidation, updateValidation, forceAllowCreate, options) - } - - nonEscalatingInfo := rest.WrapUpdatedObjectInfo(obj, func(ctx context.Context, obj runtime.Object, oldObj runtime.Object) (runtime.Object, error) { - role := obj.(*rbac.Role) - - // if we're only mutating fields needed for the GC to eventually delete this obj, return - if rbacregistry.IsOnlyMutatingGCFields(obj, oldObj, kapihelper.Semantic) { - return obj, nil - } - - rules := role.Rules - if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, rules); err != nil { - return nil, errors.NewForbidden(groupResource, role.Name, err) - } - return obj, nil - }) - - return s.StandardStorage.Update(ctx, name, nonEscalatingInfo, createValidation, updateValidation, forceAllowCreate, options) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/registry.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/registry.go deleted file mode 100644 index 4df0f14bb3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/registry.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package role - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" -) - -// Registry is an interface for things that know how to store Roles. -type Registry interface { - GetRole(ctx context.Context, name string, options *metav1.GetOptions) (*rbacv1.Role, error) -} - -// storage puts strong typing around storage calls -type storage struct { - rest.Getter -} - -// NewRegistry returns a new Registry interface for the given Storage. Any mismatched -// types will panic. -func NewRegistry(s rest.StandardStorage) Registry { - return &storage{s} -} - -func (s *storage) GetRole(ctx context.Context, name string, options *metav1.GetOptions) (*rbacv1.Role, error) { - obj, err := s.Get(ctx, name, options) - if err != nil { - return nil, err - } - - ret := &rbacv1.Role{} - if err := rbacv1helpers.Convert_rbac_Role_To_v1_Role(obj.(*rbac.Role), ret, nil); err != nil { - return nil, err - } - return ret, nil -} - -// AuthorizerAdapter adapts the registry to the authorizer interface -type AuthorizerAdapter struct { - Registry Registry -} - -// GetRole returns the corresponding Role by name in specified namespace -func (a AuthorizerAdapter) GetRole(namespace, name string) (*rbacv1.Role, error) { - return a.Registry.GetRole(genericapirequest.WithNamespace(genericapirequest.NewContext(), namespace), name, &metav1.GetOptions{}) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/storage/storage.go deleted file mode 100644 index 6e6700ede9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/storage/storage.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/registry/rbac/role" -) - -// REST implements a RESTStorage for Role -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against Role objects. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &rbac.Role{} }, - NewListFunc: func() runtime.Object { return &rbac.RoleList{} }, - DefaultQualifiedResource: rbac.Resource("roles"), - - CreateStrategy: role.Strategy, - UpdateStrategy: role.Strategy, - DeleteStrategy: role.Strategy, - - // TODO: define table converter that exposes more than name/creation timestamp? - TableConvertor: rest.NewDefaultTableConvertor(rbac.Resource("roles")), - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/strategy.go deleted file mode 100644 index a7c0b04284..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/role/strategy.go +++ /dev/null @@ -1,104 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package role - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/apis/rbac/validation" -) - -// strategy implements behavior for Roles -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// Role objects. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Strategy should implement rest.RESTCreateStrategy -var _ rest.RESTCreateStrategy = Strategy - -// Strategy should implement rest.RESTUpdateStrategy -var _ rest.RESTUpdateStrategy = Strategy - -// NamespaceScoped is true for Roles. -func (strategy) NamespaceScoped() bool { - return true -} - -// AllowCreateOnUpdate is true for Roles. -func (strategy) AllowCreateOnUpdate() bool { - return true -} - -// PrepareForCreate clears fields that are not allowed to be set by end users -// on creation. -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - _ = obj.(*rbac.Role) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newRole := obj.(*rbac.Role) - oldRole := old.(*rbac.Role) - - _, _ = newRole, oldRole -} - -// Validate validates a new Role. Validation must check for a correct signature. -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - role := obj.(*rbac.Role) - return validation.ValidateRole(role) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (strategy) Canonicalize(obj runtime.Object) { - _ = obj.(*rbac.Role) -} - -// ValidateUpdate is the default update validation for an end user. -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newObj := obj.(*rbac.Role) - errorList := validation.ValidateRole(newObj) - return append(errorList, validation.ValidateRoleUpdate(newObj, old.(*rbac.Role))...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// If AllowUnconditionalUpdate() is true and the object specified by -// the user does not have a resource version, then generic Update() -// populates it with the latest version. Else, it checks that the -// version specified by the user matches the version of latest etcd -// object. -func (strategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/doc.go deleted file mode 100644 index 327ff238f2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package certificates provides Registry interface and its RESTStorage -// implementation for storing RoleBinding objects. -package rolebinding // import "k8s.io/kubernetes/pkg/registry/rbac/rolebinding" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/policybased/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/policybased/storage.go deleted file mode 100644 index 6488363551..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/policybased/storage.go +++ /dev/null @@ -1,144 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package policybased implements a standard storage for RoleBinding that prevents privilege escalation. -package policybased - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authorization/authorizer" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - kapihelper "k8s.io/kubernetes/pkg/apis/core/helper" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" - rbacregistry "k8s.io/kubernetes/pkg/registry/rbac" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" -) - -var groupResource = rbac.Resource("rolebindings") - -type Storage struct { - rest.StandardStorage - - authorizer authorizer.Authorizer - - ruleResolver rbacregistryvalidation.AuthorizationRuleResolver -} - -func NewStorage(s rest.StandardStorage, authorizer authorizer.Authorizer, ruleResolver rbacregistryvalidation.AuthorizationRuleResolver) *Storage { - return &Storage{s, authorizer, ruleResolver} -} - -// Destroy cleans up resources on shutdown. -func (r *Storage) Destroy() { - r.StandardStorage.Destroy() -} - -func (r *Storage) NamespaceScoped() bool { - return true -} - -func (r *Storage) StorageVersion() runtime.GroupVersioner { - svp, ok := r.StandardStorage.(rest.StorageVersionProvider) - if !ok { - return nil - } - return svp.StorageVersion() -} - -var _ rest.StorageVersionProvider = &Storage{} - -func (s *Storage) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - if rbacregistry.EscalationAllowed(ctx) { - return s.StandardStorage.Create(ctx, obj, createValidation, options) - } - - // Get the namespace from the context (populated from the URL). - // The namespace in the object can be empty until StandardStorage.Create()->BeforeCreate() populates it from the context. - namespace, ok := genericapirequest.NamespaceFrom(ctx) - if !ok { - return nil, errors.NewBadRequest("namespace is required") - } - - roleBinding := obj.(*rbac.RoleBinding) - if rbacregistry.BindingAuthorized(ctx, roleBinding.RoleRef, namespace, s.authorizer) { - return s.StandardStorage.Create(ctx, obj, createValidation, options) - } - - v1RoleRef := rbacv1.RoleRef{} - err := rbacv1helpers.Convert_rbac_RoleRef_To_v1_RoleRef(&roleBinding.RoleRef, &v1RoleRef, nil) - if err != nil { - return nil, err - } - rules, err := s.ruleResolver.GetRoleReferenceRules(v1RoleRef, namespace) - if err != nil { - return nil, err - } - if err := rbacregistryvalidation.ConfirmNoEscalation(ctx, s.ruleResolver, rules); err != nil { - return nil, errors.NewForbidden(groupResource, roleBinding.Name, err) - } - return s.StandardStorage.Create(ctx, obj, createValidation, options) -} - -func (s *Storage) Update(ctx context.Context, name string, obj rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - if rbacregistry.EscalationAllowed(ctx) { - return s.StandardStorage.Update(ctx, name, obj, createValidation, updateValidation, forceAllowCreate, options) - } - - nonEscalatingInfo := rest.WrapUpdatedObjectInfo(obj, func(ctx context.Context, obj runtime.Object, oldObj runtime.Object) (runtime.Object, error) { - // Get the namespace from the context (populated from the URL). - // The namespace in the object can be empty until StandardStorage.Update()->BeforeUpdate() populates it from the context. - namespace, ok := genericapirequest.NamespaceFrom(ctx) - if !ok { - return nil, errors.NewBadRequest("namespace is required") - } - - roleBinding := obj.(*rbac.RoleBinding) - - // if we're only mutating fields needed for the GC to eventually delete this obj, return - if rbacregistry.IsOnlyMutatingGCFields(obj, oldObj, kapihelper.Semantic) { - return obj, nil - } - - // if we're explicitly authorized to bind this role, return - if rbacregistry.BindingAuthorized(ctx, roleBinding.RoleRef, namespace, s.authorizer) { - return obj, nil - } - - // Otherwise, see if we already have all the permissions contained in the referenced role - v1RoleRef := rbacv1.RoleRef{} - err := rbacv1helpers.Convert_rbac_RoleRef_To_v1_RoleRef(&roleBinding.RoleRef, &v1RoleRef, nil) - if err != nil { - return nil, err - } - rules, err := s.ruleResolver.GetRoleReferenceRules(v1RoleRef, namespace) - if err != nil { - return nil, err - } - if err := rbacregistryvalidation.ConfirmNoEscalation(ctx, s.ruleResolver, rules); err != nil { - return nil, errors.NewForbidden(groupResource, roleBinding.Name, err) - } - return obj, nil - }) - - return s.StandardStorage.Update(ctx, name, nonEscalatingInfo, createValidation, updateValidation, forceAllowCreate, options) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/registry.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/registry.go deleted file mode 100644 index af78c1a499..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/registry.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rolebinding - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" -) - -// Registry is an interface for things that know how to store RoleBindings. -type Registry interface { - ListRoleBindings(ctx context.Context, options *metainternalversion.ListOptions) (*rbacv1.RoleBindingList, error) -} - -// storage puts strong typing around storage calls -type storage struct { - rest.Lister -} - -// NewRegistry returns a new Registry interface for the given Storage. Any mismatched -// types will panic. -func NewRegistry(s rest.StandardStorage) Registry { - return &storage{s} -} - -func (s *storage) ListRoleBindings(ctx context.Context, options *metainternalversion.ListOptions) (*rbacv1.RoleBindingList, error) { - obj, err := s.List(ctx, options) - if err != nil { - return nil, err - } - - ret := &rbacv1.RoleBindingList{} - if err := rbacv1helpers.Convert_rbac_RoleBindingList_To_v1_RoleBindingList(obj.(*rbac.RoleBindingList), ret, nil); err != nil { - return nil, err - } - return ret, nil -} - -// AuthorizerAdapter adapts the registry to the authorizer interface -type AuthorizerAdapter struct { - Registry Registry -} - -func (a AuthorizerAdapter) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error) { - list, err := a.Registry.ListRoleBindings(genericapirequest.WithNamespace(genericapirequest.NewContext(), namespace), &metainternalversion.ListOptions{}) - if err != nil { - return nil, err - } - - ret := []*rbacv1.RoleBinding{} - for i := range list.Items { - ret = append(ret, &list.Items[i]) - } - return ret, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/storage/storage.go deleted file mode 100644 index 0cbcfa0f64..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/storage/storage.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/rbac/rolebinding" -) - -// REST implements a RESTStorage for RoleBinding -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against RoleBinding objects. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &rbac.RoleBinding{} }, - NewListFunc: func() runtime.Object { return &rbac.RoleBindingList{} }, - DefaultQualifiedResource: rbac.Resource("rolebindings"), - - CreateStrategy: rolebinding.Strategy, - UpdateStrategy: rolebinding.Strategy, - DeleteStrategy: rolebinding.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/strategy.go deleted file mode 100644 index aa003ae1ca..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/rolebinding/strategy.go +++ /dev/null @@ -1,104 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rolebinding - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/rbac" - "k8s.io/kubernetes/pkg/apis/rbac/validation" -) - -// strategy implements behavior for RoleBindings -type strategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// strategy is the default logic that applies when creating and updating -// RoleBinding objects. -var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// Strategy should implement rest.RESTCreateStrategy -var _ rest.RESTCreateStrategy = Strategy - -// Strategy should implement rest.RESTUpdateStrategy -var _ rest.RESTUpdateStrategy = Strategy - -// NamespaceScoped is true for RoleBindings. -func (strategy) NamespaceScoped() bool { - return true -} - -// AllowCreateOnUpdate is true for RoleBindings. -func (strategy) AllowCreateOnUpdate() bool { - return true -} - -// PrepareForCreate clears fields that are not allowed to be set by end users -// on creation. -func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - _ = obj.(*rbac.RoleBinding) -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newRoleBinding := obj.(*rbac.RoleBinding) - oldRoleBinding := old.(*rbac.RoleBinding) - - _, _ = newRoleBinding, oldRoleBinding -} - -// Validate validates a new RoleBinding. Validation must check for a correct signature. -func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - roleBinding := obj.(*rbac.RoleBinding) - return validation.ValidateRoleBinding(roleBinding) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (strategy) Canonicalize(obj runtime.Object) { - _ = obj.(*rbac.RoleBinding) -} - -// ValidateUpdate is the default update validation for an end user. -func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newObj := obj.(*rbac.RoleBinding) - errorList := validation.ValidateRoleBinding(newObj) - return append(errorList, validation.ValidateRoleBindingUpdate(newObj, old.(*rbac.RoleBinding))...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// If AllowUnconditionalUpdate() is true and the object specified by -// the user does not have a resource version, then generic Update() -// populates it with the latest version. Else, it checks that the -// version specified by the user matches the version of latest etcd -// object. -func (strategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/internal_version_adapter.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/internal_version_adapter.go deleted file mode 100644 index bfb57242df..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/internal_version_adapter.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "context" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/kubernetes/pkg/apis/rbac" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" -) - -func ConfirmNoEscalationInternal(ctx context.Context, ruleResolver AuthorizationRuleResolver, inRules []rbac.PolicyRule) error { - rules := []rbacv1.PolicyRule{} - for i := range inRules { - v1Rule := rbacv1.PolicyRule{} - err := rbacv1helpers.Convert_rbac_PolicyRule_To_v1_PolicyRule(&inRules[i], &v1Rule, nil) - if err != nil { - return err - } - rules = append(rules, v1Rule) - } - - return ConfirmNoEscalation(ctx, ruleResolver, rules) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/policy_compact.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/policy_compact.go deleted file mode 100644 index 182657b1ca..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/policy_compact.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "reflect" - - rbacv1 "k8s.io/api/rbac/v1" -) - -type simpleResource struct { - Group string - Resource string - ResourceNameExist bool - ResourceName string -} - -// CompactRules combines rules that contain a single APIGroup/Resource, differ only by verb, and contain no other attributes. -// this is a fast check, and works well with the decomposed "missing rules" list from a Covers check. -func CompactRules(rules []rbacv1.PolicyRule) ([]rbacv1.PolicyRule, error) { - compacted := make([]rbacv1.PolicyRule, 0, len(rules)) - - simpleRules := map[simpleResource]*rbacv1.PolicyRule{} - for _, rule := range rules { - if resource, isSimple := isSimpleResourceRule(&rule); isSimple { - if existingRule, ok := simpleRules[resource]; ok { - // Add the new verbs to the existing simple resource rule - if existingRule.Verbs == nil { - existingRule.Verbs = []string{} - } - existingRule.Verbs = append(existingRule.Verbs, rule.Verbs...) - } else { - // Copy the rule to accumulate matching simple resource rules into - simpleRules[resource] = rule.DeepCopy() - } - } else { - compacted = append(compacted, rule) - } - } - - // Once we've consolidated the simple resource rules, add them to the compacted list - for _, simpleRule := range simpleRules { - compacted = append(compacted, *simpleRule) - } - - return compacted, nil -} - -// isSimpleResourceRule returns true if the given rule contains verbs, a single resource, a single API group, at most one Resource Name, and no other values -func isSimpleResourceRule(rule *rbacv1.PolicyRule) (simpleResource, bool) { - resource := simpleResource{} - - // If we have "complex" rule attributes, return early without allocations or expensive comparisons - if len(rule.ResourceNames) > 1 || len(rule.NonResourceURLs) > 0 { - return resource, false - } - // If we have multiple api groups or resources, return early - if len(rule.APIGroups) != 1 || len(rule.Resources) != 1 { - return resource, false - } - - // Test if this rule only contains APIGroups/Resources/Verbs/ResourceNames - simpleRule := &rbacv1.PolicyRule{APIGroups: rule.APIGroups, Resources: rule.Resources, Verbs: rule.Verbs, ResourceNames: rule.ResourceNames} - if !reflect.DeepEqual(simpleRule, rule) { - return resource, false - } - - if len(rule.ResourceNames) == 0 { - resource = simpleResource{Group: rule.APIGroups[0], Resource: rule.Resources[0], ResourceNameExist: false} - } else { - resource = simpleResource{Group: rule.APIGroups[0], Resource: rule.Resources[0], ResourceNameExist: true, ResourceName: rule.ResourceNames[0]} - } - - return resource, true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/rule.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/rule.go deleted file mode 100644 index 603f56afbc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/rbac/validation/rule.go +++ /dev/null @@ -1,368 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "context" - "errors" - "fmt" - "strings" - - "k8s.io/klog/v2" - - rbacv1 "k8s.io/api/rbac/v1" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/authentication/serviceaccount" - "k8s.io/apiserver/pkg/authentication/user" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/component-helpers/auth/rbac/validation" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" -) - -type AuthorizationRuleResolver interface { - // GetRoleReferenceRules attempts to resolve the role reference of a RoleBinding or ClusterRoleBinding. The passed namespace should be the namespace - // of the role binding, the empty string if a cluster role binding. - GetRoleReferenceRules(roleRef rbacv1.RoleRef, namespace string) ([]rbacv1.PolicyRule, error) - - // RulesFor returns the list of rules that apply to a given user in a given namespace and error. If an error is returned, the slice of - // PolicyRules may not be complete, but it contains all retrievable rules. This is done because policy rules are purely additive and policy determinations - // can be made on the basis of those rules that are found. - RulesFor(user user.Info, namespace string) ([]rbacv1.PolicyRule, error) - - // VisitRulesFor invokes visitor() with each rule that applies to a given user in a given namespace, and each error encountered resolving those rules. - // If visitor() returns false, visiting is short-circuited. - VisitRulesFor(user user.Info, namespace string, visitor func(source fmt.Stringer, rule *rbacv1.PolicyRule, err error) bool) -} - -// ConfirmNoEscalation determines if the roles for a given user in a given namespace encompass the provided role. -func ConfirmNoEscalation(ctx context.Context, ruleResolver AuthorizationRuleResolver, rules []rbacv1.PolicyRule) error { - ruleResolutionErrors := []error{} - - user, ok := genericapirequest.UserFrom(ctx) - if !ok { - return fmt.Errorf("no user on context") - } - namespace, _ := genericapirequest.NamespaceFrom(ctx) - - ownerRules, err := ruleResolver.RulesFor(user, namespace) - if err != nil { - // As per AuthorizationRuleResolver contract, this may return a non fatal error with an incomplete list of policies. Log the error and continue. - klog.V(1).Infof("non-fatal error getting local rules for %v: %v", user, err) - ruleResolutionErrors = append(ruleResolutionErrors, err) - } - - ownerRightsCover, missingRights := validation.Covers(ownerRules, rules) - if !ownerRightsCover { - compactMissingRights := missingRights - if compact, err := CompactRules(missingRights); err == nil { - compactMissingRights = compact - } - - missingDescriptions := sets.NewString() - for _, missing := range compactMissingRights { - missingDescriptions.Insert(rbacv1helpers.CompactString(missing)) - } - - msg := fmt.Sprintf("user %q (groups=%q) is attempting to grant RBAC permissions not currently held:\n%s", user.GetName(), user.GetGroups(), strings.Join(missingDescriptions.List(), "\n")) - if len(ruleResolutionErrors) > 0 { - msg = msg + fmt.Sprintf("; resolution errors: %v", ruleResolutionErrors) - } - - return errors.New(msg) - } - return nil -} - -type DefaultRuleResolver struct { - roleGetter RoleGetter - roleBindingLister RoleBindingLister - clusterRoleGetter ClusterRoleGetter - clusterRoleBindingLister ClusterRoleBindingLister -} - -func NewDefaultRuleResolver(roleGetter RoleGetter, roleBindingLister RoleBindingLister, clusterRoleGetter ClusterRoleGetter, clusterRoleBindingLister ClusterRoleBindingLister) *DefaultRuleResolver { - return &DefaultRuleResolver{roleGetter, roleBindingLister, clusterRoleGetter, clusterRoleBindingLister} -} - -type RoleGetter interface { - GetRole(namespace, name string) (*rbacv1.Role, error) -} - -type RoleBindingLister interface { - ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error) -} - -type ClusterRoleGetter interface { - GetClusterRole(name string) (*rbacv1.ClusterRole, error) -} - -type ClusterRoleBindingLister interface { - ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error) -} - -func (r *DefaultRuleResolver) RulesFor(user user.Info, namespace string) ([]rbacv1.PolicyRule, error) { - visitor := &ruleAccumulator{} - r.VisitRulesFor(user, namespace, visitor.visit) - return visitor.rules, utilerrors.NewAggregate(visitor.errors) -} - -type ruleAccumulator struct { - rules []rbacv1.PolicyRule - errors []error -} - -func (r *ruleAccumulator) visit(source fmt.Stringer, rule *rbacv1.PolicyRule, err error) bool { - if rule != nil { - r.rules = append(r.rules, *rule) - } - if err != nil { - r.errors = append(r.errors, err) - } - return true -} - -func describeSubject(s *rbacv1.Subject, bindingNamespace string) string { - switch s.Kind { - case rbacv1.ServiceAccountKind: - if len(s.Namespace) > 0 { - return fmt.Sprintf("%s %q", s.Kind, s.Name+"/"+s.Namespace) - } - return fmt.Sprintf("%s %q", s.Kind, s.Name+"/"+bindingNamespace) - default: - return fmt.Sprintf("%s %q", s.Kind, s.Name) - } -} - -type clusterRoleBindingDescriber struct { - binding *rbacv1.ClusterRoleBinding - subject *rbacv1.Subject -} - -func (d *clusterRoleBindingDescriber) String() string { - return fmt.Sprintf("ClusterRoleBinding %q of %s %q to %s", - d.binding.Name, - d.binding.RoleRef.Kind, - d.binding.RoleRef.Name, - describeSubject(d.subject, ""), - ) -} - -type roleBindingDescriber struct { - binding *rbacv1.RoleBinding - subject *rbacv1.Subject -} - -func (d *roleBindingDescriber) String() string { - return fmt.Sprintf("RoleBinding %q of %s %q to %s", - d.binding.Name+"/"+d.binding.Namespace, - d.binding.RoleRef.Kind, - d.binding.RoleRef.Name, - describeSubject(d.subject, d.binding.Namespace), - ) -} - -func (r *DefaultRuleResolver) VisitRulesFor(user user.Info, namespace string, visitor func(source fmt.Stringer, rule *rbacv1.PolicyRule, err error) bool) { - if clusterRoleBindings, err := r.clusterRoleBindingLister.ListClusterRoleBindings(); err != nil { - if !visitor(nil, nil, err) { - return - } - } else { - sourceDescriber := &clusterRoleBindingDescriber{} - for _, clusterRoleBinding := range clusterRoleBindings { - subjectIndex, applies := appliesTo(user, clusterRoleBinding.Subjects, "") - if !applies { - continue - } - rules, err := r.GetRoleReferenceRules(clusterRoleBinding.RoleRef, "") - if err != nil { - if !visitor(nil, nil, err) { - return - } - continue - } - sourceDescriber.binding = clusterRoleBinding - sourceDescriber.subject = &clusterRoleBinding.Subjects[subjectIndex] - for i := range rules { - if !visitor(sourceDescriber, &rules[i], nil) { - return - } - } - } - } - - if len(namespace) > 0 { - if roleBindings, err := r.roleBindingLister.ListRoleBindings(namespace); err != nil { - if !visitor(nil, nil, err) { - return - } - } else { - sourceDescriber := &roleBindingDescriber{} - for _, roleBinding := range roleBindings { - subjectIndex, applies := appliesTo(user, roleBinding.Subjects, namespace) - if !applies { - continue - } - rules, err := r.GetRoleReferenceRules(roleBinding.RoleRef, namespace) - if err != nil { - if !visitor(nil, nil, err) { - return - } - continue - } - sourceDescriber.binding = roleBinding - sourceDescriber.subject = &roleBinding.Subjects[subjectIndex] - for i := range rules { - if !visitor(sourceDescriber, &rules[i], nil) { - return - } - } - } - } - } -} - -// GetRoleReferenceRules attempts to resolve the RoleBinding or ClusterRoleBinding. -func (r *DefaultRuleResolver) GetRoleReferenceRules(roleRef rbacv1.RoleRef, bindingNamespace string) ([]rbacv1.PolicyRule, error) { - switch roleRef.Kind { - case "Role": - role, err := r.roleGetter.GetRole(bindingNamespace, roleRef.Name) - if err != nil { - return nil, err - } - return role.Rules, nil - - case "ClusterRole": - clusterRole, err := r.clusterRoleGetter.GetClusterRole(roleRef.Name) - if err != nil { - return nil, err - } - return clusterRole.Rules, nil - - default: - return nil, fmt.Errorf("unsupported role reference kind: %q", roleRef.Kind) - } -} - -// appliesTo returns whether any of the bindingSubjects applies to the specified subject, -// and if true, the index of the first subject that applies -func appliesTo(user user.Info, bindingSubjects []rbacv1.Subject, namespace string) (int, bool) { - for i, bindingSubject := range bindingSubjects { - if appliesToUser(user, bindingSubject, namespace) { - return i, true - } - } - return 0, false -} - -func has(set []string, ele string) bool { - for _, s := range set { - if s == ele { - return true - } - } - return false -} - -func appliesToUser(user user.Info, subject rbacv1.Subject, namespace string) bool { - switch subject.Kind { - case rbacv1.UserKind: - return user.GetName() == subject.Name - - case rbacv1.GroupKind: - return has(user.GetGroups(), subject.Name) - - case rbacv1.ServiceAccountKind: - // default the namespace to namespace we're working in if its available. This allows rolebindings that reference - // SAs in th local namespace to avoid having to qualify them. - saNamespace := namespace - if len(subject.Namespace) > 0 { - saNamespace = subject.Namespace - } - if len(saNamespace) == 0 { - return false - } - // use a more efficient comparison for RBAC checking - return serviceaccount.MatchesUsername(saNamespace, subject.Name, user.GetName()) - default: - return false - } -} - -// NewTestRuleResolver returns a rule resolver from lists of role objects. -func NewTestRuleResolver(roles []*rbacv1.Role, roleBindings []*rbacv1.RoleBinding, clusterRoles []*rbacv1.ClusterRole, clusterRoleBindings []*rbacv1.ClusterRoleBinding) (AuthorizationRuleResolver, *StaticRoles) { - r := StaticRoles{ - roles: roles, - roleBindings: roleBindings, - clusterRoles: clusterRoles, - clusterRoleBindings: clusterRoleBindings, - } - return newMockRuleResolver(&r), &r -} - -func newMockRuleResolver(r *StaticRoles) AuthorizationRuleResolver { - return NewDefaultRuleResolver(r, r, r, r) -} - -// StaticRoles is a rule resolver that resolves from lists of role objects. -type StaticRoles struct { - roles []*rbacv1.Role - roleBindings []*rbacv1.RoleBinding - clusterRoles []*rbacv1.ClusterRole - clusterRoleBindings []*rbacv1.ClusterRoleBinding -} - -func (r *StaticRoles) GetRole(namespace, name string) (*rbacv1.Role, error) { - if len(namespace) == 0 { - return nil, errors.New("must provide namespace when getting role") - } - for _, role := range r.roles { - if role.Namespace == namespace && role.Name == name { - return role, nil - } - } - return nil, errors.New("role not found") -} - -func (r *StaticRoles) GetClusterRole(name string) (*rbacv1.ClusterRole, error) { - for _, clusterRole := range r.clusterRoles { - if clusterRole.Name == name { - return clusterRole, nil - } - } - return nil, errors.New("clusterrole not found") -} - -func (r *StaticRoles) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error) { - if len(namespace) == 0 { - return nil, errors.New("must provide namespace when listing role bindings") - } - - roleBindingList := []*rbacv1.RoleBinding{} - for _, roleBinding := range r.roleBindings { - if roleBinding.Namespace != namespace { - continue - } - // TODO(ericchiang): need to implement label selectors? - roleBindingList = append(roleBindingList, roleBinding) - } - return roleBindingList, nil -} - -func (r *StaticRoles) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error) { - return r.clusterRoleBindings, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/podscheduling/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/podscheduling/storage/storage.go deleted file mode 100644 index b977f283b8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/podscheduling/storage/storage.go +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/resource/podscheduling" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for PodSchedulings. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against PodSchedulings. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &resource.PodScheduling{} }, - NewListFunc: func() runtime.Object { return &resource.PodSchedulingList{} }, - PredicateFunc: podscheduling.Match, - DefaultQualifiedResource: resource.Resource("podschedulings"), - - CreateStrategy: podscheduling.Strategy, - UpdateStrategy: podscheduling.Strategy, - DeleteStrategy: podscheduling.Strategy, - ReturnDeletedObject: true, - ResetFieldsStrategy: podscheduling.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: podscheduling.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = podscheduling.StatusStrategy - statusStore.ResetFieldsStrategy = podscheduling.StatusStrategy - - rest := &REST{store} - - return rest, &StatusREST{store: &statusStore}, nil -} - -// StatusREST implements the REST endpoint for changing the status of a PodScheduling. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new PodScheduling object. -func (r *StatusREST) New() runtime.Object { - return &resource.PodScheduling{} -} - -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/podscheduling/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/podscheduling/strategy.go deleted file mode 100644 index 99421213f4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/podscheduling/strategy.go +++ /dev/null @@ -1,163 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podscheduling - -import ( - "context" - "errors" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/apis/resource/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// podSchedulingStrategy implements behavior for PodScheduling objects -type podSchedulingStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// ResourceClaim objects via the REST API. -var Strategy = podSchedulingStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (podSchedulingStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy and -// should not be modified by the user. For a new PodScheduling that is the -// status. -func (podSchedulingStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "resource.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -func (podSchedulingStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - scheduling := obj.(*resource.PodScheduling) - // Status must not be set by user on create. - scheduling.Status = resource.PodSchedulingStatus{} -} - -func (podSchedulingStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - scheduling := obj.(*resource.PodScheduling) - return validation.ValidatePodScheduling(scheduling) -} - -func (podSchedulingStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -func (podSchedulingStrategy) Canonicalize(obj runtime.Object) { -} - -func (podSchedulingStrategy) AllowCreateOnUpdate() bool { - return false -} - -func (podSchedulingStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newScheduling := obj.(*resource.PodScheduling) - oldScheduling := old.(*resource.PodScheduling) - newScheduling.Status = oldScheduling.Status -} - -func (podSchedulingStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newScheduling := obj.(*resource.PodScheduling) - oldScheduling := old.(*resource.PodScheduling) - errorList := validation.ValidatePodScheduling(newScheduling) - return append(errorList, validation.ValidatePodSchedulingUpdate(newScheduling, oldScheduling)...) -} - -func (podSchedulingStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (podSchedulingStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type podSchedulingStatusStrategy struct { - podSchedulingStrategy -} - -var StatusStrategy = podSchedulingStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy and -// should not be modified by the user. For a status update that is the spec. -func (podSchedulingStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "resource.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -func (podSchedulingStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newScheduling := obj.(*resource.PodScheduling) - oldScheduling := old.(*resource.PodScheduling) - newScheduling.Spec = oldScheduling.Spec -} - -func (podSchedulingStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newScheduling := obj.(*resource.PodScheduling) - oldScheduling := old.(*resource.PodScheduling) - return validation.ValidatePodSchedulingStatusUpdate(newScheduling, oldScheduling) -} - -// WarningsOnUpdate returns warnings for the given update. -func (podSchedulingStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// Match returns a generic matcher for a given label and field selector. -func Match(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - scheduling, ok := obj.(*resource.PodScheduling) - if !ok { - return nil, nil, errors.New("not a PodScheduling") - } - return labels.Set(scheduling.Labels), toSelectableFields(scheduling), nil -} - -// toSelectableFields returns a field set that represents the object -func toSelectableFields(scheduling *resource.PodScheduling) fields.Set { - fields := generic.ObjectMetaFieldsSet(&scheduling.ObjectMeta, true) - return fields -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaim/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaim/storage/storage.go deleted file mode 100644 index 959cb680bf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaim/storage/storage.go +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/resource/resourceclaim" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// REST implements a RESTStorage for ResourceClaims. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against ResourceClaims. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &resource.ResourceClaim{} }, - NewListFunc: func() runtime.Object { return &resource.ResourceClaimList{} }, - PredicateFunc: resourceclaim.Match, - DefaultQualifiedResource: resource.Resource("resourceclaims"), - - CreateStrategy: resourceclaim.Strategy, - UpdateStrategy: resourceclaim.Strategy, - DeleteStrategy: resourceclaim.Strategy, - ReturnDeletedObject: true, - ResetFieldsStrategy: resourceclaim.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: resourceclaim.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = resourceclaim.StatusStrategy - statusStore.ResetFieldsStrategy = resourceclaim.StatusStrategy - - rest := &REST{store} - - return rest, &StatusREST{store: &statusStore}, nil -} - -// StatusREST implements the REST endpoint for changing the status of a ResourceClaim. -type StatusREST struct { - store *genericregistry.Store -} - -// New creates a new ResourceClaim object. -func (r *StatusREST) New() runtime.Object { - return &resource.ResourceClaim{} -} - -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaim/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaim/strategy.go deleted file mode 100644 index 8b71300de8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaim/strategy.go +++ /dev/null @@ -1,163 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourceclaim - -import ( - "context" - "errors" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/apis/resource/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// resourceclaimStrategy implements behavior for ResourceClaim objects -type resourceclaimStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// ResourceClaim objects via the REST API. -var Strategy = resourceclaimStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (resourceclaimStrategy) NamespaceScoped() bool { - return true -} - -// GetResetFields returns the set of fields that get reset by the strategy and -// should not be modified by the user. For a new ResourceClaim that is the -// status. -func (resourceclaimStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "resource.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -func (resourceclaimStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - claim := obj.(*resource.ResourceClaim) - // Status must not be set by user on create. - claim.Status = resource.ResourceClaimStatus{} -} - -func (resourceclaimStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - claim := obj.(*resource.ResourceClaim) - return validation.ValidateClaim(claim) -} - -func (resourceclaimStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -func (resourceclaimStrategy) Canonicalize(obj runtime.Object) { -} - -func (resourceclaimStrategy) AllowCreateOnUpdate() bool { - return false -} - -func (resourceclaimStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newClaim := obj.(*resource.ResourceClaim) - oldClaim := old.(*resource.ResourceClaim) - newClaim.Status = oldClaim.Status -} - -func (resourceclaimStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newClaim := obj.(*resource.ResourceClaim) - oldClaim := old.(*resource.ResourceClaim) - errorList := validation.ValidateClaim(newClaim) - return append(errorList, validation.ValidateClaimUpdate(newClaim, oldClaim)...) -} - -func (resourceclaimStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (resourceclaimStrategy) AllowUnconditionalUpdate() bool { - return true -} - -type resourceclaimStatusStrategy struct { - resourceclaimStrategy -} - -var StatusStrategy = resourceclaimStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy and -// should not be modified by the user. For a status update that is the spec. -func (resourceclaimStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "resource.k8s.io/v1alpha1": fieldpath.NewSet( - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -func (resourceclaimStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newClaim := obj.(*resource.ResourceClaim) - oldClaim := old.(*resource.ResourceClaim) - newClaim.Spec = oldClaim.Spec -} - -func (resourceclaimStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newClaim := obj.(*resource.ResourceClaim) - oldClaim := old.(*resource.ResourceClaim) - return validation.ValidateClaimStatusUpdate(newClaim, oldClaim) -} - -// WarningsOnUpdate returns warnings for the given update. -func (resourceclaimStatusStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// Match returns a generic matcher for a given label and field selector. -func Match(label labels.Selector, field fields.Selector) storage.SelectionPredicate { - return storage.SelectionPredicate{ - Label: label, - Field: field, - GetAttrs: GetAttrs, - } -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - claim, ok := obj.(*resource.ResourceClaim) - if !ok { - return nil, nil, errors.New("not a resourceclaim") - } - return labels.Set(claim.Labels), toSelectableFields(claim), nil -} - -// toSelectableFields returns a field set that represents the object -func toSelectableFields(claim *resource.ResourceClaim) fields.Set { - fields := generic.ObjectMetaFieldsSet(&claim.ObjectMeta, true) - return fields -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/storage/storage.go deleted file mode 100644 index 282db91006..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/storage/storage.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate" -) - -// REST implements a RESTStorage for ResourceClaimTemplate. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against ResourceClass. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &resource.ResourceClaimTemplate{} }, - NewListFunc: func() runtime.Object { return &resource.ResourceClaimTemplateList{} }, - DefaultQualifiedResource: resource.Resource("resourceclaimtemplates"), - - CreateStrategy: resourceclaimtemplate.Strategy, - UpdateStrategy: resourceclaimtemplate.Strategy, - DeleteStrategy: resourceclaimtemplate.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: resourceclaimtemplate.GetAttrs} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/strategy.go deleted file mode 100644 index 8c625c94d4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/strategy.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourceclaimtemplate - -import ( - "context" - "errors" - - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/apis/resource/validation" -) - -// resourceClaimTemplateStrategy implements behavior for ResourceClaimTemplate objects -type resourceClaimTemplateStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -var Strategy = resourceClaimTemplateStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (resourceClaimTemplateStrategy) NamespaceScoped() bool { - return true -} - -func (resourceClaimTemplateStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -func (resourceClaimTemplateStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - resourceClaimTemplate := obj.(*resource.ResourceClaimTemplate) - return validation.ValidateClaimTemplate(resourceClaimTemplate) -} - -func (resourceClaimTemplateStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -func (resourceClaimTemplateStrategy) Canonicalize(obj runtime.Object) { -} - -func (resourceClaimTemplateStrategy) AllowCreateOnUpdate() bool { - return false -} - -func (resourceClaimTemplateStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -func (resourceClaimTemplateStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - errorList := validation.ValidateClaimTemplate(obj.(*resource.ResourceClaimTemplate)) - return append(errorList, validation.ValidateClaimTemplateUpdate(obj.(*resource.ResourceClaimTemplate), old.(*resource.ResourceClaimTemplate))...) -} - -func (resourceClaimTemplateStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (resourceClaimTemplateStrategy) AllowUnconditionalUpdate() bool { - return true -} - -// GetAttrs returns labels and fields of a given object for filtering purposes. -func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { - template, ok := obj.(*resource.ResourceClaimTemplate) - if !ok { - return nil, nil, errors.New("not a resourceclaimtemplate") - } - return labels.Set(template.Labels), toSelectableFields(template), nil -} - -// toSelectableFields returns a field set that represents the object -func toSelectableFields(template *resource.ResourceClaimTemplate) fields.Set { - fields := generic.ObjectMetaFieldsSet(&template.ObjectMeta, true) - return fields -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclass/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclass/storage/storage.go deleted file mode 100644 index 310488ab04..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclass/storage/storage.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/resource/resourceclass" -) - -// REST implements a RESTStorage for ResourceClass. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against ResourceClass. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &resource.ResourceClass{} }, - NewListFunc: func() runtime.Object { return &resource.ResourceClassList{} }, - DefaultQualifiedResource: resource.Resource("resourceclasses"), - - CreateStrategy: resourceclass.Strategy, - UpdateStrategy: resourceclass.Strategy, - DeleteStrategy: resourceclass.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclass/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclass/strategy.go deleted file mode 100644 index 55f98fe406..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/resourceclass/strategy.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourceclass - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/resource" - "k8s.io/kubernetes/pkg/apis/resource/validation" -) - -// resourceClassStrategy implements behavior for ResourceClass objects -type resourceClassStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -var Strategy = resourceClassStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (resourceClassStrategy) NamespaceScoped() bool { - return false -} - -func (resourceClassStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -func (resourceClassStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - resourceClass := obj.(*resource.ResourceClass) - return validation.ValidateClass(resourceClass) -} - -func (resourceClassStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -func (resourceClassStrategy) Canonicalize(obj runtime.Object) { -} - -func (resourceClassStrategy) AllowCreateOnUpdate() bool { - return false -} - -func (resourceClassStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -func (resourceClassStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - errorList := validation.ValidateClass(obj.(*resource.ResourceClass)) - return append(errorList, validation.ValidateClassUpdate(obj.(*resource.ResourceClass), old.(*resource.ResourceClass))...) -} - -func (resourceClassStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (resourceClassStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/rest/storage_resource.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/rest/storage_resource.go deleted file mode 100644 index 93d793e466..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/resource/rest/storage_resource.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - resourcev1alpha1 "k8s.io/api/resource/v1alpha1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/resource" - podschedulingstore "k8s.io/kubernetes/pkg/registry/resource/podscheduling/storage" - resourceclaimstore "k8s.io/kubernetes/pkg/registry/resource/resourceclaim/storage" - resourceclaimtemplatestore "k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/storage" - resourceclassstore "k8s.io/kubernetes/pkg/registry/resource/resourceclass/storage" -) - -type RESTStorageProvider struct{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(resource.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[resourcev1alpha1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - if resource := "resourceclasses"; apiResourceConfigSource.ResourceEnabled(resourcev1alpha1.SchemeGroupVersion.WithResource(resource)) { - resourceClassStorage, err := resourceclassstore.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = resourceClassStorage - } - - if resource := "resourceclaims"; apiResourceConfigSource.ResourceEnabled(resourcev1alpha1.SchemeGroupVersion.WithResource(resource)) { - resourceClaimStorage, resourceClaimStatusStorage, err := resourceclaimstore.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = resourceClaimStorage - storage[resource+"/status"] = resourceClaimStatusStorage - } - - if resource := "resourceclaimtemplates"; apiResourceConfigSource.ResourceEnabled(resourcev1alpha1.SchemeGroupVersion.WithResource(resource)) { - resourceClaimTemplateStorage, err := resourceclaimtemplatestore.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = resourceClaimTemplateStorage - } - - if resource := "podschedulings"; apiResourceConfigSource.ResourceEnabled(resourcev1alpha1.SchemeGroupVersion.WithResource(resource)) { - podSchedulingStorage, podSchedulingStatusStorage, err := podschedulingstore.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = podSchedulingStorage - storage[resource+"/status"] = podSchedulingStatusStorage - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return resource.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/doc.go deleted file mode 100644 index b4359aed6c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package priorityclass // import "k8s.io/kubernetes/pkg/registry/scheduling/priorityclass" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/storage/storage.go deleted file mode 100644 index b84a573a12..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/storage/storage.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - "errors" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/kubernetes/pkg/apis/scheduling" - schedulingapiv1 "k8s.io/kubernetes/pkg/apis/scheduling/v1" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/scheduling/priorityclass" -) - -// REST implements a RESTStorage for priority classes against etcd -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against priority classes. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &scheduling.PriorityClass{} }, - NewListFunc: func() runtime.Object { return &scheduling.PriorityClassList{} }, - DefaultQualifiedResource: scheduling.Resource("priorityclasses"), - - CreateStrategy: priorityclass.Strategy, - UpdateStrategy: priorityclass.Strategy, - DeleteStrategy: priorityclass.Strategy, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"pc"} -} - -// Delete ensures that system priority classes are not deleted. -func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error) { - for _, spc := range schedulingapiv1.SystemPriorityClasses() { - if name == spc.Name { - return nil, false, apierrors.NewForbidden(scheduling.Resource("priorityclasses"), spc.Name, errors.New("this is a system priority class and cannot be deleted")) - } - } - - return r.Store.Delete(ctx, name, deleteValidation, options) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/strategy.go deleted file mode 100644 index 462a5c2f34..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/strategy.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package priorityclass - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/scheduling" - "k8s.io/kubernetes/pkg/apis/scheduling/validation" -) - -// priorityClassStrategy implements verification logic for PriorityClass. -type priorityClassStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating PriorityClass objects. -var Strategy = priorityClassStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns false because all PriorityClasses are global. -func (priorityClassStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate clears the status of a PriorityClass before creation. -func (priorityClassStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - pc := obj.(*scheduling.PriorityClass) - pc.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (priorityClassStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {} - -// Validate validates a new PriorityClass. -func (priorityClassStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - pc := obj.(*scheduling.PriorityClass) - return validation.ValidatePriorityClass(pc) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (priorityClassStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (priorityClassStrategy) Canonicalize(obj runtime.Object) {} - -// AllowCreateOnUpdate is false for PriorityClass; this means POST is needed to create one. -func (priorityClassStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (priorityClassStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - return validation.ValidatePriorityClassUpdate(obj.(*scheduling.PriorityClass), old.(*scheduling.PriorityClass)) -} - -// WarningsOnUpdate returns warnings for the given update. -func (priorityClassStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -// AllowUnconditionalUpdate is the default update policy for PriorityClass objects. -func (priorityClassStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/rest/storage_scheduling.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/rest/storage_scheduling.go deleted file mode 100644 index 01bd84de35..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/scheduling/rest/storage_scheduling.go +++ /dev/null @@ -1,124 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "fmt" - "time" - - "k8s.io/klog/v2" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - schedulingclient "k8s.io/client-go/kubernetes/typed/scheduling/v1" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/scheduling" - schedulingapiv1 "k8s.io/kubernetes/pkg/apis/scheduling/v1" - priorityclassstore "k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/storage" -) - -const PostStartHookName = "scheduling/bootstrap-system-priority-classes" - -type RESTStorageProvider struct{} - -var _ genericapiserver.PostStartHookProvider = RESTStorageProvider{} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(scheduling.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[schedulingapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // priorityclasses - if resource := "priorityclasses"; apiResourceConfigSource.ResourceEnabled(schedulingapiv1.SchemeGroupVersion.WithResource(resource)) { - if priorityClassStorage, err := priorityclassstore.NewREST(restOptionsGetter); err != nil { - return nil, err - } else { - storage[resource] = priorityClassStorage - } - } - - return storage, nil -} - -func (p RESTStorageProvider) PostStartHook() (string, genericapiserver.PostStartHookFunc, error) { - return PostStartHookName, AddSystemPriorityClasses(), nil -} - -func AddSystemPriorityClasses() genericapiserver.PostStartHookFunc { - return func(hookContext genericapiserver.PostStartHookContext) error { - // Adding system priority classes is important. If they fail to add, many critical system - // components may fail and cluster may break. - err := wait.Poll(1*time.Second, 30*time.Second, func() (done bool, err error) { - schedClientSet, err := schedulingclient.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - utilruntime.HandleError(fmt.Errorf("unable to initialize client: %v", err)) - return false, nil - } - - for _, pc := range schedulingapiv1.SystemPriorityClasses() { - _, err := schedClientSet.PriorityClasses().Get(context.TODO(), pc.Name, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - _, err := schedClientSet.PriorityClasses().Create(context.TODO(), pc, metav1.CreateOptions{}) - if err == nil || apierrors.IsAlreadyExists(err) { - klog.Infof("created PriorityClass %s with value %v", pc.Name, pc.Value) - continue - } - // ServiceUnavailble error is returned when the API server is blocked by storage version updates - if apierrors.IsServiceUnavailable(err) { - klog.Infof("going to retry, unable to create PriorityClass %s: %v", pc.Name, err) - return false, nil - } - return false, err - } else { - // Unable to get the priority class for reasons other than "not found". - klog.Warningf("unable to get PriorityClass %v: %v. Retrying...", pc.Name, err) - return false, nil - } - } - } - klog.Infof("all system priority classes are created successfully or already exist.") - return true, nil - }) - // if we're never able to make it through initialization, kill the API server. - if err != nil { - return fmt.Errorf("unable to add default system priority classes: %v", err) - } - return nil - } -} - -func (p RESTStorageProvider) GroupName() string { - return scheduling.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/doc.go deleted file mode 100644 index edb13124fc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package csidriver provides Registry interface and its REST -// implementation for storing csidriver api objects. -package csidriver diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/storage/storage.go deleted file mode 100644 index 3f3fea2774..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/storage/storage.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - storageapi "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/storage/csidriver" -) - -// CSIDriverStorage includes storage for CSIDrivers and all subresources -type CSIDriverStorage struct { - CSIDriver *REST -} - -// REST object that will work for CSIDrivers -type REST struct { - *genericregistry.Store -} - -// NewStorage returns a RESTStorage object that will work against CSIDrivers -func NewStorage(optsGetter generic.RESTOptionsGetter) (*CSIDriverStorage, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &storageapi.CSIDriver{} }, - NewListFunc: func() runtime.Object { return &storageapi.CSIDriverList{} }, - DefaultQualifiedResource: storageapi.Resource("csidrivers"), - - CreateStrategy: csidriver.Strategy, - UpdateStrategy: csidriver.Strategy, - DeleteStrategy: csidriver.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &CSIDriverStorage{ - CSIDriver: &REST{store}, - }, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/strategy.go deleted file mode 100644 index 743864b40e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csidriver/strategy.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package csidriver - -import ( - "context" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/apis/storage/validation" - "k8s.io/kubernetes/pkg/features" -) - -// csiDriverStrategy implements behavior for CSIDriver objects -type csiDriverStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// CSIDriver objects via the REST API. -var Strategy = csiDriverStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (csiDriverStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate clears the fields for which the corresponding feature is disabled. -func (csiDriverStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - csiDriver := obj.(*storage.CSIDriver) - if !utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - csiDriver.Spec.SELinuxMount = nil - } -} - -func (csiDriverStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - csiDriver := obj.(*storage.CSIDriver) - - return validation.ValidateCSIDriver(csiDriver) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (csiDriverStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (csiDriverStrategy) Canonicalize(obj runtime.Object) { -} - -func (csiDriverStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate clears the fields for which the corresponding feature is disabled and -// existing object does not already have that field set. This allows the field to remain when -// downgrading to a version that has the feature disabled. -func (csiDriverStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newCSIDriver := obj.(*storage.CSIDriver) - oldCSIDriver := old.(*storage.CSIDriver) - - if oldCSIDriver.Spec.SELinuxMount == nil && - !utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - newCSIDriver.Spec.SELinuxMount = nil - } - - // Any changes to the mutable fields increment the generation number. - if !apiequality.Semantic.DeepEqual(oldCSIDriver.Spec.TokenRequests, newCSIDriver.Spec.TokenRequests) || - !apiequality.Semantic.DeepEqual(oldCSIDriver.Spec.RequiresRepublish, newCSIDriver.Spec.RequiresRepublish) || - !apiequality.Semantic.DeepEqual(oldCSIDriver.Spec.SELinuxMount, newCSIDriver.Spec.SELinuxMount) { - newCSIDriver.Generation = oldCSIDriver.Generation + 1 - } -} - -func (csiDriverStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newCSIDriverObj := obj.(*storage.CSIDriver) - oldCSIDriverObj := old.(*storage.CSIDriver) - return validation.ValidateCSIDriverUpdate(newCSIDriverObj, oldCSIDriverObj) -} - -// WarningsOnUpdate returns warnings for the given update. -func (csiDriverStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (csiDriverStrategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/doc.go deleted file mode 100644 index cfbc7bc3a9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package csinode provides Registry interface and its REST -// implementation for storing csinode api objects. -package csinode diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/storage/storage.go deleted file mode 100644 index 6fd562f1fa..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/storage/storage.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - storageapi "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/storage/csinode" -) - -// CSINodeStorage includes storage for CSINodes and all subresources -type CSINodeStorage struct { - CSINode *REST -} - -// REST object that will work for CSINodes -type REST struct { - *genericregistry.Store -} - -// NewStorage returns a RESTStorage object that will work against CSINodes -func NewStorage(optsGetter generic.RESTOptionsGetter) (*CSINodeStorage, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &storageapi.CSINode{} }, - NewListFunc: func() runtime.Object { return &storageapi.CSINodeList{} }, - DefaultQualifiedResource: storageapi.Resource("csinodes"), - - CreateStrategy: csinode.Strategy, - UpdateStrategy: csinode.Strategy, - DeleteStrategy: csinode.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &CSINodeStorage{ - CSINode: &REST{store}, - }, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/strategy.go deleted file mode 100644 index 5341f1bd36..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csinode/strategy.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package csinode - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/apis/storage/validation" -) - -// csiNodeStrategy implements behavior for CSINode objects -type csiNodeStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// CSINode objects via the REST API. -var Strategy = csiNodeStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (csiNodeStrategy) NamespaceScoped() bool { - return false -} - -// PrepareForCreate clears fields that are not allowed to be set on creation. -func (csiNodeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -func (csiNodeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - csiNode := obj.(*storage.CSINode) - validateOptions := validation.CSINodeValidationOptions{ - AllowLongNodeID: true, - } - - errs := validation.ValidateCSINode(csiNode, validateOptions) - - return errs -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (csiNodeStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil } - -// Canonicalize normalizes the object after validation. -func (csiNodeStrategy) Canonicalize(obj runtime.Object) { -} - -func (csiNodeStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate sets the driver's Allocatable fields that are not allowed to be set by an end user updating a CSINode. -func (csiNodeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -func (csiNodeStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newCSINodeObj := obj.(*storage.CSINode) - oldCSINodeObj := old.(*storage.CSINode) - validateOptions := validation.CSINodeValidationOptions{ - AllowLongNodeID: true, - } - - errorList := validation.ValidateCSINode(newCSINodeObj, validateOptions) - return append(errorList, validation.ValidateCSINodeUpdate(newCSINodeObj, oldCSINodeObj, validateOptions)...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (csiNodeStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (csiNodeStrategy) AllowUnconditionalUpdate() bool { - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/doc.go deleted file mode 100644 index 3b99e2cf6b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package csistoragecapacity provides Registry interface and its REST -// implementation for storing csistoragecapacity api objects. -package csistoragecapacity diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/storage/storage.go deleted file mode 100644 index b638d96b0f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/storage/storage.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - storageapi "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity" -) - -// CSIStorageCapacityStorage includes storage for CSIStorageCapacity and all subresources -type CSIStorageCapacityStorage struct { - CSIStorageCapacity *REST -} - -// REST object that will work for CSIStorageCapacity -type REST struct { - *genericregistry.Store -} - -// NewStorage returns a RESTStorage object that will work against CSIStorageCapacity -func NewStorage(optsGetter generic.RESTOptionsGetter) (*CSIStorageCapacityStorage, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &storageapi.CSIStorageCapacity{} }, - NewListFunc: func() runtime.Object { return &storageapi.CSIStorageCapacityList{} }, - DefaultQualifiedResource: storageapi.Resource("csistoragecapacities"), - - TableConvertor: rest.NewDefaultTableConvertor(storageapi.Resource("csistoragecapacities")), - - CreateStrategy: csistoragecapacity.Strategy, - UpdateStrategy: csistoragecapacity.Strategy, - DeleteStrategy: csistoragecapacity.Strategy, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &CSIStorageCapacityStorage{ - CSIStorageCapacity: &REST{store}, - }, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/strategy.go deleted file mode 100644 index ec865dacf9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/strategy.go +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package csistoragecapacity - -import ( - "context" - - metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - storageutil "k8s.io/kubernetes/pkg/api/storage" - "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/apis/storage/validation" -) - -// csiStorageCapacityStrategy implements behavior for CSIStorageCapacity objects -type csiStorageCapacityStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// CSIStorageCapacity objects via the REST API. -var Strategy = csiStorageCapacityStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (csiStorageCapacityStrategy) NamespaceScoped() bool { - return true -} - -// PrepareForCreate is currently a NOP. -func (csiStorageCapacityStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -func (csiStorageCapacityStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - csiStorageCapacity := obj.(*storage.CSIStorageCapacity) - opts := validation.CSIStorageCapacityValidateOptions{ - AllowInvalidLabelValueInSelector: false, - } - errs := validation.ValidateCSIStorageCapacity(csiStorageCapacity, opts) - errs = append(errs, validation.ValidateCSIStorageCapacity(csiStorageCapacity, opts)...) - - return errs -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (csiStorageCapacityStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return storageutil.GetWarningsForCSIStorageCapacity(obj.(*storage.CSIStorageCapacity)) -} - -// Canonicalize normalizes the object after validation. -func (csiStorageCapacityStrategy) Canonicalize(obj runtime.Object) { -} - -func (csiStorageCapacityStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate is currently a NOP. -func (csiStorageCapacityStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -func (csiStorageCapacityStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newCSIStorageCapacityObj := obj.(*storage.CSIStorageCapacity) - oldCSIStorageCapacityObj := old.(*storage.CSIStorageCapacity) - opts := validation.CSIStorageCapacityValidateOptions{ - AllowInvalidLabelValueInSelector: hasInvalidLabelValueInLabelSelector(oldCSIStorageCapacityObj), - } - errorList := validation.ValidateCSIStorageCapacity(newCSIStorageCapacityObj, opts) - return append(errorList, validation.ValidateCSIStorageCapacityUpdate(newCSIStorageCapacityObj, oldCSIStorageCapacityObj)...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (csiStorageCapacityStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return storageutil.GetWarningsForCSIStorageCapacity(obj.(*storage.CSIStorageCapacity)) -} - -func (csiStorageCapacityStrategy) AllowUnconditionalUpdate() bool { - return false -} - -func hasInvalidLabelValueInLabelSelector(capacity *storage.CSIStorageCapacity) bool { - labelSelectorValidationOptions := metav1validation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false} - return len(metav1validation.ValidateLabelSelector(capacity.NodeTopology, labelSelectorValidationOptions, nil)) > 0 -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/rest/storage_storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/rest/storage_storage.go deleted file mode 100644 index 207c6f1b32..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/rest/storage_storage.go +++ /dev/null @@ -1,148 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - storageapiv1 "k8s.io/api/storage/v1" - storageapiv1alpha1 "k8s.io/api/storage/v1alpha1" - storageapiv1beta1 "k8s.io/api/storage/v1beta1" - "k8s.io/apiserver/pkg/registry/generic" - "k8s.io/apiserver/pkg/registry/rest" - genericapiserver "k8s.io/apiserver/pkg/server" - serverstorage "k8s.io/apiserver/pkg/server/storage" - "k8s.io/kubernetes/pkg/api/legacyscheme" - storageapi "k8s.io/kubernetes/pkg/apis/storage" - csidriverstore "k8s.io/kubernetes/pkg/registry/storage/csidriver/storage" - csinodestore "k8s.io/kubernetes/pkg/registry/storage/csinode/storage" - csistoragecapacitystore "k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/storage" - storageclassstore "k8s.io/kubernetes/pkg/registry/storage/storageclass/storage" - volumeattachmentstore "k8s.io/kubernetes/pkg/registry/storage/volumeattachment/storage" -) - -type RESTStorageProvider struct { -} - -func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(storageapi.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) - // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. - // TODO refactor the plumbing to provide the information in the APIGroupInfo - - if storageMap, err := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[storageapiv1alpha1.SchemeGroupVersion.Version] = storageMap - } - if storageMap, err := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[storageapiv1beta1.SchemeGroupVersion.Version] = storageMap - } - if storageMap, err := p.v1Storage(apiResourceConfigSource, restOptionsGetter); err != nil { - return genericapiserver.APIGroupInfo{}, err - } else if len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[storageapiv1.SchemeGroupVersion.Version] = storageMap - } - - return apiGroupInfo, nil -} - -func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // register csistoragecapacities - if resource := "csistoragecapacities"; apiResourceConfigSource.ResourceEnabled(storageapiv1alpha1.SchemeGroupVersion.WithResource(resource)) { - csiStorageStorage, err := csistoragecapacitystore.NewStorage(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = csiStorageStorage.CSIStorageCapacity - } - - return storage, nil -} - -func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storage := map[string]rest.Storage{} - - // register csistoragecapacities - if resource := "csistoragecapacities"; apiResourceConfigSource.ResourceEnabled(storageapiv1beta1.SchemeGroupVersion.WithResource(resource)) { - csiStorageStorage, err := csistoragecapacitystore.NewStorage(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = csiStorageStorage.CSIStorageCapacity - } - - return storage, nil -} - -func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (map[string]rest.Storage, error) { - storageClassStorage, err := storageclassstore.NewREST(restOptionsGetter) - if err != nil { - return nil, err - } - volumeAttachmentStorage, err := volumeattachmentstore.NewStorage(restOptionsGetter) - if err != nil { - return nil, err - } - - storage := map[string]rest.Storage{} - - // storageclasses - if resource := "storageclasses"; apiResourceConfigSource.ResourceEnabled(storageapiv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = storageClassStorage - } - - // volumeattachments - if resource := "volumeattachments"; apiResourceConfigSource.ResourceEnabled(storageapiv1.SchemeGroupVersion.WithResource(resource)) { - storage[resource] = volumeAttachmentStorage.VolumeAttachment - storage[resource+"/status"] = volumeAttachmentStorage.Status - } - - // register csinodes - if resource := "csinodes"; apiResourceConfigSource.ResourceEnabled(storageapiv1.SchemeGroupVersion.WithResource(resource)) { - csiNodeStorage, err := csinodestore.NewStorage(restOptionsGetter) - if err != nil { - return nil, err - } - storage[resource] = csiNodeStorage.CSINode - } - - // register csidrivers - if resource := "csidrivers"; apiResourceConfigSource.ResourceEnabled(storageapiv1.SchemeGroupVersion.WithResource(resource)) { - csiDriverStorage, err := csidriverstore.NewStorage(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = csiDriverStorage.CSIDriver - } - - // register csistoragecapacities - if resource := "csistoragecapacities"; apiResourceConfigSource.ResourceEnabled(storageapiv1.SchemeGroupVersion.WithResource(resource)) { - csiStorageStorage, err := csistoragecapacitystore.NewStorage(restOptionsGetter) - if err != nil { - return storage, err - } - storage[resource] = csiStorageStorage.CSIStorageCapacity - } - - return storage, nil -} - -func (p RESTStorageProvider) GroupName() string { - return storageapi.GroupName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/doc.go deleted file mode 100644 index 8cb0432317..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package storageClass provides Registry interface and its REST -// implementation for storing storageclass api objects. -package storageclass diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/storage/storage.go deleted file mode 100644 index fb4394e664..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/storage/storage.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - storageapi "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/storage/storageclass" -) - -// REST implements a RESTStorage for storage classes. -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against storage classes. -func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &storageapi.StorageClass{} }, - NewListFunc: func() runtime.Object { return &storageapi.StorageClassList{} }, - DefaultQualifiedResource: storageapi.Resource("storageclasses"), - - CreateStrategy: storageclass.Strategy, - UpdateStrategy: storageclass.Strategy, - DeleteStrategy: storageclass.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - return &REST{store}, nil -} - -// Implement ShortNamesProvider -var _ rest.ShortNamesProvider = &REST{} - -// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource. -func (r *REST) ShortNames() []string { - return []string{"sc"} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/strategy.go deleted file mode 100644 index 7e833a06f4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/storageclass/strategy.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storageclass - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - storageutil "k8s.io/kubernetes/pkg/api/storage" - "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/apis/storage/validation" -) - -// storageClassStrategy implements behavior for StorageClass objects -type storageClassStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// StorageClass objects via the REST API. -var Strategy = storageClassStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (storageClassStrategy) NamespaceScoped() bool { - return false -} - -// ResetBeforeCreate clears the Status field which is not allowed to be set by end users on creation. -func (storageClassStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { -} - -func (storageClassStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - storageClass := obj.(*storage.StorageClass) - return validation.ValidateStorageClass(storageClass) -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (storageClassStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return storageutil.GetWarningsForStorageClass(obj.(*storage.StorageClass)) -} - -// Canonicalize normalizes the object after validation. -func (storageClassStrategy) Canonicalize(obj runtime.Object) { -} - -func (storageClassStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate sets the Status fields which is not allowed to be set by an end user updating a PV -func (storageClassStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { -} - -func (storageClassStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - errorList := validation.ValidateStorageClass(obj.(*storage.StorageClass)) - return append(errorList, validation.ValidateStorageClassUpdate(obj.(*storage.StorageClass), old.(*storage.StorageClass))...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (storageClassStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return storageutil.GetWarningsForStorageClass(obj.(*storage.StorageClass)) -} - -func (storageClassStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/doc.go deleted file mode 100644 index 91bb452354..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package volumeattachment provides Registry interface and its REST -// implementation for storing volumeattachment api objects. -package volumeattachment diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/storage/storage.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/storage/storage.go deleted file mode 100644 index 91c1c2a114..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/storage/storage.go +++ /dev/null @@ -1,113 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/apiserver/pkg/registry/rest" - storageapi "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/printers" - printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" - printerstorage "k8s.io/kubernetes/pkg/printers/storage" - "k8s.io/kubernetes/pkg/registry/storage/volumeattachment" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// VolumeAttachmentStorage includes storage for VolumeAttachments and all subresources -type VolumeAttachmentStorage struct { - VolumeAttachment *REST - Status *StatusREST -} - -// REST object that will work for VolumeAttachments -type REST struct { - *genericregistry.Store -} - -// NewStorage returns a RESTStorage object that will work against VolumeAttachments -func NewStorage(optsGetter generic.RESTOptionsGetter) (*VolumeAttachmentStorage, error) { - store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &storageapi.VolumeAttachment{} }, - NewListFunc: func() runtime.Object { return &storageapi.VolumeAttachmentList{} }, - DefaultQualifiedResource: storageapi.Resource("volumeattachments"), - - CreateStrategy: volumeattachment.Strategy, - UpdateStrategy: volumeattachment.Strategy, - DeleteStrategy: volumeattachment.Strategy, - ResetFieldsStrategy: volumeattachment.Strategy, - ReturnDeletedObject: true, - - TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)}, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - return nil, err - } - - statusStore := *store - statusStore.UpdateStrategy = volumeattachment.StatusStrategy - statusStore.ResetFieldsStrategy = volumeattachment.StatusStrategy - - return &VolumeAttachmentStorage{ - VolumeAttachment: &REST{store}, - Status: &StatusREST{store: &statusStore}, - }, nil -} - -// StatusREST implements the REST endpoint for changing the status of a VolumeAttachment -type StatusREST struct { - store *genericregistry.Store -} - -var _ = rest.Patcher(&StatusREST{}) - -// New creates a new VolumeAttachment resource -func (r *StatusREST) New() runtime.Object { - return &storageapi.VolumeAttachment{} -} - -// Destroy cleans up resources on shutdown. -func (r *StatusREST) Destroy() { - // Given that underlying store is shared with REST, - // we don't destroy it here explicitly. -} - -// Get retrieves the object from the storage. It is required to support Patch. -func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { - return r.store.Get(ctx, name, options) -} - -// Update alters the status subset of an object. -func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { - // We are explicitly setting forceAllowCreate to false in the call to the underlying storage because - // subresources should never allow create on update. - return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options) -} - -// GetResetFields implements rest.ResetFieldsStrategy -func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - return r.store.GetResetFields() -} - -func (r *StatusREST) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { - return r.store.ConvertToTable(ctx, object, tableOptions) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/strategy.go b/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/strategy.go deleted file mode 100644 index f802a6ab15..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/registry/storage/volumeattachment/strategy.go +++ /dev/null @@ -1,142 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volumeattachment - -import ( - "context" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/apis/storage/validation" - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// volumeAttachmentStrategy implements behavior for VolumeAttachment objects -type volumeAttachmentStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating -// VolumeAttachment objects via the REST API. -var Strategy = volumeAttachmentStrategy{legacyscheme.Scheme, names.SimpleNameGenerator} - -func (volumeAttachmentStrategy) NamespaceScoped() bool { - return false -} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (volumeAttachmentStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "storage.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("status"), - ), - } - - return fields -} - -// ResetBeforeCreate clears the Status field which is not allowed to be set by end users on creation. -func (volumeAttachmentStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { - volumeAttachment := obj.(*storage.VolumeAttachment) - volumeAttachment.Status = storage.VolumeAttachmentStatus{} -} - -func (volumeAttachmentStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { - volumeAttachment := obj.(*storage.VolumeAttachment) - - errs := validation.ValidateVolumeAttachment(volumeAttachment) - - // tighten up validation of newly created v1 attachments - errs = append(errs, validation.ValidateVolumeAttachmentV1(volumeAttachment)...) - return errs -} - -// WarningsOnCreate returns warnings for the creation of the given object. -func (volumeAttachmentStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { - return nil -} - -// Canonicalize normalizes the object after validation. -func (volumeAttachmentStrategy) Canonicalize(obj runtime.Object) { -} - -func (volumeAttachmentStrategy) AllowCreateOnUpdate() bool { - return false -} - -// PrepareForUpdate sets the Status fields which is not allowed to be set by an end user updating a VolumeAttachment -func (volumeAttachmentStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newVolumeAttachment := obj.(*storage.VolumeAttachment) - oldVolumeAttachment := old.(*storage.VolumeAttachment) - - newVolumeAttachment.Status = oldVolumeAttachment.Status - // No need to increment Generation because we don't allow updates to spec - -} - -func (volumeAttachmentStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { - newVolumeAttachmentObj := obj.(*storage.VolumeAttachment) - oldVolumeAttachmentObj := old.(*storage.VolumeAttachment) - errorList := validation.ValidateVolumeAttachment(newVolumeAttachmentObj) - return append(errorList, validation.ValidateVolumeAttachmentUpdate(newVolumeAttachmentObj, oldVolumeAttachmentObj)...) -} - -// WarningsOnUpdate returns warnings for the given update. -func (volumeAttachmentStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string { - return nil -} - -func (volumeAttachmentStrategy) AllowUnconditionalUpdate() bool { - return false -} - -// volumeAttachmentStatusStrategy implements behavior for VolumeAttachmentStatus subresource -type volumeAttachmentStatusStrategy struct { - volumeAttachmentStrategy -} - -// StatusStrategy is the default logic that applies when creating and updating -// VolumeAttachmentStatus subresource via the REST API. -var StatusStrategy = volumeAttachmentStatusStrategy{Strategy} - -// GetResetFields returns the set of fields that get reset by the strategy -// and should not be modified by the user. -func (volumeAttachmentStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set { - fields := map[fieldpath.APIVersion]*fieldpath.Set{ - "storage.k8s.io/v1": fieldpath.NewSet( - fieldpath.MakePathOrDie("metadata"), - fieldpath.MakePathOrDie("spec"), - ), - } - - return fields -} - -// PrepareForUpdate sets the Status fields which is not allowed to be set by an end user updating a VolumeAttachment -func (volumeAttachmentStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - newVolumeAttachment := obj.(*storage.VolumeAttachment) - oldVolumeAttachment := old.(*storage.VolumeAttachment) - - newVolumeAttachment.Spec = oldVolumeAttachment.Spec - metav1.ResetObjectMetaForStatus(&newVolumeAttachment.ObjectMeta, &oldVolumeAttachment.ObjectMeta) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/routes/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/routes/OWNERS deleted file mode 100644 index 56d3fa23ab..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/routes/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - deads2k - - lavalamp - - sttts - - caesarxuchao -approvers: - - deads2k - - lavalamp - - sttts diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/routes/const_other.go b/etcd/vendor/k8s.io/kubernetes/pkg/routes/const_other.go deleted file mode 100644 index fff6446e54..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/routes/const_other.go +++ /dev/null @@ -1,26 +0,0 @@ -//go:build !windows -// +build !windows - -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import "syscall" - -const ( - fileNameTooLong = syscall.ENAMETOOLONG -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/routes/const_windows.go b/etcd/vendor/k8s.io/kubernetes/pkg/routes/const_windows.go deleted file mode 100644 index 32662b8ad8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/routes/const_windows.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import "golang.org/x/sys/windows" - -const ( - fileNameTooLong = windows.ERROR_FILENAME_EXCED_RANGE -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/routes/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/routes/doc.go deleted file mode 100644 index ef220cbf5c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/routes/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package routes holds a collection of optional master http handlers. -package routes diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/routes/logs.go b/etcd/vendor/k8s.io/kubernetes/pkg/routes/logs.go deleted file mode 100644 index 95635d453d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/routes/logs.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - "net/http" - "os" - "path" - - "github.com/emicklei/go-restful/v3" -) - -// Logs adds handlers for the /logs path serving log files from /var/log. -type Logs struct{} - -// Install func registers the logs handler. -func (l Logs) Install(c *restful.Container) { - // use restful: ws.Route(ws.GET("/logs/{logpath:*}").To(fileHandler)) - // See github.com/emicklei/go-restful/blob/master/examples/static/restful-serve-static.go - ws := new(restful.WebService) - ws.Path("/logs") - ws.Doc("get log files") - ws.Route(ws.GET("/{logpath:*}").To(logFileHandler).Param(ws.PathParameter("logpath", "path to the log").DataType("string"))) - ws.Route(ws.GET("/").To(logFileListHandler)) - - c.Add(ws) -} - -func logFileHandler(req *restful.Request, resp *restful.Response) { - logdir := "/var/log" - actual := path.Join(logdir, req.PathParameter("logpath")) - - // check filename length first, return 404 if it's oversize. - if logFileNameIsTooLong(actual) { - http.Error(resp, "file not found", http.StatusNotFound) - return - } - http.ServeFile(resp.ResponseWriter, req.Request, actual) -} - -func logFileListHandler(req *restful.Request, resp *restful.Response) { - logdir := "/var/log" - http.ServeFile(resp.ResponseWriter, req.Request, logdir) -} - -// logFileNameIsTooLong checks filename length, returns true if it's longer than 255. -// cause http.ServeFile returns default error code 500 except for NotExist and Forbidden, but we need to separate the real 500 from oversize filename here. -func logFileNameIsTooLong(filePath string) bool { - _, err := os.Stat(filePath) - if err != nil { - if e, ok := err.(*os.PathError); ok && e.Err == fileNameTooLong { - return true - } - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/routes/openidmetadata.go b/etcd/vendor/k8s.io/kubernetes/pkg/routes/openidmetadata.go deleted file mode 100644 index aafd76e106..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/routes/openidmetadata.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package routes - -import ( - "net/http" - - restful "github.com/emicklei/go-restful/v3" - - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/serviceaccount" -) - -// This code is in package routes because many controllers import -// pkg/serviceaccount, but are not allowed by import-boss to depend on -// go-restful. All logic that deals with keys is kept in pkg/serviceaccount, -// and only the rendered JSON is passed into this server. - -const ( - // cacheControl is the value of the Cache-Control header. Overrides the - // global `private, no-cache` setting. - headerCacheControl = "Cache-Control" - cacheControl = "public, max-age=3600" // 1 hour - - // mimeJWKS is the content type of the keyset response - mimeJWKS = "application/jwk-set+json" -) - -// OpenIDMetadataServer is an HTTP server for metadata of the KSA token issuer. -type OpenIDMetadataServer struct { - configJSON []byte - keysetJSON []byte -} - -// NewOpenIDMetadataServer creates a new OpenIDMetadataServer. -// The issuer is the OIDC issuer; keys are the keys that may be used to sign -// KSA tokens. -func NewOpenIDMetadataServer(configJSON, keysetJSON []byte) *OpenIDMetadataServer { - return &OpenIDMetadataServer{ - configJSON: configJSON, - keysetJSON: keysetJSON, - } -} - -// Install adds this server to the request router c. -func (s *OpenIDMetadataServer) Install(c *restful.Container) { - // Configuration WebService - // Container.Add "will detect duplicate root paths and exit in that case", - // so we need a root for /.well-known/openid-configuration to avoid conflicts. - cfg := new(restful.WebService). - Produces(restful.MIME_JSON) - - cfg.Path(serviceaccount.OpenIDConfigPath).Route( - cfg.GET(""). - To(fromStandard(s.serveConfiguration)). - Doc("get service account issuer OpenID configuration, also known as the 'OIDC discovery doc'"). - Operation("getServiceAccountIssuerOpenIDConfiguration"). - // Just include the OK, doesn't look like we include Internal Error in our openapi-spec. - Returns(http.StatusOK, "OK", "")) - c.Add(cfg) - - // JWKS WebService - jwks := new(restful.WebService). - Produces(mimeJWKS) - - jwks.Path(serviceaccount.JWKSPath).Route( - jwks.GET(""). - To(fromStandard(s.serveKeys)). - Doc("get service account issuer OpenID JSON Web Key Set (contains public token verification keys)"). - Operation("getServiceAccountIssuerOpenIDKeyset"). - // Just include the OK, doesn't look like we include Internal Error in our openapi-spec. - Returns(http.StatusOK, "OK", "")) - c.Add(jwks) -} - -// fromStandard provides compatibility between the standard (net/http) handler signature and the restful signature. -func fromStandard(h http.HandlerFunc) restful.RouteFunction { - return func(req *restful.Request, resp *restful.Response) { - h(resp, req.Request) - } -} - -func (s *OpenIDMetadataServer) serveConfiguration(w http.ResponseWriter, req *http.Request) { - w.Header().Set(restful.HEADER_ContentType, restful.MIME_JSON) - w.Header().Set(headerCacheControl, cacheControl) - if _, err := w.Write(s.configJSON); err != nil { - klog.Errorf("failed to write service account issuer metadata response: %v", err) - return - } -} - -func (s *OpenIDMetadataServer) serveKeys(w http.ResponseWriter, req *http.Request) { - // Per RFC7517 : https://tools.ietf.org/html/rfc7517#section-8.5.1 - w.Header().Set(restful.HEADER_ContentType, mimeJWKS) - w.Header().Set(headerCacheControl, cacheControl) - if _, err := w.Write(s.keysetJSON); err != nil { - klog.Errorf("failed to write service account issuer JWKS response: %v", err) - return - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/OWNERS deleted file mode 100644 index 3023c572ed..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - api-approvers -reviewers: - - api-reviewers - - sig-scheduling-api-reviewers - - sig-scheduling-api-approvers -labels: - - kind/api-change - - sig/scheduling diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/doc.go deleted file mode 100644 index 896eaa83b6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=kubescheduler.config.k8s.io - -package config // import "k8s.io/kubernetes/pkg/scheduler/apis/config" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/register.go b/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/register.go deleted file mode 100644 index 457556e101..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name used in this package -const GroupName = "kubescheduler.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is a global function that registers this API group & version to a scheme - AddToScheme = SchemeBuilder.AddToScheme -) - -// addKnownTypes registers known types to the given scheme -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &KubeSchedulerConfiguration{}, - &DefaultPreemptionArgs{}, - &InterPodAffinityArgs{}, - &NodeResourcesFitArgs{}, - &PodTopologySpreadArgs{}, - &VolumeBindingArgs{}, - &NodeResourcesBalancedAllocationArgs{}, - &NodeAffinityArgs{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/types.go deleted file mode 100644 index 8db4e35c98..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/types.go +++ /dev/null @@ -1,338 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - "math" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/sets" - componentbaseconfig "k8s.io/component-base/config" -) - -const ( - // SchedulerPolicyConfigMapKey defines the key of the element in the - // scheduler's policy ConfigMap that contains scheduler's policy config. - SchedulerPolicyConfigMapKey = "policy.cfg" - - // DefaultKubeSchedulerPort is the default port for the scheduler status server. - // May be overridden by a flag at startup. - DefaultKubeSchedulerPort = 10259 -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// KubeSchedulerConfiguration configures a scheduler -type KubeSchedulerConfiguration struct { - // TypeMeta contains the API version and kind. In kube-scheduler, after - // conversion from the versioned KubeSchedulerConfiguration type to this - // internal type, we set the APIVersion field to the scheme group/version of - // the type we converted from. This is done in cmd/kube-scheduler in two - // places: (1) when loading config from a file, (2) generating the default - // config. Based on the versioned type set in this field, we make decisions; - // for example (1) during validation to check for usage of removed plugins, - // (2) writing config to a file, (3) initialising the scheduler. - metav1.TypeMeta - - // Parallelism defines the amount of parallelism in algorithms for scheduling a Pods. Must be greater than 0. Defaults to 16 - Parallelism int32 - - // LeaderElection defines the configuration of leader election client. - LeaderElection componentbaseconfig.LeaderElectionConfiguration - - // ClientConnection specifies the kubeconfig file and client connection - // settings for the proxy server to use when communicating with the apiserver. - ClientConnection componentbaseconfig.ClientConnectionConfiguration - // HealthzBindAddress is the IP address and port for the health check server to serve on. - HealthzBindAddress string - // MetricsBindAddress is the IP address and port for the metrics server to serve on. - MetricsBindAddress string - - // DebuggingConfiguration holds configuration for Debugging related features - // TODO: We might wanna make this a substruct like Debugging componentbaseconfig.DebuggingConfiguration - componentbaseconfig.DebuggingConfiguration - - // PercentageOfNodesToScore is the percentage of all nodes that once found feasible - // for running a pod, the scheduler stops its search for more feasible nodes in - // the cluster. This helps improve scheduler's performance. Scheduler always tries to find - // at least "minFeasibleNodesToFind" feasible nodes no matter what the value of this flag is. - // Example: if the cluster size is 500 nodes and the value of this flag is 30, - // then scheduler stops finding further feasible nodes once it finds 150 feasible ones. - // When the value is 0, default percentage (5%--50% based on the size of the cluster) of the - // nodes will be scored. It is overridden by profile level PercentageOfNodesToScore. - PercentageOfNodesToScore *int32 - - // PodInitialBackoffSeconds is the initial backoff for unschedulable pods. - // If specified, it must be greater than 0. If this value is null, the default value (1s) - // will be used. - PodInitialBackoffSeconds int64 - - // PodMaxBackoffSeconds is the max backoff for unschedulable pods. - // If specified, it must be greater than or equal to podInitialBackoffSeconds. If this value is null, - // the default value (10s) will be used. - PodMaxBackoffSeconds int64 - - // Profiles are scheduling profiles that kube-scheduler supports. Pods can - // choose to be scheduled under a particular profile by setting its associated - // scheduler name. Pods that don't specify any scheduler name are scheduled - // with the "default-scheduler" profile, if present here. - Profiles []KubeSchedulerProfile - - // Extenders are the list of scheduler extenders, each holding the values of how to communicate - // with the extender. These extenders are shared by all scheduler profiles. - Extenders []Extender -} - -// KubeSchedulerProfile is a scheduling profile. -type KubeSchedulerProfile struct { - // SchedulerName is the name of the scheduler associated to this profile. - // If SchedulerName matches with the pod's "spec.schedulerName", then the pod - // is scheduled with this profile. - SchedulerName string - - // PercentageOfNodesToScore is the percentage of all nodes that once found feasible - // for running a pod, the scheduler stops its search for more feasible nodes in - // the cluster. This helps improve scheduler's performance. Scheduler always tries to find - // at least "minFeasibleNodesToFind" feasible nodes no matter what the value of this flag is. - // Example: if the cluster size is 500 nodes and the value of this flag is 30, - // then scheduler stops finding further feasible nodes once it finds 150 feasible ones. - // When the value is 0, default percentage (5%--50% based on the size of the cluster) of the - // nodes will be scored. It will override global PercentageOfNodesToScore. If it is empty, - // global PercentageOfNodesToScore will be used. - PercentageOfNodesToScore *int32 - - // Plugins specify the set of plugins that should be enabled or disabled. - // Enabled plugins are the ones that should be enabled in addition to the - // default plugins. Disabled plugins are any of the default plugins that - // should be disabled. - // When no enabled or disabled plugin is specified for an extension point, - // default plugins for that extension point will be used if there is any. - // If a QueueSort plugin is specified, the same QueueSort Plugin and - // PluginConfig must be specified for all profiles. - Plugins *Plugins - - // PluginConfig is an optional set of custom plugin arguments for each plugin. - // Omitting config args for a plugin is equivalent to using the default config - // for that plugin. - PluginConfig []PluginConfig -} - -// Plugins include multiple extension points. When specified, the list of plugins for -// a particular extension point are the only ones enabled. If an extension point is -// omitted from the config, then the default set of plugins is used for that extension point. -// Enabled plugins are called in the order specified here, after default plugins. If they need to -// be invoked before default plugins, default plugins must be disabled and re-enabled here in desired order. -type Plugins struct { - // PreEnqueue is a list of plugins that should be invoked before adding pods to the scheduling queue. - PreEnqueue PluginSet - - // QueueSort is a list of plugins that should be invoked when sorting pods in the scheduling queue. - QueueSort PluginSet - - // PreFilter is a list of plugins that should be invoked at "PreFilter" extension point of the scheduling framework. - PreFilter PluginSet - - // Filter is a list of plugins that should be invoked when filtering out nodes that cannot run the Pod. - Filter PluginSet - - // PostFilter is a list of plugins that are invoked after filtering phase, but only when no feasible nodes were found for the pod. - PostFilter PluginSet - - // PreScore is a list of plugins that are invoked before scoring. - PreScore PluginSet - - // Score is a list of plugins that should be invoked when ranking nodes that have passed the filtering phase. - Score PluginSet - - // Reserve is a list of plugins invoked when reserving/unreserving resources - // after a node is assigned to run the pod. - Reserve PluginSet - - // Permit is a list of plugins that control binding of a Pod. These plugins can prevent or delay binding of a Pod. - Permit PluginSet - - // PreBind is a list of plugins that should be invoked before a pod is bound. - PreBind PluginSet - - // Bind is a list of plugins that should be invoked at "Bind" extension point of the scheduling framework. - // The scheduler call these plugins in order. Scheduler skips the rest of these plugins as soon as one returns success. - Bind PluginSet - - // PostBind is a list of plugins that should be invoked after a pod is successfully bound. - PostBind PluginSet - - // MultiPoint is a simplified config field for enabling plugins for all valid extension points - MultiPoint PluginSet -} - -// PluginSet specifies enabled and disabled plugins for an extension point. -// If an array is empty, missing, or nil, default plugins at that extension point will be used. -type PluginSet struct { - // Enabled specifies plugins that should be enabled in addition to default plugins. - // These are called after default plugins and in the same order specified here. - Enabled []Plugin - // Disabled specifies default plugins that should be disabled. - // When all default plugins need to be disabled, an array containing only one "*" should be provided. - Disabled []Plugin -} - -// Plugin specifies a plugin name and its weight when applicable. Weight is used only for Score plugins. -type Plugin struct { - // Name defines the name of plugin - Name string - // Weight defines the weight of plugin, only used for Score plugins. - Weight int32 -} - -// PluginConfig specifies arguments that should be passed to a plugin at the time of initialization. -// A plugin that is invoked at multiple extension points is initialized once. Args can have arbitrary structure. -// It is up to the plugin to process these Args. -type PluginConfig struct { - // Name defines the name of plugin being configured - Name string - // Args defines the arguments passed to the plugins at the time of initialization. Args can have arbitrary structure. - Args runtime.Object -} - -/* - * NOTE: The following variables and methods are intentionally left out of the staging mirror. - */ -const ( - // DefaultPercentageOfNodesToScore defines the percentage of nodes of all nodes - // that once found feasible, the scheduler stops looking for more nodes. - // A value of 0 means adaptive, meaning the scheduler figures out a proper default. - DefaultPercentageOfNodesToScore = 0 - - // MaxCustomPriorityScore is the max score UtilizationShapePoint expects. - MaxCustomPriorityScore int64 = 10 - - // MaxTotalScore is the maximum total score. - MaxTotalScore int64 = math.MaxInt64 - - // MaxWeight defines the max weight value allowed for custom PriorityPolicy - MaxWeight = MaxTotalScore / MaxCustomPriorityScore -) - -// Names returns the list of enabled plugin names. -func (p *Plugins) Names() []string { - if p == nil { - return nil - } - extensions := []PluginSet{ - p.PreEnqueue, - p.PreFilter, - p.Filter, - p.PostFilter, - p.Reserve, - p.PreScore, - p.Score, - p.PreBind, - p.Bind, - p.PostBind, - p.Permit, - p.QueueSort, - } - n := sets.NewString() - for _, e := range extensions { - for _, pg := range e.Enabled { - n.Insert(pg.Name) - } - } - return n.List() -} - -// Extender holds the parameters used to communicate with the extender. If a verb is unspecified/empty, -// it is assumed that the extender chose not to provide that extension. -type Extender struct { - // URLPrefix at which the extender is available - URLPrefix string - // Verb for the filter call, empty if not supported. This verb is appended to the URLPrefix when issuing the filter call to extender. - FilterVerb string - // Verb for the preempt call, empty if not supported. This verb is appended to the URLPrefix when issuing the preempt call to extender. - PreemptVerb string - // Verb for the prioritize call, empty if not supported. This verb is appended to the URLPrefix when issuing the prioritize call to extender. - PrioritizeVerb string - // The numeric multiplier for the node scores that the prioritize call generates. - // The weight should be a positive integer - Weight int64 - // Verb for the bind call, empty if not supported. This verb is appended to the URLPrefix when issuing the bind call to extender. - // If this method is implemented by the extender, it is the extender's responsibility to bind the pod to apiserver. Only one extender - // can implement this function. - BindVerb string - // EnableHTTPS specifies whether https should be used to communicate with the extender - EnableHTTPS bool - // TLSConfig specifies the transport layer security config - TLSConfig *ExtenderTLSConfig - // HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize - // timeout is ignored, k8s/other extenders priorities are used to select the node. - HTTPTimeout metav1.Duration - // NodeCacheCapable specifies that the extender is capable of caching node information, - // so the scheduler should only send minimal information about the eligible nodes - // assuming that the extender already cached full details of all nodes in the cluster - NodeCacheCapable bool - // ManagedResources is a list of extended resources that are managed by - // this extender. - // - A pod will be sent to the extender on the Filter, Prioritize and Bind - // (if the extender is the binder) phases iff the pod requests at least - // one of the extended resources in this list. If empty or unspecified, - // all pods will be sent to this extender. - // - If IgnoredByScheduler is set to true for a resource, kube-scheduler - // will skip checking the resource in predicates. - // +optional - ManagedResources []ExtenderManagedResource - // Ignorable specifies if the extender is ignorable, i.e. scheduling should not - // fail when the extender returns an error or is not reachable. - Ignorable bool -} - -// ExtenderManagedResource describes the arguments of extended resources -// managed by an extender. -type ExtenderManagedResource struct { - // Name is the extended resource name. - Name string - // IgnoredByScheduler indicates whether kube-scheduler should ignore this - // resource when applying predicates. - IgnoredByScheduler bool -} - -// ExtenderTLSConfig contains settings to enable TLS with extender -type ExtenderTLSConfig struct { - // Server should be accessed without verifying the TLS certificate. For testing only. - Insecure bool - // ServerName is passed to the server for SNI and is used in the client to check server - // certificates against. If ServerName is empty, the hostname used to contact the - // server is used. - ServerName string - - // Server requires TLS client certificate authentication - CertFile string - // Server requires TLS client certificate authentication - KeyFile string - // Trusted root certificates for server - CAFile string - - // CertData holds PEM-encoded bytes (typically read from a client certificate file). - // CertData takes precedence over CertFile - CertData []byte - // KeyData holds PEM-encoded bytes (typically read from a client certificate key file). - // KeyData takes precedence over KeyFile - KeyData []byte `datapolicy:"security-key"` - // CAData holds PEM-encoded bytes (typically read from a root certificates bundle). - // CAData takes precedence over CAFile - CAData []byte -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/types_pluginargs.go b/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/types_pluginargs.go deleted file mode 100644 index 31bb8df020..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/types_pluginargs.go +++ /dev/null @@ -1,214 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package config - -import ( - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// DefaultPreemptionArgs holds arguments used to configure the -// DefaultPreemption plugin. -type DefaultPreemptionArgs struct { - metav1.TypeMeta - - // MinCandidateNodesPercentage is the minimum number of candidates to - // shortlist when dry running preemption as a percentage of number of nodes. - // Must be in the range [0, 100]. Defaults to 10% of the cluster size if - // unspecified. - MinCandidateNodesPercentage int32 - // MinCandidateNodesAbsolute is the absolute minimum number of candidates to - // shortlist. The likely number of candidates enumerated for dry running - // preemption is given by the formula: - // numCandidates = max(numNodes * minCandidateNodesPercentage, minCandidateNodesAbsolute) - // We say "likely" because there are other factors such as PDB violations - // that play a role in the number of candidates shortlisted. Must be at least - // 0 nodes. Defaults to 100 nodes if unspecified. - MinCandidateNodesAbsolute int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// InterPodAffinityArgs holds arguments used to configure the InterPodAffinity plugin. -type InterPodAffinityArgs struct { - metav1.TypeMeta - - // HardPodAffinityWeight is the scoring weight for existing pods with a - // matching hard affinity to the incoming pod. - HardPodAffinityWeight int32 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NodeResourcesFitArgs holds arguments used to configure the NodeResourcesFit plugin. -type NodeResourcesFitArgs struct { - metav1.TypeMeta - - // IgnoredResources is the list of resources that NodeResources fit filter - // should ignore. - IgnoredResources []string - // IgnoredResourceGroups defines the list of resource groups that NodeResources fit filter should ignore. - // e.g. if group is ["example.com"], it will ignore all resource names that begin - // with "example.com", such as "example.com/aaa" and "example.com/bbb". - // A resource group name can't contain '/'. - IgnoredResourceGroups []string - - // ScoringStrategy selects the node resource scoring strategy. - ScoringStrategy *ScoringStrategy -} - -// PodTopologySpreadConstraintsDefaulting defines how to set default constraints -// for the PodTopologySpread plugin. -type PodTopologySpreadConstraintsDefaulting string - -const ( - // SystemDefaulting instructs to use the kubernetes defined default. - SystemDefaulting PodTopologySpreadConstraintsDefaulting = "System" - // ListDefaulting instructs to use the config provided default. - ListDefaulting PodTopologySpreadConstraintsDefaulting = "List" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// PodTopologySpreadArgs holds arguments used to configure the PodTopologySpread plugin. -type PodTopologySpreadArgs struct { - metav1.TypeMeta - - // DefaultConstraints defines topology spread constraints to be applied to - // Pods that don't define any in `pod.spec.topologySpreadConstraints`. - // `.defaultConstraints[*].labelSelectors` must be empty, as they are - // deduced from the Pod's membership to Services, ReplicationControllers, - // ReplicaSets or StatefulSets. - // When not empty, .defaultingType must be "List". - DefaultConstraints []v1.TopologySpreadConstraint - - // DefaultingType determines how .defaultConstraints are deduced. Can be one - // of "System" or "List". - // - // - "System": Use kubernetes defined constraints that spread Pods among - // Nodes and Zones. - // - "List": Use constraints defined in .defaultConstraints. - // - // Defaults to "System". - // +optional - DefaultingType PodTopologySpreadConstraintsDefaulting -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NodeResourcesBalancedAllocationArgs holds arguments used to configure NodeResourcesBalancedAllocation plugin. -type NodeResourcesBalancedAllocationArgs struct { - metav1.TypeMeta - - // Resources to be considered when scoring. - // The default resource set includes "cpu" and "memory", only valid weight is 1. - Resources []ResourceSpec -} - -// UtilizationShapePoint represents a single point of a priority function shape. -type UtilizationShapePoint struct { - // Utilization (x axis). Valid values are 0 to 100. Fully utilized node maps to 100. - Utilization int32 - // Score assigned to a given utilization (y axis). Valid values are 0 to 10. - Score int32 -} - -// ResourceSpec represents single resource. -type ResourceSpec struct { - // Name of the resource. - Name string - // Weight of the resource. - Weight int64 -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// VolumeBindingArgs holds arguments used to configure the VolumeBinding plugin. -type VolumeBindingArgs struct { - metav1.TypeMeta - - // BindTimeoutSeconds is the timeout in seconds in volume binding operation. - // Value must be non-negative integer. The value zero indicates no waiting. - // If this value is nil, the default value will be used. - BindTimeoutSeconds int64 - - // Shape specifies the points defining the score function shape, which is - // used to score nodes based on the utilization of statically provisioned - // PVs. The utilization is calculated by dividing the total requested - // storage of the pod by the total capacity of feasible PVs on each node. - // Each point contains utilization (ranges from 0 to 100) and its - // associated score (ranges from 0 to 10). You can turn the priority by - // specifying different scores for different utilization numbers. - // The default shape points are: - // 1) 0 for 0 utilization - // 2) 10 for 100 utilization - // All points must be sorted in increasing order by utilization. - // +featureGate=VolumeCapacityPriority - // +optional - Shape []UtilizationShapePoint -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NodeAffinityArgs holds arguments to configure the NodeAffinity plugin. -type NodeAffinityArgs struct { - metav1.TypeMeta - - // AddedAffinity is applied to all Pods additionally to the NodeAffinity - // specified in the PodSpec. That is, Nodes need to satisfy AddedAffinity - // AND .spec.NodeAffinity. AddedAffinity is empty by default (all Nodes - // match). - // When AddedAffinity is used, some Pods with affinity requirements that match - // a specific Node (such as Daemonset Pods) might remain unschedulable. - AddedAffinity *v1.NodeAffinity -} - -// ScoringStrategyType the type of scoring strategy used in NodeResourcesFit plugin. -type ScoringStrategyType string - -const ( - // LeastAllocated strategy prioritizes nodes with least allocated resources. - LeastAllocated ScoringStrategyType = "LeastAllocated" - // MostAllocated strategy prioritizes nodes with most allocated resources. - MostAllocated ScoringStrategyType = "MostAllocated" - // RequestedToCapacityRatio strategy allows specifying a custom shape function - // to score nodes based on the request to capacity ratio. - RequestedToCapacityRatio ScoringStrategyType = "RequestedToCapacityRatio" -) - -// ScoringStrategy define ScoringStrategyType for node resource plugin -type ScoringStrategy struct { - // Type selects which strategy to run. - Type ScoringStrategyType - - // Resources to consider when scoring. - // The default resource set includes "cpu" and "memory" with an equal weight. - // Allowed weights go from 1 to 100. - // Weight defaults to 1 if not specified or explicitly set to 0. - Resources []ResourceSpec - - // Arguments specific to RequestedToCapacityRatio strategy. - RequestedToCapacityRatio *RequestedToCapacityRatioParam -} - -// RequestedToCapacityRatioParam define RequestedToCapacityRatio parameters -type RequestedToCapacityRatioParam struct { - // Shape is a list of points defining the scoring function shape. - Shape []UtilizationShapePoint -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/zz_generated.deepcopy.go deleted file mode 100644 index f5baa62218..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/scheduler/apis/config/zz_generated.deepcopy.go +++ /dev/null @@ -1,562 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package config - -import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DefaultPreemptionArgs) DeepCopyInto(out *DefaultPreemptionArgs) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultPreemptionArgs. -func (in *DefaultPreemptionArgs) DeepCopy() *DefaultPreemptionArgs { - if in == nil { - return nil - } - out := new(DefaultPreemptionArgs) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DefaultPreemptionArgs) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Extender) DeepCopyInto(out *Extender) { - *out = *in - if in.TLSConfig != nil { - in, out := &in.TLSConfig, &out.TLSConfig - *out = new(ExtenderTLSConfig) - (*in).DeepCopyInto(*out) - } - out.HTTPTimeout = in.HTTPTimeout - if in.ManagedResources != nil { - in, out := &in.ManagedResources, &out.ManagedResources - *out = make([]ExtenderManagedResource, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Extender. -func (in *Extender) DeepCopy() *Extender { - if in == nil { - return nil - } - out := new(Extender) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExtenderManagedResource) DeepCopyInto(out *ExtenderManagedResource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtenderManagedResource. -func (in *ExtenderManagedResource) DeepCopy() *ExtenderManagedResource { - if in == nil { - return nil - } - out := new(ExtenderManagedResource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExtenderTLSConfig) DeepCopyInto(out *ExtenderTLSConfig) { - *out = *in - if in.CertData != nil { - in, out := &in.CertData, &out.CertData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.CAData != nil { - in, out := &in.CAData, &out.CAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtenderTLSConfig. -func (in *ExtenderTLSConfig) DeepCopy() *ExtenderTLSConfig { - if in == nil { - return nil - } - out := new(ExtenderTLSConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InterPodAffinityArgs) DeepCopyInto(out *InterPodAffinityArgs) { - *out = *in - out.TypeMeta = in.TypeMeta - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterPodAffinityArgs. -func (in *InterPodAffinityArgs) DeepCopy() *InterPodAffinityArgs { - if in == nil { - return nil - } - out := new(InterPodAffinityArgs) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InterPodAffinityArgs) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeSchedulerConfiguration) DeepCopyInto(out *KubeSchedulerConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - out.LeaderElection = in.LeaderElection - out.ClientConnection = in.ClientConnection - out.DebuggingConfiguration = in.DebuggingConfiguration - if in.PercentageOfNodesToScore != nil { - in, out := &in.PercentageOfNodesToScore, &out.PercentageOfNodesToScore - *out = new(int32) - **out = **in - } - if in.Profiles != nil { - in, out := &in.Profiles, &out.Profiles - *out = make([]KubeSchedulerProfile, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Extenders != nil { - in, out := &in.Extenders, &out.Extenders - *out = make([]Extender, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSchedulerConfiguration. -func (in *KubeSchedulerConfiguration) DeepCopy() *KubeSchedulerConfiguration { - if in == nil { - return nil - } - out := new(KubeSchedulerConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *KubeSchedulerConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeSchedulerProfile) DeepCopyInto(out *KubeSchedulerProfile) { - *out = *in - if in.PercentageOfNodesToScore != nil { - in, out := &in.PercentageOfNodesToScore, &out.PercentageOfNodesToScore - *out = new(int32) - **out = **in - } - if in.Plugins != nil { - in, out := &in.Plugins, &out.Plugins - *out = new(Plugins) - (*in).DeepCopyInto(*out) - } - if in.PluginConfig != nil { - in, out := &in.PluginConfig, &out.PluginConfig - *out = make([]PluginConfig, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSchedulerProfile. -func (in *KubeSchedulerProfile) DeepCopy() *KubeSchedulerProfile { - if in == nil { - return nil - } - out := new(KubeSchedulerProfile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeAffinityArgs) DeepCopyInto(out *NodeAffinityArgs) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.AddedAffinity != nil { - in, out := &in.AddedAffinity, &out.AddedAffinity - *out = new(v1.NodeAffinity) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeAffinityArgs. -func (in *NodeAffinityArgs) DeepCopy() *NodeAffinityArgs { - if in == nil { - return nil - } - out := new(NodeAffinityArgs) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NodeAffinityArgs) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeResourcesBalancedAllocationArgs) DeepCopyInto(out *NodeResourcesBalancedAllocationArgs) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceSpec, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeResourcesBalancedAllocationArgs. -func (in *NodeResourcesBalancedAllocationArgs) DeepCopy() *NodeResourcesBalancedAllocationArgs { - if in == nil { - return nil - } - out := new(NodeResourcesBalancedAllocationArgs) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NodeResourcesBalancedAllocationArgs) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NodeResourcesFitArgs) DeepCopyInto(out *NodeResourcesFitArgs) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.IgnoredResources != nil { - in, out := &in.IgnoredResources, &out.IgnoredResources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.IgnoredResourceGroups != nil { - in, out := &in.IgnoredResourceGroups, &out.IgnoredResourceGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ScoringStrategy != nil { - in, out := &in.ScoringStrategy, &out.ScoringStrategy - *out = new(ScoringStrategy) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeResourcesFitArgs. -func (in *NodeResourcesFitArgs) DeepCopy() *NodeResourcesFitArgs { - if in == nil { - return nil - } - out := new(NodeResourcesFitArgs) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NodeResourcesFitArgs) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Plugin) DeepCopyInto(out *Plugin) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Plugin. -func (in *Plugin) DeepCopy() *Plugin { - if in == nil { - return nil - } - out := new(Plugin) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PluginConfig) DeepCopyInto(out *PluginConfig) { - *out = *in - if in.Args != nil { - out.Args = in.Args.DeepCopyObject() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginConfig. -func (in *PluginConfig) DeepCopy() *PluginConfig { - if in == nil { - return nil - } - out := new(PluginConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PluginSet) DeepCopyInto(out *PluginSet) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = make([]Plugin, len(*in)) - copy(*out, *in) - } - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled - *out = make([]Plugin, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginSet. -func (in *PluginSet) DeepCopy() *PluginSet { - if in == nil { - return nil - } - out := new(PluginSet) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Plugins) DeepCopyInto(out *Plugins) { - *out = *in - in.PreEnqueue.DeepCopyInto(&out.PreEnqueue) - in.QueueSort.DeepCopyInto(&out.QueueSort) - in.PreFilter.DeepCopyInto(&out.PreFilter) - in.Filter.DeepCopyInto(&out.Filter) - in.PostFilter.DeepCopyInto(&out.PostFilter) - in.PreScore.DeepCopyInto(&out.PreScore) - in.Score.DeepCopyInto(&out.Score) - in.Reserve.DeepCopyInto(&out.Reserve) - in.Permit.DeepCopyInto(&out.Permit) - in.PreBind.DeepCopyInto(&out.PreBind) - in.Bind.DeepCopyInto(&out.Bind) - in.PostBind.DeepCopyInto(&out.PostBind) - in.MultiPoint.DeepCopyInto(&out.MultiPoint) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Plugins. -func (in *Plugins) DeepCopy() *Plugins { - if in == nil { - return nil - } - out := new(Plugins) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodTopologySpreadArgs) DeepCopyInto(out *PodTopologySpreadArgs) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.DefaultConstraints != nil { - in, out := &in.DefaultConstraints, &out.DefaultConstraints - *out = make([]v1.TopologySpreadConstraint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodTopologySpreadArgs. -func (in *PodTopologySpreadArgs) DeepCopy() *PodTopologySpreadArgs { - if in == nil { - return nil - } - out := new(PodTopologySpreadArgs) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodTopologySpreadArgs) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RequestedToCapacityRatioParam) DeepCopyInto(out *RequestedToCapacityRatioParam) { - *out = *in - if in.Shape != nil { - in, out := &in.Shape, &out.Shape - *out = make([]UtilizationShapePoint, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestedToCapacityRatioParam. -func (in *RequestedToCapacityRatioParam) DeepCopy() *RequestedToCapacityRatioParam { - if in == nil { - return nil - } - out := new(RequestedToCapacityRatioParam) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSpec. -func (in *ResourceSpec) DeepCopy() *ResourceSpec { - if in == nil { - return nil - } - out := new(ResourceSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ScoringStrategy) DeepCopyInto(out *ScoringStrategy) { - *out = *in - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceSpec, len(*in)) - copy(*out, *in) - } - if in.RequestedToCapacityRatio != nil { - in, out := &in.RequestedToCapacityRatio, &out.RequestedToCapacityRatio - *out = new(RequestedToCapacityRatioParam) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScoringStrategy. -func (in *ScoringStrategy) DeepCopy() *ScoringStrategy { - if in == nil { - return nil - } - out := new(ScoringStrategy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UtilizationShapePoint) DeepCopyInto(out *UtilizationShapePoint) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UtilizationShapePoint. -func (in *UtilizationShapePoint) DeepCopy() *UtilizationShapePoint { - if in == nil { - return nil - } - out := new(UtilizationShapePoint) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeBindingArgs) DeepCopyInto(out *VolumeBindingArgs) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Shape != nil { - in, out := &in.Shape, &out.Shape - *out = make([]UtilizationShapePoint, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeBindingArgs. -func (in *VolumeBindingArgs) DeepCopy() *VolumeBindingArgs { - if in == nil { - return nil - } - out := new(VolumeBindingArgs) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *VolumeBindingArgs) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/accessors.go b/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/accessors.go deleted file mode 100644 index 283181a779..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/accessors.go +++ /dev/null @@ -1,474 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package securitycontext - -import ( - "reflect" - - api "k8s.io/kubernetes/pkg/apis/core" -) - -// PodSecurityContextAccessor allows reading the values of a PodSecurityContext object -type PodSecurityContextAccessor interface { - HostNetwork() bool - HostPID() bool - HostIPC() bool - SELinuxOptions() *api.SELinuxOptions - RunAsUser() *int64 - RunAsGroup() *int64 - RunAsNonRoot() *bool - SupplementalGroups() []int64 - FSGroup() *int64 -} - -// PodSecurityContextMutator allows reading and writing the values of a PodSecurityContext object -type PodSecurityContextMutator interface { - PodSecurityContextAccessor - - SetHostNetwork(bool) - SetHostPID(bool) - SetHostIPC(bool) - SetSELinuxOptions(*api.SELinuxOptions) - SetRunAsUser(*int64) - SetRunAsGroup(*int64) - SetRunAsNonRoot(*bool) - SetSupplementalGroups([]int64) - SetFSGroup(*int64) - - // PodSecurityContext returns the current PodSecurityContext object - PodSecurityContext() *api.PodSecurityContext -} - -// NewPodSecurityContextAccessor returns an accessor for the given pod security context. -// May be initialized with a nil PodSecurityContext. -func NewPodSecurityContextAccessor(podSC *api.PodSecurityContext) PodSecurityContextAccessor { - return &podSecurityContextWrapper{podSC: podSC} -} - -// NewPodSecurityContextMutator returns a mutator for the given pod security context. -// May be initialized with a nil PodSecurityContext. -func NewPodSecurityContextMutator(podSC *api.PodSecurityContext) PodSecurityContextMutator { - return &podSecurityContextWrapper{podSC: podSC} -} - -type podSecurityContextWrapper struct { - podSC *api.PodSecurityContext -} - -func (w *podSecurityContextWrapper) PodSecurityContext() *api.PodSecurityContext { - return w.podSC -} - -func (w *podSecurityContextWrapper) ensurePodSC() { - if w.podSC == nil { - w.podSC = &api.PodSecurityContext{} - } -} - -func (w *podSecurityContextWrapper) HostNetwork() bool { - if w.podSC == nil { - return false - } - return w.podSC.HostNetwork -} -func (w *podSecurityContextWrapper) SetHostNetwork(v bool) { - if w.podSC == nil && v == false { - return - } - w.ensurePodSC() - w.podSC.HostNetwork = v -} -func (w *podSecurityContextWrapper) HostPID() bool { - if w.podSC == nil { - return false - } - return w.podSC.HostPID -} -func (w *podSecurityContextWrapper) SetHostPID(v bool) { - if w.podSC == nil && v == false { - return - } - w.ensurePodSC() - w.podSC.HostPID = v -} -func (w *podSecurityContextWrapper) HostIPC() bool { - if w.podSC == nil { - return false - } - return w.podSC.HostIPC -} -func (w *podSecurityContextWrapper) SetHostIPC(v bool) { - if w.podSC == nil && v == false { - return - } - w.ensurePodSC() - w.podSC.HostIPC = v -} -func (w *podSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { - if w.podSC == nil { - return nil - } - return w.podSC.SELinuxOptions -} -func (w *podSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { - if w.podSC == nil && v == nil { - return - } - w.ensurePodSC() - w.podSC.SELinuxOptions = v -} -func (w *podSecurityContextWrapper) RunAsUser() *int64 { - if w.podSC == nil { - return nil - } - return w.podSC.RunAsUser -} -func (w *podSecurityContextWrapper) SetRunAsUser(v *int64) { - if w.podSC == nil && v == nil { - return - } - w.ensurePodSC() - w.podSC.RunAsUser = v -} -func (w *podSecurityContextWrapper) RunAsGroup() *int64 { - if w.podSC == nil { - return nil - } - return w.podSC.RunAsGroup -} -func (w *podSecurityContextWrapper) SetRunAsGroup(v *int64) { - if w.podSC == nil && v == nil { - return - } - w.ensurePodSC() - w.podSC.RunAsGroup = v -} - -func (w *podSecurityContextWrapper) RunAsNonRoot() *bool { - if w.podSC == nil { - return nil - } - return w.podSC.RunAsNonRoot -} -func (w *podSecurityContextWrapper) SetRunAsNonRoot(v *bool) { - if w.podSC == nil && v == nil { - return - } - w.ensurePodSC() - w.podSC.RunAsNonRoot = v -} -func (w *podSecurityContextWrapper) SupplementalGroups() []int64 { - if w.podSC == nil { - return nil - } - return w.podSC.SupplementalGroups -} -func (w *podSecurityContextWrapper) SetSupplementalGroups(v []int64) { - if w.podSC == nil && len(v) == 0 { - return - } - w.ensurePodSC() - if len(v) == 0 && len(w.podSC.SupplementalGroups) == 0 { - return - } - w.podSC.SupplementalGroups = v -} -func (w *podSecurityContextWrapper) FSGroup() *int64 { - if w.podSC == nil { - return nil - } - return w.podSC.FSGroup -} -func (w *podSecurityContextWrapper) SetFSGroup(v *int64) { - if w.podSC == nil && v == nil { - return - } - w.ensurePodSC() - w.podSC.FSGroup = v -} - -// ContainerSecurityContextAccessor allows reading the values of a SecurityContext object -type ContainerSecurityContextAccessor interface { - Capabilities() *api.Capabilities - Privileged() *bool - ProcMount() api.ProcMountType - SELinuxOptions() *api.SELinuxOptions - RunAsUser() *int64 - RunAsGroup() *int64 - RunAsNonRoot() *bool - ReadOnlyRootFilesystem() *bool - AllowPrivilegeEscalation() *bool -} - -// ContainerSecurityContextMutator allows reading and writing the values of a SecurityContext object -type ContainerSecurityContextMutator interface { - ContainerSecurityContextAccessor - - ContainerSecurityContext() *api.SecurityContext - - SetCapabilities(*api.Capabilities) - SetPrivileged(*bool) - SetSELinuxOptions(*api.SELinuxOptions) - SetRunAsUser(*int64) - SetRunAsGroup(*int64) - SetRunAsNonRoot(*bool) - SetReadOnlyRootFilesystem(*bool) - SetAllowPrivilegeEscalation(*bool) -} - -// NewContainerSecurityContextAccessor returns an accessor for the provided container security context -// May be initialized with a nil SecurityContext -func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) ContainerSecurityContextAccessor { - return &containerSecurityContextWrapper{containerSC: containerSC} -} - -// NewContainerSecurityContextMutator returns a mutator for the provided container security context -// May be initialized with a nil SecurityContext -func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) ContainerSecurityContextMutator { - return &containerSecurityContextWrapper{containerSC: containerSC} -} - -type containerSecurityContextWrapper struct { - containerSC *api.SecurityContext -} - -func (w *containerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext { - return w.containerSC -} - -func (w *containerSecurityContextWrapper) ensureContainerSC() { - if w.containerSC == nil { - w.containerSC = &api.SecurityContext{} - } -} - -func (w *containerSecurityContextWrapper) Capabilities() *api.Capabilities { - if w.containerSC == nil { - return nil - } - return w.containerSC.Capabilities -} -func (w *containerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.Capabilities = v -} -func (w *containerSecurityContextWrapper) Privileged() *bool { - if w.containerSC == nil { - return nil - } - return w.containerSC.Privileged -} -func (w *containerSecurityContextWrapper) SetPrivileged(v *bool) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.Privileged = v -} -func (w *containerSecurityContextWrapper) ProcMount() api.ProcMountType { - if w.containerSC == nil { - return api.DefaultProcMount - } - if w.containerSC.ProcMount == nil { - return api.DefaultProcMount - } - return *w.containerSC.ProcMount -} -func (w *containerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { - if w.containerSC == nil { - return nil - } - return w.containerSC.SELinuxOptions -} -func (w *containerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.SELinuxOptions = v -} -func (w *containerSecurityContextWrapper) RunAsUser() *int64 { - if w.containerSC == nil { - return nil - } - return w.containerSC.RunAsUser -} -func (w *containerSecurityContextWrapper) SetRunAsUser(v *int64) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.RunAsUser = v -} -func (w *containerSecurityContextWrapper) RunAsGroup() *int64 { - if w.containerSC == nil { - return nil - } - return w.containerSC.RunAsGroup -} -func (w *containerSecurityContextWrapper) SetRunAsGroup(v *int64) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.RunAsGroup = v -} - -func (w *containerSecurityContextWrapper) RunAsNonRoot() *bool { - if w.containerSC == nil { - return nil - } - return w.containerSC.RunAsNonRoot -} -func (w *containerSecurityContextWrapper) SetRunAsNonRoot(v *bool) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.RunAsNonRoot = v -} -func (w *containerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool { - if w.containerSC == nil { - return nil - } - return w.containerSC.ReadOnlyRootFilesystem -} -func (w *containerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.ReadOnlyRootFilesystem = v -} -func (w *containerSecurityContextWrapper) AllowPrivilegeEscalation() *bool { - if w.containerSC == nil { - return nil - } - return w.containerSC.AllowPrivilegeEscalation -} -func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) { - if w.containerSC == nil && v == nil { - return - } - w.ensureContainerSC() - w.containerSC.AllowPrivilegeEscalation = v -} - -// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values -// for the provided pod security context and container security context -func NewEffectiveContainerSecurityContextAccessor(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextAccessor { - return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} -} - -// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values -// for the provided pod security context and container security context -func NewEffectiveContainerSecurityContextMutator(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextMutator { - return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} -} - -type effectiveContainerSecurityContextWrapper struct { - podSC PodSecurityContextAccessor - containerSC ContainerSecurityContextMutator -} - -func (w *effectiveContainerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext { - return w.containerSC.ContainerSecurityContext() -} - -func (w *effectiveContainerSecurityContextWrapper) Capabilities() *api.Capabilities { - return w.containerSC.Capabilities() -} -func (w *effectiveContainerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) { - if !reflect.DeepEqual(w.Capabilities(), v) { - w.containerSC.SetCapabilities(v) - } -} -func (w *effectiveContainerSecurityContextWrapper) Privileged() *bool { - return w.containerSC.Privileged() -} -func (w *effectiveContainerSecurityContextWrapper) SetPrivileged(v *bool) { - if !reflect.DeepEqual(w.Privileged(), v) { - w.containerSC.SetPrivileged(v) - } -} -func (w *effectiveContainerSecurityContextWrapper) ProcMount() api.ProcMountType { - return w.containerSC.ProcMount() -} -func (w *effectiveContainerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { - if v := w.containerSC.SELinuxOptions(); v != nil { - return v - } - return w.podSC.SELinuxOptions() -} -func (w *effectiveContainerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { - if !reflect.DeepEqual(w.SELinuxOptions(), v) { - w.containerSC.SetSELinuxOptions(v) - } -} -func (w *effectiveContainerSecurityContextWrapper) RunAsUser() *int64 { - if v := w.containerSC.RunAsUser(); v != nil { - return v - } - return w.podSC.RunAsUser() -} -func (w *effectiveContainerSecurityContextWrapper) SetRunAsUser(v *int64) { - if !reflect.DeepEqual(w.RunAsUser(), v) { - w.containerSC.SetRunAsUser(v) - } -} -func (w *effectiveContainerSecurityContextWrapper) RunAsGroup() *int64 { - if v := w.containerSC.RunAsGroup(); v != nil { - return v - } - return w.podSC.RunAsGroup() -} -func (w *effectiveContainerSecurityContextWrapper) SetRunAsGroup(v *int64) { - if !reflect.DeepEqual(w.RunAsGroup(), v) { - w.containerSC.SetRunAsGroup(v) - } -} - -func (w *effectiveContainerSecurityContextWrapper) RunAsNonRoot() *bool { - if v := w.containerSC.RunAsNonRoot(); v != nil { - return v - } - return w.podSC.RunAsNonRoot() -} -func (w *effectiveContainerSecurityContextWrapper) SetRunAsNonRoot(v *bool) { - if !reflect.DeepEqual(w.RunAsNonRoot(), v) { - w.containerSC.SetRunAsNonRoot(v) - } -} -func (w *effectiveContainerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool { - return w.containerSC.ReadOnlyRootFilesystem() -} -func (w *effectiveContainerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) { - if !reflect.DeepEqual(w.ReadOnlyRootFilesystem(), v) { - w.containerSC.SetReadOnlyRootFilesystem(v) - } -} -func (w *effectiveContainerSecurityContextWrapper) AllowPrivilegeEscalation() *bool { - return w.containerSC.AllowPrivilegeEscalation() -} -func (w *effectiveContainerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) { - if !reflect.DeepEqual(w.AllowPrivilegeEscalation(), v) { - w.containerSC.SetAllowPrivilegeEscalation(v) - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/doc.go deleted file mode 100644 index 3ec795d473..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package securitycontext contains security context api implementations -package securitycontext // import "k8s.io/kubernetes/pkg/securitycontext" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/fake.go b/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/fake.go deleted file mode 100644 index a0a4ae193a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/fake.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package securitycontext - -import ( - "k8s.io/api/core/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// ValidSecurityContextWithContainerDefaults creates a valid security context provider based on -// empty container defaults. Used for testing. -func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext { - priv := false - defProcMount := v1.DefaultProcMount - return &v1.SecurityContext{ - Capabilities: &v1.Capabilities{}, - Privileged: &priv, - ProcMount: &defProcMount, - } -} - -// ValidInternalSecurityContextWithContainerDefaults creates a valid security context provider based on -// empty container defaults. Used for testing. -func ValidInternalSecurityContextWithContainerDefaults() *api.SecurityContext { - priv := false - dpm := api.DefaultProcMount - return &api.SecurityContext{ - Capabilities: &api.Capabilities{}, - Privileged: &priv, - ProcMount: &dpm, - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go deleted file mode 100644 index 82a2fc5e0a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/securitycontext/util.go +++ /dev/null @@ -1,260 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package securitycontext - -import ( - v1 "k8s.io/api/core/v1" -) - -// HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account -// the possibility of nils -func HasPrivilegedRequest(container *v1.Container) bool { - if container.SecurityContext == nil { - return false - } - if container.SecurityContext.Privileged == nil { - return false - } - return *container.SecurityContext.Privileged -} - -// HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context -// capabilities, taking into account nils -func HasCapabilitiesRequest(container *v1.Container) bool { - if container.SecurityContext == nil { - return false - } - if container.SecurityContext.Capabilities == nil { - return false - } - return len(container.SecurityContext.Capabilities.Add) > 0 || len(container.SecurityContext.Capabilities.Drop) > 0 -} - -// HasWindowsHostProcessRequest returns true if container should run as HostProcess container, -// taking into account nils -func HasWindowsHostProcessRequest(pod *v1.Pod, container *v1.Container) bool { - effectiveSc := DetermineEffectiveSecurityContext(pod, container) - - if effectiveSc.WindowsOptions == nil { - return false - } - if effectiveSc.WindowsOptions.HostProcess == nil { - return false - } - return *effectiveSc.WindowsOptions.HostProcess -} - -// DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations -// from the provided pod's and container's security context. Container's fields take precedence in cases where both -// are set -func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext { - effectiveSc := securityContextFromPodSecurityContext(pod) - containerSc := container.SecurityContext - - if effectiveSc == nil && containerSc == nil { - return &v1.SecurityContext{} - } - if effectiveSc != nil && containerSc == nil { - return effectiveSc - } - if effectiveSc == nil && containerSc != nil { - return containerSc - } - - if containerSc.SELinuxOptions != nil { - effectiveSc.SELinuxOptions = new(v1.SELinuxOptions) - *effectiveSc.SELinuxOptions = *containerSc.SELinuxOptions - } - - if containerSc.WindowsOptions != nil { - // only override fields that are set at the container level, not the whole thing - if effectiveSc.WindowsOptions == nil { - effectiveSc.WindowsOptions = &v1.WindowsSecurityContextOptions{} - } - if containerSc.WindowsOptions.GMSACredentialSpecName != nil || containerSc.WindowsOptions.GMSACredentialSpec != nil { - // both GMSA fields go hand in hand - effectiveSc.WindowsOptions.GMSACredentialSpecName = containerSc.WindowsOptions.GMSACredentialSpecName - effectiveSc.WindowsOptions.GMSACredentialSpec = containerSc.WindowsOptions.GMSACredentialSpec - } - if containerSc.WindowsOptions.RunAsUserName != nil { - effectiveSc.WindowsOptions.RunAsUserName = containerSc.WindowsOptions.RunAsUserName - } - if containerSc.WindowsOptions.HostProcess != nil { - effectiveSc.WindowsOptions.HostProcess = containerSc.WindowsOptions.HostProcess - } - } - - if containerSc.Capabilities != nil { - effectiveSc.Capabilities = new(v1.Capabilities) - *effectiveSc.Capabilities = *containerSc.Capabilities - } - - if containerSc.Privileged != nil { - effectiveSc.Privileged = new(bool) - *effectiveSc.Privileged = *containerSc.Privileged - } - - if containerSc.RunAsUser != nil { - effectiveSc.RunAsUser = new(int64) - *effectiveSc.RunAsUser = *containerSc.RunAsUser - } - - if containerSc.RunAsGroup != nil { - effectiveSc.RunAsGroup = new(int64) - *effectiveSc.RunAsGroup = *containerSc.RunAsGroup - } - - if containerSc.RunAsNonRoot != nil { - effectiveSc.RunAsNonRoot = new(bool) - *effectiveSc.RunAsNonRoot = *containerSc.RunAsNonRoot - } - - if containerSc.ReadOnlyRootFilesystem != nil { - effectiveSc.ReadOnlyRootFilesystem = new(bool) - *effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem - } - - if containerSc.AllowPrivilegeEscalation != nil { - effectiveSc.AllowPrivilegeEscalation = new(bool) - *effectiveSc.AllowPrivilegeEscalation = *containerSc.AllowPrivilegeEscalation - } - - if containerSc.ProcMount != nil { - effectiveSc.ProcMount = new(v1.ProcMountType) - *effectiveSc.ProcMount = *containerSc.ProcMount - } - - return effectiveSc -} - -// DetermineEffectiveRunAsUser returns a pointer of UID from the provided pod's -// and container's security context and a bool value to indicate if it is absent. -// Container's runAsUser take precedence in cases where both are set. -func DetermineEffectiveRunAsUser(pod *v1.Pod, container *v1.Container) (*int64, bool) { - var runAsUser *int64 - if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.RunAsUser != nil { - runAsUser = new(int64) - *runAsUser = *pod.Spec.SecurityContext.RunAsUser - } - if container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil { - runAsUser = new(int64) - *runAsUser = *container.SecurityContext.RunAsUser - } - if runAsUser == nil { - return nil, false - } - return runAsUser, true -} - -func securityContextFromPodSecurityContext(pod *v1.Pod) *v1.SecurityContext { - if pod.Spec.SecurityContext == nil { - return nil - } - - synthesized := &v1.SecurityContext{} - - if pod.Spec.SecurityContext.SELinuxOptions != nil { - synthesized.SELinuxOptions = &v1.SELinuxOptions{} - *synthesized.SELinuxOptions = *pod.Spec.SecurityContext.SELinuxOptions - } - - if pod.Spec.SecurityContext.WindowsOptions != nil { - synthesized.WindowsOptions = &v1.WindowsSecurityContextOptions{} - *synthesized.WindowsOptions = *pod.Spec.SecurityContext.WindowsOptions - } - - if pod.Spec.SecurityContext.RunAsUser != nil { - synthesized.RunAsUser = new(int64) - *synthesized.RunAsUser = *pod.Spec.SecurityContext.RunAsUser - } - - if pod.Spec.SecurityContext.RunAsGroup != nil { - synthesized.RunAsGroup = new(int64) - *synthesized.RunAsGroup = *pod.Spec.SecurityContext.RunAsGroup - } - - if pod.Spec.SecurityContext.RunAsNonRoot != nil { - synthesized.RunAsNonRoot = new(bool) - *synthesized.RunAsNonRoot = *pod.Spec.SecurityContext.RunAsNonRoot - } - - return synthesized -} - -// AddNoNewPrivileges returns if we should add the no_new_privs option. -func AddNoNewPrivileges(sc *v1.SecurityContext) bool { - if sc == nil { - return false - } - - // handle the case where the user did not set the default and did not explicitly set allowPrivilegeEscalation - if sc.AllowPrivilegeEscalation == nil { - return false - } - - // handle the case where defaultAllowPrivilegeEscalation is false or the user explicitly set allowPrivilegeEscalation to true/false - return !*sc.AllowPrivilegeEscalation -} - -var ( - // These *must* be kept in sync with moby/moby. - // https://github.com/moby/moby/blob/master/oci/defaults.go#L116-L134 - // @jessfraz will watch changes to those files upstream. - defaultMaskedPaths = []string{ - "/proc/acpi", - "/proc/kcore", - "/proc/keys", - "/proc/latency_stats", - "/proc/timer_list", - "/proc/timer_stats", - "/proc/sched_debug", - "/proc/scsi", - "/sys/firmware", - } - defaultReadonlyPaths = []string{ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger", - } -) - -// ConvertToRuntimeMaskedPaths converts the ProcMountType to the specified or default -// masked paths. -func ConvertToRuntimeMaskedPaths(opt *v1.ProcMountType) []string { - if opt != nil && *opt == v1.UnmaskedProcMount { - // Unmasked proc mount should have no paths set as masked. - return []string{} - } - - // Otherwise, add the default masked paths to the runtime security context. - return defaultMaskedPaths -} - -// ConvertToRuntimeReadonlyPaths converts the ProcMountType to the specified or default -// readonly paths. -func ConvertToRuntimeReadonlyPaths(opt *v1.ProcMountType) []string { - if opt != nil && *opt == v1.UnmaskedProcMount { - // Unmasked proc mount should have no paths set as readonly. - return []string{} - } - - // Otherwise, add the default readonly paths to the runtime security context. - return defaultReadonlyPaths -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/OWNERS deleted file mode 100644 index e9f4e0b724..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-serviceaccounts-approvers -reviewers: - - sig-auth-serviceaccounts-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/claims.go b/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/claims.go deleted file mode 100644 index 08f21361a9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/claims.go +++ /dev/null @@ -1,223 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "context" - "errors" - "fmt" - "time" - - "gopkg.in/square/go-jose.v2/jwt" - "k8s.io/apiserver/pkg/audit" - "k8s.io/klog/v2" - - apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount" - "k8s.io/kubernetes/pkg/apis/core" -) - -const ( - // Injected bound service account token expiration which triggers monitoring of its time-bound feature. - WarnOnlyBoundTokenExpirationSeconds = 60*60 + 7 - - // Extended expiration for those modified tokens involved in safe rollout if time-bound feature. - ExpirationExtensionSeconds = 24 * 365 * 60 * 60 -) - -// time.Now stubbed out to allow testing -var now = time.Now - -type privateClaims struct { - Kubernetes kubernetes `json:"kubernetes.io,omitempty"` -} - -type kubernetes struct { - Namespace string `json:"namespace,omitempty"` - Svcacct ref `json:"serviceaccount,omitempty"` - Pod *ref `json:"pod,omitempty"` - Secret *ref `json:"secret,omitempty"` - WarnAfter jwt.NumericDate `json:"warnafter,omitempty"` -} - -type ref struct { - Name string `json:"name,omitempty"` - UID string `json:"uid,omitempty"` -} - -func Claims(sa core.ServiceAccount, pod *core.Pod, secret *core.Secret, expirationSeconds, warnafter int64, audience []string) (*jwt.Claims, interface{}) { - now := now() - sc := &jwt.Claims{ - Subject: apiserverserviceaccount.MakeUsername(sa.Namespace, sa.Name), - Audience: jwt.Audience(audience), - IssuedAt: jwt.NewNumericDate(now), - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Duration(expirationSeconds) * time.Second)), - } - pc := &privateClaims{ - Kubernetes: kubernetes{ - Namespace: sa.Namespace, - Svcacct: ref{ - Name: sa.Name, - UID: string(sa.UID), - }, - }, - } - switch { - case pod != nil: - pc.Kubernetes.Pod = &ref{ - Name: pod.Name, - UID: string(pod.UID), - } - case secret != nil: - pc.Kubernetes.Secret = &ref{ - Name: secret.Name, - UID: string(secret.UID), - } - } - - if warnafter != 0 { - pc.Kubernetes.WarnAfter = jwt.NewNumericDate(now.Add(time.Duration(warnafter) * time.Second)) - } - - return sc, pc -} - -func NewValidator(getter ServiceAccountTokenGetter) Validator { - return &validator{ - getter: getter, - } -} - -type validator struct { - getter ServiceAccountTokenGetter -} - -var _ = Validator(&validator{}) - -func (v *validator) Validate(ctx context.Context, _ string, public *jwt.Claims, privateObj interface{}) (*apiserverserviceaccount.ServiceAccountInfo, error) { - private, ok := privateObj.(*privateClaims) - if !ok { - klog.Errorf("service account jwt validator expected private claim of type *privateClaims but got: %T", privateObj) - return nil, errors.New("service account token claims could not be validated due to unexpected private claim") - } - nowTime := now() - err := public.Validate(jwt.Expected{ - Time: nowTime, - }) - switch err { - case nil: - // successful validation - - case jwt.ErrExpired: - return nil, errors.New("service account token has expired") - - case jwt.ErrNotValidYet: - return nil, errors.New("service account token is not valid yet") - - // our current use of jwt.Expected above should make these cases impossible to hit - case jwt.ErrInvalidAudience, jwt.ErrInvalidID, jwt.ErrInvalidIssuer, jwt.ErrInvalidSubject: - klog.Errorf("service account token claim validation got unexpected validation failure: %v", err) - return nil, fmt.Errorf("service account token claims could not be validated: %w", err) // safe to pass these errors back to the user - - default: - klog.Errorf("service account token claim validation got unexpected error type: %T", err) // avoid leaking unexpected information into the logs - return nil, errors.New("service account token claims could not be validated due to unexpected validation error") // return an opaque error - } - - // consider things deleted prior to now()-leeway to be invalid - invalidIfDeletedBefore := nowTime.Add(-jwt.DefaultLeeway) - namespace := private.Kubernetes.Namespace - saref := private.Kubernetes.Svcacct - podref := private.Kubernetes.Pod - secref := private.Kubernetes.Secret - // Make sure service account still exists (name and UID) - serviceAccount, err := v.getter.GetServiceAccount(namespace, saref.Name) - if err != nil { - klog.V(4).Infof("Could not retrieve service account %s/%s: %v", namespace, saref.Name, err) - return nil, err - } - if serviceAccount.DeletionTimestamp != nil && serviceAccount.DeletionTimestamp.Time.Before(invalidIfDeletedBefore) { - klog.V(4).Infof("Service account has been deleted %s/%s", namespace, saref.Name) - return nil, fmt.Errorf("service account %s/%s has been deleted", namespace, saref.Name) - } - if string(serviceAccount.UID) != saref.UID { - klog.V(4).Infof("Service account UID no longer matches %s/%s: %q != %q", namespace, saref.Name, string(serviceAccount.UID), saref.UID) - return nil, fmt.Errorf("service account UID (%s) does not match claim (%s)", serviceAccount.UID, saref.UID) - } - - if secref != nil { - // Make sure token hasn't been invalidated by deletion of the secret - secret, err := v.getter.GetSecret(namespace, secref.Name) - if err != nil { - klog.V(4).Infof("Could not retrieve bound secret %s/%s for service account %s/%s: %v", namespace, secref.Name, namespace, saref.Name, err) - return nil, errors.New("service account token has been invalidated") - } - if secret.DeletionTimestamp != nil && secret.DeletionTimestamp.Time.Before(invalidIfDeletedBefore) { - klog.V(4).Infof("Bound secret is deleted and awaiting removal: %s/%s for service account %s/%s", namespace, secref.Name, namespace, saref.Name) - return nil, errors.New("service account token has been invalidated") - } - if secref.UID != string(secret.UID) { - klog.V(4).Infof("Secret UID no longer matches %s/%s: %q != %q", namespace, secref.Name, string(secret.UID), secref.UID) - return nil, fmt.Errorf("secret UID (%s) does not match service account secret ref claim (%s)", secret.UID, secref.UID) - } - } - - var podName, podUID string - if podref != nil { - // Make sure token hasn't been invalidated by deletion of the pod - pod, err := v.getter.GetPod(namespace, podref.Name) - if err != nil { - klog.V(4).Infof("Could not retrieve bound pod %s/%s for service account %s/%s: %v", namespace, podref.Name, namespace, saref.Name, err) - return nil, errors.New("service account token has been invalidated") - } - if pod.DeletionTimestamp != nil && pod.DeletionTimestamp.Time.Before(invalidIfDeletedBefore) { - klog.V(4).Infof("Bound pod is deleted and awaiting removal: %s/%s for service account %s/%s", namespace, podref.Name, namespace, saref.Name) - return nil, errors.New("service account token has been invalidated") - } - if podref.UID != string(pod.UID) { - klog.V(4).Infof("Pod UID no longer matches %s/%s: %q != %q", namespace, podref.Name, string(pod.UID), podref.UID) - return nil, fmt.Errorf("pod UID (%s) does not match service account pod ref claim (%s)", pod.UID, podref.UID) - } - podName = podref.Name - podUID = podref.UID - } - - // Check special 'warnafter' field for projected service account token transition. - warnafter := private.Kubernetes.WarnAfter - if warnafter != 0 { - if nowTime.After(warnafter.Time()) { - secondsAfterWarn := nowTime.Unix() - warnafter.Time().Unix() - auditInfo := fmt.Sprintf("subject: %s, seconds after warning threshold: %d", public.Subject, secondsAfterWarn) - audit.AddAuditAnnotation(ctx, "authentication.k8s.io/stale-token", auditInfo) - staleTokensTotal.WithContext(ctx).Inc() - } else { - validTokensTotal.WithContext(ctx).Inc() - } - } - - return &apiserverserviceaccount.ServiceAccountInfo{ - Namespace: private.Kubernetes.Namespace, - Name: private.Kubernetes.Svcacct.Name, - UID: private.Kubernetes.Svcacct.UID, - PodName: podName, - PodUID: podUID, - }, nil -} - -func (v *validator) NewPrivateClaims() interface{} { - return &privateClaims{} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/jwt.go b/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/jwt.go deleted file mode 100644 index 6722b206d1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/jwt.go +++ /dev/null @@ -1,348 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "context" - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rsa" - "crypto/x509" - "encoding/base64" - "encoding/json" - "fmt" - "strings" - - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" - - v1 "k8s.io/api/core/v1" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/authentication/authenticator" - apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount" -) - -// ServiceAccountTokenGetter defines functions to retrieve a named service account and secret -type ServiceAccountTokenGetter interface { - GetServiceAccount(namespace, name string) (*v1.ServiceAccount, error) - GetPod(namespace, name string) (*v1.Pod, error) - GetSecret(namespace, name string) (*v1.Secret, error) -} - -type TokenGenerator interface { - // GenerateToken generates a token which will identify the given - // ServiceAccount. privateClaims is an interface that will be - // serialized into the JWT payload JSON encoding at the root level of - // the payload object. Public claims take precedent over private - // claims i.e. if both claims and privateClaims have an "exp" field, - // the value in claims will be used. - GenerateToken(claims *jwt.Claims, privateClaims interface{}) (string, error) -} - -// JWTTokenGenerator returns a TokenGenerator that generates signed JWT tokens, using the given privateKey. -// privateKey is a PEM-encoded byte array of a private RSA key. -func JWTTokenGenerator(iss string, privateKey interface{}) (TokenGenerator, error) { - var signer jose.Signer - var err error - switch pk := privateKey.(type) { - case *rsa.PrivateKey: - signer, err = signerFromRSAPrivateKey(pk) - if err != nil { - return nil, fmt.Errorf("could not generate signer for RSA keypair: %v", err) - } - case *ecdsa.PrivateKey: - signer, err = signerFromECDSAPrivateKey(pk) - if err != nil { - return nil, fmt.Errorf("could not generate signer for ECDSA keypair: %v", err) - } - case jose.OpaqueSigner: - signer, err = signerFromOpaqueSigner(pk) - if err != nil { - return nil, fmt.Errorf("could not generate signer for OpaqueSigner: %v", err) - } - default: - return nil, fmt.Errorf("unknown private key type %T, must be *rsa.PrivateKey, *ecdsa.PrivateKey, or jose.OpaqueSigner", privateKey) - } - - return &jwtTokenGenerator{ - iss: iss, - signer: signer, - }, nil -} - -// keyIDFromPublicKey derives a key ID non-reversibly from a public key. -// -// The Key ID is field on a given on JWTs and JWKs that help relying parties -// pick the correct key for verification when the identity party advertises -// multiple keys. -// -// Making the derivation non-reversible makes it impossible for someone to -// accidentally obtain the real key from the key ID and use it for token -// validation. -func keyIDFromPublicKey(publicKey interface{}) (string, error) { - publicKeyDERBytes, err := x509.MarshalPKIXPublicKey(publicKey) - if err != nil { - return "", fmt.Errorf("failed to serialize public key to DER format: %v", err) - } - - hasher := crypto.SHA256.New() - hasher.Write(publicKeyDERBytes) - publicKeyDERHash := hasher.Sum(nil) - - keyID := base64.RawURLEncoding.EncodeToString(publicKeyDERHash) - - return keyID, nil -} - -func signerFromRSAPrivateKey(keyPair *rsa.PrivateKey) (jose.Signer, error) { - keyID, err := keyIDFromPublicKey(&keyPair.PublicKey) - if err != nil { - return nil, fmt.Errorf("failed to derive keyID: %v", err) - } - - // IMPORTANT: If this function is updated to support additional key sizes, - // algorithmForPublicKey in serviceaccount/openidmetadata.go must also be - // updated to support the same key sizes. Today we only support RS256. - - // Wrap the RSA keypair in a JOSE JWK with the designated key ID. - privateJWK := &jose.JSONWebKey{ - Algorithm: string(jose.RS256), - Key: keyPair, - KeyID: keyID, - Use: "sig", - } - - signer, err := jose.NewSigner( - jose.SigningKey{ - Algorithm: jose.RS256, - Key: privateJWK, - }, - nil, - ) - - if err != nil { - return nil, fmt.Errorf("failed to create signer: %v", err) - } - - return signer, nil -} - -func signerFromECDSAPrivateKey(keyPair *ecdsa.PrivateKey) (jose.Signer, error) { - var alg jose.SignatureAlgorithm - switch keyPair.Curve { - case elliptic.P256(): - alg = jose.ES256 - case elliptic.P384(): - alg = jose.ES384 - case elliptic.P521(): - alg = jose.ES512 - default: - return nil, fmt.Errorf("unknown private key curve, must be 256, 384, or 521") - } - - keyID, err := keyIDFromPublicKey(&keyPair.PublicKey) - if err != nil { - return nil, fmt.Errorf("failed to derive keyID: %v", err) - } - - // Wrap the ECDSA keypair in a JOSE JWK with the designated key ID. - privateJWK := &jose.JSONWebKey{ - Algorithm: string(alg), - Key: keyPair, - KeyID: keyID, - Use: "sig", - } - - signer, err := jose.NewSigner( - jose.SigningKey{ - Algorithm: alg, - Key: privateJWK, - }, - nil, - ) - if err != nil { - return nil, fmt.Errorf("failed to create signer: %v", err) - } - - return signer, nil -} - -func signerFromOpaqueSigner(opaqueSigner jose.OpaqueSigner) (jose.Signer, error) { - alg := jose.SignatureAlgorithm(opaqueSigner.Public().Algorithm) - - signer, err := jose.NewSigner( - jose.SigningKey{ - Algorithm: alg, - Key: &jose.JSONWebKey{ - Algorithm: string(alg), - Key: opaqueSigner, - KeyID: opaqueSigner.Public().KeyID, - Use: "sig", - }, - }, - nil, - ) - if err != nil { - return nil, fmt.Errorf("failed to create signer: %v", err) - } - - return signer, nil -} - -type jwtTokenGenerator struct { - iss string - signer jose.Signer -} - -func (j *jwtTokenGenerator) GenerateToken(claims *jwt.Claims, privateClaims interface{}) (string, error) { - // claims are applied in reverse precedence - return jwt.Signed(j.signer). - Claims(privateClaims). - Claims(claims). - Claims(&jwt.Claims{ - Issuer: j.iss, - }). - CompactSerialize() -} - -// JWTTokenAuthenticator authenticates tokens as JWT tokens produced by JWTTokenGenerator -// Token signatures are verified using each of the given public keys until one works (allowing key rotation) -// If lookup is true, the service account and secret referenced as claims inside the token are retrieved and verified with the provided ServiceAccountTokenGetter -func JWTTokenAuthenticator(issuers []string, keys []interface{}, implicitAuds authenticator.Audiences, validator Validator) authenticator.Token { - issuersMap := make(map[string]bool) - for _, issuer := range issuers { - issuersMap[issuer] = true - } - return &jwtTokenAuthenticator{ - issuers: issuersMap, - keys: keys, - implicitAuds: implicitAuds, - validator: validator, - } -} - -type jwtTokenAuthenticator struct { - issuers map[string]bool - keys []interface{} - validator Validator - implicitAuds authenticator.Audiences -} - -// Validator is called by the JWT token authenticator to apply domain specific -// validation to a token and extract user information. -type Validator interface { - // Validate validates a token and returns user information or an error. - // Validator can assume that the issuer and signature of a token are already - // verified when this function is called. - Validate(ctx context.Context, tokenData string, public *jwt.Claims, private interface{}) (*apiserverserviceaccount.ServiceAccountInfo, error) - // NewPrivateClaims returns a struct that the authenticator should - // deserialize the JWT payload into. The authenticator may then pass this - // struct back to the Validator as the 'private' argument to a Validate() - // call. This struct should contain fields for any private claims that the - // Validator requires to validate the JWT. - NewPrivateClaims() interface{} -} - -func (j *jwtTokenAuthenticator) AuthenticateToken(ctx context.Context, tokenData string) (*authenticator.Response, bool, error) { - if !j.hasCorrectIssuer(tokenData) { - return nil, false, nil - } - - tok, err := jwt.ParseSigned(tokenData) - if err != nil { - return nil, false, nil - } - - public := &jwt.Claims{} - private := j.validator.NewPrivateClaims() - - // TODO: Pick the key that has the same key ID as `tok`, if one exists. - var ( - found bool - errlist []error - ) - for _, key := range j.keys { - if err := tok.Claims(key, public, private); err != nil { - errlist = append(errlist, err) - continue - } - found = true - break - } - - if !found { - return nil, false, utilerrors.NewAggregate(errlist) - } - - tokenAudiences := authenticator.Audiences(public.Audience) - if len(tokenAudiences) == 0 { - // only apiserver audiences are allowed for legacy tokens - audit.AddAuditAnnotation(ctx, "authentication.k8s.io/legacy-token", public.Subject) - legacyTokensTotal.WithContext(ctx).Inc() - tokenAudiences = j.implicitAuds - } - - requestedAudiences, ok := authenticator.AudiencesFrom(ctx) - if !ok { - // default to apiserver audiences - requestedAudiences = j.implicitAuds - } - - auds := authenticator.Audiences(tokenAudiences).Intersect(requestedAudiences) - if len(auds) == 0 && len(j.implicitAuds) != 0 { - return nil, false, fmt.Errorf("token audiences %q is invalid for the target audiences %q", tokenAudiences, requestedAudiences) - } - - // If we get here, we have a token with a recognized signature and - // issuer string. - sa, err := j.validator.Validate(ctx, tokenData, public, private) - if err != nil { - return nil, false, err - } - - return &authenticator.Response{ - User: sa.UserInfo(), - Audiences: auds, - }, true, nil -} - -// hasCorrectIssuer returns true if tokenData is a valid JWT in compact -// serialization format and the "iss" claim matches the iss field of this token -// authenticator, and otherwise returns false. -// -// Note: go-jose currently does not allow access to unverified JWS payloads. -// See https://github.com/square/go-jose/issues/169 -func (j *jwtTokenAuthenticator) hasCorrectIssuer(tokenData string) bool { - parts := strings.Split(tokenData, ".") - if len(parts) != 3 { - return false - } - payload, err := base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return false - } - claims := struct { - // WARNING: this JWT is not verified. Do not trust these claims. - Issuer string `json:"iss"` - }{} - if err := json.Unmarshal(payload, &claims); err != nil { - return false - } - return j.issuers[claims.Issuer] -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/legacy.go b/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/legacy.go deleted file mode 100644 index 8ebdbabe89..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/legacy.go +++ /dev/null @@ -1,176 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "time" - - "gopkg.in/square/go-jose.v2/jwt" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/apiserver/pkg/warning" - applyv1 "k8s.io/client-go/applyconfigurations/core/v1" - typedv1core "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/klog/v2" - kubefeatures "k8s.io/kubernetes/pkg/features" -) - -func LegacyClaims(serviceAccount v1.ServiceAccount, secret v1.Secret) (*jwt.Claims, interface{}) { - return &jwt.Claims{ - Subject: apiserverserviceaccount.MakeUsername(serviceAccount.Namespace, serviceAccount.Name), - }, &legacyPrivateClaims{ - Namespace: serviceAccount.Namespace, - ServiceAccountName: serviceAccount.Name, - ServiceAccountUID: string(serviceAccount.UID), - SecretName: secret.Name, - } -} - -const ( - LegacyIssuer = "kubernetes/serviceaccount" - LastUsedLabelKey = "kubernetes.io/legacy-token-last-used" -) - -type legacyPrivateClaims struct { - ServiceAccountName string `json:"kubernetes.io/serviceaccount/service-account.name"` - ServiceAccountUID string `json:"kubernetes.io/serviceaccount/service-account.uid"` - SecretName string `json:"kubernetes.io/serviceaccount/secret.name"` - Namespace string `json:"kubernetes.io/serviceaccount/namespace"` -} - -func NewLegacyValidator(lookup bool, getter ServiceAccountTokenGetter, secretsWriter typedv1core.SecretsGetter) Validator { - return &legacyValidator{ - lookup: lookup, - getter: getter, - secretsWriter: secretsWriter, - } -} - -type legacyValidator struct { - lookup bool - getter ServiceAccountTokenGetter - secretsWriter typedv1core.SecretsGetter -} - -var _ = Validator(&legacyValidator{}) - -func (v *legacyValidator) Validate(ctx context.Context, tokenData string, public *jwt.Claims, privateObj interface{}) (*apiserverserviceaccount.ServiceAccountInfo, error) { - private, ok := privateObj.(*legacyPrivateClaims) - if !ok { - klog.Errorf("jwt validator expected private claim of type *legacyPrivateClaims but got: %T", privateObj) - return nil, errors.New("Token could not be validated.") - } - - // Make sure the claims we need exist - if len(public.Subject) == 0 { - return nil, errors.New("sub claim is missing") - } - namespace := private.Namespace - if len(namespace) == 0 { - return nil, errors.New("namespace claim is missing") - } - secretName := private.SecretName - if len(secretName) == 0 { - return nil, errors.New("secretName claim is missing") - } - serviceAccountName := private.ServiceAccountName - if len(serviceAccountName) == 0 { - return nil, errors.New("serviceAccountName claim is missing") - } - serviceAccountUID := private.ServiceAccountUID - if len(serviceAccountUID) == 0 { - return nil, errors.New("serviceAccountUID claim is missing") - } - - subjectNamespace, subjectName, err := apiserverserviceaccount.SplitUsername(public.Subject) - if err != nil || subjectNamespace != namespace || subjectName != serviceAccountName { - return nil, errors.New("sub claim is invalid") - } - - if v.lookup { - // Make sure token hasn't been invalidated by deletion of the secret - secret, err := v.getter.GetSecret(namespace, secretName) - if err != nil { - klog.V(4).Infof("Could not retrieve token %s/%s for service account %s/%s: %v", namespace, secretName, namespace, serviceAccountName, err) - return nil, errors.New("Token has been invalidated") - } - if secret.DeletionTimestamp != nil { - klog.V(4).Infof("Token is deleted and awaiting removal: %s/%s for service account %s/%s", namespace, secretName, namespace, serviceAccountName) - return nil, errors.New("Token has been invalidated") - } - if !bytes.Equal(secret.Data[v1.ServiceAccountTokenKey], []byte(tokenData)) { - klog.V(4).Infof("Token contents no longer matches %s/%s for service account %s/%s", namespace, secretName, namespace, serviceAccountName) - return nil, errors.New("Token does not match server's copy") - } - - // Make sure service account still exists (name and UID) - serviceAccount, err := v.getter.GetServiceAccount(namespace, serviceAccountName) - if err != nil { - klog.V(4).Infof("Could not retrieve service account %s/%s: %v", namespace, serviceAccountName, err) - return nil, err - } - if serviceAccount.DeletionTimestamp != nil { - klog.V(4).Infof("Service account has been deleted %s/%s", namespace, serviceAccountName) - return nil, fmt.Errorf("ServiceAccount %s/%s has been deleted", namespace, serviceAccountName) - } - if string(serviceAccount.UID) != serviceAccountUID { - klog.V(4).Infof("Service account UID no longer matches %s/%s: %q != %q", namespace, serviceAccountName, string(serviceAccount.UID), serviceAccountUID) - return nil, fmt.Errorf("ServiceAccount UID (%s) does not match claim (%s)", serviceAccount.UID, serviceAccountUID) - } - - if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.LegacyServiceAccountTokenTracking) { - for _, ref := range serviceAccount.Secrets { - if ref.Name == secret.Name { - warning.AddWarning(ctx, "", "Use tokens from the TokenRequest API or manually created secret-based tokens instead of auto-generated secret-based tokens.") - break - } - } - now := time.Now().UTC() - today := now.Format("2006-01-02") - tomorrow := now.AddDate(0, 0, 1).Format("2006-01-02") - lastUsed := secret.Labels[LastUsedLabelKey] - if lastUsed != today && lastUsed != tomorrow { - patchContent, err := json.Marshal(applyv1.Secret(secret.Name, secret.Namespace).WithLabels(map[string]string{LastUsedLabelKey: today})) - if err != nil { - klog.Errorf("Failed to marshal legacy service account token tracking labels, err: %v", err) - } else { - if _, err := v.secretsWriter.Secrets(namespace).Patch(ctx, secret.Name, types.MergePatchType, patchContent, metav1.PatchOptions{}); err != nil { - klog.Errorf("Failed to label legacy service account token secret with last-used, err: %v", err) - } - } - } - } - } - - return &apiserverserviceaccount.ServiceAccountInfo{ - Namespace: private.Namespace, - Name: private.ServiceAccountName, - UID: private.ServiceAccountUID, - }, nil -} - -func (v *legacyValidator) NewPrivateClaims() interface{} { - return &legacyPrivateClaims{} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/metrics.go b/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/metrics.go deleted file mode 100644 index 2c614a9f93..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/metrics.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "sync" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const kubeServiceAccountSubsystem = "serviceaccount" - -var ( - // LegacyTokensTotal is the number of legacy tokens used against apiserver. - legacyTokensTotal = metrics.NewCounter( - &metrics.CounterOpts{ - Subsystem: kubeServiceAccountSubsystem, - Name: "legacy_tokens_total", - Help: "Cumulative legacy service account tokens used", - StabilityLevel: metrics.ALPHA, - }, - ) - - // StaleTokensTotal is the number of stale projected tokens not refreshed on - // client side. - staleTokensTotal = metrics.NewCounter( - &metrics.CounterOpts{ - Subsystem: kubeServiceAccountSubsystem, - Name: "stale_tokens_total", - Help: "Cumulative stale projected service account tokens used", - StabilityLevel: metrics.ALPHA, - }, - ) - - // ValidTokensTotal is the number of valid projected tokens used. - validTokensTotal = metrics.NewCounter( - &metrics.CounterOpts{ - Subsystem: kubeServiceAccountSubsystem, - Name: "valid_tokens_total", - Help: "Cumulative valid projected service account tokens used", - StabilityLevel: metrics.ALPHA, - }, - ) -) - -var registerMetricsOnce sync.Once - -func RegisterMetrics() { - registerMetricsOnce.Do(func() { - legacyregistry.MustRegister(legacyTokensTotal) - legacyregistry.MustRegister(staleTokensTotal) - legacyregistry.MustRegister(validTokensTotal) - }) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/openidmetadata.go b/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/openidmetadata.go deleted file mode 100644 index 56ec23d118..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/serviceaccount/openidmetadata.go +++ /dev/null @@ -1,295 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rsa" - "encoding/json" - "fmt" - "net/url" - - jose "gopkg.in/square/go-jose.v2" - - "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" -) - -const ( - // OpenIDConfigPath is the URL path at which the API server serves - // an OIDC Provider Configuration Information document, corresponding - // to the Kubernetes Service Account key issuer. - // https://openid.net/specs/openid-connect-discovery-1_0.html - OpenIDConfigPath = "/.well-known/openid-configuration" - - // JWKSPath is the URL path at which the API server serves a JWKS - // containing the public keys that may be used to sign Kubernetes - // Service Account keys. - JWKSPath = "/openid/v1/jwks" -) - -// OpenIDMetadata contains the pre-rendered responses for OIDC discovery endpoints. -type OpenIDMetadata struct { - ConfigJSON []byte - PublicKeysetJSON []byte -} - -// NewOpenIDMetadata returns the pre-rendered JSON responses for the OIDC discovery -// endpoints, or an error if they could not be constructed. Callers should note -// that this function may perform additional validation on inputs that is not -// backwards-compatible with all command-line validation. The recommendation is -// to log the error and skip installing the OIDC discovery endpoints. -func NewOpenIDMetadata(issuerURL, jwksURI, defaultExternalAddress string, pubKeys []interface{}) (*OpenIDMetadata, error) { - if issuerURL == "" { - return nil, fmt.Errorf("empty issuer URL") - } - if jwksURI == "" && defaultExternalAddress == "" { - return nil, fmt.Errorf("either the JWKS URI or the default external address, or both, must be set") - } - if len(pubKeys) == 0 { - return nil, fmt.Errorf("no keys provided for validating keyset") - } - - // Ensure the issuer URL meets the OIDC spec (this is the additional - // validation the doc comment warns about). - // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata - iss, err := url.Parse(issuerURL) - if err != nil { - return nil, err - } - if iss.Scheme != "https" { - return nil, fmt.Errorf("issuer URL must use https scheme, got: %s", issuerURL) - } - if iss.RawQuery != "" { - return nil, fmt.Errorf("issuer URL may not include a query, got: %s", issuerURL) - } - if iss.Fragment != "" { - return nil, fmt.Errorf("issuer URL may not include a fragment, got: %s", issuerURL) - } - - // Either use the provided JWKS URI or default to ExternalAddress plus - // the JWKS path. - if jwksURI == "" { - const msg = "attempted to build jwks_uri from external " + - "address %s, but could not construct a valid URL. Error: %v" - - if defaultExternalAddress == "" { - return nil, fmt.Errorf(msg, defaultExternalAddress, - fmt.Errorf("empty address")) - } - - u := &url.URL{ - Scheme: "https", - Host: defaultExternalAddress, - Path: JWKSPath, - } - jwksURI = u.String() - - // TODO(mtaufen): I think we can probably expect ExternalAddress is - // at most just host + port and skip the sanity check, but want to be - // careful until that is confirmed. - - // Sanity check that the jwksURI we produced is the valid URL we expect. - // This is just in case ExternalAddress came in as something weird, - // like a scheme + host + port, instead of just host + port. - parsed, err := url.Parse(jwksURI) - if err != nil { - return nil, fmt.Errorf(msg, defaultExternalAddress, err) - } else if u.Scheme != parsed.Scheme || - u.Host != parsed.Host || - u.Path != parsed.Path { - return nil, fmt.Errorf(msg, defaultExternalAddress, - fmt.Errorf("got %v, expected %v", parsed, u)) - } - } else { - // Double-check that jwksURI is an https URL - if u, err := url.Parse(jwksURI); err != nil { - return nil, err - } else if u.Scheme != "https" { - return nil, fmt.Errorf("jwksURI requires https scheme, parsed as: %v", u.String()) - } - } - - configJSON, err := openIDConfigJSON(issuerURL, jwksURI, pubKeys) - if err != nil { - return nil, fmt.Errorf("could not marshal issuer discovery JSON, error: %v", err) - } - - keysetJSON, err := openIDKeysetJSON(pubKeys) - if err != nil { - return nil, fmt.Errorf("could not marshal issuer keys JSON, error: %v", err) - } - - return &OpenIDMetadata{ - ConfigJSON: configJSON, - PublicKeysetJSON: keysetJSON, - }, nil -} - -// openIDMetadata provides a minimal subset of OIDC provider metadata: -// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata -type openIDMetadata struct { - Issuer string `json:"issuer"` // REQUIRED in OIDC; meaningful to relying parties. - // TODO(mtaufen): Since our goal is compatibility for relying parties that - // need to validate ID tokens, but do not need to initiate login flows, - // and since we aren't sure what to put in authorization_endpoint yet, - // we will omit this field until someone files a bug. - // AuthzEndpoint string `json:"authorization_endpoint"` // REQUIRED in OIDC; but useless to relying parties. - JWKSURI string `json:"jwks_uri"` // REQUIRED in OIDC; meaningful to relying parties. - ResponseTypes []string `json:"response_types_supported"` // REQUIRED in OIDC - SubjectTypes []string `json:"subject_types_supported"` // REQUIRED in OIDC - SigningAlgs []string `json:"id_token_signing_alg_values_supported"` // REQUIRED in OIDC -} - -// openIDConfigJSON returns the JSON OIDC Discovery Doc for the service -// account issuer. -func openIDConfigJSON(iss, jwksURI string, keys []interface{}) ([]byte, error) { - keyset, errs := publicJWKSFromKeys(keys) - if errs != nil { - return nil, errs - } - - metadata := openIDMetadata{ - Issuer: iss, - JWKSURI: jwksURI, - ResponseTypes: []string{"id_token"}, // Kubernetes only produces ID tokens - SubjectTypes: []string{"public"}, // https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes - SigningAlgs: getAlgs(keyset), // REQUIRED by OIDC - } - - metadataJSON, err := json.Marshal(metadata) - if err != nil { - return nil, fmt.Errorf("failed to marshal service account issuer metadata: %v", err) - } - - return metadataJSON, nil -} - -// openIDKeysetJSON returns the JSON Web Key Set for the service account -// issuer's keys. -func openIDKeysetJSON(keys []interface{}) ([]byte, error) { - keyset, errs := publicJWKSFromKeys(keys) - if errs != nil { - return nil, errs - } - - keysetJSON, err := json.Marshal(keyset) - if err != nil { - return nil, fmt.Errorf("failed to marshal service account issuer JWKS: %v", err) - } - - return keysetJSON, nil -} - -func getAlgs(keys *jose.JSONWebKeySet) []string { - algs := sets.NewString() - for _, k := range keys.Keys { - algs.Insert(k.Algorithm) - } - // Note: List returns a sorted slice. - return algs.List() -} - -type publicKeyGetter interface { - Public() crypto.PublicKey -} - -// publicJWKSFromKeys constructs a JSONWebKeySet from a list of keys. The key -// set will only contain the public keys associated with the input keys. -func publicJWKSFromKeys(in []interface{}) (*jose.JSONWebKeySet, errors.Aggregate) { - // Decode keys into a JWKS. - var keys jose.JSONWebKeySet - var errs []error - for i, key := range in { - var pubkey *jose.JSONWebKey - var err error - - switch k := key.(type) { - case publicKeyGetter: - // This is a private key. Get its public key - pubkey, err = jwkFromPublicKey(k.Public()) - default: - pubkey, err = jwkFromPublicKey(k) - } - if err != nil { - errs = append(errs, fmt.Errorf("error constructing JWK for key #%d: %v", i, err)) - continue - } - - if !pubkey.Valid() { - errs = append(errs, fmt.Errorf("key #%d not valid", i)) - continue - } - keys.Keys = append(keys.Keys, *pubkey) - } - if len(errs) != 0 { - return nil, errors.NewAggregate(errs) - } - return &keys, nil -} - -func jwkFromPublicKey(publicKey crypto.PublicKey) (*jose.JSONWebKey, error) { - alg, err := algorithmFromPublicKey(publicKey) - if err != nil { - return nil, err - } - - keyID, err := keyIDFromPublicKey(publicKey) - if err != nil { - return nil, err - } - - jwk := &jose.JSONWebKey{ - Algorithm: string(alg), - Key: publicKey, - KeyID: keyID, - Use: "sig", - } - - if !jwk.IsPublic() { - return nil, fmt.Errorf("JWK was not a public key! JWK: %v", jwk) - } - - return jwk, nil -} - -func algorithmFromPublicKey(publicKey crypto.PublicKey) (jose.SignatureAlgorithm, error) { - switch pk := publicKey.(type) { - case *rsa.PublicKey: - // IMPORTANT: If this function is updated to support additional key sizes, - // signerFromRSAPrivateKey in serviceaccount/jwt.go must also be - // updated to support the same key sizes. Today we only support RS256. - return jose.RS256, nil - case *ecdsa.PublicKey: - switch pk.Curve { - case elliptic.P256(): - return jose.ES256, nil - case elliptic.P384(): - return jose.ES384, nil - case elliptic.P521(): - return jose.ES512, nil - default: - return "", fmt.Errorf("unknown private key curve, must be 256, 384, or 521") - } - case jose.OpaqueSigner: - return jose.SignatureAlgorithm(pk.Public().Algorithm), nil - default: - return "", fmt.Errorf("unknown public key type, must be *rsa.PublicKey, *ecdsa.PublicKey, or jose.OpaqueSigner") - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/util/async/bounded_frequency_runner.go b/etcd/vendor/k8s.io/kubernetes/pkg/util/async/bounded_frequency_runner.go deleted file mode 100644 index 5a719dfaee..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/util/async/bounded_frequency_runner.go +++ /dev/null @@ -1,313 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package async - -import ( - "fmt" - "sync" - "time" - - "k8s.io/client-go/util/flowcontrol" - - "k8s.io/klog/v2" -) - -// BoundedFrequencyRunner manages runs of a user-provided function. -// See NewBoundedFrequencyRunner for examples. -type BoundedFrequencyRunner struct { - name string // the name of this instance - minInterval time.Duration // the min time between runs, modulo bursts - maxInterval time.Duration // the max time between runs - - run chan struct{} // try an async run - - mu sync.Mutex // guards runs of fn and all mutations - fn func() // function to run - lastRun time.Time // time of last run - timer timer // timer for deferred runs - limiter rateLimiter // rate limiter for on-demand runs - - retry chan struct{} // schedule a retry - retryMu sync.Mutex // guards retryTime - retryTime time.Time // when to retry -} - -// designed so that flowcontrol.RateLimiter satisfies -type rateLimiter interface { - TryAccept() bool - Stop() -} - -type nullLimiter struct{} - -func (nullLimiter) TryAccept() bool { - return true -} - -func (nullLimiter) Stop() {} - -var _ rateLimiter = nullLimiter{} - -// for testing -type timer interface { - // C returns the timer's selectable channel. - C() <-chan time.Time - - // See time.Timer.Reset. - Reset(d time.Duration) bool - - // See time.Timer.Stop. - Stop() bool - - // See time.Now. - Now() time.Time - - // Remaining returns the time until the timer will go off (if it is running). - Remaining() time.Duration - - // See time.Since. - Since(t time.Time) time.Duration - - // See time.Sleep. - Sleep(d time.Duration) -} - -// implement our timer in terms of std time.Timer. -type realTimer struct { - timer *time.Timer - next time.Time -} - -func (rt *realTimer) C() <-chan time.Time { - return rt.timer.C -} - -func (rt *realTimer) Reset(d time.Duration) bool { - rt.next = time.Now().Add(d) - return rt.timer.Reset(d) -} - -func (rt *realTimer) Stop() bool { - return rt.timer.Stop() -} - -func (rt *realTimer) Now() time.Time { - return time.Now() -} - -func (rt *realTimer) Remaining() time.Duration { - return rt.next.Sub(time.Now()) -} - -func (rt *realTimer) Since(t time.Time) time.Duration { - return time.Since(t) -} - -func (rt *realTimer) Sleep(d time.Duration) { - time.Sleep(d) -} - -var _ timer = &realTimer{} - -// NewBoundedFrequencyRunner creates a new BoundedFrequencyRunner instance, -// which will manage runs of the specified function. -// -// All runs will be async to the caller of BoundedFrequencyRunner.Run, but -// multiple runs are serialized. If the function needs to hold locks, it must -// take them internally. -// -// Runs of the function will have at least minInterval between them (from -// completion to next start), except that up to bursts may be allowed. Burst -// runs are "accumulated" over time, one per minInterval up to burstRuns total. -// This can be used, for example, to mitigate the impact of expensive operations -// being called in response to user-initiated operations. Run requests that -// would violate the minInterval are coallesced and run at the next opportunity. -// -// The function will be run at least once per maxInterval. For example, this can -// force periodic refreshes of state in the absence of anyone calling Run. -// -// Examples: -// -// NewBoundedFrequencyRunner("name", fn, time.Second, 5*time.Second, 1) -// - fn will have at least 1 second between runs -// - fn will have no more than 5 seconds between runs -// -// NewBoundedFrequencyRunner("name", fn, 3*time.Second, 10*time.Second, 3) -// - fn will have at least 3 seconds between runs, with up to 3 burst runs -// - fn will have no more than 10 seconds between runs -// -// The maxInterval must be greater than or equal to the minInterval, If the -// caller passes a maxInterval less than minInterval, this function will panic. -func NewBoundedFrequencyRunner(name string, fn func(), minInterval, maxInterval time.Duration, burstRuns int) *BoundedFrequencyRunner { - timer := &realTimer{timer: time.NewTimer(0)} // will tick immediately - <-timer.C() // consume the first tick - return construct(name, fn, minInterval, maxInterval, burstRuns, timer) -} - -// Make an instance with dependencies injected. -func construct(name string, fn func(), minInterval, maxInterval time.Duration, burstRuns int, timer timer) *BoundedFrequencyRunner { - if maxInterval < minInterval { - panic(fmt.Sprintf("%s: maxInterval (%v) must be >= minInterval (%v)", name, maxInterval, minInterval)) - } - if timer == nil { - panic(fmt.Sprintf("%s: timer must be non-nil", name)) - } - - bfr := &BoundedFrequencyRunner{ - name: name, - fn: fn, - minInterval: minInterval, - maxInterval: maxInterval, - run: make(chan struct{}, 1), - retry: make(chan struct{}, 1), - timer: timer, - } - if minInterval == 0 { - bfr.limiter = nullLimiter{} - } else { - // allow burst updates in short succession - qps := float32(time.Second) / float32(minInterval) - bfr.limiter = flowcontrol.NewTokenBucketRateLimiterWithClock(qps, burstRuns, timer) - } - return bfr -} - -// Loop handles the periodic timer and run requests. This is expected to be -// called as a goroutine. -func (bfr *BoundedFrequencyRunner) Loop(stop <-chan struct{}) { - klog.V(3).Infof("%s Loop running", bfr.name) - bfr.timer.Reset(bfr.maxInterval) - for { - select { - case <-stop: - bfr.stop() - klog.V(3).Infof("%s Loop stopping", bfr.name) - return - case <-bfr.timer.C(): - bfr.tryRun() - case <-bfr.run: - bfr.tryRun() - case <-bfr.retry: - bfr.doRetry() - } - } -} - -// Run the function as soon as possible. If this is called while Loop is not -// running, the call may be deferred indefinitely. -// If there is already a queued request to call the underlying function, it -// may be dropped - it is just guaranteed that we will try calling the -// underlying function as soon as possible starting from now. -func (bfr *BoundedFrequencyRunner) Run() { - // If it takes a lot of time to run the underlying function, noone is really - // processing elements from <run> channel. So to avoid blocking here on the - // putting element to it, we simply skip it if there is already an element - // in it. - select { - case bfr.run <- struct{}{}: - default: - } -} - -// RetryAfter ensures that the function will run again after no later than interval. This -// can be called from inside a run of the BoundedFrequencyRunner's function, or -// asynchronously. -func (bfr *BoundedFrequencyRunner) RetryAfter(interval time.Duration) { - // This could be called either with or without bfr.mu held, so we can't grab that - // lock, and therefore we can't update the timer directly. - - // If the Loop thread is currently running fn then it may be a while before it - // processes our retry request. But we want to retry at interval from now, not at - // interval from "whenever doRetry eventually gets called". So we convert to - // absolute time. - retryTime := bfr.timer.Now().Add(interval) - - // We can't just write retryTime to a channel because there could be multiple - // RetryAfter calls before Loop gets a chance to read from the channel. So we - // record the soonest requested retry time in bfr.retryTime and then only signal - // the Loop thread once, just like Run does. - bfr.retryMu.Lock() - defer bfr.retryMu.Unlock() - if !bfr.retryTime.IsZero() && bfr.retryTime.Before(retryTime) { - return - } - bfr.retryTime = retryTime - - select { - case bfr.retry <- struct{}{}: - default: - } -} - -// assumes the lock is not held -func (bfr *BoundedFrequencyRunner) stop() { - bfr.mu.Lock() - defer bfr.mu.Unlock() - bfr.limiter.Stop() - bfr.timer.Stop() -} - -// assumes the lock is not held -func (bfr *BoundedFrequencyRunner) doRetry() { - bfr.mu.Lock() - defer bfr.mu.Unlock() - bfr.retryMu.Lock() - defer bfr.retryMu.Unlock() - - if bfr.retryTime.IsZero() { - return - } - - // Timer wants an interval not an absolute time, so convert retryTime back now - retryInterval := bfr.retryTime.Sub(bfr.timer.Now()) - bfr.retryTime = time.Time{} - if retryInterval < bfr.timer.Remaining() { - klog.V(3).Infof("%s: retrying in %v", bfr.name, retryInterval) - bfr.timer.Stop() - bfr.timer.Reset(retryInterval) - } -} - -// assumes the lock is not held -func (bfr *BoundedFrequencyRunner) tryRun() { - bfr.mu.Lock() - defer bfr.mu.Unlock() - - if bfr.limiter.TryAccept() { - // We're allowed to run the function right now. - bfr.fn() - bfr.lastRun = bfr.timer.Now() - bfr.timer.Stop() - bfr.timer.Reset(bfr.maxInterval) - klog.V(3).Infof("%s: ran, next possible in %v, periodic in %v", bfr.name, bfr.minInterval, bfr.maxInterval) - return - } - - // It can't run right now, figure out when it can run next. - elapsed := bfr.timer.Since(bfr.lastRun) // how long since last run - nextPossible := bfr.minInterval - elapsed // time to next possible run - nextScheduled := bfr.timer.Remaining() // time to next scheduled run - klog.V(4).Infof("%s: %v since last run, possible in %v, scheduled in %v", bfr.name, elapsed, nextPossible, nextScheduled) - - // It's hard to avoid race conditions in the unit tests unless we always reset - // the timer here, even when it's unchanged - if nextPossible < nextScheduled { - nextScheduled = nextPossible - } - bfr.timer.Stop() - bfr.timer.Reset(nextScheduled) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/util/async/runner.go b/etcd/vendor/k8s.io/kubernetes/pkg/util/async/runner.go deleted file mode 100644 index 924f1d168b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/util/async/runner.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package async - -import ( - "sync" -) - -// Runner is an abstraction to make it easy to start and stop groups of things that can be -// described by a single function which waits on a channel close to exit. -type Runner struct { - lock sync.Mutex - loopFuncs []func(stop chan struct{}) - stop *chan struct{} -} - -// NewRunner makes a runner for the given function(s). The function(s) should loop until -// the channel is closed. -func NewRunner(f ...func(stop chan struct{})) *Runner { - return &Runner{loopFuncs: f} -} - -// Start begins running. -func (r *Runner) Start() { - r.lock.Lock() - defer r.lock.Unlock() - if r.stop == nil { - c := make(chan struct{}) - r.stop = &c - for i := range r.loopFuncs { - go r.loopFuncs[i](*r.stop) - } - } -} - -// Stop stops running. -func (r *Runner) Stop() { - r.lock.Lock() - defer r.lock.Unlock() - if r.stop != nil { - close(*r.stop) - r.stop = nil - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/util/hash/hash.go b/etcd/vendor/k8s.io/kubernetes/pkg/util/hash/hash.go deleted file mode 100644 index 803f066a44..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/util/hash/hash.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package hash - -import ( - "hash" - - "github.com/davecgh/go-spew/spew" -) - -// DeepHashObject writes specified object to hash using the spew library -// which follows pointers and prints actual values of the nested objects -// ensuring the hash does not change when a pointer changes. -func DeepHashObject(hasher hash.Hash, objectToWrite interface{}) { - hasher.Reset() - printer := spew.ConfigState{ - Indent: " ", - SortKeys: true, - DisableMethods: true, - SpewKeys: true, - } - printer.Fprintf(hasher, "%#v", objectToWrite) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/util/node/node.go b/etcd/vendor/k8s.io/kubernetes/pkg/util/node/node.go deleted file mode 100644 index 5646207cbb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/util/node/node.go +++ /dev/null @@ -1,176 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "context" - "fmt" - "net" - "os" - "strings" - "time" - - "k8s.io/klog/v2" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/wait" - clientset "k8s.io/client-go/kubernetes" - netutils "k8s.io/utils/net" -) - -const ( - // NodeUnreachablePodReason is the reason on a pod when its state cannot be confirmed as kubelet is unresponsive - // on the node it is (was) running. - NodeUnreachablePodReason = "NodeLost" - // NodeUnreachablePodMessage is the message on a pod when its state cannot be confirmed as kubelet is unresponsive - // on the node it is (was) running. - NodeUnreachablePodMessage = "Node %v which was running pod %v is unresponsive" -) - -// GetHostname returns OS's hostname if 'hostnameOverride' is empty; otherwise, return 'hostnameOverride'. -func GetHostname(hostnameOverride string) (string, error) { - hostName := hostnameOverride - if len(hostName) == 0 { - nodeName, err := os.Hostname() - if err != nil { - return "", fmt.Errorf("couldn't determine hostname: %v", err) - } - hostName = nodeName - } - - // Trim whitespaces first to avoid getting an empty hostname - // For linux, the hostname is read from file /proc/sys/kernel/hostname directly - hostName = strings.TrimSpace(hostName) - if len(hostName) == 0 { - return "", fmt.Errorf("empty hostname is invalid") - } - return strings.ToLower(hostName), nil -} - -// NoMatchError is a typed implementation of the error interface. It indicates a failure to get a matching Node. -type NoMatchError struct { - addresses []v1.NodeAddress -} - -// Error is the implementation of the conventional interface for -// representing an error condition, with the nil value representing no error. -func (e *NoMatchError) Error() string { - return fmt.Sprintf("no preferred addresses found; known addresses: %v", e.addresses) -} - -// GetPreferredNodeAddress returns the address of the provided node, using the provided preference order. -// If none of the preferred address types are found, an error is returned. -func GetPreferredNodeAddress(node *v1.Node, preferredAddressTypes []v1.NodeAddressType) (string, error) { - for _, addressType := range preferredAddressTypes { - for _, address := range node.Status.Addresses { - if address.Type == addressType { - return address.Address, nil - } - } - } - return "", &NoMatchError{addresses: node.Status.Addresses} -} - -// GetNodeHostIPs returns the provided node's IP(s); either a single "primary IP" for the -// node in a single-stack cluster, or a dual-stack pair of IPs in a dual-stack cluster -// (for nodes that actually have dual-stack IPs). Among other things, the IPs returned -// from this function are used as the `.status.PodIPs` values for host-network pods on the -// node, and the first IP is used as the `.status.HostIP` for all pods on the node. -func GetNodeHostIPs(node *v1.Node) ([]net.IP, error) { - // Re-sort the addresses with InternalIPs first and then ExternalIPs - allIPs := make([]net.IP, 0, len(node.Status.Addresses)) - for _, addr := range node.Status.Addresses { - if addr.Type == v1.NodeInternalIP { - ip := netutils.ParseIPSloppy(addr.Address) - if ip != nil { - allIPs = append(allIPs, ip) - } - } - } - for _, addr := range node.Status.Addresses { - if addr.Type == v1.NodeExternalIP { - ip := netutils.ParseIPSloppy(addr.Address) - if ip != nil { - allIPs = append(allIPs, ip) - } - } - } - if len(allIPs) == 0 { - return nil, fmt.Errorf("host IP unknown; known addresses: %v", node.Status.Addresses) - } - - nodeIPs := []net.IP{allIPs[0]} - for _, ip := range allIPs { - if netutils.IsIPv6(ip) != netutils.IsIPv6(nodeIPs[0]) { - nodeIPs = append(nodeIPs, ip) - break - } - } - - return nodeIPs, nil -} - -// GetNodeHostIP returns the provided node's "primary" IP; see GetNodeHostIPs for more details -func GetNodeHostIP(node *v1.Node) (net.IP, error) { - ips, err := GetNodeHostIPs(node) - if err != nil { - return nil, err - } - // GetNodeHostIPs always returns at least one IP if it didn't return an error - return ips[0], nil -} - -// GetNodeIP returns an IP (as with GetNodeHostIP) for the node with the provided name. -// If required, it will wait for the node to be created. -func GetNodeIP(client clientset.Interface, name string) net.IP { - var nodeIP net.IP - backoff := wait.Backoff{ - Steps: 6, - Duration: 1 * time.Second, - Factor: 2.0, - Jitter: 0.2, - } - - err := wait.ExponentialBackoff(backoff, func() (bool, error) { - node, err := client.CoreV1().Nodes().Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - klog.Errorf("Failed to retrieve node info: %v", err) - return false, nil - } - nodeIP, err = GetNodeHostIP(node) - if err != nil { - klog.Errorf("Failed to retrieve node IP: %v", err) - return false, err - } - return true, nil - }) - if err == nil { - klog.Infof("Successfully retrieved node IP: %v", nodeIP) - } - return nodeIP -} - -// IsNodeReady returns true if a node is ready; false otherwise. -func IsNodeReady(node *v1.Node) bool { - for _, c := range node.Status.Conditions { - if c.Type == v1.NodeReady { - return c.Status == v1.ConditionTrue - } - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/util/parsers/parsers.go b/etcd/vendor/k8s.io/kubernetes/pkg/util/parsers/parsers.go deleted file mode 100644 index ef869cd768..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/util/parsers/parsers.go +++ /dev/null @@ -1,54 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package parsers - -import ( - "fmt" - // Import the crypto sha256 algorithm for the docker image parser to work - _ "crypto/sha256" - // Import the crypto/sha512 algorithm for the docker image parser to work with 384 and 512 sha hashes - _ "crypto/sha512" - - dockerref "github.com/docker/distribution/reference" -) - -// ParseImageName parses a docker image string into three parts: repo, tag and digest. -// If both tag and digest are empty, a default image tag will be returned. -func ParseImageName(image string) (string, string, string, error) { - named, err := dockerref.ParseNormalizedNamed(image) - if err != nil { - return "", "", "", fmt.Errorf("couldn't parse image name: %v", err) - } - - repoToPull := named.Name() - var tag, digest string - - tagged, ok := named.(dockerref.Tagged) - if ok { - tag = tagged.Tag() - } - - digested, ok := named.(dockerref.Digested) - if ok { - digest = digested.Digest().String() - } - // If no tag was specified, use the default "latest". - if len(tag) == 0 && len(digest) == 0 { - tag = "latest" - } - return repoToPull, tag, digest, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/util/tolerations/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/util/tolerations/doc.go deleted file mode 100644 index 09fa857ab4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/util/tolerations/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package tolerations provides utilities to work with pod spec tolerations. -package tolerations // import "k8s.io/kubernetes/pkg/util/tolerations" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/util/tolerations/tolerations.go b/etcd/vendor/k8s.io/kubernetes/pkg/util/tolerations/tolerations.go deleted file mode 100644 index 073aa901ab..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/util/tolerations/tolerations.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package tolerations - -import ( - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/klog/v2" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// VerifyAgainstWhitelist checks if the provided tolerations -// satisfy the provided whitelist and returns true, otherwise returns false -func VerifyAgainstWhitelist(tolerations, whitelist []api.Toleration) bool { - if len(whitelist) == 0 || len(tolerations) == 0 { - return true - } - -next: - for _, t := range tolerations { - for _, w := range whitelist { - if isSuperset(w, t) { - continue next - } - } - return false - } - - return true -} - -// MergeTolerations merges two sets of tolerations into one. If one toleration is a superset of -// another, only the superset is kept. -func MergeTolerations(first, second []api.Toleration) []api.Toleration { - all := append(first, second...) - var merged []api.Toleration - -next: - for i, t := range all { - for _, t2 := range merged { - if isSuperset(t2, t) { - continue next // t is redundant; ignore it - } - } - if i+1 < len(all) { - for _, t2 := range all[i+1:] { - // If the tolerations are equal, prefer the first. - if !apiequality.Semantic.DeepEqual(&t, &t2) && isSuperset(t2, t) { - continue next // t is redundant; ignore it - } - } - } - merged = append(merged, t) - } - - return merged -} - -// isSuperset checks whether ss tolerates a superset of t. -func isSuperset(ss, t api.Toleration) bool { - if apiequality.Semantic.DeepEqual(&t, &ss) { - return true - } - - if t.Key != ss.Key && - // An empty key with Exists operator means match all keys & values. - (ss.Key != "" || ss.Operator != api.TolerationOpExists) { - return false - } - - // An empty effect means match all effects. - if t.Effect != ss.Effect && ss.Effect != "" { - return false - } - - if ss.Effect == api.TaintEffectNoExecute { - if ss.TolerationSeconds != nil { - if t.TolerationSeconds == nil || - *t.TolerationSeconds > *ss.TolerationSeconds { - return false - } - } - } - - switch ss.Operator { - case api.TolerationOpEqual, "": // empty operator means Equal - return t.Operator == api.TolerationOpEqual && t.Value == ss.Value - case api.TolerationOpExists: - return true - default: - klog.Errorf("Unknown toleration operator: %s", ss.Operator) - return false - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/volume/OWNERS deleted file mode 100644 index 451008a3e9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-storage-approvers -reviewers: - - sig-storage-reviewers -labels: - - sig/storage diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/doc.go deleted file mode 100644 index c98a5a1537..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package volume includes internal representations of external volume types -// as well as utility methods required to mount/unmount volumes to kubelets. -package volume // import "k8s.io/kubernetes/pkg/volume" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_block.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_block.go deleted file mode 100644 index e370afca24..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_block.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "fmt" - "io" - "os" - "runtime" - "time" - - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - servermetrics "k8s.io/kubernetes/pkg/kubelet/server/metrics" -) - -var _ MetricsProvider = &metricsBlock{} - -// metricsBlock represents a MetricsProvider that detects the size of the -// BlockMode Volume. -type metricsBlock struct { - // the device node where the volume is attached to. - device string -} - -// NewMetricsStatfs creates a new metricsBlock with the device node of the -// Volume. -func NewMetricsBlock(device string) MetricsProvider { - return &metricsBlock{device} -} - -// See MetricsProvider.GetMetrics -// GetMetrics detects the size of the BlockMode volume for the device node -// where the Volume is attached. -// -// Note that only the capacity of the device can be detected with standard -// tools. Storage systems may have more information that they can provide by -// going through specialized APIs. -func (mb *metricsBlock) GetMetrics() (*Metrics, error) { - startTime := time.Now() - defer servermetrics.CollectVolumeStatCalDuration("block", startTime) - - // TODO: Windows does not yet support VolumeMode=Block - if runtime.GOOS == "windows" { - return nil, NewNotImplementedError("Windows does not support Block volumes") - } - - metrics := &Metrics{Time: metav1.Now()} - if mb.device == "" { - return metrics, NewNoPathDefinedError() - } - - err := mb.getBlockInfo(metrics) - if err != nil { - return metrics, err - } - - return metrics, nil -} - -// getBlockInfo fetches metrics.Capacity by opening the device and seeking to -// the end. -func (mb *metricsBlock) getBlockInfo(metrics *Metrics) error { - dev, err := os.Open(mb.device) - if err != nil { - return fmt.Errorf("unable to open device %q: %w", mb.device, err) - } - defer dev.Close() - - end, err := dev.Seek(0, io.SeekEnd) - if err != nil { - return fmt.Errorf("failed to detect size of %q: %w", mb.device, err) - } - - metrics.Capacity = resource.NewQuantity(end, resource.BinarySI) - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_cached.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_cached.go deleted file mode 100644 index 3aef3d2063..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_cached.go +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "sync" - "sync/atomic" -) - -var _ MetricsProvider = &cachedMetrics{} - -// cachedMetrics represents a MetricsProvider that wraps another provider and -// caches the result. -type cachedMetrics struct { - wrapped MetricsProvider - resultError error - resultMetrics *Metrics - once cacheOnce -} - -// NewCachedMetrics creates a new cachedMetrics wrapping another -// MetricsProvider and caching the results. -func NewCachedMetrics(provider MetricsProvider) MetricsProvider { - return &cachedMetrics{wrapped: provider} -} - -// GetMetrics runs the wrapped metrics provider's GetMetrics method once and -// caches the result. Will not cache result if there is an error. -// See MetricsProvider.GetMetrics -func (md *cachedMetrics) GetMetrics() (*Metrics, error) { - md.once.cache(func() error { - md.resultMetrics, md.resultError = md.wrapped.GetMetrics() - return md.resultError - }) - return md.resultMetrics, md.resultError -} - -// Copied from sync.Once but we don't want to cache the results if there is an -// error -type cacheOnce struct { - m sync.Mutex - done uint32 -} - -// Copied from sync.Once but we don't want to cache the results if there is an -// error -func (o *cacheOnce) cache(f func() error) { - if atomic.LoadUint32(&o.done) == 1 { - return - } - // Slow-path. - o.m.Lock() - defer o.m.Unlock() - if o.done == 0 { - err := f() - if err == nil { - atomic.StoreUint32(&o.done, 1) - } - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_du.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_du.go deleted file mode 100644 index f080fac2b3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_du.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/kubernetes/pkg/volume/util/fs" -) - -var _ MetricsProvider = &metricsDu{} - -// metricsDu represents a MetricsProvider that calculates the used and -// available Volume space by calling fs.DiskUsage() and gathering -// filesystem info for the Volume path. -type metricsDu struct { - // the directory path the volume is mounted to. - path string -} - -// NewMetricsDu creates a new metricsDu with the Volume path. -func NewMetricsDu(path string) MetricsProvider { - return &metricsDu{path} -} - -// GetMetrics calculates the volume usage and device free space by executing "du" -// and gathering filesystem info for the Volume path. -// See MetricsProvider.GetMetrics -func (md *metricsDu) GetMetrics() (*Metrics, error) { - metrics := &Metrics{Time: metav1.Now()} - if md.path == "" { - return metrics, NewNoPathDefinedError() - } - - err := md.getDiskUsage(metrics) - if err != nil { - return metrics, err - } - - err = md.getFsInfo(metrics) - if err != nil { - return metrics, err - } - - return metrics, nil -} - -// getDiskUsage writes metrics.Used and metric.InodesUsed from fs.DiskUsage -func (md *metricsDu) getDiskUsage(metrics *Metrics) error { - usage, err := fs.DiskUsage(md.path) - if err != nil { - return err - } - metrics.Used = resource.NewQuantity(usage.Bytes, resource.BinarySI) - metrics.InodesUsed = resource.NewQuantity(usage.Inodes, resource.BinarySI) - return nil -} - -// getFsInfo writes metrics.Capacity and metrics.Available from the filesystem -// info -func (md *metricsDu) getFsInfo(metrics *Metrics) error { - available, capacity, _, inodes, inodesFree, _, err := fs.Info(md.path) - if err != nil { - return NewFsInfoFailedError(err) - } - metrics.Available = resource.NewQuantity(available, resource.BinarySI) - metrics.Capacity = resource.NewQuantity(capacity, resource.BinarySI) - metrics.Inodes = resource.NewQuantity(inodes, resource.BinarySI) - metrics.InodesFree = resource.NewQuantity(inodesFree, resource.BinarySI) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_errors.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_errors.go deleted file mode 100644 index 0f7987e093..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_errors.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "fmt" -) - -const ( - // ErrCodeNotSupported code for NotSupported Errors. - ErrCodeNotSupported int = iota + 1 - ErrCodeNoPathDefined - ErrCodeFsInfoFailed -) - -// NewNotSupportedError creates a new MetricsError with code NotSupported. -func NewNotSupportedError() *MetricsError { - return &MetricsError{ - Code: ErrCodeNotSupported, - Msg: "metrics are not supported for MetricsNil Volumes", - } -} - -// NewNotImplementedError creates a new MetricsError with code NotSupported. -func NewNotImplementedError(reason string) *MetricsError { - return &MetricsError{ - Code: ErrCodeNotSupported, - Msg: fmt.Sprintf("metrics support is not implemented: %s", reason), - } -} - -// NewNotSupportedErrorWithDriverName creates a new MetricsError with code NotSupported. -// driver name is added to the error message. -func NewNotSupportedErrorWithDriverName(name string) *MetricsError { - return &MetricsError{ - Code: ErrCodeNotSupported, - Msg: fmt.Sprintf("metrics are not supported for %s volumes", name), - } -} - -// NewNoPathDefinedError creates a new MetricsError with code NoPathDefined. -func NewNoPathDefinedError() *MetricsError { - return &MetricsError{ - Code: ErrCodeNoPathDefined, - Msg: "no path defined for disk usage metrics.", - } -} - -// NewFsInfoFailedError creates a new MetricsError with code FsInfoFailed. -func NewFsInfoFailedError(err error) *MetricsError { - return &MetricsError{ - Code: ErrCodeFsInfoFailed, - Msg: fmt.Sprintf("failed to get FsInfo due to error %v", err), - } -} - -// MetricsError to distinguish different Metrics Errors. -type MetricsError struct { - Code int - Msg string -} - -func (e *MetricsError) Error() string { - return e.Msg -} - -// IsNotSupported returns true if and only if err is "key" not found error. -func IsNotSupported(err error) bool { - return isErrCode(err, ErrCodeNotSupported) -} - -func isErrCode(err error, code int) bool { - if err == nil { - return false - } - if e, ok := err.(*MetricsError); ok { - return e.Code == code - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_nil.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_nil.go deleted file mode 100644 index 11b74e0797..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_nil.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -var _ MetricsProvider = &MetricsNil{} - -// MetricsNil represents a MetricsProvider that does not support returning -// Metrics. It serves as a placeholder for Volumes that do not yet support -// metrics. -type MetricsNil struct{} - -// SupportsMetrics returns false for the MetricsNil type. -func (*MetricsNil) SupportsMetrics() bool { - return false -} - -// GetMetrics returns an empty Metrics and an error. -// See MetricsProvider.GetMetrics -func (*MetricsNil) GetMetrics() (*Metrics, error) { - return &Metrics{}, NewNotSupportedError() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_statfs.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_statfs.go deleted file mode 100644 index 81a6748b19..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/metrics_statfs.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "time" - - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - servermetrics "k8s.io/kubernetes/pkg/kubelet/server/metrics" - "k8s.io/kubernetes/pkg/volume/util/fs" -) - -var _ MetricsProvider = &metricsStatFS{} - -// metricsStatFS represents a MetricsProvider that calculates the used and available -// Volume space by stat'ing and gathering filesystem info for the Volume path. -type metricsStatFS struct { - // the directory path the volume is mounted to. - path string -} - -// NewMetricsStatfs creates a new metricsStatFS with the Volume path. -func NewMetricsStatFS(path string) MetricsProvider { - return &metricsStatFS{path} -} - -// See MetricsProvider.GetMetrics -// GetMetrics calculates the volume usage and device free space by executing "du" -// and gathering filesystem info for the Volume path. -func (md *metricsStatFS) GetMetrics() (*Metrics, error) { - startTime := time.Now() - defer servermetrics.CollectVolumeStatCalDuration("statfs", startTime) - - metrics := &Metrics{Time: metav1.Now()} - if md.path == "" { - return metrics, NewNoPathDefinedError() - } - - err := md.getFsInfo(metrics) - if err != nil { - return metrics, err - } - - return metrics, nil -} - -// getFsInfo writes metrics.Capacity, metrics.Used and metrics.Available from the filesystem info -func (md *metricsStatFS) getFsInfo(metrics *Metrics) error { - available, capacity, usage, inodes, inodesFree, inodesUsed, err := fs.Info(md.path) - if err != nil { - return NewFsInfoFailedError(err) - } - metrics.Available = resource.NewQuantity(available, resource.BinarySI) - metrics.Capacity = resource.NewQuantity(capacity, resource.BinarySI) - metrics.Used = resource.NewQuantity(usage, resource.BinarySI) - metrics.Inodes = resource.NewQuantity(inodes, resource.BinarySI) - metrics.InodesFree = resource.NewQuantity(inodesFree, resource.BinarySI) - metrics.InodesUsed = resource.NewQuantity(inodesUsed, resource.BinarySI) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/noop_expandable_plugin.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/noop_expandable_plugin.go deleted file mode 100644 index 9db19f16b0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/noop_expandable_plugin.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/types" -) - -type noopExpandableVolumePluginInstance struct { - spec *Spec -} - -var _ ExpandableVolumePlugin = &noopExpandableVolumePluginInstance{} - -func (n *noopExpandableVolumePluginInstance) ExpandVolumeDevice(spec *Spec, newSize resource.Quantity, oldSize resource.Quantity) (resource.Quantity, error) { - return newSize, nil -} - -func (n *noopExpandableVolumePluginInstance) Init(host VolumeHost) error { - return nil -} - -func (n *noopExpandableVolumePluginInstance) GetPluginName() string { - return n.spec.KubeletExpandablePluginName() -} - -func (n *noopExpandableVolumePluginInstance) GetVolumeName(spec *Spec) (string, error) { - return n.spec.Name(), nil -} - -func (n *noopExpandableVolumePluginInstance) CanSupport(spec *Spec) bool { - return true -} - -func (n *noopExpandableVolumePluginInstance) RequiresRemount(spec *Spec) bool { - return false -} - -func (n *noopExpandableVolumePluginInstance) NewMounter(spec *Spec, podRef *v1.Pod, opts VolumeOptions) (Mounter, error) { - return nil, nil -} - -func (n *noopExpandableVolumePluginInstance) NewUnmounter(name string, podUID types.UID) (Unmounter, error) { - return nil, nil -} - -func (n *noopExpandableVolumePluginInstance) ConstructVolumeSpec(volumeName, mountPath string) (ReconstructedVolume, error) { - return ReconstructedVolume{Spec: n.spec}, nil -} - -func (n *noopExpandableVolumePluginInstance) SupportsMountOption() bool { - return true -} - -func (n *noopExpandableVolumePluginInstance) SupportsBulkVolumeVerification() bool { - return false -} - -func (n *noopExpandableVolumePluginInstance) RequiresFSResize() bool { - return true -} - -func (n *noopExpandableVolumePluginInstance) SupportsSELinuxContextMount(spec *Spec) (bool, error) { - return false, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/plugins.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/plugins.go deleted file mode 100644 index c0ec12f0c0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/plugins.go +++ /dev/null @@ -1,1104 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "fmt" - "net" - "strings" - "sync" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/klog/v2" - "k8s.io/mount-utils" - "k8s.io/utils/exec" - - authenticationv1 "k8s.io/api/authentication/v1" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/validation" - "k8s.io/client-go/informers" - clientset "k8s.io/client-go/kubernetes" - storagelistersv1 "k8s.io/client-go/listers/storage/v1" - "k8s.io/client-go/tools/cache" - "k8s.io/client-go/tools/record" - cloudprovider "k8s.io/cloud-provider" - proxyutil "k8s.io/kubernetes/pkg/proxy/util" - "k8s.io/kubernetes/pkg/volume/util/hostutil" - "k8s.io/kubernetes/pkg/volume/util/recyclerclient" - "k8s.io/kubernetes/pkg/volume/util/subpath" -) - -type ProbeOperation uint32 -type ProbeEvent struct { - Plugin VolumePlugin // VolumePlugin that was added/updated/removed. if ProbeEvent.Op is 'ProbeRemove', Plugin should be nil - PluginName string - Op ProbeOperation // The operation to the plugin -} - -const ( - // Common parameter which can be specified in StorageClass to specify the desired FSType - // Provisioners SHOULD implement support for this if they are block device based - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Default value depends on the provisioner - VolumeParameterFSType = "fstype" - - ProbeAddOrUpdate ProbeOperation = 1 << iota - ProbeRemove -) - -// VolumeOptions contains option information about a volume. -type VolumeOptions struct { - // The attributes below are required by volume.Provisioner - // TODO: refactor all of this out of volumes when an admin can configure - // many kinds of provisioners. - - // Reclamation policy for a persistent volume - PersistentVolumeReclaimPolicy v1.PersistentVolumeReclaimPolicy - // Mount options for a persistent volume - MountOptions []string - // Suggested PV.Name of the PersistentVolume to provision. - // This is a generated name guaranteed to be unique in Kubernetes cluster. - // If you choose not to use it as volume name, ensure uniqueness by either - // combining it with your value or create unique values of your own. - PVName string - // PVC is reference to the claim that lead to provisioning of a new PV. - // Provisioners *must* create a PV that would be matched by this PVC, - // i.e. with required capacity, accessMode, labels matching PVC.Selector and - // so on. - PVC *v1.PersistentVolumeClaim - // Unique name of Kubernetes cluster. - ClusterName string - // Tags to attach to the real volume in the cloud provider - e.g. AWS EBS - CloudTags *map[string]string - // Volume provisioning parameters from StorageClass - Parameters map[string]string -} - -// NodeResizeOptions contain options to be passed for node expansion. -type NodeResizeOptions struct { - VolumeSpec *Spec - - // DevicePath - location of actual device on the node. In case of CSI - // this just could be volumeID - DevicePath string - - // DeviceMountPath location where device is mounted on the node. If volume type - // is attachable - this would be global mount path otherwise - // it would be location where volume was mounted for the pod - DeviceMountPath string - - // DeviceStagingPath stores location where the volume is staged - DeviceStagePath string - - NewSize resource.Quantity - OldSize resource.Quantity -} - -type DynamicPluginProber interface { - Init() error - - // aggregates events for successful drivers and errors for failed drivers - Probe() (events []ProbeEvent, err error) -} - -// VolumePlugin is an interface to volume plugins that can be used on a -// kubernetes node (e.g. by kubelet) to instantiate and manage volumes. -type VolumePlugin interface { - // Init initializes the plugin. This will be called exactly once - // before any New* calls are made - implementations of plugins may - // depend on this. - Init(host VolumeHost) error - - // Name returns the plugin's name. Plugins must use namespaced names - // such as "example.com/volume" and contain exactly one '/' character. - // The "kubernetes.io" namespace is reserved for plugins which are - // bundled with kubernetes. - GetPluginName() string - - // GetVolumeName returns the name/ID to uniquely identifying the actual - // backing device, directory, path, etc. referenced by the specified volume - // spec. - // For Attachable volumes, this value must be able to be passed back to - // volume Detach methods to identify the device to act on. - // If the plugin does not support the given spec, this returns an error. - GetVolumeName(spec *Spec) (string, error) - - // CanSupport tests whether the plugin supports a given volume - // specification from the API. The spec pointer should be considered - // const. - CanSupport(spec *Spec) bool - - // RequiresRemount returns true if this plugin requires mount calls to be - // reexecuted. Atomically updating volumes, like Downward API, depend on - // this to update the contents of the volume. - RequiresRemount(spec *Spec) bool - - // NewMounter creates a new volume.Mounter from an API specification. - // Ownership of the spec pointer in *not* transferred. - // - spec: The v1.Volume spec - // - pod: The enclosing pod - NewMounter(spec *Spec, podRef *v1.Pod, opts VolumeOptions) (Mounter, error) - - // NewUnmounter creates a new volume.Unmounter from recoverable state. - // - name: The volume name, as per the v1.Volume spec. - // - podUID: The UID of the enclosing pod - NewUnmounter(name string, podUID types.UID) (Unmounter, error) - - // ConstructVolumeSpec constructs a volume spec based on the given volume name - // and volumePath. The spec may have incomplete information due to limited - // information from input. This function is used by volume manager to reconstruct - // volume spec by reading the volume directories from disk - ConstructVolumeSpec(volumeName, volumePath string) (ReconstructedVolume, error) - - // SupportsMountOption returns true if volume plugins supports Mount options - // Specifying mount options in a volume plugin that doesn't support - // user specified mount options will result in error creating persistent volumes - SupportsMountOption() bool - - // SupportsBulkVolumeVerification checks if volume plugin type is capable - // of enabling bulk polling of all nodes. This can speed up verification of - // attached volumes by quite a bit, but underlying pluging must support it. - SupportsBulkVolumeVerification() bool - - // SupportsSELinuxContextMount returns true if volume plugins supports - // mount -o context=XYZ for a given volume. - SupportsSELinuxContextMount(spec *Spec) (bool, error) -} - -// PersistentVolumePlugin is an extended interface of VolumePlugin and is used -// by volumes that want to provide long term persistence of data -type PersistentVolumePlugin interface { - VolumePlugin - // GetAccessModes describes the ways a given volume can be accessed/mounted. - GetAccessModes() []v1.PersistentVolumeAccessMode -} - -// RecyclableVolumePlugin is an extended interface of VolumePlugin and is used -// by persistent volumes that want to be recycled before being made available -// again to new claims -type RecyclableVolumePlugin interface { - VolumePlugin - - // Recycle knows how to reclaim this - // resource after the volume's release from a PersistentVolumeClaim. - // Recycle will use the provided recorder to write any events that might be - // interesting to user. It's expected that caller will pass these events to - // the PV being recycled. - Recycle(pvName string, spec *Spec, eventRecorder recyclerclient.RecycleEventRecorder) error -} - -// DeletableVolumePlugin is an extended interface of VolumePlugin and is used -// by persistent volumes that want to be deleted from the cluster after their -// release from a PersistentVolumeClaim. -type DeletableVolumePlugin interface { - VolumePlugin - // NewDeleter creates a new volume.Deleter which knows how to delete this - // resource in accordance with the underlying storage provider after the - // volume's release from a claim - NewDeleter(spec *Spec) (Deleter, error) -} - -// ProvisionableVolumePlugin is an extended interface of VolumePlugin and is -// used to create volumes for the cluster. -type ProvisionableVolumePlugin interface { - VolumePlugin - // NewProvisioner creates a new volume.Provisioner which knows how to - // create PersistentVolumes in accordance with the plugin's underlying - // storage provider - NewProvisioner(options VolumeOptions) (Provisioner, error) -} - -// AttachableVolumePlugin is an extended interface of VolumePlugin and is used for volumes that require attachment -// to a node before mounting. -type AttachableVolumePlugin interface { - DeviceMountableVolumePlugin - NewAttacher() (Attacher, error) - NewDetacher() (Detacher, error) - // CanAttach tests if provided volume spec is attachable - CanAttach(spec *Spec) (bool, error) -} - -// DeviceMountableVolumePlugin is an extended interface of VolumePlugin and is used -// for volumes that requires mount device to a node before binding to volume to pod. -type DeviceMountableVolumePlugin interface { - VolumePlugin - NewDeviceMounter() (DeviceMounter, error) - NewDeviceUnmounter() (DeviceUnmounter, error) - GetDeviceMountRefs(deviceMountPath string) ([]string, error) - // CanDeviceMount determines if device in volume.Spec is mountable - CanDeviceMount(spec *Spec) (bool, error) -} - -// ExpandableVolumePlugin is an extended interface of VolumePlugin and is used for volumes that can be -// expanded via control-plane ExpandVolumeDevice call. -type ExpandableVolumePlugin interface { - VolumePlugin - ExpandVolumeDevice(spec *Spec, newSize resource.Quantity, oldSize resource.Quantity) (resource.Quantity, error) - RequiresFSResize() bool -} - -// NodeExpandableVolumePlugin is an expanded interface of VolumePlugin and is used for volumes that -// require expansion on the node via NodeExpand call. -type NodeExpandableVolumePlugin interface { - VolumePlugin - RequiresFSResize() bool - // NodeExpand expands volume on given deviceMountPath and returns true if resize is successful. - NodeExpand(resizeOptions NodeResizeOptions) (bool, error) -} - -// VolumePluginWithAttachLimits is an extended interface of VolumePlugin that restricts number of -// volumes that can be attached to a node. -type VolumePluginWithAttachLimits interface { - VolumePlugin - // Return maximum number of volumes that can be attached to a node for this plugin. - // The key must be same as string returned by VolumeLimitKey function. The returned - // map may look like: - // - { "storage-limits-aws-ebs": 39 } - // - { "storage-limits-gce-pd": 10 } - // A volume plugin may return error from this function - if it can not be used on a given node or not - // applicable in given environment (where environment could be cloudprovider or any other dependency) - // For example - calling this function for EBS volume plugin on a GCE node should - // result in error. - // The returned values are stored in node allocatable property and will be used - // by scheduler to determine how many pods with volumes can be scheduled on given node. - GetVolumeLimits() (map[string]int64, error) - // Return volume limit key string to be used in node capacity constraints - // The key must start with prefix storage-limits-. For example: - // - storage-limits-aws-ebs - // - storage-limits-csi-cinder - // The key should respect character limit of ResourceName type - // This function may be called by kubelet or scheduler to identify node allocatable property - // which stores volumes limits. - VolumeLimitKey(spec *Spec) string -} - -// BlockVolumePlugin is an extend interface of VolumePlugin and is used for block volumes support. -type BlockVolumePlugin interface { - VolumePlugin - // NewBlockVolumeMapper creates a new volume.BlockVolumeMapper from an API specification. - // Ownership of the spec pointer in *not* transferred. - // - spec: The v1.Volume spec - // - pod: The enclosing pod - NewBlockVolumeMapper(spec *Spec, podRef *v1.Pod, opts VolumeOptions) (BlockVolumeMapper, error) - // NewBlockVolumeUnmapper creates a new volume.BlockVolumeUnmapper from recoverable state. - // - name: The volume name, as per the v1.Volume spec. - // - podUID: The UID of the enclosing pod - NewBlockVolumeUnmapper(name string, podUID types.UID) (BlockVolumeUnmapper, error) - // ConstructBlockVolumeSpec constructs a volume spec based on the given - // podUID, volume name and a pod device map path. - // The spec may have incomplete information due to limited information - // from input. This function is used by volume manager to reconstruct - // volume spec by reading the volume directories from disk. - ConstructBlockVolumeSpec(podUID types.UID, volumeName, volumePath string) (*Spec, error) -} - -// TODO(#14217) -// As part of the Volume Host refactor we are starting to create Volume Hosts -// for specific hosts. New methods for each specific host can be added here. -// Currently consumers will do type assertions to get the specific type of Volume -// Host; however, the end result should be that specific Volume Hosts are passed -// to the specific functions they are needed in (instead of using a catch-all -// VolumeHost interface) - -// KubeletVolumeHost is a Kubelet specific interface that plugins can use to access the kubelet. -type KubeletVolumeHost interface { - // SetKubeletError lets plugins set an error on the Kubelet runtime status - // that will cause the Kubelet to post NotReady status with the error message provided - SetKubeletError(err error) - - // GetInformerFactory returns the informer factory for CSIDriverLister - GetInformerFactory() informers.SharedInformerFactory - // CSIDriverLister returns the informer lister for the CSIDriver API Object - CSIDriverLister() storagelistersv1.CSIDriverLister - // CSIDriverSynced returns the informer synced for the CSIDriver API Object - CSIDriversSynced() cache.InformerSynced - // WaitForCacheSync is a helper function that waits for cache sync for CSIDriverLister - WaitForCacheSync() error - // Returns hostutil.HostUtils - GetHostUtil() hostutil.HostUtils - // GetHostIDsForPod if the pod uses user namespaces, takes the uid and - // gid inside the container and returns the host UID and GID those are - // mapped to on the host. If containerUID/containerGID is nil, then it - // returns the host UID/GID for ID 0 inside the container. - // If the pod is not using user namespaces, as there is no mapping needed, the - // same containerUID and containerGID params are returned. - GetHostIDsForPod(pod *v1.Pod, containerUID, containerGID *int64) (hostUID, hostGID *int64, err error) -} - -// AttachDetachVolumeHost is a AttachDetach Controller specific interface that plugins can use -// to access methods on the Attach Detach Controller. -type AttachDetachVolumeHost interface { - // CSINodeLister returns the informer lister for the CSINode API Object - CSINodeLister() storagelistersv1.CSINodeLister - - // CSIDriverLister returns the informer lister for the CSIDriver API Object - CSIDriverLister() storagelistersv1.CSIDriverLister - - // VolumeAttachmentLister returns the informer lister for the VolumeAttachment API Object - VolumeAttachmentLister() storagelistersv1.VolumeAttachmentLister - // IsAttachDetachController is an interface marker to strictly tie AttachDetachVolumeHost - // to the attachDetachController - IsAttachDetachController() bool -} - -// VolumeHost is an interface that plugins can use to access the kubelet. -type VolumeHost interface { - // GetPluginDir returns the absolute path to a directory under which - // a given plugin may store data. This directory might not actually - // exist on disk yet. For plugin data that is per-pod, see - // GetPodPluginDir(). - GetPluginDir(pluginName string) string - - // GetVolumeDevicePluginDir returns the absolute path to a directory - // under which a given plugin may store data. - // ex. plugins/kubernetes.io/{PluginName}/{DefaultKubeletVolumeDevicesDirName}/{volumePluginDependentPath}/ - GetVolumeDevicePluginDir(pluginName string) string - - // GetPodsDir returns the absolute path to a directory where all the pods - // information is stored - GetPodsDir() string - - // GetPodVolumeDir returns the absolute path a directory which - // represents the named volume under the named plugin for the given - // pod. If the specified pod does not exist, the result of this call - // might not exist. - GetPodVolumeDir(podUID types.UID, pluginName string, volumeName string) string - - // GetPodPluginDir returns the absolute path to a directory under which - // a given plugin may store data for a given pod. If the specified pod - // does not exist, the result of this call might not exist. This - // directory might not actually exist on disk yet. - GetPodPluginDir(podUID types.UID, pluginName string) string - - // GetPodVolumeDeviceDir returns the absolute path a directory which - // represents the named plugin for the given pod. - // If the specified pod does not exist, the result of this call - // might not exist. - // ex. pods/{podUid}/{DefaultKubeletVolumeDevicesDirName}/{escapeQualifiedPluginName}/ - GetPodVolumeDeviceDir(podUID types.UID, pluginName string) string - - // GetKubeClient returns a client interface - GetKubeClient() clientset.Interface - - // NewWrapperMounter finds an appropriate plugin with which to handle - // the provided spec. This is used to implement volume plugins which - // "wrap" other plugins. For example, the "secret" volume is - // implemented in terms of the "emptyDir" volume. - NewWrapperMounter(volName string, spec Spec, pod *v1.Pod, opts VolumeOptions) (Mounter, error) - - // NewWrapperUnmounter finds an appropriate plugin with which to handle - // the provided spec. See comments on NewWrapperMounter for more - // context. - NewWrapperUnmounter(volName string, spec Spec, podUID types.UID) (Unmounter, error) - - // Get cloud provider from kubelet. - GetCloudProvider() cloudprovider.Interface - - // Get mounter interface. - GetMounter(pluginName string) mount.Interface - - // Returns the hostname of the host kubelet is running on - GetHostName() string - - // Returns host IP or nil in the case of error. - GetHostIP() (net.IP, error) - - // Returns node allocatable. - GetNodeAllocatable() (v1.ResourceList, error) - - // Returns a function that returns a secret. - GetSecretFunc() func(namespace, name string) (*v1.Secret, error) - - // Returns a function that returns a configmap. - GetConfigMapFunc() func(namespace, name string) (*v1.ConfigMap, error) - - GetServiceAccountTokenFunc() func(namespace, name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) - - DeleteServiceAccountTokenFunc() func(podUID types.UID) - - // Returns an interface that should be used to execute any utilities in volume plugins - GetExec(pluginName string) exec.Interface - - // Returns the labels on the node - GetNodeLabels() (map[string]string, error) - - // Returns the name of the node - GetNodeName() types.NodeName - - GetAttachedVolumesFromNodeStatus() (map[v1.UniqueVolumeName]string, error) - - // Returns the event recorder of kubelet. - GetEventRecorder() record.EventRecorder - - // Returns an interface that should be used to execute subpath operations - GetSubpather() subpath.Interface - - // Returns options to pass for proxyutil filtered dialers. - GetFilteredDialOptions() *proxyutil.FilteredDialOptions -} - -// VolumePluginMgr tracks registered plugins. -type VolumePluginMgr struct { - mutex sync.RWMutex - plugins map[string]VolumePlugin - prober DynamicPluginProber - probedPlugins map[string]VolumePlugin - loggedDeprecationWarnings sets.String - Host VolumeHost -} - -// Spec is an internal representation of a volume. All API volume types translate to Spec. -type Spec struct { - Volume *v1.Volume - PersistentVolume *v1.PersistentVolume - ReadOnly bool - InlineVolumeSpecForCSIMigration bool - Migrated bool -} - -// Name returns the name of either Volume or PersistentVolume, one of which must not be nil. -func (spec *Spec) Name() string { - switch { - case spec.Volume != nil: - return spec.Volume.Name - case spec.PersistentVolume != nil: - return spec.PersistentVolume.Name - default: - return "" - } -} - -// IsKubeletExpandable returns true for volume types that can be expanded only by the node -// and not the controller. Currently Flex volume is the only one in this category since -// it is typically not installed on the controller -func (spec *Spec) IsKubeletExpandable() bool { - switch { - case spec.Volume != nil: - return spec.Volume.FlexVolume != nil - case spec.PersistentVolume != nil: - return spec.PersistentVolume.Spec.FlexVolume != nil - default: - return false - } -} - -// KubeletExpandablePluginName creates and returns a name for the plugin -// this is used in context on the controller where the plugin lookup fails -// as volume expansion on controller isn't supported, but a plugin name is -// required -func (spec *Spec) KubeletExpandablePluginName() string { - switch { - case spec.Volume != nil && spec.Volume.FlexVolume != nil: - return spec.Volume.FlexVolume.Driver - case spec.PersistentVolume != nil && spec.PersistentVolume.Spec.FlexVolume != nil: - return spec.PersistentVolume.Spec.FlexVolume.Driver - default: - return "" - } -} - -// VolumeConfig is how volume plugins receive configuration. An instance -// specific to the plugin will be passed to the plugin's -// ProbeVolumePlugins(config) func. Reasonable defaults will be provided by -// the binary hosting the plugins while allowing override of those default -// values. Those config values are then set to an instance of VolumeConfig -// and passed to the plugin. -// -// Values in VolumeConfig are intended to be relevant to several plugins, but -// not necessarily all plugins. The preference is to leverage strong typing -// in this struct. All config items must have a descriptive but non-specific -// name (i.e, RecyclerMinimumTimeout is OK but RecyclerMinimumTimeoutForNFS is -// !OK). An instance of config will be given directly to the plugin, so -// config names specific to plugins are unneeded and wrongly expose plugins in -// this VolumeConfig struct. -// -// OtherAttributes is a map of string values intended for one-off -// configuration of a plugin or config that is only relevant to a single -// plugin. All values are passed by string and require interpretation by the -// plugin. Passing config as strings is the least desirable option but can be -// used for truly one-off configuration. The binary should still use strong -// typing for this value when binding CLI values before they are passed as -// strings in OtherAttributes. -type VolumeConfig struct { - // RecyclerPodTemplate is pod template that understands how to scrub clean - // a persistent volume after its release. The template is used by plugins - // which override specific properties of the pod in accordance with that - // plugin. See NewPersistentVolumeRecyclerPodTemplate for the properties - // that are expected to be overridden. - RecyclerPodTemplate *v1.Pod - - // RecyclerMinimumTimeout is the minimum amount of time in seconds for the - // recycler pod's ActiveDeadlineSeconds attribute. Added to the minimum - // timeout is the increment per Gi of capacity. - RecyclerMinimumTimeout int - - // RecyclerTimeoutIncrement is the number of seconds added to the recycler - // pod's ActiveDeadlineSeconds for each Gi of capacity in the persistent - // volume. Example: 5Gi volume x 30s increment = 150s + 30s minimum = 180s - // ActiveDeadlineSeconds for recycler pod - RecyclerTimeoutIncrement int - - // PVName is name of the PersistentVolume instance that is being recycled. - // It is used to generate unique recycler pod name. - PVName string - - // OtherAttributes stores config as strings. These strings are opaque to - // the system and only understood by the binary hosting the plugin and the - // plugin itself. - OtherAttributes map[string]string - - // ProvisioningEnabled configures whether provisioning of this plugin is - // enabled or not. Currently used only in host_path plugin. - ProvisioningEnabled bool -} - -// ReconstructedVolume contains information about a volume reconstructed by -// ConstructVolumeSpec(). -type ReconstructedVolume struct { - // Spec is the volume spec of a mounted volume - Spec *Spec - // SELinuxMountContext is value of -o context=XYZ mount option. - // If empty, no such mount option is used. - SELinuxMountContext string -} - -// NewSpecFromVolume creates an Spec from an v1.Volume -func NewSpecFromVolume(vs *v1.Volume) *Spec { - return &Spec{ - Volume: vs, - } -} - -// NewSpecFromPersistentVolume creates an Spec from an v1.PersistentVolume -func NewSpecFromPersistentVolume(pv *v1.PersistentVolume, readOnly bool) *Spec { - return &Spec{ - PersistentVolume: pv, - ReadOnly: readOnly, - } -} - -// InitPlugins initializes each plugin. All plugins must have unique names. -// This must be called exactly once before any New* methods are called on any -// plugins. -func (pm *VolumePluginMgr) InitPlugins(plugins []VolumePlugin, prober DynamicPluginProber, host VolumeHost) error { - pm.mutex.Lock() - defer pm.mutex.Unlock() - - pm.Host = host - pm.loggedDeprecationWarnings = sets.NewString() - - if prober == nil { - // Use a dummy prober to prevent nil deference. - pm.prober = &dummyPluginProber{} - } else { - pm.prober = prober - } - if err := pm.prober.Init(); err != nil { - // Prober init failure should not affect the initialization of other plugins. - klog.ErrorS(err, "Error initializing dynamic plugin prober") - pm.prober = &dummyPluginProber{} - } - - if pm.plugins == nil { - pm.plugins = map[string]VolumePlugin{} - } - if pm.probedPlugins == nil { - pm.probedPlugins = map[string]VolumePlugin{} - } - - allErrs := []error{} - for _, plugin := range plugins { - name := plugin.GetPluginName() - if errs := validation.IsQualifiedName(name); len(errs) != 0 { - allErrs = append(allErrs, fmt.Errorf("volume plugin has invalid name: %q: %s", name, strings.Join(errs, ";"))) - continue - } - - if _, found := pm.plugins[name]; found { - allErrs = append(allErrs, fmt.Errorf("volume plugin %q was registered more than once", name)) - continue - } - err := plugin.Init(host) - if err != nil { - klog.ErrorS(err, "Failed to load volume plugin", "pluginName", name) - allErrs = append(allErrs, err) - continue - } - pm.plugins[name] = plugin - klog.V(1).InfoS("Loaded volume plugin", "pluginName", name) - } - return utilerrors.NewAggregate(allErrs) -} - -func (pm *VolumePluginMgr) initProbedPlugin(probedPlugin VolumePlugin) error { - name := probedPlugin.GetPluginName() - if errs := validation.IsQualifiedName(name); len(errs) != 0 { - return fmt.Errorf("volume plugin has invalid name: %q: %s", name, strings.Join(errs, ";")) - } - - err := probedPlugin.Init(pm.Host) - if err != nil { - return fmt.Errorf("failed to load volume plugin %s, error: %s", name, err.Error()) - } - - klog.V(1).InfoS("Loaded volume plugin", "pluginName", name) - return nil -} - -// FindPluginBySpec looks for a plugin that can support a given volume -// specification. If no plugins can support or more than one plugin can -// support it, return error. -func (pm *VolumePluginMgr) FindPluginBySpec(spec *Spec) (VolumePlugin, error) { - pm.mutex.RLock() - defer pm.mutex.RUnlock() - - if spec == nil { - return nil, fmt.Errorf("could not find plugin because volume spec is nil") - } - - var match VolumePlugin - matchedPluginNames := []string{} - for _, v := range pm.plugins { - if v.CanSupport(spec) { - match = v - matchedPluginNames = append(matchedPluginNames, v.GetPluginName()) - } - } - - pm.refreshProbedPlugins() - for _, plugin := range pm.probedPlugins { - if plugin.CanSupport(spec) { - match = plugin - matchedPluginNames = append(matchedPluginNames, plugin.GetPluginName()) - } - } - - if len(matchedPluginNames) == 0 { - return nil, fmt.Errorf("no volume plugin matched") - } - if len(matchedPluginNames) > 1 { - return nil, fmt.Errorf("multiple volume plugins matched: %s", strings.Join(matchedPluginNames, ",")) - } - - return match, nil -} - -// FindPluginByName fetches a plugin by name or by legacy name. If no plugin -// is found, returns error. -func (pm *VolumePluginMgr) FindPluginByName(name string) (VolumePlugin, error) { - pm.mutex.RLock() - defer pm.mutex.RUnlock() - - // Once we can get rid of legacy names we can reduce this to a map lookup. - var match VolumePlugin - if v, found := pm.plugins[name]; found { - match = v - } - - pm.refreshProbedPlugins() - if plugin, found := pm.probedPlugins[name]; found { - if match != nil { - return nil, fmt.Errorf("multiple volume plugins matched: %s and %s", match.GetPluginName(), plugin.GetPluginName()) - } - match = plugin - } - - if match == nil { - return nil, fmt.Errorf("no volume plugin matched name: %s", name) - } - return match, nil -} - -// Check if probedPlugin cache update is required. -// If it is, initialize all probed plugins and replace the cache with them. -func (pm *VolumePluginMgr) refreshProbedPlugins() { - events, err := pm.prober.Probe() - - if err != nil { - klog.ErrorS(err, "Error dynamically probing plugins") - } - - // because the probe function can return a list of valid plugins - // even when an error is present we still must add the plugins - // or they will be skipped because each event only fires once - for _, event := range events { - if event.Op == ProbeAddOrUpdate { - if err := pm.initProbedPlugin(event.Plugin); err != nil { - klog.ErrorS(err, "Error initializing dynamically probed plugin", - "pluginName", event.Plugin.GetPluginName()) - continue - } - pm.probedPlugins[event.Plugin.GetPluginName()] = event.Plugin - } else if event.Op == ProbeRemove { - // Plugin is not available on ProbeRemove event, only PluginName - delete(pm.probedPlugins, event.PluginName) - } else { - klog.ErrorS(nil, "Unknown Operation on PluginName.", - "pluginName", event.Plugin.GetPluginName()) - } - } -} - -// ListVolumePluginWithLimits returns plugins that have volume limits on nodes -func (pm *VolumePluginMgr) ListVolumePluginWithLimits() []VolumePluginWithAttachLimits { - pm.mutex.RLock() - defer pm.mutex.RUnlock() - - matchedPlugins := []VolumePluginWithAttachLimits{} - for _, v := range pm.plugins { - if plugin, ok := v.(VolumePluginWithAttachLimits); ok { - matchedPlugins = append(matchedPlugins, plugin) - } - } - return matchedPlugins -} - -// FindPersistentPluginBySpec looks for a persistent volume plugin that can -// support a given volume specification. If no plugin is found, return an -// error -func (pm *VolumePluginMgr) FindPersistentPluginBySpec(spec *Spec) (PersistentVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, fmt.Errorf("could not find volume plugin for spec: %#v", spec) - } - if persistentVolumePlugin, ok := volumePlugin.(PersistentVolumePlugin); ok { - return persistentVolumePlugin, nil - } - return nil, fmt.Errorf("no persistent volume plugin matched") -} - -// FindVolumePluginWithLimitsBySpec returns volume plugin that has a limit on how many -// of them can be attached to a node -func (pm *VolumePluginMgr) FindVolumePluginWithLimitsBySpec(spec *Spec) (VolumePluginWithAttachLimits, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, fmt.Errorf("could not find volume plugin for spec : %#v", spec) - } - - if limitedPlugin, ok := volumePlugin.(VolumePluginWithAttachLimits); ok { - return limitedPlugin, nil - } - return nil, fmt.Errorf("no plugin with limits found") -} - -// FindPersistentPluginByName fetches a persistent volume plugin by name. If -// no plugin is found, returns error. -func (pm *VolumePluginMgr) FindPersistentPluginByName(name string) (PersistentVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - if persistentVolumePlugin, ok := volumePlugin.(PersistentVolumePlugin); ok { - return persistentVolumePlugin, nil - } - return nil, fmt.Errorf("no persistent volume plugin matched") -} - -// FindRecyclablePluginByName fetches a persistent volume plugin by name. If -// no plugin is found, returns error. -func (pm *VolumePluginMgr) FindRecyclablePluginBySpec(spec *Spec) (RecyclableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, err - } - if recyclableVolumePlugin, ok := volumePlugin.(RecyclableVolumePlugin); ok { - return recyclableVolumePlugin, nil - } - return nil, fmt.Errorf("no recyclable volume plugin matched") -} - -// FindProvisionablePluginByName fetches a persistent volume plugin by name. If -// no plugin is found, returns error. -func (pm *VolumePluginMgr) FindProvisionablePluginByName(name string) (ProvisionableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - if provisionableVolumePlugin, ok := volumePlugin.(ProvisionableVolumePlugin); ok { - return provisionableVolumePlugin, nil - } - return nil, fmt.Errorf("no provisionable volume plugin matched") -} - -// FindDeletablePluginBySpec fetches a persistent volume plugin by spec. If -// no plugin is found, returns error. -func (pm *VolumePluginMgr) FindDeletablePluginBySpec(spec *Spec) (DeletableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, err - } - if deletableVolumePlugin, ok := volumePlugin.(DeletableVolumePlugin); ok { - return deletableVolumePlugin, nil - } - return nil, fmt.Errorf("no deletable volume plugin matched") -} - -// FindDeletablePluginByName fetches a persistent volume plugin by name. If -// no plugin is found, returns error. -func (pm *VolumePluginMgr) FindDeletablePluginByName(name string) (DeletableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - if deletableVolumePlugin, ok := volumePlugin.(DeletableVolumePlugin); ok { - return deletableVolumePlugin, nil - } - return nil, fmt.Errorf("no deletable volume plugin matched") -} - -// FindCreatablePluginBySpec fetches a persistent volume plugin by name. If -// no plugin is found, returns error. -func (pm *VolumePluginMgr) FindCreatablePluginBySpec(spec *Spec) (ProvisionableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, err - } - if provisionableVolumePlugin, ok := volumePlugin.(ProvisionableVolumePlugin); ok { - return provisionableVolumePlugin, nil - } - return nil, fmt.Errorf("no creatable volume plugin matched") -} - -// FindAttachablePluginBySpec fetches a persistent volume plugin by spec. -// Unlike the other "FindPlugin" methods, this does not return error if no -// plugin is found. All volumes require a mounter and unmounter, but not -// every volume will have an attacher/detacher. -func (pm *VolumePluginMgr) FindAttachablePluginBySpec(spec *Spec) (AttachableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, err - } - if attachableVolumePlugin, ok := volumePlugin.(AttachableVolumePlugin); ok { - if canAttach, err := attachableVolumePlugin.CanAttach(spec); err != nil { - return nil, err - } else if canAttach { - return attachableVolumePlugin, nil - } - } - return nil, nil -} - -// FindAttachablePluginByName fetches an attachable volume plugin by name. -// Unlike the other "FindPlugin" methods, this does not return error if no -// plugin is found. All volumes require a mounter and unmounter, but not -// every volume will have an attacher/detacher. -func (pm *VolumePluginMgr) FindAttachablePluginByName(name string) (AttachableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - if attachablePlugin, ok := volumePlugin.(AttachableVolumePlugin); ok { - return attachablePlugin, nil - } - return nil, nil -} - -// FindDeviceMountablePluginBySpec fetches a persistent volume plugin by spec. -func (pm *VolumePluginMgr) FindDeviceMountablePluginBySpec(spec *Spec) (DeviceMountableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, err - } - if deviceMountableVolumePlugin, ok := volumePlugin.(DeviceMountableVolumePlugin); ok { - if canMount, err := deviceMountableVolumePlugin.CanDeviceMount(spec); err != nil { - return nil, err - } else if canMount { - return deviceMountableVolumePlugin, nil - } - } - return nil, nil -} - -// FindDeviceMountablePluginByName fetches a devicemountable volume plugin by name. -func (pm *VolumePluginMgr) FindDeviceMountablePluginByName(name string) (DeviceMountableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - if deviceMountableVolumePlugin, ok := volumePlugin.(DeviceMountableVolumePlugin); ok { - return deviceMountableVolumePlugin, nil - } - return nil, nil -} - -// FindExpandablePluginBySpec fetches a persistent volume plugin by spec. -func (pm *VolumePluginMgr) FindExpandablePluginBySpec(spec *Spec) (ExpandableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - if spec.IsKubeletExpandable() { - // for kubelet expandable volumes, return a noop plugin that - // returns success for expand on the controller - klog.V(4).InfoS("FindExpandablePluginBySpec -> returning noopExpandableVolumePluginInstance", "specName", spec.Name()) - return &noopExpandableVolumePluginInstance{spec}, nil - } - klog.V(4).InfoS("FindExpandablePluginBySpec -> err", "specName", spec.Name(), "err", err) - return nil, err - } - - if expandableVolumePlugin, ok := volumePlugin.(ExpandableVolumePlugin); ok { - return expandableVolumePlugin, nil - } - return nil, nil -} - -// FindExpandablePluginBySpec fetches a persistent volume plugin by name. -func (pm *VolumePluginMgr) FindExpandablePluginByName(name string) (ExpandableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - - if expandableVolumePlugin, ok := volumePlugin.(ExpandableVolumePlugin); ok { - return expandableVolumePlugin, nil - } - return nil, nil -} - -// FindMapperPluginBySpec fetches a block volume plugin by spec. -func (pm *VolumePluginMgr) FindMapperPluginBySpec(spec *Spec) (BlockVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, err - } - - if blockVolumePlugin, ok := volumePlugin.(BlockVolumePlugin); ok { - return blockVolumePlugin, nil - } - return nil, nil -} - -// FindMapperPluginByName fetches a block volume plugin by name. -func (pm *VolumePluginMgr) FindMapperPluginByName(name string) (BlockVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - - if blockVolumePlugin, ok := volumePlugin.(BlockVolumePlugin); ok { - return blockVolumePlugin, nil - } - return nil, nil -} - -// FindNodeExpandablePluginBySpec fetches a persistent volume plugin by spec -func (pm *VolumePluginMgr) FindNodeExpandablePluginBySpec(spec *Spec) (NodeExpandableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginBySpec(spec) - if err != nil { - return nil, err - } - if fsResizablePlugin, ok := volumePlugin.(NodeExpandableVolumePlugin); ok { - return fsResizablePlugin, nil - } - return nil, nil -} - -// FindNodeExpandablePluginByName fetches a persistent volume plugin by name -func (pm *VolumePluginMgr) FindNodeExpandablePluginByName(name string) (NodeExpandableVolumePlugin, error) { - volumePlugin, err := pm.FindPluginByName(name) - if err != nil { - return nil, err - } - - if fsResizablePlugin, ok := volumePlugin.(NodeExpandableVolumePlugin); ok { - return fsResizablePlugin, nil - } - - return nil, nil -} - -func (pm *VolumePluginMgr) Run(stopCh <-chan struct{}) { - kletHost, ok := pm.Host.(KubeletVolumeHost) - if ok { - // start informer for CSIDriver - informerFactory := kletHost.GetInformerFactory() - informerFactory.Start(stopCh) - informerFactory.WaitForCacheSync(stopCh) - } -} - -// NewPersistentVolumeRecyclerPodTemplate creates a template for a recycler -// pod. By default, a recycler pod simply runs "rm -rf" on a volume and tests -// for emptiness. Most attributes of the template will be correct for most -// plugin implementations. The following attributes can be overridden per -// plugin via configuration: -// -// 1. pod.Spec.Volumes[0].VolumeSource must be overridden. Recycler -// implementations without a valid VolumeSource will fail. -// 2. pod.GenerateName helps distinguish recycler pods by name. Recommended. -// Default is "pv-recycler-". -// 3. pod.Spec.ActiveDeadlineSeconds gives the recycler pod a maximum timeout -// before failing. Recommended. Default is 60 seconds. -// -// See HostPath and NFS for working recycler examples -func NewPersistentVolumeRecyclerPodTemplate() *v1.Pod { - timeout := int64(60) - pod := &v1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "pv-recycler-", - Namespace: metav1.NamespaceDefault, - }, - Spec: v1.PodSpec{ - ActiveDeadlineSeconds: &timeout, - RestartPolicy: v1.RestartPolicyNever, - Volumes: []v1.Volume{ - { - Name: "vol", - // IMPORTANT! All plugins using this template MUST - // override pod.Spec.Volumes[0].VolumeSource Recycler - // implementations without a valid VolumeSource will fail. - VolumeSource: v1.VolumeSource{}, - }, - }, - Containers: []v1.Container{ - { - Name: "pv-recycler", - Image: "registry.k8s.io/debian-base:v2.0.0", - Command: []string{"/bin/sh"}, - Args: []string{"-c", "test -e /scrub && rm -rf /scrub/..?* /scrub/.[!.]* /scrub/* && test -z \"$(ls -A /scrub)\" || exit 1"}, - VolumeMounts: []v1.VolumeMount{ - { - Name: "vol", - MountPath: "/scrub", - }, - }, - }, - }, - }, - } - return pod -} - -// Check validity of recycle pod template -// List of checks: -// - at least one volume is defined in the recycle pod template -// If successful, returns nil -// if unsuccessful, returns an error. -func ValidateRecyclerPodTemplate(pod *v1.Pod) error { - if len(pod.Spec.Volumes) < 1 { - return fmt.Errorf("does not contain any volume(s)") - } - return nil -} - -type dummyPluginProber struct{} - -func (*dummyPluginProber) Init() error { return nil } -func (*dummyPluginProber) Probe() ([]ProbeEvent, error) { return nil, nil } diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/atomic_writer.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/atomic_writer.go deleted file mode 100644 index 94428f6ffc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/atomic_writer.go +++ /dev/null @@ -1,468 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "bytes" - "fmt" - "io/ioutil" - "os" - "path" - "path/filepath" - "runtime" - "strings" - "time" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/util/sets" -) - -const ( - maxFileNameLength = 255 - maxPathLength = 4096 -) - -// AtomicWriter handles atomically projecting content for a set of files into -// a target directory. -// -// Note: -// -// 1. AtomicWriter reserves the set of pathnames starting with `..`. -// 2. AtomicWriter offers no concurrency guarantees and must be synchronized -// by the caller. -// -// The visible files in this volume are symlinks to files in the writer's data -// directory. Actual files are stored in a hidden timestamped directory which -// is symlinked to by the data directory. The timestamped directory and -// data directory symlink are created in the writer's target dir.  This scheme -// allows the files to be atomically updated by changing the target of the -// data directory symlink. -// -// Consumers of the target directory can monitor the ..data symlink using -// inotify or fanotify to receive events when the content in the volume is -// updated. -type AtomicWriter struct { - targetDir string - logContext string -} - -// FileProjection contains file Data and access Mode -type FileProjection struct { - Data []byte - Mode int32 - FsUser *int64 -} - -// NewAtomicWriter creates a new AtomicWriter configured to write to the given -// target directory, or returns an error if the target directory does not exist. -func NewAtomicWriter(targetDir string, logContext string) (*AtomicWriter, error) { - _, err := os.Stat(targetDir) - if os.IsNotExist(err) { - return nil, err - } - - return &AtomicWriter{targetDir: targetDir, logContext: logContext}, nil -} - -const ( - dataDirName = "..data" - newDataDirName = "..data_tmp" -) - -// Write does an atomic projection of the given payload into the writer's target -// directory. Input paths must not begin with '..'. -// -// The Write algorithm is: -// -// 1. The payload is validated; if the payload is invalid, the function returns -// 2.  The current timestamped directory is detected by reading the data directory -// symlink -// -// 3. The old version of the volume is walked to determine whether any -// portion of the payload was deleted and is still present on disk. -// -// 4. The data in the current timestamped directory is compared to the projected -// data to determine if an update is required. -// 5.  A new timestamped dir is created -// -// 6. The payload is written to the new timestamped directory -// 7.  A symlink to the new timestamped directory ..data_tmp is created that will -// become the new data directory -// 8.  The new data directory symlink is renamed to the data directory; rename is atomic -// 9.  Symlinks and directory for new user-visible files are created (if needed). -// -// For example, consider the files: -// <target-dir>/podName -// <target-dir>/user/labels -// <target-dir>/k8s/annotations -// -// The user visible files are symbolic links into the internal data directory: -// <target-dir>/podName -> ..data/podName -// <target-dir>/usr -> ..data/usr -// <target-dir>/k8s -> ..data/k8s -// -// The data directory itself is a link to a timestamped directory with -// the real data: -// <target-dir>/..data -> ..2016_02_01_15_04_05.12345678/ -// NOTE(claudiub): We need to create these symlinks AFTER we've finished creating and -// linking everything else. On Windows, if a target does not exist, the created symlink -// will not work properly if the target ends up being a directory. -// -// 10. Old paths are removed from the user-visible portion of the target directory -// 11.  The previous timestamped directory is removed, if it exists -func (w *AtomicWriter) Write(payload map[string]FileProjection) error { - // (1) - cleanPayload, err := validatePayload(payload) - if err != nil { - klog.Errorf("%s: invalid payload: %v", w.logContext, err) - return err - } - - // (2) - dataDirPath := filepath.Join(w.targetDir, dataDirName) - oldTsDir, err := os.Readlink(dataDirPath) - if err != nil { - if !os.IsNotExist(err) { - klog.Errorf("%s: error reading link for data directory: %v", w.logContext, err) - return err - } - // although Readlink() returns "" on err, don't be fragile by relying on it (since it's not specified in docs) - // empty oldTsDir indicates that it didn't exist - oldTsDir = "" - } - oldTsPath := filepath.Join(w.targetDir, oldTsDir) - - var pathsToRemove sets.String - // if there was no old version, there's nothing to remove - if len(oldTsDir) != 0 { - // (3) - pathsToRemove, err = w.pathsToRemove(cleanPayload, oldTsPath) - if err != nil { - klog.Errorf("%s: error determining user-visible files to remove: %v", w.logContext, err) - return err - } - - // (4) - if should, err := shouldWritePayload(cleanPayload, oldTsPath); err != nil { - klog.Errorf("%s: error determining whether payload should be written to disk: %v", w.logContext, err) - return err - } else if !should && len(pathsToRemove) == 0 { - klog.V(4).Infof("%s: no update required for target directory %v", w.logContext, w.targetDir) - return nil - } else { - klog.V(4).Infof("%s: write required for target directory %v", w.logContext, w.targetDir) - } - } - - // (5) - tsDir, err := w.newTimestampDir() - if err != nil { - klog.V(4).Infof("%s: error creating new ts data directory: %v", w.logContext, err) - return err - } - tsDirName := filepath.Base(tsDir) - - // (6) - if err = w.writePayloadToDir(cleanPayload, tsDir); err != nil { - klog.Errorf("%s: error writing payload to ts data directory %s: %v", w.logContext, tsDir, err) - return err - } - klog.V(4).Infof("%s: performed write of new data to ts data directory: %s", w.logContext, tsDir) - - // (7) - newDataDirPath := filepath.Join(w.targetDir, newDataDirName) - if err = os.Symlink(tsDirName, newDataDirPath); err != nil { - os.RemoveAll(tsDir) - klog.Errorf("%s: error creating symbolic link for atomic update: %v", w.logContext, err) - return err - } - - // (8) - if runtime.GOOS == "windows" { - os.Remove(dataDirPath) - err = os.Symlink(tsDirName, dataDirPath) - os.Remove(newDataDirPath) - } else { - err = os.Rename(newDataDirPath, dataDirPath) - } - if err != nil { - os.Remove(newDataDirPath) - os.RemoveAll(tsDir) - klog.Errorf("%s: error renaming symbolic link for data directory %s: %v", w.logContext, newDataDirPath, err) - return err - } - - // (9) - if err = w.createUserVisibleFiles(cleanPayload); err != nil { - klog.Errorf("%s: error creating visible symlinks in %s: %v", w.logContext, w.targetDir, err) - return err - } - - // (10) - if err = w.removeUserVisiblePaths(pathsToRemove); err != nil { - klog.Errorf("%s: error removing old visible symlinks: %v", w.logContext, err) - return err - } - - // (11) - if len(oldTsDir) > 0 { - if err = os.RemoveAll(oldTsPath); err != nil { - klog.Errorf("%s: error removing old data directory %s: %v", w.logContext, oldTsDir, err) - return err - } - } - - return nil -} - -// validatePayload returns an error if any path in the payload returns a copy of the payload with the paths cleaned. -func validatePayload(payload map[string]FileProjection) (map[string]FileProjection, error) { - cleanPayload := make(map[string]FileProjection) - for k, content := range payload { - if err := validatePath(k); err != nil { - return nil, err - } - - cleanPayload[filepath.Clean(k)] = content - } - - return cleanPayload, nil -} - -// validatePath validates a single path, returning an error if the path is -// invalid. paths may not: -// -// 1. be absolute -// 2. contain '..' as an element -// 3. start with '..' -// 4. contain filenames larger than 255 characters -// 5. be longer than 4096 characters -func validatePath(targetPath string) error { - // TODO: somehow unify this with the similar api validation, - // validateVolumeSourcePath; the error semantics are just different enough - // from this that it was time-prohibitive trying to find the right - // refactoring to re-use. - if targetPath == "" { - return fmt.Errorf("invalid path: must not be empty: %q", targetPath) - } - if path.IsAbs(targetPath) { - return fmt.Errorf("invalid path: must be relative path: %s", targetPath) - } - - if len(targetPath) > maxPathLength { - return fmt.Errorf("invalid path: must be less than or equal to %d characters", maxPathLength) - } - - items := strings.Split(targetPath, string(os.PathSeparator)) - for _, item := range items { - if item == ".." { - return fmt.Errorf("invalid path: must not contain '..': %s", targetPath) - } - if len(item) > maxFileNameLength { - return fmt.Errorf("invalid path: filenames must be less than or equal to %d characters", maxFileNameLength) - } - } - if strings.HasPrefix(items[0], "..") && len(items[0]) > 2 { - return fmt.Errorf("invalid path: must not start with '..': %s", targetPath) - } - - return nil -} - -// shouldWritePayload returns whether the payload should be written to disk. -func shouldWritePayload(payload map[string]FileProjection, oldTsDir string) (bool, error) { - for userVisiblePath, fileProjection := range payload { - shouldWrite, err := shouldWriteFile(filepath.Join(oldTsDir, userVisiblePath), fileProjection.Data) - if err != nil { - return false, err - } - - if shouldWrite { - return true, nil - } - } - - return false, nil -} - -// shouldWriteFile returns whether a new version of a file should be written to disk. -func shouldWriteFile(path string, content []byte) (bool, error) { - _, err := os.Lstat(path) - if os.IsNotExist(err) { - return true, nil - } - - contentOnFs, err := ioutil.ReadFile(path) - if err != nil { - return false, err - } - - return !bytes.Equal(content, contentOnFs), nil -} - -// pathsToRemove walks the current version of the data directory and -// determines which paths should be removed (if any) after the payload is -// written to the target directory. -func (w *AtomicWriter) pathsToRemove(payload map[string]FileProjection, oldTsDir string) (sets.String, error) { - paths := sets.NewString() - visitor := func(path string, info os.FileInfo, err error) error { - relativePath := strings.TrimPrefix(path, oldTsDir) - relativePath = strings.TrimPrefix(relativePath, string(os.PathSeparator)) - if relativePath == "" { - return nil - } - - paths.Insert(relativePath) - return nil - } - - err := filepath.Walk(oldTsDir, visitor) - if os.IsNotExist(err) { - return nil, nil - } else if err != nil { - return nil, err - } - klog.V(5).Infof("%s: current paths: %+v", w.targetDir, paths.List()) - - newPaths := sets.NewString() - for file := range payload { - // add all subpaths for the payload to the set of new paths - // to avoid attempting to remove non-empty dirs - for subPath := file; subPath != ""; { - newPaths.Insert(subPath) - subPath, _ = filepath.Split(subPath) - subPath = strings.TrimSuffix(subPath, string(os.PathSeparator)) - } - } - klog.V(5).Infof("%s: new paths: %+v", w.targetDir, newPaths.List()) - - result := paths.Difference(newPaths) - klog.V(5).Infof("%s: paths to remove: %+v", w.targetDir, result) - - return result, nil -} - -// newTimestampDir creates a new timestamp directory -func (w *AtomicWriter) newTimestampDir() (string, error) { - tsDir, err := ioutil.TempDir(w.targetDir, time.Now().UTC().Format("..2006_01_02_15_04_05.")) - if err != nil { - klog.Errorf("%s: unable to create new temp directory: %v", w.logContext, err) - return "", err - } - - // 0755 permissions are needed to allow 'group' and 'other' to recurse the - // directory tree. do a chmod here to ensure that permissions are set correctly - // regardless of the process' umask. - err = os.Chmod(tsDir, 0755) - if err != nil { - klog.Errorf("%s: unable to set mode on new temp directory: %v", w.logContext, err) - return "", err - } - - return tsDir, nil -} - -// writePayloadToDir writes the given payload to the given directory. The -// directory must exist. -func (w *AtomicWriter) writePayloadToDir(payload map[string]FileProjection, dir string) error { - for userVisiblePath, fileProjection := range payload { - content := fileProjection.Data - mode := os.FileMode(fileProjection.Mode) - fullPath := filepath.Join(dir, userVisiblePath) - baseDir, _ := filepath.Split(fullPath) - - if err := os.MkdirAll(baseDir, os.ModePerm); err != nil { - klog.Errorf("%s: unable to create directory %s: %v", w.logContext, baseDir, err) - return err - } - - if err := ioutil.WriteFile(fullPath, content, mode); err != nil { - klog.Errorf("%s: unable to write file %s with mode %v: %v", w.logContext, fullPath, mode, err) - return err - } - // Chmod is needed because ioutil.WriteFile() ends up calling - // open(2) to create the file, so the final mode used is "mode & - // ~umask". But we want to make sure the specified mode is used - // in the file no matter what the umask is. - if err := os.Chmod(fullPath, mode); err != nil { - klog.Errorf("%s: unable to change file %s with mode %v: %v", w.logContext, fullPath, mode, err) - return err - } - - if fileProjection.FsUser == nil { - continue - } - if err := os.Chown(fullPath, int(*fileProjection.FsUser), -1); err != nil { - klog.Errorf("%s: unable to change file %s with owner %v: %v", w.logContext, fullPath, int(*fileProjection.FsUser), err) - return err - } - } - - return nil -} - -// createUserVisibleFiles creates the relative symlinks for all the -// files configured in the payload. If the directory in a file path does not -// exist, it is created. -// -// Viz: -// For files: "bar", "foo/bar", "baz/bar", "foo/baz/blah" -// the following symlinks are created: -// bar -> ..data/bar -// foo -> ..data/foo -// baz -> ..data/baz -func (w *AtomicWriter) createUserVisibleFiles(payload map[string]FileProjection) error { - for userVisiblePath := range payload { - slashpos := strings.Index(userVisiblePath, string(os.PathSeparator)) - if slashpos == -1 { - slashpos = len(userVisiblePath) - } - linkname := userVisiblePath[:slashpos] - _, err := os.Readlink(filepath.Join(w.targetDir, linkname)) - if err != nil && os.IsNotExist(err) { - // The link into the data directory for this path doesn't exist; create it - visibleFile := filepath.Join(w.targetDir, linkname) - dataDirFile := filepath.Join(dataDirName, linkname) - - err = os.Symlink(dataDirFile, visibleFile) - if err != nil { - return err - } - } - } - return nil -} - -// removeUserVisiblePaths removes the set of paths from the user-visible -// portion of the writer's target directory. -func (w *AtomicWriter) removeUserVisiblePaths(paths sets.String) error { - ps := string(os.PathSeparator) - var lasterr error - for p := range paths { - // only remove symlinks from the volume root directory (i.e. items that don't contain '/') - if strings.Contains(p, ps) { - continue - } - if err := os.Remove(filepath.Join(w.targetDir, p)); err != nil { - klog.Errorf("%s: error pruning old user-visible path %s: %v", w.logContext, p, err) - lasterr = err - } - } - - return lasterr -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/attach_limit.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/attach_limit.go deleted file mode 100644 index 943357b653..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/attach_limit.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "crypto/sha1" - "encoding/hex" -) - -// This file is a common place holder for volume limit utility constants -// shared between volume package and scheduler - -const ( - // EBSVolumeLimitKey resource name that will store volume limits for EBS - EBSVolumeLimitKey = "attachable-volumes-aws-ebs" - // EBSNitroLimitRegex finds nitro instance types with different limit than EBS defaults - EBSNitroLimitRegex = "^[cmr]5.*|t3|z1d" - // DefaultMaxEBSVolumes is the limit for volumes attached to an instance. - // Amazon recommends no more than 40; the system root volume uses at least one. - // See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/volume_limits.html#linux-specific-volume-limits - DefaultMaxEBSVolumes = 39 - // DefaultMaxEBSNitroVolumeLimit is default EBS volume limit on m5 and c5 instances - DefaultMaxEBSNitroVolumeLimit = 25 - // AzureVolumeLimitKey stores resource name that will store volume limits for Azure - AzureVolumeLimitKey = "attachable-volumes-azure-disk" - // GCEVolumeLimitKey stores resource name that will store volume limits for GCE node - GCEVolumeLimitKey = "attachable-volumes-gce-pd" - - // CinderVolumeLimitKey contains Volume limit key for Cinder - CinderVolumeLimitKey = "attachable-volumes-cinder" - // DefaultMaxCinderVolumes defines the maximum number of PD Volumes for Cinder - // For Openstack we are keeping this to a high enough value so as depending on backend - // cluster admins can configure it. - DefaultMaxCinderVolumes = 256 - - // CSIAttachLimitPrefix defines prefix used for CSI volumes - CSIAttachLimitPrefix = "attachable-volumes-csi-" - - // ResourceNameLengthLimit stores maximum allowed Length for a ResourceName - ResourceNameLengthLimit = 63 -) - -// GetCSIAttachLimitKey returns limit key used for CSI volumes -func GetCSIAttachLimitKey(driverName string) string { - csiPrefixLength := len(CSIAttachLimitPrefix) - totalkeyLength := csiPrefixLength + len(driverName) - if totalkeyLength >= ResourceNameLengthLimit { - charsFromDriverName := driverName[:23] - hash := sha1.New() - hash.Write([]byte(driverName)) - hashed := hex.EncodeToString(hash.Sum(nil)) - hashed = hashed[:16] - return CSIAttachLimitPrefix + charsFromDriverName + hashed - } - return CSIAttachLimitPrefix + driverName -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util.go deleted file mode 100644 index 4b2fc88546..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util.go +++ /dev/null @@ -1,34 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -// DeviceUtil is a util for common device methods -type DeviceUtil interface { - FindMultipathDeviceForDevice(disk string) string - FindSlaveDevicesOnMultipath(disk string) []string - GetISCSIPortalHostMapForTarget(targetIqn string) (map[string]int, error) - FindDevicesForISCSILun(targetIqn string, lun int) ([]string, error) -} - -type deviceHandler struct { - getIo IoUtil -} - -// NewDeviceHandler Create a new IoHandler implementation -func NewDeviceHandler(io IoUtil) DeviceUtil { - return &deviceHandler{getIo: io} -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util_linux.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util_linux.go deleted file mode 100644 index 66ac77835c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util_linux.go +++ /dev/null @@ -1,301 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "errors" - "fmt" - "net" - "os" - "path/filepath" - "strconv" - "strings" - - "k8s.io/klog/v2" -) - -// FindMultipathDeviceForDevice given a device name like /dev/sdx, find the devicemapper parent -func (handler *deviceHandler) FindMultipathDeviceForDevice(device string) string { - io := handler.getIo - disk, err := findDeviceForPath(device, io) - if err != nil { - return "" - } - sysPath := "/sys/block/" - if dirs, err := io.ReadDir(sysPath); err == nil { - for _, f := range dirs { - name := f.Name() - if strings.HasPrefix(name, "dm-") { - if _, err1 := io.Lstat(sysPath + name + "/slaves/" + disk); err1 == nil { - return "/dev/" + name - } - } - } - } - return "" -} - -// findDeviceForPath Find the underlying disk for a linked path such as /dev/disk/by-path/XXXX or /dev/mapper/XXXX -// will return sdX or hdX etc, if /dev/sdX is passed in then sdX will be returned -func findDeviceForPath(path string, io IoUtil) (string, error) { - devicePath, err := io.EvalSymlinks(path) - if err != nil { - return "", err - } - // if path /dev/hdX split into "", "dev", "hdX" then we will - // return just the last part - parts := strings.Split(devicePath, "/") - if len(parts) == 3 && strings.HasPrefix(parts[1], "dev") { - return parts[2], nil - } - return "", errors.New("Illegal path for device " + devicePath) -} - -// FindSlaveDevicesOnMultipath given a dm name like /dev/dm-1, find all devices -// which are managed by the devicemapper dm-1. -func (handler *deviceHandler) FindSlaveDevicesOnMultipath(dm string) []string { - var devices []string - io := handler.getIo - // Split path /dev/dm-1 into "", "dev", "dm-1" - parts := strings.Split(dm, "/") - if len(parts) != 3 || !strings.HasPrefix(parts[1], "dev") { - return devices - } - disk := parts[2] - slavesPath := filepath.Join("/sys/block/", disk, "/slaves/") - if files, err := io.ReadDir(slavesPath); err == nil { - for _, f := range files { - devices = append(devices, filepath.Join("/dev/", f.Name())) - } - } - return devices -} - -// GetISCSIPortalHostMapForTarget given a target iqn, find all the scsi hosts logged into -// that target. Returns a map of iSCSI portals (string) to SCSI host numbers (integers). -// -// For example: { -// "192.168.30.7:3260": 2, -// "192.168.30.8:3260": 3, -// } -func (handler *deviceHandler) GetISCSIPortalHostMapForTarget(targetIqn string) (map[string]int, error) { - portalHostMap := make(map[string]int) - io := handler.getIo - - // Iterate over all the iSCSI hosts in sysfs - sysPath := "/sys/class/iscsi_host" - hostDirs, err := io.ReadDir(sysPath) - if err != nil { - if os.IsNotExist(err) { - return portalHostMap, nil - } - return nil, err - } - for _, hostDir := range hostDirs { - // iSCSI hosts are always of the format "host%d" - // See drivers/scsi/hosts.c in Linux - hostName := hostDir.Name() - if !strings.HasPrefix(hostName, "host") { - continue - } - hostNumber, err := strconv.Atoi(strings.TrimPrefix(hostName, "host")) - if err != nil { - klog.Errorf("Could not get number from iSCSI host: %s", hostName) - continue - } - - // Iterate over the children of the iscsi_host device - // We are looking for the associated session - devicePath := sysPath + "/" + hostName + "/device" - deviceDirs, err := io.ReadDir(devicePath) - if err != nil { - return nil, err - } - for _, deviceDir := range deviceDirs { - // Skip over files that aren't the session - // Sessions are of the format "session%u" - // See drivers/scsi/scsi_transport_iscsi.c in Linux - sessionName := deviceDir.Name() - if !strings.HasPrefix(sessionName, "session") { - continue - } - - sessionPath := devicePath + "/" + sessionName - - // Read the target name for the iSCSI session - targetNamePath := sessionPath + "/iscsi_session/" + sessionName + "/targetname" - targetName, err := io.ReadFile(targetNamePath) - if err != nil { - klog.Infof("Failed to process session %s, assuming this session is unavailable: %s", sessionName, err) - continue - } - - // Ignore hosts that don't matchthe target we were looking for. - if strings.TrimSpace(string(targetName)) != targetIqn { - continue - } - - // Iterate over the children of the iSCSI session looking - // for the iSCSI connection. - dirs2, err := io.ReadDir(sessionPath) - if err != nil { - klog.Infof("Failed to process session %s, assuming this session is unavailable: %s", sessionName, err) - continue - } - for _, dir2 := range dirs2 { - // Skip over files that aren't the connection - // Connections are of the format "connection%d:%u" - // See drivers/scsi/scsi_transport_iscsi.c in Linux - dirName := dir2.Name() - if !strings.HasPrefix(dirName, "connection") { - continue - } - - connectionPath := sessionPath + "/" + dirName + "/iscsi_connection/" + dirName - - // Read the current and persistent portal information for the connection. - addrPath := connectionPath + "/address" - addr, err := io.ReadFile(addrPath) - if err != nil { - klog.Infof("Failed to process connection %s, assuming this connection is unavailable: %s", dirName, err) - continue - } - - portPath := connectionPath + "/port" - port, err := io.ReadFile(portPath) - if err != nil { - klog.Infof("Failed to process connection %s, assuming this connection is unavailable: %s", dirName, err) - continue - } - - persistentAddrPath := connectionPath + "/persistent_address" - persistentAddr, err := io.ReadFile(persistentAddrPath) - if err != nil { - klog.Infof("Failed to process connection %s, assuming this connection is unavailable: %s", dirName, err) - continue - } - - persistentPortPath := connectionPath + "/persistent_port" - persistentPort, err := io.ReadFile(persistentPortPath) - if err != nil { - klog.Infof("Failed to process connection %s, assuming this connection is unavailable: %s", dirName, err) - continue - } - - // Add entries to the map for both the current and persistent portals - // pointing to the SCSI host for those connections - // JoinHostPort will add `[]` around IPv6 addresses. - portal := net.JoinHostPort(strings.TrimSpace(string(addr)), strings.TrimSpace(string(port))) - portalHostMap[portal] = hostNumber - - persistentPortal := net.JoinHostPort(strings.TrimSpace(string(persistentAddr)), strings.TrimSpace(string(persistentPort))) - portalHostMap[persistentPortal] = hostNumber - } - } - } - - return portalHostMap, nil -} - -// FindDevicesForISCSILun given an iqn, and lun number, find all the devices -// corresponding to that LUN. -func (handler *deviceHandler) FindDevicesForISCSILun(targetIqn string, lun int) ([]string, error) { - devices := make([]string, 0) - io := handler.getIo - - // Iterate over all the iSCSI hosts in sysfs - sysPath := "/sys/class/iscsi_host" - hostDirs, err := io.ReadDir(sysPath) - if err != nil { - return nil, err - } - for _, hostDir := range hostDirs { - // iSCSI hosts are always of the format "host%d" - // See drivers/scsi/hosts.c in Linux - hostName := hostDir.Name() - if !strings.HasPrefix(hostName, "host") { - continue - } - hostNumber, err := strconv.Atoi(strings.TrimPrefix(hostName, "host")) - if err != nil { - klog.Errorf("Could not get number from iSCSI host: %s", hostName) - continue - } - - // Iterate over the children of the iscsi_host device - // We are looking for the associated session - devicePath := sysPath + "/" + hostName + "/device" - deviceDirs, err := io.ReadDir(devicePath) - if err != nil { - return nil, err - } - for _, deviceDir := range deviceDirs { - // Skip over files that aren't the session - // Sessions are of the format "session%u" - // See drivers/scsi/scsi_transport_iscsi.c in Linux - sessionName := deviceDir.Name() - if !strings.HasPrefix(sessionName, "session") { - continue - } - - // Read the target name for the iSCSI session - targetNamePath := devicePath + "/" + sessionName + "/iscsi_session/" + sessionName + "/targetname" - targetName, err := io.ReadFile(targetNamePath) - if err != nil { - return nil, err - } - - // Only if the session matches the target we were looking for, - // add it to the map - if strings.TrimSpace(string(targetName)) != targetIqn { - continue - } - - // The list of block devices on the scsi bus will be in a - // directory called "target%d:%d:%d". - // See drivers/scsi/scsi_scan.c in Linux - // We assume the channel/bus and device/controller are always zero for iSCSI - targetPath := devicePath + "/" + sessionName + fmt.Sprintf("/target%d:0:0", hostNumber) - - // The block device for a given lun will be "%d:%d:%d:%d" -- - // host:channel:bus:LUN - blockDevicePath := targetPath + fmt.Sprintf("/%d:0:0:%d", hostNumber, lun) - - // If the LUN doesn't exist on this bus, continue on - _, err = io.Lstat(blockDevicePath) - if err != nil { - continue - } - - // Read the block directory, there should only be one child -- - // the block device "sd*" - path := blockDevicePath + "/block" - dirs, err := io.ReadDir(path) - if err != nil { - return nil, err - } - if 0 < len(dirs) { - devices = append(devices, dirs[0].Name()) - } - } - } - - return devices, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util_unsupported.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util_unsupported.go deleted file mode 100644 index ea4786aff6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/device_util_unsupported.go +++ /dev/null @@ -1,43 +0,0 @@ -//go:build !linux -// +build !linux - -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -// FindMultipathDeviceForDevice unsupported returns "" -func (handler *deviceHandler) FindMultipathDeviceForDevice(device string) string { - return "" -} - -// FindSlaveDevicesOnMultipath unsupported returns "" -func (handler *deviceHandler) FindSlaveDevicesOnMultipath(disk string) []string { - out := []string{} - return out -} - -// GetISCSIPortalHostMapForTarget unsupported returns nil -func (handler *deviceHandler) GetISCSIPortalHostMapForTarget(targetIqn string) (map[string]int, error) { - portalHostMap := make(map[string]int) - return portalHostMap, nil -} - -// FindDevicesForISCSILun unsupported returns nil -func (handler *deviceHandler) FindDevicesForISCSILun(targetIqn string, lun int) ([]string, error) { - devices := []string{} - return devices, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/doc.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/doc.go deleted file mode 100644 index b32dae216e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package util contains utility code for use by volume plugins. -package util // import "k8s.io/kubernetes/pkg/volume/util" diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/finalizer.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/finalizer.go deleted file mode 100644 index e1fdf5673c..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/finalizer.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -const ( - // PVCProtectionFinalizer is the name of finalizer on PVCs that have a running pod. - PVCProtectionFinalizer = "kubernetes.io/pvc-protection" - - // PVProtectionFinalizer is the name of finalizer on PVs that are bound by PVCs - PVProtectionFinalizer = "kubernetes.io/pv-protection" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs.go deleted file mode 100644 index 64301fd5de..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs.go +++ /dev/null @@ -1,148 +0,0 @@ -//go:build linux || darwin -// +build linux darwin - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fs - -import ( - "fmt" - "os" - "path/filepath" - "syscall" - "time" - - "golang.org/x/sys/unix" - - servermetrics "k8s.io/kubernetes/pkg/kubelet/server/metrics" - "k8s.io/kubernetes/pkg/volume/util/fsquota" -) - -type UsageInfo struct { - Bytes int64 - Inodes int64 -} - -// Info linux returns (available bytes, byte capacity, byte usage, total inodes, inodes free, inode usage, error) -// for the filesystem that path resides upon. -func Info(path string) (int64, int64, int64, int64, int64, int64, error) { - statfs := &unix.Statfs_t{} - err := unix.Statfs(path, statfs) - if err != nil { - return 0, 0, 0, 0, 0, 0, err - } - - // Available is blocks available * fragment size - available := int64(statfs.Bavail) * int64(statfs.Bsize) - - // Capacity is total block count * fragment size - capacity := int64(statfs.Blocks) * int64(statfs.Bsize) - - // Usage is block being used * fragment size (aka block size). - usage := (int64(statfs.Blocks) - int64(statfs.Bfree)) * int64(statfs.Bsize) - - inodes := int64(statfs.Files) - inodesFree := int64(statfs.Ffree) - inodesUsed := inodes - inodesFree - - return available, capacity, usage, inodes, inodesFree, inodesUsed, nil -} - -// DiskUsage calculates the number of inodes and disk usage for a given directory -func DiskUsage(path string) (UsageInfo, error) { - var usage UsageInfo - - if path == "" { - return usage, fmt.Errorf("invalid directory") - } - - // First check whether the quota system knows about this directory - // A nil quantity or error means that the path does not support quotas - // or xfs_quota tool is missing and we should use other mechanisms. - startTime := time.Now() - consumption, _ := fsquota.GetConsumption(path) - if consumption != nil { - usage.Bytes = consumption.Value() - defer servermetrics.CollectVolumeStatCalDuration("fsquota", startTime) - } else { - defer servermetrics.CollectVolumeStatCalDuration("du", startTime) - } - - inodes, _ := fsquota.GetInodes(path) - if inodes != nil { - usage.Inodes = inodes.Value() - } - - if inodes != nil && consumption != nil { - return usage, nil - } - - topLevelStat := &unix.Stat_t{} - err := unix.Stat(path, topLevelStat) - if err != nil { - return usage, err - } - - // dedupedInode stores inodes that could be duplicates (nlink > 1) - dedupedInodes := make(map[uint64]struct{}) - - err = filepath.Walk(path, func(path string, info os.FileInfo, err error) error { - // ignore files that have been deleted after directory was read - if os.IsNotExist(err) { - return nil - } - if err != nil { - return fmt.Errorf("unable to count inodes for %s: %s", path, err) - } - - // according to the docs, Sys can be nil - if info.Sys() == nil { - return fmt.Errorf("fileinfo Sys is nil") - } - - s, ok := info.Sys().(*syscall.Stat_t) - if !ok { - return fmt.Errorf("unsupported fileinfo; could not convert to stat_t") - } - - if s.Dev != topLevelStat.Dev { - // don't descend into directories on other devices - return filepath.SkipDir - } - - // Dedupe hardlinks - if s.Nlink > 1 { - if _, ok := dedupedInodes[s.Ino]; !ok { - dedupedInodes[s.Ino] = struct{}{} - } else { - return nil - } - } - - if consumption == nil { - usage.Bytes += int64(s.Blocks) * int64(512) // blocksize in bytes - } - - if inodes == nil { - usage.Inodes++ - } - - return nil - }) - - return usage, err -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs_unsupported.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs_unsupported.go deleted file mode 100644 index f66df0d066..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs_unsupported.go +++ /dev/null @@ -1,40 +0,0 @@ -//go:build !linux && !darwin && !windows -// +build !linux,!darwin,!windows - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fs - -import ( - "fmt" -) - -type UsageInfo struct { - Bytes int64 - Inodes int64 -} - -// Info unsupported returns 0 values for available and capacity and an error. -func Info(path string) (int64, int64, int64, int64, int64, int64, error) { - return 0, 0, 0, 0, 0, 0, fmt.Errorf("fsinfo not supported for this build") -} - -// DiskUsage gets disk usage of specified path. -func DiskUsage(path string) (UsageInfo, error) { - var usage UsageInfo - return usage, fmt.Errorf("directory disk usage not supported for this build.") -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs_windows.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs_windows.go deleted file mode 100644 index 6e138514a6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fs/fs_windows.go +++ /dev/null @@ -1,117 +0,0 @@ -//go:build windows -// +build windows - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fs - -import ( - "os" - "path/filepath" - "syscall" - "unsafe" - - "golang.org/x/sys/windows" -) - -var ( - modkernel32 = windows.NewLazySystemDLL("kernel32.dll") - procGetDiskFreeSpaceEx = modkernel32.NewProc("GetDiskFreeSpaceExW") -) - -type UsageInfo struct { - Bytes int64 - Inodes int64 -} - -// Info returns (available bytes, byte capacity, byte usage, total inodes, inodes free, inode usage, error) -// for the filesystem that path resides upon. -func Info(path string) (int64, int64, int64, int64, int64, int64, error) { - var freeBytesAvailable, totalNumberOfBytes, totalNumberOfFreeBytes int64 - var err error - - // The equivalent linux call supports calls against files but the syscall for windows - // fails for files with error code: The directory name is invalid. (#99173) - // https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499- - // By always ensuring the directory path we meet all uses cases of this function - path = filepath.Dir(path) - ret, _, err := syscall.Syscall6( - procGetDiskFreeSpaceEx.Addr(), - 4, - uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(path))), - uintptr(unsafe.Pointer(&freeBytesAvailable)), - uintptr(unsafe.Pointer(&totalNumberOfBytes)), - uintptr(unsafe.Pointer(&totalNumberOfFreeBytes)), - 0, - 0, - ) - if ret == 0 { - return 0, 0, 0, 0, 0, 0, err - } - - return freeBytesAvailable, totalNumberOfBytes, totalNumberOfBytes - freeBytesAvailable, 0, 0, 0, nil -} - -// DiskUsage gets disk usage of specified path. -func DiskUsage(path string) (UsageInfo, error) { - var usage UsageInfo - info, err := os.Lstat(path) - if err != nil { - return usage, err - } - - usage.Bytes, err = diskUsage(path, info) - return usage, err -} - -func diskUsage(currPath string, info os.FileInfo) (int64, error) { - var size int64 - - if info.Mode()&os.ModeSymlink != 0 { - return size, nil - } - - size += info.Size() - - if !info.IsDir() { - return size, nil - } - - dir, err := os.Open(currPath) - if err != nil { - return size, err - } - defer dir.Close() - - files, err := dir.Readdir(-1) - if err != nil { - return size, err - } - - for _, file := range files { - if file.IsDir() { - s, err := diskUsage(filepath.Join(currPath, file.Name()), file) - if err != nil { - return size, err - } - size += s - } else { - size += file.Size() - } - } - return size, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go deleted file mode 100644 index 8275a7f1c8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common.go +++ /dev/null @@ -1,101 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package common - -import ( - "regexp" -) - -// QuotaID is generic quota identifier. -// Data type based on quotactl(2). -type QuotaID int32 - -const ( - // UnknownQuotaID -- cannot determine whether a quota is in force - UnknownQuotaID QuotaID = -1 - // BadQuotaID -- Invalid quota - BadQuotaID QuotaID = 0 -) - -// QuotaType -- type of quota to be applied -type QuotaType int - -const ( - // FSQuotaAccounting for quotas for accounting only - FSQuotaAccounting QuotaType = 1 << iota - // FSQuotaEnforcing for quotas for enforcement - FSQuotaEnforcing QuotaType = 1 << iota -) - -// FirstQuota is the quota ID we start with. -// XXXXXXX Need a better way of doing this... -var FirstQuota QuotaID = 1048577 - -// MountsFile is the location of the system mount data -var MountsFile = "/proc/self/mounts" - -// MountParseRegexp parses out /proc/sys/self/mounts -var MountParseRegexp = regexp.MustCompilePOSIX("^([^ ]*)[ \t]*([^ ]*)[ \t]*([^ ]*)") // Ignore options etc. - -// LinuxVolumeQuotaProvider returns an appropriate quota applier -// object if we can support quotas on this device -type LinuxVolumeQuotaProvider interface { - // GetQuotaApplier retrieves an object that can apply - // quotas (or nil if this provider cannot support quotas - // on the device) - GetQuotaApplier(mountpoint string, backingDev string) LinuxVolumeQuotaApplier -} - -// LinuxVolumeQuotaApplier is a generic interface to any quota -// mechanism supported by Linux -type LinuxVolumeQuotaApplier interface { - // GetQuotaOnDir gets the quota ID (if any) that applies to - // this directory - GetQuotaOnDir(path string) (QuotaID, error) - - // SetQuotaOnDir applies the specified quota ID to a directory. - // Negative value for bytes means that a non-enforcing quota - // should be applied (perhaps by setting a quota too large to - // be hit) - SetQuotaOnDir(path string, id QuotaID, bytes int64) error - - // QuotaIDIsInUse determines whether the quota ID is in use. - // Implementations should not check /etc/project or /etc/projid, - // only whether their underlying mechanism already has the ID in - // use. - // Return value of false with no error means that the ID is not - // in use; true means that it is already in use. An error - // return means that any quota ID will fail. - QuotaIDIsInUse(id QuotaID) (bool, error) - - // GetConsumption returns the consumption (in bytes) of the - // directory, determined by the implementation's quota-based - // mechanism. If it is unable to do so using that mechanism, - // it should return an error and allow higher layers to - // enumerate the directory. - GetConsumption(path string, id QuotaID) (int64, error) - - // GetInodes returns the number of inodes used by the - // directory, determined by the implementation's quota-based - // mechanism. If it is unable to do so using that mechanism, - // it should return an error and allow higher layers to - // enumerate the directory. - GetInodes(path string, id QuotaID) (int64, error) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go deleted file mode 100644 index 7f24ca1cd7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/common/quota_linux_common_impl.go +++ /dev/null @@ -1,287 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package common - -import ( - "bufio" - "fmt" - "io/ioutil" - "os" - "os/exec" - "regexp" - "strconv" - "strings" - "sync" - "syscall" - - "k8s.io/klog/v2" -) - -var quotaCmd string -var quotaCmdInitialized bool -var quotaCmdLock sync.RWMutex - -// If we later get a filesystem that uses project quota semantics other than -// XFS, we'll need to change this. -// Higher levels don't need to know what's inside -type linuxFilesystemType struct { - name string - typeMagic int64 // Filesystem magic number, per statfs(2) - maxQuota int64 - allowEmptyOutput bool // Accept empty output from "quota" command -} - -const ( - bitsPerWord = 32 << (^uint(0) >> 63) // either 32 or 64 -) - -var ( - linuxSupportedFilesystems = []linuxFilesystemType{ - { - name: "XFS", - typeMagic: 0x58465342, - maxQuota: 1<<(bitsPerWord-1) - 1, - allowEmptyOutput: true, // XFS filesystems report nothing if a quota is not present - }, { - name: "ext4fs", - typeMagic: 0xef53, - maxQuota: (1<<(bitsPerWord-1) - 1) & (1<<58 - 1), - allowEmptyOutput: false, // ext4 filesystems always report something even if a quota is not present - }, - } -) - -// VolumeProvider supplies a quota applier to the generic code. -type VolumeProvider struct { -} - -var quotaCmds = []string{"/sbin/xfs_quota", - "/usr/sbin/xfs_quota", - "/bin/xfs_quota"} - -var quotaParseRegexp = regexp.MustCompilePOSIX("^[^ \t]*[ \t]*([0-9]+)") - -var lsattrCmd = "/usr/bin/lsattr" -var lsattrParseRegexp = regexp.MustCompilePOSIX("^ *([0-9]+) [^ ]+ (.*)$") - -// GetQuotaApplier -- does this backing device support quotas that -// can be applied to directories? -func (*VolumeProvider) GetQuotaApplier(mountpoint string, backingDev string) LinuxVolumeQuotaApplier { - for _, fsType := range linuxSupportedFilesystems { - if isFilesystemOfType(mountpoint, backingDev, fsType.typeMagic) { - return linuxVolumeQuotaApplier{mountpoint: mountpoint, - maxQuota: fsType.maxQuota, - allowEmptyOutput: fsType.allowEmptyOutput, - } - } - } - return nil -} - -type linuxVolumeQuotaApplier struct { - mountpoint string - maxQuota int64 - allowEmptyOutput bool -} - -func getXFSQuotaCmd() (string, error) { - quotaCmdLock.Lock() - defer quotaCmdLock.Unlock() - if quotaCmdInitialized { - return quotaCmd, nil - } - for _, program := range quotaCmds { - fileinfo, err := os.Stat(program) - if err == nil && ((fileinfo.Mode().Perm() & (1 << 6)) != 0) { - klog.V(3).Infof("Found xfs_quota program %s", program) - quotaCmd = program - quotaCmdInitialized = true - return quotaCmd, nil - } - } - quotaCmdInitialized = true - return "", fmt.Errorf("no xfs_quota program found") -} - -func doRunXFSQuotaCommand(mountpoint string, mountsFile, command string) (string, error) { - quotaCmd, err := getXFSQuotaCmd() - if err != nil { - return "", err - } - // We're using numeric project IDs directly; no need to scan - // /etc/projects or /etc/projid - klog.V(4).Infof("runXFSQuotaCommand %s -t %s -P/dev/null -D/dev/null -x -f %s -c %s", quotaCmd, mountsFile, mountpoint, command) - cmd := exec.Command(quotaCmd, "-t", mountsFile, "-P/dev/null", "-D/dev/null", "-x", "-f", mountpoint, "-c", command) - - data, err := cmd.Output() - if err != nil { - return "", err - } - klog.V(4).Infof("runXFSQuotaCommand output %q", string(data)) - return string(data), nil -} - -// Extract the mountpoint we care about into a temporary mounts file so that xfs_quota does -// not attempt to scan every mount on the filesystem, which could hang if e. g. -// a stuck NFS mount is present. -// See https://bugzilla.redhat.com/show_bug.cgi?id=237120 for an example -// of the problem that could be caused if this were to happen. -func runXFSQuotaCommand(mountpoint string, command string) (string, error) { - tmpMounts, err := ioutil.TempFile("", "mounts") - if err != nil { - return "", fmt.Errorf("cannot create temporary mount file: %v", err) - } - tmpMountsFileName := tmpMounts.Name() - defer tmpMounts.Close() - defer os.Remove(tmpMountsFileName) - - mounts, err := os.Open(MountsFile) - if err != nil { - return "", fmt.Errorf("cannot open mounts file %s: %v", MountsFile, err) - } - defer mounts.Close() - - scanner := bufio.NewScanner(mounts) - for scanner.Scan() { - match := MountParseRegexp.FindStringSubmatch(scanner.Text()) - if match != nil { - mount := match[2] - if mount == mountpoint { - if _, err := tmpMounts.WriteString(fmt.Sprintf("%s\n", scanner.Text())); err != nil { - return "", fmt.Errorf("cannot write temporary mounts file: %v", err) - } - if err := tmpMounts.Sync(); err != nil { - return "", fmt.Errorf("cannot sync temporary mounts file: %v", err) - } - return doRunXFSQuotaCommand(mountpoint, tmpMountsFileName, command) - } - } - } - return "", fmt.Errorf("cannot run xfs_quota: cannot find mount point %s in %s", mountpoint, MountsFile) -} - -// SupportsQuotas determines whether the filesystem supports quotas. -func SupportsQuotas(mountpoint string, qType QuotaType) (bool, error) { - data, err := runXFSQuotaCommand(mountpoint, "state -p") - if err != nil { - return false, err - } - if qType == FSQuotaEnforcing { - return strings.Contains(data, "Enforcement: ON"), nil - } - return strings.Contains(data, "Accounting: ON"), nil -} - -func isFilesystemOfType(mountpoint string, backingDev string, typeMagic int64) bool { - var buf syscall.Statfs_t - err := syscall.Statfs(mountpoint, &buf) - if err != nil { - klog.Warningf("Warning: Unable to statfs %s: %v", mountpoint, err) - return false - } - if int64(buf.Type) != typeMagic { - return false - } - if answer, _ := SupportsQuotas(mountpoint, FSQuotaAccounting); answer { - return true - } - return false -} - -// GetQuotaOnDir retrieves the quota ID (if any) associated with the specified directory -// If we can't make system calls, all we can say is that we don't know whether -// it has a quota, and higher levels have to make the call. -func (v linuxVolumeQuotaApplier) GetQuotaOnDir(path string) (QuotaID, error) { - cmd := exec.Command(lsattrCmd, "-pd", path) - data, err := cmd.Output() - if err != nil { - return BadQuotaID, fmt.Errorf("cannot run lsattr: %v", err) - } - match := lsattrParseRegexp.FindStringSubmatch(string(data)) - if match == nil { - return BadQuotaID, fmt.Errorf("unable to parse lsattr -pd %s output %s", path, string(data)) - } - if match[2] != path { - return BadQuotaID, fmt.Errorf("mismatch between supplied and returned path (%s != %s)", path, match[2]) - } - projid, err := strconv.ParseInt(match[1], 10, 32) - if err != nil { - return BadQuotaID, fmt.Errorf("unable to parse project ID from %s (%v)", match[1], err) - } - return QuotaID(projid), nil -} - -// SetQuotaOnDir applies a quota to the specified directory under the specified mountpoint. -func (v linuxVolumeQuotaApplier) SetQuotaOnDir(path string, id QuotaID, bytes int64) error { - if bytes < 0 || bytes > v.maxQuota { - bytes = v.maxQuota - } - _, err := runXFSQuotaCommand(v.mountpoint, fmt.Sprintf("limit -p bhard=%v bsoft=%v %v", bytes, bytes, id)) - if err != nil { - return err - } - - _, err = runXFSQuotaCommand(v.mountpoint, fmt.Sprintf("project -s -p %s %v", path, id)) - return err -} - -func getQuantity(mountpoint string, id QuotaID, xfsQuotaArg string, multiplier int64, allowEmptyOutput bool) (int64, error) { - data, err := runXFSQuotaCommand(mountpoint, fmt.Sprintf("quota -p -N -n -v %s %v", xfsQuotaArg, id)) - if err != nil { - return 0, fmt.Errorf("unable to run xfs_quota: %v", err) - } - if data == "" && allowEmptyOutput { - return 0, nil - } - match := quotaParseRegexp.FindStringSubmatch(data) - if match == nil { - return 0, fmt.Errorf("unable to parse quota output '%s'", data) - } - size, err := strconv.ParseInt(match[1], 10, 64) - if err != nil { - return 0, fmt.Errorf("unable to parse data size '%s' from '%s': %v", match[1], data, err) - } - klog.V(4).Infof("getQuantity %s %d %s %d => %d %v", mountpoint, id, xfsQuotaArg, multiplier, size, err) - return size * multiplier, nil -} - -// GetConsumption returns the consumption in bytes if available via quotas -func (v linuxVolumeQuotaApplier) GetConsumption(_ string, id QuotaID) (int64, error) { - return getQuantity(v.mountpoint, id, "-b", 1024, v.allowEmptyOutput) -} - -// GetInodes returns the inodes in use if available via quotas -func (v linuxVolumeQuotaApplier) GetInodes(_ string, id QuotaID) (int64, error) { - return getQuantity(v.mountpoint, id, "-i", 1, v.allowEmptyOutput) -} - -// QuotaIDIsInUse checks whether the specified quota ID is in use on the specified -// filesystem -func (v linuxVolumeQuotaApplier) QuotaIDIsInUse(id QuotaID) (bool, error) { - bytes, err := v.GetConsumption(v.mountpoint, id) - if err != nil { - return false, err - } - if bytes > 0 { - return true, nil - } - inodes, err := v.GetInodes(v.mountpoint, id) - return inodes > 0, err -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go deleted file mode 100644 index 3861f99059..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/project.go +++ /dev/null @@ -1,358 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fsquota - -import ( - "bufio" - "fmt" - "io/ioutil" - "os" - "path/filepath" - "regexp" - "strconv" - "sync" - - "golang.org/x/sys/unix" - "k8s.io/kubernetes/pkg/volume/util/fsquota/common" -) - -var projectsFile = "/etc/projects" -var projidFile = "/etc/projid" - -var projectsParseRegexp = regexp.MustCompilePOSIX("^([[:digit:]]+):(.*)$") -var projidParseRegexp = regexp.MustCompilePOSIX("^([^#][^:]*):([[:digit:]]+)$") - -var quotaIDLock sync.RWMutex - -const maxUnusedQuotasToSearch = 128 // Don't go into an infinite loop searching for an unused quota - -type projectType struct { - isValid bool // False if we need to remove this line - id common.QuotaID - data string // Project name (projid) or directory (projects) - line string -} - -type projectsList struct { - projects []projectType - projid []projectType -} - -func projFilesAreOK() error { - if sf, err := os.Lstat(projectsFile); err != nil || sf.Mode().IsRegular() { - if sf, err := os.Lstat(projidFile); err != nil || sf.Mode().IsRegular() { - return nil - } - return fmt.Errorf("%s exists but is not a plain file, cannot continue", projidFile) - } - return fmt.Errorf("%s exists but is not a plain file, cannot continue", projectsFile) -} - -func lockFile(file *os.File) error { - return unix.Flock(int(file.Fd()), unix.LOCK_EX) -} - -func unlockFile(file *os.File) error { - return unix.Flock(int(file.Fd()), unix.LOCK_UN) -} - -// openAndLockProjectFiles opens /etc/projects and /etc/projid locked. -// Creates them if they don't exist -func openAndLockProjectFiles() (*os.File, *os.File, error) { - // Make sure neither project-related file is a symlink! - if err := projFilesAreOK(); err != nil { - return nil, nil, fmt.Errorf("system project files failed verification: %v", err) - } - // We don't actually modify the original files; we create temporaries and - // move them over the originals - fProjects, err := os.OpenFile(projectsFile, os.O_RDONLY|os.O_CREATE, 0644) - if err != nil { - err = fmt.Errorf("unable to open %s: %v", projectsFile, err) - return nil, nil, err - } - fProjid, err := os.OpenFile(projidFile, os.O_RDONLY|os.O_CREATE, 0644) - if err == nil { - // Check once more, to ensure nothing got changed out from under us - if err = projFilesAreOK(); err == nil { - err = lockFile(fProjects) - if err == nil { - err = lockFile(fProjid) - if err == nil { - return fProjects, fProjid, nil - } - // Nothing useful we can do if we get an error here - err = fmt.Errorf("unable to lock %s: %v", projidFile, err) - unlockFile(fProjects) - } else { - err = fmt.Errorf("unable to lock %s: %v", projectsFile, err) - } - } else { - err = fmt.Errorf("system project files failed re-verification: %v", err) - } - fProjid.Close() - } else { - err = fmt.Errorf("unable to open %s: %v", projidFile, err) - } - fProjects.Close() - return nil, nil, err -} - -func closeProjectFiles(fProjects *os.File, fProjid *os.File) error { - // Nothing useful we can do if either of these fail, - // but we have to close (and thereby unlock) the files anyway. - var err error - var err1 error - if fProjid != nil { - err = fProjid.Close() - } - if fProjects != nil { - err1 = fProjects.Close() - } - if err == nil { - return err1 - } - return err -} - -func parseProject(l string) projectType { - if match := projectsParseRegexp.FindStringSubmatch(l); match != nil { - i, err := strconv.Atoi(match[1]) - if err == nil { - return projectType{true, common.QuotaID(i), match[2], l} - } - } - return projectType{true, common.BadQuotaID, "", l} -} - -func parseProjid(l string) projectType { - if match := projidParseRegexp.FindStringSubmatch(l); match != nil { - i, err := strconv.Atoi(match[2]) - if err == nil { - return projectType{true, common.QuotaID(i), match[1], l} - } - } - return projectType{true, common.BadQuotaID, "", l} -} - -func parseProjFile(f *os.File, parser func(l string) projectType) []projectType { - var answer []projectType - scanner := bufio.NewScanner(f) - for scanner.Scan() { - answer = append(answer, parser(scanner.Text())) - } - return answer -} - -func readProjectFiles(projects *os.File, projid *os.File) projectsList { - return projectsList{parseProjFile(projects, parseProject), parseProjFile(projid, parseProjid)} -} - -func findAvailableQuota(path string, idMap map[common.QuotaID]bool) (common.QuotaID, error) { - unusedQuotasSearched := 0 - for id := common.FirstQuota; true; id++ { - if _, ok := idMap[id]; !ok { - isInUse, err := getApplier(path).QuotaIDIsInUse(id) - if err != nil { - return common.BadQuotaID, err - } else if !isInUse { - return id, nil - } - unusedQuotasSearched++ - if unusedQuotasSearched > maxUnusedQuotasToSearch { - break - } - } - } - return common.BadQuotaID, fmt.Errorf("cannot find available quota ID") -} - -func addDirToProject(path string, id common.QuotaID, list *projectsList) (common.QuotaID, bool, error) { - idMap := make(map[common.QuotaID]bool) - for _, project := range list.projects { - if project.data == path { - if id != project.id { - return common.BadQuotaID, false, fmt.Errorf("attempt to reassign project ID for %s", path) - } - // Trying to reassign a directory to the project it's - // already in. Maybe this should be an error, but for - // now treat it as an idempotent operation - return id, false, nil - } - idMap[project.id] = true - } - var needToAddProjid = true - for _, projid := range list.projid { - idMap[projid.id] = true - if projid.id == id && id != common.BadQuotaID { - needToAddProjid = false - } - } - var err error - if id == common.BadQuotaID { - id, err = findAvailableQuota(path, idMap) - if err != nil { - return common.BadQuotaID, false, err - } - needToAddProjid = true - } - if needToAddProjid { - name := fmt.Sprintf("volume%v", id) - line := fmt.Sprintf("%s:%v", name, id) - list.projid = append(list.projid, projectType{true, id, name, line}) - } - line := fmt.Sprintf("%v:%s", id, path) - list.projects = append(list.projects, projectType{true, id, path, line}) - return id, needToAddProjid, nil -} - -func removeDirFromProject(path string, id common.QuotaID, list *projectsList) (bool, error) { - if id == common.BadQuotaID { - return false, fmt.Errorf("attempt to remove invalid quota ID from %s", path) - } - foundAt := -1 - countByID := make(map[common.QuotaID]int) - for i, project := range list.projects { - if project.data == path { - if id != project.id { - return false, fmt.Errorf("attempting to remove quota ID %v from path %s, but expecting ID %v", id, path, project.id) - } else if foundAt != -1 { - return false, fmt.Errorf("found multiple quota IDs for path %s", path) - } - // Faster and easier than deleting an element - list.projects[i].isValid = false - foundAt = i - } - countByID[project.id]++ - } - if foundAt == -1 { - return false, fmt.Errorf("cannot find quota associated with path %s", path) - } - if countByID[id] <= 1 { - // Removing the last entry means that we're no longer using - // the quota ID, so remove that as well - for i, projid := range list.projid { - if projid.id == id { - list.projid[i].isValid = false - } - } - return true, nil - } - return false, nil -} - -func writeProjectFile(base *os.File, projects []projectType) (string, error) { - oname := base.Name() - stat, err := base.Stat() - if err != nil { - return "", err - } - mode := stat.Mode() & os.ModePerm - f, err := ioutil.TempFile(filepath.Dir(oname), filepath.Base(oname)) - if err != nil { - return "", err - } - filename := f.Name() - if err := os.Chmod(filename, mode); err != nil { - return "", err - } - for _, proj := range projects { - if proj.isValid { - if _, err := f.WriteString(fmt.Sprintf("%s\n", proj.line)); err != nil { - f.Close() - os.Remove(filename) - return "", err - } - } - } - if err := f.Close(); err != nil { - os.Remove(filename) - return "", err - } - return filename, nil -} - -func writeProjectFiles(fProjects *os.File, fProjid *os.File, writeProjid bool, list projectsList) error { - tmpProjects, err := writeProjectFile(fProjects, list.projects) - if err == nil { - // Ensure that both files are written before we try to rename either. - if writeProjid { - tmpProjid, err := writeProjectFile(fProjid, list.projid) - if err == nil { - err = os.Rename(tmpProjid, fProjid.Name()) - if err != nil { - os.Remove(tmpProjid) - } - } - } - if err == nil { - err = os.Rename(tmpProjects, fProjects.Name()) - if err == nil { - return nil - } - // We're in a bit of trouble here; at this - // point we've successfully renamed tmpProjid - // to the real thing, but renaming tmpProject - // to the real file failed. There's not much we - // can do in this position. Anything we could do - // to try to undo it would itself be likely to fail. - } - os.Remove(tmpProjects) - } - return fmt.Errorf("unable to write project files: %v", err) -} - -func createProjectID(path string, ID common.QuotaID) (common.QuotaID, error) { - quotaIDLock.Lock() - defer quotaIDLock.Unlock() - fProjects, fProjid, err := openAndLockProjectFiles() - if err == nil { - defer closeProjectFiles(fProjects, fProjid) - list := readProjectFiles(fProjects, fProjid) - var writeProjid bool - ID, writeProjid, err = addDirToProject(path, ID, &list) - if err == nil && ID != common.BadQuotaID { - if err = writeProjectFiles(fProjects, fProjid, writeProjid, list); err == nil { - return ID, nil - } - } - } - return common.BadQuotaID, fmt.Errorf("createProjectID %s %v failed %v", path, ID, err) -} - -func removeProjectID(path string, ID common.QuotaID) error { - if ID == common.BadQuotaID { - return fmt.Errorf("attempting to remove invalid quota ID %v", ID) - } - quotaIDLock.Lock() - defer quotaIDLock.Unlock() - fProjects, fProjid, err := openAndLockProjectFiles() - if err == nil { - defer closeProjectFiles(fProjects, fProjid) - list := readProjectFiles(fProjects, fProjid) - var writeProjid bool - writeProjid, err = removeDirFromProject(path, ID, &list) - if err == nil { - if err = writeProjectFiles(fProjects, fProjid, writeProjid, list); err == nil { - return nil - } - } - } - return fmt.Errorf("removeProjectID %s %v failed %v", path, ID, err) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go deleted file mode 100644 index fbd29fba73..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fsquota - -import ( - "k8s.io/mount-utils" - - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/types" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/features" -) - -// Interface -- quota interface -type Interface interface { - // Does the path provided support quotas, and if so, what types - SupportsQuotas(m mount.Interface, path string) (bool, error) - // Assign a quota (picked by the quota mechanism) to a path, - // and return it. - AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error - - // Get the quota-based storage consumption for the path - GetConsumption(path string) (*resource.Quantity, error) - - // Get the quota-based inode consumption for the path - GetInodes(path string) (*resource.Quantity, error) - - // Remove the quota from a path - // Implementations may assume that any data covered by the - // quota has already been removed. - ClearQuota(m mount.Interface, path string) error -} - -func enabledQuotasForMonitoring() bool { - return utilfeature.DefaultFeatureGate.Enabled(features.LocalStorageCapacityIsolationFSQuotaMonitoring) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go deleted file mode 100644 index 85784204aa..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_linux.go +++ /dev/null @@ -1,452 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fsquota - -import ( - "bufio" - "fmt" - "os" - "path/filepath" - "sync" - - "k8s.io/klog/v2" - "k8s.io/mount-utils" - - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/uuid" - "k8s.io/kubernetes/pkg/volume/util/fsquota/common" -) - -// Pod -> ID -var podQuotaMap = make(map[types.UID]common.QuotaID) - -// Dir -> ID (for convenience) -var dirQuotaMap = make(map[string]common.QuotaID) - -// ID -> pod -var quotaPodMap = make(map[common.QuotaID]types.UID) - -// Directory -> pod -var dirPodMap = make(map[string]types.UID) - -// Backing device -> applier -// This is *not* cleaned up; its size will be bounded. -var devApplierMap = make(map[string]common.LinuxVolumeQuotaApplier) - -// Directory -> applier -var dirApplierMap = make(map[string]common.LinuxVolumeQuotaApplier) -var dirApplierLock sync.RWMutex - -// Pod -> refcount -var podDirCountMap = make(map[types.UID]int) - -// ID -> size -var quotaSizeMap = make(map[common.QuotaID]int64) -var quotaLock sync.RWMutex - -var supportsQuotasMap = make(map[string]bool) -var supportsQuotasLock sync.RWMutex - -// Directory -> backingDev -var backingDevMap = make(map[string]string) -var backingDevLock sync.RWMutex - -var mountpointMap = make(map[string]string) -var mountpointLock sync.RWMutex - -var providers = []common.LinuxVolumeQuotaProvider{ - &common.VolumeProvider{}, -} - -// Separate the innards for ease of testing -func detectBackingDevInternal(mountpoint string, mounts string) (string, error) { - file, err := os.Open(mounts) - if err != nil { - return "", err - } - defer file.Close() - scanner := bufio.NewScanner(file) - for scanner.Scan() { - match := common.MountParseRegexp.FindStringSubmatch(scanner.Text()) - if match != nil { - device := match[1] - mount := match[2] - if mount == mountpoint { - return device, nil - } - } - } - return "", fmt.Errorf("couldn't find backing device for %s", mountpoint) -} - -// detectBackingDev assumes that the mount point provided is valid -func detectBackingDev(_ mount.Interface, mountpoint string) (string, error) { - return detectBackingDevInternal(mountpoint, common.MountsFile) -} - -func clearBackingDev(path string) { - backingDevLock.Lock() - defer backingDevLock.Unlock() - delete(backingDevMap, path) -} - -// Assumes that the path has been fully canonicalized -// Breaking this up helps with testing -func detectMountpointInternal(m mount.Interface, path string) (string, error) { - for path != "" && path != "/" { - // per k8s.io/mount-utils/mount_linux this detects all but - // a bind mount from one part of a mount to another. - // For our purposes that's fine; we simply want the "true" - // mount point - // - // IsNotMountPoint proved much more troublesome; it actually - // scans the mounts, and when a lot of mount/unmount - // activity takes place, it is not able to get a consistent - // view of /proc/self/mounts, causing it to time out and - // report incorrectly. - isNotMount, err := m.IsLikelyNotMountPoint(path) - if err != nil { - return "/", err - } - if !isNotMount { - return path, nil - } - path = filepath.Dir(path) - } - return "/", nil -} - -func detectMountpoint(m mount.Interface, path string) (string, error) { - xpath, err := filepath.Abs(path) - if err != nil { - return "/", err - } - xpath, err = filepath.EvalSymlinks(xpath) - if err != nil { - return "/", err - } - if xpath, err = detectMountpointInternal(m, xpath); err == nil { - return xpath, nil - } - return "/", err -} - -func clearMountpoint(path string) { - mountpointLock.Lock() - defer mountpointLock.Unlock() - delete(mountpointMap, path) -} - -// getFSInfo Returns mountpoint and backing device -// getFSInfo should cache the mountpoint and backing device for the -// path. -func getFSInfo(m mount.Interface, path string) (string, string, error) { - mountpointLock.Lock() - defer mountpointLock.Unlock() - - backingDevLock.Lock() - defer backingDevLock.Unlock() - - var err error - - mountpoint, okMountpoint := mountpointMap[path] - if !okMountpoint { - mountpoint, err = detectMountpoint(m, path) - if err != nil { - return "", "", fmt.Errorf("cannot determine mountpoint for %s: %v", path, err) - } - } - - backingDev, okBackingDev := backingDevMap[path] - if !okBackingDev { - backingDev, err = detectBackingDev(m, mountpoint) - if err != nil { - return "", "", fmt.Errorf("cannot determine backing device for %s: %v", path, err) - } - } - mountpointMap[path] = mountpoint - backingDevMap[path] = backingDev - return mountpoint, backingDev, nil -} - -func clearFSInfo(path string) { - clearMountpoint(path) - clearBackingDev(path) -} - -func getApplier(path string) common.LinuxVolumeQuotaApplier { - dirApplierLock.Lock() - defer dirApplierLock.Unlock() - return dirApplierMap[path] -} - -func setApplier(path string, applier common.LinuxVolumeQuotaApplier) { - dirApplierLock.Lock() - defer dirApplierLock.Unlock() - dirApplierMap[path] = applier -} - -func clearApplier(path string) { - dirApplierLock.Lock() - defer dirApplierLock.Unlock() - delete(dirApplierMap, path) -} - -func setQuotaOnDir(path string, id common.QuotaID, bytes int64) error { - return getApplier(path).SetQuotaOnDir(path, id, bytes) -} - -func getQuotaOnDir(m mount.Interface, path string) (common.QuotaID, error) { - _, _, err := getFSInfo(m, path) - if err != nil { - return common.BadQuotaID, err - } - return getApplier(path).GetQuotaOnDir(path) -} - -func clearQuotaOnDir(m mount.Interface, path string) error { - // Since we may be called without path being in the map, - // we explicitly have to check in this case. - klog.V(4).Infof("clearQuotaOnDir %s", path) - supportsQuotas, err := SupportsQuotas(m, path) - if err != nil { - // Log-and-continue instead of returning an error for now - // due to unspecified backwards compatibility concerns (a subject to revise) - klog.V(3).Infof("Attempt to check for quota support failed: %v", err) - } - if !supportsQuotas { - return nil - } - projid, err := getQuotaOnDir(m, path) - if err == nil && projid != common.BadQuotaID { - // This means that we have a quota on the directory but - // we can't clear it. That's not good. - err = setQuotaOnDir(path, projid, 0) - if err != nil { - klog.V(3).Infof("Attempt to clear quota failed: %v", err) - } - // Even if clearing the quota failed, we still need to - // try to remove the project ID, or that may be left dangling. - err1 := removeProjectID(path, projid) - if err1 != nil { - klog.V(3).Infof("Attempt to remove quota ID from system files failed: %v", err1) - } - clearFSInfo(path) - if err != nil { - return err - } - return err1 - } - // If we couldn't get a quota, that's fine -- there may - // never have been one, and we have no way to know otherwise - klog.V(3).Infof("clearQuotaOnDir fails %v", err) - return nil -} - -// SupportsQuotas -- Does the path support quotas -// Cache the applier for paths that support quotas. For paths that don't, -// don't cache the result because nothing will clean it up. -// However, do cache the device->applier map; the number of devices -// is bounded. -func SupportsQuotas(m mount.Interface, path string) (bool, error) { - if !enabledQuotasForMonitoring() { - klog.V(3).Info("SupportsQuotas called, but quotas disabled") - return false, nil - } - supportsQuotasLock.Lock() - defer supportsQuotasLock.Unlock() - if supportsQuotas, ok := supportsQuotasMap[path]; ok { - return supportsQuotas, nil - } - mount, dev, err := getFSInfo(m, path) - if err != nil { - return false, err - } - // Do we know about this device? - applier, ok := devApplierMap[mount] - if !ok { - for _, provider := range providers { - if applier = provider.GetQuotaApplier(mount, dev); applier != nil { - devApplierMap[mount] = applier - break - } - } - } - if applier != nil { - supportsQuotasMap[path] = true - setApplier(path, applier) - return true, nil - } - delete(backingDevMap, path) - delete(mountpointMap, path) - return false, nil -} - -// AssignQuota -- assign a quota to the specified directory. -// AssignQuota chooses the quota ID based on the pod UID and path. -// If the pod UID is identical to another one known, it may (but presently -// doesn't) choose the same quota ID as other volumes in the pod. -func AssignQuota(m mount.Interface, path string, poduid types.UID, bytes *resource.Quantity) error { //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment below - if bytes == nil { - return fmt.Errorf("attempting to assign null quota to %s", path) - } - ibytes := bytes.Value() - if ok, err := SupportsQuotas(m, path); !ok { - return fmt.Errorf("quotas not supported on %s: %v", path, err) - } - quotaLock.Lock() - defer quotaLock.Unlock() - // Current policy is to set individual quotas on each volumes. - // If we decide later that we want to assign one quota for all - // volumes in a pod, we can simply remove this line of code. - // If and when we decide permanently that we're going to adopt - // one quota per volume, we can rip all of the pod code out. - poduid = types.UID(uuid.NewUUID()) //nolint:staticcheck // SA4009 poduid is overwritten by design, see comment above - if pod, ok := dirPodMap[path]; ok && pod != poduid { - return fmt.Errorf("requesting quota on existing directory %s but different pod %s %s", path, pod, poduid) - } - oid, ok := podQuotaMap[poduid] - if ok { - if quotaSizeMap[oid] != ibytes { - return fmt.Errorf("requesting quota of different size: old %v new %v", quotaSizeMap[oid], bytes) - } - } else { - oid = common.BadQuotaID - } - id, err := createProjectID(path, oid) - if err == nil { - if oid != common.BadQuotaID && oid != id { - return fmt.Errorf("attempt to reassign quota %v to %v", oid, id) - } - // When enforcing quotas are enabled, we'll condition this - // on their being disabled also. - if ibytes > 0 { - ibytes = -1 - } - if err = setQuotaOnDir(path, id, ibytes); err == nil { - quotaPodMap[id] = poduid - quotaSizeMap[id] = ibytes - podQuotaMap[poduid] = id - dirQuotaMap[path] = id - dirPodMap[path] = poduid - podDirCountMap[poduid]++ - klog.V(4).Infof("Assigning quota ID %d (%d) to %s", id, ibytes, path) - return nil - } - removeProjectID(path, id) - } - return fmt.Errorf("assign quota FAILED %v", err) -} - -// GetConsumption -- retrieve the consumption (in bytes) of the directory -func GetConsumption(path string) (*resource.Quantity, error) { - // Note that we actually need to hold the lock at least through - // running the quota command, so it can't get recycled behind our back - quotaLock.Lock() - defer quotaLock.Unlock() - applier := getApplier(path) - // No applier means directory is not under quota management - if applier == nil { - return nil, nil - } - ibytes, err := applier.GetConsumption(path, dirQuotaMap[path]) - if err != nil { - return nil, err - } - return resource.NewQuantity(ibytes, resource.DecimalSI), nil -} - -// GetInodes -- retrieve the number of inodes in use under the directory -func GetInodes(path string) (*resource.Quantity, error) { - // Note that we actually need to hold the lock at least through - // running the quota command, so it can't get recycled behind our back - quotaLock.Lock() - defer quotaLock.Unlock() - applier := getApplier(path) - // No applier means directory is not under quota management - if applier == nil { - return nil, nil - } - inodes, err := applier.GetInodes(path, dirQuotaMap[path]) - if err != nil { - return nil, err - } - return resource.NewQuantity(inodes, resource.DecimalSI), nil -} - -// ClearQuota -- remove the quota assigned to a directory -func ClearQuota(m mount.Interface, path string) error { - klog.V(3).Infof("ClearQuota %s", path) - if !enabledQuotasForMonitoring() { - return fmt.Errorf("clearQuota called, but quotas disabled") - } - quotaLock.Lock() - defer quotaLock.Unlock() - poduid, ok := dirPodMap[path] - if !ok { - // Nothing in the map either means that there was no - // quota to begin with or that we're clearing a - // stale directory, so if we find a quota, just remove it. - // The process of clearing the quota requires that an applier - // be found, which needs to be cleaned up. - defer delete(supportsQuotasMap, path) - defer clearApplier(path) - return clearQuotaOnDir(m, path) - } - _, ok = podQuotaMap[poduid] - if !ok { - return fmt.Errorf("clearQuota: No quota available for %s", path) - } - projid, err := getQuotaOnDir(m, path) - if err != nil { - // Log-and-continue instead of returning an error for now - // due to unspecified backwards compatibility concerns (a subject to revise) - klog.V(3).Infof("Attempt to check quota ID %v on dir %s failed: %v", dirQuotaMap[path], path, err) - } - if projid != dirQuotaMap[path] { - return fmt.Errorf("expected quota ID %v on dir %s does not match actual %v", dirQuotaMap[path], path, projid) - } - count, ok := podDirCountMap[poduid] - if count <= 1 || !ok { - err = clearQuotaOnDir(m, path) - // This error should be noted; we still need to clean up - // and otherwise handle in the same way. - if err != nil { - klog.V(3).Infof("Unable to clear quota %v %s: %v", dirQuotaMap[path], path, err) - } - delete(quotaSizeMap, podQuotaMap[poduid]) - delete(quotaPodMap, podQuotaMap[poduid]) - delete(podDirCountMap, poduid) - delete(podQuotaMap, poduid) - } else { - err = removeProjectID(path, projid) - podDirCountMap[poduid]-- - klog.V(4).Infof("Not clearing quota for pod %s; still %v dirs outstanding", poduid, podDirCountMap[poduid]) - } - delete(dirPodMap, path) - delete(dirQuotaMap, path) - delete(supportsQuotasMap, path) - clearApplier(path) - if err != nil { - return fmt.Errorf("unable to clear quota for %s: %v", path, err) - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go deleted file mode 100644 index 8579f53893..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/fsquota/quota_unsupported.go +++ /dev/null @@ -1,59 +0,0 @@ -//go:build !linux -// +build !linux - -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fsquota - -import ( - "errors" - - "k8s.io/mount-utils" - - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/types" -) - -// Dummy quota implementation for systems that do not implement support -// for volume quotas - -var errNotImplemented = errors.New("not implemented") - -// SupportsQuotas -- dummy implementation -func SupportsQuotas(_ mount.Interface, _ string) (bool, error) { - return false, errNotImplemented -} - -// AssignQuota -- dummy implementation -func AssignQuota(_ mount.Interface, _ string, _ types.UID, _ *resource.Quantity) error { - return errNotImplemented -} - -// GetConsumption -- dummy implementation -func GetConsumption(_ string) (*resource.Quantity, error) { - return nil, errNotImplemented -} - -// GetInodes -- dummy implementation -func GetInodes(_ string) (*resource.Quantity, error) { - return nil, errNotImplemented -} - -// ClearQuota -- dummy implementation -func ClearQuota(_ mount.Interface, _ string) error { - return errNotImplemented -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/fake_hostutil.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/fake_hostutil.go deleted file mode 100644 index 0efccb3e36..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/fake_hostutil.go +++ /dev/null @@ -1,124 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package hostutil - -import ( - "errors" - "os" - "sync" - - "k8s.io/mount-utils" -) - -// FakeHostUtil is a fake HostUtils implementation for testing -type FakeHostUtil struct { - MountPoints []mount.MountPoint - Filesystem map[string]FileType - - mutex sync.Mutex -} - -// NewFakeHostUtil returns a struct that implements the HostUtils interface -// for testing -// TODO: no callers were initializing the struct with any MountPoints. Check -// if those are still being used by any callers and if MountPoints still need -// to be a part of the struct. -func NewFakeHostUtil(fs map[string]FileType) *FakeHostUtil { - return &FakeHostUtil{ - Filesystem: fs, - } -} - -// Compile-time check to make sure FakeHostUtil implements interface -var _ HostUtils = &FakeHostUtil{} - -// DeviceOpened checks if block device referenced by pathname is in use by -// checking if is listed as a device in the in-memory mountpoint table. -func (hu *FakeHostUtil) DeviceOpened(pathname string) (bool, error) { - hu.mutex.Lock() - defer hu.mutex.Unlock() - - for _, mp := range hu.MountPoints { - if mp.Device == pathname { - return true, nil - } - } - return false, nil -} - -// PathIsDevice always returns true -func (hu *FakeHostUtil) PathIsDevice(pathname string) (bool, error) { - return true, nil -} - -// GetDeviceNameFromMount given a mount point, find the volume id -func (hu *FakeHostUtil) GetDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) { - return getDeviceNameFromMount(mounter, mountPath, pluginMountDir) -} - -// MakeRShared checks if path is shared and bind-mounts it as rshared if needed. -// No-op for testing -func (hu *FakeHostUtil) MakeRShared(path string) error { - return nil -} - -// GetFileType checks for file/directory/socket/block/character devices. -// Defaults to Directory if otherwise unspecified. -func (hu *FakeHostUtil) GetFileType(pathname string) (FileType, error) { - if t, ok := hu.Filesystem[pathname]; ok { - return t, nil - } - return FileType("Directory"), nil -} - -// PathExists checks if pathname exists. -func (hu *FakeHostUtil) PathExists(pathname string) (bool, error) { - if _, ok := hu.Filesystem[pathname]; ok { - return true, nil - } - return false, nil -} - -// EvalHostSymlinks returns the path name after evaluating symlinks. -// No-op for testing -func (hu *FakeHostUtil) EvalHostSymlinks(pathname string) (string, error) { - return pathname, nil -} - -// GetOwner returns the integer ID for the user and group of the given path -// Not implemented for testing -func (hu *FakeHostUtil) GetOwner(pathname string) (int64, int64, error) { - return -1, -1, errors.New("GetOwner not implemented") -} - -// GetSELinuxSupport tests if pathname is on a mount that supports SELinux. -// Not implemented for testing -func (hu *FakeHostUtil) GetSELinuxSupport(pathname string) (bool, error) { - return false, nil -} - -// GetMode returns permissions of pathname. -// Not implemented for testing -func (hu *FakeHostUtil) GetMode(pathname string) (os.FileMode, error) { - return 0, errors.New("not implemented") -} - -// GetSELinuxMountContext returns value of -o context=XYZ mount option on -// given mount point. -func (hu *FakeHostUtil) GetSELinuxMountContext(pathname string) (string, error) { - return "", errors.New("not implemented") -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil.go deleted file mode 100644 index dfe165aae3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil.go +++ /dev/null @@ -1,112 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package hostutil - -import ( - "fmt" - "os" - - "k8s.io/mount-utils" -) - -// FileType enumerates the known set of possible file types. -type FileType string - -const ( - // FileTypeBlockDev defines a constant for the block device FileType. - FileTypeBlockDev FileType = "BlockDevice" - // FileTypeCharDev defines a constant for the character device FileType. - FileTypeCharDev FileType = "CharDevice" - // FileTypeDirectory defines a constant for the directory FileType. - FileTypeDirectory FileType = "Directory" - // FileTypeFile defines a constant for the file FileType. - FileTypeFile FileType = "File" - // FileTypeSocket defines a constant for the socket FileType. - FileTypeSocket FileType = "Socket" - // FileTypeUnknown defines a constant for an unknown FileType. - FileTypeUnknown FileType = "" -) - -// HostUtils defines the set of methods for interacting with paths on a host. -type HostUtils interface { - // DeviceOpened determines if the device (e.g. /dev/sdc) is in use elsewhere - // on the system, i.e. still mounted. - DeviceOpened(pathname string) (bool, error) - // PathIsDevice determines if a path is a device. - PathIsDevice(pathname string) (bool, error) - // GetDeviceNameFromMount finds the device name by checking the mount path - // to get the global mount path within its plugin directory. - GetDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) - // MakeRShared checks that given path is on a mount with 'rshared' mount - // propagation. If not, it bind-mounts the path as rshared. - MakeRShared(path string) error - // GetFileType checks for file/directory/socket/block/character devices. - GetFileType(pathname string) (FileType, error) - // PathExists tests if the given path already exists - // Error is returned on any other error than "file not found". - PathExists(pathname string) (bool, error) - // EvalHostSymlinks returns the path name after evaluating symlinks. - EvalHostSymlinks(pathname string) (string, error) - // GetOwner returns the integer ID for the user and group of the given path - GetOwner(pathname string) (int64, int64, error) - // GetSELinuxSupport returns true if given path is on a mount that supports - // SELinux. - GetSELinuxSupport(pathname string) (bool, error) - // GetMode returns permissions of the path. - GetMode(pathname string) (os.FileMode, error) - // GetSELinuxMountContext returns value of -o context=XYZ mount option on - // given mount point. - GetSELinuxMountContext(pathname string) (string, error) -} - -// Compile-time check to ensure all HostUtil implementations satisfy -// the Interface. -var _ HostUtils = &HostUtil{} - -// getFileType checks for file/directory/socket and block/character devices. -func getFileType(pathname string) (FileType, error) { - var pathType FileType - info, err := os.Stat(pathname) - if os.IsNotExist(err) { - return pathType, fmt.Errorf("path %q does not exist", pathname) - } - // err in call to os.Stat - if err != nil { - return pathType, err - } - - // checks whether the mode is the target mode. - isSpecificMode := func(mode, targetMode os.FileMode) bool { - return mode&targetMode == targetMode - } - - mode := info.Mode() - if mode.IsDir() { - return FileTypeDirectory, nil - } else if mode.IsRegular() { - return FileTypeFile, nil - } else if isSpecificMode(mode, os.ModeSocket) { - return FileTypeSocket, nil - } else if isSpecificMode(mode, os.ModeDevice) { - if isSpecificMode(mode, os.ModeCharDevice) { - return FileTypeCharDev, nil - } - return FileTypeBlockDev, nil - } - - return pathType, fmt.Errorf("only recognise file, directory, socket, block device and character device") -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_linux.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_linux.go deleted file mode 100644 index 5c687d9f44..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_linux.go +++ /dev/null @@ -1,333 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package hostutil - -import ( - "fmt" - "os" - "path" - "path/filepath" - "strings" - "syscall" - - "github.com/opencontainers/selinux/go-selinux" - "golang.org/x/sys/unix" - "k8s.io/klog/v2" - "k8s.io/mount-utils" - utilpath "k8s.io/utils/path" -) - -const ( - // Location of the mountinfo file - procMountInfoPath = "/proc/self/mountinfo" -) - -// HostUtil implements HostUtils for Linux platforms. -type HostUtil struct { -} - -// NewHostUtil returns a struct that implements the HostUtils interface on -// linux platforms -func NewHostUtil() *HostUtil { - return &HostUtil{} -} - -// DeviceOpened checks if block device in use by calling Open with O_EXCL flag. -// If pathname is not a device, log and return false with nil error. -// If open returns errno EBUSY, return true with nil error. -// If open returns nil, return false with nil error. -// Otherwise, return false with error -func (hu *HostUtil) DeviceOpened(pathname string) (bool, error) { - return ExclusiveOpenFailsOnDevice(pathname) -} - -// PathIsDevice uses FileInfo returned from os.Stat to check if path refers -// to a device. -func (hu *HostUtil) PathIsDevice(pathname string) (bool, error) { - pathType, err := hu.GetFileType(pathname) - isDevice := pathType == FileTypeCharDev || pathType == FileTypeBlockDev - return isDevice, err -} - -// ExclusiveOpenFailsOnDevice is shared with NsEnterMounter -func ExclusiveOpenFailsOnDevice(pathname string) (bool, error) { - var isDevice bool - finfo, err := os.Stat(pathname) - if os.IsNotExist(err) { - isDevice = false - } - // err in call to os.Stat - if err != nil { - return false, fmt.Errorf( - "PathIsDevice failed for path %q: %v", - pathname, - err) - } - // path refers to a device - if finfo.Mode()&os.ModeDevice != 0 { - isDevice = true - } - - if !isDevice { - klog.Errorf("Path %q is not referring to a device.", pathname) - return false, nil - } - fd, errno := unix.Open(pathname, unix.O_RDONLY|unix.O_EXCL|unix.O_CLOEXEC, 0) - // If the device is in use, open will return an invalid fd. - // When this happens, it is expected that Close will fail and throw an error. - defer unix.Close(fd) - if errno == nil { - // device not in use - return false, nil - } else if errno == unix.EBUSY { - // device is in use - return true, nil - } - // error during call to Open - return false, errno -} - -// GetDeviceNameFromMount given a mount point, find the device name from its global mount point -func (hu *HostUtil) GetDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) { - return getDeviceNameFromMount(mounter, mountPath, pluginMountDir) -} - -// getDeviceNameFromMountLinux find the device name from /proc/mounts in which -// the mount path reference should match the given plugin mount directory. In case no mount path reference -// matches, returns the volume name taken from its given mountPath -func getDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) { - refs, err := mounter.GetMountRefs(mountPath) - if err != nil { - klog.V(4).Infof("GetMountRefs failed for mount path %q: %v", mountPath, err) - return "", err - } - if len(refs) == 0 { - klog.V(4).Infof("Directory %s is not mounted", mountPath) - return "", fmt.Errorf("directory %s is not mounted", mountPath) - } - for _, ref := range refs { - if strings.HasPrefix(ref, pluginMountDir) { - volumeID, err := filepath.Rel(pluginMountDir, ref) - if err != nil { - klog.Errorf("Failed to get volume id from mount %s - %v", mountPath, err) - return "", err - } - return volumeID, nil - } - } - - return path.Base(mountPath), nil -} - -// MakeRShared checks that given path is on a mount with 'rshared' mount -// propagation. If not, it bind-mounts the path as rshared. -func (hu *HostUtil) MakeRShared(path string) error { - return DoMakeRShared(path, procMountInfoPath) -} - -// GetFileType checks for file/directory/socket/block/character devices. -func (hu *HostUtil) GetFileType(pathname string) (FileType, error) { - return getFileType(pathname) -} - -// PathExists tests if the given path already exists -// Error is returned on any other error than "file not found". -func (hu *HostUtil) PathExists(pathname string) (bool, error) { - return utilpath.Exists(utilpath.CheckFollowSymlink, pathname) -} - -// EvalHostSymlinks returns the path name after evaluating symlinks. -// TODO once the nsenter implementation is removed, this method can be removed -// from the interface and filepath.EvalSymlinks used directly -func (hu *HostUtil) EvalHostSymlinks(pathname string) (string, error) { - return filepath.EvalSymlinks(pathname) -} - -// FindMountInfo returns the mount info on the given path. -func (hu *HostUtil) FindMountInfo(path string) (mount.MountInfo, error) { - return findMountInfo(path, procMountInfoPath) -} - -// isShared returns true, if given path is on a mount point that has shared -// mount propagation. -func isShared(mount string, mountInfoPath string) (bool, error) { - info, err := findMountInfo(mount, mountInfoPath) - if err != nil { - return false, err - } - - // parse optional parameters - for _, opt := range info.OptionalFields { - if strings.HasPrefix(opt, "shared:") { - return true, nil - } - } - return false, nil -} - -func findMountInfo(path, mountInfoPath string) (mount.MountInfo, error) { - infos, err := mount.ParseMountInfo(mountInfoPath) - if err != nil { - return mount.MountInfo{}, err - } - - // process /proc/xxx/mountinfo in backward order and find the first mount - // point that is prefix of 'path' - that's the mount where path resides - var info *mount.MountInfo - for i := len(infos) - 1; i >= 0; i-- { - if mount.PathWithinBase(path, infos[i].MountPoint) { - info = &infos[i] - break - } - } - if info == nil { - return mount.MountInfo{}, fmt.Errorf("cannot find mount point for %q", path) - } - return *info, nil -} - -// DoMakeRShared is common implementation of MakeRShared on Linux. It checks if -// path is shared and bind-mounts it as rshared if needed. mountCmd and -// mountArgs are expected to contain mount-like command, DoMakeRShared will add -// '--bind <path> <path>' and '--make-rshared <path>' to mountArgs. -func DoMakeRShared(path string, mountInfoFilename string) error { - shared, err := isShared(path, mountInfoFilename) - if err != nil { - return err - } - if shared { - klog.V(4).Infof("Directory %s is already on a shared mount", path) - return nil - } - - klog.V(2).Infof("Bind-mounting %q with shared mount propagation", path) - // mount --bind /var/lib/kubelet /var/lib/kubelet - if err := syscall.Mount(path, path, "" /*fstype*/, syscall.MS_BIND, "" /*data*/); err != nil { - return fmt.Errorf("failed to bind-mount %s: %v", path, err) - } - - // mount --make-rshared /var/lib/kubelet - if err := syscall.Mount(path, path, "" /*fstype*/, syscall.MS_SHARED|syscall.MS_REC, "" /*data*/); err != nil { - return fmt.Errorf("failed to make %s rshared: %v", path, err) - } - - return nil -} - -// selinux.SELinuxEnabled implementation for unit tests -type seLinuxEnabledFunc func() bool - -// GetSELinux is common implementation of GetSELinuxSupport on Linux. -func GetSELinux(path string, mountInfoFilename string, selinuxEnabled seLinuxEnabledFunc) (bool, error) { - // Skip /proc/mounts parsing if SELinux is disabled. - if !selinuxEnabled() { - return false, nil - } - - info, err := findMountInfo(path, mountInfoFilename) - if err != nil { - return false, err - } - - // "seclabel" can be both in mount options and super options. - for _, opt := range info.SuperOptions { - if opt == "seclabel" { - return true, nil - } - } - for _, opt := range info.MountOptions { - if opt == "seclabel" { - return true, nil - } - } - return false, nil -} - -// GetSELinuxSupport returns true if given path is on a mount that supports -// SELinux. -func (hu *HostUtil) GetSELinuxSupport(pathname string) (bool, error) { - return GetSELinux(pathname, procMountInfoPath, selinux.GetEnabled) -} - -// GetOwner returns the integer ID for the user and group of the given path -func (hu *HostUtil) GetOwner(pathname string) (int64, int64, error) { - realpath, err := filepath.EvalSymlinks(pathname) - if err != nil { - return -1, -1, err - } - return GetOwnerLinux(realpath) -} - -// GetMode returns permissions of the path. -func (hu *HostUtil) GetMode(pathname string) (os.FileMode, error) { - return GetModeLinux(pathname) -} - -// GetOwnerLinux is shared between Linux and NsEnterMounter -// pathname must already be evaluated for symlinks -func GetOwnerLinux(pathname string) (int64, int64, error) { - info, err := os.Stat(pathname) - if err != nil { - return -1, -1, err - } - stat := info.Sys().(*syscall.Stat_t) - return int64(stat.Uid), int64(stat.Gid), nil -} - -// GetModeLinux is shared between Linux and NsEnterMounter -func GetModeLinux(pathname string) (os.FileMode, error) { - info, err := os.Stat(pathname) - if err != nil { - return 0, err - } - return info.Mode(), nil -} - -// GetSELinuxMountContext returns value of -o context=XYZ mount option on -// given mount point. -func (hu *HostUtil) GetSELinuxMountContext(pathname string) (string, error) { - return getSELinuxMountContext(pathname, procMountInfoPath, selinux.GetEnabled) -} - -// getSELinux is common implementation of GetSELinuxSupport on Linux. -// Using an extra function for unit tests. -func getSELinuxMountContext(path string, mountInfoFilename string, selinuxEnabled seLinuxEnabledFunc) (string, error) { - // Skip /proc/mounts parsing if SELinux is disabled. - if !selinuxEnabled() { - return "", nil - } - - info, err := findMountInfo(path, mountInfoFilename) - if err != nil { - return "", err - } - - for _, opt := range info.SuperOptions { - if !strings.HasPrefix(opt, "context=") { - continue - } - // Remove context= - context := strings.TrimPrefix(opt, "context=") - // Remove double quotes - context = strings.Trim(context, "\"") - return context, nil - } - return "", nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_unsupported.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_unsupported.go deleted file mode 100644 index c5ff9c0b5e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_unsupported.go +++ /dev/null @@ -1,109 +0,0 @@ -//go:build !linux && !windows -// +build !linux,!windows - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package hostutil - -import ( - "errors" - "os" - - "k8s.io/mount-utils" -) - -// HostUtil is an HostUtils implementation that allows compilation on -// unsupported platforms -type HostUtil struct{} - -// NewHostUtil returns a struct that implements the HostUtils interface on -// unsupported platforms -func NewHostUtil() *HostUtil { - return &HostUtil{} -} - -var errUnsupported = errors.New("volume/util/hostutil on this platform is not supported") - -// DeviceOpened always returns an error on unsupported platforms -func (hu *HostUtil) DeviceOpened(pathname string) (bool, error) { - return false, errUnsupported -} - -// PathIsDevice always returns an error on unsupported platforms -func (hu *HostUtil) PathIsDevice(pathname string) (bool, error) { - return true, errUnsupported -} - -// GetDeviceNameFromMount always returns an error on unsupported platforms -func (hu *HostUtil) GetDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) { - return getDeviceNameFromMount(mounter, mountPath, pluginMountDir) -} - -// MakeRShared always returns an error on unsupported platforms -func (hu *HostUtil) MakeRShared(path string) error { - return errUnsupported -} - -// GetFileType always returns an error on unsupported platforms -func (hu *HostUtil) GetFileType(pathname string) (FileType, error) { - return FileType("fake"), errUnsupported -} - -// MakeFile always returns an error on unsupported platforms -func (hu *HostUtil) MakeFile(pathname string) error { - return errUnsupported -} - -// MakeDir always returns an error on unsupported platforms -func (hu *HostUtil) MakeDir(pathname string) error { - return errUnsupported -} - -// PathExists always returns an error on unsupported platforms -func (hu *HostUtil) PathExists(pathname string) (bool, error) { - return true, errUnsupported -} - -// EvalHostSymlinks always returns an error on unsupported platforms -func (hu *HostUtil) EvalHostSymlinks(pathname string) (string, error) { - return "", errUnsupported -} - -// GetOwner always returns an error on unsupported platforms -func (hu *HostUtil) GetOwner(pathname string) (int64, int64, error) { - return -1, -1, errUnsupported -} - -// GetSELinuxSupport always returns an error on unsupported platforms -func (hu *HostUtil) GetSELinuxSupport(pathname string) (bool, error) { - return false, errUnsupported -} - -// GetMode always returns an error on unsupported platforms -func (hu *HostUtil) GetMode(pathname string) (os.FileMode, error) { - return 0, errUnsupported -} - -func getDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) { - return "", errUnsupported -} - -// GetSELinuxMountContext returns value of -o context=XYZ mount option on -// given mount point. -func (hu *HostUtil) GetSELinuxMountContext(pathname string) (string, error) { - return "", errUnsupported -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_windows.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_windows.go deleted file mode 100644 index c039ada406..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_windows.go +++ /dev/null @@ -1,131 +0,0 @@ -//go:build windows -// +build windows - -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package hostutil - -import ( - "fmt" - "os" - "path" - "path/filepath" - "strings" - - "k8s.io/klog/v2" - "k8s.io/mount-utils" - utilpath "k8s.io/utils/path" -) - -// HostUtil implements HostUtils for Windows platforms. -type HostUtil struct{} - -// NewHostUtil returns a struct that implements HostUtils on Windows platforms -func NewHostUtil() *HostUtil { - return &HostUtil{} -} - -// GetDeviceNameFromMount given a mnt point, find the device -func (hu *HostUtil) GetDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) { - return getDeviceNameFromMount(mounter, mountPath, pluginMountDir) -} - -// getDeviceNameFromMount find the device(drive) name in which -// the mount path reference should match the given plugin mount directory. In case no mount path reference -// matches, returns the volume name taken from its given mountPath -func getDeviceNameFromMount(mounter mount.Interface, mountPath, pluginMountDir string) (string, error) { - refs, err := mounter.GetMountRefs(mountPath) - if err != nil { - klog.V(4).Infof("GetMountRefs failed for mount path %q: %v", mountPath, err) - return "", err - } - if len(refs) == 0 { - return "", fmt.Errorf("directory %s is not mounted", mountPath) - } - basemountPath := mount.NormalizeWindowsPath(pluginMountDir) - for _, ref := range refs { - if strings.Contains(ref, basemountPath) { - volumeID, err := filepath.Rel(mount.NormalizeWindowsPath(basemountPath), ref) - if err != nil { - klog.Errorf("Failed to get volume id from mount %s - %v", mountPath, err) - return "", err - } - return volumeID, nil - } - } - - return path.Base(mountPath), nil -} - -// DeviceOpened determines if the device is in use elsewhere -func (hu *HostUtil) DeviceOpened(pathname string) (bool, error) { - return false, nil -} - -// PathIsDevice determines if a path is a device. -func (hu *HostUtil) PathIsDevice(pathname string) (bool, error) { - return false, nil -} - -// MakeRShared checks that given path is on a mount with 'rshared' mount -// propagation. Empty implementation here. -func (hu *HostUtil) MakeRShared(path string) error { - return nil -} - -// GetFileType checks for sockets/block/character devices -func (hu *(HostUtil)) GetFileType(pathname string) (FileType, error) { - return getFileType(pathname) -} - -// PathExists checks whether the path exists -func (hu *HostUtil) PathExists(pathname string) (bool, error) { - return utilpath.Exists(utilpath.CheckFollowSymlink, pathname) -} - -// EvalHostSymlinks returns the path name after evaluating symlinks -func (hu *HostUtil) EvalHostSymlinks(pathname string) (string, error) { - return filepath.EvalSymlinks(pathname) -} - -// GetOwner returns the integer ID for the user and group of the given path -// Note that on windows, it always returns 0. We actually don't set Group on -// windows platform, see SetVolumeOwnership implementation. -func (hu *HostUtil) GetOwner(pathname string) (int64, int64, error) { - return -1, -1, nil -} - -// GetSELinuxSupport returns a boolean indicating support for SELinux. -// Windows does not support SELinux. -func (hu *HostUtil) GetSELinuxSupport(pathname string) (bool, error) { - return false, nil -} - -// GetMode returns permissions of the path. -func (hu *HostUtil) GetMode(pathname string) (os.FileMode, error) { - info, err := os.Stat(pathname) - if err != nil { - return 0, err - } - return info.Mode(), nil -} - -// GetSELinuxMountContext returns value of -o context=XYZ mount option on -// given mount point. -func (hu *HostUtil) GetSELinuxMountContext(pathname string) (string, error) { - return "", nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/io_util.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/io_util.go deleted file mode 100644 index 8d65a6e48d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/io_util.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "io/ioutil" - "os" - "path/filepath" -) - -// IoUtil is a mockable util for common IO operations -type IoUtil interface { - ReadFile(filename string) ([]byte, error) - ReadDir(dirname string) ([]os.FileInfo, error) - Lstat(name string) (os.FileInfo, error) - EvalSymlinks(path string) (string, error) -} - -type osIOHandler struct{} - -// NewIOHandler Create a new IoHandler implementation -func NewIOHandler() IoUtil { - return &osIOHandler{} -} - -func (handler *osIOHandler) ReadFile(filename string) ([]byte, error) { - return ioutil.ReadFile(filename) -} -func (handler *osIOHandler) ReadDir(dirname string) ([]os.FileInfo, error) { - return ioutil.ReadDir(dirname) -} -func (handler *osIOHandler) Lstat(name string) (os.FileInfo, error) { - return os.Lstat(name) -} -func (handler *osIOHandler) EvalSymlinks(path string) (string, error) { - return filepath.EvalSymlinks(path) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/metrics.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/metrics.go deleted file mode 100644 index 0eb030b359..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/metrics.go +++ /dev/null @@ -1,161 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "fmt" - "strconv" - "time" - - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" - "k8s.io/kubernetes/pkg/volume" - "k8s.io/kubernetes/pkg/volume/util/types" -) - -const ( - statusSuccess = "success" - statusFailUnknown = "fail-unknown" -) - -/* - * By default, all the following metrics are defined as falling under - * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/1209-metrics-stability/kubernetes-control-plane-metrics-stability.md#stability-classes) - * - * Promoting the stability level of the metric is a responsibility of the component owner, since it - * involves explicitly acknowledging support for the metric across multiple releases, in accordance with - * the metric stability policy. - */ - -var StorageOperationMetric = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Name: "storage_operation_duration_seconds", - Help: "Storage operation duration", - Buckets: []float64{.1, .25, .5, 1, 2.5, 5, 10, 15, 25, 50, 120, 300, 600}, - StabilityLevel: metrics.ALPHA, - }, - []string{"volume_plugin", "operation_name", "status", "migrated"}, -) - -var storageOperationEndToEndLatencyMetric = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Name: "volume_operation_total_seconds", - Help: "Storage operation end to end duration in seconds", - Buckets: []float64{.1, .25, .5, 1, 2.5, 5, 10, 15, 25, 50, 120, 300, 600}, - StabilityLevel: metrics.ALPHA, - }, - []string{"plugin_name", "operation_name"}, -) - -var csiOperationsLatencyMetric = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Subsystem: "csi", - Name: "operations_seconds", - Help: "Container Storage Interface operation duration with gRPC error code status total", - Buckets: []float64{.1, .25, .5, 1, 2.5, 5, 10, 15, 25, 50, 120, 300, 600}, - StabilityLevel: metrics.ALPHA, - }, - []string{"driver_name", "method_name", "grpc_status_code", "migrated"}, -) - -func init() { - registerMetrics() -} - -func registerMetrics() { - // legacyregistry is the internal k8s wrapper around the prometheus - // global registry, used specifically for metric stability enforcement - legacyregistry.MustRegister(StorageOperationMetric) - legacyregistry.MustRegister(storageOperationEndToEndLatencyMetric) - legacyregistry.MustRegister(csiOperationsLatencyMetric) -} - -// OperationCompleteHook returns a hook to call when an operation is completed -func OperationCompleteHook(plugin, operationName string) func(types.CompleteFuncParam) { - requestTime := time.Now() - opComplete := func(c types.CompleteFuncParam) { - timeTaken := time.Since(requestTime).Seconds() - // Create metric with operation name and plugin name - status := statusSuccess - if *c.Err != nil { - // TODO: Establish well-known error codes to be able to distinguish - // user configuration errors from system errors. - status = statusFailUnknown - } - migrated := false - if c.Migrated != nil { - migrated = *c.Migrated - } - StorageOperationMetric.WithLabelValues(plugin, operationName, status, strconv.FormatBool(migrated)).Observe(timeTaken) - } - return opComplete -} - -// FSGroupCompleteHook returns a hook to call when volume recursive permission is changed -func FSGroupCompleteHook(plugin volume.VolumePlugin, spec *volume.Spec) func(types.CompleteFuncParam) { - return OperationCompleteHook(GetFullQualifiedPluginNameForVolume(plugin.GetPluginName(), spec), "volume_apply_access_control") -} - -// GetFullQualifiedPluginNameForVolume returns full qualified plugin name for -// given volume. For CSI plugin, it appends plugin driver name at the end of -// plugin name, e.g. kubernetes.io/csi:csi-hostpath. It helps to distinguish -// between metrics emitted for CSI volumes which may be handled by different -// CSI plugin drivers. -func GetFullQualifiedPluginNameForVolume(pluginName string, spec *volume.Spec) string { - if spec != nil { - if spec.Volume != nil && spec.Volume.CSI != nil { - return fmt.Sprintf("%s:%s", pluginName, spec.Volume.CSI.Driver) - } - if spec.PersistentVolume != nil && spec.PersistentVolume.Spec.CSI != nil { - return fmt.Sprintf("%s:%s", pluginName, spec.PersistentVolume.Spec.CSI.Driver) - } - } - return pluginName -} - -// RecordOperationLatencyMetric records the end to end latency for certain operation -// into metric volume_operation_total_seconds -func RecordOperationLatencyMetric(plugin, operationName string, secondsTaken float64) { - storageOperationEndToEndLatencyMetric.WithLabelValues(plugin, operationName).Observe(secondsTaken) -} - -// RecordCSIOperationLatencyMetrics records the CSI operation latency and grpc status -// into metric csi_kubelet_operations_seconds -func RecordCSIOperationLatencyMetrics(driverName string, - operationName string, - operationErr error, - operationDuration time.Duration, - migrated string) { - csiOperationsLatencyMetric.WithLabelValues(driverName, operationName, getErrorCode(operationErr), migrated).Observe(operationDuration.Seconds()) -} - -func getErrorCode(err error) string { - if err == nil { - return codes.OK.String() - } - - st, ok := status.FromError(err) - if !ok { - // This is not gRPC error. The operation must have failed before gRPC - // method was called, otherwise we would get gRPC error. - return "unknown-non-grpc" - } - - return st.Code().String() -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/nested_volumes.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/nested_volumes.go deleted file mode 100644 index 27a6c29cd9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/nested_volumes.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "fmt" - "os" - "path/filepath" - "sort" - "strings" - - v1 "k8s.io/api/core/v1" - podutil "k8s.io/kubernetes/pkg/api/v1/pod" -) - -// getNestedMountpoints returns a list of mountpoint directories that should be created -// for the volume indicated by name. -// note: the returned list is relative to baseDir -func getNestedMountpoints(name, baseDir string, pod v1.Pod) ([]string, error) { - var retval []string - checkContainer := func(container *v1.Container) error { - var allMountPoints []string // all mount points in this container - var myMountPoints []string // mount points that match name - for _, vol := range container.VolumeMounts { - cleaned := filepath.Clean(vol.MountPath) - allMountPoints = append(allMountPoints, cleaned) - if vol.Name == name { - myMountPoints = append(myMountPoints, cleaned) - } - } - sort.Strings(allMountPoints) - parentPrefix := ".." + string(os.PathSeparator) - // Examine each place where this volume is mounted - for _, myMountPoint := range myMountPoints { - if strings.HasPrefix(myMountPoint, parentPrefix) { - // Don't let a container trick us into creating directories outside of its rootfs - return fmt.Errorf("invalid container mount point %v", myMountPoint) - } - myMPSlash := myMountPoint + string(os.PathSeparator) - // The previously found nested mountpoints. - // NOTE: We can't simply rely on sort.Strings to have all the mountpoints sorted and - // grouped. For example, the following strings are sorted in this exact order: - // /dir/nested, /dir/nested-vol, /dir/nested.vol, /dir/nested/double, /dir/nested2 - // The issue is a bit worse for Windows paths, since the \'s value is higher than /'s: - // \dir\nested, \dir\nested-vol, \dir\nested.vol, \dir\nested2, \dir\nested\double - // Because of this, we should use a list of previously mounted mountpoints, rather than only one. - prevNestedMPs := []string{} - // examine each mount point to see if it's nested beneath this volume - // (but skip any that are double-nested beneath this volume) - // For example, if this volume is mounted as /dir and other volumes are mounted - // as /dir/nested and /dir/nested/other, only create /dir/nested. - for _, mp := range allMountPoints { - if !strings.HasPrefix(mp, myMPSlash) { - continue // skip -- not nested beneath myMountPoint - } - - isNested := false - for _, prevNestedMP := range prevNestedMPs { - if strings.HasPrefix(mp, prevNestedMP) { - isNested = true - break - } - } - if isNested { - continue // skip -- double nested beneath myMountPoint - } - // since this mount point is nested, remember it so that we can check that following ones aren't nested beneath this one - prevNestedMPs = append(prevNestedMPs, mp+string(os.PathSeparator)) - retval = append(retval, mp[len(myMPSlash):]) - } - } - return nil - } - - var retErr error - podutil.VisitContainers(&pod.Spec, podutil.AllFeatureEnabledContainers(), func(c *v1.Container, containerType podutil.ContainerType) bool { - retErr = checkContainer(c) - return retErr == nil - }) - if retErr != nil { - return nil, retErr - } - - return retval, nil -} - -// MakeNestedMountpoints creates mount points in baseDir for volumes mounted beneath name -func MakeNestedMountpoints(name, baseDir string, pod v1.Pod) error { - dirs, err := getNestedMountpoints(name, baseDir, pod) - if err != nil { - return err - } - for _, dir := range dirs { - err := os.MkdirAll(filepath.Join(baseDir, dir), 0755) - if err != nil { - return fmt.Errorf("unable to create nested volume mountpoints: %v", err) - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/recyclerclient/recycler_client.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/recyclerclient/recycler_client.go deleted file mode 100644 index b7197dbdfe..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/recyclerclient/recycler_client.go +++ /dev/null @@ -1,266 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package recyclerclient - -import ( - "context" - "fmt" - "sync" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/watch" - clientset "k8s.io/client-go/kubernetes" - "k8s.io/klog/v2" -) - -// RecycleEventRecorder is a func that defines how to record RecycleEvent. -type RecycleEventRecorder func(eventtype, message string) - -// RecycleVolumeByWatchingPodUntilCompletion is intended for use with volume -// Recyclers. This function will save the given Pod to the API and watch it -// until it completes, fails, or the pod's ActiveDeadlineSeconds is exceeded, -// whichever comes first. An attempt to delete a recycler pod is always -// attempted before returning. -// -// In case there is a pod with the same namespace+name already running, this -// function deletes it as it is not able to judge if it is an old recycler -// or user has forged a fake recycler to block Kubernetes from recycling.// -// -// pod - the pod designed by a volume plugin to recycle the volume. pod.Name -// will be overwritten with unique name based on PV.Name. -// client - kube client for API operations. -func RecycleVolumeByWatchingPodUntilCompletion(pvName string, pod *v1.Pod, kubeClient clientset.Interface, recorder RecycleEventRecorder) error { - return internalRecycleVolumeByWatchingPodUntilCompletion(pvName, pod, newRecyclerClient(kubeClient, recorder)) -} - -// same as above func comments, except 'recyclerClient' is a narrower pod API -// interface to ease testing -func internalRecycleVolumeByWatchingPodUntilCompletion(pvName string, pod *v1.Pod, recyclerClient recyclerClient) error { - klog.V(5).Infof("creating recycler pod for volume %s\n", pod.Name) - - // Generate unique name for the recycler pod - we need to get "already - // exists" error when a previous controller has already started recycling - // the volume. Here we assume that pv.Name is already unique. - pod.Name = "recycler-for-" + pvName - pod.GenerateName = "" - - stopChannel := make(chan struct{}) - defer close(stopChannel) - podCh, err := recyclerClient.WatchPod(pod.Name, pod.Namespace, stopChannel) - if err != nil { - klog.V(4).Infof("cannot start watcher for pod %s/%s: %v", pod.Namespace, pod.Name, err) - return err - } - - // Start the pod - _, err = recyclerClient.CreatePod(pod) - if err != nil { - if errors.IsAlreadyExists(err) { - deleteErr := recyclerClient.DeletePod(pod.Name, pod.Namespace) - if deleteErr != nil { - return fmt.Errorf("failed to delete old recycler pod %s/%s: %s", pod.Namespace, pod.Name, deleteErr) - } - // Recycler will try again and the old pod will be hopefully deleted - // at that time. - return fmt.Errorf("old recycler pod found, will retry later") - } - return fmt.Errorf("unexpected error creating recycler pod: %+v", err) - } - err = waitForPod(pod, recyclerClient, podCh) - - // In all cases delete the recycler pod and log its result. - klog.V(2).Infof("deleting recycler pod %s/%s", pod.Namespace, pod.Name) - deleteErr := recyclerClient.DeletePod(pod.Name, pod.Namespace) - if deleteErr != nil { - klog.Errorf("failed to delete recycler pod %s/%s: %v", pod.Namespace, pod.Name, err) - } - - // Returning recycler error is preferred, the pod will be deleted again on - // the next retry. - if err != nil { - return fmt.Errorf("failed to recycle volume: %s", err) - } - - // Recycle succeeded but we failed to delete the recycler pod. Report it, - // the controller will re-try recycling the PV again shortly. - if deleteErr != nil { - return fmt.Errorf("failed to delete recycler pod: %s", deleteErr) - } - - return nil -} - -// waitForPod watches the pod it until it finishes and send all events on the -// pod to the PV. -func waitForPod(pod *v1.Pod, recyclerClient recyclerClient, podCh <-chan watch.Event) error { - for { - event, ok := <-podCh - if !ok { - return fmt.Errorf("recycler pod %q watch channel had been closed", pod.Name) - } - switch event.Object.(type) { - case *v1.Pod: - // POD changed - pod := event.Object.(*v1.Pod) - klog.V(4).Infof("recycler pod update received: %s %s/%s %s", event.Type, pod.Namespace, pod.Name, pod.Status.Phase) - switch event.Type { - case watch.Added, watch.Modified: - if pod.Status.Phase == v1.PodSucceeded { - // Recycle succeeded. - return nil - } - if pod.Status.Phase == v1.PodFailed { - if pod.Status.Message != "" { - return fmt.Errorf(pod.Status.Message) - } - return fmt.Errorf("pod failed, pod.Status.Message unknown") - } - - case watch.Deleted: - return fmt.Errorf("recycler pod was deleted") - - case watch.Error: - return fmt.Errorf("recycler pod watcher failed") - } - - case *v1.Event: - // Event received - podEvent := event.Object.(*v1.Event) - klog.V(4).Infof("recycler event received: %s %s/%s %s/%s %s", event.Type, podEvent.Namespace, podEvent.Name, podEvent.InvolvedObject.Namespace, podEvent.InvolvedObject.Name, podEvent.Message) - if event.Type == watch.Added { - recyclerClient.Event(podEvent.Type, podEvent.Message) - } - } - } -} - -// recyclerClient abstracts access to a Pod by providing a narrower interface. -// This makes it easier to mock a client for testing. -type recyclerClient interface { - CreatePod(pod *v1.Pod) (*v1.Pod, error) - GetPod(name, namespace string) (*v1.Pod, error) - DeletePod(name, namespace string) error - // WatchPod returns a ListWatch for watching a pod. The stopChannel is used - // to close the reflector backing the watch. The caller is responsible for - // derring a close on the channel to stop the reflector. - WatchPod(name, namespace string, stopChannel chan struct{}) (<-chan watch.Event, error) - // Event sends an event to the volume that is being recycled. - Event(eventtype, message string) -} - -func newRecyclerClient(client clientset.Interface, recorder RecycleEventRecorder) recyclerClient { - return &realRecyclerClient{ - client, - recorder, - } -} - -type realRecyclerClient struct { - client clientset.Interface - recorder RecycleEventRecorder -} - -func (c *realRecyclerClient) CreatePod(pod *v1.Pod) (*v1.Pod, error) { - return c.client.CoreV1().Pods(pod.Namespace).Create(context.TODO(), pod, metav1.CreateOptions{}) -} - -func (c *realRecyclerClient) GetPod(name, namespace string) (*v1.Pod, error) { - return c.client.CoreV1().Pods(namespace).Get(context.TODO(), name, metav1.GetOptions{}) -} - -func (c *realRecyclerClient) DeletePod(name, namespace string) error { - return c.client.CoreV1().Pods(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{}) -} - -func (c *realRecyclerClient) Event(eventtype, message string) { - c.recorder(eventtype, message) -} - -// WatchPod watches a pod and events related to it. It sends pod updates and events over the returned channel -// It will continue until stopChannel is closed -func (c *realRecyclerClient) WatchPod(name, namespace string, stopChannel chan struct{}) (<-chan watch.Event, error) { - podSelector, err := fields.ParseSelector("metadata.name=" + name) - if err != nil { - return nil, err - } - options := metav1.ListOptions{ - FieldSelector: podSelector.String(), - Watch: true, - } - - podWatch, err := c.client.CoreV1().Pods(namespace).Watch(context.TODO(), options) - if err != nil { - return nil, err - } - - eventSelector, _ := fields.ParseSelector("involvedObject.name=" + name) - eventWatch, err := c.client.CoreV1().Events(namespace).Watch(context.TODO(), metav1.ListOptions{ - FieldSelector: eventSelector.String(), - Watch: true, - }) - if err != nil { - podWatch.Stop() - return nil, err - } - - eventCh := make(chan watch.Event, 30) - var wg sync.WaitGroup - wg.Add(2) - - go func() { - defer close(eventCh) - wg.Wait() - }() - - go func() { - defer eventWatch.Stop() - defer wg.Done() - for { - select { - case <-stopChannel: - return - case eventEvent, ok := <-eventWatch.ResultChan(): - if !ok { - return - } - eventCh <- eventEvent - } - } - }() - - go func() { - defer podWatch.Stop() - defer wg.Done() - for { - select { - case <-stopChannel: - return - - case podEvent, ok := <-podWatch.ResultChan(): - if !ok { - return - } - eventCh <- podEvent - } - } - }() - - return eventCh, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/resize_util.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/resize_util.go deleted file mode 100644 index d070f2f296..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/resize_util.go +++ /dev/null @@ -1,389 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "context" - "encoding/json" - "fmt" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/strategicpatch" - utilfeature "k8s.io/apiserver/pkg/util/feature" - clientset "k8s.io/client-go/kubernetes" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/volume" - volumetypes "k8s.io/kubernetes/pkg/volume/util/types" - "k8s.io/mount-utils" -) - -var ( - knownResizeConditions = map[v1.PersistentVolumeClaimConditionType]bool{ - v1.PersistentVolumeClaimFileSystemResizePending: true, - v1.PersistentVolumeClaimResizing: true, - } - - // AnnPreResizeCapacity annotation is added to a PV when expanding volume. - // Its value is status capacity of the PVC prior to the volume expansion - // Its value will be set by the external-resizer when it deems that filesystem resize is required after resizing volume. - // Its value will be used by pv_controller to determine pvc's status capacity when binding pvc and pv. - AnnPreResizeCapacity = "volume.alpha.kubernetes.io/pre-resize-capacity" -) - -type resizeProcessStatus struct { - condition v1.PersistentVolumeClaimCondition - processed bool -} - -// UpdatePVSize updates just pv size after cloudprovider resizing is successful -func UpdatePVSize( - pv *v1.PersistentVolume, - newSize resource.Quantity, - kubeClient clientset.Interface) (*v1.PersistentVolume, error) { - pvClone := pv.DeepCopy() - pvClone.Spec.Capacity[v1.ResourceStorage] = newSize - - return PatchPV(pv, pvClone, kubeClient) -} - -// AddAnnPreResizeCapacity adds volume.alpha.kubernetes.io/pre-resize-capacity from the pv -func AddAnnPreResizeCapacity( - pv *v1.PersistentVolume, - oldCapacity resource.Quantity, - kubeClient clientset.Interface) error { - // if the pv already has a resize annotation skip the process - if metav1.HasAnnotation(pv.ObjectMeta, AnnPreResizeCapacity) { - return nil - } - - pvClone := pv.DeepCopy() - if pvClone.ObjectMeta.Annotations == nil { - pvClone.ObjectMeta.Annotations = make(map[string]string) - } - pvClone.ObjectMeta.Annotations[AnnPreResizeCapacity] = oldCapacity.String() - - _, err := PatchPV(pv, pvClone, kubeClient) - return err -} - -// DeleteAnnPreResizeCapacity deletes volume.alpha.kubernetes.io/pre-resize-capacity from the pv -func DeleteAnnPreResizeCapacity( - pv *v1.PersistentVolume, - kubeClient clientset.Interface) error { - // if the pv does not have a resize annotation skip the entire process - if !metav1.HasAnnotation(pv.ObjectMeta, AnnPreResizeCapacity) { - return nil - } - pvClone := pv.DeepCopy() - delete(pvClone.ObjectMeta.Annotations, AnnPreResizeCapacity) - _, err := PatchPV(pv, pvClone, kubeClient) - return err -} - -// PatchPV creates and executes a patch for pv -func PatchPV( - oldPV *v1.PersistentVolume, - newPV *v1.PersistentVolume, - kubeClient clientset.Interface) (*v1.PersistentVolume, error) { - oldData, err := json.Marshal(oldPV) - if err != nil { - return oldPV, fmt.Errorf("unexpected error marshaling old PV %q with error : %v", oldPV.Name, err) - } - - newData, err := json.Marshal(newPV) - if err != nil { - return oldPV, fmt.Errorf("unexpected error marshaling new PV %q with error : %v", newPV.Name, err) - } - - patchBytes, err := strategicpatch.CreateTwoWayMergePatch(oldData, newData, oldPV) - if err != nil { - return oldPV, fmt.Errorf("error Creating two way merge patch for PV %q with error : %v", oldPV.Name, err) - } - - updatedPV, err := kubeClient.CoreV1().PersistentVolumes().Patch(context.TODO(), oldPV.Name, types.StrategicMergePatchType, patchBytes, metav1.PatchOptions{}) - if err != nil { - return oldPV, fmt.Errorf("error Patching PV %q with error : %v", oldPV.Name, err) - } - return updatedPV, nil -} - -// MarkResizeInProgressWithResizer marks cloudprovider resizing as in progress -// and also annotates the PVC with the name of the resizer. -func MarkResizeInProgressWithResizer( - pvc *v1.PersistentVolumeClaim, - resizerName string, - kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - // Mark PVC as Resize Started - progressCondition := v1.PersistentVolumeClaimCondition{ - Type: v1.PersistentVolumeClaimResizing, - Status: v1.ConditionTrue, - LastTransitionTime: metav1.Now(), - } - conditions := []v1.PersistentVolumeClaimCondition{progressCondition} - newPVC := pvc.DeepCopy() - newPVC = MergeResizeConditionOnPVC(newPVC, conditions) - newPVC = setResizer(newPVC, resizerName) - return PatchPVCStatus(pvc /*oldPVC*/, newPVC, kubeClient) -} - -func MarkControllerReisizeInProgress(pvc *v1.PersistentVolumeClaim, resizerName string, newSize resource.Quantity, kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - // Mark PVC as Resize Started - progressCondition := v1.PersistentVolumeClaimCondition{ - Type: v1.PersistentVolumeClaimResizing, - Status: v1.ConditionTrue, - LastTransitionTime: metav1.Now(), - } - controllerExpansionInProgress := v1.PersistentVolumeClaimControllerExpansionInProgress - conditions := []v1.PersistentVolumeClaimCondition{progressCondition} - newPVC := pvc.DeepCopy() - newPVC = MergeResizeConditionOnPVC(newPVC, conditions) - newPVC.Status.ResizeStatus = &controllerExpansionInProgress - newPVC.Status.AllocatedResources = v1.ResourceList{v1.ResourceStorage: newSize} - newPVC = setResizer(newPVC, resizerName) - return PatchPVCStatus(pvc /*oldPVC*/, newPVC, kubeClient) -} - -// SetClaimResizer sets resizer annotation on PVC -func SetClaimResizer( - pvc *v1.PersistentVolumeClaim, - resizerName string, - kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - newPVC := pvc.DeepCopy() - newPVC = setResizer(newPVC, resizerName) - return PatchPVCStatus(pvc /*oldPVC*/, newPVC, kubeClient) -} - -func setResizer(pvc *v1.PersistentVolumeClaim, resizerName string) *v1.PersistentVolumeClaim { - if val, ok := pvc.Annotations[volumetypes.VolumeResizerKey]; ok && val == resizerName { - return pvc - } - metav1.SetMetaDataAnnotation(&pvc.ObjectMeta, volumetypes.VolumeResizerKey, resizerName) - return pvc -} - -// MarkForFSResize marks file system resizing as pending -func MarkForFSResize( - pvc *v1.PersistentVolumeClaim, - kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - pvcCondition := v1.PersistentVolumeClaimCondition{ - Type: v1.PersistentVolumeClaimFileSystemResizePending, - Status: v1.ConditionTrue, - LastTransitionTime: metav1.Now(), - Message: "Waiting for user to (re-)start a pod to finish file system resize of volume on node.", - } - conditions := []v1.PersistentVolumeClaimCondition{pvcCondition} - newPVC := pvc.DeepCopy() - if utilfeature.DefaultFeatureGate.Enabled(features.RecoverVolumeExpansionFailure) { - expansionPendingOnNode := v1.PersistentVolumeClaimNodeExpansionPending - newPVC.Status.ResizeStatus = &expansionPendingOnNode - } - newPVC = MergeResizeConditionOnPVC(newPVC, conditions) - updatedPVC, err := PatchPVCStatus(pvc /*oldPVC*/, newPVC, kubeClient) - return updatedPVC, err -} - -// MarkResizeFinished marks all resizing as done -func MarkResizeFinished( - pvc *v1.PersistentVolumeClaim, - newSize resource.Quantity, - kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - return MarkFSResizeFinished(pvc, newSize, kubeClient) -} - -// MarkFSResizeFinished marks file system resizing as done -func MarkFSResizeFinished( - pvc *v1.PersistentVolumeClaim, - newSize resource.Quantity, - kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - newPVC := pvc.DeepCopy() - - newPVC.Status.Capacity[v1.ResourceStorage] = newSize - - // if RecoverVolumeExpansionFailure is enabled, we need to reset ResizeStatus back to nil - if utilfeature.DefaultFeatureGate.Enabled(features.RecoverVolumeExpansionFailure) { - expansionFinished := v1.PersistentVolumeClaimNoExpansionInProgress - newPVC.Status.ResizeStatus = &expansionFinished - } - - newPVC = MergeResizeConditionOnPVC(newPVC, []v1.PersistentVolumeClaimCondition{}) - updatedPVC, err := PatchPVCStatus(pvc /*oldPVC*/, newPVC, kubeClient) - return updatedPVC, err -} - -func MarkControllerExpansionFailed(pvc *v1.PersistentVolumeClaim, kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - expansionFailedOnController := v1.PersistentVolumeClaimControllerExpansionFailed - newPVC := pvc.DeepCopy() - newPVC.Status.ResizeStatus = &expansionFailedOnController - patchBytes, err := createPVCPatch(pvc, newPVC, false /* addResourceVersionCheck */) - if err != nil { - return pvc, fmt.Errorf("patchPVCStatus failed to patch PVC %q: %v", pvc.Name, err) - } - - updatedClaim, updateErr := kubeClient.CoreV1().PersistentVolumeClaims(pvc.Namespace). - Patch(context.TODO(), pvc.Name, types.StrategicMergePatchType, patchBytes, metav1.PatchOptions{}, "status") - if updateErr != nil { - return pvc, fmt.Errorf("patchPVCStatus failed to patch PVC %q: %v", pvc.Name, updateErr) - } - return updatedClaim, nil -} - -// MarkNodeExpansionFailed marks a PVC for node expansion as failed. Kubelet should not retry expansion -// of volumes which are in failed state. -func MarkNodeExpansionFailed(pvc *v1.PersistentVolumeClaim, kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - expansionFailedOnNode := v1.PersistentVolumeClaimNodeExpansionFailed - newPVC := pvc.DeepCopy() - newPVC.Status.ResizeStatus = &expansionFailedOnNode - patchBytes, err := createPVCPatch(pvc, newPVC, false /* addResourceVersionCheck */) - if err != nil { - return pvc, fmt.Errorf("patchPVCStatus failed to patch PVC %q: %v", pvc.Name, err) - } - - updatedClaim, updateErr := kubeClient.CoreV1().PersistentVolumeClaims(pvc.Namespace). - Patch(context.TODO(), pvc.Name, types.StrategicMergePatchType, patchBytes, metav1.PatchOptions{}, "status") - if updateErr != nil { - return pvc, fmt.Errorf("patchPVCStatus failed to patch PVC %q: %v", pvc.Name, updateErr) - } - return updatedClaim, nil -} - -// MarkNodeExpansionInProgress marks pvc expansion in progress on node -func MarkNodeExpansionInProgress(pvc *v1.PersistentVolumeClaim, kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - nodeExpansionInProgress := v1.PersistentVolumeClaimNodeExpansionInProgress - newPVC := pvc.DeepCopy() - newPVC.Status.ResizeStatus = &nodeExpansionInProgress - updatedPVC, err := PatchPVCStatus(pvc /* oldPVC */, newPVC, kubeClient) - return updatedPVC, err -} - -// PatchPVCStatus updates PVC status using PATCH verb -// Don't use Update because this can be called from kubelet and if kubelet has an older client its -// Updates will overwrite new fields. And to avoid writing to a stale object, add ResourceVersion -// to the patch so that Patch will fail if the patch's RV != actual up-to-date RV like Update would -func PatchPVCStatus( - oldPVC *v1.PersistentVolumeClaim, - newPVC *v1.PersistentVolumeClaim, - kubeClient clientset.Interface) (*v1.PersistentVolumeClaim, error) { - patchBytes, err := createPVCPatch(oldPVC, newPVC, true /* addResourceVersionCheck */) - if err != nil { - return oldPVC, fmt.Errorf("patchPVCStatus failed to patch PVC %q: %v", oldPVC.Name, err) - } - - updatedClaim, updateErr := kubeClient.CoreV1().PersistentVolumeClaims(oldPVC.Namespace). - Patch(context.TODO(), oldPVC.Name, types.StrategicMergePatchType, patchBytes, metav1.PatchOptions{}, "status") - if updateErr != nil { - return oldPVC, fmt.Errorf("patchPVCStatus failed to patch PVC %q: %v", oldPVC.Name, updateErr) - } - return updatedClaim, nil -} - -func createPVCPatch( - oldPVC *v1.PersistentVolumeClaim, - newPVC *v1.PersistentVolumeClaim, addResourceVersionCheck bool) ([]byte, error) { - oldData, err := json.Marshal(oldPVC) - if err != nil { - return nil, fmt.Errorf("failed to marshal old data: %v", err) - } - - newData, err := json.Marshal(newPVC) - if err != nil { - return nil, fmt.Errorf("failed to marshal new data: %v", err) - } - - patchBytes, err := strategicpatch.CreateTwoWayMergePatch(oldData, newData, oldPVC) - if err != nil { - return nil, fmt.Errorf("failed to create 2 way merge patch: %v", err) - } - - if addResourceVersionCheck { - patchBytes, err = addResourceVersion(patchBytes, oldPVC.ResourceVersion) - if err != nil { - return nil, fmt.Errorf("failed to add resource version: %v", err) - } - } - - return patchBytes, nil -} - -func addResourceVersion(patchBytes []byte, resourceVersion string) ([]byte, error) { - var patchMap map[string]interface{} - err := json.Unmarshal(patchBytes, &patchMap) - if err != nil { - return nil, fmt.Errorf("error unmarshalling patch: %v", err) - } - u := unstructured.Unstructured{Object: patchMap} - a, err := meta.Accessor(&u) - if err != nil { - return nil, fmt.Errorf("error creating accessor: %v", err) - } - a.SetResourceVersion(resourceVersion) - versionBytes, err := json.Marshal(patchMap) - if err != nil { - return nil, fmt.Errorf("error marshalling json patch: %v", err) - } - return versionBytes, nil -} - -// MergeResizeConditionOnPVC updates pvc with requested resize conditions -// leaving other conditions untouched. -func MergeResizeConditionOnPVC( - pvc *v1.PersistentVolumeClaim, - resizeConditions []v1.PersistentVolumeClaimCondition) *v1.PersistentVolumeClaim { - resizeConditionMap := map[v1.PersistentVolumeClaimConditionType]*resizeProcessStatus{} - - for _, condition := range resizeConditions { - resizeConditionMap[condition.Type] = &resizeProcessStatus{condition, false} - } - - oldConditions := pvc.Status.Conditions - newConditions := []v1.PersistentVolumeClaimCondition{} - for _, condition := range oldConditions { - // If Condition is of not resize type, we keep it. - if _, ok := knownResizeConditions[condition.Type]; !ok { - newConditions = append(newConditions, condition) - continue - } - - if newCondition, ok := resizeConditionMap[condition.Type]; ok { - if newCondition.condition.Status != condition.Status { - newConditions = append(newConditions, newCondition.condition) - } else { - newConditions = append(newConditions, condition) - } - newCondition.processed = true - } - } - - // append all unprocessed conditions - for _, newCondition := range resizeConditionMap { - if !newCondition.processed { - newConditions = append(newConditions, newCondition.condition) - } - } - pvc.Status.Conditions = newConditions - return pvc -} - -// GenericResizeFS : call generic filesystem resizer for plugins that don't have any special filesystem resize requirements -func GenericResizeFS(host volume.VolumeHost, pluginName, devicePath, deviceMountPath string) (bool, error) { - resizer := mount.NewResizeFs(host.GetExec(pluginName)) - return resizer.Resize(devicePath, deviceMountPath) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/selinux.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/selinux.go deleted file mode 100644 index 22854734f3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/selinux.go +++ /dev/null @@ -1,198 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "fmt" - - "github.com/opencontainers/selinux/go-selinux" - "github.com/opencontainers/selinux/go-selinux/label" - v1 "k8s.io/api/core/v1" - utilfeature "k8s.io/apiserver/pkg/util/feature" - v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/volume" -) - -// SELinuxLabelTranslator translates v1.SELinuxOptions of a process to SELinux file label. -type SELinuxLabelTranslator interface { - // SELinuxOptionsToFileLabel returns SELinux file label for given SELinuxOptions - // of a container process. - // When Role, User or Type are empty, they're read from the system defaults. - // It returns "" and no error on platforms that do not have SELinux enabled - // or don't support SELinux at all. - SELinuxOptionsToFileLabel(opts *v1.SELinuxOptions) (string, error) - - // SELinuxEnabled returns true when the OS has enabled SELinux support. - SELinuxEnabled() bool -} - -// Real implementation of the interface. -// On Linux with SELinux enabled it translates. Otherwise it always returns an empty string and no error. -type translator struct{} - -var _ SELinuxLabelTranslator = &translator{} - -// NewSELinuxLabelTranslator returns new SELinuxLabelTranslator for the platform. -func NewSELinuxLabelTranslator() SELinuxLabelTranslator { - return &translator{} -} - -// SELinuxOptionsToFileLabel returns SELinux file label for given SELinuxOptions -// of a container process. -// When Role, User or Type are empty, they're read from the system defaults. -// It returns "" and no error on platforms that do not have SELinux enabled -// or don't support SELinux at all. -func (l *translator) SELinuxOptionsToFileLabel(opts *v1.SELinuxOptions) (string, error) { - if opts == nil { - return "", nil - } - - args := contextOptions(opts) - if len(args) == 0 { - return "", nil - } - - processLabel, fileLabel, err := label.InitLabels(args) - if err != nil { - // In theory, this should be unreachable. InitLabels can fail only when args contain an unknown option, - // and all options returned by contextOptions are known. - return "", err - } - // InitLabels() may allocate a new unique SELinux label in kubelet memory. The label is *not* allocated - // in the container runtime. Clear it to avoid memory problems. - // ReleaseLabel on non-allocated label is NOOP. - selinux.ReleaseLabel(processLabel) - - return fileLabel, nil -} - -// Convert SELinuxOptions to []string accepted by label.InitLabels -func contextOptions(opts *v1.SELinuxOptions) []string { - if opts == nil { - return nil - } - args := make([]string, 0, 3) - if opts.User != "" { - args = append(args, "user:"+opts.User) - } - if opts.Role != "" { - args = append(args, "role:"+opts.Role) - } - if opts.Type != "" { - args = append(args, "type:"+opts.Type) - } - if opts.Level != "" { - args = append(args, "level:"+opts.Level) - } - return args -} - -func (l *translator) SELinuxEnabled() bool { - return selinux.GetEnabled() -} - -// Fake implementation of the interface for unit tests. -type fakeTranslator struct{} - -var _ SELinuxLabelTranslator = &fakeTranslator{} - -// NewFakeSELinuxLabelTranslator returns a fake translator for unit tests. -// It imitates a real translator on platforms that do not have SELinux enabled -// or don't support SELinux at all. -func NewFakeSELinuxLabelTranslator() SELinuxLabelTranslator { - return &fakeTranslator{} -} - -// SELinuxOptionsToFileLabel returns SELinux file label for given options. -func (l *fakeTranslator) SELinuxOptionsToFileLabel(opts *v1.SELinuxOptions) (string, error) { - if opts == nil { - return "", nil - } - // Fill empty values from "system defaults" (taken from Fedora Linux). - user := opts.User - if user == "" { - user = "system_u" - } - - role := opts.Role - if role == "" { - role = "object_r" - } - - // opts is context of the *process* to run in a container. Translate - // process type "container_t" to file label type "container_file_t". - // (The rest of the context is the same for processes and files). - fileType := opts.Type - if fileType == "" || fileType == "container_t" { - fileType = "container_file_t" - } - - level := opts.Level - if level == "" { - // If empty, level is allocated randomly. - level = "s0:c998,c999" - } - - ctx := fmt.Sprintf("%s:%s:%s:%s", user, role, fileType, level) - return ctx, nil -} - -func (l *fakeTranslator) SELinuxEnabled() bool { - return true -} - -// SupportsSELinuxContextMount checks if the given volumeSpec supports with mount -o context -func SupportsSELinuxContextMount(volumeSpec *volume.Spec, volumePluginMgr *volume.VolumePluginMgr) (bool, error) { - plugin, _ := volumePluginMgr.FindPluginBySpec(volumeSpec) - if plugin != nil { - return plugin.SupportsSELinuxContextMount(volumeSpec) - } - - return false, nil -} - -// VolumeSupportsSELinuxMount returns true if given volume access mode can support mount with SELinux mount options. -func VolumeSupportsSELinuxMount(volumeSpec *volume.Spec) bool { - // Right now, SELinux mount is supported only for ReadWriteOncePod volumes. - if !utilfeature.DefaultFeatureGate.Enabled(features.ReadWriteOncePod) { - return false - } - if !utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - return false - } - if volumeSpec.PersistentVolume == nil { - return false - } - if len(volumeSpec.PersistentVolume.Spec.AccessModes) != 1 { - return false - } - if !v1helper.ContainsAccessMode(volumeSpec.PersistentVolume.Spec.AccessModes, v1.ReadWriteOncePod) { - return false - } - return true -} - -// AddSELinuxMountOption adds -o context="XYZ" mount option to a given list -func AddSELinuxMountOption(options []string, seLinuxContext string) []string { - if !utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - return options - } - // Use double quotes to support a comma "," in the SELinux context string. - // For example: dirsync,context="system_u:object_r:container_file_t:s0:c15,c25",noatime - return append(options, fmt.Sprintf("context=%q", seLinuxContext)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/storageclass.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/storageclass.go deleted file mode 100644 index d2098c2580..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/storageclass.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "sort" - - storagev1 "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - storagev1listers "k8s.io/client-go/listers/storage/v1" - "k8s.io/klog/v2" -) - -const ( - // isDefaultStorageClassAnnotation represents a StorageClass annotation that - // marks a class as the default StorageClass - IsDefaultStorageClassAnnotation = "storageclass.kubernetes.io/is-default-class" - - // betaIsDefaultStorageClassAnnotation is the beta version of IsDefaultStorageClassAnnotation. - // TODO: remove Beta when no longer used - BetaIsDefaultStorageClassAnnotation = "storageclass.beta.kubernetes.io/is-default-class" -) - -// GetDefaultClass returns the default StorageClass from the store, or nil. -func GetDefaultClass(lister storagev1listers.StorageClassLister) (*storagev1.StorageClass, error) { - list, err := lister.List(labels.Everything()) - if err != nil { - return nil, err - } - - defaultClasses := []*storagev1.StorageClass{} - for _, class := range list { - if IsDefaultAnnotation(class.ObjectMeta) { - defaultClasses = append(defaultClasses, class) - klog.V(4).Infof("GetDefaultClass added: %s", class.Name) - } - } - - if len(defaultClasses) == 0 { - return nil, nil - } - - // Primary sort by creation timestamp, newest first - // Secondary sort by class name, ascending order - sort.Slice(defaultClasses, func(i, j int) bool { - if defaultClasses[i].CreationTimestamp.UnixNano() == defaultClasses[j].CreationTimestamp.UnixNano() { - return defaultClasses[i].Name < defaultClasses[j].Name - } - return defaultClasses[i].CreationTimestamp.UnixNano() > defaultClasses[j].CreationTimestamp.UnixNano() - }) - if len(defaultClasses) > 1 { - klog.V(4).Infof("%d default StorageClasses were found, choosing the newest: %s", len(defaultClasses), defaultClasses[0].Name) - } - - return defaultClasses[0], nil -} - -// IsDefaultAnnotation returns a boolean if the default storage class -// annotation is set -// TODO: remove Beta when no longer needed -func IsDefaultAnnotation(obj metav1.ObjectMeta) bool { - if obj.Annotations[IsDefaultStorageClassAnnotation] == "true" { - return true - } - if obj.Annotations[BetaIsDefaultStorageClassAnnotation] == "true" { - return true - } - - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/OWNERS b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/OWNERS deleted file mode 100644 index 3514de0fc0..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - jingxu97 - - saad-ali - - jsafrane - - msau42 - - andyzhangx -approvers: - - jingxu97 - - saad-ali - - jsafrane diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath.go deleted file mode 100644 index c843f6cf89..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath.go +++ /dev/null @@ -1,92 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package subpath - -import "os" - -// Interface defines the set of methods all subpathers must implement -type Interface interface { - // CleanSubPaths removes any bind-mounts created by PrepareSafeSubpath in given - // pod volume directory. - CleanSubPaths(poodDir string, volumeName string) error - - // PrepareSafeSubpath does everything that's necessary to prepare a subPath - // that's 1) inside given volumePath and 2) immutable after this call. - // - // newHostPath - location of prepared subPath. It should be used instead of - // hostName when running the container. - // cleanupAction - action to run when the container is running or it failed to start. - // - // CleanupAction must be called immediately after the container with given - // subpath starts. On the other hand, Interface.CleanSubPaths must be called - // when the pod finishes. - PrepareSafeSubpath(subPath Subpath) (newHostPath string, cleanupAction func(), err error) - - // SafeMakeDir creates subdir within given base. It makes sure that the - // created directory does not escape given base directory mis-using - // symlinks. Note that the function makes sure that it creates the directory - // somewhere under the base, nothing else. E.g. if the directory already - // exists, it may exist outside of the base due to symlinks. - // This method should be used if the directory to create is inside volume - // that's under user control. User must not be able to use symlinks to - // escape the volume to create directories somewhere else. - SafeMakeDir(subdir string, base string, perm os.FileMode) error -} - -// Subpath defines the attributes of a subpath -type Subpath struct { - // index of the VolumeMount for this container - VolumeMountIndex int - - // Full path to the subpath directory on the host - Path string - - // name of the volume that is a valid directory name. - VolumeName string - - // Full path to the volume path - VolumePath string - - // Path to the pod's directory, including pod UID - PodDir string - - // Name of the container - ContainerName string -} - -// Compile time-check for all implementers of subpath interface -var _ Interface = &subpath{} -var _ Interface = &FakeSubpath{} - -// FakeSubpath is a subpather implementation for testing -type FakeSubpath struct{} - -// PrepareSafeSubpath is a fake implementation of PrepareSafeSubpath. Always returns -// newHostPath == subPath.Path -func (fs *FakeSubpath) PrepareSafeSubpath(subPath Subpath) (newHostPath string, cleanupAction func(), err error) { - return subPath.Path, nil, nil -} - -// CleanSubPaths is a fake implementation of CleanSubPaths. It is a noop -func (fs *FakeSubpath) CleanSubPaths(podDir string, volumeName string) error { - return nil -} - -// SafeMakeDir is a fake implementation of SafeMakeDir. It is a noop -func (fs *FakeSubpath) SafeMakeDir(pathname string, base string, perm os.FileMode) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_linux.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_linux.go deleted file mode 100644 index 583939bdc4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_linux.go +++ /dev/null @@ -1,609 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package subpath - -import ( - "fmt" - "io/ioutil" - "os" - "path/filepath" - "strconv" - "strings" - "syscall" - - "golang.org/x/sys/unix" - "k8s.io/klog/v2" - "k8s.io/mount-utils" -) - -const ( - // place for subpath mounts - // TODO: pass in directory using kubelet_getters instead - containerSubPathDirectoryName = "volume-subpaths" - // syscall.Openat flags used to traverse directories not following symlinks - nofollowFlags = unix.O_RDONLY | unix.O_NOFOLLOW - // flags for getting file descriptor without following the symlink - openFDFlags = unix.O_NOFOLLOW | unix.O_PATH -) - -type subpath struct { - mounter mount.Interface -} - -// New returns a subpath.Interface for the current system -func New(mounter mount.Interface) Interface { - return &subpath{ - mounter: mounter, - } -} - -func (sp *subpath) CleanSubPaths(podDir string, volumeName string) error { - return doCleanSubPaths(sp.mounter, podDir, volumeName) -} - -func (sp *subpath) SafeMakeDir(subdir string, base string, perm os.FileMode) error { - realBase, err := filepath.EvalSymlinks(base) - if err != nil { - return fmt.Errorf("error resolving symlinks in %s: %s", base, err) - } - - realFullPath := filepath.Join(realBase, subdir) - - return doSafeMakeDir(realFullPath, realBase, perm) -} - -func (sp *subpath) PrepareSafeSubpath(subPath Subpath) (newHostPath string, cleanupAction func(), err error) { - newHostPath, err = doBindSubPath(sp.mounter, subPath) - - // There is no action when the container starts. Bind-mount will be cleaned - // when container stops by CleanSubPaths. - cleanupAction = nil - return newHostPath, cleanupAction, err -} - -// This implementation is shared between Linux and NsEnter -func safeOpenSubPath(mounter mount.Interface, subpath Subpath) (int, error) { - if !mount.PathWithinBase(subpath.Path, subpath.VolumePath) { - return -1, fmt.Errorf("subpath %q not within volume path %q", subpath.Path, subpath.VolumePath) - } - fd, err := doSafeOpen(subpath.Path, subpath.VolumePath) - if err != nil { - return -1, fmt.Errorf("error opening subpath %v: %v", subpath.Path, err) - } - return fd, nil -} - -// prepareSubpathTarget creates target for bind-mount of subpath. It returns -// "true" when the target already exists and something is mounted there. -// Given Subpath must have all paths with already resolved symlinks and with -// paths relevant to kubelet (when it runs in a container). -// This function is called also by NsEnterMounter. It works because -// /var/lib/kubelet is mounted from the host into the container with Kubelet as -// /var/lib/kubelet too. -func prepareSubpathTarget(mounter mount.Interface, subpath Subpath) (bool, string, error) { - // Early check for already bind-mounted subpath. - bindPathTarget := getSubpathBindTarget(subpath) - notMount, err := mount.IsNotMountPoint(mounter, bindPathTarget) - if err != nil { - if !os.IsNotExist(err) { - return false, "", fmt.Errorf("error checking path %s for mount: %s", bindPathTarget, err) - } - // Ignore ErrorNotExist: the file/directory will be created below if it does not exist yet. - notMount = true - } - if !notMount { - // It's already mounted, so check if it's bind-mounted to the same path - samePath, err := checkSubPathFileEqual(subpath, bindPathTarget) - if err != nil { - return false, "", fmt.Errorf("error checking subpath mount info for %s: %s", bindPathTarget, err) - } - if !samePath { - // It's already mounted but not what we want, unmount it - if err = mounter.Unmount(bindPathTarget); err != nil { - return false, "", fmt.Errorf("error ummounting %s: %s", bindPathTarget, err) - } - } else { - // It's already mounted - klog.V(5).Infof("Skipping bind-mounting subpath %s: already mounted", bindPathTarget) - return true, bindPathTarget, nil - } - } - - // bindPathTarget is in /var/lib/kubelet and thus reachable without any - // translation even to containerized kubelet. - bindParent := filepath.Dir(bindPathTarget) - err = os.MkdirAll(bindParent, 0750) - if err != nil && !os.IsExist(err) { - return false, "", fmt.Errorf("error creating directory %s: %s", bindParent, err) - } - - t, err := os.Lstat(subpath.Path) - if err != nil { - return false, "", fmt.Errorf("lstat %s failed: %s", subpath.Path, err) - } - - if t.Mode()&os.ModeDir > 0 { - if err = os.Mkdir(bindPathTarget, 0750); err != nil && !os.IsExist(err) { - return false, "", fmt.Errorf("error creating directory %s: %s", bindPathTarget, err) - } - } else { - // "/bin/touch <bindPathTarget>". - // A file is enough for all possible targets (symlink, device, pipe, - // socket, ...), bind-mounting them into a file correctly changes type - // of the target file. - if err = ioutil.WriteFile(bindPathTarget, []byte{}, 0640); err != nil { - return false, "", fmt.Errorf("error creating file %s: %s", bindPathTarget, err) - } - } - return false, bindPathTarget, nil -} - -func checkSubPathFileEqual(subpath Subpath, bindMountTarget string) (bool, error) { - s, err := os.Lstat(subpath.Path) - if err != nil { - return false, fmt.Errorf("stat %s failed: %s", subpath.Path, err) - } - - t, err := os.Lstat(bindMountTarget) - if err != nil { - return false, fmt.Errorf("lstat %s failed: %s", bindMountTarget, err) - } - - if !os.SameFile(s, t) { - return false, nil - } - return true, nil -} - -func getSubpathBindTarget(subpath Subpath) string { - // containerName is DNS label, i.e. safe as a directory name. - return filepath.Join(subpath.PodDir, containerSubPathDirectoryName, subpath.VolumeName, subpath.ContainerName, strconv.Itoa(subpath.VolumeMountIndex)) -} - -func doBindSubPath(mounter mount.Interface, subpath Subpath) (hostPath string, err error) { - // Linux, kubelet runs on the host: - // - safely open the subpath - // - bind-mount /proc/<pid of kubelet>/fd/<fd> to subpath target - // User can't change /proc/<pid of kubelet>/fd/<fd> to point to a bad place. - - // Evaluate all symlinks here once for all subsequent functions. - newVolumePath, err := filepath.EvalSymlinks(subpath.VolumePath) - if err != nil { - return "", fmt.Errorf("error resolving symlinks in %q: %v", subpath.VolumePath, err) - } - newPath, err := filepath.EvalSymlinks(subpath.Path) - if err != nil { - return "", fmt.Errorf("error resolving symlinks in %q: %v", subpath.Path, err) - } - klog.V(5).Infof("doBindSubPath %q (%q) for volumepath %q", subpath.Path, newPath, subpath.VolumePath) - subpath.VolumePath = newVolumePath - subpath.Path = newPath - - fd, err := safeOpenSubPath(mounter, subpath) - if err != nil { - return "", err - } - defer syscall.Close(fd) - - alreadyMounted, bindPathTarget, err := prepareSubpathTarget(mounter, subpath) - if err != nil { - return "", err - } - if alreadyMounted { - return bindPathTarget, nil - } - - success := false - defer func() { - // Cleanup subpath on error - if !success { - klog.V(4).Infof("doBindSubPath() failed for %q, cleaning up subpath", bindPathTarget) - if cleanErr := cleanSubPath(mounter, subpath); cleanErr != nil { - klog.Errorf("Failed to clean subpath %q: %v", bindPathTarget, cleanErr) - } - } - }() - - kubeletPid := os.Getpid() - mountSource := fmt.Sprintf("/proc/%d/fd/%v", kubeletPid, fd) - - // Do the bind mount - options := []string{"bind"} - mountFlags := []string{"--no-canonicalize"} - klog.V(5).Infof("bind mounting %q at %q", mountSource, bindPathTarget) - if err = mounter.MountSensitiveWithoutSystemdWithMountFlags(mountSource, bindPathTarget, "" /*fstype*/, options, nil /* sensitiveOptions */, mountFlags); err != nil { - return "", fmt.Errorf("error mounting %s: %s", subpath.Path, err) - } - success = true - - klog.V(3).Infof("Bound SubPath %s into %s", subpath.Path, bindPathTarget) - return bindPathTarget, nil -} - -// This implementation is shared between Linux and NsEnter -func doCleanSubPaths(mounter mount.Interface, podDir string, volumeName string) error { - // scan /var/lib/kubelet/pods/<uid>/volume-subpaths/<volume>/* - subPathDir := filepath.Join(podDir, containerSubPathDirectoryName, volumeName) - klog.V(4).Infof("Cleaning up subpath mounts for %s", subPathDir) - - containerDirs, err := ioutil.ReadDir(subPathDir) - if err != nil { - if os.IsNotExist(err) { - return nil - } - return fmt.Errorf("error reading %s: %s", subPathDir, err) - } - - for _, containerDir := range containerDirs { - if !containerDir.IsDir() { - klog.V(4).Infof("Container file is not a directory: %s", containerDir.Name()) - continue - } - klog.V(4).Infof("Cleaning up subpath mounts for container %s", containerDir.Name()) - - // scan /var/lib/kubelet/pods/<uid>/volume-subpaths/<volume>/<container name>/* - fullContainerDirPath := filepath.Join(subPathDir, containerDir.Name()) - // The original traversal method here was ReadDir, which was not so robust to handle some error such as "stale NFS file handle", - // so it was replaced with filepath.Walk in a later patch, which can pass through error and handled by the callback WalkFunc. - // After go 1.16, WalkDir was introduced, it's more effective than Walk because the callback WalkDirFunc is called before - // reading a directory, making it save some time when a container's subPath contains lots of dirs. - // See https://github.com/kubernetes/kubernetes/pull/71804 and https://github.com/kubernetes/kubernetes/issues/107667 for more details. - err = filepath.WalkDir(fullContainerDirPath, func(path string, info os.DirEntry, _ error) error { - if path == fullContainerDirPath { - // Skip top level directory - return nil - } - - // pass through errors and let doCleanSubPath handle them - if err = doCleanSubPath(mounter, fullContainerDirPath, filepath.Base(path)); err != nil { - return err - } - - // We need to check that info is not nil. This may happen when the incoming err is not nil due to stale mounts or permission errors. - if info != nil && info.IsDir() { - // skip subdirs of the volume: it only matters the first level to unmount, otherwise it would try to unmount subdir of the volume - return filepath.SkipDir - } - - return nil - }) - if err != nil { - return fmt.Errorf("error processing %s: %s", fullContainerDirPath, err) - } - - // Whole container has been processed, remove its directory. - if err := os.Remove(fullContainerDirPath); err != nil { - return fmt.Errorf("error deleting %s: %s", fullContainerDirPath, err) - } - klog.V(5).Infof("Removed %s", fullContainerDirPath) - } - // Whole pod volume subpaths have been cleaned up, remove its subpath directory. - if err := os.Remove(subPathDir); err != nil { - return fmt.Errorf("error deleting %s: %s", subPathDir, err) - } - klog.V(5).Infof("Removed %s", subPathDir) - - // Remove entire subpath directory if it's the last one - podSubPathDir := filepath.Join(podDir, containerSubPathDirectoryName) - if err := os.Remove(podSubPathDir); err != nil && !os.IsExist(err) { - return fmt.Errorf("error deleting %s: %s", podSubPathDir, err) - } - klog.V(5).Infof("Removed %s", podSubPathDir) - return nil -} - -// doCleanSubPath tears down the single subpath bind mount -func doCleanSubPath(mounter mount.Interface, fullContainerDirPath, subPathIndex string) error { - // process /var/lib/kubelet/pods/<uid>/volume-subpaths/<volume>/<container name>/<subPathName> - klog.V(4).Infof("Cleaning up subpath mounts for subpath %v", subPathIndex) - fullSubPath := filepath.Join(fullContainerDirPath, subPathIndex) - - if err := mount.CleanupMountPoint(fullSubPath, mounter, true); err != nil { - return fmt.Errorf("error cleaning subpath mount %s: %s", fullSubPath, err) - } - - klog.V(4).Infof("Successfully cleaned subpath directory %s", fullSubPath) - return nil -} - -// cleanSubPath will teardown the subpath bind mount and any remove any directories if empty -func cleanSubPath(mounter mount.Interface, subpath Subpath) error { - containerDir := filepath.Join(subpath.PodDir, containerSubPathDirectoryName, subpath.VolumeName, subpath.ContainerName) - - // Clean subdir bindmount - if err := doCleanSubPath(mounter, containerDir, strconv.Itoa(subpath.VolumeMountIndex)); err != nil && !os.IsNotExist(err) { - return err - } - - // Recusively remove directories if empty - if err := removeEmptyDirs(subpath.PodDir, containerDir); err != nil { - return err - } - - return nil -} - -// removeEmptyDirs works backwards from endDir to baseDir and removes each directory -// if it is empty. It stops once it encounters a directory that has content -func removeEmptyDirs(baseDir, endDir string) error { - if !mount.PathWithinBase(endDir, baseDir) { - return fmt.Errorf("endDir %q is not within baseDir %q", endDir, baseDir) - } - - for curDir := endDir; curDir != baseDir; curDir = filepath.Dir(curDir) { - s, err := os.Stat(curDir) - if err != nil { - if os.IsNotExist(err) { - klog.V(5).Infof("curDir %q doesn't exist, skipping", curDir) - continue - } - return fmt.Errorf("error stat %q: %v", curDir, err) - } - if !s.IsDir() { - return fmt.Errorf("path %q not a directory", curDir) - } - - err = os.Remove(curDir) - if os.IsExist(err) { - klog.V(5).Infof("Directory %q not empty, not removing", curDir) - break - } else if err != nil { - return fmt.Errorf("error removing directory %q: %v", curDir, err) - } - klog.V(5).Infof("Removed directory %q", curDir) - } - return nil -} - -// This implementation is shared between Linux and NsEnterMounter. Both pathname -// and base must be either already resolved symlinks or thet will be resolved in -// kubelet's mount namespace (in case it runs containerized). -func doSafeMakeDir(pathname string, base string, perm os.FileMode) error { - klog.V(4).Infof("Creating directory %q within base %q", pathname, base) - - if !mount.PathWithinBase(pathname, base) { - return fmt.Errorf("path %s is outside of allowed base %s", pathname, base) - } - - // Quick check if the directory already exists - s, err := os.Stat(pathname) - if err == nil { - // Path exists - if s.IsDir() { - // The directory already exists. It can be outside of the parent, - // but there is no race-proof check. - klog.V(4).Infof("Directory %s already exists", pathname) - return nil - } - return &os.PathError{Op: "mkdir", Path: pathname, Err: syscall.ENOTDIR} - } - - // Find all existing directories - existingPath, toCreate, err := findExistingPrefix(base, pathname) - if err != nil { - return fmt.Errorf("error opening directory %s: %s", pathname, err) - } - // Ensure the existing directory is inside allowed base - fullExistingPath, err := filepath.EvalSymlinks(existingPath) - if err != nil { - return fmt.Errorf("error opening directory %s: %s", existingPath, err) - } - if !mount.PathWithinBase(fullExistingPath, base) { - return fmt.Errorf("path %s is outside of allowed base %s", fullExistingPath, err) - } - - klog.V(4).Infof("%q already exists, %q to create", fullExistingPath, filepath.Join(toCreate...)) - parentFD, err := doSafeOpen(fullExistingPath, base) - if err != nil { - return fmt.Errorf("cannot open directory %s: %s", existingPath, err) - } - childFD := -1 - defer func() { - if parentFD != -1 { - if err = syscall.Close(parentFD); err != nil { - klog.V(4).Infof("Closing FD %v failed for safemkdir(%v): %v", parentFD, pathname, err) - } - } - if childFD != -1 { - if err = syscall.Close(childFD); err != nil { - klog.V(4).Infof("Closing FD %v failed for safemkdir(%v): %v", childFD, pathname, err) - } - } - }() - - currentPath := fullExistingPath - // create the directories one by one, making sure nobody can change - // created directory into symlink. - for _, dir := range toCreate { - currentPath = filepath.Join(currentPath, dir) - klog.V(4).Infof("Creating %s", dir) - err = syscall.Mkdirat(parentFD, currentPath, uint32(perm)) - if err != nil { - return fmt.Errorf("cannot create directory %s: %s", currentPath, err) - } - // Dive into the created directory - childFD, err = syscall.Openat(parentFD, dir, nofollowFlags|unix.O_CLOEXEC, 0) - if err != nil { - return fmt.Errorf("cannot open %s: %s", currentPath, err) - } - // We can be sure that childFD is safe to use. It could be changed - // by user after Mkdirat() and before Openat(), however: - // - it could not be changed to symlink - we use nofollowFlags - // - it could be changed to a file (or device, pipe, socket, ...) - // but either subsequent Mkdirat() fails or we mount this file - // to user's container. Security is no violated in both cases - // and user either gets error or the file that it can already access. - - if err = syscall.Close(parentFD); err != nil { - klog.V(4).Infof("Closing FD %v failed for safemkdir(%v): %v", parentFD, pathname, err) - } - parentFD = childFD - childFD = -1 - - // Everything was created. mkdirat(..., perm) above was affected by current - // umask and we must apply the right permissions to the all created directory. - // (that's the one that will be available to the container as subpath) - // so user can read/write it. - // parentFD is the last created directory. - - // Translate perm (os.FileMode) to uint32 that fchmod() expects - kernelPerm := uint32(perm & os.ModePerm) - if perm&os.ModeSetgid > 0 { - kernelPerm |= syscall.S_ISGID - } - if perm&os.ModeSetuid > 0 { - kernelPerm |= syscall.S_ISUID - } - if perm&os.ModeSticky > 0 { - kernelPerm |= syscall.S_ISVTX - } - if err = syscall.Fchmod(parentFD, kernelPerm); err != nil { - return fmt.Errorf("chmod %q failed: %s", currentPath, err) - } - } - - return nil -} - -// findExistingPrefix finds prefix of pathname that exists. In addition, it -// returns list of remaining directories that don't exist yet. -func findExistingPrefix(base, pathname string) (string, []string, error) { - rel, err := filepath.Rel(base, pathname) - if err != nil { - return base, nil, err - } - dirs := strings.Split(rel, string(filepath.Separator)) - - // Do OpenAt in a loop to find the first non-existing dir. Resolve symlinks. - // This should be faster than looping through all dirs and calling os.Stat() - // on each of them, as the symlinks are resolved only once with OpenAt(). - currentPath := base - fd, err := syscall.Open(currentPath, syscall.O_RDONLY|syscall.O_CLOEXEC, 0) - if err != nil { - return pathname, nil, fmt.Errorf("error opening %s: %s", currentPath, err) - } - defer func() { - if err = syscall.Close(fd); err != nil { - klog.V(4).Infof("Closing FD %v failed for findExistingPrefix(%v): %v", fd, pathname, err) - } - }() - for i, dir := range dirs { - // Using O_PATH here will prevent hangs in case user replaces directory with - // fifo - childFD, err := syscall.Openat(fd, dir, unix.O_PATH|unix.O_CLOEXEC, 0) - if err != nil { - if os.IsNotExist(err) { - return currentPath, dirs[i:], nil - } - return base, nil, err - } - if err = syscall.Close(fd); err != nil { - klog.V(4).Infof("Closing FD %v failed for findExistingPrefix(%v): %v", fd, pathname, err) - } - fd = childFD - currentPath = filepath.Join(currentPath, dir) - } - return pathname, []string{}, nil -} - -// This implementation is shared between Linux and NsEnterMounter -// Open path and return its fd. -// Symlinks are disallowed (pathname must already resolve symlinks), -// and the path must be within the base directory. -func doSafeOpen(pathname string, base string) (int, error) { - pathname = filepath.Clean(pathname) - base = filepath.Clean(base) - - // Calculate segments to follow - subpath, err := filepath.Rel(base, pathname) - if err != nil { - return -1, err - } - segments := strings.Split(subpath, string(filepath.Separator)) - - // Assumption: base is the only directory that we have under control. - // Base dir is not allowed to be a symlink. - parentFD, err := syscall.Open(base, nofollowFlags|unix.O_CLOEXEC, 0) - if err != nil { - return -1, fmt.Errorf("cannot open directory %s: %s", base, err) - } - defer func() { - if parentFD != -1 { - if err = syscall.Close(parentFD); err != nil { - klog.V(4).Infof("Closing FD %v failed for safeopen(%v): %v", parentFD, pathname, err) - } - } - }() - - childFD := -1 - defer func() { - if childFD != -1 { - if err = syscall.Close(childFD); err != nil { - klog.V(4).Infof("Closing FD %v failed for safeopen(%v): %v", childFD, pathname, err) - } - } - }() - - currentPath := base - - // Follow the segments one by one using openat() to make - // sure the user cannot change already existing directories into symlinks. - for _, seg := range segments { - var deviceStat unix.Stat_t - - currentPath = filepath.Join(currentPath, seg) - if !mount.PathWithinBase(currentPath, base) { - return -1, fmt.Errorf("path %s is outside of allowed base %s", currentPath, base) - } - - // Trigger auto mount if it's an auto-mounted directory, ignore error if not a directory. - // Notice the trailing slash is mandatory, see "automount" in openat(2) and open_by_handle_at(2). - unix.Fstatat(parentFD, seg+"/", &deviceStat, unix.AT_SYMLINK_NOFOLLOW) - - klog.V(5).Infof("Opening path %s", currentPath) - childFD, err = syscall.Openat(parentFD, seg, openFDFlags|unix.O_CLOEXEC, 0) - if err != nil { - return -1, fmt.Errorf("cannot open %s: %s", currentPath, err) - } - - err := unix.Fstat(childFD, &deviceStat) - if err != nil { - return -1, fmt.Errorf("error running fstat on %s with %v", currentPath, err) - } - fileFmt := deviceStat.Mode & syscall.S_IFMT - if fileFmt == syscall.S_IFLNK { - return -1, fmt.Errorf("unexpected symlink found %s", currentPath) - } - - // Close parentFD - if err = syscall.Close(parentFD); err != nil { - return -1, fmt.Errorf("closing fd for %q failed: %v", filepath.Dir(currentPath), err) - } - // Set child to new parent - parentFD = childFD - childFD = -1 - } - - // We made it to the end, return this fd, don't close it - finalFD := parentFD - parentFD = -1 - - return finalFD, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_unsupported.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_unsupported.go deleted file mode 100644 index 21493426da..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_unsupported.go +++ /dev/null @@ -1,55 +0,0 @@ -//go:build !linux && !windows -// +build !linux,!windows - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package subpath - -import ( - "errors" - "os" - - "k8s.io/mount-utils" - "k8s.io/utils/nsenter" -) - -type subpath struct{} - -var errUnsupported = errors.New("util/subpath on this platform is not supported") - -// New returns a subpath.Interface for the current system. -func New(mount.Interface) Interface { - return &subpath{} -} - -// NewNSEnter is to satisfy the compiler for having NewSubpathNSEnter exist for all -// OS choices. however, NSEnter is only valid on Linux -func NewNSEnter(mounter mount.Interface, ne *nsenter.Nsenter, rootDir string) Interface { - return nil -} - -func (sp *subpath) PrepareSafeSubpath(subPath Subpath) (newHostPath string, cleanupAction func(), err error) { - return subPath.Path, nil, errUnsupported -} - -func (sp *subpath) CleanSubPaths(podDir string, volumeName string) error { - return errUnsupported -} - -func (sp *subpath) SafeMakeDir(pathname string, base string, perm os.FileMode) error { - return errUnsupported -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_windows.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_windows.go deleted file mode 100644 index 7d40ce590f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_windows.go +++ /dev/null @@ -1,379 +0,0 @@ -//go:build windows -// +build windows - -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package subpath - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" - "strings" - "syscall" - - "k8s.io/klog/v2" - "k8s.io/mount-utils" - "k8s.io/utils/nsenter" -) - -// MaxPathLength is the maximum length of Windows path. Normally, it is 260, but if long path is enable, -// the max number is 32,767 -const MaxPathLength = 32767 - -type subpath struct{} - -// New returns a subpath.Interface for the current system -func New(mount.Interface) Interface { - return &subpath{} -} - -// NewNSEnter is to satisfy the compiler for having NewSubpathNSEnter exist for all -// OS choices. however, NSEnter is only valid on Linux -func NewNSEnter(mounter mount.Interface, ne *nsenter.Nsenter, rootDir string) Interface { - return nil -} - -// isDriveLetterPath returns true if the given path is empty or it ends with ":" or ":\" or ":\\" -func isDriveLetterorEmptyPath(path string) bool { - if path == "" || strings.HasSuffix(path, ":\\\\") || strings.HasSuffix(path, ":") || strings.HasSuffix(path, ":\\") { - return true - } - return false -} - -// isVolumePrefix returns true if the given path name starts with "Volume" or volume prefix including -// "\\.\", "\\?\" for device path or "UNC" or "\\" for UNC path. Otherwise, it returns false. -func isDeviceOrUncPath(path string) bool { - if strings.HasPrefix(path, "Volume") || strings.HasPrefix(path, "\\\\?\\") || strings.HasPrefix(path, "\\\\.\\") || strings.HasPrefix(path, "UNC") { - return true - } - return false -} - -// getUpperPath removes the last level of directory. -func getUpperPath(path string) string { - sep := fmt.Sprintf("%c", filepath.Separator) - upperpath := strings.TrimSuffix(path, sep) - return filepath.Dir(upperpath) -} - -// Check whether a directory/file is a link type or not -// LinkType could be SymbolicLink, Junction, or HardLink -func isLinkPath(path string) (bool, error) { - cmd := fmt.Sprintf("(Get-Item -LiteralPath %q).LinkType", path) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() - if err != nil { - return false, err - } - if strings.TrimSpace(string(output)) != "" { - return true, nil - } - return false, nil -} - -// evalSymlink returns the path name after the evaluation of any symbolic links. -// If the path after evaluation is a device path or network connection, the original path is returned -func evalSymlink(path string) (string, error) { - path = mount.NormalizeWindowsPath(path) - if isDeviceOrUncPath(path) || isDriveLetterorEmptyPath(path) { - klog.V(4).Infof("Path '%s' is not a symlink, return its original form.", path) - return path, nil - } - upperpath := path - base := "" - for i := 0; i < MaxPathLength; i++ { - isLink, err := isLinkPath(upperpath) - if err != nil { - return "", err - } - if isLink { - break - } - // continue to check next layer - base = filepath.Join(filepath.Base(upperpath), base) - upperpath = getUpperPath(upperpath) - if isDriveLetterorEmptyPath(upperpath) { - klog.V(4).Infof("Path '%s' is not a symlink, return its original form.", path) - return path, nil - } - } - // This command will give the target path of a given symlink - // The -Force parameter will allow Get-Item to also evaluate hidden folders, like AppData. - cmd := fmt.Sprintf("(Get-Item -Force -LiteralPath %q).Target", upperpath) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() - if err != nil { - return "", err - } - klog.V(4).Infof("evaluate path %s: symlink from %s to %s", path, upperpath, string(output)) - linkedPath := strings.TrimSpace(string(output)) - if linkedPath == "" || isDeviceOrUncPath(linkedPath) { - klog.V(4).Infof("Path '%s' has a target %s. Return its original form.", path, linkedPath) - return path, nil - } - // If the target is not an absolute path, join iit with the current upperpath - if !filepath.IsAbs(linkedPath) { - linkedPath = filepath.Join(getUpperPath(upperpath), linkedPath) - } - nextLink, err := evalSymlink(linkedPath) - if err != nil { - return path, err - } - return filepath.Join(nextLink, base), nil -} - -// check whether hostPath is within volume path -// this func will lock all intermediate subpath directories, need to close handle outside of this func after container started -func lockAndCheckSubPath(volumePath, hostPath string) ([]uintptr, error) { - if len(volumePath) == 0 || len(hostPath) == 0 { - return []uintptr{}, nil - } - - finalSubPath, err := evalSymlink(hostPath) - if err != nil { - return []uintptr{}, fmt.Errorf("cannot evaluate link %s: %s", hostPath, err) - } - - finalVolumePath, err := evalSymlink(volumePath) - if err != nil { - return []uintptr{}, fmt.Errorf("cannot read link %s: %s", volumePath, err) - } - - return lockAndCheckSubPathWithoutSymlink(finalVolumePath, finalSubPath) -} - -// lock all intermediate subPath directories and check they are all within volumePath -// volumePath & subPath should not contain any symlink, otherwise it will return error -func lockAndCheckSubPathWithoutSymlink(volumePath, subPath string) ([]uintptr, error) { - if len(volumePath) == 0 || len(subPath) == 0 { - return []uintptr{}, nil - } - - // get relative path to volumePath - relSubPath, err := filepath.Rel(volumePath, subPath) - if err != nil { - return []uintptr{}, fmt.Errorf("Rel(%s, %s) error: %v", volumePath, subPath, err) - } - if mount.StartsWithBackstep(relSubPath) { - return []uintptr{}, fmt.Errorf("SubPath %q not within volume path %q", subPath, volumePath) - } - - if relSubPath == "." { - // volumePath and subPath are equal - return []uintptr{}, nil - } - - fileHandles := []uintptr{} - var errorResult error - - currentFullPath := volumePath - dirs := strings.Split(relSubPath, string(os.PathSeparator)) - for _, dir := range dirs { - // lock intermediate subPath directory first - currentFullPath = filepath.Join(currentFullPath, dir) - handle, err := lockPath(currentFullPath) - if err != nil { - errorResult = fmt.Errorf("cannot lock path %s: %s", currentFullPath, err) - break - } - fileHandles = append(fileHandles, handle) - - // make sure intermediate subPath directory does not contain symlink any more - stat, err := os.Lstat(currentFullPath) - if err != nil { - errorResult = fmt.Errorf("Lstat(%q) error: %v", currentFullPath, err) - break - } - if stat.Mode()&os.ModeSymlink != 0 { - errorResult = fmt.Errorf("subpath %q is an unexpected symlink after EvalSymlinks", currentFullPath) - break - } - - if !mount.PathWithinBase(currentFullPath, volumePath) { - errorResult = fmt.Errorf("SubPath %q not within volume path %q", currentFullPath, volumePath) - break - } - } - - return fileHandles, errorResult -} - -// unlockPath unlock directories -func unlockPath(fileHandles []uintptr) { - if fileHandles != nil { - for _, handle := range fileHandles { - syscall.CloseHandle(syscall.Handle(handle)) - } - } -} - -// lockPath locks a directory or symlink, return handle, exec "syscall.CloseHandle(handle)" to unlock the path -func lockPath(path string) (uintptr, error) { - if len(path) == 0 { - return uintptr(syscall.InvalidHandle), syscall.ERROR_FILE_NOT_FOUND - } - pathp, err := syscall.UTF16PtrFromString(path) - if err != nil { - return uintptr(syscall.InvalidHandle), err - } - access := uint32(syscall.GENERIC_READ) - sharemode := uint32(syscall.FILE_SHARE_READ) - createmode := uint32(syscall.OPEN_EXISTING) - flags := uint32(syscall.FILE_FLAG_BACKUP_SEMANTICS | syscall.FILE_FLAG_OPEN_REPARSE_POINT) - fd, err := syscall.CreateFile(pathp, access, sharemode, nil, createmode, flags, 0) - return uintptr(fd), err -} - -// Lock all directories in subPath and check they're not symlinks. -func (sp *subpath) PrepareSafeSubpath(subPath Subpath) (newHostPath string, cleanupAction func(), err error) { - handles, err := lockAndCheckSubPath(subPath.VolumePath, subPath.Path) - - // Unlock the directories when the container starts - cleanupAction = func() { - unlockPath(handles) - } - return subPath.Path, cleanupAction, err -} - -// No bind-mounts for subpaths are necessary on Windows -func (sp *subpath) CleanSubPaths(podDir string, volumeName string) error { - return nil -} - -// SafeMakeDir makes sure that the created directory does not escape given base directory mis-using symlinks. -func (sp *subpath) SafeMakeDir(subdir string, base string, perm os.FileMode) error { - realBase, err := evalSymlink(base) - if err != nil { - return fmt.Errorf("error resolving symlinks in %s: %s", base, err) - } - - realFullPath := filepath.Join(realBase, subdir) - return doSafeMakeDir(realFullPath, realBase, perm) -} - -func doSafeMakeDir(pathname string, base string, perm os.FileMode) error { - klog.V(4).Infof("Creating directory %q within base %q", pathname, base) - - if !mount.PathWithinBase(pathname, base) { - return fmt.Errorf("path %s is outside of allowed base %s", pathname, base) - } - - // Quick check if the directory already exists - s, err := os.Stat(pathname) - if err == nil { - // Path exists - if s.IsDir() { - // The directory already exists. It can be outside of the parent, - // but there is no race-proof check. - klog.V(4).Infof("Directory %s already exists", pathname) - return nil - } - return &os.PathError{Op: "mkdir", Path: pathname, Err: syscall.ENOTDIR} - } - - // Find all existing directories - existingPath, toCreate, err := findExistingPrefix(base, pathname) - if err != nil { - return fmt.Errorf("error opening directory %s: %s", pathname, err) - } - if len(toCreate) == 0 { - return nil - } - - // Ensure the existing directory is inside allowed base - fullExistingPath, err := evalSymlink(existingPath) - if err != nil { - return fmt.Errorf("error opening existing directory %s: %s", existingPath, err) - } - fullBasePath, err := evalSymlink(base) - if err != nil { - return fmt.Errorf("cannot read link %s: %s", base, err) - } - if !mount.PathWithinBase(fullExistingPath, fullBasePath) { - return fmt.Errorf("path %s is outside of allowed base %s", fullExistingPath, err) - } - - // lock all intermediate directories from fullBasePath to fullExistingPath (top to bottom) - fileHandles, err := lockAndCheckSubPathWithoutSymlink(fullBasePath, fullExistingPath) - defer unlockPath(fileHandles) - if err != nil { - return err - } - - klog.V(4).Infof("%q already exists, %q to create", fullExistingPath, filepath.Join(toCreate...)) - currentPath := fullExistingPath - // create the directories one by one, making sure nobody can change - // created directory into symlink by lock that directory immediately - for _, dir := range toCreate { - currentPath = filepath.Join(currentPath, dir) - klog.V(4).Infof("Creating %s", dir) - if err := os.Mkdir(currentPath, perm); err != nil { - return fmt.Errorf("cannot create directory %s: %s", currentPath, err) - } - handle, err := lockPath(currentPath) - if err != nil { - return fmt.Errorf("cannot lock path %s: %s", currentPath, err) - } - defer syscall.CloseHandle(syscall.Handle(handle)) - // make sure newly created directory does not contain symlink after lock - stat, err := os.Lstat(currentPath) - if err != nil { - return fmt.Errorf("Lstat(%q) error: %v", currentPath, err) - } - if stat.Mode()&os.ModeSymlink != 0 { - return fmt.Errorf("subpath %q is an unexpected symlink after Mkdir", currentPath) - } - } - - return nil -} - -// findExistingPrefix finds prefix of pathname that exists. In addition, it -// returns list of remaining directories that don't exist yet. -func findExistingPrefix(base, pathname string) (string, []string, error) { - rel, err := filepath.Rel(base, pathname) - if err != nil { - return base, nil, err - } - - if mount.StartsWithBackstep(rel) { - return base, nil, fmt.Errorf("pathname(%s) is not within base(%s)", pathname, base) - } - - if rel == "." { - // base and pathname are equal - return pathname, []string{}, nil - } - - dirs := strings.Split(rel, string(filepath.Separator)) - - var parent string - currentPath := base - for i, dir := range dirs { - parent = currentPath - currentPath = filepath.Join(parent, dir) - if _, err := os.Lstat(currentPath); err != nil { - if os.IsNotExist(err) { - return parent, dirs[i:], nil - } - return base, nil, err - } - } - - return pathname, []string{}, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/types/types.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/types/types.go deleted file mode 100644 index af309353ba..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/types/types.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package types defines types used only by volume components -package types - -import ( - "errors" - - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/mount-utils" -) - -// UniquePodName defines the type to key pods off of -type UniquePodName types.UID - -// UniquePVCName defines the type to key pvc off -type UniquePVCName types.UID - -// GeneratedOperations contains the operation that is created as well as -// supporting functions required for the operation executor -type GeneratedOperations struct { - // Name of operation - could be used for resetting shared exponential backoff - OperationName string - OperationFunc func() (context OperationContext) - EventRecorderFunc func(*error) - CompleteFunc func(CompleteFuncParam) -} - -type OperationContext struct { - EventErr error - DetailedErr error - Migrated bool -} - -func NewOperationContext(eventErr, detailedErr error, migrated bool) OperationContext { - return OperationContext{ - EventErr: eventErr, - DetailedErr: detailedErr, - Migrated: migrated, - } -} - -type CompleteFuncParam struct { - Err *error - Migrated *bool -} - -// Run executes the operations and its supporting functions -func (o *GeneratedOperations) Run() (eventErr, detailedErr error) { - var context OperationContext - if o.CompleteFunc != nil { - c := CompleteFuncParam{ - Err: &context.DetailedErr, - Migrated: &context.Migrated, - } - defer o.CompleteFunc(c) - } - if o.EventRecorderFunc != nil { - defer o.EventRecorderFunc(&eventErr) - } - // Handle panic, if any, from operationFunc() - defer runtime.RecoverFromPanic(&detailedErr) - - context = o.OperationFunc() - return context.EventErr, context.DetailedErr -} - -// FailedPrecondition error indicates CSI operation returned failed precondition -// error -type FailedPrecondition struct { - msg string -} - -func (err *FailedPrecondition) Error() string { - return err.msg -} - -// NewFailedPreconditionError returns a new FailedPrecondition error instance -func NewFailedPreconditionError(msg string) *FailedPrecondition { - return &FailedPrecondition{msg: msg} -} - -// IsFailedPreconditionError checks if given error is of type that indicates -// operation failed with precondition -func IsFailedPreconditionError(err error) bool { - var failedPreconditionError *FailedPrecondition - return errors.As(err, &failedPreconditionError) -} - -// TransientOperationFailure indicates operation failed with a transient error -// and may fix itself when retried. -type TransientOperationFailure struct { - msg string -} - -func (err *TransientOperationFailure) Error() string { - return err.msg -} - -// NewTransientOperationFailure creates an instance of TransientOperationFailure error -func NewTransientOperationFailure(msg string) *TransientOperationFailure { - return &TransientOperationFailure{msg: msg} -} - -// UncertainProgressError indicates operation failed with a non-final error -// and operation may be in-progress in background. -type UncertainProgressError struct { - msg string -} - -func (err *UncertainProgressError) Error() string { - return err.msg -} - -// NewUncertainProgressError creates an instance of UncertainProgressError type -func NewUncertainProgressError(msg string) *UncertainProgressError { - return &UncertainProgressError{msg: msg} -} - -// IsOperationFinishedError checks if given error is of type that indicates -// operation is finished with a FINAL error. -func IsOperationFinishedError(err error) bool { - if _, ok := err.(*UncertainProgressError); ok { - return false - } - if _, ok := err.(*TransientOperationFailure); ok { - return false - } - return true -} - -// IsFilesystemMismatchError checks if mount failed because requested filesystem -// on PVC and actual filesystem on disk did not match -func IsFilesystemMismatchError(err error) bool { - mountError := mount.MountError{} - return errors.As(err, &mountError) && mountError.Type == mount.FilesystemMismatch -} - -// IsUncertainProgressError checks if given error is of type that indicates -// operation might be in-progress in background. -func IsUncertainProgressError(err error) bool { - if _, ok := err.(*UncertainProgressError); ok { - return true - } - return false -} - -const ( - // VolumeResizerKey is key that will be used to store resizer used - // for resizing PVC. The generated key/value pair will be added - // as a annotation to the PVC. - VolumeResizerKey = "volume.kubernetes.io/storage-resizer" -) diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/util.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/util.go deleted file mode 100644 index f6f5a3f996..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/util.go +++ /dev/null @@ -1,775 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package util - -import ( - "context" - "fmt" - "io/ioutil" - "os" - "path/filepath" - "reflect" - "runtime" - "strings" - "time" - - v1 "k8s.io/api/core/v1" - storage "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - apiruntime "k8s.io/apimachinery/pkg/runtime" - utypes "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/wait" - utilfeature "k8s.io/apiserver/pkg/util/feature" - clientset "k8s.io/client-go/kubernetes" - storagehelpers "k8s.io/component-helpers/storage/volume" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/api/legacyscheme" - podutil "k8s.io/kubernetes/pkg/api/v1/pod" - "k8s.io/kubernetes/pkg/features" - "k8s.io/kubernetes/pkg/securitycontext" - "k8s.io/kubernetes/pkg/volume" - "k8s.io/kubernetes/pkg/volume/util/types" - "k8s.io/kubernetes/pkg/volume/util/volumepathhandler" - "k8s.io/mount-utils" - utilexec "k8s.io/utils/exec" - "k8s.io/utils/io" - utilstrings "k8s.io/utils/strings" -) - -const ( - readyFileName = "ready" - - // ControllerManagedAttachAnnotation is the key of the annotation on Node - // objects that indicates attach/detach operations for the node should be - // managed by the attach/detach controller - ControllerManagedAttachAnnotation string = "volumes.kubernetes.io/controller-managed-attach-detach" - - // KeepTerminatedPodVolumesAnnotation is the key of the annotation on Node - // that decides if pod volumes are unmounted when pod is terminated - KeepTerminatedPodVolumesAnnotation string = "volumes.kubernetes.io/keep-terminated-pod-volumes" - - // MountsInGlobalPDPath is name of the directory appended to a volume plugin - // name to create the place for volume mounts in the global PD path. - MountsInGlobalPDPath = "mounts" - - // VolumeGidAnnotationKey is the of the annotation on the PersistentVolume - // object that specifies a supplemental GID. - VolumeGidAnnotationKey = "pv.beta.kubernetes.io/gid" - - // VolumeDynamicallyCreatedByKey is the key of the annotation on PersistentVolume - // object created dynamically - VolumeDynamicallyCreatedByKey = "kubernetes.io/createdby" - - // kubernetesPluginPathPrefix is the prefix of kubernetes plugin mount paths. - kubernetesPluginPathPrefix = "/plugins/kubernetes.io/" -) - -// IsReady checks for the existence of a regular file -// called 'ready' in the given directory and returns -// true if that file exists. -func IsReady(dir string) bool { - readyFile := filepath.Join(dir, readyFileName) - s, err := os.Stat(readyFile) - if err != nil { - return false - } - - if !s.Mode().IsRegular() { - klog.Errorf("ready-file is not a file: %s", readyFile) - return false - } - - return true -} - -// SetReady creates a file called 'ready' in the given -// directory. It logs an error if the file cannot be -// created. -func SetReady(dir string) { - if err := os.MkdirAll(dir, 0750); err != nil && !os.IsExist(err) { - klog.Errorf("Can't mkdir %s: %v", dir, err) - return - } - - readyFile := filepath.Join(dir, readyFileName) - file, err := os.Create(readyFile) - if err != nil { - klog.Errorf("Can't touch %s: %v", readyFile, err) - return - } - file.Close() -} - -// GetSecretForPod locates secret by name in the pod's namespace and returns secret map -func GetSecretForPod(pod *v1.Pod, secretName string, kubeClient clientset.Interface) (map[string]string, error) { - secret := make(map[string]string) - if kubeClient == nil { - return secret, fmt.Errorf("cannot get kube client") - } - secrets, err := kubeClient.CoreV1().Secrets(pod.Namespace).Get(context.TODO(), secretName, metav1.GetOptions{}) - if err != nil { - return secret, err - } - for name, data := range secrets.Data { - secret[name] = string(data) - } - return secret, nil -} - -// GetSecretForPV locates secret by name and namespace, verifies the secret type, and returns secret map -func GetSecretForPV(secretNamespace, secretName, volumePluginName string, kubeClient clientset.Interface) (map[string]string, error) { - secret := make(map[string]string) - if kubeClient == nil { - return secret, fmt.Errorf("cannot get kube client") - } - secrets, err := kubeClient.CoreV1().Secrets(secretNamespace).Get(context.TODO(), secretName, metav1.GetOptions{}) - if err != nil { - return secret, err - } - if secrets.Type != v1.SecretType(volumePluginName) { - return secret, fmt.Errorf("cannot get secret of type %s", volumePluginName) - } - for name, data := range secrets.Data { - secret[name] = string(data) - } - return secret, nil -} - -// GetClassForVolume locates storage class by persistent volume -func GetClassForVolume(kubeClient clientset.Interface, pv *v1.PersistentVolume) (*storage.StorageClass, error) { - if kubeClient == nil { - return nil, fmt.Errorf("cannot get kube client") - } - className := storagehelpers.GetPersistentVolumeClass(pv) - if className == "" { - return nil, fmt.Errorf("volume has no storage class") - } - - class, err := kubeClient.StorageV1().StorageClasses().Get(context.TODO(), className, metav1.GetOptions{}) - if err != nil { - return nil, err - } - return class, nil -} - -// LoadPodFromFile will read, decode, and return a Pod from a file. -func LoadPodFromFile(filePath string) (*v1.Pod, error) { - if filePath == "" { - return nil, fmt.Errorf("file path not specified") - } - podDef, err := ioutil.ReadFile(filePath) - if err != nil { - return nil, fmt.Errorf("failed to read file path %s: %+v", filePath, err) - } - if len(podDef) == 0 { - return nil, fmt.Errorf("file was empty: %s", filePath) - } - pod := &v1.Pod{} - - codec := legacyscheme.Codecs.UniversalDecoder() - if err := apiruntime.DecodeInto(codec, podDef, pod); err != nil { - return nil, fmt.Errorf("failed decoding file: %v", err) - } - return pod, nil -} - -// CalculateTimeoutForVolume calculates time for a Recycler pod to complete a -// recycle operation. The calculation and return value is either the -// minimumTimeout or the timeoutIncrement per Gi of storage size, whichever is -// greater. -func CalculateTimeoutForVolume(minimumTimeout, timeoutIncrement int, pv *v1.PersistentVolume) int64 { - giQty := resource.MustParse("1Gi") - pvQty := pv.Spec.Capacity[v1.ResourceStorage] - giSize := giQty.Value() - pvSize := pvQty.Value() - timeout := (pvSize / giSize) * int64(timeoutIncrement) - if timeout < int64(minimumTimeout) { - return int64(minimumTimeout) - } - return timeout -} - -// GenerateVolumeName returns a PV name with clusterName prefix. The function -// should be used to generate a name of GCE PD or Cinder volume. It basically -// adds "<clusterName>-dynamic-" before the PV name, making sure the resulting -// string fits given length and cuts "dynamic" if not. -func GenerateVolumeName(clusterName, pvName string, maxLength int) string { - prefix := clusterName + "-dynamic" - pvLen := len(pvName) - - // cut the "<clusterName>-dynamic" to fit full pvName into maxLength - // +1 for the '-' dash - if pvLen+1+len(prefix) > maxLength { - prefix = prefix[:maxLength-pvLen-1] - } - return prefix + "-" + pvName -} - -// GetPath checks if the path from the mounter is empty. -func GetPath(mounter volume.Mounter) (string, error) { - path := mounter.GetPath() - if path == "" { - return "", fmt.Errorf("path is empty %s", reflect.TypeOf(mounter).String()) - } - return path, nil -} - -// UnmountViaEmptyDir delegates the tear down operation for secret, configmap, git_repo and downwardapi -// to empty_dir -func UnmountViaEmptyDir(dir string, host volume.VolumeHost, volName string, volSpec volume.Spec, podUID utypes.UID) error { - klog.V(3).Infof("Tearing down volume %v for pod %v at %v", volName, podUID, dir) - - // Wrap EmptyDir, let it do the teardown. - wrapped, err := host.NewWrapperUnmounter(volName, volSpec, podUID) - if err != nil { - return err - } - return wrapped.TearDownAt(dir) -} - -// MountOptionFromSpec extracts and joins mount options from volume spec with supplied options -func MountOptionFromSpec(spec *volume.Spec, options ...string) []string { - pv := spec.PersistentVolume - - if pv != nil { - // Use beta annotation first - if mo, ok := pv.Annotations[v1.MountOptionAnnotation]; ok { - moList := strings.Split(mo, ",") - return JoinMountOptions(moList, options) - } - - if len(pv.Spec.MountOptions) > 0 { - return JoinMountOptions(pv.Spec.MountOptions, options) - } - } - - return options -} - -// JoinMountOptions joins mount options eliminating duplicates -func JoinMountOptions(userOptions []string, systemOptions []string) []string { - allMountOptions := sets.NewString() - - for _, mountOption := range userOptions { - if len(mountOption) > 0 { - allMountOptions.Insert(mountOption) - } - } - - for _, mountOption := range systemOptions { - allMountOptions.Insert(mountOption) - } - return allMountOptions.List() -} - -// ContainsAccessMode returns whether the requested mode is contained by modes -func ContainsAccessMode(modes []v1.PersistentVolumeAccessMode, mode v1.PersistentVolumeAccessMode) bool { - for _, m := range modes { - if m == mode { - return true - } - } - return false -} - -// ContainsAllAccessModes returns whether all of the requested modes are contained by modes -func ContainsAllAccessModes(indexedModes []v1.PersistentVolumeAccessMode, requestedModes []v1.PersistentVolumeAccessMode) bool { - for _, mode := range requestedModes { - if !ContainsAccessMode(indexedModes, mode) { - return false - } - } - return true -} - -// GetWindowsPath get a windows path -func GetWindowsPath(path string) string { - windowsPath := strings.Replace(path, "/", "\\", -1) - if strings.HasPrefix(windowsPath, "\\") { - windowsPath = "c:" + windowsPath - } - return windowsPath -} - -// GetUniquePodName returns a unique identifier to reference a pod by -func GetUniquePodName(pod *v1.Pod) types.UniquePodName { - return types.UniquePodName(pod.UID) -} - -// GetUniqueVolumeName returns a unique name representing the volume/plugin. -// Caller should ensure that volumeName is a name/ID uniquely identifying the -// actual backing device, directory, path, etc. for a particular volume. -// The returned name can be used to uniquely reference the volume, for example, -// to prevent operations (attach/detach or mount/unmount) from being triggered -// on the same volume. -func GetUniqueVolumeName(pluginName, volumeName string) v1.UniqueVolumeName { - return v1.UniqueVolumeName(fmt.Sprintf("%s/%s", pluginName, volumeName)) -} - -// GetUniqueVolumeNameFromSpecWithPod returns a unique volume name with pod -// name included. This is useful to generate different names for different pods -// on same volume. -func GetUniqueVolumeNameFromSpecWithPod( - podName types.UniquePodName, volumePlugin volume.VolumePlugin, volumeSpec *volume.Spec) v1.UniqueVolumeName { - return v1.UniqueVolumeName( - fmt.Sprintf("%s/%v-%s", volumePlugin.GetPluginName(), podName, volumeSpec.Name())) -} - -// GetUniqueVolumeNameFromSpec uses the given VolumePlugin to generate a unique -// name representing the volume defined in the specified volume spec. -// This returned name can be used to uniquely reference the actual backing -// device, directory, path, etc. referenced by the given volumeSpec. -// If the given plugin does not support the volume spec, this returns an error. -func GetUniqueVolumeNameFromSpec( - volumePlugin volume.VolumePlugin, - volumeSpec *volume.Spec) (v1.UniqueVolumeName, error) { - if volumePlugin == nil { - return "", fmt.Errorf( - "volumePlugin should not be nil. volumeSpec.Name=%q", - volumeSpec.Name()) - } - - volumeName, err := volumePlugin.GetVolumeName(volumeSpec) - if err != nil || volumeName == "" { - return "", fmt.Errorf( - "failed to GetVolumeName from volumePlugin for volumeSpec %q err=%v", - volumeSpec.Name(), - err) - } - - return GetUniqueVolumeName( - volumePlugin.GetPluginName(), - volumeName), - nil -} - -// IsPodTerminated checks if pod is terminated -func IsPodTerminated(pod *v1.Pod, podStatus v1.PodStatus) bool { - // TODO: the guarantees provided by kubelet status are not sufficient to guarantee it's safe to ignore a deleted pod, - // even if everything is notRunning (kubelet does not guarantee that when pod status is waiting that it isn't trying - // to start a container). - return podStatus.Phase == v1.PodFailed || podStatus.Phase == v1.PodSucceeded || (pod.DeletionTimestamp != nil && notRunning(podStatus.InitContainerStatuses) && notRunning(podStatus.ContainerStatuses) && notRunning(podStatus.EphemeralContainerStatuses)) -} - -// notRunning returns true if every status is terminated or waiting, or the status list -// is empty. -func notRunning(statuses []v1.ContainerStatus) bool { - for _, status := range statuses { - if status.State.Terminated == nil && status.State.Waiting == nil { - return false - } - } - return true -} - -// SplitUniqueName splits the unique name to plugin name and volume name strings. It expects the uniqueName to follow -// the format plugin_name/volume_name and the plugin name must be namespaced as described by the plugin interface, -// i.e. namespace/plugin containing exactly one '/'. This means the unique name will always be in the form of -// plugin_namespace/plugin/volume_name, see k8s.io/kubernetes/pkg/volume/plugins.go VolumePlugin interface -// description and pkg/volume/util/volumehelper/volumehelper.go GetUniqueVolumeNameFromSpec that constructs -// the unique volume names. -func SplitUniqueName(uniqueName v1.UniqueVolumeName) (string, string, error) { - components := strings.SplitN(string(uniqueName), "/", 3) - if len(components) != 3 { - return "", "", fmt.Errorf("cannot split volume unique name %s to plugin/volume components", uniqueName) - } - pluginName := fmt.Sprintf("%s/%s", components[0], components[1]) - return pluginName, components[2], nil -} - -// NewSafeFormatAndMountFromHost creates a new SafeFormatAndMount with Mounter -// and Exec taken from given VolumeHost. -func NewSafeFormatAndMountFromHost(pluginName string, host volume.VolumeHost) *mount.SafeFormatAndMount { - mounter := host.GetMounter(pluginName) - exec := host.GetExec(pluginName) - return &mount.SafeFormatAndMount{Interface: mounter, Exec: exec} -} - -// GetVolumeMode retrieves VolumeMode from pv. -// If the volume doesn't have PersistentVolume, it's an inline volume, -// should return volumeMode as filesystem to keep existing behavior. -func GetVolumeMode(volumeSpec *volume.Spec) (v1.PersistentVolumeMode, error) { - if volumeSpec == nil || volumeSpec.PersistentVolume == nil { - return v1.PersistentVolumeFilesystem, nil - } - if volumeSpec.PersistentVolume.Spec.VolumeMode != nil { - return *volumeSpec.PersistentVolume.Spec.VolumeMode, nil - } - return "", fmt.Errorf("cannot get volumeMode for volume: %v", volumeSpec.Name()) -} - -// GetPersistentVolumeClaimQualifiedName returns a qualified name for pvc. -func GetPersistentVolumeClaimQualifiedName(claim *v1.PersistentVolumeClaim) string { - return utilstrings.JoinQualifiedName(claim.GetNamespace(), claim.GetName()) -} - -// CheckVolumeModeFilesystem checks VolumeMode. -// If the mode is Filesystem, return true otherwise return false. -func CheckVolumeModeFilesystem(volumeSpec *volume.Spec) (bool, error) { - volumeMode, err := GetVolumeMode(volumeSpec) - if err != nil { - return true, err - } - if volumeMode == v1.PersistentVolumeBlock { - return false, nil - } - return true, nil -} - -// CheckPersistentVolumeClaimModeBlock checks VolumeMode. -// If the mode is Block, return true otherwise return false. -func CheckPersistentVolumeClaimModeBlock(pvc *v1.PersistentVolumeClaim) bool { - return pvc.Spec.VolumeMode != nil && *pvc.Spec.VolumeMode == v1.PersistentVolumeBlock -} - -// IsWindowsUNCPath checks if path is prefixed with \\ -// This can be used to skip any processing of paths -// that point to SMB shares, local named pipes and local UNC path -func IsWindowsUNCPath(goos, path string) bool { - if goos != "windows" { - return false - } - // Check for UNC prefix \\ - if strings.HasPrefix(path, `\\`) { - return true - } - return false -} - -// IsWindowsLocalPath checks if path is a local path -// prefixed with "/" or "\" like "/foo/bar" or "\foo\bar" -func IsWindowsLocalPath(goos, path string) bool { - if goos != "windows" { - return false - } - if IsWindowsUNCPath(goos, path) { - return false - } - if strings.Contains(path, ":") { - return false - } - if !(strings.HasPrefix(path, `/`) || strings.HasPrefix(path, `\`)) { - return false - } - return true -} - -// MakeAbsolutePath convert path to absolute path according to GOOS -func MakeAbsolutePath(goos, path string) string { - if goos != "windows" { - return filepath.Clean("/" + path) - } - // These are all for windows - // If there is a colon, give up. - if strings.Contains(path, ":") { - return path - } - // If there is a slash, but no drive, add 'c:' - if strings.HasPrefix(path, "/") || strings.HasPrefix(path, "\\") { - return "c:" + path - } - // Otherwise, add 'c:\' - return "c:\\" + path -} - -// MapBlockVolume is a utility function to provide a common way of mapping -// block device path for a specified volume and pod. This function should be -// called by volume plugins that implements volume.BlockVolumeMapper.Map() method. -func MapBlockVolume( - blkUtil volumepathhandler.BlockVolumePathHandler, - devicePath, - globalMapPath, - podVolumeMapPath, - volumeMapName string, - podUID utypes.UID, -) error { - // map devicePath to global node path as bind mount - mapErr := blkUtil.MapDevice(devicePath, globalMapPath, string(podUID), true /* bindMount */) - if mapErr != nil { - return fmt.Errorf("blkUtil.MapDevice failed. devicePath: %s, globalMapPath:%s, podUID: %s, bindMount: %v: %v", - devicePath, globalMapPath, string(podUID), true, mapErr) - } - - // map devicePath to pod volume path - mapErr = blkUtil.MapDevice(devicePath, podVolumeMapPath, volumeMapName, false /* bindMount */) - if mapErr != nil { - return fmt.Errorf("blkUtil.MapDevice failed. devicePath: %s, podVolumeMapPath:%s, volumeMapName: %s, bindMount: %v: %v", - devicePath, podVolumeMapPath, volumeMapName, false, mapErr) - } - - // Take file descriptor lock to keep a block device opened. Otherwise, there is a case - // that the block device is silently removed and attached another device with the same name. - // Container runtime can't handle this problem. To avoid unexpected condition fd lock - // for the block device is required. - _, mapErr = blkUtil.AttachFileDevice(filepath.Join(globalMapPath, string(podUID))) - if mapErr != nil { - return fmt.Errorf("blkUtil.AttachFileDevice failed. globalMapPath:%s, podUID: %s: %v", - globalMapPath, string(podUID), mapErr) - } - - return nil -} - -// UnmapBlockVolume is a utility function to provide a common way of unmapping -// block device path for a specified volume and pod. This function should be -// called by volume plugins that implements volume.BlockVolumeMapper.Map() method. -func UnmapBlockVolume( - blkUtil volumepathhandler.BlockVolumePathHandler, - globalUnmapPath, - podDeviceUnmapPath, - volumeMapName string, - podUID utypes.UID, -) error { - // Release file descriptor lock. - err := blkUtil.DetachFileDevice(filepath.Join(globalUnmapPath, string(podUID))) - if err != nil { - return fmt.Errorf("blkUtil.DetachFileDevice failed. globalUnmapPath:%s, podUID: %s: %v", - globalUnmapPath, string(podUID), err) - } - - // unmap devicePath from pod volume path - unmapDeviceErr := blkUtil.UnmapDevice(podDeviceUnmapPath, volumeMapName, false /* bindMount */) - if unmapDeviceErr != nil { - return fmt.Errorf("blkUtil.DetachFileDevice failed. podDeviceUnmapPath:%s, volumeMapName: %s, bindMount: %v: %v", - podDeviceUnmapPath, volumeMapName, false, unmapDeviceErr) - } - - // unmap devicePath from global node path - unmapDeviceErr = blkUtil.UnmapDevice(globalUnmapPath, string(podUID), true /* bindMount */) - if unmapDeviceErr != nil { - return fmt.Errorf("blkUtil.DetachFileDevice failed. globalUnmapPath:%s, podUID: %s, bindMount: %v: %v", - globalUnmapPath, string(podUID), true, unmapDeviceErr) - } - return nil -} - -// GetPluginMountDir returns the global mount directory name appended -// to the given plugin name's plugin directory -func GetPluginMountDir(host volume.VolumeHost, name string) string { - mntDir := filepath.Join(host.GetPluginDir(name), MountsInGlobalPDPath) - return mntDir -} - -// IsLocalEphemeralVolume determines whether the argument is a local ephemeral -// volume vs. some other type -// Local means the volume is using storage from the local disk that is managed by kubelet. -// Ephemeral means the lifecycle of the volume is the same as the Pod. -func IsLocalEphemeralVolume(volume v1.Volume) bool { - return volume.GitRepo != nil || - (volume.EmptyDir != nil && volume.EmptyDir.Medium == v1.StorageMediumDefault) || - volume.ConfigMap != nil -} - -// GetPodVolumeNames returns names of volumes that are used in a pod, -// either as filesystem mount or raw block device, together with list -// of all SELinux contexts of all containers that use the volumes. -func GetPodVolumeNames(pod *v1.Pod) (mounts sets.String, devices sets.String, seLinuxContainerContexts map[string][]*v1.SELinuxOptions) { - mounts = sets.NewString() - devices = sets.NewString() - seLinuxContainerContexts = make(map[string][]*v1.SELinuxOptions) - - podutil.VisitContainers(&pod.Spec, podutil.AllFeatureEnabledContainers(), func(container *v1.Container, containerType podutil.ContainerType) bool { - var seLinuxOptions *v1.SELinuxOptions - if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { - effectiveContainerSecurity := securitycontext.DetermineEffectiveSecurityContext(pod, container) - if effectiveContainerSecurity != nil { - // No DeepCopy, SELinuxOptions is already a copy of Pod's or container's SELinuxOptions - seLinuxOptions = effectiveContainerSecurity.SELinuxOptions - } - } - - if container.VolumeMounts != nil { - for _, mount := range container.VolumeMounts { - mounts.Insert(mount.Name) - if seLinuxOptions != nil { - seLinuxContainerContexts[mount.Name] = append(seLinuxContainerContexts[mount.Name], seLinuxOptions.DeepCopy()) - } - } - } - if container.VolumeDevices != nil { - for _, device := range container.VolumeDevices { - devices.Insert(device.Name) - } - } - return true - }) - return -} - -// FsUserFrom returns FsUser of pod, which is determined by the runAsUser -// attributes. -func FsUserFrom(pod *v1.Pod) *int64 { - var fsUser *int64 - // Exclude ephemeral containers because SecurityContext is not allowed. - podutil.VisitContainers(&pod.Spec, podutil.InitContainers|podutil.Containers, func(container *v1.Container, containerType podutil.ContainerType) bool { - runAsUser, ok := securitycontext.DetermineEffectiveRunAsUser(pod, container) - // One container doesn't specify user or there are more than one - // non-root UIDs. - if !ok || (fsUser != nil && *fsUser != *runAsUser) { - fsUser = nil - return false - } - if fsUser == nil { - fsUser = runAsUser - } - return true - }) - return fsUser -} - -// HasMountRefs checks if the given mountPath has mountRefs. -// TODO: this is a workaround for the unmount device issue caused by gci mounter. -// In GCI cluster, if gci mounter is used for mounting, the container started by mounter -// script will cause additional mounts created in the container. Since these mounts are -// irrelevant to the original mounts, they should be not considered when checking the -// mount references. The current solution is to filter out those mount paths that contain -// the k8s plugin suffix of original mount path. -func HasMountRefs(mountPath string, mountRefs []string) bool { - // A mountPath typically is like - // /var/lib/kubelet/plugins/kubernetes.io/some-plugin/mounts/volume-XXXX - // Mount refs can look like - // /home/somewhere/var/lib/kubelet/plugins/kubernetes.io/some-plugin/... - // but if /var/lib/kubelet is mounted to a different device a ref might be like - // /mnt/some-other-place/kubelet/plugins/kubernetes.io/some-plugin/... - // Neither of the above should be counted as a mount ref as those are handled - // by the kubelet. What we're concerned about is a path like - // /data/local/some/manual/mount - // As unmonting could interrupt usage from that mountpoint. - // - // So instead of looking for the entire /var/lib/... path, the plugins/kuberentes.io/ - // suffix is trimmed off and searched for. - // - // If there isn't a /plugins/... path, the whole mountPath is used instead. - pathToFind := mountPath - if i := strings.Index(mountPath, kubernetesPluginPathPrefix); i > -1 { - pathToFind = mountPath[i:] - } - for _, ref := range mountRefs { - if !strings.Contains(ref, pathToFind) { - return true - } - } - return false -} - -// WriteVolumeCache flush disk data given the spcified mount path -func WriteVolumeCache(deviceMountPath string, exec utilexec.Interface) error { - // If runtime os is windows, execute Write-VolumeCache powershell command on the disk - if runtime.GOOS == "windows" { - cmd := fmt.Sprintf("Get-Volume -FilePath %s | Write-Volumecache", deviceMountPath) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() - klog.Infof("command (%q) execeuted: %v, output: %q", cmd, err, string(output)) - if err != nil { - return fmt.Errorf("command (%q) failed: %v, output: %q", cmd, err, string(output)) - } - } - // For linux runtime, it skips because unmount will automatically flush disk data - return nil -} - -// IsMultiAttachAllowed checks if attaching this volume to multiple nodes is definitely not allowed/possible. -// In its current form, this function can only reliably say for which volumes it's definitely forbidden. If it returns -// false, it is not guaranteed that multi-attach is actually supported by the volume type and we must rely on the -// attacher to fail fast in such cases. -// Please see https://github.com/kubernetes/kubernetes/issues/40669 and https://github.com/kubernetes/kubernetes/pull/40148#discussion_r98055047 -func IsMultiAttachAllowed(volumeSpec *volume.Spec) bool { - if volumeSpec == nil { - // we don't know if it's supported or not and let the attacher fail later in cases it's not supported - return true - } - - if volumeSpec.Volume != nil { - // Check for volume types which are known to fail slow or cause trouble when trying to multi-attach - if volumeSpec.Volume.AzureDisk != nil || - volumeSpec.Volume.Cinder != nil { - return false - } - } - - // Only if this volume is a persistent volume, we have reliable information on whether it's allowed or not to - // multi-attach. We trust in the individual volume implementations to not allow unsupported access modes - if volumeSpec.PersistentVolume != nil { - // Check for persistent volume types which do not fail when trying to multi-attach - if len(volumeSpec.PersistentVolume.Spec.AccessModes) == 0 { - // No access mode specified so we don't know for sure. Let the attacher fail if needed - return true - } - - // check if this volume is allowed to be attached to multiple PODs/nodes, if yes, return false - for _, accessMode := range volumeSpec.PersistentVolume.Spec.AccessModes { - if accessMode == v1.ReadWriteMany || accessMode == v1.ReadOnlyMany { - return true - } - } - return false - } - - // we don't know if it's supported or not and let the attacher fail later in cases it's not supported - return true -} - -// IsAttachableVolume checks if the given volumeSpec is an attachable volume or not -func IsAttachableVolume(volumeSpec *volume.Spec, volumePluginMgr *volume.VolumePluginMgr) bool { - attachableVolumePlugin, _ := volumePluginMgr.FindAttachablePluginBySpec(volumeSpec) - if attachableVolumePlugin != nil { - volumeAttacher, err := attachableVolumePlugin.NewAttacher() - if err == nil && volumeAttacher != nil { - return true - } - } - - return false -} - -// IsDeviceMountableVolume checks if the given volumeSpec is an device mountable volume or not -func IsDeviceMountableVolume(volumeSpec *volume.Spec, volumePluginMgr *volume.VolumePluginMgr) bool { - deviceMountableVolumePlugin, _ := volumePluginMgr.FindDeviceMountablePluginBySpec(volumeSpec) - if deviceMountableVolumePlugin != nil { - volumeDeviceMounter, err := deviceMountableVolumePlugin.NewDeviceMounter() - if err == nil && volumeDeviceMounter != nil { - return true - } - } - - return false -} - -// GetReliableMountRefs calls mounter.GetMountRefs and retries on IsInconsistentReadError. -// To be used in volume reconstruction of volume plugins that don't have any protection -// against mounting a single volume on multiple nodes (such as attach/detach). -func GetReliableMountRefs(mounter mount.Interface, mountPath string) ([]string, error) { - var paths []string - var lastErr error - err := wait.PollImmediate(10*time.Millisecond, time.Minute, func() (bool, error) { - var err error - paths, err = mounter.GetMountRefs(mountPath) - if io.IsInconsistentReadError(err) { - lastErr = err - return false, nil - } - if err != nil { - return false, err - } - return true, nil - }) - if err == wait.ErrWaitTimeout { - return nil, lastErr - } - return paths, err -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler.go deleted file mode 100644 index 1de7c52a55..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler.go +++ /dev/null @@ -1,296 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volumepathhandler - -import ( - "fmt" - "io/ioutil" - "os" - "path/filepath" - - "k8s.io/klog/v2" - "k8s.io/mount-utils" - utilexec "k8s.io/utils/exec" - - "k8s.io/apimachinery/pkg/types" -) - -const ( - losetupPath = "losetup" - ErrDeviceNotFound = "device not found" -) - -// BlockVolumePathHandler defines a set of operations for handling block volume-related operations -type BlockVolumePathHandler interface { - // MapDevice creates a symbolic link to block device under specified map path - MapDevice(devicePath string, mapPath string, linkName string, bindMount bool) error - // UnmapDevice removes a symbolic link to block device under specified map path - UnmapDevice(mapPath string, linkName string, bindMount bool) error - // RemovePath removes a file or directory on specified map path - RemoveMapPath(mapPath string) error - // IsSymlinkExist returns true if specified symbolic link exists - IsSymlinkExist(mapPath string) (bool, error) - // IsDeviceBindMountExist returns true if specified bind mount exists - IsDeviceBindMountExist(mapPath string) (bool, error) - // GetDeviceBindMountRefs searches bind mounts under global map path - GetDeviceBindMountRefs(devPath string, mapPath string) ([]string, error) - // FindGlobalMapPathUUIDFromPod finds {pod uuid} symbolic link under globalMapPath - // corresponding to map path symlink, and then return global map path with pod uuid. - FindGlobalMapPathUUIDFromPod(pluginDir, mapPath string, podUID types.UID) (string, error) - // AttachFileDevice takes a path to a regular file and makes it available as an - // attached block device. - AttachFileDevice(path string) (string, error) - // DetachFileDevice takes a path to the attached block device and - // detach it from block device. - DetachFileDevice(path string) error - // GetLoopDevice returns the full path to the loop device associated with the given path. - GetLoopDevice(path string) (string, error) -} - -// NewBlockVolumePathHandler returns a new instance of BlockVolumeHandler. -func NewBlockVolumePathHandler() BlockVolumePathHandler { - var volumePathHandler VolumePathHandler - return volumePathHandler -} - -// VolumePathHandler is path related operation handlers for block volume -type VolumePathHandler struct { -} - -// MapDevice creates a symbolic link to block device under specified map path -func (v VolumePathHandler) MapDevice(devicePath string, mapPath string, linkName string, bindMount bool) error { - // Example of global map path: - // globalMapPath/linkName: plugins/kubernetes.io/{PluginName}/{DefaultKubeletVolumeDevicesDirName}/{volumePluginDependentPath}/{podUid} - // linkName: {podUid} - // - // Example of pod device map path: - // podDeviceMapPath/linkName: pods/{podUid}/{DefaultKubeletVolumeDevicesDirName}/{escapeQualifiedPluginName}/{volumeName} - // linkName: {volumeName} - if len(devicePath) == 0 { - return fmt.Errorf("failed to map device to map path. devicePath is empty") - } - if len(mapPath) == 0 { - return fmt.Errorf("failed to map device to map path. mapPath is empty") - } - if !filepath.IsAbs(mapPath) { - return fmt.Errorf("the map path should be absolute: map path: %s", mapPath) - } - klog.V(5).Infof("MapDevice: devicePath %s", devicePath) - klog.V(5).Infof("MapDevice: mapPath %s", mapPath) - klog.V(5).Infof("MapDevice: linkName %s", linkName) - - // Check and create mapPath - _, err := os.Stat(mapPath) - if err != nil && !os.IsNotExist(err) { - return fmt.Errorf("cannot validate map path: %s: %v", mapPath, err) - } - if err = os.MkdirAll(mapPath, 0750); err != nil { - return fmt.Errorf("failed to mkdir %s: %v", mapPath, err) - } - - if bindMount { - return mapBindMountDevice(v, devicePath, mapPath, linkName) - } - return mapSymlinkDevice(v, devicePath, mapPath, linkName) -} - -func mapBindMountDevice(v VolumePathHandler, devicePath string, mapPath string, linkName string) error { - // Check bind mount exists - linkPath := filepath.Join(mapPath, string(linkName)) - - file, err := os.Stat(linkPath) - if err != nil { - if !os.IsNotExist(err) { - return fmt.Errorf("failed to stat file %s: %v", linkPath, err) - } - - // Create file - newFile, err := os.OpenFile(linkPath, os.O_CREATE|os.O_RDWR, 0750) - if err != nil { - return fmt.Errorf("failed to open file %s: %v", linkPath, err) - } - if err := newFile.Close(); err != nil { - return fmt.Errorf("failed to close file %s: %v", linkPath, err) - } - } else { - // Check if device file - // TODO: Need to check if this device file is actually the expected bind mount - if file.Mode()&os.ModeDevice == os.ModeDevice { - klog.Warningf("Warning: Map skipped because bind mount already exist on the path: %v", linkPath) - return nil - } - - klog.Warningf("Warning: file %s is already exist but not mounted, skip creating file", linkPath) - } - - // Bind mount file - mounter := &mount.SafeFormatAndMount{Interface: mount.New(""), Exec: utilexec.New()} - if err := mounter.MountSensitiveWithoutSystemd(devicePath, linkPath, "" /* fsType */, []string{"bind"}, nil); err != nil { - return fmt.Errorf("failed to bind mount devicePath: %s to linkPath %s: %v", devicePath, linkPath, err) - } - - return nil -} - -func mapSymlinkDevice(v VolumePathHandler, devicePath string, mapPath string, linkName string) error { - // Remove old symbolic link(or file) then create new one. - // This should be done because current symbolic link is - // stale across node reboot. - linkPath := filepath.Join(mapPath, string(linkName)) - if err := os.Remove(linkPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove file %s: %v", linkPath, err) - } - return os.Symlink(devicePath, linkPath) -} - -// UnmapDevice removes a symbolic link associated to block device under specified map path -func (v VolumePathHandler) UnmapDevice(mapPath string, linkName string, bindMount bool) error { - if len(mapPath) == 0 { - return fmt.Errorf("failed to unmap device from map path. mapPath is empty") - } - klog.V(5).Infof("UnmapDevice: mapPath %s", mapPath) - klog.V(5).Infof("UnmapDevice: linkName %s", linkName) - - if bindMount { - return unmapBindMountDevice(v, mapPath, linkName) - } - return unmapSymlinkDevice(v, mapPath, linkName) -} - -func unmapBindMountDevice(v VolumePathHandler, mapPath string, linkName string) error { - // Check bind mount exists - linkPath := filepath.Join(mapPath, string(linkName)) - if isMountExist, checkErr := v.IsDeviceBindMountExist(linkPath); checkErr != nil { - return checkErr - } else if !isMountExist { - klog.Warningf("Warning: Unmap skipped because bind mount does not exist on the path: %v", linkPath) - - // Check if linkPath still exists - if _, err := os.Stat(linkPath); err != nil { - if !os.IsNotExist(err) { - return fmt.Errorf("failed to check if path %s exists: %v", linkPath, err) - } - // linkPath has already been removed - return nil - } - // Remove file - if err := os.Remove(linkPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove file %s: %v", linkPath, err) - } - return nil - } - - // Unmount file - mounter := &mount.SafeFormatAndMount{Interface: mount.New(""), Exec: utilexec.New()} - if err := mounter.Unmount(linkPath); err != nil { - return fmt.Errorf("failed to unmount linkPath %s: %v", linkPath, err) - } - - // Remove file - if err := os.Remove(linkPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove file %s: %v", linkPath, err) - } - - return nil -} - -func unmapSymlinkDevice(v VolumePathHandler, mapPath string, linkName string) error { - // Check symbolic link exists - linkPath := filepath.Join(mapPath, string(linkName)) - if islinkExist, checkErr := v.IsSymlinkExist(linkPath); checkErr != nil { - return checkErr - } else if !islinkExist { - klog.Warningf("Warning: Unmap skipped because symlink does not exist on the path: %v", linkPath) - return nil - } - return os.Remove(linkPath) -} - -// RemoveMapPath removes a file or directory on specified map path -func (v VolumePathHandler) RemoveMapPath(mapPath string) error { - if len(mapPath) == 0 { - return fmt.Errorf("failed to remove map path. mapPath is empty") - } - klog.V(5).Infof("RemoveMapPath: mapPath %s", mapPath) - err := os.RemoveAll(mapPath) - if err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove directory %s: %v", mapPath, err) - } - return nil -} - -// IsSymlinkExist returns true if specified file exists and the type is symbolik link. -// If file doesn't exist, or file exists but not symbolic link, return false with no error. -// On other cases, return false with error from Lstat(). -func (v VolumePathHandler) IsSymlinkExist(mapPath string) (bool, error) { - fi, err := os.Lstat(mapPath) - if err != nil { - // If file doesn't exist, return false and no error - if os.IsNotExist(err) { - return false, nil - } - // Return error from Lstat() - return false, fmt.Errorf("failed to Lstat file %s: %v", mapPath, err) - } - // If file exits and it's symbolic link, return true and no error - if fi.Mode()&os.ModeSymlink == os.ModeSymlink { - return true, nil - } - // If file exits but it's not symbolic link, return false and no error - return false, nil -} - -// IsDeviceBindMountExist returns true if specified file exists and the type is device. -// If file doesn't exist, or file exists but not device, return false with no error. -// On other cases, return false with error from Lstat(). -func (v VolumePathHandler) IsDeviceBindMountExist(mapPath string) (bool, error) { - fi, err := os.Lstat(mapPath) - if err != nil { - // If file doesn't exist, return false and no error - if os.IsNotExist(err) { - return false, nil - } - - // Return error from Lstat() - return false, fmt.Errorf("failed to Lstat file %s: %v", mapPath, err) - } - // If file exits and it's device, return true and no error - if fi.Mode()&os.ModeDevice == os.ModeDevice { - return true, nil - } - // If file exits but it's not device, return false and no error - return false, nil -} - -// GetDeviceBindMountRefs searches bind mounts under global map path -func (v VolumePathHandler) GetDeviceBindMountRefs(devPath string, mapPath string) ([]string, error) { - var refs []string - files, err := ioutil.ReadDir(mapPath) - if err != nil { - return nil, err - } - for _, file := range files { - if file.Mode()&os.ModeDevice != os.ModeDevice { - continue - } - filename := file.Name() - // TODO: Might need to check if the file is actually linked to devPath - refs = append(refs, filepath.Join(mapPath, filename)) - } - klog.V(5).Infof("GetDeviceBindMountRefs: refs %v", refs) - return refs, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler_linux.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler_linux.go deleted file mode 100644 index aae1b39acb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler_linux.go +++ /dev/null @@ -1,229 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volumepathhandler - -import ( - "errors" - "fmt" - "io/ioutil" - "os" - "os/exec" - "path/filepath" - "strings" - - "golang.org/x/sys/unix" - - "k8s.io/apimachinery/pkg/types" - "k8s.io/klog/v2" -) - -// AttachFileDevice takes a path to a regular file and makes it available as an -// attached block device. -func (v VolumePathHandler) AttachFileDevice(path string) (string, error) { - blockDevicePath, err := v.GetLoopDevice(path) - if err != nil && err.Error() != ErrDeviceNotFound { - return "", fmt.Errorf("GetLoopDevice failed for path %s: %v", path, err) - } - - // If no existing loop device for the path, create one - if blockDevicePath == "" { - klog.V(4).Infof("Creating device for path: %s", path) - blockDevicePath, err = makeLoopDevice(path) - if err != nil { - return "", fmt.Errorf("makeLoopDevice failed for path %s: %v", path, err) - } - } - return blockDevicePath, nil -} - -// DetachFileDevice takes a path to the attached block device and -// detach it from block device. -func (v VolumePathHandler) DetachFileDevice(path string) error { - loopPath, err := v.GetLoopDevice(path) - if err != nil { - if err.Error() == ErrDeviceNotFound { - klog.Warningf("couldn't find loopback device which takes file descriptor lock. Skip detaching device. device path: %q", path) - } else { - return fmt.Errorf("GetLoopDevice failed for path %s: %v", path, err) - } - } else { - if len(loopPath) != 0 { - err = removeLoopDevice(loopPath) - if err != nil { - return fmt.Errorf("removeLoopDevice failed for path %s: %v", path, err) - } - } - } - return nil -} - -// GetLoopDevice returns the full path to the loop device associated with the given path. -func (v VolumePathHandler) GetLoopDevice(path string) (string, error) { - _, err := os.Stat(path) - if os.IsNotExist(err) { - return "", errors.New(ErrDeviceNotFound) - } - if err != nil { - return "", fmt.Errorf("not attachable: %v", err) - } - - return getLoopDeviceFromSysfs(path) -} - -func makeLoopDevice(path string) (string, error) { - args := []string{"-f", path} - cmd := exec.Command(losetupPath, args...) - - out, err := cmd.CombinedOutput() - if err != nil { - klog.V(2).Infof("Failed device create command for path: %s %v %s", path, err, out) - return "", fmt.Errorf("losetup %s failed: %v", strings.Join(args, " "), err) - } - - return getLoopDeviceFromSysfs(path) -} - -// removeLoopDevice removes specified loopback device -func removeLoopDevice(device string) error { - args := []string{"-d", device} - cmd := exec.Command(losetupPath, args...) - out, err := cmd.CombinedOutput() - if err != nil { - if _, err := os.Stat(device); os.IsNotExist(err) { - return nil - } - klog.V(2).Infof("Failed to remove loopback device: %s: %v %s", device, err, out) - return fmt.Errorf("losetup -d %s failed: %v", device, err) - } - return nil -} - -// getLoopDeviceFromSysfs finds the backing file for a loop -// device from sysfs via "/sys/block/loop*/loop/backing_file". -func getLoopDeviceFromSysfs(path string) (string, error) { - // If the file is a symlink. - realPath, err := filepath.EvalSymlinks(path) - if err != nil { - return "", fmt.Errorf("failed to evaluate path %s: %s", path, err) - } - - devices, err := filepath.Glob("/sys/block/loop*") - if err != nil { - return "", fmt.Errorf("failed to list loop devices in sysfs: %s", err) - } - - for _, device := range devices { - backingFile := fmt.Sprintf("%s/loop/backing_file", device) - - // The contents of this file is the absolute path of "path". - data, err := ioutil.ReadFile(backingFile) - if err != nil { - continue - } - - // Return the first match. - backingFilePath := strings.TrimSpace(string(data)) - if backingFilePath == path || backingFilePath == realPath { - return fmt.Sprintf("/dev/%s", filepath.Base(device)), nil - } - } - - return "", errors.New(ErrDeviceNotFound) -} - -// FindGlobalMapPathUUIDFromPod finds {pod uuid} bind mount under globalMapPath -// corresponding to map path symlink, and then return global map path with pod uuid. -// (See pkg/volume/volume.go for details on a global map path and a pod device map path.) -// ex. mapPath symlink: pods/{podUid}}/{DefaultKubeletVolumeDevicesDirName}/{escapeQualifiedPluginName}/{volumeName} -> /dev/sdX -// -// globalMapPath/{pod uuid} bind mount: plugins/kubernetes.io/{PluginName}/{DefaultKubeletVolumeDevicesDirName}/{volumePluginDependentPath}/{pod uuid} -> /dev/sdX -func (v VolumePathHandler) FindGlobalMapPathUUIDFromPod(pluginDir, mapPath string, podUID types.UID) (string, error) { - var globalMapPathUUID string - // Find symbolic link named pod uuid under plugin dir - err := filepath.Walk(pluginDir, func(path string, fi os.FileInfo, err error) error { - if err != nil { - return err - } - if (fi.Mode()&os.ModeDevice == os.ModeDevice) && (fi.Name() == string(podUID)) { - klog.V(5).Infof("FindGlobalMapPathFromPod: path %s, mapPath %s", path, mapPath) - if res, err := compareBindMountAndSymlinks(path, mapPath); err == nil && res { - globalMapPathUUID = path - } - } - return nil - }) - if err != nil { - return "", fmt.Errorf("FindGlobalMapPathUUIDFromPod failed: %v", err) - } - klog.V(5).Infof("FindGlobalMapPathFromPod: globalMapPathUUID %s", globalMapPathUUID) - // Return path contains global map path + {pod uuid} - return globalMapPathUUID, nil -} - -// compareBindMountAndSymlinks returns if global path (bind mount) and -// pod path (symlink) are pointing to the same device. -// If there is an error in checking it returns error. -func compareBindMountAndSymlinks(global, pod string) (bool, error) { - // To check if bind mount and symlink are pointing to the same device, - // we need to check if they are pointing to the devices that have same major/minor number. - - // Get the major/minor number for global path - devNumGlobal, err := getDeviceMajorMinor(global) - if err != nil { - return false, fmt.Errorf("getDeviceMajorMinor failed for path %s: %v", global, err) - } - - // Get the symlinked device from the pod path - devPod, err := os.Readlink(pod) - if err != nil { - return false, fmt.Errorf("failed to readlink path %s: %v", pod, err) - } - // Get the major/minor number for the symlinked device from the pod path - devNumPod, err := getDeviceMajorMinor(devPod) - if err != nil { - return false, fmt.Errorf("getDeviceMajorMinor failed for path %s: %v", devPod, err) - } - klog.V(5).Infof("CompareBindMountAndSymlinks: devNumGlobal %s, devNumPod %s", devNumGlobal, devNumPod) - - // Check if the major/minor number are the same - if devNumGlobal == devNumPod { - return true, nil - } - return false, nil -} - -// getDeviceMajorMinor returns major/minor number for the path with below format: -// major:minor (in hex) -// ex) -// -// fc:10 -func getDeviceMajorMinor(path string) (string, error) { - var stat unix.Stat_t - - if err := unix.Stat(path, &stat); err != nil { - return "", fmt.Errorf("failed to stat path %s: %v", path, err) - } - - devNumber := uint64(stat.Rdev) - major := unix.Major(devNumber) - minor := unix.Minor(devNumber) - - return fmt.Sprintf("%x:%x", major, minor), nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler_unsupported.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler_unsupported.go deleted file mode 100644 index 66fb2fe1f4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/util/volumepathhandler/volume_path_handler_unsupported.go +++ /dev/null @@ -1,49 +0,0 @@ -//go:build !linux -// +build !linux - -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volumepathhandler - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/types" -) - -// AttachFileDevice takes a path to a regular file and makes it available as an -// attached block device. -func (v VolumePathHandler) AttachFileDevice(path string) (string, error) { - return "", fmt.Errorf("AttachFileDevice not supported for this build.") -} - -// DetachFileDevice takes a path to the attached block device and -// detach it from block device. -func (v VolumePathHandler) DetachFileDevice(path string) error { - return fmt.Errorf("DetachFileDevice not supported for this build.") -} - -// GetLoopDevice returns the full path to the loop device associated with the given path. -func (v VolumePathHandler) GetLoopDevice(path string) (string, error) { - return "", fmt.Errorf("GetLoopDevice not supported for this build.") -} - -// FindGlobalMapPathUUIDFromPod finds {pod uuid} bind mount under globalMapPath -// corresponding to map path symlink, and then return global map path with pod uuid. -func (v VolumePathHandler) FindGlobalMapPathUUIDFromPod(pluginDir, mapPath string, podUID types.UID) (string, error) { - return "", fmt.Errorf("FindGlobalMapPathUUIDFromPod not supported for this build.") -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/validation/pv_validation.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/validation/pv_validation.go deleted file mode 100644 index 23fa51fdac..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/validation/pv_validation.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "errors" - "path/filepath" - "strings" - - "k8s.io/apimachinery/pkg/util/validation/field" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// ValidatePersistentVolume validates PV object for plugin specific validation -// We can put here validations which are specific to volume types. -func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList { - return checkMountOption(pv) -} - -func checkMountOption(pv *api.PersistentVolume) field.ErrorList { - allErrs := field.ErrorList{} - // if PV is of these types we don't return errors - // since mount options is supported - if pv.Spec.GCEPersistentDisk != nil || - pv.Spec.AWSElasticBlockStore != nil || - pv.Spec.Glusterfs != nil || - pv.Spec.NFS != nil || - pv.Spec.RBD != nil || - pv.Spec.Quobyte != nil || - pv.Spec.ISCSI != nil || - pv.Spec.Cinder != nil || - pv.Spec.CephFS != nil || - pv.Spec.AzureFile != nil || - pv.Spec.VsphereVolume != nil || - pv.Spec.AzureDisk != nil || - pv.Spec.PhotonPersistentDisk != nil { - return allErrs - } - // any other type if mount option is present lets return error - if _, ok := pv.Annotations[api.MountOptionAnnotation]; ok { - metaField := field.NewPath("metadata") - allErrs = append(allErrs, field.Forbidden(metaField.Child("annotations", api.MountOptionAnnotation), "may not specify mount options for this volume type")) - } - return allErrs -} - -// ValidatePathNoBacksteps will make sure the targetPath does not have any element which is ".." -func ValidatePathNoBacksteps(targetPath string) error { - parts := strings.Split(filepath.ToSlash(targetPath), "/") - for _, item := range parts { - if item == ".." { - return errors.New("must not contain '..'") - } - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume.go deleted file mode 100644 index 1905f08548..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume.go +++ /dev/null @@ -1,310 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "time" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" -) - -// Volume represents a directory used by pods or hosts on a node. All method -// implementations of methods in the volume interface must be idempotent. -type Volume interface { - // GetPath returns the path to which the volume should be mounted for the - // pod. - GetPath() string - - // MetricsProvider embeds methods for exposing metrics (e.g. - // used, available space). - MetricsProvider -} - -// BlockVolume interface provides methods to generate global map path -// and pod device map path. -type BlockVolume interface { - // GetGlobalMapPath returns a global map path which contains - // bind mount associated to a block device. - // ex. plugins/kubernetes.io/{PluginName}/{DefaultKubeletVolumeDevicesDirName}/{volumePluginDependentPath}/{pod uuid} - GetGlobalMapPath(spec *Spec) (string, error) - // GetPodDeviceMapPath returns a pod device map path - // and name of a symbolic link associated to a block device. - // ex. pods/{podUid}/{DefaultKubeletVolumeDevicesDirName}/{escapeQualifiedPluginName}/, {volumeName} - GetPodDeviceMapPath() (string, string) - - // SupportsMetrics should return true if the MetricsProvider is - // initialized - SupportsMetrics() bool - - // MetricsProvider embeds methods for exposing metrics (e.g. - // used, available space). - MetricsProvider -} - -// MetricsProvider exposes metrics (e.g. used,available space) related to a -// Volume. -type MetricsProvider interface { - // GetMetrics returns the Metrics for the Volume. Maybe expensive for - // some implementations. - GetMetrics() (*Metrics, error) -} - -// Metrics represents the used and available bytes of the Volume. -type Metrics struct { - // The time at which these stats were updated. - Time metav1.Time - - // Used represents the total bytes used by the Volume. - // Note: For block devices this maybe more than the total size of the files. - Used *resource.Quantity - - // Capacity represents the total capacity (bytes) of the volume's - // underlying storage. For Volumes that share a filesystem with the host - // (e.g. emptydir, hostpath) this is the size of the underlying storage, - // and will not equal Used + Available as the fs is shared. - Capacity *resource.Quantity - - // Available represents the storage space available (bytes) for the - // Volume. For Volumes that share a filesystem with the host (e.g. - // emptydir, hostpath), this is the available space on the underlying - // storage, and is shared with host processes and other Volumes. - Available *resource.Quantity - - // InodesUsed represents the total inodes used by the Volume. - InodesUsed *resource.Quantity - - // Inodes represents the total number of inodes available in the volume. - // For volumes that share a filesystem with the host (e.g. emptydir, hostpath), - // this is the inodes available in the underlying storage, - // and will not equal InodesUsed + InodesFree as the fs is shared. - Inodes *resource.Quantity - - // InodesFree represent the inodes available for the volume. For Volumes that share - // a filesystem with the host (e.g. emptydir, hostpath), this is the free inodes - // on the underlying storage, and is shared with host processes and other volumes - InodesFree *resource.Quantity - - // Normal volumes are available for use and operating optimally. - // An abnormal volume does not meet these criteria. - // This field is OPTIONAL. Only some csi drivers which support NodeServiceCapability_RPC_VOLUME_CONDITION - // need to fill it. - Abnormal *bool - - // The message describing the condition of the volume. - // This field is OPTIONAL. Only some csi drivers which support capability_RPC_VOLUME_CONDITION - // need to fill it. - Message *string -} - -// Attributes represents the attributes of this mounter. -type Attributes struct { - ReadOnly bool - Managed bool - SELinuxRelabel bool -} - -// MounterArgs provides more easily extensible arguments to Mounter -type MounterArgs struct { - // When FsUser is set, the ownership of the volume will be modified to be - // owned and writable by FsUser. Otherwise, there is no side effects. - // Currently only supported with projected service account tokens. - FsUser *int64 - FsGroup *int64 - FSGroupChangePolicy *v1.PodFSGroupChangePolicy - DesiredSize *resource.Quantity - SELinuxLabel string -} - -// Mounter interface provides methods to set up/mount the volume. -type Mounter interface { - // Uses Interface to provide the path for Docker binds. - Volume - - // SetUp prepares and mounts/unpacks the volume to a - // self-determined directory path. The mount point and its - // content should be owned by `fsUser` or 'fsGroup' so that it can be - // accessed by the pod. This may be called more than once, so - // implementations must be idempotent. - // It could return following types of errors: - // - TransientOperationFailure - // - UncertainProgressError - // - Error of any other type should be considered a final error - SetUp(mounterArgs MounterArgs) error - - // SetUpAt prepares and mounts/unpacks the volume to the - // specified directory path, which may or may not exist yet. - // The mount point and its content should be owned by `fsUser` - // 'fsGroup' so that it can be accessed by the pod. This may - // be called more than once, so implementations must be - // idempotent. - SetUpAt(dir string, mounterArgs MounterArgs) error - // GetAttributes returns the attributes of the mounter. - // This function is called after SetUp()/SetUpAt(). - GetAttributes() Attributes -} - -// Unmounter interface provides methods to cleanup/unmount the volumes. -type Unmounter interface { - Volume - // TearDown unmounts the volume from a self-determined directory and - // removes traces of the SetUp procedure. - TearDown() error - // TearDown unmounts the volume from the specified directory and - // removes traces of the SetUp procedure. - TearDownAt(dir string) error -} - -// BlockVolumeMapper interface is a mapper interface for block volume. -type BlockVolumeMapper interface { - BlockVolume -} - -// CustomBlockVolumeMapper interface provides custom methods to set up/map the volume. -type CustomBlockVolumeMapper interface { - BlockVolumeMapper - // SetUpDevice prepares the volume to the node by the plugin specific way. - // For most in-tree plugins, attacher.Attach() and attacher.WaitForAttach() - // will do necessary works. - // This may be called more than once, so implementations must be idempotent. - // SetUpDevice returns stagingPath if device setup was successful - SetUpDevice() (stagingPath string, err error) - - // MapPodDevice maps the block device to a path and return the path. - // Unique device path across kubelet node reboot is required to avoid - // unexpected block volume destruction. - // If empty string is returned, the path returned by attacher.Attach() and - // attacher.WaitForAttach() will be used. - MapPodDevice() (publishPath string, err error) - - // GetStagingPath returns path that was used for staging the volume - // it is mainly used by CSI plugins - GetStagingPath() string -} - -// BlockVolumeUnmapper interface is an unmapper interface for block volume. -type BlockVolumeUnmapper interface { - BlockVolume -} - -// CustomBlockVolumeUnmapper interface provides custom methods to cleanup/unmap the volumes. -type CustomBlockVolumeUnmapper interface { - BlockVolumeUnmapper - // TearDownDevice removes traces of the SetUpDevice procedure. - // If the plugin is non-attachable, this method detaches the volume - // from a node. - TearDownDevice(mapPath string, devicePath string) error - - // UnmapPodDevice removes traces of the MapPodDevice procedure. - UnmapPodDevice() error -} - -// Provisioner is an interface that creates templates for PersistentVolumes -// and can create the volume as a new resource in the infrastructure provider. -type Provisioner interface { - // Provision creates the resource by allocating the underlying volume in a - // storage system. This method should block until completion and returns - // PersistentVolume representing the created storage resource. - Provision(selectedNode *v1.Node, allowedTopologies []v1.TopologySelectorTerm) (*v1.PersistentVolume, error) -} - -// Deleter removes the resource from the underlying storage provider. Calls -// to this method should block until the deletion is complete. Any error -// returned indicates the volume has failed to be reclaimed. A nil return -// indicates success. -type Deleter interface { - Volume - // This method should block until completion. - // deletedVolumeInUseError returned from this function will not be reported - // as error and it will be sent as "Info" event to the PV being deleted. The - // volume controller will retry deleting the volume in the next periodic - // sync. This can be used to postpone deletion of a volume that is being - // detached from a node. Deletion of such volume would fail anyway and such - // error would confuse users. - Delete() error -} - -// Attacher can attach a volume to a node. -type Attacher interface { - DeviceMounter - - // Attaches the volume specified by the given spec to the node with the given Name. - // On success, returns the device path where the device was attached on the - // node. - Attach(spec *Spec, nodeName types.NodeName) (string, error) - - // VolumesAreAttached checks whether the list of volumes still attached to the specified - // node. It returns a map which maps from the volume spec to the checking result. - // If an error is occurred during checking, the error will be returned - VolumesAreAttached(specs []*Spec, nodeName types.NodeName) (map[*Spec]bool, error) - - // WaitForAttach blocks until the device is attached to this - // node. If it successfully attaches, the path to the device - // is returned. Otherwise, if the device does not attach after - // the given timeout period, an error will be returned. - WaitForAttach(spec *Spec, devicePath string, pod *v1.Pod, timeout time.Duration) (string, error) -} - -// DeviceMounterArgs provides auxiliary, optional arguments to DeviceMounter. -type DeviceMounterArgs struct { - FsGroup *int64 - SELinuxLabel string -} - -// DeviceMounter can mount a block volume to a global path. -type DeviceMounter interface { - // GetDeviceMountPath returns a path where the device should - // be mounted after it is attached. This is a global mount - // point which should be bind mounted for individual volumes. - GetDeviceMountPath(spec *Spec) (string, error) - - // MountDevice mounts the disk to a global path which - // individual pods can then bind mount - // Note that devicePath can be empty if the volume plugin does not implement any of Attach and WaitForAttach methods. - // It could return following types of errors: - // - TransientOperationFailure - // - UncertainProgressError - // - Error of any other type should be considered a final error - MountDevice(spec *Spec, devicePath string, deviceMountPath string, deviceMounterArgs DeviceMounterArgs) error -} - -type BulkVolumeVerifier interface { - // BulkVerifyVolumes checks whether the list of volumes still attached to the - // clusters in the node. It returns a map which maps from the volume spec to the checking result. - // If an error occurs during check - error should be returned and volume on nodes - // should be assumed as still attached. - BulkVerifyVolumes(volumesByNode map[types.NodeName][]*Spec) (map[types.NodeName]map[*Spec]bool, error) -} - -// Detacher can detach a volume from a node. -type Detacher interface { - DeviceUnmounter - // Detach the given volume from the node with the given Name. - // volumeName is name of the volume as returned from plugin's - // GetVolumeName(). - Detach(volumeName string, nodeName types.NodeName) error -} - -// DeviceUnmounter can unmount a block volume from the global path. -type DeviceUnmounter interface { - // UnmountDevice unmounts the global mount of the disk. This - // should only be called once all bind mounts have been - // unmounted. - UnmountDevice(deviceMountPath string) error -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go deleted file mode 100644 index 57c0281502..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume_linux.go +++ /dev/null @@ -1,212 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - "path/filepath" - "syscall" - - "os" - "time" - - v1 "k8s.io/api/core/v1" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/volume/util/types" -) - -const ( - rwMask = os.FileMode(0660) - roMask = os.FileMode(0440) - execMask = os.FileMode(0110) -) - -// SetVolumeOwnership modifies the given volume to be owned by -// fsGroup, and sets SetGid so that newly created files are owned by -// fsGroup. If fsGroup is nil nothing is done. -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { - if fsGroup == nil { - return nil - } - - timer := time.AfterFunc(30*time.Second, func() { - klog.Warningf("Setting volume ownership for %s and fsGroup set. If the volume has a lot of files then setting volume ownership could be slow, see https://github.com/kubernetes/kubernetes/issues/69699", mounter.GetPath()) - }) - defer timer.Stop() - - if skipPermissionChange(mounter, fsGroup, fsGroupChangePolicy) { - klog.V(3).InfoS("Skipping permission and ownership change for volume", "path", mounter.GetPath()) - return nil - } - - err := walkDeep(mounter.GetPath(), func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - return changeFilePermission(path, fsGroup, mounter.GetAttributes().ReadOnly, info) - }) - if completeFunc != nil { - completeFunc(types.CompleteFuncParam{ - Err: &err, - }) - } - return err -} - -func changeFilePermission(filename string, fsGroup *int64, readonly bool, info os.FileInfo) error { - err := os.Lchown(filename, -1, int(*fsGroup)) - if err != nil { - klog.ErrorS(err, "Lchown failed", "path", filename) - } - - // chmod passes through to the underlying file for symlinks. - // Symlinks have a mode of 777 but this really doesn't mean anything. - // The permissions of the underlying file are what matter. - // However, if one reads the mode of a symlink then chmods the symlink - // with that mode, it changes the mode of the underlying file, overridden - // the defaultMode and permissions initialized by the volume plugin, which - // is not what we want; thus, we skip chmod for symlinks. - if info.Mode()&os.ModeSymlink != 0 { - return nil - } - - mask := rwMask - if readonly { - mask = roMask - } - - if info.IsDir() { - mask |= os.ModeSetgid - mask |= execMask - } - - err = os.Chmod(filename, info.Mode()|mask) - if err != nil { - klog.ErrorS(err, "chmod failed", "path", filename) - } - - return nil -} - -func skipPermissionChange(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) bool { - dir := mounter.GetPath() - - if fsGroupChangePolicy == nil || *fsGroupChangePolicy != v1.FSGroupChangeOnRootMismatch { - klog.V(4).InfoS("Perform recursive ownership change for directory", "path", dir) - return false - } - return !requiresPermissionChange(mounter.GetPath(), fsGroup, mounter.GetAttributes().ReadOnly) -} - -func requiresPermissionChange(rootDir string, fsGroup *int64, readonly bool) bool { - fsInfo, err := os.Stat(rootDir) - if err != nil { - klog.ErrorS(err, "Performing recursive ownership change on rootDir because reading permissions of root volume failed", "path", rootDir) - return true - } - stat, ok := fsInfo.Sys().(*syscall.Stat_t) - if !ok || stat == nil { - klog.ErrorS(nil, "Performing recursive ownership change on rootDir because reading permissions of root volume failed", "path", rootDir) - return true - } - - if int(stat.Gid) != int(*fsGroup) { - klog.V(4).InfoS("Expected group ownership of volume did not match with Gid", "path", rootDir, "GID", stat.Gid) - return true - } - unixPerms := rwMask - - if readonly { - unixPerms = roMask - } - - // if rootDir is not a directory then we should apply permission change anyways - if !fsInfo.IsDir() { - return true - } - unixPerms |= execMask - filePerm := fsInfo.Mode().Perm() - - // We need to check if actual permissions of root directory is a superset of permissions required by unixPerms. - // This is done by checking if permission bits expected in unixPerms is set in actual permissions of the directory. - // We use bitwise AND operation to check set bits. For example: - // unixPerms: 770, filePerms: 775 : 770&775 = 770 (perms on directory is a superset) - // unixPerms: 770, filePerms: 770 : 770&770 = 770 (perms on directory is a superset) - // unixPerms: 770, filePerms: 750 : 770&750 = 750 (perms on directory is NOT a superset) - // We also need to check if setgid bits are set in permissions of the directory. - if (unixPerms&filePerm != unixPerms) || (fsInfo.Mode()&os.ModeSetgid == 0) { - klog.V(4).InfoS("Performing recursive ownership change on rootDir because of mismatching mode", "path", rootDir) - return true - } - return false -} - -// readDirNames reads the directory named by dirname and returns -// a list of directory entries. -// We are not using filepath.readDirNames because we do not want to sort files found in a directory before changing -// permissions for performance reasons. -func readDirNames(dirname string) ([]string, error) { - f, err := os.Open(dirname) - if err != nil { - return nil, err - } - names, err := f.Readdirnames(-1) - f.Close() - if err != nil { - return nil, err - } - return names, nil -} - -// walkDeep can be used to traverse directories and has two minor differences -// from filepath.Walk: -// - List of files/dirs is not sorted for performance reasons -// - callback walkFunc is invoked on root directory after visiting children dirs and files -func walkDeep(root string, walkFunc filepath.WalkFunc) error { - info, err := os.Lstat(root) - if err != nil { - return walkFunc(root, nil, err) - } - return walk(root, info, walkFunc) -} - -func walk(path string, info os.FileInfo, walkFunc filepath.WalkFunc) error { - if !info.IsDir() { - return walkFunc(path, info, nil) - } - names, err := readDirNames(path) - if err != nil { - return err - } - for _, name := range names { - filename := filepath.Join(path, name) - fileInfo, err := os.Lstat(filename) - if err != nil { - if err := walkFunc(filename, fileInfo, err); err != nil { - return err - } - } else { - err = walk(filename, fileInfo, walkFunc) - if err != nil { - return err - } - } - } - return walkFunc(path, info, nil) -} diff --git a/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go b/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go deleted file mode 100644 index 20c56d4b63..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/pkg/volume/volume_unsupported.go +++ /dev/null @@ -1,29 +0,0 @@ -//go:build !linux -// +build !linux - -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package volume - -import ( - v1 "k8s.io/api/core/v1" - "k8s.io/kubernetes/pkg/volume/util/types" -) - -func SetVolumeOwnership(mounter Mounter, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy, completeFunc func(types.CompleteFuncParam)) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/admit/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/admit/admission.go deleted file mode 100644 index e2cc6caabb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/admit/admission.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admit - -import ( - "context" - "io" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/klog/v2" -) - -// PluginName indicates name of admission plugin. -const PluginName = "AlwaysAdmit" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewAlwaysAdmit(), nil - }) -} - -// alwaysAdmit is an implementation of admission.Interface which always says yes to an admit request. -type alwaysAdmit struct{} - -var _ admission.MutationInterface = alwaysAdmit{} -var _ admission.ValidationInterface = alwaysAdmit{} - -// Admit makes an admission decision based on the request attributes -func (alwaysAdmit) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - return nil -} - -// Validate makes an admission decision based on the request attributes. It is NOT allowed to mutate. -func (alwaysAdmit) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - return nil -} - -// Handles returns true if this admission controller can handle the given operation -// where operation can be one of CREATE, UPDATE, DELETE, or CONNECT -func (alwaysAdmit) Handles(operation admission.Operation) bool { - return true -} - -// NewAlwaysAdmit creates a new always admit admission handler -func NewAlwaysAdmit() admission.Interface { - // DEPRECATED: AlwaysAdmit admit all admission request, it is no use. - klog.Warningf("%s admission controller is deprecated. "+ - "Please remove this controller from your configuration files and scripts.", PluginName) - return new(alwaysAdmit) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages/admission.go deleted file mode 100644 index 500a3f6db6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages/admission.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package alwayspullimages contains an admission controller that modifies every new Pod to force -// the image pull policy to Always. This is useful in a multitenant cluster so that users can be -// assured that their private images can only be used by those who have the credentials to pull -// them. Without this admission controller, once an image has been pulled to a node, any pod from -// any user can use it simply by knowing the image's name (assuming the Pod is scheduled onto the -// right node), without any authorization check against the image. With this admission controller -// enabled, images are always pulled prior to starting containers, which means valid credentials are -// required. -package alwayspullimages - -import ( - "context" - "io" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/apiserver/pkg/admission" - "k8s.io/klog/v2" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/pods" -) - -// PluginName indicates name of admission plugin. -const PluginName = "AlwaysPullImages" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewAlwaysPullImages(), nil - }) -} - -// AlwaysPullImages is an implementation of admission.Interface. -// It looks at all new pods and overrides each container's image pull policy to Always. -type AlwaysPullImages struct { - *admission.Handler -} - -var _ admission.MutationInterface = &AlwaysPullImages{} -var _ admission.ValidationInterface = &AlwaysPullImages{} - -// Admit makes an admission decision based on the request attributes -func (a *AlwaysPullImages) Admit(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) (err error) { - // Ignore all calls to subresources or resources other than pods. - if shouldIgnore(attributes) { - return nil - } - pod, ok := attributes.GetObject().(*api.Pod) - if !ok { - return apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted") - } - - pods.VisitContainersWithPath(&pod.Spec, field.NewPath("spec"), func(c *api.Container, _ *field.Path) bool { - c.ImagePullPolicy = api.PullAlways - return true - }) - - return nil -} - -// Validate makes sure that all containers are set to always pull images -func (*AlwaysPullImages) Validate(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) (err error) { - if shouldIgnore(attributes) { - return nil - } - - pod, ok := attributes.GetObject().(*api.Pod) - if !ok { - return apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted") - } - - var allErrs []error - pods.VisitContainersWithPath(&pod.Spec, field.NewPath("spec"), func(c *api.Container, p *field.Path) bool { - if c.ImagePullPolicy != api.PullAlways { - allErrs = append(allErrs, admission.NewForbidden(attributes, - field.NotSupported(p.Child("imagePullPolicy"), c.ImagePullPolicy, []string{string(api.PullAlways)}), - )) - } - return true - }) - if len(allErrs) > 0 { - return utilerrors.NewAggregate(allErrs) - } - - return nil -} - -// check if it's update and it doesn't change the images referenced by the pod spec -func isUpdateWithNoNewImages(attributes admission.Attributes) bool { - if attributes.GetOperation() != admission.Update { - return false - } - - pod, ok := attributes.GetObject().(*api.Pod) - if !ok { - klog.Warningf("Resource was marked with kind Pod but pod was unable to be converted.") - return false - } - - oldPod, ok := attributes.GetOldObject().(*api.Pod) - if !ok { - klog.Warningf("Resource was marked with kind Pod but old pod was unable to be converted.") - return false - } - - oldImages := sets.NewString() - pods.VisitContainersWithPath(&oldPod.Spec, field.NewPath("spec"), func(c *api.Container, _ *field.Path) bool { - oldImages.Insert(c.Image) - return true - }) - - hasNewImage := false - pods.VisitContainersWithPath(&pod.Spec, field.NewPath("spec"), func(c *api.Container, _ *field.Path) bool { - if !oldImages.Has(c.Image) { - hasNewImage = true - } - return !hasNewImage - }) - return !hasNewImage -} - -func shouldIgnore(attributes admission.Attributes) bool { - // Ignore all calls to subresources or resources other than pods. - if len(attributes.GetSubresource()) != 0 || attributes.GetResource().GroupResource() != api.Resource("pods") { - return true - } - - if isUpdateWithNoNewImages(attributes) { - return true - } - return false -} - -// NewAlwaysPullImages creates a new always pull images admission control handler -func NewAlwaysPullImages() *AlwaysPullImages { - return &AlwaysPullImages{ - Handler: admission.NewHandler(admission.Create, admission.Update), - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/admission.go deleted file mode 100644 index 6c961c5684..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/admission.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package antiaffinity - -import ( - "context" - "fmt" - "io" - - "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apiserver/pkg/admission" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// PluginName is a string with the name of the plugin -const PluginName = "LimitPodHardAntiAffinityTopology" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewInterPodAntiAffinity(), nil - }) -} - -// Plugin contains the client used by the admission controller -type Plugin struct { - *admission.Handler -} - -var _ admission.ValidationInterface = &Plugin{} - -// NewInterPodAntiAffinity creates a new instance of the LimitPodHardAntiAffinityTopology admission controller -func NewInterPodAntiAffinity() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - } -} - -// Validate will deny any pod that defines AntiAffinity topology key other than v1.LabelHostname i.e. "kubernetes.io/hostname" -// in requiredDuringSchedulingRequiredDuringExecution and requiredDuringSchedulingIgnoredDuringExecution. -func (p *Plugin) Validate(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) (err error) { - // Ignore all calls to subresources or resources other than pods. - if len(attributes.GetSubresource()) != 0 || attributes.GetResource().GroupResource() != api.Resource("pods") { - return nil - } - pod, ok := attributes.GetObject().(*api.Pod) - if !ok { - return apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted") - } - affinity := pod.Spec.Affinity - if affinity != nil && affinity.PodAntiAffinity != nil { - var podAntiAffinityTerms []api.PodAffinityTerm - if len(affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution) != 0 { - podAntiAffinityTerms = affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution - } - // TODO: Uncomment this block when implement RequiredDuringSchedulingRequiredDuringExecution. - //if len(affinity.PodAntiAffinity.RequiredDuringSchedulingRequiredDuringExecution) != 0 { - // podAntiAffinityTerms = append(podAntiAffinityTerms, affinity.PodAntiAffinity.RequiredDuringSchedulingRequiredDuringExecution...) - //} - for _, v := range podAntiAffinityTerms { - if v.TopologyKey != v1.LabelHostname { - return apierrors.NewForbidden(attributes.GetResource().GroupResource(), pod.Name, fmt.Errorf("affinity.PodAntiAffinity.RequiredDuringScheduling has TopologyKey %v but only key %v is allowed", v.TopologyKey, v1.LabelHostname)) - } - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/doc.go deleted file mode 100644 index 5d79fb396b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/doc.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package antiaffinity provides the LimitPodHardAntiAffinityTopology -// admission controller. It rejects any pod that specifies "hard" -// (RequiredDuringScheduling) anti-affinity with a TopologyKey other -// than v1.LabelHostname. Because anti-affinity is symmetric, without -// this admission controller, a user could maliciously or accidentally -// specify that their pod (once it has scheduled) should block other -// pods from scheduling into the same zone or some other large -// topology, essentially DoSing the cluster. In the future we will -// address this problem more fully by using quota and priority, but -// for now this admission controller provides a simple protection, on -// the assumption that the only legitimate use of hard pod -// anti-affinity is to exclude other pods from the same node. -package antiaffinity // import "k8s.io/kubernetes/plugin/pkg/admission/antiaffinity" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/OWNERS deleted file mode 100644 index d0850cbdb7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-certificates-approvers -reviewers: - - sig-auth-certificates-approvers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/approval/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/approval/admission.go deleted file mode 100644 index 248f9058c3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/approval/admission.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package approval - -import ( - "context" - "fmt" - "io" - - "k8s.io/klog/v2" - - "k8s.io/apiserver/pkg/admission" - genericadmissioninit "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/apiserver/pkg/authorization/authorizer" - - api "k8s.io/kubernetes/pkg/apis/certificates" - "k8s.io/kubernetes/plugin/pkg/admission/certificates" -) - -// PluginName is a string with the name of the plugin -const PluginName = "CertificateApproval" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewPlugin(), nil - }) -} - -// Plugin holds state for and implements the admission plugin. -type Plugin struct { - *admission.Handler - authz authorizer.Authorizer -} - -// SetAuthorizer sets the authorizer. -func (p *Plugin) SetAuthorizer(authz authorizer.Authorizer) { - p.authz = authz -} - -// ValidateInitialization ensures an authorizer is set. -func (p *Plugin) ValidateInitialization() error { - if p.authz == nil { - return fmt.Errorf("%s requires an authorizer", PluginName) - } - return nil -} - -var _ admission.ValidationInterface = &Plugin{} -var _ genericadmissioninit.WantsAuthorizer = &Plugin{} - -// NewPlugin creates a new CSR approval admission plugin -func NewPlugin() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Update), - } -} - -var csrGroupResource = api.Resource("certificatesigningrequests") - -// Validate verifies that the requesting user has permission to approve -// CertificateSigningRequests for the specified signerName. -func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, _ admission.ObjectInterfaces) error { - // Ignore all calls to anything other than 'certificatesigningrequests/approval'. - // Ignore all operations other than UPDATE. - if a.GetSubresource() != "approval" || - a.GetResource().GroupResource() != csrGroupResource { - return nil - } - - // We check permissions against the *old* version of the resource, in case - // a user is attempting to update the SignerName when calling the approval - // endpoint (which is an invalid/not allowed operation) - csr, ok := a.GetOldObject().(*api.CertificateSigningRequest) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("expected type CertificateSigningRequest, got: %T", a.GetOldObject())) - } - - if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "approve", csr.Spec.SignerName) { - klog.V(4).Infof("user not permitted to approve CertificateSigningRequest %q with signerName %q", csr.Name, csr.Spec.SignerName) - return admission.NewForbidden(a, fmt.Errorf("user not permitted to approve requests with signerName %q", csr.Spec.SignerName)) - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/signing/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/signing/admission.go deleted file mode 100644 index 2cd2b2e274..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/signing/admission.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package signing - -import ( - "context" - "fmt" - "io" - "reflect" - - "k8s.io/klog/v2" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apiserver/pkg/admission" - genericadmissioninit "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/apiserver/pkg/authorization/authorizer" - api "k8s.io/kubernetes/pkg/apis/certificates" - "k8s.io/kubernetes/plugin/pkg/admission/certificates" -) - -// PluginName is a string with the name of the plugin -const PluginName = "CertificateSigning" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewPlugin(), nil - }) -} - -// Plugin holds state for and implements the admission plugin. -type Plugin struct { - *admission.Handler - authz authorizer.Authorizer -} - -// SetAuthorizer sets the authorizer. -func (p *Plugin) SetAuthorizer(authz authorizer.Authorizer) { - p.authz = authz -} - -// ValidateInitialization ensures an authorizer is set. -func (p *Plugin) ValidateInitialization() error { - if p.authz == nil { - return fmt.Errorf("%s requires an authorizer", PluginName) - } - return nil -} - -var _ admission.ValidationInterface = &Plugin{} -var _ genericadmissioninit.WantsAuthorizer = &Plugin{} - -// NewPlugin creates a new CSR approval admission plugin -func NewPlugin() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Update), - } -} - -var csrGroupResource = api.Resource("certificatesigningrequests") - -// Validate verifies that the requesting user has permission to sign -// CertificateSigningRequests for the specified signerName. -func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - // Ignore all calls to anything other than 'certificatesigningrequests/status'. - // Ignore all operations other than UPDATE. - if a.GetSubresource() != "status" || - a.GetResource().GroupResource() != csrGroupResource { - return nil - } - - oldCSR, ok := a.GetOldObject().(*api.CertificateSigningRequest) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("expected type CertificateSigningRequest, got: %T", a.GetOldObject())) - } - csr, ok := a.GetObject().(*api.CertificateSigningRequest) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("expected type CertificateSigningRequest, got: %T", a.GetObject())) - } - - // only run if the status.certificate or status.conditions field has been changed - if reflect.DeepEqual(oldCSR.Status.Certificate, csr.Status.Certificate) && apiequality.Semantic.DeepEqual(oldCSR.Status.Conditions, csr.Status.Conditions) { - return nil - } - - if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "sign", oldCSR.Spec.SignerName) { - klog.V(4).Infof("user not permitted to sign CertificateSigningRequest %q with signerName %q", oldCSR.Name, oldCSR.Spec.SignerName) - return admission.NewForbidden(a, fmt.Errorf("user not permitted to sign requests with signerName %q", oldCSR.Spec.SignerName)) - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/subjectrestriction/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/subjectrestriction/admission.go deleted file mode 100644 index 20da7dd761..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/subjectrestriction/admission.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package subjectrestriction - -import ( - "context" - "fmt" - "io" - - certificatesv1beta1 "k8s.io/api/certificates/v1beta1" - "k8s.io/apiserver/pkg/admission" - "k8s.io/klog/v2" - certificatesapi "k8s.io/kubernetes/pkg/apis/certificates" -) - -// PluginName is a string with the name of the plugin -const PluginName = "CertificateSubjectRestriction" - -// Register registers the plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewPlugin(), nil - }) -} - -// Plugin holds state for and implements the admission plugin. -type Plugin struct { - *admission.Handler -} - -// ValidateInitialization always returns nil. -func (p *Plugin) ValidateInitialization() error { - return nil -} - -var _ admission.ValidationInterface = &Plugin{} - -// NewPlugin constructs a new instance of the CertificateSubjectRestrictions admission interface. -func NewPlugin() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create), - } -} - -var csrGroupResource = certificatesapi.Resource("certificatesigningrequests") - -// Validate ensures that if the signerName on a CSR is set to -// `kubernetes.io/kube-apiserver-client`, that its organization (group) -// attribute is not set to `system:masters`. -func (p *Plugin) Validate(_ context.Context, a admission.Attributes, _ admission.ObjectInterfaces) error { - if a.GetResource().GroupResource() != csrGroupResource || a.GetSubresource() != "" { - return nil - } - - csr, ok := a.GetObject().(*certificatesapi.CertificateSigningRequest) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("expected type CertificateSigningRequest, got: %T", a.GetObject())) - } - - if csr.Spec.SignerName != certificatesv1beta1.KubeAPIServerClientSignerName { - return nil - } - - csrParsed, err := certificatesapi.ParseCSR(csr.Spec.Request) - if err != nil { - return admission.NewForbidden(a, fmt.Errorf("failed to parse CSR: %v", err)) - } - - for _, group := range csrParsed.Subject.Organization { - if group == "system:masters" { - klog.V(4).Infof("CSR %s rejected by admission plugin %s for attempting to use signer %s with system:masters group", - csr.Name, PluginName, certificatesv1beta1.KubeAPIServerClientSignerName) - return admission.NewForbidden(a, fmt.Errorf("use of %s signer with system:masters group is not allowed", - certificatesv1beta1.KubeAPIServerClientSignerName)) - } - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/util.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/util.go deleted file mode 100644 index 42cbb65987..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/certificates/util.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package certificates - -import ( - "context" - "strings" - - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/klog/v2" -) - -// IsAuthorizedForSignerName returns true if 'info' is authorized to perform the given -// 'verb' on the synthetic 'signers' resource with the given signerName. -// If the user does not have permission to perform the 'verb' on the given signerName, -// it will also perform an authorization check against {domain portion}/*, for example -// `kubernetes.io/*`. This allows an entity to be granted permission to 'verb' on all -// signerNames with a given 'domain portion'. -func IsAuthorizedForSignerName(ctx context.Context, authz authorizer.Authorizer, info user.Info, verb, signerName string) bool { - // First check if the user has explicit permission to 'verb' for the given signerName. - attr := buildAttributes(info, verb, signerName) - decision, reason, err := authz.Authorize(ctx, attr) - switch { - case err != nil: - klog.V(3).Infof("cannot authorize %q %q for policy: %v,%v", verb, attr.GetName(), reason, err) - case decision == authorizer.DecisionAllow: - return true - } - - // If not, check if the user has wildcard permissions to 'verb' for the domain portion of the signerName, e.g. - // 'kubernetes.io/*'. - attr = buildWildcardAttributes(info, verb, signerName) - decision, reason, err = authz.Authorize(ctx, attr) - switch { - case err != nil: - klog.V(3).Infof("cannot authorize %q %q for policy: %v,%v", verb, attr.GetName(), reason, err) - case decision == authorizer.DecisionAllow: - return true - } - - return false -} - -func buildAttributes(info user.Info, verb, signerName string) authorizer.Attributes { - return authorizer.AttributesRecord{ - User: info, - Verb: verb, - Name: signerName, - APIGroup: "certificates.k8s.io", - APIVersion: "*", - Resource: "signers", - ResourceRequest: true, - } -} - -func buildWildcardAttributes(info user.Info, verb, signerName string) authorizer.Attributes { - parts := strings.Split(signerName, "/") - domain := parts[0] - return buildAttributes(info, verb, domain+"/*") -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds/admission.go deleted file mode 100644 index a699d8d317..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds/admission.go +++ /dev/null @@ -1,125 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package defaulttolerationseconds - -import ( - "context" - "flag" - "fmt" - "io" - - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apiserver/pkg/admission" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// PluginName indicates name of admission plugin. -const PluginName = "DefaultTolerationSeconds" - -var ( - defaultNotReadyTolerationSeconds = flag.Int64("default-not-ready-toleration-seconds", 300, - "Indicates the tolerationSeconds of the toleration for notReady:NoExecute"+ - " that is added by default to every pod that does not already have such a toleration.") - - defaultUnreachableTolerationSeconds = flag.Int64("default-unreachable-toleration-seconds", 300, - "Indicates the tolerationSeconds of the toleration for unreachable:NoExecute"+ - " that is added by default to every pod that does not already have such a toleration.") - - notReadyToleration = api.Toleration{ - Key: v1.TaintNodeNotReady, - Operator: api.TolerationOpExists, - Effect: api.TaintEffectNoExecute, - TolerationSeconds: defaultNotReadyTolerationSeconds, - } - - unreachableToleration = api.Toleration{ - Key: v1.TaintNodeUnreachable, - Operator: api.TolerationOpExists, - Effect: api.TaintEffectNoExecute, - TolerationSeconds: defaultUnreachableTolerationSeconds, - } -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewDefaultTolerationSeconds(), nil - }) -} - -// Plugin contains the client used by the admission controller -// It will add default tolerations for every pod -// that tolerate taints `notReady:NoExecute` and `unreachable:NoExecute`, -// with tolerationSeconds of 300s. -// If the pod already specifies a toleration for taint `notReady:NoExecute` -// or `unreachable:NoExecute`, the plugin won't touch it. -type Plugin struct { - *admission.Handler -} - -var _ admission.MutationInterface = &Plugin{} - -// NewDefaultTolerationSeconds creates a new instance of the DefaultTolerationSeconds admission controller -func NewDefaultTolerationSeconds() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - } -} - -// Admit makes an admission decision based on the request attributes -func (p *Plugin) Admit(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) (err error) { - if attributes.GetResource().GroupResource() != api.Resource("pods") { - return nil - } - - if len(attributes.GetSubresource()) > 0 { - // only run the checks below on pods proper and not subresources - return nil - } - - pod, ok := attributes.GetObject().(*api.Pod) - if !ok { - return errors.NewBadRequest(fmt.Sprintf("expected *api.Pod but got %T", attributes.GetObject())) - } - - tolerations := pod.Spec.Tolerations - - toleratesNodeNotReady := false - toleratesNodeUnreachable := false - for _, toleration := range tolerations { - if (toleration.Key == v1.TaintNodeNotReady || len(toleration.Key) == 0) && - (toleration.Effect == api.TaintEffectNoExecute || len(toleration.Effect) == 0) { - toleratesNodeNotReady = true - } - - if (toleration.Key == v1.TaintNodeUnreachable || len(toleration.Key) == 0) && - (toleration.Effect == api.TaintEffectNoExecute || len(toleration.Effect) == 0) { - toleratesNodeUnreachable = true - } - } - - if !toleratesNodeNotReady { - pod.Spec.Tolerations = append(pod.Spec.Tolerations, notReadyToleration) - } - - if !toleratesNodeUnreachable { - pod.Spec.Tolerations = append(pod.Spec.Tolerations, unreachableToleration) - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/deny/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/deny/admission.go deleted file mode 100644 index a162b3b5a6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/deny/admission.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package deny - -import ( - "context" - "errors" - "io" - - "k8s.io/klog/v2" - - "k8s.io/apiserver/pkg/admission" -) - -// PluginName indicates name of admission plugin. -const PluginName = "AlwaysDeny" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewAlwaysDeny(), nil - }) -} - -// alwaysDeny is an implementation of admission.Interface which always says no to an admission request. -type alwaysDeny struct{} - -var _ admission.MutationInterface = alwaysDeny{} -var _ admission.ValidationInterface = alwaysDeny{} - -// Admit makes an admission decision based on the request attributes. -func (alwaysDeny) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - return admission.NewForbidden(a, errors.New("admission control is denying all modifications")) -} - -// Validate makes an admission decision based on the request attributes. It is NOT allowed to mutate. -func (alwaysDeny) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - return admission.NewForbidden(a, errors.New("admission control is denying all modifications")) -} - -// Handles returns true if this admission controller can handle the given operation -// where operation can be one of CREATE, UPDATE, DELETE, or CONNECT -func (alwaysDeny) Handles(operation admission.Operation) bool { - return true -} - -// NewAlwaysDeny creates an always deny admission handler -func NewAlwaysDeny() admission.Interface { - // DEPRECATED: AlwaysDeny denys all admission request, it is no use. - klog.Warningf("%s admission controller is deprecated. "+ - "Please remove this controller from your configuration files and scripts.", PluginName) - return new(alwaysDeny) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/admission.go deleted file mode 100644 index 98fdc1d479..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/admission.go +++ /dev/null @@ -1,112 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventratelimit - -import ( - "context" - "io" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/admission" - "k8s.io/client-go/util/flowcontrol" - api "k8s.io/kubernetes/pkg/apis/core" - eventratelimitapi "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit" - "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/validation" - "k8s.io/utils/clock" -) - -// PluginName indicates name of admission plugin. -const PluginName = "EventRateLimit" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, - func(config io.Reader) (admission.Interface, error) { - // load the configuration provided (if any) - configuration, err := LoadConfiguration(config) - if err != nil { - return nil, err - } - // validate the configuration (if any) - if configuration != nil { - if errs := validation.ValidateConfiguration(configuration); len(errs) != 0 { - return nil, errs.ToAggregate() - } - } - return newEventRateLimit(configuration, clock.RealClock{}) - }) -} - -// Plugin implements an admission controller that can enforce event rate limits -type Plugin struct { - *admission.Handler - // limitEnforcers is the collection of limit enforcers. There is one limit enforcer for each - // active limit type. As there are 4 limit types, the length of the array will be at most 4. - // The array is read-only after construction. - limitEnforcers []*limitEnforcer -} - -var _ admission.ValidationInterface = &Plugin{} - -// newEventRateLimit configures an admission controller that can enforce event rate limits -func newEventRateLimit(config *eventratelimitapi.Configuration, clock flowcontrol.Clock) (*Plugin, error) { - limitEnforcers := make([]*limitEnforcer, 0, len(config.Limits)) - for _, limitConfig := range config.Limits { - enforcer, err := newLimitEnforcer(limitConfig, clock) - if err != nil { - return nil, err - } - limitEnforcers = append(limitEnforcers, enforcer) - } - - eventRateLimitAdmission := &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - limitEnforcers: limitEnforcers, - } - - return eventRateLimitAdmission, nil -} - -// Validate makes admission decisions while enforcing event rate limits -func (a *Plugin) Validate(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) (err error) { - // ignore all operations that do not correspond to an Event kind - if attr.GetKind().GroupKind() != api.Kind("Event") { - return nil - } - - // ignore all requests that specify dry-run - // because they don't correspond to any calls to etcd, - // they should not be affected by the ratelimit - if attr.IsDryRun() { - return nil - } - - var errors []error - // give each limit enforcer a chance to reject the event - for _, enforcer := range a.limitEnforcers { - if err := enforcer.accept(attr); err != nil { - errors = append(errors, err) - } - } - - if aggregatedErr := utilerrors.NewAggregate(errors); aggregatedErr != nil { - return apierrors.NewTooManyRequestsError(aggregatedErr.Error()) - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/OWNERS deleted file mode 100644 index bbc16c84ed..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - deads2k - - derekwaynecarr -approvers: - - deads2k - - derekwaynecarr - - smarterclayton diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/doc.go deleted file mode 100644 index 56d99bee29..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package eventratelimit // import "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/install/install.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/install/install.go deleted file mode 100644 index 413cd56b8d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/install/install.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - internalapi "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit" - versionedapi "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1" -) - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(internalapi.AddToScheme(scheme)) - utilruntime.Must(versionedapi.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(versionedapi.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/register.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/register.go deleted file mode 100644 index 9c6ec8e1ec..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventratelimit - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = SchemeBuilder.AddToScheme -) - -// GroupName is the group name use in this package -const GroupName = "eventratelimit.admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -func addKnownTypes(scheme *runtime.Scheme) error { - // TODO this will get cleaned up with the scheme types are fixed - scheme.AddKnownTypes(SchemeGroupVersion, - &Configuration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/types.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/types.go deleted file mode 100644 index 397027c249..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/types.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventratelimit - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// LimitType is the type of the limit (e.g., per-namespace) -type LimitType string - -const ( - // ServerLimitType is a type of limit where there is one bucket shared by - // all of the event queries received by the API Server. - ServerLimitType LimitType = "Server" - // NamespaceLimitType is a type of limit where there is one bucket used by - // each namespace - NamespaceLimitType LimitType = "Namespace" - // UserLimitType is a type of limit where there is one bucket used by each - // user - UserLimitType LimitType = "User" - // SourceAndObjectLimitType is a type of limit where there is one bucket used - // by each combination of source and involved object of the event. - SourceAndObjectLimitType LimitType = "SourceAndObject" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the EventRateLimit admission -// controller. -type Configuration struct { - metav1.TypeMeta `json:",inline"` - - // limits are the limits to place on event queries received. - // Limits can be placed on events received server-wide, per namespace, - // per user, and per source+object. - // At least one limit is required. - Limits []Limit `json:"limits"` -} - -// Limit is the configuration for a particular limit type -type Limit struct { - // type is the type of limit to which this configuration applies - Type LimitType `json:"type"` - - // qps is the number of event queries per second that are allowed for this - // type of limit. The qps and burst fields are used together to determine if - // a particular event query is accepted. The qps determines how many queries - // are accepted once the burst amount of queries has been exhausted. - QPS int32 `json:"qps"` - - // burst is the burst number of event queries that are allowed for this type - // of limit. The qps and burst fields are used together to determine if a - // particular event query is accepted. The burst determines the maximum size - // of the allowance granted for a particular bucket. For example, if the burst - // is 10 and the qps is 3, then the admission control will accept 10 queries - // before blocking any queries. Every second, 3 more queries will be allowed. - // If some of that allowance is not used, then it will roll over to the next - // second, until the maximum allowance of 10 is reached. - Burst int32 `json:"burst"` - - // cacheSize is the size of the LRU cache for this type of limit. If a bucket - // is evicted from the cache, then the allowance for that bucket is reset. If - // more queries are later received for an evicted bucket, then that bucket - // will re-enter the cache with a clean slate, giving that bucket a full - // allowance of burst queries. - // - // The default cache size is 4096. - // - // If limitType is 'server', then cacheSize is ignored. - // +optional - CacheSize int32 `json:"cacheSize,omitempty"` -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/defaults.go deleted file mode 100644 index ebade2de23..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/defaults.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import kruntime "k8s.io/apimachinery/pkg/runtime" - -func addDefaultingFuncs(scheme *kruntime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_Configuration(obj *Configuration) {} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/doc.go deleted file mode 100644 index 09fdc9fc39..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit -// +k8s:defaulter-gen=TypeMeta -// +groupName=eventratelimit.admission.k8s.io - -// Package v1alpha1 is the v1alpha1 version of the API. -package v1alpha1 // import "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/register.go deleted file mode 100644 index 8a2ed26ffc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "eventratelimit.admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Configuration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/types.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/types.go deleted file mode 100644 index 2f9d482c4e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/types.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// LimitType is the type of the limit (e.g., per-namespace) -type LimitType string - -const ( - // ServerLimitType is a type of limit where there is one bucket shared by - // all of the event queries received by the API Server. - ServerLimitType LimitType = "Server" - // NamespaceLimitType is a type of limit where there is one bucket used by - // each namespace - NamespaceLimitType LimitType = "Namespace" - // UserLimitType is a type of limit where there is one bucket used by each - // user - UserLimitType LimitType = "User" - // SourceAndObjectLimitType is a type of limit where there is one bucket used - // by each combination of source and involved object of the event. - SourceAndObjectLimitType LimitType = "SourceAndObject" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the EventRateLimit admission -// controller. -type Configuration struct { - metav1.TypeMeta `json:",inline"` - - // limits are the limits to place on event queries received. - // Limits can be placed on events received server-wide, per namespace, - // per user, and per source+object. - // At least one limit is required. - Limits []Limit `json:"limits"` -} - -// Limit is the configuration for a particular limit type -type Limit struct { - // type is the type of limit to which this configuration applies - Type LimitType `json:"type"` - - // qps is the number of event queries per second that are allowed for this - // type of limit. The qps and burst fields are used together to determine if - // a particular event query is accepted. The qps determines how many queries - // are accepted once the burst amount of queries has been exhausted. - QPS int32 `json:"qps"` - - // burst is the burst number of event queries that are allowed for this type - // of limit. The qps and burst fields are used together to determine if a - // particular event query is accepted. The burst determines the maximum size - // of the allowance granted for a particular bucket. For example, if the burst - // is 10 and the qps is 3, then the admission control will accept 10 queries - // before blocking any queries. Every second, 3 more queries will be allowed. - // If some of that allowance is not used, then it will roll over to the next - // second, until the maximum allowance of 10 is reached. - Burst int32 `json:"burst"` - - // cacheSize is the size of the LRU cache for this type of limit. If a bucket - // is evicted from the cache, then the allowance for that bucket is reset. If - // more queries are later received for an evicted bucket, then that bucket - // will re-enter the cache with a clean slate, giving that bucket a full - // allowance of burst queries. - // - // The default cache size is 4096. - // - // If limitType is 'server', then cacheSize is ignored. - // +optional - CacheSize int32 `json:"cacheSize,omitempty"` -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 37e1166fdf..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,106 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - eventratelimit "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*Configuration)(nil), (*eventratelimit.Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Configuration_To_eventratelimit_Configuration(a.(*Configuration), b.(*eventratelimit.Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*eventratelimit.Configuration)(nil), (*Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_eventratelimit_Configuration_To_v1alpha1_Configuration(a.(*eventratelimit.Configuration), b.(*Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Limit)(nil), (*eventratelimit.Limit)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Limit_To_eventratelimit_Limit(a.(*Limit), b.(*eventratelimit.Limit), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*eventratelimit.Limit)(nil), (*Limit)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_eventratelimit_Limit_To_v1alpha1_Limit(a.(*eventratelimit.Limit), b.(*Limit), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_Configuration_To_eventratelimit_Configuration(in *Configuration, out *eventratelimit.Configuration, s conversion.Scope) error { - out.Limits = *(*[]eventratelimit.Limit)(unsafe.Pointer(&in.Limits)) - return nil -} - -// Convert_v1alpha1_Configuration_To_eventratelimit_Configuration is an autogenerated conversion function. -func Convert_v1alpha1_Configuration_To_eventratelimit_Configuration(in *Configuration, out *eventratelimit.Configuration, s conversion.Scope) error { - return autoConvert_v1alpha1_Configuration_To_eventratelimit_Configuration(in, out, s) -} - -func autoConvert_eventratelimit_Configuration_To_v1alpha1_Configuration(in *eventratelimit.Configuration, out *Configuration, s conversion.Scope) error { - out.Limits = *(*[]Limit)(unsafe.Pointer(&in.Limits)) - return nil -} - -// Convert_eventratelimit_Configuration_To_v1alpha1_Configuration is an autogenerated conversion function. -func Convert_eventratelimit_Configuration_To_v1alpha1_Configuration(in *eventratelimit.Configuration, out *Configuration, s conversion.Scope) error { - return autoConvert_eventratelimit_Configuration_To_v1alpha1_Configuration(in, out, s) -} - -func autoConvert_v1alpha1_Limit_To_eventratelimit_Limit(in *Limit, out *eventratelimit.Limit, s conversion.Scope) error { - out.Type = eventratelimit.LimitType(in.Type) - out.QPS = in.QPS - out.Burst = in.Burst - out.CacheSize = in.CacheSize - return nil -} - -// Convert_v1alpha1_Limit_To_eventratelimit_Limit is an autogenerated conversion function. -func Convert_v1alpha1_Limit_To_eventratelimit_Limit(in *Limit, out *eventratelimit.Limit, s conversion.Scope) error { - return autoConvert_v1alpha1_Limit_To_eventratelimit_Limit(in, out, s) -} - -func autoConvert_eventratelimit_Limit_To_v1alpha1_Limit(in *eventratelimit.Limit, out *Limit, s conversion.Scope) error { - out.Type = LimitType(in.Type) - out.QPS = in.QPS - out.Burst = in.Burst - out.CacheSize = in.CacheSize - return nil -} - -// Convert_eventratelimit_Limit_To_v1alpha1_Limit is an autogenerated conversion function. -func Convert_eventratelimit_Limit_To_v1alpha1_Limit(in *eventratelimit.Limit, out *Limit, s conversion.Scope) error { - return autoConvert_eventratelimit_Limit_To_v1alpha1_Limit(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index 111ea6b141..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,72 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Limits != nil { - in, out := &in.Limits, &out.Limits - *out = make([]Limit, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Limit) DeepCopyInto(out *Limit) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limit. -func (in *Limit) DeepCopy() *Limit { - if in == nil { - return nil - } - out := new(Limit) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index cc845eda04..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,38 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&Configuration{}, func(obj interface{}) { SetObjectDefaults_Configuration(obj.(*Configuration)) }) - return nil -} - -func SetObjectDefaults_Configuration(in *Configuration) { - SetDefaults_Configuration(in) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/validation/validation.go deleted file mode 100644 index f09acfd132..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/validation/validation.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "k8s.io/apimachinery/pkg/util/validation/field" - - eventratelimitapi "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit" -) - -var limitTypes = map[eventratelimitapi.LimitType]bool{ - eventratelimitapi.ServerLimitType: true, - eventratelimitapi.NamespaceLimitType: true, - eventratelimitapi.UserLimitType: true, - eventratelimitapi.SourceAndObjectLimitType: true, -} - -// ValidateConfiguration validates the configuration. -func ValidateConfiguration(config *eventratelimitapi.Configuration) field.ErrorList { - allErrs := field.ErrorList{} - limitsPath := field.NewPath("limits") - if len(config.Limits) == 0 { - allErrs = append(allErrs, field.Invalid(limitsPath, config.Limits, "must not be empty")) - } - for i, limit := range config.Limits { - idxPath := limitsPath.Index(i) - if !limitTypes[limit.Type] { - allowedValues := make([]string, len(limitTypes)) - i := 0 - for limitType := range limitTypes { - allowedValues[i] = string(limitType) - i++ - } - allErrs = append(allErrs, field.NotSupported(idxPath.Child("type"), limit.Type, allowedValues)) - } - if limit.Burst <= 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("burst"), limit.Burst, "must be positive")) - } - if limit.QPS <= 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("qps"), limit.QPS, "must be positive")) - } - if limit.Type != eventratelimitapi.ServerLimitType { - if limit.CacheSize < 0 { - allErrs = append(allErrs, field.Invalid(idxPath.Child("cacheSize"), limit.CacheSize, "must not be negative")) - } - } - } - return allErrs -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/zz_generated.deepcopy.go deleted file mode 100644 index 4e7f40b058..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/zz_generated.deepcopy.go +++ /dev/null @@ -1,72 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package eventratelimit - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Limits != nil { - in, out := &in.Limits, &out.Limits - *out = make([]Limit, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Limit) DeepCopyInto(out *Limit) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limit. -func (in *Limit) DeepCopy() *Limit { - if in == nil { - return nil - } - out := new(Limit) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/cache.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/cache.go deleted file mode 100644 index 69f9514d20..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/cache.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventratelimit - -import ( - "k8s.io/client-go/util/flowcontrol" - "k8s.io/utils/lru" -) - -// cache is an interface for caching the limits of a particular type -type cache interface { - // get the rate limiter associated with the specified key - get(key interface{}) flowcontrol.RateLimiter -} - -// singleCache is a cache that only stores a single, constant item -type singleCache struct { - // the single rate limiter held by the cache - rateLimiter flowcontrol.RateLimiter -} - -func (c *singleCache) get(key interface{}) flowcontrol.RateLimiter { - return c.rateLimiter -} - -// lruCache is a least-recently-used cache -type lruCache struct { - // factory to use to create new rate limiters - rateLimiterFactory func() flowcontrol.RateLimiter - // the actual LRU cache - cache *lru.Cache -} - -func (c *lruCache) get(key interface{}) flowcontrol.RateLimiter { - value, found := c.cache.Get(key) - if !found { - rateLimter := c.rateLimiterFactory() - c.cache.Add(key, rateLimter) - return rateLimter - } - return value.(flowcontrol.RateLimiter) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/config.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/config.go deleted file mode 100644 index 34610391fa..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/config.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventratelimit - -import ( - "fmt" - "io" - "io/ioutil" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - eventratelimitapi "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit" - "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/install" - eventratelimitv1alpha1 "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1" -) - -var ( - scheme = runtime.NewScheme() - codecs = serializer.NewCodecFactory(scheme) -) - -func init() { - install.Install(scheme) -} - -// LoadConfiguration loads the provided configuration. -func LoadConfiguration(config io.Reader) (*eventratelimitapi.Configuration, error) { - // if no config is provided, return a default configuration - if config == nil { - externalConfig := &eventratelimitv1alpha1.Configuration{} - scheme.Default(externalConfig) - internalConfig := &eventratelimitapi.Configuration{} - if err := scheme.Convert(externalConfig, internalConfig, nil); err != nil { - return nil, err - } - return internalConfig, nil - } - // we have a config so parse it. - data, err := ioutil.ReadAll(config) - if err != nil { - return nil, err - } - decoder := codecs.UniversalDecoder() - decodedObj, err := runtime.Decode(decoder, data) - if err != nil { - return nil, err - } - resourceQuotaConfiguration, ok := decodedObj.(*eventratelimitapi.Configuration) - if !ok { - return nil, fmt.Errorf("unexpected type: %T", decodedObj) - } - return resourceQuotaConfiguration, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/doc.go deleted file mode 100644 index d51d2379b6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package eventratelimit contains an admission controller that enforces a rate limit on events -package eventratelimit // import "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/limitenforcer.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/limitenforcer.go deleted file mode 100644 index 18d8553064..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/limitenforcer.go +++ /dev/null @@ -1,140 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package eventratelimit - -import ( - "fmt" - "strings" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/client-go/util/flowcontrol" - api "k8s.io/kubernetes/pkg/apis/core" - eventratelimitapi "k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit" - "k8s.io/utils/lru" -) - -const ( - // cache size to use if the user did not specify a cache size - defaultCacheSize = 4096 -) - -// limitEnforcer enforces a single type of event rate limit, such as server, namespace, or source+object -type limitEnforcer struct { - // type of this limit - limitType eventratelimitapi.LimitType - // cache for holding the rate limiters - cache cache - // a keyFunc which is responsible for computing a single key based on input - keyFunc func(admission.Attributes) string -} - -func newLimitEnforcer(config eventratelimitapi.Limit, clock flowcontrol.Clock) (*limitEnforcer, error) { - rateLimiterFactory := func() flowcontrol.RateLimiter { - return flowcontrol.NewTokenBucketRateLimiterWithClock(float32(config.QPS), int(config.Burst), clock) - } - - if config.Type == eventratelimitapi.ServerLimitType { - return &limitEnforcer{ - limitType: config.Type, - cache: &singleCache{ - rateLimiter: rateLimiterFactory(), - }, - keyFunc: getServerKey, - }, nil - } - - cacheSize := int(config.CacheSize) - if cacheSize == 0 { - cacheSize = defaultCacheSize - } - underlyingCache := lru.New(cacheSize) - cache := &lruCache{ - rateLimiterFactory: rateLimiterFactory, - cache: underlyingCache, - } - - var keyFunc func(admission.Attributes) string - switch t := config.Type; t { - case eventratelimitapi.NamespaceLimitType: - keyFunc = getNamespaceKey - case eventratelimitapi.UserLimitType: - keyFunc = getUserKey - case eventratelimitapi.SourceAndObjectLimitType: - keyFunc = getSourceAndObjectKey - default: - return nil, fmt.Errorf("unknown event rate limit type: %v", t) - } - - return &limitEnforcer{ - limitType: config.Type, - cache: cache, - keyFunc: keyFunc, - }, nil -} - -func (enforcer *limitEnforcer) accept(attr admission.Attributes) error { - key := enforcer.keyFunc(attr) - rateLimiter := enforcer.cache.get(key) - - // ensure we have available rate - allow := rateLimiter.TryAccept() - - if !allow { - return fmt.Errorf("limit reached on type %v for key %v", enforcer.limitType, key) - } - - return nil -} - -func getServerKey(attr admission.Attributes) string { - return "" -} - -// getNamespaceKey returns a cache key that is based on the namespace of the event request -func getNamespaceKey(attr admission.Attributes) string { - return attr.GetNamespace() -} - -// getUserKey returns a cache key that is based on the user of the event request -func getUserKey(attr admission.Attributes) string { - userInfo := attr.GetUserInfo() - if userInfo == nil { - return "" - } - return userInfo.GetName() -} - -// getSourceAndObjectKey returns a cache key that is based on the source+object of the event -func getSourceAndObjectKey(attr admission.Attributes) string { - object := attr.GetObject() - if object == nil { - return "" - } - event, ok := object.(*api.Event) - if !ok { - return "" - } - return strings.Join([]string{ - event.Source.Component, - event.Source.Host, - event.InvolvedObject.Kind, - event.InvolvedObject.Namespace, - event.InvolvedObject.Name, - string(event.InvolvedObject.UID), - event.InvolvedObject.APIVersion, - }, "") -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration/admission.go deleted file mode 100644 index bdada75d44..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration/admission.go +++ /dev/null @@ -1,98 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package extendedresourcetoleration - -import ( - "context" - "fmt" - "io" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper" -) - -// PluginName indicates name of admission plugin. -const PluginName = "ExtendedResourceToleration" - -// Register is called by the apiserver to register the plugin factory. -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return newExtendedResourceToleration(), nil - }) -} - -// newExtendedResourceToleration creates a new instance of the ExtendedResourceToleration admission controller. -func newExtendedResourceToleration() *plugin { - return &plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - } -} - -// Make sure we are implementing the interface. -var _ admission.MutationInterface = &plugin{} - -type plugin struct { - *admission.Handler -} - -// Admit updates the toleration of a pod based on the resources requested by it. -// If an extended resource of name "example.com/device" is requested, it adds -// a toleration with key "example.com/device", operator "Exists" and effect "NoSchedule". -// The rationale for this is described in: -// https://github.com/kubernetes/kubernetes/issues/55080 -func (p *plugin) Admit(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) error { - // Ignore all calls to subresources or resources other than pods. - if len(attributes.GetSubresource()) != 0 || attributes.GetResource().GroupResource() != core.Resource("pods") { - return nil - } - - pod, ok := attributes.GetObject().(*core.Pod) - if !ok { - return errors.NewBadRequest(fmt.Sprintf("expected *core.Pod but got %T", attributes.GetObject())) - } - - resources := sets.String{} - for _, container := range pod.Spec.Containers { - for resourceName := range container.Resources.Requests { - if helper.IsExtendedResourceName(resourceName) { - resources.Insert(string(resourceName)) - } - } - } - for _, container := range pod.Spec.InitContainers { - for resourceName := range container.Resources.Requests { - if helper.IsExtendedResourceName(resourceName) { - resources.Insert(string(resourceName)) - } - } - } - - // Doing .List() so that we get a stable sorted list. - // This allows us to test adding tolerations for multiple extended resources. - for _, resource := range resources.List() { - helper.AddOrUpdateTolerationInPod(pod, &core.Toleration{ - Key: resource, - Operator: core.TolerationOpExists, - Effect: core.TaintEffectNoSchedule, - }) - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/gc/gc_admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/gc/gc_admission.go deleted file mode 100644 index db0f3c12c1..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/gc/gc_admission.go +++ /dev/null @@ -1,312 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package gc - -import ( - "context" - "fmt" - "io" - - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" -) - -// PluginName indicates name of admission plugin. -const PluginName = "OwnerReferencesPermissionEnforcement" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - // the pods/status endpoint is ignored by this plugin since old kubelets - // corrupt them. the pod status strategy ensures status updates cannot mutate - // ownerRef. - whiteList := []whiteListItem{ - { - groupResource: schema.GroupResource{Resource: "pods"}, - subresource: "status", - }, - } - return &gcPermissionsEnforcement{ - Handler: admission.NewHandler(admission.Create, admission.Update), - whiteList: whiteList, - }, nil - }) -} - -// gcPermissionsEnforcement is an implementation of admission.Interface. -type gcPermissionsEnforcement struct { - *admission.Handler - - authorizer authorizer.Authorizer - - restMapper meta.RESTMapper - - // items in this whitelist are ignored upon admission. - // any item in this list must protect against ownerRef mutations - // via strategy enforcement. - whiteList []whiteListItem -} - -var _ admission.ValidationInterface = &gcPermissionsEnforcement{} - -// whiteListItem describes an entry in a whitelist ignored by gc permission enforcement. -type whiteListItem struct { - groupResource schema.GroupResource - subresource string -} - -// isWhiteListed returns true if the specified item is in the whitelist. -func (a *gcPermissionsEnforcement) isWhiteListed(groupResource schema.GroupResource, subresource string) bool { - for _, item := range a.whiteList { - if item.groupResource == groupResource && item.subresource == subresource { - return true - } - } - return false -} - -func (a *gcPermissionsEnforcement) Validate(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) (err error) { - // // if the request is in the whitelist, we skip mutation checks for this resource. - if a.isWhiteListed(attributes.GetResource().GroupResource(), attributes.GetSubresource()) { - return nil - } - - // if we aren't changing owner references, then the edit is always allowed - if !isChangingOwnerReference(attributes.GetObject(), attributes.GetOldObject()) { - return nil - } - - // if you are creating a thing, you should always be allowed to set an owner ref since you logically had the power - // to never create it. We still need to check block owner deletion below, because the power to delete does not - // imply the power to prevent deletion on other resources. - if attributes.GetOperation() != admission.Create { - deleteAttributes := authorizer.AttributesRecord{ - User: attributes.GetUserInfo(), - Verb: "delete", - Namespace: attributes.GetNamespace(), - APIGroup: attributes.GetResource().Group, - APIVersion: attributes.GetResource().Version, - Resource: attributes.GetResource().Resource, - Subresource: attributes.GetSubresource(), - Name: attributes.GetName(), - ResourceRequest: true, - Path: "", - } - decision, reason, err := a.authorizer.Authorize(ctx, deleteAttributes) - if decision != authorizer.DecisionAllow { - return admission.NewForbidden(attributes, fmt.Errorf("cannot set an ownerRef on a resource you can't delete: %v, %v", reason, err)) - } - } - - // Further check if the user is setting ownerReference.blockOwnerDeletion to - // true. If so, only allows the change if the user has delete permission of - // the _OWNER_ - newBlockingRefs := newBlockingOwnerDeletionRefs(attributes.GetObject(), attributes.GetOldObject()) - if len(newBlockingRefs) == 0 { - return nil - } - - // There can be a case where a restMapper tries to hit discovery endpoints and times out if the network is inaccessible. - // This can prevent creating the pod to run the network to be able to do discovery and it appears as a timeout, not a rejection. - // Because the timeout is wrapper on admission/request, we can run a single check to see if the user can finalize any - // possible resource. - if decision, _, _ := a.authorizer.Authorize(ctx, finalizeAnythingRecord(attributes.GetUserInfo())); decision == authorizer.DecisionAllow { - return nil - } - - for _, ref := range newBlockingRefs { - records, err := a.ownerRefToDeleteAttributeRecords(ref, attributes) - if err != nil { - return admission.NewForbidden(attributes, fmt.Errorf("cannot set blockOwnerDeletion in this case because cannot find RESTMapping for APIVersion %s Kind %s: %v", ref.APIVersion, ref.Kind, err)) - } - // Multiple records are returned if ref.Kind could map to multiple - // resources. User needs to have delete permission on all the - // matched Resources. - for _, record := range records { - decision, reason, err := a.authorizer.Authorize(ctx, record) - if decision != authorizer.DecisionAllow { - return admission.NewForbidden(attributes, fmt.Errorf("cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: %v, %v", reason, err)) - } - } - } - - return nil - -} - -func isChangingOwnerReference(newObj, oldObj runtime.Object) bool { - newMeta, err := meta.Accessor(newObj) - if err != nil { - // if we don't have objectmeta, we don't have the object reference - return false - } - - if oldObj == nil { - return len(newMeta.GetOwnerReferences()) > 0 - } - oldMeta, err := meta.Accessor(oldObj) - if err != nil { - // if we don't have objectmeta, we don't have the object reference - return false - } - - // compare the old and new. If they aren't the same, then we're trying to change an ownerRef - oldOwners := oldMeta.GetOwnerReferences() - newOwners := newMeta.GetOwnerReferences() - if len(oldOwners) != len(newOwners) { - return true - } - for i := range oldOwners { - if !apiequality.Semantic.DeepEqual(oldOwners[i], newOwners[i]) { - return true - } - } - - return false -} - -func finalizeAnythingRecord(userInfo user.Info) authorizer.AttributesRecord { - return authorizer.AttributesRecord{ - User: userInfo, - Verb: "update", - APIGroup: "*", - APIVersion: "*", - Resource: "*", - Subresource: "finalizers", - Name: "*", - ResourceRequest: true, - Path: "", - } -} - -// Translates ref to a DeleteAttribute deleting the object referred by the ref. -// OwnerReference only records the object kind, which might map to multiple -// resources, so multiple DeleteAttribute might be returned. -func (a *gcPermissionsEnforcement) ownerRefToDeleteAttributeRecords(ref metav1.OwnerReference, attributes admission.Attributes) ([]authorizer.AttributesRecord, error) { - var ret []authorizer.AttributesRecord - groupVersion, err := schema.ParseGroupVersion(ref.APIVersion) - if err != nil { - return ret, err - } - mappings, err := a.restMapper.RESTMappings(schema.GroupKind{Group: groupVersion.Group, Kind: ref.Kind}, groupVersion.Version) - if err != nil { - return ret, err - } - for _, mapping := range mappings { - ar := authorizer.AttributesRecord{ - User: attributes.GetUserInfo(), - Verb: "update", - APIGroup: mapping.Resource.Group, - APIVersion: mapping.Resource.Version, - Resource: mapping.Resource.Resource, - Subresource: "finalizers", - Name: ref.Name, - ResourceRequest: true, - Path: "", - } - if mapping.Scope.Name() == meta.RESTScopeNameNamespace { - // if the owner is namespaced, it must be in the same namespace as the dependent is. - ar.Namespace = attributes.GetNamespace() - } - ret = append(ret, ar) - } - return ret, nil -} - -// only keeps the blocking refs -func blockingOwnerRefs(refs []metav1.OwnerReference) []metav1.OwnerReference { - var ret []metav1.OwnerReference - for _, ref := range refs { - if ref.BlockOwnerDeletion != nil && *ref.BlockOwnerDeletion == true { - ret = append(ret, ref) - } - } - return ret -} - -func indexByUID(refs []metav1.OwnerReference) map[types.UID]metav1.OwnerReference { - ret := make(map[types.UID]metav1.OwnerReference) - for _, ref := range refs { - ret[ref.UID] = ref - } - return ret -} - -// Returns new blocking ownerReferences, and references whose blockOwnerDeletion -// field is changed from nil or false to true. -func newBlockingOwnerDeletionRefs(newObj, oldObj runtime.Object) []metav1.OwnerReference { - newMeta, err := meta.Accessor(newObj) - if err != nil { - // if we don't have objectmeta, we don't have the object reference - return nil - } - newRefs := newMeta.GetOwnerReferences() - blockingNewRefs := blockingOwnerRefs(newRefs) - if len(blockingNewRefs) == 0 { - return nil - } - - if oldObj == nil { - return blockingNewRefs - } - oldMeta, err := meta.Accessor(oldObj) - if err != nil { - // if we don't have objectmeta, treat it as if all the ownerReference are newly created - return blockingNewRefs - } - - var ret []metav1.OwnerReference - indexedOldRefs := indexByUID(oldMeta.GetOwnerReferences()) - for _, ref := range blockingNewRefs { - oldRef, ok := indexedOldRefs[ref.UID] - if !ok { - // if ref is newly added, and it's blocking, then returns it. - ret = append(ret, ref) - continue - } - wasNotBlocking := oldRef.BlockOwnerDeletion == nil || *oldRef.BlockOwnerDeletion == false - if wasNotBlocking { - ret = append(ret, ref) - } - } - return ret -} - -func (a *gcPermissionsEnforcement) SetAuthorizer(authorizer authorizer.Authorizer) { - a.authorizer = authorizer -} - -func (a *gcPermissionsEnforcement) SetRESTMapper(restMapper meta.RESTMapper) { - a.restMapper = restMapper -} - -func (a *gcPermissionsEnforcement) ValidateInitialization() error { - if a.authorizer == nil { - return fmt.Errorf("missing authorizer") - } - if a.restMapper == nil { - return fmt.Errorf("missing restMapper") - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/OWNERS deleted file mode 100644 index 50dc329afb..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-policy-approvers -reviewers: - - sig-auth-policy-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/admission.go deleted file mode 100644 index 6fd7f0dfad..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/admission.go +++ /dev/null @@ -1,281 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package imagepolicy contains an admission controller that configures a webhook to which policy -// decisions are delegated. -package imagepolicy - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io" - "strings" - "time" - - "k8s.io/klog/v2" - - "k8s.io/api/imagepolicy/v1alpha1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/cache" - "k8s.io/apimachinery/pkg/util/yaml" - "k8s.io/apiserver/pkg/admission" - "k8s.io/apiserver/pkg/util/webhook" - "k8s.io/client-go/rest" - "k8s.io/kubernetes/pkg/api/legacyscheme" - api "k8s.io/kubernetes/pkg/apis/core" - - // install the clientgo image policy API for use with api registry - _ "k8s.io/kubernetes/pkg/apis/imagepolicy/install" -) - -// PluginName indicates name of admission plugin. -const PluginName = "ImagePolicyWebhook" - -// AuditKeyPrefix is used as the prefix for all audit keys handled by this -// pluggin. Some well known suffixes are listed below. -var AuditKeyPrefix = strings.ToLower(PluginName) + ".image-policy.k8s.io/" - -const ( - // ImagePolicyFailedOpenKeySuffix in an annotation indicates the image - // review failed open when the image policy webhook backend connection - // failed. - ImagePolicyFailedOpenKeySuffix string = "failed-open" - - // ImagePolicyAuditRequiredKeySuffix in an annotation indicates the pod - // should be audited. - ImagePolicyAuditRequiredKeySuffix string = "audit-required" -) - -var ( - groupVersions = []schema.GroupVersion{v1alpha1.SchemeGroupVersion} -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - newImagePolicyWebhook, err := NewImagePolicyWebhook(config) - if err != nil { - return nil, err - } - return newImagePolicyWebhook, nil - }) -} - -// Plugin is an implementation of admission.Interface. -type Plugin struct { - *admission.Handler - webhook *webhook.GenericWebhook - responseCache *cache.LRUExpireCache - allowTTL time.Duration - denyTTL time.Duration - defaultAllow bool -} - -var _ admission.ValidationInterface = &Plugin{} - -func (a *Plugin) statusTTL(status v1alpha1.ImageReviewStatus) time.Duration { - if status.Allowed { - return a.allowTTL - } - return a.denyTTL -} - -// Filter out annotations that don't match *.image-policy.k8s.io/* -func (a *Plugin) filterAnnotations(allAnnotations map[string]string) map[string]string { - annotations := make(map[string]string) - for k, v := range allAnnotations { - if strings.Contains(k, ".image-policy.k8s.io/") { - annotations[k] = v - } - } - return annotations -} - -// Function to call on webhook failure; behavior determined by defaultAllow flag -func (a *Plugin) webhookError(pod *api.Pod, attributes admission.Attributes, err error) error { - if err != nil { - klog.V(2).Infof("error contacting webhook backend: %s", err) - if a.defaultAllow { - attributes.AddAnnotation(AuditKeyPrefix+ImagePolicyFailedOpenKeySuffix, "true") - // TODO(wteiken): Remove the annotation code for the 1.13 release - annotations := pod.GetAnnotations() - if annotations == nil { - annotations = make(map[string]string) - } - annotations[api.ImagePolicyFailedOpenKey] = "true" - pod.ObjectMeta.SetAnnotations(annotations) - - klog.V(2).Infof("resource allowed in spite of webhook backend failure") - return nil - } - klog.V(2).Infof("resource not allowed due to webhook backend failure ") - return admission.NewForbidden(attributes, err) - } - return nil -} - -// Validate makes an admission decision based on the request attributes -func (a *Plugin) Validate(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) (err error) { - // Ignore all calls to subresources or resources other than pods. - if attributes.GetSubresource() != "" || attributes.GetResource().GroupResource() != api.Resource("pods") { - return nil - } - - pod, ok := attributes.GetObject().(*api.Pod) - if !ok { - return apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted") - } - - // Build list of ImageReviewContainerSpec - var imageReviewContainerSpecs []v1alpha1.ImageReviewContainerSpec - containers := make([]api.Container, 0, len(pod.Spec.Containers)+len(pod.Spec.InitContainers)) - containers = append(containers, pod.Spec.Containers...) - containers = append(containers, pod.Spec.InitContainers...) - for _, c := range containers { - imageReviewContainerSpecs = append(imageReviewContainerSpecs, v1alpha1.ImageReviewContainerSpec{ - Image: c.Image, - }) - } - imageReview := v1alpha1.ImageReview{ - Spec: v1alpha1.ImageReviewSpec{ - Containers: imageReviewContainerSpecs, - Annotations: a.filterAnnotations(pod.Annotations), - Namespace: attributes.GetNamespace(), - }, - } - if err := a.admitPod(ctx, pod, attributes, &imageReview); err != nil { - return admission.NewForbidden(attributes, err) - } - return nil -} - -func (a *Plugin) admitPod(ctx context.Context, pod *api.Pod, attributes admission.Attributes, review *v1alpha1.ImageReview) error { - cacheKey, err := json.Marshal(review.Spec) - if err != nil { - return err - } - if entry, ok := a.responseCache.Get(string(cacheKey)); ok { - review.Status = entry.(v1alpha1.ImageReviewStatus) - } else { - result := a.webhook.WithExponentialBackoff(ctx, func() rest.Result { - return a.webhook.RestClient.Post().Body(review).Do(ctx) - }) - - if err := result.Error(); err != nil { - return a.webhookError(pod, attributes, err) - } - var statusCode int - if result.StatusCode(&statusCode); statusCode < 200 || statusCode >= 300 { - return a.webhookError(pod, attributes, fmt.Errorf("Error contacting webhook: %d", statusCode)) - } - - if err := result.Into(review); err != nil { - return a.webhookError(pod, attributes, err) - } - - a.responseCache.Add(string(cacheKey), review.Status, a.statusTTL(review.Status)) - } - - for k, v := range review.Status.AuditAnnotations { - if err := attributes.AddAnnotation(AuditKeyPrefix+k, v); err != nil { - klog.Warningf("failed to set admission audit annotation %s to %s: %v", AuditKeyPrefix+k, v, err) - } - } - if !review.Status.Allowed { - if len(review.Status.Reason) > 0 { - return fmt.Errorf("image policy webhook backend denied one or more images: %s", review.Status.Reason) - } - return errors.New("one or more images rejected by webhook backend") - } - return nil -} - -// NewImagePolicyWebhook a new ImagePolicyWebhook plugin from the provided config file. -// The config file is specified by --admission-control-config-file and has the -// following format for a webhook: -// -// { -// "imagePolicy": { -// "kubeConfigFile": "path/to/kubeconfig/for/backend", -// "allowTTL": 30, # time in s to cache approval -// "denyTTL": 30, # time in s to cache denial -// "retryBackoff": 500, # time in ms to wait between retries -// "defaultAllow": true # determines behavior if the webhook backend fails -// } -// } -// -// The config file may be json or yaml. -// -// The kubeconfig property refers to another file in the kubeconfig format which -// specifies how to connect to the webhook backend. -// -// The kubeconfig's cluster field is used to refer to the remote service, user refers to the returned authorizer. -// -// # clusters refers to the remote service. -// clusters: -// - name: name-of-remote-imagepolicy-service -// cluster: -// certificate-authority: /path/to/ca.pem # CA for verifying the remote service. -// server: https://images.example.com/policy # URL of remote service to query. Must use 'https'. -// -// # users refers to the API server's webhook configuration. -// users: -// - name: name-of-api-server -// user: -// client-certificate: /path/to/cert.pem # cert for the webhook plugin to use -// client-key: /path/to/key.pem # key matching the cert -// -// For additional HTTP configuration, refer to the kubeconfig documentation -// http://kubernetes.io/v1.1/docs/user-guide/kubeconfig-file.html. -func NewImagePolicyWebhook(configFile io.Reader) (*Plugin, error) { - if configFile == nil { - return nil, fmt.Errorf("no config specified") - } - - // TODO: move this to a versioned configuration file format - var config AdmissionConfig - d := yaml.NewYAMLOrJSONDecoder(configFile, 4096) - err := d.Decode(&config) - if err != nil { - return nil, err - } - - whConfig := config.ImagePolicyWebhook - if err := normalizeWebhookConfig(&whConfig); err != nil { - return nil, err - } - - clientConfig, err := webhook.LoadKubeconfig(whConfig.KubeConfigFile, nil) - if err != nil { - return nil, err - } - retryBackoff := webhook.DefaultRetryBackoffWithInitialDelay(whConfig.RetryBackoff) - gw, err := webhook.NewGenericWebhook(legacyscheme.Scheme, legacyscheme.Codecs, clientConfig, groupVersions, retryBackoff) - if err != nil { - return nil, err - } - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - webhook: gw, - responseCache: cache.NewLRUExpireCache(1024), - allowTTL: whConfig.AllowTTL, - denyTTL: whConfig.DenyTTL, - defaultAllow: whConfig.DefaultAllow, - }, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/config.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/config.go deleted file mode 100644 index c3b3e537c2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/config.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package imagepolicy contains an admission controller that configures a webhook to which policy -// decisions are delegated. -package imagepolicy - -import ( - "fmt" - "time" - - "k8s.io/klog/v2" -) - -const ( - defaultRetryBackoff = time.Duration(500) * time.Millisecond - minRetryBackoff = time.Duration(1) - maxRetryBackoff = time.Duration(5) * time.Minute - defaultAllowTTL = time.Duration(5) * time.Minute - defaultDenyTTL = time.Duration(30) * time.Second - minAllowTTL = time.Duration(1) * time.Second - maxAllowTTL = time.Duration(30) * time.Minute - minDenyTTL = time.Duration(1) * time.Second - maxDenyTTL = time.Duration(30) * time.Minute - useDefault = time.Duration(0) //sentinel for using default TTL - disableTTL = time.Duration(-1) //sentinel for disabling a TTL -) - -// imagePolicyWebhookConfig holds config data for imagePolicyWebhook -type imagePolicyWebhookConfig struct { - KubeConfigFile string `json:"kubeConfigFile"` - AllowTTL time.Duration `json:"allowTTL"` - DenyTTL time.Duration `json:"denyTTL"` - RetryBackoff time.Duration `json:"retryBackoff"` - DefaultAllow bool `json:"defaultAllow"` -} - -// AdmissionConfig holds config data for admission controllers -type AdmissionConfig struct { - ImagePolicyWebhook imagePolicyWebhookConfig `json:"imagePolicy"` -} - -func normalizeWebhookConfig(config *imagePolicyWebhookConfig) (err error) { - config.RetryBackoff, err = normalizeConfigDuration("backoff", time.Millisecond, config.RetryBackoff, minRetryBackoff, maxRetryBackoff, defaultRetryBackoff) - if err != nil { - return err - } - config.AllowTTL, err = normalizeConfigDuration("allow cache", time.Second, config.AllowTTL, minAllowTTL, maxAllowTTL, defaultAllowTTL) - if err != nil { - return err - } - config.DenyTTL, err = normalizeConfigDuration("deny cache", time.Second, config.DenyTTL, minDenyTTL, maxDenyTTL, defaultDenyTTL) - return err -} - -func normalizeConfigDuration(name string, scale, value, min, max, defaultValue time.Duration) (time.Duration, error) { - // disable with -1 sentinel - if value == disableTTL { - klog.V(2).Infof("image policy webhook %s disabled", name) - return time.Duration(0), nil - } - - // use default with 0 sentinel - if value == useDefault { - klog.V(2).Infof("image policy webhook %s using default value", name) - return defaultValue, nil - } - - // convert to s; unmarshalling gives ns - value *= scale - - // check value is within range - if value < min || value > max { - return value, fmt.Errorf("valid value is between %v and %v, got %v", min, max, value) - } - return value, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/doc.go deleted file mode 100644 index 508ff33b17..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package imagepolicy checks a webhook for image admission -package imagepolicy // import "k8s.io/kubernetes/plugin/pkg/admission/imagepolicy" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/gencerts.sh b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/gencerts.sh deleted file mode 100644 index ac8758c0c8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/imagepolicy/gencerts.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2016 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -# gencerts.sh generates the certificates for the webhook authz plugin tests. -# -# It is not expected to be run often (there is no go generate rule), and mainly -# exists for documentation purposes. - -cat > server.conf << EOF -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth -subjectAltName = @alt_names -[alt_names] -IP.1 = 127.0.0.1 -EOF - -cat > client.conf << EOF -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth -EOF - -# Create a certificate authority -openssl genrsa -out caKey.pem 2048 -openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=webhook_imagepolicy_ca" - -# Create a second certificate authority -openssl genrsa -out badCAKey.pem 2048 -openssl req -x509 -new -nodes -key badCAKey.pem -days 100000 -out badCACert.pem -subj "/CN=webhook_imagepolicy_ca" - -# Create a server certiticate -openssl genrsa -out serverKey.pem 2048 -openssl req -new -key serverKey.pem -out server.csr -subj "/CN=webhook_imagepolicy_server" -config server.conf -openssl x509 -req -in server.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCert.pem -days 100000 -extensions v3_req -extfile server.conf - -# Create a client certiticate -openssl genrsa -out clientKey.pem 2048 -openssl req -new -key clientKey.pem -out client.csr -subj "/CN=webhook_imagepolicy_client" -config client.conf -openssl x509 -req -in client.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out clientCert.pem -days 100000 -extensions v3_req -extfile client.conf - -outfile=certs_test.go - -cat > $outfile << EOF -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file was generated using openssl by the gencerts.sh script -// and holds raw certificates for the imagepolicy webhook tests. - -//lint:file-ignore U1000 Ignore all unused code, it's generated - -package imagepolicy -EOF - -for file in caKey caCert badCAKey badCACert serverKey serverCert clientKey clientCert; do - data=$(cat ${file}.pem) - echo "" >> $outfile - echo "var $file = []byte(\`$data\`)" >> $outfile -done - -# Clean up after we're done. -rm ./*.pem -rm ./*.csr -rm ./*.srl -rm ./*.conf diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/admission.go deleted file mode 100644 index 4525463d2e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/admission.go +++ /dev/null @@ -1,612 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package limitranger - -import ( - "context" - "fmt" - "io" - "sort" - "strings" - "time" - - "golang.org/x/sync/singleflight" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitailizer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/utils/lru" -) - -const ( - limitRangerAnnotation = "kubernetes.io/limit-ranger" - // PluginName indicates name of admission plugin. - PluginName = "LimitRanger" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewLimitRanger(&DefaultLimitRangerActions{}) - }) -} - -// LimitRanger enforces usage limits on a per resource basis in the namespace -type LimitRanger struct { - *admission.Handler - client kubernetes.Interface - actions LimitRangerActions - lister corev1listers.LimitRangeLister - - // liveLookups holds the last few live lookups we've done to help ammortize cost on repeated lookup failures. - // This let's us handle the case of latent caches, by looking up actual results for a namespace on cache miss/no results. - // We track the lookup result here so that for repeated requests, we don't look it up very often. - liveLookupCache *lru.Cache - group singleflight.Group - liveTTL time.Duration -} - -var _ admission.MutationInterface = &LimitRanger{} -var _ admission.ValidationInterface = &LimitRanger{} - -var _ genericadmissioninitailizer.WantsExternalKubeInformerFactory = &LimitRanger{} -var _ genericadmissioninitailizer.WantsExternalKubeClientSet = &LimitRanger{} - -type liveLookupEntry struct { - expiry time.Time - items []*corev1.LimitRange -} - -// SetExternalKubeInformerFactory registers an informer factory into the LimitRanger -func (l *LimitRanger) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - limitRangeInformer := f.Core().V1().LimitRanges() - l.SetReadyFunc(limitRangeInformer.Informer().HasSynced) - l.lister = limitRangeInformer.Lister() -} - -// SetExternalKubeClientSet registers the client into LimitRanger -func (l *LimitRanger) SetExternalKubeClientSet(client kubernetes.Interface) { - l.client = client -} - -// ValidateInitialization verifies the LimitRanger object has been properly initialized -func (l *LimitRanger) ValidateInitialization() error { - if l.lister == nil { - return fmt.Errorf("missing limitRange lister") - } - if l.client == nil { - return fmt.Errorf("missing client") - } - return nil -} - -// Admit admits resources into cluster that do not violate any defined LimitRange in the namespace -func (l *LimitRanger) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - return l.runLimitFunc(a, l.actions.MutateLimit) -} - -// Validate admits resources into cluster that do not violate any defined LimitRange in the namespace -func (l *LimitRanger) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - return l.runLimitFunc(a, l.actions.ValidateLimit) -} - -func (l *LimitRanger) runLimitFunc(a admission.Attributes, limitFn func(limitRange *corev1.LimitRange, kind string, obj runtime.Object) error) (err error) { - if !l.actions.SupportsAttributes(a) { - return nil - } - - // ignore all objects marked for deletion - oldObj := a.GetOldObject() - if oldObj != nil { - oldAccessor, err := meta.Accessor(oldObj) - if err != nil { - return admission.NewForbidden(a, err) - } - if oldAccessor.GetDeletionTimestamp() != nil { - return nil - } - } - - items, err := l.GetLimitRanges(a) - if err != nil { - return err - } - - // ensure it meets each prescribed min/max - for i := range items { - limitRange := items[i] - - if !l.actions.SupportsLimit(limitRange) { - continue - } - - err = limitFn(limitRange, a.GetResource().Resource, a.GetObject()) - if err != nil { - return admission.NewForbidden(a, err) - } - } - return nil -} - -// GetLimitRanges returns a LimitRange object with the items held in -// the indexer if available, or do alive lookup of the value. -func (l *LimitRanger) GetLimitRanges(a admission.Attributes) ([]*corev1.LimitRange, error) { - items, err := l.lister.LimitRanges(a.GetNamespace()).List(labels.Everything()) - if err != nil { - return nil, admission.NewForbidden(a, fmt.Errorf("unable to %s %v at this time because there was an error enforcing limit ranges", a.GetOperation(), a.GetResource())) - } - - // if there are no items held in our indexer, check our live-lookup LRU, if that misses, do the live lookup to prime it. - if len(items) == 0 { - lruItemObj, ok := l.liveLookupCache.Get(a.GetNamespace()) - if !ok || lruItemObj.(liveLookupEntry).expiry.Before(time.Now()) { - // Fixed: #22422 - // use singleflight to alleviate simultaneous calls to - lruItemObj, err, _ = l.group.Do(a.GetNamespace(), func() (interface{}, error) { - liveList, err := l.client.CoreV1().LimitRanges(a.GetNamespace()).List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return nil, admission.NewForbidden(a, err) - } - newEntry := liveLookupEntry{expiry: time.Now().Add(l.liveTTL)} - for i := range liveList.Items { - newEntry.items = append(newEntry.items, &liveList.Items[i]) - } - l.liveLookupCache.Add(a.GetNamespace(), newEntry) - return newEntry, nil - }) - if err != nil { - return nil, err - } - } - lruEntry := lruItemObj.(liveLookupEntry) - - for i := range lruEntry.items { - items = append(items, lruEntry.items[i]) - } - - } - - return items, nil -} - -// NewLimitRanger returns an object that enforces limits based on the supplied limit function -func NewLimitRanger(actions LimitRangerActions) (*LimitRanger, error) { - liveLookupCache := lru.New(10000) - - if actions == nil { - actions = &DefaultLimitRangerActions{} - } - - return &LimitRanger{ - Handler: admission.NewHandler(admission.Create, admission.Update), - actions: actions, - liveLookupCache: liveLookupCache, - liveTTL: time.Duration(30 * time.Second), - }, nil -} - -// defaultContainerResourceRequirements returns the default requirements for a container -// the requirement.Limits are taken from the LimitRange defaults (if specified) -// the requirement.Requests are taken from the LimitRange default request (if specified) -func defaultContainerResourceRequirements(limitRange *corev1.LimitRange) api.ResourceRequirements { - requirements := api.ResourceRequirements{} - requirements.Requests = api.ResourceList{} - requirements.Limits = api.ResourceList{} - - for i := range limitRange.Spec.Limits { - limit := limitRange.Spec.Limits[i] - if limit.Type == corev1.LimitTypeContainer { - for k, v := range limit.DefaultRequest { - requirements.Requests[api.ResourceName(k)] = v.DeepCopy() - } - for k, v := range limit.Default { - requirements.Limits[api.ResourceName(k)] = v.DeepCopy() - } - } - } - return requirements -} - -// mergeContainerResources handles defaulting all of the resources on a container. -func mergeContainerResources(container *api.Container, defaultRequirements *api.ResourceRequirements, annotationPrefix string, annotations []string) []string { - setRequests := []string{} - setLimits := []string{} - if container.Resources.Limits == nil { - container.Resources.Limits = api.ResourceList{} - } - if container.Resources.Requests == nil { - container.Resources.Requests = api.ResourceList{} - } - for k, v := range defaultRequirements.Limits { - _, found := container.Resources.Limits[k] - if !found { - container.Resources.Limits[k] = v.DeepCopy() - setLimits = append(setLimits, string(k)) - } - } - for k, v := range defaultRequirements.Requests { - _, found := container.Resources.Requests[k] - if !found { - container.Resources.Requests[k] = v.DeepCopy() - setRequests = append(setRequests, string(k)) - } - } - if len(setRequests) > 0 { - sort.Strings(setRequests) - a := strings.Join(setRequests, ", ") + fmt.Sprintf(" request for %s %s", annotationPrefix, container.Name) - annotations = append(annotations, a) - } - if len(setLimits) > 0 { - sort.Strings(setLimits) - a := strings.Join(setLimits, ", ") + fmt.Sprintf(" limit for %s %s", annotationPrefix, container.Name) - annotations = append(annotations, a) - } - return annotations -} - -// mergePodResourceRequirements merges enumerated requirements with default requirements -// it annotates the pod with information about what requirements were modified -func mergePodResourceRequirements(pod *api.Pod, defaultRequirements *api.ResourceRequirements) { - annotations := []string{} - - for i := range pod.Spec.Containers { - annotations = mergeContainerResources(&pod.Spec.Containers[i], defaultRequirements, "container", annotations) - } - - for i := range pod.Spec.InitContainers { - annotations = mergeContainerResources(&pod.Spec.InitContainers[i], defaultRequirements, "init container", annotations) - } - - if len(annotations) > 0 { - if pod.ObjectMeta.Annotations == nil { - pod.ObjectMeta.Annotations = make(map[string]string) - } - val := "LimitRanger plugin set: " + strings.Join(annotations, "; ") - pod.ObjectMeta.Annotations[limitRangerAnnotation] = val - } -} - -// requestLimitEnforcedValues returns the specified values at a common precision to support comparability -func requestLimitEnforcedValues(requestQuantity, limitQuantity, enforcedQuantity resource.Quantity) (request, limit, enforced int64) { - request = requestQuantity.Value() - limit = limitQuantity.Value() - enforced = enforcedQuantity.Value() - // do a more precise comparison if possible (if the value won't overflow) - if request <= resource.MaxMilliValue && limit <= resource.MaxMilliValue && enforced <= resource.MaxMilliValue { - request = requestQuantity.MilliValue() - limit = limitQuantity.MilliValue() - enforced = enforcedQuantity.MilliValue() - } - return -} - -// minConstraint enforces the min constraint over the specified resource -func minConstraint(limitType string, resourceName string, enforced resource.Quantity, request api.ResourceList, limit api.ResourceList) error { - req, reqExists := request[api.ResourceName(resourceName)] - lim, limExists := limit[api.ResourceName(resourceName)] - observedReqValue, observedLimValue, enforcedValue := requestLimitEnforcedValues(req, lim, enforced) - - if !reqExists { - return fmt.Errorf("minimum %s usage per %s is %s. No request is specified", resourceName, limitType, enforced.String()) - } - if observedReqValue < enforcedValue { - return fmt.Errorf("minimum %s usage per %s is %s, but request is %s", resourceName, limitType, enforced.String(), req.String()) - } - if limExists && (observedLimValue < enforcedValue) { - return fmt.Errorf("minimum %s usage per %s is %s, but limit is %s", resourceName, limitType, enforced.String(), lim.String()) - } - return nil -} - -// maxRequestConstraint enforces the max constraint over the specified resource -// use when specify LimitType resource doesn't recognize limit values -func maxRequestConstraint(limitType string, resourceName string, enforced resource.Quantity, request api.ResourceList) error { - req, reqExists := request[api.ResourceName(resourceName)] - observedReqValue, _, enforcedValue := requestLimitEnforcedValues(req, resource.Quantity{}, enforced) - - if !reqExists { - return fmt.Errorf("maximum %s usage per %s is %s. No request is specified", resourceName, limitType, enforced.String()) - } - if observedReqValue > enforcedValue { - return fmt.Errorf("maximum %s usage per %s is %s, but request is %s", resourceName, limitType, enforced.String(), req.String()) - } - return nil -} - -// maxConstraint enforces the max constraint over the specified resource -func maxConstraint(limitType string, resourceName string, enforced resource.Quantity, request api.ResourceList, limit api.ResourceList) error { - req, reqExists := request[api.ResourceName(resourceName)] - lim, limExists := limit[api.ResourceName(resourceName)] - observedReqValue, observedLimValue, enforcedValue := requestLimitEnforcedValues(req, lim, enforced) - - if !limExists { - return fmt.Errorf("maximum %s usage per %s is %s. No limit is specified", resourceName, limitType, enforced.String()) - } - if observedLimValue > enforcedValue { - return fmt.Errorf("maximum %s usage per %s is %s, but limit is %s", resourceName, limitType, enforced.String(), lim.String()) - } - if reqExists && (observedReqValue > enforcedValue) { - return fmt.Errorf("maximum %s usage per %s is %s, but request is %s", resourceName, limitType, enforced.String(), req.String()) - } - return nil -} - -// limitRequestRatioConstraint enforces the limit to request ratio over the specified resource -func limitRequestRatioConstraint(limitType string, resourceName string, enforced resource.Quantity, request api.ResourceList, limit api.ResourceList) error { - req, reqExists := request[api.ResourceName(resourceName)] - lim, limExists := limit[api.ResourceName(resourceName)] - observedReqValue, observedLimValue, _ := requestLimitEnforcedValues(req, lim, enforced) - - if !reqExists || (observedReqValue == int64(0)) { - return fmt.Errorf("%s max limit to request ratio per %s is %s, but no request is specified or request is 0", resourceName, limitType, enforced.String()) - } - if !limExists || (observedLimValue == int64(0)) { - return fmt.Errorf("%s max limit to request ratio per %s is %s, but no limit is specified or limit is 0", resourceName, limitType, enforced.String()) - } - - observedRatio := float64(observedLimValue) / float64(observedReqValue) - displayObservedRatio := observedRatio - maxLimitRequestRatio := float64(enforced.Value()) - if enforced.Value() <= resource.MaxMilliValue { - observedRatio = observedRatio * 1000 - maxLimitRequestRatio = float64(enforced.MilliValue()) - } - - if observedRatio > maxLimitRequestRatio { - return fmt.Errorf("%s max limit to request ratio per %s is %s, but provided ratio is %f", resourceName, limitType, enforced.String(), displayObservedRatio) - } - - return nil -} - -// sum takes the total of each named resource across all inputs -// if a key is not in each input, then the output resource list will omit the key -func sum(inputs []api.ResourceList) api.ResourceList { - result := api.ResourceList{} - keys := []api.ResourceName{} - for i := range inputs { - for k := range inputs[i] { - keys = append(keys, k) - } - } - for _, key := range keys { - total, isSet := int64(0), true - - for i := range inputs { - input := inputs[i] - v, exists := input[key] - if exists { - if key == api.ResourceCPU { - total = total + v.MilliValue() - } else { - total = total + v.Value() - } - } else { - isSet = false - } - } - - if isSet { - if key == api.ResourceCPU { - result[key] = *(resource.NewMilliQuantity(total, resource.DecimalSI)) - } else { - result[key] = *(resource.NewQuantity(total, resource.DecimalSI)) - } - - } - } - return result -} - -// DefaultLimitRangerActions is the default implementation of LimitRangerActions. -type DefaultLimitRangerActions struct{} - -// ensure DefaultLimitRangerActions implements the LimitRangerActions interface. -var _ LimitRangerActions = &DefaultLimitRangerActions{} - -// MutateLimit enforces resource requirements of incoming resources -// against enumerated constraints on the LimitRange. It may modify -// the incoming object to apply default resource requirements if not -// specified, and enumerated on the LimitRange -func (d *DefaultLimitRangerActions) MutateLimit(limitRange *corev1.LimitRange, resourceName string, obj runtime.Object) error { - switch resourceName { - case "pods": - return PodMutateLimitFunc(limitRange, obj.(*api.Pod)) - } - return nil -} - -// ValidateLimit verifies the resource requirements of incoming -// resources against enumerated constraints on the LimitRange are -// valid -func (d *DefaultLimitRangerActions) ValidateLimit(limitRange *corev1.LimitRange, resourceName string, obj runtime.Object) error { - switch resourceName { - case "pods": - return PodValidateLimitFunc(limitRange, obj.(*api.Pod)) - case "persistentvolumeclaims": - return PersistentVolumeClaimValidateLimitFunc(limitRange, obj.(*api.PersistentVolumeClaim)) - } - return nil -} - -// SupportsAttributes ignores all calls that do not deal with pod resources or storage requests (PVCs). -// Also ignores any call that has a subresource defined. -func (d *DefaultLimitRangerActions) SupportsAttributes(a admission.Attributes) bool { - if a.GetSubresource() != "" { - return false - } - - // Since containers and initContainers cannot currently be added, removed, or updated, it is unnecessary - // to mutate and validate limitrange on pod updates. Trying to mutate containers or initContainers on a pod - // update request will always fail pod validation because those fields are immutable once the object is created. - if a.GetKind().GroupKind() == api.Kind("Pod") && a.GetOperation() == admission.Update { - return false - } - - return a.GetKind().GroupKind() == api.Kind("Pod") || a.GetKind().GroupKind() == api.Kind("PersistentVolumeClaim") -} - -// SupportsLimit always returns true. -func (d *DefaultLimitRangerActions) SupportsLimit(limitRange *corev1.LimitRange) bool { - return true -} - -// PersistentVolumeClaimValidateLimitFunc enforces storage limits for PVCs. -// Users request storage via pvc.Spec.Resources.Requests. Min/Max is enforced by an admin with LimitRange. -// Claims will not be modified with default values because storage is a required part of pvc.Spec. -// All storage enforced values *only* apply to pvc.Spec.Resources.Requests. -func PersistentVolumeClaimValidateLimitFunc(limitRange *corev1.LimitRange, pvc *api.PersistentVolumeClaim) error { - var errs []error - for i := range limitRange.Spec.Limits { - limit := limitRange.Spec.Limits[i] - limitType := limit.Type - if limitType == corev1.LimitTypePersistentVolumeClaim { - for k, v := range limit.Min { - // normal usage of minConstraint. pvc.Spec.Resources.Limits is not recognized as user input - if err := minConstraint(string(limitType), string(k), v, pvc.Spec.Resources.Requests, api.ResourceList{}); err != nil { - errs = append(errs, err) - } - } - for k, v := range limit.Max { - // We want to enforce the max of the LimitRange against what - // the user requested. - if err := maxRequestConstraint(string(limitType), string(k), v, pvc.Spec.Resources.Requests); err != nil { - errs = append(errs, err) - } - } - } - } - return utilerrors.NewAggregate(errs) -} - -// PodMutateLimitFunc sets resource requirements enumerated by the pod against -// the specified LimitRange. The pod may be modified to apply default resource -// requirements if not specified, and enumerated on the LimitRange -func PodMutateLimitFunc(limitRange *corev1.LimitRange, pod *api.Pod) error { - defaultResources := defaultContainerResourceRequirements(limitRange) - mergePodResourceRequirements(pod, &defaultResources) - return nil -} - -// PodValidateLimitFunc enforces resource requirements enumerated by the pod against -// the specified LimitRange. -func PodValidateLimitFunc(limitRange *corev1.LimitRange, pod *api.Pod) error { - var errs []error - - for i := range limitRange.Spec.Limits { - limit := limitRange.Spec.Limits[i] - limitType := limit.Type - // enforce container limits - if limitType == corev1.LimitTypeContainer { - for j := range pod.Spec.Containers { - container := &pod.Spec.Containers[j] - for k, v := range limit.Min { - if err := minConstraint(string(limitType), string(k), v, container.Resources.Requests, container.Resources.Limits); err != nil { - errs = append(errs, err) - } - } - for k, v := range limit.Max { - if err := maxConstraint(string(limitType), string(k), v, container.Resources.Requests, container.Resources.Limits); err != nil { - errs = append(errs, err) - } - } - for k, v := range limit.MaxLimitRequestRatio { - if err := limitRequestRatioConstraint(string(limitType), string(k), v, container.Resources.Requests, container.Resources.Limits); err != nil { - errs = append(errs, err) - } - } - } - for j := range pod.Spec.InitContainers { - container := &pod.Spec.InitContainers[j] - for k, v := range limit.Min { - if err := minConstraint(string(limitType), string(k), v, container.Resources.Requests, container.Resources.Limits); err != nil { - errs = append(errs, err) - } - } - for k, v := range limit.Max { - if err := maxConstraint(string(limitType), string(k), v, container.Resources.Requests, container.Resources.Limits); err != nil { - errs = append(errs, err) - } - } - for k, v := range limit.MaxLimitRequestRatio { - if err := limitRequestRatioConstraint(string(limitType), string(k), v, container.Resources.Requests, container.Resources.Limits); err != nil { - errs = append(errs, err) - } - } - } - } - - // enforce pod limits on init containers - if limitType == corev1.LimitTypePod { - containerRequests, containerLimits := []api.ResourceList{}, []api.ResourceList{} - for j := range pod.Spec.Containers { - container := &pod.Spec.Containers[j] - containerRequests = append(containerRequests, container.Resources.Requests) - containerLimits = append(containerLimits, container.Resources.Limits) - } - podRequests := sum(containerRequests) - podLimits := sum(containerLimits) - for j := range pod.Spec.InitContainers { - container := &pod.Spec.InitContainers[j] - // take max(sum_containers, any_init_container) - for k, v := range container.Resources.Requests { - if v2, ok := podRequests[k]; ok { - if v.Cmp(v2) > 0 { - podRequests[k] = v - } - } else { - podRequests[k] = v - } - } - for k, v := range container.Resources.Limits { - if v2, ok := podLimits[k]; ok { - if v.Cmp(v2) > 0 { - podLimits[k] = v - } - } else { - podLimits[k] = v - } - } - } - for k, v := range limit.Min { - if err := minConstraint(string(limitType), string(k), v, podRequests, podLimits); err != nil { - errs = append(errs, err) - } - } - for k, v := range limit.Max { - if err := maxConstraint(string(limitType), string(k), v, podRequests, podLimits); err != nil { - errs = append(errs, err) - } - } - for k, v := range limit.MaxLimitRequestRatio { - if err := limitRequestRatioConstraint(string(limitType), string(k), v, podRequests, podLimits); err != nil { - errs = append(errs, err) - } - } - } - } - return utilerrors.NewAggregate(errs) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/interfaces.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/interfaces.go deleted file mode 100644 index 35b6ce8c6f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/limitranger/interfaces.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package limitranger - -import ( - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/admission" -) - -// LimitRangerActions is an interface defining actions to be carried over ranges to identify and manipulate their limits -type LimitRangerActions interface { - // MutateLimit is a pluggable function to set limits on the object. - MutateLimit(limitRange *corev1.LimitRange, kind string, obj runtime.Object) error - // ValidateLimits is a pluggable function to enforce limits on the object. - ValidateLimit(limitRange *corev1.LimitRange, kind string, obj runtime.Object) error - // SupportsAttributes is a pluggable function to allow overridding what resources the limitranger - // supports. - SupportsAttributes(attr admission.Attributes) bool - // SupportsLimit is a pluggable function to allow ignoring limits that should not be applied - // for any reason. - SupportsLimit(limitRange *corev1.LimitRange) bool -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision/admission.go deleted file mode 100644 index 6d5eb0bd8e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision/admission.go +++ /dev/null @@ -1,129 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package autoprovision - -import ( - "context" - "fmt" - "io" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// PluginName indicates name of admission plugin. -const PluginName = "NamespaceAutoProvision" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewProvision(), nil - }) -} - -// Provision is an implementation of admission.Interface. -// It looks at all incoming requests in a namespace context, and if the namespace does not exist, it creates one. -// It is useful in deployments that do not want to restrict creation of a namespace prior to its usage. -type Provision struct { - *admission.Handler - client kubernetes.Interface - namespaceLister corev1listers.NamespaceLister -} - -var _ admission.MutationInterface = &Provision{} -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&Provision{}) -var _ = genericadmissioninitializer.WantsExternalKubeClientSet(&Provision{}) - -// Admit makes an admission decision based on the request attributes -func (p *Provision) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - // Don't create a namespace if the request is for a dry-run. - if a.IsDryRun() { - return nil - } - - // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do - // if we're here, then the API server has found a route, which means that if we have a non-empty namespace - // its a namespaced resource. - if len(a.GetNamespace()) == 0 || a.GetKind().GroupKind() == api.Kind("Namespace") { - return nil - } - // we need to wait for our caches to warm - if !p.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - - _, err := p.namespaceLister.Get(a.GetNamespace()) - if err == nil { - return nil - } - - if !errors.IsNotFound(err) { - return admission.NewForbidden(a, err) - } - - namespace := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: a.GetNamespace(), - Namespace: "", - }, - Status: corev1.NamespaceStatus{}, - } - - _, err = p.client.CoreV1().Namespaces().Create(context.TODO(), namespace, metav1.CreateOptions{}) - if err != nil && !errors.IsAlreadyExists(err) { - return admission.NewForbidden(a, err) - } - - return nil -} - -// NewProvision creates a new namespace provision admission control handler -func NewProvision() *Provision { - return &Provision{ - Handler: admission.NewHandler(admission.Create), - } -} - -// SetExternalKubeClientSet implements the WantsExternalKubeClientSet interface. -func (p *Provision) SetExternalKubeClientSet(client kubernetes.Interface) { - p.client = client -} - -// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface. -func (p *Provision) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - namespaceInformer := f.Core().V1().Namespaces() - p.namespaceLister = namespaceInformer.Lister() - p.SetReadyFunc(namespaceInformer.Informer().HasSynced) -} - -// ValidateInitialization implements the InitializationValidator interface. -func (p *Provision) ValidateInitialization() error { - if p.namespaceLister == nil { - return fmt.Errorf("missing namespaceLister") - } - if p.client == nil { - return fmt.Errorf("missing client") - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/namespace/exists/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/namespace/exists/admission.go deleted file mode 100644 index a70be147ce..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/namespace/exists/admission.go +++ /dev/null @@ -1,118 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exists - -import ( - "context" - "fmt" - "io" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - informers "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// PluginName indicates name of admission plugin. -const PluginName = "NamespaceExists" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewExists(), nil - }) -} - -// Exists is an implementation of admission.Interface. -// It rejects all incoming requests in a namespace context if the namespace does not exist. -// It is useful in deployments that want to enforce pre-declaration of a Namespace resource. -type Exists struct { - *admission.Handler - client kubernetes.Interface - namespaceLister corev1listers.NamespaceLister -} - -var _ admission.ValidationInterface = &Exists{} -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&Exists{}) -var _ = genericadmissioninitializer.WantsExternalKubeClientSet(&Exists{}) - -// Validate makes an admission decision based on the request attributes -func (e *Exists) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - // if we're here, then we've already passed authentication, so we're allowed to do what we're trying to do - // if we're here, then the API server has found a route, which means that if we have a non-empty namespace - // its a namespaced resource. - if len(a.GetNamespace()) == 0 || a.GetKind().GroupKind() == api.Kind("Namespace") { - return nil - } - - // we need to wait for our caches to warm - if !e.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - _, err := e.namespaceLister.Get(a.GetNamespace()) - if err == nil { - return nil - } - if !errors.IsNotFound(err) { - return errors.NewInternalError(err) - } - - // in case of latency in our caches, make a call direct to storage to verify that it truly exists or not - _, err = e.client.CoreV1().Namespaces().Get(context.TODO(), a.GetNamespace(), metav1.GetOptions{}) - if err != nil { - if errors.IsNotFound(err) { - return err - } - return errors.NewInternalError(err) - } - - return nil -} - -// NewExists creates a new namespace exists admission control handler -func NewExists() *Exists { - return &Exists{ - Handler: admission.NewHandler(admission.Create, admission.Update, admission.Delete), - } -} - -// SetExternalKubeClientSet implements the WantsExternalKubeClientSet interface. -func (e *Exists) SetExternalKubeClientSet(client kubernetes.Interface) { - e.client = client -} - -// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface. -func (e *Exists) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - namespaceInformer := f.Core().V1().Namespaces() - e.namespaceLister = namespaceInformer.Lister() - e.SetReadyFunc(namespaceInformer.Informer().HasSynced) -} - -// ValidateInitialization implements the InitializationValidator interface. -func (e *Exists) ValidateInitialization() error { - if e.namespaceLister == nil { - return fmt.Errorf("missing namespaceLister") - } - if e.client == nil { - return fmt.Errorf("missing client") - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/network/defaultingressclass/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/network/defaultingressclass/admission.go deleted file mode 100644 index 7feb37ae76..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/network/defaultingressclass/admission.go +++ /dev/null @@ -1,156 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package defaultingressclass - -import ( - "context" - "fmt" - "io" - "sort" - - networkingv1 "k8s.io/api/networking/v1" - networkingv1beta1 "k8s.io/api/networking/v1beta1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - networkingv1listers "k8s.io/client-go/listers/networking/v1" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/apis/networking" -) - -const ( - // PluginName is the name of this admission controller plugin - PluginName = "DefaultIngressClass" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - plugin := newPlugin() - return plugin, nil - }) -} - -// classDefaulterPlugin holds state for and implements the admission plugin. -type classDefaulterPlugin struct { - *admission.Handler - lister networkingv1listers.IngressClassLister -} - -var _ admission.Interface = &classDefaulterPlugin{} -var _ admission.MutationInterface = &classDefaulterPlugin{} -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&classDefaulterPlugin{}) - -// newPlugin creates a new admission plugin. -func newPlugin() *classDefaulterPlugin { - return &classDefaulterPlugin{ - Handler: admission.NewHandler(admission.Create), - } -} - -// SetExternalKubeInformerFactory sets a lister and readyFunc for this -// classDefaulterPlugin using the provided SharedInformerFactory. -func (a *classDefaulterPlugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - informer := f.Networking().V1().IngressClasses() - a.lister = informer.Lister() - a.SetReadyFunc(informer.Informer().HasSynced) -} - -// ValidateInitialization ensures lister is set. -func (a *classDefaulterPlugin) ValidateInitialization() error { - if a.lister == nil { - return fmt.Errorf("missing lister") - } - return nil -} - -// Admit sets the default value of a Ingress's class if the user did not specify -// a class. -func (a *classDefaulterPlugin) Admit(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error { - if attr.GetResource().GroupResource() != networkingv1.Resource("ingresses") { - return nil - } - - if len(attr.GetSubresource()) != 0 { - return nil - } - - ingress, ok := attr.GetObject().(*networking.Ingress) - // if we can't convert then we don't handle this object so just return - if !ok { - klog.V(3).Infof("Expected Ingress resource, got: %v", attr.GetKind()) - return errors.NewInternalError(fmt.Errorf("Expected Ingress resource, got: %v", attr.GetKind())) - } - - // IngressClassName field has been set, no need to set a default value. - if ingress.Spec.IngressClassName != nil { - return nil - } - - // Ingress class annotation has been set, no need to set a default value. - if _, ok := ingress.Annotations[networkingv1beta1.AnnotationIngressClass]; ok { - return nil - } - - klog.V(4).Infof("No class specified on Ingress %s", ingress.Name) - - defaultClass, err := getDefaultClass(a.lister) - if err != nil { - return admission.NewForbidden(attr, err) - } - - // No default class specified, no need to set a default value. - if defaultClass == nil { - return nil - } - - klog.V(4).Infof("Defaulting class for Ingress %s to %s", ingress.Name, defaultClass.Name) - ingress.Spec.IngressClassName = &defaultClass.Name - return nil -} - -// getDefaultClass returns the default IngressClass from the store, or nil. -func getDefaultClass(lister networkingv1listers.IngressClassLister) (*networkingv1.IngressClass, error) { - list, err := lister.List(labels.Everything()) - if err != nil { - return nil, err - } - - defaultClasses := []*networkingv1.IngressClass{} - for _, class := range list { - if class.Annotations[networkingv1.AnnotationIsDefaultIngressClass] == "true" { - defaultClasses = append(defaultClasses, class) - } - } - - if len(defaultClasses) == 0 { - return nil, nil - } - sort.Slice(defaultClasses, func(i, j int) bool { - if defaultClasses[i].CreationTimestamp.UnixNano() == defaultClasses[j].CreationTimestamp.UnixNano() { - return defaultClasses[i].Name < defaultClasses[j].Name - } - return defaultClasses[i].CreationTimestamp.UnixNano() > defaultClasses[j].CreationTimestamp.UnixNano() - }) - if len(defaultClasses) > 1 { - klog.V(4).Infof("%d default IngressClasses were found, choosing the newest: %s", len(defaultClasses), defaultClasses[0].Name) - } - - return defaultClasses[0], nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/network/denyserviceexternalips/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/network/denyserviceexternalips/admission.go deleted file mode 100644 index 0a93307991..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/network/denyserviceexternalips/admission.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package denyserviceexternalips - -import ( - "context" - "fmt" - "io" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apiserver/pkg/admission" - "k8s.io/klog/v2" - "k8s.io/kubernetes/pkg/apis/core" -) - -const ( - // PluginName is the name of this admission controller plugin - PluginName = "DenyServiceExternalIPs" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - plugin := newPlugin() - return plugin, nil - }) -} - -// externalIPsDenierPlugin holds state for and implements the admission plugin. -type externalIPsDenierPlugin struct { - *admission.Handler -} - -var _ admission.Interface = &externalIPsDenierPlugin{} -var _ admission.ValidationInterface = &externalIPsDenierPlugin{} - -// newPlugin creates a new admission plugin. -func newPlugin() *externalIPsDenierPlugin { - return &externalIPsDenierPlugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - } -} - -// Admit ensures that modifications of the Service.Spec.ExternalIPs field are -// denied -func (plug *externalIPsDenierPlugin) Validate(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error { - if attr.GetResource().GroupResource() != core.Resource("services") { - return nil - } - - if len(attr.GetSubresource()) != 0 { - return nil - } - - // if we can't convert then we don't handle this object so just return - newSvc, ok := attr.GetObject().(*core.Service) - if !ok { - klog.V(3).Infof("Expected Service resource, got: %v", attr.GetKind()) - return errors.NewInternalError(fmt.Errorf("Expected Service resource, got: %v", attr.GetKind())) - } - - var oldSvc *core.Service - if old := attr.GetOldObject(); old != nil { - tmp, ok := old.(*core.Service) - if !ok { - klog.V(3).Infof("Expected Service resource, got: %v", attr.GetKind()) - return errors.NewInternalError(fmt.Errorf("Expected Service resource, got: %v", attr.GetKind())) - } - oldSvc = tmp - } - - if isSubset(newSvc, oldSvc) { - return nil - } - - klog.V(4).Infof("Denying new use of ExternalIPs on Service %s/%s", newSvc.Namespace, newSvc.Name) - return admission.NewForbidden(attr, fmt.Errorf("Use of external IPs is denied by admission control")) -} - -func isSubset(newSvc, oldSvc *core.Service) bool { - // If new has none, it's a subset. - if len(newSvc.Spec.ExternalIPs) == 0 { - return true - } - // If we have some but it's not an update, it's not a subset. - if oldSvc == nil { - return false - } - oldIPs := map[string]bool{} - for _, ip := range oldSvc.Spec.ExternalIPs { - oldIPs[ip] = true - } - // Every IP in newSvc must be in oldSvc - for _, ip := range newSvc.Spec.ExternalIPs { - if oldIPs[ip] == false { - return false - } - } - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/OWNERS deleted file mode 100644 index ff6413c7fc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-node-isolation-approvers -reviewers: - - sig-auth-node-isolation-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go deleted file mode 100644 index ee12bce0c2..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/noderestriction/admission.go +++ /dev/null @@ -1,589 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package noderestriction - -import ( - "context" - "fmt" - "io" - "strings" - - v1 "k8s.io/api/core/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/diff" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - apiserveradmission "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - corev1lister "k8s.io/client-go/listers/core/v1" - "k8s.io/component-base/featuregate" - kubeletapis "k8s.io/kubelet/pkg/apis" - podutil "k8s.io/kubernetes/pkg/api/pod" - authenticationapi "k8s.io/kubernetes/pkg/apis/authentication" - coordapi "k8s.io/kubernetes/pkg/apis/coordination" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/policy" - storage "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/auth/nodeidentifier" - "k8s.io/kubernetes/pkg/features" -) - -// PluginName is a string with the name of the plugin -const PluginName = "NodeRestriction" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewPlugin(nodeidentifier.NewDefaultNodeIdentifier()), nil - }) -} - -// NewPlugin creates a new NodeRestriction admission plugin. -// This plugin identifies requests from nodes -func NewPlugin(nodeIdentifier nodeidentifier.NodeIdentifier) *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update, admission.Delete), - nodeIdentifier: nodeIdentifier, - } -} - -// Plugin holds state for and implements the admission plugin. -type Plugin struct { - *admission.Handler - nodeIdentifier nodeidentifier.NodeIdentifier - podsGetter corev1lister.PodLister - nodesGetter corev1lister.NodeLister - - expansionRecoveryEnabled bool -} - -var ( - _ admission.Interface = &Plugin{} - _ apiserveradmission.WantsExternalKubeInformerFactory = &Plugin{} - _ apiserveradmission.WantsFeatures = &Plugin{} -) - -// InspectFeatureGates allows setting bools without taking a dep on a global variable -func (p *Plugin) InspectFeatureGates(featureGates featuregate.FeatureGate) { - p.expansionRecoveryEnabled = featureGates.Enabled(features.RecoverVolumeExpansionFailure) -} - -// SetExternalKubeInformerFactory registers an informer factory into Plugin -func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - p.podsGetter = f.Core().V1().Pods().Lister() - p.nodesGetter = f.Core().V1().Nodes().Lister() -} - -// ValidateInitialization validates the Plugin was initialized properly -func (p *Plugin) ValidateInitialization() error { - if p.nodeIdentifier == nil { - return fmt.Errorf("%s requires a node identifier", PluginName) - } - if p.podsGetter == nil { - return fmt.Errorf("%s requires a pod getter", PluginName) - } - if p.nodesGetter == nil { - return fmt.Errorf("%s requires a node getter", PluginName) - } - return nil -} - -var ( - podResource = api.Resource("pods") - nodeResource = api.Resource("nodes") - pvcResource = api.Resource("persistentvolumeclaims") - svcacctResource = api.Resource("serviceaccounts") - leaseResource = coordapi.Resource("leases") - csiNodeResource = storage.Resource("csinodes") -) - -// Admit checks the admission policy and triggers corresponding actions -func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - nodeName, isNode := p.nodeIdentifier.NodeIdentity(a.GetUserInfo()) - - // Our job is just to restrict nodes - if !isNode { - return nil - } - - if len(nodeName) == 0 { - // disallow requests we cannot match to a particular node - return admission.NewForbidden(a, fmt.Errorf("could not determine node from user %q", a.GetUserInfo().GetName())) - } - - // TODO: if node doesn't exist and this isn't a create node request, then reject. - - switch a.GetResource().GroupResource() { - case podResource: - switch a.GetSubresource() { - case "": - return p.admitPod(nodeName, a) - case "status": - return p.admitPodStatus(nodeName, a) - case "eviction": - return p.admitPodEviction(nodeName, a) - default: - return admission.NewForbidden(a, fmt.Errorf("unexpected pod subresource %q, only 'status' and 'eviction' are allowed", a.GetSubresource())) - } - - case nodeResource: - return p.admitNode(nodeName, a) - - case pvcResource: - switch a.GetSubresource() { - case "status": - return p.admitPVCStatus(nodeName, a) - default: - return admission.NewForbidden(a, fmt.Errorf("may only update PVC status")) - } - - case svcacctResource: - return p.admitServiceAccount(nodeName, a) - - case leaseResource: - return p.admitLease(nodeName, a) - - case csiNodeResource: - return p.admitCSINode(nodeName, a) - - default: - return nil - } -} - -// admitPod allows creating or deleting a pod if it is assigned to the -// current node and fulfills related criteria. -func (p *Plugin) admitPod(nodeName string, a admission.Attributes) error { - switch a.GetOperation() { - case admission.Create: - return p.admitPodCreate(nodeName, a) - - case admission.Delete: - // get the existing pod - existingPod, err := p.podsGetter.Pods(a.GetNamespace()).Get(a.GetName()) - if errors.IsNotFound(err) { - return err - } - if err != nil { - return admission.NewForbidden(a, err) - } - // only allow a node to delete a pod bound to itself - if existingPod.Spec.NodeName != nodeName { - return admission.NewForbidden(a, fmt.Errorf("node %q can only delete pods with spec.nodeName set to itself", nodeName)) - } - return nil - - default: - return admission.NewForbidden(a, fmt.Errorf("unexpected operation %q, node %q can only create and delete mirror pods", a.GetOperation(), nodeName)) - } -} - -func (p *Plugin) admitPodCreate(nodeName string, a admission.Attributes) error { - // require a pod object - pod, ok := a.GetObject().(*api.Pod) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - - // only allow nodes to create mirror pods - if _, isMirrorPod := pod.Annotations[api.MirrorPodAnnotationKey]; !isMirrorPod { - return admission.NewForbidden(a, fmt.Errorf("pod does not have %q annotation, node %q can only create mirror pods", api.MirrorPodAnnotationKey, nodeName)) - } - - // only allow nodes to create a pod bound to itself - if pod.Spec.NodeName != nodeName { - return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with spec.nodeName set to itself", nodeName)) - } - if len(pod.OwnerReferences) > 1 { - return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with a single owner reference set to itself", nodeName)) - } - if len(pod.OwnerReferences) == 0 { - return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with an owner reference set to itself", nodeName)) - } - if len(pod.OwnerReferences) == 1 { - owner := pod.OwnerReferences[0] - if owner.APIVersion != v1.SchemeGroupVersion.String() || - owner.Kind != "Node" || - owner.Name != nodeName { - return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with an owner reference set to itself", nodeName)) - } - if owner.Controller == nil || !*owner.Controller { - return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with a controller owner reference set to itself", nodeName)) - } - if owner.BlockOwnerDeletion != nil && *owner.BlockOwnerDeletion { - return admission.NewForbidden(a, fmt.Errorf("node %q must not set blockOwnerDeletion on an owner reference", nodeName)) - } - - // Verify the node UID. - node, err := p.nodesGetter.Get(nodeName) - if errors.IsNotFound(err) { - return err - } - if err != nil { - return admission.NewForbidden(a, fmt.Errorf("error looking up node %s to verify uid: %v", nodeName, err)) - } - if owner.UID != node.UID { - return admission.NewForbidden(a, fmt.Errorf("node %s UID mismatch: expected %s got %s", nodeName, owner.UID, node.UID)) - } - } - - // don't allow a node to create a pod that references any other API objects - if pod.Spec.ServiceAccountName != "" { - return admission.NewForbidden(a, fmt.Errorf("node %q can not create pods that reference a service account", nodeName)) - } - hasSecrets := false - podutil.VisitPodSecretNames(pod, func(name string) (shouldContinue bool) { hasSecrets = true; return false }, podutil.AllContainers) - if hasSecrets { - return admission.NewForbidden(a, fmt.Errorf("node %q can not create pods that reference secrets", nodeName)) - } - hasConfigMaps := false - podutil.VisitPodConfigmapNames(pod, func(name string) (shouldContinue bool) { hasConfigMaps = true; return false }, podutil.AllContainers) - if hasConfigMaps { - return admission.NewForbidden(a, fmt.Errorf("node %q can not create pods that reference configmaps", nodeName)) - } - for _, v := range pod.Spec.Volumes { - if v.PersistentVolumeClaim != nil { - return admission.NewForbidden(a, fmt.Errorf("node %q can not create pods that reference persistentvolumeclaims", nodeName)) - } - } - - return nil -} - -// admitPodStatus allows to update the status of a pod if it is -// assigned to the current node. -func (p *Plugin) admitPodStatus(nodeName string, a admission.Attributes) error { - switch a.GetOperation() { - case admission.Update: - // require an existing pod - oldPod, ok := a.GetOldObject().(*api.Pod) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetOldObject())) - } - // only allow a node to update status of a pod bound to itself - if oldPod.Spec.NodeName != nodeName { - return admission.NewForbidden(a, fmt.Errorf("node %q can only update pod status for pods with spec.nodeName set to itself", nodeName)) - } - newPod, ok := a.GetObject().(*api.Pod) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - if !labels.Equals(oldPod.Labels, newPod.Labels) { - return admission.NewForbidden(a, fmt.Errorf("node %q cannot update labels through pod status", nodeName)) - } - return nil - - default: - return admission.NewForbidden(a, fmt.Errorf("unexpected operation %q", a.GetOperation())) - } -} - -// admitPodEviction allows to evict a pod if it is assigned to the current node. -func (p *Plugin) admitPodEviction(nodeName string, a admission.Attributes) error { - switch a.GetOperation() { - case admission.Create: - // require eviction to an existing pod object - eviction, ok := a.GetObject().(*policy.Eviction) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - // use pod name from the admission attributes, if set, rather than from the submitted Eviction object - podName := a.GetName() - if len(podName) == 0 { - if len(eviction.Name) == 0 { - return admission.NewForbidden(a, fmt.Errorf("could not determine pod from request data")) - } - podName = eviction.Name - } - // get the existing pod - existingPod, err := p.podsGetter.Pods(a.GetNamespace()).Get(podName) - if errors.IsNotFound(err) { - return err - } - if err != nil { - return admission.NewForbidden(a, err) - } - // only allow a node to evict a pod bound to itself - if existingPod.Spec.NodeName != nodeName { - return admission.NewForbidden(a, fmt.Errorf("node %s can only evict pods with spec.nodeName set to itself", nodeName)) - } - return nil - - default: - return admission.NewForbidden(a, fmt.Errorf("unexpected operation %s", a.GetOperation())) - } -} - -func (p *Plugin) admitPVCStatus(nodeName string, a admission.Attributes) error { - switch a.GetOperation() { - case admission.Update: - oldPVC, ok := a.GetOldObject().(*api.PersistentVolumeClaim) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetOldObject())) - } - - newPVC, ok := a.GetObject().(*api.PersistentVolumeClaim) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - - // make copies for comparison - oldPVC = oldPVC.DeepCopy() - newPVC = newPVC.DeepCopy() - - // zero out resourceVersion to avoid comparing differences, - // since the new object could leave it empty to indicate an unconditional update - oldPVC.ObjectMeta.ResourceVersion = "" - newPVC.ObjectMeta.ResourceVersion = "" - - oldPVC.Status.Capacity = nil - newPVC.Status.Capacity = nil - - oldPVC.Status.Conditions = nil - newPVC.Status.Conditions = nil - - if p.expansionRecoveryEnabled { - oldPVC.Status.ResizeStatus = nil - newPVC.Status.ResizeStatus = nil - - oldPVC.Status.AllocatedResources = nil - newPVC.Status.AllocatedResources = nil - } - - // TODO(apelisse): We don't have a good mechanism to - // verify that only the things that should have changed - // have changed. Ignore it for now. - oldPVC.ObjectMeta.ManagedFields = nil - newPVC.ObjectMeta.ManagedFields = nil - - // ensure no metadata changed. nodes should not be able to relabel, add finalizers/owners, etc - if !apiequality.Semantic.DeepEqual(oldPVC, newPVC) { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to update fields other than status.capacity and status.conditions: %v", nodeName, diff.ObjectReflectDiff(oldPVC, newPVC))) - } - - return nil - - default: - return admission.NewForbidden(a, fmt.Errorf("unexpected operation %q", a.GetOperation())) - } -} - -func (p *Plugin) admitNode(nodeName string, a admission.Attributes) error { - requestedName := a.GetName() - - if requestedName != nodeName { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify node %q", nodeName, requestedName)) - } - - if a.GetOperation() == admission.Create { - node, ok := a.GetObject().(*api.Node) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - - // Don't allow a node to create its Node API object with the config source set. - // We scope node access to things listed in the Node.Spec, so allowing this would allow a view escalation. - if node.Spec.ConfigSource != nil { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to create pods with a non-nil configSource", nodeName)) - } - - // Don't allow a node to register with labels outside the allowed set. - // This would allow a node to add or modify its labels in a way that would let it steer privileged workloads to itself. - modifiedLabels := getModifiedLabels(node.Labels, nil) - if forbiddenLabels := p.getForbiddenLabels(modifiedLabels); len(forbiddenLabels) > 0 { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to set the following labels: %s", nodeName, strings.Join(forbiddenLabels.List(), ", "))) - } - } - - if a.GetOperation() == admission.Update { - node, ok := a.GetObject().(*api.Node) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - oldNode, ok := a.GetOldObject().(*api.Node) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - - // Don't allow a node to update the config source on its Node API object. - // We scope node access to things listed in the Node.Spec, so allowing this would allow a view escalation. - // We only do the check if the new node's configSource is non-nil; old kubelets might drop the field during a status update. - if node.Spec.ConfigSource != nil && !apiequality.Semantic.DeepEqual(node.Spec.ConfigSource, oldNode.Spec.ConfigSource) { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to update configSource to a new non-nil configSource", nodeName)) - } - - // Don't allow a node to update its own taints. This would allow a node to remove or modify its - // taints in a way that would let it steer disallowed workloads to itself. - if !apiequality.Semantic.DeepEqual(node.Spec.Taints, oldNode.Spec.Taints) { - return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to modify taints", nodeName)) - } - - // Don't allow a node to update labels outside the allowed set. - // This would allow a node to add or modify its labels in a way that would let it steer privileged workloads to itself. - modifiedLabels := getModifiedLabels(node.Labels, oldNode.Labels) - if forbiddenUpdateLabels := p.getForbiddenLabels(modifiedLabels); len(forbiddenUpdateLabels) > 0 { - return admission.NewForbidden(a, fmt.Errorf("is not allowed to modify labels: %s", strings.Join(forbiddenUpdateLabels.List(), ", "))) - } - } - - return nil -} - -// getModifiedLabels returns the set of label keys that are different between the two maps -func getModifiedLabels(a, b map[string]string) sets.String { - modified := sets.NewString() - for k, v1 := range a { - if v2, ok := b[k]; !ok || v1 != v2 { - modified.Insert(k) - } - } - for k, v1 := range b { - if v2, ok := a[k]; !ok || v1 != v2 { - modified.Insert(k) - } - } - return modified -} - -func isKubernetesLabel(key string) bool { - namespace := getLabelNamespace(key) - if namespace == "kubernetes.io" || strings.HasSuffix(namespace, ".kubernetes.io") { - return true - } - if namespace == "k8s.io" || strings.HasSuffix(namespace, ".k8s.io") { - return true - } - return false -} - -func getLabelNamespace(key string) string { - if parts := strings.SplitN(key, "/", 2); len(parts) == 2 { - return parts[0] - } - return "" -} - -// getForbiddenLabels returns the set of labels that may not be added, removed, or modified by the node on create or update. -func (p *Plugin) getForbiddenLabels(modifiedLabels sets.String) sets.String { - if len(modifiedLabels) == 0 { - return nil - } - - forbiddenLabels := sets.NewString() - for label := range modifiedLabels { - namespace := getLabelNamespace(label) - // forbid kubelets from setting node-restriction labels - if namespace == v1.LabelNamespaceNodeRestriction || strings.HasSuffix(namespace, "."+v1.LabelNamespaceNodeRestriction) { - forbiddenLabels.Insert(label) - } - // forbid kubelets from setting unknown kubernetes.io and k8s.io labels on update - if isKubernetesLabel(label) && !kubeletapis.IsKubeletLabel(label) { - // TODO: defer to label policy once available - forbiddenLabels.Insert(label) - } - } - return forbiddenLabels -} - -func (p *Plugin) admitServiceAccount(nodeName string, a admission.Attributes) error { - if a.GetOperation() != admission.Create { - return nil - } - if a.GetSubresource() != "token" { - return nil - } - tr, ok := a.GetObject().(*authenticationapi.TokenRequest) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - - // TokenRequests from a node must have a pod binding. That pod must be - // scheduled on the node. - ref := tr.Spec.BoundObjectRef - if ref == nil || - ref.APIVersion != "v1" || - ref.Kind != "Pod" || - ref.Name == "" { - return admission.NewForbidden(a, fmt.Errorf("node requested token not bound to a pod")) - } - if ref.UID == "" { - return admission.NewForbidden(a, fmt.Errorf("node requested token with a pod binding without a uid")) - } - pod, err := p.podsGetter.Pods(a.GetNamespace()).Get(ref.Name) - if errors.IsNotFound(err) { - return err - } - if err != nil { - return admission.NewForbidden(a, err) - } - if ref.UID != pod.UID { - return admission.NewForbidden(a, fmt.Errorf("the UID in the bound object reference (%s) does not match the UID in record. The object might have been deleted and then recreated", ref.UID)) - } - if pod.Spec.NodeName != nodeName { - return admission.NewForbidden(a, fmt.Errorf("node requested token bound to a pod scheduled on a different node")) - } - - return nil -} - -func (p *Plugin) admitLease(nodeName string, a admission.Attributes) error { - // the request must be against the system namespace reserved for node leases - if a.GetNamespace() != api.NamespaceNodeLease { - return admission.NewForbidden(a, fmt.Errorf("can only access leases in the %q system namespace", api.NamespaceNodeLease)) - } - - // the request must come from a node with the same name as the lease - if a.GetOperation() == admission.Create { - // a.GetName() won't return the name on create, so we drill down to the proposed object - lease, ok := a.GetObject().(*coordapi.Lease) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - if lease.Name != nodeName { - return admission.NewForbidden(a, fmt.Errorf("can only access node lease with the same name as the requesting node")) - } - } else { - if a.GetName() != nodeName { - return admission.NewForbidden(a, fmt.Errorf("can only access node lease with the same name as the requesting node")) - } - } - - return nil -} - -func (p *Plugin) admitCSINode(nodeName string, a admission.Attributes) error { - // the request must come from a node with the same name as the CSINode object - if a.GetOperation() == admission.Create { - // a.GetName() won't return the name on create, so we drill down to the proposed object - accessor, err := meta.Accessor(a.GetObject()) - if err != nil { - return admission.NewForbidden(a, fmt.Errorf("unable to access the object name")) - } - if accessor.GetName() != nodeName { - return admission.NewForbidden(a, fmt.Errorf("can only access CSINode with the same name as the requesting node")) - } - } else { - if a.GetName() != nodeName { - return admission.NewForbidden(a, fmt.Errorf("can only access CSINode with the same name as the requesting node")) - } - } - - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/nodetaint/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/nodetaint/admission.go deleted file mode 100644 index be9aecf5f3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/nodetaint/admission.go +++ /dev/null @@ -1,95 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package nodetaint - -import ( - "context" - "fmt" - "io" - - v1 "k8s.io/api/core/v1" - "k8s.io/apiserver/pkg/admission" - api "k8s.io/kubernetes/pkg/apis/core" -) - -const ( - // PluginName is the name of the plugin. - PluginName = "TaintNodesByCondition" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewPlugin(), nil - }) -} - -// NewPlugin creates a new NodeTaint admission plugin. -// This plugin identifies requests from nodes -func NewPlugin() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create), - } -} - -// Plugin holds state for and implements the admission plugin. -type Plugin struct { - *admission.Handler -} - -var ( - _ = admission.Interface(&Plugin{}) -) - -var ( - nodeResource = api.Resource("nodes") -) - -// Admit is the main function that checks node identity and adds taints as needed. -func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - // Our job is just to taint nodes. - if a.GetResource().GroupResource() != nodeResource || a.GetSubresource() != "" { - return nil - } - - node, ok := a.GetObject().(*api.Node) - if !ok { - return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject())) - } - - // Taint node with NotReady taint at creation. This is needed to make sure - // that nodes are added to the cluster with the NotReady taint. Otherwise, - // a new node may receive the taint with some delay causing pods to be - // scheduled on a not-ready node. Node controller will remove the taint - // when the node becomes ready. - addNotReadyTaint(node) - return nil -} - -func addNotReadyTaint(node *api.Node) { - notReadyTaint := api.Taint{ - Key: v1.TaintNodeNotReady, - Effect: api.TaintEffectNoSchedule, - } - for _, taint := range node.Spec.Taints { - if taint.MatchTaint(notReadyTaint) { - // the taint already exists. - return - } - } - node.Spec.Taints = append(node.Spec.Taints, notReadyTaint) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podnodeselector/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podnodeselector/admission.go deleted file mode 100644 index d2e4b14de7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podnodeselector/admission.go +++ /dev/null @@ -1,279 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podnodeselector - -import ( - "context" - "fmt" - "io" - "reflect" - - "k8s.io/klog/v2" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/util/yaml" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// NamespaceNodeSelectors is for assigning node selectors labels to -// namespaces. Default value is the annotation key -// scheduler.alpha.kubernetes.io/node-selector -var NamespaceNodeSelectors = []string{"scheduler.alpha.kubernetes.io/node-selector"} - -// PluginName is a string with the name of the plugin -const PluginName = "PodNodeSelector" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - // TODO move this to a versioned configuration file format. - pluginConfig := readConfig(config) - plugin := NewPodNodeSelector(pluginConfig.PodNodeSelectorPluginConfig) - return plugin, nil - }) -} - -// Plugin is an implementation of admission.Interface. -type Plugin struct { - *admission.Handler - client kubernetes.Interface - namespaceLister corev1listers.NamespaceLister - // global default node selector and namespace whitelists in a cluster. - clusterNodeSelectors map[string]string -} - -var _ = genericadmissioninitializer.WantsExternalKubeClientSet(&Plugin{}) -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&Plugin{}) - -type pluginConfig struct { - PodNodeSelectorPluginConfig map[string]string -} - -// readConfig reads default value of clusterDefaultNodeSelector -// from the file provided with --admission-control-config-file -// If the file is not supplied, it defaults to "" -// The format in a file: -// podNodeSelectorPluginConfig: -// -// clusterDefaultNodeSelector: <node-selectors-labels> -// namespace1: <node-selectors-labels> -// namespace2: <node-selectors-labels> -func readConfig(config io.Reader) *pluginConfig { - defaultConfig := &pluginConfig{} - if config == nil || reflect.ValueOf(config).IsNil() { - return defaultConfig - } - d := yaml.NewYAMLOrJSONDecoder(config, 4096) - for { - if err := d.Decode(defaultConfig); err != nil { - if err != io.EOF { - continue - } - } - break - } - return defaultConfig -} - -// Admit enforces that pod and its namespace node label selectors matches at least a node in the cluster. -func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - if shouldIgnore(a) { - return nil - } - if !p.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - - resource := a.GetResource().GroupResource() - pod := a.GetObject().(*api.Pod) - namespaceNodeSelector, err := p.getNamespaceNodeSelectorMap(a.GetNamespace()) - if err != nil { - return err - } - - if labels.Conflicts(namespaceNodeSelector, labels.Set(pod.Spec.NodeSelector)) { - return errors.NewForbidden(resource, pod.Name, fmt.Errorf("pod node label selector conflicts with its namespace node label selector")) - } - - // Merge pod node selector = namespace node selector + current pod node selector - // second selector wins - podNodeSelectorLabels := labels.Merge(namespaceNodeSelector, pod.Spec.NodeSelector) - pod.Spec.NodeSelector = map[string]string(podNodeSelectorLabels) - return p.Validate(ctx, a, o) -} - -// Validate ensures that the pod node selector is allowed -func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - if shouldIgnore(a) { - return nil - } - if !p.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - - resource := a.GetResource().GroupResource() - pod := a.GetObject().(*api.Pod) - - namespaceNodeSelector, err := p.getNamespaceNodeSelectorMap(a.GetNamespace()) - if err != nil { - return err - } - if labels.Conflicts(namespaceNodeSelector, labels.Set(pod.Spec.NodeSelector)) { - return errors.NewForbidden(resource, pod.Name, fmt.Errorf("pod node label selector conflicts with its namespace node label selector")) - } - - // whitelist verification - whitelist, err := labels.ConvertSelectorToLabelsMap(p.clusterNodeSelectors[a.GetNamespace()]) - if err != nil { - return err - } - if !isSubset(pod.Spec.NodeSelector, whitelist) { - return errors.NewForbidden(resource, pod.Name, fmt.Errorf("pod node label selector labels conflict with its namespace whitelist")) - } - - return nil -} - -func (p *Plugin) getNamespaceNodeSelectorMap(namespaceName string) (labels.Set, error) { - namespace, err := p.namespaceLister.Get(namespaceName) - if errors.IsNotFound(err) { - namespace, err = p.defaultGetNamespace(namespaceName) - if err != nil { - if errors.IsNotFound(err) { - return nil, err - } - return nil, errors.NewInternalError(err) - } - } else if err != nil { - return nil, errors.NewInternalError(err) - } - - return p.getNodeSelectorMap(namespace) -} - -func shouldIgnore(a admission.Attributes) bool { - resource := a.GetResource().GroupResource() - if resource != api.Resource("pods") { - return true - } - if a.GetSubresource() != "" { - // only run the checks below on pods proper and not subresources - return true - } - - _, ok := a.GetObject().(*api.Pod) - if !ok { - klog.Errorf("expected pod but got %s", a.GetKind().Kind) - return true - } - - return false -} - -// NewPodNodeSelector initializes a podNodeSelector -func NewPodNodeSelector(clusterNodeSelectors map[string]string) *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create), - clusterNodeSelectors: clusterNodeSelectors, - } -} - -// SetExternalKubeClientSet sets the plugin's client -func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface) { - p.client = client -} - -// SetExternalKubeInformerFactory configures the plugin's informer factory -func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - namespaceInformer := f.Core().V1().Namespaces() - p.namespaceLister = namespaceInformer.Lister() - p.SetReadyFunc(namespaceInformer.Informer().HasSynced) -} - -// ValidateInitialization verifies the object has been properly initialized -func (p *Plugin) ValidateInitialization() error { - if p.namespaceLister == nil { - return fmt.Errorf("missing namespaceLister") - } - if p.client == nil { - return fmt.Errorf("missing client") - } - return nil -} - -func (p *Plugin) defaultGetNamespace(name string) (*corev1.Namespace, error) { - namespace, err := p.client.CoreV1().Namespaces().Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - return nil, fmt.Errorf("namespace %s does not exist", name) - } - return namespace, nil -} - -func (p *Plugin) getNodeSelectorMap(namespace *corev1.Namespace) (labels.Set, error) { - selector := labels.Set{} - var err error - found := false - if len(namespace.ObjectMeta.Annotations) > 0 { - for _, annotation := range NamespaceNodeSelectors { - if ns, ok := namespace.ObjectMeta.Annotations[annotation]; ok { - labelsMap, err := labels.ConvertSelectorToLabelsMap(ns) - if err != nil { - return labels.Set{}, err - } - - if labels.Conflicts(selector, labelsMap) { - nsName := namespace.ObjectMeta.Name - return labels.Set{}, fmt.Errorf("%s annotations' node label selectors conflict", nsName) - } - selector = labels.Merge(selector, labelsMap) - found = true - } - } - } - if !found { - selector, err = labels.ConvertSelectorToLabelsMap(p.clusterNodeSelectors["clusterDefaultNodeSelector"]) - if err != nil { - return labels.Set{}, err - } - } - return selector, nil -} - -func isSubset(subSet, superSet labels.Set) bool { - if len(superSet) == 0 { - return true - } - - for k, v := range subSet { - value, ok := superSet[k] - if !ok { - return false - } - if value != v { - return false - } - } - return true -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/admission.go deleted file mode 100644 index 4e20ee9655..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/admission.go +++ /dev/null @@ -1,276 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podtolerationrestriction - -import ( - "context" - "encoding/json" - "fmt" - "io" - - "k8s.io/klog/v2" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - api "k8s.io/kubernetes/pkg/apis/core" - qoshelper "k8s.io/kubernetes/pkg/apis/core/helper/qos" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" - "k8s.io/kubernetes/pkg/util/tolerations" - pluginapi "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction" -) - -// PluginName is a string with the name of the plugin -const PluginName = "PodTolerationRestriction" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - pluginConfig, err := loadConfiguration(config) - if err != nil { - return nil, err - } - return NewPodTolerationsPlugin(pluginConfig), nil - }) -} - -// The annotation keys for default and whitelist of tolerations -const ( - NSDefaultTolerations string = "scheduler.alpha.kubernetes.io/defaultTolerations" - NSWLTolerations string = "scheduler.alpha.kubernetes.io/tolerationsWhitelist" -) - -var _ admission.MutationInterface = &Plugin{} -var _ admission.ValidationInterface = &Plugin{} -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&Plugin{}) -var _ = genericadmissioninitializer.WantsExternalKubeClientSet(&Plugin{}) - -// Plugin contains the client used by the admission controller -type Plugin struct { - *admission.Handler - client kubernetes.Interface - namespaceLister corev1listers.NamespaceLister - pluginConfig *pluginapi.Configuration -} - -// Admit checks the admission policy and triggers corresponding actions -func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - if shouldIgnore(a) { - return nil - } - - if !p.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - - pod := a.GetObject().(*api.Pod) - var extraTolerations []api.Toleration - if a.GetOperation() == admission.Create { - ts, err := p.getNamespaceDefaultTolerations(a.GetNamespace()) - if err != nil { - return err - } - - // If the namespace has not specified its default tolerations, - // fall back to cluster's default tolerations. - if ts == nil { - ts = p.pluginConfig.Default - } - - extraTolerations = ts - } - - if qoshelper.GetPodQOS(pod) != api.PodQOSBestEffort { - extraTolerations = append(extraTolerations, api.Toleration{ - Key: corev1.TaintNodeMemoryPressure, - Operator: api.TolerationOpExists, - Effect: api.TaintEffectNoSchedule, - }) - } - // Final merge of tolerations irrespective of pod type. - if len(extraTolerations) > 0 { - pod.Spec.Tolerations = tolerations.MergeTolerations(pod.Spec.Tolerations, extraTolerations) - } - return p.Validate(ctx, a, o) -} - -// Validate we can obtain a whitelist of tolerations -func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - if shouldIgnore(a) { - return nil - } - - if !p.WaitForReady() { - return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) - } - - // whitelist verification. - pod := a.GetObject().(*api.Pod) - if len(pod.Spec.Tolerations) > 0 { - whitelist, err := p.getNamespaceTolerationsWhitelist(a.GetNamespace()) - whitelistScope := "namespace" - if err != nil { - return err - } - - // If the namespace has not specified its tolerations whitelist, - // fall back to cluster's whitelist of tolerations. - if whitelist == nil { - whitelist = p.pluginConfig.Whitelist - whitelistScope = "cluster" - } - - if len(whitelist) > 0 { - // check if the merged pod tolerations satisfy its namespace whitelist - if !tolerations.VerifyAgainstWhitelist(pod.Spec.Tolerations, whitelist) { - return fmt.Errorf("pod tolerations (possibly merged with namespace default tolerations) conflict with its %s whitelist", whitelistScope) - } - } - } - - return nil -} - -func shouldIgnore(a admission.Attributes) bool { - resource := a.GetResource().GroupResource() - if resource != api.Resource("pods") { - return true - } - if a.GetSubresource() != "" { - // only run the checks below on pods proper and not subresources - return true - } - - obj := a.GetObject() - _, ok := obj.(*api.Pod) - if !ok { - klog.Errorf("expected pod but got %s", a.GetKind().Kind) - return true - } - - return false -} - -// NewPodTolerationsPlugin initializes a Plugin -func NewPodTolerationsPlugin(pluginConfig *pluginapi.Configuration) *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - pluginConfig: pluginConfig, - } -} - -// SetExternalKubeClientSet sets th client -func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface) { - p.client = client -} - -// SetExternalKubeInformerFactory initializes the Informer Factory -func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - namespaceInformer := f.Core().V1().Namespaces() - p.namespaceLister = namespaceInformer.Lister() - p.SetReadyFunc(namespaceInformer.Informer().HasSynced) - -} - -// ValidateInitialization checks the object is properly initialized -func (p *Plugin) ValidateInitialization() error { - if p.namespaceLister == nil { - return fmt.Errorf("missing namespaceLister") - } - if p.client == nil { - return fmt.Errorf("missing client") - } - return nil -} - -// in exceptional cases, this can result in two live calls, but once the cache catches up, that will stop. -func (p *Plugin) getNamespace(nsName string) (*corev1.Namespace, error) { - namespace, err := p.namespaceLister.Get(nsName) - if errors.IsNotFound(err) { - // in case of latency in our caches, make a call direct to storage to verify that it truly exists or not - namespace, err = p.client.CoreV1().Namespaces().Get(context.TODO(), nsName, metav1.GetOptions{}) - if err != nil { - if errors.IsNotFound(err) { - return nil, err - } - return nil, errors.NewInternalError(err) - } - } else if err != nil { - return nil, errors.NewInternalError(err) - } - - return namespace, nil -} - -func (p *Plugin) getNamespaceDefaultTolerations(nsName string) ([]api.Toleration, error) { - ns, err := p.getNamespace(nsName) - if err != nil { - return nil, err - } - return extractNSTolerations(ns, NSDefaultTolerations) -} - -func (p *Plugin) getNamespaceTolerationsWhitelist(nsName string) ([]api.Toleration, error) { - ns, err := p.getNamespace(nsName) - if err != nil { - return nil, err - } - return extractNSTolerations(ns, NSWLTolerations) -} - -// extractNSTolerations extracts default or whitelist of tolerations from -// following namespace annotations keys: "scheduler.alpha.kubernetes.io/defaultTolerations" -// and "scheduler.alpha.kubernetes.io/tolerationsWhitelist". If these keys are -// unset (nil), extractNSTolerations returns nil. If the value to these -// keys are set to empty, an empty toleration is returned, otherwise -// configured tolerations are returned. -func extractNSTolerations(ns *corev1.Namespace, key string) ([]api.Toleration, error) { - // if a namespace does not have any annotations - if len(ns.Annotations) == 0 { - return nil, nil - } - - // if NSWLTolerations or NSDefaultTolerations does not exist - if _, ok := ns.Annotations[key]; !ok { - return nil, nil - } - - // if value is set to empty - if len(ns.Annotations[key]) == 0 { - return []api.Toleration{}, nil - } - - var v1Tolerations []corev1.Toleration - err := json.Unmarshal([]byte(ns.Annotations[key]), &v1Tolerations) - if err != nil { - return nil, err - } - - ts := make([]api.Toleration, len(v1Tolerations)) - for i := range v1Tolerations { - if err := k8s_api_v1.Convert_v1_Toleration_To_core_Toleration(&v1Tolerations[i], &ts[i], nil); err != nil { - return nil, err - } - } - - return ts, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/OWNERS deleted file mode 100644 index 477188cc1d..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: -approvers: diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/doc.go deleted file mode 100644 index 1ea05752d4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package podtolerationrestriction // import "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/install/install.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/install/install.go deleted file mode 100644 index 3bd5deb158..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/install/install.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package install installs the experimental API group, making it available as -// an option to all of the API encoding/decoding machinery. -package install - -import ( - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - internalapi "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction" - versionedapi "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1" -) - -// Install registers the API group and adds types to a scheme -func Install(scheme *runtime.Scheme) { - utilruntime.Must(internalapi.AddToScheme(scheme)) - utilruntime.Must(versionedapi.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(versionedapi.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/register.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/register.go deleted file mode 100644 index 0360bf213b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/register.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podtolerationrestriction - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "podtolerationrestriction.admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -var ( - // SchemeBuilder is the scheme builder with scheme init functions to run for this API package - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = SchemeBuilder.AddToScheme -) - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Configuration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/types.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/types.go deleted file mode 100644 index d38c6e0613..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/types.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podtolerationrestriction - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the PodTolerationRestriction admission controller. -type Configuration struct { - metav1.TypeMeta - - // cluster level default tolerations - Default []api.Toleration - - // cluster level whitelist of tolerations - Whitelist []api.Toleration -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/defaults.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/defaults.go deleted file mode 100644 index a4733c3db6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/defaults.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import "k8s.io/apimachinery/pkg/runtime" - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/doc.go deleted file mode 100644 index 03571ab2bc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction -// +k8s:defaulter-gen=TypeMeta -// +groupName=podtolerationrestriction.admission.k8s.io - -// Package v1alpha1 is the v1alpha1 version of the API. -package v1alpha1 // import "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/register.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/register.go deleted file mode 100644 index 1744f0726b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "podtolerationrestriction.admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -var ( - // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. - // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. - - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Configuration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/types.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/types.go deleted file mode 100644 index 38277b59f4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/types.go +++ /dev/null @@ -1,35 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Configuration provides configuration for the PodTolerationRestriction admission controller. -type Configuration struct { - metav1.TypeMeta `json:",inline"` - - // cluster level default tolerations - Default []v1.Toleration `json:"default,omitempty"` - - // cluster level whitelist of tolerations - Whitelist []v1.Toleration `json:"whitelist,omitempty"` -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 9e20ef177a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,74 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/api/core/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" - podtolerationrestriction "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*Configuration)(nil), (*podtolerationrestriction.Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Configuration_To_podtolerationrestriction_Configuration(a.(*Configuration), b.(*podtolerationrestriction.Configuration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*podtolerationrestriction.Configuration)(nil), (*Configuration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_podtolerationrestriction_Configuration_To_v1alpha1_Configuration(a.(*podtolerationrestriction.Configuration), b.(*Configuration), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_Configuration_To_podtolerationrestriction_Configuration(in *Configuration, out *podtolerationrestriction.Configuration, s conversion.Scope) error { - out.Default = *(*[]core.Toleration)(unsafe.Pointer(&in.Default)) - out.Whitelist = *(*[]core.Toleration)(unsafe.Pointer(&in.Whitelist)) - return nil -} - -// Convert_v1alpha1_Configuration_To_podtolerationrestriction_Configuration is an autogenerated conversion function. -func Convert_v1alpha1_Configuration_To_podtolerationrestriction_Configuration(in *Configuration, out *podtolerationrestriction.Configuration, s conversion.Scope) error { - return autoConvert_v1alpha1_Configuration_To_podtolerationrestriction_Configuration(in, out, s) -} - -func autoConvert_podtolerationrestriction_Configuration_To_v1alpha1_Configuration(in *podtolerationrestriction.Configuration, out *Configuration, s conversion.Scope) error { - out.Default = *(*[]v1.Toleration)(unsafe.Pointer(&in.Default)) - out.Whitelist = *(*[]v1.Toleration)(unsafe.Pointer(&in.Whitelist)) - return nil -} - -// Convert_podtolerationrestriction_Configuration_To_v1alpha1_Configuration is an autogenerated conversion function. -func Convert_podtolerationrestriction_Configuration_To_v1alpha1_Configuration(in *podtolerationrestriction.Configuration, out *Configuration, s conversion.Scope) error { - return autoConvert_podtolerationrestriction_Configuration_To_v1alpha1_Configuration(in, out, s) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index 97d9704118..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,66 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Default != nil { - in, out := &in.Default, &out.Default - *out = make([]v1.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Whitelist != nil { - in, out := &in.Whitelist, &out.Whitelist - *out = make([]v1.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/validation/validation.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/validation/validation.go deleted file mode 100644 index 99a36ed3aa..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/validation/validation.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/kubernetes/pkg/apis/core/validation" - internalapi "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction" -) - -// ValidateConfiguration validates the configuration. -func ValidateConfiguration(config *internalapi.Configuration) error { - allErrs := field.ErrorList{} - fldpath := field.NewPath("podtolerationrestriction") - allErrs = append(allErrs, validation.ValidateTolerations(config.Default, fldpath.Child("default"))...) - allErrs = append(allErrs, validation.ValidateTolerations(config.Whitelist, fldpath.Child("whitelist"))...) - if len(allErrs) > 0 { - return fmt.Errorf("invalid config: %v", allErrs) - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/zz_generated.deepcopy.go deleted file mode 100644 index ded33ff4e8..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/zz_generated.deepcopy.go +++ /dev/null @@ -1,66 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package podtolerationrestriction - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" - core "k8s.io/kubernetes/pkg/apis/core" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Configuration) DeepCopyInto(out *Configuration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Default != nil { - in, out := &in.Default, &out.Default - *out = make([]core.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Whitelist != nil { - in, out := &in.Whitelist, &out.Whitelist - *out = make([]core.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Configuration. -func (in *Configuration) DeepCopy() *Configuration { - if in == nil { - return nil - } - out := new(Configuration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Configuration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/config.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/config.go deleted file mode 100644 index d5d954a50b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/config.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podtolerationrestriction - -import ( - "fmt" - "io" - "io/ioutil" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - internalapi "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction" - "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/install" - versionedapi "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1" - "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/validation" -) - -var ( - scheme = runtime.NewScheme() - codecs = serializer.NewCodecFactory(scheme) -) - -func init() { - install.Install(scheme) -} - -// LoadConfiguration loads the provided configuration. -func loadConfiguration(config io.Reader) (*internalapi.Configuration, error) { - // if no config is provided, return a default configuration - if config == nil { - externalConfig := &versionedapi.Configuration{} - scheme.Default(externalConfig) - internalConfig := &internalapi.Configuration{} - if err := scheme.Convert(externalConfig, internalConfig, nil); err != nil { - return nil, err - } - return internalConfig, nil - } - // we have a config so parse it. - data, err := ioutil.ReadAll(config) - if err != nil { - return nil, err - } - decoder := codecs.UniversalDecoder() - decodedObj, err := runtime.Decode(decoder, data) - if err != nil { - return nil, err - } - externalConfig, ok := decodedObj.(*internalapi.Configuration) - if !ok { - return nil, fmt.Errorf("unexpected type: %T", decodedObj) - } - - if err := validation.ValidateConfiguration(externalConfig); err != nil { - return nil, err - } - - return externalConfig, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/doc.go deleted file mode 100644 index 03976264c9..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/doc.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package podtolerationrestriction is a plugin that first verifies -// any conflict between a pod's tolerations and its namespace's -// tolerations, and rejects the pod if there's a conflict. If there's -// no conflict, the pod's tolerations are merged with its namespace's -// toleration. Resulting pod's tolerations are verified against its -// namespace's whitelist of tolerations. If the verification is -// successful, the pod is admitted otherwise rejected. If a namespace -// does not have associated default or whitelist of tolerations, then -// cluster level default or whitelist of tolerations are used instead -// if specified. Tolerations to a namespace are assigned via -// scheduler.alpha.kubernetes.io/defaultTolerations and -// scheduler.alpha.kubernetes.io/tolerationsWhitelist annotations -// keys. -package podtolerationrestriction // import "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/priority/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/priority/admission.go deleted file mode 100644 index 866fbf6451..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/priority/admission.go +++ /dev/null @@ -1,256 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package priority - -import ( - "context" - "fmt" - "io" - - apiv1 "k8s.io/api/core/v1" - schedulingv1 "k8s.io/api/scheduling/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializers "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - schedulingv1listers "k8s.io/client-go/listers/scheduling/v1" - "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/scheduling" -) - -const ( - // PluginName indicates name of admission plugin. - PluginName = "Priority" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewPlugin(), nil - }) -} - -// Plugin is an implementation of admission.Interface. -type Plugin struct { - *admission.Handler - client kubernetes.Interface - lister schedulingv1listers.PriorityClassLister -} - -var _ admission.MutationInterface = &Plugin{} -var _ admission.ValidationInterface = &Plugin{} -var _ = genericadmissioninitializers.WantsExternalKubeInformerFactory(&Plugin{}) -var _ = genericadmissioninitializers.WantsExternalKubeClientSet(&Plugin{}) - -// NewPlugin creates a new priority admission plugin. -func NewPlugin() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update, admission.Delete), - } -} - -// ValidateInitialization implements the InitializationValidator interface. -func (p *Plugin) ValidateInitialization() error { - if p.client == nil { - return fmt.Errorf("%s requires a client", PluginName) - } - if p.lister == nil { - return fmt.Errorf("%s requires a lister", PluginName) - } - return nil -} - -// SetExternalKubeClientSet implements the WantsInternalKubeClientSet interface. -func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface) { - p.client = client -} - -// SetExternalKubeInformerFactory implements the WantsInternalKubeInformerFactory interface. -func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - priorityInformer := f.Scheduling().V1().PriorityClasses() - p.lister = priorityInformer.Lister() - p.SetReadyFunc(priorityInformer.Informer().HasSynced) -} - -var ( - podResource = core.Resource("pods") - priorityClassResource = scheduling.Resource("priorityclasses") -) - -// Admit checks Pods and admits or rejects them. It also resolves the priority of pods based on their PriorityClass. -// Note that pod validation mechanism prevents update of a pod priority. -func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - operation := a.GetOperation() - // Ignore all calls to subresources - if len(a.GetSubresource()) != 0 { - return nil - } - switch a.GetResource().GroupResource() { - case podResource: - if operation == admission.Create || operation == admission.Update { - return p.admitPod(a) - } - return nil - - default: - return nil - } -} - -// Validate checks PriorityClasses and admits or rejects them. -func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - operation := a.GetOperation() - // Ignore all calls to subresources - if len(a.GetSubresource()) != 0 { - return nil - } - - switch a.GetResource().GroupResource() { - case priorityClassResource: - if operation == admission.Create || operation == admission.Update { - return p.validatePriorityClass(a) - } - return nil - - default: - return nil - } -} - -// admitPod makes sure a new pod does not set spec.Priority field. It also makes sure that the PriorityClassName exists if it is provided and resolves the pod priority from the PriorityClassName. -func (p *Plugin) admitPod(a admission.Attributes) error { - operation := a.GetOperation() - pod, ok := a.GetObject().(*core.Pod) - if !ok { - return errors.NewBadRequest("resource was marked with kind Pod but was unable to be converted") - } - - if operation == admission.Update { - oldPod, ok := a.GetOldObject().(*core.Pod) - if !ok { - return errors.NewBadRequest("resource was marked with kind Pod but was unable to be converted") - } - - // This admission plugin set pod.Spec.Priority on create. - // Ensure the existing priority is preserved on update. - // API validation prevents mutations to Priority and PriorityClassName, so any other changes will fail update validation and not be persisted. - if pod.Spec.Priority == nil && oldPod.Spec.Priority != nil { - pod.Spec.Priority = oldPod.Spec.Priority - } - if pod.Spec.PreemptionPolicy == nil && oldPod.Spec.PreemptionPolicy != nil { - pod.Spec.PreemptionPolicy = oldPod.Spec.PreemptionPolicy - } - return nil - } - - if operation == admission.Create { - var priority int32 - var preemptionPolicy *apiv1.PreemptionPolicy - if len(pod.Spec.PriorityClassName) == 0 { - var err error - var pcName string - pcName, priority, preemptionPolicy, err = p.getDefaultPriority() - if err != nil { - return fmt.Errorf("failed to get default priority class: %v", err) - } - pod.Spec.PriorityClassName = pcName - } else { - // Try resolving the priority class name. - pc, err := p.lister.Get(pod.Spec.PriorityClassName) - if err != nil { - if errors.IsNotFound(err) { - return admission.NewForbidden(a, fmt.Errorf("no PriorityClass with name %v was found", pod.Spec.PriorityClassName)) - } - - return fmt.Errorf("failed to get PriorityClass with name %s: %v", pod.Spec.PriorityClassName, err) - } - - priority = pc.Value - preemptionPolicy = pc.PreemptionPolicy - } - // if the pod contained a priority that differs from the one computed from the priority class, error - if pod.Spec.Priority != nil && *pod.Spec.Priority != priority { - return admission.NewForbidden(a, fmt.Errorf("the integer value of priority (%d) must not be provided in pod spec; priority admission controller computed %d from the given PriorityClass name", *pod.Spec.Priority, priority)) - } - pod.Spec.Priority = &priority - - var corePolicy core.PreemptionPolicy - if preemptionPolicy != nil { - corePolicy = core.PreemptionPolicy(*preemptionPolicy) - if pod.Spec.PreemptionPolicy != nil && *pod.Spec.PreemptionPolicy != corePolicy { - return admission.NewForbidden(a, fmt.Errorf("the string value of PreemptionPolicy (%s) must not be provided in pod spec; priority admission controller computed %s from the given PriorityClass name", *pod.Spec.PreemptionPolicy, corePolicy)) - } - pod.Spec.PreemptionPolicy = &corePolicy - } - } - return nil -} - -// validatePriorityClass ensures that the value field is not larger than the highest user definable priority. If the GlobalDefault is set, it ensures that there is no other PriorityClass whose GlobalDefault is set. -func (p *Plugin) validatePriorityClass(a admission.Attributes) error { - operation := a.GetOperation() - pc, ok := a.GetObject().(*scheduling.PriorityClass) - if !ok { - return errors.NewBadRequest("resource was marked with kind PriorityClass but was unable to be converted") - } - // If the new PriorityClass tries to be the default priority, make sure that no other priority class is marked as default. - if pc.GlobalDefault { - dpc, err := p.getDefaultPriorityClass() - if err != nil { - return fmt.Errorf("failed to get default priority class: %v", err) - } - if dpc != nil { - // Throw an error if a second default priority class is being created, or an existing priority class is being marked as default, while another default already exists. - if operation == admission.Create || (operation == admission.Update && dpc.GetName() != pc.GetName()) { - return admission.NewForbidden(a, fmt.Errorf("PriorityClass %v is already marked as default. Only one default can exist", dpc.GetName())) - } - } - } - return nil -} - -func (p *Plugin) getDefaultPriorityClass() (*schedulingv1.PriorityClass, error) { - list, err := p.lister.List(labels.Everything()) - if err != nil { - return nil, err - } - // In case more than one global default priority class is added as a result of a race condition, - // we pick the one with the lowest priority value. - var defaultPC *schedulingv1.PriorityClass - for _, pci := range list { - if pci.GlobalDefault { - if defaultPC == nil || defaultPC.Value > pci.Value { - defaultPC = pci - } - } - } - return defaultPC, nil -} - -func (p *Plugin) getDefaultPriority() (string, int32, *apiv1.PreemptionPolicy, error) { - dpc, err := p.getDefaultPriorityClass() - if err != nil { - return "", 0, nil, err - } - if dpc != nil { - return dpc.Name, dpc.Value, dpc.PreemptionPolicy, nil - } - preemptLowerPriority := apiv1.PreemptLowerPriority - return "", int32(scheduling.DefaultPriorityWhenNoDefaultClassExists), &preemptLowerPriority, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/runtimeclass/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/runtimeclass/OWNERS deleted file mode 100644 index f86c001ed3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/runtimeclass/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - tallclair -reviewers: [] diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/runtimeclass/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/runtimeclass/admission.go deleted file mode 100644 index ed2e8b1343..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/runtimeclass/admission.go +++ /dev/null @@ -1,246 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package runtimeclass contains an admission controller for modifying and validating new Pods to -// take RuntimeClass into account. For RuntimeClass definitions which describe an overhead associated -// with running a pod, this admission controller will set the pod.Spec.Overhead field accordingly. This -// field should only be set through this controller, so validation will be carried out to ensure the pod's -// value matches what is defined in the coresponding RuntimeClass. -package runtimeclass - -import ( - "context" - "fmt" - "io" - - nodev1 "k8s.io/api/node/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitailizer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - nodev1client "k8s.io/client-go/kubernetes/typed/node/v1" - nodev1listers "k8s.io/client-go/listers/node/v1" - api "k8s.io/kubernetes/pkg/apis/core" - node "k8s.io/kubernetes/pkg/apis/node" - apinodev1 "k8s.io/kubernetes/pkg/apis/node/v1" - "k8s.io/kubernetes/pkg/util/tolerations" -) - -// PluginName indicates name of admission plugin. -const PluginName = "RuntimeClass" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewRuntimeClass(), nil - }) -} - -// RuntimeClass is an implementation of admission.Interface. -// It looks at all new pods and sets pod.Spec.Overhead if a RuntimeClass is specified which -// defines an Overhead. If pod.Spec.Overhead is set but a RuntimeClass with matching overhead is -// not specified, the pod is rejected. -type RuntimeClass struct { - *admission.Handler - runtimeClassLister nodev1listers.RuntimeClassLister - runtimeClassClient nodev1client.RuntimeClassInterface -} - -var _ admission.MutationInterface = &RuntimeClass{} -var _ admission.ValidationInterface = &RuntimeClass{} - -var _ genericadmissioninitailizer.WantsExternalKubeInformerFactory = &RuntimeClass{} -var _ genericadmissioninitailizer.WantsExternalKubeClientSet = &RuntimeClass{} - -// SetExternalKubeClientSet sets the client for the plugin -func (r *RuntimeClass) SetExternalKubeClientSet(client kubernetes.Interface) { - r.runtimeClassClient = client.NodeV1().RuntimeClasses() -} - -// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface. -func (r *RuntimeClass) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - runtimeClassInformer := f.Node().V1().RuntimeClasses() - r.SetReadyFunc(runtimeClassInformer.Informer().HasSynced) - r.runtimeClassLister = runtimeClassInformer.Lister() -} - -// ValidateInitialization implements the WantsExternalKubeInformerFactory interface. -func (r *RuntimeClass) ValidateInitialization() error { - if r.runtimeClassLister == nil { - return fmt.Errorf("missing RuntimeClass lister") - } - if r.runtimeClassClient == nil { - return fmt.Errorf("missing RuntimeClass client") - } - return nil -} - -// Admit makes an admission decision based on the request attributes -func (r *RuntimeClass) Admit(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) error { - // Ignore all calls to subresources or resources other than pods. - if shouldIgnore(attributes) { - return nil - } - - pod, runtimeClass, err := r.prepareObjects(ctx, attributes) - if err != nil { - return err - } - if err := setOverhead(attributes, pod, runtimeClass); err != nil { - return err - } - - if err := setScheduling(attributes, pod, runtimeClass); err != nil { - return err - } - - return nil -} - -// Validate makes sure that pod adhere's to RuntimeClass's definition -func (r *RuntimeClass) Validate(ctx context.Context, attributes admission.Attributes, o admission.ObjectInterfaces) error { - // Ignore all calls to subresources or resources other than pods. - if shouldIgnore(attributes) { - return nil - } - - pod, runtimeClass, err := r.prepareObjects(ctx, attributes) - if err != nil { - return err - } - if err := validateOverhead(attributes, pod, runtimeClass); err != nil { - return err - } - - return nil -} - -// NewRuntimeClass creates a new RuntimeClass admission control handler -func NewRuntimeClass() *RuntimeClass { - return &RuntimeClass{ - Handler: admission.NewHandler(admission.Create), - } -} - -// prepareObjects returns pod and runtimeClass types from the given admission attributes -func (r *RuntimeClass) prepareObjects(ctx context.Context, attributes admission.Attributes) (pod *api.Pod, runtimeClass *nodev1.RuntimeClass, err error) { - pod, ok := attributes.GetObject().(*api.Pod) - if !ok { - return nil, nil, apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted") - } - - if pod.Spec.RuntimeClassName == nil { - return pod, nil, nil - } - - // get RuntimeClass object - runtimeClass, err = r.runtimeClassLister.Get(*pod.Spec.RuntimeClassName) - if apierrors.IsNotFound(err) { - // if not found, our informer cache could be lagging, do a live lookup - runtimeClass, err = r.runtimeClassClient.Get(ctx, *pod.Spec.RuntimeClassName, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - return pod, nil, admission.NewForbidden(attributes, fmt.Errorf("pod rejected: RuntimeClass %q not found", *pod.Spec.RuntimeClassName)) - } - } - - // return the pod and runtimeClass. - return pod, runtimeClass, err -} - -func setOverhead(a admission.Attributes, pod *api.Pod, runtimeClass *nodev1.RuntimeClass) (err error) { - if runtimeClass == nil || runtimeClass.Overhead == nil { - return nil - } - - // convert to internal type and assign to pod's Overhead - nodeOverhead := &node.Overhead{} - if err = apinodev1.Convert_v1_Overhead_To_node_Overhead(runtimeClass.Overhead, nodeOverhead, nil); err != nil { - return err - } - - // reject pod if Overhead is already set that differs from what is defined in RuntimeClass - if pod.Spec.Overhead != nil && !apiequality.Semantic.DeepEqual(nodeOverhead.PodFixed, pod.Spec.Overhead) { - return admission.NewForbidden(a, fmt.Errorf("pod rejected: Pod's Overhead doesn't match RuntimeClass's defined Overhead")) - } - - pod.Spec.Overhead = nodeOverhead.PodFixed - - return nil -} - -func setScheduling(a admission.Attributes, pod *api.Pod, runtimeClass *nodev1.RuntimeClass) (err error) { - if runtimeClass == nil || runtimeClass.Scheduling == nil { - return nil - } - - // convert to internal type and assign to pod's Scheduling - nodeScheduling := &node.Scheduling{} - if err = apinodev1.Convert_v1_Scheduling_To_node_Scheduling(runtimeClass.Scheduling, nodeScheduling, nil); err != nil { - return err - } - - runtimeNodeSelector := nodeScheduling.NodeSelector - newNodeSelector := pod.Spec.NodeSelector - if newNodeSelector == nil { - newNodeSelector = runtimeNodeSelector - } else { - for key, runtimeClassValue := range runtimeNodeSelector { - if podValue, ok := newNodeSelector[key]; ok && podValue != runtimeClassValue { - return admission.NewForbidden(a, fmt.Errorf("conflict: runtimeClass.scheduling.nodeSelector[%s] = %s; pod.spec.nodeSelector[%s] = %s", key, runtimeClassValue, key, podValue)) - } - newNodeSelector[key] = runtimeClassValue - } - } - - newTolerations := tolerations.MergeTolerations(pod.Spec.Tolerations, nodeScheduling.Tolerations) - - pod.Spec.NodeSelector = newNodeSelector - pod.Spec.Tolerations = newTolerations - - return nil -} - -func validateOverhead(a admission.Attributes, pod *api.Pod, runtimeClass *nodev1.RuntimeClass) (err error) { - if runtimeClass != nil && runtimeClass.Overhead != nil { - // If the Overhead set doesn't match what is provided in the RuntimeClass definition, reject the pod - nodeOverhead := &node.Overhead{} - if err := apinodev1.Convert_v1_Overhead_To_node_Overhead(runtimeClass.Overhead, nodeOverhead, nil); err != nil { - return err - } - if !apiequality.Semantic.DeepEqual(nodeOverhead.PodFixed, pod.Spec.Overhead) { - return admission.NewForbidden(a, fmt.Errorf("pod rejected: Pod's Overhead doesn't match RuntimeClass's defined Overhead")) - } - } else { - // If RuntimeClass with Overhead is not defined but an Overhead is set for pod, reject the pod - if pod.Spec.Overhead != nil { - return admission.NewForbidden(a, fmt.Errorf("pod rejected: Pod Overhead set without corresponding RuntimeClass defined Overhead")) - } - } - - return nil -} - -func shouldIgnore(attributes admission.Attributes) bool { - // Ignore all calls to subresources or resources other than pods. - if len(attributes.GetSubresource()) != 0 || attributes.GetResource().GroupResource() != api.Resource("pods") { - return true - } - - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/admission.go deleted file mode 100644 index 2e99f11b6b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/admission.go +++ /dev/null @@ -1,283 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package podsecurity - -import ( - "context" - "errors" - "fmt" - "io" - "sync" - - // install conversions for types we need to convert - _ "k8s.io/kubernetes/pkg/apis/apps/install" - _ "k8s.io/kubernetes/pkg/apis/batch/install" - _ "k8s.io/kubernetes/pkg/apis/core/install" - - admissionv1 "k8s.io/api/admission/v1" - appsv1 "k8s.io/api/apps/v1" - batchv1 "k8s.io/api/batch/v1" - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/admission" - genericadmissioninit "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/apiserver/pkg/audit" - "k8s.io/apiserver/pkg/warning" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/component-base/featuregate" - "k8s.io/component-base/metrics/legacyregistry" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/apps" - "k8s.io/kubernetes/pkg/apis/batch" - "k8s.io/kubernetes/pkg/apis/core" - podsecurityadmission "k8s.io/pod-security-admission/admission" - podsecurityconfigloader "k8s.io/pod-security-admission/admission/api/load" - podsecurityadmissionapi "k8s.io/pod-security-admission/api" - "k8s.io/pod-security-admission/metrics" - "k8s.io/pod-security-admission/policy" -) - -// PluginName is a string with the name of the plugin -const PluginName = "PodSecurity" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(reader io.Reader) (admission.Interface, error) { - return newPlugin(reader) - }) -} - -// Plugin holds state for and implements the admission plugin. -type Plugin struct { - *admission.Handler - - inspectedFeatureGates bool - - client kubernetes.Interface - namespaceLister corev1listers.NamespaceLister - podLister corev1listers.PodLister - - delegate *podsecurityadmission.Admission -} - -var _ admission.ValidationInterface = &Plugin{} -var _ genericadmissioninit.WantsExternalKubeInformerFactory = &Plugin{} -var _ genericadmissioninit.WantsExternalKubeClientSet = &Plugin{} - -var ( - defaultRecorder *metrics.PrometheusRecorder - defaultRecorderInit sync.Once -) - -func getDefaultRecorder() metrics.Recorder { - // initialize and register to legacy metrics once - defaultRecorderInit.Do(func() { - defaultRecorder = metrics.NewPrometheusRecorder(podsecurityadmissionapi.GetAPIVersion()) - defaultRecorder.MustRegister(legacyregistry.MustRegister) - }) - return defaultRecorder -} - -// newPlugin creates a new admission plugin. -func newPlugin(reader io.Reader) (*Plugin, error) { - config, err := podsecurityconfigloader.LoadFromReader(reader) - if err != nil { - return nil, err - } - - evaluator, err := policy.NewEvaluator(policy.DefaultChecks()) - if err != nil { - return nil, fmt.Errorf("could not create PodSecurityRegistry: %w", err) - } - - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - delegate: &podsecurityadmission.Admission{ - Configuration: config, - Evaluator: evaluator, - Metrics: getDefaultRecorder(), - PodSpecExtractor: podsecurityadmission.DefaultPodSpecExtractor{}, - }, - }, nil -} - -// SetExternalKubeInformerFactory registers an informer -func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - namespaceInformer := f.Core().V1().Namespaces() - p.namespaceLister = namespaceInformer.Lister() - p.podLister = f.Core().V1().Pods().Lister() - p.SetReadyFunc(namespaceInformer.Informer().HasSynced) - p.updateDelegate() -} - -// SetExternalKubeClientSet sets the plugin's client -func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface) { - p.client = client - p.updateDelegate() -} - -func (p *Plugin) updateDelegate() { - // return early if we don't have what we need to set up the admission delegate - if p.namespaceLister == nil { - return - } - if p.podLister == nil { - return - } - if p.client == nil { - return - } - p.delegate.PodLister = podsecurityadmission.PodListerFromInformer(p.podLister) - p.delegate.NamespaceGetter = podsecurityadmission.NamespaceGetterFromListerAndClient(p.namespaceLister, p.client) -} - -func (c *Plugin) InspectFeatureGates(featureGates featuregate.FeatureGate) { - c.inspectedFeatureGates = true -} - -// ValidateInitialization ensures all required options are set -func (p *Plugin) ValidateInitialization() error { - if !p.inspectedFeatureGates { - return fmt.Errorf("%s did not see feature gates", PluginName) - } - if err := p.delegate.CompleteConfiguration(); err != nil { - return fmt.Errorf("%s configuration error: %w", PluginName, err) - } - if err := p.delegate.ValidateConfiguration(); err != nil { - return fmt.Errorf("%s invalid: %w", PluginName, err) - } - return nil -} - -var ( - applicableResources = map[schema.GroupResource]bool{ - corev1.Resource("pods"): true, - corev1.Resource("namespaces"): true, - } -) - -func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - gr := a.GetResource().GroupResource() - if !applicableResources[gr] && !p.delegate.PodSpecExtractor.HasPodSpec(gr) { - return nil - } - - result := p.delegate.Validate(ctx, &lazyConvertingAttributes{Attributes: a}) - for _, w := range result.Warnings { - warning.AddWarning(ctx, "", w) - } - if len(result.AuditAnnotations) > 0 { - annotations := make([]string, len(result.AuditAnnotations)*2) - i := 0 - for k, v := range result.AuditAnnotations { - annotations[i], annotations[i+1] = podsecurityadmissionapi.AuditAnnotationPrefix+k, v - i += 2 - } - audit.AddAuditAnnotations(ctx, annotations...) - } - if !result.Allowed { - // start with a generic forbidden error - retval := admission.NewForbidden(a, errors.New("Not allowed by PodSecurity")).(*apierrors.StatusError) - // use message/reason/details/code from admission library if populated - if result.Result != nil { - if len(result.Result.Message) > 0 { - retval.ErrStatus.Message = result.Result.Message - } - if len(result.Result.Reason) > 0 { - retval.ErrStatus.Reason = result.Result.Reason - } - if result.Result.Details != nil { - retval.ErrStatus.Details = result.Result.Details - } - if result.Result.Code != 0 { - retval.ErrStatus.Code = result.Result.Code - } - } - return retval - } - return nil -} - -type lazyConvertingAttributes struct { - admission.Attributes - - convertObjectOnce sync.Once - convertedObject runtime.Object - convertedObjectError error - - convertOldObjectOnce sync.Once - convertedOldObject runtime.Object - convertedOldObjectError error -} - -func (l *lazyConvertingAttributes) GetObject() (runtime.Object, error) { - l.convertObjectOnce.Do(func() { - l.convertedObject, l.convertedObjectError = convert(l.Attributes.GetObject()) - }) - return l.convertedObject, l.convertedObjectError -} - -func (l *lazyConvertingAttributes) GetOldObject() (runtime.Object, error) { - l.convertOldObjectOnce.Do(func() { - l.convertedOldObject, l.convertedOldObjectError = convert(l.Attributes.GetOldObject()) - }) - return l.convertedOldObject, l.convertedOldObjectError -} - -func (l *lazyConvertingAttributes) GetOperation() admissionv1.Operation { - return admissionv1.Operation(l.Attributes.GetOperation()) -} - -func (l *lazyConvertingAttributes) GetUserName() string { - return l.GetUserInfo().GetName() -} - -func convert(in runtime.Object) (runtime.Object, error) { - var out runtime.Object - switch in.(type) { - case *core.Namespace: - out = &corev1.Namespace{} - case *core.Pod: - out = &corev1.Pod{} - case *core.ReplicationController: - out = &corev1.ReplicationController{} - case *core.PodTemplate: - out = &corev1.PodTemplate{} - case *apps.ReplicaSet: - out = &appsv1.ReplicaSet{} - case *apps.Deployment: - out = &appsv1.Deployment{} - case *apps.StatefulSet: - out = &appsv1.StatefulSet{} - case *apps.DaemonSet: - out = &appsv1.DaemonSet{} - case *batch.Job: - out = &batchv1.Job{} - case *batch.CronJob: - out = &batchv1.CronJob{} - default: - return in, fmt.Errorf("unexpected type %T", in) - } - if err := legacyscheme.Scheme.Convert(in, out, nil); err != nil { - return in, err - } - return out, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny/admission.go deleted file mode 100644 index c5da558c7b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny/admission.go +++ /dev/null @@ -1,101 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package scdeny - -import ( - "context" - "fmt" - "io" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apiserver/pkg/admission" - api "k8s.io/kubernetes/pkg/apis/core" -) - -// PluginName indicates name of admission plugin. -const PluginName = "SecurityContextDeny" - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return NewSecurityContextDeny(), nil - }) -} - -// Plugin implements admission.Interface. -type Plugin struct { - *admission.Handler -} - -var _ admission.ValidationInterface = &Plugin{} - -// NewSecurityContextDeny creates a new instance of the SecurityContextDeny admission controller -func NewSecurityContextDeny() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create, admission.Update), - } -} - -// Validate will deny any pod that defines SupplementalGroups, SELinuxOptions, RunAsUser or FSGroup -func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - if a.GetSubresource() != "" || a.GetResource().GroupResource() != api.Resource("pods") { - return nil - } - - pod, ok := a.GetObject().(*api.Pod) - if !ok { - return apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted") - } - - if pod.Spec.SecurityContext != nil { - if pod.Spec.SecurityContext.SupplementalGroups != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("pod.Spec.SecurityContext.SupplementalGroups is forbidden")) - } - if pod.Spec.SecurityContext.SELinuxOptions != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("pod.Spec.SecurityContext.SELinuxOptions is forbidden")) - } - if pod.Spec.SecurityContext.RunAsUser != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("pod.Spec.SecurityContext.RunAsUser is forbidden")) - } - if pod.Spec.SecurityContext.FSGroup != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("pod.Spec.SecurityContext.FSGroup is forbidden")) - } - } - - for _, v := range pod.Spec.InitContainers { - if v.SecurityContext != nil { - if v.SecurityContext.SELinuxOptions != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("SecurityContext.SELinuxOptions is forbidden")) - } - if v.SecurityContext.RunAsUser != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("SecurityContext.RunAsUser is forbidden")) - } - } - } - - for _, v := range pod.Spec.Containers { - if v.SecurityContext != nil { - if v.SecurityContext.SELinuxOptions != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("SecurityContext.SELinuxOptions is forbidden")) - } - if v.SecurityContext.RunAsUser != nil { - return apierrors.NewForbidden(a.GetResource().GroupResource(), pod.Name, fmt.Errorf("SecurityContext.RunAsUser is forbidden")) - } - } - } - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/OWNERS deleted file mode 100644 index e9f4e0b724..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-serviceaccounts-approvers -reviewers: - - sig-auth-serviceaccounts-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go deleted file mode 100644 index 769a115aef..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go +++ /dev/null @@ -1,460 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "context" - "fmt" - "io" - "math/rand" - "strconv" - "strings" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" - podutil "k8s.io/kubernetes/pkg/api/pod" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/serviceaccount" - "k8s.io/utils/pointer" -) - -const ( - // DefaultServiceAccountName is the name of the default service account to set on pods which do not specify a service account - DefaultServiceAccountName = "default" - - // EnforceMountableSecretsAnnotation is a default annotation that indicates that a service account should enforce mountable secrets. - // The value must be true to have this annotation take effect - EnforceMountableSecretsAnnotation = "kubernetes.io/enforce-mountable-secrets" - - // ServiceAccountVolumeName is the prefix name that will be added to volumes that mount ServiceAccount secrets - ServiceAccountVolumeName = "kube-api-access" - - // DefaultAPITokenMountPath is the path that ServiceAccountToken secrets are automounted to. - // The token file would then be accessible at /var/run/secrets/kubernetes.io/serviceaccount - DefaultAPITokenMountPath = "/var/run/secrets/kubernetes.io/serviceaccount" - - // PluginName is the name of this admission plugin - PluginName = "ServiceAccount" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - serviceAccountAdmission := NewServiceAccount() - return serviceAccountAdmission, nil - }) -} - -var _ = admission.Interface(&Plugin{}) - -// Plugin contains the client used by the admission controller -type Plugin struct { - *admission.Handler - - // LimitSecretReferences rejects pods that reference secrets their service accounts do not reference - LimitSecretReferences bool - // MountServiceAccountToken creates Volume and VolumeMounts for the first referenced ServiceAccountToken for the pod's service account - MountServiceAccountToken bool - - client kubernetes.Interface - - serviceAccountLister corev1listers.ServiceAccountLister - - generateName func(string) string -} - -var _ admission.MutationInterface = &Plugin{} -var _ admission.ValidationInterface = &Plugin{} -var _ = genericadmissioninitializer.WantsExternalKubeClientSet(&Plugin{}) -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&Plugin{}) - -// NewServiceAccount returns an admission.Interface implementation which limits admission of Pod CREATE requests based on the pod's ServiceAccount: -// 1. If the pod does not specify a ServiceAccount, it sets the pod's ServiceAccount to "default" -// 2. It ensures the ServiceAccount referenced by the pod exists -// 3. If LimitSecretReferences is true, it rejects the pod if the pod references Secret objects which the pod's ServiceAccount does not reference -// 4. If the pod does not contain any ImagePullSecrets, the ImagePullSecrets of the service account are added. -// 5. If MountServiceAccountToken is true, it adds a VolumeMount with the pod's ServiceAccount's api token secret to containers -func NewServiceAccount() *Plugin { - return &Plugin{ - Handler: admission.NewHandler(admission.Create), - // TODO: enable this once we've swept secret usage to account for adding secret references to service accounts - LimitSecretReferences: false, - // Auto mount service account API token secrets - MountServiceAccountToken: true, - - generateName: names.SimpleNameGenerator.GenerateName, - } -} - -// SetExternalKubeClientSet sets the client for the plugin -func (s *Plugin) SetExternalKubeClientSet(cl kubernetes.Interface) { - s.client = cl -} - -// SetExternalKubeInformerFactory registers informers with the plugin -func (s *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - serviceAccountInformer := f.Core().V1().ServiceAccounts() - s.serviceAccountLister = serviceAccountInformer.Lister() - s.SetReadyFunc(func() bool { - return serviceAccountInformer.Informer().HasSynced() - }) -} - -// ValidateInitialization ensures an authorizer is set. -func (s *Plugin) ValidateInitialization() error { - if s.client == nil { - return fmt.Errorf("missing client") - } - if s.serviceAccountLister == nil { - return fmt.Errorf("missing serviceAccountLister") - } - return nil -} - -// Admit verifies if the pod should be admitted -func (s *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - if shouldIgnore(a) { - return nil - } - - pod := a.GetObject().(*api.Pod) - - // Don't modify the spec of mirror pods. - // That makes the kubelet very angry and confused, and it immediately deletes the pod (because the spec doesn't match) - // That said, don't allow mirror pods to reference ServiceAccounts or SecretVolumeSources either - if _, isMirrorPod := pod.Annotations[api.MirrorPodAnnotationKey]; isMirrorPod { - return s.Validate(ctx, a, o) - } - - // Set the default service account if needed - if len(pod.Spec.ServiceAccountName) == 0 { - pod.Spec.ServiceAccountName = DefaultServiceAccountName - } - - serviceAccount, err := s.getServiceAccount(a.GetNamespace(), pod.Spec.ServiceAccountName) - if err != nil { - return admission.NewForbidden(a, fmt.Errorf("error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err)) - } - if s.MountServiceAccountToken && shouldAutomount(serviceAccount, pod) { - s.mountServiceAccountToken(serviceAccount, pod) - } - if len(pod.Spec.ImagePullSecrets) == 0 { - pod.Spec.ImagePullSecrets = make([]api.LocalObjectReference, len(serviceAccount.ImagePullSecrets)) - for i := 0; i < len(serviceAccount.ImagePullSecrets); i++ { - pod.Spec.ImagePullSecrets[i].Name = serviceAccount.ImagePullSecrets[i].Name - } - } - - return s.Validate(ctx, a, o) -} - -// Validate the data we obtained -func (s *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - if shouldIgnore(a) { - return nil - } - - pod := a.GetObject().(*api.Pod) - - // Mirror pods have restrictions on what they can reference - if _, isMirrorPod := pod.Annotations[api.MirrorPodAnnotationKey]; isMirrorPod { - if len(pod.Spec.ServiceAccountName) != 0 { - return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference service accounts")) - } - hasSecrets := false - podutil.VisitPodSecretNames(pod, func(name string) bool { - hasSecrets = true - return false - }, podutil.AllContainers) - if hasSecrets { - return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference secrets")) - } - for _, v := range pod.Spec.Volumes { - if proj := v.Projected; proj != nil { - for _, projSource := range proj.Sources { - if projSource.ServiceAccountToken != nil { - return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not use ServiceAccountToken volume projections")) - } - } - } - } - return nil - } - - // Ensure the referenced service account exists - serviceAccount, err := s.getServiceAccount(a.GetNamespace(), pod.Spec.ServiceAccountName) - if err != nil { - return admission.NewForbidden(a, fmt.Errorf("error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err)) - } - - if s.enforceMountableSecrets(serviceAccount) { - if err := s.limitSecretReferences(serviceAccount, pod); err != nil { - return admission.NewForbidden(a, err) - } - } - - return nil -} - -func shouldIgnore(a admission.Attributes) bool { - if a.GetResource().GroupResource() != api.Resource("pods") { - return true - } - if a.GetSubresource() != "" { - return true - } - obj := a.GetObject() - if obj == nil { - return true - } - _, ok := obj.(*api.Pod) - if !ok { - return true - } - - return false -} - -func shouldAutomount(sa *corev1.ServiceAccount, pod *api.Pod) bool { - // Pod's preference wins - if pod.Spec.AutomountServiceAccountToken != nil { - return *pod.Spec.AutomountServiceAccountToken - } - // Then service account's - if sa.AutomountServiceAccountToken != nil { - return *sa.AutomountServiceAccountToken - } - // Default to true for backwards compatibility - return true -} - -// enforceMountableSecrets indicates whether mountable secrets should be enforced for a particular service account -// A global setting of true will override any flag set on the individual service account -func (s *Plugin) enforceMountableSecrets(serviceAccount *corev1.ServiceAccount) bool { - if s.LimitSecretReferences { - return true - } - - if value, ok := serviceAccount.Annotations[EnforceMountableSecretsAnnotation]; ok { - enforceMountableSecretCheck, _ := strconv.ParseBool(value) - return enforceMountableSecretCheck - } - - return false -} - -// getServiceAccount returns the ServiceAccount for the given namespace and name if it exists -func (s *Plugin) getServiceAccount(namespace string, name string) (*corev1.ServiceAccount, error) { - serviceAccount, err := s.serviceAccountLister.ServiceAccounts(namespace).Get(name) - if err == nil { - return serviceAccount, nil - } - if !errors.IsNotFound(err) { - return nil, err - } - - // Could not find in cache, attempt to look up directly - numAttempts := 1 - if name == DefaultServiceAccountName { - // If this is the default serviceaccount, attempt more times, since it should be auto-created by the controller - numAttempts = 10 - } - retryInterval := time.Duration(rand.Int63n(100)+int64(100)) * time.Millisecond - for i := 0; i < numAttempts; i++ { - if i != 0 { - time.Sleep(retryInterval) - } - serviceAccount, err := s.client.CoreV1().ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{}) - if err == nil { - return serviceAccount, nil - } - if !errors.IsNotFound(err) { - return nil, err - } - } - - return nil, errors.NewNotFound(api.Resource("serviceaccount"), name) -} - -func (s *Plugin) limitSecretReferences(serviceAccount *corev1.ServiceAccount, pod *api.Pod) error { - // Ensure all secrets the pod references are allowed by the service account - mountableSecrets := sets.NewString() - for _, s := range serviceAccount.Secrets { - mountableSecrets.Insert(s.Name) - } - for _, volume := range pod.Spec.Volumes { - source := volume.VolumeSource - if source.Secret == nil { - continue - } - secretName := source.Secret.SecretName - if !mountableSecrets.Has(secretName) { - return fmt.Errorf("volume with secret.secretName=\"%s\" is not allowed because service account %s does not reference that secret", secretName, serviceAccount.Name) - } - } - - for _, container := range pod.Spec.InitContainers { - for _, env := range container.Env { - if env.ValueFrom != nil && env.ValueFrom.SecretKeyRef != nil { - if !mountableSecrets.Has(env.ValueFrom.SecretKeyRef.Name) { - return fmt.Errorf("init container %s with envVar %s referencing secret.secretName=\"%s\" is not allowed because service account %s does not reference that secret", container.Name, env.Name, env.ValueFrom.SecretKeyRef.Name, serviceAccount.Name) - } - } - } - } - - for _, container := range pod.Spec.Containers { - for _, env := range container.Env { - if env.ValueFrom != nil && env.ValueFrom.SecretKeyRef != nil { - if !mountableSecrets.Has(env.ValueFrom.SecretKeyRef.Name) { - return fmt.Errorf("container %s with envVar %s referencing secret.secretName=\"%s\" is not allowed because service account %s does not reference that secret", container.Name, env.Name, env.ValueFrom.SecretKeyRef.Name, serviceAccount.Name) - } - } - } - } - - // limit pull secret references as well - pullSecrets := sets.NewString() - for _, s := range serviceAccount.ImagePullSecrets { - pullSecrets.Insert(s.Name) - } - for i, pullSecretRef := range pod.Spec.ImagePullSecrets { - if !pullSecrets.Has(pullSecretRef.Name) { - return fmt.Errorf(`imagePullSecrets[%d].name="%s" is not allowed because service account %s does not reference that imagePullSecret`, i, pullSecretRef.Name, serviceAccount.Name) - } - } - return nil -} - -func (s *Plugin) mountServiceAccountToken(serviceAccount *corev1.ServiceAccount, pod *api.Pod) { - // Find the volume and volume name for the ServiceAccountTokenSecret if it already exists - tokenVolumeName := "" - hasTokenVolume := false - allVolumeNames := sets.NewString() - for _, volume := range pod.Spec.Volumes { - allVolumeNames.Insert(volume.Name) - if strings.HasPrefix(volume.Name, ServiceAccountVolumeName+"-") { - tokenVolumeName = volume.Name - hasTokenVolume = true - break - } - } - - // Determine a volume name for the ServiceAccountTokenSecret in case we need it - if len(tokenVolumeName) == 0 { - tokenVolumeName = s.generateName(ServiceAccountVolumeName + "-") - } - - // Create the prototypical VolumeMount - volumeMount := api.VolumeMount{ - Name: tokenVolumeName, - ReadOnly: true, - MountPath: DefaultAPITokenMountPath, - } - - // Ensure every container mounts the APISecret volume - needsTokenVolume := false - for i, container := range pod.Spec.InitContainers { - existingContainerMount := false - for _, volumeMount := range container.VolumeMounts { - // Existing mounts at the default mount path prevent mounting of the API token - if volumeMount.MountPath == DefaultAPITokenMountPath { - existingContainerMount = true - break - } - } - if !existingContainerMount { - pod.Spec.InitContainers[i].VolumeMounts = append(pod.Spec.InitContainers[i].VolumeMounts, volumeMount) - needsTokenVolume = true - } - } - for i, container := range pod.Spec.Containers { - existingContainerMount := false - for _, volumeMount := range container.VolumeMounts { - // Existing mounts at the default mount path prevent mounting of the API token - if volumeMount.MountPath == DefaultAPITokenMountPath { - existingContainerMount = true - break - } - } - if !existingContainerMount { - pod.Spec.Containers[i].VolumeMounts = append(pod.Spec.Containers[i].VolumeMounts, volumeMount) - needsTokenVolume = true - } - } - - // Add the volume if a container needs it - if !hasTokenVolume && needsTokenVolume { - pod.Spec.Volumes = append(pod.Spec.Volumes, api.Volume{ - Name: tokenVolumeName, - VolumeSource: api.VolumeSource{ - Projected: TokenVolumeSource(), - }, - }) - } -} - -// TokenVolumeSource returns the projected volume source for service account token. -func TokenVolumeSource() *api.ProjectedVolumeSource { - return &api.ProjectedVolumeSource{ - // explicitly set default value, see #104464 - DefaultMode: pointer.Int32(corev1.ProjectedVolumeSourceDefaultMode), - Sources: []api.VolumeProjection{ - { - ServiceAccountToken: &api.ServiceAccountTokenProjection{ - Path: "token", - ExpirationSeconds: serviceaccount.WarnOnlyBoundTokenExpirationSeconds, - }, - }, - { - ConfigMap: &api.ConfigMapProjection{ - LocalObjectReference: api.LocalObjectReference{ - Name: "kube-root-ca.crt", - }, - Items: []api.KeyToPath{ - { - Key: "ca.crt", - Path: "ca.crt", - }, - }, - }, - }, - { - DownwardAPI: &api.DownwardAPIProjection{ - Items: []api.DownwardAPIVolumeFile{ - { - Path: "namespace", - FieldRef: &api.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "metadata.namespace", - }, - }, - }, - }, - }, - }, - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/doc.go deleted file mode 100644 index a4810bb871..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package serviceaccount enforces all pods having an associated serviceaccount, -// and all containers mounting the API token for that serviceaccount at a known location -package serviceaccount // import "k8s.io/kubernetes/plugin/pkg/admission/serviceaccount" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/OWNERS deleted file mode 100644 index 8debd4060f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - andrewsykim - - dims - - msau42 -approvers: - - andrewsykim - - dims - - msau42 diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/admission.go deleted file mode 100644 index 3f5c778260..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/admission.go +++ /dev/null @@ -1,420 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package label - -import ( - "bytes" - "context" - "errors" - "fmt" - "io" - "sync" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/admission" - cloudprovider "k8s.io/cloud-provider" - cloudvolume "k8s.io/cloud-provider/volume" - volumehelpers "k8s.io/cloud-provider/volume/helpers" - persistentvolume "k8s.io/component-helpers/storage/volume" - "k8s.io/klog/v2" - api "k8s.io/kubernetes/pkg/apis/core" - k8s_api_v1 "k8s.io/kubernetes/pkg/apis/core/v1" - kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission" -) - -const ( - // PluginName is the name of persistent volume label admission plugin - PluginName = "PersistentVolumeLabel" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - persistentVolumeLabelAdmission := newPersistentVolumeLabel() - return persistentVolumeLabelAdmission, nil - }) -} - -var _ = admission.Interface(&persistentVolumeLabel{}) - -type persistentVolumeLabel struct { - *admission.Handler - - mutex sync.Mutex - cloudConfig []byte - awsPVLabeler cloudprovider.PVLabeler - gcePVLabeler cloudprovider.PVLabeler - azurePVLabeler cloudprovider.PVLabeler - vspherePVLabeler cloudprovider.PVLabeler -} - -var _ admission.MutationInterface = &persistentVolumeLabel{} -var _ kubeapiserveradmission.WantsCloudConfig = &persistentVolumeLabel{} - -// newPersistentVolumeLabel returns an admission.Interface implementation which adds labels to PersistentVolume CREATE requests, -// based on the labels provided by the underlying cloud provider. -// -// As a side effect, the cloud provider may block invalid or non-existent volumes. -func newPersistentVolumeLabel() *persistentVolumeLabel { - // DEPRECATED: in a future release, we will use mutating admission webhooks to apply PV labels. - // Once the mutating admission webhook is used for AWS, Azure, and GCE, - // this admission controller will be removed. - klog.Warning("PersistentVolumeLabel admission controller is deprecated. " + - "Please remove this controller from your configuration files and scripts.") - return &persistentVolumeLabel{ - Handler: admission.NewHandler(admission.Create), - } -} - -func (l *persistentVolumeLabel) SetCloudConfig(cloudConfig []byte) { - l.cloudConfig = cloudConfig -} - -func nodeSelectorRequirementKeysExistInNodeSelectorTerms(reqs []api.NodeSelectorRequirement, terms []api.NodeSelectorTerm) bool { - for _, req := range reqs { - for _, term := range terms { - for _, r := range term.MatchExpressions { - if r.Key == req.Key { - return true - } - } - } - } - return false -} - -func (l *persistentVolumeLabel) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error) { - if a.GetResource().GroupResource() != api.Resource("persistentvolumes") { - return nil - } - obj := a.GetObject() - if obj == nil { - return nil - } - volume, ok := obj.(*api.PersistentVolume) - if !ok { - return nil - } - - volumeLabels, err := l.findVolumeLabels(volume) - if err != nil { - return admission.NewForbidden(a, err) - } - - requirements := make([]api.NodeSelectorRequirement, 0) - if len(volumeLabels) != 0 { - if volume.Labels == nil { - volume.Labels = make(map[string]string) - } - for k, v := range volumeLabels { - // We (silently) replace labels if they are provided. - // This should be OK because they are in the kubernetes.io namespace - // i.e. we own them - volume.Labels[k] = v - - // Set NodeSelectorRequirements based on the labels - var values []string - if k == v1.LabelTopologyZone || k == v1.LabelFailureDomainBetaZone { - zones, err := volumehelpers.LabelZonesToSet(v) - if err != nil { - return admission.NewForbidden(a, fmt.Errorf("failed to convert label string for Zone: %s to a Set", v)) - } - // zone values here are sorted for better testability. - values = zones.List() - } else { - values = []string{v} - } - requirements = append(requirements, api.NodeSelectorRequirement{Key: k, Operator: api.NodeSelectorOpIn, Values: values}) - } - - if volume.Spec.NodeAffinity == nil { - volume.Spec.NodeAffinity = new(api.VolumeNodeAffinity) - } - if volume.Spec.NodeAffinity.Required == nil { - volume.Spec.NodeAffinity.Required = new(api.NodeSelector) - } - if len(volume.Spec.NodeAffinity.Required.NodeSelectorTerms) == 0 { - // Need at least one term pre-allocated whose MatchExpressions can be appended to - volume.Spec.NodeAffinity.Required.NodeSelectorTerms = make([]api.NodeSelectorTerm, 1) - } - if nodeSelectorRequirementKeysExistInNodeSelectorTerms(requirements, volume.Spec.NodeAffinity.Required.NodeSelectorTerms) { - klog.V(4).Infof("NodeSelectorRequirements for cloud labels %v conflict with existing NodeAffinity %v. Skipping addition of NodeSelectorRequirements for cloud labels.", - requirements, volume.Spec.NodeAffinity) - } else { - for _, req := range requirements { - for i := range volume.Spec.NodeAffinity.Required.NodeSelectorTerms { - volume.Spec.NodeAffinity.Required.NodeSelectorTerms[i].MatchExpressions = append(volume.Spec.NodeAffinity.Required.NodeSelectorTerms[i].MatchExpressions, req) - } - } - } - } - - return nil -} - -func (l *persistentVolumeLabel) findVolumeLabels(volume *api.PersistentVolume) (map[string]string, error) { - existingLabels := volume.Labels - - // All cloud providers set only these two labels. - topologyLabelGA := true - domain, domainOK := existingLabels[v1.LabelTopologyZone] - region, regionOK := existingLabels[v1.LabelTopologyRegion] - // If they don't have GA labels we should check for failuredomain beta labels - // TODO: remove this once all the cloud provider change to GA topology labels - if !domainOK || !regionOK { - topologyLabelGA = false - domain, domainOK = existingLabels[v1.LabelFailureDomainBetaZone] - region, regionOK = existingLabels[v1.LabelFailureDomainBetaRegion] - } - - isDynamicallyProvisioned := metav1.HasAnnotation(volume.ObjectMeta, persistentvolume.AnnDynamicallyProvisioned) - if isDynamicallyProvisioned && domainOK && regionOK { - // PV already has all the labels and we can trust the dynamic provisioning that it provided correct values. - if topologyLabelGA { - return map[string]string{ - v1.LabelTopologyZone: domain, - v1.LabelTopologyRegion: region, - }, nil - } - return map[string]string{ - v1.LabelFailureDomainBetaZone: domain, - v1.LabelFailureDomainBetaRegion: region, - }, nil - - } - - // Either missing labels or we don't trust the user provided correct values. - switch { - case volume.Spec.AWSElasticBlockStore != nil: - labels, err := l.findAWSEBSLabels(volume) - if err != nil { - return nil, fmt.Errorf("error querying AWS EBS volume %s: %v", volume.Spec.AWSElasticBlockStore.VolumeID, err) - } - return labels, nil - case volume.Spec.GCEPersistentDisk != nil: - labels, err := l.findGCEPDLabels(volume) - if err != nil { - return nil, fmt.Errorf("error querying GCE PD volume %s: %v", volume.Spec.GCEPersistentDisk.PDName, err) - } - return labels, nil - case volume.Spec.AzureDisk != nil: - labels, err := l.findAzureDiskLabels(volume) - if err != nil { - return nil, fmt.Errorf("error querying AzureDisk volume %s: %v", volume.Spec.AzureDisk.DiskName, err) - } - return labels, nil - case volume.Spec.VsphereVolume != nil: - labels, err := l.findVsphereVolumeLabels(volume) - if err != nil { - return nil, fmt.Errorf("error querying vSphere Volume %s: %v", volume.Spec.VsphereVolume.VolumePath, err) - } - return labels, nil - } - // Unrecognized volume, do not add any labels - return nil, nil -} - -func (l *persistentVolumeLabel) findAWSEBSLabels(volume *api.PersistentVolume) (map[string]string, error) { - // Ignore any volumes that are being provisioned - if volume.Spec.AWSElasticBlockStore.VolumeID == cloudvolume.ProvisionedVolumeName { - return nil, nil - } - pvlabler, err := l.getAWSPVLabeler() - if err != nil { - return nil, err - } - if pvlabler == nil { - return nil, fmt.Errorf("unable to build AWS cloud provider for EBS") - } - - pv := &v1.PersistentVolume{} - err = k8s_api_v1.Convert_core_PersistentVolume_To_v1_PersistentVolume(volume, pv, nil) - if err != nil { - return nil, fmt.Errorf("failed to convert PersistentVolume to core/v1: %q", err) - } - - return pvlabler.GetLabelsForVolume(context.TODO(), pv) -} - -// getAWSPVLabeler returns the AWS implementation of PVLabeler -func (l *persistentVolumeLabel) getAWSPVLabeler() (cloudprovider.PVLabeler, error) { - l.mutex.Lock() - defer l.mutex.Unlock() - - if l.awsPVLabeler == nil { - var cloudConfigReader io.Reader - if len(l.cloudConfig) > 0 { - cloudConfigReader = bytes.NewReader(l.cloudConfig) - } - - cloudProvider, err := cloudprovider.GetCloudProvider("aws", cloudConfigReader) - if err != nil || cloudProvider == nil { - return nil, err - } - - awsPVLabeler, ok := cloudProvider.(cloudprovider.PVLabeler) - if !ok { - return nil, errors.New("AWS cloud provider does not implement PV labeling") - } - - l.awsPVLabeler = awsPVLabeler - } - return l.awsPVLabeler, nil -} - -func (l *persistentVolumeLabel) findGCEPDLabels(volume *api.PersistentVolume) (map[string]string, error) { - // Ignore any volumes that are being provisioned - if volume.Spec.GCEPersistentDisk.PDName == cloudvolume.ProvisionedVolumeName { - return nil, nil - } - - pvlabler, err := l.getGCEPVLabeler() - if err != nil { - return nil, err - } - if pvlabler == nil { - return nil, fmt.Errorf("unable to build GCE cloud provider for PD") - } - - pv := &v1.PersistentVolume{} - err = k8s_api_v1.Convert_core_PersistentVolume_To_v1_PersistentVolume(volume, pv, nil) - if err != nil { - return nil, fmt.Errorf("failed to convert PersistentVolume to core/v1: %q", err) - } - return pvlabler.GetLabelsForVolume(context.TODO(), pv) -} - -// getGCEPVLabeler returns the GCE implementation of PVLabeler -func (l *persistentVolumeLabel) getGCEPVLabeler() (cloudprovider.PVLabeler, error) { - l.mutex.Lock() - defer l.mutex.Unlock() - - if l.gcePVLabeler == nil { - var cloudConfigReader io.Reader - if len(l.cloudConfig) > 0 { - cloudConfigReader = bytes.NewReader(l.cloudConfig) - } - - cloudProvider, err := cloudprovider.GetCloudProvider("gce", cloudConfigReader) - if err != nil || cloudProvider == nil { - return nil, err - } - - gcePVLabeler, ok := cloudProvider.(cloudprovider.PVLabeler) - if !ok { - return nil, errors.New("GCE cloud provider does not implement PV labeling") - } - - l.gcePVLabeler = gcePVLabeler - - } - return l.gcePVLabeler, nil -} - -// getAzurePVLabeler returns the Azure implementation of PVLabeler -func (l *persistentVolumeLabel) getAzurePVLabeler() (cloudprovider.PVLabeler, error) { - l.mutex.Lock() - defer l.mutex.Unlock() - - if l.azurePVLabeler == nil { - var cloudConfigReader io.Reader - if len(l.cloudConfig) > 0 { - cloudConfigReader = bytes.NewReader(l.cloudConfig) - } - - cloudProvider, err := cloudprovider.GetCloudProvider("azure", cloudConfigReader) - if err != nil || cloudProvider == nil { - return nil, err - } - - azurePVLabeler, ok := cloudProvider.(cloudprovider.PVLabeler) - if !ok { - return nil, errors.New("Azure cloud provider does not implement PV labeling") - } - l.azurePVLabeler = azurePVLabeler - } - - return l.azurePVLabeler, nil -} - -func (l *persistentVolumeLabel) findAzureDiskLabels(volume *api.PersistentVolume) (map[string]string, error) { - // Ignore any volumes that are being provisioned - if volume.Spec.AzureDisk.DiskName == cloudvolume.ProvisionedVolumeName { - return nil, nil - } - - pvlabler, err := l.getAzurePVLabeler() - if err != nil { - return nil, err - } - if pvlabler == nil { - return nil, fmt.Errorf("unable to build Azure cloud provider for AzureDisk") - } - - pv := &v1.PersistentVolume{} - err = k8s_api_v1.Convert_core_PersistentVolume_To_v1_PersistentVolume(volume, pv, nil) - if err != nil { - return nil, fmt.Errorf("failed to convert PersistentVolume to core/v1: %q", err) - } - return pvlabler.GetLabelsForVolume(context.TODO(), pv) -} - -func (l *persistentVolumeLabel) findVsphereVolumeLabels(volume *api.PersistentVolume) (map[string]string, error) { - pvlabler, err := l.getVspherePVLabeler() - if err != nil { - return nil, err - } - if pvlabler == nil { - return nil, fmt.Errorf("unable to build vSphere cloud provider") - } - - pv := &v1.PersistentVolume{} - err = k8s_api_v1.Convert_core_PersistentVolume_To_v1_PersistentVolume(volume, pv, nil) - if err != nil { - return nil, fmt.Errorf("failed to convert PersistentVolume to core/v1: %q", err) - } - labels, err := pvlabler.GetLabelsForVolume(context.TODO(), pv) - if err != nil { - return nil, err - } - - return labels, nil -} - -func (l *persistentVolumeLabel) getVspherePVLabeler() (cloudprovider.PVLabeler, error) { - l.mutex.Lock() - defer l.mutex.Unlock() - - if l.vspherePVLabeler == nil { - var cloudConfigReader io.Reader - if len(l.cloudConfig) > 0 { - cloudConfigReader = bytes.NewReader(l.cloudConfig) - } - cloudProvider, err := cloudprovider.GetCloudProvider("vsphere", cloudConfigReader) - if err != nil || cloudProvider == nil { - return nil, err - } - vspherePVLabeler, ok := cloudProvider.(cloudprovider.PVLabeler) - if !ok { - // GetCloudProvider failed - return nil, errors.New("vSphere Cloud Provider does not implement PV labeling") - } - l.vspherePVLabeler = vspherePVLabeler - } - return l.vspherePVLabeler, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/doc.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/doc.go deleted file mode 100644 index 56d4e627f3..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package label created persistent volumes with zone information -// as provided by the cloud provider -package label // import "k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label" diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize/admission.go deleted file mode 100644 index 398781661e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize/admission.go +++ /dev/null @@ -1,131 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resize - -import ( - "context" - "fmt" - "io" - - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - storagev1listers "k8s.io/client-go/listers/storage/v1" - api "k8s.io/kubernetes/pkg/apis/core" - apihelper "k8s.io/kubernetes/pkg/apis/core/helper" -) - -const ( - // PluginName is the name of pvc resize admission plugin - PluginName = "PersistentVolumeClaimResize" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - plugin := newPlugin() - return plugin, nil - }) -} - -var _ admission.Interface = &persistentVolumeClaimResize{} -var _ admission.ValidationInterface = &persistentVolumeClaimResize{} -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&persistentVolumeClaimResize{}) - -type persistentVolumeClaimResize struct { - *admission.Handler - - scLister storagev1listers.StorageClassLister -} - -func newPlugin() *persistentVolumeClaimResize { - return &persistentVolumeClaimResize{ - Handler: admission.NewHandler(admission.Update), - } -} - -func (pvcr *persistentVolumeClaimResize) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - scInformer := f.Storage().V1().StorageClasses() - pvcr.scLister = scInformer.Lister() - pvcr.SetReadyFunc(scInformer.Informer().HasSynced) -} - -// ValidateInitialization ensures lister is set. -func (pvcr *persistentVolumeClaimResize) ValidateInitialization() error { - if pvcr.scLister == nil { - return fmt.Errorf("missing storageclass lister") - } - return nil -} - -func (pvcr *persistentVolumeClaimResize) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - if a.GetResource().GroupResource() != api.Resource("persistentvolumeclaims") { - return nil - } - - if len(a.GetSubresource()) != 0 { - return nil - } - - pvc, ok := a.GetObject().(*api.PersistentVolumeClaim) - // if we can't convert then we don't handle this object so just return - if !ok { - return nil - } - oldPvc, ok := a.GetOldObject().(*api.PersistentVolumeClaim) - if !ok { - return nil - } - - oldSize := oldPvc.Spec.Resources.Requests[api.ResourceStorage] - newSize := pvc.Spec.Resources.Requests[api.ResourceStorage] - - if newSize.Cmp(oldSize) <= 0 { - return nil - } - - if oldPvc.Status.Phase != api.ClaimBound { - return admission.NewForbidden(a, fmt.Errorf("Only bound persistent volume claims can be expanded")) - } - - // Growing Persistent volumes is only allowed for PVCs for which their StorageClass - // explicitly allows it - if !pvcr.allowResize(pvc, oldPvc) { - return admission.NewForbidden(a, fmt.Errorf("only dynamically provisioned pvc can be resized and "+ - "the storageclass that provisions the pvc must support resize")) - } - - return nil -} - -// Growing Persistent volumes is only allowed for PVCs for which their StorageClass -// explicitly allows it. -func (pvcr *persistentVolumeClaimResize) allowResize(pvc, oldPvc *api.PersistentVolumeClaim) bool { - pvcStorageClass := apihelper.GetPersistentVolumeClaimClass(pvc) - oldPvcStorageClass := apihelper.GetPersistentVolumeClaimClass(oldPvc) - if pvcStorageClass == "" || oldPvcStorageClass == "" || pvcStorageClass != oldPvcStorageClass { - return false - } - sc, err := pvcr.scLister.Get(pvcStorageClass) - if err != nil { - return false - } - if sc.AllowVolumeExpansion != nil { - return *sc.AllowVolumeExpansion - } - return false -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault/admission.go deleted file mode 100644 index aa4c1c14ba..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault/admission.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package setdefault - -import ( - "context" - "fmt" - "io" - "k8s.io/kubernetes/pkg/volume/util" - - "k8s.io/klog/v2" - - "k8s.io/apiserver/pkg/admission" - genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer" - "k8s.io/client-go/informers" - storagev1listers "k8s.io/client-go/listers/storage/v1" - api "k8s.io/kubernetes/pkg/apis/core" - "k8s.io/kubernetes/pkg/apis/core/helper" -) - -const ( - // PluginName is the name of this admission controller plugin - PluginName = "DefaultStorageClass" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - plugin := newPlugin() - return plugin, nil - }) -} - -// claimDefaulterPlugin holds state for and implements the admission plugin. -type claimDefaulterPlugin struct { - *admission.Handler - - lister storagev1listers.StorageClassLister -} - -var _ admission.Interface = &claimDefaulterPlugin{} -var _ admission.MutationInterface = &claimDefaulterPlugin{} -var _ = genericadmissioninitializer.WantsExternalKubeInformerFactory(&claimDefaulterPlugin{}) - -// newPlugin creates a new admission plugin. -func newPlugin() *claimDefaulterPlugin { - return &claimDefaulterPlugin{ - Handler: admission.NewHandler(admission.Create), - } -} - -func (a *claimDefaulterPlugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { - informer := f.Storage().V1().StorageClasses() - a.lister = informer.Lister() - a.SetReadyFunc(informer.Informer().HasSynced) -} - -// ValidateInitialization ensures lister is set. -func (a *claimDefaulterPlugin) ValidateInitialization() error { - if a.lister == nil { - return fmt.Errorf("missing lister") - } - return nil -} - -// Admit sets the default value of a PersistentVolumeClaim's storage class, in case the user did -// not provide a value. -// -// 1. Find available StorageClasses. -// 2. Figure which is the default -// 3. Write to the PVClaim -func (a *claimDefaulterPlugin) Admit(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error { - if attr.GetResource().GroupResource() != api.Resource("persistentvolumeclaims") { - return nil - } - - if len(attr.GetSubresource()) != 0 { - return nil - } - - pvc, ok := attr.GetObject().(*api.PersistentVolumeClaim) - // if we can't convert then we don't handle this object so just return - if !ok { - return nil - } - - if helper.PersistentVolumeClaimHasClass(pvc) { - // The user asked for a class. - return nil - } - - klog.V(4).Infof("no storage class for claim %s (generate: %s)", pvc.Name, pvc.GenerateName) - - def, err := util.GetDefaultClass(a.lister) - if err != nil { - return admission.NewForbidden(attr, err) - } - if def == nil { - // No default class selected, do nothing about the PVC. - return nil - } - - klog.V(4).Infof("defaulting storage class for claim %s (generate: %s) to %s", pvc.Name, pvc.GenerateName, def.Name) - pvc.Spec.StorageClassName = &def.Name - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection/admission.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection/admission.go deleted file mode 100644 index 82ed1ff9cc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection/admission.go +++ /dev/null @@ -1,121 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storageobjectinuseprotection - -import ( - "context" - "io" - - "k8s.io/apiserver/pkg/admission" - "k8s.io/klog/v2" - api "k8s.io/kubernetes/pkg/apis/core" - volumeutil "k8s.io/kubernetes/pkg/volume/util" -) - -const ( - // PluginName is the name of this admission controller plugin - PluginName = "StorageObjectInUseProtection" -) - -// Register registers a plugin -func Register(plugins *admission.Plugins) { - plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - plugin := newPlugin() - return plugin, nil - }) -} - -// storageProtectionPlugin holds state for and implements the admission plugin. -type storageProtectionPlugin struct { - *admission.Handler -} - -var _ admission.Interface = &storageProtectionPlugin{} - -// newPlugin creates a new admission plugin. -func newPlugin() *storageProtectionPlugin { - return &storageProtectionPlugin{ - Handler: admission.NewHandler(admission.Create), - } -} - -var ( - pvResource = api.Resource("persistentvolumes") - pvcResource = api.Resource("persistentvolumeclaims") -) - -// Admit sets finalizer on all PVCs(PVs). The finalizer is removed by -// PVCProtectionController(PVProtectionController) when it's not referenced. -// -// This prevents users from deleting a PVC that's used by a running pod. -// This also prevents admin from deleting a PV that's bound by a PVC -func (c *storageProtectionPlugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { - switch a.GetResource().GroupResource() { - case pvResource: - return c.admitPV(a) - case pvcResource: - return c.admitPVC(a) - - default: - return nil - } -} - -func (c *storageProtectionPlugin) admitPV(a admission.Attributes) error { - if len(a.GetSubresource()) != 0 { - return nil - } - - pv, ok := a.GetObject().(*api.PersistentVolume) - // if we can't convert the obj to PV, just return - if !ok { - return nil - } - for _, f := range pv.Finalizers { - if f == volumeutil.PVProtectionFinalizer { - // Finalizer is already present, nothing to do - return nil - } - } - klog.V(4).Infof("adding PV protection finalizer to %s", pv.Name) - pv.Finalizers = append(pv.Finalizers, volumeutil.PVProtectionFinalizer) - - return nil -} - -func (c *storageProtectionPlugin) admitPVC(a admission.Attributes) error { - if len(a.GetSubresource()) != 0 { - return nil - } - - pvc, ok := a.GetObject().(*api.PersistentVolumeClaim) - // if we can't convert the obj to PVC, just return - if !ok { - return nil - } - - for _, f := range pvc.Finalizers { - if f == volumeutil.PVCProtectionFinalizer { - // Finalizer is already present, nothing to do - return nil - } - } - - klog.V(4).Infof("adding PVC protection finalizer to %s/%s", pvc.Namespace, pvc.Name) - pvc.Finalizers = append(pvc.Finalizers, volumeutil.PVCProtectionFinalizer) - return nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go deleted file mode 100644 index f3f9a98c3a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go +++ /dev/null @@ -1,151 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -/* -Package bootstrap provides a token authenticator for TLS bootstrap secrets. -*/ -package bootstrap - -import ( - "context" - "crypto/subtle" - "fmt" - "time" - - "k8s.io/klog/v2" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/pkg/authentication/user" - corev1listers "k8s.io/client-go/listers/core/v1" - bootstrapapi "k8s.io/cluster-bootstrap/token/api" - bootstrapsecretutil "k8s.io/cluster-bootstrap/util/secrets" - bootstraptokenutil "k8s.io/cluster-bootstrap/util/tokens" -) - -// TODO: A few methods in this package is copied from other sources. Either -// because the existing functionality isn't exported or because it is in a -// package that shouldn't be directly imported by this packages. - -// NewTokenAuthenticator initializes a bootstrap token authenticator. -// -// Lister is expected to be for the "kube-system" namespace. -func NewTokenAuthenticator(lister corev1listers.SecretNamespaceLister) *TokenAuthenticator { - return &TokenAuthenticator{lister} -} - -// TokenAuthenticator authenticates bootstrap tokens from secrets in the API server. -type TokenAuthenticator struct { - lister corev1listers.SecretNamespaceLister -} - -// tokenErrorf prints a error message for a secret that has matched a bearer -// token but fails to meet some other criteria. -// -// tokenErrorf(secret, "has invalid value for key %s", key) -func tokenErrorf(s *corev1.Secret, format string, i ...interface{}) { - format = fmt.Sprintf("Bootstrap secret %s/%s matching bearer token ", s.Namespace, s.Name) + format - klog.V(3).Infof(format, i...) -} - -// AuthenticateToken tries to match the provided token to a bootstrap token secret -// in a given namespace. If found, it authenticates the token in the -// "system:bootstrappers" group and with the "system:bootstrap:(token-id)" username. -// -// All secrets must be of type "bootstrap.kubernetes.io/token". An example secret: -// -// apiVersion: v1 -// kind: Secret -// metadata: -// # Name MUST be of form "bootstrap-token-( token id )". -// name: bootstrap-token-( token id ) -// namespace: kube-system -// # Only secrets of this type will be evaluated. -// type: bootstrap.kubernetes.io/token -// data: -// token-secret: ( private part of token ) -// token-id: ( token id ) -// # Required key usage. -// usage-bootstrap-authentication: true -// auth-extra-groups: "system:bootstrappers:custom-group1,system:bootstrappers:custom-group2" -// # May also contain an expiry. -// -// Tokens are expected to be of the form: -// -// ( token-id ).( token-secret ) -func (t *TokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { - tokenID, tokenSecret, err := bootstraptokenutil.ParseToken(token) - if err != nil { - // Token isn't of the correct form, ignore it. - return nil, false, nil - } - - secretName := bootstrapapi.BootstrapTokenSecretPrefix + tokenID - secret, err := t.lister.Get(secretName) - if err != nil { - if errors.IsNotFound(err) { - klog.V(3).Infof("No secret of name %s to match bootstrap bearer token", secretName) - return nil, false, nil - } - return nil, false, err - } - - if secret.DeletionTimestamp != nil { - tokenErrorf(secret, "is deleted and awaiting removal") - return nil, false, nil - } - - if string(secret.Type) != string(bootstrapapi.SecretTypeBootstrapToken) || secret.Data == nil { - tokenErrorf(secret, "has invalid type, expected %s.", bootstrapapi.SecretTypeBootstrapToken) - return nil, false, nil - } - - ts := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenSecretKey) - if subtle.ConstantTimeCompare([]byte(ts), []byte(tokenSecret)) != 1 { - tokenErrorf(secret, "has invalid value for key %s, expected %s.", bootstrapapi.BootstrapTokenSecretKey, tokenSecret) - return nil, false, nil - } - - id := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenIDKey) - if id != tokenID { - tokenErrorf(secret, "has invalid value for key %s, expected %s.", bootstrapapi.BootstrapTokenIDKey, tokenID) - return nil, false, nil - } - - if bootstrapsecretutil.HasExpired(secret, time.Now()) { - // logging done in isSecretExpired method. - return nil, false, nil - } - - if bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenUsageAuthentication) != "true" { - tokenErrorf(secret, "not marked %s=true.", bootstrapapi.BootstrapTokenUsageAuthentication) - return nil, false, nil - } - - groups, err := bootstrapsecretutil.GetGroups(secret) - if err != nil { - tokenErrorf(secret, "has invalid value for key %s: %v.", bootstrapapi.BootstrapTokenExtraGroupsKey, err) - return nil, false, nil - } - - return &authenticator.Response{ - User: &user.DefaultInfo{ - Name: bootstrapapi.BootstrapUserPrefix + string(id), - Groups: groups, - }, - }, true, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/OWNERS b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/OWNERS deleted file mode 100644 index ff6413c7fc..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - sig-auth-node-isolation-approvers -reviewers: - - sig-auth-node-isolation-reviewers -labels: - - sig/auth diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/graph.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/graph.go deleted file mode 100644 index bd5feea89f..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/graph.go +++ /dev/null @@ -1,478 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "sync" - "time" - - corev1 "k8s.io/api/core/v1" - "k8s.io/component-helpers/storage/ephemeral" - pvutil "k8s.io/kubernetes/pkg/api/v1/persistentvolume" - podutil "k8s.io/kubernetes/pkg/api/v1/pod" - "k8s.io/kubernetes/third_party/forked/gonum/graph" - "k8s.io/kubernetes/third_party/forked/gonum/graph/simple" -) - -// namedVertex implements graph.Node and remembers the type, namespace, and name of its related API object -type namedVertex struct { - name string - namespace string - id int - vertexType vertexType -} - -func newNamedVertex(vertexType vertexType, namespace, name string, id int) *namedVertex { - return &namedVertex{ - vertexType: vertexType, - name: name, - namespace: namespace, - id: id, - } -} -func (n *namedVertex) ID() int { - return n.id -} -func (n *namedVertex) String() string { - if len(n.namespace) == 0 { - return vertexTypes[n.vertexType] + ":" + n.name - } - return vertexTypes[n.vertexType] + ":" + n.namespace + "/" + n.name -} - -// destinationEdge is a graph edge that includes a denormalized reference to the final destination vertex. -// This should only be used when there is a single leaf vertex reachable from T. -type destinationEdge struct { - F graph.Node - T graph.Node - Destination graph.Node -} - -func newDestinationEdge(from, to, destination graph.Node) graph.Edge { - return &destinationEdge{F: from, T: to, Destination: destination} -} -func (e *destinationEdge) From() graph.Node { return e.F } -func (e *destinationEdge) To() graph.Node { return e.T } -func (e *destinationEdge) Weight() float64 { return 0 } -func (e *destinationEdge) DestinationID() int { return e.Destination.ID() } - -// Graph holds graph vertices and a way to look up a vertex for a particular API type/namespace/name. -// All edges point toward the vertices representing Kubernetes nodes: -// -// node <- pod -// pod <- secret,configmap,pvc -// pvc <- pv -// pv <- secret -type Graph struct { - lock sync.RWMutex - graph *simple.DirectedAcyclicGraph - // vertices is a map of type -> namespace -> name -> vertex - vertices map[vertexType]namespaceVertexMapping - - // destinationEdgeIndex is a map of vertex -> set of destination IDs - destinationEdgeIndex map[int]*intSet - // destinationEdgeThreshold is the minimum number of distinct destination IDs at which to maintain an index - destinationEdgeThreshold int -} - -// namespaceVertexMapping is a map of namespace -> name -> vertex -type namespaceVertexMapping map[string]nameVertexMapping - -// nameVertexMapping is a map of name -> vertex -type nameVertexMapping map[string]*namedVertex - -func NewGraph() *Graph { - return &Graph{ - vertices: map[vertexType]namespaceVertexMapping{}, - graph: simple.NewDirectedAcyclicGraph(0, 0), - - destinationEdgeIndex: map[int]*intSet{}, - // experimentally determined to be the point at which iteration adds an order of magnitude to the authz check. - // since maintaining indexes costs time/memory while processing graph changes, we don't want to make this too low. - destinationEdgeThreshold: 200, - } -} - -// vertexType indicates the type of the API object the vertex represents. -// represented as a byte to minimize space used in the vertices. -type vertexType byte - -const ( - configMapVertexType vertexType = iota - nodeVertexType - podVertexType - pvcVertexType - pvVertexType - secretVertexType - vaVertexType - serviceAccountVertexType -) - -var vertexTypes = map[vertexType]string{ - configMapVertexType: "configmap", - nodeVertexType: "node", - podVertexType: "pod", - pvcVertexType: "pvc", - pvVertexType: "pv", - secretVertexType: "secret", - vaVertexType: "volumeattachment", - serviceAccountVertexType: "serviceAccount", -} - -// must be called under a write lock -func (g *Graph) getOrCreateVertex_locked(vertexType vertexType, namespace, name string) *namedVertex { - if vertex, exists := g.getVertex_rlocked(vertexType, namespace, name); exists { - return vertex - } - return g.createVertex_locked(vertexType, namespace, name) -} - -// must be called under a read lock -func (g *Graph) getVertex_rlocked(vertexType vertexType, namespace, name string) (*namedVertex, bool) { - vertex, exists := g.vertices[vertexType][namespace][name] - return vertex, exists -} - -// must be called under a write lock -func (g *Graph) createVertex_locked(vertexType vertexType, namespace, name string) *namedVertex { - typedVertices, exists := g.vertices[vertexType] - if !exists { - typedVertices = namespaceVertexMapping{} - g.vertices[vertexType] = typedVertices - } - - namespacedVertices, exists := typedVertices[namespace] - if !exists { - namespacedVertices = map[string]*namedVertex{} - typedVertices[namespace] = namespacedVertices - } - - vertex := newNamedVertex(vertexType, namespace, name, g.graph.NewNodeID()) - namespacedVertices[name] = vertex - g.graph.AddNode(vertex) - - return vertex -} - -// must be called under write lock -func (g *Graph) deleteVertex_locked(vertexType vertexType, namespace, name string) { - vertex, exists := g.getVertex_rlocked(vertexType, namespace, name) - if !exists { - return - } - - // find existing neighbors with a single edge (meaning we are their only neighbor) - neighborsToRemove := []graph.Node{} - edgesToRemoveFromIndexes := []graph.Edge{} - g.graph.VisitFrom(vertex, func(neighbor graph.Node) bool { - // this downstream neighbor has only one edge (which must be from us), so remove them as well - if g.graph.Degree(neighbor) == 1 { - neighborsToRemove = append(neighborsToRemove, neighbor) - } - return true - }) - g.graph.VisitTo(vertex, func(neighbor graph.Node) bool { - if g.graph.Degree(neighbor) == 1 { - // this upstream neighbor has only one edge (which must be to us), so remove them as well - neighborsToRemove = append(neighborsToRemove, neighbor) - } else { - // decrement the destination edge index on this neighbor if the edge between us was a destination edge - edgesToRemoveFromIndexes = append(edgesToRemoveFromIndexes, g.graph.EdgeBetween(vertex, neighbor)) - } - return true - }) - - // remove the vertex - g.removeVertex_locked(vertex) - - // remove neighbors that are now edgeless - for _, neighbor := range neighborsToRemove { - g.removeVertex_locked(neighbor.(*namedVertex)) - } - - // remove edges from destination indexes for neighbors that dropped outbound edges - for _, edge := range edgesToRemoveFromIndexes { - g.removeEdgeFromDestinationIndex_locked(edge) - } -} - -// must be called under write lock -// deletes edges from a given vertex type to a specific vertex -// will delete each orphaned "from" vertex, but will never delete the "to" vertex -func (g *Graph) deleteEdges_locked(fromType, toType vertexType, toNamespace, toName string) { - // get the "to" side - toVert, exists := g.getVertex_rlocked(toType, toNamespace, toName) - if !exists { - return - } - - // delete all edges between vertices of fromType and toVert - neighborsToRemove := []*namedVertex{} - edgesToRemove := []graph.Edge{} - g.graph.VisitTo(toVert, func(from graph.Node) bool { - fromVert := from.(*namedVertex) - if fromVert.vertexType != fromType { - return true - } - // this neighbor has only one edge (which must be to us), so remove them as well - if g.graph.Degree(fromVert) == 1 { - neighborsToRemove = append(neighborsToRemove, fromVert) - } else { - edgesToRemove = append(edgesToRemove, g.graph.EdgeBetween(from, toVert)) - } - return true - }) - - // clean up orphaned verts - for _, v := range neighborsToRemove { - g.removeVertex_locked(v) - } - - // remove edges and decrement destination indexes for neighbors that dropped outbound edges - for _, edge := range edgesToRemove { - g.graph.RemoveEdge(edge) - g.removeEdgeFromDestinationIndex_locked(edge) - } -} - -// A fastpath for recomputeDestinationIndex_locked for "removing edge" case. -func (g *Graph) removeEdgeFromDestinationIndex_locked(e graph.Edge) { - n := e.From() - // don't maintain indices for nodes with few edges - edgeCount := g.graph.Degree(n) - if edgeCount < g.destinationEdgeThreshold { - delete(g.destinationEdgeIndex, n.ID()) - return - } - - // decrement the nodeID->destinationID refcount in the index, if the index exists - index := g.destinationEdgeIndex[n.ID()] - if index == nil { - return - } - if destinationEdge, ok := e.(*destinationEdge); ok { - index.decrement(destinationEdge.DestinationID()) - } -} - -// A fastpath for recomputeDestinationIndex_locked for "adding edge case". -func (g *Graph) addEdgeToDestinationIndex_locked(e graph.Edge) { - n := e.From() - index := g.destinationEdgeIndex[n.ID()] - if index == nil { - // There is no index, use the full index computation method - g.recomputeDestinationIndex_locked(n) - return - } - // fast-add the new edge to an existing index - if destinationEdge, ok := e.(*destinationEdge); ok { - index.increment(destinationEdge.DestinationID()) - } -} - -// must be called under write lock -// removeVertex_locked removes the specified vertex from the graph and from the maintained indices. -// It does nothing to indexes of neighbor vertices. -func (g *Graph) removeVertex_locked(v *namedVertex) { - g.graph.RemoveNode(v) - delete(g.destinationEdgeIndex, v.ID()) - delete(g.vertices[v.vertexType][v.namespace], v.name) - if len(g.vertices[v.vertexType][v.namespace]) == 0 { - delete(g.vertices[v.vertexType], v.namespace) - } -} - -// must be called under write lock -// recomputeDestinationIndex_locked recomputes the index of destination ids for the specified vertex -func (g *Graph) recomputeDestinationIndex_locked(n graph.Node) { - // don't maintain indices for nodes with few edges - edgeCount := g.graph.Degree(n) - if edgeCount < g.destinationEdgeThreshold { - delete(g.destinationEdgeIndex, n.ID()) - return - } - - // get or create the index - index := g.destinationEdgeIndex[n.ID()] - if index == nil { - index = newIntSet() - } else { - index.reset() - } - - // populate the index - g.graph.VisitFrom(n, func(dest graph.Node) bool { - if destinationEdge, ok := g.graph.EdgeBetween(n, dest).(*destinationEdge); ok { - index.increment(destinationEdge.DestinationID()) - } - return true - }) - g.destinationEdgeIndex[n.ID()] = index -} - -// AddPod should only be called once spec.NodeName is populated. -// It sets up edges for the following relationships (which are immutable for a pod once bound to a node): -// -// pod -> node -// -// secret -> pod -// configmap -> pod -// pvc -> pod -// svcacct -> pod -func (g *Graph) AddPod(pod *corev1.Pod) { - start := time.Now() - defer func() { - graphActionsDuration.WithLabelValues("AddPod").Observe(time.Since(start).Seconds()) - }() - g.lock.Lock() - defer g.lock.Unlock() - - g.deleteVertex_locked(podVertexType, pod.Namespace, pod.Name) - podVertex := g.getOrCreateVertex_locked(podVertexType, pod.Namespace, pod.Name) - nodeVertex := g.getOrCreateVertex_locked(nodeVertexType, "", pod.Spec.NodeName) - g.graph.SetEdge(newDestinationEdge(podVertex, nodeVertex, nodeVertex)) - - // Short-circuit adding edges to other resources for mirror pods. - // A node must never be able to create a pod that grants them permissions on other API objects. - // The NodeRestriction admission plugin prevents creation of such pods, but short-circuiting here gives us defense in depth. - if _, isMirrorPod := pod.Annotations[corev1.MirrorPodAnnotationKey]; isMirrorPod { - return - } - - // TODO(mikedanese): If the pod doesn't mount the service account secrets, - // should the node still get access to the service account? - // - // ref https://github.com/kubernetes/kubernetes/issues/58790 - if len(pod.Spec.ServiceAccountName) > 0 { - serviceAccountVertex := g.getOrCreateVertex_locked(serviceAccountVertexType, pod.Namespace, pod.Spec.ServiceAccountName) - e := newDestinationEdge(serviceAccountVertex, podVertex, nodeVertex) - g.graph.SetEdge(e) - g.addEdgeToDestinationIndex_locked(e) - } - - podutil.VisitPodSecretNames(pod, func(secret string) bool { - secretVertex := g.getOrCreateVertex_locked(secretVertexType, pod.Namespace, secret) - e := newDestinationEdge(secretVertex, podVertex, nodeVertex) - g.graph.SetEdge(e) - g.addEdgeToDestinationIndex_locked(e) - return true - }) - - podutil.VisitPodConfigmapNames(pod, func(configmap string) bool { - configmapVertex := g.getOrCreateVertex_locked(configMapVertexType, pod.Namespace, configmap) - e := newDestinationEdge(configmapVertex, podVertex, nodeVertex) - g.graph.SetEdge(e) - g.addEdgeToDestinationIndex_locked(e) - return true - }) - - for _, v := range pod.Spec.Volumes { - claimName := "" - if v.PersistentVolumeClaim != nil { - claimName = v.PersistentVolumeClaim.ClaimName - } else if v.Ephemeral != nil { - claimName = ephemeral.VolumeClaimName(pod, &v) - } - if claimName != "" { - pvcVertex := g.getOrCreateVertex_locked(pvcVertexType, pod.Namespace, claimName) - e := newDestinationEdge(pvcVertex, podVertex, nodeVertex) - g.graph.SetEdge(e) - g.addEdgeToDestinationIndex_locked(e) - } - } -} -func (g *Graph) DeletePod(name, namespace string) { - start := time.Now() - defer func() { - graphActionsDuration.WithLabelValues("DeletePod").Observe(time.Since(start).Seconds()) - }() - g.lock.Lock() - defer g.lock.Unlock() - g.deleteVertex_locked(podVertexType, namespace, name) -} - -// AddPV sets up edges for the following relationships: -// -// secret -> pv -// -// pv -> pvc -func (g *Graph) AddPV(pv *corev1.PersistentVolume) { - start := time.Now() - defer func() { - graphActionsDuration.WithLabelValues("AddPV").Observe(time.Since(start).Seconds()) - }() - g.lock.Lock() - defer g.lock.Unlock() - - // clear existing edges - g.deleteVertex_locked(pvVertexType, "", pv.Name) - - // if we have a pvc, establish new edges - if pv.Spec.ClaimRef != nil { - pvVertex := g.getOrCreateVertex_locked(pvVertexType, "", pv.Name) - - // since we don't know the other end of the pvc -> pod -> node chain (or it may not even exist yet), we can't decorate these edges with kubernetes node info - g.graph.SetEdge(simple.Edge{F: pvVertex, T: g.getOrCreateVertex_locked(pvcVertexType, pv.Spec.ClaimRef.Namespace, pv.Spec.ClaimRef.Name)}) - pvutil.VisitPVSecretNames(pv, func(namespace, secret string, kubeletVisible bool) bool { - // This grants access to the named secret in the same namespace as the bound PVC - if kubeletVisible { - g.graph.SetEdge(simple.Edge{F: g.getOrCreateVertex_locked(secretVertexType, namespace, secret), T: pvVertex}) - } - return true - }) - } -} -func (g *Graph) DeletePV(name string) { - start := time.Now() - defer func() { - graphActionsDuration.WithLabelValues("DeletePV").Observe(time.Since(start).Seconds()) - }() - g.lock.Lock() - defer g.lock.Unlock() - g.deleteVertex_locked(pvVertexType, "", name) -} - -// AddVolumeAttachment sets up edges for the following relationships: -// -// volume attachment -> node -func (g *Graph) AddVolumeAttachment(attachmentName, nodeName string) { - start := time.Now() - defer func() { - graphActionsDuration.WithLabelValues("AddVolumeAttachment").Observe(time.Since(start).Seconds()) - }() - g.lock.Lock() - defer g.lock.Unlock() - - // clear existing edges - g.deleteVertex_locked(vaVertexType, "", attachmentName) - - // if we have a node, establish new edges - if len(nodeName) > 0 { - vaVertex := g.getOrCreateVertex_locked(vaVertexType, "", attachmentName) - nodeVertex := g.getOrCreateVertex_locked(nodeVertexType, "", nodeName) - g.graph.SetEdge(newDestinationEdge(vaVertex, nodeVertex, nodeVertex)) - } -} -func (g *Graph) DeleteVolumeAttachment(name string) { - start := time.Now() - defer func() { - graphActionsDuration.WithLabelValues("DeleteVolumeAttachment").Observe(time.Since(start).Seconds()) - }() - g.lock.Lock() - defer g.lock.Unlock() - g.deleteVertex_locked(vaVertexType, "", name) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/graph_populator.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/graph_populator.go deleted file mode 100644 index 1eec6afb42..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/graph_populator.go +++ /dev/null @@ -1,166 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "time" - - "k8s.io/klog/v2" - - corev1 "k8s.io/api/core/v1" - storagev1 "k8s.io/api/storage/v1" - "k8s.io/apimachinery/pkg/util/wait" - corev1informers "k8s.io/client-go/informers/core/v1" - storageinformers "k8s.io/client-go/informers/storage/v1" - "k8s.io/client-go/tools/cache" -) - -type graphPopulator struct { - graph *Graph -} - -func AddGraphEventHandlers( - graph *Graph, - nodes corev1informers.NodeInformer, - pods corev1informers.PodInformer, - pvs corev1informers.PersistentVolumeInformer, - attachments storageinformers.VolumeAttachmentInformer, -) { - g := &graphPopulator{ - graph: graph, - } - - var hasSynced []cache.InformerSynced - - pods.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: g.addPod, - UpdateFunc: g.updatePod, - DeleteFunc: g.deletePod, - }) - hasSynced = append(hasSynced, pods.Informer().HasSynced) - - pvs.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: g.addPV, - UpdateFunc: g.updatePV, - DeleteFunc: g.deletePV, - }) - hasSynced = append(hasSynced, pvs.Informer().HasSynced) - - attachments.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: g.addVolumeAttachment, - UpdateFunc: g.updateVolumeAttachment, - DeleteFunc: g.deleteVolumeAttachment, - }) - hasSynced = append(hasSynced, attachments.Informer().HasSynced) - - go cache.WaitForNamedCacheSync("node_authorizer", wait.NeverStop, hasSynced...) -} - -func (g *graphPopulator) addPod(obj interface{}) { - g.updatePod(nil, obj) -} - -func (g *graphPopulator) updatePod(oldObj, obj interface{}) { - pod := obj.(*corev1.Pod) - if len(pod.Spec.NodeName) == 0 { - // No node assigned - klog.V(5).Infof("updatePod %s/%s, no node", pod.Namespace, pod.Name) - return - } - if oldPod, ok := oldObj.(*corev1.Pod); ok && oldPod != nil { - if (pod.Spec.NodeName == oldPod.Spec.NodeName) && (pod.UID == oldPod.UID) { - // Node and uid are unchanged, all object references in the pod spec are immutable - klog.V(5).Infof("updatePod %s/%s, node unchanged", pod.Namespace, pod.Name) - return - } - } - - klog.V(4).Infof("updatePod %s/%s for node %s", pod.Namespace, pod.Name, pod.Spec.NodeName) - startTime := time.Now() - g.graph.AddPod(pod) - klog.V(5).Infof("updatePod %s/%s for node %s completed in %v", pod.Namespace, pod.Name, pod.Spec.NodeName, time.Since(startTime)) -} - -func (g *graphPopulator) deletePod(obj interface{}) { - if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok { - obj = tombstone.Obj - } - pod, ok := obj.(*corev1.Pod) - if !ok { - klog.Infof("unexpected type %T", obj) - return - } - if len(pod.Spec.NodeName) == 0 { - klog.V(5).Infof("deletePod %s/%s, no node", pod.Namespace, pod.Name) - return - } - - klog.V(4).Infof("deletePod %s/%s for node %s", pod.Namespace, pod.Name, pod.Spec.NodeName) - startTime := time.Now() - g.graph.DeletePod(pod.Name, pod.Namespace) - klog.V(5).Infof("deletePod %s/%s for node %s completed in %v", pod.Namespace, pod.Name, pod.Spec.NodeName, time.Since(startTime)) -} - -func (g *graphPopulator) addPV(obj interface{}) { - g.updatePV(nil, obj) -} - -func (g *graphPopulator) updatePV(oldObj, obj interface{}) { - pv := obj.(*corev1.PersistentVolume) - // TODO: skip add if uid, pvc, and secrets are all identical between old and new - g.graph.AddPV(pv) -} - -func (g *graphPopulator) deletePV(obj interface{}) { - if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok { - obj = tombstone.Obj - } - pv, ok := obj.(*corev1.PersistentVolume) - if !ok { - klog.Infof("unexpected type %T", obj) - return - } - g.graph.DeletePV(pv.Name) -} - -func (g *graphPopulator) addVolumeAttachment(obj interface{}) { - g.updateVolumeAttachment(nil, obj) -} - -func (g *graphPopulator) updateVolumeAttachment(oldObj, obj interface{}) { - attachment := obj.(*storagev1.VolumeAttachment) - if oldObj != nil { - // skip add if node name is identical - oldAttachment := oldObj.(*storagev1.VolumeAttachment) - if oldAttachment.Spec.NodeName == attachment.Spec.NodeName { - return - } - } - g.graph.AddVolumeAttachment(attachment.Name, attachment.Spec.NodeName) -} - -func (g *graphPopulator) deleteVolumeAttachment(obj interface{}) { - if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok { - obj = tombstone.Obj - } - attachment, ok := obj.(*storagev1.VolumeAttachment) - if !ok { - klog.Infof("unexpected type %T", obj) - return - } - g.graph.DeleteVolumeAttachment(attachment.Name) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/intset.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/intset.go deleted file mode 100644 index 57b2305da6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/intset.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -// intSet maintains a map of id to refcounts -type intSet struct { - // members is a map of id to refcounts - members map[int]int -} - -func newIntSet() *intSet { - return &intSet{members: map[int]int{}} -} - -// has returns true if the specified id has a positive refcount. -// it is safe to call concurrently, but must not be called concurrently with any of the other methods. -func (s *intSet) has(i int) bool { - if s == nil { - return false - } - return s.members[i] > 0 -} - -// reset removes all ids, effectively setting their refcounts to 0. -// it is not thread-safe. -func (s *intSet) reset() { - for k := range s.members { - delete(s.members, k) - } -} - -// increment adds one to the refcount of the specified id. -// it is not thread-safe. -func (s *intSet) increment(i int) { - s.members[i]++ -} - -// decrement removes one from the refcount of the specified id, -// and removes the id if the resulting refcount is <= 0. -// it will not track refcounts lower than zero. -// it is not thread-safe. -func (s *intSet) decrement(i int) { - if s.members[i] <= 1 { - delete(s.members, i) - } else { - s.members[i]-- - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/metrics.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/metrics.go deleted file mode 100644 index 5fbf347f64..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/metrics.go +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "sync" - - "k8s.io/component-base/metrics" - "k8s.io/component-base/metrics/legacyregistry" -) - -const nodeAuthorizerSubsystem = "node_authorizer" - -var ( - graphActionsDuration = metrics.NewHistogramVec( - &metrics.HistogramOpts{ - Subsystem: nodeAuthorizerSubsystem, - Name: "graph_actions_duration_seconds", - Help: "Histogram of duration of graph actions in node authorizer.", - StabilityLevel: metrics.ALPHA, - // Start with 0.1ms with the last bucket being [~200ms, Inf) - Buckets: metrics.ExponentialBuckets(0.0001, 2, 12), - }, - []string{"operation"}, - ) -) - -var registerMetrics sync.Once - -// RegisterMetrics registers metrics for node package. -func RegisterMetrics() { - registerMetrics.Do(func() { - legacyregistry.MustRegister(graphActionsDuration) - }) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/node_authorizer.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/node_authorizer.go deleted file mode 100644 index f3a5ab4339..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/node/node_authorizer.go +++ /dev/null @@ -1,339 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package node - -import ( - "context" - "fmt" - - "k8s.io/klog/v2" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/component-base/featuregate" - coordapi "k8s.io/kubernetes/pkg/apis/coordination" - api "k8s.io/kubernetes/pkg/apis/core" - storageapi "k8s.io/kubernetes/pkg/apis/storage" - "k8s.io/kubernetes/pkg/auth/nodeidentifier" - "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac" - "k8s.io/kubernetes/third_party/forked/gonum/graph" - "k8s.io/kubernetes/third_party/forked/gonum/graph/traverse" -) - -// NodeAuthorizer authorizes requests from kubelets, with the following logic: -// 1. If a request is not from a node (NodeIdentity() returns isNode=false), reject -// 2. If a specific node cannot be identified (NodeIdentity() returns nodeName=""), reject -// 3. If a request is for a secret, configmap, persistent volume or persistent volume claim, reject unless the verb is get, and the requested object is related to the requesting node: -// node <- configmap -// node <- pod -// node <- pod <- secret -// node <- pod <- configmap -// node <- pod <- pvc -// node <- pod <- pvc <- pv -// node <- pod <- pvc <- pv <- secret -// 4. For other resources, authorize all nodes uniformly using statically defined rules -type NodeAuthorizer struct { - graph *Graph - identifier nodeidentifier.NodeIdentifier - nodeRules []rbacv1.PolicyRule - - // allows overriding for testing - features featuregate.FeatureGate -} - -var _ = authorizer.Authorizer(&NodeAuthorizer{}) -var _ = authorizer.RuleResolver(&NodeAuthorizer{}) - -// NewAuthorizer returns a new node authorizer -func NewAuthorizer(graph *Graph, identifier nodeidentifier.NodeIdentifier, rules []rbacv1.PolicyRule) *NodeAuthorizer { - return &NodeAuthorizer{ - graph: graph, - identifier: identifier, - nodeRules: rules, - features: utilfeature.DefaultFeatureGate, - } -} - -var ( - configMapResource = api.Resource("configmaps") - secretResource = api.Resource("secrets") - pvcResource = api.Resource("persistentvolumeclaims") - pvResource = api.Resource("persistentvolumes") - vaResource = storageapi.Resource("volumeattachments") - svcAcctResource = api.Resource("serviceaccounts") - leaseResource = coordapi.Resource("leases") - csiNodeResource = storageapi.Resource("csinodes") -) - -func (r *NodeAuthorizer) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { - if _, isNode := r.identifier.NodeIdentity(user); isNode { - // indicate nodes do not have fully enumerated permissions - return nil, nil, true, fmt.Errorf("node authorizer does not support user rule resolution") - } - return nil, nil, false, nil -} - -func (r *NodeAuthorizer) Authorize(ctx context.Context, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - nodeName, isNode := r.identifier.NodeIdentity(attrs.GetUser()) - if !isNode { - // reject requests from non-nodes - return authorizer.DecisionNoOpinion, "", nil - } - if len(nodeName) == 0 { - // reject requests from unidentifiable nodes - klog.V(2).Infof("NODE DENY: unknown node for user %q", attrs.GetUser().GetName()) - return authorizer.DecisionNoOpinion, fmt.Sprintf("unknown node for user %q", attrs.GetUser().GetName()), nil - } - - // subdivide access to specific resources - if attrs.IsResourceRequest() { - requestResource := schema.GroupResource{Group: attrs.GetAPIGroup(), Resource: attrs.GetResource()} - switch requestResource { - case secretResource: - return r.authorizeReadNamespacedObject(nodeName, secretVertexType, attrs) - case configMapResource: - return r.authorizeReadNamespacedObject(nodeName, configMapVertexType, attrs) - case pvcResource: - if attrs.GetSubresource() == "status" { - return r.authorizeStatusUpdate(nodeName, pvcVertexType, attrs) - } - return r.authorizeGet(nodeName, pvcVertexType, attrs) - case pvResource: - return r.authorizeGet(nodeName, pvVertexType, attrs) - case vaResource: - return r.authorizeGet(nodeName, vaVertexType, attrs) - case svcAcctResource: - return r.authorizeCreateToken(nodeName, serviceAccountVertexType, attrs) - case leaseResource: - return r.authorizeLease(nodeName, attrs) - case csiNodeResource: - return r.authorizeCSINode(nodeName, attrs) - } - - } - - // Access to other resources is not subdivided, so just evaluate against the statically defined node rules - if rbac.RulesAllow(attrs, r.nodeRules...) { - return authorizer.DecisionAllow, "", nil - } - return authorizer.DecisionNoOpinion, "", nil -} - -// authorizeStatusUpdate authorizes get/update/patch requests to status subresources of the specified type if they are related to the specified node -func (r *NodeAuthorizer) authorizeStatusUpdate(nodeName string, startingType vertexType, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - switch attrs.GetVerb() { - case "update", "patch": - // ok - default: - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only get/update/patch this type", nil - } - - if attrs.GetSubresource() != "status" { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only update status subresource", nil - } - - return r.authorize(nodeName, startingType, attrs) -} - -// authorizeGet authorizes "get" requests to objects of the specified type if they are related to the specified node -func (r *NodeAuthorizer) authorizeGet(nodeName string, startingType vertexType, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - if attrs.GetVerb() != "get" { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only get individual resources of this type", nil - } - if len(attrs.GetSubresource()) > 0 { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "cannot get subresource", nil - } - return r.authorize(nodeName, startingType, attrs) -} - -// authorizeReadNamespacedObject authorizes "get", "list" and "watch" requests to single objects of a -// specified types if they are related to the specified node. -func (r *NodeAuthorizer) authorizeReadNamespacedObject(nodeName string, startingType vertexType, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - switch attrs.GetVerb() { - case "get", "list", "watch": - //ok - default: - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only read resources of this type", nil - } - - if len(attrs.GetSubresource()) > 0 { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "cannot read subresource", nil - } - if len(attrs.GetNamespace()) == 0 { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only read namespaced object of this type", nil - } - return r.authorize(nodeName, startingType, attrs) -} - -func (r *NodeAuthorizer) authorize(nodeName string, startingType vertexType, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - if len(attrs.GetName()) == 0 { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "No Object name found", nil - } - - ok, err := r.hasPathFrom(nodeName, startingType, attrs.GetNamespace(), attrs.GetName()) - if err != nil { - klog.V(2).InfoS("NODE DENY", "err", err) - return authorizer.DecisionNoOpinion, fmt.Sprintf("no relationship found between node '%s' and this object", nodeName), nil - } - if !ok { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, fmt.Sprintf("no relationship found between node '%s' and this object", nodeName), nil - } - return authorizer.DecisionAllow, "", nil -} - -// authorizeCreateToken authorizes "create" requests to serviceaccounts 'token' -// subresource of pods running on a node -func (r *NodeAuthorizer) authorizeCreateToken(nodeName string, startingType vertexType, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - if attrs.GetVerb() != "create" || len(attrs.GetName()) == 0 { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only create tokens for individual service accounts", nil - } - - if attrs.GetSubresource() != "token" { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only create token subresource of serviceaccount", nil - } - - ok, err := r.hasPathFrom(nodeName, startingType, attrs.GetNamespace(), attrs.GetName()) - if err != nil { - klog.V(2).Infof("NODE DENY: %v", err) - return authorizer.DecisionNoOpinion, fmt.Sprintf("no relationship found between node '%s' and this object", nodeName), nil - } - if !ok { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, fmt.Sprintf("no relationship found between node '%s' and this object", nodeName), nil - } - return authorizer.DecisionAllow, "", nil -} - -// authorizeLease authorizes node requests to coordination.k8s.io/leases. -func (r *NodeAuthorizer) authorizeLease(nodeName string, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - // allowed verbs: get, create, update, patch, delete - verb := attrs.GetVerb() - switch verb { - case "get", "create", "update", "patch", "delete": - //ok - default: - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only get, create, update, patch, or delete a node lease", nil - } - - // the request must be against the system namespace reserved for node leases - if attrs.GetNamespace() != api.NamespaceNodeLease { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, fmt.Sprintf("can only access leases in the %q system namespace", api.NamespaceNodeLease), nil - } - - // the request must come from a node with the same name as the lease - // note we skip this check for create, since the authorizer doesn't know the name on create - // the noderestriction admission plugin is capable of performing this check at create time - if verb != "create" && attrs.GetName() != nodeName { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only access node lease with the same name as the requesting node", nil - } - - return authorizer.DecisionAllow, "", nil -} - -// authorizeCSINode authorizes node requests to CSINode storage.k8s.io/csinodes -func (r *NodeAuthorizer) authorizeCSINode(nodeName string, attrs authorizer.Attributes) (authorizer.Decision, string, error) { - // allowed verbs: get, create, update, patch, delete - verb := attrs.GetVerb() - switch verb { - case "get", "create", "update", "patch", "delete": - //ok - default: - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only get, create, update, patch, or delete a CSINode", nil - } - - if len(attrs.GetSubresource()) > 0 { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "cannot authorize CSINode subresources", nil - } - - // the request must come from a node with the same name as the CSINode - // note we skip this check for create, since the authorizer doesn't know the name on create - // the noderestriction admission plugin is capable of performing this check at create time - if verb != "create" && attrs.GetName() != nodeName { - klog.V(2).Infof("NODE DENY: '%s' %#v", nodeName, attrs) - return authorizer.DecisionNoOpinion, "can only access CSINode with the same name as the requesting node", nil - } - - return authorizer.DecisionAllow, "", nil -} - -// hasPathFrom returns true if there is a directed path from the specified type/namespace/name to the specified Node -func (r *NodeAuthorizer) hasPathFrom(nodeName string, startingType vertexType, startingNamespace, startingName string) (bool, error) { - r.graph.lock.RLock() - defer r.graph.lock.RUnlock() - - nodeVertex, exists := r.graph.getVertex_rlocked(nodeVertexType, "", nodeName) - if !exists { - return false, fmt.Errorf("unknown node '%s' cannot get %s %s/%s", nodeName, vertexTypes[startingType], startingNamespace, startingName) - } - - startingVertex, exists := r.graph.getVertex_rlocked(startingType, startingNamespace, startingName) - if !exists { - return false, fmt.Errorf("node '%s' cannot get unknown %s %s/%s", nodeName, vertexTypes[startingType], startingNamespace, startingName) - } - - // Fast check to see if we know of a destination edge - if r.graph.destinationEdgeIndex[startingVertex.ID()].has(nodeVertex.ID()) { - return true, nil - } - - found := false - traversal := &traverse.VisitingDepthFirst{ - EdgeFilter: func(edge graph.Edge) bool { - if destinationEdge, ok := edge.(*destinationEdge); ok { - if destinationEdge.DestinationID() != nodeVertex.ID() { - // Don't follow edges leading to other nodes - return false - } - // We found an edge leading to the node we want - found = true - } - // Visit this edge - return true - }, - } - traversal.Walk(r.graph.graph, startingVertex, func(n graph.Node) bool { - if n.ID() == nodeVertex.ID() { - // We found the node we want - found = true - } - // Stop visiting if we've found the node we want - return found - }) - if !found { - return false, fmt.Errorf("node '%s' cannot get %s %s/%s, no relationship to this object was found in the node authorizer graph", nodeName, vertexTypes[startingType], startingNamespace, startingName) - } - return true, nil -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go deleted file mode 100644 index cbae6c311a..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go +++ /dev/null @@ -1,471 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bootstrappolicy - -import ( - "strings" - - "k8s.io/klog/v2" - - capi "k8s.io/api/certificates/v1beta1" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - genericfeatures "k8s.io/apiserver/pkg/features" - utilfeature "k8s.io/apiserver/pkg/util/feature" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" - "k8s.io/kubernetes/pkg/features" -) - -const saRolePrefix = "system:controller:" - -func addControllerRole(controllerRoles *[]rbacv1.ClusterRole, controllerRoleBindings *[]rbacv1.ClusterRoleBinding, role rbacv1.ClusterRole) { - if !strings.HasPrefix(role.Name, saRolePrefix) { - klog.Fatalf(`role %q must start with %q`, role.Name, saRolePrefix) - } - - for _, existingRole := range *controllerRoles { - if role.Name == existingRole.Name { - klog.Fatalf("role %q was already registered", role.Name) - } - } - - *controllerRoles = append(*controllerRoles, role) - addClusterRoleLabel(*controllerRoles) - - *controllerRoleBindings = append(*controllerRoleBindings, - rbacv1helpers.NewClusterBinding(role.Name).SAs("kube-system", role.Name[len(saRolePrefix):]).BindingOrDie()) - addClusterRoleBindingLabel(*controllerRoleBindings) -} - -func eventsRule() rbacv1.PolicyRule { - return rbacv1helpers.NewRule("create", "update", "patch").Groups(legacyGroup, eventsGroup).Resources("events").RuleOrDie() -} - -func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding) { - // controllerRoles is a slice of roles used for controllers - controllerRoles := []rbacv1.ClusterRole{} - // controllerRoleBindings is a slice of roles used for controllers - controllerRoleBindings := []rbacv1.ClusterRoleBinding{} - - addControllerRole(&controllerRoles, &controllerRoleBindings, func() rbacv1.ClusterRole { - role := rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "attachdetach-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("persistentvolumes", "persistentvolumeclaims").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("patch", "update").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("pods").RuleOrDie(), - eventsRule(), - rbacv1helpers.NewRule("get", "create", "delete", "list", "watch").Groups(storageGroup).Resources("volumeattachments").RuleOrDie(), - }, - } - - role.Rules = append(role.Rules, rbacv1helpers.NewRule("get", "watch", "list").Groups("storage.k8s.io").Resources("csidrivers").RuleOrDie()) - role.Rules = append(role.Rules, rbacv1helpers.NewRule("get", "watch", "list").Groups("storage.k8s.io").Resources("csinodes").RuleOrDie()) - - return role - }()) - - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "clusterrole-aggregation-controller"}, - Rules: []rbacv1.PolicyRule{ - // this controller must have full permissions on clusterroles to allow it to mutate them in any way - rbacv1helpers.NewRule("escalate", "get", "list", "watch", "update", "patch").Groups(rbacGroup).Resources("clusterroles").RuleOrDie(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "cronjob-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(batchGroup).Resources("cronjobs").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "create", "update", "delete", "patch").Groups(batchGroup).Resources("jobs").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(batchGroup).Resources("cronjobs/status").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(batchGroup).Resources("cronjobs/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("list", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "daemon-set-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(extensionsGroup, appsGroup).Resources("daemonsets").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(extensionsGroup, appsGroup).Resources("daemonsets/status").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(extensionsGroup, appsGroup).Resources("daemonsets/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch", "create", "delete", "patch").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("pods/binding").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "create", "delete", "update", "patch").Groups(appsGroup).Resources("controllerrevisions").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "deployment-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(extensionsGroup, appsGroup).Resources("deployments").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(extensionsGroup, appsGroup).Resources("deployments/status").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(extensionsGroup, appsGroup).Resources("deployments/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "create", "update", "patch", "delete").Groups(appsGroup, extensionsGroup).Resources("replicasets").RuleOrDie(), - // TODO: remove "update" once - // https://github.com/kubernetes/kubernetes/issues/36897 is resolved. - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(legacyGroup).Resources("pods").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, func() rbacv1.ClusterRole { - role := rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "disruption-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(extensionsGroup, appsGroup).Resources("deployments").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(appsGroup, extensionsGroup).Resources("replicasets").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("replicationcontrollers").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(appsGroup).Resources("statefulsets").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(policyGroup).Resources("poddisruptionbudgets/status").RuleOrDie(), - rbacv1helpers.NewRule("get").Groups("*").Resources("*/scale").RuleOrDie(), - eventsRule(), - }, - } - if utilfeature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { - role.Rules = append(role.Rules, rbacv1helpers.NewRule("patch").Groups(legacyGroup).Resources("pods/status").RuleOrDie()) - } - return role - }()) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "endpoint-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("services", "pods").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "create", "update", "delete").Groups(legacyGroup).Resources("endpoints").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("endpoints/restricted").RuleOrDie(), - eventsRule(), - }, - }) - - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "endpointslice-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("services", "pods", "nodes").RuleOrDie(), - // The controller needs to be able to set a service's finalizers to be able to create an EndpointSlice - // resource that is owned by the service and sets blockOwnerDeletion=true in its ownerRef. - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("services/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "create", "update", "delete").Groups(discoveryGroup).Resources("endpointslices").RuleOrDie(), - eventsRule(), - }, - }) - - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "endpointslicemirroring-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(), - // The controller needs to be able to set a service's finalizers to be able to create an EndpointSlice - // resource that is owned by the service and sets blockOwnerDeletion=true in its ownerRef. - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("services/finalizers").RuleOrDie(), - // The controller needs to be able to set a service's finalizers to be able to create an EndpointSlice - // resource that is owned by the endpoint and sets blockOwnerDeletion=true in its ownerRef. - // see https://github.com/openshift/kubernetes/blob/8691466059314c3f7d6dcffcbb76d14596ca716c/pkg/controller/endpointslicemirroring/utils.go#L87-L88 - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("endpoints/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "create", "update", "delete").Groups(discoveryGroup).Resources("endpointslices").RuleOrDie(), - eventsRule(), - }, - }) - - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "expand-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update", "patch").Groups(legacyGroup).Resources("persistentvolumes").RuleOrDie(), - rbacv1helpers.NewRule("update", "patch").Groups(legacyGroup).Resources("persistentvolumeclaims/status").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie(), - // glusterfs - rbacv1helpers.NewRule("get", "list", "watch").Groups(storageGroup).Resources("storageclasses").RuleOrDie(), - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(), - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("secrets").RuleOrDie(), - eventsRule(), - }, - }) - - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "ephemeral-volume-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("pods/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "create").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie(), - eventsRule(), - }, - }) - - if utilfeature.DefaultFeatureGate.Enabled(features.DynamicResourceAllocation) { - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "resource-claim-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("pods/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "create").Groups(resourceGroup).Resources("resourceclaims").RuleOrDie(), - rbacv1helpers.NewRule("update", "patch").Groups(resourceGroup).Resources("resourceclaims/status").RuleOrDie(), - eventsRule(), - }, - }) - } - - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "generic-garbage-collector"}, - Rules: []rbacv1.PolicyRule{ - // the GC controller needs to run list/watches, selective gets, and updates against any resource - rbacv1helpers.NewRule("get", "list", "watch", "patch", "update", "delete").Groups("*").Resources("*").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "horizontal-pod-autoscaler"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(autoscalingGroup).Resources("horizontalpodautoscalers").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(autoscalingGroup).Resources("horizontalpodautoscalers/status").RuleOrDie(), - rbacv1helpers.NewRule("get", "update").Groups("*").Resources("*/scale").RuleOrDie(), - rbacv1helpers.NewRule("list").Groups(legacyGroup).Resources("pods").RuleOrDie(), - // TODO: restrict this to the appropriate namespace - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("services/proxy").Names("https:heapster:", "http:heapster:").RuleOrDie(), - // allow listing resource, custom, and external metrics - rbacv1helpers.NewRule("list").Groups(resMetricsGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("get", "list").Groups(customMetricsGroup).Resources("*").RuleOrDie(), - rbacv1helpers.NewRule("get", "list").Groups(externalMetricsGroup).Resources("*").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "job-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update", "patch").Groups(batchGroup).Resources("jobs").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(batchGroup).Resources("jobs/status").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(batchGroup).Resources("jobs/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch", "create", "delete", "patch").Groups(legacyGroup).Resources("pods").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "namespace-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "delete").Groups(legacyGroup).Resources("namespaces").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("namespaces/finalize", "namespaces/status").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "delete", "deletecollection").Groups("*").Resources("*").RuleOrDie(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, func() rbacv1.ClusterRole { - role := rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "node-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "update", "delete", "patch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("patch", "update").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(), - // used for pod deletion - rbacv1helpers.NewRule("patch", "update").Groups(legacyGroup).Resources("pods/status").RuleOrDie(), - rbacv1helpers.NewRule("list", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "create", "update").Groups(networkingGroup).Resources("clustercidrs").RuleOrDie(), - eventsRule(), - }, - } - if utilfeature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { - role.Rules = append(role.Rules, rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("pods").RuleOrDie()) - } - return role - }()) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "persistent-volume-binder"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update", "create", "delete").Groups(legacyGroup).Resources("persistentvolumes").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("persistentvolumes/status").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("persistentvolumeclaims/status").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch", "get", "create", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - - // glusterfs - rbacv1helpers.NewRule("get", "list", "watch").Groups(storageGroup).Resources("storageclasses").RuleOrDie(), - rbacv1helpers.NewRule("get", "create", "update", "delete").Groups(legacyGroup).Resources("endpoints").RuleOrDie(), - rbacv1helpers.NewRule("get", "create", "delete").Groups(legacyGroup).Resources("services").RuleOrDie(), - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("secrets").RuleOrDie(), - // openstack - rbacv1helpers.NewRule("get", "list").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - - // recyclerClient.WatchPod - rbacv1helpers.NewRule("watch").Groups(legacyGroup).Resources("events").RuleOrDie(), - - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, func() rbacv1.ClusterRole { - role := rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "pod-garbage-collector"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("list", "watch", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("get", "list").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - }, - } - if utilfeature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { - role.Rules = append(role.Rules, rbacv1helpers.NewRule("patch").Groups(legacyGroup).Resources("pods/status").RuleOrDie()) - } - return role - }()) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "replicaset-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(appsGroup, extensionsGroup).Resources("replicasets").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(appsGroup, extensionsGroup).Resources("replicasets/status").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(appsGroup, extensionsGroup).Resources("replicasets/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch", "patch", "create", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "replication-controller"}, - Rules: []rbacv1.PolicyRule{ - // 1.0 controllers needed get, update, so without these old controllers break on new servers - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(legacyGroup).Resources("replicationcontrollers").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("replicationcontrollers/status").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("replicationcontrollers/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch", "patch", "create", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "resourcequota-controller"}, - Rules: []rbacv1.PolicyRule{ - // quota can count quota on anything for reconciliation, so it needs full viewing powers - rbacv1helpers.NewRule("list", "watch").Groups("*").Resources("*").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("resourcequotas/status").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "route-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("patch").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "service-account-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "service-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("services").RuleOrDie(), - rbacv1helpers.NewRule("patch", "update").Groups(legacyGroup).Resources("services/status").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, func() rbacv1.ClusterRole { - role := rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "statefulset-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(appsGroup).Resources("statefulsets").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(appsGroup).Resources("statefulsets/status").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(appsGroup).Resources("statefulsets/finalizers").RuleOrDie(), - rbacv1helpers.NewRule("get", "create", "delete", "update", "patch").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("get", "create", "delete", "update", "patch", "list", "watch").Groups(appsGroup).Resources("controllerrevisions").RuleOrDie(), - rbacv1helpers.NewRule("get", "create").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie(), - eventsRule(), - }, - } - - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoDeletePVC) { - role.Rules = append(role.Rules, rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie()) - } - - return role - }()) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "ttl-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("update", "patch", "list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "certificate-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "delete").Groups(certificatesGroup).Resources("certificatesigningrequests").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(certificatesGroup).Resources("certificatesigningrequests/status", "certificatesigningrequests/approval").RuleOrDie(), - rbacv1helpers.NewRule("approve").Groups(certificatesGroup).Resources("signers").Names(capi.KubeAPIServerClientKubeletSignerName).RuleOrDie(), - rbacv1helpers.NewRule("sign").Groups(certificatesGroup).Resources("signers").Names( - capi.LegacyUnknownSignerName, - capi.KubeAPIServerClientSignerName, - capi.KubeAPIServerClientKubeletSignerName, - capi.KubeletServingSignerName, - ).RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(authorizationGroup).Resources("subjectaccessreviews").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "pvc-protection-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie(), - rbacv1helpers.NewRule("list", "watch", "get").Groups(legacyGroup).Resources("pods").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "pv-protection-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(legacyGroup).Resources("persistentvolumes").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "ttl-after-finished-controller"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "delete").Groups(batchGroup).Resources("jobs").RuleOrDie(), - eventsRule(), - }, - }) - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "root-ca-cert-publisher"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("create", "update").Groups(legacyGroup).Resources("configmaps").RuleOrDie(), - eventsRule(), - }, - }) - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StorageVersionAPI) && - utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerIdentity) { - addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "storage-version-garbage-collector"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(coordinationGroup).Resources("leases").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "patch", "update", "delete").Groups(internalAPIServerGroup). - Resources("storageversions").RuleOrDie(), - rbacv1helpers.NewRule("get", "patch", "update").Groups(internalAPIServerGroup). - Resources("storageversions/status").RuleOrDie(), - }, - }) - } - - return controllerRoles, controllerRoleBindings -} - -// ControllerRoles returns the cluster roles used by controllers -func ControllerRoles() []rbacv1.ClusterRole { - controllerRoles, _ := buildControllerRoles() - return controllerRoles -} - -// ControllerRoleBindings returns the role bindings used by controllers -func ControllerRoleBindings() []rbacv1.ClusterRoleBinding { - _, controllerRoleBindings := buildControllerRoles() - return controllerRoleBindings -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/namespace_policy.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/namespace_policy.go deleted file mode 100644 index 745b498ad7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/namespace_policy.go +++ /dev/null @@ -1,162 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bootstrappolicy - -import ( - "strings" - - "k8s.io/klog/v2" - - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apiserver/pkg/authentication/user" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" -) - -var ( - // namespaceRoles is a map of namespace to slice of roles to create - namespaceRoles = map[string][]rbacv1.Role{} - - // namespaceRoleBindings is a map of namespace to slice of roleBindings to create - namespaceRoleBindings = map[string][]rbacv1.RoleBinding{} -) - -func addNamespaceRole(namespace string, role rbacv1.Role) { - if !strings.HasPrefix(namespace, "kube-") { - klog.Fatalf(`roles can only be bootstrapped into reserved namespaces starting with "kube-", not %q`, namespace) - } - - existingRoles := namespaceRoles[namespace] - for _, existingRole := range existingRoles { - if role.Name == existingRole.Name { - klog.Fatalf("role %q was already registered in %q", role.Name, namespace) - } - } - - role.Namespace = namespace - addDefaultMetadata(&role) - existingRoles = append(existingRoles, role) - namespaceRoles[namespace] = existingRoles -} - -func addNamespaceRoleBinding(namespace string, roleBinding rbacv1.RoleBinding) { - if !strings.HasPrefix(namespace, "kube-") { - klog.Fatalf(`rolebindings can only be bootstrapped into reserved namespaces starting with "kube-", not %q`, namespace) - } - - existingRoleBindings := namespaceRoleBindings[namespace] - for _, existingRoleBinding := range existingRoleBindings { - if roleBinding.Name == existingRoleBinding.Name { - klog.Fatalf("rolebinding %q was already registered in %q", roleBinding.Name, namespace) - } - } - - roleBinding.Namespace = namespace - addDefaultMetadata(&roleBinding) - existingRoleBindings = append(existingRoleBindings, roleBinding) - namespaceRoleBindings[namespace] = existingRoleBindings -} - -func init() { - addNamespaceRole(metav1.NamespaceSystem, rbacv1.Role{ - // role for finding authentication config info for starting a server - ObjectMeta: metav1.ObjectMeta{Name: "extension-apiserver-authentication-reader"}, - Rules: []rbacv1.PolicyRule{ - // this particular config map is exposed and contains authentication configuration information - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("configmaps").Names("extension-apiserver-authentication").RuleOrDie(), - }, - }) - addNamespaceRole(metav1.NamespaceSystem, rbacv1.Role{ - // role for the bootstrap signer to be able to inspect kube-system secrets - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "bootstrap-signer"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("secrets").RuleOrDie(), - }, - }) - addNamespaceRole(metav1.NamespaceSystem, rbacv1.Role{ - // role for the cloud providers to access/create kube-system configmaps - // Deprecated starting Kubernetes 1.10 and will be deleted according to GA deprecation policy. - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "cloud-provider"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("create", "get", "list", "watch").Groups(legacyGroup).Resources("configmaps").RuleOrDie(), - }, - }) - addNamespaceRole(metav1.NamespaceSystem, rbacv1.Role{ - // role for the token-cleaner to be able to remove secrets, but only in kube-system - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "token-cleaner"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "delete").Groups(legacyGroup).Resources("secrets").RuleOrDie(), - eventsRule(), - }, - }) - // TODO: Create util on Role+Binding for leader locking if more cases evolve. - addNamespaceRole(metav1.NamespaceSystem, rbacv1.Role{ - // role for the leader locking on supplied configmap - ObjectMeta: metav1.ObjectMeta{Name: "system::leader-locking-kube-controller-manager"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("watch").Groups(legacyGroup).Resources("configmaps").RuleOrDie(), - rbacv1helpers.NewRule("get", "update").Groups(legacyGroup).Resources("configmaps").Names("kube-controller-manager").RuleOrDie(), - }, - }) - addNamespaceRole(metav1.NamespaceSystem, rbacv1.Role{ - // role for the leader locking on supplied configmap - ObjectMeta: metav1.ObjectMeta{Name: "system::leader-locking-kube-scheduler"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("watch").Groups(legacyGroup).Resources("configmaps").RuleOrDie(), - rbacv1helpers.NewRule("get", "update").Groups(legacyGroup).Resources("configmaps").Names("kube-scheduler").RuleOrDie(), - }, - }) - - delegatedAuthBinding := rbacv1helpers.NewRoleBinding("extension-apiserver-authentication-reader", metav1.NamespaceSystem).Users(user.KubeControllerManager, user.KubeScheduler).BindingOrDie() - delegatedAuthBinding.Name = "system::extension-apiserver-authentication-reader" - addNamespaceRoleBinding(metav1.NamespaceSystem, delegatedAuthBinding) - - addNamespaceRoleBinding(metav1.NamespaceSystem, - rbacv1helpers.NewRoleBinding("system::leader-locking-kube-controller-manager", metav1.NamespaceSystem).Users(user.KubeControllerManager).SAs(metav1.NamespaceSystem, "kube-controller-manager").BindingOrDie()) - addNamespaceRoleBinding(metav1.NamespaceSystem, - rbacv1helpers.NewRoleBinding("system::leader-locking-kube-scheduler", metav1.NamespaceSystem).Users(user.KubeScheduler).SAs(metav1.NamespaceSystem, "kube-scheduler").BindingOrDie()) - addNamespaceRoleBinding(metav1.NamespaceSystem, - rbacv1helpers.NewRoleBinding(saRolePrefix+"bootstrap-signer", metav1.NamespaceSystem).SAs(metav1.NamespaceSystem, "bootstrap-signer").BindingOrDie()) - // cloud-provider is deprecated starting Kubernetes 1.10 and will be deleted according to GA deprecation policy. - addNamespaceRoleBinding(metav1.NamespaceSystem, - rbacv1helpers.NewRoleBinding(saRolePrefix+"cloud-provider", metav1.NamespaceSystem).SAs(metav1.NamespaceSystem, "cloud-provider").BindingOrDie()) - addNamespaceRoleBinding(metav1.NamespaceSystem, - rbacv1helpers.NewRoleBinding(saRolePrefix+"token-cleaner", metav1.NamespaceSystem).SAs(metav1.NamespaceSystem, "token-cleaner").BindingOrDie()) - - addNamespaceRole(metav1.NamespacePublic, rbacv1.Role{ - // role for the bootstrap signer to be able to write its configmap - ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "bootstrap-signer"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("configmaps").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("configmaps").Names("cluster-info").RuleOrDie(), - eventsRule(), - }, - }) - addNamespaceRoleBinding(metav1.NamespacePublic, - rbacv1helpers.NewRoleBinding(saRolePrefix+"bootstrap-signer", metav1.NamespacePublic).SAs(metav1.NamespaceSystem, "bootstrap-signer").BindingOrDie()) - -} - -// NamespaceRoles returns a map of namespace to slice of roles to create -func NamespaceRoles() map[string][]rbacv1.Role { - return namespaceRoles -} - -// NamespaceRoleBindings returns a map of namespace to slice of roles to create -func NamespaceRoleBindings() map[string][]rbacv1.RoleBinding { - return namespaceRoleBindings -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go deleted file mode 100644 index d0c023da03..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go +++ /dev/null @@ -1,653 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package bootstrappolicy - -import ( - capi "k8s.io/api/certificates/v1beta1" - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/authentication/serviceaccount" - "k8s.io/apiserver/pkg/authentication/user" - utilfeature "k8s.io/apiserver/pkg/util/feature" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" - "k8s.io/kubernetes/pkg/features" -) - -// Write and other vars are slices of the allowed verbs. -// Label and Annotation are default maps of bootstrappolicy. -var ( - Write = []string{"create", "update", "patch", "delete", "deletecollection"} - ReadWrite = []string{"get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"} - Read = []string{"get", "list", "watch"} - ReadUpdate = []string{"get", "list", "watch", "update", "patch"} - - Label = map[string]string{"kubernetes.io/bootstrapping": "rbac-defaults"} - Annotation = map[string]string{rbacv1.AutoUpdateAnnotationKey: "true"} -) - -const ( - legacyGroup = "" - appsGroup = "apps" - authenticationGroup = "authentication.k8s.io" - authorizationGroup = "authorization.k8s.io" - autoscalingGroup = "autoscaling" - batchGroup = "batch" - certificatesGroup = "certificates.k8s.io" - coordinationGroup = "coordination.k8s.io" - discoveryGroup = "discovery.k8s.io" - extensionsGroup = "extensions" - policyGroup = "policy" - rbacGroup = "rbac.authorization.k8s.io" - resourceGroup = "resource.k8s.io" - storageGroup = "storage.k8s.io" - resMetricsGroup = "metrics.k8s.io" - customMetricsGroup = "custom.metrics.k8s.io" - externalMetricsGroup = "external.metrics.k8s.io" - networkingGroup = "networking.k8s.io" - eventsGroup = "events.k8s.io" - internalAPIServerGroup = "internal.apiserver.k8s.io" -) - -func addDefaultMetadata(obj runtime.Object) { - metadata, err := meta.Accessor(obj) - if err != nil { - // if this happens, then some static code is broken - panic(err) - } - - labels := metadata.GetLabels() - if labels == nil { - labels = map[string]string{} - } - for k, v := range Label { - labels[k] = v - } - metadata.SetLabels(labels) - - annotations := metadata.GetAnnotations() - if annotations == nil { - annotations = map[string]string{} - } - for k, v := range Annotation { - annotations[k] = v - } - metadata.SetAnnotations(annotations) -} - -func addClusterRoleLabel(roles []rbacv1.ClusterRole) { - for i := range roles { - addDefaultMetadata(&roles[i]) - } - return -} - -func addClusterRoleBindingLabel(rolebindings []rbacv1.ClusterRoleBinding) { - for i := range rolebindings { - addDefaultMetadata(&rolebindings[i]) - } - return -} - -// NodeRules returns node policy rules, it is slice of rbacv1.PolicyRule. -func NodeRules() []rbacv1.PolicyRule { - nodePolicyRules := []rbacv1.PolicyRule{ - // Needed to check API access. These creates are non-mutating - rbacv1helpers.NewRule("create").Groups(authenticationGroup).Resources("tokenreviews").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(authorizationGroup).Resources("subjectaccessreviews", "localsubjectaccessreviews").RuleOrDie(), - - // Needed to build serviceLister, to populate env vars for services - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("services").RuleOrDie(), - - // Nodes can register Node API objects and report status. - // Use the NodeRestriction admission plugin to limit a node to creating/updating its own API object. - rbacv1helpers.NewRule("create", "get", "list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("update", "patch").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(), - rbacv1helpers.NewRule("update", "patch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - - // TODO: restrict to the bound node as creator in the NodeRestrictions admission plugin - rbacv1helpers.NewRule("create", "update", "patch").Groups(legacyGroup).Resources("events").RuleOrDie(), - - // TODO: restrict to pods scheduled on the bound node once field selectors are supported by list/watch authorization - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("pods").RuleOrDie(), - - // Needed for the node to create/delete mirror pods. - // Use the NodeRestriction admission plugin to limit a node to creating/deleting mirror pods bound to itself. - rbacv1helpers.NewRule("create", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - // Needed for the node to report status of pods it is running. - // Use the NodeRestriction admission plugin to limit a node to updating status of pods bound to itself. - rbacv1helpers.NewRule("update", "patch").Groups(legacyGroup).Resources("pods/status").RuleOrDie(), - // Needed for the node to create pod evictions. - // Use the NodeRestriction admission plugin to limit a node to creating evictions for pods bound to itself. - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("pods/eviction").RuleOrDie(), - - // Needed for imagepullsecrets, rbd/ceph and secret volumes, and secrets in envs - // Needed for configmap volume and envs - // Use the Node authorization mode to limit a node to get secrets/configmaps referenced by pods bound to itself. - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("secrets", "configmaps").RuleOrDie(), - // Needed for persistent volumes - // Use the Node authorization mode to limit a node to get pv/pvc objects referenced by pods bound to itself. - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("persistentvolumeclaims", "persistentvolumes").RuleOrDie(), - - // TODO: add to the Node authorizer and restrict to endpoints referenced by pods or PVs bound to the node - // Needed for glusterfs volumes - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("endpoints").RuleOrDie(), - // Used to create a certificatesigningrequest for a node-specific client certificate, and watch - // for it to be signed. This allows the kubelet to rotate it's own certificate. - rbacv1helpers.NewRule("create", "get", "list", "watch").Groups(certificatesGroup).Resources("certificatesigningrequests").RuleOrDie(), - - // Leases - rbacv1helpers.NewRule("get", "create", "update", "patch", "delete").Groups("coordination.k8s.io").Resources("leases").RuleOrDie(), - - // CSI - rbacv1helpers.NewRule("get").Groups(storageGroup).Resources("volumeattachments").RuleOrDie(), - - // Use the Node authorization to limit a node to create tokens for service accounts running on that node - // Use the NodeRestriction admission plugin to limit a node to create tokens bound to pods on that node - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("serviceaccounts/token").RuleOrDie(), - } - - // Use the Node authorization mode to limit a node to update status of pvc objects referenced by pods bound to itself. - // Use the NodeRestriction admission plugin to limit a node to just update the status stanza. - pvcStatusPolicyRule := rbacv1helpers.NewRule("get", "update", "patch").Groups(legacyGroup).Resources("persistentvolumeclaims/status").RuleOrDie() - nodePolicyRules = append(nodePolicyRules, pvcStatusPolicyRule) - - // CSI - csiDriverRule := rbacv1helpers.NewRule("get", "watch", "list").Groups("storage.k8s.io").Resources("csidrivers").RuleOrDie() - nodePolicyRules = append(nodePolicyRules, csiDriverRule) - csiNodeInfoRule := rbacv1helpers.NewRule("get", "create", "update", "patch", "delete").Groups("storage.k8s.io").Resources("csinodes").RuleOrDie() - nodePolicyRules = append(nodePolicyRules, csiNodeInfoRule) - - // RuntimeClass - nodePolicyRules = append(nodePolicyRules, rbacv1helpers.NewRule("get", "list", "watch").Groups("node.k8s.io").Resources("runtimeclasses").RuleOrDie()) - - // DRA Resource Claims - if utilfeature.DefaultFeatureGate.Enabled(features.DynamicResourceAllocation) { - nodePolicyRules = append(nodePolicyRules, rbacv1helpers.NewRule("get").Groups(resourceGroup).Resources("resourceclaims").RuleOrDie()) - } - - return nodePolicyRules -} - -// ClusterRoles returns the cluster roles to bootstrap an API server with -func ClusterRoles() []rbacv1.ClusterRole { - roles := []rbacv1.ClusterRole{ - { - // a "root" role which can do absolutely anything - ObjectMeta: metav1.ObjectMeta{Name: "cluster-admin"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("*").Groups("*").Resources("*").RuleOrDie(), - rbacv1helpers.NewRule("*").URLs("*").RuleOrDie(), - }, - }, - { - // a role which provides just enough power to determine if the server is - // ready and discover API versions for negotiation - ObjectMeta: metav1.ObjectMeta{Name: "system:discovery"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get").URLs( - "/livez", "/readyz", "/healthz", - "/version", "/version/", - "/openapi", "/openapi/*", - "/api", "/api/*", - "/apis", "/apis/*", - ).RuleOrDie(), - }, - }, - { - // a role which provides minimal read access to the monitoring endpoints - // (i.e. /metrics, /livez/*, /readyz/*, /healthz/*, /livez, /readyz, /healthz) - // The splatted health check endpoints allow read access to individual health check - // endpoints which may contain more sensitive cluster information information - ObjectMeta: metav1.ObjectMeta{Name: "system:monitoring"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get").URLs( - "/metrics", "/metrics/slis", - "/livez", "/readyz", "/healthz", - "/livez/*", "/readyz/*", "/healthz/*", - ).RuleOrDie(), - }, - }, - } - - basicUserRules := []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("create").Groups(authorizationGroup).Resources("selfsubjectaccessreviews", "selfsubjectrulesreviews").RuleOrDie(), - } - - if utilfeature.DefaultFeatureGate.Enabled(features.APISelfSubjectReview) { - basicUserRules = append(basicUserRules, rbacv1helpers.NewRule("create").Groups(authenticationGroup).Resources("selfsubjectreviews").RuleOrDie()) - } - - roles = append(roles, []rbacv1.ClusterRole{ - { - // a role which provides minimal resource access to allow a "normal" user to learn information about themselves - ObjectMeta: metav1.ObjectMeta{Name: "system:basic-user"}, - Rules: basicUserRules, - }, - { - // a role which provides just enough power read insensitive cluster information - ObjectMeta: metav1.ObjectMeta{Name: "system:public-info-viewer"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get").URLs( - "/livez", "/readyz", "/healthz", "/version", "/version/", - ).RuleOrDie(), - }, - }, - { - // a role for a namespace level admin. It is `edit` plus the power to grant permissions to other users. - ObjectMeta: metav1.ObjectMeta{Name: "admin"}, - AggregationRule: &rbacv1.AggregationRule{ - ClusterRoleSelectors: []metav1.LabelSelector{ - {MatchLabels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-admin": "true"}}, - }, - }, - }, - { - // a role for a namespace level editor. It grants access to all user level actions in a namespace. - // It does not grant powers for "privileged" resources which are domain of the system: `/status` - // subresources or `quota`/`limits` which are used to control namespaces - ObjectMeta: metav1.ObjectMeta{Name: "edit", Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-admin": "true"}}, - AggregationRule: &rbacv1.AggregationRule{ - ClusterRoleSelectors: []metav1.LabelSelector{ - {MatchLabels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-edit": "true"}}, - }, - }, - }, - { - // a role for namespace level viewing. It grants Read-only access to non-escalating resources in - // a namespace. - ObjectMeta: metav1.ObjectMeta{Name: "view", Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-edit": "true"}}, - AggregationRule: &rbacv1.AggregationRule{ - ClusterRoleSelectors: []metav1.LabelSelector{ - {MatchLabels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-view": "true"}}, - }, - }, - }, - { - // a role for a namespace level admin. It is `edit` plus the power to grant permissions to other users. - ObjectMeta: metav1.ObjectMeta{Name: "system:aggregate-to-admin", Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-admin": "true"}}, - Rules: []rbacv1.PolicyRule{ - // additional admin powers - rbacv1helpers.NewRule("create").Groups(authorizationGroup).Resources("localsubjectaccessreviews").RuleOrDie(), - rbacv1helpers.NewRule(ReadWrite...).Groups(rbacGroup).Resources("roles", "rolebindings").RuleOrDie(), - }, - }, - { - // a role for a namespace level editor. It grants access to all user level actions in a namespace. - // It does not grant powers for "privileged" resources which are domain of the system: `/status` - // subresources or `quota`/`limits` which are used to control namespaces - ObjectMeta: metav1.ObjectMeta{Name: "system:aggregate-to-edit", Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-edit": "true"}}, - Rules: []rbacv1.PolicyRule{ - // Allow read on escalating resources - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("pods/attach", "pods/proxy", "pods/exec", "pods/portforward", "secrets", "services/proxy").RuleOrDie(), - rbacv1helpers.NewRule("impersonate").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(), - - rbacv1helpers.NewRule(Write...).Groups(legacyGroup).Resources("pods", "pods/attach", "pods/proxy", "pods/exec", "pods/portforward").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("pods/eviction").RuleOrDie(), - rbacv1helpers.NewRule(Write...).Groups(legacyGroup).Resources("replicationcontrollers", "replicationcontrollers/scale", "serviceaccounts", - "services", "services/proxy", "persistentvolumeclaims", "configmaps", "secrets", "events").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("serviceaccounts/token").RuleOrDie(), - - rbacv1helpers.NewRule(Write...).Groups(appsGroup).Resources( - "statefulsets", "statefulsets/scale", - "daemonsets", - "deployments", "deployments/scale", "deployments/rollback", - "replicasets", "replicasets/scale").RuleOrDie(), - - rbacv1helpers.NewRule(Write...).Groups(autoscalingGroup).Resources("horizontalpodautoscalers").RuleOrDie(), - - rbacv1helpers.NewRule(Write...).Groups(batchGroup).Resources("jobs", "cronjobs").RuleOrDie(), - - rbacv1helpers.NewRule(Write...).Groups(extensionsGroup).Resources("daemonsets", - "deployments", "deployments/scale", "deployments/rollback", "ingresses", - "replicasets", "replicasets/scale", "replicationcontrollers/scale", - "networkpolicies").RuleOrDie(), - - rbacv1helpers.NewRule(Write...).Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), - - rbacv1helpers.NewRule(Write...).Groups(networkingGroup).Resources("networkpolicies", "ingresses").RuleOrDie(), - - rbacv1helpers.NewRule(ReadWrite...).Groups(coordinationGroup).Resources("leases").RuleOrDie(), - }, - }, - { - // a role for namespace level viewing. It grants Read-only access to non-escalating resources in - // a namespace. - ObjectMeta: metav1.ObjectMeta{Name: "system:aggregate-to-view", Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-view": "true"}}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("pods", "replicationcontrollers", "replicationcontrollers/scale", "serviceaccounts", - "services", "services/status", "endpoints", "persistentvolumeclaims", "persistentvolumeclaims/status", "configmaps").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("limitranges", "resourcequotas", "bindings", "events", - "pods/status", "resourcequotas/status", "namespaces/status", "replicationcontrollers/status", "pods/log").RuleOrDie(), - // read access to namespaces at the namespace scope means you can read *this* namespace. This can be used as an - // indicator of which namespaces you have access to. - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(), - - rbacv1helpers.NewRule(Read...).Groups(discoveryGroup).Resources("endpointslices").RuleOrDie(), - - rbacv1helpers.NewRule(Read...).Groups(appsGroup).Resources( - "controllerrevisions", - "statefulsets", "statefulsets/status", "statefulsets/scale", - "daemonsets", "daemonsets/status", - "deployments", "deployments/status", "deployments/scale", - "replicasets", "replicasets/status", "replicasets/scale").RuleOrDie(), - - rbacv1helpers.NewRule(Read...).Groups(autoscalingGroup).Resources("horizontalpodautoscalers", "horizontalpodautoscalers/status").RuleOrDie(), - - rbacv1helpers.NewRule(Read...).Groups(batchGroup).Resources("jobs", "cronjobs", "cronjobs/status", "jobs/status").RuleOrDie(), - - rbacv1helpers.NewRule(Read...).Groups(extensionsGroup).Resources("daemonsets", "daemonsets/status", "deployments", "deployments/scale", "deployments/status", - "ingresses", "ingresses/status", "replicasets", "replicasets/scale", "replicasets/status", "replicationcontrollers/scale", - "networkpolicies").RuleOrDie(), - - rbacv1helpers.NewRule(Read...).Groups(policyGroup).Resources("poddisruptionbudgets", "poddisruptionbudgets/status").RuleOrDie(), - - rbacv1helpers.NewRule(Read...).Groups(networkingGroup).Resources("networkpolicies", "ingresses", "ingresses/status").RuleOrDie(), - }, - }, - { - // a role to use for heapster's connections back to the API server - ObjectMeta: metav1.ObjectMeta{Name: "system:heapster"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("events", "pods", "nodes", "namespaces").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(extensionsGroup).Resources("deployments").RuleOrDie(), - }, - }, - { - // a role for nodes to use to have the access they need for running pods - ObjectMeta: metav1.ObjectMeta{Name: "system:node"}, - Rules: NodeRules(), - }, - { - // a role to use for node-problem-detector access. It does not get bound to default location since - // deployment locations can reasonably vary. - ObjectMeta: metav1.ObjectMeta{Name: "system:node-problem-detector"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("patch").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(), - eventsRule(), - }, - }, - { - // a role to use for full access to the kubelet API - ObjectMeta: metav1.ObjectMeta{Name: "system:kubelet-api-admin"}, - Rules: []rbacv1.PolicyRule{ - // Allow read-only access to the Node API objects - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - // Allow all API calls to the nodes - rbacv1helpers.NewRule("proxy").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("*").Groups(legacyGroup).Resources("nodes/proxy", "nodes/metrics", "nodes/spec", "nodes/stats", "nodes/log").RuleOrDie(), - }, - }, - { - // a role to use for bootstrapping a node's client certificates - ObjectMeta: metav1.ObjectMeta{Name: "system:node-bootstrapper"}, - Rules: []rbacv1.PolicyRule{ - // used to create a certificatesigningrequest for a node-specific client certificate, and watch for it to be signed - rbacv1helpers.NewRule("create", "get", "list", "watch").Groups(certificatesGroup).Resources("certificatesigningrequests").RuleOrDie(), - }, - }, - { - // a role to use for allowing authentication and authorization delegation - ObjectMeta: metav1.ObjectMeta{Name: "system:auth-delegator"}, - Rules: []rbacv1.PolicyRule{ - // These creates are non-mutating - rbacv1helpers.NewRule("create").Groups(authenticationGroup).Resources("tokenreviews").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(authorizationGroup).Resources("subjectaccessreviews").RuleOrDie(), - }, - }, - { - // a role to use for the API registry, summarization, and proxy handling - ObjectMeta: metav1.ObjectMeta{Name: "system:kube-aggregator"}, - Rules: []rbacv1.PolicyRule{ - // it needs to see all services so that it knows whether the ones it points to exist or not - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(), - }, - }, - { - // a role to use for bootstrapping the kube-controller-manager so it can create the shared informers - // service accounts, and secrets that we need to create separate identities for other controllers - ObjectMeta: metav1.ObjectMeta{Name: "system:kube-controller-manager"}, - Rules: []rbacv1.PolicyRule{ - eventsRule(), - // Needed for leader election. - rbacv1helpers.NewRule("create").Groups(coordinationGroup).Resources("leases").RuleOrDie(), - rbacv1helpers.NewRule("get", "update").Groups(coordinationGroup).Resources("leases").Names("kube-controller-manager").RuleOrDie(), - // TODO: Remove once we fully migrate to lease in leader-election. - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("endpoints").RuleOrDie(), - rbacv1helpers.NewRule("get", "update").Groups(legacyGroup).Resources("endpoints").Names("kube-controller-manager").RuleOrDie(), - // Fundamental resources. - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("secrets", "serviceaccounts").RuleOrDie(), - rbacv1helpers.NewRule("delete").Groups(legacyGroup).Resources("secrets").RuleOrDie(), - rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("namespaces", "secrets", "serviceaccounts", "configmaps").RuleOrDie(), - rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("secrets", "serviceaccounts").RuleOrDie(), - // Needed to check API access. These creates are non-mutating - rbacv1helpers.NewRule("create").Groups(authenticationGroup).Resources("tokenreviews").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(authorizationGroup).Resources("subjectaccessreviews").RuleOrDie(), - // Needed for all shared informers - rbacv1helpers.NewRule("list", "watch").Groups("*").Resources("*").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("serviceaccounts/token").RuleOrDie(), - }, - }, - { - // a role to use for the kube-dns pod - ObjectMeta: metav1.ObjectMeta{Name: "system:kube-dns"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("endpoints", "services").RuleOrDie(), - }, - }, - { - // a role for an external/out-of-tree persistent volume provisioner - ObjectMeta: metav1.ObjectMeta{Name: "system:persistent-volume-provisioner"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get", "list", "watch", "create", "delete").Groups(legacyGroup).Resources("persistentvolumes").RuleOrDie(), - // update is needed in addition to read access for setting lock annotations on PVCs - rbacv1helpers.NewRule("get", "list", "watch", "update").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(storageGroup).Resources("storageclasses").RuleOrDie(), - - // Needed for watching provisioning success and failure events - rbacv1helpers.NewRule("watch").Groups(legacyGroup).Resources("events").RuleOrDie(), - - eventsRule(), - }, - }, - { - // a role making the csrapprover controller approve a node client CSR - ObjectMeta: metav1.ObjectMeta{Name: "system:certificates.k8s.io:certificatesigningrequests:nodeclient"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("create").Groups(certificatesGroup).Resources("certificatesigningrequests/nodeclient").RuleOrDie(), - }, - }, - { - // a role making the csrapprover controller approve a node client CSR requested by the node itself - ObjectMeta: metav1.ObjectMeta{Name: "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("create").Groups(certificatesGroup).Resources("certificatesigningrequests/selfnodeclient").RuleOrDie(), - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "system:volume-scheduler"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule(ReadUpdate...).Groups(legacyGroup).Resources("persistentvolumes").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(storageGroup).Resources("storageclasses").RuleOrDie(), - rbacv1helpers.NewRule(ReadUpdate...).Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie(), - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "system:certificates.k8s.io:legacy-unknown-approver"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("approve").Groups(certificatesGroup).Resources("signers").Names(capi.LegacyUnknownSignerName).RuleOrDie(), - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "system:certificates.k8s.io:kubelet-serving-approver"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("approve").Groups(certificatesGroup).Resources("signers").Names(capi.KubeletServingSignerName).RuleOrDie(), - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "system:certificates.k8s.io:kube-apiserver-client-approver"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("approve").Groups(certificatesGroup).Resources("signers").Names(capi.KubeAPIServerClientSignerName).RuleOrDie(), - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "system:certificates.k8s.io:kube-apiserver-client-kubelet-approver"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("approve").Groups(certificatesGroup).Resources("signers").Names(capi.KubeAPIServerClientKubeletSignerName).RuleOrDie(), - }, - }, - }...) - - // Add the cluster role for reading the ServiceAccountIssuerDiscovery endpoints - roles = append(roles, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: "system:service-account-issuer-discovery"}, - Rules: []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("get").URLs( - "/.well-known/openid-configuration", - "/openid/v1/jwks", - ).RuleOrDie(), - }, - }) - - // node-proxier role is used by kube-proxy. - nodeProxierRules := []rbacv1.PolicyRule{ - rbacv1helpers.NewRule("list", "watch").Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), - - eventsRule(), - } - nodeProxierRules = append(nodeProxierRules, rbacv1helpers.NewRule("list", "watch").Groups(discoveryGroup).Resources("endpointslices").RuleOrDie()) - roles = append(roles, rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: "system:node-proxier"}, - Rules: nodeProxierRules, - }) - - kubeSchedulerRules := []rbacv1.PolicyRule{ - eventsRule(), - // This is for leaderlease access - // TODO: scope this to the kube-system namespace - rbacv1helpers.NewRule("create").Groups(coordinationGroup).Resources("leases").RuleOrDie(), - rbacv1helpers.NewRule("get", "update").Groups(coordinationGroup).Resources("leases").Names("kube-scheduler").RuleOrDie(), - // TODO: Remove once we fully migrate to lease in leader-election. - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("endpoints").RuleOrDie(), - rbacv1helpers.NewRule("get", "update").Groups(legacyGroup).Resources("endpoints").Names("kube-scheduler").RuleOrDie(), - - // Fundamental resources - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("nodes").RuleOrDie(), - rbacv1helpers.NewRule("get", "list", "watch", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("pods/binding", "bindings").RuleOrDie(), - rbacv1helpers.NewRule("patch", "update").Groups(legacyGroup).Resources("pods/status").RuleOrDie(), - // Things that select pods - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("services", "replicationcontrollers").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(appsGroup, extensionsGroup).Resources("replicasets").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(appsGroup).Resources("statefulsets").RuleOrDie(), - // Things that pods use or applies to them - rbacv1helpers.NewRule(Read...).Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("persistentvolumeclaims", "persistentvolumes").RuleOrDie(), - // Needed to check API access. These creates are non-mutating - rbacv1helpers.NewRule("create").Groups(authenticationGroup).Resources("tokenreviews").RuleOrDie(), - rbacv1helpers.NewRule("create").Groups(authorizationGroup).Resources("subjectaccessreviews").RuleOrDie(), - // Needed for volume limits - rbacv1helpers.NewRule(Read...).Groups(storageGroup).Resources("csinodes").RuleOrDie(), - // Needed for namespaceSelector feature in pod affinity - rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(storageGroup).Resources("csidrivers").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(storageGroup).Resources("csistoragecapacities").RuleOrDie(), - } - // Needed for dynamic resource allocation. - if utilfeature.DefaultFeatureGate.Enabled(features.DynamicResourceAllocation) { - kubeSchedulerRules = append(kubeSchedulerRules, - rbacv1helpers.NewRule(Read...).Groups(resourceGroup).Resources("resourceclaims", "resourceclasses").RuleOrDie(), - rbacv1helpers.NewRule(ReadUpdate...).Groups(resourceGroup).Resources("resourceclaims/status").RuleOrDie(), - rbacv1helpers.NewRule(ReadWrite...).Groups(resourceGroup).Resources("podschedulings").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(resourceGroup).Resources("podschedulings/status").RuleOrDie(), - ) - } - roles = append(roles, rbacv1.ClusterRole{ - // a role to use for the kube-scheduler - ObjectMeta: metav1.ObjectMeta{Name: "system:kube-scheduler"}, - Rules: kubeSchedulerRules, - }) - - addClusterRoleLabel(roles) - return roles -} - -const systemNodeRoleName = "system:node" - -// ClusterRoleBindings return default rolebindings to the default roles -func ClusterRoleBindings() []rbacv1.ClusterRoleBinding { - rolebindings := []rbacv1.ClusterRoleBinding{ - rbacv1helpers.NewClusterBinding("cluster-admin").Groups(user.SystemPrivilegedGroup).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:monitoring").Groups(user.MonitoringGroup).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:discovery").Groups(user.AllAuthenticated).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:basic-user").Groups(user.AllAuthenticated).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:public-info-viewer").Groups(user.AllAuthenticated, user.AllUnauthenticated).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:node-proxier").Users(user.KubeProxy).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:kube-controller-manager").Users(user.KubeControllerManager).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:kube-dns").SAs("kube-system", "kube-dns").BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:kube-scheduler").Users(user.KubeScheduler).BindingOrDie(), - rbacv1helpers.NewClusterBinding("system:volume-scheduler").Users(user.KubeScheduler).BindingOrDie(), - - // This default binding of the system:node role to the system:nodes group is deprecated in 1.7 with the availability of the Node authorizer. - // This leaves the binding, but with an empty set of subjects, so that tightening reconciliation can remove the subject. - { - ObjectMeta: metav1.ObjectMeta{Name: systemNodeRoleName}, - RoleRef: rbacv1.RoleRef{APIGroup: rbacv1.GroupName, Kind: "ClusterRole", Name: systemNodeRoleName}, - }, - } - - // Allow all in-cluster workloads (via their service accounts) to read the OIDC discovery endpoints. - // Users with certain forms of write access (create pods, create secrets, create service accounts, etc) - // can gain access to a service account identity which would allow them to access this information. - // This includes the issuer URL, which is already present in the SA token JWT. Similarly, SAs can - // already gain this same info via introspection of their own token. Since this discovery endpoint - // points to what issued all service account tokens, it seems fitting for SAs to have this access. - // Defer to the cluster admin with regard to binding directly to all authenticated and/or - // unauthenticated users. - rolebindings = append(rolebindings, - rbacv1helpers.NewClusterBinding("system:service-account-issuer-discovery").Groups(serviceaccount.AllServiceAccountsGroup).BindingOrDie(), - ) - - addClusterRoleBindingLabel(rolebindings) - - return rolebindings -} - -// ClusterRolesToAggregate maps from previous clusterrole name to the new clusterrole name -func ClusterRolesToAggregate() map[string]string { - return map[string]string{ - "admin": "system:aggregate-to-admin", - "edit": "system:aggregate-to-edit", - "view": "system:aggregate-to-view", - } -} - -// ClusterRoleBindingsToSplit returns a map of Names of source ClusterRoleBindings -// to copy Subjects, Annotations, and Labels to destination ClusterRoleBinding templates. -func ClusterRoleBindingsToSplit() map[string]rbacv1.ClusterRoleBinding { - bindingsToSplit := map[string]rbacv1.ClusterRoleBinding{} - for _, defaultClusterRoleBinding := range ClusterRoleBindings() { - switch defaultClusterRoleBinding.Name { - case "system:public-info-viewer": - bindingsToSplit["system:discovery"] = defaultClusterRoleBinding - } - } - return bindingsToSplit -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/rbac.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/rbac.go deleted file mode 100644 index d5087309f5..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/rbac.go +++ /dev/null @@ -1,225 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package rbac implements the authorizer.Authorizer interface using roles base access control. -package rbac - -import ( - "bytes" - "context" - "fmt" - - "k8s.io/klog/v2" - - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/labels" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - rbaclisters "k8s.io/client-go/listers/rbac/v1" - rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" -) - -type RequestToRuleMapper interface { - // RulesFor returns all known PolicyRules and any errors that happened while locating those rules. - // Any rule returned is still valid, since rules are deny by default. If you can pass with the rules - // supplied, you do not have to fail the request. If you cannot, you should indicate the error along - // with your denial. - RulesFor(subject user.Info, namespace string) ([]rbacv1.PolicyRule, error) - - // VisitRulesFor invokes visitor() with each rule that applies to a given user in a given namespace, - // and each error encountered resolving those rules. Rule may be nil if err is non-nil. - // If visitor() returns false, visiting is short-circuited. - VisitRulesFor(user user.Info, namespace string, visitor func(source fmt.Stringer, rule *rbacv1.PolicyRule, err error) bool) -} - -type RBACAuthorizer struct { - authorizationRuleResolver RequestToRuleMapper -} - -// authorizingVisitor short-circuits once allowed, and collects any resolution errors encountered -type authorizingVisitor struct { - requestAttributes authorizer.Attributes - - allowed bool - reason string - errors []error -} - -func (v *authorizingVisitor) visit(source fmt.Stringer, rule *rbacv1.PolicyRule, err error) bool { - if rule != nil && RuleAllows(v.requestAttributes, rule) { - v.allowed = true - v.reason = fmt.Sprintf("RBAC: allowed by %s", source.String()) - return false - } - if err != nil { - v.errors = append(v.errors, err) - } - return true -} - -func (r *RBACAuthorizer) Authorize(ctx context.Context, requestAttributes authorizer.Attributes) (authorizer.Decision, string, error) { - ruleCheckingVisitor := &authorizingVisitor{requestAttributes: requestAttributes} - - r.authorizationRuleResolver.VisitRulesFor(requestAttributes.GetUser(), requestAttributes.GetNamespace(), ruleCheckingVisitor.visit) - if ruleCheckingVisitor.allowed { - return authorizer.DecisionAllow, ruleCheckingVisitor.reason, nil - } - - // Build a detailed log of the denial. - // Make the whole block conditional so we don't do a lot of string-building we won't use. - if klogV := klog.V(5); klogV.Enabled() { - var operation string - if requestAttributes.IsResourceRequest() { - b := &bytes.Buffer{} - b.WriteString(`"`) - b.WriteString(requestAttributes.GetVerb()) - b.WriteString(`" resource "`) - b.WriteString(requestAttributes.GetResource()) - if len(requestAttributes.GetAPIGroup()) > 0 { - b.WriteString(`.`) - b.WriteString(requestAttributes.GetAPIGroup()) - } - if len(requestAttributes.GetSubresource()) > 0 { - b.WriteString(`/`) - b.WriteString(requestAttributes.GetSubresource()) - } - b.WriteString(`"`) - if len(requestAttributes.GetName()) > 0 { - b.WriteString(` named "`) - b.WriteString(requestAttributes.GetName()) - b.WriteString(`"`) - } - operation = b.String() - } else { - operation = fmt.Sprintf("%q nonResourceURL %q", requestAttributes.GetVerb(), requestAttributes.GetPath()) - } - - var scope string - if ns := requestAttributes.GetNamespace(); len(ns) > 0 { - scope = fmt.Sprintf("in namespace %q", ns) - } else { - scope = "cluster-wide" - } - - klogV.Infof("RBAC: no rules authorize user %q with groups %q to %s %s", requestAttributes.GetUser().GetName(), requestAttributes.GetUser().GetGroups(), operation, scope) - } - - reason := "" - if len(ruleCheckingVisitor.errors) > 0 { - reason = fmt.Sprintf("RBAC: %v", utilerrors.NewAggregate(ruleCheckingVisitor.errors)) - } - return authorizer.DecisionNoOpinion, reason, nil -} - -func (r *RBACAuthorizer) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { - var ( - resourceRules []authorizer.ResourceRuleInfo - nonResourceRules []authorizer.NonResourceRuleInfo - ) - - policyRules, err := r.authorizationRuleResolver.RulesFor(user, namespace) - for _, policyRule := range policyRules { - if len(policyRule.Resources) > 0 { - r := authorizer.DefaultResourceRuleInfo{ - Verbs: policyRule.Verbs, - APIGroups: policyRule.APIGroups, - Resources: policyRule.Resources, - ResourceNames: policyRule.ResourceNames, - } - var resourceRule authorizer.ResourceRuleInfo = &r - resourceRules = append(resourceRules, resourceRule) - } - if len(policyRule.NonResourceURLs) > 0 { - r := authorizer.DefaultNonResourceRuleInfo{ - Verbs: policyRule.Verbs, - NonResourceURLs: policyRule.NonResourceURLs, - } - var nonResourceRule authorizer.NonResourceRuleInfo = &r - nonResourceRules = append(nonResourceRules, nonResourceRule) - } - } - return resourceRules, nonResourceRules, false, err -} - -func New(roles rbacregistryvalidation.RoleGetter, roleBindings rbacregistryvalidation.RoleBindingLister, clusterRoles rbacregistryvalidation.ClusterRoleGetter, clusterRoleBindings rbacregistryvalidation.ClusterRoleBindingLister) *RBACAuthorizer { - authorizer := &RBACAuthorizer{ - authorizationRuleResolver: rbacregistryvalidation.NewDefaultRuleResolver( - roles, roleBindings, clusterRoles, clusterRoleBindings, - ), - } - return authorizer -} - -func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbacv1.PolicyRule) bool { - for i := range rules { - if RuleAllows(requestAttributes, &rules[i]) { - return true - } - } - - return false -} - -func RuleAllows(requestAttributes authorizer.Attributes, rule *rbacv1.PolicyRule) bool { - if requestAttributes.IsResourceRequest() { - combinedResource := requestAttributes.GetResource() - if len(requestAttributes.GetSubresource()) > 0 { - combinedResource = requestAttributes.GetResource() + "/" + requestAttributes.GetSubresource() - } - - return rbacv1helpers.VerbMatches(rule, requestAttributes.GetVerb()) && - rbacv1helpers.APIGroupMatches(rule, requestAttributes.GetAPIGroup()) && - rbacv1helpers.ResourceMatches(rule, combinedResource, requestAttributes.GetSubresource()) && - rbacv1helpers.ResourceNameMatches(rule, requestAttributes.GetName()) - } - - return rbacv1helpers.VerbMatches(rule, requestAttributes.GetVerb()) && - rbacv1helpers.NonResourceURLMatches(rule, requestAttributes.GetPath()) -} - -type RoleGetter struct { - Lister rbaclisters.RoleLister -} - -func (g *RoleGetter) GetRole(namespace, name string) (*rbacv1.Role, error) { - return g.Lister.Roles(namespace).Get(name) -} - -type RoleBindingLister struct { - Lister rbaclisters.RoleBindingLister -} - -func (l *RoleBindingLister) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error) { - return l.Lister.RoleBindings(namespace).List(labels.Everything()) -} - -type ClusterRoleGetter struct { - Lister rbaclisters.ClusterRoleLister -} - -func (g *ClusterRoleGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error) { - return g.Lister.Get(name) -} - -type ClusterRoleBindingLister struct { - Lister rbaclisters.ClusterRoleBindingLister -} - -func (l *ClusterRoleBindingLister) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error) { - return l.Lister.List(labels.Everything()) -} diff --git a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/subject_locator.go b/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/subject_locator.go deleted file mode 100644 index cdd327e5b7..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/subject_locator.go +++ /dev/null @@ -1,123 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package rbac implements the authorizer.Authorizer interface using roles base access control. -package rbac - -import ( - rbacv1 "k8s.io/api/rbac/v1" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apiserver/pkg/authentication/user" - "k8s.io/apiserver/pkg/authorization/authorizer" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" -) - -type RoleToRuleMapper interface { - // GetRoleReferenceRules attempts to resolve the role reference of a RoleBinding or ClusterRoleBinding. The passed namespace should be the namespace - // of the role binding, the empty string if a cluster role binding. - GetRoleReferenceRules(roleRef rbacv1.RoleRef, namespace string) ([]rbacv1.PolicyRule, error) -} - -type SubjectLocator interface { - AllowedSubjects(attributes authorizer.Attributes) ([]rbacv1.Subject, error) -} - -var _ = SubjectLocator(&SubjectAccessEvaluator{}) - -type SubjectAccessEvaluator struct { - superUser string - - roleBindingLister rbacregistryvalidation.RoleBindingLister - clusterRoleBindingLister rbacregistryvalidation.ClusterRoleBindingLister - roleToRuleMapper RoleToRuleMapper -} - -func NewSubjectAccessEvaluator(roles rbacregistryvalidation.RoleGetter, roleBindings rbacregistryvalidation.RoleBindingLister, clusterRoles rbacregistryvalidation.ClusterRoleGetter, clusterRoleBindings rbacregistryvalidation.ClusterRoleBindingLister, superUser string) *SubjectAccessEvaluator { - subjectLocator := &SubjectAccessEvaluator{ - superUser: superUser, - roleBindingLister: roleBindings, - clusterRoleBindingLister: clusterRoleBindings, - roleToRuleMapper: rbacregistryvalidation.NewDefaultRuleResolver( - roles, roleBindings, clusterRoles, clusterRoleBindings, - ), - } - return subjectLocator -} - -// AllowedSubjects returns the subjects that can perform an action and any errors encountered while computing the list. -// It is possible to have both subjects and errors returned if some rolebindings couldn't be resolved, but others could be. -func (r *SubjectAccessEvaluator) AllowedSubjects(requestAttributes authorizer.Attributes) ([]rbacv1.Subject, error) { - subjects := []rbacv1.Subject{{Kind: rbacv1.GroupKind, APIGroup: rbacv1.GroupName, Name: user.SystemPrivilegedGroup}} - if len(r.superUser) > 0 { - subjects = append(subjects, rbacv1.Subject{Kind: rbacv1.UserKind, APIGroup: rbacv1.GroupName, Name: r.superUser}) - } - errorlist := []error{} - - if clusterRoleBindings, err := r.clusterRoleBindingLister.ListClusterRoleBindings(); err != nil { - errorlist = append(errorlist, err) - - } else { - for _, clusterRoleBinding := range clusterRoleBindings { - rules, err := r.roleToRuleMapper.GetRoleReferenceRules(clusterRoleBinding.RoleRef, "") - if err != nil { - // if we have an error, just keep track of it and keep processing. Since rules are additive, - // missing a reference is bad, but we can continue with other rolebindings and still have a list - // that does not contain any invalid values - errorlist = append(errorlist, err) - } - if RulesAllow(requestAttributes, rules...) { - subjects = append(subjects, clusterRoleBinding.Subjects...) - } - } - } - - if namespace := requestAttributes.GetNamespace(); len(namespace) > 0 { - if roleBindings, err := r.roleBindingLister.ListRoleBindings(namespace); err != nil { - errorlist = append(errorlist, err) - - } else { - for _, roleBinding := range roleBindings { - rules, err := r.roleToRuleMapper.GetRoleReferenceRules(roleBinding.RoleRef, namespace) - if err != nil { - // if we have an error, just keep track of it and keep processing. Since rules are additive, - // missing a reference is bad, but we can continue with other rolebindings and still have a list - // that does not contain any invalid values - errorlist = append(errorlist, err) - } - if RulesAllow(requestAttributes, rules...) { - subjects = append(subjects, roleBinding.Subjects...) - } - } - } - } - - dedupedSubjects := []rbacv1.Subject{} - for _, subject := range subjects { - found := false - for _, curr := range dedupedSubjects { - if curr == subject { - found = true - break - } - } - - if !found { - dedupedSubjects = append(dedupedSubjects, subject) - } - } - - return subjects, utilerrors.NewAggregate(errorlist) -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/LICENSE b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/LICENSE deleted file mode 100644 index 76edf5ef7e..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/LICENSE +++ /dev/null @@ -1,23 +0,0 @@ -Copyright ©2013 The gonum Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the gonum project nor the names of its authors and - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/README.md b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/README.md deleted file mode 100644 index 3b51e664a4..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/README.md +++ /dev/null @@ -1 +0,0 @@ -Forked from gonum/graph@50b27dea7ebbfb052dfaf91681afc6fde28d8796 to support memory-use improvements to the simple graph diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/graph.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/graph.go deleted file mode 100644 index adade5d79b..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/graph.go +++ /dev/null @@ -1,153 +0,0 @@ -// Copyright ©2014 The gonum Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package graph - -// Node is a graph node. It returns a graph-unique integer ID. -type Node interface { - ID() int -} - -// Edge is a graph edge. In directed graphs, the direction of the -// edge is given from -> to, otherwise the edge is semantically -// unordered. -type Edge interface { - From() Node - To() Node - Weight() float64 -} - -// Graph is a generalized graph. -type Graph interface { - // Has returns whether the node exists within the graph. - Has(Node) bool - - // Nodes returns all the nodes in the graph. - Nodes() []Node - - // From returns all nodes that can be reached directly - // from the given node. - From(Node) []Node - - // HasEdgeBeteen returns whether an edge exists between - // nodes x and y without considering direction. - HasEdgeBetween(x, y Node) bool - - // Edge returns the edge from u to v if such an edge - // exists and nil otherwise. The node v must be directly - // reachable from u as defined by the From method. - Edge(u, v Node) Edge -} - -// Undirected is an undirected graph. -type Undirected interface { - Graph - - // EdgeBetween returns the edge between nodes x and y. - EdgeBetween(x, y Node) Edge -} - -// Directed is a directed graph. -type Directed interface { - Graph - - // HasEdgeFromTo returns whether an edge exists - // in the graph from u to v. - HasEdgeFromTo(u, v Node) bool - - // To returns all nodes that can reach directly - // to the given node. - To(Node) []Node -} - -// Weighter defines graphs that can report edge weights. -type Weighter interface { - // Weight returns the weight for the edge between - // x and y if Edge(x, y) returns a non-nil Edge. - // If x and y are the same node or there is no - // joining edge between the two nodes the weight - // value returned is implementation dependent. - // Weight returns true if an edge exists between - // x and y or if x and y have the same ID, false - // otherwise. - Weight(x, y Node) (w float64, ok bool) -} - -// NodeAdder is an interface for adding arbitrary nodes to a graph. -type NodeAdder interface { - // NewNodeID returns a new unique arbitrary ID. - NewNodeID() int - - // Adds a node to the graph. AddNode panics if - // the added node ID matches an existing node ID. - AddNode(Node) -} - -// NodeRemover is an interface for removing nodes from a graph. -type NodeRemover interface { - // RemoveNode removes a node from the graph, as - // well as any edges attached to it. If the node - // is not in the graph it is a no-op. - RemoveNode(Node) -} - -// EdgeSetter is an interface for adding edges to a graph. -type EdgeSetter interface { - // SetEdge adds an edge from one node to another. - // If the graph supports node addition the nodes - // will be added if they do not exist, otherwise - // SetEdge will panic. - // If the IDs returned by e.From and e.To are - // equal, SetEdge will panic. - SetEdge(e Edge) -} - -// EdgeRemover is an interface for removing nodes from a graph. -type EdgeRemover interface { - // RemoveEdge removes the given edge, leaving the - // terminal nodes. If the edge does not exist it - // is a no-op. - RemoveEdge(Edge) -} - -// Builder is a graph that can have nodes and edges added. -type Builder interface { - NodeAdder - EdgeSetter -} - -// UndirectedBuilder is an undirected graph builder. -type UndirectedBuilder interface { - Undirected - Builder -} - -// DirectedBuilder is a directed graph builder. -type DirectedBuilder interface { - Directed - Builder -} - -// Copy copies nodes and edges as undirected edges from the source to the destination -// without first clearing the destination. Copy will panic if a node ID in the source -// graph matches a node ID in the destination. -// -// If the source is undirected and the destination is directed both directions will -// be present in the destination after the copy is complete. -// -// If the source is a directed graph, the destination is undirected, and a fundamental -// cycle exists with two nodes where the edge weights differ, the resulting destination -// graph's edge weight between those nodes is undefined. If there is a defined function -// to resolve such conflicts, an Undirect may be used to do this. -func Copy(dst Builder, src Graph) { - nodes := src.Nodes() - for _, n := range nodes { - dst.AddNode(n) - } - for _, u := range nodes { - for _, v := range src.From(u) { - dst.SetEdge(src.Edge(u, v)) - } - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear/linear.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear/linear.go deleted file mode 100644 index ce7c6cfffd..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear/linear.go +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright ©2015 The gonum Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package linear provides common linear data structures. -package linear - -import ( - "k8s.io/kubernetes/third_party/forked/gonum/graph" -) - -// NodeStack implements a LIFO stack of graph.Node. -type NodeStack []graph.Node - -// Len returns the number of graph.Nodes on the stack. -func (s *NodeStack) Len() int { return len(*s) } - -// Pop returns the last graph.Node on the stack and removes it -// from the stack. -func (s *NodeStack) Pop() graph.Node { - v := *s - v, n := v[:len(v)-1], v[len(v)-1] - *s = v - return n -} - -// Push adds the node n to the stack at the last position. -func (s *NodeStack) Push(n graph.Node) { *s = append(*s, n) } - -// NodeQueue implements a FIFO queue. -type NodeQueue struct { - head int - data []graph.Node -} - -// Len returns the number of graph.Nodes in the queue. -func (q *NodeQueue) Len() int { return len(q.data) - q.head } - -// Enqueue adds the node n to the back of the queue. -func (q *NodeQueue) Enqueue(n graph.Node) { - if len(q.data) == cap(q.data) && q.head > 0 { - l := q.Len() - copy(q.data, q.data[q.head:]) - q.head = 0 - q.data = append(q.data[:l], n) - } else { - q.data = append(q.data, n) - } -} - -// Dequeue returns the graph.Node at the front of the queue and -// removes it from the queue. -func (q *NodeQueue) Dequeue() graph.Node { - if q.Len() == 0 { - panic("queue: empty queue") - } - - var n graph.Node - n, q.data[q.head] = q.data[q.head], nil - q.head++ - - if q.Len() == 0 { - q.head = 0 - q.data = q.data[:0] - } - - return n -} - -// Reset clears the queue for reuse. -func (q *NodeQueue) Reset() { - q.head = 0 - q.data = q.data[:0] -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/directed_acyclic.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/directed_acyclic.go deleted file mode 100644 index ac930feb16..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/directed_acyclic.go +++ /dev/null @@ -1,83 +0,0 @@ -package simple - -import ( - "k8s.io/kubernetes/third_party/forked/gonum/graph" -) - -// DirectedAcyclicGraph implements graph.Directed using UndirectedGraph, -// which only stores one edge for any node pair. -type DirectedAcyclicGraph struct { - *UndirectedGraph -} - -func NewDirectedAcyclicGraph(self, absent float64) *DirectedAcyclicGraph { - return &DirectedAcyclicGraph{ - UndirectedGraph: NewUndirectedGraph(self, absent), - } -} - -func (g *DirectedAcyclicGraph) HasEdgeFromTo(u, v graph.Node) bool { - edge := g.UndirectedGraph.EdgeBetween(u, v) - if edge == nil { - return false - } - return (edge.From().ID() == u.ID()) -} - -func (g *DirectedAcyclicGraph) From(n graph.Node) []graph.Node { - if !g.Has(n) { - return nil - } - - fid := n.ID() - nodes := make([]graph.Node, 0, g.UndirectedGraph.edges[n.ID()].Len()) - g.UndirectedGraph.edges[n.ID()].Visit(func(neighbor int, edge graph.Edge) { - if edge.From().ID() == fid { - nodes = append(nodes, g.UndirectedGraph.nodes[edge.To().ID()]) - } - }) - return nodes -} - -func (g *DirectedAcyclicGraph) VisitFrom(n graph.Node, visitor func(neighbor graph.Node) (shouldContinue bool)) { - if !g.Has(n) { - return - } - fid := n.ID() - g.UndirectedGraph.edges[n.ID()].Visit(func(neighbor int, edge graph.Edge) { - if edge.From().ID() == fid { - if !visitor(g.UndirectedGraph.nodes[edge.To().ID()]) { - return - } - } - }) -} - -func (g *DirectedAcyclicGraph) To(n graph.Node) []graph.Node { - if !g.Has(n) { - return nil - } - - tid := n.ID() - nodes := make([]graph.Node, 0, g.UndirectedGraph.edges[n.ID()].Len()) - g.UndirectedGraph.edges[n.ID()].Visit(func(neighbor int, edge graph.Edge) { - if edge.To().ID() == tid { - nodes = append(nodes, g.UndirectedGraph.nodes[edge.From().ID()]) - } - }) - return nodes -} - -func (g *DirectedAcyclicGraph) VisitTo(n graph.Node, visitor func(neighbor graph.Node) (shouldContinue bool)) { - if !g.Has(n) { - return - } - tid := n.ID() - g.UndirectedGraph.edges[n.ID()].Visit(func(neighbor int, edge graph.Edge) { - if edge.To().ID() == tid { - if !visitor(g.UndirectedGraph.nodes[edge.From().ID()]) { - return - } - } - }) -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/edgeholder.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/edgeholder.go deleted file mode 100644 index f2248ab7db..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/edgeholder.go +++ /dev/null @@ -1,122 +0,0 @@ -package simple - -import "k8s.io/kubernetes/third_party/forked/gonum/graph" - -// edgeHolder represents a set of edges, with no more than one edge to or from a particular neighbor node -type edgeHolder interface { - // Visit invokes visitor with each edge and the id of the neighbor node in the edge - Visit(visitor func(neighbor int, edge graph.Edge)) - // Delete removes edges to or from the specified neighbor - Delete(neighbor int) edgeHolder - // Set stores the edge to or from the specified neighbor - Set(neighbor int, edge graph.Edge) edgeHolder - // Get returns the edge to or from the specified neighbor - Get(neighbor int) (graph.Edge, bool) - // Len returns the number of edges - Len() int -} - -// sliceEdgeHolder holds a list of edges to or from self -type sliceEdgeHolder struct { - self int - edges []graph.Edge -} - -func (e *sliceEdgeHolder) Visit(visitor func(neighbor int, edge graph.Edge)) { - for _, edge := range e.edges { - if edge.From().ID() == e.self { - visitor(edge.To().ID(), edge) - } else { - visitor(edge.From().ID(), edge) - } - } -} -func (e *sliceEdgeHolder) Delete(neighbor int) edgeHolder { - edges := e.edges[:0] - for i, edge := range e.edges { - if edge.From().ID() == e.self { - if edge.To().ID() == neighbor { - continue - } - } else { - if edge.From().ID() == neighbor { - continue - } - } - edges = append(edges, e.edges[i]) - } - e.edges = edges - return e -} -func (e *sliceEdgeHolder) Set(neighbor int, newEdge graph.Edge) edgeHolder { - for i, edge := range e.edges { - if edge.From().ID() == e.self { - if edge.To().ID() == neighbor { - e.edges[i] = newEdge - return e - } - } else { - if edge.From().ID() == neighbor { - e.edges[i] = newEdge - return e - } - } - } - - if len(e.edges) < 4 { - e.edges = append(e.edges, newEdge) - return e - } - - h := mapEdgeHolder(make(map[int]graph.Edge, len(e.edges)+1)) - for i, edge := range e.edges { - if edge.From().ID() == e.self { - h[edge.To().ID()] = e.edges[i] - } else { - h[edge.From().ID()] = e.edges[i] - } - } - h[neighbor] = newEdge - return h -} -func (e *sliceEdgeHolder) Get(neighbor int) (graph.Edge, bool) { - for _, edge := range e.edges { - if edge.From().ID() == e.self { - if edge.To().ID() == neighbor { - return edge, true - } - } else { - if edge.From().ID() == neighbor { - return edge, true - } - } - } - return nil, false -} -func (e *sliceEdgeHolder) Len() int { - return len(e.edges) -} - -// mapEdgeHolder holds a map of neighbors to edges -type mapEdgeHolder map[int]graph.Edge - -func (e mapEdgeHolder) Visit(visitor func(neighbor int, edge graph.Edge)) { - for neighbor, edge := range e { - visitor(neighbor, edge) - } -} -func (e mapEdgeHolder) Delete(neighbor int) edgeHolder { - delete(e, neighbor) - return e -} -func (e mapEdgeHolder) Set(neighbor int, edge graph.Edge) edgeHolder { - e[neighbor] = edge - return e -} -func (e mapEdgeHolder) Get(neighbor int) (graph.Edge, bool) { - edge, ok := e[neighbor] - return edge, ok -} -func (e mapEdgeHolder) Len() int { - return len(e) -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/simple.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/simple.go deleted file mode 100644 index 9bc56b8be6..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/simple.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright ©2014 The gonum Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package simple provides a suite of simple graph implementations satisfying -// the gonum/graph interfaces. -package simple - -import ( - "math" - - "k8s.io/kubernetes/third_party/forked/gonum/graph" -) - -// Node is a simple graph node. -type Node int - -// ID returns the ID number of the node. -func (n Node) ID() int { - return int(n) -} - -// Edge is a simple graph edge. -type Edge struct { - F, T graph.Node - W float64 -} - -// From returns the from-node of the edge. -func (e Edge) From() graph.Node { return e.F } - -// To returns the to-node of the edge. -func (e Edge) To() graph.Node { return e.T } - -// Weight returns the weight of the edge. -func (e Edge) Weight() float64 { return e.W } - -// maxInt is the maximum value of the machine-dependent int type. -const maxInt int = int(^uint(0) >> 1) - -// isSame returns whether two float64 values are the same where NaN values -// are equalable. -func isSame(a, b float64) bool { - return a == b || (math.IsNaN(a) && math.IsNaN(b)) -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/undirected.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/undirected.go deleted file mode 100644 index 231fa3deda..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/simple/undirected.go +++ /dev/null @@ -1,242 +0,0 @@ -// Copyright ©2014 The gonum Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package simple - -import ( - "fmt" - - "golang.org/x/tools/container/intsets" - - "k8s.io/kubernetes/third_party/forked/gonum/graph" -) - -// UndirectedGraph implements a generalized undirected graph. -type UndirectedGraph struct { - nodes map[int]graph.Node - edges map[int]edgeHolder - - self, absent float64 - - freeIDs intsets.Sparse - usedIDs intsets.Sparse -} - -// NewUndirectedGraph returns an UndirectedGraph with the specified self and absent -// edge weight values. -func NewUndirectedGraph(self, absent float64) *UndirectedGraph { - return &UndirectedGraph{ - nodes: make(map[int]graph.Node), - edges: make(map[int]edgeHolder), - - self: self, - absent: absent, - } -} - -// NewNodeID returns a new unique ID for a node to be added to g. The returned ID does -// not become a valid ID in g until it is added to g. -func (g *UndirectedGraph) NewNodeID() int { - if len(g.nodes) == 0 { - return 0 - } - if len(g.nodes) == maxInt { - panic(fmt.Sprintf("simple: cannot allocate node: no slot")) - } - - var id int - if g.freeIDs.Len() != 0 && g.freeIDs.TakeMin(&id) { - return id - } - if id = g.usedIDs.Max(); id < maxInt { - return id + 1 - } - for id = 0; id < maxInt; id++ { - if !g.usedIDs.Has(id) { - return id - } - } - panic("unreachable") -} - -// AddNode adds n to the graph. It panics if the added node ID matches an existing node ID. -func (g *UndirectedGraph) AddNode(n graph.Node) { - if _, exists := g.nodes[n.ID()]; exists { - panic(fmt.Sprintf("simple: node ID collision: %d", n.ID())) - } - g.nodes[n.ID()] = n - g.edges[n.ID()] = &sliceEdgeHolder{self: n.ID()} - - g.freeIDs.Remove(n.ID()) - g.usedIDs.Insert(n.ID()) -} - -// RemoveNode removes n from the graph, as well as any edges attached to it. If the node -// is not in the graph it is a no-op. -func (g *UndirectedGraph) RemoveNode(n graph.Node) { - if _, ok := g.nodes[n.ID()]; !ok { - return - } - delete(g.nodes, n.ID()) - - g.edges[n.ID()].Visit(func(neighbor int, edge graph.Edge) { - g.edges[neighbor] = g.edges[neighbor].Delete(n.ID()) - }) - delete(g.edges, n.ID()) - - g.freeIDs.Insert(n.ID()) - g.usedIDs.Remove(n.ID()) - -} - -// SetEdge adds e, an edge from one node to another. If the nodes do not exist, they are added. -// It will panic if the IDs of the e.From and e.To are equal. -func (g *UndirectedGraph) SetEdge(e graph.Edge) { - var ( - from = e.From() - fid = from.ID() - to = e.To() - tid = to.ID() - ) - - if fid == tid { - panic("simple: adding self edge") - } - - if !g.Has(from) { - g.AddNode(from) - } - if !g.Has(to) { - g.AddNode(to) - } - - g.edges[fid] = g.edges[fid].Set(tid, e) - g.edges[tid] = g.edges[tid].Set(fid, e) -} - -// RemoveEdge removes e from the graph, leaving the terminal nodes. If the edge does not exist -// it is a no-op. -func (g *UndirectedGraph) RemoveEdge(e graph.Edge) { - from, to := e.From(), e.To() - if _, ok := g.nodes[from.ID()]; !ok { - return - } - if _, ok := g.nodes[to.ID()]; !ok { - return - } - - g.edges[from.ID()] = g.edges[from.ID()].Delete(to.ID()) - g.edges[to.ID()] = g.edges[to.ID()].Delete(from.ID()) -} - -// Node returns the node in the graph with the given ID. -func (g *UndirectedGraph) Node(id int) graph.Node { - return g.nodes[id] -} - -// Has returns whether the node exists within the graph. -func (g *UndirectedGraph) Has(n graph.Node) bool { - _, ok := g.nodes[n.ID()] - return ok -} - -// Nodes returns all the nodes in the graph. -func (g *UndirectedGraph) Nodes() []graph.Node { - nodes := make([]graph.Node, len(g.nodes)) - i := 0 - for _, n := range g.nodes { - nodes[i] = n - i++ - } - - return nodes -} - -// Edges returns all the edges in the graph. -func (g *UndirectedGraph) Edges() []graph.Edge { - var edges []graph.Edge - - seen := make(map[[2]int]struct{}) - for _, u := range g.edges { - u.Visit(func(neighbor int, e graph.Edge) { - uid := e.From().ID() - vid := e.To().ID() - if _, ok := seen[[2]int{uid, vid}]; ok { - return - } - seen[[2]int{uid, vid}] = struct{}{} - seen[[2]int{vid, uid}] = struct{}{} - edges = append(edges, e) - }) - } - - return edges -} - -// From returns all nodes in g that can be reached directly from n. -func (g *UndirectedGraph) From(n graph.Node) []graph.Node { - if !g.Has(n) { - return nil - } - - nodes := make([]graph.Node, g.edges[n.ID()].Len()) - i := 0 - g.edges[n.ID()].Visit(func(neighbor int, edge graph.Edge) { - nodes[i] = g.nodes[neighbor] - i++ - }) - - return nodes -} - -// HasEdgeBetween returns whether an edge exists between nodes x and y. -func (g *UndirectedGraph) HasEdgeBetween(x, y graph.Node) bool { - _, ok := g.edges[x.ID()].Get(y.ID()) - return ok -} - -// Edge returns the edge from u to v if such an edge exists and nil otherwise. -// The node v must be directly reachable from u as defined by the From method. -func (g *UndirectedGraph) Edge(u, v graph.Node) graph.Edge { - return g.EdgeBetween(u, v) -} - -// EdgeBetween returns the edge between nodes x and y. -func (g *UndirectedGraph) EdgeBetween(x, y graph.Node) graph.Edge { - // We don't need to check if neigh exists because - // it's implicit in the edges access. - if !g.Has(x) { - return nil - } - - edge, _ := g.edges[x.ID()].Get(y.ID()) - return edge -} - -// Weight returns the weight for the edge between x and y if Edge(x, y) returns a non-nil Edge. -// If x and y are the same node or there is no joining edge between the two nodes the weight -// value returned is either the graph's absent or self value. Weight returns true if an edge -// exists between x and y or if x and y have the same ID, false otherwise. -func (g *UndirectedGraph) Weight(x, y graph.Node) (w float64, ok bool) { - xid := x.ID() - yid := y.ID() - if xid == yid { - return g.self, true - } - if n, ok := g.edges[xid]; ok { - if e, ok := n.Get(yid); ok { - return e.Weight(), true - } - } - return g.absent, false -} - -// Degree returns the degree of n in g. -func (g *UndirectedGraph) Degree(n graph.Node) int { - if _, ok := g.nodes[n.ID()]; !ok { - return 0 - } - - return g.edges[n.ID()].Len() -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/traverse/traverse.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/traverse/traverse.go deleted file mode 100644 index 105c8f6e14..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/traverse/traverse.go +++ /dev/null @@ -1,186 +0,0 @@ -// Copyright ©2015 The gonum Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package traverse provides basic graph traversal primitives. -package traverse - -import ( - "golang.org/x/tools/container/intsets" - - "k8s.io/kubernetes/third_party/forked/gonum/graph" - "k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear" -) - -// BreadthFirst implements stateful breadth-first graph traversal. -type BreadthFirst struct { - EdgeFilter func(graph.Edge) bool - Visit func(u, v graph.Node) - queue linear.NodeQueue - visited *intsets.Sparse -} - -// Walk performs a breadth-first traversal of the graph g starting from the given node, -// depending on the EdgeFilter field and the until parameter if they are non-nil. The -// traversal follows edges for which EdgeFilter(edge) is true and returns the first node -// for which until(node, depth) is true. During the traversal, if the Visit field is -// non-nil, it is called with the nodes joined by each followed edge. -func (b *BreadthFirst) Walk(g graph.Graph, from graph.Node, until func(n graph.Node, d int) bool) graph.Node { - if b.visited == nil { - b.visited = &intsets.Sparse{} - } - b.queue.Enqueue(from) - b.visited.Insert(from.ID()) - - var ( - depth int - children int - untilNext = 1 - ) - for b.queue.Len() > 0 { - t := b.queue.Dequeue() - if until != nil && until(t, depth) { - return t - } - for _, n := range g.From(t) { - if b.EdgeFilter != nil && !b.EdgeFilter(g.Edge(t, n)) { - continue - } - if b.visited.Has(n.ID()) { - continue - } - if b.Visit != nil { - b.Visit(t, n) - } - b.visited.Insert(n.ID()) - children++ - b.queue.Enqueue(n) - } - if untilNext--; untilNext == 0 { - depth++ - untilNext = children - children = 0 - } - } - - return nil -} - -// WalkAll calls Walk for each unvisited node of the graph g using edges independent -// of their direction. The functions before and after are called prior to commencing -// and after completing each walk if they are non-nil respectively. The function -// during is called on each node as it is traversed. -func (b *BreadthFirst) WalkAll(g graph.Undirected, before, after func(), during func(graph.Node)) { - b.Reset() - for _, from := range g.Nodes() { - if b.Visited(from) { - continue - } - if before != nil { - before() - } - b.Walk(g, from, func(n graph.Node, _ int) bool { - if during != nil { - during(n) - } - return false - }) - if after != nil { - after() - } - } -} - -// Visited returned whether the node n was visited during a traverse. -func (b *BreadthFirst) Visited(n graph.Node) bool { - return b.visited != nil && b.visited.Has(n.ID()) -} - -// Reset resets the state of the traverser for reuse. -func (b *BreadthFirst) Reset() { - b.queue.Reset() - if b.visited != nil { - b.visited.Clear() - } -} - -// DepthFirst implements stateful depth-first graph traversal. -type DepthFirst struct { - EdgeFilter func(graph.Edge) bool - Visit func(u, v graph.Node) - stack linear.NodeStack - visited *intsets.Sparse -} - -// Walk performs a depth-first traversal of the graph g starting from the given node, -// depending on the EdgeFilter field and the until parameter if they are non-nil. The -// traversal follows edges for which EdgeFilter(edge) is true and returns the first node -// for which until(node) is true. During the traversal, if the Visit field is non-nil, it -// is called with the nodes joined by each followed edge. -func (d *DepthFirst) Walk(g graph.Graph, from graph.Node, until func(graph.Node) bool) graph.Node { - if d.visited == nil { - d.visited = &intsets.Sparse{} - } - d.stack.Push(from) - d.visited.Insert(from.ID()) - - for d.stack.Len() > 0 { - t := d.stack.Pop() - if until != nil && until(t) { - return t - } - for _, n := range g.From(t) { - if d.EdgeFilter != nil && !d.EdgeFilter(g.Edge(t, n)) { - continue - } - if d.visited.Has(n.ID()) { - continue - } - if d.Visit != nil { - d.Visit(t, n) - } - d.visited.Insert(n.ID()) - d.stack.Push(n) - } - } - - return nil -} - -// WalkAll calls Walk for each unvisited node of the graph g using edges independent -// of their direction. The functions before and after are called prior to commencing -// and after completing each walk if they are non-nil respectively. The function -// during is called on each node as it is traversed. -func (d *DepthFirst) WalkAll(g graph.Undirected, before, after func(), during func(graph.Node)) { - d.Reset() - for _, from := range g.Nodes() { - if d.Visited(from) { - continue - } - if before != nil { - before() - } - d.Walk(g, from, func(n graph.Node) bool { - if during != nil { - during(n) - } - return false - }) - if after != nil { - after() - } - } -} - -// Visited returned whether the node n was visited during a traverse. -func (d *DepthFirst) Visited(n graph.Node) bool { - return d.visited != nil && d.visited.Has(n.ID()) -} - -// Reset resets the state of the traverser for reuse. -func (d *DepthFirst) Reset() { - d.stack = d.stack[:0] - if d.visited != nil { - d.visited.Clear() - } -} diff --git a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/traverse/visit_depth_first.go b/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/traverse/visit_depth_first.go deleted file mode 100644 index 89df3c6902..0000000000 --- a/etcd/vendor/k8s.io/kubernetes/third_party/forked/gonum/graph/traverse/visit_depth_first.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright ©2015 The gonum Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package traverse provides basic graph traversal primitives. -package traverse - -import ( - "golang.org/x/tools/container/intsets" - - "k8s.io/kubernetes/third_party/forked/gonum/graph" - "k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear" -) - -// VisitableGraph -type VisitableGraph interface { - graph.Graph - - // VisitFrom invokes visitor with all nodes that can be reached directly from the given node. - // If visitor returns false, visiting is short-circuited. - VisitFrom(from graph.Node, visitor func(graph.Node) (shouldContinue bool)) -} - -// VisitingDepthFirst implements stateful depth-first graph traversal on a visitable graph. -type VisitingDepthFirst struct { - EdgeFilter func(graph.Edge) bool - Visit func(u, v graph.Node) - stack linear.NodeStack - visited *intsets.Sparse -} - -// Walk performs a depth-first traversal of the graph g starting from the given node, -// depending on the EdgeFilter field and the until parameter if they are non-nil. The -// traversal follows edges for which EdgeFilter(edge) is true and returns the first node -// for which until(node) is true. During the traversal, if the Visit field is non-nil, it -// is called with the nodes joined by each followed edge. -func (d *VisitingDepthFirst) Walk(g VisitableGraph, from graph.Node, until func(graph.Node) bool) graph.Node { - if d.visited == nil { - d.visited = &intsets.Sparse{} - } - d.stack.Push(from) - d.visited.Insert(from.ID()) - if until != nil && until(from) { - return from - } - - var found graph.Node - for d.stack.Len() > 0 { - t := d.stack.Pop() - g.VisitFrom(t, func(n graph.Node) (shouldContinue bool) { - if d.EdgeFilter != nil && !d.EdgeFilter(g.Edge(t, n)) { - return true - } - if d.visited.Has(n.ID()) { - return true - } - if d.Visit != nil { - d.Visit(t, n) - } - d.visited.Insert(n.ID()) - d.stack.Push(n) - if until != nil && until(n) { - found = n - return false - } - return true - }) - if found != nil { - return found - } - } - return nil -} - -// Visited returned whether the node n was visited during a traverse. -func (d *VisitingDepthFirst) Visited(n graph.Node) bool { - return d.visited != nil && d.visited.Has(n.ID()) -} - -// Reset resets the state of the traverser for reuse. -func (d *VisitingDepthFirst) Reset() { - d.stack = d.stack[:0] - if d.visited != nil { - d.visited.Clear() - } -} diff --git a/etcd/vendor/k8s.io/mount-utils/LICENSE b/etcd/vendor/k8s.io/mount-utils/LICENSE deleted file mode 100644 index 8dada3edaf..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/mount-utils/OWNERS b/etcd/vendor/k8s.io/mount-utils/OWNERS deleted file mode 100644 index 64fb63c1e4..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/OWNERS +++ /dev/null @@ -1,15 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - jingxu97 - - saad-ali - - jsafrane - - msau42 - - andyzhangx - - gnufied -approvers: - - jingxu97 - - saad-ali - - jsafrane -labels: - - sig/storage diff --git a/etcd/vendor/k8s.io/mount-utils/README.md b/etcd/vendor/k8s.io/mount-utils/README.md deleted file mode 100644 index ee7c8e89af..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/README.md +++ /dev/null @@ -1,31 +0,0 @@ -## Purpose - -This repository defines an interface to mounting filesystems to be consumed by -various Kubernetes and out-of-tree CSI components. - -Consumers of this repository can make use of functions like 'Mount' to mount -source to target as fstype with given options, 'Unmount' to unmount a target. -Other useful functions include 'List' all mounted file systems and find all -mount references to a path using 'GetMountRefs' - -## Community, discussion, contribution, and support - -Learn how to engage with the Kubernetes community on the [community -page](http://kubernetes.io/community/). - -You can reach the maintainers of this repository at: - -- Slack: #sig-storage (on https://kubernetes.slack.com -- get an - invite at slack.kubernetes.io) -- Mailing List: - https://groups.google.com/forum/#!forum/kubernetes-sig-storage - -### Code of Conduct - -Participation in the Kubernetes community is governed by the [Kubernetes -Code of Conduct](code-of-conduct.md). - -### Contibution Guidelines - -See [CONTRIBUTING.md](CONTRIBUTING.md) for more information. - diff --git a/etcd/vendor/k8s.io/mount-utils/SECURITY_CONTACTS b/etcd/vendor/k8s.io/mount-utils/SECURITY_CONTACTS deleted file mode 100644 index 14fe23e186..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/SECURITY_CONTACTS +++ /dev/null @@ -1,18 +0,0 @@ -# Defined below are the security contacts for this repo. -# -# They are the contact point for the Product Security Committee to reach out -# to for triaging and handling of incoming issues. -# -# The below names agree to abide by the -# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) -# and will be removed and replaced if they violate that agreement. -# -# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE -# INSTRUCTIONS AT https://kubernetes.io/security/ - -saad-ali -cjcullen -joelsmith -liggitt -philips -tallclair diff --git a/etcd/vendor/k8s.io/mount-utils/code-of-conduct.md b/etcd/vendor/k8s.io/mount-utils/code-of-conduct.md deleted file mode 100644 index 0d15c00cf3..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/code-of-conduct.md +++ /dev/null @@ -1,3 +0,0 @@ -# Kubernetes Community Code of Conduct - -Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) diff --git a/etcd/vendor/k8s.io/mount-utils/doc.go b/etcd/vendor/k8s.io/mount-utils/doc.go deleted file mode 100644 index b7cac03a52..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package mount defines an interface to mounting filesystems. -package mount // import "k8s.io/mount-utils" diff --git a/etcd/vendor/k8s.io/mount-utils/fake_mounter.go b/etcd/vendor/k8s.io/mount-utils/fake_mounter.go deleted file mode 100644 index 5a57015988..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/fake_mounter.go +++ /dev/null @@ -1,242 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "os" - "path/filepath" - "sync" - - "k8s.io/klog/v2" -) - -// FakeMounter implements mount.Interface for tests. -type FakeMounter struct { - MountPoints []MountPoint - log []FakeAction - // Error to return for a path when calling IsLikelyNotMountPoint - MountCheckErrors map[string]error - // Some tests run things in parallel, make sure the mounter does not produce - // any golang's DATA RACE warnings. - mutex sync.Mutex - UnmountFunc UnmountFunc - skipMountPointCheck bool -} - -// UnmountFunc is a function callback to be executed during the Unmount() call. -type UnmountFunc func(path string) error - -var _ Interface = &FakeMounter{} - -const ( - // FakeActionMount is the string for specifying mount as FakeAction.Action - FakeActionMount = "mount" - // FakeActionUnmount is the string for specifying unmount as FakeAction.Action - FakeActionUnmount = "unmount" -) - -// FakeAction objects are logged every time a fake mount or unmount is called. -type FakeAction struct { - Action string // "mount" or "unmount" - Target string // applies to both mount and unmount actions - Source string // applies only to "mount" actions - FSType string // applies only to "mount" actions -} - -// NewFakeMounter returns a FakeMounter struct that implements Interface and is -// suitable for testing purposes. -func NewFakeMounter(mps []MountPoint) *FakeMounter { - return &FakeMounter{ - MountPoints: mps, - } -} - -func (f *FakeMounter) WithSkipMountPointCheck() *FakeMounter { - f.skipMountPointCheck = true - return f -} - -// ResetLog clears all the log entries in FakeMounter -func (f *FakeMounter) ResetLog() { - f.mutex.Lock() - defer f.mutex.Unlock() - - f.log = []FakeAction{} -} - -// GetLog returns the slice of FakeActions taken by the mounter -func (f *FakeMounter) GetLog() []FakeAction { - f.mutex.Lock() - defer f.mutex.Unlock() - - return f.log -} - -// Mount records the mount event and updates the in-memory mount points for FakeMounter -func (f *FakeMounter) Mount(source string, target string, fstype string, options []string) error { - return f.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) -} - -// Mount records the mount event and updates the in-memory mount points for FakeMounter -// sensitiveOptions to be passed in a separate parameter from the normal -// mount options and ensures the sensitiveOptions are never logged. This -// method should be used by callers that pass sensitive material (like -// passwords) as mount options. -func (f *FakeMounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - f.mutex.Lock() - defer f.mutex.Unlock() - - opts := []string{} - - for _, option := range options { - // find 'bind' option - if option == "bind" { - // This is a bind-mount. In order to mimic linux behaviour, we must - // use the original device of the bind-mount as the real source. - // E.g. when mounted /dev/sda like this: - // $ mount /dev/sda /mnt/test - // $ mount -o bind /mnt/test /mnt/bound - // then /proc/mount contains: - // /dev/sda /mnt/test - // /dev/sda /mnt/bound - // (and not /mnt/test /mnt/bound) - // I.e. we must use /dev/sda as source instead of /mnt/test in the - // bind mount. - for _, mnt := range f.MountPoints { - if source == mnt.Path { - source = mnt.Device - break - } - } - } - // reuse MountPoint.Opts field to mark mount as readonly - opts = append(opts, option) - } - - // If target is a symlink, get its absolute path - absTarget, err := filepath.EvalSymlinks(target) - if err != nil { - absTarget = target - } - f.MountPoints = append(f.MountPoints, MountPoint{Device: source, Path: absTarget, Type: fstype, Opts: append(opts, sensitiveOptions...)}) - klog.V(5).Infof("Fake mounter: mounted %s to %s", source, absTarget) - f.log = append(f.log, FakeAction{Action: FakeActionMount, Target: absTarget, Source: source, FSType: fstype}) - return nil -} - -func (f *FakeMounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - return f.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) -} - -func (f *FakeMounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { - return f.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) -} - -// Unmount records the unmount event and updates the in-memory mount points for FakeMounter -func (f *FakeMounter) Unmount(target string) error { - f.mutex.Lock() - defer f.mutex.Unlock() - - // If target is a symlink, get its absolute path - absTarget, err := filepath.EvalSymlinks(target) - if err != nil { - absTarget = target - } - - newMountpoints := []MountPoint{} - for _, mp := range f.MountPoints { - if mp.Path == absTarget { - if f.UnmountFunc != nil { - err := f.UnmountFunc(absTarget) - if err != nil { - return err - } - } - klog.V(5).Infof("Fake mounter: unmounted %s from %s", mp.Device, absTarget) - // Don't copy it to newMountpoints - continue - } - newMountpoints = append(newMountpoints, MountPoint{Device: mp.Device, Path: mp.Path, Type: mp.Type}) - } - f.MountPoints = newMountpoints - f.log = append(f.log, FakeAction{Action: FakeActionUnmount, Target: absTarget}) - delete(f.MountCheckErrors, target) - return nil -} - -// List returns all the in-memory mountpoints for FakeMounter -func (f *FakeMounter) List() ([]MountPoint, error) { - f.mutex.Lock() - defer f.mutex.Unlock() - - return f.MountPoints, nil -} - -// IsLikelyNotMountPoint determines whether a path is a mountpoint by checking -// if the absolute path to file is in the in-memory mountpoints -func (f *FakeMounter) IsLikelyNotMountPoint(file string) (bool, error) { - f.mutex.Lock() - defer f.mutex.Unlock() - - err := f.MountCheckErrors[file] - if err != nil { - return false, err - } - - _, err = os.Stat(file) - if err != nil { - return true, err - } - - // If file is a symlink, get its absolute path - absFile, err := filepath.EvalSymlinks(file) - if err != nil { - absFile = file - } - - for _, mp := range f.MountPoints { - if mp.Path == absFile { - klog.V(5).Infof("isLikelyNotMountPoint for %s: mounted %s, false", file, mp.Path) - return false, nil - } - } - klog.V(5).Infof("isLikelyNotMountPoint for %s: true", file) - return true, nil -} - -func (f *FakeMounter) canSafelySkipMountPointCheck() bool { - return f.skipMountPointCheck -} - -func (f *FakeMounter) IsMountPoint(file string) (bool, error) { - notMnt, err := f.IsLikelyNotMountPoint(file) - if err != nil { - return false, err - } - return !notMnt, nil -} - -// GetMountRefs finds all mount references to the path, returns a -// list of paths. -func (f *FakeMounter) GetMountRefs(pathname string) ([]string, error) { - realpath, err := filepath.EvalSymlinks(pathname) - if err != nil { - // Ignore error in FakeMounter, because we actually didn't create files. - realpath = pathname - } - return getMountRefsByDev(f, realpath) -} diff --git a/etcd/vendor/k8s.io/mount-utils/mount.go b/etcd/vendor/k8s.io/mount-utils/mount.go deleted file mode 100644 index 57abb69196..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/mount.go +++ /dev/null @@ -1,370 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// TODO(thockin): This whole pkg is pretty linux-centric. As soon as we have -// an alternate platform, we will need to abstract further. - -package mount - -import ( - "fmt" - "path/filepath" - "strings" - "time" - - utilexec "k8s.io/utils/exec" -) - -const ( - // Default mount command if mounter path is not specified. - defaultMountCommand = "mount" - // Log message where sensitive mount options were removed - sensitiveOptionsRemoved = "<masked>" -) - -// Interface defines the set of methods to allow for mount operations on a system. -type Interface interface { - // Mount mounts source to target as fstype with given options. - // options MUST not contain sensitive material (like passwords). - Mount(source string, target string, fstype string, options []string) error - // MountSensitive is the same as Mount() but this method allows - // sensitiveOptions to be passed in a separate parameter from the normal - // mount options and ensures the sensitiveOptions are never logged. This - // method should be used by callers that pass sensitive material (like - // passwords) as mount options. - MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error - // MountSensitiveWithoutSystemd is the same as MountSensitive() but this method disable using systemd mount. - MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error - // MountSensitiveWithoutSystemdWithMountFlags is the same as MountSensitiveWithoutSystemd() with additional mount flags - MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error - // Unmount unmounts given target. - Unmount(target string) error - // List returns a list of all mounted filesystems. This can be large. - // On some platforms, reading mounts directly from the OS is not guaranteed - // consistent (i.e. it could change between chunked reads). This is guaranteed - // to be consistent. - List() ([]MountPoint, error) - // IsLikelyNotMountPoint uses heuristics to determine if a directory - // is not a mountpoint. - // It should return ErrNotExist when the directory does not exist. - // IsLikelyNotMountPoint does NOT properly detect all mountpoint types - // most notably linux bind mounts and symbolic link. For callers that do not - // care about such situations, this is a faster alternative to calling List() - // and scanning that output. - IsLikelyNotMountPoint(file string) (bool, error) - // canSafelySkipMountPointCheck indicates whether this mounter returns errors on - // operations for targets that are not mount points. If this returns true, no such - // errors will be returned. - canSafelySkipMountPointCheck() bool - // IsMountPoint determines if a directory is a mountpoint. - // It should return ErrNotExist when the directory does not exist. - // IsMountPoint is more expensive than IsLikelyNotMountPoint. - // IsMountPoint detects bind mounts in linux. - // IsMountPoint may enumerate all the mountpoints using List() and - // the list of mountpoints may be large, then it uses - // isMountPointMatch to evaluate whether the directory is a mountpoint. - IsMountPoint(file string) (bool, error) - // GetMountRefs finds all mount references to pathname, returning a slice of - // paths. Pathname can be a mountpoint path or a normal directory - // (for bind mount). On Linux, pathname is excluded from the slice. - // For example, if /dev/sdc was mounted at /path/a and /path/b, - // GetMountRefs("/path/a") would return ["/path/b"] - // GetMountRefs("/path/b") would return ["/path/a"] - // On Windows there is no way to query all mount points; as long as pathname is - // a valid mount, it will be returned. - GetMountRefs(pathname string) ([]string, error) -} - -// Compile-time check to ensure all Mounter implementations satisfy -// the mount interface. -var _ Interface = &Mounter{} - -type MounterForceUnmounter interface { - Interface - // UnmountWithForce unmounts given target but will retry unmounting with force option - // after given timeout. - UnmountWithForce(target string, umountTimeout time.Duration) error -} - -// MountPoint represents a single line in /proc/mounts or /etc/fstab. -type MountPoint struct { // nolint: golint - Device string - Path string - Type string - Opts []string // Opts may contain sensitive mount options (like passwords) and MUST be treated as such (e.g. not logged). - Freq int - Pass int -} - -type MountErrorType string // nolint: golint - -const ( - FilesystemMismatch MountErrorType = "FilesystemMismatch" - HasFilesystemErrors MountErrorType = "HasFilesystemErrors" - UnformattedReadOnly MountErrorType = "UnformattedReadOnly" - FormatFailed MountErrorType = "FormatFailed" - GetDiskFormatFailed MountErrorType = "GetDiskFormatFailed" - UnknownMountError MountErrorType = "UnknownMountError" -) - -type MountError struct { // nolint: golint - Type MountErrorType - Message string -} - -func (mountError MountError) String() string { - return mountError.Message -} - -func (mountError MountError) Error() string { - return mountError.Message -} - -func NewMountError(mountErrorValue MountErrorType, format string, args ...interface{}) error { - mountError := MountError{ - Type: mountErrorValue, - Message: fmt.Sprintf(format, args...), - } - return mountError -} - -// SafeFormatAndMount probes a device to see if it is formatted. -// Namely it checks to see if a file system is present. If so it -// mounts it otherwise the device is formatted first then mounted. -type SafeFormatAndMount struct { - Interface - Exec utilexec.Interface -} - -// FormatAndMount formats the given disk, if needed, and mounts it. -// That is if the disk is not formatted and it is not being mounted as -// read-only it will format it first then mount it. Otherwise, if the -// disk is already formatted or it is being mounted as read-only, it -// will be mounted without formatting. -// options MUST not contain sensitive material (like passwords). -func (mounter *SafeFormatAndMount) FormatAndMount(source string, target string, fstype string, options []string) error { - return mounter.FormatAndMountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) -} - -// FormatAndMountSensitive is the same as FormatAndMount but this method allows -// sensitiveOptions to be passed in a separate parameter from the normal mount -// options and ensures the sensitiveOptions are never logged. This method should -// be used by callers that pass sensitive material (like passwords) as mount -// options. -func (mounter *SafeFormatAndMount) FormatAndMountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - return mounter.FormatAndMountSensitiveWithFormatOptions(source, target, fstype, options, sensitiveOptions, nil /* formatOptions */) -} - -// FormatAndMountSensitiveWithFormatOptions behaves exactly the same as -// FormatAndMountSensitive, but allows for options to be passed when the disk -// is formatted. These options are NOT validated in any way and should never -// come directly from untrusted user input as that would be an injection risk. -func (mounter *SafeFormatAndMount) FormatAndMountSensitiveWithFormatOptions(source string, target string, fstype string, options []string, sensitiveOptions []string, formatOptions []string) error { - return mounter.formatAndMountSensitive(source, target, fstype, options, sensitiveOptions, formatOptions) -} - -// getMountRefsByDev finds all references to the device provided -// by mountPath; returns a list of paths. -// Note that mountPath should be path after the evaluation of any symblolic links. -func getMountRefsByDev(mounter Interface, mountPath string) ([]string, error) { - mps, err := mounter.List() - if err != nil { - return nil, err - } - - // Finding the device mounted to mountPath. - diskDev := "" - for i := range mps { - if mountPath == mps[i].Path { - diskDev = mps[i].Device - break - } - } - - // Find all references to the device. - var refs []string - for i := range mps { - if mps[i].Device == diskDev || mps[i].Device == mountPath { - if mps[i].Path != mountPath { - refs = append(refs, mps[i].Path) - } - } - } - return refs, nil -} - -// IsNotMountPoint determines if a directory is a mountpoint. -// It should return ErrNotExist when the directory does not exist. -// IsNotMountPoint is more expensive than IsLikelyNotMountPoint -// and depends on IsMountPoint. -// -// If an error occurs, it returns true (assuming it is not a mountpoint) -// when ErrNotExist is returned for callers similar to IsLikelyNotMountPoint. -// -// Deprecated: This function is kept to keep changes backward compatible with -// previous library version. Callers should prefer mounter.IsMountPoint. -func IsNotMountPoint(mounter Interface, file string) (bool, error) { - isMnt, err := mounter.IsMountPoint(file) - if err != nil { - return true, err - } - return !isMnt, nil -} - -// GetDeviceNameFromMount given a mnt point, find the device from /proc/mounts -// returns the device name, reference count, and error code. -func GetDeviceNameFromMount(mounter Interface, mountPath string) (string, int, error) { - mps, err := mounter.List() - if err != nil { - return "", 0, err - } - - // Find the device name. - // FIXME if multiple devices mounted on the same mount path, only the first one is returned. - device := "" - // If mountPath is symlink, need get its target path. - slTarget, err := filepath.EvalSymlinks(mountPath) - if err != nil { - slTarget = mountPath - } - for i := range mps { - if mps[i].Path == slTarget { - device = mps[i].Device - break - } - } - - // Find all references to the device. - refCount := 0 - for i := range mps { - if mps[i].Device == device { - refCount++ - } - } - return device, refCount, nil -} - -// MakeBindOpts detects whether a bind mount is being requested and makes the remount options to -// use in case of bind mount, due to the fact that bind mount doesn't respect mount options. -// The list equals: -// -// options - 'bind' + 'remount' (no duplicate) -func MakeBindOpts(options []string) (bool, []string, []string) { - bind, bindOpts, bindRemountOpts, _ := MakeBindOptsSensitive(options, nil /* sensitiveOptions */) - return bind, bindOpts, bindRemountOpts -} - -// MakeBindOptsSensitive is the same as MakeBindOpts but this method allows -// sensitiveOptions to be passed in a separate parameter from the normal mount -// options and ensures the sensitiveOptions are never logged. This method should -// be used by callers that pass sensitive material (like passwords) as mount -// options. -func MakeBindOptsSensitive(options []string, sensitiveOptions []string) (bool, []string, []string, []string) { - // Because we have an FD opened on the subpath bind mount, the "bind" option - // needs to be included, otherwise the mount target will error as busy if you - // remount as readonly. - // - // As a consequence, all read only bind mounts will no longer change the underlying - // volume mount to be read only. - bindRemountOpts := []string{"bind", "remount"} - bindRemountSensitiveOpts := []string{} - bind := false - bindOpts := []string{"bind"} - - // _netdev is a userspace mount option and does not automatically get added when - // bind mount is created and hence we must carry it over. - if checkForNetDev(options, sensitiveOptions) { - bindOpts = append(bindOpts, "_netdev") - } - - for _, option := range options { - switch option { - case "bind": - bind = true - case "remount": - default: - bindRemountOpts = append(bindRemountOpts, option) - } - } - - for _, sensitiveOption := range sensitiveOptions { - switch sensitiveOption { - case "bind": - bind = true - case "remount": - default: - bindRemountSensitiveOpts = append(bindRemountSensitiveOpts, sensitiveOption) - } - } - - return bind, bindOpts, bindRemountOpts, bindRemountSensitiveOpts -} - -func checkForNetDev(options []string, sensitiveOptions []string) bool { - for _, option := range options { - if option == "_netdev" { - return true - } - } - for _, sensitiveOption := range sensitiveOptions { - if sensitiveOption == "_netdev" { - return true - } - } - return false -} - -// PathWithinBase checks if give path is within given base directory. -func PathWithinBase(fullPath, basePath string) bool { - rel, err := filepath.Rel(basePath, fullPath) - if err != nil { - return false - } - if StartsWithBackstep(rel) { - // Needed to escape the base path. - return false - } - return true -} - -// StartsWithBackstep checks if the given path starts with a backstep segment. -func StartsWithBackstep(rel string) bool { - // normalize to / and check for ../ - return rel == ".." || strings.HasPrefix(filepath.ToSlash(rel), "../") -} - -// sanitizedOptionsForLogging will return a comma separated string containing -// options and sensitiveOptions. Each entry in sensitiveOptions will be -// replaced with the string sensitiveOptionsRemoved -// e.g. o1,o2,<masked>,<masked> -func sanitizedOptionsForLogging(options []string, sensitiveOptions []string) string { - separator := "" - if len(options) > 0 && len(sensitiveOptions) > 0 { - separator = "," - } - - sensitiveOptionsStart := "" - sensitiveOptionsEnd := "" - if len(sensitiveOptions) > 0 { - sensitiveOptionsStart = strings.Repeat(sensitiveOptionsRemoved+",", len(sensitiveOptions)-1) - sensitiveOptionsEnd = sensitiveOptionsRemoved - } - - return strings.Join(options, ",") + - separator + - sensitiveOptionsStart + - sensitiveOptionsEnd -} diff --git a/etcd/vendor/k8s.io/mount-utils/mount_helper_common.go b/etcd/vendor/k8s.io/mount-utils/mount_helper_common.go deleted file mode 100644 index dc4131d78e..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/mount_helper_common.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "fmt" - "os" - "time" - - "k8s.io/klog/v2" -) - -// CleanupMountPoint unmounts the given path and deletes the remaining directory -// if successful. If extensiveMountPointCheck is true IsNotMountPoint will be -// called instead of IsLikelyNotMountPoint. IsNotMountPoint is more expensive -// but properly handles bind mounts within the same fs. -func CleanupMountPoint(mountPath string, mounter Interface, extensiveMountPointCheck bool) error { - pathExists, pathErr := PathExists(mountPath) - if !pathExists && pathErr == nil { - klog.Warningf("Warning: mount cleanup skipped because path does not exist: %v", mountPath) - return nil - } - corruptedMnt := IsCorruptedMnt(pathErr) - if pathErr != nil && !corruptedMnt { - return fmt.Errorf("Error checking path: %v", pathErr) - } - return doCleanupMountPoint(mountPath, mounter, extensiveMountPointCheck, corruptedMnt) -} - -func CleanupMountWithForce(mountPath string, mounter MounterForceUnmounter, extensiveMountPointCheck bool, umountTimeout time.Duration) error { - pathExists, pathErr := PathExists(mountPath) - if !pathExists && pathErr == nil { - klog.Warningf("Warning: mount cleanup skipped because path does not exist: %v", mountPath) - return nil - } - corruptedMnt := IsCorruptedMnt(pathErr) - if pathErr != nil && !corruptedMnt { - return fmt.Errorf("Error checking path: %v", pathErr) - } - - if corruptedMnt || mounter.canSafelySkipMountPointCheck() { - klog.V(4).Infof("unmounting %q (corruptedMount: %t, mounterCanSkipMountPointChecks: %t)", - mountPath, corruptedMnt, mounter.canSafelySkipMountPointCheck()) - if err := mounter.UnmountWithForce(mountPath, umountTimeout); err != nil { - return err - } - return removePath(mountPath) - } - - notMnt, err := removePathIfNotMountPoint(mountPath, mounter, extensiveMountPointCheck) - // if mountPath is not a mount point, it's just been removed or there was an error - if err != nil || notMnt { - return err - } - - klog.V(4).Infof("%q is a mountpoint, unmounting", mountPath) - if err := mounter.UnmountWithForce(mountPath, umountTimeout); err != nil { - return err - } - - notMnt, err = removePathIfNotMountPoint(mountPath, mounter, extensiveMountPointCheck) - // if mountPath is not a mount point, it's either just been removed or there was an error - if notMnt { - return err - } - // mountPath is still a mount point - return fmt.Errorf("failed to cleanup mount point %v", mountPath) -} - -// doCleanupMountPoint unmounts the given path and -// deletes the remaining directory if successful. -// if extensiveMountPointCheck is true -// IsNotMountPoint will be called instead of IsLikelyNotMountPoint. -// IsNotMountPoint is more expensive but properly handles bind mounts within the same fs. -// if corruptedMnt is true, it means that the mountPath is a corrupted mountpoint, and the mount point check -// will be skipped. The mount point check will also be skipped if the mounter supports it. -func doCleanupMountPoint(mountPath string, mounter Interface, extensiveMountPointCheck bool, corruptedMnt bool) error { - if corruptedMnt || mounter.canSafelySkipMountPointCheck() { - klog.V(4).Infof("unmounting %q (corruptedMount: %t, mounterCanSkipMountPointChecks: %t)", - mountPath, corruptedMnt, mounter.canSafelySkipMountPointCheck()) - if err := mounter.Unmount(mountPath); err != nil { - return err - } - return removePath(mountPath) - } - - notMnt, err := removePathIfNotMountPoint(mountPath, mounter, extensiveMountPointCheck) - // if mountPath is not a mount point, it's just been removed or there was an error - if err != nil || notMnt { - return err - } - - klog.V(4).Infof("%q is a mountpoint, unmounting", mountPath) - if err := mounter.Unmount(mountPath); err != nil { - return err - } - - notMnt, err = removePathIfNotMountPoint(mountPath, mounter, extensiveMountPointCheck) - // if mountPath is not a mount point, it's either just been removed or there was an error - if notMnt { - return err - } - // mountPath is still a mount point - return fmt.Errorf("failed to cleanup mount point %v", mountPath) -} - -// removePathIfNotMountPoint verifies if given mountPath is a mount point if not it attempts -// to remove the directory. Returns true and nil if directory was not a mount point and removed. -func removePathIfNotMountPoint(mountPath string, mounter Interface, extensiveMountPointCheck bool) (bool, error) { - var notMnt bool - var err error - - if extensiveMountPointCheck { - notMnt, err = IsNotMountPoint(mounter, mountPath) - } else { - notMnt, err = mounter.IsLikelyNotMountPoint(mountPath) - } - - if err != nil { - if os.IsNotExist(err) { - klog.V(4).Infof("%q does not exist", mountPath) - return true, nil - } - return notMnt, err - } - - if notMnt { - klog.Warningf("Warning: %q is not a mountpoint, deleting", mountPath) - return notMnt, os.Remove(mountPath) - } - return notMnt, nil -} - -// removePath attempts to remove the directory. Returns nil if the directory was removed or does not exist. -func removePath(mountPath string) error { - klog.V(4).Infof("Warning: deleting path %q", mountPath) - err := os.Remove(mountPath) - if os.IsNotExist(err) { - klog.V(4).Infof("%q does not exist", mountPath) - return nil - } - return err -} diff --git a/etcd/vendor/k8s.io/mount-utils/mount_helper_unix.go b/etcd/vendor/k8s.io/mount-utils/mount_helper_unix.go deleted file mode 100644 index cb8732fce7..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/mount_helper_unix.go +++ /dev/null @@ -1,201 +0,0 @@ -//go:build !windows -// +build !windows - -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "errors" - "fmt" - "io/fs" - "os" - "strconv" - "strings" - "syscall" - - "k8s.io/klog/v2" - utilio "k8s.io/utils/io" -) - -const ( - // At least number of fields per line in /proc/<pid>/mountinfo. - expectedAtLeastNumFieldsPerMountInfo = 10 - // How many times to retry for a consistent read of /proc/mounts. - maxListTries = 10 -) - -// IsCorruptedMnt return true if err is about corrupted mount point -func IsCorruptedMnt(err error) bool { - if err == nil { - return false - } - var underlyingError error - switch pe := err.(type) { - case nil: - return false - case *os.PathError: - underlyingError = pe.Err - case *os.LinkError: - underlyingError = pe.Err - case *os.SyscallError: - underlyingError = pe.Err - case syscall.Errno: - underlyingError = err - } - - return underlyingError == syscall.ENOTCONN || underlyingError == syscall.ESTALE || underlyingError == syscall.EIO || underlyingError == syscall.EACCES || underlyingError == syscall.EHOSTDOWN -} - -// MountInfo represents a single line in /proc/<pid>/mountinfo. -type MountInfo struct { // nolint: golint - // Unique ID for the mount (maybe reused after umount). - ID int - // The ID of the parent mount (or of self for the root of this mount namespace's mount tree). - ParentID int - // Major indicates one half of the device ID which identifies the device class - // (parsed from `st_dev` for files on this filesystem). - Major int - // Minor indicates one half of the device ID which identifies a specific - // instance of device (parsed from `st_dev` for files on this filesystem). - Minor int - // The pathname of the directory in the filesystem which forms the root of this mount. - Root string - // Mount source, filesystem-specific information. e.g. device, tmpfs name. - Source string - // Mount point, the pathname of the mount point. - MountPoint string - // Optional fieds, zero or more fields of the form "tag[:value]". - OptionalFields []string - // The filesystem type in the form "type[.subtype]". - FsType string - // Per-mount options. - MountOptions []string - // Per-superblock options. - SuperOptions []string -} - -// ParseMountInfo parses /proc/xxx/mountinfo. -func ParseMountInfo(filename string) ([]MountInfo, error) { - content, err := utilio.ConsistentRead(filename, maxListTries) - if err != nil { - return []MountInfo{}, err - } - contentStr := string(content) - infos := []MountInfo{} - - for _, line := range strings.Split(contentStr, "\n") { - if line == "" { - // the last split() item is empty string following the last \n - continue - } - // See `man proc` for authoritative description of format of the file. - fields := strings.Fields(line) - if len(fields) < expectedAtLeastNumFieldsPerMountInfo { - return nil, fmt.Errorf("wrong number of fields in (expected at least %d, got %d): %s", expectedAtLeastNumFieldsPerMountInfo, len(fields), line) - } - id, err := strconv.Atoi(fields[0]) - if err != nil { - return nil, err - } - parentID, err := strconv.Atoi(fields[1]) - if err != nil { - return nil, err - } - mm := strings.Split(fields[2], ":") - if len(mm) != 2 { - return nil, fmt.Errorf("parsing '%s' failed: unexpected minor:major pair %s", line, mm) - } - major, err := strconv.Atoi(mm[0]) - if err != nil { - return nil, fmt.Errorf("parsing '%s' failed: unable to parse major device id, err:%v", mm[0], err) - } - minor, err := strconv.Atoi(mm[1]) - if err != nil { - return nil, fmt.Errorf("parsing '%s' failed: unable to parse minor device id, err:%v", mm[1], err) - } - - info := MountInfo{ - ID: id, - ParentID: parentID, - Major: major, - Minor: minor, - Root: fields[3], - MountPoint: fields[4], - MountOptions: splitMountOptions(fields[5]), - } - // All fields until "-" are "optional fields". - i := 6 - for ; i < len(fields) && fields[i] != "-"; i++ { - info.OptionalFields = append(info.OptionalFields, fields[i]) - } - // Parse the rest 3 fields. - i++ - if len(fields)-i < 3 { - return nil, fmt.Errorf("expect 3 fields in %s, got %d", line, len(fields)-i) - } - info.FsType = fields[i] - info.Source = fields[i+1] - info.SuperOptions = splitMountOptions(fields[i+2]) - infos = append(infos, info) - } - return infos, nil -} - -// splitMountOptions parses comma-separated list of mount options into an array. -// It respects double quotes - commas in them are not considered as the option separator. -func splitMountOptions(s string) []string { - inQuotes := false - list := strings.FieldsFunc(s, func(r rune) bool { - if r == '"' { - inQuotes = !inQuotes - } - // Report a new field only when outside of double quotes. - return r == ',' && !inQuotes - }) - return list -} - -// isMountPointMatch returns true if the path in mp is the same as dir. -// Handles case where mountpoint dir has been renamed due to stale NFS mount. -func isMountPointMatch(mp MountPoint, dir string) bool { - deletedDir := fmt.Sprintf("%s\\040(deleted)", dir) - return ((mp.Path == dir) || (mp.Path == deletedDir)) -} - -// PathExists returns true if the specified path exists. -// TODO: clean this up to use pkg/util/file/FileExists -func PathExists(path string) (bool, error) { - _, err := os.Stat(path) - if err == nil { - return true, nil - } else if errors.Is(err, fs.ErrNotExist) { - err = syscall.Access(path, syscall.F_OK) - if err == nil { - // The access syscall says the file exists, the stat syscall says it - // doesn't. This was observed on CIFS when the path was removed at - // the server somehow. POSIX calls this a stale file handle, let's fake - // that error and treat the path as existing but corrupted. - klog.Warningf("Potential stale file handle detected: %s", path) - return true, syscall.ESTALE - } - return false, nil - } else if IsCorruptedMnt(err) { - return true, err - } - return false, err -} diff --git a/etcd/vendor/k8s.io/mount-utils/mount_helper_windows.go b/etcd/vendor/k8s.io/mount-utils/mount_helper_windows.go deleted file mode 100644 index 995fd5a0cd..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/mount_helper_windows.go +++ /dev/null @@ -1,111 +0,0 @@ -//go:build windows -// +build windows - -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "fmt" - "os" - "strconv" - "strings" - "syscall" - - "k8s.io/klog/v2" -) - -// following failure codes are from https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--1300-1699- -// ERROR_BAD_NETPATH = 53 -// ERROR_NETWORK_BUSY = 54 -// ERROR_UNEXP_NET_ERR = 59 -// ERROR_NETNAME_DELETED = 64 -// ERROR_NETWORK_ACCESS_DENIED = 65 -// ERROR_BAD_DEV_TYPE = 66 -// ERROR_BAD_NET_NAME = 67 -// ERROR_SESSION_CREDENTIAL_CONFLICT = 1219 -// ERROR_LOGON_FAILURE = 1326 -// WSAEHOSTDOWN = 10064 -var errorNoList = [...]int{53, 54, 59, 64, 65, 66, 67, 1219, 1326, 10064} - -// IsCorruptedMnt return true if err is about corrupted mount point -func IsCorruptedMnt(err error) bool { - if err == nil { - return false - } - - var underlyingError error - switch pe := err.(type) { - case nil: - return false - case *os.PathError: - underlyingError = pe.Err - case *os.LinkError: - underlyingError = pe.Err - case *os.SyscallError: - underlyingError = pe.Err - } - - if ee, ok := underlyingError.(syscall.Errno); ok { - for _, errno := range errorNoList { - if int(ee) == errno { - klog.Warningf("IsCorruptedMnt failed with error: %v, error code: %v", err, errno) - return true - } - } - } - - return false -} - -// NormalizeWindowsPath makes sure the given path is a valid path on Windows -// systems by making sure all instances of `/` are replaced with `\\`, and the -// path beings with `c:` -func NormalizeWindowsPath(path string) string { - normalizedPath := strings.Replace(path, "/", "\\", -1) - if strings.HasPrefix(normalizedPath, "\\") { - normalizedPath = "c:" + normalizedPath - } - return normalizedPath -} - -// ValidateDiskNumber : disk number should be a number in [0, 99] -func ValidateDiskNumber(disk string) error { - if _, err := strconv.Atoi(disk); err != nil { - return fmt.Errorf("wrong disk number format: %q, err: %v", disk, err) - } - return nil -} - -// isMountPointMatch determines if the mountpoint matches the dir -func isMountPointMatch(mp MountPoint, dir string) bool { - return mp.Path == dir -} - -// PathExists returns true if the specified path exists. -// TODO: clean this up to use pkg/util/file/FileExists -func PathExists(path string) (bool, error) { - _, err := os.Stat(path) - if err == nil { - return true, nil - } else if os.IsNotExist(err) { - return false, nil - } else if IsCorruptedMnt(err) { - return true, err - } - return false, err -} diff --git a/etcd/vendor/k8s.io/mount-utils/mount_linux.go b/etcd/vendor/k8s.io/mount-utils/mount_linux.go deleted file mode 100644 index 1752d11f64..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/mount_linux.go +++ /dev/null @@ -1,805 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "context" - "errors" - "fmt" - "github.com/moby/sys/mountinfo" - "io/fs" - "io/ioutil" - "os" - "os/exec" - "path/filepath" - "strconv" - "strings" - "syscall" - "time" - - "k8s.io/klog/v2" - utilexec "k8s.io/utils/exec" - utilio "k8s.io/utils/io" -) - -const ( - // Number of fields per line in /proc/mounts as per the fstab man page. - expectedNumFieldsPerLine = 6 - // Location of the mount file to use - procMountsPath = "/proc/mounts" - // Location of the mountinfo file - procMountInfoPath = "/proc/self/mountinfo" - // 'fsck' found errors and corrected them - fsckErrorsCorrected = 1 - // 'fsck' found errors but exited without correcting them - fsckErrorsUncorrected = 4 - // Error thrown by exec cmd.Run() when process spawned by cmd.Start() completes before cmd.Wait() is called (see - k/k issue #103753) - errNoChildProcesses = "wait: no child processes" - // Error returned by some `umount` implementations when the specified path is not a mount point - errNotMounted = "not mounted" -) - -// Mounter provides the default implementation of mount.Interface -// for the linux platform. This implementation assumes that the -// kubelet is running in the host's root mount namespace. -type Mounter struct { - mounterPath string - withSystemd *bool - trySystemd bool - withSafeNotMountedBehavior bool -} - -var _ MounterForceUnmounter = &Mounter{} - -// New returns a mount.Interface for the current system. -// It provides options to override the default mounter behavior. -// mounterPath allows using an alternative to `/bin/mount` for mounting. -func New(mounterPath string) Interface { - return &Mounter{ - mounterPath: mounterPath, - trySystemd: true, - withSafeNotMountedBehavior: detectSafeNotMountedBehavior(), - } -} - -// NewWithoutSystemd returns a Linux specific mount.Interface for the current -// system. It provides options to override the default mounter behavior. -// mounterPath allows using an alternative to `/bin/mount` for mounting. Any -// detection for systemd functionality is disabled with this Mounter. -func NewWithoutSystemd(mounterPath string) Interface { - return &Mounter{ - mounterPath: mounterPath, - trySystemd: false, - withSafeNotMountedBehavior: detectSafeNotMountedBehavior(), - } -} - -// hasSystemd validates that the withSystemd bool is set, if it is not, -// detectSystemd will be called once for this Mounter instance. -func (mounter *Mounter) hasSystemd() bool { - if !mounter.trySystemd { - mounter.withSystemd = &mounter.trySystemd - } - - if mounter.withSystemd == nil { - withSystemd := detectSystemd() - mounter.withSystemd = &withSystemd - } - - return *mounter.withSystemd -} - -// Mount mounts source to target as fstype with given options. 'source' and 'fstype' must -// be an empty string in case it's not required, e.g. for remount, or for auto filesystem -// type, where kernel handles fstype for you. The mount 'options' is a list of options, -// currently come from mount(8), e.g. "ro", "remount", "bind", etc. If no more option is -// required, call Mount with an empty string list or nil. -func (mounter *Mounter) Mount(source string, target string, fstype string, options []string) error { - return mounter.MountSensitive(source, target, fstype, options, nil) -} - -// MountSensitive is the same as Mount() but this method allows -// sensitiveOptions to be passed in a separate parameter from the normal -// mount options and ensures the sensitiveOptions are never logged. This -// method should be used by callers that pass sensitive material (like -// passwords) as mount options. -func (mounter *Mounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - // Path to mounter binary if containerized mounter is needed. Otherwise, it is set to empty. - // All Linux distros are expected to be shipped with a mount utility that a support bind mounts. - mounterPath := "" - bind, bindOpts, bindRemountOpts, bindRemountOptsSensitive := MakeBindOptsSensitive(options, sensitiveOptions) - if bind { - err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, nil /* mountFlags */, mounter.trySystemd) - if err != nil { - return err - } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, nil /* mountFlags */, mounter.trySystemd) - } - // The list of filesystems that require containerized mounter on GCI image cluster - fsTypesNeedMounter := map[string]struct{}{ - "nfs": {}, - "glusterfs": {}, - "ceph": {}, - "cifs": {}, - } - if _, ok := fsTypesNeedMounter[fstype]; ok { - mounterPath = mounter.mounterPath - } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, nil /* mountFlags */, mounter.trySystemd) -} - -// MountSensitiveWithoutSystemd is the same as MountSensitive() but disable using systemd mount. -func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - return mounter.MountSensitiveWithoutSystemdWithMountFlags(source, target, fstype, options, sensitiveOptions, nil /* mountFlags */) -} - -// MountSensitiveWithoutSystemdWithMountFlags is the same as MountSensitiveWithoutSystemd with additional mount flags. -func (mounter *Mounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { - mounterPath := "" - bind, bindOpts, bindRemountOpts, bindRemountOptsSensitive := MakeBindOptsSensitive(options, sensitiveOptions) - if bind { - err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, mountFlags, false) - if err != nil { - return err - } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, false) - } - // The list of filesystems that require containerized mounter on GCI image cluster - fsTypesNeedMounter := map[string]struct{}{ - "nfs": {}, - "glusterfs": {}, - "ceph": {}, - "cifs": {}, - } - if _, ok := fsTypesNeedMounter[fstype]; ok { - mounterPath = mounter.mounterPath - } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, mountFlags, false) -} - -// doMount runs the mount command. mounterPath is the path to mounter binary if containerized mounter is used. -// sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) -// systemdMountRequired is an extension of option to decide whether uses systemd mount. -func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string, systemdMountRequired bool) error { - mountArgs, mountArgsLogStr := MakeMountArgsSensitiveWithMountFlags(source, target, fstype, options, sensitiveOptions, mountFlags) - if len(mounterPath) > 0 { - mountArgs = append([]string{mountCmd}, mountArgs...) - mountArgsLogStr = mountCmd + " " + mountArgsLogStr - mountCmd = mounterPath - } - - if systemdMountRequired && mounter.hasSystemd() { - // Try to run mount via systemd-run --scope. This will escape the - // service where kubelet runs and any fuse daemons will be started in a - // specific scope. kubelet service than can be restarted without killing - // these fuse daemons. - // - // Complete command line (when mounterPath is not used): - // systemd-run --description=... --scope -- mount -t <type> <what> <where> - // - // Expected flow: - // * systemd-run creates a transient scope (=~ cgroup) and executes its - // argument (/bin/mount) there. - // * mount does its job, forks a fuse daemon if necessary and finishes. - // (systemd-run --scope finishes at this point, returning mount's exit - // code and stdout/stderr - thats one of --scope benefits). - // * systemd keeps the fuse daemon running in the scope (i.e. in its own - // cgroup) until the fuse daemon dies (another --scope benefit). - // Kubelet service can be restarted and the fuse daemon survives. - // * When the fuse daemon dies (e.g. during unmount) systemd removes the - // scope automatically. - // - // systemd-mount is not used because it's too new for older distros - // (CentOS 7, Debian Jessie). - mountCmd, mountArgs, mountArgsLogStr = AddSystemdScopeSensitive("systemd-run", target, mountCmd, mountArgs, mountArgsLogStr) - // } else { - // No systemd-run on the host (or we failed to check it), assume kubelet - // does not run as a systemd service. - // No code here, mountCmd and mountArgs are already populated. - } - - // Logging with sensitive mount options removed. - klog.V(4).Infof("Mounting cmd (%s) with arguments (%s)", mountCmd, mountArgsLogStr) - command := exec.Command(mountCmd, mountArgs...) - output, err := command.CombinedOutput() - if err != nil { - if err.Error() == errNoChildProcesses { - if command.ProcessState.Success() { - // We don't consider errNoChildProcesses an error if the process itself succeeded (see - k/k issue #103753). - return nil - } - // Rewrite err with the actual exit error of the process. - err = &exec.ExitError{ProcessState: command.ProcessState} - } - klog.Errorf("Mount failed: %v\nMounting command: %s\nMounting arguments: %s\nOutput: %s\n", err, mountCmd, mountArgsLogStr, string(output)) - return fmt.Errorf("mount failed: %v\nMounting command: %s\nMounting arguments: %s\nOutput: %s", - err, mountCmd, mountArgsLogStr, string(output)) - } - return err -} - -// detectSystemd returns true if OS runs with systemd as init. When not sure -// (permission errors, ...), it returns false. -// There may be different ways how to detect systemd, this one makes sure that -// systemd-runs (needed by Mount()) works. -func detectSystemd() bool { - if _, err := exec.LookPath("systemd-run"); err != nil { - klog.V(2).Infof("Detected OS without systemd") - return false - } - // Try to run systemd-run --scope /bin/true, that should be enough - // to make sure that systemd is really running and not just installed, - // which happens when running in a container with a systemd-based image - // but with different pid 1. - cmd := exec.Command("systemd-run", "--description=Kubernetes systemd probe", "--scope", "true") - output, err := cmd.CombinedOutput() - if err != nil { - klog.V(2).Infof("Cannot run systemd-run, assuming non-systemd OS") - klog.V(4).Infof("systemd-run output: %s, failed with: %v", string(output), err) - return false - } - klog.V(2).Infof("Detected OS with systemd") - return true -} - -// detectSafeNotMountedBehavior returns true if the umount implementation replies "not mounted" -// when the specified path is not mounted. When not sure (permission errors, ...), it returns false. -// When possible, we will trust umount's message and avoid doing our own mount point checks. -// More info: https://github.com/util-linux/util-linux/blob/v2.2/mount/umount.c#L179 -func detectSafeNotMountedBehavior() bool { - return detectSafeNotMountedBehaviorWithExec(utilexec.New()) -} - -// detectSafeNotMountedBehaviorWithExec is for testing with FakeExec. -func detectSafeNotMountedBehaviorWithExec(exec utilexec.Interface) bool { - // create a temp dir and try to umount it - path, err := ioutil.TempDir("", "kubelet-detect-safe-umount") - if err != nil { - klog.V(4).Infof("Cannot create temp dir to detect safe 'not mounted' behavior: %v", err) - return false - } - defer os.RemoveAll(path) - cmd := exec.Command("umount", path) - output, err := cmd.CombinedOutput() - if err != nil { - if strings.Contains(string(output), errNotMounted) { - klog.V(4).Infof("Detected umount with safe 'not mounted' behavior") - return true - } - klog.V(4).Infof("'umount %s' failed with: %v, output: %s", path, err, string(output)) - } - klog.V(4).Infof("Detected umount with unsafe 'not mounted' behavior") - return false -} - -// MakeMountArgs makes the arguments to the mount(8) command. -// options MUST not contain sensitive material (like passwords). -func MakeMountArgs(source, target, fstype string, options []string) (mountArgs []string) { - mountArgs, _ = MakeMountArgsSensitive(source, target, fstype, options, nil /* sensitiveOptions */) - return mountArgs -} - -// MakeMountArgsSensitive makes the arguments to the mount(8) command. -// sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) -func MakeMountArgsSensitive(source, target, fstype string, options []string, sensitiveOptions []string) (mountArgs []string, mountArgsLogStr string) { - return MakeMountArgsSensitiveWithMountFlags(source, target, fstype, options, sensitiveOptions, nil /* mountFlags */) -} - -// MakeMountArgsSensitiveWithMountFlags makes the arguments to the mount(8) command. -// sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) -// mountFlags are additional mount flags that are not related with the fstype -// and mount options -func MakeMountArgsSensitiveWithMountFlags(source, target, fstype string, options []string, sensitiveOptions []string, mountFlags []string) (mountArgs []string, mountArgsLogStr string) { - // Build mount command as follows: - // mount [$mountFlags] [-t $fstype] [-o $options] [$source] $target - mountArgs = []string{} - mountArgsLogStr = "" - - mountArgs = append(mountArgs, mountFlags...) - mountArgsLogStr += strings.Join(mountFlags, " ") - - if len(fstype) > 0 { - mountArgs = append(mountArgs, "-t", fstype) - mountArgsLogStr += strings.Join(mountArgs, " ") - } - if len(options) > 0 || len(sensitiveOptions) > 0 { - combinedOptions := []string{} - combinedOptions = append(combinedOptions, options...) - combinedOptions = append(combinedOptions, sensitiveOptions...) - mountArgs = append(mountArgs, "-o", strings.Join(combinedOptions, ",")) - // exclude sensitiveOptions from log string - mountArgsLogStr += " -o " + sanitizedOptionsForLogging(options, sensitiveOptions) - } - if len(source) > 0 { - mountArgs = append(mountArgs, source) - mountArgsLogStr += " " + source - } - mountArgs = append(mountArgs, target) - mountArgsLogStr += " " + target - - return mountArgs, mountArgsLogStr -} - -// AddSystemdScope adds "system-run --scope" to given command line -// If args contains sensitive material, use AddSystemdScopeSensitive to construct -// a safe to log string. -func AddSystemdScope(systemdRunPath, mountName, command string, args []string) (string, []string) { - descriptionArg := fmt.Sprintf("--description=Kubernetes transient mount for %s", mountName) - systemdRunArgs := []string{descriptionArg, "--scope", "--", command} - return systemdRunPath, append(systemdRunArgs, args...) -} - -// AddSystemdScopeSensitive adds "system-run --scope" to given command line -// It also accepts takes a sanitized string containing mount arguments, mountArgsLogStr, -// and returns the string appended to the systemd command for logging. -func AddSystemdScopeSensitive(systemdRunPath, mountName, command string, args []string, mountArgsLogStr string) (string, []string, string) { - descriptionArg := fmt.Sprintf("--description=Kubernetes transient mount for %s", mountName) - systemdRunArgs := []string{descriptionArg, "--scope", "--", command} - return systemdRunPath, append(systemdRunArgs, args...), strings.Join(systemdRunArgs, " ") + " " + mountArgsLogStr -} - -// Unmount unmounts the target. -// If the mounter has safe "not mounted" behavior, no error will be returned when the target is not a mount point. -func (mounter *Mounter) Unmount(target string) error { - klog.V(4).Infof("Unmounting %s", target) - command := exec.Command("umount", target) - output, err := command.CombinedOutput() - if err != nil { - if err.Error() == errNoChildProcesses { - if command.ProcessState.Success() { - // We don't consider errNoChildProcesses an error if the process itself succeeded (see - k/k issue #103753). - return nil - } - // Rewrite err with the actual exit error of the process. - err = &exec.ExitError{ProcessState: command.ProcessState} - } - if mounter.withSafeNotMountedBehavior && strings.Contains(string(output), errNotMounted) { - klog.V(4).Infof("ignoring 'not mounted' error for %s", target) - return nil - } - return fmt.Errorf("unmount failed: %v\nUnmounting arguments: %s\nOutput: %s", err, target, string(output)) - } - return nil -} - -// UnmountWithForce unmounts given target but will retry unmounting with force option -// after given timeout. -func (mounter *Mounter) UnmountWithForce(target string, umountTimeout time.Duration) error { - err := tryUnmount(target, umountTimeout) - if err != nil { - if err == context.DeadlineExceeded { - klog.V(2).Infof("Timed out waiting for unmount of %s, trying with -f", target) - err = forceUmount(target) - } - return err - } - return nil -} - -// List returns a list of all mounted filesystems. -func (*Mounter) List() ([]MountPoint, error) { - return ListProcMounts(procMountsPath) -} - -// IsLikelyNotMountPoint determines if a directory is not a mountpoint. -// It is fast but not necessarily ALWAYS correct. If the path is in fact -// a bind mount from one part of a mount to another it will not be detected. -// It also can not distinguish between mountpoints and symbolic links. -// mkdir /tmp/a /tmp/b; mount --bind /tmp/a /tmp/b; IsLikelyNotMountPoint("/tmp/b") -// will return true. When in fact /tmp/b is a mount point. If this situation -// is of interest to you, don't use this function... -func (mounter *Mounter) IsLikelyNotMountPoint(file string) (bool, error) { - stat, err := os.Stat(file) - if err != nil { - return true, err - } - rootStat, err := os.Stat(filepath.Dir(strings.TrimSuffix(file, "/"))) - if err != nil { - return true, err - } - // If the directory has a different device as parent, then it is a mountpoint. - if stat.Sys().(*syscall.Stat_t).Dev != rootStat.Sys().(*syscall.Stat_t).Dev { - return false, nil - } - - return true, nil -} - -// canSafelySkipMountPointCheck relies on the detected behavior of umount when given a target that is not a mount point. -func (mounter *Mounter) canSafelySkipMountPointCheck() bool { - return mounter.withSafeNotMountedBehavior -} - -// GetMountRefs finds all mount references to pathname, returns a -// list of paths. Path could be a mountpoint or a normal -// directory (for bind mount). -func (mounter *Mounter) GetMountRefs(pathname string) ([]string, error) { - pathExists, pathErr := PathExists(pathname) - if !pathExists { - return []string{}, nil - } else if IsCorruptedMnt(pathErr) { - klog.Warningf("GetMountRefs found corrupted mount at %s, treating as unmounted path", pathname) - return []string{}, nil - } else if pathErr != nil { - return nil, fmt.Errorf("error checking path %s: %v", pathname, pathErr) - } - realpath, err := filepath.EvalSymlinks(pathname) - if err != nil { - return nil, err - } - return SearchMountPoints(realpath, procMountInfoPath) -} - -// checkAndRepairFileSystem checks and repairs filesystems using command fsck. -func (mounter *SafeFormatAndMount) checkAndRepairFilesystem(source string) error { - klog.V(4).Infof("Checking for issues with fsck on disk: %s", source) - args := []string{"-a", source} - out, err := mounter.Exec.Command("fsck", args...).CombinedOutput() - if err != nil { - ee, isExitError := err.(utilexec.ExitError) - switch { - case err == utilexec.ErrExecutableNotFound: - klog.Warningf("'fsck' not found on system; continuing mount without running 'fsck'.") - case isExitError && ee.ExitStatus() == fsckErrorsCorrected: - klog.Infof("Device %s has errors which were corrected by fsck.", source) - case isExitError && ee.ExitStatus() == fsckErrorsUncorrected: - return NewMountError(HasFilesystemErrors, "'fsck' found errors on device %s but could not correct them: %s", source, string(out)) - case isExitError && ee.ExitStatus() > fsckErrorsUncorrected: - klog.Infof("`fsck` error %s", string(out)) - default: - klog.Warningf("fsck on device %s failed with error %v, output: %v", source, err, string(out)) - } - } - return nil -} - -// formatAndMount uses unix utils to format and mount the given disk -func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string, formatOptions []string) error { - readOnly := false - for _, option := range options { - if option == "ro" { - readOnly = true - break - } - } - if !readOnly { - // Check sensitiveOptions for ro - for _, option := range sensitiveOptions { - if option == "ro" { - readOnly = true - break - } - } - } - - options = append(options, "defaults") - mountErrorValue := UnknownMountError - - // Check if the disk is already formatted - existingFormat, err := mounter.GetDiskFormat(source) - if err != nil { - return NewMountError(GetDiskFormatFailed, "failed to get disk format of disk %s: %v", source, err) - } - - // Use 'ext4' as the default - if len(fstype) == 0 { - fstype = "ext4" - } - - if existingFormat == "" { - // Do not attempt to format the disk if mounting as readonly, return an error to reflect this. - if readOnly { - return NewMountError(UnformattedReadOnly, "cannot mount unformatted disk %s as we are manipulating it in read-only mode", source) - } - - // Disk is unformatted so format it. - args := []string{source} - if fstype == "ext4" || fstype == "ext3" { - args = []string{ - "-F", // Force flag - "-m0", // Zero blocks reserved for super-user - source, - } - } else if fstype == "xfs" { - args = []string{ - "-f", // force flag - source, - } - } - args = append(formatOptions, args...) - - klog.Infof("Disk %q appears to be unformatted, attempting to format as type: %q with options: %v", source, fstype, args) - output, err := mounter.Exec.Command("mkfs."+fstype, args...).CombinedOutput() - if err != nil { - // Do not log sensitiveOptions only options - sensitiveOptionsLog := sanitizedOptionsForLogging(options, sensitiveOptions) - detailedErr := fmt.Sprintf("format of disk %q failed: type:(%q) target:(%q) options:(%q) errcode:(%v) output:(%v) ", source, fstype, target, sensitiveOptionsLog, err, string(output)) - klog.Error(detailedErr) - return NewMountError(FormatFailed, detailedErr) - } - - klog.Infof("Disk successfully formatted (mkfs): %s - %s %s", fstype, source, target) - } else { - if fstype != existingFormat { - // Verify that the disk is formatted with filesystem type we are expecting - mountErrorValue = FilesystemMismatch - klog.Warningf("Configured to mount disk %s as %s but current format is %s, things might break", source, existingFormat, fstype) - } - - if !readOnly { - // Run check tools on the disk to fix repairable issues, only do this for formatted volumes requested as rw. - err := mounter.checkAndRepairFilesystem(source) - if err != nil { - return err - } - } - } - - // Mount the disk - klog.V(4).Infof("Attempting to mount disk %s in %s format at %s", source, fstype, target) - if err := mounter.MountSensitive(source, target, fstype, options, sensitiveOptions); err != nil { - return NewMountError(mountErrorValue, err.Error()) - } - - return nil -} - -func getDiskFormat(exec utilexec.Interface, disk string) (string, error) { - args := []string{"-p", "-s", "TYPE", "-s", "PTTYPE", "-o", "export", disk} - klog.V(4).Infof("Attempting to determine if disk %q is formatted using blkid with args: (%v)", disk, args) - dataOut, err := exec.Command("blkid", args...).CombinedOutput() - output := string(dataOut) - klog.V(4).Infof("Output: %q", output) - - if err != nil { - if exit, ok := err.(utilexec.ExitError); ok { - if exit.ExitStatus() == 2 { - // Disk device is unformatted. - // For `blkid`, if the specified token (TYPE/PTTYPE, etc) was - // not found, or no (specified) devices could be identified, an - // exit code of 2 is returned. - return "", nil - } - } - klog.Errorf("Could not determine if disk %q is formatted (%v)", disk, err) - return "", err - } - - var fstype, pttype string - - lines := strings.Split(output, "\n") - for _, l := range lines { - if len(l) <= 0 { - // Ignore empty line. - continue - } - cs := strings.Split(l, "=") - if len(cs) != 2 { - return "", fmt.Errorf("blkid returns invalid output: %s", output) - } - // TYPE is filesystem type, and PTTYPE is partition table type, according - // to https://www.kernel.org/pub/linux/utils/util-linux/v2.21/libblkid-docs/. - if cs[0] == "TYPE" { - fstype = cs[1] - } else if cs[0] == "PTTYPE" { - pttype = cs[1] - } - } - - if len(pttype) > 0 { - klog.V(4).Infof("Disk %s detected partition table type: %s", disk, pttype) - // Returns a special non-empty string as filesystem type, then kubelet - // will not format it. - return "unknown data, probably partitions", nil - } - - return fstype, nil -} - -// GetDiskFormat uses 'blkid' to see if the given disk is unformatted -func (mounter *SafeFormatAndMount) GetDiskFormat(disk string) (string, error) { - return getDiskFormat(mounter.Exec, disk) -} - -// ListProcMounts is shared with NsEnterMounter -func ListProcMounts(mountFilePath string) ([]MountPoint, error) { - content, err := utilio.ConsistentRead(mountFilePath, maxListTries) - if err != nil { - return nil, err - } - return parseProcMounts(content) -} - -func parseProcMounts(content []byte) ([]MountPoint, error) { - out := []MountPoint{} - lines := strings.Split(string(content), "\n") - for _, line := range lines { - if line == "" { - // the last split() item is empty string following the last \n - continue - } - fields := strings.Fields(line) - if len(fields) != expectedNumFieldsPerLine { - // Do not log line in case it contains sensitive Mount options - return nil, fmt.Errorf("wrong number of fields (expected %d, got %d)", expectedNumFieldsPerLine, len(fields)) - } - - mp := MountPoint{ - Device: fields[0], - Path: fields[1], - Type: fields[2], - Opts: strings.Split(fields[3], ","), - } - - freq, err := strconv.Atoi(fields[4]) - if err != nil { - return nil, err - } - mp.Freq = freq - - pass, err := strconv.Atoi(fields[5]) - if err != nil { - return nil, err - } - mp.Pass = pass - - out = append(out, mp) - } - return out, nil -} - -// SearchMountPoints finds all mount references to the source, returns a list of -// mountpoints. -// The source can be a mount point or a normal directory (bind mount). We -// didn't support device because there is no use case by now. -// Some filesystems may share a source name, e.g. tmpfs. And for bind mounting, -// it's possible to mount a non-root path of a filesystem, so we need to use -// root path and major:minor to represent mount source uniquely. -// This implementation is shared between Linux and NsEnterMounter -func SearchMountPoints(hostSource, mountInfoPath string) ([]string, error) { - mis, err := ParseMountInfo(mountInfoPath) - if err != nil { - return nil, err - } - - mountID := 0 - rootPath := "" - major := -1 - minor := -1 - - // Finding the underlying root path and major:minor if possible. - // We need search in backward order because it's possible for later mounts - // to overlap earlier mounts. - for i := len(mis) - 1; i >= 0; i-- { - if hostSource == mis[i].MountPoint || PathWithinBase(hostSource, mis[i].MountPoint) { - // If it's a mount point or path under a mount point. - mountID = mis[i].ID - rootPath = filepath.Join(mis[i].Root, strings.TrimPrefix(hostSource, mis[i].MountPoint)) - major = mis[i].Major - minor = mis[i].Minor - break - } - } - - if rootPath == "" || major == -1 || minor == -1 { - return nil, fmt.Errorf("failed to get root path and major:minor for %s", hostSource) - } - - var refs []string - for i := range mis { - if mis[i].ID == mountID { - // Ignore mount entry for mount source itself. - continue - } - if mis[i].Root == rootPath && mis[i].Major == major && mis[i].Minor == minor { - refs = append(refs, mis[i].MountPoint) - } - } - - return refs, nil -} - -// IsMountPoint determines if a file is a mountpoint. -// It first detects bind & any other mountpoints using -// MountedFast function. If the MountedFast function returns -// sure as true and err as nil, then a mountpoint is detected -// successfully. When an error is returned by MountedFast, the -// following is true: -// 1. All errors are returned with IsMountPoint as false -// except os.IsPermission. -// 2. When os.IsPermission is returned by MountedFast, List() -// is called to confirm if the given file is a mountpoint are not. -// -// os.ErrNotExist should always be returned if a file does not exist -// as callers have in past relied on this error and not fallback. -// -// When MountedFast returns sure as false and err as nil (eg: in -// case of bindmounts on kernel version 5.10- ); mounter.List() -// endpoint is called to enumerate all the mountpoints and check if -// it is mountpoint match or not. -func (mounter *Mounter) IsMountPoint(file string) (bool, error) { - isMnt, sure, isMntErr := mountinfo.MountedFast(file) - if sure && isMntErr == nil { - return isMnt, nil - } - if isMntErr != nil { - if errors.Is(isMntErr, fs.ErrNotExist) { - return false, fs.ErrNotExist - } - // We were not allowed to do the simple stat() check, e.g. on NFS with - // root_squash. Fall back to /proc/mounts check below when - // fs.ErrPermission is returned. - if !errors.Is(isMntErr, fs.ErrPermission) { - return false, isMntErr - } - } - // Resolve any symlinks in file, kernel would do the same and use the resolved path in /proc/mounts. - resolvedFile, err := filepath.EvalSymlinks(file) - if err != nil { - if errors.Is(isMntErr, fs.ErrNotExist) { - return false, fs.ErrNotExist - } - return false, err - } - - // check all mountpoints since MountedFast is not sure. - // is not reliable for some mountpoint types. - mountPoints, mountPointsErr := mounter.List() - if mountPointsErr != nil { - return false, mountPointsErr - } - for _, mp := range mountPoints { - if isMountPointMatch(mp, resolvedFile) { - return true, nil - } - } - return false, nil -} - -// tryUnmount calls plain "umount" and waits for unmountTimeout for it to finish. -func tryUnmount(path string, unmountTimeout time.Duration) error { - klog.V(4).Infof("Unmounting %s", path) - ctx, cancel := context.WithTimeout(context.Background(), unmountTimeout) - defer cancel() - - cmd := exec.CommandContext(ctx, "umount", path) - out, cmderr := cmd.CombinedOutput() - - // CombinedOutput() does not return DeadlineExceeded, make sure it's - // propagated on timeout. - if ctx.Err() != nil { - return ctx.Err() - } - - if cmderr != nil { - return fmt.Errorf("unmount failed: %v\nUnmounting arguments: %s\nOutput: %s", cmderr, path, string(out)) - } - return nil -} - -func forceUmount(path string) error { - cmd := exec.Command("umount", "-f", path) - out, cmderr := cmd.CombinedOutput() - - if cmderr != nil { - return fmt.Errorf("unmount failed: %v\nUnmounting arguments: %s\nOutput: %s", cmderr, path, string(out)) - } - return nil -} diff --git a/etcd/vendor/k8s.io/mount-utils/mount_unsupported.go b/etcd/vendor/k8s.io/mount-utils/mount_unsupported.go deleted file mode 100644 index 8e03d643b7..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/mount_unsupported.go +++ /dev/null @@ -1,105 +0,0 @@ -//go:build !linux && !windows -// +build !linux,!windows - -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "errors" -) - -// Mounter implements mount.Interface for unsupported platforms -type Mounter struct { - mounterPath string -} - -var errUnsupported = errors.New("util/mount on this platform is not supported") - -// New returns a mount.Interface for the current system. -// It provides options to override the default mounter behavior. -// mounterPath allows using an alternative to `/bin/mount` for mounting. -func New(mounterPath string) Interface { - return &Mounter{ - mounterPath: mounterPath, - } -} - -// Mount always returns an error on unsupported platforms -func (mounter *Mounter) Mount(source string, target string, fstype string, options []string) error { - return errUnsupported -} - -// MountSensitive always returns an error on unsupported platforms -func (mounter *Mounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - return errUnsupported -} - -// MountSensitiveWithoutSystemd always returns an error on unsupported platforms -func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - return errUnsupported -} - -// MountSensitiveWithoutSystemdWithMountFlags always returns an error on unsupported platforms -func (mounter *Mounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { - return errUnsupported -} - -// Unmount always returns an error on unsupported platforms -func (mounter *Mounter) Unmount(target string) error { - return errUnsupported -} - -// List always returns an error on unsupported platforms -func (mounter *Mounter) List() ([]MountPoint, error) { - return []MountPoint{}, errUnsupported -} - -// IsLikelyNotMountPoint always returns an error on unsupported platforms -func (mounter *Mounter) IsLikelyNotMountPoint(file string) (bool, error) { - return true, errUnsupported -} - -// canSafelySkipMountPointCheck always returns false on unsupported platforms -func (mounter *Mounter) canSafelySkipMountPointCheck() bool { - return false -} - -// IsMountPoint determines if a directory is a mountpoint. -// It always returns an error on unsupported platforms. -func (mounter *Mounter) IsMountPoint(file string) (bool, error) { - return false, errUnsupported -} - -// GetMountRefs always returns an error on unsupported platforms -func (mounter *Mounter) GetMountRefs(pathname string) ([]string, error) { - return nil, errUnsupported -} - -func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string, formatOptions []string) error { - return mounter.Interface.Mount(source, target, fstype, options) -} - -func (mounter *SafeFormatAndMount) diskLooksUnformatted(disk string) (bool, error) { - return true, errUnsupported -} - -// IsMountPoint determines if a directory is a mountpoint. -// It always returns an error on unsupported platforms. -func (mounter *SafeFormatAndMount) IsMountPoint(file string) (bool, error) { - return false, errUnsupported -} diff --git a/etcd/vendor/k8s.io/mount-utils/mount_windows.go b/etcd/vendor/k8s.io/mount-utils/mount_windows.go deleted file mode 100644 index 7c7b396e5f..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/mount_windows.go +++ /dev/null @@ -1,355 +0,0 @@ -//go:build windows -// +build windows - -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" - "strings" - - "k8s.io/klog/v2" - "k8s.io/utils/keymutex" -) - -const ( - accessDenied string = "access is denied" -) - -// Mounter provides the default implementation of mount.Interface -// for the windows platform. This implementation assumes that the -// kubelet is running in the host's root mount namespace. -type Mounter struct { - mounterPath string -} - -// New returns a mount.Interface for the current system. -// It provides options to override the default mounter behavior. -// mounterPath allows using an alternative to `/bin/mount` for mounting. -func New(mounterPath string) Interface { - return &Mounter{ - mounterPath: mounterPath, - } -} - -// acquire lock for smb mount -var getSMBMountMutex = keymutex.NewHashed(0) - -// Mount : mounts source to target with given options. -// currently only supports cifs(smb), bind mount(for disk) -func (mounter *Mounter) Mount(source string, target string, fstype string, options []string) error { - return mounter.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) -} - -// MountSensitiveWithoutSystemd is the same as MountSensitive() but disable using ssytemd mount. -// Windows not supported systemd mount, this function degrades to MountSensitive(). -func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - return mounter.MountSensitive(source, target, fstype, options, sensitiveOptions /* sensitiveOptions */) -} - -// MountSensitiveWithoutSystemdWithMountFlags is the same as MountSensitiveWithoutSystemd with additional mount flags -// Windows not supported systemd mount, this function degrades to MountSensitive(). -func (mounter *Mounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { - return mounter.MountSensitive(source, target, fstype, options, sensitiveOptions /* sensitiveOptions */) -} - -// MountSensitive is the same as Mount() but this method allows -// sensitiveOptions to be passed in a separate parameter from the normal -// mount options and ensures the sensitiveOptions are never logged. This -// method should be used by callers that pass sensitive material (like -// passwords) as mount options. -func (mounter *Mounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error { - target = NormalizeWindowsPath(target) - sanitizedOptionsForLogging := sanitizedOptionsForLogging(options, sensitiveOptions) - - if source == "tmpfs" { - klog.V(3).Infof("mounting source (%q), target (%q), with options (%q)", source, target, sanitizedOptionsForLogging) - return os.MkdirAll(target, 0755) - } - - parentDir := filepath.Dir(target) - if err := os.MkdirAll(parentDir, 0755); err != nil { - return err - } - - klog.V(4).Infof("mount options(%q) source:%q, target:%q, fstype:%q, begin to mount", - sanitizedOptionsForLogging, source, target, fstype) - bindSource := source - - if bind, _, _, _ := MakeBindOptsSensitive(options, sensitiveOptions); bind { - bindSource = NormalizeWindowsPath(source) - } else { - allOptions := []string{} - allOptions = append(allOptions, options...) - allOptions = append(allOptions, sensitiveOptions...) - if len(allOptions) < 2 { - return fmt.Errorf("mount options(%q) should have at least 2 options, current number:%d, source:%q, target:%q", - sanitizedOptionsForLogging, len(allOptions), source, target) - } - - // currently only cifs mount is supported - if strings.ToLower(fstype) != "cifs" { - return fmt.Errorf("only cifs mount is supported now, fstype: %q, mounting source (%q), target (%q), with options (%q)", fstype, source, target, sanitizedOptionsForLogging) - } - - // lock smb mount for the same source - getSMBMountMutex.LockKey(source) - defer getSMBMountMutex.UnlockKey(source) - - username := allOptions[0] - password := allOptions[1] - if output, err := newSMBMapping(username, password, source); err != nil { - klog.Warningf("SMB Mapping(%s) returned with error(%v), output(%s)", source, err, string(output)) - if isSMBMappingExist(source) { - valid, err := isValidPath(source) - if !valid { - if err == nil || isAccessDeniedError(err) { - klog.V(2).Infof("SMB Mapping(%s) already exists while it's not valid, return error: %v, now begin to remove and remount", source, err) - if output, err = removeSMBMapping(source); err != nil { - return fmt.Errorf("Remove-SmbGlobalMapping failed: %v, output: %q", err, output) - } - if output, err := newSMBMapping(username, password, source); err != nil { - return fmt.Errorf("New-SmbGlobalMapping(%s) failed: %v, output: %q", source, err, output) - } - } - } else { - klog.V(2).Infof("SMB Mapping(%s) already exists and is still valid, skip error(%v)", source, err) - } - } else { - return fmt.Errorf("New-SmbGlobalMapping(%s) failed: %v, output: %q", source, err, output) - } - } - } - - // There is an issue in golang where EvalSymlinks fails on Windows when passed a - // UNC share root path without a trailing backslash. - // Ex: \\SERVER\share will fail to resolve but \\SERVER\share\ will resolve - // containerD on Windows calls EvalSymlinks so we'll add the backslash when making the symlink if it is missing. - // https://github.com/golang/go/pull/42096 fixes this issue in golang but a fix will not be available until - // golang v1.16 - mklinkSource := bindSource - if !strings.HasSuffix(mklinkSource, "\\") { - mklinkSource = mklinkSource + "\\" - } - - output, err := exec.Command("cmd", "/c", "mklink", "/D", target, mklinkSource).CombinedOutput() - if err != nil { - klog.Errorf("mklink failed: %v, source(%q) target(%q) output: %q", err, mklinkSource, target, string(output)) - return err - } - klog.V(2).Infof("mklink source(%q) on target(%q) successfully, output: %q", mklinkSource, target, string(output)) - - return nil -} - -// do the SMB mount with username, password, remotepath -// return (output, error) -func newSMBMapping(username, password, remotepath string) (string, error) { - if username == "" || password == "" || remotepath == "" { - return "", fmt.Errorf("invalid parameter(username: %s, password: %s, remoteapth: %s)", username, sensitiveOptionsRemoved, remotepath) - } - - // use PowerShell Environment Variables to store user input string to prevent command line injection - // https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1 - cmdLine := `$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force` + - `;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord` + - `;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential -RequirePrivacy $true` - cmd := exec.Command("powershell", "/c", cmdLine) - cmd.Env = append(os.Environ(), - fmt.Sprintf("smbuser=%s", username), - fmt.Sprintf("smbpassword=%s", password), - fmt.Sprintf("smbremotepath=%s", remotepath)) - - output, err := cmd.CombinedOutput() - return string(output), err -} - -// check whether remotepath is already mounted -func isSMBMappingExist(remotepath string) bool { - cmd := exec.Command("powershell", "/c", `Get-SmbGlobalMapping -RemotePath $Env:smbremotepath`) - cmd.Env = append(os.Environ(), fmt.Sprintf("smbremotepath=%s", remotepath)) - _, err := cmd.CombinedOutput() - return err == nil -} - -// check whether remotepath is valid -// return (true, nil) if remotepath is valid -func isValidPath(remotepath string) (bool, error) { - cmd := exec.Command("powershell", "/c", `Test-Path $Env:remoteapth`) - cmd.Env = append(os.Environ(), fmt.Sprintf("remoteapth=%s", remotepath)) - output, err := cmd.CombinedOutput() - if err != nil { - return false, fmt.Errorf("returned output: %s, error: %v", string(output), err) - } - - return strings.HasPrefix(strings.ToLower(string(output)), "true"), nil -} - -func isAccessDeniedError(err error) bool { - return err != nil && strings.Contains(strings.ToLower(err.Error()), accessDenied) -} - -// remove SMB mapping -func removeSMBMapping(remotepath string) (string, error) { - cmd := exec.Command("powershell", "/c", `Remove-SmbGlobalMapping -RemotePath $Env:smbremotepath -Force`) - cmd.Env = append(os.Environ(), fmt.Sprintf("smbremotepath=%s", remotepath)) - output, err := cmd.CombinedOutput() - return string(output), err -} - -// Unmount unmounts the target. -func (mounter *Mounter) Unmount(target string) error { - klog.V(4).Infof("Unmount target (%q)", target) - target = NormalizeWindowsPath(target) - if output, err := exec.Command("cmd", "/c", "rmdir", target).CombinedOutput(); err != nil { - klog.Errorf("rmdir failed: %v, output: %q", err, string(output)) - return err - } - return nil -} - -// List returns a list of all mounted filesystems. todo -func (mounter *Mounter) List() ([]MountPoint, error) { - return []MountPoint{}, nil -} - -// IsLikelyNotMountPoint determines if a directory is not a mountpoint. -func (mounter *Mounter) IsLikelyNotMountPoint(file string) (bool, error) { - stat, err := os.Lstat(file) - if err != nil { - return true, err - } - - if stat.Mode()&os.ModeSymlink != 0 { - return false, err - } - return true, nil -} - -// canSafelySkipMountPointCheck always returns false on Windows -func (mounter *Mounter) canSafelySkipMountPointCheck() bool { - return false -} - -// IsMountPoint: determines if a directory is a mountpoint. -func (mounter *Mounter) IsMountPoint(file string) (bool, error) { - isNotMnt, err := mounter.IsLikelyNotMountPoint(file) - if err != nil { - return false, err - } - return !isNotMnt, nil -} - -// GetMountRefs : empty implementation here since there is no place to query all mount points on Windows -func (mounter *Mounter) GetMountRefs(pathname string) ([]string, error) { - windowsPath := NormalizeWindowsPath(pathname) - pathExists, pathErr := PathExists(windowsPath) - if !pathExists { - return []string{}, nil - } else if IsCorruptedMnt(pathErr) { - klog.Warningf("GetMountRefs found corrupted mount at %s, treating as unmounted path", windowsPath) - return []string{}, nil - } else if pathErr != nil { - return nil, fmt.Errorf("error checking path %s: %v", windowsPath, pathErr) - } - return []string{pathname}, nil -} - -func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string, formatOptions []string) error { - // Try to mount the disk - klog.V(4).Infof("Attempting to formatAndMount disk: %s %s %s", fstype, source, target) - - if err := ValidateDiskNumber(source); err != nil { - klog.Errorf("diskMount: formatAndMount failed, err: %v", err) - return err - } - - if len(fstype) == 0 { - // Use 'NTFS' as the default - fstype = "NTFS" - } - - // format disk if it is unformatted(raw) - formatOptionsUnwrapped := "" - if len(formatOptions) > 0 { - formatOptionsUnwrapped = " " + strings.Join(formatOptions, " ") - } - cmd := fmt.Sprintf("Get-Disk -Number %s | Where partitionstyle -eq 'raw' | Initialize-Disk -PartitionStyle GPT -PassThru"+ - " | New-Partition -UseMaximumSize | Format-Volume -FileSystem %s -Confirm:$false%s", source, fstype, formatOptionsUnwrapped) - if output, err := mounter.Exec.Command("powershell", "/c", cmd).CombinedOutput(); err != nil { - return fmt.Errorf("diskMount: format disk failed, error: %v, output: %q", err, string(output)) - } - klog.V(4).Infof("diskMount: Disk successfully formatted, disk: %q, fstype: %q", source, fstype) - - volumeIds, err := listVolumesOnDisk(source) - if err != nil { - return err - } - driverPath := volumeIds[0] - target = NormalizeWindowsPath(target) - output, err := mounter.Exec.Command("cmd", "/c", "mklink", "/D", target, driverPath).CombinedOutput() - if err != nil { - klog.Errorf("mklink(%s, %s) failed: %v, output: %q", target, driverPath, err, string(output)) - return err - } - klog.V(2).Infof("formatAndMount disk(%s) fstype(%s) on(%s) with output(%s) successfully", driverPath, fstype, target, string(output)) - return nil -} - -// ListVolumesOnDisk - returns back list of volumes(volumeIDs) in the disk (requested in diskID). -func listVolumesOnDisk(diskID string) (volumeIDs []string, err error) { - cmd := fmt.Sprintf("(Get-Disk -DeviceId %s | Get-Partition | Get-Volume).UniqueId", diskID) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() - klog.V(4).Infof("listVolumesOnDisk id from %s: %s", diskID, string(output)) - if err != nil { - return []string{}, fmt.Errorf("error list volumes on disk. cmd: %s, output: %s, error: %v", cmd, string(output), err) - } - - volumeIds := strings.Split(strings.TrimSpace(string(output)), "\r\n") - return volumeIds, nil -} - -// getAllParentLinks walks all symbolic links and return all the parent targets recursively -func getAllParentLinks(path string) ([]string, error) { - const maxIter = 255 - links := []string{} - for { - links = append(links, path) - if len(links) > maxIter { - return links, fmt.Errorf("unexpected length of parent links: %v", links) - } - - fi, err := os.Lstat(path) - if err != nil { - return links, fmt.Errorf("Lstat: %v", err) - } - if fi.Mode()&os.ModeSymlink == 0 { - break - } - - path, err = os.Readlink(path) - if err != nil { - return links, fmt.Errorf("Readlink error: %v", err) - } - } - - return links, nil -} diff --git a/etcd/vendor/k8s.io/mount-utils/resizefs_linux.go b/etcd/vendor/k8s.io/mount-utils/resizefs_linux.go deleted file mode 100644 index 929d061e52..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/resizefs_linux.go +++ /dev/null @@ -1,266 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "fmt" - "strconv" - "strings" - - "k8s.io/klog/v2" - utilexec "k8s.io/utils/exec" -) - -// ResizeFs Provides support for resizing file systems -type ResizeFs struct { - exec utilexec.Interface -} - -// NewResizeFs returns new instance of resizer -func NewResizeFs(exec utilexec.Interface) *ResizeFs { - return &ResizeFs{exec: exec} -} - -// Resize perform resize of file system -func (resizefs *ResizeFs) Resize(devicePath string, deviceMountPath string) (bool, error) { - format, err := getDiskFormat(resizefs.exec, devicePath) - - if err != nil { - formatErr := fmt.Errorf("ResizeFS.Resize - error checking format for device %s: %v", devicePath, err) - return false, formatErr - } - - // If disk has no format, there is no need to resize the disk because mkfs.* - // by default will use whole disk anyways. - if format == "" { - return false, nil - } - - klog.V(3).Infof("ResizeFS.Resize - Expanding mounted volume %s", devicePath) - switch format { - case "ext3", "ext4": - return resizefs.extResize(devicePath) - case "xfs": - return resizefs.xfsResize(deviceMountPath) - case "btrfs": - return resizefs.btrfsResize(deviceMountPath) - } - return false, fmt.Errorf("ResizeFS.Resize - resize of format %s is not supported for device %s mounted at %s", format, devicePath, deviceMountPath) -} - -func (resizefs *ResizeFs) extResize(devicePath string) (bool, error) { - output, err := resizefs.exec.Command("resize2fs", devicePath).CombinedOutput() - if err == nil { - klog.V(2).Infof("Device %s resized successfully", devicePath) - return true, nil - } - - resizeError := fmt.Errorf("resize of device %s failed: %v. resize2fs output: %s", devicePath, err, string(output)) - return false, resizeError - -} - -func (resizefs *ResizeFs) xfsResize(deviceMountPath string) (bool, error) { - args := []string{"-d", deviceMountPath} - output, err := resizefs.exec.Command("xfs_growfs", args...).CombinedOutput() - - if err == nil { - klog.V(2).Infof("Device %s resized successfully", deviceMountPath) - return true, nil - } - - resizeError := fmt.Errorf("resize of device %s failed: %v. xfs_growfs output: %s", deviceMountPath, err, string(output)) - return false, resizeError -} - -func (resizefs *ResizeFs) btrfsResize(deviceMountPath string) (bool, error) { - args := []string{"filesystem", "resize", "max", deviceMountPath} - output, err := resizefs.exec.Command("btrfs", args...).CombinedOutput() - - if err == nil { - klog.V(2).Infof("Device %s resized successfully", deviceMountPath) - return true, nil - } - - resizeError := fmt.Errorf("resize of device %s failed: %v. btrfs output: %s", deviceMountPath, err, string(output)) - return false, resizeError -} - -func (resizefs *ResizeFs) NeedResize(devicePath string, deviceMountPath string) (bool, error) { - deviceSize, err := resizefs.getDeviceSize(devicePath) - if err != nil { - return false, err - } - var fsSize, blockSize uint64 - format, err := getDiskFormat(resizefs.exec, devicePath) - if err != nil { - formatErr := fmt.Errorf("ResizeFS.Resize - error checking format for device %s: %v", devicePath, err) - return false, formatErr - } - - // If disk has no format, there is no need to resize the disk because mkfs.* - // by default will use whole disk anyways. - if format == "" { - return false, nil - } - - klog.V(3).Infof("ResizeFs.needResize - checking mounted volume %s", devicePath) - switch format { - case "ext3", "ext4": - blockSize, fsSize, err = resizefs.getExtSize(devicePath) - klog.V(5).Infof("Ext size: filesystem size=%d, block size=%d", fsSize, blockSize) - case "xfs": - blockSize, fsSize, err = resizefs.getXFSSize(deviceMountPath) - klog.V(5).Infof("Xfs size: filesystem size=%d, block size=%d, err=%v", fsSize, blockSize, err) - case "btrfs": - blockSize, fsSize, err = resizefs.getBtrfsSize(devicePath) - klog.V(5).Infof("Btrfs size: filesystem size=%d, block size=%d, err=%v", fsSize, blockSize, err) - default: - klog.Errorf("Not able to parse given filesystem info. fsType: %s, will not resize", format) - return false, fmt.Errorf("Could not parse fs info on given filesystem format: %s. Supported fs types are: xfs, ext3, ext4", format) - } - if err != nil { - return false, err - } - // Tolerate one block difference, just in case of rounding errors somewhere. - klog.V(5).Infof("Volume %s: device size=%d, filesystem size=%d, block size=%d", devicePath, deviceSize, fsSize, blockSize) - if deviceSize <= fsSize+blockSize { - return false, nil - } - return true, nil -} -func (resizefs *ResizeFs) getDeviceSize(devicePath string) (uint64, error) { - output, err := resizefs.exec.Command("blockdev", "--getsize64", devicePath).CombinedOutput() - outStr := strings.TrimSpace(string(output)) - if err != nil { - return 0, fmt.Errorf("failed to read size of device %s: %s: %s", devicePath, err, outStr) - } - size, err := strconv.ParseUint(outStr, 10, 64) - if err != nil { - return 0, fmt.Errorf("failed to parse size of device %s %s: %s", devicePath, outStr, err) - } - return size, nil -} - -func (resizefs *ResizeFs) getExtSize(devicePath string) (uint64, uint64, error) { - output, err := resizefs.exec.Command("dumpe2fs", "-h", devicePath).CombinedOutput() - if err != nil { - return 0, 0, fmt.Errorf("failed to read size of filesystem on %s: %s: %s", devicePath, err, string(output)) - } - - blockSize, blockCount, _ := resizefs.parseFsInfoOutput(string(output), ":", "block size", "block count") - - if blockSize == 0 { - return 0, 0, fmt.Errorf("could not find block size of device %s", devicePath) - } - if blockCount == 0 { - return 0, 0, fmt.Errorf("could not find block count of device %s", devicePath) - } - return blockSize, blockSize * blockCount, nil -} - -func (resizefs *ResizeFs) getXFSSize(devicePath string) (uint64, uint64, error) { - output, err := resizefs.exec.Command("xfs_io", "-c", "statfs", devicePath).CombinedOutput() - if err != nil { - return 0, 0, fmt.Errorf("failed to read size of filesystem on %s: %s: %s", devicePath, err, string(output)) - } - - blockSize, blockCount, _ := resizefs.parseFsInfoOutput(string(output), "=", "geom.bsize", "geom.datablocks") - - if blockSize == 0 { - return 0, 0, fmt.Errorf("could not find block size of device %s", devicePath) - } - if blockCount == 0 { - return 0, 0, fmt.Errorf("could not find block count of device %s", devicePath) - } - return blockSize, blockSize * blockCount, nil -} - -func (resizefs *ResizeFs) getBtrfsSize(devicePath string) (uint64, uint64, error) { - output, err := resizefs.exec.Command("btrfs", "inspect-internal", "dump-super", "-f", devicePath).CombinedOutput() - if err != nil { - return 0, 0, fmt.Errorf("failed to read size of filesystem on %s: %s: %s", devicePath, err, string(output)) - } - - blockSize, totalBytes, _ := resizefs.parseBtrfsInfoOutput(string(output), "sectorsize", "total_bytes") - - if blockSize == 0 { - return 0, 0, fmt.Errorf("could not find block size of device %s", devicePath) - } - if totalBytes == 0 { - return 0, 0, fmt.Errorf("could not find total size of device %s", devicePath) - } - return blockSize, totalBytes, nil -} - -func (resizefs *ResizeFs) parseBtrfsInfoOutput(cmdOutput string, blockSizeKey string, totalBytesKey string) (uint64, uint64, error) { - lines := strings.Split(cmdOutput, "\n") - var blockSize, blockCount uint64 - var err error - - for _, line := range lines { - tokens := strings.Fields(line) - if len(tokens) != 2 { - continue - } - key, value := strings.ToLower(strings.TrimSpace(tokens[0])), strings.ToLower(strings.TrimSpace(tokens[1])) - - if key == blockSizeKey { - blockSize, err = strconv.ParseUint(value, 10, 64) - if err != nil { - return 0, 0, fmt.Errorf("failed to parse block size %s: %s", value, err) - } - } - if key == totalBytesKey { - blockCount, err = strconv.ParseUint(value, 10, 64) - if err != nil { - return 0, 0, fmt.Errorf("failed to parse total size %s: %s", value, err) - } - } - } - return blockSize, blockCount, err -} - -func (resizefs *ResizeFs) parseFsInfoOutput(cmdOutput string, spliter string, blockSizeKey string, blockCountKey string) (uint64, uint64, error) { - lines := strings.Split(cmdOutput, "\n") - var blockSize, blockCount uint64 - var err error - - for _, line := range lines { - tokens := strings.Split(line, spliter) - if len(tokens) != 2 { - continue - } - key, value := strings.ToLower(strings.TrimSpace(tokens[0])), strings.ToLower(strings.TrimSpace(tokens[1])) - if key == blockSizeKey { - blockSize, err = strconv.ParseUint(value, 10, 64) - if err != nil { - return 0, 0, fmt.Errorf("failed to parse block size %s: %s", value, err) - } - } - if key == blockCountKey { - blockCount, err = strconv.ParseUint(value, 10, 64) - if err != nil { - return 0, 0, fmt.Errorf("failed to parse block count %s: %s", value, err) - } - } - } - return blockSize, blockCount, err -} diff --git a/etcd/vendor/k8s.io/mount-utils/resizefs_unsupported.go b/etcd/vendor/k8s.io/mount-utils/resizefs_unsupported.go deleted file mode 100644 index 88b8b2410b..0000000000 --- a/etcd/vendor/k8s.io/mount-utils/resizefs_unsupported.go +++ /dev/null @@ -1,46 +0,0 @@ -//go:build !linux -// +build !linux - -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mount - -import ( - "fmt" - - utilexec "k8s.io/utils/exec" -) - -// ResizeFs Provides support for resizing file systems -type ResizeFs struct { - exec utilexec.Interface -} - -// NewResizeFs returns new instance of resizer -func NewResizeFs(exec utilexec.Interface) *ResizeFs { - return &ResizeFs{exec: exec} -} - -// Resize perform resize of file system -func (resizefs *ResizeFs) Resize(devicePath string, deviceMountPath string) (bool, error) { - return false, fmt.Errorf("Resize is not supported for this build") -} - -// NeedResize check whether mounted volume needs resize -func (resizefs *ResizeFs) NeedResize(devicePath string, deviceMountPath string) (bool, error) { - return false, fmt.Errorf("NeedResize is not supported for this build") -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/LICENSE b/etcd/vendor/k8s.io/pod-security-admission/LICENSE deleted file mode 100644 index 8dada3edaf..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/admission.go b/etcd/vendor/k8s.io/pod-security-admission/admission/admission.go deleted file mode 100644 index fc36f0530c..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/admission.go +++ /dev/null @@ -1,775 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "context" - "fmt" - "reflect" - "sort" - "strings" - "time" - - "k8s.io/klog/v2" - - admissionv1 "k8s.io/api/admission/v1" - appsv1 "k8s.io/api/apps/v1" - batchv1 "k8s.io/api/batch/v1" - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/validation/field" - admissionapi "k8s.io/pod-security-admission/admission/api" - "k8s.io/pod-security-admission/admission/api/validation" - "k8s.io/pod-security-admission/api" - "k8s.io/pod-security-admission/metrics" - "k8s.io/pod-security-admission/policy" -) - -const ( - defaultNamespaceMaxPodsToCheck = 3000 - defaultNamespacePodCheckTimeout = 1 * time.Second -) - -// Admission implements the core admission logic for the Pod Security Admission controller. -// The admission logic can be -type Admission struct { - Configuration *admissionapi.PodSecurityConfiguration - - // Getting policy checks per level/version - Evaluator policy.Evaluator - - // Metrics - Metrics metrics.Recorder - - // Arbitrary object --> PodSpec - PodSpecExtractor PodSpecExtractor - - // API connections - NamespaceGetter NamespaceGetter - PodLister PodLister - - defaultPolicy api.Policy - - namespaceMaxPodsToCheck int - namespacePodCheckTimeout time.Duration -} - -type NamespaceGetter interface { - GetNamespace(ctx context.Context, name string) (*corev1.Namespace, error) -} - -type PodLister interface { - ListPods(ctx context.Context, namespace string) ([]*corev1.Pod, error) -} - -// PodSpecExtractor extracts a PodSpec from pod-controller resources that embed a PodSpec. -// This interface can be extended to enforce policy on CRDs for custom pod-controllers. -type PodSpecExtractor interface { - // HasPodSpec returns true if the given resource type MAY contain an extractable PodSpec. - HasPodSpec(schema.GroupResource) bool - // ExtractPodSpec returns a pod spec and metadata to evaluate from the object. - // An error returned here does not block admission of the pod-spec-containing object and is not returned to the user. - // If the object has no pod spec, return `nil, nil, nil`. - ExtractPodSpec(runtime.Object) (*metav1.ObjectMeta, *corev1.PodSpec, error) -} - -var defaultPodSpecResources = map[schema.GroupResource]bool{ - corev1.Resource("pods"): true, - corev1.Resource("replicationcontrollers"): true, - corev1.Resource("podtemplates"): true, - appsv1.Resource("replicasets"): true, - appsv1.Resource("deployments"): true, - appsv1.Resource("statefulsets"): true, - appsv1.Resource("daemonsets"): true, - batchv1.Resource("jobs"): true, - batchv1.Resource("cronjobs"): true, -} - -type DefaultPodSpecExtractor struct{} - -func (DefaultPodSpecExtractor) HasPodSpec(gr schema.GroupResource) bool { - return defaultPodSpecResources[gr] -} - -func (DefaultPodSpecExtractor) ExtractPodSpec(obj runtime.Object) (*metav1.ObjectMeta, *corev1.PodSpec, error) { - switch o := obj.(type) { - case *corev1.Pod: - return &o.ObjectMeta, &o.Spec, nil - case *corev1.PodTemplate: - return extractPodSpecFromTemplate(&o.Template) - case *corev1.ReplicationController: - return extractPodSpecFromTemplate(o.Spec.Template) - case *appsv1.ReplicaSet: - return extractPodSpecFromTemplate(&o.Spec.Template) - case *appsv1.Deployment: - return extractPodSpecFromTemplate(&o.Spec.Template) - case *appsv1.DaemonSet: - return extractPodSpecFromTemplate(&o.Spec.Template) - case *appsv1.StatefulSet: - return extractPodSpecFromTemplate(&o.Spec.Template) - case *batchv1.Job: - return extractPodSpecFromTemplate(&o.Spec.Template) - case *batchv1.CronJob: - return extractPodSpecFromTemplate(&o.Spec.JobTemplate.Spec.Template) - default: - return nil, nil, fmt.Errorf("unexpected object type: %s", obj.GetObjectKind().GroupVersionKind().String()) - } -} - -func (DefaultPodSpecExtractor) PodSpecResources() []schema.GroupResource { - retval := make([]schema.GroupResource, 0, len(defaultPodSpecResources)) - for r := range defaultPodSpecResources { - retval = append(retval, r) - } - return retval -} - -func extractPodSpecFromTemplate(template *corev1.PodTemplateSpec) (*metav1.ObjectMeta, *corev1.PodSpec, error) { - if template == nil { - return nil, nil, nil - } - return &template.ObjectMeta, &template.Spec, nil -} - -// CompleteConfiguration sets up default or derived configuration. -func (a *Admission) CompleteConfiguration() error { - if a.Configuration != nil { - if p, err := admissionapi.ToPolicy(a.Configuration.Defaults); err != nil { - return err - } else { - a.defaultPolicy = p - } - } - a.namespaceMaxPodsToCheck = defaultNamespaceMaxPodsToCheck - a.namespacePodCheckTimeout = defaultNamespacePodCheckTimeout - - if a.PodSpecExtractor == nil { - a.PodSpecExtractor = &DefaultPodSpecExtractor{} - } - - return nil -} - -// ValidateConfiguration ensures all required fields are set with valid values. -func (a *Admission) ValidateConfiguration() error { - if a.Configuration == nil { - return fmt.Errorf("configuration required") - } else if errs := validation.ValidatePodSecurityConfiguration(a.Configuration); len(errs) > 0 { - return errs.ToAggregate() - } else { - if p, err := admissionapi.ToPolicy(a.Configuration.Defaults); err != nil { - return err - } else if !reflect.DeepEqual(p, a.defaultPolicy) { - return fmt.Errorf("default policy does not match; CompleteConfiguration() was not called before ValidateConfiguration()") - } - } - if a.namespaceMaxPodsToCheck == 0 || a.namespacePodCheckTimeout == 0 { - return fmt.Errorf("namespace configuration not set; CompleteConfiguration() was not called before ValidateConfiguration()") - } - if a.Metrics == nil { - return fmt.Errorf("Metrics recorder required") - } - if a.PodSpecExtractor == nil { - return fmt.Errorf("PodSpecExtractor required") - } - if a.Evaluator == nil { - return fmt.Errorf("Evaluator required") - } - if a.NamespaceGetter == nil { - return fmt.Errorf("NamespaceGetter required") - } - if a.PodLister == nil { - return fmt.Errorf("PodLister required") - } - return nil -} - -var ( - namespacesResource = corev1.Resource("namespaces") - podsResource = corev1.Resource("pods") -) - -// Validate admits an API request. -// The objects in admission attributes are expected to be external v1 objects that we care about. -// The returned response may be shared and must not be mutated. -func (a *Admission) Validate(ctx context.Context, attrs api.Attributes) *admissionv1.AdmissionResponse { - var response *admissionv1.AdmissionResponse - switch attrs.GetResource().GroupResource() { - case namespacesResource: - response = a.ValidateNamespace(ctx, attrs) - case podsResource: - response = a.ValidatePod(ctx, attrs) - default: - response = a.ValidatePodController(ctx, attrs) - } - return response -} - -// ValidateNamespace evaluates a namespace create or update request to ensure the pod security labels are valid, -// and checks existing pods in the namespace for violations of the new policy when updating the enforce level on a namespace. -// The returned response may be shared between evaluations and must not be mutated. -func (a *Admission) ValidateNamespace(ctx context.Context, attrs api.Attributes) *admissionv1.AdmissionResponse { - // short-circuit on subresources - if attrs.GetSubresource() != "" { - return sharedAllowedResponse - } - obj, err := attrs.GetObject() - if err != nil { - klog.ErrorS(err, "failed to decode object") - return errorResponse(err, &apierrors.NewBadRequest("failed to decode object").ErrStatus) - } - namespace, ok := obj.(*corev1.Namespace) - if !ok { - klog.InfoS("failed to assert namespace type", "type", reflect.TypeOf(obj)) - return errorResponse(nil, &apierrors.NewBadRequest("failed to decode namespace").ErrStatus) - } - - newPolicy, newErrs := a.PolicyToEvaluate(namespace.Labels) - - switch attrs.GetOperation() { - case admissionv1.Create: - // require valid labels on create - if len(newErrs) > 0 { - return invalidResponse(attrs, newErrs) - } - if a.exemptNamespace(attrs.GetNamespace()) { - if warning := a.exemptNamespaceWarning(namespace.Name, newPolicy, namespace.Labels); warning != "" { - response := allowedResponse() - response.Warnings = append(response.Warnings, warning) - return response - } - } - return sharedAllowedResponse - - case admissionv1.Update: - // if update, check if policy labels changed - oldObj, err := attrs.GetOldObject() - if err != nil { - klog.ErrorS(err, "failed to decode old object") - return errorResponse(err, &apierrors.NewBadRequest("failed to decode old object").ErrStatus) - } - oldNamespace, ok := oldObj.(*corev1.Namespace) - if !ok { - klog.InfoS("failed to assert old namespace type", "type", reflect.TypeOf(oldObj)) - return errorResponse(nil, &apierrors.NewBadRequest("failed to decode old namespace").ErrStatus) - } - oldPolicy, oldErrs := a.PolicyToEvaluate(oldNamespace.Labels) - - // require valid labels on update if they have changed - if len(newErrs) > 0 && (len(oldErrs) == 0 || !reflect.DeepEqual(newErrs, oldErrs)) { - return invalidResponse(attrs, newErrs) - } - - // Skip dry-running pods: - // * if the enforce policy is unchanged - // * if the new enforce policy is privileged - // * if the new enforce is the same version and level was relaxed - // * for exempt namespaces - if newPolicy.Enforce == oldPolicy.Enforce { - return sharedAllowedResponse - } - if newPolicy.Enforce.Level == api.LevelPrivileged { - return sharedAllowedResponse - } - if newPolicy.Enforce.Version == oldPolicy.Enforce.Version && - api.CompareLevels(newPolicy.Enforce.Level, oldPolicy.Enforce.Level) < 1 { - return sharedAllowedResponse - } - if a.exemptNamespace(attrs.GetNamespace()) { - if warning := a.exemptNamespaceWarning(namespace.Name, newPolicy, namespace.Labels); warning != "" { - response := allowedResponse() - response.Warnings = append(response.Warnings, warning) - return response - } - return sharedAllowedResponse - } - response := allowedResponse() - response.Warnings = a.EvaluatePodsInNamespace(ctx, namespace.Name, newPolicy.Enforce) - return response - - default: - return sharedAllowedResponse - } -} - -// ignoredPodSubresources is a set of ignored Pod subresources. -// Any other subresource is expected to be a *v1.Pod type and is evaluated. -// This ensures a version skewed webhook fails safe and denies an unknown pod subresource that allows modifying the pod spec. -var ignoredPodSubresources = map[string]bool{ - "exec": true, - "attach": true, - "binding": true, - "eviction": true, - "log": true, - "portforward": true, - "proxy": true, - "status": true, -} - -// ValidatePod evaluates a pod create or update request against the effective policy for the namespace. -// The returned response may be shared between evaluations and must not be mutated. -func (a *Admission) ValidatePod(ctx context.Context, attrs api.Attributes) *admissionv1.AdmissionResponse { - // short-circuit on ignored subresources - if ignoredPodSubresources[attrs.GetSubresource()] { - return sharedAllowedResponse - } - // short-circuit on exempt namespaces and users - if a.exemptNamespace(attrs.GetNamespace()) { - a.Metrics.RecordExemption(attrs) - return sharedAllowedByNamespaceExemptionResponse - } - - if a.exemptUser(attrs.GetUserName()) { - a.Metrics.RecordExemption(attrs) - return sharedAllowedByUserExemptionResponse - } - - // short-circuit on privileged enforce+audit+warn namespaces - namespace, err := a.NamespaceGetter.GetNamespace(ctx, attrs.GetNamespace()) - if err != nil { - klog.ErrorS(err, "failed to fetch pod namespace", "namespace", attrs.GetNamespace()) - a.Metrics.RecordError(true, attrs) - return errorResponse(err, &apierrors.NewInternalError(fmt.Errorf("failed to lookup namespace %q", attrs.GetNamespace())).ErrStatus) - } - nsPolicy, nsPolicyErrs := a.PolicyToEvaluate(namespace.Labels) - if len(nsPolicyErrs) == 0 && nsPolicy.FullyPrivileged() { - a.Metrics.RecordEvaluation(metrics.DecisionAllow, nsPolicy.Enforce, metrics.ModeEnforce, attrs) - return sharedAllowedPrivilegedResponse - } - - obj, err := attrs.GetObject() - if err != nil { - klog.ErrorS(err, "failed to decode object") - a.Metrics.RecordError(true, attrs) - return errorResponse(err, &apierrors.NewBadRequest("failed to decode object").ErrStatus) - } - pod, ok := obj.(*corev1.Pod) - if !ok { - klog.InfoS("failed to assert pod type", "type", reflect.TypeOf(obj)) - a.Metrics.RecordError(true, attrs) - return errorResponse(nil, &apierrors.NewBadRequest("failed to decode pod").ErrStatus) - } - if attrs.GetOperation() == admissionv1.Update { - oldObj, err := attrs.GetOldObject() - if err != nil { - klog.ErrorS(err, "failed to decode old object") - a.Metrics.RecordError(true, attrs) - return errorResponse(err, &apierrors.NewBadRequest("failed to decode old object").ErrStatus) - } - oldPod, ok := oldObj.(*corev1.Pod) - if !ok { - klog.InfoS("failed to assert old pod type", "type", reflect.TypeOf(oldObj)) - a.Metrics.RecordError(true, attrs) - return errorResponse(nil, &apierrors.NewBadRequest("failed to decode old pod").ErrStatus) - } - if !isSignificantPodUpdate(pod, oldPod) { - // Nothing we care about changed, so always allow the update. - return sharedAllowedResponse - } - } - return a.EvaluatePod(ctx, nsPolicy, nsPolicyErrs.ToAggregate(), &pod.ObjectMeta, &pod.Spec, attrs, true) -} - -// ValidatePodController evaluates a pod controller create or update request against the effective policy for the namespace. -// The returned response may be shared between evaluations and must not be mutated. -func (a *Admission) ValidatePodController(ctx context.Context, attrs api.Attributes) *admissionv1.AdmissionResponse { - // short-circuit on subresources - if attrs.GetSubresource() != "" { - return sharedAllowedResponse - } - // short-circuit on exempt namespaces and users - if a.exemptNamespace(attrs.GetNamespace()) { - a.Metrics.RecordExemption(attrs) - return sharedAllowedByNamespaceExemptionResponse - } - - if a.exemptUser(attrs.GetUserName()) { - a.Metrics.RecordExemption(attrs) - return sharedAllowedByUserExemptionResponse - } - - // short-circuit on privileged audit+warn namespaces - namespace, err := a.NamespaceGetter.GetNamespace(ctx, attrs.GetNamespace()) - if err != nil { - klog.ErrorS(err, "failed to fetch pod namespace", "namespace", attrs.GetNamespace()) - a.Metrics.RecordError(true, attrs) - response := allowedResponse() - response.AuditAnnotations = map[string]string{ - "error": fmt.Sprintf("failed to lookup namespace %q: %v", attrs.GetNamespace(), err), - } - return response - } - nsPolicy, nsPolicyErrs := a.PolicyToEvaluate(namespace.Labels) - if len(nsPolicyErrs) == 0 && nsPolicy.Warn.Level == api.LevelPrivileged && nsPolicy.Audit.Level == api.LevelPrivileged { - return sharedAllowedResponse - } - - obj, err := attrs.GetObject() - if err != nil { - klog.ErrorS(err, "failed to decode object") - a.Metrics.RecordError(true, attrs) - response := allowedResponse() - response.AuditAnnotations = map[string]string{ - "error": fmt.Sprintf("failed to decode object: %v", err), - } - return response - } - podMetadata, podSpec, err := a.PodSpecExtractor.ExtractPodSpec(obj) - if err != nil { - klog.ErrorS(err, "failed to extract pod spec") - a.Metrics.RecordError(true, attrs) - response := allowedResponse() - response.AuditAnnotations = map[string]string{ - "error": fmt.Sprintf("failed to extract pod template: %v", err), - } - return response - } - if podMetadata == nil && podSpec == nil { - // if a controller with an optional pod spec does not contain a pod spec, skip validation - return sharedAllowedResponse - } - return a.EvaluatePod(ctx, nsPolicy, nsPolicyErrs.ToAggregate(), podMetadata, podSpec, attrs, false) -} - -// EvaluatePod evaluates the given policy against the given pod(-like) object. -// The enforce policy is only checked if enforce=true. -// The returned response may be shared between evaluations and must not be mutated. -func (a *Admission) EvaluatePod(ctx context.Context, nsPolicy api.Policy, nsPolicyErr error, podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec, attrs api.Attributes, enforce bool) *admissionv1.AdmissionResponse { - // short-circuit on exempt runtimeclass - if a.exemptRuntimeClass(podSpec.RuntimeClassName) { - a.Metrics.RecordExemption(attrs) - return sharedAllowedByRuntimeClassExemptionResponse - } - - auditAnnotations := map[string]string{} - if nsPolicyErr != nil { - klog.V(2).InfoS("failed to parse PodSecurity namespace labels", "err", nsPolicyErr) - auditAnnotations["error"] = fmt.Sprintf("Failed to parse policy: %v", nsPolicyErr) - a.Metrics.RecordError(false, attrs) - } - - klogV := klog.V(5) - if klogV.Enabled() { - klogV.InfoS("PodSecurity evaluation", "policy", fmt.Sprintf("%v", nsPolicy), "op", attrs.GetOperation(), "resource", attrs.GetResource(), "namespace", attrs.GetNamespace(), "name", attrs.GetName()) - } - cachedResults := make(map[api.LevelVersion]policy.AggregateCheckResult) - response := allowedResponse() - if enforce { - auditAnnotations[api.EnforcedPolicyAnnotationKey] = nsPolicy.Enforce.String() - - result := policy.AggregateCheckResults(a.Evaluator.EvaluatePod(nsPolicy.Enforce, podMetadata, podSpec)) - if !result.Allowed { - response = forbiddenResponse(attrs, fmt.Errorf( - "violates PodSecurity %q: %s", - nsPolicy.Enforce.String(), - result.ForbiddenDetail(), - )) - a.Metrics.RecordEvaluation(metrics.DecisionDeny, nsPolicy.Enforce, metrics.ModeEnforce, attrs) - } else { - a.Metrics.RecordEvaluation(metrics.DecisionAllow, nsPolicy.Enforce, metrics.ModeEnforce, attrs) - } - cachedResults[nsPolicy.Enforce] = result - } - - // reuse previous evaluation if audit level+version is the same as enforce level+version - - auditResult, ok := cachedResults[nsPolicy.Audit] - if !ok { - auditResult = policy.AggregateCheckResults(a.Evaluator.EvaluatePod(nsPolicy.Audit, podMetadata, podSpec)) - cachedResults[nsPolicy.Audit] = auditResult - } - if !auditResult.Allowed { - auditAnnotations[api.AuditViolationsAnnotationKey] = fmt.Sprintf( - "would violate PodSecurity %q: %s", - nsPolicy.Audit.String(), - auditResult.ForbiddenDetail(), - ) - a.Metrics.RecordEvaluation(metrics.DecisionDeny, nsPolicy.Audit, metrics.ModeAudit, attrs) - } - - // avoid adding warnings to a request we're already going to reject with an error - if response.Allowed { - // reuse previous evaluation if warn level+version is the same as audit or enforce level+version - warnResult, ok := cachedResults[nsPolicy.Warn] - if !ok { - warnResult = policy.AggregateCheckResults(a.Evaluator.EvaluatePod(nsPolicy.Warn, podMetadata, podSpec)) - } - if !warnResult.Allowed { - // TODO: Craft a better user-facing warning message - response.Warnings = append(response.Warnings, fmt.Sprintf( - "would violate PodSecurity %q: %s", - nsPolicy.Warn.String(), - warnResult.ForbiddenDetail(), - )) - a.Metrics.RecordEvaluation(metrics.DecisionDeny, nsPolicy.Warn, metrics.ModeWarn, attrs) - } - } - - response.AuditAnnotations = auditAnnotations - return response -} - -// podCount is used to track the number of pods sharing identical warnings when validating a namespace -type podCount struct { - // podName is the lexically first pod name for the given warning - podName string - - // podCount is the total number of pods with the same warnings - podCount int -} - -func (a *Admission) EvaluatePodsInNamespace(ctx context.Context, namespace string, enforce api.LevelVersion) []string { - // start with the default timeout - timeout := a.namespacePodCheckTimeout - if deadline, ok := ctx.Deadline(); ok { - timeRemaining := time.Until(deadline) / 2 // don't take more than half the remaining time - if timeout > timeRemaining { - timeout = timeRemaining - } - } - deadline := time.Now().Add(timeout) - ctx, cancel := context.WithDeadline(ctx, deadline) - defer cancel() - - pods, err := a.PodLister.ListPods(ctx, namespace) - if err != nil { - klog.ErrorS(err, "failed to list pods", "namespace", namespace) - return []string{"failed to list pods while checking new PodSecurity enforce level"} - } - - var ( - warnings []string - - podWarnings []string - podWarningsToCount = make(map[string]podCount) - prioritizedPods = a.prioritizePods(pods) - ) - - totalPods := len(prioritizedPods) - if len(prioritizedPods) > a.namespaceMaxPodsToCheck { - prioritizedPods = prioritizedPods[0:a.namespaceMaxPodsToCheck] - } - - checkedPods := len(prioritizedPods) - for i, pod := range prioritizedPods { - r := policy.AggregateCheckResults(a.Evaluator.EvaluatePod(enforce, &pod.ObjectMeta, &pod.Spec)) - if !r.Allowed { - warning := r.ForbiddenReason() - c, seen := podWarningsToCount[warning] - if !seen { - c.podName = pod.Name - podWarnings = append(podWarnings, warning) - } else if pod.Name < c.podName { - c.podName = pod.Name - } - c.podCount++ - podWarningsToCount[warning] = c - } - if err := ctx.Err(); err != nil { // deadline exceeded or context was cancelled - checkedPods = i + 1 - break - } - } - - if checkedPods < totalPods { - warnings = append(warnings, fmt.Sprintf("new PodSecurity enforce level only checked against the first %d of %d existing pods", checkedPods, totalPods)) - } - - if len(podWarnings) > 0 { - warnings = append(warnings, fmt.Sprintf("existing pods in namespace %q violate the new PodSecurity enforce level %q", namespace, enforce.String())) - } - - // prepend pod names to warnings - decoratePodWarnings(podWarningsToCount, podWarnings) - // put warnings in a deterministic order - sort.Strings(podWarnings) - - return append(warnings, podWarnings...) -} - -// prefixes warnings with the pod names related to that warning -func decoratePodWarnings(podWarningsToCount map[string]podCount, warnings []string) { - for i, warning := range warnings { - c := podWarningsToCount[warning] - switch c.podCount { - case 0: - // unexpected, just leave the warning alone - case 1: - warnings[i] = fmt.Sprintf("%s: %s", c.podName, warning) - case 2: - warnings[i] = fmt.Sprintf("%s (and 1 other pod): %s", c.podName, warning) - default: - warnings[i] = fmt.Sprintf("%s (and %d other pods): %s", c.podName, c.podCount-1, warning) - } - } -} - -func (a *Admission) PolicyToEvaluate(labels map[string]string) (api.Policy, field.ErrorList) { - return api.PolicyToEvaluate(labels, a.defaultPolicy) -} - -// isSignificantPodUpdate determines whether a pod update should trigger a policy evaluation. -// Relevant mutable pod fields as of 1.21 are image annotations: -// * https://github.com/kubernetes/kubernetes/blob/release-1.21/pkg/apis/core/validation/validation.go#L3947-L3949 -func isSignificantPodUpdate(pod, oldPod *corev1.Pod) bool { - // TODO: invert this logic to only allow specific update types. - if len(pod.Spec.Containers) != len(oldPod.Spec.Containers) { - return true - } - if len(pod.Spec.InitContainers) != len(oldPod.Spec.InitContainers) { - return true - } - for i := 0; i < len(pod.Spec.Containers); i++ { - if isSignificantContainerUpdate(&pod.Spec.Containers[i], &oldPod.Spec.Containers[i], pod.Annotations, oldPod.Annotations) { - return true - } - } - for i := 0; i < len(pod.Spec.InitContainers); i++ { - if isSignificantContainerUpdate(&pod.Spec.InitContainers[i], &oldPod.Spec.InitContainers[i], pod.Annotations, oldPod.Annotations) { - return true - } - } - for _, c := range pod.Spec.EphemeralContainers { - var oldC *corev1.Container - for i, oc := range oldPod.Spec.EphemeralContainers { - if oc.Name == c.Name { - oldC = (*corev1.Container)(&oldPod.Spec.EphemeralContainers[i].EphemeralContainerCommon) - break - } - } - if oldC == nil { - return true // EphemeralContainer added - } - if isSignificantContainerUpdate((*corev1.Container)(&c.EphemeralContainerCommon), oldC, pod.Annotations, oldPod.Annotations) { - return true - } - } - return false -} - -// isSignificantContainerUpdate determines whether a container update should trigger a policy evaluation. -func isSignificantContainerUpdate(container, oldContainer *corev1.Container, annotations, oldAnnotations map[string]string) bool { - if container.Image != oldContainer.Image { - return true - } - // TODO(saschagrunert): Remove this logic in 1.27. - seccompKey := corev1.SeccompContainerAnnotationKeyPrefix + container.Name - return annotations[seccompKey] != oldAnnotations[seccompKey] -} - -func (a *Admission) exemptNamespace(namespace string) bool { - if len(namespace) == 0 { - return false - } - // TODO: consider optimizing to O(1) lookup - return containsString(namespace, a.Configuration.Exemptions.Namespaces) -} -func (a *Admission) exemptUser(username string) bool { - if len(username) == 0 { - return false - } - // TODO: consider optimizing to O(1) lookup - return containsString(username, a.Configuration.Exemptions.Usernames) -} -func (a *Admission) exemptRuntimeClass(runtimeClass *string) bool { - if runtimeClass == nil || len(*runtimeClass) == 0 { - return false - } - // TODO: consider optimizing to O(1) lookup - return containsString(*runtimeClass, a.Configuration.Exemptions.RuntimeClasses) -} - -// Filter and prioritize pods based on runtimeclass and uniqueness of the controller respectively for evaluation. -// The input slice is modified in place and should not be reused. -func (a *Admission) prioritizePods(pods []*corev1.Pod) []*corev1.Pod { - // accumulate the list of prioritized pods in-place to avoid double-allocating - prioritizedPods := pods[:0] - // accumulate any additional replicated pods after the first one encountered for a given controller uid - var duplicateReplicatedPods []*corev1.Pod - evaluatedControllers := make(map[types.UID]bool) - for _, pod := range pods { - // short-circuit on exempt runtimeclass - if a.exemptRuntimeClass(pod.Spec.RuntimeClassName) { - continue - } - // short-circuit if pod from the same controller is evaluated - podOwnerControllerRef := metav1.GetControllerOfNoCopy(pod) - if podOwnerControllerRef == nil { - prioritizedPods = append(prioritizedPods, pod) - continue - } - if evaluatedControllers[podOwnerControllerRef.UID] { - duplicateReplicatedPods = append(duplicateReplicatedPods, pod) - continue - } - prioritizedPods = append(prioritizedPods, pod) - evaluatedControllers[podOwnerControllerRef.UID] = true - } - return append(prioritizedPods, duplicateReplicatedPods...) -} - -func containsString(needle string, haystack []string) bool { - for _, s := range haystack { - if s == needle { - return true - } - } - return false -} - -// exemptNamespaceWarning returns a non-empty warning message if the exempt namespace has a -// non-privileged policy and sets pod security labels. -func (a *Admission) exemptNamespaceWarning(exemptNamespace string, policy api.Policy, nsLabels map[string]string) string { - if policy.FullyPrivileged() || policy.Equivalent(&a.defaultPolicy) { - return "" - } - - // Build a compact representation of the policy, only printing non-privileged modes that have - // been explicitly set. - sb := strings.Builder{} - _, hasEnforceLevel := nsLabels[api.EnforceLevelLabel] - _, hasEnforceVersion := nsLabels[api.EnforceVersionLabel] - if policy.Enforce.Level != api.LevelPrivileged && (hasEnforceLevel || hasEnforceVersion) { - sb.WriteString("enforce=") - sb.WriteString(policy.Enforce.String()) - } - _, hasAuditLevel := nsLabels[api.AuditLevelLabel] - _, hasAuditVersion := nsLabels[api.AuditVersionLabel] - if policy.Audit.Level != api.LevelPrivileged && (hasAuditLevel || hasAuditVersion) { - if sb.Len() > 0 { - sb.WriteString(", ") - } - sb.WriteString("audit=") - sb.WriteString(policy.Audit.String()) - } - _, hasWarnLevel := nsLabels[api.WarnLevelLabel] - _, hasWarnVersion := nsLabels[api.WarnVersionLabel] - if policy.Warn.Level != api.LevelPrivileged && (hasWarnLevel || hasWarnVersion) { - if sb.Len() > 0 { - sb.WriteString(", ") - } - sb.WriteString("warn=") - sb.WriteString(policy.Warn.String()) - } - - return fmt.Sprintf("namespace %q is exempt from Pod Security, and the policy (%s) will be ignored", - exemptNamespace, sb.String()) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/doc.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/doc.go deleted file mode 100644 index 3694a2c6f1..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -// Package api contains PodSecurity admission configuration file types -package api diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/helpers.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/helpers.go deleted file mode 100644 index 86591615d1..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/helpers.go +++ /dev/null @@ -1,87 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/util/errors" - policyapi "k8s.io/pod-security-admission/api" -) - -var requiredErr = fmt.Errorf("required") - -// TODO: deduplicate against PolicyToEvaluate -func ToPolicy(defaults PodSecurityDefaults) (policyapi.Policy, error) { - var ( - err error - errs []error - p policyapi.Policy - ) - - if len(defaults.Enforce) == 0 { - errs = appendErr(errs, requiredErr, "enforce") - } else { - p.Enforce.Level, err = policyapi.ParseLevel(defaults.Enforce) - errs = appendErr(errs, err, "enforce") - } - - if len(defaults.EnforceVersion) == 0 { - errs = appendErr(errs, requiredErr, "enforce-version") - } else { - p.Enforce.Version, err = policyapi.ParseVersion(defaults.EnforceVersion) - errs = appendErr(errs, err, "enforce-version") - } - - if len(defaults.Audit) == 0 { - errs = appendErr(errs, requiredErr, "audit") - } else { - p.Audit.Level, err = policyapi.ParseLevel(defaults.Audit) - errs = appendErr(errs, err, "audit") - } - - if len(defaults.AuditVersion) == 0 { - errs = appendErr(errs, requiredErr, "audit-version") - } else { - p.Audit.Version, err = policyapi.ParseVersion(defaults.AuditVersion) - errs = appendErr(errs, err, "audit-version") - } - - if len(defaults.Warn) == 0 { - errs = appendErr(errs, requiredErr, "warn") - } else { - p.Warn.Level, err = policyapi.ParseLevel(defaults.Warn) - errs = appendErr(errs, err, "warn") - } - - if len(defaults.WarnVersion) == 0 { - errs = appendErr(errs, requiredErr, "warn-version") - } else { - p.Warn.Version, err = policyapi.ParseVersion(defaults.WarnVersion) - errs = appendErr(errs, err, "warn-version") - } - - return p, errors.NewAggregate(errs) -} - -// appendErr is a helper function to collect field-specific errors. -func appendErr(errs []error, err error, field string) []error { - if err != nil { - return append(errs, fmt.Errorf("%s: %s", field, err.Error())) - } - return errs -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/load/load.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/load/load.go deleted file mode 100644 index 15247b6908..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/load/load.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package load - -import ( - "fmt" - "io" - "os" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/pod-security-admission/admission/api" - "k8s.io/pod-security-admission/admission/api/scheme" - apiv1 "k8s.io/pod-security-admission/admission/api/v1" -) - -func LoadFromFile(file string) (*api.PodSecurityConfiguration, error) { - if len(file) == 0 { - // no file specified, use default config - return LoadFromData(nil) - } - - // read from file - data, err := os.ReadFile(file) - if err != nil { - return nil, err - } - return LoadFromData(data) -} - -func LoadFromReader(reader io.Reader) (*api.PodSecurityConfiguration, error) { - if reader == nil { - // no reader specified, use default config - return LoadFromData(nil) - } - - data, err := io.ReadAll(reader) - if err != nil { - return nil, err - } - return LoadFromData(data) -} - -func LoadFromData(data []byte) (*api.PodSecurityConfiguration, error) { - if len(data) == 0 { - // no config provided, return default - externalConfig := &apiv1.PodSecurityConfiguration{} - scheme.Scheme.Default(externalConfig) - internalConfig := &api.PodSecurityConfiguration{} - if err := scheme.Scheme.Convert(externalConfig, internalConfig, nil); err != nil { - return nil, err - } - return internalConfig, nil - } - - decodedObj, err := runtime.Decode(scheme.Codecs.UniversalDecoder(), data) - if err != nil { - return nil, err - } - configuration, ok := decodedObj.(*api.PodSecurityConfiguration) - if !ok { - return nil, fmt.Errorf("expected PodSecurityConfiguration, got %T", decodedObj) - } - return configuration, nil -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/register.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/register.go deleted file mode 100644 index 3e62b00862..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "pod-security.admission.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -var ( - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &PodSecurityConfiguration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/scheme/scheme.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/scheme/scheme.go deleted file mode 100644 index a69c2b2278..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/scheme/scheme.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package scheme - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - podsecurityapi "k8s.io/pod-security-admission/admission/api" - podsecurityv1 "k8s.io/pod-security-admission/admission/api/v1" - podsecurityv1alpha1 "k8s.io/pod-security-admission/admission/api/v1alpha1" - podsecurityv1beta1 "k8s.io/pod-security-admission/admission/api/v1beta1" -) - -var ( - // Scheme is the runtime.Scheme to which all podsecurity api types are registered. - Scheme = runtime.NewScheme() - - // Codecs provides access to encoding and decoding for the scheme. - Codecs = serializer.NewCodecFactory(Scheme, serializer.EnableStrict) -) - -func init() { - AddToScheme(Scheme) -} - -// AddToScheme builds the podsecurity scheme using all known versions of the podsecurity api. -func AddToScheme(scheme *runtime.Scheme) { - utilruntime.Must(podsecurityapi.AddToScheme(scheme)) - utilruntime.Must(podsecurityv1alpha1.AddToScheme(scheme)) - utilruntime.Must(podsecurityv1beta1.AddToScheme(scheme)) - utilruntime.Must(podsecurityv1.AddToScheme(scheme)) - utilruntime.Must(scheme.SetVersionPriority(podsecurityv1.SchemeGroupVersion, podsecurityv1beta1.SchemeGroupVersion, podsecurityv1alpha1.SchemeGroupVersion)) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/types.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/types.go deleted file mode 100644 index c745c1289b..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/types.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type PodSecurityConfiguration struct { - metav1.TypeMeta - Defaults PodSecurityDefaults - Exemptions PodSecurityExemptions -} - -type PodSecurityDefaults struct { - Enforce string - EnforceVersion string - Audit string - AuditVersion string - Warn string - WarnVersion string -} - -type PodSecurityExemptions struct { - Usernames []string - Namespaces []string - RuntimeClasses []string -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/defaults.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/defaults.go deleted file mode 100644 index 56c09b6d7f..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/defaults.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/pod-security-admission/api" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_PodSecurityDefaults(obj *PodSecurityDefaults) { - if len(obj.Enforce) == 0 { - obj.Enforce = string(api.LevelPrivileged) - } - if len(obj.Warn) == 0 { - obj.Warn = string(api.LevelPrivileged) - } - if len(obj.Audit) == 0 { - obj.Audit = string(api.LevelPrivileged) - } - - if len(obj.EnforceVersion) == 0 { - obj.EnforceVersion = string(api.VersionLatest) - } - if len(obj.WarnVersion) == 0 { - obj.WarnVersion = string(api.VersionLatest) - } - if len(obj.AuditVersion) == 0 { - obj.AuditVersion = string(api.VersionLatest) - } -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/doc.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/doc.go deleted file mode 100644 index 4d3ac564d7..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/pod-security-admission/admission/api -// +k8s:defaulter-gen=TypeMeta -// +groupName=pod-security.admission.config.k8s.io - -// Package v1 contains PodSecurity admission configuration file types -package v1 diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/register.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/register.go deleted file mode 100644 index 15976ebea1..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "pod-security.admission.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -var ( - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &PodSecurityConfiguration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/types.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/types.go deleted file mode 100644 index 12d683bd7a..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/types.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type PodSecurityConfiguration struct { - metav1.TypeMeta - Defaults PodSecurityDefaults `json:"defaults"` - Exemptions PodSecurityExemptions `json:"exemptions"` -} - -type PodSecurityDefaults struct { - Enforce string `json:"enforce,omitempty"` - EnforceVersion string `json:"enforce-version,omitempty"` - Audit string `json:"audit,omitempty"` - AuditVersion string `json:"audit-version,omitempty"` - Warn string `json:"warn,omitempty"` - WarnVersion string `json:"warn-version,omitempty"` -} - -type PodSecurityExemptions struct { - Usernames []string `json:"usernames,omitempty"` - Namespaces []string `json:"namespaces,omitempty"` - RuntimeClasses []string `json:"runtimeClasses,omitempty"` -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.conversion.go deleted file mode 100644 index a68182d8a4..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.conversion.go +++ /dev/null @@ -1,154 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1 - -import ( - unsafe "unsafe" - - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - api "k8s.io/pod-security-admission/admission/api" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*PodSecurityConfiguration)(nil), (*api.PodSecurityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(a.(*PodSecurityConfiguration), b.(*api.PodSecurityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityConfiguration)(nil), (*PodSecurityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityConfiguration_To_v1_PodSecurityConfiguration(a.(*api.PodSecurityConfiguration), b.(*PodSecurityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PodSecurityDefaults)(nil), (*api.PodSecurityDefaults)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodSecurityDefaults_To_api_PodSecurityDefaults(a.(*PodSecurityDefaults), b.(*api.PodSecurityDefaults), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityDefaults)(nil), (*PodSecurityDefaults)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityDefaults_To_v1_PodSecurityDefaults(a.(*api.PodSecurityDefaults), b.(*PodSecurityDefaults), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PodSecurityExemptions)(nil), (*api.PodSecurityExemptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1_PodSecurityExemptions_To_api_PodSecurityExemptions(a.(*PodSecurityExemptions), b.(*api.PodSecurityExemptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityExemptions)(nil), (*PodSecurityExemptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityExemptions_To_v1_PodSecurityExemptions(a.(*api.PodSecurityExemptions), b.(*PodSecurityExemptions), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in *PodSecurityConfiguration, out *api.PodSecurityConfiguration, s conversion.Scope) error { - if err := Convert_v1_PodSecurityDefaults_To_api_PodSecurityDefaults(&in.Defaults, &out.Defaults, s); err != nil { - return err - } - if err := Convert_v1_PodSecurityExemptions_To_api_PodSecurityExemptions(&in.Exemptions, &out.Exemptions, s); err != nil { - return err - } - return nil -} - -// Convert_v1_PodSecurityConfiguration_To_api_PodSecurityConfiguration is an autogenerated conversion function. -func Convert_v1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in *PodSecurityConfiguration, out *api.PodSecurityConfiguration, s conversion.Scope) error { - return autoConvert_v1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in, out, s) -} - -func autoConvert_api_PodSecurityConfiguration_To_v1_PodSecurityConfiguration(in *api.PodSecurityConfiguration, out *PodSecurityConfiguration, s conversion.Scope) error { - if err := Convert_api_PodSecurityDefaults_To_v1_PodSecurityDefaults(&in.Defaults, &out.Defaults, s); err != nil { - return err - } - if err := Convert_api_PodSecurityExemptions_To_v1_PodSecurityExemptions(&in.Exemptions, &out.Exemptions, s); err != nil { - return err - } - return nil -} - -// Convert_api_PodSecurityConfiguration_To_v1_PodSecurityConfiguration is an autogenerated conversion function. -func Convert_api_PodSecurityConfiguration_To_v1_PodSecurityConfiguration(in *api.PodSecurityConfiguration, out *PodSecurityConfiguration, s conversion.Scope) error { - return autoConvert_api_PodSecurityConfiguration_To_v1_PodSecurityConfiguration(in, out, s) -} - -func autoConvert_v1_PodSecurityDefaults_To_api_PodSecurityDefaults(in *PodSecurityDefaults, out *api.PodSecurityDefaults, s conversion.Scope) error { - out.Enforce = in.Enforce - out.EnforceVersion = in.EnforceVersion - out.Audit = in.Audit - out.AuditVersion = in.AuditVersion - out.Warn = in.Warn - out.WarnVersion = in.WarnVersion - return nil -} - -// Convert_v1_PodSecurityDefaults_To_api_PodSecurityDefaults is an autogenerated conversion function. -func Convert_v1_PodSecurityDefaults_To_api_PodSecurityDefaults(in *PodSecurityDefaults, out *api.PodSecurityDefaults, s conversion.Scope) error { - return autoConvert_v1_PodSecurityDefaults_To_api_PodSecurityDefaults(in, out, s) -} - -func autoConvert_api_PodSecurityDefaults_To_v1_PodSecurityDefaults(in *api.PodSecurityDefaults, out *PodSecurityDefaults, s conversion.Scope) error { - out.Enforce = in.Enforce - out.EnforceVersion = in.EnforceVersion - out.Audit = in.Audit - out.AuditVersion = in.AuditVersion - out.Warn = in.Warn - out.WarnVersion = in.WarnVersion - return nil -} - -// Convert_api_PodSecurityDefaults_To_v1_PodSecurityDefaults is an autogenerated conversion function. -func Convert_api_PodSecurityDefaults_To_v1_PodSecurityDefaults(in *api.PodSecurityDefaults, out *PodSecurityDefaults, s conversion.Scope) error { - return autoConvert_api_PodSecurityDefaults_To_v1_PodSecurityDefaults(in, out, s) -} - -func autoConvert_v1_PodSecurityExemptions_To_api_PodSecurityExemptions(in *PodSecurityExemptions, out *api.PodSecurityExemptions, s conversion.Scope) error { - out.Usernames = *(*[]string)(unsafe.Pointer(&in.Usernames)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.RuntimeClasses = *(*[]string)(unsafe.Pointer(&in.RuntimeClasses)) - return nil -} - -// Convert_v1_PodSecurityExemptions_To_api_PodSecurityExemptions is an autogenerated conversion function. -func Convert_v1_PodSecurityExemptions_To_api_PodSecurityExemptions(in *PodSecurityExemptions, out *api.PodSecurityExemptions, s conversion.Scope) error { - return autoConvert_v1_PodSecurityExemptions_To_api_PodSecurityExemptions(in, out, s) -} - -func autoConvert_api_PodSecurityExemptions_To_v1_PodSecurityExemptions(in *api.PodSecurityExemptions, out *PodSecurityExemptions, s conversion.Scope) error { - out.Usernames = *(*[]string)(unsafe.Pointer(&in.Usernames)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.RuntimeClasses = *(*[]string)(unsafe.Pointer(&in.RuntimeClasses)) - return nil -} - -// Convert_api_PodSecurityExemptions_To_v1_PodSecurityExemptions is an autogenerated conversion function. -func Convert_api_PodSecurityExemptions_To_v1_PodSecurityExemptions(in *api.PodSecurityExemptions, out *PodSecurityExemptions, s conversion.Scope) error { - return autoConvert_api_PodSecurityExemptions_To_v1_PodSecurityExemptions(in, out, s) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.deepcopy.go deleted file mode 100644 index 5ae5b05e55..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,100 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityConfiguration) DeepCopyInto(out *PodSecurityConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Defaults = in.Defaults - in.Exemptions.DeepCopyInto(&out.Exemptions) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityConfiguration. -func (in *PodSecurityConfiguration) DeepCopy() *PodSecurityConfiguration { - if in == nil { - return nil - } - out := new(PodSecurityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodSecurityConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityDefaults) DeepCopyInto(out *PodSecurityDefaults) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityDefaults. -func (in *PodSecurityDefaults) DeepCopy() *PodSecurityDefaults { - if in == nil { - return nil - } - out := new(PodSecurityDefaults) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityExemptions) DeepCopyInto(out *PodSecurityExemptions) { - *out = *in - if in.Usernames != nil { - in, out := &in.Usernames, &out.Usernames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.RuntimeClasses != nil { - in, out := &in.RuntimeClasses, &out.RuntimeClasses - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityExemptions. -func (in *PodSecurityExemptions) DeepCopy() *PodSecurityExemptions { - if in == nil { - return nil - } - out := new(PodSecurityExemptions) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.defaults.go deleted file mode 100644 index 02626bf378..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1/zz_generated.defaults.go +++ /dev/null @@ -1,38 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&PodSecurityConfiguration{}, func(obj interface{}) { SetObjectDefaults_PodSecurityConfiguration(obj.(*PodSecurityConfiguration)) }) - return nil -} - -func SetObjectDefaults_PodSecurityConfiguration(in *PodSecurityConfiguration) { - SetDefaults_PodSecurityDefaults(&in.Defaults) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/defaults.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/defaults.go deleted file mode 100644 index 649fad6360..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/defaults.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/pod-security-admission/api" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_PodSecurityDefaults(obj *PodSecurityDefaults) { - if len(obj.Enforce) == 0 { - obj.Enforce = string(api.LevelPrivileged) - } - if len(obj.Warn) == 0 { - obj.Warn = string(api.LevelPrivileged) - } - if len(obj.Audit) == 0 { - obj.Audit = string(api.LevelPrivileged) - } - - if len(obj.EnforceVersion) == 0 { - obj.EnforceVersion = string(api.VersionLatest) - } - if len(obj.WarnVersion) == 0 { - obj.WarnVersion = string(api.VersionLatest) - } - if len(obj.AuditVersion) == 0 { - obj.AuditVersion = string(api.VersionLatest) - } -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/doc.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/doc.go deleted file mode 100644 index f7d9c1ce61..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/pod-security-admission/admission/api -// +k8s:defaulter-gen=TypeMeta -// +groupName=pod-security.admission.config.k8s.io - -// Package v1alpha1 contains PodSecurity admission configuration file types -package v1alpha1 diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/register.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/register.go deleted file mode 100644 index 1cd622832c..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "pod-security.admission.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -var ( - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &PodSecurityConfiguration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/types.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/types.go deleted file mode 100644 index 77630c965c..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/types.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type PodSecurityConfiguration struct { - metav1.TypeMeta - Defaults PodSecurityDefaults `json:"defaults"` - Exemptions PodSecurityExemptions `json:"exemptions"` -} - -type PodSecurityDefaults struct { - Enforce string `json:"enforce,omitempty"` - EnforceVersion string `json:"enforce-version,omitempty"` - Audit string `json:"audit,omitempty"` - AuditVersion string `json:"audit-version,omitempty"` - Warn string `json:"warn,omitempty"` - WarnVersion string `json:"warn-version,omitempty"` -} - -type PodSecurityExemptions struct { - Usernames []string `json:"usernames,omitempty"` - Namespaces []string `json:"namespaces,omitempty"` - RuntimeClasses []string `json:"runtimeClasses,omitempty"` -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.conversion.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 826f483575..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,154 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - api "k8s.io/pod-security-admission/admission/api" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*PodSecurityConfiguration)(nil), (*api.PodSecurityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(a.(*PodSecurityConfiguration), b.(*api.PodSecurityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityConfiguration)(nil), (*PodSecurityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityConfiguration_To_v1alpha1_PodSecurityConfiguration(a.(*api.PodSecurityConfiguration), b.(*PodSecurityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PodSecurityDefaults)(nil), (*api.PodSecurityDefaults)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PodSecurityDefaults_To_api_PodSecurityDefaults(a.(*PodSecurityDefaults), b.(*api.PodSecurityDefaults), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityDefaults)(nil), (*PodSecurityDefaults)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityDefaults_To_v1alpha1_PodSecurityDefaults(a.(*api.PodSecurityDefaults), b.(*PodSecurityDefaults), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PodSecurityExemptions)(nil), (*api.PodSecurityExemptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_PodSecurityExemptions_To_api_PodSecurityExemptions(a.(*PodSecurityExemptions), b.(*api.PodSecurityExemptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityExemptions)(nil), (*PodSecurityExemptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityExemptions_To_v1alpha1_PodSecurityExemptions(a.(*api.PodSecurityExemptions), b.(*PodSecurityExemptions), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in *PodSecurityConfiguration, out *api.PodSecurityConfiguration, s conversion.Scope) error { - if err := Convert_v1alpha1_PodSecurityDefaults_To_api_PodSecurityDefaults(&in.Defaults, &out.Defaults, s); err != nil { - return err - } - if err := Convert_v1alpha1_PodSecurityExemptions_To_api_PodSecurityExemptions(&in.Exemptions, &out.Exemptions, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_PodSecurityConfiguration_To_api_PodSecurityConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in *PodSecurityConfiguration, out *api.PodSecurityConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in, out, s) -} - -func autoConvert_api_PodSecurityConfiguration_To_v1alpha1_PodSecurityConfiguration(in *api.PodSecurityConfiguration, out *PodSecurityConfiguration, s conversion.Scope) error { - if err := Convert_api_PodSecurityDefaults_To_v1alpha1_PodSecurityDefaults(&in.Defaults, &out.Defaults, s); err != nil { - return err - } - if err := Convert_api_PodSecurityExemptions_To_v1alpha1_PodSecurityExemptions(&in.Exemptions, &out.Exemptions, s); err != nil { - return err - } - return nil -} - -// Convert_api_PodSecurityConfiguration_To_v1alpha1_PodSecurityConfiguration is an autogenerated conversion function. -func Convert_api_PodSecurityConfiguration_To_v1alpha1_PodSecurityConfiguration(in *api.PodSecurityConfiguration, out *PodSecurityConfiguration, s conversion.Scope) error { - return autoConvert_api_PodSecurityConfiguration_To_v1alpha1_PodSecurityConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_PodSecurityDefaults_To_api_PodSecurityDefaults(in *PodSecurityDefaults, out *api.PodSecurityDefaults, s conversion.Scope) error { - out.Enforce = in.Enforce - out.EnforceVersion = in.EnforceVersion - out.Audit = in.Audit - out.AuditVersion = in.AuditVersion - out.Warn = in.Warn - out.WarnVersion = in.WarnVersion - return nil -} - -// Convert_v1alpha1_PodSecurityDefaults_To_api_PodSecurityDefaults is an autogenerated conversion function. -func Convert_v1alpha1_PodSecurityDefaults_To_api_PodSecurityDefaults(in *PodSecurityDefaults, out *api.PodSecurityDefaults, s conversion.Scope) error { - return autoConvert_v1alpha1_PodSecurityDefaults_To_api_PodSecurityDefaults(in, out, s) -} - -func autoConvert_api_PodSecurityDefaults_To_v1alpha1_PodSecurityDefaults(in *api.PodSecurityDefaults, out *PodSecurityDefaults, s conversion.Scope) error { - out.Enforce = in.Enforce - out.EnforceVersion = in.EnforceVersion - out.Audit = in.Audit - out.AuditVersion = in.AuditVersion - out.Warn = in.Warn - out.WarnVersion = in.WarnVersion - return nil -} - -// Convert_api_PodSecurityDefaults_To_v1alpha1_PodSecurityDefaults is an autogenerated conversion function. -func Convert_api_PodSecurityDefaults_To_v1alpha1_PodSecurityDefaults(in *api.PodSecurityDefaults, out *PodSecurityDefaults, s conversion.Scope) error { - return autoConvert_api_PodSecurityDefaults_To_v1alpha1_PodSecurityDefaults(in, out, s) -} - -func autoConvert_v1alpha1_PodSecurityExemptions_To_api_PodSecurityExemptions(in *PodSecurityExemptions, out *api.PodSecurityExemptions, s conversion.Scope) error { - out.Usernames = *(*[]string)(unsafe.Pointer(&in.Usernames)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.RuntimeClasses = *(*[]string)(unsafe.Pointer(&in.RuntimeClasses)) - return nil -} - -// Convert_v1alpha1_PodSecurityExemptions_To_api_PodSecurityExemptions is an autogenerated conversion function. -func Convert_v1alpha1_PodSecurityExemptions_To_api_PodSecurityExemptions(in *PodSecurityExemptions, out *api.PodSecurityExemptions, s conversion.Scope) error { - return autoConvert_v1alpha1_PodSecurityExemptions_To_api_PodSecurityExemptions(in, out, s) -} - -func autoConvert_api_PodSecurityExemptions_To_v1alpha1_PodSecurityExemptions(in *api.PodSecurityExemptions, out *PodSecurityExemptions, s conversion.Scope) error { - out.Usernames = *(*[]string)(unsafe.Pointer(&in.Usernames)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.RuntimeClasses = *(*[]string)(unsafe.Pointer(&in.RuntimeClasses)) - return nil -} - -// Convert_api_PodSecurityExemptions_To_v1alpha1_PodSecurityExemptions is an autogenerated conversion function. -func Convert_api_PodSecurityExemptions_To_v1alpha1_PodSecurityExemptions(in *api.PodSecurityExemptions, out *PodSecurityExemptions, s conversion.Scope) error { - return autoConvert_api_PodSecurityExemptions_To_v1alpha1_PodSecurityExemptions(in, out, s) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index d3cb59279b..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,100 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityConfiguration) DeepCopyInto(out *PodSecurityConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Defaults = in.Defaults - in.Exemptions.DeepCopyInto(&out.Exemptions) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityConfiguration. -func (in *PodSecurityConfiguration) DeepCopy() *PodSecurityConfiguration { - if in == nil { - return nil - } - out := new(PodSecurityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodSecurityConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityDefaults) DeepCopyInto(out *PodSecurityDefaults) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityDefaults. -func (in *PodSecurityDefaults) DeepCopy() *PodSecurityDefaults { - if in == nil { - return nil - } - out := new(PodSecurityDefaults) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityExemptions) DeepCopyInto(out *PodSecurityExemptions) { - *out = *in - if in.Usernames != nil { - in, out := &in.Usernames, &out.Usernames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.RuntimeClasses != nil { - in, out := &in.RuntimeClasses, &out.RuntimeClasses - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityExemptions. -func (in *PodSecurityExemptions) DeepCopy() *PodSecurityExemptions { - if in == nil { - return nil - } - out := new(PodSecurityExemptions) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.defaults.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 50ac847849..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,38 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&PodSecurityConfiguration{}, func(obj interface{}) { SetObjectDefaults_PodSecurityConfiguration(obj.(*PodSecurityConfiguration)) }) - return nil -} - -func SetObjectDefaults_PodSecurityConfiguration(in *PodSecurityConfiguration) { - SetDefaults_PodSecurityDefaults(&in.Defaults) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/defaults.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/defaults.go deleted file mode 100644 index 0f285376bc..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/defaults.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/pod-security-admission/api" -) - -func addDefaultingFuncs(scheme *runtime.Scheme) error { - return RegisterDefaults(scheme) -} - -func SetDefaults_PodSecurityDefaults(obj *PodSecurityDefaults) { - if len(obj.Enforce) == 0 { - obj.Enforce = string(api.LevelPrivileged) - } - if len(obj.Warn) == 0 { - obj.Warn = string(api.LevelPrivileged) - } - if len(obj.Audit) == 0 { - obj.Audit = string(api.LevelPrivileged) - } - - if len(obj.EnforceVersion) == 0 { - obj.EnforceVersion = string(api.VersionLatest) - } - if len(obj.WarnVersion) == 0 { - obj.WarnVersion = string(api.VersionLatest) - } - if len(obj.AuditVersion) == 0 { - obj.AuditVersion = string(api.VersionLatest) - } -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/doc.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/doc.go deleted file mode 100644 index f4a85e72b4..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/pod-security-admission/admission/api -// +k8s:defaulter-gen=TypeMeta -// +groupName=pod-security.admission.config.k8s.io - -// Package v1beta1 contains PodSecurity admission configuration file types -package v1beta1 diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/register.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/register.go deleted file mode 100644 index 9107c0c0c2..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "pod-security.admission.config.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -var ( - // SchemeBuilder is a pointer used to call AddToScheme - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - // AddToScheme is used to register the types to API encoding/decoding machinery - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &PodSecurityConfiguration{}, - ) - return nil -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/types.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/types.go deleted file mode 100644 index 66ffc29762..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/types.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type PodSecurityConfiguration struct { - metav1.TypeMeta - Defaults PodSecurityDefaults `json:"defaults"` - Exemptions PodSecurityExemptions `json:"exemptions"` -} - -type PodSecurityDefaults struct { - Enforce string `json:"enforce,omitempty"` - EnforceVersion string `json:"enforce-version,omitempty"` - Audit string `json:"audit,omitempty"` - AuditVersion string `json:"audit-version,omitempty"` - Warn string `json:"warn,omitempty"` - WarnVersion string `json:"warn-version,omitempty"` -} - -type PodSecurityExemptions struct { - Usernames []string `json:"usernames,omitempty"` - Namespaces []string `json:"namespaces,omitempty"` - RuntimeClasses []string `json:"runtimeClasses,omitempty"` -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.conversion.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 8306144bc6..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,154 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - api "k8s.io/pod-security-admission/admission/api" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*PodSecurityConfiguration)(nil), (*api.PodSecurityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(a.(*PodSecurityConfiguration), b.(*api.PodSecurityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityConfiguration)(nil), (*PodSecurityConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityConfiguration_To_v1beta1_PodSecurityConfiguration(a.(*api.PodSecurityConfiguration), b.(*PodSecurityConfiguration), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PodSecurityDefaults)(nil), (*api.PodSecurityDefaults)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityDefaults_To_api_PodSecurityDefaults(a.(*PodSecurityDefaults), b.(*api.PodSecurityDefaults), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityDefaults)(nil), (*PodSecurityDefaults)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityDefaults_To_v1beta1_PodSecurityDefaults(a.(*api.PodSecurityDefaults), b.(*PodSecurityDefaults), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*PodSecurityExemptions)(nil), (*api.PodSecurityExemptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_PodSecurityExemptions_To_api_PodSecurityExemptions(a.(*PodSecurityExemptions), b.(*api.PodSecurityExemptions), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*api.PodSecurityExemptions)(nil), (*PodSecurityExemptions)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_api_PodSecurityExemptions_To_v1beta1_PodSecurityExemptions(a.(*api.PodSecurityExemptions), b.(*PodSecurityExemptions), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in *PodSecurityConfiguration, out *api.PodSecurityConfiguration, s conversion.Scope) error { - if err := Convert_v1beta1_PodSecurityDefaults_To_api_PodSecurityDefaults(&in.Defaults, &out.Defaults, s); err != nil { - return err - } - if err := Convert_v1beta1_PodSecurityExemptions_To_api_PodSecurityExemptions(&in.Exemptions, &out.Exemptions, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_PodSecurityConfiguration_To_api_PodSecurityConfiguration is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in *PodSecurityConfiguration, out *api.PodSecurityConfiguration, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityConfiguration_To_api_PodSecurityConfiguration(in, out, s) -} - -func autoConvert_api_PodSecurityConfiguration_To_v1beta1_PodSecurityConfiguration(in *api.PodSecurityConfiguration, out *PodSecurityConfiguration, s conversion.Scope) error { - if err := Convert_api_PodSecurityDefaults_To_v1beta1_PodSecurityDefaults(&in.Defaults, &out.Defaults, s); err != nil { - return err - } - if err := Convert_api_PodSecurityExemptions_To_v1beta1_PodSecurityExemptions(&in.Exemptions, &out.Exemptions, s); err != nil { - return err - } - return nil -} - -// Convert_api_PodSecurityConfiguration_To_v1beta1_PodSecurityConfiguration is an autogenerated conversion function. -func Convert_api_PodSecurityConfiguration_To_v1beta1_PodSecurityConfiguration(in *api.PodSecurityConfiguration, out *PodSecurityConfiguration, s conversion.Scope) error { - return autoConvert_api_PodSecurityConfiguration_To_v1beta1_PodSecurityConfiguration(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityDefaults_To_api_PodSecurityDefaults(in *PodSecurityDefaults, out *api.PodSecurityDefaults, s conversion.Scope) error { - out.Enforce = in.Enforce - out.EnforceVersion = in.EnforceVersion - out.Audit = in.Audit - out.AuditVersion = in.AuditVersion - out.Warn = in.Warn - out.WarnVersion = in.WarnVersion - return nil -} - -// Convert_v1beta1_PodSecurityDefaults_To_api_PodSecurityDefaults is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityDefaults_To_api_PodSecurityDefaults(in *PodSecurityDefaults, out *api.PodSecurityDefaults, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityDefaults_To_api_PodSecurityDefaults(in, out, s) -} - -func autoConvert_api_PodSecurityDefaults_To_v1beta1_PodSecurityDefaults(in *api.PodSecurityDefaults, out *PodSecurityDefaults, s conversion.Scope) error { - out.Enforce = in.Enforce - out.EnforceVersion = in.EnforceVersion - out.Audit = in.Audit - out.AuditVersion = in.AuditVersion - out.Warn = in.Warn - out.WarnVersion = in.WarnVersion - return nil -} - -// Convert_api_PodSecurityDefaults_To_v1beta1_PodSecurityDefaults is an autogenerated conversion function. -func Convert_api_PodSecurityDefaults_To_v1beta1_PodSecurityDefaults(in *api.PodSecurityDefaults, out *PodSecurityDefaults, s conversion.Scope) error { - return autoConvert_api_PodSecurityDefaults_To_v1beta1_PodSecurityDefaults(in, out, s) -} - -func autoConvert_v1beta1_PodSecurityExemptions_To_api_PodSecurityExemptions(in *PodSecurityExemptions, out *api.PodSecurityExemptions, s conversion.Scope) error { - out.Usernames = *(*[]string)(unsafe.Pointer(&in.Usernames)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.RuntimeClasses = *(*[]string)(unsafe.Pointer(&in.RuntimeClasses)) - return nil -} - -// Convert_v1beta1_PodSecurityExemptions_To_api_PodSecurityExemptions is an autogenerated conversion function. -func Convert_v1beta1_PodSecurityExemptions_To_api_PodSecurityExemptions(in *PodSecurityExemptions, out *api.PodSecurityExemptions, s conversion.Scope) error { - return autoConvert_v1beta1_PodSecurityExemptions_To_api_PodSecurityExemptions(in, out, s) -} - -func autoConvert_api_PodSecurityExemptions_To_v1beta1_PodSecurityExemptions(in *api.PodSecurityExemptions, out *PodSecurityExemptions, s conversion.Scope) error { - out.Usernames = *(*[]string)(unsafe.Pointer(&in.Usernames)) - out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) - out.RuntimeClasses = *(*[]string)(unsafe.Pointer(&in.RuntimeClasses)) - return nil -} - -// Convert_api_PodSecurityExemptions_To_v1beta1_PodSecurityExemptions is an autogenerated conversion function. -func Convert_api_PodSecurityExemptions_To_v1beta1_PodSecurityExemptions(in *api.PodSecurityExemptions, out *PodSecurityExemptions, s conversion.Scope) error { - return autoConvert_api_PodSecurityExemptions_To_v1beta1_PodSecurityExemptions(in, out, s) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 87e23b805b..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,100 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityConfiguration) DeepCopyInto(out *PodSecurityConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Defaults = in.Defaults - in.Exemptions.DeepCopyInto(&out.Exemptions) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityConfiguration. -func (in *PodSecurityConfiguration) DeepCopy() *PodSecurityConfiguration { - if in == nil { - return nil - } - out := new(PodSecurityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodSecurityConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityDefaults) DeepCopyInto(out *PodSecurityDefaults) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityDefaults. -func (in *PodSecurityDefaults) DeepCopy() *PodSecurityDefaults { - if in == nil { - return nil - } - out := new(PodSecurityDefaults) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityExemptions) DeepCopyInto(out *PodSecurityExemptions) { - *out = *in - if in.Usernames != nil { - in, out := &in.Usernames, &out.Usernames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.RuntimeClasses != nil { - in, out := &in.RuntimeClasses, &out.RuntimeClasses - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityExemptions. -func (in *PodSecurityExemptions) DeepCopy() *PodSecurityExemptions { - if in == nil { - return nil - } - out := new(PodSecurityExemptions) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.defaults.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 6e772470b9..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,38 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - scheme.AddTypeDefaultingFunc(&PodSecurityConfiguration{}, func(obj interface{}) { SetObjectDefaults_PodSecurityConfiguration(obj.(*PodSecurityConfiguration)) }) - return nil -} - -func SetObjectDefaults_PodSecurityConfiguration(in *PodSecurityConfiguration) { - SetDefaults_PodSecurityDefaults(&in.Defaults) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/validation/validation.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/validation/validation.go deleted file mode 100644 index 66512edefe..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/validation/validation.go +++ /dev/null @@ -1,127 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package validation - -import ( - "strings" - - machinery "k8s.io/apimachinery/pkg/api/validation" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation/field" - admissionapi "k8s.io/pod-security-admission/admission/api" - "k8s.io/pod-security-admission/api" -) - -// ValidatePodSecurityConfiguration validates a given PodSecurityConfiguration. -func ValidatePodSecurityConfiguration(configuration *admissionapi.PodSecurityConfiguration) field.ErrorList { - allErrs := field.ErrorList{} - - // validate defaults - allErrs = append(allErrs, validateLevel(field.NewPath("defaults", "enforce"), configuration.Defaults.Enforce)...) - allErrs = append(allErrs, validateVersion(field.NewPath("defaults", "enforce-version"), configuration.Defaults.EnforceVersion)...) - allErrs = append(allErrs, validateLevel(field.NewPath("defaults", "warn"), configuration.Defaults.Warn)...) - allErrs = append(allErrs, validateVersion(field.NewPath("defaults", "warn-version"), configuration.Defaults.WarnVersion)...) - allErrs = append(allErrs, validateLevel(field.NewPath("defaults", "audit"), configuration.Defaults.Audit)...) - allErrs = append(allErrs, validateVersion(field.NewPath("defaults", "audit-version"), configuration.Defaults.AuditVersion)...) - - // validate exemptions - allErrs = append(allErrs, validateNamespaces(configuration)...) - allErrs = append(allErrs, validateRuntimeClasses(configuration)...) - allErrs = append(allErrs, validateUsernames(configuration)...) - - return allErrs -} - -// validateLevel validates a level -func validateLevel(p *field.Path, value string) field.ErrorList { - errs := field.ErrorList{} - _, err := api.ParseLevel(value) - if err != nil { - errs = append(errs, field.Invalid(p, value, err.Error())) - } - return errs -} - -// validateVersion validates a version -func validateVersion(p *field.Path, value string) field.ErrorList { - errs := field.ErrorList{} - _, err := api.ParseVersion(value) - if err != nil { - errs = append(errs, field.Invalid(p, value, err.Error())) - } - return errs -} - -func validateNamespaces(configuration *admissionapi.PodSecurityConfiguration) field.ErrorList { - errs := field.ErrorList{} - validSet := sets.NewString() - for i, ns := range configuration.Exemptions.Namespaces { - err := machinery.ValidateNamespaceName(ns, false) - if len(err) > 0 { - path := field.NewPath("exemptions", "namespaces").Index(i) - errs = append(errs, field.Invalid(path, ns, strings.Join(err, ", "))) - continue - } - if validSet.Has(ns) { - path := field.NewPath("exemptions", "namespaces").Index(i) - errs = append(errs, field.Duplicate(path, ns)) - continue - } - validSet.Insert(ns) - } - return errs -} - -func validateRuntimeClasses(configuration *admissionapi.PodSecurityConfiguration) field.ErrorList { - errs := field.ErrorList{} - validSet := sets.NewString() - for i, rc := range configuration.Exemptions.RuntimeClasses { - err := machinery.NameIsDNSSubdomain(rc, false) - if len(err) > 0 { - path := field.NewPath("exemptions", "runtimeClasses").Index(i) - errs = append(errs, field.Invalid(path, rc, strings.Join(err, ", "))) - continue - } - if validSet.Has(rc) { - path := field.NewPath("exemptions", "runtimeClasses").Index(i) - errs = append(errs, field.Duplicate(path, rc)) - continue - } - validSet.Insert(rc) - } - return errs -} - -func validateUsernames(configuration *admissionapi.PodSecurityConfiguration) field.ErrorList { - errs := field.ErrorList{} - validSet := sets.NewString() - for i, uname := range configuration.Exemptions.Usernames { - if uname == "" { - path := field.NewPath("exemptions", "usernames").Index(i) - errs = append(errs, field.Invalid(path, uname, "username must not be empty")) - continue - } - if validSet.Has(uname) { - path := field.NewPath("exemptions", "usernames").Index(i) - errs = append(errs, field.Duplicate(path, uname)) - continue - } - validSet.Insert(uname) - } - - return errs -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/api/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/pod-security-admission/admission/api/zz_generated.deepcopy.go deleted file mode 100644 index 60709aa0e8..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/api/zz_generated.deepcopy.go +++ /dev/null @@ -1,100 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package api - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityConfiguration) DeepCopyInto(out *PodSecurityConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Defaults = in.Defaults - in.Exemptions.DeepCopyInto(&out.Exemptions) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityConfiguration. -func (in *PodSecurityConfiguration) DeepCopy() *PodSecurityConfiguration { - if in == nil { - return nil - } - out := new(PodSecurityConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PodSecurityConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityDefaults) DeepCopyInto(out *PodSecurityDefaults) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityDefaults. -func (in *PodSecurityDefaults) DeepCopy() *PodSecurityDefaults { - if in == nil { - return nil - } - out := new(PodSecurityDefaults) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodSecurityExemptions) DeepCopyInto(out *PodSecurityExemptions) { - *out = *in - if in.Usernames != nil { - in, out := &in.Usernames, &out.Usernames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Namespaces != nil { - in, out := &in.Namespaces, &out.Namespaces - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.RuntimeClasses != nil { - in, out := &in.RuntimeClasses, &out.RuntimeClasses - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityExemptions. -func (in *PodSecurityExemptions) DeepCopy() *PodSecurityExemptions { - if in == nil { - return nil - } - out := new(PodSecurityExemptions) - in.DeepCopyInto(out) - return out -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/doc.go b/etcd/vendor/k8s.io/pod-security-admission/admission/doc.go deleted file mode 100644 index 883a66469e..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package admission contains PodSecurity admission logic -package admission diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/namespace.go b/etcd/vendor/k8s.io/pod-security-admission/admission/namespace.go deleted file mode 100644 index 59236ea0be..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/namespace.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "context" - - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" -) - -func NamespaceGetterFromClient(client kubernetes.Interface) NamespaceGetter { - return &namespaceGetter{client: client} -} - -func NamespaceGetterFromListerAndClient(lister corev1listers.NamespaceLister, client kubernetes.Interface) NamespaceGetter { - return &namespaceGetter{lister: lister, client: client} -} - -type namespaceGetter struct { - lister corev1listers.NamespaceLister - client kubernetes.Interface -} - -func (n *namespaceGetter) GetNamespace(ctx context.Context, name string) (namespace *corev1.Namespace, err error) { - if n.lister != nil { - namespace, err := n.lister.Get(name) - if err == nil || !apierrors.IsNotFound(err) { - return namespace, err - } - } - return n.client.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{}) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/pods.go b/etcd/vendor/k8s.io/pod-security-admission/admission/pods.go deleted file mode 100644 index 19d783b9ee..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/pods.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "context" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/kubernetes" - corev1listers "k8s.io/client-go/listers/core/v1" -) - -// PodListerFromClient returns a PodLister that does live lists using the provided client. -func PodListerFromClient(client kubernetes.Interface) PodLister { - return &clientPodLister{client} -} - -type clientPodLister struct { - client kubernetes.Interface -} - -func (p *clientPodLister) ListPods(ctx context.Context, namespace string) ([]*corev1.Pod, error) { - list, err := p.client.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{}) - if err != nil { - return nil, err - } - pods := make([]*corev1.Pod, len(list.Items)) - for i := range list.Items { - pods[i] = &list.Items[i] - } - return pods, nil -} - -// PodListerFromInformer returns a PodLister that does cached lists using the provided lister. -func PodListerFromInformer(lister corev1listers.PodLister) PodLister { - return &informerPodLister{lister} -} - -type informerPodLister struct { - lister corev1listers.PodLister -} - -func (p *informerPodLister) ListPods(ctx context.Context, namespace string) ([]*corev1.Pod, error) { - return p.lister.Pods(namespace).List(labels.Everything()) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/admission/response.go b/etcd/vendor/k8s.io/pod-security-admission/admission/response.go deleted file mode 100644 index abbf1a7a9f..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/admission/response.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package admission - -import ( - "fmt" - - admissionv1 "k8s.io/api/admission/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/pod-security-admission/api" -) - -var ( - sharedAllowedResponse = allowedResponse() - sharedAllowedPrivilegedResponse = allowedResponse() - sharedAllowedByUserExemptionResponse = allowedResponse() - sharedAllowedByNamespaceExemptionResponse = allowedResponse() - sharedAllowedByRuntimeClassExemptionResponse = allowedResponse() -) - -func init() { - sharedAllowedPrivilegedResponse.AuditAnnotations = map[string]string{ - api.EnforcedPolicyAnnotationKey: api.LevelVersion{Level: api.LevelPrivileged, Version: api.LatestVersion()}.String(), - } - sharedAllowedByUserExemptionResponse.AuditAnnotations = map[string]string{api.ExemptionReasonAnnotationKey: "user"} - sharedAllowedByNamespaceExemptionResponse.AuditAnnotations = map[string]string{api.ExemptionReasonAnnotationKey: "namespace"} - sharedAllowedByRuntimeClassExemptionResponse.AuditAnnotations = map[string]string{api.ExemptionReasonAnnotationKey: "runtimeClass"} -} - -// allowedResponse is the response used when the admission decision is allow. -func allowedResponse() *admissionv1.AdmissionResponse { - return &admissionv1.AdmissionResponse{Allowed: true} -} - -// forbiddenResponse is the response used when the admission decision is deny for policy violations. -func forbiddenResponse(attrs api.Attributes, err error) *admissionv1.AdmissionResponse { - return &admissionv1.AdmissionResponse{ - Allowed: false, - Result: &apierrors.NewForbidden(attrs.GetResource().GroupResource(), attrs.GetName(), err).ErrStatus, - } -} - -// invalidResponse is the response used for namespace requests when namespace labels are invalid. -func invalidResponse(attrs api.Attributes, fieldErrors field.ErrorList) *admissionv1.AdmissionResponse { - return &admissionv1.AdmissionResponse{ - Allowed: false, - Result: &apierrors.NewInvalid(attrs.GetKind().GroupKind(), attrs.GetName(), fieldErrors).ErrStatus, - } -} - -// errorResponse is the response used to capture generic errors. -func errorResponse(err error, status *metav1.Status) *admissionv1.AdmissionResponse { - var errDetail string - if err != nil { - errDetail = fmt.Sprintf("%s: %v", status.Message, err) - } else { - errDetail = status.Message - } - return &admissionv1.AdmissionResponse{ - Allowed: false, - Result: status, - AuditAnnotations: map[string]string{"error": errDetail}, - } -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/api/attributes.go b/etcd/vendor/k8s.io/pod-security-admission/api/attributes.go deleted file mode 100644 index ce6c16fbb6..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/api/attributes.go +++ /dev/null @@ -1,146 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - admissionv1 "k8s.io/api/admission/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// Attributes exposes the admission request parameters consumed by the PodSecurity admission controller. -type Attributes interface { - // GetName is the name of the object associated with the request. - GetName() string - // GetNamespace is the namespace associated with the request (if any) - GetNamespace() string - // GetResource is the name of the resource being requested. This is not the kind. For example: pods - GetResource() schema.GroupVersionResource - // GetKind is the name of the kind being requested. For example: Pod - GetKind() schema.GroupVersionKind - // GetSubresource is the name of the subresource being requested. This is a different resource, scoped to the parent resource, but it may have a different kind. - // For instance, /pods has the resource "pods" and the kind "Pod", while /pods/foo/status has the resource "pods", the sub resource "status", and the kind "Pod" - // (because status operates on pods). The binding resource for a pod though may be /pods/foo/binding, which has resource "pods", subresource "binding", and kind "Binding". - GetSubresource() string - // GetOperation is the operation being performed - GetOperation() admissionv1.Operation - - // GetObject returns the typed Object from incoming request. - // For objects in the core API group, the result must use the v1 API. - GetObject() (runtime.Object, error) - // GetOldObject returns the typed existing object. Only populated for UPDATE requests. - // For objects in the core API group, the result must use the v1 API. - GetOldObject() (runtime.Object, error) - // GetUserName is the requesting user's authenticated name. - GetUserName() string -} - -// AttributesRecord is a simple struct implementing the Attributes interface. -type AttributesRecord struct { - Name string - Namespace string - Kind schema.GroupVersionKind - Resource schema.GroupVersionResource - Subresource string - Operation admissionv1.Operation - Object runtime.Object - OldObject runtime.Object - Username string -} - -func (a *AttributesRecord) GetName() string { - return a.Name -} -func (a *AttributesRecord) GetNamespace() string { - return a.Namespace -} -func (a *AttributesRecord) GetKind() schema.GroupVersionKind { - return a.Kind -} -func (a *AttributesRecord) GetResource() schema.GroupVersionResource { - return a.Resource -} -func (a *AttributesRecord) GetSubresource() string { - return a.Subresource -} -func (a *AttributesRecord) GetOperation() admissionv1.Operation { - return a.Operation -} -func (a *AttributesRecord) GetUserName() string { - return a.Username -} -func (a *AttributesRecord) GetObject() (runtime.Object, error) { - return a.Object, nil -} -func (a *AttributesRecord) GetOldObject() (runtime.Object, error) { - return a.OldObject, nil -} - -var _ Attributes = &AttributesRecord{} - -// RequestAttributes adapts an admission.Request to the Attributes interface. -func RequestAttributes(request *admissionv1.AdmissionRequest, decoder runtime.Decoder) Attributes { - return &attributes{ - r: request, - decoder: decoder, - } -} - -// attributes is an interface used by AdmissionController to get information about a request -// that is used to make an admission decision. -type attributes struct { - r *admissionv1.AdmissionRequest - decoder runtime.Decoder -} - -func (a *attributes) GetName() string { - return a.r.Name -} -func (a *attributes) GetNamespace() string { - return a.r.Namespace -} -func (a *attributes) GetKind() schema.GroupVersionKind { - return schema.GroupVersionKind(a.r.Kind) -} -func (a *attributes) GetResource() schema.GroupVersionResource { - return schema.GroupVersionResource(a.r.Resource) -} -func (a *attributes) GetSubresource() string { - return a.r.RequestSubResource -} -func (a *attributes) GetOperation() admissionv1.Operation { - return a.r.Operation -} -func (a *attributes) GetUserName() string { - return a.r.UserInfo.Username -} -func (a *attributes) GetObject() (runtime.Object, error) { - return a.decode(a.r.Object) -} -func (a *attributes) GetOldObject() (runtime.Object, error) { - return a.decode(a.r.OldObject) -} -func (a *attributes) decode(in runtime.RawExtension) (runtime.Object, error) { - if in.Raw == nil { - return nil, nil - } - gvk := schema.GroupVersionKind(a.r.Kind) - out, _, err := a.decoder.Decode(in.Raw, &gvk, nil) - return out, err -} - -var _ Attributes = &attributes{} diff --git a/etcd/vendor/k8s.io/pod-security-admission/api/constants.go b/etcd/vendor/k8s.io/pod-security-admission/api/constants.go deleted file mode 100644 index 9d87ad59b1..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/api/constants.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -type Level string - -const ( - LevelPrivileged Level = "privileged" - LevelBaseline Level = "baseline" - LevelRestricted Level = "restricted" -) - -var validLevels = []string{ - string(LevelPrivileged), - string(LevelBaseline), - string(LevelRestricted), -} - -const VersionLatest = "latest" - -const AuditAnnotationPrefix = labelPrefix - -const ( - labelPrefix = "pod-security.kubernetes.io/" - - EnforceLevelLabel = labelPrefix + "enforce" - EnforceVersionLabel = labelPrefix + "enforce-version" - AuditLevelLabel = labelPrefix + "audit" - AuditVersionLabel = labelPrefix + "audit-version" - WarnLevelLabel = labelPrefix + "warn" - WarnVersionLabel = labelPrefix + "warn-version" - - ExemptionReasonAnnotationKey = "exempt" - AuditViolationsAnnotationKey = "audit-violations" - EnforcedPolicyAnnotationKey = "enforce-policy" -) diff --git a/etcd/vendor/k8s.io/pod-security-admission/api/doc.go b/etcd/vendor/k8s.io/pod-security-admission/api/doc.go deleted file mode 100644 index a35374be3a..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/api/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package api contains constants and helpers for PodSecurity admission label keys and values -package api // import "k8s.io/pod-security-admission/api" diff --git a/etcd/vendor/k8s.io/pod-security-admission/api/helpers.go b/etcd/vendor/k8s.io/pod-security-admission/api/helpers.go deleted file mode 100644 index 706b6b36b2..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/api/helpers.go +++ /dev/null @@ -1,269 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - "fmt" - "regexp" - "strconv" - "strings" - "unicode" - - "k8s.io/apimachinery/pkg/util/validation/field" - "k8s.io/component-base/version" -) - -type Version struct { - major int - minor int - latest bool -} - -func (v Version) String() string { - if v.latest { - return "latest" - } - return fmt.Sprintf("v%d.%d", v.major, v.minor) -} - -// Older returns true if this version v is older than the other. -func (v *Version) Older(other Version) bool { - if v.latest { // Latest is always consider newer, even than future versions. - return false - } - if other.latest { - return true - } - if v.major != other.major { - return v.major < other.major - } - return v.minor < other.minor -} - -func (v *Version) Major() int { - return v.major -} -func (v *Version) Minor() int { - return v.minor -} -func (v *Version) Latest() bool { - return v.latest -} - -func MajorMinorVersion(major, minor int) Version { - return Version{major: major, minor: minor} -} - -// GetAPIVersion get the version of apiServer and return the version major and minor -func GetAPIVersion() Version { - var err error - v := Version{} - apiVersion := version.Get() - major, err := strconv.Atoi(apiVersion.Major) - if err != nil { - return v - } - // split the "normal" + and - for semver stuff to get the leading minor number - minorString := strings.FieldsFunc(apiVersion.Minor, func(r rune) bool { - return !unicode.IsDigit(r) - })[0] - minor, err := strconv.Atoi(minorString) - if err != nil { - return v - } - v = MajorMinorVersion(major, minor) - return v -} - -func LatestVersion() Version { - return Version{latest: true} -} - -// ParseLevel returns the level that should be evaluated. -// level must be "privileged", "baseline", or "restricted". -// if level does not match one of those strings, "restricted" and an error is returned. -func ParseLevel(level string) (Level, error) { - switch Level(level) { - case LevelPrivileged, LevelBaseline, LevelRestricted: - return Level(level), nil - default: - return LevelRestricted, fmt.Errorf(`must be one of %s`, strings.Join(validLevels, ", ")) - } -} - -// Valid checks whether the level l is a valid level. -func (l *Level) Valid() bool { - switch *l { - case LevelPrivileged, LevelBaseline, LevelRestricted: - return true - default: - return false - } -} - -var versionRegexp = regexp.MustCompile(`^v1\.([0-9]|[1-9][0-9]*)$`) - -// ParseVersion returns the policy version that should be evaluated. -// version must be "latest" or "v1.x". -// If version does not match one of those patterns, the latest version and an error is returned. -func ParseVersion(version string) (Version, error) { - if version == "latest" { - return Version{latest: true}, nil - } - match := versionRegexp.FindStringSubmatch(version) - if len(match) != 2 { - return Version{latest: true}, fmt.Errorf(`must be "latest" or "v1.x"`) - } - versionNumber, err := strconv.Atoi(match[1]) - if err != nil || versionNumber < 0 { - return Version{latest: true}, fmt.Errorf(`must be "latest" or "v1.x"`) - } - return Version{major: 1, minor: versionNumber}, nil -} - -type LevelVersion struct { - Level - Version -} - -func (lv LevelVersion) String() string { - return fmt.Sprintf("%s:%s", lv.Level, lv.Version) -} - -// Equivalent determines whether two LevelVersions are functionally equivalent. LevelVersions are -// considered equivalent if both are privileged, or both levels & versions are equal. -func (lv *LevelVersion) Equivalent(other *LevelVersion) bool { - return (lv.Level == LevelPrivileged && other.Level == LevelPrivileged) || - (lv.Level == other.Level && lv.Version == other.Version) -} - -type Policy struct { - Enforce LevelVersion - Audit LevelVersion - Warn LevelVersion -} - -func (p *Policy) String() string { - return fmt.Sprintf("enforce=%#v, audit=%#v, warn=%#v", p.Enforce, p.Audit, p.Warn) -} - -// Equivalent determines whether two policies are functionally equivalent. Policies are considered -// equivalent if all 3 modes are considered equivalent. -func (p *Policy) Equivalent(other *Policy) bool { - return p.Enforce.Equivalent(&other.Enforce) && p.Audit.Equivalent(&other.Audit) && p.Warn.Equivalent(&other.Warn) -} - -// FullyPrivileged returns true if all 3 policy modes are privileged. -func (p *Policy) FullyPrivileged() bool { - return p.Enforce.Level == LevelPrivileged && - p.Audit.Level == LevelPrivileged && - p.Warn.Level == LevelPrivileged -} - -// PolicyToEvaluate resolves the PodSecurity namespace labels to the policy for that namespace, -// falling back to the provided defaults when a label is unspecified. A valid policy is always -// returned, even when an error is returned. If labels cannot be parsed correctly, the values of -// "restricted" and "latest" are used for level and version respectively. -func PolicyToEvaluate(labels map[string]string, defaults Policy) (Policy, field.ErrorList) { - var ( - err error - errs field.ErrorList - - p = defaults - - hasEnforceLevel bool - hasWarnLevel, hasWarnVersion bool - ) - if len(labels) == 0 { - return p, nil - } - if level, ok := labels[EnforceLevelLabel]; ok { - p.Enforce.Level, err = ParseLevel(level) - hasEnforceLevel = (err == nil) // Don't default warn in case of error - errs = appendErr(errs, err, EnforceLevelLabel, level) - } - if version, ok := labels[EnforceVersionLabel]; ok { - p.Enforce.Version, err = ParseVersion(version) - errs = appendErr(errs, err, EnforceVersionLabel, version) - } - if level, ok := labels[AuditLevelLabel]; ok { - p.Audit.Level, err = ParseLevel(level) - errs = appendErr(errs, err, AuditLevelLabel, level) - if err != nil { - p.Audit.Level = LevelPrivileged // Fail open for audit. - } - } - if version, ok := labels[AuditVersionLabel]; ok { - p.Audit.Version, err = ParseVersion(version) - errs = appendErr(errs, err, AuditVersionLabel, version) - } - if level, ok := labels[WarnLevelLabel]; ok { - hasWarnLevel = true - p.Warn.Level, err = ParseLevel(level) - errs = appendErr(errs, err, WarnLevelLabel, level) - if err != nil { - p.Warn.Level = LevelPrivileged // Fail open for warn. - } - } - if version, ok := labels[WarnVersionLabel]; ok { - hasWarnVersion = true - p.Warn.Version, err = ParseVersion(version) - errs = appendErr(errs, err, WarnVersionLabel, version) - } - - // Default warn to the enforce level when explicitly set to a more restrictive level. - if !hasWarnLevel && hasEnforceLevel && CompareLevels(p.Enforce.Level, p.Warn.Level) > 0 { - p.Warn.Level = p.Enforce.Level - if !hasWarnVersion { - p.Warn.Version = p.Enforce.Version - } - } - - return p, errs -} - -// CompareLevels returns an integer comparing two levels by strictness. The result will be 0 if -// a==b, -1 if a is less strict than b, and +1 if a is more strict than b. -func CompareLevels(a, b Level) int { - if a == b { - return 0 - } - switch a { - case LevelPrivileged: - return -1 - case LevelRestricted: - return 1 - default: - if b == LevelPrivileged { - return 1 - } else if b == LevelRestricted { - return -1 - } - } - // This should only happen if both a & b are invalid levels. - return 0 -} - -var labelsPath = field.NewPath("metadata", "labels") - -// appendErr is a helper function to collect label-specific errors. -func appendErr(errs field.ErrorList, err error, label, value string) field.ErrorList { - if err != nil { - return append(errs, field.Invalid(labelsPath.Key(label), value, err.Error())) - } - return errs -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/metrics/doc.go b/etcd/vendor/k8s.io/pod-security-admission/metrics/doc.go deleted file mode 100644 index 27091daf8e..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/metrics/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package metrics contains metrics interfaces and implementations for PodSecurity admission -package metrics // import "k8s.io/pod-security-admission/metrics" diff --git a/etcd/vendor/k8s.io/pod-security-admission/metrics/metrics.go b/etcd/vendor/k8s.io/pod-security-admission/metrics/metrics.go deleted file mode 100644 index 948911e596..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/metrics/metrics.go +++ /dev/null @@ -1,316 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "strconv" - "strings" - "sync" - - "github.com/blang/semver/v4" - admissionv1 "k8s.io/api/admission/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/component-base/metrics" - "k8s.io/pod-security-admission/api" -) - -const ( - ModeAudit = "audit" - ModeEnforce = "enforce" - ModeWarn = "warn" - DecisionAllow = "allow" // Policy evaluated, request allowed - DecisionDeny = "deny" // Policy evaluated, request denied -) - -type Decision string -type Mode string - -type Recorder interface { - RecordEvaluation(Decision, api.LevelVersion, Mode, api.Attributes) - RecordExemption(api.Attributes) - RecordError(fatal bool, attrs api.Attributes) -} - -type PrometheusRecorder struct { - apiVersion api.Version - - evaluationsCounter *evaluationsCounter - exemptionsCounter *exemptionsCounter - errorsCounter *metrics.CounterVec -} - -var _ Recorder = &PrometheusRecorder{} - -func NewPrometheusRecorder(version api.Version) *PrometheusRecorder { - errorsCounter := metrics.NewCounterVec( - &metrics.CounterOpts{ - Name: "pod_security_errors_total", - Help: "Number of errors preventing normal evaluation. Non-fatal errors may result in the latest restricted profile being used for evaluation.", - StabilityLevel: metrics.ALPHA, - }, - []string{"fatal", "request_operation", "resource", "subresource"}, - ) - - return &PrometheusRecorder{ - apiVersion: version, - evaluationsCounter: newEvaluationsCounter(), - exemptionsCounter: newExemptionsCounter(), - errorsCounter: errorsCounter, - } -} - -func (r *PrometheusRecorder) MustRegister(registerFunc func(...metrics.Registerable)) { - registerFunc(r.evaluationsCounter) - registerFunc(r.exemptionsCounter) - registerFunc(r.errorsCounter) -} - -func (r *PrometheusRecorder) Reset() { - r.evaluationsCounter.Reset() - r.exemptionsCounter.Reset() - r.errorsCounter.Reset() -} - -func (r *PrometheusRecorder) RecordEvaluation(decision Decision, policy api.LevelVersion, evalMode Mode, attrs api.Attributes) { - var version string - if policy.Version.Latest() || policy.Level == api.LevelPrivileged { // Privileged is always effectively latest. - version = "latest" - } else { - if !r.apiVersion.Older(policy.Version) { - version = policy.Version.String() - } else { - version = "future" - } - } - - // prevent cardinality explosion by only recording the platform namespaces - namespace := attrs.GetNamespace() - if !(namespace == "openshift" || - strings.HasPrefix(namespace, "openshift-") || - strings.HasPrefix(namespace, "kube-") || - namespace == "default") { - // remove non-OpenShift platform namespace names to prevent cardinality explosion - namespace = "" - } - - el := evaluationsLabels{ - decision: string(decision), - level: string(policy.Level), - version: version, - mode: string(evalMode), - operation: operationLabel(attrs.GetOperation()), - resource: resourceLabel(attrs.GetResource()), - subresource: attrs.GetSubresource(), - ocpNamespace: namespace, - } - - r.evaluationsCounter.CachedInc(el) -} - -func (r *PrometheusRecorder) RecordExemption(attrs api.Attributes) { - r.exemptionsCounter.CachedInc(exemptionsLabels{ - operation: operationLabel(attrs.GetOperation()), - resource: resourceLabel(attrs.GetResource()), - subresource: attrs.GetSubresource(), - }) -} - -func (r *PrometheusRecorder) RecordError(fatal bool, attrs api.Attributes) { - r.errorsCounter.WithLabelValues( - strconv.FormatBool(fatal), - operationLabel(attrs.GetOperation()), - resourceLabel(attrs.GetResource()), - attrs.GetSubresource(), - ).Inc() -} - -var ( - podResource = corev1.Resource("pods") - namespaceResource = corev1.Resource("namespaces") -) - -func resourceLabel(resource schema.GroupVersionResource) string { - switch resource.GroupResource() { - case podResource: - return "pod" - case namespaceResource: - return "namespace" - default: - // Assume any other resource is a valid input to pod-security, and therefore a controller. - return "controller" - } -} - -func operationLabel(op admissionv1.Operation) string { - switch op { - case admissionv1.Create: - return "create" - case admissionv1.Update: - return "update" - default: - // This is a slower operation, but never used in the default implementation. - return strings.ToLower(string(op)) - } -} - -type evaluationsLabels struct { - decision string - level string - version string - mode string - operation string - resource string - subresource string - ocpNamespace string -} - -func (l *evaluationsLabels) labels() []string { - return []string{l.decision, l.level, l.version, l.mode, l.operation, l.resource, l.subresource, l.ocpNamespace} -} - -type exemptionsLabels struct { - operation string - resource string - subresource string -} - -func (l *exemptionsLabels) labels() []string { - return []string{l.operation, l.resource, l.subresource} -} - -type evaluationsCounter struct { - *metrics.CounterVec - - cache map[evaluationsLabels]metrics.CounterMetric - cacheLock sync.RWMutex -} - -func newEvaluationsCounter() *evaluationsCounter { - return &evaluationsCounter{ - CounterVec: metrics.NewCounterVec( - &metrics.CounterOpts{ - Name: "pod_security_evaluations_total", - Help: "Number of policy evaluations that occurred, not counting ignored or exempt requests.", - StabilityLevel: metrics.ALPHA, - }, - []string{"decision", "policy_level", "policy_version", "mode", "request_operation", "resource", "subresource", "ocp_namespace"}, - ), - cache: make(map[evaluationsLabels]metrics.CounterMetric), - } -} - -func (c *evaluationsCounter) CachedInc(l evaluationsLabels) { - c.cacheLock.RLock() - defer c.cacheLock.RUnlock() - - if cachedCounter, ok := c.cache[l]; ok { - cachedCounter.Inc() - } else { - c.CounterVec.WithLabelValues(l.labels()...).Inc() - } -} - -func (c *evaluationsCounter) Create(version *semver.Version) bool { - c.cacheLock.Lock() - defer c.cacheLock.Unlock() - if c.CounterVec.Create(version) { - c.populateCache() - return true - } else { - return false - } -} - -func (c *evaluationsCounter) Reset() { - c.cacheLock.Lock() - defer c.cacheLock.Unlock() - c.CounterVec.Reset() - c.populateCache() -} - -func (c *evaluationsCounter) populateCache() { - labelsToCache := []evaluationsLabels{ - {decision: "allow", level: "privileged", version: "latest", mode: "enforce", operation: "create", resource: "pod", subresource: "", ocpNamespace: ""}, - {decision: "allow", level: "privileged", version: "latest", mode: "enforce", operation: "update", resource: "pod", subresource: "", ocpNamespace: ""}, - } - for _, l := range labelsToCache { - c.cache[l] = c.CounterVec.WithLabelValues(l.labels()...) - } -} - -type exemptionsCounter struct { - *metrics.CounterVec - - cache map[exemptionsLabels]metrics.CounterMetric - cacheLock sync.RWMutex -} - -func newExemptionsCounter() *exemptionsCounter { - return &exemptionsCounter{ - CounterVec: metrics.NewCounterVec( - &metrics.CounterOpts{ - Name: "pod_security_exemptions_total", - Help: "Number of exempt requests, not counting ignored or out of scope requests.", - StabilityLevel: metrics.ALPHA, - }, - []string{"request_operation", "resource", "subresource"}, - ), - cache: make(map[exemptionsLabels]metrics.CounterMetric), - } -} - -func (c *exemptionsCounter) CachedInc(l exemptionsLabels) { - c.cacheLock.RLock() - defer c.cacheLock.RUnlock() - - if cachedCounter, ok := c.cache[l]; ok { - cachedCounter.Inc() - } else { - c.CounterVec.WithLabelValues(l.labels()...).Inc() - } -} - -func (c *exemptionsCounter) Create(version *semver.Version) bool { - c.cacheLock.Lock() - defer c.cacheLock.Unlock() - if c.CounterVec.Create(version) { - c.populateCache() - return true - } else { - return false - } -} - -func (c *exemptionsCounter) Reset() { - c.cacheLock.Lock() - defer c.cacheLock.Unlock() - c.CounterVec.Reset() - c.populateCache() -} - -func (c *exemptionsCounter) populateCache() { - labelsToCache := []exemptionsLabels{ - {operation: "create", resource: "pod", subresource: ""}, - {operation: "update", resource: "pod", subresource: ""}, - {operation: "create", resource: "controller", subresource: ""}, - {operation: "update", resource: "controller", subresource: ""}, - } - for _, l := range labelsToCache { - c.cache[l] = c.CounterVec.WithLabelValues(l.labels()...) - } -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_allowPrivilegeEscalation.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_allowPrivilegeEscalation.go deleted file mode 100644 index d531612a1e..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_allowPrivilegeEscalation.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed. - -**Restricted Fields:** - -spec.containers[*].securityContext.allowPrivilegeEscalation -spec.initContainers[*].securityContext.allowPrivilegeEscalation - -**Allowed Values:** false -*/ - -func init() { - addCheck(CheckAllowPrivilegeEscalation) -} - -// CheckAllowPrivilegeEscalation returns a restricted level check -// that requires allowPrivilegeEscalation=false in 1.8+ -func CheckAllowPrivilegeEscalation() Check { - return Check{ - ID: "allowPrivilegeEscalation", - Level: api.LevelRestricted, - Versions: []VersionedCheck{ - { - // Field added in 1.8: - // https://github.com/kubernetes/kubernetes/blob/v1.8.0/staging/src/k8s.io/api/core/v1/types.go#L4797-L4804 - MinimumVersion: api.MajorMinorVersion(1, 8), - CheckPod: allowPrivilegeEscalation_1_8, - }, - { - // Starting 1.25, windows pods would be exempted from this check using pod.spec.os field when set to windows. - MinimumVersion: api.MajorMinorVersion(1, 25), - CheckPod: allowPrivilegeEscalation_1_25, - }, - }, - } -} - -func allowPrivilegeEscalation_1_8(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var badContainers []string - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext == nil || container.SecurityContext.AllowPrivilegeEscalation == nil || *container.SecurityContext.AllowPrivilegeEscalation { - badContainers = append(badContainers, container.Name) - } - }) - - if len(badContainers) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "allowPrivilegeEscalation != false", - ForbiddenDetail: fmt.Sprintf( - "%s %s must set securityContext.allowPrivilegeEscalation=false", - pluralize("container", "containers", len(badContainers)), - joinQuote(badContainers), - ), - } - } - return CheckResult{Allowed: true} -} - -func allowPrivilegeEscalation_1_25(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - // Pod API validation would have failed if podOS == Windows and if privilegeEscalation has been set. - // We can admit the Windows pod even if privilegeEscalation has not been set. - if podSpec.OS != nil && podSpec.OS.Name == corev1.Windows { - return CheckResult{Allowed: true} - } - return allowPrivilegeEscalation_1_8(podMetadata, podSpec) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_appArmorProfile.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_appArmorProfile.go deleted file mode 100644 index b4942a884c..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_appArmorProfile.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "sort" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -On supported hosts, the 'runtime/default' AppArmor profile is applied by default. -The baseline policy should prevent overriding or disabling the default AppArmor -profile, or restrict overrides to an allowed set of profiles. - -**Restricted Fields:** -metadata.annotations['container.apparmor.security.beta.kubernetes.io/*'] - -**Allowed Values:** 'runtime/default', 'localhost/*', empty, undefined -*/ -func init() { - addCheck(CheckAppArmorProfile) -} - -// CheckAppArmorProfile returns a baseline level check -// that limits the value of AppArmor profiles in 1.0+ -func CheckAppArmorProfile() Check { - return Check{ - ID: "appArmorProfile", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: appArmorProfile_1_0, - }, - }, - } -} - -func allowedProfile(profile string) bool { - return len(profile) == 0 || - profile == corev1.AppArmorBetaProfileRuntimeDefault || - strings.HasPrefix(profile, corev1.AppArmorBetaProfileNamePrefix) -} - -func appArmorProfile_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var forbiddenValues []string - for k, v := range podMetadata.Annotations { - if strings.HasPrefix(k, corev1.AppArmorBetaContainerAnnotationKeyPrefix) && !allowedProfile(v) { - forbiddenValues = append(forbiddenValues, fmt.Sprintf("%s=%q", k, v)) - } - } - if len(forbiddenValues) > 0 { - sort.Strings(forbiddenValues) - return CheckResult{ - Allowed: false, - ForbiddenReason: pluralize("forbidden AppArmor profile", "forbidden AppArmor profiles", len(forbiddenValues)), - ForbiddenDetail: strings.Join(forbiddenValues, ", "), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_capabilities_baseline.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_capabilities_baseline.go deleted file mode 100644 index aad61738b5..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_capabilities_baseline.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* -Adding NET_RAW or capabilities beyond the default set must be disallowed. - -**Restricted Fields:** -spec.containers[*].securityContext.capabilities.add -spec.initContainers[*].securityContext.capabilities.add - -**Allowed Values:** -undefined / empty -values from the default set "AUDIT_WRITE", "CHOWN", "DAC_OVERRIDE","FOWNER", "FSETID", "KILL", "MKNOD", "NET_BIND_SERVICE", "SETFCAP", "SETGID", "SETPCAP", "SETUID", "SYS_CHROOT" -*/ - -func init() { - addCheck(CheckCapabilitiesBaseline) -} - -const checkCapabilitiesBaselineID CheckID = "capabilities_baseline" - -// CheckCapabilitiesBaseline returns a baseline level check -// that limits the capabilities that can be added in 1.0+ -func CheckCapabilitiesBaseline() Check { - return Check{ - ID: checkCapabilitiesBaselineID, - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: capabilitiesBaseline_1_0, - }, - }, - } -} - -var ( - capabilities_allowed_1_0 = sets.NewString( - "AUDIT_WRITE", - "CHOWN", - "DAC_OVERRIDE", - "FOWNER", - "FSETID", - "KILL", - "MKNOD", - "NET_BIND_SERVICE", - "SETFCAP", - "SETGID", - "SETPCAP", - "SETUID", - "SYS_CHROOT", - ) -) - -func capabilitiesBaseline_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var badContainers []string - nonDefaultCapabilities := sets.NewString() - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext != nil && container.SecurityContext.Capabilities != nil { - valid := true - for _, c := range container.SecurityContext.Capabilities.Add { - if !capabilities_allowed_1_0.Has(string(c)) { - valid = false - nonDefaultCapabilities.Insert(string(c)) - } - } - if !valid { - badContainers = append(badContainers, container.Name) - } - } - }) - - if len(badContainers) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "non-default capabilities", - ForbiddenDetail: fmt.Sprintf( - "%s %s must not include %s in securityContext.capabilities.add", - pluralize("container", "containers", len(badContainers)), - joinQuote(badContainers), - joinQuote(nonDefaultCapabilities.List()), - ), - } - } - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_capabilities_restricted.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_capabilities_restricted.go deleted file mode 100644 index 9d70b0304a..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_capabilities_restricted.go +++ /dev/null @@ -1,145 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -const ( - capabilityAll = "ALL" - capabilityNetBindService = "NET_BIND_SERVICE" -) - -/* -Containers must drop ALL, and may only add NET_BIND_SERVICE. - -**Restricted Fields:** -spec.containers[*].securityContext.capabilities.drop -spec.initContainers[*].securityContext.capabilities.drop - -**Allowed Values:** -Must include "ALL" - -**Restricted Fields:** -spec.containers[*].securityContext.capabilities.add -spec.initContainers[*].securityContext.capabilities.add - -**Allowed Values:** -undefined / empty -"NET_BIND_SERVICE" -*/ - -func init() { - addCheck(CheckCapabilitiesRestricted) -} - -// CheckCapabilitiesRestricted returns a restricted level check -// that ensures ALL capabilities are dropped in 1.22+ -func CheckCapabilitiesRestricted() Check { - return Check{ - ID: "capabilities_restricted", - Level: api.LevelRestricted, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 22), - CheckPod: capabilitiesRestricted_1_22, - OverrideCheckIDs: []CheckID{checkCapabilitiesBaselineID}, - }, - // Starting 1.25, windows pods would be exempted from this check using pod.spec.os field when set to windows. - { - MinimumVersion: api.MajorMinorVersion(1, 25), - CheckPod: capabilitiesRestricted_1_25, - OverrideCheckIDs: []CheckID{checkCapabilitiesBaselineID}, - }, - }, - } -} - -func capabilitiesRestricted_1_22(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var ( - containersMissingDropAll []string - containersAddingForbidden []string - forbiddenCapabilities = sets.NewString() - ) - - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext == nil || container.SecurityContext.Capabilities == nil { - containersMissingDropAll = append(containersMissingDropAll, container.Name) - return - } - - droppedAll := false - for _, c := range container.SecurityContext.Capabilities.Drop { - if c == capabilityAll { - droppedAll = true - break - } - } - if !droppedAll { - containersMissingDropAll = append(containersMissingDropAll, container.Name) - } - - addedForbidden := false - for _, c := range container.SecurityContext.Capabilities.Add { - if c != capabilityNetBindService { - addedForbidden = true - forbiddenCapabilities.Insert(string(c)) - } - } - if addedForbidden { - containersAddingForbidden = append(containersAddingForbidden, container.Name) - } - }) - var forbiddenDetails []string - if len(containersMissingDropAll) > 0 { - forbiddenDetails = append(forbiddenDetails, fmt.Sprintf( - `%s %s must set securityContext.capabilities.drop=["ALL"]`, - pluralize("container", "containers", len(containersMissingDropAll)), - joinQuote(containersMissingDropAll))) - } - if len(containersAddingForbidden) > 0 { - forbiddenDetails = append(forbiddenDetails, fmt.Sprintf( - `%s %s must not include %s in securityContext.capabilities.add`, - pluralize("container", "containers", len(containersAddingForbidden)), - joinQuote(containersAddingForbidden), - joinQuote(forbiddenCapabilities.List()))) - } - if len(forbiddenDetails) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "unrestricted capabilities", - ForbiddenDetail: strings.Join(forbiddenDetails, "; "), - } - } - return CheckResult{Allowed: true} -} - -func capabilitiesRestricted_1_25(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - // Pod API validation would have failed if podOS == Windows and if capabilities have been set. - // We can admit the Windows pod even if capabilities has not been set. - if podSpec.OS != nil && podSpec.OS.Name == corev1.Windows { - return CheckResult{Allowed: true} - } - return capabilitiesRestricted_1_22(podMetadata, podSpec) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostNamespaces.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostNamespaces.go deleted file mode 100644 index 9092b64e92..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostNamespaces.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -Sharing the host network, PID, and IPC namespaces must be disallowed. - -**Restricted Fields:** - -spec.hostNetwork -spec.hostPID -spec.hostIPC - -**Allowed Values:** undefined, false -*/ - -func init() { - addCheck(CheckHostNamespaces) -} - -// CheckHostNamespaces returns a baseline level check -// that prohibits host namespaces in 1.0+ -func CheckHostNamespaces() Check { - return Check{ - ID: "hostNamespaces", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: hostNamespaces_1_0, - }, - }, - } -} - -func hostNamespaces_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var hostNamespaces []string - - if podSpec.HostNetwork { - hostNamespaces = append(hostNamespaces, "hostNetwork=true") - } - - if podSpec.HostPID { - hostNamespaces = append(hostNamespaces, "hostPID=true") - } - - if podSpec.HostIPC { - hostNamespaces = append(hostNamespaces, "hostIPC=true") - } - - if len(hostNamespaces) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "host namespaces", - ForbiddenDetail: strings.Join(hostNamespaces, ", "), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostPathVolumes.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostPathVolumes.go deleted file mode 100644 index 3a419ff249..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostPathVolumes.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -HostPath volumes must be forbidden. - -**Restricted Fields:** - -spec.volumes[*].hostPath - -**Allowed Values:** undefined/null -*/ - -func init() { - addCheck(CheckHostPathVolumes) -} - -const checkHostPathVolumesID CheckID = "hostPathVolumes" - -// CheckHostPathVolumes returns a baseline level check -// that requires hostPath=undefined/null in 1.0+ -func CheckHostPathVolumes() Check { - return Check{ - ID: checkHostPathVolumesID, - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: hostPathVolumes_1_0, - }, - }, - } -} - -func hostPathVolumes_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var hostVolumes []string - - for _, volume := range podSpec.Volumes { - if volume.HostPath != nil { - hostVolumes = append(hostVolumes, volume.Name) - } - } - - if len(hostVolumes) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "hostPath volumes", - ForbiddenDetail: fmt.Sprintf("%s %s", pluralize("volume", "volumes", len(hostVolumes)), joinQuote(hostVolumes)), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostPorts.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostPorts.go deleted file mode 100644 index 9e598cde8f..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_hostPorts.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strconv" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* -HostPort ports must be forbidden. - -**Restricted Fields:** - -spec.containers[*].ports[*].hostPort -spec.initContainers[*].ports[*].hostPort - -**Allowed Values:** undefined/0 -*/ - -func init() { - addCheck(CheckHostPorts) -} - -// CheckHostPorts returns a baseline level check -// that forbids any host ports in 1.0+ -func CheckHostPorts() Check { - return Check{ - ID: "hostPorts", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: hostPorts_1_0, - }, - }, - } -} - -func hostPorts_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var badContainers []string - forbiddenHostPorts := sets.NewString() - visitContainers(podSpec, func(container *corev1.Container) { - valid := true - for _, c := range container.Ports { - if c.HostPort != 0 { - valid = false - forbiddenHostPorts.Insert(strconv.Itoa(int(c.HostPort))) - } - } - if !valid { - badContainers = append(badContainers, container.Name) - } - }) - - if len(badContainers) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "hostPort", - ForbiddenDetail: fmt.Sprintf( - "%s %s %s %s %s", - pluralize("container", "containers", len(badContainers)), - joinQuote(badContainers), - pluralize("uses", "use", len(badContainers)), - pluralize("hostPort", "hostPorts", len(forbiddenHostPorts)), - strings.Join(forbiddenHostPorts.List(), ", "), - ), - } - } - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_privileged.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_privileged.go deleted file mode 100644 index 899642e4cd..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_privileged.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -Privileged Pods disable most security mechanisms and must be disallowed. - -Restricted Fields: -spec.containers[*].securityContext.privileged -spec.initContainers[*].securityContext.privileged - -Allowed Values: false, undefined/null -*/ - -func init() { - addCheck(CheckPrivileged) -} - -// CheckPrivileged returns a baseline level check -// that forbids privileged=true in 1.0+ -func CheckPrivileged() Check { - return Check{ - ID: "privileged", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: privileged_1_0, - }, - }, - } -} - -func privileged_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var badContainers []string - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext != nil && container.SecurityContext.Privileged != nil && *container.SecurityContext.Privileged { - badContainers = append(badContainers, container.Name) - } - }) - if len(badContainers) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "privileged", - ForbiddenDetail: fmt.Sprintf( - `%s %s must not set securityContext.privileged=true`, - pluralize("container", "containers", len(badContainers)), - joinQuote(badContainers), - ), - } - } - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_procMount.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_procMount.go deleted file mode 100644 index 282dbb32ce..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_procMount.go +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* - -The default /proc masks are set up to reduce attack surface, and should be required. - -**Restricted Fields:** -spec.containers[*].securityContext.procMount -spec.initContainers[*].securityContext.procMount - -**Allowed Values:** undefined/null, "Default" - -*/ - -func init() { - addCheck(CheckProcMount) -} - -// CheckProcMount returns a baseline level check that restricts -// setting the value of securityContext.procMount to DefaultProcMount -// in 1.0+ -func CheckProcMount() Check { - return Check{ - ID: "procMount", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: procMount_1_0, - }, - }, - } -} - -func procMount_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var badContainers []string - forbiddenProcMountTypes := sets.NewString() - visitContainers(podSpec, func(container *corev1.Container) { - // allow if the security context is nil. - if container.SecurityContext == nil { - return - } - // allow if proc mount is not set. - if container.SecurityContext.ProcMount == nil { - return - } - // check if the value of the proc mount type is valid. - if *container.SecurityContext.ProcMount != corev1.DefaultProcMount { - badContainers = append(badContainers, container.Name) - forbiddenProcMountTypes.Insert(string(*container.SecurityContext.ProcMount)) - } - }) - if len(badContainers) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "procMount", - ForbiddenDetail: fmt.Sprintf( - "%s %s must not set securityContext.procMount to %s", - pluralize("container", "containers", len(badContainers)), - joinQuote(badContainers), - joinQuote(forbiddenProcMountTypes.List()), - ), - } - } - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go deleted file mode 100644 index e171cdd60f..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_restrictedVolumes.go +++ /dev/null @@ -1,171 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* -In addition to restricting HostPath volumes, the restricted profile -limits usage of inline pod volume sources to: -* configMap -* downwardAPI -* emptyDir -* projected -* secret -* csi -* persistentVolumeClaim -* ephemeral - -**Restricted Fields:** - -spec.volumes[*].hostPath -spec.volumes[*].gcePersistentDisk -spec.volumes[*].awsElasticBlockStore -spec.volumes[*].gitRepo -spec.volumes[*].nfs -spec.volumes[*].iscsi -spec.volumes[*].glusterfs -spec.volumes[*].rbd -spec.volumes[*].flexVolume -spec.volumes[*].cinder -spec.volumes[*].cephfs -spec.volumes[*].flocker -spec.volumes[*].fc -spec.volumes[*].azureFile -spec.volumes[*].vsphereVolume -spec.volumes[*].quobyte -spec.volumes[*].azureDisk -spec.volumes[*].portworxVolume -spec.volumes[*].photonPersistentDisk -spec.volumes[*].scaleIO -spec.volumes[*].storageos - -**Allowed Values:** undefined/null -*/ - -func init() { - addCheck(CheckRestrictedVolumes) -} - -// CheckRestrictedVolumes returns a restricted level check -// that limits usage of specific volume types in 1.0+ -func CheckRestrictedVolumes() Check { - return Check{ - ID: "restrictedVolumes", - Level: api.LevelRestricted, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: restrictedVolumes_1_0, - OverrideCheckIDs: []CheckID{checkHostPathVolumesID}, - }, - }, - } -} - -func restrictedVolumes_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var badVolumes []string - badVolumeTypes := sets.NewString() - - for _, volume := range podSpec.Volumes { - switch { - case volume.ConfigMap != nil, - volume.CSI != nil, - volume.DownwardAPI != nil, - volume.EmptyDir != nil, - volume.Ephemeral != nil, - volume.PersistentVolumeClaim != nil, - volume.Projected != nil, - volume.Secret != nil: - continue - - default: - badVolumes = append(badVolumes, volume.Name) - - switch { - case volume.HostPath != nil: - badVolumeTypes.Insert("hostPath") - case volume.GCEPersistentDisk != nil: - badVolumeTypes.Insert("gcePersistentDisk") - case volume.AWSElasticBlockStore != nil: - badVolumeTypes.Insert("awsElasticBlockStore") - case volume.GitRepo != nil: - badVolumeTypes.Insert("gitRepo") - case volume.NFS != nil: - badVolumeTypes.Insert("nfs") - case volume.ISCSI != nil: - badVolumeTypes.Insert("iscsi") - case volume.Glusterfs != nil: - badVolumeTypes.Insert("glusterfs") - case volume.RBD != nil: - badVolumeTypes.Insert("rbd") - case volume.FlexVolume != nil: - badVolumeTypes.Insert("flexVolume") - case volume.Cinder != nil: - badVolumeTypes.Insert("cinder") - case volume.CephFS != nil: - badVolumeTypes.Insert("cephfs") - case volume.Flocker != nil: - badVolumeTypes.Insert("flocker") - case volume.FC != nil: - badVolumeTypes.Insert("fc") - case volume.AzureFile != nil: - badVolumeTypes.Insert("azureFile") - case volume.VsphereVolume != nil: - badVolumeTypes.Insert("vsphereVolume") - case volume.Quobyte != nil: - badVolumeTypes.Insert("quobyte") - case volume.AzureDisk != nil: - badVolumeTypes.Insert("azureDisk") - case volume.PhotonPersistentDisk != nil: - badVolumeTypes.Insert("photonPersistentDisk") - case volume.PortworxVolume != nil: - badVolumeTypes.Insert("portworxVolume") - case volume.ScaleIO != nil: - badVolumeTypes.Insert("scaleIO") - case volume.StorageOS != nil: - badVolumeTypes.Insert("storageos") - default: - badVolumeTypes.Insert("unknown") - } - } - } - - if len(badVolumes) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "restricted volume types", - ForbiddenDetail: fmt.Sprintf( - "%s %s %s %s %s", - pluralize("volume", "volumes", len(badVolumes)), - joinQuote(badVolumes), - pluralize("uses", "use", len(badVolumes)), - pluralize("restricted volume type", "restricted volume types", len(badVolumeTypes)), - joinQuote(badVolumeTypes.List()), - ), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_runAsNonRoot.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_runAsNonRoot.go deleted file mode 100644 index c8dfcfdde3..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_runAsNonRoot.go +++ /dev/null @@ -1,128 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -Containers must be required to run as non-root users. - -**Restricted Fields:** - -spec.securityContext.runAsNonRoot -spec.containers[*].securityContext.runAsNonRoot -spec.initContainers[*].securityContext.runAsNonRoot - -**Allowed Values:** -true -undefined/null at container-level if pod-level is set to true -*/ - -func init() { - addCheck(CheckRunAsNonRoot) -} - -// CheckRunAsNonRoot returns a restricted level check -// that requires runAsNonRoot=true in 1.0+ -func CheckRunAsNonRoot() Check { - return Check{ - ID: "runAsNonRoot", - Level: api.LevelRestricted, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: runAsNonRoot_1_0, - }, - }, - } -} - -func runAsNonRoot_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - // things that explicitly set runAsNonRoot=false - var badSetters []string - - podRunAsNonRoot := false - if podSpec.SecurityContext != nil && podSpec.SecurityContext.RunAsNonRoot != nil { - if !*podSpec.SecurityContext.RunAsNonRoot { - badSetters = append(badSetters, "pod") - } else { - podRunAsNonRoot = true - } - } - - // containers that explicitly set runAsNonRoot=false - var explicitlyBadContainers []string - // containers that didn't set runAsNonRoot and aren't caught by a pod-level runAsNonRoot=true - var implicitlyBadContainers []string - - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext != nil && container.SecurityContext.RunAsNonRoot != nil { - // container explicitly set runAsNonRoot - if !*container.SecurityContext.RunAsNonRoot { - // container explicitly set runAsNonRoot to a bad value - explicitlyBadContainers = append(explicitlyBadContainers, container.Name) - } - } else { - // container did not explicitly set runAsNonRoot - if !podRunAsNonRoot { - // no pod-level runAsNonRoot=true, so this container implicitly has a bad value - implicitlyBadContainers = append(implicitlyBadContainers, container.Name) - } - } - }) - - if len(explicitlyBadContainers) > 0 { - badSetters = append( - badSetters, - fmt.Sprintf( - "%s %s", - pluralize("container", "containers", len(explicitlyBadContainers)), - joinQuote(explicitlyBadContainers), - ), - ) - } - // pod or containers explicitly set runAsNonRoot=false - if len(badSetters) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "runAsNonRoot != true", - ForbiddenDetail: fmt.Sprintf("%s must not set securityContext.runAsNonRoot=false", strings.Join(badSetters, " and ")), - } - } - - // pod didn't set runAsNonRoot and not all containers opted into runAsNonRoot - if len(implicitlyBadContainers) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "runAsNonRoot != true", - ForbiddenDetail: fmt.Sprintf( - "pod or %s %s must set securityContext.runAsNonRoot=true", - pluralize("container", "containers", len(implicitlyBadContainers)), - joinQuote(implicitlyBadContainers), - ), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_runAsUser.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_runAsUser.go deleted file mode 100644 index de20f4d0ad..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_runAsUser.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -Containers must not set runAsUser: 0 - -**Restricted Fields:** - -spec.securityContext.runAsUser -spec.containers[*].securityContext.runAsUser -spec.initContainers[*].securityContext.runAsUser - -**Allowed Values:** -non-zero values -undefined/null - -*/ - -func init() { - addCheck(CheckRunAsUser) -} - -// CheckRunAsUser returns a restricted level check -// that forbides runAsUser=0 in 1.23+ -func CheckRunAsUser() Check { - return Check{ - ID: "runAsUser", - Level: api.LevelRestricted, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 23), - CheckPod: runAsUser_1_23, - }, - }, - } -} - -func runAsUser_1_23(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - // things that explicitly set runAsUser=0 - var badSetters []string - - if podSpec.SecurityContext != nil && podSpec.SecurityContext.RunAsUser != nil && *podSpec.SecurityContext.RunAsUser == 0 { - badSetters = append(badSetters, "pod") - } - - // containers that explicitly set runAsUser=0 - var explicitlyBadContainers []string - - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil && *container.SecurityContext.RunAsUser == 0 { - explicitlyBadContainers = append(explicitlyBadContainers, container.Name) - } - }) - - if len(explicitlyBadContainers) > 0 { - badSetters = append( - badSetters, - fmt.Sprintf( - "%s %s", - pluralize("container", "containers", len(explicitlyBadContainers)), - joinQuote(explicitlyBadContainers), - ), - ) - } - // pod or containers explicitly set runAsUser=0 - if len(badSetters) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "runAsUser=0", - ForbiddenDetail: fmt.Sprintf("%s must not set runAsUser=0", strings.Join(badSetters, " and ")), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_seLinuxOptions.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_seLinuxOptions.go deleted file mode 100644 index ec832ac5c8..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_seLinuxOptions.go +++ /dev/null @@ -1,159 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* -Setting the SELinux type is restricted, and setting a custom SELinux user or role option is forbidden. - -**Restricted Fields:** -spec.securityContext.seLinuxOptions.type -spec.containers[*].securityContext.seLinuxOptions.type -spec.initContainers[*].securityContext.seLinuxOptions.type - -**Allowed Values:** -undefined/empty -container_t -container_init_t -container_kvm_t - -**Restricted Fields:** -spec.securityContext.seLinuxOptions.user -spec.containers[*].securityContext.seLinuxOptions.user -spec.initContainers[*].securityContext.seLinuxOptions.user -spec.securityContext.seLinuxOptions.role -spec.containers[*].securityContext.seLinuxOptions.role -spec.initContainers[*].securityContext.seLinuxOptions.role - -**Allowed Values:** undefined/empty -*/ - -func init() { - addCheck(CheckSELinuxOptions) -} - -// CheckSELinuxOptions returns a baseline level check -// that limits seLinuxOptions type, user, and role values in 1.0+ -func CheckSELinuxOptions() Check { - return Check{ - ID: "seLinuxOptions", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: seLinuxOptions_1_0, - }, - }, - } -} - -var ( - selinux_allowed_types_1_0 = sets.NewString("", "container_t", "container_init_t", "container_kvm_t") -) - -func seLinuxOptions_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var ( - // sources that set bad seLinuxOptions - badSetters []string - - // invalid type values set - badTypes = sets.NewString() - // was user set? - setUser = false - // was role set? - setRole = false - ) - - validSELinuxOptions := func(opts *corev1.SELinuxOptions) bool { - valid := true - if !selinux_allowed_types_1_0.Has(opts.Type) { - valid = false - badTypes.Insert(opts.Type) - } - if len(opts.User) > 0 { - valid = false - setUser = true - } - if len(opts.Role) > 0 { - valid = false - setRole = true - } - return valid - } - - if podSpec.SecurityContext != nil && podSpec.SecurityContext.SELinuxOptions != nil { - if !validSELinuxOptions(podSpec.SecurityContext.SELinuxOptions) { - badSetters = append(badSetters, "pod") - } - } - - var badContainers []string - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext != nil && container.SecurityContext.SELinuxOptions != nil { - if !validSELinuxOptions(container.SecurityContext.SELinuxOptions) { - badContainers = append(badContainers, container.Name) - } - } - }) - if len(badContainers) > 0 { - badSetters = append( - badSetters, - fmt.Sprintf( - "%s %s", - pluralize("container", "containers", len(badContainers)), - joinQuote(badContainers), - ), - ) - } - - if len(badSetters) > 0 { - var badData []string - if len(badTypes) > 0 { - badData = append(badData, fmt.Sprintf( - "%s %s", - pluralize("type", "types", len(badTypes)), - joinQuote(badTypes.List()), - )) - } - if setUser { - badData = append(badData, "user may not be set") - } - if setRole { - badData = append(badData, "role may not be set") - } - - return CheckResult{ - Allowed: false, - ForbiddenReason: "seLinuxOptions", - ForbiddenDetail: fmt.Sprintf( - `%s set forbidden securityContext.seLinuxOptions: %s`, - strings.Join(badSetters, " and "), - strings.Join(badData, "; "), - ), - } - } - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_seccompProfile_baseline.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_seccompProfile_baseline.go deleted file mode 100644 index d45dba7076..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_seccompProfile_baseline.go +++ /dev/null @@ -1,171 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* -If seccomp profiles are specified, only runtime default and localhost profiles are allowed. - -v1.0 - v1.18: -**Restricted Fields:** -metadata.annotations['seccomp.security.alpha.kubernetes.io/pod'] -metadata.annotations['container.seccomp.security.alpha.kubernetes.io/*'] - -**Allowed Values:** 'runtime/default', 'docker/default', 'localhost/*', undefined - -v1.19+: -**Restricted Fields:** -spec.securityContext.seccompProfile.type -spec.containers[*].securityContext.seccompProfile.type -spec.initContainers[*].securityContext.seccompProfile.type - -**Allowed Values:** 'RuntimeDefault', 'Localhost', undefined -*/ -const ( - annotationKeyPod = "seccomp.security.alpha.kubernetes.io/pod" - annotationKeyContainerPrefix = "container.seccomp.security.alpha.kubernetes.io/" - - checkSeccompBaselineID CheckID = "seccompProfile_baseline" -) - -func init() { - addCheck(CheckSeccompBaseline) -} - -func CheckSeccompBaseline() Check { - return Check{ - ID: checkSeccompBaselineID, - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: seccompProfileBaseline_1_0, - }, - { - MinimumVersion: api.MajorMinorVersion(1, 19), - CheckPod: seccompProfileBaseline_1_19, - }, - }, - } -} - -func validSeccomp(t corev1.SeccompProfileType) bool { - return t == corev1.SeccompProfileTypeLocalhost || - t == corev1.SeccompProfileTypeRuntimeDefault -} - -func validSeccompAnnotationValue(v string) bool { - return v == corev1.SeccompProfileRuntimeDefault || - v == corev1.DeprecatedSeccompProfileDockerDefault || - strings.HasPrefix(v, corev1.SeccompLocalhostProfileNamePrefix) -} - -// seccompProfileBaseline_1_0 checks baseline policy on seccomp alpha annotation -func seccompProfileBaseline_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - forbidden := sets.NewString() - - if val, ok := podMetadata.Annotations[annotationKeyPod]; ok { - if !validSeccompAnnotationValue(val) { - forbidden.Insert(fmt.Sprintf("%s=%q", annotationKeyPod, val)) - } - } - - visitContainers(podSpec, func(c *corev1.Container) { - annotation := annotationKeyContainerPrefix + c.Name - if val, ok := podMetadata.Annotations[annotation]; ok { - if !validSeccompAnnotationValue(val) { - forbidden.Insert(fmt.Sprintf("%s=%q", annotation, val)) - } - } - }) - - if len(forbidden) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "seccompProfile", - ForbiddenDetail: fmt.Sprintf( - "forbidden %s %s", - pluralize("annotation", "annotations", len(forbidden)), - strings.Join(forbidden.List(), ", "), - ), - } - } - - return CheckResult{Allowed: true} -} - -// seccompProfileBaseline_1_19 checks baseline policy on securityContext.seccompProfile field -func seccompProfileBaseline_1_19(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - // things that explicitly set seccompProfile.type to a bad value - var badSetters []string - badValues := sets.NewString() - - if podSpec.SecurityContext != nil && podSpec.SecurityContext.SeccompProfile != nil { - if !validSeccomp(podSpec.SecurityContext.SeccompProfile.Type) { - badSetters = append(badSetters, "pod") - badValues.Insert(string(podSpec.SecurityContext.SeccompProfile.Type)) - } - } - - // containers that explicitly set seccompProfile.type to a bad value - var explicitlyBadContainers []string - - visitContainers(podSpec, func(c *corev1.Container) { - if c.SecurityContext != nil && c.SecurityContext.SeccompProfile != nil { - // container explicitly set seccompProfile - if !validSeccomp(c.SecurityContext.SeccompProfile.Type) { - // container explicitly set seccompProfile to a bad value - explicitlyBadContainers = append(explicitlyBadContainers, c.Name) - badValues.Insert(string(c.SecurityContext.SeccompProfile.Type)) - } - } - }) - - if len(explicitlyBadContainers) > 0 { - badSetters = append( - badSetters, - fmt.Sprintf( - "%s %s", - pluralize("container", "containers", len(explicitlyBadContainers)), - joinQuote(explicitlyBadContainers), - ), - ) - } - // pod or containers explicitly set bad seccompProfiles - if len(badSetters) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "seccompProfile", - ForbiddenDetail: fmt.Sprintf( - "%s must not set securityContext.seccompProfile.type to %s", - strings.Join(badSetters, " and "), - joinQuote(badValues.List()), - ), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_seccompProfile_restricted.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_seccompProfile_restricted.go deleted file mode 100644 index 9040e0fb05..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_seccompProfile_restricted.go +++ /dev/null @@ -1,155 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* - -Seccomp profiles must be specified, and only runtime default and localhost profiles are allowed. - -v1.19+: -**Restricted Fields:** -spec.securityContext.seccompProfile.type -spec.containers[*].securityContext.seccompProfile.type -spec.initContainers[*].securityContext.seccompProfile.type - -**Allowed Values:** 'RuntimeDefault', 'Localhost' -Note: container-level fields may be undefined if pod-level field is specified. - -*/ - -func init() { - addCheck(CheckSeccompProfileRestricted) -} - -func CheckSeccompProfileRestricted() Check { - return Check{ - ID: "seccompProfile_restricted", - Level: api.LevelRestricted, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 19), - CheckPod: seccompProfileRestricted_1_19, - OverrideCheckIDs: []CheckID{checkSeccompBaselineID}, - }, - // Starting 1.25, windows pods would be exempted from this check using pod.spec.os field when set to windows. - { - MinimumVersion: api.MajorMinorVersion(1, 25), - CheckPod: seccompProfileRestricted_1_25, - OverrideCheckIDs: []CheckID{checkSeccompBaselineID}, - }, - }, - } -} - -// seccompProfileRestricted_1_19 checks restricted policy on securityContext.seccompProfile field -func seccompProfileRestricted_1_19(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - // things that explicitly set seccompProfile.type to a bad value - var badSetters []string - badValues := sets.NewString() - - podSeccompSet := false - - if podSpec.SecurityContext != nil && podSpec.SecurityContext.SeccompProfile != nil { - if !validSeccomp(podSpec.SecurityContext.SeccompProfile.Type) { - badSetters = append(badSetters, "pod") - badValues.Insert(string(podSpec.SecurityContext.SeccompProfile.Type)) - } else { - podSeccompSet = true - } - } - - // containers that explicitly set seccompProfile.type to a bad value - var explicitlyBadContainers []string - // containers that didn't set seccompProfile and aren't caught by a pod-level seccompProfile - var implicitlyBadContainers []string - - visitContainers(podSpec, func(c *corev1.Container) { - if c.SecurityContext != nil && c.SecurityContext.SeccompProfile != nil { - // container explicitly set seccompProfile - if !validSeccomp(c.SecurityContext.SeccompProfile.Type) { - // container explicitly set seccompProfile to a bad value - explicitlyBadContainers = append(explicitlyBadContainers, c.Name) - badValues.Insert(string(c.SecurityContext.SeccompProfile.Type)) - } - } else { - // container did not explicitly set seccompProfile - if !podSeccompSet { - // no valid pod-level seccompProfile, so this container implicitly has a bad value - implicitlyBadContainers = append(implicitlyBadContainers, c.Name) - } - } - }) - - if len(explicitlyBadContainers) > 0 { - badSetters = append( - badSetters, - fmt.Sprintf( - "%s %s", - pluralize("container", "containers", len(explicitlyBadContainers)), - joinQuote(explicitlyBadContainers), - ), - ) - } - // pod or containers explicitly set bad seccompProfiles - if len(badSetters) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "seccompProfile", - ForbiddenDetail: fmt.Sprintf( - "%s must not set securityContext.seccompProfile.type to %s", - strings.Join(badSetters, " and "), - joinQuote(badValues.List()), - ), - } - } - - // pod didn't set seccompProfile and not all containers opted into seccompProfile - if len(implicitlyBadContainers) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "seccompProfile", - ForbiddenDetail: fmt.Sprintf( - `pod or %s %s must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost"`, - pluralize("container", "containers", len(implicitlyBadContainers)), - joinQuote(implicitlyBadContainers), - ), - } - } - - return CheckResult{Allowed: true} -} - -// seccompProfileRestricted_1_25 checks restricted policy on securityContext.seccompProfile field for kubernetes -// version 1.25 and above -func seccompProfileRestricted_1_25(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - // Pod API validation would have failed if podOS == Windows and if secCompProfile has been set. - // We can admit the Windows pod even if seccompProfile has not been set. - if podSpec.OS != nil && podSpec.OS.Name == corev1.Windows { - return CheckResult{Allowed: true} - } - return seccompProfileRestricted_1_19(podMetadata, podSpec) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_sysctls.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_sysctls.go deleted file mode 100644 index 63fb07e917..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_sysctls.go +++ /dev/null @@ -1,96 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/pod-security-admission/api" -) - -/* - -Sysctls can disable security mechanisms or affect all containers on a host, -and should be disallowed except for an allowed "safe" subset. - -A sysctl is considered safe if it is namespaced in the container or the Pod, -and it is isolated from other Pods or processes on the same Node. - -**Restricted Fields:** -spec.securityContext.sysctls[*].name - -**Allowed Values:** -'kernel.shm_rmid_forced' -'net.ipv4.ip_local_port_range' -'net.ipv4.tcp_syncookies' -'net.ipv4.ping_group_range' -'net.ipv4.ip_unprivileged_port_start' - -*/ - -func init() { - addCheck(CheckSysctls) -} - -// CheckSysctls returns a baseline level check -// that limits the value of sysctls in 1.0+ -func CheckSysctls() Check { - return Check{ - ID: "sysctls", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: sysctls_1_0, - }, - }, - } -} - -var ( - sysctls_allowed_1_0 = sets.NewString( - "kernel.shm_rmid_forced", - "net.ipv4.ip_local_port_range", - "net.ipv4.tcp_syncookies", - "net.ipv4.ping_group_range", - "net.ipv4.ip_unprivileged_port_start", - ) -) - -func sysctls_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var forbiddenSysctls []string - - if podSpec.SecurityContext != nil { - for _, sysctl := range podSpec.SecurityContext.Sysctls { - if !sysctls_allowed_1_0.Has(sysctl.Name) { - forbiddenSysctls = append(forbiddenSysctls, sysctl.Name) - } - } - } - - if len(forbiddenSysctls) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "forbidden sysctls", - ForbiddenDetail: strings.Join(forbiddenSysctls, ", "), - } - } - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/check_windowsHostProcess.go b/etcd/vendor/k8s.io/pod-security-admission/policy/check_windowsHostProcess.go deleted file mode 100644 index 9e6dbe2e35..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/check_windowsHostProcess.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -/* -Pod and containers must not set securityContext.windowsOptions.hostProcess to true. - -**Restricted Fields:** - -spec.securityContext.windowsOptions.hostProcess -spec.containers[*].securityContext.windowsOptions.hostProcess -spec.initContainers[*].securityContext.windowsOptions.hostProcess - -**Allowed Values:** undefined / false -*/ - -func init() { - addCheck(CheckWindowsHostProcess) -} - -// CheckWindowsHostProcess returns a baseline level check -// that forbids hostProcess=true in 1.0+ -func CheckWindowsHostProcess() Check { - return Check{ - ID: "windowsHostProcess", - Level: api.LevelBaseline, - Versions: []VersionedCheck{ - { - MinimumVersion: api.MajorMinorVersion(1, 0), - CheckPod: windowsHostProcess_1_0, - }, - }, - } -} - -func windowsHostProcess_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { - var badContainers []string - visitContainers(podSpec, func(container *corev1.Container) { - if container.SecurityContext != nil && - container.SecurityContext.WindowsOptions != nil && - container.SecurityContext.WindowsOptions.HostProcess != nil && - *container.SecurityContext.WindowsOptions.HostProcess { - badContainers = append(badContainers, container.Name) - } - }) - - podSpecForbidden := false - if podSpec.SecurityContext != nil && - podSpec.SecurityContext.WindowsOptions != nil && - podSpec.SecurityContext.WindowsOptions.HostProcess != nil && - *podSpec.SecurityContext.WindowsOptions.HostProcess { - podSpecForbidden = true - } - - // pod or containers explicitly set hostProcess=true - var forbiddenSetters []string - if podSpecForbidden { - forbiddenSetters = append(forbiddenSetters, "pod") - } - if len(badContainers) > 0 { - forbiddenSetters = append( - forbiddenSetters, - fmt.Sprintf( - "%s %s", - pluralize("container", "containers", len(badContainers)), - joinQuote(badContainers), - ), - ) - } - if len(forbiddenSetters) > 0 { - return CheckResult{ - Allowed: false, - ForbiddenReason: "hostProcess", - ForbiddenDetail: fmt.Sprintf("%s must not set securityContext.windowsOptions.hostProcess=true", strings.Join(forbiddenSetters, " and ")), - } - } - - return CheckResult{Allowed: true} -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/checks.go b/etcd/vendor/k8s.io/pod-security-admission/policy/checks.go deleted file mode 100644 index 6b13d2f1cf..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/checks.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "strings" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -type Check struct { - // ID is the unique ID of the check. - ID CheckID - // Level is the policy level this check belongs to. - // Must be Baseline or Restricted. - // Baseline checks are evaluated for baseline and restricted namespaces. - // Restricted checks are only evaluated for restricted namespaces. - Level api.Level - // Versions contains one or more revisions of the check that apply to different versions. - // If the check is not yet assigned to a version, this must be a single-item list with a MinimumVersion of "". - // Otherwise, MinimumVersion of items must represent strictly increasing versions. - Versions []VersionedCheck -} - -type VersionedCheck struct { - // MinimumVersion is the first policy version this check applies to. - // If unset, this check is not yet assigned to a policy version. - // If set, must not be "latest". - MinimumVersion api.Version - // CheckPod determines if the pod is allowed. - CheckPod CheckPodFn - // OverrideCheckIDs is an optional list of checks that should be skipped when this check is run. - // Overrides may only be set on restricted checks, and may only override baseline checks. - OverrideCheckIDs []CheckID -} - -type CheckPodFn func(*metav1.ObjectMeta, *corev1.PodSpec) CheckResult - -type CheckID string - -// CheckResult contains the result of checking a pod and indicates whether the pod is allowed, -// and if not, why it was forbidden. -// -// Example output for (false, "host ports", "8080, 9090"): -// -// When checking all pods in a namespace: -// disallowed by policy "baseline": host ports, privileged containers, non-default capabilities -// When checking an individual pod: -// disallowed by policy "baseline": host ports (8080, 9090), privileged containers, non-default capabilities (CAP_NET_RAW) -type CheckResult struct { - // Allowed indicates if the check allowed the pod. - Allowed bool - // ForbiddenReason must be set if Allowed is false. - // ForbiddenReason should be as succinct as possible and is always output. - // Examples: - // - "host ports" - // - "privileged containers" - // - "non-default capabilities" - ForbiddenReason string - // ForbiddenDetail should only be set if Allowed is false, and is optional. - // ForbiddenDetail can include specific values that were disallowed and is used when checking an individual object. - // Examples: - // - list specific invalid host ports: "8080, 9090" - // - list specific invalid containers: "container1, container2" - // - list specific non-default capabilities: "CAP_NET_RAW" - ForbiddenDetail string -} - -// AggergateCheckResult holds the aggregate result of running CheckPod across multiple checks. -type AggregateCheckResult struct { - // Allowed indicates if all checks allowed the pod. - Allowed bool - // ForbiddenReasons is a slice of the forbidden reasons from all the forbidden checks. It should not include empty strings. - // ForbiddenReasons and ForbiddenDetails must have the same number of elements, and the indexes are for the same check. - ForbiddenReasons []string - // ForbiddenDetails is a slice of the forbidden details from all the forbidden checks. It may include empty strings. - // ForbiddenReasons and ForbiddenDetails must have the same number of elements, and the indexes are for the same check. - ForbiddenDetails []string -} - -// ForbiddenReason returns a comma-separated string of of the forbidden reasons. -// Example: host ports, privileged containers, non-default capabilities -func (a *AggregateCheckResult) ForbiddenReason() string { - return strings.Join(a.ForbiddenReasons, ", ") -} - -// ForbiddenDetail returns a detailed forbidden message, with non-empty details formatted in -// parentheses with the associated reason. -// Example: host ports (8080, 9090), privileged containers, non-default capabilities (NET_RAW) -func (a *AggregateCheckResult) ForbiddenDetail() string { - var b strings.Builder - for i := 0; i < len(a.ForbiddenReasons); i++ { - b.WriteString(a.ForbiddenReasons[i]) - if a.ForbiddenDetails[i] != "" { - b.WriteString(" (") - b.WriteString(a.ForbiddenDetails[i]) - b.WriteString(")") - } - if i != len(a.ForbiddenReasons)-1 { - b.WriteString(", ") - } - } - return b.String() -} - -// UnknownForbiddenReason is used as the placeholder forbidden reason for checks that incorrectly disallow without providing a reason. -const UnknownForbiddenReason = "unknown forbidden reason" - -// AggregateCheckPod runs all the checks and aggregates the forbidden results into a single CheckResult. -// The aggregated reason is a comma-separated -func AggregateCheckResults(results []CheckResult) AggregateCheckResult { - var ( - reasons []string - details []string - ) - for _, result := range results { - if !result.Allowed { - if len(result.ForbiddenReason) == 0 { - reasons = append(reasons, UnknownForbiddenReason) - } else { - reasons = append(reasons, result.ForbiddenReason) - } - details = append(details, result.ForbiddenDetail) - } - } - return AggregateCheckResult{ - Allowed: len(reasons) == 0, - ForbiddenReasons: reasons, - ForbiddenDetails: details, - } -} - -var ( - defaultChecks []func() Check - experimentalChecks []func() Check -) - -func addCheck(f func() Check) { - // add to experimental or versioned list - c := f() - if len(c.Versions) == 1 && c.Versions[0].MinimumVersion == (api.Version{}) { - experimentalChecks = append(experimentalChecks, f) - } else { - defaultChecks = append(defaultChecks, f) - } -} - -// DefaultChecks returns checks that are expected to be enabled by default. -// The results are mutually exclusive with ExperimentalChecks. -// It returns a new copy of checks on each invocation and is expected to be called once at setup time. -func DefaultChecks() []Check { - retval := make([]Check, 0, len(defaultChecks)) - for _, f := range defaultChecks { - retval = append(retval, f()) - } - return retval -} - -// ExperimentalChecks returns checks that have not yet been assigned to policy versions. -// The results are mutually exclusive with DefaultChecks. -// It returns a new copy of checks on each invocation and is expected to be called once at setup time. -func ExperimentalChecks() []Check { - retval := make([]Check, 0, len(experimentalChecks)) - for _, f := range experimentalChecks { - retval = append(retval, f()) - } - return retval -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/doc.go b/etcd/vendor/k8s.io/pod-security-admission/policy/doc.go deleted file mode 100644 index a6211eb5dd..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/doc.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package policy contains implementations of Pod Security Standards checks -package policy // import "k8s.io/pod-security-admission/policy" diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/helpers.go b/etcd/vendor/k8s.io/pod-security-admission/policy/helpers.go deleted file mode 100644 index eb74f44e41..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/helpers.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import "strings" - -func joinQuote(items []string) string { - if len(items) == 0 { - return "" - } - return `"` + strings.Join(items, `", "`) + `"` -} - -func pluralize(singular, plural string, count int) string { - if count == 1 { - return singular - } - return plural -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/registry.go b/etcd/vendor/k8s.io/pod-security-admission/policy/registry.go deleted file mode 100644 index 4b91bef887..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/registry.go +++ /dev/null @@ -1,226 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - "fmt" - "sort" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/pod-security-admission/api" -) - -// Evaluator holds the Checks that are used to validate a policy. -type Evaluator interface { - // EvaluatePod evaluates the pod against the policy for the given level & version. - EvaluatePod(lv api.LevelVersion, podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) []CheckResult -} - -// checkRegistry provides a default implementation of an Evaluator. -type checkRegistry struct { - // The checks are a map policy version to a slice of checks registered for that version. - baselineChecks, restrictedChecks map[api.Version][]CheckPodFn - // maxVersion is the maximum version that is cached, guaranteed to be at least - // the max MinimumVersion of all registered checks. - maxVersion api.Version -} - -// NewEvaluator constructs a new Evaluator instance from the list of checks. If the provided checks are invalid, -// an error is returned. A valid list of checks must meet the following requirements: -// 1. Check.ID is unique in the list -// 2. Check.Level must be either Baseline or Restricted -// 3. Checks must have a non-empty set of versions, sorted in a strictly increasing order -// 4. Check.Versions cannot include 'latest' -func NewEvaluator(checks []Check) (Evaluator, error) { - if err := validateChecks(checks); err != nil { - return nil, err - } - r := &checkRegistry{ - baselineChecks: map[api.Version][]CheckPodFn{}, - restrictedChecks: map[api.Version][]CheckPodFn{}, - } - populate(r, checks) - return r, nil -} - -func (r *checkRegistry) EvaluatePod(lv api.LevelVersion, podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) []CheckResult { - if lv.Level == api.LevelPrivileged { - return nil - } - if r.maxVersion.Older(lv.Version) { - lv.Version = r.maxVersion - } - - var checks []CheckPodFn - if lv.Level == api.LevelBaseline { - checks = r.baselineChecks[lv.Version] - } else { - // includes non-overridden baseline checks - checks = r.restrictedChecks[lv.Version] - } - - var results []CheckResult - for _, check := range checks { - results = append(results, check(podMetadata, podSpec)) - } - return results -} - -func validateChecks(checks []Check) error { - ids := map[CheckID]api.Level{} - for _, check := range checks { - if _, ok := ids[check.ID]; ok { - return fmt.Errorf("multiple checks registered for ID %s", check.ID) - } - ids[check.ID] = check.Level - if check.Level != api.LevelBaseline && check.Level != api.LevelRestricted { - return fmt.Errorf("check %s: invalid level %s", check.ID, check.Level) - } - if len(check.Versions) == 0 { - return fmt.Errorf("check %s: empty", check.ID) - } - maxVersion := api.Version{} - for _, c := range check.Versions { - if c.MinimumVersion == (api.Version{}) { - return fmt.Errorf("check %s: undefined version found", check.ID) - } - if c.MinimumVersion.Latest() { - return fmt.Errorf("check %s: version cannot be 'latest'", check.ID) - } - if maxVersion == c.MinimumVersion { - return fmt.Errorf("check %s: duplicate version %s", check.ID, c.MinimumVersion) - } - if !maxVersion.Older(c.MinimumVersion) { - return fmt.Errorf("check %s: versions must be strictly increasing", check.ID) - } - maxVersion = c.MinimumVersion - } - } - // Second pass to validate overrides. - for _, check := range checks { - for _, c := range check.Versions { - if len(c.OverrideCheckIDs) == 0 { - continue - } - - if check.Level != api.LevelRestricted { - return fmt.Errorf("check %s: only restricted checks may set overrides", check.ID) - } - for _, override := range c.OverrideCheckIDs { - if overriddenLevel, ok := ids[override]; ok && overriddenLevel != api.LevelBaseline { - return fmt.Errorf("check %s: overrides %s check %s", check.ID, overriddenLevel, override) - } - } - } - } - return nil -} - -func populate(r *checkRegistry, validChecks []Check) { - // Find the max(MinimumVersion) across all checks. - for _, c := range validChecks { - lastVersion := c.Versions[len(c.Versions)-1].MinimumVersion - if r.maxVersion.Older(lastVersion) { - r.maxVersion = lastVersion - } - } - - var ( - restrictedVersionedChecks = map[api.Version]map[CheckID]VersionedCheck{} - baselineVersionedChecks = map[api.Version]map[CheckID]VersionedCheck{} - - baselineIDs, restrictedIDs []CheckID - ) - for _, c := range validChecks { - if c.Level == api.LevelRestricted { - restrictedIDs = append(restrictedIDs, c.ID) - inflateVersions(c, restrictedVersionedChecks, r.maxVersion) - } else { - baselineIDs = append(baselineIDs, c.ID) - inflateVersions(c, baselineVersionedChecks, r.maxVersion) - } - } - - // Sort the IDs to maintain consistent error messages. - sort.Slice(restrictedIDs, func(i, j int) bool { return restrictedIDs[i] < restrictedIDs[j] }) - sort.Slice(baselineIDs, func(i, j int) bool { return baselineIDs[i] < baselineIDs[j] }) - orderedIDs := append(baselineIDs, restrictedIDs...) // Baseline checks first, then restricted. - - for v := api.MajorMinorVersion(1, 0); v.Older(nextMinor(r.maxVersion)); v = nextMinor(v) { - // Aggregate all the overridden baseline check ids. - overrides := map[CheckID]bool{} - for _, c := range restrictedVersionedChecks[v] { - for _, override := range c.OverrideCheckIDs { - overrides[override] = true - } - } - // Add the filtered baseline checks to restricted. - for id, c := range baselineVersionedChecks[v] { - if overrides[id] { - continue // Overridden check: skip it. - } - if restrictedVersionedChecks[v] == nil { - restrictedVersionedChecks[v] = map[CheckID]VersionedCheck{} - } - restrictedVersionedChecks[v][id] = c - } - - r.restrictedChecks[v] = mapCheckPodFns(restrictedVersionedChecks[v], orderedIDs) - r.baselineChecks[v] = mapCheckPodFns(baselineVersionedChecks[v], orderedIDs) - } -} - -func inflateVersions(check Check, versions map[api.Version]map[CheckID]VersionedCheck, maxVersion api.Version) { - for i, c := range check.Versions { - var nextVersion api.Version - if i+1 < len(check.Versions) { - nextVersion = check.Versions[i+1].MinimumVersion - } else { - // Assumes only 1 Major version. - nextVersion = nextMinor(maxVersion) - } - // Iterate over all versions from the minimum of the current check, to the minimum of the - // next check, or the maxVersion++. - for v := c.MinimumVersion; v.Older(nextVersion); v = nextMinor(v) { - if versions[v] == nil { - versions[v] = map[CheckID]VersionedCheck{} - } - versions[v][check.ID] = check.Versions[i] - } - } -} - -// mapCheckPodFns converts the versioned check map to an ordered slice of CheckPodFn, -// using the order specified by orderedIDs. All checks must have a corresponding ID in orderedIDs. -func mapCheckPodFns(checks map[CheckID]VersionedCheck, orderedIDs []CheckID) []CheckPodFn { - fns := make([]CheckPodFn, 0, len(checks)) - for _, id := range orderedIDs { - if check, ok := checks[id]; ok { - fns = append(fns, check.CheckPod) - } - } - return fns -} - -// nextMinor increments the minor version -func nextMinor(v api.Version) api.Version { - if v.Latest() { - return v - } - return api.MajorMinorVersion(v.Major(), v.Minor()+1) -} diff --git a/etcd/vendor/k8s.io/pod-security-admission/policy/visitor.go b/etcd/vendor/k8s.io/pod-security-admission/policy/visitor.go deleted file mode 100644 index 5778651c9b..0000000000 --- a/etcd/vendor/k8s.io/pod-security-admission/policy/visitor.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package policy - -import ( - corev1 "k8s.io/api/core/v1" -) - -// ContainerVisitor is called with each container and the field.Path to that container -type ContainerVisitor func(container *corev1.Container) - -// visitContainers invokes the visitor function for every container in the given pod spec -func visitContainers(podSpec *corev1.PodSpec, visitor ContainerVisitor) { - for i := range podSpec.InitContainers { - visitor(&podSpec.InitContainers[i]) - } - for i := range podSpec.Containers { - visitor(&podSpec.Containers[i]) - } - for i := range podSpec.EphemeralContainers { - visitor((*corev1.Container)(&podSpec.EphemeralContainers[i].EphemeralContainerCommon)) - } -} diff --git a/etcd/vendor/k8s.io/utils/buffer/ring_growing.go b/etcd/vendor/k8s.io/utils/buffer/ring_growing.go deleted file mode 100644 index 86965a5131..0000000000 --- a/etcd/vendor/k8s.io/utils/buffer/ring_growing.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package buffer - -// RingGrowing is a growing ring buffer. -// Not thread safe. -type RingGrowing struct { - data []interface{} - n int // Size of Data - beg int // First available element - readable int // Number of data items available -} - -// NewRingGrowing constructs a new RingGrowing instance with provided parameters. -func NewRingGrowing(initialSize int) *RingGrowing { - return &RingGrowing{ - data: make([]interface{}, initialSize), - n: initialSize, - } -} - -// ReadOne reads (consumes) first item from the buffer if it is available, otherwise returns false. -func (r *RingGrowing) ReadOne() (data interface{}, ok bool) { - if r.readable == 0 { - return nil, false - } - r.readable-- - element := r.data[r.beg] - r.data[r.beg] = nil // Remove reference to the object to help GC - if r.beg == r.n-1 { - // Was the last element - r.beg = 0 - } else { - r.beg++ - } - return element, true -} - -// WriteOne adds an item to the end of the buffer, growing it if it is full. -func (r *RingGrowing) WriteOne(data interface{}) { - if r.readable == r.n { - // Time to grow - newN := r.n * 2 - newData := make([]interface{}, newN) - to := r.beg + r.readable - if to <= r.n { - copy(newData, r.data[r.beg:to]) - } else { - copied := copy(newData, r.data[r.beg:]) - copy(newData[copied:], r.data[:(to%r.n)]) - } - r.beg = 0 - r.data = newData - r.n = newN - } - r.data[(r.readable+r.beg)%r.n] = data - r.readable++ -} diff --git a/etcd/vendor/k8s.io/utils/internal/third_party/forked/golang/golang-lru/lru.go b/etcd/vendor/k8s.io/utils/internal/third_party/forked/golang/golang-lru/lru.go deleted file mode 100644 index fd4db44072..0000000000 --- a/etcd/vendor/k8s.io/utils/internal/third_party/forked/golang/golang-lru/lru.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright 2013 Google Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package lru implements an LRU cache. -package golang_lru - -import "container/list" - -// Cache is an LRU cache. It is not safe for concurrent access. -type Cache struct { - // MaxEntries is the maximum number of cache entries before - // an item is evicted. Zero means no limit. - MaxEntries int - - // OnEvicted optionally specifies a callback function to be - // executed when an entry is purged from the cache. - OnEvicted func(key Key, value interface{}) - - ll *list.List - cache map[interface{}]*list.Element -} - -// A Key may be any value that is comparable. See http://golang.org/ref/spec#Comparison_operators -type Key interface{} - -type entry struct { - key Key - value interface{} -} - -// New creates a new Cache. -// If maxEntries is zero, the cache has no limit and it's assumed -// that eviction is done by the caller. -func New(maxEntries int) *Cache { - return &Cache{ - MaxEntries: maxEntries, - ll: list.New(), - cache: make(map[interface{}]*list.Element), - } -} - -// Add adds a value to the cache. -func (c *Cache) Add(key Key, value interface{}) { - if c.cache == nil { - c.cache = make(map[interface{}]*list.Element) - c.ll = list.New() - } - if ee, ok := c.cache[key]; ok { - c.ll.MoveToFront(ee) - ee.Value.(*entry).value = value - return - } - ele := c.ll.PushFront(&entry{key, value}) - c.cache[key] = ele - if c.MaxEntries != 0 && c.ll.Len() > c.MaxEntries { - c.RemoveOldest() - } -} - -// Get looks up a key's value from the cache. -func (c *Cache) Get(key Key) (value interface{}, ok bool) { - if c.cache == nil { - return - } - if ele, hit := c.cache[key]; hit { - c.ll.MoveToFront(ele) - return ele.Value.(*entry).value, true - } - return -} - -// Remove removes the provided key from the cache. -func (c *Cache) Remove(key Key) { - if c.cache == nil { - return - } - if ele, hit := c.cache[key]; hit { - c.removeElement(ele) - } -} - -// RemoveOldest removes the oldest item from the cache. -func (c *Cache) RemoveOldest() { - if c.cache == nil { - return - } - ele := c.ll.Back() - if ele != nil { - c.removeElement(ele) - } -} - -func (c *Cache) removeElement(e *list.Element) { - c.ll.Remove(e) - kv := e.Value.(*entry) - delete(c.cache, kv.key) - if c.OnEvicted != nil { - c.OnEvicted(kv.key, kv.value) - } -} - -// Len returns the number of items in the cache. -func (c *Cache) Len() int { - if c.cache == nil { - return 0 - } - return c.ll.Len() -} - -// Clear purges all stored items from the cache. -func (c *Cache) Clear() { - if c.OnEvicted != nil { - for _, e := range c.cache { - kv := e.Value.(*entry) - c.OnEvicted(kv.key, kv.value) - } - } - c.ll = nil - c.cache = nil -} diff --git a/etcd/vendor/k8s.io/utils/io/README.md b/etcd/vendor/k8s.io/utils/io/README.md deleted file mode 100644 index aa4cc41044..0000000000 --- a/etcd/vendor/k8s.io/utils/io/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# IO - -This package provides interfaces for working with file IO. Currently it -provides functionality for consistently reading a file. diff --git a/etcd/vendor/k8s.io/utils/io/read.go b/etcd/vendor/k8s.io/utils/io/read.go deleted file mode 100644 index f0af3c8ec8..0000000000 --- a/etcd/vendor/k8s.io/utils/io/read.go +++ /dev/null @@ -1,98 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package io - -import ( - "bytes" - "errors" - "fmt" - "io" - "io/ioutil" -) - -// ErrLimitReached means that the read limit is reached. -var ErrLimitReached = errors.New("the read limit is reached") - -// ConsistentRead repeatedly reads a file until it gets the same content twice. -// This is useful when reading files in /proc that are larger than page size -// and kernel may modify them between individual read() syscalls. -// It returns InconsistentReadError when it cannot get a consistent read in -// given nr. of attempts. Caller should retry, kernel is probably under heavy -// mount/unmount load. -func ConsistentRead(filename string, attempts int) ([]byte, error) { - return consistentReadSync(filename, attempts, nil) -} - -// consistentReadSync is the main functionality of ConsistentRead but -// introduces a sync callback that can be used by the tests to mutate the file -// from which the test data is being read -func consistentReadSync(filename string, attempts int, sync func(int)) ([]byte, error) { - oldContent, err := ioutil.ReadFile(filename) - if err != nil { - return nil, err - } - for i := 0; i < attempts; i++ { - if sync != nil { - sync(i) - } - newContent, err := ioutil.ReadFile(filename) - if err != nil { - return nil, err - } - if bytes.Compare(oldContent, newContent) == 0 { - return newContent, nil - } - // Files are different, continue reading - oldContent = newContent - } - return nil, InconsistentReadError{filename, attempts} -} - -// InconsistentReadError is returned from ConsistentRead when it cannot get -// a consistent read in given nr. of attempts. Caller should retry, kernel is -// probably under heavy mount/unmount load. -type InconsistentReadError struct { - filename string - attempts int -} - -func (i InconsistentReadError) Error() string { - return fmt.Sprintf("could not get consistent content of %s after %d attempts", i.filename, i.attempts) -} - -var _ error = InconsistentReadError{} - -func IsInconsistentReadError(err error) bool { - if _, ok := err.(InconsistentReadError); ok { - return true - } - return false -} - -// ReadAtMost reads up to `limit` bytes from `r`, and reports an error -// when `limit` bytes are read. -func ReadAtMost(r io.Reader, limit int64) ([]byte, error) { - limitedReader := &io.LimitedReader{R: r, N: limit} - data, err := ioutil.ReadAll(limitedReader) - if err != nil { - return data, err - } - if limitedReader.N <= 0 { - return data, ErrLimitReached - } - return data, nil -} diff --git a/etcd/vendor/k8s.io/utils/keymutex/hashed.go b/etcd/vendor/k8s.io/utils/keymutex/hashed.go deleted file mode 100644 index 4ddb00867f..0000000000 --- a/etcd/vendor/k8s.io/utils/keymutex/hashed.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package keymutex - -import ( - "hash/fnv" - "runtime" - "sync" -) - -// NewHashed returns a new instance of KeyMutex which hashes arbitrary keys to -// a fixed set of locks. `n` specifies number of locks, if n <= 0, we use -// number of cpus. -// Note that because it uses fixed set of locks, different keys may share same -// lock, so it's possible to wait on same lock. -func NewHashed(n int) KeyMutex { - if n <= 0 { - n = runtime.NumCPU() - } - return &hashedKeyMutex{ - mutexes: make([]sync.Mutex, n), - } -} - -type hashedKeyMutex struct { - mutexes []sync.Mutex -} - -// Acquires a lock associated with the specified ID. -func (km *hashedKeyMutex) LockKey(id string) { - km.mutexes[km.hash(id)%uint32(len(km.mutexes))].Lock() -} - -// Releases the lock associated with the specified ID. -func (km *hashedKeyMutex) UnlockKey(id string) error { - km.mutexes[km.hash(id)%uint32(len(km.mutexes))].Unlock() - return nil -} - -func (km *hashedKeyMutex) hash(id string) uint32 { - h := fnv.New32a() - h.Write([]byte(id)) - return h.Sum32() -} diff --git a/etcd/vendor/k8s.io/utils/keymutex/keymutex.go b/etcd/vendor/k8s.io/utils/keymutex/keymutex.go deleted file mode 100644 index 89dc022397..0000000000 --- a/etcd/vendor/k8s.io/utils/keymutex/keymutex.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package keymutex - -// KeyMutex is a thread-safe interface for acquiring locks on arbitrary strings. -type KeyMutex interface { - // Acquires a lock associated with the specified ID, creates the lock if one doesn't already exist. - LockKey(id string) - - // Releases the lock associated with the specified ID. - // Returns an error if the specified ID doesn't exist. - UnlockKey(id string) error -} diff --git a/etcd/vendor/k8s.io/utils/lru/lru.go b/etcd/vendor/k8s.io/utils/lru/lru.go deleted file mode 100644 index 5d0077abfb..0000000000 --- a/etcd/vendor/k8s.io/utils/lru/lru.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -package lru - -import ( - "sync" - - groupcache "k8s.io/utils/internal/third_party/forked/golang/golang-lru" -) - -type Key = groupcache.Key - -// Cache is a thread-safe fixed size LRU cache. -type Cache struct { - cache *groupcache.Cache - lock sync.RWMutex -} - -// New creates an LRU of the given size. -func New(size int) *Cache { - return &Cache{ - cache: groupcache.New(size), - } -} - -// Add adds a value to the cache. -func (c *Cache) Add(key Key, value interface{}) { - c.lock.Lock() - defer c.lock.Unlock() - c.cache.Add(key, value) -} - -// Get looks up a key's value from the cache. -func (c *Cache) Get(key Key) (value interface{}, ok bool) { - c.lock.Lock() - defer c.lock.Unlock() - return c.cache.Get(key) -} - -// Remove removes the provided key from the cache. -func (c *Cache) Remove(key Key) { - c.lock.Lock() - defer c.lock.Unlock() - c.cache.Remove(key) -} - -// RemoveOldest removes the oldest item from the cache. -func (c *Cache) RemoveOldest() { - c.lock.Lock() - defer c.lock.Unlock() - c.cache.RemoveOldest() -} - -// Len returns the number of items in the cache. -func (c *Cache) Len() int { - c.lock.RLock() - defer c.lock.RUnlock() - return c.cache.Len() -} - -// Clear purges all stored items from the cache. -func (c *Cache) Clear() { - c.lock.Lock() - defer c.lock.Unlock() - c.cache.Clear() -} diff --git a/etcd/vendor/k8s.io/utils/nsenter/OWNERS b/etcd/vendor/k8s.io/utils/nsenter/OWNERS deleted file mode 100644 index 46895cbda8..0000000000 --- a/etcd/vendor/k8s.io/utils/nsenter/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: - - jsafrane - - msau42 - - cofyc -approvers: - - jsafrane - - msau42 - - cofyc diff --git a/etcd/vendor/k8s.io/utils/nsenter/README.md b/etcd/vendor/k8s.io/utils/nsenter/README.md deleted file mode 100644 index aaacf8e3d3..0000000000 --- a/etcd/vendor/k8s.io/utils/nsenter/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# NSEnter - -This package provides interfaces for executing and interacting with processes -running within a namespace. diff --git a/etcd/vendor/k8s.io/utils/nsenter/nsenter.go b/etcd/vendor/k8s.io/utils/nsenter/nsenter.go deleted file mode 100644 index 237b636bce..0000000000 --- a/etcd/vendor/k8s.io/utils/nsenter/nsenter.go +++ /dev/null @@ -1,259 +0,0 @@ -//go:build linux -// +build linux - -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package nsenter - -import ( - "context" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - - "k8s.io/klog/v2" - "k8s.io/utils/exec" -) - -const ( - // DefaultHostRootFsPath is path to host's filesystem mounted into container - // with kubelet. - DefaultHostRootFsPath = "/rootfs" - // mountNsPath is the default mount namespace of the host - mountNsPath = "/proc/1/ns/mnt" - // nsenterPath is the default nsenter command - nsenterPath = "nsenter" -) - -// Nsenter is a type alias for backward compatibility -type Nsenter = NSEnter - -// NSEnter is part of experimental support for running the kubelet -// in a container. -// -// NSEnter requires: -// -// 1. Docker >= 1.6 due to the dependency on the slave propagation mode -// of the bind-mount of the kubelet root directory in the container. -// Docker 1.5 used a private propagation mode for bind-mounts, so mounts -// performed in the host's mount namespace do not propagate out to the -// bind-mount in this docker version. -// 2. The host's root filesystem must be available at /rootfs -// 3. The nsenter binary must be on the Kubelet process' PATH in the container's -// filesystem. -// 4. The Kubelet process must have CAP_SYS_ADMIN (required by nsenter); at -// the present, this effectively means that the kubelet is running in a -// privileged container. -// 5. The volume path used by the Kubelet must be the same inside and outside -// the container and be writable by the container (to initialize volume) -// contents. TODO: remove this requirement. -// 6. The host image must have "mount", "findmnt", "umount", "stat", "touch", -// "mkdir", "ls", "sh" and "chmod" binaries in /bin, /usr/sbin, or /usr/bin -// 7. The host image should have systemd-run in /bin, /usr/sbin, or /usr/bin if -// systemd is installed/enabled in the operating system. -// For more information about mount propagation modes, see: -// https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt -type NSEnter struct { - // a map of commands to their paths on the host filesystem - paths map[string]string - - // Path to the host filesystem, typically "/rootfs". Used only for testing. - hostRootFsPath string - - // Exec implementation - executor exec.Interface -} - -// NewNsenter constructs a new instance of NSEnter -func NewNsenter(hostRootFsPath string, executor exec.Interface) (*NSEnter, error) { - ne := &NSEnter{ - hostRootFsPath: hostRootFsPath, - executor: executor, - } - if err := ne.initPaths(); err != nil { - return nil, err - } - return ne, nil -} - -func (ne *NSEnter) initPaths() error { - ne.paths = map[string]string{} - binaries := []string{ - "mount", - "findmnt", - "umount", - "systemd-run", - "stat", - "touch", - "mkdir", - "sh", - "chmod", - "realpath", - } - // search for the required commands in other locations besides /usr/bin - for _, binary := range binaries { - // check for binary under the following directories - for _, path := range []string{"/", "/bin", "/usr/sbin", "/usr/bin"} { - binPath := filepath.Join(path, binary) - if _, err := os.Stat(filepath.Join(ne.hostRootFsPath, binPath)); err != nil { - continue - } - ne.paths[binary] = binPath - break - } - // systemd-run is optional, bailout if we don't find any of the other binaries - if ne.paths[binary] == "" && binary != "systemd-run" { - return fmt.Errorf("unable to find %v", binary) - } - } - return nil -} - -// Exec executes nsenter commands in hostProcMountNsPath mount namespace -func (ne *NSEnter) Exec(cmd string, args []string) exec.Cmd { - hostProcMountNsPath := filepath.Join(ne.hostRootFsPath, mountNsPath) - fullArgs := append([]string{fmt.Sprintf("--mount=%s", hostProcMountNsPath), "--"}, - append([]string{ne.AbsHostPath(cmd)}, args...)...) - klog.V(5).Infof("Running nsenter command: %v %v", nsenterPath, fullArgs) - return ne.executor.Command(nsenterPath, fullArgs...) -} - -// Command returns a command wrapped with nsenter -func (ne *NSEnter) Command(cmd string, args ...string) exec.Cmd { - return ne.Exec(cmd, args) -} - -// CommandContext returns a CommandContext wrapped with nsenter -func (ne *NSEnter) CommandContext(ctx context.Context, cmd string, args ...string) exec.Cmd { - hostProcMountNsPath := filepath.Join(ne.hostRootFsPath, mountNsPath) - fullArgs := append([]string{fmt.Sprintf("--mount=%s", hostProcMountNsPath), "--"}, - append([]string{ne.AbsHostPath(cmd)}, args...)...) - klog.V(5).Infof("Running nsenter command: %v %v", nsenterPath, fullArgs) - return ne.executor.CommandContext(ctx, nsenterPath, fullArgs...) -} - -// LookPath returns a LookPath wrapped with nsenter -func (ne *NSEnter) LookPath(file string) (string, error) { - return "", fmt.Errorf("not implemented, error looking up : %s", file) -} - -// AbsHostPath returns the absolute runnable path for a specified command -func (ne *NSEnter) AbsHostPath(command string) string { - path, ok := ne.paths[command] - if !ok { - return command - } - return path -} - -// SupportsSystemd checks whether command systemd-run exists -func (ne *NSEnter) SupportsSystemd() (string, bool) { - systemdRunPath, ok := ne.paths["systemd-run"] - return systemdRunPath, ok && systemdRunPath != "" -} - -// EvalSymlinks returns the path name on the host after evaluating symlinks on the -// host. -// mustExist makes EvalSymlinks to return error when the path does not -// exist. When it's false, it evaluates symlinks of the existing part and -// blindly adds the non-existing part: -// pathname: /mnt/volume/non/existing/directory -// /mnt/volume exists -// non/existing/directory does not exist -// -> It resolves symlinks in /mnt/volume to say /mnt/foo and returns -// /mnt/foo/non/existing/directory. -// -// BEWARE! EvalSymlinks is not able to detect symlink looks with mustExist=false! -// If /tmp/link is symlink to /tmp/link, EvalSymlinks(/tmp/link/foo) returns /tmp/link/foo. -func (ne *NSEnter) EvalSymlinks(pathname string, mustExist bool) (string, error) { - var args []string - if mustExist { - // "realpath -e: all components of the path must exist" - args = []string{"-e", pathname} - } else { - // "realpath -m: no path components need exist or be a directory" - args = []string{"-m", pathname} - } - outBytes, err := ne.Exec("realpath", args).CombinedOutput() - if err != nil { - klog.Infof("failed to resolve symbolic links on %s: %v", pathname, err) - return "", err - } - return strings.TrimSpace(string(outBytes)), nil -} - -// KubeletPath returns the path name that can be accessed by containerized -// kubelet. It is recommended to resolve symlinks on the host by EvalSymlinks -// before calling this function -func (ne *NSEnter) KubeletPath(pathname string) string { - return filepath.Join(ne.hostRootFsPath, pathname) -} - -// NewFakeNsenter returns a NSEnter that does not run "nsenter --mount=... --", -// but runs everything in the same mount namespace as the unit test binary. -// rootfsPath is supposed to be a symlink, e.g. /tmp/xyz/rootfs -> /. -// This fake NSEnter is enough for most operations, e.g. to resolve symlinks, -// but it's not enough to call /bin/mount - unit tests don't run as root. -func NewFakeNsenter(rootfsPath string) (*NSEnter, error) { - executor := &fakeExec{ - rootfsPath: rootfsPath, - } - // prepare /rootfs/bin, usr/bin and usr/sbin - bin := filepath.Join(rootfsPath, "bin") - if err := os.Symlink("/bin", bin); err != nil { - return nil, err - } - - usr := filepath.Join(rootfsPath, "usr") - if err := os.Mkdir(usr, 0755); err != nil { - return nil, err - } - usrbin := filepath.Join(usr, "bin") - if err := os.Symlink("/usr/bin", usrbin); err != nil { - return nil, err - } - usrsbin := filepath.Join(usr, "sbin") - if err := os.Symlink("/usr/sbin", usrsbin); err != nil { - return nil, err - } - - return NewNsenter(rootfsPath, executor) -} - -type fakeExec struct { - rootfsPath string -} - -func (f fakeExec) Command(cmd string, args ...string) exec.Cmd { - // This will intentionaly panic if NSEnter does not provide enough arguments. - realCmd := args[2] - realArgs := args[3:] - return exec.New().Command(realCmd, realArgs...) -} - -func (fakeExec) LookPath(file string) (string, error) { - return "", errors.New("not implemented") -} - -func (fakeExec) CommandContext(ctx context.Context, cmd string, args ...string) exec.Cmd { - return nil -} - -var _ exec.Interface = fakeExec{} -var _ exec.Interface = &NSEnter{} diff --git a/etcd/vendor/k8s.io/utils/nsenter/nsenter_unsupported.go b/etcd/vendor/k8s.io/utils/nsenter/nsenter_unsupported.go deleted file mode 100644 index 8b56e91d2b..0000000000 --- a/etcd/vendor/k8s.io/utils/nsenter/nsenter_unsupported.go +++ /dev/null @@ -1,80 +0,0 @@ -//go:build !linux -// +build !linux - -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package nsenter - -import ( - "context" - "fmt" - - "k8s.io/utils/exec" -) - -const ( - // DefaultHostRootFsPath is path to host's filesystem mounted into container - // with kubelet. - DefaultHostRootFsPath = "/rootfs" -) - -// Nsenter is a type alias for backward compatibility -type Nsenter = NSEnter - -// NSEnter is part of experimental support for running the kubelet -// in a container. -type NSEnter struct { - // a map of commands to their paths on the host filesystem - Paths map[string]string -} - -// NewNsenter constructs a new instance of NSEnter -func NewNsenter(hostRootFsPath string, executor exec.Interface) (*Nsenter, error) { - return &Nsenter{}, nil -} - -// Exec executes nsenter commands in hostProcMountNsPath mount namespace -func (ne *NSEnter) Exec(cmd string, args []string) exec.Cmd { - return nil -} - -// AbsHostPath returns the absolute runnable path for a specified command -func (ne *NSEnter) AbsHostPath(command string) string { - return "" -} - -// SupportsSystemd checks whether command systemd-run exists -func (ne *NSEnter) SupportsSystemd() (string, bool) { - return "", false -} - -// Command returns a command wrapped with nenter -func (ne *NSEnter) Command(cmd string, args ...string) exec.Cmd { - return nil -} - -// CommandContext returns a CommandContext wrapped with nsenter -func (ne *NSEnter) CommandContext(ctx context.Context, cmd string, args ...string) exec.Cmd { - return nil -} - -// LookPath returns a LookPath wrapped with nsenter -func (ne *NSEnter) LookPath(file string) (string, error) { - return "", fmt.Errorf("not implemented, error looking up : %s", file) -} - -var _ exec.Interface = &NSEnter{} diff --git a/etcd/vendor/k8s.io/utils/path/file.go b/etcd/vendor/k8s.io/utils/path/file.go deleted file mode 100644 index 319914641a..0000000000 --- a/etcd/vendor/k8s.io/utils/path/file.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package path - -import ( - "errors" - "os" -) - -// LinkTreatment is the base type for constants used by Exists that indicate -// how symlinks are treated for existence checks. -type LinkTreatment int - -const ( - // CheckFollowSymlink follows the symlink and verifies that the target of - // the symlink exists. - CheckFollowSymlink LinkTreatment = iota - - // CheckSymlinkOnly does not follow the symlink and verifies only that they - // symlink itself exists. - CheckSymlinkOnly -) - -// ErrInvalidLinkTreatment indicates that the link treatment behavior requested -// is not a valid behavior. -var ErrInvalidLinkTreatment = errors.New("unknown link behavior") - -// Exists checks if specified file, directory, or symlink exists. The behavior -// of the test depends on the linkBehaviour argument. See LinkTreatment for -// more details. -func Exists(linkBehavior LinkTreatment, filename string) (bool, error) { - var err error - - if linkBehavior == CheckFollowSymlink { - _, err = os.Stat(filename) - } else if linkBehavior == CheckSymlinkOnly { - _, err = os.Lstat(filename) - } else { - return false, ErrInvalidLinkTreatment - } - - if os.IsNotExist(err) { - return false, nil - } else if err != nil { - return false, err - } - return true, nil -} - -// ReadDirNoStat returns a string of files/directories contained -// in dirname without calling lstat on them. -func ReadDirNoStat(dirname string) ([]string, error) { - if dirname == "" { - dirname = "." - } - - f, err := os.Open(dirname) - if err != nil { - return nil, err - } - defer f.Close() - - return f.Readdirnames(-1) -} diff --git a/etcd/vendor/k8s.io/utils/strings/escape.go b/etcd/vendor/k8s.io/utils/strings/escape.go deleted file mode 100644 index bae8d81a19..0000000000 --- a/etcd/vendor/k8s.io/utils/strings/escape.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package strings - -import ( - "strings" -) - -// EscapeQualifiedName converts a plugin name, which might contain a / into a -// string that is safe to use on-disk. This assumes that the input has already -// been validates as a qualified name. we use "~" rather than ":" here in case -// we ever use a filesystem that doesn't allow ":". -func EscapeQualifiedName(in string) string { - return strings.Replace(in, "/", "~", -1) -} - -// UnescapeQualifiedName converts an escaped plugin name (as per EscapeQualifiedName) -// back to its normal form. This assumes that the input has already been -// validates as a qualified name. -func UnescapeQualifiedName(in string) string { - return strings.Replace(in, "~", "/", -1) -} diff --git a/etcd/vendor/k8s.io/utils/strings/line_delimiter.go b/etcd/vendor/k8s.io/utils/strings/line_delimiter.go deleted file mode 100644 index 8907869c9e..0000000000 --- a/etcd/vendor/k8s.io/utils/strings/line_delimiter.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package strings - -import ( - "bytes" - "io" - "strings" -) - -// LineDelimiter is a filter that will split input on lines -// and bracket each line with the delimiter string. -type LineDelimiter struct { - output io.Writer - delimiter []byte - buf bytes.Buffer -} - -// NewLineDelimiter allocates a new io.Writer that will split input on lines -// and bracket each line with the delimiter string. This can be useful in -// output tests where it is difficult to see and test trailing whitespace. -func NewLineDelimiter(output io.Writer, delimiter string) *LineDelimiter { - return &LineDelimiter{output: output, delimiter: []byte(delimiter)} -} - -// Write writes buf to the LineDelimiter ld. The only errors returned are ones -// encountered while writing to the underlying output stream. -func (ld *LineDelimiter) Write(buf []byte) (n int, err error) { - return ld.buf.Write(buf) -} - -// Flush all lines up until now. This will assume insert a linebreak at the current point of the stream. -func (ld *LineDelimiter) Flush() (err error) { - lines := strings.Split(ld.buf.String(), "\n") - for _, line := range lines { - if _, err = ld.output.Write(ld.delimiter); err != nil { - return - } - if _, err = ld.output.Write([]byte(line)); err != nil { - return - } - if _, err = ld.output.Write(ld.delimiter); err != nil { - return - } - if _, err = ld.output.Write([]byte("\n")); err != nil { - return - } - } - return -} diff --git a/etcd/vendor/k8s.io/utils/strings/strings.go b/etcd/vendor/k8s.io/utils/strings/strings.go deleted file mode 100644 index 8a9f2eced9..0000000000 --- a/etcd/vendor/k8s.io/utils/strings/strings.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package strings - -import ( - "path" - "strings" -) - -// SplitQualifiedName Splits a fully qualified name and returns its namespace and name. -// Assumes that the input 'str' has been validated. -func SplitQualifiedName(str string) (string, string) { - parts := strings.Split(str, "/") - if len(parts) < 2 { - return "", str - } - return parts[0], parts[1] -} - -// JoinQualifiedName joins 'namespace' and 'name' and returns a fully qualified name -// Assumes that the input is valid. -func JoinQualifiedName(namespace, name string) string { - return path.Join(namespace, name) -} - -// ShortenString returns the first N slice of a string. -func ShortenString(str string, n int) string { - if len(str) <= n { - return str - } - return str[:n] -} diff --git a/etcd/vendor/k8s.io/utils/trace/README.md b/etcd/vendor/k8s.io/utils/trace/README.md deleted file mode 100644 index 1e9c693893..0000000000 --- a/etcd/vendor/k8s.io/utils/trace/README.md +++ /dev/null @@ -1,67 +0,0 @@ -# Trace - -This package provides an interface for recording the latency of operations and logging details -about all operations where the latency exceeds a limit. - -## Usage - -To create a trace: - -```go -func doSomething() { - opTrace := trace.New("operation", Field{Key: "fieldKey1", Value: "fieldValue1"}) - defer opTrace.LogIfLong(100 * time.Millisecond) - // do something -} -``` - -To split an trace into multiple steps: - -```go -func doSomething() { - opTrace := trace.New("operation") - defer opTrace.LogIfLong(100 * time.Millisecond) - // do step 1 - opTrace.Step("step1", Field{Key: "stepFieldKey1", Value: "stepFieldValue1"}) - // do step 2 - opTrace.Step("step2") -} -``` - -To nest traces: - -```go -func doSomething() { - rootTrace := trace.New("rootOperation") - defer rootTrace.LogIfLong(100 * time.Millisecond) - - func() { - nestedTrace := rootTrace.Nest("nested", Field{Key: "nestedFieldKey1", Value: "nestedFieldValue1"}) - defer nestedTrace.LogIfLong(50 * time.Millisecond) - // do nested operation - }() -} -``` - -Traces can also be logged unconditionally or introspected: - -```go -opTrace.TotalTime() // Duration since the Trace was created -opTrace.Log() // unconditionally log the trace -``` - -### Using context.Context to nest traces - -`context.Context` can be used to manage nested traces. Create traces by calling `trace.GetTraceFromContext(ctx).Nest`. -This is safe even if there is no parent trace already in the context because `(*(Trace)nil).Nest()` returns -a top level trace. - -```go -func doSomething(ctx context.Context) { - opTrace := trace.FromContext(ctx).Nest("operation") // create a trace, possibly nested - ctx = trace.ContextWithTrace(ctx, opTrace) // make this trace the parent trace of the context - defer opTrace.LogIfLong(50 * time.Millisecond) - - doSomethingElse(ctx) -} -``` \ No newline at end of file diff --git a/etcd/vendor/k8s.io/utils/trace/trace.go b/etcd/vendor/k8s.io/utils/trace/trace.go deleted file mode 100644 index a0b07a6d78..0000000000 --- a/etcd/vendor/k8s.io/utils/trace/trace.go +++ /dev/null @@ -1,300 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package trace - -import ( - "bytes" - "context" - "fmt" - "math/rand" - "sync" - "time" - - "k8s.io/klog/v2" -) - -var klogV = func(lvl klog.Level) bool { - return klog.V(lvl).Enabled() -} - -// Field is a key value pair that provides additional details about the trace. -type Field struct { - Key string - Value interface{} -} - -func (f Field) format() string { - return fmt.Sprintf("%s:%v", f.Key, f.Value) -} - -func writeFields(b *bytes.Buffer, l []Field) { - for i, f := range l { - b.WriteString(f.format()) - if i < len(l)-1 { - b.WriteString(",") - } - } -} - -func writeTraceItemSummary(b *bytes.Buffer, msg string, totalTime time.Duration, startTime time.Time, fields []Field) { - b.WriteString(fmt.Sprintf("%q ", msg)) - if len(fields) > 0 { - writeFields(b, fields) - b.WriteString(" ") - } - - b.WriteString(fmt.Sprintf("%vms (%v)", durationToMilliseconds(totalTime), startTime.Format("15:04:05.000"))) -} - -func durationToMilliseconds(timeDuration time.Duration) int64 { - return timeDuration.Nanoseconds() / 1e6 -} - -type traceItem interface { - // time returns when the trace was recorded as completed. - time() time.Time - // writeItem outputs the traceItem to the buffer. If stepThreshold is non-nil, only output the - // traceItem if its the duration exceeds the stepThreshold. - // Each line of output is prefixed by formatter to visually indent nested items. - writeItem(b *bytes.Buffer, formatter string, startTime time.Time, stepThreshold *time.Duration) -} - -type traceStep struct { - stepTime time.Time - msg string - fields []Field -} - -func (s traceStep) time() time.Time { - return s.stepTime -} - -func (s traceStep) writeItem(b *bytes.Buffer, formatter string, startTime time.Time, stepThreshold *time.Duration) { - stepDuration := s.stepTime.Sub(startTime) - if stepThreshold == nil || *stepThreshold == 0 || stepDuration >= *stepThreshold || klogV(4) { - b.WriteString(fmt.Sprintf("%s---", formatter)) - writeTraceItemSummary(b, s.msg, stepDuration, s.stepTime, s.fields) - } -} - -// Trace keeps track of a set of "steps" and allows us to log a specific -// step if it took longer than its share of the total allowed time -type Trace struct { - // constant fields - name string - fields []Field - startTime time.Time - parentTrace *Trace - // fields guarded by a lock - lock sync.RWMutex - threshold *time.Duration - endTime *time.Time - traceItems []traceItem -} - -func (t *Trace) time() time.Time { - if t.endTime != nil { - return *t.endTime - } - return t.startTime // if the trace is incomplete, don't assume an end time -} - -func (t *Trace) writeItem(b *bytes.Buffer, formatter string, startTime time.Time, stepThreshold *time.Duration) { - if t.durationIsWithinThreshold() || klogV(4) { - b.WriteString(fmt.Sprintf("%v[", formatter)) - writeTraceItemSummary(b, t.name, t.TotalTime(), t.startTime, t.fields) - if st := t.calculateStepThreshold(); st != nil { - stepThreshold = st - } - t.writeTraceSteps(b, formatter+" ", stepThreshold) - b.WriteString("]") - return - } - // If the trace should not be written, still check for nested traces that should be written - for _, s := range t.traceItems { - if nestedTrace, ok := s.(*Trace); ok { - nestedTrace.writeItem(b, formatter, startTime, stepThreshold) - } - } -} - -// New creates a Trace with the specified name. The name identifies the operation to be traced. The -// Fields add key value pairs to provide additional details about the trace, such as operation inputs. -func New(name string, fields ...Field) *Trace { - return &Trace{name: name, startTime: time.Now(), fields: fields} -} - -// Step adds a new step with a specific message. Call this at the end of an execution step to record -// how long it took. The Fields add key value pairs to provide additional details about the trace -// step. -func (t *Trace) Step(msg string, fields ...Field) { - t.lock.Lock() - defer t.lock.Unlock() - if t.traceItems == nil { - // traces almost always have less than 6 steps, do this to avoid more than a single allocation - t.traceItems = make([]traceItem, 0, 6) - } - t.traceItems = append(t.traceItems, traceStep{stepTime: time.Now(), msg: msg, fields: fields}) -} - -// Nest adds a nested trace with the given message and fields and returns it. -// As a convenience, if the receiver is nil, returns a top level trace. This allows -// one to call FromContext(ctx).Nest without having to check if the trace -// in the context is nil. -func (t *Trace) Nest(msg string, fields ...Field) *Trace { - newTrace := New(msg, fields...) - if t != nil { - newTrace.parentTrace = t - t.lock.Lock() - t.traceItems = append(t.traceItems, newTrace) - t.lock.Unlock() - } - return newTrace -} - -// Log is used to dump all the steps in the Trace. It also logs the nested trace messages using indentation. -// If the Trace is nested it is not immediately logged. Instead, it is logged when the trace it is nested within -// is logged. -func (t *Trace) Log() { - endTime := time.Now() - t.lock.Lock() - t.endTime = &endTime - t.lock.Unlock() - // an explicit logging request should dump all the steps out at the higher level - if t.parentTrace == nil { // We don't start logging until Log or LogIfLong is called on the root trace - t.logTrace() - } -} - -// LogIfLong only logs the trace if the duration of the trace exceeds the threshold. -// Only steps that took longer than their share or the given threshold are logged. -// If klog is at verbosity level 4 or higher and the trace took longer than the threshold, -// all substeps and subtraces are logged. Otherwise, only those which took longer than -// their own threshold. -// If the Trace is nested it is not immediately logged. Instead, it is logged when the trace it -// is nested within is logged. -func (t *Trace) LogIfLong(threshold time.Duration) { - t.lock.Lock() - t.threshold = &threshold - t.lock.Unlock() - t.Log() -} - -// logTopLevelTraces finds all traces in a hierarchy of nested traces that should be logged but do not have any -// parents that will be logged, due to threshold limits, and logs them as top level traces. -func (t *Trace) logTrace() { - t.lock.RLock() - defer t.lock.RUnlock() - if t.durationIsWithinThreshold() { - var buffer bytes.Buffer - traceNum := rand.Int31() - - totalTime := t.endTime.Sub(t.startTime) - buffer.WriteString(fmt.Sprintf("Trace[%d]: %q ", traceNum, t.name)) - if len(t.fields) > 0 { - writeFields(&buffer, t.fields) - buffer.WriteString(" ") - } - - // if any step took more than it's share of the total allowed time, it deserves a higher log level - buffer.WriteString(fmt.Sprintf("(%v) (total time: %vms):", t.startTime.Format("02-Jan-2006 15:04:05.000"), totalTime.Milliseconds())) - stepThreshold := t.calculateStepThreshold() - t.writeTraceSteps(&buffer, fmt.Sprintf("\nTrace[%d]: ", traceNum), stepThreshold) - buffer.WriteString(fmt.Sprintf("\nTrace[%d]: [%v] [%v] END\n", traceNum, t.endTime.Sub(t.startTime), totalTime)) - - klog.Info(buffer.String()) - return - } - - // If the trace should not be logged, still check if nested traces should be logged - for _, s := range t.traceItems { - if nestedTrace, ok := s.(*Trace); ok { - nestedTrace.logTrace() - } - } -} - -func (t *Trace) writeTraceSteps(b *bytes.Buffer, formatter string, stepThreshold *time.Duration) { - lastStepTime := t.startTime - for _, stepOrTrace := range t.traceItems { - stepOrTrace.writeItem(b, formatter, lastStepTime, stepThreshold) - lastStepTime = stepOrTrace.time() - } -} - -func (t *Trace) durationIsWithinThreshold() bool { - if t.endTime == nil { // we don't assume incomplete traces meet the threshold - return false - } - return t.threshold == nil || *t.threshold == 0 || t.endTime.Sub(t.startTime) >= *t.threshold -} - -// TotalTime can be used to figure out how long it took since the Trace was created -func (t *Trace) TotalTime() time.Duration { - return time.Since(t.startTime) -} - -// calculateStepThreshold returns a threshold for the individual steps of a trace, or nil if there is no threshold and -// all steps should be written. -func (t *Trace) calculateStepThreshold() *time.Duration { - if t.threshold == nil { - return nil - } - lenTrace := len(t.traceItems) + 1 - traceThreshold := *t.threshold - for _, s := range t.traceItems { - nestedTrace, ok := s.(*Trace) - if ok { - nestedTrace.lock.RLock() - if nestedTrace.threshold != nil { - traceThreshold = traceThreshold - *nestedTrace.threshold - lenTrace-- - } - nestedTrace.lock.RUnlock() - } - } - - // the limit threshold is used when the threshold( - //remaining after subtracting that of the child trace) is getting very close to zero to prevent unnecessary logging - limitThreshold := *t.threshold / 4 - if traceThreshold < limitThreshold { - traceThreshold = limitThreshold - lenTrace = len(t.traceItems) + 1 - } - - stepThreshold := traceThreshold / time.Duration(lenTrace) - return &stepThreshold -} - -// ContextTraceKey provides a common key for traces in context.Context values. -type ContextTraceKey struct{} - -// FromContext returns the trace keyed by ContextTraceKey in the context values, if one -// is present, or nil If there is no trace in the Context. -// It is safe to call Nest() on the returned value even if it is nil because ((*Trace)nil).Nest returns a top level -// trace. -func FromContext(ctx context.Context) *Trace { - if v, ok := ctx.Value(ContextTraceKey{}).(*Trace); ok { - return v - } - return nil -} - -// ContextWithTrace returns a context with trace included in the context values, keyed by ContextTraceKey. -func ContextWithTrace(ctx context.Context, trace *Trace) context.Context { - return context.WithValue(ctx, ContextTraceKey{}, trace) -} diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index dec9a89fa2..c8cb62502a 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -5,12 +5,6 @@ github.com/Azure/go-ansiterm/winterm # github.com/MakeNowJust/heredoc v1.0.0 ## explicit; go 1.12 github.com/MakeNowJust/heredoc -# github.com/NYTimes/gziphandler v1.1.1 -## explicit; go 1.11 -github.com/NYTimes/gziphandler -# github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 -## explicit; go 1.16 -github.com/antlr/antlr4/runtime/Go/antlr # github.com/apparentlymart/go-cidr v1.1.0 ## explicit github.com/apparentlymart/go-cidr/cidr @@ -32,23 +26,15 @@ github.com/chai2010/gettext-go github.com/chai2010/gettext-go/mo github.com/chai2010/gettext-go/plural github.com/chai2010/gettext-go/po -# github.com/coreos/go-oidc v2.1.0+incompatible -## explicit -github.com/coreos/go-oidc # github.com/coreos/go-semver v0.3.0 ## explicit github.com/coreos/go-semver/semver # github.com/coreos/go-systemd/v22 v22.3.2 ## explicit; go 1.12 -github.com/coreos/go-systemd/v22/daemon github.com/coreos/go-systemd/v22/journal # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/docker/distribution v2.8.1+incompatible -## explicit -github.com/docker/distribution/digestset -github.com/docker/distribution/reference # github.com/dustin/go-humanize v1.0.0 ## explicit github.com/dustin/go-humanize @@ -62,12 +48,6 @@ github.com/evanphx/json-patch # github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d ## explicit github.com/exponent-io/jsonpath -# github.com/felixge/httpsnoop v1.0.3 -## explicit; go 1.13 -github.com/felixge/httpsnoop -# github.com/fsnotify/fsnotify v1.6.0 -## explicit; go 1.16 -github.com/fsnotify/fsnotify # github.com/go-errors/errors v1.0.1 ## explicit github.com/go-errors/errors @@ -97,9 +77,6 @@ github.com/gogo/protobuf/sortkeys # github.com/golang-jwt/jwt/v4 v4.4.2 ## explicit; go 1.16 github.com/golang-jwt/jwt/v4 -# github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da -## explicit -github.com/golang/groupcache/lru # github.com/golang/protobuf v1.5.2 ## explicit; go 1.9 github.com/golang/protobuf/descriptor @@ -114,26 +91,6 @@ github.com/golang/protobuf/ptypes/wrappers # github.com/google/btree v1.0.1 ## explicit; go 1.12 github.com/google/btree -# github.com/google/cel-go v0.12.6 -## explicit; go 1.17 -github.com/google/cel-go/cel -github.com/google/cel-go/checker -github.com/google/cel-go/checker/decls -github.com/google/cel-go/common -github.com/google/cel-go/common/containers -github.com/google/cel-go/common/debug -github.com/google/cel-go/common/operators -github.com/google/cel-go/common/overloads -github.com/google/cel-go/common/runes -github.com/google/cel-go/common/types -github.com/google/cel-go/common/types/pb -github.com/google/cel-go/common/types/ref -github.com/google/cel-go/common/types/traits -github.com/google/cel-go/ext -github.com/google/cel-go/interpreter -github.com/google/cel-go/interpreter/functions -github.com/google/cel-go/parser -github.com/google/cel-go/parser/gen # github.com/google/gnostic v0.5.7-v3refs ## explicit; go 1.12 github.com/google/gnostic/compiler @@ -216,9 +173,6 @@ github.com/mitchellh/go-wordwrap ## explicit; go 1.13 github.com/moby/spdystream github.com/moby/spdystream/spdy -# github.com/moby/sys/mountinfo v0.6.2 -## explicit; go 1.16 -github.com/moby/sys/mountinfo # github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae ## explicit; go 1.13 github.com/moby/term @@ -235,18 +189,6 @@ github.com/monochromegane/go-gitignore # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 ## explicit github.com/munnerz/goautoneg -# github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f -## explicit -github.com/mxk/go-flowrate/flowrate -# github.com/opencontainers/go-digest v1.0.0 -## explicit; go 1.13 -github.com/opencontainers/go-digest -# github.com/opencontainers/selinux v1.10.0 -## explicit; go 1.13 -github.com/opencontainers/selinux/go-selinux -github.com/opencontainers/selinux/go-selinux/label -github.com/opencontainers/selinux/pkg/pwalk -github.com/opencontainers/selinux/pkg/pwalkdir # github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d ## explicit; go 1.13 github.com/openshift/build-machinery-go @@ -257,9 +199,6 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 -## explicit; go 1.19 -github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer # github.com/openshift/microshift v0.0.0 => ../ ## explicit; go 1.19 github.com/openshift/microshift/pkg/config @@ -272,18 +211,12 @@ github.com/peterbourgon/diskv # github.com/pkg/errors v0.9.1 ## explicit github.com/pkg/errors -# github.com/pquerna/cachecontrol v0.1.0 -## explicit; go 1.16 -github.com/pquerna/cachecontrol -github.com/pquerna/cachecontrol/cacheobject # github.com/prometheus/client_golang v1.14.0 ## explicit; go 1.17 github.com/prometheus/client_golang/prometheus github.com/prometheus/client_golang/prometheus/collectors github.com/prometheus/client_golang/prometheus/internal github.com/prometheus/client_golang/prometheus/promhttp -github.com/prometheus/client_golang/prometheus/testutil -github.com/prometheus/client_golang/prometheus/testutil/promlint # github.com/prometheus/client_model v0.3.0 ## explicit; go 1.9 github.com/prometheus/client_model/go @@ -297,9 +230,6 @@ github.com/prometheus/common/model github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util -# github.com/robfig/cron/v3 v3.0.1 -## explicit; go 1.12 -github.com/robfig/cron/v3 # github.com/russross/blackfriday/v2 v2.1.0 ## explicit github.com/russross/blackfriday/v2 @@ -315,9 +245,6 @@ github.com/spf13/cobra # github.com/spf13/pflag v1.0.5 ## explicit; go 1.12 github.com/spf13/pflag -# github.com/stoewer/go-strcase v1.2.0 -## explicit; go 1.11 -github.com/stoewer/go-strcase # github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 ## explicit github.com/tmc/grpc-websocket-proxy/wsproxy @@ -429,9 +356,6 @@ go.etcd.io/etcd/server/v3/wal/walpb ## explicit; go 1.17 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/internal -# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0 -## explicit; go 1.17 -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp # go.opentelemetry.io/otel v1.10.0 ## explicit; go 1.17 go.opentelemetry.io/otel @@ -458,17 +382,6 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform # go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 ## explicit; go 1.17 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc -# go.opentelemetry.io/otel/metric v0.31.0 -## explicit; go 1.17 -go.opentelemetry.io/otel/metric -go.opentelemetry.io/otel/metric/global -go.opentelemetry.io/otel/metric/instrument -go.opentelemetry.io/otel/metric/instrument/asyncfloat64 -go.opentelemetry.io/otel/metric/instrument/asyncint64 -go.opentelemetry.io/otel/metric/instrument/syncfloat64 -go.opentelemetry.io/otel/metric/instrument/syncint64 -go.opentelemetry.io/otel/metric/internal/global -go.opentelemetry.io/otel/metric/unit # go.opentelemetry.io/otel/sdk v1.10.0 ## explicit; go 1.17 go.opentelemetry.io/otel/sdk/instrumentation @@ -512,20 +425,10 @@ go.uber.org/zap/zapgrpc ## explicit; go 1.17 golang.org/x/crypto/bcrypt golang.org/x/crypto/blowfish -golang.org/x/crypto/cryptobyte -golang.org/x/crypto/cryptobyte/asn1 -golang.org/x/crypto/ed25519 -golang.org/x/crypto/internal/alias -golang.org/x/crypto/internal/poly1305 -golang.org/x/crypto/nacl/secretbox -golang.org/x/crypto/pbkdf2 -golang.org/x/crypto/salsa20/salsa # golang.org/x/net v0.7.0 ## explicit; go 1.17 golang.org/x/net/context golang.org/x/net/context/ctxhttp -golang.org/x/net/html -golang.org/x/net/html/atom golang.org/x/net/http/httpguts golang.org/x/net/http2 golang.org/x/net/http2/hpack @@ -534,17 +437,12 @@ golang.org/x/net/internal/socks golang.org/x/net/internal/timeseries golang.org/x/net/proxy golang.org/x/net/trace -golang.org/x/net/websocket # golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 ## explicit; go 1.11 golang.org/x/oauth2 golang.org/x/oauth2/internal -# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 -## explicit -golang.org/x/sync/singleflight # golang.org/x/sys v0.5.0 ## explicit; go 1.17 -golang.org/x/sys/cpu golang.org/x/sys/internal/unsafeheader golang.org/x/sys/plan9 golang.org/x/sys/unix @@ -565,13 +463,9 @@ golang.org/x/text/secure/bidirule golang.org/x/text/transform golang.org/x/text/unicode/bidi golang.org/x/text/unicode/norm -golang.org/x/text/width # golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 ## explicit golang.org/x/time/rate -# golang.org/x/tools v0.2.0 -## explicit; go 1.18 -golang.org/x/tools/container/intsets # google.golang.org/appengine v1.6.7 ## explicit; go 1.11 google.golang.org/appengine/internal @@ -584,7 +478,6 @@ google.golang.org/appengine/urlfetch # google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 ## explicit; go 1.15 google.golang.org/genproto/googleapis/api/annotations -google.golang.org/genproto/googleapis/api/expr/v1alpha1 google.golang.org/genproto/googleapis/api/httpbody google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status @@ -674,12 +567,9 @@ google.golang.org/protobuf/reflect/protoregistry google.golang.org/protobuf/runtime/protoiface google.golang.org/protobuf/runtime/protoimpl google.golang.org/protobuf/types/descriptorpb -google.golang.org/protobuf/types/dynamicpb google.golang.org/protobuf/types/known/anypb google.golang.org/protobuf/types/known/durationpb -google.golang.org/protobuf/types/known/emptypb google.golang.org/protobuf/types/known/fieldmaskpb -google.golang.org/protobuf/types/known/structpb google.golang.org/protobuf/types/known/timestamppb google.golang.org/protobuf/types/known/wrapperspb # gopkg.in/inf.v0 v0.9.1 @@ -688,12 +578,6 @@ gopkg.in/inf.v0 # gopkg.in/natefinch/lumberjack.v2 v2.0.0 ## explicit gopkg.in/natefinch/lumberjack.v2 -# gopkg.in/square/go-jose.v2 v2.2.2 -## explicit -gopkg.in/square/go-jose.v2 -gopkg.in/square/go-jose.v2/cipher -gopkg.in/square/go-jose.v2/json -gopkg.in/square/go-jose.v2/jwt # gopkg.in/yaml.v2 v2.4.0 ## explicit; go 1.15 gopkg.in/yaml.v2 @@ -758,21 +642,13 @@ k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 # k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d ## explicit; go 1.19 -k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta k8s.io/apimachinery/pkg/api/resource -k8s.io/apimachinery/pkg/api/validation -k8s.io/apimachinery/pkg/api/validation/path -k8s.io/apimachinery/pkg/apis/meta/internalversion -k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme -k8s.io/apimachinery/pkg/apis/meta/internalversion/validation k8s.io/apimachinery/pkg/apis/meta/v1 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme -k8s.io/apimachinery/pkg/apis/meta/v1/validation k8s.io/apimachinery/pkg/apis/meta/v1beta1 -k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation k8s.io/apimachinery/pkg/conversion k8s.io/apimachinery/pkg/conversion/queryparams k8s.io/apimachinery/pkg/fields @@ -787,8 +663,6 @@ k8s.io/apimachinery/pkg/runtime/serializer/streaming k8s.io/apimachinery/pkg/runtime/serializer/versioning k8s.io/apimachinery/pkg/selection k8s.io/apimachinery/pkg/types -k8s.io/apimachinery/pkg/util/cache -k8s.io/apimachinery/pkg/util/diff k8s.io/apimachinery/pkg/util/duration k8s.io/apimachinery/pkg/util/errors k8s.io/apimachinery/pkg/util/framer @@ -800,174 +674,19 @@ k8s.io/apimachinery/pkg/util/managedfields k8s.io/apimachinery/pkg/util/mergepatch k8s.io/apimachinery/pkg/util/naming k8s.io/apimachinery/pkg/util/net -k8s.io/apimachinery/pkg/util/proxy -k8s.io/apimachinery/pkg/util/rand k8s.io/apimachinery/pkg/util/remotecommand k8s.io/apimachinery/pkg/util/runtime k8s.io/apimachinery/pkg/util/sets k8s.io/apimachinery/pkg/util/strategicpatch -k8s.io/apimachinery/pkg/util/uuid k8s.io/apimachinery/pkg/util/validation k8s.io/apimachinery/pkg/util/validation/field k8s.io/apimachinery/pkg/util/wait -k8s.io/apimachinery/pkg/util/waitgroup k8s.io/apimachinery/pkg/util/yaml k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/apiserver/pkg/admission -k8s.io/apiserver/pkg/admission/cel -k8s.io/apiserver/pkg/admission/configuration -k8s.io/apiserver/pkg/admission/initializer -k8s.io/apiserver/pkg/admission/metrics -k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle -k8s.io/apiserver/pkg/admission/plugin/resourcequota -k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota -k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/install -k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1 -k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1alpha1 -k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/v1beta1 -k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/validation -k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy -k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/internal/generic -k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching -k8s.io/apiserver/pkg/admission/plugin/webhook -k8s.io/apiserver/pkg/admission/plugin/webhook/config -k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission -k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1 -k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1 -k8s.io/apiserver/pkg/admission/plugin/webhook/errors -k8s.io/apiserver/pkg/admission/plugin/webhook/generic -k8s.io/apiserver/pkg/admission/plugin/webhook/initializer -k8s.io/apiserver/pkg/admission/plugin/webhook/mutating -k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace -k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object -k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules -k8s.io/apiserver/pkg/admission/plugin/webhook/request -k8s.io/apiserver/pkg/admission/plugin/webhook/validating -k8s.io/apiserver/pkg/apis/apiserver -k8s.io/apiserver/pkg/apis/apiserver/install -k8s.io/apiserver/pkg/apis/apiserver/v1 -k8s.io/apiserver/pkg/apis/apiserver/v1alpha1 -k8s.io/apiserver/pkg/apis/apiserver/v1beta1 -k8s.io/apiserver/pkg/apis/audit -k8s.io/apiserver/pkg/apis/audit/install -k8s.io/apiserver/pkg/apis/audit/v1 -k8s.io/apiserver/pkg/apis/audit/validation -k8s.io/apiserver/pkg/apis/config -k8s.io/apiserver/pkg/apis/config/v1 -k8s.io/apiserver/pkg/apis/config/validation -k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap -k8s.io/apiserver/pkg/audit -k8s.io/apiserver/pkg/audit/policy -k8s.io/apiserver/pkg/authentication/authenticator -k8s.io/apiserver/pkg/authentication/authenticatorfactory -k8s.io/apiserver/pkg/authentication/group -k8s.io/apiserver/pkg/authentication/request/anonymous -k8s.io/apiserver/pkg/authentication/request/bearertoken -k8s.io/apiserver/pkg/authentication/request/headerrequest -k8s.io/apiserver/pkg/authentication/request/union -k8s.io/apiserver/pkg/authentication/request/websocket -k8s.io/apiserver/pkg/authentication/request/x509 -k8s.io/apiserver/pkg/authentication/serviceaccount -k8s.io/apiserver/pkg/authentication/token/cache -k8s.io/apiserver/pkg/authentication/token/tokenfile -k8s.io/apiserver/pkg/authentication/token/union -k8s.io/apiserver/pkg/authentication/user -k8s.io/apiserver/pkg/authorization/authorizer -k8s.io/apiserver/pkg/authorization/authorizerfactory -k8s.io/apiserver/pkg/authorization/path -k8s.io/apiserver/pkg/authorization/union -k8s.io/apiserver/pkg/cel -k8s.io/apiserver/pkg/cel/library -k8s.io/apiserver/pkg/endpoints -k8s.io/apiserver/pkg/endpoints/deprecation -k8s.io/apiserver/pkg/endpoints/discovery -k8s.io/apiserver/pkg/endpoints/discovery/aggregated -k8s.io/apiserver/pkg/endpoints/filterlatency -k8s.io/apiserver/pkg/endpoints/filters -k8s.io/apiserver/pkg/endpoints/handlers -k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager -k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal -k8s.io/apiserver/pkg/endpoints/handlers/finisher -k8s.io/apiserver/pkg/endpoints/handlers/metrics -k8s.io/apiserver/pkg/endpoints/handlers/negotiation -k8s.io/apiserver/pkg/endpoints/handlers/responsewriters -k8s.io/apiserver/pkg/endpoints/metrics -k8s.io/apiserver/pkg/endpoints/openapi -k8s.io/apiserver/pkg/endpoints/request -k8s.io/apiserver/pkg/endpoints/responsewriter -k8s.io/apiserver/pkg/endpoints/warning -k8s.io/apiserver/pkg/features -k8s.io/apiserver/pkg/quota/v1 -k8s.io/apiserver/pkg/quota/v1/generic -k8s.io/apiserver/pkg/registry/generic -k8s.io/apiserver/pkg/registry/generic/registry -k8s.io/apiserver/pkg/registry/generic/rest -k8s.io/apiserver/pkg/registry/rest -k8s.io/apiserver/pkg/server -k8s.io/apiserver/pkg/server/dynamiccertificates -k8s.io/apiserver/pkg/server/egressselector -k8s.io/apiserver/pkg/server/egressselector/metrics -k8s.io/apiserver/pkg/server/filters -k8s.io/apiserver/pkg/server/healthz -k8s.io/apiserver/pkg/server/httplog -k8s.io/apiserver/pkg/server/mux -k8s.io/apiserver/pkg/server/options -k8s.io/apiserver/pkg/server/options/encryptionconfig -k8s.io/apiserver/pkg/server/options/encryptionconfig/controller -k8s.io/apiserver/pkg/server/resourceconfig -k8s.io/apiserver/pkg/server/routes -k8s.io/apiserver/pkg/server/storage -k8s.io/apiserver/pkg/storage -k8s.io/apiserver/pkg/storage/cacher -k8s.io/apiserver/pkg/storage/cacher/metrics -k8s.io/apiserver/pkg/storage/errors -k8s.io/apiserver/pkg/storage/etcd3 -k8s.io/apiserver/pkg/storage/etcd3/metrics -k8s.io/apiserver/pkg/storage/names -k8s.io/apiserver/pkg/storage/storagebackend -k8s.io/apiserver/pkg/storage/storagebackend/factory -k8s.io/apiserver/pkg/storage/value -k8s.io/apiserver/pkg/storage/value/encrypt/aes -k8s.io/apiserver/pkg/storage/value/encrypt/envelope -k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2 -k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1 -k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics -k8s.io/apiserver/pkg/storage/value/encrypt/envelope/util -k8s.io/apiserver/pkg/storage/value/encrypt/identity -k8s.io/apiserver/pkg/storage/value/encrypt/secretbox -k8s.io/apiserver/pkg/storageversion -k8s.io/apiserver/pkg/util/apihelpers -k8s.io/apiserver/pkg/util/dryrun -k8s.io/apiserver/pkg/util/feature -k8s.io/apiserver/pkg/util/flowcontrol -k8s.io/apiserver/pkg/util/flowcontrol/debug -k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing -k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock -k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise -k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset -k8s.io/apiserver/pkg/util/flowcontrol/format -k8s.io/apiserver/pkg/util/flowcontrol/metrics -k8s.io/apiserver/pkg/util/flowcontrol/request -k8s.io/apiserver/pkg/util/flushwriter -k8s.io/apiserver/pkg/util/openapi -k8s.io/apiserver/pkg/util/shufflesharding -k8s.io/apiserver/pkg/util/webhook -k8s.io/apiserver/pkg/util/wsstream -k8s.io/apiserver/pkg/util/x509metrics -k8s.io/apiserver/pkg/warning -k8s.io/apiserver/plugin/pkg/audit/buffered -k8s.io/apiserver/plugin/pkg/audit/log -k8s.io/apiserver/plugin/pkg/audit/truncate -k8s.io/apiserver/plugin/pkg/audit/webhook -k8s.io/apiserver/plugin/pkg/authenticator/token/oidc -k8s.io/apiserver/plugin/pkg/authenticator/token/webhook -k8s.io/apiserver/plugin/pkg/authorizer/webhook # k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions @@ -1026,74 +745,6 @@ k8s.io/client-go/discovery k8s.io/client-go/discovery/cached/disk k8s.io/client-go/discovery/cached/memory k8s.io/client-go/dynamic -k8s.io/client-go/dynamic/dynamicinformer -k8s.io/client-go/dynamic/dynamiclister -k8s.io/client-go/informers -k8s.io/client-go/informers/admissionregistration -k8s.io/client-go/informers/admissionregistration/v1 -k8s.io/client-go/informers/admissionregistration/v1alpha1 -k8s.io/client-go/informers/admissionregistration/v1beta1 -k8s.io/client-go/informers/apiserverinternal -k8s.io/client-go/informers/apiserverinternal/v1alpha1 -k8s.io/client-go/informers/apps -k8s.io/client-go/informers/apps/v1 -k8s.io/client-go/informers/apps/v1beta1 -k8s.io/client-go/informers/apps/v1beta2 -k8s.io/client-go/informers/autoscaling -k8s.io/client-go/informers/autoscaling/v1 -k8s.io/client-go/informers/autoscaling/v2 -k8s.io/client-go/informers/autoscaling/v2beta1 -k8s.io/client-go/informers/autoscaling/v2beta2 -k8s.io/client-go/informers/batch -k8s.io/client-go/informers/batch/v1 -k8s.io/client-go/informers/batch/v1beta1 -k8s.io/client-go/informers/certificates -k8s.io/client-go/informers/certificates/v1 -k8s.io/client-go/informers/certificates/v1beta1 -k8s.io/client-go/informers/coordination -k8s.io/client-go/informers/coordination/v1 -k8s.io/client-go/informers/coordination/v1beta1 -k8s.io/client-go/informers/core -k8s.io/client-go/informers/core/v1 -k8s.io/client-go/informers/discovery -k8s.io/client-go/informers/discovery/v1 -k8s.io/client-go/informers/discovery/v1beta1 -k8s.io/client-go/informers/events -k8s.io/client-go/informers/events/v1 -k8s.io/client-go/informers/events/v1beta1 -k8s.io/client-go/informers/extensions -k8s.io/client-go/informers/extensions/v1beta1 -k8s.io/client-go/informers/flowcontrol -k8s.io/client-go/informers/flowcontrol/v1alpha1 -k8s.io/client-go/informers/flowcontrol/v1beta1 -k8s.io/client-go/informers/flowcontrol/v1beta2 -k8s.io/client-go/informers/flowcontrol/v1beta3 -k8s.io/client-go/informers/internalinterfaces -k8s.io/client-go/informers/networking -k8s.io/client-go/informers/networking/v1 -k8s.io/client-go/informers/networking/v1alpha1 -k8s.io/client-go/informers/networking/v1beta1 -k8s.io/client-go/informers/node -k8s.io/client-go/informers/node/v1 -k8s.io/client-go/informers/node/v1alpha1 -k8s.io/client-go/informers/node/v1beta1 -k8s.io/client-go/informers/policy -k8s.io/client-go/informers/policy/v1 -k8s.io/client-go/informers/policy/v1beta1 -k8s.io/client-go/informers/rbac -k8s.io/client-go/informers/rbac/v1 -k8s.io/client-go/informers/rbac/v1alpha1 -k8s.io/client-go/informers/rbac/v1beta1 -k8s.io/client-go/informers/resource -k8s.io/client-go/informers/resource/v1alpha1 -k8s.io/client-go/informers/scheduling -k8s.io/client-go/informers/scheduling/v1 -k8s.io/client-go/informers/scheduling/v1alpha1 -k8s.io/client-go/informers/scheduling/v1beta1 -k8s.io/client-go/informers/storage -k8s.io/client-go/informers/storage/v1 -k8s.io/client-go/informers/storage/v1alpha1 -k8s.io/client-go/informers/storage/v1beta1 k8s.io/client-go/kubernetes k8s.io/client-go/kubernetes/scheme k8s.io/client-go/kubernetes/typed/admissionregistration/v1 @@ -1146,51 +797,6 @@ k8s.io/client-go/kubernetes/typed/scheduling/v1beta1 k8s.io/client-go/kubernetes/typed/storage/v1 k8s.io/client-go/kubernetes/typed/storage/v1alpha1 k8s.io/client-go/kubernetes/typed/storage/v1beta1 -k8s.io/client-go/listers/admissionregistration/v1 -k8s.io/client-go/listers/admissionregistration/v1alpha1 -k8s.io/client-go/listers/admissionregistration/v1beta1 -k8s.io/client-go/listers/apiserverinternal/v1alpha1 -k8s.io/client-go/listers/apps/v1 -k8s.io/client-go/listers/apps/v1beta1 -k8s.io/client-go/listers/apps/v1beta2 -k8s.io/client-go/listers/autoscaling/v1 -k8s.io/client-go/listers/autoscaling/v2 -k8s.io/client-go/listers/autoscaling/v2beta1 -k8s.io/client-go/listers/autoscaling/v2beta2 -k8s.io/client-go/listers/batch/v1 -k8s.io/client-go/listers/batch/v1beta1 -k8s.io/client-go/listers/certificates/v1 -k8s.io/client-go/listers/certificates/v1beta1 -k8s.io/client-go/listers/coordination/v1 -k8s.io/client-go/listers/coordination/v1beta1 -k8s.io/client-go/listers/core/v1 -k8s.io/client-go/listers/discovery/v1 -k8s.io/client-go/listers/discovery/v1beta1 -k8s.io/client-go/listers/events/v1 -k8s.io/client-go/listers/events/v1beta1 -k8s.io/client-go/listers/extensions/v1beta1 -k8s.io/client-go/listers/flowcontrol/v1alpha1 -k8s.io/client-go/listers/flowcontrol/v1beta1 -k8s.io/client-go/listers/flowcontrol/v1beta2 -k8s.io/client-go/listers/flowcontrol/v1beta3 -k8s.io/client-go/listers/networking/v1 -k8s.io/client-go/listers/networking/v1alpha1 -k8s.io/client-go/listers/networking/v1beta1 -k8s.io/client-go/listers/node/v1 -k8s.io/client-go/listers/node/v1alpha1 -k8s.io/client-go/listers/node/v1beta1 -k8s.io/client-go/listers/policy/v1 -k8s.io/client-go/listers/policy/v1beta1 -k8s.io/client-go/listers/rbac/v1 -k8s.io/client-go/listers/rbac/v1alpha1 -k8s.io/client-go/listers/rbac/v1beta1 -k8s.io/client-go/listers/resource/v1alpha1 -k8s.io/client-go/listers/scheduling/v1 -k8s.io/client-go/listers/scheduling/v1alpha1 -k8s.io/client-go/listers/scheduling/v1beta1 -k8s.io/client-go/listers/storage/v1 -k8s.io/client-go/listers/storage/v1alpha1 -k8s.io/client-go/listers/storage/v1beta1 k8s.io/client-go/openapi k8s.io/client-go/openapi/cached k8s.io/client-go/pkg/apis/clientauthentication @@ -1198,11 +804,7 @@ k8s.io/client-go/pkg/apis/clientauthentication/install k8s.io/client-go/pkg/apis/clientauthentication/v1 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1 k8s.io/client-go/pkg/version -k8s.io/client-go/plugin/pkg/client/auth -k8s.io/client-go/plugin/pkg/client/auth/azure k8s.io/client-go/plugin/pkg/client/auth/exec -k8s.io/client-go/plugin/pkg/client/auth/gcp -k8s.io/client-go/plugin/pkg/client/auth/oidc k8s.io/client-go/rest k8s.io/client-go/rest/watch k8s.io/client-go/restmapper @@ -1216,73 +818,36 @@ k8s.io/client-go/scale/scheme/extensionsint k8s.io/client-go/scale/scheme/extensionsv1beta1 k8s.io/client-go/third_party/forked/golang/template k8s.io/client-go/tools/auth -k8s.io/client-go/tools/cache k8s.io/client-go/tools/clientcmd k8s.io/client-go/tools/clientcmd/api k8s.io/client-go/tools/clientcmd/api/latest k8s.io/client-go/tools/clientcmd/api/v1 -k8s.io/client-go/tools/events k8s.io/client-go/tools/metrics -k8s.io/client-go/tools/pager -k8s.io/client-go/tools/record -k8s.io/client-go/tools/record/util k8s.io/client-go/tools/reference k8s.io/client-go/tools/remotecommand -k8s.io/client-go/tools/watch k8s.io/client-go/transport k8s.io/client-go/transport/spdy k8s.io/client-go/util/cert -k8s.io/client-go/util/certificate/csr k8s.io/client-go/util/connrotation k8s.io/client-go/util/exec k8s.io/client-go/util/flowcontrol k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil -k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/cloud-provider -k8s.io/cloud-provider/volume -k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/cluster-bootstrap/token/api -k8s.io/cluster-bootstrap/token/util -k8s.io/cluster-bootstrap/util/secrets -k8s.io/cluster-bootstrap/util/tokens # k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag -k8s.io/component-base/config k8s.io/component-base/featuregate k8s.io/component-base/logs k8s.io/component-base/logs/api/v1 k8s.io/component-base/logs/klogflags k8s.io/component-base/metrics -k8s.io/component-base/metrics/features k8s.io/component-base/metrics/legacyregistry k8s.io/component-base/metrics/prometheus/feature -k8s.io/component-base/metrics/prometheus/slis -k8s.io/component-base/metrics/prometheus/workqueue k8s.io/component-base/metrics/prometheusextension -k8s.io/component-base/metrics/testutil -k8s.io/component-base/tracing -k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/component-helpers/apimachinery/lease -k8s.io/component-helpers/apps/poddisruptionbudget -k8s.io/component-helpers/auth/rbac/reconciliation -k8s.io/component-helpers/auth/rbac/validation -k8s.io/component-helpers/node/util/sysctl -k8s.io/component-helpers/scheduling/corev1 -k8s.io/component-helpers/scheduling/corev1/nodeaffinity -k8s.io/component-helpers/storage/ephemeral -k8s.io/component-helpers/storage/volume # k8s.io/klog/v2 v2.80.1 ## explicit; go 1.13 k8s.io/klog/v2 @@ -1291,18 +856,10 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/kms/apis/v1beta1 -k8s.io/kms/apis/v2alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 ## explicit; go 1.18 -k8s.io/kube-openapi/pkg/builder -k8s.io/kube-openapi/pkg/builder3 k8s.io/kube-openapi/pkg/builder3/util k8s.io/kube-openapi/pkg/common -k8s.io/kube-openapi/pkg/common/restfuladapter -k8s.io/kube-openapi/pkg/handler k8s.io/kube-openapi/pkg/handler3 k8s.io/kube-openapi/pkg/internal k8s.io/kube-openapi/pkg/internal/handler @@ -1311,7 +868,6 @@ k8s.io/kube-openapi/pkg/openapiconv k8s.io/kube-openapi/pkg/schemaconv k8s.io/kube-openapi/pkg/schemamutation k8s.io/kube-openapi/pkg/spec3 -k8s.io/kube-openapi/pkg/util k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec @@ -1326,441 +882,16 @@ k8s.io/kubectl/pkg/util/openapi/validation k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/kubelet/pkg/apis -# k8s.io/kubernetes v1.26.1 -## explicit; go 1.19 -k8s.io/kubernetes/pkg/api/legacyscheme -k8s.io/kubernetes/pkg/api/node -k8s.io/kubernetes/pkg/api/persistentvolume -k8s.io/kubernetes/pkg/api/persistentvolumeclaim -k8s.io/kubernetes/pkg/api/pod -k8s.io/kubernetes/pkg/api/podsecuritypolicy -k8s.io/kubernetes/pkg/api/service -k8s.io/kubernetes/pkg/api/storage -k8s.io/kubernetes/pkg/api/v1/endpoints -k8s.io/kubernetes/pkg/api/v1/persistentvolume -k8s.io/kubernetes/pkg/api/v1/pod -k8s.io/kubernetes/pkg/apis/abac -k8s.io/kubernetes/pkg/apis/abac/latest -k8s.io/kubernetes/pkg/apis/abac/v0 -k8s.io/kubernetes/pkg/apis/abac/v1beta1 -k8s.io/kubernetes/pkg/apis/admission -k8s.io/kubernetes/pkg/apis/admission/install -k8s.io/kubernetes/pkg/apis/admission/v1 -k8s.io/kubernetes/pkg/apis/admission/v1beta1 -k8s.io/kubernetes/pkg/apis/admissionregistration -k8s.io/kubernetes/pkg/apis/admissionregistration/install -k8s.io/kubernetes/pkg/apis/admissionregistration/v1 -k8s.io/kubernetes/pkg/apis/admissionregistration/v1alpha1 -k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1 -k8s.io/kubernetes/pkg/apis/admissionregistration/validation -k8s.io/kubernetes/pkg/apis/apiserverinternal -k8s.io/kubernetes/pkg/apis/apiserverinternal/install -k8s.io/kubernetes/pkg/apis/apiserverinternal/v1alpha1 -k8s.io/kubernetes/pkg/apis/apiserverinternal/validation -k8s.io/kubernetes/pkg/apis/apps -k8s.io/kubernetes/pkg/apis/apps/install -k8s.io/kubernetes/pkg/apis/apps/v1 -k8s.io/kubernetes/pkg/apis/apps/v1beta1 -k8s.io/kubernetes/pkg/apis/apps/v1beta2 -k8s.io/kubernetes/pkg/apis/apps/validation -k8s.io/kubernetes/pkg/apis/authentication -k8s.io/kubernetes/pkg/apis/authentication/install -k8s.io/kubernetes/pkg/apis/authentication/v1 -k8s.io/kubernetes/pkg/apis/authentication/v1alpha1 -k8s.io/kubernetes/pkg/apis/authentication/v1beta1 -k8s.io/kubernetes/pkg/apis/authentication/validation -k8s.io/kubernetes/pkg/apis/authorization -k8s.io/kubernetes/pkg/apis/authorization/install -k8s.io/kubernetes/pkg/apis/authorization/v1 -k8s.io/kubernetes/pkg/apis/authorization/v1beta1 -k8s.io/kubernetes/pkg/apis/authorization/validation -k8s.io/kubernetes/pkg/apis/autoscaling -k8s.io/kubernetes/pkg/apis/autoscaling/install -k8s.io/kubernetes/pkg/apis/autoscaling/v1 -k8s.io/kubernetes/pkg/apis/autoscaling/v2 -k8s.io/kubernetes/pkg/apis/autoscaling/v2beta1 -k8s.io/kubernetes/pkg/apis/autoscaling/v2beta2 -k8s.io/kubernetes/pkg/apis/autoscaling/validation -k8s.io/kubernetes/pkg/apis/batch -k8s.io/kubernetes/pkg/apis/batch/install -k8s.io/kubernetes/pkg/apis/batch/v1 -k8s.io/kubernetes/pkg/apis/batch/v1beta1 -k8s.io/kubernetes/pkg/apis/batch/validation -k8s.io/kubernetes/pkg/apis/certificates -k8s.io/kubernetes/pkg/apis/certificates/install -k8s.io/kubernetes/pkg/apis/certificates/v1 -k8s.io/kubernetes/pkg/apis/certificates/v1beta1 -k8s.io/kubernetes/pkg/apis/certificates/validation -k8s.io/kubernetes/pkg/apis/coordination -k8s.io/kubernetes/pkg/apis/coordination/install -k8s.io/kubernetes/pkg/apis/coordination/v1 -k8s.io/kubernetes/pkg/apis/coordination/v1beta1 -k8s.io/kubernetes/pkg/apis/coordination/validation -k8s.io/kubernetes/pkg/apis/core -k8s.io/kubernetes/pkg/apis/core/helper -k8s.io/kubernetes/pkg/apis/core/helper/qos -k8s.io/kubernetes/pkg/apis/core/install -k8s.io/kubernetes/pkg/apis/core/pods -k8s.io/kubernetes/pkg/apis/core/v1 -k8s.io/kubernetes/pkg/apis/core/v1/helper -k8s.io/kubernetes/pkg/apis/core/v1/helper/qos -k8s.io/kubernetes/pkg/apis/core/v1/validation -k8s.io/kubernetes/pkg/apis/core/validation -k8s.io/kubernetes/pkg/apis/discovery -k8s.io/kubernetes/pkg/apis/discovery/install -k8s.io/kubernetes/pkg/apis/discovery/v1 -k8s.io/kubernetes/pkg/apis/discovery/v1beta1 -k8s.io/kubernetes/pkg/apis/discovery/validation -k8s.io/kubernetes/pkg/apis/events -k8s.io/kubernetes/pkg/apis/events/install -k8s.io/kubernetes/pkg/apis/events/v1 -k8s.io/kubernetes/pkg/apis/events/v1beta1 -k8s.io/kubernetes/pkg/apis/extensions -k8s.io/kubernetes/pkg/apis/extensions/install -k8s.io/kubernetes/pkg/apis/extensions/v1beta1 -k8s.io/kubernetes/pkg/apis/flowcontrol -k8s.io/kubernetes/pkg/apis/flowcontrol/install -k8s.io/kubernetes/pkg/apis/flowcontrol/internalbootstrap -k8s.io/kubernetes/pkg/apis/flowcontrol/util -k8s.io/kubernetes/pkg/apis/flowcontrol/v1alpha1 -k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1 -k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2 -k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3 -k8s.io/kubernetes/pkg/apis/flowcontrol/validation -k8s.io/kubernetes/pkg/apis/imagepolicy -k8s.io/kubernetes/pkg/apis/imagepolicy/install -k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1 -k8s.io/kubernetes/pkg/apis/networking -k8s.io/kubernetes/pkg/apis/networking/install -k8s.io/kubernetes/pkg/apis/networking/v1 -k8s.io/kubernetes/pkg/apis/networking/v1alpha1 -k8s.io/kubernetes/pkg/apis/networking/v1beta1 -k8s.io/kubernetes/pkg/apis/networking/validation -k8s.io/kubernetes/pkg/apis/node -k8s.io/kubernetes/pkg/apis/node/install -k8s.io/kubernetes/pkg/apis/node/v1 -k8s.io/kubernetes/pkg/apis/node/v1alpha1 -k8s.io/kubernetes/pkg/apis/node/v1beta1 -k8s.io/kubernetes/pkg/apis/node/validation -k8s.io/kubernetes/pkg/apis/policy -k8s.io/kubernetes/pkg/apis/policy/install -k8s.io/kubernetes/pkg/apis/policy/v1 -k8s.io/kubernetes/pkg/apis/policy/v1beta1 -k8s.io/kubernetes/pkg/apis/policy/validation -k8s.io/kubernetes/pkg/apis/rbac -k8s.io/kubernetes/pkg/apis/rbac/install -k8s.io/kubernetes/pkg/apis/rbac/v1 -k8s.io/kubernetes/pkg/apis/rbac/v1alpha1 -k8s.io/kubernetes/pkg/apis/rbac/v1beta1 -k8s.io/kubernetes/pkg/apis/rbac/validation -k8s.io/kubernetes/pkg/apis/resource -k8s.io/kubernetes/pkg/apis/resource/install -k8s.io/kubernetes/pkg/apis/resource/v1alpha1 -k8s.io/kubernetes/pkg/apis/resource/validation -k8s.io/kubernetes/pkg/apis/scheduling -k8s.io/kubernetes/pkg/apis/scheduling/install -k8s.io/kubernetes/pkg/apis/scheduling/v1 -k8s.io/kubernetes/pkg/apis/scheduling/v1alpha1 -k8s.io/kubernetes/pkg/apis/scheduling/v1beta1 -k8s.io/kubernetes/pkg/apis/scheduling/validation -k8s.io/kubernetes/pkg/apis/storage -k8s.io/kubernetes/pkg/apis/storage/install -k8s.io/kubernetes/pkg/apis/storage/util -k8s.io/kubernetes/pkg/apis/storage/v1 -k8s.io/kubernetes/pkg/apis/storage/v1alpha1 -k8s.io/kubernetes/pkg/apis/storage/v1beta1 -k8s.io/kubernetes/pkg/apis/storage/validation -k8s.io/kubernetes/pkg/auth/authorizer/abac -k8s.io/kubernetes/pkg/auth/nodeidentifier -k8s.io/kubernetes/pkg/capabilities -k8s.io/kubernetes/pkg/cluster/ports -k8s.io/kubernetes/pkg/controller/serviceaccount -k8s.io/kubernetes/pkg/controlplane -k8s.io/kubernetes/pkg/controlplane/controller/apiserverleasegc -k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust -k8s.io/kubernetes/pkg/controlplane/controller/legacytokentracking -k8s.io/kubernetes/pkg/controlplane/reconcilers -k8s.io/kubernetes/pkg/features -k8s.io/kubernetes/pkg/fieldpath -k8s.io/kubernetes/pkg/kubeapiserver/admission -k8s.io/kubernetes/pkg/kubeapiserver/authenticator -k8s.io/kubernetes/pkg/kubeapiserver/authorizer -k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes -k8s.io/kubernetes/pkg/kubeapiserver/options -k8s.io/kubernetes/pkg/kubelet/client -k8s.io/kubernetes/pkg/kubelet/server/metrics -k8s.io/kubernetes/pkg/printers -k8s.io/kubernetes/pkg/printers/internalversion -k8s.io/kubernetes/pkg/printers/storage -k8s.io/kubernetes/pkg/probe -k8s.io/kubernetes/pkg/probe/http -k8s.io/kubernetes/pkg/proxy/util -k8s.io/kubernetes/pkg/quota/v1/evaluator/core -k8s.io/kubernetes/pkg/quota/v1/install -k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration -k8s.io/kubernetes/pkg/registry/admissionregistration/mutatingwebhookconfiguration/storage -k8s.io/kubernetes/pkg/registry/admissionregistration/resolver -k8s.io/kubernetes/pkg/registry/admissionregistration/rest -k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy -k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicy/storage -k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding -k8s.io/kubernetes/pkg/registry/admissionregistration/validatingadmissionpolicybinding/storage -k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration -k8s.io/kubernetes/pkg/registry/admissionregistration/validatingwebhookconfiguration/storage -k8s.io/kubernetes/pkg/registry/apiserverinternal/rest -k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion -k8s.io/kubernetes/pkg/registry/apiserverinternal/storageversion/storage -k8s.io/kubernetes/pkg/registry/apps/controllerrevision -k8s.io/kubernetes/pkg/registry/apps/controllerrevision/storage -k8s.io/kubernetes/pkg/registry/apps/daemonset -k8s.io/kubernetes/pkg/registry/apps/daemonset/storage -k8s.io/kubernetes/pkg/registry/apps/deployment -k8s.io/kubernetes/pkg/registry/apps/deployment/storage -k8s.io/kubernetes/pkg/registry/apps/replicaset -k8s.io/kubernetes/pkg/registry/apps/replicaset/storage -k8s.io/kubernetes/pkg/registry/apps/rest -k8s.io/kubernetes/pkg/registry/apps/statefulset -k8s.io/kubernetes/pkg/registry/apps/statefulset/storage -k8s.io/kubernetes/pkg/registry/authentication/rest -k8s.io/kubernetes/pkg/registry/authentication/selfsubjectreview -k8s.io/kubernetes/pkg/registry/authentication/tokenreview -k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview -k8s.io/kubernetes/pkg/registry/authorization/rest -k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview -k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview -k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview -k8s.io/kubernetes/pkg/registry/authorization/util -k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler -k8s.io/kubernetes/pkg/registry/autoscaling/horizontalpodautoscaler/storage -k8s.io/kubernetes/pkg/registry/autoscaling/rest -k8s.io/kubernetes/pkg/registry/batch/cronjob -k8s.io/kubernetes/pkg/registry/batch/cronjob/storage -k8s.io/kubernetes/pkg/registry/batch/job -k8s.io/kubernetes/pkg/registry/batch/job/storage -k8s.io/kubernetes/pkg/registry/batch/rest -k8s.io/kubernetes/pkg/registry/certificates/certificates -k8s.io/kubernetes/pkg/registry/certificates/certificates/storage -k8s.io/kubernetes/pkg/registry/certificates/rest -k8s.io/kubernetes/pkg/registry/coordination/lease -k8s.io/kubernetes/pkg/registry/coordination/lease/storage -k8s.io/kubernetes/pkg/registry/coordination/rest -k8s.io/kubernetes/pkg/registry/core/componentstatus -k8s.io/kubernetes/pkg/registry/core/configmap -k8s.io/kubernetes/pkg/registry/core/configmap/storage -k8s.io/kubernetes/pkg/registry/core/endpoint -k8s.io/kubernetes/pkg/registry/core/endpoint/storage -k8s.io/kubernetes/pkg/registry/core/event -k8s.io/kubernetes/pkg/registry/core/event/storage -k8s.io/kubernetes/pkg/registry/core/limitrange -k8s.io/kubernetes/pkg/registry/core/limitrange/storage -k8s.io/kubernetes/pkg/registry/core/namespace -k8s.io/kubernetes/pkg/registry/core/namespace/storage -k8s.io/kubernetes/pkg/registry/core/node -k8s.io/kubernetes/pkg/registry/core/node/rest -k8s.io/kubernetes/pkg/registry/core/node/storage -k8s.io/kubernetes/pkg/registry/core/persistentvolume -k8s.io/kubernetes/pkg/registry/core/persistentvolume/storage -k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim -k8s.io/kubernetes/pkg/registry/core/persistentvolumeclaim/storage -k8s.io/kubernetes/pkg/registry/core/pod -k8s.io/kubernetes/pkg/registry/core/pod/rest -k8s.io/kubernetes/pkg/registry/core/pod/storage -k8s.io/kubernetes/pkg/registry/core/podtemplate -k8s.io/kubernetes/pkg/registry/core/podtemplate/storage -k8s.io/kubernetes/pkg/registry/core/rangeallocation -k8s.io/kubernetes/pkg/registry/core/replicationcontroller -k8s.io/kubernetes/pkg/registry/core/replicationcontroller/storage -k8s.io/kubernetes/pkg/registry/core/resourcequota -k8s.io/kubernetes/pkg/registry/core/resourcequota/storage -k8s.io/kubernetes/pkg/registry/core/rest -k8s.io/kubernetes/pkg/registry/core/secret -k8s.io/kubernetes/pkg/registry/core/secret/storage -k8s.io/kubernetes/pkg/registry/core/service -k8s.io/kubernetes/pkg/registry/core/service/allocator -k8s.io/kubernetes/pkg/registry/core/service/allocator/storage -k8s.io/kubernetes/pkg/registry/core/service/ipallocator -k8s.io/kubernetes/pkg/registry/core/service/ipallocator/controller -k8s.io/kubernetes/pkg/registry/core/service/portallocator -k8s.io/kubernetes/pkg/registry/core/service/portallocator/controller -k8s.io/kubernetes/pkg/registry/core/service/storage -k8s.io/kubernetes/pkg/registry/core/serviceaccount -k8s.io/kubernetes/pkg/registry/core/serviceaccount/storage -k8s.io/kubernetes/pkg/registry/discovery/endpointslice -k8s.io/kubernetes/pkg/registry/discovery/endpointslice/storage -k8s.io/kubernetes/pkg/registry/discovery/rest -k8s.io/kubernetes/pkg/registry/events/rest -k8s.io/kubernetes/pkg/registry/flowcontrol/ensurer -k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema -k8s.io/kubernetes/pkg/registry/flowcontrol/flowschema/storage -k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration -k8s.io/kubernetes/pkg/registry/flowcontrol/prioritylevelconfiguration/storage -k8s.io/kubernetes/pkg/registry/flowcontrol/rest -k8s.io/kubernetes/pkg/registry/networking/clustercidr -k8s.io/kubernetes/pkg/registry/networking/clustercidr/storage -k8s.io/kubernetes/pkg/registry/networking/ingress -k8s.io/kubernetes/pkg/registry/networking/ingress/storage -k8s.io/kubernetes/pkg/registry/networking/ingressclass -k8s.io/kubernetes/pkg/registry/networking/ingressclass/storage -k8s.io/kubernetes/pkg/registry/networking/networkpolicy -k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage -k8s.io/kubernetes/pkg/registry/networking/rest -k8s.io/kubernetes/pkg/registry/node/rest -k8s.io/kubernetes/pkg/registry/node/runtimeclass -k8s.io/kubernetes/pkg/registry/node/runtimeclass/storage -k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget -k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage -k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy -k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage -k8s.io/kubernetes/pkg/registry/policy/rest -k8s.io/kubernetes/pkg/registry/rbac -k8s.io/kubernetes/pkg/registry/rbac/clusterrole -k8s.io/kubernetes/pkg/registry/rbac/clusterrole/policybased -k8s.io/kubernetes/pkg/registry/rbac/clusterrole/storage -k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding -k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/policybased -k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/storage -k8s.io/kubernetes/pkg/registry/rbac/rest -k8s.io/kubernetes/pkg/registry/rbac/role -k8s.io/kubernetes/pkg/registry/rbac/role/policybased -k8s.io/kubernetes/pkg/registry/rbac/role/storage -k8s.io/kubernetes/pkg/registry/rbac/rolebinding -k8s.io/kubernetes/pkg/registry/rbac/rolebinding/policybased -k8s.io/kubernetes/pkg/registry/rbac/rolebinding/storage -k8s.io/kubernetes/pkg/registry/rbac/validation -k8s.io/kubernetes/pkg/registry/resource/podscheduling -k8s.io/kubernetes/pkg/registry/resource/podscheduling/storage -k8s.io/kubernetes/pkg/registry/resource/resourceclaim -k8s.io/kubernetes/pkg/registry/resource/resourceclaim/storage -k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate -k8s.io/kubernetes/pkg/registry/resource/resourceclaimtemplate/storage -k8s.io/kubernetes/pkg/registry/resource/resourceclass -k8s.io/kubernetes/pkg/registry/resource/resourceclass/storage -k8s.io/kubernetes/pkg/registry/resource/rest -k8s.io/kubernetes/pkg/registry/scheduling/priorityclass -k8s.io/kubernetes/pkg/registry/scheduling/priorityclass/storage -k8s.io/kubernetes/pkg/registry/scheduling/rest -k8s.io/kubernetes/pkg/registry/storage/csidriver -k8s.io/kubernetes/pkg/registry/storage/csidriver/storage -k8s.io/kubernetes/pkg/registry/storage/csinode -k8s.io/kubernetes/pkg/registry/storage/csinode/storage -k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity -k8s.io/kubernetes/pkg/registry/storage/csistoragecapacity/storage -k8s.io/kubernetes/pkg/registry/storage/rest -k8s.io/kubernetes/pkg/registry/storage/storageclass -k8s.io/kubernetes/pkg/registry/storage/storageclass/storage -k8s.io/kubernetes/pkg/registry/storage/volumeattachment -k8s.io/kubernetes/pkg/registry/storage/volumeattachment/storage -k8s.io/kubernetes/pkg/routes -k8s.io/kubernetes/pkg/scheduler/apis/config -k8s.io/kubernetes/pkg/securitycontext -k8s.io/kubernetes/pkg/serviceaccount -k8s.io/kubernetes/pkg/util/async -k8s.io/kubernetes/pkg/util/hash -k8s.io/kubernetes/pkg/util/node -k8s.io/kubernetes/pkg/util/parsers -k8s.io/kubernetes/pkg/util/tolerations -k8s.io/kubernetes/pkg/volume -k8s.io/kubernetes/pkg/volume/util -k8s.io/kubernetes/pkg/volume/util/fs -k8s.io/kubernetes/pkg/volume/util/fsquota -k8s.io/kubernetes/pkg/volume/util/fsquota/common -k8s.io/kubernetes/pkg/volume/util/hostutil -k8s.io/kubernetes/pkg/volume/util/recyclerclient -k8s.io/kubernetes/pkg/volume/util/subpath -k8s.io/kubernetes/pkg/volume/util/types -k8s.io/kubernetes/pkg/volume/util/volumepathhandler -k8s.io/kubernetes/pkg/volume/validation -k8s.io/kubernetes/plugin/pkg/admission/admit -k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages -k8s.io/kubernetes/plugin/pkg/admission/antiaffinity -k8s.io/kubernetes/plugin/pkg/admission/certificates -k8s.io/kubernetes/plugin/pkg/admission/certificates/approval -k8s.io/kubernetes/plugin/pkg/admission/certificates/signing -k8s.io/kubernetes/plugin/pkg/admission/certificates/subjectrestriction -k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds -k8s.io/kubernetes/plugin/pkg/admission/deny -k8s.io/kubernetes/plugin/pkg/admission/eventratelimit -k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit -k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/install -k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/v1alpha1 -k8s.io/kubernetes/plugin/pkg/admission/eventratelimit/apis/eventratelimit/validation -k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration -k8s.io/kubernetes/plugin/pkg/admission/gc -k8s.io/kubernetes/plugin/pkg/admission/imagepolicy -k8s.io/kubernetes/plugin/pkg/admission/limitranger -k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision -k8s.io/kubernetes/plugin/pkg/admission/namespace/exists -k8s.io/kubernetes/plugin/pkg/admission/network/defaultingressclass -k8s.io/kubernetes/plugin/pkg/admission/network/denyserviceexternalips -k8s.io/kubernetes/plugin/pkg/admission/noderestriction -k8s.io/kubernetes/plugin/pkg/admission/nodetaint -k8s.io/kubernetes/plugin/pkg/admission/podnodeselector -k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction -k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction -k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/install -k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1 -k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/validation -k8s.io/kubernetes/plugin/pkg/admission/priority -k8s.io/kubernetes/plugin/pkg/admission/runtimeclass -k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity -k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny -k8s.io/kubernetes/plugin/pkg/admission/serviceaccount -k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label -k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize -k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault -k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection -k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap -k8s.io/kubernetes/plugin/pkg/auth/authorizer/node -k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac -k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy -k8s.io/kubernetes/third_party/forked/gonum/graph -k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear -k8s.io/kubernetes/third_party/forked/gonum/graph/simple -k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d -## explicit; go 1.19 -k8s.io/pod-security-admission/admission -k8s.io/pod-security-admission/admission/api -k8s.io/pod-security-admission/admission/api/load -k8s.io/pod-security-admission/admission/api/scheme -k8s.io/pod-security-admission/admission/api/v1 -k8s.io/pod-security-admission/admission/api/v1alpha1 -k8s.io/pod-security-admission/admission/api/v1beta1 -k8s.io/pod-security-admission/admission/api/validation -k8s.io/pod-security-admission/api -k8s.io/pod-security-admission/metrics -k8s.io/pod-security-admission/policy # k8s.io/utils v0.0.0-20221107191617-1a15be271d1d ## explicit; go 1.18 -k8s.io/utils/buffer k8s.io/utils/clock k8s.io/utils/clock/testing k8s.io/utils/exec k8s.io/utils/integer -k8s.io/utils/internal/third_party/forked/golang/golang-lru k8s.io/utils/internal/third_party/forked/golang/net -k8s.io/utils/io -k8s.io/utils/keymutex -k8s.io/utils/lru k8s.io/utils/net -k8s.io/utils/nsenter -k8s.io/utils/path k8s.io/utils/pointer -k8s.io/utils/strings k8s.io/utils/strings/slices -k8s.io/utils/trace -# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 -## explicit; go 1.17 -sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client -sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics -sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics -sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client # sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 ## explicit; go 1.18 sigs.k8s.io/json @@ -1851,7 +982,6 @@ sigs.k8s.io/kustomize/kyaml/yaml/walk # sigs.k8s.io/structured-merge-diff/v4 v4.2.3 ## explicit; go 1.13 sigs.k8s.io/structured-merge-diff/v4/fieldpath -sigs.k8s.io/structured-merge-diff/v4/merge sigs.k8s.io/structured-merge-diff/v4/schema sigs.k8s.io/structured-merge-diff/v4/typed sigs.k8s.io/structured-merge-diff/v4/value diff --git a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/LICENSE b/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/LICENSE deleted file mode 100644 index 8dada3edaf..0000000000 --- a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go deleted file mode 100644 index cb186cefc2..0000000000 --- a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go +++ /dev/null @@ -1,509 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package client - -import ( - "context" - "errors" - "fmt" - "io" - "math/rand" - "net" - "sync" - "sync/atomic" - "time" - - "google.golang.org/grpc" - "k8s.io/klog/v2" - - "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics" - commonmetrics "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics" - "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client" -) - -// Tunnel provides ability to dial a connection through a tunnel. -type Tunnel interface { - // Dial connects to the address on the named network, similar to - // what net.Dial does. The only supported protocol is tcp. - DialContext(requestCtx context.Context, protocol, address string) (net.Conn, error) - // Done returns a channel that is closed when the tunnel is no longer serving any connections, - // and can no longer be used. - Done() <-chan struct{} -} - -type dialResult struct { - err *dialFailure - connid int64 -} - -type pendingDial struct { - // resultCh is the channel to send the dial result to - resultCh chan<- dialResult - // cancelCh is the channel closed when resultCh no longer has a receiver - cancelCh <-chan struct{} -} - -// TODO: Replace with a generic implementation once it is safe to assume the client is built with go1.18+ -type pendingDialManager struct { - pendingDials map[int64]pendingDial - mutex sync.RWMutex -} - -func (p *pendingDialManager) add(dialID int64, pd pendingDial) { - p.mutex.Lock() - defer p.mutex.Unlock() - p.pendingDials[dialID] = pd -} - -func (p *pendingDialManager) remove(dialID int64) { - p.mutex.Lock() - defer p.mutex.Unlock() - delete(p.pendingDials, dialID) -} - -func (p *pendingDialManager) get(dialID int64) (pendingDial, bool) { - p.mutex.RLock() - defer p.mutex.RUnlock() - pd, ok := p.pendingDials[dialID] - return pd, ok -} - -// TODO: Replace with a generic implementation once it is safe to assume the client is built with go1.18+ -type connectionManager struct { - conns map[int64]*conn - mutex sync.RWMutex -} - -func (cm *connectionManager) add(connID int64, c *conn) { - cm.mutex.Lock() - defer cm.mutex.Unlock() - cm.conns[connID] = c -} - -func (cm *connectionManager) remove(connID int64) { - cm.mutex.Lock() - defer cm.mutex.Unlock() - delete(cm.conns, connID) -} - -func (cm *connectionManager) get(connID int64) (*conn, bool) { - cm.mutex.RLock() - defer cm.mutex.RUnlock() - c, ok := cm.conns[connID] - return c, ok -} - -func (cm *connectionManager) closeAll() { - cm.mutex.Lock() - defer cm.mutex.Unlock() - for _, conn := range cm.conns { - close(conn.readCh) - } -} - -// grpcTunnel implements Tunnel -type grpcTunnel struct { - stream client.ProxyService_ProxyClient - clientConn clientConn - pendingDial pendingDialManager - conns connectionManager - - // The tunnel will be closed if the caller fails to read via conn.Read() - // more than readTimeoutSeconds after a packet has been received. - readTimeoutSeconds int - - // The done channel is closed after the tunnel has cleaned up all connections and is no longer - // serving. - done chan struct{} - - // closing is an atomic bool represented as a 0 or 1, and set to true when the tunnel is being closed. - // closing should only be accessed through atomic methods. - // TODO: switch this to an atomic.Bool once the client is exclusively buit with go1.19+ - closing uint32 - - // Stores the current metrics.ClientConnectionStatus - prevStatus atomic.Value -} - -type clientConn interface { - Close() error -} - -var _ clientConn = &grpc.ClientConn{} - -var ( - // Expose metrics for client to register. - Metrics = metrics.Metrics -) - -// CreateSingleUseGrpcTunnel creates a Tunnel to dial to a remote server through a -// gRPC based proxy service. -// Currently, a single tunnel supports a single connection, and the tunnel is closed when the connection is terminated -// The Dial() method of the returned tunnel should only be called once -// Deprecated 2022-06-07: use CreateSingleUseGrpcTunnelWithContext -func CreateSingleUseGrpcTunnel(tunnelCtx context.Context, address string, opts ...grpc.DialOption) (Tunnel, error) { - return CreateSingleUseGrpcTunnelWithContext(context.TODO(), tunnelCtx, address, opts...) -} - -// CreateSingleUseGrpcTunnelWithContext creates a Tunnel to dial to a remote server through a -// gRPC based proxy service. -// Currently, a single tunnel supports a single connection. -// The tunnel is normally closed when the connection is terminated. -// If createCtx is cancelled before tunnel creation, an error will be returned. -// If tunnelCtx is cancelled while the tunnel is still in use, the tunnel (and any in flight connections) will be closed. -// The Dial() method of the returned tunnel should only be called once -func CreateSingleUseGrpcTunnelWithContext(createCtx, tunnelCtx context.Context, address string, opts ...grpc.DialOption) (Tunnel, error) { - c, err := grpc.DialContext(createCtx, address, opts...) - if err != nil { - return nil, err - } - - grpcClient := client.NewProxyServiceClient(c) - - stream, err := grpcClient.Proxy(tunnelCtx) - if err != nil { - c.Close() - return nil, err - } - - tunnel := newUnstartedTunnel(stream, c) - - go tunnel.serve(tunnelCtx) - - return tunnel, nil -} - -func newUnstartedTunnel(stream client.ProxyService_ProxyClient, c clientConn) *grpcTunnel { - t := grpcTunnel{ - stream: stream, - clientConn: c, - pendingDial: pendingDialManager{pendingDials: make(map[int64]pendingDial)}, - conns: connectionManager{conns: make(map[int64]*conn)}, - readTimeoutSeconds: 10, - done: make(chan struct{}), - } - s := metrics.ClientConnectionStatusCreated - t.prevStatus.Store(s) - metrics.Metrics.GetClientConnectionsMetric().WithLabelValues(string(s)).Inc() - return &t -} - -func (t *grpcTunnel) updateMetric(status metrics.ClientConnectionStatus) { - select { - case <-t.Done(): - return - default: - } - - prevStatus := t.prevStatus.Swap(status).(metrics.ClientConnectionStatus) - - m := metrics.Metrics.GetClientConnectionsMetric() - m.WithLabelValues(string(prevStatus)).Dec() - m.WithLabelValues(string(status)).Inc() -} - -// closeMetric should be called exactly once to finalize client_connections metric. -func (t *grpcTunnel) closeMetric() { - select { - case <-t.Done(): - return - default: - } - prevStatus := t.prevStatus.Load().(metrics.ClientConnectionStatus) - - metrics.Metrics.GetClientConnectionsMetric().WithLabelValues(string(prevStatus)).Dec() -} - -func (t *grpcTunnel) serve(tunnelCtx context.Context) { - defer func() { - t.clientConn.Close() - - // A connection in t.conns after serve() returns means - // we never received a CLOSE_RSP for it, so we need to - // close any channels remaining for these connections. - t.conns.closeAll() - - t.closeMetric() - - close(t.done) - }() - - for { - pkt, err := t.stream.Recv() - if err == io.EOF { - return - } - const segment = commonmetrics.SegmentToClient - isClosing := t.isClosing() - if err != nil || pkt == nil { - if !isClosing { - klog.ErrorS(err, "stream read failure") - } - metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) - return - } - metrics.Metrics.ObservePacket(segment, pkt.Type) - if isClosing { - return - } - klog.V(5).InfoS("[tracing] recv packet", "type", pkt.Type) - - switch pkt.Type { - case client.PacketType_DIAL_RSP: - resp := pkt.GetDialResponse() - pendingDial, ok := t.pendingDial.get(resp.Random) - - if !ok { - // If the DIAL_RSP does not match a pending dial, it means one of two things: - // 1. There was a second DIAL_RSP for the connection request (this is very unlikely but possible) - // 2. grpcTunnel.DialContext() returned early due to a dial timeout or the client canceling the context - // - // In either scenario, we should return here and close the tunnel as it is no longer needed. - kvs := []interface{}{"dialID", resp.Random, "connectID", resp.ConnectID} - if resp.Error != "" { - kvs = append(kvs, "error", resp.Error) - } - klog.V(1).InfoS("DialResp not recognized; dropped", kvs...) - return - } - - result := dialResult{connid: resp.ConnectID} - if resp.Error != "" { - result.err = &dialFailure{resp.Error, metrics.DialFailureEndpoint} - } else { - t.updateMetric(metrics.ClientConnectionStatusOk) - } - select { - // try to send to the result channel - case pendingDial.resultCh <- result: - // unblock if the cancel channel is closed - case <-pendingDial.cancelCh: - // Note: this condition can only be hit by a race condition where the - // DialContext() returns early (timeout) after the pendingDial is already - // fetched here, but before the result is sent. - klog.V(1).InfoS("Pending dial has been cancelled; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random) - return - case <-tunnelCtx.Done(): - klog.V(1).InfoS("Tunnel has been closed; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random) - return - } - - if resp.Error != "" { - // On dial error, avoid leaking serve goroutine. - return - } - - case client.PacketType_DIAL_CLS: - resp := pkt.GetCloseDial() - pendingDial, ok := t.pendingDial.get(resp.Random) - - if !ok { - // If the DIAL_CLS does not match a pending dial, it means one of two things: - // 1. There was a DIAL_CLS receieved after a DIAL_RSP (unlikely but possible) - // 2. grpcTunnel.DialContext() returned early due to a dial timeout or the client canceling the context - // - // In either scenario, we should return here and close the tunnel as it is no longer needed. - klog.V(1).InfoS("DIAL_CLS after dial finished", "dialID", resp.Random) - } else { - result := dialResult{ - err: &dialFailure{"dial closed", metrics.DialFailureDialClosed}, - } - select { - case pendingDial.resultCh <- result: - case <-pendingDial.cancelCh: - // Note: this condition can only be hit by a race condition where the - // DialContext() returns early (timeout) after the pendingDial is already - // fetched here, but before the result is sent. - case <-tunnelCtx.Done(): - } - } - return // Stop serving & close the tunnel. - - case client.PacketType_DATA: - resp := pkt.GetData() - // TODO: flow control - conn, ok := t.conns.get(resp.ConnectID) - - if !ok { - klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID) - continue - } - timer := time.NewTimer((time.Duration)(t.readTimeoutSeconds) * time.Second) - select { - case conn.readCh <- resp.Data: - timer.Stop() - case <-timer.C: - klog.ErrorS(fmt.Errorf("timeout"), "readTimeout has been reached, the grpc connection to the proxy server will be closed", "connectionID", conn.connID, "readTimeoutSeconds", t.readTimeoutSeconds) - return - case <-tunnelCtx.Done(): - klog.V(1).InfoS("Tunnel has been closed, the grpc connection to the proxy server will be closed", "connectionID", conn.connID) - } - - case client.PacketType_CLOSE_RSP: - resp := pkt.GetCloseResponse() - conn, ok := t.conns.get(resp.ConnectID) - - if !ok { - klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID) - continue - } - close(conn.readCh) - conn.closeCh <- resp.Error - close(conn.closeCh) - t.conns.remove(resp.ConnectID) - return - } - } -} - -// Dial connects to the address on the named network, similar to -// what net.Dial does. The only supported protocol is tcp. -func (t *grpcTunnel) DialContext(requestCtx context.Context, protocol, address string) (net.Conn, error) { - conn, err := t.dialContext(requestCtx, protocol, address) - if err != nil { - _, reason := GetDialFailureReason(err) - metrics.Metrics.ObserveDialFailure(reason) - } - return conn, err -} - -func (t *grpcTunnel) dialContext(requestCtx context.Context, protocol, address string) (net.Conn, error) { - select { - case <-t.done: - return nil, errors.New("tunnel is closed") - default: // Tunnel is open, carry on. - } - - if protocol != "tcp" { - return nil, errors.New("protocol not supported") - } - - t.updateMetric(metrics.ClientConnectionStatusDialing) - - random := rand.Int63() /* #nosec G404 */ - - // This channel is closed once we're returning and no longer waiting on resultCh - cancelCh := make(chan struct{}) - defer close(cancelCh) - - // This channel MUST NOT be buffered. The sender needs to know when we are not receiving things, so they can abort. - resCh := make(chan dialResult) - - t.pendingDial.add(random, pendingDial{resultCh: resCh, cancelCh: cancelCh}) - defer t.pendingDial.remove(random) - - req := &client.Packet{ - Type: client.PacketType_DIAL_REQ, - Payload: &client.Packet_DialRequest{ - DialRequest: &client.DialRequest{ - Protocol: protocol, - Address: address, - Random: random, - }, - }, - } - klog.V(5).InfoS("[tracing] send packet", "type", req.Type) - - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - err := t.stream.Send(req) - if err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) - return nil, err - } - - klog.V(5).Infoln("DIAL_REQ sent to proxy server") - - c := &conn{ - stream: t.stream, - random: random, - closeTunnel: t.closeTunnel, - } - - select { - case res := <-resCh: - if res.err != nil { - return nil, res.err - } - c.connID = res.connid - c.readCh = make(chan []byte, 10) - c.closeCh = make(chan string, 1) - t.conns.add(res.connid, c) - case <-time.After(30 * time.Second): - klog.V(5).InfoS("Timed out waiting for DialResp", "dialID", random) - go t.closeDial(random) - return nil, &dialFailure{"dial timeout, backstop", metrics.DialFailureTimeout} - case <-requestCtx.Done(): - klog.V(5).InfoS("Context canceled waiting for DialResp", "ctxErr", requestCtx.Err(), "dialID", random) - go t.closeDial(random) - return nil, &dialFailure{"dial timeout, context", metrics.DialFailureContext} - case <-t.done: - klog.V(5).InfoS("Tunnel closed while waiting for DialResp", "dialID", random) - return nil, &dialFailure{"tunnel closed", metrics.DialFailureTunnelClosed} - } - - return c, nil -} - -func (t *grpcTunnel) Done() <-chan struct{} { - return t.done -} - -// Send a best-effort DIAL_CLS request for the given dial ID. -func (t *grpcTunnel) closeDial(dialID int64) { - req := &client.Packet{ - Type: client.PacketType_DIAL_CLS, - Payload: &client.Packet_CloseDial{ - CloseDial: &client.CloseDial{ - Random: dialID, - }, - }, - } - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - if err := t.stream.Send(req); err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) - klog.V(5).InfoS("Failed to send DIAL_CLS", "err", err, "dialID", dialID) - } - t.closeTunnel() -} - -func (t *grpcTunnel) closeTunnel() { - atomic.StoreUint32(&t.closing, 1) - t.clientConn.Close() -} - -func (t *grpcTunnel) isClosing() bool { - return atomic.LoadUint32(&t.closing) != 0 -} - -func GetDialFailureReason(err error) (isDialFailure bool, reason metrics.DialFailureReason) { - var df *dialFailure - if errors.As(err, &df) { - return true, df.reason - } - return false, metrics.DialFailureUnknown -} - -type dialFailure struct { - msg string - reason metrics.DialFailureReason -} - -func (df *dialFailure) Error() string { - return df.msg -} diff --git a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go b/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go deleted file mode 100644 index 14384a62cb..0000000000 --- a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go +++ /dev/null @@ -1,173 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package client - -import ( - "errors" - "io" - "net" - "time" - - "k8s.io/klog/v2" - - "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics" - commonmetrics "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics" - "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client" -) - -// CloseTimeout is the timeout to wait CLOSE_RSP packet after a -// successful delivery of CLOSE_REQ. -const CloseTimeout = 10 * time.Second - -var errConnCloseTimeout = errors.New("close timeout") - -// conn is an implementation of net.Conn, where the data is transported -// over an established tunnel defined by a gRPC service ProxyService. -type conn struct { - stream client.ProxyService_ProxyClient - connID int64 - random int64 - readCh chan []byte - closeCh chan string - rdata []byte - - // closeTunnel is an optional callback to close the underlying grpc connection. - closeTunnel func() -} - -var _ net.Conn = &conn{} - -// Write sends the data thru the connection over proxy service -func (c *conn) Write(data []byte) (n int, err error) { - req := &client.Packet{ - Type: client.PacketType_DATA, - Payload: &client.Packet_Data{ - Data: &client.Data{ - ConnectID: c.connID, - Data: data, - }, - }, - } - - klog.V(5).InfoS("[tracing] send req", "type", req.Type) - - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - err = c.stream.Send(req) - if err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) - return 0, err - } - return len(data), err -} - -// Read receives data from the connection over proxy service -func (c *conn) Read(b []byte) (n int, err error) { - var data []byte - - if c.rdata != nil { - data = c.rdata - } else { - data = <-c.readCh - } - - if data == nil { - return 0, io.EOF - } - - if len(data) > len(b) { - copy(b, data[:len(b)]) - c.rdata = data[len(b):] - return len(b), nil - } - - c.rdata = nil - copy(b, data) - - return len(data), nil -} - -func (c *conn) LocalAddr() net.Addr { - return nil -} - -func (c *conn) RemoteAddr() net.Addr { - return nil -} - -func (c *conn) SetDeadline(t time.Time) error { - return errors.New("not implemented") -} - -func (c *conn) SetReadDeadline(t time.Time) error { - return errors.New("not implemented") -} - -func (c *conn) SetWriteDeadline(t time.Time) error { - return errors.New("not implemented") -} - -// Close closes the connection. It also sends CLOSE_REQ packet over -// proxy service to notify remote to drop the connection. -func (c *conn) Close() error { - klog.V(4).Infoln("closing connection") - if c.closeTunnel != nil { - defer c.closeTunnel() - } - - var req *client.Packet - if c.connID != 0 { - req = &client.Packet{ - Type: client.PacketType_CLOSE_REQ, - Payload: &client.Packet_CloseRequest{ - CloseRequest: &client.CloseRequest{ - ConnectID: c.connID, - }, - }, - } - } else { - // Never received a DIAL response so no connection ID. - req = &client.Packet{ - Type: client.PacketType_DIAL_CLS, - Payload: &client.Packet_CloseDial{ - CloseDial: &client.CloseDial{ - Random: c.random, - }, - }, - } - } - - klog.V(5).InfoS("[tracing] send req", "type", req.Type) - - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - if err := c.stream.Send(req); err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) - return err - } - - select { - case errMsg := <-c.closeCh: - if errMsg != "" { - return errors.New(errMsg) - } - return nil - case <-time.After(CloseTimeout): - } - - return errConnCloseTimeout -} diff --git a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics/metrics.go b/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics/metrics.go deleted file mode 100644 index 03e9d94da8..0000000000 --- a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics/metrics.go +++ /dev/null @@ -1,162 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package metrics - -import ( - "sync" - - "github.com/prometheus/client_golang/prometheus" - - commonmetrics "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics" - "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client" -) - -const ( - Namespace = "konnectivity_network_proxy" - Subsystem = "client" -) - -var ( - // Metrics provides access to all client metrics. The client - // application is responsible for registering (via Metrics.RegisterMetrics). - Metrics = newMetrics() -) - -// ClientMetrics includes all the metrics of the konnectivity-client. -type ClientMetrics struct { - registerOnce sync.Once - streamPackets *prometheus.CounterVec - streamErrors *prometheus.CounterVec - dialFailures *prometheus.CounterVec - clientConns *prometheus.GaugeVec -} - -type DialFailureReason string - -const ( - DialFailureUnknown DialFailureReason = "unknown" - // DialFailureTimeout indicates the hard 30 second timeout was hit. - DialFailureTimeout DialFailureReason = "timeout" - // DialFailureContext indicates that the context was cancelled or reached it's deadline before - // the dial response was returned. - DialFailureContext DialFailureReason = "context" - // DialFailureEndpoint indicates that the konnectivity-agent was unable to reach the backend endpoint. - DialFailureEndpoint DialFailureReason = "endpoint" - // DialFailureDialClosed indicates that the client received a CloseDial response, indicating the - // connection was closed before the dial could complete. - DialFailureDialClosed DialFailureReason = "dialclosed" - // DialFailureTunnelClosed indicates that the client connection was closed before the dial could - // complete. - DialFailureTunnelClosed DialFailureReason = "tunnelclosed" -) - -type ClientConnectionStatus string - -const ( - // The connection is created but has not yet been dialed. - ClientConnectionStatusCreated ClientConnectionStatus = "created" - // The connection is pending dial response. - ClientConnectionStatusDialing ClientConnectionStatus = "dialing" - // The connection is established. - ClientConnectionStatusOk ClientConnectionStatus = "ok" - // The connection is closing. - ClientConnectionStatusClosing ClientConnectionStatus = "closing" -) - -func newMetrics() *ClientMetrics { - // The denominator (total dials started) for both - // dial_failure_total and dial_duration_seconds is the - // stream_packets_total (common metric), where segment is - // "from_client" and packet_type is "DIAL_REQ". - dialFailures := prometheus.NewCounterVec( - prometheus.CounterOpts{ - Namespace: Namespace, - Subsystem: Subsystem, - Name: "dial_failure_total", - Help: "Number of dial failures observed, by reason (example: remote endpoint error)", - }, - []string{ - "reason", - }, - ) - clientConns := prometheus.NewGaugeVec( - prometheus.GaugeOpts{ - Namespace: Namespace, - Subsystem: Subsystem, - Name: "client_connections", - Help: "Number of open client connections, by status (Example: dialing)", - }, - []string{ - "status", - }, - ) - return &ClientMetrics{ - streamPackets: commonmetrics.MakeStreamPacketsTotalMetric(Namespace, Subsystem), - streamErrors: commonmetrics.MakeStreamErrorsTotalMetric(Namespace, Subsystem), - dialFailures: dialFailures, - clientConns: clientConns, - } -} - -// RegisterMetrics registers all metrics with the client application. -func (c *ClientMetrics) RegisterMetrics(r prometheus.Registerer) { - c.registerOnce.Do(func() { - r.MustRegister(c.streamPackets) - r.MustRegister(c.streamErrors) - r.MustRegister(c.dialFailures) - r.MustRegister(c.clientConns) - }) -} - -// LegacyRegisterMetrics registers all metrics via MustRegister func. -// TODO: remove this once https://github.com/kubernetes/kubernetes/pull/114293 is available. -func (c *ClientMetrics) LegacyRegisterMetrics(mustRegisterFn func(...prometheus.Collector)) { - c.registerOnce.Do(func() { - mustRegisterFn(c.streamPackets) - mustRegisterFn(c.streamErrors) - mustRegisterFn(c.dialFailures) - mustRegisterFn(c.clientConns) - }) -} - -// Reset resets the metrics. -func (c *ClientMetrics) Reset() { - c.streamPackets.Reset() - c.streamErrors.Reset() - c.dialFailures.Reset() - c.clientConns.Reset() -} - -func (c *ClientMetrics) ObserveDialFailure(reason DialFailureReason) { - c.dialFailures.WithLabelValues(string(reason)).Inc() -} - -func (c *ClientMetrics) GetClientConnectionsMetric() *prometheus.GaugeVec { - return c.clientConns -} - -func (c *ClientMetrics) ObservePacket(segment commonmetrics.Segment, packetType client.PacketType) { - commonmetrics.ObservePacket(c.streamPackets, segment, packetType) -} - -func (c *ClientMetrics) ObserveStreamErrorNoPacket(segment commonmetrics.Segment, err error) { - commonmetrics.ObserveStreamErrorNoPacket(c.streamErrors, segment, err) -} - -func (c *ClientMetrics) ObserveStreamError(segment commonmetrics.Segment, err error, packetType client.PacketType) { - commonmetrics.ObserveStreamError(c.streamErrors, segment, err, packetType) -} diff --git a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics/metrics.go b/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics/metrics.go deleted file mode 100644 index e8619f4720..0000000000 --- a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics/metrics.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package metrics provides metric definitions and helpers used -// across konnectivity client, server, and agent. -package metrics - -import ( - "github.com/prometheus/client_golang/prometheus" - "google.golang.org/grpc/status" - - "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client" -) - -// Segment identifies one of four tunnel segments (e.g. from server to agent). -type Segment string - -const ( - // SegmentFromClient indicates a packet from client to server. - SegmentFromClient Segment = "from_client" - // SegmentToClient indicates a packet from server to client. - SegmentToClient Segment = "to_client" - // SegmentFromAgent indicates a packet from agent to server. - SegmentFromAgent Segment = "from_agent" - // SegmentToAgent indicates a packet from server to agent. - SegmentToAgent Segment = "to_agent" -) - -func MakeStreamPacketsTotalMetric(namespace, subsystem string) *prometheus.CounterVec { - return prometheus.NewCounterVec( - prometheus.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "stream_packets_total", - Help: "Count of packets processed, by segment and packet type (example: from_client, DIAL_REQ)", - }, - []string{"segment", "packet_type"}, - ) -} - -func MakeStreamErrorsTotalMetric(namespace, subsystem string) *prometheus.CounterVec { - return prometheus.NewCounterVec( - prometheus.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "stream_errors_total", - Help: "Count of gRPC stream errors, by segment, grpc Code, packet type. (example: from_agent, Code.Unavailable, DIAL_RSP)", - }, - []string{"segment", "code", "packet_type"}, - ) -} - -func ObservePacket(m *prometheus.CounterVec, segment Segment, packetType client.PacketType) { - m.WithLabelValues(string(segment), packetType.String()).Inc() -} - -func ObserveStreamErrorNoPacket(m *prometheus.CounterVec, segment Segment, err error) { - code := status.Code(err) - m.WithLabelValues(string(segment), code.String(), "Unknown").Inc() -} - -func ObserveStreamError(m *prometheus.CounterVec, segment Segment, err error, packetType client.PacketType) { - code := status.Code(err) - m.WithLabelValues(string(segment), code.String(), packetType.String()).Inc() -} diff --git a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client/client.pb.go b/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client/client.pb.go deleted file mode 100644 index 59a797df4c..0000000000 --- a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client/client.pb.go +++ /dev/null @@ -1,714 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: konnectivity-client/proto/client/client.proto - -package client - -import ( - context "context" - fmt "fmt" - proto "github.com/golang/protobuf/proto" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package - -type PacketType int32 - -const ( - PacketType_DIAL_REQ PacketType = 0 - PacketType_DIAL_RSP PacketType = 1 - PacketType_CLOSE_REQ PacketType = 2 - PacketType_CLOSE_RSP PacketType = 3 - PacketType_DATA PacketType = 4 - PacketType_DIAL_CLS PacketType = 5 -) - -var PacketType_name = map[int32]string{ - 0: "DIAL_REQ", - 1: "DIAL_RSP", - 2: "CLOSE_REQ", - 3: "CLOSE_RSP", - 4: "DATA", - 5: "DIAL_CLS", -} - -var PacketType_value = map[string]int32{ - "DIAL_REQ": 0, - "DIAL_RSP": 1, - "CLOSE_REQ": 2, - "CLOSE_RSP": 3, - "DATA": 4, - "DIAL_CLS": 5, -} - -func (x PacketType) String() string { - return proto.EnumName(PacketType_name, int32(x)) -} - -func (PacketType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{0} -} - -type Error int32 - -const ( - Error_EOF Error = 0 -) - -var Error_name = map[int32]string{ - 0: "EOF", -} - -var Error_value = map[string]int32{ - "EOF": 0, -} - -func (x Error) String() string { - return proto.EnumName(Error_name, int32(x)) -} - -func (Error) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{1} -} - -type Packet struct { - Type PacketType `protobuf:"varint,1,opt,name=type,proto3,enum=PacketType" json:"type,omitempty"` - // Types that are valid to be assigned to Payload: - // *Packet_DialRequest - // *Packet_DialResponse - // *Packet_Data - // *Packet_CloseRequest - // *Packet_CloseResponse - // *Packet_CloseDial - Payload isPacket_Payload `protobuf_oneof:"payload"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Packet) Reset() { *m = Packet{} } -func (m *Packet) String() string { return proto.CompactTextString(m) } -func (*Packet) ProtoMessage() {} -func (*Packet) Descriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{0} -} - -func (m *Packet) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Packet.Unmarshal(m, b) -} -func (m *Packet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Packet.Marshal(b, m, deterministic) -} -func (m *Packet) XXX_Merge(src proto.Message) { - xxx_messageInfo_Packet.Merge(m, src) -} -func (m *Packet) XXX_Size() int { - return xxx_messageInfo_Packet.Size(m) -} -func (m *Packet) XXX_DiscardUnknown() { - xxx_messageInfo_Packet.DiscardUnknown(m) -} - -var xxx_messageInfo_Packet proto.InternalMessageInfo - -func (m *Packet) GetType() PacketType { - if m != nil { - return m.Type - } - return PacketType_DIAL_REQ -} - -type isPacket_Payload interface { - isPacket_Payload() -} - -type Packet_DialRequest struct { - DialRequest *DialRequest `protobuf:"bytes,2,opt,name=dialRequest,proto3,oneof"` -} - -type Packet_DialResponse struct { - DialResponse *DialResponse `protobuf:"bytes,3,opt,name=dialResponse,proto3,oneof"` -} - -type Packet_Data struct { - Data *Data `protobuf:"bytes,4,opt,name=data,proto3,oneof"` -} - -type Packet_CloseRequest struct { - CloseRequest *CloseRequest `protobuf:"bytes,5,opt,name=closeRequest,proto3,oneof"` -} - -type Packet_CloseResponse struct { - CloseResponse *CloseResponse `protobuf:"bytes,6,opt,name=closeResponse,proto3,oneof"` -} - -type Packet_CloseDial struct { - CloseDial *CloseDial `protobuf:"bytes,7,opt,name=closeDial,proto3,oneof"` -} - -func (*Packet_DialRequest) isPacket_Payload() {} - -func (*Packet_DialResponse) isPacket_Payload() {} - -func (*Packet_Data) isPacket_Payload() {} - -func (*Packet_CloseRequest) isPacket_Payload() {} - -func (*Packet_CloseResponse) isPacket_Payload() {} - -func (*Packet_CloseDial) isPacket_Payload() {} - -func (m *Packet) GetPayload() isPacket_Payload { - if m != nil { - return m.Payload - } - return nil -} - -func (m *Packet) GetDialRequest() *DialRequest { - if x, ok := m.GetPayload().(*Packet_DialRequest); ok { - return x.DialRequest - } - return nil -} - -func (m *Packet) GetDialResponse() *DialResponse { - if x, ok := m.GetPayload().(*Packet_DialResponse); ok { - return x.DialResponse - } - return nil -} - -func (m *Packet) GetData() *Data { - if x, ok := m.GetPayload().(*Packet_Data); ok { - return x.Data - } - return nil -} - -func (m *Packet) GetCloseRequest() *CloseRequest { - if x, ok := m.GetPayload().(*Packet_CloseRequest); ok { - return x.CloseRequest - } - return nil -} - -func (m *Packet) GetCloseResponse() *CloseResponse { - if x, ok := m.GetPayload().(*Packet_CloseResponse); ok { - return x.CloseResponse - } - return nil -} - -func (m *Packet) GetCloseDial() *CloseDial { - if x, ok := m.GetPayload().(*Packet_CloseDial); ok { - return x.CloseDial - } - return nil -} - -// XXX_OneofWrappers is for the internal use of the proto package. -func (*Packet) XXX_OneofWrappers() []interface{} { - return []interface{}{ - (*Packet_DialRequest)(nil), - (*Packet_DialResponse)(nil), - (*Packet_Data)(nil), - (*Packet_CloseRequest)(nil), - (*Packet_CloseResponse)(nil), - (*Packet_CloseDial)(nil), - } -} - -type DialRequest struct { - // tcp or udp? - Protocol string `protobuf:"bytes,1,opt,name=protocol,proto3" json:"protocol,omitempty"` - // node:port - Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"` - // random id for client, maybe should be longer - Random int64 `protobuf:"varint,3,opt,name=random,proto3" json:"random,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DialRequest) Reset() { *m = DialRequest{} } -func (m *DialRequest) String() string { return proto.CompactTextString(m) } -func (*DialRequest) ProtoMessage() {} -func (*DialRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{1} -} - -func (m *DialRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DialRequest.Unmarshal(m, b) -} -func (m *DialRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DialRequest.Marshal(b, m, deterministic) -} -func (m *DialRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_DialRequest.Merge(m, src) -} -func (m *DialRequest) XXX_Size() int { - return xxx_messageInfo_DialRequest.Size(m) -} -func (m *DialRequest) XXX_DiscardUnknown() { - xxx_messageInfo_DialRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_DialRequest proto.InternalMessageInfo - -func (m *DialRequest) GetProtocol() string { - if m != nil { - return m.Protocol - } - return "" -} - -func (m *DialRequest) GetAddress() string { - if m != nil { - return m.Address - } - return "" -} - -func (m *DialRequest) GetRandom() int64 { - if m != nil { - return m.Random - } - return 0 -} - -type DialResponse struct { - // error failed reason; enum? - Error string `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"` - // connectID indicates the identifier of the connection - ConnectID int64 `protobuf:"varint,2,opt,name=connectID,proto3" json:"connectID,omitempty"` - // random copied from DialRequest - Random int64 `protobuf:"varint,3,opt,name=random,proto3" json:"random,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DialResponse) Reset() { *m = DialResponse{} } -func (m *DialResponse) String() string { return proto.CompactTextString(m) } -func (*DialResponse) ProtoMessage() {} -func (*DialResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{2} -} - -func (m *DialResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DialResponse.Unmarshal(m, b) -} -func (m *DialResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DialResponse.Marshal(b, m, deterministic) -} -func (m *DialResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_DialResponse.Merge(m, src) -} -func (m *DialResponse) XXX_Size() int { - return xxx_messageInfo_DialResponse.Size(m) -} -func (m *DialResponse) XXX_DiscardUnknown() { - xxx_messageInfo_DialResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_DialResponse proto.InternalMessageInfo - -func (m *DialResponse) GetError() string { - if m != nil { - return m.Error - } - return "" -} - -func (m *DialResponse) GetConnectID() int64 { - if m != nil { - return m.ConnectID - } - return 0 -} - -func (m *DialResponse) GetRandom() int64 { - if m != nil { - return m.Random - } - return 0 -} - -type CloseRequest struct { - // connectID of the stream to close - ConnectID int64 `protobuf:"varint,1,opt,name=connectID,proto3" json:"connectID,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CloseRequest) Reset() { *m = CloseRequest{} } -func (m *CloseRequest) String() string { return proto.CompactTextString(m) } -func (*CloseRequest) ProtoMessage() {} -func (*CloseRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{3} -} - -func (m *CloseRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CloseRequest.Unmarshal(m, b) -} -func (m *CloseRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CloseRequest.Marshal(b, m, deterministic) -} -func (m *CloseRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_CloseRequest.Merge(m, src) -} -func (m *CloseRequest) XXX_Size() int { - return xxx_messageInfo_CloseRequest.Size(m) -} -func (m *CloseRequest) XXX_DiscardUnknown() { - xxx_messageInfo_CloseRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_CloseRequest proto.InternalMessageInfo - -func (m *CloseRequest) GetConnectID() int64 { - if m != nil { - return m.ConnectID - } - return 0 -} - -type CloseResponse struct { - // error message - Error string `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"` - // connectID indicates the identifier of the connection - ConnectID int64 `protobuf:"varint,2,opt,name=connectID,proto3" json:"connectID,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CloseResponse) Reset() { *m = CloseResponse{} } -func (m *CloseResponse) String() string { return proto.CompactTextString(m) } -func (*CloseResponse) ProtoMessage() {} -func (*CloseResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{4} -} - -func (m *CloseResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CloseResponse.Unmarshal(m, b) -} -func (m *CloseResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CloseResponse.Marshal(b, m, deterministic) -} -func (m *CloseResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_CloseResponse.Merge(m, src) -} -func (m *CloseResponse) XXX_Size() int { - return xxx_messageInfo_CloseResponse.Size(m) -} -func (m *CloseResponse) XXX_DiscardUnknown() { - xxx_messageInfo_CloseResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_CloseResponse proto.InternalMessageInfo - -func (m *CloseResponse) GetError() string { - if m != nil { - return m.Error - } - return "" -} - -func (m *CloseResponse) GetConnectID() int64 { - if m != nil { - return m.ConnectID - } - return 0 -} - -type CloseDial struct { - // random id of the DialRequest - Random int64 `protobuf:"varint,1,opt,name=random,proto3" json:"random,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CloseDial) Reset() { *m = CloseDial{} } -func (m *CloseDial) String() string { return proto.CompactTextString(m) } -func (*CloseDial) ProtoMessage() {} -func (*CloseDial) Descriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{5} -} - -func (m *CloseDial) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CloseDial.Unmarshal(m, b) -} -func (m *CloseDial) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CloseDial.Marshal(b, m, deterministic) -} -func (m *CloseDial) XXX_Merge(src proto.Message) { - xxx_messageInfo_CloseDial.Merge(m, src) -} -func (m *CloseDial) XXX_Size() int { - return xxx_messageInfo_CloseDial.Size(m) -} -func (m *CloseDial) XXX_DiscardUnknown() { - xxx_messageInfo_CloseDial.DiscardUnknown(m) -} - -var xxx_messageInfo_CloseDial proto.InternalMessageInfo - -func (m *CloseDial) GetRandom() int64 { - if m != nil { - return m.Random - } - return 0 -} - -type Data struct { - // connectID to connect to - ConnectID int64 `protobuf:"varint,1,opt,name=connectID,proto3" json:"connectID,omitempty"` - // error message if error happens - Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"` - // stream data - Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Data) Reset() { *m = Data{} } -func (m *Data) String() string { return proto.CompactTextString(m) } -func (*Data) ProtoMessage() {} -func (*Data) Descriptor() ([]byte, []int) { - return fileDescriptor_fec4258d9ecd175d, []int{6} -} - -func (m *Data) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Data.Unmarshal(m, b) -} -func (m *Data) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Data.Marshal(b, m, deterministic) -} -func (m *Data) XXX_Merge(src proto.Message) { - xxx_messageInfo_Data.Merge(m, src) -} -func (m *Data) XXX_Size() int { - return xxx_messageInfo_Data.Size(m) -} -func (m *Data) XXX_DiscardUnknown() { - xxx_messageInfo_Data.DiscardUnknown(m) -} - -var xxx_messageInfo_Data proto.InternalMessageInfo - -func (m *Data) GetConnectID() int64 { - if m != nil { - return m.ConnectID - } - return 0 -} - -func (m *Data) GetError() string { - if m != nil { - return m.Error - } - return "" -} - -func (m *Data) GetData() []byte { - if m != nil { - return m.Data - } - return nil -} - -func init() { - proto.RegisterEnum("PacketType", PacketType_name, PacketType_value) - proto.RegisterEnum("Error", Error_name, Error_value) - proto.RegisterType((*Packet)(nil), "Packet") - proto.RegisterType((*DialRequest)(nil), "DialRequest") - proto.RegisterType((*DialResponse)(nil), "DialResponse") - proto.RegisterType((*CloseRequest)(nil), "CloseRequest") - proto.RegisterType((*CloseResponse)(nil), "CloseResponse") - proto.RegisterType((*CloseDial)(nil), "CloseDial") - proto.RegisterType((*Data)(nil), "Data") -} - -func init() { - proto.RegisterFile("konnectivity-client/proto/client/client.proto", fileDescriptor_fec4258d9ecd175d) -} - -var fileDescriptor_fec4258d9ecd175d = []byte{ - // 505 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x53, 0x51, 0x8b, 0xd3, 0x40, - 0x18, 0x4c, 0xda, 0xa4, 0x6d, 0xbe, 0xa6, 0x47, 0x58, 0x44, 0xc2, 0x29, 0xdc, 0x11, 0x5f, 0x4a, - 0xb1, 0xe9, 0xd1, 0x03, 0xf1, 0xb5, 0xd7, 0xf4, 0xe8, 0x41, 0xf1, 0xea, 0xf6, 0x9e, 0x4e, 0x50, - 0xd6, 0x64, 0x91, 0xd0, 0x98, 0x8d, 0xbb, 0x6b, 0x35, 0x3f, 0xd3, 0x7f, 0x24, 0xd9, 0xa4, 0x4d, - 0x22, 0xa8, 0x70, 0x4f, 0xed, 0xcc, 0x7e, 0x33, 0x3b, 0x19, 0xbe, 0x85, 0xe9, 0x9e, 0xa5, 0x29, - 0x0d, 0x65, 0x7c, 0x88, 0x65, 0x3e, 0x0d, 0x93, 0x98, 0xa6, 0x72, 0x96, 0x71, 0x26, 0xd9, 0xac, - 0x02, 0xe5, 0x8f, 0xaf, 0x38, 0xef, 0x57, 0x07, 0x7a, 0x5b, 0x12, 0xee, 0xa9, 0x44, 0x17, 0x60, - 0xc8, 0x3c, 0xa3, 0xae, 0x7e, 0xa9, 0x8f, 0xcf, 0xe6, 0x43, 0xbf, 0xa4, 0x1f, 0xf2, 0x8c, 0x62, - 0x75, 0x80, 0xae, 0x60, 0x18, 0xc5, 0x24, 0xc1, 0xf4, 0xdb, 0x77, 0x2a, 0xa4, 0xdb, 0xb9, 0xd4, - 0xc7, 0xc3, 0xb9, 0xed, 0x07, 0x35, 0xb7, 0xd6, 0x70, 0x73, 0x04, 0x5d, 0x83, 0x5d, 0x42, 0x91, - 0xb1, 0x54, 0x50, 0xb7, 0xab, 0x24, 0xa3, 0x4a, 0x52, 0x92, 0x6b, 0x0d, 0xb7, 0x86, 0xd0, 0x0b, - 0x30, 0x22, 0x22, 0x89, 0x6b, 0xa8, 0x61, 0xd3, 0x0f, 0x88, 0x24, 0x6b, 0x0d, 0x2b, 0xb2, 0x70, - 0x0c, 0x13, 0x26, 0xe8, 0x31, 0x84, 0x59, 0x39, 0x2e, 0x1b, 0x64, 0xe1, 0xd8, 0x1c, 0x42, 0x6f, - 0x60, 0x54, 0xe1, 0x2a, 0x47, 0x4f, 0xa9, 0xce, 0x8e, 0xaa, 0x53, 0x90, 0xf6, 0x18, 0x9a, 0x80, - 0xa5, 0x88, 0x22, 0xae, 0xdb, 0x57, 0x1a, 0x28, 0x35, 0x05, 0xb3, 0xd6, 0x70, 0x7d, 0x7c, 0x63, - 0x41, 0x3f, 0x23, 0x79, 0xc2, 0x48, 0xe4, 0x7d, 0x80, 0x61, 0xa3, 0x13, 0x74, 0x0e, 0x03, 0xd5, - 0x75, 0xc8, 0x12, 0xd5, 0xad, 0x85, 0x4f, 0x18, 0xb9, 0xd0, 0x27, 0x51, 0xc4, 0xa9, 0x10, 0xaa, - 0x4e, 0x0b, 0x1f, 0x21, 0x7a, 0x0e, 0x3d, 0x4e, 0xd2, 0x88, 0x7d, 0x55, 0xa5, 0x75, 0x71, 0x85, - 0xbc, 0x47, 0xb0, 0x9b, 0xed, 0xa1, 0x67, 0x60, 0x52, 0xce, 0x19, 0xaf, 0xac, 0x4b, 0x80, 0x5e, - 0x82, 0x15, 0x96, 0x7b, 0x70, 0x17, 0x28, 0xe7, 0x2e, 0xae, 0x89, 0xbf, 0x7a, 0xbf, 0x06, 0xbb, - 0xd9, 0x63, 0xdb, 0x45, 0xff, 0xc3, 0xc5, 0x5b, 0xc2, 0xa8, 0xd5, 0xdf, 0x53, 0xa2, 0x78, 0xaf, - 0xc0, 0x3a, 0x15, 0xda, 0xc8, 0xa5, 0xb7, 0x72, 0xbd, 0x03, 0xa3, 0x58, 0x82, 0x7f, 0xe7, 0xa9, - 0xaf, 0xef, 0x34, 0xaf, 0x47, 0xd5, 0x36, 0x15, 0x5f, 0x6a, 0x97, 0x4b, 0x34, 0xf9, 0x08, 0x50, - 0x2f, 0x37, 0xb2, 0x61, 0x10, 0xdc, 0x2d, 0x36, 0x9f, 0xf0, 0xea, 0xbd, 0xa3, 0xd5, 0x68, 0xb7, - 0x75, 0x74, 0x34, 0x02, 0x6b, 0xb9, 0xb9, 0xdf, 0xad, 0xd4, 0x61, 0xa7, 0x01, 0x77, 0x5b, 0xa7, - 0x8b, 0x06, 0x60, 0x04, 0x8b, 0x87, 0x85, 0x63, 0x9c, 0x54, 0xcb, 0xcd, 0xce, 0x31, 0x27, 0x0e, - 0x98, 0x2b, 0x75, 0x79, 0x1f, 0xba, 0xab, 0xfb, 0x5b, 0x47, 0x9b, 0xcf, 0xc0, 0xde, 0x72, 0xf6, - 0x33, 0xdf, 0x51, 0x7e, 0x88, 0x43, 0x8a, 0x2e, 0xc0, 0x54, 0x18, 0xf5, 0xab, 0x67, 0x76, 0x7e, - 0xfc, 0xe3, 0x69, 0x63, 0xfd, 0x4a, 0xbf, 0xb9, 0x7d, 0x0c, 0x44, 0xfc, 0x45, 0xf8, 0xfb, 0xb7, - 0xc2, 0x8f, 0xd9, 0x8c, 0x64, 0xb1, 0xa0, 0xfc, 0x40, 0xf9, 0x34, 0xa5, 0xf2, 0x07, 0xe3, 0xfb, - 0x69, 0x56, 0xc8, 0x67, 0xff, 0x7b, 0xec, 0x9f, 0x7b, 0x0a, 0x5d, 0xff, 0x0e, 0x00, 0x00, 0xff, - 0xff, 0x38, 0x1b, 0xf6, 0x4f, 0x17, 0x04, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// ProxyServiceClient is the client API for ProxyService service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type ProxyServiceClient interface { - Proxy(ctx context.Context, opts ...grpc.CallOption) (ProxyService_ProxyClient, error) -} - -type proxyServiceClient struct { - cc *grpc.ClientConn -} - -func NewProxyServiceClient(cc *grpc.ClientConn) ProxyServiceClient { - return &proxyServiceClient{cc} -} - -func (c *proxyServiceClient) Proxy(ctx context.Context, opts ...grpc.CallOption) (ProxyService_ProxyClient, error) { - stream, err := c.cc.NewStream(ctx, &_ProxyService_serviceDesc.Streams[0], "/ProxyService/Proxy", opts...) - if err != nil { - return nil, err - } - x := &proxyServiceProxyClient{stream} - return x, nil -} - -type ProxyService_ProxyClient interface { - Send(*Packet) error - Recv() (*Packet, error) - grpc.ClientStream -} - -type proxyServiceProxyClient struct { - grpc.ClientStream -} - -func (x *proxyServiceProxyClient) Send(m *Packet) error { - return x.ClientStream.SendMsg(m) -} - -func (x *proxyServiceProxyClient) Recv() (*Packet, error) { - m := new(Packet) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -// ProxyServiceServer is the server API for ProxyService service. -type ProxyServiceServer interface { - Proxy(ProxyService_ProxyServer) error -} - -// UnimplementedProxyServiceServer can be embedded to have forward compatible implementations. -type UnimplementedProxyServiceServer struct { -} - -func (*UnimplementedProxyServiceServer) Proxy(srv ProxyService_ProxyServer) error { - return status.Errorf(codes.Unimplemented, "method Proxy not implemented") -} - -func RegisterProxyServiceServer(s *grpc.Server, srv ProxyServiceServer) { - s.RegisterService(&_ProxyService_serviceDesc, srv) -} - -func _ProxyService_Proxy_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(ProxyServiceServer).Proxy(&proxyServiceProxyServer{stream}) -} - -type ProxyService_ProxyServer interface { - Send(*Packet) error - Recv() (*Packet, error) - grpc.ServerStream -} - -type proxyServiceProxyServer struct { - grpc.ServerStream -} - -func (x *proxyServiceProxyServer) Send(m *Packet) error { - return x.ServerStream.SendMsg(m) -} - -func (x *proxyServiceProxyServer) Recv() (*Packet, error) { - m := new(Packet) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -var _ProxyService_serviceDesc = grpc.ServiceDesc{ - ServiceName: "ProxyService", - HandlerType: (*ProxyServiceServer)(nil), - Methods: []grpc.MethodDesc{}, - Streams: []grpc.StreamDesc{ - { - StreamName: "Proxy", - Handler: _ProxyService_Proxy_Handler, - ServerStreams: true, - ClientStreams: true, - }, - }, - Metadata: "konnectivity-client/proto/client/client.proto", -} diff --git a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client/client.proto b/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client/client.proto deleted file mode 100644 index 0c4cff8cd2..0000000000 --- a/etcd/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client/client.proto +++ /dev/null @@ -1,102 +0,0 @@ -// Copyright The Kubernetes Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -// Retransmit? -// Sliding windows? - -option go_package = "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client"; - -service ProxyService { - rpc Proxy(stream Packet) returns (stream Packet) {} -} - -enum PacketType { - DIAL_REQ = 0; - DIAL_RSP = 1; - CLOSE_REQ = 2; - CLOSE_RSP = 3; - DATA = 4; - DIAL_CLS = 5; -} - -enum Error { - EOF = 0; - // ... -} - -message Packet { - PacketType type = 1; - - oneof payload { - DialRequest dialRequest = 2; - DialResponse dialResponse = 3; - Data data = 4; - CloseRequest closeRequest = 5; - CloseResponse closeResponse = 6; - CloseDial closeDial = 7; - } -} - -message DialRequest { - // tcp or udp? - string protocol = 1; - - // node:port - string address = 2; - - // random id for client, maybe should be longer - int64 random = 3; -} - -message DialResponse { - // error failed reason; enum? - string error = 1; - - // connectID indicates the identifier of the connection - int64 connectID = 2; - - // random copied from DialRequest - int64 random = 3; -} - -message CloseRequest { - // connectID of the stream to close - int64 connectID = 1; -} - -message CloseResponse { - // error message - string error = 1; - - // connectID indicates the identifier of the connection - int64 connectID = 2; -} - -message CloseDial { - // random id of the DialRequest - int64 random = 1; -} - -message Data { - // connectID to connect to - int64 connectID = 1; - - // error message if error happens - string error = 2; - - // stream data - bytes data = 3; -} diff --git a/etcd/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go b/etcd/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go deleted file mode 100644 index 75a492d8ea..0000000000 --- a/etcd/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go +++ /dev/null @@ -1,121 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package merge - -import ( - "fmt" - "sort" - "strings" - - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" -) - -// Conflict is a conflict on a specific field with the current manager of -// that field. It does implement the error interface so that it can be -// used as an error. -type Conflict struct { - Manager string - Path fieldpath.Path -} - -// Conflict is an error. -var _ error = Conflict{} - -// Error formats the conflict as an error. -func (c Conflict) Error() string { - return fmt.Sprintf("conflict with %q: %v", c.Manager, c.Path) -} - -// Equals returns true if c == c2 -func (c Conflict) Equals(c2 Conflict) bool { - if c.Manager != c2.Manager { - return false - } - return c.Path.Equals(c2.Path) -} - -// Conflicts accumulates multiple conflicts and aggregates them by managers. -type Conflicts []Conflict - -var _ error = Conflicts{} - -// Error prints the list of conflicts, grouped by sorted managers. -func (conflicts Conflicts) Error() string { - if len(conflicts) == 1 { - return conflicts[0].Error() - } - - m := map[string][]fieldpath.Path{} - for _, conflict := range conflicts { - m[conflict.Manager] = append(m[conflict.Manager], conflict.Path) - } - - managers := []string{} - for manager := range m { - managers = append(managers, manager) - } - - // Print conflicts by sorted managers. - sort.Strings(managers) - - messages := []string{} - for _, manager := range managers { - messages = append(messages, fmt.Sprintf("conflicts with %q:", manager)) - for _, path := range m[manager] { - messages = append(messages, fmt.Sprintf("- %v", path)) - } - } - return strings.Join(messages, "\n") -} - -// Equals returns true if the lists of conflicts are the same. -func (c Conflicts) Equals(c2 Conflicts) bool { - if len(c) != len(c2) { - return false - } - for i := range c { - if !c[i].Equals(c2[i]) { - return false - } - } - return true -} - -// ToSet aggregates conflicts for all managers into a single Set. -func (c Conflicts) ToSet() *fieldpath.Set { - set := fieldpath.NewSet() - for _, conflict := range []Conflict(c) { - set.Insert(conflict.Path) - } - return set -} - -// ConflictsFromManagers creates a list of conflicts given Managers sets. -func ConflictsFromManagers(sets fieldpath.ManagedFields) Conflicts { - conflicts := []Conflict{} - - for manager, set := range sets { - set.Set().Iterate(func(p fieldpath.Path) { - conflicts = append(conflicts, Conflict{ - Manager: manager, - Path: p, - }) - }) - } - - return conflicts -} diff --git a/etcd/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go b/etcd/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go deleted file mode 100644 index 1b23dcbd5e..0000000000 --- a/etcd/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go +++ /dev/null @@ -1,356 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package merge - -import ( - "fmt" - - "sigs.k8s.io/structured-merge-diff/v4/fieldpath" - "sigs.k8s.io/structured-merge-diff/v4/typed" -) - -// Converter is an interface to the conversion logic. The converter -// needs to be able to convert objects from one version to another. -type Converter interface { - Convert(object *typed.TypedValue, version fieldpath.APIVersion) (*typed.TypedValue, error) - IsMissingVersionError(error) bool -} - -// Updater is the object used to compute updated FieldSets and also -// merge the object on Apply. -type Updater struct { - Converter Converter - IgnoredFields map[fieldpath.APIVersion]*fieldpath.Set - - enableUnions bool -} - -// EnableUnionFeature turns on union handling. It is disabled by default until the -// feature is complete. -func (s *Updater) EnableUnionFeature() { - s.enableUnions = true -} - -func (s *Updater) update(oldObject, newObject *typed.TypedValue, version fieldpath.APIVersion, managers fieldpath.ManagedFields, workflow string, force bool) (fieldpath.ManagedFields, *typed.Comparison, error) { - conflicts := fieldpath.ManagedFields{} - removed := fieldpath.ManagedFields{} - compare, err := oldObject.Compare(newObject) - if err != nil { - return nil, nil, fmt.Errorf("failed to compare objects: %v", err) - } - - versions := map[fieldpath.APIVersion]*typed.Comparison{ - version: compare.ExcludeFields(s.IgnoredFields[version]), - } - - for manager, managerSet := range managers { - if manager == workflow { - continue - } - compare, ok := versions[managerSet.APIVersion()] - if !ok { - var err error - versionedOldObject, err := s.Converter.Convert(oldObject, managerSet.APIVersion()) - if err != nil { - if s.Converter.IsMissingVersionError(err) { - delete(managers, manager) - continue - } - return nil, nil, fmt.Errorf("failed to convert old object: %v", err) - } - versionedNewObject, err := s.Converter.Convert(newObject, managerSet.APIVersion()) - if err != nil { - if s.Converter.IsMissingVersionError(err) { - delete(managers, manager) - continue - } - return nil, nil, fmt.Errorf("failed to convert new object: %v", err) - } - compare, err = versionedOldObject.Compare(versionedNewObject) - if err != nil { - return nil, nil, fmt.Errorf("failed to compare objects: %v", err) - } - versions[managerSet.APIVersion()] = compare.ExcludeFields(s.IgnoredFields[managerSet.APIVersion()]) - } - - conflictSet := managerSet.Set().Intersection(compare.Modified.Union(compare.Added)) - if !conflictSet.Empty() { - conflicts[manager] = fieldpath.NewVersionedSet(conflictSet, managerSet.APIVersion(), false) - } - - if !compare.Removed.Empty() { - removed[manager] = fieldpath.NewVersionedSet(compare.Removed, managerSet.APIVersion(), false) - } - } - - if !force && len(conflicts) != 0 { - return nil, nil, ConflictsFromManagers(conflicts) - } - - for manager, conflictSet := range conflicts { - managers[manager] = fieldpath.NewVersionedSet(managers[manager].Set().Difference(conflictSet.Set()), managers[manager].APIVersion(), managers[manager].Applied()) - } - - for manager, removedSet := range removed { - managers[manager] = fieldpath.NewVersionedSet(managers[manager].Set().Difference(removedSet.Set()), managers[manager].APIVersion(), managers[manager].Applied()) - } - - for manager := range managers { - if managers[manager].Set().Empty() { - delete(managers, manager) - } - } - - return managers, compare, nil -} - -// Update is the method you should call once you've merged your final -// object on CREATE/UPDATE/PATCH verbs. newObject must be the object -// that you intend to persist (after applying the patch if this is for a -// PATCH call), and liveObject must be the original object (empty if -// this is a CREATE call). -func (s *Updater) Update(liveObject, newObject *typed.TypedValue, version fieldpath.APIVersion, managers fieldpath.ManagedFields, manager string) (*typed.TypedValue, fieldpath.ManagedFields, error) { - var err error - managers, err = s.reconcileManagedFieldsWithSchemaChanges(liveObject, managers) - if err != nil { - return nil, fieldpath.ManagedFields{}, err - } - if s.enableUnions { - newObject, err = liveObject.NormalizeUnions(newObject) - if err != nil { - return nil, fieldpath.ManagedFields{}, err - } - } - managers, compare, err := s.update(liveObject, newObject, version, managers, manager, true) - if err != nil { - return nil, fieldpath.ManagedFields{}, err - } - if _, ok := managers[manager]; !ok { - managers[manager] = fieldpath.NewVersionedSet(fieldpath.NewSet(), version, false) - } - - ignored := s.IgnoredFields[version] - if ignored == nil { - ignored = fieldpath.NewSet() - } - managers[manager] = fieldpath.NewVersionedSet( - managers[manager].Set().Union(compare.Modified).Union(compare.Added).Difference(compare.Removed).RecursiveDifference(ignored), - version, - false, - ) - if managers[manager].Set().Empty() { - delete(managers, manager) - } - return newObject, managers, nil -} - -// Apply should be called when Apply is run, given the current object as -// well as the configuration that is applied. This will merge the object -// and return it. If the object hasn't changed, nil is returned (the -// managers can still have changed though). -func (s *Updater) Apply(liveObject, configObject *typed.TypedValue, version fieldpath.APIVersion, managers fieldpath.ManagedFields, manager string, force bool) (*typed.TypedValue, fieldpath.ManagedFields, error) { - var err error - managers, err = s.reconcileManagedFieldsWithSchemaChanges(liveObject, managers) - if err != nil { - return nil, fieldpath.ManagedFields{}, err - } - if s.enableUnions { - configObject, err = configObject.NormalizeUnionsApply(configObject) - if err != nil { - return nil, fieldpath.ManagedFields{}, err - } - } - newObject, err := liveObject.Merge(configObject) - if err != nil { - return nil, fieldpath.ManagedFields{}, fmt.Errorf("failed to merge config: %v", err) - } - if s.enableUnions { - newObject, err = configObject.NormalizeUnionsApply(newObject) - if err != nil { - return nil, fieldpath.ManagedFields{}, err - } - } - lastSet := managers[manager] - set, err := configObject.ToFieldSet() - if err != nil { - return nil, fieldpath.ManagedFields{}, fmt.Errorf("failed to get field set: %v", err) - } - - ignored := s.IgnoredFields[version] - if ignored != nil { - set = set.RecursiveDifference(ignored) - // TODO: is this correct. If we don't remove from lastSet pruning might remove the fields? - if lastSet != nil { - lastSet.Set().RecursiveDifference(ignored) - } - } - managers[manager] = fieldpath.NewVersionedSet(set, version, true) - newObject, err = s.prune(newObject, managers, manager, lastSet) - if err != nil { - return nil, fieldpath.ManagedFields{}, fmt.Errorf("failed to prune fields: %v", err) - } - managers, compare, err := s.update(liveObject, newObject, version, managers, manager, force) - if err != nil { - return nil, fieldpath.ManagedFields{}, err - } - if compare.IsSame() { - newObject = nil - } - return newObject, managers, nil -} - -// prune will remove a field, list or map item, iff: -// * applyingManager applied it last time -// * applyingManager didn't apply it this time -// * no other applier claims to manage it -func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFields, applyingManager string, lastSet fieldpath.VersionedSet) (*typed.TypedValue, error) { - if lastSet == nil || lastSet.Set().Empty() { - return merged, nil - } - convertedMerged, err := s.Converter.Convert(merged, lastSet.APIVersion()) - if err != nil { - if s.Converter.IsMissingVersionError(err) { - return merged, nil - } - return nil, fmt.Errorf("failed to convert merged object to last applied version: %v", err) - } - - sc, tr := convertedMerged.Schema(), convertedMerged.TypeRef() - pruned := convertedMerged.RemoveItems(lastSet.Set().EnsureNamedFieldsAreMembers(sc, tr)) - pruned, err = s.addBackOwnedItems(convertedMerged, pruned, managers, applyingManager) - if err != nil { - return nil, fmt.Errorf("failed add back owned items: %v", err) - } - pruned, err = s.addBackDanglingItems(convertedMerged, pruned, lastSet) - if err != nil { - return nil, fmt.Errorf("failed add back dangling items: %v", err) - } - return s.Converter.Convert(pruned, managers[applyingManager].APIVersion()) -} - -// addBackOwnedItems adds back any fields, list and map items that were removed by prune, -// but other appliers or updaters (or the current applier's new config) claim to own. -func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, managedFields fieldpath.ManagedFields, applyingManager string) (*typed.TypedValue, error) { - var err error - managedAtVersion := map[fieldpath.APIVersion]*fieldpath.Set{} - for _, managerSet := range managedFields { - if _, ok := managedAtVersion[managerSet.APIVersion()]; !ok { - managedAtVersion[managerSet.APIVersion()] = fieldpath.NewSet() - } - managedAtVersion[managerSet.APIVersion()] = managedAtVersion[managerSet.APIVersion()].Union(managerSet.Set()) - } - // Add back owned items at pruned version first to avoid conversion failure - // caused by pruned fields which are required for conversion. - prunedVersion := fieldpath.APIVersion(*pruned.TypeRef().NamedType) - if managed, ok := managedAtVersion[prunedVersion]; ok { - merged, pruned, err = s.addBackOwnedItemsForVersion(merged, pruned, prunedVersion, managed) - if err != nil { - return nil, err - } - delete(managedAtVersion, prunedVersion) - } - for version, managed := range managedAtVersion { - merged, pruned, err = s.addBackOwnedItemsForVersion(merged, pruned, version, managed) - if err != nil { - return nil, err - } - } - return pruned, nil -} - -// addBackOwnedItemsForVersion adds back any fields, list and map items that were removed by prune with specific managed field path at a version. -// It is an extracted sub-function from addBackOwnedItems for code reuse. -func (s *Updater) addBackOwnedItemsForVersion(merged, pruned *typed.TypedValue, version fieldpath.APIVersion, managed *fieldpath.Set) (*typed.TypedValue, *typed.TypedValue, error) { - var err error - merged, err = s.Converter.Convert(merged, version) - if err != nil { - if s.Converter.IsMissingVersionError(err) { - return merged, pruned, nil - } - return nil, nil, fmt.Errorf("failed to convert merged object at version %v: %v", version, err) - } - pruned, err = s.Converter.Convert(pruned, version) - if err != nil { - if s.Converter.IsMissingVersionError(err) { - return merged, pruned, nil - } - return nil, nil, fmt.Errorf("failed to convert pruned object at version %v: %v", version, err) - } - mergedSet, err := merged.ToFieldSet() - if err != nil { - return nil, nil, fmt.Errorf("failed to create field set from merged object at version %v: %v", version, err) - } - prunedSet, err := pruned.ToFieldSet() - if err != nil { - return nil, nil, fmt.Errorf("failed to create field set from pruned object at version %v: %v", version, err) - } - sc, tr := merged.Schema(), merged.TypeRef() - pruned = merged.RemoveItems(mergedSet.EnsureNamedFieldsAreMembers(sc, tr).Difference(prunedSet.EnsureNamedFieldsAreMembers(sc, tr).Union(managed.EnsureNamedFieldsAreMembers(sc, tr)))) - return merged, pruned, nil -} - -// addBackDanglingItems makes sure that the fields list and map items removed by prune were -// previously owned by the currently applying manager. This will add back fields list and map items -// that are unowned or that are owned by Updaters and shouldn't be removed. -func (s *Updater) addBackDanglingItems(merged, pruned *typed.TypedValue, lastSet fieldpath.VersionedSet) (*typed.TypedValue, error) { - convertedPruned, err := s.Converter.Convert(pruned, lastSet.APIVersion()) - if err != nil { - if s.Converter.IsMissingVersionError(err) { - return merged, nil - } - return nil, fmt.Errorf("failed to convert pruned object to last applied version: %v", err) - } - prunedSet, err := convertedPruned.ToFieldSet() - if err != nil { - return nil, fmt.Errorf("failed to create field set from pruned object in last applied version: %v", err) - } - mergedSet, err := merged.ToFieldSet() - if err != nil { - return nil, fmt.Errorf("failed to create field set from merged object in last applied version: %v", err) - } - sc, tr := merged.Schema(), merged.TypeRef() - prunedSet = prunedSet.EnsureNamedFieldsAreMembers(sc, tr) - mergedSet = mergedSet.EnsureNamedFieldsAreMembers(sc, tr) - last := lastSet.Set().EnsureNamedFieldsAreMembers(sc, tr) - return merged.RemoveItems(mergedSet.Difference(prunedSet).Intersection(last)), nil -} - -// reconcileManagedFieldsWithSchemaChanges reconciles the managed fields with any changes to the -// object's schema since the managed fields were written. -// -// Supports: -// - changing types from atomic to granular -// - changing types from granular to atomic -func (s *Updater) reconcileManagedFieldsWithSchemaChanges(liveObject *typed.TypedValue, managers fieldpath.ManagedFields) (fieldpath.ManagedFields, error) { - result := fieldpath.ManagedFields{} - for manager, versionedSet := range managers { - tv, err := s.Converter.Convert(liveObject, versionedSet.APIVersion()) - if s.Converter.IsMissingVersionError(err) { // okay to skip, obsolete versions will be deleted automatically anyway - continue - } - if err != nil { - return nil, err - } - reconciled, err := typed.ReconcileFieldSetWithSchema(versionedSet.Set(), tv) - if err != nil { - return nil, err - } - if reconciled != nil { - result[manager] = fieldpath.NewVersionedSet(reconciled, versionedSet.APIVersion(), versionedSet.Applied()) - } else { - result[manager] = versionedSet - } - } - return result, nil -} diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 62cdfef35b..e69de29bb2 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,30 +0,0 @@ -# cluster-kube-apiserver-operator embedded-component 6ad0a9407be5d5229d605665986899be4b531b5e to 5cec361179f3658986890a87d0b51f40a1da89ad -898d8e6d6499349c99dfe5e6bf0b2d4fe9c623eb 2023-03-08T19:55:27+01:00 *: add encryption tests for aesgcm provider -0905c8657426282e85ddda34bc898555c84fda94 2023-03-08T19:55:05+01:00 bump(library-go,build-machinery-go) -ced3a4e5e2f6aa99a825121a55f2483add4d091d 2023-03-07T13:30:20+01:00 Disable TestBoundTokenSignerController -# kubernetes embedded-component bc894ae6a3e52346a6cfec06c49c6cf78c12b2af to 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb -dd61b9abded58bd2a683e6e15aca02c864296f3d 2023-03-08T14:22:19+00:00 UPSTREAM: 116227: Fix mounted volume expansion tests -# machine-config-operator embedded-component a8692a763fe156990882489908584be2363a3303 to 02d35277a879c72f48e63c31f36072376c7e2598 -8d66006499528e0939d0f82849193ffc7cc03845 2023-03-10T10:31:40+01:00 daemon: Only switchkernel if we are doing an OS update or kernel change -26f9ee914e8970e8498b73abfb1b337eedf4bb98 2023-03-09T20:33:56-05:00 Dockerfile: Fix removing extensions for fcos/scos -f76f989f6708046fd8f94cbf059c11f8e33519b3 2023-03-09T20:24:29-05:00 daemon: Only switchkernel if we are doing an OS update or kernel change -3463da92918895066475bf4c52edcaa9546632dd 2023-03-09T20:24:29-05:00 daemon: Always remove pending deployment before we do updates -0c9a071becb07313078f161cd01ba01e309ce1a0 2023-03-09T20:24:29-05:00 daemon: Move cleanup of pending deployment earlier -963ec9f1ef4f237e1bef2003700245419654cf78 2023-03-10T01:19:07+00:00 openshift-azure-routes: Avoid synchronizing too quickly -e3e55f177342e8a8ebd41a8cb34874786c2cc4c3 2023-03-10T01:19:07+00:00 daemon: Also override `kernel-modules-core` -3028a784b175d1962d00fd78931f826d1425f6b6 2023-03-10T01:19:07+00:00 Switch to rhel-coreos (9) -e3ccab32e102964bb633544c9cd30f857f7471ff 2023-03-10T01:19:07+00:00 checks perms for SSH key path dirs as well -85ae4ff6314f5aeee50ddf2126c31484ae3e4664 2023-03-10T01:19:07+00:00 teaches TestIgn3Cfg about the new RHCOS 9 key path -3ea8b6d286f99f9c19a03c3739847d161ddfb9d9 2023-03-10T01:19:07+00:00 ensures SSH keys get moved to the correct location -bba2cf04169f09be6fa942131987e8344325e868 2023-03-10T01:19:07+00:00 OKD release controller is out-of-date -a39d54043389605da6f633966dee5dbee0f76095 2023-03-10T01:19:07+00:00 ensures that RHCOS 9 SSH keys are in the right place -c844f7a78eac41165abe723d26ab9b77d0a6e0ad 2023-03-08T09:49:38-05:00 daemon: Make switchKernel less stateful -3b34b0794782c3ce9a180a88a62e1eb6d8870439 2023-03-08T09:49:28-05:00 vendor: Bump coreos/rpm-ostree-client-go -417c591bf074ce22db86bc81358fbab650b8f293 2023-03-08T09:47:27-05:00 daemon: Clean up `switchKernel` a bit -8c9f2e7587f2d46bfdb37ca540ea4423d87c8cf6 2023-03-08T14:19:43+00:00 Revert "daemon: Temporarily copy auth file with more open perms on FCOS" -8ffc3e24f61f04de1680c95bf051c785c3f0fc14 2023-03-07T03:54:38+00:00 Fix minor issues -fff7825abafc5a4de2abf4b5a48b7b5a41dd82a7 2023-03-07T03:54:38+00:00 Default the cgroup version to "v1" via base template controller -# kubernetes image-amd64 bc894ae6a3e52346a6cfec06c49c6cf78c12b2af to 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb -dd61b9abded58bd2a683e6e15aca02c864296f3d 2023-03-08T14:22:19+00:00 UPSTREAM: 116227: Fix mounted volume expansion tests -# kubernetes image-arm64 bc894ae6a3e52346a6cfec06c49c6cf78c12b2af to 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb -dd61b9abded58bd2a683e6e15aca02c864296f3d 2023-03-08T14:22:19+00:00 UPSTREAM: 116227: Fix mounted volume expansion tests From 3316da6d220a4a781e904b6a8434d67b9bd3d60b Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili <ggiguash@redhat.com> Date: Fri, 17 Mar 2023 06:53:19 +0000 Subject: [PATCH 19/79] Override journald configuration rather than editing the system files --- docs/config/microshift-starter.ks | 11 +++++++---- docs/greenboot.md | 13 ++++++++----- .../image-builder/config/kickstart.ks.template | 15 +++++++++------ 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/docs/config/microshift-starter.ks b/docs/config/microshift-starter.ks index 3697a1e453..4de738d54d 100644 --- a/docs/config/microshift-starter.ks +++ b/docs/config/microshift-starter.ks @@ -53,9 +53,12 @@ if ! subscription-manager status >& /dev/null ; then fi # Configure systemd journal service to persist logs between boots and limit their size to 1G -mkdir -p /var/log/journal/ -sed -i 's/.*Storage=.*/Storage=auto/g' /etc/systemd/journald.conf -sed -i 's/.*SystemMaxUse=.*/SystemMaxUse=1G/g' /etc/systemd/journald.conf -sed -i 's/.*RuntimeMaxUse=.*/RuntimeMaxUse=1G/g' /etc/systemd/journald.conf +sudo mkdir -p /etc/systemd/journald.conf.d +cat <<EOF | sudo tee /etc/systemd/journald.conf.d/microshift.conf &>/dev/null +[Journal] +Storage=persistent +SystemMaxUse=1G +RuntimeMaxUse=1G +EOF %end diff --git a/docs/greenboot.md b/docs/greenboot.md index 80c4a876fd..c0285c40d9 100644 --- a/docs/greenboot.md +++ b/docs/greenboot.md @@ -4,7 +4,7 @@ Serviceability of Edge Devices is often limited or non-existent, which makes it challenging to troubleshoot device problems following a failed software or -operating system upgrade. +operating system upgrade. To mitigate these problems, MicroShift uses [greenboot](https://github.com/fedora-iot/greenboot), the Generic Health Check Framework for `systemd` on `rpm-ostree` based systems. @@ -105,8 +105,11 @@ and setting limits on the maximal journal data size. Run the following commands to configure the journal data persistency and limits. ```bash -sudo mkdir -p /var/log/journal/ -sudo sed -i 's/.*Storage=.*/Storage=auto/g' /etc/systemd/journald.conf -sudo sed -i 's/.*SystemMaxUse=.*/SystemMaxUse=1G/g' /etc/systemd/journald.conf -sudo sed -i 's/.*RuntimeMaxUse=.*/RuntimeMaxUse=1G/g' /etc/systemd/journald.conf +sudo mkdir -p /etc/systemd/journald.conf.d +cat <<EOF | sudo tee /etc/systemd/journald.conf.d/microshift.conf &>/dev/null +[Journal] +Storage=persistent +SystemMaxUse=1G +RuntimeMaxUse=1G +EOF ``` diff --git a/scripts/image-builder/config/kickstart.ks.template b/scripts/image-builder/config/kickstart.ks.template index 5b1ebccb14..36339ff104 100644 --- a/scripts/image-builder/config/kickstart.ks.template +++ b/scripts/image-builder/config/kickstart.ks.template @@ -13,10 +13,10 @@ network --bootproto=dhcp --device=link --activate --onboot=on # For example, a 20GB disk would be partitioned in the following way: # # NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT -# sda 8:0 0 20G 0 disk +# sda 8:0 0 20G 0 disk # ├─sda1 8:1 0 200M 0 part /boot/efi # ├─sda1 8:1 0 800M 0 part /boot -# └─sda2 8:2 0 19G 0 part +# └─sda2 8:2 0 19G 0 part # └─rhel-root 253:0 0 10G 0 lvm /sysroot # zerombr @@ -66,10 +66,13 @@ firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 echo -e 'export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig' >> /root/.profile # Configure systemd journal service to persist logs between boots and limit their size to 1G -mkdir -p /var/log/journal/ -sed -i 's/.*Storage=.*/Storage=auto/g' /etc/systemd/journald.conf -sed -i 's/.*SystemMaxUse=.*/SystemMaxUse=1G/g' /etc/systemd/journald.conf -sed -i 's/.*RuntimeMaxUse=.*/RuntimeMaxUse=1G/g' /etc/systemd/journald.conf +sudo mkdir -p /etc/systemd/journald.conf.d +cat <<EOF | sudo tee /etc/systemd/journald.conf.d/microshift.conf &>/dev/null +[Journal] +Storage=persistent +SystemMaxUse=1G +RuntimeMaxUse=1G +EOF # Make sure all the Ethernet network interfaces are connected automatically for uuid in $(nmcli -f uuid,type,autoconnect connection | awk '$2 == "ethernet" && $3 == "no" {print $1}') ; do From aea24a95aa871ce850f6a5c1f99a3951844234f5 Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili <ggiguash@redhat.com> Date: Sun, 19 Mar 2023 14:17:29 +0000 Subject: [PATCH 20/79] Sanitize the values of wait timeout and max boots from greenboot.conf --- packaging/greenboot/functions.sh | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/packaging/greenboot/functions.sh b/packaging/greenboot/functions.sh index 5fde8d1650..30962f7da3 100644 --- a/packaging/greenboot/functions.sh +++ b/packaging/greenboot/functions.sh @@ -15,7 +15,8 @@ OCGET_CMD="oc get ${OCCONFIG_OPT}" # # The base value for the timeout and the maximum boot attempts can be defined in # the /etc/greenboot/greenboot.conf file using the MICROSHIFT_WAIT_TIMEOUT_SEC -# and GREENBOOT_MAX_BOOTS settings. +# and GREENBOOT_MAX_BOOTS settings. These values can be in the [60..9999] range +# for MICROSHIFT_WAIT_TIMEOUT_SEC and the [1..9] range for GREENBOOT_MAX_BOOTS. # # args: None # return: Print the recommended timeout value to stdout @@ -23,11 +24,29 @@ function get_wait_timeout() { # Source Greenboot configuration file if it exists local conf_file=/etc/greenboot/greenboot.conf [ -f "${conf_file}" ] && source ${conf_file} + + # Read and verify the wait timeout value, allowing for the [60..9999] range local base_timeout=${MICROSHIFT_WAIT_TIMEOUT_SEC:-300} + local reSecs='^[1-9]{1}[0-9]{0,3}$' + if [[ ! ${base_timeout} =~ $reSecs ]] ; then + base_timeout=300 + echo "Could not parse MICROSHIFT_WAIT_TIMEOUT_SEC value '${MICROSHIFT_WAIT_TIMEOUT_SEC}': using '${base_timeout}' instead" + fi + if [[ ${base_timeout} -lt 60 ]] ; then + base_timeout=60 + echo "MICROSHIFT_WAIT_TIMEOUT_SEC value '${MICROSHIFT_WAIT_TIMEOUT_SEC}' is less than 60: using '${base_timeout}' instead" + fi + + # Read and verify the max boots value, allowing for the [1..9] range + local max_boots=${GREENBOOT_MAX_BOOTS:-3} + local reBoots='^[1-9]{1}$' + if [[ ! ${max_boots} =~ $reBoots ]] ; then + max_boots=3 + echo "GREENBOOT_MAX_BOOTS value '${GREENBOOT_MAX_BOOTS}' is not in the [1..9] range: using '${max_boots}' instead" + fi # Update the wait timeout according to the boot counter. # The new wait timeout is a product of the timeout base and the number of boot attempts. - local max_boots=${GREENBOOT_MAX_BOOTS:-3} local boot_counter=$(grub2-editenv - list | grep ^boot_counter= | awk -F= '{print $2}') [ -z "${boot_counter}" ] && boot_counter=$(( $max_boots - 1 )) From 927d5e2deb9d31a48563ea20762a8af05e6e34ef Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Sat, 11 Mar 2023 18:51:00 -0500 Subject: [PATCH 21/79] OCPBUGS-9996: make lvms configuration more robust Instead of requiring the user to configure their system with a "rhel" volume group, look at the volume groups that exist and apply some selection rules: * If there is a "rhel" VG, use it. * If there is only one VG, use it. * Otherwise, disable the CSI driver with a log message. --- pkg/components/storage.go | 6 ++- pkg/config/lvmd/lvmd.go | 102 ++++++++++++++++++++++++++++++++--- pkg/config/lvmd/lvmd_test.go | 99 ++++++++++++++++++++++++++++++++++ 3 files changed, 198 insertions(+), 9 deletions(-) diff --git a/pkg/components/storage.go b/pkg/components/storage.go index 8a02e68350..6d12e50127 100644 --- a/pkg/components/storage.go +++ b/pkg/components/storage.go @@ -21,7 +21,7 @@ func getCSIPluginConfig() (*lvmd.Lvmd, error) { if _, err := os.Stat(lvmdConfig); !errors.Is(err, os.ErrNotExist) { return lvmd.NewLvmdConfigFromFile(lvmdConfig) } - return (&lvmd.Lvmd{}).WithDefaults(), nil + return lvmd.DefaultLvmdConfig() } func startCSIPlugin(cfg *config.MicroshiftConfig, kubeconfigPath string) error { @@ -81,6 +81,10 @@ func startCSIPlugin(cfg *config.MicroshiftConfig, kubeconfigPath string) error { if err != nil { return err } + if !lvmdCfg.IsEnabled() { + klog.V(2).Info("CSI is disabled. %s", lvmdCfg.DisabledReason) + return nil + } lvmdRenderParams, err := renderLvmdParams(lvmdCfg) if err != nil { return fmt.Errorf("rendering lvmd params: %v", err) diff --git a/pkg/config/lvmd/lvmd.go b/pkg/config/lvmd/lvmd.go index 2bf0e59bc3..7d86819126 100644 --- a/pkg/config/lvmd/lvmd.go +++ b/pkg/config/lvmd/lvmd.go @@ -3,34 +3,120 @@ package lvmd import ( "fmt" "os" + "os/exec" + "strings" "github.com/ghodss/yaml" + "k8s.io/klog/v2" ) const ( LvmdConfigFileName = "lvmd.yaml" defaultSockName = "/run/lvmd/lvmd.socket" defaultRHEL4EdgeVolumeGroup = "rhel" + + errorMessageNoVolumeGroups = "No volume groups found" + errorMessageMultipleVolumeGroups = "Multiple volume groups are available, but no configuration file was provided." ) // Lvmd stores the read-in or defaulted values of the lvmd configuration and provides the topolvm-node process information // about its host's storage environment. type Lvmd struct { - DeviceClasses []*DeviceClass `json:"device-classes"` - SocketName string `json:"socket-name"` + DeviceClasses []*DeviceClass `json:"device-classes"` + SocketName string `json:"socket-name"` + DisabledReason string `json:"-"` +} + +// IsEnabled returns a boolean indicating whether the CSI driver +// should be enabled for this host. +func (l *Lvmd) IsEnabled() bool { + return len(l.DeviceClasses) > 0 } -func (l *Lvmd) WithDefaults() *Lvmd { - l.SocketName = defaultSockName - l.DeviceClasses = []*DeviceClass{ +func uint64Ptr(val uint64) *uint64 { + return &val +} + +func getLvmdConfigForVGs(vgNames []string) (*Lvmd, error) { + response := &Lvmd{ + SocketName: defaultSockName, + } + + vgName := "" + if len(vgNames) == 0 { + + response.DisabledReason = errorMessageNoVolumeGroups + klog.V(2).Info(errorMessageNoVolumeGroups) + return response, nil + + } else if len(vgNames) == 1 { + + vgName = vgNames[0] + klog.V(2).Infof("Using volume group %q", vgName) + + } else { + + for _, name := range vgNames { + if name == defaultRHEL4EdgeVolumeGroup { + klog.V(2).Infof("Using default volume group %q", defaultRHEL4EdgeVolumeGroup) + vgName = name + break + } + } + + // If the default volume group is not found and there are + // multiple volume groups, disable the CSI driver. + if vgName == "" { + klog.V(2).Infof("Multiple volume groups available but no configuration file is present, disabling CSI. %v", vgNames) + response.DisabledReason = errorMessageMultipleVolumeGroups + return response, nil + } + } + + // Fill in the default device class using the selected volume + // group. + response.DeviceClasses = []*DeviceClass{ { Name: "default", - VolumeGroup: defaultRHEL4EdgeVolumeGroup, + VolumeGroup: vgName, Default: true, - SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), + SpareGB: uint64Ptr(defaultSpareGB), }, } - return l + return response, nil +} + +// DefaultLvmdConfig returns a configuration struct for Lvmd with +// default settings based on the current host. If a single volume +// group is found, that value is used. If multiple volume groups are +// available and one is named "rhel", that group is used. Otherwise, +// the configuration returned will report that it is not enabled (see +// IsEnabled()). +func DefaultLvmdConfig() (*Lvmd, error) { + vgNames, err := getVolumeGroups() + if err != nil { + return nil, fmt.Errorf("Failed to discover local volume groups: %s", err) + } + + return getLvmdConfigForVGs(vgNames) + +} + +// getVolumeGroups returns a slice of volume group names. +func getVolumeGroups() ([]string, error) { + cmd := exec.Command("vgs", "--readonly", "--options=name", "--noheadings") + output, err := cmd.Output() + if err != nil { + return nil, fmt.Errorf("error running vgs: %s", err) + } + names := []string{} + for _, line := range strings.Split(string(output), "\n") { + newName := strings.Trim(line, " \t\n") + if newName != "" { + names = append(names, newName) + } + } + return names, nil } func NewLvmdConfigFromFile(p string) (*Lvmd, error) { diff --git a/pkg/config/lvmd/lvmd_test.go b/pkg/config/lvmd/lvmd_test.go index 37ad13e84f..9a016130fc 100644 --- a/pkg/config/lvmd/lvmd_test.go +++ b/pkg/config/lvmd/lvmd_test.go @@ -4,8 +4,107 @@ import ( "encoding/json" "reflect" "testing" + + "github.com/stretchr/testify/assert" ) +func TestGetLvmdConfigForVGs(t *testing.T) { + tests := []struct { + name string + vgNames []string + expected *Lvmd + expectedErr error + }{ + { + name: "no groups", + expected: &Lvmd{ + SocketName: defaultSockName, + DisabledReason: errorMessageNoVolumeGroups, + }, + }, + { + name: "one group", + vgNames: []string{"choose-me"}, + expected: &Lvmd{ + SocketName: defaultSockName, + DeviceClasses: []*DeviceClass{ + { + Name: "default", + VolumeGroup: "choose-me", + Default: true, + SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), + }, + }, + }, + }, + { + name: "one group rhel", + vgNames: []string{"rhel"}, + expected: &Lvmd{ + SocketName: defaultSockName, + DeviceClasses: []*DeviceClass{ + { + Name: "default", + VolumeGroup: "rhel", + Default: true, + SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), + }, + }, + }, + }, + { + name: "rhel first", + vgNames: []string{"rhel", "other"}, + expected: &Lvmd{ + SocketName: defaultSockName, + DeviceClasses: []*DeviceClass{ + { + Name: "default", + VolumeGroup: "rhel", + Default: true, + SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), + }, + }, + }, + }, + { + name: "rhel last", + vgNames: []string{"other", "rhel"}, + expected: &Lvmd{ + SocketName: defaultSockName, + DeviceClasses: []*DeviceClass{ + { + Name: "default", + VolumeGroup: "rhel", + Default: true, + SpareGB: uint64Ptr(defaultSpareGB), + }, + }, + }, + }, + { + name: "no rhel", + vgNames: []string{"other", "choose-me"}, + expected: &Lvmd{ + SocketName: defaultSockName, + DisabledReason: errorMessageMultipleVolumeGroups, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + actual, err := getLvmdConfigForVGs(tt.vgNames) + assert.Equal(t, tt.expected, actual, "names: %v", tt.vgNames) + if tt.expectedErr != nil { + assert.Error(t, err) + } else { + assert.NoError(t, err) + } + }) + } +} + func Test_newLvmdConfigFromFile(t *testing.T) { iToP := func(i int) *uint64 { From b90c2e8f400125816aacefa4454f4550e4582717 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Wed, 15 Mar 2023 11:35:27 -0400 Subject: [PATCH 22/79] OCPBUGS-9996: update documentation explaining how the VG is picked --- docs/default_csi_plugin.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/default_csi_plugin.md b/docs/default_csi_plugin.md index c8ff733034..3b02ecec42 100644 --- a/docs/default_csi_plugin.md +++ b/docs/default_csi_plugin.md @@ -40,11 +40,17 @@ is run as. ## System Requirements -### Volume Group Name +### Default Volume Group -The default integration of LVMS assumes a volume-group named `rhel`. LVMS's node-controller expects that volume -group to exist prior to launching the service. If the volume group does not exist, the node-controller will fail to -start and enter a CrashLoopBackoff state. +If there is only one volume group on the system, LVMS uses it by +default. If there are multiple volume groups, and no configuration +file, LVMS looks for a volume group named `rhel`. If there is no +volume group named `rhel`, LVMS is disabled. + +LVMS expects all volume groups to exist prior to launching the +service. If LVMS is configured to use a volume group that does not +exist, the node-controller Pod will fail and enter a CrashLoopBackoff +state. ### Volume Size Increments From 5ad1d4e30984fb46ee0d858432e1ca07d6344407 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Wed, 15 Mar 2023 11:35:52 -0400 Subject: [PATCH 23/79] update LVMS documentation about configuration file location --- docs/default_csi_plugin.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/default_csi_plugin.md b/docs/default_csi_plugin.md index 3b02ecec42..28bae4bdf8 100644 --- a/docs/default_csi_plugin.md +++ b/docs/default_csi_plugin.md @@ -31,12 +31,8 @@ Full documentation of the config spec can be found at [github.com/red-hat-storag #### Path -The user provided lvmd config should be written to the same directory as the MicroShift config. If a MicroShift config -doesn't exist, MicroShift will assume default lvmd values. These paths will be checked for the config, depending on the user MicroShift -is run as. - -1. User config dir: `~/.microshift/lvmd.yaml` -2. Global config dir: `/etc/microshift/lvmd.yaml` +The user provided lvmd config should be written to the same directory as the MicroShift config. If an lvmd configuration file +does not exist in `/etc/microshift/lvmd.yaml`, MicroShift will use default values. ## System Requirements From 2115c168bdb6b8639e410477da26e429a18e20cf Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Wed, 15 Mar 2023 11:36:07 -0400 Subject: [PATCH 24/79] our LVMS is not a fork, it is a build of upstream --- docs/default_csi_plugin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/default_csi_plugin.md b/docs/default_csi_plugin.md index 28bae4bdf8..8a6d30da6c 100644 --- a/docs/default_csi_plugin.md +++ b/docs/default_csi_plugin.md @@ -3,7 +3,7 @@ > **IMPORTANT!** The default LVMS configuration is intended to match the developer environment described in [MicroShift Development Environment](./devenv_setup.md). See section **[Configuring LVMS](#Configuring-LVMS)** for guidance on configuring LVMS for your environment. MicroShift enables dynamic storage provisioning out of the box with the LVMS CSI plugin. This plugin is a downstream -Red Hat fork of TopoLVM. This provisioner will create a new LVM logical volume in the `rhel` volume group for each +Red Hat build of TopoLVM. This provisioner will create a new LVM logical volume in the `rhel` volume group for each PersistenVolumeClaim(PVC), and make these volumes available to pods. For more information on LVMS, visit the repo's [README](https://github.com/red-hat-storage/topolvm). From 1e8f5367646eba4a776f05605631b17fe2dbc59a Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Fri, 17 Mar 2023 10:15:07 -0400 Subject: [PATCH 25/79] OCPBUGS-9996: Change default VG name to "microshift" When there are multiple volume groups, look for one named "microshift" to use, instead of "rhel". --- docs/default_csi_plugin.md | 6 +++--- pkg/config/lvmd/lvmd.go | 2 +- pkg/config/lvmd/lvmd_test.go | 20 ++++++++++---------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/default_csi_plugin.md b/docs/default_csi_plugin.md index 8a6d30da6c..4bd2682f62 100644 --- a/docs/default_csi_plugin.md +++ b/docs/default_csi_plugin.md @@ -32,7 +32,7 @@ Full documentation of the config spec can be found at [github.com/red-hat-storag #### Path The user provided lvmd config should be written to the same directory as the MicroShift config. If an lvmd configuration file -does not exist in `/etc/microshift/lvmd.yaml`, MicroShift will use default values. +does not exist in `/etc/microshift/lvmd.yaml`, MicroShift will use default values. ## System Requirements @@ -40,8 +40,8 @@ does not exist in `/etc/microshift/lvmd.yaml`, MicroShift will use default value If there is only one volume group on the system, LVMS uses it by default. If there are multiple volume groups, and no configuration -file, LVMS looks for a volume group named `rhel`. If there is no -volume group named `rhel`, LVMS is disabled. +file, LVMS looks for a volume group named `microshift`. If there is no +volume group named `microshift`, LVMS is disabled. LVMS expects all volume groups to exist prior to launching the service. If LVMS is configured to use a volume group that does not diff --git a/pkg/config/lvmd/lvmd.go b/pkg/config/lvmd/lvmd.go index 7d86819126..5036013082 100644 --- a/pkg/config/lvmd/lvmd.go +++ b/pkg/config/lvmd/lvmd.go @@ -13,7 +13,7 @@ import ( const ( LvmdConfigFileName = "lvmd.yaml" defaultSockName = "/run/lvmd/lvmd.socket" - defaultRHEL4EdgeVolumeGroup = "rhel" + defaultRHEL4EdgeVolumeGroup = "microshift" errorMessageNoVolumeGroups = "No volume groups found" errorMessageMultipleVolumeGroups = "Multiple volume groups are available, but no configuration file was provided." diff --git a/pkg/config/lvmd/lvmd_test.go b/pkg/config/lvmd/lvmd_test.go index 9a016130fc..667baf8639 100644 --- a/pkg/config/lvmd/lvmd_test.go +++ b/pkg/config/lvmd/lvmd_test.go @@ -38,14 +38,14 @@ func TestGetLvmdConfigForVGs(t *testing.T) { }, }, { - name: "one group rhel", - vgNames: []string{"rhel"}, + name: "one group default", + vgNames: []string{defaultRHEL4EdgeVolumeGroup}, expected: &Lvmd{ SocketName: defaultSockName, DeviceClasses: []*DeviceClass{ { Name: "default", - VolumeGroup: "rhel", + VolumeGroup: defaultRHEL4EdgeVolumeGroup, Default: true, SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), }, @@ -53,14 +53,14 @@ func TestGetLvmdConfigForVGs(t *testing.T) { }, }, { - name: "rhel first", - vgNames: []string{"rhel", "other"}, + name: "default first", + vgNames: []string{defaultRHEL4EdgeVolumeGroup, "other"}, expected: &Lvmd{ SocketName: defaultSockName, DeviceClasses: []*DeviceClass{ { Name: "default", - VolumeGroup: "rhel", + VolumeGroup: defaultRHEL4EdgeVolumeGroup, Default: true, SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), }, @@ -68,14 +68,14 @@ func TestGetLvmdConfigForVGs(t *testing.T) { }, }, { - name: "rhel last", - vgNames: []string{"other", "rhel"}, + name: "default last", + vgNames: []string{"other", defaultRHEL4EdgeVolumeGroup}, expected: &Lvmd{ SocketName: defaultSockName, DeviceClasses: []*DeviceClass{ { Name: "default", - VolumeGroup: "rhel", + VolumeGroup: defaultRHEL4EdgeVolumeGroup, Default: true, SpareGB: uint64Ptr(defaultSpareGB), }, @@ -83,7 +83,7 @@ func TestGetLvmdConfigForVGs(t *testing.T) { }, }, { - name: "no rhel", + name: "no default", vgNames: []string{"other", "choose-me"}, expected: &Lvmd{ SocketName: defaultSockName, From 22c7d0c20f097e64027bbab9a9220b4303dc74b9 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Sun, 19 Mar 2023 10:38:08 -0400 Subject: [PATCH 26/79] OCPBUGS-9996: show where we get the lvmd configuration Include a message in the body of the file added to the config map to explain where the content came from. --- pkg/components/render.go | 6 +++++- pkg/components/storage.go | 2 +- pkg/config/lvmd/lvmd.go | 15 ++++++++++----- pkg/config/lvmd/lvmd_test.go | 13 +++++++++---- 4 files changed, 25 insertions(+), 11 deletions(-) diff --git a/pkg/components/render.go b/pkg/components/render.go index ce2c26c39d..b24723c5db 100755 --- a/pkg/components/render.go +++ b/pkg/components/render.go @@ -54,7 +54,11 @@ func renderLvmdParams(l *lvmd.Lvmd) (assets.RenderParams, error) { if err != nil { return nil, err } - r["lvmd"] = string(b) + content := string(b) + if l.Message != "" { + content = fmt.Sprintf("# %s\n%s", l.Message, content) + } + r["lvmd"] = content r["SocketName"] = l.SocketName return r, nil } diff --git a/pkg/components/storage.go b/pkg/components/storage.go index 6d12e50127..e55ac423d3 100644 --- a/pkg/components/storage.go +++ b/pkg/components/storage.go @@ -82,7 +82,7 @@ func startCSIPlugin(cfg *config.MicroshiftConfig, kubeconfigPath string) error { return err } if !lvmdCfg.IsEnabled() { - klog.V(2).Info("CSI is disabled. %s", lvmdCfg.DisabledReason) + klog.V(2).Info("CSI is disabled. %s", lvmdCfg.Message) return nil } lvmdRenderParams, err := renderLvmdParams(lvmdCfg) diff --git a/pkg/config/lvmd/lvmd.go b/pkg/config/lvmd/lvmd.go index 5036013082..b0bea33732 100644 --- a/pkg/config/lvmd/lvmd.go +++ b/pkg/config/lvmd/lvmd.go @@ -17,14 +17,16 @@ const ( errorMessageNoVolumeGroups = "No volume groups found" errorMessageMultipleVolumeGroups = "Multiple volume groups are available, but no configuration file was provided." + statusMessageFoundDefault = "Found default volume group \"microshift\"" + statusMessageDefaultAvailable = "Defaulting to the only available volume group" ) // Lvmd stores the read-in or defaulted values of the lvmd configuration and provides the topolvm-node process information // about its host's storage environment. type Lvmd struct { - DeviceClasses []*DeviceClass `json:"device-classes"` - SocketName string `json:"socket-name"` - DisabledReason string `json:"-"` + DeviceClasses []*DeviceClass `json:"device-classes"` + SocketName string `json:"socket-name"` + Message string `json:"-"` } // IsEnabled returns a boolean indicating whether the CSI driver @@ -45,7 +47,7 @@ func getLvmdConfigForVGs(vgNames []string) (*Lvmd, error) { vgName := "" if len(vgNames) == 0 { - response.DisabledReason = errorMessageNoVolumeGroups + response.Message = errorMessageNoVolumeGroups klog.V(2).Info(errorMessageNoVolumeGroups) return response, nil @@ -53,6 +55,7 @@ func getLvmdConfigForVGs(vgNames []string) (*Lvmd, error) { vgName = vgNames[0] klog.V(2).Infof("Using volume group %q", vgName) + response.Message = statusMessageDefaultAvailable } else { @@ -60,6 +63,7 @@ func getLvmdConfigForVGs(vgNames []string) (*Lvmd, error) { if name == defaultRHEL4EdgeVolumeGroup { klog.V(2).Infof("Using default volume group %q", defaultRHEL4EdgeVolumeGroup) vgName = name + response.Message = statusMessageFoundDefault break } } @@ -68,7 +72,7 @@ func getLvmdConfigForVGs(vgNames []string) (*Lvmd, error) { // multiple volume groups, disable the CSI driver. if vgName == "" { klog.V(2).Infof("Multiple volume groups available but no configuration file is present, disabling CSI. %v", vgNames) - response.DisabledReason = errorMessageMultipleVolumeGroups + response.Message = errorMessageMultipleVolumeGroups return response, nil } } @@ -133,5 +137,6 @@ func NewLvmdConfigFromFile(p string) (*Lvmd, error) { if l.SocketName == "" { l.SocketName = defaultSockName } + l.Message = fmt.Sprintf("Read from %s", p) return l, nil } diff --git a/pkg/config/lvmd/lvmd_test.go b/pkg/config/lvmd/lvmd_test.go index 667baf8639..854117e006 100644 --- a/pkg/config/lvmd/lvmd_test.go +++ b/pkg/config/lvmd/lvmd_test.go @@ -18,8 +18,8 @@ func TestGetLvmdConfigForVGs(t *testing.T) { { name: "no groups", expected: &Lvmd{ - SocketName: defaultSockName, - DisabledReason: errorMessageNoVolumeGroups, + SocketName: defaultSockName, + Message: errorMessageNoVolumeGroups, }, }, { @@ -35,6 +35,7 @@ func TestGetLvmdConfigForVGs(t *testing.T) { SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), }, }, + Message: statusMessageDefaultAvailable, }, }, { @@ -50,6 +51,7 @@ func TestGetLvmdConfigForVGs(t *testing.T) { SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), }, }, + Message: statusMessageDefaultAvailable, }, }, { @@ -65,6 +67,7 @@ func TestGetLvmdConfigForVGs(t *testing.T) { SpareGB: func() *uint64 { s := uint64(defaultSpareGB); return &s }(), }, }, + Message: statusMessageFoundDefault, }, }, { @@ -80,14 +83,15 @@ func TestGetLvmdConfigForVGs(t *testing.T) { SpareGB: uint64Ptr(defaultSpareGB), }, }, + Message: statusMessageFoundDefault, }, }, { name: "no default", vgNames: []string{"other", "choose-me"}, expected: &Lvmd{ - SocketName: defaultSockName, - DisabledReason: errorMessageMultipleVolumeGroups, + SocketName: defaultSockName, + Message: errorMessageMultipleVolumeGroups, }, }, } @@ -150,6 +154,7 @@ func Test_newLvmdConfigFromFile(t *testing.T) { SpareGB: iToP(5), }, }, + Message: "Read from ./test/lvmd.yaml", }, wantErr: false, }, From b3f5ebecb55a34ee2ed5f0c894c9d72b3a504863 Mon Sep 17 00:00:00 2001 From: Zenghui Shi <zshi@redhat.com> Date: Fri, 17 Mar 2023 11:31:42 +0800 Subject: [PATCH 27/79] Update ovn-kubernetes to rhel9 based image Signed-off-by: Zenghui Shi <zshi@redhat.com> (cherry picked from commit f0585c67818cfe9fe2b68bfe9cb4581f520bb0a8) --- assets/components/ovn/master/daemonset.yaml | 8 ++++---- assets/components/ovn/node/daemonset.yaml | 2 +- assets/release/release-aarch64.json | 2 +- assets/release/release-x86_64.json | 2 +- scripts/auto-rebase/rebase.sh | 6 +++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/assets/components/ovn/master/daemonset.yaml b/assets/components/ovn/master/daemonset.yaml index df8858802e..ed0675fe29 100644 --- a/assets/components/ovn/master/daemonset.yaml +++ b/assets/components/ovn/master/daemonset.yaml @@ -44,7 +44,7 @@ spec: containers: # ovn-northd: convert network objects in nbdb to flows in sbdb - name: northd - image: {{ .ReleaseImage.ovn_kubernetes_microshift }} + image: {{ .ReleaseImage.ovn_kubernetes_microshift_rhel_9 }} command: - /bin/bash - -c @@ -97,7 +97,7 @@ spec: # nbdb: the northbound, or logical network object DB. In raft mode - name: nbdb - image: {{ .ReleaseImage.ovn_kubernetes_microshift }} + image: {{ .ReleaseImage.ovn_kubernetes_microshift_rhel_9 }} command: - /bin/bash - -c @@ -223,7 +223,7 @@ spec: # sbdb: The southbound, or flow DB. In raft mode - name: sbdb - image: {{ .ReleaseImage.ovn_kubernetes_microshift }} + image: {{ .ReleaseImage.ovn_kubernetes_microshift_rhel_9 }} command: - /bin/bash - -c @@ -315,7 +315,7 @@ spec: # ovnkube master: convert kubernetes objects in to nbdb logical network components - name: ovnkube-master - image: {{ .ReleaseImage.ovn_kubernetes_microshift }} + image: {{ .ReleaseImage.ovn_kubernetes_microshift_rhel_9 }} command: - /bin/bash - -c diff --git a/assets/components/ovn/node/daemonset.yaml b/assets/components/ovn/node/daemonset.yaml index 7e7cf95137..3b7862df36 100644 --- a/assets/components/ovn/node/daemonset.yaml +++ b/assets/components/ovn/node/daemonset.yaml @@ -40,7 +40,7 @@ spec: containers: # ovn-controller: programs the vswitch with flows from the sbdb - name: ovn-controller - image: {{ .ReleaseImage.ovn_kubernetes_microshift }} + image: {{ .ReleaseImage.ovn_kubernetes_microshift_rhel_9 }} command: - /bin/bash - -c diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index a55a101946..ddaf78b6e8 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -8,7 +8,7 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b7e855f833595e8871b140b2b02ec51bf553c2186615b095f2caf34bfec99fc6", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f67aabd2c69a990bcf8ff6565b615ef5c519bedd6ad3f74784bd2ce126cb0540", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce7b69828d3928ff464a8c0decfbf668d4ac3d6cc932ed67867c7b2c2d4c5b53", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8dd1449567b0a39e4dd99868caba37a61e212f1865df45538a2030001d9c3ac2", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 566e32a3b5..82da629117 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -8,7 +8,7 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce5e10eef4461c3717d9e0283cb04d592dfa1dcff3f9c27ca71ac908b967a0ea", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:017a208e4b613bd3085a0504a8494eb60763af28ed9906a94affdb884b54a04e", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c204064227e6e8eb388e75d7e44c1e4a6d79895433c5962266d8a349ac7f081d", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c9ee67ac927595049bd3854b5c224269452873bb446115d0cf6fe382f54c94b0", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", diff --git a/scripts/auto-rebase/rebase.sh b/scripts/auto-rebase/rebase.sh index 39daa4a858..74d2767135 100755 --- a/scripts/auto-rebase/rebase.sh +++ b/scripts/auto-rebase/rebase.sh @@ -646,13 +646,13 @@ update_images() { "${REPOROOT}/packaging/crio.conf.d/microshift_${goarch}.conf" done - # 2023-03-02: Freeze ovn-kubernetes-microshift to avoid using image "double metrics registration panic" issue + # 2023-03-02: Freeze ovn-kubernetes-microshift-rhel-9 to avoid using image "double metrics registration panic" issue # TODO: Remove when issue is fixed - jq -e '.images."ovn-kubernetes-microshift" = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065"' \ + jq -e '.images."ovn-kubernetes-microshift-rhel-9" = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065"' \ "${REPOROOT}/assets/release/release-x86_64.json" > "${REPOROOT}/assets/release/release-x86_64.json.tmp" mv "${REPOROOT}/assets/release/release-x86_64.json.tmp" "${REPOROOT}/assets/release/release-x86_64.json" - jq -e '.images."ovn-kubernetes-microshift" = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca"' \ + jq -e '.images."ovn-kubernetes-microshift-rhel-9" = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca"' \ "${REPOROOT}/assets/release/release-aarch64.json" > "${REPOROOT}/assets/release/release-aarch64.json.tmp" mv "${REPOROOT}/assets/release/release-aarch64.json.tmp" "${REPOROOT}/assets/release/release-aarch64.json" From 632aceb84866e92fc3f6f02680933685ae0a248b Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili <ggiguash@redhat.com> Date: Mon, 20 Mar 2023 13:20:48 +0200 Subject: [PATCH 28/79] Fix output directory name in devenv docs --- docs/devenv_setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/devenv_setup.md b/docs/devenv_setup.md index 1acdda8472..2ca2082087 100644 --- a/docs/devenv_setup.md +++ b/docs/devenv_setup.md @@ -232,7 +232,7 @@ Examine the `/tmp/microshift.log` log file to ensure a successful startup. > An alternative way of running MicroShift is to update `/usr/bin/microshift` file and restart the service. The logs would then be accessible by running the `journalctl -xu microshift` command. > ```bash -> sudo cp -f ~/microshift/_output_/bin/microshift /usr/bin/microshift +> sudo cp -f ~/microshift/_output/bin/microshift /usr/bin/microshift > sudo systemctl restart microshift > ``` From 2322bbf24110c1de475155628634b05ba70cca69 Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Tue, 21 Feb 2023 12:56:24 -0600 Subject: [PATCH 29/79] pad out topolvm startup grace period to allow dns startup --- assets/components/lvms/topolvm-controller_deployment.yaml | 6 ++++++ assets/components/lvms/topolvm-node_daemonset.yaml | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/assets/components/lvms/topolvm-controller_deployment.yaml b/assets/components/lvms/topolvm-controller_deployment.yaml index b67921aec8..a69ebd34a0 100644 --- a/assets/components/lvms/topolvm-controller_deployment.yaml +++ b/assets/components/lvms/topolvm-controller_deployment.yaml @@ -23,6 +23,12 @@ spec: - /topolvm-controller - --cert-dir=/certs image: '{{ .ReleaseImage.topolvm_csi }}' + startupProbe: + failureThreshold: 60 + periodSeconds: 2 + httpGet: + port: healthz + path: /healthz livenessProbe: failureThreshold: 3 httpGet: diff --git a/assets/components/lvms/topolvm-node_daemonset.yaml b/assets/components/lvms/topolvm-node_daemonset.yaml index ea293b1f16..3a3ea02edf 100644 --- a/assets/components/lvms/topolvm-node_daemonset.yaml +++ b/assets/components/lvms/topolvm-node_daemonset.yaml @@ -64,6 +64,13 @@ spec: initialDelaySeconds: 10 periodSeconds: 60 timeoutSeconds: 3 + startupProbe: + failureThreshold: 60 + successThreshold: 1 + periodSeconds: 2 + httpGet: + port: healthz + path: /healthz name: topolvm-node ports: - containerPort: 9808 From ded25c8fe9abc190f568510ac9c05adb7a2bb99a Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Tue, 21 Mar 2023 03:14:47 -0400 Subject: [PATCH 30/79] rebase-4.13.0-0.nightly-2023-03-19-052243_amd64-2023-03-19_arm64-2023-03-20 (#1538) * update last_rebase.sh * update changelog * update component images * update manifests --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- assets/release/release-aarch64.json | 14 +++++++------- assets/release/release-x86_64.json | 14 +++++++------- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 21 +++++++++++++++++++++ scripts/auto-rebase/commits.txt | 10 ++++++---- scripts/auto-rebase/last_rebase.sh | 2 +- 7 files changed, 44 insertions(+), 21 deletions(-) diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index ddaf78b6e8..9bf648403d 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-03-14-173645" + "base": "4.13.0-0.nightly-arm64-2023-03-20-203741" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ae6c33506ce9d8774313aa43f2d51081b2d72c8d2954669e609b5a8efe09df1b", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7a25edfcdcfb5169694c9e9f4c32e32133edcea185e63ff16018a710d546d750", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b7e855f833595e8871b140b2b02ec51bf553c2186615b095f2caf34bfec99fc6", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f67aabd2c69a990bcf8ff6565b615ef5c519bedd6ad3f74784bd2ce126cb0540", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:445670bcaf530b0608f2ebba64ec716b1d84840d43149576b68980a689412bc2", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ec2a9cb239bbce0ff1bb58e4bbfca7fc86744a63b454509923e6ee5532f61cae", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:818d27868481e940af1a28783d2ab5c5d122ad3baaacd2fb9f6545c4fa0251bb", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:11085faadac204f2eab74f84ca956581a689cf0543ac8f17ad366b941fa19c57", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce7b69828d3928ff464a8c0decfbf668d4ac3d6cc932ed67867c7b2c2d4c5b53", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8dd1449567b0a39e4dd99868caba37a61e212f1865df45538a2030001d9c3ac2", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b163fc8ae8e729728ab08fae22245dc16c88c624afdd96b7cc6623bbb4a8b5f8", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8feb18d7423f4fc6f01203d7fe7c5652324f2b1ec673a3f47b612248ef4977be", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 82da629117..df494dede6 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-2023-03-14-053612" + "base": "4.13.0-0.nightly-2023-03-19-052243" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2448f5c3de0d96379a8a496adf09a8521e4a117b027b823b25eaff31d922984", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:42bcf8599fe7e55a2fb01cc6009007143619a507fb9e587e1568791cc4a5c8db", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce5e10eef4461c3717d9e0283cb04d592dfa1dcff3f9c27ca71ac908b967a0ea", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:017a208e4b613bd3085a0504a8494eb60763af28ed9906a94affdb884b54a04e", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c66da0adc83e5e6db1824ff5cf204610d36f29fc0c7a8352b24795f58151eefe", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a604c96952da5e59f104a305e0c8303d474e33ef345b8c534fd677f189d05299", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0743d54d3acaf6558295618248ff446b4352dde0234d52465d7578c7c261e6fd", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5795789f6e56ae0c7644ae2380c6d88d6b2a88d64ab8581064bc746f0a97b52d", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c204064227e6e8eb388e75d7e44c1e4a6d79895433c5962266d8a349ac7f081d", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c9ee67ac927595049bd3854b5c224269452873bb446115d0cf6fe382f54c94b0", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a21858c61e35722a243df3593c0329e90c4f78c334b21177da3a2f94f9c14dc", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7f7cb6554c1dc9b5b3b58f162f592062e5c63bf24c5ed90a62074e117be3f743", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index b0edfc17e6..fd7bf88370 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c204064227e6e8eb388e75d7e44c1e4a6d79895433c5962266d8a349ac7f081d" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a21858c61e35722a243df3593c0329e90c4f78c334b21177da3a2f94f9c14dc" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 0ad42b167a..c592d4636d 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ce7b69828d3928ff464a8c0decfbf668d4ac3d6cc932ed67867c7b2c2d4c5b53" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b163fc8ae8e729728ab08fae22245dc16c88c624afdd96b7cc6623bbb4a8b5f8" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index e69de29bb2..62b06961eb 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -0,0 +1,21 @@ +# cluster-network-operator embedded-component c0208114e49b3ee34bb073ea7d09cf82273573b0 to 040d5efed272789341b16858f63c2d0bcdb71b50 +aa97a84efe7f3bf892f7d74d94ed4405b123fd65 2023-03-17T03:15:52+00:00 Point libreswan to proper nss location +53d3972e5e287c3d4eabbbb8485324f72ceddb4f 2023-03-10T13:05:19+00:00 HyperShift: Set priority class for CNCC +7f983c90f1f9a1c2259bc41503c443b62dc5b10c 2023-03-10T13:05:19+00:00 HyperShift: Adapt affinity and tolerations +1756b472710f9a53e6669ae4923246c267c63d98 2023-03-10T13:05:19+00:00 HyperShift: Co-locate CNCC and multus admission controller with other hcp pods +fa7c5559546a8a3434c41a7be945dbfcd5de10f6 2023-03-09T15:24:09+01:00 Set healthz-bind-address to 0.0.0.0:10256 for ovnk +ea081581bf467c22faeb9f178cab66c551fad588 2023-03-09T15:24:08+01:00 Pass POD_NAME to ovnkube node for node healthz server checks +fa545fad09bd9d8fbc447fd7a6759c96c12d5390 2023-03-03T14:26:59+00:00 OVN-K alerts: add OVS overflow alerts +# machine-config-operator embedded-component 02d35277a879c72f48e63c31f36072376c7e2598 to 40575b862f7bd42a2c40c8e6b7203cd4c29b0021 +4c693157fbbac8962d0b2b5de77893f49c8a6879 2023-03-16T19:28:55+00:00 daemon: Drop duplicate `--authfile` used in `run` +f9f358260da206bf27d4c6579bcab3ec93a4875f 2023-03-14T02:28:32+00:00 Remove hard requirement for the afterburn from early-running aws-related services +# oc image-amd64 02362102a19e81ebecb90906f41687e4e4350dfe to eed143055ede731029931ad204b19cd2f565ef1a +c3d6a7830ec95b4cf8dc413c15b57d0c5176e3ca 2023-03-16T06:25:04+00:00 Add microshift into generate-docs +# ovn-kubernetes image-amd64 Script exited with error. to dd45efd39e5db428d4578ed6787e6c08b79e2df5 +There was an error determining the changes + +# oc image-arm64 02362102a19e81ebecb90906f41687e4e4350dfe to eed143055ede731029931ad204b19cd2f565ef1a +c3d6a7830ec95b4cf8dc413c15b57d0c5176e3ca 2023-03-16T06:25:04+00:00 Add microshift into generate-docs +# ovn-kubernetes image-arm64 Script exited with error. to dd45efd39e5db428d4578ed6787e6c08b79e2df5 +There was an error determining the changes + diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 69f439e32a..dc17b25f33 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -3,24 +3,26 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 5cec361179f3658986890a87d0b51f40a1da89ad https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 4ca346ef97def3697f1aa0368c9b35459b9b2f59 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component d3978864fb58063235be176c18fe50457b5223f3 -https://github.com/openshift/cluster-network-operator embedded-component c0208114e49b3ee34bb073ea7d09cf82273573b0 +https://github.com/openshift/cluster-network-operator embedded-component 040d5efed272789341b16858f63c2d0bcdb71b50 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 7867c26e6c91e2cc279317dfc080befe63a60749 https://github.com/openshift/cluster-policy-controller embedded-component ac01e3463245f2dd9312145368d7f4099a8a0bb9 https://github.com/openshift/etcd embedded-component 13c18c444a8c6a86ccbba16cce664008f5f948bd https://github.com/openshift/kubernetes embedded-component 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb -https://github.com/openshift/machine-config-operator embedded-component 02d35277a879c72f48e63c31f36072376c7e2598 +https://github.com/openshift/machine-config-operator embedded-component 40575b862f7bd42a2c40c8e6b7203cd4c29b0021 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a -https://github.com/openshift/oc image-amd64 02362102a19e81ebecb90906f41687e4e4350dfe +https://github.com/openshift/oc image-amd64 eed143055ede731029931ad204b19cd2f565ef1a https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e +https://github.com/openshift/ovn-kubernetes image-amd64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 https://github.com/openshift/kubernetes image-amd64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a -https://github.com/openshift/oc image-arm64 02362102a19e81ebecb90906f41687e4e4350dfe +https://github.com/openshift/oc image-arm64 eed143055ede731029931ad204b19cd2f565ef1a https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e +https://github.com/openshift/ovn-kubernetes image-arm64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 https://github.com/openshift/kubernetes image-arm64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index c748732557..60dc17c287 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-14-053612" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-14-173645" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-19-052243" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-20-203741" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 79352f7a25ae7dfa2f4162bdc77a79b230cde7db Mon Sep 17 00:00:00 2001 From: Patryk Matuszak <305846+pmtk@users.noreply.github.com> Date: Tue, 21 Mar 2023 12:56:47 +0100 Subject: [PATCH 31/79] make sure microshift-etcd runs as root --- etcd/cmd/microshift-etcd/run.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/etcd/cmd/microshift-etcd/run.go b/etcd/cmd/microshift-etcd/run.go index 451403a0ae..0026092976 100644 --- a/etcd/cmd/microshift-etcd/run.go +++ b/etcd/cmd/microshift-etcd/run.go @@ -106,6 +106,10 @@ func (s *EtcdService) configure(cfg *config.MicroshiftConfig) { } func (s *EtcdService) Run() error { + if os.Geteuid() > 0 { + klog.Fatalf("microshift-etcd must be run privileged") + } + e, err := etcd.StartEtcd(s.etcdCfg) if err != nil { return fmt.Errorf("microshift-etcd failed to start: %v", err) From fa5e6be344d5a52f33b89b6ab7151734593649b3 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Wed, 22 Mar 2023 04:27:12 -0400 Subject: [PATCH 32/79] rebase-4.13.0-0.nightly-2023-03-19-052243_amd64-2023-03-19_arm64-2023-03-22 (#1544) * update last_rebase.sh * update changelog * update component images * update manifests --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- assets/release/release-aarch64.json | 4 ++-- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 24 +++------------------ scripts/auto-rebase/commits.txt | 2 +- scripts/auto-rebase/last_rebase.sh | 2 +- 5 files changed, 8 insertions(+), 26 deletions(-) diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 9bf648403d..22b30fdac4 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-03-20-203741" + "base": "4.13.0-0.nightly-arm64-2023-03-22-000936" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:445670bcaf530b0608f2ebba64ec716b1d84840d43149576b68980a689412bc2", @@ -9,7 +9,7 @@ "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:11085faadac204f2eab74f84ca956581a689cf0543ac8f17ad366b941fa19c57", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b163fc8ae8e729728ab08fae22245dc16c88c624afdd96b7cc6623bbb4a8b5f8", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d80ba46dfb5ed65ecb141a063b0fd683a5eb7840559d748d6ace575228c9bad2", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8feb18d7423f4fc6f01203d7fe7c5652324f2b1ec673a3f47b612248ef4977be", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index c592d4636d..917ec48c41 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b163fc8ae8e729728ab08fae22245dc16c88c624afdd96b7cc6623bbb4a8b5f8" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d80ba46dfb5ed65ecb141a063b0fd683a5eb7840559d748d6ace575228c9bad2" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 62b06961eb..68e70c2fa5 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,21 +1,3 @@ -# cluster-network-operator embedded-component c0208114e49b3ee34bb073ea7d09cf82273573b0 to 040d5efed272789341b16858f63c2d0bcdb71b50 -aa97a84efe7f3bf892f7d74d94ed4405b123fd65 2023-03-17T03:15:52+00:00 Point libreswan to proper nss location -53d3972e5e287c3d4eabbbb8485324f72ceddb4f 2023-03-10T13:05:19+00:00 HyperShift: Set priority class for CNCC -7f983c90f1f9a1c2259bc41503c443b62dc5b10c 2023-03-10T13:05:19+00:00 HyperShift: Adapt affinity and tolerations -1756b472710f9a53e6669ae4923246c267c63d98 2023-03-10T13:05:19+00:00 HyperShift: Co-locate CNCC and multus admission controller with other hcp pods -fa7c5559546a8a3434c41a7be945dbfcd5de10f6 2023-03-09T15:24:09+01:00 Set healthz-bind-address to 0.0.0.0:10256 for ovnk -ea081581bf467c22faeb9f178cab66c551fad588 2023-03-09T15:24:08+01:00 Pass POD_NAME to ovnkube node for node healthz server checks -fa545fad09bd9d8fbc447fd7a6759c96c12d5390 2023-03-03T14:26:59+00:00 OVN-K alerts: add OVS overflow alerts -# machine-config-operator embedded-component 02d35277a879c72f48e63c31f36072376c7e2598 to 40575b862f7bd42a2c40c8e6b7203cd4c29b0021 -4c693157fbbac8962d0b2b5de77893f49c8a6879 2023-03-16T19:28:55+00:00 daemon: Drop duplicate `--authfile` used in `run` -f9f358260da206bf27d4c6579bcab3ec93a4875f 2023-03-14T02:28:32+00:00 Remove hard requirement for the afterburn from early-running aws-related services -# oc image-amd64 02362102a19e81ebecb90906f41687e4e4350dfe to eed143055ede731029931ad204b19cd2f565ef1a -c3d6a7830ec95b4cf8dc413c15b57d0c5176e3ca 2023-03-16T06:25:04+00:00 Add microshift into generate-docs -# ovn-kubernetes image-amd64 Script exited with error. to dd45efd39e5db428d4578ed6787e6c08b79e2df5 -There was an error determining the changes - -# oc image-arm64 02362102a19e81ebecb90906f41687e4e4350dfe to eed143055ede731029931ad204b19cd2f565ef1a -c3d6a7830ec95b4cf8dc413c15b57d0c5176e3ca 2023-03-16T06:25:04+00:00 Add microshift into generate-docs -# ovn-kubernetes image-arm64 Script exited with error. to dd45efd39e5db428d4578ed6787e6c08b79e2df5 -There was an error determining the changes - +# kubernetes image-arm64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb to dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf +916c65ebea0205d3c18d3701f48cf568ef9e7220 2023-03-17T23:03:18+00:00 UPSTREAM: 115328: annotate early and late requests +a6938113b34b64c0626efa322cd4d3c1132d64fb 2023-03-17T23:03:18+00:00 UPSTREAM: <drop>: Revert "UPSTREAM: <carry>: annotate audit events for requests during unready phase and graceful termination phase" diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index dc17b25f33..d2e1a41b3c 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -24,5 +24,5 @@ https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce733 https://github.com/openshift/router image-arm64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e https://github.com/openshift/ovn-kubernetes image-arm64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 -https://github.com/openshift/kubernetes image-arm64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb +https://github.com/openshift/kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 60dc17c287..e5fe925b3f 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-19-052243" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-20-203741" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-19-052243" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-22-000936" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 00506657e06535810c2e72837f354a466bdf1343 Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili <ggiguash@redhat.com> Date: Wed, 22 Mar 2023 07:12:45 +0000 Subject: [PATCH 33/79] Fix greenboot script errors when variable are specified in /etc/greenboot/greenboot.conf file --- packaging/greenboot/functions.sh | 31 ++++++++++++++++--- .../greenboot/microshift-pre-rollback.sh | 12 +++---- .../greenboot/microshift-running-check.sh | 13 ++------ 3 files changed, 34 insertions(+), 22 deletions(-) diff --git a/packaging/greenboot/functions.sh b/packaging/greenboot/functions.sh index 30962f7da3..af82f6586e 100644 --- a/packaging/greenboot/functions.sh +++ b/packaging/greenboot/functions.sh @@ -9,6 +9,28 @@ OCCONFIG_OPT="--kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig" OCGET_OPT="--no-headers" OCGET_CMD="oc get ${OCCONFIG_OPT}" +# Print GRUB boot, Greenboot variables and ostree status affecting the script +# behavior. This information is important for troubleshooting rollback issues. +# +# args: None +# return: Print the GRUB boot variables, /etc/greenboot/greenboot.conf settings +# and ostree status to stdout +function print_boot_status() { + # Source Greenboot configuration file if it exists + local conf_file=/etc/greenboot/greenboot.conf + [ -f "${conf_file}" ] && source ${conf_file} + + local grub_vars=$(grub2-editenv - list | grep ^boot_ || true) + local boot_vars=$(set | egrep '^GREENBOOT_|^MICROSHIFT_' || true) + + [ -z "${grub_vars}" ] && grub_vars=None + [ -z "${boot_vars}" ] && boot_vars=None + + echo -e "GRUB boot variables:\n${grub_vars}" + echo -e "Greenboot variables:\n${boot_vars}" + echo -e "The ostree status:\n$(ostree admin status || true)" +} + # Get the recommended wait timeout to be used for running health check operations. # The returned timeout is a product of a base value and a boot attempt counter, so # that the timeout increases after every boot attempt. @@ -19,7 +41,8 @@ OCGET_CMD="oc get ${OCCONFIG_OPT}" # for MICROSHIFT_WAIT_TIMEOUT_SEC and the [1..9] range for GREENBOOT_MAX_BOOTS. # # args: None -# return: Print the recommended timeout value to stdout +# return: Print the recommended timeout value to stdout. If the values are not +# in range, errors are printed to stderr. function get_wait_timeout() { # Source Greenboot configuration file if it exists local conf_file=/etc/greenboot/greenboot.conf @@ -30,11 +53,11 @@ function get_wait_timeout() { local reSecs='^[1-9]{1}[0-9]{0,3}$' if [[ ! ${base_timeout} =~ $reSecs ]] ; then base_timeout=300 - echo "Could not parse MICROSHIFT_WAIT_TIMEOUT_SEC value '${MICROSHIFT_WAIT_TIMEOUT_SEC}': using '${base_timeout}' instead" + >&2 echo "Could not parse MICROSHIFT_WAIT_TIMEOUT_SEC value '${MICROSHIFT_WAIT_TIMEOUT_SEC}': using '${base_timeout}' instead" fi if [[ ${base_timeout} -lt 60 ]] ; then base_timeout=60 - echo "MICROSHIFT_WAIT_TIMEOUT_SEC value '${MICROSHIFT_WAIT_TIMEOUT_SEC}' is less than 60: using '${base_timeout}' instead" + >&2 echo "MICROSHIFT_WAIT_TIMEOUT_SEC value '${MICROSHIFT_WAIT_TIMEOUT_SEC}' is less than 60: using '${base_timeout}' instead" fi # Read and verify the max boots value, allowing for the [1..9] range @@ -42,7 +65,7 @@ function get_wait_timeout() { local reBoots='^[1-9]{1}$' if [[ ! ${max_boots} =~ $reBoots ]] ; then max_boots=3 - echo "GREENBOOT_MAX_BOOTS value '${GREENBOOT_MAX_BOOTS}' is not in the [1..9] range: using '${max_boots}' instead" + >&2 echo "GREENBOOT_MAX_BOOTS value '${GREENBOOT_MAX_BOOTS}' is not in the [1..9] range: using '${max_boots}' instead" fi # Update the wait timeout according to the boot counter. diff --git a/packaging/greenboot/microshift-pre-rollback.sh b/packaging/greenboot/microshift-pre-rollback.sh index cb28a133fa..380bd458e8 100755 --- a/packaging/greenboot/microshift-pre-rollback.sh +++ b/packaging/greenboot/microshift-pre-rollback.sh @@ -3,6 +3,9 @@ set -e -o pipefail SCRIPT_NAME=$(basename $0) +# Source the MicroShift health check functions library +source /usr/share/microshift/functions/greenboot.sh + # Set the exit handler to log the exit status trap 'script_exit' EXIT @@ -28,13 +31,8 @@ fi echo "STARTED" -# Dump GRUB boot variables and ostree status affecting the script behavior. -# This information is important for troubleshooting cleanup issues. -grub_vars=$(grub2-editenv - list | grep ^boot_ || true) -[ -z "${grub_vars}" ] && grub_vars=None - -echo -e "GRUB boot variables:\n${grub_vars}" -echo -e "The ostree status:\n$(ostree admin status || true)" +# Print the boot variable status +print_boot_status # Exit normally if the boot counter is not set to zero if ! grub2-editenv - list | grep -q ^boot_counter=0 ; then diff --git a/packaging/greenboot/microshift-running-check.sh b/packaging/greenboot/microshift-running-check.sh index 1aa1978418..1964b0fa9f 100755 --- a/packaging/greenboot/microshift-running-check.sh +++ b/packaging/greenboot/microshift-running-check.sh @@ -77,17 +77,8 @@ fi echo "STARTED" -# Dump GRUB boot, Greenboot variables and ostree status affecting the script behavior. -# This information is important for troubleshooting rollback issues. -grub_vars=$(grub2-editenv - list | grep ^boot_ || true) -boot_vars=$(set | egrep '^GREENBOOT_|^MICROSHIFT_' || true) - -[ -z "${grub_vars}" ] && grub_vars=None -[ -z "${boot_vars}" ] && boot_vars=None - -echo -e "GRUB boot variables:\n${grub_vars}" -echo -e "Greenboot variables:\n${boot_vars}" -echo -e "The ostree status:\n$(ostree admin status || true)" +# Print the boot variable status +print_boot_status # Exit if the MicroShift service is not enabled if [ $(systemctl is-enabled microshift.service 2>/dev/null) != "enabled" ] ; then From 620b64ea2e5643c807a415d9acdf25d480fd8084 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Mon, 27 Mar 2023 05:27:02 -0400 Subject: [PATCH 34/79] rebase-4.13.0-0.nightly-2023-03-23-204038_amd64-2023-03-23_arm64-2023-03-25 (#1570) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update etcd/go.mod * update etcd/vendor * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.kube_git.var | 2 +- assets/release/release-aarch64.json | 14 +- assets/release/release-x86_64.json | 14 +- etcd/go.mod | 70 +++---- etcd/go.sum | 48 ++--- etcd/vendor/modules.txt | 94 ++++----- go.mod | 60 +++--- go.sum | 102 +++++----- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 25 ++- scripts/auto-rebase/commits.txt | 18 +- scripts/auto-rebase/last_rebase.sh | 2 +- vendor/k8s.io/apiserver/pkg/server/config.go | 3 + .../filters/with_early_late_annotations.go | 183 ++++++++++++++++++ .../apiserver/pkg/server/lifecycle_signals.go | 59 ++++-- .../pkg/server/patch_genericapiserver.go | 6 - vendor/modules.txt | 110 +++++------ 18 files changed, 526 insertions(+), 288 deletions(-) create mode 100644 vendor/k8s.io/apiserver/pkg/server/filters/with_early_late_annotations.go diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 9657455417..c842e8b036 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb +KUBE_GIT_COMMIT=dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf KUBE_GIT_TREE_STATE=clean diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 22b30fdac4..4e1b106fb0 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-03-22-000936" + "base": "4.13.0-0.nightly-arm64-2023-03-25-181910" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:445670bcaf530b0608f2ebba64ec716b1d84840d43149576b68980a689412bc2", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ec2a9cb239bbce0ff1bb58e4bbfca7fc86744a63b454509923e6ee5532f61cae", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:818d27868481e940af1a28783d2ab5c5d122ad3baaacd2fb9f6545c4fa0251bb", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:11085faadac204f2eab74f84ca956581a689cf0543ac8f17ad366b941fa19c57", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8f49c6749ca274cb45371fe9df6c8f7e93149a14c3ed7357100b8ec6c67e5689", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9f68737e9d390c2b3b20fdd6442ce0e090812e5f4393d08f722fb231e01bf606", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9171422b4f573a367cd042a87a103f208375646c50ce0e830dc540fd30568712", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c2925eb732f1153563c33e0debf142bc7c18fd861367d935242c102a10cbea37", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d80ba46dfb5ed65ecb141a063b0fd683a5eb7840559d748d6ace575228c9bad2", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8feb18d7423f4fc6f01203d7fe7c5652324f2b1ec673a3f47b612248ef4977be", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fe1d1fa6f1515af43bdf7134c9726b4ec96f15afdeac1a29788edaacc972b3ba", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9e505194244679062036cd740bf6c3d31f8c023f254a0d134d541df0d9f4fb04", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index df494dede6..f8d8e8deda 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-2023-03-19-052243" + "base": "4.13.0-0.nightly-2023-03-23-204038" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c66da0adc83e5e6db1824ff5cf204610d36f29fc0c7a8352b24795f58151eefe", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a604c96952da5e59f104a305e0c8303d474e33ef345b8c534fd677f189d05299", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0743d54d3acaf6558295618248ff446b4352dde0234d52465d7578c7c261e6fd", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5795789f6e56ae0c7644ae2380c6d88d6b2a88d64ab8581064bc746f0a97b52d", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:84aba6cc9ed84cd95a85cbc1b240a0db907b4b3a24d556715a8e6fd77065936f", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b3035476ded4209f81be2ede369e88d36bea8d3f03193836bda1d8ef07c7613", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5acaed1deee8b25170f8809fa1094037fea118d2ca0a303c8ad1849170e0cc95", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:28c8cc87355833e4d0a06be3bdbd3f1cfb5b9986e1504d23149df2fdd796557a", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a21858c61e35722a243df3593c0329e90c4f78c334b21177da3a2f94f9c14dc", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7f7cb6554c1dc9b5b3b58f162f592062e5c63bf24c5ed90a62074e117be3f743", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd970d579474f95de533c4eee7d5a28ece5bc4fe655367f15d2cfe4b7467a13f", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:03594cca8fa68b1d406d0d1812d036d5c06d291aee9d3249c423e12394ace800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/etcd/go.mod b/etcd/go.mod index 377281922f..8aaf3223ec 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -137,39 +137,39 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd - go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd - go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd - go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd - go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd - go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes + go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd + go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd + go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd + go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd + go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd + go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 0f438e0b20..a83a671226 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -359,30 +359,30 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k= github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/etcd/api/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:V681KQQqIHNe46Cx+EIbw04kBeK73fVmjU17/bLSd48= -github.com/openshift/etcd/api/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8= -github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:CznQ70pOj1YwdXyPprLgAILh4TZPcI8IDML6OOXhg2o= -github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ= -github.com/openshift/etcd/client/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:+1seo/rJ92p92SGlTNJshSvmfY497KLj35J4MzDulJA= -github.com/openshift/etcd/client/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:f6GRinRMCsFVv9Ht42EyY7nfsVGwrNO0WEoS2pRKzQk= -github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:qvRmgvbB+XYn4xlw8hPDNJpecPuQRcHaQmcggIn3uOI= -github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:qATwUzDb6MLyGWq2nUj+jwXqZJcxkCuabh0P7Cuff3k= -github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:F2zw47hfDpS5Q+bSD8zN3MCssTDibKsD2nOAqHxINc0= -github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= -github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c h1:dlpgsW1KSYbbI8pV2T1n38SvXGbxsJwwpHqJ8NHqH4w= -github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d h1:O9dKtgn8Ugfhgkg8XerrPkX06rDlEUaUqcy7U9p/piE= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d h1:AWVQDZDaTMZlBJg7qs6ti42OFLz8ItAPerZZWWPzX94= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d h1:8QbIbd5UiPzz4HO10qQjoO3QkYv3wxViIx6H2eDlXIM= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d h1:ecF2n0bTfIPT7f++UVu3YBRyh6nsgNcXbfaUBhIxBzQ= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d h1:OxS4PwaQImogppbSFQSAwn98AWw8j/yVa/ARBu6pfYw= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d h1:KhvFDpp6dnq7XTmOYQCUrd0s+4tFc+aHOdijRd8Ss9Q= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/etcd/api/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:6iHSb9/2IO+KNysJe8f6uaOlgOlottjpWdNmqU1fOD0= +github.com/openshift/etcd/api/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8= +github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:GSVuFn24PRFJiteHhfZRuzHIuknW6YYF1GQbpFdiRwo= +github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ= +github.com/openshift/etcd/client/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:QobW0Rx7CQCRtKrdx96mzeQ6dFr/bt9w7PUXSRX5rFw= +github.com/openshift/etcd/client/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:f6GRinRMCsFVv9Ht42EyY7nfsVGwrNO0WEoS2pRKzQk= +github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:t4Ou0Z3dAToKlmoi/e7M3a/NIakbPmrxufgUeg5rrcA= +github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:qATwUzDb6MLyGWq2nUj+jwXqZJcxkCuabh0P7Cuff3k= +github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr4KVEXb1Z0Vv0yiq4uD33lz/FxzhVhz/8XCJ7Q= +github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= +github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= +github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 h1:R+QHGTVvds4UdDuNj3iM0DAptll1ZGTu+3CeBUVKY7U= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 h1:3BLuSiiTDx0i8PuBby+9wjrCmh1XN9PB7gvRQC7vsEs= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 h1:8h/dhmzLuNF07zn7BWemWuXvOjKGeDKF4M+PfYlREnM= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 h1:QlbgdZ1kHaWGUj6nCA1GMF4ZNBkxNgOzAT6gNRuqgg0= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 h1:ESBhpxZ22bsGLvoEwGuEvXHTPjv8oLRkg6eSxk1AH+4= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 h1:5qjRTrQ0yg2qds0ikK6BUSb6r8TrwvhSmPeaUFnah00= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index c8cb62502a..061fd9dd93 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -257,7 +257,7 @@ github.com/xlab/treeprint # go.etcd.io/bbolt v1.3.6 ## explicit; go 1.12 go.etcd.io/bbolt -# go.etcd.io/etcd/api/v3 v3.5.6 => github.com/openshift/etcd/api/v3 v3.5.1-0.20230125165349-13c18c444a8c +# go.etcd.io/etcd/api/v3 v3.5.6 => github.com/openshift/etcd/api/v3 v3.5.1-0.20230322155524-f70da9d78221 ## explicit; go 1.16 go.etcd.io/etcd/api/v3/authpb go.etcd.io/etcd/api/v3/etcdserverpb @@ -266,7 +266,7 @@ go.etcd.io/etcd/api/v3/membershippb go.etcd.io/etcd/api/v3/mvccpb go.etcd.io/etcd/api/v3/v3rpc/rpctypes go.etcd.io/etcd/api/v3/version -# go.etcd.io/etcd/client/pkg/v3 v3.5.6 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c +# go.etcd.io/etcd/client/pkg/v3 v3.5.6 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 ## explicit; go 1.16 go.etcd.io/etcd/client/pkg/v3/fileutil go.etcd.io/etcd/client/pkg/v3/logutil @@ -279,14 +279,14 @@ go.etcd.io/etcd/client/pkg/v3/types # go.etcd.io/etcd/client/v2 v2.305.6 ## explicit; go 1.16 go.etcd.io/etcd/client/v2 -# go.etcd.io/etcd/client/v3 v3.5.6 => github.com/openshift/etcd/client/v3 v3.5.1-0.20230125165349-13c18c444a8c +# go.etcd.io/etcd/client/v3 v3.5.6 => github.com/openshift/etcd/client/v3 v3.5.1-0.20230322155524-f70da9d78221 ## explicit; go 1.16 go.etcd.io/etcd/client/v3 go.etcd.io/etcd/client/v3/concurrency go.etcd.io/etcd/client/v3/credentials go.etcd.io/etcd/client/v3/internal/endpoint go.etcd.io/etcd/client/v3/internal/resolver -# go.etcd.io/etcd/pkg/v3 v3.5.6 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c +# go.etcd.io/etcd/pkg/v3 v3.5.6 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 ## explicit; go 1.16 go.etcd.io/etcd/pkg/v3/adt go.etcd.io/etcd/pkg/v3/contention @@ -303,14 +303,14 @@ go.etcd.io/etcd/pkg/v3/runtime go.etcd.io/etcd/pkg/v3/schedule go.etcd.io/etcd/pkg/v3/traceutil go.etcd.io/etcd/pkg/v3/wait -# go.etcd.io/etcd/raft/v3 v3.5.6 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c +# go.etcd.io/etcd/raft/v3 v3.5.6 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 ## explicit; go 1.16 go.etcd.io/etcd/raft/v3 go.etcd.io/etcd/raft/v3/confchange go.etcd.io/etcd/raft/v3/quorum go.etcd.io/etcd/raft/v3/raftpb go.etcd.io/etcd/raft/v3/tracker -# go.etcd.io/etcd/server/v3 v3.5.5 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c +# go.etcd.io/etcd/server/v3 v3.5.5 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 ## explicit; go 1.16 go.etcd.io/etcd/server/v3/auth go.etcd.io/etcd/server/v3/config @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -992,38 +992,38 @@ sigs.k8s.io/yaml # github.com/openshift/microshift/pkg/config => ../pkg/config # github.com/openshift/microshift/pkg/util/cryptomaterial => ../pkg/util/cryptomaterial # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20230125165349-13c18c444a8c -# go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c -# go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20230125165349-13c18c444a8c -# go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230125165349-13c18c444a8c -# go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230125165349-13c18c444a8c -# go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230125165349-13c18c444a8c -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230313100333-06e8c46c9f0d +# go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20230322155524-f70da9d78221 +# go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 +# go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20230322155524-f70da9d78221 +# go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 +# go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 +# go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 diff --git a/go.mod b/go.mod index ff95bf7caa..4591ad7aca 100644 --- a/go.mod +++ b/go.mod @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230313100333-06e8c46c9f0d // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230313100333-06e8c46c9f0d // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230313100333-06e8c46c9f0d // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes ) diff --git a/go.sum b/go.sum index 31467ffb00..9879325e33 100644 --- a/go.sum +++ b/go.sum @@ -608,57 +608,57 @@ github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qY github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= github.com/openshift/cluster-policy-controller v0.0.0-20230217170320-ac01e3463245 h1:BoNt9Hemwyc32xX+CZZaNGegWEiN7bGTVk4XaRboO8k= github.com/openshift/cluster-policy-controller v0.0.0-20230217170320-ac01e3463245/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230313100333-06e8c46c9f0d h1:Dgt8ixdiZWJ+4gm75/6Jp2QeOjeWPYMIBMvhj74sUYE= -github.com/openshift/kubernetes v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d h1:O9dKtgn8Ugfhgkg8XerrPkX06rDlEUaUqcy7U9p/piE= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230313100333-06e8c46c9f0d h1:hKcX/01NZPOdKRQpkrGaAJjN5w03j2YN4h+o57AIOko= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d h1:AWVQDZDaTMZlBJg7qs6ti42OFLz8ItAPerZZWWPzX94= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d h1:EE2mLC5UjhuJqiUziy3uB0ZX30E5V44IwHy1zymkKaA= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d h1:8QbIbd5UiPzz4HO10qQjoO3QkYv3wxViIx6H2eDlXIM= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d h1:ecF2n0bTfIPT7f++UVu3YBRyh6nsgNcXbfaUBhIxBzQ= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d h1:Q3ynj6SKH2+cipW6icrrj7OwWDYDws5DHA27M3GAAyo= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d h1:ImQSJfQPoIPYyRXqMQopSJqw6dbRsUrLZs16BX0wX9o= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d h1:OxS4PwaQImogppbSFQSAwn98AWw8j/yVa/ARBu6pfYw= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d h1:0ffEzdd9FHclp2fUeM+mN5M1wWAsiQVDrvw7nAIHFAQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230313100333-06e8c46c9f0d h1:0IAgchKDlVwcZ+nsUmqb5/mbVSg7XLa0I9uLfACb6/Y= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230313100333-06e8c46c9f0d h1:3K9qiaqZQovXk5/yMQuxVy9A0kdYoOr3w3krzFwACSI= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230313100333-06e8c46c9f0d h1:kAwen1UYBzLvSwj9ncIXOS6S4gw2kMpUEPxfebEhOjg= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230313100333-06e8c46c9f0d h1:aXAYgO+1OjlaNPMSRqeArTOeUUke/HM7vNRMt+N/bYc= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d h1:Kfv9Jj6ecUQyEf1CZo21Omphnt38Qc7OI+8eXeqocjA= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230313100333-06e8c46c9f0d h1:PuGG6xGmoXqtdeGKqZBdz1op3eXmju5BBHgao1gEf24= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230313100333-06e8c46c9f0d h1:N/O7qAJBelkGxA28SmndzB5cQJ/XjVQKT5hQ695/Y+Y= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230313100333-06e8c46c9f0d h1:KNsM9ollRlqwj01LDfkiRi3jvzDBaBVBionIzuhqFj4= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d h1:KhvFDpp6dnq7XTmOYQCUrd0s+4tFc+aHOdijRd8Ss9Q= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d h1:hyZGouKatZ4B2D6cxcOUqq7kuCISAgbcU2V7w+I/stc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230313100333-06e8c46c9f0d h1:AtJIroIWcA6GjwoiMwaKGfbPXtY4v+ys1BojV14ZK/c= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230313100333-06e8c46c9f0d h1:D8nhhruiCoH1+WBqL09IbYdewChsUpg3DSk5ZMdvlKk= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d h1:RhgNk8RQhIt1egiIrASCeKsNZ3M5K/en+2LIGeIgE8Q= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d h1:3E37ptCqpNMjg+BOXy4tR3NCwIxcmqtjUp9wPKT+Zsg= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= +github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 h1:KxRTY0GQUEGc61T5PInmFfDtmIcYBCLcHydOFeAmTzs= +github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 h1:R+QHGTVvds4UdDuNj3iM0DAptll1ZGTu+3CeBUVKY7U= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 h1:6DOaa5UxnHAyBpk5Ms++SaLile4nkCrCv6qFQamvjeU= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 h1:3BLuSiiTDx0i8PuBby+9wjrCmh1XN9PB7gvRQC7vsEs= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 h1:cUl6TWk6zZzxdc2IMYhHXgwW03sJyHlzRZwmcGV/jqM= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 h1:8h/dhmzLuNF07zn7BWemWuXvOjKGeDKF4M+PfYlREnM= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 h1:QlbgdZ1kHaWGUj6nCA1GMF4ZNBkxNgOzAT6gNRuqgg0= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 h1:NbmuhD07/za6M7E/9umaQou0umK7lQb8tZztBUKxv04= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 h1:wlLFeaYE9r3SlAIRr4LjSuvlAx6fIWayNFg+inFZej8= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 h1:ESBhpxZ22bsGLvoEwGuEvXHTPjv8oLRkg6eSxk1AH+4= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 h1:xzSbQBONE7GPIXewyx4wmHlcO41p7OPUxjBeJs+bTc4= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 h1:XBKlErau4l+exgzjKQrqIAIlJX7nSvc+WSo9RrvZGMg= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 h1:4TmEB/ld/IkLYBXMDpkpfBXdkcrZb2hLeSxSfCqkeAM= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 h1:OYTjbDCzUFrnCcY2cSmu2IObKeciw9I416djfoyOIpU= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 h1:wiyzwM+xGczeSlKnXh7gjpqjSeIfRlY80rsVMDVAS7k= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 h1:smjFuMcB5aKzPKccWdGjRatDVksExnMqYFplj+WPvUQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 h1:pBk+QBgTYBdDfsqm57UZLuSWNcKuAqajz8GoEUixG70= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 h1:0VdJn3iHYz66PKvYcxC9XUcWCwjwSRH6AZqlpv6/1/g= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 h1:uCwvLRVpOODJ5dhTrMIapg41uC83DII11PI0RqYEuyY= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 h1:5qjRTrQ0yg2qds0ikK6BUSb6r8TrwvhSmPeaUFnah00= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 h1:EtIdy8qM7d1te2dglgj4F4XWt8vF/ymFulGuJ/YniBo= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 h1:5/y+H5uhTgp7d1TbWb/2WPHW6hy3mj11FLjCPiBySUk= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 h1:eEq1rRjHJ9HRw59SwUlkxVSrrF6B889MhQpoxJWDOgE= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 h1:ISNVf6yXdzTDl72PJEiBmmk+TNeBzd5GIdGuLFDDby4= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 h1:Ei2yhSKra+KyXBD763SwrCWV2XfBBsVokcQjocmFgQs= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index fd7bf88370..ab7d43af75 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a21858c61e35722a243df3593c0329e90c4f78c334b21177da3a2f94f9c14dc" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd970d579474f95de533c4eee7d5a28ece5bc4fe655367f15d2cfe4b7467a13f" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 917ec48c41..917361c506 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d80ba46dfb5ed65ecb141a063b0fd683a5eb7840559d748d6ace575228c9bad2" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fe1d1fa6f1515af43bdf7134c9726b4ec96f15afdeac1a29788edaacc972b3ba" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 68e70c2fa5..b051ff83e9 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,3 +1,26 @@ -# kubernetes image-arm64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb to dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf +# cluster-kube-apiserver-operator embedded-component 5cec361179f3658986890a87d0b51f40a1da89ad to 3e62b53e39db960ccc16d717d1a25d751d4e9c49 +1c5fd4bda695466143aedbd0879a3c7817d5190e 2023-03-22T14:10:31+01:00 bump o/api for updated featuregates +4cd9677808d79ec82541c97cc9140f59e87edebb 2023-03-15T14:13:20-04:00 revert dev cert rotation for 4.13 +e85a5c62570176c72e7b0b45e0a4e217c1654105 2023-03-15T14:12:07+01:00 psaconfig: invert the enforce/log logic to default to logging +# cluster-kube-controller-manager-operator embedded-component 4ca346ef97def3697f1aa0368c9b35459b9b2f59 to 2a3e578c1007d7534eadffcca2adc979cb712995 +decb5bb7cb39f9eaa2443d2210a25cbddcae4273 2023-03-20T09:46:22-04:00 update vendor folder +24c84fdcd65444c9fbf2635b1848309abefc6edc 2023-03-20T09:46:10-04:00 bump(library-go) +# etcd embedded-component 13c18c444a8c6a86ccbba16cce664008f5f948bd to f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d +5c156b653c1f67d0d49d4857fd868f72cc0c854f 2023-01-11T14:39:32-08:00 Update owners +# kubernetes embedded-component 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb to dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf 916c65ebea0205d3c18d3701f48cf568ef9e7220 2023-03-17T23:03:18+00:00 UPSTREAM: 115328: annotate early and late requests a6938113b34b64c0626efa322cd4d3c1132d64fb 2023-03-17T23:03:18+00:00 UPSTREAM: <drop>: Revert "UPSTREAM: <carry>: annotate audit events for requests during unready phase and graceful termination phase" +# router image-amd64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 to e28644631982fb4596e065d3ae85099f0886829d +5381cb80c2905550549406ddba3891bec541fc8e 2023-03-20T12:57:57+00:00 OCPBUGS-10003: Revert "NE-1115: Update haproxy container builds to use haproxy 2.6" +# kubernetes image-amd64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb to dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf +916c65ebea0205d3c18d3701f48cf568ef9e7220 2023-03-17T23:03:18+00:00 UPSTREAM: 115328: annotate early and late requests +a6938113b34b64c0626efa322cd4d3c1132d64fb 2023-03-17T23:03:18+00:00 UPSTREAM: <drop>: Revert "UPSTREAM: <carry>: annotate audit events for requests during unready phase and graceful termination phase" +# oc image-arm64 eed143055ede731029931ad204b19cd2f565ef1a to 92b1a3d0e5d092430b523f6541aa0c504b2222b3 +32496b16599a0ee1d834a9d6685aca398d49c79d 2023-03-23T10:44:51+00:00 OCPBUGS-10622: bump repo sclorg/s2i-ruby-container location for newapp +# router image-arm64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 to e28644631982fb4596e065d3ae85099f0886829d +5381cb80c2905550549406ddba3891bec541fc8e 2023-03-20T12:57:57+00:00 OCPBUGS-10003: Revert "NE-1115: Update haproxy container builds to use haproxy 2.6" +# ovn-kubernetes image-arm64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 to ebb5dcaf65a49156b7ea220176fa5dd6f3e3f716 +f9632bfa3ca30fd6173f59cb7657bf910dd7719d 2023-03-23T09:40:51+08:00 Fix duplicated metric registration +eb64a87cca1ad699edfb9cda876602ebdeb69d8a 2023-03-22T17:30:51-04:00 Fix egress firewall CRD +dec0b99f54538591d1f8b6461940b609a29dc9d9 2023-03-17T10:53:58+00:00 Updating ovn-kubernetes-base images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/3ea7e6d582117c0c2b118319e4f4a4bd35edce51/images/ovn-kubernetes-base.yml +3baa3d367651fc620dbfa50c82c14c20f988db04 2023-03-08T02:28:51+00:00 Updating ovn-kubernetes-microshift images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/724eedd015d4972b55704e41a4117c533e240935/images/ovn-kubernetes-microshift.yml diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index d2e1a41b3c..9472176459 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,28 +1,28 @@ https://github.com/openshift/cluster-dns-operator embedded-component d96022a4d0d091955d73e7e99fc8cc81db56c86a https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c551de22016dc2b6c87ca11ef4ac2be04d -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 5cec361179f3658986890a87d0b51f40a1da89ad -https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 4ca346ef97def3697f1aa0368c9b35459b9b2f59 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 3e62b53e39db960ccc16d717d1a25d751d4e9c49 +https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 2a3e578c1007d7534eadffcca2adc979cb712995 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component d3978864fb58063235be176c18fe50457b5223f3 https://github.com/openshift/cluster-network-operator embedded-component 040d5efed272789341b16858f63c2d0bcdb71b50 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 7867c26e6c91e2cc279317dfc080befe63a60749 https://github.com/openshift/cluster-policy-controller embedded-component ac01e3463245f2dd9312145368d7f4099a8a0bb9 -https://github.com/openshift/etcd embedded-component 13c18c444a8c6a86ccbba16cce664008f5f948bd -https://github.com/openshift/kubernetes embedded-component 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb +https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d +https://github.com/openshift/kubernetes embedded-component dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/machine-config-operator embedded-component 40575b862f7bd42a2c40c8e6b7203cd4c29b0021 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-amd64 eed143055ede731029931ad204b19cd2f565ef1a https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb -https://github.com/openshift/router image-amd64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 +https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e https://github.com/openshift/ovn-kubernetes image-amd64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 -https://github.com/openshift/kubernetes image-amd64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb +https://github.com/openshift/kubernetes image-amd64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a -https://github.com/openshift/oc image-arm64 eed143055ede731029931ad204b19cd2f565ef1a +https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb -https://github.com/openshift/router image-arm64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 +https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-arm64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 +https://github.com/openshift/ovn-kubernetes image-arm64 ebb5dcaf65a49156b7ea220176fa5dd6f3e3f716 https://github.com/openshift/kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index e5fe925b3f..e66058ad95 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-19-052243" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-22-000936" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-23-204038" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-25-181910" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go index 7e34c6da7a..cd4844dced 100644 --- a/vendor/k8s.io/apiserver/pkg/server/config.go +++ b/vendor/k8s.io/apiserver/pkg/server/config.go @@ -958,6 +958,9 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler { handler = genericapifilters.WithAudit(handler, c.AuditBackend, c.AuditPolicyRuleEvaluator, c.LongRunningFunc) handler = filterlatency.TrackStarted(handler, c.TracerProvider, "audit") + handler = genericfilters.WithShutdownLateAnnotation(handler, c.lifecycleSignals.ShutdownInitiated, c.ShutdownDelayDuration) + handler = genericfilters.WithStartupEarlyAnnotation(handler, c.lifecycleSignals.HasBeenReady) + failedHandler := genericapifilters.Unauthorized(c.Serializer) failedHandler = genericapifilters.WithFailedAuthenticationAudit(failedHandler, c.AuditBackend, c.AuditPolicyRuleEvaluator) diff --git a/vendor/k8s.io/apiserver/pkg/server/filters/with_early_late_annotations.go b/vendor/k8s.io/apiserver/pkg/server/filters/with_early_late_annotations.go new file mode 100644 index 0000000000..8b7bcc421c --- /dev/null +++ b/vendor/k8s.io/apiserver/pkg/server/filters/with_early_late_annotations.go @@ -0,0 +1,183 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package filters + +import ( + "fmt" + "net" + "net/http" + "strings" + "time" + + "k8s.io/apiserver/pkg/audit" + "k8s.io/apiserver/pkg/authentication/user" + "k8s.io/apiserver/pkg/endpoints/request" + clockutils "k8s.io/utils/clock" + netutils "k8s.io/utils/net" +) + +type lifecycleEvent interface { + // Name returns the name of the signal, useful for logging. + Name() string + + // Signaled returns a channel that is closed when the underlying event + // has been signaled. Successive calls to Signaled return the same value. + Signaled() <-chan struct{} + + // SignaledAt returns the time the event was signaled. If SignaledAt is + // invoked before the event is signaled nil will be returned. + SignaledAt() *time.Time +} + +type shouldExemptFunc func(*http.Request) bool + +var ( + // the health probes are not annotated by default + healthProbes = []string{ + "/readyz", + "/healthz", + "/livez", + } +) + +func exemptIfHealthProbe(r *http.Request) bool { + path := "/" + strings.TrimLeft(r.URL.Path, "/") + for _, probe := range healthProbes { + if path == probe { + return true + } + } + return false +} + +// WithShutdownLateAnnotation, if added to the handler chain, tracks the +// incoming request(s) after the apiserver has initiated the graceful +// shutdown, and annoates the audit event for these request(s) with +// diagnostic information. +// This enables us to identify the actor(s)/load balancer(s) that are sending +// requests to the apiserver late during the server termination. +// It should be placed after (in order of execution) the +// 'WithAuthentication' filter. +func WithShutdownLateAnnotation(handler http.Handler, shutdownInitiated lifecycleEvent, delayDuration time.Duration) http.Handler { + return withShutdownLateAnnotation(handler, shutdownInitiated, delayDuration, exemptIfHealthProbe, clockutils.RealClock{}) +} + +// WithStartupEarlyAnnotation annotates the request with an annotation keyed as +// 'apiserver.k8s.io/startup' if the request arrives early (the server is not +// fully initialized yet). It should be placed after (in order of execution) +// the 'WithAuthentication' filter. +func WithStartupEarlyAnnotation(handler http.Handler, hasBeenReady lifecycleEvent) http.Handler { + return withStartupEarlyAnnotation(handler, hasBeenReady, exemptIfHealthProbe) +} + +func withShutdownLateAnnotation(handler http.Handler, shutdownInitiated lifecycleEvent, delayDuration time.Duration, shouldExemptFn shouldExemptFunc, clock clockutils.PassiveClock) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + select { + case <-shutdownInitiated.Signaled(): + default: + handler.ServeHTTP(w, req) + return + } + + if shouldExemptFn(req) { + handler.ServeHTTP(w, req) + return + } + shutdownInitiatedAt := shutdownInitiated.SignaledAt() + if shutdownInitiatedAt == nil { + handler.ServeHTTP(w, req) + return + } + + elapsedSince := clock.Since(*shutdownInitiatedAt) + // TODO: 80% is the threshold, if requests arrive after 80% of + // shutdown-delay-duration elapses we annotate the request as late=true. + late := lateMsg(delayDuration, elapsedSince, 80) + + // NOTE: some upstream unit tests have authentication disabled and will + // fail if we require the requestor to be present in the request + // context. Fixing those unit tests will increase the chance of merge + // conflict during rebase. + // This also implies that this filter must be placed after (in order of + // execution) the 'WithAuthentication' filter. + self := "self=" + if requestor, exists := request.UserFrom(req.Context()); exists && requestor != nil { + self = fmt.Sprintf("%s%t", self, requestor.GetName() == user.APIServerUser) + } + + audit.AddAuditAnnotation(req.Context(), "apiserver.k8s.io/shutdown", + fmt.Sprintf("%s %s loopback=%t", late, self, isLoopback(req.RemoteAddr))) + + handler.ServeHTTP(w, req) + }) +} + +func lateMsg(delayDuration, elapsedSince time.Duration, threshold float64) string { + if delayDuration == time.Duration(0) { + return fmt.Sprintf("elapsed=%s threshold= late=%t", elapsedSince.Round(time.Second).String(), true) + } + + percentElapsed := (float64(elapsedSince) / float64(delayDuration)) * 100 + return fmt.Sprintf("elapsed=%s threshold=%.2f%% late=%t", + elapsedSince.Round(time.Second).String(), percentElapsed, percentElapsed > threshold) +} + +func withStartupEarlyAnnotation(handler http.Handler, hasBeenReady lifecycleEvent, shouldExemptFn shouldExemptFunc) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + select { + case <-hasBeenReady.Signaled(): + handler.ServeHTTP(w, req) + return + default: + } + + // NOTE: some upstream unit tests have authentication disabled and will + // fail if we require the requestor to be present in the request + // context. Fixing those unit tests will increase the chance of merge + // conflict during rebase. + // This also implies that this filter must be placed after (in order of + // execution) the 'WithAuthentication' filter. + self := "self=" + if requestor, exists := request.UserFrom(req.Context()); exists && requestor != nil { + if requestor.GetName() == user.APIServerUser { + handler.ServeHTTP(w, req) + return + } + self = fmt.Sprintf("%s%t", self, false) + } + + audit.AddAuditAnnotation(req.Context(), "apiserver.k8s.io/startup", + fmt.Sprintf("early=true %s loopback=%t", self, isLoopback(req.RemoteAddr))) + + handler.ServeHTTP(w, req) + }) +} + +func isLoopback(address string) bool { + host, _, err := net.SplitHostPort(address) + if err != nil { + // if the address is missing a port, SplitHostPort will return an error + // with an empty host, and port value. For such an error, we should + // continue and try to parse the original address. + host = address + } + if ip := netutils.ParseIPSloppy(host); ip != nil { + return ip.IsLoopback() + } + + return false +} diff --git a/vendor/k8s.io/apiserver/pkg/server/lifecycle_signals.go b/vendor/k8s.io/apiserver/pkg/server/lifecycle_signals.go index ce4c1b4a6e..4d299a66c2 100644 --- a/vendor/k8s.io/apiserver/pkg/server/lifecycle_signals.go +++ b/vendor/k8s.io/apiserver/pkg/server/lifecycle_signals.go @@ -18,6 +18,10 @@ package server import ( "sync" + "sync/atomic" + "time" + + utilsclock "k8s.io/utils/clock" ) /* @@ -100,6 +104,10 @@ type lifecycleSignal interface { // Name returns the name of the signal, useful for logging. Name() string + + // SignaledAt returns the time the event was signaled. If SignaledAt is + // invoked before the event is signaled nil will be returned. + SignaledAt() *time.Time } // lifecycleSignals provides an abstraction of the events that @@ -149,23 +157,25 @@ type lifecycleSignals struct { // newLifecycleSignals returns an instance of lifecycleSignals interface to be used // to coordinate lifecycle of the apiserver func newLifecycleSignals() lifecycleSignals { + clock := utilsclock.RealClock{} return lifecycleSignals{ - ShutdownInitiated: newNamedChannelWrapper("ShutdownInitiated"), - AfterShutdownDelayDuration: newNamedChannelWrapper("AfterShutdownDelayDuration"), - PreShutdownHooksStopped: newNamedChannelWrapper("PreShutdownHooksStopped"), - NotAcceptingNewRequest: newNamedChannelWrapper("NotAcceptingNewRequest"), - InFlightRequestsDrained: newNamedChannelWrapper("InFlightRequestsDrained"), - HTTPServerStoppedListening: newNamedChannelWrapper("HTTPServerStoppedListening"), - HasBeenReady: newNamedChannelWrapper("HasBeenReady"), - MuxAndDiscoveryComplete: newNamedChannelWrapper("MuxAndDiscoveryComplete"), + ShutdownInitiated: newNamedChannelWrapper("ShutdownInitiated", clock), + AfterShutdownDelayDuration: newNamedChannelWrapper("AfterShutdownDelayDuration", clock), + PreShutdownHooksStopped: newNamedChannelWrapper("PreShutdownHooksStopped", clock), + NotAcceptingNewRequest: newNamedChannelWrapper("NotAcceptingNewRequest", clock), + InFlightRequestsDrained: newNamedChannelWrapper("InFlightRequestsDrained", clock), + HTTPServerStoppedListening: newNamedChannelWrapper("HTTPServerStoppedListening", clock), + HasBeenReady: newNamedChannelWrapper("HasBeenReady", clock), + MuxAndDiscoveryComplete: newNamedChannelWrapper("MuxAndDiscoveryComplete", clock), } } -func newNamedChannelWrapper(name string) lifecycleSignal { +func newNamedChannelWrapper(name string, clock utilsclock.PassiveClock) lifecycleSignal { return &namedChannelWrapper{ - name: name, - once: sync.Once{}, - ch: make(chan struct{}), + name: name, + once: sync.Once{}, + ch: make(chan struct{}), + clock: clock, } } @@ -173,10 +183,27 @@ type namedChannelWrapper struct { name string once sync.Once ch chan struct{} + + clock utilsclock.PassiveClock + signaledAt atomic.Value } func (e *namedChannelWrapper) Signal() { e.once.Do(func() { + // set the signaledAt value first to support the expected use case: + // + // <-s.Signaled() + // .. + // at := s.SignaledAt() + // + // we guarantee that at will never be nil after the event is signaled, + // it also implies that 'SignaledAt' if used independently outside of + // the above use case, it may return a valid non-empty time (due to + // the delay between setting signaledAt and closing the channel) + // even when the event has not signaled yet. + now := e.clock.Now() + e.signaledAt.Store(&now) + close(e.ch) }) } @@ -188,3 +215,11 @@ func (e *namedChannelWrapper) Signaled() <-chan struct{} { func (e *namedChannelWrapper) Name() string { return e.name } + +func (e *namedChannelWrapper) SignaledAt() *time.Time { + value := e.signaledAt.Load() + if value == nil { + return nil + } + return value.(*time.Time) +} diff --git a/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go b/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go index 46a734b29a..1fe3b7e5ef 100644 --- a/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go +++ b/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go @@ -17,7 +17,6 @@ limitations under the License. package server import ( - "fmt" "net" "net/http" "strings" @@ -27,7 +26,6 @@ import ( "go.uber.org/atomic" corev1 "k8s.io/api/core/v1" - "k8s.io/apiserver/pkg/audit" "k8s.io/klog/v2" netutils "k8s.io/utils/net" ) @@ -82,10 +80,8 @@ func WithLateConnectionFilter(handler http.Handler) http.Handler { if late { if pth := "/" + strings.TrimLeft(r.URL.Path, "/"); pth != "/readyz" && pth != "/healthz" && pth != "/livez" { if isLocal(r) { - audit.AddAuditAnnotation(r.Context(), "openshift.io/during-graceful", fmt.Sprintf("loopback=true,%v,readyz=false", r.URL.Host)) klog.V(4).Infof("Loopback request to %q (user agent %q) through connection created very late in the graceful termination process (more than 80%% has passed). This client probably does not watch /readyz and might get failures when termination is over.", r.URL.Path, r.UserAgent()) } else { - audit.AddAuditAnnotation(r.Context(), "openshift.io/during-graceful", fmt.Sprintf("loopback=false,%v,readyz=false", r.URL.Host)) klog.Warningf("Request to %q (source IP %s, user agent %q) through a connection created very late in the graceful termination process (more than 80%% has passed), possibly a sign for a broken load balancer setup.", r.URL.Path, r.RemoteAddr, r.UserAgent()) // create only one event to avoid event spam. @@ -122,11 +118,9 @@ func WithNonReadyRequestLogging(handler http.Handler, hasBeenReadySignal lifecyc if pth := "/" + strings.TrimLeft(r.URL.Path, "/"); pth != "/readyz" && pth != "/healthz" && pth != "/livez" { if isLocal(r) { if !isKubeApiserverLoopBack(r) { - audit.AddAuditAnnotation(r.Context(), "openshift.io/unready", fmt.Sprintf("loopback=true,%v,readyz=false", r.URL.Host)) klog.V(2).Infof("Loopback request to %q (user agent %q) before server is ready. This client probably does not watch /readyz and might get inconsistent answers.", r.URL.Path, r.UserAgent()) } } else { - audit.AddAuditAnnotation(r.Context(), "openshift.io/unready", fmt.Sprintf("loopback=false,%v,readyz=false", r.URL.Host)) klog.Warningf("Request to %q (source IP %s, user agent %q) before server is ready, possibly a sign for a broken load balancer setup.", r.URL.Path, r.RemoteAddr, r.UserAgent()) // create only one event to avoid event spam. diff --git a/vendor/modules.txt b/vendor/modules.txt index 17d872ad0f..7060320dfa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 -# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 @@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3048,7 +3048,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -3091,7 +3091,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3106,10 +3106,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 ## explicit; go 1.19 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3252,33 +3252,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230313100333-06e8c46c9f0d -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230313100333-06e8c46c9f0d +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 From e47e1872ddf227ef8df0a5e2b4ef3eda3a9b0a9c Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili <ggiguash@redhat.com> Date: Mon, 27 Mar 2023 09:01:26 +0000 Subject: [PATCH 35/79] Stop using .local domain suffix in the MicroShift VMs --- docs/config/microshift-starter.ks | 2 +- docs/devenv_setup.md | 2 +- scripts/devenv-builder/config/kickstart.ks.template | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/config/microshift-starter.ks b/docs/config/microshift-starter.ks index 4de738d54d..2589f49644 100644 --- a/docs/config/microshift-starter.ks +++ b/docs/config/microshift-starter.ks @@ -5,7 +5,7 @@ text reboot # Configure network to use DHCP and activate on boot -network --bootproto=dhcp --device=link --activate --onboot=on --hostname=microshift-starter.local --noipv6 +network --bootproto=dhcp --device=link --activate --onboot=on --hostname=microshift-starter --noipv6 # Partition disk with a 1GB boot XFS partition and a 10GB LVM volume containing system root # The remainder of the volume will be used by the CSI driver for storing data diff --git a/docs/devenv_setup.md b/docs/devenv_setup.md index 2ca2082087..bca661febd 100644 --- a/docs/devenv_setup.md +++ b/docs/devenv_setup.md @@ -50,7 +50,7 @@ In the OS installation wizard, set the following options: - Click "Done" button. - At the "Summary of Changes" window, select "Accept Changes" -- Connect network card and set the hostname (i.e. `microshift-dev.localdomain`) +- Connect network card and set the hostname (i.e. `microshift-dev`) - Register the system with Red Hat using your credentials (toggle off Red Hat Insights connection) - In the Software Selection, select Minimal Install base environment and toggle on Headless Management to enable Cockpit diff --git a/scripts/devenv-builder/config/kickstart.ks.template b/scripts/devenv-builder/config/kickstart.ks.template index dbe036334e..c6106039cc 100644 --- a/scripts/devenv-builder/config/kickstart.ks.template +++ b/scripts/devenv-builder/config/kickstart.ks.template @@ -5,7 +5,7 @@ text reboot # Configure network to use DHCP and activate on boot -network --bootproto=dhcp --device=link --activate --onboot=on --hostname=REPLACE_HOST_NAME.local --noipv6 +network --bootproto=dhcp --device=link --activate --onboot=on --hostname=REPLACE_HOST_NAME --noipv6 # Partition disk with a 1GB boot XFS partition and an LVM volume containing system root # The remainder of the volume will be used by the CSI driver for storing data From b54b5ac2b394b015a8a071478b76501813390caf Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 06:46:16 -0400 Subject: [PATCH 36/79] rebase-4.13.0-0.nightly-2023-03-23-204038_amd64-2023-03-23_arm64-2023-03-27 (#1580) * update last_rebase.sh * update changelog * update manifests --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- assets/release/release-aarch64.json | 4 ++-- scripts/auto-rebase/changelog.txt | 35 ++++++++--------------------- scripts/auto-rebase/commits.txt | 2 +- scripts/auto-rebase/last_rebase.sh | 2 +- 4 files changed, 13 insertions(+), 30 deletions(-) diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 4e1b106fb0..f5bf2aef8a 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,12 +1,12 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-03-25-181910" + "base": "4.13.0-0.nightly-arm64-2023-03-27-214926" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8f49c6749ca274cb45371fe9df6c8f7e93149a14c3ed7357100b8ec6c67e5689", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9f68737e9d390c2b3b20fdd6442ce0e090812e5f4393d08f722fb231e01bf606", "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9171422b4f573a367cd042a87a103f208375646c50ce0e830dc540fd30568712", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c2925eb732f1153563c33e0debf142bc7c18fd861367d935242c102a10cbea37", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2f26942b0de3317aeba0ebd345a5db6e6fa6807158e24491422bfa0f4b259aa3", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fe1d1fa6f1515af43bdf7134c9726b4ec96f15afdeac1a29788edaacc972b3ba", diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index b051ff83e9..dd554d18f1 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,26 +1,9 @@ -# cluster-kube-apiserver-operator embedded-component 5cec361179f3658986890a87d0b51f40a1da89ad to 3e62b53e39db960ccc16d717d1a25d751d4e9c49 -1c5fd4bda695466143aedbd0879a3c7817d5190e 2023-03-22T14:10:31+01:00 bump o/api for updated featuregates -4cd9677808d79ec82541c97cc9140f59e87edebb 2023-03-15T14:13:20-04:00 revert dev cert rotation for 4.13 -e85a5c62570176c72e7b0b45e0a4e217c1654105 2023-03-15T14:12:07+01:00 psaconfig: invert the enforce/log logic to default to logging -# cluster-kube-controller-manager-operator embedded-component 4ca346ef97def3697f1aa0368c9b35459b9b2f59 to 2a3e578c1007d7534eadffcca2adc979cb712995 -decb5bb7cb39f9eaa2443d2210a25cbddcae4273 2023-03-20T09:46:22-04:00 update vendor folder -24c84fdcd65444c9fbf2635b1848309abefc6edc 2023-03-20T09:46:10-04:00 bump(library-go) -# etcd embedded-component 13c18c444a8c6a86ccbba16cce664008f5f948bd to f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -5c156b653c1f67d0d49d4857fd868f72cc0c854f 2023-01-11T14:39:32-08:00 Update owners -# kubernetes embedded-component 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb to dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf -916c65ebea0205d3c18d3701f48cf568ef9e7220 2023-03-17T23:03:18+00:00 UPSTREAM: 115328: annotate early and late requests -a6938113b34b64c0626efa322cd4d3c1132d64fb 2023-03-17T23:03:18+00:00 UPSTREAM: <drop>: Revert "UPSTREAM: <carry>: annotate audit events for requests during unready phase and graceful termination phase" -# router image-amd64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 to e28644631982fb4596e065d3ae85099f0886829d -5381cb80c2905550549406ddba3891bec541fc8e 2023-03-20T12:57:57+00:00 OCPBUGS-10003: Revert "NE-1115: Update haproxy container builds to use haproxy 2.6" -# kubernetes image-amd64 06e8c46c9f0d3f6bfcd1e146c09647e4b634e4eb to dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf -916c65ebea0205d3c18d3701f48cf568ef9e7220 2023-03-17T23:03:18+00:00 UPSTREAM: 115328: annotate early and late requests -a6938113b34b64c0626efa322cd4d3c1132d64fb 2023-03-17T23:03:18+00:00 UPSTREAM: <drop>: Revert "UPSTREAM: <carry>: annotate audit events for requests during unready phase and graceful termination phase" -# oc image-arm64 eed143055ede731029931ad204b19cd2f565ef1a to 92b1a3d0e5d092430b523f6541aa0c504b2222b3 -32496b16599a0ee1d834a9d6685aca398d49c79d 2023-03-23T10:44:51+00:00 OCPBUGS-10622: bump repo sclorg/s2i-ruby-container location for newapp -# router image-arm64 69eda4bd427c3f27d9993afa35461f4fc1dc0357 to e28644631982fb4596e065d3ae85099f0886829d -5381cb80c2905550549406ddba3891bec541fc8e 2023-03-20T12:57:57+00:00 OCPBUGS-10003: Revert "NE-1115: Update haproxy container builds to use haproxy 2.6" -# ovn-kubernetes image-arm64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 to ebb5dcaf65a49156b7ea220176fa5dd6f3e3f716 -f9632bfa3ca30fd6173f59cb7657bf910dd7719d 2023-03-23T09:40:51+08:00 Fix duplicated metric registration -eb64a87cca1ad699edfb9cda876602ebdeb69d8a 2023-03-22T17:30:51-04:00 Fix egress firewall CRD -dec0b99f54538591d1f8b6461940b609a29dc9d9 2023-03-17T10:53:58+00:00 Updating ovn-kubernetes-base images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/3ea7e6d582117c0c2b118319e4f4a4bd35edce51/images/ovn-kubernetes-base.yml -3baa3d367651fc620dbfa50c82c14c20f988db04 2023-03-08T02:28:51+00:00 Updating ovn-kubernetes-microshift images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/724eedd015d4972b55704e41a4117c533e240935/images/ovn-kubernetes-microshift.yml +# ovn-kubernetes image-arm64 ebb5dcaf65a49156b7ea220176fa5dd6f3e3f716 to cb89e52240fe7346409589a9acae9c0106d24b03 +8513b38e5a74c0c5f303dca30a27e6cc24bdf89c 2023-03-24T16:52:21+01:00 update to before-kube-1.26 bump +46d2b9e1a902cfde6ed0a85251b336f60b0876b6 2023-03-23T17:26:47+01:00 don't create acl if no namespace address sets are selected. Previously "ip4.dst == {}" match was created, and ovn-controller throws an error on such acl +7ab410d18906602b127ae54fc49fb9e70d80ba03 2023-03-23T17:26:40+01:00 Add PodSelectorAddressSet tests. +efa8741efd682bca78571cc71f0a5cb94e71449b 2023-03-23T17:26:34+01:00 Rework gressPolicy ACLs build: previously all gress policies with at least one selector had peerAddressSet, and empty gress (allow all) was identified by "gp.sizeOfAddressSet() > 0". Now we don't create address sets like that, therefore a new hasPeerSelector field was added to distinguish empty gress from the one that just doesn't have any address sets added yet. +e0c35b2619f4084a0babea4aa554f5018e52ef5a 2023-03-23T17:26:26+01:00 Add PodSelectorAddressSet object, that should be used to manage address sets for pod selector (network policy object is only responsible for local pods and peer namespace-only handlers). The locking mechanism is copied from networkPolicy. +4a03b84b53431d8147818f311bba63ea78d2a6dc 2023-03-23T17:26:19+01:00 Unlock shared default deny port group early, when no db changes required, to unlock other handlers from the same namespace. +06c9270dc3c69e8128d57a42b8def7b51ab1bbf8 2023-03-23T17:25:41+01:00 Add an option to enable scale metrics in kind +6d96be9e761aa544c3500c54508a61c102dbdd77 2023-03-23T17:25:30+01:00 Add MetricMasterSyncDuration metric to track how much it takes for ovn-k master to start watching every resource. Add scale metrics for network policies, rename existing enable-eip-scale-metrics flag to more general enable-scale-metrics, and use it for network policy metric too. diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 9472176459..842bae848d 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -23,6 +23,6 @@ https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-arm64 ebb5dcaf65a49156b7ea220176fa5dd6f3e3f716 +https://github.com/openshift/ovn-kubernetes image-arm64 cb89e52240fe7346409589a9acae9c0106d24b03 https://github.com/openshift/kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index e66058ad95..b282e5bf86 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-23-204038" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-25-181910" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-23-204038" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-27-214926" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 8fb0bd36535cf66f4d93334d5f2515dbff7a6b8e Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat <pacevedo@redhat.com> Date: Mon, 27 Mar 2023 09:58:49 +0200 Subject: [PATCH 37/79] USHIFT-1010: Restrict created files permissions --- pkg/controllers/kube-apiserver.go | 2 +- pkg/controllers/kube-scheduler.go | 2 +- pkg/node/kubelet.go | 2 +- pkg/util/cert.go | 2 +- pkg/util/cryptomaterial/certchains/signers.go | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index dc018c9f46..6843335bd3 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -292,7 +292,7 @@ rules: path := filepath.Join(microshiftDataDir, "resources", "kube-apiserver-audit-policies", "default.yaml") os.MkdirAll(filepath.Dir(path), os.FileMode(0700)) - return os.WriteFile(path, data, 0644) + return os.WriteFile(path, data, 0400) } func (s *KubeAPIServer) Run(ctx context.Context, ready chan<- struct{}, stopped chan<- struct{}) error { diff --git a/pkg/controllers/kube-scheduler.go b/pkg/controllers/kube-scheduler.go index 5b0889fa54..a355a0bc6c 100644 --- a/pkg/controllers/kube-scheduler.go +++ b/pkg/controllers/kube-scheduler.go @@ -71,7 +71,7 @@ leaderElection: path := filepath.Join(microshiftDataDir, "resources", "kube-scheduler", "config", "config.yaml") os.MkdirAll(filepath.Dir(path), os.FileMode(0700)) - return ioutil.WriteFile(path, data, 0644) + return ioutil.WriteFile(path, data, 0400) } func (s *KubeScheduler) Run(ctx context.Context, ready chan<- struct{}, stopped chan<- struct{}) error { diff --git a/pkg/node/kubelet.go b/pkg/node/kubelet.go index 31a75beb5f..ec74f46bcc 100644 --- a/pkg/node/kubelet.go +++ b/pkg/node/kubelet.go @@ -138,7 +138,7 @@ serverTLSBootstrap: false #TODO`) path := filepath.Join(microshiftDataDir, "resources", "kubelet", "config", "config.yaml") os.MkdirAll(filepath.Dir(path), os.FileMode(0700)) - return ioutil.WriteFile(path, data, 0644) + return ioutil.WriteFile(path, data, 0400) } func (s *KubeletServer) Run(ctx context.Context, ready chan<- struct{}, stopped chan<- struct{}) error { diff --git a/pkg/util/cert.go b/pkg/util/cert.go index c4821ec1af..07719833ff 100644 --- a/pkg/util/cert.go +++ b/pkg/util/cert.go @@ -69,7 +69,7 @@ func GenKeys(pubPath, keyPath string) error { return fmt.Errorf("failed to write the private key to %s: %v", keyPath, err) } - ioutil.WriteFile(pubPath, pubPEM, 0644) + ioutil.WriteFile(pubPath, pubPEM, 0400) return nil } diff --git a/pkg/util/cryptomaterial/certchains/signers.go b/pkg/util/cryptomaterial/certchains/signers.go index 3bb1c1443f..001861693b 100644 --- a/pkg/util/cryptomaterial/certchains/signers.go +++ b/pkg/util/cryptomaterial/certchains/signers.go @@ -210,7 +210,7 @@ func (s *CertificateSigner) AddToBundles(bundlePaths ...string) error { return err } - certFileWriter, err := os.OpenFile(bundlePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) + certFileWriter, err := os.OpenFile(bundlePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } From 26f1ed330601a78cf4b0d177a4d99e338e7fd20e Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat <pacevedo@redhat.com> Date: Mon, 27 Mar 2023 10:16:23 +0200 Subject: [PATCH 38/79] USHIFT-1010: Remove ioutil usage --- pkg/controllers/kube-scheduler.go | 3 +-- pkg/node/kubelet.go | 3 +-- pkg/util/cert.go | 4 ++-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/pkg/controllers/kube-scheduler.go b/pkg/controllers/kube-scheduler.go index a355a0bc6c..59bc0c4df0 100644 --- a/pkg/controllers/kube-scheduler.go +++ b/pkg/controllers/kube-scheduler.go @@ -19,7 +19,6 @@ import ( "context" "errors" "fmt" - "io/ioutil" "os" "path/filepath" @@ -71,7 +70,7 @@ leaderElection: path := filepath.Join(microshiftDataDir, "resources", "kube-scheduler", "config", "config.yaml") os.MkdirAll(filepath.Dir(path), os.FileMode(0700)) - return ioutil.WriteFile(path, data, 0400) + return os.WriteFile(path, data, 0400) } func (s *KubeScheduler) Run(ctx context.Context, ready chan<- struct{}, stopped chan<- struct{}) error { diff --git a/pkg/node/kubelet.go b/pkg/node/kubelet.go index ec74f46bcc..d39878f51b 100644 --- a/pkg/node/kubelet.go +++ b/pkg/node/kubelet.go @@ -19,7 +19,6 @@ import ( "bufio" "context" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -138,7 +137,7 @@ serverTLSBootstrap: false #TODO`) path := filepath.Join(microshiftDataDir, "resources", "kubelet", "config", "config.yaml") os.MkdirAll(filepath.Dir(path), os.FileMode(0700)) - return ioutil.WriteFile(path, data, 0400) + return os.WriteFile(path, data, 0400) } func (s *KubeletServer) Run(ctx context.Context, ready chan<- struct{}, stopped chan<- struct{}) error { diff --git a/pkg/util/cert.go b/pkg/util/cert.go index 07719833ff..1ee6d6dd50 100644 --- a/pkg/util/cert.go +++ b/pkg/util/cert.go @@ -21,7 +21,7 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "io/ioutil" + "os" "time" "github.com/pkg/errors" @@ -69,7 +69,7 @@ func GenKeys(pubPath, keyPath string) error { return fmt.Errorf("failed to write the private key to %s: %v", keyPath, err) } - ioutil.WriteFile(pubPath, pubPEM, 0400) + os.WriteFile(pubPath, pubPEM, 0400) return nil } From 84ee9b46a8f7f1f9802fa1441189e16b77d6ff22 Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat <pacevedo@redhat.com> Date: Mon, 27 Mar 2023 12:59:59 +0200 Subject: [PATCH 39/79] OCPBUGS-10766: Change apiserver preferred addresses In order to avoid DNS configuration unless there is no other way, try using external and internal IPs to reach kubelet from apiserver. This allows having whatever hostname+domain name combinations without trying to resolve the name externally. To allow this we need to include the node IP in the kubelet certificate as this is what the apiserver will target. --- pkg/cmd/init.go | 2 +- pkg/controllers/kube-apiserver.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index 04c268d9c8..b3ab6c026e 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -180,7 +180,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err Name: "kubelet-server", ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays, }, - Hostnames: []string{cfg.NodeName}, + Hostnames: []string{cfg.NodeName, cfg.NodeIP}, }, ), ), diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index dc018c9f46..e3a9a68e77 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -133,7 +133,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) error { "kubelet-certificate-authority": {cryptomaterial.CABundlePath(kubeCSRSignerDir)}, "kubelet-client-certificate": {cryptomaterial.ClientCertPath(kubeletClientDir)}, "kubelet-client-key": {cryptomaterial.ClientKeyPath(kubeletClientDir)}, - "kubelet-preferred-address-types": {"Hostname"}, + "kubelet-preferred-address-types": {"InternalIP", "Hostname"}, "proxy-client-cert-file": {cryptomaterial.ClientCertPath(aggregatorClientCertDir)}, "proxy-client-key-file": {cryptomaterial.ClientKeyPath(aggregatorClientCertDir)}, From 54c0ab65c3a8431d54971ff8ed162c6ed8b137d3 Mon Sep 17 00:00:00 2001 From: Patryk Matuszak <305846+pmtk@users.noreply.github.com> Date: Wed, 29 Mar 2023 13:36:54 +0200 Subject: [PATCH 40/79] unfreeze ovn-k images --- scripts/auto-rebase/rebase.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/scripts/auto-rebase/rebase.sh b/scripts/auto-rebase/rebase.sh index 74d2767135..31a43d154d 100755 --- a/scripts/auto-rebase/rebase.sh +++ b/scripts/auto-rebase/rebase.sh @@ -646,16 +646,6 @@ update_images() { "${REPOROOT}/packaging/crio.conf.d/microshift_${goarch}.conf" done - # 2023-03-02: Freeze ovn-kubernetes-microshift-rhel-9 to avoid using image "double metrics registration panic" issue - # TODO: Remove when issue is fixed - jq -e '.images."ovn-kubernetes-microshift-rhel-9" = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065"' \ - "${REPOROOT}/assets/release/release-x86_64.json" > "${REPOROOT}/assets/release/release-x86_64.json.tmp" - mv "${REPOROOT}/assets/release/release-x86_64.json.tmp" "${REPOROOT}/assets/release/release-x86_64.json" - - jq -e '.images."ovn-kubernetes-microshift-rhel-9" = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca"' \ - "${REPOROOT}/assets/release/release-aarch64.json" > "${REPOROOT}/assets/release/release-aarch64.json.tmp" - mv "${REPOROOT}/assets/release/release-aarch64.json.tmp" "${REPOROOT}/assets/release/release-aarch64.json" - popd >/dev/null go fmt "${REPOROOT}"/pkg/release From de24ddbfe22b2820b5426f3ac4f4fe739c04dd93 Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Mon, 27 Mar 2023 13:56:22 -0500 Subject: [PATCH 41/79] skip csi deployment if LVM utility vg is not present --- pkg/components/storage.go | 6 ++++++ pkg/config/lvmd/lvmd.go | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/pkg/components/storage.go b/pkg/components/storage.go index e55ac423d3..01023b758d 100644 --- a/pkg/components/storage.go +++ b/pkg/components/storage.go @@ -75,6 +75,12 @@ func startCSIPlugin(cfg *config.MicroshiftConfig, kubeconfigPath string) error { } ) + // check for lvm utility 'vg', if not present, log and do not start CSI plugin + if err := lvmd.LvmSupported(); err != nil { + klog.Warning("skipping CSI deployment: %v", err) + return nil + } + // the lvmd file should be located in the same directory as the microshift config to minimize coupling with the // csi plugin. lvmdCfg, err := getCSIPluginConfig() diff --git a/pkg/config/lvmd/lvmd.go b/pkg/config/lvmd/lvmd.go index b0bea33732..4ffb88d476 100644 --- a/pkg/config/lvmd/lvmd.go +++ b/pkg/config/lvmd/lvmd.go @@ -108,6 +108,7 @@ func DefaultLvmdConfig() (*Lvmd, error) { // getVolumeGroups returns a slice of volume group names. func getVolumeGroups() ([]string, error) { + cmd := exec.Command("vgs", "--readonly", "--options=name", "--noheadings") output, err := cmd.Output() if err != nil { @@ -140,3 +141,10 @@ func NewLvmdConfigFromFile(p string) (*Lvmd, error) { l.Message = fmt.Sprintf("Read from %s", p) return l, nil } + +func LvmSupported() error { + if _, err := exec.LookPath("vgs"); err != nil { + return fmt.Errorf("lvm utility 'vgs' not found in PATH") + } + return nil +} \ No newline at end of file From c8278c0fd857f6de732d24b10b7b6d44b3389720 Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Tue, 28 Mar 2023 13:28:35 -0500 Subject: [PATCH 42/79] make gofmt happy --- pkg/config/lvmd/lvmd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/lvmd/lvmd.go b/pkg/config/lvmd/lvmd.go index 4ffb88d476..c47504f9fb 100644 --- a/pkg/config/lvmd/lvmd.go +++ b/pkg/config/lvmd/lvmd.go @@ -147,4 +147,4 @@ func LvmSupported() error { return fmt.Errorf("lvm utility 'vgs' not found in PATH") } return nil -} \ No newline at end of file +} From b251d361d67f69f915dcf897b895133903559cf0 Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Tue, 28 Mar 2023 16:33:35 -0500 Subject: [PATCH 43/79] removed comment, made error msg slightly more verbose --- pkg/components/storage.go | 1 - pkg/config/lvmd/lvmd.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/components/storage.go b/pkg/components/storage.go index 01023b758d..6d9574c4f8 100644 --- a/pkg/components/storage.go +++ b/pkg/components/storage.go @@ -75,7 +75,6 @@ func startCSIPlugin(cfg *config.MicroshiftConfig, kubeconfigPath string) error { } ) - // check for lvm utility 'vg', if not present, log and do not start CSI plugin if err := lvmd.LvmSupported(); err != nil { klog.Warning("skipping CSI deployment: %v", err) return nil diff --git a/pkg/config/lvmd/lvmd.go b/pkg/config/lvmd/lvmd.go index c47504f9fb..a064d0f35f 100644 --- a/pkg/config/lvmd/lvmd.go +++ b/pkg/config/lvmd/lvmd.go @@ -144,7 +144,7 @@ func NewLvmdConfigFromFile(p string) (*Lvmd, error) { func LvmSupported() error { if _, err := exec.LookPath("vgs"); err != nil { - return fmt.Errorf("lvm utility 'vgs' not found in PATH") + return fmt.Errorf("failed to find 'vgs' command line tool: %v", err) } return nil } From 957210b27b48f72245b97098ff13789b0bf0fd8d Mon Sep 17 00:00:00 2001 From: Doug Hellmann <dhellmann@redhat.com> Date: Thu, 30 Mar 2023 17:47:44 -0400 Subject: [PATCH 44/79] Merge pull request #1584 from ggiguash/devenv_use_rhel92 Start using RHEL 9.2 in the devenv and edge --- docs/devenv_setup.md | 15 +------- packaging/rpm/microshift.spec | 5 ++- scripts/devenv-builder/configure-vm.sh | 13 ------- scripts/image-builder/configure.sh | 49 ++++++++++++++++++++++++++ 4 files changed, 54 insertions(+), 28 deletions(-) diff --git a/docs/devenv_setup.md b/docs/devenv_setup.md index bca661febd..dfbc0ff0d5 100644 --- a/docs/devenv_setup.md +++ b/docs/devenv_setup.md @@ -4,7 +4,7 @@ It is recommended to review the current document and use the automation instruct ## Create Development Virtual Machine Start by downloading one of the supported boot images for the `x86_64` or `aarch64` architecture: -* RHEL 9.1 from https://developers.redhat.com/products/rhel/download +* RHEL 9.2 from https://developers.redhat.com/products/rhel/download * CentOS 9 Stream from https://www.centos.org/download ### Creating VM @@ -66,19 +66,6 @@ sudo dnf clean all -y sudo dnf update -y sudo dnf install -y git cockpit make golang selinux-policy-devel rpm-build jq bash-completion sudo systemctl enable --now cockpit.socket - -# Install go1.19 -# This is installed into different location (/usr/local/bin/go) from dnf installed Go (/usr/bin/go) so it doesn't conflict -# /usr/local/bin is before /usr/bin in $PATH so newer one is picked up -GO_VER=1.19.4 -GO_ARCH=$([ "$(uname -i)" == "x86_64" ] && echo "amd64" || echo "arm64") -curl -L -o "go${GO_VER}.linux-${GO_ARCH}.tar.gz" "https://go.dev/dl/go${GO_VER}.linux-${GO_ARCH}.tar.gz" && - sudo rm -rf "/usr/local/go${GO_VER}" && \ - sudo mkdir -p "/usr/local/go${GO_VER}" && \ - sudo tar -C "/usr/local/go${GO_VER}" -xzf "go${GO_VER}.linux-${GO_ARCH}.tar.gz" --strip-components 1 && \ - sudo rm -rfv /usr/local/bin/{go,gofmt} && \ - sudo ln --symbolic /usr/local/go${GO_VER}/bin/{go,gofmt} /usr/local/bin/ && \ - rm -rfv "go${GO_VER}.linux-${GO_ARCH}.tar.gz" ``` You should now be able to access the VM Cockpit console using `https://<vm_ip>:9090` URL. diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index 1664bd10ad..aadce55a1b 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -9,7 +9,7 @@ } # golang specifics -%global golang_version 1.18 +%global golang_version 1.19 #debuginfo not supported with Go %global debug_package %{nil} # modifying the Go binaries breaks the DWARF debugging @@ -296,6 +296,9 @@ systemctl enable --now --quiet openvswitch || true # Use Git command to generate the log and replace the VERSION string # LANG=C git log --date="format:%a %b %d %Y" --pretty="tformat:* %cd %an <%ae> VERSION%n- %s%n" packaging/rpm/microshift.spec %changelog +* Wed Mar 29 2023 Gregory Giguashvili <ggiguash@redhat.com> 4.13.0 +- Upgrade golang build-time dependency to 1.19 version + * Wed Mar 01 2023 Gregory Giguashvili <ggiguash@redhat.com> 4.13.0 - Add lvmd.yaml and ovn.yaml default configuration files diff --git a/scripts/devenv-builder/configure-vm.sh b/scripts/devenv-builder/configure-vm.sh index e68d7808c6..3aadcd47a0 100755 --- a/scripts/devenv-builder/configure-vm.sh +++ b/scripts/devenv-builder/configure-vm.sh @@ -55,19 +55,6 @@ sudo dnf update -y sudo dnf install -y git cockpit make golang jq selinux-policy-devel rpm-build jq bash-completion sudo systemctl enable --now cockpit.socket -# Install go1.19 -# This is installed into different location (/usr/local/bin/go) from dnf installed Go (/usr/bin/go) so it doesn't conflict -# /usr/local/bin is before /usr/bin in $PATH so newer one is picked up -GO_VER=1.19.4 -GO_ARCH=$([ "$(uname -i)" == "x86_64" ] && echo "amd64" || echo "arm64") -curl -L -o "go${GO_VER}.linux-${GO_ARCH}.tar.gz" "https://go.dev/dl/go${GO_VER}.linux-${GO_ARCH}.tar.gz" && - sudo rm -rf "/usr/local/go${GO_VER}" && \ - sudo mkdir -p "/usr/local/go${GO_VER}" && \ - sudo tar -C "/usr/local/go${GO_VER}" -xzf "go${GO_VER}.linux-${GO_ARCH}.tar.gz" --strip-components 1 && \ - sudo rm -rfv /usr/local/bin/{go,gofmt} && \ - sudo ln --symbolic /usr/local/go${GO_VER}/bin/{go,gofmt} /usr/local/bin/ && \ - rm -rfv "go${GO_VER}.linux-${GO_ARCH}.tar.gz" - if [ $BUILD_AND_INSTALL = true ] ; then # Build MicroShift # https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#build-microshift diff --git a/scripts/image-builder/configure.sh b/scripts/image-builder/configure.sh index e987c24125..97292a7c29 100755 --- a/scripts/image-builder/configure.sh +++ b/scripts/image-builder/configure.sh @@ -3,10 +3,59 @@ set -exo pipefail OSVERSION=$(awk -F: '{print $5}' /etc/system-release-cpe) +function osbuild_rhel9_beta() { + local json_file=$1 + sudo mkdir -p $(dirname ${json_file}) + sudo tee ${json_file} >/dev/null <<EOF +{ + "x86_64": [ + { + "name": "baseos", + "baseurl": "https://cdn.redhat.com/content/beta/rhel9/9/x86_64/baseos/os", + "rhsm": true, + "check_gpg": false + }, + { + "name": "appstream", + "baseurl": "https://cdn.redhat.com/content/beta/rhel9/9/x86_64/appstream/os", + "rhsm": true, + "check_gpg": false + } + ], + "aarch64": [ + { + "name": "baseos", + "baseurl": "https://cdn.redhat.com/content/beta/rhel9/9/aarch64/baseos/os", + "rhsm": true, + "check_gpg": false + }, + { + "name": "appstream", + "baseurl": "https://cdn.redhat.com/content/beta/rhel9/9/aarch64/appstream/os", + "rhsm": true, + "check_gpg": false + } + ] +} +EOF + + sudo systemctl stop --now osbuild-composer.socket osbuild-composer.service osbuild-worker@1.service + sleep 5 + sudo rm -rf /var/cache/osbuild-worker/* /var/lib/osbuild-composer/* +} + sudo dnf install -y git osbuild-composer composer-cli ostree rpm-ostree \ cockpit-composer cockpit-machines bash-completion podman genisoimage \ createrepo yum-utils selinux-policy-devel jq wget lorax rpm-build \ containernetworking-plugins + +# Configure osbuild-composer to use RHEL 9.2 beta repositories +# This is a workaround until RHEL 9.2 becomes GA +if grep -q 'Red Hat Enterprise Linux release 9.2 Beta' /etc/redhat-release ; then + JSON_FILE=/etc/osbuild-composer/repositories/rhel-92.json + [ ! -e ${JSON_FILE} ] && osbuild_rhel9_beta ${JSON_FILE} +fi + sudo systemctl enable osbuild-composer.socket --now sudo systemctl enable cockpit.socket --now sudo firewall-cmd --add-service=cockpit --permanent From e9783f7793c93846ac38cc2bbe8adb48b035d62b Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Fri, 31 Mar 2023 13:05:23 -0400 Subject: [PATCH 45/79] rebase-4.13.0-0.nightly-2023-03-28-014156_amd64-2023-03-28_arm64-2023-03-28 (#1587) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update component images * update manifests --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- assets/release/release-aarch64.json | 2 +- assets/release/release-x86_64.json | 14 ++++----- go.mod | 2 +- go.sum | 4 +-- packaging/crio.conf.d/microshift_amd64.conf | 2 +- scripts/auto-rebase/changelog.txt | 29 ++++++++++++++++++- scripts/auto-rebase/commits.txt | 18 ++++++------ scripts/auto-rebase/last_rebase.sh | 2 +- .../pkg/cmd/controller/psalabelsyncer.go | 12 ++++---- vendor/modules.txt | 2 +- 10 files changed, 57 insertions(+), 30 deletions(-) diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index f5bf2aef8a..dfb8eac78d 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-03-27-214926" + "base": "4.13.0-0.nightly-arm64-2023-03-28-131444" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8f49c6749ca274cb45371fe9df6c8f7e93149a14c3ed7357100b8ec6c67e5689", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index f8d8e8deda..eaf9b02523 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-2023-03-23-204038" + "base": "4.13.0-0.nightly-2023-03-28-014156" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:84aba6cc9ed84cd95a85cbc1b240a0db907b4b3a24d556715a8e6fd77065936f", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b3035476ded4209f81be2ede369e88d36bea8d3f03193836bda1d8ef07c7613", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5acaed1deee8b25170f8809fa1094037fea118d2ca0a303c8ad1849170e0cc95", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:28c8cc87355833e4d0a06be3bdbd3f1cfb5b9986e1504d23149df2fdd796557a", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:90d5de548e62036ca86387d04d3a09208c0c958510ae9e73d0450b5672e2db3e", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83d168862ea6c2f10887785a9ac9ada19cc899bf2990d2e773e330e80b02eb22", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fd90f3aeec0063db7bec9707c7e276ae466ad980b9e362453d638fb01b59f649", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eee411798b259500dd2da36618caac211e46f28981bc4a7bfbeac68ce2e7c074", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd970d579474f95de533c4eee7d5a28ece5bc4fe655367f15d2cfe4b7467a13f", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:03594cca8fa68b1d406d0d1812d036d5c06d291aee9d3249c423e12394ace800", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4d817698879f98bdb09f2cbfcdd33eddcbf906fc432caeaace27072ae2ab86bf", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f74348281fa0a0068b6b4defb8ad5a36aa765bdf419311738cecf9825ccd6276", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/go.mod b/go.mod index 4591ad7aca..b204b25872 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 - github.com/openshift/cluster-policy-controller v0.0.0-20230217170320-ac01e3463245 + github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 github.com/openshift/route-controller-manager v0.0.0-20230205134410-d7a8e22db412 github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index 9879325e33..6fd283fad4 100644 --- a/go.sum +++ b/go.sum @@ -606,8 +606,8 @@ github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qYyQDwsMWUfjjau8ezmg1dzCqub13KZOcE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= -github.com/openshift/cluster-policy-controller v0.0.0-20230217170320-ac01e3463245 h1:BoNt9Hemwyc32xX+CZZaNGegWEiN7bGTVk4XaRboO8k= -github.com/openshift/cluster-policy-controller v0.0.0-20230217170320-ac01e3463245/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= +github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY= +github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 h1:KxRTY0GQUEGc61T5PInmFfDtmIcYBCLcHydOFeAmTzs= github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 h1:R+QHGTVvds4UdDuNj3iM0DAptll1ZGTu+3CeBUVKY7U= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index ab7d43af75..a8477665c5 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd970d579474f95de533c4eee7d5a28ece5bc4fe655367f15d2cfe4b7467a13f" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4d817698879f98bdb09f2cbfcdd33eddcbf906fc432caeaace27072ae2ab86bf" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index dd554d18f1..dd2534f39c 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,4 +1,23 @@ -# ovn-kubernetes image-arm64 ebb5dcaf65a49156b7ea220176fa5dd6f3e3f716 to cb89e52240fe7346409589a9acae9c0106d24b03 +# cluster-kube-apiserver-operator embedded-component 3e62b53e39db960ccc16d717d1a25d751d4e9c49 to f2d9ccd2f585c57409257fae99da7f52ed6042cf +8110dfa09769bf3bf7877147512146296de1483c 2023-03-24T17:54:23+01:00 bump(api) +# cluster-kube-controller-manager-operator embedded-component 2a3e578c1007d7534eadffcca2adc979cb712995 to 280c115d63367f4ede8a4e893549cdc5919e8920 +487b8546158cf243b30c1ed8bb5daeb2cf301087 2023-03-22T14:14:21+01:00 fix render test +7dd94053e9f79d445923c679af2c3dfb603e226b 2023-03-22T14:14:19+01:00 bump o/api for the updated featureflags +# cluster-kube-scheduler-operator embedded-component d3978864fb58063235be176c18fe50457b5223f3 to fbc6ef4df8b0d9ea97acf9b0330d44a3a171b4fd +20c9a9af04d84b932b9cecb25a2263960cf72893 2023-03-20T10:11:15-04:00 update vendor folder +4924d0c1a19c3300ce0ed2d06a0c49c6542d757c 2023-03-20T10:11:03-04:00 bump(library-go) +# cluster-network-operator embedded-component 040d5efed272789341b16858f63c2d0bcdb71b50 to ae70394d0198a1d5a310410ba3468f38ce0522c2 +f9c32cf30aa63582adba034c90bf62a4ca0b6176 2023-03-22T13:55:35+00:00 operConfig reconcile can return nil error on failure +# cluster-policy-controller embedded-component ac01e3463245f2dd9312145368d7f4099a8a0bb9 to d02c85ab3203fe22eddcc4694e17504ef34935de +11d8891790e3c92405a3fb7c35b021d15b571053 2023-03-20T14:26:27+01:00 psalabelsyncer: invert the enforce/log logic to default to logging +# machine-config-operator embedded-component 40575b862f7bd42a2c40c8e6b7203cd4c29b0021 to a4e68fb1d5eed30d4c1b6f60e9385baf41a30bb3 +09c94a511e2a6190ad2a64d43ec8f7ff11569be7 2023-03-15T19:57:23+00:00 e2e: add testing for cert rotation +6fcc0ed596861cc38fe36b843993c16efd4961af 2023-03-15T19:57:23+00:00 Remove paused pool kubelet ca alert metrics +70131ba52f71de6ac9634f10cec58c580a440cc4 2023-03-15T19:57:23+00:00 server: add path to also serve the latest kubelet ca +77fd8d39c0e49d05dbf68de9380b668531920940 2023-03-15T19:57:23+00:00 daemon: have a special path to sync in certs +# oc image-amd64 eed143055ede731029931ad204b19cd2f565ef1a to 92b1a3d0e5d092430b523f6541aa0c504b2222b3 +32496b16599a0ee1d834a9d6685aca398d49c79d 2023-03-23T10:44:51+00:00 OCPBUGS-10622: bump repo sclorg/s2i-ruby-container location for newapp +# ovn-kubernetes image-amd64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 to cb89e52240fe7346409589a9acae9c0106d24b03 8513b38e5a74c0c5f303dca30a27e6cc24bdf89c 2023-03-24T16:52:21+01:00 update to before-kube-1.26 bump 46d2b9e1a902cfde6ed0a85251b336f60b0876b6 2023-03-23T17:26:47+01:00 don't create acl if no namespace address sets are selected. Previously "ip4.dst == {}" match was created, and ovn-controller throws an error on such acl 7ab410d18906602b127ae54fc49fb9e70d80ba03 2023-03-23T17:26:40+01:00 Add PodSelectorAddressSet tests. @@ -7,3 +26,11 @@ e0c35b2619f4084a0babea4aa554f5018e52ef5a 2023-03-23T17:26:26+01:00 Add PodSelect 4a03b84b53431d8147818f311bba63ea78d2a6dc 2023-03-23T17:26:19+01:00 Unlock shared default deny port group early, when no db changes required, to unlock other handlers from the same namespace. 06c9270dc3c69e8128d57a42b8def7b51ab1bbf8 2023-03-23T17:25:41+01:00 Add an option to enable scale metrics in kind 6d96be9e761aa544c3500c54508a61c102dbdd77 2023-03-23T17:25:30+01:00 Add MetricMasterSyncDuration metric to track how much it takes for ovn-k master to start watching every resource. Add scale metrics for network policies, rename existing enable-eip-scale-metrics flag to more general enable-scale-metrics, and use it for network policy metric too. +f9632bfa3ca30fd6173f59cb7657bf910dd7719d 2023-03-23T09:40:51+08:00 Fix duplicated metric registration +eb64a87cca1ad699edfb9cda876602ebdeb69d8a 2023-03-22T17:30:51-04:00 Fix egress firewall CRD +dec0b99f54538591d1f8b6461940b609a29dc9d9 2023-03-17T10:53:58+00:00 Updating ovn-kubernetes-base images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/3ea7e6d582117c0c2b118319e4f4a4bd35edce51/images/ovn-kubernetes-base.yml +3baa3d367651fc620dbfa50c82c14c20f988db04 2023-03-08T02:28:51+00:00 Updating ovn-kubernetes-microshift images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/724eedd015d4972b55704e41a4117c533e240935/images/ovn-kubernetes-microshift.yml +# ovn-kubernetes image-arm64 cb89e52240fe7346409589a9acae9c0106d24b03 to 9799fbc9bef06304e8195fbc4b37b2e095ec9325 +74f95e997d116f572b64c7cf7775d483aeed86d1 2023-03-23T17:14:38+01:00 fix multiple error aggregation: `errors.Wrapf` always returns nil if the first argument is nil. +362fa553d572b418f5b305b9c8fb68eb1a4e13cc 2023-03-23T17:14:26+01:00 Fix egress firewall unit tests gatewayMode setup update "egress firewall with node selector updates during node update" to work for both gateway modes. +2e3d170c179fc806bfebbdaf1bab3f606a562ecf 2023-03-23T17:14:18+01:00 Egress firewall creation error was overridden by the status update error and never returned. That would prevent retry on failure. diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 842bae848d..765ea5d74a 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,28 +1,28 @@ https://github.com/openshift/cluster-dns-operator embedded-component d96022a4d0d091955d73e7e99fc8cc81db56c86a https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c551de22016dc2b6c87ca11ef4ac2be04d -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 3e62b53e39db960ccc16d717d1a25d751d4e9c49 -https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 2a3e578c1007d7534eadffcca2adc979cb712995 -https://github.com/openshift/cluster-kube-scheduler-operator embedded-component d3978864fb58063235be176c18fe50457b5223f3 -https://github.com/openshift/cluster-network-operator embedded-component 040d5efed272789341b16858f63c2d0bcdb71b50 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component f2d9ccd2f585c57409257fae99da7f52ed6042cf +https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 280c115d63367f4ede8a4e893549cdc5919e8920 +https://github.com/openshift/cluster-kube-scheduler-operator embedded-component fbc6ef4df8b0d9ea97acf9b0330d44a3a171b4fd +https://github.com/openshift/cluster-network-operator embedded-component ae70394d0198a1d5a310410ba3468f38ce0522c2 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 7867c26e6c91e2cc279317dfc080befe63a60749 -https://github.com/openshift/cluster-policy-controller embedded-component ac01e3463245f2dd9312145368d7f4099a8a0bb9 +https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d https://github.com/openshift/kubernetes embedded-component dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf -https://github.com/openshift/machine-config-operator embedded-component 40575b862f7bd42a2c40c8e6b7203cd4c29b0021 +https://github.com/openshift/machine-config-operator embedded-component a4e68fb1d5eed30d4c1b6f60e9385baf41a30bb3 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a -https://github.com/openshift/oc image-amd64 eed143055ede731029931ad204b19cd2f565ef1a +https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-amd64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 +https://github.com/openshift/ovn-kubernetes image-amd64 cb89e52240fe7346409589a9acae9c0106d24b03 https://github.com/openshift/kubernetes image-amd64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-arm64 cb89e52240fe7346409589a9acae9c0106d24b03 +https://github.com/openshift/ovn-kubernetes image-arm64 9799fbc9bef06304e8195fbc4b37b2e095ec9325 https://github.com/openshift/kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index b282e5bf86..cfe7f2e488 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-23-204038" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-27-214926" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-28-014156" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-28-131444" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go index 6896b48109..cb1bc23ec5 100644 --- a/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go +++ b/vendor/github.com/openshift/cluster-policy-controller/pkg/cmd/controller/psalabelsyncer.go @@ -16,9 +16,9 @@ func runPodSecurityAdmissionLabelSynchronizationController(ctx context.Context, featureGates := sets.NewString(controllerCtx.OpenshiftControllerConfig.FeatureGates...) switch { - case featureGates.Has("OpenShiftPodSecurityAdmission=false"): - // if explicitly off, disable - controller, err := psalabelsyncer.NewAdvisingPodSecurityAdmissionLabelSynchronizationController( + case featureGates.Has("OpenShiftPodSecurityAdmission=true"): + // if explicitly on, enable + controller, err := psalabelsyncer.NewEnforcingPodSecurityAdmissionLabelSynchronizationController( kubeClient.CoreV1().Namespaces(), controllerCtx.KubernetesInformers.Core().V1().Namespaces(), controllerCtx.KubernetesInformers.Rbac().V1(), @@ -31,11 +31,11 @@ func runPodSecurityAdmissionLabelSynchronizationController(ctx context.Context, } go controller.Run(ctx, 1) - case featureGates.Has("OpenShiftPodSecurityAdmission=true"): - // if explicitly on or unspecified, run as enforcing. + case featureGates.Has("OpenShiftPodSecurityAdmission=false"): + // if explicitly off or unspecified, run as logging. fallthrough default: - controller, err := psalabelsyncer.NewEnforcingPodSecurityAdmissionLabelSynchronizationController( + controller, err := psalabelsyncer.NewAdvisingPodSecurityAdmissionLabelSynchronizationController( kubeClient.CoreV1().Namespaces(), controllerCtx.KubernetesInformers.Core().V1().Namespaces(), controllerCtx.KubernetesInformers.Rbac().V1(), diff --git a/vendor/modules.txt b/vendor/modules.txt index 7060320dfa..82d80ab82c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -808,7 +808,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface github.com/openshift/client-go/user/informers/externalversions/user github.com/openshift/client-go/user/informers/externalversions/user/v1 github.com/openshift/client-go/user/listers/user/v1 -# github.com/openshift/cluster-policy-controller v0.0.0-20230217170320-ac01e3463245 +# github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 ## explicit; go 1.19 github.com/openshift/cluster-policy-controller/pkg/client/genericinformers github.com/openshift/cluster-policy-controller/pkg/cmd/cluster-policy-controller From 87bb638c9b6f937b665659ebe6b8234560954249 Mon Sep 17 00:00:00 2001 From: Allen Ray <alray@redhat.com> Date: Wed, 15 Mar 2023 11:40:01 -0400 Subject: [PATCH 46/79] ETCD-403: Revert user configuration for etcd and change default max quota --- docs/howto_config.md | 20 ++--- etcd/cmd/microshift-etcd/run.go | 3 + .../openshift/microshift/pkg/config/config.go | 82 +++++++------------ packaging/microshift/config.yaml | 17 +--- pkg/config/config.go | 82 +++++++------------ pkg/config/config_test.go | 24 ++---- pkg/controllers/etcd.go | 25 ++++-- 7 files changed, 99 insertions(+), 154 deletions(-) diff --git a/docs/howto_config.md b/docs/howto_config.md index 5fb4f11a2b..6103dee49e 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -21,11 +21,7 @@ apiServer: debugging: logLevel: "" etcd: - quotaBackendSize: "" - defragCheckFreq: "" - doStartupDefrag: false - minDefragSize: "" - maxFragmentedPercentage: 0 + memoryLimitMB: 0 ``` ## Default Settings @@ -49,11 +45,7 @@ apiServer: debugging: logLevel: "Normal" etcd: - quotaBackendSize: "2Gi" - defragCheckFreq: "5m" - doStartupDefrag: true - minDefragSize: "100Mi" - maxFragmentedPercentage: 45 + memoryLimitMB: 0 ``` ## Service NodePort range @@ -90,6 +82,14 @@ List of ports that you must avoid: | 10259/tcp | kube scheduler |---------------|-----------------------------------------------------------------| +## Etcd Memory Limit + +By default, etcd will be allowed to use as much memory as it needs to handle the load on the system; however, in memory constrained systems, it may be preferred or necessary to limit the amount of memory etcd is allowed to use at a given time. + +Setting the `memoryLimitMB` to a value greater than 0 will result in a soft memory limit being applied to etcd; etcd will be allowed to go over this value during operation, but memory will be more aggresively reclaimed from it if it does. A value of `128` megabytes is the recommended starting place for this limit; however, the configuration floor is `50` megabytes - attempting to set the limit below 50 megabytes will result in the configuration being 50 megabytes. + +Please note that values between 50 and 128 megabytes will heavily trade off memory footprint for etcd performance: the lower the memory limit, the more time etcd will spend on paging memory to disk and will take longer to respond to queries or even timing requests out if the limit is low and the etcd usage is high. + # Auto-applying Manifests MicroShift leverages `kustomize` for Kubernetes-native templating and declarative management of resource objects. Upon start-up, it searches `/etc/microshift/manifests` and `/usr/lib/microshift/manifests` directories for a `kustomization.yaml` file. If it finds one, it automatically runs `kubectl apply -k` command to apply that manifest. diff --git a/etcd/cmd/microshift-etcd/run.go b/etcd/cmd/microshift-etcd/run.go index 0026092976..0ea60ef6ec 100644 --- a/etcd/cmd/microshift-etcd/run.go +++ b/etcd/cmd/microshift-etcd/run.go @@ -190,6 +190,9 @@ func setURL(hostnames []string, port string) []url.URL { return urls } +// The following 'fragemented' logic is copied from the Openshift Cluster Etcd Operator. +// +// https://github.com/openshift/cluster-etcd-operator/blob/0584b0d1c8868535baf889d8c199f605aef4a3ae/pkg/operator/defragcontroller/defragcontroller.go#L282 func isBackendFragmented(b backend.Backend, maxFragmentedPercentage float64, minDefragBytes int64) bool { fragmentedPercentage := checkFragmentationPercentage(b.Size(), b.SizeInUse()) if fragmentedPercentage > 0.00 { diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go index 11359242ea..fc541ae654 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go @@ -17,7 +17,6 @@ import ( "github.com/mitchellh/go-homedir" "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/component-base/logs" "k8s.io/klog/v2" @@ -58,7 +57,9 @@ type IngressConfig struct { ServingKey []byte } -type InternalEtcdConfig struct { +type EtcdConfig struct { + // Set a memory limit, in megabytes, on the etcd process; etcd will begin paging memory when it gets to this value. 0 means no limit. + MemoryLimit uint64 // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value QuotaBackendBytes int64 // If the backend is fragmented more than `maxFragmentedPercentage` @@ -71,19 +72,6 @@ type InternalEtcdConfig struct { DoStartupDefrag bool } -type EtcdConfig struct { - // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value - QuotaBackendSize string - // If the backend is fragmented more than `maxFragmentedPercentage` - // and the database size is greater than `minDefragSize`, do a defrag. - MinDefragSize string - MaxFragmentedPercentage float64 - // How often to check the conditions for defragging (0 means no defrags, except for a single on startup if `doStartupDefrag` is set). - DefragCheckFreq string - // Whether or not to do a defrag when the server finishes starting - DoStartupDefrag bool -} - type MicroshiftConfig struct { LogVLevel int `json:"logVLevel"` @@ -102,18 +90,28 @@ type MicroshiftConfig struct { BaseDomain string `json:"baseDomain"` Cluster ClusterConfig `json:"cluster"` - Ingress IngressConfig `json:"-"` - Etcd InternalEtcdConfig `json:"etcd"` + Ingress IngressConfig `json:"-"` + Etcd EtcdConfig `json:"etcd"` } // Top level config file type Config struct { - DNS DNS `json:"dns"` - Network Network `json:"network"` - Node Node `json:"node"` - ApiServer ApiServer `json:"apiServer"` - Debugging Debugging `json:"debugging"` - Etcd EtcdConfig `json:"etcd"` + DNS DNS `json:"dns"` + Network Network `json:"network"` + Node Node `json:"node"` + ApiServer ApiServer `json:"apiServer"` + Debugging Debugging `json:"debugging"` + Etcd Etcd `json:"etcd"` +} + +const ( + // Etcd performance degrades significantly if the memory available is less than 50MB, enfore this minimum. + EtcdMinimumMemoryLimit = 50 +) + +type Etcd struct { + // Set a memory limit, in megabytes, on the etcd process; etcd will begin paging memory when it gets to this value. 0 means no limit. + MemoryLimitMB uint64 `json:"memoryLimitMB"` } type Network struct { @@ -252,12 +250,13 @@ func NewMicroshiftConfig() *MicroshiftConfig { ServiceCIDR: "10.43.0.0/16", ServiceNodePortRange: "30000-32767", }, - Etcd: InternalEtcdConfig{ + Etcd: EtcdConfig{ + MemoryLimit: 0, // No limit MinDefragBytes: 100 * 1024 * 1024, // 100MB MaxFragmentedPercentage: 45, // percent DefragCheckFreq: 5 * time.Minute, DoStartupDefrag: true, - QuotaBackendBytes: 2 * 1024 * 1024 * 1024, // 2GB + QuotaBackendBytes: 8 * 1024 * 1024 * 1024, // 8GB }, } } @@ -416,35 +415,14 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { c.KASAdvertiseAddress = config.ApiServer.AdvertiseAddress } - if config.Etcd.DefragCheckFreq != "" { - d, err := time.ParseDuration(config.Etcd.DefragCheckFreq) - if err != nil { - return fmt.Errorf("failed to parse etcd defragCheckFreq: %v", err) - } - c.Etcd.DefragCheckFreq = d - } - if config.Etcd.MinDefragSize != "" { - q, err := resource.ParseQuantity(config.Etcd.MinDefragSize) - if err != nil { - return fmt.Errorf("failed to parse etcd minDefragSize: %v", err) - } - if !q.IsZero() { - c.Etcd.MinDefragBytes = q.Value() - } - } - if config.Etcd.MaxFragmentedPercentage > 0 { - c.Etcd.MaxFragmentedPercentage = config.Etcd.MaxFragmentedPercentage - } - if config.Etcd.QuotaBackendSize != "" { - q, err := resource.ParseQuantity(config.Etcd.QuotaBackendSize) - if err != nil { - return fmt.Errorf("failed to parse etcd quotaBackendSize: %v", err) - } - if !q.IsZero() { - c.Etcd.QuotaBackendBytes = q.Value() + if config.Etcd.MemoryLimitMB > 0 { + // If the memory limit is than the minimum, set it to the minimum and continue. + if config.Etcd.MemoryLimitMB < EtcdMinimumMemoryLimit { + c.Etcd.MemoryLimit = EtcdMinimumMemoryLimit + } else { + c.Etcd.MemoryLimit = config.Etcd.MemoryLimitMB } } - c.Etcd.DoStartupDefrag = config.Etcd.DoStartupDefrag return nil } diff --git a/packaging/microshift/config.yaml b/packaging/microshift/config.yaml index a74e6c120f..70cbbaae63 100644 --- a/packaging/microshift/config.yaml +++ b/packaging/microshift/config.yaml @@ -31,18 +31,5 @@ debugging: #logLevel: 'Normal' etcd: - # The limit on the size of the etcd database; the etcd server will start failing writes if its size on disk reaches this value. (Default: 2GB) - #quotaBackendSize: '2Gi' - - # How often to check the conditions for defragmenting the etcd database (0 means no defrags, except for a single on startup if `doStartupDefrag` is set). (Default: 5 minutes) - #defragCheckFreq: '5m' - - # Whether or not to defragment the etcd database when the etcd server finishes starting. (Default: true) - #doStartupDefrag: true - - # Defragment conditions: if both of the following are true when the condition check (controlled by the DefragCheckFreq) runs, defragment the etcd database. - # The minimum size of the etcd database, if the database is smaller than this value, defragmenting will not occur. (Default: 100MB) - #minDefragSize: '100Mi' - - # The maximum allowed fragmented percentage, if the database is fragmented less than this value, defragmenting will not occur. (Default: 45) - #maxFragmentedPercentage: 45 + # Memory limit for etcd, in Megabytes: 0 is no limit. + #memoryLimitMB: 0 diff --git a/pkg/config/config.go b/pkg/config/config.go index 11359242ea..fc541ae654 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -17,7 +17,6 @@ import ( "github.com/mitchellh/go-homedir" "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/component-base/logs" "k8s.io/klog/v2" @@ -58,7 +57,9 @@ type IngressConfig struct { ServingKey []byte } -type InternalEtcdConfig struct { +type EtcdConfig struct { + // Set a memory limit, in megabytes, on the etcd process; etcd will begin paging memory when it gets to this value. 0 means no limit. + MemoryLimit uint64 // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value QuotaBackendBytes int64 // If the backend is fragmented more than `maxFragmentedPercentage` @@ -71,19 +72,6 @@ type InternalEtcdConfig struct { DoStartupDefrag bool } -type EtcdConfig struct { - // The limit on the size of the etcd database; etcd will start failing writes if its size on disk reaches this value - QuotaBackendSize string - // If the backend is fragmented more than `maxFragmentedPercentage` - // and the database size is greater than `minDefragSize`, do a defrag. - MinDefragSize string - MaxFragmentedPercentage float64 - // How often to check the conditions for defragging (0 means no defrags, except for a single on startup if `doStartupDefrag` is set). - DefragCheckFreq string - // Whether or not to do a defrag when the server finishes starting - DoStartupDefrag bool -} - type MicroshiftConfig struct { LogVLevel int `json:"logVLevel"` @@ -102,18 +90,28 @@ type MicroshiftConfig struct { BaseDomain string `json:"baseDomain"` Cluster ClusterConfig `json:"cluster"` - Ingress IngressConfig `json:"-"` - Etcd InternalEtcdConfig `json:"etcd"` + Ingress IngressConfig `json:"-"` + Etcd EtcdConfig `json:"etcd"` } // Top level config file type Config struct { - DNS DNS `json:"dns"` - Network Network `json:"network"` - Node Node `json:"node"` - ApiServer ApiServer `json:"apiServer"` - Debugging Debugging `json:"debugging"` - Etcd EtcdConfig `json:"etcd"` + DNS DNS `json:"dns"` + Network Network `json:"network"` + Node Node `json:"node"` + ApiServer ApiServer `json:"apiServer"` + Debugging Debugging `json:"debugging"` + Etcd Etcd `json:"etcd"` +} + +const ( + // Etcd performance degrades significantly if the memory available is less than 50MB, enfore this minimum. + EtcdMinimumMemoryLimit = 50 +) + +type Etcd struct { + // Set a memory limit, in megabytes, on the etcd process; etcd will begin paging memory when it gets to this value. 0 means no limit. + MemoryLimitMB uint64 `json:"memoryLimitMB"` } type Network struct { @@ -252,12 +250,13 @@ func NewMicroshiftConfig() *MicroshiftConfig { ServiceCIDR: "10.43.0.0/16", ServiceNodePortRange: "30000-32767", }, - Etcd: InternalEtcdConfig{ + Etcd: EtcdConfig{ + MemoryLimit: 0, // No limit MinDefragBytes: 100 * 1024 * 1024, // 100MB MaxFragmentedPercentage: 45, // percent DefragCheckFreq: 5 * time.Minute, DoStartupDefrag: true, - QuotaBackendBytes: 2 * 1024 * 1024 * 1024, // 2GB + QuotaBackendBytes: 8 * 1024 * 1024 * 1024, // 8GB }, } } @@ -416,35 +415,14 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { c.KASAdvertiseAddress = config.ApiServer.AdvertiseAddress } - if config.Etcd.DefragCheckFreq != "" { - d, err := time.ParseDuration(config.Etcd.DefragCheckFreq) - if err != nil { - return fmt.Errorf("failed to parse etcd defragCheckFreq: %v", err) - } - c.Etcd.DefragCheckFreq = d - } - if config.Etcd.MinDefragSize != "" { - q, err := resource.ParseQuantity(config.Etcd.MinDefragSize) - if err != nil { - return fmt.Errorf("failed to parse etcd minDefragSize: %v", err) - } - if !q.IsZero() { - c.Etcd.MinDefragBytes = q.Value() - } - } - if config.Etcd.MaxFragmentedPercentage > 0 { - c.Etcd.MaxFragmentedPercentage = config.Etcd.MaxFragmentedPercentage - } - if config.Etcd.QuotaBackendSize != "" { - q, err := resource.ParseQuantity(config.Etcd.QuotaBackendSize) - if err != nil { - return fmt.Errorf("failed to parse etcd quotaBackendSize: %v", err) - } - if !q.IsZero() { - c.Etcd.QuotaBackendBytes = q.Value() + if config.Etcd.MemoryLimitMB > 0 { + // If the memory limit is than the minimum, set it to the minimum and continue. + if config.Etcd.MemoryLimitMB < EtcdMinimumMemoryLimit { + c.Etcd.MemoryLimit = EtcdMinimumMemoryLimit + } else { + c.Etcd.MemoryLimit = config.Etcd.MemoryLimitMB } } - c.Etcd.DoStartupDefrag = config.Etcd.DoStartupDefrag return nil } diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 1be50403c6..3616c79a28 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -57,13 +57,6 @@ func TestConfigFile(t *testing.T) { Debugging: Debugging{ LogLevel: "Debug", }, - Etcd: EtcdConfig{ - QuotaBackendSize: "2Gi", - MinDefragSize: "100Mi", - MaxFragmentedPercentage: 45, - DefragCheckFreq: "5m", - DoStartupDefrag: true, - }, }, expected: MicroshiftConfig{ LogVLevel: 4, @@ -78,8 +71,9 @@ func TestConfigFile(t *testing.T) { ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", }, - Etcd: InternalEtcdConfig{ - QuotaBackendBytes: 2 * 1024 * 1024 * 1024, + Etcd: EtcdConfig{ + MemoryLimit: 0, + QuotaBackendBytes: 8 * 1024 * 1024 * 1024, MinDefragBytes: 100 * 1024 * 1024, MaxFragmentedPercentage: 45, DefragCheckFreq: 5 * time.Minute, @@ -157,13 +151,6 @@ func TestMicroshiftConfigReadAndValidate(t *testing.T) { Debugging: Debugging{ LogLevel: "Debug", }, - Etcd: EtcdConfig{ - QuotaBackendSize: "2Gi", - MinDefragSize: "100Mi", - MaxFragmentedPercentage: 45, - DefragCheckFreq: "5m", - DoStartupDefrag: true, - }, }, expected: MicroshiftConfig{ LogVLevel: 4, @@ -180,8 +167,9 @@ func TestMicroshiftConfigReadAndValidate(t *testing.T) { ServiceNodePortRange: "1024-32767", DNS: "40.30.0.10", }, - Etcd: InternalEtcdConfig{ - QuotaBackendBytes: 2 * 1024 * 1024 * 1024, + Etcd: EtcdConfig{ + MemoryLimit: 0, + QuotaBackendBytes: 8 * 1024 * 1024 * 1024, MinDefragBytes: 100 * 1024 * 1024, MaxFragmentedPercentage: 45, DefragCheckFreq: 5 * time.Minute, diff --git a/pkg/controllers/etcd.go b/pkg/controllers/etcd.go index 5596e8cb25..98e56458ae 100644 --- a/pkg/controllers/etcd.go +++ b/pkg/controllers/etcd.go @@ -36,10 +36,14 @@ var ( HealthCheckWait = time.Duration(3 * time.Second) ) -type EtcdService struct{} +type EtcdService struct { + memoryLimit uint64 +} func NewEtcd(cfg *config.MicroshiftConfig) *EtcdService { - return &EtcdService{} + return &EtcdService{ + memoryLimit: cfg.Etcd.MemoryLimit, + } } func (s *EtcdService) Name() string { return "etcd" } @@ -59,24 +63,31 @@ func (s *EtcdService) Run(ctx context.Context, ready chan<- struct{}, stopped ch etcdPath := filepath.Join(filepath.Dir(microshiftExecPath), "microshift-etcd") // Not running the etcd binary directly, the proper etcd arguments are handled // in etcd/cmd/microshift-etcd/run.go. - args := []string{"run"} + args := []string{} // If we're launching MicroShift as a service, we need to do the same // with etcd, so wrap it in a transient systemd-unit that's tied // to the MicroShift service lifetime. var exe string if runningAsSvc { - args = append([]string{ + args = append(args, "--uid=root", "--scope", - "--property", "BindsTo=microshift.service", "--unit", "microshift-etcd", - etcdPath, - }, args...) + "--property", "BindsTo=microshift.service", + ) + + if s.memoryLimit > 0 { + args = append(args, "--property", fmt.Sprintf("MemoryHigh=%vM", s.memoryLimit)) + } + + args = append(args, etcdPath) + exe = "systemd-run" } else { exe = etcdPath } + args = append(args, "run") // Not using context as canceling ctx sends SIGKILL to process cmd := exec.Command(exe, args...) From 0529c9bdf802bbf77e4da2e5f7748ec1b457e38b Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Thu, 30 Mar 2023 09:30:43 -0500 Subject: [PATCH 47/79] use warningf --- pkg/components/storage.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/components/storage.go b/pkg/components/storage.go index 6d9574c4f8..a46ba3527d 100644 --- a/pkg/components/storage.go +++ b/pkg/components/storage.go @@ -76,7 +76,7 @@ func startCSIPlugin(cfg *config.MicroshiftConfig, kubeconfigPath string) error { ) if err := lvmd.LvmSupported(); err != nil { - klog.Warning("skipping CSI deployment: %v", err) + klog.Warningf("skipping CSI deployment: %w", err) return nil } From 38dcb09031c02707780c257b128c687b39485559 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Tue, 4 Apr 2023 04:56:08 -0400 Subject: [PATCH 48/79] rebase-4.13.0-0.nightly-2023-04-01-062001_amd64-2023-04-01_arm64-2023-03-30 (#1612) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update etcd/go.mod * update etcd/vendor * update component images * update manifests * update buildfiles * OCPBUGS-11317: migrate to using Lease for leader election The cluster-kube-controller-manager-operator changed the way it manages leader election for kube-controller-manager, so the configuration of the KCM is different than the unit tests expect. Update the unit tests. --------- Co-authored-by: ci-robot <ci-robot@openshift.io> Co-authored-by: Doug Hellmann <dhellmann@redhat.com> --- Makefile.kube_git.var | 2 +- .../defaultconfig.yaml | 4 +- assets/release/release-aarch64.json | 16 +-- assets/release/release-x86_64.json | 16 +-- etcd/go.mod | 58 ++++----- etcd/go.sum | 24 ++-- .../openshift/microshift/pkg/util/cert.go | 4 +- etcd/vendor/modules.txt | 70 +++++------ go.mod | 60 +++++----- go.sum | 102 ++++++++-------- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- .../kube-controller-manager_test.go | 2 +- scripts/auto-rebase/changelog.txt | 76 ++++++------ scripts/auto-rebase/commits.txt | 20 ++-- scripts/auto-rebase/last_rebase.sh | 2 +- .../legacy-cloud-providers/azure/azure.go | 13 ++- .../azure/azure_loadbalancer.go | 26 ++++- vendor/modules.txt | 110 +++++++++--------- 19 files changed, 323 insertions(+), 286 deletions(-) diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index c842e8b036..1fbe2da6db 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf +KUBE_GIT_COMMIT=7195e44fb36b487f275becffbf5828e2021f94d4 KUBE_GIT_TREE_STATE=clean diff --git a/assets/controllers/kube-controller-manager/defaultconfig.yaml b/assets/controllers/kube-controller-manager/defaultconfig.yaml index 7aca755b62..efceaa3c61 100644 --- a/assets/controllers/kube-controller-manager/defaultconfig.yaml +++ b/assets/controllers/kube-controller-manager/defaultconfig.yaml @@ -14,9 +14,9 @@ extendedArguments: leader-elect-retry-period: - "3s" leader-elect-resource-lock: - - "configmapsleases" + - "leases" leader-elect-renew-deadline: - - "12s" # Increase api call timeout value from default 5s to 6s, required in case primary dns server fail. + - "12s" # Increase api call timeout value from default 5s to 6s, required in case primary dns server fail. controllers: - "*" - "-ttl" # TODO: this is excluded in kube-core, but not in #21092 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index dfb8eac78d..66732778f3 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-03-28-131444" + "base": "4.13.0-0.nightly-arm64-2023-03-30-050636" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8f49c6749ca274cb45371fe9df6c8f7e93149a14c3ed7357100b8ec6c67e5689", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9f68737e9d390c2b3b20fdd6442ce0e090812e5f4393d08f722fb231e01bf606", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9171422b4f573a367cd042a87a103f208375646c50ce0e830dc540fd30568712", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2f26942b0de3317aeba0ebd345a5db6e6fa6807158e24491422bfa0f4b259aa3", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c21b0f23ef9874150f91f6a4db29770008d9dbaefa03574733dcadf8ad62947", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bf3a374408dba3051947f141411f1a39b76a007ad1d4c00d68f0f6566c219ba1", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:95b51ae3818ee76d65b6c907bf5f86d7edb4f5f5b4a8a2ffce329ff53aedcadf", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:801526ea5132128e271ac6722602adecc7c1934a42f4ba05dbe1d841b4312a7d", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad6a1b1a01f928dad3ed9b1d1288c4d5e665868c1713ca54c64ff21ebe4fb8ca", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fe1d1fa6f1515af43bdf7134c9726b4ec96f15afdeac1a29788edaacc972b3ba", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9e505194244679062036cd740bf6c3d31f8c023f254a0d134d541df0d9f4fb04", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e8d48a2365ae185e8676c8ec52bf449360411e84d46de41c5e3798ddcbfe7d94", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f60a54ff8d67382fa7e89e0a0841e1f6c0e7a68261f94a093c881e39f03979d6", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4bc63e2ea6e8ecdd5bbf4002d9afde7b622811eb35e331a8aaa39c488619dd3c", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index eaf9b02523..794bb025da 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-2023-03-28-014156" + "base": "4.13.0-0.nightly-2023-04-01-062001" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:90d5de548e62036ca86387d04d3a09208c0c958510ae9e73d0450b5672e2db3e", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:83d168862ea6c2f10887785a9ac9ada19cc899bf2990d2e773e330e80b02eb22", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fd90f3aeec0063db7bec9707c7e276ae466ad980b9e362453d638fb01b59f649", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eee411798b259500dd2da36618caac211e46f28981bc4a7bfbeac68ce2e7c074", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dab7cbb4ec3c211fd6c109e5de9ed848d8b96b35a4622f019eb324fa12adeb4d", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:343f6fdc5a63b904ec329020977cbbfcce7035893e5a1cc37388d77f5e7e7a15", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5ab6561dbe5a00a9b96e1c29818d8376c8e871e6757875c9cf7f48e333425065", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4d817698879f98bdb09f2cbfcdd33eddcbf906fc432caeaace27072ae2ab86bf", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f74348281fa0a0068b6b4defb8ad5a36aa765bdf419311738cecf9825ccd6276", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:665cec0f63b8529c7d58bb8dc50073fccf86c959565958a8e9448c497e6d2cfd", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c39dfe34ed175b0f816f73fa9f6d51ae972dd9d73122ed3e4c99f7026bd5272d", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/etcd/go.mod b/etcd/go.mod index 8aaf3223ec..494e9ac658 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index a83a671226..0f81bd2e27 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 h1:R+QHGTVvds4UdDuNj3iM0DAptll1ZGTu+3CeBUVKY7U= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 h1:3BLuSiiTDx0i8PuBby+9wjrCmh1XN9PB7gvRQC7vsEs= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 h1:8h/dhmzLuNF07zn7BWemWuXvOjKGeDKF4M+PfYlREnM= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 h1:QlbgdZ1kHaWGUj6nCA1GMF4ZNBkxNgOzAT6gNRuqgg0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 h1:ESBhpxZ22bsGLvoEwGuEvXHTPjv8oLRkg6eSxk1AH+4= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 h1:5qjRTrQ0yg2qds0ikK6BUSb6r8TrwvhSmPeaUFnah00= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b h1:xTsEOcBuimHVQRDbX/o4e6X4AqstVSi3Loo99EFfSRI= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b h1:mbMIc1jxKj2ViSqc3Gxj2lIbF8RyWbx+zwT8q31w0P4= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b h1:7t/Y8yxVuGwnTBSsfQTcUbTCJAQNHDA1FCE4ctGsGMU= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b h1:DpqYztNyMocHfqt3tnj9WZmU5zOl4ptmbQSuwLXaDhw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b h1:M19Saufssg/9UbDEL5x2rnQ2MmL+cxCZ4PSsmKbhq+0= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b h1:6KK8gXoJVJ4kAdpMgufNyZSbdeGXkKWMF13E0Db99F4= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/util/cert.go b/etcd/vendor/github.com/openshift/microshift/pkg/util/cert.go index c4821ec1af..1ee6d6dd50 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/util/cert.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/util/cert.go @@ -21,7 +21,7 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "io/ioutil" + "os" "time" "github.com/pkg/errors" @@ -69,7 +69,7 @@ func GenKeys(pubPath, keyPath string) error { return fmt.Errorf("failed to write the private key to %s: %v", keyPath, err) } - ioutil.WriteFile(pubPath, pubPEM, 0644) + os.WriteFile(pubPath, pubPEM, 0400) return nil } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 061fd9dd93..1326b0a132 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -998,32 +998,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b diff --git a/go.mod b/go.mod index b204b25872..84b010a7fa 100644 --- a/go.mod +++ b/go.mod @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b // from kubernetes ) diff --git a/go.sum b/go.sum index 6fd283fad4..b0e8160855 100644 --- a/go.sum +++ b/go.sum @@ -608,57 +608,57 @@ github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qY github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 h1:KxRTY0GQUEGc61T5PInmFfDtmIcYBCLcHydOFeAmTzs= -github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 h1:R+QHGTVvds4UdDuNj3iM0DAptll1ZGTu+3CeBUVKY7U= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 h1:6DOaa5UxnHAyBpk5Ms++SaLile4nkCrCv6qFQamvjeU= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 h1:3BLuSiiTDx0i8PuBby+9wjrCmh1XN9PB7gvRQC7vsEs= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 h1:cUl6TWk6zZzxdc2IMYhHXgwW03sJyHlzRZwmcGV/jqM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 h1:8h/dhmzLuNF07zn7BWemWuXvOjKGeDKF4M+PfYlREnM= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 h1:QlbgdZ1kHaWGUj6nCA1GMF4ZNBkxNgOzAT6gNRuqgg0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 h1:NbmuhD07/za6M7E/9umaQou0umK7lQb8tZztBUKxv04= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 h1:wlLFeaYE9r3SlAIRr4LjSuvlAx6fIWayNFg+inFZej8= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 h1:ESBhpxZ22bsGLvoEwGuEvXHTPjv8oLRkg6eSxk1AH+4= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 h1:xzSbQBONE7GPIXewyx4wmHlcO41p7OPUxjBeJs+bTc4= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 h1:XBKlErau4l+exgzjKQrqIAIlJX7nSvc+WSo9RrvZGMg= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 h1:4TmEB/ld/IkLYBXMDpkpfBXdkcrZb2hLeSxSfCqkeAM= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 h1:OYTjbDCzUFrnCcY2cSmu2IObKeciw9I416djfoyOIpU= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 h1:wiyzwM+xGczeSlKnXh7gjpqjSeIfRlY80rsVMDVAS7k= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 h1:smjFuMcB5aKzPKccWdGjRatDVksExnMqYFplj+WPvUQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 h1:pBk+QBgTYBdDfsqm57UZLuSWNcKuAqajz8GoEUixG70= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 h1:0VdJn3iHYz66PKvYcxC9XUcWCwjwSRH6AZqlpv6/1/g= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 h1:uCwvLRVpOODJ5dhTrMIapg41uC83DII11PI0RqYEuyY= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 h1:5qjRTrQ0yg2qds0ikK6BUSb6r8TrwvhSmPeaUFnah00= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 h1:EtIdy8qM7d1te2dglgj4F4XWt8vF/ymFulGuJ/YniBo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 h1:5/y+H5uhTgp7d1TbWb/2WPHW6hy3mj11FLjCPiBySUk= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 h1:eEq1rRjHJ9HRw59SwUlkxVSrrF6B889MhQpoxJWDOgE= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 h1:ISNVf6yXdzTDl72PJEiBmmk+TNeBzd5GIdGuLFDDby4= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 h1:Ei2yhSKra+KyXBD763SwrCWV2XfBBsVokcQjocmFgQs= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= +github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b h1:6Nc1Ecx7jY7c2tboM/2tq4Cf6qPZ5oHQJp45+d3JMwU= +github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b h1:xTsEOcBuimHVQRDbX/o4e6X4AqstVSi3Loo99EFfSRI= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b h1:1p9ENfcAhgoYu3JXDFAKLoMql8Xis+JkTKbTyT7e92M= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b h1:mbMIc1jxKj2ViSqc3Gxj2lIbF8RyWbx+zwT8q31w0P4= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b h1:7F5PdsTBYiIYtNvLqaPKNVUxREQJ60eY7aKrdAN8loA= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b h1:7t/Y8yxVuGwnTBSsfQTcUbTCJAQNHDA1FCE4ctGsGMU= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b h1:DpqYztNyMocHfqt3tnj9WZmU5zOl4ptmbQSuwLXaDhw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b h1:Qpm5uEZg6d6FA0Qh0xCwnEyO/jN3h8Poe7jUG4hl5d4= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b h1:3ejJJqDb9Qm6Buxt7mCkySWCuxtSJrfRZVC6n5LPajM= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b h1:M19Saufssg/9UbDEL5x2rnQ2MmL+cxCZ4PSsmKbhq+0= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b h1:cQytvyEgwC/GCqbE6XQ5hajPItyWydGOSB1vkiYGmGY= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b h1:qGS03sU7xxElqQRs85DZdHFKL8Uht+35ARXG8uLPafI= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b h1:GaP2oWuZH3B1GkRwK4k7ofWu7ORwFUrKA3m/dAcH3ec= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b h1:nYazIGHb1pJxoOshvQ4cknWcyV1n49lUoLxVYPHlTng= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b h1:YcARjjuYDaJLi/MvJ0KwyLF5EE26XQnqQ8vpW1DxjOs= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b h1:aiD7bZyaBL1uM452l8T808OJRfyOhw76gkUrJ0ezJTQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b h1:xDxY5BNEFTWSlbaZXqtgVCdp5LyQs9JI4SvWxksXbXY= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b h1:BXcYg7ILvfe/5rXOlzS2sw3nHU22KkaUHyo/RkwvDQA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b h1:rzyZxuQV6qxXDuEjkpiIq+J/0UillSrE9sDiNGX6OjQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b h1:6KK8gXoJVJ4kAdpMgufNyZSbdeGXkKWMF13E0Db99F4= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b h1:Gda2vfGXywaMkp/bwu4eUsgm9J14AC2dyDmzchrHKLU= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b h1:/6jHAfncKKzsEiPYjlrAR0rTGi6kU8gLNfCAoR8oIDk= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b h1:qod5YUshgs1wRsDgqSQwex6Y+LLvTQ+a8JfIcx4PnJY= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b h1:KKcJt2B6LV4uecSVYZwyRrM9h61obdJn06rFmCbvNvs= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b h1:F0mTR63tr6BpgYOwGo/rKu5oR73EoniL6BtZgG6jqTA= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index a8477665c5..f070a97478 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4d817698879f98bdb09f2cbfcdd33eddcbf906fc432caeaace27072ae2ab86bf" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c39dfe34ed175b0f816f73fa9f6d51ae972dd9d73122ed3e4c99f7026bd5272d" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 917361c506..5ce75debbd 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fe1d1fa6f1515af43bdf7134c9726b4ec96f15afdeac1a29788edaacc972b3ba" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f60a54ff8d67382fa7e89e0a0841e1f6c0e7a68261f94a093c881e39f03979d6" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/pkg/controllers/kube-controller-manager_test.go b/pkg/controllers/kube-controller-manager_test.go index 94b1455b24..da2c9aae2f 100644 --- a/pkg/controllers/kube-controller-manager_test.go +++ b/pkg/controllers/kube-controller-manager_test.go @@ -61,7 +61,7 @@ func TestConfigure(t *testing.T) { "--kube-api-qps=150", fmt.Sprintf("--kubeconfig=%s", cfg.KubeConfigPath(config.KubeControllerManager)), "--leader-elect-renew-deadline=12s", - "--leader-elect-resource-lock=configmapsleases", + "--leader-elect-resource-lock=leases", "--leader-elect-retry-period=3s", "--leader-elect=false", fmt.Sprintf("--root-ca-file=%s", kcmRootCAFile()), diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index dd2534f39c..ef72fa09ea 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,36 +1,46 @@ -# cluster-kube-apiserver-operator embedded-component 3e62b53e39db960ccc16d717d1a25d751d4e9c49 to f2d9ccd2f585c57409257fae99da7f52ed6042cf -8110dfa09769bf3bf7877147512146296de1483c 2023-03-24T17:54:23+01:00 bump(api) -# cluster-kube-controller-manager-operator embedded-component 2a3e578c1007d7534eadffcca2adc979cb712995 to 280c115d63367f4ede8a4e893549cdc5919e8920 -487b8546158cf243b30c1ed8bb5daeb2cf301087 2023-03-22T14:14:21+01:00 fix render test -7dd94053e9f79d445923c679af2c3dfb603e226b 2023-03-22T14:14:19+01:00 bump o/api for the updated featureflags -# cluster-kube-scheduler-operator embedded-component d3978864fb58063235be176c18fe50457b5223f3 to fbc6ef4df8b0d9ea97acf9b0330d44a3a171b4fd -20c9a9af04d84b932b9cecb25a2263960cf72893 2023-03-20T10:11:15-04:00 update vendor folder -4924d0c1a19c3300ce0ed2d06a0c49c6542d757c 2023-03-20T10:11:03-04:00 bump(library-go) -# cluster-network-operator embedded-component 040d5efed272789341b16858f63c2d0bcdb71b50 to ae70394d0198a1d5a310410ba3468f38ce0522c2 -f9c32cf30aa63582adba034c90bf62a4ca0b6176 2023-03-22T13:55:35+00:00 operConfig reconcile can return nil error on failure -# cluster-policy-controller embedded-component ac01e3463245f2dd9312145368d7f4099a8a0bb9 to d02c85ab3203fe22eddcc4694e17504ef34935de -11d8891790e3c92405a3fb7c35b021d15b571053 2023-03-20T14:26:27+01:00 psalabelsyncer: invert the enforce/log logic to default to logging -# machine-config-operator embedded-component 40575b862f7bd42a2c40c8e6b7203cd4c29b0021 to a4e68fb1d5eed30d4c1b6f60e9385baf41a30bb3 -09c94a511e2a6190ad2a64d43ec8f7ff11569be7 2023-03-15T19:57:23+00:00 e2e: add testing for cert rotation -6fcc0ed596861cc38fe36b843993c16efd4961af 2023-03-15T19:57:23+00:00 Remove paused pool kubelet ca alert metrics -70131ba52f71de6ac9634f10cec58c580a440cc4 2023-03-15T19:57:23+00:00 server: add path to also serve the latest kubelet ca -77fd8d39c0e49d05dbf68de9380b668531920940 2023-03-15T19:57:23+00:00 daemon: have a special path to sync in certs -# oc image-amd64 eed143055ede731029931ad204b19cd2f565ef1a to 92b1a3d0e5d092430b523f6541aa0c504b2222b3 -32496b16599a0ee1d834a9d6685aca398d49c79d 2023-03-23T10:44:51+00:00 OCPBUGS-10622: bump repo sclorg/s2i-ruby-container location for newapp -# ovn-kubernetes image-amd64 dd45efd39e5db428d4578ed6787e6c08b79e2df5 to cb89e52240fe7346409589a9acae9c0106d24b03 -8513b38e5a74c0c5f303dca30a27e6cc24bdf89c 2023-03-24T16:52:21+01:00 update to before-kube-1.26 bump -46d2b9e1a902cfde6ed0a85251b336f60b0876b6 2023-03-23T17:26:47+01:00 don't create acl if no namespace address sets are selected. Previously "ip4.dst == {}" match was created, and ovn-controller throws an error on such acl -7ab410d18906602b127ae54fc49fb9e70d80ba03 2023-03-23T17:26:40+01:00 Add PodSelectorAddressSet tests. -efa8741efd682bca78571cc71f0a5cb94e71449b 2023-03-23T17:26:34+01:00 Rework gressPolicy ACLs build: previously all gress policies with at least one selector had peerAddressSet, and empty gress (allow all) was identified by "gp.sizeOfAddressSet() > 0". Now we don't create address sets like that, therefore a new hasPeerSelector field was added to distinguish empty gress from the one that just doesn't have any address sets added yet. -e0c35b2619f4084a0babea4aa554f5018e52ef5a 2023-03-23T17:26:26+01:00 Add PodSelectorAddressSet object, that should be used to manage address sets for pod selector (network policy object is only responsible for local pods and peer namespace-only handlers). The locking mechanism is copied from networkPolicy. -4a03b84b53431d8147818f311bba63ea78d2a6dc 2023-03-23T17:26:19+01:00 Unlock shared default deny port group early, when no db changes required, to unlock other handlers from the same namespace. -06c9270dc3c69e8128d57a42b8def7b51ab1bbf8 2023-03-23T17:25:41+01:00 Add an option to enable scale metrics in kind -6d96be9e761aa544c3500c54508a61c102dbdd77 2023-03-23T17:25:30+01:00 Add MetricMasterSyncDuration metric to track how much it takes for ovn-k master to start watching every resource. Add scale metrics for network policies, rename existing enable-eip-scale-metrics flag to more general enable-scale-metrics, and use it for network policy metric too. -f9632bfa3ca30fd6173f59cb7657bf910dd7719d 2023-03-23T09:40:51+08:00 Fix duplicated metric registration -eb64a87cca1ad699edfb9cda876602ebdeb69d8a 2023-03-22T17:30:51-04:00 Fix egress firewall CRD -dec0b99f54538591d1f8b6461940b609a29dc9d9 2023-03-17T10:53:58+00:00 Updating ovn-kubernetes-base images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/3ea7e6d582117c0c2b118319e4f4a4bd35edce51/images/ovn-kubernetes-base.yml -3baa3d367651fc620dbfa50c82c14c20f988db04 2023-03-08T02:28:51+00:00 Updating ovn-kubernetes-microshift images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/724eedd015d4972b55704e41a4117c533e240935/images/ovn-kubernetes-microshift.yml -# ovn-kubernetes image-arm64 cb89e52240fe7346409589a9acae9c0106d24b03 to 9799fbc9bef06304e8195fbc4b37b2e095ec9325 +# cluster-kube-apiserver-operator embedded-component f2d9ccd2f585c57409257fae99da7f52ed6042cf to 5f038db7df7ade2f3da707394a14e391c693d25c +dc69ddf3b698821326080cecb074c0ed8899cf06 2023-03-28T18:34:20+02:00 PSA Violation alert: add ocp_namespace label +# cluster-kube-controller-manager-operator embedded-component 280c115d63367f4ede8a4e893549cdc5919e8920 to cdde94837bec1810dbad71ca070a84f212de0cbb +f226a31e90685099c832e47856c6ab9b91a7c0c4 2023-03-31T15:07:22+00:00 OCPBUGS-7440: do not degrade KCM when when monitoring stack rollout is in progress +dfaa63e6d0617f195cfc52a637df3681747a3581 2023-03-27T20:26:01+02:00 OCPBUGS-7785: migrate to using lease objects for leader election +# cluster-kube-scheduler-operator embedded-component fbc6ef4df8b0d9ea97acf9b0330d44a3a171b4fd to dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 +7c538dbf1a70bf47279c3d133bdcfe702cca7eb6 2023-03-27T20:31:17+02:00 OCPBUGS-7785: migrate to using lease objects for leader election +# cluster-network-operator embedded-component ae70394d0198a1d5a310410ba3468f38ce0522c2 to 756cae2baa82af3604fbe016eb0f776d8efaa61b +5327d1c6dd1e72fc7687bdca9fe087be9b13a49a 2023-03-27T16:54:09+00:00 use annotation daemonset to update hybrid overlay +d4f451d8ada4a53859bf7f8e92e987d849433bfa 2023-03-27T09:33:07+00:00 Add POD_NAME env to ovnkube-node +# cluster-openshift-controller-manager-operator embedded-component 7867c26e6c91e2cc279317dfc080befe63a60749 to 9a8aba8cad6491a31e743a7e366d758351482d88 +76e46aac4d10280b413ac6e3c69538ec22819657 2023-03-20T10:05:28-04:00 update vendor folder +3e88e932fea15f87c4ba30b4ff858f543d63a530 2023-03-20T10:05:19-04:00 bump(library-go) +# kubernetes embedded-component dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf to 7195e44fb36b487f275becffbf5828e2021f94d4 +0c95851f899bd4be5fcbbd78ef19eec55d91f9d3 2023-03-27T17:20:41+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: do not detach masters from lb when unready +be9f2c07315cad2be925fb27cb3dfe040dbd4171 2023-03-27T17:18:47+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: use kube-proxy based health probes by default +# machine-config-operator embedded-component a4e68fb1d5eed30d4c1b6f60e9385baf41a30bb3 to 428c2e0655c6a5fc876dad8864a5451142b5c3e2 +0e1f2424348fb1dd509f9b0f3791d67c12f27e17 2023-03-29T17:44:43+00:00 OCPBUGS-4963: Enable nodeip-configuration for vsphere upi +a0bdf3aa85bef50d7f641d59e505b46b246d789e 2023-03-29T11:02:08+00:00 remove container runtime flag +a1b2afb9ba50b5f629be1d6a8377ee507e3ae1c2 2023-03-10T16:25:36+00:00 OCPBUGS-5872: Wrap podman commands in a while loop +# ovn-kubernetes image-amd64 cb89e52240fe7346409589a9acae9c0106d24b03 to 9d94b5f604f18016e41b2ba507ae3df373800754 +7ba8af501478c9b2b5b0be7b55c5eeabcca97291 2023-03-28T17:16:25-04:00 Fix invalid peer test syntax +f61f2cd55dc003582e1096cb8915a36007539212 2023-03-28T15:15:30-04:00 Add error checking for addEventHandler calls +858872e78aa5a34ef18b89b96df29f0ddb39c1ff 2023-03-28T14:59:25-04:00 Bump K8S_VERSION to 1.26.0 for KIND setup +e582cf5b361d484e8c444800e40c22c8e684f303 2023-03-28T14:59:14-04:00 sets package update +b2bb806212b8f6e1cf8e1fe80b5d44af0b88b758 2023-03-28T14:59:06-04:00 exec.Stream deprecated +f74f2cba7d6163fbc50410e2bb55ba1b31a67ddc 2023-03-28T14:58:54-04:00 Bump K8s vendored libraries to use kube 1.26 +eb246f156fb681f9ddb8797f4f82440c4370316e 2023-03-28T08:15:44+00:00 Defer wait on startOvnKube might prevent panic crash +d2fee85be49ed478a0862daeca0a230833dc70dd 2023-03-28T08:15:43+00:00 Start master metrics server for all master instances +37336490ec3e7b71c45aa7837f3bb1c482e35068 2023-03-28T08:15:43+00:00 Single leader election +363b633d1180c4e43f82fdb49f9b384aee7f9a4e 2023-03-28T08:15:42+00:00 Fix NAD controller Stop +34eb56293928264919eb9e817eddaf62321a9370 2023-03-23T17:39:12+01:00 Optimize egress firewall cleanup to only select switches that have stale acls. +7fb527e1eb9b511981cb51be6b79901e4aedbd2f 2023-03-23T17:38:41+01:00 Batch potentially big transaction on egress firewall ACLs migration. The default transaction timeout is 10 seconds, it can be reached when we delete all egress firewall acls during migration to port groups from switches. 74f95e997d116f572b64c7cf7775d483aeed86d1 2023-03-23T17:14:38+01:00 fix multiple error aggregation: `errors.Wrapf` always returns nil if the first argument is nil. 362fa553d572b418f5b305b9c8fb68eb1a4e13cc 2023-03-23T17:14:26+01:00 Fix egress firewall unit tests gatewayMode setup update "egress firewall with node selector updates during node update" to work for both gateway modes. 2e3d170c179fc806bfebbdaf1bab3f606a562ecf 2023-03-23T17:14:18+01:00 Egress firewall creation error was overridden by the status update error and never returned. That would prevent retry on failure. +# kubernetes image-amd64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf to 7195e44fb36b487f275becffbf5828e2021f94d4 +0c95851f899bd4be5fcbbd78ef19eec55d91f9d3 2023-03-27T17:20:41+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: do not detach masters from lb when unready +be9f2c07315cad2be925fb27cb3dfe040dbd4171 2023-03-27T17:18:47+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: use kube-proxy based health probes by default +# ovn-kubernetes image-arm64 9799fbc9bef06304e8195fbc4b37b2e095ec9325 to 9b3dfbb7fa73f07e936bf6e610ab31af2db94926 +eb246f156fb681f9ddb8797f4f82440c4370316e 2023-03-28T08:15:44+00:00 Defer wait on startOvnKube might prevent panic crash +d2fee85be49ed478a0862daeca0a230833dc70dd 2023-03-28T08:15:43+00:00 Start master metrics server for all master instances +37336490ec3e7b71c45aa7837f3bb1c482e35068 2023-03-28T08:15:43+00:00 Single leader election +363b633d1180c4e43f82fdb49f9b384aee7f9a4e 2023-03-28T08:15:42+00:00 Fix NAD controller Stop +34eb56293928264919eb9e817eddaf62321a9370 2023-03-23T17:39:12+01:00 Optimize egress firewall cleanup to only select switches that have stale acls. +7fb527e1eb9b511981cb51be6b79901e4aedbd2f 2023-03-23T17:38:41+01:00 Batch potentially big transaction on egress firewall ACLs migration. The default transaction timeout is 10 seconds, it can be reached when we delete all egress firewall acls during migration to port groups from switches. diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 765ea5d74a..1f802be788 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,14 +1,14 @@ https://github.com/openshift/cluster-dns-operator embedded-component d96022a4d0d091955d73e7e99fc8cc81db56c86a https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c551de22016dc2b6c87ca11ef4ac2be04d -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component f2d9ccd2f585c57409257fae99da7f52ed6042cf -https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 280c115d63367f4ede8a4e893549cdc5919e8920 -https://github.com/openshift/cluster-kube-scheduler-operator embedded-component fbc6ef4df8b0d9ea97acf9b0330d44a3a171b4fd -https://github.com/openshift/cluster-network-operator embedded-component ae70394d0198a1d5a310410ba3468f38ce0522c2 -https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 7867c26e6c91e2cc279317dfc080befe63a60749 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c +https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb +https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 +https://github.com/openshift/cluster-network-operator embedded-component 756cae2baa82af3604fbe016eb0f776d8efaa61b +https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -https://github.com/openshift/kubernetes embedded-component dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf -https://github.com/openshift/machine-config-operator embedded-component a4e68fb1d5eed30d4c1b6f60e9385baf41a30bb3 +https://github.com/openshift/kubernetes embedded-component 7195e44fb36b487f275becffbf5828e2021f94d4 +https://github.com/openshift/machine-config-operator embedded-component 428c2e0655c6a5fc876dad8864a5451142b5c3e2 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a @@ -16,13 +16,13 @@ https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-amd64 cb89e52240fe7346409589a9acae9c0106d24b03 -https://github.com/openshift/kubernetes image-amd64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf +https://github.com/openshift/ovn-kubernetes image-amd64 9d94b5f604f18016e41b2ba507ae3df373800754 +https://github.com/openshift/kubernetes image-amd64 7195e44fb36b487f275becffbf5828e2021f94d4 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-arm64 9799fbc9bef06304e8195fbc4b37b2e095ec9325 +https://github.com/openshift/ovn-kubernetes image-arm64 9b3dfbb7fa73f07e936bf6e610ab31af2db94926 https://github.com/openshift/kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index cfe7f2e488..4d2fcec894 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-03-28-014156" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-28-131444" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-01-062001" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-30-050636" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/k8s.io/legacy-cloud-providers/azure/azure.go b/vendor/k8s.io/legacy-cloud-providers/azure/azure.go index 461ef3171c..ab90c5a443 100644 --- a/vendor/k8s.io/legacy-cloud-providers/azure/azure.go +++ b/vendor/k8s.io/legacy-cloud-providers/azure/azure.go @@ -858,7 +858,7 @@ func (az *Cloud) updateNodeCaches(prevNode, newNode *v1.Node) { case hasExcludeBalancerLabel: az.excludeLoadBalancerNodes.Insert(newNode.ObjectMeta.Name) - case !isNodeReady(newNode) && getCloudTaint(newNode.Spec.Taints) == nil: + case !isNodeReady(newNode) && !isNodeMaster(newNode) && getCloudTaint(newNode.Spec.Taints) == nil: // If not in ready state and not a newly created node, add to excludeLoadBalancerNodes cache. // New nodes (tainted with "node.cloudprovider.kubernetes.io/uninitialized") should not be // excluded from load balancers regardless of their state, so as to reduce the number of @@ -1005,6 +1005,17 @@ func isNodeReady(node *v1.Node) bool { return false } +func isNodeMaster(node *v1.Node) bool { + labels := node.GetLabels() + for l := range labels { + if l == "node-role.kubernetes.io/master" || l == "node-role.kubernetes.io/control-plane" { + return true + } + } + + return false +} + func getCloudTaint(taints []v1.Taint) *v1.Taint { for _, taint := range taints { if taint.Key == cloudproviderapi.TaintExternalCloudProvider { diff --git a/vendor/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go b/vendor/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go index 13246826f6..dadaf174d6 100644 --- a/vendor/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go +++ b/vendor/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer.go @@ -123,6 +123,12 @@ const ( serviceUsingDNSKey = "kubernetes-dns-label-service" defaultLoadBalancerSourceRanges = "0.0.0.0/0" + + // NOTE: Please keep the following port in sync with ProxyHealthzPort in k/k pkg/cluster/ports/ports.go + // ports.ProxyHealthzPort was not used here to avoid dependencies to k8s.io/kubernetes in the + // GCE cloud provider which is required as part of the out-of-tree cloud provider efforts. + // TODO: use a shared constant once ports in pkg/cluster/ports are in a common external repo. + lbNodesHealthCheckPort = 10256 ) // GetLoadBalancer returns whether the specified load balancer and its components exist, and @@ -1642,7 +1648,7 @@ func (az *Cloud) reconcileLoadBalancerRule( lbRuleName := az.getLoadBalancerRuleName(service, port.Protocol, port.Port) klog.V(2).Infof("reconcileLoadBalancerRule lb name (%s) rule name (%s)", lbName, lbRuleName) - transportProto, _, probeProto, err := getProtocolsFromKubernetesProtocol(port.Protocol) + transportProto, _, _, err := getProtocolsFromKubernetesProtocol(port.Protocol) if err != nil { return expectedProbes, expectedRules, err } @@ -1670,24 +1676,34 @@ func (az *Cloud) reconcileLoadBalancerRule( }, }) } else if port.Protocol != v1.ProtocolUDP && port.Protocol != v1.ProtocolSCTP { - // we only add the expected probe if we're doing TCP + var actualPath *string + probePort := port.NodePort + if probeProtocol == "" { - probeProtocol = string(*probeProto) + // If no protocol is specified we want to fall back to HTTP + // as we want to leverage kube-proxy's HTTP health endpoint + // unless otherwise specified. + probeProtocol = string(network.ProbeProtocolHTTP) } - var actualPath *string + if !strings.EqualFold(probeProtocol, string(network.ProbeProtocolTCP)) { + // In case this is not TCP, instead of using NodePort, we want to probe against + // kube-proxy's HTTP health endpoint which, unless otherwise specified, + // is available at port lbNodesHealthCheckPort and /healthz path. + probePort = lbNodesHealthCheckPort if requestPath != "" { actualPath = to.StringPtr(requestPath) } else { actualPath = to.StringPtr("/healthz") } } + expectedProbes = append(expectedProbes, network.Probe{ Name: &lbRuleName, ProbePropertiesFormat: &network.ProbePropertiesFormat{ Protocol: network.ProbeProtocol(probeProtocol), RequestPath: actualPath, - Port: to.Int32Ptr(port.NodePort), + Port: to.Int32Ptr(probePort), IntervalInSeconds: to.Int32Ptr(5), NumberOfProbes: to.Int32Ptr(2), }, diff --git a/vendor/modules.txt b/vendor/modules.txt index 82d80ab82c..678249acba 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 -# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 @@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3048,7 +3048,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -3091,7 +3091,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3106,10 +3106,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b ## explicit; go 1.19 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3252,33 +3252,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230320215851-dc93b13d1f65 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230320215851-dc93b13d1f65 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b From 620c1df45d3fff6ea166eaa642262e16a6020784 Mon Sep 17 00:00:00 2001 From: Scott Dodson <sdodson@redhat.com> Date: Tue, 4 Apr 2023 10:42:48 -0400 Subject: [PATCH 49/79] RPM: Match build and install time min versions --- packaging/rpm/microshift.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index aadce55a1b..5211608de5 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -81,7 +81,7 @@ BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} Requires: container-selinux >= %{container_policy_epoch}:%{container_policyver} BuildArch: noarch -%{?selinux_requires} +Requires: selinux-policy >= %{selinux_policyver} %description selinux The microshift-selinux package provides the SELinux policy modules required by MicroShift. From 6c7b4b852252f493538bd1cf8fd6cf3f95775f16 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Mon, 6 Mar 2023 09:06:55 -0500 Subject: [PATCH 50/79] OCPBUGS-8329: update sysconfwatch-controller logging There is no need to log the gateway IP address every time we look it up, so only log it when it changes. This is somewhat redundant to the logic in the controller itself, but the IP returned from GetHostIP() is not always the gateway IP and GetHostIP() may have other callers. This change also rewords another log message related to how the host IP is being selected to make it clear what effect the failure to find a default route has on the outcome. --- pkg/util/net.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/util/net.go b/pkg/util/net.go index a73bfcae0a..c984299855 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -32,19 +32,24 @@ import ( "k8s.io/klog/v2" ) +var previousGatewayIP string = "" + func GetHostIP() (string, error) { // Prefer OVN-K gateway IP if it is the CNI gatewayIP, err := ovn.GetOVNGatewayIP() if err != nil && !strings.Contains(err.Error(), "no such network interface") { return "", err } - klog.V(2).Infof("ovn gateway IP address: %s", gatewayIP) + if gatewayIP != previousGatewayIP { + previousGatewayIP = gatewayIP + klog.V(2).Infof("ovn gateway IP address: %s", gatewayIP) + } ip, err := net.ChooseHostInterface() if err == nil { return ip.String(), nil } - klog.V(2).Infof("failed to find default route IP address: %v", err) + klog.V(2).Infof("could not find default route IP address, using ovn gateway IP %q as host IP: %v", gatewayIP, err) return gatewayIP, nil } From 0062a8f706207ba111928e93e701bb565b91c696 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Mon, 10 Apr 2023 03:18:08 -0400 Subject: [PATCH 51/79] rebase-4.13.0-0.nightly-2023-04-06-060829_amd64-2023-04-06_arm64-2023-04-06 (#1632) * update last_rebase.sh * update changelog * update component images * update manifests --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- assets/release/release-aarch64.json | 16 +++--- assets/release/release-x86_64.json | 4 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 55 +++++++-------------- scripts/auto-rebase/commits.txt | 8 +-- scripts/auto-rebase/last_rebase.sh | 2 +- 6 files changed, 33 insertions(+), 54 deletions(-) diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 66732778f3..de8bf7cb0d 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-03-30-050636" + "base": "4.13.0-0.nightly-arm64-2023-04-06-230659" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c21b0f23ef9874150f91f6a4db29770008d9dbaefa03574733dcadf8ad62947", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bf3a374408dba3051947f141411f1a39b76a007ad1d4c00d68f0f6566c219ba1", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:95b51ae3818ee76d65b6c907bf5f86d7edb4f5f5b4a8a2ffce329ff53aedcadf", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:801526ea5132128e271ac6722602adecc7c1934a42f4ba05dbe1d841b4312a7d", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c9ce8d0fd1ca92ccca5a4cad3466241595e621c5d85fa3c511a53d448e45f7e", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0a80d78e13a543dcacd826904cd1b882d093f60d7014d585b45212e0ec88aaa1", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e8d48a2365ae185e8676c8ec52bf449360411e84d46de41c5e3798ddcbfe7d94", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f60a54ff8d67382fa7e89e0a0841e1f6c0e7a68261f94a093c881e39f03979d6", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4bc63e2ea6e8ecdd5bbf4002d9afde7b622811eb35e331a8aaa39c488619dd3c", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5d00d6a62fc6d9885dbb941bfdbebdd19903e132395d8ccba6a89ca4ef65468d", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9cc299ed655f2000dbea2c17bd9b510e0c3f9bef67bbc9a208cd6744e87f9464", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 794bb025da..692431d348 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-01-062001" + "base": "4.13.0-0.nightly-2023-04-06-060829" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", @@ -8,7 +8,7 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:343f6fdc5a63b904ec329020977cbbfcce7035893e5a1cc37388d77f5e7e7a15", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:665cec0f63b8529c7d58bb8dc50073fccf86c959565958a8e9448c497e6d2cfd", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d521321f42c2570112569f63e12c972df80e328c4cb37bf17061928db41b95fd", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c39dfe34ed175b0f816f73fa9f6d51ae972dd9d73122ed3e4c99f7026bd5272d", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 5ce75debbd..ae9863ab6e 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f60a54ff8d67382fa7e89e0a0841e1f6c0e7a68261f94a093c881e39f03979d6" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9cc299ed655f2000dbea2c17bd9b510e0c3f9bef67bbc9a208cd6744e87f9464" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index ef72fa09ea..40ef8fc4cf 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,46 +1,25 @@ -# cluster-kube-apiserver-operator embedded-component f2d9ccd2f585c57409257fae99da7f52ed6042cf to 5f038db7df7ade2f3da707394a14e391c693d25c -dc69ddf3b698821326080cecb074c0ed8899cf06 2023-03-28T18:34:20+02:00 PSA Violation alert: add ocp_namespace label -# cluster-kube-controller-manager-operator embedded-component 280c115d63367f4ede8a4e893549cdc5919e8920 to cdde94837bec1810dbad71ca070a84f212de0cbb -f226a31e90685099c832e47856c6ab9b91a7c0c4 2023-03-31T15:07:22+00:00 OCPBUGS-7440: do not degrade KCM when when monitoring stack rollout is in progress -dfaa63e6d0617f195cfc52a637df3681747a3581 2023-03-27T20:26:01+02:00 OCPBUGS-7785: migrate to using lease objects for leader election -# cluster-kube-scheduler-operator embedded-component fbc6ef4df8b0d9ea97acf9b0330d44a3a171b4fd to dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 -7c538dbf1a70bf47279c3d133bdcfe702cca7eb6 2023-03-27T20:31:17+02:00 OCPBUGS-7785: migrate to using lease objects for leader election -# cluster-network-operator embedded-component ae70394d0198a1d5a310410ba3468f38ce0522c2 to 756cae2baa82af3604fbe016eb0f776d8efaa61b -5327d1c6dd1e72fc7687bdca9fe087be9b13a49a 2023-03-27T16:54:09+00:00 use annotation daemonset to update hybrid overlay -d4f451d8ada4a53859bf7f8e92e987d849433bfa 2023-03-27T09:33:07+00:00 Add POD_NAME env to ovnkube-node -# cluster-openshift-controller-manager-operator embedded-component 7867c26e6c91e2cc279317dfc080befe63a60749 to 9a8aba8cad6491a31e743a7e366d758351482d88 -76e46aac4d10280b413ac6e3c69538ec22819657 2023-03-20T10:05:28-04:00 update vendor folder -3e88e932fea15f87c4ba30b4ff858f543d63a530 2023-03-20T10:05:19-04:00 bump(library-go) -# kubernetes embedded-component dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf to 7195e44fb36b487f275becffbf5828e2021f94d4 -0c95851f899bd4be5fcbbd78ef19eec55d91f9d3 2023-03-27T17:20:41+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: do not detach masters from lb when unready -be9f2c07315cad2be925fb27cb3dfe040dbd4171 2023-03-27T17:18:47+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: use kube-proxy based health probes by default -# machine-config-operator embedded-component a4e68fb1d5eed30d4c1b6f60e9385baf41a30bb3 to 428c2e0655c6a5fc876dad8864a5451142b5c3e2 -0e1f2424348fb1dd509f9b0f3791d67c12f27e17 2023-03-29T17:44:43+00:00 OCPBUGS-4963: Enable nodeip-configuration for vsphere upi -a0bdf3aa85bef50d7f641d59e505b46b246d789e 2023-03-29T11:02:08+00:00 remove container runtime flag -a1b2afb9ba50b5f629be1d6a8377ee507e3ae1c2 2023-03-10T16:25:36+00:00 OCPBUGS-5872: Wrap podman commands in a while loop -# ovn-kubernetes image-amd64 cb89e52240fe7346409589a9acae9c0106d24b03 to 9d94b5f604f18016e41b2ba507ae3df373800754 +# cluster-network-operator embedded-component 756cae2baa82af3604fbe016eb0f776d8efaa61b to 14d77982b2de583913a2b8c0b885c32cfe6362ba +ee27f7576645894248381bdfe4834fc6393fc365 2023-04-02T02:48:12+00:00 Split out konnectivity certs +422bc3abaa833a98ec965e33e029b84df072f742 2023-03-30T16:23:59+00:00 pin k8s.io/apimachinery for 1.26_rebase +30f5a8bbbdb02c50bd397359cedb7bb54614f5b1 2023-03-30T16:23:59+00:00 Fix kube-proxy related breakages for 1.26 rebase +e95af93a0ad01bbe902e8a66d4c7b2a9e2e8d0fd 2023-03-30T16:23:59+00:00 unpin konnectivity-client and cluster-api for 1.26_rebase +6ac981ebe9aacd7a91760ff0620754f672cca9a4 2023-03-30T16:23:59+00:00 update go from 1.18 to 1.19 for 1.26_rebase +9621a1634824beadea285d79abe2a2b6502cca13 2023-03-30T16:23:59+00:00 go get/tidy/vendor for 1.26_rebase +# ovn-kubernetes image-amd64 9d94b5f604f18016e41b2ba507ae3df373800754 to 159a714da138391477024d824fd56b5e65083000 +7d2f340271383ac2c597e1bdbcad96988e0069f9 2023-04-03T12:02:01+02:00 Don't call `addEgressFirewallRules` when no rules need to be updated, otherwise ALL egress firewall ACLs will be updated. +554be4b5cb45f7a747ad78169e77f4c570bf6eb0 2023-04-03T11:59:23+02:00 Add e2e test for network policy hairpinned connections. +5dd299e9e58a3954438d581e334254ff6a6b3bf4 2023-04-03T11:59:14+02:00 always allow hairpinned traffic, since it should be the same as pod connecting to its own ip. That allows to remove hairpinned match condition for ingress network policies and reduce the number of ovs flows. +# ovn-kubernetes image-arm64 9b3dfbb7fa73f07e936bf6e610ab31af2db94926 to 159a714da138391477024d824fd56b5e65083000 +7d2f340271383ac2c597e1bdbcad96988e0069f9 2023-04-03T12:02:01+02:00 Don't call `addEgressFirewallRules` when no rules need to be updated, otherwise ALL egress firewall ACLs will be updated. +554be4b5cb45f7a747ad78169e77f4c570bf6eb0 2023-04-03T11:59:23+02:00 Add e2e test for network policy hairpinned connections. +5dd299e9e58a3954438d581e334254ff6a6b3bf4 2023-04-03T11:59:14+02:00 always allow hairpinned traffic, since it should be the same as pod connecting to its own ip. That allows to remove hairpinned match condition for ingress network policies and reduce the number of ovs flows. 7ba8af501478c9b2b5b0be7b55c5eeabcca97291 2023-03-28T17:16:25-04:00 Fix invalid peer test syntax f61f2cd55dc003582e1096cb8915a36007539212 2023-03-28T15:15:30-04:00 Add error checking for addEventHandler calls 858872e78aa5a34ef18b89b96df29f0ddb39c1ff 2023-03-28T14:59:25-04:00 Bump K8S_VERSION to 1.26.0 for KIND setup e582cf5b361d484e8c444800e40c22c8e684f303 2023-03-28T14:59:14-04:00 sets package update b2bb806212b8f6e1cf8e1fe80b5d44af0b88b758 2023-03-28T14:59:06-04:00 exec.Stream deprecated f74f2cba7d6163fbc50410e2bb55ba1b31a67ddc 2023-03-28T14:58:54-04:00 Bump K8s vendored libraries to use kube 1.26 -eb246f156fb681f9ddb8797f4f82440c4370316e 2023-03-28T08:15:44+00:00 Defer wait on startOvnKube might prevent panic crash -d2fee85be49ed478a0862daeca0a230833dc70dd 2023-03-28T08:15:43+00:00 Start master metrics server for all master instances -37336490ec3e7b71c45aa7837f3bb1c482e35068 2023-03-28T08:15:43+00:00 Single leader election -363b633d1180c4e43f82fdb49f9b384aee7f9a4e 2023-03-28T08:15:42+00:00 Fix NAD controller Stop -34eb56293928264919eb9e817eddaf62321a9370 2023-03-23T17:39:12+01:00 Optimize egress firewall cleanup to only select switches that have stale acls. -7fb527e1eb9b511981cb51be6b79901e4aedbd2f 2023-03-23T17:38:41+01:00 Batch potentially big transaction on egress firewall ACLs migration. The default transaction timeout is 10 seconds, it can be reached when we delete all egress firewall acls during migration to port groups from switches. -74f95e997d116f572b64c7cf7775d483aeed86d1 2023-03-23T17:14:38+01:00 fix multiple error aggregation: `errors.Wrapf` always returns nil if the first argument is nil. -362fa553d572b418f5b305b9c8fb68eb1a4e13cc 2023-03-23T17:14:26+01:00 Fix egress firewall unit tests gatewayMode setup update "egress firewall with node selector updates during node update" to work for both gateway modes. -2e3d170c179fc806bfebbdaf1bab3f606a562ecf 2023-03-23T17:14:18+01:00 Egress firewall creation error was overridden by the status update error and never returned. That would prevent retry on failure. -# kubernetes image-amd64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf to 7195e44fb36b487f275becffbf5828e2021f94d4 +# kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf to 22308ca177342eb6820b95e0cad1142e385ef4c9 0c95851f899bd4be5fcbbd78ef19eec55d91f9d3 2023-03-27T17:20:41+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: do not detach masters from lb when unready be9f2c07315cad2be925fb27cb3dfe040dbd4171 2023-03-27T17:18:47+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: use kube-proxy based health probes by default -# ovn-kubernetes image-arm64 9799fbc9bef06304e8195fbc4b37b2e095ec9325 to 9b3dfbb7fa73f07e936bf6e610ab31af2db94926 -eb246f156fb681f9ddb8797f4f82440c4370316e 2023-03-28T08:15:44+00:00 Defer wait on startOvnKube might prevent panic crash -d2fee85be49ed478a0862daeca0a230833dc70dd 2023-03-28T08:15:43+00:00 Start master metrics server for all master instances -37336490ec3e7b71c45aa7837f3bb1c482e35068 2023-03-28T08:15:43+00:00 Single leader election -363b633d1180c4e43f82fdb49f9b384aee7f9a4e 2023-03-28T08:15:42+00:00 Fix NAD controller Stop -34eb56293928264919eb9e817eddaf62321a9370 2023-03-23T17:39:12+01:00 Optimize egress firewall cleanup to only select switches that have stale acls. -7fb527e1eb9b511981cb51be6b79901e4aedbd2f 2023-03-23T17:38:41+01:00 Batch potentially big transaction on egress firewall ACLs migration. The default transaction timeout is 10 seconds, it can be reached when we delete all egress firewall acls during migration to port groups from switches. +582c77525a5a6928e9164b389487b86496332c3e 2022-12-07T15:36:23+00:00 UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/openshift-enterprise-pod.yml diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 1f802be788..c7d6489495 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -3,7 +3,7 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 -https://github.com/openshift/cluster-network-operator embedded-component 756cae2baa82af3604fbe016eb0f776d8efaa61b +https://github.com/openshift/cluster-network-operator embedded-component 14d77982b2de583913a2b8c0b885c32cfe6362ba https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d @@ -16,13 +16,13 @@ https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-amd64 9d94b5f604f18016e41b2ba507ae3df373800754 +https://github.com/openshift/ovn-kubernetes image-amd64 159a714da138391477024d824fd56b5e65083000 https://github.com/openshift/kubernetes image-amd64 7195e44fb36b487f275becffbf5828e2021f94d4 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-arm64 9b3dfbb7fa73f07e936bf6e610ab31af2db94926 -https://github.com/openshift/kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf +https://github.com/openshift/ovn-kubernetes image-arm64 159a714da138391477024d824fd56b5e65083000 +https://github.com/openshift/kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 4d2fcec894..e520469f37 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-01-062001" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-03-30-050636" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-06-060829" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-06-230659" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From daa3cfc959f516c80884cd0f4b33df76edfa540c Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili <ggiguash@redhat.com> Date: Mon, 10 Apr 2023 11:04:59 +0000 Subject: [PATCH 52/79] Explicitly install runc before building ISO images --- scripts/image-builder/configure.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/image-builder/configure.sh b/scripts/image-builder/configure.sh index 97292a7c29..6d1dbaf1f9 100755 --- a/scripts/image-builder/configure.sh +++ b/scripts/image-builder/configure.sh @@ -45,7 +45,7 @@ EOF } sudo dnf install -y git osbuild-composer composer-cli ostree rpm-ostree \ - cockpit-composer cockpit-machines bash-completion podman genisoimage \ + cockpit-composer cockpit-machines bash-completion podman runc genisoimage \ createrepo yum-utils selinux-policy-devel jq wget lorax rpm-build \ containernetworking-plugins From 8eeed0d28b29bb78130e1371847ac9ec6119fb66 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <dhellmann@redhat.com> Date: Thu, 6 Apr 2023 16:35:52 -0400 Subject: [PATCH 53/79] OCPBUGS-11512: remove unused function in rebase script --- scripts/auto-rebase/rebase.sh | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/scripts/auto-rebase/rebase.sh b/scripts/auto-rebase/rebase.sh index 31a43d154d..35d6c425c3 100755 --- a/scripts/auto-rebase/rebase.sh +++ b/scripts/auto-rebase/rebase.sh @@ -180,26 +180,6 @@ update_lvms_manifests() { done } -update_release_go() { - local src=$1 - local arch=$2 - - case "$arch" in - amd64|x86_64) release_file="${REPOROOT}/pkg/assets/release-x86_64.json" ;; - arm64|aarch64) release_file="${REPOROOT}/pkg/assets/release-aarch64.json" ;; - esac - - local staged_release - staged_release="$(mktemp -d)/$(basename "$release_file")" - cp "$release_file" "${staged_release}" || return 1 - # shellcheck disable=SC2155 - local images - images="$(parse_images "$src")" || return 1 - while IFS=' ' read -r line; do - yq '.images['""']' - done <"$images" - cp -f "$staged_release" "$release_file" || return 1 -} # Clone a repo at a commit clone_repo() { local repo="$1" From fdd3fb3dc7ab4c2ffaa7d3e43766c11c70456fa1 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <dhellmann@redhat.com> Date: Thu, 6 Apr 2023 16:36:59 -0400 Subject: [PATCH 54/79] OCPBUGS-11512: during build, read version info from variable file Avoid using jq during the actual build. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9139cf71c4..52fde4cf41 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ export BIN_TIMESTAMP ?=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') export TIMESTAMP ?=$(shell echo $(BIN_TIMESTAMP) | tr -d ':' | tr 'T' '-' | tr -d 'Z') SOURCE_GIT_COMMIT_TIMESTAMP ?= $(shell TZ=UTC0 git show --quiet --date='format-local:%Y%m%d%H%M%S' --format="%cd") -OCP_VERSION := $(shell jq -r '.release.base' ${PROJECT_DIR}/assets/release/release-$(shell uname -i).json) +include Makefile.version.$(shell uname -i).var MICROSHIFT_VERSION ?= $(subst -clean,,$(shell echo '${OCP_VERSION}-${SOURCE_GIT_COMMIT_TIMESTAMP}-${SOURCE_GIT_COMMIT}-${SOURCE_GIT_TREE_STATE}')) # Overload SOURCE_GIT_TAG value set in vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk From 09cb497dc9080740c3d7a5e492196cd93dfd2417 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <dhellmann@redhat.com> Date: Thu, 6 Apr 2023 16:36:23 -0400 Subject: [PATCH 55/79] OCPBUGS-11512: during rebase, write version info to variable files for make --- scripts/auto-rebase/rebase.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/scripts/auto-rebase/rebase.sh b/scripts/auto-rebase/rebase.sh index 35d6c425c3..1fc56132a5 100755 --- a/scripts/auto-rebase/rebase.sh +++ b/scripts/auto-rebase/rebase.sh @@ -774,6 +774,24 @@ update_openshift_manifests() { popd >/dev/null } +update_version_makefile() { + local arch="$1" + local uname_i="$2" + + local release_file + case "$arch" in + amd64|x86_64) release_file="${REPOROOT}/assets/release/release-x86_64.json" ;; + arm64|aarch64) release_file="${REPOROOT}/assets/release/release-aarch64.json" ;; + esac + + local -r version_makefile="${REPOROOT}/Makefile.version.${uname_i}.var" + local -r ocp_version=$(jq -r '.release.base' "$release_file") + + cat <<EOF > "$version_makefile" +OCP_VERSION := ${ocp_version} +EOF +} + # Updates buildfiles like the Makefile update_buildfiles() { KUBE_ROOT="${STAGING_DIR}/kubernetes" @@ -796,6 +814,9 @@ KUBE_GIT_TREE_STATE=${KUBE_GIT_TREE_STATE-} EOF popd >/dev/null + + update_version_makefile amd64 x86_64 + update_version_makefile arm64 aarch64 } From 75aabdab2d374447bbfcb5b4e8165a92919aba80 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <dhellmann@redhat.com> Date: Mon, 10 Apr 2023 11:01:51 -0400 Subject: [PATCH 56/79] update buildfiles --- Makefile.version.aarch64.var | 1 + Makefile.version.x86_64.var | 1 + 2 files changed, 2 insertions(+) create mode 100644 Makefile.version.aarch64.var create mode 100644 Makefile.version.x86_64.var diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var new file mode 100644 index 0000000000..7a744597fb --- /dev/null +++ b/Makefile.version.aarch64.var @@ -0,0 +1 @@ +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-06-230659 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var new file mode 100644 index 0000000000..a34e165bd7 --- /dev/null +++ b/Makefile.version.x86_64.var @@ -0,0 +1 @@ +OCP_VERSION := 4.13.0-0.nightly-2023-04-06-060829 From 373392ce808c9be7a1c009713aa1fab8ccfc7ffe Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Tue, 11 Apr 2023 04:24:19 -0400 Subject: [PATCH 57/79] rebase-4.13.0-0.nightly-2023-04-10-162321_amd64-2023-04-10_arm64-2023-04-10 (#1654) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update etcd/go.mod * update etcd/vendor * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.kube_git.var | 2 +- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- assets/release/release-aarch64.json | 4 +- assets/release/release-x86_64.json | 6 +- etcd/go.mod | 58 ++++----- etcd/go.sum | 24 ++-- .../openshift/microshift/pkg/util/net.go | 9 +- etcd/vendor/modules.txt | 70 +++++------ go.mod | 60 +++++----- go.sum | 102 ++++++++-------- packaging/crio.conf.d/microshift_amd64.conf | 2 +- scripts/auto-rebase/changelog.txt | 45 ++++--- scripts/auto-rebase/commits.txt | 12 +- scripts/auto-rebase/last_rebase.sh | 2 +- vendor/modules.txt | 110 +++++++++--------- 16 files changed, 256 insertions(+), 254 deletions(-) diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 1fbe2da6db..54c6020a31 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=7195e44fb36b487f275becffbf5828e2021f94d4 +KUBE_GIT_COMMIT=22308ca177342eb6820b95e0cad1142e385ef4c9 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 7a744597fb..36c53b268b 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-06-230659 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-10-150453 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index a34e165bd7..ee96e94866 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-06-060829 +OCP_VERSION := 4.13.0-0.nightly-2023-04-10-162321 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index de8bf7cb0d..16392a97fa 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-06-230659" + "base": "4.13.0-0.nightly-arm64-2023-04-10-150453" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", @@ -8,7 +8,7 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0a80d78e13a543dcacd826904cd1b882d093f60d7014d585b45212e0ec88aaa1", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5d00d6a62fc6d9885dbb941bfdbebdd19903e132395d8ccba6a89ca4ef65468d", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1975f0114a0a5038bee615011e2c2e145dc1df230c7192f8e5ea0b04b0d43f17", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9cc299ed655f2000dbea2c17bd9b510e0c3f9bef67bbc9a208cd6744e87f9464", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 692431d348..b1360179b2 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-06-060829" + "base": "4.13.0-0.nightly-2023-04-10-162321" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:343f6fdc5a63b904ec329020977cbbfcce7035893e5a1cc37388d77f5e7e7a15", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d521321f42c2570112569f63e12c972df80e328c4cb37bf17061928db41b95fd", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c39dfe34ed175b0f816f73fa9f6d51ae972dd9d73122ed3e4c99f7026bd5272d", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1861b0afe90f7cd3efc8f9b0ba0b96095f033ed06625179efee2dfff852ddeb7", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b0e8a15e2f026df1562094d6e6a0e4bd38f2961a23e8fd745c07aad5bd3506", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/etcd/go.mod b/etcd/go.mod index 494e9ac658..2b19777e9a 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 0f81bd2e27..c207af9bcf 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b h1:xTsEOcBuimHVQRDbX/o4e6X4AqstVSi3Loo99EFfSRI= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b h1:mbMIc1jxKj2ViSqc3Gxj2lIbF8RyWbx+zwT8q31w0P4= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b h1:7t/Y8yxVuGwnTBSsfQTcUbTCJAQNHDA1FCE4ctGsGMU= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b h1:DpqYztNyMocHfqt3tnj9WZmU5zOl4ptmbQSuwLXaDhw= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b h1:M19Saufssg/9UbDEL5x2rnQ2MmL+cxCZ4PSsmKbhq+0= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b h1:6KK8gXoJVJ4kAdpMgufNyZSbdeGXkKWMF13E0Db99F4= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 h1:s99uJuI5loVBCkKSw0Dkj9L13VMwKL7Ta+JLG8FtBBQ= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 h1:MlTHbmL38HE4BAbELctXFwL+9Jv/3+m1PGy8W8MD0Tg= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 h1:HlS9uPiL6kN4xnZZuLYGytRF/w3KK2+xDMnhvGS/EbU= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 h1:25nnUQm6ZBHsrG2tYlSVNA+wGpOxdyKoTCgbektQLjs= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 h1:pzU8IbnD8pBk++oa8vM3nP/VCBYlKlbqfwUW+JUjAoU= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 h1:LvC/0o72wZIU700/mdKgJnZS+CB/9Dpmi4+GurxcsAk= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go b/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go index a73bfcae0a..c984299855 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/util/net.go @@ -32,19 +32,24 @@ import ( "k8s.io/klog/v2" ) +var previousGatewayIP string = "" + func GetHostIP() (string, error) { // Prefer OVN-K gateway IP if it is the CNI gatewayIP, err := ovn.GetOVNGatewayIP() if err != nil && !strings.Contains(err.Error(), "no such network interface") { return "", err } - klog.V(2).Infof("ovn gateway IP address: %s", gatewayIP) + if gatewayIP != previousGatewayIP { + previousGatewayIP = gatewayIP + klog.V(2).Infof("ovn gateway IP address: %s", gatewayIP) + } ip, err := net.ChooseHostInterface() if err == nil { return ip.String(), nil } - klog.V(2).Infof("failed to find default route IP address: %v", err) + klog.V(2).Infof("could not find default route IP address, using ovn gateway IP %q as host IP: %v", gatewayIP, err) return gatewayIP, nil } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 1326b0a132..d9a83b4f43 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -998,32 +998,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 diff --git a/go.mod b/go.mod index 84b010a7fa..89c6f87321 100644 --- a/go.mod +++ b/go.mod @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 // from kubernetes ) diff --git a/go.sum b/go.sum index b0e8160855..c7cfbfaaab 100644 --- a/go.sum +++ b/go.sum @@ -608,57 +608,57 @@ github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qY github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b h1:6Nc1Ecx7jY7c2tboM/2tq4Cf6qPZ5oHQJp45+d3JMwU= -github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b h1:xTsEOcBuimHVQRDbX/o4e6X4AqstVSi3Loo99EFfSRI= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b h1:1p9ENfcAhgoYu3JXDFAKLoMql8Xis+JkTKbTyT7e92M= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b h1:mbMIc1jxKj2ViSqc3Gxj2lIbF8RyWbx+zwT8q31w0P4= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b h1:7F5PdsTBYiIYtNvLqaPKNVUxREQJ60eY7aKrdAN8loA= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b h1:7t/Y8yxVuGwnTBSsfQTcUbTCJAQNHDA1FCE4ctGsGMU= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b h1:DpqYztNyMocHfqt3tnj9WZmU5zOl4ptmbQSuwLXaDhw= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b h1:Qpm5uEZg6d6FA0Qh0xCwnEyO/jN3h8Poe7jUG4hl5d4= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b h1:3ejJJqDb9Qm6Buxt7mCkySWCuxtSJrfRZVC6n5LPajM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b h1:M19Saufssg/9UbDEL5x2rnQ2MmL+cxCZ4PSsmKbhq+0= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b h1:cQytvyEgwC/GCqbE6XQ5hajPItyWydGOSB1vkiYGmGY= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b h1:qGS03sU7xxElqQRs85DZdHFKL8Uht+35ARXG8uLPafI= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b h1:GaP2oWuZH3B1GkRwK4k7ofWu7ORwFUrKA3m/dAcH3ec= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b h1:nYazIGHb1pJxoOshvQ4cknWcyV1n49lUoLxVYPHlTng= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b h1:YcARjjuYDaJLi/MvJ0KwyLF5EE26XQnqQ8vpW1DxjOs= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b h1:aiD7bZyaBL1uM452l8T808OJRfyOhw76gkUrJ0ezJTQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b h1:xDxY5BNEFTWSlbaZXqtgVCdp5LyQs9JI4SvWxksXbXY= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b h1:BXcYg7ILvfe/5rXOlzS2sw3nHU22KkaUHyo/RkwvDQA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b h1:rzyZxuQV6qxXDuEjkpiIq+J/0UillSrE9sDiNGX6OjQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b h1:6KK8gXoJVJ4kAdpMgufNyZSbdeGXkKWMF13E0Db99F4= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b h1:Gda2vfGXywaMkp/bwu4eUsgm9J14AC2dyDmzchrHKLU= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b h1:/6jHAfncKKzsEiPYjlrAR0rTGi6kU8gLNfCAoR8oIDk= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b h1:qod5YUshgs1wRsDgqSQwex6Y+LLvTQ+a8JfIcx4PnJY= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b h1:KKcJt2B6LV4uecSVYZwyRrM9h61obdJn06rFmCbvNvs= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b h1:F0mTR63tr6BpgYOwGo/rKu5oR73EoniL6BtZgG6jqTA= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= +github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 h1:5LRipS0Wj4OJQbMlltTd1y2ey9ESfDv5WyGKrc7nagk= +github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 h1:s99uJuI5loVBCkKSw0Dkj9L13VMwKL7Ta+JLG8FtBBQ= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 h1:O0rnpyO6Cvrc7D/IGdCMDLdW2f6Z3dscfmX8IbOmwzQ= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 h1:MlTHbmL38HE4BAbELctXFwL+9Jv/3+m1PGy8W8MD0Tg= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 h1:L5nZyJ3JFeZ18qLKrR5uyfJ9OxPRKPi+JceOAH3rjcc= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 h1:HlS9uPiL6kN4xnZZuLYGytRF/w3KK2+xDMnhvGS/EbU= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 h1:25nnUQm6ZBHsrG2tYlSVNA+wGpOxdyKoTCgbektQLjs= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 h1:AJtWV+8gOQDaQ7qsPFsAZQtfVtKgBCuVKivSHZ5KHMk= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 h1:+9kdavdvzL04N9PVeOUp4NQs1hGVAI4CKoY/0Wn+nq8= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 h1:pzU8IbnD8pBk++oa8vM3nP/VCBYlKlbqfwUW+JUjAoU= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 h1:WvZL0Q0eeK+b6ma+Vtubs1LVr4XDkQpGSyMs4UqVpfQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 h1:rhbo6pNHCUdylCTLAvGB17HpU1Evf8rqqnuNVNRVea0= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 h1:PeOgPpEKwuB0huux/Mg/KvTW5ukTBAsXkXxAbXToAis= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 h1:zZQSaSAiz1ELMOKBWpwFpBhgLZ2k8hW54uUykZzwDOM= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 h1:vyYmhqMgM5Y8zxsUaaqxhAhJzBl+IdtXFG9kp61vrko= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 h1:Dn35QdZXIOqPlcA9ffZFEQ18G3o0qvihRf8qvIbx+rY= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 h1:bxLgI6c0ZS7wmwOCxpqm5HZ3dbI35WydpS8jRnlKL5s= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 h1:5/jshJ7JZhIKlhzFuoSqZ/seLKlG3smZ5uA6pDjUAFU= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 h1:1g/NYX/ekRAU56LY+RvaNFbbZHzbv5y30g0qLjRS8A4= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 h1:LvC/0o72wZIU700/mdKgJnZS+CB/9Dpmi4+GurxcsAk= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 h1:g3XGjNhAQ3JQ0s01ShGvZETpEoSzMk4VLiZ/talCt7s= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 h1:XwXTZwJhv3X5nbfyLQEk/6C7od1vsggrAXEpLxZdieM= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 h1:hZGl2nJEiVo1HR3e+XeFwfgu36AWAF6TuFYpvPLwArs= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 h1:TIbQlZaX6LyskedFWkbukyQJAmoZ8axDS7RmWjIwnxU= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 h1:hoZy3g7jNswhUK8aJU+5CX3qGTbZQtM6wT6DRACkXAo= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index f070a97478..56f9cf9138 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c39dfe34ed175b0f816f73fa9f6d51ae972dd9d73122ed3e4c99f7026bd5272d" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b0e8a15e2f026df1562094d6e6a0e4bd38f2961a23e8fd745c07aad5bd3506" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 40ef8fc4cf..6e15dd435e 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,25 +1,22 @@ -# cluster-network-operator embedded-component 756cae2baa82af3604fbe016eb0f776d8efaa61b to 14d77982b2de583913a2b8c0b885c32cfe6362ba -ee27f7576645894248381bdfe4834fc6393fc365 2023-04-02T02:48:12+00:00 Split out konnectivity certs -422bc3abaa833a98ec965e33e029b84df072f742 2023-03-30T16:23:59+00:00 pin k8s.io/apimachinery for 1.26_rebase -30f5a8bbbdb02c50bd397359cedb7bb54614f5b1 2023-03-30T16:23:59+00:00 Fix kube-proxy related breakages for 1.26 rebase -e95af93a0ad01bbe902e8a66d4c7b2a9e2e8d0fd 2023-03-30T16:23:59+00:00 unpin konnectivity-client and cluster-api for 1.26_rebase -6ac981ebe9aacd7a91760ff0620754f672cca9a4 2023-03-30T16:23:59+00:00 update go from 1.18 to 1.19 for 1.26_rebase -9621a1634824beadea285d79abe2a2b6502cca13 2023-03-30T16:23:59+00:00 go get/tidy/vendor for 1.26_rebase -# ovn-kubernetes image-amd64 9d94b5f604f18016e41b2ba507ae3df373800754 to 159a714da138391477024d824fd56b5e65083000 -7d2f340271383ac2c597e1bdbcad96988e0069f9 2023-04-03T12:02:01+02:00 Don't call `addEgressFirewallRules` when no rules need to be updated, otherwise ALL egress firewall ACLs will be updated. -554be4b5cb45f7a747ad78169e77f4c570bf6eb0 2023-04-03T11:59:23+02:00 Add e2e test for network policy hairpinned connections. -5dd299e9e58a3954438d581e334254ff6a6b3bf4 2023-04-03T11:59:14+02:00 always allow hairpinned traffic, since it should be the same as pod connecting to its own ip. That allows to remove hairpinned match condition for ingress network policies and reduce the number of ovs flows. -# ovn-kubernetes image-arm64 9b3dfbb7fa73f07e936bf6e610ab31af2db94926 to 159a714da138391477024d824fd56b5e65083000 -7d2f340271383ac2c597e1bdbcad96988e0069f9 2023-04-03T12:02:01+02:00 Don't call `addEgressFirewallRules` when no rules need to be updated, otherwise ALL egress firewall ACLs will be updated. -554be4b5cb45f7a747ad78169e77f4c570bf6eb0 2023-04-03T11:59:23+02:00 Add e2e test for network policy hairpinned connections. -5dd299e9e58a3954438d581e334254ff6a6b3bf4 2023-04-03T11:59:14+02:00 always allow hairpinned traffic, since it should be the same as pod connecting to its own ip. That allows to remove hairpinned match condition for ingress network policies and reduce the number of ovs flows. -7ba8af501478c9b2b5b0be7b55c5eeabcca97291 2023-03-28T17:16:25-04:00 Fix invalid peer test syntax -f61f2cd55dc003582e1096cb8915a36007539212 2023-03-28T15:15:30-04:00 Add error checking for addEventHandler calls -858872e78aa5a34ef18b89b96df29f0ddb39c1ff 2023-03-28T14:59:25-04:00 Bump K8S_VERSION to 1.26.0 for KIND setup -e582cf5b361d484e8c444800e40c22c8e684f303 2023-03-28T14:59:14-04:00 sets package update -b2bb806212b8f6e1cf8e1fe80b5d44af0b88b758 2023-03-28T14:59:06-04:00 exec.Stream deprecated -f74f2cba7d6163fbc50410e2bb55ba1b31a67ddc 2023-03-28T14:58:54-04:00 Bump K8s vendored libraries to use kube 1.26 -# kubernetes image-arm64 dc93b13d1f6518d62ea9e3dea64d843c2ce35cbf to 22308ca177342eb6820b95e0cad1142e385ef4c9 -0c95851f899bd4be5fcbbd78ef19eec55d91f9d3 2023-03-27T17:20:41+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: do not detach masters from lb when unready -be9f2c07315cad2be925fb27cb3dfe040dbd4171 2023-03-27T17:18:47+02:00 UPSTREAM: <drop>: legacy-cloud-providers: azure: use kube-proxy based health probes by default +# cluster-network-operator embedded-component 14d77982b2de583913a2b8c0b885c32cfe6362ba to b7b90a5bef21ebe3c91362bb1415469197e0290b +f4e8c66cfaa70d3e998b89fbfbacd989096c90c9 2023-04-07T09:38:38-07:00 update 4.13 Dockerfile to use rhel-8 and go 1.19 +e4572bb8ea38cdaccc7bb41b716750b6a390b838 2023-04-05T15:33:20+02:00 Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler +c6256d0ba6cbcfc168fa3c0fbaae193a25c0b1d4 2023-04-05T15:33:13+02:00 Whereabouts should implement the reconciliation controller +# kubernetes embedded-component 7195e44fb36b487f275becffbf5828e2021f94d4 to 22308ca177342eb6820b95e0cad1142e385ef4c9 582c77525a5a6928e9164b389487b86496332c3e 2022-12-07T15:36:23+00:00 UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/openshift-enterprise-pod.yml +# machine-config-operator embedded-component 428c2e0655c6a5fc876dad8864a5451142b5c3e2 to cfe839676e53af8617e762467336d5992e39ebfe +398cefa6f4aaf70a8979b6361dc43a2f966e23e9 2023-04-03T14:13:13+00:00 daemon: write certificate in OnceFrom and HyperShift +# ovn-kubernetes image-amd64 159a714da138391477024d824fd56b5e65083000 to b0c2ab425330f587517e7aeee369883e509717ac +a7bf3cea3eeb674e1311c5cfbaab72c8d76c6af1 2023-04-04T10:30:40-04:00 Lint fix in policy.go +b016909f6bcb91bf5693e3d9c2396487fc79a91d 2023-04-04T10:20:48-04:00 Fix node_dpu_test +3f0ffd25ac2ae0f0f982068099cbecd42a03a68e 2023-04-04T10:20:37-04:00 Add e2e test for static pods +b8de796d434fddfef8d738429dbb80a938929d26 2023-04-04T10:20:25-04:00 Allow static pod creation +62b001a83cc2c376f8731500af872ce6f9353926 2023-04-04T10:20:15-04:00 Add Functions needed to check for static pod +# kubernetes image-amd64 7195e44fb36b487f275becffbf5828e2021f94d4 to 22308ca177342eb6820b95e0cad1142e385ef4c9 +582c77525a5a6928e9164b389487b86496332c3e 2022-12-07T15:36:23+00:00 UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/openshift-enterprise-pod.yml +# ovn-kubernetes image-arm64 159a714da138391477024d824fd56b5e65083000 to b0c2ab425330f587517e7aeee369883e509717ac +a7bf3cea3eeb674e1311c5cfbaab72c8d76c6af1 2023-04-04T10:30:40-04:00 Lint fix in policy.go +b016909f6bcb91bf5693e3d9c2396487fc79a91d 2023-04-04T10:20:48-04:00 Fix node_dpu_test +3f0ffd25ac2ae0f0f982068099cbecd42a03a68e 2023-04-04T10:20:37-04:00 Add e2e test for static pods +b8de796d434fddfef8d738429dbb80a938929d26 2023-04-04T10:20:25-04:00 Allow static pod creation +62b001a83cc2c376f8731500af872ce6f9353926 2023-04-04T10:20:15-04:00 Add Functions needed to check for static pod diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index c7d6489495..dd555c5986 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -3,12 +3,12 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 -https://github.com/openshift/cluster-network-operator embedded-component 14d77982b2de583913a2b8c0b885c32cfe6362ba +https://github.com/openshift/cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -https://github.com/openshift/kubernetes embedded-component 7195e44fb36b487f275becffbf5828e2021f94d4 -https://github.com/openshift/machine-config-operator embedded-component 428c2e0655c6a5fc876dad8864a5451142b5c3e2 +https://github.com/openshift/kubernetes embedded-component 22308ca177342eb6820b95e0cad1142e385ef4c9 +https://github.com/openshift/machine-config-operator embedded-component cfe839676e53af8617e762467336d5992e39ebfe https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a @@ -16,13 +16,13 @@ https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-amd64 159a714da138391477024d824fd56b5e65083000 -https://github.com/openshift/kubernetes image-amd64 7195e44fb36b487f275becffbf5828e2021f94d4 +https://github.com/openshift/ovn-kubernetes image-amd64 b0c2ab425330f587517e7aeee369883e509717ac +https://github.com/openshift/kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-arm64 159a714da138391477024d824fd56b5e65083000 +https://github.com/openshift/ovn-kubernetes image-arm64 b0c2ab425330f587517e7aeee369883e509717ac https://github.com/openshift/kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index e520469f37..150359e181 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-06-060829" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-06-230659" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-10-162321" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-10-150453" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/modules.txt b/vendor/modules.txt index 678249acba..8ebc5748a1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b +# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b +# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b +# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 -# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 @@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b +# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3048,7 +3048,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -3091,7 +3091,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3106,10 +3106,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b +# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 ## explicit; go 1.19 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3252,33 +3252,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230330150607-7195e44fb36b -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230330150607-7195e44fb36b -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230330150607-7195e44fb36b -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230330150607-7195e44fb36b -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230330150607-7195e44fb36b -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230330150607-7195e44fb36b -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230330150607-7195e44fb36b -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230330150607-7195e44fb36b -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230330150607-7195e44fb36b -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230330150607-7195e44fb36b -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230330150607-7195e44fb36b -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230330150607-7195e44fb36b -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230330150607-7195e44fb36b -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230330150607-7195e44fb36b -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230330150607-7195e44fb36b -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230330150607-7195e44fb36b -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230330150607-7195e44fb36b -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230330150607-7195e44fb36b -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230330150607-7195e44fb36b -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230330150607-7195e44fb36b +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 From fb2aa3aa75a4e9253215610060c57b34895d4443 Mon Sep 17 00:00:00 2001 From: Allen Ray <allentray125@gmail.com> Date: Tue, 11 Apr 2023 09:29:25 -0400 Subject: [PATCH 58/79] OCPBUGS-11497:increase etcd memory limit floor --- docs/howto_config.md | 4 ++-- .../github.com/openshift/microshift/pkg/config/config.go | 4 ++-- pkg/config/config.go | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/howto_config.md b/docs/howto_config.md index 6103dee49e..36b85feabc 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -86,9 +86,9 @@ List of ports that you must avoid: By default, etcd will be allowed to use as much memory as it needs to handle the load on the system; however, in memory constrained systems, it may be preferred or necessary to limit the amount of memory etcd is allowed to use at a given time. -Setting the `memoryLimitMB` to a value greater than 0 will result in a soft memory limit being applied to etcd; etcd will be allowed to go over this value during operation, but memory will be more aggresively reclaimed from it if it does. A value of `128` megabytes is the recommended starting place for this limit; however, the configuration floor is `50` megabytes - attempting to set the limit below 50 megabytes will result in the configuration being 50 megabytes. +Setting the `memoryLimitMB` to a value greater than 0 will result in a soft memory limit being applied to etcd; etcd will be allowed to go over this value during operation, but memory will be more aggresively reclaimed from it if it does. A value of `128` megabytes is the configuration floor - attempting to set the limit below 128 megabytes will result in the configuration being 128 megabytes. -Please note that values between 50 and 128 megabytes will heavily trade off memory footprint for etcd performance: the lower the memory limit, the more time etcd will spend on paging memory to disk and will take longer to respond to queries or even timing requests out if the limit is low and the etcd usage is high. +Please note that values close to the floor may be more likely to impact etcd performance - the memory limit is a trade-off of memory footprint and etcd performance. The lower the limit, the more time etcd will spend on paging memory to disk and will take longer to respond to queries or even timing requests out if the limit is low and the etcd usage is high. # Auto-applying Manifests diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go index fc541ae654..df2ad6d6da 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go @@ -105,8 +105,8 @@ type Config struct { } const ( - // Etcd performance degrades significantly if the memory available is less than 50MB, enfore this minimum. - EtcdMinimumMemoryLimit = 50 + // Etcd performance degrades significantly if the memory available is less than 128MB, enfore this minimum. + EtcdMinimumMemoryLimit = 128 ) type Etcd struct { diff --git a/pkg/config/config.go b/pkg/config/config.go index fc541ae654..df2ad6d6da 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -105,8 +105,8 @@ type Config struct { } const ( - // Etcd performance degrades significantly if the memory available is less than 50MB, enfore this minimum. - EtcdMinimumMemoryLimit = 50 + // Etcd performance degrades significantly if the memory available is less than 128MB, enfore this minimum. + EtcdMinimumMemoryLimit = 128 ) type Etcd struct { From 3218950b61cf8196d7e23cbb5d796bd3fa3e8f25 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Wed, 12 Apr 2023 08:50:50 -0400 Subject: [PATCH 59/79] rebase-4.13.0-0.nightly-2023-04-11-144406_amd64-2023-04-11_arm64-2023-04-11 (#1661) * update last_rebase.sh * update changelog * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- assets/release/release-aarch64.json | 6 +++--- assets/release/release-x86_64.json | 4 ++-- scripts/auto-rebase/changelog.txt | 31 +++++++++-------------------- scripts/auto-rebase/commits.txt | 8 ++++---- scripts/auto-rebase/last_rebase.sh | 2 +- 7 files changed, 21 insertions(+), 34 deletions(-) diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 36c53b268b..4be468bcf1 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-10-150453 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-11-174952 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index ee96e94866..f07e4668f7 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-10-162321 +OCP_VERSION := 4.13.0-0.nightly-2023-04-11-144406 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 16392a97fa..332d6f147b 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,14 +1,14 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-10-150453" + "base": "4.13.0-0.nightly-arm64-2023-04-11-174952" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c9ce8d0fd1ca92ccca5a4cad3466241595e621c5d85fa3c511a53d448e45f7e", "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0a80d78e13a543dcacd826904cd1b882d093f60d7014d585b45212e0ec88aaa1", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45262e0f012c6164200943a0505748103c23ae1559cc79fb404a6804e4a416c9", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1975f0114a0a5038bee615011e2c2e145dc1df230c7192f8e5ea0b04b0d43f17", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5fc7b7bb89e52f3342e2d9aa8aebf65c887f818ae9b7cef635e11f374ddd85fa", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9cc299ed655f2000dbea2c17bd9b510e0c3f9bef67bbc9a208cd6744e87f9464", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index b1360179b2..237d411688 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-10-162321" + "base": "4.13.0-0.nightly-2023-04-11-144406" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", @@ -8,7 +8,7 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:343f6fdc5a63b904ec329020977cbbfcce7035893e5a1cc37388d77f5e7e7a15", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1861b0afe90f7cd3efc8f9b0ba0b96095f033ed06625179efee2dfff852ddeb7", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0b92244914980565bc508f74702670b8bce69554d8055dad75dfd5f04a9fe5ea", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b0e8a15e2f026df1562094d6e6a0e4bd38f2961a23e8fd745c07aad5bd3506", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 6e15dd435e..a00c5e612b 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,22 +1,9 @@ -# cluster-network-operator embedded-component 14d77982b2de583913a2b8c0b885c32cfe6362ba to b7b90a5bef21ebe3c91362bb1415469197e0290b -f4e8c66cfaa70d3e998b89fbfbacd989096c90c9 2023-04-07T09:38:38-07:00 update 4.13 Dockerfile to use rhel-8 and go 1.19 -e4572bb8ea38cdaccc7bb41b716750b6a390b838 2023-04-05T15:33:20+02:00 Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler -c6256d0ba6cbcfc168fa3c0fbaae193a25c0b1d4 2023-04-05T15:33:13+02:00 Whereabouts should implement the reconciliation controller -# kubernetes embedded-component 7195e44fb36b487f275becffbf5828e2021f94d4 to 22308ca177342eb6820b95e0cad1142e385ef4c9 -582c77525a5a6928e9164b389487b86496332c3e 2022-12-07T15:36:23+00:00 UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/openshift-enterprise-pod.yml -# machine-config-operator embedded-component 428c2e0655c6a5fc876dad8864a5451142b5c3e2 to cfe839676e53af8617e762467336d5992e39ebfe -398cefa6f4aaf70a8979b6361dc43a2f966e23e9 2023-04-03T14:13:13+00:00 daemon: write certificate in OnceFrom and HyperShift -# ovn-kubernetes image-amd64 159a714da138391477024d824fd56b5e65083000 to b0c2ab425330f587517e7aeee369883e509717ac -a7bf3cea3eeb674e1311c5cfbaab72c8d76c6af1 2023-04-04T10:30:40-04:00 Lint fix in policy.go -b016909f6bcb91bf5693e3d9c2396487fc79a91d 2023-04-04T10:20:48-04:00 Fix node_dpu_test -3f0ffd25ac2ae0f0f982068099cbecd42a03a68e 2023-04-04T10:20:37-04:00 Add e2e test for static pods -b8de796d434fddfef8d738429dbb80a938929d26 2023-04-04T10:20:25-04:00 Allow static pod creation -62b001a83cc2c376f8731500af872ce6f9353926 2023-04-04T10:20:15-04:00 Add Functions needed to check for static pod -# kubernetes image-amd64 7195e44fb36b487f275becffbf5828e2021f94d4 to 22308ca177342eb6820b95e0cad1142e385ef4c9 -582c77525a5a6928e9164b389487b86496332c3e 2022-12-07T15:36:23+00:00 UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/openshift-enterprise-pod.yml -# ovn-kubernetes image-arm64 159a714da138391477024d824fd56b5e65083000 to b0c2ab425330f587517e7aeee369883e509717ac -a7bf3cea3eeb674e1311c5cfbaab72c8d76c6af1 2023-04-04T10:30:40-04:00 Lint fix in policy.go -b016909f6bcb91bf5693e3d9c2396487fc79a91d 2023-04-04T10:20:48-04:00 Fix node_dpu_test -3f0ffd25ac2ae0f0f982068099cbecd42a03a68e 2023-04-04T10:20:37-04:00 Add e2e test for static pods -b8de796d434fddfef8d738429dbb80a938929d26 2023-04-04T10:20:25-04:00 Allow static pod creation -62b001a83cc2c376f8731500af872ce6f9353926 2023-04-04T10:20:15-04:00 Add Functions needed to check for static pod +# machine-config-operator embedded-component cfe839676e53af8617e762467336d5992e39ebfe to 0318874b6243752bb0bd30f8e99bd03d19278b37 +90b3d03d97a797a5468f16eb70e71cbfd0825381 2023-04-11T07:36:58+00:00 Accomodate ART limitation in parsing [[]] bash The downstream build pipeline parses bash in Dockerfile `RUN` commands in order to smooth over yum/dnf invocations that break downstream builds. For example, upstream Dockerfiles may use `--disablerepo` / `--enablerepo` / `microdnf` -- none of which will work as intended in brew/koji builds. +333d9389069e1d5c12c6fa0ce6304cf0086934dd 2023-04-06T19:41:10+00:00 OCPBUGS-10787: Persist static IP addressed NIC names from rhel8 +# ovn-kubernetes image-amd64 b0c2ab425330f587517e7aeee369883e509717ac to c66883c01e06722319fdf18e9997231b6abda3aa +c52131126d9fb909dbe48c1c695a961d7308b11c 2023-04-05T21:15:08+00:00 CARRY: use "prefer local" for annotated services +# kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e to 11b1439d48a47a408ae7e2dd851989f7b7b4f595 +d5860627135014563aa3d06de75f9a82c4ce2821 2022-12-07T09:27:19+00:00 Updating kube-rbac-proxy images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/kube-rbac-proxy.yml +# ovn-kubernetes image-arm64 b0c2ab425330f587517e7aeee369883e509717ac to c66883c01e06722319fdf18e9997231b6abda3aa +c52131126d9fb909dbe48c1c695a961d7308b11c 2023-04-05T21:15:08+00:00 CARRY: use "prefer local" for annotated services diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index dd555c5986..120e665895 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -8,7 +8,7 @@ https://github.com/openshift/cluster-openshift-controller-manager-operator embed https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d https://github.com/openshift/kubernetes embedded-component 22308ca177342eb6820b95e0cad1142e385ef4c9 -https://github.com/openshift/machine-config-operator embedded-component cfe839676e53af8617e762467336d5992e39ebfe +https://github.com/openshift/machine-config-operator embedded-component 0318874b6243752bb0bd30f8e99bd03d19278b37 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a @@ -16,13 +16,13 @@ https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-amd64 b0c2ab425330f587517e7aeee369883e509717ac +https://github.com/openshift/ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa https://github.com/openshift/kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d -https://github.com/openshift/kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e -https://github.com/openshift/ovn-kubernetes image-arm64 b0c2ab425330f587517e7aeee369883e509717ac +https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 +https://github.com/openshift/ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa https://github.com/openshift/kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 150359e181..cf8e6ec8b3 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-10-162321" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-10-150453" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-11-144406" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-11-174952" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 12138c2472d8c7a9aaf0baa93a48bd11a5d70591 Mon Sep 17 00:00:00 2001 From: Allen Ray <allentray125@gmail.com> Date: Wed, 12 Apr 2023 12:26:21 -0400 Subject: [PATCH 60/79] OCPBUGS-11660: fix show-config not including changes to etcd config --- pkg/cmd/showConfig.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/cmd/showConfig.go b/pkg/cmd/showConfig.go index 21c57f5f08..647fa89554 100644 --- a/pkg/cmd/showConfig.go +++ b/pkg/cmd/showConfig.go @@ -68,6 +68,9 @@ func NewShowConfigCommand(ioStreams genericclioptions.IOStreams) *cobra.Command Debugging: config.Debugging{ LogLevel: logLevels[cfg.LogVLevel], }, + Etcd: config.Etcd{ + MemoryLimitMB: cfg.Etcd.MemoryLimit, + }, } marshalled, err := yaml.Marshal(userCfg) cmdutil.CheckErr(err) From c604f2b394f8cf986b68b03ec5336eb1ea876f57 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Thu, 13 Apr 2023 03:41:42 -0400 Subject: [PATCH 61/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-12-050538_amd64-2023-04-12_arm64-2023-04-11 (#1667) * update last_rebase.sh * update changelog * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.version.x86_64.var | 2 +- assets/release/release-x86_64.json | 4 ++-- scripts/auto-rebase/changelog.txt | 9 +-------- scripts/auto-rebase/commits.txt | 2 +- scripts/auto-rebase/last_rebase.sh | 2 +- 5 files changed, 6 insertions(+), 13 deletions(-) diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index f07e4668f7..28eec8b131 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-11-144406 +OCP_VERSION := 4.13.0-0.nightly-2023-04-12-050538 diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 237d411688..160314c09f 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,12 +1,12 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-11-144406" + "base": "4.13.0-0.nightly-2023-04-12-050538" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dab7cbb4ec3c211fd6c109e5de9ed848d8b96b35a4622f019eb324fa12adeb4d", "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:343f6fdc5a63b904ec329020977cbbfcce7035893e5a1cc37388d77f5e7e7a15", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b63259b7d82bf64968d77c9222ee87911105aa7a971e7b0740b551ab5b3527b", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0b92244914980565bc508f74702670b8bce69554d8055dad75dfd5f04a9fe5ea", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b0e8a15e2f026df1562094d6e6a0e4bd38f2961a23e8fd745c07aad5bd3506", diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index a00c5e612b..3f6a8d227e 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,9 +1,2 @@ -# machine-config-operator embedded-component cfe839676e53af8617e762467336d5992e39ebfe to 0318874b6243752bb0bd30f8e99bd03d19278b37 -90b3d03d97a797a5468f16eb70e71cbfd0825381 2023-04-11T07:36:58+00:00 Accomodate ART limitation in parsing [[]] bash The downstream build pipeline parses bash in Dockerfile `RUN` commands in order to smooth over yum/dnf invocations that break downstream builds. For example, upstream Dockerfiles may use `--disablerepo` / `--enablerepo` / `microdnf` -- none of which will work as intended in brew/koji builds. -333d9389069e1d5c12c6fa0ce6304cf0086934dd 2023-04-06T19:41:10+00:00 OCPBUGS-10787: Persist static IP addressed NIC names from rhel8 -# ovn-kubernetes image-amd64 b0c2ab425330f587517e7aeee369883e509717ac to c66883c01e06722319fdf18e9997231b6abda3aa -c52131126d9fb909dbe48c1c695a961d7308b11c 2023-04-05T21:15:08+00:00 CARRY: use "prefer local" for annotated services -# kube-rbac-proxy image-arm64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e to 11b1439d48a47a408ae7e2dd851989f7b7b4f595 +# kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e to 11b1439d48a47a408ae7e2dd851989f7b7b4f595 d5860627135014563aa3d06de75f9a82c4ce2821 2022-12-07T09:27:19+00:00 Updating kube-rbac-proxy images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/kube-rbac-proxy.yml -# ovn-kubernetes image-arm64 b0c2ab425330f587517e7aeee369883e509717ac to c66883c01e06722319fdf18e9997231b6abda3aa -c52131126d9fb909dbe48c1c695a961d7308b11c 2023-04-05T21:15:08+00:00 CARRY: use "prefer local" for annotated services diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 120e665895..c432f24dbf 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -15,7 +15,7 @@ https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcc https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d -https://github.com/openshift/kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e +https://github.com/openshift/kube-rbac-proxy image-amd64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 https://github.com/openshift/ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa https://github.com/openshift/kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index cf8e6ec8b3..52d7afce9b 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-11-144406" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-11-174952" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-12-050538" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-11-174952" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 7af02e347ddb2f8cd926ae726f76f2321720f199 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Fri, 14 Apr 2023 02:24:53 -0400 Subject: [PATCH 62/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-13-171034_amd64-2023-04-13_arm64-2023-04-14 (#1671) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update etcd/go.mod * update etcd/vendor * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.kube_git.var | 2 +- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- assets/release/release-aarch64.json | 6 +- assets/release/release-x86_64.json | 6 +- etcd/go.mod | 58 ++++----- etcd/go.sum | 24 ++-- etcd/vendor/modules.txt | 70 +++++------ go.mod | 60 +++++----- go.sum | 102 ++++++++-------- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 52 ++++++++- scripts/auto-rebase/commits.txt | 10 +- scripts/auto-rebase/last_rebase.sh | 2 +- .../csiinlinevolumesecurity/admission.go | 12 +- vendor/modules.txt | 110 +++++++++--------- 17 files changed, 286 insertions(+), 236 deletions(-) diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 54c6020a31..63cb458e59 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=22308ca177342eb6820b95e0cad1142e385ef4c9 +KUBE_GIT_COMMIT=0c79814882f4a4b842fbeab001c9f92f9de9a9b9 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 4be468bcf1..c2642c097e 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-11-174952 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-14-004314 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 28eec8b131..4b7108c00f 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-12-050538 +OCP_VERSION := 4.13.0-0.nightly-2023-04-13-171034 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 332d6f147b..3a2210835b 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-11-174952" + "base": "4.13.0-0.nightly-arm64-2023-04-14-004314" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45262e0f012c6164200943a0505748103c23ae1559cc79fb404a6804e4a416c9", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5fc7b7bb89e52f3342e2d9aa8aebf65c887f818ae9b7cef635e11f374ddd85fa", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9cc299ed655f2000dbea2c17bd9b510e0c3f9bef67bbc9a208cd6744e87f9464", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b24b0ec97126bbf992d4a751e5656a22d818b94627c4db1c7d277222b8747dc1", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 160314c09f..7cdd5cfe46 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-12-050538" + "base": "4.13.0-0.nightly-2023-04-13-171034" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b63259b7d82bf64968d77c9222ee87911105aa7a971e7b0740b551ab5b3527b", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0b92244914980565bc508f74702670b8bce69554d8055dad75dfd5f04a9fe5ea", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b0e8a15e2f026df1562094d6e6a0e4bd38f2961a23e8fd745c07aad5bd3506", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:24da6891ed61d7172edc821275691303d48bb6d3287ecb27a43fed1f912e53d0", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/etcd/go.mod b/etcd/go.mod index 2b19777e9a..d6f82ab83f 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index c207af9bcf..725e704641 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 h1:s99uJuI5loVBCkKSw0Dkj9L13VMwKL7Ta+JLG8FtBBQ= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 h1:MlTHbmL38HE4BAbELctXFwL+9Jv/3+m1PGy8W8MD0Tg= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 h1:HlS9uPiL6kN4xnZZuLYGytRF/w3KK2+xDMnhvGS/EbU= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 h1:25nnUQm6ZBHsrG2tYlSVNA+wGpOxdyKoTCgbektQLjs= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 h1:pzU8IbnD8pBk++oa8vM3nP/VCBYlKlbqfwUW+JUjAoU= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 h1:LvC/0o72wZIU700/mdKgJnZS+CB/9Dpmi4+GurxcsAk= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index d9a83b4f43..62ccaa7daf 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -998,32 +998,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 diff --git a/go.mod b/go.mod index 89c6f87321..6258895839 100644 --- a/go.mod +++ b/go.mod @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // from kubernetes ) diff --git a/go.sum b/go.sum index c7cfbfaaab..fc9ca6379f 100644 --- a/go.sum +++ b/go.sum @@ -608,57 +608,57 @@ github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qY github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 h1:5LRipS0Wj4OJQbMlltTd1y2ey9ESfDv5WyGKrc7nagk= -github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 h1:s99uJuI5loVBCkKSw0Dkj9L13VMwKL7Ta+JLG8FtBBQ= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 h1:O0rnpyO6Cvrc7D/IGdCMDLdW2f6Z3dscfmX8IbOmwzQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 h1:MlTHbmL38HE4BAbELctXFwL+9Jv/3+m1PGy8W8MD0Tg= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 h1:L5nZyJ3JFeZ18qLKrR5uyfJ9OxPRKPi+JceOAH3rjcc= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 h1:HlS9uPiL6kN4xnZZuLYGytRF/w3KK2+xDMnhvGS/EbU= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 h1:25nnUQm6ZBHsrG2tYlSVNA+wGpOxdyKoTCgbektQLjs= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 h1:AJtWV+8gOQDaQ7qsPFsAZQtfVtKgBCuVKivSHZ5KHMk= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 h1:+9kdavdvzL04N9PVeOUp4NQs1hGVAI4CKoY/0Wn+nq8= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 h1:pzU8IbnD8pBk++oa8vM3nP/VCBYlKlbqfwUW+JUjAoU= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 h1:WvZL0Q0eeK+b6ma+Vtubs1LVr4XDkQpGSyMs4UqVpfQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 h1:rhbo6pNHCUdylCTLAvGB17HpU1Evf8rqqnuNVNRVea0= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 h1:PeOgPpEKwuB0huux/Mg/KvTW5ukTBAsXkXxAbXToAis= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 h1:zZQSaSAiz1ELMOKBWpwFpBhgLZ2k8hW54uUykZzwDOM= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 h1:vyYmhqMgM5Y8zxsUaaqxhAhJzBl+IdtXFG9kp61vrko= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 h1:Dn35QdZXIOqPlcA9ffZFEQ18G3o0qvihRf8qvIbx+rY= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 h1:bxLgI6c0ZS7wmwOCxpqm5HZ3dbI35WydpS8jRnlKL5s= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 h1:5/jshJ7JZhIKlhzFuoSqZ/seLKlG3smZ5uA6pDjUAFU= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 h1:1g/NYX/ekRAU56LY+RvaNFbbZHzbv5y30g0qLjRS8A4= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 h1:LvC/0o72wZIU700/mdKgJnZS+CB/9Dpmi4+GurxcsAk= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 h1:g3XGjNhAQ3JQ0s01ShGvZETpEoSzMk4VLiZ/talCt7s= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 h1:XwXTZwJhv3X5nbfyLQEk/6C7od1vsggrAXEpLxZdieM= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 h1:hZGl2nJEiVo1HR3e+XeFwfgu36AWAF6TuFYpvPLwArs= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 h1:TIbQlZaX6LyskedFWkbukyQJAmoZ8axDS7RmWjIwnxU= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 h1:hoZy3g7jNswhUK8aJU+5CX3qGTbZQtM6wT6DRACkXAo= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= +github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 h1:DxU8TWjU8Oena8Ghid/K+cmQLNJSJRhuUFdlHqrEYM0= +github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 h1:agPz3HCip5q6vbfHqIrZHBO2cq27NR6xPzlIWtiNV14= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 h1:pXWg407R5iaAYV2w/ElE7MtOmxcZ62WpCq6f4S2/Cvk= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 h1:mtZeh53RDdQpMkIOn6Z0f3WOiWCcmw/Ua93PbDgW7Bk= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 h1:CJG+OQlmVbldHGEblR3d2HVcgm8KSQzlFaVzj8P8WxI= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 h1:0aFCy3DFIJp9q7MjIdF+d7c9gRRldbzoADzeXJHD6Ps= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 h1:gtLRfQXW02jMSNd3b+OYihuYGnf3kdpM1XcxVho24yI= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 h1:UH2CrxJMeQfqUXKAdBS4wMrTkRr5IlMLtC4K6QLUVa0= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 h1:hVdwgqxDk4bluPK25EPn8Pac41kd+Z5dEYx2rDlmlfA= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 h1:TFwYCrthXTV89eiKNewDLRHIxqzUVsOTDI6CRenseVs= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 h1:6x02hFqXOhHkpGrkQMnZxbze/W5ezpFJY24p+QBOSGc= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 h1:YE1eqfA+F0slkcQz/JUq/wLe6GOOWeyKYDXYjwTBMuw= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 h1:DhG+hjnNz9dWd99ZDYgTvGfa664Z1BeNdsitcr1S/E0= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 h1:at3OR4PQWIMjPX4Rj/gF0axWOCxJUaC/0nb0v5+aICg= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 h1:6okyPOQlNzes/eX6zLDfxuZ8vq9TCClcMK/z2CspUNc= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 h1:XDfbRtXJkcJ+0DYpGDY5z+THMad2F645g4axdksFVyE= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 h1:0siZkDLsSH1EwQozlv4jSvXjv4J/YxShm5t+8D0R79U= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 h1:shy31jV3C6duCqPIbpBoayfvub0MD+ewWMsk4SNHlmo= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 h1:g3n+u+PZ/FEOf0lvfFcgDV+rMQdYsUa1uW8tLrr4yII= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index 56f9cf9138..5f9f8932d4 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b0e8a15e2f026df1562094d6e6a0e4bd38f2961a23e8fd745c07aad5bd3506" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index ae9863ab6e..12ff0ccb3a 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9cc299ed655f2000dbea2c17bd9b510e0c3f9bef67bbc9a208cd6744e87f9464" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 3f6a8d227e..65ec2fe921 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,2 +1,50 @@ -# kube-rbac-proxy image-amd64 0aa2830ed7359fd8cd0e2f7db0ed96a733c5990e to 11b1439d48a47a408ae7e2dd851989f7b7b4f595 -d5860627135014563aa3d06de75f9a82c4ce2821 2022-12-07T09:27:19+00:00 Updating kube-rbac-proxy images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/61541c1c730569d20db98c885bb07d7ee96e648c/images/kube-rbac-proxy.yml +# cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c to 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba +083565cf97e4077cff36091aba5a276d469f8eed 2023-03-22T18:35:00+00:00 update apf configuration to use v1beta3 +# kubernetes embedded-component 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 +71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin +# machine-config-operator embedded-component 0318874b6243752bb0bd30f8e99bd03d19278b37 to 5d6b4e794bda70accd168867bba815e3b3e3b02a +f98d25046fa825cb91c2b6f97c928f44b53b1b0f 2023-03-28T08:02:56+00:00 OCPBUGS-8676: Fix kubelet.service node-ip for v6-primary dual-stack +# kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 +71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin +# kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 85375332a108abce2f23a61958ae7adcc449477c +1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image +e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: <carry>: Force using the go tooling from the system +6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: <drop>: manually resolve conflicts +71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin +9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3 +6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece +7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue +6968f56567c90ea4329448a9185445bb1f114295 2023-03-09T12:39:06-08:00 Removes old discovery hack ignoring 403 and 404 +363bcdd815c051e52954b1aab1cd503dfc19bff7 2023-03-09T12:38:02-08:00 Plumb stale GroupVersions through aggregated discovery +24f79b28edf2496aa63b7578b083362e009a987e 2023-03-09T10:08:08+01:00 releng/go: Update images, dependencies and version to Go 1.19.7 +6e8addd9a0a9e2983e3040e337b1b7ba6df83d87 2023-03-08T04:00:34+00:00 Tolerate empty discovery response in memcache client +5aefc0c454e0e4f7c431ddfdfe767859b36b55ac 2023-03-03T10:00:26+05:30 Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node. +4bab824def3417109b6dca8e16ad3b7fa80d74c8 2023-03-02T11:39:47-08:00 Deflake tests in staging/src/k8s.io/kube-aggregator/pkg/apiserver +20f36098d951df73b131e9408f1a37a74b84ba5d 2023-03-02T11:39:42-08:00 Fix a data race in TestDirty +d07478bd5a863273aec874c869bb8cd3de911bdc 2023-03-02T11:39:38-08:00 ut: fix TestLegacyFallbackNoCache versions order +b1f6dc0311402ffc8849ffab2998b38d839b9924 2023-03-02T11:36:43-08:00 Fix legacy fallback stale for aggregated discovery +3df1e8e32fdc4462bdfe1537d90ce4e6d83e6a9a 2023-03-02T02:29:31+00:00 add unit test +86a6f5d1b58ee63de1133b515001dd6d333b207a 2023-03-02T02:29:31+00:00 fix 116028 +e8627059b02a360f30a869abc7c1cbec00163651 2023-02-28T17:19:34-03:00 Re-enable label selector +1b063e1248ce9f38fda5456054fca77ecb320eec 2023-02-28T17:19:34-03:00 Add integration test for diff --prune --selector +215a91b4381ec2fded38e8d0253e0e3f3675f9cb 2023-02-28T17:19:32-03:00 Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply +9ec50f523aa50219f2449b1acc119619d0642051 2023-02-27T10:58:28+01:00 svc: Support pods with same address +a4ea8e56c1558292233d6b4bb1d0712a21bf3518 2023-02-27T08:37:59+01:00 api: generated files +bb8e051b4b95e1eb0e2dc4e3e25b4373a8a6307d 2023-02-27T08:33:04+01:00 api: drop Resources.Claims from PVC and PVC template +5ea3848172c54a35b0e86a3709b983136e277293 2023-02-24T20:23:32+01:00 scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim +f5261ae7362e90f20db2557bc83d590e83aeb7be 2023-02-24T07:25:58-08:00 Fix validation.go to validate without StatefulSetStartOrdinal feature gate check. Adds test case to validate regression fix of validation failing when spec.ordinals set and feature gate disabled +f945942cfa18acc3cb0d063a065fafa1e710dc88 2023-02-22T14:30:11+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.2 +a87eb5d44f4d0008ef910d98d3b1983e3320bab7 2023-02-22T13:32:21+00:00 Release commit for Kubernetes v1.26.3-rc.0 +a05ec2e0147acb5955b21e4b971ae2e59a3ea019 2023-02-20T23:05:34+01:00 Remove global framework variable +072703c70b066c590686b9b75dcacab5a3f737dd 2023-02-15T10:25:09-08:00 fix race in aggregated discovery handler +bdecd47143ebfddfeacb36b9ff980446476eec9c 2023-02-14T17:46:31+00:00 Remove check for CSI driver running on node for CSI migration attach operations +00e1ab6b5dbf815eb6853a497b8ce1685a717536 2023-02-14T11:06:01-05:00 Disable multiple pv mount tests for vsphere intree driver +192f90ac9c5f0e04f0b9973952e0227cb37c5c4e 2023-02-13T21:26:58-05:00 Simplify construction of /metrics request +4e7930724f2afb60efc29b94ce1c5c75ceecb7cc 2023-02-08T16:54:52+05:30 Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode. +83c3ca63a12eaadfa2fb20ea5d6b588904461193 2023-02-07T17:03:20-08:00 Bump konnectivity-client to v0.0.36 +29f810fc071157cfa55603e97c0065e50f45a131 2023-02-06T21:51:40+00:00 make GetSubnetPrefix IP family agnostic +d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme from kube::golang::verify_go_version +62386bb73950cbdec1f8938a3250937702222749 2023-02-03T00:01:07-05:00 Add gimme +25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets +a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available +6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index c432f24dbf..95bd4bccd4 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,14 +1,14 @@ https://github.com/openshift/cluster-dns-operator embedded-component d96022a4d0d091955d73e7e99fc8cc81db56c86a https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c551de22016dc2b6c87ca11ef4ac2be04d -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 https://github.com/openshift/cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -https://github.com/openshift/kubernetes embedded-component 22308ca177342eb6820b95e0cad1142e385ef4c9 -https://github.com/openshift/machine-config-operator embedded-component 0318874b6243752bb0bd30f8e99bd03d19278b37 +https://github.com/openshift/kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 +https://github.com/openshift/machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a @@ -17,12 +17,12 @@ https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce733 https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 https://github.com/openshift/ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa -https://github.com/openshift/kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 +https://github.com/openshift/kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 https://github.com/openshift/ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa -https://github.com/openshift/kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 +https://github.com/openshift/kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 52d7afce9b..044a6f5fd5 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-12-050538" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-11-174952" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-13-171034" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-14-004314" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/storage/csiinlinevolumesecurity/admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/storage/csiinlinevolumesecurity/admission.go index 664f70b382..35e249acc3 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/storage/csiinlinevolumesecurity/admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/storage/csiinlinevolumesecurity/admission.go @@ -33,6 +33,8 @@ const ( defaultPodSecEnforceProfile = podsecapi.LevelRestricted defaultPodSecWarnProfile = podsecapi.LevelRestricted defaultPodSecAuditProfile = podsecapi.LevelRestricted + // Format string used for audit/warn/enforce response messages + admissionResponseFormatStr = "%s uses an inline volume provided by CSIDriver %s and namespace %s has a pod security %s level that is lower than %s" ) var ( @@ -155,12 +157,12 @@ func (c *csiInlineVolSec) Validate(ctx context.Context, attrs admission.Attribut // Extract the pod spec to evaluate obj := attrs.GetObject() - podMeta, podSpec, err := c.podSpecExtractor.ExtractPodSpec(obj) + _, podSpec, err := c.podSpecExtractor.ExtractPodSpec(obj) if err != nil { return admission.NewForbidden(attrs, fmt.Errorf("failed to extract pod spec: %v", err)) } // If an object with an optional pod spec does not contain a pod spec, skip validation - if podMeta == nil && podSpec == nil { + if podSpec == nil { return nil } @@ -188,15 +190,15 @@ func (c *csiInlineVolSec) Validate(ctx context.Context, attrs admission.Attribut // Compare CSIDriver level to the policy for the namespace if podsecapi.CompareLevels(nsPolicy.Enforce.Level, driverLevel) > 0 { // Not permitted, enforce error and deny admission - return admission.NewForbidden(attrs, fmt.Errorf("admission denied: pod %s uses an inline volume provided by CSIDriver %s and namespace %s has a pod security enforce level that is lower than %s", podMeta.Name, driverName, namespace.Name, driverLevel)) + return admission.NewForbidden(attrs, fmt.Errorf(admissionResponseFormatStr, attrs.GetName(), driverName, attrs.GetNamespace(), "enforce", driverLevel)) } if podsecapi.CompareLevels(nsPolicy.Warn.Level, driverLevel) > 0 { // Violates policy warn level, add warning - warning.AddWarning(ctx, "", fmt.Sprintf("pod %s uses an inline volume provided by CSIDriver %s and namespace %s has a pod security warn level that is lower than %s", podMeta.Name, driverName, namespace.Name, driverLevel)) + warning.AddWarning(ctx, "", fmt.Sprintf(admissionResponseFormatStr, attrs.GetName(), driverName, attrs.GetNamespace(), "warn", driverLevel)) } if podsecapi.CompareLevels(nsPolicy.Audit.Level, driverLevel) > 0 { // Violates policy audit level, add audit annotation - auditMessageString := fmt.Sprintf("pod %s uses an inline volume provided by CSIDriver %s and namespace %s has a pod security audit level that is lower than %s", podMeta.Name, driverName, namespace.Name, driverLevel) + auditMessageString := fmt.Sprintf(admissionResponseFormatStr, attrs.GetName(), driverName, attrs.GetNamespace(), "audit", driverLevel) audit.AddAuditAnnotation(ctx, PluginName, auditMessageString) } } diff --git a/vendor/modules.txt b/vendor/modules.txt index 8ebc5748a1..2f3d3849f7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 +# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 +# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 +# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 +# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 -# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 @@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 +# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3048,7 +3048,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -3091,7 +3091,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3106,10 +3106,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 +# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 ## explicit; go 1.19 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3252,33 +3252,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230406142100-22308ca17734 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230406142100-22308ca17734 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230406142100-22308ca17734 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230406142100-22308ca17734 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230406142100-22308ca17734 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230406142100-22308ca17734 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230406142100-22308ca17734 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230406142100-22308ca17734 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230406142100-22308ca17734 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230406142100-22308ca17734 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230406142100-22308ca17734 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230406142100-22308ca17734 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230406142100-22308ca17734 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230406142100-22308ca17734 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230406142100-22308ca17734 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230406142100-22308ca17734 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230406142100-22308ca17734 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230406142100-22308ca17734 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230406142100-22308ca17734 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230406142100-22308ca17734 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230406142100-22308ca17734 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230406142100-22308ca17734 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230406142100-22308ca17734 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230406142100-22308ca17734 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230406142100-22308ca17734 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230406142100-22308ca17734 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230406142100-22308ca17734 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 From 783d870446a31050f2e4b5ae10a8bda3832a3b67 Mon Sep 17 00:00:00 2001 From: Zenghui Shi <zshi@redhat.com> Date: Wed, 12 Apr 2023 11:15:33 +0800 Subject: [PATCH 63/79] Upgrade openvswitch package version for 4.13 Minimal openvswitch version required by ovn-kubernetes in rhel9.2(4.13) is openvswitch3.1. Signed-off-by: Zenghui Shi <zshi@redhat.com> --- packaging/rpm/microshift.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index 5211608de5..7f7756533b 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -89,7 +89,7 @@ The microshift-selinux package provides the SELinux policy modules required by M %package networking Summary: Networking components for MicroShift -Requires: openvswitch2.17 +Requires: openvswitch3.1 Requires: NetworkManager Requires: NetworkManager-ovs Requires: jq @@ -296,6 +296,9 @@ systemctl enable --now --quiet openvswitch || true # Use Git command to generate the log and replace the VERSION string # LANG=C git log --date="format:%a %b %d %Y" --pretty="tformat:* %cd %an <%ae> VERSION%n- %s%n" packaging/rpm/microshift.spec %changelog +* Wed Apr 12 2023 Zenghui Shi <zshi@redhat.com> 4.13.0 +- Upgrade openvswitch package version to 3.1 + * Wed Mar 29 2023 Gregory Giguashvili <ggiguash@redhat.com> 4.13.0 - Upgrade golang build-time dependency to 1.19 version From 386642c9e69dc1869f66edc3739e8f4d90fb05cf Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 04:26:31 -0400 Subject: [PATCH 64/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-15-102029_amd64-2023-04-15_arm64-2023-04-15 (#1677) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update etcd/go.mod * update etcd/vendor * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.kube_git.var | 2 +- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- assets/release/release-aarch64.json | 6 +- assets/release/release-x86_64.json | 6 +- etcd/go.mod | 66 +-- etcd/go.sum | 40 +- etcd/vendor/golang.org/x/sys/unix/ioctl.go | 17 +- .../vendor/golang.org/x/sys/unix/ioctl_zos.go | 8 +- .../golang.org/x/sys/unix/ptrace_darwin.go | 6 + .../golang.org/x/sys/unix/ptrace_ios.go | 6 + .../golang.org/x/sys/unix/syscall_aix.go | 5 +- .../golang.org/x/sys/unix/syscall_bsd.go | 3 +- .../golang.org/x/sys/unix/syscall_darwin.go | 12 +- .../x/sys/unix/syscall_darwin_amd64.go | 1 + .../x/sys/unix/syscall_darwin_arm64.go | 1 + .../x/sys/unix/syscall_dragonfly.go | 1 + .../golang.org/x/sys/unix/syscall_freebsd.go | 43 +- .../x/sys/unix/syscall_freebsd_386.go | 17 +- .../x/sys/unix/syscall_freebsd_amd64.go | 17 +- .../x/sys/unix/syscall_freebsd_arm.go | 15 +- .../x/sys/unix/syscall_freebsd_arm64.go | 15 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 15 +- .../golang.org/x/sys/unix/syscall_hurd.go | 8 + .../golang.org/x/sys/unix/syscall_linux.go | 36 +- .../golang.org/x/sys/unix/syscall_netbsd.go | 5 +- .../golang.org/x/sys/unix/syscall_openbsd.go | 1 + .../golang.org/x/sys/unix/syscall_solaris.go | 21 +- .../x/sys/unix/syscall_zos_s390x.go | 4 +- .../golang.org/x/sys/unix/zerrors_linux.go | 10 +- .../x/sys/unix/zptrace_armnn_linux.go | 8 +- .../x/sys/unix/zptrace_linux_arm64.go | 4 +- .../x/sys/unix/zptrace_mipsnn_linux.go | 8 +- .../x/sys/unix/zptrace_mipsnnle_linux.go | 8 +- .../x/sys/unix/zptrace_x86_linux.go | 8 +- .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 10 + .../x/sys/unix/zsyscall_aix_ppc64.go | 10 + .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 7 + .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 8 + .../x/sys/unix/zsyscall_darwin_amd64.go | 16 + .../x/sys/unix/zsyscall_darwin_arm64.go | 16 + .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 + .../x/sys/unix/zsyscall_freebsd_386.go | 20 + .../x/sys/unix/zsyscall_freebsd_amd64.go | 20 + .../x/sys/unix/zsyscall_freebsd_arm.go | 20 + .../x/sys/unix/zsyscall_freebsd_arm64.go | 20 + .../x/sys/unix/zsyscall_freebsd_riscv64.go | 20 + .../golang.org/x/sys/unix/zsyscall_linux.go | 10 + .../x/sys/unix/zsyscall_netbsd_386.go | 10 + .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 + .../x/sys/unix/zsyscall_netbsd_arm.go | 10 + .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 + .../x/sys/unix/zsyscall_openbsd_386.go | 8 + .../x/sys/unix/zsyscall_openbsd_amd64.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm64.go | 8 + .../x/sys/unix/zsyscall_openbsd_mips64.go | 8 + .../x/sys/unix/zsyscall_openbsd_ppc64.go | 8 + .../x/sys/unix/zsyscall_openbsd_riscv64.go | 8 + .../x/sys/unix/zsyscall_solaris_amd64.go | 11 + .../x/sys/unix/zsyscall_zos_s390x.go | 10 + .../x/sys/unix/ztypes_freebsd_386.go | 2 +- .../x/sys/unix/ztypes_freebsd_amd64.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm64.go | 2 +- .../x/sys/unix/ztypes_freebsd_riscv64.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux.go | 140 ++++-- .../golang.org/x/sys/unix/ztypes_linux_386.go | 2 +- .../x/sys/unix/ztypes_linux_amd64.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_arm.go | 2 +- .../x/sys/unix/ztypes_linux_arm64.go | 2 +- .../x/sys/unix/ztypes_linux_loong64.go | 2 +- .../x/sys/unix/ztypes_linux_mips.go | 2 +- .../x/sys/unix/ztypes_linux_mips64.go | 2 +- .../x/sys/unix/ztypes_linux_mips64le.go | 2 +- .../x/sys/unix/ztypes_linux_mipsle.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64le.go | 2 +- .../x/sys/unix/ztypes_linux_riscv64.go | 2 +- .../x/sys/unix/ztypes_linux_s390x.go | 2 +- .../x/sys/unix/ztypes_linux_sparc64.go | 2 +- .../x/sys/windows/syscall_windows.go | 6 +- .../golang.org/x/sys/windows/types_windows.go | 85 ++++ .../x/sys/windows/zsyscall_windows.go | 27 + .../x/text/encoding/internal/internal.go | 2 +- .../x/text/unicode/norm/forminfo.go | 2 +- .../vendor/k8s.io/api/core/v1/generated.proto | 2 +- etcd/vendor/k8s.io/api/core/v1/types.go | 2 +- .../core/v1/types_swagger_doc_generated.go | 2 +- .../discovery/aggregated_discovery.go | 44 +- .../discovery/cached/memory/memcache.go | 53 +- .../client-go/discovery/discovery_client.go | 118 +++-- etcd/vendor/modules.txt | 78 +-- go.mod | 80 +-- go.sum | 135 ++--- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 77 ++- scripts/auto-rebase/commits.txt | 14 +- scripts/auto-rebase/last_rebase.sh | 2 +- .../libcontainer/cgroups/ebpf/ebpf_linux.go | 2 +- .../runc/libcontainer/cgroups/fs/fs.go | 1 + .../libcontainer/cgroups/systemd/common.go | 66 ++- .../libcontainer/cgroups/systemd/cpuset.go | 5 + .../runc/libcontainer/cgroups/systemd/v1.go | 12 +- .../runc/libcontainer/cgroups/systemd/v2.go | 2 +- .../runc/libcontainer/cgroups/utils.go | 6 +- .../configs/validate/validator.go | 5 +- .../runc/libcontainer/container_linux.go | 2 +- .../runc/libcontainer/eaccess_go119.go | 17 + .../runc/libcontainer/eaccess_stub.go | 10 + .../runc/libcontainer/factory_linux.go | 11 +- .../runc/libcontainer/init_linux.go | 5 +- .../runc/libcontainer/rootfs_linux.go | 82 +-- .../runc/libcontainer/standard_init_linux.go | 11 +- .../opencontainers/runc/libcontainer/sync.go | 14 +- .../runc/libcontainer/system/linux.go | 19 - .../runc/libcontainer/user/user.go | 14 +- .../sccmatching/patched_sc_accessors.go | 471 ++++++++++++++++++ .../sccmatching/provider.go | 46 +- vendor/golang.org/x/net/html/doc.go | 15 + vendor/golang.org/x/net/html/escape.go | 81 +++ vendor/golang.org/x/net/html/render.go | 2 +- vendor/golang.org/x/net/html/token.go | 10 +- .../x/sync/singleflight/singleflight.go | 11 +- vendor/golang.org/x/sys/cpu/hwcap_linux.go | 15 + vendor/golang.org/x/sys/cpu/runtime_auxv.go | 16 + .../x/sys/cpu/runtime_auxv_go121.go | 19 + vendor/golang.org/x/sys/execabs/execabs.go | 2 +- .../golang.org/x/sys/execabs/execabs_go118.go | 6 + .../golang.org/x/sys/execabs/execabs_go119.go | 4 + vendor/golang.org/x/sys/unix/ioctl.go | 17 +- vendor/golang.org/x/sys/unix/ioctl_zos.go | 8 +- vendor/golang.org/x/sys/unix/ptrace_darwin.go | 6 + vendor/golang.org/x/sys/unix/ptrace_ios.go | 6 + vendor/golang.org/x/sys/unix/syscall_aix.go | 5 +- vendor/golang.org/x/sys/unix/syscall_bsd.go | 3 +- .../golang.org/x/sys/unix/syscall_darwin.go | 12 +- .../x/sys/unix/syscall_darwin_amd64.go | 1 + .../x/sys/unix/syscall_darwin_arm64.go | 1 + .../x/sys/unix/syscall_dragonfly.go | 1 + .../golang.org/x/sys/unix/syscall_freebsd.go | 43 +- .../x/sys/unix/syscall_freebsd_386.go | 17 +- .../x/sys/unix/syscall_freebsd_amd64.go | 17 +- .../x/sys/unix/syscall_freebsd_arm.go | 15 +- .../x/sys/unix/syscall_freebsd_arm64.go | 15 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 15 +- vendor/golang.org/x/sys/unix/syscall_hurd.go | 8 + vendor/golang.org/x/sys/unix/syscall_linux.go | 36 +- .../golang.org/x/sys/unix/syscall_netbsd.go | 5 +- .../golang.org/x/sys/unix/syscall_openbsd.go | 1 + .../golang.org/x/sys/unix/syscall_solaris.go | 21 +- .../x/sys/unix/syscall_zos_s390x.go | 4 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 10 +- .../x/sys/unix/zptrace_armnn_linux.go | 8 +- .../x/sys/unix/zptrace_linux_arm64.go | 4 +- .../x/sys/unix/zptrace_mipsnn_linux.go | 8 +- .../x/sys/unix/zptrace_mipsnnle_linux.go | 8 +- .../x/sys/unix/zptrace_x86_linux.go | 8 +- .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 10 + .../x/sys/unix/zsyscall_aix_ppc64.go | 10 + .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 7 + .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 8 + .../x/sys/unix/zsyscall_darwin_amd64.go | 16 + .../x/sys/unix/zsyscall_darwin_arm64.go | 16 + .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 + .../x/sys/unix/zsyscall_freebsd_386.go | 20 + .../x/sys/unix/zsyscall_freebsd_amd64.go | 20 + .../x/sys/unix/zsyscall_freebsd_arm.go | 20 + .../x/sys/unix/zsyscall_freebsd_arm64.go | 20 + .../x/sys/unix/zsyscall_freebsd_riscv64.go | 20 + .../golang.org/x/sys/unix/zsyscall_linux.go | 10 + .../x/sys/unix/zsyscall_netbsd_386.go | 10 + .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 + .../x/sys/unix/zsyscall_netbsd_arm.go | 10 + .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 + .../x/sys/unix/zsyscall_openbsd_386.go | 8 + .../x/sys/unix/zsyscall_openbsd_amd64.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm64.go | 8 + .../x/sys/unix/zsyscall_openbsd_mips64.go | 8 + .../x/sys/unix/zsyscall_openbsd_ppc64.go | 8 + .../x/sys/unix/zsyscall_openbsd_riscv64.go | 8 + .../x/sys/unix/zsyscall_solaris_amd64.go | 11 + .../x/sys/unix/zsyscall_zos_s390x.go | 10 + .../x/sys/unix/ztypes_freebsd_386.go | 2 +- .../x/sys/unix/ztypes_freebsd_amd64.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm64.go | 2 +- .../x/sys/unix/ztypes_freebsd_riscv64.go | 2 +- vendor/golang.org/x/sys/unix/ztypes_linux.go | 140 ++++-- .../golang.org/x/sys/unix/ztypes_linux_386.go | 2 +- .../x/sys/unix/ztypes_linux_amd64.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_arm.go | 2 +- .../x/sys/unix/ztypes_linux_arm64.go | 2 +- .../x/sys/unix/ztypes_linux_loong64.go | 2 +- .../x/sys/unix/ztypes_linux_mips.go | 2 +- .../x/sys/unix/ztypes_linux_mips64.go | 2 +- .../x/sys/unix/ztypes_linux_mips64le.go | 2 +- .../x/sys/unix/ztypes_linux_mipsle.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64le.go | 2 +- .../x/sys/unix/ztypes_linux_riscv64.go | 2 +- .../x/sys/unix/ztypes_linux_s390x.go | 2 +- .../x/sys/unix/ztypes_linux_sparc64.go | 2 +- .../x/sys/windows/syscall_windows.go | 6 +- .../golang.org/x/sys/windows/types_windows.go | 85 ++++ .../x/sys/windows/zsyscall_windows.go | 27 + .../x/text/encoding/internal/internal.go | 2 +- .../x/text/unicode/norm/forminfo.go | 2 +- .../x/tools/internal/gocommand/version.go | 23 + .../x/tools/internal/imports/fix.go | 9 +- .../x/tools/internal/imports/sortimports.go | 1 + .../x/tools/internal/imports/zstdlib.go | 188 ++++++- vendor/k8s.io/api/core/v1/generated.proto | 2 +- vendor/k8s.io/api/core/v1/types.go | 2 +- .../core/v1/types_swagger_doc_generated.go | 2 +- .../discovery/aggregated_discovery.go | 44 +- .../discovery/cached/memory/memcache.go | 53 +- .../client-go/discovery/discovery_client.go | 118 +++-- .../pkg/apiserver/handler_discovery.go | 31 +- .../pkg/api/persistentvolumeclaim/util.go | 4 + vendor/k8s.io/kubernetes/pkg/api/pod/util.go | 10 + .../pkg/apis/apps/validation/validation.go | 20 +- .../k8s.io/kubernetes/pkg/apis/core/types.go | 2 +- .../util/endpointslice/endpointset.go | 8 +- .../volume/attachdetach/util/util.go | 17 - .../volume/persistentvolume/pv_controller.go | 2 +- .../generated/openapi/zz_generated.openapi.go | 2 +- .../pkg/kubelet/cm/cgroup_manager_linux.go | 15 + .../pkg/scheduler/framework/interface.go | 3 + .../framework/parallelize/parallelism.go | 5 +- .../framework/plugins/volumebinding/binder.go | 10 +- .../scheduler/framework/runtime/framework.go | 4 + .../internal/queue/scheduling_queue.go | 77 +-- .../kubernetes/pkg/scheduler/scheduler.go | 9 +- .../operationexecutor/operation_generator.go | 10 + .../podsecurity/patch_podspecextractor.go | 4 + vendor/modules.txt | 132 ++--- .../konnectivity-client/pkg/client/client.go | 64 ++- .../konnectivity-client/pkg/client/conn.go | 14 +- 243 files changed, 3332 insertions(+), 1088 deletions(-) create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go create mode 100644 vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv.go create mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 63cb458e59..bddd5c16f5 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=0c79814882f4a4b842fbeab001c9f92f9de9a9b9 +KUBE_GIT_COMMIT=19816eefa6829861687df6dfe573708756c464cc KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index c2642c097e..fc3d3df035 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-14-004314 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-15-102028 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 4b7108c00f..bb064cd20a 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-13-171034 +OCP_VERSION := 4.13.0-0.nightly-2023-04-15-102029 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 3a2210835b..ae949a3574 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-14-004314" + "base": "4.13.0-0.nightly-arm64-2023-04-15-102028" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45262e0f012c6164200943a0505748103c23ae1559cc79fb404a6804e4a416c9", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b24b0ec97126bbf992d4a751e5656a22d818b94627c4db1c7d277222b8747dc1", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d200033f00b93660ccd079602f350c987b42a97e3ab16bed775d4ab9c85fb93", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 7cdd5cfe46..331aef7525 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-13-171034" + "base": "4.13.0-0.nightly-2023-04-15-102029" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b63259b7d82bf64968d77c9222ee87911105aa7a971e7b0740b551ab5b3527b", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:24da6891ed61d7172edc821275691303d48bb6d3287ecb27a43fed1f912e53d0", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c8266e902ee5402689563a9bf6d623d39ede6dca9263407612618440d39fbe2", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/etcd/go.mod b/etcd/go.mod index d6f82ab83f..28848e890b 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -111,11 +111,11 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.0 // indirect golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.7.0 // indirect + golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sys v0.6.0 // indirect + golang.org/x/term v0.6.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 725e704641..679bc75909 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -612,8 +612,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -686,12 +686,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -700,8 +700,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/etcd/vendor/golang.org/x/sys/unix/ioctl.go b/etcd/vendor/golang.org/x/sys/unix/ioctl.go index 1c51b0ec2b..7ce8dd406f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ioctl.go +++ b/etcd/vendor/golang.org/x/sys/unix/ioctl.go @@ -8,7 +8,6 @@ package unix import ( - "runtime" "unsafe" ) @@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error { // passing the integer value directly. func IoctlSetPointerInt(fd int, req uint, value int) error { v := int32(value) - return ioctl(fd, req, uintptr(unsafe.Pointer(&v))) + return ioctlPtr(fd, req, unsafe.Pointer(&v)) } // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. @@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // The req value will usually be TCSETA or TIOCSETA. func IoctlSetTermios(fd int, req uint, value *Termios) error { // TODO: if we get the chance, remove the req parameter. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlGetInt performs an ioctl operation which gets an integer value @@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } func IoctlGetTermios(fd int, req uint) (*Termios, error) { var value Termios - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go b/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go index 5384e7d91d..6532f09af2 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go +++ b/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go @@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go index 463c3eff7f..39dba6ca6a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go +++ b/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) error { return ptrace1(request, pid, addr, data) } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error { + return ptrace1Ptr(request, pid, addr, data) +} diff --git a/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go b/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go index ed0509a011..9ea66330a9 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go +++ b/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { return ENOTSUP } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + return ENOTSUP +} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go b/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go index 2db1b51e99..d9f5544ccf 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -411,6 +409,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 } func (w WaitStatus) TrapCause() int { return -1 } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX // There is no way to create a custom fcntl and to keep //sys fcntl easily, diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go index eda42671f1..7705c3270b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go index 192b071b3d..7064d6ebab 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -14,7 +14,6 @@ package unix import ( "fmt" - "runtime" "syscall" "unsafe" ) @@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) { func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error { - err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo))) - runtime.KeepAlive(ctlInfo) - return err + return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo)) } // IfreqMTU is struct ifreq used to get or set a network device's MTU. @@ -394,16 +392,14 @@ type IfreqMTU struct { func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) { var ifreq IfreqMTU copy(ifreq.Name[:], ifname) - err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq))) + err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq)) return &ifreq, err } // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU // of the network device specified by ifreq.Name. func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error { - err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq))) - runtime.KeepAlive(ifreq) - return err + return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq)) } //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go index b37310ce9b..9fa879806b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64 //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 //sys Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64 diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go index d51ec99630..f17b8c526a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT //sys Lstat(path string, stat *Stat_t) (err error) //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, stat *Statfs_t) (err error) diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index a41111a794..221efc26bc 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go index d50b9dc250..5bdde03e4a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } -//sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL @@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } //sys ptrace(request int, pid int, addr uintptr, data int) (err error) +//sys ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) @@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) { } func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) { - return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0) + return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0) } func PtraceGetRegs(pid int, regsout *Reg) (err error) { - return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0) + return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0) +} + +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + } + if countin > 0 { + _ = out[:countin] // check bounds + ioDesc.Addr = &out[0] + } else if out != nil { + ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero)) + } + ioDesc.SetLen(countin) + + err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0) + return int(ioDesc.Len), err } func PtraceLwpEvents(pid int, enable int) (err error) { return ptrace(PT_LWP_EVENTS, pid, 0, enable) } -func PtraceLwpInfo(pid int, info uintptr) (err error) { - return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{}))) +func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) { + return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info))) } func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) { @@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceSetRegs(pid int, regs *Reg) (err error) { - return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0) + return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0) } func PtraceSingleStep(pid int) (err error) { return ptrace(PT_STEP, pid, 1, 0) } +func Dup3(oldfd, newfd, flags int) error { + if oldfd == newfd || flags&^O_CLOEXEC != 0 { + return EINVAL + } + how := F_DUP2FD + if flags&O_CLOEXEC != 0 { + how = F_DUP2FD_CLOEXEC + } + _, err := fcntl(oldfd, how, newfd) + return err +} + /* * Exposed directly */ diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index 6a91d471d0..b8da510043 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 48110a0abb..47155c4839 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index 52f1d4b75a..08932093fa 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index 5537ee4f2e..d151a0d0e5 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index 164abd5d21..d5cd64b378 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go index 4ffb64808d..381fd4673b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go @@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { } return } + +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg))) + if r0 == -1 && er != nil { + err = er + } + return +} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go index 5443dddd48..9735331530 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) { return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o))) } +func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error { + return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s)) +} + // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html) // KeyctlInt calls keyctl commands in which each argument is an int. @@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) { } //sys ptrace(request int, pid int, addr uintptr, data uintptr) (err error) +//sys ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) { // The peek requests are machine-size oriented, so we wrap it @@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro // boundary. n := 0 if addr%SizeofPtr != 0 { - err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro for len(out) > 0 { // We use an internal buffer to guarantee alignment. // It's not documented if this is necessary, but we're paranoid. - err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c n := 0 if addr%SizeofPtr != 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c // Trailing edge. if len(data) > 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } func PtraceSetOptions(pid int, options int) (err error) { @@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) { func PtraceGetEventMsg(pid int) (msg uint, err error) { var data _C_long - err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data))) + err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data)) msg = uint(data) return } @@ -2154,6 +2158,14 @@ func isGroupMember(gid int) bool { return false } +func isCapDacOverrideSet() bool { + hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3} + data := [2]CapUserData{} + err := Capget(&hdr, &data[0]) + + return err == nil && data[0].Effective&(1<<CAP_DAC_OVERRIDE) != 0 +} + //sys faccessat(dirfd int, path string, mode uint32) (err error) //sys Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) @@ -2189,6 +2201,12 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { var uid int if flags&AT_EACCESS != 0 { uid = Geteuid() + if uid != 0 && isCapDacOverrideSet() { + // If CAP_DAC_OVERRIDE is set, file access check is + // done by the kernel in the same way as for root + // (see generic_permission() in the Linux sources). + uid = 0 + } } else { uid = Getuid() } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 35a3ad758f..e66865dccb 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -13,7 +13,6 @@ package unix import ( - "runtime" "syscall" "unsafe" ) @@ -178,13 +177,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL func IoctlGetPtmget(fd int, req uint) (*Ptmget, error) { var value Ptmget - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) - runtime.KeepAlive(value) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 9b67b908e5..5e9de23ae3 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -152,6 +152,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go b/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go index 07ac56109a..d3444b64d6 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -408,8 +408,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -547,21 +546,25 @@ func Minor(dev uint64) uint32 { */ //sys ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl +//sys ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) = libc.ioctl func ioctl(fd int, req uint, arg uintptr) (err error) { _, err = ioctlRet(fd, req, arg) return err } -func IoctlSetTermio(fd int, req uint, value *Termio) error { - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, err = ioctlPtrRet(fd, req, arg) return err } +func IoctlSetTermio(fd int, req uint, value *Termio) error { + return ioctlPtr(fd, req, unsafe.Pointer(value)) +} + func IoctlGetTermio(fd int, req uint) (*Termio, error) { var value Termio - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } @@ -1084,7 +1087,7 @@ func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) { func IoctlSetString(fd int, req uint, val string) error { bs := make([]byte, len(val)+1) copy(bs[:len(bs)-1], val) - err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0]))) + err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0])) runtime.KeepAlive(&bs[0]) return err } @@ -1118,7 +1121,7 @@ func (l *Lifreq) GetLifruUint() uint { } func IoctlLifreq(fd int, req uint, l *Lifreq) error { - return ioctl(fd, req, uintptr(unsafe.Pointer(l))) + return ioctlPtr(fd, req, unsafe.Pointer(l)) } // Strioctl Helpers @@ -1129,5 +1132,5 @@ func (s *Strioctl) SetInt(i int) { } func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) { - return ioctlRet(fd, req, uintptr(unsafe.Pointer(s))) + return ioctlPtrRet(fd, req, unsafe.Pointer(s)) } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 68b2f3e1cd..b295497ae4 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -139,8 +139,7 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < int(pp.Len) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -214,6 +213,7 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP //sys munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP //sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys Access(path string, mode uint32) (err error) = SYS___ACCESS_A //sys Chdir(path string) (err error) = SYS___CHDIR_A diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go index e174685adb..398c37e52d 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -70,6 +70,7 @@ const ( ALG_SET_DRBG_ENTROPY = 0x6 ALG_SET_IV = 0x2 ALG_SET_KEY = 0x1 + ALG_SET_KEY_BY_KEY_SERIAL = 0x7 ALG_SET_OP = 0x3 ANON_INODE_FS_MAGIC = 0x9041934 ARPHRD_6LOWPAN = 0x339 @@ -774,6 +775,8 @@ const ( DEVLINK_GENL_MCGRP_CONFIG_NAME = "config" DEVLINK_GENL_NAME = "devlink" DEVLINK_GENL_VERSION = 0x1 + DEVLINK_PORT_FN_CAP_MIGRATABLE = 0x2 + DEVLINK_PORT_FN_CAP_ROCE = 0x1 DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX = 0x14 DEVLINK_SUPPORTED_FLASH_OVERWRITE_SECTIONS = 0x3 DEVMEM_MAGIC = 0x454d444d @@ -1262,6 +1265,8 @@ const ( FSCRYPT_MODE_AES_256_CTS = 0x4 FSCRYPT_MODE_AES_256_HCTR2 = 0xa FSCRYPT_MODE_AES_256_XTS = 0x1 + FSCRYPT_MODE_SM4_CTS = 0x8 + FSCRYPT_MODE_SM4_XTS = 0x7 FSCRYPT_POLICY_FLAGS_PAD_16 = 0x2 FSCRYPT_POLICY_FLAGS_PAD_32 = 0x3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0x0 @@ -1280,8 +1285,6 @@ const ( FS_ENCRYPTION_MODE_AES_256_GCM = 0x2 FS_ENCRYPTION_MODE_AES_256_XTS = 0x1 FS_ENCRYPTION_MODE_INVALID = 0x0 - FS_ENCRYPTION_MODE_SPECK128_256_CTS = 0x8 - FS_ENCRYPTION_MODE_SPECK128_256_XTS = 0x7 FS_IOC_ADD_ENCRYPTION_KEY = 0xc0506617 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 0xc080661a FS_IOC_GET_ENCRYPTION_POLICY_EX = 0xc0096616 @@ -1770,6 +1773,7 @@ const ( LANDLOCK_ACCESS_FS_REFER = 0x2000 LANDLOCK_ACCESS_FS_REMOVE_DIR = 0x10 LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20 + LANDLOCK_ACCESS_FS_TRUNCATE = 0x4000 LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 LINUX_REBOOT_CMD_CAD_OFF = 0x0 @@ -1809,6 +1813,7 @@ const ( LWTUNNEL_IP_OPT_GENEVE_MAX = 0x3 LWTUNNEL_IP_OPT_VXLAN_MAX = 0x1 MADV_COLD = 0x14 + MADV_COLLAPSE = 0x19 MADV_DODUMP = 0x11 MADV_DOFORK = 0xb MADV_DONTDUMP = 0x10 @@ -2163,6 +2168,7 @@ const ( PACKET_FANOUT_DATA = 0x16 PACKET_FANOUT_EBPF = 0x7 PACKET_FANOUT_FLAG_DEFRAG = 0x8000 + PACKET_FANOUT_FLAG_IGNORE_OUTGOING = 0x4000 PACKET_FANOUT_FLAG_ROLLOVER = 0x1000 PACKET_FANOUT_FLAG_UNIQUEID = 0x2000 PACKET_FANOUT_HASH = 0x0 diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go index bd001a6e1c..97f20ca282 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go @@ -15,12 +15,12 @@ type PtraceRegsArm struct { // PtraceGetRegsArm fetches the registers used by arm binaries. func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsArm sets the registers used by arm binaries. func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsArm64 is the registers used by arm64 binaries. @@ -33,10 +33,10 @@ type PtraceRegsArm64 struct { // PtraceGetRegsArm64 fetches the registers used by arm64 binaries. func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsArm64 sets the registers used by arm64 binaries. func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go index 6cb6d688aa..834d2856dd 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go @@ -7,11 +7,11 @@ import "unsafe" // PtraceGetRegSetArm64 fetches the registers used by arm64 binaries. func PtraceGetRegSetArm64(pid, addr int, regsout *PtraceRegsArm64) error { iovec := Iovec{(*byte)(unsafe.Pointer(regsout)), uint64(unsafe.Sizeof(*regsout))} - return ptrace(PTRACE_GETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec))) + return ptracePtr(PTRACE_GETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec)) } // PtraceSetRegSetArm64 sets the registers used by arm64 binaries. func PtraceSetRegSetArm64(pid, addr int, regs *PtraceRegsArm64) error { iovec := Iovec{(*byte)(unsafe.Pointer(regs)), uint64(unsafe.Sizeof(*regs))} - return ptrace(PTRACE_SETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec))) + return ptracePtr(PTRACE_SETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec)) } diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go index c34d0639be..0b5f794305 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go @@ -21,12 +21,12 @@ type PtraceRegsMips struct { // PtraceGetRegsMips fetches the registers used by mips binaries. func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMips sets the registers used by mips binaries. func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsMips64 is the registers used by mips64 binaries. @@ -42,10 +42,10 @@ type PtraceRegsMips64 struct { // PtraceGetRegsMips64 fetches the registers used by mips64 binaries. func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMips64 sets the registers used by mips64 binaries. func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go index 3ccf0c0c4a..2807f7e646 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go @@ -21,12 +21,12 @@ type PtraceRegsMipsle struct { // PtraceGetRegsMipsle fetches the registers used by mipsle binaries. func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMipsle sets the registers used by mipsle binaries. func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsMips64le is the registers used by mips64le binaries. @@ -42,10 +42,10 @@ type PtraceRegsMips64le struct { // PtraceGetRegsMips64le fetches the registers used by mips64le binaries. func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMips64le sets the registers used by mips64le binaries. func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go index 7d65857004..281ea64e34 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go @@ -31,12 +31,12 @@ type PtraceRegs386 struct { // PtraceGetRegs386 fetches the registers used by 386 binaries. func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegs386 sets the registers used by 386 binaries. func PtraceSetRegs386(pid int, regs *PtraceRegs386) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsAmd64 is the registers used by amd64 binaries. @@ -72,10 +72,10 @@ type PtraceRegsAmd64 struct { // PtraceGetRegsAmd64 fetches the registers used by amd64 binaries. func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsAmd64 sets the registers used by amd64 binaries. func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go index 870215d2c4..ef9dcd1bef 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go @@ -223,6 +223,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg))) + if r0 == -1 && er != nil { + err = er + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) { r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg)) r = int(r0) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go index a89b0bfa53..f86a945923 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go @@ -103,6 +103,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, e1 := callioctl_ptr(fd, int(req), arg) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) { r0, e1 := callfcntl(fd, cmd, uintptr(arg)) r = int(r0) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go index 2caa5adf95..d32a84cae2 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go @@ -423,6 +423,13 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) { + r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) { r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fcntl)), 3, fd, uintptr(cmd), arg, 0, 0, 0) return diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go index 944a714b1a..d7d8baf819 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go @@ -191,6 +191,14 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) { + r1 = uintptr(C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg)))) + e1 = syscall.GetErrno() + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) { r1 = uintptr(C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))) e1 = syscall.GetErrno() diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index c2461c4967..a29ffdd566 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" @@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) { return } +func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ptrace_trampoline_addr uintptr //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 26a0fdc505..2fd4590bb7 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" @@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) { return } +func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ptrace_trampoline_addr uintptr //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go index 54749f9c5e..3b85134707 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go @@ -436,6 +436,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 77479d4581..1129065624 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 2e966d4d7a..55f5abfe59 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index d65a7c0fa6..d39651c2b5 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index 6f0b97c6db..ddb7408680 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index e1c23b5272..09a53a616c 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 36ea3a55b7..430cb24de7 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(arg) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 79f7389963..8e1d9c8f66 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index fb161f3a26..21c6950400 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 4c8ac993a8..298168f90a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 76dd8ec4fd..68b8bd492f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index caeb807bd4..0b0f910e1a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index a05e5f4fff..48ff5de75b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index b2da8e50cc..2452a641da 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 048b2655e6..5e35600a60 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 6f33e37e72..b04cef1a19 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 330cf7f7ac..47a07ee0c2 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 5f24de0d9d..573378fdb9 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 78d4a4240e..4873a1e5d3 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -657,6 +657,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) + ret = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0) n = int(r0) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index f2079457c6..07bfe2ef9a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go index d9c78cdcbc..29dc483378 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go @@ -362,7 +362,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go index 26991b1655..0a89b28906 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go @@ -367,7 +367,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go index f8324e7e7f..c8666bb152 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go @@ -350,7 +350,7 @@ type FpExtendedPrecision struct { type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go index 4220411f34..88fb48a887 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -347,7 +347,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go index 0660fd45c7..698dc975e9 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go @@ -348,7 +348,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go index 7d9fc8f1c9..ca84727cfe 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -456,36 +456,60 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 } type CanFilter struct { @@ -528,7 +552,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0x68 + SizeofTCPInfo = 0xf0 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -1043,6 +1067,7 @@ const ( PerfBitCommExec = CBitFieldMaskBit24 PerfBitUseClockID = CBitFieldMaskBit25 PerfBitContextSwitch = CBitFieldMaskBit26 + PerfBitWriteBackward = CBitFieldMaskBit27 ) const ( @@ -1239,7 +1264,7 @@ type TCPMD5Sig struct { Flags uint8 Prefixlen uint8 Keylen uint16 - _ uint32 + Ifindex int32 Key [80]uint8 } @@ -1939,7 +1964,11 @@ const ( NFT_MSG_GETOBJ = 0x13 NFT_MSG_DELOBJ = 0x14 NFT_MSG_GETOBJ_RESET = 0x15 - NFT_MSG_MAX = 0x19 + NFT_MSG_NEWFLOWTABLE = 0x16 + NFT_MSG_GETFLOWTABLE = 0x17 + NFT_MSG_DELFLOWTABLE = 0x18 + NFT_MSG_GETRULE_RESET = 0x19 + NFT_MSG_MAX = 0x1a NFTA_LIST_UNSPEC = 0x0 NFTA_LIST_ELEM = 0x1 NFTA_HOOK_UNSPEC = 0x0 @@ -2443,9 +2472,11 @@ const ( SOF_TIMESTAMPING_OPT_STATS = 0x1000 SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 + SOF_TIMESTAMPING_BIND_PHC = 0x8000 + SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000 - SOF_TIMESTAMPING_LAST = 0x8000 - SOF_TIMESTAMPING_MASK = 0xffff + SOF_TIMESTAMPING_LAST = 0x10000 + SOF_TIMESTAMPING_MASK = 0x1ffff SCM_TSTAMP_SND = 0x0 SCM_TSTAMP_SCHED = 0x1 @@ -3265,7 +3296,7 @@ const ( DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES = 0xae DEVLINK_ATTR_NESTED_DEVLINK = 0xaf DEVLINK_ATTR_SELFTESTS = 0xb0 - DEVLINK_ATTR_MAX = 0xb0 + DEVLINK_ATTR_MAX = 0xb3 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3281,7 +3312,8 @@ const ( DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR = 0x1 DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x3 + DEVLINK_PORT_FN_ATTR_CAPS = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 ) type FsverityDigest struct { @@ -3572,7 +3604,8 @@ const ( ETHTOOL_MSG_MODULE_SET = 0x23 ETHTOOL_MSG_PSE_GET = 0x24 ETHTOOL_MSG_PSE_SET = 0x25 - ETHTOOL_MSG_USER_MAX = 0x25 + ETHTOOL_MSG_RSS_GET = 0x26 + ETHTOOL_MSG_USER_MAX = 0x26 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3611,7 +3644,8 @@ const ( ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 ETHTOOL_MSG_MODULE_NTF = 0x24 ETHTOOL_MSG_PSE_GET_REPLY = 0x25 - ETHTOOL_MSG_KERNEL_MAX = 0x25 + ETHTOOL_MSG_RSS_GET_REPLY = 0x26 + ETHTOOL_MSG_KERNEL_MAX = 0x26 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3679,7 +3713,8 @@ const ( ETHTOOL_A_LINKSTATE_SQI_MAX = 0x4 ETHTOOL_A_LINKSTATE_EXT_STATE = 0x5 ETHTOOL_A_LINKSTATE_EXT_SUBSTATE = 0x6 - ETHTOOL_A_LINKSTATE_MAX = 0x6 + ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT = 0x7 + ETHTOOL_A_LINKSTATE_MAX = 0x7 ETHTOOL_A_DEBUG_UNSPEC = 0x0 ETHTOOL_A_DEBUG_HEADER = 0x1 ETHTOOL_A_DEBUG_MSGMASK = 0x2 @@ -4409,7 +4444,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x140 + NL80211_ATTR_MAX = 0x141 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4552,6 +4587,7 @@ const ( NL80211_ATTR_SUPPORT_MESH_AUTH = 0x73 NL80211_ATTR_SURVEY_INFO = 0x54 NL80211_ATTR_SURVEY_RADIO_STATS = 0xda + NL80211_ATTR_TD_BITMAP = 0x141 NL80211_ATTR_TDLS_ACTION = 0x88 NL80211_ATTR_TDLS_DIALOG_TOKEN = 0x89 NL80211_ATTR_TDLS_EXTERNAL_SETUP = 0x8c @@ -5752,3 +5788,25 @@ const ( AUDIT_NLGRP_NONE = 0x0 AUDIT_NLGRP_READLOG = 0x1 ) + +const ( + TUN_F_CSUM = 0x1 + TUN_F_TSO4 = 0x2 + TUN_F_TSO6 = 0x4 + TUN_F_TSO_ECN = 0x8 + TUN_F_UFO = 0x10 +) + +const ( + VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1 + VIRTIO_NET_HDR_F_DATA_VALID = 0x2 + VIRTIO_NET_HDR_F_RSC_INFO = 0x4 +) + +const ( + VIRTIO_NET_HDR_GSO_NONE = 0x0 + VIRTIO_NET_HDR_GSO_TCPV4 = 0x1 + VIRTIO_NET_HDR_GSO_UDP = 0x3 + VIRTIO_NET_HDR_GSO_TCPV6 = 0x4 + VIRTIO_NET_HDR_GSO_ECN = 0x80 +) diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 89c516a29a..4ecc1495cd 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -414,7 +414,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 62b4fb2699..34fddff964 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -427,7 +427,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index e86b35893e..3b14a6031f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -405,7 +405,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 6c6be4c911..0517651ab3 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -406,7 +406,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 4982ea355a..3b0c518134 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -407,7 +407,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 173141a670..fccdf4dd0f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 93ae4c5167..500de8fc07 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 4e4e510ca5..d0434cd2c6 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 3f5ba013d9..84206ba534 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 71dfe7cdb4..ab078cf1f5 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -417,7 +417,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 3a2b7f0a66..42eb2c4cef 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index a52d627563..31304a4e8b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index dfc007d8a6..c311f9612d 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -434,7 +434,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index b53cb9103d..bba3cefac1 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -429,7 +429,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index fe0aa35472..ad8a013804 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -411,7 +411,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go index 41cb3c01fd..3723b2c224 100644 --- a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0)) //sys WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup //sys WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup //sys WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl +//sys WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW +//sys WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW +//sys WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd //sys socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket //sys sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto //sys recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom @@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/etcd/vendor/golang.org/x/sys/windows/types_windows.go b/etcd/vendor/golang.org/x/sys/windows/types_windows.go index 0c4add9741..857acf1032 100644 --- a/etcd/vendor/golang.org/x/sys/windows/types_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/types_windows.go @@ -1243,6 +1243,51 @@ const ( DnsSectionAdditional = 0x0003 ) +const ( + // flags of WSALookupService + LUP_DEEP = 0x0001 + LUP_CONTAINERS = 0x0002 + LUP_NOCONTAINERS = 0x0004 + LUP_NEAREST = 0x0008 + LUP_RETURN_NAME = 0x0010 + LUP_RETURN_TYPE = 0x0020 + LUP_RETURN_VERSION = 0x0040 + LUP_RETURN_COMMENT = 0x0080 + LUP_RETURN_ADDR = 0x0100 + LUP_RETURN_BLOB = 0x0200 + LUP_RETURN_ALIASES = 0x0400 + LUP_RETURN_QUERY_STRING = 0x0800 + LUP_RETURN_ALL = 0x0FF0 + LUP_RES_SERVICE = 0x8000 + + LUP_FLUSHCACHE = 0x1000 + LUP_FLUSHPREVIOUS = 0x2000 + + LUP_NON_AUTHORITATIVE = 0x4000 + LUP_SECURE = 0x8000 + LUP_RETURN_PREFERRED_NAMES = 0x10000 + LUP_DNS_ONLY = 0x20000 + + LUP_ADDRCONFIG = 0x100000 + LUP_DUAL_ADDR = 0x200000 + LUP_FILESERVER = 0x400000 + LUP_DISABLE_IDN_ENCODING = 0x00800000 + LUP_API_ANSI = 0x01000000 + + LUP_RESOLUTION_HANDLE = 0x80000000 +) + +const ( + // values of WSAQUERYSET's namespace + NS_ALL = 0 + NS_DNS = 12 + NS_NLA = 15 + NS_BTH = 16 + NS_EMAIL = 37 + NS_PNRPNAME = 38 + NS_PNRPCLOUD = 39 +) + type DNSSRVData struct { Target *uint16 Priority uint16 @@ -3258,3 +3303,43 @@ const ( DWMWA_TEXT_COLOR = 36 DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37 ) + +type WSAQUERYSET struct { + Size uint32 + ServiceInstanceName *uint16 + ServiceClassId *GUID + Version *WSAVersion + Comment *uint16 + NameSpace uint32 + NSProviderId *GUID + Context *uint16 + NumberOfProtocols uint32 + AfpProtocols *AFProtocols + QueryString *uint16 + NumberOfCsAddrs uint32 + SaBuffer *CSAddrInfo + OutputFlags uint32 + Blob *BLOB +} + +type WSAVersion struct { + Version uint32 + EnumerationOfComparison int32 +} + +type AFProtocols struct { + AddressFamily int32 + Protocol int32 +} + +type CSAddrInfo struct { + LocalAddr SocketAddress + RemoteAddr SocketAddress + SocketType int32 + Protocol int32 +} + +type BLOB struct { + Size uint32 + BlobData *byte +} diff --git a/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go index ac60052e44..6d2a268534 100644 --- a/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -474,6 +474,9 @@ var ( procWSAEnumProtocolsW = modws2_32.NewProc("WSAEnumProtocolsW") procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult") procWSAIoctl = modws2_32.NewProc("WSAIoctl") + procWSALookupServiceBeginW = modws2_32.NewProc("WSALookupServiceBeginW") + procWSALookupServiceEnd = modws2_32.NewProc("WSALookupServiceEnd") + procWSALookupServiceNextW = modws2_32.NewProc("WSALookupServiceNextW") procWSARecv = modws2_32.NewProc("WSARecv") procWSARecvFrom = modws2_32.NewProc("WSARecvFrom") procWSASend = modws2_32.NewProc("WSASend") @@ -4067,6 +4070,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo return } +func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle))) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceEnd(handle Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) { + r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) { r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0) if r1 == socket_error { diff --git a/etcd/vendor/golang.org/x/text/encoding/internal/internal.go b/etcd/vendor/golang.org/x/text/encoding/internal/internal.go index 75a5fd1658..413e6fc6d7 100644 --- a/etcd/vendor/golang.org/x/text/encoding/internal/internal.go +++ b/etcd/vendor/golang.org/x/text/encoding/internal/internal.go @@ -64,7 +64,7 @@ func (e FuncEncoding) NewEncoder() *encoding.Encoder { // byte. type RepertoireError byte -// Error implements the error interrface. +// Error implements the error interface. func (r RepertoireError) Error() string { return "encoding: rune not supported by encoding." } diff --git a/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go b/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go index d69ccb4f97..487335d14d 100644 --- a/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go +++ b/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go @@ -13,7 +13,7 @@ import "encoding/binary" // a rune to a uint16. The values take two forms. For v >= 0x8000: // bits // 15: 1 (inverse of NFD_QC bit of qcInfo) -// 13..7: qcInfo (see below). isYesD is always true (no decompostion). +// 13..7: qcInfo (see below). isYesD is always true (no decomposition). // 6..0: ccc (compressed CCC value). // For v < 0x8000, the respective rune has a decomposition and v is an index // into a byte array of UTF-8 decomposition sequences and additional info and diff --git a/etcd/vendor/k8s.io/api/core/v1/generated.proto b/etcd/vendor/k8s.io/api/core/v1/generated.proto index 9264bfd98b..416811e291 100644 --- a/etcd/vendor/k8s.io/api/core/v1/generated.proto +++ b/etcd/vendor/k8s.io/api/core/v1/generated.proto @@ -4512,7 +4512,7 @@ message ResourceRequirements { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/etcd/vendor/k8s.io/api/core/v1/types.go b/etcd/vendor/k8s.io/api/core/v1/types.go index 4be1df0c1d..0101e95d91 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types.go +++ b/etcd/vendor/k8s.io/api/core/v1/types.go @@ -2320,7 +2320,7 @@ type ResourceRequirements struct { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index 6c6fe2e006..99391a423d 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -2041,7 +2041,7 @@ var map_ResourceRequirements = map[string]string{ "": "ResourceRequirements describes the compute resource requirements.", "limits": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "requests": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", } func (ResourceRequirements) SwaggerDoc() map[string]string { diff --git a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 033a4c8fc3..758b0a3ac8 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -24,19 +24,36 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" ) +// StaleGroupVersionError encasulates failed GroupVersion marked "stale" +// in the returned AggregatedDiscovery format. +type StaleGroupVersionError struct { + gv schema.GroupVersion +} + +func (s StaleGroupVersionError) Error() string { + return fmt.Sprintf("stale GroupVersion discovery: %v", s.gv) +} + // SplitGroupsAndResources transforms "aggregated" discovery top-level structure into // the previous "unaggregated" discovery groups and resources. -func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList) { +func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Aggregated group list will contain the entirety of discovery, including - // groups, versions, and resources. + // groups, versions, and resources. GroupVersions marked "stale" are failed. groups := []*metav1.APIGroup{} + failedGVs := map[schema.GroupVersion]error{} resourcesByGV := map[schema.GroupVersion]*metav1.APIResourceList{} for _, aggGroup := range aggregatedGroups.Items { - group, resources := convertAPIGroup(aggGroup) + group, resources, failed := convertAPIGroup(aggGroup) groups = append(groups, group) for gv, resourceList := range resources { resourcesByGV[gv] = resourceList } + for gv, err := range failed { + failedGVs[gv] = err + } } // Transform slice of groups to group list before returning. groupList := &metav1.APIGroupList{} @@ -44,23 +61,32 @@ func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList for _, group := range groups { groupList.Groups = append(groupList.Groups, *group) } - return groupList, resourcesByGV + return groupList, resourcesByGV, failedGVs } // convertAPIGroup tranforms an "aggregated" APIGroupDiscovery to an "legacy" APIGroup, // also returning the map of APIResourceList for resources within GroupVersions. -func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[schema.GroupVersion]*metav1.APIResourceList) { +func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( + *metav1.APIGroup, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Iterate through versions to convert to group and resources. group := &metav1.APIGroup{} gvResources := map[schema.GroupVersion]*metav1.APIResourceList{} + failedGVs := map[schema.GroupVersion]error{} group.Name = g.ObjectMeta.Name - for i, v := range g.Versions { - version := metav1.GroupVersionForDiscovery{} + for _, v := range g.Versions { gv := schema.GroupVersion{Group: g.Name, Version: v.Version} + if v.Freshness == apidiscovery.DiscoveryFreshnessStale { + failedGVs[gv] = StaleGroupVersionError{gv: gv} + continue + } + version := metav1.GroupVersionForDiscovery{} version.GroupVersion = gv.String() version.Version = v.Version group.Versions = append(group.Versions, version) - if i == 0 { + // PreferredVersion is first non-stale Version + if group.PreferredVersion == (metav1.GroupVersionForDiscovery{}) { group.PreferredVersion = version } resourceList := &metav1.APIResourceList{} @@ -76,7 +102,7 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[sc } gvResources[gv] = resourceList } - return group, gvResources + return group, gvResources, failedGVs } // convertAPIResource tranforms a APIResourceDiscovery to an APIResource. diff --git a/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go b/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go index 0a41018474..9143ce00ab 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go +++ b/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go @@ -33,6 +33,7 @@ import ( "k8s.io/client-go/openapi" cachedopenapi "k8s.io/client-go/openapi/cached" restclient "k8s.io/client-go/rest" + "k8s.io/klog/v2" ) type cacheEntry struct { @@ -61,6 +62,15 @@ var ( ErrCacheNotFound = errors.New("not found") ) +// Server returning empty ResourceList for Group/Version. +type emptyResponseError struct { + gv string +} + +func (e *emptyResponseError) Error() string { + return fmt.Sprintf("received empty response for: %s", e.gv) +} + var _ discovery.CachedDiscoveryInterface = &memCacheClient{} // isTransientConnectionError checks whether given error is "Connection refused" or @@ -103,7 +113,13 @@ func (d *memCacheClient) ServerResourcesForGroupVersion(groupVersion string) (*m if cachedVal.err != nil && isTransientError(cachedVal.err) { r, err := d.serverResourcesForGroupVersion(groupVersion) if err != nil { - utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err)) + // Don't log "empty response" as an error; it is a common response for metrics. + if _, emptyErr := err.(*emptyResponseError); emptyErr { + // Log at same verbosity as disk cache. + klog.V(3).Infof("%v", err) + } else { + utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err)) + } } cachedVal = &cacheEntry{r, err} d.groupToServerResources[groupVersion] = cachedVal @@ -120,32 +136,38 @@ func (d *memCacheClient) ServerGroupsAndResources() ([]*metav1.APIGroup, []*meta // GroupsAndMaybeResources returns the list of APIGroups, and possibly the map of group/version // to resources. The returned groups will never be nil, but the resources map can be nil // if there are no cached resources. -func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) { d.lock.Lock() defer d.lock.Unlock() if !d.cacheValid { if err := d.refreshLocked(); err != nil { - return nil, nil, err + return nil, nil, nil, err } } // Build the resourceList from the cache? var resourcesMap map[schema.GroupVersion]*metav1.APIResourceList + var failedGVs map[schema.GroupVersion]error if d.receivedAggregatedDiscovery && len(d.groupToServerResources) > 0 { resourcesMap = map[schema.GroupVersion]*metav1.APIResourceList{} + failedGVs = map[schema.GroupVersion]error{} for gv, cacheEntry := range d.groupToServerResources { groupVersion, err := schema.ParseGroupVersion(gv) if err != nil { - return nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err) + return nil, nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err) + } + if cacheEntry.err != nil { + failedGVs[groupVersion] = cacheEntry.err + } else { + resourcesMap[groupVersion] = cacheEntry.resourceList } - resourcesMap[groupVersion] = cacheEntry.resourceList } } - return d.groupList, resourcesMap, nil + return d.groupList, resourcesMap, failedGVs, nil } func (d *memCacheClient) ServerGroups() (*metav1.APIGroupList, error) { - groups, _, err := d.GroupsAndMaybeResources() + groups, _, _, err := d.GroupsAndMaybeResources() if err != nil { return nil, err } @@ -219,7 +241,8 @@ func (d *memCacheClient) refreshLocked() error { if ad, ok := d.delegate.(discovery.AggregatedDiscoveryInterface); ok { var resources map[schema.GroupVersion]*metav1.APIResourceList - gl, resources, err = ad.GroupsAndMaybeResources() + var failedGVs map[schema.GroupVersion]error + gl, resources, failedGVs, err = ad.GroupsAndMaybeResources() if resources != nil && err == nil { // Cache the resources. d.groupToServerResources = map[string]*cacheEntry{} @@ -227,6 +250,10 @@ func (d *memCacheClient) refreshLocked() error { for gv, resources := range resources { d.groupToServerResources[gv.String()] = &cacheEntry{resources, nil} } + // Cache GroupVersion discovery errors + for gv, err := range failedGVs { + d.groupToServerResources[gv.String()] = &cacheEntry{nil, err} + } d.receivedAggregatedDiscovery = true d.cacheValid = true return nil @@ -252,7 +279,13 @@ func (d *memCacheClient) refreshLocked() error { r, err := d.serverResourcesForGroupVersion(gv) if err != nil { - utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err)) + // Don't log "empty response" as an error; it is a common response for metrics. + if _, emptyErr := err.(*emptyResponseError); emptyErr { + // Log at same verbosity as disk cache. + klog.V(3).Infof("%v", err) + } else { + utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err)) + } } resultLock.Lock() @@ -274,7 +307,7 @@ func (d *memCacheClient) serverResourcesForGroupVersion(groupVersion string) (*m return r, err } if len(r.APIResources) == 0 { - return r, fmt.Errorf("Got empty response for: %v", groupVersion) + return r, &emptyResponseError{gv: groupVersion} } return r, nil } diff --git a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go index 43906190fb..641568008b 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -86,7 +86,7 @@ type DiscoveryInterface interface { type AggregatedDiscoveryInterface interface { DiscoveryInterface - GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) + GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) } // CachedDiscoveryInterface is a DiscoveryInterface with cache invalidation and freshness. @@ -186,18 +186,23 @@ func apiVersionsToAPIGroup(apiVersions *metav1.APIVersions) (apiGroup metav1.API // and resources from /api and /apis (either aggregated or not). Legacy groups // must be ordered first. The server will either return both endpoints (/api, /apis) // as aggregated discovery format or legacy format. For safety, resources will only -// be returned if both endpoints returned resources. -func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// be returned if both endpoints returned resources. Returned "failedGVs" can be +// empty, but will only be nil in the case an error is returned. +func (d *DiscoveryClient) GroupsAndMaybeResources() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { // Legacy group ordered first (there is only one -- core/v1 group). Returned groups must // be non-nil, but it could be empty. Returned resources, apiResources map could be nil. - groups, resources, err := d.downloadLegacy() + groups, resources, failedGVs, err := d.downloadLegacy() if err != nil { - return nil, nil, err + return nil, nil, nil, err } // Discovery groups and (possibly) resources downloaded from /apis. - apiGroups, apiResources, aerr := d.downloadAPIs() + apiGroups, apiResources, failedApisGVs, aerr := d.downloadAPIs() if aerr != nil { - return nil, nil, aerr + return nil, nil, nil, aerr } // Merge apis groups into the legacy groups. for _, group := range apiGroups.Groups { @@ -211,14 +216,23 @@ func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[s } else if resources != nil { resources = nil } - return groups, resources, err + // Merge failed GroupVersions from /api and /apis + for gv, err := range failedApisGVs { + failedGVs[gv] = err + } + return groups, resources, failedGVs, err } // downloadLegacy returns the discovery groups and possibly resources // for the legacy v1 GVR at /api, or an error if one occurred. It is // possible for the resource map to be nil if the server returned -// the unaggregated discovery. -func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// the unaggregated discovery. Returned "failedGVs" can be empty, but +// will only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadLegacy() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -230,16 +244,19 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /apis. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} + if err != nil { + // Tolerate 404, since aggregated api servers can return it. + if errors.IsNotFound(err) { + // Return empty structures and no error. + emptyGVMap := map[schema.GroupVersion]*metav1.APIResourceList{} + return apiGroupList, emptyGVMap, failedGVs, nil + } else { + return nil, nil, nil, err + } } - apiGroupList := &metav1.APIGroupList{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { @@ -247,7 +264,7 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { - return nil, nil, err + return nil, nil, nil, err } apiGroup := metav1.APIGroup{} if len(v.Versions) != 0 { @@ -258,20 +275,25 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // downloadAPIs returns the discovery groups and (if aggregated format) the // discovery resources. The returned groups will always exist, but the -// resources map may be nil. -func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// resources map may be nil. Returned "failedGVs" can be empty, but will +// only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadAPIs() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -283,42 +305,38 @@ func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.Group Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /api. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + if err != nil { + return nil, nil, nil, err } apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { case AcceptV1: err = json.Unmarshal(body, apiGroupList) if err != nil { - return nil, nil, err + return nil, nil, nil, err } case AcceptV2Beta1: var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { - groups, _, err := d.GroupsAndMaybeResources() + groups, _, _, err := d.GroupsAndMaybeResources() if err != nil { return nil, err } @@ -341,8 +359,10 @@ func (d *DiscoveryClient) ServerResourcesForGroupVersion(groupVersion string) (r } err = d.restClient.Get().AbsPath(url.String()).Do(context.TODO()).Into(resources) if err != nil { - // ignore 403 or 404 error to be compatible with an v1.0 server. - if groupVersion == "v1" && (errors.IsNotFound(err) || errors.IsForbidden(err)) { + // Tolerate core/v1 not found response by returning empty resource list; + // this probably should not happen. But we should verify all callers are + // not depending on this toleration before removal. + if groupVersion == "v1" && errors.IsNotFound(err) { return resources, nil } return nil, err @@ -383,13 +403,14 @@ func IsGroupDiscoveryFailedError(err error) bool { func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*metav1.APIResourceList, error) { var sgs *metav1.APIGroupList var resources []*metav1.APIResourceList + var failedGVs map[schema.GroupVersion]error var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, // then attempt to retrieve aggregated discovery with both groups and the resources. if ad, ok := d.(AggregatedDiscoveryInterface); ok { var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList - sgs, resourcesByGV, err = ad.GroupsAndMaybeResources() + sgs, resourcesByGV, failedGVs, err = ad.GroupsAndMaybeResources() for _, resourceList := range resourcesByGV { resources = append(resources, resourceList) } @@ -404,8 +425,15 @@ func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*meta for i := range sgs.Groups { resultGroups = append(resultGroups, &sgs.Groups[i]) } + // resources is non-nil if aggregated discovery succeeded. if resources != nil { - return resultGroups, resources, nil + // Any stale Group/Versions returned by aggregated discovery + // must be surfaced to the caller as failed Group/Versions. + var ferr error + if len(failedGVs) > 0 { + ferr = &ErrGroupDiscoveryFailed{Groups: failedGVs} + } + return resultGroups, resources, ferr } groupVersionResources, failedGroups := fetchGroupVersionResources(d, sgs) @@ -436,16 +464,18 @@ func ServerPreferredResources(d DiscoveryInterface) ([]*metav1.APIResourceList, var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, - // then it is attempt to retrieve both the groups and the resources. + // then it is attempt to retrieve both the groups and the resources. "failedGroups" + // are Group/Versions returned as stale in AggregatedDiscovery format. ad, ok := d.(AggregatedDiscoveryInterface) if ok { - serverGroupList, groupVersionResources, err = ad.GroupsAndMaybeResources() + serverGroupList, groupVersionResources, failedGroups, err = ad.GroupsAndMaybeResources() } else { serverGroupList, err = d.ServerGroups() } if err != nil { return nil, err } + // Non-aggregated discovery must fetch resources from Groups. if groupVersionResources == nil { groupVersionResources, failedGroups = fetchGroupVersionResources(d, serverGroupList) } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 62ccaa7daf..783d414ac3 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -425,7 +425,7 @@ go.uber.org/zap/zapgrpc ## explicit; go 1.17 golang.org/x/crypto/bcrypt golang.org/x/crypto/blowfish -# golang.org/x/net v0.7.0 +# golang.org/x/net v0.8.0 ## explicit; go 1.17 golang.org/x/net/context golang.org/x/net/context/ctxhttp @@ -441,17 +441,17 @@ golang.org/x/net/trace ## explicit; go 1.11 golang.org/x/oauth2 golang.org/x/oauth2/internal -# golang.org/x/sys v0.5.0 +# golang.org/x/sys v0.6.0 ## explicit; go 1.17 golang.org/x/sys/internal/unsafeheader golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.5.0 +# golang.org/x/term v0.6.0 ## explicit; go 1.17 golang.org/x/term -# golang.org/x/text v0.7.0 +# golang.org/x/text v0.8.0 ## explicit; go 1.17 golang.org/x/text/encoding golang.org/x/text/encoding/internal @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -998,32 +998,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 diff --git a/go.mod b/go.mod index 6258895839..c86a833680 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 - golang.org/x/sys v0.5.0 + golang.org/x/sys v0.6.0 gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/api v0.26.1 k8s.io/apiextensions-apiserver v0.26.1 @@ -140,10 +140,10 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/runc v1.1.4 // indirect + github.com/opencontainers/runc v1.1.6 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/opencontainers/selinux v1.10.0 // indirect - github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b // indirect + github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/profile v1.3.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -185,14 +185,14 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.0 // indirect golang.org/x/crypto v0.1.0 // indirect - golang.org/x/mod v0.6.0 // indirect - golang.org/x/net v0.7.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sync v0.1.0 // indirect + golang.org/x/term v0.6.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.2.0 // indirect + golang.org/x/tools v0.6.0 // indirect google.golang.org/api v0.60.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -221,7 +221,7 @@ require ( k8s.io/mount-utils v0.0.0 // indirect k8s.io/pod-security-admission v0.25.0 // indirect k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // from kubernetes ) diff --git a/go.sum b/go.sum index fc9ca6379f..1c00a8f9a6 100644 --- a/go.sum +++ b/go.sum @@ -589,8 +589,9 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3I github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA= +github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -600,65 +601,65 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/openshift/api v0.0.0-20230120195050-6ba31fa438f2/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f h1:+GaTEfR8gYzh64fdlRKLYZLwt5p4wQd2mdnvkhFDa8k= github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= -github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b h1:1AeKPWFTSSSqSl0VYmwnaOuxw2kExQgJ6pjuC4XV33A= -github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b/go.mod h1:FmOGJTf5L1X9LiqnsNDwKJyt5ycUNxnNqpxs0rgylTc= +github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f h1:rcaCMJa6vCtX/4orBfonBz2Z2zjdlJzDOzxwhlcq10U= +github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f/go.mod h1:pI5W5+O/b0A7qOAXuLLCQqQjoCcQoEPsoBNoFfScvUQ= github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k= github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qYyQDwsMWUfjjau8ezmg1dzCqub13KZOcE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 h1:DxU8TWjU8Oena8Ghid/K+cmQLNJSJRhuUFdlHqrEYM0= -github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 h1:agPz3HCip5q6vbfHqIrZHBO2cq27NR6xPzlIWtiNV14= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 h1:pXWg407R5iaAYV2w/ElE7MtOmxcZ62WpCq6f4S2/Cvk= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 h1:mtZeh53RDdQpMkIOn6Z0f3WOiWCcmw/Ua93PbDgW7Bk= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 h1:CJG+OQlmVbldHGEblR3d2HVcgm8KSQzlFaVzj8P8WxI= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 h1:0aFCy3DFIJp9q7MjIdF+d7c9gRRldbzoADzeXJHD6Ps= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 h1:gtLRfQXW02jMSNd3b+OYihuYGnf3kdpM1XcxVho24yI= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 h1:UH2CrxJMeQfqUXKAdBS4wMrTkRr5IlMLtC4K6QLUVa0= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 h1:hVdwgqxDk4bluPK25EPn8Pac41kd+Z5dEYx2rDlmlfA= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 h1:TFwYCrthXTV89eiKNewDLRHIxqzUVsOTDI6CRenseVs= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 h1:6x02hFqXOhHkpGrkQMnZxbze/W5ezpFJY24p+QBOSGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 h1:YE1eqfA+F0slkcQz/JUq/wLe6GOOWeyKYDXYjwTBMuw= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 h1:DhG+hjnNz9dWd99ZDYgTvGfa664Z1BeNdsitcr1S/E0= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 h1:at3OR4PQWIMjPX4Rj/gF0axWOCxJUaC/0nb0v5+aICg= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 h1:6okyPOQlNzes/eX6zLDfxuZ8vq9TCClcMK/z2CspUNc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 h1:XDfbRtXJkcJ+0DYpGDY5z+THMad2F645g4axdksFVyE= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 h1:0siZkDLsSH1EwQozlv4jSvXjv4J/YxShm5t+8D0R79U= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 h1:shy31jV3C6duCqPIbpBoayfvub0MD+ewWMsk4SNHlmo= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 h1:g3n+u+PZ/FEOf0lvfFcgDV+rMQdYsUa1uW8tLrr4yII= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= +github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 h1:aAZOgCVCBWMRRwi5W/NazlOCaCLlaMI704LTMwo/HUg= +github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682/go.mod h1:T0+m4H3K5iWzDP65vb1st8Pd3siJoeSpbC0EzmymTVk= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 h1:oh00NNthfcbhoHHG9RMaQ+Q9gaB+OjU6LsjIOgTZ6dA= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:yViNAI+IfEaoAVoSOgZXDmN4bMipiqwvrXekieIkdbY= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 h1:Ac/LHZaMAqUr9rE4Q1oLG6iuLwwi6L3GAuTPdsqO15Y= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:VFDYdzpH+ZfUFicJweH6XtgDJJ+bBhIMgS/NgM6c9+c= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 h1:QVD1gei4qjU1ZzqLrrk9UUM4oL5xNU5WHQrOh+plP2o= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682/go.mod h1:UDt2Nn2cJxGQWGuPZXA8zhtTccXCsbzIMD2QMvjAl/s= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 h1:Le/7MKrlHyL0GzydqE9O2YuBPTEwnMG5cUJHPOqQSKE= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682/go.mod h1:CHVYBTORnxNcEy4sP3o5mXQCtQ+xakaDn7H4irLH4hE= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682/go.mod h1:RPAt1JMA66rIEi+T0Dm3inLGbyc8PsaIoRuh006OoKQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 h1:nvGIHfDumItIc0eHmw1XkyaHYqODBrw4LFt6qX2UAE0= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682/go.mod h1:1kjV28ccOe1eJI0U3RSRTXDv8PSWILLyDrRHnlN0b5Q= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 h1:ieDpK+9kwFiYrZLf8szWJs034wF7DPyZ6imE9lvPwmU= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:MzAfXD5g03ADE/cQOanac914VXKVm+PE21CdbMnqHh8= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 h1:LHuIB1W4NAG9ZnrRQdfctquaE4GLKgCSQjny5JZYr+4= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682/go.mod h1:sjqtRwsq9OIu27wzHZyTUxhszi4BTrLOZUP3XxMT3ac= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 h1:IJ5E8PY+2bWAGqpmqDtkU2W4t6XmLC76x921nr1JVmY= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682/go.mod h1:3iftQXweshE6LzQ4a0nccCFroiXuvkd0Tv0yVhVZo3g= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 h1:SImSqAAOj9J8LfLmHFnMRAHSedb14k0fejLGldaAi1k= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682/go.mod h1:i5+I2dCeC47HR6g0aFW6nr1wNfWRlyFmiSDs2NqFs3I= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 h1:3rSkUFhklB10N5Xp3Dm3Wn6g+xyRNXdoRQaGdzGEMvs= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682/go.mod h1:uzei6+XRNkQICBV+e8BACOZwRpfWPvpZ6bVCWYsuxfQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 h1:WJVg9acdlTWqKOiC7JbJa2Ev0kFki5tL4mcdxTAkUMQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682/go.mod h1:HLz7lzU2qNPgSwDA8ZH4T6Ll6kWU6Y6BpIzPWYfLBkc= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 h1:YJruCzvKX+sqPHNK87ZdNJ3bld9cDh86nMuI1V50yKM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:W/OyRa4Ahdv09yt5iHcxSrTCn2yg33rlMqo9yW1GFm0= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 h1:cGUyvu78+r830+joBbEILP5vkmM0udzZWvwEFYKSc30= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682/go.mod h1:gAOk6X5CwD031FqXVf7CD4yQdou7UUUmP0FmRqCGPUI= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 h1:F6Iq7mYVCz+EkVxwtb56Rg6EWbQ/JTSVo0zbrwZ+RTE= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682/go.mod h1:au5YzS8yhxLz767EWIVfabqOrCtMfjppQRDQ+BPnNCE= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 h1:4I/f6SZBayfieqXt7Zk0cWkbfXDGBdLTXFpDCXeAuX0= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682/go.mod h1:j7EjbuGsi5n1jhuQ1s2xbgsV4H5MOY6iTjtp+CaBsh0= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 h1:UCHUJBT8ieT0lja74AgVhU54Td2iFFLurUKKwv+ibig= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682/go.mod h1:0XHkNqJcpcb3wT61pTKmEWoX8uuV9Q5N2Z48NrDYdww= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 h1:BT1oPp1IvgYzpmksSeyoSvl61E4NbAQKyFt7wKEO+nY= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682/go.mod h1:Xv4esSdxyeauCQqd77P5rMAjH8eAhtUfZjgykqPkXIg= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 h1:/LcItEq3+hoyU2Cw181TFbGTSegdYWIC3AFlFwGTre4= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682/go.mod h1:t18RIruuLO3r+O64ycCBgy26pv4C82be62Gkaneigqo= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= @@ -935,8 +936,9 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -992,8 +994,9 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1026,8 +1029,9 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1115,15 +1119,17 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1136,8 +1142,9 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1208,8 +1215,9 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1430,8 +1438,9 @@ k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 h1:+xBL5uTc+BkPBwmMi3vYfUJjq+N3K+H6PXeETwf5cPI= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 h1:PUuX1qIFv309AT8hF/CdPKDmsG/hn/L8zRX7VvISM3A= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index 5f9f8932d4..5e7a3d1490 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 12ff0ccb3a..7358d410e1 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 65ec2fe921..50cc1956a7 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,16 +1,14 @@ -# cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c to 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba -083565cf97e4077cff36091aba5a276d469f8eed 2023-03-22T18:35:00+00:00 update apf configuration to use v1beta3 -# kubernetes embedded-component 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 -71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin -# machine-config-operator embedded-component 0318874b6243752bb0bd30f8e99bd03d19278b37 to 5d6b4e794bda70accd168867bba815e3b3e3b02a -f98d25046fa825cb91c2b6f97c928f44b53b1b0f 2023-03-28T08:02:56+00:00 OCPBUGS-8676: Fix kubelet.service node-ip for v6-primary dual-stack -# kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 -71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin -# kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 85375332a108abce2f23a61958ae7adcc449477c +# cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b to d9b70b9b587762e53863d61d0447f2f74580bd4b +498475d4f534072c1d49befb0d12b88059082f93 2023-04-13T05:50:19+00:00 OCPBUGS-11046: Fix allowlist ds template +# kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc +2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission +7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 +b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 +5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled +c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty 1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: <carry>: Force using the go tooling from the system 6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: <drop>: manually resolve conflicts -71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: <carry>: STOR-829: Add CSIInlineVolumeSecurity admission plugin 9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3 6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece 7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue @@ -48,3 +46,62 @@ d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme 25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available 6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics +# machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a to 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3 +b1826289224b1e973b88f3d0903b63cc9118af83 2023-04-13T16:32:58+00:00 OCPBUGS-11280: Fixing forcedns dispatcher script permission issue for assisted sno rhel9 upgrade +1e962e3c33c905d86871fc740eaac69e3b6f12a8 2023-03-29T13:52:01+00:00 Splitting NetworkManager-onprem.conf.yaml to 2 files: 1. NetworkManager-onprem.conf.yaml will set unmanaged field as before and will do it only for onprem platforms as before 2. NetworkManager-ipv6.conf.yaml will set ipv6 flags for all platforms +# ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537 +13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6 +# kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc +2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission +7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 +b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 +5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled +c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty +1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image +e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: <carry>: Force using the go tooling from the system +6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: <drop>: manually resolve conflicts +9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3 +6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece +7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue +6968f56567c90ea4329448a9185445bb1f114295 2023-03-09T12:39:06-08:00 Removes old discovery hack ignoring 403 and 404 +363bcdd815c051e52954b1aab1cd503dfc19bff7 2023-03-09T12:38:02-08:00 Plumb stale GroupVersions through aggregated discovery +24f79b28edf2496aa63b7578b083362e009a987e 2023-03-09T10:08:08+01:00 releng/go: Update images, dependencies and version to Go 1.19.7 +6e8addd9a0a9e2983e3040e337b1b7ba6df83d87 2023-03-08T04:00:34+00:00 Tolerate empty discovery response in memcache client +5aefc0c454e0e4f7c431ddfdfe767859b36b55ac 2023-03-03T10:00:26+05:30 Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node. +4bab824def3417109b6dca8e16ad3b7fa80d74c8 2023-03-02T11:39:47-08:00 Deflake tests in staging/src/k8s.io/kube-aggregator/pkg/apiserver +20f36098d951df73b131e9408f1a37a74b84ba5d 2023-03-02T11:39:42-08:00 Fix a data race in TestDirty +d07478bd5a863273aec874c869bb8cd3de911bdc 2023-03-02T11:39:38-08:00 ut: fix TestLegacyFallbackNoCache versions order +b1f6dc0311402ffc8849ffab2998b38d839b9924 2023-03-02T11:36:43-08:00 Fix legacy fallback stale for aggregated discovery +3df1e8e32fdc4462bdfe1537d90ce4e6d83e6a9a 2023-03-02T02:29:31+00:00 add unit test +86a6f5d1b58ee63de1133b515001dd6d333b207a 2023-03-02T02:29:31+00:00 fix 116028 +e8627059b02a360f30a869abc7c1cbec00163651 2023-02-28T17:19:34-03:00 Re-enable label selector +1b063e1248ce9f38fda5456054fca77ecb320eec 2023-02-28T17:19:34-03:00 Add integration test for diff --prune --selector +215a91b4381ec2fded38e8d0253e0e3f3675f9cb 2023-02-28T17:19:32-03:00 Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply +9ec50f523aa50219f2449b1acc119619d0642051 2023-02-27T10:58:28+01:00 svc: Support pods with same address +a4ea8e56c1558292233d6b4bb1d0712a21bf3518 2023-02-27T08:37:59+01:00 api: generated files +bb8e051b4b95e1eb0e2dc4e3e25b4373a8a6307d 2023-02-27T08:33:04+01:00 api: drop Resources.Claims from PVC and PVC template +5ea3848172c54a35b0e86a3709b983136e277293 2023-02-24T20:23:32+01:00 scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim +f5261ae7362e90f20db2557bc83d590e83aeb7be 2023-02-24T07:25:58-08:00 Fix validation.go to validate without StatefulSetStartOrdinal feature gate check. Adds test case to validate regression fix of validation failing when spec.ordinals set and feature gate disabled +f945942cfa18acc3cb0d063a065fafa1e710dc88 2023-02-22T14:30:11+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.2 +a87eb5d44f4d0008ef910d98d3b1983e3320bab7 2023-02-22T13:32:21+00:00 Release commit for Kubernetes v1.26.3-rc.0 +a05ec2e0147acb5955b21e4b971ae2e59a3ea019 2023-02-20T23:05:34+01:00 Remove global framework variable +072703c70b066c590686b9b75dcacab5a3f737dd 2023-02-15T10:25:09-08:00 fix race in aggregated discovery handler +bdecd47143ebfddfeacb36b9ff980446476eec9c 2023-02-14T17:46:31+00:00 Remove check for CSI driver running on node for CSI migration attach operations +00e1ab6b5dbf815eb6853a497b8ce1685a717536 2023-02-14T11:06:01-05:00 Disable multiple pv mount tests for vsphere intree driver +192f90ac9c5f0e04f0b9973952e0227cb37c5c4e 2023-02-13T21:26:58-05:00 Simplify construction of /metrics request +4e7930724f2afb60efc29b94ce1c5c75ceecb7cc 2023-02-08T16:54:52+05:30 Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode. +83c3ca63a12eaadfa2fb20ea5d6b588904461193 2023-02-07T17:03:20-08:00 Bump konnectivity-client to v0.0.36 +29f810fc071157cfa55603e97c0065e50f45a131 2023-02-06T21:51:40+00:00 make GetSubnetPrefix IP family agnostic +d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme from kube::golang::verify_go_version +62386bb73950cbdec1f8938a3250937702222749 2023-02-03T00:01:07-05:00 Add gimme +25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets +a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available +6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics +# ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537 +13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6 +# kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c to 19816eefa6829861687df6dfe573708756c464cc +2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission +7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 +b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 +5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled +c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 95bd4bccd4..fdd44b74f8 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -3,12 +3,12 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 -https://github.com/openshift/cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b +https://github.com/openshift/cluster-network-operator embedded-component d9b70b9b587762e53863d61d0447f2f74580bd4b https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -https://github.com/openshift/kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 -https://github.com/openshift/machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a +https://github.com/openshift/kubernetes embedded-component 19816eefa6829861687df6dfe573708756c464cc +https://github.com/openshift/machine-config-operator embedded-component 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a @@ -16,13 +16,13 @@ https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 -https://github.com/openshift/ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa -https://github.com/openshift/kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 +https://github.com/openshift/ovn-kubernetes image-amd64 e3bef98aa599a90a7f24ab077e7b979d688eb537 +https://github.com/openshift/kubernetes image-amd64 19816eefa6829861687df6dfe573708756c464cc https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 -https://github.com/openshift/ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa -https://github.com/openshift/kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c +https://github.com/openshift/ovn-kubernetes image-arm64 e3bef98aa599a90a7f24ab077e7b979d688eb537 +https://github.com/openshift/kubernetes image-arm64 19816eefa6829861687df6dfe573708756c464cc https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 044a6f5fd5..bdbc467c65 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-13-171034" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-14-004314" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-15-102029" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-15-102028" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go index 104c74a890..35b00aaf05 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go @@ -93,7 +93,7 @@ var ( ) // Loosely based on the BPF_F_REPLACE support check in -// <https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go>. +// https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go. // // TODO: move this logic to cilium/ebpf func haveBpfProgReplace() bool { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go index fb4fcc7f75..9e2f0ec04c 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go @@ -28,6 +28,7 @@ var subsystems = []subsystem{ &FreezerGroup{}, &RdmaGroup{}, &NameGroup{GroupName: "name=systemd", Join: true}, + &NameGroup{GroupName: "misc", Join: true}, } var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist") diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go index 45744c15c0..50746ae0c5 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go @@ -293,8 +293,18 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err // rules separately to systemd) we can safely skip entries that don't // have a corresponding path. if _, err := os.Stat(entry.Path); err != nil { - logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err) - continue + // Also check /sys/dev so that we don't depend on /dev/{block,char} + // being populated. (/dev/{block,char} is populated by udev, which + // isn't strictly required for systemd). Ironically, this happens most + // easily when starting containerd within a runc created container + // itself. + + // We don't bother with securejoin here because we create entry.Path + // right above here, so we know it's safe. + if _, err := os.Stat("/sys" + entry.Path); err != nil { + logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err) + continue + } } } deviceAllowList = append(deviceAllowList, entry) @@ -343,32 +353,52 @@ func isUnitExists(err error) bool { return isDbusError(err, "org.freedesktop.systemd1.UnitExists") } -func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property) error { +func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error { statusChan := make(chan string, 1) + retry := true + +retry: err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { _, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan) return err }) - if err == nil { - timeout := time.NewTimer(30 * time.Second) - defer timeout.Stop() - - select { - case s := <-statusChan: - close(statusChan) - // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit - if s != "done" { - resetFailedUnit(cm, unitName) - return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) - } - case <-timeout.C: + if err != nil { + if !isUnitExists(err) { + return err + } + if ignoreExist { + // TODO: remove this hack. + // This is kubelet making sure a slice exists (see + // https://github.com/opencontainers/runc/pull/1124). + return nil + } + if retry { + // In case a unit with the same name exists, this may + // be a leftover failed unit. Reset it, so systemd can + // remove it, and retry once. resetFailedUnit(cm, unitName) - return errors.New("Timeout waiting for systemd to create " + unitName) + retry = false + goto retry } - } else if !isUnitExists(err) { return err } + timeout := time.NewTimer(30 * time.Second) + defer timeout.Stop() + + select { + case s := <-statusChan: + close(statusChan) + // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit + if s != "done" { + resetFailedUnit(cm, unitName) + return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) + } + case <-timeout.C: + resetFailedUnit(cm, unitName) + return errors.New("Timeout waiting for systemd to create " + unitName) + } + return nil } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go index 83d10dd705..dd474cf1b1 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go @@ -51,5 +51,10 @@ func RangeToBits(str string) ([]byte, error) { // do not allow empty values return nil, errors.New("empty value") } + + // fit cpuset parsing order in systemd + for l, r := 0, len(ret)-1; l < r; l, r = l+1, r-1 { + ret[l], ret[r] = ret[r], ret[l] + } return ret, nil } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go index a74a05a5cd..046c3056fb 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go @@ -71,6 +71,7 @@ var legacySubsystems = []subsystem{ &fs.NetClsGroup{}, &fs.NameGroup{GroupName: "name=systemd"}, &fs.RdmaGroup{}, + &fs.NameGroup{GroupName: "misc"}, } func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { @@ -206,7 +207,7 @@ func (m *legacyManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return err } @@ -273,14 +274,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) { return "", err } - initPath, err := cgroups.GetInitCgroup(subsystem) - if err != nil { - return "", err - } - // if pid 1 is systemd 226 or later, it will be in init.scope, not the root - initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope") - - return filepath.Join(mountpoint, initPath, slice, unit), nil + return filepath.Join(mountpoint, slice, unit), nil } func (m *legacyManager) Freeze(state configs.FreezerState) error { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go index de0cb974d4..94d24ee450 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go @@ -284,7 +284,7 @@ func (m *unifiedManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return fmt.Errorf("unable to start unit %q (properties %+v): %w", unitName, properties, err) } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go index b32af4ee53..fc4ae44a48 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go @@ -162,8 +162,10 @@ func readProcsFile(dir string) ([]int, error) { // ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup // or /proc/<pid>/cgroup, into a map of subsystems to cgroup paths, e.g. -// "cpu": "/user.slice/user-1000.slice" -// "pids": "/user.slice/user-1000.slice" +// +// "cpu": "/user.slice/user-1000.slice" +// "pids": "/user.slice/user-1000.slice" +// // etc. // // Note that for cgroup v2 unified hierarchy, there are no per-controller diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go index 627621a58d..4fbd308dad 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go @@ -131,9 +131,8 @@ func (v *ConfigValidator) cgroupnamespace(config *configs.Config) error { // convertSysctlVariableToDotsSeparator can return sysctl variables in dots separator format. // The '/' separator is also accepted in place of a '.'. // Convert the sysctl variables to dots separator format for validation. -// More info: -// https://man7.org/linux/man-pages/man8/sysctl.8.html -// https://man7.org/linux/man-pages/man5/sysctl.d.5.html +// More info: sysctl(8), sysctl.d(5). +// // For example: // Input sysctl variable "net/ipv4/conf/eno2.100.rp_filter" // will return the converted value "net.ipv4.conf.eno2/100.rp_filter" diff --git a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go index 9df830d8cd..dd61dfd3c9 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go @@ -926,7 +926,7 @@ func (c *linuxContainer) criuSupportsExtNS(t configs.NamespaceType) bool { } func criuNsToKey(t configs.NamespaceType) string { - return "extRoot" + strings.Title(configs.NsName(t)) + "NS" + return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated } func (c *linuxContainer) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go new file mode 100644 index 0000000000..cc1e2079a7 --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go @@ -0,0 +1,17 @@ +//go:build !go1.20 +// +build !go1.20 + +package libcontainer + +import "golang.org/x/sys/unix" + +func eaccess(path string) error { + // This check is similar to access(2) with X_OK except for + // setuid/setgid binaries where it checks against the effective + // (rather than real) uid and gid. It is not needed in go 1.20 + // and beyond and will be removed later. + + // Relies on code added in https://go-review.googlesource.com/c/sys/+/468877 + // and older CLs linked from there. + return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) +} diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go new file mode 100644 index 0000000000..7c049fd7aa --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go @@ -0,0 +1,10 @@ +//go:build go1.20 + +package libcontainer + +func eaccess(path string) error { + // Not needed in Go 1.20+ as the functionality is already in there + // (added by https://go.dev/cl/416115, https://go.dev/cl/414824, + // and fixed in Go 1.20.2 by https://go.dev/cl/469956). + return nil +} diff --git a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go index e6c71ac34e..a1fa7de2d2 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go @@ -179,6 +179,12 @@ func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, err return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err) } if len(pids) != 0 { + if config.Cgroups.Systemd { + // systemd cgroup driver can't add a pid to an + // existing systemd unit and will return an + // error anyway, so let's error out early. + return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids)) + } // TODO: return an error. logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids)) logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132") @@ -338,10 +344,9 @@ func (l *LinuxFactory) StartInitialization() (err error) { defer func() { if e := recover(); e != nil { - if e, ok := e.(error); ok { - err = fmt.Errorf("panic from initialization: %w, %s", e, debug.Stack()) + if ee, ok := e.(error); ok { + err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) } else { - //nolint:errorlint // here e is not of error type err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) } } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go index 1e5c394c3e..2e4c59353c 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go @@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error { return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} } - // Skip chown if uid is already the one we want. - if int(s.Uid) == u.Uid { + // Skip chown if uid is already the one we want or any of the STDIO descriptors + // were redirected to /dev/null. + if int(s.Uid) == u.Uid || s.Rdev == null.Rdev { continue } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go index ec7638e4d5..c3f88fc703 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go @@ -329,26 +329,41 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - return utils.WithProcfd(c.root, m.Destination, func(procfd string) error { - if err := mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data); err != nil { - // when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158) - if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY) { - src := fs2.UnifiedMountpoint - if c.cgroupns && c.cgroup2Path != "" { - // Emulate cgroupns by bind-mounting - // the container cgroup path rather than - // the whole /sys/fs/cgroup. - src = c.cgroup2Path - } - err = mount(src, m.Destination, procfd, "", uintptr(m.Flags)|unix.MS_BIND, "") - if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { - err = nil - } - } - return err - } - return nil + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data) }) + if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { + return err + } + + // When we are in UserNS but CgroupNS is not unshared, we cannot mount + // cgroup2 (#2158), so fall back to bind mount. + bindM := &configs.Mount{ + Device: "bind", + Source: fs2.UnifiedMountpoint, + Destination: m.Destination, + Flags: unix.MS_BIND | m.Flags, + PropagationFlags: m.PropagationFlags, + } + if c.cgroupns && c.cgroup2Path != "" { + // Emulate cgroupns by bind-mounting the container cgroup path + // rather than the whole /sys/fs/cgroup. + bindM.Source = c.cgroup2Path + } + // mountToRootfs() handles remounting for MS_RDONLY. + // No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). + err = mountToRootfs(bindM, c) + if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { + // ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed + // outside the userns+mountns. + // + // Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted + // with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`). + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return maskPath(procfd, c.label) + }) + } + return err } func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { @@ -398,32 +413,43 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { func mountToRootfs(m *configs.Mount, c *mountConfig) error { rootfs := c.root - mountLabel := c.label - mountFd := c.fd - dest, err := securejoin.SecureJoin(rootfs, m.Destination) - if err != nil { - return err - } + // procfs and sysfs are special because we need to ensure they are actually + // mounted on a specific path in a container without any funny business. switch m.Device { case "proc", "sysfs": // If the destination already exists and is not a directory, we bail - // out This is to avoid mounting through a symlink or similar -- which + // out. This is to avoid mounting through a symlink or similar -- which // has been a "fun" attack scenario in the past. // TODO: This won't be necessary once we switch to libpathrs and we can // stop all of these symlink-exchange attacks. + dest := filepath.Clean(m.Destination) + if !strings.HasPrefix(dest, rootfs) { + // Do not use securejoin as it resolves symlinks. + dest = filepath.Join(rootfs, dest) + } if fi, err := os.Lstat(dest); err != nil { if !os.IsNotExist(err) { return err } - } else if fi.Mode()&os.ModeDir == 0 { + } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } if err := os.MkdirAll(dest, 0o755); err != nil { return err } - // Selinux kernels do not support labeling of /proc or /sys + // Selinux kernels do not support labeling of /proc or /sys. return mountPropagate(m, rootfs, "", nil) + } + + mountLabel := c.label + mountFd := c.fd + dest, err := securejoin.SecureJoin(rootfs, m.Destination) + if err != nil { + return err + } + + switch m.Device { case "mqueue": if err := os.MkdirAll(dest, 0o755); err != nil { return err diff --git a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go index 081d1503a3..c09a7bed30 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go @@ -198,11 +198,12 @@ func (l *linuxStandardInit) Init() error { if err != nil { return err } - // exec.LookPath might return no error for an executable residing on a - // file system mounted with noexec flag, so perform this extra check - // now while we can still return a proper error. - if err := system.Eaccess(name); err != nil { - return &os.PathError{Op: "exec", Path: name, Err: err} + // exec.LookPath in Go < 1.20 might return no error for an executable + // residing on a file system mounted with noexec flag, so perform this + // extra check now while we can still return a proper error. + // TODO: remove this once go < 1.20 is not supported. + if err := eaccess(name); err != nil { + return &os.PathError{Op: "eaccess", Path: name, Err: err} } // Set seccomp as close to execve as possible, so as few syscalls take diff --git a/vendor/github.com/opencontainers/runc/libcontainer/sync.go b/vendor/github.com/opencontainers/runc/libcontainer/sync.go index c9a23ef3a7..25dc286307 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/sync.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/sync.go @@ -15,16 +15,16 @@ type syncType string // during container setup. They come in pairs (with procError being a generic // response which is followed by an &initError). // -// [ child ] <-> [ parent ] +// [ child ] <-> [ parent ] // -// procHooks --> [run hooks] -// <-- procResume +// procHooks --> [run hooks] +// <-- procResume // -// procReady --> [final setup] -// <-- procRun +// procReady --> [final setup] +// <-- procRun // -// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] -// <-- procSeccompDone +// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] +// <-- procSeccompDone const ( procError syncType = "procError" procReady syncType = "procReady" diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go index 039059a444..e1d6eb1803 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go @@ -31,25 +31,6 @@ func (p ParentDeathSignal) Set() error { return SetParentDeathSignal(uintptr(p)) } -// Eaccess is similar to unix.Access except for setuid/setgid binaries -// it checks against the effective (rather than real) uid and gid. -func Eaccess(path string) error { - err := unix.Faccessat2(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) - if err != unix.ENOSYS && err != unix.EPERM { //nolint:errorlint // unix errors are bare - return err - } - - // Faccessat2() not available; check if we are a set[ug]id binary. - if os.Getuid() == os.Geteuid() && os.Getgid() == os.Getegid() { - // For a non-set[ug]id binary, use access(2). - return unix.Access(path, unix.X_OK) - } - - // For a setuid/setgid binary, there is no fallback way - // so assume we can execute the binary. - return nil -} - func Execv(cmd string, args []string, env []string) error { name, err := exec.LookPath(cmd) if err != nil { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go index 2473c5eadd..a1e216683d 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go @@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath // found in any entry in passwd and group respectively. // // Examples of valid user specifications are: -// * "" -// * "user" -// * "uid" -// * "user:group" -// * "uid:gid -// * "user:gid" -// * "uid:group" +// - "" +// - "user" +// - "uid" +// - "user:group" +// - "uid:gid +// - "user:gid" +// - "uid:group" // // It should be noted that if you specify a numeric user or group id, they will // not be evaluated as usernames (only the metadata will be filled). So attempting diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go new file mode 100644 index 0000000000..7b24270c93 --- /dev/null +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go @@ -0,0 +1,471 @@ +/* + * This file is a copy of k8s.io/kubernetes/pkg/securitycontext/accessors.go that + * contains the patch from https://github.com/kubernetes/kubernetes/pull/115968 + * that only appears in kube 1.27. + * FIXME: Remove this file when OpenShift users kube 1.27 as its base. + */ + +package sccmatching + +import ( + "reflect" + + api "k8s.io/kubernetes/pkg/apis/core" + "k8s.io/kubernetes/pkg/securitycontext" +) + +type SecccompProfileAccessor interface { + SeccompProfile() *api.SeccompProfile +} + +type SeccompProfileMutator interface { + SetSeccompProfile(*api.SeccompProfile) +} + +type PatchedPodSecurityContextAccessor interface { + securitycontext.PodSecurityContextAccessor + SecccompProfileAccessor +} + +type PatchedPodSecurityContextMutator interface { + securitycontext.PodSecurityContextMutator + SecccompProfileAccessor + SeccompProfileMutator +} + +// NewPodSecurityContextAccessor returns an accessor for the given pod security context. +// May be initialized with a nil PodSecurityContext. +func NewPodSecurityContextAccessor(podSC *api.PodSecurityContext) PatchedPodSecurityContextAccessor { + return &podSecurityContextWrapper{podSC: podSC} +} + +// NewPodSecurityContextMutator returns a mutator for the given pod security context. +// May be initialized with a nil PodSecurityContext. +func NewPodSecurityContextMutator(podSC *api.PodSecurityContext) PatchedPodSecurityContextMutator { + return &podSecurityContextWrapper{podSC: podSC} +} + +type podSecurityContextWrapper struct { + podSC *api.PodSecurityContext +} + +func (w *podSecurityContextWrapper) PodSecurityContext() *api.PodSecurityContext { + return w.podSC +} + +func (w *podSecurityContextWrapper) ensurePodSC() { + if w.podSC == nil { + w.podSC = &api.PodSecurityContext{} + } +} + +func (w *podSecurityContextWrapper) HostNetwork() bool { + if w.podSC == nil { + return false + } + return w.podSC.HostNetwork +} +func (w *podSecurityContextWrapper) SetHostNetwork(v bool) { + if w.podSC == nil && v == false { + return + } + w.ensurePodSC() + w.podSC.HostNetwork = v +} +func (w *podSecurityContextWrapper) HostPID() bool { + if w.podSC == nil { + return false + } + return w.podSC.HostPID +} +func (w *podSecurityContextWrapper) SetHostPID(v bool) { + if w.podSC == nil && v == false { + return + } + w.ensurePodSC() + w.podSC.HostPID = v +} +func (w *podSecurityContextWrapper) HostIPC() bool { + if w.podSC == nil { + return false + } + return w.podSC.HostIPC +} +func (w *podSecurityContextWrapper) SetHostIPC(v bool) { + if w.podSC == nil && v == false { + return + } + w.ensurePodSC() + w.podSC.HostIPC = v +} +func (w *podSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { + if w.podSC == nil { + return nil + } + return w.podSC.SELinuxOptions +} +func (w *podSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.SELinuxOptions = v +} +func (w *podSecurityContextWrapper) RunAsUser() *int64 { + if w.podSC == nil { + return nil + } + return w.podSC.RunAsUser +} +func (w *podSecurityContextWrapper) SetRunAsUser(v *int64) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.RunAsUser = v +} +func (w *podSecurityContextWrapper) RunAsGroup() *int64 { + if w.podSC == nil { + return nil + } + return w.podSC.RunAsGroup +} +func (w *podSecurityContextWrapper) SetRunAsGroup(v *int64) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.RunAsGroup = v +} + +func (w *podSecurityContextWrapper) RunAsNonRoot() *bool { + if w.podSC == nil { + return nil + } + return w.podSC.RunAsNonRoot +} +func (w *podSecurityContextWrapper) SetRunAsNonRoot(v *bool) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.RunAsNonRoot = v +} +func (w *podSecurityContextWrapper) SeccompProfile() *api.SeccompProfile { + if w.podSC == nil { + return nil + } + return w.podSC.SeccompProfile +} +func (w *podSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) { + if w.podSC == nil && p == nil { + return + } + w.ensurePodSC() + w.podSC.SeccompProfile = p +} +func (w *podSecurityContextWrapper) SupplementalGroups() []int64 { + if w.podSC == nil { + return nil + } + return w.podSC.SupplementalGroups +} +func (w *podSecurityContextWrapper) SetSupplementalGroups(v []int64) { + if w.podSC == nil && len(v) == 0 { + return + } + w.ensurePodSC() + if len(v) == 0 && len(w.podSC.SupplementalGroups) == 0 { + return + } + w.podSC.SupplementalGroups = v +} +func (w *podSecurityContextWrapper) FSGroup() *int64 { + if w.podSC == nil { + return nil + } + return w.podSC.FSGroup +} +func (w *podSecurityContextWrapper) SetFSGroup(v *int64) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.FSGroup = v +} + +type PatchedContainerSecurityContextAccessor interface { + securitycontext.ContainerSecurityContextAccessor + SecccompProfileAccessor +} + +type PatchedContainerSecurityContextMutator interface { + securitycontext.ContainerSecurityContextMutator + SecccompProfileAccessor + SeccompProfileMutator +} + +// NewContainerSecurityContextAccessor returns an accessor for the provided container security context +// May be initialized with a nil SecurityContext +func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) PatchedContainerSecurityContextAccessor { + return &containerSecurityContextWrapper{containerSC: containerSC} +} + +// NewContainerSecurityContextMutator returns a mutator for the provided container security context +// May be initialized with a nil SecurityContext +func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) PatchedContainerSecurityContextMutator { + return &containerSecurityContextWrapper{containerSC: containerSC} +} + +type containerSecurityContextWrapper struct { + containerSC *api.SecurityContext +} + +func (w *containerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext { + return w.containerSC +} + +func (w *containerSecurityContextWrapper) ensureContainerSC() { + if w.containerSC == nil { + w.containerSC = &api.SecurityContext{} + } +} + +func (w *containerSecurityContextWrapper) Capabilities() *api.Capabilities { + if w.containerSC == nil { + return nil + } + return w.containerSC.Capabilities +} +func (w *containerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.Capabilities = v +} +func (w *containerSecurityContextWrapper) Privileged() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.Privileged +} +func (w *containerSecurityContextWrapper) SetPrivileged(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.Privileged = v +} +func (w *containerSecurityContextWrapper) ProcMount() api.ProcMountType { + if w.containerSC == nil { + return api.DefaultProcMount + } + if w.containerSC.ProcMount == nil { + return api.DefaultProcMount + } + return *w.containerSC.ProcMount +} +func (w *containerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { + if w.containerSC == nil { + return nil + } + return w.containerSC.SELinuxOptions +} +func (w *containerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.SELinuxOptions = v +} +func (w *containerSecurityContextWrapper) RunAsUser() *int64 { + if w.containerSC == nil { + return nil + } + return w.containerSC.RunAsUser +} +func (w *containerSecurityContextWrapper) SetRunAsUser(v *int64) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.RunAsUser = v +} +func (w *containerSecurityContextWrapper) RunAsGroup() *int64 { + if w.containerSC == nil { + return nil + } + return w.containerSC.RunAsGroup +} +func (w *containerSecurityContextWrapper) SetRunAsGroup(v *int64) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.RunAsGroup = v +} + +func (w *containerSecurityContextWrapper) RunAsNonRoot() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.RunAsNonRoot +} +func (w *containerSecurityContextWrapper) SetRunAsNonRoot(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.RunAsNonRoot = v +} +func (w *containerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.ReadOnlyRootFilesystem +} +func (w *containerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.ReadOnlyRootFilesystem = v +} +func (w *containerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile { + if w.containerSC == nil { + return nil + } + return w.containerSC.SeccompProfile +} +func (w *containerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) { + if w.containerSC == nil && p == nil { + return + } + w.ensureContainerSC() + w.containerSC.SeccompProfile = p +} + +func (w *containerSecurityContextWrapper) AllowPrivilegeEscalation() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.AllowPrivilegeEscalation +} +func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.AllowPrivilegeEscalation = v +} + +// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values +// for the provided pod security context and container security context +func NewEffectiveContainerSecurityContextAccessor(podSC PatchedPodSecurityContextAccessor, containerSC PatchedContainerSecurityContextMutator) PatchedContainerSecurityContextAccessor { + return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} +} + +// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values +// for the provided pod security context and container security context +func NewEffectiveContainerSecurityContextMutator(podSC PatchedPodSecurityContextAccessor, containerSC PatchedContainerSecurityContextMutator) PatchedContainerSecurityContextMutator { + return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} +} + +type effectiveContainerSecurityContextWrapper struct { + podSC PatchedPodSecurityContextAccessor + containerSC PatchedContainerSecurityContextMutator +} + +func (w *effectiveContainerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext { + return w.containerSC.ContainerSecurityContext() +} + +func (w *effectiveContainerSecurityContextWrapper) Capabilities() *api.Capabilities { + return w.containerSC.Capabilities() +} +func (w *effectiveContainerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) { + if !reflect.DeepEqual(w.Capabilities(), v) { + w.containerSC.SetCapabilities(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) Privileged() *bool { + return w.containerSC.Privileged() +} +func (w *effectiveContainerSecurityContextWrapper) SetPrivileged(v *bool) { + if !reflect.DeepEqual(w.Privileged(), v) { + w.containerSC.SetPrivileged(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) ProcMount() api.ProcMountType { + return w.containerSC.ProcMount() +} +func (w *effectiveContainerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { + if v := w.containerSC.SELinuxOptions(); v != nil { + return v + } + return w.podSC.SELinuxOptions() +} +func (w *effectiveContainerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { + if !reflect.DeepEqual(w.SELinuxOptions(), v) { + w.containerSC.SetSELinuxOptions(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) RunAsUser() *int64 { + if v := w.containerSC.RunAsUser(); v != nil { + return v + } + return w.podSC.RunAsUser() +} +func (w *effectiveContainerSecurityContextWrapper) SetRunAsUser(v *int64) { + if !reflect.DeepEqual(w.RunAsUser(), v) { + w.containerSC.SetRunAsUser(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) RunAsGroup() *int64 { + if v := w.containerSC.RunAsGroup(); v != nil { + return v + } + return w.podSC.RunAsGroup() +} +func (w *effectiveContainerSecurityContextWrapper) SetRunAsGroup(v *int64) { + if !reflect.DeepEqual(w.RunAsGroup(), v) { + w.containerSC.SetRunAsGroup(v) + } +} + +func (w *effectiveContainerSecurityContextWrapper) RunAsNonRoot() *bool { + if v := w.containerSC.RunAsNonRoot(); v != nil { + return v + } + return w.podSC.RunAsNonRoot() +} +func (w *effectiveContainerSecurityContextWrapper) SetRunAsNonRoot(v *bool) { + if !reflect.DeepEqual(w.RunAsNonRoot(), v) { + w.containerSC.SetRunAsNonRoot(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool { + return w.containerSC.ReadOnlyRootFilesystem() +} +func (w *effectiveContainerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) { + if !reflect.DeepEqual(w.ReadOnlyRootFilesystem(), v) { + w.containerSC.SetReadOnlyRootFilesystem(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile { + return w.containerSC.SeccompProfile() +} +func (w *effectiveContainerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) { + if !reflect.DeepEqual(w.SeccompProfile(), p) { + w.containerSC.SetSeccompProfile(p) + } +} +func (w *effectiveContainerSecurityContextWrapper) AllowPrivilegeEscalation() *bool { + return w.containerSC.AllowPrivilegeEscalation() +} +func (w *effectiveContainerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) { + if !reflect.DeepEqual(w.AllowPrivilegeEscalation(), v) { + w.containerSC.SetAllowPrivilegeEscalation(v) + } +} diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go index 2535000f94..dea78e1e83 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go @@ -2,6 +2,7 @@ package sccmatching import ( "fmt" + "strings" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/sets" @@ -99,7 +100,7 @@ func NewSimpleProvider(scc *securityv1.SecurityContextConstraints) (SecurityCont // on the PodSecurityContext it will not be changed. Validate should be used after the context // is created to ensure it complies with the required restrictions. func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurityContext, map[string]string, error) { - sc := securitycontext.NewPodSecurityContextMutator(pod.Spec.SecurityContext) + sc := NewPodSecurityContextMutator(pod.Spec.SecurityContext) annotationsCopy := maps.CopySS(pod.Annotations) @@ -138,6 +139,7 @@ func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurit annotationsCopy = map[string]string{} } annotationsCopy[api.SeccompPodAnnotationKey] = seccompProfile + sc.SetSeccompProfile(seccompFieldForAnnotation(seccompProfile)) } return sc.PodSecurityContext(), annotationsCopy, nil @@ -147,9 +149,9 @@ func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurit // container's security context then it will not be changed. Validation should be used after // the context is created to ensure it complies with the required restrictions. func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error) { - sc := securitycontext.NewEffectiveContainerSecurityContextMutator( - securitycontext.NewPodSecurityContextAccessor(pod.Spec.SecurityContext), - securitycontext.NewContainerSecurityContextMutator(container.SecurityContext), + sc := NewEffectiveContainerSecurityContextMutator( + NewPodSecurityContextAccessor(pod.Spec.SecurityContext), + NewContainerSecurityContextMutator(container.SecurityContext), ) if sc.RunAsUser() == nil { uid, err := s.runAsUserStrategy.Generate(pod, container) @@ -214,6 +216,11 @@ func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container } } + containerSeccomp, ok := pod.Annotations[api.SeccompContainerAnnotationKeyPrefix+container.Name] + if ok { + sc.SetSeccompProfile(seccompFieldForAnnotation(containerSeccomp)) + } + // if the SCC sets DefaultAllowPrivilegeEscalation and the container security context // allowPrivilegeEscalation is not set, then default to that set by the SCC. // @@ -497,3 +504,34 @@ func allowsVolumeType(allowedVolumes sets.String, fsType securityv1.FSType, volu fsType == securityv1.FSProjected && sccutil.IsOnlyServiceAccountTokenSources(volumeSource.Projected) } + +// seccompFieldForAnnotation takes a pod annotation and returns the converted +// seccomp profile field. +// SeccompAnnotations removal is planned for Kube 1.27, remove this logic afterwards +func seccompFieldForAnnotation(annotation string) *api.SeccompProfile { + // If only seccomp annotations are specified, copy the values into the + // corresponding fields. This ensures that existing applications continue + // to enforce seccomp, and prevents the kubelet from needing to resolve + // annotations & fields. + if annotation == corev1.SeccompProfileNameUnconfined { + return &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined} + } + + if annotation == api.SeccompProfileRuntimeDefault || annotation == api.DeprecatedSeccompProfileDockerDefault { + return &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault} + } + + if strings.HasPrefix(annotation, corev1.SeccompLocalhostProfileNamePrefix) { + localhostProfile := strings.TrimPrefix(annotation, corev1.SeccompLocalhostProfileNamePrefix) + if localhostProfile != "" { + return &api.SeccompProfile{ + Type: api.SeccompProfileTypeLocalhost, + LocalhostProfile: &localhostProfile, + } + } + } + + // we can only reach this code path if the localhostProfile name has a zero + // length or if the annotation has an unrecognized value + return nil +} diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go index 822ed42a04..7a96eae331 100644 --- a/vendor/golang.org/x/net/html/doc.go +++ b/vendor/golang.org/x/net/html/doc.go @@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order: The relevant specifications include: https://html.spec.whatwg.org/multipage/syntax.html and https://html.spec.whatwg.org/multipage/syntax.html#tokenization + +# Security Considerations + +Care should be taken when parsing and interpreting HTML, whether full documents +or fragments, within the framework of the HTML specification, especially with +regard to untrusted inputs. + +This package provides both a tokenizer and a parser. Only the parser constructs +a DOM according to the HTML specification, resolving malformed and misplaced +tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, +and as such does not resolve issues that may exist in the processed HTML, +producing a literal interpretation of the input. + +If your use case requires semantically well-formed HTML, as defined by the +WHATWG specifiction, the parser should be used rather than the tokenizer. */ package html // import "golang.org/x/net/html" diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go index d856139620..04c6bec210 100644 --- a/vendor/golang.org/x/net/html/escape.go +++ b/vendor/golang.org/x/net/html/escape.go @@ -193,6 +193,87 @@ func lower(b []byte) []byte { return b } +// escapeComment is like func escape but escapes its input bytes less often. +// Per https://github.com/golang/go/issues/58246 some HTML comments are (1) +// meaningful and (2) contain angle brackets that we'd like to avoid escaping +// unless we have to. +// +// "We have to" includes the '&' byte, since that introduces other escapes. +// +// It also includes those bytes (not including EOF) that would otherwise end +// the comment. Per the summary table at the bottom of comment_test.go, this is +// the '>' byte that, per above, we'd like to avoid escaping unless we have to. +// +// Studying the summary table (and T actions in its '>' column) closely, we +// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the +// start of the comment data. State 52 is after a '!'. The other three states +// are after a '-'. +// +// Our algorithm is thus to escape every '&' and to escape '>' if and only if: +// - The '>' is after a '!' or '-' (in the unescaped data) or +// - The '>' is at the start of the comment data (after the opening "<!--"). +func escapeComment(w writer, s string) error { + // When modifying this function, consider manually increasing the + // maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more. + // That increase should only be temporary, not committed, as it + // exponentially affects the test running time. + + if len(s) == 0 { + return nil + } + + // Loop: + // - Grow j such that s[i:j] does not need escaping. + // - If s[j] does need escaping, output s[i:j] and an escaped s[j], + // resetting i and j to point past that s[j] byte. + i := 0 + for j := 0; j < len(s); j++ { + escaped := "" + switch s[j] { + case '&': + escaped = "&amp;" + + case '>': + if j > 0 { + if prev := s[j-1]; (prev != '!') && (prev != '-') { + continue + } + } + escaped = "&gt;" + + default: + continue + } + + if i < j { + if _, err := w.WriteString(s[i:j]); err != nil { + return err + } + } + if _, err := w.WriteString(escaped); err != nil { + return err + } + i = j + 1 + } + + if i < len(s) { + if _, err := w.WriteString(s[i:]); err != nil { + return err + } + } + return nil +} + +// escapeCommentString is to EscapeString as escapeComment is to escape. +func escapeCommentString(s string) string { + if strings.IndexAny(s, "&>") == -1 { + return s + } + var buf bytes.Buffer + escapeComment(&buf, s) + return buf.String() +} + const escapedChars = "&'<>\"\r" func escape(w writer, s string) error { diff --git a/vendor/golang.org/x/net/html/render.go b/vendor/golang.org/x/net/html/render.go index 497e132042..8b28031905 100644 --- a/vendor/golang.org/x/net/html/render.go +++ b/vendor/golang.org/x/net/html/render.go @@ -85,7 +85,7 @@ func render1(w writer, n *Node) error { if _, err := w.WriteString("<!--"); err != nil { return err } - if err := escape(w, n.Data); err != nil { + if err := escapeComment(w, n.Data); err != nil { return err } if _, err := w.WriteString("-->"); err != nil { diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go index 50f7c6aac8..5c2a1f4efa 100644 --- a/vendor/golang.org/x/net/html/token.go +++ b/vendor/golang.org/x/net/html/token.go @@ -110,7 +110,7 @@ func (t Token) String() string { case SelfClosingTagToken: return "<" + t.tagString() + "/>" case CommentToken: - return "<!--" + EscapeString(t.Data) + "-->" + return "<!--" + escapeCommentString(t.Data) + "-->" case DoctypeToken: return "<!DOCTYPE " + EscapeString(t.Data) + ">" } @@ -598,10 +598,10 @@ scriptDataDoubleEscapeEnd: // readComment reads the next comment token starting with "<!--". The opening // "<!--" has already been consumed. func (z *Tokenizer) readComment() { - // When modifying this function, consider manually increasing the suffixLen - // constant in func TestComments, from 6 to e.g. 9 or more. That increase - // should only be temporary, not committed, as it exponentially affects the - // test running time. + // When modifying this function, consider manually increasing the + // maxSuffixLen constant in func TestComments, from 6 to e.g. 9 or more. + // That increase should only be temporary, not committed, as it + // exponentially affects the test running time. z.data.start = z.raw.end defer func() { diff --git a/vendor/golang.org/x/sync/singleflight/singleflight.go b/vendor/golang.org/x/sync/singleflight/singleflight.go index 690eb85013..8473fb7922 100644 --- a/vendor/golang.org/x/sync/singleflight/singleflight.go +++ b/vendor/golang.org/x/sync/singleflight/singleflight.go @@ -52,10 +52,6 @@ type call struct { val interface{} err error - // forgotten indicates whether Forget was called with this call's key - // while the call was still in flight. - forgotten bool - // These fields are read and written with the singleflight // mutex held before the WaitGroup is done, and are read but // not written after the WaitGroup is done. @@ -148,10 +144,10 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) { c.err = errGoexit } - c.wg.Done() g.mu.Lock() defer g.mu.Unlock() - if !c.forgotten { + c.wg.Done() + if g.m[key] == c { delete(g.m, key) } @@ -204,9 +200,6 @@ func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) { // an earlier call to complete. func (g *Group) Forget(key string) { g.mu.Lock() - if c, ok := g.m[key]; ok { - c.forgotten = true - } delete(g.m, key) g.mu.Unlock() } diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go index f3baa37932..1d9d91f3ed 100644 --- a/vendor/golang.org/x/sys/cpu/hwcap_linux.go +++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go @@ -24,6 +24,21 @@ var hwCap uint var hwCap2 uint func readHWCAP() error { + // For Go 1.21+, get auxv from the Go runtime. + if a := getAuxv(); len(a) > 0 { + for len(a) >= 2 { + tag, val := a[0], uint(a[1]) + a = a[2:] + switch tag { + case _AT_HWCAP: + hwCap = val + case _AT_HWCAP2: + hwCap2 = val + } + } + return nil + } + buf, err := ioutil.ReadFile(procAuxv) if err != nil { // e.g. on android /proc/self/auxv is not accessible, so silently diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go new file mode 100644 index 0000000000..5f92ac9a2e --- /dev/null +++ b/vendor/golang.org/x/sys/cpu/runtime_auxv.go @@ -0,0 +1,16 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init) +// on platforms that use auxv. +var getAuxvFn func() []uintptr + +func getAuxv() []uintptr { + if getAuxvFn == nil { + return nil + } + return getAuxvFn() +} diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go new file mode 100644 index 0000000000..b975ea2a04 --- /dev/null +++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go @@ -0,0 +1,19 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.21 +// +build go1.21 + +package cpu + +import ( + _ "unsafe" // for linkname +) + +//go:linkname runtime_getAuxv runtime.getAuxv +func runtime_getAuxv() []uintptr + +func init() { + getAuxvFn = runtime_getAuxv +} diff --git a/vendor/golang.org/x/sys/execabs/execabs.go b/vendor/golang.org/x/sys/execabs/execabs.go index b981cfbb4a..3bf40fdfec 100644 --- a/vendor/golang.org/x/sys/execabs/execabs.go +++ b/vendor/golang.org/x/sys/execabs/execabs.go @@ -63,7 +63,7 @@ func LookPath(file string) (string, error) { } func fixCmd(name string, cmd *exec.Cmd) { - if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) { + if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) && !isGo119ErrFieldSet(cmd) { // exec.Command was called with a bare binary name and // exec.LookPath returned a path which is not absolute. // Set cmd.lookPathErr and clear cmd.Path so that it diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go index 6ab5f50894..2000064a81 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go118.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go @@ -7,6 +7,12 @@ package execabs +import "os/exec" + func isGo119ErrDot(err error) bool { return false } + +func isGo119ErrFieldSet(cmd *exec.Cmd) bool { + return false +} diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go index 46c5b525e7..f364b34189 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go119.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go @@ -15,3 +15,7 @@ import ( func isGo119ErrDot(err error) bool { return errors.Is(err, exec.ErrDot) } + +func isGo119ErrFieldSet(cmd *exec.Cmd) bool { + return cmd.Err != nil +} diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl.go index 1c51b0ec2b..7ce8dd406f 100644 --- a/vendor/golang.org/x/sys/unix/ioctl.go +++ b/vendor/golang.org/x/sys/unix/ioctl.go @@ -8,7 +8,6 @@ package unix import ( - "runtime" "unsafe" ) @@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error { // passing the integer value directly. func IoctlSetPointerInt(fd int, req uint, value int) error { v := int32(value) - return ioctl(fd, req, uintptr(unsafe.Pointer(&v))) + return ioctlPtr(fd, req, unsafe.Pointer(&v)) } // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. @@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // The req value will usually be TCSETA or TIOCSETA. func IoctlSetTermios(fd int, req uint, value *Termios) error { // TODO: if we get the chance, remove the req parameter. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlGetInt performs an ioctl operation which gets an integer value @@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } func IoctlGetTermios(fd int, req uint) (*Termios, error) { var value Termios - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go index 5384e7d91d..6532f09af2 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_zos.go +++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go @@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go index 463c3eff7f..39dba6ca6a 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go +++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) error { return ptrace1(request, pid, addr, data) } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error { + return ptrace1Ptr(request, pid, addr, data) +} diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go index ed0509a011..9ea66330a9 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_ios.go +++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { return ENOTSUP } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + return ENOTSUP +} diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index 2db1b51e99..d9f5544ccf 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -411,6 +409,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 } func (w WaitStatus) TrapCause() int { return -1 } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX // There is no way to create a custom fcntl and to keep //sys fcntl easily, diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go index eda42671f1..7705c3270b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 192b071b3d..7064d6ebab 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -14,7 +14,6 @@ package unix import ( "fmt" - "runtime" "syscall" "unsafe" ) @@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) { func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error { - err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo))) - runtime.KeepAlive(ctlInfo) - return err + return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo)) } // IfreqMTU is struct ifreq used to get or set a network device's MTU. @@ -394,16 +392,14 @@ type IfreqMTU struct { func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) { var ifreq IfreqMTU copy(ifreq.Name[:], ifname) - err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq))) + err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq)) return &ifreq, err } // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU // of the network device specified by ifreq.Name. func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error { - err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq))) - runtime.KeepAlive(ifreq) - return err + return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq)) } //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go index b37310ce9b..9fa879806b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64 //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 //sys Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64 diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go index d51ec99630..f17b8c526a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT //sys Lstat(path string, stat *Stat_t) (err error) //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, stat *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index a41111a794..221efc26bc 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index d50b9dc250..5bdde03e4a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } -//sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL @@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } //sys ptrace(request int, pid int, addr uintptr, data int) (err error) +//sys ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) @@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) { } func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) { - return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0) + return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0) } func PtraceGetRegs(pid int, regsout *Reg) (err error) { - return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0) + return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0) +} + +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + } + if countin > 0 { + _ = out[:countin] // check bounds + ioDesc.Addr = &out[0] + } else if out != nil { + ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero)) + } + ioDesc.SetLen(countin) + + err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0) + return int(ioDesc.Len), err } func PtraceLwpEvents(pid int, enable int) (err error) { return ptrace(PT_LWP_EVENTS, pid, 0, enable) } -func PtraceLwpInfo(pid int, info uintptr) (err error) { - return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{}))) +func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) { + return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info))) } func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) { @@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceSetRegs(pid int, regs *Reg) (err error) { - return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0) + return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0) } func PtraceSingleStep(pid int) (err error) { return ptrace(PT_STEP, pid, 1, 0) } +func Dup3(oldfd, newfd, flags int) error { + if oldfd == newfd || flags&^O_CLOEXEC != 0 { + return EINVAL + } + how := F_DUP2FD + if flags&O_CLOEXEC != 0 { + how = F_DUP2FD_CLOEXEC + } + _, err := fcntl(oldfd, how, newfd) + return err +} + /* * Exposed directly */ diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index 6a91d471d0..b8da510043 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 48110a0abb..47155c4839 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index 52f1d4b75a..08932093fa 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index 5537ee4f2e..d151a0d0e5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index 164abd5d21..d5cd64b378 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go index 4ffb64808d..381fd4673b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_hurd.go +++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go @@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { } return } + +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg))) + if r0 == -1 && er != nil { + err = er + } + return +} diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 5443dddd48..9735331530 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) { return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o))) } +func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error { + return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s)) +} + // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html) // KeyctlInt calls keyctl commands in which each argument is an int. @@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) { } //sys ptrace(request int, pid int, addr uintptr, data uintptr) (err error) +//sys ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) { // The peek requests are machine-size oriented, so we wrap it @@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro // boundary. n := 0 if addr%SizeofPtr != 0 { - err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro for len(out) > 0 { // We use an internal buffer to guarantee alignment. // It's not documented if this is necessary, but we're paranoid. - err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c n := 0 if addr%SizeofPtr != 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c // Trailing edge. if len(data) > 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } func PtraceSetOptions(pid int, options int) (err error) { @@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) { func PtraceGetEventMsg(pid int) (msg uint, err error) { var data _C_long - err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data))) + err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data)) msg = uint(data) return } @@ -2154,6 +2158,14 @@ func isGroupMember(gid int) bool { return false } +func isCapDacOverrideSet() bool { + hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3} + data := [2]CapUserData{} + err := Capget(&hdr, &data[0]) + + return err == nil && data[0].Effective&(1<<CAP_DAC_OVERRIDE) != 0 +} + //sys faccessat(dirfd int, path string, mode uint32) (err error) //sys Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) @@ -2189,6 +2201,12 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { var uid int if flags&AT_EACCESS != 0 { uid = Geteuid() + if uid != 0 && isCapDacOverrideSet() { + // If CAP_DAC_OVERRIDE is set, file access check is + // done by the kernel in the same way as for root + // (see generic_permission() in the Linux sources). + uid = 0 + } } else { uid = Getuid() } diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 35a3ad758f..e66865dccb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -13,7 +13,6 @@ package unix import ( - "runtime" "syscall" "unsafe" ) @@ -178,13 +177,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL func IoctlGetPtmget(fd int, req uint) (*Ptmget, error) { var value Ptmget - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) - runtime.KeepAlive(value) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 9b67b908e5..5e9de23ae3 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -152,6 +152,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 07ac56109a..d3444b64d6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -408,8 +408,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -547,21 +546,25 @@ func Minor(dev uint64) uint32 { */ //sys ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl +//sys ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) = libc.ioctl func ioctl(fd int, req uint, arg uintptr) (err error) { _, err = ioctlRet(fd, req, arg) return err } -func IoctlSetTermio(fd int, req uint, value *Termio) error { - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, err = ioctlPtrRet(fd, req, arg) return err } +func IoctlSetTermio(fd int, req uint, value *Termio) error { + return ioctlPtr(fd, req, unsafe.Pointer(value)) +} + func IoctlGetTermio(fd int, req uint) (*Termio, error) { var value Termio - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } @@ -1084,7 +1087,7 @@ func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) { func IoctlSetString(fd int, req uint, val string) error { bs := make([]byte, len(val)+1) copy(bs[:len(bs)-1], val) - err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0]))) + err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0])) runtime.KeepAlive(&bs[0]) return err } @@ -1118,7 +1121,7 @@ func (l *Lifreq) GetLifruUint() uint { } func IoctlLifreq(fd int, req uint, l *Lifreq) error { - return ioctl(fd, req, uintptr(unsafe.Pointer(l))) + return ioctlPtr(fd, req, unsafe.Pointer(l)) } // Strioctl Helpers @@ -1129,5 +1132,5 @@ func (s *Strioctl) SetInt(i int) { } func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) { - return ioctlRet(fd, req, uintptr(unsafe.Pointer(s))) + return ioctlPtrRet(fd, req, unsafe.Pointer(s)) } diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 68b2f3e1cd..b295497ae4 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -139,8 +139,7 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < int(pp.Len) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -214,6 +213,7 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP //sys munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP //sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys Access(path string, mode uint32) (err error) = SYS___ACCESS_A //sys Chdir(path string) (err error) = SYS___CHDIR_A diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index e174685adb..398c37e52d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -70,6 +70,7 @@ const ( ALG_SET_DRBG_ENTROPY = 0x6 ALG_SET_IV = 0x2 ALG_SET_KEY = 0x1 + ALG_SET_KEY_BY_KEY_SERIAL = 0x7 ALG_SET_OP = 0x3 ANON_INODE_FS_MAGIC = 0x9041934 ARPHRD_6LOWPAN = 0x339 @@ -774,6 +775,8 @@ const ( DEVLINK_GENL_MCGRP_CONFIG_NAME = "config" DEVLINK_GENL_NAME = "devlink" DEVLINK_GENL_VERSION = 0x1 + DEVLINK_PORT_FN_CAP_MIGRATABLE = 0x2 + DEVLINK_PORT_FN_CAP_ROCE = 0x1 DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX = 0x14 DEVLINK_SUPPORTED_FLASH_OVERWRITE_SECTIONS = 0x3 DEVMEM_MAGIC = 0x454d444d @@ -1262,6 +1265,8 @@ const ( FSCRYPT_MODE_AES_256_CTS = 0x4 FSCRYPT_MODE_AES_256_HCTR2 = 0xa FSCRYPT_MODE_AES_256_XTS = 0x1 + FSCRYPT_MODE_SM4_CTS = 0x8 + FSCRYPT_MODE_SM4_XTS = 0x7 FSCRYPT_POLICY_FLAGS_PAD_16 = 0x2 FSCRYPT_POLICY_FLAGS_PAD_32 = 0x3 FSCRYPT_POLICY_FLAGS_PAD_4 = 0x0 @@ -1280,8 +1285,6 @@ const ( FS_ENCRYPTION_MODE_AES_256_GCM = 0x2 FS_ENCRYPTION_MODE_AES_256_XTS = 0x1 FS_ENCRYPTION_MODE_INVALID = 0x0 - FS_ENCRYPTION_MODE_SPECK128_256_CTS = 0x8 - FS_ENCRYPTION_MODE_SPECK128_256_XTS = 0x7 FS_IOC_ADD_ENCRYPTION_KEY = 0xc0506617 FS_IOC_GET_ENCRYPTION_KEY_STATUS = 0xc080661a FS_IOC_GET_ENCRYPTION_POLICY_EX = 0xc0096616 @@ -1770,6 +1773,7 @@ const ( LANDLOCK_ACCESS_FS_REFER = 0x2000 LANDLOCK_ACCESS_FS_REMOVE_DIR = 0x10 LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20 + LANDLOCK_ACCESS_FS_TRUNCATE = 0x4000 LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 LINUX_REBOOT_CMD_CAD_OFF = 0x0 @@ -1809,6 +1813,7 @@ const ( LWTUNNEL_IP_OPT_GENEVE_MAX = 0x3 LWTUNNEL_IP_OPT_VXLAN_MAX = 0x1 MADV_COLD = 0x14 + MADV_COLLAPSE = 0x19 MADV_DODUMP = 0x11 MADV_DOFORK = 0xb MADV_DONTDUMP = 0x10 @@ -2163,6 +2168,7 @@ const ( PACKET_FANOUT_DATA = 0x16 PACKET_FANOUT_EBPF = 0x7 PACKET_FANOUT_FLAG_DEFRAG = 0x8000 + PACKET_FANOUT_FLAG_IGNORE_OUTGOING = 0x4000 PACKET_FANOUT_FLAG_ROLLOVER = 0x1000 PACKET_FANOUT_FLAG_UNIQUEID = 0x2000 PACKET_FANOUT_HASH = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go index bd001a6e1c..97f20ca282 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go @@ -15,12 +15,12 @@ type PtraceRegsArm struct { // PtraceGetRegsArm fetches the registers used by arm binaries. func PtraceGetRegsArm(pid int, regsout *PtraceRegsArm) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsArm sets the registers used by arm binaries. func PtraceSetRegsArm(pid int, regs *PtraceRegsArm) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsArm64 is the registers used by arm64 binaries. @@ -33,10 +33,10 @@ type PtraceRegsArm64 struct { // PtraceGetRegsArm64 fetches the registers used by arm64 binaries. func PtraceGetRegsArm64(pid int, regsout *PtraceRegsArm64) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsArm64 sets the registers used by arm64 binaries. func PtraceSetRegsArm64(pid int, regs *PtraceRegsArm64) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go index 6cb6d688aa..834d2856dd 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go @@ -7,11 +7,11 @@ import "unsafe" // PtraceGetRegSetArm64 fetches the registers used by arm64 binaries. func PtraceGetRegSetArm64(pid, addr int, regsout *PtraceRegsArm64) error { iovec := Iovec{(*byte)(unsafe.Pointer(regsout)), uint64(unsafe.Sizeof(*regsout))} - return ptrace(PTRACE_GETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec))) + return ptracePtr(PTRACE_GETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec)) } // PtraceSetRegSetArm64 sets the registers used by arm64 binaries. func PtraceSetRegSetArm64(pid, addr int, regs *PtraceRegsArm64) error { iovec := Iovec{(*byte)(unsafe.Pointer(regs)), uint64(unsafe.Sizeof(*regs))} - return ptrace(PTRACE_SETREGSET, pid, uintptr(addr), uintptr(unsafe.Pointer(&iovec))) + return ptracePtr(PTRACE_SETREGSET, pid, uintptr(addr), unsafe.Pointer(&iovec)) } diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go index c34d0639be..0b5f794305 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go @@ -21,12 +21,12 @@ type PtraceRegsMips struct { // PtraceGetRegsMips fetches the registers used by mips binaries. func PtraceGetRegsMips(pid int, regsout *PtraceRegsMips) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMips sets the registers used by mips binaries. func PtraceSetRegsMips(pid int, regs *PtraceRegsMips) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsMips64 is the registers used by mips64 binaries. @@ -42,10 +42,10 @@ type PtraceRegsMips64 struct { // PtraceGetRegsMips64 fetches the registers used by mips64 binaries. func PtraceGetRegsMips64(pid int, regsout *PtraceRegsMips64) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMips64 sets the registers used by mips64 binaries. func PtraceSetRegsMips64(pid int, regs *PtraceRegsMips64) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go index 3ccf0c0c4a..2807f7e646 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go @@ -21,12 +21,12 @@ type PtraceRegsMipsle struct { // PtraceGetRegsMipsle fetches the registers used by mipsle binaries. func PtraceGetRegsMipsle(pid int, regsout *PtraceRegsMipsle) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMipsle sets the registers used by mipsle binaries. func PtraceSetRegsMipsle(pid int, regs *PtraceRegsMipsle) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsMips64le is the registers used by mips64le binaries. @@ -42,10 +42,10 @@ type PtraceRegsMips64le struct { // PtraceGetRegsMips64le fetches the registers used by mips64le binaries. func PtraceGetRegsMips64le(pid int, regsout *PtraceRegsMips64le) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsMips64le sets the registers used by mips64le binaries. func PtraceSetRegsMips64le(pid int, regs *PtraceRegsMips64le) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go index 7d65857004..281ea64e34 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go @@ -31,12 +31,12 @@ type PtraceRegs386 struct { // PtraceGetRegs386 fetches the registers used by 386 binaries. func PtraceGetRegs386(pid int, regsout *PtraceRegs386) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegs386 sets the registers used by 386 binaries. func PtraceSetRegs386(pid int, regs *PtraceRegs386) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } // PtraceRegsAmd64 is the registers used by amd64 binaries. @@ -72,10 +72,10 @@ type PtraceRegsAmd64 struct { // PtraceGetRegsAmd64 fetches the registers used by amd64 binaries. func PtraceGetRegsAmd64(pid int, regsout *PtraceRegsAmd64) error { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } // PtraceSetRegsAmd64 sets the registers used by amd64 binaries. func PtraceSetRegsAmd64(pid int, regs *PtraceRegsAmd64) error { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go index 870215d2c4..ef9dcd1bef 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go @@ -223,6 +223,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg))) + if r0 == -1 && er != nil { + err = er + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) { r0, er := C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg)) r = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go index a89b0bfa53..f86a945923 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go @@ -103,6 +103,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, e1 := callioctl_ptr(fd, int(req), arg) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func FcntlInt(fd uintptr, cmd int, arg int) (r int, err error) { r0, e1 := callfcntl(fd, cmd, uintptr(arg)) r = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go index 2caa5adf95..d32a84cae2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go @@ -423,6 +423,13 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) { + r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_ioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) { r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_fcntl)), 3, fd, uintptr(cmd), arg, 0, 0, 0) return diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go index 944a714b1a..d7d8baf819 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go @@ -191,6 +191,14 @@ func callioctl(fd int, req int, arg uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func callioctl_ptr(fd int, req int, arg unsafe.Pointer) (r1 uintptr, e1 Errno) { + r1 = uintptr(C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg)))) + e1 = syscall.GetErrno() + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func callfcntl(fd uintptr, cmd int, arg uintptr) (r1 uintptr, e1 Errno) { r1 = uintptr(C.fcntl(C.uintptr_t(fd), C.int(cmd), C.uintptr_t(arg))) e1 = syscall.GetErrno() diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index c2461c4967..a29ffdd566 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" @@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) { return } +func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ptrace_trampoline_addr uintptr //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 26a0fdc505..2fd4590bb7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -725,6 +725,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" @@ -2502,6 +2510,14 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) { return } +func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ptrace_trampoline_addr uintptr //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go index 54749f9c5e..3b85134707 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go @@ -436,6 +436,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 77479d4581..1129065624 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 2e966d4d7a..55f5abfe59 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index d65a7c0fa6..d39651c2b5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index 6f0b97c6db..ddb7408680 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index e1c23b5272..09a53a616c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 36ea3a55b7..430cb24de7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(arg) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 79f7389963..8e1d9c8f66 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index fb161f3a26..21c6950400 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 4c8ac993a8..298168f90a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 76dd8ec4fd..68b8bd492f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index caeb807bd4..0b0f910e1a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index a05e5f4fff..48ff5de75b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index b2da8e50cc..2452a641da 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 048b2655e6..5e35600a60 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 6f33e37e72..b04cef1a19 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 330cf7f7ac..47a07ee0c2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 5f24de0d9d..573378fdb9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 78d4a4240e..4873a1e5d3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -657,6 +657,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) + ret = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0) n = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index f2079457c6..07bfe2ef9a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go index d9c78cdcbc..29dc483378 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go @@ -362,7 +362,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go index 26991b1655..0a89b28906 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go @@ -367,7 +367,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go index f8324e7e7f..c8666bb152 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go @@ -350,7 +350,7 @@ type FpExtendedPrecision struct { type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go index 4220411f34..88fb48a887 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -347,7 +347,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go index 0660fd45c7..698dc975e9 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go @@ -348,7 +348,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 7d9fc8f1c9..ca84727cfe 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -456,36 +456,60 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 } type CanFilter struct { @@ -528,7 +552,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0x68 + SizeofTCPInfo = 0xf0 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -1043,6 +1067,7 @@ const ( PerfBitCommExec = CBitFieldMaskBit24 PerfBitUseClockID = CBitFieldMaskBit25 PerfBitContextSwitch = CBitFieldMaskBit26 + PerfBitWriteBackward = CBitFieldMaskBit27 ) const ( @@ -1239,7 +1264,7 @@ type TCPMD5Sig struct { Flags uint8 Prefixlen uint8 Keylen uint16 - _ uint32 + Ifindex int32 Key [80]uint8 } @@ -1939,7 +1964,11 @@ const ( NFT_MSG_GETOBJ = 0x13 NFT_MSG_DELOBJ = 0x14 NFT_MSG_GETOBJ_RESET = 0x15 - NFT_MSG_MAX = 0x19 + NFT_MSG_NEWFLOWTABLE = 0x16 + NFT_MSG_GETFLOWTABLE = 0x17 + NFT_MSG_DELFLOWTABLE = 0x18 + NFT_MSG_GETRULE_RESET = 0x19 + NFT_MSG_MAX = 0x1a NFTA_LIST_UNSPEC = 0x0 NFTA_LIST_ELEM = 0x1 NFTA_HOOK_UNSPEC = 0x0 @@ -2443,9 +2472,11 @@ const ( SOF_TIMESTAMPING_OPT_STATS = 0x1000 SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 + SOF_TIMESTAMPING_BIND_PHC = 0x8000 + SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000 - SOF_TIMESTAMPING_LAST = 0x8000 - SOF_TIMESTAMPING_MASK = 0xffff + SOF_TIMESTAMPING_LAST = 0x10000 + SOF_TIMESTAMPING_MASK = 0x1ffff SCM_TSTAMP_SND = 0x0 SCM_TSTAMP_SCHED = 0x1 @@ -3265,7 +3296,7 @@ const ( DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES = 0xae DEVLINK_ATTR_NESTED_DEVLINK = 0xaf DEVLINK_ATTR_SELFTESTS = 0xb0 - DEVLINK_ATTR_MAX = 0xb0 + DEVLINK_ATTR_MAX = 0xb3 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3281,7 +3312,8 @@ const ( DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR = 0x1 DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x3 + DEVLINK_PORT_FN_ATTR_CAPS = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 ) type FsverityDigest struct { @@ -3572,7 +3604,8 @@ const ( ETHTOOL_MSG_MODULE_SET = 0x23 ETHTOOL_MSG_PSE_GET = 0x24 ETHTOOL_MSG_PSE_SET = 0x25 - ETHTOOL_MSG_USER_MAX = 0x25 + ETHTOOL_MSG_RSS_GET = 0x26 + ETHTOOL_MSG_USER_MAX = 0x26 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3611,7 +3644,8 @@ const ( ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 ETHTOOL_MSG_MODULE_NTF = 0x24 ETHTOOL_MSG_PSE_GET_REPLY = 0x25 - ETHTOOL_MSG_KERNEL_MAX = 0x25 + ETHTOOL_MSG_RSS_GET_REPLY = 0x26 + ETHTOOL_MSG_KERNEL_MAX = 0x26 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3679,7 +3713,8 @@ const ( ETHTOOL_A_LINKSTATE_SQI_MAX = 0x4 ETHTOOL_A_LINKSTATE_EXT_STATE = 0x5 ETHTOOL_A_LINKSTATE_EXT_SUBSTATE = 0x6 - ETHTOOL_A_LINKSTATE_MAX = 0x6 + ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT = 0x7 + ETHTOOL_A_LINKSTATE_MAX = 0x7 ETHTOOL_A_DEBUG_UNSPEC = 0x0 ETHTOOL_A_DEBUG_HEADER = 0x1 ETHTOOL_A_DEBUG_MSGMASK = 0x2 @@ -4409,7 +4444,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x140 + NL80211_ATTR_MAX = 0x141 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4552,6 +4587,7 @@ const ( NL80211_ATTR_SUPPORT_MESH_AUTH = 0x73 NL80211_ATTR_SURVEY_INFO = 0x54 NL80211_ATTR_SURVEY_RADIO_STATS = 0xda + NL80211_ATTR_TD_BITMAP = 0x141 NL80211_ATTR_TDLS_ACTION = 0x88 NL80211_ATTR_TDLS_DIALOG_TOKEN = 0x89 NL80211_ATTR_TDLS_EXTERNAL_SETUP = 0x8c @@ -5752,3 +5788,25 @@ const ( AUDIT_NLGRP_NONE = 0x0 AUDIT_NLGRP_READLOG = 0x1 ) + +const ( + TUN_F_CSUM = 0x1 + TUN_F_TSO4 = 0x2 + TUN_F_TSO6 = 0x4 + TUN_F_TSO_ECN = 0x8 + TUN_F_UFO = 0x10 +) + +const ( + VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1 + VIRTIO_NET_HDR_F_DATA_VALID = 0x2 + VIRTIO_NET_HDR_F_RSC_INFO = 0x4 +) + +const ( + VIRTIO_NET_HDR_GSO_NONE = 0x0 + VIRTIO_NET_HDR_GSO_TCPV4 = 0x1 + VIRTIO_NET_HDR_GSO_UDP = 0x3 + VIRTIO_NET_HDR_GSO_TCPV6 = 0x4 + VIRTIO_NET_HDR_GSO_ECN = 0x80 +) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 89c516a29a..4ecc1495cd 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -414,7 +414,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 62b4fb2699..34fddff964 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -427,7 +427,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index e86b35893e..3b14a6031f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -405,7 +405,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 6c6be4c911..0517651ab3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -406,7 +406,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 4982ea355a..3b0c518134 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -407,7 +407,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 173141a670..fccdf4dd0f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 93ae4c5167..500de8fc07 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 4e4e510ca5..d0434cd2c6 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 3f5ba013d9..84206ba534 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 71dfe7cdb4..ab078cf1f5 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -417,7 +417,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 3a2b7f0a66..42eb2c4cef 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index a52d627563..31304a4e8b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index dfc007d8a6..c311f9612d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -434,7 +434,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index b53cb9103d..bba3cefac1 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -429,7 +429,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index fe0aa35472..ad8a013804 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -411,7 +411,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 41cb3c01fd..3723b2c224 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0)) //sys WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup //sys WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup //sys WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl +//sys WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW +//sys WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW +//sys WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd //sys socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket //sys sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto //sys recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom @@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 0c4add9741..857acf1032 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -1243,6 +1243,51 @@ const ( DnsSectionAdditional = 0x0003 ) +const ( + // flags of WSALookupService + LUP_DEEP = 0x0001 + LUP_CONTAINERS = 0x0002 + LUP_NOCONTAINERS = 0x0004 + LUP_NEAREST = 0x0008 + LUP_RETURN_NAME = 0x0010 + LUP_RETURN_TYPE = 0x0020 + LUP_RETURN_VERSION = 0x0040 + LUP_RETURN_COMMENT = 0x0080 + LUP_RETURN_ADDR = 0x0100 + LUP_RETURN_BLOB = 0x0200 + LUP_RETURN_ALIASES = 0x0400 + LUP_RETURN_QUERY_STRING = 0x0800 + LUP_RETURN_ALL = 0x0FF0 + LUP_RES_SERVICE = 0x8000 + + LUP_FLUSHCACHE = 0x1000 + LUP_FLUSHPREVIOUS = 0x2000 + + LUP_NON_AUTHORITATIVE = 0x4000 + LUP_SECURE = 0x8000 + LUP_RETURN_PREFERRED_NAMES = 0x10000 + LUP_DNS_ONLY = 0x20000 + + LUP_ADDRCONFIG = 0x100000 + LUP_DUAL_ADDR = 0x200000 + LUP_FILESERVER = 0x400000 + LUP_DISABLE_IDN_ENCODING = 0x00800000 + LUP_API_ANSI = 0x01000000 + + LUP_RESOLUTION_HANDLE = 0x80000000 +) + +const ( + // values of WSAQUERYSET's namespace + NS_ALL = 0 + NS_DNS = 12 + NS_NLA = 15 + NS_BTH = 16 + NS_EMAIL = 37 + NS_PNRPNAME = 38 + NS_PNRPCLOUD = 39 +) + type DNSSRVData struct { Target *uint16 Priority uint16 @@ -3258,3 +3303,43 @@ const ( DWMWA_TEXT_COLOR = 36 DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37 ) + +type WSAQUERYSET struct { + Size uint32 + ServiceInstanceName *uint16 + ServiceClassId *GUID + Version *WSAVersion + Comment *uint16 + NameSpace uint32 + NSProviderId *GUID + Context *uint16 + NumberOfProtocols uint32 + AfpProtocols *AFProtocols + QueryString *uint16 + NumberOfCsAddrs uint32 + SaBuffer *CSAddrInfo + OutputFlags uint32 + Blob *BLOB +} + +type WSAVersion struct { + Version uint32 + EnumerationOfComparison int32 +} + +type AFProtocols struct { + AddressFamily int32 + Protocol int32 +} + +type CSAddrInfo struct { + LocalAddr SocketAddress + RemoteAddr SocketAddress + SocketType int32 + Protocol int32 +} + +type BLOB struct { + Size uint32 + BlobData *byte +} diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index ac60052e44..6d2a268534 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -474,6 +474,9 @@ var ( procWSAEnumProtocolsW = modws2_32.NewProc("WSAEnumProtocolsW") procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult") procWSAIoctl = modws2_32.NewProc("WSAIoctl") + procWSALookupServiceBeginW = modws2_32.NewProc("WSALookupServiceBeginW") + procWSALookupServiceEnd = modws2_32.NewProc("WSALookupServiceEnd") + procWSALookupServiceNextW = modws2_32.NewProc("WSALookupServiceNextW") procWSARecv = modws2_32.NewProc("WSARecv") procWSARecvFrom = modws2_32.NewProc("WSARecvFrom") procWSASend = modws2_32.NewProc("WSASend") @@ -4067,6 +4070,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo return } +func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle))) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceEnd(handle Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) { + r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) { r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0) if r1 == socket_error { diff --git a/vendor/golang.org/x/text/encoding/internal/internal.go b/vendor/golang.org/x/text/encoding/internal/internal.go index 75a5fd1658..413e6fc6d7 100644 --- a/vendor/golang.org/x/text/encoding/internal/internal.go +++ b/vendor/golang.org/x/text/encoding/internal/internal.go @@ -64,7 +64,7 @@ func (e FuncEncoding) NewEncoder() *encoding.Encoder { // byte. type RepertoireError byte -// Error implements the error interrface. +// Error implements the error interface. func (r RepertoireError) Error() string { return "encoding: rune not supported by encoding." } diff --git a/vendor/golang.org/x/text/unicode/norm/forminfo.go b/vendor/golang.org/x/text/unicode/norm/forminfo.go index d69ccb4f97..487335d14d 100644 --- a/vendor/golang.org/x/text/unicode/norm/forminfo.go +++ b/vendor/golang.org/x/text/unicode/norm/forminfo.go @@ -13,7 +13,7 @@ import "encoding/binary" // a rune to a uint16. The values take two forms. For v >= 0x8000: // bits // 15: 1 (inverse of NFD_QC bit of qcInfo) -// 13..7: qcInfo (see below). isYesD is always true (no decompostion). +// 13..7: qcInfo (see below). isYesD is always true (no decomposition). // 6..0: ccc (compressed CCC value). // For v < 0x8000, the respective rune has a decomposition and v is an index // into a byte array of UTF-8 decomposition sequences and additional info and diff --git a/vendor/golang.org/x/tools/internal/gocommand/version.go b/vendor/golang.org/x/tools/internal/gocommand/version.go index 8db5ceb9d5..307a76d474 100644 --- a/vendor/golang.org/x/tools/internal/gocommand/version.go +++ b/vendor/golang.org/x/tools/internal/gocommand/version.go @@ -7,6 +7,7 @@ package gocommand import ( "context" "fmt" + "regexp" "strings" ) @@ -56,3 +57,25 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) { } return 0, fmt.Errorf("no parseable ReleaseTags in %v", tags) } + +// GoVersionOutput returns the complete output of the go version command. +func GoVersionOutput(ctx context.Context, inv Invocation, r *Runner) (string, error) { + inv.Verb = "version" + goVersion, err := r.Run(ctx, inv) + if err != nil { + return "", err + } + return goVersion.String(), nil +} + +// ParseGoVersionOutput extracts the Go version string +// from the output of the "go version" command. +// Given an unrecognized form, it returns an empty string. +func ParseGoVersionOutput(data string) string { + re := regexp.MustCompile(`^go version (go\S+|devel \S+)`) + m := re.FindStringSubmatch(data) + if len(m) != 2 { + return "" // unrecognized version + } + return m[1] +} diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go index 9b7b106fde..642a5ac2d7 100644 --- a/vendor/golang.org/x/tools/internal/imports/fix.go +++ b/vendor/golang.org/x/tools/internal/imports/fix.go @@ -697,6 +697,9 @@ func candidateImportName(pkg *pkg) string { // GetAllCandidates calls wrapped for each package whose name starts with // searchPrefix, and can be imported from filename with the package name filePkg. +// +// Beware that the wrapped function may be called multiple times concurrently. +// TODO(adonovan): encapsulate the concurrency. func GetAllCandidates(ctx context.Context, wrapped func(ImportFix), searchPrefix, filename, filePkg string, env *ProcessEnv) error { callback := &scanCallback{ rootFound: func(gopathwalk.Root) bool { @@ -796,7 +799,7 @@ func GetPackageExports(ctx context.Context, wrapped func(PackageExport), searchP return getCandidatePkgs(ctx, callback, filename, filePkg, env) } -var RequiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"} +var requiredGoEnvVars = []string{"GO111MODULE", "GOFLAGS", "GOINSECURE", "GOMOD", "GOMODCACHE", "GONOPROXY", "GONOSUMDB", "GOPATH", "GOPROXY", "GOROOT", "GOSUMDB", "GOWORK"} // ProcessEnv contains environment variables and settings that affect the use of // the go command, the go/build package, etc. @@ -866,7 +869,7 @@ func (e *ProcessEnv) init() error { } foundAllRequired := true - for _, k := range RequiredGoEnvVars { + for _, k := range requiredGoEnvVars { if _, ok := e.Env[k]; !ok { foundAllRequired = false break @@ -882,7 +885,7 @@ func (e *ProcessEnv) init() error { } goEnv := map[string]string{} - stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, RequiredGoEnvVars...)...) + stdout, err := e.invokeGo(context.TODO(), "env", append([]string{"-json"}, requiredGoEnvVars...)...) if err != nil { return err } diff --git a/vendor/golang.org/x/tools/internal/imports/sortimports.go b/vendor/golang.org/x/tools/internal/imports/sortimports.go index 85144db1df..1a0a7ebd9e 100644 --- a/vendor/golang.org/x/tools/internal/imports/sortimports.go +++ b/vendor/golang.org/x/tools/internal/imports/sortimports.go @@ -52,6 +52,7 @@ func sortImports(localPrefix string, tokFile *token.File, f *ast.File) { d.Specs = specs // Deduping can leave a blank line before the rparen; clean that up. + // Ignore line directives. if len(d.Specs) > 0 { lastSpec := d.Specs[len(d.Specs)-1] lastLine := tokFile.PositionFor(lastSpec.Pos(), false).Line diff --git a/vendor/golang.org/x/tools/internal/imports/zstdlib.go b/vendor/golang.org/x/tools/internal/imports/zstdlib.go index 5db9b2d4c7..31a75949cd 100644 --- a/vendor/golang.org/x/tools/internal/imports/zstdlib.go +++ b/vendor/golang.org/x/tools/internal/imports/zstdlib.go @@ -10,6 +10,7 @@ var stdlib = map[string][]string{ "archive/tar": { "ErrFieldTooLong", "ErrHeader", + "ErrInsecurePath", "ErrWriteAfterClose", "ErrWriteTooLong", "FileInfoHeader", @@ -45,6 +46,7 @@ var stdlib = map[string][]string{ "ErrAlgorithm", "ErrChecksum", "ErrFormat", + "ErrInsecurePath", "File", "FileHeader", "FileInfoHeader", @@ -87,12 +89,15 @@ var stdlib = map[string][]string{ }, "bytes": { "Buffer", + "Clone", "Compare", "Contains", "ContainsAny", "ContainsRune", "Count", "Cut", + "CutPrefix", + "CutSuffix", "Equal", "EqualFold", "ErrTooLarge", @@ -224,12 +229,15 @@ var stdlib = map[string][]string{ }, "context": { "Background", + "CancelCauseFunc", "CancelFunc", "Canceled", + "Cause", "Context", "DeadlineExceeded", "TODO", "WithCancel", + "WithCancelCause", "WithDeadline", "WithTimeout", "WithValue", @@ -306,6 +314,15 @@ var stdlib = map[string][]string{ "Sign", "Verify", }, + "crypto/ecdh": { + "Curve", + "P256", + "P384", + "P521", + "PrivateKey", + "PublicKey", + "X25519", + }, "crypto/ecdsa": { "GenerateKey", "PrivateKey", @@ -318,6 +335,7 @@ var stdlib = map[string][]string{ "crypto/ed25519": { "GenerateKey", "NewKeyFromSeed", + "Options", "PrivateKey", "PrivateKeySize", "PublicKey", @@ -326,6 +344,7 @@ var stdlib = map[string][]string{ "Sign", "SignatureSize", "Verify", + "VerifyWithOptions", }, "crypto/elliptic": { "Curve", @@ -423,10 +442,12 @@ var stdlib = map[string][]string{ "ConstantTimeEq", "ConstantTimeLessOrEq", "ConstantTimeSelect", + "XORBytes", }, "crypto/tls": { "Certificate", "CertificateRequestInfo", + "CertificateVerificationError", "CipherSuite", "CipherSuiteName", "CipherSuites", @@ -604,6 +625,7 @@ var stdlib = map[string][]string{ "SHA384WithRSAPSS", "SHA512WithRSA", "SHA512WithRSAPSS", + "SetFallbackRoots", "SignatureAlgorithm", "SystemCertPool", "SystemRootsError", @@ -1828,19 +1850,42 @@ var stdlib = map[string][]string{ "R_INFO32", "R_LARCH", "R_LARCH_32", + "R_LARCH_32_PCREL", "R_LARCH_64", + "R_LARCH_ABS64_HI12", + "R_LARCH_ABS64_LO20", + "R_LARCH_ABS_HI20", + "R_LARCH_ABS_LO12", "R_LARCH_ADD16", "R_LARCH_ADD24", "R_LARCH_ADD32", "R_LARCH_ADD64", "R_LARCH_ADD8", + "R_LARCH_B16", + "R_LARCH_B21", + "R_LARCH_B26", "R_LARCH_COPY", + "R_LARCH_GNU_VTENTRY", + "R_LARCH_GNU_VTINHERIT", + "R_LARCH_GOT64_HI12", + "R_LARCH_GOT64_LO20", + "R_LARCH_GOT64_PC_HI12", + "R_LARCH_GOT64_PC_LO20", + "R_LARCH_GOT_HI20", + "R_LARCH_GOT_LO12", + "R_LARCH_GOT_PC_HI20", + "R_LARCH_GOT_PC_LO12", "R_LARCH_IRELATIVE", "R_LARCH_JUMP_SLOT", "R_LARCH_MARK_LA", "R_LARCH_MARK_PCREL", "R_LARCH_NONE", + "R_LARCH_PCALA64_HI12", + "R_LARCH_PCALA64_LO20", + "R_LARCH_PCALA_HI20", + "R_LARCH_PCALA_LO12", "R_LARCH_RELATIVE", + "R_LARCH_RELAX", "R_LARCH_SOP_ADD", "R_LARCH_SOP_AND", "R_LARCH_SOP_ASSERT", @@ -1875,6 +1920,22 @@ var stdlib = map[string][]string{ "R_LARCH_TLS_DTPMOD64", "R_LARCH_TLS_DTPREL32", "R_LARCH_TLS_DTPREL64", + "R_LARCH_TLS_GD_HI20", + "R_LARCH_TLS_GD_PC_HI20", + "R_LARCH_TLS_IE64_HI12", + "R_LARCH_TLS_IE64_LO20", + "R_LARCH_TLS_IE64_PC_HI12", + "R_LARCH_TLS_IE64_PC_LO20", + "R_LARCH_TLS_IE_HI20", + "R_LARCH_TLS_IE_LO12", + "R_LARCH_TLS_IE_PC_HI20", + "R_LARCH_TLS_IE_PC_LO12", + "R_LARCH_TLS_LD_HI20", + "R_LARCH_TLS_LD_PC_HI20", + "R_LARCH_TLS_LE64_HI12", + "R_LARCH_TLS_LE64_LO20", + "R_LARCH_TLS_LE_HI20", + "R_LARCH_TLS_LE_LO12", "R_LARCH_TLS_TPREL32", "R_LARCH_TLS_TPREL64", "R_MIPS", @@ -1938,15 +1999,25 @@ var stdlib = map[string][]string{ "R_PPC64_ADDR16_HIGH", "R_PPC64_ADDR16_HIGHA", "R_PPC64_ADDR16_HIGHER", + "R_PPC64_ADDR16_HIGHER34", "R_PPC64_ADDR16_HIGHERA", + "R_PPC64_ADDR16_HIGHERA34", "R_PPC64_ADDR16_HIGHEST", + "R_PPC64_ADDR16_HIGHEST34", "R_PPC64_ADDR16_HIGHESTA", + "R_PPC64_ADDR16_HIGHESTA34", "R_PPC64_ADDR16_LO", "R_PPC64_ADDR16_LO_DS", "R_PPC64_ADDR24", "R_PPC64_ADDR32", "R_PPC64_ADDR64", "R_PPC64_ADDR64_LOCAL", + "R_PPC64_COPY", + "R_PPC64_D28", + "R_PPC64_D34", + "R_PPC64_D34_HA30", + "R_PPC64_D34_HI30", + "R_PPC64_D34_LO", "R_PPC64_DTPMOD64", "R_PPC64_DTPREL16", "R_PPC64_DTPREL16_DS", @@ -1960,8 +2031,12 @@ var stdlib = map[string][]string{ "R_PPC64_DTPREL16_HIGHESTA", "R_PPC64_DTPREL16_LO", "R_PPC64_DTPREL16_LO_DS", + "R_PPC64_DTPREL34", "R_PPC64_DTPREL64", "R_PPC64_ENTRY", + "R_PPC64_GLOB_DAT", + "R_PPC64_GNU_VTENTRY", + "R_PPC64_GNU_VTINHERIT", "R_PPC64_GOT16", "R_PPC64_GOT16_DS", "R_PPC64_GOT16_HA", @@ -1972,29 +2047,50 @@ var stdlib = map[string][]string{ "R_PPC64_GOT_DTPREL16_HA", "R_PPC64_GOT_DTPREL16_HI", "R_PPC64_GOT_DTPREL16_LO_DS", + "R_PPC64_GOT_DTPREL_PCREL34", + "R_PPC64_GOT_PCREL34", "R_PPC64_GOT_TLSGD16", "R_PPC64_GOT_TLSGD16_HA", "R_PPC64_GOT_TLSGD16_HI", "R_PPC64_GOT_TLSGD16_LO", + "R_PPC64_GOT_TLSGD_PCREL34", "R_PPC64_GOT_TLSLD16", "R_PPC64_GOT_TLSLD16_HA", "R_PPC64_GOT_TLSLD16_HI", "R_PPC64_GOT_TLSLD16_LO", + "R_PPC64_GOT_TLSLD_PCREL34", "R_PPC64_GOT_TPREL16_DS", "R_PPC64_GOT_TPREL16_HA", "R_PPC64_GOT_TPREL16_HI", "R_PPC64_GOT_TPREL16_LO_DS", + "R_PPC64_GOT_TPREL_PCREL34", "R_PPC64_IRELATIVE", "R_PPC64_JMP_IREL", "R_PPC64_JMP_SLOT", "R_PPC64_NONE", + "R_PPC64_PCREL28", + "R_PPC64_PCREL34", + "R_PPC64_PCREL_OPT", + "R_PPC64_PLT16_HA", + "R_PPC64_PLT16_HI", + "R_PPC64_PLT16_LO", "R_PPC64_PLT16_LO_DS", + "R_PPC64_PLT32", + "R_PPC64_PLT64", + "R_PPC64_PLTCALL", + "R_PPC64_PLTCALL_NOTOC", "R_PPC64_PLTGOT16", "R_PPC64_PLTGOT16_DS", "R_PPC64_PLTGOT16_HA", "R_PPC64_PLTGOT16_HI", "R_PPC64_PLTGOT16_LO", "R_PPC64_PLTGOT_LO_DS", + "R_PPC64_PLTREL32", + "R_PPC64_PLTREL64", + "R_PPC64_PLTSEQ", + "R_PPC64_PLTSEQ_NOTOC", + "R_PPC64_PLT_PCREL34", + "R_PPC64_PLT_PCREL34_NOTOC", "R_PPC64_REL14", "R_PPC64_REL14_BRNTAKEN", "R_PPC64_REL14_BRTAKEN", @@ -2002,13 +2098,28 @@ var stdlib = map[string][]string{ "R_PPC64_REL16DX_HA", "R_PPC64_REL16_HA", "R_PPC64_REL16_HI", + "R_PPC64_REL16_HIGH", + "R_PPC64_REL16_HIGHA", + "R_PPC64_REL16_HIGHER", + "R_PPC64_REL16_HIGHER34", + "R_PPC64_REL16_HIGHERA", + "R_PPC64_REL16_HIGHERA34", + "R_PPC64_REL16_HIGHEST", + "R_PPC64_REL16_HIGHEST34", + "R_PPC64_REL16_HIGHESTA", + "R_PPC64_REL16_HIGHESTA34", "R_PPC64_REL16_LO", "R_PPC64_REL24", "R_PPC64_REL24_NOTOC", + "R_PPC64_REL30", "R_PPC64_REL32", "R_PPC64_REL64", "R_PPC64_RELATIVE", + "R_PPC64_SECTOFF", "R_PPC64_SECTOFF_DS", + "R_PPC64_SECTOFF_HA", + "R_PPC64_SECTOFF_HI", + "R_PPC64_SECTOFF_LO", "R_PPC64_SECTOFF_LO_DS", "R_PPC64_TLS", "R_PPC64_TLSGD", @@ -2033,7 +2144,11 @@ var stdlib = map[string][]string{ "R_PPC64_TPREL16_HIGHESTA", "R_PPC64_TPREL16_LO", "R_PPC64_TPREL16_LO_DS", + "R_PPC64_TPREL34", "R_PPC64_TPREL64", + "R_PPC64_UADDR16", + "R_PPC64_UADDR32", + "R_PPC64_UADDR64", "R_PPC_ADDR14", "R_PPC_ADDR14_BRNTAKEN", "R_PPC_ADDR14_BRTAKEN", @@ -2581,6 +2696,9 @@ var stdlib = map[string][]string{ "IMAGE_FILE_MACHINE_POWERPC", "IMAGE_FILE_MACHINE_POWERPCFP", "IMAGE_FILE_MACHINE_R4000", + "IMAGE_FILE_MACHINE_RISCV128", + "IMAGE_FILE_MACHINE_RISCV32", + "IMAGE_FILE_MACHINE_RISCV64", "IMAGE_FILE_MACHINE_SH3", "IMAGE_FILE_MACHINE_SH3DSP", "IMAGE_FILE_MACHINE_SH4", @@ -2846,6 +2964,7 @@ var stdlib = map[string][]string{ "errors": { "As", "Is", + "Join", "New", "Unwrap", }, @@ -2916,6 +3035,7 @@ var stdlib = map[string][]string{ "Appendf", "Appendln", "Errorf", + "FormatString", "Formatter", "Fprint", "Fprintf", @@ -3401,6 +3521,7 @@ var stdlib = map[string][]string{ "RecvOnly", "RelativeTo", "Rune", + "Satisfies", "Scope", "Selection", "SelectionKind", @@ -3702,8 +3823,10 @@ var stdlib = map[string][]string{ "LimitedReader", "MultiReader", "MultiWriter", + "NewOffsetWriter", "NewSectionReader", "NopCloser", + "OffsetWriter", "Pipe", "PipeReader", "PipeWriter", @@ -3770,6 +3893,7 @@ var stdlib = map[string][]string{ "ReadDirFile", "ReadFile", "ReadFileFS", + "SkipAll", "SkipDir", "Stat", "StatFS", @@ -4140,6 +4264,7 @@ var stdlib = map[string][]string{ "FlagLoopback", "FlagMulticast", "FlagPointToPoint", + "FlagRunning", "FlagUp", "Flags", "HardwareAddr", @@ -4284,6 +4409,7 @@ var stdlib = map[string][]string{ "NewFileTransport", "NewRequest", "NewRequestWithContext", + "NewResponseController", "NewServeMux", "NoBody", "NotFound", @@ -4303,6 +4429,7 @@ var stdlib = map[string][]string{ "RedirectHandler", "Request", "Response", + "ResponseController", "ResponseWriter", "RoundTripper", "SameSite", @@ -4445,6 +4572,7 @@ var stdlib = map[string][]string{ "NewProxyClientConn", "NewServerConn", "NewSingleHostReverseProxy", + "ProxyRequest", "ReverseProxy", "ServerConn", }, @@ -4476,6 +4604,8 @@ var stdlib = map[string][]string{ "AddrPortFrom", "IPv4Unspecified", "IPv6LinkLocalAllNodes", + "IPv6LinkLocalAllRouters", + "IPv6Loopback", "IPv6Unspecified", "MustParseAddr", "MustParseAddrPort", @@ -4686,6 +4816,7 @@ var stdlib = map[string][]string{ "CommandContext", "ErrDot", "ErrNotFound", + "ErrWaitDelay", "Error", "ExitError", "LookPath", @@ -4734,11 +4865,13 @@ var stdlib = map[string][]string{ "Glob", "HasPrefix", "IsAbs", + "IsLocal", "Join", "ListSeparator", "Match", "Rel", "Separator", + "SkipAll", "SkipDir", "Split", "SplitList", @@ -4860,6 +4993,7 @@ var stdlib = map[string][]string{ "ErrInvalidRepeatOp", "ErrInvalidRepeatSize", "ErrInvalidUTF8", + "ErrLarge", "ErrMissingBracket", "ErrMissingParen", "ErrMissingRepeatArgument", @@ -4968,8 +5102,16 @@ var stdlib = map[string][]string{ }, "runtime/cgo": { "Handle", + "Incomplete", "NewHandle", }, + "runtime/coverage": { + "ClearCounters", + "WriteCounters", + "WriteCountersDir", + "WriteMeta", + "WriteMetaDir", + }, "runtime/debug": { "BuildInfo", "BuildSetting", @@ -5103,6 +5245,8 @@ var stdlib = map[string][]string{ "ContainsRune", "Count", "Cut", + "CutPrefix", + "CutSuffix", "EqualFold", "Fields", "FieldsFunc", @@ -5272,6 +5416,7 @@ var stdlib = map[string][]string{ "AF_TIPC", "AF_UNIX", "AF_UNSPEC", + "AF_UTUN", "AF_VENDOR00", "AF_VENDOR01", "AF_VENDOR02", @@ -5610,20 +5755,25 @@ var stdlib = map[string][]string{ "CLOCAL", "CLONE_CHILD_CLEARTID", "CLONE_CHILD_SETTID", + "CLONE_CLEAR_SIGHAND", "CLONE_CSIGNAL", "CLONE_DETACHED", "CLONE_FILES", "CLONE_FS", + "CLONE_INTO_CGROUP", "CLONE_IO", + "CLONE_NEWCGROUP", "CLONE_NEWIPC", "CLONE_NEWNET", "CLONE_NEWNS", "CLONE_NEWPID", + "CLONE_NEWTIME", "CLONE_NEWUSER", "CLONE_NEWUTS", "CLONE_PARENT", "CLONE_PARENT_SETTID", "CLONE_PID", + "CLONE_PIDFD", "CLONE_PTRACE", "CLONE_SETTLS", "CLONE_SIGHAND", @@ -6166,6 +6316,7 @@ var stdlib = map[string][]string{ "EPROTONOSUPPORT", "EPROTOTYPE", "EPWROFF", + "EQFULL", "ERANGE", "EREMCHG", "EREMOTE", @@ -6592,6 +6743,7 @@ var stdlib = map[string][]string{ "F_DUPFD", "F_DUPFD_CLOEXEC", "F_EXLCK", + "F_FINDSIGS", "F_FLUSH_DATA", "F_FREEZE_FS", "F_FSCTL", @@ -6602,6 +6754,7 @@ var stdlib = map[string][]string{ "F_FSPRIV", "F_FSVOID", "F_FULLFSYNC", + "F_GETCODEDIR", "F_GETFD", "F_GETFL", "F_GETLEASE", @@ -6615,6 +6768,7 @@ var stdlib = map[string][]string{ "F_GETPATH_MTMINFO", "F_GETPIPE_SZ", "F_GETPROTECTIONCLASS", + "F_GETPROTECTIONLEVEL", "F_GETSIG", "F_GLOBAL_NOCACHE", "F_LOCK", @@ -6647,6 +6801,7 @@ var stdlib = map[string][]string{ "F_SETLK64", "F_SETLKW", "F_SETLKW64", + "F_SETLKWTIMEOUT", "F_SETLK_REMOTE", "F_SETNOSIGPIPE", "F_SETOWN", @@ -6656,9 +6811,11 @@ var stdlib = map[string][]string{ "F_SETSIG", "F_SETSIZE", "F_SHLCK", + "F_SINGLE_WRITER", "F_TEST", "F_THAW_FS", "F_TLOCK", + "F_TRANSCODEKEY", "F_ULOCK", "F_UNLCK", "F_UNLCKSYS", @@ -7854,12 +8011,20 @@ var stdlib = map[string][]string{ "NOFLSH", "NOTE_ABSOLUTE", "NOTE_ATTRIB", + "NOTE_BACKGROUND", "NOTE_CHILD", + "NOTE_CRITICAL", "NOTE_DELETE", "NOTE_EOF", "NOTE_EXEC", "NOTE_EXIT", "NOTE_EXITSTATUS", + "NOTE_EXIT_CSERROR", + "NOTE_EXIT_DECRYPTFAIL", + "NOTE_EXIT_DETAIL", + "NOTE_EXIT_DETAIL_MASK", + "NOTE_EXIT_MEMORY", + "NOTE_EXIT_REPARENTED", "NOTE_EXTEND", "NOTE_FFAND", "NOTE_FFCOPY", @@ -7868,6 +8033,7 @@ var stdlib = map[string][]string{ "NOTE_FFNOP", "NOTE_FFOR", "NOTE_FORK", + "NOTE_LEEWAY", "NOTE_LINK", "NOTE_LOWAT", "NOTE_NONE", @@ -7946,6 +8112,7 @@ var stdlib = map[string][]string{ "O_CREAT", "O_DIRECT", "O_DIRECTORY", + "O_DP_GETRAWENCRYPTED", "O_DSYNC", "O_EVTONLY", "O_EXCL", @@ -8235,6 +8402,7 @@ var stdlib = map[string][]string{ "RLIMIT_AS", "RLIMIT_CORE", "RLIMIT_CPU", + "RLIMIT_CPU_USAGE_MONITOR", "RLIMIT_DATA", "RLIMIT_FSIZE", "RLIMIT_NOFILE", @@ -8347,9 +8515,11 @@ var stdlib = map[string][]string{ "RTF_PROTO1", "RTF_PROTO2", "RTF_PROTO3", + "RTF_PROXY", "RTF_REINSTATE", "RTF_REJECT", "RTF_RNH_LOCKED", + "RTF_ROUTER", "RTF_SOURCE", "RTF_SRC", "RTF_STATIC", @@ -8868,6 +9038,7 @@ var stdlib = map[string][]string{ "SO_NO_OFFLOAD", "SO_NP_EXTENSIONS", "SO_NREAD", + "SO_NUMRCVPKT", "SO_NWRITE", "SO_OOBINLINE", "SO_OVERFLOWED", @@ -9037,6 +9208,7 @@ var stdlib = map[string][]string{ "SYS_CREAT", "SYS_CREATE_MODULE", "SYS_CSOPS", + "SYS_CSOPS_AUDITTOKEN", "SYS_DELETE", "SYS_DELETE_MODULE", "SYS_DUP", @@ -9223,6 +9395,7 @@ var stdlib = map[string][]string{ "SYS_JAIL_GET", "SYS_JAIL_REMOVE", "SYS_JAIL_SET", + "SYS_KAS_INFO", "SYS_KDEBUG_TRACE", "SYS_KENV", "SYS_KEVENT", @@ -9250,6 +9423,7 @@ var stdlib = map[string][]string{ "SYS_LCHMOD", "SYS_LCHOWN", "SYS_LCHOWN32", + "SYS_LEDGER", "SYS_LGETFH", "SYS_LGETXATTR", "SYS_LINK", @@ -9346,6 +9520,7 @@ var stdlib = map[string][]string{ "SYS_OPENAT", "SYS_OPENBSD_POLL", "SYS_OPEN_BY_HANDLE_AT", + "SYS_OPEN_DPROTECTED_NP", "SYS_OPEN_EXTENDED", "SYS_OPEN_NOCANCEL", "SYS_OVADVISE", @@ -9978,6 +10153,7 @@ var stdlib = map[string][]string{ "TCP_CONNECTIONTIMEOUT", "TCP_CORK", "TCP_DEFER_ACCEPT", + "TCP_ENABLE_ECN", "TCP_INFO", "TCP_KEEPALIVE", "TCP_KEEPCNT", @@ -10000,11 +10176,13 @@ var stdlib = map[string][]string{ "TCP_NODELAY", "TCP_NOOPT", "TCP_NOPUSH", + "TCP_NOTSENT_LOWAT", "TCP_NSTATES", "TCP_QUICKACK", "TCP_RXT_CONNDROPTIME", "TCP_RXT_FINDROP", "TCP_SACK_ENABLE", + "TCP_SENDMOREACKS", "TCP_SYNCNT", "TCP_VENDOR", "TCP_WINDOW_CLAMP", @@ -10540,6 +10718,8 @@ var stdlib = map[string][]string{ "April", "August", "Date", + "DateOnly", + "DateTime", "December", "Duration", "February", @@ -10594,6 +10774,7 @@ var stdlib = map[string][]string{ "Tick", "Ticker", "Time", + "TimeOnly", "Timer", "Tuesday", "UTC", @@ -10892,6 +11073,7 @@ var stdlib = map[string][]string{ "Zs", }, "unicode/utf16": { + "AppendRune", "Decode", "DecodeRune", "Encode", @@ -10920,10 +11102,14 @@ var stdlib = map[string][]string{ "ValidString", }, "unsafe": { + "Add", "Alignof", - "ArbitraryType", "Offsetof", "Pointer", "Sizeof", + "Slice", + "SliceData", + "String", + "StringData", }, } diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto index 9264bfd98b..416811e291 100644 --- a/vendor/k8s.io/api/core/v1/generated.proto +++ b/vendor/k8s.io/api/core/v1/generated.proto @@ -4512,7 +4512,7 @@ message ResourceRequirements { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index 4be1df0c1d..0101e95d91 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -2320,7 +2320,7 @@ type ResourceRequirements struct { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index 6c6fe2e006..99391a423d 100644 --- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -2041,7 +2041,7 @@ var map_ResourceRequirements = map[string]string{ "": "ResourceRequirements describes the compute resource requirements.", "limits": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "requests": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", } func (ResourceRequirements) SwaggerDoc() map[string]string { diff --git a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 033a4c8fc3..758b0a3ac8 100644 --- a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -24,19 +24,36 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" ) +// StaleGroupVersionError encasulates failed GroupVersion marked "stale" +// in the returned AggregatedDiscovery format. +type StaleGroupVersionError struct { + gv schema.GroupVersion +} + +func (s StaleGroupVersionError) Error() string { + return fmt.Sprintf("stale GroupVersion discovery: %v", s.gv) +} + // SplitGroupsAndResources transforms "aggregated" discovery top-level structure into // the previous "unaggregated" discovery groups and resources. -func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList) { +func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Aggregated group list will contain the entirety of discovery, including - // groups, versions, and resources. + // groups, versions, and resources. GroupVersions marked "stale" are failed. groups := []*metav1.APIGroup{} + failedGVs := map[schema.GroupVersion]error{} resourcesByGV := map[schema.GroupVersion]*metav1.APIResourceList{} for _, aggGroup := range aggregatedGroups.Items { - group, resources := convertAPIGroup(aggGroup) + group, resources, failed := convertAPIGroup(aggGroup) groups = append(groups, group) for gv, resourceList := range resources { resourcesByGV[gv] = resourceList } + for gv, err := range failed { + failedGVs[gv] = err + } } // Transform slice of groups to group list before returning. groupList := &metav1.APIGroupList{} @@ -44,23 +61,32 @@ func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList for _, group := range groups { groupList.Groups = append(groupList.Groups, *group) } - return groupList, resourcesByGV + return groupList, resourcesByGV, failedGVs } // convertAPIGroup tranforms an "aggregated" APIGroupDiscovery to an "legacy" APIGroup, // also returning the map of APIResourceList for resources within GroupVersions. -func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[schema.GroupVersion]*metav1.APIResourceList) { +func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( + *metav1.APIGroup, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Iterate through versions to convert to group and resources. group := &metav1.APIGroup{} gvResources := map[schema.GroupVersion]*metav1.APIResourceList{} + failedGVs := map[schema.GroupVersion]error{} group.Name = g.ObjectMeta.Name - for i, v := range g.Versions { - version := metav1.GroupVersionForDiscovery{} + for _, v := range g.Versions { gv := schema.GroupVersion{Group: g.Name, Version: v.Version} + if v.Freshness == apidiscovery.DiscoveryFreshnessStale { + failedGVs[gv] = StaleGroupVersionError{gv: gv} + continue + } + version := metav1.GroupVersionForDiscovery{} version.GroupVersion = gv.String() version.Version = v.Version group.Versions = append(group.Versions, version) - if i == 0 { + // PreferredVersion is first non-stale Version + if group.PreferredVersion == (metav1.GroupVersionForDiscovery{}) { group.PreferredVersion = version } resourceList := &metav1.APIResourceList{} @@ -76,7 +102,7 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[sc } gvResources[gv] = resourceList } - return group, gvResources + return group, gvResources, failedGVs } // convertAPIResource tranforms a APIResourceDiscovery to an APIResource. diff --git a/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go b/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go index 0a41018474..9143ce00ab 100644 --- a/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go +++ b/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go @@ -33,6 +33,7 @@ import ( "k8s.io/client-go/openapi" cachedopenapi "k8s.io/client-go/openapi/cached" restclient "k8s.io/client-go/rest" + "k8s.io/klog/v2" ) type cacheEntry struct { @@ -61,6 +62,15 @@ var ( ErrCacheNotFound = errors.New("not found") ) +// Server returning empty ResourceList for Group/Version. +type emptyResponseError struct { + gv string +} + +func (e *emptyResponseError) Error() string { + return fmt.Sprintf("received empty response for: %s", e.gv) +} + var _ discovery.CachedDiscoveryInterface = &memCacheClient{} // isTransientConnectionError checks whether given error is "Connection refused" or @@ -103,7 +113,13 @@ func (d *memCacheClient) ServerResourcesForGroupVersion(groupVersion string) (*m if cachedVal.err != nil && isTransientError(cachedVal.err) { r, err := d.serverResourcesForGroupVersion(groupVersion) if err != nil { - utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err)) + // Don't log "empty response" as an error; it is a common response for metrics. + if _, emptyErr := err.(*emptyResponseError); emptyErr { + // Log at same verbosity as disk cache. + klog.V(3).Infof("%v", err) + } else { + utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err)) + } } cachedVal = &cacheEntry{r, err} d.groupToServerResources[groupVersion] = cachedVal @@ -120,32 +136,38 @@ func (d *memCacheClient) ServerGroupsAndResources() ([]*metav1.APIGroup, []*meta // GroupsAndMaybeResources returns the list of APIGroups, and possibly the map of group/version // to resources. The returned groups will never be nil, but the resources map can be nil // if there are no cached resources. -func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) { d.lock.Lock() defer d.lock.Unlock() if !d.cacheValid { if err := d.refreshLocked(); err != nil { - return nil, nil, err + return nil, nil, nil, err } } // Build the resourceList from the cache? var resourcesMap map[schema.GroupVersion]*metav1.APIResourceList + var failedGVs map[schema.GroupVersion]error if d.receivedAggregatedDiscovery && len(d.groupToServerResources) > 0 { resourcesMap = map[schema.GroupVersion]*metav1.APIResourceList{} + failedGVs = map[schema.GroupVersion]error{} for gv, cacheEntry := range d.groupToServerResources { groupVersion, err := schema.ParseGroupVersion(gv) if err != nil { - return nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err) + return nil, nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err) + } + if cacheEntry.err != nil { + failedGVs[groupVersion] = cacheEntry.err + } else { + resourcesMap[groupVersion] = cacheEntry.resourceList } - resourcesMap[groupVersion] = cacheEntry.resourceList } } - return d.groupList, resourcesMap, nil + return d.groupList, resourcesMap, failedGVs, nil } func (d *memCacheClient) ServerGroups() (*metav1.APIGroupList, error) { - groups, _, err := d.GroupsAndMaybeResources() + groups, _, _, err := d.GroupsAndMaybeResources() if err != nil { return nil, err } @@ -219,7 +241,8 @@ func (d *memCacheClient) refreshLocked() error { if ad, ok := d.delegate.(discovery.AggregatedDiscoveryInterface); ok { var resources map[schema.GroupVersion]*metav1.APIResourceList - gl, resources, err = ad.GroupsAndMaybeResources() + var failedGVs map[schema.GroupVersion]error + gl, resources, failedGVs, err = ad.GroupsAndMaybeResources() if resources != nil && err == nil { // Cache the resources. d.groupToServerResources = map[string]*cacheEntry{} @@ -227,6 +250,10 @@ func (d *memCacheClient) refreshLocked() error { for gv, resources := range resources { d.groupToServerResources[gv.String()] = &cacheEntry{resources, nil} } + // Cache GroupVersion discovery errors + for gv, err := range failedGVs { + d.groupToServerResources[gv.String()] = &cacheEntry{nil, err} + } d.receivedAggregatedDiscovery = true d.cacheValid = true return nil @@ -252,7 +279,13 @@ func (d *memCacheClient) refreshLocked() error { r, err := d.serverResourcesForGroupVersion(gv) if err != nil { - utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err)) + // Don't log "empty response" as an error; it is a common response for metrics. + if _, emptyErr := err.(*emptyResponseError); emptyErr { + // Log at same verbosity as disk cache. + klog.V(3).Infof("%v", err) + } else { + utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err)) + } } resultLock.Lock() @@ -274,7 +307,7 @@ func (d *memCacheClient) serverResourcesForGroupVersion(groupVersion string) (*m return r, err } if len(r.APIResources) == 0 { - return r, fmt.Errorf("Got empty response for: %v", groupVersion) + return r, &emptyResponseError{gv: groupVersion} } return r, nil } diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go index 43906190fb..641568008b 100644 --- a/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -86,7 +86,7 @@ type DiscoveryInterface interface { type AggregatedDiscoveryInterface interface { DiscoveryInterface - GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) + GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) } // CachedDiscoveryInterface is a DiscoveryInterface with cache invalidation and freshness. @@ -186,18 +186,23 @@ func apiVersionsToAPIGroup(apiVersions *metav1.APIVersions) (apiGroup metav1.API // and resources from /api and /apis (either aggregated or not). Legacy groups // must be ordered first. The server will either return both endpoints (/api, /apis) // as aggregated discovery format or legacy format. For safety, resources will only -// be returned if both endpoints returned resources. -func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// be returned if both endpoints returned resources. Returned "failedGVs" can be +// empty, but will only be nil in the case an error is returned. +func (d *DiscoveryClient) GroupsAndMaybeResources() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { // Legacy group ordered first (there is only one -- core/v1 group). Returned groups must // be non-nil, but it could be empty. Returned resources, apiResources map could be nil. - groups, resources, err := d.downloadLegacy() + groups, resources, failedGVs, err := d.downloadLegacy() if err != nil { - return nil, nil, err + return nil, nil, nil, err } // Discovery groups and (possibly) resources downloaded from /apis. - apiGroups, apiResources, aerr := d.downloadAPIs() + apiGroups, apiResources, failedApisGVs, aerr := d.downloadAPIs() if aerr != nil { - return nil, nil, aerr + return nil, nil, nil, aerr } // Merge apis groups into the legacy groups. for _, group := range apiGroups.Groups { @@ -211,14 +216,23 @@ func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[s } else if resources != nil { resources = nil } - return groups, resources, err + // Merge failed GroupVersions from /api and /apis + for gv, err := range failedApisGVs { + failedGVs[gv] = err + } + return groups, resources, failedGVs, err } // downloadLegacy returns the discovery groups and possibly resources // for the legacy v1 GVR at /api, or an error if one occurred. It is // possible for the resource map to be nil if the server returned -// the unaggregated discovery. -func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// the unaggregated discovery. Returned "failedGVs" can be empty, but +// will only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadLegacy() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -230,16 +244,19 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /apis. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} + if err != nil { + // Tolerate 404, since aggregated api servers can return it. + if errors.IsNotFound(err) { + // Return empty structures and no error. + emptyGVMap := map[schema.GroupVersion]*metav1.APIResourceList{} + return apiGroupList, emptyGVMap, failedGVs, nil + } else { + return nil, nil, nil, err + } } - apiGroupList := &metav1.APIGroupList{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { @@ -247,7 +264,7 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { - return nil, nil, err + return nil, nil, nil, err } apiGroup := metav1.APIGroup{} if len(v.Versions) != 0 { @@ -258,20 +275,25 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // downloadAPIs returns the discovery groups and (if aggregated format) the // discovery resources. The returned groups will always exist, but the -// resources map may be nil. -func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// resources map may be nil. Returned "failedGVs" can be empty, but will +// only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadAPIs() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -283,42 +305,38 @@ func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.Group Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /api. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + if err != nil { + return nil, nil, nil, err } apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { case AcceptV1: err = json.Unmarshal(body, apiGroupList) if err != nil { - return nil, nil, err + return nil, nil, nil, err } case AcceptV2Beta1: var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { - groups, _, err := d.GroupsAndMaybeResources() + groups, _, _, err := d.GroupsAndMaybeResources() if err != nil { return nil, err } @@ -341,8 +359,10 @@ func (d *DiscoveryClient) ServerResourcesForGroupVersion(groupVersion string) (r } err = d.restClient.Get().AbsPath(url.String()).Do(context.TODO()).Into(resources) if err != nil { - // ignore 403 or 404 error to be compatible with an v1.0 server. - if groupVersion == "v1" && (errors.IsNotFound(err) || errors.IsForbidden(err)) { + // Tolerate core/v1 not found response by returning empty resource list; + // this probably should not happen. But we should verify all callers are + // not depending on this toleration before removal. + if groupVersion == "v1" && errors.IsNotFound(err) { return resources, nil } return nil, err @@ -383,13 +403,14 @@ func IsGroupDiscoveryFailedError(err error) bool { func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*metav1.APIResourceList, error) { var sgs *metav1.APIGroupList var resources []*metav1.APIResourceList + var failedGVs map[schema.GroupVersion]error var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, // then attempt to retrieve aggregated discovery with both groups and the resources. if ad, ok := d.(AggregatedDiscoveryInterface); ok { var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList - sgs, resourcesByGV, err = ad.GroupsAndMaybeResources() + sgs, resourcesByGV, failedGVs, err = ad.GroupsAndMaybeResources() for _, resourceList := range resourcesByGV { resources = append(resources, resourceList) } @@ -404,8 +425,15 @@ func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*meta for i := range sgs.Groups { resultGroups = append(resultGroups, &sgs.Groups[i]) } + // resources is non-nil if aggregated discovery succeeded. if resources != nil { - return resultGroups, resources, nil + // Any stale Group/Versions returned by aggregated discovery + // must be surfaced to the caller as failed Group/Versions. + var ferr error + if len(failedGVs) > 0 { + ferr = &ErrGroupDiscoveryFailed{Groups: failedGVs} + } + return resultGroups, resources, ferr } groupVersionResources, failedGroups := fetchGroupVersionResources(d, sgs) @@ -436,16 +464,18 @@ func ServerPreferredResources(d DiscoveryInterface) ([]*metav1.APIResourceList, var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, - // then it is attempt to retrieve both the groups and the resources. + // then it is attempt to retrieve both the groups and the resources. "failedGroups" + // are Group/Versions returned as stale in AggregatedDiscovery format. ad, ok := d.(AggregatedDiscoveryInterface) if ok { - serverGroupList, groupVersionResources, err = ad.GroupsAndMaybeResources() + serverGroupList, groupVersionResources, failedGroups, err = ad.GroupsAndMaybeResources() } else { serverGroupList, err = d.ServerGroups() } if err != nil { return nil, err } + // Non-aggregated discovery must fetch resources from Groups. if groupVersionResources == nil { groupVersionResources, failedGroups = fetchGroupVersionResources(d, serverGroupList) } diff --git a/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go b/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go index 860806e689..a56b19740b 100644 --- a/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go +++ b/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_discovery.go @@ -61,14 +61,10 @@ type DiscoveryAggregationController interface { // Spwans a worker which waits for added/updated apiservices and updates // the unified discovery document by contacting the aggregated api services Run(stopCh <-chan struct{}) - - // Returns true if all non-local APIServices that have been added - // are synced at least once to the discovery document - ExternalServicesSynced() bool } type discoveryManager struct { - // Locks `services` + // Locks `apiServices` servicesLock sync.RWMutex // Map from APIService's name (or a unique string for local servers) @@ -147,9 +143,6 @@ type groupVersionInfo struct { // was stored, the discovery document will always be re-fetched. lastMarkedDirty time.Time - // Last time sync function was run for this GV. - lastReconciled time.Time - // ServiceReference of this GroupVersion. This identifies the Service which // describes how to contact the server responsible for this GroupVersion. service serviceKey @@ -299,9 +292,9 @@ func (dm *discoveryManager) fetchFreshDiscoveryForService(gv metav1.GroupVersion lastUpdated: now, } - // Save the resolve, because it is still useful in case other services - // are already marked dirty. THey can use it without making http request - dm.setCacheEntryForService(info.service, cached) + // Do not save the resolve as the legacy fallback only fetches + // one group version and an API Service may serve multiple + // group versions. return &cached, nil case http.StatusOK: @@ -350,12 +343,8 @@ func (dm *discoveryManager) syncAPIService(apiServiceName string) error { } // Lookup last cached result for this apiservice's service. - now := time.Now() cached, err := dm.fetchFreshDiscoveryForService(mgv, info) - info.lastReconciled = now - dm.setInfoForAPIService(apiServiceName, &info) - var entry apidiscoveryv2beta1.APIVersionDiscovery // Extract the APIService's specific resource information from the @@ -477,18 +466,6 @@ func (dm *discoveryManager) RemoveAPIService(apiServiceName string) { } } -func (dm *discoveryManager) ExternalServicesSynced() bool { - dm.servicesLock.RLock() - defer dm.servicesLock.RUnlock() - for _, info := range dm.apiServices { - if info.lastReconciled.IsZero() { - return false - } - } - - return true -} - // // Lock-protected accessors // diff --git a/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go b/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go index 4334afcca5..1304c1fe04 100644 --- a/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go +++ b/vendor/k8s.io/kubernetes/pkg/api/persistentvolumeclaim/util.go @@ -49,6 +49,10 @@ func DropDisabledFields(pvcSpec, oldPVCSpec *core.PersistentVolumeClaimSpec) { pvcSpec.DataSourceRef = nil } } + + // Setting VolumeClaimTemplate.Resources.Claims should have been caught by validation when + // extending ResourceRequirements in 1.26. Now we can only accept it and drop the field. + pvcSpec.Resources.Claims = nil } // EnforceDataSourceBackwardsCompatibility drops the data source field under certain conditions diff --git a/vendor/k8s.io/kubernetes/pkg/api/pod/util.go b/vendor/k8s.io/kubernetes/pkg/api/pod/util.go index c99a8e34f3..d6b0fb670f 100644 --- a/vendor/k8s.io/kubernetes/pkg/api/pod/util.go +++ b/vendor/k8s.io/kubernetes/pkg/api/pod/util.go @@ -563,6 +563,16 @@ func dropDisabledDynamicResourceAllocationFields(podSpec, oldPodSpec *api.PodSpe dropEphemeralResourceClaimRequests(podSpec.EphemeralContainers) podSpec.ResourceClaims = nil } + + // Setting VolumeClaimTemplate.Resources.Claims should have been + // treated as an error by validation when extending + // ResourceRequirements in 1.26. Now we can only accept it and drop the + // field. + for i := range podSpec.Volumes { + if podSpec.Volumes[i].Ephemeral != nil && podSpec.Volumes[i].Ephemeral.VolumeClaimTemplate != nil { + podSpec.Volumes[i].Ephemeral.VolumeClaimTemplate.Spec.Resources.Claims = nil + } + } } func dynamicResourceAllocationInUse(podSpec *api.PodSpec) bool { diff --git a/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go b/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go index 7fb8160c1a..5cda03082a 100644 --- a/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go +++ b/vendor/k8s.io/kubernetes/pkg/apis/apps/validation/validation.go @@ -28,11 +28,9 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/validation" "k8s.io/apimachinery/pkg/util/validation/field" - utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/kubernetes/pkg/apis/apps" api "k8s.io/kubernetes/pkg/apis/core" apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" - "k8s.io/kubernetes/pkg/features" ) // ValidateStatefulSetName can be used to check whether the given StatefulSet name is valid. @@ -130,11 +128,9 @@ func ValidateStatefulSetSpec(spec *apps.StatefulSetSpec, fldPath *field.Path, op allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.Replicas), fldPath.Child("replicas"))...) allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(spec.MinReadySeconds), fldPath.Child("minReadySeconds"))...) - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) { - if spec.Ordinals != nil { - replicaStartOrdinal := spec.Ordinals.Start - allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(replicaStartOrdinal), fldPath.Child("ordinals.start"))...) - } + if spec.Ordinals != nil { + replicaStartOrdinal := spec.Ordinals.Start + allErrs = append(allErrs, apivalidation.ValidateNonnegativeField(int64(replicaStartOrdinal), fldPath.Child("ordinals.start"))...) } if spec.Selector == nil { @@ -185,17 +181,11 @@ func ValidateStatefulSetUpdate(statefulSet, oldStatefulSet *apps.StatefulSet, op newStatefulSetClone.Spec.Template = oldStatefulSet.Spec.Template // +k8s:verify-mutation:reason=clone newStatefulSetClone.Spec.UpdateStrategy = oldStatefulSet.Spec.UpdateStrategy // +k8s:verify-mutation:reason=clone newStatefulSetClone.Spec.MinReadySeconds = oldStatefulSet.Spec.MinReadySeconds // +k8s:verify-mutation:reason=clone - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) { - newStatefulSetClone.Spec.Ordinals = oldStatefulSet.Spec.Ordinals // +k8s:verify-mutation:reason=clone - } + newStatefulSetClone.Spec.Ordinals = oldStatefulSet.Spec.Ordinals // +k8s:verify-mutation:reason=clone newStatefulSetClone.Spec.PersistentVolumeClaimRetentionPolicy = oldStatefulSet.Spec.PersistentVolumeClaimRetentionPolicy // +k8s:verify-mutation:reason=clone if !apiequality.Semantic.DeepEqual(newStatefulSetClone.Spec, oldStatefulSet.Spec) { - if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetStartOrdinal) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden")) - } else { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden")) - } + allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden")) } return allErrs diff --git a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go index fbbecb00d5..be71573e1c 100644 --- a/vendor/k8s.io/kubernetes/pkg/apis/core/types.go +++ b/vendor/k8s.io/kubernetes/pkg/apis/core/types.go @@ -2191,7 +2191,7 @@ type ResourceRequirements struct { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +featureGate=DynamicResourceAllocation // +optional diff --git a/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go b/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go index f6c7df669b..82a0744847 100644 --- a/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go +++ b/vendor/k8s.io/kubernetes/pkg/controller/util/endpointslice/endpointset.go @@ -25,11 +25,13 @@ import ( // endpointHash is used to uniquely identify endpoints. Only including addresses // and hostnames as unique identifiers allows us to do more in place updates -// should attributes such as topology, conditions, or targetRef change. +// should attributes such as topology or conditions change. type endpointHash string type endpointHashObj struct { Addresses []string Hostname string + Namespace string + Name string } func hashEndpoint(endpoint *discovery.Endpoint) endpointHash { @@ -38,6 +40,10 @@ func hashEndpoint(endpoint *discovery.Endpoint) endpointHash { if endpoint.Hostname != nil { hashObj.Hostname = *endpoint.Hostname } + if endpoint.TargetRef != nil { + hashObj.Namespace = endpoint.TargetRef.Namespace + hashObj.Name = endpoint.TargetRef.Name + } return endpointHash(endpointutil.DeepHashObjectToString(hashObj)) } diff --git a/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go b/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go index 3abb4d68b3..73c858a445 100644 --- a/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go +++ b/vendor/k8s.io/kubernetes/pkg/controller/volume/attachdetach/util/util.go @@ -371,22 +371,5 @@ func isCSIMigrationSupportedOnNode(nodeName types.NodeName, spec *volume.Spec, v isMigratedOnNode := mpaSet.Has(pluginName) - if isMigratedOnNode { - installed := false - driverName, err := csiMigratedPluginManager.GetCSINameFromInTreeName(pluginName) - if err != nil { - return isMigratedOnNode, err - } - for _, driver := range csiNode.Spec.Drivers { - if driver.Name == driverName { - installed = true - break - } - } - if !installed { - return true, fmt.Errorf("in-tree plugin %s is migrated on node %s but driver %s is not installed", pluginName, string(nodeName), driverName) - } - } - return isMigratedOnNode, nil } diff --git a/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go b/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go index 0e747afc5d..c3514af2de 100644 --- a/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go +++ b/vendor/k8s.io/kubernetes/pkg/controller/volume/persistentvolume/pv_controller.go @@ -937,7 +937,7 @@ func (ctrl *PersistentVolumeController) updateVolumePhaseWithEvent(volume *v1.Pe // Ignores claims that already have a storage class. // TODO: if resync is ever changed to a larger period, we might need to change how we set the default class on existing unbound claims func (ctrl *PersistentVolumeController) assignDefaultStorageClass(claim *v1.PersistentVolumeClaim) (bool, error) { - if claim.Spec.StorageClassName != nil { + if storagehelpers.GetPersistentVolumeClaimClass(claim) != "" { return false, nil } diff --git a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go index 7205a3189f..b14eabc207 100644 --- a/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go +++ b/vendor/k8s.io/kubernetes/pkg/generated/openapi/zz_generated.openapi.go @@ -25059,7 +25059,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) }, }, SchemaProps: spec.SchemaProps{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go index 4db702a100..e7c6fc66c0 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/cgroup_manager_linux.go @@ -26,6 +26,7 @@ import ( "sync" "time" + "github.com/opencontainers/runc/libcontainer/cgroups" libcontainercgroups "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/cgroups/manager" @@ -37,6 +38,7 @@ import ( utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/sets" cmutil "k8s.io/kubernetes/pkg/kubelet/cm/util" + "k8s.io/kubernetes/pkg/kubelet/managed" "k8s.io/kubernetes/pkg/kubelet/metrics" ) @@ -472,6 +474,19 @@ func (m *cgroupManagerImpl) Create(cgroupConfig *CgroupConfig) error { utilruntime.HandleError(fmt.Errorf("cgroup manager.Set failed: %w", err)) } + // Disable cpuset.sched_load_balance for all cgroups Kubelet creates when kubelet has workloads to manage. + // This way, CRI can disable sched_load_balance for pods that must have load balance + // disabled, but the slices can contain all cpus (as the guaranteed cpus are known dynamically). + if managed.IsEnabled() && !libcontainercgroups.IsCgroup2UnifiedMode() { + path := manager.Path("cpuset") + if path == "" { + return fmt.Errorf("Failed to find cpuset for newly created cgroup") + } + if err := cgroups.WriteFile(path, "cpuset.sched_load_balance", "0"); err != nil { + return err + } + } + return nil } diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go index 0049e7acb1..9f9b5fd162 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/interface.go @@ -608,6 +608,9 @@ type Framework interface { // PercentageOfNodesToScore returns percentageOfNodesToScore associated to a profile. PercentageOfNodesToScore() *int32 + + // SetPodNominator sets the PodNominator + SetPodNominator(nominator PodNominator) } // Handle provides data and some tools that plugins can use. It is diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go index 6b137d31e9..94441b97d9 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/parallelize/parallelism.go @@ -54,10 +54,11 @@ func chunkSizeFor(n, parallelism int) int { // Until is a wrapper around workqueue.ParallelizeUntil to use in scheduling algorithms. // A given operation will be a label that is recorded in the goroutine metric. func (p Parallelizer) Until(ctx context.Context, pieces int, doWorkPiece workqueue.DoWorkPieceFunc, operation string) { + goroutinesMetric := metrics.Goroutines.WithLabelValues(operation) withMetrics := func(piece int) { - metrics.Goroutines.WithLabelValues(operation).Inc() - defer metrics.Goroutines.WithLabelValues(operation).Dec() + goroutinesMetric.Inc() doWorkPiece(piece) + goroutinesMetric.Dec() } workqueue.ParallelizeUntil(ctx, p.parallelism, pieces, withMetrics, workqueue.WithChunkSize(chunkSizeFor(pieces, p.parallelism))) diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go index a4be0899ad..362588601f 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/plugins/volumebinding/binder.go @@ -500,16 +500,14 @@ func (b *volumeBinder) bindAPIUpdate(ctx context.Context, pod *v1.Pod, bindings // Do the actual prebinding. Let the PV controller take care of the rest // There is no API rollback if the actual binding fails for _, binding = range bindings { - klog.V(5).InfoS("bindAPIUpdate: binding PV to PVC", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc)) // TODO: does it hurt if we make an api call and nothing needs to be updated? - klog.V(2).InfoS("Claim bound to volume", "PVC", klog.KObj(binding.pvc), "PV", klog.KObj(binding.pv)) + klog.V(5).InfoS("Updating PersistentVolume: binding to claim", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc)) newPV, err := b.kubeClient.CoreV1().PersistentVolumes().Update(ctx, binding.pv, metav1.UpdateOptions{}) if err != nil { - klog.V(4).InfoS("Updating PersistentVolume: binding to claim failed", "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc), "err", err) + klog.V(4).InfoS("Updating PersistentVolume: binding to claim failed", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc), "err", err) return err } - - klog.V(4).InfoS("Updating PersistentVolume: bound to claim", "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc)) + klog.V(2).InfoS("Updated PersistentVolume with claim. Waiting for binding to complete", "pod", klog.KObj(pod), "PV", klog.KObj(binding.pv), "PVC", klog.KObj(binding.pvc)) // Save updated object from apiserver for later checking. binding.pv = newPV lastProcessedBinding++ @@ -672,7 +670,7 @@ func (b *volumeBinder) checkBindings(pod *v1.Pod, bindings []*BindingInfo, claim } // All pvs and pvcs that we operated on are bound - klog.V(4).InfoS("All PVCs for pod are bound", "pod", klog.KObj(pod)) + klog.V(2).InfoS("All PVCs for pod are bound", "pod", klog.KObj(pod)) return true, nil } diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go index 3a17cb28dd..cc7ef65bbb 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/framework/runtime/framework.go @@ -368,6 +368,10 @@ func NewFramework(r Registry, profile *config.KubeSchedulerProfile, stopCh <-cha return f, nil } +func (f *frameworkImpl) SetPodNominator(n framework.PodNominator) { + f.PodNominator = n +} + // getScoreWeights makes sure that, between MultiPoint-Score plugin weights and individual Score // plugin weights there is not an overflow of MaxTotalScore. func getScoreWeights(f *frameworkImpl, pluginsMap map[string]framework.Plugin, plugins []config.Plugin) error { diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go b/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go index 2486792078..a0af8d0740 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/internal/queue/scheduling_queue.go @@ -34,7 +34,6 @@ import ( "time" v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" @@ -141,8 +140,7 @@ func NominatedNodeName(pod *v1.Pod) string { // - unschedulablePods holds pods that were already attempted for scheduling and // are currently determined to be unschedulable. type PriorityQueue struct { - // PodNominator abstracts the operations to maintain nominated Pods. - framework.PodNominator + *nominator stop chan struct{} clock clock.Clock @@ -154,7 +152,6 @@ type PriorityQueue struct { // the maximum time a pod can stay in the unschedulablePods. podMaxInUnschedulablePodsDuration time.Duration - lock sync.RWMutex cond sync.Cond // activeQ is heap structure that scheduler actively looks at to find pods to @@ -190,7 +187,7 @@ type priorityQueueOptions struct { podInitialBackoffDuration time.Duration podMaxBackoffDuration time.Duration podMaxInUnschedulablePodsDuration time.Duration - podNominator framework.PodNominator + podLister listersv1.PodLister clusterEventMap map[framework.ClusterEvent]sets.String preEnqueuePluginMap map[string][]framework.PreEnqueuePlugin } @@ -219,10 +216,10 @@ func WithPodMaxBackoffDuration(duration time.Duration) Option { } } -// WithPodNominator sets pod nominator for PriorityQueue. -func WithPodNominator(pn framework.PodNominator) Option { +// WithPodLister sets pod lister for PriorityQueue. +func WithPodLister(pl listersv1.PodLister) Option { return func(o *priorityQueueOptions) { - o.podNominator = pn + o.podLister = pl } } @@ -274,6 +271,9 @@ func NewPriorityQueue( opts ...Option, ) *PriorityQueue { options := defaultPriorityQueueOptions + if options.podLister == nil { + options.podLister = informerFactory.Core().V1().Pods().Lister() + } for _, opt := range opts { opt(&options) } @@ -284,12 +284,8 @@ func NewPriorityQueue( return lessFn(pInfo1, pInfo2) } - if options.podNominator == nil { - options.podNominator = NewPodNominator(informerFactory.Core().V1().Pods().Lister()) - } - pq := &PriorityQueue{ - PodNominator: options.podNominator, + nominator: newPodNominator(options.podLister), clock: options.clock, stop: make(chan struct{}), podInitialBackoffDuration: options.podInitialBackoffDuration, @@ -382,7 +378,7 @@ func (p *PriorityQueue) Add(pod *v1.Pod) error { } klog.V(5).InfoS("Pod moved to an internal scheduling queue", "pod", klog.KObj(pod), "event", PodAdd, "queue", activeQName) metrics.SchedulerQueueIncomingPods.WithLabelValues("active", PodAdd).Inc() - p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil) + p.addNominatedPodUnlocked(pInfo.PodInfo, nil) p.cond.Broadcast() return nil @@ -436,7 +432,7 @@ func (p *PriorityQueue) activate(pod *v1.Pod) bool { p.unschedulablePods.delete(pInfo.Pod, gated) p.podBackoffQ.Delete(pInfo) metrics.SchedulerQueueIncomingPods.WithLabelValues("active", ForceActivate).Inc() - p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil) + p.addNominatedPodUnlocked(pInfo.PodInfo, nil) return true } @@ -497,7 +493,7 @@ func (p *PriorityQueue) AddUnschedulableIfNotPresent(pInfo *framework.QueuedPodI } - p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil) + p.addNominatedPodUnlocked(pInfo.PodInfo, nil) return nil } @@ -606,14 +602,14 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error { // If the pod is already in the active queue, just update it there. if oldPodInfo, exists, _ := p.activeQ.Get(oldPodInfo); exists { pInfo := updatePod(oldPodInfo, newPod) - p.PodNominator.UpdateNominatedPod(oldPod, pInfo.PodInfo) + p.updateNominatedPodUnlocked(oldPod, pInfo.PodInfo) return p.activeQ.Update(pInfo) } // If the pod is in the backoff queue, update it there. if oldPodInfo, exists, _ := p.podBackoffQ.Get(oldPodInfo); exists { pInfo := updatePod(oldPodInfo, newPod) - p.PodNominator.UpdateNominatedPod(oldPod, pInfo.PodInfo) + p.updateNominatedPodUnlocked(oldPod, pInfo.PodInfo) return p.podBackoffQ.Update(pInfo) } } @@ -621,7 +617,7 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error { // If the pod is in the unschedulable queue, updating it may make it schedulable. if usPodInfo := p.unschedulablePods.get(newPod); usPodInfo != nil { pInfo := updatePod(usPodInfo, newPod) - p.PodNominator.UpdateNominatedPod(oldPod, pInfo.PodInfo) + p.updateNominatedPodUnlocked(oldPod, pInfo.PodInfo) if isPodUpdated(oldPod, newPod) { gated := usPodInfo.Gated if p.isPodBackingoff(usPodInfo) { @@ -650,7 +646,7 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error { if added, err := p.addToActiveQ(pInfo); !added { return err } - p.PodNominator.AddNominatedPod(pInfo.PodInfo, nil) + p.addNominatedPodUnlocked(pInfo.PodInfo, nil) klog.V(5).InfoS("Pod moved to an internal scheduling queue", "pod", klog.KObj(pInfo.Pod), "event", PodUpdate, "queue", activeQName) p.cond.Broadcast() return nil @@ -661,7 +657,7 @@ func (p *PriorityQueue) Update(oldPod, newPod *v1.Pod) error { func (p *PriorityQueue) Delete(pod *v1.Pod) error { p.lock.Lock() defer p.lock.Unlock() - p.PodNominator.DeleteNominatedPodIfExists(pod) + p.deleteNominatedPodIfExistsUnlocked(pod) pInfo := newQueuedPodInfoForLookup(pod) if err := p.activeQ.Delete(pInfo); err != nil { // The item was probably not found in the activeQ. @@ -745,8 +741,7 @@ func (p *PriorityQueue) movePodsToActiveOrBackoffQueue(podInfoList []*framework. // any affinity term that matches "pod". // NOTE: this function assumes lock has been acquired in caller. func (p *PriorityQueue) getUnschedulablePodsWithMatchingAffinityTerm(pod *v1.Pod) []*framework.QueuedPodInfo { - var nsLabels labels.Set - nsLabels = interpodaffinity.GetNamespaceLabelsSnapshot(pod.Namespace, p.nsLister) + nsLabels := interpodaffinity.GetNamespaceLabelsSnapshot(pod.Namespace, p.nsLister) var podsToMove []*framework.QueuedPodInfo for _, pInfo := range p.unschedulablePods.podInfoMap { @@ -793,9 +788,13 @@ func (p *PriorityQueue) Close() { // DeleteNominatedPodIfExists deletes <pod> from nominatedPods. func (npm *nominator) DeleteNominatedPodIfExists(pod *v1.Pod) { - npm.Lock() + npm.lock.Lock() + npm.deleteNominatedPodIfExistsUnlocked(pod) + npm.lock.Unlock() +} + +func (npm *nominator) deleteNominatedPodIfExistsUnlocked(pod *v1.Pod) { npm.delete(pod) - npm.Unlock() } // AddNominatedPod adds a pod to the nominated pods of the given node. @@ -803,16 +802,16 @@ func (npm *nominator) DeleteNominatedPodIfExists(pod *v1.Pod) { // the pod. We update the structure before sending a request to update the pod // object to avoid races with the following scheduling cycles. func (npm *nominator) AddNominatedPod(pi *framework.PodInfo, nominatingInfo *framework.NominatingInfo) { - npm.Lock() - npm.add(pi, nominatingInfo) - npm.Unlock() + npm.lock.Lock() + npm.addNominatedPodUnlocked(pi, nominatingInfo) + npm.lock.Unlock() } // NominatedPodsForNode returns a copy of pods that are nominated to run on the given node, // but they are waiting for other pods to be removed from the node. func (npm *nominator) NominatedPodsForNode(nodeName string) []*framework.PodInfo { - npm.RLock() - defer npm.RUnlock() + npm.lock.RLock() + defer npm.lock.RUnlock() // Make a copy of the nominated Pods so the caller can mutate safely. pods := make([]*framework.PodInfo, len(npm.nominatedPods[nodeName])) for i := 0; i < len(pods); i++ { @@ -954,10 +953,10 @@ type nominator struct { // nominated. nominatedPodToNode map[types.UID]string - sync.RWMutex + lock sync.RWMutex } -func (npm *nominator) add(pi *framework.PodInfo, nominatingInfo *framework.NominatingInfo) { +func (npm *nominator) addNominatedPodUnlocked(pi *framework.PodInfo, nominatingInfo *framework.NominatingInfo) { // Always delete the pod if it already exists, to ensure we never store more than // one instance of the pod. npm.delete(pi.Pod) @@ -1014,8 +1013,12 @@ func (npm *nominator) delete(p *v1.Pod) { // UpdateNominatedPod updates the <oldPod> with <newPod>. func (npm *nominator) UpdateNominatedPod(oldPod *v1.Pod, newPodInfo *framework.PodInfo) { - npm.Lock() - defer npm.Unlock() + npm.lock.Lock() + defer npm.lock.Unlock() + npm.updateNominatedPodUnlocked(oldPod, newPodInfo) +} + +func (npm *nominator) updateNominatedPodUnlocked(oldPod *v1.Pod, newPodInfo *framework.PodInfo) { // In some cases, an Update event with no "NominatedNode" present is received right // after a node("NominatedNode") is reserved for this pod in memory. // In this case, we need to keep reserving the NominatedNode when updating the pod pointer. @@ -1036,13 +1039,17 @@ func (npm *nominator) UpdateNominatedPod(oldPod *v1.Pod, newPodInfo *framework.P // We update irrespective of the nominatedNodeName changed or not, to ensure // that pod pointer is updated. npm.delete(oldPod) - npm.add(newPodInfo, nominatingInfo) + npm.addNominatedPodUnlocked(newPodInfo, nominatingInfo) } // NewPodNominator creates a nominator as a backing of framework.PodNominator. // A podLister is passed in so as to check if the pod exists // before adding its nominatedNode info. func NewPodNominator(podLister listersv1.PodLister) framework.PodNominator { + return newPodNominator(podLister) +} + +func newPodNominator(podLister listersv1.PodLister) *nominator { return &nominator{ podLister: podLister, nominatedPods: make(map[string][]*framework.PodInfo), diff --git a/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go b/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go index 581c792a7c..958b9ce806 100644 --- a/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go +++ b/vendor/k8s.io/kubernetes/pkg/scheduler/scheduler.go @@ -284,8 +284,6 @@ func New(client clientset.Interface, podLister := informerFactory.Core().V1().Pods().Lister() nodeLister := informerFactory.Core().V1().Nodes().Lister() - // The nominator will be passed all the way to framework instantiation. - nominator := internalqueue.NewPodNominator(podLister) snapshot := internalcache.NewEmptySnapshot() clusterEventMap := make(map[framework.ClusterEvent]sets.String) @@ -295,7 +293,6 @@ func New(client clientset.Interface, frameworkruntime.WithKubeConfig(options.kubeConfig), frameworkruntime.WithInformerFactory(informerFactory), frameworkruntime.WithSnapshotSharedLister(snapshot), - frameworkruntime.WithPodNominator(nominator), frameworkruntime.WithCaptureProfile(frameworkruntime.CaptureProfile(options.frameworkCapturer)), frameworkruntime.WithClusterEventMap(clusterEventMap), frameworkruntime.WithParallelism(int(options.parallelism)), @@ -318,12 +315,16 @@ func New(client clientset.Interface, informerFactory, internalqueue.WithPodInitialBackoffDuration(time.Duration(options.podInitialBackoffSeconds)*time.Second), internalqueue.WithPodMaxBackoffDuration(time.Duration(options.podMaxBackoffSeconds)*time.Second), - internalqueue.WithPodNominator(nominator), + internalqueue.WithPodLister(podLister), internalqueue.WithClusterEventMap(clusterEventMap), internalqueue.WithPodMaxInUnschedulablePodsDuration(options.podMaxInUnschedulablePodsDuration), internalqueue.WithPreEnqueuePluginMap(preEnqueuePluginMap), ) + for _, fwk := range profiles { + fwk.SetPodNominator(podQueue) + } + schedulerCache := internalcache.New(durationToExpireAssumedPod, stopEverything) // Setup cache debugger. diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go b/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go index 13348a54bc..c6dcd464d3 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/operationexecutor/operation_generator.go @@ -669,6 +669,16 @@ func (og *operationGenerator) GenerateMountVolumeFunc( resizeOptions.DeviceStagePath = deviceMountPath } + if volumeDeviceMounter != nil && resizeOptions.DeviceStagePath == "" { + deviceStagePath, err := volumeDeviceMounter.GetDeviceMountPath(volumeToMount.VolumeSpec) + if err != nil { + // On failure, return error. Caller will log and retry. + eventErr, detailedErr := volumeToMount.GenerateError("MountVolume.GetDeviceMountPath failed for expansion", err) + return volumetypes.NewOperationContext(eventErr, detailedErr, migrated) + } + resizeOptions.DeviceStagePath = deviceStagePath + } + // No mapping is needed for hostUID/hostGID if userns is not used. // Therefore, just assign the container users to host UID/GID. hostUID := util.FsUserFrom(volumeToMount.Pod) diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go b/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go index 2da7d4e4ca..fb8b8488a6 100644 --- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go +++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity/patch_podspecextractor.go @@ -17,6 +17,7 @@ import ( "k8s.io/klog/v2" "k8s.io/kubernetes/pkg/apis/core" v1 "k8s.io/kubernetes/pkg/apis/core/v1" + saadmission "k8s.io/kubernetes/plugin/pkg/admission/serviceaccount" podsecurityadmission "k8s.io/pod-security-admission/admission" ) @@ -69,6 +70,9 @@ func (s *SCCMutatingPodSpecExtractor) ExtractPodSpec(obj runtime.Object) (*metav if len(pod.Name) == 0 { pod.Name = "pod-for-container-named-" + objectMeta.GetName() } + if len(pod.Spec.ServiceAccountName) == 0 { + pod.Spec.ServiceAccountName = saadmission.DefaultServiceAccountName + } internalPod := &core.Pod{} if err := v1.Convert_v1_Pod_To_core_Pod(pod, internalPod, nil); err != nil { return nil, nil, err diff --git a/vendor/modules.txt b/vendor/modules.txt index 2f3d3849f7..a42c0e700d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -521,8 +521,8 @@ github.com/mxk/go-flowrate/flowrate # github.com/opencontainers/go-digest v1.0.0 ## explicit; go 1.13 github.com/opencontainers/go-digest -# github.com/opencontainers/runc v1.1.4 -## explicit; go 1.16 +# github.com/opencontainers/runc v1.1.6 +## explicit; go 1.17 github.com/opencontainers/runc/libcontainer github.com/opencontainers/runc/libcontainer/apparmor github.com/opencontainers/runc/libcontainer/capabilities @@ -628,7 +628,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b +# github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f ## explicit; go 1.19 github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/apis/imagepolicy/v1 @@ -1123,12 +1123,12 @@ golang.org/x/crypto/pbkdf2 golang.org/x/crypto/pkcs12 golang.org/x/crypto/pkcs12/internal/rc2 golang.org/x/crypto/salsa20/salsa -# golang.org/x/mod v0.6.0 +# golang.org/x/mod v0.8.0 ## explicit; go 1.17 golang.org/x/mod/internal/lazyregexp golang.org/x/mod/module golang.org/x/mod/semver -# golang.org/x/net v0.7.0 +# golang.org/x/net v0.8.0 ## explicit; go 1.17 golang.org/x/net/bpf golang.org/x/net/context @@ -1157,10 +1157,10 @@ golang.org/x/oauth2/google/internal/externalaccount golang.org/x/oauth2/internal golang.org/x/oauth2/jws golang.org/x/oauth2/jwt -# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 +# golang.org/x/sync v0.1.0 ## explicit golang.org/x/sync/singleflight -# golang.org/x/sys v0.5.0 +# golang.org/x/sys v0.6.0 ## explicit; go 1.17 golang.org/x/sys/cpu golang.org/x/sys/execabs @@ -1170,10 +1170,10 @@ golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry golang.org/x/sys/windows/svc -# golang.org/x/term v0.5.0 +# golang.org/x/term v0.6.0 ## explicit; go 1.17 golang.org/x/term -# golang.org/x/text v0.7.0 +# golang.org/x/text v0.8.0 ## explicit; go 1.17 golang.org/x/text/encoding golang.org/x/text/encoding/internal @@ -1189,7 +1189,7 @@ golang.org/x/text/width # golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 ## explicit golang.org/x/time/rate -# golang.org/x/tools v0.2.0 +# golang.org/x/tools v0.6.0 ## explicit; go 1.18 golang.org/x/tools/container/intsets golang.org/x/tools/go/ast/astutil @@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 +# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 -# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 @@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3048,7 +3048,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -3091,7 +3091,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3106,10 +3106,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 +# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3142,7 +3142,7 @@ k8s.io/utils/pointer k8s.io/utils/strings k8s.io/utils/strings/slices k8s.io/utils/trace -# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 +# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 ## explicit; go 1.17 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics @@ -3252,33 +3252,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go index cb186cefc2..68a3ebf12c 100644 --- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go +++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go @@ -118,6 +118,8 @@ func (cm *connectionManager) closeAll() { // grpcTunnel implements Tunnel type grpcTunnel struct { stream client.ProxyService_ProxyClient + sendLock sync.Mutex + recvLock sync.Mutex clientConn clientConn pendingDial pendingDialManager conns connectionManager @@ -243,20 +245,17 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) { }() for { - pkt, err := t.stream.Recv() + pkt, err := t.Recv() if err == io.EOF { return } - const segment = commonmetrics.SegmentToClient isClosing := t.isClosing() if err != nil || pkt == nil { if !isClosing { klog.ErrorS(err, "stream read failure") } - metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) return } - metrics.Metrics.ObservePacket(segment, pkt.Type) if isClosing { return } @@ -335,11 +334,23 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) { case client.PacketType_DATA: resp := pkt.GetData() + if resp.ConnectID == 0 { + klog.ErrorS(nil, "Received packet missing ConnectID", "packetType", "DATA") + continue + } // TODO: flow control conn, ok := t.conns.get(resp.ConnectID) if !ok { - klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID) + klog.ErrorS(nil, "Connection not recognized", "connectionID", resp.ConnectID, "packetType", "DATA") + t.Send(&client.Packet{ + Type: client.PacketType_CLOSE_REQ, + Payload: &client.Packet_CloseRequest{ + CloseRequest: &client.CloseRequest{ + ConnectID: resp.ConnectID, + }, + }, + }) continue } timer := time.NewTimer((time.Duration)(t.readTimeoutSeconds) * time.Second) @@ -358,7 +369,7 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context) { conn, ok := t.conns.get(resp.ConnectID) if !ok { - klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID) + klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID, "packetType", "CLOSE_RSP") continue } close(conn.readCh) @@ -418,18 +429,15 @@ func (t *grpcTunnel) dialContext(requestCtx context.Context, protocol, address s } klog.V(5).InfoS("[tracing] send packet", "type", req.Type) - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - err := t.stream.Send(req) + err := t.Send(req) if err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) return nil, err } klog.V(5).Infoln("DIAL_REQ sent to proxy server") c := &conn{ - stream: t.stream, + tunnel: t, random: random, closeTunnel: t.closeTunnel, } @@ -473,10 +481,7 @@ func (t *grpcTunnel) closeDial(dialID int64) { }, }, } - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - if err := t.stream.Send(req); err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) + if err := t.Send(req); err != nil { klog.V(5).InfoS("Failed to send DIAL_CLS", "err", err, "dialID", dialID) } t.closeTunnel() @@ -491,6 +496,35 @@ func (t *grpcTunnel) isClosing() bool { return atomic.LoadUint32(&t.closing) != 0 } +func (t *grpcTunnel) Send(pkt *client.Packet) error { + t.sendLock.Lock() + defer t.sendLock.Unlock() + + const segment = commonmetrics.SegmentFromClient + metrics.Metrics.ObservePacket(segment, pkt.Type) + err := t.stream.Send(pkt) + if err != nil && err != io.EOF { + metrics.Metrics.ObserveStreamError(segment, err, pkt.Type) + } + return err +} + +func (t *grpcTunnel) Recv() (*client.Packet, error) { + t.recvLock.Lock() + defer t.recvLock.Unlock() + + const segment = commonmetrics.SegmentToClient + pkt, err := t.stream.Recv() + if err != nil && err != io.EOF { + metrics.Metrics.ObserveStreamErrorNoPacket(segment, err) + } + if err != nil { + return pkt, err + } + metrics.Metrics.ObservePacket(segment, pkt.Type) + return pkt, nil +} + func GetDialFailureReason(err error) (isDialFailure bool, reason metrics.DialFailureReason) { var df *dialFailure if errors.As(err, &df) { diff --git a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go index 14384a62cb..f4d3f78865 100644 --- a/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go +++ b/vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go @@ -24,8 +24,6 @@ import ( "k8s.io/klog/v2" - "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics" - commonmetrics "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics" "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client" ) @@ -38,7 +36,7 @@ var errConnCloseTimeout = errors.New("close timeout") // conn is an implementation of net.Conn, where the data is transported // over an established tunnel defined by a gRPC service ProxyService. type conn struct { - stream client.ProxyService_ProxyClient + tunnel *grpcTunnel connID int64 random int64 readCh chan []byte @@ -65,11 +63,8 @@ func (c *conn) Write(data []byte) (n int, err error) { klog.V(5).InfoS("[tracing] send req", "type", req.Type) - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - err = c.stream.Send(req) + err = c.tunnel.Send(req) if err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) return 0, err } return len(data), err @@ -153,10 +148,7 @@ func (c *conn) Close() error { klog.V(5).InfoS("[tracing] send req", "type", req.Type) - const segment = commonmetrics.SegmentFromClient - metrics.Metrics.ObservePacket(segment, req.Type) - if err := c.stream.Send(req); err != nil { - metrics.Metrics.ObserveStreamError(segment, err, req.Type) + if err := c.tunnel.Send(req); err != nil { return err } From 79bec292562fcae422362d164763c326ce438f19 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Tue, 18 Apr 2023 03:29:41 -0400 Subject: [PATCH 65/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-18-005127_amd64-2023-04-18_arm64-2023-04-17 (#1681) * update last_rebase.sh * update changelog * update microshift/go.mod * update microshift/vendor * update etcd/go.mod * update etcd/vendor * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.kube_git.var | 2 +- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- assets/release/release-aarch64.json | 4 +- assets/release/release-x86_64.json | 4 +- etcd/go.mod | 58 ++++----- etcd/go.sum | 24 ++-- etcd/vendor/modules.txt | 70 +++++------ go.mod | 60 +++++----- go.sum | 102 ++++++++-------- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 113 +----------------- scripts/auto-rebase/commits.txt | 6 +- scripts/auto-rebase/last_rebase.sh | 2 +- .../pkg/apiserver/apiserver.go | 31 +++-- .../pkg/apiserver/handler_proxy.go | 37 ++---- .../status/available_controller.go | 91 ++------------ vendor/modules.txt | 110 ++++++++--------- 19 files changed, 270 insertions(+), 452 deletions(-) diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index bddd5c16f5..b1a2ba54ad 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=19816eefa6829861687df6dfe573708756c464cc +KUBE_GIT_COMMIT=379cd9f22597a7a7f6ea57471f590c1abf01ce92 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index fc3d3df035..d27157562e 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-15-102028 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-17-235646 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index bb064cd20a..127e2b790e 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-15-102029 +OCP_VERSION := 4.13.0-0.nightly-2023-04-18-005127 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index ae949a3574..2af1bc3ac7 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-15-102028" + "base": "4.13.0-0.nightly-arm64-2023-04-17-235646" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", @@ -9,7 +9,7 @@ "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45262e0f012c6164200943a0505748103c23ae1559cc79fb404a6804e4a416c9", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d200033f00b93660ccd079602f350c987b42a97e3ab16bed775d4ab9c85fb93", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2e789671e0795fb9710418d5810e736775b6f5579375d4d7f470acda31528e28", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 331aef7525..70c013800f 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-15-102029" + "base": "4.13.0-0.nightly-2023-04-18-005127" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", @@ -9,7 +9,7 @@ "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b63259b7d82bf64968d77c9222ee87911105aa7a971e7b0740b551ab5b3527b", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c8266e902ee5402689563a9bf6d623d39ede6dca9263407612618440d39fbe2", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:903b4ede73a392afe49e08f539e2fdd3f27cf247235b5f46d99266a3b9711574", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/etcd/go.mod b/etcd/go.mod index 28848e890b..4ea17a5b60 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230417131116-379cd9f22597 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 679bc75909..28ce71045a 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 h1:+tIqhG89txE3h0H6QpGTYd2oDruIBP6NQ4z410VilwY= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 h1:NDsBsSXNz829Mqa+qrASIhRb4j+kPLPRTYtQngeLq88= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 h1:s7GgvBoZe3ezzATYRU7HCRNpAD2+wsFs4jy4U9l08Io= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 h1:eto1R2umIDZygj6cwmv8kxBo/FEYhMIODhIv8j72TYY= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 h1:pF/q1vjooEBGg4IlToc/XC0uI2qN3STVizoBZaHVFZE= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 h1:3sYFRM6LtqV+NL2ZBdGFzSZez7nl129JTjHygIDqvaE= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 783d414ac3..714af71db9 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -998,32 +998,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230417131116-379cd9f22597 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230417131116-379cd9f22597 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230417131116-379cd9f22597 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230417131116-379cd9f22597 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230417131116-379cd9f22597 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230417131116-379cd9f22597 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230417131116-379cd9f22597 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230417131116-379cd9f22597 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230417131116-379cd9f22597 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230417131116-379cd9f22597 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230417131116-379cd9f22597 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230417131116-379cd9f22597 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230417131116-379cd9f22597 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230417131116-379cd9f22597 diff --git a/go.mod b/go.mod index c86a833680..f9fbe6918e 100644 --- a/go.mod +++ b/go.mod @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230417131116-379cd9f22597 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230417131116-379cd9f22597 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230417131116-379cd9f22597 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230417131116-379cd9f22597 // from kubernetes ) diff --git a/go.sum b/go.sum index 1c00a8f9a6..95b121cbdf 100644 --- a/go.sum +++ b/go.sum @@ -609,57 +609,57 @@ github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qY github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 h1:aAZOgCVCBWMRRwi5W/NazlOCaCLlaMI704LTMwo/HUg= -github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682/go.mod h1:T0+m4H3K5iWzDP65vb1st8Pd3siJoeSpbC0EzmymTVk= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 h1:oh00NNthfcbhoHHG9RMaQ+Q9gaB+OjU6LsjIOgTZ6dA= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:yViNAI+IfEaoAVoSOgZXDmN4bMipiqwvrXekieIkdbY= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 h1:Ac/LHZaMAqUr9rE4Q1oLG6iuLwwi6L3GAuTPdsqO15Y= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:VFDYdzpH+ZfUFicJweH6XtgDJJ+bBhIMgS/NgM6c9+c= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 h1:QVD1gei4qjU1ZzqLrrk9UUM4oL5xNU5WHQrOh+plP2o= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682/go.mod h1:UDt2Nn2cJxGQWGuPZXA8zhtTccXCsbzIMD2QMvjAl/s= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 h1:Le/7MKrlHyL0GzydqE9O2YuBPTEwnMG5cUJHPOqQSKE= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682/go.mod h1:CHVYBTORnxNcEy4sP3o5mXQCtQ+xakaDn7H4irLH4hE= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682/go.mod h1:RPAt1JMA66rIEi+T0Dm3inLGbyc8PsaIoRuh006OoKQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 h1:nvGIHfDumItIc0eHmw1XkyaHYqODBrw4LFt6qX2UAE0= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682/go.mod h1:1kjV28ccOe1eJI0U3RSRTXDv8PSWILLyDrRHnlN0b5Q= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 h1:ieDpK+9kwFiYrZLf8szWJs034wF7DPyZ6imE9lvPwmU= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:MzAfXD5g03ADE/cQOanac914VXKVm+PE21CdbMnqHh8= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 h1:LHuIB1W4NAG9ZnrRQdfctquaE4GLKgCSQjny5JZYr+4= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682/go.mod h1:sjqtRwsq9OIu27wzHZyTUxhszi4BTrLOZUP3XxMT3ac= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 h1:IJ5E8PY+2bWAGqpmqDtkU2W4t6XmLC76x921nr1JVmY= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682/go.mod h1:3iftQXweshE6LzQ4a0nccCFroiXuvkd0Tv0yVhVZo3g= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 h1:SImSqAAOj9J8LfLmHFnMRAHSedb14k0fejLGldaAi1k= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682/go.mod h1:i5+I2dCeC47HR6g0aFW6nr1wNfWRlyFmiSDs2NqFs3I= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 h1:3rSkUFhklB10N5Xp3Dm3Wn6g+xyRNXdoRQaGdzGEMvs= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682/go.mod h1:uzei6+XRNkQICBV+e8BACOZwRpfWPvpZ6bVCWYsuxfQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 h1:WJVg9acdlTWqKOiC7JbJa2Ev0kFki5tL4mcdxTAkUMQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682/go.mod h1:HLz7lzU2qNPgSwDA8ZH4T6Ll6kWU6Y6BpIzPWYfLBkc= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 h1:YJruCzvKX+sqPHNK87ZdNJ3bld9cDh86nMuI1V50yKM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:W/OyRa4Ahdv09yt5iHcxSrTCn2yg33rlMqo9yW1GFm0= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 h1:cGUyvu78+r830+joBbEILP5vkmM0udzZWvwEFYKSc30= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682/go.mod h1:gAOk6X5CwD031FqXVf7CD4yQdou7UUUmP0FmRqCGPUI= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 h1:F6Iq7mYVCz+EkVxwtb56Rg6EWbQ/JTSVo0zbrwZ+RTE= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682/go.mod h1:au5YzS8yhxLz767EWIVfabqOrCtMfjppQRDQ+BPnNCE= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 h1:4I/f6SZBayfieqXt7Zk0cWkbfXDGBdLTXFpDCXeAuX0= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682/go.mod h1:j7EjbuGsi5n1jhuQ1s2xbgsV4H5MOY6iTjtp+CaBsh0= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 h1:UCHUJBT8ieT0lja74AgVhU54Td2iFFLurUKKwv+ibig= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682/go.mod h1:0XHkNqJcpcb3wT61pTKmEWoX8uuV9Q5N2Z48NrDYdww= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 h1:BT1oPp1IvgYzpmksSeyoSvl61E4NbAQKyFt7wKEO+nY= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682/go.mod h1:Xv4esSdxyeauCQqd77P5rMAjH8eAhtUfZjgykqPkXIg= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 h1:/LcItEq3+hoyU2Cw181TFbGTSegdYWIC3AFlFwGTre4= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682/go.mod h1:t18RIruuLO3r+O64ycCBgy26pv4C82be62Gkaneigqo= +github.com/openshift/kubernetes v0.0.0-20230417131116-379cd9f22597 h1:W95Zyxyv44bMkGqpSD1bnEdWCYWQmvcrpmckI2fPe80= +github.com/openshift/kubernetes v0.0.0-20230417131116-379cd9f22597/go.mod h1:T0+m4H3K5iWzDP65vb1st8Pd3siJoeSpbC0EzmymTVk= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 h1:+tIqhG89txE3h0H6QpGTYd2oDruIBP6NQ4z410VilwY= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230417131116-379cd9f22597 h1:L0Fp4TnDW45ujTf9aP7jp7IYPe4lDyatMxiUhED0BEY= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230417131116-379cd9f22597/go.mod h1:yViNAI+IfEaoAVoSOgZXDmN4bMipiqwvrXekieIkdbY= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 h1:NDsBsSXNz829Mqa+qrASIhRb4j+kPLPRTYtQngeLq88= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230417131116-379cd9f22597 h1:JGlCw6cI+ymYJVe43SNkXXhDwQlta0xujh+bCZ3CW6Q= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230417131116-379cd9f22597/go.mod h1:VFDYdzpH+ZfUFicJweH6XtgDJJ+bBhIMgS/NgM6c9+c= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 h1:s7GgvBoZe3ezzATYRU7HCRNpAD2+wsFs4jy4U9l08Io= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 h1:eto1R2umIDZygj6cwmv8kxBo/FEYhMIODhIv8j72TYY= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230417131116-379cd9f22597 h1:LH2v0sj7+md6mFV6Arlo4mlkHDby+NGdQQYER8LyMfI= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230417131116-379cd9f22597/go.mod h1:UDt2Nn2cJxGQWGuPZXA8zhtTccXCsbzIMD2QMvjAl/s= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230417131116-379cd9f22597 h1:X0j+Mr0AfAVVhA1w2AY6v8Kro9lTOgR6aiiXCnjkOnY= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230417131116-379cd9f22597/go.mod h1:CHVYBTORnxNcEy4sP3o5mXQCtQ+xakaDn7H4irLH4hE= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230417131116-379cd9f22597/go.mod h1:RPAt1JMA66rIEi+T0Dm3inLGbyc8PsaIoRuh006OoKQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 h1:pF/q1vjooEBGg4IlToc/XC0uI2qN3STVizoBZaHVFZE= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230417131116-379cd9f22597 h1:uAnAjvAyO7Glqa5XIfdQIRrV/rR7Z1sHGg08QsXDKls= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230417131116-379cd9f22597/go.mod h1:1kjV28ccOe1eJI0U3RSRTXDv8PSWILLyDrRHnlN0b5Q= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230417131116-379cd9f22597 h1:pbzBQh0MkUDp7ji6bLNS4eEnjqYv/MuEMiN62qAa9cU= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230417131116-379cd9f22597/go.mod h1:MzAfXD5g03ADE/cQOanac914VXKVm+PE21CdbMnqHh8= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230417131116-379cd9f22597 h1:P2IC+naVB+NB7tqfLmJpZTOCQFL2TSe4QmXDOx6fncQ= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230417131116-379cd9f22597/go.mod h1:sjqtRwsq9OIu27wzHZyTUxhszi4BTrLOZUP3XxMT3ac= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230417131116-379cd9f22597 h1:brkse6bpH7DO+51st85nDAD5qg1cU3ClkfXqIcA7S7M= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230417131116-379cd9f22597/go.mod h1:3iftQXweshE6LzQ4a0nccCFroiXuvkd0Tv0yVhVZo3g= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230417131116-379cd9f22597 h1:qLQK8K8jl/ESjDTwzoMnOoRnQE9NMUj/xUXmffKH3fU= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230417131116-379cd9f22597/go.mod h1:i5+I2dCeC47HR6g0aFW6nr1wNfWRlyFmiSDs2NqFs3I= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230417131116-379cd9f22597 h1:OdqM+efg2HYKYaqp/TxTc+GCPY0qNevmBs9TU9EWHNk= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230417131116-379cd9f22597/go.mod h1:uzei6+XRNkQICBV+e8BACOZwRpfWPvpZ6bVCWYsuxfQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230417131116-379cd9f22597 h1:ik9FxwmfHWvjDz652vMWJpPgHiWGyfcFT0A/7FxzPkI= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230417131116-379cd9f22597/go.mod h1:HLz7lzU2qNPgSwDA8ZH4T6Ll6kWU6Y6BpIzPWYfLBkc= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230417131116-379cd9f22597 h1:QvOjYARJAPbstlC6fsbeJA/bRGq1bbI0ZG/zYT/tMr0= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230417131116-379cd9f22597/go.mod h1:W/OyRa4Ahdv09yt5iHcxSrTCn2yg33rlMqo9yW1GFm0= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230417131116-379cd9f22597 h1:yT48l0YF8fJs2fd4hGACjN8t+NIz045KdzjMCnDE2QQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230417131116-379cd9f22597/go.mod h1:gAOk6X5CwD031FqXVf7CD4yQdou7UUUmP0FmRqCGPUI= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 h1:3sYFRM6LtqV+NL2ZBdGFzSZez7nl129JTjHygIDqvaE= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230417131116-379cd9f22597 h1:Q9TMPWDOlNOqpuHdbqCL9tYcwaBjsaxY3uIdG1Id+CQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230417131116-379cd9f22597/go.mod h1:au5YzS8yhxLz767EWIVfabqOrCtMfjppQRDQ+BPnNCE= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230417131116-379cd9f22597 h1:ZJwiaJpXGlLF0OeqhWr+65QmTTVncZIkxAPOt6Xvqrc= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230417131116-379cd9f22597/go.mod h1:j7EjbuGsi5n1jhuQ1s2xbgsV4H5MOY6iTjtp+CaBsh0= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230417131116-379cd9f22597 h1:D61euIE7tVOnT95jLHa2gqX9H1CAmGeRBAwNh3vUYo8= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230417131116-379cd9f22597/go.mod h1:0XHkNqJcpcb3wT61pTKmEWoX8uuV9Q5N2Z48NrDYdww= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230417131116-379cd9f22597 h1:hYPPuqM9b/BEDFm3pQWU8R3vLgPETFAVQkVlM6bXEkk= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230417131116-379cd9f22597/go.mod h1:Xv4esSdxyeauCQqd77P5rMAjH8eAhtUfZjgykqPkXIg= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230417131116-379cd9f22597 h1:oASFLVzmr5BK+T/3YgaDQUq7HYH8eVLSTxJObI9taF4= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230417131116-379cd9f22597/go.mod h1:t18RIruuLO3r+O64ycCBgy26pv4C82be62Gkaneigqo= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index 5e7a3d1490..77020d37f6 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:903b4ede73a392afe49e08f539e2fdd3f27cf247235b5f46d99266a3b9711574" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 7358d410e1..eb83bbf77c 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2e789671e0795fb9710418d5810e736775b6f5579375d4d7f470acda31528e28" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 50cc1956a7..162989cfb1 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,107 +1,6 @@ -# cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b to d9b70b9b587762e53863d61d0447f2f74580bd4b -498475d4f534072c1d49befb0d12b88059082f93 2023-04-13T05:50:19+00:00 OCPBUGS-11046: Fix allowlist ds template -# kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc -2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission -7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 -b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 -5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled -c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty -1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image -e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: <carry>: Force using the go tooling from the system -6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: <drop>: manually resolve conflicts -9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3 -6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece -7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue -6968f56567c90ea4329448a9185445bb1f114295 2023-03-09T12:39:06-08:00 Removes old discovery hack ignoring 403 and 404 -363bcdd815c051e52954b1aab1cd503dfc19bff7 2023-03-09T12:38:02-08:00 Plumb stale GroupVersions through aggregated discovery -24f79b28edf2496aa63b7578b083362e009a987e 2023-03-09T10:08:08+01:00 releng/go: Update images, dependencies and version to Go 1.19.7 -6e8addd9a0a9e2983e3040e337b1b7ba6df83d87 2023-03-08T04:00:34+00:00 Tolerate empty discovery response in memcache client -5aefc0c454e0e4f7c431ddfdfe767859b36b55ac 2023-03-03T10:00:26+05:30 Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node. -4bab824def3417109b6dca8e16ad3b7fa80d74c8 2023-03-02T11:39:47-08:00 Deflake tests in staging/src/k8s.io/kube-aggregator/pkg/apiserver -20f36098d951df73b131e9408f1a37a74b84ba5d 2023-03-02T11:39:42-08:00 Fix a data race in TestDirty -d07478bd5a863273aec874c869bb8cd3de911bdc 2023-03-02T11:39:38-08:00 ut: fix TestLegacyFallbackNoCache versions order -b1f6dc0311402ffc8849ffab2998b38d839b9924 2023-03-02T11:36:43-08:00 Fix legacy fallback stale for aggregated discovery -3df1e8e32fdc4462bdfe1537d90ce4e6d83e6a9a 2023-03-02T02:29:31+00:00 add unit test -86a6f5d1b58ee63de1133b515001dd6d333b207a 2023-03-02T02:29:31+00:00 fix 116028 -e8627059b02a360f30a869abc7c1cbec00163651 2023-02-28T17:19:34-03:00 Re-enable label selector -1b063e1248ce9f38fda5456054fca77ecb320eec 2023-02-28T17:19:34-03:00 Add integration test for diff --prune --selector -215a91b4381ec2fded38e8d0253e0e3f3675f9cb 2023-02-28T17:19:32-03:00 Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply -9ec50f523aa50219f2449b1acc119619d0642051 2023-02-27T10:58:28+01:00 svc: Support pods with same address -a4ea8e56c1558292233d6b4bb1d0712a21bf3518 2023-02-27T08:37:59+01:00 api: generated files -bb8e051b4b95e1eb0e2dc4e3e25b4373a8a6307d 2023-02-27T08:33:04+01:00 api: drop Resources.Claims from PVC and PVC template -5ea3848172c54a35b0e86a3709b983136e277293 2023-02-24T20:23:32+01:00 scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim -f5261ae7362e90f20db2557bc83d590e83aeb7be 2023-02-24T07:25:58-08:00 Fix validation.go to validate without StatefulSetStartOrdinal feature gate check. Adds test case to validate regression fix of validation failing when spec.ordinals set and feature gate disabled -f945942cfa18acc3cb0d063a065fafa1e710dc88 2023-02-22T14:30:11+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.2 -a87eb5d44f4d0008ef910d98d3b1983e3320bab7 2023-02-22T13:32:21+00:00 Release commit for Kubernetes v1.26.3-rc.0 -a05ec2e0147acb5955b21e4b971ae2e59a3ea019 2023-02-20T23:05:34+01:00 Remove global framework variable -072703c70b066c590686b9b75dcacab5a3f737dd 2023-02-15T10:25:09-08:00 fix race in aggregated discovery handler -bdecd47143ebfddfeacb36b9ff980446476eec9c 2023-02-14T17:46:31+00:00 Remove check for CSI driver running on node for CSI migration attach operations -00e1ab6b5dbf815eb6853a497b8ce1685a717536 2023-02-14T11:06:01-05:00 Disable multiple pv mount tests for vsphere intree driver -192f90ac9c5f0e04f0b9973952e0227cb37c5c4e 2023-02-13T21:26:58-05:00 Simplify construction of /metrics request -4e7930724f2afb60efc29b94ce1c5c75ceecb7cc 2023-02-08T16:54:52+05:30 Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode. -83c3ca63a12eaadfa2fb20ea5d6b588904461193 2023-02-07T17:03:20-08:00 Bump konnectivity-client to v0.0.36 -29f810fc071157cfa55603e97c0065e50f45a131 2023-02-06T21:51:40+00:00 make GetSubnetPrefix IP family agnostic -d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme from kube::golang::verify_go_version -62386bb73950cbdec1f8938a3250937702222749 2023-02-03T00:01:07-05:00 Add gimme -25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets -a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available -6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics -# machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a to 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3 -b1826289224b1e973b88f3d0903b63cc9118af83 2023-04-13T16:32:58+00:00 OCPBUGS-11280: Fixing forcedns dispatcher script permission issue for assisted sno rhel9 upgrade -1e962e3c33c905d86871fc740eaac69e3b6f12a8 2023-03-29T13:52:01+00:00 Splitting NetworkManager-onprem.conf.yaml to 2 files: 1. NetworkManager-onprem.conf.yaml will set unmanaged field as before and will do it only for onprem platforms as before 2. NetworkManager-ipv6.conf.yaml will set ipv6 flags for all platforms -# ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537 -13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6 -# kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc -2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission -7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 -b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 -5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled -c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty -1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: <drop>: hack/update-vendor.sh, make update and update image -e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: <carry>: Force using the go tooling from the system -6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: <drop>: manually resolve conflicts -9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3 -6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece -7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue -6968f56567c90ea4329448a9185445bb1f114295 2023-03-09T12:39:06-08:00 Removes old discovery hack ignoring 403 and 404 -363bcdd815c051e52954b1aab1cd503dfc19bff7 2023-03-09T12:38:02-08:00 Plumb stale GroupVersions through aggregated discovery -24f79b28edf2496aa63b7578b083362e009a987e 2023-03-09T10:08:08+01:00 releng/go: Update images, dependencies and version to Go 1.19.7 -6e8addd9a0a9e2983e3040e337b1b7ba6df83d87 2023-03-08T04:00:34+00:00 Tolerate empty discovery response in memcache client -5aefc0c454e0e4f7c431ddfdfe767859b36b55ac 2023-03-03T10:00:26+05:30 Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node. -4bab824def3417109b6dca8e16ad3b7fa80d74c8 2023-03-02T11:39:47-08:00 Deflake tests in staging/src/k8s.io/kube-aggregator/pkg/apiserver -20f36098d951df73b131e9408f1a37a74b84ba5d 2023-03-02T11:39:42-08:00 Fix a data race in TestDirty -d07478bd5a863273aec874c869bb8cd3de911bdc 2023-03-02T11:39:38-08:00 ut: fix TestLegacyFallbackNoCache versions order -b1f6dc0311402ffc8849ffab2998b38d839b9924 2023-03-02T11:36:43-08:00 Fix legacy fallback stale for aggregated discovery -3df1e8e32fdc4462bdfe1537d90ce4e6d83e6a9a 2023-03-02T02:29:31+00:00 add unit test -86a6f5d1b58ee63de1133b515001dd6d333b207a 2023-03-02T02:29:31+00:00 fix 116028 -e8627059b02a360f30a869abc7c1cbec00163651 2023-02-28T17:19:34-03:00 Re-enable label selector -1b063e1248ce9f38fda5456054fca77ecb320eec 2023-02-28T17:19:34-03:00 Add integration test for diff --prune --selector -215a91b4381ec2fded38e8d0253e0e3f3675f9cb 2023-02-28T17:19:32-03:00 Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply -9ec50f523aa50219f2449b1acc119619d0642051 2023-02-27T10:58:28+01:00 svc: Support pods with same address -a4ea8e56c1558292233d6b4bb1d0712a21bf3518 2023-02-27T08:37:59+01:00 api: generated files -bb8e051b4b95e1eb0e2dc4e3e25b4373a8a6307d 2023-02-27T08:33:04+01:00 api: drop Resources.Claims from PVC and PVC template -5ea3848172c54a35b0e86a3709b983136e277293 2023-02-24T20:23:32+01:00 scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim -f5261ae7362e90f20db2557bc83d590e83aeb7be 2023-02-24T07:25:58-08:00 Fix validation.go to validate without StatefulSetStartOrdinal feature gate check. Adds test case to validate regression fix of validation failing when spec.ordinals set and feature gate disabled -f945942cfa18acc3cb0d063a065fafa1e710dc88 2023-02-22T14:30:11+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.2 -a87eb5d44f4d0008ef910d98d3b1983e3320bab7 2023-02-22T13:32:21+00:00 Release commit for Kubernetes v1.26.3-rc.0 -a05ec2e0147acb5955b21e4b971ae2e59a3ea019 2023-02-20T23:05:34+01:00 Remove global framework variable -072703c70b066c590686b9b75dcacab5a3f737dd 2023-02-15T10:25:09-08:00 fix race in aggregated discovery handler -bdecd47143ebfddfeacb36b9ff980446476eec9c 2023-02-14T17:46:31+00:00 Remove check for CSI driver running on node for CSI migration attach operations -00e1ab6b5dbf815eb6853a497b8ce1685a717536 2023-02-14T11:06:01-05:00 Disable multiple pv mount tests for vsphere intree driver -192f90ac9c5f0e04f0b9973952e0227cb37c5c4e 2023-02-13T21:26:58-05:00 Simplify construction of /metrics request -4e7930724f2afb60efc29b94ce1c5c75ceecb7cc 2023-02-08T16:54:52+05:30 Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode. -83c3ca63a12eaadfa2fb20ea5d6b588904461193 2023-02-07T17:03:20-08:00 Bump konnectivity-client to v0.0.36 -29f810fc071157cfa55603e97c0065e50f45a131 2023-02-06T21:51:40+00:00 make GetSubnetPrefix IP family agnostic -d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme from kube::golang::verify_go_version -62386bb73950cbdec1f8938a3250937702222749 2023-02-03T00:01:07-05:00 Add gimme -25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets -a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available -6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics -# ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537 -13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6 -# kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c to 19816eefa6829861687df6dfe573708756c464cc -2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: <drop>: bump: apiserver-lib-go for fixed SCC admission -7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 -b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 -5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled -c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: <carry>: SCC pod extractor: assume default SA if SA is empty +# kubernetes embedded-component 19816eefa6829861687df6dfe573708756c464cc to 379cd9f22597a7a7f6ea57471f590c1abf01ce92 +0ebbe8aec6deca7e2ca345772abc8147be08b60f 2023-04-14T09:51:38-04:00 UPSTREAM: 117311: kube-aggregator: correctly use client-go TLS cache with custom dialer +# kubernetes image-amd64 19816eefa6829861687df6dfe573708756c464cc to 379cd9f22597a7a7f6ea57471f590c1abf01ce92 +0ebbe8aec6deca7e2ca345772abc8147be08b60f 2023-04-14T09:51:38-04:00 UPSTREAM: 117311: kube-aggregator: correctly use client-go TLS cache with custom dialer +# kubernetes image-arm64 19816eefa6829861687df6dfe573708756c464cc to 379cd9f22597a7a7f6ea57471f590c1abf01ce92 +0ebbe8aec6deca7e2ca345772abc8147be08b60f 2023-04-14T09:51:38-04:00 UPSTREAM: 117311: kube-aggregator: correctly use client-go TLS cache with custom dialer diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index fdd44b74f8..10ccebaad5 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -7,7 +7,7 @@ https://github.com/openshift/cluster-network-operator embedded-component d9b70b9 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -https://github.com/openshift/kubernetes embedded-component 19816eefa6829861687df6dfe573708756c464cc +https://github.com/openshift/kubernetes embedded-component 379cd9f22597a7a7f6ea57471f590c1abf01ce92 https://github.com/openshift/machine-config-operator embedded-component 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 @@ -17,12 +17,12 @@ https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce733 https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 https://github.com/openshift/ovn-kubernetes image-amd64 e3bef98aa599a90a7f24ab077e7b979d688eb537 -https://github.com/openshift/kubernetes image-amd64 19816eefa6829861687df6dfe573708756c464cc +https://github.com/openshift/kubernetes image-amd64 379cd9f22597a7a7f6ea57471f590c1abf01ce92 https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 https://github.com/openshift/ovn-kubernetes image-arm64 e3bef98aa599a90a7f24ab077e7b979d688eb537 -https://github.com/openshift/kubernetes image-arm64 19816eefa6829861687df6dfe573708756c464cc +https://github.com/openshift/kubernetes image-arm64 379cd9f22597a7a7f6ea57471f590c1abf01ce92 https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index bdbc467c65..a69c5f4659 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-15-102029" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-15-102028" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-18-005127" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-17-235646" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go b/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go index 040c8e9655..0a01b87bc2 100644 --- a/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go +++ b/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go @@ -38,6 +38,7 @@ import ( utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/client-go/kubernetes" "k8s.io/client-go/pkg/version" + "k8s.io/client-go/transport" "k8s.io/klog/v2" openapicommon "k8s.io/kube-openapi/pkg/common" @@ -133,7 +134,7 @@ type APIAggregator struct { // proxyCurrentCertKeyContent holds he client cert used to identify this proxy. Backing APIServices use this to confirm the proxy's identity proxyCurrentCertKeyContent certKeyFunc - proxyTransport *http.Transport + proxyTransportDial *transport.DialHolder // proxyHandlers are the proxy handlers that are currently registered, keyed by apiservice.name proxyHandlers map[string]*proxyHandler @@ -167,10 +168,6 @@ type APIAggregator struct { // when discovery with resources are requested discoveryAggregationController DiscoveryAggregationController - // egressSelector selects the proper egress dialer to communicate with the custom apiserver - // overwrites proxyTransport dialer if not nil - egressSelector *egressselector.EgressSelector - // rejectForwardingRedirects is whether to allow to forward redirect response rejectForwardingRedirects bool } @@ -217,10 +214,23 @@ func (c completedConfig) NewWithDelegate(delegationTarget genericapiserver.Deleg return nil, err } + var proxyTransportDial *transport.DialHolder + if c.GenericConfig.EgressSelector != nil { + egressDialer, err := c.GenericConfig.EgressSelector.Lookup(egressselector.Cluster.AsNetworkContext()) + if err != nil { + return nil, err + } + if egressDialer != nil { + proxyTransportDial = &transport.DialHolder{Dial: egressDialer} + } + } else if c.ExtraConfig.ProxyTransport != nil && c.ExtraConfig.ProxyTransport.DialContext != nil { + proxyTransportDial = &transport.DialHolder{Dial: c.ExtraConfig.ProxyTransport.DialContext} + } + s := &APIAggregator{ GenericAPIServer: genericServer, delegateHandler: delegationTarget.UnprotectedHandler(), - proxyTransport: c.ExtraConfig.ProxyTransport, + proxyTransportDial: proxyTransportDial, proxyHandlers: map[string]*proxyHandler{}, handledGroups: sets.String{}, handledAlwaysLocalDelegatePaths: sets.String{}, @@ -229,7 +239,6 @@ func (c completedConfig) NewWithDelegate(delegationTarget genericapiserver.Deleg serviceResolver: c.ExtraConfig.ServiceResolver, openAPIConfig: c.GenericConfig.OpenAPIConfig, openAPIV3Config: c.GenericConfig.OpenAPIV3Config, - egressSelector: c.GenericConfig.EgressSelector, proxyCurrentCertKeyContent: func() (bytes []byte, bytes2 []byte) { return nil, nil }, rejectForwardingRedirects: c.ExtraConfig.RejectForwardingRedirects, } @@ -303,10 +312,9 @@ func (c completedConfig) NewWithDelegate(delegationTarget genericapiserver.Deleg c.GenericConfig.SharedInformerFactory.Core().V1().Services(), c.GenericConfig.SharedInformerFactory.Core().V1().Endpoints(), apiregistrationClient.ApiregistrationV1(), - c.ExtraConfig.ProxyTransport, + proxyTransportDial, (func() ([]byte, []byte))(s.proxyCurrentCertKeyContent), s.serviceResolver, - c.GenericConfig.EgressSelector, c.GenericConfig.HasBeenReadySignal(), ) if err != nil { @@ -497,7 +505,7 @@ func (s *APIAggregator) AddAPIService(apiService *v1.APIService) error { // Forward calls to discovery manager to update discovery document if s.discoveryAggregationController != nil { handlerCopy := *proxyHandler - handlerCopy.setServiceAvailable(true) + handlerCopy.setServiceAvailable() s.discoveryAggregationController.AddAPIService(apiService, &handlerCopy) } return nil @@ -513,9 +521,8 @@ func (s *APIAggregator) AddAPIService(apiService *v1.APIService) error { proxyHandler := &proxyHandler{ localDelegate: s.delegateHandler, proxyCurrentCertKeyContent: s.proxyCurrentCertKeyContent, - proxyTransport: s.proxyTransport, + proxyTransportDial: s.proxyTransportDial, serviceResolver: s.serviceResolver, - egressSelector: s.egressSelector, rejectForwardingRedirects: s.rejectForwardingRedirects, } proxyHandler.updateAPIService(apiService) diff --git a/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go b/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go index 53c2841228..3d7dae0d23 100644 --- a/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go +++ b/vendor/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go @@ -34,10 +34,8 @@ import ( "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" endpointmetrics "k8s.io/apiserver/pkg/endpoints/metrics" genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/server/egressselector" utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" "k8s.io/apiserver/pkg/util/x509metrics" - restclient "k8s.io/client-go/rest" "k8s.io/client-go/transport" "k8s.io/klog/v2" apiregistrationv1api "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" @@ -60,17 +58,13 @@ type proxyHandler struct { // proxyCurrentCertKeyContent holds the client cert used to identify this proxy. Backing APIServices use this to confirm the proxy's identity proxyCurrentCertKeyContent certKeyFunc - proxyTransport *http.Transport + proxyTransportDial *transport.DialHolder // Endpoints based routing to map from cluster IP to routable IP serviceResolver ServiceResolver handlingInfo atomic.Value - // egressSelector selects the proper egress dialer to communicate with the custom apiserver - // overwrites proxyTransport dialer if not nil - egressSelector *egressselector.EgressSelector - // reject to forward redirect response rejectForwardingRedirects bool } @@ -81,8 +75,8 @@ type proxyHandlingInfo struct { // name is the name of the APIService name string - // restConfig holds the information for building a roundtripper - restConfig *restclient.Config + // transportConfig holds the information for building a roundtripper + transportConfig *transport.Config // transportBuildingError is an error produced while building the transport. If this // is non-nil, it will be reported to clients. transportBuildingError error @@ -242,7 +236,7 @@ func (r *responder) Error(_ http.ResponseWriter, _ *http.Request, err error) { // Sets serviceAvailable value on proxyHandler // not thread safe -func (r *proxyHandler) setServiceAvailable(value bool) { +func (r *proxyHandler) setServiceAvailable() { info := r.handlingInfo.Load().(proxyHandlingInfo) info.serviceAvailable = true r.handlingInfo.Store(info) @@ -256,41 +250,30 @@ func (r *proxyHandler) updateAPIService(apiService *apiregistrationv1api.APIServ proxyClientCert, proxyClientKey := r.proxyCurrentCertKeyContent() - clientConfig := &restclient.Config{ - TLSClientConfig: restclient.TLSClientConfig{ + transportConfig := &transport.Config{ + TLS: transport.TLSConfig{ Insecure: apiService.Spec.InsecureSkipTLSVerify, ServerName: apiService.Spec.Service.Name + "." + apiService.Spec.Service.Namespace + ".svc", CertData: proxyClientCert, KeyData: proxyClientKey, CAData: apiService.Spec.CABundle, }, + DialHolder: r.proxyTransportDial, } - clientConfig.Wrap(x509metrics.NewDeprecatedCertificateRoundTripperWrapperConstructor( + transportConfig.Wrap(x509metrics.NewDeprecatedCertificateRoundTripperWrapperConstructor( x509MissingSANCounter, x509InsecureSHA1Counter, )) newInfo := proxyHandlingInfo{ name: apiService.Name, - restConfig: clientConfig, + transportConfig: transportConfig, serviceName: apiService.Spec.Service.Name, serviceNamespace: apiService.Spec.Service.Namespace, servicePort: *apiService.Spec.Service.Port, serviceAvailable: apiregistrationv1apihelper.IsAPIServiceConditionTrue(apiService, apiregistrationv1api.Available), } - if r.egressSelector != nil { - networkContext := egressselector.Cluster.AsNetworkContext() - var egressDialer utilnet.DialFunc - egressDialer, err := r.egressSelector.Lookup(networkContext) - if err != nil { - klog.Warning(err.Error()) - } else { - newInfo.restConfig.Dial = egressDialer - } - } else if r.proxyTransport != nil && r.proxyTransport.DialContext != nil { - newInfo.restConfig.Dial = r.proxyTransport.DialContext - } - newInfo.proxyRoundTripper, newInfo.transportBuildingError = restclient.TransportFor(newInfo.restConfig) + newInfo.proxyRoundTripper, newInfo.transportBuildingError = transport.New(newInfo.transportConfig) if newInfo.transportBuildingError != nil { klog.Warning(newInfo.transportBuildingError.Error()) } diff --git a/vendor/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go b/vendor/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go index 7876646409..48a8dfc422 100644 --- a/vendor/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go +++ b/vendor/k8s.io/kube-aggregator/pkg/controllers/status/available_controller.go @@ -19,7 +19,6 @@ package apiserver import ( "context" "fmt" - "net" "net/http" "net/url" "reflect" @@ -33,13 +32,10 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" - utilnet "k8s.io/apimachinery/pkg/util/net" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/apiserver/pkg/server/egressselector" v1informers "k8s.io/client-go/informers/core/v1" v1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/client-go/rest" "k8s.io/client-go/tools/cache" "k8s.io/client-go/transport" "k8s.io/client-go/util/workqueue" @@ -77,8 +73,8 @@ type AvailableConditionController struct { endpointsLister v1listers.EndpointsLister endpointsSynced cache.InformerSynced - // dialContext specifies the dial function for creating unencrypted TCP connections. - dialContext func(ctx context.Context, network, address string) (net.Conn, error) + // proxyTransportDial specifies the dial function for creating unencrypted TCP connections. + proxyTransportDial *transport.DialHolder proxyCurrentCertKeyContent certKeyFunc serviceResolver ServiceResolver @@ -91,13 +87,6 @@ type AvailableConditionController struct { // this lock protects operations on the above cache cacheLock sync.RWMutex - // TLS config with customized dialer cannot be cached by the client-go - // tlsTransportCache. Use a local cache here to reduce the chance of - // the controller spamming idle connections with short-lived transports. - // NOTE: the cache works because we assume that the transports constructed - // by the controller only vary on the dynamic cert/key. - tlsCache *tlsTransportCache - // metrics registered into legacy registry metrics *availabilityMetrics @@ -105,56 +94,15 @@ type AvailableConditionController struct { hasBeenReady <-chan struct{} } -type tlsTransportCache struct { - mu sync.Mutex - transports map[tlsCacheKey]http.RoundTripper -} - -func (c *tlsTransportCache) get(config *rest.Config) (http.RoundTripper, error) { - // If the available controller doesn't customzie the dialer (and we know from - // the code that the controller doesn't customzie other functions i.e. Proxy - // and GetCert (ExecProvider)), the config is cacheable by the client-go TLS - // transport cache. Let's skip the local cache and depend on the client-go cache. - if config.Dial == nil { - return rest.TransportFor(config) - } - c.mu.Lock() - defer c.mu.Unlock() - // See if we already have a custom transport for this config - key := tlsConfigKey(config) - if t, ok := c.transports[key]; ok { - return t, nil - } - restTransport, err := rest.TransportFor(config) - if err != nil { - return nil, err - } - c.transports[key] = restTransport - return restTransport, nil -} - -type tlsCacheKey struct { - certData string - keyData string `datapolicy:"secret-key"` -} - -func tlsConfigKey(c *rest.Config) tlsCacheKey { - return tlsCacheKey{ - certData: string(c.TLSClientConfig.CertData), - keyData: string(c.TLSClientConfig.KeyData), - } -} - // NewAvailableConditionController returns a new AvailableConditionController. func NewAvailableConditionController( apiServiceInformer informers.APIServiceInformer, serviceInformer v1informers.ServiceInformer, endpointsInformer v1informers.EndpointsInformer, apiServiceClient apiregistrationclient.APIServicesGetter, - proxyTransport *http.Transport, + proxyTransportDial *transport.DialHolder, proxyCurrentCertKeyContent certKeyFunc, serviceResolver ServiceResolver, - egressSelector *egressselector.EgressSelector, hasBeenReady <-chan struct{}, ) (*AvailableConditionController, error) { c := &AvailableConditionController{ @@ -172,24 +120,12 @@ func NewAvailableConditionController( // the maximum disruption time to a minimum, but it does prevent hot loops. workqueue.NewItemExponentialFailureRateLimiter(5*time.Millisecond, 30*time.Second), "AvailableConditionController"), + proxyTransportDial: proxyTransportDial, proxyCurrentCertKeyContent: proxyCurrentCertKeyContent, - tlsCache: &tlsTransportCache{transports: make(map[tlsCacheKey]http.RoundTripper)}, metrics: newAvailabilityMetrics(), hasBeenReady: hasBeenReady, } - if egressSelector != nil { - networkContext := egressselector.Cluster.AsNetworkContext() - var egressDialer utilnet.DialFunc - egressDialer, err := egressSelector.Lookup(networkContext) - if err != nil { - return nil, err - } - c.dialContext = egressDialer - } else if proxyTransport != nil && proxyTransport.DialContext != nil { - c.dialContext = proxyTransport.DialContext - } - // resync on this one because it is low cardinality and rechecking the actual discovery // allows us to detect health in a more timely fashion when network connectivity to // nodes is snipped, but the network still attempts to route there. See @@ -253,27 +189,20 @@ func (c *AvailableConditionController) sync(key string) error { // if a particular transport was specified, use that otherwise build one // construct an http client that will ignore TLS verification (if someone owns the network and messes with your status // that's not so bad) and sets a very short timeout. This is a best effort GET that provides no additional information - restConfig := &rest.Config{ - TLSClientConfig: rest.TLSClientConfig{ + transportConfig := &transport.Config{ + TLS: transport.TLSConfig{ Insecure: true, }, + DialHolder: c.proxyTransportDial, } if c.proxyCurrentCertKeyContent != nil { proxyClientCert, proxyClientKey := c.proxyCurrentCertKeyContent() - restConfig.TLSClientConfig.CertData = proxyClientCert - restConfig.TLSClientConfig.KeyData = proxyClientKey - } - if c.dialContext != nil { - restConfig.Dial = c.dialContext + transportConfig.TLS.CertData = proxyClientCert + transportConfig.TLS.KeyData = proxyClientKey } - // TLS config with customized dialer cannot be cached by the client-go - // tlsTransportCache. Use a local cache here to reduce the chance of - // the controller spamming idle connections with short-lived transports. - // NOTE: the cache works because we assume that the transports constructed - // by the controller only vary on the dynamic cert/key. - restTransport, err := c.tlsCache.get(restConfig) + restTransport, err := transport.New(transportConfig) if err != nil { return err } diff --git a/vendor/modules.txt b/vendor/modules.txt index a42c0e700d..9ca8054bb8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1362,7 +1362,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1418,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiextensions-apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1462,7 +1462,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1526,7 +1526,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiserver v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1680,12 +1680,12 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2015,7 +2015,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 +# k8s.io/cloud-provider v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2035,14 +2035,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2075,7 +2075,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-helpers v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2088,7 +2088,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/controller-manager v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2105,16 +2105,16 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/dynamic-resource-allocation/resourceclaim # k8s.io/gengo v0.0.0-20220902162205-c0856e24416d @@ -2133,11 +2133,11 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 +# k8s.io/kms v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2alpha1 -# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-aggregator v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2168,7 +2168,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 @@ -2201,13 +2201,13 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/config/v1beta2 k8s.io/kube-scheduler/config/v1beta3 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2243,7 +2243,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubelet v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2260,7 +2260,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubernetes v1.26.1 => github.com/openshift/kubernetes v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3048,7 +3048,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/legacy-cloud-providers/aws k8s.io/legacy-cloud-providers/azure @@ -3091,7 +3091,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3106,10 +3106,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 +# k8s.io/pod-security-admission v0.25.0 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230417131116-379cd9f22597 ## explicit; go 1.19 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3252,33 +3252,33 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230417131116-379cd9f22597 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230417131116-379cd9f22597 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230417131116-379cd9f22597 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230417131116-379cd9f22597 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230417131116-379cd9f22597 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230417131116-379cd9f22597 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230417131116-379cd9f22597 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230417131116-379cd9f22597 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230417131116-379cd9f22597 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230417131116-379cd9f22597 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230417131116-379cd9f22597 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230417131116-379cd9f22597 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230417131116-379cd9f22597 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230417131116-379cd9f22597 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230417131116-379cd9f22597 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230417131116-379cd9f22597 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230417131116-379cd9f22597 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230417131116-379cd9f22597 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230417131116-379cd9f22597 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230417131116-379cd9f22597 From 7df56e0e0bccb6c4d8fb4d0a199b0ecca322eb1e Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Wed, 19 Apr 2023 03:31:32 -0400 Subject: [PATCH 66/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-18-005127_amd64-2023-04-18_arm64-2023-04-18 (#1684) * update last_rebase.sh * update changelog * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.version.aarch64.var | 2 +- assets/release/release-aarch64.json | 2 +- scripts/auto-rebase/changelog.txt | 6 ------ scripts/auto-rebase/last_rebase.sh | 2 +- 4 files changed, 3 insertions(+), 9 deletions(-) diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index d27157562e..e28e2352d2 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-17-235646 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-18-043011 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 2af1bc3ac7..516a8eceb2 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-17-235646" + "base": "4.13.0-0.nightly-arm64-2023-04-18-043011" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 162989cfb1..e69de29bb2 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,6 +0,0 @@ -# kubernetes embedded-component 19816eefa6829861687df6dfe573708756c464cc to 379cd9f22597a7a7f6ea57471f590c1abf01ce92 -0ebbe8aec6deca7e2ca345772abc8147be08b60f 2023-04-14T09:51:38-04:00 UPSTREAM: 117311: kube-aggregator: correctly use client-go TLS cache with custom dialer -# kubernetes image-amd64 19816eefa6829861687df6dfe573708756c464cc to 379cd9f22597a7a7f6ea57471f590c1abf01ce92 -0ebbe8aec6deca7e2ca345772abc8147be08b60f 2023-04-14T09:51:38-04:00 UPSTREAM: 117311: kube-aggregator: correctly use client-go TLS cache with custom dialer -# kubernetes image-arm64 19816eefa6829861687df6dfe573708756c464cc to 379cd9f22597a7a7f6ea57471f590c1abf01ce92 -0ebbe8aec6deca7e2ca345772abc8147be08b60f 2023-04-14T09:51:38-04:00 UPSTREAM: 117311: kube-aggregator: correctly use client-go TLS cache with custom dialer diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index a69c5f4659..3aeb6779a9 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-18-005127" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-17-235646" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-18-005127" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-18-043011" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 649250c0d9c8f83f5f60271c032b7abfd2d81a44 Mon Sep 17 00:00:00 2001 From: Gregory Giguashvili <ggiguash@redhat.com> Date: Wed, 19 Apr 2023 12:49:24 +0000 Subject: [PATCH 67/79] Add osbuild2copr.sh script to facilitate embedding of containers into ISO --- docs/rhel4edge_iso.md | 18 +++++++++++++++++- hack/osbuild2copr.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100755 hack/osbuild2copr.sh diff --git a/docs/rhel4edge_iso.md b/docs/rhel4edge_iso.md index a537f2b72c..f91dc711b8 100644 --- a/docs/rhel4edge_iso.md +++ b/docs/rhel4edge_iso.md @@ -132,6 +132,17 @@ auth_file_path = "/etc/osbuild-worker/pull-secret.json" EOF ``` +> **NOTE** <br> +> Embedding container images in the generated ISO requires the functionality from the latest version of the `osbuild` and `osbuild-composer` packages. +> This functionality will be available in the future releases of the RHEL 9 operating system. + +To install the necessary functionality, run the following command to upgrade your system with the up-to-date software from the `copr` repository. +```bash +~/microshift/hack/osbuild2copr.sh copr +``` + +> If necessary, rerun the `hack/osbuild2copr.sh` script with the `appstream` argument to revert to the standard `osbuild` and `osbuild-composer` packages. + Proceed by running the build script with the `-embed_containers` argument to include the dependent container images into the generated ISO. ```bash ~/microshift/scripts/image-builder/build.sh -pull_secret_file ~/.pull-secret.json -embed_containers @@ -220,12 +231,17 @@ sudo virsh net-autostart isolated Follow the instruction in the [Install MicroShift for Edge](#install-microshift-for-edge) section to install a new virtual machine using the `isolated` network configuration. > When running the `virt-install` command, specify the `--network network=isolated,model=virtio` option to select the `isolated` network configuration. -After the virtual machine is created, log into the system and verify that the Internet is not accessible. +After the virtual machine is created, log into the system using the Virtual Machine Manager console and verify that the Internet is not accessible. ```bash $ curl -I redhat.com curl: (6) Could not resolve host: redhat.com ``` +> **NOTE** <br> +> It may be more convenient to connect to the virtual machine using its serial console. +> * Run the `sudo systemctl enable --now serial-getty@ttyS0.service` command on the virtual machine to enable the serial console service. +> * Run the `sudo virsh console microshift-edge` command on the hypervisor to connect to the serial console. + Make sure that `CRI-O` has access to all the container images required by MicroShift. ```bash $ sudo crictl images diff --git a/hack/osbuild2copr.sh b/hack/osbuild2copr.sh new file mode 100755 index 0000000000..302698d978 --- /dev/null +++ b/hack/osbuild2copr.sh @@ -0,0 +1,43 @@ +#!/bin/bash +set -e + +ROOTDIR=$(dirname "$0") + +COPR_MODE= +case "$1" in +copr) + COPR_MODE=enable + ;; +appstream) + COPR_MODE=disable + ;; +*) + echo "Usage: $(basename "$0") <copr | appstream>" + exit 1 + ;; +esac + +echo "Removing the existing 'osbuild' packages..." +LIST2REMOVE=$(rpm -qa | grep -E '^osbuild' || true) +# shellcheck disable=SC2086 +# The list need not be quoted to allow multiple package removal +[ -n "${LIST2REMOVE}" ] && sudo dnf remove -y ${LIST2REMOVE} + +# Clean-up the old osbuild jobs, state and copr packages to avoid incompatibilities between versions +sudo rm -rf /var/lib/osbuild-composer || true +sudo rm -rf /var/cache/{osbuild-composer,osbuild-worker} || true +sudo rm -f /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:*osbuild* || true + +sudo dnf copr -y "${COPR_MODE}" @osbuild/osbuild "epel-9-$(uname -i)" +sudo dnf copr -y "${COPR_MODE}" @osbuild/osbuild-composer "epel-9-$(uname -i)" + +# Uncomment the following to use the packages from PRs before their merge +# sudo dnf copr -y "${COPR_MODE}" packit/osbuild-osbuild-1252 "epel-9-$(uname -i)" +# sudo dnf copr -y "${COPR_MODE}" packit/osbuild-osbuild-composer-3398 "epel-9-$(uname -i)" + +echo "Installing new 'osbuild' packages..." +"${ROOTDIR}/../scripts/image-builder/configure.sh" +"${ROOTDIR}/../scripts/image-builder/cleanup.sh" -full + +echo "Querying the installed 'osbuild' packages..." +rpm -qa | grep -E '^osbuild' From d0df13240222315ac58b920a372540fbb7ce734d Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Mon, 24 Apr 2023 10:39:54 -0500 Subject: [PATCH 68/79] set max container-selinux version --- packaging/rpm/microshift.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index 7f7756533b..02eec43879 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -79,7 +79,7 @@ MicroShift and can be used to embed those images into osbuilder blueprints. Summary: SELinux policies for MicroShift BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} -Requires: container-selinux >= %{container_policy_epoch}:%{container_policyver} +Requires: container-selinux <= %{container_policy_epoch}:%{container_policyver} BuildArch: noarch Requires: selinux-policy >= %{selinux_policyver} From e07b5f666498e123e4b933e5a5eb05f188514388 Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Mon, 24 Apr 2023 12:52:20 -0500 Subject: [PATCH 69/79] epoc 3 is the only available epoch on rhel 9.1 Signed-off-by: Jon Cope <jcope@redhat.com> --- packaging/rpm/microshift.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index 02eec43879..8011e224d0 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -19,7 +19,7 @@ %global selinuxtype targeted %define selinux_policyver 3.14.3-67 %define container_policyver 2.167.0-1 -%define container_policy_epoch 2 +%define container_policy_epoch 3 %define microshift_relabel_files() \ mkdir -p /var/hpvolumes; \ mkdir -p /var/run/kubelet; \ From 6fefb34558078ed31073a61cd13f6c5958e92f11 Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Mon, 24 Apr 2023 13:11:11 -0500 Subject: [PATCH 70/79] excluded from 2.189.0 and up Signed-off-by: Jon Cope <jcope@redhat.com> --- packaging/rpm/microshift.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index 8011e224d0..bbfaef1884 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -18,7 +18,7 @@ # SELinux specifics %global selinuxtype targeted %define selinux_policyver 3.14.3-67 -%define container_policyver 2.167.0-1 +%define container_policyver 2.189.0 %define container_policy_epoch 3 %define microshift_relabel_files() \ mkdir -p /var/hpvolumes; \ @@ -79,7 +79,7 @@ MicroShift and can be used to embed those images into osbuilder blueprints. Summary: SELinux policies for MicroShift BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} -Requires: container-selinux <= %{container_policy_epoch}:%{container_policyver} +Requires: container-selinux < %{container_policy_epoch}:%{container_policyver} BuildArch: noarch Requires: selinux-policy >= %{selinux_policyver} From 933eba26ef5e843f2062ddf96be7ca4bf905174c Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Tue, 25 Apr 2023 05:07:28 -0400 Subject: [PATCH 71/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-21-084440_amd64-2023-04-21_arm64-2023-04-21 (#1703) * update last_rebase.sh * update changelog * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.version.aarch64.var | 2 +- Makefile.version.x86_64.var | 2 +- assets/release/release-aarch64.json | 14 +++++++------- assets/release/release-x86_64.json | 14 +++++++------- packaging/crio.conf.d/microshift_amd64.conf | 2 +- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 2 ++ scripts/auto-rebase/commits.txt | 2 +- scripts/auto-rebase/last_rebase.sh | 2 +- 9 files changed, 22 insertions(+), 20 deletions(-) diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index e28e2352d2..8b9da50280 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-18-043011 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-21-150008 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 127e2b790e..7041b90272 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-18-005127 +OCP_VERSION := 4.13.0-0.nightly-2023-04-21-084440 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 516a8eceb2..a89ad7c747 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-18-043011" + "base": "4.13.0-0.nightly-arm64-2023-04-21-150008" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5c9ce8d0fd1ca92ccca5a4cad3466241595e621c5d85fa3c511a53d448e45f7e", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45262e0f012c6164200943a0505748103c23ae1559cc79fb404a6804e4a416c9", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:25b1bb086a4eee276897911075a9034ddbf44d2ccce39c3c4b79cc59bfb6f226", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:12a7b9e5d6bb21667dcf8e87435f32e3249e8c519793b6e7909e61cd3878c47c", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c74f1267e481b9d2838288a0c4c0d56d7326be3791d0de8fe5cb0c30bc83527e", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0b21d44f9b053592278a87f4dcd42ce35de5e66a4a0cbeb8e92cbe5f521285a2", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d200033f00b93660ccd079602f350c987b42a97e3ab16bed775d4ab9c85fb93", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2e789671e0795fb9710418d5810e736775b6f5579375d4d7f470acda31528e28", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6c8a380aea09ee06e2a856620ad5bef26374e8e45a2b63e222b89109309be83", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a89e4c39eeba38f2f48f8d40fd6cfbf3d2c407d1f6d9ea00be9e1456524e488a", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 70c013800f..a68053faf9 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-18-005127" + "base": "4.13.0-0.nightly-2023-04-21-084440" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dab7cbb4ec3c211fd6c109e5de9ed848d8b96b35a4622f019eb324fa12adeb4d", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b63259b7d82bf64968d77c9222ee87911105aa7a971e7b0740b551ab5b3527b", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:800f0bb464dc9d622c3a670e503bee267670395c9bea0fb6247737b6f826ba7d", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef20b93c7bad79e4fa20cecaf85af5a897342aefd133b5d2c693d74a4813df2c", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5460207dedbfc16cc26527f5fc7ccc8143242b1d4ca329476441cce3672a992b", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e2b2c89aedaa44964e4cf003ef94963da2e773ace08e601592078adefa482b52", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c8266e902ee5402689563a9bf6d623d39ede6dca9263407612618440d39fbe2", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:903b4ede73a392afe49e08f539e2fdd3f27cf247235b5f46d99266a3b9711574", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9c3c1e09925601bb101aca93ffbf55d49999f55d9952578f5aa45c309cd05c58", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6ba8c66a65d8a7d32c7d6aec772d0cc88f65bf54b16664cfedf8e068c00689a4", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:9df24be671271f5ea9414bfd08e58bc2fa3dc4bc68075002f3db0fd020b58be0", diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index 77020d37f6..388b99dd0d 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:903b4ede73a392afe49e08f539e2fdd3f27cf247235b5f46d99266a3b9711574" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9c3c1e09925601bb101aca93ffbf55d49999f55d9952578f5aa45c309cd05c58" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index eb83bbf77c..8b8a3b877d 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2e789671e0795fb9710418d5810e736775b6f5579375d4d7f470acda31528e28" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6c8a380aea09ee06e2a856620ad5bef26374e8e45a2b63e222b89109309be83" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index e69de29bb2..67eac8b262 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -0,0 +1,2 @@ +# cluster-network-operator embedded-component d9b70b9b587762e53863d61d0447f2f74580bd4b to 823319ac7f3f51593a0956d5ba44e9f385f4e6cf +f6b8d67ad7d622dee80f3ece0e468c2529e90093 2023-04-07T23:34:31+00:00 With Hypershift run as user passed from hypershift diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 10ccebaad5..ff683ad942 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -3,7 +3,7 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 -https://github.com/openshift/cluster-network-operator embedded-component d9b70b9b587762e53863d61d0447f2f74580bd4b +https://github.com/openshift/cluster-network-operator embedded-component 823319ac7f3f51593a0956d5ba44e9f385f4e6cf https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 3aeb6779a9..46db97fc55 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-18-005127" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-18-043011" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-21-084440" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-21-150008" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From c440885e8e9c6c83dbddef832f306f4943ad1525 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Wed, 26 Apr 2023 10:50:29 -0400 Subject: [PATCH 72/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-21-084440_amd64-2023-04-21_arm64-2023-04-25 (#1716) * update last_rebase.sh * update changelog * update component images * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.version.aarch64.var | 2 +- assets/release/release-aarch64.json | 6 +++--- packaging/crio.conf.d/microshift_arm64.conf | 2 +- scripts/auto-rebase/changelog.txt | 12 ++++++++++-- scripts/auto-rebase/commits.txt | 4 ++-- scripts/auto-rebase/last_rebase.sh | 2 +- 6 files changed, 18 insertions(+), 10 deletions(-) diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 8b9da50280..28a4b95727 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-21-150008 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-25-172815 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index a89ad7c747..52235a10c5 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-21-150008" + "base": "4.13.0-0.nightly-arm64-2023-04-25-172815" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:25b1bb086a4eee276897911075a9034ddbf44d2ccce39c3c4b79cc59bfb6f226", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c74f1267e481b9d2838288a0c4c0d56d7326be3791d0de8fe5cb0c30bc83527e", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0b21d44f9b053592278a87f4dcd42ce35de5e66a4a0cbeb8e92cbe5f521285a2", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d200033f00b93660ccd079602f350c987b42a97e3ab16bed775d4ab9c85fb93", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6c8a380aea09ee06e2a856620ad5bef26374e8e45a2b63e222b89109309be83", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:537ea561cc852b5e4967ea59478aaa2d721f4860725c11e635ff38ec9feb90fc", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d2a89b27563e268eb3c5a16ff555fba061a9904abe5d65f5a39312e816a01776", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a89e4c39eeba38f2f48f8d40fd6cfbf3d2c407d1f6d9ea00be9e1456524e488a", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 8b8a3b877d..37fe56d208 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b6c8a380aea09ee06e2a856620ad5bef26374e8e45a2b63e222b89109309be83" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d2a89b27563e268eb3c5a16ff555fba061a9904abe5d65f5a39312e816a01776" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 67eac8b262..2e9387e011 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,2 +1,10 @@ -# cluster-network-operator embedded-component d9b70b9b587762e53863d61d0447f2f74580bd4b to 823319ac7f3f51593a0956d5ba44e9f385f4e6cf -f6b8d67ad7d622dee80f3ece0e468c2529e90093 2023-04-07T23:34:31+00:00 With Hypershift run as user passed from hypershift +# ovn-kubernetes image-arm64 e3bef98aa599a90a7f24ab077e7b979d688eb537 to e114945aeb8f405413f695673bdc0df605ac65a5 +49cca4708e73f4bbee3960e761dfe82049032837 2023-04-20T15:19:44-04:00 clustermanager: update node annotations on dual->single stack converstion +d9beb4c5423411354404858ed3590e0c53d32225 2023-04-20T15:19:36-04:00 Cannot create routed secondary network with an IPv6 subnet +a37fa030cf89edd729f8c38a7173328c2776f478 2023-04-20T14:15:43-04:00 Small cleanups to log messages and test suite name +1e95c2ca8c55c575d0e4384166c88d1265af4104 2023-04-06T10:43:17+02:00 Delete equivalent ACLs when searching by predicate. +# kubernetes image-arm64 379cd9f22597a7a7f6ea57471f590c1abf01ce92 to b40493584076fb1ab29f3bed1d05d16cbc5b17f1 +67514bd97ffc19c35df84a3bd5143091f05728aa 2023-04-18T10:42:09-06:00 UPSTREAM: <carry>: STOR-1270: Admission plugin to deny deletion of storages.operator.openshift.io +152fe4e59b4c1270cdd7db47f38c4a740e9f3467 2023-04-18T10:42:09-06:00 UPSTREAM: <carry>: STOR-1270: Enable CSI migration configuration via env vars +ee8faf43953bfecc4ef2c2725cd5688a774e4493 2023-04-18T10:42:09-06:00 UPSTREAM: <carry>: STOR-1270: Restore carry patch that enables CSI migration in any order +8d0fd272f6d4ff78d58bc249e914c3c8e8f68384 2023-04-18T10:41:47-06:00 UPSTREAM: 116396: Unlock CSIMigrationvSphere feature gate until there is a supported vSphere CSI driver available diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index ff683ad942..7f91e1fa43 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -23,6 +23,6 @@ https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 -https://github.com/openshift/ovn-kubernetes image-arm64 e3bef98aa599a90a7f24ab077e7b979d688eb537 -https://github.com/openshift/kubernetes image-arm64 379cd9f22597a7a7f6ea57471f590c1abf01ce92 +https://github.com/openshift/ovn-kubernetes image-arm64 e114945aeb8f405413f695673bdc0df605ac65a5 +https://github.com/openshift/kubernetes image-arm64 b40493584076fb1ab29f3bed1d05d16cbc5b17f1 https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 46db97fc55..65ba54648b 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-21-084440" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-21-150008" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-21-084440" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-25-172815" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 663e8e212d2c4f4757b5be19a497f9d6adc87a83 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Thu, 27 Apr 2023 04:32:27 -0400 Subject: [PATCH 73/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-21-084440_amd64-2023-04-21_arm64-2023-04-26 (#1723) * update last_rebase.sh * update changelog * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.version.aarch64.var | 2 +- assets/release/release-aarch64.json | 2 +- scripts/auto-rebase/changelog.txt | 10 ---------- scripts/auto-rebase/last_rebase.sh | 2 +- 4 files changed, 3 insertions(+), 13 deletions(-) diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 28a4b95727..19ec0a0fcb 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-25-172815 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-26-165113 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 52235a10c5..0d76102433 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-25-172815" + "base": "4.13.0-0.nightly-arm64-2023-04-26-165113" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:25b1bb086a4eee276897911075a9034ddbf44d2ccce39c3c4b79cc59bfb6f226", diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 2e9387e011..e69de29bb2 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,10 +0,0 @@ -# ovn-kubernetes image-arm64 e3bef98aa599a90a7f24ab077e7b979d688eb537 to e114945aeb8f405413f695673bdc0df605ac65a5 -49cca4708e73f4bbee3960e761dfe82049032837 2023-04-20T15:19:44-04:00 clustermanager: update node annotations on dual->single stack converstion -d9beb4c5423411354404858ed3590e0c53d32225 2023-04-20T15:19:36-04:00 Cannot create routed secondary network with an IPv6 subnet -a37fa030cf89edd729f8c38a7173328c2776f478 2023-04-20T14:15:43-04:00 Small cleanups to log messages and test suite name -1e95c2ca8c55c575d0e4384166c88d1265af4104 2023-04-06T10:43:17+02:00 Delete equivalent ACLs when searching by predicate. -# kubernetes image-arm64 379cd9f22597a7a7f6ea57471f590c1abf01ce92 to b40493584076fb1ab29f3bed1d05d16cbc5b17f1 -67514bd97ffc19c35df84a3bd5143091f05728aa 2023-04-18T10:42:09-06:00 UPSTREAM: <carry>: STOR-1270: Admission plugin to deny deletion of storages.operator.openshift.io -152fe4e59b4c1270cdd7db47f38c4a740e9f3467 2023-04-18T10:42:09-06:00 UPSTREAM: <carry>: STOR-1270: Enable CSI migration configuration via env vars -ee8faf43953bfecc4ef2c2725cd5688a774e4493 2023-04-18T10:42:09-06:00 UPSTREAM: <carry>: STOR-1270: Restore carry patch that enables CSI migration in any order -8d0fd272f6d4ff78d58bc249e914c3c8e8f68384 2023-04-18T10:41:47-06:00 UPSTREAM: 116396: Unlock CSIMigrationvSphere feature gate until there is a supported vSphere CSI driver available diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 65ba54648b..1bbc9c9371 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-21-084440" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-25-172815" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-21-084440" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-26-165113" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From e4eab13d356aadf4b2f363395f43e3fee66d8e43 Mon Sep 17 00:00:00 2001 From: "microshift-rebase-script[bot]" <114237296+microshift-rebase-script[bot]@users.noreply.github.com> Date: Fri, 28 Apr 2023 05:36:58 -0400 Subject: [PATCH 74/79] NO-ISSUE:rebase-4.13.0-0.nightly-2023-04-21-084440_amd64-2023-04-21_arm64-2023-04-27 (#1728) * update last_rebase.sh * update manifests * update buildfiles --------- Co-authored-by: ci-robot <ci-robot@openshift.io> --- Makefile.version.aarch64.var | 2 +- assets/release/release-aarch64.json | 2 +- scripts/auto-rebase/last_rebase.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 19ec0a0fcb..a837955acd 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-26-165113 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-27-232704 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 0d76102433..881bc2f9d1 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-26-165113" + "base": "4.13.0-0.nightly-arm64-2023-04-27-232704" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:25b1bb086a4eee276897911075a9034ddbf44d2ccce39c3c4b79cc59bfb6f226", diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 1bbc9c9371..28acb8e51e 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-21-084440" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-26-165113" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-21-084440" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-27-232704" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" From 5fb7da52b31b58bd0d2e481c0660762941a24707 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Tue, 25 Apr 2023 14:05:30 -0400 Subject: [PATCH 75/79] USHIFT-1122: set minimum container-selinux dependency to 2.208 --- packaging/rpm/microshift.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index bbfaef1884..8cf4dcaf7a 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -18,7 +18,7 @@ # SELinux specifics %global selinuxtype targeted %define selinux_policyver 3.14.3-67 -%define container_policyver 2.189.0 +%define container_policyver 2.208.0 %define container_policy_epoch 3 %define microshift_relabel_files() \ mkdir -p /var/hpvolumes; \ @@ -79,7 +79,7 @@ MicroShift and can be used to embed those images into osbuilder blueprints. Summary: SELinux policies for MicroShift BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} -Requires: container-selinux < %{container_policy_epoch}:%{container_policyver} +Requires: container-selinux >= %{container_policy_epoch}:%{container_policyver} BuildArch: noarch Requires: selinux-policy >= %{selinux_policyver} From 6685e5b42f0afe223174bc0fe88eb11e2e73b1ca Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Fri, 28 Apr 2023 14:35:14 -0400 Subject: [PATCH 76/79] USHIFT-1221: disable selinux for 4.13 CI temporarily --- scripts/devenv-builder/configure-vm.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/devenv-builder/configure-vm.sh b/scripts/devenv-builder/configure-vm.sh index 3aadcd47a0..a4e5655c6b 100755 --- a/scripts/devenv-builder/configure-vm.sh +++ b/scripts/devenv-builder/configure-vm.sh @@ -47,6 +47,14 @@ if [ $RHEL_SUBSCRIPTION = true ] ; then fi fi +# FIXME: Temporarily disable selinux until we update the version of +# RHEL used in CI. +if ! grep -q 'Red Hat Enterprise Linux release 9.2' /etc/redhat-release; then + echo "WARNING: disabling selinux on $(cat /etc/redhat-release)" + sudo setenforce Permissive + sudo sed --in-place -e 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config +fi + # Create Development Virtual Machine > Configuring VM # https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#configuring-vm echo -e 'microshift\tALL=(ALL)\tNOPASSWD: ALL' | sudo tee /etc/sudoers.d/microshift From 5cbfb5de299458ed11f28c5af211b5c9e0a230cf Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Mon, 1 May 2023 12:45:15 -0500 Subject: [PATCH 77/79] manually backport configure-vm.sh from main to 4.13 so CI will skip dependency installation --- scripts/devenv-builder/configure-vm.sh | 168 ++++++++++++++----------- 1 file changed, 98 insertions(+), 70 deletions(-) diff --git a/scripts/devenv-builder/configure-vm.sh b/scripts/devenv-builder/configure-vm.sh index a4e5655c6b..bccab522a5 100755 --- a/scripts/devenv-builder/configure-vm.sh +++ b/scripts/devenv-builder/configure-vm.sh @@ -5,29 +5,50 @@ # set -eo pipefail -BUILD_AND_INSTALL=true +BUILD_AND_RUN=true +INSTALL_BUILD_DEPS=true +FORCE_FIREWALL=false RHEL_SUBSCRIPTION=false +start=$(date +%s) + function usage() { - echo "Usage: $(basename $0) [--no-build] <openshift-pull-secret-file>" - echo " --no-build Do not build MicroShift code and install MicroShift RPMs" + echo "Usage: $(basename "$0") [--no-build] [--no-build-deps] [--force-firewall] <openshift-pull-secret-file>" + echo "" + echo " --no-build Do not build, install and start MicroShift" + echo " --no-build-deps Do not install dependencies for building binaries and RPMs (implies --no-build)" + echo " --force-firewall Install and configure firewalld regardless of other options" - [ ! -z "$1" ] && echo -e "\nERROR: $1" + [ -n "$1" ] && echo -e "\nERROR: $1" exit 1 } -# Only RHEL requires a subscription -if grep -q 'Red Hat Enterprise Linux' /etc/redhat-release ; then - RHEL_SUBSCRIPTION=true -fi - -if [ $# -ne 1 ] && [ $# -ne 2 ]; then +while [ $# -gt 1 ]; do + case "$1" in + --no-build) + BUILD_AND_RUN=false + shift + ;; + --no-build-deps) + INSTALL_BUILD_DEPS=false + BUILD_AND_RUN=false + shift + ;; + --force-firewall) + FORCE_FIREWALL=true + shift + ;; + *) usage ;; + esac +done + +if [ $# -ne 1 ]; then usage "Wrong number of arguments" fi -if [ $# -eq 2 ] ; then - [ "$1" != "--no-build" ] && usage "Wrong command line argument: $1" - BUILD_AND_INSTALL=false - shift + +# Only RHEL requires a subscription +if grep -q 'Red Hat Enterprise Linux' /etc/redhat-release; then + RHEL_SUBSCRIPTION=true fi OCP_PULL_SECRET=$1 @@ -35,38 +56,28 @@ OCP_PULL_SECRET=$1 OCP_PULL_SECRET=$(realpath "${OCP_PULL_SECRET}") [ ! -f "${OCP_PULL_SECRET}" ] && usage "OpenShift pull secret '${OCP_PULL_SECRET}' is not a regular file" -if [ "$(whoami)" != "microshift" ] ; then - echo "This script should be run from 'microshift' user account" - exit 1 -fi +# Create Development Virtual Machine > Configuring VM +# https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#configuring-vm +echo -e "${USER}\tALL=(ALL)\tNOPASSWD: ALL" | sudo tee "/etc/sudoers.d/${USER}" # Check the subscription status and register if necessary -if [ $RHEL_SUBSCRIPTION = true ] ; then - if ! sudo subscription-manager status >& /dev/null ; then +if ${RHEL_SUBSCRIPTION}; then + if ! sudo subscription-manager status >&/dev/null; then sudo subscription-manager register fi fi -# FIXME: Temporarily disable selinux until we update the version of -# RHEL used in CI. -if ! grep -q 'Red Hat Enterprise Linux release 9.2' /etc/redhat-release; then - echo "WARNING: disabling selinux on $(cat /etc/redhat-release)" - sudo setenforce Permissive - sudo sed --in-place -e 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config +if ${INSTALL_BUILD_DEPS} || ${BUILD_AND_RUN}; then + sudo dnf clean all -y + sudo dnf update -y + sudo dnf install -y git cockpit make golang jq selinux-policy-devel rpm-build jq bash-completion + sudo systemctl enable --now cockpit.socket fi -# Create Development Virtual Machine > Configuring VM -# https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#configuring-vm -echo -e 'microshift\tALL=(ALL)\tNOPASSWD: ALL' | sudo tee /etc/sudoers.d/microshift -sudo dnf clean all -y -sudo dnf update -y -sudo dnf install -y git cockpit make golang jq selinux-policy-devel rpm-build jq bash-completion -sudo systemctl enable --now cockpit.socket - -if [ $BUILD_AND_INSTALL = true ] ; then +if ${BUILD_AND_RUN}; then # Build MicroShift # https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#build-microshift - if [ ! -e ~/microshift ] ; then + if [ ! -e ~/microshift ]; then git clone https://github.com/openshift/microshift.git ~/microshift fi cd ~/microshift @@ -80,11 +91,11 @@ fi # Run MicroShift Executable > Runtime Prerequisites # https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#runtime-prerequisites -if [ $RHEL_SUBSCRIPTION = true ] ; then +if ${RHEL_SUBSCRIPTION}; then OSVERSION=$(awk -F: '{print $5}' /etc/system-release-cpe) - OCP_REPO_NAME=rhocp-4.13-for-rhel-${OSVERSION}-mirrorbeta-$(uname -i)-rpms + OCP_REPO_NAME=rhocp-4.13-for-rhel-${OSVERSION}-mirrorbeta-$(uname -m)-rpms - sudo tee /etc/yum.repos.d/${OCP_REPO_NAME}.repo >/dev/null <<EOF + sudo tee "/etc/yum.repos.d/${OCP_REPO_NAME}.repo" >/dev/null <<EOF [${OCP_REPO_NAME}] name=Beta rhocp-4.13 RPMs for RHEL ${OSVERSION} baseurl=https://mirror.openshift.com/pub/openshift-v4/\$basearch/dependencies/rpms/4.13-el${OSVERSION}-beta/ @@ -96,12 +107,12 @@ EOF sudo subscription-manager config --rhsm.manage_repos=1 # Uncomment this when OCP 4.13 is released # sudo subscription-manager repos \ - # --enable rhocp-4.13-for-rhel-${OSVERSION}-$(uname -i)-rpms \ - # --enable fast-datapath-for-rhel-${OSVERSION}-$(uname -i)-rpms + # --enable rhocp-4.13-for-rhel-${OSVERSION}-$(uname -m)-rpms \ + # --enable fast-datapath-for-rhel-${OSVERSION}-$(uname -m)-rpms else sudo dnf install -y centos-release-nfv-common - sudo dnf copr enable -y @OKD/okd centos-stream-9-$(uname -i) - sudo tee /etc/yum.repos.d/openvswitch2-$(uname -i)-rpms.repo >/dev/null <<EOF + sudo dnf copr enable -y @OKD/okd "centos-stream-9-$(uname -m)" + sudo tee "/etc/yum.repos.d/openvswitch2-$(uname -m)-rpms.repo" >/dev/null <<EOF [sig-nfv] name=CentOS Stream 9 - SIG NFV baseurl=http://mirror.stream.centos.org/SIGs/9-stream/nfv/\$basearch/openvswitch-2/ @@ -112,55 +123,72 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-NFV EOF fi -if [ $BUILD_AND_INSTALL = true ] ; then +if ${BUILD_AND_RUN}; then sudo dnf localinstall -y ~/microshift/_output/rpmbuild/RPMS/*/*.rpm +fi - sudo cp -f ${OCP_PULL_SECRET} /etc/crio/openshift-pull-secret - sudo chmod 600 /etc/crio/openshift-pull-secret +if [ ! -e "/etc/crio/openshift-pull-secret" ]; then + sudo mkdir -p /etc/crio/ + sudo cp -f "${OCP_PULL_SECRET}" /etc/crio/openshift-pull-secret + sudo chmod 600 /etc/crio/openshift-pull-secret fi # Run MicroShift Executable > Installing Clients # https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#installing-clients -if [ $RHEL_SUBSCRIPTION = true ] ; then - sudo dnf install -y openshift-clients +if ${RHEL_SUBSCRIPTION}; then + sudo dnf install -y openshift-clients else - OCC_REM=https://mirror.openshift.com/pub/openshift-v4/$(uname -i)/clients/ocp-dev-preview/latest-4.13/openshift-client-linux.tar.gz - OCC_LOC=/tmp/openshift-client-linux.tar.gz + OCC_REM=https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp-dev-preview/latest-4.13/openshift-client-linux.tar.gz + OCC_LOC=$(mktemp /tmp/openshift-client-linux-XXXXX.tar.gz) - curl -s ${OCC_REM} --output ${OCC_LOC} - sudo tar zxf ${OCC_LOC} -C /usr/bin - rm -f ${OCC_LOC} + curl -s "${OCC_REM}" --output "${OCC_LOC}" + sudo tar zxf "${OCC_LOC}" -C /usr/bin + rm -f "${OCC_LOC}" fi -if [ $BUILD_AND_INSTALL = true ] ; then +if ${BUILD_AND_RUN} || ${FORCE_FIREWALL}; then # Run MicroShift Executable > Configuring MicroShift > Firewalld # https://github.com/openshift/microshift/blob/main/docs/howto_firewall.md#firewalld sudo dnf install -y firewalld - sudo systemctl enable firewalld --now - sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 - sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1 - sudo firewall-cmd --permanent --zone=public --add-port=80/tcp - sudo firewall-cmd --permanent --zone=public --add-port=443/tcp - sudo firewall-cmd --permanent --zone=public --add-port=5353/udp - sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/tcp - sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/udp - sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp - sudo firewall-cmd --permanent --zone=public --add-service=mdns - sudo firewall-cmd --reload + sudo systemctl enable firewalld --now + sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 + sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1 + sudo firewall-cmd --permanent --zone=public --add-port=80/tcp + sudo firewall-cmd --permanent --zone=public --add-port=443/tcp + sudo firewall-cmd --permanent --zone=public --add-port=5353/udp + sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/tcp + sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/udp + sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp + sudo firewall-cmd --permanent --zone=public --add-service=mdns + sudo firewall-cmd --reload +fi +if ${BUILD_AND_RUN}; then # Run MicroShift Executable > Configuring MicroShift # https://github.com/openshift/microshift/blob/main/docs/devenv_setup.md#configuring-microshift - sudo systemctl enable crio + sudo systemctl enable crio sudo systemctl start microshift echo "" echo "The configuration phase completed. Run the following commands to:" echo " - Wait until all MicroShift pods are running" - echo " - Clean up MicroShift service configuration" + echo " watch sudo \$(which oc) --kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig get pods -A" + echo "" + echo " - Get MicroShift logs" + echo " sudo journalctl -u microshift" + echo "" + echo " - Get microshift-etcd logs" + echo " sudo journalctl -u microshift-etcd.scope" echo "" - echo "watch sudo \$(which oc) --kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig get pods -A" - echo "echo 1 | sudo /usr/bin/microshift-cleanup-data --all" + echo " - Clean up MicroShift service configuration" + echo " echo 1 | sudo /usr/bin/microshift-cleanup-data --all" + fi +end="$(date +%s)" +duration_total_seconds=$((end - start)) +duration_minutes=$((duration_total_seconds / 60)) +duration_seconds=$((duration_total_seconds % 60)) + echo "" -echo "Done" +echo "Done in ${duration_minutes}m ${duration_seconds}s" From 4a3c9f1aeffbd084164ba15b0457ce6d57298222 Mon Sep 17 00:00:00 2001 From: Jon Cope <jcope@redhat.com> Date: Mon, 1 May 2023 14:35:12 -0500 Subject: [PATCH 78/79] release-4.13 specifically disables selinux on rhel 9.1, so re-add the logic to the configure script Signed-off-by: Jon Cope <jcope@redhat.com> --- scripts/devenv-builder/configure-vm.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/devenv-builder/configure-vm.sh b/scripts/devenv-builder/configure-vm.sh index bccab522a5..ba377dbb00 100755 --- a/scripts/devenv-builder/configure-vm.sh +++ b/scripts/devenv-builder/configure-vm.sh @@ -67,6 +67,14 @@ if ${RHEL_SUBSCRIPTION}; then fi fi +# FIXME: Temporarily disable selinux until we update the version of +# RHEL used in CI. +if ! grep -q 'Red Hat Enterprise Linux release 9.2' /etc/redhat-release; then + echo "WARNING: disabling selinux on $(cat /etc/redhat-release)" + sudo setenforce Permissive + sudo sed --in-place -e 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config +fi + if ${INSTALL_BUILD_DEPS} || ${BUILD_AND_RUN}; then sudo dnf clean all -y sudo dnf update -y From d2abfd714911c724c254478743506786b98a60c1 Mon Sep 17 00:00:00 2001 From: Doug Hellmann <doug@doughellmann.com> Date: Mon, 1 May 2023 14:03:22 -0400 Subject: [PATCH 79/79] remove version specifier for container-selinux We depend on cri-o and can rely on it to pull in any specific version needed. Currently neither cri-o nor podman specify a minimum version. --- packaging/rpm/microshift.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index 8cf4dcaf7a..6b628f0074 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -18,8 +18,6 @@ # SELinux specifics %global selinuxtype targeted %define selinux_policyver 3.14.3-67 -%define container_policyver 2.208.0 -%define container_policy_epoch 3 %define microshift_relabel_files() \ mkdir -p /var/hpvolumes; \ mkdir -p /var/run/kubelet; \ @@ -79,7 +77,7 @@ MicroShift and can be used to embed those images into osbuilder blueprints. Summary: SELinux policies for MicroShift BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} -Requires: container-selinux >= %{container_policy_epoch}:%{container_policyver} +Requires: container-selinux BuildArch: noarch Requires: selinux-policy >= %{selinux_policyver} @@ -296,6 +294,10 @@ systemctl enable --now --quiet openvswitch || true # Use Git command to generate the log and replace the VERSION string # LANG=C git log --date="format:%a %b %d %Y" --pretty="tformat:* %cd %an <%ae> VERSION%n- %s%n" packaging/rpm/microshift.spec %changelog +* Mon May 01 2023 Doug Hellmann <dhellmann@redhat.com> 4.14.0 +- Remove version specifier for container-selinux to let the system + make the best choice. + * Wed Apr 12 2023 Zenghui Shi <zshi@redhat.com> 4.13.0 - Upgrade openvswitch package version to 3.1